1 /* 2 * TCP over IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on: 9 * linux/net/ipv4/tcp.c 10 * linux/net/ipv4/tcp_input.c 11 * linux/net/ipv4/tcp_output.c 12 * 13 * Fixes: 14 * Hideaki YOSHIFUJI : sin6_scope_id support 15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which 16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind 17 * a single port at the same time. 18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file. 19 * 20 * This program is free software; you can redistribute it and/or 21 * modify it under the terms of the GNU General Public License 22 * as published by the Free Software Foundation; either version 23 * 2 of the License, or (at your option) any later version. 24 */ 25 26 #include <linux/bottom_half.h> 27 #include <linux/module.h> 28 #include <linux/errno.h> 29 #include <linux/types.h> 30 #include <linux/socket.h> 31 #include <linux/sockios.h> 32 #include <linux/net.h> 33 #include <linux/jiffies.h> 34 #include <linux/in.h> 35 #include <linux/in6.h> 36 #include <linux/netdevice.h> 37 #include <linux/init.h> 38 #include <linux/jhash.h> 39 #include <linux/ipsec.h> 40 #include <linux/times.h> 41 #include <linux/slab.h> 42 43 #include <linux/ipv6.h> 44 #include <linux/icmpv6.h> 45 #include <linux/random.h> 46 47 #include <net/tcp.h> 48 #include <net/ndisc.h> 49 #include <net/inet6_hashtables.h> 50 #include <net/inet6_connection_sock.h> 51 #include <net/ipv6.h> 52 #include <net/transp_v6.h> 53 #include <net/addrconf.h> 54 #include <net/ip6_route.h> 55 #include <net/ip6_checksum.h> 56 #include <net/inet_ecn.h> 57 #include <net/protocol.h> 58 #include <net/xfrm.h> 59 #include <net/snmp.h> 60 #include <net/dsfield.h> 61 #include <net/timewait_sock.h> 62 #include <net/netdma.h> 63 #include <net/inet_common.h> 64 #include <net/secure_seq.h> 65 #include <net/tcp_memcontrol.h> 66 67 #include <asm/uaccess.h> 68 69 #include <linux/proc_fs.h> 70 #include <linux/seq_file.h> 71 72 #include <linux/crypto.h> 73 #include <linux/scatterlist.h> 74 75 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb); 76 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb, 77 struct request_sock *req); 78 79 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb); 80 81 static const struct inet_connection_sock_af_ops ipv6_mapped; 82 static const struct inet_connection_sock_af_ops ipv6_specific; 83 #ifdef CONFIG_TCP_MD5SIG 84 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific; 85 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific; 86 #else 87 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, 88 const struct in6_addr *addr) 89 { 90 return NULL; 91 } 92 #endif 93 94 static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) 95 { 96 struct dst_entry *dst = skb_dst(skb); 97 const struct rt6_info *rt = (const struct rt6_info *)dst; 98 99 dst_hold(dst); 100 sk->sk_rx_dst = dst; 101 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif; 102 if (rt->rt6i_node) 103 inet6_sk(sk)->rx_dst_cookie = rt->rt6i_node->fn_sernum; 104 } 105 106 static void tcp_v6_hash(struct sock *sk) 107 { 108 if (sk->sk_state != TCP_CLOSE) { 109 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) { 110 tcp_prot.hash(sk); 111 return; 112 } 113 local_bh_disable(); 114 __inet6_hash(sk, NULL); 115 local_bh_enable(); 116 } 117 } 118 119 static __u32 tcp_v6_init_sequence(const struct sk_buff *skb) 120 { 121 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32, 122 ipv6_hdr(skb)->saddr.s6_addr32, 123 tcp_hdr(skb)->dest, 124 tcp_hdr(skb)->source); 125 } 126 127 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 128 int addr_len) 129 { 130 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; 131 struct inet_sock *inet = inet_sk(sk); 132 struct inet_connection_sock *icsk = inet_csk(sk); 133 struct ipv6_pinfo *np = inet6_sk(sk); 134 struct tcp_sock *tp = tcp_sk(sk); 135 struct in6_addr *saddr = NULL, *final_p, final; 136 struct rt6_info *rt; 137 struct flowi6 fl6; 138 struct dst_entry *dst; 139 int addr_type; 140 int err; 141 142 if (addr_len < SIN6_LEN_RFC2133) 143 return -EINVAL; 144 145 if (usin->sin6_family != AF_INET6) 146 return -EAFNOSUPPORT; 147 148 memset(&fl6, 0, sizeof(fl6)); 149 150 if (np->sndflow) { 151 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK; 152 IP6_ECN_flow_init(fl6.flowlabel); 153 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) { 154 struct ip6_flowlabel *flowlabel; 155 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); 156 if (flowlabel == NULL) 157 return -EINVAL; 158 usin->sin6_addr = flowlabel->dst; 159 fl6_sock_release(flowlabel); 160 } 161 } 162 163 /* 164 * connect() to INADDR_ANY means loopback (BSD'ism). 165 */ 166 167 if(ipv6_addr_any(&usin->sin6_addr)) 168 usin->sin6_addr.s6_addr[15] = 0x1; 169 170 addr_type = ipv6_addr_type(&usin->sin6_addr); 171 172 if(addr_type & IPV6_ADDR_MULTICAST) 173 return -ENETUNREACH; 174 175 if (addr_type&IPV6_ADDR_LINKLOCAL) { 176 if (addr_len >= sizeof(struct sockaddr_in6) && 177 usin->sin6_scope_id) { 178 /* If interface is set while binding, indices 179 * must coincide. 180 */ 181 if (sk->sk_bound_dev_if && 182 sk->sk_bound_dev_if != usin->sin6_scope_id) 183 return -EINVAL; 184 185 sk->sk_bound_dev_if = usin->sin6_scope_id; 186 } 187 188 /* Connect to link-local address requires an interface */ 189 if (!sk->sk_bound_dev_if) 190 return -EINVAL; 191 } 192 193 if (tp->rx_opt.ts_recent_stamp && 194 !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) { 195 tp->rx_opt.ts_recent = 0; 196 tp->rx_opt.ts_recent_stamp = 0; 197 tp->write_seq = 0; 198 } 199 200 np->daddr = usin->sin6_addr; 201 np->flow_label = fl6.flowlabel; 202 203 /* 204 * TCP over IPv4 205 */ 206 207 if (addr_type == IPV6_ADDR_MAPPED) { 208 u32 exthdrlen = icsk->icsk_ext_hdr_len; 209 struct sockaddr_in sin; 210 211 SOCK_DEBUG(sk, "connect: ipv4 mapped\n"); 212 213 if (__ipv6_only_sock(sk)) 214 return -ENETUNREACH; 215 216 sin.sin_family = AF_INET; 217 sin.sin_port = usin->sin6_port; 218 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3]; 219 220 icsk->icsk_af_ops = &ipv6_mapped; 221 sk->sk_backlog_rcv = tcp_v4_do_rcv; 222 #ifdef CONFIG_TCP_MD5SIG 223 tp->af_specific = &tcp_sock_ipv6_mapped_specific; 224 #endif 225 226 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin)); 227 228 if (err) { 229 icsk->icsk_ext_hdr_len = exthdrlen; 230 icsk->icsk_af_ops = &ipv6_specific; 231 sk->sk_backlog_rcv = tcp_v6_do_rcv; 232 #ifdef CONFIG_TCP_MD5SIG 233 tp->af_specific = &tcp_sock_ipv6_specific; 234 #endif 235 goto failure; 236 } else { 237 ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr); 238 ipv6_addr_set_v4mapped(inet->inet_rcv_saddr, 239 &np->rcv_saddr); 240 } 241 242 return err; 243 } 244 245 if (!ipv6_addr_any(&np->rcv_saddr)) 246 saddr = &np->rcv_saddr; 247 248 fl6.flowi6_proto = IPPROTO_TCP; 249 fl6.daddr = np->daddr; 250 fl6.saddr = saddr ? *saddr : np->saddr; 251 fl6.flowi6_oif = sk->sk_bound_dev_if; 252 fl6.flowi6_mark = sk->sk_mark; 253 fl6.fl6_dport = usin->sin6_port; 254 fl6.fl6_sport = inet->inet_sport; 255 256 final_p = fl6_update_dst(&fl6, np->opt, &final); 257 258 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); 259 260 dst = ip6_dst_lookup_flow(sk, &fl6, final_p, true); 261 if (IS_ERR(dst)) { 262 err = PTR_ERR(dst); 263 goto failure; 264 } 265 266 if (saddr == NULL) { 267 saddr = &fl6.saddr; 268 np->rcv_saddr = *saddr; 269 } 270 271 /* set the source address */ 272 np->saddr = *saddr; 273 inet->inet_rcv_saddr = LOOPBACK4_IPV6; 274 275 sk->sk_gso_type = SKB_GSO_TCPV6; 276 __ip6_dst_store(sk, dst, NULL, NULL); 277 278 rt = (struct rt6_info *) dst; 279 if (tcp_death_row.sysctl_tw_recycle && 280 !tp->rx_opt.ts_recent_stamp && 281 ipv6_addr_equal(&rt->rt6i_dst.addr, &np->daddr)) 282 tcp_fetch_timewait_stamp(sk, dst); 283 284 icsk->icsk_ext_hdr_len = 0; 285 if (np->opt) 286 icsk->icsk_ext_hdr_len = (np->opt->opt_flen + 287 np->opt->opt_nflen); 288 289 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 290 291 inet->inet_dport = usin->sin6_port; 292 293 tcp_set_state(sk, TCP_SYN_SENT); 294 err = inet6_hash_connect(&tcp_death_row, sk); 295 if (err) 296 goto late_failure; 297 298 if (!tp->write_seq && likely(!tp->repair)) 299 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32, 300 np->daddr.s6_addr32, 301 inet->inet_sport, 302 inet->inet_dport); 303 304 err = tcp_connect(sk); 305 if (err) 306 goto late_failure; 307 308 return 0; 309 310 late_failure: 311 tcp_set_state(sk, TCP_CLOSE); 312 __sk_dst_reset(sk); 313 failure: 314 inet->inet_dport = 0; 315 sk->sk_route_caps = 0; 316 return err; 317 } 318 319 static void tcp_v6_mtu_reduced(struct sock *sk) 320 { 321 struct dst_entry *dst; 322 323 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) 324 return; 325 326 dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info); 327 if (!dst) 328 return; 329 330 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) { 331 tcp_sync_mss(sk, dst_mtu(dst)); 332 tcp_simple_retransmit(sk); 333 } 334 } 335 336 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 337 u8 type, u8 code, int offset, __be32 info) 338 { 339 const struct ipv6hdr *hdr = (const struct ipv6hdr*)skb->data; 340 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset); 341 struct ipv6_pinfo *np; 342 struct sock *sk; 343 int err; 344 struct tcp_sock *tp; 345 __u32 seq; 346 struct net *net = dev_net(skb->dev); 347 348 sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr, 349 th->dest, &hdr->saddr, th->source, skb->dev->ifindex); 350 351 if (sk == NULL) { 352 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev), 353 ICMP6_MIB_INERRORS); 354 return; 355 } 356 357 if (sk->sk_state == TCP_TIME_WAIT) { 358 inet_twsk_put(inet_twsk(sk)); 359 return; 360 } 361 362 bh_lock_sock(sk); 363 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG) 364 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS); 365 366 if (sk->sk_state == TCP_CLOSE) 367 goto out; 368 369 if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) { 370 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); 371 goto out; 372 } 373 374 tp = tcp_sk(sk); 375 seq = ntohl(th->seq); 376 if (sk->sk_state != TCP_LISTEN && 377 !between(seq, tp->snd_una, tp->snd_nxt)) { 378 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 379 goto out; 380 } 381 382 np = inet6_sk(sk); 383 384 if (type == NDISC_REDIRECT) { 385 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie); 386 387 if (dst) 388 dst->ops->redirect(dst, sk, skb); 389 } 390 391 if (type == ICMPV6_PKT_TOOBIG) { 392 tp->mtu_info = ntohl(info); 393 if (!sock_owned_by_user(sk)) 394 tcp_v6_mtu_reduced(sk); 395 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED, 396 &tp->tsq_flags)) 397 sock_hold(sk); 398 goto out; 399 } 400 401 icmpv6_err_convert(type, code, &err); 402 403 /* Might be for an request_sock */ 404 switch (sk->sk_state) { 405 struct request_sock *req, **prev; 406 case TCP_LISTEN: 407 if (sock_owned_by_user(sk)) 408 goto out; 409 410 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr, 411 &hdr->saddr, inet6_iif(skb)); 412 if (!req) 413 goto out; 414 415 /* ICMPs are not backlogged, hence we cannot get 416 * an established socket here. 417 */ 418 WARN_ON(req->sk != NULL); 419 420 if (seq != tcp_rsk(req)->snt_isn) { 421 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 422 goto out; 423 } 424 425 inet_csk_reqsk_queue_drop(sk, req, prev); 426 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); 427 goto out; 428 429 case TCP_SYN_SENT: 430 case TCP_SYN_RECV: /* Cannot happen. 431 It can, it SYNs are crossed. --ANK */ 432 if (!sock_owned_by_user(sk)) { 433 sk->sk_err = err; 434 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */ 435 436 tcp_done(sk); 437 } else 438 sk->sk_err_soft = err; 439 goto out; 440 } 441 442 if (!sock_owned_by_user(sk) && np->recverr) { 443 sk->sk_err = err; 444 sk->sk_error_report(sk); 445 } else 446 sk->sk_err_soft = err; 447 448 out: 449 bh_unlock_sock(sk); 450 sock_put(sk); 451 } 452 453 454 static int tcp_v6_send_synack(struct sock *sk, struct dst_entry *dst, 455 struct flowi6 *fl6, 456 struct request_sock *req, 457 struct request_values *rvp, 458 u16 queue_mapping) 459 { 460 struct inet6_request_sock *treq = inet6_rsk(req); 461 struct ipv6_pinfo *np = inet6_sk(sk); 462 struct sk_buff * skb; 463 int err = -ENOMEM; 464 465 /* First, grab a route. */ 466 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req)) == NULL) 467 goto done; 468 469 skb = tcp_make_synack(sk, dst, req, rvp, NULL); 470 471 if (skb) { 472 __tcp_v6_send_check(skb, &treq->loc_addr, &treq->rmt_addr); 473 474 fl6->daddr = treq->rmt_addr; 475 skb_set_queue_mapping(skb, queue_mapping); 476 err = ip6_xmit(sk, skb, fl6, np->opt, np->tclass); 477 err = net_xmit_eval(err); 478 } 479 480 done: 481 return err; 482 } 483 484 static int tcp_v6_rtx_synack(struct sock *sk, struct request_sock *req, 485 struct request_values *rvp) 486 { 487 struct flowi6 fl6; 488 int res; 489 490 res = tcp_v6_send_synack(sk, NULL, &fl6, req, rvp, 0); 491 if (!res) 492 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_RETRANSSEGS); 493 return res; 494 } 495 496 static void tcp_v6_reqsk_destructor(struct request_sock *req) 497 { 498 kfree_skb(inet6_rsk(req)->pktopts); 499 } 500 501 #ifdef CONFIG_TCP_MD5SIG 502 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, 503 const struct in6_addr *addr) 504 { 505 return tcp_md5_do_lookup(sk, (union tcp_md5_addr *)addr, AF_INET6); 506 } 507 508 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk, 509 struct sock *addr_sk) 510 { 511 return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr); 512 } 513 514 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk, 515 struct request_sock *req) 516 { 517 return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr); 518 } 519 520 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval, 521 int optlen) 522 { 523 struct tcp_md5sig cmd; 524 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr; 525 526 if (optlen < sizeof(cmd)) 527 return -EINVAL; 528 529 if (copy_from_user(&cmd, optval, sizeof(cmd))) 530 return -EFAULT; 531 532 if (sin6->sin6_family != AF_INET6) 533 return -EINVAL; 534 535 if (!cmd.tcpm_keylen) { 536 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) 537 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3], 538 AF_INET); 539 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr, 540 AF_INET6); 541 } 542 543 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN) 544 return -EINVAL; 545 546 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) 547 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3], 548 AF_INET, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL); 549 550 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr, 551 AF_INET6, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL); 552 } 553 554 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp, 555 const struct in6_addr *daddr, 556 const struct in6_addr *saddr, int nbytes) 557 { 558 struct tcp6_pseudohdr *bp; 559 struct scatterlist sg; 560 561 bp = &hp->md5_blk.ip6; 562 /* 1. TCP pseudo-header (RFC2460) */ 563 bp->saddr = *saddr; 564 bp->daddr = *daddr; 565 bp->protocol = cpu_to_be32(IPPROTO_TCP); 566 bp->len = cpu_to_be32(nbytes); 567 568 sg_init_one(&sg, bp, sizeof(*bp)); 569 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp)); 570 } 571 572 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key, 573 const struct in6_addr *daddr, struct in6_addr *saddr, 574 const struct tcphdr *th) 575 { 576 struct tcp_md5sig_pool *hp; 577 struct hash_desc *desc; 578 579 hp = tcp_get_md5sig_pool(); 580 if (!hp) 581 goto clear_hash_noput; 582 desc = &hp->md5_desc; 583 584 if (crypto_hash_init(desc)) 585 goto clear_hash; 586 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2)) 587 goto clear_hash; 588 if (tcp_md5_hash_header(hp, th)) 589 goto clear_hash; 590 if (tcp_md5_hash_key(hp, key)) 591 goto clear_hash; 592 if (crypto_hash_final(desc, md5_hash)) 593 goto clear_hash; 594 595 tcp_put_md5sig_pool(); 596 return 0; 597 598 clear_hash: 599 tcp_put_md5sig_pool(); 600 clear_hash_noput: 601 memset(md5_hash, 0, 16); 602 return 1; 603 } 604 605 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key, 606 const struct sock *sk, 607 const struct request_sock *req, 608 const struct sk_buff *skb) 609 { 610 const struct in6_addr *saddr, *daddr; 611 struct tcp_md5sig_pool *hp; 612 struct hash_desc *desc; 613 const struct tcphdr *th = tcp_hdr(skb); 614 615 if (sk) { 616 saddr = &inet6_sk(sk)->saddr; 617 daddr = &inet6_sk(sk)->daddr; 618 } else if (req) { 619 saddr = &inet6_rsk(req)->loc_addr; 620 daddr = &inet6_rsk(req)->rmt_addr; 621 } else { 622 const struct ipv6hdr *ip6h = ipv6_hdr(skb); 623 saddr = &ip6h->saddr; 624 daddr = &ip6h->daddr; 625 } 626 627 hp = tcp_get_md5sig_pool(); 628 if (!hp) 629 goto clear_hash_noput; 630 desc = &hp->md5_desc; 631 632 if (crypto_hash_init(desc)) 633 goto clear_hash; 634 635 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len)) 636 goto clear_hash; 637 if (tcp_md5_hash_header(hp, th)) 638 goto clear_hash; 639 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2)) 640 goto clear_hash; 641 if (tcp_md5_hash_key(hp, key)) 642 goto clear_hash; 643 if (crypto_hash_final(desc, md5_hash)) 644 goto clear_hash; 645 646 tcp_put_md5sig_pool(); 647 return 0; 648 649 clear_hash: 650 tcp_put_md5sig_pool(); 651 clear_hash_noput: 652 memset(md5_hash, 0, 16); 653 return 1; 654 } 655 656 static int tcp_v6_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb) 657 { 658 const __u8 *hash_location = NULL; 659 struct tcp_md5sig_key *hash_expected; 660 const struct ipv6hdr *ip6h = ipv6_hdr(skb); 661 const struct tcphdr *th = tcp_hdr(skb); 662 int genhash; 663 u8 newhash[16]; 664 665 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr); 666 hash_location = tcp_parse_md5sig_option(th); 667 668 /* We've parsed the options - do we have a hash? */ 669 if (!hash_expected && !hash_location) 670 return 0; 671 672 if (hash_expected && !hash_location) { 673 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND); 674 return 1; 675 } 676 677 if (!hash_expected && hash_location) { 678 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED); 679 return 1; 680 } 681 682 /* check the signature */ 683 genhash = tcp_v6_md5_hash_skb(newhash, 684 hash_expected, 685 NULL, NULL, skb); 686 687 if (genhash || memcmp(hash_location, newhash, 16) != 0) { 688 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n", 689 genhash ? "failed" : "mismatch", 690 &ip6h->saddr, ntohs(th->source), 691 &ip6h->daddr, ntohs(th->dest)); 692 return 1; 693 } 694 return 0; 695 } 696 #endif 697 698 struct request_sock_ops tcp6_request_sock_ops __read_mostly = { 699 .family = AF_INET6, 700 .obj_size = sizeof(struct tcp6_request_sock), 701 .rtx_syn_ack = tcp_v6_rtx_synack, 702 .send_ack = tcp_v6_reqsk_send_ack, 703 .destructor = tcp_v6_reqsk_destructor, 704 .send_reset = tcp_v6_send_reset, 705 .syn_ack_timeout = tcp_syn_ack_timeout, 706 }; 707 708 #ifdef CONFIG_TCP_MD5SIG 709 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = { 710 .md5_lookup = tcp_v6_reqsk_md5_lookup, 711 .calc_md5_hash = tcp_v6_md5_hash_skb, 712 }; 713 #endif 714 715 static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win, 716 u32 tsval, u32 tsecr, 717 struct tcp_md5sig_key *key, int rst, u8 tclass) 718 { 719 const struct tcphdr *th = tcp_hdr(skb); 720 struct tcphdr *t1; 721 struct sk_buff *buff; 722 struct flowi6 fl6; 723 struct net *net = dev_net(skb_dst(skb)->dev); 724 struct sock *ctl_sk = net->ipv6.tcp_sk; 725 unsigned int tot_len = sizeof(struct tcphdr); 726 struct dst_entry *dst; 727 __be32 *topt; 728 729 if (tsecr) 730 tot_len += TCPOLEN_TSTAMP_ALIGNED; 731 #ifdef CONFIG_TCP_MD5SIG 732 if (key) 733 tot_len += TCPOLEN_MD5SIG_ALIGNED; 734 #endif 735 736 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len, 737 GFP_ATOMIC); 738 if (buff == NULL) 739 return; 740 741 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len); 742 743 t1 = (struct tcphdr *) skb_push(buff, tot_len); 744 skb_reset_transport_header(buff); 745 746 /* Swap the send and the receive. */ 747 memset(t1, 0, sizeof(*t1)); 748 t1->dest = th->source; 749 t1->source = th->dest; 750 t1->doff = tot_len / 4; 751 t1->seq = htonl(seq); 752 t1->ack_seq = htonl(ack); 753 t1->ack = !rst || !th->ack; 754 t1->rst = rst; 755 t1->window = htons(win); 756 757 topt = (__be32 *)(t1 + 1); 758 759 if (tsecr) { 760 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 761 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP); 762 *topt++ = htonl(tsval); 763 *topt++ = htonl(tsecr); 764 } 765 766 #ifdef CONFIG_TCP_MD5SIG 767 if (key) { 768 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 769 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); 770 tcp_v6_md5_hash_hdr((__u8 *)topt, key, 771 &ipv6_hdr(skb)->saddr, 772 &ipv6_hdr(skb)->daddr, t1); 773 } 774 #endif 775 776 memset(&fl6, 0, sizeof(fl6)); 777 fl6.daddr = ipv6_hdr(skb)->saddr; 778 fl6.saddr = ipv6_hdr(skb)->daddr; 779 780 buff->ip_summed = CHECKSUM_PARTIAL; 781 buff->csum = 0; 782 783 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr); 784 785 fl6.flowi6_proto = IPPROTO_TCP; 786 if (ipv6_addr_type(&fl6.daddr) & IPV6_ADDR_LINKLOCAL) 787 fl6.flowi6_oif = inet6_iif(skb); 788 fl6.fl6_dport = t1->dest; 789 fl6.fl6_sport = t1->source; 790 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); 791 792 /* Pass a socket to ip6_dst_lookup either it is for RST 793 * Underlying function will use this to retrieve the network 794 * namespace 795 */ 796 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL, false); 797 if (!IS_ERR(dst)) { 798 skb_dst_set(buff, dst); 799 ip6_xmit(ctl_sk, buff, &fl6, NULL, tclass); 800 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS); 801 if (rst) 802 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS); 803 return; 804 } 805 806 kfree_skb(buff); 807 } 808 809 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb) 810 { 811 const struct tcphdr *th = tcp_hdr(skb); 812 u32 seq = 0, ack_seq = 0; 813 struct tcp_md5sig_key *key = NULL; 814 #ifdef CONFIG_TCP_MD5SIG 815 const __u8 *hash_location = NULL; 816 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 817 unsigned char newhash[16]; 818 int genhash; 819 struct sock *sk1 = NULL; 820 #endif 821 822 if (th->rst) 823 return; 824 825 if (!ipv6_unicast_destination(skb)) 826 return; 827 828 #ifdef CONFIG_TCP_MD5SIG 829 hash_location = tcp_parse_md5sig_option(th); 830 if (!sk && hash_location) { 831 /* 832 * active side is lost. Try to find listening socket through 833 * source port, and then find md5 key through listening socket. 834 * we are not loose security here: 835 * Incoming packet is checked with md5 hash with finding key, 836 * no RST generated if md5 hash doesn't match. 837 */ 838 sk1 = inet6_lookup_listener(dev_net(skb_dst(skb)->dev), 839 &tcp_hashinfo, &ipv6h->saddr, 840 th->source, &ipv6h->daddr, 841 ntohs(th->source), inet6_iif(skb)); 842 if (!sk1) 843 return; 844 845 rcu_read_lock(); 846 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr); 847 if (!key) 848 goto release_sk1; 849 850 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, NULL, skb); 851 if (genhash || memcmp(hash_location, newhash, 16) != 0) 852 goto release_sk1; 853 } else { 854 key = sk ? tcp_v6_md5_do_lookup(sk, &ipv6h->saddr) : NULL; 855 } 856 #endif 857 858 if (th->ack) 859 seq = ntohl(th->ack_seq); 860 else 861 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len - 862 (th->doff << 2); 863 864 tcp_v6_send_response(skb, seq, ack_seq, 0, 0, 0, key, 1, 0); 865 866 #ifdef CONFIG_TCP_MD5SIG 867 release_sk1: 868 if (sk1) { 869 rcu_read_unlock(); 870 sock_put(sk1); 871 } 872 #endif 873 } 874 875 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, 876 u32 win, u32 tsval, u32 tsecr, 877 struct tcp_md5sig_key *key, u8 tclass) 878 { 879 tcp_v6_send_response(skb, seq, ack, win, tsval, tsecr, key, 0, tclass); 880 } 881 882 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb) 883 { 884 struct inet_timewait_sock *tw = inet_twsk(sk); 885 struct tcp_timewait_sock *tcptw = tcp_twsk(sk); 886 887 tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt, 888 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale, 889 tcp_time_stamp + tcptw->tw_ts_offset, 890 tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw), 891 tw->tw_tclass); 892 893 inet_twsk_put(tw); 894 } 895 896 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb, 897 struct request_sock *req) 898 { 899 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, 900 req->rcv_wnd, tcp_time_stamp, req->ts_recent, 901 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr), 0); 902 } 903 904 905 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb) 906 { 907 struct request_sock *req, **prev; 908 const struct tcphdr *th = tcp_hdr(skb); 909 struct sock *nsk; 910 911 /* Find possible connection requests. */ 912 req = inet6_csk_search_req(sk, &prev, th->source, 913 &ipv6_hdr(skb)->saddr, 914 &ipv6_hdr(skb)->daddr, inet6_iif(skb)); 915 if (req) 916 return tcp_check_req(sk, skb, req, prev, false); 917 918 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo, 919 &ipv6_hdr(skb)->saddr, th->source, 920 &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb)); 921 922 if (nsk) { 923 if (nsk->sk_state != TCP_TIME_WAIT) { 924 bh_lock_sock(nsk); 925 return nsk; 926 } 927 inet_twsk_put(inet_twsk(nsk)); 928 return NULL; 929 } 930 931 #ifdef CONFIG_SYN_COOKIES 932 if (!th->syn) 933 sk = cookie_v6_check(sk, skb); 934 #endif 935 return sk; 936 } 937 938 /* FIXME: this is substantially similar to the ipv4 code. 939 * Can some kind of merge be done? -- erics 940 */ 941 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb) 942 { 943 struct tcp_extend_values tmp_ext; 944 struct tcp_options_received tmp_opt; 945 const u8 *hash_location; 946 struct request_sock *req; 947 struct inet6_request_sock *treq; 948 struct ipv6_pinfo *np = inet6_sk(sk); 949 struct tcp_sock *tp = tcp_sk(sk); 950 __u32 isn = TCP_SKB_CB(skb)->when; 951 struct dst_entry *dst = NULL; 952 struct flowi6 fl6; 953 bool want_cookie = false; 954 955 if (skb->protocol == htons(ETH_P_IP)) 956 return tcp_v4_conn_request(sk, skb); 957 958 if (!ipv6_unicast_destination(skb)) 959 goto drop; 960 961 if (inet_csk_reqsk_queue_is_full(sk) && !isn) { 962 want_cookie = tcp_syn_flood_action(sk, skb, "TCPv6"); 963 if (!want_cookie) 964 goto drop; 965 } 966 967 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) { 968 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); 969 goto drop; 970 } 971 972 req = inet6_reqsk_alloc(&tcp6_request_sock_ops); 973 if (req == NULL) 974 goto drop; 975 976 #ifdef CONFIG_TCP_MD5SIG 977 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops; 978 #endif 979 980 tcp_clear_options(&tmp_opt); 981 tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 982 tmp_opt.user_mss = tp->rx_opt.user_mss; 983 tcp_parse_options(skb, &tmp_opt, &hash_location, 0, NULL); 984 985 if (tmp_opt.cookie_plus > 0 && 986 tmp_opt.saw_tstamp && 987 !tp->rx_opt.cookie_out_never && 988 (sysctl_tcp_cookie_size > 0 || 989 (tp->cookie_values != NULL && 990 tp->cookie_values->cookie_desired > 0))) { 991 u8 *c; 992 u32 *d; 993 u32 *mess = &tmp_ext.cookie_bakery[COOKIE_DIGEST_WORDS]; 994 int l = tmp_opt.cookie_plus - TCPOLEN_COOKIE_BASE; 995 996 if (tcp_cookie_generator(&tmp_ext.cookie_bakery[0]) != 0) 997 goto drop_and_free; 998 999 /* Secret recipe starts with IP addresses */ 1000 d = (__force u32 *)&ipv6_hdr(skb)->daddr.s6_addr32[0]; 1001 *mess++ ^= *d++; 1002 *mess++ ^= *d++; 1003 *mess++ ^= *d++; 1004 *mess++ ^= *d++; 1005 d = (__force u32 *)&ipv6_hdr(skb)->saddr.s6_addr32[0]; 1006 *mess++ ^= *d++; 1007 *mess++ ^= *d++; 1008 *mess++ ^= *d++; 1009 *mess++ ^= *d++; 1010 1011 /* plus variable length Initiator Cookie */ 1012 c = (u8 *)mess; 1013 while (l-- > 0) 1014 *c++ ^= *hash_location++; 1015 1016 want_cookie = false; /* not our kind of cookie */ 1017 tmp_ext.cookie_out_never = 0; /* false */ 1018 tmp_ext.cookie_plus = tmp_opt.cookie_plus; 1019 } else if (!tp->rx_opt.cookie_in_always) { 1020 /* redundant indications, but ensure initialization. */ 1021 tmp_ext.cookie_out_never = 1; /* true */ 1022 tmp_ext.cookie_plus = 0; 1023 } else { 1024 goto drop_and_free; 1025 } 1026 tmp_ext.cookie_in_always = tp->rx_opt.cookie_in_always; 1027 1028 if (want_cookie && !tmp_opt.saw_tstamp) 1029 tcp_clear_options(&tmp_opt); 1030 1031 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp; 1032 tcp_openreq_init(req, &tmp_opt, skb); 1033 1034 treq = inet6_rsk(req); 1035 treq->rmt_addr = ipv6_hdr(skb)->saddr; 1036 treq->loc_addr = ipv6_hdr(skb)->daddr; 1037 if (!want_cookie || tmp_opt.tstamp_ok) 1038 TCP_ECN_create_request(req, skb, sock_net(sk)); 1039 1040 treq->iif = sk->sk_bound_dev_if; 1041 1042 /* So that link locals have meaning */ 1043 if (!sk->sk_bound_dev_if && 1044 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL) 1045 treq->iif = inet6_iif(skb); 1046 1047 if (!isn) { 1048 if (ipv6_opt_accepted(sk, skb) || 1049 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || 1050 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) { 1051 atomic_inc(&skb->users); 1052 treq->pktopts = skb; 1053 } 1054 1055 if (want_cookie) { 1056 isn = cookie_v6_init_sequence(sk, skb, &req->mss); 1057 req->cookie_ts = tmp_opt.tstamp_ok; 1058 goto have_isn; 1059 } 1060 1061 /* VJ's idea. We save last timestamp seen 1062 * from the destination in peer table, when entering 1063 * state TIME-WAIT, and check against it before 1064 * accepting new connection request. 1065 * 1066 * If "isn" is not zero, this request hit alive 1067 * timewait bucket, so that all the necessary checks 1068 * are made in the function processing timewait state. 1069 */ 1070 if (tmp_opt.saw_tstamp && 1071 tcp_death_row.sysctl_tw_recycle && 1072 (dst = inet6_csk_route_req(sk, &fl6, req)) != NULL) { 1073 if (!tcp_peer_is_proven(req, dst, true)) { 1074 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSPASSIVEREJECTED); 1075 goto drop_and_release; 1076 } 1077 } 1078 /* Kill the following clause, if you dislike this way. */ 1079 else if (!sysctl_tcp_syncookies && 1080 (sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) < 1081 (sysctl_max_syn_backlog >> 2)) && 1082 !tcp_peer_is_proven(req, dst, false)) { 1083 /* Without syncookies last quarter of 1084 * backlog is filled with destinations, 1085 * proven to be alive. 1086 * It means that we continue to communicate 1087 * to destinations, already remembered 1088 * to the moment of synflood. 1089 */ 1090 LIMIT_NETDEBUG(KERN_DEBUG "TCP: drop open request from %pI6/%u\n", 1091 &treq->rmt_addr, ntohs(tcp_hdr(skb)->source)); 1092 goto drop_and_release; 1093 } 1094 1095 isn = tcp_v6_init_sequence(skb); 1096 } 1097 have_isn: 1098 tcp_rsk(req)->snt_isn = isn; 1099 1100 if (security_inet_conn_request(sk, skb, req)) 1101 goto drop_and_release; 1102 1103 if (tcp_v6_send_synack(sk, dst, &fl6, req, 1104 (struct request_values *)&tmp_ext, 1105 skb_get_queue_mapping(skb)) || 1106 want_cookie) 1107 goto drop_and_free; 1108 1109 tcp_rsk(req)->snt_synack = tcp_time_stamp; 1110 tcp_rsk(req)->listener = NULL; 1111 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT); 1112 return 0; 1113 1114 drop_and_release: 1115 dst_release(dst); 1116 drop_and_free: 1117 reqsk_free(req); 1118 drop: 1119 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); 1120 return 0; /* don't send reset */ 1121 } 1122 1123 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb, 1124 struct request_sock *req, 1125 struct dst_entry *dst) 1126 { 1127 struct inet6_request_sock *treq; 1128 struct ipv6_pinfo *newnp, *np = inet6_sk(sk); 1129 struct tcp6_sock *newtcp6sk; 1130 struct inet_sock *newinet; 1131 struct tcp_sock *newtp; 1132 struct sock *newsk; 1133 #ifdef CONFIG_TCP_MD5SIG 1134 struct tcp_md5sig_key *key; 1135 #endif 1136 struct flowi6 fl6; 1137 1138 if (skb->protocol == htons(ETH_P_IP)) { 1139 /* 1140 * v6 mapped 1141 */ 1142 1143 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst); 1144 1145 if (newsk == NULL) 1146 return NULL; 1147 1148 newtcp6sk = (struct tcp6_sock *)newsk; 1149 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1150 1151 newinet = inet_sk(newsk); 1152 newnp = inet6_sk(newsk); 1153 newtp = tcp_sk(newsk); 1154 1155 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1156 1157 ipv6_addr_set_v4mapped(newinet->inet_daddr, &newnp->daddr); 1158 1159 ipv6_addr_set_v4mapped(newinet->inet_saddr, &newnp->saddr); 1160 1161 newnp->rcv_saddr = newnp->saddr; 1162 1163 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped; 1164 newsk->sk_backlog_rcv = tcp_v4_do_rcv; 1165 #ifdef CONFIG_TCP_MD5SIG 1166 newtp->af_specific = &tcp_sock_ipv6_mapped_specific; 1167 #endif 1168 1169 newnp->ipv6_ac_list = NULL; 1170 newnp->ipv6_fl_list = NULL; 1171 newnp->pktoptions = NULL; 1172 newnp->opt = NULL; 1173 newnp->mcast_oif = inet6_iif(skb); 1174 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1175 newnp->rcv_tclass = ipv6_get_dsfield(ipv6_hdr(skb)); 1176 1177 /* 1178 * No need to charge this sock to the relevant IPv6 refcnt debug socks count 1179 * here, tcp_create_openreq_child now does this for us, see the comment in 1180 * that function for the gory details. -acme 1181 */ 1182 1183 /* It is tricky place. Until this moment IPv4 tcp 1184 worked with IPv6 icsk.icsk_af_ops. 1185 Sync it now. 1186 */ 1187 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); 1188 1189 return newsk; 1190 } 1191 1192 treq = inet6_rsk(req); 1193 1194 if (sk_acceptq_is_full(sk)) 1195 goto out_overflow; 1196 1197 if (!dst) { 1198 dst = inet6_csk_route_req(sk, &fl6, req); 1199 if (!dst) 1200 goto out; 1201 } 1202 1203 newsk = tcp_create_openreq_child(sk, req, skb); 1204 if (newsk == NULL) 1205 goto out_nonewsk; 1206 1207 /* 1208 * No need to charge this sock to the relevant IPv6 refcnt debug socks 1209 * count here, tcp_create_openreq_child now does this for us, see the 1210 * comment in that function for the gory details. -acme 1211 */ 1212 1213 newsk->sk_gso_type = SKB_GSO_TCPV6; 1214 __ip6_dst_store(newsk, dst, NULL, NULL); 1215 inet6_sk_rx_dst_set(newsk, skb); 1216 1217 newtcp6sk = (struct tcp6_sock *)newsk; 1218 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1219 1220 newtp = tcp_sk(newsk); 1221 newinet = inet_sk(newsk); 1222 newnp = inet6_sk(newsk); 1223 1224 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1225 1226 newnp->daddr = treq->rmt_addr; 1227 newnp->saddr = treq->loc_addr; 1228 newnp->rcv_saddr = treq->loc_addr; 1229 newsk->sk_bound_dev_if = treq->iif; 1230 1231 /* Now IPv6 options... 1232 1233 First: no IPv4 options. 1234 */ 1235 newinet->inet_opt = NULL; 1236 newnp->ipv6_ac_list = NULL; 1237 newnp->ipv6_fl_list = NULL; 1238 1239 /* Clone RX bits */ 1240 newnp->rxopt.all = np->rxopt.all; 1241 1242 /* Clone pktoptions received with SYN */ 1243 newnp->pktoptions = NULL; 1244 if (treq->pktopts != NULL) { 1245 newnp->pktoptions = skb_clone(treq->pktopts, 1246 sk_gfp_atomic(sk, GFP_ATOMIC)); 1247 consume_skb(treq->pktopts); 1248 treq->pktopts = NULL; 1249 if (newnp->pktoptions) 1250 skb_set_owner_r(newnp->pktoptions, newsk); 1251 } 1252 newnp->opt = NULL; 1253 newnp->mcast_oif = inet6_iif(skb); 1254 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1255 newnp->rcv_tclass = ipv6_get_dsfield(ipv6_hdr(skb)); 1256 1257 /* Clone native IPv6 options from listening socket (if any) 1258 1259 Yes, keeping reference count would be much more clever, 1260 but we make one more one thing there: reattach optmem 1261 to newsk. 1262 */ 1263 if (np->opt) 1264 newnp->opt = ipv6_dup_options(newsk, np->opt); 1265 1266 inet_csk(newsk)->icsk_ext_hdr_len = 0; 1267 if (newnp->opt) 1268 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen + 1269 newnp->opt->opt_flen); 1270 1271 tcp_mtup_init(newsk); 1272 tcp_sync_mss(newsk, dst_mtu(dst)); 1273 newtp->advmss = dst_metric_advmss(dst); 1274 if (tcp_sk(sk)->rx_opt.user_mss && 1275 tcp_sk(sk)->rx_opt.user_mss < newtp->advmss) 1276 newtp->advmss = tcp_sk(sk)->rx_opt.user_mss; 1277 1278 tcp_initialize_rcv_mss(newsk); 1279 tcp_synack_rtt_meas(newsk, req); 1280 newtp->total_retrans = req->num_retrans; 1281 1282 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6; 1283 newinet->inet_rcv_saddr = LOOPBACK4_IPV6; 1284 1285 #ifdef CONFIG_TCP_MD5SIG 1286 /* Copy over the MD5 key from the original socket */ 1287 if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) { 1288 /* We're using one, so create a matching key 1289 * on the newsk structure. If we fail to get 1290 * memory, then we end up not copying the key 1291 * across. Shucks. 1292 */ 1293 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newnp->daddr, 1294 AF_INET6, key->key, key->keylen, 1295 sk_gfp_atomic(sk, GFP_ATOMIC)); 1296 } 1297 #endif 1298 1299 if (__inet_inherit_port(sk, newsk) < 0) { 1300 inet_csk_prepare_forced_close(newsk); 1301 tcp_done(newsk); 1302 goto out; 1303 } 1304 __inet6_hash(newsk, NULL); 1305 1306 return newsk; 1307 1308 out_overflow: 1309 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); 1310 out_nonewsk: 1311 dst_release(dst); 1312 out: 1313 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); 1314 return NULL; 1315 } 1316 1317 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb) 1318 { 1319 if (skb->ip_summed == CHECKSUM_COMPLETE) { 1320 if (!tcp_v6_check(skb->len, &ipv6_hdr(skb)->saddr, 1321 &ipv6_hdr(skb)->daddr, skb->csum)) { 1322 skb->ip_summed = CHECKSUM_UNNECESSARY; 1323 return 0; 1324 } 1325 } 1326 1327 skb->csum = ~csum_unfold(tcp_v6_check(skb->len, 1328 &ipv6_hdr(skb)->saddr, 1329 &ipv6_hdr(skb)->daddr, 0)); 1330 1331 if (skb->len <= 76) { 1332 return __skb_checksum_complete(skb); 1333 } 1334 return 0; 1335 } 1336 1337 /* The socket must have it's spinlock held when we get 1338 * here. 1339 * 1340 * We have a potential double-lock case here, so even when 1341 * doing backlog processing we use the BH locking scheme. 1342 * This is because we cannot sleep with the original spinlock 1343 * held. 1344 */ 1345 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) 1346 { 1347 struct ipv6_pinfo *np = inet6_sk(sk); 1348 struct tcp_sock *tp; 1349 struct sk_buff *opt_skb = NULL; 1350 1351 /* Imagine: socket is IPv6. IPv4 packet arrives, 1352 goes to IPv4 receive handler and backlogged. 1353 From backlog it always goes here. Kerboom... 1354 Fortunately, tcp_rcv_established and rcv_established 1355 handle them correctly, but it is not case with 1356 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK 1357 */ 1358 1359 if (skb->protocol == htons(ETH_P_IP)) 1360 return tcp_v4_do_rcv(sk, skb); 1361 1362 #ifdef CONFIG_TCP_MD5SIG 1363 if (tcp_v6_inbound_md5_hash (sk, skb)) 1364 goto discard; 1365 #endif 1366 1367 if (sk_filter(sk, skb)) 1368 goto discard; 1369 1370 /* 1371 * socket locking is here for SMP purposes as backlog rcv 1372 * is currently called with bh processing disabled. 1373 */ 1374 1375 /* Do Stevens' IPV6_PKTOPTIONS. 1376 1377 Yes, guys, it is the only place in our code, where we 1378 may make it not affecting IPv4. 1379 The rest of code is protocol independent, 1380 and I do not like idea to uglify IPv4. 1381 1382 Actually, all the idea behind IPV6_PKTOPTIONS 1383 looks not very well thought. For now we latch 1384 options, received in the last packet, enqueued 1385 by tcp. Feel free to propose better solution. 1386 --ANK (980728) 1387 */ 1388 if (np->rxopt.all) 1389 opt_skb = skb_clone(skb, sk_gfp_atomic(sk, GFP_ATOMIC)); 1390 1391 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ 1392 struct dst_entry *dst = sk->sk_rx_dst; 1393 1394 sock_rps_save_rxhash(sk, skb); 1395 if (dst) { 1396 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif || 1397 dst->ops->check(dst, np->rx_dst_cookie) == NULL) { 1398 dst_release(dst); 1399 sk->sk_rx_dst = NULL; 1400 } 1401 } 1402 1403 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) 1404 goto reset; 1405 if (opt_skb) 1406 goto ipv6_pktoptions; 1407 return 0; 1408 } 1409 1410 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb)) 1411 goto csum_err; 1412 1413 if (sk->sk_state == TCP_LISTEN) { 1414 struct sock *nsk = tcp_v6_hnd_req(sk, skb); 1415 if (!nsk) 1416 goto discard; 1417 1418 /* 1419 * Queue it on the new socket if the new socket is active, 1420 * otherwise we just shortcircuit this and continue with 1421 * the new socket.. 1422 */ 1423 if(nsk != sk) { 1424 sock_rps_save_rxhash(nsk, skb); 1425 if (tcp_child_process(sk, nsk, skb)) 1426 goto reset; 1427 if (opt_skb) 1428 __kfree_skb(opt_skb); 1429 return 0; 1430 } 1431 } else 1432 sock_rps_save_rxhash(sk, skb); 1433 1434 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) 1435 goto reset; 1436 if (opt_skb) 1437 goto ipv6_pktoptions; 1438 return 0; 1439 1440 reset: 1441 tcp_v6_send_reset(sk, skb); 1442 discard: 1443 if (opt_skb) 1444 __kfree_skb(opt_skb); 1445 kfree_skb(skb); 1446 return 0; 1447 csum_err: 1448 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS); 1449 goto discard; 1450 1451 1452 ipv6_pktoptions: 1453 /* Do you ask, what is it? 1454 1455 1. skb was enqueued by tcp. 1456 2. skb is added to tail of read queue, rather than out of order. 1457 3. socket is not in passive state. 1458 4. Finally, it really contains options, which user wants to receive. 1459 */ 1460 tp = tcp_sk(sk); 1461 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt && 1462 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) { 1463 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo) 1464 np->mcast_oif = inet6_iif(opt_skb); 1465 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) 1466 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit; 1467 if (np->rxopt.bits.rxtclass) 1468 np->rcv_tclass = ipv6_get_dsfield(ipv6_hdr(skb)); 1469 if (ipv6_opt_accepted(sk, opt_skb)) { 1470 skb_set_owner_r(opt_skb, sk); 1471 opt_skb = xchg(&np->pktoptions, opt_skb); 1472 } else { 1473 __kfree_skb(opt_skb); 1474 opt_skb = xchg(&np->pktoptions, NULL); 1475 } 1476 } 1477 1478 kfree_skb(opt_skb); 1479 return 0; 1480 } 1481 1482 static int tcp_v6_rcv(struct sk_buff *skb) 1483 { 1484 const struct tcphdr *th; 1485 const struct ipv6hdr *hdr; 1486 struct sock *sk; 1487 int ret; 1488 struct net *net = dev_net(skb->dev); 1489 1490 if (skb->pkt_type != PACKET_HOST) 1491 goto discard_it; 1492 1493 /* 1494 * Count it even if it's bad. 1495 */ 1496 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS); 1497 1498 if (!pskb_may_pull(skb, sizeof(struct tcphdr))) 1499 goto discard_it; 1500 1501 th = tcp_hdr(skb); 1502 1503 if (th->doff < sizeof(struct tcphdr)/4) 1504 goto bad_packet; 1505 if (!pskb_may_pull(skb, th->doff*4)) 1506 goto discard_it; 1507 1508 if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb)) 1509 goto bad_packet; 1510 1511 th = tcp_hdr(skb); 1512 hdr = ipv6_hdr(skb); 1513 TCP_SKB_CB(skb)->seq = ntohl(th->seq); 1514 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin + 1515 skb->len - th->doff*4); 1516 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq); 1517 TCP_SKB_CB(skb)->when = 0; 1518 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr); 1519 TCP_SKB_CB(skb)->sacked = 0; 1520 1521 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); 1522 if (!sk) 1523 goto no_tcp_socket; 1524 1525 process: 1526 if (sk->sk_state == TCP_TIME_WAIT) 1527 goto do_time_wait; 1528 1529 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) { 1530 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); 1531 goto discard_and_relse; 1532 } 1533 1534 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) 1535 goto discard_and_relse; 1536 1537 if (sk_filter(sk, skb)) 1538 goto discard_and_relse; 1539 1540 skb->dev = NULL; 1541 1542 bh_lock_sock_nested(sk); 1543 ret = 0; 1544 if (!sock_owned_by_user(sk)) { 1545 #ifdef CONFIG_NET_DMA 1546 struct tcp_sock *tp = tcp_sk(sk); 1547 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list) 1548 tp->ucopy.dma_chan = net_dma_find_channel(); 1549 if (tp->ucopy.dma_chan) 1550 ret = tcp_v6_do_rcv(sk, skb); 1551 else 1552 #endif 1553 { 1554 if (!tcp_prequeue(sk, skb)) 1555 ret = tcp_v6_do_rcv(sk, skb); 1556 } 1557 } else if (unlikely(sk_add_backlog(sk, skb, 1558 sk->sk_rcvbuf + sk->sk_sndbuf))) { 1559 bh_unlock_sock(sk); 1560 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP); 1561 goto discard_and_relse; 1562 } 1563 bh_unlock_sock(sk); 1564 1565 sock_put(sk); 1566 return ret ? -1 : 0; 1567 1568 no_tcp_socket: 1569 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 1570 goto discard_it; 1571 1572 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1573 bad_packet: 1574 TCP_INC_STATS_BH(net, TCP_MIB_INERRS); 1575 } else { 1576 tcp_v6_send_reset(NULL, skb); 1577 } 1578 1579 discard_it: 1580 1581 /* 1582 * Discard frame 1583 */ 1584 1585 kfree_skb(skb); 1586 return 0; 1587 1588 discard_and_relse: 1589 sock_put(sk); 1590 goto discard_it; 1591 1592 do_time_wait: 1593 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 1594 inet_twsk_put(inet_twsk(sk)); 1595 goto discard_it; 1596 } 1597 1598 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1599 TCP_INC_STATS_BH(net, TCP_MIB_INERRS); 1600 inet_twsk_put(inet_twsk(sk)); 1601 goto discard_it; 1602 } 1603 1604 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) { 1605 case TCP_TW_SYN: 1606 { 1607 struct sock *sk2; 1608 1609 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo, 1610 &ipv6_hdr(skb)->saddr, th->source, 1611 &ipv6_hdr(skb)->daddr, 1612 ntohs(th->dest), inet6_iif(skb)); 1613 if (sk2 != NULL) { 1614 struct inet_timewait_sock *tw = inet_twsk(sk); 1615 inet_twsk_deschedule(tw, &tcp_death_row); 1616 inet_twsk_put(tw); 1617 sk = sk2; 1618 goto process; 1619 } 1620 /* Fall through to ACK */ 1621 } 1622 case TCP_TW_ACK: 1623 tcp_v6_timewait_ack(sk, skb); 1624 break; 1625 case TCP_TW_RST: 1626 goto no_tcp_socket; 1627 case TCP_TW_SUCCESS:; 1628 } 1629 goto discard_it; 1630 } 1631 1632 static void tcp_v6_early_demux(struct sk_buff *skb) 1633 { 1634 const struct ipv6hdr *hdr; 1635 const struct tcphdr *th; 1636 struct sock *sk; 1637 1638 if (skb->pkt_type != PACKET_HOST) 1639 return; 1640 1641 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr))) 1642 return; 1643 1644 hdr = ipv6_hdr(skb); 1645 th = tcp_hdr(skb); 1646 1647 if (th->doff < sizeof(struct tcphdr) / 4) 1648 return; 1649 1650 sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo, 1651 &hdr->saddr, th->source, 1652 &hdr->daddr, ntohs(th->dest), 1653 inet6_iif(skb)); 1654 if (sk) { 1655 skb->sk = sk; 1656 skb->destructor = sock_edemux; 1657 if (sk->sk_state != TCP_TIME_WAIT) { 1658 struct dst_entry *dst = sk->sk_rx_dst; 1659 1660 if (dst) 1661 dst = dst_check(dst, inet6_sk(sk)->rx_dst_cookie); 1662 if (dst && 1663 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif) 1664 skb_dst_set_noref(skb, dst); 1665 } 1666 } 1667 } 1668 1669 static struct timewait_sock_ops tcp6_timewait_sock_ops = { 1670 .twsk_obj_size = sizeof(struct tcp6_timewait_sock), 1671 .twsk_unique = tcp_twsk_unique, 1672 .twsk_destructor= tcp_twsk_destructor, 1673 }; 1674 1675 static const struct inet_connection_sock_af_ops ipv6_specific = { 1676 .queue_xmit = inet6_csk_xmit, 1677 .send_check = tcp_v6_send_check, 1678 .rebuild_header = inet6_sk_rebuild_header, 1679 .sk_rx_dst_set = inet6_sk_rx_dst_set, 1680 .conn_request = tcp_v6_conn_request, 1681 .syn_recv_sock = tcp_v6_syn_recv_sock, 1682 .net_header_len = sizeof(struct ipv6hdr), 1683 .net_frag_header_len = sizeof(struct frag_hdr), 1684 .setsockopt = ipv6_setsockopt, 1685 .getsockopt = ipv6_getsockopt, 1686 .addr2sockaddr = inet6_csk_addr2sockaddr, 1687 .sockaddr_len = sizeof(struct sockaddr_in6), 1688 .bind_conflict = inet6_csk_bind_conflict, 1689 #ifdef CONFIG_COMPAT 1690 .compat_setsockopt = compat_ipv6_setsockopt, 1691 .compat_getsockopt = compat_ipv6_getsockopt, 1692 #endif 1693 }; 1694 1695 #ifdef CONFIG_TCP_MD5SIG 1696 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = { 1697 .md5_lookup = tcp_v6_md5_lookup, 1698 .calc_md5_hash = tcp_v6_md5_hash_skb, 1699 .md5_parse = tcp_v6_parse_md5_keys, 1700 }; 1701 #endif 1702 1703 /* 1704 * TCP over IPv4 via INET6 API 1705 */ 1706 1707 static const struct inet_connection_sock_af_ops ipv6_mapped = { 1708 .queue_xmit = ip_queue_xmit, 1709 .send_check = tcp_v4_send_check, 1710 .rebuild_header = inet_sk_rebuild_header, 1711 .sk_rx_dst_set = inet_sk_rx_dst_set, 1712 .conn_request = tcp_v6_conn_request, 1713 .syn_recv_sock = tcp_v6_syn_recv_sock, 1714 .net_header_len = sizeof(struct iphdr), 1715 .setsockopt = ipv6_setsockopt, 1716 .getsockopt = ipv6_getsockopt, 1717 .addr2sockaddr = inet6_csk_addr2sockaddr, 1718 .sockaddr_len = sizeof(struct sockaddr_in6), 1719 .bind_conflict = inet6_csk_bind_conflict, 1720 #ifdef CONFIG_COMPAT 1721 .compat_setsockopt = compat_ipv6_setsockopt, 1722 .compat_getsockopt = compat_ipv6_getsockopt, 1723 #endif 1724 }; 1725 1726 #ifdef CONFIG_TCP_MD5SIG 1727 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = { 1728 .md5_lookup = tcp_v4_md5_lookup, 1729 .calc_md5_hash = tcp_v4_md5_hash_skb, 1730 .md5_parse = tcp_v6_parse_md5_keys, 1731 }; 1732 #endif 1733 1734 /* NOTE: A lot of things set to zero explicitly by call to 1735 * sk_alloc() so need not be done here. 1736 */ 1737 static int tcp_v6_init_sock(struct sock *sk) 1738 { 1739 struct inet_connection_sock *icsk = inet_csk(sk); 1740 1741 tcp_init_sock(sk); 1742 1743 icsk->icsk_af_ops = &ipv6_specific; 1744 1745 #ifdef CONFIG_TCP_MD5SIG 1746 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific; 1747 #endif 1748 1749 return 0; 1750 } 1751 1752 static void tcp_v6_destroy_sock(struct sock *sk) 1753 { 1754 tcp_v4_destroy_sock(sk); 1755 inet6_destroy_sock(sk); 1756 } 1757 1758 #ifdef CONFIG_PROC_FS 1759 /* Proc filesystem TCPv6 sock list dumping. */ 1760 static void get_openreq6(struct seq_file *seq, 1761 const struct sock *sk, struct request_sock *req, int i, kuid_t uid) 1762 { 1763 int ttd = req->expires - jiffies; 1764 const struct in6_addr *src = &inet6_rsk(req)->loc_addr; 1765 const struct in6_addr *dest = &inet6_rsk(req)->rmt_addr; 1766 1767 if (ttd < 0) 1768 ttd = 0; 1769 1770 seq_printf(seq, 1771 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1772 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n", 1773 i, 1774 src->s6_addr32[0], src->s6_addr32[1], 1775 src->s6_addr32[2], src->s6_addr32[3], 1776 ntohs(inet_rsk(req)->loc_port), 1777 dest->s6_addr32[0], dest->s6_addr32[1], 1778 dest->s6_addr32[2], dest->s6_addr32[3], 1779 ntohs(inet_rsk(req)->rmt_port), 1780 TCP_SYN_RECV, 1781 0,0, /* could print option size, but that is af dependent. */ 1782 1, /* timers active (only the expire timer) */ 1783 jiffies_to_clock_t(ttd), 1784 req->num_timeout, 1785 from_kuid_munged(seq_user_ns(seq), uid), 1786 0, /* non standard timer */ 1787 0, /* open_requests have no inode */ 1788 0, req); 1789 } 1790 1791 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) 1792 { 1793 const struct in6_addr *dest, *src; 1794 __u16 destp, srcp; 1795 int timer_active; 1796 unsigned long timer_expires; 1797 const struct inet_sock *inet = inet_sk(sp); 1798 const struct tcp_sock *tp = tcp_sk(sp); 1799 const struct inet_connection_sock *icsk = inet_csk(sp); 1800 const struct ipv6_pinfo *np = inet6_sk(sp); 1801 1802 dest = &np->daddr; 1803 src = &np->rcv_saddr; 1804 destp = ntohs(inet->inet_dport); 1805 srcp = ntohs(inet->inet_sport); 1806 1807 if (icsk->icsk_pending == ICSK_TIME_RETRANS) { 1808 timer_active = 1; 1809 timer_expires = icsk->icsk_timeout; 1810 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) { 1811 timer_active = 4; 1812 timer_expires = icsk->icsk_timeout; 1813 } else if (timer_pending(&sp->sk_timer)) { 1814 timer_active = 2; 1815 timer_expires = sp->sk_timer.expires; 1816 } else { 1817 timer_active = 0; 1818 timer_expires = jiffies; 1819 } 1820 1821 seq_printf(seq, 1822 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1823 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %pK %lu %lu %u %u %d\n", 1824 i, 1825 src->s6_addr32[0], src->s6_addr32[1], 1826 src->s6_addr32[2], src->s6_addr32[3], srcp, 1827 dest->s6_addr32[0], dest->s6_addr32[1], 1828 dest->s6_addr32[2], dest->s6_addr32[3], destp, 1829 sp->sk_state, 1830 tp->write_seq-tp->snd_una, 1831 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq), 1832 timer_active, 1833 jiffies_delta_to_clock_t(timer_expires - jiffies), 1834 icsk->icsk_retransmits, 1835 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)), 1836 icsk->icsk_probes_out, 1837 sock_i_ino(sp), 1838 atomic_read(&sp->sk_refcnt), sp, 1839 jiffies_to_clock_t(icsk->icsk_rto), 1840 jiffies_to_clock_t(icsk->icsk_ack.ato), 1841 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong, 1842 tp->snd_cwnd, 1843 tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh 1844 ); 1845 } 1846 1847 static void get_timewait6_sock(struct seq_file *seq, 1848 struct inet_timewait_sock *tw, int i) 1849 { 1850 const struct in6_addr *dest, *src; 1851 __u16 destp, srcp; 1852 const struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw); 1853 long delta = tw->tw_ttd - jiffies; 1854 1855 dest = &tw6->tw_v6_daddr; 1856 src = &tw6->tw_v6_rcv_saddr; 1857 destp = ntohs(tw->tw_dport); 1858 srcp = ntohs(tw->tw_sport); 1859 1860 seq_printf(seq, 1861 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1862 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n", 1863 i, 1864 src->s6_addr32[0], src->s6_addr32[1], 1865 src->s6_addr32[2], src->s6_addr32[3], srcp, 1866 dest->s6_addr32[0], dest->s6_addr32[1], 1867 dest->s6_addr32[2], dest->s6_addr32[3], destp, 1868 tw->tw_substate, 0, 0, 1869 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0, 1870 atomic_read(&tw->tw_refcnt), tw); 1871 } 1872 1873 static int tcp6_seq_show(struct seq_file *seq, void *v) 1874 { 1875 struct tcp_iter_state *st; 1876 1877 if (v == SEQ_START_TOKEN) { 1878 seq_puts(seq, 1879 " sl " 1880 "local_address " 1881 "remote_address " 1882 "st tx_queue rx_queue tr tm->when retrnsmt" 1883 " uid timeout inode\n"); 1884 goto out; 1885 } 1886 st = seq->private; 1887 1888 switch (st->state) { 1889 case TCP_SEQ_STATE_LISTENING: 1890 case TCP_SEQ_STATE_ESTABLISHED: 1891 get_tcp6_sock(seq, v, st->num); 1892 break; 1893 case TCP_SEQ_STATE_OPENREQ: 1894 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid); 1895 break; 1896 case TCP_SEQ_STATE_TIME_WAIT: 1897 get_timewait6_sock(seq, v, st->num); 1898 break; 1899 } 1900 out: 1901 return 0; 1902 } 1903 1904 static const struct file_operations tcp6_afinfo_seq_fops = { 1905 .owner = THIS_MODULE, 1906 .open = tcp_seq_open, 1907 .read = seq_read, 1908 .llseek = seq_lseek, 1909 .release = seq_release_net 1910 }; 1911 1912 static struct tcp_seq_afinfo tcp6_seq_afinfo = { 1913 .name = "tcp6", 1914 .family = AF_INET6, 1915 .seq_fops = &tcp6_afinfo_seq_fops, 1916 .seq_ops = { 1917 .show = tcp6_seq_show, 1918 }, 1919 }; 1920 1921 int __net_init tcp6_proc_init(struct net *net) 1922 { 1923 return tcp_proc_register(net, &tcp6_seq_afinfo); 1924 } 1925 1926 void tcp6_proc_exit(struct net *net) 1927 { 1928 tcp_proc_unregister(net, &tcp6_seq_afinfo); 1929 } 1930 #endif 1931 1932 struct proto tcpv6_prot = { 1933 .name = "TCPv6", 1934 .owner = THIS_MODULE, 1935 .close = tcp_close, 1936 .connect = tcp_v6_connect, 1937 .disconnect = tcp_disconnect, 1938 .accept = inet_csk_accept, 1939 .ioctl = tcp_ioctl, 1940 .init = tcp_v6_init_sock, 1941 .destroy = tcp_v6_destroy_sock, 1942 .shutdown = tcp_shutdown, 1943 .setsockopt = tcp_setsockopt, 1944 .getsockopt = tcp_getsockopt, 1945 .recvmsg = tcp_recvmsg, 1946 .sendmsg = tcp_sendmsg, 1947 .sendpage = tcp_sendpage, 1948 .backlog_rcv = tcp_v6_do_rcv, 1949 .release_cb = tcp_release_cb, 1950 .mtu_reduced = tcp_v6_mtu_reduced, 1951 .hash = tcp_v6_hash, 1952 .unhash = inet_unhash, 1953 .get_port = inet_csk_get_port, 1954 .enter_memory_pressure = tcp_enter_memory_pressure, 1955 .sockets_allocated = &tcp_sockets_allocated, 1956 .memory_allocated = &tcp_memory_allocated, 1957 .memory_pressure = &tcp_memory_pressure, 1958 .orphan_count = &tcp_orphan_count, 1959 .sysctl_wmem = sysctl_tcp_wmem, 1960 .sysctl_rmem = sysctl_tcp_rmem, 1961 .max_header = MAX_TCP_HEADER, 1962 .obj_size = sizeof(struct tcp6_sock), 1963 .slab_flags = SLAB_DESTROY_BY_RCU, 1964 .twsk_prot = &tcp6_timewait_sock_ops, 1965 .rsk_prot = &tcp6_request_sock_ops, 1966 .h.hashinfo = &tcp_hashinfo, 1967 .no_autobind = true, 1968 #ifdef CONFIG_COMPAT 1969 .compat_setsockopt = compat_tcp_setsockopt, 1970 .compat_getsockopt = compat_tcp_getsockopt, 1971 #endif 1972 #ifdef CONFIG_MEMCG_KMEM 1973 .proto_cgroup = tcp_proto_cgroup, 1974 #endif 1975 }; 1976 1977 static const struct inet6_protocol tcpv6_protocol = { 1978 .early_demux = tcp_v6_early_demux, 1979 .handler = tcp_v6_rcv, 1980 .err_handler = tcp_v6_err, 1981 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 1982 }; 1983 1984 static struct inet_protosw tcpv6_protosw = { 1985 .type = SOCK_STREAM, 1986 .protocol = IPPROTO_TCP, 1987 .prot = &tcpv6_prot, 1988 .ops = &inet6_stream_ops, 1989 .no_check = 0, 1990 .flags = INET_PROTOSW_PERMANENT | 1991 INET_PROTOSW_ICSK, 1992 }; 1993 1994 static int __net_init tcpv6_net_init(struct net *net) 1995 { 1996 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6, 1997 SOCK_RAW, IPPROTO_TCP, net); 1998 } 1999 2000 static void __net_exit tcpv6_net_exit(struct net *net) 2001 { 2002 inet_ctl_sock_destroy(net->ipv6.tcp_sk); 2003 } 2004 2005 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list) 2006 { 2007 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET6); 2008 } 2009 2010 static struct pernet_operations tcpv6_net_ops = { 2011 .init = tcpv6_net_init, 2012 .exit = tcpv6_net_exit, 2013 .exit_batch = tcpv6_net_exit_batch, 2014 }; 2015 2016 int __init tcpv6_init(void) 2017 { 2018 int ret; 2019 2020 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP); 2021 if (ret) 2022 goto out; 2023 2024 /* register inet6 protocol */ 2025 ret = inet6_register_protosw(&tcpv6_protosw); 2026 if (ret) 2027 goto out_tcpv6_protocol; 2028 2029 ret = register_pernet_subsys(&tcpv6_net_ops); 2030 if (ret) 2031 goto out_tcpv6_protosw; 2032 out: 2033 return ret; 2034 2035 out_tcpv6_protosw: 2036 inet6_unregister_protosw(&tcpv6_protosw); 2037 out_tcpv6_protocol: 2038 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2039 goto out; 2040 } 2041 2042 void tcpv6_exit(void) 2043 { 2044 unregister_pernet_subsys(&tcpv6_net_ops); 2045 inet6_unregister_protosw(&tcpv6_protosw); 2046 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2047 } 2048