1 /* 2 * TCP over IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on: 9 * linux/net/ipv4/tcp.c 10 * linux/net/ipv4/tcp_input.c 11 * linux/net/ipv4/tcp_output.c 12 * 13 * Fixes: 14 * Hideaki YOSHIFUJI : sin6_scope_id support 15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which 16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind 17 * a single port at the same time. 18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file. 19 * 20 * This program is free software; you can redistribute it and/or 21 * modify it under the terms of the GNU General Public License 22 * as published by the Free Software Foundation; either version 23 * 2 of the License, or (at your option) any later version. 24 */ 25 26 #include <linux/bottom_half.h> 27 #include <linux/module.h> 28 #include <linux/errno.h> 29 #include <linux/types.h> 30 #include <linux/socket.h> 31 #include <linux/sockios.h> 32 #include <linux/net.h> 33 #include <linux/jiffies.h> 34 #include <linux/in.h> 35 #include <linux/in6.h> 36 #include <linux/netdevice.h> 37 #include <linux/init.h> 38 #include <linux/jhash.h> 39 #include <linux/ipsec.h> 40 #include <linux/times.h> 41 42 #include <linux/ipv6.h> 43 #include <linux/icmpv6.h> 44 #include <linux/random.h> 45 46 #include <net/tcp.h> 47 #include <net/ndisc.h> 48 #include <net/inet6_hashtables.h> 49 #include <net/inet6_connection_sock.h> 50 #include <net/ipv6.h> 51 #include <net/transp_v6.h> 52 #include <net/addrconf.h> 53 #include <net/ip6_route.h> 54 #include <net/ip6_checksum.h> 55 #include <net/inet_ecn.h> 56 #include <net/protocol.h> 57 #include <net/xfrm.h> 58 #include <net/snmp.h> 59 #include <net/dsfield.h> 60 #include <net/timewait_sock.h> 61 #include <net/netdma.h> 62 #include <net/inet_common.h> 63 64 #include <asm/uaccess.h> 65 66 #include <linux/proc_fs.h> 67 #include <linux/seq_file.h> 68 69 #include <linux/crypto.h> 70 #include <linux/scatterlist.h> 71 72 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb); 73 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb, 74 struct request_sock *req); 75 76 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb); 77 78 static const struct inet_connection_sock_af_ops ipv6_mapped; 79 static const struct inet_connection_sock_af_ops ipv6_specific; 80 #ifdef CONFIG_TCP_MD5SIG 81 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific; 82 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific; 83 #else 84 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, 85 struct in6_addr *addr) 86 { 87 return NULL; 88 } 89 #endif 90 91 static void tcp_v6_hash(struct sock *sk) 92 { 93 if (sk->sk_state != TCP_CLOSE) { 94 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) { 95 tcp_prot.hash(sk); 96 return; 97 } 98 local_bh_disable(); 99 __inet6_hash(sk, NULL); 100 local_bh_enable(); 101 } 102 } 103 104 static __inline__ __sum16 tcp_v6_check(int len, 105 struct in6_addr *saddr, 106 struct in6_addr *daddr, 107 __wsum base) 108 { 109 return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base); 110 } 111 112 static __u32 tcp_v6_init_sequence(struct sk_buff *skb) 113 { 114 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32, 115 ipv6_hdr(skb)->saddr.s6_addr32, 116 tcp_hdr(skb)->dest, 117 tcp_hdr(skb)->source); 118 } 119 120 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 121 int addr_len) 122 { 123 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; 124 struct inet_sock *inet = inet_sk(sk); 125 struct inet_connection_sock *icsk = inet_csk(sk); 126 struct ipv6_pinfo *np = inet6_sk(sk); 127 struct tcp_sock *tp = tcp_sk(sk); 128 struct in6_addr *saddr = NULL, *final_p = NULL, final; 129 struct flowi fl; 130 struct dst_entry *dst; 131 int addr_type; 132 int err; 133 134 if (addr_len < SIN6_LEN_RFC2133) 135 return -EINVAL; 136 137 if (usin->sin6_family != AF_INET6) 138 return(-EAFNOSUPPORT); 139 140 memset(&fl, 0, sizeof(fl)); 141 142 if (np->sndflow) { 143 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK; 144 IP6_ECN_flow_init(fl.fl6_flowlabel); 145 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) { 146 struct ip6_flowlabel *flowlabel; 147 flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel); 148 if (flowlabel == NULL) 149 return -EINVAL; 150 ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst); 151 fl6_sock_release(flowlabel); 152 } 153 } 154 155 /* 156 * connect() to INADDR_ANY means loopback (BSD'ism). 157 */ 158 159 if(ipv6_addr_any(&usin->sin6_addr)) 160 usin->sin6_addr.s6_addr[15] = 0x1; 161 162 addr_type = ipv6_addr_type(&usin->sin6_addr); 163 164 if(addr_type & IPV6_ADDR_MULTICAST) 165 return -ENETUNREACH; 166 167 if (addr_type&IPV6_ADDR_LINKLOCAL) { 168 if (addr_len >= sizeof(struct sockaddr_in6) && 169 usin->sin6_scope_id) { 170 /* If interface is set while binding, indices 171 * must coincide. 172 */ 173 if (sk->sk_bound_dev_if && 174 sk->sk_bound_dev_if != usin->sin6_scope_id) 175 return -EINVAL; 176 177 sk->sk_bound_dev_if = usin->sin6_scope_id; 178 } 179 180 /* Connect to link-local address requires an interface */ 181 if (!sk->sk_bound_dev_if) 182 return -EINVAL; 183 } 184 185 if (tp->rx_opt.ts_recent_stamp && 186 !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) { 187 tp->rx_opt.ts_recent = 0; 188 tp->rx_opt.ts_recent_stamp = 0; 189 tp->write_seq = 0; 190 } 191 192 ipv6_addr_copy(&np->daddr, &usin->sin6_addr); 193 np->flow_label = fl.fl6_flowlabel; 194 195 /* 196 * TCP over IPv4 197 */ 198 199 if (addr_type == IPV6_ADDR_MAPPED) { 200 u32 exthdrlen = icsk->icsk_ext_hdr_len; 201 struct sockaddr_in sin; 202 203 SOCK_DEBUG(sk, "connect: ipv4 mapped\n"); 204 205 if (__ipv6_only_sock(sk)) 206 return -ENETUNREACH; 207 208 sin.sin_family = AF_INET; 209 sin.sin_port = usin->sin6_port; 210 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3]; 211 212 icsk->icsk_af_ops = &ipv6_mapped; 213 sk->sk_backlog_rcv = tcp_v4_do_rcv; 214 #ifdef CONFIG_TCP_MD5SIG 215 tp->af_specific = &tcp_sock_ipv6_mapped_specific; 216 #endif 217 218 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin)); 219 220 if (err) { 221 icsk->icsk_ext_hdr_len = exthdrlen; 222 icsk->icsk_af_ops = &ipv6_specific; 223 sk->sk_backlog_rcv = tcp_v6_do_rcv; 224 #ifdef CONFIG_TCP_MD5SIG 225 tp->af_specific = &tcp_sock_ipv6_specific; 226 #endif 227 goto failure; 228 } else { 229 ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr); 230 ipv6_addr_set_v4mapped(inet->inet_rcv_saddr, 231 &np->rcv_saddr); 232 } 233 234 return err; 235 } 236 237 if (!ipv6_addr_any(&np->rcv_saddr)) 238 saddr = &np->rcv_saddr; 239 240 fl.proto = IPPROTO_TCP; 241 ipv6_addr_copy(&fl.fl6_dst, &np->daddr); 242 ipv6_addr_copy(&fl.fl6_src, 243 (saddr ? saddr : &np->saddr)); 244 fl.oif = sk->sk_bound_dev_if; 245 fl.mark = sk->sk_mark; 246 fl.fl_ip_dport = usin->sin6_port; 247 fl.fl_ip_sport = inet->inet_sport; 248 249 if (np->opt && np->opt->srcrt) { 250 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt; 251 ipv6_addr_copy(&final, &fl.fl6_dst); 252 ipv6_addr_copy(&fl.fl6_dst, rt0->addr); 253 final_p = &final; 254 } 255 256 security_sk_classify_flow(sk, &fl); 257 258 err = ip6_dst_lookup(sk, &dst, &fl); 259 if (err) 260 goto failure; 261 if (final_p) 262 ipv6_addr_copy(&fl.fl6_dst, final_p); 263 264 err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT); 265 if (err < 0) { 266 if (err == -EREMOTE) 267 err = ip6_dst_blackhole(sk, &dst, &fl); 268 if (err < 0) 269 goto failure; 270 } 271 272 if (saddr == NULL) { 273 saddr = &fl.fl6_src; 274 ipv6_addr_copy(&np->rcv_saddr, saddr); 275 } 276 277 /* set the source address */ 278 ipv6_addr_copy(&np->saddr, saddr); 279 inet->inet_rcv_saddr = LOOPBACK4_IPV6; 280 281 sk->sk_gso_type = SKB_GSO_TCPV6; 282 __ip6_dst_store(sk, dst, NULL, NULL); 283 284 icsk->icsk_ext_hdr_len = 0; 285 if (np->opt) 286 icsk->icsk_ext_hdr_len = (np->opt->opt_flen + 287 np->opt->opt_nflen); 288 289 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 290 291 inet->inet_dport = usin->sin6_port; 292 293 tcp_set_state(sk, TCP_SYN_SENT); 294 err = inet6_hash_connect(&tcp_death_row, sk); 295 if (err) 296 goto late_failure; 297 298 if (!tp->write_seq) 299 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32, 300 np->daddr.s6_addr32, 301 inet->inet_sport, 302 inet->inet_dport); 303 304 err = tcp_connect(sk); 305 if (err) 306 goto late_failure; 307 308 return 0; 309 310 late_failure: 311 tcp_set_state(sk, TCP_CLOSE); 312 __sk_dst_reset(sk); 313 failure: 314 inet->inet_dport = 0; 315 sk->sk_route_caps = 0; 316 return err; 317 } 318 319 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 320 u8 type, u8 code, int offset, __be32 info) 321 { 322 struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data; 323 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset); 324 struct ipv6_pinfo *np; 325 struct sock *sk; 326 int err; 327 struct tcp_sock *tp; 328 __u32 seq; 329 struct net *net = dev_net(skb->dev); 330 331 sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr, 332 th->dest, &hdr->saddr, th->source, skb->dev->ifindex); 333 334 if (sk == NULL) { 335 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev), 336 ICMP6_MIB_INERRORS); 337 return; 338 } 339 340 if (sk->sk_state == TCP_TIME_WAIT) { 341 inet_twsk_put(inet_twsk(sk)); 342 return; 343 } 344 345 bh_lock_sock(sk); 346 if (sock_owned_by_user(sk)) 347 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS); 348 349 if (sk->sk_state == TCP_CLOSE) 350 goto out; 351 352 tp = tcp_sk(sk); 353 seq = ntohl(th->seq); 354 if (sk->sk_state != TCP_LISTEN && 355 !between(seq, tp->snd_una, tp->snd_nxt)) { 356 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 357 goto out; 358 } 359 360 np = inet6_sk(sk); 361 362 if (type == ICMPV6_PKT_TOOBIG) { 363 struct dst_entry *dst = NULL; 364 365 if (sock_owned_by_user(sk)) 366 goto out; 367 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) 368 goto out; 369 370 /* icmp should have updated the destination cache entry */ 371 dst = __sk_dst_check(sk, np->dst_cookie); 372 373 if (dst == NULL) { 374 struct inet_sock *inet = inet_sk(sk); 375 struct flowi fl; 376 377 /* BUGGG_FUTURE: Again, it is not clear how 378 to handle rthdr case. Ignore this complexity 379 for now. 380 */ 381 memset(&fl, 0, sizeof(fl)); 382 fl.proto = IPPROTO_TCP; 383 ipv6_addr_copy(&fl.fl6_dst, &np->daddr); 384 ipv6_addr_copy(&fl.fl6_src, &np->saddr); 385 fl.oif = sk->sk_bound_dev_if; 386 fl.mark = sk->sk_mark; 387 fl.fl_ip_dport = inet->inet_dport; 388 fl.fl_ip_sport = inet->inet_sport; 389 security_skb_classify_flow(skb, &fl); 390 391 if ((err = ip6_dst_lookup(sk, &dst, &fl))) { 392 sk->sk_err_soft = -err; 393 goto out; 394 } 395 396 if ((err = xfrm_lookup(net, &dst, &fl, sk, 0)) < 0) { 397 sk->sk_err_soft = -err; 398 goto out; 399 } 400 401 } else 402 dst_hold(dst); 403 404 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) { 405 tcp_sync_mss(sk, dst_mtu(dst)); 406 tcp_simple_retransmit(sk); 407 } /* else let the usual retransmit timer handle it */ 408 dst_release(dst); 409 goto out; 410 } 411 412 icmpv6_err_convert(type, code, &err); 413 414 /* Might be for an request_sock */ 415 switch (sk->sk_state) { 416 struct request_sock *req, **prev; 417 case TCP_LISTEN: 418 if (sock_owned_by_user(sk)) 419 goto out; 420 421 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr, 422 &hdr->saddr, inet6_iif(skb)); 423 if (!req) 424 goto out; 425 426 /* ICMPs are not backlogged, hence we cannot get 427 * an established socket here. 428 */ 429 WARN_ON(req->sk != NULL); 430 431 if (seq != tcp_rsk(req)->snt_isn) { 432 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 433 goto out; 434 } 435 436 inet_csk_reqsk_queue_drop(sk, req, prev); 437 goto out; 438 439 case TCP_SYN_SENT: 440 case TCP_SYN_RECV: /* Cannot happen. 441 It can, it SYNs are crossed. --ANK */ 442 if (!sock_owned_by_user(sk)) { 443 sk->sk_err = err; 444 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */ 445 446 tcp_done(sk); 447 } else 448 sk->sk_err_soft = err; 449 goto out; 450 } 451 452 if (!sock_owned_by_user(sk) && np->recverr) { 453 sk->sk_err = err; 454 sk->sk_error_report(sk); 455 } else 456 sk->sk_err_soft = err; 457 458 out: 459 bh_unlock_sock(sk); 460 sock_put(sk); 461 } 462 463 464 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req, 465 struct request_values *rvp) 466 { 467 struct inet6_request_sock *treq = inet6_rsk(req); 468 struct ipv6_pinfo *np = inet6_sk(sk); 469 struct sk_buff * skb; 470 struct ipv6_txoptions *opt = NULL; 471 struct in6_addr * final_p = NULL, final; 472 struct flowi fl; 473 struct dst_entry *dst; 474 int err = -1; 475 476 memset(&fl, 0, sizeof(fl)); 477 fl.proto = IPPROTO_TCP; 478 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr); 479 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr); 480 fl.fl6_flowlabel = 0; 481 fl.oif = treq->iif; 482 fl.mark = sk->sk_mark; 483 fl.fl_ip_dport = inet_rsk(req)->rmt_port; 484 fl.fl_ip_sport = inet_rsk(req)->loc_port; 485 security_req_classify_flow(req, &fl); 486 487 opt = np->opt; 488 if (opt && opt->srcrt) { 489 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt; 490 ipv6_addr_copy(&final, &fl.fl6_dst); 491 ipv6_addr_copy(&fl.fl6_dst, rt0->addr); 492 final_p = &final; 493 } 494 495 err = ip6_dst_lookup(sk, &dst, &fl); 496 if (err) 497 goto done; 498 if (final_p) 499 ipv6_addr_copy(&fl.fl6_dst, final_p); 500 if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0) 501 goto done; 502 503 skb = tcp_make_synack(sk, dst, req, rvp); 504 if (skb) { 505 struct tcphdr *th = tcp_hdr(skb); 506 507 th->check = tcp_v6_check(skb->len, 508 &treq->loc_addr, &treq->rmt_addr, 509 csum_partial(th, skb->len, skb->csum)); 510 511 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr); 512 err = ip6_xmit(sk, skb, &fl, opt, 0); 513 err = net_xmit_eval(err); 514 } 515 516 done: 517 if (opt && opt != np->opt) 518 sock_kfree_s(sk, opt, opt->tot_len); 519 dst_release(dst); 520 return err; 521 } 522 523 static inline void syn_flood_warning(struct sk_buff *skb) 524 { 525 #ifdef CONFIG_SYN_COOKIES 526 if (sysctl_tcp_syncookies) 527 printk(KERN_INFO 528 "TCPv6: Possible SYN flooding on port %d. " 529 "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest)); 530 else 531 #endif 532 printk(KERN_INFO 533 "TCPv6: Possible SYN flooding on port %d. " 534 "Dropping request.\n", ntohs(tcp_hdr(skb)->dest)); 535 } 536 537 static void tcp_v6_reqsk_destructor(struct request_sock *req) 538 { 539 kfree_skb(inet6_rsk(req)->pktopts); 540 } 541 542 #ifdef CONFIG_TCP_MD5SIG 543 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, 544 struct in6_addr *addr) 545 { 546 struct tcp_sock *tp = tcp_sk(sk); 547 int i; 548 549 BUG_ON(tp == NULL); 550 551 if (!tp->md5sig_info || !tp->md5sig_info->entries6) 552 return NULL; 553 554 for (i = 0; i < tp->md5sig_info->entries6; i++) { 555 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr)) 556 return &tp->md5sig_info->keys6[i].base; 557 } 558 return NULL; 559 } 560 561 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk, 562 struct sock *addr_sk) 563 { 564 return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr); 565 } 566 567 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk, 568 struct request_sock *req) 569 { 570 return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr); 571 } 572 573 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer, 574 char *newkey, u8 newkeylen) 575 { 576 /* Add key to the list */ 577 struct tcp_md5sig_key *key; 578 struct tcp_sock *tp = tcp_sk(sk); 579 struct tcp6_md5sig_key *keys; 580 581 key = tcp_v6_md5_do_lookup(sk, peer); 582 if (key) { 583 /* modify existing entry - just update that one */ 584 kfree(key->key); 585 key->key = newkey; 586 key->keylen = newkeylen; 587 } else { 588 /* reallocate new list if current one is full. */ 589 if (!tp->md5sig_info) { 590 tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC); 591 if (!tp->md5sig_info) { 592 kfree(newkey); 593 return -ENOMEM; 594 } 595 sk->sk_route_caps &= ~NETIF_F_GSO_MASK; 596 } 597 if (tcp_alloc_md5sig_pool(sk) == NULL) { 598 kfree(newkey); 599 return -ENOMEM; 600 } 601 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) { 602 keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) * 603 (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC); 604 605 if (!keys) { 606 tcp_free_md5sig_pool(); 607 kfree(newkey); 608 return -ENOMEM; 609 } 610 611 if (tp->md5sig_info->entries6) 612 memmove(keys, tp->md5sig_info->keys6, 613 (sizeof (tp->md5sig_info->keys6[0]) * 614 tp->md5sig_info->entries6)); 615 616 kfree(tp->md5sig_info->keys6); 617 tp->md5sig_info->keys6 = keys; 618 tp->md5sig_info->alloced6++; 619 } 620 621 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr, 622 peer); 623 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey; 624 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen; 625 626 tp->md5sig_info->entries6++; 627 } 628 return 0; 629 } 630 631 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk, 632 u8 *newkey, __u8 newkeylen) 633 { 634 return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr, 635 newkey, newkeylen); 636 } 637 638 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer) 639 { 640 struct tcp_sock *tp = tcp_sk(sk); 641 int i; 642 643 for (i = 0; i < tp->md5sig_info->entries6; i++) { 644 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) { 645 /* Free the key */ 646 kfree(tp->md5sig_info->keys6[i].base.key); 647 tp->md5sig_info->entries6--; 648 649 if (tp->md5sig_info->entries6 == 0) { 650 kfree(tp->md5sig_info->keys6); 651 tp->md5sig_info->keys6 = NULL; 652 tp->md5sig_info->alloced6 = 0; 653 } else { 654 /* shrink the database */ 655 if (tp->md5sig_info->entries6 != i) 656 memmove(&tp->md5sig_info->keys6[i], 657 &tp->md5sig_info->keys6[i+1], 658 (tp->md5sig_info->entries6 - i) 659 * sizeof (tp->md5sig_info->keys6[0])); 660 } 661 tcp_free_md5sig_pool(); 662 return 0; 663 } 664 } 665 return -ENOENT; 666 } 667 668 static void tcp_v6_clear_md5_list (struct sock *sk) 669 { 670 struct tcp_sock *tp = tcp_sk(sk); 671 int i; 672 673 if (tp->md5sig_info->entries6) { 674 for (i = 0; i < tp->md5sig_info->entries6; i++) 675 kfree(tp->md5sig_info->keys6[i].base.key); 676 tp->md5sig_info->entries6 = 0; 677 tcp_free_md5sig_pool(); 678 } 679 680 kfree(tp->md5sig_info->keys6); 681 tp->md5sig_info->keys6 = NULL; 682 tp->md5sig_info->alloced6 = 0; 683 684 if (tp->md5sig_info->entries4) { 685 for (i = 0; i < tp->md5sig_info->entries4; i++) 686 kfree(tp->md5sig_info->keys4[i].base.key); 687 tp->md5sig_info->entries4 = 0; 688 tcp_free_md5sig_pool(); 689 } 690 691 kfree(tp->md5sig_info->keys4); 692 tp->md5sig_info->keys4 = NULL; 693 tp->md5sig_info->alloced4 = 0; 694 } 695 696 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval, 697 int optlen) 698 { 699 struct tcp_md5sig cmd; 700 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr; 701 u8 *newkey; 702 703 if (optlen < sizeof(cmd)) 704 return -EINVAL; 705 706 if (copy_from_user(&cmd, optval, sizeof(cmd))) 707 return -EFAULT; 708 709 if (sin6->sin6_family != AF_INET6) 710 return -EINVAL; 711 712 if (!cmd.tcpm_keylen) { 713 if (!tcp_sk(sk)->md5sig_info) 714 return -ENOENT; 715 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) 716 return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]); 717 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr); 718 } 719 720 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN) 721 return -EINVAL; 722 723 if (!tcp_sk(sk)->md5sig_info) { 724 struct tcp_sock *tp = tcp_sk(sk); 725 struct tcp_md5sig_info *p; 726 727 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL); 728 if (!p) 729 return -ENOMEM; 730 731 tp->md5sig_info = p; 732 sk->sk_route_caps &= ~NETIF_F_GSO_MASK; 733 } 734 735 newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL); 736 if (!newkey) 737 return -ENOMEM; 738 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) { 739 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3], 740 newkey, cmd.tcpm_keylen); 741 } 742 return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen); 743 } 744 745 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp, 746 struct in6_addr *daddr, 747 struct in6_addr *saddr, int nbytes) 748 { 749 struct tcp6_pseudohdr *bp; 750 struct scatterlist sg; 751 752 bp = &hp->md5_blk.ip6; 753 /* 1. TCP pseudo-header (RFC2460) */ 754 ipv6_addr_copy(&bp->saddr, saddr); 755 ipv6_addr_copy(&bp->daddr, daddr); 756 bp->protocol = cpu_to_be32(IPPROTO_TCP); 757 bp->len = cpu_to_be32(nbytes); 758 759 sg_init_one(&sg, bp, sizeof(*bp)); 760 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp)); 761 } 762 763 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key, 764 struct in6_addr *daddr, struct in6_addr *saddr, 765 struct tcphdr *th) 766 { 767 struct tcp_md5sig_pool *hp; 768 struct hash_desc *desc; 769 770 hp = tcp_get_md5sig_pool(); 771 if (!hp) 772 goto clear_hash_noput; 773 desc = &hp->md5_desc; 774 775 if (crypto_hash_init(desc)) 776 goto clear_hash; 777 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2)) 778 goto clear_hash; 779 if (tcp_md5_hash_header(hp, th)) 780 goto clear_hash; 781 if (tcp_md5_hash_key(hp, key)) 782 goto clear_hash; 783 if (crypto_hash_final(desc, md5_hash)) 784 goto clear_hash; 785 786 tcp_put_md5sig_pool(); 787 return 0; 788 789 clear_hash: 790 tcp_put_md5sig_pool(); 791 clear_hash_noput: 792 memset(md5_hash, 0, 16); 793 return 1; 794 } 795 796 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key, 797 struct sock *sk, struct request_sock *req, 798 struct sk_buff *skb) 799 { 800 struct in6_addr *saddr, *daddr; 801 struct tcp_md5sig_pool *hp; 802 struct hash_desc *desc; 803 struct tcphdr *th = tcp_hdr(skb); 804 805 if (sk) { 806 saddr = &inet6_sk(sk)->saddr; 807 daddr = &inet6_sk(sk)->daddr; 808 } else if (req) { 809 saddr = &inet6_rsk(req)->loc_addr; 810 daddr = &inet6_rsk(req)->rmt_addr; 811 } else { 812 struct ipv6hdr *ip6h = ipv6_hdr(skb); 813 saddr = &ip6h->saddr; 814 daddr = &ip6h->daddr; 815 } 816 817 hp = tcp_get_md5sig_pool(); 818 if (!hp) 819 goto clear_hash_noput; 820 desc = &hp->md5_desc; 821 822 if (crypto_hash_init(desc)) 823 goto clear_hash; 824 825 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len)) 826 goto clear_hash; 827 if (tcp_md5_hash_header(hp, th)) 828 goto clear_hash; 829 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2)) 830 goto clear_hash; 831 if (tcp_md5_hash_key(hp, key)) 832 goto clear_hash; 833 if (crypto_hash_final(desc, md5_hash)) 834 goto clear_hash; 835 836 tcp_put_md5sig_pool(); 837 return 0; 838 839 clear_hash: 840 tcp_put_md5sig_pool(); 841 clear_hash_noput: 842 memset(md5_hash, 0, 16); 843 return 1; 844 } 845 846 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb) 847 { 848 __u8 *hash_location = NULL; 849 struct tcp_md5sig_key *hash_expected; 850 struct ipv6hdr *ip6h = ipv6_hdr(skb); 851 struct tcphdr *th = tcp_hdr(skb); 852 int genhash; 853 u8 newhash[16]; 854 855 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr); 856 hash_location = tcp_parse_md5sig_option(th); 857 858 /* We've parsed the options - do we have a hash? */ 859 if (!hash_expected && !hash_location) 860 return 0; 861 862 if (hash_expected && !hash_location) { 863 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND); 864 return 1; 865 } 866 867 if (!hash_expected && hash_location) { 868 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED); 869 return 1; 870 } 871 872 /* check the signature */ 873 genhash = tcp_v6_md5_hash_skb(newhash, 874 hash_expected, 875 NULL, NULL, skb); 876 877 if (genhash || memcmp(hash_location, newhash, 16) != 0) { 878 if (net_ratelimit()) { 879 printk(KERN_INFO "MD5 Hash %s for (%pI6, %u)->(%pI6, %u)\n", 880 genhash ? "failed" : "mismatch", 881 &ip6h->saddr, ntohs(th->source), 882 &ip6h->daddr, ntohs(th->dest)); 883 } 884 return 1; 885 } 886 return 0; 887 } 888 #endif 889 890 struct request_sock_ops tcp6_request_sock_ops __read_mostly = { 891 .family = AF_INET6, 892 .obj_size = sizeof(struct tcp6_request_sock), 893 .rtx_syn_ack = tcp_v6_send_synack, 894 .send_ack = tcp_v6_reqsk_send_ack, 895 .destructor = tcp_v6_reqsk_destructor, 896 .send_reset = tcp_v6_send_reset 897 }; 898 899 #ifdef CONFIG_TCP_MD5SIG 900 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = { 901 .md5_lookup = tcp_v6_reqsk_md5_lookup, 902 .calc_md5_hash = tcp_v6_md5_hash_skb, 903 }; 904 #endif 905 906 static struct timewait_sock_ops tcp6_timewait_sock_ops = { 907 .twsk_obj_size = sizeof(struct tcp6_timewait_sock), 908 .twsk_unique = tcp_twsk_unique, 909 .twsk_destructor= tcp_twsk_destructor, 910 }; 911 912 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb) 913 { 914 struct ipv6_pinfo *np = inet6_sk(sk); 915 struct tcphdr *th = tcp_hdr(skb); 916 917 if (skb->ip_summed == CHECKSUM_PARTIAL) { 918 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP, 0); 919 skb->csum_start = skb_transport_header(skb) - skb->head; 920 skb->csum_offset = offsetof(struct tcphdr, check); 921 } else { 922 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP, 923 csum_partial(th, th->doff<<2, 924 skb->csum)); 925 } 926 } 927 928 static int tcp_v6_gso_send_check(struct sk_buff *skb) 929 { 930 struct ipv6hdr *ipv6h; 931 struct tcphdr *th; 932 933 if (!pskb_may_pull(skb, sizeof(*th))) 934 return -EINVAL; 935 936 ipv6h = ipv6_hdr(skb); 937 th = tcp_hdr(skb); 938 939 th->check = 0; 940 th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len, 941 IPPROTO_TCP, 0); 942 skb->csum_start = skb_transport_header(skb) - skb->head; 943 skb->csum_offset = offsetof(struct tcphdr, check); 944 skb->ip_summed = CHECKSUM_PARTIAL; 945 return 0; 946 } 947 948 static struct sk_buff **tcp6_gro_receive(struct sk_buff **head, 949 struct sk_buff *skb) 950 { 951 struct ipv6hdr *iph = skb_gro_network_header(skb); 952 953 switch (skb->ip_summed) { 954 case CHECKSUM_COMPLETE: 955 if (!tcp_v6_check(skb_gro_len(skb), &iph->saddr, &iph->daddr, 956 skb->csum)) { 957 skb->ip_summed = CHECKSUM_UNNECESSARY; 958 break; 959 } 960 961 /* fall through */ 962 case CHECKSUM_NONE: 963 NAPI_GRO_CB(skb)->flush = 1; 964 return NULL; 965 } 966 967 return tcp_gro_receive(head, skb); 968 } 969 970 static int tcp6_gro_complete(struct sk_buff *skb) 971 { 972 struct ipv6hdr *iph = ipv6_hdr(skb); 973 struct tcphdr *th = tcp_hdr(skb); 974 975 th->check = ~tcp_v6_check(skb->len - skb_transport_offset(skb), 976 &iph->saddr, &iph->daddr, 0); 977 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6; 978 979 return tcp_gro_complete(skb); 980 } 981 982 static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win, 983 u32 ts, struct tcp_md5sig_key *key, int rst) 984 { 985 struct tcphdr *th = tcp_hdr(skb), *t1; 986 struct sk_buff *buff; 987 struct flowi fl; 988 struct net *net = dev_net(skb_dst(skb)->dev); 989 struct sock *ctl_sk = net->ipv6.tcp_sk; 990 unsigned int tot_len = sizeof(struct tcphdr); 991 struct dst_entry *dst; 992 __be32 *topt; 993 994 if (ts) 995 tot_len += TCPOLEN_TSTAMP_ALIGNED; 996 #ifdef CONFIG_TCP_MD5SIG 997 if (key) 998 tot_len += TCPOLEN_MD5SIG_ALIGNED; 999 #endif 1000 1001 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len, 1002 GFP_ATOMIC); 1003 if (buff == NULL) 1004 return; 1005 1006 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len); 1007 1008 t1 = (struct tcphdr *) skb_push(buff, tot_len); 1009 skb_reset_transport_header(skb); 1010 1011 /* Swap the send and the receive. */ 1012 memset(t1, 0, sizeof(*t1)); 1013 t1->dest = th->source; 1014 t1->source = th->dest; 1015 t1->doff = tot_len / 4; 1016 t1->seq = htonl(seq); 1017 t1->ack_seq = htonl(ack); 1018 t1->ack = !rst || !th->ack; 1019 t1->rst = rst; 1020 t1->window = htons(win); 1021 1022 topt = (__be32 *)(t1 + 1); 1023 1024 if (ts) { 1025 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 1026 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP); 1027 *topt++ = htonl(tcp_time_stamp); 1028 *topt++ = htonl(ts); 1029 } 1030 1031 #ifdef CONFIG_TCP_MD5SIG 1032 if (key) { 1033 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 1034 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); 1035 tcp_v6_md5_hash_hdr((__u8 *)topt, key, 1036 &ipv6_hdr(skb)->saddr, 1037 &ipv6_hdr(skb)->daddr, t1); 1038 } 1039 #endif 1040 1041 buff->csum = csum_partial(t1, tot_len, 0); 1042 1043 memset(&fl, 0, sizeof(fl)); 1044 ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr); 1045 ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr); 1046 1047 t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst, 1048 tot_len, IPPROTO_TCP, 1049 buff->csum); 1050 1051 fl.proto = IPPROTO_TCP; 1052 fl.oif = inet6_iif(skb); 1053 fl.fl_ip_dport = t1->dest; 1054 fl.fl_ip_sport = t1->source; 1055 security_skb_classify_flow(skb, &fl); 1056 1057 /* Pass a socket to ip6_dst_lookup either it is for RST 1058 * Underlying function will use this to retrieve the network 1059 * namespace 1060 */ 1061 if (!ip6_dst_lookup(ctl_sk, &dst, &fl)) { 1062 if (xfrm_lookup(net, &dst, &fl, NULL, 0) >= 0) { 1063 skb_dst_set(buff, dst); 1064 ip6_xmit(ctl_sk, buff, &fl, NULL, 0); 1065 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS); 1066 if (rst) 1067 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS); 1068 return; 1069 } 1070 } 1071 1072 kfree_skb(buff); 1073 } 1074 1075 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb) 1076 { 1077 struct tcphdr *th = tcp_hdr(skb); 1078 u32 seq = 0, ack_seq = 0; 1079 struct tcp_md5sig_key *key = NULL; 1080 1081 if (th->rst) 1082 return; 1083 1084 if (!ipv6_unicast_destination(skb)) 1085 return; 1086 1087 #ifdef CONFIG_TCP_MD5SIG 1088 if (sk) 1089 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr); 1090 #endif 1091 1092 if (th->ack) 1093 seq = ntohl(th->ack_seq); 1094 else 1095 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len - 1096 (th->doff << 2); 1097 1098 tcp_v6_send_response(skb, seq, ack_seq, 0, 0, key, 1); 1099 } 1100 1101 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts, 1102 struct tcp_md5sig_key *key) 1103 { 1104 tcp_v6_send_response(skb, seq, ack, win, ts, key, 0); 1105 } 1106 1107 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb) 1108 { 1109 struct inet_timewait_sock *tw = inet_twsk(sk); 1110 struct tcp_timewait_sock *tcptw = tcp_twsk(sk); 1111 1112 tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt, 1113 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale, 1114 tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw)); 1115 1116 inet_twsk_put(tw); 1117 } 1118 1119 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb, 1120 struct request_sock *req) 1121 { 1122 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent, 1123 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr)); 1124 } 1125 1126 1127 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb) 1128 { 1129 struct request_sock *req, **prev; 1130 const struct tcphdr *th = tcp_hdr(skb); 1131 struct sock *nsk; 1132 1133 /* Find possible connection requests. */ 1134 req = inet6_csk_search_req(sk, &prev, th->source, 1135 &ipv6_hdr(skb)->saddr, 1136 &ipv6_hdr(skb)->daddr, inet6_iif(skb)); 1137 if (req) 1138 return tcp_check_req(sk, skb, req, prev); 1139 1140 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo, 1141 &ipv6_hdr(skb)->saddr, th->source, 1142 &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb)); 1143 1144 if (nsk) { 1145 if (nsk->sk_state != TCP_TIME_WAIT) { 1146 bh_lock_sock(nsk); 1147 return nsk; 1148 } 1149 inet_twsk_put(inet_twsk(nsk)); 1150 return NULL; 1151 } 1152 1153 #ifdef CONFIG_SYN_COOKIES 1154 if (!th->rst && !th->syn && th->ack) 1155 sk = cookie_v6_check(sk, skb); 1156 #endif 1157 return sk; 1158 } 1159 1160 /* FIXME: this is substantially similar to the ipv4 code. 1161 * Can some kind of merge be done? -- erics 1162 */ 1163 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb) 1164 { 1165 struct tcp_extend_values tmp_ext; 1166 struct tcp_options_received tmp_opt; 1167 u8 *hash_location; 1168 struct request_sock *req; 1169 struct inet6_request_sock *treq; 1170 struct ipv6_pinfo *np = inet6_sk(sk); 1171 struct tcp_sock *tp = tcp_sk(sk); 1172 __u32 isn = TCP_SKB_CB(skb)->when; 1173 #ifdef CONFIG_SYN_COOKIES 1174 int want_cookie = 0; 1175 #else 1176 #define want_cookie 0 1177 #endif 1178 1179 if (skb->protocol == htons(ETH_P_IP)) 1180 return tcp_v4_conn_request(sk, skb); 1181 1182 if (!ipv6_unicast_destination(skb)) 1183 goto drop; 1184 1185 if (inet_csk_reqsk_queue_is_full(sk) && !isn) { 1186 if (net_ratelimit()) 1187 syn_flood_warning(skb); 1188 #ifdef CONFIG_SYN_COOKIES 1189 if (sysctl_tcp_syncookies) 1190 want_cookie = 1; 1191 else 1192 #endif 1193 goto drop; 1194 } 1195 1196 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) 1197 goto drop; 1198 1199 req = inet6_reqsk_alloc(&tcp6_request_sock_ops); 1200 if (req == NULL) 1201 goto drop; 1202 1203 #ifdef CONFIG_TCP_MD5SIG 1204 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops; 1205 #endif 1206 1207 tcp_clear_options(&tmp_opt); 1208 tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 1209 tmp_opt.user_mss = tp->rx_opt.user_mss; 1210 tcp_parse_options(skb, &tmp_opt, &hash_location, 0); 1211 1212 if (tmp_opt.cookie_plus > 0 && 1213 tmp_opt.saw_tstamp && 1214 !tp->rx_opt.cookie_out_never && 1215 (sysctl_tcp_cookie_size > 0 || 1216 (tp->cookie_values != NULL && 1217 tp->cookie_values->cookie_desired > 0))) { 1218 u8 *c; 1219 u32 *d; 1220 u32 *mess = &tmp_ext.cookie_bakery[COOKIE_DIGEST_WORDS]; 1221 int l = tmp_opt.cookie_plus - TCPOLEN_COOKIE_BASE; 1222 1223 if (tcp_cookie_generator(&tmp_ext.cookie_bakery[0]) != 0) 1224 goto drop_and_free; 1225 1226 /* Secret recipe starts with IP addresses */ 1227 d = &ipv6_hdr(skb)->daddr.s6_addr32[0]; 1228 *mess++ ^= *d++; 1229 *mess++ ^= *d++; 1230 *mess++ ^= *d++; 1231 *mess++ ^= *d++; 1232 d = &ipv6_hdr(skb)->saddr.s6_addr32[0]; 1233 *mess++ ^= *d++; 1234 *mess++ ^= *d++; 1235 *mess++ ^= *d++; 1236 *mess++ ^= *d++; 1237 1238 /* plus variable length Initiator Cookie */ 1239 c = (u8 *)mess; 1240 while (l-- > 0) 1241 *c++ ^= *hash_location++; 1242 1243 #ifdef CONFIG_SYN_COOKIES 1244 want_cookie = 0; /* not our kind of cookie */ 1245 #endif 1246 tmp_ext.cookie_out_never = 0; /* false */ 1247 tmp_ext.cookie_plus = tmp_opt.cookie_plus; 1248 } else if (!tp->rx_opt.cookie_in_always) { 1249 /* redundant indications, but ensure initialization. */ 1250 tmp_ext.cookie_out_never = 1; /* true */ 1251 tmp_ext.cookie_plus = 0; 1252 } else { 1253 goto drop_and_free; 1254 } 1255 tmp_ext.cookie_in_always = tp->rx_opt.cookie_in_always; 1256 1257 if (want_cookie && !tmp_opt.saw_tstamp) 1258 tcp_clear_options(&tmp_opt); 1259 1260 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp; 1261 tcp_openreq_init(req, &tmp_opt, skb); 1262 1263 treq = inet6_rsk(req); 1264 ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr); 1265 ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr); 1266 if (!want_cookie) 1267 TCP_ECN_create_request(req, tcp_hdr(skb)); 1268 1269 if (want_cookie) { 1270 isn = cookie_v6_init_sequence(sk, skb, &req->mss); 1271 req->cookie_ts = tmp_opt.tstamp_ok; 1272 } else if (!isn) { 1273 if (ipv6_opt_accepted(sk, skb) || 1274 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || 1275 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) { 1276 atomic_inc(&skb->users); 1277 treq->pktopts = skb; 1278 } 1279 treq->iif = sk->sk_bound_dev_if; 1280 1281 /* So that link locals have meaning */ 1282 if (!sk->sk_bound_dev_if && 1283 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL) 1284 treq->iif = inet6_iif(skb); 1285 1286 isn = tcp_v6_init_sequence(skb); 1287 } 1288 tcp_rsk(req)->snt_isn = isn; 1289 1290 security_inet_conn_request(sk, skb, req); 1291 1292 if (tcp_v6_send_synack(sk, req, 1293 (struct request_values *)&tmp_ext) || 1294 want_cookie) 1295 goto drop_and_free; 1296 1297 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT); 1298 return 0; 1299 1300 drop_and_free: 1301 reqsk_free(req); 1302 drop: 1303 return 0; /* don't send reset */ 1304 } 1305 1306 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb, 1307 struct request_sock *req, 1308 struct dst_entry *dst) 1309 { 1310 struct inet6_request_sock *treq; 1311 struct ipv6_pinfo *newnp, *np = inet6_sk(sk); 1312 struct tcp6_sock *newtcp6sk; 1313 struct inet_sock *newinet; 1314 struct tcp_sock *newtp; 1315 struct sock *newsk; 1316 struct ipv6_txoptions *opt; 1317 #ifdef CONFIG_TCP_MD5SIG 1318 struct tcp_md5sig_key *key; 1319 #endif 1320 1321 if (skb->protocol == htons(ETH_P_IP)) { 1322 /* 1323 * v6 mapped 1324 */ 1325 1326 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst); 1327 1328 if (newsk == NULL) 1329 return NULL; 1330 1331 newtcp6sk = (struct tcp6_sock *)newsk; 1332 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1333 1334 newinet = inet_sk(newsk); 1335 newnp = inet6_sk(newsk); 1336 newtp = tcp_sk(newsk); 1337 1338 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1339 1340 ipv6_addr_set_v4mapped(newinet->inet_daddr, &newnp->daddr); 1341 1342 ipv6_addr_set_v4mapped(newinet->inet_saddr, &newnp->saddr); 1343 1344 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr); 1345 1346 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped; 1347 newsk->sk_backlog_rcv = tcp_v4_do_rcv; 1348 #ifdef CONFIG_TCP_MD5SIG 1349 newtp->af_specific = &tcp_sock_ipv6_mapped_specific; 1350 #endif 1351 1352 newnp->pktoptions = NULL; 1353 newnp->opt = NULL; 1354 newnp->mcast_oif = inet6_iif(skb); 1355 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1356 1357 /* 1358 * No need to charge this sock to the relevant IPv6 refcnt debug socks count 1359 * here, tcp_create_openreq_child now does this for us, see the comment in 1360 * that function for the gory details. -acme 1361 */ 1362 1363 /* It is tricky place. Until this moment IPv4 tcp 1364 worked with IPv6 icsk.icsk_af_ops. 1365 Sync it now. 1366 */ 1367 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); 1368 1369 return newsk; 1370 } 1371 1372 treq = inet6_rsk(req); 1373 opt = np->opt; 1374 1375 if (sk_acceptq_is_full(sk)) 1376 goto out_overflow; 1377 1378 if (dst == NULL) { 1379 struct in6_addr *final_p = NULL, final; 1380 struct flowi fl; 1381 1382 memset(&fl, 0, sizeof(fl)); 1383 fl.proto = IPPROTO_TCP; 1384 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr); 1385 if (opt && opt->srcrt) { 1386 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt; 1387 ipv6_addr_copy(&final, &fl.fl6_dst); 1388 ipv6_addr_copy(&fl.fl6_dst, rt0->addr); 1389 final_p = &final; 1390 } 1391 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr); 1392 fl.oif = sk->sk_bound_dev_if; 1393 fl.mark = sk->sk_mark; 1394 fl.fl_ip_dport = inet_rsk(req)->rmt_port; 1395 fl.fl_ip_sport = inet_rsk(req)->loc_port; 1396 security_req_classify_flow(req, &fl); 1397 1398 if (ip6_dst_lookup(sk, &dst, &fl)) 1399 goto out; 1400 1401 if (final_p) 1402 ipv6_addr_copy(&fl.fl6_dst, final_p); 1403 1404 if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0) 1405 goto out; 1406 } 1407 1408 newsk = tcp_create_openreq_child(sk, req, skb); 1409 if (newsk == NULL) 1410 goto out; 1411 1412 /* 1413 * No need to charge this sock to the relevant IPv6 refcnt debug socks 1414 * count here, tcp_create_openreq_child now does this for us, see the 1415 * comment in that function for the gory details. -acme 1416 */ 1417 1418 newsk->sk_gso_type = SKB_GSO_TCPV6; 1419 __ip6_dst_store(newsk, dst, NULL, NULL); 1420 1421 newtcp6sk = (struct tcp6_sock *)newsk; 1422 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1423 1424 newtp = tcp_sk(newsk); 1425 newinet = inet_sk(newsk); 1426 newnp = inet6_sk(newsk); 1427 1428 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1429 1430 ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr); 1431 ipv6_addr_copy(&newnp->saddr, &treq->loc_addr); 1432 ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr); 1433 newsk->sk_bound_dev_if = treq->iif; 1434 1435 /* Now IPv6 options... 1436 1437 First: no IPv4 options. 1438 */ 1439 newinet->opt = NULL; 1440 newnp->ipv6_fl_list = NULL; 1441 1442 /* Clone RX bits */ 1443 newnp->rxopt.all = np->rxopt.all; 1444 1445 /* Clone pktoptions received with SYN */ 1446 newnp->pktoptions = NULL; 1447 if (treq->pktopts != NULL) { 1448 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC); 1449 kfree_skb(treq->pktopts); 1450 treq->pktopts = NULL; 1451 if (newnp->pktoptions) 1452 skb_set_owner_r(newnp->pktoptions, newsk); 1453 } 1454 newnp->opt = NULL; 1455 newnp->mcast_oif = inet6_iif(skb); 1456 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1457 1458 /* Clone native IPv6 options from listening socket (if any) 1459 1460 Yes, keeping reference count would be much more clever, 1461 but we make one more one thing there: reattach optmem 1462 to newsk. 1463 */ 1464 if (opt) { 1465 newnp->opt = ipv6_dup_options(newsk, opt); 1466 if (opt != np->opt) 1467 sock_kfree_s(sk, opt, opt->tot_len); 1468 } 1469 1470 inet_csk(newsk)->icsk_ext_hdr_len = 0; 1471 if (newnp->opt) 1472 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen + 1473 newnp->opt->opt_flen); 1474 1475 tcp_mtup_init(newsk); 1476 tcp_sync_mss(newsk, dst_mtu(dst)); 1477 newtp->advmss = dst_metric(dst, RTAX_ADVMSS); 1478 tcp_initialize_rcv_mss(newsk); 1479 1480 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6; 1481 newinet->inet_rcv_saddr = LOOPBACK4_IPV6; 1482 1483 #ifdef CONFIG_TCP_MD5SIG 1484 /* Copy over the MD5 key from the original socket */ 1485 if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) { 1486 /* We're using one, so create a matching key 1487 * on the newsk structure. If we fail to get 1488 * memory, then we end up not copying the key 1489 * across. Shucks. 1490 */ 1491 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC); 1492 if (newkey != NULL) 1493 tcp_v6_md5_do_add(newsk, &newnp->daddr, 1494 newkey, key->keylen); 1495 } 1496 #endif 1497 1498 __inet6_hash(newsk, NULL); 1499 __inet_inherit_port(sk, newsk); 1500 1501 return newsk; 1502 1503 out_overflow: 1504 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); 1505 out: 1506 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); 1507 if (opt && opt != np->opt) 1508 sock_kfree_s(sk, opt, opt->tot_len); 1509 dst_release(dst); 1510 return NULL; 1511 } 1512 1513 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb) 1514 { 1515 if (skb->ip_summed == CHECKSUM_COMPLETE) { 1516 if (!tcp_v6_check(skb->len, &ipv6_hdr(skb)->saddr, 1517 &ipv6_hdr(skb)->daddr, skb->csum)) { 1518 skb->ip_summed = CHECKSUM_UNNECESSARY; 1519 return 0; 1520 } 1521 } 1522 1523 skb->csum = ~csum_unfold(tcp_v6_check(skb->len, 1524 &ipv6_hdr(skb)->saddr, 1525 &ipv6_hdr(skb)->daddr, 0)); 1526 1527 if (skb->len <= 76) { 1528 return __skb_checksum_complete(skb); 1529 } 1530 return 0; 1531 } 1532 1533 /* The socket must have it's spinlock held when we get 1534 * here. 1535 * 1536 * We have a potential double-lock case here, so even when 1537 * doing backlog processing we use the BH locking scheme. 1538 * This is because we cannot sleep with the original spinlock 1539 * held. 1540 */ 1541 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) 1542 { 1543 struct ipv6_pinfo *np = inet6_sk(sk); 1544 struct tcp_sock *tp; 1545 struct sk_buff *opt_skb = NULL; 1546 1547 /* Imagine: socket is IPv6. IPv4 packet arrives, 1548 goes to IPv4 receive handler and backlogged. 1549 From backlog it always goes here. Kerboom... 1550 Fortunately, tcp_rcv_established and rcv_established 1551 handle them correctly, but it is not case with 1552 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK 1553 */ 1554 1555 if (skb->protocol == htons(ETH_P_IP)) 1556 return tcp_v4_do_rcv(sk, skb); 1557 1558 #ifdef CONFIG_TCP_MD5SIG 1559 if (tcp_v6_inbound_md5_hash (sk, skb)) 1560 goto discard; 1561 #endif 1562 1563 if (sk_filter(sk, skb)) 1564 goto discard; 1565 1566 /* 1567 * socket locking is here for SMP purposes as backlog rcv 1568 * is currently called with bh processing disabled. 1569 */ 1570 1571 /* Do Stevens' IPV6_PKTOPTIONS. 1572 1573 Yes, guys, it is the only place in our code, where we 1574 may make it not affecting IPv4. 1575 The rest of code is protocol independent, 1576 and I do not like idea to uglify IPv4. 1577 1578 Actually, all the idea behind IPV6_PKTOPTIONS 1579 looks not very well thought. For now we latch 1580 options, received in the last packet, enqueued 1581 by tcp. Feel free to propose better solution. 1582 --ANK (980728) 1583 */ 1584 if (np->rxopt.all) 1585 opt_skb = skb_clone(skb, GFP_ATOMIC); 1586 1587 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ 1588 TCP_CHECK_TIMER(sk); 1589 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) 1590 goto reset; 1591 TCP_CHECK_TIMER(sk); 1592 if (opt_skb) 1593 goto ipv6_pktoptions; 1594 return 0; 1595 } 1596 1597 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb)) 1598 goto csum_err; 1599 1600 if (sk->sk_state == TCP_LISTEN) { 1601 struct sock *nsk = tcp_v6_hnd_req(sk, skb); 1602 if (!nsk) 1603 goto discard; 1604 1605 /* 1606 * Queue it on the new socket if the new socket is active, 1607 * otherwise we just shortcircuit this and continue with 1608 * the new socket.. 1609 */ 1610 if(nsk != sk) { 1611 if (tcp_child_process(sk, nsk, skb)) 1612 goto reset; 1613 if (opt_skb) 1614 __kfree_skb(opt_skb); 1615 return 0; 1616 } 1617 } 1618 1619 TCP_CHECK_TIMER(sk); 1620 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) 1621 goto reset; 1622 TCP_CHECK_TIMER(sk); 1623 if (opt_skb) 1624 goto ipv6_pktoptions; 1625 return 0; 1626 1627 reset: 1628 tcp_v6_send_reset(sk, skb); 1629 discard: 1630 if (opt_skb) 1631 __kfree_skb(opt_skb); 1632 kfree_skb(skb); 1633 return 0; 1634 csum_err: 1635 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS); 1636 goto discard; 1637 1638 1639 ipv6_pktoptions: 1640 /* Do you ask, what is it? 1641 1642 1. skb was enqueued by tcp. 1643 2. skb is added to tail of read queue, rather than out of order. 1644 3. socket is not in passive state. 1645 4. Finally, it really contains options, which user wants to receive. 1646 */ 1647 tp = tcp_sk(sk); 1648 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt && 1649 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) { 1650 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo) 1651 np->mcast_oif = inet6_iif(opt_skb); 1652 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) 1653 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit; 1654 if (ipv6_opt_accepted(sk, opt_skb)) { 1655 skb_set_owner_r(opt_skb, sk); 1656 opt_skb = xchg(&np->pktoptions, opt_skb); 1657 } else { 1658 __kfree_skb(opt_skb); 1659 opt_skb = xchg(&np->pktoptions, NULL); 1660 } 1661 } 1662 1663 kfree_skb(opt_skb); 1664 return 0; 1665 } 1666 1667 static int tcp_v6_rcv(struct sk_buff *skb) 1668 { 1669 struct tcphdr *th; 1670 struct sock *sk; 1671 int ret; 1672 struct net *net = dev_net(skb->dev); 1673 1674 if (skb->pkt_type != PACKET_HOST) 1675 goto discard_it; 1676 1677 /* 1678 * Count it even if it's bad. 1679 */ 1680 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS); 1681 1682 if (!pskb_may_pull(skb, sizeof(struct tcphdr))) 1683 goto discard_it; 1684 1685 th = tcp_hdr(skb); 1686 1687 if (th->doff < sizeof(struct tcphdr)/4) 1688 goto bad_packet; 1689 if (!pskb_may_pull(skb, th->doff*4)) 1690 goto discard_it; 1691 1692 if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb)) 1693 goto bad_packet; 1694 1695 th = tcp_hdr(skb); 1696 TCP_SKB_CB(skb)->seq = ntohl(th->seq); 1697 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin + 1698 skb->len - th->doff*4); 1699 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq); 1700 TCP_SKB_CB(skb)->when = 0; 1701 TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb)); 1702 TCP_SKB_CB(skb)->sacked = 0; 1703 1704 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); 1705 if (!sk) 1706 goto no_tcp_socket; 1707 1708 process: 1709 if (sk->sk_state == TCP_TIME_WAIT) 1710 goto do_time_wait; 1711 1712 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) 1713 goto discard_and_relse; 1714 1715 if (sk_filter(sk, skb)) 1716 goto discard_and_relse; 1717 1718 skb->dev = NULL; 1719 1720 bh_lock_sock_nested(sk); 1721 ret = 0; 1722 if (!sock_owned_by_user(sk)) { 1723 #ifdef CONFIG_NET_DMA 1724 struct tcp_sock *tp = tcp_sk(sk); 1725 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list) 1726 tp->ucopy.dma_chan = dma_find_channel(DMA_MEMCPY); 1727 if (tp->ucopy.dma_chan) 1728 ret = tcp_v6_do_rcv(sk, skb); 1729 else 1730 #endif 1731 { 1732 if (!tcp_prequeue(sk, skb)) 1733 ret = tcp_v6_do_rcv(sk, skb); 1734 } 1735 } else 1736 sk_add_backlog(sk, skb); 1737 bh_unlock_sock(sk); 1738 1739 sock_put(sk); 1740 return ret ? -1 : 0; 1741 1742 no_tcp_socket: 1743 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 1744 goto discard_it; 1745 1746 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1747 bad_packet: 1748 TCP_INC_STATS_BH(net, TCP_MIB_INERRS); 1749 } else { 1750 tcp_v6_send_reset(NULL, skb); 1751 } 1752 1753 discard_it: 1754 1755 /* 1756 * Discard frame 1757 */ 1758 1759 kfree_skb(skb); 1760 return 0; 1761 1762 discard_and_relse: 1763 sock_put(sk); 1764 goto discard_it; 1765 1766 do_time_wait: 1767 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 1768 inet_twsk_put(inet_twsk(sk)); 1769 goto discard_it; 1770 } 1771 1772 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1773 TCP_INC_STATS_BH(net, TCP_MIB_INERRS); 1774 inet_twsk_put(inet_twsk(sk)); 1775 goto discard_it; 1776 } 1777 1778 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) { 1779 case TCP_TW_SYN: 1780 { 1781 struct sock *sk2; 1782 1783 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo, 1784 &ipv6_hdr(skb)->daddr, 1785 ntohs(th->dest), inet6_iif(skb)); 1786 if (sk2 != NULL) { 1787 struct inet_timewait_sock *tw = inet_twsk(sk); 1788 inet_twsk_deschedule(tw, &tcp_death_row); 1789 inet_twsk_put(tw); 1790 sk = sk2; 1791 goto process; 1792 } 1793 /* Fall through to ACK */ 1794 } 1795 case TCP_TW_ACK: 1796 tcp_v6_timewait_ack(sk, skb); 1797 break; 1798 case TCP_TW_RST: 1799 goto no_tcp_socket; 1800 case TCP_TW_SUCCESS:; 1801 } 1802 goto discard_it; 1803 } 1804 1805 static int tcp_v6_remember_stamp(struct sock *sk) 1806 { 1807 /* Alas, not yet... */ 1808 return 0; 1809 } 1810 1811 static const struct inet_connection_sock_af_ops ipv6_specific = { 1812 .queue_xmit = inet6_csk_xmit, 1813 .send_check = tcp_v6_send_check, 1814 .rebuild_header = inet6_sk_rebuild_header, 1815 .conn_request = tcp_v6_conn_request, 1816 .syn_recv_sock = tcp_v6_syn_recv_sock, 1817 .remember_stamp = tcp_v6_remember_stamp, 1818 .net_header_len = sizeof(struct ipv6hdr), 1819 .setsockopt = ipv6_setsockopt, 1820 .getsockopt = ipv6_getsockopt, 1821 .addr2sockaddr = inet6_csk_addr2sockaddr, 1822 .sockaddr_len = sizeof(struct sockaddr_in6), 1823 .bind_conflict = inet6_csk_bind_conflict, 1824 #ifdef CONFIG_COMPAT 1825 .compat_setsockopt = compat_ipv6_setsockopt, 1826 .compat_getsockopt = compat_ipv6_getsockopt, 1827 #endif 1828 }; 1829 1830 #ifdef CONFIG_TCP_MD5SIG 1831 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = { 1832 .md5_lookup = tcp_v6_md5_lookup, 1833 .calc_md5_hash = tcp_v6_md5_hash_skb, 1834 .md5_add = tcp_v6_md5_add_func, 1835 .md5_parse = tcp_v6_parse_md5_keys, 1836 }; 1837 #endif 1838 1839 /* 1840 * TCP over IPv4 via INET6 API 1841 */ 1842 1843 static const struct inet_connection_sock_af_ops ipv6_mapped = { 1844 .queue_xmit = ip_queue_xmit, 1845 .send_check = tcp_v4_send_check, 1846 .rebuild_header = inet_sk_rebuild_header, 1847 .conn_request = tcp_v6_conn_request, 1848 .syn_recv_sock = tcp_v6_syn_recv_sock, 1849 .remember_stamp = tcp_v4_remember_stamp, 1850 .net_header_len = sizeof(struct iphdr), 1851 .setsockopt = ipv6_setsockopt, 1852 .getsockopt = ipv6_getsockopt, 1853 .addr2sockaddr = inet6_csk_addr2sockaddr, 1854 .sockaddr_len = sizeof(struct sockaddr_in6), 1855 .bind_conflict = inet6_csk_bind_conflict, 1856 #ifdef CONFIG_COMPAT 1857 .compat_setsockopt = compat_ipv6_setsockopt, 1858 .compat_getsockopt = compat_ipv6_getsockopt, 1859 #endif 1860 }; 1861 1862 #ifdef CONFIG_TCP_MD5SIG 1863 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = { 1864 .md5_lookup = tcp_v4_md5_lookup, 1865 .calc_md5_hash = tcp_v4_md5_hash_skb, 1866 .md5_add = tcp_v6_md5_add_func, 1867 .md5_parse = tcp_v6_parse_md5_keys, 1868 }; 1869 #endif 1870 1871 /* NOTE: A lot of things set to zero explicitly by call to 1872 * sk_alloc() so need not be done here. 1873 */ 1874 static int tcp_v6_init_sock(struct sock *sk) 1875 { 1876 struct inet_connection_sock *icsk = inet_csk(sk); 1877 struct tcp_sock *tp = tcp_sk(sk); 1878 1879 skb_queue_head_init(&tp->out_of_order_queue); 1880 tcp_init_xmit_timers(sk); 1881 tcp_prequeue_init(tp); 1882 1883 icsk->icsk_rto = TCP_TIMEOUT_INIT; 1884 tp->mdev = TCP_TIMEOUT_INIT; 1885 1886 /* So many TCP implementations out there (incorrectly) count the 1887 * initial SYN frame in their delayed-ACK and congestion control 1888 * algorithms that we must have the following bandaid to talk 1889 * efficiently to them. -DaveM 1890 */ 1891 tp->snd_cwnd = 2; 1892 1893 /* See draft-stevens-tcpca-spec-01 for discussion of the 1894 * initialization of these values. 1895 */ 1896 tp->snd_ssthresh = TCP_INFINITE_SSTHRESH; 1897 tp->snd_cwnd_clamp = ~0; 1898 tp->mss_cache = TCP_MSS_DEFAULT; 1899 1900 tp->reordering = sysctl_tcp_reordering; 1901 1902 sk->sk_state = TCP_CLOSE; 1903 1904 icsk->icsk_af_ops = &ipv6_specific; 1905 icsk->icsk_ca_ops = &tcp_init_congestion_ops; 1906 icsk->icsk_sync_mss = tcp_sync_mss; 1907 sk->sk_write_space = sk_stream_write_space; 1908 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE); 1909 1910 #ifdef CONFIG_TCP_MD5SIG 1911 tp->af_specific = &tcp_sock_ipv6_specific; 1912 #endif 1913 1914 /* TCP Cookie Transactions */ 1915 if (sysctl_tcp_cookie_size > 0) { 1916 /* Default, cookies without s_data_payload. */ 1917 tp->cookie_values = 1918 kzalloc(sizeof(*tp->cookie_values), 1919 sk->sk_allocation); 1920 if (tp->cookie_values != NULL) 1921 kref_init(&tp->cookie_values->kref); 1922 } 1923 /* Presumed zeroed, in order of appearance: 1924 * cookie_in_always, cookie_out_never, 1925 * s_data_constant, s_data_in, s_data_out 1926 */ 1927 sk->sk_sndbuf = sysctl_tcp_wmem[1]; 1928 sk->sk_rcvbuf = sysctl_tcp_rmem[1]; 1929 1930 local_bh_disable(); 1931 percpu_counter_inc(&tcp_sockets_allocated); 1932 local_bh_enable(); 1933 1934 return 0; 1935 } 1936 1937 static void tcp_v6_destroy_sock(struct sock *sk) 1938 { 1939 #ifdef CONFIG_TCP_MD5SIG 1940 /* Clean up the MD5 key list */ 1941 if (tcp_sk(sk)->md5sig_info) 1942 tcp_v6_clear_md5_list(sk); 1943 #endif 1944 tcp_v4_destroy_sock(sk); 1945 inet6_destroy_sock(sk); 1946 } 1947 1948 #ifdef CONFIG_PROC_FS 1949 /* Proc filesystem TCPv6 sock list dumping. */ 1950 static void get_openreq6(struct seq_file *seq, 1951 struct sock *sk, struct request_sock *req, int i, int uid) 1952 { 1953 int ttd = req->expires - jiffies; 1954 struct in6_addr *src = &inet6_rsk(req)->loc_addr; 1955 struct in6_addr *dest = &inet6_rsk(req)->rmt_addr; 1956 1957 if (ttd < 0) 1958 ttd = 0; 1959 1960 seq_printf(seq, 1961 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1962 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n", 1963 i, 1964 src->s6_addr32[0], src->s6_addr32[1], 1965 src->s6_addr32[2], src->s6_addr32[3], 1966 ntohs(inet_rsk(req)->loc_port), 1967 dest->s6_addr32[0], dest->s6_addr32[1], 1968 dest->s6_addr32[2], dest->s6_addr32[3], 1969 ntohs(inet_rsk(req)->rmt_port), 1970 TCP_SYN_RECV, 1971 0,0, /* could print option size, but that is af dependent. */ 1972 1, /* timers active (only the expire timer) */ 1973 jiffies_to_clock_t(ttd), 1974 req->retrans, 1975 uid, 1976 0, /* non standard timer */ 1977 0, /* open_requests have no inode */ 1978 0, req); 1979 } 1980 1981 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) 1982 { 1983 struct in6_addr *dest, *src; 1984 __u16 destp, srcp; 1985 int timer_active; 1986 unsigned long timer_expires; 1987 struct inet_sock *inet = inet_sk(sp); 1988 struct tcp_sock *tp = tcp_sk(sp); 1989 const struct inet_connection_sock *icsk = inet_csk(sp); 1990 struct ipv6_pinfo *np = inet6_sk(sp); 1991 1992 dest = &np->daddr; 1993 src = &np->rcv_saddr; 1994 destp = ntohs(inet->inet_dport); 1995 srcp = ntohs(inet->inet_sport); 1996 1997 if (icsk->icsk_pending == ICSK_TIME_RETRANS) { 1998 timer_active = 1; 1999 timer_expires = icsk->icsk_timeout; 2000 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) { 2001 timer_active = 4; 2002 timer_expires = icsk->icsk_timeout; 2003 } else if (timer_pending(&sp->sk_timer)) { 2004 timer_active = 2; 2005 timer_expires = sp->sk_timer.expires; 2006 } else { 2007 timer_active = 0; 2008 timer_expires = jiffies; 2009 } 2010 2011 seq_printf(seq, 2012 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 2013 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %lu %lu %u %u %d\n", 2014 i, 2015 src->s6_addr32[0], src->s6_addr32[1], 2016 src->s6_addr32[2], src->s6_addr32[3], srcp, 2017 dest->s6_addr32[0], dest->s6_addr32[1], 2018 dest->s6_addr32[2], dest->s6_addr32[3], destp, 2019 sp->sk_state, 2020 tp->write_seq-tp->snd_una, 2021 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq), 2022 timer_active, 2023 jiffies_to_clock_t(timer_expires - jiffies), 2024 icsk->icsk_retransmits, 2025 sock_i_uid(sp), 2026 icsk->icsk_probes_out, 2027 sock_i_ino(sp), 2028 atomic_read(&sp->sk_refcnt), sp, 2029 jiffies_to_clock_t(icsk->icsk_rto), 2030 jiffies_to_clock_t(icsk->icsk_ack.ato), 2031 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong, 2032 tp->snd_cwnd, 2033 tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh 2034 ); 2035 } 2036 2037 static void get_timewait6_sock(struct seq_file *seq, 2038 struct inet_timewait_sock *tw, int i) 2039 { 2040 struct in6_addr *dest, *src; 2041 __u16 destp, srcp; 2042 struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw); 2043 int ttd = tw->tw_ttd - jiffies; 2044 2045 if (ttd < 0) 2046 ttd = 0; 2047 2048 dest = &tw6->tw_v6_daddr; 2049 src = &tw6->tw_v6_rcv_saddr; 2050 destp = ntohs(tw->tw_dport); 2051 srcp = ntohs(tw->tw_sport); 2052 2053 seq_printf(seq, 2054 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 2055 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n", 2056 i, 2057 src->s6_addr32[0], src->s6_addr32[1], 2058 src->s6_addr32[2], src->s6_addr32[3], srcp, 2059 dest->s6_addr32[0], dest->s6_addr32[1], 2060 dest->s6_addr32[2], dest->s6_addr32[3], destp, 2061 tw->tw_substate, 0, 0, 2062 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0, 2063 atomic_read(&tw->tw_refcnt), tw); 2064 } 2065 2066 static int tcp6_seq_show(struct seq_file *seq, void *v) 2067 { 2068 struct tcp_iter_state *st; 2069 2070 if (v == SEQ_START_TOKEN) { 2071 seq_puts(seq, 2072 " sl " 2073 "local_address " 2074 "remote_address " 2075 "st tx_queue rx_queue tr tm->when retrnsmt" 2076 " uid timeout inode\n"); 2077 goto out; 2078 } 2079 st = seq->private; 2080 2081 switch (st->state) { 2082 case TCP_SEQ_STATE_LISTENING: 2083 case TCP_SEQ_STATE_ESTABLISHED: 2084 get_tcp6_sock(seq, v, st->num); 2085 break; 2086 case TCP_SEQ_STATE_OPENREQ: 2087 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid); 2088 break; 2089 case TCP_SEQ_STATE_TIME_WAIT: 2090 get_timewait6_sock(seq, v, st->num); 2091 break; 2092 } 2093 out: 2094 return 0; 2095 } 2096 2097 static struct tcp_seq_afinfo tcp6_seq_afinfo = { 2098 .name = "tcp6", 2099 .family = AF_INET6, 2100 .seq_fops = { 2101 .owner = THIS_MODULE, 2102 }, 2103 .seq_ops = { 2104 .show = tcp6_seq_show, 2105 }, 2106 }; 2107 2108 int tcp6_proc_init(struct net *net) 2109 { 2110 return tcp_proc_register(net, &tcp6_seq_afinfo); 2111 } 2112 2113 void tcp6_proc_exit(struct net *net) 2114 { 2115 tcp_proc_unregister(net, &tcp6_seq_afinfo); 2116 } 2117 #endif 2118 2119 struct proto tcpv6_prot = { 2120 .name = "TCPv6", 2121 .owner = THIS_MODULE, 2122 .close = tcp_close, 2123 .connect = tcp_v6_connect, 2124 .disconnect = tcp_disconnect, 2125 .accept = inet_csk_accept, 2126 .ioctl = tcp_ioctl, 2127 .init = tcp_v6_init_sock, 2128 .destroy = tcp_v6_destroy_sock, 2129 .shutdown = tcp_shutdown, 2130 .setsockopt = tcp_setsockopt, 2131 .getsockopt = tcp_getsockopt, 2132 .recvmsg = tcp_recvmsg, 2133 .backlog_rcv = tcp_v6_do_rcv, 2134 .hash = tcp_v6_hash, 2135 .unhash = inet_unhash, 2136 .get_port = inet_csk_get_port, 2137 .enter_memory_pressure = tcp_enter_memory_pressure, 2138 .sockets_allocated = &tcp_sockets_allocated, 2139 .memory_allocated = &tcp_memory_allocated, 2140 .memory_pressure = &tcp_memory_pressure, 2141 .orphan_count = &tcp_orphan_count, 2142 .sysctl_mem = sysctl_tcp_mem, 2143 .sysctl_wmem = sysctl_tcp_wmem, 2144 .sysctl_rmem = sysctl_tcp_rmem, 2145 .max_header = MAX_TCP_HEADER, 2146 .obj_size = sizeof(struct tcp6_sock), 2147 .slab_flags = SLAB_DESTROY_BY_RCU, 2148 .twsk_prot = &tcp6_timewait_sock_ops, 2149 .rsk_prot = &tcp6_request_sock_ops, 2150 .h.hashinfo = &tcp_hashinfo, 2151 #ifdef CONFIG_COMPAT 2152 .compat_setsockopt = compat_tcp_setsockopt, 2153 .compat_getsockopt = compat_tcp_getsockopt, 2154 #endif 2155 }; 2156 2157 static const struct inet6_protocol tcpv6_protocol = { 2158 .handler = tcp_v6_rcv, 2159 .err_handler = tcp_v6_err, 2160 .gso_send_check = tcp_v6_gso_send_check, 2161 .gso_segment = tcp_tso_segment, 2162 .gro_receive = tcp6_gro_receive, 2163 .gro_complete = tcp6_gro_complete, 2164 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 2165 }; 2166 2167 static struct inet_protosw tcpv6_protosw = { 2168 .type = SOCK_STREAM, 2169 .protocol = IPPROTO_TCP, 2170 .prot = &tcpv6_prot, 2171 .ops = &inet6_stream_ops, 2172 .no_check = 0, 2173 .flags = INET_PROTOSW_PERMANENT | 2174 INET_PROTOSW_ICSK, 2175 }; 2176 2177 static int tcpv6_net_init(struct net *net) 2178 { 2179 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6, 2180 SOCK_RAW, IPPROTO_TCP, net); 2181 } 2182 2183 static void tcpv6_net_exit(struct net *net) 2184 { 2185 inet_ctl_sock_destroy(net->ipv6.tcp_sk); 2186 } 2187 2188 static void tcpv6_net_exit_batch(struct list_head *net_exit_list) 2189 { 2190 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET6); 2191 } 2192 2193 static struct pernet_operations tcpv6_net_ops = { 2194 .init = tcpv6_net_init, 2195 .exit = tcpv6_net_exit, 2196 .exit_batch = tcpv6_net_exit_batch, 2197 }; 2198 2199 int __init tcpv6_init(void) 2200 { 2201 int ret; 2202 2203 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP); 2204 if (ret) 2205 goto out; 2206 2207 /* register inet6 protocol */ 2208 ret = inet6_register_protosw(&tcpv6_protosw); 2209 if (ret) 2210 goto out_tcpv6_protocol; 2211 2212 ret = register_pernet_subsys(&tcpv6_net_ops); 2213 if (ret) 2214 goto out_tcpv6_protosw; 2215 out: 2216 return ret; 2217 2218 out_tcpv6_protocol: 2219 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2220 out_tcpv6_protosw: 2221 inet6_unregister_protosw(&tcpv6_protosw); 2222 goto out; 2223 } 2224 2225 void tcpv6_exit(void) 2226 { 2227 unregister_pernet_subsys(&tcpv6_net_ops); 2228 inet6_unregister_protosw(&tcpv6_protosw); 2229 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2230 } 2231