xref: /openbmc/linux/net/ipv6/tcp_ipv6.c (revision 28efb0046512e8a13ed9f9bdf0d68d10bbfbe9cf)
1 /*
2  *	TCP over IPv6
3  *	Linux INET6 implementation
4  *
5  *	Authors:
6  *	Pedro Roque		<roque@di.fc.ul.pt>
7  *
8  *	Based on:
9  *	linux/net/ipv4/tcp.c
10  *	linux/net/ipv4/tcp_input.c
11  *	linux/net/ipv4/tcp_output.c
12  *
13  *	Fixes:
14  *	Hideaki YOSHIFUJI	:	sin6_scope_id support
15  *	YOSHIFUJI Hideaki @USAGI and:	Support IPV6_V6ONLY socket option, which
16  *	Alexey Kuznetsov		allow both IPv4 and IPv6 sockets to bind
17  *					a single port at the same time.
18  *	YOSHIFUJI Hideaki @USAGI:	convert /proc/net/tcp6 to seq_file.
19  *
20  *	This program is free software; you can redistribute it and/or
21  *      modify it under the terms of the GNU General Public License
22  *      as published by the Free Software Foundation; either version
23  *      2 of the License, or (at your option) any later version.
24  */
25 
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
34 #include <linux/in.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
41 #include <linux/slab.h>
42 #include <linux/uaccess.h>
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
46 
47 #include <net/tcp.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
51 #include <net/ipv6.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
58 #include <net/xfrm.h>
59 #include <net/snmp.h>
60 #include <net/dsfield.h>
61 #include <net/timewait_sock.h>
62 #include <net/inet_common.h>
63 #include <net/secure_seq.h>
64 #include <net/busy_poll.h>
65 
66 #include <linux/proc_fs.h>
67 #include <linux/seq_file.h>
68 
69 #include <crypto/hash.h>
70 #include <linux/scatterlist.h>
71 
72 static void	tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb);
73 static void	tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
74 				      struct request_sock *req);
75 
76 static int	tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
77 
78 static const struct inet_connection_sock_af_ops ipv6_mapped;
79 static const struct inet_connection_sock_af_ops ipv6_specific;
80 #ifdef CONFIG_TCP_MD5SIG
81 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
82 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
83 #else
84 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
85 						   const struct in6_addr *addr)
86 {
87 	return NULL;
88 }
89 #endif
90 
91 static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
92 {
93 	struct dst_entry *dst = skb_dst(skb);
94 
95 	if (dst && dst_hold_safe(dst)) {
96 		const struct rt6_info *rt = (const struct rt6_info *)dst;
97 
98 		sk->sk_rx_dst = dst;
99 		inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
100 		inet6_sk(sk)->rx_dst_cookie = rt6_get_cookie(rt);
101 	}
102 }
103 
104 static u32 tcp_v6_init_seq(const struct sk_buff *skb)
105 {
106 	return secure_tcpv6_seq(ipv6_hdr(skb)->daddr.s6_addr32,
107 				ipv6_hdr(skb)->saddr.s6_addr32,
108 				tcp_hdr(skb)->dest,
109 				tcp_hdr(skb)->source);
110 }
111 
112 static u32 tcp_v6_init_ts_off(const struct net *net, const struct sk_buff *skb)
113 {
114 	return secure_tcpv6_ts_off(net, ipv6_hdr(skb)->daddr.s6_addr32,
115 				   ipv6_hdr(skb)->saddr.s6_addr32);
116 }
117 
118 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
119 			  int addr_len)
120 {
121 	struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
122 	struct inet_sock *inet = inet_sk(sk);
123 	struct inet_connection_sock *icsk = inet_csk(sk);
124 	struct ipv6_pinfo *np = inet6_sk(sk);
125 	struct tcp_sock *tp = tcp_sk(sk);
126 	struct in6_addr *saddr = NULL, *final_p, final;
127 	struct ipv6_txoptions *opt;
128 	struct flowi6 fl6;
129 	struct dst_entry *dst;
130 	int addr_type;
131 	int err;
132 	struct inet_timewait_death_row *tcp_death_row = &sock_net(sk)->ipv4.tcp_death_row;
133 
134 	if (addr_len < SIN6_LEN_RFC2133)
135 		return -EINVAL;
136 
137 	if (usin->sin6_family != AF_INET6)
138 		return -EAFNOSUPPORT;
139 
140 	memset(&fl6, 0, sizeof(fl6));
141 
142 	if (np->sndflow) {
143 		fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
144 		IP6_ECN_flow_init(fl6.flowlabel);
145 		if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
146 			struct ip6_flowlabel *flowlabel;
147 			flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
148 			if (!flowlabel)
149 				return -EINVAL;
150 			fl6_sock_release(flowlabel);
151 		}
152 	}
153 
154 	/*
155 	 *	connect() to INADDR_ANY means loopback (BSD'ism).
156 	 */
157 
158 	if (ipv6_addr_any(&usin->sin6_addr)) {
159 		if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr))
160 			ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK),
161 					       &usin->sin6_addr);
162 		else
163 			usin->sin6_addr = in6addr_loopback;
164 	}
165 
166 	addr_type = ipv6_addr_type(&usin->sin6_addr);
167 
168 	if (addr_type & IPV6_ADDR_MULTICAST)
169 		return -ENETUNREACH;
170 
171 	if (addr_type&IPV6_ADDR_LINKLOCAL) {
172 		if (addr_len >= sizeof(struct sockaddr_in6) &&
173 		    usin->sin6_scope_id) {
174 			/* If interface is set while binding, indices
175 			 * must coincide.
176 			 */
177 			if (sk->sk_bound_dev_if &&
178 			    sk->sk_bound_dev_if != usin->sin6_scope_id)
179 				return -EINVAL;
180 
181 			sk->sk_bound_dev_if = usin->sin6_scope_id;
182 		}
183 
184 		/* Connect to link-local address requires an interface */
185 		if (!sk->sk_bound_dev_if)
186 			return -EINVAL;
187 	}
188 
189 	if (tp->rx_opt.ts_recent_stamp &&
190 	    !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
191 		tp->rx_opt.ts_recent = 0;
192 		tp->rx_opt.ts_recent_stamp = 0;
193 		tp->write_seq = 0;
194 	}
195 
196 	sk->sk_v6_daddr = usin->sin6_addr;
197 	np->flow_label = fl6.flowlabel;
198 
199 	/*
200 	 *	TCP over IPv4
201 	 */
202 
203 	if (addr_type & IPV6_ADDR_MAPPED) {
204 		u32 exthdrlen = icsk->icsk_ext_hdr_len;
205 		struct sockaddr_in sin;
206 
207 		SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
208 
209 		if (__ipv6_only_sock(sk))
210 			return -ENETUNREACH;
211 
212 		sin.sin_family = AF_INET;
213 		sin.sin_port = usin->sin6_port;
214 		sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
215 
216 		icsk->icsk_af_ops = &ipv6_mapped;
217 		sk->sk_backlog_rcv = tcp_v4_do_rcv;
218 #ifdef CONFIG_TCP_MD5SIG
219 		tp->af_specific = &tcp_sock_ipv6_mapped_specific;
220 #endif
221 
222 		err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
223 
224 		if (err) {
225 			icsk->icsk_ext_hdr_len = exthdrlen;
226 			icsk->icsk_af_ops = &ipv6_specific;
227 			sk->sk_backlog_rcv = tcp_v6_do_rcv;
228 #ifdef CONFIG_TCP_MD5SIG
229 			tp->af_specific = &tcp_sock_ipv6_specific;
230 #endif
231 			goto failure;
232 		}
233 		np->saddr = sk->sk_v6_rcv_saddr;
234 
235 		return err;
236 	}
237 
238 	if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
239 		saddr = &sk->sk_v6_rcv_saddr;
240 
241 	fl6.flowi6_proto = IPPROTO_TCP;
242 	fl6.daddr = sk->sk_v6_daddr;
243 	fl6.saddr = saddr ? *saddr : np->saddr;
244 	fl6.flowi6_oif = sk->sk_bound_dev_if;
245 	fl6.flowi6_mark = sk->sk_mark;
246 	fl6.fl6_dport = usin->sin6_port;
247 	fl6.fl6_sport = inet->inet_sport;
248 	fl6.flowi6_uid = sk->sk_uid;
249 
250 	opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
251 	final_p = fl6_update_dst(&fl6, opt, &final);
252 
253 	security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
254 
255 	dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
256 	if (IS_ERR(dst)) {
257 		err = PTR_ERR(dst);
258 		goto failure;
259 	}
260 
261 	if (!saddr) {
262 		saddr = &fl6.saddr;
263 		sk->sk_v6_rcv_saddr = *saddr;
264 	}
265 
266 	/* set the source address */
267 	np->saddr = *saddr;
268 	inet->inet_rcv_saddr = LOOPBACK4_IPV6;
269 
270 	sk->sk_gso_type = SKB_GSO_TCPV6;
271 	ip6_dst_store(sk, dst, NULL, NULL);
272 
273 	icsk->icsk_ext_hdr_len = 0;
274 	if (opt)
275 		icsk->icsk_ext_hdr_len = opt->opt_flen +
276 					 opt->opt_nflen;
277 
278 	tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
279 
280 	inet->inet_dport = usin->sin6_port;
281 
282 	tcp_set_state(sk, TCP_SYN_SENT);
283 	err = inet6_hash_connect(tcp_death_row, sk);
284 	if (err)
285 		goto late_failure;
286 
287 	sk_set_txhash(sk);
288 
289 	if (likely(!tp->repair)) {
290 		if (!tp->write_seq)
291 			tp->write_seq = secure_tcpv6_seq(np->saddr.s6_addr32,
292 							 sk->sk_v6_daddr.s6_addr32,
293 							 inet->inet_sport,
294 							 inet->inet_dport);
295 		tp->tsoffset = secure_tcpv6_ts_off(sock_net(sk),
296 						   np->saddr.s6_addr32,
297 						   sk->sk_v6_daddr.s6_addr32);
298 	}
299 
300 	if (tcp_fastopen_defer_connect(sk, &err))
301 		return err;
302 	if (err)
303 		goto late_failure;
304 
305 	err = tcp_connect(sk);
306 	if (err)
307 		goto late_failure;
308 
309 	return 0;
310 
311 late_failure:
312 	tcp_set_state(sk, TCP_CLOSE);
313 failure:
314 	inet->inet_dport = 0;
315 	sk->sk_route_caps = 0;
316 	return err;
317 }
318 
319 static void tcp_v6_mtu_reduced(struct sock *sk)
320 {
321 	struct dst_entry *dst;
322 
323 	if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
324 		return;
325 
326 	dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info);
327 	if (!dst)
328 		return;
329 
330 	if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
331 		tcp_sync_mss(sk, dst_mtu(dst));
332 		tcp_simple_retransmit(sk);
333 	}
334 }
335 
336 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
337 		u8 type, u8 code, int offset, __be32 info)
338 {
339 	const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
340 	const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
341 	struct net *net = dev_net(skb->dev);
342 	struct request_sock *fastopen;
343 	struct ipv6_pinfo *np;
344 	struct tcp_sock *tp;
345 	__u32 seq, snd_una;
346 	struct sock *sk;
347 	bool fatal;
348 	int err;
349 
350 	sk = __inet6_lookup_established(net, &tcp_hashinfo,
351 					&hdr->daddr, th->dest,
352 					&hdr->saddr, ntohs(th->source),
353 					skb->dev->ifindex, inet6_sdif(skb));
354 
355 	if (!sk) {
356 		__ICMP6_INC_STATS(net, __in6_dev_get(skb->dev),
357 				  ICMP6_MIB_INERRORS);
358 		return;
359 	}
360 
361 	if (sk->sk_state == TCP_TIME_WAIT) {
362 		inet_twsk_put(inet_twsk(sk));
363 		return;
364 	}
365 	seq = ntohl(th->seq);
366 	fatal = icmpv6_err_convert(type, code, &err);
367 	if (sk->sk_state == TCP_NEW_SYN_RECV)
368 		return tcp_req_err(sk, seq, fatal);
369 
370 	bh_lock_sock(sk);
371 	if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
372 		__NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS);
373 
374 	if (sk->sk_state == TCP_CLOSE)
375 		goto out;
376 
377 	if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) {
378 		__NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
379 		goto out;
380 	}
381 
382 	tp = tcp_sk(sk);
383 	/* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
384 	fastopen = tp->fastopen_rsk;
385 	snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
386 	if (sk->sk_state != TCP_LISTEN &&
387 	    !between(seq, snd_una, tp->snd_nxt)) {
388 		__NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
389 		goto out;
390 	}
391 
392 	np = inet6_sk(sk);
393 
394 	if (type == NDISC_REDIRECT) {
395 		if (!sock_owned_by_user(sk)) {
396 			struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
397 
398 			if (dst)
399 				dst->ops->redirect(dst, sk, skb);
400 		}
401 		goto out;
402 	}
403 
404 	if (type == ICMPV6_PKT_TOOBIG) {
405 		/* We are not interested in TCP_LISTEN and open_requests
406 		 * (SYN-ACKs send out by Linux are always <576bytes so
407 		 * they should go through unfragmented).
408 		 */
409 		if (sk->sk_state == TCP_LISTEN)
410 			goto out;
411 
412 		if (!ip6_sk_accept_pmtu(sk))
413 			goto out;
414 
415 		tp->mtu_info = ntohl(info);
416 		if (!sock_owned_by_user(sk))
417 			tcp_v6_mtu_reduced(sk);
418 		else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
419 					   &sk->sk_tsq_flags))
420 			sock_hold(sk);
421 		goto out;
422 	}
423 
424 
425 	/* Might be for an request_sock */
426 	switch (sk->sk_state) {
427 	case TCP_SYN_SENT:
428 	case TCP_SYN_RECV:
429 		/* Only in fast or simultaneous open. If a fast open socket is
430 		 * is already accepted it is treated as a connected one below.
431 		 */
432 		if (fastopen && !fastopen->sk)
433 			break;
434 
435 		if (!sock_owned_by_user(sk)) {
436 			sk->sk_err = err;
437 			sk->sk_error_report(sk);		/* Wake people up to see the error (see connect in sock.c) */
438 
439 			tcp_done(sk);
440 		} else
441 			sk->sk_err_soft = err;
442 		goto out;
443 	}
444 
445 	if (!sock_owned_by_user(sk) && np->recverr) {
446 		sk->sk_err = err;
447 		sk->sk_error_report(sk);
448 	} else
449 		sk->sk_err_soft = err;
450 
451 out:
452 	bh_unlock_sock(sk);
453 	sock_put(sk);
454 }
455 
456 
457 static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst,
458 			      struct flowi *fl,
459 			      struct request_sock *req,
460 			      struct tcp_fastopen_cookie *foc,
461 			      enum tcp_synack_type synack_type)
462 {
463 	struct inet_request_sock *ireq = inet_rsk(req);
464 	struct ipv6_pinfo *np = inet6_sk(sk);
465 	struct ipv6_txoptions *opt;
466 	struct flowi6 *fl6 = &fl->u.ip6;
467 	struct sk_buff *skb;
468 	int err = -ENOMEM;
469 
470 	/* First, grab a route. */
471 	if (!dst && (dst = inet6_csk_route_req(sk, fl6, req,
472 					       IPPROTO_TCP)) == NULL)
473 		goto done;
474 
475 	skb = tcp_make_synack(sk, dst, req, foc, synack_type);
476 
477 	if (skb) {
478 		__tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
479 				    &ireq->ir_v6_rmt_addr);
480 
481 		fl6->daddr = ireq->ir_v6_rmt_addr;
482 		if (np->repflow && ireq->pktopts)
483 			fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
484 
485 		rcu_read_lock();
486 		opt = ireq->ipv6_opt;
487 		if (!opt)
488 			opt = rcu_dereference(np->opt);
489 		err = ip6_xmit(sk, skb, fl6, sk->sk_mark, opt, np->tclass);
490 		rcu_read_unlock();
491 		err = net_xmit_eval(err);
492 	}
493 
494 done:
495 	return err;
496 }
497 
498 
499 static void tcp_v6_reqsk_destructor(struct request_sock *req)
500 {
501 	kfree(inet_rsk(req)->ipv6_opt);
502 	kfree_skb(inet_rsk(req)->pktopts);
503 }
504 
505 #ifdef CONFIG_TCP_MD5SIG
506 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
507 						   const struct in6_addr *addr)
508 {
509 	return tcp_md5_do_lookup(sk, (union tcp_md5_addr *)addr, AF_INET6);
510 }
511 
512 static struct tcp_md5sig_key *tcp_v6_md5_lookup(const struct sock *sk,
513 						const struct sock *addr_sk)
514 {
515 	return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr);
516 }
517 
518 static int tcp_v6_parse_md5_keys(struct sock *sk, int optname,
519 				 char __user *optval, int optlen)
520 {
521 	struct tcp_md5sig cmd;
522 	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
523 	u8 prefixlen;
524 
525 	if (optlen < sizeof(cmd))
526 		return -EINVAL;
527 
528 	if (copy_from_user(&cmd, optval, sizeof(cmd)))
529 		return -EFAULT;
530 
531 	if (sin6->sin6_family != AF_INET6)
532 		return -EINVAL;
533 
534 	if (optname == TCP_MD5SIG_EXT &&
535 	    cmd.tcpm_flags & TCP_MD5SIG_FLAG_PREFIX) {
536 		prefixlen = cmd.tcpm_prefixlen;
537 		if (prefixlen > 128 || (ipv6_addr_v4mapped(&sin6->sin6_addr) &&
538 					prefixlen > 32))
539 			return -EINVAL;
540 	} else {
541 		prefixlen = ipv6_addr_v4mapped(&sin6->sin6_addr) ? 32 : 128;
542 	}
543 
544 	if (!cmd.tcpm_keylen) {
545 		if (ipv6_addr_v4mapped(&sin6->sin6_addr))
546 			return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
547 					      AF_INET, prefixlen);
548 		return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
549 				      AF_INET6, prefixlen);
550 	}
551 
552 	if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
553 		return -EINVAL;
554 
555 	if (ipv6_addr_v4mapped(&sin6->sin6_addr))
556 		return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
557 				      AF_INET, prefixlen, cmd.tcpm_key,
558 				      cmd.tcpm_keylen, GFP_KERNEL);
559 
560 	return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
561 			      AF_INET6, prefixlen, cmd.tcpm_key,
562 			      cmd.tcpm_keylen, GFP_KERNEL);
563 }
564 
565 static int tcp_v6_md5_hash_headers(struct tcp_md5sig_pool *hp,
566 				   const struct in6_addr *daddr,
567 				   const struct in6_addr *saddr,
568 				   const struct tcphdr *th, int nbytes)
569 {
570 	struct tcp6_pseudohdr *bp;
571 	struct scatterlist sg;
572 	struct tcphdr *_th;
573 
574 	bp = hp->scratch;
575 	/* 1. TCP pseudo-header (RFC2460) */
576 	bp->saddr = *saddr;
577 	bp->daddr = *daddr;
578 	bp->protocol = cpu_to_be32(IPPROTO_TCP);
579 	bp->len = cpu_to_be32(nbytes);
580 
581 	_th = (struct tcphdr *)(bp + 1);
582 	memcpy(_th, th, sizeof(*th));
583 	_th->check = 0;
584 
585 	sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th));
586 	ahash_request_set_crypt(hp->md5_req, &sg, NULL,
587 				sizeof(*bp) + sizeof(*th));
588 	return crypto_ahash_update(hp->md5_req);
589 }
590 
591 static int tcp_v6_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
592 			       const struct in6_addr *daddr, struct in6_addr *saddr,
593 			       const struct tcphdr *th)
594 {
595 	struct tcp_md5sig_pool *hp;
596 	struct ahash_request *req;
597 
598 	hp = tcp_get_md5sig_pool();
599 	if (!hp)
600 		goto clear_hash_noput;
601 	req = hp->md5_req;
602 
603 	if (crypto_ahash_init(req))
604 		goto clear_hash;
605 	if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, th->doff << 2))
606 		goto clear_hash;
607 	if (tcp_md5_hash_key(hp, key))
608 		goto clear_hash;
609 	ahash_request_set_crypt(req, NULL, md5_hash, 0);
610 	if (crypto_ahash_final(req))
611 		goto clear_hash;
612 
613 	tcp_put_md5sig_pool();
614 	return 0;
615 
616 clear_hash:
617 	tcp_put_md5sig_pool();
618 clear_hash_noput:
619 	memset(md5_hash, 0, 16);
620 	return 1;
621 }
622 
623 static int tcp_v6_md5_hash_skb(char *md5_hash,
624 			       const struct tcp_md5sig_key *key,
625 			       const struct sock *sk,
626 			       const struct sk_buff *skb)
627 {
628 	const struct in6_addr *saddr, *daddr;
629 	struct tcp_md5sig_pool *hp;
630 	struct ahash_request *req;
631 	const struct tcphdr *th = tcp_hdr(skb);
632 
633 	if (sk) { /* valid for establish/request sockets */
634 		saddr = &sk->sk_v6_rcv_saddr;
635 		daddr = &sk->sk_v6_daddr;
636 	} else {
637 		const struct ipv6hdr *ip6h = ipv6_hdr(skb);
638 		saddr = &ip6h->saddr;
639 		daddr = &ip6h->daddr;
640 	}
641 
642 	hp = tcp_get_md5sig_pool();
643 	if (!hp)
644 		goto clear_hash_noput;
645 	req = hp->md5_req;
646 
647 	if (crypto_ahash_init(req))
648 		goto clear_hash;
649 
650 	if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, skb->len))
651 		goto clear_hash;
652 	if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
653 		goto clear_hash;
654 	if (tcp_md5_hash_key(hp, key))
655 		goto clear_hash;
656 	ahash_request_set_crypt(req, NULL, md5_hash, 0);
657 	if (crypto_ahash_final(req))
658 		goto clear_hash;
659 
660 	tcp_put_md5sig_pool();
661 	return 0;
662 
663 clear_hash:
664 	tcp_put_md5sig_pool();
665 clear_hash_noput:
666 	memset(md5_hash, 0, 16);
667 	return 1;
668 }
669 
670 #endif
671 
672 static bool tcp_v6_inbound_md5_hash(const struct sock *sk,
673 				    const struct sk_buff *skb)
674 {
675 #ifdef CONFIG_TCP_MD5SIG
676 	const __u8 *hash_location = NULL;
677 	struct tcp_md5sig_key *hash_expected;
678 	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
679 	const struct tcphdr *th = tcp_hdr(skb);
680 	int genhash;
681 	u8 newhash[16];
682 
683 	hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
684 	hash_location = tcp_parse_md5sig_option(th);
685 
686 	/* We've parsed the options - do we have a hash? */
687 	if (!hash_expected && !hash_location)
688 		return false;
689 
690 	if (hash_expected && !hash_location) {
691 		NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
692 		return true;
693 	}
694 
695 	if (!hash_expected && hash_location) {
696 		NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
697 		return true;
698 	}
699 
700 	/* check the signature */
701 	genhash = tcp_v6_md5_hash_skb(newhash,
702 				      hash_expected,
703 				      NULL, skb);
704 
705 	if (genhash || memcmp(hash_location, newhash, 16) != 0) {
706 		NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5FAILURE);
707 		net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
708 				     genhash ? "failed" : "mismatch",
709 				     &ip6h->saddr, ntohs(th->source),
710 				     &ip6h->daddr, ntohs(th->dest));
711 		return true;
712 	}
713 #endif
714 	return false;
715 }
716 
717 static void tcp_v6_init_req(struct request_sock *req,
718 			    const struct sock *sk_listener,
719 			    struct sk_buff *skb)
720 {
721 	struct inet_request_sock *ireq = inet_rsk(req);
722 	const struct ipv6_pinfo *np = inet6_sk(sk_listener);
723 
724 	ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
725 	ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
726 
727 	/* So that link locals have meaning */
728 	if (!sk_listener->sk_bound_dev_if &&
729 	    ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
730 		ireq->ir_iif = tcp_v6_iif(skb);
731 
732 	if (!TCP_SKB_CB(skb)->tcp_tw_isn &&
733 	    (ipv6_opt_accepted(sk_listener, skb, &TCP_SKB_CB(skb)->header.h6) ||
734 	     np->rxopt.bits.rxinfo ||
735 	     np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim ||
736 	     np->rxopt.bits.rxohlim || np->repflow)) {
737 		refcount_inc(&skb->users);
738 		ireq->pktopts = skb;
739 	}
740 }
741 
742 static struct dst_entry *tcp_v6_route_req(const struct sock *sk,
743 					  struct flowi *fl,
744 					  const struct request_sock *req)
745 {
746 	return inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP);
747 }
748 
749 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
750 	.family		=	AF_INET6,
751 	.obj_size	=	sizeof(struct tcp6_request_sock),
752 	.rtx_syn_ack	=	tcp_rtx_synack,
753 	.send_ack	=	tcp_v6_reqsk_send_ack,
754 	.destructor	=	tcp_v6_reqsk_destructor,
755 	.send_reset	=	tcp_v6_send_reset,
756 	.syn_ack_timeout =	tcp_syn_ack_timeout,
757 };
758 
759 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
760 	.mss_clamp	=	IPV6_MIN_MTU - sizeof(struct tcphdr) -
761 				sizeof(struct ipv6hdr),
762 #ifdef CONFIG_TCP_MD5SIG
763 	.req_md5_lookup	=	tcp_v6_md5_lookup,
764 	.calc_md5_hash	=	tcp_v6_md5_hash_skb,
765 #endif
766 	.init_req	=	tcp_v6_init_req,
767 #ifdef CONFIG_SYN_COOKIES
768 	.cookie_init_seq =	cookie_v6_init_sequence,
769 #endif
770 	.route_req	=	tcp_v6_route_req,
771 	.init_seq	=	tcp_v6_init_seq,
772 	.init_ts_off	=	tcp_v6_init_ts_off,
773 	.send_synack	=	tcp_v6_send_synack,
774 };
775 
776 static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 seq,
777 				 u32 ack, u32 win, u32 tsval, u32 tsecr,
778 				 int oif, struct tcp_md5sig_key *key, int rst,
779 				 u8 tclass, __be32 label)
780 {
781 	const struct tcphdr *th = tcp_hdr(skb);
782 	struct tcphdr *t1;
783 	struct sk_buff *buff;
784 	struct flowi6 fl6;
785 	struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
786 	struct sock *ctl_sk = net->ipv6.tcp_sk;
787 	unsigned int tot_len = sizeof(struct tcphdr);
788 	struct dst_entry *dst;
789 	__be32 *topt;
790 
791 	if (tsecr)
792 		tot_len += TCPOLEN_TSTAMP_ALIGNED;
793 #ifdef CONFIG_TCP_MD5SIG
794 	if (key)
795 		tot_len += TCPOLEN_MD5SIG_ALIGNED;
796 #endif
797 
798 	buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
799 			 GFP_ATOMIC);
800 	if (!buff)
801 		return;
802 
803 	skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
804 
805 	t1 = skb_push(buff, tot_len);
806 	skb_reset_transport_header(buff);
807 
808 	/* Swap the send and the receive. */
809 	memset(t1, 0, sizeof(*t1));
810 	t1->dest = th->source;
811 	t1->source = th->dest;
812 	t1->doff = tot_len / 4;
813 	t1->seq = htonl(seq);
814 	t1->ack_seq = htonl(ack);
815 	t1->ack = !rst || !th->ack;
816 	t1->rst = rst;
817 	t1->window = htons(win);
818 
819 	topt = (__be32 *)(t1 + 1);
820 
821 	if (tsecr) {
822 		*topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
823 				(TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
824 		*topt++ = htonl(tsval);
825 		*topt++ = htonl(tsecr);
826 	}
827 
828 #ifdef CONFIG_TCP_MD5SIG
829 	if (key) {
830 		*topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
831 				(TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
832 		tcp_v6_md5_hash_hdr((__u8 *)topt, key,
833 				    &ipv6_hdr(skb)->saddr,
834 				    &ipv6_hdr(skb)->daddr, t1);
835 	}
836 #endif
837 
838 	memset(&fl6, 0, sizeof(fl6));
839 	fl6.daddr = ipv6_hdr(skb)->saddr;
840 	fl6.saddr = ipv6_hdr(skb)->daddr;
841 	fl6.flowlabel = label;
842 
843 	buff->ip_summed = CHECKSUM_PARTIAL;
844 	buff->csum = 0;
845 
846 	__tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
847 
848 	fl6.flowi6_proto = IPPROTO_TCP;
849 	if (rt6_need_strict(&fl6.daddr) && !oif)
850 		fl6.flowi6_oif = tcp_v6_iif(skb);
851 	else {
852 		if (!oif && netif_index_is_l3_master(net, skb->skb_iif))
853 			oif = skb->skb_iif;
854 
855 		fl6.flowi6_oif = oif;
856 	}
857 
858 	fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark);
859 	fl6.fl6_dport = t1->dest;
860 	fl6.fl6_sport = t1->source;
861 	fl6.flowi6_uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL);
862 	security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
863 
864 	/* Pass a socket to ip6_dst_lookup either it is for RST
865 	 * Underlying function will use this to retrieve the network
866 	 * namespace
867 	 */
868 	dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
869 	if (!IS_ERR(dst)) {
870 		skb_dst_set(buff, dst);
871 		ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL, tclass);
872 		TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
873 		if (rst)
874 			TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
875 		return;
876 	}
877 
878 	kfree_skb(buff);
879 }
880 
881 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb)
882 {
883 	const struct tcphdr *th = tcp_hdr(skb);
884 	u32 seq = 0, ack_seq = 0;
885 	struct tcp_md5sig_key *key = NULL;
886 #ifdef CONFIG_TCP_MD5SIG
887 	const __u8 *hash_location = NULL;
888 	struct ipv6hdr *ipv6h = ipv6_hdr(skb);
889 	unsigned char newhash[16];
890 	int genhash;
891 	struct sock *sk1 = NULL;
892 #endif
893 	int oif;
894 
895 	if (th->rst)
896 		return;
897 
898 	/* If sk not NULL, it means we did a successful lookup and incoming
899 	 * route had to be correct. prequeue might have dropped our dst.
900 	 */
901 	if (!sk && !ipv6_unicast_destination(skb))
902 		return;
903 
904 #ifdef CONFIG_TCP_MD5SIG
905 	rcu_read_lock();
906 	hash_location = tcp_parse_md5sig_option(th);
907 	if (sk && sk_fullsock(sk)) {
908 		key = tcp_v6_md5_do_lookup(sk, &ipv6h->saddr);
909 	} else if (hash_location) {
910 		/*
911 		 * active side is lost. Try to find listening socket through
912 		 * source port, and then find md5 key through listening socket.
913 		 * we are not loose security here:
914 		 * Incoming packet is checked with md5 hash with finding key,
915 		 * no RST generated if md5 hash doesn't match.
916 		 */
917 		sk1 = inet6_lookup_listener(dev_net(skb_dst(skb)->dev),
918 					   &tcp_hashinfo, NULL, 0,
919 					   &ipv6h->saddr,
920 					   th->source, &ipv6h->daddr,
921 					   ntohs(th->source), tcp_v6_iif(skb),
922 					   tcp_v6_sdif(skb));
923 		if (!sk1)
924 			goto out;
925 
926 		key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr);
927 		if (!key)
928 			goto out;
929 
930 		genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, skb);
931 		if (genhash || memcmp(hash_location, newhash, 16) != 0)
932 			goto out;
933 	}
934 #endif
935 
936 	if (th->ack)
937 		seq = ntohl(th->ack_seq);
938 	else
939 		ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
940 			  (th->doff << 2);
941 
942 	oif = sk ? sk->sk_bound_dev_if : 0;
943 	tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, key, 1, 0, 0);
944 
945 #ifdef CONFIG_TCP_MD5SIG
946 out:
947 	rcu_read_unlock();
948 #endif
949 }
950 
951 static void tcp_v6_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq,
952 			    u32 ack, u32 win, u32 tsval, u32 tsecr, int oif,
953 			    struct tcp_md5sig_key *key, u8 tclass,
954 			    __be32 label)
955 {
956 	tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, key, 0,
957 			     tclass, label);
958 }
959 
960 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
961 {
962 	struct inet_timewait_sock *tw = inet_twsk(sk);
963 	struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
964 
965 	tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
966 			tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
967 			tcp_time_stamp_raw() + tcptw->tw_ts_offset,
968 			tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw),
969 			tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel));
970 
971 	inet_twsk_put(tw);
972 }
973 
974 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
975 				  struct request_sock *req)
976 {
977 	/* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
978 	 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
979 	 */
980 	/* RFC 7323 2.3
981 	 * The window field (SEG.WND) of every outgoing segment, with the
982 	 * exception of <SYN> segments, MUST be right-shifted by
983 	 * Rcv.Wind.Shift bits:
984 	 */
985 	tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ?
986 			tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
987 			tcp_rsk(req)->rcv_nxt,
988 			req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale,
989 			tcp_time_stamp_raw() + tcp_rsk(req)->ts_off,
990 			req->ts_recent, sk->sk_bound_dev_if,
991 			tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr),
992 			0, 0);
993 }
994 
995 
996 static struct sock *tcp_v6_cookie_check(struct sock *sk, struct sk_buff *skb)
997 {
998 #ifdef CONFIG_SYN_COOKIES
999 	const struct tcphdr *th = tcp_hdr(skb);
1000 
1001 	if (!th->syn)
1002 		sk = cookie_v6_check(sk, skb);
1003 #endif
1004 	return sk;
1005 }
1006 
1007 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1008 {
1009 	if (skb->protocol == htons(ETH_P_IP))
1010 		return tcp_v4_conn_request(sk, skb);
1011 
1012 	if (!ipv6_unicast_destination(skb))
1013 		goto drop;
1014 
1015 	return tcp_conn_request(&tcp6_request_sock_ops,
1016 				&tcp_request_sock_ipv6_ops, sk, skb);
1017 
1018 drop:
1019 	tcp_listendrop(sk);
1020 	return 0; /* don't send reset */
1021 }
1022 
1023 static void tcp_v6_restore_cb(struct sk_buff *skb)
1024 {
1025 	/* We need to move header back to the beginning if xfrm6_policy_check()
1026 	 * and tcp_v6_fill_cb() are going to be called again.
1027 	 * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there.
1028 	 */
1029 	memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
1030 		sizeof(struct inet6_skb_parm));
1031 }
1032 
1033 static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
1034 					 struct request_sock *req,
1035 					 struct dst_entry *dst,
1036 					 struct request_sock *req_unhash,
1037 					 bool *own_req)
1038 {
1039 	struct inet_request_sock *ireq;
1040 	struct ipv6_pinfo *newnp;
1041 	const struct ipv6_pinfo *np = inet6_sk(sk);
1042 	struct ipv6_txoptions *opt;
1043 	struct tcp6_sock *newtcp6sk;
1044 	struct inet_sock *newinet;
1045 	struct tcp_sock *newtp;
1046 	struct sock *newsk;
1047 #ifdef CONFIG_TCP_MD5SIG
1048 	struct tcp_md5sig_key *key;
1049 #endif
1050 	struct flowi6 fl6;
1051 
1052 	if (skb->protocol == htons(ETH_P_IP)) {
1053 		/*
1054 		 *	v6 mapped
1055 		 */
1056 
1057 		newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst,
1058 					     req_unhash, own_req);
1059 
1060 		if (!newsk)
1061 			return NULL;
1062 
1063 		newtcp6sk = (struct tcp6_sock *)newsk;
1064 		inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1065 
1066 		newinet = inet_sk(newsk);
1067 		newnp = inet6_sk(newsk);
1068 		newtp = tcp_sk(newsk);
1069 
1070 		memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1071 
1072 		newnp->saddr = newsk->sk_v6_rcv_saddr;
1073 
1074 		inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1075 		newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1076 #ifdef CONFIG_TCP_MD5SIG
1077 		newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1078 #endif
1079 
1080 		newnp->ipv6_mc_list = NULL;
1081 		newnp->ipv6_ac_list = NULL;
1082 		newnp->ipv6_fl_list = NULL;
1083 		newnp->pktoptions  = NULL;
1084 		newnp->opt	   = NULL;
1085 		newnp->mcast_oif   = tcp_v6_iif(skb);
1086 		newnp->mcast_hops  = ipv6_hdr(skb)->hop_limit;
1087 		newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1088 		if (np->repflow)
1089 			newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1090 
1091 		/*
1092 		 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1093 		 * here, tcp_create_openreq_child now does this for us, see the comment in
1094 		 * that function for the gory details. -acme
1095 		 */
1096 
1097 		/* It is tricky place. Until this moment IPv4 tcp
1098 		   worked with IPv6 icsk.icsk_af_ops.
1099 		   Sync it now.
1100 		 */
1101 		tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1102 
1103 		return newsk;
1104 	}
1105 
1106 	ireq = inet_rsk(req);
1107 
1108 	if (sk_acceptq_is_full(sk))
1109 		goto out_overflow;
1110 
1111 	if (!dst) {
1112 		dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_TCP);
1113 		if (!dst)
1114 			goto out;
1115 	}
1116 
1117 	newsk = tcp_create_openreq_child(sk, req, skb);
1118 	if (!newsk)
1119 		goto out_nonewsk;
1120 
1121 	/*
1122 	 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1123 	 * count here, tcp_create_openreq_child now does this for us, see the
1124 	 * comment in that function for the gory details. -acme
1125 	 */
1126 
1127 	newsk->sk_gso_type = SKB_GSO_TCPV6;
1128 	ip6_dst_store(newsk, dst, NULL, NULL);
1129 	inet6_sk_rx_dst_set(newsk, skb);
1130 
1131 	newtcp6sk = (struct tcp6_sock *)newsk;
1132 	inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1133 
1134 	newtp = tcp_sk(newsk);
1135 	newinet = inet_sk(newsk);
1136 	newnp = inet6_sk(newsk);
1137 
1138 	memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1139 
1140 	newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
1141 	newnp->saddr = ireq->ir_v6_loc_addr;
1142 	newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
1143 	newsk->sk_bound_dev_if = ireq->ir_iif;
1144 
1145 	/* Now IPv6 options...
1146 
1147 	   First: no IPv4 options.
1148 	 */
1149 	newinet->inet_opt = NULL;
1150 	newnp->ipv6_mc_list = NULL;
1151 	newnp->ipv6_ac_list = NULL;
1152 	newnp->ipv6_fl_list = NULL;
1153 
1154 	/* Clone RX bits */
1155 	newnp->rxopt.all = np->rxopt.all;
1156 
1157 	newnp->pktoptions = NULL;
1158 	newnp->opt	  = NULL;
1159 	newnp->mcast_oif  = tcp_v6_iif(skb);
1160 	newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1161 	newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1162 	if (np->repflow)
1163 		newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1164 
1165 	/* Clone native IPv6 options from listening socket (if any)
1166 
1167 	   Yes, keeping reference count would be much more clever,
1168 	   but we make one more one thing there: reattach optmem
1169 	   to newsk.
1170 	 */
1171 	opt = ireq->ipv6_opt;
1172 	if (!opt)
1173 		opt = rcu_dereference(np->opt);
1174 	if (opt) {
1175 		opt = ipv6_dup_options(newsk, opt);
1176 		RCU_INIT_POINTER(newnp->opt, opt);
1177 	}
1178 	inet_csk(newsk)->icsk_ext_hdr_len = 0;
1179 	if (opt)
1180 		inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen +
1181 						    opt->opt_flen;
1182 
1183 	tcp_ca_openreq_child(newsk, dst);
1184 
1185 	tcp_sync_mss(newsk, dst_mtu(dst));
1186 	newtp->advmss = tcp_mss_clamp(tcp_sk(sk), dst_metric_advmss(dst));
1187 
1188 	tcp_initialize_rcv_mss(newsk);
1189 
1190 	newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1191 	newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1192 
1193 #ifdef CONFIG_TCP_MD5SIG
1194 	/* Copy over the MD5 key from the original socket */
1195 	key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr);
1196 	if (key) {
1197 		/* We're using one, so create a matching key
1198 		 * on the newsk structure. If we fail to get
1199 		 * memory, then we end up not copying the key
1200 		 * across. Shucks.
1201 		 */
1202 		tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr,
1203 			       AF_INET6, 128, key->key, key->keylen,
1204 			       sk_gfp_mask(sk, GFP_ATOMIC));
1205 	}
1206 #endif
1207 
1208 	if (__inet_inherit_port(sk, newsk) < 0) {
1209 		inet_csk_prepare_forced_close(newsk);
1210 		tcp_done(newsk);
1211 		goto out;
1212 	}
1213 	*own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash));
1214 	if (*own_req) {
1215 		tcp_move_syn(newtp, req);
1216 
1217 		/* Clone pktoptions received with SYN, if we own the req */
1218 		if (ireq->pktopts) {
1219 			newnp->pktoptions = skb_clone(ireq->pktopts,
1220 						      sk_gfp_mask(sk, GFP_ATOMIC));
1221 			consume_skb(ireq->pktopts);
1222 			ireq->pktopts = NULL;
1223 			if (newnp->pktoptions) {
1224 				tcp_v6_restore_cb(newnp->pktoptions);
1225 				skb_set_owner_r(newnp->pktoptions, newsk);
1226 			}
1227 		}
1228 	}
1229 
1230 	return newsk;
1231 
1232 out_overflow:
1233 	__NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1234 out_nonewsk:
1235 	dst_release(dst);
1236 out:
1237 	tcp_listendrop(sk);
1238 	return NULL;
1239 }
1240 
1241 /* The socket must have it's spinlock held when we get
1242  * here, unless it is a TCP_LISTEN socket.
1243  *
1244  * We have a potential double-lock case here, so even when
1245  * doing backlog processing we use the BH locking scheme.
1246  * This is because we cannot sleep with the original spinlock
1247  * held.
1248  */
1249 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1250 {
1251 	struct ipv6_pinfo *np = inet6_sk(sk);
1252 	struct tcp_sock *tp;
1253 	struct sk_buff *opt_skb = NULL;
1254 
1255 	/* Imagine: socket is IPv6. IPv4 packet arrives,
1256 	   goes to IPv4 receive handler and backlogged.
1257 	   From backlog it always goes here. Kerboom...
1258 	   Fortunately, tcp_rcv_established and rcv_established
1259 	   handle them correctly, but it is not case with
1260 	   tcp_v6_hnd_req and tcp_v6_send_reset().   --ANK
1261 	 */
1262 
1263 	if (skb->protocol == htons(ETH_P_IP))
1264 		return tcp_v4_do_rcv(sk, skb);
1265 
1266 	/*
1267 	 *	socket locking is here for SMP purposes as backlog rcv
1268 	 *	is currently called with bh processing disabled.
1269 	 */
1270 
1271 	/* Do Stevens' IPV6_PKTOPTIONS.
1272 
1273 	   Yes, guys, it is the only place in our code, where we
1274 	   may make it not affecting IPv4.
1275 	   The rest of code is protocol independent,
1276 	   and I do not like idea to uglify IPv4.
1277 
1278 	   Actually, all the idea behind IPV6_PKTOPTIONS
1279 	   looks not very well thought. For now we latch
1280 	   options, received in the last packet, enqueued
1281 	   by tcp. Feel free to propose better solution.
1282 					       --ANK (980728)
1283 	 */
1284 	if (np->rxopt.all)
1285 		opt_skb = skb_clone(skb, sk_gfp_mask(sk, GFP_ATOMIC));
1286 
1287 	if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1288 		struct dst_entry *dst = sk->sk_rx_dst;
1289 
1290 		sock_rps_save_rxhash(sk, skb);
1291 		sk_mark_napi_id(sk, skb);
1292 		if (dst) {
1293 			if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
1294 			    dst->ops->check(dst, np->rx_dst_cookie) == NULL) {
1295 				dst_release(dst);
1296 				sk->sk_rx_dst = NULL;
1297 			}
1298 		}
1299 
1300 		tcp_rcv_established(sk, skb, tcp_hdr(skb));
1301 		if (opt_skb)
1302 			goto ipv6_pktoptions;
1303 		return 0;
1304 	}
1305 
1306 	if (tcp_checksum_complete(skb))
1307 		goto csum_err;
1308 
1309 	if (sk->sk_state == TCP_LISTEN) {
1310 		struct sock *nsk = tcp_v6_cookie_check(sk, skb);
1311 
1312 		if (!nsk)
1313 			goto discard;
1314 
1315 		if (nsk != sk) {
1316 			if (tcp_child_process(sk, nsk, skb))
1317 				goto reset;
1318 			if (opt_skb)
1319 				__kfree_skb(opt_skb);
1320 			return 0;
1321 		}
1322 	} else
1323 		sock_rps_save_rxhash(sk, skb);
1324 
1325 	if (tcp_rcv_state_process(sk, skb))
1326 		goto reset;
1327 	if (opt_skb)
1328 		goto ipv6_pktoptions;
1329 	return 0;
1330 
1331 reset:
1332 	tcp_v6_send_reset(sk, skb);
1333 discard:
1334 	if (opt_skb)
1335 		__kfree_skb(opt_skb);
1336 	kfree_skb(skb);
1337 	return 0;
1338 csum_err:
1339 	TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS);
1340 	TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS);
1341 	goto discard;
1342 
1343 
1344 ipv6_pktoptions:
1345 	/* Do you ask, what is it?
1346 
1347 	   1. skb was enqueued by tcp.
1348 	   2. skb is added to tail of read queue, rather than out of order.
1349 	   3. socket is not in passive state.
1350 	   4. Finally, it really contains options, which user wants to receive.
1351 	 */
1352 	tp = tcp_sk(sk);
1353 	if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1354 	    !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1355 		if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1356 			np->mcast_oif = tcp_v6_iif(opt_skb);
1357 		if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1358 			np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1359 		if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
1360 			np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
1361 		if (np->repflow)
1362 			np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
1363 		if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) {
1364 			skb_set_owner_r(opt_skb, sk);
1365 			tcp_v6_restore_cb(opt_skb);
1366 			opt_skb = xchg(&np->pktoptions, opt_skb);
1367 		} else {
1368 			__kfree_skb(opt_skb);
1369 			opt_skb = xchg(&np->pktoptions, NULL);
1370 		}
1371 	}
1372 
1373 	kfree_skb(opt_skb);
1374 	return 0;
1375 }
1376 
1377 static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
1378 			   const struct tcphdr *th)
1379 {
1380 	/* This is tricky: we move IP6CB at its correct location into
1381 	 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
1382 	 * _decode_session6() uses IP6CB().
1383 	 * barrier() makes sure compiler won't play aliasing games.
1384 	 */
1385 	memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
1386 		sizeof(struct inet6_skb_parm));
1387 	barrier();
1388 
1389 	TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1390 	TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1391 				    skb->len - th->doff*4);
1392 	TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1393 	TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1394 	TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1395 	TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1396 	TCP_SKB_CB(skb)->sacked = 0;
1397 	TCP_SKB_CB(skb)->has_rxtstamp =
1398 			skb->tstamp || skb_hwtstamps(skb)->hwtstamp;
1399 }
1400 
1401 static int tcp_v6_rcv(struct sk_buff *skb)
1402 {
1403 	int sdif = inet6_sdif(skb);
1404 	const struct tcphdr *th;
1405 	const struct ipv6hdr *hdr;
1406 	bool refcounted;
1407 	struct sock *sk;
1408 	int ret;
1409 	struct net *net = dev_net(skb->dev);
1410 
1411 	if (skb->pkt_type != PACKET_HOST)
1412 		goto discard_it;
1413 
1414 	/*
1415 	 *	Count it even if it's bad.
1416 	 */
1417 	__TCP_INC_STATS(net, TCP_MIB_INSEGS);
1418 
1419 	if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1420 		goto discard_it;
1421 
1422 	th = (const struct tcphdr *)skb->data;
1423 
1424 	if (unlikely(th->doff < sizeof(struct tcphdr)/4))
1425 		goto bad_packet;
1426 	if (!pskb_may_pull(skb, th->doff*4))
1427 		goto discard_it;
1428 
1429 	if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo))
1430 		goto csum_error;
1431 
1432 	th = (const struct tcphdr *)skb->data;
1433 	hdr = ipv6_hdr(skb);
1434 
1435 lookup:
1436 	sk = __inet6_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th),
1437 				th->source, th->dest, inet6_iif(skb), sdif,
1438 				&refcounted);
1439 	if (!sk)
1440 		goto no_tcp_socket;
1441 
1442 process:
1443 	if (sk->sk_state == TCP_TIME_WAIT)
1444 		goto do_time_wait;
1445 
1446 	if (sk->sk_state == TCP_NEW_SYN_RECV) {
1447 		struct request_sock *req = inet_reqsk(sk);
1448 		struct sock *nsk;
1449 
1450 		sk = req->rsk_listener;
1451 		tcp_v6_fill_cb(skb, hdr, th);
1452 		if (tcp_v6_inbound_md5_hash(sk, skb)) {
1453 			sk_drops_add(sk, skb);
1454 			reqsk_put(req);
1455 			goto discard_it;
1456 		}
1457 		if (unlikely(sk->sk_state != TCP_LISTEN)) {
1458 			inet_csk_reqsk_queue_drop_and_put(sk, req);
1459 			goto lookup;
1460 		}
1461 		sock_hold(sk);
1462 		refcounted = true;
1463 		nsk = NULL;
1464 		if (!tcp_filter(sk, skb))
1465 			nsk = tcp_check_req(sk, skb, req, false);
1466 		if (!nsk) {
1467 			reqsk_put(req);
1468 			goto discard_and_relse;
1469 		}
1470 		if (nsk == sk) {
1471 			reqsk_put(req);
1472 			tcp_v6_restore_cb(skb);
1473 		} else if (tcp_child_process(sk, nsk, skb)) {
1474 			tcp_v6_send_reset(nsk, skb);
1475 			goto discard_and_relse;
1476 		} else {
1477 			sock_put(sk);
1478 			return 0;
1479 		}
1480 	}
1481 	if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
1482 		__NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
1483 		goto discard_and_relse;
1484 	}
1485 
1486 	if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1487 		goto discard_and_relse;
1488 
1489 	tcp_v6_fill_cb(skb, hdr, th);
1490 
1491 	if (tcp_v6_inbound_md5_hash(sk, skb))
1492 		goto discard_and_relse;
1493 
1494 	if (tcp_filter(sk, skb))
1495 		goto discard_and_relse;
1496 	th = (const struct tcphdr *)skb->data;
1497 	hdr = ipv6_hdr(skb);
1498 
1499 	skb->dev = NULL;
1500 
1501 	if (sk->sk_state == TCP_LISTEN) {
1502 		ret = tcp_v6_do_rcv(sk, skb);
1503 		goto put_and_return;
1504 	}
1505 
1506 	sk_incoming_cpu_update(sk);
1507 
1508 	bh_lock_sock_nested(sk);
1509 	tcp_segs_in(tcp_sk(sk), skb);
1510 	ret = 0;
1511 	if (!sock_owned_by_user(sk)) {
1512 		ret = tcp_v6_do_rcv(sk, skb);
1513 	} else if (tcp_add_backlog(sk, skb)) {
1514 		goto discard_and_relse;
1515 	}
1516 	bh_unlock_sock(sk);
1517 
1518 put_and_return:
1519 	if (refcounted)
1520 		sock_put(sk);
1521 	return ret ? -1 : 0;
1522 
1523 no_tcp_socket:
1524 	if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1525 		goto discard_it;
1526 
1527 	tcp_v6_fill_cb(skb, hdr, th);
1528 
1529 	if (tcp_checksum_complete(skb)) {
1530 csum_error:
1531 		__TCP_INC_STATS(net, TCP_MIB_CSUMERRORS);
1532 bad_packet:
1533 		__TCP_INC_STATS(net, TCP_MIB_INERRS);
1534 	} else {
1535 		tcp_v6_send_reset(NULL, skb);
1536 	}
1537 
1538 discard_it:
1539 	kfree_skb(skb);
1540 	return 0;
1541 
1542 discard_and_relse:
1543 	sk_drops_add(sk, skb);
1544 	if (refcounted)
1545 		sock_put(sk);
1546 	goto discard_it;
1547 
1548 do_time_wait:
1549 	if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1550 		inet_twsk_put(inet_twsk(sk));
1551 		goto discard_it;
1552 	}
1553 
1554 	tcp_v6_fill_cb(skb, hdr, th);
1555 
1556 	if (tcp_checksum_complete(skb)) {
1557 		inet_twsk_put(inet_twsk(sk));
1558 		goto csum_error;
1559 	}
1560 
1561 	switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1562 	case TCP_TW_SYN:
1563 	{
1564 		struct sock *sk2;
1565 
1566 		sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1567 					    skb, __tcp_hdrlen(th),
1568 					    &ipv6_hdr(skb)->saddr, th->source,
1569 					    &ipv6_hdr(skb)->daddr,
1570 					    ntohs(th->dest), tcp_v6_iif(skb),
1571 					    sdif);
1572 		if (sk2) {
1573 			struct inet_timewait_sock *tw = inet_twsk(sk);
1574 			inet_twsk_deschedule_put(tw);
1575 			sk = sk2;
1576 			tcp_v6_restore_cb(skb);
1577 			refcounted = false;
1578 			goto process;
1579 		}
1580 		/* Fall through to ACK */
1581 	}
1582 	case TCP_TW_ACK:
1583 		tcp_v6_timewait_ack(sk, skb);
1584 		break;
1585 	case TCP_TW_RST:
1586 		tcp_v6_restore_cb(skb);
1587 		tcp_v6_send_reset(sk, skb);
1588 		inet_twsk_deschedule_put(inet_twsk(sk));
1589 		goto discard_it;
1590 	case TCP_TW_SUCCESS:
1591 		;
1592 	}
1593 	goto discard_it;
1594 }
1595 
1596 static void tcp_v6_early_demux(struct sk_buff *skb)
1597 {
1598 	const struct ipv6hdr *hdr;
1599 	const struct tcphdr *th;
1600 	struct sock *sk;
1601 
1602 	if (skb->pkt_type != PACKET_HOST)
1603 		return;
1604 
1605 	if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1606 		return;
1607 
1608 	hdr = ipv6_hdr(skb);
1609 	th = tcp_hdr(skb);
1610 
1611 	if (th->doff < sizeof(struct tcphdr) / 4)
1612 		return;
1613 
1614 	/* Note : We use inet6_iif() here, not tcp_v6_iif() */
1615 	sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1616 					&hdr->saddr, th->source,
1617 					&hdr->daddr, ntohs(th->dest),
1618 					inet6_iif(skb), inet6_sdif(skb));
1619 	if (sk) {
1620 		skb->sk = sk;
1621 		skb->destructor = sock_edemux;
1622 		if (sk_fullsock(sk)) {
1623 			struct dst_entry *dst = READ_ONCE(sk->sk_rx_dst);
1624 
1625 			if (dst)
1626 				dst = dst_check(dst, inet6_sk(sk)->rx_dst_cookie);
1627 			if (dst &&
1628 			    inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
1629 				skb_dst_set_noref(skb, dst);
1630 		}
1631 	}
1632 }
1633 
1634 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1635 	.twsk_obj_size	= sizeof(struct tcp6_timewait_sock),
1636 	.twsk_unique	= tcp_twsk_unique,
1637 	.twsk_destructor = tcp_twsk_destructor,
1638 };
1639 
1640 static const struct inet_connection_sock_af_ops ipv6_specific = {
1641 	.queue_xmit	   = inet6_csk_xmit,
1642 	.send_check	   = tcp_v6_send_check,
1643 	.rebuild_header	   = inet6_sk_rebuild_header,
1644 	.sk_rx_dst_set	   = inet6_sk_rx_dst_set,
1645 	.conn_request	   = tcp_v6_conn_request,
1646 	.syn_recv_sock	   = tcp_v6_syn_recv_sock,
1647 	.net_header_len	   = sizeof(struct ipv6hdr),
1648 	.net_frag_header_len = sizeof(struct frag_hdr),
1649 	.setsockopt	   = ipv6_setsockopt,
1650 	.getsockopt	   = ipv6_getsockopt,
1651 	.addr2sockaddr	   = inet6_csk_addr2sockaddr,
1652 	.sockaddr_len	   = sizeof(struct sockaddr_in6),
1653 #ifdef CONFIG_COMPAT
1654 	.compat_setsockopt = compat_ipv6_setsockopt,
1655 	.compat_getsockopt = compat_ipv6_getsockopt,
1656 #endif
1657 	.mtu_reduced	   = tcp_v6_mtu_reduced,
1658 };
1659 
1660 #ifdef CONFIG_TCP_MD5SIG
1661 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1662 	.md5_lookup	=	tcp_v6_md5_lookup,
1663 	.calc_md5_hash	=	tcp_v6_md5_hash_skb,
1664 	.md5_parse	=	tcp_v6_parse_md5_keys,
1665 };
1666 #endif
1667 
1668 /*
1669  *	TCP over IPv4 via INET6 API
1670  */
1671 static const struct inet_connection_sock_af_ops ipv6_mapped = {
1672 	.queue_xmit	   = ip_queue_xmit,
1673 	.send_check	   = tcp_v4_send_check,
1674 	.rebuild_header	   = inet_sk_rebuild_header,
1675 	.sk_rx_dst_set	   = inet_sk_rx_dst_set,
1676 	.conn_request	   = tcp_v6_conn_request,
1677 	.syn_recv_sock	   = tcp_v6_syn_recv_sock,
1678 	.net_header_len	   = sizeof(struct iphdr),
1679 	.setsockopt	   = ipv6_setsockopt,
1680 	.getsockopt	   = ipv6_getsockopt,
1681 	.addr2sockaddr	   = inet6_csk_addr2sockaddr,
1682 	.sockaddr_len	   = sizeof(struct sockaddr_in6),
1683 #ifdef CONFIG_COMPAT
1684 	.compat_setsockopt = compat_ipv6_setsockopt,
1685 	.compat_getsockopt = compat_ipv6_getsockopt,
1686 #endif
1687 	.mtu_reduced	   = tcp_v4_mtu_reduced,
1688 };
1689 
1690 #ifdef CONFIG_TCP_MD5SIG
1691 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1692 	.md5_lookup	=	tcp_v4_md5_lookup,
1693 	.calc_md5_hash	=	tcp_v4_md5_hash_skb,
1694 	.md5_parse	=	tcp_v6_parse_md5_keys,
1695 };
1696 #endif
1697 
1698 /* NOTE: A lot of things set to zero explicitly by call to
1699  *       sk_alloc() so need not be done here.
1700  */
1701 static int tcp_v6_init_sock(struct sock *sk)
1702 {
1703 	struct inet_connection_sock *icsk = inet_csk(sk);
1704 
1705 	tcp_init_sock(sk);
1706 
1707 	icsk->icsk_af_ops = &ipv6_specific;
1708 
1709 #ifdef CONFIG_TCP_MD5SIG
1710 	tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
1711 #endif
1712 
1713 	return 0;
1714 }
1715 
1716 static void tcp_v6_destroy_sock(struct sock *sk)
1717 {
1718 	tcp_v4_destroy_sock(sk);
1719 	inet6_destroy_sock(sk);
1720 }
1721 
1722 #ifdef CONFIG_PROC_FS
1723 /* Proc filesystem TCPv6 sock list dumping. */
1724 static void get_openreq6(struct seq_file *seq,
1725 			 const struct request_sock *req, int i)
1726 {
1727 	long ttd = req->rsk_timer.expires - jiffies;
1728 	const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
1729 	const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
1730 
1731 	if (ttd < 0)
1732 		ttd = 0;
1733 
1734 	seq_printf(seq,
1735 		   "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1736 		   "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
1737 		   i,
1738 		   src->s6_addr32[0], src->s6_addr32[1],
1739 		   src->s6_addr32[2], src->s6_addr32[3],
1740 		   inet_rsk(req)->ir_num,
1741 		   dest->s6_addr32[0], dest->s6_addr32[1],
1742 		   dest->s6_addr32[2], dest->s6_addr32[3],
1743 		   ntohs(inet_rsk(req)->ir_rmt_port),
1744 		   TCP_SYN_RECV,
1745 		   0, 0, /* could print option size, but that is af dependent. */
1746 		   1,   /* timers active (only the expire timer) */
1747 		   jiffies_to_clock_t(ttd),
1748 		   req->num_timeout,
1749 		   from_kuid_munged(seq_user_ns(seq),
1750 				    sock_i_uid(req->rsk_listener)),
1751 		   0,  /* non standard timer */
1752 		   0, /* open_requests have no inode */
1753 		   0, req);
1754 }
1755 
1756 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1757 {
1758 	const struct in6_addr *dest, *src;
1759 	__u16 destp, srcp;
1760 	int timer_active;
1761 	unsigned long timer_expires;
1762 	const struct inet_sock *inet = inet_sk(sp);
1763 	const struct tcp_sock *tp = tcp_sk(sp);
1764 	const struct inet_connection_sock *icsk = inet_csk(sp);
1765 	const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq;
1766 	int rx_queue;
1767 	int state;
1768 
1769 	dest  = &sp->sk_v6_daddr;
1770 	src   = &sp->sk_v6_rcv_saddr;
1771 	destp = ntohs(inet->inet_dport);
1772 	srcp  = ntohs(inet->inet_sport);
1773 
1774 	if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
1775 	    icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT ||
1776 	    icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
1777 		timer_active	= 1;
1778 		timer_expires	= icsk->icsk_timeout;
1779 	} else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1780 		timer_active	= 4;
1781 		timer_expires	= icsk->icsk_timeout;
1782 	} else if (timer_pending(&sp->sk_timer)) {
1783 		timer_active	= 2;
1784 		timer_expires	= sp->sk_timer.expires;
1785 	} else {
1786 		timer_active	= 0;
1787 		timer_expires = jiffies;
1788 	}
1789 
1790 	state = sk_state_load(sp);
1791 	if (state == TCP_LISTEN)
1792 		rx_queue = sp->sk_ack_backlog;
1793 	else
1794 		/* Because we don't lock the socket,
1795 		 * we might find a transient negative value.
1796 		 */
1797 		rx_queue = max_t(int, tp->rcv_nxt - tp->copied_seq, 0);
1798 
1799 	seq_printf(seq,
1800 		   "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1801 		   "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
1802 		   i,
1803 		   src->s6_addr32[0], src->s6_addr32[1],
1804 		   src->s6_addr32[2], src->s6_addr32[3], srcp,
1805 		   dest->s6_addr32[0], dest->s6_addr32[1],
1806 		   dest->s6_addr32[2], dest->s6_addr32[3], destp,
1807 		   state,
1808 		   tp->write_seq - tp->snd_una,
1809 		   rx_queue,
1810 		   timer_active,
1811 		   jiffies_delta_to_clock_t(timer_expires - jiffies),
1812 		   icsk->icsk_retransmits,
1813 		   from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
1814 		   icsk->icsk_probes_out,
1815 		   sock_i_ino(sp),
1816 		   refcount_read(&sp->sk_refcnt), sp,
1817 		   jiffies_to_clock_t(icsk->icsk_rto),
1818 		   jiffies_to_clock_t(icsk->icsk_ack.ato),
1819 		   (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
1820 		   tp->snd_cwnd,
1821 		   state == TCP_LISTEN ?
1822 			fastopenq->max_qlen :
1823 			(tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
1824 		   );
1825 }
1826 
1827 static void get_timewait6_sock(struct seq_file *seq,
1828 			       struct inet_timewait_sock *tw, int i)
1829 {
1830 	long delta = tw->tw_timer.expires - jiffies;
1831 	const struct in6_addr *dest, *src;
1832 	__u16 destp, srcp;
1833 
1834 	dest = &tw->tw_v6_daddr;
1835 	src  = &tw->tw_v6_rcv_saddr;
1836 	destp = ntohs(tw->tw_dport);
1837 	srcp  = ntohs(tw->tw_sport);
1838 
1839 	seq_printf(seq,
1840 		   "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1841 		   "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1842 		   i,
1843 		   src->s6_addr32[0], src->s6_addr32[1],
1844 		   src->s6_addr32[2], src->s6_addr32[3], srcp,
1845 		   dest->s6_addr32[0], dest->s6_addr32[1],
1846 		   dest->s6_addr32[2], dest->s6_addr32[3], destp,
1847 		   tw->tw_substate, 0, 0,
1848 		   3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
1849 		   refcount_read(&tw->tw_refcnt), tw);
1850 }
1851 
1852 static int tcp6_seq_show(struct seq_file *seq, void *v)
1853 {
1854 	struct tcp_iter_state *st;
1855 	struct sock *sk = v;
1856 
1857 	if (v == SEQ_START_TOKEN) {
1858 		seq_puts(seq,
1859 			 "  sl  "
1860 			 "local_address                         "
1861 			 "remote_address                        "
1862 			 "st tx_queue rx_queue tr tm->when retrnsmt"
1863 			 "   uid  timeout inode\n");
1864 		goto out;
1865 	}
1866 	st = seq->private;
1867 
1868 	if (sk->sk_state == TCP_TIME_WAIT)
1869 		get_timewait6_sock(seq, v, st->num);
1870 	else if (sk->sk_state == TCP_NEW_SYN_RECV)
1871 		get_openreq6(seq, v, st->num);
1872 	else
1873 		get_tcp6_sock(seq, v, st->num);
1874 out:
1875 	return 0;
1876 }
1877 
1878 static const struct file_operations tcp6_afinfo_seq_fops = {
1879 	.owner   = THIS_MODULE,
1880 	.open    = tcp_seq_open,
1881 	.read    = seq_read,
1882 	.llseek  = seq_lseek,
1883 	.release = seq_release_net
1884 };
1885 
1886 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1887 	.name		= "tcp6",
1888 	.family		= AF_INET6,
1889 	.seq_fops	= &tcp6_afinfo_seq_fops,
1890 	.seq_ops	= {
1891 		.show		= tcp6_seq_show,
1892 	},
1893 };
1894 
1895 int __net_init tcp6_proc_init(struct net *net)
1896 {
1897 	return tcp_proc_register(net, &tcp6_seq_afinfo);
1898 }
1899 
1900 void tcp6_proc_exit(struct net *net)
1901 {
1902 	tcp_proc_unregister(net, &tcp6_seq_afinfo);
1903 }
1904 #endif
1905 
1906 struct proto tcpv6_prot = {
1907 	.name			= "TCPv6",
1908 	.owner			= THIS_MODULE,
1909 	.close			= tcp_close,
1910 	.connect		= tcp_v6_connect,
1911 	.disconnect		= tcp_disconnect,
1912 	.accept			= inet_csk_accept,
1913 	.ioctl			= tcp_ioctl,
1914 	.init			= tcp_v6_init_sock,
1915 	.destroy		= tcp_v6_destroy_sock,
1916 	.shutdown		= tcp_shutdown,
1917 	.setsockopt		= tcp_setsockopt,
1918 	.getsockopt		= tcp_getsockopt,
1919 	.keepalive		= tcp_set_keepalive,
1920 	.recvmsg		= tcp_recvmsg,
1921 	.sendmsg		= tcp_sendmsg,
1922 	.sendpage		= tcp_sendpage,
1923 	.backlog_rcv		= tcp_v6_do_rcv,
1924 	.release_cb		= tcp_release_cb,
1925 	.hash			= inet6_hash,
1926 	.unhash			= inet_unhash,
1927 	.get_port		= inet_csk_get_port,
1928 	.enter_memory_pressure	= tcp_enter_memory_pressure,
1929 	.leave_memory_pressure	= tcp_leave_memory_pressure,
1930 	.stream_memory_free	= tcp_stream_memory_free,
1931 	.sockets_allocated	= &tcp_sockets_allocated,
1932 	.memory_allocated	= &tcp_memory_allocated,
1933 	.memory_pressure	= &tcp_memory_pressure,
1934 	.orphan_count		= &tcp_orphan_count,
1935 	.sysctl_mem		= sysctl_tcp_mem,
1936 	.sysctl_wmem		= sysctl_tcp_wmem,
1937 	.sysctl_rmem		= sysctl_tcp_rmem,
1938 	.max_header		= MAX_TCP_HEADER,
1939 	.obj_size		= sizeof(struct tcp6_sock),
1940 	.slab_flags		= SLAB_TYPESAFE_BY_RCU,
1941 	.twsk_prot		= &tcp6_timewait_sock_ops,
1942 	.rsk_prot		= &tcp6_request_sock_ops,
1943 	.h.hashinfo		= &tcp_hashinfo,
1944 	.no_autobind		= true,
1945 #ifdef CONFIG_COMPAT
1946 	.compat_setsockopt	= compat_tcp_setsockopt,
1947 	.compat_getsockopt	= compat_tcp_getsockopt,
1948 #endif
1949 	.diag_destroy		= tcp_abort,
1950 };
1951 
1952 /* thinking of making this const? Don't.
1953  * early_demux can change based on sysctl.
1954  */
1955 static struct inet6_protocol tcpv6_protocol = {
1956 	.early_demux	=	tcp_v6_early_demux,
1957 	.early_demux_handler =  tcp_v6_early_demux,
1958 	.handler	=	tcp_v6_rcv,
1959 	.err_handler	=	tcp_v6_err,
1960 	.flags		=	INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1961 };
1962 
1963 static struct inet_protosw tcpv6_protosw = {
1964 	.type		=	SOCK_STREAM,
1965 	.protocol	=	IPPROTO_TCP,
1966 	.prot		=	&tcpv6_prot,
1967 	.ops		=	&inet6_stream_ops,
1968 	.flags		=	INET_PROTOSW_PERMANENT |
1969 				INET_PROTOSW_ICSK,
1970 };
1971 
1972 static int __net_init tcpv6_net_init(struct net *net)
1973 {
1974 	return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
1975 				    SOCK_RAW, IPPROTO_TCP, net);
1976 }
1977 
1978 static void __net_exit tcpv6_net_exit(struct net *net)
1979 {
1980 	inet_ctl_sock_destroy(net->ipv6.tcp_sk);
1981 }
1982 
1983 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
1984 {
1985 	inet_twsk_purge(&tcp_hashinfo, AF_INET6);
1986 }
1987 
1988 static struct pernet_operations tcpv6_net_ops = {
1989 	.init	    = tcpv6_net_init,
1990 	.exit	    = tcpv6_net_exit,
1991 	.exit_batch = tcpv6_net_exit_batch,
1992 };
1993 
1994 int __init tcpv6_init(void)
1995 {
1996 	int ret;
1997 
1998 	ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
1999 	if (ret)
2000 		goto out;
2001 
2002 	/* register inet6 protocol */
2003 	ret = inet6_register_protosw(&tcpv6_protosw);
2004 	if (ret)
2005 		goto out_tcpv6_protocol;
2006 
2007 	ret = register_pernet_subsys(&tcpv6_net_ops);
2008 	if (ret)
2009 		goto out_tcpv6_protosw;
2010 out:
2011 	return ret;
2012 
2013 out_tcpv6_protosw:
2014 	inet6_unregister_protosw(&tcpv6_protosw);
2015 out_tcpv6_protocol:
2016 	inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2017 	goto out;
2018 }
2019 
2020 void tcpv6_exit(void)
2021 {
2022 	unregister_pernet_subsys(&tcpv6_net_ops);
2023 	inet6_unregister_protosw(&tcpv6_protosw);
2024 	inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2025 }
2026