3 * Linux INET6 implementation
10 * linux/net/ipv4/tcp_input.c
11 * linux/net/ipv4/tcp_output.c
14 * Hideaki YOSHIFUJI : sin6_scope_id support
15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
17 * a single port at the same time.
18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
41 #include <linux/slab.h>
42 #include <linux/uaccess.h>
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
60 #include <net/dsfield.h>
61 #include <net/timewait_sock.h>
62 #include <net/inet_common.h>
63 #include <net/secure_seq.h>
64 #include <net/busy_poll.h>
66 #include <linux/proc_fs.h>
67 #include <linux/seq_file.h>
69 #include <crypto/hash.h>
70 #include <linux/scatterlist.h>
72 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb);
73 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
74 struct request_sock *req);
76 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
78 static const struct inet_connection_sock_af_ops ipv6_mapped;
79 static const struct inet_connection_sock_af_ops ipv6_specific;
80 #ifdef CONFIG_TCP_MD5SIG
81 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
82 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
84 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
85 const struct in6_addr *addr)
91 static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
93 struct dst_entry *dst = skb_dst(skb);
95 if (dst && dst_hold_safe(dst)) {
96 const struct rt6_info *rt = (const struct rt6_info *)dst;
99 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
100 inet6_sk(sk)->rx_dst_cookie = rt6_get_cookie(rt);
104 static u32 tcp_v6_init_sequence(const struct sk_buff *skb, u32 *tsoff)
106 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
107 ipv6_hdr(skb)->saddr.s6_addr32,
109 tcp_hdr(skb)->source, tsoff);
112 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
115 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
116 struct inet_sock *inet = inet_sk(sk);
117 struct inet_connection_sock *icsk = inet_csk(sk);
118 struct ipv6_pinfo *np = inet6_sk(sk);
119 struct tcp_sock *tp = tcp_sk(sk);
120 struct in6_addr *saddr = NULL, *final_p, final;
121 struct ipv6_txoptions *opt;
123 struct dst_entry *dst;
127 struct inet_timewait_death_row *tcp_death_row = &sock_net(sk)->ipv4.tcp_death_row;
129 if (addr_len < SIN6_LEN_RFC2133)
132 if (usin->sin6_family != AF_INET6)
133 return -EAFNOSUPPORT;
135 memset(&fl6, 0, sizeof(fl6));
138 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
139 IP6_ECN_flow_init(fl6.flowlabel);
140 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
141 struct ip6_flowlabel *flowlabel;
142 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
145 fl6_sock_release(flowlabel);
150 * connect() to INADDR_ANY means loopback (BSD'ism).
153 if (ipv6_addr_any(&usin->sin6_addr)) {
154 if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr))
155 ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK),
158 usin->sin6_addr = in6addr_loopback;
161 addr_type = ipv6_addr_type(&usin->sin6_addr);
163 if (addr_type & IPV6_ADDR_MULTICAST)
166 if (addr_type&IPV6_ADDR_LINKLOCAL) {
167 if (addr_len >= sizeof(struct sockaddr_in6) &&
168 usin->sin6_scope_id) {
169 /* If interface is set while binding, indices
172 if (sk->sk_bound_dev_if &&
173 sk->sk_bound_dev_if != usin->sin6_scope_id)
176 sk->sk_bound_dev_if = usin->sin6_scope_id;
179 /* Connect to link-local address requires an interface */
180 if (!sk->sk_bound_dev_if)
184 if (tp->rx_opt.ts_recent_stamp &&
185 !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
186 tp->rx_opt.ts_recent = 0;
187 tp->rx_opt.ts_recent_stamp = 0;
191 sk->sk_v6_daddr = usin->sin6_addr;
192 np->flow_label = fl6.flowlabel;
198 if (addr_type & IPV6_ADDR_MAPPED) {
199 u32 exthdrlen = icsk->icsk_ext_hdr_len;
200 struct sockaddr_in sin;
202 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
204 if (__ipv6_only_sock(sk))
207 sin.sin_family = AF_INET;
208 sin.sin_port = usin->sin6_port;
209 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
211 icsk->icsk_af_ops = &ipv6_mapped;
212 sk->sk_backlog_rcv = tcp_v4_do_rcv;
213 #ifdef CONFIG_TCP_MD5SIG
214 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
217 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
220 icsk->icsk_ext_hdr_len = exthdrlen;
221 icsk->icsk_af_ops = &ipv6_specific;
222 sk->sk_backlog_rcv = tcp_v6_do_rcv;
223 #ifdef CONFIG_TCP_MD5SIG
224 tp->af_specific = &tcp_sock_ipv6_specific;
228 np->saddr = sk->sk_v6_rcv_saddr;
233 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
234 saddr = &sk->sk_v6_rcv_saddr;
236 fl6.flowi6_proto = IPPROTO_TCP;
237 fl6.daddr = sk->sk_v6_daddr;
238 fl6.saddr = saddr ? *saddr : np->saddr;
239 fl6.flowi6_oif = sk->sk_bound_dev_if;
240 fl6.flowi6_mark = sk->sk_mark;
241 fl6.fl6_dport = usin->sin6_port;
242 fl6.fl6_sport = inet->inet_sport;
243 fl6.flowi6_uid = sk->sk_uid;
245 opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
246 final_p = fl6_update_dst(&fl6, opt, &final);
248 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
250 dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
258 sk->sk_v6_rcv_saddr = *saddr;
261 /* set the source address */
263 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
265 sk->sk_gso_type = SKB_GSO_TCPV6;
266 ip6_dst_store(sk, dst, NULL, NULL);
268 if (tcp_death_row->sysctl_tw_recycle &&
269 !tp->rx_opt.ts_recent_stamp &&
270 ipv6_addr_equal(&fl6.daddr, &sk->sk_v6_daddr))
271 tcp_fetch_timewait_stamp(sk, dst);
273 icsk->icsk_ext_hdr_len = 0;
275 icsk->icsk_ext_hdr_len = opt->opt_flen +
278 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
280 inet->inet_dport = usin->sin6_port;
282 tcp_set_state(sk, TCP_SYN_SENT);
283 err = inet6_hash_connect(tcp_death_row, sk);
289 if (likely(!tp->repair)) {
290 seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
291 sk->sk_v6_daddr.s6_addr32,
299 if (tcp_fastopen_defer_connect(sk, &err))
304 err = tcp_connect(sk);
311 tcp_set_state(sk, TCP_CLOSE);
313 inet->inet_dport = 0;
314 sk->sk_route_caps = 0;
318 static void tcp_v6_mtu_reduced(struct sock *sk)
320 struct dst_entry *dst;
322 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
325 dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info);
329 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
330 tcp_sync_mss(sk, dst_mtu(dst));
331 tcp_simple_retransmit(sk);
335 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
336 u8 type, u8 code, int offset, __be32 info)
338 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
339 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
340 struct net *net = dev_net(skb->dev);
341 struct request_sock *fastopen;
342 struct ipv6_pinfo *np;
349 sk = __inet6_lookup_established(net, &tcp_hashinfo,
350 &hdr->daddr, th->dest,
351 &hdr->saddr, ntohs(th->source),
355 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev),
360 if (sk->sk_state == TCP_TIME_WAIT) {
361 inet_twsk_put(inet_twsk(sk));
364 seq = ntohl(th->seq);
365 fatal = icmpv6_err_convert(type, code, &err);
366 if (sk->sk_state == TCP_NEW_SYN_RECV)
367 return tcp_req_err(sk, seq, fatal);
370 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
371 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS);
373 if (sk->sk_state == TCP_CLOSE)
376 if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) {
377 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
382 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
383 fastopen = tp->fastopen_rsk;
384 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
385 if (sk->sk_state != TCP_LISTEN &&
386 !between(seq, snd_una, tp->snd_nxt)) {
387 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
393 if (type == NDISC_REDIRECT) {
394 if (!sock_owned_by_user(sk)) {
395 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
398 dst->ops->redirect(dst, sk, skb);
403 if (type == ICMPV6_PKT_TOOBIG) {
404 /* We are not interested in TCP_LISTEN and open_requests
405 * (SYN-ACKs send out by Linux are always <576bytes so
406 * they should go through unfragmented).
408 if (sk->sk_state == TCP_LISTEN)
411 if (!ip6_sk_accept_pmtu(sk))
414 tp->mtu_info = ntohl(info);
415 if (!sock_owned_by_user(sk))
416 tcp_v6_mtu_reduced(sk);
417 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
424 /* Might be for an request_sock */
425 switch (sk->sk_state) {
428 /* Only in fast or simultaneous open. If a fast open socket is
429 * is already accepted it is treated as a connected one below.
431 if (fastopen && !fastopen->sk)
434 if (!sock_owned_by_user(sk)) {
436 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
440 sk->sk_err_soft = err;
444 if (!sock_owned_by_user(sk) && np->recverr) {
446 sk->sk_error_report(sk);
448 sk->sk_err_soft = err;
456 static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst,
458 struct request_sock *req,
459 struct tcp_fastopen_cookie *foc,
460 enum tcp_synack_type synack_type)
462 struct inet_request_sock *ireq = inet_rsk(req);
463 struct ipv6_pinfo *np = inet6_sk(sk);
464 struct ipv6_txoptions *opt;
465 struct flowi6 *fl6 = &fl->u.ip6;
469 /* First, grab a route. */
470 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req,
471 IPPROTO_TCP)) == NULL)
474 skb = tcp_make_synack(sk, dst, req, foc, synack_type);
477 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
478 &ireq->ir_v6_rmt_addr);
480 fl6->daddr = ireq->ir_v6_rmt_addr;
481 if (np->repflow && ireq->pktopts)
482 fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
485 opt = ireq->ipv6_opt;
487 opt = rcu_dereference(np->opt);
488 err = ip6_xmit(sk, skb, fl6, sk->sk_mark, opt, np->tclass);
490 err = net_xmit_eval(err);
498 static void tcp_v6_reqsk_destructor(struct request_sock *req)
500 kfree(inet_rsk(req)->ipv6_opt);
501 kfree_skb(inet_rsk(req)->pktopts);
504 #ifdef CONFIG_TCP_MD5SIG
505 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
506 const struct in6_addr *addr)
508 return tcp_md5_do_lookup(sk, (union tcp_md5_addr *)addr, AF_INET6);
511 static struct tcp_md5sig_key *tcp_v6_md5_lookup(const struct sock *sk,
512 const struct sock *addr_sk)
514 return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr);
517 static int tcp_v6_parse_md5_keys(struct sock *sk, char __user *optval,
520 struct tcp_md5sig cmd;
521 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
523 if (optlen < sizeof(cmd))
526 if (copy_from_user(&cmd, optval, sizeof(cmd)))
529 if (sin6->sin6_family != AF_INET6)
532 if (!cmd.tcpm_keylen) {
533 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
534 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
536 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
540 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
543 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
544 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
545 AF_INET, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
547 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
548 AF_INET6, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
551 static int tcp_v6_md5_hash_headers(struct tcp_md5sig_pool *hp,
552 const struct in6_addr *daddr,
553 const struct in6_addr *saddr,
554 const struct tcphdr *th, int nbytes)
556 struct tcp6_pseudohdr *bp;
557 struct scatterlist sg;
561 /* 1. TCP pseudo-header (RFC2460) */
564 bp->protocol = cpu_to_be32(IPPROTO_TCP);
565 bp->len = cpu_to_be32(nbytes);
567 _th = (struct tcphdr *)(bp + 1);
568 memcpy(_th, th, sizeof(*th));
571 sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th));
572 ahash_request_set_crypt(hp->md5_req, &sg, NULL,
573 sizeof(*bp) + sizeof(*th));
574 return crypto_ahash_update(hp->md5_req);
577 static int tcp_v6_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
578 const struct in6_addr *daddr, struct in6_addr *saddr,
579 const struct tcphdr *th)
581 struct tcp_md5sig_pool *hp;
582 struct ahash_request *req;
584 hp = tcp_get_md5sig_pool();
586 goto clear_hash_noput;
589 if (crypto_ahash_init(req))
591 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, th->doff << 2))
593 if (tcp_md5_hash_key(hp, key))
595 ahash_request_set_crypt(req, NULL, md5_hash, 0);
596 if (crypto_ahash_final(req))
599 tcp_put_md5sig_pool();
603 tcp_put_md5sig_pool();
605 memset(md5_hash, 0, 16);
609 static int tcp_v6_md5_hash_skb(char *md5_hash,
610 const struct tcp_md5sig_key *key,
611 const struct sock *sk,
612 const struct sk_buff *skb)
614 const struct in6_addr *saddr, *daddr;
615 struct tcp_md5sig_pool *hp;
616 struct ahash_request *req;
617 const struct tcphdr *th = tcp_hdr(skb);
619 if (sk) { /* valid for establish/request sockets */
620 saddr = &sk->sk_v6_rcv_saddr;
621 daddr = &sk->sk_v6_daddr;
623 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
624 saddr = &ip6h->saddr;
625 daddr = &ip6h->daddr;
628 hp = tcp_get_md5sig_pool();
630 goto clear_hash_noput;
633 if (crypto_ahash_init(req))
636 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, skb->len))
638 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
640 if (tcp_md5_hash_key(hp, key))
642 ahash_request_set_crypt(req, NULL, md5_hash, 0);
643 if (crypto_ahash_final(req))
646 tcp_put_md5sig_pool();
650 tcp_put_md5sig_pool();
652 memset(md5_hash, 0, 16);
658 static bool tcp_v6_inbound_md5_hash(const struct sock *sk,
659 const struct sk_buff *skb)
661 #ifdef CONFIG_TCP_MD5SIG
662 const __u8 *hash_location = NULL;
663 struct tcp_md5sig_key *hash_expected;
664 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
665 const struct tcphdr *th = tcp_hdr(skb);
669 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
670 hash_location = tcp_parse_md5sig_option(th);
672 /* We've parsed the options - do we have a hash? */
673 if (!hash_expected && !hash_location)
676 if (hash_expected && !hash_location) {
677 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
681 if (!hash_expected && hash_location) {
682 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
686 /* check the signature */
687 genhash = tcp_v6_md5_hash_skb(newhash,
691 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
692 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5FAILURE);
693 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
694 genhash ? "failed" : "mismatch",
695 &ip6h->saddr, ntohs(th->source),
696 &ip6h->daddr, ntohs(th->dest));
703 static void tcp_v6_init_req(struct request_sock *req,
704 const struct sock *sk_listener,
707 struct inet_request_sock *ireq = inet_rsk(req);
708 const struct ipv6_pinfo *np = inet6_sk(sk_listener);
710 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
711 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
713 /* So that link locals have meaning */
714 if (!sk_listener->sk_bound_dev_if &&
715 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
716 ireq->ir_iif = tcp_v6_iif(skb);
718 if (!TCP_SKB_CB(skb)->tcp_tw_isn &&
719 (ipv6_opt_accepted(sk_listener, skb, &TCP_SKB_CB(skb)->header.h6) ||
720 np->rxopt.bits.rxinfo ||
721 np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim ||
722 np->rxopt.bits.rxohlim || np->repflow)) {
723 atomic_inc(&skb->users);
728 static struct dst_entry *tcp_v6_route_req(const struct sock *sk,
730 const struct request_sock *req,
735 return inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP);
738 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
740 .obj_size = sizeof(struct tcp6_request_sock),
741 .rtx_syn_ack = tcp_rtx_synack,
742 .send_ack = tcp_v6_reqsk_send_ack,
743 .destructor = tcp_v6_reqsk_destructor,
744 .send_reset = tcp_v6_send_reset,
745 .syn_ack_timeout = tcp_syn_ack_timeout,
748 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
749 .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) -
750 sizeof(struct ipv6hdr),
751 #ifdef CONFIG_TCP_MD5SIG
752 .req_md5_lookup = tcp_v6_md5_lookup,
753 .calc_md5_hash = tcp_v6_md5_hash_skb,
755 .init_req = tcp_v6_init_req,
756 #ifdef CONFIG_SYN_COOKIES
757 .cookie_init_seq = cookie_v6_init_sequence,
759 .route_req = tcp_v6_route_req,
760 .init_seq = tcp_v6_init_sequence,
761 .send_synack = tcp_v6_send_synack,
764 static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 seq,
765 u32 ack, u32 win, u32 tsval, u32 tsecr,
766 int oif, struct tcp_md5sig_key *key, int rst,
767 u8 tclass, __be32 label)
769 const struct tcphdr *th = tcp_hdr(skb);
771 struct sk_buff *buff;
773 struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
774 struct sock *ctl_sk = net->ipv6.tcp_sk;
775 unsigned int tot_len = sizeof(struct tcphdr);
776 struct dst_entry *dst;
780 tot_len += TCPOLEN_TSTAMP_ALIGNED;
781 #ifdef CONFIG_TCP_MD5SIG
783 tot_len += TCPOLEN_MD5SIG_ALIGNED;
786 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
791 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
793 t1 = (struct tcphdr *) skb_push(buff, tot_len);
794 skb_reset_transport_header(buff);
796 /* Swap the send and the receive. */
797 memset(t1, 0, sizeof(*t1));
798 t1->dest = th->source;
799 t1->source = th->dest;
800 t1->doff = tot_len / 4;
801 t1->seq = htonl(seq);
802 t1->ack_seq = htonl(ack);
803 t1->ack = !rst || !th->ack;
805 t1->window = htons(win);
807 topt = (__be32 *)(t1 + 1);
810 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
811 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
812 *topt++ = htonl(tsval);
813 *topt++ = htonl(tsecr);
816 #ifdef CONFIG_TCP_MD5SIG
818 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
819 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
820 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
821 &ipv6_hdr(skb)->saddr,
822 &ipv6_hdr(skb)->daddr, t1);
826 memset(&fl6, 0, sizeof(fl6));
827 fl6.daddr = ipv6_hdr(skb)->saddr;
828 fl6.saddr = ipv6_hdr(skb)->daddr;
829 fl6.flowlabel = label;
831 buff->ip_summed = CHECKSUM_PARTIAL;
834 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
836 fl6.flowi6_proto = IPPROTO_TCP;
837 if (rt6_need_strict(&fl6.daddr) && !oif)
838 fl6.flowi6_oif = tcp_v6_iif(skb);
840 if (!oif && netif_index_is_l3_master(net, skb->skb_iif))
843 fl6.flowi6_oif = oif;
846 fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark);
847 fl6.fl6_dport = t1->dest;
848 fl6.fl6_sport = t1->source;
849 fl6.flowi6_uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL);
850 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
852 /* Pass a socket to ip6_dst_lookup either it is for RST
853 * Underlying function will use this to retrieve the network
856 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
858 skb_dst_set(buff, dst);
859 ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL, tclass);
860 TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
862 TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
869 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb)
871 const struct tcphdr *th = tcp_hdr(skb);
872 u32 seq = 0, ack_seq = 0;
873 struct tcp_md5sig_key *key = NULL;
874 #ifdef CONFIG_TCP_MD5SIG
875 const __u8 *hash_location = NULL;
876 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
877 unsigned char newhash[16];
879 struct sock *sk1 = NULL;
886 /* If sk not NULL, it means we did a successful lookup and incoming
887 * route had to be correct. prequeue might have dropped our dst.
889 if (!sk && !ipv6_unicast_destination(skb))
892 #ifdef CONFIG_TCP_MD5SIG
894 hash_location = tcp_parse_md5sig_option(th);
895 if (sk && sk_fullsock(sk)) {
896 key = tcp_v6_md5_do_lookup(sk, &ipv6h->saddr);
897 } else if (hash_location) {
899 * active side is lost. Try to find listening socket through
900 * source port, and then find md5 key through listening socket.
901 * we are not loose security here:
902 * Incoming packet is checked with md5 hash with finding key,
903 * no RST generated if md5 hash doesn't match.
905 sk1 = inet6_lookup_listener(dev_net(skb_dst(skb)->dev),
906 &tcp_hashinfo, NULL, 0,
908 th->source, &ipv6h->daddr,
909 ntohs(th->source), tcp_v6_iif(skb));
913 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr);
917 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, skb);
918 if (genhash || memcmp(hash_location, newhash, 16) != 0)
924 seq = ntohl(th->ack_seq);
926 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
929 oif = sk ? sk->sk_bound_dev_if : 0;
930 tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, key, 1, 0, 0);
932 #ifdef CONFIG_TCP_MD5SIG
938 static void tcp_v6_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq,
939 u32 ack, u32 win, u32 tsval, u32 tsecr, int oif,
940 struct tcp_md5sig_key *key, u8 tclass,
943 tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, key, 0,
947 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
949 struct inet_timewait_sock *tw = inet_twsk(sk);
950 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
952 tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
953 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
954 tcp_time_stamp + tcptw->tw_ts_offset,
955 tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw),
956 tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel));
961 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
962 struct request_sock *req)
964 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
965 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
968 * The window field (SEG.WND) of every outgoing segment, with the
969 * exception of <SYN> segments, MUST be right-shifted by
970 * Rcv.Wind.Shift bits:
972 tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ?
973 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
974 tcp_rsk(req)->rcv_nxt,
975 req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale,
976 tcp_time_stamp + tcp_rsk(req)->ts_off,
977 req->ts_recent, sk->sk_bound_dev_if,
978 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr),
983 static struct sock *tcp_v6_cookie_check(struct sock *sk, struct sk_buff *skb)
985 #ifdef CONFIG_SYN_COOKIES
986 const struct tcphdr *th = tcp_hdr(skb);
989 sk = cookie_v6_check(sk, skb);
994 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
996 if (skb->protocol == htons(ETH_P_IP))
997 return tcp_v4_conn_request(sk, skb);
999 if (!ipv6_unicast_destination(skb))
1002 return tcp_conn_request(&tcp6_request_sock_ops,
1003 &tcp_request_sock_ipv6_ops, sk, skb);
1007 return 0; /* don't send reset */
1010 static void tcp_v6_restore_cb(struct sk_buff *skb)
1012 /* We need to move header back to the beginning if xfrm6_policy_check()
1013 * and tcp_v6_fill_cb() are going to be called again.
1014 * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there.
1016 memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
1017 sizeof(struct inet6_skb_parm));
1020 static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
1021 struct request_sock *req,
1022 struct dst_entry *dst,
1023 struct request_sock *req_unhash,
1026 struct inet_request_sock *ireq;
1027 struct ipv6_pinfo *newnp;
1028 const struct ipv6_pinfo *np = inet6_sk(sk);
1029 struct ipv6_txoptions *opt;
1030 struct tcp6_sock *newtcp6sk;
1031 struct inet_sock *newinet;
1032 struct tcp_sock *newtp;
1034 #ifdef CONFIG_TCP_MD5SIG
1035 struct tcp_md5sig_key *key;
1039 if (skb->protocol == htons(ETH_P_IP)) {
1044 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst,
1045 req_unhash, own_req);
1050 newtcp6sk = (struct tcp6_sock *)newsk;
1051 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1053 newinet = inet_sk(newsk);
1054 newnp = inet6_sk(newsk);
1055 newtp = tcp_sk(newsk);
1057 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1059 newnp->saddr = newsk->sk_v6_rcv_saddr;
1061 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1062 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1063 #ifdef CONFIG_TCP_MD5SIG
1064 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1067 newnp->ipv6_ac_list = NULL;
1068 newnp->ipv6_fl_list = NULL;
1069 newnp->pktoptions = NULL;
1071 newnp->mcast_oif = tcp_v6_iif(skb);
1072 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1073 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1075 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1078 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1079 * here, tcp_create_openreq_child now does this for us, see the comment in
1080 * that function for the gory details. -acme
1083 /* It is tricky place. Until this moment IPv4 tcp
1084 worked with IPv6 icsk.icsk_af_ops.
1087 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1092 ireq = inet_rsk(req);
1094 if (sk_acceptq_is_full(sk))
1098 dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_TCP);
1103 newsk = tcp_create_openreq_child(sk, req, skb);
1108 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1109 * count here, tcp_create_openreq_child now does this for us, see the
1110 * comment in that function for the gory details. -acme
1113 newsk->sk_gso_type = SKB_GSO_TCPV6;
1114 ip6_dst_store(newsk, dst, NULL, NULL);
1115 inet6_sk_rx_dst_set(newsk, skb);
1117 newtcp6sk = (struct tcp6_sock *)newsk;
1118 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1120 newtp = tcp_sk(newsk);
1121 newinet = inet_sk(newsk);
1122 newnp = inet6_sk(newsk);
1124 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1126 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
1127 newnp->saddr = ireq->ir_v6_loc_addr;
1128 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
1129 newsk->sk_bound_dev_if = ireq->ir_iif;
1131 /* Now IPv6 options...
1133 First: no IPv4 options.
1135 newinet->inet_opt = NULL;
1136 newnp->ipv6_ac_list = NULL;
1137 newnp->ipv6_fl_list = NULL;
1140 newnp->rxopt.all = np->rxopt.all;
1142 newnp->pktoptions = NULL;
1144 newnp->mcast_oif = tcp_v6_iif(skb);
1145 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1146 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1148 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1150 /* Clone native IPv6 options from listening socket (if any)
1152 Yes, keeping reference count would be much more clever,
1153 but we make one more one thing there: reattach optmem
1156 opt = ireq->ipv6_opt;
1158 opt = rcu_dereference(np->opt);
1160 opt = ipv6_dup_options(newsk, opt);
1161 RCU_INIT_POINTER(newnp->opt, opt);
1163 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1165 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen +
1168 tcp_ca_openreq_child(newsk, dst);
1170 tcp_sync_mss(newsk, dst_mtu(dst));
1171 newtp->advmss = tcp_mss_clamp(tcp_sk(sk), dst_metric_advmss(dst));
1173 tcp_initialize_rcv_mss(newsk);
1175 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1176 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1178 #ifdef CONFIG_TCP_MD5SIG
1179 /* Copy over the MD5 key from the original socket */
1180 key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr);
1182 /* We're using one, so create a matching key
1183 * on the newsk structure. If we fail to get
1184 * memory, then we end up not copying the key
1187 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr,
1188 AF_INET6, key->key, key->keylen,
1189 sk_gfp_mask(sk, GFP_ATOMIC));
1193 if (__inet_inherit_port(sk, newsk) < 0) {
1194 inet_csk_prepare_forced_close(newsk);
1198 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash));
1200 tcp_move_syn(newtp, req);
1202 /* Clone pktoptions received with SYN, if we own the req */
1203 if (ireq->pktopts) {
1204 newnp->pktoptions = skb_clone(ireq->pktopts,
1205 sk_gfp_mask(sk, GFP_ATOMIC));
1206 consume_skb(ireq->pktopts);
1207 ireq->pktopts = NULL;
1208 if (newnp->pktoptions) {
1209 tcp_v6_restore_cb(newnp->pktoptions);
1210 skb_set_owner_r(newnp->pktoptions, newsk);
1218 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1226 /* The socket must have it's spinlock held when we get
1227 * here, unless it is a TCP_LISTEN socket.
1229 * We have a potential double-lock case here, so even when
1230 * doing backlog processing we use the BH locking scheme.
1231 * This is because we cannot sleep with the original spinlock
1234 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1236 struct ipv6_pinfo *np = inet6_sk(sk);
1237 struct tcp_sock *tp;
1238 struct sk_buff *opt_skb = NULL;
1240 /* Imagine: socket is IPv6. IPv4 packet arrives,
1241 goes to IPv4 receive handler and backlogged.
1242 From backlog it always goes here. Kerboom...
1243 Fortunately, tcp_rcv_established and rcv_established
1244 handle them correctly, but it is not case with
1245 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1248 if (skb->protocol == htons(ETH_P_IP))
1249 return tcp_v4_do_rcv(sk, skb);
1251 if (tcp_filter(sk, skb))
1255 * socket locking is here for SMP purposes as backlog rcv
1256 * is currently called with bh processing disabled.
1259 /* Do Stevens' IPV6_PKTOPTIONS.
1261 Yes, guys, it is the only place in our code, where we
1262 may make it not affecting IPv4.
1263 The rest of code is protocol independent,
1264 and I do not like idea to uglify IPv4.
1266 Actually, all the idea behind IPV6_PKTOPTIONS
1267 looks not very well thought. For now we latch
1268 options, received in the last packet, enqueued
1269 by tcp. Feel free to propose better solution.
1273 opt_skb = skb_clone(skb, sk_gfp_mask(sk, GFP_ATOMIC));
1275 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1276 struct dst_entry *dst = sk->sk_rx_dst;
1278 sock_rps_save_rxhash(sk, skb);
1279 sk_mark_napi_id(sk, skb);
1281 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
1282 dst->ops->check(dst, np->rx_dst_cookie) == NULL) {
1284 sk->sk_rx_dst = NULL;
1288 tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len);
1290 goto ipv6_pktoptions;
1294 if (tcp_checksum_complete(skb))
1297 if (sk->sk_state == TCP_LISTEN) {
1298 struct sock *nsk = tcp_v6_cookie_check(sk, skb);
1304 sock_rps_save_rxhash(nsk, skb);
1305 sk_mark_napi_id(nsk, skb);
1306 if (tcp_child_process(sk, nsk, skb))
1309 __kfree_skb(opt_skb);
1313 sock_rps_save_rxhash(sk, skb);
1315 if (tcp_rcv_state_process(sk, skb))
1318 goto ipv6_pktoptions;
1322 tcp_v6_send_reset(sk, skb);
1325 __kfree_skb(opt_skb);
1329 TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS);
1330 TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS);
1335 /* Do you ask, what is it?
1337 1. skb was enqueued by tcp.
1338 2. skb is added to tail of read queue, rather than out of order.
1339 3. socket is not in passive state.
1340 4. Finally, it really contains options, which user wants to receive.
1343 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1344 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1345 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1346 np->mcast_oif = tcp_v6_iif(opt_skb);
1347 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1348 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1349 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
1350 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
1352 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
1353 if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) {
1354 skb_set_owner_r(opt_skb, sk);
1355 tcp_v6_restore_cb(opt_skb);
1356 opt_skb = xchg(&np->pktoptions, opt_skb);
1358 __kfree_skb(opt_skb);
1359 opt_skb = xchg(&np->pktoptions, NULL);
1367 static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
1368 const struct tcphdr *th)
1370 /* This is tricky: we move IP6CB at its correct location into
1371 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
1372 * _decode_session6() uses IP6CB().
1373 * barrier() makes sure compiler won't play aliasing games.
1375 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
1376 sizeof(struct inet6_skb_parm));
1379 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1380 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1381 skb->len - th->doff*4);
1382 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1383 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1384 TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1385 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1386 TCP_SKB_CB(skb)->sacked = 0;
1389 static int tcp_v6_rcv(struct sk_buff *skb)
1391 const struct tcphdr *th;
1392 const struct ipv6hdr *hdr;
1396 struct net *net = dev_net(skb->dev);
1398 if (skb->pkt_type != PACKET_HOST)
1402 * Count it even if it's bad.
1404 __TCP_INC_STATS(net, TCP_MIB_INSEGS);
1406 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1409 th = (const struct tcphdr *)skb->data;
1411 if (unlikely(th->doff < sizeof(struct tcphdr)/4))
1413 if (!pskb_may_pull(skb, th->doff*4))
1416 if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo))
1419 th = (const struct tcphdr *)skb->data;
1420 hdr = ipv6_hdr(skb);
1423 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th),
1424 th->source, th->dest, inet6_iif(skb),
1430 if (sk->sk_state == TCP_TIME_WAIT)
1433 if (sk->sk_state == TCP_NEW_SYN_RECV) {
1434 struct request_sock *req = inet_reqsk(sk);
1437 sk = req->rsk_listener;
1438 tcp_v6_fill_cb(skb, hdr, th);
1439 if (tcp_v6_inbound_md5_hash(sk, skb)) {
1440 sk_drops_add(sk, skb);
1444 if (unlikely(sk->sk_state != TCP_LISTEN)) {
1445 inet_csk_reqsk_queue_drop_and_put(sk, req);
1450 nsk = tcp_check_req(sk, skb, req, false);
1453 goto discard_and_relse;
1457 tcp_v6_restore_cb(skb);
1458 } else if (tcp_child_process(sk, nsk, skb)) {
1459 tcp_v6_send_reset(nsk, skb);
1460 goto discard_and_relse;
1466 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
1467 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
1468 goto discard_and_relse;
1471 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1472 goto discard_and_relse;
1474 tcp_v6_fill_cb(skb, hdr, th);
1476 if (tcp_v6_inbound_md5_hash(sk, skb))
1477 goto discard_and_relse;
1479 if (tcp_filter(sk, skb))
1480 goto discard_and_relse;
1481 th = (const struct tcphdr *)skb->data;
1482 hdr = ipv6_hdr(skb);
1486 if (sk->sk_state == TCP_LISTEN) {
1487 ret = tcp_v6_do_rcv(sk, skb);
1488 goto put_and_return;
1491 sk_incoming_cpu_update(sk);
1493 bh_lock_sock_nested(sk);
1494 tcp_segs_in(tcp_sk(sk), skb);
1496 if (!sock_owned_by_user(sk)) {
1497 if (!tcp_prequeue(sk, skb))
1498 ret = tcp_v6_do_rcv(sk, skb);
1499 } else if (tcp_add_backlog(sk, skb)) {
1500 goto discard_and_relse;
1507 return ret ? -1 : 0;
1510 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1513 tcp_v6_fill_cb(skb, hdr, th);
1515 if (tcp_checksum_complete(skb)) {
1517 __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS);
1519 __TCP_INC_STATS(net, TCP_MIB_INERRS);
1521 tcp_v6_send_reset(NULL, skb);
1529 sk_drops_add(sk, skb);
1535 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1536 inet_twsk_put(inet_twsk(sk));
1540 tcp_v6_fill_cb(skb, hdr, th);
1542 if (tcp_checksum_complete(skb)) {
1543 inet_twsk_put(inet_twsk(sk));
1547 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1552 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1553 skb, __tcp_hdrlen(th),
1554 &ipv6_hdr(skb)->saddr, th->source,
1555 &ipv6_hdr(skb)->daddr,
1556 ntohs(th->dest), tcp_v6_iif(skb));
1558 struct inet_timewait_sock *tw = inet_twsk(sk);
1559 inet_twsk_deschedule_put(tw);
1561 tcp_v6_restore_cb(skb);
1565 /* Fall through to ACK */
1568 tcp_v6_timewait_ack(sk, skb);
1571 tcp_v6_restore_cb(skb);
1572 tcp_v6_send_reset(sk, skb);
1573 inet_twsk_deschedule_put(inet_twsk(sk));
1575 case TCP_TW_SUCCESS:
1581 static void tcp_v6_early_demux(struct sk_buff *skb)
1583 const struct ipv6hdr *hdr;
1584 const struct tcphdr *th;
1587 if (skb->pkt_type != PACKET_HOST)
1590 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1593 hdr = ipv6_hdr(skb);
1596 if (th->doff < sizeof(struct tcphdr) / 4)
1599 /* Note : We use inet6_iif() here, not tcp_v6_iif() */
1600 sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1601 &hdr->saddr, th->source,
1602 &hdr->daddr, ntohs(th->dest),
1606 skb->destructor = sock_edemux;
1607 if (sk_fullsock(sk)) {
1608 struct dst_entry *dst = READ_ONCE(sk->sk_rx_dst);
1611 dst = dst_check(dst, inet6_sk(sk)->rx_dst_cookie);
1613 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
1614 skb_dst_set_noref(skb, dst);
1619 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1620 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
1621 .twsk_unique = tcp_twsk_unique,
1622 .twsk_destructor = tcp_twsk_destructor,
1625 static const struct inet_connection_sock_af_ops ipv6_specific = {
1626 .queue_xmit = inet6_csk_xmit,
1627 .send_check = tcp_v6_send_check,
1628 .rebuild_header = inet6_sk_rebuild_header,
1629 .sk_rx_dst_set = inet6_sk_rx_dst_set,
1630 .conn_request = tcp_v6_conn_request,
1631 .syn_recv_sock = tcp_v6_syn_recv_sock,
1632 .net_header_len = sizeof(struct ipv6hdr),
1633 .net_frag_header_len = sizeof(struct frag_hdr),
1634 .setsockopt = ipv6_setsockopt,
1635 .getsockopt = ipv6_getsockopt,
1636 .addr2sockaddr = inet6_csk_addr2sockaddr,
1637 .sockaddr_len = sizeof(struct sockaddr_in6),
1638 #ifdef CONFIG_COMPAT
1639 .compat_setsockopt = compat_ipv6_setsockopt,
1640 .compat_getsockopt = compat_ipv6_getsockopt,
1642 .mtu_reduced = tcp_v6_mtu_reduced,
1645 #ifdef CONFIG_TCP_MD5SIG
1646 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1647 .md5_lookup = tcp_v6_md5_lookup,
1648 .calc_md5_hash = tcp_v6_md5_hash_skb,
1649 .md5_parse = tcp_v6_parse_md5_keys,
1654 * TCP over IPv4 via INET6 API
1656 static const struct inet_connection_sock_af_ops ipv6_mapped = {
1657 .queue_xmit = ip_queue_xmit,
1658 .send_check = tcp_v4_send_check,
1659 .rebuild_header = inet_sk_rebuild_header,
1660 .sk_rx_dst_set = inet_sk_rx_dst_set,
1661 .conn_request = tcp_v6_conn_request,
1662 .syn_recv_sock = tcp_v6_syn_recv_sock,
1663 .net_header_len = sizeof(struct iphdr),
1664 .setsockopt = ipv6_setsockopt,
1665 .getsockopt = ipv6_getsockopt,
1666 .addr2sockaddr = inet6_csk_addr2sockaddr,
1667 .sockaddr_len = sizeof(struct sockaddr_in6),
1668 #ifdef CONFIG_COMPAT
1669 .compat_setsockopt = compat_ipv6_setsockopt,
1670 .compat_getsockopt = compat_ipv6_getsockopt,
1672 .mtu_reduced = tcp_v4_mtu_reduced,
1675 #ifdef CONFIG_TCP_MD5SIG
1676 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1677 .md5_lookup = tcp_v4_md5_lookup,
1678 .calc_md5_hash = tcp_v4_md5_hash_skb,
1679 .md5_parse = tcp_v6_parse_md5_keys,
1683 /* NOTE: A lot of things set to zero explicitly by call to
1684 * sk_alloc() so need not be done here.
1686 static int tcp_v6_init_sock(struct sock *sk)
1688 struct inet_connection_sock *icsk = inet_csk(sk);
1692 icsk->icsk_af_ops = &ipv6_specific;
1694 #ifdef CONFIG_TCP_MD5SIG
1695 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
1701 static void tcp_v6_destroy_sock(struct sock *sk)
1703 tcp_v4_destroy_sock(sk);
1704 inet6_destroy_sock(sk);
1707 #ifdef CONFIG_PROC_FS
1708 /* Proc filesystem TCPv6 sock list dumping. */
1709 static void get_openreq6(struct seq_file *seq,
1710 const struct request_sock *req, int i)
1712 long ttd = req->rsk_timer.expires - jiffies;
1713 const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
1714 const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
1720 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1721 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
1723 src->s6_addr32[0], src->s6_addr32[1],
1724 src->s6_addr32[2], src->s6_addr32[3],
1725 inet_rsk(req)->ir_num,
1726 dest->s6_addr32[0], dest->s6_addr32[1],
1727 dest->s6_addr32[2], dest->s6_addr32[3],
1728 ntohs(inet_rsk(req)->ir_rmt_port),
1730 0, 0, /* could print option size, but that is af dependent. */
1731 1, /* timers active (only the expire timer) */
1732 jiffies_to_clock_t(ttd),
1734 from_kuid_munged(seq_user_ns(seq),
1735 sock_i_uid(req->rsk_listener)),
1736 0, /* non standard timer */
1737 0, /* open_requests have no inode */
1741 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1743 const struct in6_addr *dest, *src;
1746 unsigned long timer_expires;
1747 const struct inet_sock *inet = inet_sk(sp);
1748 const struct tcp_sock *tp = tcp_sk(sp);
1749 const struct inet_connection_sock *icsk = inet_csk(sp);
1750 const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq;
1754 dest = &sp->sk_v6_daddr;
1755 src = &sp->sk_v6_rcv_saddr;
1756 destp = ntohs(inet->inet_dport);
1757 srcp = ntohs(inet->inet_sport);
1759 if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
1760 icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT ||
1761 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
1763 timer_expires = icsk->icsk_timeout;
1764 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1766 timer_expires = icsk->icsk_timeout;
1767 } else if (timer_pending(&sp->sk_timer)) {
1769 timer_expires = sp->sk_timer.expires;
1772 timer_expires = jiffies;
1775 state = sk_state_load(sp);
1776 if (state == TCP_LISTEN)
1777 rx_queue = sp->sk_ack_backlog;
1779 /* Because we don't lock the socket,
1780 * we might find a transient negative value.
1782 rx_queue = max_t(int, tp->rcv_nxt - tp->copied_seq, 0);
1785 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1786 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
1788 src->s6_addr32[0], src->s6_addr32[1],
1789 src->s6_addr32[2], src->s6_addr32[3], srcp,
1790 dest->s6_addr32[0], dest->s6_addr32[1],
1791 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1793 tp->write_seq - tp->snd_una,
1796 jiffies_delta_to_clock_t(timer_expires - jiffies),
1797 icsk->icsk_retransmits,
1798 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
1799 icsk->icsk_probes_out,
1801 atomic_read(&sp->sk_refcnt), sp,
1802 jiffies_to_clock_t(icsk->icsk_rto),
1803 jiffies_to_clock_t(icsk->icsk_ack.ato),
1804 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
1806 state == TCP_LISTEN ?
1807 fastopenq->max_qlen :
1808 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
1812 static void get_timewait6_sock(struct seq_file *seq,
1813 struct inet_timewait_sock *tw, int i)
1815 long delta = tw->tw_timer.expires - jiffies;
1816 const struct in6_addr *dest, *src;
1819 dest = &tw->tw_v6_daddr;
1820 src = &tw->tw_v6_rcv_saddr;
1821 destp = ntohs(tw->tw_dport);
1822 srcp = ntohs(tw->tw_sport);
1825 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1826 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1828 src->s6_addr32[0], src->s6_addr32[1],
1829 src->s6_addr32[2], src->s6_addr32[3], srcp,
1830 dest->s6_addr32[0], dest->s6_addr32[1],
1831 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1832 tw->tw_substate, 0, 0,
1833 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
1834 atomic_read(&tw->tw_refcnt), tw);
1837 static int tcp6_seq_show(struct seq_file *seq, void *v)
1839 struct tcp_iter_state *st;
1840 struct sock *sk = v;
1842 if (v == SEQ_START_TOKEN) {
1847 "st tx_queue rx_queue tr tm->when retrnsmt"
1848 " uid timeout inode\n");
1853 if (sk->sk_state == TCP_TIME_WAIT)
1854 get_timewait6_sock(seq, v, st->num);
1855 else if (sk->sk_state == TCP_NEW_SYN_RECV)
1856 get_openreq6(seq, v, st->num);
1858 get_tcp6_sock(seq, v, st->num);
1863 static const struct file_operations tcp6_afinfo_seq_fops = {
1864 .owner = THIS_MODULE,
1865 .open = tcp_seq_open,
1867 .llseek = seq_lseek,
1868 .release = seq_release_net
1871 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1874 .seq_fops = &tcp6_afinfo_seq_fops,
1876 .show = tcp6_seq_show,
1880 int __net_init tcp6_proc_init(struct net *net)
1882 return tcp_proc_register(net, &tcp6_seq_afinfo);
1885 void tcp6_proc_exit(struct net *net)
1887 tcp_proc_unregister(net, &tcp6_seq_afinfo);
1891 struct proto tcpv6_prot = {
1893 .owner = THIS_MODULE,
1895 .connect = tcp_v6_connect,
1896 .disconnect = tcp_disconnect,
1897 .accept = inet_csk_accept,
1899 .init = tcp_v6_init_sock,
1900 .destroy = tcp_v6_destroy_sock,
1901 .shutdown = tcp_shutdown,
1902 .setsockopt = tcp_setsockopt,
1903 .getsockopt = tcp_getsockopt,
1904 .keepalive = tcp_set_keepalive,
1905 .recvmsg = tcp_recvmsg,
1906 .sendmsg = tcp_sendmsg,
1907 .sendpage = tcp_sendpage,
1908 .backlog_rcv = tcp_v6_do_rcv,
1909 .release_cb = tcp_release_cb,
1911 .unhash = inet_unhash,
1912 .get_port = inet_csk_get_port,
1913 .enter_memory_pressure = tcp_enter_memory_pressure,
1914 .stream_memory_free = tcp_stream_memory_free,
1915 .sockets_allocated = &tcp_sockets_allocated,
1916 .memory_allocated = &tcp_memory_allocated,
1917 .memory_pressure = &tcp_memory_pressure,
1918 .orphan_count = &tcp_orphan_count,
1919 .sysctl_mem = sysctl_tcp_mem,
1920 .sysctl_wmem = sysctl_tcp_wmem,
1921 .sysctl_rmem = sysctl_tcp_rmem,
1922 .max_header = MAX_TCP_HEADER,
1923 .obj_size = sizeof(struct tcp6_sock),
1924 .slab_flags = SLAB_DESTROY_BY_RCU,
1925 .twsk_prot = &tcp6_timewait_sock_ops,
1926 .rsk_prot = &tcp6_request_sock_ops,
1927 .h.hashinfo = &tcp_hashinfo,
1928 .no_autobind = true,
1929 #ifdef CONFIG_COMPAT
1930 .compat_setsockopt = compat_tcp_setsockopt,
1931 .compat_getsockopt = compat_tcp_getsockopt,
1933 .diag_destroy = tcp_abort,
1936 static const struct inet6_protocol tcpv6_protocol = {
1937 .early_demux = tcp_v6_early_demux,
1938 .handler = tcp_v6_rcv,
1939 .err_handler = tcp_v6_err,
1940 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1943 static struct inet_protosw tcpv6_protosw = {
1944 .type = SOCK_STREAM,
1945 .protocol = IPPROTO_TCP,
1946 .prot = &tcpv6_prot,
1947 .ops = &inet6_stream_ops,
1948 .flags = INET_PROTOSW_PERMANENT |
1952 static int __net_init tcpv6_net_init(struct net *net)
1954 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
1955 SOCK_RAW, IPPROTO_TCP, net);
1958 static void __net_exit tcpv6_net_exit(struct net *net)
1960 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
1963 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
1965 inet_twsk_purge(&tcp_hashinfo, AF_INET6);
1968 static struct pernet_operations tcpv6_net_ops = {
1969 .init = tcpv6_net_init,
1970 .exit = tcpv6_net_exit,
1971 .exit_batch = tcpv6_net_exit_batch,
1974 int __init tcpv6_init(void)
1978 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
1982 /* register inet6 protocol */
1983 ret = inet6_register_protosw(&tcpv6_protosw);
1985 goto out_tcpv6_protocol;
1987 ret = register_pernet_subsys(&tcpv6_net_ops);
1989 goto out_tcpv6_protosw;
1994 inet6_unregister_protosw(&tcpv6_protosw);
1996 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2000 void tcpv6_exit(void)
2002 unregister_pernet_subsys(&tcpv6_net_ops);
2003 inet6_unregister_protosw(&tcpv6_protosw);
2004 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
projects / linux.git / blob