2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * Implementation of the Transmission Control Protocol(TCP).
8 * Version: $Id: tcp_ipv4.c,v 1.240 2002/02/01 22:01:04 davem Exp $
10 * IPv4 specific functions
15 * linux/ipv4/tcp_input.c
16 * linux/ipv4/tcp_output.c
18 * See tcp.c for author information
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
28 * David S. Miller : New socket lookup architecture.
29 * This code is dedicated to John Dyson.
30 * David S. Miller : Change semantics of established hash,
31 * half is devoted to TIME_WAIT sockets
32 * and the rest go in the other half.
33 * Andi Kleen : Add support for syncookies and fixed
34 * some bugs: ip options weren't passed to
35 * the TCP layer, missed a check for an
37 * Andi Kleen : Implemented fast path mtu discovery.
38 * Fixed many serious bugs in the
39 * request_sock handling and moved
40 * most of it into the af independent code.
41 * Added tail drop and some other bugfixes.
42 * Added new listen semantics.
43 * Mike McLagan : Routing by source
44 * Juan Jose Ciarlante: ip_dynaddr bits
45 * Andi Kleen: various fixes.
46 * Vitaly E. Lavrov : Transparent proxy revived after year
48 * Andi Kleen : Fix new listen.
49 * Andi Kleen : Fix accept error reporting.
50 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
51 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
52 * a single port at the same time.
56 #include <linux/types.h>
57 #include <linux/fcntl.h>
58 #include <linux/module.h>
59 #include <linux/random.h>
60 #include <linux/cache.h>
61 #include <linux/jhash.h>
62 #include <linux/init.h>
63 #include <linux/times.h>
65 #include <net/net_namespace.h>
67 #include <net/inet_hashtables.h>
69 #include <net/transp_v6.h>
71 #include <net/inet_common.h>
72 #include <net/timewait_sock.h>
74 #include <net/netdma.h>
76 #include <linux/inet.h>
77 #include <linux/ipv6.h>
78 #include <linux/stddef.h>
79 #include <linux/proc_fs.h>
80 #include <linux/seq_file.h>
82 #include <linux/crypto.h>
83 #include <linux/scatterlist.h>
85 int sysctl_tcp_tw_reuse __read_mostly;
86 int sysctl_tcp_low_latency __read_mostly;
88 /* Check TCP sequence numbers in ICMP packets. */
89 #define ICMP_MIN_LENGTH 8
91 /* Socket used for sending RSTs */
92 static struct socket *tcp_socket __read_mostly;
94 void tcp_v4_send_check(struct sock *sk, int len, struct sk_buff *skb);
96 #ifdef CONFIG_TCP_MD5SIG
97 static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk,
99 static int tcp_v4_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
100 __be32 saddr, __be32 daddr,
101 struct tcphdr *th, int protocol,
102 unsigned int tcplen);
105 struct inet_hashinfo __cacheline_aligned tcp_hashinfo = {
106 .lhash_lock = __RW_LOCK_UNLOCKED(tcp_hashinfo.lhash_lock),
107 .lhash_users = ATOMIC_INIT(0),
108 .lhash_wait = __WAIT_QUEUE_HEAD_INITIALIZER(tcp_hashinfo.lhash_wait),
111 static inline __u32 tcp_v4_init_sequence(struct sk_buff *skb)
113 return secure_tcp_sequence_number(ip_hdr(skb)->daddr,
116 tcp_hdr(skb)->source);
119 int tcp_twsk_unique(struct sock *sk, struct sock *sktw, void *twp)
121 const struct tcp_timewait_sock *tcptw = tcp_twsk(sktw);
122 struct tcp_sock *tp = tcp_sk(sk);
124 /* With PAWS, it is safe from the viewpoint
125 of data integrity. Even without PAWS it is safe provided sequence
126 spaces do not overlap i.e. at data rates <= 80Mbit/sec.
128 Actually, the idea is close to VJ's one, only timestamp cache is
129 held not per host, but per port pair and TW bucket is used as state
132 If TW bucket has been already destroyed we fall back to VJ's scheme
133 and use initial timestamp retrieved from peer table.
135 if (tcptw->tw_ts_recent_stamp &&
136 (twp == NULL || (sysctl_tcp_tw_reuse &&
137 get_seconds() - tcptw->tw_ts_recent_stamp > 1))) {
138 tp->write_seq = tcptw->tw_snd_nxt + 65535 + 2;
139 if (tp->write_seq == 0)
141 tp->rx_opt.ts_recent = tcptw->tw_ts_recent;
142 tp->rx_opt.ts_recent_stamp = tcptw->tw_ts_recent_stamp;
150 EXPORT_SYMBOL_GPL(tcp_twsk_unique);
152 /* This will initiate an outgoing connection. */
153 int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
155 struct inet_sock *inet = inet_sk(sk);
156 struct tcp_sock *tp = tcp_sk(sk);
157 struct sockaddr_in *usin = (struct sockaddr_in *)uaddr;
159 __be32 daddr, nexthop;
163 if (addr_len < sizeof(struct sockaddr_in))
166 if (usin->sin_family != AF_INET)
167 return -EAFNOSUPPORT;
169 nexthop = daddr = usin->sin_addr.s_addr;
170 if (inet->opt && inet->opt->srr) {
173 nexthop = inet->opt->faddr;
176 tmp = ip_route_connect(&rt, nexthop, inet->saddr,
177 RT_CONN_FLAGS(sk), sk->sk_bound_dev_if,
179 inet->sport, usin->sin_port, sk, 1);
181 if (tmp == -ENETUNREACH)
182 IP_INC_STATS_BH(IPSTATS_MIB_OUTNOROUTES);
186 if (rt->rt_flags & (RTCF_MULTICAST | RTCF_BROADCAST)) {
191 if (!inet->opt || !inet->opt->srr)
195 inet->saddr = rt->rt_src;
196 inet->rcv_saddr = inet->saddr;
198 if (tp->rx_opt.ts_recent_stamp && inet->daddr != daddr) {
199 /* Reset inherited state */
200 tp->rx_opt.ts_recent = 0;
201 tp->rx_opt.ts_recent_stamp = 0;
205 if (tcp_death_row.sysctl_tw_recycle &&
206 !tp->rx_opt.ts_recent_stamp && rt->rt_dst == daddr) {
207 struct inet_peer *peer = rt_get_peer(rt);
209 * VJ's idea. We save last timestamp seen from
210 * the destination in peer table, when entering state
211 * TIME-WAIT * and initialize rx_opt.ts_recent from it,
212 * when trying new connection.
215 peer->tcp_ts_stamp + TCP_PAWS_MSL >= get_seconds()) {
216 tp->rx_opt.ts_recent_stamp = peer->tcp_ts_stamp;
217 tp->rx_opt.ts_recent = peer->tcp_ts;
221 inet->dport = usin->sin_port;
224 inet_csk(sk)->icsk_ext_hdr_len = 0;
226 inet_csk(sk)->icsk_ext_hdr_len = inet->opt->optlen;
228 tp->rx_opt.mss_clamp = 536;
230 /* Socket identity is still unknown (sport may be zero).
231 * However we set state to SYN-SENT and not releasing socket
232 * lock select source port, enter ourselves into the hash tables and
233 * complete initialization after this.
235 tcp_set_state(sk, TCP_SYN_SENT);
236 err = inet_hash_connect(&tcp_death_row, sk);
240 err = ip_route_newports(&rt, IPPROTO_TCP,
241 inet->sport, inet->dport, sk);
245 /* OK, now commit destination to socket. */
246 sk->sk_gso_type = SKB_GSO_TCPV4;
247 sk_setup_caps(sk, &rt->u.dst);
250 tp->write_seq = secure_tcp_sequence_number(inet->saddr,
255 inet->id = tp->write_seq ^ jiffies;
257 err = tcp_connect(sk);
266 * This unhashes the socket and releases the local port,
269 tcp_set_state(sk, TCP_CLOSE);
271 sk->sk_route_caps = 0;
277 * This routine does path mtu discovery as defined in RFC1191.
279 static void do_pmtu_discovery(struct sock *sk, struct iphdr *iph, u32 mtu)
281 struct dst_entry *dst;
282 struct inet_sock *inet = inet_sk(sk);
284 /* We are not interested in TCP_LISTEN and open_requests (SYN-ACKs
285 * send out by Linux are always <576bytes so they should go through
288 if (sk->sk_state == TCP_LISTEN)
291 /* We don't check in the destentry if pmtu discovery is forbidden
292 * on this route. We just assume that no packet_to_big packets
293 * are send back when pmtu discovery is not active.
294 * There is a small race when the user changes this flag in the
295 * route, but I think that's acceptable.
297 if ((dst = __sk_dst_check(sk, 0)) == NULL)
300 dst->ops->update_pmtu(dst, mtu);
302 /* Something is about to be wrong... Remember soft error
303 * for the case, if this connection will not able to recover.
305 if (mtu < dst_mtu(dst) && ip_dont_fragment(sk, dst))
306 sk->sk_err_soft = EMSGSIZE;
310 if (inet->pmtudisc != IP_PMTUDISC_DONT &&
311 inet_csk(sk)->icsk_pmtu_cookie > mtu) {
312 tcp_sync_mss(sk, mtu);
314 /* Resend the TCP packet because it's
315 * clear that the old packet has been
316 * dropped. This is the new "fast" path mtu
319 tcp_simple_retransmit(sk);
320 } /* else let the usual retransmit timer handle it */
324 * This routine is called by the ICMP module when it gets some
325 * sort of error condition. If err < 0 then the socket should
326 * be closed and the error returned to the user. If err > 0
327 * it's just the icmp type << 8 | icmp code. After adjustment
328 * header points to the first 8 bytes of the tcp header. We need
329 * to find the appropriate port.
331 * The locking strategy used here is very "optimistic". When
332 * someone else accesses the socket the ICMP is just dropped
333 * and for some paths there is no check at all.
334 * A more general error queue to queue errors for later handling
335 * is probably better.
339 void tcp_v4_err(struct sk_buff *skb, u32 info)
341 struct iphdr *iph = (struct iphdr *)skb->data;
342 struct tcphdr *th = (struct tcphdr *)(skb->data + (iph->ihl << 2));
344 struct inet_sock *inet;
345 const int type = icmp_hdr(skb)->type;
346 const int code = icmp_hdr(skb)->code;
351 if (skb->len < (iph->ihl << 2) + 8) {
352 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS);
356 sk = inet_lookup(dev_net(skb->dev), &tcp_hashinfo, iph->daddr, th->dest,
357 iph->saddr, th->source, inet_iif(skb));
359 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS);
362 if (sk->sk_state == TCP_TIME_WAIT) {
363 inet_twsk_put(inet_twsk(sk));
368 /* If too many ICMPs get dropped on busy
369 * servers this needs to be solved differently.
371 if (sock_owned_by_user(sk))
372 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
374 if (sk->sk_state == TCP_CLOSE)
378 seq = ntohl(th->seq);
379 if (sk->sk_state != TCP_LISTEN &&
380 !between(seq, tp->snd_una, tp->snd_nxt)) {
381 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
386 case ICMP_SOURCE_QUENCH:
387 /* Just silently ignore these. */
389 case ICMP_PARAMETERPROB:
392 case ICMP_DEST_UNREACH:
393 if (code > NR_ICMP_UNREACH)
396 if (code == ICMP_FRAG_NEEDED) { /* PMTU discovery (RFC1191) */
397 if (!sock_owned_by_user(sk))
398 do_pmtu_discovery(sk, iph, info);
402 err = icmp_err_convert[code].errno;
404 case ICMP_TIME_EXCEEDED:
411 switch (sk->sk_state) {
412 struct request_sock *req, **prev;
414 if (sock_owned_by_user(sk))
417 req = inet_csk_search_req(sk, &prev, th->dest,
418 iph->daddr, iph->saddr);
422 /* ICMPs are not backlogged, hence we cannot get
423 an established socket here.
427 if (seq != tcp_rsk(req)->snt_isn) {
428 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
433 * Still in SYN_RECV, just remove it silently.
434 * There is no good way to pass the error to the newly
435 * created socket, and POSIX does not want network
436 * errors returned from accept().
438 inet_csk_reqsk_queue_drop(sk, req, prev);
442 case TCP_SYN_RECV: /* Cannot happen.
443 It can f.e. if SYNs crossed.
445 if (!sock_owned_by_user(sk)) {
448 sk->sk_error_report(sk);
452 sk->sk_err_soft = err;
457 /* If we've already connected we will keep trying
458 * until we time out, or the user gives up.
460 * rfc1122 4.2.3.9 allows to consider as hard errors
461 * only PROTO_UNREACH and PORT_UNREACH (well, FRAG_FAILED too,
462 * but it is obsoleted by pmtu discovery).
464 * Note, that in modern internet, where routing is unreliable
465 * and in each dark corner broken firewalls sit, sending random
466 * errors ordered by their masters even this two messages finally lose
467 * their original sense (even Linux sends invalid PORT_UNREACHs)
469 * Now we are in compliance with RFCs.
474 if (!sock_owned_by_user(sk) && inet->recverr) {
476 sk->sk_error_report(sk);
477 } else { /* Only an error on timeout */
478 sk->sk_err_soft = err;
486 /* This routine computes an IPv4 TCP checksum. */
487 void tcp_v4_send_check(struct sock *sk, int len, struct sk_buff *skb)
489 struct inet_sock *inet = inet_sk(sk);
490 struct tcphdr *th = tcp_hdr(skb);
492 if (skb->ip_summed == CHECKSUM_PARTIAL) {
493 th->check = ~tcp_v4_check(len, inet->saddr,
495 skb->csum_start = skb_transport_header(skb) - skb->head;
496 skb->csum_offset = offsetof(struct tcphdr, check);
498 th->check = tcp_v4_check(len, inet->saddr, inet->daddr,
499 csum_partial((char *)th,
505 int tcp_v4_gso_send_check(struct sk_buff *skb)
507 const struct iphdr *iph;
510 if (!pskb_may_pull(skb, sizeof(*th)))
517 th->check = ~tcp_v4_check(skb->len, iph->saddr, iph->daddr, 0);
518 skb->csum_start = skb_transport_header(skb) - skb->head;
519 skb->csum_offset = offsetof(struct tcphdr, check);
520 skb->ip_summed = CHECKSUM_PARTIAL;
525 * This routine will send an RST to the other tcp.
527 * Someone asks: why I NEVER use socket parameters (TOS, TTL etc.)
529 * Answer: if a packet caused RST, it is not for a socket
530 * existing in our system, if it is matched to a socket,
531 * it is just duplicate segment or bug in other side's TCP.
532 * So that we build reply only basing on parameters
533 * arrived with segment.
534 * Exception: precedence violation. We do not implement it in any case.
537 static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
539 struct tcphdr *th = tcp_hdr(skb);
542 #ifdef CONFIG_TCP_MD5SIG
543 __be32 opt[(TCPOLEN_MD5SIG_ALIGNED >> 2)];
546 struct ip_reply_arg arg;
547 #ifdef CONFIG_TCP_MD5SIG
548 struct tcp_md5sig_key *key;
551 /* Never send a reset in response to a reset. */
555 if (skb->rtable->rt_type != RTN_LOCAL)
558 /* Swap the send and the receive. */
559 memset(&rep, 0, sizeof(rep));
560 rep.th.dest = th->source;
561 rep.th.source = th->dest;
562 rep.th.doff = sizeof(struct tcphdr) / 4;
566 rep.th.seq = th->ack_seq;
569 rep.th.ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin +
570 skb->len - (th->doff << 2));
573 memset(&arg, 0, sizeof(arg));
574 arg.iov[0].iov_base = (unsigned char *)&rep;
575 arg.iov[0].iov_len = sizeof(rep.th);
577 #ifdef CONFIG_TCP_MD5SIG
578 key = sk ? tcp_v4_md5_do_lookup(sk, ip_hdr(skb)->daddr) : NULL;
580 rep.opt[0] = htonl((TCPOPT_NOP << 24) |
582 (TCPOPT_MD5SIG << 8) |
584 /* Update length and the length the header thinks exists */
585 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
586 rep.th.doff = arg.iov[0].iov_len / 4;
588 tcp_v4_do_calc_md5_hash((__u8 *)&rep.opt[1],
592 &rep.th, IPPROTO_TCP,
596 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
597 ip_hdr(skb)->saddr, /* XXX */
598 sizeof(struct tcphdr), IPPROTO_TCP, 0);
599 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
601 ip_send_reply(tcp_socket->sk, skb, &arg, arg.iov[0].iov_len);
603 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
604 TCP_INC_STATS_BH(TCP_MIB_OUTRSTS);
607 /* The code following below sending ACKs in SYN-RECV and TIME-WAIT states
608 outside socket context is ugly, certainly. What can I do?
611 static void tcp_v4_send_ack(struct tcp_timewait_sock *twsk,
612 struct sk_buff *skb, u32 seq, u32 ack,
615 struct tcphdr *th = tcp_hdr(skb);
618 __be32 opt[(TCPOLEN_TSTAMP_ALIGNED >> 2)
619 #ifdef CONFIG_TCP_MD5SIG
620 + (TCPOLEN_MD5SIG_ALIGNED >> 2)
624 struct ip_reply_arg arg;
625 #ifdef CONFIG_TCP_MD5SIG
626 struct tcp_md5sig_key *key;
627 struct tcp_md5sig_key tw_key;
630 memset(&rep.th, 0, sizeof(struct tcphdr));
631 memset(&arg, 0, sizeof(arg));
633 arg.iov[0].iov_base = (unsigned char *)&rep;
634 arg.iov[0].iov_len = sizeof(rep.th);
636 rep.opt[0] = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
637 (TCPOPT_TIMESTAMP << 8) |
639 rep.opt[1] = htonl(tcp_time_stamp);
640 rep.opt[2] = htonl(ts);
641 arg.iov[0].iov_len += TCPOLEN_TSTAMP_ALIGNED;
644 /* Swap the send and the receive. */
645 rep.th.dest = th->source;
646 rep.th.source = th->dest;
647 rep.th.doff = arg.iov[0].iov_len / 4;
648 rep.th.seq = htonl(seq);
649 rep.th.ack_seq = htonl(ack);
651 rep.th.window = htons(win);
653 #ifdef CONFIG_TCP_MD5SIG
655 * The SKB holds an imcoming packet, but may not have a valid ->sk
656 * pointer. This is especially the case when we're dealing with a
657 * TIME_WAIT ack, because the sk structure is long gone, and only
658 * the tcp_timewait_sock remains. So the md5 key is stashed in that
659 * structure, and we use it in preference. I believe that (twsk ||
660 * skb->sk) holds true, but we program defensively.
662 if (!twsk && skb->sk) {
663 key = tcp_v4_md5_do_lookup(skb->sk, ip_hdr(skb)->daddr);
664 } else if (twsk && twsk->tw_md5_keylen) {
665 tw_key.key = twsk->tw_md5_key;
666 tw_key.keylen = twsk->tw_md5_keylen;
672 int offset = (ts) ? 3 : 0;
674 rep.opt[offset++] = htonl((TCPOPT_NOP << 24) |
676 (TCPOPT_MD5SIG << 8) |
678 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
679 rep.th.doff = arg.iov[0].iov_len/4;
681 tcp_v4_do_calc_md5_hash((__u8 *)&rep.opt[offset],
685 &rep.th, IPPROTO_TCP,
689 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
690 ip_hdr(skb)->saddr, /* XXX */
691 arg.iov[0].iov_len, IPPROTO_TCP, 0);
692 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
694 arg.bound_dev_if = twsk->tw_sk.tw_bound_dev_if;
696 ip_send_reply(tcp_socket->sk, skb, &arg, arg.iov[0].iov_len);
698 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
701 static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb)
703 struct inet_timewait_sock *tw = inet_twsk(sk);
704 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
706 tcp_v4_send_ack(tcptw, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
707 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
708 tcptw->tw_ts_recent);
713 static void tcp_v4_reqsk_send_ack(struct sk_buff *skb,
714 struct request_sock *req)
716 tcp_v4_send_ack(NULL, skb, tcp_rsk(req)->snt_isn + 1,
717 tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd,
722 * Send a SYN-ACK after having received a SYN.
723 * This still operates on a request_sock only, not on a big
726 static int __tcp_v4_send_synack(struct sock *sk, struct request_sock *req,
727 struct dst_entry *dst)
729 const struct inet_request_sock *ireq = inet_rsk(req);
731 struct sk_buff * skb;
733 /* First, grab a route. */
734 if (!dst && (dst = inet_csk_route_req(sk, req)) == NULL)
737 skb = tcp_make_synack(sk, dst, req);
740 struct tcphdr *th = tcp_hdr(skb);
742 th->check = tcp_v4_check(skb->len,
745 csum_partial((char *)th, skb->len,
748 err = ip_build_and_send_pkt(skb, sk, ireq->loc_addr,
751 err = net_xmit_eval(err);
758 static int tcp_v4_send_synack(struct sock *sk, struct request_sock *req)
760 return __tcp_v4_send_synack(sk, req, NULL);
764 * IPv4 request_sock destructor.
766 static void tcp_v4_reqsk_destructor(struct request_sock *req)
768 kfree(inet_rsk(req)->opt);
771 #ifdef CONFIG_SYN_COOKIES
772 static void syn_flood_warning(struct sk_buff *skb)
774 static unsigned long warntime;
776 if (time_after(jiffies, (warntime + HZ * 60))) {
779 "possible SYN flooding on port %d. Sending cookies.\n",
780 ntohs(tcp_hdr(skb)->dest));
786 * Save and compile IPv4 options into the request_sock if needed.
788 static struct ip_options *tcp_v4_save_options(struct sock *sk,
791 struct ip_options *opt = &(IPCB(skb)->opt);
792 struct ip_options *dopt = NULL;
794 if (opt && opt->optlen) {
795 int opt_size = optlength(opt);
796 dopt = kmalloc(opt_size, GFP_ATOMIC);
798 if (ip_options_echo(dopt, skb)) {
807 #ifdef CONFIG_TCP_MD5SIG
809 * RFC2385 MD5 checksumming requires a mapping of
810 * IP address->MD5 Key.
811 * We need to maintain these in the sk structure.
814 /* Find the Key structure for an address. */
815 static struct tcp_md5sig_key *
816 tcp_v4_md5_do_lookup(struct sock *sk, __be32 addr)
818 struct tcp_sock *tp = tcp_sk(sk);
821 if (!tp->md5sig_info || !tp->md5sig_info->entries4)
823 for (i = 0; i < tp->md5sig_info->entries4; i++) {
824 if (tp->md5sig_info->keys4[i].addr == addr)
825 return &tp->md5sig_info->keys4[i].base;
830 struct tcp_md5sig_key *tcp_v4_md5_lookup(struct sock *sk,
831 struct sock *addr_sk)
833 return tcp_v4_md5_do_lookup(sk, inet_sk(addr_sk)->daddr);
836 EXPORT_SYMBOL(tcp_v4_md5_lookup);
838 static struct tcp_md5sig_key *tcp_v4_reqsk_md5_lookup(struct sock *sk,
839 struct request_sock *req)
841 return tcp_v4_md5_do_lookup(sk, inet_rsk(req)->rmt_addr);
844 /* This can be called on a newly created socket, from other files */
845 int tcp_v4_md5_do_add(struct sock *sk, __be32 addr,
846 u8 *newkey, u8 newkeylen)
848 /* Add Key to the list */
849 struct tcp_md5sig_key *key;
850 struct tcp_sock *tp = tcp_sk(sk);
851 struct tcp4_md5sig_key *keys;
853 key = tcp_v4_md5_do_lookup(sk, addr);
855 /* Pre-existing entry - just update that one. */
858 key->keylen = newkeylen;
860 struct tcp_md5sig_info *md5sig;
862 if (!tp->md5sig_info) {
863 tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info),
865 if (!tp->md5sig_info) {
869 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
871 if (tcp_alloc_md5sig_pool() == NULL) {
875 md5sig = tp->md5sig_info;
877 if (md5sig->alloced4 == md5sig->entries4) {
878 keys = kmalloc((sizeof(*keys) *
879 (md5sig->entries4 + 1)), GFP_ATOMIC);
882 tcp_free_md5sig_pool();
886 if (md5sig->entries4)
887 memcpy(keys, md5sig->keys4,
888 sizeof(*keys) * md5sig->entries4);
890 /* Free old key list, and reference new one */
891 kfree(md5sig->keys4);
892 md5sig->keys4 = keys;
896 md5sig->keys4[md5sig->entries4 - 1].addr = addr;
897 md5sig->keys4[md5sig->entries4 - 1].base.key = newkey;
898 md5sig->keys4[md5sig->entries4 - 1].base.keylen = newkeylen;
903 EXPORT_SYMBOL(tcp_v4_md5_do_add);
905 static int tcp_v4_md5_add_func(struct sock *sk, struct sock *addr_sk,
906 u8 *newkey, u8 newkeylen)
908 return tcp_v4_md5_do_add(sk, inet_sk(addr_sk)->daddr,
912 int tcp_v4_md5_do_del(struct sock *sk, __be32 addr)
914 struct tcp_sock *tp = tcp_sk(sk);
917 for (i = 0; i < tp->md5sig_info->entries4; i++) {
918 if (tp->md5sig_info->keys4[i].addr == addr) {
920 kfree(tp->md5sig_info->keys4[i].base.key);
921 tp->md5sig_info->entries4--;
923 if (tp->md5sig_info->entries4 == 0) {
924 kfree(tp->md5sig_info->keys4);
925 tp->md5sig_info->keys4 = NULL;
926 tp->md5sig_info->alloced4 = 0;
927 } else if (tp->md5sig_info->entries4 != i) {
928 /* Need to do some manipulation */
929 memmove(&tp->md5sig_info->keys4[i],
930 &tp->md5sig_info->keys4[i+1],
931 (tp->md5sig_info->entries4 - i) *
932 sizeof(struct tcp4_md5sig_key));
934 tcp_free_md5sig_pool();
941 EXPORT_SYMBOL(tcp_v4_md5_do_del);
943 static void tcp_v4_clear_md5_list(struct sock *sk)
945 struct tcp_sock *tp = tcp_sk(sk);
947 /* Free each key, then the set of key keys,
948 * the crypto element, and then decrement our
949 * hold on the last resort crypto.
951 if (tp->md5sig_info->entries4) {
953 for (i = 0; i < tp->md5sig_info->entries4; i++)
954 kfree(tp->md5sig_info->keys4[i].base.key);
955 tp->md5sig_info->entries4 = 0;
956 tcp_free_md5sig_pool();
958 if (tp->md5sig_info->keys4) {
959 kfree(tp->md5sig_info->keys4);
960 tp->md5sig_info->keys4 = NULL;
961 tp->md5sig_info->alloced4 = 0;
965 static int tcp_v4_parse_md5_keys(struct sock *sk, char __user *optval,
968 struct tcp_md5sig cmd;
969 struct sockaddr_in *sin = (struct sockaddr_in *)&cmd.tcpm_addr;
972 if (optlen < sizeof(cmd))
975 if (copy_from_user(&cmd, optval, sizeof(cmd)))
978 if (sin->sin_family != AF_INET)
981 if (!cmd.tcpm_key || !cmd.tcpm_keylen) {
982 if (!tcp_sk(sk)->md5sig_info)
984 return tcp_v4_md5_do_del(sk, sin->sin_addr.s_addr);
987 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
990 if (!tcp_sk(sk)->md5sig_info) {
991 struct tcp_sock *tp = tcp_sk(sk);
992 struct tcp_md5sig_info *p = kzalloc(sizeof(*p), GFP_KERNEL);
998 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
1001 newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
1004 return tcp_v4_md5_do_add(sk, sin->sin_addr.s_addr,
1005 newkey, cmd.tcpm_keylen);
1008 static int tcp_v4_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
1009 __be32 saddr, __be32 daddr,
1010 struct tcphdr *th, int protocol,
1011 unsigned int tcplen)
1013 struct scatterlist sg[4];
1016 __sum16 old_checksum;
1017 struct tcp_md5sig_pool *hp;
1018 struct tcp4_pseudohdr *bp;
1019 struct hash_desc *desc;
1021 unsigned int nbytes = 0;
1024 * Okay, so RFC2385 is turned on for this connection,
1025 * so we need to generate the MD5 hash for the packet now.
1028 hp = tcp_get_md5sig_pool();
1030 goto clear_hash_noput;
1032 bp = &hp->md5_blk.ip4;
1033 desc = &hp->md5_desc;
1036 * 1. the TCP pseudo-header (in the order: source IP address,
1037 * destination IP address, zero-padded protocol number, and
1043 bp->protocol = protocol;
1044 bp->len = htons(tcplen);
1046 sg_init_table(sg, 4);
1048 sg_set_buf(&sg[block++], bp, sizeof(*bp));
1049 nbytes += sizeof(*bp);
1051 /* 2. the TCP header, excluding options, and assuming a
1054 old_checksum = th->check;
1056 sg_set_buf(&sg[block++], th, sizeof(struct tcphdr));
1057 nbytes += sizeof(struct tcphdr);
1059 /* 3. the TCP segment data (if any) */
1060 data_len = tcplen - (th->doff << 2);
1062 unsigned char *data = (unsigned char *)th + (th->doff << 2);
1063 sg_set_buf(&sg[block++], data, data_len);
1067 /* 4. an independently-specified key or password, known to both
1068 * TCPs and presumably connection-specific
1070 sg_set_buf(&sg[block++], key->key, key->keylen);
1071 nbytes += key->keylen;
1073 sg_mark_end(&sg[block - 1]);
1075 /* Now store the Hash into the packet */
1076 err = crypto_hash_init(desc);
1079 err = crypto_hash_update(desc, sg, nbytes);
1082 err = crypto_hash_final(desc, md5_hash);
1086 /* Reset header, and free up the crypto */
1087 tcp_put_md5sig_pool();
1088 th->check = old_checksum;
1093 tcp_put_md5sig_pool();
1095 memset(md5_hash, 0, 16);
1099 int tcp_v4_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
1101 struct dst_entry *dst,
1102 struct request_sock *req,
1103 struct tcphdr *th, int protocol,
1104 unsigned int tcplen)
1106 __be32 saddr, daddr;
1109 saddr = inet_sk(sk)->saddr;
1110 daddr = inet_sk(sk)->daddr;
1112 struct rtable *rt = (struct rtable *)dst;
1117 return tcp_v4_do_calc_md5_hash(md5_hash, key,
1119 th, protocol, tcplen);
1122 EXPORT_SYMBOL(tcp_v4_calc_md5_hash);
1124 static int tcp_v4_inbound_md5_hash(struct sock *sk, struct sk_buff *skb)
1127 * This gets called for each TCP segment that arrives
1128 * so we want to be efficient.
1129 * We have 3 drop cases:
1130 * o No MD5 hash and one expected.
1131 * o MD5 hash and we're not expecting one.
1132 * o MD5 hash and its wrong.
1134 __u8 *hash_location = NULL;
1135 struct tcp_md5sig_key *hash_expected;
1136 const struct iphdr *iph = ip_hdr(skb);
1137 struct tcphdr *th = tcp_hdr(skb);
1138 int length = (th->doff << 2) - sizeof(struct tcphdr);
1141 unsigned char newhash[16];
1143 hash_expected = tcp_v4_md5_do_lookup(sk, iph->saddr);
1146 * If the TCP option length is less than the TCP_MD5SIG
1147 * option length, then we can shortcut
1149 if (length < TCPOLEN_MD5SIG) {
1156 /* Okay, we can't shortcut - we have to grub through the options */
1157 ptr = (unsigned char *)(th + 1);
1158 while (length > 0) {
1159 int opcode = *ptr++;
1172 if (opsize > length)
1175 if (opcode == TCPOPT_MD5SIG) {
1176 hash_location = ptr;
1184 /* We've parsed the options - do we have a hash? */
1185 if (!hash_expected && !hash_location)
1188 if (hash_expected && !hash_location) {
1189 LIMIT_NETDEBUG(KERN_INFO "MD5 Hash expected but NOT found "
1190 "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n",
1191 NIPQUAD(iph->saddr), ntohs(th->source),
1192 NIPQUAD(iph->daddr), ntohs(th->dest));
1196 if (!hash_expected && hash_location) {
1197 LIMIT_NETDEBUG(KERN_INFO "MD5 Hash NOT expected but found "
1198 "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n",
1199 NIPQUAD(iph->saddr), ntohs(th->source),
1200 NIPQUAD(iph->daddr), ntohs(th->dest));
1204 /* Okay, so this is hash_expected and hash_location -
1205 * so we need to calculate the checksum.
1207 genhash = tcp_v4_do_calc_md5_hash(newhash,
1209 iph->saddr, iph->daddr,
1210 th, sk->sk_protocol,
1213 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
1214 if (net_ratelimit()) {
1215 printk(KERN_INFO "MD5 Hash failed for "
1216 "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)%s\n",
1217 NIPQUAD(iph->saddr), ntohs(th->source),
1218 NIPQUAD(iph->daddr), ntohs(th->dest),
1219 genhash ? " tcp_v4_calc_md5_hash failed" : "");
1228 struct request_sock_ops tcp_request_sock_ops __read_mostly = {
1230 .obj_size = sizeof(struct tcp_request_sock),
1231 .rtx_syn_ack = tcp_v4_send_synack,
1232 .send_ack = tcp_v4_reqsk_send_ack,
1233 .destructor = tcp_v4_reqsk_destructor,
1234 .send_reset = tcp_v4_send_reset,
1237 #ifdef CONFIG_TCP_MD5SIG
1238 static struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = {
1239 .md5_lookup = tcp_v4_reqsk_md5_lookup,
1243 static struct timewait_sock_ops tcp_timewait_sock_ops = {
1244 .twsk_obj_size = sizeof(struct tcp_timewait_sock),
1245 .twsk_unique = tcp_twsk_unique,
1246 .twsk_destructor= tcp_twsk_destructor,
1249 int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1251 struct inet_request_sock *ireq;
1252 struct tcp_options_received tmp_opt;
1253 struct request_sock *req;
1254 __be32 saddr = ip_hdr(skb)->saddr;
1255 __be32 daddr = ip_hdr(skb)->daddr;
1256 __u32 isn = TCP_SKB_CB(skb)->when;
1257 struct dst_entry *dst = NULL;
1258 #ifdef CONFIG_SYN_COOKIES
1259 int want_cookie = 0;
1261 #define want_cookie 0 /* Argh, why doesn't gcc optimize this :( */
1264 /* Never answer to SYNs send to broadcast or multicast */
1265 if (skb->rtable->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))
1268 /* TW buckets are converted to open requests without
1269 * limitations, they conserve resources and peer is
1270 * evidently real one.
1272 if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1273 #ifdef CONFIG_SYN_COOKIES
1274 if (sysctl_tcp_syncookies) {
1281 /* Accept backlog is full. If we have already queued enough
1282 * of warm entries in syn queue, drop request. It is better than
1283 * clogging syn queue with openreqs with exponentially increasing
1286 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1289 req = reqsk_alloc(&tcp_request_sock_ops);
1293 #ifdef CONFIG_TCP_MD5SIG
1294 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv4_ops;
1297 tcp_clear_options(&tmp_opt);
1298 tmp_opt.mss_clamp = 536;
1299 tmp_opt.user_mss = tcp_sk(sk)->rx_opt.user_mss;
1301 tcp_parse_options(skb, &tmp_opt, 0);
1304 tcp_clear_options(&tmp_opt);
1305 tmp_opt.saw_tstamp = 0;
1308 if (tmp_opt.saw_tstamp && !tmp_opt.rcv_tsval) {
1309 /* Some OSes (unknown ones, but I see them on web server, which
1310 * contains information interesting only for windows'
1311 * users) do not send their stamp in SYN. It is easy case.
1312 * We simply do not advertise TS support.
1314 tmp_opt.saw_tstamp = 0;
1315 tmp_opt.tstamp_ok = 0;
1317 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1319 tcp_openreq_init(req, &tmp_opt, skb);
1321 if (security_inet_conn_request(sk, skb, req))
1324 ireq = inet_rsk(req);
1325 ireq->loc_addr = daddr;
1326 ireq->rmt_addr = saddr;
1327 ireq->opt = tcp_v4_save_options(sk, skb);
1329 TCP_ECN_create_request(req, tcp_hdr(skb));
1332 #ifdef CONFIG_SYN_COOKIES
1333 syn_flood_warning(skb);
1335 isn = cookie_v4_init_sequence(sk, skb, &req->mss);
1337 struct inet_peer *peer = NULL;
1339 /* VJ's idea. We save last timestamp seen
1340 * from the destination in peer table, when entering
1341 * state TIME-WAIT, and check against it before
1342 * accepting new connection request.
1344 * If "isn" is not zero, this request hit alive
1345 * timewait bucket, so that all the necessary checks
1346 * are made in the function processing timewait state.
1348 if (tmp_opt.saw_tstamp &&
1349 tcp_death_row.sysctl_tw_recycle &&
1350 (dst = inet_csk_route_req(sk, req)) != NULL &&
1351 (peer = rt_get_peer((struct rtable *)dst)) != NULL &&
1352 peer->v4daddr == saddr) {
1353 if (get_seconds() < peer->tcp_ts_stamp + TCP_PAWS_MSL &&
1354 (s32)(peer->tcp_ts - req->ts_recent) >
1356 NET_INC_STATS_BH(LINUX_MIB_PAWSPASSIVEREJECTED);
1357 goto drop_and_release;
1360 /* Kill the following clause, if you dislike this way. */
1361 else if (!sysctl_tcp_syncookies &&
1362 (sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) <
1363 (sysctl_max_syn_backlog >> 2)) &&
1364 (!peer || !peer->tcp_ts_stamp) &&
1365 (!dst || !dst_metric(dst, RTAX_RTT))) {
1366 /* Without syncookies last quarter of
1367 * backlog is filled with destinations,
1368 * proven to be alive.
1369 * It means that we continue to communicate
1370 * to destinations, already remembered
1371 * to the moment of synflood.
1373 LIMIT_NETDEBUG(KERN_DEBUG "TCP: drop open "
1374 "request from %u.%u.%u.%u/%u\n",
1376 ntohs(tcp_hdr(skb)->source));
1377 goto drop_and_release;
1380 isn = tcp_v4_init_sequence(skb);
1382 tcp_rsk(req)->snt_isn = isn;
1384 if (__tcp_v4_send_synack(sk, req, dst) || want_cookie)
1387 inet_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1400 * The three way handshake has completed - we got a valid synack -
1401 * now create the new socket.
1403 struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1404 struct request_sock *req,
1405 struct dst_entry *dst)
1407 struct inet_request_sock *ireq;
1408 struct inet_sock *newinet;
1409 struct tcp_sock *newtp;
1411 #ifdef CONFIG_TCP_MD5SIG
1412 struct tcp_md5sig_key *key;
1415 if (sk_acceptq_is_full(sk))
1418 if (!dst && (dst = inet_csk_route_req(sk, req)) == NULL)
1421 newsk = tcp_create_openreq_child(sk, req, skb);
1425 newsk->sk_gso_type = SKB_GSO_TCPV4;
1426 sk_setup_caps(newsk, dst);
1428 newtp = tcp_sk(newsk);
1429 newinet = inet_sk(newsk);
1430 ireq = inet_rsk(req);
1431 newinet->daddr = ireq->rmt_addr;
1432 newinet->rcv_saddr = ireq->loc_addr;
1433 newinet->saddr = ireq->loc_addr;
1434 newinet->opt = ireq->opt;
1436 newinet->mc_index = inet_iif(skb);
1437 newinet->mc_ttl = ip_hdr(skb)->ttl;
1438 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1440 inet_csk(newsk)->icsk_ext_hdr_len = newinet->opt->optlen;
1441 newinet->id = newtp->write_seq ^ jiffies;
1443 tcp_mtup_init(newsk);
1444 tcp_sync_mss(newsk, dst_mtu(dst));
1445 newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1446 tcp_initialize_rcv_mss(newsk);
1448 #ifdef CONFIG_TCP_MD5SIG
1449 /* Copy over the MD5 key from the original socket */
1450 if ((key = tcp_v4_md5_do_lookup(sk, newinet->daddr)) != NULL) {
1452 * We're using one, so create a matching key
1453 * on the newsk structure. If we fail to get
1454 * memory, then we end up not copying the key
1457 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1459 tcp_v4_md5_do_add(newsk, inet_sk(sk)->daddr,
1460 newkey, key->keylen);
1464 __inet_hash_nolisten(newsk);
1465 __inet_inherit_port(sk, newsk);
1470 NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
1472 NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
1477 static struct sock *tcp_v4_hnd_req(struct sock *sk, struct sk_buff *skb)
1479 struct tcphdr *th = tcp_hdr(skb);
1480 const struct iphdr *iph = ip_hdr(skb);
1482 struct request_sock **prev;
1483 /* Find possible connection requests. */
1484 struct request_sock *req = inet_csk_search_req(sk, &prev, th->source,
1485 iph->saddr, iph->daddr);
1487 return tcp_check_req(sk, skb, req, prev);
1489 nsk = inet_lookup_established(sock_net(sk), &tcp_hashinfo, iph->saddr,
1490 th->source, iph->daddr, th->dest, inet_iif(skb));
1493 if (nsk->sk_state != TCP_TIME_WAIT) {
1497 inet_twsk_put(inet_twsk(nsk));
1501 #ifdef CONFIG_SYN_COOKIES
1502 if (!th->rst && !th->syn && th->ack)
1503 sk = cookie_v4_check(sk, skb, &(IPCB(skb)->opt));
1508 static __sum16 tcp_v4_checksum_init(struct sk_buff *skb)
1510 const struct iphdr *iph = ip_hdr(skb);
1512 if (skb->ip_summed == CHECKSUM_COMPLETE) {
1513 if (!tcp_v4_check(skb->len, iph->saddr,
1514 iph->daddr, skb->csum)) {
1515 skb->ip_summed = CHECKSUM_UNNECESSARY;
1520 skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr,
1521 skb->len, IPPROTO_TCP, 0);
1523 if (skb->len <= 76) {
1524 return __skb_checksum_complete(skb);
1530 /* The socket must have it's spinlock held when we get
1533 * We have a potential double-lock case here, so even when
1534 * doing backlog processing we use the BH locking scheme.
1535 * This is because we cannot sleep with the original spinlock
1538 int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
1541 #ifdef CONFIG_TCP_MD5SIG
1543 * We really want to reject the packet as early as possible
1545 * o We're expecting an MD5'd packet and this is no MD5 tcp option
1546 * o There is an MD5 option and we're not expecting one
1548 if (tcp_v4_inbound_md5_hash(sk, skb))
1552 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1553 TCP_CHECK_TIMER(sk);
1554 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) {
1558 TCP_CHECK_TIMER(sk);
1562 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1565 if (sk->sk_state == TCP_LISTEN) {
1566 struct sock *nsk = tcp_v4_hnd_req(sk, skb);
1571 if (tcp_child_process(sk, nsk, skb)) {
1579 TCP_CHECK_TIMER(sk);
1580 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) {
1584 TCP_CHECK_TIMER(sk);
1588 tcp_v4_send_reset(rsk, skb);
1591 /* Be careful here. If this function gets more complicated and
1592 * gcc suffers from register pressure on the x86, sk (in %ebx)
1593 * might be destroyed here. This current version compiles correctly,
1594 * but you have been warned.
1599 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1607 int tcp_v4_rcv(struct sk_buff *skb)
1609 const struct iphdr *iph;
1614 if (skb->pkt_type != PACKET_HOST)
1617 /* Count it even if it's bad */
1618 TCP_INC_STATS_BH(TCP_MIB_INSEGS);
1620 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1625 if (th->doff < sizeof(struct tcphdr) / 4)
1627 if (!pskb_may_pull(skb, th->doff * 4))
1630 /* An explanation is required here, I think.
1631 * Packet length and doff are validated by header prediction,
1632 * provided case of th->doff==0 is eliminated.
1633 * So, we defer the checks. */
1634 if (!skb_csum_unnecessary(skb) && tcp_v4_checksum_init(skb))
1639 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1640 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1641 skb->len - th->doff * 4);
1642 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1643 TCP_SKB_CB(skb)->when = 0;
1644 TCP_SKB_CB(skb)->flags = iph->tos;
1645 TCP_SKB_CB(skb)->sacked = 0;
1647 sk = __inet_lookup(dev_net(skb->dev), &tcp_hashinfo, iph->saddr,
1648 th->source, iph->daddr, th->dest, inet_iif(skb));
1653 if (sk->sk_state == TCP_TIME_WAIT)
1656 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
1657 goto discard_and_relse;
1660 if (sk_filter(sk, skb))
1661 goto discard_and_relse;
1665 bh_lock_sock_nested(sk);
1667 if (!sock_owned_by_user(sk)) {
1668 #ifdef CONFIG_NET_DMA
1669 struct tcp_sock *tp = tcp_sk(sk);
1670 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1671 tp->ucopy.dma_chan = get_softnet_dma();
1672 if (tp->ucopy.dma_chan)
1673 ret = tcp_v4_do_rcv(sk, skb);
1677 if (!tcp_prequeue(sk, skb))
1678 ret = tcp_v4_do_rcv(sk, skb);
1681 sk_add_backlog(sk, skb);
1689 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
1692 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) {
1694 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1696 tcp_v4_send_reset(NULL, skb);
1700 /* Discard frame. */
1709 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1710 inet_twsk_put(inet_twsk(sk));
1714 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) {
1715 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1716 inet_twsk_put(inet_twsk(sk));
1719 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1721 struct sock *sk2 = inet_lookup_listener(dev_net(skb->dev),
1723 iph->daddr, th->dest,
1726 inet_twsk_deschedule(inet_twsk(sk), &tcp_death_row);
1727 inet_twsk_put(inet_twsk(sk));
1731 /* Fall through to ACK */
1734 tcp_v4_timewait_ack(sk, skb);
1738 case TCP_TW_SUCCESS:;
1743 /* VJ's idea. Save last timestamp seen from this destination
1744 * and hold it at least for normal timewait interval to use for duplicate
1745 * segment detection in subsequent connections, before they enter synchronized
1749 int tcp_v4_remember_stamp(struct sock *sk)
1751 struct inet_sock *inet = inet_sk(sk);
1752 struct tcp_sock *tp = tcp_sk(sk);
1753 struct rtable *rt = (struct rtable *)__sk_dst_get(sk);
1754 struct inet_peer *peer = NULL;
1757 if (!rt || rt->rt_dst != inet->daddr) {
1758 peer = inet_getpeer(inet->daddr, 1);
1762 rt_bind_peer(rt, 1);
1767 if ((s32)(peer->tcp_ts - tp->rx_opt.ts_recent) <= 0 ||
1768 (peer->tcp_ts_stamp + TCP_PAWS_MSL < get_seconds() &&
1769 peer->tcp_ts_stamp <= tp->rx_opt.ts_recent_stamp)) {
1770 peer->tcp_ts_stamp = tp->rx_opt.ts_recent_stamp;
1771 peer->tcp_ts = tp->rx_opt.ts_recent;
1781 int tcp_v4_tw_remember_stamp(struct inet_timewait_sock *tw)
1783 struct inet_peer *peer = inet_getpeer(tw->tw_daddr, 1);
1786 const struct tcp_timewait_sock *tcptw = tcp_twsk((struct sock *)tw);
1788 if ((s32)(peer->tcp_ts - tcptw->tw_ts_recent) <= 0 ||
1789 (peer->tcp_ts_stamp + TCP_PAWS_MSL < get_seconds() &&
1790 peer->tcp_ts_stamp <= tcptw->tw_ts_recent_stamp)) {
1791 peer->tcp_ts_stamp = tcptw->tw_ts_recent_stamp;
1792 peer->tcp_ts = tcptw->tw_ts_recent;
1801 struct inet_connection_sock_af_ops ipv4_specific = {
1802 .queue_xmit = ip_queue_xmit,
1803 .send_check = tcp_v4_send_check,
1804 .rebuild_header = inet_sk_rebuild_header,
1805 .conn_request = tcp_v4_conn_request,
1806 .syn_recv_sock = tcp_v4_syn_recv_sock,
1807 .remember_stamp = tcp_v4_remember_stamp,
1808 .net_header_len = sizeof(struct iphdr),
1809 .setsockopt = ip_setsockopt,
1810 .getsockopt = ip_getsockopt,
1811 .addr2sockaddr = inet_csk_addr2sockaddr,
1812 .sockaddr_len = sizeof(struct sockaddr_in),
1813 .bind_conflict = inet_csk_bind_conflict,
1814 #ifdef CONFIG_COMPAT
1815 .compat_setsockopt = compat_ip_setsockopt,
1816 .compat_getsockopt = compat_ip_getsockopt,
1820 #ifdef CONFIG_TCP_MD5SIG
1821 static struct tcp_sock_af_ops tcp_sock_ipv4_specific = {
1822 .md5_lookup = tcp_v4_md5_lookup,
1823 .calc_md5_hash = tcp_v4_calc_md5_hash,
1824 .md5_add = tcp_v4_md5_add_func,
1825 .md5_parse = tcp_v4_parse_md5_keys,
1829 /* NOTE: A lot of things set to zero explicitly by call to
1830 * sk_alloc() so need not be done here.
1832 static int tcp_v4_init_sock(struct sock *sk)
1834 struct inet_connection_sock *icsk = inet_csk(sk);
1835 struct tcp_sock *tp = tcp_sk(sk);
1837 skb_queue_head_init(&tp->out_of_order_queue);
1838 tcp_init_xmit_timers(sk);
1839 tcp_prequeue_init(tp);
1841 icsk->icsk_rto = TCP_TIMEOUT_INIT;
1842 tp->mdev = TCP_TIMEOUT_INIT;
1844 /* So many TCP implementations out there (incorrectly) count the
1845 * initial SYN frame in their delayed-ACK and congestion control
1846 * algorithms that we must have the following bandaid to talk
1847 * efficiently to them. -DaveM
1851 /* See draft-stevens-tcpca-spec-01 for discussion of the
1852 * initialization of these values.
1854 tp->snd_ssthresh = 0x7fffffff; /* Infinity */
1855 tp->snd_cwnd_clamp = ~0;
1856 tp->mss_cache = 536;
1858 tp->reordering = sysctl_tcp_reordering;
1859 icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1861 sk->sk_state = TCP_CLOSE;
1863 sk->sk_write_space = sk_stream_write_space;
1864 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1866 icsk->icsk_af_ops = &ipv4_specific;
1867 icsk->icsk_sync_mss = tcp_sync_mss;
1868 #ifdef CONFIG_TCP_MD5SIG
1869 tp->af_specific = &tcp_sock_ipv4_specific;
1872 sk->sk_sndbuf = sysctl_tcp_wmem[1];
1873 sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1875 atomic_inc(&tcp_sockets_allocated);
1880 int tcp_v4_destroy_sock(struct sock *sk)
1882 struct tcp_sock *tp = tcp_sk(sk);
1884 tcp_clear_xmit_timers(sk);
1886 tcp_cleanup_congestion_control(sk);
1888 /* Cleanup up the write buffer. */
1889 tcp_write_queue_purge(sk);
1891 /* Cleans up our, hopefully empty, out_of_order_queue. */
1892 __skb_queue_purge(&tp->out_of_order_queue);
1894 #ifdef CONFIG_TCP_MD5SIG
1895 /* Clean up the MD5 key list, if any */
1896 if (tp->md5sig_info) {
1897 tcp_v4_clear_md5_list(sk);
1898 kfree(tp->md5sig_info);
1899 tp->md5sig_info = NULL;
1903 #ifdef CONFIG_NET_DMA
1904 /* Cleans up our sk_async_wait_queue */
1905 __skb_queue_purge(&sk->sk_async_wait_queue);
1908 /* Clean prequeue, it must be empty really */
1909 __skb_queue_purge(&tp->ucopy.prequeue);
1911 /* Clean up a referenced TCP bind bucket. */
1912 if (inet_csk(sk)->icsk_bind_hash)
1916 * If sendmsg cached page exists, toss it.
1918 if (sk->sk_sndmsg_page) {
1919 __free_page(sk->sk_sndmsg_page);
1920 sk->sk_sndmsg_page = NULL;
1923 if (tp->defer_tcp_accept.request) {
1924 reqsk_free(tp->defer_tcp_accept.request);
1925 sock_put(tp->defer_tcp_accept.listen_sk);
1927 tp->defer_tcp_accept.listen_sk = NULL;
1928 tp->defer_tcp_accept.request = NULL;
1931 atomic_dec(&tcp_sockets_allocated);
1936 EXPORT_SYMBOL(tcp_v4_destroy_sock);
1938 #ifdef CONFIG_PROC_FS
1939 /* Proc filesystem TCP sock list dumping. */
1941 static inline struct inet_timewait_sock *tw_head(struct hlist_head *head)
1943 return hlist_empty(head) ? NULL :
1944 list_entry(head->first, struct inet_timewait_sock, tw_node);
1947 static inline struct inet_timewait_sock *tw_next(struct inet_timewait_sock *tw)
1949 return tw->tw_node.next ?
1950 hlist_entry(tw->tw_node.next, typeof(*tw), tw_node) : NULL;
1953 static void *listening_get_next(struct seq_file *seq, void *cur)
1955 struct inet_connection_sock *icsk;
1956 struct hlist_node *node;
1957 struct sock *sk = cur;
1958 struct tcp_iter_state* st = seq->private;
1959 struct net *net = st->net;
1963 sk = sk_head(&tcp_hashinfo.listening_hash[0]);
1969 if (st->state == TCP_SEQ_STATE_OPENREQ) {
1970 struct request_sock *req = cur;
1972 icsk = inet_csk(st->syn_wait_sk);
1976 if (req->rsk_ops->family == st->family &&
1977 net_eq(sock_net(req->sk), net)) {
1983 if (++st->sbucket >= icsk->icsk_accept_queue.listen_opt->nr_table_entries)
1986 req = icsk->icsk_accept_queue.listen_opt->syn_table[st->sbucket];
1988 sk = sk_next(st->syn_wait_sk);
1989 st->state = TCP_SEQ_STATE_LISTENING;
1990 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
1992 icsk = inet_csk(sk);
1993 read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
1994 if (reqsk_queue_len(&icsk->icsk_accept_queue))
1996 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2000 sk_for_each_from(sk, node) {
2001 if (sk->sk_family == st->family && net_eq(sock_net(sk), net)) {
2005 icsk = inet_csk(sk);
2006 read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2007 if (reqsk_queue_len(&icsk->icsk_accept_queue)) {
2009 st->uid = sock_i_uid(sk);
2010 st->syn_wait_sk = sk;
2011 st->state = TCP_SEQ_STATE_OPENREQ;
2015 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2017 if (++st->bucket < INET_LHTABLE_SIZE) {
2018 sk = sk_head(&tcp_hashinfo.listening_hash[st->bucket]);
2026 static void *listening_get_idx(struct seq_file *seq, loff_t *pos)
2028 void *rc = listening_get_next(seq, NULL);
2030 while (rc && *pos) {
2031 rc = listening_get_next(seq, rc);
2037 static void *established_get_first(struct seq_file *seq)
2039 struct tcp_iter_state* st = seq->private;
2040 struct net *net = st->net;
2043 for (st->bucket = 0; st->bucket < tcp_hashinfo.ehash_size; ++st->bucket) {
2045 struct hlist_node *node;
2046 struct inet_timewait_sock *tw;
2047 rwlock_t *lock = inet_ehash_lockp(&tcp_hashinfo, st->bucket);
2050 sk_for_each(sk, node, &tcp_hashinfo.ehash[st->bucket].chain) {
2051 if (sk->sk_family != st->family ||
2052 !net_eq(sock_net(sk), net)) {
2058 st->state = TCP_SEQ_STATE_TIME_WAIT;
2059 inet_twsk_for_each(tw, node,
2060 &tcp_hashinfo.ehash[st->bucket].twchain) {
2061 if (tw->tw_family != st->family ||
2062 !net_eq(twsk_net(tw), net)) {
2068 read_unlock_bh(lock);
2069 st->state = TCP_SEQ_STATE_ESTABLISHED;
2075 static void *established_get_next(struct seq_file *seq, void *cur)
2077 struct sock *sk = cur;
2078 struct inet_timewait_sock *tw;
2079 struct hlist_node *node;
2080 struct tcp_iter_state* st = seq->private;
2081 struct net *net = st->net;
2085 if (st->state == TCP_SEQ_STATE_TIME_WAIT) {
2089 while (tw && (tw->tw_family != st->family || !net_eq(twsk_net(tw), net))) {
2096 read_unlock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2097 st->state = TCP_SEQ_STATE_ESTABLISHED;
2099 if (++st->bucket < tcp_hashinfo.ehash_size) {
2100 read_lock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2101 sk = sk_head(&tcp_hashinfo.ehash[st->bucket].chain);
2109 sk_for_each_from(sk, node) {
2110 if (sk->sk_family == st->family && net_eq(sock_net(sk), net))
2114 st->state = TCP_SEQ_STATE_TIME_WAIT;
2115 tw = tw_head(&tcp_hashinfo.ehash[st->bucket].twchain);
2123 static void *established_get_idx(struct seq_file *seq, loff_t pos)
2125 void *rc = established_get_first(seq);
2128 rc = established_get_next(seq, rc);
2134 static void *tcp_get_idx(struct seq_file *seq, loff_t pos)
2137 struct tcp_iter_state* st = seq->private;
2139 inet_listen_lock(&tcp_hashinfo);
2140 st->state = TCP_SEQ_STATE_LISTENING;
2141 rc = listening_get_idx(seq, &pos);
2144 inet_listen_unlock(&tcp_hashinfo);
2145 st->state = TCP_SEQ_STATE_ESTABLISHED;
2146 rc = established_get_idx(seq, pos);
2152 static void *tcp_seq_start(struct seq_file *seq, loff_t *pos)
2154 struct tcp_iter_state* st = seq->private;
2155 st->state = TCP_SEQ_STATE_LISTENING;
2157 return *pos ? tcp_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2160 static void *tcp_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2163 struct tcp_iter_state* st;
2165 if (v == SEQ_START_TOKEN) {
2166 rc = tcp_get_idx(seq, 0);
2171 switch (st->state) {
2172 case TCP_SEQ_STATE_OPENREQ:
2173 case TCP_SEQ_STATE_LISTENING:
2174 rc = listening_get_next(seq, v);
2176 inet_listen_unlock(&tcp_hashinfo);
2177 st->state = TCP_SEQ_STATE_ESTABLISHED;
2178 rc = established_get_first(seq);
2181 case TCP_SEQ_STATE_ESTABLISHED:
2182 case TCP_SEQ_STATE_TIME_WAIT:
2183 rc = established_get_next(seq, v);
2191 static void tcp_seq_stop(struct seq_file *seq, void *v)
2193 struct tcp_iter_state* st = seq->private;
2195 switch (st->state) {
2196 case TCP_SEQ_STATE_OPENREQ:
2198 struct inet_connection_sock *icsk = inet_csk(st->syn_wait_sk);
2199 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2201 case TCP_SEQ_STATE_LISTENING:
2202 if (v != SEQ_START_TOKEN)
2203 inet_listen_unlock(&tcp_hashinfo);
2205 case TCP_SEQ_STATE_TIME_WAIT:
2206 case TCP_SEQ_STATE_ESTABLISHED:
2208 read_unlock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2213 static int tcp_seq_open(struct inode *inode, struct file *file)
2215 struct tcp_seq_afinfo *afinfo = PDE(inode)->data;
2216 struct seq_file *seq;
2217 struct tcp_iter_state *s;
2221 if (unlikely(afinfo == NULL))
2224 s = kzalloc(sizeof(*s), GFP_KERNEL);
2229 net = get_proc_net(inode);
2233 s->family = afinfo->family;
2234 s->seq_ops.start = tcp_seq_start;
2235 s->seq_ops.next = tcp_seq_next;
2236 s->seq_ops.show = afinfo->seq_show;
2237 s->seq_ops.stop = tcp_seq_stop;
2240 rc = seq_open(file, &s->seq_ops);
2243 seq = file->private_data;
2254 static int tcp_seq_release(struct inode *inode, struct file *file)
2256 struct seq_file *seq = file->private_data;
2257 struct tcp_iter_state *s = seq->private;
2260 seq_release_private(inode, file);
2264 int tcp_proc_register(struct net *net, struct tcp_seq_afinfo *afinfo)
2267 struct proc_dir_entry *p;
2271 afinfo->seq_fops->owner = afinfo->owner;
2272 afinfo->seq_fops->open = tcp_seq_open;
2273 afinfo->seq_fops->read = seq_read;
2274 afinfo->seq_fops->llseek = seq_lseek;
2275 afinfo->seq_fops->release = tcp_seq_release;
2277 p = proc_net_fops_create(net, afinfo->name, S_IRUGO, afinfo->seq_fops);
2285 void tcp_proc_unregister(struct net *net, struct tcp_seq_afinfo *afinfo)
2289 proc_net_remove(net, afinfo->name);
2290 memset(afinfo->seq_fops, 0, sizeof(*afinfo->seq_fops));
2293 static void get_openreq4(struct sock *sk, struct request_sock *req,
2294 char *tmpbuf, int i, int uid)
2296 const struct inet_request_sock *ireq = inet_rsk(req);
2297 int ttd = req->expires - jiffies;
2299 sprintf(tmpbuf, "%4d: %08X:%04X %08X:%04X"
2300 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %u %d %p",
2303 ntohs(inet_sk(sk)->sport),
2305 ntohs(ireq->rmt_port),
2307 0, 0, /* could print option size, but that is af dependent. */
2308 1, /* timers active (only the expire timer) */
2309 jiffies_to_clock_t(ttd),
2312 0, /* non standard timer */
2313 0, /* open_requests have no inode */
2314 atomic_read(&sk->sk_refcnt),
2318 static void get_tcp4_sock(struct sock *sk, char *tmpbuf, int i)
2321 unsigned long timer_expires;
2322 struct tcp_sock *tp = tcp_sk(sk);
2323 const struct inet_connection_sock *icsk = inet_csk(sk);
2324 struct inet_sock *inet = inet_sk(sk);
2325 __be32 dest = inet->daddr;
2326 __be32 src = inet->rcv_saddr;
2327 __u16 destp = ntohs(inet->dport);
2328 __u16 srcp = ntohs(inet->sport);
2330 if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
2332 timer_expires = icsk->icsk_timeout;
2333 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2335 timer_expires = icsk->icsk_timeout;
2336 } else if (timer_pending(&sk->sk_timer)) {
2338 timer_expires = sk->sk_timer.expires;
2341 timer_expires = jiffies;
2344 sprintf(tmpbuf, "%4d: %08X:%04X %08X:%04X %02X %08X:%08X %02X:%08lX "
2345 "%08X %5d %8d %lu %d %p %u %u %u %u %d",
2346 i, src, srcp, dest, destp, sk->sk_state,
2347 tp->write_seq - tp->snd_una,
2348 sk->sk_state == TCP_LISTEN ? sk->sk_ack_backlog :
2349 (tp->rcv_nxt - tp->copied_seq),
2351 jiffies_to_clock_t(timer_expires - jiffies),
2352 icsk->icsk_retransmits,
2354 icsk->icsk_probes_out,
2356 atomic_read(&sk->sk_refcnt), sk,
2359 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
2361 tp->snd_ssthresh >= 0xFFFF ? -1 : tp->snd_ssthresh);
2364 static void get_timewait4_sock(struct inet_timewait_sock *tw,
2365 char *tmpbuf, int i)
2369 int ttd = tw->tw_ttd - jiffies;
2374 dest = tw->tw_daddr;
2375 src = tw->tw_rcv_saddr;
2376 destp = ntohs(tw->tw_dport);
2377 srcp = ntohs(tw->tw_sport);
2379 sprintf(tmpbuf, "%4d: %08X:%04X %08X:%04X"
2380 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p",
2381 i, src, srcp, dest, destp, tw->tw_substate, 0, 0,
2382 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2383 atomic_read(&tw->tw_refcnt), tw);
2388 static int tcp4_seq_show(struct seq_file *seq, void *v)
2390 struct tcp_iter_state* st;
2391 char tmpbuf[TMPSZ + 1];
2393 if (v == SEQ_START_TOKEN) {
2394 seq_printf(seq, "%-*s\n", TMPSZ - 1,
2395 " sl local_address rem_address st tx_queue "
2396 "rx_queue tr tm->when retrnsmt uid timeout "
2402 switch (st->state) {
2403 case TCP_SEQ_STATE_LISTENING:
2404 case TCP_SEQ_STATE_ESTABLISHED:
2405 get_tcp4_sock(v, tmpbuf, st->num);
2407 case TCP_SEQ_STATE_OPENREQ:
2408 get_openreq4(st->syn_wait_sk, v, tmpbuf, st->num, st->uid);
2410 case TCP_SEQ_STATE_TIME_WAIT:
2411 get_timewait4_sock(v, tmpbuf, st->num);
2414 seq_printf(seq, "%-*s\n", TMPSZ - 1, tmpbuf);
2419 static struct file_operations tcp4_seq_fops;
2420 static struct tcp_seq_afinfo tcp4_seq_afinfo = {
2421 .owner = THIS_MODULE,
2424 .seq_show = tcp4_seq_show,
2425 .seq_fops = &tcp4_seq_fops,
2428 static int tcp4_proc_init_net(struct net *net)
2430 return tcp_proc_register(net, &tcp4_seq_afinfo);
2433 static void tcp4_proc_exit_net(struct net *net)
2435 tcp_proc_unregister(net, &tcp4_seq_afinfo);
2438 static struct pernet_operations tcp4_net_ops = {
2439 .init = tcp4_proc_init_net,
2440 .exit = tcp4_proc_exit_net,
2443 int __init tcp4_proc_init(void)
2445 return register_pernet_subsys(&tcp4_net_ops);
2448 void tcp4_proc_exit(void)
2450 unregister_pernet_subsys(&tcp4_net_ops);
2452 #endif /* CONFIG_PROC_FS */
2454 DEFINE_PROTO_INUSE(tcp)
2456 struct proto tcp_prot = {
2458 .owner = THIS_MODULE,
2460 .connect = tcp_v4_connect,
2461 .disconnect = tcp_disconnect,
2462 .accept = inet_csk_accept,
2464 .init = tcp_v4_init_sock,
2465 .destroy = tcp_v4_destroy_sock,
2466 .shutdown = tcp_shutdown,
2467 .setsockopt = tcp_setsockopt,
2468 .getsockopt = tcp_getsockopt,
2469 .recvmsg = tcp_recvmsg,
2470 .backlog_rcv = tcp_v4_do_rcv,
2472 .unhash = inet_unhash,
2473 .get_port = inet_csk_get_port,
2474 .enter_memory_pressure = tcp_enter_memory_pressure,
2475 .sockets_allocated = &tcp_sockets_allocated,
2476 .orphan_count = &tcp_orphan_count,
2477 .memory_allocated = &tcp_memory_allocated,
2478 .memory_pressure = &tcp_memory_pressure,
2479 .sysctl_mem = sysctl_tcp_mem,
2480 .sysctl_wmem = sysctl_tcp_wmem,
2481 .sysctl_rmem = sysctl_tcp_rmem,
2482 .max_header = MAX_TCP_HEADER,
2483 .obj_size = sizeof(struct tcp_sock),
2484 .twsk_prot = &tcp_timewait_sock_ops,
2485 .rsk_prot = &tcp_request_sock_ops,
2486 .h.hashinfo = &tcp_hashinfo,
2487 #ifdef CONFIG_COMPAT
2488 .compat_setsockopt = compat_tcp_setsockopt,
2489 .compat_getsockopt = compat_tcp_getsockopt,
2491 REF_PROTO_INUSE(tcp)
2494 void __init tcp_v4_init(void)
2496 if (inet_csk_ctl_sock_create(&tcp_socket, PF_INET, SOCK_RAW,
2498 panic("Failed to create the TCP control socket.\n");
2501 EXPORT_SYMBOL(ipv4_specific);
2502 EXPORT_SYMBOL(tcp_hashinfo);
2503 EXPORT_SYMBOL(tcp_prot);
2504 EXPORT_SYMBOL(tcp_v4_conn_request);
2505 EXPORT_SYMBOL(tcp_v4_connect);
2506 EXPORT_SYMBOL(tcp_v4_do_rcv);
2507 EXPORT_SYMBOL(tcp_v4_remember_stamp);
2508 EXPORT_SYMBOL(tcp_v4_send_check);
2509 EXPORT_SYMBOL(tcp_v4_syn_recv_sock);
2511 #ifdef CONFIG_PROC_FS
2512 EXPORT_SYMBOL(tcp_proc_register);
2513 EXPORT_SYMBOL(tcp_proc_unregister);
2515 EXPORT_SYMBOL(sysctl_tcp_low_latency);
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob