]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - net/ipv6/tcp_ipv6.c
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
inet: Use fallthrough;
[mirror_ubuntu-jammy-kernel.git] / net / ipv6 / tcp_ipv6.c
CommitLineData
2874c5fd 1// SPDX-License-Identifier: GPL-2.0-or-later
1da177e4
LT		 2/*
3 * TCP over IPv6
1ab1457c 4 * Linux INET6 implementation
1da177e4
LT		 5 *
6 * Authors:
1ab1457c 7 * Pedro Roque <roque@di.fc.ul.pt>
1da177e4 8 *
1ab1457c 9 * Based on:
1da177e4
LT		 10 * linux/net/ipv4/tcp.c
11 * linux/net/ipv4/tcp_input.c
12 * linux/net/ipv4/tcp_output.c
13 *
14 * Fixes:
15 * Hideaki YOSHIFUJI : sin6_scope_id support
16 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
17 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
18 * a single port at the same time.
19 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
1da177e4
LT		 20 */
21
eb4dea58 22#include <linux/bottom_half.h>
1da177e4 23#include <linux/module.h>
1da177e4
LT		 24#include <linux/errno.h>
25#include <linux/types.h>
26#include <linux/socket.h>
27#include <linux/sockios.h>
28#include <linux/net.h>
29#include <linux/jiffies.h>
30#include <linux/in.h>
31#include <linux/in6.h>
32#include <linux/netdevice.h>
33#include <linux/init.h>
34#include <linux/jhash.h>
35#include <linux/ipsec.h>
36#include <linux/times.h>
5a0e3ad6 37#include <linux/slab.h>
4aa956d8 38#include <linux/uaccess.h>
1da177e4
LT		 39#include <linux/ipv6.h>
40#include <linux/icmpv6.h>
41#include <linux/random.h>
0e219ae4 42#include <linux/indirect_call_wrapper.h>
1da177e4
LT		 43
44#include <net/tcp.h>
45#include <net/ndisc.h>
5324a040 46#include <net/inet6_hashtables.h>
8129765a 47#include <net/inet6_connection_sock.h>
1da177e4
LT		 48#include <net/ipv6.h>
49#include <net/transp_v6.h>
50#include <net/addrconf.h>
51#include <net/ip6_route.h>
52#include <net/ip6_checksum.h>
53#include <net/inet_ecn.h>
54#include <net/protocol.h>
55#include <net/xfrm.h>
1da177e4
LT		 56#include <net/snmp.h>
57#include <net/dsfield.h>
6d6ee43e 58#include <net/timewait_sock.h>
3d58b5fa 59#include <net/inet_common.h>
6e5714ea 60#include <net/secure_seq.h>
076bb0c8 61#include <net/busy_poll.h>
1da177e4 62
1da177e4
LT		 63#include <linux/proc_fs.h>
64#include <linux/seq_file.h>
65
cf80e0e4 66#include <crypto/hash.h>
cfb6eeb4
YH		 67#include <linux/scatterlist.h>
68
c24b14c4
SL		 69#include <trace/events/tcp.h>
70
a00e7444
ED		 71static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb);
72static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
6edafaaf 73 struct request_sock *req);
1da177e4
LT		 74
75static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
1da177e4 76
3b401a81 77static const struct inet_connection_sock_af_ops ipv6_mapped;
35b2c321 78const struct inet_connection_sock_af_ops ipv6_specific;
a928630a 79#ifdef CONFIG_TCP_MD5SIG
b2e4b3de
SH		 80static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
81static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
9501f972 82#else
51723935 83static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
dea53bb8
DA		 84 const struct in6_addr *addr,
85 int l3index)
9501f972
YH		 86{
87 return NULL;
88}
a928630a 89#endif
1da177e4 90
93a77c11
ED		 91/* Helper returning the inet6 address from a given tcp socket.
92 * It can be used in TCP stack instead of inet6_sk(sk).
93 * This avoids a dereference and allow compiler optimizations.
f5d54767 94 * It is a specialized version of inet6_sk_generic().
93a77c11
ED		 95 */
96static struct ipv6_pinfo *tcp_inet6_sk(const struct sock *sk)
97{
f5d54767 98 unsigned int offset = sizeof(struct tcp6_sock) - sizeof(struct ipv6_pinfo);
93a77c11 99
f5d54767 100 return (struct ipv6_pinfo *)(((u8 *)sk) + offset);
93a77c11
ED		 101}
102
fae6ef87
NC		 103static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
104{
105 struct dst_entry *dst = skb_dst(skb);
fae6ef87 106
5037e9ef 107 if (dst && dst_hold_safe(dst)) {
ca777eff
ED		 108 const struct rt6_info *rt = (const struct rt6_info *)dst;
109
ca777eff
ED		 110 sk->sk_rx_dst = dst;
111 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
93a77c11 112 tcp_inet6_sk(sk)->rx_dst_cookie = rt6_get_cookie(rt);
ca777eff 113 }
fae6ef87
NC		 114}
115
84b114b9 116static u32 tcp_v6_init_seq(const struct sk_buff *skb)
1da177e4 117{
84b114b9
ED		 118 return secure_tcpv6_seq(ipv6_hdr(skb)->daddr.s6_addr32,
119 ipv6_hdr(skb)->saddr.s6_addr32,
120 tcp_hdr(skb)->dest,
121 tcp_hdr(skb)->source);
122}
123
5d2ed052 124static u32 tcp_v6_init_ts_off(const struct net *net, const struct sk_buff *skb)
84b114b9 125{
5d2ed052 126 return secure_tcpv6_ts_off(net, ipv6_hdr(skb)->daddr.s6_addr32,
84b114b9 127 ipv6_hdr(skb)->saddr.s6_addr32);
1da177e4
LT		 128}
129
d74bad4e
AI		 130static int tcp_v6_pre_connect(struct sock *sk, struct sockaddr *uaddr,
131 int addr_len)
132{
133 /* This check is replicated from tcp_v6_connect() and intended to
134 * prevent BPF program called below from accessing bytes that are out
135 * of the bound specified by user in addr_len.
136 */
137 if (addr_len < SIN6_LEN_RFC2133)
138 return -EINVAL;
139
140 sock_owned_by_me(sk);
141
142 return BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr);
143}
144
1ab1457c 145static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
1da177e4
LT		 146 int addr_len)
147{
148 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
1ab1457c 149 struct inet_sock *inet = inet_sk(sk);
d83d8461 150 struct inet_connection_sock *icsk = inet_csk(sk);
93a77c11 151 struct ipv6_pinfo *np = tcp_inet6_sk(sk);
1da177e4 152 struct tcp_sock *tp = tcp_sk(sk);
20c59de2 153 struct in6_addr *saddr = NULL, *final_p, final;
45f6fad8 154 struct ipv6_txoptions *opt;
4c9483b2 155 struct flowi6 fl6;
1da177e4
LT		 156 struct dst_entry *dst;
157 int addr_type;
158 int err;
1946e672 159 struct inet_timewait_death_row *tcp_death_row = &sock_net(sk)->ipv4.tcp_death_row;
1da177e4 160
1ab1457c 161 if (addr_len < SIN6_LEN_RFC2133)
1da177e4
LT		 162 return -EINVAL;
163
1ab1457c 164 if (usin->sin6_family != AF_INET6)
a02cec21 165 return -EAFNOSUPPORT;
1da177e4 166
4c9483b2 167 memset(&fl6, 0, sizeof(fl6));
1da177e4
LT		 168
169 if (np->sndflow) {
4c9483b2
DM		 170 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
171 IP6_ECN_flow_init(fl6.flowlabel);
172 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
1da177e4 173 struct ip6_flowlabel *flowlabel;
4c9483b2 174 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
59c820b2 175 if (IS_ERR(flowlabel))
1da177e4 176 return -EINVAL;
1da177e4
LT		 177 fl6_sock_release(flowlabel);
178 }
179 }
180
181 /*
1ab1457c
YH		 182 * connect() to INADDR_ANY means loopback (BSD'ism).
183 */
184
052d2369
JL		 185 if (ipv6_addr_any(&usin->sin6_addr)) {
186 if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr))
187 ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK),
188 &usin->sin6_addr);
189 else
190 usin->sin6_addr = in6addr_loopback;
191 }
1da177e4
LT		 192
193 addr_type = ipv6_addr_type(&usin->sin6_addr);
194
4c99aa40 195 if (addr_type & IPV6_ADDR_MULTICAST)
1da177e4
LT		 196 return -ENETUNREACH;
197
198 if (addr_type&IPV6_ADDR_LINKLOCAL) {
199 if (addr_len >= sizeof(struct sockaddr_in6) &&
200 usin->sin6_scope_id) {
201 /* If interface is set while binding, indices
202 * must coincide.
203 */
54dc3e33 204 if (!sk_dev_equal_l3scope(sk, usin->sin6_scope_id))
1da177e4
LT		 205 return -EINVAL;
206
207 sk->sk_bound_dev_if = usin->sin6_scope_id;
208 }
209
210 /* Connect to link-local address requires an interface */
211 if (!sk->sk_bound_dev_if)
212 return -EINVAL;
213 }
214
215 if (tp->rx_opt.ts_recent_stamp &&
efe4208f 216 !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
1da177e4
LT		 217 tp->rx_opt.ts_recent = 0;
218 tp->rx_opt.ts_recent_stamp = 0;
0f317464 219 WRITE_ONCE(tp->write_seq, 0);
1da177e4
LT		 220 }
221
efe4208f 222 sk->sk_v6_daddr = usin->sin6_addr;
4c9483b2 223 np->flow_label = fl6.flowlabel;
1da177e4
LT		 224
225 /*
226 * TCP over IPv4
227 */
228
052d2369 229 if (addr_type & IPV6_ADDR_MAPPED) {
d83d8461 230 u32 exthdrlen = icsk->icsk_ext_hdr_len;
1da177e4
LT		 231 struct sockaddr_in sin;
232
1da177e4
LT		 233 if (__ipv6_only_sock(sk))
234 return -ENETUNREACH;
235
236 sin.sin_family = AF_INET;
237 sin.sin_port = usin->sin6_port;
238 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
239
d83d8461 240 icsk->icsk_af_ops = &ipv6_mapped;
cec37a6e 241 if (sk_is_mptcp(sk))
31484d56 242 mptcpv6_handle_mapped(sk, true);
1da177e4 243 sk->sk_backlog_rcv = tcp_v4_do_rcv;
cfb6eeb4
YH		 244#ifdef CONFIG_TCP_MD5SIG
245 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
246#endif
1da177e4
LT		 247
248 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
249
250 if (err) {
d83d8461
ACM		 251 icsk->icsk_ext_hdr_len = exthdrlen;
252 icsk->icsk_af_ops = &ipv6_specific;
cec37a6e 253 if (sk_is_mptcp(sk))
31484d56 254 mptcpv6_handle_mapped(sk, false);
1da177e4 255 sk->sk_backlog_rcv = tcp_v6_do_rcv;
cfb6eeb4
YH		 256#ifdef CONFIG_TCP_MD5SIG
257 tp->af_specific = &tcp_sock_ipv6_specific;
258#endif
1da177e4 259 goto failure;
1da177e4 260 }
d1e559d0 261 np->saddr = sk->sk_v6_rcv_saddr;
1da177e4
LT		 262
263 return err;
264 }
265
efe4208f
ED		 266 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
267 saddr = &sk->sk_v6_rcv_saddr;
1da177e4 268
4c9483b2 269 fl6.flowi6_proto = IPPROTO_TCP;
efe4208f 270 fl6.daddr = sk->sk_v6_daddr;
4e3fd7a0 271 fl6.saddr = saddr ? *saddr : np->saddr;
4c9483b2
DM		 272 fl6.flowi6_oif = sk->sk_bound_dev_if;
273 fl6.flowi6_mark = sk->sk_mark;
1958b856
DM		 274 fl6.fl6_dport = usin->sin6_port;
275 fl6.fl6_sport = inet->inet_sport;
e2d118a1 276 fl6.flowi6_uid = sk->sk_uid;
1da177e4 277
1e1d04e6 278 opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
45f6fad8 279 final_p = fl6_update_dst(&fl6, opt, &final);
1da177e4 280
4c9483b2 281 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
beb8d13b 282
c4e85f73 283 dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
68d0c6d3
DM		 284 if (IS_ERR(dst)) {
285 err = PTR_ERR(dst);
1da177e4 286 goto failure;
14e50e57 287 }
1da177e4 288
63159f29 289 if (!saddr) {
4c9483b2 290 saddr = &fl6.saddr;
efe4208f 291 sk->sk_v6_rcv_saddr = *saddr;
1da177e4
LT		 292 }
293
294 /* set the source address */
4e3fd7a0 295 np->saddr = *saddr;
c720c7e8 296 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
1da177e4 297
f83ef8c0 298 sk->sk_gso_type = SKB_GSO_TCPV6;
6bd4f355 299 ip6_dst_store(sk, dst, NULL, NULL);
1da177e4 300
d83d8461 301 icsk->icsk_ext_hdr_len = 0;
45f6fad8
ED		 302 if (opt)
303 icsk->icsk_ext_hdr_len = opt->opt_flen +
304 opt->opt_nflen;
1da177e4
LT		 305
306 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
307
c720c7e8 308 inet->inet_dport = usin->sin6_port;
1da177e4
LT		 309
310 tcp_set_state(sk, TCP_SYN_SENT);
1946e672 311 err = inet6_hash_connect(tcp_death_row, sk);
1da177e4
LT		 312 if (err)
313 goto late_failure;
314
877d1f62 315 sk_set_txhash(sk);
9e7ceb06 316
00355fa5 317 if (likely(!tp->repair)) {
00355fa5 318 if (!tp->write_seq)
0f317464
ED		 319 WRITE_ONCE(tp->write_seq,
320 secure_tcpv6_seq(np->saddr.s6_addr32,
321 sk->sk_v6_daddr.s6_addr32,
322 inet->inet_sport,
323 inet->inet_dport));
5d2ed052
ED		 324 tp->tsoffset = secure_tcpv6_ts_off(sock_net(sk),
325 np->saddr.s6_addr32,
84b114b9 326 sk->sk_v6_daddr.s6_addr32);
00355fa5 327 }
1da177e4 328
19f6d3f3
WW		 329 if (tcp_fastopen_defer_connect(sk, &err))
330 return err;
331 if (err)
332 goto late_failure;
333
1da177e4
LT		 334 err = tcp_connect(sk);
335 if (err)
336 goto late_failure;
337
338 return 0;
339
340late_failure:
341 tcp_set_state(sk, TCP_CLOSE);
1da177e4 342failure:
c720c7e8 343 inet->inet_dport = 0;
1da177e4
LT		 344 sk->sk_route_caps = 0;
345 return err;
346}
347
563d34d0
ED		 348static void tcp_v6_mtu_reduced(struct sock *sk)
349{
350 struct dst_entry *dst;
351
352 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
353 return;
354
355 dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info);
356 if (!dst)
357 return;
358
359 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
360 tcp_sync_mss(sk, dst_mtu(dst));
361 tcp_simple_retransmit(sk);
362 }
363}
364
32bbd879 365static int tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
d5fdd6ba 366 u8 type, u8 code, int offset, __be32 info)
1da177e4 367{
4c99aa40 368 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
505cbfc5 369 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
2215089b
ED		 370 struct net *net = dev_net(skb->dev);
371 struct request_sock *fastopen;
1da177e4 372 struct ipv6_pinfo *np;
1ab1457c 373 struct tcp_sock *tp;
0a672f74 374 __u32 seq, snd_una;
2215089b 375 struct sock *sk;
9cf74903 376 bool fatal;
2215089b 377 int err;
1da177e4 378
2215089b
ED		 379 sk = __inet6_lookup_established(net, &tcp_hashinfo,
380 &hdr->daddr, th->dest,
381 &hdr->saddr, ntohs(th->source),
4297a0ef 382 skb->dev->ifindex, inet6_sdif(skb));
1da177e4 383
2215089b 384 if (!sk) {
a16292a0
ED		 385 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev),
386 ICMP6_MIB_INERRORS);
32bbd879 387 return -ENOENT;
1da177e4
LT		 388 }
389
390 if (sk->sk_state == TCP_TIME_WAIT) {
9469c7b4 391 inet_twsk_put(inet_twsk(sk));
32bbd879 392 return 0;
1da177e4 393 }
2215089b 394 seq = ntohl(th->seq);
9cf74903 395 fatal = icmpv6_err_convert(type, code, &err);
32bbd879
SB		 396 if (sk->sk_state == TCP_NEW_SYN_RECV) {
397 tcp_req_err(sk, seq, fatal);
398 return 0;
399 }
1da177e4
LT		 400
401 bh_lock_sock(sk);
563d34d0 402 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
02a1d6e7 403 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS);
1da177e4
LT		 404
405 if (sk->sk_state == TCP_CLOSE)
406 goto out;
407
93a77c11 408 if (ipv6_hdr(skb)->hop_limit < tcp_inet6_sk(sk)->min_hopcount) {
02a1d6e7 409 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
e802af9c
SH		 410 goto out;
411 }
412
1da177e4 413 tp = tcp_sk(sk);
0a672f74 414 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
d983ea6f 415 fastopen = rcu_dereference(tp->fastopen_rsk);
0a672f74 416 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
1da177e4 417 if (sk->sk_state != TCP_LISTEN &&
0a672f74 418 !between(seq, snd_una, tp->snd_nxt)) {
02a1d6e7 419 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
1da177e4
LT		 420 goto out;
421 }
422
93a77c11 423 np = tcp_inet6_sk(sk);
1da177e4 424
ec18d9a2 425 if (type == NDISC_REDIRECT) {
45caeaa5
JM		 426 if (!sock_owned_by_user(sk)) {
427 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
ec18d9a2 428
45caeaa5
JM		 429 if (dst)
430 dst->ops->redirect(dst, sk, skb);
431 }
50a75a89 432 goto out;
ec18d9a2
DM		 433 }
434
1da177e4 435 if (type == ICMPV6_PKT_TOOBIG) {
0d4f0608
ED		 436 /* We are not interested in TCP_LISTEN and open_requests
437 * (SYN-ACKs send out by Linux are always <576bytes so
438 * they should go through unfragmented).
439 */
440 if (sk->sk_state == TCP_LISTEN)
441 goto out;
442
93b36cf3
HFS		 443 if (!ip6_sk_accept_pmtu(sk))
444 goto out;
445
563d34d0
ED		 446 tp->mtu_info = ntohl(info);
447 if (!sock_owned_by_user(sk))
448 tcp_v6_mtu_reduced(sk);
d013ef2a 449 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
7aa5470c 450 &sk->sk_tsq_flags))
d013ef2a 451 sock_hold(sk);
1da177e4
LT		 452 goto out;
453 }
454
1da177e4 455
60236fdd 456 /* Might be for an request_sock */
1da177e4 457 switch (sk->sk_state) {
1da177e4 458 case TCP_SYN_SENT:
0a672f74
YC		 459 case TCP_SYN_RECV:
460 /* Only in fast or simultaneous open. If a fast open socket is
461 * is already accepted it is treated as a connected one below.
462 */
63159f29 463 if (fastopen && !fastopen->sk)
0a672f74
YC		 464 break;
465
1da177e4 466 if (!sock_owned_by_user(sk)) {
1da177e4
LT		 467 sk->sk_err = err;
468 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
469
470 tcp_done(sk);
471 } else
472 sk->sk_err_soft = err;
473 goto out;
474 }
475
476 if (!sock_owned_by_user(sk) && np->recverr) {
477 sk->sk_err = err;
478 sk->sk_error_report(sk);
479 } else
480 sk->sk_err_soft = err;
481
482out:
483 bh_unlock_sock(sk);
484 sock_put(sk);
32bbd879 485 return 0;
1da177e4
LT		 486}
487
488
0f935dbe 489static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst,
d6274bd8 490 struct flowi *fl,
3840a06e 491 struct request_sock *req,
ca6fb065 492 struct tcp_fastopen_cookie *foc,
b3d05147 493 enum tcp_synack_type synack_type)
1da177e4 494{
634fb979 495 struct inet_request_sock *ireq = inet_rsk(req);
93a77c11 496 struct ipv6_pinfo *np = tcp_inet6_sk(sk);
56ac42bc 497 struct ipv6_txoptions *opt;
d6274bd8 498 struct flowi6 *fl6 = &fl->u.ip6;
4c99aa40 499 struct sk_buff *skb;
9494218f 500 int err = -ENOMEM;
1da177e4 501
9f10d3f6 502 /* First, grab a route. */
f76b33c3
ED		 503 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req,
504 IPPROTO_TCP)) == NULL)
fd80eb94 505 goto done;
9494218f 506
b3d05147 507 skb = tcp_make_synack(sk, dst, req, foc, synack_type);
9494218f 508
1da177e4 509 if (skb) {
634fb979
ED		 510 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
511 &ireq->ir_v6_rmt_addr);
1da177e4 512
634fb979 513 fl6->daddr = ireq->ir_v6_rmt_addr;
53b24b8f 514 if (np->repflow && ireq->pktopts)
df3687ff
FF		 515 fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
516
3e4006f0 517 rcu_read_lock();
56ac42bc
HD		 518 opt = ireq->ipv6_opt;
519 if (!opt)
520 opt = rcu_dereference(np->opt);
4f6570d7
ED		 521 err = ip6_xmit(sk, skb, fl6, sk->sk_mark, opt, np->tclass,
522 sk->sk_priority);
3e4006f0 523 rcu_read_unlock();
b9df3cb8 524 err = net_xmit_eval(err);
1da177e4
LT		 525 }
526
527done:
1da177e4
LT		 528 return err;
529}
530
72659ecc 531
60236fdd 532static void tcp_v6_reqsk_destructor(struct request_sock *req)
1da177e4 533{
56ac42bc 534 kfree(inet_rsk(req)->ipv6_opt);
634fb979 535 kfree_skb(inet_rsk(req)->pktopts);
1da177e4
LT		 536}
537
cfb6eeb4 538#ifdef CONFIG_TCP_MD5SIG
b83e3deb 539static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
dea53bb8
DA		 540 const struct in6_addr *addr,
541 int l3index)
cfb6eeb4 542{
dea53bb8
DA		 543 return tcp_md5_do_lookup(sk, l3index,
544 (union tcp_md5_addr *)addr, AF_INET6);
cfb6eeb4
YH		 545}
546
b83e3deb 547static struct tcp_md5sig_key *tcp_v6_md5_lookup(const struct sock *sk,
fd3a154a 548 const struct sock *addr_sk)
cfb6eeb4 549{
dea53bb8
DA		 550 int l3index;
551
552 l3index = l3mdev_master_ifindex_by_index(sock_net(sk),
553 addr_sk->sk_bound_dev_if);
554 return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr,
555 l3index);
cfb6eeb4
YH		 556}
557
8917a777
ID		 558static int tcp_v6_parse_md5_keys(struct sock *sk, int optname,
559 char __user *optval, int optlen)
cfb6eeb4
YH		 560{
561 struct tcp_md5sig cmd;
562 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
dea53bb8 563 int l3index = 0;
8917a777 564 u8 prefixlen;
cfb6eeb4
YH		 565
566 if (optlen < sizeof(cmd))
567 return -EINVAL;
568
569 if (copy_from_user(&cmd, optval, sizeof(cmd)))
570 return -EFAULT;
571
572 if (sin6->sin6_family != AF_INET6)
573 return -EINVAL;
574
8917a777
ID		 575 if (optname == TCP_MD5SIG_EXT &&
576 cmd.tcpm_flags & TCP_MD5SIG_FLAG_PREFIX) {
577 prefixlen = cmd.tcpm_prefixlen;
578 if (prefixlen > 128 || (ipv6_addr_v4mapped(&sin6->sin6_addr) &&
579 prefixlen > 32))
580 return -EINVAL;
581 } else {
582 prefixlen = ipv6_addr_v4mapped(&sin6->sin6_addr) ? 32 : 128;
583 }
584
6b102db5
DA		 585 if (optname == TCP_MD5SIG_EXT &&
586 cmd.tcpm_flags & TCP_MD5SIG_FLAG_IFINDEX) {
587 struct net_device *dev;
588
589 rcu_read_lock();
590 dev = dev_get_by_index_rcu(sock_net(sk), cmd.tcpm_ifindex);
591 if (dev && netif_is_l3_master(dev))
592 l3index = dev->ifindex;
593 rcu_read_unlock();
594
595 /* ok to reference set/not set outside of rcu;
596 * right now device MUST be an L3 master
597 */
598 if (!dev || !l3index)
599 return -EINVAL;
600 }
601
cfb6eeb4 602 if (!cmd.tcpm_keylen) {
e773e4fa 603 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
a915da9b 604 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
6b102db5
DA		 605 AF_INET, prefixlen,
606 l3index);
a915da9b 607 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
dea53bb8 608 AF_INET6, prefixlen, l3index);
cfb6eeb4
YH		 609 }
610
611 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
612 return -EINVAL;
613
a915da9b
ED		 614 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
615 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
dea53bb8
DA		 616 AF_INET, prefixlen, l3index,
617 cmd.tcpm_key, cmd.tcpm_keylen,
618 GFP_KERNEL);
cfb6eeb4 619
a915da9b 620 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
dea53bb8
DA		 621 AF_INET6, prefixlen, l3index,
622 cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
cfb6eeb4
YH		 623}
624
19689e38
ED		 625static int tcp_v6_md5_hash_headers(struct tcp_md5sig_pool *hp,
626 const struct in6_addr *daddr,
627 const struct in6_addr *saddr,
628 const struct tcphdr *th, int nbytes)
cfb6eeb4 629{
cfb6eeb4 630 struct tcp6_pseudohdr *bp;
49a72dfb 631 struct scatterlist sg;
19689e38 632 struct tcphdr *_th;
8d26d76d 633
19689e38 634 bp = hp->scratch;
cfb6eeb4 635 /* 1. TCP pseudo-header (RFC2460) */
4e3fd7a0
AD		 636 bp->saddr = *saddr;
637 bp->daddr = *daddr;
49a72dfb 638 bp->protocol = cpu_to_be32(IPPROTO_TCP);
00b1304c 639 bp->len = cpu_to_be32(nbytes);
cfb6eeb4 640
19689e38
ED		 641 _th = (struct tcphdr *)(bp + 1);
642 memcpy(_th, th, sizeof(*th));
643 _th->check = 0;
644
645 sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th));
646 ahash_request_set_crypt(hp->md5_req, &sg, NULL,
647 sizeof(*bp) + sizeof(*th));
cf80e0e4 648 return crypto_ahash_update(hp->md5_req);
49a72dfb 649}
c7da57a1 650
19689e38 651static int tcp_v6_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
b71d1d42 652 const struct in6_addr *daddr, struct in6_addr *saddr,
318cf7aa 653 const struct tcphdr *th)
49a72dfb
AL		 654{
655 struct tcp_md5sig_pool *hp;
cf80e0e4 656 struct ahash_request *req;
49a72dfb
AL		 657
658 hp = tcp_get_md5sig_pool();
659 if (!hp)
660 goto clear_hash_noput;
cf80e0e4 661 req = hp->md5_req;
49a72dfb 662
cf80e0e4 663 if (crypto_ahash_init(req))
49a72dfb 664 goto clear_hash;
19689e38 665 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, th->doff << 2))
49a72dfb
AL		 666 goto clear_hash;
667 if (tcp_md5_hash_key(hp, key))
668 goto clear_hash;
cf80e0e4
HX		 669 ahash_request_set_crypt(req, NULL, md5_hash, 0);
670 if (crypto_ahash_final(req))
cfb6eeb4 671 goto clear_hash;
cfb6eeb4 672
cfb6eeb4 673 tcp_put_md5sig_pool();
cfb6eeb4 674 return 0;
49a72dfb 675
cfb6eeb4
YH		 676clear_hash:
677 tcp_put_md5sig_pool();
678clear_hash_noput:
679 memset(md5_hash, 0, 16);
49a72dfb 680 return 1;
cfb6eeb4
YH		 681}
682
39f8e58e
ED		 683static int tcp_v6_md5_hash_skb(char *md5_hash,
684 const struct tcp_md5sig_key *key,
318cf7aa 685 const struct sock *sk,
318cf7aa 686 const struct sk_buff *skb)
cfb6eeb4 687{
b71d1d42 688 const struct in6_addr *saddr, *daddr;
49a72dfb 689 struct tcp_md5sig_pool *hp;
cf80e0e4 690 struct ahash_request *req;
318cf7aa 691 const struct tcphdr *th = tcp_hdr(skb);
cfb6eeb4 692
39f8e58e
ED		 693 if (sk) { /* valid for establish/request sockets */
694 saddr = &sk->sk_v6_rcv_saddr;
efe4208f 695 daddr = &sk->sk_v6_daddr;
49a72dfb 696 } else {
b71d1d42 697 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
49a72dfb
AL		 698 saddr = &ip6h->saddr;
699 daddr = &ip6h->daddr;
cfb6eeb4 700 }
49a72dfb
AL		 701
702 hp = tcp_get_md5sig_pool();
703 if (!hp)
704 goto clear_hash_noput;
cf80e0e4 705 req = hp->md5_req;
49a72dfb 706
cf80e0e4 707 if (crypto_ahash_init(req))
49a72dfb
AL		 708 goto clear_hash;
709
19689e38 710 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, skb->len))
49a72dfb
AL		 711 goto clear_hash;
712 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
713 goto clear_hash;
714 if (tcp_md5_hash_key(hp, key))
715 goto clear_hash;
cf80e0e4
HX		 716 ahash_request_set_crypt(req, NULL, md5_hash, 0);
717 if (crypto_ahash_final(req))
49a72dfb
AL		 718 goto clear_hash;
719
720 tcp_put_md5sig_pool();
721 return 0;
722
723clear_hash:
724 tcp_put_md5sig_pool();
725clear_hash_noput:
726 memset(md5_hash, 0, 16);
727 return 1;
cfb6eeb4
YH		 728}
729
ba8e275a
ED		 730#endif
731
732static bool tcp_v6_inbound_md5_hash(const struct sock *sk,
d14c77e0
DA		 733 const struct sk_buff *skb,
734 int dif, int sdif)
cfb6eeb4 735{
ba8e275a 736#ifdef CONFIG_TCP_MD5SIG
cf533ea5 737 const __u8 *hash_location = NULL;
cfb6eeb4 738 struct tcp_md5sig_key *hash_expected;
b71d1d42 739 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
318cf7aa 740 const struct tcphdr *th = tcp_hdr(skb);
dea53bb8 741 int genhash, l3index;
cfb6eeb4
YH		 742 u8 newhash[16];
743
dea53bb8
DA		 744 /* sdif set, means packet ingressed via a device
745 * in an L3 domain and dif is set to the l3mdev
746 */
747 l3index = sdif ? dif : 0;
748
749 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr, l3index);
7d5d5525 750 hash_location = tcp_parse_md5sig_option(th);
cfb6eeb4 751
785957d3
DM		 752 /* We've parsed the options - do we have a hash? */
753 if (!hash_expected && !hash_location)
ff74e23f 754 return false;
785957d3
DM		 755
756 if (hash_expected && !hash_location) {
c10d9310 757 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
ff74e23f 758 return true;
cfb6eeb4
YH		 759 }
760
785957d3 761 if (!hash_expected && hash_location) {
c10d9310 762 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
ff74e23f 763 return true;
cfb6eeb4
YH		 764 }
765
766 /* check the signature */
49a72dfb
AL		 767 genhash = tcp_v6_md5_hash_skb(newhash,
768 hash_expected,
39f8e58e 769 NULL, skb);
49a72dfb 770
cfb6eeb4 771 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
72145a68 772 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5FAILURE);
dea53bb8 773 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u L3 index %d\n",
e87cc472
JP		 774 genhash ? "failed" : "mismatch",
775 &ip6h->saddr, ntohs(th->source),
dea53bb8 776 &ip6h->daddr, ntohs(th->dest), l3index);
ff74e23f 777 return true;
cfb6eeb4 778 }
ba8e275a 779#endif
ff74e23f 780 return false;
cfb6eeb4 781}
cfb6eeb4 782
b40cf18e
ED		 783static void tcp_v6_init_req(struct request_sock *req,
784 const struct sock *sk_listener,
16bea70a
OP		 785 struct sk_buff *skb)
786{
c2027d1e 787 bool l3_slave = ipv6_l3mdev_skb(TCP_SKB_CB(skb)->header.h6.flags);
16bea70a 788 struct inet_request_sock *ireq = inet_rsk(req);
93a77c11 789 const struct ipv6_pinfo *np = tcp_inet6_sk(sk_listener);
16bea70a
OP		 790
791 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
792 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
793
16bea70a 794 /* So that link locals have meaning */
c2027d1e 795 if ((!sk_listener->sk_bound_dev_if || l3_slave) &&
16bea70a 796 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
870c3151 797 ireq->ir_iif = tcp_v6_iif(skb);
16bea70a 798
04317daf 799 if (!TCP_SKB_CB(skb)->tcp_tw_isn &&
b40cf18e 800 (ipv6_opt_accepted(sk_listener, skb, &TCP_SKB_CB(skb)->header.h6) ||
a224772d 801 np->rxopt.bits.rxinfo ||
16bea70a
OP		 802 np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim ||
803 np->rxopt.bits.rxohlim || np->repflow)) {
63354797 804 refcount_inc(&skb->users);
16bea70a
OP		 805 ireq->pktopts = skb;
806 }
807}
808
f964629e
ED		 809static struct dst_entry *tcp_v6_route_req(const struct sock *sk,
810 struct flowi *fl,
4396e461 811 const struct request_sock *req)
d94e0417 812{
f76b33c3 813 return inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP);
d94e0417
OP		 814}
815
c6aefafb 816struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
1da177e4 817 .family = AF_INET6,
2e6599cb 818 .obj_size = sizeof(struct tcp6_request_sock),
5db92c99 819 .rtx_syn_ack = tcp_rtx_synack,
60236fdd
ACM		 820 .send_ack = tcp_v6_reqsk_send_ack,
821 .destructor = tcp_v6_reqsk_destructor,
72659ecc 822 .send_reset = tcp_v6_send_reset,
4aa956d8 823 .syn_ack_timeout = tcp_syn_ack_timeout,
1da177e4
LT		 824};
825
35b2c321 826const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
2aec4a29
OP		 827 .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) -
828 sizeof(struct ipv6hdr),
16bea70a 829#ifdef CONFIG_TCP_MD5SIG
fd3a154a 830 .req_md5_lookup = tcp_v6_md5_lookup,
e3afe7b7 831 .calc_md5_hash = tcp_v6_md5_hash_skb,
b6332e6c 832#endif
16bea70a 833 .init_req = tcp_v6_init_req,
fb7b37a7
OP		 834#ifdef CONFIG_SYN_COOKIES
835 .cookie_init_seq = cookie_v6_init_sequence,
836#endif
d94e0417 837 .route_req = tcp_v6_route_req,
84b114b9
ED		 838 .init_seq = tcp_v6_init_seq,
839 .init_ts_off = tcp_v6_init_ts_off,
d6274bd8 840 .send_synack = tcp_v6_send_synack,
16bea70a 841};
cfb6eeb4 842
a00e7444 843static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 seq,
0f85feae
ED		 844 u32 ack, u32 win, u32 tsval, u32 tsecr,
845 int oif, struct tcp_md5sig_key *key, int rst,
e9a5dcee 846 u8 tclass, __be32 label, u32 priority)
1da177e4 847{
cf533ea5
ED		 848 const struct tcphdr *th = tcp_hdr(skb);
849 struct tcphdr *t1;
1da177e4 850 struct sk_buff *buff;
4c9483b2 851 struct flowi6 fl6;
0f85feae 852 struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
e5047992 853 struct sock *ctl_sk = net->ipv6.tcp_sk;
77c676da 854 unsigned int tot_len = sizeof(struct tcphdr);
adf30907 855 struct dst_entry *dst;
81ada62d 856 __be32 *topt;
00483690 857 __u32 mark = 0;
1da177e4 858
ee684b6f 859 if (tsecr)
626e264d 860 tot_len += TCPOLEN_TSTAMP_ALIGNED;
cfb6eeb4 861#ifdef CONFIG_TCP_MD5SIG
cfb6eeb4
YH		 862 if (key)
863 tot_len += TCPOLEN_MD5SIG_ALIGNED;
864#endif
865
cfb6eeb4 866 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1da177e4 867 GFP_ATOMIC);
63159f29 868 if (!buff)
1ab1457c 869 return;
1da177e4 870
cfb6eeb4 871 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1da177e4 872
d58ff351 873 t1 = skb_push(buff, tot_len);
6651ffc8 874 skb_reset_transport_header(buff);
1da177e4
LT		 875
876 /* Swap the send and the receive. */
877 memset(t1, 0, sizeof(*t1));
878 t1->dest = th->source;
879 t1->source = th->dest;
cfb6eeb4 880 t1->doff = tot_len / 4;
626e264d
IJ		 881 t1->seq = htonl(seq);
882 t1->ack_seq = htonl(ack);
883 t1->ack = !rst || !th->ack;
884 t1->rst = rst;
885 t1->window = htons(win);
1da177e4 886
81ada62d
IJ		 887 topt = (__be32 *)(t1 + 1);
888
ee684b6f 889 if (tsecr) {
626e264d
IJ		 890 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
891 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
ee684b6f
AV		 892 *topt++ = htonl(tsval);
893 *topt++ = htonl(tsecr);
626e264d
IJ		 894 }
895
cfb6eeb4
YH		 896#ifdef CONFIG_TCP_MD5SIG
897 if (key) {
81ada62d
IJ		 898 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
899 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
900 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
78e645cb
IJ		 901 &ipv6_hdr(skb)->saddr,
902 &ipv6_hdr(skb)->daddr, t1);
cfb6eeb4
YH		 903 }
904#endif
905
4c9483b2 906 memset(&fl6, 0, sizeof(fl6));
4e3fd7a0
AD		 907 fl6.daddr = ipv6_hdr(skb)->saddr;
908 fl6.saddr = ipv6_hdr(skb)->daddr;
1d13a96c 909 fl6.flowlabel = label;
1da177e4 910
e5700aff
DM		 911 buff->ip_summed = CHECKSUM_PARTIAL;
912 buff->csum = 0;
913
4c9483b2 914 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
1da177e4 915
4c9483b2 916 fl6.flowi6_proto = IPPROTO_TCP;
a36dbdb2 917 if (rt6_need_strict(&fl6.daddr) && !oif)
870c3151 918 fl6.flowi6_oif = tcp_v6_iif(skb);
9b6c14d5
DA		 919 else {
920 if (!oif && netif_index_is_l3_master(net, skb->skb_iif))
921 oif = skb->skb_iif;
922
923 fl6.flowi6_oif = oif;
924 }
1d2f7b2d 925
c67b8555
ED		 926 if (sk) {
927 if (sk->sk_state == TCP_TIME_WAIT) {
928 mark = inet_twsk(sk)->tw_mark;
929 /* autoflowlabel relies on buff->hash */
930 skb_set_hash(buff, inet_twsk(sk)->tw_txhash,
931 PKT_HASH_TYPE_L4);
932 } else {
933 mark = sk->sk_mark;
934 }
d6fb396c 935 buff->tstamp = tcp_transmit_time(sk);
c67b8555 936 }
00483690 937 fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark) ?: mark;
1958b856
DM		 938 fl6.fl6_dport = t1->dest;
939 fl6.fl6_sport = t1->source;
e2d118a1 940 fl6.flowi6_uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL);
4c9483b2 941 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
1da177e4 942
c20121ae
DL		 943 /* Pass a socket to ip6_dst_lookup either it is for RST
944 * Underlying function will use this to retrieve the network
945 * namespace
946 */
c4e85f73 947 dst = ip6_dst_lookup_flow(sock_net(ctl_sk), ctl_sk, &fl6, NULL);
68d0c6d3
DM		 948 if (!IS_ERR(dst)) {
949 skb_dst_set(buff, dst);
4f6570d7 950 ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL, tclass,
e9a5dcee 951 priority);
c10d9310 952 TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
68d0c6d3 953 if (rst)
c10d9310 954 TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
68d0c6d3 955 return;
1da177e4
LT		 956 }
957
958 kfree_skb(buff);
959}
960
a00e7444 961static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb)
1da177e4 962{
cf533ea5 963 const struct tcphdr *th = tcp_hdr(skb);
323a53c4 964 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
626e264d 965 u32 seq = 0, ack_seq = 0;
fa3e5b4e 966 struct tcp_md5sig_key *key = NULL;
658ddaaf
SL		 967#ifdef CONFIG_TCP_MD5SIG
968 const __u8 *hash_location = NULL;
658ddaaf
SL		 969 unsigned char newhash[16];
970 int genhash;
971 struct sock *sk1 = NULL;
972#endif
323a53c4 973 __be32 label = 0;
e9a5dcee 974 u32 priority = 0;
323a53c4 975 struct net *net;
c24b14c4 976 int oif = 0;
1da177e4 977
626e264d 978 if (th->rst)
1da177e4
LT		 979 return;
980
c3658e8d
ED		 981 /* If sk not NULL, it means we did a successful lookup and incoming
982 * route had to be correct. prequeue might have dropped our dst.
983 */
984 if (!sk && !ipv6_unicast_destination(skb))
626e264d 985 return;
1da177e4 986
39209673 987 net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
cfb6eeb4 988#ifdef CONFIG_TCP_MD5SIG
3b24d854 989 rcu_read_lock();
658ddaaf 990 hash_location = tcp_parse_md5sig_option(th);
271c3b9b 991 if (sk && sk_fullsock(sk)) {
dea53bb8
DA		 992 int l3index;
993
994 /* sdif set, means packet ingressed via a device
995 * in an L3 domain and inet_iif is set to it.
996 */
997 l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
998 key = tcp_v6_md5_do_lookup(sk, &ipv6h->saddr, l3index);
e46787f0 999 } else if (hash_location) {
d14c77e0
DA		 1000 int dif = tcp_v6_iif_l3_slave(skb);
1001 int sdif = tcp_v6_sdif(skb);
dea53bb8 1002 int l3index;
d14c77e0 1003
658ddaaf
SL		 1004 /*
1005 * active side is lost. Try to find listening socket through
1006 * source port, and then find md5 key through listening socket.
1007 * we are not loose security here:
1008 * Incoming packet is checked with md5 hash with finding key,
1009 * no RST generated if md5 hash doesn't match.
1010 */
323a53c4 1011 sk1 = inet6_lookup_listener(net,
a583636a
CG		 1012 &tcp_hashinfo, NULL, 0,
1013 &ipv6h->saddr,
5ba24953 1014 th->source, &ipv6h->daddr,
d14c77e0 1015 ntohs(th->source), dif, sdif);
658ddaaf 1016 if (!sk1)
3b24d854 1017 goto out;
658ddaaf 1018
dea53bb8
DA		 1019 /* sdif set, means packet ingressed via a device
1020 * in an L3 domain and dif is set to it.
1021 */
1022 l3index = tcp_v6_sdif(skb) ? dif : 0;
1023
1024 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr, l3index);
658ddaaf 1025 if (!key)
3b24d854 1026 goto out;
658ddaaf 1027
39f8e58e 1028 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, skb);
658ddaaf 1029 if (genhash || memcmp(hash_location, newhash, 16) != 0)
3b24d854 1030 goto out;
658ddaaf 1031 }
cfb6eeb4
YH		 1032#endif
1033
626e264d
IJ		 1034 if (th->ack)
1035 seq = ntohl(th->ack_seq);
1036 else
1037 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
1038 (th->doff << 2);
1da177e4 1039
c24b14c4
SL		 1040 if (sk) {
1041 oif = sk->sk_bound_dev_if;
052e0690
ED		 1042 if (sk_fullsock(sk)) {
1043 const struct ipv6_pinfo *np = tcp_inet6_sk(sk);
1044
5c487bb9 1045 trace_tcp_send_reset(sk, skb);
052e0690
ED		 1046 if (np->repflow)
1047 label = ip6_flowlabel(ipv6h);
e9a5dcee 1048 priority = sk->sk_priority;
052e0690 1049 }
f6c0f5d2 1050 if (sk->sk_state == TCP_TIME_WAIT) {
50a8accf 1051 label = cpu_to_be32(inet_twsk(sk)->tw_flowlabel);
f6c0f5d2
ED		 1052 priority = inet_twsk(sk)->tw_priority;
1053 }
323a53c4 1054 } else {
a346abe0 1055 if (net->ipv6.sysctl.flowlabel_reflect & FLOWLABEL_REFLECT_TCP_RESET)
323a53c4 1056 label = ip6_flowlabel(ipv6h);
c24b14c4
SL		 1057 }
1058
323a53c4 1059 tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, key, 1, 0,
e9a5dcee 1060 label, priority);
658ddaaf
SL		 1061
1062#ifdef CONFIG_TCP_MD5SIG
3b24d854
ED		 1063out:
1064 rcu_read_unlock();
658ddaaf 1065#endif
626e264d 1066}
1da177e4 1067
a00e7444 1068static void tcp_v6_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq,
0f85feae 1069 u32 ack, u32 win, u32 tsval, u32 tsecr, int oif,
1d13a96c 1070 struct tcp_md5sig_key *key, u8 tclass,
e9a5dcee 1071 __be32 label, u32 priority)
626e264d 1072{
0f85feae 1073 tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, key, 0,
e9a5dcee 1074 tclass, label, priority);
1da177e4
LT		 1075}
1076
1077static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1078{
8feaf0c0 1079 struct inet_timewait_sock *tw = inet_twsk(sk);
cfb6eeb4 1080 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1da177e4 1081
0f85feae 1082 tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
8feaf0c0 1083 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
9a568de4 1084 tcp_time_stamp_raw() + tcptw->tw_ts_offset,
9c76a114 1085 tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw),
f6c0f5d2 1086 tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel), tw->tw_priority);
1da177e4 1087
8feaf0c0 1088 inet_twsk_put(tw);
1da177e4
LT		 1089}
1090
a00e7444 1091static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
6edafaaf 1092 struct request_sock *req)
1da177e4 1093{
dea53bb8
DA		 1094 int l3index;
1095
1096 l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
1097
3a19ce0e
DL		 1098 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
1099 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
1100 */
20a2b49f
ED		 1101 /* RFC 7323 2.3
1102 * The window field (SEG.WND) of every outgoing segment, with the
1103 * exception of <SYN> segments, MUST be right-shifted by
1104 * Rcv.Wind.Shift bits:
1105 */
0f85feae 1106 tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ?
3a19ce0e 1107 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
20a2b49f
ED		 1108 tcp_rsk(req)->rcv_nxt,
1109 req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale,
9a568de4 1110 tcp_time_stamp_raw() + tcp_rsk(req)->ts_off,
95a22cae 1111 req->ts_recent, sk->sk_bound_dev_if,
dea53bb8 1112 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->saddr, l3index),
e9a5dcee 1113 0, 0, sk->sk_priority);
1da177e4
LT		 1114}
1115
1116
079096f1 1117static struct sock *tcp_v6_cookie_check(struct sock *sk, struct sk_buff *skb)
1da177e4 1118{
079096f1 1119#ifdef CONFIG_SYN_COOKIES
aa8223c7 1120 const struct tcphdr *th = tcp_hdr(skb);
1da177e4 1121
af9b4738 1122 if (!th->syn)
c6aefafb 1123 sk = cookie_v6_check(sk, skb);
1da177e4
LT		 1124#endif
1125 return sk;
1126}
1127
9349d600
PP		 1128u16 tcp_v6_get_syncookie(struct sock *sk, struct ipv6hdr *iph,
1129 struct tcphdr *th, u32 *cookie)
1130{
1131 u16 mss = 0;
1132#ifdef CONFIG_SYN_COOKIES
1133 mss = tcp_get_syncookie_mss(&tcp6_request_sock_ops,
1134 &tcp_request_sock_ipv6_ops, sk, th);
1135 if (mss) {
1136 *cookie = __cookie_v6_init_sequence(iph, th, &mss);
1137 tcp_synq_overflow(sk);
1138 }
1139#endif
1140 return mss;
1141}
1142
1da177e4
LT		 1143static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1144{
1da177e4
LT		 1145 if (skb->protocol == htons(ETH_P_IP))
1146 return tcp_v4_conn_request(sk, skb);
1147
1148 if (!ipv6_unicast_destination(skb))
1ab1457c 1149 goto drop;
1da177e4 1150
1fb6f159
OP		 1151 return tcp_conn_request(&tcp6_request_sock_ops,
1152 &tcp_request_sock_ipv6_ops, sk, skb);
1da177e4
LT		 1153
1154drop:
9caad864 1155 tcp_listendrop(sk);
1da177e4
LT		 1156 return 0; /* don't send reset */
1157}
1158
ebf6c9cb
ED		 1159static void tcp_v6_restore_cb(struct sk_buff *skb)
1160{
1161 /* We need to move header back to the beginning if xfrm6_policy_check()
1162 * and tcp_v6_fill_cb() are going to be called again.
1163 * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there.
1164 */
1165 memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
1166 sizeof(struct inet6_skb_parm));
1167}
1168
0c27171e 1169static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
4c99aa40 1170 struct request_sock *req,
5e0724d0
ED		 1171 struct dst_entry *dst,
1172 struct request_sock *req_unhash,
1173 bool *own_req)
1da177e4 1174{
634fb979 1175 struct inet_request_sock *ireq;
0c27171e 1176 struct ipv6_pinfo *newnp;
93a77c11 1177 const struct ipv6_pinfo *np = tcp_inet6_sk(sk);
45f6fad8 1178 struct ipv6_txoptions *opt;
1da177e4
LT		 1179 struct inet_sock *newinet;
1180 struct tcp_sock *newtp;
1181 struct sock *newsk;
cfb6eeb4
YH		 1182#ifdef CONFIG_TCP_MD5SIG
1183 struct tcp_md5sig_key *key;
dea53bb8 1184 int l3index;
cfb6eeb4 1185#endif
3840a06e 1186 struct flowi6 fl6;
1da177e4
LT		 1187
1188 if (skb->protocol == htons(ETH_P_IP)) {
1189 /*
1190 * v6 mapped
1191 */
1192
5e0724d0
ED		 1193 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst,
1194 req_unhash, own_req);
1da177e4 1195
63159f29 1196 if (!newsk)
1da177e4
LT		 1197 return NULL;
1198
93a77c11 1199 inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk);
1da177e4
LT		 1200
1201 newinet = inet_sk(newsk);
93a77c11 1202 newnp = tcp_inet6_sk(newsk);
1da177e4
LT		 1203 newtp = tcp_sk(newsk);
1204
1205 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1206
d1e559d0 1207 newnp->saddr = newsk->sk_v6_rcv_saddr;
1da177e4 1208
8292a17a 1209 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
cec37a6e 1210 if (sk_is_mptcp(newsk))
31484d56 1211 mptcpv6_handle_mapped(newsk, true);
1da177e4 1212 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
cfb6eeb4
YH		 1213#ifdef CONFIG_TCP_MD5SIG
1214 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1215#endif
1216
83eaddab 1217 newnp->ipv6_mc_list = NULL;
676a1184
YZ		 1218 newnp->ipv6_ac_list = NULL;
1219 newnp->ipv6_fl_list = NULL;
1da177e4
LT		 1220 newnp->pktoptions = NULL;
1221 newnp->opt = NULL;
89e41309
ED		 1222 newnp->mcast_oif = inet_iif(skb);
1223 newnp->mcast_hops = ip_hdr(skb)->ttl;
1224 newnp->rcv_flowinfo = 0;
df3687ff 1225 if (np->repflow)
89e41309 1226 newnp->flow_label = 0;
1da177e4 1227
e6848976
ACM		 1228 /*
1229 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1230 * here, tcp_create_openreq_child now does this for us, see the comment in
1231 * that function for the gory details. -acme
1da177e4 1232 */
1da177e4
LT		 1233
1234 /* It is tricky place. Until this moment IPv4 tcp
8292a17a 1235 worked with IPv6 icsk.icsk_af_ops.
1da177e4
LT		 1236 Sync it now.
1237 */
d83d8461 1238 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1da177e4
LT		 1239
1240 return newsk;
1241 }
1242
634fb979 1243 ireq = inet_rsk(req);
1da177e4
LT		 1244
1245 if (sk_acceptq_is_full(sk))
1246 goto out_overflow;
1247
493f377d 1248 if (!dst) {
f76b33c3 1249 dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_TCP);
493f377d 1250 if (!dst)
1da177e4 1251 goto out;
1ab1457c 1252 }
1da177e4
LT		 1253
1254 newsk = tcp_create_openreq_child(sk, req, skb);
63159f29 1255 if (!newsk)
093d2823 1256 goto out_nonewsk;
1da177e4 1257
e6848976
ACM		 1258 /*
1259 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1260 * count here, tcp_create_openreq_child now does this for us, see the
1261 * comment in that function for the gory details. -acme
1262 */
1da177e4 1263
59eed279 1264 newsk->sk_gso_type = SKB_GSO_TCPV6;
6bd4f355 1265 ip6_dst_store(newsk, dst, NULL, NULL);
fae6ef87 1266 inet6_sk_rx_dst_set(newsk, skb);
1da177e4 1267
93a77c11 1268 inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk);
1da177e4
LT		 1269
1270 newtp = tcp_sk(newsk);
1271 newinet = inet_sk(newsk);
93a77c11 1272 newnp = tcp_inet6_sk(newsk);
1da177e4
LT		 1273
1274 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1275
634fb979
ED		 1276 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
1277 newnp->saddr = ireq->ir_v6_loc_addr;
1278 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
1279 newsk->sk_bound_dev_if = ireq->ir_iif;
1da177e4 1280
1ab1457c 1281 /* Now IPv6 options...
1da177e4
LT		 1282
1283 First: no IPv4 options.
1284 */
f6d8bd05 1285 newinet->inet_opt = NULL;
83eaddab 1286 newnp->ipv6_mc_list = NULL;
676a1184 1287 newnp->ipv6_ac_list = NULL;
d35690be 1288 newnp->ipv6_fl_list = NULL;
1da177e4
LT		 1289
1290 /* Clone RX bits */
1291 newnp->rxopt.all = np->rxopt.all;
1292
1da177e4 1293 newnp->pktoptions = NULL;
1da177e4 1294 newnp->opt = NULL;
870c3151 1295 newnp->mcast_oif = tcp_v6_iif(skb);
0660e03f 1296 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1397ed35 1297 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
df3687ff
FF		 1298 if (np->repflow)
1299 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1da177e4
LT		 1300
1301 /* Clone native IPv6 options from listening socket (if any)
1302
1303 Yes, keeping reference count would be much more clever,
1304 but we make one more one thing there: reattach optmem
1305 to newsk.
1306 */
56ac42bc
HD		 1307 opt = ireq->ipv6_opt;
1308 if (!opt)
1309 opt = rcu_dereference(np->opt);
45f6fad8
ED		 1310 if (opt) {
1311 opt = ipv6_dup_options(newsk, opt);
1312 RCU_INIT_POINTER(newnp->opt, opt);
1313 }
d83d8461 1314 inet_csk(newsk)->icsk_ext_hdr_len = 0;
45f6fad8
ED		 1315 if (opt)
1316 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen +
1317 opt->opt_flen;
1da177e4 1318
81164413
DB		 1319 tcp_ca_openreq_child(newsk, dst);
1320
1da177e4 1321 tcp_sync_mss(newsk, dst_mtu(dst));
3541f9e8 1322 newtp->advmss = tcp_mss_clamp(tcp_sk(sk), dst_metric_advmss(dst));
d135c522 1323
1da177e4
LT		 1324 tcp_initialize_rcv_mss(newsk);
1325
c720c7e8
ED		 1326 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1327 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1da177e4 1328
cfb6eeb4 1329#ifdef CONFIG_TCP_MD5SIG
dea53bb8
DA		 1330 l3index = l3mdev_master_ifindex_by_index(sock_net(sk), ireq->ir_iif);
1331
cfb6eeb4 1332 /* Copy over the MD5 key from the original socket */
dea53bb8 1333 key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr, l3index);
53b24b8f 1334 if (key) {
cfb6eeb4
YH		 1335 /* We're using one, so create a matching key
1336 * on the newsk structure. If we fail to get
1337 * memory, then we end up not copying the key
1338 * across. Shucks.
1339 */
efe4208f 1340 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr,
dea53bb8 1341 AF_INET6, 128, l3index, key->key, key->keylen,
7450aaf6 1342 sk_gfp_mask(sk, GFP_ATOMIC));
cfb6eeb4
YH		 1343 }
1344#endif
1345
093d2823 1346 if (__inet_inherit_port(sk, newsk) < 0) {
e337e24d
CP		 1347 inet_csk_prepare_forced_close(newsk);
1348 tcp_done(newsk);
093d2823
BS		 1349 goto out;
1350 }
5e0724d0 1351 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash));
805c4bc0 1352 if (*own_req) {
49a496c9 1353 tcp_move_syn(newtp, req);
805c4bc0
ED		 1354
1355 /* Clone pktoptions received with SYN, if we own the req */
1356 if (ireq->pktopts) {
1357 newnp->pktoptions = skb_clone(ireq->pktopts,
7450aaf6 1358 sk_gfp_mask(sk, GFP_ATOMIC));
805c4bc0
ED		 1359 consume_skb(ireq->pktopts);
1360 ireq->pktopts = NULL;
ebf6c9cb
ED		 1361 if (newnp->pktoptions) {
1362 tcp_v6_restore_cb(newnp->pktoptions);
805c4bc0 1363 skb_set_owner_r(newnp->pktoptions, newsk);
ebf6c9cb 1364 }
805c4bc0 1365 }
ce105008 1366 }
1da177e4
LT		 1367
1368 return newsk;
1369
1370out_overflow:
02a1d6e7 1371 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
093d2823 1372out_nonewsk:
1da177e4 1373 dst_release(dst);
093d2823 1374out:
9caad864 1375 tcp_listendrop(sk);
1da177e4
LT		 1376 return NULL;
1377}
1378
1da177e4 1379/* The socket must have it's spinlock held when we get
e994b2f0 1380 * here, unless it is a TCP_LISTEN socket.
1da177e4
LT		 1381 *
1382 * We have a potential double-lock case here, so even when
1383 * doing backlog processing we use the BH locking scheme.
1384 * This is because we cannot sleep with the original spinlock
1385 * held.
1386 */
1387static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1388{
93a77c11 1389 struct ipv6_pinfo *np = tcp_inet6_sk(sk);
1da177e4 1390 struct sk_buff *opt_skb = NULL;
93a77c11 1391 struct tcp_sock *tp;
1da177e4
LT		 1392
1393 /* Imagine: socket is IPv6. IPv4 packet arrives,
1394 goes to IPv4 receive handler and backlogged.
1395 From backlog it always goes here. Kerboom...
1396 Fortunately, tcp_rcv_established and rcv_established
1397 handle them correctly, but it is not case with
1398 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1399 */
1400
1401 if (skb->protocol == htons(ETH_P_IP))
1402 return tcp_v4_do_rcv(sk, skb);
1403
1da177e4
LT		 1404 /*
1405 * socket locking is here for SMP purposes as backlog rcv
1406 * is currently called with bh processing disabled.
1407 */
1408
1409 /* Do Stevens' IPV6_PKTOPTIONS.
1410
1411 Yes, guys, it is the only place in our code, where we
1412 may make it not affecting IPv4.
1413 The rest of code is protocol independent,
1414 and I do not like idea to uglify IPv4.
1415
1416 Actually, all the idea behind IPV6_PKTOPTIONS
1417 looks not very well thought. For now we latch
1418 options, received in the last packet, enqueued
1419 by tcp. Feel free to propose better solution.
1ab1457c 1420 --ANK (980728)
1da177e4
LT		 1421 */
1422 if (np->rxopt.all)
7450aaf6 1423 opt_skb = skb_clone(skb, sk_gfp_mask(sk, GFP_ATOMIC));
1da177e4
LT		 1424
1425 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
5d299f3d
ED		 1426 struct dst_entry *dst = sk->sk_rx_dst;
1427
bdeab991 1428 sock_rps_save_rxhash(sk, skb);
3d97379a 1429 sk_mark_napi_id(sk, skb);
5d299f3d
ED		 1430 if (dst) {
1431 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
1432 dst->ops->check(dst, np->rx_dst_cookie) == NULL) {
1433 dst_release(dst);
1434 sk->sk_rx_dst = NULL;
1435 }
1436 }
1437
3d97d88e 1438 tcp_rcv_established(sk, skb);
1da177e4
LT		 1439 if (opt_skb)
1440 goto ipv6_pktoptions;
1441 return 0;
1442 }
1443
12e25e10 1444 if (tcp_checksum_complete(skb))
1da177e4
LT		 1445 goto csum_err;
1446
1ab1457c 1447 if (sk->sk_state == TCP_LISTEN) {
079096f1
ED		 1448 struct sock *nsk = tcp_v6_cookie_check(sk, skb);
1449
1da177e4
LT		 1450 if (!nsk)
1451 goto discard;
1452
4c99aa40 1453 if (nsk != sk) {
1da177e4
LT		 1454 if (tcp_child_process(sk, nsk, skb))
1455 goto reset;
1456 if (opt_skb)
1457 __kfree_skb(opt_skb);
1458 return 0;
1459 }
47482f13 1460 } else
bdeab991 1461 sock_rps_save_rxhash(sk, skb);
1da177e4 1462
72ab4a86 1463 if (tcp_rcv_state_process(sk, skb))
1da177e4 1464 goto reset;
1da177e4
LT		 1465 if (opt_skb)
1466 goto ipv6_pktoptions;
1467 return 0;
1468
1469reset:
cfb6eeb4 1470 tcp_v6_send_reset(sk, skb);
1da177e4
LT		 1471discard:
1472 if (opt_skb)
1473 __kfree_skb(opt_skb);
1474 kfree_skb(skb);
1475 return 0;
1476csum_err:
c10d9310
ED		 1477 TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS);
1478 TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS);
1da177e4
LT		 1479 goto discard;
1480
1481
1482ipv6_pktoptions:
1483 /* Do you ask, what is it?
1484
1485 1. skb was enqueued by tcp.
1486 2. skb is added to tail of read queue, rather than out of order.
1487 3. socket is not in passive state.
1488 4. Finally, it really contains options, which user wants to receive.
1489 */
1490 tp = tcp_sk(sk);
1491 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1492 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
333fad53 1493 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
870c3151 1494 np->mcast_oif = tcp_v6_iif(opt_skb);
333fad53 1495 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
0660e03f 1496 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
82e9f105 1497 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
1397ed35 1498 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
df3687ff
FF		 1499 if (np->repflow)
1500 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
a224772d 1501 if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) {
1da177e4 1502 skb_set_owner_r(opt_skb, sk);
8ce48623 1503 tcp_v6_restore_cb(opt_skb);
1da177e4
LT		 1504 opt_skb = xchg(&np->pktoptions, opt_skb);
1505 } else {
1506 __kfree_skb(opt_skb);
1507 opt_skb = xchg(&np->pktoptions, NULL);
1508 }
1509 }
1510
800d55f1 1511 kfree_skb(opt_skb);
1da177e4
LT		 1512 return 0;
1513}
1514
2dc49d16
ND		 1515static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
1516 const struct tcphdr *th)
1517{
1518 /* This is tricky: we move IP6CB at its correct location into
1519 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
1520 * _decode_session6() uses IP6CB().
1521 * barrier() makes sure compiler won't play aliasing games.
1522 */
1523 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
1524 sizeof(struct inet6_skb_parm));
1525 barrier();
1526
1527 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1528 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1529 skb->len - th->doff*4);
1530 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1531 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1532 TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1533 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1534 TCP_SKB_CB(skb)->sacked = 0;
98aaa913
MM		 1535 TCP_SKB_CB(skb)->has_rxtstamp =
1536 skb->tstamp || skb_hwtstamps(skb)->hwtstamp;
2dc49d16
ND		 1537}
1538
0e219ae4 1539INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
1da177e4 1540{
8b27dae5 1541 struct sk_buff *skb_to_free;
4297a0ef 1542 int sdif = inet6_sdif(skb);
d14c77e0 1543 int dif = inet6_iif(skb);
cf533ea5 1544 const struct tcphdr *th;
b71d1d42 1545 const struct ipv6hdr *hdr;
3b24d854 1546 bool refcounted;
1da177e4
LT		 1547 struct sock *sk;
1548 int ret;
a86b1e30 1549 struct net *net = dev_net(skb->dev);
1da177e4
LT		 1550
1551 if (skb->pkt_type != PACKET_HOST)
1552 goto discard_it;
1553
1554 /*
1555 * Count it even if it's bad.
1556 */
90bbcc60 1557 __TCP_INC_STATS(net, TCP_MIB_INSEGS);
1da177e4
LT		 1558
1559 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1560 goto discard_it;
1561
ea1627c2 1562 th = (const struct tcphdr *)skb->data;
1da177e4 1563
ea1627c2 1564 if (unlikely(th->doff < sizeof(struct tcphdr)/4))
1da177e4
LT		 1565 goto bad_packet;
1566 if (!pskb_may_pull(skb, th->doff*4))
1567 goto discard_it;
1568
e4f45b7f 1569 if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo))
6a5dc9e5 1570 goto csum_error;
1da177e4 1571
ea1627c2 1572 th = (const struct tcphdr *)skb->data;
e802af9c 1573 hdr = ipv6_hdr(skb);
1da177e4 1574
4bdc3d66 1575lookup:
a583636a 1576 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th),
4297a0ef 1577 th->source, th->dest, inet6_iif(skb), sdif,
3b24d854 1578 &refcounted);
1da177e4
LT		 1579 if (!sk)
1580 goto no_tcp_socket;
1581
1582process:
1583 if (sk->sk_state == TCP_TIME_WAIT)
1584 goto do_time_wait;
1585
079096f1
ED		 1586 if (sk->sk_state == TCP_NEW_SYN_RECV) {
1587 struct request_sock *req = inet_reqsk(sk);
e0f9759f 1588 bool req_stolen = false;
7716682c 1589 struct sock *nsk;
079096f1
ED		 1590
1591 sk = req->rsk_listener;
d14c77e0 1592 if (tcp_v6_inbound_md5_hash(sk, skb, dif, sdif)) {
e65c332d 1593 sk_drops_add(sk, skb);
079096f1
ED		 1594 reqsk_put(req);
1595 goto discard_it;
1596 }
4fd44a98
FL		 1597 if (tcp_checksum_complete(skb)) {
1598 reqsk_put(req);
1599 goto csum_error;
1600 }
7716682c 1601 if (unlikely(sk->sk_state != TCP_LISTEN)) {
f03f2e15 1602 inet_csk_reqsk_queue_drop_and_put(sk, req);
4bdc3d66
ED		 1603 goto lookup;
1604 }
7716682c 1605 sock_hold(sk);
3b24d854 1606 refcounted = true;
1f3b359f 1607 nsk = NULL;
eeea10b8
ED		 1608 if (!tcp_filter(sk, skb)) {
1609 th = (const struct tcphdr *)skb->data;
1610 hdr = ipv6_hdr(skb);
1611 tcp_v6_fill_cb(skb, hdr, th);
e0f9759f 1612 nsk = tcp_check_req(sk, skb, req, false, &req_stolen);
eeea10b8 1613 }
079096f1
ED		 1614 if (!nsk) {
1615 reqsk_put(req);
e0f9759f
ED		 1616 if (req_stolen) {
1617 /* Another cpu got exclusive access to req
1618 * and created a full blown socket.
1619 * Try to feed this packet to this socket
1620 * instead of discarding it.
1621 */
1622 tcp_v6_restore_cb(skb);
1623 sock_put(sk);
1624 goto lookup;
1625 }
7716682c 1626 goto discard_and_relse;
079096f1
ED		 1627 }
1628 if (nsk == sk) {
079096f1
ED		 1629 reqsk_put(req);
1630 tcp_v6_restore_cb(skb);
1631 } else if (tcp_child_process(sk, nsk, skb)) {
1632 tcp_v6_send_reset(nsk, skb);
7716682c 1633 goto discard_and_relse;
079096f1 1634 } else {
7716682c 1635 sock_put(sk);
079096f1
ED		 1636 return 0;
1637 }
1638 }
93a77c11 1639 if (hdr->hop_limit < tcp_inet6_sk(sk)->min_hopcount) {
02a1d6e7 1640 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
e802af9c
SH		 1641 goto discard_and_relse;
1642 }
1643
1da177e4
LT		 1644 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1645 goto discard_and_relse;
1646
d14c77e0 1647 if (tcp_v6_inbound_md5_hash(sk, skb, dif, sdif))
9ea88a15 1648 goto discard_and_relse;
9ea88a15 1649
ac6e7800 1650 if (tcp_filter(sk, skb))
1da177e4 1651 goto discard_and_relse;
ac6e7800
ED		 1652 th = (const struct tcphdr *)skb->data;
1653 hdr = ipv6_hdr(skb);
eeea10b8 1654 tcp_v6_fill_cb(skb, hdr, th);
1da177e4
LT		 1655
1656 skb->dev = NULL;
1657
e994b2f0
ED		 1658 if (sk->sk_state == TCP_LISTEN) {
1659 ret = tcp_v6_do_rcv(sk, skb);
1660 goto put_and_return;
1661 }
1662
1663 sk_incoming_cpu_update(sk);
1664
293b9c42 1665 bh_lock_sock_nested(sk);
a44d6eac 1666 tcp_segs_in(tcp_sk(sk), skb);
1da177e4
LT		 1667 ret = 0;
1668 if (!sock_owned_by_user(sk)) {
8b27dae5
ED		 1669 skb_to_free = sk->sk_rx_skb_cache;
1670 sk->sk_rx_skb_cache = NULL;
e7942d06 1671 ret = tcp_v6_do_rcv(sk, skb);
8b27dae5
ED		 1672 } else {
1673 if (tcp_add_backlog(sk, skb))
1674 goto discard_and_relse;
1675 skb_to_free = NULL;
6b03a53a 1676 }
1da177e4 1677 bh_unlock_sock(sk);
8b27dae5
ED		 1678 if (skb_to_free)
1679 __kfree_skb(skb_to_free);
e994b2f0 1680put_and_return:
3b24d854
ED		 1681 if (refcounted)
1682 sock_put(sk);
1da177e4
LT		 1683 return ret ? -1 : 0;
1684
1685no_tcp_socket:
1686 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1687 goto discard_it;
1688
2dc49d16
ND		 1689 tcp_v6_fill_cb(skb, hdr, th);
1690
12e25e10 1691 if (tcp_checksum_complete(skb)) {
6a5dc9e5 1692csum_error:
90bbcc60 1693 __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS);
1da177e4 1694bad_packet:
90bbcc60 1695 __TCP_INC_STATS(net, TCP_MIB_INERRS);
1da177e4 1696 } else {
cfb6eeb4 1697 tcp_v6_send_reset(NULL, skb);
1da177e4
LT		 1698 }
1699
1700discard_it:
1da177e4
LT		 1701 kfree_skb(skb);
1702 return 0;
1703
1704discard_and_relse:
532182cd 1705 sk_drops_add(sk, skb);
3b24d854
ED		 1706 if (refcounted)
1707 sock_put(sk);
1da177e4
LT		 1708 goto discard_it;
1709
1710do_time_wait:
1711 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
9469c7b4 1712 inet_twsk_put(inet_twsk(sk));
1da177e4
LT		 1713 goto discard_it;
1714 }
1715
2dc49d16
ND		 1716 tcp_v6_fill_cb(skb, hdr, th);
1717
6a5dc9e5
ED		 1718 if (tcp_checksum_complete(skb)) {
1719 inet_twsk_put(inet_twsk(sk));
1720 goto csum_error;
1da177e4
LT		 1721 }
1722
9469c7b4 1723 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1da177e4
LT		 1724 case TCP_TW_SYN:
1725 {
1726 struct sock *sk2;
1727
c346dca1 1728 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
a583636a 1729 skb, __tcp_hdrlen(th),
5ba24953 1730 &ipv6_hdr(skb)->saddr, th->source,
0660e03f 1731 &ipv6_hdr(skb)->daddr,
24b711ed
DA		 1732 ntohs(th->dest),
1733 tcp_v6_iif_l3_slave(skb),
4297a0ef 1734 sdif);
53b24b8f 1735 if (sk2) {
295ff7ed 1736 struct inet_timewait_sock *tw = inet_twsk(sk);
dbe7faa4 1737 inet_twsk_deschedule_put(tw);
1da177e4 1738 sk = sk2;
4ad19de8 1739 tcp_v6_restore_cb(skb);
3b24d854 1740 refcounted = false;
1da177e4
LT		 1741 goto process;
1742 }
1da177e4 1743 }
275757e6 1744 /* to ACK */
a8eceea8 1745 fallthrough;
1da177e4
LT		 1746 case TCP_TW_ACK:
1747 tcp_v6_timewait_ack(sk, skb);
1748 break;
1749 case TCP_TW_RST:
271c3b9b
FW		 1750 tcp_v6_send_reset(sk, skb);
1751 inet_twsk_deschedule_put(inet_twsk(sk));
1752 goto discard_it;
4aa956d8
WY		 1753 case TCP_TW_SUCCESS:
1754 ;
1da177e4
LT		 1755 }
1756 goto discard_it;
1757}
1758
97ff7ffb 1759INDIRECT_CALLABLE_SCOPE void tcp_v6_early_demux(struct sk_buff *skb)
c7109986
ED		 1760{
1761 const struct ipv6hdr *hdr;
1762 const struct tcphdr *th;
1763 struct sock *sk;
1764
1765 if (skb->pkt_type != PACKET_HOST)
1766 return;
1767
1768 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1769 return;
1770
1771 hdr = ipv6_hdr(skb);
1772 th = tcp_hdr(skb);
1773
1774 if (th->doff < sizeof(struct tcphdr) / 4)
1775 return;
1776
870c3151 1777 /* Note : We use inet6_iif() here, not tcp_v6_iif() */
c7109986
ED		 1778 sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1779 &hdr->saddr, th->source,
1780 &hdr->daddr, ntohs(th->dest),
4297a0ef 1781 inet6_iif(skb), inet6_sdif(skb));
c7109986
ED		 1782 if (sk) {
1783 skb->sk = sk;
1784 skb->destructor = sock_edemux;
f7e4eb03 1785 if (sk_fullsock(sk)) {
d0c294c5 1786 struct dst_entry *dst = READ_ONCE(sk->sk_rx_dst);
f3f12135 1787
c7109986 1788 if (dst)
93a77c11 1789 dst = dst_check(dst, tcp_inet6_sk(sk)->rx_dst_cookie);
c7109986 1790 if (dst &&
f3f12135 1791 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
c7109986
ED		 1792 skb_dst_set_noref(skb, dst);
1793 }
1794 }
1795}
1796
ccb7c410
DM		 1797static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1798 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
1799 .twsk_unique = tcp_twsk_unique,
4aa956d8 1800 .twsk_destructor = tcp_twsk_destructor,
ccb7c410
DM		 1801};
1802
35b2c321 1803const struct inet_connection_sock_af_ops ipv6_specific = {
543d9cfe
ACM		 1804 .queue_xmit = inet6_csk_xmit,
1805 .send_check = tcp_v6_send_check,
1806 .rebuild_header = inet6_sk_rebuild_header,
5d299f3d 1807 .sk_rx_dst_set = inet6_sk_rx_dst_set,
543d9cfe
ACM		 1808 .conn_request = tcp_v6_conn_request,
1809 .syn_recv_sock = tcp_v6_syn_recv_sock,
543d9cfe 1810 .net_header_len = sizeof(struct ipv6hdr),
67469601 1811 .net_frag_header_len = sizeof(struct frag_hdr),
543d9cfe
ACM		 1812 .setsockopt = ipv6_setsockopt,
1813 .getsockopt = ipv6_getsockopt,
1814 .addr2sockaddr = inet6_csk_addr2sockaddr,
1815 .sockaddr_len = sizeof(struct sockaddr_in6),
3fdadf7d 1816#ifdef CONFIG_COMPAT
543d9cfe
ACM		 1817 .compat_setsockopt = compat_ipv6_setsockopt,
1818 .compat_getsockopt = compat_ipv6_getsockopt,
3fdadf7d 1819#endif
4fab9071 1820 .mtu_reduced = tcp_v6_mtu_reduced,
1da177e4
LT		 1821};
1822
cfb6eeb4 1823#ifdef CONFIG_TCP_MD5SIG
b2e4b3de 1824static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
cfb6eeb4 1825 .md5_lookup = tcp_v6_md5_lookup,
49a72dfb 1826 .calc_md5_hash = tcp_v6_md5_hash_skb,
cfb6eeb4 1827 .md5_parse = tcp_v6_parse_md5_keys,
cfb6eeb4 1828};
a928630a 1829#endif
cfb6eeb4 1830
1da177e4
LT		 1831/*
1832 * TCP over IPv4 via INET6 API
1833 */
3b401a81 1834static const struct inet_connection_sock_af_ops ipv6_mapped = {
543d9cfe
ACM		 1835 .queue_xmit = ip_queue_xmit,
1836 .send_check = tcp_v4_send_check,
1837 .rebuild_header = inet_sk_rebuild_header,
63d02d15 1838 .sk_rx_dst_set = inet_sk_rx_dst_set,
543d9cfe
ACM		 1839 .conn_request = tcp_v6_conn_request,
1840 .syn_recv_sock = tcp_v6_syn_recv_sock,
543d9cfe
ACM		 1841 .net_header_len = sizeof(struct iphdr),
1842 .setsockopt = ipv6_setsockopt,
1843 .getsockopt = ipv6_getsockopt,
1844 .addr2sockaddr = inet6_csk_addr2sockaddr,
1845 .sockaddr_len = sizeof(struct sockaddr_in6),
3fdadf7d 1846#ifdef CONFIG_COMPAT
543d9cfe
ACM		 1847 .compat_setsockopt = compat_ipv6_setsockopt,
1848 .compat_getsockopt = compat_ipv6_getsockopt,
3fdadf7d 1849#endif
4fab9071 1850 .mtu_reduced = tcp_v4_mtu_reduced,
1da177e4
LT		 1851};
1852
cfb6eeb4 1853#ifdef CONFIG_TCP_MD5SIG
b2e4b3de 1854static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
cfb6eeb4 1855 .md5_lookup = tcp_v4_md5_lookup,
49a72dfb 1856 .calc_md5_hash = tcp_v4_md5_hash_skb,
cfb6eeb4 1857 .md5_parse = tcp_v6_parse_md5_keys,
cfb6eeb4 1858};
a928630a 1859#endif
cfb6eeb4 1860
1da177e4
LT		 1861/* NOTE: A lot of things set to zero explicitly by call to
1862 * sk_alloc() so need not be done here.
1863 */
1864static int tcp_v6_init_sock(struct sock *sk)
1865{
6687e988 1866 struct inet_connection_sock *icsk = inet_csk(sk);
1da177e4 1867
900f65d3 1868 tcp_init_sock(sk);
1da177e4 1869
8292a17a 1870 icsk->icsk_af_ops = &ipv6_specific;
1da177e4 1871
cfb6eeb4 1872#ifdef CONFIG_TCP_MD5SIG
ac807fa8 1873 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
cfb6eeb4
YH		 1874#endif
1875
1da177e4
LT		 1876 return 0;
1877}
1878
7d06b2e0 1879static void tcp_v6_destroy_sock(struct sock *sk)
1da177e4 1880{
1da177e4 1881 tcp_v4_destroy_sock(sk);
7d06b2e0 1882 inet6_destroy_sock(sk);
1da177e4
LT		 1883}
1884
952a10be 1885#ifdef CONFIG_PROC_FS
1da177e4 1886/* Proc filesystem TCPv6 sock list dumping. */
1ab1457c 1887static void get_openreq6(struct seq_file *seq,
aa3a0c8c 1888 const struct request_sock *req, int i)
1da177e4 1889{
fa76ce73 1890 long ttd = req->rsk_timer.expires - jiffies;
634fb979
ED		 1891 const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
1892 const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
1da177e4
LT		 1893
1894 if (ttd < 0)
1895 ttd = 0;
1896
1da177e4
LT		 1897 seq_printf(seq,
1898 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
d14c5ab6 1899 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
1da177e4
LT		 1900 i,
1901 src->s6_addr32[0], src->s6_addr32[1],
1902 src->s6_addr32[2], src->s6_addr32[3],
b44084c2 1903 inet_rsk(req)->ir_num,
1da177e4
LT		 1904 dest->s6_addr32[0], dest->s6_addr32[1],
1905 dest->s6_addr32[2], dest->s6_addr32[3],
634fb979 1906 ntohs(inet_rsk(req)->ir_rmt_port),
1da177e4 1907 TCP_SYN_RECV,
4c99aa40 1908 0, 0, /* could print option size, but that is af dependent. */
1ab1457c
YH		 1909 1, /* timers active (only the expire timer) */
1910 jiffies_to_clock_t(ttd),
e6c022a4 1911 req->num_timeout,
aa3a0c8c
ED		 1912 from_kuid_munged(seq_user_ns(seq),
1913 sock_i_uid(req->rsk_listener)),
1ab1457c 1914 0, /* non standard timer */
1da177e4
LT		 1915 0, /* open_requests have no inode */
1916 0, req);
1917}
1918
1919static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1920{
b71d1d42 1921 const struct in6_addr *dest, *src;
1da177e4
LT		 1922 __u16 destp, srcp;
1923 int timer_active;
1924 unsigned long timer_expires;
cf533ea5
ED		 1925 const struct inet_sock *inet = inet_sk(sp);
1926 const struct tcp_sock *tp = tcp_sk(sp);
463c84b9 1927 const struct inet_connection_sock *icsk = inet_csk(sp);
0536fcc0 1928 const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq;
00fd38d9
ED		 1929 int rx_queue;
1930 int state;
1da177e4 1931
efe4208f
ED		 1932 dest = &sp->sk_v6_daddr;
1933 src = &sp->sk_v6_rcv_saddr;
c720c7e8
ED		 1934 destp = ntohs(inet->inet_dport);
1935 srcp = ntohs(inet->inet_sport);
463c84b9 1936
ce3cf4ec 1937 if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
57dde7f7 1938 icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT ||
ce3cf4ec 1939 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
1da177e4 1940 timer_active = 1;
463c84b9
ACM		 1941 timer_expires = icsk->icsk_timeout;
1942 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1da177e4 1943 timer_active = 4;
463c84b9 1944 timer_expires = icsk->icsk_timeout;
1da177e4
LT		 1945 } else if (timer_pending(&sp->sk_timer)) {
1946 timer_active = 2;
1947 timer_expires = sp->sk_timer.expires;
1948 } else {
1949 timer_active = 0;
1950 timer_expires = jiffies;
1951 }
1952
986ffdfd 1953 state = inet_sk_state_load(sp);
00fd38d9 1954 if (state == TCP_LISTEN)
288efe86 1955 rx_queue = READ_ONCE(sp->sk_ack_backlog);
00fd38d9
ED		 1956 else
1957 /* Because we don't lock the socket,
1958 * we might find a transient negative value.
1959 */
dba7d9b8 1960 rx_queue = max_t(int, READ_ONCE(tp->rcv_nxt) -
7db48e98 1961 READ_ONCE(tp->copied_seq), 0);
00fd38d9 1962
1da177e4
LT		 1963 seq_printf(seq,
1964 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
d14c5ab6 1965 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
1da177e4
LT		 1966 i,
1967 src->s6_addr32[0], src->s6_addr32[1],
1968 src->s6_addr32[2], src->s6_addr32[3], srcp,
1969 dest->s6_addr32[0], dest->s6_addr32[1],
1970 dest->s6_addr32[2], dest->s6_addr32[3], destp,
00fd38d9 1971 state,
0f317464 1972 READ_ONCE(tp->write_seq) - tp->snd_una,
00fd38d9 1973 rx_queue,
1da177e4 1974 timer_active,
a399a805 1975 jiffies_delta_to_clock_t(timer_expires - jiffies),
463c84b9 1976 icsk->icsk_retransmits,
a7cb5a49 1977 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
6687e988 1978 icsk->icsk_probes_out,
1da177e4 1979 sock_i_ino(sp),
41c6d650 1980 refcount_read(&sp->sk_refcnt), sp,
7be87351
SH		 1981 jiffies_to_clock_t(icsk->icsk_rto),
1982 jiffies_to_clock_t(icsk->icsk_ack.ato),
31954cd8 1983 (icsk->icsk_ack.quick << 1) | inet_csk_in_pingpong_mode(sp),
0b6a05c1 1984 tp->snd_cwnd,
00fd38d9 1985 state == TCP_LISTEN ?
0536fcc0 1986 fastopenq->max_qlen :
0a672f74 1987 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
1da177e4
LT		 1988 );
1989}
1990
1ab1457c 1991static void get_timewait6_sock(struct seq_file *seq,
8feaf0c0 1992 struct inet_timewait_sock *tw, int i)
1da177e4 1993{
789f558c 1994 long delta = tw->tw_timer.expires - jiffies;
b71d1d42 1995 const struct in6_addr *dest, *src;
1da177e4 1996 __u16 destp, srcp;
1da177e4 1997
efe4208f
ED		 1998 dest = &tw->tw_v6_daddr;
1999 src = &tw->tw_v6_rcv_saddr;
1da177e4
LT		 2000 destp = ntohs(tw->tw_dport);
2001 srcp = ntohs(tw->tw_sport);
2002
2003 seq_printf(seq,
2004 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
71338aa7 2005 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1da177e4
LT		 2006 i,
2007 src->s6_addr32[0], src->s6_addr32[1],
2008 src->s6_addr32[2], src->s6_addr32[3], srcp,
2009 dest->s6_addr32[0], dest->s6_addr32[1],
2010 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2011 tw->tw_substate, 0, 0,
a399a805 2012 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
41c6d650 2013 refcount_read(&tw->tw_refcnt), tw);
1da177e4
LT		 2014}
2015
1da177e4
LT		 2016static int tcp6_seq_show(struct seq_file *seq, void *v)
2017{
2018 struct tcp_iter_state *st;
05dbc7b5 2019 struct sock *sk = v;
1da177e4
LT		 2020
2021 if (v == SEQ_START_TOKEN) {
2022 seq_puts(seq,
2023 " sl "
2024 "local_address "
2025 "remote_address "
2026 "st tx_queue rx_queue tr tm->when retrnsmt"
2027 " uid timeout inode\n");
2028 goto out;
2029 }
2030 st = seq->private;
2031
079096f1
ED		 2032 if (sk->sk_state == TCP_TIME_WAIT)
2033 get_timewait6_sock(seq, v, st->num);
2034 else if (sk->sk_state == TCP_NEW_SYN_RECV)
aa3a0c8c 2035 get_openreq6(seq, v, st->num);
079096f1
ED		 2036 else
2037 get_tcp6_sock(seq, v, st->num);
1da177e4
LT		 2038out:
2039 return 0;
2040}
2041
37d849bb
CH		 2042static const struct seq_operations tcp6_seq_ops = {
2043 .show = tcp6_seq_show,
2044 .start = tcp_seq_start,
2045 .next = tcp_seq_next,
2046 .stop = tcp_seq_stop,
2047};
2048
1da177e4 2049static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1da177e4 2050 .family = AF_INET6,
1da177e4
LT		 2051};
2052
2c8c1e72 2053int __net_init tcp6_proc_init(struct net *net)
1da177e4 2054{
c3506372
CH		 2055 if (!proc_create_net_data("tcp6", 0444, net->proc_net, &tcp6_seq_ops,
2056 sizeof(struct tcp_iter_state), &tcp6_seq_afinfo))
37d849bb
CH		 2057 return -ENOMEM;
2058 return 0;
1da177e4
LT		 2059}
2060
6f8b13bc 2061void tcp6_proc_exit(struct net *net)
1da177e4 2062{
37d849bb 2063 remove_proc_entry("tcp6", net->proc_net);
1da177e4
LT		 2064}
2065#endif
2066
2067struct proto tcpv6_prot = {
2068 .name = "TCPv6",
2069 .owner = THIS_MODULE,
2070 .close = tcp_close,
d74bad4e 2071 .pre_connect = tcp_v6_pre_connect,
1da177e4
LT		 2072 .connect = tcp_v6_connect,
2073 .disconnect = tcp_disconnect,
463c84b9 2074 .accept = inet_csk_accept,
1da177e4
LT		 2075 .ioctl = tcp_ioctl,
2076 .init = tcp_v6_init_sock,
2077 .destroy = tcp_v6_destroy_sock,
2078 .shutdown = tcp_shutdown,
2079 .setsockopt = tcp_setsockopt,
2080 .getsockopt = tcp_getsockopt,
4b9d07a4 2081 .keepalive = tcp_set_keepalive,
1da177e4 2082 .recvmsg = tcp_recvmsg,
7ba42910
CG		 2083 .sendmsg = tcp_sendmsg,
2084 .sendpage = tcp_sendpage,
1da177e4 2085 .backlog_rcv = tcp_v6_do_rcv,
46d3ceab 2086 .release_cb = tcp_release_cb,
496611d7 2087 .hash = inet6_hash,
ab1e0a13
ACM		 2088 .unhash = inet_unhash,
2089 .get_port = inet_csk_get_port,
1da177e4 2090 .enter_memory_pressure = tcp_enter_memory_pressure,
06044751 2091 .leave_memory_pressure = tcp_leave_memory_pressure,
c9bee3b7 2092 .stream_memory_free = tcp_stream_memory_free,
1da177e4
LT		 2093 .sockets_allocated = &tcp_sockets_allocated,
2094 .memory_allocated = &tcp_memory_allocated,
2095 .memory_pressure = &tcp_memory_pressure,
0a5578cf 2096 .orphan_count = &tcp_orphan_count,
a4fe34bf 2097 .sysctl_mem = sysctl_tcp_mem,
356d1833
ED		 2098 .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_tcp_wmem),
2099 .sysctl_rmem_offset = offsetof(struct net, ipv4.sysctl_tcp_rmem),
1da177e4
LT		 2100 .max_header = MAX_TCP_HEADER,
2101 .obj_size = sizeof(struct tcp6_sock),
5f0d5a3a 2102 .slab_flags = SLAB_TYPESAFE_BY_RCU,
6d6ee43e 2103 .twsk_prot = &tcp6_timewait_sock_ops,
60236fdd 2104 .rsk_prot = &tcp6_request_sock_ops,
39d8cda7 2105 .h.hashinfo = &tcp_hashinfo,
7ba42910 2106 .no_autobind = true,
543d9cfe
ACM		 2107#ifdef CONFIG_COMPAT
2108 .compat_setsockopt = compat_tcp_setsockopt,
2109 .compat_getsockopt = compat_tcp_getsockopt,
d1a4c0b3 2110#endif
c1e64e29 2111 .diag_destroy = tcp_abort,
1da177e4
LT		 2112};
2113
a8e3bb34
DA		 2114/* thinking of making this const? Don't.
2115 * early_demux can change based on sysctl.
2116 */
39294c3d 2117static struct inet6_protocol tcpv6_protocol = {
c7109986 2118 .early_demux = tcp_v6_early_demux,
dddb64bc 2119 .early_demux_handler = tcp_v6_early_demux,
1da177e4
LT		 2120 .handler = tcp_v6_rcv,
2121 .err_handler = tcp_v6_err,
2122 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2123};
2124
1da177e4
LT		 2125static struct inet_protosw tcpv6_protosw = {
2126 .type = SOCK_STREAM,
2127 .protocol = IPPROTO_TCP,
2128 .prot = &tcpv6_prot,
2129 .ops = &inet6_stream_ops,
d83d8461
ACM		 2130 .flags = INET_PROTOSW_PERMANENT |
2131 INET_PROTOSW_ICSK,
1da177e4
LT		 2132};
2133
2c8c1e72 2134static int __net_init tcpv6_net_init(struct net *net)
93ec926b 2135{
5677242f
DL		 2136 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2137 SOCK_RAW, IPPROTO_TCP, net);
93ec926b
DL		 2138}
2139
2c8c1e72 2140static void __net_exit tcpv6_net_exit(struct net *net)
93ec926b 2141{
5677242f 2142 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
b099ce26
EB		 2143}
2144
2c8c1e72 2145static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
b099ce26 2146{
1946e672 2147 inet_twsk_purge(&tcp_hashinfo, AF_INET6);
93ec926b
DL		 2148}
2149
2150static struct pernet_operations tcpv6_net_ops = {
b099ce26
EB		 2151 .init = tcpv6_net_init,
2152 .exit = tcpv6_net_exit,
2153 .exit_batch = tcpv6_net_exit_batch,
93ec926b
DL		 2154};
2155
7f4e4868 2156int __init tcpv6_init(void)
1da177e4 2157{
7f4e4868
DL		 2158 int ret;
2159
3336288a
VY		 2160 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2161 if (ret)
c6b641a4 2162 goto out;
3336288a 2163
1da177e4 2164 /* register inet6 protocol */
7f4e4868
DL		 2165 ret = inet6_register_protosw(&tcpv6_protosw);
2166 if (ret)
2167 goto out_tcpv6_protocol;
2168
93ec926b 2169 ret = register_pernet_subsys(&tcpv6_net_ops);
7f4e4868
DL		 2170 if (ret)
2171 goto out_tcpv6_protosw;
f870fa0b
MM		 2172
2173 ret = mptcpv6_init();
2174 if (ret)
2175 goto out_tcpv6_pernet_subsys;
2176
7f4e4868
DL		 2177out:
2178 return ret;
ae0f7d5f 2179
f870fa0b
MM		 2180out_tcpv6_pernet_subsys:
2181 unregister_pernet_subsys(&tcpv6_net_ops);
7f4e4868
DL		 2182out_tcpv6_protosw:
2183 inet6_unregister_protosw(&tcpv6_protosw);
3336288a
VY		 2184out_tcpv6_protocol:
2185 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
7f4e4868
DL		 2186 goto out;
2187}
2188
09f7709f 2189void tcpv6_exit(void)
7f4e4868 2190{
93ec926b 2191 unregister_pernet_subsys(&tcpv6_net_ops);
7f4e4868
DL		 2192 inet6_unregister_protosw(&tcpv6_protosw);
2193 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
1da177e4 2194}
Ubuntu Jammy Linux kernel mirror