3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
10 * linux/net/ipv4/tcp_input.c
11 * linux/net/ipv4/tcp_output.c
14 * Hideaki YOSHIFUJI : sin6_scope_id support
15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
17 * a single port at the same time.
18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
41 #include <linux/slab.h>
42 #include <linux/uaccess.h>
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
60 #include <net/dsfield.h>
61 #include <net/timewait_sock.h>
62 #include <net/inet_common.h>
63 #include <net/secure_seq.h>
64 #include <net/busy_poll.h>
66 #include <linux/proc_fs.h>
67 #include <linux/seq_file.h>
69 #include <crypto/hash.h>
70 #include <linux/scatterlist.h>
72 static void tcp_v6_send_reset(const struct sock
*sk
, struct sk_buff
*skb
);
73 static void tcp_v6_reqsk_send_ack(const struct sock
*sk
, struct sk_buff
*skb
,
74 struct request_sock
*req
);
76 static int tcp_v6_do_rcv(struct sock
*sk
, struct sk_buff
*skb
);
78 static const struct inet_connection_sock_af_ops ipv6_mapped
;
79 static const struct inet_connection_sock_af_ops ipv6_specific
;
80 #ifdef CONFIG_TCP_MD5SIG
81 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific
;
82 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific
;
84 static struct tcp_md5sig_key
*tcp_v6_md5_do_lookup(const struct sock
*sk
,
85 const struct in6_addr
*addr
)
91 static void inet6_sk_rx_dst_set(struct sock
*sk
, const struct sk_buff
*skb
)
93 struct dst_entry
*dst
= skb_dst(skb
);
95 if (dst
&& dst_hold_safe(dst
)) {
96 const struct rt6_info
*rt
= (const struct rt6_info
*)dst
;
99 inet_sk(sk
)->rx_dst_ifindex
= skb
->skb_iif
;
100 inet6_sk(sk
)->rx_dst_cookie
= rt6_get_cookie(rt
);
104 static u32
tcp_v6_init_sequence(const struct sk_buff
*skb
, u32
*tsoff
)
106 return secure_tcpv6_sequence_number(ipv6_hdr(skb
)->daddr
.s6_addr32
,
107 ipv6_hdr(skb
)->saddr
.s6_addr32
,
109 tcp_hdr(skb
)->source
, tsoff
);
112 static int tcp_v6_connect(struct sock
*sk
, struct sockaddr
*uaddr
,
115 struct sockaddr_in6
*usin
= (struct sockaddr_in6
*) uaddr
;
116 struct inet_sock
*inet
= inet_sk(sk
);
117 struct inet_connection_sock
*icsk
= inet_csk(sk
);
118 struct ipv6_pinfo
*np
= inet6_sk(sk
);
119 struct tcp_sock
*tp
= tcp_sk(sk
);
120 struct in6_addr
*saddr
= NULL
, *final_p
, final
;
121 struct ipv6_txoptions
*opt
;
123 struct dst_entry
*dst
;
127 if (addr_len
< SIN6_LEN_RFC2133
)
130 if (usin
->sin6_family
!= AF_INET6
)
131 return -EAFNOSUPPORT
;
133 memset(&fl6
, 0, sizeof(fl6
));
136 fl6
.flowlabel
= usin
->sin6_flowinfo
&IPV6_FLOWINFO_MASK
;
137 IP6_ECN_flow_init(fl6
.flowlabel
);
138 if (fl6
.flowlabel
&IPV6_FLOWLABEL_MASK
) {
139 struct ip6_flowlabel
*flowlabel
;
140 flowlabel
= fl6_sock_lookup(sk
, fl6
.flowlabel
);
143 fl6_sock_release(flowlabel
);
148 * connect() to INADDR_ANY means loopback (BSD'ism).
151 if (ipv6_addr_any(&usin
->sin6_addr
))
152 usin
->sin6_addr
.s6_addr
[15] = 0x1;
154 addr_type
= ipv6_addr_type(&usin
->sin6_addr
);
156 if (addr_type
& IPV6_ADDR_MULTICAST
)
159 if (addr_type
&IPV6_ADDR_LINKLOCAL
) {
160 if (addr_len
>= sizeof(struct sockaddr_in6
) &&
161 usin
->sin6_scope_id
) {
162 /* If interface is set while binding, indices
165 if (sk
->sk_bound_dev_if
&&
166 sk
->sk_bound_dev_if
!= usin
->sin6_scope_id
)
169 sk
->sk_bound_dev_if
= usin
->sin6_scope_id
;
172 /* Connect to link-local address requires an interface */
173 if (!sk
->sk_bound_dev_if
)
177 if (tp
->rx_opt
.ts_recent_stamp
&&
178 !ipv6_addr_equal(&sk
->sk_v6_daddr
, &usin
->sin6_addr
)) {
179 tp
->rx_opt
.ts_recent
= 0;
180 tp
->rx_opt
.ts_recent_stamp
= 0;
184 sk
->sk_v6_daddr
= usin
->sin6_addr
;
185 np
->flow_label
= fl6
.flowlabel
;
191 if (addr_type
== IPV6_ADDR_MAPPED
) {
192 u32 exthdrlen
= icsk
->icsk_ext_hdr_len
;
193 struct sockaddr_in sin
;
195 SOCK_DEBUG(sk
, "connect: ipv4 mapped\n");
197 if (__ipv6_only_sock(sk
))
200 sin
.sin_family
= AF_INET
;
201 sin
.sin_port
= usin
->sin6_port
;
202 sin
.sin_addr
.s_addr
= usin
->sin6_addr
.s6_addr32
[3];
204 icsk
->icsk_af_ops
= &ipv6_mapped
;
205 sk
->sk_backlog_rcv
= tcp_v4_do_rcv
;
206 #ifdef CONFIG_TCP_MD5SIG
207 tp
->af_specific
= &tcp_sock_ipv6_mapped_specific
;
210 err
= tcp_v4_connect(sk
, (struct sockaddr
*)&sin
, sizeof(sin
));
213 icsk
->icsk_ext_hdr_len
= exthdrlen
;
214 icsk
->icsk_af_ops
= &ipv6_specific
;
215 sk
->sk_backlog_rcv
= tcp_v6_do_rcv
;
216 #ifdef CONFIG_TCP_MD5SIG
217 tp
->af_specific
= &tcp_sock_ipv6_specific
;
221 np
->saddr
= sk
->sk_v6_rcv_saddr
;
226 if (!ipv6_addr_any(&sk
->sk_v6_rcv_saddr
))
227 saddr
= &sk
->sk_v6_rcv_saddr
;
229 fl6
.flowi6_proto
= IPPROTO_TCP
;
230 fl6
.daddr
= sk
->sk_v6_daddr
;
231 fl6
.saddr
= saddr
? *saddr
: np
->saddr
;
232 fl6
.flowi6_oif
= sk
->sk_bound_dev_if
;
233 fl6
.flowi6_mark
= sk
->sk_mark
;
234 fl6
.fl6_dport
= usin
->sin6_port
;
235 fl6
.fl6_sport
= inet
->inet_sport
;
236 fl6
.flowi6_uid
= sk
->sk_uid
;
238 opt
= rcu_dereference_protected(np
->opt
, lockdep_sock_is_held(sk
));
239 final_p
= fl6_update_dst(&fl6
, opt
, &final
);
241 security_sk_classify_flow(sk
, flowi6_to_flowi(&fl6
));
243 dst
= ip6_dst_lookup_flow(sk
, &fl6
, final_p
);
251 sk
->sk_v6_rcv_saddr
= *saddr
;
254 /* set the source address */
256 inet
->inet_rcv_saddr
= LOOPBACK4_IPV6
;
258 sk
->sk_gso_type
= SKB_GSO_TCPV6
;
259 ip6_dst_store(sk
, dst
, NULL
, NULL
);
261 if (tcp_death_row
.sysctl_tw_recycle
&&
262 !tp
->rx_opt
.ts_recent_stamp
&&
263 ipv6_addr_equal(&fl6
.daddr
, &sk
->sk_v6_daddr
))
264 tcp_fetch_timewait_stamp(sk
, dst
);
266 icsk
->icsk_ext_hdr_len
= 0;
268 icsk
->icsk_ext_hdr_len
= opt
->opt_flen
+
271 tp
->rx_opt
.mss_clamp
= IPV6_MIN_MTU
- sizeof(struct tcphdr
) - sizeof(struct ipv6hdr
);
273 inet
->inet_dport
= usin
->sin6_port
;
275 tcp_set_state(sk
, TCP_SYN_SENT
);
276 err
= inet6_hash_connect(&tcp_death_row
, sk
);
282 if (!tp
->write_seq
&& likely(!tp
->repair
))
283 tp
->write_seq
= secure_tcpv6_sequence_number(np
->saddr
.s6_addr32
,
284 sk
->sk_v6_daddr
.s6_addr32
,
289 err
= tcp_connect(sk
);
296 tcp_set_state(sk
, TCP_CLOSE
);
299 inet
->inet_dport
= 0;
300 sk
->sk_route_caps
= 0;
304 static void tcp_v6_mtu_reduced(struct sock
*sk
)
306 struct dst_entry
*dst
;
308 if ((1 << sk
->sk_state
) & (TCPF_LISTEN
| TCPF_CLOSE
))
311 dst
= inet6_csk_update_pmtu(sk
, tcp_sk(sk
)->mtu_info
);
315 if (inet_csk(sk
)->icsk_pmtu_cookie
> dst_mtu(dst
)) {
316 tcp_sync_mss(sk
, dst_mtu(dst
));
317 tcp_simple_retransmit(sk
);
321 static void tcp_v6_err(struct sk_buff
*skb
, struct inet6_skb_parm
*opt
,
322 u8 type
, u8 code
, int offset
, __be32 info
)
324 const struct ipv6hdr
*hdr
= (const struct ipv6hdr
*)skb
->data
;
325 const struct tcphdr
*th
= (struct tcphdr
*)(skb
->data
+offset
);
326 struct net
*net
= dev_net(skb
->dev
);
327 struct request_sock
*fastopen
;
328 struct ipv6_pinfo
*np
;
335 sk
= __inet6_lookup_established(net
, &tcp_hashinfo
,
336 &hdr
->daddr
, th
->dest
,
337 &hdr
->saddr
, ntohs(th
->source
),
341 __ICMP6_INC_STATS(net
, __in6_dev_get(skb
->dev
),
346 if (sk
->sk_state
== TCP_TIME_WAIT
) {
347 inet_twsk_put(inet_twsk(sk
));
350 seq
= ntohl(th
->seq
);
351 fatal
= icmpv6_err_convert(type
, code
, &err
);
352 if (sk
->sk_state
== TCP_NEW_SYN_RECV
)
353 return tcp_req_err(sk
, seq
, fatal
);
356 if (sock_owned_by_user(sk
) && type
!= ICMPV6_PKT_TOOBIG
)
357 __NET_INC_STATS(net
, LINUX_MIB_LOCKDROPPEDICMPS
);
359 if (sk
->sk_state
== TCP_CLOSE
)
362 if (ipv6_hdr(skb
)->hop_limit
< inet6_sk(sk
)->min_hopcount
) {
363 __NET_INC_STATS(net
, LINUX_MIB_TCPMINTTLDROP
);
368 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
369 fastopen
= tp
->fastopen_rsk
;
370 snd_una
= fastopen
? tcp_rsk(fastopen
)->snt_isn
: tp
->snd_una
;
371 if (sk
->sk_state
!= TCP_LISTEN
&&
372 !between(seq
, snd_una
, tp
->snd_nxt
)) {
373 __NET_INC_STATS(net
, LINUX_MIB_OUTOFWINDOWICMPS
);
379 if (type
== NDISC_REDIRECT
) {
380 struct dst_entry
*dst
= __sk_dst_check(sk
, np
->dst_cookie
);
383 dst
->ops
->redirect(dst
, sk
, skb
);
387 if (type
== ICMPV6_PKT_TOOBIG
) {
388 /* We are not interested in TCP_LISTEN and open_requests
389 * (SYN-ACKs send out by Linux are always <576bytes so
390 * they should go through unfragmented).
392 if (sk
->sk_state
== TCP_LISTEN
)
395 if (!ip6_sk_accept_pmtu(sk
))
398 tp
->mtu_info
= ntohl(info
);
399 if (!sock_owned_by_user(sk
))
400 tcp_v6_mtu_reduced(sk
);
401 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED
,
408 /* Might be for an request_sock */
409 switch (sk
->sk_state
) {
412 /* Only in fast or simultaneous open. If a fast open socket is
413 * is already accepted it is treated as a connected one below.
415 if (fastopen
&& !fastopen
->sk
)
418 if (!sock_owned_by_user(sk
)) {
420 sk
->sk_error_report(sk
); /* Wake people up to see the error (see connect in sock.c) */
424 sk
->sk_err_soft
= err
;
428 if (!sock_owned_by_user(sk
) && np
->recverr
) {
430 sk
->sk_error_report(sk
);
432 sk
->sk_err_soft
= err
;
440 static int tcp_v6_send_synack(const struct sock
*sk
, struct dst_entry
*dst
,
442 struct request_sock
*req
,
443 struct tcp_fastopen_cookie
*foc
,
444 enum tcp_synack_type synack_type
)
446 struct inet_request_sock
*ireq
= inet_rsk(req
);
447 struct ipv6_pinfo
*np
= inet6_sk(sk
);
448 struct ipv6_txoptions
*opt
;
449 struct flowi6
*fl6
= &fl
->u
.ip6
;
453 /* First, grab a route. */
454 if (!dst
&& (dst
= inet6_csk_route_req(sk
, fl6
, req
,
455 IPPROTO_TCP
)) == NULL
)
458 skb
= tcp_make_synack(sk
, dst
, req
, foc
, synack_type
);
461 __tcp_v6_send_check(skb
, &ireq
->ir_v6_loc_addr
,
462 &ireq
->ir_v6_rmt_addr
);
464 fl6
->daddr
= ireq
->ir_v6_rmt_addr
;
465 if (np
->repflow
&& ireq
->pktopts
)
466 fl6
->flowlabel
= ip6_flowlabel(ipv6_hdr(ireq
->pktopts
));
469 opt
= ireq
->ipv6_opt
;
471 opt
= rcu_dereference(np
->opt
);
472 err
= ip6_xmit(sk
, skb
, fl6
, sk
->sk_mark
, opt
, np
->tclass
);
474 err
= net_xmit_eval(err
);
482 static void tcp_v6_reqsk_destructor(struct request_sock
*req
)
484 kfree(inet_rsk(req
)->ipv6_opt
);
485 kfree_skb(inet_rsk(req
)->pktopts
);
488 #ifdef CONFIG_TCP_MD5SIG
489 static struct tcp_md5sig_key
*tcp_v6_md5_do_lookup(const struct sock
*sk
,
490 const struct in6_addr
*addr
)
492 return tcp_md5_do_lookup(sk
, (union tcp_md5_addr
*)addr
, AF_INET6
);
495 static struct tcp_md5sig_key
*tcp_v6_md5_lookup(const struct sock
*sk
,
496 const struct sock
*addr_sk
)
498 return tcp_v6_md5_do_lookup(sk
, &addr_sk
->sk_v6_daddr
);
501 static int tcp_v6_parse_md5_keys(struct sock
*sk
, char __user
*optval
,
504 struct tcp_md5sig cmd
;
505 struct sockaddr_in6
*sin6
= (struct sockaddr_in6
*)&cmd
.tcpm_addr
;
507 if (optlen
< sizeof(cmd
))
510 if (copy_from_user(&cmd
, optval
, sizeof(cmd
)))
513 if (sin6
->sin6_family
!= AF_INET6
)
516 if (!cmd
.tcpm_keylen
) {
517 if (ipv6_addr_v4mapped(&sin6
->sin6_addr
))
518 return tcp_md5_do_del(sk
, (union tcp_md5_addr
*)&sin6
->sin6_addr
.s6_addr32
[3],
520 return tcp_md5_do_del(sk
, (union tcp_md5_addr
*)&sin6
->sin6_addr
,
524 if (cmd
.tcpm_keylen
> TCP_MD5SIG_MAXKEYLEN
)
527 if (ipv6_addr_v4mapped(&sin6
->sin6_addr
))
528 return tcp_md5_do_add(sk
, (union tcp_md5_addr
*)&sin6
->sin6_addr
.s6_addr32
[3],
529 AF_INET
, cmd
.tcpm_key
, cmd
.tcpm_keylen
, GFP_KERNEL
);
531 return tcp_md5_do_add(sk
, (union tcp_md5_addr
*)&sin6
->sin6_addr
,
532 AF_INET6
, cmd
.tcpm_key
, cmd
.tcpm_keylen
, GFP_KERNEL
);
535 static int tcp_v6_md5_hash_headers(struct tcp_md5sig_pool
*hp
,
536 const struct in6_addr
*daddr
,
537 const struct in6_addr
*saddr
,
538 const struct tcphdr
*th
, int nbytes
)
540 struct tcp6_pseudohdr
*bp
;
541 struct scatterlist sg
;
545 /* 1. TCP pseudo-header (RFC2460) */
548 bp
->protocol
= cpu_to_be32(IPPROTO_TCP
);
549 bp
->len
= cpu_to_be32(nbytes
);
551 _th
= (struct tcphdr
*)(bp
+ 1);
552 memcpy(_th
, th
, sizeof(*th
));
555 sg_init_one(&sg
, bp
, sizeof(*bp
) + sizeof(*th
));
556 ahash_request_set_crypt(hp
->md5_req
, &sg
, NULL
,
557 sizeof(*bp
) + sizeof(*th
));
558 return crypto_ahash_update(hp
->md5_req
);
561 static int tcp_v6_md5_hash_hdr(char *md5_hash
, const struct tcp_md5sig_key
*key
,
562 const struct in6_addr
*daddr
, struct in6_addr
*saddr
,
563 const struct tcphdr
*th
)
565 struct tcp_md5sig_pool
*hp
;
566 struct ahash_request
*req
;
568 hp
= tcp_get_md5sig_pool();
570 goto clear_hash_noput
;
573 if (crypto_ahash_init(req
))
575 if (tcp_v6_md5_hash_headers(hp
, daddr
, saddr
, th
, th
->doff
<< 2))
577 if (tcp_md5_hash_key(hp
, key
))
579 ahash_request_set_crypt(req
, NULL
, md5_hash
, 0);
580 if (crypto_ahash_final(req
))
583 tcp_put_md5sig_pool();
587 tcp_put_md5sig_pool();
589 memset(md5_hash
, 0, 16);
593 static int tcp_v6_md5_hash_skb(char *md5_hash
,
594 const struct tcp_md5sig_key
*key
,
595 const struct sock
*sk
,
596 const struct sk_buff
*skb
)
598 const struct in6_addr
*saddr
, *daddr
;
599 struct tcp_md5sig_pool
*hp
;
600 struct ahash_request
*req
;
601 const struct tcphdr
*th
= tcp_hdr(skb
);
603 if (sk
) { /* valid for establish/request sockets */
604 saddr
= &sk
->sk_v6_rcv_saddr
;
605 daddr
= &sk
->sk_v6_daddr
;
607 const struct ipv6hdr
*ip6h
= ipv6_hdr(skb
);
608 saddr
= &ip6h
->saddr
;
609 daddr
= &ip6h
->daddr
;
612 hp
= tcp_get_md5sig_pool();
614 goto clear_hash_noput
;
617 if (crypto_ahash_init(req
))
620 if (tcp_v6_md5_hash_headers(hp
, daddr
, saddr
, th
, skb
->len
))
622 if (tcp_md5_hash_skb_data(hp
, skb
, th
->doff
<< 2))
624 if (tcp_md5_hash_key(hp
, key
))
626 ahash_request_set_crypt(req
, NULL
, md5_hash
, 0);
627 if (crypto_ahash_final(req
))
630 tcp_put_md5sig_pool();
634 tcp_put_md5sig_pool();
636 memset(md5_hash
, 0, 16);
642 static bool tcp_v6_inbound_md5_hash(const struct sock
*sk
,
643 const struct sk_buff
*skb
)
645 #ifdef CONFIG_TCP_MD5SIG
646 const __u8
*hash_location
= NULL
;
647 struct tcp_md5sig_key
*hash_expected
;
648 const struct ipv6hdr
*ip6h
= ipv6_hdr(skb
);
649 const struct tcphdr
*th
= tcp_hdr(skb
);
653 hash_expected
= tcp_v6_md5_do_lookup(sk
, &ip6h
->saddr
);
654 hash_location
= tcp_parse_md5sig_option(th
);
656 /* We've parsed the options - do we have a hash? */
657 if (!hash_expected
&& !hash_location
)
660 if (hash_expected
&& !hash_location
) {
661 NET_INC_STATS(sock_net(sk
), LINUX_MIB_TCPMD5NOTFOUND
);
665 if (!hash_expected
&& hash_location
) {
666 NET_INC_STATS(sock_net(sk
), LINUX_MIB_TCPMD5UNEXPECTED
);
670 /* check the signature */
671 genhash
= tcp_v6_md5_hash_skb(newhash
,
675 if (genhash
|| memcmp(hash_location
, newhash
, 16) != 0) {
676 NET_INC_STATS(sock_net(sk
), LINUX_MIB_TCPMD5FAILURE
);
677 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
678 genhash
? "failed" : "mismatch",
679 &ip6h
->saddr
, ntohs(th
->source
),
680 &ip6h
->daddr
, ntohs(th
->dest
));
687 static void tcp_v6_init_req(struct request_sock
*req
,
688 const struct sock
*sk_listener
,
691 struct inet_request_sock
*ireq
= inet_rsk(req
);
692 const struct ipv6_pinfo
*np
= inet6_sk(sk_listener
);
694 ireq
->ir_v6_rmt_addr
= ipv6_hdr(skb
)->saddr
;
695 ireq
->ir_v6_loc_addr
= ipv6_hdr(skb
)->daddr
;
697 /* So that link locals have meaning */
698 if (!sk_listener
->sk_bound_dev_if
&&
699 ipv6_addr_type(&ireq
->ir_v6_rmt_addr
) & IPV6_ADDR_LINKLOCAL
)
700 ireq
->ir_iif
= tcp_v6_iif(skb
);
702 if (!TCP_SKB_CB(skb
)->tcp_tw_isn
&&
703 (ipv6_opt_accepted(sk_listener
, skb
, &TCP_SKB_CB(skb
)->header
.h6
) ||
704 np
->rxopt
.bits
.rxinfo
||
705 np
->rxopt
.bits
.rxoinfo
|| np
->rxopt
.bits
.rxhlim
||
706 np
->rxopt
.bits
.rxohlim
|| np
->repflow
)) {
707 atomic_inc(&skb
->users
);
712 static struct dst_entry
*tcp_v6_route_req(const struct sock
*sk
,
714 const struct request_sock
*req
,
719 return inet6_csk_route_req(sk
, &fl
->u
.ip6
, req
, IPPROTO_TCP
);
722 struct request_sock_ops tcp6_request_sock_ops __read_mostly
= {
724 .obj_size
= sizeof(struct tcp6_request_sock
),
725 .rtx_syn_ack
= tcp_rtx_synack
,
726 .send_ack
= tcp_v6_reqsk_send_ack
,
727 .destructor
= tcp_v6_reqsk_destructor
,
728 .send_reset
= tcp_v6_send_reset
,
729 .syn_ack_timeout
= tcp_syn_ack_timeout
,
732 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops
= {
733 .mss_clamp
= IPV6_MIN_MTU
- sizeof(struct tcphdr
) -
734 sizeof(struct ipv6hdr
),
735 #ifdef CONFIG_TCP_MD5SIG
736 .req_md5_lookup
= tcp_v6_md5_lookup
,
737 .calc_md5_hash
= tcp_v6_md5_hash_skb
,
739 .init_req
= tcp_v6_init_req
,
740 #ifdef CONFIG_SYN_COOKIES
741 .cookie_init_seq
= cookie_v6_init_sequence
,
743 .route_req
= tcp_v6_route_req
,
744 .init_seq
= tcp_v6_init_sequence
,
745 .send_synack
= tcp_v6_send_synack
,
748 static void tcp_v6_send_response(const struct sock
*sk
, struct sk_buff
*skb
, u32 seq
,
749 u32 ack
, u32 win
, u32 tsval
, u32 tsecr
,
750 int oif
, struct tcp_md5sig_key
*key
, int rst
,
751 u8 tclass
, __be32 label
)
753 const struct tcphdr
*th
= tcp_hdr(skb
);
755 struct sk_buff
*buff
;
757 struct net
*net
= sk
? sock_net(sk
) : dev_net(skb_dst(skb
)->dev
);
758 struct sock
*ctl_sk
= net
->ipv6
.tcp_sk
;
759 unsigned int tot_len
= sizeof(struct tcphdr
);
760 struct dst_entry
*dst
;
764 tot_len
+= TCPOLEN_TSTAMP_ALIGNED
;
765 #ifdef CONFIG_TCP_MD5SIG
767 tot_len
+= TCPOLEN_MD5SIG_ALIGNED
;
770 buff
= alloc_skb(MAX_HEADER
+ sizeof(struct ipv6hdr
) + tot_len
,
775 skb_reserve(buff
, MAX_HEADER
+ sizeof(struct ipv6hdr
) + tot_len
);
777 t1
= (struct tcphdr
*) skb_push(buff
, tot_len
);
778 skb_reset_transport_header(buff
);
780 /* Swap the send and the receive. */
781 memset(t1
, 0, sizeof(*t1
));
782 t1
->dest
= th
->source
;
783 t1
->source
= th
->dest
;
784 t1
->doff
= tot_len
/ 4;
785 t1
->seq
= htonl(seq
);
786 t1
->ack_seq
= htonl(ack
);
787 t1
->ack
= !rst
|| !th
->ack
;
789 t1
->window
= htons(win
);
791 topt
= (__be32
*)(t1
+ 1);
794 *topt
++ = htonl((TCPOPT_NOP
<< 24) | (TCPOPT_NOP
<< 16) |
795 (TCPOPT_TIMESTAMP
<< 8) | TCPOLEN_TIMESTAMP
);
796 *topt
++ = htonl(tsval
);
797 *topt
++ = htonl(tsecr
);
800 #ifdef CONFIG_TCP_MD5SIG
802 *topt
++ = htonl((TCPOPT_NOP
<< 24) | (TCPOPT_NOP
<< 16) |
803 (TCPOPT_MD5SIG
<< 8) | TCPOLEN_MD5SIG
);
804 tcp_v6_md5_hash_hdr((__u8
*)topt
, key
,
805 &ipv6_hdr(skb
)->saddr
,
806 &ipv6_hdr(skb
)->daddr
, t1
);
810 memset(&fl6
, 0, sizeof(fl6
));
811 fl6
.daddr
= ipv6_hdr(skb
)->saddr
;
812 fl6
.saddr
= ipv6_hdr(skb
)->daddr
;
813 fl6
.flowlabel
= label
;
815 buff
->ip_summed
= CHECKSUM_PARTIAL
;
818 __tcp_v6_send_check(buff
, &fl6
.saddr
, &fl6
.daddr
);
820 fl6
.flowi6_proto
= IPPROTO_TCP
;
821 if (rt6_need_strict(&fl6
.daddr
) && !oif
)
822 fl6
.flowi6_oif
= tcp_v6_iif(skb
);
824 if (!oif
&& netif_index_is_l3_master(net
, skb
->skb_iif
))
827 fl6
.flowi6_oif
= oif
;
830 fl6
.flowi6_mark
= IP6_REPLY_MARK(net
, skb
->mark
);
831 fl6
.fl6_dport
= t1
->dest
;
832 fl6
.fl6_sport
= t1
->source
;
833 fl6
.flowi6_uid
= sock_net_uid(net
, sk
&& sk_fullsock(sk
) ? sk
: NULL
);
834 security_skb_classify_flow(skb
, flowi6_to_flowi(&fl6
));
836 /* Pass a socket to ip6_dst_lookup either it is for RST
837 * Underlying function will use this to retrieve the network
840 dst
= ip6_dst_lookup_flow(ctl_sk
, &fl6
, NULL
);
842 skb_dst_set(buff
, dst
);
843 ip6_xmit(ctl_sk
, buff
, &fl6
, fl6
.flowi6_mark
, NULL
, tclass
);
844 TCP_INC_STATS(net
, TCP_MIB_OUTSEGS
);
846 TCP_INC_STATS(net
, TCP_MIB_OUTRSTS
);
853 static void tcp_v6_send_reset(const struct sock
*sk
, struct sk_buff
*skb
)
855 const struct tcphdr
*th
= tcp_hdr(skb
);
856 u32 seq
= 0, ack_seq
= 0;
857 struct tcp_md5sig_key
*key
= NULL
;
858 #ifdef CONFIG_TCP_MD5SIG
859 const __u8
*hash_location
= NULL
;
860 struct ipv6hdr
*ipv6h
= ipv6_hdr(skb
);
861 unsigned char newhash
[16];
863 struct sock
*sk1
= NULL
;
870 /* If sk not NULL, it means we did a successful lookup and incoming
871 * route had to be correct. prequeue might have dropped our dst.
873 if (!sk
&& !ipv6_unicast_destination(skb
))
876 #ifdef CONFIG_TCP_MD5SIG
878 hash_location
= tcp_parse_md5sig_option(th
);
879 if (sk
&& sk_fullsock(sk
)) {
880 key
= tcp_v6_md5_do_lookup(sk
, &ipv6h
->saddr
);
881 } else if (hash_location
) {
883 * active side is lost. Try to find listening socket through
884 * source port, and then find md5 key through listening socket.
885 * we are not loose security here:
886 * Incoming packet is checked with md5 hash with finding key,
887 * no RST generated if md5 hash doesn't match.
889 sk1
= inet6_lookup_listener(dev_net(skb_dst(skb
)->dev
),
890 &tcp_hashinfo
, NULL
, 0,
892 th
->source
, &ipv6h
->daddr
,
893 ntohs(th
->source
), tcp_v6_iif(skb
));
897 key
= tcp_v6_md5_do_lookup(sk1
, &ipv6h
->saddr
);
901 genhash
= tcp_v6_md5_hash_skb(newhash
, key
, NULL
, skb
);
902 if (genhash
|| memcmp(hash_location
, newhash
, 16) != 0)
908 seq
= ntohl(th
->ack_seq
);
910 ack_seq
= ntohl(th
->seq
) + th
->syn
+ th
->fin
+ skb
->len
-
913 oif
= sk
? sk
->sk_bound_dev_if
: 0;
914 tcp_v6_send_response(sk
, skb
, seq
, ack_seq
, 0, 0, 0, oif
, key
, 1, 0, 0);
916 #ifdef CONFIG_TCP_MD5SIG
922 static void tcp_v6_send_ack(const struct sock
*sk
, struct sk_buff
*skb
, u32 seq
,
923 u32 ack
, u32 win
, u32 tsval
, u32 tsecr
, int oif
,
924 struct tcp_md5sig_key
*key
, u8 tclass
,
927 tcp_v6_send_response(sk
, skb
, seq
, ack
, win
, tsval
, tsecr
, oif
, key
, 0,
931 static void tcp_v6_timewait_ack(struct sock
*sk
, struct sk_buff
*skb
)
933 struct inet_timewait_sock
*tw
= inet_twsk(sk
);
934 struct tcp_timewait_sock
*tcptw
= tcp_twsk(sk
);
936 tcp_v6_send_ack(sk
, skb
, tcptw
->tw_snd_nxt
, tcptw
->tw_rcv_nxt
,
937 tcptw
->tw_rcv_wnd
>> tw
->tw_rcv_wscale
,
938 tcp_time_stamp
+ tcptw
->tw_ts_offset
,
939 tcptw
->tw_ts_recent
, tw
->tw_bound_dev_if
, tcp_twsk_md5_key(tcptw
),
940 tw
->tw_tclass
, cpu_to_be32(tw
->tw_flowlabel
));
945 static void tcp_v6_reqsk_send_ack(const struct sock
*sk
, struct sk_buff
*skb
,
946 struct request_sock
*req
)
948 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
949 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
952 * The window field (SEG.WND) of every outgoing segment, with the
953 * exception of <SYN> segments, MUST be right-shifted by
954 * Rcv.Wind.Shift bits:
956 tcp_v6_send_ack(sk
, skb
, (sk
->sk_state
== TCP_LISTEN
) ?
957 tcp_rsk(req
)->snt_isn
+ 1 : tcp_sk(sk
)->snd_nxt
,
958 tcp_rsk(req
)->rcv_nxt
,
959 req
->rsk_rcv_wnd
>> inet_rsk(req
)->rcv_wscale
,
960 tcp_time_stamp
+ tcp_rsk(req
)->ts_off
,
961 req
->ts_recent
, sk
->sk_bound_dev_if
,
962 tcp_v6_md5_do_lookup(sk
, &ipv6_hdr(skb
)->daddr
),
967 static struct sock
*tcp_v6_cookie_check(struct sock
*sk
, struct sk_buff
*skb
)
969 #ifdef CONFIG_SYN_COOKIES
970 const struct tcphdr
*th
= tcp_hdr(skb
);
973 sk
= cookie_v6_check(sk
, skb
);
978 static int tcp_v6_conn_request(struct sock
*sk
, struct sk_buff
*skb
)
980 if (skb
->protocol
== htons(ETH_P_IP
))
981 return tcp_v4_conn_request(sk
, skb
);
983 if (!ipv6_unicast_destination(skb
))
986 return tcp_conn_request(&tcp6_request_sock_ops
,
987 &tcp_request_sock_ipv6_ops
, sk
, skb
);
991 return 0; /* don't send reset */
994 static void tcp_v6_restore_cb(struct sk_buff
*skb
)
996 /* We need to move header back to the beginning if xfrm6_policy_check()
997 * and tcp_v6_fill_cb() are going to be called again.
998 * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there.
1000 memmove(IP6CB(skb
), &TCP_SKB_CB(skb
)->header
.h6
,
1001 sizeof(struct inet6_skb_parm
));
1004 static struct sock
*tcp_v6_syn_recv_sock(const struct sock
*sk
, struct sk_buff
*skb
,
1005 struct request_sock
*req
,
1006 struct dst_entry
*dst
,
1007 struct request_sock
*req_unhash
,
1010 struct inet_request_sock
*ireq
;
1011 struct ipv6_pinfo
*newnp
;
1012 const struct ipv6_pinfo
*np
= inet6_sk(sk
);
1013 struct ipv6_txoptions
*opt
;
1014 struct tcp6_sock
*newtcp6sk
;
1015 struct inet_sock
*newinet
;
1016 struct tcp_sock
*newtp
;
1018 #ifdef CONFIG_TCP_MD5SIG
1019 struct tcp_md5sig_key
*key
;
1023 if (skb
->protocol
== htons(ETH_P_IP
)) {
1028 newsk
= tcp_v4_syn_recv_sock(sk
, skb
, req
, dst
,
1029 req_unhash
, own_req
);
1034 newtcp6sk
= (struct tcp6_sock
*)newsk
;
1035 inet_sk(newsk
)->pinet6
= &newtcp6sk
->inet6
;
1037 newinet
= inet_sk(newsk
);
1038 newnp
= inet6_sk(newsk
);
1039 newtp
= tcp_sk(newsk
);
1041 memcpy(newnp
, np
, sizeof(struct ipv6_pinfo
));
1043 newnp
->saddr
= newsk
->sk_v6_rcv_saddr
;
1045 inet_csk(newsk
)->icsk_af_ops
= &ipv6_mapped
;
1046 newsk
->sk_backlog_rcv
= tcp_v4_do_rcv
;
1047 #ifdef CONFIG_TCP_MD5SIG
1048 newtp
->af_specific
= &tcp_sock_ipv6_mapped_specific
;
1051 newnp
->ipv6_ac_list
= NULL
;
1052 newnp
->ipv6_fl_list
= NULL
;
1053 newnp
->pktoptions
= NULL
;
1055 newnp
->mcast_oif
= tcp_v6_iif(skb
);
1056 newnp
->mcast_hops
= ipv6_hdr(skb
)->hop_limit
;
1057 newnp
->rcv_flowinfo
= ip6_flowinfo(ipv6_hdr(skb
));
1059 newnp
->flow_label
= ip6_flowlabel(ipv6_hdr(skb
));
1062 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1063 * here, tcp_create_openreq_child now does this for us, see the comment in
1064 * that function for the gory details. -acme
1067 /* It is tricky place. Until this moment IPv4 tcp
1068 worked with IPv6 icsk.icsk_af_ops.
1071 tcp_sync_mss(newsk
, inet_csk(newsk
)->icsk_pmtu_cookie
);
1076 ireq
= inet_rsk(req
);
1078 if (sk_acceptq_is_full(sk
))
1082 dst
= inet6_csk_route_req(sk
, &fl6
, req
, IPPROTO_TCP
);
1087 newsk
= tcp_create_openreq_child(sk
, req
, skb
);
1092 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1093 * count here, tcp_create_openreq_child now does this for us, see the
1094 * comment in that function for the gory details. -acme
1097 newsk
->sk_gso_type
= SKB_GSO_TCPV6
;
1098 ip6_dst_store(newsk
, dst
, NULL
, NULL
);
1099 inet6_sk_rx_dst_set(newsk
, skb
);
1101 newtcp6sk
= (struct tcp6_sock
*)newsk
;
1102 inet_sk(newsk
)->pinet6
= &newtcp6sk
->inet6
;
1104 newtp
= tcp_sk(newsk
);
1105 newinet
= inet_sk(newsk
);
1106 newnp
= inet6_sk(newsk
);
1108 memcpy(newnp
, np
, sizeof(struct ipv6_pinfo
));
1110 newsk
->sk_v6_daddr
= ireq
->ir_v6_rmt_addr
;
1111 newnp
->saddr
= ireq
->ir_v6_loc_addr
;
1112 newsk
->sk_v6_rcv_saddr
= ireq
->ir_v6_loc_addr
;
1113 newsk
->sk_bound_dev_if
= ireq
->ir_iif
;
1115 /* Now IPv6 options...
1117 First: no IPv4 options.
1119 newinet
->inet_opt
= NULL
;
1120 newnp
->ipv6_ac_list
= NULL
;
1121 newnp
->ipv6_fl_list
= NULL
;
1124 newnp
->rxopt
.all
= np
->rxopt
.all
;
1126 newnp
->pktoptions
= NULL
;
1128 newnp
->mcast_oif
= tcp_v6_iif(skb
);
1129 newnp
->mcast_hops
= ipv6_hdr(skb
)->hop_limit
;
1130 newnp
->rcv_flowinfo
= ip6_flowinfo(ipv6_hdr(skb
));
1132 newnp
->flow_label
= ip6_flowlabel(ipv6_hdr(skb
));
1134 /* Clone native IPv6 options from listening socket (if any)
1136 Yes, keeping reference count would be much more clever,
1137 but we make one more one thing there: reattach optmem
1140 opt
= ireq
->ipv6_opt
;
1142 opt
= rcu_dereference(np
->opt
);
1144 opt
= ipv6_dup_options(newsk
, opt
);
1145 RCU_INIT_POINTER(newnp
->opt
, opt
);
1147 inet_csk(newsk
)->icsk_ext_hdr_len
= 0;
1149 inet_csk(newsk
)->icsk_ext_hdr_len
= opt
->opt_nflen
+
1152 tcp_ca_openreq_child(newsk
, dst
);
1154 tcp_sync_mss(newsk
, dst_mtu(dst
));
1155 newtp
->advmss
= dst_metric_advmss(dst
);
1156 if (tcp_sk(sk
)->rx_opt
.user_mss
&&
1157 tcp_sk(sk
)->rx_opt
.user_mss
< newtp
->advmss
)
1158 newtp
->advmss
= tcp_sk(sk
)->rx_opt
.user_mss
;
1160 tcp_initialize_rcv_mss(newsk
);
1162 newinet
->inet_daddr
= newinet
->inet_saddr
= LOOPBACK4_IPV6
;
1163 newinet
->inet_rcv_saddr
= LOOPBACK4_IPV6
;
1165 #ifdef CONFIG_TCP_MD5SIG
1166 /* Copy over the MD5 key from the original socket */
1167 key
= tcp_v6_md5_do_lookup(sk
, &newsk
->sk_v6_daddr
);
1169 /* We're using one, so create a matching key
1170 * on the newsk structure. If we fail to get
1171 * memory, then we end up not copying the key
1174 tcp_md5_do_add(newsk
, (union tcp_md5_addr
*)&newsk
->sk_v6_daddr
,
1175 AF_INET6
, key
->key
, key
->keylen
,
1176 sk_gfp_mask(sk
, GFP_ATOMIC
));
1180 if (__inet_inherit_port(sk
, newsk
) < 0) {
1181 inet_csk_prepare_forced_close(newsk
);
1185 *own_req
= inet_ehash_nolisten(newsk
, req_to_sk(req_unhash
));
1187 tcp_move_syn(newtp
, req
);
1189 /* Clone pktoptions received with SYN, if we own the req */
1190 if (ireq
->pktopts
) {
1191 newnp
->pktoptions
= skb_clone(ireq
->pktopts
,
1192 sk_gfp_mask(sk
, GFP_ATOMIC
));
1193 consume_skb(ireq
->pktopts
);
1194 ireq
->pktopts
= NULL
;
1195 if (newnp
->pktoptions
) {
1196 tcp_v6_restore_cb(newnp
->pktoptions
);
1197 skb_set_owner_r(newnp
->pktoptions
, newsk
);
1205 __NET_INC_STATS(sock_net(sk
), LINUX_MIB_LISTENOVERFLOWS
);
1213 /* The socket must have it's spinlock held when we get
1214 * here, unless it is a TCP_LISTEN socket.
1216 * We have a potential double-lock case here, so even when
1217 * doing backlog processing we use the BH locking scheme.
1218 * This is because we cannot sleep with the original spinlock
1221 static int tcp_v6_do_rcv(struct sock
*sk
, struct sk_buff
*skb
)
1223 struct ipv6_pinfo
*np
= inet6_sk(sk
);
1224 struct tcp_sock
*tp
;
1225 struct sk_buff
*opt_skb
= NULL
;
1227 /* Imagine: socket is IPv6. IPv4 packet arrives,
1228 goes to IPv4 receive handler and backlogged.
1229 From backlog it always goes here. Kerboom...
1230 Fortunately, tcp_rcv_established and rcv_established
1231 handle them correctly, but it is not case with
1232 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1235 if (skb
->protocol
== htons(ETH_P_IP
))
1236 return tcp_v4_do_rcv(sk
, skb
);
1238 if (tcp_filter(sk
, skb
))
1242 * socket locking is here for SMP purposes as backlog rcv
1243 * is currently called with bh processing disabled.
1246 /* Do Stevens' IPV6_PKTOPTIONS.
1248 Yes, guys, it is the only place in our code, where we
1249 may make it not affecting IPv4.
1250 The rest of code is protocol independent,
1251 and I do not like idea to uglify IPv4.
1253 Actually, all the idea behind IPV6_PKTOPTIONS
1254 looks not very well thought. For now we latch
1255 options, received in the last packet, enqueued
1256 by tcp. Feel free to propose better solution.
1260 opt_skb
= skb_clone(skb
, sk_gfp_mask(sk
, GFP_ATOMIC
));
1262 if (sk
->sk_state
== TCP_ESTABLISHED
) { /* Fast path */
1263 struct dst_entry
*dst
= sk
->sk_rx_dst
;
1265 sock_rps_save_rxhash(sk
, skb
);
1266 sk_mark_napi_id(sk
, skb
);
1268 if (inet_sk(sk
)->rx_dst_ifindex
!= skb
->skb_iif
||
1269 dst
->ops
->check(dst
, np
->rx_dst_cookie
) == NULL
) {
1271 sk
->sk_rx_dst
= NULL
;
1275 tcp_rcv_established(sk
, skb
, tcp_hdr(skb
), skb
->len
);
1277 goto ipv6_pktoptions
;
1281 if (tcp_checksum_complete(skb
))
1284 if (sk
->sk_state
== TCP_LISTEN
) {
1285 struct sock
*nsk
= tcp_v6_cookie_check(sk
, skb
);
1291 sock_rps_save_rxhash(nsk
, skb
);
1292 sk_mark_napi_id(nsk
, skb
);
1293 if (tcp_child_process(sk
, nsk
, skb
))
1296 __kfree_skb(opt_skb
);
1300 sock_rps_save_rxhash(sk
, skb
);
1302 if (tcp_rcv_state_process(sk
, skb
))
1305 goto ipv6_pktoptions
;
1309 tcp_v6_send_reset(sk
, skb
);
1312 __kfree_skb(opt_skb
);
1316 TCP_INC_STATS(sock_net(sk
), TCP_MIB_CSUMERRORS
);
1317 TCP_INC_STATS(sock_net(sk
), TCP_MIB_INERRS
);
1322 /* Do you ask, what is it?
1324 1. skb was enqueued by tcp.
1325 2. skb is added to tail of read queue, rather than out of order.
1326 3. socket is not in passive state.
1327 4. Finally, it really contains options, which user wants to receive.
1330 if (TCP_SKB_CB(opt_skb
)->end_seq
== tp
->rcv_nxt
&&
1331 !((1 << sk
->sk_state
) & (TCPF_CLOSE
| TCPF_LISTEN
))) {
1332 if (np
->rxopt
.bits
.rxinfo
|| np
->rxopt
.bits
.rxoinfo
)
1333 np
->mcast_oif
= tcp_v6_iif(opt_skb
);
1334 if (np
->rxopt
.bits
.rxhlim
|| np
->rxopt
.bits
.rxohlim
)
1335 np
->mcast_hops
= ipv6_hdr(opt_skb
)->hop_limit
;
1336 if (np
->rxopt
.bits
.rxflow
|| np
->rxopt
.bits
.rxtclass
)
1337 np
->rcv_flowinfo
= ip6_flowinfo(ipv6_hdr(opt_skb
));
1339 np
->flow_label
= ip6_flowlabel(ipv6_hdr(opt_skb
));
1340 if (ipv6_opt_accepted(sk
, opt_skb
, &TCP_SKB_CB(opt_skb
)->header
.h6
)) {
1341 skb_set_owner_r(opt_skb
, sk
);
1342 tcp_v6_restore_cb(opt_skb
);
1343 opt_skb
= xchg(&np
->pktoptions
, opt_skb
);
1345 __kfree_skb(opt_skb
);
1346 opt_skb
= xchg(&np
->pktoptions
, NULL
);
1354 static void tcp_v6_fill_cb(struct sk_buff
*skb
, const struct ipv6hdr
*hdr
,
1355 const struct tcphdr
*th
)
1357 /* This is tricky: we move IP6CB at its correct location into
1358 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
1359 * _decode_session6() uses IP6CB().
1360 * barrier() makes sure compiler won't play aliasing games.
1362 memmove(&TCP_SKB_CB(skb
)->header
.h6
, IP6CB(skb
),
1363 sizeof(struct inet6_skb_parm
));
1366 TCP_SKB_CB(skb
)->seq
= ntohl(th
->seq
);
1367 TCP_SKB_CB(skb
)->end_seq
= (TCP_SKB_CB(skb
)->seq
+ th
->syn
+ th
->fin
+
1368 skb
->len
- th
->doff
*4);
1369 TCP_SKB_CB(skb
)->ack_seq
= ntohl(th
->ack_seq
);
1370 TCP_SKB_CB(skb
)->tcp_flags
= tcp_flag_byte(th
);
1371 TCP_SKB_CB(skb
)->tcp_tw_isn
= 0;
1372 TCP_SKB_CB(skb
)->ip_dsfield
= ipv6_get_dsfield(hdr
);
1373 TCP_SKB_CB(skb
)->sacked
= 0;
1376 static int tcp_v6_rcv(struct sk_buff
*skb
)
1378 const struct tcphdr
*th
;
1379 const struct ipv6hdr
*hdr
;
1383 struct net
*net
= dev_net(skb
->dev
);
1385 if (skb
->pkt_type
!= PACKET_HOST
)
1389 * Count it even if it's bad.
1391 __TCP_INC_STATS(net
, TCP_MIB_INSEGS
);
1393 if (!pskb_may_pull(skb
, sizeof(struct tcphdr
)))
1396 th
= (const struct tcphdr
*)skb
->data
;
1398 if (unlikely(th
->doff
< sizeof(struct tcphdr
)/4))
1400 if (!pskb_may_pull(skb
, th
->doff
*4))
1403 if (skb_checksum_init(skb
, IPPROTO_TCP
, ip6_compute_pseudo
))
1406 th
= (const struct tcphdr
*)skb
->data
;
1407 hdr
= ipv6_hdr(skb
);
1410 sk
= __inet6_lookup_skb(&tcp_hashinfo
, skb
, __tcp_hdrlen(th
),
1411 th
->source
, th
->dest
, inet6_iif(skb
),
1417 if (sk
->sk_state
== TCP_TIME_WAIT
)
1420 if (sk
->sk_state
== TCP_NEW_SYN_RECV
) {
1421 struct request_sock
*req
= inet_reqsk(sk
);
1424 sk
= req
->rsk_listener
;
1425 tcp_v6_fill_cb(skb
, hdr
, th
);
1426 if (tcp_v6_inbound_md5_hash(sk
, skb
)) {
1427 sk_drops_add(sk
, skb
);
1431 if (unlikely(sk
->sk_state
!= TCP_LISTEN
)) {
1432 inet_csk_reqsk_queue_drop_and_put(sk
, req
);
1437 nsk
= tcp_check_req(sk
, skb
, req
, false);
1440 goto discard_and_relse
;
1444 tcp_v6_restore_cb(skb
);
1445 } else if (tcp_child_process(sk
, nsk
, skb
)) {
1446 tcp_v6_send_reset(nsk
, skb
);
1447 goto discard_and_relse
;
1453 if (hdr
->hop_limit
< inet6_sk(sk
)->min_hopcount
) {
1454 __NET_INC_STATS(net
, LINUX_MIB_TCPMINTTLDROP
);
1455 goto discard_and_relse
;
1458 if (!xfrm6_policy_check(sk
, XFRM_POLICY_IN
, skb
))
1459 goto discard_and_relse
;
1461 tcp_v6_fill_cb(skb
, hdr
, th
);
1463 if (tcp_v6_inbound_md5_hash(sk
, skb
))
1464 goto discard_and_relse
;
1466 if (tcp_filter(sk
, skb
))
1467 goto discard_and_relse
;
1468 th
= (const struct tcphdr
*)skb
->data
;
1469 hdr
= ipv6_hdr(skb
);
1473 if (sk
->sk_state
== TCP_LISTEN
) {
1474 ret
= tcp_v6_do_rcv(sk
, skb
);
1475 goto put_and_return
;
1478 sk_incoming_cpu_update(sk
);
1480 bh_lock_sock_nested(sk
);
1481 tcp_segs_in(tcp_sk(sk
), skb
);
1483 if (!sock_owned_by_user(sk
)) {
1484 if (!tcp_prequeue(sk
, skb
))
1485 ret
= tcp_v6_do_rcv(sk
, skb
);
1486 } else if (tcp_add_backlog(sk
, skb
)) {
1487 goto discard_and_relse
;
1494 return ret
? -1 : 0;
1497 if (!xfrm6_policy_check(NULL
, XFRM_POLICY_IN
, skb
))
1500 tcp_v6_fill_cb(skb
, hdr
, th
);
1502 if (tcp_checksum_complete(skb
)) {
1504 __TCP_INC_STATS(net
, TCP_MIB_CSUMERRORS
);
1506 __TCP_INC_STATS(net
, TCP_MIB_INERRS
);
1508 tcp_v6_send_reset(NULL
, skb
);
1516 sk_drops_add(sk
, skb
);
1522 if (!xfrm6_policy_check(NULL
, XFRM_POLICY_IN
, skb
)) {
1523 inet_twsk_put(inet_twsk(sk
));
1527 tcp_v6_fill_cb(skb
, hdr
, th
);
1529 if (tcp_checksum_complete(skb
)) {
1530 inet_twsk_put(inet_twsk(sk
));
1534 switch (tcp_timewait_state_process(inet_twsk(sk
), skb
, th
)) {
1539 sk2
= inet6_lookup_listener(dev_net(skb
->dev
), &tcp_hashinfo
,
1540 skb
, __tcp_hdrlen(th
),
1541 &ipv6_hdr(skb
)->saddr
, th
->source
,
1542 &ipv6_hdr(skb
)->daddr
,
1543 ntohs(th
->dest
), tcp_v6_iif(skb
));
1545 struct inet_timewait_sock
*tw
= inet_twsk(sk
);
1546 inet_twsk_deschedule_put(tw
);
1548 tcp_v6_restore_cb(skb
);
1552 /* Fall through to ACK */
1555 tcp_v6_timewait_ack(sk
, skb
);
1558 tcp_v6_restore_cb(skb
);
1559 tcp_v6_send_reset(sk
, skb
);
1560 inet_twsk_deschedule_put(inet_twsk(sk
));
1562 case TCP_TW_SUCCESS
:
1568 static void tcp_v6_early_demux(struct sk_buff
*skb
)
1570 const struct ipv6hdr
*hdr
;
1571 const struct tcphdr
*th
;
1574 if (skb
->pkt_type
!= PACKET_HOST
)
1577 if (!pskb_may_pull(skb
, skb_transport_offset(skb
) + sizeof(struct tcphdr
)))
1580 hdr
= ipv6_hdr(skb
);
1583 if (th
->doff
< sizeof(struct tcphdr
) / 4)
1586 /* Note : We use inet6_iif() here, not tcp_v6_iif() */
1587 sk
= __inet6_lookup_established(dev_net(skb
->dev
), &tcp_hashinfo
,
1588 &hdr
->saddr
, th
->source
,
1589 &hdr
->daddr
, ntohs(th
->dest
),
1593 skb
->destructor
= sock_edemux
;
1594 if (sk_fullsock(sk
)) {
1595 struct dst_entry
*dst
= READ_ONCE(sk
->sk_rx_dst
);
1598 dst
= dst_check(dst
, inet6_sk(sk
)->rx_dst_cookie
);
1600 inet_sk(sk
)->rx_dst_ifindex
== skb
->skb_iif
)
1601 skb_dst_set_noref(skb
, dst
);
1606 static struct timewait_sock_ops tcp6_timewait_sock_ops
= {
1607 .twsk_obj_size
= sizeof(struct tcp6_timewait_sock
),
1608 .twsk_unique
= tcp_twsk_unique
,
1609 .twsk_destructor
= tcp_twsk_destructor
,
1612 static const struct inet_connection_sock_af_ops ipv6_specific
= {
1613 .queue_xmit
= inet6_csk_xmit
,
1614 .send_check
= tcp_v6_send_check
,
1615 .rebuild_header
= inet6_sk_rebuild_header
,
1616 .sk_rx_dst_set
= inet6_sk_rx_dst_set
,
1617 .conn_request
= tcp_v6_conn_request
,
1618 .syn_recv_sock
= tcp_v6_syn_recv_sock
,
1619 .net_header_len
= sizeof(struct ipv6hdr
),
1620 .net_frag_header_len
= sizeof(struct frag_hdr
),
1621 .setsockopt
= ipv6_setsockopt
,
1622 .getsockopt
= ipv6_getsockopt
,
1623 .addr2sockaddr
= inet6_csk_addr2sockaddr
,
1624 .sockaddr_len
= sizeof(struct sockaddr_in6
),
1625 .bind_conflict
= inet6_csk_bind_conflict
,
1626 #ifdef CONFIG_COMPAT
1627 .compat_setsockopt
= compat_ipv6_setsockopt
,
1628 .compat_getsockopt
= compat_ipv6_getsockopt
,
1630 .mtu_reduced
= tcp_v6_mtu_reduced
,
1633 #ifdef CONFIG_TCP_MD5SIG
1634 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific
= {
1635 .md5_lookup
= tcp_v6_md5_lookup
,
1636 .calc_md5_hash
= tcp_v6_md5_hash_skb
,
1637 .md5_parse
= tcp_v6_parse_md5_keys
,
1642 * TCP over IPv4 via INET6 API
1644 static const struct inet_connection_sock_af_ops ipv6_mapped
= {
1645 .queue_xmit
= ip_queue_xmit
,
1646 .send_check
= tcp_v4_send_check
,
1647 .rebuild_header
= inet_sk_rebuild_header
,
1648 .sk_rx_dst_set
= inet_sk_rx_dst_set
,
1649 .conn_request
= tcp_v6_conn_request
,
1650 .syn_recv_sock
= tcp_v6_syn_recv_sock
,
1651 .net_header_len
= sizeof(struct iphdr
),
1652 .setsockopt
= ipv6_setsockopt
,
1653 .getsockopt
= ipv6_getsockopt
,
1654 .addr2sockaddr
= inet6_csk_addr2sockaddr
,
1655 .sockaddr_len
= sizeof(struct sockaddr_in6
),
1656 .bind_conflict
= inet6_csk_bind_conflict
,
1657 #ifdef CONFIG_COMPAT
1658 .compat_setsockopt
= compat_ipv6_setsockopt
,
1659 .compat_getsockopt
= compat_ipv6_getsockopt
,
1661 .mtu_reduced
= tcp_v4_mtu_reduced
,
1664 #ifdef CONFIG_TCP_MD5SIG
1665 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific
= {
1666 .md5_lookup
= tcp_v4_md5_lookup
,
1667 .calc_md5_hash
= tcp_v4_md5_hash_skb
,
1668 .md5_parse
= tcp_v6_parse_md5_keys
,
1672 /* NOTE: A lot of things set to zero explicitly by call to
1673 * sk_alloc() so need not be done here.
1675 static int tcp_v6_init_sock(struct sock
*sk
)
1677 struct inet_connection_sock
*icsk
= inet_csk(sk
);
1681 icsk
->icsk_af_ops
= &ipv6_specific
;
1683 #ifdef CONFIG_TCP_MD5SIG
1684 tcp_sk(sk
)->af_specific
= &tcp_sock_ipv6_specific
;
1690 static void tcp_v6_destroy_sock(struct sock
*sk
)
1692 tcp_v4_destroy_sock(sk
);
1693 inet6_destroy_sock(sk
);
1696 #ifdef CONFIG_PROC_FS
1697 /* Proc filesystem TCPv6 sock list dumping. */
1698 static void get_openreq6(struct seq_file
*seq
,
1699 const struct request_sock
*req
, int i
)
1701 long ttd
= req
->rsk_timer
.expires
- jiffies
;
1702 const struct in6_addr
*src
= &inet_rsk(req
)->ir_v6_loc_addr
;
1703 const struct in6_addr
*dest
= &inet_rsk(req
)->ir_v6_rmt_addr
;
1709 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1710 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
1712 src
->s6_addr32
[0], src
->s6_addr32
[1],
1713 src
->s6_addr32
[2], src
->s6_addr32
[3],
1714 inet_rsk(req
)->ir_num
,
1715 dest
->s6_addr32
[0], dest
->s6_addr32
[1],
1716 dest
->s6_addr32
[2], dest
->s6_addr32
[3],
1717 ntohs(inet_rsk(req
)->ir_rmt_port
),
1719 0, 0, /* could print option size, but that is af dependent. */
1720 1, /* timers active (only the expire timer) */
1721 jiffies_to_clock_t(ttd
),
1723 from_kuid_munged(seq_user_ns(seq
),
1724 sock_i_uid(req
->rsk_listener
)),
1725 0, /* non standard timer */
1726 0, /* open_requests have no inode */
1730 static void get_tcp6_sock(struct seq_file
*seq
, struct sock
*sp
, int i
)
1732 const struct in6_addr
*dest
, *src
;
1735 unsigned long timer_expires
;
1736 const struct inet_sock
*inet
= inet_sk(sp
);
1737 const struct tcp_sock
*tp
= tcp_sk(sp
);
1738 const struct inet_connection_sock
*icsk
= inet_csk(sp
);
1739 const struct fastopen_queue
*fastopenq
= &icsk
->icsk_accept_queue
.fastopenq
;
1743 dest
= &sp
->sk_v6_daddr
;
1744 src
= &sp
->sk_v6_rcv_saddr
;
1745 destp
= ntohs(inet
->inet_dport
);
1746 srcp
= ntohs(inet
->inet_sport
);
1748 if (icsk
->icsk_pending
== ICSK_TIME_RETRANS
||
1749 icsk
->icsk_pending
== ICSK_TIME_EARLY_RETRANS
||
1750 icsk
->icsk_pending
== ICSK_TIME_LOSS_PROBE
) {
1752 timer_expires
= icsk
->icsk_timeout
;
1753 } else if (icsk
->icsk_pending
== ICSK_TIME_PROBE0
) {
1755 timer_expires
= icsk
->icsk_timeout
;
1756 } else if (timer_pending(&sp
->sk_timer
)) {
1758 timer_expires
= sp
->sk_timer
.expires
;
1761 timer_expires
= jiffies
;
1764 state
= sk_state_load(sp
);
1765 if (state
== TCP_LISTEN
)
1766 rx_queue
= sp
->sk_ack_backlog
;
1768 /* Because we don't lock the socket,
1769 * we might find a transient negative value.
1771 rx_queue
= max_t(int, tp
->rcv_nxt
- tp
->copied_seq
, 0);
1774 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1775 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
1777 src
->s6_addr32
[0], src
->s6_addr32
[1],
1778 src
->s6_addr32
[2], src
->s6_addr32
[3], srcp
,
1779 dest
->s6_addr32
[0], dest
->s6_addr32
[1],
1780 dest
->s6_addr32
[2], dest
->s6_addr32
[3], destp
,
1782 tp
->write_seq
- tp
->snd_una
,
1785 jiffies_delta_to_clock_t(timer_expires
- jiffies
),
1786 icsk
->icsk_retransmits
,
1787 from_kuid_munged(seq_user_ns(seq
), sock_i_uid(sp
)),
1788 icsk
->icsk_probes_out
,
1790 atomic_read(&sp
->sk_refcnt
), sp
,
1791 jiffies_to_clock_t(icsk
->icsk_rto
),
1792 jiffies_to_clock_t(icsk
->icsk_ack
.ato
),
1793 (icsk
->icsk_ack
.quick
<< 1) | icsk
->icsk_ack
.pingpong
,
1795 state
== TCP_LISTEN
?
1796 fastopenq
->max_qlen
:
1797 (tcp_in_initial_slowstart(tp
) ? -1 : tp
->snd_ssthresh
)
1801 static void get_timewait6_sock(struct seq_file
*seq
,
1802 struct inet_timewait_sock
*tw
, int i
)
1804 long delta
= tw
->tw_timer
.expires
- jiffies
;
1805 const struct in6_addr
*dest
, *src
;
1808 dest
= &tw
->tw_v6_daddr
;
1809 src
= &tw
->tw_v6_rcv_saddr
;
1810 destp
= ntohs(tw
->tw_dport
);
1811 srcp
= ntohs(tw
->tw_sport
);
1814 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1815 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1817 src
->s6_addr32
[0], src
->s6_addr32
[1],
1818 src
->s6_addr32
[2], src
->s6_addr32
[3], srcp
,
1819 dest
->s6_addr32
[0], dest
->s6_addr32
[1],
1820 dest
->s6_addr32
[2], dest
->s6_addr32
[3], destp
,
1821 tw
->tw_substate
, 0, 0,
1822 3, jiffies_delta_to_clock_t(delta
), 0, 0, 0, 0,
1823 atomic_read(&tw
->tw_refcnt
), tw
);
1826 static int tcp6_seq_show(struct seq_file
*seq
, void *v
)
1828 struct tcp_iter_state
*st
;
1829 struct sock
*sk
= v
;
1831 if (v
== SEQ_START_TOKEN
) {
1836 "st tx_queue rx_queue tr tm->when retrnsmt"
1837 " uid timeout inode\n");
1842 if (sk
->sk_state
== TCP_TIME_WAIT
)
1843 get_timewait6_sock(seq
, v
, st
->num
);
1844 else if (sk
->sk_state
== TCP_NEW_SYN_RECV
)
1845 get_openreq6(seq
, v
, st
->num
);
1847 get_tcp6_sock(seq
, v
, st
->num
);
1852 static const struct file_operations tcp6_afinfo_seq_fops
= {
1853 .owner
= THIS_MODULE
,
1854 .open
= tcp_seq_open
,
1856 .llseek
= seq_lseek
,
1857 .release
= seq_release_net
1860 static struct tcp_seq_afinfo tcp6_seq_afinfo
= {
1863 .seq_fops
= &tcp6_afinfo_seq_fops
,
1865 .show
= tcp6_seq_show
,
1869 int __net_init
tcp6_proc_init(struct net
*net
)
1871 return tcp_proc_register(net
, &tcp6_seq_afinfo
);
1874 void tcp6_proc_exit(struct net
*net
)
1876 tcp_proc_unregister(net
, &tcp6_seq_afinfo
);
1880 struct proto tcpv6_prot
= {
1882 .owner
= THIS_MODULE
,
1884 .connect
= tcp_v6_connect
,
1885 .disconnect
= tcp_disconnect
,
1886 .accept
= inet_csk_accept
,
1888 .init
= tcp_v6_init_sock
,
1889 .destroy
= tcp_v6_destroy_sock
,
1890 .shutdown
= tcp_shutdown
,
1891 .setsockopt
= tcp_setsockopt
,
1892 .getsockopt
= tcp_getsockopt
,
1893 .recvmsg
= tcp_recvmsg
,
1894 .sendmsg
= tcp_sendmsg
,
1895 .sendpage
= tcp_sendpage
,
1896 .backlog_rcv
= tcp_v6_do_rcv
,
1897 .release_cb
= tcp_release_cb
,
1899 .unhash
= inet_unhash
,
1900 .get_port
= inet_csk_get_port
,
1901 .enter_memory_pressure
= tcp_enter_memory_pressure
,
1902 .stream_memory_free
= tcp_stream_memory_free
,
1903 .sockets_allocated
= &tcp_sockets_allocated
,
1904 .memory_allocated
= &tcp_memory_allocated
,
1905 .memory_pressure
= &tcp_memory_pressure
,
1906 .orphan_count
= &tcp_orphan_count
,
1907 .sysctl_mem
= sysctl_tcp_mem
,
1908 .sysctl_wmem
= sysctl_tcp_wmem
,
1909 .sysctl_rmem
= sysctl_tcp_rmem
,
1910 .max_header
= MAX_TCP_HEADER
,
1911 .obj_size
= sizeof(struct tcp6_sock
),
1912 .slab_flags
= SLAB_DESTROY_BY_RCU
,
1913 .twsk_prot
= &tcp6_timewait_sock_ops
,
1914 .rsk_prot
= &tcp6_request_sock_ops
,
1915 .h
.hashinfo
= &tcp_hashinfo
,
1916 .no_autobind
= true,
1917 #ifdef CONFIG_COMPAT
1918 .compat_setsockopt
= compat_tcp_setsockopt
,
1919 .compat_getsockopt
= compat_tcp_getsockopt
,
1921 .diag_destroy
= tcp_abort
,
1924 static const struct inet6_protocol tcpv6_protocol
= {
1925 .early_demux
= tcp_v6_early_demux
,
1926 .handler
= tcp_v6_rcv
,
1927 .err_handler
= tcp_v6_err
,
1928 .flags
= INET6_PROTO_NOPOLICY
|INET6_PROTO_FINAL
,
1931 static struct inet_protosw tcpv6_protosw
= {
1932 .type
= SOCK_STREAM
,
1933 .protocol
= IPPROTO_TCP
,
1934 .prot
= &tcpv6_prot
,
1935 .ops
= &inet6_stream_ops
,
1936 .flags
= INET_PROTOSW_PERMANENT
|
1940 static int __net_init
tcpv6_net_init(struct net
*net
)
1942 return inet_ctl_sock_create(&net
->ipv6
.tcp_sk
, PF_INET6
,
1943 SOCK_RAW
, IPPROTO_TCP
, net
);
1946 static void __net_exit
tcpv6_net_exit(struct net
*net
)
1948 inet_ctl_sock_destroy(net
->ipv6
.tcp_sk
);
1951 static void __net_exit
tcpv6_net_exit_batch(struct list_head
*net_exit_list
)
1953 inet_twsk_purge(&tcp_hashinfo
, &tcp_death_row
, AF_INET6
);
1956 static struct pernet_operations tcpv6_net_ops
= {
1957 .init
= tcpv6_net_init
,
1958 .exit
= tcpv6_net_exit
,
1959 .exit_batch
= tcpv6_net_exit_batch
,
1962 int __init
tcpv6_init(void)
1966 ret
= inet6_add_protocol(&tcpv6_protocol
, IPPROTO_TCP
);
1970 /* register inet6 protocol */
1971 ret
= inet6_register_protosw(&tcpv6_protosw
);
1973 goto out_tcpv6_protocol
;
1975 ret
= register_pernet_subsys(&tcpv6_net_ops
);
1977 goto out_tcpv6_protosw
;
1982 inet6_unregister_protosw(&tcpv6_protosw
);
1984 inet6_del_protocol(&tcpv6_protocol
, IPPROTO_TCP
);
1988 void tcpv6_exit(void)
1990 unregister_pernet_subsys(&tcpv6_net_ops
);
1991 inet6_unregister_protosw(&tcpv6_protosw
);
1992 inet6_del_protocol(&tcpv6_protocol
, IPPROTO_TCP
);