]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - net/ipv6/tcp_ipv6.c
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'net-bridge-add-per-vlan-state-option'
[mirror_ubuntu-jammy-kernel.git] / net / ipv6 / tcp_ipv6.c
CommitLineData
2874c5fd 1// SPDX-License-Identifier: GPL-2.0-or-later
1da177e4
LT		 2/*
3 * TCP over IPv6
1ab1457c 4 * Linux INET6 implementation
1da177e4
LT		 5 *
6 * Authors:
1ab1457c 7 * Pedro Roque <roque@di.fc.ul.pt>
1da177e4 8 *
1ab1457c 9 * Based on:
1da177e4
LT		 10 * linux/net/ipv4/tcp.c
11 * linux/net/ipv4/tcp_input.c
12 * linux/net/ipv4/tcp_output.c
13 *
14 * Fixes:
15 * Hideaki YOSHIFUJI : sin6_scope_id support
16 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
17 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
18 * a single port at the same time.
19 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
1da177e4
LT		 20 */
21
eb4dea58 22#include <linux/bottom_half.h>
1da177e4 23#include <linux/module.h>
1da177e4
LT		 24#include <linux/errno.h>
25#include <linux/types.h>
26#include <linux/socket.h>
27#include <linux/sockios.h>
28#include <linux/net.h>
29#include <linux/jiffies.h>
30#include <linux/in.h>
31#include <linux/in6.h>
32#include <linux/netdevice.h>
33#include <linux/init.h>
34#include <linux/jhash.h>
35#include <linux/ipsec.h>
36#include <linux/times.h>
5a0e3ad6 37#include <linux/slab.h>
4aa956d8 38#include <linux/uaccess.h>
1da177e4
LT		 39#include <linux/ipv6.h>
40#include <linux/icmpv6.h>
41#include <linux/random.h>
0e219ae4 42#include <linux/indirect_call_wrapper.h>
1da177e4
LT		 43
44#include <net/tcp.h>
45#include <net/ndisc.h>
5324a040 46#include <net/inet6_hashtables.h>
8129765a 47#include <net/inet6_connection_sock.h>
1da177e4
LT		 48#include <net/ipv6.h>
49#include <net/transp_v6.h>
50#include <net/addrconf.h>
51#include <net/ip6_route.h>
52#include <net/ip6_checksum.h>
53#include <net/inet_ecn.h>
54#include <net/protocol.h>
55#include <net/xfrm.h>
1da177e4
LT		 56#include <net/snmp.h>
57#include <net/dsfield.h>
6d6ee43e 58#include <net/timewait_sock.h>
3d58b5fa 59#include <net/inet_common.h>
6e5714ea 60#include <net/secure_seq.h>
076bb0c8 61#include <net/busy_poll.h>
1da177e4 62
1da177e4
LT		 63#include <linux/proc_fs.h>
64#include <linux/seq_file.h>
65
cf80e0e4 66#include <crypto/hash.h>
cfb6eeb4
YH		 67#include <linux/scatterlist.h>
68
c24b14c4
SL		 69#include <trace/events/tcp.h>
70
a00e7444
ED		 71static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb);
72static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
6edafaaf 73 struct request_sock *req);
1da177e4
LT		 74
75static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
1da177e4 76
3b401a81 77static const struct inet_connection_sock_af_ops ipv6_mapped;
35b2c321 78const struct inet_connection_sock_af_ops ipv6_specific;
a928630a 79#ifdef CONFIG_TCP_MD5SIG
b2e4b3de
SH		 80static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
81static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
9501f972 82#else
51723935 83static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
dea53bb8
DA		 84 const struct in6_addr *addr,
85 int l3index)
9501f972
YH		 86{
87 return NULL;
88}
a928630a 89#endif
1da177e4 90
93a77c11
ED		 91/* Helper returning the inet6 address from a given tcp socket.
92 * It can be used in TCP stack instead of inet6_sk(sk).
93 * This avoids a dereference and allow compiler optimizations.
f5d54767 94 * It is a specialized version of inet6_sk_generic().
93a77c11
ED		 95 */
96static struct ipv6_pinfo *tcp_inet6_sk(const struct sock *sk)
97{
f5d54767 98 unsigned int offset = sizeof(struct tcp6_sock) - sizeof(struct ipv6_pinfo);
93a77c11 99
f5d54767 100 return (struct ipv6_pinfo *)(((u8 *)sk) + offset);
93a77c11
ED		 101}
102
fae6ef87
NC		 103static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
104{
105 struct dst_entry *dst = skb_dst(skb);
fae6ef87 106
5037e9ef 107 if (dst && dst_hold_safe(dst)) {
ca777eff
ED		 108 const struct rt6_info *rt = (const struct rt6_info *)dst;
109
ca777eff
ED		 110 sk->sk_rx_dst = dst;
111 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
93a77c11 112 tcp_inet6_sk(sk)->rx_dst_cookie = rt6_get_cookie(rt);
ca777eff 113 }
fae6ef87
NC		 114}
115
84b114b9 116static u32 tcp_v6_init_seq(const struct sk_buff *skb)
1da177e4 117{
84b114b9
ED		 118 return secure_tcpv6_seq(ipv6_hdr(skb)->daddr.s6_addr32,
119 ipv6_hdr(skb)->saddr.s6_addr32,
120 tcp_hdr(skb)->dest,
121 tcp_hdr(skb)->source);
122}
123
5d2ed052 124static u32 tcp_v6_init_ts_off(const struct net *net, const struct sk_buff *skb)
84b114b9 125{
5d2ed052 126 return secure_tcpv6_ts_off(net, ipv6_hdr(skb)->daddr.s6_addr32,
84b114b9 127 ipv6_hdr(skb)->saddr.s6_addr32);
1da177e4
LT		 128}
129
d74bad4e
AI		 130static int tcp_v6_pre_connect(struct sock *sk, struct sockaddr *uaddr,
131 int addr_len)
132{
133 /* This check is replicated from tcp_v6_connect() and intended to
134 * prevent BPF program called below from accessing bytes that are out
135 * of the bound specified by user in addr_len.
136 */
137 if (addr_len < SIN6_LEN_RFC2133)
138 return -EINVAL;
139
140 sock_owned_by_me(sk);
141
142 return BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr);
143}
144
1ab1457c 145static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
1da177e4
LT		 146 int addr_len)
147{
148 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
1ab1457c 149 struct inet_sock *inet = inet_sk(sk);
d83d8461 150 struct inet_connection_sock *icsk = inet_csk(sk);
93a77c11 151 struct ipv6_pinfo *np = tcp_inet6_sk(sk);
1da177e4 152 struct tcp_sock *tp = tcp_sk(sk);
20c59de2 153 struct in6_addr *saddr = NULL, *final_p, final;
45f6fad8 154 struct ipv6_txoptions *opt;
4c9483b2 155 struct flowi6 fl6;
1da177e4
LT		 156 struct dst_entry *dst;
157 int addr_type;
158 int err;
1946e672 159 struct inet_timewait_death_row *tcp_death_row = &sock_net(sk)->ipv4.tcp_death_row;
1da177e4 160
1ab1457c 161 if (addr_len < SIN6_LEN_RFC2133)
1da177e4
LT		 162 return -EINVAL;
163
1ab1457c 164 if (usin->sin6_family != AF_INET6)
a02cec21 165 return -EAFNOSUPPORT;
1da177e4 166
4c9483b2 167 memset(&fl6, 0, sizeof(fl6));
1da177e4
LT		 168
169 if (np->sndflow) {
4c9483b2
DM		 170 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
171 IP6_ECN_flow_init(fl6.flowlabel);
172 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
1da177e4 173 struct ip6_flowlabel *flowlabel;
4c9483b2 174 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
59c820b2 175 if (IS_ERR(flowlabel))
1da177e4 176 return -EINVAL;
1da177e4
LT		 177 fl6_sock_release(flowlabel);
178 }
179 }
180
181 /*
1ab1457c
YH		 182 * connect() to INADDR_ANY means loopback (BSD'ism).
183 */
184
052d2369
JL		 185 if (ipv6_addr_any(&usin->sin6_addr)) {
186 if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr))
187 ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK),
188 &usin->sin6_addr);
189 else
190 usin->sin6_addr = in6addr_loopback;
191 }
1da177e4
LT		 192
193 addr_type = ipv6_addr_type(&usin->sin6_addr);
194
4c99aa40 195 if (addr_type & IPV6_ADDR_MULTICAST)
1da177e4
LT		 196 return -ENETUNREACH;
197
198 if (addr_type&IPV6_ADDR_LINKLOCAL) {
199 if (addr_len >= sizeof(struct sockaddr_in6) &&
200 usin->sin6_scope_id) {
201 /* If interface is set while binding, indices
202 * must coincide.
203 */
54dc3e33 204 if (!sk_dev_equal_l3scope(sk, usin->sin6_scope_id))
1da177e4
LT		 205 return -EINVAL;
206
207 sk->sk_bound_dev_if = usin->sin6_scope_id;
208 }
209
210 /* Connect to link-local address requires an interface */
211 if (!sk->sk_bound_dev_if)
212 return -EINVAL;
213 }
214
215 if (tp->rx_opt.ts_recent_stamp &&
efe4208f 216 !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
1da177e4
LT		 217 tp->rx_opt.ts_recent = 0;
218 tp->rx_opt.ts_recent_stamp = 0;
0f317464 219 WRITE_ONCE(tp->write_seq, 0);
1da177e4
LT		 220 }
221
efe4208f 222 sk->sk_v6_daddr = usin->sin6_addr;
4c9483b2 223 np->flow_label = fl6.flowlabel;
1da177e4
LT		 224
225 /*
226 * TCP over IPv4
227 */
228
052d2369 229 if (addr_type & IPV6_ADDR_MAPPED) {
d83d8461 230 u32 exthdrlen = icsk->icsk_ext_hdr_len;
1da177e4
LT		 231 struct sockaddr_in sin;
232
1da177e4
LT		 233 if (__ipv6_only_sock(sk))
234 return -ENETUNREACH;
235
236 sin.sin_family = AF_INET;
237 sin.sin_port = usin->sin6_port;
238 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
239
d83d8461 240 icsk->icsk_af_ops = &ipv6_mapped;
1da177e4 241 sk->sk_backlog_rcv = tcp_v4_do_rcv;
cfb6eeb4
YH		 242#ifdef CONFIG_TCP_MD5SIG
243 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
244#endif
1da177e4
LT		 245
246 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
247
248 if (err) {
d83d8461
ACM		 249 icsk->icsk_ext_hdr_len = exthdrlen;
250 icsk->icsk_af_ops = &ipv6_specific;
1da177e4 251 sk->sk_backlog_rcv = tcp_v6_do_rcv;
cfb6eeb4
YH		 252#ifdef CONFIG_TCP_MD5SIG
253 tp->af_specific = &tcp_sock_ipv6_specific;
254#endif
1da177e4 255 goto failure;
1da177e4 256 }
d1e559d0 257 np->saddr = sk->sk_v6_rcv_saddr;
1da177e4
LT		 258
259 return err;
260 }
261
efe4208f
ED		 262 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
263 saddr = &sk->sk_v6_rcv_saddr;
1da177e4 264
4c9483b2 265 fl6.flowi6_proto = IPPROTO_TCP;
efe4208f 266 fl6.daddr = sk->sk_v6_daddr;
4e3fd7a0 267 fl6.saddr = saddr ? *saddr : np->saddr;
4c9483b2
DM		 268 fl6.flowi6_oif = sk->sk_bound_dev_if;
269 fl6.flowi6_mark = sk->sk_mark;
1958b856
DM		 270 fl6.fl6_dport = usin->sin6_port;
271 fl6.fl6_sport = inet->inet_sport;
e2d118a1 272 fl6.flowi6_uid = sk->sk_uid;
1da177e4 273
1e1d04e6 274 opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
45f6fad8 275 final_p = fl6_update_dst(&fl6, opt, &final);
1da177e4 276
4c9483b2 277 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
beb8d13b 278
c4e85f73 279 dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
68d0c6d3
DM		 280 if (IS_ERR(dst)) {
281 err = PTR_ERR(dst);
1da177e4 282 goto failure;
14e50e57 283 }
1da177e4 284
63159f29 285 if (!saddr) {
4c9483b2 286 saddr = &fl6.saddr;
efe4208f 287 sk->sk_v6_rcv_saddr = *saddr;
1da177e4
LT		 288 }
289
290 /* set the source address */
4e3fd7a0 291 np->saddr = *saddr;
c720c7e8 292 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
1da177e4 293
f83ef8c0 294 sk->sk_gso_type = SKB_GSO_TCPV6;
6bd4f355 295 ip6_dst_store(sk, dst, NULL, NULL);
1da177e4 296
d83d8461 297 icsk->icsk_ext_hdr_len = 0;
45f6fad8
ED		 298 if (opt)
299 icsk->icsk_ext_hdr_len = opt->opt_flen +
300 opt->opt_nflen;
1da177e4
LT		 301
302 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
303
c720c7e8 304 inet->inet_dport = usin->sin6_port;
1da177e4
LT		 305
306 tcp_set_state(sk, TCP_SYN_SENT);
1946e672 307 err = inet6_hash_connect(tcp_death_row, sk);
1da177e4
LT		 308 if (err)
309 goto late_failure;
310
877d1f62 311 sk_set_txhash(sk);
9e7ceb06 312
00355fa5 313 if (likely(!tp->repair)) {
00355fa5 314 if (!tp->write_seq)
0f317464
ED		 315 WRITE_ONCE(tp->write_seq,
316 secure_tcpv6_seq(np->saddr.s6_addr32,
317 sk->sk_v6_daddr.s6_addr32,
318 inet->inet_sport,
319 inet->inet_dport));
5d2ed052
ED		 320 tp->tsoffset = secure_tcpv6_ts_off(sock_net(sk),
321 np->saddr.s6_addr32,
84b114b9 322 sk->sk_v6_daddr.s6_addr32);
00355fa5 323 }
1da177e4 324
19f6d3f3
WW		 325 if (tcp_fastopen_defer_connect(sk, &err))
326 return err;
327 if (err)
328 goto late_failure;
329
1da177e4
LT		 330 err = tcp_connect(sk);
331 if (err)
332 goto late_failure;
333
334 return 0;
335
336late_failure:
337 tcp_set_state(sk, TCP_CLOSE);
1da177e4 338failure:
c720c7e8 339 inet->inet_dport = 0;
1da177e4
LT		 340 sk->sk_route_caps = 0;
341 return err;
342}
343
563d34d0
ED		 344static void tcp_v6_mtu_reduced(struct sock *sk)
345{
346 struct dst_entry *dst;
347
348 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
349 return;
350
351 dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info);
352 if (!dst)
353 return;
354
355 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
356 tcp_sync_mss(sk, dst_mtu(dst));
357 tcp_simple_retransmit(sk);
358 }
359}
360
32bbd879 361static int tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
d5fdd6ba 362 u8 type, u8 code, int offset, __be32 info)
1da177e4 363{
4c99aa40 364 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
505cbfc5 365 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
2215089b
ED		 366 struct net *net = dev_net(skb->dev);
367 struct request_sock *fastopen;
1da177e4 368 struct ipv6_pinfo *np;
1ab1457c 369 struct tcp_sock *tp;
0a672f74 370 __u32 seq, snd_una;
2215089b 371 struct sock *sk;
9cf74903 372 bool fatal;
2215089b 373 int err;
1da177e4 374
2215089b
ED		 375 sk = __inet6_lookup_established(net, &tcp_hashinfo,
376 &hdr->daddr, th->dest,
377 &hdr->saddr, ntohs(th->source),
4297a0ef 378 skb->dev->ifindex, inet6_sdif(skb));
1da177e4 379
2215089b 380 if (!sk) {
a16292a0
ED		 381 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev),
382 ICMP6_MIB_INERRORS);
32bbd879 383 return -ENOENT;
1da177e4
LT		 384 }
385
386 if (sk->sk_state == TCP_TIME_WAIT) {
9469c7b4 387 inet_twsk_put(inet_twsk(sk));
32bbd879 388 return 0;
1da177e4 389 }
2215089b 390 seq = ntohl(th->seq);
9cf74903 391 fatal = icmpv6_err_convert(type, code, &err);
32bbd879
SB		 392 if (sk->sk_state == TCP_NEW_SYN_RECV) {
393 tcp_req_err(sk, seq, fatal);
394 return 0;
395 }
1da177e4
LT		 396
397 bh_lock_sock(sk);
563d34d0 398 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
02a1d6e7 399 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS);
1da177e4
LT		 400
401 if (sk->sk_state == TCP_CLOSE)
402 goto out;
403
93a77c11 404 if (ipv6_hdr(skb)->hop_limit < tcp_inet6_sk(sk)->min_hopcount) {
02a1d6e7 405 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
e802af9c
SH		 406 goto out;
407 }
408
1da177e4 409 tp = tcp_sk(sk);
0a672f74 410 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
d983ea6f 411 fastopen = rcu_dereference(tp->fastopen_rsk);
0a672f74 412 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
1da177e4 413 if (sk->sk_state != TCP_LISTEN &&
0a672f74 414 !between(seq, snd_una, tp->snd_nxt)) {
02a1d6e7 415 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
1da177e4
LT		 416 goto out;
417 }
418
93a77c11 419 np = tcp_inet6_sk(sk);
1da177e4 420
ec18d9a2 421 if (type == NDISC_REDIRECT) {
45caeaa5
JM		 422 if (!sock_owned_by_user(sk)) {
423 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
ec18d9a2 424
45caeaa5
JM		 425 if (dst)
426 dst->ops->redirect(dst, sk, skb);
427 }
50a75a89 428 goto out;
ec18d9a2
DM		 429 }
430
1da177e4 431 if (type == ICMPV6_PKT_TOOBIG) {
0d4f0608
ED		 432 /* We are not interested in TCP_LISTEN and open_requests
433 * (SYN-ACKs send out by Linux are always <576bytes so
434 * they should go through unfragmented).
435 */
436 if (sk->sk_state == TCP_LISTEN)
437 goto out;
438
93b36cf3
HFS		 439 if (!ip6_sk_accept_pmtu(sk))
440 goto out;
441
563d34d0
ED		 442 tp->mtu_info = ntohl(info);
443 if (!sock_owned_by_user(sk))
444 tcp_v6_mtu_reduced(sk);
d013ef2a 445 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
7aa5470c 446 &sk->sk_tsq_flags))
d013ef2a 447 sock_hold(sk);
1da177e4
LT		 448 goto out;
449 }
450
1da177e4 451
60236fdd 452 /* Might be for an request_sock */
1da177e4 453 switch (sk->sk_state) {
1da177e4 454 case TCP_SYN_SENT:
0a672f74
YC		 455 case TCP_SYN_RECV:
456 /* Only in fast or simultaneous open. If a fast open socket is
457 * is already accepted it is treated as a connected one below.
458 */
63159f29 459 if (fastopen && !fastopen->sk)
0a672f74
YC		 460 break;
461
1da177e4 462 if (!sock_owned_by_user(sk)) {
1da177e4
LT		 463 sk->sk_err = err;
464 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
465
466 tcp_done(sk);
467 } else
468 sk->sk_err_soft = err;
469 goto out;
470 }
471
472 if (!sock_owned_by_user(sk) && np->recverr) {
473 sk->sk_err = err;
474 sk->sk_error_report(sk);
475 } else
476 sk->sk_err_soft = err;
477
478out:
479 bh_unlock_sock(sk);
480 sock_put(sk);
32bbd879 481 return 0;
1da177e4
LT		 482}
483
484
0f935dbe 485static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst,
d6274bd8 486 struct flowi *fl,
3840a06e 487 struct request_sock *req,
ca6fb065 488 struct tcp_fastopen_cookie *foc,
b3d05147 489 enum tcp_synack_type synack_type)
1da177e4 490{
634fb979 491 struct inet_request_sock *ireq = inet_rsk(req);
93a77c11 492 struct ipv6_pinfo *np = tcp_inet6_sk(sk);
56ac42bc 493 struct ipv6_txoptions *opt;
d6274bd8 494 struct flowi6 *fl6 = &fl->u.ip6;
4c99aa40 495 struct sk_buff *skb;
9494218f 496 int err = -ENOMEM;
1da177e4 497
9f10d3f6 498 /* First, grab a route. */
f76b33c3
ED		 499 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req,
500 IPPROTO_TCP)) == NULL)
fd80eb94 501 goto done;
9494218f 502
b3d05147 503 skb = tcp_make_synack(sk, dst, req, foc, synack_type);
9494218f 504
1da177e4 505 if (skb) {
634fb979
ED		 506 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
507 &ireq->ir_v6_rmt_addr);
1da177e4 508
634fb979 509 fl6->daddr = ireq->ir_v6_rmt_addr;
53b24b8f 510 if (np->repflow && ireq->pktopts)
df3687ff
FF		 511 fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
512
3e4006f0 513 rcu_read_lock();
56ac42bc
HD		 514 opt = ireq->ipv6_opt;
515 if (!opt)
516 opt = rcu_dereference(np->opt);
4f6570d7
ED		 517 err = ip6_xmit(sk, skb, fl6, sk->sk_mark, opt, np->tclass,
518 sk->sk_priority);
3e4006f0 519 rcu_read_unlock();
b9df3cb8 520 err = net_xmit_eval(err);
1da177e4
LT		 521 }
522
523done:
1da177e4
LT		 524 return err;
525}
526
72659ecc 527
60236fdd 528static void tcp_v6_reqsk_destructor(struct request_sock *req)
1da177e4 529{
56ac42bc 530 kfree(inet_rsk(req)->ipv6_opt);
634fb979 531 kfree_skb(inet_rsk(req)->pktopts);
1da177e4
LT		 532}
533
cfb6eeb4 534#ifdef CONFIG_TCP_MD5SIG
b83e3deb 535static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
dea53bb8
DA		 536 const struct in6_addr *addr,
537 int l3index)
cfb6eeb4 538{
dea53bb8
DA		 539 return tcp_md5_do_lookup(sk, l3index,
540 (union tcp_md5_addr *)addr, AF_INET6);
cfb6eeb4
YH		 541}
542
b83e3deb 543static struct tcp_md5sig_key *tcp_v6_md5_lookup(const struct sock *sk,
fd3a154a 544 const struct sock *addr_sk)
cfb6eeb4 545{
dea53bb8
DA		 546 int l3index;
547
548 l3index = l3mdev_master_ifindex_by_index(sock_net(sk),
549 addr_sk->sk_bound_dev_if);
550 return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr,
551 l3index);
cfb6eeb4
YH		 552}
553
8917a777
ID		 554static int tcp_v6_parse_md5_keys(struct sock *sk, int optname,
555 char __user *optval, int optlen)
cfb6eeb4
YH		 556{
557 struct tcp_md5sig cmd;
558 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
dea53bb8 559 int l3index = 0;
8917a777 560 u8 prefixlen;
cfb6eeb4
YH		 561
562 if (optlen < sizeof(cmd))
563 return -EINVAL;
564
565 if (copy_from_user(&cmd, optval, sizeof(cmd)))
566 return -EFAULT;
567
568 if (sin6->sin6_family != AF_INET6)
569 return -EINVAL;
570
8917a777
ID		 571 if (optname == TCP_MD5SIG_EXT &&
572 cmd.tcpm_flags & TCP_MD5SIG_FLAG_PREFIX) {
573 prefixlen = cmd.tcpm_prefixlen;
574 if (prefixlen > 128 || (ipv6_addr_v4mapped(&sin6->sin6_addr) &&
575 prefixlen > 32))
576 return -EINVAL;
577 } else {
578 prefixlen = ipv6_addr_v4mapped(&sin6->sin6_addr) ? 32 : 128;
579 }
580
6b102db5
DA		 581 if (optname == TCP_MD5SIG_EXT &&
582 cmd.tcpm_flags & TCP_MD5SIG_FLAG_IFINDEX) {
583 struct net_device *dev;
584
585 rcu_read_lock();
586 dev = dev_get_by_index_rcu(sock_net(sk), cmd.tcpm_ifindex);
587 if (dev && netif_is_l3_master(dev))
588 l3index = dev->ifindex;
589 rcu_read_unlock();
590
591 /* ok to reference set/not set outside of rcu;
592 * right now device MUST be an L3 master
593 */
594 if (!dev || !l3index)
595 return -EINVAL;
596 }
597
cfb6eeb4 598 if (!cmd.tcpm_keylen) {
e773e4fa 599 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
a915da9b 600 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
6b102db5
DA		 601 AF_INET, prefixlen,
602 l3index);
a915da9b 603 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
dea53bb8 604 AF_INET6, prefixlen, l3index);
cfb6eeb4
YH		 605 }
606
607 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
608 return -EINVAL;
609
a915da9b
ED		 610 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
611 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
dea53bb8
DA		 612 AF_INET, prefixlen, l3index,
613 cmd.tcpm_key, cmd.tcpm_keylen,
614 GFP_KERNEL);
cfb6eeb4 615
a915da9b 616 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
dea53bb8
DA		 617 AF_INET6, prefixlen, l3index,
618 cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
cfb6eeb4
YH		 619}
620
19689e38
ED		 621static int tcp_v6_md5_hash_headers(struct tcp_md5sig_pool *hp,
622 const struct in6_addr *daddr,
623 const struct in6_addr *saddr,
624 const struct tcphdr *th, int nbytes)
cfb6eeb4 625{
cfb6eeb4 626 struct tcp6_pseudohdr *bp;
49a72dfb 627 struct scatterlist sg;
19689e38 628 struct tcphdr *_th;
8d26d76d 629
19689e38 630 bp = hp->scratch;
cfb6eeb4 631 /* 1. TCP pseudo-header (RFC2460) */
4e3fd7a0
AD		 632 bp->saddr = *saddr;
633 bp->daddr = *daddr;
49a72dfb 634 bp->protocol = cpu_to_be32(IPPROTO_TCP);
00b1304c 635 bp->len = cpu_to_be32(nbytes);
cfb6eeb4 636
19689e38
ED		 637 _th = (struct tcphdr *)(bp + 1);
638 memcpy(_th, th, sizeof(*th));
639 _th->check = 0;
640
641 sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th));
642 ahash_request_set_crypt(hp->md5_req, &sg, NULL,
643 sizeof(*bp) + sizeof(*th));
cf80e0e4 644 return crypto_ahash_update(hp->md5_req);
49a72dfb 645}
c7da57a1 646
19689e38 647static int tcp_v6_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
b71d1d42 648 const struct in6_addr *daddr, struct in6_addr *saddr,
318cf7aa 649 const struct tcphdr *th)
49a72dfb
AL		 650{
651 struct tcp_md5sig_pool *hp;
cf80e0e4 652 struct ahash_request *req;
49a72dfb
AL		 653
654 hp = tcp_get_md5sig_pool();
655 if (!hp)
656 goto clear_hash_noput;
cf80e0e4 657 req = hp->md5_req;
49a72dfb 658
cf80e0e4 659 if (crypto_ahash_init(req))
49a72dfb 660 goto clear_hash;
19689e38 661 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, th->doff << 2))
49a72dfb
AL		 662 goto clear_hash;
663 if (tcp_md5_hash_key(hp, key))
664 goto clear_hash;
cf80e0e4
HX		 665 ahash_request_set_crypt(req, NULL, md5_hash, 0);
666 if (crypto_ahash_final(req))
cfb6eeb4 667 goto clear_hash;
cfb6eeb4 668
cfb6eeb4 669 tcp_put_md5sig_pool();
cfb6eeb4 670 return 0;
49a72dfb 671
cfb6eeb4
YH		 672clear_hash:
673 tcp_put_md5sig_pool();
674clear_hash_noput:
675 memset(md5_hash, 0, 16);
49a72dfb 676 return 1;
cfb6eeb4
YH		 677}
678
39f8e58e
ED		 679static int tcp_v6_md5_hash_skb(char *md5_hash,
680 const struct tcp_md5sig_key *key,
318cf7aa 681 const struct sock *sk,
318cf7aa 682 const struct sk_buff *skb)
cfb6eeb4 683{
b71d1d42 684 const struct in6_addr *saddr, *daddr;
49a72dfb 685 struct tcp_md5sig_pool *hp;
cf80e0e4 686 struct ahash_request *req;
318cf7aa 687 const struct tcphdr *th = tcp_hdr(skb);
cfb6eeb4 688
39f8e58e
ED		 689 if (sk) { /* valid for establish/request sockets */
690 saddr = &sk->sk_v6_rcv_saddr;
efe4208f 691 daddr = &sk->sk_v6_daddr;
49a72dfb 692 } else {
b71d1d42 693 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
49a72dfb
AL		 694 saddr = &ip6h->saddr;
695 daddr = &ip6h->daddr;
cfb6eeb4 696 }
49a72dfb
AL		 697
698 hp = tcp_get_md5sig_pool();
699 if (!hp)
700 goto clear_hash_noput;
cf80e0e4 701 req = hp->md5_req;
49a72dfb 702
cf80e0e4 703 if (crypto_ahash_init(req))
49a72dfb
AL		 704 goto clear_hash;
705
19689e38 706 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, skb->len))
49a72dfb
AL		 707 goto clear_hash;
708 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
709 goto clear_hash;
710 if (tcp_md5_hash_key(hp, key))
711 goto clear_hash;
cf80e0e4
HX		 712 ahash_request_set_crypt(req, NULL, md5_hash, 0);
713 if (crypto_ahash_final(req))
49a72dfb
AL		 714 goto clear_hash;
715
716 tcp_put_md5sig_pool();
717 return 0;
718
719clear_hash:
720 tcp_put_md5sig_pool();
721clear_hash_noput:
722 memset(md5_hash, 0, 16);
723 return 1;
cfb6eeb4
YH		 724}
725
ba8e275a
ED		 726#endif
727
728static bool tcp_v6_inbound_md5_hash(const struct sock *sk,
d14c77e0
DA		 729 const struct sk_buff *skb,
730 int dif, int sdif)
cfb6eeb4 731{
ba8e275a 732#ifdef CONFIG_TCP_MD5SIG
cf533ea5 733 const __u8 *hash_location = NULL;
cfb6eeb4 734 struct tcp_md5sig_key *hash_expected;
b71d1d42 735 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
318cf7aa 736 const struct tcphdr *th = tcp_hdr(skb);
dea53bb8 737 int genhash, l3index;
cfb6eeb4
YH		 738 u8 newhash[16];
739
dea53bb8
DA		 740 /* sdif set, means packet ingressed via a device
741 * in an L3 domain and dif is set to the l3mdev
742 */
743 l3index = sdif ? dif : 0;
744
745 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr, l3index);
7d5d5525 746 hash_location = tcp_parse_md5sig_option(th);
cfb6eeb4 747
785957d3
DM		 748 /* We've parsed the options - do we have a hash? */
749 if (!hash_expected && !hash_location)
ff74e23f 750 return false;
785957d3
DM		 751
752 if (hash_expected && !hash_location) {
c10d9310 753 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
ff74e23f 754 return true;
cfb6eeb4
YH		 755 }
756
785957d3 757 if (!hash_expected && hash_location) {
c10d9310 758 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
ff74e23f 759 return true;
cfb6eeb4
YH		 760 }
761
762 /* check the signature */
49a72dfb
AL		 763 genhash = tcp_v6_md5_hash_skb(newhash,
764 hash_expected,
39f8e58e 765 NULL, skb);
49a72dfb 766
cfb6eeb4 767 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
72145a68 768 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5FAILURE);
dea53bb8 769 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u L3 index %d\n",
e87cc472
JP		 770 genhash ? "failed" : "mismatch",
771 &ip6h->saddr, ntohs(th->source),
dea53bb8 772 &ip6h->daddr, ntohs(th->dest), l3index);
ff74e23f 773 return true;
cfb6eeb4 774 }
ba8e275a 775#endif
ff74e23f 776 return false;
cfb6eeb4 777}
cfb6eeb4 778
b40cf18e
ED		 779static void tcp_v6_init_req(struct request_sock *req,
780 const struct sock *sk_listener,
16bea70a
OP		 781 struct sk_buff *skb)
782{
c2027d1e 783 bool l3_slave = ipv6_l3mdev_skb(TCP_SKB_CB(skb)->header.h6.flags);
16bea70a 784 struct inet_request_sock *ireq = inet_rsk(req);
93a77c11 785 const struct ipv6_pinfo *np = tcp_inet6_sk(sk_listener);
16bea70a
OP		 786
787 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
788 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
789
16bea70a 790 /* So that link locals have meaning */
c2027d1e 791 if ((!sk_listener->sk_bound_dev_if || l3_slave) &&
16bea70a 792 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
870c3151 793 ireq->ir_iif = tcp_v6_iif(skb);
16bea70a 794
04317daf 795 if (!TCP_SKB_CB(skb)->tcp_tw_isn &&
b40cf18e 796 (ipv6_opt_accepted(sk_listener, skb, &TCP_SKB_CB(skb)->header.h6) ||
a224772d 797 np->rxopt.bits.rxinfo ||
16bea70a
OP		 798 np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim ||
799 np->rxopt.bits.rxohlim || np->repflow)) {
63354797 800 refcount_inc(&skb->users);
16bea70a
OP		 801 ireq->pktopts = skb;
802 }
803}
804
f964629e
ED		 805static struct dst_entry *tcp_v6_route_req(const struct sock *sk,
806 struct flowi *fl,
4396e461 807 const struct request_sock *req)
d94e0417 808{
f76b33c3 809 return inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP);
d94e0417
OP		 810}
811
c6aefafb 812struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
1da177e4 813 .family = AF_INET6,
2e6599cb 814 .obj_size = sizeof(struct tcp6_request_sock),
5db92c99 815 .rtx_syn_ack = tcp_rtx_synack,
60236fdd
ACM		 816 .send_ack = tcp_v6_reqsk_send_ack,
817 .destructor = tcp_v6_reqsk_destructor,
72659ecc 818 .send_reset = tcp_v6_send_reset,
4aa956d8 819 .syn_ack_timeout = tcp_syn_ack_timeout,
1da177e4
LT		 820};
821
35b2c321 822const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
2aec4a29
OP		 823 .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) -
824 sizeof(struct ipv6hdr),
16bea70a 825#ifdef CONFIG_TCP_MD5SIG
fd3a154a 826 .req_md5_lookup = tcp_v6_md5_lookup,
e3afe7b7 827 .calc_md5_hash = tcp_v6_md5_hash_skb,
b6332e6c 828#endif
16bea70a 829 .init_req = tcp_v6_init_req,
fb7b37a7
OP		 830#ifdef CONFIG_SYN_COOKIES
831 .cookie_init_seq = cookie_v6_init_sequence,
832#endif
d94e0417 833 .route_req = tcp_v6_route_req,
84b114b9
ED		 834 .init_seq = tcp_v6_init_seq,
835 .init_ts_off = tcp_v6_init_ts_off,
d6274bd8 836 .send_synack = tcp_v6_send_synack,
16bea70a 837};
cfb6eeb4 838
a00e7444 839static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 seq,
0f85feae
ED		 840 u32 ack, u32 win, u32 tsval, u32 tsecr,
841 int oif, struct tcp_md5sig_key *key, int rst,
e9a5dcee 842 u8 tclass, __be32 label, u32 priority)
1da177e4 843{
cf533ea5
ED		 844 const struct tcphdr *th = tcp_hdr(skb);
845 struct tcphdr *t1;
1da177e4 846 struct sk_buff *buff;
4c9483b2 847 struct flowi6 fl6;
0f85feae 848 struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
e5047992 849 struct sock *ctl_sk = net->ipv6.tcp_sk;
77c676da 850 unsigned int tot_len = sizeof(struct tcphdr);
adf30907 851 struct dst_entry *dst;
81ada62d 852 __be32 *topt;
00483690 853 __u32 mark = 0;
1da177e4 854
ee684b6f 855 if (tsecr)
626e264d 856 tot_len += TCPOLEN_TSTAMP_ALIGNED;
cfb6eeb4 857#ifdef CONFIG_TCP_MD5SIG
cfb6eeb4
YH		 858 if (key)
859 tot_len += TCPOLEN_MD5SIG_ALIGNED;
860#endif
861
cfb6eeb4 862 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1da177e4 863 GFP_ATOMIC);
63159f29 864 if (!buff)
1ab1457c 865 return;
1da177e4 866
cfb6eeb4 867 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1da177e4 868
d58ff351 869 t1 = skb_push(buff, tot_len);
6651ffc8 870 skb_reset_transport_header(buff);
1da177e4
LT		 871
872 /* Swap the send and the receive. */
873 memset(t1, 0, sizeof(*t1));
874 t1->dest = th->source;
875 t1->source = th->dest;
cfb6eeb4 876 t1->doff = tot_len / 4;
626e264d
IJ		 877 t1->seq = htonl(seq);
878 t1->ack_seq = htonl(ack);
879 t1->ack = !rst || !th->ack;
880 t1->rst = rst;
881 t1->window = htons(win);
1da177e4 882
81ada62d
IJ		 883 topt = (__be32 *)(t1 + 1);
884
ee684b6f 885 if (tsecr) {
626e264d
IJ		 886 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
887 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
ee684b6f
AV		 888 *topt++ = htonl(tsval);
889 *topt++ = htonl(tsecr);
626e264d
IJ		 890 }
891
cfb6eeb4
YH		 892#ifdef CONFIG_TCP_MD5SIG
893 if (key) {
81ada62d
IJ		 894 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
895 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
896 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
78e645cb
IJ		 897 &ipv6_hdr(skb)->saddr,
898 &ipv6_hdr(skb)->daddr, t1);
cfb6eeb4
YH		 899 }
900#endif
901
4c9483b2 902 memset(&fl6, 0, sizeof(fl6));
4e3fd7a0
AD		 903 fl6.daddr = ipv6_hdr(skb)->saddr;
904 fl6.saddr = ipv6_hdr(skb)->daddr;
1d13a96c 905 fl6.flowlabel = label;
1da177e4 906
e5700aff
DM		 907 buff->ip_summed = CHECKSUM_PARTIAL;
908 buff->csum = 0;
909
4c9483b2 910 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
1da177e4 911
4c9483b2 912 fl6.flowi6_proto = IPPROTO_TCP;
a36dbdb2 913 if (rt6_need_strict(&fl6.daddr) && !oif)
870c3151 914 fl6.flowi6_oif = tcp_v6_iif(skb);
9b6c14d5
DA		 915 else {
916 if (!oif && netif_index_is_l3_master(net, skb->skb_iif))
917 oif = skb->skb_iif;
918
919 fl6.flowi6_oif = oif;
920 }
1d2f7b2d 921
c67b8555
ED		 922 if (sk) {
923 if (sk->sk_state == TCP_TIME_WAIT) {
924 mark = inet_twsk(sk)->tw_mark;
925 /* autoflowlabel relies on buff->hash */
926 skb_set_hash(buff, inet_twsk(sk)->tw_txhash,
927 PKT_HASH_TYPE_L4);
928 } else {
929 mark = sk->sk_mark;
930 }
d6fb396c 931 buff->tstamp = tcp_transmit_time(sk);
c67b8555 932 }
00483690 933 fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark) ?: mark;
1958b856
DM		 934 fl6.fl6_dport = t1->dest;
935 fl6.fl6_sport = t1->source;
e2d118a1 936 fl6.flowi6_uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL);
4c9483b2 937 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
1da177e4 938
c20121ae
DL		 939 /* Pass a socket to ip6_dst_lookup either it is for RST
940 * Underlying function will use this to retrieve the network
941 * namespace
942 */
c4e85f73 943 dst = ip6_dst_lookup_flow(sock_net(ctl_sk), ctl_sk, &fl6, NULL);
68d0c6d3
DM		 944 if (!IS_ERR(dst)) {
945 skb_dst_set(buff, dst);
4f6570d7 946 ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL, tclass,
e9a5dcee 947 priority);
c10d9310 948 TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
68d0c6d3 949 if (rst)
c10d9310 950 TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
68d0c6d3 951 return;
1da177e4
LT		 952 }
953
954 kfree_skb(buff);
955}
956
a00e7444 957static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb)
1da177e4 958{
cf533ea5 959 const struct tcphdr *th = tcp_hdr(skb);
323a53c4 960 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
626e264d 961 u32 seq = 0, ack_seq = 0;
fa3e5b4e 962 struct tcp_md5sig_key *key = NULL;
658ddaaf
SL		 963#ifdef CONFIG_TCP_MD5SIG
964 const __u8 *hash_location = NULL;
658ddaaf
SL		 965 unsigned char newhash[16];
966 int genhash;
967 struct sock *sk1 = NULL;
968#endif
323a53c4 969 __be32 label = 0;
e9a5dcee 970 u32 priority = 0;
323a53c4 971 struct net *net;
c24b14c4 972 int oif = 0;
1da177e4 973
626e264d 974 if (th->rst)
1da177e4
LT		 975 return;
976
c3658e8d
ED		 977 /* If sk not NULL, it means we did a successful lookup and incoming
978 * route had to be correct. prequeue might have dropped our dst.
979 */
980 if (!sk && !ipv6_unicast_destination(skb))
626e264d 981 return;
1da177e4 982
39209673 983 net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
cfb6eeb4 984#ifdef CONFIG_TCP_MD5SIG
3b24d854 985 rcu_read_lock();
658ddaaf 986 hash_location = tcp_parse_md5sig_option(th);
271c3b9b 987 if (sk && sk_fullsock(sk)) {
dea53bb8
DA		 988 int l3index;
989
990 /* sdif set, means packet ingressed via a device
991 * in an L3 domain and inet_iif is set to it.
992 */
993 l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
994 key = tcp_v6_md5_do_lookup(sk, &ipv6h->saddr, l3index);
e46787f0 995 } else if (hash_location) {
d14c77e0
DA		 996 int dif = tcp_v6_iif_l3_slave(skb);
997 int sdif = tcp_v6_sdif(skb);
dea53bb8 998 int l3index;
d14c77e0 999
658ddaaf
SL		 1000 /*
1001 * active side is lost. Try to find listening socket through
1002 * source port, and then find md5 key through listening socket.
1003 * we are not loose security here:
1004 * Incoming packet is checked with md5 hash with finding key,
1005 * no RST generated if md5 hash doesn't match.
1006 */
323a53c4 1007 sk1 = inet6_lookup_listener(net,
a583636a
CG		 1008 &tcp_hashinfo, NULL, 0,
1009 &ipv6h->saddr,
5ba24953 1010 th->source, &ipv6h->daddr,
d14c77e0 1011 ntohs(th->source), dif, sdif);
658ddaaf 1012 if (!sk1)
3b24d854 1013 goto out;
658ddaaf 1014
dea53bb8
DA		 1015 /* sdif set, means packet ingressed via a device
1016 * in an L3 domain and dif is set to it.
1017 */
1018 l3index = tcp_v6_sdif(skb) ? dif : 0;
1019
1020 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr, l3index);
658ddaaf 1021 if (!key)
3b24d854 1022 goto out;
658ddaaf 1023
39f8e58e 1024 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, skb);
658ddaaf 1025 if (genhash || memcmp(hash_location, newhash, 16) != 0)
3b24d854 1026 goto out;
658ddaaf 1027 }
cfb6eeb4
YH		 1028#endif
1029
626e264d
IJ		 1030 if (th->ack)
1031 seq = ntohl(th->ack_seq);
1032 else
1033 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
1034 (th->doff << 2);
1da177e4 1035
c24b14c4
SL		 1036 if (sk) {
1037 oif = sk->sk_bound_dev_if;
052e0690
ED		 1038 if (sk_fullsock(sk)) {
1039 const struct ipv6_pinfo *np = tcp_inet6_sk(sk);
1040
5c487bb9 1041 trace_tcp_send_reset(sk, skb);
052e0690
ED		 1042 if (np->repflow)
1043 label = ip6_flowlabel(ipv6h);
e9a5dcee 1044 priority = sk->sk_priority;
052e0690 1045 }
f6c0f5d2 1046 if (sk->sk_state == TCP_TIME_WAIT) {
50a8accf 1047 label = cpu_to_be32(inet_twsk(sk)->tw_flowlabel);
f6c0f5d2
ED		 1048 priority = inet_twsk(sk)->tw_priority;
1049 }
323a53c4 1050 } else {
a346abe0 1051 if (net->ipv6.sysctl.flowlabel_reflect & FLOWLABEL_REFLECT_TCP_RESET)
323a53c4 1052 label = ip6_flowlabel(ipv6h);
c24b14c4
SL		 1053 }
1054
323a53c4 1055 tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, key, 1, 0,
e9a5dcee 1056 label, priority);
658ddaaf
SL		 1057
1058#ifdef CONFIG_TCP_MD5SIG
3b24d854
ED		 1059out:
1060 rcu_read_unlock();
658ddaaf 1061#endif
626e264d 1062}
1da177e4 1063
a00e7444 1064static void tcp_v6_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq,
0f85feae 1065 u32 ack, u32 win, u32 tsval, u32 tsecr, int oif,
1d13a96c 1066 struct tcp_md5sig_key *key, u8 tclass,
e9a5dcee 1067 __be32 label, u32 priority)
626e264d 1068{
0f85feae 1069 tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, key, 0,
e9a5dcee 1070 tclass, label, priority);
1da177e4
LT		 1071}
1072
1073static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1074{
8feaf0c0 1075 struct inet_timewait_sock *tw = inet_twsk(sk);
cfb6eeb4 1076 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1da177e4 1077
0f85feae 1078 tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
8feaf0c0 1079 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
9a568de4 1080 tcp_time_stamp_raw() + tcptw->tw_ts_offset,
9c76a114 1081 tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw),
f6c0f5d2 1082 tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel), tw->tw_priority);
1da177e4 1083
8feaf0c0 1084 inet_twsk_put(tw);
1da177e4
LT		 1085}
1086
a00e7444 1087static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
6edafaaf 1088 struct request_sock *req)
1da177e4 1089{
dea53bb8
DA		 1090 int l3index;
1091
1092 l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
1093
3a19ce0e
DL		 1094 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
1095 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
1096 */
20a2b49f
ED		 1097 /* RFC 7323 2.3
1098 * The window field (SEG.WND) of every outgoing segment, with the
1099 * exception of <SYN> segments, MUST be right-shifted by
1100 * Rcv.Wind.Shift bits:
1101 */
0f85feae 1102 tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ?
3a19ce0e 1103 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
20a2b49f
ED		 1104 tcp_rsk(req)->rcv_nxt,
1105 req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale,
9a568de4 1106 tcp_time_stamp_raw() + tcp_rsk(req)->ts_off,
95a22cae 1107 req->ts_recent, sk->sk_bound_dev_if,
dea53bb8 1108 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->saddr, l3index),
e9a5dcee 1109 0, 0, sk->sk_priority);
1da177e4
LT		 1110}
1111
1112
079096f1 1113static struct sock *tcp_v6_cookie_check(struct sock *sk, struct sk_buff *skb)
1da177e4 1114{
079096f1 1115#ifdef CONFIG_SYN_COOKIES
aa8223c7 1116 const struct tcphdr *th = tcp_hdr(skb);
1da177e4 1117
af9b4738 1118 if (!th->syn)
c6aefafb 1119 sk = cookie_v6_check(sk, skb);
1da177e4
LT		 1120#endif
1121 return sk;
1122}
1123
9349d600
PP		 1124u16 tcp_v6_get_syncookie(struct sock *sk, struct ipv6hdr *iph,
1125 struct tcphdr *th, u32 *cookie)
1126{
1127 u16 mss = 0;
1128#ifdef CONFIG_SYN_COOKIES
1129 mss = tcp_get_syncookie_mss(&tcp6_request_sock_ops,
1130 &tcp_request_sock_ipv6_ops, sk, th);
1131 if (mss) {
1132 *cookie = __cookie_v6_init_sequence(iph, th, &mss);
1133 tcp_synq_overflow(sk);
1134 }
1135#endif
1136 return mss;
1137}
1138
1da177e4
LT		 1139static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1140{
1da177e4
LT		 1141 if (skb->protocol == htons(ETH_P_IP))
1142 return tcp_v4_conn_request(sk, skb);
1143
1144 if (!ipv6_unicast_destination(skb))
1ab1457c 1145 goto drop;
1da177e4 1146
1fb6f159
OP		 1147 return tcp_conn_request(&tcp6_request_sock_ops,
1148 &tcp_request_sock_ipv6_ops, sk, skb);
1da177e4
LT		 1149
1150drop:
9caad864 1151 tcp_listendrop(sk);
1da177e4
LT		 1152 return 0; /* don't send reset */
1153}
1154
ebf6c9cb
ED		 1155static void tcp_v6_restore_cb(struct sk_buff *skb)
1156{
1157 /* We need to move header back to the beginning if xfrm6_policy_check()
1158 * and tcp_v6_fill_cb() are going to be called again.
1159 * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there.
1160 */
1161 memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
1162 sizeof(struct inet6_skb_parm));
1163}
1164
0c27171e 1165static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
4c99aa40 1166 struct request_sock *req,
5e0724d0
ED		 1167 struct dst_entry *dst,
1168 struct request_sock *req_unhash,
1169 bool *own_req)
1da177e4 1170{
634fb979 1171 struct inet_request_sock *ireq;
0c27171e 1172 struct ipv6_pinfo *newnp;
93a77c11 1173 const struct ipv6_pinfo *np = tcp_inet6_sk(sk);
45f6fad8 1174 struct ipv6_txoptions *opt;
1da177e4
LT		 1175 struct inet_sock *newinet;
1176 struct tcp_sock *newtp;
1177 struct sock *newsk;
cfb6eeb4
YH		 1178#ifdef CONFIG_TCP_MD5SIG
1179 struct tcp_md5sig_key *key;
dea53bb8 1180 int l3index;
cfb6eeb4 1181#endif
3840a06e 1182 struct flowi6 fl6;
1da177e4
LT		 1183
1184 if (skb->protocol == htons(ETH_P_IP)) {
1185 /*
1186 * v6 mapped
1187 */
1188
5e0724d0
ED		 1189 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst,
1190 req_unhash, own_req);
1da177e4 1191
63159f29 1192 if (!newsk)
1da177e4
LT		 1193 return NULL;
1194
93a77c11 1195 inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk);
1da177e4
LT		 1196
1197 newinet = inet_sk(newsk);
93a77c11 1198 newnp = tcp_inet6_sk(newsk);
1da177e4
LT		 1199 newtp = tcp_sk(newsk);
1200
1201 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1202
d1e559d0 1203 newnp->saddr = newsk->sk_v6_rcv_saddr;
1da177e4 1204
8292a17a 1205 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1da177e4 1206 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
cfb6eeb4
YH		 1207#ifdef CONFIG_TCP_MD5SIG
1208 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1209#endif
1210
83eaddab 1211 newnp->ipv6_mc_list = NULL;
676a1184
YZ		 1212 newnp->ipv6_ac_list = NULL;
1213 newnp->ipv6_fl_list = NULL;
1da177e4
LT		 1214 newnp->pktoptions = NULL;
1215 newnp->opt = NULL;
89e41309
ED		 1216 newnp->mcast_oif = inet_iif(skb);
1217 newnp->mcast_hops = ip_hdr(skb)->ttl;
1218 newnp->rcv_flowinfo = 0;
df3687ff 1219 if (np->repflow)
89e41309 1220 newnp->flow_label = 0;
1da177e4 1221
e6848976
ACM		 1222 /*
1223 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1224 * here, tcp_create_openreq_child now does this for us, see the comment in
1225 * that function for the gory details. -acme
1da177e4 1226 */
1da177e4
LT		 1227
1228 /* It is tricky place. Until this moment IPv4 tcp
8292a17a 1229 worked with IPv6 icsk.icsk_af_ops.
1da177e4
LT		 1230 Sync it now.
1231 */
d83d8461 1232 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1da177e4
LT		 1233
1234 return newsk;
1235 }
1236
634fb979 1237 ireq = inet_rsk(req);
1da177e4
LT		 1238
1239 if (sk_acceptq_is_full(sk))
1240 goto out_overflow;
1241
493f377d 1242 if (!dst) {
f76b33c3 1243 dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_TCP);
493f377d 1244 if (!dst)
1da177e4 1245 goto out;
1ab1457c 1246 }
1da177e4
LT		 1247
1248 newsk = tcp_create_openreq_child(sk, req, skb);
63159f29 1249 if (!newsk)
093d2823 1250 goto out_nonewsk;
1da177e4 1251
e6848976
ACM		 1252 /*
1253 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1254 * count here, tcp_create_openreq_child now does this for us, see the
1255 * comment in that function for the gory details. -acme
1256 */
1da177e4 1257
59eed279 1258 newsk->sk_gso_type = SKB_GSO_TCPV6;
6bd4f355 1259 ip6_dst_store(newsk, dst, NULL, NULL);
fae6ef87 1260 inet6_sk_rx_dst_set(newsk, skb);
1da177e4 1261
93a77c11 1262 inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk);
1da177e4
LT		 1263
1264 newtp = tcp_sk(newsk);
1265 newinet = inet_sk(newsk);
93a77c11 1266 newnp = tcp_inet6_sk(newsk);
1da177e4
LT		 1267
1268 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1269
634fb979
ED		 1270 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
1271 newnp->saddr = ireq->ir_v6_loc_addr;
1272 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
1273 newsk->sk_bound_dev_if = ireq->ir_iif;
1da177e4 1274
1ab1457c 1275 /* Now IPv6 options...
1da177e4
LT		 1276
1277 First: no IPv4 options.
1278 */
f6d8bd05 1279 newinet->inet_opt = NULL;
83eaddab 1280 newnp->ipv6_mc_list = NULL;
676a1184 1281 newnp->ipv6_ac_list = NULL;
d35690be 1282 newnp->ipv6_fl_list = NULL;
1da177e4
LT		 1283
1284 /* Clone RX bits */
1285 newnp->rxopt.all = np->rxopt.all;
1286
1da177e4 1287 newnp->pktoptions = NULL;
1da177e4 1288 newnp->opt = NULL;
870c3151 1289 newnp->mcast_oif = tcp_v6_iif(skb);
0660e03f 1290 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1397ed35 1291 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
df3687ff
FF		 1292 if (np->repflow)
1293 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1da177e4
LT		 1294
1295 /* Clone native IPv6 options from listening socket (if any)
1296
1297 Yes, keeping reference count would be much more clever,
1298 but we make one more one thing there: reattach optmem
1299 to newsk.
1300 */
56ac42bc
HD		 1301 opt = ireq->ipv6_opt;
1302 if (!opt)
1303 opt = rcu_dereference(np->opt);
45f6fad8
ED		 1304 if (opt) {
1305 opt = ipv6_dup_options(newsk, opt);
1306 RCU_INIT_POINTER(newnp->opt, opt);
1307 }
d83d8461 1308 inet_csk(newsk)->icsk_ext_hdr_len = 0;
45f6fad8
ED		 1309 if (opt)
1310 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen +
1311 opt->opt_flen;
1da177e4 1312
81164413
DB		 1313 tcp_ca_openreq_child(newsk, dst);
1314
1da177e4 1315 tcp_sync_mss(newsk, dst_mtu(dst));
3541f9e8 1316 newtp->advmss = tcp_mss_clamp(tcp_sk(sk), dst_metric_advmss(dst));
d135c522 1317
1da177e4
LT		 1318 tcp_initialize_rcv_mss(newsk);
1319
c720c7e8
ED		 1320 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1321 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1da177e4 1322
cfb6eeb4 1323#ifdef CONFIG_TCP_MD5SIG
dea53bb8
DA		 1324 l3index = l3mdev_master_ifindex_by_index(sock_net(sk), ireq->ir_iif);
1325
cfb6eeb4 1326 /* Copy over the MD5 key from the original socket */
dea53bb8 1327 key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr, l3index);
53b24b8f 1328 if (key) {
cfb6eeb4
YH		 1329 /* We're using one, so create a matching key
1330 * on the newsk structure. If we fail to get
1331 * memory, then we end up not copying the key
1332 * across. Shucks.
1333 */
efe4208f 1334 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr,
dea53bb8 1335 AF_INET6, 128, l3index, key->key, key->keylen,
7450aaf6 1336 sk_gfp_mask(sk, GFP_ATOMIC));
cfb6eeb4
YH		 1337 }
1338#endif
1339
093d2823 1340 if (__inet_inherit_port(sk, newsk) < 0) {
e337e24d
CP		 1341 inet_csk_prepare_forced_close(newsk);
1342 tcp_done(newsk);
093d2823
BS		 1343 goto out;
1344 }
5e0724d0 1345 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash));
805c4bc0 1346 if (*own_req) {
49a496c9 1347 tcp_move_syn(newtp, req);
805c4bc0
ED		 1348
1349 /* Clone pktoptions received with SYN, if we own the req */
1350 if (ireq->pktopts) {
1351 newnp->pktoptions = skb_clone(ireq->pktopts,
7450aaf6 1352 sk_gfp_mask(sk, GFP_ATOMIC));
805c4bc0
ED		 1353 consume_skb(ireq->pktopts);
1354 ireq->pktopts = NULL;
ebf6c9cb
ED		 1355 if (newnp->pktoptions) {
1356 tcp_v6_restore_cb(newnp->pktoptions);
805c4bc0 1357 skb_set_owner_r(newnp->pktoptions, newsk);
ebf6c9cb 1358 }
805c4bc0 1359 }
ce105008 1360 }
1da177e4
LT		 1361
1362 return newsk;
1363
1364out_overflow:
02a1d6e7 1365 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
093d2823 1366out_nonewsk:
1da177e4 1367 dst_release(dst);
093d2823 1368out:
9caad864 1369 tcp_listendrop(sk);
1da177e4
LT		 1370 return NULL;
1371}
1372
1da177e4 1373/* The socket must have it's spinlock held when we get
e994b2f0 1374 * here, unless it is a TCP_LISTEN socket.
1da177e4
LT		 1375 *
1376 * We have a potential double-lock case here, so even when
1377 * doing backlog processing we use the BH locking scheme.
1378 * This is because we cannot sleep with the original spinlock
1379 * held.
1380 */
1381static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1382{
93a77c11 1383 struct ipv6_pinfo *np = tcp_inet6_sk(sk);
1da177e4 1384 struct sk_buff *opt_skb = NULL;
93a77c11 1385 struct tcp_sock *tp;
1da177e4
LT		 1386
1387 /* Imagine: socket is IPv6. IPv4 packet arrives,
1388 goes to IPv4 receive handler and backlogged.
1389 From backlog it always goes here. Kerboom...
1390 Fortunately, tcp_rcv_established and rcv_established
1391 handle them correctly, but it is not case with
1392 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1393 */
1394
1395 if (skb->protocol == htons(ETH_P_IP))
1396 return tcp_v4_do_rcv(sk, skb);
1397
1da177e4
LT		 1398 /*
1399 * socket locking is here for SMP purposes as backlog rcv
1400 * is currently called with bh processing disabled.
1401 */
1402
1403 /* Do Stevens' IPV6_PKTOPTIONS.
1404
1405 Yes, guys, it is the only place in our code, where we
1406 may make it not affecting IPv4.
1407 The rest of code is protocol independent,
1408 and I do not like idea to uglify IPv4.
1409
1410 Actually, all the idea behind IPV6_PKTOPTIONS
1411 looks not very well thought. For now we latch
1412 options, received in the last packet, enqueued
1413 by tcp. Feel free to propose better solution.
1ab1457c 1414 --ANK (980728)
1da177e4
LT		 1415 */
1416 if (np->rxopt.all)
7450aaf6 1417 opt_skb = skb_clone(skb, sk_gfp_mask(sk, GFP_ATOMIC));
1da177e4
LT		 1418
1419 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
5d299f3d
ED		 1420 struct dst_entry *dst = sk->sk_rx_dst;
1421
bdeab991 1422 sock_rps_save_rxhash(sk, skb);
3d97379a 1423 sk_mark_napi_id(sk, skb);
5d299f3d
ED		 1424 if (dst) {
1425 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
1426 dst->ops->check(dst, np->rx_dst_cookie) == NULL) {
1427 dst_release(dst);
1428 sk->sk_rx_dst = NULL;
1429 }
1430 }
1431
3d97d88e 1432 tcp_rcv_established(sk, skb);
1da177e4
LT		 1433 if (opt_skb)
1434 goto ipv6_pktoptions;
1435 return 0;
1436 }
1437
12e25e10 1438 if (tcp_checksum_complete(skb))
1da177e4
LT		 1439 goto csum_err;
1440
1ab1457c 1441 if (sk->sk_state == TCP_LISTEN) {
079096f1
ED		 1442 struct sock *nsk = tcp_v6_cookie_check(sk, skb);
1443
1da177e4
LT		 1444 if (!nsk)
1445 goto discard;
1446
4c99aa40 1447 if (nsk != sk) {
1da177e4
LT		 1448 if (tcp_child_process(sk, nsk, skb))
1449 goto reset;
1450 if (opt_skb)
1451 __kfree_skb(opt_skb);
1452 return 0;
1453 }
47482f13 1454 } else
bdeab991 1455 sock_rps_save_rxhash(sk, skb);
1da177e4 1456
72ab4a86 1457 if (tcp_rcv_state_process(sk, skb))
1da177e4 1458 goto reset;
1da177e4
LT		 1459 if (opt_skb)
1460 goto ipv6_pktoptions;
1461 return 0;
1462
1463reset:
cfb6eeb4 1464 tcp_v6_send_reset(sk, skb);
1da177e4
LT		 1465discard:
1466 if (opt_skb)
1467 __kfree_skb(opt_skb);
1468 kfree_skb(skb);
1469 return 0;
1470csum_err:
c10d9310
ED		 1471 TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS);
1472 TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS);
1da177e4
LT		 1473 goto discard;
1474
1475
1476ipv6_pktoptions:
1477 /* Do you ask, what is it?
1478
1479 1. skb was enqueued by tcp.
1480 2. skb is added to tail of read queue, rather than out of order.
1481 3. socket is not in passive state.
1482 4. Finally, it really contains options, which user wants to receive.
1483 */
1484 tp = tcp_sk(sk);
1485 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1486 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
333fad53 1487 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
870c3151 1488 np->mcast_oif = tcp_v6_iif(opt_skb);
333fad53 1489 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
0660e03f 1490 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
82e9f105 1491 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
1397ed35 1492 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
df3687ff
FF		 1493 if (np->repflow)
1494 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
a224772d 1495 if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) {
1da177e4 1496 skb_set_owner_r(opt_skb, sk);
8ce48623 1497 tcp_v6_restore_cb(opt_skb);
1da177e4
LT		 1498 opt_skb = xchg(&np->pktoptions, opt_skb);
1499 } else {
1500 __kfree_skb(opt_skb);
1501 opt_skb = xchg(&np->pktoptions, NULL);
1502 }
1503 }
1504
800d55f1 1505 kfree_skb(opt_skb);
1da177e4
LT		 1506 return 0;
1507}
1508
2dc49d16
ND		 1509static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
1510 const struct tcphdr *th)
1511{
1512 /* This is tricky: we move IP6CB at its correct location into
1513 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
1514 * _decode_session6() uses IP6CB().
1515 * barrier() makes sure compiler won't play aliasing games.
1516 */
1517 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
1518 sizeof(struct inet6_skb_parm));
1519 barrier();
1520
1521 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1522 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1523 skb->len - th->doff*4);
1524 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1525 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1526 TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1527 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1528 TCP_SKB_CB(skb)->sacked = 0;
98aaa913
MM		 1529 TCP_SKB_CB(skb)->has_rxtstamp =
1530 skb->tstamp || skb_hwtstamps(skb)->hwtstamp;
2dc49d16
ND		 1531}
1532
0e219ae4 1533INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
1da177e4 1534{
8b27dae5 1535 struct sk_buff *skb_to_free;
4297a0ef 1536 int sdif = inet6_sdif(skb);
d14c77e0 1537 int dif = inet6_iif(skb);
cf533ea5 1538 const struct tcphdr *th;
b71d1d42 1539 const struct ipv6hdr *hdr;
3b24d854 1540 bool refcounted;
1da177e4
LT		 1541 struct sock *sk;
1542 int ret;
a86b1e30 1543 struct net *net = dev_net(skb->dev);
1da177e4
LT		 1544
1545 if (skb->pkt_type != PACKET_HOST)
1546 goto discard_it;
1547
1548 /*
1549 * Count it even if it's bad.
1550 */
90bbcc60 1551 __TCP_INC_STATS(net, TCP_MIB_INSEGS);
1da177e4
LT		 1552
1553 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1554 goto discard_it;
1555
ea1627c2 1556 th = (const struct tcphdr *)skb->data;
1da177e4 1557
ea1627c2 1558 if (unlikely(th->doff < sizeof(struct tcphdr)/4))
1da177e4
LT		 1559 goto bad_packet;
1560 if (!pskb_may_pull(skb, th->doff*4))
1561 goto discard_it;
1562
e4f45b7f 1563 if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo))
6a5dc9e5 1564 goto csum_error;
1da177e4 1565
ea1627c2 1566 th = (const struct tcphdr *)skb->data;
e802af9c 1567 hdr = ipv6_hdr(skb);
1da177e4 1568
4bdc3d66 1569lookup:
a583636a 1570 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th),
4297a0ef 1571 th->source, th->dest, inet6_iif(skb), sdif,
3b24d854 1572 &refcounted);
1da177e4
LT		 1573 if (!sk)
1574 goto no_tcp_socket;
1575
1576process:
1577 if (sk->sk_state == TCP_TIME_WAIT)
1578 goto do_time_wait;
1579
079096f1
ED		 1580 if (sk->sk_state == TCP_NEW_SYN_RECV) {
1581 struct request_sock *req = inet_reqsk(sk);
e0f9759f 1582 bool req_stolen = false;
7716682c 1583 struct sock *nsk;
079096f1
ED		 1584
1585 sk = req->rsk_listener;
d14c77e0 1586 if (tcp_v6_inbound_md5_hash(sk, skb, dif, sdif)) {
e65c332d 1587 sk_drops_add(sk, skb);
079096f1
ED		 1588 reqsk_put(req);
1589 goto discard_it;
1590 }
4fd44a98
FL		 1591 if (tcp_checksum_complete(skb)) {
1592 reqsk_put(req);
1593 goto csum_error;
1594 }
7716682c 1595 if (unlikely(sk->sk_state != TCP_LISTEN)) {
f03f2e15 1596 inet_csk_reqsk_queue_drop_and_put(sk, req);
4bdc3d66
ED		 1597 goto lookup;
1598 }
7716682c 1599 sock_hold(sk);
3b24d854 1600 refcounted = true;
1f3b359f 1601 nsk = NULL;
eeea10b8
ED		 1602 if (!tcp_filter(sk, skb)) {
1603 th = (const struct tcphdr *)skb->data;
1604 hdr = ipv6_hdr(skb);
1605 tcp_v6_fill_cb(skb, hdr, th);
e0f9759f 1606 nsk = tcp_check_req(sk, skb, req, false, &req_stolen);
eeea10b8 1607 }
079096f1
ED		 1608 if (!nsk) {
1609 reqsk_put(req);
e0f9759f
ED		 1610 if (req_stolen) {
1611 /* Another cpu got exclusive access to req
1612 * and created a full blown socket.
1613 * Try to feed this packet to this socket
1614 * instead of discarding it.
1615 */
1616 tcp_v6_restore_cb(skb);
1617 sock_put(sk);
1618 goto lookup;
1619 }
7716682c 1620 goto discard_and_relse;
079096f1
ED		 1621 }
1622 if (nsk == sk) {
079096f1
ED		 1623 reqsk_put(req);
1624 tcp_v6_restore_cb(skb);
1625 } else if (tcp_child_process(sk, nsk, skb)) {
1626 tcp_v6_send_reset(nsk, skb);
7716682c 1627 goto discard_and_relse;
079096f1 1628 } else {
7716682c 1629 sock_put(sk);
079096f1
ED		 1630 return 0;
1631 }
1632 }
93a77c11 1633 if (hdr->hop_limit < tcp_inet6_sk(sk)->min_hopcount) {
02a1d6e7 1634 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
e802af9c
SH		 1635 goto discard_and_relse;
1636 }
1637
1da177e4
LT		 1638 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1639 goto discard_and_relse;
1640
d14c77e0 1641 if (tcp_v6_inbound_md5_hash(sk, skb, dif, sdif))
9ea88a15 1642 goto discard_and_relse;
9ea88a15 1643
ac6e7800 1644 if (tcp_filter(sk, skb))
1da177e4 1645 goto discard_and_relse;
ac6e7800
ED		 1646 th = (const struct tcphdr *)skb->data;
1647 hdr = ipv6_hdr(skb);
eeea10b8 1648 tcp_v6_fill_cb(skb, hdr, th);
1da177e4
LT		 1649
1650 skb->dev = NULL;
1651
e994b2f0
ED		 1652 if (sk->sk_state == TCP_LISTEN) {
1653 ret = tcp_v6_do_rcv(sk, skb);
1654 goto put_and_return;
1655 }
1656
1657 sk_incoming_cpu_update(sk);
1658
293b9c42 1659 bh_lock_sock_nested(sk);
a44d6eac 1660 tcp_segs_in(tcp_sk(sk), skb);
1da177e4
LT		 1661 ret = 0;
1662 if (!sock_owned_by_user(sk)) {
8b27dae5
ED		 1663 skb_to_free = sk->sk_rx_skb_cache;
1664 sk->sk_rx_skb_cache = NULL;
e7942d06 1665 ret = tcp_v6_do_rcv(sk, skb);
8b27dae5
ED		 1666 } else {
1667 if (tcp_add_backlog(sk, skb))
1668 goto discard_and_relse;
1669 skb_to_free = NULL;
6b03a53a 1670 }
1da177e4 1671 bh_unlock_sock(sk);
8b27dae5
ED		 1672 if (skb_to_free)
1673 __kfree_skb(skb_to_free);
e994b2f0 1674put_and_return:
3b24d854
ED		 1675 if (refcounted)
1676 sock_put(sk);
1da177e4
LT		 1677 return ret ? -1 : 0;
1678
1679no_tcp_socket:
1680 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1681 goto discard_it;
1682
2dc49d16
ND		 1683 tcp_v6_fill_cb(skb, hdr, th);
1684
12e25e10 1685 if (tcp_checksum_complete(skb)) {
6a5dc9e5 1686csum_error:
90bbcc60 1687 __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS);
1da177e4 1688bad_packet:
90bbcc60 1689 __TCP_INC_STATS(net, TCP_MIB_INERRS);
1da177e4 1690 } else {
cfb6eeb4 1691 tcp_v6_send_reset(NULL, skb);
1da177e4
LT		 1692 }
1693
1694discard_it:
1da177e4
LT		 1695 kfree_skb(skb);
1696 return 0;
1697
1698discard_and_relse:
532182cd 1699 sk_drops_add(sk, skb);
3b24d854
ED		 1700 if (refcounted)
1701 sock_put(sk);
1da177e4
LT		 1702 goto discard_it;
1703
1704do_time_wait:
1705 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
9469c7b4 1706 inet_twsk_put(inet_twsk(sk));
1da177e4
LT		 1707 goto discard_it;
1708 }
1709
2dc49d16
ND		 1710 tcp_v6_fill_cb(skb, hdr, th);
1711
6a5dc9e5
ED		 1712 if (tcp_checksum_complete(skb)) {
1713 inet_twsk_put(inet_twsk(sk));
1714 goto csum_error;
1da177e4
LT		 1715 }
1716
9469c7b4 1717 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1da177e4
LT		 1718 case TCP_TW_SYN:
1719 {
1720 struct sock *sk2;
1721
c346dca1 1722 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
a583636a 1723 skb, __tcp_hdrlen(th),
5ba24953 1724 &ipv6_hdr(skb)->saddr, th->source,
0660e03f 1725 &ipv6_hdr(skb)->daddr,
24b711ed
DA		 1726 ntohs(th->dest),
1727 tcp_v6_iif_l3_slave(skb),
4297a0ef 1728 sdif);
53b24b8f 1729 if (sk2) {
295ff7ed 1730 struct inet_timewait_sock *tw = inet_twsk(sk);
dbe7faa4 1731 inet_twsk_deschedule_put(tw);
1da177e4 1732 sk = sk2;
4ad19de8 1733 tcp_v6_restore_cb(skb);
3b24d854 1734 refcounted = false;
1da177e4
LT		 1735 goto process;
1736 }
1da177e4 1737 }
275757e6
GS		 1738 /* to ACK */
1739 /* fall through */
1da177e4
LT		 1740 case TCP_TW_ACK:
1741 tcp_v6_timewait_ack(sk, skb);
1742 break;
1743 case TCP_TW_RST:
271c3b9b
FW		 1744 tcp_v6_send_reset(sk, skb);
1745 inet_twsk_deschedule_put(inet_twsk(sk));
1746 goto discard_it;
4aa956d8
WY		 1747 case TCP_TW_SUCCESS:
1748 ;
1da177e4
LT		 1749 }
1750 goto discard_it;
1751}
1752
97ff7ffb 1753INDIRECT_CALLABLE_SCOPE void tcp_v6_early_demux(struct sk_buff *skb)
c7109986
ED		 1754{
1755 const struct ipv6hdr *hdr;
1756 const struct tcphdr *th;
1757 struct sock *sk;
1758
1759 if (skb->pkt_type != PACKET_HOST)
1760 return;
1761
1762 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1763 return;
1764
1765 hdr = ipv6_hdr(skb);
1766 th = tcp_hdr(skb);
1767
1768 if (th->doff < sizeof(struct tcphdr) / 4)
1769 return;
1770
870c3151 1771 /* Note : We use inet6_iif() here, not tcp_v6_iif() */
c7109986
ED		 1772 sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1773 &hdr->saddr, th->source,
1774 &hdr->daddr, ntohs(th->dest),
4297a0ef 1775 inet6_iif(skb), inet6_sdif(skb));
c7109986
ED		 1776 if (sk) {
1777 skb->sk = sk;
1778 skb->destructor = sock_edemux;
f7e4eb03 1779 if (sk_fullsock(sk)) {
d0c294c5 1780 struct dst_entry *dst = READ_ONCE(sk->sk_rx_dst);
f3f12135 1781
c7109986 1782 if (dst)
93a77c11 1783 dst = dst_check(dst, tcp_inet6_sk(sk)->rx_dst_cookie);
c7109986 1784 if (dst &&
f3f12135 1785 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
c7109986
ED		 1786 skb_dst_set_noref(skb, dst);
1787 }
1788 }
1789}
1790
ccb7c410
DM		 1791static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1792 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
1793 .twsk_unique = tcp_twsk_unique,
4aa956d8 1794 .twsk_destructor = tcp_twsk_destructor,
ccb7c410
DM		 1795};
1796
35b2c321 1797const struct inet_connection_sock_af_ops ipv6_specific = {
543d9cfe
ACM		 1798 .queue_xmit = inet6_csk_xmit,
1799 .send_check = tcp_v6_send_check,
1800 .rebuild_header = inet6_sk_rebuild_header,
5d299f3d 1801 .sk_rx_dst_set = inet6_sk_rx_dst_set,
543d9cfe
ACM		 1802 .conn_request = tcp_v6_conn_request,
1803 .syn_recv_sock = tcp_v6_syn_recv_sock,
543d9cfe 1804 .net_header_len = sizeof(struct ipv6hdr),
67469601 1805 .net_frag_header_len = sizeof(struct frag_hdr),
543d9cfe
ACM		 1806 .setsockopt = ipv6_setsockopt,
1807 .getsockopt = ipv6_getsockopt,
1808 .addr2sockaddr = inet6_csk_addr2sockaddr,
1809 .sockaddr_len = sizeof(struct sockaddr_in6),
3fdadf7d 1810#ifdef CONFIG_COMPAT
543d9cfe
ACM		 1811 .compat_setsockopt = compat_ipv6_setsockopt,
1812 .compat_getsockopt = compat_ipv6_getsockopt,
3fdadf7d 1813#endif
4fab9071 1814 .mtu_reduced = tcp_v6_mtu_reduced,
1da177e4
LT		 1815};
1816
cfb6eeb4 1817#ifdef CONFIG_TCP_MD5SIG
b2e4b3de 1818static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
cfb6eeb4 1819 .md5_lookup = tcp_v6_md5_lookup,
49a72dfb 1820 .calc_md5_hash = tcp_v6_md5_hash_skb,
cfb6eeb4 1821 .md5_parse = tcp_v6_parse_md5_keys,
cfb6eeb4 1822};
a928630a 1823#endif
cfb6eeb4 1824
1da177e4
LT		 1825/*
1826 * TCP over IPv4 via INET6 API
1827 */
3b401a81 1828static const struct inet_connection_sock_af_ops ipv6_mapped = {
543d9cfe
ACM		 1829 .queue_xmit = ip_queue_xmit,
1830 .send_check = tcp_v4_send_check,
1831 .rebuild_header = inet_sk_rebuild_header,
63d02d15 1832 .sk_rx_dst_set = inet_sk_rx_dst_set,
543d9cfe
ACM		 1833 .conn_request = tcp_v6_conn_request,
1834 .syn_recv_sock = tcp_v6_syn_recv_sock,
543d9cfe
ACM		 1835 .net_header_len = sizeof(struct iphdr),
1836 .setsockopt = ipv6_setsockopt,
1837 .getsockopt = ipv6_getsockopt,
1838 .addr2sockaddr = inet6_csk_addr2sockaddr,
1839 .sockaddr_len = sizeof(struct sockaddr_in6),
3fdadf7d 1840#ifdef CONFIG_COMPAT
543d9cfe
ACM		 1841 .compat_setsockopt = compat_ipv6_setsockopt,
1842 .compat_getsockopt = compat_ipv6_getsockopt,
3fdadf7d 1843#endif
4fab9071 1844 .mtu_reduced = tcp_v4_mtu_reduced,
1da177e4
LT		 1845};
1846
cfb6eeb4 1847#ifdef CONFIG_TCP_MD5SIG
b2e4b3de 1848static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
cfb6eeb4 1849 .md5_lookup = tcp_v4_md5_lookup,
49a72dfb 1850 .calc_md5_hash = tcp_v4_md5_hash_skb,
cfb6eeb4 1851 .md5_parse = tcp_v6_parse_md5_keys,
cfb6eeb4 1852};
a928630a 1853#endif
cfb6eeb4 1854
1da177e4
LT		 1855/* NOTE: A lot of things set to zero explicitly by call to
1856 * sk_alloc() so need not be done here.
1857 */
1858static int tcp_v6_init_sock(struct sock *sk)
1859{
6687e988 1860 struct inet_connection_sock *icsk = inet_csk(sk);
1da177e4 1861
900f65d3 1862 tcp_init_sock(sk);
1da177e4 1863
8292a17a 1864 icsk->icsk_af_ops = &ipv6_specific;
1da177e4 1865
cfb6eeb4 1866#ifdef CONFIG_TCP_MD5SIG
ac807fa8 1867 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
cfb6eeb4
YH		 1868#endif
1869
1da177e4
LT		 1870 return 0;
1871}
1872
7d06b2e0 1873static void tcp_v6_destroy_sock(struct sock *sk)
1da177e4 1874{
1da177e4 1875 tcp_v4_destroy_sock(sk);
7d06b2e0 1876 inet6_destroy_sock(sk);
1da177e4
LT		 1877}
1878
952a10be 1879#ifdef CONFIG_PROC_FS
1da177e4 1880/* Proc filesystem TCPv6 sock list dumping. */
1ab1457c 1881static void get_openreq6(struct seq_file *seq,
aa3a0c8c 1882 const struct request_sock *req, int i)
1da177e4 1883{
fa76ce73 1884 long ttd = req->rsk_timer.expires - jiffies;
634fb979
ED		 1885 const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
1886 const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
1da177e4
LT		 1887
1888 if (ttd < 0)
1889 ttd = 0;
1890
1da177e4
LT		 1891 seq_printf(seq,
1892 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
d14c5ab6 1893 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
1da177e4
LT		 1894 i,
1895 src->s6_addr32[0], src->s6_addr32[1],
1896 src->s6_addr32[2], src->s6_addr32[3],
b44084c2 1897 inet_rsk(req)->ir_num,
1da177e4
LT		 1898 dest->s6_addr32[0], dest->s6_addr32[1],
1899 dest->s6_addr32[2], dest->s6_addr32[3],
634fb979 1900 ntohs(inet_rsk(req)->ir_rmt_port),
1da177e4 1901 TCP_SYN_RECV,
4c99aa40 1902 0, 0, /* could print option size, but that is af dependent. */
1ab1457c
YH		 1903 1, /* timers active (only the expire timer) */
1904 jiffies_to_clock_t(ttd),
e6c022a4 1905 req->num_timeout,
aa3a0c8c
ED		 1906 from_kuid_munged(seq_user_ns(seq),
1907 sock_i_uid(req->rsk_listener)),
1ab1457c 1908 0, /* non standard timer */
1da177e4
LT		 1909 0, /* open_requests have no inode */
1910 0, req);
1911}
1912
1913static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1914{
b71d1d42 1915 const struct in6_addr *dest, *src;
1da177e4
LT		 1916 __u16 destp, srcp;
1917 int timer_active;
1918 unsigned long timer_expires;
cf533ea5
ED		 1919 const struct inet_sock *inet = inet_sk(sp);
1920 const struct tcp_sock *tp = tcp_sk(sp);
463c84b9 1921 const struct inet_connection_sock *icsk = inet_csk(sp);
0536fcc0 1922 const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq;
00fd38d9
ED		 1923 int rx_queue;
1924 int state;
1da177e4 1925
efe4208f
ED		 1926 dest = &sp->sk_v6_daddr;
1927 src = &sp->sk_v6_rcv_saddr;
c720c7e8
ED		 1928 destp = ntohs(inet->inet_dport);
1929 srcp = ntohs(inet->inet_sport);
463c84b9 1930
ce3cf4ec 1931 if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
57dde7f7 1932 icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT ||
ce3cf4ec 1933 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
1da177e4 1934 timer_active = 1;
463c84b9
ACM		 1935 timer_expires = icsk->icsk_timeout;
1936 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1da177e4 1937 timer_active = 4;
463c84b9 1938 timer_expires = icsk->icsk_timeout;
1da177e4
LT		 1939 } else if (timer_pending(&sp->sk_timer)) {
1940 timer_active = 2;
1941 timer_expires = sp->sk_timer.expires;
1942 } else {
1943 timer_active = 0;
1944 timer_expires = jiffies;
1945 }
1946
986ffdfd 1947 state = inet_sk_state_load(sp);
00fd38d9 1948 if (state == TCP_LISTEN)
288efe86 1949 rx_queue = READ_ONCE(sp->sk_ack_backlog);
00fd38d9
ED		 1950 else
1951 /* Because we don't lock the socket,
1952 * we might find a transient negative value.
1953 */
dba7d9b8 1954 rx_queue = max_t(int, READ_ONCE(tp->rcv_nxt) -
7db48e98 1955 READ_ONCE(tp->copied_seq), 0);
00fd38d9 1956
1da177e4
LT		 1957 seq_printf(seq,
1958 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
d14c5ab6 1959 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
1da177e4
LT		 1960 i,
1961 src->s6_addr32[0], src->s6_addr32[1],
1962 src->s6_addr32[2], src->s6_addr32[3], srcp,
1963 dest->s6_addr32[0], dest->s6_addr32[1],
1964 dest->s6_addr32[2], dest->s6_addr32[3], destp,
00fd38d9 1965 state,
0f317464 1966 READ_ONCE(tp->write_seq) - tp->snd_una,
00fd38d9 1967 rx_queue,
1da177e4 1968 timer_active,
a399a805 1969 jiffies_delta_to_clock_t(timer_expires - jiffies),
463c84b9 1970 icsk->icsk_retransmits,
a7cb5a49 1971 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
6687e988 1972 icsk->icsk_probes_out,
1da177e4 1973 sock_i_ino(sp),
41c6d650 1974 refcount_read(&sp->sk_refcnt), sp,
7be87351
SH		 1975 jiffies_to_clock_t(icsk->icsk_rto),
1976 jiffies_to_clock_t(icsk->icsk_ack.ato),
31954cd8 1977 (icsk->icsk_ack.quick << 1) | inet_csk_in_pingpong_mode(sp),
0b6a05c1 1978 tp->snd_cwnd,
00fd38d9 1979 state == TCP_LISTEN ?
0536fcc0 1980 fastopenq->max_qlen :
0a672f74 1981 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
1da177e4
LT		 1982 );
1983}
1984
1ab1457c 1985static void get_timewait6_sock(struct seq_file *seq,
8feaf0c0 1986 struct inet_timewait_sock *tw, int i)
1da177e4 1987{
789f558c 1988 long delta = tw->tw_timer.expires - jiffies;
b71d1d42 1989 const struct in6_addr *dest, *src;
1da177e4 1990 __u16 destp, srcp;
1da177e4 1991
efe4208f
ED		 1992 dest = &tw->tw_v6_daddr;
1993 src = &tw->tw_v6_rcv_saddr;
1da177e4
LT		 1994 destp = ntohs(tw->tw_dport);
1995 srcp = ntohs(tw->tw_sport);
1996
1997 seq_printf(seq,
1998 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
71338aa7 1999 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1da177e4
LT		 2000 i,
2001 src->s6_addr32[0], src->s6_addr32[1],
2002 src->s6_addr32[2], src->s6_addr32[3], srcp,
2003 dest->s6_addr32[0], dest->s6_addr32[1],
2004 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2005 tw->tw_substate, 0, 0,
a399a805 2006 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
41c6d650 2007 refcount_read(&tw->tw_refcnt), tw);
1da177e4
LT		 2008}
2009
1da177e4
LT		 2010static int tcp6_seq_show(struct seq_file *seq, void *v)
2011{
2012 struct tcp_iter_state *st;
05dbc7b5 2013 struct sock *sk = v;
1da177e4
LT		 2014
2015 if (v == SEQ_START_TOKEN) {
2016 seq_puts(seq,
2017 " sl "
2018 "local_address "
2019 "remote_address "
2020 "st tx_queue rx_queue tr tm->when retrnsmt"
2021 " uid timeout inode\n");
2022 goto out;
2023 }
2024 st = seq->private;
2025
079096f1
ED		 2026 if (sk->sk_state == TCP_TIME_WAIT)
2027 get_timewait6_sock(seq, v, st->num);
2028 else if (sk->sk_state == TCP_NEW_SYN_RECV)
aa3a0c8c 2029 get_openreq6(seq, v, st->num);
079096f1
ED		 2030 else
2031 get_tcp6_sock(seq, v, st->num);
1da177e4
LT		 2032out:
2033 return 0;
2034}
2035
37d849bb
CH		 2036static const struct seq_operations tcp6_seq_ops = {
2037 .show = tcp6_seq_show,
2038 .start = tcp_seq_start,
2039 .next = tcp_seq_next,
2040 .stop = tcp_seq_stop,
2041};
2042
1da177e4 2043static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1da177e4 2044 .family = AF_INET6,
1da177e4
LT		 2045};
2046
2c8c1e72 2047int __net_init tcp6_proc_init(struct net *net)
1da177e4 2048{
c3506372
CH		 2049 if (!proc_create_net_data("tcp6", 0444, net->proc_net, &tcp6_seq_ops,
2050 sizeof(struct tcp_iter_state), &tcp6_seq_afinfo))
37d849bb
CH		 2051 return -ENOMEM;
2052 return 0;
1da177e4
LT		 2053}
2054
6f8b13bc 2055void tcp6_proc_exit(struct net *net)
1da177e4 2056{
37d849bb 2057 remove_proc_entry("tcp6", net->proc_net);
1da177e4
LT		 2058}
2059#endif
2060
2061struct proto tcpv6_prot = {
2062 .name = "TCPv6",
2063 .owner = THIS_MODULE,
2064 .close = tcp_close,
d74bad4e 2065 .pre_connect = tcp_v6_pre_connect,
1da177e4
LT		 2066 .connect = tcp_v6_connect,
2067 .disconnect = tcp_disconnect,
463c84b9 2068 .accept = inet_csk_accept,
1da177e4
LT		 2069 .ioctl = tcp_ioctl,
2070 .init = tcp_v6_init_sock,
2071 .destroy = tcp_v6_destroy_sock,
2072 .shutdown = tcp_shutdown,
2073 .setsockopt = tcp_setsockopt,
2074 .getsockopt = tcp_getsockopt,
4b9d07a4 2075 .keepalive = tcp_set_keepalive,
1da177e4 2076 .recvmsg = tcp_recvmsg,
7ba42910
CG		 2077 .sendmsg = tcp_sendmsg,
2078 .sendpage = tcp_sendpage,
1da177e4 2079 .backlog_rcv = tcp_v6_do_rcv,
46d3ceab 2080 .release_cb = tcp_release_cb,
496611d7 2081 .hash = inet6_hash,
ab1e0a13
ACM		 2082 .unhash = inet_unhash,
2083 .get_port = inet_csk_get_port,
1da177e4 2084 .enter_memory_pressure = tcp_enter_memory_pressure,
06044751 2085 .leave_memory_pressure = tcp_leave_memory_pressure,
c9bee3b7 2086 .stream_memory_free = tcp_stream_memory_free,
1da177e4
LT		 2087 .sockets_allocated = &tcp_sockets_allocated,
2088 .memory_allocated = &tcp_memory_allocated,
2089 .memory_pressure = &tcp_memory_pressure,
0a5578cf 2090 .orphan_count = &tcp_orphan_count,
a4fe34bf 2091 .sysctl_mem = sysctl_tcp_mem,
356d1833
ED		 2092 .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_tcp_wmem),
2093 .sysctl_rmem_offset = offsetof(struct net, ipv4.sysctl_tcp_rmem),
1da177e4
LT		 2094 .max_header = MAX_TCP_HEADER,
2095 .obj_size = sizeof(struct tcp6_sock),
5f0d5a3a 2096 .slab_flags = SLAB_TYPESAFE_BY_RCU,
6d6ee43e 2097 .twsk_prot = &tcp6_timewait_sock_ops,
60236fdd 2098 .rsk_prot = &tcp6_request_sock_ops,
39d8cda7 2099 .h.hashinfo = &tcp_hashinfo,
7ba42910 2100 .no_autobind = true,
543d9cfe
ACM		 2101#ifdef CONFIG_COMPAT
2102 .compat_setsockopt = compat_tcp_setsockopt,
2103 .compat_getsockopt = compat_tcp_getsockopt,
d1a4c0b3 2104#endif
c1e64e29 2105 .diag_destroy = tcp_abort,
1da177e4
LT		 2106};
2107
a8e3bb34
DA		 2108/* thinking of making this const? Don't.
2109 * early_demux can change based on sysctl.
2110 */
39294c3d 2111static struct inet6_protocol tcpv6_protocol = {
c7109986 2112 .early_demux = tcp_v6_early_demux,
dddb64bc 2113 .early_demux_handler = tcp_v6_early_demux,
1da177e4
LT		 2114 .handler = tcp_v6_rcv,
2115 .err_handler = tcp_v6_err,
2116 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2117};
2118
1da177e4
LT		 2119static struct inet_protosw tcpv6_protosw = {
2120 .type = SOCK_STREAM,
2121 .protocol = IPPROTO_TCP,
2122 .prot = &tcpv6_prot,
2123 .ops = &inet6_stream_ops,
d83d8461
ACM		 2124 .flags = INET_PROTOSW_PERMANENT |
2125 INET_PROTOSW_ICSK,
1da177e4
LT		 2126};
2127
2c8c1e72 2128static int __net_init tcpv6_net_init(struct net *net)
93ec926b 2129{
5677242f
DL		 2130 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2131 SOCK_RAW, IPPROTO_TCP, net);
93ec926b
DL		 2132}
2133
2c8c1e72 2134static void __net_exit tcpv6_net_exit(struct net *net)
93ec926b 2135{
5677242f 2136 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
b099ce26
EB		 2137}
2138
2c8c1e72 2139static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
b099ce26 2140{
1946e672 2141 inet_twsk_purge(&tcp_hashinfo, AF_INET6);
93ec926b
DL		 2142}
2143
2144static struct pernet_operations tcpv6_net_ops = {
b099ce26
EB		 2145 .init = tcpv6_net_init,
2146 .exit = tcpv6_net_exit,
2147 .exit_batch = tcpv6_net_exit_batch,
93ec926b
DL		 2148};
2149
7f4e4868 2150int __init tcpv6_init(void)
1da177e4 2151{
7f4e4868
DL		 2152 int ret;
2153
3336288a
VY		 2154 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2155 if (ret)
c6b641a4 2156 goto out;
3336288a 2157
1da177e4 2158 /* register inet6 protocol */
7f4e4868
DL		 2159 ret = inet6_register_protosw(&tcpv6_protosw);
2160 if (ret)
2161 goto out_tcpv6_protocol;
2162
93ec926b 2163 ret = register_pernet_subsys(&tcpv6_net_ops);
7f4e4868
DL		 2164 if (ret)
2165 goto out_tcpv6_protosw;
2166out:
2167 return ret;
ae0f7d5f 2168
7f4e4868
DL		 2169out_tcpv6_protosw:
2170 inet6_unregister_protosw(&tcpv6_protosw);
3336288a
VY		 2171out_tcpv6_protocol:
2172 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
7f4e4868
DL		 2173 goto out;
2174}
2175
09f7709f 2176void tcpv6_exit(void)
7f4e4868 2177{
93ec926b 2178 unregister_pernet_subsys(&tcpv6_net_ops);
7f4e4868
DL		 2179 inet6_unregister_protosw(&tcpv6_protosw);
2180 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
1da177e4 2181}
Ubuntu Jammy Linux kernel mirror