1 /* 2 * TCP over IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * $Id: tcp_ipv6.c,v 1.144 2002/02/01 22:01:04 davem Exp $ 9 * 10 * Based on: 11 * linux/net/ipv4/tcp.c 12 * linux/net/ipv4/tcp_input.c 13 * linux/net/ipv4/tcp_output.c 14 * 15 * Fixes: 16 * Hideaki YOSHIFUJI : sin6_scope_id support 17 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which 18 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind 19 * a single port at the same time. 20 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file. 21 * 22 * This program is free software; you can redistribute it and/or 23 * modify it under the terms of the GNU General Public License 24 * as published by the Free Software Foundation; either version 25 * 2 of the License, or (at your option) any later version. 26 */ 27 28 #include <linux/module.h> 29 #include <linux/errno.h> 30 #include <linux/types.h> 31 #include <linux/socket.h> 32 #include <linux/sockios.h> 33 #include <linux/net.h> 34 #include <linux/jiffies.h> 35 #include <linux/in.h> 36 #include <linux/in6.h> 37 #include <linux/netdevice.h> 38 #include <linux/init.h> 39 #include <linux/jhash.h> 40 #include <linux/ipsec.h> 41 #include <linux/times.h> 42 43 #include <linux/ipv6.h> 44 #include <linux/icmpv6.h> 45 #include <linux/random.h> 46 47 #include <net/tcp.h> 48 #include <net/ndisc.h> 49 #include <net/inet6_hashtables.h> 50 #include <net/inet6_connection_sock.h> 51 #include <net/ipv6.h> 52 #include <net/transp_v6.h> 53 #include <net/addrconf.h> 54 #include <net/ip6_route.h> 55 #include <net/ip6_checksum.h> 56 #include <net/inet_ecn.h> 57 #include <net/protocol.h> 58 #include <net/xfrm.h> 59 #include <net/snmp.h> 60 #include <net/dsfield.h> 61 #include <net/timewait_sock.h> 62 #include <net/netdma.h> 63 #include <net/inet_common.h> 64 65 #include <asm/uaccess.h> 66 67 #include <linux/proc_fs.h> 68 #include <linux/seq_file.h> 69 70 #include <linux/crypto.h> 71 #include <linux/scatterlist.h> 72 73 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb); 74 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req); 75 static void tcp_v6_send_check(struct sock *sk, int len, 76 struct sk_buff *skb); 77 78 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb); 79 80 static struct inet_connection_sock_af_ops ipv6_mapped; 81 static struct inet_connection_sock_af_ops ipv6_specific; 82 #ifdef CONFIG_TCP_MD5SIG 83 static struct tcp_sock_af_ops tcp_sock_ipv6_specific; 84 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific; 85 #endif 86 87 static void tcp_v6_hash(struct sock *sk) 88 { 89 if (sk->sk_state != TCP_CLOSE) { 90 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) { 91 tcp_prot.hash(sk); 92 return; 93 } 94 local_bh_disable(); 95 __inet6_hash(sk); 96 local_bh_enable(); 97 } 98 } 99 100 static __inline__ __sum16 tcp_v6_check(struct tcphdr *th, int len, 101 struct in6_addr *saddr, 102 struct in6_addr *daddr, 103 __wsum base) 104 { 105 return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base); 106 } 107 108 static __u32 tcp_v6_init_sequence(struct sk_buff *skb) 109 { 110 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32, 111 ipv6_hdr(skb)->saddr.s6_addr32, 112 tcp_hdr(skb)->dest, 113 tcp_hdr(skb)->source); 114 } 115 116 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 117 int addr_len) 118 { 119 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; 120 struct inet_sock *inet = inet_sk(sk); 121 struct inet_connection_sock *icsk = inet_csk(sk); 122 struct ipv6_pinfo *np = inet6_sk(sk); 123 struct tcp_sock *tp = tcp_sk(sk); 124 struct in6_addr *saddr = NULL, *final_p = NULL, final; 125 struct flowi fl; 126 struct dst_entry *dst; 127 int addr_type; 128 int err; 129 130 if (addr_len < SIN6_LEN_RFC2133) 131 return -EINVAL; 132 133 if (usin->sin6_family != AF_INET6) 134 return(-EAFNOSUPPORT); 135 136 memset(&fl, 0, sizeof(fl)); 137 138 if (np->sndflow) { 139 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK; 140 IP6_ECN_flow_init(fl.fl6_flowlabel); 141 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) { 142 struct ip6_flowlabel *flowlabel; 143 flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel); 144 if (flowlabel == NULL) 145 return -EINVAL; 146 ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst); 147 fl6_sock_release(flowlabel); 148 } 149 } 150 151 /* 152 * connect() to INADDR_ANY means loopback (BSD'ism). 153 */ 154 155 if(ipv6_addr_any(&usin->sin6_addr)) 156 usin->sin6_addr.s6_addr[15] = 0x1; 157 158 addr_type = ipv6_addr_type(&usin->sin6_addr); 159 160 if(addr_type & IPV6_ADDR_MULTICAST) 161 return -ENETUNREACH; 162 163 if (addr_type&IPV6_ADDR_LINKLOCAL) { 164 if (addr_len >= sizeof(struct sockaddr_in6) && 165 usin->sin6_scope_id) { 166 /* If interface is set while binding, indices 167 * must coincide. 168 */ 169 if (sk->sk_bound_dev_if && 170 sk->sk_bound_dev_if != usin->sin6_scope_id) 171 return -EINVAL; 172 173 sk->sk_bound_dev_if = usin->sin6_scope_id; 174 } 175 176 /* Connect to link-local address requires an interface */ 177 if (!sk->sk_bound_dev_if) 178 return -EINVAL; 179 } 180 181 if (tp->rx_opt.ts_recent_stamp && 182 !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) { 183 tp->rx_opt.ts_recent = 0; 184 tp->rx_opt.ts_recent_stamp = 0; 185 tp->write_seq = 0; 186 } 187 188 ipv6_addr_copy(&np->daddr, &usin->sin6_addr); 189 np->flow_label = fl.fl6_flowlabel; 190 191 /* 192 * TCP over IPv4 193 */ 194 195 if (addr_type == IPV6_ADDR_MAPPED) { 196 u32 exthdrlen = icsk->icsk_ext_hdr_len; 197 struct sockaddr_in sin; 198 199 SOCK_DEBUG(sk, "connect: ipv4 mapped\n"); 200 201 if (__ipv6_only_sock(sk)) 202 return -ENETUNREACH; 203 204 sin.sin_family = AF_INET; 205 sin.sin_port = usin->sin6_port; 206 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3]; 207 208 icsk->icsk_af_ops = &ipv6_mapped; 209 sk->sk_backlog_rcv = tcp_v4_do_rcv; 210 #ifdef CONFIG_TCP_MD5SIG 211 tp->af_specific = &tcp_sock_ipv6_mapped_specific; 212 #endif 213 214 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin)); 215 216 if (err) { 217 icsk->icsk_ext_hdr_len = exthdrlen; 218 icsk->icsk_af_ops = &ipv6_specific; 219 sk->sk_backlog_rcv = tcp_v6_do_rcv; 220 #ifdef CONFIG_TCP_MD5SIG 221 tp->af_specific = &tcp_sock_ipv6_specific; 222 #endif 223 goto failure; 224 } else { 225 ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF), 226 inet->saddr); 227 ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF), 228 inet->rcv_saddr); 229 } 230 231 return err; 232 } 233 234 if (!ipv6_addr_any(&np->rcv_saddr)) 235 saddr = &np->rcv_saddr; 236 237 fl.proto = IPPROTO_TCP; 238 ipv6_addr_copy(&fl.fl6_dst, &np->daddr); 239 ipv6_addr_copy(&fl.fl6_src, 240 (saddr ? saddr : &np->saddr)); 241 fl.oif = sk->sk_bound_dev_if; 242 fl.fl_ip_dport = usin->sin6_port; 243 fl.fl_ip_sport = inet->sport; 244 245 if (np->opt && np->opt->srcrt) { 246 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt; 247 ipv6_addr_copy(&final, &fl.fl6_dst); 248 ipv6_addr_copy(&fl.fl6_dst, rt0->addr); 249 final_p = &final; 250 } 251 252 security_sk_classify_flow(sk, &fl); 253 254 err = ip6_dst_lookup(sk, &dst, &fl); 255 if (err) 256 goto failure; 257 if (final_p) 258 ipv6_addr_copy(&fl.fl6_dst, final_p); 259 260 if ((err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT)) < 0) { 261 if (err == -EREMOTE) 262 err = ip6_dst_blackhole(sk, &dst, &fl); 263 if (err < 0) 264 goto failure; 265 } 266 267 if (saddr == NULL) { 268 saddr = &fl.fl6_src; 269 ipv6_addr_copy(&np->rcv_saddr, saddr); 270 } 271 272 /* set the source address */ 273 ipv6_addr_copy(&np->saddr, saddr); 274 inet->rcv_saddr = LOOPBACK4_IPV6; 275 276 sk->sk_gso_type = SKB_GSO_TCPV6; 277 __ip6_dst_store(sk, dst, NULL, NULL); 278 279 icsk->icsk_ext_hdr_len = 0; 280 if (np->opt) 281 icsk->icsk_ext_hdr_len = (np->opt->opt_flen + 282 np->opt->opt_nflen); 283 284 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 285 286 inet->dport = usin->sin6_port; 287 288 tcp_set_state(sk, TCP_SYN_SENT); 289 err = inet6_hash_connect(&tcp_death_row, sk); 290 if (err) 291 goto late_failure; 292 293 if (!tp->write_seq) 294 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32, 295 np->daddr.s6_addr32, 296 inet->sport, 297 inet->dport); 298 299 err = tcp_connect(sk); 300 if (err) 301 goto late_failure; 302 303 return 0; 304 305 late_failure: 306 tcp_set_state(sk, TCP_CLOSE); 307 __sk_dst_reset(sk); 308 failure: 309 inet->dport = 0; 310 sk->sk_route_caps = 0; 311 return err; 312 } 313 314 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 315 int type, int code, int offset, __be32 info) 316 { 317 struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data; 318 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset); 319 struct ipv6_pinfo *np; 320 struct sock *sk; 321 int err; 322 struct tcp_sock *tp; 323 __u32 seq; 324 325 sk = inet6_lookup(dev_net(skb->dev), &tcp_hashinfo, &hdr->daddr, 326 th->dest, &hdr->saddr, th->source, skb->dev->ifindex); 327 328 if (sk == NULL) { 329 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS); 330 return; 331 } 332 333 if (sk->sk_state == TCP_TIME_WAIT) { 334 inet_twsk_put(inet_twsk(sk)); 335 return; 336 } 337 338 bh_lock_sock(sk); 339 if (sock_owned_by_user(sk)) 340 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS); 341 342 if (sk->sk_state == TCP_CLOSE) 343 goto out; 344 345 tp = tcp_sk(sk); 346 seq = ntohl(th->seq); 347 if (sk->sk_state != TCP_LISTEN && 348 !between(seq, tp->snd_una, tp->snd_nxt)) { 349 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS); 350 goto out; 351 } 352 353 np = inet6_sk(sk); 354 355 if (type == ICMPV6_PKT_TOOBIG) { 356 struct dst_entry *dst = NULL; 357 358 if (sock_owned_by_user(sk)) 359 goto out; 360 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) 361 goto out; 362 363 /* icmp should have updated the destination cache entry */ 364 dst = __sk_dst_check(sk, np->dst_cookie); 365 366 if (dst == NULL) { 367 struct inet_sock *inet = inet_sk(sk); 368 struct flowi fl; 369 370 /* BUGGG_FUTURE: Again, it is not clear how 371 to handle rthdr case. Ignore this complexity 372 for now. 373 */ 374 memset(&fl, 0, sizeof(fl)); 375 fl.proto = IPPROTO_TCP; 376 ipv6_addr_copy(&fl.fl6_dst, &np->daddr); 377 ipv6_addr_copy(&fl.fl6_src, &np->saddr); 378 fl.oif = sk->sk_bound_dev_if; 379 fl.fl_ip_dport = inet->dport; 380 fl.fl_ip_sport = inet->sport; 381 security_skb_classify_flow(skb, &fl); 382 383 if ((err = ip6_dst_lookup(sk, &dst, &fl))) { 384 sk->sk_err_soft = -err; 385 goto out; 386 } 387 388 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) { 389 sk->sk_err_soft = -err; 390 goto out; 391 } 392 393 } else 394 dst_hold(dst); 395 396 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) { 397 tcp_sync_mss(sk, dst_mtu(dst)); 398 tcp_simple_retransmit(sk); 399 } /* else let the usual retransmit timer handle it */ 400 dst_release(dst); 401 goto out; 402 } 403 404 icmpv6_err_convert(type, code, &err); 405 406 /* Might be for an request_sock */ 407 switch (sk->sk_state) { 408 struct request_sock *req, **prev; 409 case TCP_LISTEN: 410 if (sock_owned_by_user(sk)) 411 goto out; 412 413 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr, 414 &hdr->saddr, inet6_iif(skb)); 415 if (!req) 416 goto out; 417 418 /* ICMPs are not backlogged, hence we cannot get 419 * an established socket here. 420 */ 421 BUG_TRAP(req->sk == NULL); 422 423 if (seq != tcp_rsk(req)->snt_isn) { 424 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS); 425 goto out; 426 } 427 428 inet_csk_reqsk_queue_drop(sk, req, prev); 429 goto out; 430 431 case TCP_SYN_SENT: 432 case TCP_SYN_RECV: /* Cannot happen. 433 It can, it SYNs are crossed. --ANK */ 434 if (!sock_owned_by_user(sk)) { 435 sk->sk_err = err; 436 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */ 437 438 tcp_done(sk); 439 } else 440 sk->sk_err_soft = err; 441 goto out; 442 } 443 444 if (!sock_owned_by_user(sk) && np->recverr) { 445 sk->sk_err = err; 446 sk->sk_error_report(sk); 447 } else 448 sk->sk_err_soft = err; 449 450 out: 451 bh_unlock_sock(sk); 452 sock_put(sk); 453 } 454 455 456 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req) 457 { 458 struct inet6_request_sock *treq = inet6_rsk(req); 459 struct ipv6_pinfo *np = inet6_sk(sk); 460 struct sk_buff * skb; 461 struct ipv6_txoptions *opt = NULL; 462 struct in6_addr * final_p = NULL, final; 463 struct flowi fl; 464 struct dst_entry *dst; 465 int err = -1; 466 467 memset(&fl, 0, sizeof(fl)); 468 fl.proto = IPPROTO_TCP; 469 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr); 470 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr); 471 fl.fl6_flowlabel = 0; 472 fl.oif = treq->iif; 473 fl.fl_ip_dport = inet_rsk(req)->rmt_port; 474 fl.fl_ip_sport = inet_sk(sk)->sport; 475 security_req_classify_flow(req, &fl); 476 477 opt = np->opt; 478 if (opt && opt->srcrt) { 479 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt; 480 ipv6_addr_copy(&final, &fl.fl6_dst); 481 ipv6_addr_copy(&fl.fl6_dst, rt0->addr); 482 final_p = &final; 483 } 484 485 err = ip6_dst_lookup(sk, &dst, &fl); 486 if (err) 487 goto done; 488 if (final_p) 489 ipv6_addr_copy(&fl.fl6_dst, final_p); 490 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) 491 goto done; 492 493 skb = tcp_make_synack(sk, dst, req); 494 if (skb) { 495 struct tcphdr *th = tcp_hdr(skb); 496 497 th->check = tcp_v6_check(th, skb->len, 498 &treq->loc_addr, &treq->rmt_addr, 499 csum_partial((char *)th, skb->len, skb->csum)); 500 501 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr); 502 err = ip6_xmit(sk, skb, &fl, opt, 0); 503 err = net_xmit_eval(err); 504 } 505 506 done: 507 if (opt && opt != np->opt) 508 sock_kfree_s(sk, opt, opt->tot_len); 509 dst_release(dst); 510 return err; 511 } 512 513 static inline void syn_flood_warning(struct sk_buff *skb) 514 { 515 #ifdef CONFIG_SYN_COOKIES 516 if (sysctl_tcp_syncookies) 517 printk(KERN_INFO 518 "TCPv6: Possible SYN flooding on port %d. " 519 "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest)); 520 else 521 #endif 522 printk(KERN_INFO 523 "TCPv6: Possible SYN flooding on port %d. " 524 "Dropping request.\n", ntohs(tcp_hdr(skb)->dest)); 525 } 526 527 static void tcp_v6_reqsk_destructor(struct request_sock *req) 528 { 529 if (inet6_rsk(req)->pktopts) 530 kfree_skb(inet6_rsk(req)->pktopts); 531 } 532 533 #ifdef CONFIG_TCP_MD5SIG 534 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, 535 struct in6_addr *addr) 536 { 537 struct tcp_sock *tp = tcp_sk(sk); 538 int i; 539 540 BUG_ON(tp == NULL); 541 542 if (!tp->md5sig_info || !tp->md5sig_info->entries6) 543 return NULL; 544 545 for (i = 0; i < tp->md5sig_info->entries6; i++) { 546 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr)) 547 return &tp->md5sig_info->keys6[i].base; 548 } 549 return NULL; 550 } 551 552 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk, 553 struct sock *addr_sk) 554 { 555 return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr); 556 } 557 558 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk, 559 struct request_sock *req) 560 { 561 return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr); 562 } 563 564 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer, 565 char *newkey, u8 newkeylen) 566 { 567 /* Add key to the list */ 568 struct tcp_md5sig_key *key; 569 struct tcp_sock *tp = tcp_sk(sk); 570 struct tcp6_md5sig_key *keys; 571 572 key = tcp_v6_md5_do_lookup(sk, peer); 573 if (key) { 574 /* modify existing entry - just update that one */ 575 kfree(key->key); 576 key->key = newkey; 577 key->keylen = newkeylen; 578 } else { 579 /* reallocate new list if current one is full. */ 580 if (!tp->md5sig_info) { 581 tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC); 582 if (!tp->md5sig_info) { 583 kfree(newkey); 584 return -ENOMEM; 585 } 586 sk->sk_route_caps &= ~NETIF_F_GSO_MASK; 587 } 588 if (tcp_alloc_md5sig_pool() == NULL) { 589 kfree(newkey); 590 return -ENOMEM; 591 } 592 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) { 593 keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) * 594 (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC); 595 596 if (!keys) { 597 tcp_free_md5sig_pool(); 598 kfree(newkey); 599 return -ENOMEM; 600 } 601 602 if (tp->md5sig_info->entries6) 603 memmove(keys, tp->md5sig_info->keys6, 604 (sizeof (tp->md5sig_info->keys6[0]) * 605 tp->md5sig_info->entries6)); 606 607 kfree(tp->md5sig_info->keys6); 608 tp->md5sig_info->keys6 = keys; 609 tp->md5sig_info->alloced6++; 610 } 611 612 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr, 613 peer); 614 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey; 615 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen; 616 617 tp->md5sig_info->entries6++; 618 } 619 return 0; 620 } 621 622 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk, 623 u8 *newkey, __u8 newkeylen) 624 { 625 return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr, 626 newkey, newkeylen); 627 } 628 629 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer) 630 { 631 struct tcp_sock *tp = tcp_sk(sk); 632 int i; 633 634 for (i = 0; i < tp->md5sig_info->entries6; i++) { 635 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) { 636 /* Free the key */ 637 kfree(tp->md5sig_info->keys6[i].base.key); 638 tp->md5sig_info->entries6--; 639 640 if (tp->md5sig_info->entries6 == 0) { 641 kfree(tp->md5sig_info->keys6); 642 tp->md5sig_info->keys6 = NULL; 643 tp->md5sig_info->alloced6 = 0; 644 } else { 645 /* shrink the database */ 646 if (tp->md5sig_info->entries6 != i) 647 memmove(&tp->md5sig_info->keys6[i], 648 &tp->md5sig_info->keys6[i+1], 649 (tp->md5sig_info->entries6 - i) 650 * sizeof (tp->md5sig_info->keys6[0])); 651 } 652 tcp_free_md5sig_pool(); 653 return 0; 654 } 655 } 656 return -ENOENT; 657 } 658 659 static void tcp_v6_clear_md5_list (struct sock *sk) 660 { 661 struct tcp_sock *tp = tcp_sk(sk); 662 int i; 663 664 if (tp->md5sig_info->entries6) { 665 for (i = 0; i < tp->md5sig_info->entries6; i++) 666 kfree(tp->md5sig_info->keys6[i].base.key); 667 tp->md5sig_info->entries6 = 0; 668 tcp_free_md5sig_pool(); 669 } 670 671 kfree(tp->md5sig_info->keys6); 672 tp->md5sig_info->keys6 = NULL; 673 tp->md5sig_info->alloced6 = 0; 674 675 if (tp->md5sig_info->entries4) { 676 for (i = 0; i < tp->md5sig_info->entries4; i++) 677 kfree(tp->md5sig_info->keys4[i].base.key); 678 tp->md5sig_info->entries4 = 0; 679 tcp_free_md5sig_pool(); 680 } 681 682 kfree(tp->md5sig_info->keys4); 683 tp->md5sig_info->keys4 = NULL; 684 tp->md5sig_info->alloced4 = 0; 685 } 686 687 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval, 688 int optlen) 689 { 690 struct tcp_md5sig cmd; 691 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr; 692 u8 *newkey; 693 694 if (optlen < sizeof(cmd)) 695 return -EINVAL; 696 697 if (copy_from_user(&cmd, optval, sizeof(cmd))) 698 return -EFAULT; 699 700 if (sin6->sin6_family != AF_INET6) 701 return -EINVAL; 702 703 if (!cmd.tcpm_keylen) { 704 if (!tcp_sk(sk)->md5sig_info) 705 return -ENOENT; 706 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) 707 return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]); 708 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr); 709 } 710 711 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN) 712 return -EINVAL; 713 714 if (!tcp_sk(sk)->md5sig_info) { 715 struct tcp_sock *tp = tcp_sk(sk); 716 struct tcp_md5sig_info *p; 717 718 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL); 719 if (!p) 720 return -ENOMEM; 721 722 tp->md5sig_info = p; 723 sk->sk_route_caps &= ~NETIF_F_GSO_MASK; 724 } 725 726 newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL); 727 if (!newkey) 728 return -ENOMEM; 729 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) { 730 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3], 731 newkey, cmd.tcpm_keylen); 732 } 733 return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen); 734 } 735 736 static int tcp_v6_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key, 737 struct in6_addr *saddr, 738 struct in6_addr *daddr, 739 struct tcphdr *th, int protocol, 740 unsigned int tcplen) 741 { 742 struct scatterlist sg[4]; 743 __u16 data_len; 744 int block = 0; 745 __sum16 cksum; 746 struct tcp_md5sig_pool *hp; 747 struct tcp6_pseudohdr *bp; 748 struct hash_desc *desc; 749 int err; 750 unsigned int nbytes = 0; 751 752 hp = tcp_get_md5sig_pool(); 753 if (!hp) { 754 printk(KERN_WARNING "%s(): hash pool not found...\n", __func__); 755 goto clear_hash_noput; 756 } 757 bp = &hp->md5_blk.ip6; 758 desc = &hp->md5_desc; 759 760 /* 1. TCP pseudo-header (RFC2460) */ 761 ipv6_addr_copy(&bp->saddr, saddr); 762 ipv6_addr_copy(&bp->daddr, daddr); 763 bp->len = htonl(tcplen); 764 bp->protocol = htonl(protocol); 765 766 sg_init_table(sg, 4); 767 768 sg_set_buf(&sg[block++], bp, sizeof(*bp)); 769 nbytes += sizeof(*bp); 770 771 /* 2. TCP header, excluding options */ 772 cksum = th->check; 773 th->check = 0; 774 sg_set_buf(&sg[block++], th, sizeof(*th)); 775 nbytes += sizeof(*th); 776 777 /* 3. TCP segment data (if any) */ 778 data_len = tcplen - (th->doff << 2); 779 if (data_len > 0) { 780 u8 *data = (u8 *)th + (th->doff << 2); 781 sg_set_buf(&sg[block++], data, data_len); 782 nbytes += data_len; 783 } 784 785 /* 4. shared key */ 786 sg_set_buf(&sg[block++], key->key, key->keylen); 787 nbytes += key->keylen; 788 789 sg_mark_end(&sg[block - 1]); 790 791 /* Now store the hash into the packet */ 792 err = crypto_hash_init(desc); 793 if (err) { 794 printk(KERN_WARNING "%s(): hash_init failed\n", __func__); 795 goto clear_hash; 796 } 797 err = crypto_hash_update(desc, sg, nbytes); 798 if (err) { 799 printk(KERN_WARNING "%s(): hash_update failed\n", __func__); 800 goto clear_hash; 801 } 802 err = crypto_hash_final(desc, md5_hash); 803 if (err) { 804 printk(KERN_WARNING "%s(): hash_final failed\n", __func__); 805 goto clear_hash; 806 } 807 808 /* Reset header, and free up the crypto */ 809 tcp_put_md5sig_pool(); 810 th->check = cksum; 811 out: 812 return 0; 813 clear_hash: 814 tcp_put_md5sig_pool(); 815 clear_hash_noput: 816 memset(md5_hash, 0, 16); 817 goto out; 818 } 819 820 static int tcp_v6_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key, 821 struct sock *sk, 822 struct dst_entry *dst, 823 struct request_sock *req, 824 struct tcphdr *th, int protocol, 825 unsigned int tcplen) 826 { 827 struct in6_addr *saddr, *daddr; 828 829 if (sk) { 830 saddr = &inet6_sk(sk)->saddr; 831 daddr = &inet6_sk(sk)->daddr; 832 } else { 833 saddr = &inet6_rsk(req)->loc_addr; 834 daddr = &inet6_rsk(req)->rmt_addr; 835 } 836 return tcp_v6_do_calc_md5_hash(md5_hash, key, 837 saddr, daddr, 838 th, protocol, tcplen); 839 } 840 841 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb) 842 { 843 __u8 *hash_location = NULL; 844 struct tcp_md5sig_key *hash_expected; 845 struct ipv6hdr *ip6h = ipv6_hdr(skb); 846 struct tcphdr *th = tcp_hdr(skb); 847 int length = (th->doff << 2) - sizeof (*th); 848 int genhash; 849 u8 *ptr; 850 u8 newhash[16]; 851 852 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr); 853 854 /* If the TCP option is too short, we can short cut */ 855 if (length < TCPOLEN_MD5SIG) 856 return hash_expected ? 1 : 0; 857 858 /* parse options */ 859 ptr = (u8*)(th + 1); 860 while (length > 0) { 861 int opcode = *ptr++; 862 int opsize; 863 864 switch(opcode) { 865 case TCPOPT_EOL: 866 goto done_opts; 867 case TCPOPT_NOP: 868 length--; 869 continue; 870 default: 871 opsize = *ptr++; 872 if (opsize < 2 || opsize > length) 873 goto done_opts; 874 if (opcode == TCPOPT_MD5SIG) { 875 hash_location = ptr; 876 goto done_opts; 877 } 878 } 879 ptr += opsize - 2; 880 length -= opsize; 881 } 882 883 done_opts: 884 /* do we have a hash as expected? */ 885 if (!hash_expected) { 886 if (!hash_location) 887 return 0; 888 if (net_ratelimit()) { 889 printk(KERN_INFO "MD5 Hash NOT expected but found " 890 "(" NIP6_FMT ", %u)->" 891 "(" NIP6_FMT ", %u)\n", 892 NIP6(ip6h->saddr), ntohs(th->source), 893 NIP6(ip6h->daddr), ntohs(th->dest)); 894 } 895 return 1; 896 } 897 898 if (!hash_location) { 899 if (net_ratelimit()) { 900 printk(KERN_INFO "MD5 Hash expected but NOT found " 901 "(" NIP6_FMT ", %u)->" 902 "(" NIP6_FMT ", %u)\n", 903 NIP6(ip6h->saddr), ntohs(th->source), 904 NIP6(ip6h->daddr), ntohs(th->dest)); 905 } 906 return 1; 907 } 908 909 /* check the signature */ 910 genhash = tcp_v6_do_calc_md5_hash(newhash, 911 hash_expected, 912 &ip6h->saddr, &ip6h->daddr, 913 th, sk->sk_protocol, 914 skb->len); 915 if (genhash || memcmp(hash_location, newhash, 16) != 0) { 916 if (net_ratelimit()) { 917 printk(KERN_INFO "MD5 Hash %s for " 918 "(" NIP6_FMT ", %u)->" 919 "(" NIP6_FMT ", %u)\n", 920 genhash ? "failed" : "mismatch", 921 NIP6(ip6h->saddr), ntohs(th->source), 922 NIP6(ip6h->daddr), ntohs(th->dest)); 923 } 924 return 1; 925 } 926 return 0; 927 } 928 #endif 929 930 struct request_sock_ops tcp6_request_sock_ops __read_mostly = { 931 .family = AF_INET6, 932 .obj_size = sizeof(struct tcp6_request_sock), 933 .rtx_syn_ack = tcp_v6_send_synack, 934 .send_ack = tcp_v6_reqsk_send_ack, 935 .destructor = tcp_v6_reqsk_destructor, 936 .send_reset = tcp_v6_send_reset 937 }; 938 939 #ifdef CONFIG_TCP_MD5SIG 940 static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = { 941 .md5_lookup = tcp_v6_reqsk_md5_lookup, 942 }; 943 #endif 944 945 static struct timewait_sock_ops tcp6_timewait_sock_ops = { 946 .twsk_obj_size = sizeof(struct tcp6_timewait_sock), 947 .twsk_unique = tcp_twsk_unique, 948 .twsk_destructor= tcp_twsk_destructor, 949 }; 950 951 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb) 952 { 953 struct ipv6_pinfo *np = inet6_sk(sk); 954 struct tcphdr *th = tcp_hdr(skb); 955 956 if (skb->ip_summed == CHECKSUM_PARTIAL) { 957 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP, 0); 958 skb->csum_start = skb_transport_header(skb) - skb->head; 959 skb->csum_offset = offsetof(struct tcphdr, check); 960 } else { 961 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP, 962 csum_partial((char *)th, th->doff<<2, 963 skb->csum)); 964 } 965 } 966 967 static int tcp_v6_gso_send_check(struct sk_buff *skb) 968 { 969 struct ipv6hdr *ipv6h; 970 struct tcphdr *th; 971 972 if (!pskb_may_pull(skb, sizeof(*th))) 973 return -EINVAL; 974 975 ipv6h = ipv6_hdr(skb); 976 th = tcp_hdr(skb); 977 978 th->check = 0; 979 th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len, 980 IPPROTO_TCP, 0); 981 skb->csum_start = skb_transport_header(skb) - skb->head; 982 skb->csum_offset = offsetof(struct tcphdr, check); 983 skb->ip_summed = CHECKSUM_PARTIAL; 984 return 0; 985 } 986 987 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb) 988 { 989 struct tcphdr *th = tcp_hdr(skb), *t1; 990 struct sk_buff *buff; 991 struct flowi fl; 992 struct net *net = dev_net(skb->dst->dev); 993 struct sock *ctl_sk = net->ipv6.tcp_sk; 994 unsigned int tot_len = sizeof(*th); 995 #ifdef CONFIG_TCP_MD5SIG 996 struct tcp_md5sig_key *key; 997 #endif 998 999 if (th->rst) 1000 return; 1001 1002 if (!ipv6_unicast_destination(skb)) 1003 return; 1004 1005 #ifdef CONFIG_TCP_MD5SIG 1006 if (sk) 1007 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr); 1008 else 1009 key = NULL; 1010 1011 if (key) 1012 tot_len += TCPOLEN_MD5SIG_ALIGNED; 1013 #endif 1014 1015 /* 1016 * We need to grab some memory, and put together an RST, 1017 * and then put it into the queue to be sent. 1018 */ 1019 1020 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len, 1021 GFP_ATOMIC); 1022 if (buff == NULL) 1023 return; 1024 1025 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len); 1026 1027 t1 = (struct tcphdr *) skb_push(buff, tot_len); 1028 1029 /* Swap the send and the receive. */ 1030 memset(t1, 0, sizeof(*t1)); 1031 t1->dest = th->source; 1032 t1->source = th->dest; 1033 t1->doff = tot_len / 4; 1034 t1->rst = 1; 1035 1036 if(th->ack) { 1037 t1->seq = th->ack_seq; 1038 } else { 1039 t1->ack = 1; 1040 t1->ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin 1041 + skb->len - (th->doff<<2)); 1042 } 1043 1044 #ifdef CONFIG_TCP_MD5SIG 1045 if (key) { 1046 __be32 *opt = (__be32*)(t1 + 1); 1047 opt[0] = htonl((TCPOPT_NOP << 24) | 1048 (TCPOPT_NOP << 16) | 1049 (TCPOPT_MD5SIG << 8) | 1050 TCPOLEN_MD5SIG); 1051 tcp_v6_do_calc_md5_hash((__u8 *)&opt[1], key, 1052 &ipv6_hdr(skb)->daddr, 1053 &ipv6_hdr(skb)->saddr, 1054 t1, IPPROTO_TCP, tot_len); 1055 } 1056 #endif 1057 1058 buff->csum = csum_partial((char *)t1, sizeof(*t1), 0); 1059 1060 memset(&fl, 0, sizeof(fl)); 1061 ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr); 1062 ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr); 1063 1064 t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst, 1065 sizeof(*t1), IPPROTO_TCP, 1066 buff->csum); 1067 1068 fl.proto = IPPROTO_TCP; 1069 fl.oif = inet6_iif(skb); 1070 fl.fl_ip_dport = t1->dest; 1071 fl.fl_ip_sport = t1->source; 1072 security_skb_classify_flow(skb, &fl); 1073 1074 /* Pass a socket to ip6_dst_lookup either it is for RST 1075 * Underlying function will use this to retrieve the network 1076 * namespace 1077 */ 1078 if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) { 1079 1080 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) { 1081 ip6_xmit(ctl_sk, buff, &fl, NULL, 0); 1082 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS); 1083 TCP_INC_STATS_BH(TCP_MIB_OUTRSTS); 1084 return; 1085 } 1086 } 1087 1088 kfree_skb(buff); 1089 } 1090 1091 static void tcp_v6_send_ack(struct tcp_timewait_sock *tw, 1092 struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts) 1093 { 1094 struct tcphdr *th = tcp_hdr(skb), *t1; 1095 struct sk_buff *buff; 1096 struct flowi fl; 1097 struct net *net = dev_net(skb->dev); 1098 struct sock *ctl_sk = net->ipv6.tcp_sk; 1099 unsigned int tot_len = sizeof(struct tcphdr); 1100 __be32 *topt; 1101 #ifdef CONFIG_TCP_MD5SIG 1102 struct tcp_md5sig_key *key; 1103 struct tcp_md5sig_key tw_key; 1104 #endif 1105 1106 #ifdef CONFIG_TCP_MD5SIG 1107 if (!tw && skb->sk) { 1108 key = tcp_v6_md5_do_lookup(skb->sk, &ipv6_hdr(skb)->daddr); 1109 } else if (tw && tw->tw_md5_keylen) { 1110 tw_key.key = tw->tw_md5_key; 1111 tw_key.keylen = tw->tw_md5_keylen; 1112 key = &tw_key; 1113 } else { 1114 key = NULL; 1115 } 1116 #endif 1117 1118 if (ts) 1119 tot_len += TCPOLEN_TSTAMP_ALIGNED; 1120 #ifdef CONFIG_TCP_MD5SIG 1121 if (key) 1122 tot_len += TCPOLEN_MD5SIG_ALIGNED; 1123 #endif 1124 1125 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len, 1126 GFP_ATOMIC); 1127 if (buff == NULL) 1128 return; 1129 1130 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len); 1131 1132 t1 = (struct tcphdr *) skb_push(buff,tot_len); 1133 1134 /* Swap the send and the receive. */ 1135 memset(t1, 0, sizeof(*t1)); 1136 t1->dest = th->source; 1137 t1->source = th->dest; 1138 t1->doff = tot_len/4; 1139 t1->seq = htonl(seq); 1140 t1->ack_seq = htonl(ack); 1141 t1->ack = 1; 1142 t1->window = htons(win); 1143 1144 topt = (__be32 *)(t1 + 1); 1145 1146 if (ts) { 1147 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 1148 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP); 1149 *topt++ = htonl(tcp_time_stamp); 1150 *topt = htonl(ts); 1151 } 1152 1153 #ifdef CONFIG_TCP_MD5SIG 1154 if (key) { 1155 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 1156 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); 1157 tcp_v6_do_calc_md5_hash((__u8 *)topt, key, 1158 &ipv6_hdr(skb)->daddr, 1159 &ipv6_hdr(skb)->saddr, 1160 t1, IPPROTO_TCP, tot_len); 1161 } 1162 #endif 1163 1164 buff->csum = csum_partial((char *)t1, tot_len, 0); 1165 1166 memset(&fl, 0, sizeof(fl)); 1167 ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr); 1168 ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr); 1169 1170 t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst, 1171 tot_len, IPPROTO_TCP, 1172 buff->csum); 1173 1174 fl.proto = IPPROTO_TCP; 1175 fl.oif = inet6_iif(skb); 1176 fl.fl_ip_dport = t1->dest; 1177 fl.fl_ip_sport = t1->source; 1178 security_skb_classify_flow(skb, &fl); 1179 1180 if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) { 1181 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) { 1182 ip6_xmit(ctl_sk, buff, &fl, NULL, 0); 1183 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS); 1184 return; 1185 } 1186 } 1187 1188 kfree_skb(buff); 1189 } 1190 1191 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb) 1192 { 1193 struct inet_timewait_sock *tw = inet_twsk(sk); 1194 struct tcp_timewait_sock *tcptw = tcp_twsk(sk); 1195 1196 tcp_v6_send_ack(tcptw, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt, 1197 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale, 1198 tcptw->tw_ts_recent); 1199 1200 inet_twsk_put(tw); 1201 } 1202 1203 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req) 1204 { 1205 tcp_v6_send_ack(NULL, skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent); 1206 } 1207 1208 1209 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb) 1210 { 1211 struct request_sock *req, **prev; 1212 const struct tcphdr *th = tcp_hdr(skb); 1213 struct sock *nsk; 1214 1215 /* Find possible connection requests. */ 1216 req = inet6_csk_search_req(sk, &prev, th->source, 1217 &ipv6_hdr(skb)->saddr, 1218 &ipv6_hdr(skb)->daddr, inet6_iif(skb)); 1219 if (req) 1220 return tcp_check_req(sk, skb, req, prev); 1221 1222 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo, 1223 &ipv6_hdr(skb)->saddr, th->source, 1224 &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb)); 1225 1226 if (nsk) { 1227 if (nsk->sk_state != TCP_TIME_WAIT) { 1228 bh_lock_sock(nsk); 1229 return nsk; 1230 } 1231 inet_twsk_put(inet_twsk(nsk)); 1232 return NULL; 1233 } 1234 1235 #ifdef CONFIG_SYN_COOKIES 1236 if (!th->rst && !th->syn && th->ack) 1237 sk = cookie_v6_check(sk, skb); 1238 #endif 1239 return sk; 1240 } 1241 1242 /* FIXME: this is substantially similar to the ipv4 code. 1243 * Can some kind of merge be done? -- erics 1244 */ 1245 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb) 1246 { 1247 struct inet6_request_sock *treq; 1248 struct ipv6_pinfo *np = inet6_sk(sk); 1249 struct tcp_options_received tmp_opt; 1250 struct tcp_sock *tp = tcp_sk(sk); 1251 struct request_sock *req = NULL; 1252 __u32 isn = TCP_SKB_CB(skb)->when; 1253 #ifdef CONFIG_SYN_COOKIES 1254 int want_cookie = 0; 1255 #else 1256 #define want_cookie 0 1257 #endif 1258 1259 if (skb->protocol == htons(ETH_P_IP)) 1260 return tcp_v4_conn_request(sk, skb); 1261 1262 if (!ipv6_unicast_destination(skb)) 1263 goto drop; 1264 1265 if (inet_csk_reqsk_queue_is_full(sk) && !isn) { 1266 if (net_ratelimit()) 1267 syn_flood_warning(skb); 1268 #ifdef CONFIG_SYN_COOKIES 1269 if (sysctl_tcp_syncookies) 1270 want_cookie = 1; 1271 else 1272 #endif 1273 goto drop; 1274 } 1275 1276 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) 1277 goto drop; 1278 1279 req = inet6_reqsk_alloc(&tcp6_request_sock_ops); 1280 if (req == NULL) 1281 goto drop; 1282 1283 #ifdef CONFIG_TCP_MD5SIG 1284 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops; 1285 #endif 1286 1287 tcp_clear_options(&tmp_opt); 1288 tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 1289 tmp_opt.user_mss = tp->rx_opt.user_mss; 1290 1291 tcp_parse_options(skb, &tmp_opt, 0); 1292 1293 if (want_cookie && !tmp_opt.saw_tstamp) 1294 tcp_clear_options(&tmp_opt); 1295 1296 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp; 1297 tcp_openreq_init(req, &tmp_opt, skb); 1298 1299 treq = inet6_rsk(req); 1300 ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr); 1301 ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr); 1302 treq->pktopts = NULL; 1303 if (!want_cookie) 1304 TCP_ECN_create_request(req, tcp_hdr(skb)); 1305 1306 if (want_cookie) { 1307 isn = cookie_v6_init_sequence(sk, skb, &req->mss); 1308 req->cookie_ts = tmp_opt.tstamp_ok; 1309 } else if (!isn) { 1310 if (ipv6_opt_accepted(sk, skb) || 1311 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || 1312 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) { 1313 atomic_inc(&skb->users); 1314 treq->pktopts = skb; 1315 } 1316 treq->iif = sk->sk_bound_dev_if; 1317 1318 /* So that link locals have meaning */ 1319 if (!sk->sk_bound_dev_if && 1320 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL) 1321 treq->iif = inet6_iif(skb); 1322 1323 isn = tcp_v6_init_sequence(skb); 1324 } 1325 1326 tcp_rsk(req)->snt_isn = isn; 1327 1328 security_inet_conn_request(sk, skb, req); 1329 1330 if (tcp_v6_send_synack(sk, req)) 1331 goto drop; 1332 1333 if (!want_cookie) { 1334 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT); 1335 return 0; 1336 } 1337 1338 drop: 1339 if (req) 1340 reqsk_free(req); 1341 1342 return 0; /* don't send reset */ 1343 } 1344 1345 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb, 1346 struct request_sock *req, 1347 struct dst_entry *dst) 1348 { 1349 struct inet6_request_sock *treq = inet6_rsk(req); 1350 struct ipv6_pinfo *newnp, *np = inet6_sk(sk); 1351 struct tcp6_sock *newtcp6sk; 1352 struct inet_sock *newinet; 1353 struct tcp_sock *newtp; 1354 struct sock *newsk; 1355 struct ipv6_txoptions *opt; 1356 #ifdef CONFIG_TCP_MD5SIG 1357 struct tcp_md5sig_key *key; 1358 #endif 1359 1360 if (skb->protocol == htons(ETH_P_IP)) { 1361 /* 1362 * v6 mapped 1363 */ 1364 1365 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst); 1366 1367 if (newsk == NULL) 1368 return NULL; 1369 1370 newtcp6sk = (struct tcp6_sock *)newsk; 1371 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1372 1373 newinet = inet_sk(newsk); 1374 newnp = inet6_sk(newsk); 1375 newtp = tcp_sk(newsk); 1376 1377 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1378 1379 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF), 1380 newinet->daddr); 1381 1382 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF), 1383 newinet->saddr); 1384 1385 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr); 1386 1387 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped; 1388 newsk->sk_backlog_rcv = tcp_v4_do_rcv; 1389 #ifdef CONFIG_TCP_MD5SIG 1390 newtp->af_specific = &tcp_sock_ipv6_mapped_specific; 1391 #endif 1392 1393 newnp->pktoptions = NULL; 1394 newnp->opt = NULL; 1395 newnp->mcast_oif = inet6_iif(skb); 1396 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1397 1398 /* 1399 * No need to charge this sock to the relevant IPv6 refcnt debug socks count 1400 * here, tcp_create_openreq_child now does this for us, see the comment in 1401 * that function for the gory details. -acme 1402 */ 1403 1404 /* It is tricky place. Until this moment IPv4 tcp 1405 worked with IPv6 icsk.icsk_af_ops. 1406 Sync it now. 1407 */ 1408 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); 1409 1410 return newsk; 1411 } 1412 1413 opt = np->opt; 1414 1415 if (sk_acceptq_is_full(sk)) 1416 goto out_overflow; 1417 1418 if (dst == NULL) { 1419 struct in6_addr *final_p = NULL, final; 1420 struct flowi fl; 1421 1422 memset(&fl, 0, sizeof(fl)); 1423 fl.proto = IPPROTO_TCP; 1424 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr); 1425 if (opt && opt->srcrt) { 1426 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt; 1427 ipv6_addr_copy(&final, &fl.fl6_dst); 1428 ipv6_addr_copy(&fl.fl6_dst, rt0->addr); 1429 final_p = &final; 1430 } 1431 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr); 1432 fl.oif = sk->sk_bound_dev_if; 1433 fl.fl_ip_dport = inet_rsk(req)->rmt_port; 1434 fl.fl_ip_sport = inet_sk(sk)->sport; 1435 security_req_classify_flow(req, &fl); 1436 1437 if (ip6_dst_lookup(sk, &dst, &fl)) 1438 goto out; 1439 1440 if (final_p) 1441 ipv6_addr_copy(&fl.fl6_dst, final_p); 1442 1443 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0) 1444 goto out; 1445 } 1446 1447 newsk = tcp_create_openreq_child(sk, req, skb); 1448 if (newsk == NULL) 1449 goto out; 1450 1451 /* 1452 * No need to charge this sock to the relevant IPv6 refcnt debug socks 1453 * count here, tcp_create_openreq_child now does this for us, see the 1454 * comment in that function for the gory details. -acme 1455 */ 1456 1457 newsk->sk_gso_type = SKB_GSO_TCPV6; 1458 __ip6_dst_store(newsk, dst, NULL, NULL); 1459 1460 newtcp6sk = (struct tcp6_sock *)newsk; 1461 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1462 1463 newtp = tcp_sk(newsk); 1464 newinet = inet_sk(newsk); 1465 newnp = inet6_sk(newsk); 1466 1467 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1468 1469 ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr); 1470 ipv6_addr_copy(&newnp->saddr, &treq->loc_addr); 1471 ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr); 1472 newsk->sk_bound_dev_if = treq->iif; 1473 1474 /* Now IPv6 options... 1475 1476 First: no IPv4 options. 1477 */ 1478 newinet->opt = NULL; 1479 newnp->ipv6_fl_list = NULL; 1480 1481 /* Clone RX bits */ 1482 newnp->rxopt.all = np->rxopt.all; 1483 1484 /* Clone pktoptions received with SYN */ 1485 newnp->pktoptions = NULL; 1486 if (treq->pktopts != NULL) { 1487 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC); 1488 kfree_skb(treq->pktopts); 1489 treq->pktopts = NULL; 1490 if (newnp->pktoptions) 1491 skb_set_owner_r(newnp->pktoptions, newsk); 1492 } 1493 newnp->opt = NULL; 1494 newnp->mcast_oif = inet6_iif(skb); 1495 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1496 1497 /* Clone native IPv6 options from listening socket (if any) 1498 1499 Yes, keeping reference count would be much more clever, 1500 but we make one more one thing there: reattach optmem 1501 to newsk. 1502 */ 1503 if (opt) { 1504 newnp->opt = ipv6_dup_options(newsk, opt); 1505 if (opt != np->opt) 1506 sock_kfree_s(sk, opt, opt->tot_len); 1507 } 1508 1509 inet_csk(newsk)->icsk_ext_hdr_len = 0; 1510 if (newnp->opt) 1511 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen + 1512 newnp->opt->opt_flen); 1513 1514 tcp_mtup_init(newsk); 1515 tcp_sync_mss(newsk, dst_mtu(dst)); 1516 newtp->advmss = dst_metric(dst, RTAX_ADVMSS); 1517 tcp_initialize_rcv_mss(newsk); 1518 1519 newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6; 1520 1521 #ifdef CONFIG_TCP_MD5SIG 1522 /* Copy over the MD5 key from the original socket */ 1523 if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) { 1524 /* We're using one, so create a matching key 1525 * on the newsk structure. If we fail to get 1526 * memory, then we end up not copying the key 1527 * across. Shucks. 1528 */ 1529 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC); 1530 if (newkey != NULL) 1531 tcp_v6_md5_do_add(newsk, &inet6_sk(sk)->daddr, 1532 newkey, key->keylen); 1533 } 1534 #endif 1535 1536 __inet6_hash(newsk); 1537 __inet_inherit_port(sk, newsk); 1538 1539 return newsk; 1540 1541 out_overflow: 1542 NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS); 1543 out: 1544 NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS); 1545 if (opt && opt != np->opt) 1546 sock_kfree_s(sk, opt, opt->tot_len); 1547 dst_release(dst); 1548 return NULL; 1549 } 1550 1551 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb) 1552 { 1553 if (skb->ip_summed == CHECKSUM_COMPLETE) { 1554 if (!tcp_v6_check(tcp_hdr(skb), skb->len, &ipv6_hdr(skb)->saddr, 1555 &ipv6_hdr(skb)->daddr, skb->csum)) { 1556 skb->ip_summed = CHECKSUM_UNNECESSARY; 1557 return 0; 1558 } 1559 } 1560 1561 skb->csum = ~csum_unfold(tcp_v6_check(tcp_hdr(skb), skb->len, 1562 &ipv6_hdr(skb)->saddr, 1563 &ipv6_hdr(skb)->daddr, 0)); 1564 1565 if (skb->len <= 76) { 1566 return __skb_checksum_complete(skb); 1567 } 1568 return 0; 1569 } 1570 1571 /* The socket must have it's spinlock held when we get 1572 * here. 1573 * 1574 * We have a potential double-lock case here, so even when 1575 * doing backlog processing we use the BH locking scheme. 1576 * This is because we cannot sleep with the original spinlock 1577 * held. 1578 */ 1579 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) 1580 { 1581 struct ipv6_pinfo *np = inet6_sk(sk); 1582 struct tcp_sock *tp; 1583 struct sk_buff *opt_skb = NULL; 1584 1585 /* Imagine: socket is IPv6. IPv4 packet arrives, 1586 goes to IPv4 receive handler and backlogged. 1587 From backlog it always goes here. Kerboom... 1588 Fortunately, tcp_rcv_established and rcv_established 1589 handle them correctly, but it is not case with 1590 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK 1591 */ 1592 1593 if (skb->protocol == htons(ETH_P_IP)) 1594 return tcp_v4_do_rcv(sk, skb); 1595 1596 #ifdef CONFIG_TCP_MD5SIG 1597 if (tcp_v6_inbound_md5_hash (sk, skb)) 1598 goto discard; 1599 #endif 1600 1601 if (sk_filter(sk, skb)) 1602 goto discard; 1603 1604 /* 1605 * socket locking is here for SMP purposes as backlog rcv 1606 * is currently called with bh processing disabled. 1607 */ 1608 1609 /* Do Stevens' IPV6_PKTOPTIONS. 1610 1611 Yes, guys, it is the only place in our code, where we 1612 may make it not affecting IPv4. 1613 The rest of code is protocol independent, 1614 and I do not like idea to uglify IPv4. 1615 1616 Actually, all the idea behind IPV6_PKTOPTIONS 1617 looks not very well thought. For now we latch 1618 options, received in the last packet, enqueued 1619 by tcp. Feel free to propose better solution. 1620 --ANK (980728) 1621 */ 1622 if (np->rxopt.all) 1623 opt_skb = skb_clone(skb, GFP_ATOMIC); 1624 1625 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ 1626 TCP_CHECK_TIMER(sk); 1627 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) 1628 goto reset; 1629 TCP_CHECK_TIMER(sk); 1630 if (opt_skb) 1631 goto ipv6_pktoptions; 1632 return 0; 1633 } 1634 1635 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb)) 1636 goto csum_err; 1637 1638 if (sk->sk_state == TCP_LISTEN) { 1639 struct sock *nsk = tcp_v6_hnd_req(sk, skb); 1640 if (!nsk) 1641 goto discard; 1642 1643 /* 1644 * Queue it on the new socket if the new socket is active, 1645 * otherwise we just shortcircuit this and continue with 1646 * the new socket.. 1647 */ 1648 if(nsk != sk) { 1649 if (tcp_child_process(sk, nsk, skb)) 1650 goto reset; 1651 if (opt_skb) 1652 __kfree_skb(opt_skb); 1653 return 0; 1654 } 1655 } 1656 1657 TCP_CHECK_TIMER(sk); 1658 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) 1659 goto reset; 1660 TCP_CHECK_TIMER(sk); 1661 if (opt_skb) 1662 goto ipv6_pktoptions; 1663 return 0; 1664 1665 reset: 1666 tcp_v6_send_reset(sk, skb); 1667 discard: 1668 if (opt_skb) 1669 __kfree_skb(opt_skb); 1670 kfree_skb(skb); 1671 return 0; 1672 csum_err: 1673 TCP_INC_STATS_BH(TCP_MIB_INERRS); 1674 goto discard; 1675 1676 1677 ipv6_pktoptions: 1678 /* Do you ask, what is it? 1679 1680 1. skb was enqueued by tcp. 1681 2. skb is added to tail of read queue, rather than out of order. 1682 3. socket is not in passive state. 1683 4. Finally, it really contains options, which user wants to receive. 1684 */ 1685 tp = tcp_sk(sk); 1686 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt && 1687 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) { 1688 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo) 1689 np->mcast_oif = inet6_iif(opt_skb); 1690 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) 1691 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit; 1692 if (ipv6_opt_accepted(sk, opt_skb)) { 1693 skb_set_owner_r(opt_skb, sk); 1694 opt_skb = xchg(&np->pktoptions, opt_skb); 1695 } else { 1696 __kfree_skb(opt_skb); 1697 opt_skb = xchg(&np->pktoptions, NULL); 1698 } 1699 } 1700 1701 if (opt_skb) 1702 kfree_skb(opt_skb); 1703 return 0; 1704 } 1705 1706 static int tcp_v6_rcv(struct sk_buff *skb) 1707 { 1708 struct tcphdr *th; 1709 struct sock *sk; 1710 int ret; 1711 1712 if (skb->pkt_type != PACKET_HOST) 1713 goto discard_it; 1714 1715 /* 1716 * Count it even if it's bad. 1717 */ 1718 TCP_INC_STATS_BH(TCP_MIB_INSEGS); 1719 1720 if (!pskb_may_pull(skb, sizeof(struct tcphdr))) 1721 goto discard_it; 1722 1723 th = tcp_hdr(skb); 1724 1725 if (th->doff < sizeof(struct tcphdr)/4) 1726 goto bad_packet; 1727 if (!pskb_may_pull(skb, th->doff*4)) 1728 goto discard_it; 1729 1730 if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb)) 1731 goto bad_packet; 1732 1733 th = tcp_hdr(skb); 1734 TCP_SKB_CB(skb)->seq = ntohl(th->seq); 1735 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin + 1736 skb->len - th->doff*4); 1737 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq); 1738 TCP_SKB_CB(skb)->when = 0; 1739 TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb)); 1740 TCP_SKB_CB(skb)->sacked = 0; 1741 1742 sk = __inet6_lookup(dev_net(skb->dev), &tcp_hashinfo, 1743 &ipv6_hdr(skb)->saddr, th->source, 1744 &ipv6_hdr(skb)->daddr, ntohs(th->dest), 1745 inet6_iif(skb)); 1746 1747 if (!sk) 1748 goto no_tcp_socket; 1749 1750 process: 1751 if (sk->sk_state == TCP_TIME_WAIT) 1752 goto do_time_wait; 1753 1754 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) 1755 goto discard_and_relse; 1756 1757 if (sk_filter(sk, skb)) 1758 goto discard_and_relse; 1759 1760 skb->dev = NULL; 1761 1762 bh_lock_sock_nested(sk); 1763 ret = 0; 1764 if (!sock_owned_by_user(sk)) { 1765 #ifdef CONFIG_NET_DMA 1766 struct tcp_sock *tp = tcp_sk(sk); 1767 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list) 1768 tp->ucopy.dma_chan = get_softnet_dma(); 1769 if (tp->ucopy.dma_chan) 1770 ret = tcp_v6_do_rcv(sk, skb); 1771 else 1772 #endif 1773 { 1774 if (!tcp_prequeue(sk, skb)) 1775 ret = tcp_v6_do_rcv(sk, skb); 1776 } 1777 } else 1778 sk_add_backlog(sk, skb); 1779 bh_unlock_sock(sk); 1780 1781 sock_put(sk); 1782 return ret ? -1 : 0; 1783 1784 no_tcp_socket: 1785 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 1786 goto discard_it; 1787 1788 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1789 bad_packet: 1790 TCP_INC_STATS_BH(TCP_MIB_INERRS); 1791 } else { 1792 tcp_v6_send_reset(NULL, skb); 1793 } 1794 1795 discard_it: 1796 1797 /* 1798 * Discard frame 1799 */ 1800 1801 kfree_skb(skb); 1802 return 0; 1803 1804 discard_and_relse: 1805 sock_put(sk); 1806 goto discard_it; 1807 1808 do_time_wait: 1809 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 1810 inet_twsk_put(inet_twsk(sk)); 1811 goto discard_it; 1812 } 1813 1814 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1815 TCP_INC_STATS_BH(TCP_MIB_INERRS); 1816 inet_twsk_put(inet_twsk(sk)); 1817 goto discard_it; 1818 } 1819 1820 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) { 1821 case TCP_TW_SYN: 1822 { 1823 struct sock *sk2; 1824 1825 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo, 1826 &ipv6_hdr(skb)->daddr, 1827 ntohs(th->dest), inet6_iif(skb)); 1828 if (sk2 != NULL) { 1829 struct inet_timewait_sock *tw = inet_twsk(sk); 1830 inet_twsk_deschedule(tw, &tcp_death_row); 1831 inet_twsk_put(tw); 1832 sk = sk2; 1833 goto process; 1834 } 1835 /* Fall through to ACK */ 1836 } 1837 case TCP_TW_ACK: 1838 tcp_v6_timewait_ack(sk, skb); 1839 break; 1840 case TCP_TW_RST: 1841 goto no_tcp_socket; 1842 case TCP_TW_SUCCESS:; 1843 } 1844 goto discard_it; 1845 } 1846 1847 static int tcp_v6_remember_stamp(struct sock *sk) 1848 { 1849 /* Alas, not yet... */ 1850 return 0; 1851 } 1852 1853 static struct inet_connection_sock_af_ops ipv6_specific = { 1854 .queue_xmit = inet6_csk_xmit, 1855 .send_check = tcp_v6_send_check, 1856 .rebuild_header = inet6_sk_rebuild_header, 1857 .conn_request = tcp_v6_conn_request, 1858 .syn_recv_sock = tcp_v6_syn_recv_sock, 1859 .remember_stamp = tcp_v6_remember_stamp, 1860 .net_header_len = sizeof(struct ipv6hdr), 1861 .setsockopt = ipv6_setsockopt, 1862 .getsockopt = ipv6_getsockopt, 1863 .addr2sockaddr = inet6_csk_addr2sockaddr, 1864 .sockaddr_len = sizeof(struct sockaddr_in6), 1865 .bind_conflict = inet6_csk_bind_conflict, 1866 #ifdef CONFIG_COMPAT 1867 .compat_setsockopt = compat_ipv6_setsockopt, 1868 .compat_getsockopt = compat_ipv6_getsockopt, 1869 #endif 1870 }; 1871 1872 #ifdef CONFIG_TCP_MD5SIG 1873 static struct tcp_sock_af_ops tcp_sock_ipv6_specific = { 1874 .md5_lookup = tcp_v6_md5_lookup, 1875 .calc_md5_hash = tcp_v6_calc_md5_hash, 1876 .md5_add = tcp_v6_md5_add_func, 1877 .md5_parse = tcp_v6_parse_md5_keys, 1878 }; 1879 #endif 1880 1881 /* 1882 * TCP over IPv4 via INET6 API 1883 */ 1884 1885 static struct inet_connection_sock_af_ops ipv6_mapped = { 1886 .queue_xmit = ip_queue_xmit, 1887 .send_check = tcp_v4_send_check, 1888 .rebuild_header = inet_sk_rebuild_header, 1889 .conn_request = tcp_v6_conn_request, 1890 .syn_recv_sock = tcp_v6_syn_recv_sock, 1891 .remember_stamp = tcp_v4_remember_stamp, 1892 .net_header_len = sizeof(struct iphdr), 1893 .setsockopt = ipv6_setsockopt, 1894 .getsockopt = ipv6_getsockopt, 1895 .addr2sockaddr = inet6_csk_addr2sockaddr, 1896 .sockaddr_len = sizeof(struct sockaddr_in6), 1897 .bind_conflict = inet6_csk_bind_conflict, 1898 #ifdef CONFIG_COMPAT 1899 .compat_setsockopt = compat_ipv6_setsockopt, 1900 .compat_getsockopt = compat_ipv6_getsockopt, 1901 #endif 1902 }; 1903 1904 #ifdef CONFIG_TCP_MD5SIG 1905 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = { 1906 .md5_lookup = tcp_v4_md5_lookup, 1907 .calc_md5_hash = tcp_v4_calc_md5_hash, 1908 .md5_add = tcp_v6_md5_add_func, 1909 .md5_parse = tcp_v6_parse_md5_keys, 1910 }; 1911 #endif 1912 1913 /* NOTE: A lot of things set to zero explicitly by call to 1914 * sk_alloc() so need not be done here. 1915 */ 1916 static int tcp_v6_init_sock(struct sock *sk) 1917 { 1918 struct inet_connection_sock *icsk = inet_csk(sk); 1919 struct tcp_sock *tp = tcp_sk(sk); 1920 1921 skb_queue_head_init(&tp->out_of_order_queue); 1922 tcp_init_xmit_timers(sk); 1923 tcp_prequeue_init(tp); 1924 1925 icsk->icsk_rto = TCP_TIMEOUT_INIT; 1926 tp->mdev = TCP_TIMEOUT_INIT; 1927 1928 /* So many TCP implementations out there (incorrectly) count the 1929 * initial SYN frame in their delayed-ACK and congestion control 1930 * algorithms that we must have the following bandaid to talk 1931 * efficiently to them. -DaveM 1932 */ 1933 tp->snd_cwnd = 2; 1934 1935 /* See draft-stevens-tcpca-spec-01 for discussion of the 1936 * initialization of these values. 1937 */ 1938 tp->snd_ssthresh = 0x7fffffff; 1939 tp->snd_cwnd_clamp = ~0; 1940 tp->mss_cache = 536; 1941 1942 tp->reordering = sysctl_tcp_reordering; 1943 1944 sk->sk_state = TCP_CLOSE; 1945 1946 icsk->icsk_af_ops = &ipv6_specific; 1947 icsk->icsk_ca_ops = &tcp_init_congestion_ops; 1948 icsk->icsk_sync_mss = tcp_sync_mss; 1949 sk->sk_write_space = sk_stream_write_space; 1950 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE); 1951 1952 #ifdef CONFIG_TCP_MD5SIG 1953 tp->af_specific = &tcp_sock_ipv6_specific; 1954 #endif 1955 1956 sk->sk_sndbuf = sysctl_tcp_wmem[1]; 1957 sk->sk_rcvbuf = sysctl_tcp_rmem[1]; 1958 1959 atomic_inc(&tcp_sockets_allocated); 1960 1961 return 0; 1962 } 1963 1964 static int tcp_v6_destroy_sock(struct sock *sk) 1965 { 1966 #ifdef CONFIG_TCP_MD5SIG 1967 /* Clean up the MD5 key list */ 1968 if (tcp_sk(sk)->md5sig_info) 1969 tcp_v6_clear_md5_list(sk); 1970 #endif 1971 tcp_v4_destroy_sock(sk); 1972 return inet6_destroy_sock(sk); 1973 } 1974 1975 #ifdef CONFIG_PROC_FS 1976 /* Proc filesystem TCPv6 sock list dumping. */ 1977 static void get_openreq6(struct seq_file *seq, 1978 struct sock *sk, struct request_sock *req, int i, int uid) 1979 { 1980 int ttd = req->expires - jiffies; 1981 struct in6_addr *src = &inet6_rsk(req)->loc_addr; 1982 struct in6_addr *dest = &inet6_rsk(req)->rmt_addr; 1983 1984 if (ttd < 0) 1985 ttd = 0; 1986 1987 seq_printf(seq, 1988 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1989 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n", 1990 i, 1991 src->s6_addr32[0], src->s6_addr32[1], 1992 src->s6_addr32[2], src->s6_addr32[3], 1993 ntohs(inet_sk(sk)->sport), 1994 dest->s6_addr32[0], dest->s6_addr32[1], 1995 dest->s6_addr32[2], dest->s6_addr32[3], 1996 ntohs(inet_rsk(req)->rmt_port), 1997 TCP_SYN_RECV, 1998 0,0, /* could print option size, but that is af dependent. */ 1999 1, /* timers active (only the expire timer) */ 2000 jiffies_to_clock_t(ttd), 2001 req->retrans, 2002 uid, 2003 0, /* non standard timer */ 2004 0, /* open_requests have no inode */ 2005 0, req); 2006 } 2007 2008 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) 2009 { 2010 struct in6_addr *dest, *src; 2011 __u16 destp, srcp; 2012 int timer_active; 2013 unsigned long timer_expires; 2014 struct inet_sock *inet = inet_sk(sp); 2015 struct tcp_sock *tp = tcp_sk(sp); 2016 const struct inet_connection_sock *icsk = inet_csk(sp); 2017 struct ipv6_pinfo *np = inet6_sk(sp); 2018 2019 dest = &np->daddr; 2020 src = &np->rcv_saddr; 2021 destp = ntohs(inet->dport); 2022 srcp = ntohs(inet->sport); 2023 2024 if (icsk->icsk_pending == ICSK_TIME_RETRANS) { 2025 timer_active = 1; 2026 timer_expires = icsk->icsk_timeout; 2027 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) { 2028 timer_active = 4; 2029 timer_expires = icsk->icsk_timeout; 2030 } else if (timer_pending(&sp->sk_timer)) { 2031 timer_active = 2; 2032 timer_expires = sp->sk_timer.expires; 2033 } else { 2034 timer_active = 0; 2035 timer_expires = jiffies; 2036 } 2037 2038 seq_printf(seq, 2039 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 2040 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %u %u %u %u %d\n", 2041 i, 2042 src->s6_addr32[0], src->s6_addr32[1], 2043 src->s6_addr32[2], src->s6_addr32[3], srcp, 2044 dest->s6_addr32[0], dest->s6_addr32[1], 2045 dest->s6_addr32[2], dest->s6_addr32[3], destp, 2046 sp->sk_state, 2047 tp->write_seq-tp->snd_una, 2048 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq), 2049 timer_active, 2050 jiffies_to_clock_t(timer_expires - jiffies), 2051 icsk->icsk_retransmits, 2052 sock_i_uid(sp), 2053 icsk->icsk_probes_out, 2054 sock_i_ino(sp), 2055 atomic_read(&sp->sk_refcnt), sp, 2056 icsk->icsk_rto, 2057 icsk->icsk_ack.ato, 2058 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong, 2059 tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh 2060 ); 2061 } 2062 2063 static void get_timewait6_sock(struct seq_file *seq, 2064 struct inet_timewait_sock *tw, int i) 2065 { 2066 struct in6_addr *dest, *src; 2067 __u16 destp, srcp; 2068 struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw); 2069 int ttd = tw->tw_ttd - jiffies; 2070 2071 if (ttd < 0) 2072 ttd = 0; 2073 2074 dest = &tw6->tw_v6_daddr; 2075 src = &tw6->tw_v6_rcv_saddr; 2076 destp = ntohs(tw->tw_dport); 2077 srcp = ntohs(tw->tw_sport); 2078 2079 seq_printf(seq, 2080 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 2081 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n", 2082 i, 2083 src->s6_addr32[0], src->s6_addr32[1], 2084 src->s6_addr32[2], src->s6_addr32[3], srcp, 2085 dest->s6_addr32[0], dest->s6_addr32[1], 2086 dest->s6_addr32[2], dest->s6_addr32[3], destp, 2087 tw->tw_substate, 0, 0, 2088 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0, 2089 atomic_read(&tw->tw_refcnt), tw); 2090 } 2091 2092 static int tcp6_seq_show(struct seq_file *seq, void *v) 2093 { 2094 struct tcp_iter_state *st; 2095 2096 if (v == SEQ_START_TOKEN) { 2097 seq_puts(seq, 2098 " sl " 2099 "local_address " 2100 "remote_address " 2101 "st tx_queue rx_queue tr tm->when retrnsmt" 2102 " uid timeout inode\n"); 2103 goto out; 2104 } 2105 st = seq->private; 2106 2107 switch (st->state) { 2108 case TCP_SEQ_STATE_LISTENING: 2109 case TCP_SEQ_STATE_ESTABLISHED: 2110 get_tcp6_sock(seq, v, st->num); 2111 break; 2112 case TCP_SEQ_STATE_OPENREQ: 2113 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid); 2114 break; 2115 case TCP_SEQ_STATE_TIME_WAIT: 2116 get_timewait6_sock(seq, v, st->num); 2117 break; 2118 } 2119 out: 2120 return 0; 2121 } 2122 2123 static struct tcp_seq_afinfo tcp6_seq_afinfo = { 2124 .name = "tcp6", 2125 .family = AF_INET6, 2126 .seq_fops = { 2127 .owner = THIS_MODULE, 2128 }, 2129 .seq_ops = { 2130 .show = tcp6_seq_show, 2131 }, 2132 }; 2133 2134 int tcp6_proc_init(struct net *net) 2135 { 2136 return tcp_proc_register(net, &tcp6_seq_afinfo); 2137 } 2138 2139 void tcp6_proc_exit(struct net *net) 2140 { 2141 tcp_proc_unregister(net, &tcp6_seq_afinfo); 2142 } 2143 #endif 2144 2145 struct proto tcpv6_prot = { 2146 .name = "TCPv6", 2147 .owner = THIS_MODULE, 2148 .close = tcp_close, 2149 .connect = tcp_v6_connect, 2150 .disconnect = tcp_disconnect, 2151 .accept = inet_csk_accept, 2152 .ioctl = tcp_ioctl, 2153 .init = tcp_v6_init_sock, 2154 .destroy = tcp_v6_destroy_sock, 2155 .shutdown = tcp_shutdown, 2156 .setsockopt = tcp_setsockopt, 2157 .getsockopt = tcp_getsockopt, 2158 .recvmsg = tcp_recvmsg, 2159 .backlog_rcv = tcp_v6_do_rcv, 2160 .hash = tcp_v6_hash, 2161 .unhash = inet_unhash, 2162 .get_port = inet_csk_get_port, 2163 .enter_memory_pressure = tcp_enter_memory_pressure, 2164 .sockets_allocated = &tcp_sockets_allocated, 2165 .memory_allocated = &tcp_memory_allocated, 2166 .memory_pressure = &tcp_memory_pressure, 2167 .orphan_count = &tcp_orphan_count, 2168 .sysctl_mem = sysctl_tcp_mem, 2169 .sysctl_wmem = sysctl_tcp_wmem, 2170 .sysctl_rmem = sysctl_tcp_rmem, 2171 .max_header = MAX_TCP_HEADER, 2172 .obj_size = sizeof(struct tcp6_sock), 2173 .twsk_prot = &tcp6_timewait_sock_ops, 2174 .rsk_prot = &tcp6_request_sock_ops, 2175 .h.hashinfo = &tcp_hashinfo, 2176 #ifdef CONFIG_COMPAT 2177 .compat_setsockopt = compat_tcp_setsockopt, 2178 .compat_getsockopt = compat_tcp_getsockopt, 2179 #endif 2180 }; 2181 2182 static struct inet6_protocol tcpv6_protocol = { 2183 .handler = tcp_v6_rcv, 2184 .err_handler = tcp_v6_err, 2185 .gso_send_check = tcp_v6_gso_send_check, 2186 .gso_segment = tcp_tso_segment, 2187 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 2188 }; 2189 2190 static struct inet_protosw tcpv6_protosw = { 2191 .type = SOCK_STREAM, 2192 .protocol = IPPROTO_TCP, 2193 .prot = &tcpv6_prot, 2194 .ops = &inet6_stream_ops, 2195 .capability = -1, 2196 .no_check = 0, 2197 .flags = INET_PROTOSW_PERMANENT | 2198 INET_PROTOSW_ICSK, 2199 }; 2200 2201 static int tcpv6_net_init(struct net *net) 2202 { 2203 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6, 2204 SOCK_RAW, IPPROTO_TCP, net); 2205 } 2206 2207 static void tcpv6_net_exit(struct net *net) 2208 { 2209 inet_ctl_sock_destroy(net->ipv6.tcp_sk); 2210 } 2211 2212 static struct pernet_operations tcpv6_net_ops = { 2213 .init = tcpv6_net_init, 2214 .exit = tcpv6_net_exit, 2215 }; 2216 2217 int __init tcpv6_init(void) 2218 { 2219 int ret; 2220 2221 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP); 2222 if (ret) 2223 goto out; 2224 2225 /* register inet6 protocol */ 2226 ret = inet6_register_protosw(&tcpv6_protosw); 2227 if (ret) 2228 goto out_tcpv6_protocol; 2229 2230 ret = register_pernet_subsys(&tcpv6_net_ops); 2231 if (ret) 2232 goto out_tcpv6_protosw; 2233 out: 2234 return ret; 2235 2236 out_tcpv6_protocol: 2237 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2238 out_tcpv6_protosw: 2239 inet6_unregister_protosw(&tcpv6_protosw); 2240 goto out; 2241 } 2242 2243 void tcpv6_exit(void) 2244 { 2245 unregister_pernet_subsys(&tcpv6_net_ops); 2246 inet6_unregister_protosw(&tcpv6_protosw); 2247 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2248 } 2249