3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
10 * linux/net/ipv4/tcp_input.c
11 * linux/net/ipv4/tcp_output.c
14 * Hideaki YOSHIFUJI : sin6_scope_id support
15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
17 * a single port at the same time.
18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
41 #include <linux/slab.h>
42 #include <linux/uaccess.h>
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
60 #include <net/dsfield.h>
61 #include <net/timewait_sock.h>
62 #include <net/inet_common.h>
63 #include <net/secure_seq.h>
64 #include <net/tcp_memcontrol.h>
65 #include <net/busy_poll.h>
67 #include <linux/proc_fs.h>
68 #include <linux/seq_file.h>
70 #include <linux/crypto.h>
71 #include <linux/scatterlist.h>
73 static void tcp_v6_send_reset(const struct sock
*sk
, struct sk_buff
*skb
);
74 static void tcp_v6_reqsk_send_ack(const struct sock
*sk
, struct sk_buff
*skb
,
75 struct request_sock
*req
);
77 static int tcp_v6_do_rcv(struct sock
*sk
, struct sk_buff
*skb
);
79 static const struct inet_connection_sock_af_ops ipv6_mapped
;
80 static const struct inet_connection_sock_af_ops ipv6_specific
;
81 #ifdef CONFIG_TCP_MD5SIG
82 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific
;
83 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific
;
85 static struct tcp_md5sig_key
*tcp_v6_md5_do_lookup(const struct sock
*sk
,
86 const struct in6_addr
*addr
)
92 static void inet6_sk_rx_dst_set(struct sock
*sk
, const struct sk_buff
*skb
)
94 struct dst_entry
*dst
= skb_dst(skb
);
97 const struct rt6_info
*rt
= (const struct rt6_info
*)dst
;
101 inet_sk(sk
)->rx_dst_ifindex
= skb
->skb_iif
;
102 inet6_sk(sk
)->rx_dst_cookie
= rt6_get_cookie(rt
);
106 static __u32
tcp_v6_init_sequence(const struct sk_buff
*skb
)
108 return secure_tcpv6_sequence_number(ipv6_hdr(skb
)->daddr
.s6_addr32
,
109 ipv6_hdr(skb
)->saddr
.s6_addr32
,
111 tcp_hdr(skb
)->source
);
114 static int tcp_v6_connect(struct sock
*sk
, struct sockaddr
*uaddr
,
117 struct sockaddr_in6
*usin
= (struct sockaddr_in6
*) uaddr
;
118 struct inet_sock
*inet
= inet_sk(sk
);
119 struct inet_connection_sock
*icsk
= inet_csk(sk
);
120 struct ipv6_pinfo
*np
= inet6_sk(sk
);
121 struct tcp_sock
*tp
= tcp_sk(sk
);
122 struct in6_addr
*saddr
= NULL
, *final_p
, final
;
124 struct dst_entry
*dst
;
128 if (addr_len
< SIN6_LEN_RFC2133
)
131 if (usin
->sin6_family
!= AF_INET6
)
132 return -EAFNOSUPPORT
;
134 memset(&fl6
, 0, sizeof(fl6
));
137 fl6
.flowlabel
= usin
->sin6_flowinfo
&IPV6_FLOWINFO_MASK
;
138 IP6_ECN_flow_init(fl6
.flowlabel
);
139 if (fl6
.flowlabel
&IPV6_FLOWLABEL_MASK
) {
140 struct ip6_flowlabel
*flowlabel
;
141 flowlabel
= fl6_sock_lookup(sk
, fl6
.flowlabel
);
144 fl6_sock_release(flowlabel
);
149 * connect() to INADDR_ANY means loopback (BSD'ism).
152 if (ipv6_addr_any(&usin
->sin6_addr
))
153 usin
->sin6_addr
.s6_addr
[15] = 0x1;
155 addr_type
= ipv6_addr_type(&usin
->sin6_addr
);
157 if (addr_type
& IPV6_ADDR_MULTICAST
)
160 if (addr_type
&IPV6_ADDR_LINKLOCAL
) {
161 if (addr_len
>= sizeof(struct sockaddr_in6
) &&
162 usin
->sin6_scope_id
) {
163 /* If interface is set while binding, indices
166 if (sk
->sk_bound_dev_if
&&
167 sk
->sk_bound_dev_if
!= usin
->sin6_scope_id
)
170 sk
->sk_bound_dev_if
= usin
->sin6_scope_id
;
173 /* Connect to link-local address requires an interface */
174 if (!sk
->sk_bound_dev_if
)
178 if (tp
->rx_opt
.ts_recent_stamp
&&
179 !ipv6_addr_equal(&sk
->sk_v6_daddr
, &usin
->sin6_addr
)) {
180 tp
->rx_opt
.ts_recent
= 0;
181 tp
->rx_opt
.ts_recent_stamp
= 0;
185 sk
->sk_v6_daddr
= usin
->sin6_addr
;
186 np
->flow_label
= fl6
.flowlabel
;
192 if (addr_type
== IPV6_ADDR_MAPPED
) {
193 u32 exthdrlen
= icsk
->icsk_ext_hdr_len
;
194 struct sockaddr_in sin
;
196 SOCK_DEBUG(sk
, "connect: ipv4 mapped\n");
198 if (__ipv6_only_sock(sk
))
201 sin
.sin_family
= AF_INET
;
202 sin
.sin_port
= usin
->sin6_port
;
203 sin
.sin_addr
.s_addr
= usin
->sin6_addr
.s6_addr32
[3];
205 icsk
->icsk_af_ops
= &ipv6_mapped
;
206 sk
->sk_backlog_rcv
= tcp_v4_do_rcv
;
207 #ifdef CONFIG_TCP_MD5SIG
208 tp
->af_specific
= &tcp_sock_ipv6_mapped_specific
;
211 err
= tcp_v4_connect(sk
, (struct sockaddr
*)&sin
, sizeof(sin
));
214 icsk
->icsk_ext_hdr_len
= exthdrlen
;
215 icsk
->icsk_af_ops
= &ipv6_specific
;
216 sk
->sk_backlog_rcv
= tcp_v6_do_rcv
;
217 #ifdef CONFIG_TCP_MD5SIG
218 tp
->af_specific
= &tcp_sock_ipv6_specific
;
222 np
->saddr
= sk
->sk_v6_rcv_saddr
;
227 if (!ipv6_addr_any(&sk
->sk_v6_rcv_saddr
))
228 saddr
= &sk
->sk_v6_rcv_saddr
;
230 fl6
.flowi6_proto
= IPPROTO_TCP
;
231 fl6
.daddr
= sk
->sk_v6_daddr
;
232 fl6
.saddr
= saddr
? *saddr
: np
->saddr
;
233 fl6
.flowi6_oif
= sk
->sk_bound_dev_if
;
234 fl6
.flowi6_mark
= sk
->sk_mark
;
235 fl6
.fl6_dport
= usin
->sin6_port
;
236 fl6
.fl6_sport
= inet
->inet_sport
;
238 final_p
= fl6_update_dst(&fl6
, np
->opt
, &final
);
240 security_sk_classify_flow(sk
, flowi6_to_flowi(&fl6
));
242 dst
= ip6_dst_lookup_flow(sk
, &fl6
, final_p
);
250 sk
->sk_v6_rcv_saddr
= *saddr
;
253 /* set the source address */
255 inet
->inet_rcv_saddr
= LOOPBACK4_IPV6
;
257 sk
->sk_gso_type
= SKB_GSO_TCPV6
;
258 __ip6_dst_store(sk
, dst
, NULL
, NULL
);
260 if (tcp_death_row
.sysctl_tw_recycle
&&
261 !tp
->rx_opt
.ts_recent_stamp
&&
262 ipv6_addr_equal(&fl6
.daddr
, &sk
->sk_v6_daddr
))
263 tcp_fetch_timewait_stamp(sk
, dst
);
265 icsk
->icsk_ext_hdr_len
= 0;
267 icsk
->icsk_ext_hdr_len
= (np
->opt
->opt_flen
+
270 tp
->rx_opt
.mss_clamp
= IPV6_MIN_MTU
- sizeof(struct tcphdr
) - sizeof(struct ipv6hdr
);
272 inet
->inet_dport
= usin
->sin6_port
;
274 tcp_set_state(sk
, TCP_SYN_SENT
);
275 err
= inet6_hash_connect(&tcp_death_row
, sk
);
281 if (!tp
->write_seq
&& likely(!tp
->repair
))
282 tp
->write_seq
= secure_tcpv6_sequence_number(np
->saddr
.s6_addr32
,
283 sk
->sk_v6_daddr
.s6_addr32
,
287 err
= tcp_connect(sk
);
294 tcp_set_state(sk
, TCP_CLOSE
);
297 inet
->inet_dport
= 0;
298 sk
->sk_route_caps
= 0;
302 static void tcp_v6_mtu_reduced(struct sock
*sk
)
304 struct dst_entry
*dst
;
306 if ((1 << sk
->sk_state
) & (TCPF_LISTEN
| TCPF_CLOSE
))
309 dst
= inet6_csk_update_pmtu(sk
, tcp_sk(sk
)->mtu_info
);
313 if (inet_csk(sk
)->icsk_pmtu_cookie
> dst_mtu(dst
)) {
314 tcp_sync_mss(sk
, dst_mtu(dst
));
315 tcp_simple_retransmit(sk
);
319 static void tcp_v6_err(struct sk_buff
*skb
, struct inet6_skb_parm
*opt
,
320 u8 type
, u8 code
, int offset
, __be32 info
)
322 const struct ipv6hdr
*hdr
= (const struct ipv6hdr
*)skb
->data
;
323 const struct tcphdr
*th
= (struct tcphdr
*)(skb
->data
+offset
);
324 struct net
*net
= dev_net(skb
->dev
);
325 struct request_sock
*fastopen
;
326 struct ipv6_pinfo
*np
;
332 sk
= __inet6_lookup_established(net
, &tcp_hashinfo
,
333 &hdr
->daddr
, th
->dest
,
334 &hdr
->saddr
, ntohs(th
->source
),
338 ICMP6_INC_STATS_BH(net
, __in6_dev_get(skb
->dev
),
343 if (sk
->sk_state
== TCP_TIME_WAIT
) {
344 inet_twsk_put(inet_twsk(sk
));
347 seq
= ntohl(th
->seq
);
348 if (sk
->sk_state
== TCP_NEW_SYN_RECV
)
349 return tcp_req_err(sk
, seq
);
352 if (sock_owned_by_user(sk
) && type
!= ICMPV6_PKT_TOOBIG
)
353 NET_INC_STATS_BH(net
, LINUX_MIB_LOCKDROPPEDICMPS
);
355 if (sk
->sk_state
== TCP_CLOSE
)
358 if (ipv6_hdr(skb
)->hop_limit
< inet6_sk(sk
)->min_hopcount
) {
359 NET_INC_STATS_BH(net
, LINUX_MIB_TCPMINTTLDROP
);
364 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
365 fastopen
= tp
->fastopen_rsk
;
366 snd_una
= fastopen
? tcp_rsk(fastopen
)->snt_isn
: tp
->snd_una
;
367 if (sk
->sk_state
!= TCP_LISTEN
&&
368 !between(seq
, snd_una
, tp
->snd_nxt
)) {
369 NET_INC_STATS_BH(net
, LINUX_MIB_OUTOFWINDOWICMPS
);
375 if (type
== NDISC_REDIRECT
) {
376 struct dst_entry
*dst
= __sk_dst_check(sk
, np
->dst_cookie
);
379 dst
->ops
->redirect(dst
, sk
, skb
);
383 if (type
== ICMPV6_PKT_TOOBIG
) {
384 /* We are not interested in TCP_LISTEN and open_requests
385 * (SYN-ACKs send out by Linux are always <576bytes so
386 * they should go through unfragmented).
388 if (sk
->sk_state
== TCP_LISTEN
)
391 if (!ip6_sk_accept_pmtu(sk
))
394 tp
->mtu_info
= ntohl(info
);
395 if (!sock_owned_by_user(sk
))
396 tcp_v6_mtu_reduced(sk
);
397 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED
,
403 icmpv6_err_convert(type
, code
, &err
);
405 /* Might be for an request_sock */
406 switch (sk
->sk_state
) {
409 /* Only in fast or simultaneous open. If a fast open socket is
410 * is already accepted it is treated as a connected one below.
412 if (fastopen
&& !fastopen
->sk
)
415 if (!sock_owned_by_user(sk
)) {
417 sk
->sk_error_report(sk
); /* Wake people up to see the error (see connect in sock.c) */
421 sk
->sk_err_soft
= err
;
425 if (!sock_owned_by_user(sk
) && np
->recverr
) {
427 sk
->sk_error_report(sk
);
429 sk
->sk_err_soft
= err
;
437 static int tcp_v6_send_synack(const struct sock
*sk
, struct dst_entry
*dst
,
439 struct request_sock
*req
,
441 struct tcp_fastopen_cookie
*foc
)
443 struct inet_request_sock
*ireq
= inet_rsk(req
);
444 struct ipv6_pinfo
*np
= inet6_sk(sk
);
445 struct flowi6
*fl6
= &fl
->u
.ip6
;
449 /* First, grab a route. */
450 if (!dst
&& (dst
= inet6_csk_route_req(sk
, fl6
, req
,
451 IPPROTO_TCP
)) == NULL
)
454 skb
= tcp_make_synack(sk
, dst
, req
, foc
);
457 __tcp_v6_send_check(skb
, &ireq
->ir_v6_loc_addr
,
458 &ireq
->ir_v6_rmt_addr
);
460 fl6
->daddr
= ireq
->ir_v6_rmt_addr
;
461 if (np
->repflow
&& ireq
->pktopts
)
462 fl6
->flowlabel
= ip6_flowlabel(ipv6_hdr(ireq
->pktopts
));
464 skb_set_queue_mapping(skb
, queue_mapping
);
465 err
= ip6_xmit(sk
, skb
, fl6
, np
->opt
, np
->tclass
);
466 err
= net_xmit_eval(err
);
474 static void tcp_v6_reqsk_destructor(struct request_sock
*req
)
476 kfree_skb(inet_rsk(req
)->pktopts
);
479 #ifdef CONFIG_TCP_MD5SIG
480 static struct tcp_md5sig_key
*tcp_v6_md5_do_lookup(const struct sock
*sk
,
481 const struct in6_addr
*addr
)
483 return tcp_md5_do_lookup(sk
, (union tcp_md5_addr
*)addr
, AF_INET6
);
486 static struct tcp_md5sig_key
*tcp_v6_md5_lookup(const struct sock
*sk
,
487 const struct sock
*addr_sk
)
489 return tcp_v6_md5_do_lookup(sk
, &addr_sk
->sk_v6_daddr
);
492 static int tcp_v6_parse_md5_keys(struct sock
*sk
, char __user
*optval
,
495 struct tcp_md5sig cmd
;
496 struct sockaddr_in6
*sin6
= (struct sockaddr_in6
*)&cmd
.tcpm_addr
;
498 if (optlen
< sizeof(cmd
))
501 if (copy_from_user(&cmd
, optval
, sizeof(cmd
)))
504 if (sin6
->sin6_family
!= AF_INET6
)
507 if (!cmd
.tcpm_keylen
) {
508 if (ipv6_addr_v4mapped(&sin6
->sin6_addr
))
509 return tcp_md5_do_del(sk
, (union tcp_md5_addr
*)&sin6
->sin6_addr
.s6_addr32
[3],
511 return tcp_md5_do_del(sk
, (union tcp_md5_addr
*)&sin6
->sin6_addr
,
515 if (cmd
.tcpm_keylen
> TCP_MD5SIG_MAXKEYLEN
)
518 if (ipv6_addr_v4mapped(&sin6
->sin6_addr
))
519 return tcp_md5_do_add(sk
, (union tcp_md5_addr
*)&sin6
->sin6_addr
.s6_addr32
[3],
520 AF_INET
, cmd
.tcpm_key
, cmd
.tcpm_keylen
, GFP_KERNEL
);
522 return tcp_md5_do_add(sk
, (union tcp_md5_addr
*)&sin6
->sin6_addr
,
523 AF_INET6
, cmd
.tcpm_key
, cmd
.tcpm_keylen
, GFP_KERNEL
);
526 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool
*hp
,
527 const struct in6_addr
*daddr
,
528 const struct in6_addr
*saddr
, int nbytes
)
530 struct tcp6_pseudohdr
*bp
;
531 struct scatterlist sg
;
533 bp
= &hp
->md5_blk
.ip6
;
534 /* 1. TCP pseudo-header (RFC2460) */
537 bp
->protocol
= cpu_to_be32(IPPROTO_TCP
);
538 bp
->len
= cpu_to_be32(nbytes
);
540 sg_init_one(&sg
, bp
, sizeof(*bp
));
541 return crypto_hash_update(&hp
->md5_desc
, &sg
, sizeof(*bp
));
544 static int tcp_v6_md5_hash_hdr(char *md5_hash
, struct tcp_md5sig_key
*key
,
545 const struct in6_addr
*daddr
, struct in6_addr
*saddr
,
546 const struct tcphdr
*th
)
548 struct tcp_md5sig_pool
*hp
;
549 struct hash_desc
*desc
;
551 hp
= tcp_get_md5sig_pool();
553 goto clear_hash_noput
;
554 desc
= &hp
->md5_desc
;
556 if (crypto_hash_init(desc
))
558 if (tcp_v6_md5_hash_pseudoheader(hp
, daddr
, saddr
, th
->doff
<< 2))
560 if (tcp_md5_hash_header(hp
, th
))
562 if (tcp_md5_hash_key(hp
, key
))
564 if (crypto_hash_final(desc
, md5_hash
))
567 tcp_put_md5sig_pool();
571 tcp_put_md5sig_pool();
573 memset(md5_hash
, 0, 16);
577 static int tcp_v6_md5_hash_skb(char *md5_hash
,
578 const struct tcp_md5sig_key
*key
,
579 const struct sock
*sk
,
580 const struct sk_buff
*skb
)
582 const struct in6_addr
*saddr
, *daddr
;
583 struct tcp_md5sig_pool
*hp
;
584 struct hash_desc
*desc
;
585 const struct tcphdr
*th
= tcp_hdr(skb
);
587 if (sk
) { /* valid for establish/request sockets */
588 saddr
= &sk
->sk_v6_rcv_saddr
;
589 daddr
= &sk
->sk_v6_daddr
;
591 const struct ipv6hdr
*ip6h
= ipv6_hdr(skb
);
592 saddr
= &ip6h
->saddr
;
593 daddr
= &ip6h
->daddr
;
596 hp
= tcp_get_md5sig_pool();
598 goto clear_hash_noput
;
599 desc
= &hp
->md5_desc
;
601 if (crypto_hash_init(desc
))
604 if (tcp_v6_md5_hash_pseudoheader(hp
, daddr
, saddr
, skb
->len
))
606 if (tcp_md5_hash_header(hp
, th
))
608 if (tcp_md5_hash_skb_data(hp
, skb
, th
->doff
<< 2))
610 if (tcp_md5_hash_key(hp
, key
))
612 if (crypto_hash_final(desc
, md5_hash
))
615 tcp_put_md5sig_pool();
619 tcp_put_md5sig_pool();
621 memset(md5_hash
, 0, 16);
627 static bool tcp_v6_inbound_md5_hash(const struct sock
*sk
,
628 const struct sk_buff
*skb
)
630 #ifdef CONFIG_TCP_MD5SIG
631 const __u8
*hash_location
= NULL
;
632 struct tcp_md5sig_key
*hash_expected
;
633 const struct ipv6hdr
*ip6h
= ipv6_hdr(skb
);
634 const struct tcphdr
*th
= tcp_hdr(skb
);
638 hash_expected
= tcp_v6_md5_do_lookup(sk
, &ip6h
->saddr
);
639 hash_location
= tcp_parse_md5sig_option(th
);
641 /* We've parsed the options - do we have a hash? */
642 if (!hash_expected
&& !hash_location
)
645 if (hash_expected
&& !hash_location
) {
646 NET_INC_STATS_BH(sock_net(sk
), LINUX_MIB_TCPMD5NOTFOUND
);
650 if (!hash_expected
&& hash_location
) {
651 NET_INC_STATS_BH(sock_net(sk
), LINUX_MIB_TCPMD5UNEXPECTED
);
655 /* check the signature */
656 genhash
= tcp_v6_md5_hash_skb(newhash
,
660 if (genhash
|| memcmp(hash_location
, newhash
, 16) != 0) {
661 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
662 genhash
? "failed" : "mismatch",
663 &ip6h
->saddr
, ntohs(th
->source
),
664 &ip6h
->daddr
, ntohs(th
->dest
));
671 static void tcp_v6_init_req(struct request_sock
*req
,
672 const struct sock
*sk_listener
,
675 struct inet_request_sock
*ireq
= inet_rsk(req
);
676 const struct ipv6_pinfo
*np
= inet6_sk(sk_listener
);
678 ireq
->ir_v6_rmt_addr
= ipv6_hdr(skb
)->saddr
;
679 ireq
->ir_v6_loc_addr
= ipv6_hdr(skb
)->daddr
;
681 /* So that link locals have meaning */
682 if (!sk_listener
->sk_bound_dev_if
&&
683 ipv6_addr_type(&ireq
->ir_v6_rmt_addr
) & IPV6_ADDR_LINKLOCAL
)
684 ireq
->ir_iif
= tcp_v6_iif(skb
);
686 if (!TCP_SKB_CB(skb
)->tcp_tw_isn
&&
687 (ipv6_opt_accepted(sk_listener
, skb
, &TCP_SKB_CB(skb
)->header
.h6
) ||
688 np
->rxopt
.bits
.rxinfo
||
689 np
->rxopt
.bits
.rxoinfo
|| np
->rxopt
.bits
.rxhlim
||
690 np
->rxopt
.bits
.rxohlim
|| np
->repflow
)) {
691 atomic_inc(&skb
->users
);
696 static struct dst_entry
*tcp_v6_route_req(const struct sock
*sk
,
698 const struct request_sock
*req
,
703 return inet6_csk_route_req(sk
, &fl
->u
.ip6
, req
, IPPROTO_TCP
);
706 struct request_sock_ops tcp6_request_sock_ops __read_mostly
= {
708 .obj_size
= sizeof(struct tcp6_request_sock
),
709 .rtx_syn_ack
= tcp_rtx_synack
,
710 .send_ack
= tcp_v6_reqsk_send_ack
,
711 .destructor
= tcp_v6_reqsk_destructor
,
712 .send_reset
= tcp_v6_send_reset
,
713 .syn_ack_timeout
= tcp_syn_ack_timeout
,
716 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops
= {
717 .mss_clamp
= IPV6_MIN_MTU
- sizeof(struct tcphdr
) -
718 sizeof(struct ipv6hdr
),
719 #ifdef CONFIG_TCP_MD5SIG
720 .req_md5_lookup
= tcp_v6_md5_lookup
,
721 .calc_md5_hash
= tcp_v6_md5_hash_skb
,
723 .init_req
= tcp_v6_init_req
,
724 #ifdef CONFIG_SYN_COOKIES
725 .cookie_init_seq
= cookie_v6_init_sequence
,
727 .route_req
= tcp_v6_route_req
,
728 .init_seq
= tcp_v6_init_sequence
,
729 .send_synack
= tcp_v6_send_synack
,
730 .queue_hash_add
= inet6_csk_reqsk_queue_hash_add
,
733 static void tcp_v6_send_response(const struct sock
*sk
, struct sk_buff
*skb
, u32 seq
,
734 u32 ack
, u32 win
, u32 tsval
, u32 tsecr
,
735 int oif
, struct tcp_md5sig_key
*key
, int rst
,
736 u8 tclass
, u32 label
)
738 const struct tcphdr
*th
= tcp_hdr(skb
);
740 struct sk_buff
*buff
;
742 struct net
*net
= sk
? sock_net(sk
) : dev_net(skb_dst(skb
)->dev
);
743 struct sock
*ctl_sk
= net
->ipv6
.tcp_sk
;
744 unsigned int tot_len
= sizeof(struct tcphdr
);
745 struct dst_entry
*dst
;
749 tot_len
+= TCPOLEN_TSTAMP_ALIGNED
;
750 #ifdef CONFIG_TCP_MD5SIG
752 tot_len
+= TCPOLEN_MD5SIG_ALIGNED
;
755 buff
= alloc_skb(MAX_HEADER
+ sizeof(struct ipv6hdr
) + tot_len
,
760 skb_reserve(buff
, MAX_HEADER
+ sizeof(struct ipv6hdr
) + tot_len
);
762 t1
= (struct tcphdr
*) skb_push(buff
, tot_len
);
763 skb_reset_transport_header(buff
);
765 /* Swap the send and the receive. */
766 memset(t1
, 0, sizeof(*t1
));
767 t1
->dest
= th
->source
;
768 t1
->source
= th
->dest
;
769 t1
->doff
= tot_len
/ 4;
770 t1
->seq
= htonl(seq
);
771 t1
->ack_seq
= htonl(ack
);
772 t1
->ack
= !rst
|| !th
->ack
;
774 t1
->window
= htons(win
);
776 topt
= (__be32
*)(t1
+ 1);
779 *topt
++ = htonl((TCPOPT_NOP
<< 24) | (TCPOPT_NOP
<< 16) |
780 (TCPOPT_TIMESTAMP
<< 8) | TCPOLEN_TIMESTAMP
);
781 *topt
++ = htonl(tsval
);
782 *topt
++ = htonl(tsecr
);
785 #ifdef CONFIG_TCP_MD5SIG
787 *topt
++ = htonl((TCPOPT_NOP
<< 24) | (TCPOPT_NOP
<< 16) |
788 (TCPOPT_MD5SIG
<< 8) | TCPOLEN_MD5SIG
);
789 tcp_v6_md5_hash_hdr((__u8
*)topt
, key
,
790 &ipv6_hdr(skb
)->saddr
,
791 &ipv6_hdr(skb
)->daddr
, t1
);
795 memset(&fl6
, 0, sizeof(fl6
));
796 fl6
.daddr
= ipv6_hdr(skb
)->saddr
;
797 fl6
.saddr
= ipv6_hdr(skb
)->daddr
;
798 fl6
.flowlabel
= label
;
800 buff
->ip_summed
= CHECKSUM_PARTIAL
;
803 __tcp_v6_send_check(buff
, &fl6
.saddr
, &fl6
.daddr
);
805 fl6
.flowi6_proto
= IPPROTO_TCP
;
806 if (rt6_need_strict(&fl6
.daddr
) && !oif
)
807 fl6
.flowi6_oif
= tcp_v6_iif(skb
);
809 fl6
.flowi6_oif
= oif
;
810 fl6
.flowi6_mark
= IP6_REPLY_MARK(net
, skb
->mark
);
811 fl6
.fl6_dport
= t1
->dest
;
812 fl6
.fl6_sport
= t1
->source
;
813 security_skb_classify_flow(skb
, flowi6_to_flowi(&fl6
));
815 /* Pass a socket to ip6_dst_lookup either it is for RST
816 * Underlying function will use this to retrieve the network
819 dst
= ip6_dst_lookup_flow(ctl_sk
, &fl6
, NULL
);
821 skb_dst_set(buff
, dst
);
822 ip6_xmit(ctl_sk
, buff
, &fl6
, NULL
, tclass
);
823 TCP_INC_STATS_BH(net
, TCP_MIB_OUTSEGS
);
825 TCP_INC_STATS_BH(net
, TCP_MIB_OUTRSTS
);
832 static void tcp_v6_send_reset(const struct sock
*sk
, struct sk_buff
*skb
)
834 const struct tcphdr
*th
= tcp_hdr(skb
);
835 u32 seq
= 0, ack_seq
= 0;
836 struct tcp_md5sig_key
*key
= NULL
;
837 #ifdef CONFIG_TCP_MD5SIG
838 const __u8
*hash_location
= NULL
;
839 struct ipv6hdr
*ipv6h
= ipv6_hdr(skb
);
840 unsigned char newhash
[16];
842 struct sock
*sk1
= NULL
;
849 /* If sk not NULL, it means we did a successful lookup and incoming
850 * route had to be correct. prequeue might have dropped our dst.
852 if (!sk
&& !ipv6_unicast_destination(skb
))
855 #ifdef CONFIG_TCP_MD5SIG
856 hash_location
= tcp_parse_md5sig_option(th
);
857 if (!sk
&& hash_location
) {
859 * active side is lost. Try to find listening socket through
860 * source port, and then find md5 key through listening socket.
861 * we are not loose security here:
862 * Incoming packet is checked with md5 hash with finding key,
863 * no RST generated if md5 hash doesn't match.
865 sk1
= inet6_lookup_listener(dev_net(skb_dst(skb
)->dev
),
866 &tcp_hashinfo
, &ipv6h
->saddr
,
867 th
->source
, &ipv6h
->daddr
,
868 ntohs(th
->source
), tcp_v6_iif(skb
));
873 key
= tcp_v6_md5_do_lookup(sk1
, &ipv6h
->saddr
);
877 genhash
= tcp_v6_md5_hash_skb(newhash
, key
, NULL
, skb
);
878 if (genhash
|| memcmp(hash_location
, newhash
, 16) != 0)
881 key
= sk
? tcp_v6_md5_do_lookup(sk
, &ipv6h
->saddr
) : NULL
;
886 seq
= ntohl(th
->ack_seq
);
888 ack_seq
= ntohl(th
->seq
) + th
->syn
+ th
->fin
+ skb
->len
-
891 oif
= sk
? sk
->sk_bound_dev_if
: 0;
892 tcp_v6_send_response(sk
, skb
, seq
, ack_seq
, 0, 0, 0, oif
, key
, 1, 0, 0);
894 #ifdef CONFIG_TCP_MD5SIG
903 static void tcp_v6_send_ack(const struct sock
*sk
, struct sk_buff
*skb
, u32 seq
,
904 u32 ack
, u32 win
, u32 tsval
, u32 tsecr
, int oif
,
905 struct tcp_md5sig_key
*key
, u8 tclass
,
908 tcp_v6_send_response(sk
, skb
, seq
, ack
, win
, tsval
, tsecr
, oif
, key
, 0,
912 static void tcp_v6_timewait_ack(struct sock
*sk
, struct sk_buff
*skb
)
914 struct inet_timewait_sock
*tw
= inet_twsk(sk
);
915 struct tcp_timewait_sock
*tcptw
= tcp_twsk(sk
);
917 tcp_v6_send_ack(sk
, skb
, tcptw
->tw_snd_nxt
, tcptw
->tw_rcv_nxt
,
918 tcptw
->tw_rcv_wnd
>> tw
->tw_rcv_wscale
,
919 tcp_time_stamp
+ tcptw
->tw_ts_offset
,
920 tcptw
->tw_ts_recent
, tw
->tw_bound_dev_if
, tcp_twsk_md5_key(tcptw
),
921 tw
->tw_tclass
, cpu_to_be32(tw
->tw_flowlabel
));
926 static void tcp_v6_reqsk_send_ack(const struct sock
*sk
, struct sk_buff
*skb
,
927 struct request_sock
*req
)
929 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
930 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
932 tcp_v6_send_ack(sk
, skb
, (sk
->sk_state
== TCP_LISTEN
) ?
933 tcp_rsk(req
)->snt_isn
+ 1 : tcp_sk(sk
)->snd_nxt
,
934 tcp_rsk(req
)->rcv_nxt
, req
->rcv_wnd
,
935 tcp_time_stamp
, req
->ts_recent
, sk
->sk_bound_dev_if
,
936 tcp_v6_md5_do_lookup(sk
, &ipv6_hdr(skb
)->daddr
),
941 static struct sock
*tcp_v6_hnd_req(struct sock
*sk
, struct sk_buff
*skb
)
943 const struct tcphdr
*th
= tcp_hdr(skb
);
944 struct request_sock
*req
;
947 /* Find possible connection requests. */
948 req
= inet6_csk_search_req(sk
, th
->source
,
949 &ipv6_hdr(skb
)->saddr
,
950 &ipv6_hdr(skb
)->daddr
, tcp_v6_iif(skb
));
952 nsk
= tcp_check_req(sk
, skb
, req
, false);
953 if (!nsk
|| nsk
== sk
)
957 nsk
= __inet6_lookup_established(sock_net(sk
), &tcp_hashinfo
,
958 &ipv6_hdr(skb
)->saddr
, th
->source
,
959 &ipv6_hdr(skb
)->daddr
, ntohs(th
->dest
),
963 if (nsk
->sk_state
!= TCP_TIME_WAIT
) {
967 inet_twsk_put(inet_twsk(nsk
));
971 #ifdef CONFIG_SYN_COOKIES
973 sk
= cookie_v6_check(sk
, skb
);
978 static int tcp_v6_conn_request(struct sock
*sk
, struct sk_buff
*skb
)
980 if (skb
->protocol
== htons(ETH_P_IP
))
981 return tcp_v4_conn_request(sk
, skb
);
983 if (!ipv6_unicast_destination(skb
))
986 return tcp_conn_request(&tcp6_request_sock_ops
,
987 &tcp_request_sock_ipv6_ops
, sk
, skb
);
990 NET_INC_STATS_BH(sock_net(sk
), LINUX_MIB_LISTENDROPS
);
991 return 0; /* don't send reset */
994 static struct sock
*tcp_v6_syn_recv_sock(const struct sock
*sk
, struct sk_buff
*skb
,
995 struct request_sock
*req
,
996 struct dst_entry
*dst
)
998 struct inet_request_sock
*ireq
;
999 struct ipv6_pinfo
*newnp
;
1000 const struct ipv6_pinfo
*np
= inet6_sk(sk
);
1001 struct tcp6_sock
*newtcp6sk
;
1002 struct inet_sock
*newinet
;
1003 struct tcp_sock
*newtp
;
1005 #ifdef CONFIG_TCP_MD5SIG
1006 struct tcp_md5sig_key
*key
;
1010 if (skb
->protocol
== htons(ETH_P_IP
)) {
1015 newsk
= tcp_v4_syn_recv_sock(sk
, skb
, req
, dst
);
1020 newtcp6sk
= (struct tcp6_sock
*)newsk
;
1021 inet_sk(newsk
)->pinet6
= &newtcp6sk
->inet6
;
1023 newinet
= inet_sk(newsk
);
1024 newnp
= inet6_sk(newsk
);
1025 newtp
= tcp_sk(newsk
);
1027 memcpy(newnp
, np
, sizeof(struct ipv6_pinfo
));
1029 newnp
->saddr
= newsk
->sk_v6_rcv_saddr
;
1031 inet_csk(newsk
)->icsk_af_ops
= &ipv6_mapped
;
1032 newsk
->sk_backlog_rcv
= tcp_v4_do_rcv
;
1033 #ifdef CONFIG_TCP_MD5SIG
1034 newtp
->af_specific
= &tcp_sock_ipv6_mapped_specific
;
1037 newnp
->ipv6_ac_list
= NULL
;
1038 newnp
->ipv6_fl_list
= NULL
;
1039 newnp
->pktoptions
= NULL
;
1041 newnp
->mcast_oif
= tcp_v6_iif(skb
);
1042 newnp
->mcast_hops
= ipv6_hdr(skb
)->hop_limit
;
1043 newnp
->rcv_flowinfo
= ip6_flowinfo(ipv6_hdr(skb
));
1045 newnp
->flow_label
= ip6_flowlabel(ipv6_hdr(skb
));
1048 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1049 * here, tcp_create_openreq_child now does this for us, see the comment in
1050 * that function for the gory details. -acme
1053 /* It is tricky place. Until this moment IPv4 tcp
1054 worked with IPv6 icsk.icsk_af_ops.
1057 tcp_sync_mss(newsk
, inet_csk(newsk
)->icsk_pmtu_cookie
);
1062 ireq
= inet_rsk(req
);
1064 if (sk_acceptq_is_full(sk
))
1068 dst
= inet6_csk_route_req(sk
, &fl6
, req
, IPPROTO_TCP
);
1073 newsk
= tcp_create_openreq_child(sk
, req
, skb
);
1078 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1079 * count here, tcp_create_openreq_child now does this for us, see the
1080 * comment in that function for the gory details. -acme
1083 newsk
->sk_gso_type
= SKB_GSO_TCPV6
;
1084 __ip6_dst_store(newsk
, dst
, NULL
, NULL
);
1085 inet6_sk_rx_dst_set(newsk
, skb
);
1087 newtcp6sk
= (struct tcp6_sock
*)newsk
;
1088 inet_sk(newsk
)->pinet6
= &newtcp6sk
->inet6
;
1090 newtp
= tcp_sk(newsk
);
1091 newinet
= inet_sk(newsk
);
1092 newnp
= inet6_sk(newsk
);
1094 memcpy(newnp
, np
, sizeof(struct ipv6_pinfo
));
1096 newsk
->sk_v6_daddr
= ireq
->ir_v6_rmt_addr
;
1097 newnp
->saddr
= ireq
->ir_v6_loc_addr
;
1098 newsk
->sk_v6_rcv_saddr
= ireq
->ir_v6_loc_addr
;
1099 newsk
->sk_bound_dev_if
= ireq
->ir_iif
;
1101 /* Now IPv6 options...
1103 First: no IPv4 options.
1105 newinet
->inet_opt
= NULL
;
1106 newnp
->ipv6_ac_list
= NULL
;
1107 newnp
->ipv6_fl_list
= NULL
;
1110 newnp
->rxopt
.all
= np
->rxopt
.all
;
1112 /* Clone pktoptions received with SYN */
1113 newnp
->pktoptions
= NULL
;
1114 if (ireq
->pktopts
) {
1115 newnp
->pktoptions
= skb_clone(ireq
->pktopts
,
1116 sk_gfp_atomic(sk
, GFP_ATOMIC
));
1117 consume_skb(ireq
->pktopts
);
1118 ireq
->pktopts
= NULL
;
1119 if (newnp
->pktoptions
)
1120 skb_set_owner_r(newnp
->pktoptions
, newsk
);
1123 newnp
->mcast_oif
= tcp_v6_iif(skb
);
1124 newnp
->mcast_hops
= ipv6_hdr(skb
)->hop_limit
;
1125 newnp
->rcv_flowinfo
= ip6_flowinfo(ipv6_hdr(skb
));
1127 newnp
->flow_label
= ip6_flowlabel(ipv6_hdr(skb
));
1129 /* Clone native IPv6 options from listening socket (if any)
1131 Yes, keeping reference count would be much more clever,
1132 but we make one more one thing there: reattach optmem
1136 newnp
->opt
= ipv6_dup_options(newsk
, np
->opt
);
1138 inet_csk(newsk
)->icsk_ext_hdr_len
= 0;
1140 inet_csk(newsk
)->icsk_ext_hdr_len
= (newnp
->opt
->opt_nflen
+
1141 newnp
->opt
->opt_flen
);
1143 tcp_ca_openreq_child(newsk
, dst
);
1145 tcp_sync_mss(newsk
, dst_mtu(dst
));
1146 newtp
->advmss
= dst_metric_advmss(dst
);
1147 if (tcp_sk(sk
)->rx_opt
.user_mss
&&
1148 tcp_sk(sk
)->rx_opt
.user_mss
< newtp
->advmss
)
1149 newtp
->advmss
= tcp_sk(sk
)->rx_opt
.user_mss
;
1151 tcp_initialize_rcv_mss(newsk
);
1153 newinet
->inet_daddr
= newinet
->inet_saddr
= LOOPBACK4_IPV6
;
1154 newinet
->inet_rcv_saddr
= LOOPBACK4_IPV6
;
1156 #ifdef CONFIG_TCP_MD5SIG
1157 /* Copy over the MD5 key from the original socket */
1158 key
= tcp_v6_md5_do_lookup(sk
, &newsk
->sk_v6_daddr
);
1160 /* We're using one, so create a matching key
1161 * on the newsk structure. If we fail to get
1162 * memory, then we end up not copying the key
1165 tcp_md5_do_add(newsk
, (union tcp_md5_addr
*)&newsk
->sk_v6_daddr
,
1166 AF_INET6
, key
->key
, key
->keylen
,
1167 sk_gfp_atomic(sk
, GFP_ATOMIC
));
1171 if (__inet_inherit_port(sk
, newsk
) < 0) {
1172 inet_csk_prepare_forced_close(newsk
);
1176 __inet_hash(newsk
, NULL
);
1181 NET_INC_STATS_BH(sock_net(sk
), LINUX_MIB_LISTENOVERFLOWS
);
1185 NET_INC_STATS_BH(sock_net(sk
), LINUX_MIB_LISTENDROPS
);
1189 /* The socket must have it's spinlock held when we get
1192 * We have a potential double-lock case here, so even when
1193 * doing backlog processing we use the BH locking scheme.
1194 * This is because we cannot sleep with the original spinlock
1197 static int tcp_v6_do_rcv(struct sock
*sk
, struct sk_buff
*skb
)
1199 struct ipv6_pinfo
*np
= inet6_sk(sk
);
1200 struct tcp_sock
*tp
;
1201 struct sk_buff
*opt_skb
= NULL
;
1203 /* Imagine: socket is IPv6. IPv4 packet arrives,
1204 goes to IPv4 receive handler and backlogged.
1205 From backlog it always goes here. Kerboom...
1206 Fortunately, tcp_rcv_established and rcv_established
1207 handle them correctly, but it is not case with
1208 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1211 if (skb
->protocol
== htons(ETH_P_IP
))
1212 return tcp_v4_do_rcv(sk
, skb
);
1214 if (sk_filter(sk
, skb
))
1218 * socket locking is here for SMP purposes as backlog rcv
1219 * is currently called with bh processing disabled.
1222 /* Do Stevens' IPV6_PKTOPTIONS.
1224 Yes, guys, it is the only place in our code, where we
1225 may make it not affecting IPv4.
1226 The rest of code is protocol independent,
1227 and I do not like idea to uglify IPv4.
1229 Actually, all the idea behind IPV6_PKTOPTIONS
1230 looks not very well thought. For now we latch
1231 options, received in the last packet, enqueued
1232 by tcp. Feel free to propose better solution.
1236 opt_skb
= skb_clone(skb
, sk_gfp_atomic(sk
, GFP_ATOMIC
));
1238 if (sk
->sk_state
== TCP_ESTABLISHED
) { /* Fast path */
1239 struct dst_entry
*dst
= sk
->sk_rx_dst
;
1241 sock_rps_save_rxhash(sk
, skb
);
1242 sk_mark_napi_id(sk
, skb
);
1244 if (inet_sk(sk
)->rx_dst_ifindex
!= skb
->skb_iif
||
1245 dst
->ops
->check(dst
, np
->rx_dst_cookie
) == NULL
) {
1247 sk
->sk_rx_dst
= NULL
;
1251 tcp_rcv_established(sk
, skb
, tcp_hdr(skb
), skb
->len
);
1253 goto ipv6_pktoptions
;
1257 if (tcp_checksum_complete(skb
))
1260 if (sk
->sk_state
== TCP_LISTEN
) {
1261 struct sock
*nsk
= tcp_v6_hnd_req(sk
, skb
);
1266 * Queue it on the new socket if the new socket is active,
1267 * otherwise we just shortcircuit this and continue with
1271 sock_rps_save_rxhash(nsk
, skb
);
1272 sk_mark_napi_id(nsk
, skb
);
1273 if (tcp_child_process(sk
, nsk
, skb
))
1276 __kfree_skb(opt_skb
);
1280 sock_rps_save_rxhash(sk
, skb
);
1282 if (tcp_rcv_state_process(sk
, skb
))
1285 goto ipv6_pktoptions
;
1289 tcp_v6_send_reset(sk
, skb
);
1292 __kfree_skb(opt_skb
);
1296 TCP_INC_STATS_BH(sock_net(sk
), TCP_MIB_CSUMERRORS
);
1297 TCP_INC_STATS_BH(sock_net(sk
), TCP_MIB_INERRS
);
1302 /* Do you ask, what is it?
1304 1. skb was enqueued by tcp.
1305 2. skb is added to tail of read queue, rather than out of order.
1306 3. socket is not in passive state.
1307 4. Finally, it really contains options, which user wants to receive.
1310 if (TCP_SKB_CB(opt_skb
)->end_seq
== tp
->rcv_nxt
&&
1311 !((1 << sk
->sk_state
) & (TCPF_CLOSE
| TCPF_LISTEN
))) {
1312 if (np
->rxopt
.bits
.rxinfo
|| np
->rxopt
.bits
.rxoinfo
)
1313 np
->mcast_oif
= tcp_v6_iif(opt_skb
);
1314 if (np
->rxopt
.bits
.rxhlim
|| np
->rxopt
.bits
.rxohlim
)
1315 np
->mcast_hops
= ipv6_hdr(opt_skb
)->hop_limit
;
1316 if (np
->rxopt
.bits
.rxflow
|| np
->rxopt
.bits
.rxtclass
)
1317 np
->rcv_flowinfo
= ip6_flowinfo(ipv6_hdr(opt_skb
));
1319 np
->flow_label
= ip6_flowlabel(ipv6_hdr(opt_skb
));
1320 if (ipv6_opt_accepted(sk
, opt_skb
, &TCP_SKB_CB(opt_skb
)->header
.h6
)) {
1321 skb_set_owner_r(opt_skb
, sk
);
1322 opt_skb
= xchg(&np
->pktoptions
, opt_skb
);
1324 __kfree_skb(opt_skb
);
1325 opt_skb
= xchg(&np
->pktoptions
, NULL
);
1333 static void tcp_v6_fill_cb(struct sk_buff
*skb
, const struct ipv6hdr
*hdr
,
1334 const struct tcphdr
*th
)
1336 /* This is tricky: we move IP6CB at its correct location into
1337 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
1338 * _decode_session6() uses IP6CB().
1339 * barrier() makes sure compiler won't play aliasing games.
1341 memmove(&TCP_SKB_CB(skb
)->header
.h6
, IP6CB(skb
),
1342 sizeof(struct inet6_skb_parm
));
1345 TCP_SKB_CB(skb
)->seq
= ntohl(th
->seq
);
1346 TCP_SKB_CB(skb
)->end_seq
= (TCP_SKB_CB(skb
)->seq
+ th
->syn
+ th
->fin
+
1347 skb
->len
- th
->doff
*4);
1348 TCP_SKB_CB(skb
)->ack_seq
= ntohl(th
->ack_seq
);
1349 TCP_SKB_CB(skb
)->tcp_flags
= tcp_flag_byte(th
);
1350 TCP_SKB_CB(skb
)->tcp_tw_isn
= 0;
1351 TCP_SKB_CB(skb
)->ip_dsfield
= ipv6_get_dsfield(hdr
);
1352 TCP_SKB_CB(skb
)->sacked
= 0;
1355 static void tcp_v6_restore_cb(struct sk_buff
*skb
)
1357 /* We need to move header back to the beginning if xfrm6_policy_check()
1358 * and tcp_v6_fill_cb() are going to be called again.
1360 memmove(IP6CB(skb
), &TCP_SKB_CB(skb
)->header
.h6
,
1361 sizeof(struct inet6_skb_parm
));
1364 static int tcp_v6_rcv(struct sk_buff
*skb
)
1366 const struct tcphdr
*th
;
1367 const struct ipv6hdr
*hdr
;
1370 struct net
*net
= dev_net(skb
->dev
);
1372 if (skb
->pkt_type
!= PACKET_HOST
)
1376 * Count it even if it's bad.
1378 TCP_INC_STATS_BH(net
, TCP_MIB_INSEGS
);
1380 if (!pskb_may_pull(skb
, sizeof(struct tcphdr
)))
1385 if (th
->doff
< sizeof(struct tcphdr
)/4)
1387 if (!pskb_may_pull(skb
, th
->doff
*4))
1390 if (skb_checksum_init(skb
, IPPROTO_TCP
, ip6_compute_pseudo
))
1394 hdr
= ipv6_hdr(skb
);
1396 sk
= __inet6_lookup_skb(&tcp_hashinfo
, skb
, th
->source
, th
->dest
,
1402 if (sk
->sk_state
== TCP_TIME_WAIT
)
1405 if (hdr
->hop_limit
< inet6_sk(sk
)->min_hopcount
) {
1406 NET_INC_STATS_BH(net
, LINUX_MIB_TCPMINTTLDROP
);
1407 goto discard_and_relse
;
1410 if (!xfrm6_policy_check(sk
, XFRM_POLICY_IN
, skb
))
1411 goto discard_and_relse
;
1413 tcp_v6_fill_cb(skb
, hdr
, th
);
1415 if (tcp_v6_inbound_md5_hash(sk
, skb
))
1416 goto discard_and_relse
;
1418 if (sk_filter(sk
, skb
))
1419 goto discard_and_relse
;
1421 sk_incoming_cpu_update(sk
);
1424 bh_lock_sock_nested(sk
);
1425 tcp_sk(sk
)->segs_in
+= max_t(u16
, 1, skb_shinfo(skb
)->gso_segs
);
1427 if (!sock_owned_by_user(sk
)) {
1428 if (!tcp_prequeue(sk
, skb
))
1429 ret
= tcp_v6_do_rcv(sk
, skb
);
1430 } else if (unlikely(sk_add_backlog(sk
, skb
,
1431 sk
->sk_rcvbuf
+ sk
->sk_sndbuf
))) {
1433 NET_INC_STATS_BH(net
, LINUX_MIB_TCPBACKLOGDROP
);
1434 goto discard_and_relse
;
1439 return ret
? -1 : 0;
1442 if (!xfrm6_policy_check(NULL
, XFRM_POLICY_IN
, skb
))
1445 tcp_v6_fill_cb(skb
, hdr
, th
);
1447 if (tcp_checksum_complete(skb
)) {
1449 TCP_INC_STATS_BH(net
, TCP_MIB_CSUMERRORS
);
1451 TCP_INC_STATS_BH(net
, TCP_MIB_INERRS
);
1453 tcp_v6_send_reset(NULL
, skb
);
1465 if (!xfrm6_policy_check(NULL
, XFRM_POLICY_IN
, skb
)) {
1466 inet_twsk_put(inet_twsk(sk
));
1470 tcp_v6_fill_cb(skb
, hdr
, th
);
1472 if (tcp_checksum_complete(skb
)) {
1473 inet_twsk_put(inet_twsk(sk
));
1477 switch (tcp_timewait_state_process(inet_twsk(sk
), skb
, th
)) {
1482 sk2
= inet6_lookup_listener(dev_net(skb
->dev
), &tcp_hashinfo
,
1483 &ipv6_hdr(skb
)->saddr
, th
->source
,
1484 &ipv6_hdr(skb
)->daddr
,
1485 ntohs(th
->dest
), tcp_v6_iif(skb
));
1487 struct inet_timewait_sock
*tw
= inet_twsk(sk
);
1488 inet_twsk_deschedule_put(tw
);
1490 tcp_v6_restore_cb(skb
);
1493 /* Fall through to ACK */
1496 tcp_v6_timewait_ack(sk
, skb
);
1499 tcp_v6_restore_cb(skb
);
1501 case TCP_TW_SUCCESS
:
1507 static void tcp_v6_early_demux(struct sk_buff
*skb
)
1509 const struct ipv6hdr
*hdr
;
1510 const struct tcphdr
*th
;
1513 if (skb
->pkt_type
!= PACKET_HOST
)
1516 if (!pskb_may_pull(skb
, skb_transport_offset(skb
) + sizeof(struct tcphdr
)))
1519 hdr
= ipv6_hdr(skb
);
1522 if (th
->doff
< sizeof(struct tcphdr
) / 4)
1525 /* Note : We use inet6_iif() here, not tcp_v6_iif() */
1526 sk
= __inet6_lookup_established(dev_net(skb
->dev
), &tcp_hashinfo
,
1527 &hdr
->saddr
, th
->source
,
1528 &hdr
->daddr
, ntohs(th
->dest
),
1532 skb
->destructor
= sock_edemux
;
1533 if (sk_fullsock(sk
)) {
1534 struct dst_entry
*dst
= READ_ONCE(sk
->sk_rx_dst
);
1537 dst
= dst_check(dst
, inet6_sk(sk
)->rx_dst_cookie
);
1539 inet_sk(sk
)->rx_dst_ifindex
== skb
->skb_iif
)
1540 skb_dst_set_noref(skb
, dst
);
1545 static struct timewait_sock_ops tcp6_timewait_sock_ops
= {
1546 .twsk_obj_size
= sizeof(struct tcp6_timewait_sock
),
1547 .twsk_unique
= tcp_twsk_unique
,
1548 .twsk_destructor
= tcp_twsk_destructor
,
1551 static const struct inet_connection_sock_af_ops ipv6_specific
= {
1552 .queue_xmit
= inet6_csk_xmit
,
1553 .send_check
= tcp_v6_send_check
,
1554 .rebuild_header
= inet6_sk_rebuild_header
,
1555 .sk_rx_dst_set
= inet6_sk_rx_dst_set
,
1556 .conn_request
= tcp_v6_conn_request
,
1557 .syn_recv_sock
= tcp_v6_syn_recv_sock
,
1558 .net_header_len
= sizeof(struct ipv6hdr
),
1559 .net_frag_header_len
= sizeof(struct frag_hdr
),
1560 .setsockopt
= ipv6_setsockopt
,
1561 .getsockopt
= ipv6_getsockopt
,
1562 .addr2sockaddr
= inet6_csk_addr2sockaddr
,
1563 .sockaddr_len
= sizeof(struct sockaddr_in6
),
1564 .bind_conflict
= inet6_csk_bind_conflict
,
1565 #ifdef CONFIG_COMPAT
1566 .compat_setsockopt
= compat_ipv6_setsockopt
,
1567 .compat_getsockopt
= compat_ipv6_getsockopt
,
1569 .mtu_reduced
= tcp_v6_mtu_reduced
,
1572 #ifdef CONFIG_TCP_MD5SIG
1573 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific
= {
1574 .md5_lookup
= tcp_v6_md5_lookup
,
1575 .calc_md5_hash
= tcp_v6_md5_hash_skb
,
1576 .md5_parse
= tcp_v6_parse_md5_keys
,
1581 * TCP over IPv4 via INET6 API
1583 static const struct inet_connection_sock_af_ops ipv6_mapped
= {
1584 .queue_xmit
= ip_queue_xmit
,
1585 .send_check
= tcp_v4_send_check
,
1586 .rebuild_header
= inet_sk_rebuild_header
,
1587 .sk_rx_dst_set
= inet_sk_rx_dst_set
,
1588 .conn_request
= tcp_v6_conn_request
,
1589 .syn_recv_sock
= tcp_v6_syn_recv_sock
,
1590 .net_header_len
= sizeof(struct iphdr
),
1591 .setsockopt
= ipv6_setsockopt
,
1592 .getsockopt
= ipv6_getsockopt
,
1593 .addr2sockaddr
= inet6_csk_addr2sockaddr
,
1594 .sockaddr_len
= sizeof(struct sockaddr_in6
),
1595 .bind_conflict
= inet6_csk_bind_conflict
,
1596 #ifdef CONFIG_COMPAT
1597 .compat_setsockopt
= compat_ipv6_setsockopt
,
1598 .compat_getsockopt
= compat_ipv6_getsockopt
,
1600 .mtu_reduced
= tcp_v4_mtu_reduced
,
1603 #ifdef CONFIG_TCP_MD5SIG
1604 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific
= {
1605 .md5_lookup
= tcp_v4_md5_lookup
,
1606 .calc_md5_hash
= tcp_v4_md5_hash_skb
,
1607 .md5_parse
= tcp_v6_parse_md5_keys
,
1611 /* NOTE: A lot of things set to zero explicitly by call to
1612 * sk_alloc() so need not be done here.
1614 static int tcp_v6_init_sock(struct sock
*sk
)
1616 struct inet_connection_sock
*icsk
= inet_csk(sk
);
1620 icsk
->icsk_af_ops
= &ipv6_specific
;
1622 #ifdef CONFIG_TCP_MD5SIG
1623 tcp_sk(sk
)->af_specific
= &tcp_sock_ipv6_specific
;
1629 static void tcp_v6_destroy_sock(struct sock
*sk
)
1631 tcp_v4_destroy_sock(sk
);
1632 inet6_destroy_sock(sk
);
1635 #ifdef CONFIG_PROC_FS
1636 /* Proc filesystem TCPv6 sock list dumping. */
1637 static void get_openreq6(struct seq_file
*seq
,
1638 const struct request_sock
*req
, int i
)
1640 long ttd
= req
->rsk_timer
.expires
- jiffies
;
1641 const struct in6_addr
*src
= &inet_rsk(req
)->ir_v6_loc_addr
;
1642 const struct in6_addr
*dest
= &inet_rsk(req
)->ir_v6_rmt_addr
;
1648 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1649 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
1651 src
->s6_addr32
[0], src
->s6_addr32
[1],
1652 src
->s6_addr32
[2], src
->s6_addr32
[3],
1653 inet_rsk(req
)->ir_num
,
1654 dest
->s6_addr32
[0], dest
->s6_addr32
[1],
1655 dest
->s6_addr32
[2], dest
->s6_addr32
[3],
1656 ntohs(inet_rsk(req
)->ir_rmt_port
),
1658 0, 0, /* could print option size, but that is af dependent. */
1659 1, /* timers active (only the expire timer) */
1660 jiffies_to_clock_t(ttd
),
1662 from_kuid_munged(seq_user_ns(seq
),
1663 sock_i_uid(req
->rsk_listener
)),
1664 0, /* non standard timer */
1665 0, /* open_requests have no inode */
1669 static void get_tcp6_sock(struct seq_file
*seq
, struct sock
*sp
, int i
)
1671 const struct in6_addr
*dest
, *src
;
1674 unsigned long timer_expires
;
1675 const struct inet_sock
*inet
= inet_sk(sp
);
1676 const struct tcp_sock
*tp
= tcp_sk(sp
);
1677 const struct inet_connection_sock
*icsk
= inet_csk(sp
);
1678 const struct fastopen_queue
*fastopenq
= &icsk
->icsk_accept_queue
.fastopenq
;
1680 dest
= &sp
->sk_v6_daddr
;
1681 src
= &sp
->sk_v6_rcv_saddr
;
1682 destp
= ntohs(inet
->inet_dport
);
1683 srcp
= ntohs(inet
->inet_sport
);
1685 if (icsk
->icsk_pending
== ICSK_TIME_RETRANS
) {
1687 timer_expires
= icsk
->icsk_timeout
;
1688 } else if (icsk
->icsk_pending
== ICSK_TIME_PROBE0
) {
1690 timer_expires
= icsk
->icsk_timeout
;
1691 } else if (timer_pending(&sp
->sk_timer
)) {
1693 timer_expires
= sp
->sk_timer
.expires
;
1696 timer_expires
= jiffies
;
1700 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1701 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
1703 src
->s6_addr32
[0], src
->s6_addr32
[1],
1704 src
->s6_addr32
[2], src
->s6_addr32
[3], srcp
,
1705 dest
->s6_addr32
[0], dest
->s6_addr32
[1],
1706 dest
->s6_addr32
[2], dest
->s6_addr32
[3], destp
,
1708 tp
->write_seq
-tp
->snd_una
,
1709 (sp
->sk_state
== TCP_LISTEN
) ? sp
->sk_ack_backlog
: (tp
->rcv_nxt
- tp
->copied_seq
),
1711 jiffies_delta_to_clock_t(timer_expires
- jiffies
),
1712 icsk
->icsk_retransmits
,
1713 from_kuid_munged(seq_user_ns(seq
), sock_i_uid(sp
)),
1714 icsk
->icsk_probes_out
,
1716 atomic_read(&sp
->sk_refcnt
), sp
,
1717 jiffies_to_clock_t(icsk
->icsk_rto
),
1718 jiffies_to_clock_t(icsk
->icsk_ack
.ato
),
1719 (icsk
->icsk_ack
.quick
<< 1) | icsk
->icsk_ack
.pingpong
,
1721 sp
->sk_state
== TCP_LISTEN
?
1722 fastopenq
->max_qlen
:
1723 (tcp_in_initial_slowstart(tp
) ? -1 : tp
->snd_ssthresh
)
1727 static void get_timewait6_sock(struct seq_file
*seq
,
1728 struct inet_timewait_sock
*tw
, int i
)
1730 long delta
= tw
->tw_timer
.expires
- jiffies
;
1731 const struct in6_addr
*dest
, *src
;
1734 dest
= &tw
->tw_v6_daddr
;
1735 src
= &tw
->tw_v6_rcv_saddr
;
1736 destp
= ntohs(tw
->tw_dport
);
1737 srcp
= ntohs(tw
->tw_sport
);
1740 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1741 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1743 src
->s6_addr32
[0], src
->s6_addr32
[1],
1744 src
->s6_addr32
[2], src
->s6_addr32
[3], srcp
,
1745 dest
->s6_addr32
[0], dest
->s6_addr32
[1],
1746 dest
->s6_addr32
[2], dest
->s6_addr32
[3], destp
,
1747 tw
->tw_substate
, 0, 0,
1748 3, jiffies_delta_to_clock_t(delta
), 0, 0, 0, 0,
1749 atomic_read(&tw
->tw_refcnt
), tw
);
1752 static int tcp6_seq_show(struct seq_file
*seq
, void *v
)
1754 struct tcp_iter_state
*st
;
1755 struct sock
*sk
= v
;
1757 if (v
== SEQ_START_TOKEN
) {
1762 "st tx_queue rx_queue tr tm->when retrnsmt"
1763 " uid timeout inode\n");
1768 switch (st
->state
) {
1769 case TCP_SEQ_STATE_LISTENING
:
1770 case TCP_SEQ_STATE_ESTABLISHED
:
1771 if (sk
->sk_state
== TCP_TIME_WAIT
)
1772 get_timewait6_sock(seq
, v
, st
->num
);
1774 get_tcp6_sock(seq
, v
, st
->num
);
1776 case TCP_SEQ_STATE_OPENREQ
:
1777 get_openreq6(seq
, v
, st
->num
);
1784 static const struct file_operations tcp6_afinfo_seq_fops
= {
1785 .owner
= THIS_MODULE
,
1786 .open
= tcp_seq_open
,
1788 .llseek
= seq_lseek
,
1789 .release
= seq_release_net
1792 static struct tcp_seq_afinfo tcp6_seq_afinfo
= {
1795 .seq_fops
= &tcp6_afinfo_seq_fops
,
1797 .show
= tcp6_seq_show
,
1801 int __net_init
tcp6_proc_init(struct net
*net
)
1803 return tcp_proc_register(net
, &tcp6_seq_afinfo
);
1806 void tcp6_proc_exit(struct net
*net
)
1808 tcp_proc_unregister(net
, &tcp6_seq_afinfo
);
1812 static void tcp_v6_clear_sk(struct sock
*sk
, int size
)
1814 struct inet_sock
*inet
= inet_sk(sk
);
1816 /* we do not want to clear pinet6 field, because of RCU lookups */
1817 sk_prot_clear_nulls(sk
, offsetof(struct inet_sock
, pinet6
));
1819 size
-= offsetof(struct inet_sock
, pinet6
) + sizeof(inet
->pinet6
);
1820 memset(&inet
->pinet6
+ 1, 0, size
);
1823 struct proto tcpv6_prot
= {
1825 .owner
= THIS_MODULE
,
1827 .connect
= tcp_v6_connect
,
1828 .disconnect
= tcp_disconnect
,
1829 .accept
= inet_csk_accept
,
1831 .init
= tcp_v6_init_sock
,
1832 .destroy
= tcp_v6_destroy_sock
,
1833 .shutdown
= tcp_shutdown
,
1834 .setsockopt
= tcp_setsockopt
,
1835 .getsockopt
= tcp_getsockopt
,
1836 .recvmsg
= tcp_recvmsg
,
1837 .sendmsg
= tcp_sendmsg
,
1838 .sendpage
= tcp_sendpage
,
1839 .backlog_rcv
= tcp_v6_do_rcv
,
1840 .release_cb
= tcp_release_cb
,
1842 .unhash
= inet_unhash
,
1843 .get_port
= inet_csk_get_port
,
1844 .enter_memory_pressure
= tcp_enter_memory_pressure
,
1845 .stream_memory_free
= tcp_stream_memory_free
,
1846 .sockets_allocated
= &tcp_sockets_allocated
,
1847 .memory_allocated
= &tcp_memory_allocated
,
1848 .memory_pressure
= &tcp_memory_pressure
,
1849 .orphan_count
= &tcp_orphan_count
,
1850 .sysctl_mem
= sysctl_tcp_mem
,
1851 .sysctl_wmem
= sysctl_tcp_wmem
,
1852 .sysctl_rmem
= sysctl_tcp_rmem
,
1853 .max_header
= MAX_TCP_HEADER
,
1854 .obj_size
= sizeof(struct tcp6_sock
),
1855 .slab_flags
= SLAB_DESTROY_BY_RCU
,
1856 .twsk_prot
= &tcp6_timewait_sock_ops
,
1857 .rsk_prot
= &tcp6_request_sock_ops
,
1858 .h
.hashinfo
= &tcp_hashinfo
,
1859 .no_autobind
= true,
1860 #ifdef CONFIG_COMPAT
1861 .compat_setsockopt
= compat_tcp_setsockopt
,
1862 .compat_getsockopt
= compat_tcp_getsockopt
,
1864 #ifdef CONFIG_MEMCG_KMEM
1865 .proto_cgroup
= tcp_proto_cgroup
,
1867 .clear_sk
= tcp_v6_clear_sk
,
1870 static const struct inet6_protocol tcpv6_protocol
= {
1871 .early_demux
= tcp_v6_early_demux
,
1872 .handler
= tcp_v6_rcv
,
1873 .err_handler
= tcp_v6_err
,
1874 .flags
= INET6_PROTO_NOPOLICY
|INET6_PROTO_FINAL
,
1877 static struct inet_protosw tcpv6_protosw
= {
1878 .type
= SOCK_STREAM
,
1879 .protocol
= IPPROTO_TCP
,
1880 .prot
= &tcpv6_prot
,
1881 .ops
= &inet6_stream_ops
,
1882 .flags
= INET_PROTOSW_PERMANENT
|
1886 static int __net_init
tcpv6_net_init(struct net
*net
)
1888 return inet_ctl_sock_create(&net
->ipv6
.tcp_sk
, PF_INET6
,
1889 SOCK_RAW
, IPPROTO_TCP
, net
);
1892 static void __net_exit
tcpv6_net_exit(struct net
*net
)
1894 inet_ctl_sock_destroy(net
->ipv6
.tcp_sk
);
1897 static void __net_exit
tcpv6_net_exit_batch(struct list_head
*net_exit_list
)
1899 inet_twsk_purge(&tcp_hashinfo
, &tcp_death_row
, AF_INET6
);
1902 static struct pernet_operations tcpv6_net_ops
= {
1903 .init
= tcpv6_net_init
,
1904 .exit
= tcpv6_net_exit
,
1905 .exit_batch
= tcpv6_net_exit_batch
,
1908 int __init
tcpv6_init(void)
1912 ret
= inet6_add_protocol(&tcpv6_protocol
, IPPROTO_TCP
);
1916 /* register inet6 protocol */
1917 ret
= inet6_register_protosw(&tcpv6_protosw
);
1919 goto out_tcpv6_protocol
;
1921 ret
= register_pernet_subsys(&tcpv6_net_ops
);
1923 goto out_tcpv6_protosw
;
1928 inet6_unregister_protosw(&tcpv6_protosw
);
1930 inet6_del_protocol(&tcpv6_protocol
, IPPROTO_TCP
);
1934 void tcpv6_exit(void)
1936 unregister_pernet_subsys(&tcpv6_net_ops
);
1937 inet6_unregister_protosw(&tcpv6_protosw
);
1938 inet6_del_protocol(&tcpv6_protocol
, IPPROTO_TCP
);