3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
10 * linux/net/ipv4/tcp_input.c
11 * linux/net/ipv4/tcp_output.c
14 * Hideaki YOSHIFUJI : sin6_scope_id support
15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
17 * a single port at the same time.
18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
42 #include <linux/ipv6.h>
43 #include <linux/icmpv6.h>
44 #include <linux/random.h>
47 #include <net/ndisc.h>
48 #include <net/inet6_hashtables.h>
49 #include <net/inet6_connection_sock.h>
51 #include <net/transp_v6.h>
52 #include <net/addrconf.h>
53 #include <net/ip6_route.h>
54 #include <net/ip6_checksum.h>
55 #include <net/inet_ecn.h>
56 #include <net/protocol.h>
59 #include <net/dsfield.h>
60 #include <net/timewait_sock.h>
61 #include <net/netdma.h>
62 #include <net/inet_common.h>
64 #include <asm/uaccess.h>
66 #include <linux/proc_fs.h>
67 #include <linux/seq_file.h>
69 #include <linux/crypto.h>
70 #include <linux/scatterlist.h>
72 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
73 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
74 struct request_sock *req);
76 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
78 static const struct inet_connection_sock_af_ops ipv6_mapped;
79 static const struct inet_connection_sock_af_ops ipv6_specific;
80 #ifdef CONFIG_TCP_MD5SIG
81 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
82 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
84 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
85 struct in6_addr *addr)
91 static void tcp_v6_hash(struct sock *sk)
93 if (sk->sk_state != TCP_CLOSE) {
94 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
99 __inet6_hash(sk, NULL);
104 static __inline__ __sum16 tcp_v6_check(int len,
105 struct in6_addr *saddr,
106 struct in6_addr *daddr,
109 return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
112 static __u32 tcp_v6_init_sequence(struct sk_buff *skb)
114 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
115 ipv6_hdr(skb)->saddr.s6_addr32,
117 tcp_hdr(skb)->source);
120 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
123 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
124 struct inet_sock *inet = inet_sk(sk);
125 struct inet_connection_sock *icsk = inet_csk(sk);
126 struct ipv6_pinfo *np = inet6_sk(sk);
127 struct tcp_sock *tp = tcp_sk(sk);
128 struct in6_addr *saddr = NULL, *final_p = NULL, final;
130 struct dst_entry *dst;
134 if (addr_len < SIN6_LEN_RFC2133)
137 if (usin->sin6_family != AF_INET6)
138 return(-EAFNOSUPPORT);
140 memset(&fl, 0, sizeof(fl));
143 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
144 IP6_ECN_flow_init(fl.fl6_flowlabel);
145 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
146 struct ip6_flowlabel *flowlabel;
147 flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
148 if (flowlabel == NULL)
150 ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
151 fl6_sock_release(flowlabel);
156 * connect() to INADDR_ANY means loopback (BSD'ism).
159 if(ipv6_addr_any(&usin->sin6_addr))
160 usin->sin6_addr.s6_addr[15] = 0x1;
162 addr_type = ipv6_addr_type(&usin->sin6_addr);
164 if(addr_type & IPV6_ADDR_MULTICAST)
167 if (addr_type&IPV6_ADDR_LINKLOCAL) {
168 if (addr_len >= sizeof(struct sockaddr_in6) &&
169 usin->sin6_scope_id) {
170 /* If interface is set while binding, indices
173 if (sk->sk_bound_dev_if &&
174 sk->sk_bound_dev_if != usin->sin6_scope_id)
177 sk->sk_bound_dev_if = usin->sin6_scope_id;
180 /* Connect to link-local address requires an interface */
181 if (!sk->sk_bound_dev_if)
185 if (tp->rx_opt.ts_recent_stamp &&
186 !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
187 tp->rx_opt.ts_recent = 0;
188 tp->rx_opt.ts_recent_stamp = 0;
192 ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
193 np->flow_label = fl.fl6_flowlabel;
199 if (addr_type == IPV6_ADDR_MAPPED) {
200 u32 exthdrlen = icsk->icsk_ext_hdr_len;
201 struct sockaddr_in sin;
203 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
205 if (__ipv6_only_sock(sk))
208 sin.sin_family = AF_INET;
209 sin.sin_port = usin->sin6_port;
210 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
212 icsk->icsk_af_ops = &ipv6_mapped;
213 sk->sk_backlog_rcv = tcp_v4_do_rcv;
214 #ifdef CONFIG_TCP_MD5SIG
215 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
218 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
221 icsk->icsk_ext_hdr_len = exthdrlen;
222 icsk->icsk_af_ops = &ipv6_specific;
223 sk->sk_backlog_rcv = tcp_v6_do_rcv;
224 #ifdef CONFIG_TCP_MD5SIG
225 tp->af_specific = &tcp_sock_ipv6_specific;
229 ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr);
230 ipv6_addr_set_v4mapped(inet->inet_rcv_saddr,
237 if (!ipv6_addr_any(&np->rcv_saddr))
238 saddr = &np->rcv_saddr;
240 fl.proto = IPPROTO_TCP;
241 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
242 ipv6_addr_copy(&fl.fl6_src,
243 (saddr ? saddr : &np->saddr));
244 fl.oif = sk->sk_bound_dev_if;
245 fl.mark = sk->sk_mark;
246 fl.fl_ip_dport = usin->sin6_port;
247 fl.fl_ip_sport = inet->inet_sport;
249 if (np->opt && np->opt->srcrt) {
250 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
251 ipv6_addr_copy(&final, &fl.fl6_dst);
252 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
256 security_sk_classify_flow(sk, &fl);
258 err = ip6_dst_lookup(sk, &dst, &fl);
262 ipv6_addr_copy(&fl.fl6_dst, final_p);
264 err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
267 err = ip6_dst_blackhole(sk, &dst, &fl);
274 ipv6_addr_copy(&np->rcv_saddr, saddr);
277 /* set the source address */
278 ipv6_addr_copy(&np->saddr, saddr);
279 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
281 sk->sk_gso_type = SKB_GSO_TCPV6;
282 __ip6_dst_store(sk, dst, NULL, NULL);
284 icsk->icsk_ext_hdr_len = 0;
286 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
289 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
291 inet->inet_dport = usin->sin6_port;
293 tcp_set_state(sk, TCP_SYN_SENT);
294 err = inet6_hash_connect(&tcp_death_row, sk);
299 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
304 err = tcp_connect(sk);
311 tcp_set_state(sk, TCP_CLOSE);
314 inet->inet_dport = 0;
315 sk->sk_route_caps = 0;
319 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
320 u8 type, u8 code, int offset, __be32 info)
322 struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
323 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
324 struct ipv6_pinfo *np;
329 struct net *net = dev_net(skb->dev);
331 sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr,
332 th->dest, &hdr->saddr, th->source, skb->dev->ifindex);
335 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev),
340 if (sk->sk_state == TCP_TIME_WAIT) {
341 inet_twsk_put(inet_twsk(sk));
346 if (sock_owned_by_user(sk))
347 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
349 if (sk->sk_state == TCP_CLOSE)
353 seq = ntohl(th->seq);
354 if (sk->sk_state != TCP_LISTEN &&
355 !between(seq, tp->snd_una, tp->snd_nxt)) {
356 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
362 if (type == ICMPV6_PKT_TOOBIG) {
363 struct dst_entry *dst = NULL;
365 if (sock_owned_by_user(sk))
367 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
370 /* icmp should have updated the destination cache entry */
371 dst = __sk_dst_check(sk, np->dst_cookie);
374 struct inet_sock *inet = inet_sk(sk);
377 /* BUGGG_FUTURE: Again, it is not clear how
378 to handle rthdr case. Ignore this complexity
381 memset(&fl, 0, sizeof(fl));
382 fl.proto = IPPROTO_TCP;
383 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
384 ipv6_addr_copy(&fl.fl6_src, &np->saddr);
385 fl.oif = sk->sk_bound_dev_if;
386 fl.mark = sk->sk_mark;
387 fl.fl_ip_dport = inet->inet_dport;
388 fl.fl_ip_sport = inet->inet_sport;
389 security_skb_classify_flow(skb, &fl);
391 if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
392 sk->sk_err_soft = -err;
396 if ((err = xfrm_lookup(net, &dst, &fl, sk, 0)) < 0) {
397 sk->sk_err_soft = -err;
404 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
405 tcp_sync_mss(sk, dst_mtu(dst));
406 tcp_simple_retransmit(sk);
407 } /* else let the usual retransmit timer handle it */
412 icmpv6_err_convert(type, code, &err);
414 /* Might be for an request_sock */
415 switch (sk->sk_state) {
416 struct request_sock *req, **prev;
418 if (sock_owned_by_user(sk))
421 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
422 &hdr->saddr, inet6_iif(skb));
426 /* ICMPs are not backlogged, hence we cannot get
427 * an established socket here.
429 WARN_ON(req->sk != NULL);
431 if (seq != tcp_rsk(req)->snt_isn) {
432 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
436 inet_csk_reqsk_queue_drop(sk, req, prev);
440 case TCP_SYN_RECV: /* Cannot happen.
441 It can, it SYNs are crossed. --ANK */
442 if (!sock_owned_by_user(sk)) {
444 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
448 sk->sk_err_soft = err;
452 if (!sock_owned_by_user(sk) && np->recverr) {
454 sk->sk_error_report(sk);
456 sk->sk_err_soft = err;
464 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
465 struct request_values *rvp)
467 struct inet6_request_sock *treq = inet6_rsk(req);
468 struct ipv6_pinfo *np = inet6_sk(sk);
469 struct sk_buff * skb;
470 struct ipv6_txoptions *opt = NULL;
471 struct in6_addr * final_p = NULL, final;
473 struct dst_entry *dst;
476 memset(&fl, 0, sizeof(fl));
477 fl.proto = IPPROTO_TCP;
478 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
479 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
480 fl.fl6_flowlabel = 0;
482 fl.mark = sk->sk_mark;
483 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
484 fl.fl_ip_sport = inet_rsk(req)->loc_port;
485 security_req_classify_flow(req, &fl);
488 if (opt && opt->srcrt) {
489 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
490 ipv6_addr_copy(&final, &fl.fl6_dst);
491 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
495 err = ip6_dst_lookup(sk, &dst, &fl);
499 ipv6_addr_copy(&fl.fl6_dst, final_p);
500 if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
503 skb = tcp_make_synack(sk, dst, req, rvp);
505 struct tcphdr *th = tcp_hdr(skb);
507 th->check = tcp_v6_check(skb->len,
508 &treq->loc_addr, &treq->rmt_addr,
509 csum_partial(th, skb->len, skb->csum));
511 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
512 err = ip6_xmit(sk, skb, &fl, opt, 0);
513 err = net_xmit_eval(err);
517 if (opt && opt != np->opt)
518 sock_kfree_s(sk, opt, opt->tot_len);
523 static int tcp_v6_rtx_synack(struct sock *sk, struct request_sock *req,
524 struct request_values *rvp)
526 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_RETRANSSEGS);
527 return tcp_v6_send_synack(sk, req, rvp);
530 static inline void syn_flood_warning(struct sk_buff *skb)
532 #ifdef CONFIG_SYN_COOKIES
533 if (sysctl_tcp_syncookies)
535 "TCPv6: Possible SYN flooding on port %d. "
536 "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest));
540 "TCPv6: Possible SYN flooding on port %d. "
541 "Dropping request.\n", ntohs(tcp_hdr(skb)->dest));
544 static void tcp_v6_reqsk_destructor(struct request_sock *req)
546 kfree_skb(inet6_rsk(req)->pktopts);
549 #ifdef CONFIG_TCP_MD5SIG
550 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
551 struct in6_addr *addr)
553 struct tcp_sock *tp = tcp_sk(sk);
558 if (!tp->md5sig_info || !tp->md5sig_info->entries6)
561 for (i = 0; i < tp->md5sig_info->entries6; i++) {
562 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr))
563 return &tp->md5sig_info->keys6[i].base;
568 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
569 struct sock *addr_sk)
571 return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
574 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
575 struct request_sock *req)
577 return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
580 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
581 char *newkey, u8 newkeylen)
583 /* Add key to the list */
584 struct tcp_md5sig_key *key;
585 struct tcp_sock *tp = tcp_sk(sk);
586 struct tcp6_md5sig_key *keys;
588 key = tcp_v6_md5_do_lookup(sk, peer);
590 /* modify existing entry - just update that one */
593 key->keylen = newkeylen;
595 /* reallocate new list if current one is full. */
596 if (!tp->md5sig_info) {
597 tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC);
598 if (!tp->md5sig_info) {
602 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
604 if (tcp_alloc_md5sig_pool(sk) == NULL) {
608 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) {
609 keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) *
610 (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
613 tcp_free_md5sig_pool();
618 if (tp->md5sig_info->entries6)
619 memmove(keys, tp->md5sig_info->keys6,
620 (sizeof (tp->md5sig_info->keys6[0]) *
621 tp->md5sig_info->entries6));
623 kfree(tp->md5sig_info->keys6);
624 tp->md5sig_info->keys6 = keys;
625 tp->md5sig_info->alloced6++;
628 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
630 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey;
631 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen;
633 tp->md5sig_info->entries6++;
638 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk,
639 u8 *newkey, __u8 newkeylen)
641 return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr,
645 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
647 struct tcp_sock *tp = tcp_sk(sk);
650 for (i = 0; i < tp->md5sig_info->entries6; i++) {
651 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) {
653 kfree(tp->md5sig_info->keys6[i].base.key);
654 tp->md5sig_info->entries6--;
656 if (tp->md5sig_info->entries6 == 0) {
657 kfree(tp->md5sig_info->keys6);
658 tp->md5sig_info->keys6 = NULL;
659 tp->md5sig_info->alloced6 = 0;
661 /* shrink the database */
662 if (tp->md5sig_info->entries6 != i)
663 memmove(&tp->md5sig_info->keys6[i],
664 &tp->md5sig_info->keys6[i+1],
665 (tp->md5sig_info->entries6 - i)
666 * sizeof (tp->md5sig_info->keys6[0]));
668 tcp_free_md5sig_pool();
675 static void tcp_v6_clear_md5_list (struct sock *sk)
677 struct tcp_sock *tp = tcp_sk(sk);
680 if (tp->md5sig_info->entries6) {
681 for (i = 0; i < tp->md5sig_info->entries6; i++)
682 kfree(tp->md5sig_info->keys6[i].base.key);
683 tp->md5sig_info->entries6 = 0;
684 tcp_free_md5sig_pool();
687 kfree(tp->md5sig_info->keys6);
688 tp->md5sig_info->keys6 = NULL;
689 tp->md5sig_info->alloced6 = 0;
691 if (tp->md5sig_info->entries4) {
692 for (i = 0; i < tp->md5sig_info->entries4; i++)
693 kfree(tp->md5sig_info->keys4[i].base.key);
694 tp->md5sig_info->entries4 = 0;
695 tcp_free_md5sig_pool();
698 kfree(tp->md5sig_info->keys4);
699 tp->md5sig_info->keys4 = NULL;
700 tp->md5sig_info->alloced4 = 0;
703 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
706 struct tcp_md5sig cmd;
707 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
710 if (optlen < sizeof(cmd))
713 if (copy_from_user(&cmd, optval, sizeof(cmd)))
716 if (sin6->sin6_family != AF_INET6)
719 if (!cmd.tcpm_keylen) {
720 if (!tcp_sk(sk)->md5sig_info)
722 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
723 return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
724 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr);
727 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
730 if (!tcp_sk(sk)->md5sig_info) {
731 struct tcp_sock *tp = tcp_sk(sk);
732 struct tcp_md5sig_info *p;
734 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL);
739 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
742 newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
745 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) {
746 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3],
747 newkey, cmd.tcpm_keylen);
749 return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
752 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
753 struct in6_addr *daddr,
754 struct in6_addr *saddr, int nbytes)
756 struct tcp6_pseudohdr *bp;
757 struct scatterlist sg;
759 bp = &hp->md5_blk.ip6;
760 /* 1. TCP pseudo-header (RFC2460) */
761 ipv6_addr_copy(&bp->saddr, saddr);
762 ipv6_addr_copy(&bp->daddr, daddr);
763 bp->protocol = cpu_to_be32(IPPROTO_TCP);
764 bp->len = cpu_to_be32(nbytes);
766 sg_init_one(&sg, bp, sizeof(*bp));
767 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
770 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
771 struct in6_addr *daddr, struct in6_addr *saddr,
774 struct tcp_md5sig_pool *hp;
775 struct hash_desc *desc;
777 hp = tcp_get_md5sig_pool();
779 goto clear_hash_noput;
780 desc = &hp->md5_desc;
782 if (crypto_hash_init(desc))
784 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
786 if (tcp_md5_hash_header(hp, th))
788 if (tcp_md5_hash_key(hp, key))
790 if (crypto_hash_final(desc, md5_hash))
793 tcp_put_md5sig_pool();
797 tcp_put_md5sig_pool();
799 memset(md5_hash, 0, 16);
803 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
804 struct sock *sk, struct request_sock *req,
807 struct in6_addr *saddr, *daddr;
808 struct tcp_md5sig_pool *hp;
809 struct hash_desc *desc;
810 struct tcphdr *th = tcp_hdr(skb);
813 saddr = &inet6_sk(sk)->saddr;
814 daddr = &inet6_sk(sk)->daddr;
816 saddr = &inet6_rsk(req)->loc_addr;
817 daddr = &inet6_rsk(req)->rmt_addr;
819 struct ipv6hdr *ip6h = ipv6_hdr(skb);
820 saddr = &ip6h->saddr;
821 daddr = &ip6h->daddr;
824 hp = tcp_get_md5sig_pool();
826 goto clear_hash_noput;
827 desc = &hp->md5_desc;
829 if (crypto_hash_init(desc))
832 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
834 if (tcp_md5_hash_header(hp, th))
836 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
838 if (tcp_md5_hash_key(hp, key))
840 if (crypto_hash_final(desc, md5_hash))
843 tcp_put_md5sig_pool();
847 tcp_put_md5sig_pool();
849 memset(md5_hash, 0, 16);
853 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
855 __u8 *hash_location = NULL;
856 struct tcp_md5sig_key *hash_expected;
857 struct ipv6hdr *ip6h = ipv6_hdr(skb);
858 struct tcphdr *th = tcp_hdr(skb);
862 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
863 hash_location = tcp_parse_md5sig_option(th);
865 /* We've parsed the options - do we have a hash? */
866 if (!hash_expected && !hash_location)
869 if (hash_expected && !hash_location) {
870 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
874 if (!hash_expected && hash_location) {
875 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
879 /* check the signature */
880 genhash = tcp_v6_md5_hash_skb(newhash,
884 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
885 if (net_ratelimit()) {
886 printk(KERN_INFO "MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
887 genhash ? "failed" : "mismatch",
888 &ip6h->saddr, ntohs(th->source),
889 &ip6h->daddr, ntohs(th->dest));
897 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
899 .obj_size = sizeof(struct tcp6_request_sock),
900 .rtx_syn_ack = tcp_v6_rtx_synack,
901 .send_ack = tcp_v6_reqsk_send_ack,
902 .destructor = tcp_v6_reqsk_destructor,
903 .send_reset = tcp_v6_send_reset,
904 .syn_ack_timeout = tcp_syn_ack_timeout,
907 #ifdef CONFIG_TCP_MD5SIG
908 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
909 .md5_lookup = tcp_v6_reqsk_md5_lookup,
910 .calc_md5_hash = tcp_v6_md5_hash_skb,
914 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
915 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
916 .twsk_unique = tcp_twsk_unique,
917 .twsk_destructor= tcp_twsk_destructor,
920 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb)
922 struct ipv6_pinfo *np = inet6_sk(sk);
923 struct tcphdr *th = tcp_hdr(skb);
925 if (skb->ip_summed == CHECKSUM_PARTIAL) {
926 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP, 0);
927 skb->csum_start = skb_transport_header(skb) - skb->head;
928 skb->csum_offset = offsetof(struct tcphdr, check);
930 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,
931 csum_partial(th, th->doff<<2,
936 static int tcp_v6_gso_send_check(struct sk_buff *skb)
938 struct ipv6hdr *ipv6h;
941 if (!pskb_may_pull(skb, sizeof(*th)))
944 ipv6h = ipv6_hdr(skb);
948 th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len,
950 skb->csum_start = skb_transport_header(skb) - skb->head;
951 skb->csum_offset = offsetof(struct tcphdr, check);
952 skb->ip_summed = CHECKSUM_PARTIAL;
956 static struct sk_buff **tcp6_gro_receive(struct sk_buff **head,
959 struct ipv6hdr *iph = skb_gro_network_header(skb);
961 switch (skb->ip_summed) {
962 case CHECKSUM_COMPLETE:
963 if (!tcp_v6_check(skb_gro_len(skb), &iph->saddr, &iph->daddr,
965 skb->ip_summed = CHECKSUM_UNNECESSARY;
971 NAPI_GRO_CB(skb)->flush = 1;
975 return tcp_gro_receive(head, skb);
978 static int tcp6_gro_complete(struct sk_buff *skb)
980 struct ipv6hdr *iph = ipv6_hdr(skb);
981 struct tcphdr *th = tcp_hdr(skb);
983 th->check = ~tcp_v6_check(skb->len - skb_transport_offset(skb),
984 &iph->saddr, &iph->daddr, 0);
985 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6;
987 return tcp_gro_complete(skb);
990 static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
991 u32 ts, struct tcp_md5sig_key *key, int rst)
993 struct tcphdr *th = tcp_hdr(skb), *t1;
994 struct sk_buff *buff;
996 struct net *net = dev_net(skb_dst(skb)->dev);
997 struct sock *ctl_sk = net->ipv6.tcp_sk;
998 unsigned int tot_len = sizeof(struct tcphdr);
999 struct dst_entry *dst;
1003 tot_len += TCPOLEN_TSTAMP_ALIGNED;
1004 #ifdef CONFIG_TCP_MD5SIG
1006 tot_len += TCPOLEN_MD5SIG_ALIGNED;
1009 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1014 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1016 t1 = (struct tcphdr *) skb_push(buff, tot_len);
1017 skb_reset_transport_header(skb);
1019 /* Swap the send and the receive. */
1020 memset(t1, 0, sizeof(*t1));
1021 t1->dest = th->source;
1022 t1->source = th->dest;
1023 t1->doff = tot_len / 4;
1024 t1->seq = htonl(seq);
1025 t1->ack_seq = htonl(ack);
1026 t1->ack = !rst || !th->ack;
1028 t1->window = htons(win);
1030 topt = (__be32 *)(t1 + 1);
1033 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1034 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
1035 *topt++ = htonl(tcp_time_stamp);
1036 *topt++ = htonl(ts);
1039 #ifdef CONFIG_TCP_MD5SIG
1041 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1042 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1043 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
1044 &ipv6_hdr(skb)->saddr,
1045 &ipv6_hdr(skb)->daddr, t1);
1049 buff->csum = csum_partial(t1, tot_len, 0);
1051 memset(&fl, 0, sizeof(fl));
1052 ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1053 ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr);
1055 t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1056 tot_len, IPPROTO_TCP,
1059 fl.proto = IPPROTO_TCP;
1060 fl.oif = inet6_iif(skb);
1061 fl.fl_ip_dport = t1->dest;
1062 fl.fl_ip_sport = t1->source;
1063 security_skb_classify_flow(skb, &fl);
1065 /* Pass a socket to ip6_dst_lookup either it is for RST
1066 * Underlying function will use this to retrieve the network
1069 if (!ip6_dst_lookup(ctl_sk, &dst, &fl)) {
1070 if (xfrm_lookup(net, &dst, &fl, NULL, 0) >= 0) {
1071 skb_dst_set(buff, dst);
1072 ip6_xmit(ctl_sk, buff, &fl, NULL, 0);
1073 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
1075 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
1083 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
1085 struct tcphdr *th = tcp_hdr(skb);
1086 u32 seq = 0, ack_seq = 0;
1087 struct tcp_md5sig_key *key = NULL;
1092 if (!ipv6_unicast_destination(skb))
1095 #ifdef CONFIG_TCP_MD5SIG
1097 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr);
1101 seq = ntohl(th->ack_seq);
1103 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
1106 tcp_v6_send_response(skb, seq, ack_seq, 0, 0, key, 1);
1109 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts,
1110 struct tcp_md5sig_key *key)
1112 tcp_v6_send_response(skb, seq, ack, win, ts, key, 0);
1115 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1117 struct inet_timewait_sock *tw = inet_twsk(sk);
1118 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1120 tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1121 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1122 tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw));
1127 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
1128 struct request_sock *req)
1130 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent,
1131 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr));
1135 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1137 struct request_sock *req, **prev;
1138 const struct tcphdr *th = tcp_hdr(skb);
1141 /* Find possible connection requests. */
1142 req = inet6_csk_search_req(sk, &prev, th->source,
1143 &ipv6_hdr(skb)->saddr,
1144 &ipv6_hdr(skb)->daddr, inet6_iif(skb));
1146 return tcp_check_req(sk, skb, req, prev);
1148 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
1149 &ipv6_hdr(skb)->saddr, th->source,
1150 &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb));
1153 if (nsk->sk_state != TCP_TIME_WAIT) {
1157 inet_twsk_put(inet_twsk(nsk));
1161 #ifdef CONFIG_SYN_COOKIES
1162 if (!th->rst && !th->syn && th->ack)
1163 sk = cookie_v6_check(sk, skb);
1168 /* FIXME: this is substantially similar to the ipv4 code.
1169 * Can some kind of merge be done? -- erics
1171 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1173 struct tcp_extend_values tmp_ext;
1174 struct tcp_options_received tmp_opt;
1176 struct request_sock *req;
1177 struct inet6_request_sock *treq;
1178 struct ipv6_pinfo *np = inet6_sk(sk);
1179 struct tcp_sock *tp = tcp_sk(sk);
1180 __u32 isn = TCP_SKB_CB(skb)->when;
1181 #ifdef CONFIG_SYN_COOKIES
1182 int want_cookie = 0;
1184 #define want_cookie 0
1187 if (skb->protocol == htons(ETH_P_IP))
1188 return tcp_v4_conn_request(sk, skb);
1190 if (!ipv6_unicast_destination(skb))
1193 if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1194 if (net_ratelimit())
1195 syn_flood_warning(skb);
1196 #ifdef CONFIG_SYN_COOKIES
1197 if (sysctl_tcp_syncookies)
1204 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1207 req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
1211 #ifdef CONFIG_TCP_MD5SIG
1212 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
1215 tcp_clear_options(&tmp_opt);
1216 tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1217 tmp_opt.user_mss = tp->rx_opt.user_mss;
1218 tcp_parse_options(skb, &tmp_opt, &hash_location, 0);
1220 if (tmp_opt.cookie_plus > 0 &&
1221 tmp_opt.saw_tstamp &&
1222 !tp->rx_opt.cookie_out_never &&
1223 (sysctl_tcp_cookie_size > 0 ||
1224 (tp->cookie_values != NULL &&
1225 tp->cookie_values->cookie_desired > 0))) {
1228 u32 *mess = &tmp_ext.cookie_bakery[COOKIE_DIGEST_WORDS];
1229 int l = tmp_opt.cookie_plus - TCPOLEN_COOKIE_BASE;
1231 if (tcp_cookie_generator(&tmp_ext.cookie_bakery[0]) != 0)
1234 /* Secret recipe starts with IP addresses */
1235 d = &ipv6_hdr(skb)->daddr.s6_addr32[0];
1240 d = &ipv6_hdr(skb)->saddr.s6_addr32[0];
1246 /* plus variable length Initiator Cookie */
1249 *c++ ^= *hash_location++;
1251 #ifdef CONFIG_SYN_COOKIES
1252 want_cookie = 0; /* not our kind of cookie */
1254 tmp_ext.cookie_out_never = 0; /* false */
1255 tmp_ext.cookie_plus = tmp_opt.cookie_plus;
1256 } else if (!tp->rx_opt.cookie_in_always) {
1257 /* redundant indications, but ensure initialization. */
1258 tmp_ext.cookie_out_never = 1; /* true */
1259 tmp_ext.cookie_plus = 0;
1263 tmp_ext.cookie_in_always = tp->rx_opt.cookie_in_always;
1265 if (want_cookie && !tmp_opt.saw_tstamp)
1266 tcp_clear_options(&tmp_opt);
1268 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1269 tcp_openreq_init(req, &tmp_opt, skb);
1271 treq = inet6_rsk(req);
1272 ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr);
1273 ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr);
1275 TCP_ECN_create_request(req, tcp_hdr(skb));
1278 isn = cookie_v6_init_sequence(sk, skb, &req->mss);
1279 req->cookie_ts = tmp_opt.tstamp_ok;
1281 if (ipv6_opt_accepted(sk, skb) ||
1282 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1283 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1284 atomic_inc(&skb->users);
1285 treq->pktopts = skb;
1287 treq->iif = sk->sk_bound_dev_if;
1289 /* So that link locals have meaning */
1290 if (!sk->sk_bound_dev_if &&
1291 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1292 treq->iif = inet6_iif(skb);
1294 isn = tcp_v6_init_sequence(skb);
1296 tcp_rsk(req)->snt_isn = isn;
1298 security_inet_conn_request(sk, skb, req);
1300 if (tcp_v6_send_synack(sk, req,
1301 (struct request_values *)&tmp_ext) ||
1305 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1311 return 0; /* don't send reset */
1314 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1315 struct request_sock *req,
1316 struct dst_entry *dst)
1318 struct inet6_request_sock *treq;
1319 struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1320 struct tcp6_sock *newtcp6sk;
1321 struct inet_sock *newinet;
1322 struct tcp_sock *newtp;
1324 struct ipv6_txoptions *opt;
1325 #ifdef CONFIG_TCP_MD5SIG
1326 struct tcp_md5sig_key *key;
1329 if (skb->protocol == htons(ETH_P_IP)) {
1334 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1339 newtcp6sk = (struct tcp6_sock *)newsk;
1340 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1342 newinet = inet_sk(newsk);
1343 newnp = inet6_sk(newsk);
1344 newtp = tcp_sk(newsk);
1346 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1348 ipv6_addr_set_v4mapped(newinet->inet_daddr, &newnp->daddr);
1350 ipv6_addr_set_v4mapped(newinet->inet_saddr, &newnp->saddr);
1352 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1354 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1355 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1356 #ifdef CONFIG_TCP_MD5SIG
1357 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1360 newnp->pktoptions = NULL;
1362 newnp->mcast_oif = inet6_iif(skb);
1363 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1366 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1367 * here, tcp_create_openreq_child now does this for us, see the comment in
1368 * that function for the gory details. -acme
1371 /* It is tricky place. Until this moment IPv4 tcp
1372 worked with IPv6 icsk.icsk_af_ops.
1375 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1380 treq = inet6_rsk(req);
1383 if (sk_acceptq_is_full(sk))
1387 struct in6_addr *final_p = NULL, final;
1390 memset(&fl, 0, sizeof(fl));
1391 fl.proto = IPPROTO_TCP;
1392 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
1393 if (opt && opt->srcrt) {
1394 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
1395 ipv6_addr_copy(&final, &fl.fl6_dst);
1396 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1399 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
1400 fl.oif = sk->sk_bound_dev_if;
1401 fl.mark = sk->sk_mark;
1402 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
1403 fl.fl_ip_sport = inet_rsk(req)->loc_port;
1404 security_req_classify_flow(req, &fl);
1406 if (ip6_dst_lookup(sk, &dst, &fl))
1410 ipv6_addr_copy(&fl.fl6_dst, final_p);
1412 if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
1416 newsk = tcp_create_openreq_child(sk, req, skb);
1421 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1422 * count here, tcp_create_openreq_child now does this for us, see the
1423 * comment in that function for the gory details. -acme
1426 newsk->sk_gso_type = SKB_GSO_TCPV6;
1427 __ip6_dst_store(newsk, dst, NULL, NULL);
1429 newtcp6sk = (struct tcp6_sock *)newsk;
1430 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1432 newtp = tcp_sk(newsk);
1433 newinet = inet_sk(newsk);
1434 newnp = inet6_sk(newsk);
1436 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1438 ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1439 ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1440 ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1441 newsk->sk_bound_dev_if = treq->iif;
1443 /* Now IPv6 options...
1445 First: no IPv4 options.
1447 newinet->opt = NULL;
1448 newnp->ipv6_fl_list = NULL;
1451 newnp->rxopt.all = np->rxopt.all;
1453 /* Clone pktoptions received with SYN */
1454 newnp->pktoptions = NULL;
1455 if (treq->pktopts != NULL) {
1456 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1457 kfree_skb(treq->pktopts);
1458 treq->pktopts = NULL;
1459 if (newnp->pktoptions)
1460 skb_set_owner_r(newnp->pktoptions, newsk);
1463 newnp->mcast_oif = inet6_iif(skb);
1464 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1466 /* Clone native IPv6 options from listening socket (if any)
1468 Yes, keeping reference count would be much more clever,
1469 but we make one more one thing there: reattach optmem
1473 newnp->opt = ipv6_dup_options(newsk, opt);
1475 sock_kfree_s(sk, opt, opt->tot_len);
1478 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1480 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1481 newnp->opt->opt_flen);
1483 tcp_mtup_init(newsk);
1484 tcp_sync_mss(newsk, dst_mtu(dst));
1485 newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1486 tcp_initialize_rcv_mss(newsk);
1488 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1489 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1491 #ifdef CONFIG_TCP_MD5SIG
1492 /* Copy over the MD5 key from the original socket */
1493 if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
1494 /* We're using one, so create a matching key
1495 * on the newsk structure. If we fail to get
1496 * memory, then we end up not copying the key
1499 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1501 tcp_v6_md5_do_add(newsk, &newnp->daddr,
1502 newkey, key->keylen);
1506 __inet6_hash(newsk, NULL);
1507 __inet_inherit_port(sk, newsk);
1512 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1514 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1515 if (opt && opt != np->opt)
1516 sock_kfree_s(sk, opt, opt->tot_len);
1521 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1523 if (skb->ip_summed == CHECKSUM_COMPLETE) {
1524 if (!tcp_v6_check(skb->len, &ipv6_hdr(skb)->saddr,
1525 &ipv6_hdr(skb)->daddr, skb->csum)) {
1526 skb->ip_summed = CHECKSUM_UNNECESSARY;
1531 skb->csum = ~csum_unfold(tcp_v6_check(skb->len,
1532 &ipv6_hdr(skb)->saddr,
1533 &ipv6_hdr(skb)->daddr, 0));
1535 if (skb->len <= 76) {
1536 return __skb_checksum_complete(skb);
1541 /* The socket must have it's spinlock held when we get
1544 * We have a potential double-lock case here, so even when
1545 * doing backlog processing we use the BH locking scheme.
1546 * This is because we cannot sleep with the original spinlock
1549 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1551 struct ipv6_pinfo *np = inet6_sk(sk);
1552 struct tcp_sock *tp;
1553 struct sk_buff *opt_skb = NULL;
1555 /* Imagine: socket is IPv6. IPv4 packet arrives,
1556 goes to IPv4 receive handler and backlogged.
1557 From backlog it always goes here. Kerboom...
1558 Fortunately, tcp_rcv_established and rcv_established
1559 handle them correctly, but it is not case with
1560 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1563 if (skb->protocol == htons(ETH_P_IP))
1564 return tcp_v4_do_rcv(sk, skb);
1566 #ifdef CONFIG_TCP_MD5SIG
1567 if (tcp_v6_inbound_md5_hash (sk, skb))
1571 if (sk_filter(sk, skb))
1575 * socket locking is here for SMP purposes as backlog rcv
1576 * is currently called with bh processing disabled.
1579 /* Do Stevens' IPV6_PKTOPTIONS.
1581 Yes, guys, it is the only place in our code, where we
1582 may make it not affecting IPv4.
1583 The rest of code is protocol independent,
1584 and I do not like idea to uglify IPv4.
1586 Actually, all the idea behind IPV6_PKTOPTIONS
1587 looks not very well thought. For now we latch
1588 options, received in the last packet, enqueued
1589 by tcp. Feel free to propose better solution.
1593 opt_skb = skb_clone(skb, GFP_ATOMIC);
1595 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1596 TCP_CHECK_TIMER(sk);
1597 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len))
1599 TCP_CHECK_TIMER(sk);
1601 goto ipv6_pktoptions;
1605 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1608 if (sk->sk_state == TCP_LISTEN) {
1609 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1614 * Queue it on the new socket if the new socket is active,
1615 * otherwise we just shortcircuit this and continue with
1619 if (tcp_child_process(sk, nsk, skb))
1622 __kfree_skb(opt_skb);
1627 TCP_CHECK_TIMER(sk);
1628 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1630 TCP_CHECK_TIMER(sk);
1632 goto ipv6_pktoptions;
1636 tcp_v6_send_reset(sk, skb);
1639 __kfree_skb(opt_skb);
1643 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1648 /* Do you ask, what is it?
1650 1. skb was enqueued by tcp.
1651 2. skb is added to tail of read queue, rather than out of order.
1652 3. socket is not in passive state.
1653 4. Finally, it really contains options, which user wants to receive.
1656 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1657 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1658 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1659 np->mcast_oif = inet6_iif(opt_skb);
1660 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1661 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1662 if (ipv6_opt_accepted(sk, opt_skb)) {
1663 skb_set_owner_r(opt_skb, sk);
1664 opt_skb = xchg(&np->pktoptions, opt_skb);
1666 __kfree_skb(opt_skb);
1667 opt_skb = xchg(&np->pktoptions, NULL);
1675 static int tcp_v6_rcv(struct sk_buff *skb)
1680 struct net *net = dev_net(skb->dev);
1682 if (skb->pkt_type != PACKET_HOST)
1686 * Count it even if it's bad.
1688 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1690 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1695 if (th->doff < sizeof(struct tcphdr)/4)
1697 if (!pskb_may_pull(skb, th->doff*4))
1700 if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb))
1704 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1705 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1706 skb->len - th->doff*4);
1707 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1708 TCP_SKB_CB(skb)->when = 0;
1709 TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb));
1710 TCP_SKB_CB(skb)->sacked = 0;
1712 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
1717 if (sk->sk_state == TCP_TIME_WAIT)
1720 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1721 goto discard_and_relse;
1723 if (sk_filter(sk, skb))
1724 goto discard_and_relse;
1728 bh_lock_sock_nested(sk);
1730 if (!sock_owned_by_user(sk)) {
1731 #ifdef CONFIG_NET_DMA
1732 struct tcp_sock *tp = tcp_sk(sk);
1733 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1734 tp->ucopy.dma_chan = dma_find_channel(DMA_MEMCPY);
1735 if (tp->ucopy.dma_chan)
1736 ret = tcp_v6_do_rcv(sk, skb);
1740 if (!tcp_prequeue(sk, skb))
1741 ret = tcp_v6_do_rcv(sk, skb);
1744 sk_add_backlog(sk, skb);
1748 return ret ? -1 : 0;
1751 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1754 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1756 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1758 tcp_v6_send_reset(NULL, skb);
1775 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1776 inet_twsk_put(inet_twsk(sk));
1780 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1781 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1782 inet_twsk_put(inet_twsk(sk));
1786 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1791 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1792 &ipv6_hdr(skb)->daddr,
1793 ntohs(th->dest), inet6_iif(skb));
1795 struct inet_timewait_sock *tw = inet_twsk(sk);
1796 inet_twsk_deschedule(tw, &tcp_death_row);
1801 /* Fall through to ACK */
1804 tcp_v6_timewait_ack(sk, skb);
1808 case TCP_TW_SUCCESS:;
1813 static int tcp_v6_remember_stamp(struct sock *sk)
1815 /* Alas, not yet... */
1819 static const struct inet_connection_sock_af_ops ipv6_specific = {
1820 .queue_xmit = inet6_csk_xmit,
1821 .send_check = tcp_v6_send_check,
1822 .rebuild_header = inet6_sk_rebuild_header,
1823 .conn_request = tcp_v6_conn_request,
1824 .syn_recv_sock = tcp_v6_syn_recv_sock,
1825 .remember_stamp = tcp_v6_remember_stamp,
1826 .net_header_len = sizeof(struct ipv6hdr),
1827 .setsockopt = ipv6_setsockopt,
1828 .getsockopt = ipv6_getsockopt,
1829 .addr2sockaddr = inet6_csk_addr2sockaddr,
1830 .sockaddr_len = sizeof(struct sockaddr_in6),
1831 .bind_conflict = inet6_csk_bind_conflict,
1832 #ifdef CONFIG_COMPAT
1833 .compat_setsockopt = compat_ipv6_setsockopt,
1834 .compat_getsockopt = compat_ipv6_getsockopt,
1838 #ifdef CONFIG_TCP_MD5SIG
1839 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1840 .md5_lookup = tcp_v6_md5_lookup,
1841 .calc_md5_hash = tcp_v6_md5_hash_skb,
1842 .md5_add = tcp_v6_md5_add_func,
1843 .md5_parse = tcp_v6_parse_md5_keys,
1848 * TCP over IPv4 via INET6 API
1851 static const struct inet_connection_sock_af_ops ipv6_mapped = {
1852 .queue_xmit = ip_queue_xmit,
1853 .send_check = tcp_v4_send_check,
1854 .rebuild_header = inet_sk_rebuild_header,
1855 .conn_request = tcp_v6_conn_request,
1856 .syn_recv_sock = tcp_v6_syn_recv_sock,
1857 .remember_stamp = tcp_v4_remember_stamp,
1858 .net_header_len = sizeof(struct iphdr),
1859 .setsockopt = ipv6_setsockopt,
1860 .getsockopt = ipv6_getsockopt,
1861 .addr2sockaddr = inet6_csk_addr2sockaddr,
1862 .sockaddr_len = sizeof(struct sockaddr_in6),
1863 .bind_conflict = inet6_csk_bind_conflict,
1864 #ifdef CONFIG_COMPAT
1865 .compat_setsockopt = compat_ipv6_setsockopt,
1866 .compat_getsockopt = compat_ipv6_getsockopt,
1870 #ifdef CONFIG_TCP_MD5SIG
1871 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1872 .md5_lookup = tcp_v4_md5_lookup,
1873 .calc_md5_hash = tcp_v4_md5_hash_skb,
1874 .md5_add = tcp_v6_md5_add_func,
1875 .md5_parse = tcp_v6_parse_md5_keys,
1879 /* NOTE: A lot of things set to zero explicitly by call to
1880 * sk_alloc() so need not be done here.
1882 static int tcp_v6_init_sock(struct sock *sk)
1884 struct inet_connection_sock *icsk = inet_csk(sk);
1885 struct tcp_sock *tp = tcp_sk(sk);
1887 skb_queue_head_init(&tp->out_of_order_queue);
1888 tcp_init_xmit_timers(sk);
1889 tcp_prequeue_init(tp);
1891 icsk->icsk_rto = TCP_TIMEOUT_INIT;
1892 tp->mdev = TCP_TIMEOUT_INIT;
1894 /* So many TCP implementations out there (incorrectly) count the
1895 * initial SYN frame in their delayed-ACK and congestion control
1896 * algorithms that we must have the following bandaid to talk
1897 * efficiently to them. -DaveM
1901 /* See draft-stevens-tcpca-spec-01 for discussion of the
1902 * initialization of these values.
1904 tp->snd_ssthresh = TCP_INFINITE_SSTHRESH;
1905 tp->snd_cwnd_clamp = ~0;
1906 tp->mss_cache = TCP_MSS_DEFAULT;
1908 tp->reordering = sysctl_tcp_reordering;
1910 sk->sk_state = TCP_CLOSE;
1912 icsk->icsk_af_ops = &ipv6_specific;
1913 icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1914 icsk->icsk_sync_mss = tcp_sync_mss;
1915 sk->sk_write_space = sk_stream_write_space;
1916 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1918 #ifdef CONFIG_TCP_MD5SIG
1919 tp->af_specific = &tcp_sock_ipv6_specific;
1922 /* TCP Cookie Transactions */
1923 if (sysctl_tcp_cookie_size > 0) {
1924 /* Default, cookies without s_data_payload. */
1926 kzalloc(sizeof(*tp->cookie_values),
1928 if (tp->cookie_values != NULL)
1929 kref_init(&tp->cookie_values->kref);
1931 /* Presumed zeroed, in order of appearance:
1932 * cookie_in_always, cookie_out_never,
1933 * s_data_constant, s_data_in, s_data_out
1935 sk->sk_sndbuf = sysctl_tcp_wmem[1];
1936 sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1939 percpu_counter_inc(&tcp_sockets_allocated);
1945 static void tcp_v6_destroy_sock(struct sock *sk)
1947 #ifdef CONFIG_TCP_MD5SIG
1948 /* Clean up the MD5 key list */
1949 if (tcp_sk(sk)->md5sig_info)
1950 tcp_v6_clear_md5_list(sk);
1952 tcp_v4_destroy_sock(sk);
1953 inet6_destroy_sock(sk);
1956 #ifdef CONFIG_PROC_FS
1957 /* Proc filesystem TCPv6 sock list dumping. */
1958 static void get_openreq6(struct seq_file *seq,
1959 struct sock *sk, struct request_sock *req, int i, int uid)
1961 int ttd = req->expires - jiffies;
1962 struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1963 struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1969 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1970 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1972 src->s6_addr32[0], src->s6_addr32[1],
1973 src->s6_addr32[2], src->s6_addr32[3],
1974 ntohs(inet_rsk(req)->loc_port),
1975 dest->s6_addr32[0], dest->s6_addr32[1],
1976 dest->s6_addr32[2], dest->s6_addr32[3],
1977 ntohs(inet_rsk(req)->rmt_port),
1979 0,0, /* could print option size, but that is af dependent. */
1980 1, /* timers active (only the expire timer) */
1981 jiffies_to_clock_t(ttd),
1984 0, /* non standard timer */
1985 0, /* open_requests have no inode */
1989 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1991 struct in6_addr *dest, *src;
1994 unsigned long timer_expires;
1995 struct inet_sock *inet = inet_sk(sp);
1996 struct tcp_sock *tp = tcp_sk(sp);
1997 const struct inet_connection_sock *icsk = inet_csk(sp);
1998 struct ipv6_pinfo *np = inet6_sk(sp);
2001 src = &np->rcv_saddr;
2002 destp = ntohs(inet->inet_dport);
2003 srcp = ntohs(inet->inet_sport);
2005 if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
2007 timer_expires = icsk->icsk_timeout;
2008 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2010 timer_expires = icsk->icsk_timeout;
2011 } else if (timer_pending(&sp->sk_timer)) {
2013 timer_expires = sp->sk_timer.expires;
2016 timer_expires = jiffies;
2020 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2021 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %lu %lu %u %u %d\n",
2023 src->s6_addr32[0], src->s6_addr32[1],
2024 src->s6_addr32[2], src->s6_addr32[3], srcp,
2025 dest->s6_addr32[0], dest->s6_addr32[1],
2026 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2028 tp->write_seq-tp->snd_una,
2029 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
2031 jiffies_to_clock_t(timer_expires - jiffies),
2032 icsk->icsk_retransmits,
2034 icsk->icsk_probes_out,
2036 atomic_read(&sp->sk_refcnt), sp,
2037 jiffies_to_clock_t(icsk->icsk_rto),
2038 jiffies_to_clock_t(icsk->icsk_ack.ato),
2039 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
2041 tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh
2045 static void get_timewait6_sock(struct seq_file *seq,
2046 struct inet_timewait_sock *tw, int i)
2048 struct in6_addr *dest, *src;
2050 struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
2051 int ttd = tw->tw_ttd - jiffies;
2056 dest = &tw6->tw_v6_daddr;
2057 src = &tw6->tw_v6_rcv_saddr;
2058 destp = ntohs(tw->tw_dport);
2059 srcp = ntohs(tw->tw_sport);
2062 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2063 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
2065 src->s6_addr32[0], src->s6_addr32[1],
2066 src->s6_addr32[2], src->s6_addr32[3], srcp,
2067 dest->s6_addr32[0], dest->s6_addr32[1],
2068 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2069 tw->tw_substate, 0, 0,
2070 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2071 atomic_read(&tw->tw_refcnt), tw);
2074 static int tcp6_seq_show(struct seq_file *seq, void *v)
2076 struct tcp_iter_state *st;
2078 if (v == SEQ_START_TOKEN) {
2083 "st tx_queue rx_queue tr tm->when retrnsmt"
2084 " uid timeout inode\n");
2089 switch (st->state) {
2090 case TCP_SEQ_STATE_LISTENING:
2091 case TCP_SEQ_STATE_ESTABLISHED:
2092 get_tcp6_sock(seq, v, st->num);
2094 case TCP_SEQ_STATE_OPENREQ:
2095 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
2097 case TCP_SEQ_STATE_TIME_WAIT:
2098 get_timewait6_sock(seq, v, st->num);
2105 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2109 .owner = THIS_MODULE,
2112 .show = tcp6_seq_show,
2116 int __net_init tcp6_proc_init(struct net *net)
2118 return tcp_proc_register(net, &tcp6_seq_afinfo);
2121 void tcp6_proc_exit(struct net *net)
2123 tcp_proc_unregister(net, &tcp6_seq_afinfo);
2127 struct proto tcpv6_prot = {
2129 .owner = THIS_MODULE,
2131 .connect = tcp_v6_connect,
2132 .disconnect = tcp_disconnect,
2133 .accept = inet_csk_accept,
2135 .init = tcp_v6_init_sock,
2136 .destroy = tcp_v6_destroy_sock,
2137 .shutdown = tcp_shutdown,
2138 .setsockopt = tcp_setsockopt,
2139 .getsockopt = tcp_getsockopt,
2140 .recvmsg = tcp_recvmsg,
2141 .backlog_rcv = tcp_v6_do_rcv,
2142 .hash = tcp_v6_hash,
2143 .unhash = inet_unhash,
2144 .get_port = inet_csk_get_port,
2145 .enter_memory_pressure = tcp_enter_memory_pressure,
2146 .sockets_allocated = &tcp_sockets_allocated,
2147 .memory_allocated = &tcp_memory_allocated,
2148 .memory_pressure = &tcp_memory_pressure,
2149 .orphan_count = &tcp_orphan_count,
2150 .sysctl_mem = sysctl_tcp_mem,
2151 .sysctl_wmem = sysctl_tcp_wmem,
2152 .sysctl_rmem = sysctl_tcp_rmem,
2153 .max_header = MAX_TCP_HEADER,
2154 .obj_size = sizeof(struct tcp6_sock),
2155 .slab_flags = SLAB_DESTROY_BY_RCU,
2156 .twsk_prot = &tcp6_timewait_sock_ops,
2157 .rsk_prot = &tcp6_request_sock_ops,
2158 .h.hashinfo = &tcp_hashinfo,
2159 #ifdef CONFIG_COMPAT
2160 .compat_setsockopt = compat_tcp_setsockopt,
2161 .compat_getsockopt = compat_tcp_getsockopt,
2165 static const struct inet6_protocol tcpv6_protocol = {
2166 .handler = tcp_v6_rcv,
2167 .err_handler = tcp_v6_err,
2168 .gso_send_check = tcp_v6_gso_send_check,
2169 .gso_segment = tcp_tso_segment,
2170 .gro_receive = tcp6_gro_receive,
2171 .gro_complete = tcp6_gro_complete,
2172 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2175 static struct inet_protosw tcpv6_protosw = {
2176 .type = SOCK_STREAM,
2177 .protocol = IPPROTO_TCP,
2178 .prot = &tcpv6_prot,
2179 .ops = &inet6_stream_ops,
2181 .flags = INET_PROTOSW_PERMANENT |
2185 static int __net_init tcpv6_net_init(struct net *net)
2187 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2188 SOCK_RAW, IPPROTO_TCP, net);
2191 static void __net_exit tcpv6_net_exit(struct net *net)
2193 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
2196 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
2198 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET6);
2201 static struct pernet_operations tcpv6_net_ops = {
2202 .init = tcpv6_net_init,
2203 .exit = tcpv6_net_exit,
2204 .exit_batch = tcpv6_net_exit_batch,
2207 int __init tcpv6_init(void)
2211 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2215 /* register inet6 protocol */
2216 ret = inet6_register_protosw(&tcpv6_protosw);
2218 goto out_tcpv6_protocol;
2220 ret = register_pernet_subsys(&tcpv6_net_ops);
2222 goto out_tcpv6_protosw;
2227 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2229 inet6_unregister_protosw(&tcpv6_protosw);
2233 void tcpv6_exit(void)
2235 unregister_pernet_subsys(&tcpv6_net_ops);
2236 inet6_unregister_protosw(&tcpv6_protosw);
2237 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob