]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/ipv6/tcp_ipv6.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tcp: md5: input path is run under rcu protected sections
[mirror_ubuntu-zesty-kernel.git] / net / ipv6 / tcp_ipv6.c
CommitLineData
1da177e4
LT		 1/*
2 * TCP over IPv6
1ab1457c 3 * Linux INET6 implementation
1da177e4
LT		 4 *
5 * Authors:
1ab1457c 6 * Pedro Roque <roque@di.fc.ul.pt>
1da177e4 7 *
1ab1457c 8 * Based on:
1da177e4
LT		 9 * linux/net/ipv4/tcp.c
10 * linux/net/ipv4/tcp_input.c
11 * linux/net/ipv4/tcp_output.c
12 *
13 * Fixes:
14 * Hideaki YOSHIFUJI : sin6_scope_id support
15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
17 * a single port at the same time.
18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
19 *
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
24 */
25
eb4dea58 26#include <linux/bottom_half.h>
1da177e4 27#include <linux/module.h>
1da177e4
LT		 28#include <linux/errno.h>
29#include <linux/types.h>
30#include <linux/socket.h>
31#include <linux/sockios.h>
32#include <linux/net.h>
33#include <linux/jiffies.h>
34#include <linux/in.h>
35#include <linux/in6.h>
36#include <linux/netdevice.h>
37#include <linux/init.h>
38#include <linux/jhash.h>
39#include <linux/ipsec.h>
40#include <linux/times.h>
5a0e3ad6 41#include <linux/slab.h>
4aa956d8 42#include <linux/uaccess.h>
1da177e4
LT		 43#include <linux/ipv6.h>
44#include <linux/icmpv6.h>
45#include <linux/random.h>
46
47#include <net/tcp.h>
48#include <net/ndisc.h>
5324a040 49#include <net/inet6_hashtables.h>
8129765a 50#include <net/inet6_connection_sock.h>
1da177e4
LT		 51#include <net/ipv6.h>
52#include <net/transp_v6.h>
53#include <net/addrconf.h>
54#include <net/ip6_route.h>
55#include <net/ip6_checksum.h>
56#include <net/inet_ecn.h>
57#include <net/protocol.h>
58#include <net/xfrm.h>
1da177e4
LT		 59#include <net/snmp.h>
60#include <net/dsfield.h>
6d6ee43e 61#include <net/timewait_sock.h>
3d58b5fa 62#include <net/inet_common.h>
6e5714ea 63#include <net/secure_seq.h>
d1a4c0b3 64#include <net/tcp_memcontrol.h>
076bb0c8 65#include <net/busy_poll.h>
1da177e4 66
1da177e4
LT		 67#include <linux/proc_fs.h>
68#include <linux/seq_file.h>
69
cfb6eeb4
YH		 70#include <linux/crypto.h>
71#include <linux/scatterlist.h>
72
cfb6eeb4 73static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
6edafaaf
GJ		 74static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
75 struct request_sock *req);
1da177e4
LT		 76
77static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
1da177e4 78
3b401a81
SH		 79static const struct inet_connection_sock_af_ops ipv6_mapped;
80static const struct inet_connection_sock_af_ops ipv6_specific;
a928630a 81#ifdef CONFIG_TCP_MD5SIG
b2e4b3de
SH		 82static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
83static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
9501f972
YH		 84#else
85static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
b71d1d42 86 const struct in6_addr *addr)
9501f972
YH		 87{
88 return NULL;
89}
a928630a 90#endif
1da177e4 91
fae6ef87
NC		 92static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
93{
94 struct dst_entry *dst = skb_dst(skb);
fae6ef87 95
ca777eff
ED		 96 if (dst) {
97 const struct rt6_info *rt = (const struct rt6_info *)dst;
98
99 dst_hold(dst);
100 sk->sk_rx_dst = dst;
101 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
102 if (rt->rt6i_node)
103 inet6_sk(sk)->rx_dst_cookie = rt->rt6i_node->fn_sernum;
104 }
fae6ef87
NC		 105}
106
cf533ea5 107static __u32 tcp_v6_init_sequence(const struct sk_buff *skb)
1da177e4 108{
0660e03f
ACM		 109 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
110 ipv6_hdr(skb)->saddr.s6_addr32,
aa8223c7
ACM		 111 tcp_hdr(skb)->dest,
112 tcp_hdr(skb)->source);
1da177e4
LT		 113}
114
1ab1457c 115static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
1da177e4
LT		 116 int addr_len)
117{
118 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
1ab1457c 119 struct inet_sock *inet = inet_sk(sk);
d83d8461 120 struct inet_connection_sock *icsk = inet_csk(sk);
1da177e4
LT		 121 struct ipv6_pinfo *np = inet6_sk(sk);
122 struct tcp_sock *tp = tcp_sk(sk);
20c59de2 123 struct in6_addr *saddr = NULL, *final_p, final;
493f377d 124 struct rt6_info *rt;
4c9483b2 125 struct flowi6 fl6;
1da177e4
LT		 126 struct dst_entry *dst;
127 int addr_type;
128 int err;
129
1ab1457c 130 if (addr_len < SIN6_LEN_RFC2133)
1da177e4
LT		 131 return -EINVAL;
132
1ab1457c 133 if (usin->sin6_family != AF_INET6)
a02cec21 134 return -EAFNOSUPPORT;
1da177e4 135
4c9483b2 136 memset(&fl6, 0, sizeof(fl6));
1da177e4
LT		 137
138 if (np->sndflow) {
4c9483b2
DM		 139 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
140 IP6_ECN_flow_init(fl6.flowlabel);
141 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
1da177e4 142 struct ip6_flowlabel *flowlabel;
4c9483b2 143 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
1da177e4
LT		 144 if (flowlabel == NULL)
145 return -EINVAL;
1da177e4
LT		 146 fl6_sock_release(flowlabel);
147 }
148 }
149
150 /*
1ab1457c
YH		 151 * connect() to INADDR_ANY means loopback (BSD'ism).
152 */
153
4c99aa40 154 if (ipv6_addr_any(&usin->sin6_addr))
1ab1457c 155 usin->sin6_addr.s6_addr[15] = 0x1;
1da177e4
LT		 156
157 addr_type = ipv6_addr_type(&usin->sin6_addr);
158
4c99aa40 159 if (addr_type & IPV6_ADDR_MULTICAST)
1da177e4
LT		 160 return -ENETUNREACH;
161
162 if (addr_type&IPV6_ADDR_LINKLOCAL) {
163 if (addr_len >= sizeof(struct sockaddr_in6) &&
164 usin->sin6_scope_id) {
165 /* If interface is set while binding, indices
166 * must coincide.
167 */
168 if (sk->sk_bound_dev_if &&
169 sk->sk_bound_dev_if != usin->sin6_scope_id)
170 return -EINVAL;
171
172 sk->sk_bound_dev_if = usin->sin6_scope_id;
173 }
174
175 /* Connect to link-local address requires an interface */
176 if (!sk->sk_bound_dev_if)
177 return -EINVAL;
178 }
179
180 if (tp->rx_opt.ts_recent_stamp &&
efe4208f 181 !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
1da177e4
LT		 182 tp->rx_opt.ts_recent = 0;
183 tp->rx_opt.ts_recent_stamp = 0;
184 tp->write_seq = 0;
185 }
186
efe4208f 187 sk->sk_v6_daddr = usin->sin6_addr;
4c9483b2 188 np->flow_label = fl6.flowlabel;
1da177e4
LT		 189
190 /*
191 * TCP over IPv4
192 */
193
194 if (addr_type == IPV6_ADDR_MAPPED) {
d83d8461 195 u32 exthdrlen = icsk->icsk_ext_hdr_len;
1da177e4
LT		 196 struct sockaddr_in sin;
197
198 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
199
200 if (__ipv6_only_sock(sk))
201 return -ENETUNREACH;
202
203 sin.sin_family = AF_INET;
204 sin.sin_port = usin->sin6_port;
205 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
206
d83d8461 207 icsk->icsk_af_ops = &ipv6_mapped;
1da177e4 208 sk->sk_backlog_rcv = tcp_v4_do_rcv;
cfb6eeb4
YH		 209#ifdef CONFIG_TCP_MD5SIG
210 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
211#endif
1da177e4
LT		 212
213 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
214
215 if (err) {
d83d8461
ACM		 216 icsk->icsk_ext_hdr_len = exthdrlen;
217 icsk->icsk_af_ops = &ipv6_specific;
1da177e4 218 sk->sk_backlog_rcv = tcp_v6_do_rcv;
cfb6eeb4
YH		 219#ifdef CONFIG_TCP_MD5SIG
220 tp->af_specific = &tcp_sock_ipv6_specific;
221#endif
1da177e4 222 goto failure;
1da177e4 223 }
d1e559d0 224 np->saddr = sk->sk_v6_rcv_saddr;
1da177e4
LT		 225
226 return err;
227 }
228
efe4208f
ED		 229 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
230 saddr = &sk->sk_v6_rcv_saddr;
1da177e4 231
4c9483b2 232 fl6.flowi6_proto = IPPROTO_TCP;
efe4208f 233 fl6.daddr = sk->sk_v6_daddr;
4e3fd7a0 234 fl6.saddr = saddr ? *saddr : np->saddr;
4c9483b2
DM		 235 fl6.flowi6_oif = sk->sk_bound_dev_if;
236 fl6.flowi6_mark = sk->sk_mark;
1958b856
DM		 237 fl6.fl6_dport = usin->sin6_port;
238 fl6.fl6_sport = inet->inet_sport;
1da177e4 239
4c9483b2 240 final_p = fl6_update_dst(&fl6, np->opt, &final);
1da177e4 241
4c9483b2 242 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
beb8d13b 243
0e0d44ab 244 dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
68d0c6d3
DM		 245 if (IS_ERR(dst)) {
246 err = PTR_ERR(dst);
1da177e4 247 goto failure;
14e50e57 248 }
1da177e4
LT		 249
250 if (saddr == NULL) {
4c9483b2 251 saddr = &fl6.saddr;
efe4208f 252 sk->sk_v6_rcv_saddr = *saddr;
1da177e4
LT		 253 }
254
255 /* set the source address */
4e3fd7a0 256 np->saddr = *saddr;
c720c7e8 257 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
1da177e4 258
f83ef8c0 259 sk->sk_gso_type = SKB_GSO_TCPV6;
8e1ef0a9 260 __ip6_dst_store(sk, dst, NULL, NULL);
1da177e4 261
493f377d
DM		 262 rt = (struct rt6_info *) dst;
263 if (tcp_death_row.sysctl_tw_recycle &&
264 !tp->rx_opt.ts_recent_stamp &&
efe4208f 265 ipv6_addr_equal(&rt->rt6i_dst.addr, &sk->sk_v6_daddr))
81166dd6 266 tcp_fetch_timewait_stamp(sk, dst);
493f377d 267
d83d8461 268 icsk->icsk_ext_hdr_len = 0;
1da177e4 269 if (np->opt)
d83d8461
ACM		 270 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
271 np->opt->opt_nflen);
1da177e4
LT		 272
273 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
274
c720c7e8 275 inet->inet_dport = usin->sin6_port;
1da177e4
LT		 276
277 tcp_set_state(sk, TCP_SYN_SENT);
d8313f5c 278 err = inet6_hash_connect(&tcp_death_row, sk);
1da177e4
LT		 279 if (err)
280 goto late_failure;
281
9e7ceb06
SP		 282 ip6_set_txhash(sk);
283
2b916477 284 if (!tp->write_seq && likely(!tp->repair))
1da177e4 285 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
efe4208f 286 sk->sk_v6_daddr.s6_addr32,
c720c7e8
ED		 287 inet->inet_sport,
288 inet->inet_dport);
1da177e4
LT		 289
290 err = tcp_connect(sk);
291 if (err)
292 goto late_failure;
293
294 return 0;
295
296late_failure:
297 tcp_set_state(sk, TCP_CLOSE);
298 __sk_dst_reset(sk);
299failure:
c720c7e8 300 inet->inet_dport = 0;
1da177e4
LT		 301 sk->sk_route_caps = 0;
302 return err;
303}
304
563d34d0
ED		 305static void tcp_v6_mtu_reduced(struct sock *sk)
306{
307 struct dst_entry *dst;
308
309 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
310 return;
311
312 dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info);
313 if (!dst)
314 return;
315
316 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
317 tcp_sync_mss(sk, dst_mtu(dst));
318 tcp_simple_retransmit(sk);
319 }
320}
321
1da177e4 322static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
d5fdd6ba 323 u8 type, u8 code, int offset, __be32 info)
1da177e4 324{
4c99aa40 325 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
505cbfc5 326 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
2215089b
ED		 327 struct net *net = dev_net(skb->dev);
328 struct request_sock *fastopen;
1da177e4 329 struct ipv6_pinfo *np;
1ab1457c 330 struct tcp_sock *tp;
0a672f74 331 __u32 seq, snd_una;
2215089b
ED		 332 struct sock *sk;
333 int err;
1da177e4 334
2215089b
ED		 335 sk = __inet6_lookup_established(net, &tcp_hashinfo,
336 &hdr->daddr, th->dest,
337 &hdr->saddr, ntohs(th->source),
338 skb->dev->ifindex);
1da177e4 339
2215089b 340 if (!sk) {
e41b5368
DL		 341 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev),
342 ICMP6_MIB_INERRORS);
1da177e4
LT		 343 return;
344 }
345
346 if (sk->sk_state == TCP_TIME_WAIT) {
9469c7b4 347 inet_twsk_put(inet_twsk(sk));
1da177e4
LT		 348 return;
349 }
2215089b
ED		 350 seq = ntohl(th->seq);
351 if (sk->sk_state == TCP_NEW_SYN_RECV)
352 return tcp_req_err(sk, seq);
1da177e4
LT		 353
354 bh_lock_sock(sk);
563d34d0 355 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
de0744af 356 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
1da177e4
LT		 357
358 if (sk->sk_state == TCP_CLOSE)
359 goto out;
360
e802af9c
SH		 361 if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) {
362 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
363 goto out;
364 }
365
1da177e4 366 tp = tcp_sk(sk);
0a672f74
YC		 367 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
368 fastopen = tp->fastopen_rsk;
369 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
1da177e4 370 if (sk->sk_state != TCP_LISTEN &&
0a672f74 371 !between(seq, snd_una, tp->snd_nxt)) {
de0744af 372 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
1da177e4
LT		 373 goto out;
374 }
375
376 np = inet6_sk(sk);
377
ec18d9a2
DM		 378 if (type == NDISC_REDIRECT) {
379 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
380
1ed5c48f 381 if (dst)
6700c270 382 dst->ops->redirect(dst, sk, skb);
50a75a89 383 goto out;
ec18d9a2
DM		 384 }
385
1da177e4 386 if (type == ICMPV6_PKT_TOOBIG) {
0d4f0608
ED		 387 /* We are not interested in TCP_LISTEN and open_requests
388 * (SYN-ACKs send out by Linux are always <576bytes so
389 * they should go through unfragmented).
390 */
391 if (sk->sk_state == TCP_LISTEN)
392 goto out;
393
93b36cf3
HFS		 394 if (!ip6_sk_accept_pmtu(sk))
395 goto out;
396
563d34d0
ED		 397 tp->mtu_info = ntohl(info);
398 if (!sock_owned_by_user(sk))
399 tcp_v6_mtu_reduced(sk);
d013ef2a
JA		 400 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
401 &tp->tsq_flags))
402 sock_hold(sk);
1da177e4
LT		 403 goto out;
404 }
405
406 icmpv6_err_convert(type, code, &err);
407
60236fdd 408 /* Might be for an request_sock */
1da177e4 409 switch (sk->sk_state) {
1da177e4 410 case TCP_SYN_SENT:
0a672f74
YC		 411 case TCP_SYN_RECV:
412 /* Only in fast or simultaneous open. If a fast open socket is
413 * is already accepted it is treated as a connected one below.
414 */
415 if (fastopen && fastopen->sk == NULL)
416 break;
417
1da177e4 418 if (!sock_owned_by_user(sk)) {
1da177e4
LT		 419 sk->sk_err = err;
420 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
421
422 tcp_done(sk);
423 } else
424 sk->sk_err_soft = err;
425 goto out;
426 }
427
428 if (!sock_owned_by_user(sk) && np->recverr) {
429 sk->sk_err = err;
430 sk->sk_error_report(sk);
431 } else
432 sk->sk_err_soft = err;
433
434out:
435 bh_unlock_sock(sk);
436 sock_put(sk);
437}
438
439
9f10d3f6 440static int tcp_v6_send_synack(struct sock *sk, struct dst_entry *dst,
d6274bd8 441 struct flowi *fl,
3840a06e 442 struct request_sock *req,
3a19ce0e
DL		 443 u16 queue_mapping,
444 struct tcp_fastopen_cookie *foc)
1da177e4 445{
634fb979 446 struct inet_request_sock *ireq = inet_rsk(req);
1da177e4 447 struct ipv6_pinfo *np = inet6_sk(sk);
d6274bd8 448 struct flowi6 *fl6 = &fl->u.ip6;
4c99aa40 449 struct sk_buff *skb;
9494218f 450 int err = -ENOMEM;
1da177e4 451
9f10d3f6
NC		 452 /* First, grab a route. */
453 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req)) == NULL)
fd80eb94 454 goto done;
9494218f 455
3a19ce0e 456 skb = tcp_make_synack(sk, dst, req, foc);
9494218f 457
1da177e4 458 if (skb) {
634fb979
ED		 459 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
460 &ireq->ir_v6_rmt_addr);
1da177e4 461
634fb979 462 fl6->daddr = ireq->ir_v6_rmt_addr;
df3687ff
FF		 463 if (np->repflow && (ireq->pktopts != NULL))
464 fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
465
fff32699 466 skb_set_queue_mapping(skb, queue_mapping);
43264e0b 467 err = ip6_xmit(sk, skb, fl6, np->opt, np->tclass);
b9df3cb8 468 err = net_xmit_eval(err);
1da177e4
LT		 469 }
470
471done:
1da177e4
LT		 472 return err;
473}
474
72659ecc 475
60236fdd 476static void tcp_v6_reqsk_destructor(struct request_sock *req)
1da177e4 477{
634fb979 478 kfree_skb(inet_rsk(req)->pktopts);
1da177e4
LT		 479}
480
cfb6eeb4
YH		 481#ifdef CONFIG_TCP_MD5SIG
482static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
b71d1d42 483 const struct in6_addr *addr)
cfb6eeb4 484{
a915da9b 485 return tcp_md5_do_lookup(sk, (union tcp_md5_addr *)addr, AF_INET6);
cfb6eeb4
YH		 486}
487
488static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
489 struct sock *addr_sk)
490{
efe4208f 491 return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr);
cfb6eeb4
YH		 492}
493
494static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
495 struct request_sock *req)
496{
634fb979 497 return tcp_v6_md5_do_lookup(sk, &inet_rsk(req)->ir_v6_rmt_addr);
cfb6eeb4
YH		 498}
499
4aa956d8
WY		 500static int tcp_v6_parse_md5_keys(struct sock *sk, char __user *optval,
501 int optlen)
cfb6eeb4
YH		 502{
503 struct tcp_md5sig cmd;
504 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
cfb6eeb4
YH		 505
506 if (optlen < sizeof(cmd))
507 return -EINVAL;
508
509 if (copy_from_user(&cmd, optval, sizeof(cmd)))
510 return -EFAULT;
511
512 if (sin6->sin6_family != AF_INET6)
513 return -EINVAL;
514
515 if (!cmd.tcpm_keylen) {
e773e4fa 516 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
a915da9b
ED		 517 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
518 AF_INET);
519 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
520 AF_INET6);
cfb6eeb4
YH		 521 }
522
523 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
524 return -EINVAL;
525
a915da9b
ED		 526 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
527 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
528 AF_INET, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
cfb6eeb4 529
a915da9b
ED		 530 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
531 AF_INET6, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
cfb6eeb4
YH		 532}
533
49a72dfb 534static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
b71d1d42
ED		 535 const struct in6_addr *daddr,
536 const struct in6_addr *saddr, int nbytes)
cfb6eeb4 537{
cfb6eeb4 538 struct tcp6_pseudohdr *bp;
49a72dfb 539 struct scatterlist sg;
8d26d76d 540
cfb6eeb4 541 bp = &hp->md5_blk.ip6;
cfb6eeb4 542 /* 1. TCP pseudo-header (RFC2460) */
4e3fd7a0
AD		 543 bp->saddr = *saddr;
544 bp->daddr = *daddr;
49a72dfb 545 bp->protocol = cpu_to_be32(IPPROTO_TCP);
00b1304c 546 bp->len = cpu_to_be32(nbytes);
cfb6eeb4 547
49a72dfb
AL		 548 sg_init_one(&sg, bp, sizeof(*bp));
549 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
550}
c7da57a1 551
49a72dfb 552static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
b71d1d42 553 const struct in6_addr *daddr, struct in6_addr *saddr,
318cf7aa 554 const struct tcphdr *th)
49a72dfb
AL		 555{
556 struct tcp_md5sig_pool *hp;
557 struct hash_desc *desc;
558
559 hp = tcp_get_md5sig_pool();
560 if (!hp)
561 goto clear_hash_noput;
562 desc = &hp->md5_desc;
563
564 if (crypto_hash_init(desc))
565 goto clear_hash;
566 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
567 goto clear_hash;
568 if (tcp_md5_hash_header(hp, th))
569 goto clear_hash;
570 if (tcp_md5_hash_key(hp, key))
571 goto clear_hash;
572 if (crypto_hash_final(desc, md5_hash))
cfb6eeb4 573 goto clear_hash;
cfb6eeb4 574
cfb6eeb4 575 tcp_put_md5sig_pool();
cfb6eeb4 576 return 0;
49a72dfb 577
cfb6eeb4
YH		 578clear_hash:
579 tcp_put_md5sig_pool();
580clear_hash_noput:
581 memset(md5_hash, 0, 16);
49a72dfb 582 return 1;
cfb6eeb4
YH		 583}
584
49a72dfb 585static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
318cf7aa
ED		 586 const struct sock *sk,
587 const struct request_sock *req,
588 const struct sk_buff *skb)
cfb6eeb4 589{
b71d1d42 590 const struct in6_addr *saddr, *daddr;
49a72dfb
AL		 591 struct tcp_md5sig_pool *hp;
592 struct hash_desc *desc;
318cf7aa 593 const struct tcphdr *th = tcp_hdr(skb);
cfb6eeb4
YH		 594
595 if (sk) {
596 saddr = &inet6_sk(sk)->saddr;
efe4208f 597 daddr = &sk->sk_v6_daddr;
49a72dfb 598 } else if (req) {
634fb979
ED		 599 saddr = &inet_rsk(req)->ir_v6_loc_addr;
600 daddr = &inet_rsk(req)->ir_v6_rmt_addr;
49a72dfb 601 } else {
b71d1d42 602 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
49a72dfb
AL		 603 saddr = &ip6h->saddr;
604 daddr = &ip6h->daddr;
cfb6eeb4 605 }
49a72dfb
AL		 606
607 hp = tcp_get_md5sig_pool();
608 if (!hp)
609 goto clear_hash_noput;
610 desc = &hp->md5_desc;
611
612 if (crypto_hash_init(desc))
613 goto clear_hash;
614
615 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
616 goto clear_hash;
617 if (tcp_md5_hash_header(hp, th))
618 goto clear_hash;
619 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
620 goto clear_hash;
621 if (tcp_md5_hash_key(hp, key))
622 goto clear_hash;
623 if (crypto_hash_final(desc, md5_hash))
624 goto clear_hash;
625
626 tcp_put_md5sig_pool();
627 return 0;
628
629clear_hash:
630 tcp_put_md5sig_pool();
631clear_hash_noput:
632 memset(md5_hash, 0, 16);
633 return 1;
cfb6eeb4
YH		 634}
635
ff74e23f 636static bool tcp_v6_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb)
cfb6eeb4 637{
cf533ea5 638 const __u8 *hash_location = NULL;
cfb6eeb4 639 struct tcp_md5sig_key *hash_expected;
b71d1d42 640 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
318cf7aa 641 const struct tcphdr *th = tcp_hdr(skb);
cfb6eeb4 642 int genhash;
cfb6eeb4
YH		 643 u8 newhash[16];
644
645 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
7d5d5525 646 hash_location = tcp_parse_md5sig_option(th);
cfb6eeb4 647
785957d3
DM		 648 /* We've parsed the options - do we have a hash? */
649 if (!hash_expected && !hash_location)
ff74e23f 650 return false;
785957d3
DM		 651
652 if (hash_expected && !hash_location) {
653 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
ff74e23f 654 return true;
cfb6eeb4
YH		 655 }
656
785957d3
DM		 657 if (!hash_expected && hash_location) {
658 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
ff74e23f 659 return true;
cfb6eeb4
YH		 660 }
661
662 /* check the signature */
49a72dfb
AL		 663 genhash = tcp_v6_md5_hash_skb(newhash,
664 hash_expected,
665 NULL, NULL, skb);
666
cfb6eeb4 667 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
e87cc472
JP		 668 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
669 genhash ? "failed" : "mismatch",
670 &ip6h->saddr, ntohs(th->source),
671 &ip6h->daddr, ntohs(th->dest));
ff74e23f 672 return true;
cfb6eeb4 673 }
ff74e23f 674 return false;
cfb6eeb4
YH		 675}
676#endif
677
16bea70a
OP		 678static void tcp_v6_init_req(struct request_sock *req, struct sock *sk,
679 struct sk_buff *skb)
680{
681 struct inet_request_sock *ireq = inet_rsk(req);
682 struct ipv6_pinfo *np = inet6_sk(sk);
683
684 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
685 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
686
16bea70a
OP		 687 /* So that link locals have meaning */
688 if (!sk->sk_bound_dev_if &&
689 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
870c3151 690 ireq->ir_iif = tcp_v6_iif(skb);
16bea70a 691
04317daf 692 if (!TCP_SKB_CB(skb)->tcp_tw_isn &&
a224772d
ED		 693 (ipv6_opt_accepted(sk, skb, &TCP_SKB_CB(skb)->header.h6) ||
694 np->rxopt.bits.rxinfo ||
16bea70a
OP		 695 np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim ||
696 np->rxopt.bits.rxohlim || np->repflow)) {
697 atomic_inc(&skb->users);
698 ireq->pktopts = skb;
699 }
3f66b083 700 ireq->ireq_family = AF_INET6;
16bea70a
OP		 701}
702
d94e0417
OP		 703static struct dst_entry *tcp_v6_route_req(struct sock *sk, struct flowi *fl,
704 const struct request_sock *req,
705 bool *strict)
706{
707 if (strict)
708 *strict = true;
709 return inet6_csk_route_req(sk, &fl->u.ip6, req);
710}
711
c6aefafb 712struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
1da177e4 713 .family = AF_INET6,
2e6599cb 714 .obj_size = sizeof(struct tcp6_request_sock),
5db92c99 715 .rtx_syn_ack = tcp_rtx_synack,
60236fdd
ACM		 716 .send_ack = tcp_v6_reqsk_send_ack,
717 .destructor = tcp_v6_reqsk_destructor,
72659ecc 718 .send_reset = tcp_v6_send_reset,
4aa956d8 719 .syn_ack_timeout = tcp_syn_ack_timeout,
1da177e4
LT		 720};
721
b2e4b3de 722static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
2aec4a29
OP		 723 .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) -
724 sizeof(struct ipv6hdr),
16bea70a 725#ifdef CONFIG_TCP_MD5SIG
cfb6eeb4 726 .md5_lookup = tcp_v6_reqsk_md5_lookup,
e3afe7b7 727 .calc_md5_hash = tcp_v6_md5_hash_skb,
b6332e6c 728#endif
16bea70a 729 .init_req = tcp_v6_init_req,
fb7b37a7
OP		 730#ifdef CONFIG_SYN_COOKIES
731 .cookie_init_seq = cookie_v6_init_sequence,
732#endif
d94e0417 733 .route_req = tcp_v6_route_req,
936b8bdb 734 .init_seq = tcp_v6_init_sequence,
d6274bd8 735 .send_synack = tcp_v6_send_synack,
695da14e 736 .queue_hash_add = inet6_csk_reqsk_queue_hash_add,
16bea70a 737};
cfb6eeb4 738
0f85feae
ED		 739static void tcp_v6_send_response(struct sock *sk, struct sk_buff *skb, u32 seq,
740 u32 ack, u32 win, u32 tsval, u32 tsecr,
741 int oif, struct tcp_md5sig_key *key, int rst,
742 u8 tclass, u32 label)
1da177e4 743{
cf533ea5
ED		 744 const struct tcphdr *th = tcp_hdr(skb);
745 struct tcphdr *t1;
1da177e4 746 struct sk_buff *buff;
4c9483b2 747 struct flowi6 fl6;
0f85feae 748 struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
e5047992 749 struct sock *ctl_sk = net->ipv6.tcp_sk;
77c676da 750 unsigned int tot_len = sizeof(struct tcphdr);
adf30907 751 struct dst_entry *dst;
81ada62d 752 __be32 *topt;
1da177e4 753
ee684b6f 754 if (tsecr)
626e264d 755 tot_len += TCPOLEN_TSTAMP_ALIGNED;
cfb6eeb4 756#ifdef CONFIG_TCP_MD5SIG
cfb6eeb4
YH		 757 if (key)
758 tot_len += TCPOLEN_MD5SIG_ALIGNED;
759#endif
760
cfb6eeb4 761 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1da177e4 762 GFP_ATOMIC);
1ab1457c
YH		 763 if (buff == NULL)
764 return;
1da177e4 765
cfb6eeb4 766 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1da177e4 767
cfb6eeb4 768 t1 = (struct tcphdr *) skb_push(buff, tot_len);
6651ffc8 769 skb_reset_transport_header(buff);
1da177e4
LT		 770
771 /* Swap the send and the receive. */
772 memset(t1, 0, sizeof(*t1));
773 t1->dest = th->source;
774 t1->source = th->dest;
cfb6eeb4 775 t1->doff = tot_len / 4;
626e264d
IJ		 776 t1->seq = htonl(seq);
777 t1->ack_seq = htonl(ack);
778 t1->ack = !rst || !th->ack;
779 t1->rst = rst;
780 t1->window = htons(win);
1da177e4 781
81ada62d
IJ		 782 topt = (__be32 *)(t1 + 1);
783
ee684b6f 784 if (tsecr) {
626e264d
IJ		 785 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
786 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
ee684b6f
AV		 787 *topt++ = htonl(tsval);
788 *topt++ = htonl(tsecr);
626e264d
IJ		 789 }
790
cfb6eeb4
YH		 791#ifdef CONFIG_TCP_MD5SIG
792 if (key) {
81ada62d
IJ		 793 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
794 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
795 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
78e645cb
IJ		 796 &ipv6_hdr(skb)->saddr,
797 &ipv6_hdr(skb)->daddr, t1);
cfb6eeb4
YH		 798 }
799#endif
800
4c9483b2 801 memset(&fl6, 0, sizeof(fl6));
4e3fd7a0
AD		 802 fl6.daddr = ipv6_hdr(skb)->saddr;
803 fl6.saddr = ipv6_hdr(skb)->daddr;
1d13a96c 804 fl6.flowlabel = label;
1da177e4 805
e5700aff
DM		 806 buff->ip_summed = CHECKSUM_PARTIAL;
807 buff->csum = 0;
808
4c9483b2 809 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
1da177e4 810
4c9483b2 811 fl6.flowi6_proto = IPPROTO_TCP;
a36dbdb2 812 if (rt6_need_strict(&fl6.daddr) && !oif)
870c3151 813 fl6.flowi6_oif = tcp_v6_iif(skb);
9c76a114
WY		 814 else
815 fl6.flowi6_oif = oif;
e110861f 816 fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark);
1958b856
DM		 817 fl6.fl6_dport = t1->dest;
818 fl6.fl6_sport = t1->source;
4c9483b2 819 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
1da177e4 820
c20121ae
DL		 821 /* Pass a socket to ip6_dst_lookup either it is for RST
822 * Underlying function will use this to retrieve the network
823 * namespace
824 */
0e0d44ab 825 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
68d0c6d3
DM		 826 if (!IS_ERR(dst)) {
827 skb_dst_set(buff, dst);
b903d324 828 ip6_xmit(ctl_sk, buff, &fl6, NULL, tclass);
68d0c6d3
DM		 829 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
830 if (rst)
831 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
832 return;
1da177e4
LT		 833 }
834
835 kfree_skb(buff);
836}
837
626e264d 838static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
1da177e4 839{
cf533ea5 840 const struct tcphdr *th = tcp_hdr(skb);
626e264d 841 u32 seq = 0, ack_seq = 0;
fa3e5b4e 842 struct tcp_md5sig_key *key = NULL;
658ddaaf
SL		 843#ifdef CONFIG_TCP_MD5SIG
844 const __u8 *hash_location = NULL;
845 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
846 unsigned char newhash[16];
847 int genhash;
848 struct sock *sk1 = NULL;
849#endif
9c76a114 850 int oif;
1da177e4 851
626e264d 852 if (th->rst)
1da177e4
LT		 853 return;
854
c3658e8d
ED		 855 /* If sk not NULL, it means we did a successful lookup and incoming
856 * route had to be correct. prequeue might have dropped our dst.
857 */
858 if (!sk && !ipv6_unicast_destination(skb))
626e264d 859 return;
1da177e4 860
cfb6eeb4 861#ifdef CONFIG_TCP_MD5SIG
658ddaaf
SL		 862 hash_location = tcp_parse_md5sig_option(th);
863 if (!sk && hash_location) {
864 /*
865 * active side is lost. Try to find listening socket through
866 * source port, and then find md5 key through listening socket.
867 * we are not loose security here:
868 * Incoming packet is checked with md5 hash with finding key,
869 * no RST generated if md5 hash doesn't match.
870 */
871 sk1 = inet6_lookup_listener(dev_net(skb_dst(skb)->dev),
5ba24953
TH		 872 &tcp_hashinfo, &ipv6h->saddr,
873 th->source, &ipv6h->daddr,
870c3151 874 ntohs(th->source), tcp_v6_iif(skb));
658ddaaf
SL		 875 if (!sk1)
876 return;
877
878 rcu_read_lock();
879 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr);
880 if (!key)
881 goto release_sk1;
882
883 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, NULL, skb);
884 if (genhash || memcmp(hash_location, newhash, 16) != 0)
885 goto release_sk1;
886 } else {
887 key = sk ? tcp_v6_md5_do_lookup(sk, &ipv6h->saddr) : NULL;
888 }
cfb6eeb4
YH		 889#endif
890
626e264d
IJ		 891 if (th->ack)
892 seq = ntohl(th->ack_seq);
893 else
894 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
895 (th->doff << 2);
1da177e4 896
9c76a114 897 oif = sk ? sk->sk_bound_dev_if : 0;
0f85feae 898 tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, key, 1, 0, 0);
658ddaaf
SL		 899
900#ifdef CONFIG_TCP_MD5SIG
901release_sk1:
902 if (sk1) {
903 rcu_read_unlock();
904 sock_put(sk1);
905 }
906#endif
626e264d 907}
1da177e4 908
0f85feae
ED		 909static void tcp_v6_send_ack(struct sock *sk, struct sk_buff *skb, u32 seq,
910 u32 ack, u32 win, u32 tsval, u32 tsecr, int oif,
1d13a96c
FF		 911 struct tcp_md5sig_key *key, u8 tclass,
912 u32 label)
626e264d 913{
0f85feae
ED		 914 tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, key, 0,
915 tclass, label);
1da177e4
LT		 916}
917
918static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
919{
8feaf0c0 920 struct inet_timewait_sock *tw = inet_twsk(sk);
cfb6eeb4 921 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1da177e4 922
0f85feae 923 tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
8feaf0c0 924 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
ee684b6f 925 tcp_time_stamp + tcptw->tw_ts_offset,
9c76a114 926 tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw),
1d13a96c 927 tw->tw_tclass, (tw->tw_flowlabel << 12));
1da177e4 928
8feaf0c0 929 inet_twsk_put(tw);
1da177e4
LT		 930}
931
6edafaaf
GJ		 932static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
933 struct request_sock *req)
1da177e4 934{
3a19ce0e
DL		 935 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
936 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
937 */
0f85feae 938 tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ?
3a19ce0e 939 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
0f85feae
ED		 940 tcp_rsk(req)->rcv_nxt, req->rcv_wnd,
941 tcp_time_stamp, req->ts_recent, sk->sk_bound_dev_if,
1d13a96c
FF		 942 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr),
943 0, 0);
1da177e4
LT		 944}
945
946
4c99aa40 947static struct sock *tcp_v6_hnd_req(struct sock *sk, struct sk_buff *skb)
1da177e4 948{
aa8223c7 949 const struct tcphdr *th = tcp_hdr(skb);
52452c54 950 struct request_sock *req;
1da177e4
LT		 951 struct sock *nsk;
952
953 /* Find possible connection requests. */
52452c54 954 req = inet6_csk_search_req(sk, th->source,
0660e03f 955 &ipv6_hdr(skb)->saddr,
870c3151 956 &ipv6_hdr(skb)->daddr, tcp_v6_iif(skb));
fa76ce73
ED		 957 if (req) {
958 nsk = tcp_check_req(sk, skb, req, false);
959 reqsk_put(req);
960 return nsk;
961 }
3b1e0a65 962 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
870c3151
ED		 963 &ipv6_hdr(skb)->saddr, th->source,
964 &ipv6_hdr(skb)->daddr, ntohs(th->dest),
965 tcp_v6_iif(skb));
1da177e4
LT		 966
967 if (nsk) {
968 if (nsk->sk_state != TCP_TIME_WAIT) {
969 bh_lock_sock(nsk);
970 return nsk;
971 }
9469c7b4 972 inet_twsk_put(inet_twsk(nsk));
1da177e4
LT		 973 return NULL;
974 }
975
c6aefafb 976#ifdef CONFIG_SYN_COOKIES
af9b4738 977 if (!th->syn)
c6aefafb 978 sk = cookie_v6_check(sk, skb);
1da177e4
LT		 979#endif
980 return sk;
981}
982
1da177e4
LT		 983static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
984{
1da177e4
LT		 985 if (skb->protocol == htons(ETH_P_IP))
986 return tcp_v4_conn_request(sk, skb);
987
988 if (!ipv6_unicast_destination(skb))
1ab1457c 989 goto drop;
1da177e4 990
1fb6f159
OP		 991 return tcp_conn_request(&tcp6_request_sock_ops,
992 &tcp_request_sock_ipv6_ops, sk, skb);
1da177e4
LT		 993
994drop:
5f1e942c 995 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1da177e4
LT		 996 return 0; /* don't send reset */
997}
998
4c99aa40
WC		 999static struct sock *tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1000 struct request_sock *req,
1001 struct dst_entry *dst)
1da177e4 1002{
634fb979 1003 struct inet_request_sock *ireq;
1da177e4
LT		 1004 struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1005 struct tcp6_sock *newtcp6sk;
1006 struct inet_sock *newinet;
1007 struct tcp_sock *newtp;
1008 struct sock *newsk;
cfb6eeb4
YH		 1009#ifdef CONFIG_TCP_MD5SIG
1010 struct tcp_md5sig_key *key;
1011#endif
3840a06e 1012 struct flowi6 fl6;
1da177e4
LT		 1013
1014 if (skb->protocol == htons(ETH_P_IP)) {
1015 /*
1016 * v6 mapped
1017 */
1018
1019 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1020
1ab1457c 1021 if (newsk == NULL)
1da177e4
LT		 1022 return NULL;
1023
1024 newtcp6sk = (struct tcp6_sock *)newsk;
1025 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1026
1027 newinet = inet_sk(newsk);
1028 newnp = inet6_sk(newsk);
1029 newtp = tcp_sk(newsk);
1030
1031 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1032
d1e559d0 1033 newnp->saddr = newsk->sk_v6_rcv_saddr;
1da177e4 1034
8292a17a 1035 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1da177e4 1036 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
cfb6eeb4
YH		 1037#ifdef CONFIG_TCP_MD5SIG
1038 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1039#endif
1040
676a1184
YZ		 1041 newnp->ipv6_ac_list = NULL;
1042 newnp->ipv6_fl_list = NULL;
1da177e4
LT		 1043 newnp->pktoptions = NULL;
1044 newnp->opt = NULL;
870c3151 1045 newnp->mcast_oif = tcp_v6_iif(skb);
0660e03f 1046 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1397ed35 1047 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
df3687ff
FF		 1048 if (np->repflow)
1049 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1da177e4 1050
e6848976
ACM		 1051 /*
1052 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1053 * here, tcp_create_openreq_child now does this for us, see the comment in
1054 * that function for the gory details. -acme
1da177e4 1055 */
1da177e4
LT		 1056
1057 /* It is tricky place. Until this moment IPv4 tcp
8292a17a 1058 worked with IPv6 icsk.icsk_af_ops.
1da177e4
LT		 1059 Sync it now.
1060 */
d83d8461 1061 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1da177e4
LT		 1062
1063 return newsk;
1064 }
1065
634fb979 1066 ireq = inet_rsk(req);
1da177e4
LT		 1067
1068 if (sk_acceptq_is_full(sk))
1069 goto out_overflow;
1070
493f377d 1071 if (!dst) {
3840a06e 1072 dst = inet6_csk_route_req(sk, &fl6, req);
493f377d 1073 if (!dst)
1da177e4 1074 goto out;
1ab1457c 1075 }
1da177e4
LT		 1076
1077 newsk = tcp_create_openreq_child(sk, req, skb);
1078 if (newsk == NULL)
093d2823 1079 goto out_nonewsk;
1da177e4 1080
e6848976
ACM		 1081 /*
1082 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1083 * count here, tcp_create_openreq_child now does this for us, see the
1084 * comment in that function for the gory details. -acme
1085 */
1da177e4 1086
59eed279 1087 newsk->sk_gso_type = SKB_GSO_TCPV6;
8e1ef0a9 1088 __ip6_dst_store(newsk, dst, NULL, NULL);
fae6ef87 1089 inet6_sk_rx_dst_set(newsk, skb);
1da177e4
LT		 1090
1091 newtcp6sk = (struct tcp6_sock *)newsk;
1092 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1093
1094 newtp = tcp_sk(newsk);
1095 newinet = inet_sk(newsk);
1096 newnp = inet6_sk(newsk);
1097
1098 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1099
634fb979
ED		 1100 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
1101 newnp->saddr = ireq->ir_v6_loc_addr;
1102 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
1103 newsk->sk_bound_dev_if = ireq->ir_iif;
1da177e4 1104
b73c3d0e
TH		 1105 ip6_set_txhash(newsk);
1106
1ab1457c 1107 /* Now IPv6 options...
1da177e4
LT		 1108
1109 First: no IPv4 options.
1110 */
f6d8bd05 1111 newinet->inet_opt = NULL;
676a1184 1112 newnp->ipv6_ac_list = NULL;
d35690be 1113 newnp->ipv6_fl_list = NULL;
1da177e4
LT		 1114
1115 /* Clone RX bits */
1116 newnp->rxopt.all = np->rxopt.all;
1117
1118 /* Clone pktoptions received with SYN */
1119 newnp->pktoptions = NULL;
634fb979
ED		 1120 if (ireq->pktopts != NULL) {
1121 newnp->pktoptions = skb_clone(ireq->pktopts,
99a1dec7 1122 sk_gfp_atomic(sk, GFP_ATOMIC));
634fb979
ED		 1123 consume_skb(ireq->pktopts);
1124 ireq->pktopts = NULL;
1da177e4
LT		 1125 if (newnp->pktoptions)
1126 skb_set_owner_r(newnp->pktoptions, newsk);
1127 }
1128 newnp->opt = NULL;
870c3151 1129 newnp->mcast_oif = tcp_v6_iif(skb);
0660e03f 1130 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1397ed35 1131 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
df3687ff
FF		 1132 if (np->repflow)
1133 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1da177e4
LT		 1134
1135 /* Clone native IPv6 options from listening socket (if any)
1136
1137 Yes, keeping reference count would be much more clever,
1138 but we make one more one thing there: reattach optmem
1139 to newsk.
1140 */
43264e0b
RL		 1141 if (np->opt)
1142 newnp->opt = ipv6_dup_options(newsk, np->opt);
1da177e4 1143
d83d8461 1144 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1da177e4 1145 if (newnp->opt)
d83d8461
ACM		 1146 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1147 newnp->opt->opt_flen);
1da177e4 1148
81164413
DB		 1149 tcp_ca_openreq_child(newsk, dst);
1150
1da177e4 1151 tcp_sync_mss(newsk, dst_mtu(dst));
0dbaee3b 1152 newtp->advmss = dst_metric_advmss(dst);
d135c522
NC		 1153 if (tcp_sk(sk)->rx_opt.user_mss &&
1154 tcp_sk(sk)->rx_opt.user_mss < newtp->advmss)
1155 newtp->advmss = tcp_sk(sk)->rx_opt.user_mss;
1156
1da177e4
LT		 1157 tcp_initialize_rcv_mss(newsk);
1158
c720c7e8
ED		 1159 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1160 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1da177e4 1161
cfb6eeb4
YH		 1162#ifdef CONFIG_TCP_MD5SIG
1163 /* Copy over the MD5 key from the original socket */
4aa956d8
WY		 1164 key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr);
1165 if (key != NULL) {
cfb6eeb4
YH		 1166 /* We're using one, so create a matching key
1167 * on the newsk structure. If we fail to get
1168 * memory, then we end up not copying the key
1169 * across. Shucks.
1170 */
efe4208f 1171 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr,
99a1dec7
MG		 1172 AF_INET6, key->key, key->keylen,
1173 sk_gfp_atomic(sk, GFP_ATOMIC));
cfb6eeb4
YH		 1174 }
1175#endif
1176
093d2823 1177 if (__inet_inherit_port(sk, newsk) < 0) {
e337e24d
CP		 1178 inet_csk_prepare_forced_close(newsk);
1179 tcp_done(newsk);
093d2823
BS		 1180 goto out;
1181 }
77a6a471 1182 __inet_hash(newsk, NULL);
1da177e4
LT		 1183
1184 return newsk;
1185
1186out_overflow:
de0744af 1187 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
093d2823 1188out_nonewsk:
1da177e4 1189 dst_release(dst);
093d2823
BS		 1190out:
1191 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1da177e4
LT		 1192 return NULL;
1193}
1194
1da177e4
LT		 1195/* The socket must have it's spinlock held when we get
1196 * here.
1197 *
1198 * We have a potential double-lock case here, so even when
1199 * doing backlog processing we use the BH locking scheme.
1200 * This is because we cannot sleep with the original spinlock
1201 * held.
1202 */
1203static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1204{
1205 struct ipv6_pinfo *np = inet6_sk(sk);
1206 struct tcp_sock *tp;
1207 struct sk_buff *opt_skb = NULL;
1208
1209 /* Imagine: socket is IPv6. IPv4 packet arrives,
1210 goes to IPv4 receive handler and backlogged.
1211 From backlog it always goes here. Kerboom...
1212 Fortunately, tcp_rcv_established and rcv_established
1213 handle them correctly, but it is not case with
1214 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1215 */
1216
1217 if (skb->protocol == htons(ETH_P_IP))
1218 return tcp_v4_do_rcv(sk, skb);
1219
fda9ef5d 1220 if (sk_filter(sk, skb))
1da177e4
LT		 1221 goto discard;
1222
1223 /*
1224 * socket locking is here for SMP purposes as backlog rcv
1225 * is currently called with bh processing disabled.
1226 */
1227
1228 /* Do Stevens' IPV6_PKTOPTIONS.
1229
1230 Yes, guys, it is the only place in our code, where we
1231 may make it not affecting IPv4.
1232 The rest of code is protocol independent,
1233 and I do not like idea to uglify IPv4.
1234
1235 Actually, all the idea behind IPV6_PKTOPTIONS
1236 looks not very well thought. For now we latch
1237 options, received in the last packet, enqueued
1238 by tcp. Feel free to propose better solution.
1ab1457c 1239 --ANK (980728)
1da177e4
LT		 1240 */
1241 if (np->rxopt.all)
99a1dec7 1242 opt_skb = skb_clone(skb, sk_gfp_atomic(sk, GFP_ATOMIC));
1da177e4
LT		 1243
1244 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
5d299f3d
ED		 1245 struct dst_entry *dst = sk->sk_rx_dst;
1246
bdeab991 1247 sock_rps_save_rxhash(sk, skb);
3d97379a 1248 sk_mark_napi_id(sk, skb);
5d299f3d
ED		 1249 if (dst) {
1250 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
1251 dst->ops->check(dst, np->rx_dst_cookie) == NULL) {
1252 dst_release(dst);
1253 sk->sk_rx_dst = NULL;
1254 }
1255 }
1256
c995ae22 1257 tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len);
1da177e4
LT		 1258 if (opt_skb)
1259 goto ipv6_pktoptions;
1260 return 0;
1261 }
1262
ab6a5bb6 1263 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1da177e4
LT		 1264 goto csum_err;
1265
1ab1457c 1266 if (sk->sk_state == TCP_LISTEN) {
1da177e4
LT		 1267 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1268 if (!nsk)
1269 goto discard;
1270
1271 /*
1272 * Queue it on the new socket if the new socket is active,
1273 * otherwise we just shortcircuit this and continue with
1274 * the new socket..
1275 */
4c99aa40 1276 if (nsk != sk) {
bdeab991 1277 sock_rps_save_rxhash(nsk, skb);
3d97379a 1278 sk_mark_napi_id(sk, skb);
1da177e4
LT		 1279 if (tcp_child_process(sk, nsk, skb))
1280 goto reset;
1281 if (opt_skb)
1282 __kfree_skb(opt_skb);
1283 return 0;
1284 }
47482f13 1285 } else
bdeab991 1286 sock_rps_save_rxhash(sk, skb);
1da177e4 1287
aa8223c7 1288 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1da177e4 1289 goto reset;
1da177e4
LT		 1290 if (opt_skb)
1291 goto ipv6_pktoptions;
1292 return 0;
1293
1294reset:
cfb6eeb4 1295 tcp_v6_send_reset(sk, skb);
1da177e4
LT		 1296discard:
1297 if (opt_skb)
1298 __kfree_skb(opt_skb);
1299 kfree_skb(skb);
1300 return 0;
1301csum_err:
6a5dc9e5 1302 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_CSUMERRORS);
63231bdd 1303 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1da177e4
LT		 1304 goto discard;
1305
1306
1307ipv6_pktoptions:
1308 /* Do you ask, what is it?
1309
1310 1. skb was enqueued by tcp.
1311 2. skb is added to tail of read queue, rather than out of order.
1312 3. socket is not in passive state.
1313 4. Finally, it really contains options, which user wants to receive.
1314 */
1315 tp = tcp_sk(sk);
1316 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1317 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
333fad53 1318 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
870c3151 1319 np->mcast_oif = tcp_v6_iif(opt_skb);
333fad53 1320 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
0660e03f 1321 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
82e9f105 1322 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
1397ed35 1323 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
df3687ff
FF		 1324 if (np->repflow)
1325 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
a224772d 1326 if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) {
1da177e4
LT		 1327 skb_set_owner_r(opt_skb, sk);
1328 opt_skb = xchg(&np->pktoptions, opt_skb);
1329 } else {
1330 __kfree_skb(opt_skb);
1331 opt_skb = xchg(&np->pktoptions, NULL);
1332 }
1333 }
1334
800d55f1 1335 kfree_skb(opt_skb);
1da177e4
LT		 1336 return 0;
1337}
1338
2dc49d16
ND		 1339static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
1340 const struct tcphdr *th)
1341{
1342 /* This is tricky: we move IP6CB at its correct location into
1343 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
1344 * _decode_session6() uses IP6CB().
1345 * barrier() makes sure compiler won't play aliasing games.
1346 */
1347 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
1348 sizeof(struct inet6_skb_parm));
1349 barrier();
1350
1351 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1352 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1353 skb->len - th->doff*4);
1354 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1355 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1356 TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1357 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1358 TCP_SKB_CB(skb)->sacked = 0;
1359}
1360
e5bbef20 1361static int tcp_v6_rcv(struct sk_buff *skb)
1da177e4 1362{
cf533ea5 1363 const struct tcphdr *th;
b71d1d42 1364 const struct ipv6hdr *hdr;
1da177e4
LT		 1365 struct sock *sk;
1366 int ret;
a86b1e30 1367 struct net *net = dev_net(skb->dev);
1da177e4
LT		 1368
1369 if (skb->pkt_type != PACKET_HOST)
1370 goto discard_it;
1371
1372 /*
1373 * Count it even if it's bad.
1374 */
63231bdd 1375 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1da177e4
LT		 1376
1377 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1378 goto discard_it;
1379
aa8223c7 1380 th = tcp_hdr(skb);
1da177e4
LT		 1381
1382 if (th->doff < sizeof(struct tcphdr)/4)
1383 goto bad_packet;
1384 if (!pskb_may_pull(skb, th->doff*4))
1385 goto discard_it;
1386
e4f45b7f 1387 if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo))
6a5dc9e5 1388 goto csum_error;
1da177e4 1389
aa8223c7 1390 th = tcp_hdr(skb);
e802af9c 1391 hdr = ipv6_hdr(skb);
1da177e4 1392
870c3151 1393 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest,
2dc49d16 1394 inet6_iif(skb));
1da177e4
LT		 1395 if (!sk)
1396 goto no_tcp_socket;
1397
1398process:
1399 if (sk->sk_state == TCP_TIME_WAIT)
1400 goto do_time_wait;
1401
e802af9c
SH		 1402 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
1403 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
1404 goto discard_and_relse;
1405 }
1406
1da177e4
LT		 1407 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1408 goto discard_and_relse;
1409
2dc49d16
ND		 1410 tcp_v6_fill_cb(skb, hdr, th);
1411
9ea88a15
DP		 1412#ifdef CONFIG_TCP_MD5SIG
1413 if (tcp_v6_inbound_md5_hash(sk, skb))
1414 goto discard_and_relse;
1415#endif
1416
fda9ef5d 1417 if (sk_filter(sk, skb))
1da177e4
LT		 1418 goto discard_and_relse;
1419
2c8c56e1 1420 sk_incoming_cpu_update(sk);
1da177e4
LT		 1421 skb->dev = NULL;
1422
293b9c42 1423 bh_lock_sock_nested(sk);
1da177e4
LT		 1424 ret = 0;
1425 if (!sock_owned_by_user(sk)) {
7bced397 1426 if (!tcp_prequeue(sk, skb))
1ab1457c 1427 ret = tcp_v6_do_rcv(sk, skb);
da882c1f
ED		 1428 } else if (unlikely(sk_add_backlog(sk, skb,
1429 sk->sk_rcvbuf + sk->sk_sndbuf))) {
6b03a53a 1430 bh_unlock_sock(sk);
6cce09f8 1431 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP);
6b03a53a
ZY		 1432 goto discard_and_relse;
1433 }
1da177e4
LT		 1434 bh_unlock_sock(sk);
1435
1436 sock_put(sk);
1437 return ret ? -1 : 0;
1438
1439no_tcp_socket:
1440 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1441 goto discard_it;
1442
2dc49d16
ND		 1443 tcp_v6_fill_cb(skb, hdr, th);
1444
1da177e4 1445 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
6a5dc9e5
ED		 1446csum_error:
1447 TCP_INC_STATS_BH(net, TCP_MIB_CSUMERRORS);
1da177e4 1448bad_packet:
63231bdd 1449 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1da177e4 1450 } else {
cfb6eeb4 1451 tcp_v6_send_reset(NULL, skb);
1da177e4
LT		 1452 }
1453
1454discard_it:
1da177e4
LT		 1455 kfree_skb(skb);
1456 return 0;
1457
1458discard_and_relse:
1459 sock_put(sk);
1460 goto discard_it;
1461
1462do_time_wait:
1463 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
9469c7b4 1464 inet_twsk_put(inet_twsk(sk));
1da177e4
LT		 1465 goto discard_it;
1466 }
1467
2dc49d16
ND		 1468 tcp_v6_fill_cb(skb, hdr, th);
1469
6a5dc9e5 1470 if (skb->len < (th->doff<<2)) {
9469c7b4 1471 inet_twsk_put(inet_twsk(sk));
6a5dc9e5
ED		 1472 goto bad_packet;
1473 }
1474 if (tcp_checksum_complete(skb)) {
1475 inet_twsk_put(inet_twsk(sk));
1476 goto csum_error;
1da177e4
LT		 1477 }
1478
9469c7b4 1479 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1da177e4
LT		 1480 case TCP_TW_SYN:
1481 {
1482 struct sock *sk2;
1483
c346dca1 1484 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
5ba24953 1485 &ipv6_hdr(skb)->saddr, th->source,
0660e03f 1486 &ipv6_hdr(skb)->daddr,
870c3151 1487 ntohs(th->dest), tcp_v6_iif(skb));
1da177e4 1488 if (sk2 != NULL) {
295ff7ed
ACM		 1489 struct inet_timewait_sock *tw = inet_twsk(sk);
1490 inet_twsk_deschedule(tw, &tcp_death_row);
1491 inet_twsk_put(tw);
1da177e4
LT		 1492 sk = sk2;
1493 goto process;
1494 }
1495 /* Fall through to ACK */
1496 }
1497 case TCP_TW_ACK:
1498 tcp_v6_timewait_ack(sk, skb);
1499 break;
1500 case TCP_TW_RST:
1501 goto no_tcp_socket;
4aa956d8
WY		 1502 case TCP_TW_SUCCESS:
1503 ;
1da177e4
LT		 1504 }
1505 goto discard_it;
1506}
1507
c7109986
ED		 1508static void tcp_v6_early_demux(struct sk_buff *skb)
1509{
1510 const struct ipv6hdr *hdr;
1511 const struct tcphdr *th;
1512 struct sock *sk;
1513
1514 if (skb->pkt_type != PACKET_HOST)
1515 return;
1516
1517 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1518 return;
1519
1520 hdr = ipv6_hdr(skb);
1521 th = tcp_hdr(skb);
1522
1523 if (th->doff < sizeof(struct tcphdr) / 4)
1524 return;
1525
870c3151 1526 /* Note : We use inet6_iif() here, not tcp_v6_iif() */
c7109986
ED		 1527 sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1528 &hdr->saddr, th->source,
1529 &hdr->daddr, ntohs(th->dest),
1530 inet6_iif(skb));
1531 if (sk) {
1532 skb->sk = sk;
1533 skb->destructor = sock_edemux;
f7e4eb03 1534 if (sk_fullsock(sk)) {
c7109986 1535 struct dst_entry *dst = sk->sk_rx_dst;
f3f12135 1536
c7109986 1537 if (dst)
5d299f3d 1538 dst = dst_check(dst, inet6_sk(sk)->rx_dst_cookie);
c7109986 1539 if (dst &&
f3f12135 1540 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
c7109986
ED		 1541 skb_dst_set_noref(skb, dst);
1542 }
1543 }
1544}
1545
ccb7c410
DM		 1546static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1547 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
1548 .twsk_unique = tcp_twsk_unique,
4aa956d8 1549 .twsk_destructor = tcp_twsk_destructor,
ccb7c410
DM		 1550};
1551
3b401a81 1552static const struct inet_connection_sock_af_ops ipv6_specific = {
543d9cfe
ACM		 1553 .queue_xmit = inet6_csk_xmit,
1554 .send_check = tcp_v6_send_check,
1555 .rebuild_header = inet6_sk_rebuild_header,
5d299f3d 1556 .sk_rx_dst_set = inet6_sk_rx_dst_set,
543d9cfe
ACM		 1557 .conn_request = tcp_v6_conn_request,
1558 .syn_recv_sock = tcp_v6_syn_recv_sock,
543d9cfe 1559 .net_header_len = sizeof(struct ipv6hdr),
67469601 1560 .net_frag_header_len = sizeof(struct frag_hdr),
543d9cfe
ACM		 1561 .setsockopt = ipv6_setsockopt,
1562 .getsockopt = ipv6_getsockopt,
1563 .addr2sockaddr = inet6_csk_addr2sockaddr,
1564 .sockaddr_len = sizeof(struct sockaddr_in6),
ab1e0a13 1565 .bind_conflict = inet6_csk_bind_conflict,
3fdadf7d 1566#ifdef CONFIG_COMPAT
543d9cfe
ACM		 1567 .compat_setsockopt = compat_ipv6_setsockopt,
1568 .compat_getsockopt = compat_ipv6_getsockopt,
3fdadf7d 1569#endif
4fab9071 1570 .mtu_reduced = tcp_v6_mtu_reduced,
1da177e4
LT		 1571};
1572
cfb6eeb4 1573#ifdef CONFIG_TCP_MD5SIG
b2e4b3de 1574static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
cfb6eeb4 1575 .md5_lookup = tcp_v6_md5_lookup,
49a72dfb 1576 .calc_md5_hash = tcp_v6_md5_hash_skb,
cfb6eeb4 1577 .md5_parse = tcp_v6_parse_md5_keys,
cfb6eeb4 1578};
a928630a 1579#endif
cfb6eeb4 1580
1da177e4
LT		 1581/*
1582 * TCP over IPv4 via INET6 API
1583 */
3b401a81 1584static const struct inet_connection_sock_af_ops ipv6_mapped = {
543d9cfe
ACM		 1585 .queue_xmit = ip_queue_xmit,
1586 .send_check = tcp_v4_send_check,
1587 .rebuild_header = inet_sk_rebuild_header,
63d02d15 1588 .sk_rx_dst_set = inet_sk_rx_dst_set,
543d9cfe
ACM		 1589 .conn_request = tcp_v6_conn_request,
1590 .syn_recv_sock = tcp_v6_syn_recv_sock,
543d9cfe
ACM		 1591 .net_header_len = sizeof(struct iphdr),
1592 .setsockopt = ipv6_setsockopt,
1593 .getsockopt = ipv6_getsockopt,
1594 .addr2sockaddr = inet6_csk_addr2sockaddr,
1595 .sockaddr_len = sizeof(struct sockaddr_in6),
ab1e0a13 1596 .bind_conflict = inet6_csk_bind_conflict,
3fdadf7d 1597#ifdef CONFIG_COMPAT
543d9cfe
ACM		 1598 .compat_setsockopt = compat_ipv6_setsockopt,
1599 .compat_getsockopt = compat_ipv6_getsockopt,
3fdadf7d 1600#endif
4fab9071 1601 .mtu_reduced = tcp_v4_mtu_reduced,
1da177e4
LT		 1602};
1603
cfb6eeb4 1604#ifdef CONFIG_TCP_MD5SIG
b2e4b3de 1605static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
cfb6eeb4 1606 .md5_lookup = tcp_v4_md5_lookup,
49a72dfb 1607 .calc_md5_hash = tcp_v4_md5_hash_skb,
cfb6eeb4 1608 .md5_parse = tcp_v6_parse_md5_keys,
cfb6eeb4 1609};
a928630a 1610#endif
cfb6eeb4 1611
1da177e4
LT		 1612/* NOTE: A lot of things set to zero explicitly by call to
1613 * sk_alloc() so need not be done here.
1614 */
1615static int tcp_v6_init_sock(struct sock *sk)
1616{
6687e988 1617 struct inet_connection_sock *icsk = inet_csk(sk);
1da177e4 1618
900f65d3 1619 tcp_init_sock(sk);
1da177e4 1620
8292a17a 1621 icsk->icsk_af_ops = &ipv6_specific;
1da177e4 1622
cfb6eeb4 1623#ifdef CONFIG_TCP_MD5SIG
ac807fa8 1624 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
cfb6eeb4
YH		 1625#endif
1626
1da177e4
LT		 1627 return 0;
1628}
1629
7d06b2e0 1630static void tcp_v6_destroy_sock(struct sock *sk)
1da177e4 1631{
1da177e4 1632 tcp_v4_destroy_sock(sk);
7d06b2e0 1633 inet6_destroy_sock(sk);
1da177e4
LT		 1634}
1635
952a10be 1636#ifdef CONFIG_PROC_FS
1da177e4 1637/* Proc filesystem TCPv6 sock list dumping. */
1ab1457c 1638static void get_openreq6(struct seq_file *seq,
d4f06873 1639 struct request_sock *req, int i, kuid_t uid)
1da177e4 1640{
fa76ce73 1641 long ttd = req->rsk_timer.expires - jiffies;
634fb979
ED		 1642 const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
1643 const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
1da177e4
LT		 1644
1645 if (ttd < 0)
1646 ttd = 0;
1647
1da177e4
LT		 1648 seq_printf(seq,
1649 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
d14c5ab6 1650 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
1da177e4
LT		 1651 i,
1652 src->s6_addr32[0], src->s6_addr32[1],
1653 src->s6_addr32[2], src->s6_addr32[3],
b44084c2 1654 inet_rsk(req)->ir_num,
1da177e4
LT		 1655 dest->s6_addr32[0], dest->s6_addr32[1],
1656 dest->s6_addr32[2], dest->s6_addr32[3],
634fb979 1657 ntohs(inet_rsk(req)->ir_rmt_port),
1da177e4 1658 TCP_SYN_RECV,
4c99aa40 1659 0, 0, /* could print option size, but that is af dependent. */
1ab1457c
YH		 1660 1, /* timers active (only the expire timer) */
1661 jiffies_to_clock_t(ttd),
e6c022a4 1662 req->num_timeout,
a7cb5a49 1663 from_kuid_munged(seq_user_ns(seq), uid),
1ab1457c 1664 0, /* non standard timer */
1da177e4
LT		 1665 0, /* open_requests have no inode */
1666 0, req);
1667}
1668
1669static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1670{
b71d1d42 1671 const struct in6_addr *dest, *src;
1da177e4
LT		 1672 __u16 destp, srcp;
1673 int timer_active;
1674 unsigned long timer_expires;
cf533ea5
ED		 1675 const struct inet_sock *inet = inet_sk(sp);
1676 const struct tcp_sock *tp = tcp_sk(sp);
463c84b9 1677 const struct inet_connection_sock *icsk = inet_csk(sp);
0a672f74 1678 struct fastopen_queue *fastopenq = icsk->icsk_accept_queue.fastopenq;
1da177e4 1679
efe4208f
ED		 1680 dest = &sp->sk_v6_daddr;
1681 src = &sp->sk_v6_rcv_saddr;
c720c7e8
ED		 1682 destp = ntohs(inet->inet_dport);
1683 srcp = ntohs(inet->inet_sport);
463c84b9
ACM		 1684
1685 if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1da177e4 1686 timer_active = 1;
463c84b9
ACM		 1687 timer_expires = icsk->icsk_timeout;
1688 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1da177e4 1689 timer_active = 4;
463c84b9 1690 timer_expires = icsk->icsk_timeout;
1da177e4
LT		 1691 } else if (timer_pending(&sp->sk_timer)) {
1692 timer_active = 2;
1693 timer_expires = sp->sk_timer.expires;
1694 } else {
1695 timer_active = 0;
1696 timer_expires = jiffies;
1697 }
1698
1699 seq_printf(seq,
1700 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
d14c5ab6 1701 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
1da177e4
LT		 1702 i,
1703 src->s6_addr32[0], src->s6_addr32[1],
1704 src->s6_addr32[2], src->s6_addr32[3], srcp,
1705 dest->s6_addr32[0], dest->s6_addr32[1],
1706 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1ab1457c 1707 sp->sk_state,
47da8ee6
SS		 1708 tp->write_seq-tp->snd_una,
1709 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
1da177e4 1710 timer_active,
a399a805 1711 jiffies_delta_to_clock_t(timer_expires - jiffies),
463c84b9 1712 icsk->icsk_retransmits,
a7cb5a49 1713 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
6687e988 1714 icsk->icsk_probes_out,
1da177e4
LT		 1715 sock_i_ino(sp),
1716 atomic_read(&sp->sk_refcnt), sp,
7be87351
SH		 1717 jiffies_to_clock_t(icsk->icsk_rto),
1718 jiffies_to_clock_t(icsk->icsk_ack.ato),
4c99aa40 1719 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
0b6a05c1 1720 tp->snd_cwnd,
0a672f74
YC		 1721 sp->sk_state == TCP_LISTEN ?
1722 (fastopenq ? fastopenq->max_qlen : 0) :
1723 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
1da177e4
LT		 1724 );
1725}
1726
1ab1457c 1727static void get_timewait6_sock(struct seq_file *seq,
8feaf0c0 1728 struct inet_timewait_sock *tw, int i)
1da177e4 1729{
b71d1d42 1730 const struct in6_addr *dest, *src;
1da177e4 1731 __u16 destp, srcp;
96f817fe 1732 s32 delta = tw->tw_ttd - inet_tw_time_stamp();
1da177e4 1733
efe4208f
ED		 1734 dest = &tw->tw_v6_daddr;
1735 src = &tw->tw_v6_rcv_saddr;
1da177e4
LT		 1736 destp = ntohs(tw->tw_dport);
1737 srcp = ntohs(tw->tw_sport);
1738
1739 seq_printf(seq,
1740 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
71338aa7 1741 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1da177e4
LT		 1742 i,
1743 src->s6_addr32[0], src->s6_addr32[1],
1744 src->s6_addr32[2], src->s6_addr32[3], srcp,
1745 dest->s6_addr32[0], dest->s6_addr32[1],
1746 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1747 tw->tw_substate, 0, 0,
a399a805 1748 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
1da177e4
LT		 1749 atomic_read(&tw->tw_refcnt), tw);
1750}
1751
1da177e4
LT		 1752static int tcp6_seq_show(struct seq_file *seq, void *v)
1753{
1754 struct tcp_iter_state *st;
05dbc7b5 1755 struct sock *sk = v;
1da177e4
LT		 1756
1757 if (v == SEQ_START_TOKEN) {
1758 seq_puts(seq,
1759 " sl "
1760 "local_address "
1761 "remote_address "
1762 "st tx_queue rx_queue tr tm->when retrnsmt"
1763 " uid timeout inode\n");
1764 goto out;
1765 }
1766 st = seq->private;
1767
1768 switch (st->state) {
1769 case TCP_SEQ_STATE_LISTENING:
1770 case TCP_SEQ_STATE_ESTABLISHED:
05dbc7b5
ED		 1771 if (sk->sk_state == TCP_TIME_WAIT)
1772 get_timewait6_sock(seq, v, st->num);
1773 else
1774 get_tcp6_sock(seq, v, st->num);
1da177e4
LT		 1775 break;
1776 case TCP_SEQ_STATE_OPENREQ:
d4f06873 1777 get_openreq6(seq, v, st->num, st->uid);
1da177e4 1778 break;
1da177e4
LT		 1779 }
1780out:
1781 return 0;
1782}
1783
73cb88ec
AV		 1784static const struct file_operations tcp6_afinfo_seq_fops = {
1785 .owner = THIS_MODULE,
1786 .open = tcp_seq_open,
1787 .read = seq_read,
1788 .llseek = seq_lseek,
1789 .release = seq_release_net
1790};
1791
1da177e4 1792static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1da177e4
LT		 1793 .name = "tcp6",
1794 .family = AF_INET6,
73cb88ec 1795 .seq_fops = &tcp6_afinfo_seq_fops,
9427c4b3
DL		 1796 .seq_ops = {
1797 .show = tcp6_seq_show,
1798 },
1da177e4
LT		 1799};
1800
2c8c1e72 1801int __net_init tcp6_proc_init(struct net *net)
1da177e4 1802{
6f8b13bc 1803 return tcp_proc_register(net, &tcp6_seq_afinfo);
1da177e4
LT		 1804}
1805
6f8b13bc 1806void tcp6_proc_exit(struct net *net)
1da177e4 1807{
6f8b13bc 1808 tcp_proc_unregister(net, &tcp6_seq_afinfo);
1da177e4
LT		 1809}
1810#endif
1811
f77d6021
ED		 1812static void tcp_v6_clear_sk(struct sock *sk, int size)
1813{
1814 struct inet_sock *inet = inet_sk(sk);
1815
1816 /* we do not want to clear pinet6 field, because of RCU lookups */
1817 sk_prot_clear_nulls(sk, offsetof(struct inet_sock, pinet6));
1818
1819 size -= offsetof(struct inet_sock, pinet6) + sizeof(inet->pinet6);
1820 memset(&inet->pinet6 + 1, 0, size);
1821}
1822
1da177e4
LT		 1823struct proto tcpv6_prot = {
1824 .name = "TCPv6",
1825 .owner = THIS_MODULE,
1826 .close = tcp_close,
1827 .connect = tcp_v6_connect,
1828 .disconnect = tcp_disconnect,
463c84b9 1829 .accept = inet_csk_accept,
1da177e4
LT		 1830 .ioctl = tcp_ioctl,
1831 .init = tcp_v6_init_sock,
1832 .destroy = tcp_v6_destroy_sock,
1833 .shutdown = tcp_shutdown,
1834 .setsockopt = tcp_setsockopt,
1835 .getsockopt = tcp_getsockopt,
1da177e4 1836 .recvmsg = tcp_recvmsg,
7ba42910
CG		 1837 .sendmsg = tcp_sendmsg,
1838 .sendpage = tcp_sendpage,
1da177e4 1839 .backlog_rcv = tcp_v6_do_rcv,
46d3ceab 1840 .release_cb = tcp_release_cb,
77a6a471 1841 .hash = inet_hash,
ab1e0a13
ACM		 1842 .unhash = inet_unhash,
1843 .get_port = inet_csk_get_port,
1da177e4 1844 .enter_memory_pressure = tcp_enter_memory_pressure,
c9bee3b7 1845 .stream_memory_free = tcp_stream_memory_free,
1da177e4
LT		 1846 .sockets_allocated = &tcp_sockets_allocated,
1847 .memory_allocated = &tcp_memory_allocated,
1848 .memory_pressure = &tcp_memory_pressure,
0a5578cf 1849 .orphan_count = &tcp_orphan_count,
a4fe34bf 1850 .sysctl_mem = sysctl_tcp_mem,
1da177e4
LT		 1851 .sysctl_wmem = sysctl_tcp_wmem,
1852 .sysctl_rmem = sysctl_tcp_rmem,
1853 .max_header = MAX_TCP_HEADER,
1854 .obj_size = sizeof(struct tcp6_sock),
3ab5aee7 1855 .slab_flags = SLAB_DESTROY_BY_RCU,
6d6ee43e 1856 .twsk_prot = &tcp6_timewait_sock_ops,
60236fdd 1857 .rsk_prot = &tcp6_request_sock_ops,
39d8cda7 1858 .h.hashinfo = &tcp_hashinfo,
7ba42910 1859 .no_autobind = true,
543d9cfe
ACM		 1860#ifdef CONFIG_COMPAT
1861 .compat_setsockopt = compat_tcp_setsockopt,
1862 .compat_getsockopt = compat_tcp_getsockopt,
1863#endif
c255a458 1864#ifdef CONFIG_MEMCG_KMEM
d1a4c0b3
GC		 1865 .proto_cgroup = tcp_proto_cgroup,
1866#endif
f77d6021 1867 .clear_sk = tcp_v6_clear_sk,
1da177e4
LT		 1868};
1869
41135cc8 1870static const struct inet6_protocol tcpv6_protocol = {
c7109986 1871 .early_demux = tcp_v6_early_demux,
1da177e4
LT		 1872 .handler = tcp_v6_rcv,
1873 .err_handler = tcp_v6_err,
1874 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1875};
1876
1da177e4
LT		 1877static struct inet_protosw tcpv6_protosw = {
1878 .type = SOCK_STREAM,
1879 .protocol = IPPROTO_TCP,
1880 .prot = &tcpv6_prot,
1881 .ops = &inet6_stream_ops,
d83d8461
ACM		 1882 .flags = INET_PROTOSW_PERMANENT |
1883 INET_PROTOSW_ICSK,
1da177e4
LT		 1884};
1885
2c8c1e72 1886static int __net_init tcpv6_net_init(struct net *net)
93ec926b 1887{
5677242f
DL		 1888 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
1889 SOCK_RAW, IPPROTO_TCP, net);
93ec926b
DL		 1890}
1891
2c8c1e72 1892static void __net_exit tcpv6_net_exit(struct net *net)
93ec926b 1893{
5677242f 1894 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
b099ce26
EB		 1895}
1896
2c8c1e72 1897static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
b099ce26
EB		 1898{
1899 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET6);
93ec926b
DL		 1900}
1901
1902static struct pernet_operations tcpv6_net_ops = {
b099ce26
EB		 1903 .init = tcpv6_net_init,
1904 .exit = tcpv6_net_exit,
1905 .exit_batch = tcpv6_net_exit_batch,
93ec926b
DL		 1906};
1907
7f4e4868 1908int __init tcpv6_init(void)
1da177e4 1909{
7f4e4868
DL		 1910 int ret;
1911
3336288a
VY		 1912 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
1913 if (ret)
c6b641a4 1914 goto out;
3336288a 1915
1da177e4 1916 /* register inet6 protocol */
7f4e4868
DL		 1917 ret = inet6_register_protosw(&tcpv6_protosw);
1918 if (ret)
1919 goto out_tcpv6_protocol;
1920
93ec926b 1921 ret = register_pernet_subsys(&tcpv6_net_ops);
7f4e4868
DL		 1922 if (ret)
1923 goto out_tcpv6_protosw;
1924out:
1925 return ret;
ae0f7d5f 1926
7f4e4868
DL		 1927out_tcpv6_protosw:
1928 inet6_unregister_protosw(&tcpv6_protosw);
3336288a
VY		 1929out_tcpv6_protocol:
1930 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
7f4e4868
DL		 1931 goto out;
1932}
1933
09f7709f 1934void tcpv6_exit(void)
7f4e4868 1935{
93ec926b 1936 unregister_pernet_subsys(&tcpv6_net_ops);
7f4e4868
DL		 1937 inet6_unregister_protosw(&tcpv6_protosw);
1938 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
1da177e4 1939}
ubuntu-zesty-kernel mirror