3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
10 * linux/net/ipv4/tcp_input.c
11 * linux/net/ipv4/tcp_output.c
14 * Hideaki YOSHIFUJI : sin6_scope_id support
15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
17 * a single port at the same time.
18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
41 #include <linux/slab.h>
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
60 #include <net/dsfield.h>
61 #include <net/timewait_sock.h>
62 #include <net/netdma.h>
63 #include <net/inet_common.h>
65 #include <asm/uaccess.h>
67 #include <linux/proc_fs.h>
68 #include <linux/seq_file.h>
70 #include <linux/crypto.h>
71 #include <linux/scatterlist.h>
73 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
74 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
75 struct request_sock *req);
77 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
78 static void __tcp_v6_send_check(struct sk_buff *skb,
79 struct in6_addr *saddr,
80 struct in6_addr *daddr);
82 static const struct inet_connection_sock_af_ops ipv6_mapped;
83 static const struct inet_connection_sock_af_ops ipv6_specific;
84 #ifdef CONFIG_TCP_MD5SIG
85 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
86 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
88 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
89 struct in6_addr *addr)
95 static void tcp_v6_hash(struct sock *sk)
97 if (sk->sk_state != TCP_CLOSE) {
98 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
103 __inet6_hash(sk, NULL);
108 static __inline__ __sum16 tcp_v6_check(int len,
109 struct in6_addr *saddr,
110 struct in6_addr *daddr,
113 return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
116 static __u32 tcp_v6_init_sequence(struct sk_buff *skb)
118 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
119 ipv6_hdr(skb)->saddr.s6_addr32,
121 tcp_hdr(skb)->source);
124 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
127 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
128 struct inet_sock *inet = inet_sk(sk);
129 struct inet_connection_sock *icsk = inet_csk(sk);
130 struct ipv6_pinfo *np = inet6_sk(sk);
131 struct tcp_sock *tp = tcp_sk(sk);
132 struct in6_addr *saddr = NULL, *final_p = NULL, final;
134 struct dst_entry *dst;
138 if (addr_len < SIN6_LEN_RFC2133)
141 if (usin->sin6_family != AF_INET6)
142 return(-EAFNOSUPPORT);
144 memset(&fl, 0, sizeof(fl));
147 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
148 IP6_ECN_flow_init(fl.fl6_flowlabel);
149 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
150 struct ip6_flowlabel *flowlabel;
151 flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
152 if (flowlabel == NULL)
154 ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
155 fl6_sock_release(flowlabel);
160 * connect() to INADDR_ANY means loopback (BSD'ism).
163 if(ipv6_addr_any(&usin->sin6_addr))
164 usin->sin6_addr.s6_addr[15] = 0x1;
166 addr_type = ipv6_addr_type(&usin->sin6_addr);
168 if(addr_type & IPV6_ADDR_MULTICAST)
171 if (addr_type&IPV6_ADDR_LINKLOCAL) {
172 if (addr_len >= sizeof(struct sockaddr_in6) &&
173 usin->sin6_scope_id) {
174 /* If interface is set while binding, indices
177 if (sk->sk_bound_dev_if &&
178 sk->sk_bound_dev_if != usin->sin6_scope_id)
181 sk->sk_bound_dev_if = usin->sin6_scope_id;
184 /* Connect to link-local address requires an interface */
185 if (!sk->sk_bound_dev_if)
189 if (tp->rx_opt.ts_recent_stamp &&
190 !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
191 tp->rx_opt.ts_recent = 0;
192 tp->rx_opt.ts_recent_stamp = 0;
196 ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
197 np->flow_label = fl.fl6_flowlabel;
203 if (addr_type == IPV6_ADDR_MAPPED) {
204 u32 exthdrlen = icsk->icsk_ext_hdr_len;
205 struct sockaddr_in sin;
207 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
209 if (__ipv6_only_sock(sk))
212 sin.sin_family = AF_INET;
213 sin.sin_port = usin->sin6_port;
214 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
216 icsk->icsk_af_ops = &ipv6_mapped;
217 sk->sk_backlog_rcv = tcp_v4_do_rcv;
218 #ifdef CONFIG_TCP_MD5SIG
219 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
222 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
225 icsk->icsk_ext_hdr_len = exthdrlen;
226 icsk->icsk_af_ops = &ipv6_specific;
227 sk->sk_backlog_rcv = tcp_v6_do_rcv;
228 #ifdef CONFIG_TCP_MD5SIG
229 tp->af_specific = &tcp_sock_ipv6_specific;
233 ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr);
234 ipv6_addr_set_v4mapped(inet->inet_rcv_saddr,
241 if (!ipv6_addr_any(&np->rcv_saddr))
242 saddr = &np->rcv_saddr;
244 fl.proto = IPPROTO_TCP;
245 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
246 ipv6_addr_copy(&fl.fl6_src,
247 (saddr ? saddr : &np->saddr));
248 fl.oif = sk->sk_bound_dev_if;
249 fl.mark = sk->sk_mark;
250 fl.fl_ip_dport = usin->sin6_port;
251 fl.fl_ip_sport = inet->inet_sport;
253 if (np->opt && np->opt->srcrt) {
254 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
255 ipv6_addr_copy(&final, &fl.fl6_dst);
256 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
260 security_sk_classify_flow(sk, &fl);
262 err = ip6_dst_lookup(sk, &dst, &fl);
266 ipv6_addr_copy(&fl.fl6_dst, final_p);
268 err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
271 err = ip6_dst_blackhole(sk, &dst, &fl);
278 ipv6_addr_copy(&np->rcv_saddr, saddr);
281 /* set the source address */
282 ipv6_addr_copy(&np->saddr, saddr);
283 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
285 sk->sk_gso_type = SKB_GSO_TCPV6;
286 __ip6_dst_store(sk, dst, NULL, NULL);
288 icsk->icsk_ext_hdr_len = 0;
290 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
293 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
295 inet->inet_dport = usin->sin6_port;
297 tcp_set_state(sk, TCP_SYN_SENT);
298 err = inet6_hash_connect(&tcp_death_row, sk);
303 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
308 err = tcp_connect(sk);
315 tcp_set_state(sk, TCP_CLOSE);
318 inet->inet_dport = 0;
319 sk->sk_route_caps = 0;
323 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
324 u8 type, u8 code, int offset, __be32 info)
326 struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
327 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
328 struct ipv6_pinfo *np;
333 struct net *net = dev_net(skb->dev);
335 sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr,
336 th->dest, &hdr->saddr, th->source, skb->dev->ifindex);
339 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev),
344 if (sk->sk_state == TCP_TIME_WAIT) {
345 inet_twsk_put(inet_twsk(sk));
350 if (sock_owned_by_user(sk))
351 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
353 if (sk->sk_state == TCP_CLOSE)
357 seq = ntohl(th->seq);
358 if (sk->sk_state != TCP_LISTEN &&
359 !between(seq, tp->snd_una, tp->snd_nxt)) {
360 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
366 if (type == ICMPV6_PKT_TOOBIG) {
367 struct dst_entry *dst = NULL;
369 if (sock_owned_by_user(sk))
371 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
374 /* icmp should have updated the destination cache entry */
375 dst = __sk_dst_check(sk, np->dst_cookie);
378 struct inet_sock *inet = inet_sk(sk);
381 /* BUGGG_FUTURE: Again, it is not clear how
382 to handle rthdr case. Ignore this complexity
385 memset(&fl, 0, sizeof(fl));
386 fl.proto = IPPROTO_TCP;
387 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
388 ipv6_addr_copy(&fl.fl6_src, &np->saddr);
389 fl.oif = sk->sk_bound_dev_if;
390 fl.mark = sk->sk_mark;
391 fl.fl_ip_dport = inet->inet_dport;
392 fl.fl_ip_sport = inet->inet_sport;
393 security_skb_classify_flow(skb, &fl);
395 if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
396 sk->sk_err_soft = -err;
400 if ((err = xfrm_lookup(net, &dst, &fl, sk, 0)) < 0) {
401 sk->sk_err_soft = -err;
408 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
409 tcp_sync_mss(sk, dst_mtu(dst));
410 tcp_simple_retransmit(sk);
411 } /* else let the usual retransmit timer handle it */
416 icmpv6_err_convert(type, code, &err);
418 /* Might be for an request_sock */
419 switch (sk->sk_state) {
420 struct request_sock *req, **prev;
422 if (sock_owned_by_user(sk))
425 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
426 &hdr->saddr, inet6_iif(skb));
430 /* ICMPs are not backlogged, hence we cannot get
431 * an established socket here.
433 WARN_ON(req->sk != NULL);
435 if (seq != tcp_rsk(req)->snt_isn) {
436 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
440 inet_csk_reqsk_queue_drop(sk, req, prev);
444 case TCP_SYN_RECV: /* Cannot happen.
445 It can, it SYNs are crossed. --ANK */
446 if (!sock_owned_by_user(sk)) {
448 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
452 sk->sk_err_soft = err;
456 if (!sock_owned_by_user(sk) && np->recverr) {
458 sk->sk_error_report(sk);
460 sk->sk_err_soft = err;
468 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
469 struct request_values *rvp)
471 struct inet6_request_sock *treq = inet6_rsk(req);
472 struct ipv6_pinfo *np = inet6_sk(sk);
473 struct sk_buff * skb;
474 struct ipv6_txoptions *opt = NULL;
475 struct in6_addr * final_p = NULL, final;
477 struct dst_entry *dst;
480 memset(&fl, 0, sizeof(fl));
481 fl.proto = IPPROTO_TCP;
482 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
483 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
484 fl.fl6_flowlabel = 0;
486 fl.mark = sk->sk_mark;
487 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
488 fl.fl_ip_sport = inet_rsk(req)->loc_port;
489 security_req_classify_flow(req, &fl);
492 if (opt && opt->srcrt) {
493 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
494 ipv6_addr_copy(&final, &fl.fl6_dst);
495 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
499 err = ip6_dst_lookup(sk, &dst, &fl);
503 ipv6_addr_copy(&fl.fl6_dst, final_p);
504 if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
507 skb = tcp_make_synack(sk, dst, req, rvp);
509 __tcp_v6_send_check(skb, &treq->loc_addr, &treq->rmt_addr);
511 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
512 err = ip6_xmit(sk, skb, &fl, opt);
513 err = net_xmit_eval(err);
517 if (opt && opt != np->opt)
518 sock_kfree_s(sk, opt, opt->tot_len);
523 static int tcp_v6_rtx_synack(struct sock *sk, struct request_sock *req,
524 struct request_values *rvp)
526 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_RETRANSSEGS);
527 return tcp_v6_send_synack(sk, req, rvp);
530 static inline void syn_flood_warning(struct sk_buff *skb)
532 #ifdef CONFIG_SYN_COOKIES
533 if (sysctl_tcp_syncookies)
535 "TCPv6: Possible SYN flooding on port %d. "
536 "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest));
540 "TCPv6: Possible SYN flooding on port %d. "
541 "Dropping request.\n", ntohs(tcp_hdr(skb)->dest));
544 static void tcp_v6_reqsk_destructor(struct request_sock *req)
546 kfree_skb(inet6_rsk(req)->pktopts);
549 #ifdef CONFIG_TCP_MD5SIG
550 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
551 struct in6_addr *addr)
553 struct tcp_sock *tp = tcp_sk(sk);
558 if (!tp->md5sig_info || !tp->md5sig_info->entries6)
561 for (i = 0; i < tp->md5sig_info->entries6; i++) {
562 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr))
563 return &tp->md5sig_info->keys6[i].base;
568 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
569 struct sock *addr_sk)
571 return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
574 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
575 struct request_sock *req)
577 return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
580 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
581 char *newkey, u8 newkeylen)
583 /* Add key to the list */
584 struct tcp_md5sig_key *key;
585 struct tcp_sock *tp = tcp_sk(sk);
586 struct tcp6_md5sig_key *keys;
588 key = tcp_v6_md5_do_lookup(sk, peer);
590 /* modify existing entry - just update that one */
593 key->keylen = newkeylen;
595 /* reallocate new list if current one is full. */
596 if (!tp->md5sig_info) {
597 tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC);
598 if (!tp->md5sig_info) {
602 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
604 if (tcp_alloc_md5sig_pool(sk) == NULL) {
608 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) {
609 keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) *
610 (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
613 tcp_free_md5sig_pool();
618 if (tp->md5sig_info->entries6)
619 memmove(keys, tp->md5sig_info->keys6,
620 (sizeof (tp->md5sig_info->keys6[0]) *
621 tp->md5sig_info->entries6));
623 kfree(tp->md5sig_info->keys6);
624 tp->md5sig_info->keys6 = keys;
625 tp->md5sig_info->alloced6++;
628 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
630 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey;
631 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen;
633 tp->md5sig_info->entries6++;
638 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk,
639 u8 *newkey, __u8 newkeylen)
641 return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr,
645 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
647 struct tcp_sock *tp = tcp_sk(sk);
650 for (i = 0; i < tp->md5sig_info->entries6; i++) {
651 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) {
653 kfree(tp->md5sig_info->keys6[i].base.key);
654 tp->md5sig_info->entries6--;
656 if (tp->md5sig_info->entries6 == 0) {
657 kfree(tp->md5sig_info->keys6);
658 tp->md5sig_info->keys6 = NULL;
659 tp->md5sig_info->alloced6 = 0;
661 /* shrink the database */
662 if (tp->md5sig_info->entries6 != i)
663 memmove(&tp->md5sig_info->keys6[i],
664 &tp->md5sig_info->keys6[i+1],
665 (tp->md5sig_info->entries6 - i)
666 * sizeof (tp->md5sig_info->keys6[0]));
668 tcp_free_md5sig_pool();
675 static void tcp_v6_clear_md5_list (struct sock *sk)
677 struct tcp_sock *tp = tcp_sk(sk);
680 if (tp->md5sig_info->entries6) {
681 for (i = 0; i < tp->md5sig_info->entries6; i++)
682 kfree(tp->md5sig_info->keys6[i].base.key);
683 tp->md5sig_info->entries6 = 0;
684 tcp_free_md5sig_pool();
687 kfree(tp->md5sig_info->keys6);
688 tp->md5sig_info->keys6 = NULL;
689 tp->md5sig_info->alloced6 = 0;
691 if (tp->md5sig_info->entries4) {
692 for (i = 0; i < tp->md5sig_info->entries4; i++)
693 kfree(tp->md5sig_info->keys4[i].base.key);
694 tp->md5sig_info->entries4 = 0;
695 tcp_free_md5sig_pool();
698 kfree(tp->md5sig_info->keys4);
699 tp->md5sig_info->keys4 = NULL;
700 tp->md5sig_info->alloced4 = 0;
703 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
706 struct tcp_md5sig cmd;
707 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
710 if (optlen < sizeof(cmd))
713 if (copy_from_user(&cmd, optval, sizeof(cmd)))
716 if (sin6->sin6_family != AF_INET6)
719 if (!cmd.tcpm_keylen) {
720 if (!tcp_sk(sk)->md5sig_info)
722 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
723 return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
724 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr);
727 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
730 if (!tcp_sk(sk)->md5sig_info) {
731 struct tcp_sock *tp = tcp_sk(sk);
732 struct tcp_md5sig_info *p;
734 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL);
739 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
742 newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
745 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) {
746 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3],
747 newkey, cmd.tcpm_keylen);
749 return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
752 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
753 struct in6_addr *daddr,
754 struct in6_addr *saddr, int nbytes)
756 struct tcp6_pseudohdr *bp;
757 struct scatterlist sg;
759 bp = &hp->md5_blk.ip6;
760 /* 1. TCP pseudo-header (RFC2460) */
761 ipv6_addr_copy(&bp->saddr, saddr);
762 ipv6_addr_copy(&bp->daddr, daddr);
763 bp->protocol = cpu_to_be32(IPPROTO_TCP);
764 bp->len = cpu_to_be32(nbytes);
766 sg_init_one(&sg, bp, sizeof(*bp));
767 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
770 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
771 struct in6_addr *daddr, struct in6_addr *saddr,
774 struct tcp_md5sig_pool *hp;
775 struct hash_desc *desc;
777 hp = tcp_get_md5sig_pool();
779 goto clear_hash_noput;
780 desc = &hp->md5_desc;
782 if (crypto_hash_init(desc))
784 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
786 if (tcp_md5_hash_header(hp, th))
788 if (tcp_md5_hash_key(hp, key))
790 if (crypto_hash_final(desc, md5_hash))
793 tcp_put_md5sig_pool();
797 tcp_put_md5sig_pool();
799 memset(md5_hash, 0, 16);
803 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
804 struct sock *sk, struct request_sock *req,
807 struct in6_addr *saddr, *daddr;
808 struct tcp_md5sig_pool *hp;
809 struct hash_desc *desc;
810 struct tcphdr *th = tcp_hdr(skb);
813 saddr = &inet6_sk(sk)->saddr;
814 daddr = &inet6_sk(sk)->daddr;
816 saddr = &inet6_rsk(req)->loc_addr;
817 daddr = &inet6_rsk(req)->rmt_addr;
819 struct ipv6hdr *ip6h = ipv6_hdr(skb);
820 saddr = &ip6h->saddr;
821 daddr = &ip6h->daddr;
824 hp = tcp_get_md5sig_pool();
826 goto clear_hash_noput;
827 desc = &hp->md5_desc;
829 if (crypto_hash_init(desc))
832 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
834 if (tcp_md5_hash_header(hp, th))
836 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
838 if (tcp_md5_hash_key(hp, key))
840 if (crypto_hash_final(desc, md5_hash))
843 tcp_put_md5sig_pool();
847 tcp_put_md5sig_pool();
849 memset(md5_hash, 0, 16);
853 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
855 __u8 *hash_location = NULL;
856 struct tcp_md5sig_key *hash_expected;
857 struct ipv6hdr *ip6h = ipv6_hdr(skb);
858 struct tcphdr *th = tcp_hdr(skb);
862 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
863 hash_location = tcp_parse_md5sig_option(th);
865 /* We've parsed the options - do we have a hash? */
866 if (!hash_expected && !hash_location)
869 if (hash_expected && !hash_location) {
870 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
874 if (!hash_expected && hash_location) {
875 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
879 /* check the signature */
880 genhash = tcp_v6_md5_hash_skb(newhash,
884 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
885 if (net_ratelimit()) {
886 printk(KERN_INFO "MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
887 genhash ? "failed" : "mismatch",
888 &ip6h->saddr, ntohs(th->source),
889 &ip6h->daddr, ntohs(th->dest));
897 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
899 .obj_size = sizeof(struct tcp6_request_sock),
900 .rtx_syn_ack = tcp_v6_rtx_synack,
901 .send_ack = tcp_v6_reqsk_send_ack,
902 .destructor = tcp_v6_reqsk_destructor,
903 .send_reset = tcp_v6_send_reset,
904 .syn_ack_timeout = tcp_syn_ack_timeout,
907 #ifdef CONFIG_TCP_MD5SIG
908 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
909 .md5_lookup = tcp_v6_reqsk_md5_lookup,
910 .calc_md5_hash = tcp_v6_md5_hash_skb,
914 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
915 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
916 .twsk_unique = tcp_twsk_unique,
917 .twsk_destructor= tcp_twsk_destructor,
920 static void __tcp_v6_send_check(struct sk_buff *skb,
921 struct in6_addr *saddr, struct in6_addr *daddr)
923 struct tcphdr *th = tcp_hdr(skb);
925 if (skb->ip_summed == CHECKSUM_PARTIAL) {
926 th->check = ~tcp_v6_check(skb->len, saddr, daddr, 0);
927 skb->csum_start = skb_transport_header(skb) - skb->head;
928 skb->csum_offset = offsetof(struct tcphdr, check);
930 th->check = tcp_v6_check(skb->len, saddr, daddr,
931 csum_partial(th, th->doff << 2,
936 static void tcp_v6_send_check(struct sock *sk, struct sk_buff *skb)
938 struct ipv6_pinfo *np = inet6_sk(sk);
940 __tcp_v6_send_check(skb, &np->saddr, &np->daddr);
943 static int tcp_v6_gso_send_check(struct sk_buff *skb)
945 struct ipv6hdr *ipv6h;
948 if (!pskb_may_pull(skb, sizeof(*th)))
951 ipv6h = ipv6_hdr(skb);
955 skb->ip_summed = CHECKSUM_PARTIAL;
956 __tcp_v6_send_check(skb, &ipv6h->saddr, &ipv6h->daddr);
960 static struct sk_buff **tcp6_gro_receive(struct sk_buff **head,
963 struct ipv6hdr *iph = skb_gro_network_header(skb);
965 switch (skb->ip_summed) {
966 case CHECKSUM_COMPLETE:
967 if (!tcp_v6_check(skb_gro_len(skb), &iph->saddr, &iph->daddr,
969 skb->ip_summed = CHECKSUM_UNNECESSARY;
975 NAPI_GRO_CB(skb)->flush = 1;
979 return tcp_gro_receive(head, skb);
982 static int tcp6_gro_complete(struct sk_buff *skb)
984 struct ipv6hdr *iph = ipv6_hdr(skb);
985 struct tcphdr *th = tcp_hdr(skb);
987 th->check = ~tcp_v6_check(skb->len - skb_transport_offset(skb),
988 &iph->saddr, &iph->daddr, 0);
989 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6;
991 return tcp_gro_complete(skb);
994 static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
995 u32 ts, struct tcp_md5sig_key *key, int rst)
997 struct tcphdr *th = tcp_hdr(skb), *t1;
998 struct sk_buff *buff;
1000 struct net *net = dev_net(skb_dst(skb)->dev);
1001 struct sock *ctl_sk = net->ipv6.tcp_sk;
1002 unsigned int tot_len = sizeof(struct tcphdr);
1003 struct dst_entry *dst;
1007 tot_len += TCPOLEN_TSTAMP_ALIGNED;
1008 #ifdef CONFIG_TCP_MD5SIG
1010 tot_len += TCPOLEN_MD5SIG_ALIGNED;
1013 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1018 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1020 t1 = (struct tcphdr *) skb_push(buff, tot_len);
1021 skb_reset_transport_header(buff);
1023 /* Swap the send and the receive. */
1024 memset(t1, 0, sizeof(*t1));
1025 t1->dest = th->source;
1026 t1->source = th->dest;
1027 t1->doff = tot_len / 4;
1028 t1->seq = htonl(seq);
1029 t1->ack_seq = htonl(ack);
1030 t1->ack = !rst || !th->ack;
1032 t1->window = htons(win);
1034 topt = (__be32 *)(t1 + 1);
1037 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1038 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
1039 *topt++ = htonl(tcp_time_stamp);
1040 *topt++ = htonl(ts);
1043 #ifdef CONFIG_TCP_MD5SIG
1045 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1046 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1047 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
1048 &ipv6_hdr(skb)->saddr,
1049 &ipv6_hdr(skb)->daddr, t1);
1053 memset(&fl, 0, sizeof(fl));
1054 ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1055 ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr);
1057 buff->ip_summed = CHECKSUM_PARTIAL;
1060 __tcp_v6_send_check(buff, &fl.fl6_src, &fl.fl6_dst);
1062 fl.proto = IPPROTO_TCP;
1063 fl.oif = inet6_iif(skb);
1064 fl.fl_ip_dport = t1->dest;
1065 fl.fl_ip_sport = t1->source;
1066 security_skb_classify_flow(skb, &fl);
1068 /* Pass a socket to ip6_dst_lookup either it is for RST
1069 * Underlying function will use this to retrieve the network
1072 if (!ip6_dst_lookup(ctl_sk, &dst, &fl)) {
1073 if (xfrm_lookup(net, &dst, &fl, NULL, 0) >= 0) {
1074 skb_dst_set(buff, dst);
1075 ip6_xmit(ctl_sk, buff, &fl, NULL);
1076 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
1078 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
1086 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
1088 struct tcphdr *th = tcp_hdr(skb);
1089 u32 seq = 0, ack_seq = 0;
1090 struct tcp_md5sig_key *key = NULL;
1095 if (!ipv6_unicast_destination(skb))
1098 #ifdef CONFIG_TCP_MD5SIG
1100 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr);
1104 seq = ntohl(th->ack_seq);
1106 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
1109 tcp_v6_send_response(skb, seq, ack_seq, 0, 0, key, 1);
1112 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts,
1113 struct tcp_md5sig_key *key)
1115 tcp_v6_send_response(skb, seq, ack, win, ts, key, 0);
1118 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1120 struct inet_timewait_sock *tw = inet_twsk(sk);
1121 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1123 tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1124 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1125 tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw));
1130 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
1131 struct request_sock *req)
1133 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent,
1134 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr));
1138 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1140 struct request_sock *req, **prev;
1141 const struct tcphdr *th = tcp_hdr(skb);
1144 /* Find possible connection requests. */
1145 req = inet6_csk_search_req(sk, &prev, th->source,
1146 &ipv6_hdr(skb)->saddr,
1147 &ipv6_hdr(skb)->daddr, inet6_iif(skb));
1149 return tcp_check_req(sk, skb, req, prev);
1151 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
1152 &ipv6_hdr(skb)->saddr, th->source,
1153 &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb));
1156 if (nsk->sk_state != TCP_TIME_WAIT) {
1160 inet_twsk_put(inet_twsk(nsk));
1164 #ifdef CONFIG_SYN_COOKIES
1165 if (!th->rst && !th->syn && th->ack)
1166 sk = cookie_v6_check(sk, skb);
1171 /* FIXME: this is substantially similar to the ipv4 code.
1172 * Can some kind of merge be done? -- erics
1174 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1176 struct tcp_extend_values tmp_ext;
1177 struct tcp_options_received tmp_opt;
1179 struct request_sock *req;
1180 struct inet6_request_sock *treq;
1181 struct ipv6_pinfo *np = inet6_sk(sk);
1182 struct tcp_sock *tp = tcp_sk(sk);
1183 __u32 isn = TCP_SKB_CB(skb)->when;
1184 #ifdef CONFIG_SYN_COOKIES
1185 int want_cookie = 0;
1187 #define want_cookie 0
1190 if (skb->protocol == htons(ETH_P_IP))
1191 return tcp_v4_conn_request(sk, skb);
1193 if (!ipv6_unicast_destination(skb))
1196 if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1197 if (net_ratelimit())
1198 syn_flood_warning(skb);
1199 #ifdef CONFIG_SYN_COOKIES
1200 if (sysctl_tcp_syncookies)
1207 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1210 req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
1214 #ifdef CONFIG_TCP_MD5SIG
1215 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
1218 tcp_clear_options(&tmp_opt);
1219 tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1220 tmp_opt.user_mss = tp->rx_opt.user_mss;
1221 tcp_parse_options(skb, &tmp_opt, &hash_location, 0);
1223 if (tmp_opt.cookie_plus > 0 &&
1224 tmp_opt.saw_tstamp &&
1225 !tp->rx_opt.cookie_out_never &&
1226 (sysctl_tcp_cookie_size > 0 ||
1227 (tp->cookie_values != NULL &&
1228 tp->cookie_values->cookie_desired > 0))) {
1231 u32 *mess = &tmp_ext.cookie_bakery[COOKIE_DIGEST_WORDS];
1232 int l = tmp_opt.cookie_plus - TCPOLEN_COOKIE_BASE;
1234 if (tcp_cookie_generator(&tmp_ext.cookie_bakery[0]) != 0)
1237 /* Secret recipe starts with IP addresses */
1238 d = (__force u32 *)&ipv6_hdr(skb)->daddr.s6_addr32[0];
1243 d = (__force u32 *)&ipv6_hdr(skb)->saddr.s6_addr32[0];
1249 /* plus variable length Initiator Cookie */
1252 *c++ ^= *hash_location++;
1254 #ifdef CONFIG_SYN_COOKIES
1255 want_cookie = 0; /* not our kind of cookie */
1257 tmp_ext.cookie_out_never = 0; /* false */
1258 tmp_ext.cookie_plus = tmp_opt.cookie_plus;
1259 } else if (!tp->rx_opt.cookie_in_always) {
1260 /* redundant indications, but ensure initialization. */
1261 tmp_ext.cookie_out_never = 1; /* true */
1262 tmp_ext.cookie_plus = 0;
1266 tmp_ext.cookie_in_always = tp->rx_opt.cookie_in_always;
1268 if (want_cookie && !tmp_opt.saw_tstamp)
1269 tcp_clear_options(&tmp_opt);
1271 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1272 tcp_openreq_init(req, &tmp_opt, skb);
1274 treq = inet6_rsk(req);
1275 ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr);
1276 ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr);
1278 TCP_ECN_create_request(req, tcp_hdr(skb));
1281 isn = cookie_v6_init_sequence(sk, skb, &req->mss);
1282 req->cookie_ts = tmp_opt.tstamp_ok;
1284 if (ipv6_opt_accepted(sk, skb) ||
1285 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1286 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1287 atomic_inc(&skb->users);
1288 treq->pktopts = skb;
1290 treq->iif = sk->sk_bound_dev_if;
1292 /* So that link locals have meaning */
1293 if (!sk->sk_bound_dev_if &&
1294 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1295 treq->iif = inet6_iif(skb);
1297 isn = tcp_v6_init_sequence(skb);
1299 tcp_rsk(req)->snt_isn = isn;
1301 security_inet_conn_request(sk, skb, req);
1303 if (tcp_v6_send_synack(sk, req,
1304 (struct request_values *)&tmp_ext) ||
1308 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1314 return 0; /* don't send reset */
1317 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1318 struct request_sock *req,
1319 struct dst_entry *dst)
1321 struct inet6_request_sock *treq;
1322 struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1323 struct tcp6_sock *newtcp6sk;
1324 struct inet_sock *newinet;
1325 struct tcp_sock *newtp;
1327 struct ipv6_txoptions *opt;
1328 #ifdef CONFIG_TCP_MD5SIG
1329 struct tcp_md5sig_key *key;
1332 if (skb->protocol == htons(ETH_P_IP)) {
1337 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1342 newtcp6sk = (struct tcp6_sock *)newsk;
1343 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1345 newinet = inet_sk(newsk);
1346 newnp = inet6_sk(newsk);
1347 newtp = tcp_sk(newsk);
1349 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1351 ipv6_addr_set_v4mapped(newinet->inet_daddr, &newnp->daddr);
1353 ipv6_addr_set_v4mapped(newinet->inet_saddr, &newnp->saddr);
1355 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1357 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1358 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1359 #ifdef CONFIG_TCP_MD5SIG
1360 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1363 newnp->pktoptions = NULL;
1365 newnp->mcast_oif = inet6_iif(skb);
1366 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1369 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1370 * here, tcp_create_openreq_child now does this for us, see the comment in
1371 * that function for the gory details. -acme
1374 /* It is tricky place. Until this moment IPv4 tcp
1375 worked with IPv6 icsk.icsk_af_ops.
1378 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1383 treq = inet6_rsk(req);
1386 if (sk_acceptq_is_full(sk))
1390 struct in6_addr *final_p = NULL, final;
1393 memset(&fl, 0, sizeof(fl));
1394 fl.proto = IPPROTO_TCP;
1395 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
1396 if (opt && opt->srcrt) {
1397 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
1398 ipv6_addr_copy(&final, &fl.fl6_dst);
1399 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1402 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
1403 fl.oif = sk->sk_bound_dev_if;
1404 fl.mark = sk->sk_mark;
1405 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
1406 fl.fl_ip_sport = inet_rsk(req)->loc_port;
1407 security_req_classify_flow(req, &fl);
1409 if (ip6_dst_lookup(sk, &dst, &fl))
1413 ipv6_addr_copy(&fl.fl6_dst, final_p);
1415 if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
1419 newsk = tcp_create_openreq_child(sk, req, skb);
1424 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1425 * count here, tcp_create_openreq_child now does this for us, see the
1426 * comment in that function for the gory details. -acme
1429 newsk->sk_gso_type = SKB_GSO_TCPV6;
1430 __ip6_dst_store(newsk, dst, NULL, NULL);
1432 newtcp6sk = (struct tcp6_sock *)newsk;
1433 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1435 newtp = tcp_sk(newsk);
1436 newinet = inet_sk(newsk);
1437 newnp = inet6_sk(newsk);
1439 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1441 ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1442 ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1443 ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1444 newsk->sk_bound_dev_if = treq->iif;
1446 /* Now IPv6 options...
1448 First: no IPv4 options.
1450 newinet->opt = NULL;
1451 newnp->ipv6_fl_list = NULL;
1454 newnp->rxopt.all = np->rxopt.all;
1456 /* Clone pktoptions received with SYN */
1457 newnp->pktoptions = NULL;
1458 if (treq->pktopts != NULL) {
1459 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1460 kfree_skb(treq->pktopts);
1461 treq->pktopts = NULL;
1462 if (newnp->pktoptions)
1463 skb_set_owner_r(newnp->pktoptions, newsk);
1466 newnp->mcast_oif = inet6_iif(skb);
1467 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1469 /* Clone native IPv6 options from listening socket (if any)
1471 Yes, keeping reference count would be much more clever,
1472 but we make one more one thing there: reattach optmem
1476 newnp->opt = ipv6_dup_options(newsk, opt);
1478 sock_kfree_s(sk, opt, opt->tot_len);
1481 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1483 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1484 newnp->opt->opt_flen);
1486 tcp_mtup_init(newsk);
1487 tcp_sync_mss(newsk, dst_mtu(dst));
1488 newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1489 tcp_initialize_rcv_mss(newsk);
1491 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1492 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1494 #ifdef CONFIG_TCP_MD5SIG
1495 /* Copy over the MD5 key from the original socket */
1496 if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
1497 /* We're using one, so create a matching key
1498 * on the newsk structure. If we fail to get
1499 * memory, then we end up not copying the key
1502 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1504 tcp_v6_md5_do_add(newsk, &newnp->daddr,
1505 newkey, key->keylen);
1509 __inet6_hash(newsk, NULL);
1510 __inet_inherit_port(sk, newsk);
1515 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1517 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1518 if (opt && opt != np->opt)
1519 sock_kfree_s(sk, opt, opt->tot_len);
1524 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1526 if (skb->ip_summed == CHECKSUM_COMPLETE) {
1527 if (!tcp_v6_check(skb->len, &ipv6_hdr(skb)->saddr,
1528 &ipv6_hdr(skb)->daddr, skb->csum)) {
1529 skb->ip_summed = CHECKSUM_UNNECESSARY;
1534 skb->csum = ~csum_unfold(tcp_v6_check(skb->len,
1535 &ipv6_hdr(skb)->saddr,
1536 &ipv6_hdr(skb)->daddr, 0));
1538 if (skb->len <= 76) {
1539 return __skb_checksum_complete(skb);
1544 /* The socket must have it's spinlock held when we get
1547 * We have a potential double-lock case here, so even when
1548 * doing backlog processing we use the BH locking scheme.
1549 * This is because we cannot sleep with the original spinlock
1552 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1554 struct ipv6_pinfo *np = inet6_sk(sk);
1555 struct tcp_sock *tp;
1556 struct sk_buff *opt_skb = NULL;
1558 /* Imagine: socket is IPv6. IPv4 packet arrives,
1559 goes to IPv4 receive handler and backlogged.
1560 From backlog it always goes here. Kerboom...
1561 Fortunately, tcp_rcv_established and rcv_established
1562 handle them correctly, but it is not case with
1563 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1566 if (skb->protocol == htons(ETH_P_IP))
1567 return tcp_v4_do_rcv(sk, skb);
1569 #ifdef CONFIG_TCP_MD5SIG
1570 if (tcp_v6_inbound_md5_hash (sk, skb))
1574 if (sk_filter(sk, skb))
1578 * socket locking is here for SMP purposes as backlog rcv
1579 * is currently called with bh processing disabled.
1582 /* Do Stevens' IPV6_PKTOPTIONS.
1584 Yes, guys, it is the only place in our code, where we
1585 may make it not affecting IPv4.
1586 The rest of code is protocol independent,
1587 and I do not like idea to uglify IPv4.
1589 Actually, all the idea behind IPV6_PKTOPTIONS
1590 looks not very well thought. For now we latch
1591 options, received in the last packet, enqueued
1592 by tcp. Feel free to propose better solution.
1596 opt_skb = skb_clone(skb, GFP_ATOMIC);
1598 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1599 TCP_CHECK_TIMER(sk);
1600 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len))
1602 TCP_CHECK_TIMER(sk);
1604 goto ipv6_pktoptions;
1608 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1611 if (sk->sk_state == TCP_LISTEN) {
1612 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1617 * Queue it on the new socket if the new socket is active,
1618 * otherwise we just shortcircuit this and continue with
1622 if (tcp_child_process(sk, nsk, skb))
1625 __kfree_skb(opt_skb);
1630 TCP_CHECK_TIMER(sk);
1631 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1633 TCP_CHECK_TIMER(sk);
1635 goto ipv6_pktoptions;
1639 tcp_v6_send_reset(sk, skb);
1642 __kfree_skb(opt_skb);
1646 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1651 /* Do you ask, what is it?
1653 1. skb was enqueued by tcp.
1654 2. skb is added to tail of read queue, rather than out of order.
1655 3. socket is not in passive state.
1656 4. Finally, it really contains options, which user wants to receive.
1659 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1660 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1661 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1662 np->mcast_oif = inet6_iif(opt_skb);
1663 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1664 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1665 if (ipv6_opt_accepted(sk, opt_skb)) {
1666 skb_set_owner_r(opt_skb, sk);
1667 opt_skb = xchg(&np->pktoptions, opt_skb);
1669 __kfree_skb(opt_skb);
1670 opt_skb = xchg(&np->pktoptions, NULL);
1678 static int tcp_v6_rcv(struct sk_buff *skb)
1683 struct net *net = dev_net(skb->dev);
1685 if (skb->pkt_type != PACKET_HOST)
1689 * Count it even if it's bad.
1691 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1693 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1698 if (th->doff < sizeof(struct tcphdr)/4)
1700 if (!pskb_may_pull(skb, th->doff*4))
1703 if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb))
1707 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1708 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1709 skb->len - th->doff*4);
1710 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1711 TCP_SKB_CB(skb)->when = 0;
1712 TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb));
1713 TCP_SKB_CB(skb)->sacked = 0;
1715 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
1720 if (sk->sk_state == TCP_TIME_WAIT)
1723 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1724 goto discard_and_relse;
1726 if (sk_filter(sk, skb))
1727 goto discard_and_relse;
1731 bh_lock_sock_nested(sk);
1733 if (!sock_owned_by_user(sk)) {
1734 #ifdef CONFIG_NET_DMA
1735 struct tcp_sock *tp = tcp_sk(sk);
1736 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1737 tp->ucopy.dma_chan = dma_find_channel(DMA_MEMCPY);
1738 if (tp->ucopy.dma_chan)
1739 ret = tcp_v6_do_rcv(sk, skb);
1743 if (!tcp_prequeue(sk, skb))
1744 ret = tcp_v6_do_rcv(sk, skb);
1746 } else if (unlikely(sk_add_backlog(sk, skb))) {
1748 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP);
1749 goto discard_and_relse;
1754 return ret ? -1 : 0;
1757 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1760 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1762 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1764 tcp_v6_send_reset(NULL, skb);
1781 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1782 inet_twsk_put(inet_twsk(sk));
1786 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1787 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1788 inet_twsk_put(inet_twsk(sk));
1792 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1797 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1798 &ipv6_hdr(skb)->daddr,
1799 ntohs(th->dest), inet6_iif(skb));
1801 struct inet_timewait_sock *tw = inet_twsk(sk);
1802 inet_twsk_deschedule(tw, &tcp_death_row);
1807 /* Fall through to ACK */
1810 tcp_v6_timewait_ack(sk, skb);
1814 case TCP_TW_SUCCESS:;
1819 static int tcp_v6_remember_stamp(struct sock *sk)
1821 /* Alas, not yet... */
1825 static const struct inet_connection_sock_af_ops ipv6_specific = {
1826 .queue_xmit = inet6_csk_xmit,
1827 .send_check = tcp_v6_send_check,
1828 .rebuild_header = inet6_sk_rebuild_header,
1829 .conn_request = tcp_v6_conn_request,
1830 .syn_recv_sock = tcp_v6_syn_recv_sock,
1831 .remember_stamp = tcp_v6_remember_stamp,
1832 .net_header_len = sizeof(struct ipv6hdr),
1833 .setsockopt = ipv6_setsockopt,
1834 .getsockopt = ipv6_getsockopt,
1835 .addr2sockaddr = inet6_csk_addr2sockaddr,
1836 .sockaddr_len = sizeof(struct sockaddr_in6),
1837 .bind_conflict = inet6_csk_bind_conflict,
1838 #ifdef CONFIG_COMPAT
1839 .compat_setsockopt = compat_ipv6_setsockopt,
1840 .compat_getsockopt = compat_ipv6_getsockopt,
1844 #ifdef CONFIG_TCP_MD5SIG
1845 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1846 .md5_lookup = tcp_v6_md5_lookup,
1847 .calc_md5_hash = tcp_v6_md5_hash_skb,
1848 .md5_add = tcp_v6_md5_add_func,
1849 .md5_parse = tcp_v6_parse_md5_keys,
1854 * TCP over IPv4 via INET6 API
1857 static const struct inet_connection_sock_af_ops ipv6_mapped = {
1858 .queue_xmit = ip_queue_xmit,
1859 .send_check = tcp_v4_send_check,
1860 .rebuild_header = inet_sk_rebuild_header,
1861 .conn_request = tcp_v6_conn_request,
1862 .syn_recv_sock = tcp_v6_syn_recv_sock,
1863 .remember_stamp = tcp_v4_remember_stamp,
1864 .net_header_len = sizeof(struct iphdr),
1865 .setsockopt = ipv6_setsockopt,
1866 .getsockopt = ipv6_getsockopt,
1867 .addr2sockaddr = inet6_csk_addr2sockaddr,
1868 .sockaddr_len = sizeof(struct sockaddr_in6),
1869 .bind_conflict = inet6_csk_bind_conflict,
1870 #ifdef CONFIG_COMPAT
1871 .compat_setsockopt = compat_ipv6_setsockopt,
1872 .compat_getsockopt = compat_ipv6_getsockopt,
1876 #ifdef CONFIG_TCP_MD5SIG
1877 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1878 .md5_lookup = tcp_v4_md5_lookup,
1879 .calc_md5_hash = tcp_v4_md5_hash_skb,
1880 .md5_add = tcp_v6_md5_add_func,
1881 .md5_parse = tcp_v6_parse_md5_keys,
1885 /* NOTE: A lot of things set to zero explicitly by call to
1886 * sk_alloc() so need not be done here.
1888 static int tcp_v6_init_sock(struct sock *sk)
1890 struct inet_connection_sock *icsk = inet_csk(sk);
1891 struct tcp_sock *tp = tcp_sk(sk);
1893 skb_queue_head_init(&tp->out_of_order_queue);
1894 tcp_init_xmit_timers(sk);
1895 tcp_prequeue_init(tp);
1897 icsk->icsk_rto = TCP_TIMEOUT_INIT;
1898 tp->mdev = TCP_TIMEOUT_INIT;
1900 /* So many TCP implementations out there (incorrectly) count the
1901 * initial SYN frame in their delayed-ACK and congestion control
1902 * algorithms that we must have the following bandaid to talk
1903 * efficiently to them. -DaveM
1907 /* See draft-stevens-tcpca-spec-01 for discussion of the
1908 * initialization of these values.
1910 tp->snd_ssthresh = TCP_INFINITE_SSTHRESH;
1911 tp->snd_cwnd_clamp = ~0;
1912 tp->mss_cache = TCP_MSS_DEFAULT;
1914 tp->reordering = sysctl_tcp_reordering;
1916 sk->sk_state = TCP_CLOSE;
1918 icsk->icsk_af_ops = &ipv6_specific;
1919 icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1920 icsk->icsk_sync_mss = tcp_sync_mss;
1921 sk->sk_write_space = sk_stream_write_space;
1922 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1924 #ifdef CONFIG_TCP_MD5SIG
1925 tp->af_specific = &tcp_sock_ipv6_specific;
1928 /* TCP Cookie Transactions */
1929 if (sysctl_tcp_cookie_size > 0) {
1930 /* Default, cookies without s_data_payload. */
1932 kzalloc(sizeof(*tp->cookie_values),
1934 if (tp->cookie_values != NULL)
1935 kref_init(&tp->cookie_values->kref);
1937 /* Presumed zeroed, in order of appearance:
1938 * cookie_in_always, cookie_out_never,
1939 * s_data_constant, s_data_in, s_data_out
1941 sk->sk_sndbuf = sysctl_tcp_wmem[1];
1942 sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1945 percpu_counter_inc(&tcp_sockets_allocated);
1951 static void tcp_v6_destroy_sock(struct sock *sk)
1953 #ifdef CONFIG_TCP_MD5SIG
1954 /* Clean up the MD5 key list */
1955 if (tcp_sk(sk)->md5sig_info)
1956 tcp_v6_clear_md5_list(sk);
1958 tcp_v4_destroy_sock(sk);
1959 inet6_destroy_sock(sk);
1962 #ifdef CONFIG_PROC_FS
1963 /* Proc filesystem TCPv6 sock list dumping. */
1964 static void get_openreq6(struct seq_file *seq,
1965 struct sock *sk, struct request_sock *req, int i, int uid)
1967 int ttd = req->expires - jiffies;
1968 struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1969 struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1975 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1976 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1978 src->s6_addr32[0], src->s6_addr32[1],
1979 src->s6_addr32[2], src->s6_addr32[3],
1980 ntohs(inet_rsk(req)->loc_port),
1981 dest->s6_addr32[0], dest->s6_addr32[1],
1982 dest->s6_addr32[2], dest->s6_addr32[3],
1983 ntohs(inet_rsk(req)->rmt_port),
1985 0,0, /* could print option size, but that is af dependent. */
1986 1, /* timers active (only the expire timer) */
1987 jiffies_to_clock_t(ttd),
1990 0, /* non standard timer */
1991 0, /* open_requests have no inode */
1995 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1997 struct in6_addr *dest, *src;
2000 unsigned long timer_expires;
2001 struct inet_sock *inet = inet_sk(sp);
2002 struct tcp_sock *tp = tcp_sk(sp);
2003 const struct inet_connection_sock *icsk = inet_csk(sp);
2004 struct ipv6_pinfo *np = inet6_sk(sp);
2007 src = &np->rcv_saddr;
2008 destp = ntohs(inet->inet_dport);
2009 srcp = ntohs(inet->inet_sport);
2011 if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
2013 timer_expires = icsk->icsk_timeout;
2014 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2016 timer_expires = icsk->icsk_timeout;
2017 } else if (timer_pending(&sp->sk_timer)) {
2019 timer_expires = sp->sk_timer.expires;
2022 timer_expires = jiffies;
2026 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2027 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %lu %lu %u %u %d\n",
2029 src->s6_addr32[0], src->s6_addr32[1],
2030 src->s6_addr32[2], src->s6_addr32[3], srcp,
2031 dest->s6_addr32[0], dest->s6_addr32[1],
2032 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2034 tp->write_seq-tp->snd_una,
2035 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
2037 jiffies_to_clock_t(timer_expires - jiffies),
2038 icsk->icsk_retransmits,
2040 icsk->icsk_probes_out,
2042 atomic_read(&sp->sk_refcnt), sp,
2043 jiffies_to_clock_t(icsk->icsk_rto),
2044 jiffies_to_clock_t(icsk->icsk_ack.ato),
2045 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
2047 tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh
2051 static void get_timewait6_sock(struct seq_file *seq,
2052 struct inet_timewait_sock *tw, int i)
2054 struct in6_addr *dest, *src;
2056 struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
2057 int ttd = tw->tw_ttd - jiffies;
2062 dest = &tw6->tw_v6_daddr;
2063 src = &tw6->tw_v6_rcv_saddr;
2064 destp = ntohs(tw->tw_dport);
2065 srcp = ntohs(tw->tw_sport);
2068 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2069 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
2071 src->s6_addr32[0], src->s6_addr32[1],
2072 src->s6_addr32[2], src->s6_addr32[3], srcp,
2073 dest->s6_addr32[0], dest->s6_addr32[1],
2074 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2075 tw->tw_substate, 0, 0,
2076 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2077 atomic_read(&tw->tw_refcnt), tw);
2080 static int tcp6_seq_show(struct seq_file *seq, void *v)
2082 struct tcp_iter_state *st;
2084 if (v == SEQ_START_TOKEN) {
2089 "st tx_queue rx_queue tr tm->when retrnsmt"
2090 " uid timeout inode\n");
2095 switch (st->state) {
2096 case TCP_SEQ_STATE_LISTENING:
2097 case TCP_SEQ_STATE_ESTABLISHED:
2098 get_tcp6_sock(seq, v, st->num);
2100 case TCP_SEQ_STATE_OPENREQ:
2101 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
2103 case TCP_SEQ_STATE_TIME_WAIT:
2104 get_timewait6_sock(seq, v, st->num);
2111 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2115 .owner = THIS_MODULE,
2118 .show = tcp6_seq_show,
2122 int __net_init tcp6_proc_init(struct net *net)
2124 return tcp_proc_register(net, &tcp6_seq_afinfo);
2127 void tcp6_proc_exit(struct net *net)
2129 tcp_proc_unregister(net, &tcp6_seq_afinfo);
2133 struct proto tcpv6_prot = {
2135 .owner = THIS_MODULE,
2137 .connect = tcp_v6_connect,
2138 .disconnect = tcp_disconnect,
2139 .accept = inet_csk_accept,
2141 .init = tcp_v6_init_sock,
2142 .destroy = tcp_v6_destroy_sock,
2143 .shutdown = tcp_shutdown,
2144 .setsockopt = tcp_setsockopt,
2145 .getsockopt = tcp_getsockopt,
2146 .recvmsg = tcp_recvmsg,
2147 .backlog_rcv = tcp_v6_do_rcv,
2148 .hash = tcp_v6_hash,
2149 .unhash = inet_unhash,
2150 .get_port = inet_csk_get_port,
2151 .enter_memory_pressure = tcp_enter_memory_pressure,
2152 .sockets_allocated = &tcp_sockets_allocated,
2153 .memory_allocated = &tcp_memory_allocated,
2154 .memory_pressure = &tcp_memory_pressure,
2155 .orphan_count = &tcp_orphan_count,
2156 .sysctl_mem = sysctl_tcp_mem,
2157 .sysctl_wmem = sysctl_tcp_wmem,
2158 .sysctl_rmem = sysctl_tcp_rmem,
2159 .max_header = MAX_TCP_HEADER,
2160 .obj_size = sizeof(struct tcp6_sock),
2161 .slab_flags = SLAB_DESTROY_BY_RCU,
2162 .twsk_prot = &tcp6_timewait_sock_ops,
2163 .rsk_prot = &tcp6_request_sock_ops,
2164 .h.hashinfo = &tcp_hashinfo,
2165 #ifdef CONFIG_COMPAT
2166 .compat_setsockopt = compat_tcp_setsockopt,
2167 .compat_getsockopt = compat_tcp_getsockopt,
2171 static const struct inet6_protocol tcpv6_protocol = {
2172 .handler = tcp_v6_rcv,
2173 .err_handler = tcp_v6_err,
2174 .gso_send_check = tcp_v6_gso_send_check,
2175 .gso_segment = tcp_tso_segment,
2176 .gro_receive = tcp6_gro_receive,
2177 .gro_complete = tcp6_gro_complete,
2178 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2181 static struct inet_protosw tcpv6_protosw = {
2182 .type = SOCK_STREAM,
2183 .protocol = IPPROTO_TCP,
2184 .prot = &tcpv6_prot,
2185 .ops = &inet6_stream_ops,
2187 .flags = INET_PROTOSW_PERMANENT |
2191 static int __net_init tcpv6_net_init(struct net *net)
2193 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2194 SOCK_RAW, IPPROTO_TCP, net);
2197 static void __net_exit tcpv6_net_exit(struct net *net)
2199 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
2202 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
2204 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET6);
2207 static struct pernet_operations tcpv6_net_ops = {
2208 .init = tcpv6_net_init,
2209 .exit = tcpv6_net_exit,
2210 .exit_batch = tcpv6_net_exit_batch,
2213 int __init tcpv6_init(void)
2217 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2221 /* register inet6 protocol */
2222 ret = inet6_register_protosw(&tcpv6_protosw);
2224 goto out_tcpv6_protocol;
2226 ret = register_pernet_subsys(&tcpv6_net_ops);
2228 goto out_tcpv6_protosw;
2233 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2235 inet6_unregister_protosw(&tcpv6_protosw);
2239 void tcpv6_exit(void)
2241 unregister_pernet_subsys(&tcpv6_net_ops);
2242 inet6_unregister_protosw(&tcpv6_protosw);
2243 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);