2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * Implementation of the Transmission Control Protocol(TCP).
8 * Version: $Id: tcp_ipv4.c,v 1.240 2002/02/01 22:01:04 davem Exp $
10 * IPv4 specific functions
15 * linux/ipv4/tcp_input.c
16 * linux/ipv4/tcp_output.c
18 * See tcp.c for author information
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
28 * David S. Miller : New socket lookup architecture.
29 * This code is dedicated to John Dyson.
30 * David S. Miller : Change semantics of established hash,
31 * half is devoted to TIME_WAIT sockets
32 * and the rest go in the other half.
33 * Andi Kleen : Add support for syncookies and fixed
34 * some bugs: ip options weren't passed to
35 * the TCP layer, missed a check for an
37 * Andi Kleen : Implemented fast path mtu discovery.
38 * Fixed many serious bugs in the
39 * request_sock handling and moved
40 * most of it into the af independent code.
41 * Added tail drop and some other bugfixes.
42 * Added new listen sematics.
43 * Mike McLagan : Routing by source
44 * Juan Jose Ciarlante: ip_dynaddr bits
45 * Andi Kleen: various fixes.
46 * Vitaly E. Lavrov : Transparent proxy revived after year
48 * Andi Kleen : Fix new listen.
49 * Andi Kleen : Fix accept error reporting.
50 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
51 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
52 * a single port at the same time.
55 #include <linux/config.h>
57 #include <linux/types.h>
58 #include <linux/fcntl.h>
59 #include <linux/module.h>
60 #include <linux/random.h>
61 #include <linux/cache.h>
62 #include <linux/jhash.h>
63 #include <linux/init.h>
64 #include <linux/times.h>
69 #include <net/inet_common.h>
72 #include <linux/inet.h>
73 #include <linux/ipv6.h>
74 #include <linux/stddef.h>
75 #include <linux/proc_fs.h>
76 #include <linux/seq_file.h>
78 extern int sysctl_ip_dynaddr;
79 int sysctl_tcp_tw_reuse;
80 int sysctl_tcp_low_latency;
82 /* Check TCP sequence numbers in ICMP packets. */
83 #define ICMP_MIN_LENGTH 8
85 /* Socket used for sending RSTs */
86 static struct socket *tcp_socket;
88 void tcp_v4_send_check(struct sock *sk, struct tcphdr *th, int len,
91 struct tcp_hashinfo __cacheline_aligned tcp_hashinfo = {
92 .__tcp_lhash_lock = RW_LOCK_UNLOCKED,
93 .__tcp_lhash_users = ATOMIC_INIT(0),
95 = __WAIT_QUEUE_HEAD_INITIALIZER(tcp_hashinfo.__tcp_lhash_wait),
96 .__tcp_portalloc_lock = SPIN_LOCK_UNLOCKED
100 * This array holds the first and last local port number.
101 * For high-usage systems, use sysctl to change this to
104 int sysctl_local_port_range[2] = { 1024, 4999 };
105 int tcp_port_rover = 1024 - 1;
107 static __inline__ int tcp_hashfn(__u32 laddr, __u16 lport,
108 __u32 faddr, __u16 fport)
110 int h = (laddr ^ lport) ^ (faddr ^ fport);
113 return h & (tcp_ehash_size - 1);
116 static __inline__ int tcp_sk_hashfn(struct sock *sk)
118 struct inet_sock *inet = inet_sk(sk);
119 __u32 laddr = inet->rcv_saddr;
120 __u16 lport = inet->num;
121 __u32 faddr = inet->daddr;
122 __u16 fport = inet->dport;
124 return tcp_hashfn(laddr, lport, faddr, fport);
127 /* Allocate and initialize a new TCP local port bind bucket.
128 * The bindhash mutex for snum's hash chain must be held here.
130 struct tcp_bind_bucket *tcp_bucket_create(struct tcp_bind_hashbucket *head,
133 struct tcp_bind_bucket *tb = kmem_cache_alloc(tcp_bucket_cachep,
138 INIT_HLIST_HEAD(&tb->owners);
139 hlist_add_head(&tb->node, &head->chain);
144 /* Caller must hold hashbucket lock for this tb with local BH disabled */
145 void tcp_bucket_destroy(struct tcp_bind_bucket *tb)
147 if (hlist_empty(&tb->owners)) {
148 __hlist_del(&tb->node);
149 kmem_cache_free(tcp_bucket_cachep, tb);
153 /* Caller must disable local BH processing. */
154 static __inline__ void __tcp_inherit_port(struct sock *sk, struct sock *child)
156 struct tcp_bind_hashbucket *head =
157 &tcp_bhash[tcp_bhashfn(inet_sk(child)->num)];
158 struct tcp_bind_bucket *tb;
160 spin_lock(&head->lock);
161 tb = tcp_sk(sk)->bind_hash;
162 sk_add_bind_node(child, &tb->owners);
163 tcp_sk(child)->bind_hash = tb;
164 spin_unlock(&head->lock);
167 inline void tcp_inherit_port(struct sock *sk, struct sock *child)
170 __tcp_inherit_port(sk, child);
174 void tcp_bind_hash(struct sock *sk, struct tcp_bind_bucket *tb,
177 inet_sk(sk)->num = snum;
178 sk_add_bind_node(sk, &tb->owners);
179 tcp_sk(sk)->bind_hash = tb;
182 static inline int tcp_bind_conflict(struct sock *sk, struct tcp_bind_bucket *tb)
184 const u32 sk_rcv_saddr = tcp_v4_rcv_saddr(sk);
186 struct hlist_node *node;
187 int reuse = sk->sk_reuse;
189 sk_for_each_bound(sk2, node, &tb->owners) {
191 !tcp_v6_ipv6only(sk2) &&
192 (!sk->sk_bound_dev_if ||
193 !sk2->sk_bound_dev_if ||
194 sk->sk_bound_dev_if == sk2->sk_bound_dev_if)) {
195 if (!reuse || !sk2->sk_reuse ||
196 sk2->sk_state == TCP_LISTEN) {
197 const u32 sk2_rcv_saddr = tcp_v4_rcv_saddr(sk2);
198 if (!sk2_rcv_saddr || !sk_rcv_saddr ||
199 sk2_rcv_saddr == sk_rcv_saddr)
207 /* Obtain a reference to a local port for the given sock,
208 * if snum is zero it means select any available local port.
210 static int tcp_v4_get_port(struct sock *sk, unsigned short snum)
212 struct tcp_bind_hashbucket *head;
213 struct hlist_node *node;
214 struct tcp_bind_bucket *tb;
219 int low = sysctl_local_port_range[0];
220 int high = sysctl_local_port_range[1];
221 int remaining = (high - low) + 1;
224 spin_lock(&tcp_portalloc_lock);
225 if (tcp_port_rover < low)
228 rover = tcp_port_rover;
233 head = &tcp_bhash[tcp_bhashfn(rover)];
234 spin_lock(&head->lock);
235 tb_for_each(tb, node, &head->chain)
236 if (tb->port == rover)
240 spin_unlock(&head->lock);
241 } while (--remaining > 0);
242 tcp_port_rover = rover;
243 spin_unlock(&tcp_portalloc_lock);
245 /* Exhausted local port range during search? It is not
246 * possible for us to be holding one of the bind hash
247 * locks if this test triggers, because if 'remaining'
248 * drops to zero, we broke out of the do/while loop at
249 * the top level, not from the 'break;' statement.
252 if (unlikely(remaining <= 0))
255 /* OK, here is the one we will use. HEAD is
256 * non-NULL and we hold it's mutex.
260 head = &tcp_bhash[tcp_bhashfn(snum)];
261 spin_lock(&head->lock);
262 tb_for_each(tb, node, &head->chain)
263 if (tb->port == snum)
269 if (!hlist_empty(&tb->owners)) {
270 if (sk->sk_reuse > 1)
272 if (tb->fastreuse > 0 &&
273 sk->sk_reuse && sk->sk_state != TCP_LISTEN) {
277 if (tcp_bind_conflict(sk, tb))
283 if (!tb && (tb = tcp_bucket_create(head, snum)) == NULL)
285 if (hlist_empty(&tb->owners)) {
286 if (sk->sk_reuse && sk->sk_state != TCP_LISTEN)
290 } else if (tb->fastreuse &&
291 (!sk->sk_reuse || sk->sk_state == TCP_LISTEN))
294 if (!tcp_sk(sk)->bind_hash)
295 tcp_bind_hash(sk, tb, snum);
296 BUG_TRAP(tcp_sk(sk)->bind_hash == tb);
300 spin_unlock(&head->lock);
306 /* Get rid of any references to a local port held by the
309 static void __tcp_put_port(struct sock *sk)
311 struct inet_sock *inet = inet_sk(sk);
312 struct tcp_bind_hashbucket *head = &tcp_bhash[tcp_bhashfn(inet->num)];
313 struct tcp_bind_bucket *tb;
315 spin_lock(&head->lock);
316 tb = tcp_sk(sk)->bind_hash;
317 __sk_del_bind_node(sk);
318 tcp_sk(sk)->bind_hash = NULL;
320 tcp_bucket_destroy(tb);
321 spin_unlock(&head->lock);
324 void tcp_put_port(struct sock *sk)
331 /* This lock without WQ_FLAG_EXCLUSIVE is good on UP and it can be very bad on SMP.
332 * Look, when several writers sleep and reader wakes them up, all but one
333 * immediately hit write lock and grab all the cpus. Exclusive sleep solves
334 * this, _but_ remember, it adds useless work on UP machines (wake up each
335 * exclusive lock release). It should be ifdefed really.
338 void tcp_listen_wlock(void)
340 write_lock(&tcp_lhash_lock);
342 if (atomic_read(&tcp_lhash_users)) {
346 prepare_to_wait_exclusive(&tcp_lhash_wait,
347 &wait, TASK_UNINTERRUPTIBLE);
348 if (!atomic_read(&tcp_lhash_users))
350 write_unlock_bh(&tcp_lhash_lock);
352 write_lock_bh(&tcp_lhash_lock);
355 finish_wait(&tcp_lhash_wait, &wait);
359 static __inline__ void __tcp_v4_hash(struct sock *sk, const int listen_possible)
361 struct hlist_head *list;
364 BUG_TRAP(sk_unhashed(sk));
365 if (listen_possible && sk->sk_state == TCP_LISTEN) {
366 list = &tcp_listening_hash[tcp_sk_listen_hashfn(sk)];
367 lock = &tcp_lhash_lock;
370 list = &tcp_ehash[(sk->sk_hashent = tcp_sk_hashfn(sk))].chain;
371 lock = &tcp_ehash[sk->sk_hashent].lock;
374 __sk_add_node(sk, list);
375 sock_prot_inc_use(sk->sk_prot);
377 if (listen_possible && sk->sk_state == TCP_LISTEN)
378 wake_up(&tcp_lhash_wait);
381 static void tcp_v4_hash(struct sock *sk)
383 if (sk->sk_state != TCP_CLOSE) {
385 __tcp_v4_hash(sk, 1);
390 void tcp_unhash(struct sock *sk)
397 if (sk->sk_state == TCP_LISTEN) {
400 lock = &tcp_lhash_lock;
402 struct tcp_ehash_bucket *head = &tcp_ehash[sk->sk_hashent];
404 write_lock_bh(&head->lock);
407 if (__sk_del_node_init(sk))
408 sock_prot_dec_use(sk->sk_prot);
409 write_unlock_bh(lock);
412 if (sk->sk_state == TCP_LISTEN)
413 wake_up(&tcp_lhash_wait);
416 /* Don't inline this cruft. Here are some nice properties to
417 * exploit here. The BSD API does not allow a listening TCP
418 * to specify the remote port nor the remote address for the
419 * connection. So always assume those are both wildcarded
420 * during the search since they can never be otherwise.
422 static struct sock *__tcp_v4_lookup_listener(struct hlist_head *head, u32 daddr,
423 unsigned short hnum, int dif)
425 struct sock *result = NULL, *sk;
426 struct hlist_node *node;
430 sk_for_each(sk, node, head) {
431 struct inet_sock *inet = inet_sk(sk);
433 if (inet->num == hnum && !ipv6_only_sock(sk)) {
434 __u32 rcv_saddr = inet->rcv_saddr;
436 score = (sk->sk_family == PF_INET ? 1 : 0);
438 if (rcv_saddr != daddr)
442 if (sk->sk_bound_dev_if) {
443 if (sk->sk_bound_dev_if != dif)
449 if (score > hiscore) {
458 /* Optimize the common listener case. */
459 static inline struct sock *tcp_v4_lookup_listener(u32 daddr,
460 unsigned short hnum, int dif)
462 struct sock *sk = NULL;
463 struct hlist_head *head;
465 read_lock(&tcp_lhash_lock);
466 head = &tcp_listening_hash[tcp_lhashfn(hnum)];
467 if (!hlist_empty(head)) {
468 struct inet_sock *inet = inet_sk((sk = __sk_head(head)));
470 if (inet->num == hnum && !sk->sk_node.next &&
471 (!inet->rcv_saddr || inet->rcv_saddr == daddr) &&
472 (sk->sk_family == PF_INET || !ipv6_only_sock(sk)) &&
473 !sk->sk_bound_dev_if)
475 sk = __tcp_v4_lookup_listener(head, daddr, hnum, dif);
481 read_unlock(&tcp_lhash_lock);
485 /* Sockets in TCP_CLOSE state are _always_ taken out of the hash, so
486 * we need not check it for TCP lookups anymore, thanks Alexey. -DaveM
488 * Local BH must be disabled here.
491 static inline struct sock *__tcp_v4_lookup_established(u32 saddr, u16 sport,
495 struct tcp_ehash_bucket *head;
496 TCP_V4_ADDR_COOKIE(acookie, saddr, daddr)
497 __u32 ports = TCP_COMBINED_PORTS(sport, hnum);
499 struct hlist_node *node;
500 /* Optimize here for direct hit, only listening connections can
501 * have wildcards anyways.
503 int hash = tcp_hashfn(daddr, hnum, saddr, sport);
504 head = &tcp_ehash[hash];
505 read_lock(&head->lock);
506 sk_for_each(sk, node, &head->chain) {
507 if (TCP_IPV4_MATCH(sk, acookie, saddr, daddr, ports, dif))
508 goto hit; /* You sunk my battleship! */
511 /* Must check for a TIME_WAIT'er before going to listener hash. */
512 sk_for_each(sk, node, &(head + tcp_ehash_size)->chain) {
513 if (TCP_IPV4_TW_MATCH(sk, acookie, saddr, daddr, ports, dif))
518 read_unlock(&head->lock);
525 static inline struct sock *__tcp_v4_lookup(u32 saddr, u16 sport,
526 u32 daddr, u16 hnum, int dif)
528 struct sock *sk = __tcp_v4_lookup_established(saddr, sport,
531 return sk ? : tcp_v4_lookup_listener(daddr, hnum, dif);
534 inline struct sock *tcp_v4_lookup(u32 saddr, u16 sport, u32 daddr,
540 sk = __tcp_v4_lookup(saddr, sport, daddr, ntohs(dport), dif);
546 EXPORT_SYMBOL_GPL(tcp_v4_lookup);
548 static inline __u32 tcp_v4_init_sequence(struct sock *sk, struct sk_buff *skb)
550 return secure_tcp_sequence_number(skb->nh.iph->daddr,
556 /* called with local bh disabled */
557 static int __tcp_v4_check_established(struct sock *sk, __u16 lport,
558 struct tcp_tw_bucket **twp)
560 struct inet_sock *inet = inet_sk(sk);
561 u32 daddr = inet->rcv_saddr;
562 u32 saddr = inet->daddr;
563 int dif = sk->sk_bound_dev_if;
564 TCP_V4_ADDR_COOKIE(acookie, saddr, daddr)
565 __u32 ports = TCP_COMBINED_PORTS(inet->dport, lport);
566 int hash = tcp_hashfn(daddr, lport, saddr, inet->dport);
567 struct tcp_ehash_bucket *head = &tcp_ehash[hash];
569 struct hlist_node *node;
570 struct tcp_tw_bucket *tw;
572 write_lock(&head->lock);
574 /* Check TIME-WAIT sockets first. */
575 sk_for_each(sk2, node, &(head + tcp_ehash_size)->chain) {
576 tw = (struct tcp_tw_bucket *)sk2;
578 if (TCP_IPV4_TW_MATCH(sk2, acookie, saddr, daddr, ports, dif)) {
579 struct tcp_sock *tp = tcp_sk(sk);
581 /* With PAWS, it is safe from the viewpoint
582 of data integrity. Even without PAWS it
583 is safe provided sequence spaces do not
584 overlap i.e. at data rates <= 80Mbit/sec.
586 Actually, the idea is close to VJ's one,
587 only timestamp cache is held not per host,
588 but per port pair and TW bucket is used
591 If TW bucket has been already destroyed we
592 fall back to VJ's scheme and use initial
593 timestamp retrieved from peer table.
595 if (tw->tw_ts_recent_stamp &&
596 (!twp || (sysctl_tcp_tw_reuse &&
598 tw->tw_ts_recent_stamp > 1))) {
600 tw->tw_snd_nxt + 65535 + 2) == 0)
602 tp->rx_opt.ts_recent = tw->tw_ts_recent;
603 tp->rx_opt.ts_recent_stamp = tw->tw_ts_recent_stamp;
612 /* And established part... */
613 sk_for_each(sk2, node, &head->chain) {
614 if (TCP_IPV4_MATCH(sk2, acookie, saddr, daddr, ports, dif))
619 /* Must record num and sport now. Otherwise we will see
620 * in hash table socket with a funny identity. */
622 inet->sport = htons(lport);
623 sk->sk_hashent = hash;
624 BUG_TRAP(sk_unhashed(sk));
625 __sk_add_node(sk, &head->chain);
626 sock_prot_inc_use(sk->sk_prot);
627 write_unlock(&head->lock);
631 NET_INC_STATS_BH(LINUX_MIB_TIMEWAITRECYCLED);
633 /* Silly. Should hash-dance instead... */
634 tcp_tw_deschedule(tw);
635 NET_INC_STATS_BH(LINUX_MIB_TIMEWAITRECYCLED);
643 write_unlock(&head->lock);
644 return -EADDRNOTAVAIL;
647 static inline u32 connect_port_offset(const struct sock *sk)
649 const struct inet_sock *inet = inet_sk(sk);
651 return secure_tcp_port_ephemeral(inet->rcv_saddr, inet->daddr,
656 * Bind a port for a connect operation and hash it.
658 static inline int tcp_v4_hash_connect(struct sock *sk)
660 unsigned short snum = inet_sk(sk)->num;
661 struct tcp_bind_hashbucket *head;
662 struct tcp_bind_bucket *tb;
666 int low = sysctl_local_port_range[0];
667 int high = sysctl_local_port_range[1];
668 int range = high - low;
672 u32 offset = hint + connect_port_offset(sk);
673 struct hlist_node *node;
674 struct tcp_tw_bucket *tw = NULL;
677 for (i = 1; i <= range; i++) {
678 port = low + (i + offset) % range;
679 head = &tcp_bhash[tcp_bhashfn(port)];
680 spin_lock(&head->lock);
682 /* Does not bother with rcv_saddr checks,
683 * because the established check is already
686 tb_for_each(tb, node, &head->chain) {
687 if (tb->port == port) {
688 BUG_TRAP(!hlist_empty(&tb->owners));
689 if (tb->fastreuse >= 0)
691 if (!__tcp_v4_check_established(sk,
699 tb = tcp_bucket_create(head, port);
701 spin_unlock(&head->lock);
708 spin_unlock(&head->lock);
712 return -EADDRNOTAVAIL;
717 /* Head lock still held and bh's disabled */
718 tcp_bind_hash(sk, tb, port);
719 if (sk_unhashed(sk)) {
720 inet_sk(sk)->sport = htons(port);
721 __tcp_v4_hash(sk, 0);
723 spin_unlock(&head->lock);
726 tcp_tw_deschedule(tw);
734 head = &tcp_bhash[tcp_bhashfn(snum)];
735 tb = tcp_sk(sk)->bind_hash;
736 spin_lock_bh(&head->lock);
737 if (sk_head(&tb->owners) == sk && !sk->sk_bind_node.next) {
738 __tcp_v4_hash(sk, 0);
739 spin_unlock_bh(&head->lock);
742 spin_unlock(&head->lock);
743 /* No definite answer... Walk to established hash table */
744 ret = __tcp_v4_check_established(sk, snum, NULL);
751 /* This will initiate an outgoing connection. */
752 int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
754 struct inet_sock *inet = inet_sk(sk);
755 struct tcp_sock *tp = tcp_sk(sk);
756 struct sockaddr_in *usin = (struct sockaddr_in *)uaddr;
762 if (addr_len < sizeof(struct sockaddr_in))
765 if (usin->sin_family != AF_INET)
766 return -EAFNOSUPPORT;
768 nexthop = daddr = usin->sin_addr.s_addr;
769 if (inet->opt && inet->opt->srr) {
772 nexthop = inet->opt->faddr;
775 tmp = ip_route_connect(&rt, nexthop, inet->saddr,
776 RT_CONN_FLAGS(sk), sk->sk_bound_dev_if,
778 inet->sport, usin->sin_port, sk);
782 if (rt->rt_flags & (RTCF_MULTICAST | RTCF_BROADCAST)) {
787 if (!inet->opt || !inet->opt->srr)
791 inet->saddr = rt->rt_src;
792 inet->rcv_saddr = inet->saddr;
794 if (tp->rx_opt.ts_recent_stamp && inet->daddr != daddr) {
795 /* Reset inherited state */
796 tp->rx_opt.ts_recent = 0;
797 tp->rx_opt.ts_recent_stamp = 0;
801 if (sysctl_tcp_tw_recycle &&
802 !tp->rx_opt.ts_recent_stamp && rt->rt_dst == daddr) {
803 struct inet_peer *peer = rt_get_peer(rt);
805 /* VJ's idea. We save last timestamp seen from
806 * the destination in peer table, when entering state TIME-WAIT
807 * and initialize rx_opt.ts_recent from it, when trying new connection.
810 if (peer && peer->tcp_ts_stamp + TCP_PAWS_MSL >= xtime.tv_sec) {
811 tp->rx_opt.ts_recent_stamp = peer->tcp_ts_stamp;
812 tp->rx_opt.ts_recent = peer->tcp_ts;
816 inet->dport = usin->sin_port;
819 tp->ext_header_len = 0;
821 tp->ext_header_len = inet->opt->optlen;
823 tp->rx_opt.mss_clamp = 536;
825 /* Socket identity is still unknown (sport may be zero).
826 * However we set state to SYN-SENT and not releasing socket
827 * lock select source port, enter ourselves into the hash tables and
828 * complete initialization after this.
830 tcp_set_state(sk, TCP_SYN_SENT);
831 err = tcp_v4_hash_connect(sk);
835 err = ip_route_newports(&rt, inet->sport, inet->dport, sk);
839 /* OK, now commit destination to socket. */
840 sk_setup_caps(sk, &rt->u.dst);
843 tp->write_seq = secure_tcp_sequence_number(inet->saddr,
848 inet->id = tp->write_seq ^ jiffies;
850 err = tcp_connect(sk);
858 /* This unhashes the socket and releases the local port, if necessary. */
859 tcp_set_state(sk, TCP_CLOSE);
861 sk->sk_route_caps = 0;
866 static __inline__ int tcp_v4_iif(struct sk_buff *skb)
868 return ((struct rtable *)skb->dst)->rt_iif;
871 static __inline__ u32 tcp_v4_synq_hash(u32 raddr, u16 rport, u32 rnd)
873 return (jhash_2words(raddr, (u32) rport, rnd) & (TCP_SYNQ_HSIZE - 1));
876 static struct request_sock *tcp_v4_search_req(struct tcp_sock *tp,
877 struct request_sock ***prevp,
879 __u32 raddr, __u32 laddr)
881 struct listen_sock *lopt = tp->accept_queue.listen_opt;
882 struct request_sock *req, **prev;
884 for (prev = &lopt->syn_table[tcp_v4_synq_hash(raddr, rport, lopt->hash_rnd)];
885 (req = *prev) != NULL;
886 prev = &req->dl_next) {
887 const struct inet_request_sock *ireq = inet_rsk(req);
889 if (ireq->rmt_port == rport &&
890 ireq->rmt_addr == raddr &&
891 ireq->loc_addr == laddr &&
892 TCP_INET_FAMILY(req->rsk_ops->family)) {
902 static void tcp_v4_synq_add(struct sock *sk, struct request_sock *req)
904 struct tcp_sock *tp = tcp_sk(sk);
905 struct listen_sock *lopt = tp->accept_queue.listen_opt;
906 u32 h = tcp_v4_synq_hash(inet_rsk(req)->rmt_addr, inet_rsk(req)->rmt_port, lopt->hash_rnd);
908 reqsk_queue_hash_req(&tp->accept_queue, h, req, TCP_TIMEOUT_INIT);
914 * This routine does path mtu discovery as defined in RFC1191.
916 static inline void do_pmtu_discovery(struct sock *sk, struct iphdr *iph,
919 struct dst_entry *dst;
920 struct inet_sock *inet = inet_sk(sk);
921 struct tcp_sock *tp = tcp_sk(sk);
923 /* We are not interested in TCP_LISTEN and open_requests (SYN-ACKs
924 * send out by Linux are always <576bytes so they should go through
927 if (sk->sk_state == TCP_LISTEN)
930 /* We don't check in the destentry if pmtu discovery is forbidden
931 * on this route. We just assume that no packet_to_big packets
932 * are send back when pmtu discovery is not active.
933 * There is a small race when the user changes this flag in the
934 * route, but I think that's acceptable.
936 if ((dst = __sk_dst_check(sk, 0)) == NULL)
939 dst->ops->update_pmtu(dst, mtu);
941 /* Something is about to be wrong... Remember soft error
942 * for the case, if this connection will not able to recover.
944 if (mtu < dst_mtu(dst) && ip_dont_fragment(sk, dst))
945 sk->sk_err_soft = EMSGSIZE;
949 if (inet->pmtudisc != IP_PMTUDISC_DONT &&
950 tp->pmtu_cookie > mtu) {
951 tcp_sync_mss(sk, mtu);
953 /* Resend the TCP packet because it's
954 * clear that the old packet has been
955 * dropped. This is the new "fast" path mtu
958 tcp_simple_retransmit(sk);
959 } /* else let the usual retransmit timer handle it */
963 * This routine is called by the ICMP module when it gets some
964 * sort of error condition. If err < 0 then the socket should
965 * be closed and the error returned to the user. If err > 0
966 * it's just the icmp type << 8 | icmp code. After adjustment
967 * header points to the first 8 bytes of the tcp header. We need
968 * to find the appropriate port.
970 * The locking strategy used here is very "optimistic". When
971 * someone else accesses the socket the ICMP is just dropped
972 * and for some paths there is no check at all.
973 * A more general error queue to queue errors for later handling
974 * is probably better.
978 void tcp_v4_err(struct sk_buff *skb, u32 info)
980 struct iphdr *iph = (struct iphdr *)skb->data;
981 struct tcphdr *th = (struct tcphdr *)(skb->data + (iph->ihl << 2));
983 struct inet_sock *inet;
984 int type = skb->h.icmph->type;
985 int code = skb->h.icmph->code;
990 if (skb->len < (iph->ihl << 2) + 8) {
991 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS);
995 sk = tcp_v4_lookup(iph->daddr, th->dest, iph->saddr,
996 th->source, tcp_v4_iif(skb));
998 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS);
1001 if (sk->sk_state == TCP_TIME_WAIT) {
1002 tcp_tw_put((struct tcp_tw_bucket *)sk);
1007 /* If too many ICMPs get dropped on busy
1008 * servers this needs to be solved differently.
1010 if (sock_owned_by_user(sk))
1011 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
1013 if (sk->sk_state == TCP_CLOSE)
1017 seq = ntohl(th->seq);
1018 if (sk->sk_state != TCP_LISTEN &&
1019 !between(seq, tp->snd_una, tp->snd_nxt)) {
1020 NET_INC_STATS(LINUX_MIB_OUTOFWINDOWICMPS);
1025 case ICMP_SOURCE_QUENCH:
1026 /* Just silently ignore these. */
1028 case ICMP_PARAMETERPROB:
1031 case ICMP_DEST_UNREACH:
1032 if (code > NR_ICMP_UNREACH)
1035 if (code == ICMP_FRAG_NEEDED) { /* PMTU discovery (RFC1191) */
1036 if (!sock_owned_by_user(sk))
1037 do_pmtu_discovery(sk, iph, info);
1041 err = icmp_err_convert[code].errno;
1043 case ICMP_TIME_EXCEEDED:
1050 switch (sk->sk_state) {
1051 struct request_sock *req, **prev;
1053 if (sock_owned_by_user(sk))
1056 req = tcp_v4_search_req(tp, &prev, th->dest,
1057 iph->daddr, iph->saddr);
1061 /* ICMPs are not backlogged, hence we cannot get
1062 an established socket here.
1066 if (seq != tcp_rsk(req)->snt_isn) {
1067 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
1072 * Still in SYN_RECV, just remove it silently.
1073 * There is no good way to pass the error to the newly
1074 * created socket, and POSIX does not want network
1075 * errors returned from accept().
1077 tcp_synq_drop(sk, req, prev);
1081 case TCP_SYN_RECV: /* Cannot happen.
1082 It can f.e. if SYNs crossed.
1084 if (!sock_owned_by_user(sk)) {
1085 TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
1088 sk->sk_error_report(sk);
1092 sk->sk_err_soft = err;
1097 /* If we've already connected we will keep trying
1098 * until we time out, or the user gives up.
1100 * rfc1122 4.2.3.9 allows to consider as hard errors
1101 * only PROTO_UNREACH and PORT_UNREACH (well, FRAG_FAILED too,
1102 * but it is obsoleted by pmtu discovery).
1104 * Note, that in modern internet, where routing is unreliable
1105 * and in each dark corner broken firewalls sit, sending random
1106 * errors ordered by their masters even this two messages finally lose
1107 * their original sense (even Linux sends invalid PORT_UNREACHs)
1109 * Now we are in compliance with RFCs.
1114 if (!sock_owned_by_user(sk) && inet->recverr) {
1116 sk->sk_error_report(sk);
1117 } else { /* Only an error on timeout */
1118 sk->sk_err_soft = err;
1126 /* This routine computes an IPv4 TCP checksum. */
1127 void tcp_v4_send_check(struct sock *sk, struct tcphdr *th, int len,
1128 struct sk_buff *skb)
1130 struct inet_sock *inet = inet_sk(sk);
1132 if (skb->ip_summed == CHECKSUM_HW) {
1133 th->check = ~tcp_v4_check(th, len, inet->saddr, inet->daddr, 0);
1134 skb->csum = offsetof(struct tcphdr, check);
1136 th->check = tcp_v4_check(th, len, inet->saddr, inet->daddr,
1137 csum_partial((char *)th,
1144 * This routine will send an RST to the other tcp.
1146 * Someone asks: why I NEVER use socket parameters (TOS, TTL etc.)
1148 * Answer: if a packet caused RST, it is not for a socket
1149 * existing in our system, if it is matched to a socket,
1150 * it is just duplicate segment or bug in other side's TCP.
1151 * So that we build reply only basing on parameters
1152 * arrived with segment.
1153 * Exception: precedence violation. We do not implement it in any case.
1156 static void tcp_v4_send_reset(struct sk_buff *skb)
1158 struct tcphdr *th = skb->h.th;
1160 struct ip_reply_arg arg;
1162 /* Never send a reset in response to a reset. */
1166 if (((struct rtable *)skb->dst)->rt_type != RTN_LOCAL)
1169 /* Swap the send and the receive. */
1170 memset(&rth, 0, sizeof(struct tcphdr));
1171 rth.dest = th->source;
1172 rth.source = th->dest;
1173 rth.doff = sizeof(struct tcphdr) / 4;
1177 rth.seq = th->ack_seq;
1180 rth.ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin +
1181 skb->len - (th->doff << 2));
1184 memset(&arg, 0, sizeof arg);
1185 arg.iov[0].iov_base = (unsigned char *)&rth;
1186 arg.iov[0].iov_len = sizeof rth;
1187 arg.csum = csum_tcpudp_nofold(skb->nh.iph->daddr,
1188 skb->nh.iph->saddr, /*XXX*/
1189 sizeof(struct tcphdr), IPPROTO_TCP, 0);
1190 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
1192 ip_send_reply(tcp_socket->sk, skb, &arg, sizeof rth);
1194 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1195 TCP_INC_STATS_BH(TCP_MIB_OUTRSTS);
1198 /* The code following below sending ACKs in SYN-RECV and TIME-WAIT states
1199 outside socket context is ugly, certainly. What can I do?
1202 static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, u32 ack,
1205 struct tcphdr *th = skb->h.th;
1210 struct ip_reply_arg arg;
1212 memset(&rep.th, 0, sizeof(struct tcphdr));
1213 memset(&arg, 0, sizeof arg);
1215 arg.iov[0].iov_base = (unsigned char *)&rep;
1216 arg.iov[0].iov_len = sizeof(rep.th);
1218 rep.tsopt[0] = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1219 (TCPOPT_TIMESTAMP << 8) |
1221 rep.tsopt[1] = htonl(tcp_time_stamp);
1222 rep.tsopt[2] = htonl(ts);
1223 arg.iov[0].iov_len = sizeof(rep);
1226 /* Swap the send and the receive. */
1227 rep.th.dest = th->source;
1228 rep.th.source = th->dest;
1229 rep.th.doff = arg.iov[0].iov_len / 4;
1230 rep.th.seq = htonl(seq);
1231 rep.th.ack_seq = htonl(ack);
1233 rep.th.window = htons(win);
1235 arg.csum = csum_tcpudp_nofold(skb->nh.iph->daddr,
1236 skb->nh.iph->saddr, /*XXX*/
1237 arg.iov[0].iov_len, IPPROTO_TCP, 0);
1238 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
1240 ip_send_reply(tcp_socket->sk, skb, &arg, arg.iov[0].iov_len);
1242 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1245 static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb)
1247 struct tcp_tw_bucket *tw = (struct tcp_tw_bucket *)sk;
1249 tcp_v4_send_ack(skb, tw->tw_snd_nxt, tw->tw_rcv_nxt,
1250 tw->tw_rcv_wnd >> tw->tw_rcv_wscale, tw->tw_ts_recent);
1255 static void tcp_v4_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req)
1257 tcp_v4_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd,
1261 static struct dst_entry* tcp_v4_route_req(struct sock *sk,
1262 struct request_sock *req)
1265 const struct inet_request_sock *ireq = inet_rsk(req);
1266 struct ip_options *opt = inet_rsk(req)->opt;
1267 struct flowi fl = { .oif = sk->sk_bound_dev_if,
1269 { .daddr = ((opt && opt->srr) ?
1272 .saddr = ireq->loc_addr,
1273 .tos = RT_CONN_FLAGS(sk) } },
1274 .proto = IPPROTO_TCP,
1276 { .sport = inet_sk(sk)->sport,
1277 .dport = ireq->rmt_port } } };
1279 if (ip_route_output_flow(&rt, &fl, sk, 0)) {
1280 IP_INC_STATS_BH(IPSTATS_MIB_OUTNOROUTES);
1283 if (opt && opt->is_strictroute && rt->rt_dst != rt->rt_gateway) {
1285 IP_INC_STATS_BH(IPSTATS_MIB_OUTNOROUTES);
1292 * Send a SYN-ACK after having received an ACK.
1293 * This still operates on a request_sock only, not on a big
1296 static int tcp_v4_send_synack(struct sock *sk, struct request_sock *req,
1297 struct dst_entry *dst)
1299 const struct inet_request_sock *ireq = inet_rsk(req);
1301 struct sk_buff * skb;
1303 /* First, grab a route. */
1304 if (!dst && (dst = tcp_v4_route_req(sk, req)) == NULL)
1307 skb = tcp_make_synack(sk, dst, req);
1310 struct tcphdr *th = skb->h.th;
1312 th->check = tcp_v4_check(th, skb->len,
1315 csum_partial((char *)th, skb->len,
1318 err = ip_build_and_send_pkt(skb, sk, ireq->loc_addr,
1321 if (err == NET_XMIT_CN)
1331 * IPv4 request_sock destructor.
1333 static void tcp_v4_reqsk_destructor(struct request_sock *req)
1335 if (inet_rsk(req)->opt)
1336 kfree(inet_rsk(req)->opt);
1339 static inline void syn_flood_warning(struct sk_buff *skb)
1341 static unsigned long warntime;
1343 if (time_after(jiffies, (warntime + HZ * 60))) {
1346 "possible SYN flooding on port %d. Sending cookies.\n",
1347 ntohs(skb->h.th->dest));
1352 * Save and compile IPv4 options into the request_sock if needed.
1354 static inline struct ip_options *tcp_v4_save_options(struct sock *sk,
1355 struct sk_buff *skb)
1357 struct ip_options *opt = &(IPCB(skb)->opt);
1358 struct ip_options *dopt = NULL;
1360 if (opt && opt->optlen) {
1361 int opt_size = optlength(opt);
1362 dopt = kmalloc(opt_size, GFP_ATOMIC);
1364 if (ip_options_echo(dopt, skb)) {
1373 struct request_sock_ops tcp_request_sock_ops = {
1375 .obj_size = sizeof(struct tcp_request_sock),
1376 .rtx_syn_ack = tcp_v4_send_synack,
1377 .send_ack = tcp_v4_reqsk_send_ack,
1378 .destructor = tcp_v4_reqsk_destructor,
1379 .send_reset = tcp_v4_send_reset,
1382 int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1384 struct inet_request_sock *ireq;
1385 struct tcp_options_received tmp_opt;
1386 struct request_sock *req;
1387 __u32 saddr = skb->nh.iph->saddr;
1388 __u32 daddr = skb->nh.iph->daddr;
1389 __u32 isn = TCP_SKB_CB(skb)->when;
1390 struct dst_entry *dst = NULL;
1391 #ifdef CONFIG_SYN_COOKIES
1392 int want_cookie = 0;
1394 #define want_cookie 0 /* Argh, why doesn't gcc optimize this :( */
1397 /* Never answer to SYNs send to broadcast or multicast */
1398 if (((struct rtable *)skb->dst)->rt_flags &
1399 (RTCF_BROADCAST | RTCF_MULTICAST))
1402 /* TW buckets are converted to open requests without
1403 * limitations, they conserve resources and peer is
1404 * evidently real one.
1406 if (tcp_synq_is_full(sk) && !isn) {
1407 #ifdef CONFIG_SYN_COOKIES
1408 if (sysctl_tcp_syncookies) {
1415 /* Accept backlog is full. If we have already queued enough
1416 * of warm entries in syn queue, drop request. It is better than
1417 * clogging syn queue with openreqs with exponentially increasing
1420 if (sk_acceptq_is_full(sk) && tcp_synq_young(sk) > 1)
1423 req = reqsk_alloc(&tcp_request_sock_ops);
1427 tcp_clear_options(&tmp_opt);
1428 tmp_opt.mss_clamp = 536;
1429 tmp_opt.user_mss = tcp_sk(sk)->rx_opt.user_mss;
1431 tcp_parse_options(skb, &tmp_opt, 0);
1434 tcp_clear_options(&tmp_opt);
1435 tmp_opt.saw_tstamp = 0;
1438 if (tmp_opt.saw_tstamp && !tmp_opt.rcv_tsval) {
1439 /* Some OSes (unknown ones, but I see them on web server, which
1440 * contains information interesting only for windows'
1441 * users) do not send their stamp in SYN. It is easy case.
1442 * We simply do not advertise TS support.
1444 tmp_opt.saw_tstamp = 0;
1445 tmp_opt.tstamp_ok = 0;
1447 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1449 tcp_openreq_init(req, &tmp_opt, skb);
1451 ireq = inet_rsk(req);
1452 ireq->loc_addr = daddr;
1453 ireq->rmt_addr = saddr;
1454 ireq->opt = tcp_v4_save_options(sk, skb);
1456 TCP_ECN_create_request(req, skb->h.th);
1459 #ifdef CONFIG_SYN_COOKIES
1460 syn_flood_warning(skb);
1462 isn = cookie_v4_init_sequence(sk, skb, &req->mss);
1464 struct inet_peer *peer = NULL;
1466 /* VJ's idea. We save last timestamp seen
1467 * from the destination in peer table, when entering
1468 * state TIME-WAIT, and check against it before
1469 * accepting new connection request.
1471 * If "isn" is not zero, this request hit alive
1472 * timewait bucket, so that all the necessary checks
1473 * are made in the function processing timewait state.
1475 if (tmp_opt.saw_tstamp &&
1476 sysctl_tcp_tw_recycle &&
1477 (dst = tcp_v4_route_req(sk, req)) != NULL &&
1478 (peer = rt_get_peer((struct rtable *)dst)) != NULL &&
1479 peer->v4daddr == saddr) {
1480 if (xtime.tv_sec < peer->tcp_ts_stamp + TCP_PAWS_MSL &&
1481 (s32)(peer->tcp_ts - req->ts_recent) >
1483 NET_INC_STATS_BH(LINUX_MIB_PAWSPASSIVEREJECTED);
1488 /* Kill the following clause, if you dislike this way. */
1489 else if (!sysctl_tcp_syncookies &&
1490 (sysctl_max_syn_backlog - tcp_synq_len(sk) <
1491 (sysctl_max_syn_backlog >> 2)) &&
1492 (!peer || !peer->tcp_ts_stamp) &&
1493 (!dst || !dst_metric(dst, RTAX_RTT))) {
1494 /* Without syncookies last quarter of
1495 * backlog is filled with destinations,
1496 * proven to be alive.
1497 * It means that we continue to communicate
1498 * to destinations, already remembered
1499 * to the moment of synflood.
1501 LIMIT_NETDEBUG(printk(KERN_DEBUG "TCP: drop open "
1502 "request from %u.%u."
1505 ntohs(skb->h.th->source)));
1510 isn = tcp_v4_init_sequence(sk, skb);
1512 tcp_rsk(req)->snt_isn = isn;
1514 if (tcp_v4_send_synack(sk, req, dst))
1520 tcp_v4_synq_add(sk, req);
1527 TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
1533 * The three way handshake has completed - we got a valid synack -
1534 * now create the new socket.
1536 struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1537 struct request_sock *req,
1538 struct dst_entry *dst)
1540 struct inet_request_sock *ireq;
1541 struct inet_sock *newinet;
1542 struct tcp_sock *newtp;
1545 if (sk_acceptq_is_full(sk))
1548 if (!dst && (dst = tcp_v4_route_req(sk, req)) == NULL)
1551 newsk = tcp_create_openreq_child(sk, req, skb);
1555 sk_setup_caps(newsk, dst);
1557 newtp = tcp_sk(newsk);
1558 newinet = inet_sk(newsk);
1559 ireq = inet_rsk(req);
1560 newinet->daddr = ireq->rmt_addr;
1561 newinet->rcv_saddr = ireq->loc_addr;
1562 newinet->saddr = ireq->loc_addr;
1563 newinet->opt = ireq->opt;
1565 newinet->mc_index = tcp_v4_iif(skb);
1566 newinet->mc_ttl = skb->nh.iph->ttl;
1567 newtp->ext_header_len = 0;
1569 newtp->ext_header_len = newinet->opt->optlen;
1570 newinet->id = newtp->write_seq ^ jiffies;
1572 tcp_sync_mss(newsk, dst_mtu(dst));
1573 newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1574 tcp_initialize_rcv_mss(newsk);
1576 __tcp_v4_hash(newsk, 0);
1577 __tcp_inherit_port(sk, newsk);
1582 NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
1584 NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
1589 static struct sock *tcp_v4_hnd_req(struct sock *sk, struct sk_buff *skb)
1591 struct tcphdr *th = skb->h.th;
1592 struct iphdr *iph = skb->nh.iph;
1593 struct tcp_sock *tp = tcp_sk(sk);
1595 struct request_sock **prev;
1596 /* Find possible connection requests. */
1597 struct request_sock *req = tcp_v4_search_req(tp, &prev, th->source,
1598 iph->saddr, iph->daddr);
1600 return tcp_check_req(sk, skb, req, prev);
1602 nsk = __tcp_v4_lookup_established(skb->nh.iph->saddr,
1609 if (nsk->sk_state != TCP_TIME_WAIT) {
1613 tcp_tw_put((struct tcp_tw_bucket *)nsk);
1617 #ifdef CONFIG_SYN_COOKIES
1618 if (!th->rst && !th->syn && th->ack)
1619 sk = cookie_v4_check(sk, skb, &(IPCB(skb)->opt));
1624 static int tcp_v4_checksum_init(struct sk_buff *skb)
1626 if (skb->ip_summed == CHECKSUM_HW) {
1627 skb->ip_summed = CHECKSUM_UNNECESSARY;
1628 if (!tcp_v4_check(skb->h.th, skb->len, skb->nh.iph->saddr,
1629 skb->nh.iph->daddr, skb->csum))
1632 LIMIT_NETDEBUG(printk(KERN_DEBUG "hw tcp v4 csum failed\n"));
1633 skb->ip_summed = CHECKSUM_NONE;
1635 if (skb->len <= 76) {
1636 if (tcp_v4_check(skb->h.th, skb->len, skb->nh.iph->saddr,
1638 skb_checksum(skb, 0, skb->len, 0)))
1640 skb->ip_summed = CHECKSUM_UNNECESSARY;
1642 skb->csum = ~tcp_v4_check(skb->h.th, skb->len,
1644 skb->nh.iph->daddr, 0);
1650 /* The socket must have it's spinlock held when we get
1653 * We have a potential double-lock case here, so even when
1654 * doing backlog processing we use the BH locking scheme.
1655 * This is because we cannot sleep with the original spinlock
1658 int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
1660 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1661 TCP_CHECK_TIMER(sk);
1662 if (tcp_rcv_established(sk, skb, skb->h.th, skb->len))
1664 TCP_CHECK_TIMER(sk);
1668 if (skb->len < (skb->h.th->doff << 2) || tcp_checksum_complete(skb))
1671 if (sk->sk_state == TCP_LISTEN) {
1672 struct sock *nsk = tcp_v4_hnd_req(sk, skb);
1677 if (tcp_child_process(sk, nsk, skb))
1683 TCP_CHECK_TIMER(sk);
1684 if (tcp_rcv_state_process(sk, skb, skb->h.th, skb->len))
1686 TCP_CHECK_TIMER(sk);
1690 tcp_v4_send_reset(skb);
1693 /* Be careful here. If this function gets more complicated and
1694 * gcc suffers from register pressure on the x86, sk (in %ebx)
1695 * might be destroyed here. This current version compiles correctly,
1696 * but you have been warned.
1701 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1709 int tcp_v4_rcv(struct sk_buff *skb)
1715 if (skb->pkt_type != PACKET_HOST)
1718 /* Count it even if it's bad */
1719 TCP_INC_STATS_BH(TCP_MIB_INSEGS);
1721 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1726 if (th->doff < sizeof(struct tcphdr) / 4)
1728 if (!pskb_may_pull(skb, th->doff * 4))
1731 /* An explanation is required here, I think.
1732 * Packet length and doff are validated by header prediction,
1733 * provided case of th->doff==0 is elimineted.
1734 * So, we defer the checks. */
1735 if ((skb->ip_summed != CHECKSUM_UNNECESSARY &&
1736 tcp_v4_checksum_init(skb) < 0))
1740 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1741 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1742 skb->len - th->doff * 4);
1743 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1744 TCP_SKB_CB(skb)->when = 0;
1745 TCP_SKB_CB(skb)->flags = skb->nh.iph->tos;
1746 TCP_SKB_CB(skb)->sacked = 0;
1748 sk = __tcp_v4_lookup(skb->nh.iph->saddr, th->source,
1749 skb->nh.iph->daddr, ntohs(th->dest),
1756 if (sk->sk_state == TCP_TIME_WAIT)
1759 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
1760 goto discard_and_relse;
1762 if (sk_filter(sk, skb, 0))
1763 goto discard_and_relse;
1769 if (!sock_owned_by_user(sk)) {
1770 if (!tcp_prequeue(sk, skb))
1771 ret = tcp_v4_do_rcv(sk, skb);
1773 sk_add_backlog(sk, skb);
1781 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
1784 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) {
1786 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1788 tcp_v4_send_reset(skb);
1792 /* Discard frame. */
1801 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1802 tcp_tw_put((struct tcp_tw_bucket *) sk);
1806 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) {
1807 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1808 tcp_tw_put((struct tcp_tw_bucket *) sk);
1811 switch (tcp_timewait_state_process((struct tcp_tw_bucket *)sk,
1812 skb, th, skb->len)) {
1814 struct sock *sk2 = tcp_v4_lookup_listener(skb->nh.iph->daddr,
1818 tcp_tw_deschedule((struct tcp_tw_bucket *)sk);
1819 tcp_tw_put((struct tcp_tw_bucket *)sk);
1823 /* Fall through to ACK */
1826 tcp_v4_timewait_ack(sk, skb);
1830 case TCP_TW_SUCCESS:;
1835 static void v4_addr2sockaddr(struct sock *sk, struct sockaddr * uaddr)
1837 struct sockaddr_in *sin = (struct sockaddr_in *) uaddr;
1838 struct inet_sock *inet = inet_sk(sk);
1840 sin->sin_family = AF_INET;
1841 sin->sin_addr.s_addr = inet->daddr;
1842 sin->sin_port = inet->dport;
1845 /* VJ's idea. Save last timestamp seen from this destination
1846 * and hold it at least for normal timewait interval to use for duplicate
1847 * segment detection in subsequent connections, before they enter synchronized
1851 int tcp_v4_remember_stamp(struct sock *sk)
1853 struct inet_sock *inet = inet_sk(sk);
1854 struct tcp_sock *tp = tcp_sk(sk);
1855 struct rtable *rt = (struct rtable *)__sk_dst_get(sk);
1856 struct inet_peer *peer = NULL;
1859 if (!rt || rt->rt_dst != inet->daddr) {
1860 peer = inet_getpeer(inet->daddr, 1);
1864 rt_bind_peer(rt, 1);
1869 if ((s32)(peer->tcp_ts - tp->rx_opt.ts_recent) <= 0 ||
1870 (peer->tcp_ts_stamp + TCP_PAWS_MSL < xtime.tv_sec &&
1871 peer->tcp_ts_stamp <= tp->rx_opt.ts_recent_stamp)) {
1872 peer->tcp_ts_stamp = tp->rx_opt.ts_recent_stamp;
1873 peer->tcp_ts = tp->rx_opt.ts_recent;
1883 int tcp_v4_tw_remember_stamp(struct tcp_tw_bucket *tw)
1885 struct inet_peer *peer = NULL;
1887 peer = inet_getpeer(tw->tw_daddr, 1);
1890 if ((s32)(peer->tcp_ts - tw->tw_ts_recent) <= 0 ||
1891 (peer->tcp_ts_stamp + TCP_PAWS_MSL < xtime.tv_sec &&
1892 peer->tcp_ts_stamp <= tw->tw_ts_recent_stamp)) {
1893 peer->tcp_ts_stamp = tw->tw_ts_recent_stamp;
1894 peer->tcp_ts = tw->tw_ts_recent;
1903 struct tcp_func ipv4_specific = {
1904 .queue_xmit = ip_queue_xmit,
1905 .send_check = tcp_v4_send_check,
1906 .rebuild_header = inet_sk_rebuild_header,
1907 .conn_request = tcp_v4_conn_request,
1908 .syn_recv_sock = tcp_v4_syn_recv_sock,
1909 .remember_stamp = tcp_v4_remember_stamp,
1910 .net_header_len = sizeof(struct iphdr),
1911 .setsockopt = ip_setsockopt,
1912 .getsockopt = ip_getsockopt,
1913 .addr2sockaddr = v4_addr2sockaddr,
1914 .sockaddr_len = sizeof(struct sockaddr_in),
1917 /* NOTE: A lot of things set to zero explicitly by call to
1918 * sk_alloc() so need not be done here.
1920 static int tcp_v4_init_sock(struct sock *sk)
1922 struct tcp_sock *tp = tcp_sk(sk);
1924 skb_queue_head_init(&tp->out_of_order_queue);
1925 tcp_init_xmit_timers(sk);
1926 tcp_prequeue_init(tp);
1928 tp->rto = TCP_TIMEOUT_INIT;
1929 tp->mdev = TCP_TIMEOUT_INIT;
1931 /* So many TCP implementations out there (incorrectly) count the
1932 * initial SYN frame in their delayed-ACK and congestion control
1933 * algorithms that we must have the following bandaid to talk
1934 * efficiently to them. -DaveM
1938 /* See draft-stevens-tcpca-spec-01 for discussion of the
1939 * initialization of these values.
1941 tp->snd_ssthresh = 0x7fffffff; /* Infinity */
1942 tp->snd_cwnd_clamp = ~0;
1943 tp->mss_cache = 536;
1945 tp->reordering = sysctl_tcp_reordering;
1946 tp->ca_ops = &tcp_init_congestion_ops;
1948 sk->sk_state = TCP_CLOSE;
1950 sk->sk_write_space = sk_stream_write_space;
1951 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1953 tp->af_specific = &ipv4_specific;
1955 sk->sk_sndbuf = sysctl_tcp_wmem[1];
1956 sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1958 atomic_inc(&tcp_sockets_allocated);
1963 int tcp_v4_destroy_sock(struct sock *sk)
1965 struct tcp_sock *tp = tcp_sk(sk);
1967 tcp_clear_xmit_timers(sk);
1969 tcp_cleanup_congestion_control(tp);
1971 /* Cleanup up the write buffer. */
1972 sk_stream_writequeue_purge(sk);
1974 /* Cleans up our, hopefully empty, out_of_order_queue. */
1975 __skb_queue_purge(&tp->out_of_order_queue);
1977 /* Clean prequeue, it must be empty really */
1978 __skb_queue_purge(&tp->ucopy.prequeue);
1980 /* Clean up a referenced TCP bind bucket. */
1985 * If sendmsg cached page exists, toss it.
1987 if (sk->sk_sndmsg_page) {
1988 __free_page(sk->sk_sndmsg_page);
1989 sk->sk_sndmsg_page = NULL;
1992 atomic_dec(&tcp_sockets_allocated);
1997 EXPORT_SYMBOL(tcp_v4_destroy_sock);
1999 #ifdef CONFIG_PROC_FS
2000 /* Proc filesystem TCP sock list dumping. */
2002 static inline struct tcp_tw_bucket *tw_head(struct hlist_head *head)
2004 return hlist_empty(head) ? NULL :
2005 list_entry(head->first, struct tcp_tw_bucket, tw_node);
2008 static inline struct tcp_tw_bucket *tw_next(struct tcp_tw_bucket *tw)
2010 return tw->tw_node.next ?
2011 hlist_entry(tw->tw_node.next, typeof(*tw), tw_node) : NULL;
2014 static void *listening_get_next(struct seq_file *seq, void *cur)
2016 struct tcp_sock *tp;
2017 struct hlist_node *node;
2018 struct sock *sk = cur;
2019 struct tcp_iter_state* st = seq->private;
2023 sk = sk_head(&tcp_listening_hash[0]);
2029 if (st->state == TCP_SEQ_STATE_OPENREQ) {
2030 struct request_sock *req = cur;
2032 tp = tcp_sk(st->syn_wait_sk);
2036 if (req->rsk_ops->family == st->family) {
2042 if (++st->sbucket >= TCP_SYNQ_HSIZE)
2045 req = tp->accept_queue.listen_opt->syn_table[st->sbucket];
2047 sk = sk_next(st->syn_wait_sk);
2048 st->state = TCP_SEQ_STATE_LISTENING;
2049 read_unlock_bh(&tp->accept_queue.syn_wait_lock);
2052 read_lock_bh(&tp->accept_queue.syn_wait_lock);
2053 if (reqsk_queue_len(&tp->accept_queue))
2055 read_unlock_bh(&tp->accept_queue.syn_wait_lock);
2059 sk_for_each_from(sk, node) {
2060 if (sk->sk_family == st->family) {
2065 read_lock_bh(&tp->accept_queue.syn_wait_lock);
2066 if (reqsk_queue_len(&tp->accept_queue)) {
2068 st->uid = sock_i_uid(sk);
2069 st->syn_wait_sk = sk;
2070 st->state = TCP_SEQ_STATE_OPENREQ;
2074 read_unlock_bh(&tp->accept_queue.syn_wait_lock);
2076 if (++st->bucket < TCP_LHTABLE_SIZE) {
2077 sk = sk_head(&tcp_listening_hash[st->bucket]);
2085 static void *listening_get_idx(struct seq_file *seq, loff_t *pos)
2087 void *rc = listening_get_next(seq, NULL);
2089 while (rc && *pos) {
2090 rc = listening_get_next(seq, rc);
2096 static void *established_get_first(struct seq_file *seq)
2098 struct tcp_iter_state* st = seq->private;
2101 for (st->bucket = 0; st->bucket < tcp_ehash_size; ++st->bucket) {
2103 struct hlist_node *node;
2104 struct tcp_tw_bucket *tw;
2106 /* We can reschedule _before_ having picked the target: */
2107 cond_resched_softirq();
2109 read_lock(&tcp_ehash[st->bucket].lock);
2110 sk_for_each(sk, node, &tcp_ehash[st->bucket].chain) {
2111 if (sk->sk_family != st->family) {
2117 st->state = TCP_SEQ_STATE_TIME_WAIT;
2118 tw_for_each(tw, node,
2119 &tcp_ehash[st->bucket + tcp_ehash_size].chain) {
2120 if (tw->tw_family != st->family) {
2126 read_unlock(&tcp_ehash[st->bucket].lock);
2127 st->state = TCP_SEQ_STATE_ESTABLISHED;
2133 static void *established_get_next(struct seq_file *seq, void *cur)
2135 struct sock *sk = cur;
2136 struct tcp_tw_bucket *tw;
2137 struct hlist_node *node;
2138 struct tcp_iter_state* st = seq->private;
2142 if (st->state == TCP_SEQ_STATE_TIME_WAIT) {
2146 while (tw && tw->tw_family != st->family) {
2153 read_unlock(&tcp_ehash[st->bucket].lock);
2154 st->state = TCP_SEQ_STATE_ESTABLISHED;
2156 /* We can reschedule between buckets: */
2157 cond_resched_softirq();
2159 if (++st->bucket < tcp_ehash_size) {
2160 read_lock(&tcp_ehash[st->bucket].lock);
2161 sk = sk_head(&tcp_ehash[st->bucket].chain);
2169 sk_for_each_from(sk, node) {
2170 if (sk->sk_family == st->family)
2174 st->state = TCP_SEQ_STATE_TIME_WAIT;
2175 tw = tw_head(&tcp_ehash[st->bucket + tcp_ehash_size].chain);
2183 static void *established_get_idx(struct seq_file *seq, loff_t pos)
2185 void *rc = established_get_first(seq);
2188 rc = established_get_next(seq, rc);
2194 static void *tcp_get_idx(struct seq_file *seq, loff_t pos)
2197 struct tcp_iter_state* st = seq->private;
2200 st->state = TCP_SEQ_STATE_LISTENING;
2201 rc = listening_get_idx(seq, &pos);
2204 tcp_listen_unlock();
2206 st->state = TCP_SEQ_STATE_ESTABLISHED;
2207 rc = established_get_idx(seq, pos);
2213 static void *tcp_seq_start(struct seq_file *seq, loff_t *pos)
2215 struct tcp_iter_state* st = seq->private;
2216 st->state = TCP_SEQ_STATE_LISTENING;
2218 return *pos ? tcp_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2221 static void *tcp_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2224 struct tcp_iter_state* st;
2226 if (v == SEQ_START_TOKEN) {
2227 rc = tcp_get_idx(seq, 0);
2232 switch (st->state) {
2233 case TCP_SEQ_STATE_OPENREQ:
2234 case TCP_SEQ_STATE_LISTENING:
2235 rc = listening_get_next(seq, v);
2237 tcp_listen_unlock();
2239 st->state = TCP_SEQ_STATE_ESTABLISHED;
2240 rc = established_get_first(seq);
2243 case TCP_SEQ_STATE_ESTABLISHED:
2244 case TCP_SEQ_STATE_TIME_WAIT:
2245 rc = established_get_next(seq, v);
2253 static void tcp_seq_stop(struct seq_file *seq, void *v)
2255 struct tcp_iter_state* st = seq->private;
2257 switch (st->state) {
2258 case TCP_SEQ_STATE_OPENREQ:
2260 struct tcp_sock *tp = tcp_sk(st->syn_wait_sk);
2261 read_unlock_bh(&tp->accept_queue.syn_wait_lock);
2263 case TCP_SEQ_STATE_LISTENING:
2264 if (v != SEQ_START_TOKEN)
2265 tcp_listen_unlock();
2267 case TCP_SEQ_STATE_TIME_WAIT:
2268 case TCP_SEQ_STATE_ESTABLISHED:
2270 read_unlock(&tcp_ehash[st->bucket].lock);
2276 static int tcp_seq_open(struct inode *inode, struct file *file)
2278 struct tcp_seq_afinfo *afinfo = PDE(inode)->data;
2279 struct seq_file *seq;
2280 struct tcp_iter_state *s;
2283 if (unlikely(afinfo == NULL))
2286 s = kmalloc(sizeof(*s), GFP_KERNEL);
2289 memset(s, 0, sizeof(*s));
2290 s->family = afinfo->family;
2291 s->seq_ops.start = tcp_seq_start;
2292 s->seq_ops.next = tcp_seq_next;
2293 s->seq_ops.show = afinfo->seq_show;
2294 s->seq_ops.stop = tcp_seq_stop;
2296 rc = seq_open(file, &s->seq_ops);
2299 seq = file->private_data;
2308 int tcp_proc_register(struct tcp_seq_afinfo *afinfo)
2311 struct proc_dir_entry *p;
2315 afinfo->seq_fops->owner = afinfo->owner;
2316 afinfo->seq_fops->open = tcp_seq_open;
2317 afinfo->seq_fops->read = seq_read;
2318 afinfo->seq_fops->llseek = seq_lseek;
2319 afinfo->seq_fops->release = seq_release_private;
2321 p = proc_net_fops_create(afinfo->name, S_IRUGO, afinfo->seq_fops);
2329 void tcp_proc_unregister(struct tcp_seq_afinfo *afinfo)
2333 proc_net_remove(afinfo->name);
2334 memset(afinfo->seq_fops, 0, sizeof(*afinfo->seq_fops));
2337 static void get_openreq4(struct sock *sk, struct request_sock *req,
2338 char *tmpbuf, int i, int uid)
2340 const struct inet_request_sock *ireq = inet_rsk(req);
2341 int ttd = req->expires - jiffies;
2343 sprintf(tmpbuf, "%4d: %08X:%04X %08X:%04X"
2344 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %u %d %p",
2347 ntohs(inet_sk(sk)->sport),
2349 ntohs(ireq->rmt_port),
2351 0, 0, /* could print option size, but that is af dependent. */
2352 1, /* timers active (only the expire timer) */
2353 jiffies_to_clock_t(ttd),
2356 0, /* non standard timer */
2357 0, /* open_requests have no inode */
2358 atomic_read(&sk->sk_refcnt),
2362 static void get_tcp4_sock(struct sock *sp, char *tmpbuf, int i)
2365 unsigned long timer_expires;
2366 struct tcp_sock *tp = tcp_sk(sp);
2367 struct inet_sock *inet = inet_sk(sp);
2368 unsigned int dest = inet->daddr;
2369 unsigned int src = inet->rcv_saddr;
2370 __u16 destp = ntohs(inet->dport);
2371 __u16 srcp = ntohs(inet->sport);
2373 if (tp->pending == TCP_TIME_RETRANS) {
2375 timer_expires = tp->timeout;
2376 } else if (tp->pending == TCP_TIME_PROBE0) {
2378 timer_expires = tp->timeout;
2379 } else if (timer_pending(&sp->sk_timer)) {
2381 timer_expires = sp->sk_timer.expires;
2384 timer_expires = jiffies;
2387 sprintf(tmpbuf, "%4d: %08X:%04X %08X:%04X %02X %08X:%08X %02X:%08lX "
2388 "%08X %5d %8d %lu %d %p %u %u %u %u %d",
2389 i, src, srcp, dest, destp, sp->sk_state,
2390 tp->write_seq - tp->snd_una, tp->rcv_nxt - tp->copied_seq,
2392 jiffies_to_clock_t(timer_expires - jiffies),
2397 atomic_read(&sp->sk_refcnt), sp,
2398 tp->rto, tp->ack.ato, (tp->ack.quick << 1) | tp->ack.pingpong,
2400 tp->snd_ssthresh >= 0xFFFF ? -1 : tp->snd_ssthresh);
2403 static void get_timewait4_sock(struct tcp_tw_bucket *tw, char *tmpbuf, int i)
2405 unsigned int dest, src;
2407 int ttd = tw->tw_ttd - jiffies;
2412 dest = tw->tw_daddr;
2413 src = tw->tw_rcv_saddr;
2414 destp = ntohs(tw->tw_dport);
2415 srcp = ntohs(tw->tw_sport);
2417 sprintf(tmpbuf, "%4d: %08X:%04X %08X:%04X"
2418 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p",
2419 i, src, srcp, dest, destp, tw->tw_substate, 0, 0,
2420 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2421 atomic_read(&tw->tw_refcnt), tw);
2426 static int tcp4_seq_show(struct seq_file *seq, void *v)
2428 struct tcp_iter_state* st;
2429 char tmpbuf[TMPSZ + 1];
2431 if (v == SEQ_START_TOKEN) {
2432 seq_printf(seq, "%-*s\n", TMPSZ - 1,
2433 " sl local_address rem_address st tx_queue "
2434 "rx_queue tr tm->when retrnsmt uid timeout "
2440 switch (st->state) {
2441 case TCP_SEQ_STATE_LISTENING:
2442 case TCP_SEQ_STATE_ESTABLISHED:
2443 get_tcp4_sock(v, tmpbuf, st->num);
2445 case TCP_SEQ_STATE_OPENREQ:
2446 get_openreq4(st->syn_wait_sk, v, tmpbuf, st->num, st->uid);
2448 case TCP_SEQ_STATE_TIME_WAIT:
2449 get_timewait4_sock(v, tmpbuf, st->num);
2452 seq_printf(seq, "%-*s\n", TMPSZ - 1, tmpbuf);
2457 static struct file_operations tcp4_seq_fops;
2458 static struct tcp_seq_afinfo tcp4_seq_afinfo = {
2459 .owner = THIS_MODULE,
2462 .seq_show = tcp4_seq_show,
2463 .seq_fops = &tcp4_seq_fops,
2466 int __init tcp4_proc_init(void)
2468 return tcp_proc_register(&tcp4_seq_afinfo);
2471 void tcp4_proc_exit(void)
2473 tcp_proc_unregister(&tcp4_seq_afinfo);
2475 #endif /* CONFIG_PROC_FS */
2477 struct proto tcp_prot = {
2479 .owner = THIS_MODULE,
2481 .connect = tcp_v4_connect,
2482 .disconnect = tcp_disconnect,
2483 .accept = tcp_accept,
2485 .init = tcp_v4_init_sock,
2486 .destroy = tcp_v4_destroy_sock,
2487 .shutdown = tcp_shutdown,
2488 .setsockopt = tcp_setsockopt,
2489 .getsockopt = tcp_getsockopt,
2490 .sendmsg = tcp_sendmsg,
2491 .recvmsg = tcp_recvmsg,
2492 .backlog_rcv = tcp_v4_do_rcv,
2493 .hash = tcp_v4_hash,
2494 .unhash = tcp_unhash,
2495 .get_port = tcp_v4_get_port,
2496 .enter_memory_pressure = tcp_enter_memory_pressure,
2497 .sockets_allocated = &tcp_sockets_allocated,
2498 .memory_allocated = &tcp_memory_allocated,
2499 .memory_pressure = &tcp_memory_pressure,
2500 .sysctl_mem = sysctl_tcp_mem,
2501 .sysctl_wmem = sysctl_tcp_wmem,
2502 .sysctl_rmem = sysctl_tcp_rmem,
2503 .max_header = MAX_TCP_HEADER,
2504 .obj_size = sizeof(struct tcp_sock),
2505 .rsk_prot = &tcp_request_sock_ops,
2510 void __init tcp_v4_init(struct net_proto_family *ops)
2512 int err = sock_create_kern(PF_INET, SOCK_RAW, IPPROTO_TCP, &tcp_socket);
2514 panic("Failed to create the TCP control socket.\n");
2515 tcp_socket->sk->sk_allocation = GFP_ATOMIC;
2516 inet_sk(tcp_socket->sk)->uc_ttl = -1;
2518 /* Unhash it so that IP input processing does not even
2519 * see it, we do not wish this socket to see incoming
2522 tcp_socket->sk->sk_prot->unhash(tcp_socket->sk);
2525 EXPORT_SYMBOL(ipv4_specific);
2526 EXPORT_SYMBOL(tcp_bind_hash);
2527 EXPORT_SYMBOL(tcp_bucket_create);
2528 EXPORT_SYMBOL(tcp_hashinfo);
2529 EXPORT_SYMBOL(tcp_inherit_port);
2530 EXPORT_SYMBOL(tcp_listen_wlock);
2531 EXPORT_SYMBOL(tcp_port_rover);
2532 EXPORT_SYMBOL(tcp_prot);
2533 EXPORT_SYMBOL(tcp_put_port);
2534 EXPORT_SYMBOL(tcp_unhash);
2535 EXPORT_SYMBOL(tcp_v4_conn_request);
2536 EXPORT_SYMBOL(tcp_v4_connect);
2537 EXPORT_SYMBOL(tcp_v4_do_rcv);
2538 EXPORT_SYMBOL(tcp_v4_remember_stamp);
2539 EXPORT_SYMBOL(tcp_v4_send_check);
2540 EXPORT_SYMBOL(tcp_v4_syn_recv_sock);
2542 #ifdef CONFIG_PROC_FS
2543 EXPORT_SYMBOL(tcp_proc_register);
2544 EXPORT_SYMBOL(tcp_proc_unregister);
2546 EXPORT_SYMBOL(sysctl_local_port_range);
2547 EXPORT_SYMBOL(sysctl_tcp_low_latency);
2548 EXPORT_SYMBOL(sysctl_tcp_tw_reuse);
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob