1 /* 2 * TCP over IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on: 9 * linux/net/ipv4/tcp.c 10 * linux/net/ipv4/tcp_input.c 11 * linux/net/ipv4/tcp_output.c 12 * 13 * Fixes: 14 * Hideaki YOSHIFUJI : sin6_scope_id support 15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which 16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind 17 * a single port at the same time. 18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file. 19 * 20 * This program is free software; you can redistribute it and/or 21 * modify it under the terms of the GNU General Public License 22 * as published by the Free Software Foundation; either version 23 * 2 of the License, or (at your option) any later version. 24 */ 25 26 #include <linux/module.h> 27 #include <linux/errno.h> 28 #include <linux/types.h> 29 #include <linux/socket.h> 30 #include <linux/sockios.h> 31 #include <linux/net.h> 32 #include <linux/jiffies.h> 33 #include <linux/in.h> 34 #include <linux/in6.h> 35 #include <linux/netdevice.h> 36 #include <linux/init.h> 37 #include <linux/jhash.h> 38 #include <linux/ipsec.h> 39 #include <linux/times.h> 40 41 #include <linux/ipv6.h> 42 #include <linux/icmpv6.h> 43 #include <linux/random.h> 44 45 #include <net/tcp.h> 46 #include <net/ndisc.h> 47 #include <net/inet6_hashtables.h> 48 #include <net/inet6_connection_sock.h> 49 #include <net/ipv6.h> 50 #include <net/transp_v6.h> 51 #include <net/addrconf.h> 52 #include <net/ip6_route.h> 53 #include <net/ip6_checksum.h> 54 #include <net/inet_ecn.h> 55 #include <net/protocol.h> 56 #include <net/xfrm.h> 57 #include <net/snmp.h> 58 #include <net/dsfield.h> 59 #include <net/timewait_sock.h> 60 #include <net/netdma.h> 61 #include <net/inet_common.h> 62 63 #include <asm/uaccess.h> 64 65 #include <linux/proc_fs.h> 66 #include <linux/seq_file.h> 67 68 #include <linux/crypto.h> 69 #include <linux/scatterlist.h> 70 71 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb); 72 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req); 73 74 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb); 75 76 static struct inet_connection_sock_af_ops ipv6_mapped; 77 static struct inet_connection_sock_af_ops ipv6_specific; 78 #ifdef CONFIG_TCP_MD5SIG 79 static struct tcp_sock_af_ops tcp_sock_ipv6_specific; 80 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific; 81 #else 82 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, 83 struct in6_addr *addr) 84 { 85 return NULL; 86 } 87 #endif 88 89 static void tcp_v6_hash(struct sock *sk) 90 { 91 if (sk->sk_state != TCP_CLOSE) { 92 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) { 93 tcp_prot.hash(sk); 94 return; 95 } 96 local_bh_disable(); 97 __inet6_hash(sk); 98 local_bh_enable(); 99 } 100 } 101 102 static __inline__ __sum16 tcp_v6_check(struct tcphdr *th, int len, 103 struct in6_addr *saddr, 104 struct in6_addr *daddr, 105 __wsum base) 106 { 107 return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base); 108 } 109 110 static __u32 tcp_v6_init_sequence(struct sk_buff *skb) 111 { 112 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32, 113 ipv6_hdr(skb)->saddr.s6_addr32, 114 tcp_hdr(skb)->dest, 115 tcp_hdr(skb)->source); 116 } 117 118 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 119 int addr_len) 120 { 121 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; 122 struct inet_sock *inet = inet_sk(sk); 123 struct inet_connection_sock *icsk = inet_csk(sk); 124 struct ipv6_pinfo *np = inet6_sk(sk); 125 struct tcp_sock *tp = tcp_sk(sk); 126 struct in6_addr *saddr = NULL, *final_p = NULL, final; 127 struct flowi fl; 128 struct dst_entry *dst; 129 int addr_type; 130 int err; 131 132 if (addr_len < SIN6_LEN_RFC2133) 133 return -EINVAL; 134 135 if (usin->sin6_family != AF_INET6) 136 return(-EAFNOSUPPORT); 137 138 memset(&fl, 0, sizeof(fl)); 139 140 if (np->sndflow) { 141 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK; 142 IP6_ECN_flow_init(fl.fl6_flowlabel); 143 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) { 144 struct ip6_flowlabel *flowlabel; 145 flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel); 146 if (flowlabel == NULL) 147 return -EINVAL; 148 ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst); 149 fl6_sock_release(flowlabel); 150 } 151 } 152 153 /* 154 * connect() to INADDR_ANY means loopback (BSD'ism). 155 */ 156 157 if(ipv6_addr_any(&usin->sin6_addr)) 158 usin->sin6_addr.s6_addr[15] = 0x1; 159 160 addr_type = ipv6_addr_type(&usin->sin6_addr); 161 162 if(addr_type & IPV6_ADDR_MULTICAST) 163 return -ENETUNREACH; 164 165 if (addr_type&IPV6_ADDR_LINKLOCAL) { 166 if (addr_len >= sizeof(struct sockaddr_in6) && 167 usin->sin6_scope_id) { 168 /* If interface is set while binding, indices 169 * must coincide. 170 */ 171 if (sk->sk_bound_dev_if && 172 sk->sk_bound_dev_if != usin->sin6_scope_id) 173 return -EINVAL; 174 175 sk->sk_bound_dev_if = usin->sin6_scope_id; 176 } 177 178 /* Connect to link-local address requires an interface */ 179 if (!sk->sk_bound_dev_if) 180 return -EINVAL; 181 } 182 183 if (tp->rx_opt.ts_recent_stamp && 184 !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) { 185 tp->rx_opt.ts_recent = 0; 186 tp->rx_opt.ts_recent_stamp = 0; 187 tp->write_seq = 0; 188 } 189 190 ipv6_addr_copy(&np->daddr, &usin->sin6_addr); 191 np->flow_label = fl.fl6_flowlabel; 192 193 /* 194 * TCP over IPv4 195 */ 196 197 if (addr_type == IPV6_ADDR_MAPPED) { 198 u32 exthdrlen = icsk->icsk_ext_hdr_len; 199 struct sockaddr_in sin; 200 201 SOCK_DEBUG(sk, "connect: ipv4 mapped\n"); 202 203 if (__ipv6_only_sock(sk)) 204 return -ENETUNREACH; 205 206 sin.sin_family = AF_INET; 207 sin.sin_port = usin->sin6_port; 208 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3]; 209 210 icsk->icsk_af_ops = &ipv6_mapped; 211 sk->sk_backlog_rcv = tcp_v4_do_rcv; 212 #ifdef CONFIG_TCP_MD5SIG 213 tp->af_specific = &tcp_sock_ipv6_mapped_specific; 214 #endif 215 216 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin)); 217 218 if (err) { 219 icsk->icsk_ext_hdr_len = exthdrlen; 220 icsk->icsk_af_ops = &ipv6_specific; 221 sk->sk_backlog_rcv = tcp_v6_do_rcv; 222 #ifdef CONFIG_TCP_MD5SIG 223 tp->af_specific = &tcp_sock_ipv6_specific; 224 #endif 225 goto failure; 226 } else { 227 ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF), 228 inet->saddr); 229 ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF), 230 inet->rcv_saddr); 231 } 232 233 return err; 234 } 235 236 if (!ipv6_addr_any(&np->rcv_saddr)) 237 saddr = &np->rcv_saddr; 238 239 fl.proto = IPPROTO_TCP; 240 ipv6_addr_copy(&fl.fl6_dst, &np->daddr); 241 ipv6_addr_copy(&fl.fl6_src, 242 (saddr ? saddr : &np->saddr)); 243 fl.oif = sk->sk_bound_dev_if; 244 fl.fl_ip_dport = usin->sin6_port; 245 fl.fl_ip_sport = inet->sport; 246 247 if (np->opt && np->opt->srcrt) { 248 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt; 249 ipv6_addr_copy(&final, &fl.fl6_dst); 250 ipv6_addr_copy(&fl.fl6_dst, rt0->addr); 251 final_p = &final; 252 } 253 254 security_sk_classify_flow(sk, &fl); 255 256 err = ip6_dst_lookup(sk, &dst, &fl); 257 if (err) 258 goto failure; 259 if (final_p) 260 ipv6_addr_copy(&fl.fl6_dst, final_p); 261 262 if ((err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT)) < 0) { 263 if (err == -EREMOTE) 264 err = ip6_dst_blackhole(sk, &dst, &fl); 265 if (err < 0) 266 goto failure; 267 } 268 269 if (saddr == NULL) { 270 saddr = &fl.fl6_src; 271 ipv6_addr_copy(&np->rcv_saddr, saddr); 272 } 273 274 /* set the source address */ 275 ipv6_addr_copy(&np->saddr, saddr); 276 inet->rcv_saddr = LOOPBACK4_IPV6; 277 278 sk->sk_gso_type = SKB_GSO_TCPV6; 279 __ip6_dst_store(sk, dst, NULL, NULL); 280 281 icsk->icsk_ext_hdr_len = 0; 282 if (np->opt) 283 icsk->icsk_ext_hdr_len = (np->opt->opt_flen + 284 np->opt->opt_nflen); 285 286 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 287 288 inet->dport = usin->sin6_port; 289 290 tcp_set_state(sk, TCP_SYN_SENT); 291 err = inet6_hash_connect(&tcp_death_row, sk); 292 if (err) 293 goto late_failure; 294 295 if (!tp->write_seq) 296 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32, 297 np->daddr.s6_addr32, 298 inet->sport, 299 inet->dport); 300 301 err = tcp_connect(sk); 302 if (err) 303 goto late_failure; 304 305 return 0; 306 307 late_failure: 308 tcp_set_state(sk, TCP_CLOSE); 309 __sk_dst_reset(sk); 310 failure: 311 inet->dport = 0; 312 sk->sk_route_caps = 0; 313 return err; 314 } 315 316 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 317 int type, int code, int offset, __be32 info) 318 { 319 struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data; 320 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset); 321 struct ipv6_pinfo *np; 322 struct sock *sk; 323 int err; 324 struct tcp_sock *tp; 325 __u32 seq; 326 struct net *net = dev_net(skb->dev); 327 328 sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr, 329 th->dest, &hdr->saddr, th->source, skb->dev->ifindex); 330 331 if (sk == NULL) { 332 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS); 333 return; 334 } 335 336 if (sk->sk_state == TCP_TIME_WAIT) { 337 inet_twsk_put(inet_twsk(sk)); 338 return; 339 } 340 341 bh_lock_sock(sk); 342 if (sock_owned_by_user(sk)) 343 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS); 344 345 if (sk->sk_state == TCP_CLOSE) 346 goto out; 347 348 tp = tcp_sk(sk); 349 seq = ntohl(th->seq); 350 if (sk->sk_state != TCP_LISTEN && 351 !between(seq, tp->snd_una, tp->snd_nxt)) { 352 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 353 goto out; 354 } 355 356 np = inet6_sk(sk); 357 358 if (type == ICMPV6_PKT_TOOBIG) { 359 struct dst_entry *dst = NULL; 360 361 if (sock_owned_by_user(sk)) 362 goto out; 363 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) 364 goto out; 365 366 /* icmp should have updated the destination cache entry */ 367 dst = __sk_dst_check(sk, np->dst_cookie); 368 369 if (dst == NULL) { 370 struct inet_sock *inet = inet_sk(sk); 371 struct flowi fl; 372 373 /* BUGGG_FUTURE: Again, it is not clear how 374 to handle rthdr case. Ignore this complexity 375 for now. 376 */ 377 memset(&fl, 0, sizeof(fl)); 378 fl.proto = IPPROTO_TCP; 379 ipv6_addr_copy(&fl.fl6_dst, &np->daddr); 380 ipv6_addr_copy(&fl.fl6_src, &np->saddr); 381 fl.oif = sk->sk_bound_dev_if; 382 fl.fl_ip_dport = inet->dport; 383 fl.fl_ip_sport = inet->sport; 384 security_skb_classify_flow(skb, &fl); 385 386 if ((err = ip6_dst_lookup(sk, &dst, &fl))) { 387 sk->sk_err_soft = -err; 388 goto out; 389 } 390 391 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) { 392 sk->sk_err_soft = -err; 393 goto out; 394 } 395 396 } else 397 dst_hold(dst); 398 399 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) { 400 tcp_sync_mss(sk, dst_mtu(dst)); 401 tcp_simple_retransmit(sk); 402 } /* else let the usual retransmit timer handle it */ 403 dst_release(dst); 404 goto out; 405 } 406 407 icmpv6_err_convert(type, code, &err); 408 409 /* Might be for an request_sock */ 410 switch (sk->sk_state) { 411 struct request_sock *req, **prev; 412 case TCP_LISTEN: 413 if (sock_owned_by_user(sk)) 414 goto out; 415 416 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr, 417 &hdr->saddr, inet6_iif(skb)); 418 if (!req) 419 goto out; 420 421 /* ICMPs are not backlogged, hence we cannot get 422 * an established socket here. 423 */ 424 WARN_ON(req->sk != NULL); 425 426 if (seq != tcp_rsk(req)->snt_isn) { 427 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 428 goto out; 429 } 430 431 inet_csk_reqsk_queue_drop(sk, req, prev); 432 goto out; 433 434 case TCP_SYN_SENT: 435 case TCP_SYN_RECV: /* Cannot happen. 436 It can, it SYNs are crossed. --ANK */ 437 if (!sock_owned_by_user(sk)) { 438 sk->sk_err = err; 439 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */ 440 441 tcp_done(sk); 442 } else 443 sk->sk_err_soft = err; 444 goto out; 445 } 446 447 if (!sock_owned_by_user(sk) && np->recverr) { 448 sk->sk_err = err; 449 sk->sk_error_report(sk); 450 } else 451 sk->sk_err_soft = err; 452 453 out: 454 bh_unlock_sock(sk); 455 sock_put(sk); 456 } 457 458 459 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req) 460 { 461 struct inet6_request_sock *treq = inet6_rsk(req); 462 struct ipv6_pinfo *np = inet6_sk(sk); 463 struct sk_buff * skb; 464 struct ipv6_txoptions *opt = NULL; 465 struct in6_addr * final_p = NULL, final; 466 struct flowi fl; 467 struct dst_entry *dst; 468 int err = -1; 469 470 memset(&fl, 0, sizeof(fl)); 471 fl.proto = IPPROTO_TCP; 472 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr); 473 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr); 474 fl.fl6_flowlabel = 0; 475 fl.oif = treq->iif; 476 fl.fl_ip_dport = inet_rsk(req)->rmt_port; 477 fl.fl_ip_sport = inet_sk(sk)->sport; 478 security_req_classify_flow(req, &fl); 479 480 opt = np->opt; 481 if (opt && opt->srcrt) { 482 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt; 483 ipv6_addr_copy(&final, &fl.fl6_dst); 484 ipv6_addr_copy(&fl.fl6_dst, rt0->addr); 485 final_p = &final; 486 } 487 488 err = ip6_dst_lookup(sk, &dst, &fl); 489 if (err) 490 goto done; 491 if (final_p) 492 ipv6_addr_copy(&fl.fl6_dst, final_p); 493 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) 494 goto done; 495 496 skb = tcp_make_synack(sk, dst, req); 497 if (skb) { 498 struct tcphdr *th = tcp_hdr(skb); 499 500 th->check = tcp_v6_check(th, skb->len, 501 &treq->loc_addr, &treq->rmt_addr, 502 csum_partial((char *)th, skb->len, skb->csum)); 503 504 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr); 505 err = ip6_xmit(sk, skb, &fl, opt, 0); 506 err = net_xmit_eval(err); 507 } 508 509 done: 510 if (opt && opt != np->opt) 511 sock_kfree_s(sk, opt, opt->tot_len); 512 dst_release(dst); 513 return err; 514 } 515 516 static inline void syn_flood_warning(struct sk_buff *skb) 517 { 518 #ifdef CONFIG_SYN_COOKIES 519 if (sysctl_tcp_syncookies) 520 printk(KERN_INFO 521 "TCPv6: Possible SYN flooding on port %d. " 522 "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest)); 523 else 524 #endif 525 printk(KERN_INFO 526 "TCPv6: Possible SYN flooding on port %d. " 527 "Dropping request.\n", ntohs(tcp_hdr(skb)->dest)); 528 } 529 530 static void tcp_v6_reqsk_destructor(struct request_sock *req) 531 { 532 if (inet6_rsk(req)->pktopts) 533 kfree_skb(inet6_rsk(req)->pktopts); 534 } 535 536 #ifdef CONFIG_TCP_MD5SIG 537 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, 538 struct in6_addr *addr) 539 { 540 struct tcp_sock *tp = tcp_sk(sk); 541 int i; 542 543 BUG_ON(tp == NULL); 544 545 if (!tp->md5sig_info || !tp->md5sig_info->entries6) 546 return NULL; 547 548 for (i = 0; i < tp->md5sig_info->entries6; i++) { 549 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr)) 550 return &tp->md5sig_info->keys6[i].base; 551 } 552 return NULL; 553 } 554 555 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk, 556 struct sock *addr_sk) 557 { 558 return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr); 559 } 560 561 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk, 562 struct request_sock *req) 563 { 564 return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr); 565 } 566 567 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer, 568 char *newkey, u8 newkeylen) 569 { 570 /* Add key to the list */ 571 struct tcp_md5sig_key *key; 572 struct tcp_sock *tp = tcp_sk(sk); 573 struct tcp6_md5sig_key *keys; 574 575 key = tcp_v6_md5_do_lookup(sk, peer); 576 if (key) { 577 /* modify existing entry - just update that one */ 578 kfree(key->key); 579 key->key = newkey; 580 key->keylen = newkeylen; 581 } else { 582 /* reallocate new list if current one is full. */ 583 if (!tp->md5sig_info) { 584 tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC); 585 if (!tp->md5sig_info) { 586 kfree(newkey); 587 return -ENOMEM; 588 } 589 sk->sk_route_caps &= ~NETIF_F_GSO_MASK; 590 } 591 if (tcp_alloc_md5sig_pool() == NULL) { 592 kfree(newkey); 593 return -ENOMEM; 594 } 595 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) { 596 keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) * 597 (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC); 598 599 if (!keys) { 600 tcp_free_md5sig_pool(); 601 kfree(newkey); 602 return -ENOMEM; 603 } 604 605 if (tp->md5sig_info->entries6) 606 memmove(keys, tp->md5sig_info->keys6, 607 (sizeof (tp->md5sig_info->keys6[0]) * 608 tp->md5sig_info->entries6)); 609 610 kfree(tp->md5sig_info->keys6); 611 tp->md5sig_info->keys6 = keys; 612 tp->md5sig_info->alloced6++; 613 } 614 615 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr, 616 peer); 617 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey; 618 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen; 619 620 tp->md5sig_info->entries6++; 621 } 622 return 0; 623 } 624 625 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk, 626 u8 *newkey, __u8 newkeylen) 627 { 628 return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr, 629 newkey, newkeylen); 630 } 631 632 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer) 633 { 634 struct tcp_sock *tp = tcp_sk(sk); 635 int i; 636 637 for (i = 0; i < tp->md5sig_info->entries6; i++) { 638 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) { 639 /* Free the key */ 640 kfree(tp->md5sig_info->keys6[i].base.key); 641 tp->md5sig_info->entries6--; 642 643 if (tp->md5sig_info->entries6 == 0) { 644 kfree(tp->md5sig_info->keys6); 645 tp->md5sig_info->keys6 = NULL; 646 tp->md5sig_info->alloced6 = 0; 647 } else { 648 /* shrink the database */ 649 if (tp->md5sig_info->entries6 != i) 650 memmove(&tp->md5sig_info->keys6[i], 651 &tp->md5sig_info->keys6[i+1], 652 (tp->md5sig_info->entries6 - i) 653 * sizeof (tp->md5sig_info->keys6[0])); 654 } 655 tcp_free_md5sig_pool(); 656 return 0; 657 } 658 } 659 return -ENOENT; 660 } 661 662 static void tcp_v6_clear_md5_list (struct sock *sk) 663 { 664 struct tcp_sock *tp = tcp_sk(sk); 665 int i; 666 667 if (tp->md5sig_info->entries6) { 668 for (i = 0; i < tp->md5sig_info->entries6; i++) 669 kfree(tp->md5sig_info->keys6[i].base.key); 670 tp->md5sig_info->entries6 = 0; 671 tcp_free_md5sig_pool(); 672 } 673 674 kfree(tp->md5sig_info->keys6); 675 tp->md5sig_info->keys6 = NULL; 676 tp->md5sig_info->alloced6 = 0; 677 678 if (tp->md5sig_info->entries4) { 679 for (i = 0; i < tp->md5sig_info->entries4; i++) 680 kfree(tp->md5sig_info->keys4[i].base.key); 681 tp->md5sig_info->entries4 = 0; 682 tcp_free_md5sig_pool(); 683 } 684 685 kfree(tp->md5sig_info->keys4); 686 tp->md5sig_info->keys4 = NULL; 687 tp->md5sig_info->alloced4 = 0; 688 } 689 690 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval, 691 int optlen) 692 { 693 struct tcp_md5sig cmd; 694 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr; 695 u8 *newkey; 696 697 if (optlen < sizeof(cmd)) 698 return -EINVAL; 699 700 if (copy_from_user(&cmd, optval, sizeof(cmd))) 701 return -EFAULT; 702 703 if (sin6->sin6_family != AF_INET6) 704 return -EINVAL; 705 706 if (!cmd.tcpm_keylen) { 707 if (!tcp_sk(sk)->md5sig_info) 708 return -ENOENT; 709 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) 710 return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]); 711 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr); 712 } 713 714 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN) 715 return -EINVAL; 716 717 if (!tcp_sk(sk)->md5sig_info) { 718 struct tcp_sock *tp = tcp_sk(sk); 719 struct tcp_md5sig_info *p; 720 721 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL); 722 if (!p) 723 return -ENOMEM; 724 725 tp->md5sig_info = p; 726 sk->sk_route_caps &= ~NETIF_F_GSO_MASK; 727 } 728 729 newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL); 730 if (!newkey) 731 return -ENOMEM; 732 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) { 733 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3], 734 newkey, cmd.tcpm_keylen); 735 } 736 return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen); 737 } 738 739 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp, 740 struct in6_addr *daddr, 741 struct in6_addr *saddr, int nbytes) 742 { 743 struct tcp6_pseudohdr *bp; 744 struct scatterlist sg; 745 746 bp = &hp->md5_blk.ip6; 747 /* 1. TCP pseudo-header (RFC2460) */ 748 ipv6_addr_copy(&bp->saddr, saddr); 749 ipv6_addr_copy(&bp->daddr, daddr); 750 bp->protocol = cpu_to_be32(IPPROTO_TCP); 751 bp->len = cpu_to_be16(nbytes); 752 753 sg_init_one(&sg, bp, sizeof(*bp)); 754 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp)); 755 } 756 757 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key, 758 struct in6_addr *daddr, struct in6_addr *saddr, 759 struct tcphdr *th) 760 { 761 struct tcp_md5sig_pool *hp; 762 struct hash_desc *desc; 763 764 hp = tcp_get_md5sig_pool(); 765 if (!hp) 766 goto clear_hash_noput; 767 desc = &hp->md5_desc; 768 769 if (crypto_hash_init(desc)) 770 goto clear_hash; 771 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2)) 772 goto clear_hash; 773 if (tcp_md5_hash_header(hp, th)) 774 goto clear_hash; 775 if (tcp_md5_hash_key(hp, key)) 776 goto clear_hash; 777 if (crypto_hash_final(desc, md5_hash)) 778 goto clear_hash; 779 780 tcp_put_md5sig_pool(); 781 return 0; 782 783 clear_hash: 784 tcp_put_md5sig_pool(); 785 clear_hash_noput: 786 memset(md5_hash, 0, 16); 787 return 1; 788 } 789 790 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key, 791 struct sock *sk, struct request_sock *req, 792 struct sk_buff *skb) 793 { 794 struct in6_addr *saddr, *daddr; 795 struct tcp_md5sig_pool *hp; 796 struct hash_desc *desc; 797 struct tcphdr *th = tcp_hdr(skb); 798 799 if (sk) { 800 saddr = &inet6_sk(sk)->saddr; 801 daddr = &inet6_sk(sk)->daddr; 802 } else if (req) { 803 saddr = &inet6_rsk(req)->loc_addr; 804 daddr = &inet6_rsk(req)->rmt_addr; 805 } else { 806 struct ipv6hdr *ip6h = ipv6_hdr(skb); 807 saddr = &ip6h->saddr; 808 daddr = &ip6h->daddr; 809 } 810 811 hp = tcp_get_md5sig_pool(); 812 if (!hp) 813 goto clear_hash_noput; 814 desc = &hp->md5_desc; 815 816 if (crypto_hash_init(desc)) 817 goto clear_hash; 818 819 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len)) 820 goto clear_hash; 821 if (tcp_md5_hash_header(hp, th)) 822 goto clear_hash; 823 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2)) 824 goto clear_hash; 825 if (tcp_md5_hash_key(hp, key)) 826 goto clear_hash; 827 if (crypto_hash_final(desc, md5_hash)) 828 goto clear_hash; 829 830 tcp_put_md5sig_pool(); 831 return 0; 832 833 clear_hash: 834 tcp_put_md5sig_pool(); 835 clear_hash_noput: 836 memset(md5_hash, 0, 16); 837 return 1; 838 } 839 840 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb) 841 { 842 __u8 *hash_location = NULL; 843 struct tcp_md5sig_key *hash_expected; 844 struct ipv6hdr *ip6h = ipv6_hdr(skb); 845 struct tcphdr *th = tcp_hdr(skb); 846 int genhash; 847 u8 newhash[16]; 848 849 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr); 850 hash_location = tcp_parse_md5sig_option(th); 851 852 /* do we have a hash as expected? */ 853 if (!hash_expected) { 854 if (!hash_location) 855 return 0; 856 if (net_ratelimit()) { 857 printk(KERN_INFO "MD5 Hash NOT expected but found " 858 "(" NIP6_FMT ", %u)->" 859 "(" NIP6_FMT ", %u)\n", 860 NIP6(ip6h->saddr), ntohs(th->source), 861 NIP6(ip6h->daddr), ntohs(th->dest)); 862 } 863 return 1; 864 } 865 866 if (!hash_location) { 867 if (net_ratelimit()) { 868 printk(KERN_INFO "MD5 Hash expected but NOT found " 869 "(" NIP6_FMT ", %u)->" 870 "(" NIP6_FMT ", %u)\n", 871 NIP6(ip6h->saddr), ntohs(th->source), 872 NIP6(ip6h->daddr), ntohs(th->dest)); 873 } 874 return 1; 875 } 876 877 /* check the signature */ 878 genhash = tcp_v6_md5_hash_skb(newhash, 879 hash_expected, 880 NULL, NULL, skb); 881 882 if (genhash || memcmp(hash_location, newhash, 16) != 0) { 883 if (net_ratelimit()) { 884 printk(KERN_INFO "MD5 Hash %s for " 885 "(" NIP6_FMT ", %u)->" 886 "(" NIP6_FMT ", %u)\n", 887 genhash ? "failed" : "mismatch", 888 NIP6(ip6h->saddr), ntohs(th->source), 889 NIP6(ip6h->daddr), ntohs(th->dest)); 890 } 891 return 1; 892 } 893 return 0; 894 } 895 #endif 896 897 struct request_sock_ops tcp6_request_sock_ops __read_mostly = { 898 .family = AF_INET6, 899 .obj_size = sizeof(struct tcp6_request_sock), 900 .rtx_syn_ack = tcp_v6_send_synack, 901 .send_ack = tcp_v6_reqsk_send_ack, 902 .destructor = tcp_v6_reqsk_destructor, 903 .send_reset = tcp_v6_send_reset 904 }; 905 906 #ifdef CONFIG_TCP_MD5SIG 907 static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = { 908 .md5_lookup = tcp_v6_reqsk_md5_lookup, 909 }; 910 #endif 911 912 static struct timewait_sock_ops tcp6_timewait_sock_ops = { 913 .twsk_obj_size = sizeof(struct tcp6_timewait_sock), 914 .twsk_unique = tcp_twsk_unique, 915 .twsk_destructor= tcp_twsk_destructor, 916 }; 917 918 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb) 919 { 920 struct ipv6_pinfo *np = inet6_sk(sk); 921 struct tcphdr *th = tcp_hdr(skb); 922 923 if (skb->ip_summed == CHECKSUM_PARTIAL) { 924 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP, 0); 925 skb->csum_start = skb_transport_header(skb) - skb->head; 926 skb->csum_offset = offsetof(struct tcphdr, check); 927 } else { 928 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP, 929 csum_partial((char *)th, th->doff<<2, 930 skb->csum)); 931 } 932 } 933 934 static int tcp_v6_gso_send_check(struct sk_buff *skb) 935 { 936 struct ipv6hdr *ipv6h; 937 struct tcphdr *th; 938 939 if (!pskb_may_pull(skb, sizeof(*th))) 940 return -EINVAL; 941 942 ipv6h = ipv6_hdr(skb); 943 th = tcp_hdr(skb); 944 945 th->check = 0; 946 th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len, 947 IPPROTO_TCP, 0); 948 skb->csum_start = skb_transport_header(skb) - skb->head; 949 skb->csum_offset = offsetof(struct tcphdr, check); 950 skb->ip_summed = CHECKSUM_PARTIAL; 951 return 0; 952 } 953 954 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb) 955 { 956 struct tcphdr *th = tcp_hdr(skb), *t1; 957 struct sk_buff *buff; 958 struct flowi fl; 959 struct net *net = dev_net(skb->dst->dev); 960 struct sock *ctl_sk = net->ipv6.tcp_sk; 961 unsigned int tot_len = sizeof(*th); 962 #ifdef CONFIG_TCP_MD5SIG 963 struct tcp_md5sig_key *key; 964 #endif 965 966 if (th->rst) 967 return; 968 969 if (!ipv6_unicast_destination(skb)) 970 return; 971 972 #ifdef CONFIG_TCP_MD5SIG 973 if (sk) 974 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr); 975 else 976 key = NULL; 977 978 if (key) 979 tot_len += TCPOLEN_MD5SIG_ALIGNED; 980 #endif 981 982 /* 983 * We need to grab some memory, and put together an RST, 984 * and then put it into the queue to be sent. 985 */ 986 987 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len, 988 GFP_ATOMIC); 989 if (buff == NULL) 990 return; 991 992 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len); 993 994 t1 = (struct tcphdr *) skb_push(buff, tot_len); 995 996 /* Swap the send and the receive. */ 997 memset(t1, 0, sizeof(*t1)); 998 t1->dest = th->source; 999 t1->source = th->dest; 1000 t1->doff = tot_len / 4; 1001 t1->rst = 1; 1002 1003 if(th->ack) { 1004 t1->seq = th->ack_seq; 1005 } else { 1006 t1->ack = 1; 1007 t1->ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin 1008 + skb->len - (th->doff<<2)); 1009 } 1010 1011 #ifdef CONFIG_TCP_MD5SIG 1012 if (key) { 1013 __be32 *opt = (__be32*)(t1 + 1); 1014 opt[0] = htonl((TCPOPT_NOP << 24) | 1015 (TCPOPT_NOP << 16) | 1016 (TCPOPT_MD5SIG << 8) | 1017 TCPOLEN_MD5SIG); 1018 tcp_v6_md5_hash_hdr((__u8 *)&opt[1], key, 1019 &ipv6_hdr(skb)->daddr, 1020 &ipv6_hdr(skb)->saddr, t1); 1021 } 1022 #endif 1023 1024 buff->csum = csum_partial((char *)t1, sizeof(*t1), 0); 1025 1026 memset(&fl, 0, sizeof(fl)); 1027 ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr); 1028 ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr); 1029 1030 t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst, 1031 sizeof(*t1), IPPROTO_TCP, 1032 buff->csum); 1033 1034 fl.proto = IPPROTO_TCP; 1035 fl.oif = inet6_iif(skb); 1036 fl.fl_ip_dport = t1->dest; 1037 fl.fl_ip_sport = t1->source; 1038 security_skb_classify_flow(skb, &fl); 1039 1040 /* Pass a socket to ip6_dst_lookup either it is for RST 1041 * Underlying function will use this to retrieve the network 1042 * namespace 1043 */ 1044 if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) { 1045 1046 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) { 1047 ip6_xmit(ctl_sk, buff, &fl, NULL, 0); 1048 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS); 1049 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS); 1050 return; 1051 } 1052 } 1053 1054 kfree_skb(buff); 1055 } 1056 1057 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts, 1058 struct tcp_md5sig_key *key) 1059 { 1060 struct tcphdr *th = tcp_hdr(skb), *t1; 1061 struct sk_buff *buff; 1062 struct flowi fl; 1063 struct net *net = dev_net(skb->dev); 1064 struct sock *ctl_sk = net->ipv6.tcp_sk; 1065 unsigned int tot_len = sizeof(struct tcphdr); 1066 __be32 *topt; 1067 1068 if (ts) 1069 tot_len += TCPOLEN_TSTAMP_ALIGNED; 1070 #ifdef CONFIG_TCP_MD5SIG 1071 if (key) 1072 tot_len += TCPOLEN_MD5SIG_ALIGNED; 1073 #endif 1074 1075 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len, 1076 GFP_ATOMIC); 1077 if (buff == NULL) 1078 return; 1079 1080 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len); 1081 1082 t1 = (struct tcphdr *) skb_push(buff,tot_len); 1083 1084 /* Swap the send and the receive. */ 1085 memset(t1, 0, sizeof(*t1)); 1086 t1->dest = th->source; 1087 t1->source = th->dest; 1088 t1->doff = tot_len/4; 1089 t1->seq = htonl(seq); 1090 t1->ack_seq = htonl(ack); 1091 t1->ack = 1; 1092 t1->window = htons(win); 1093 1094 topt = (__be32 *)(t1 + 1); 1095 1096 if (ts) { 1097 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 1098 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP); 1099 *topt++ = htonl(tcp_time_stamp); 1100 *topt = htonl(ts); 1101 } 1102 1103 #ifdef CONFIG_TCP_MD5SIG 1104 if (key) { 1105 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 1106 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); 1107 tcp_v6_md5_hash_hdr((__u8 *)topt, key, 1108 &ipv6_hdr(skb)->daddr, 1109 &ipv6_hdr(skb)->saddr, t1); 1110 } 1111 #endif 1112 1113 buff->csum = csum_partial((char *)t1, tot_len, 0); 1114 1115 memset(&fl, 0, sizeof(fl)); 1116 ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr); 1117 ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr); 1118 1119 t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst, 1120 tot_len, IPPROTO_TCP, 1121 buff->csum); 1122 1123 fl.proto = IPPROTO_TCP; 1124 fl.oif = inet6_iif(skb); 1125 fl.fl_ip_dport = t1->dest; 1126 fl.fl_ip_sport = t1->source; 1127 security_skb_classify_flow(skb, &fl); 1128 1129 if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) { 1130 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) { 1131 ip6_xmit(ctl_sk, buff, &fl, NULL, 0); 1132 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS); 1133 return; 1134 } 1135 } 1136 1137 kfree_skb(buff); 1138 } 1139 1140 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb) 1141 { 1142 struct inet_timewait_sock *tw = inet_twsk(sk); 1143 struct tcp_timewait_sock *tcptw = tcp_twsk(sk); 1144 1145 tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt, 1146 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale, 1147 tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw)); 1148 1149 inet_twsk_put(tw); 1150 } 1151 1152 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req) 1153 { 1154 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent, 1155 tcp_v6_md5_do_lookup(skb->sk, &ipv6_hdr(skb)->daddr)); 1156 } 1157 1158 1159 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb) 1160 { 1161 struct request_sock *req, **prev; 1162 const struct tcphdr *th = tcp_hdr(skb); 1163 struct sock *nsk; 1164 1165 /* Find possible connection requests. */ 1166 req = inet6_csk_search_req(sk, &prev, th->source, 1167 &ipv6_hdr(skb)->saddr, 1168 &ipv6_hdr(skb)->daddr, inet6_iif(skb)); 1169 if (req) 1170 return tcp_check_req(sk, skb, req, prev); 1171 1172 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo, 1173 &ipv6_hdr(skb)->saddr, th->source, 1174 &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb)); 1175 1176 if (nsk) { 1177 if (nsk->sk_state != TCP_TIME_WAIT) { 1178 bh_lock_sock(nsk); 1179 return nsk; 1180 } 1181 inet_twsk_put(inet_twsk(nsk)); 1182 return NULL; 1183 } 1184 1185 #ifdef CONFIG_SYN_COOKIES 1186 if (!th->rst && !th->syn && th->ack) 1187 sk = cookie_v6_check(sk, skb); 1188 #endif 1189 return sk; 1190 } 1191 1192 /* FIXME: this is substantially similar to the ipv4 code. 1193 * Can some kind of merge be done? -- erics 1194 */ 1195 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb) 1196 { 1197 struct inet6_request_sock *treq; 1198 struct ipv6_pinfo *np = inet6_sk(sk); 1199 struct tcp_options_received tmp_opt; 1200 struct tcp_sock *tp = tcp_sk(sk); 1201 struct request_sock *req = NULL; 1202 __u32 isn = TCP_SKB_CB(skb)->when; 1203 #ifdef CONFIG_SYN_COOKIES 1204 int want_cookie = 0; 1205 #else 1206 #define want_cookie 0 1207 #endif 1208 1209 if (skb->protocol == htons(ETH_P_IP)) 1210 return tcp_v4_conn_request(sk, skb); 1211 1212 if (!ipv6_unicast_destination(skb)) 1213 goto drop; 1214 1215 if (inet_csk_reqsk_queue_is_full(sk) && !isn) { 1216 if (net_ratelimit()) 1217 syn_flood_warning(skb); 1218 #ifdef CONFIG_SYN_COOKIES 1219 if (sysctl_tcp_syncookies) 1220 want_cookie = 1; 1221 else 1222 #endif 1223 goto drop; 1224 } 1225 1226 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) 1227 goto drop; 1228 1229 req = inet6_reqsk_alloc(&tcp6_request_sock_ops); 1230 if (req == NULL) 1231 goto drop; 1232 1233 #ifdef CONFIG_TCP_MD5SIG 1234 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops; 1235 #endif 1236 1237 tcp_clear_options(&tmp_opt); 1238 tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 1239 tmp_opt.user_mss = tp->rx_opt.user_mss; 1240 1241 tcp_parse_options(skb, &tmp_opt, 0); 1242 1243 if (want_cookie && !tmp_opt.saw_tstamp) 1244 tcp_clear_options(&tmp_opt); 1245 1246 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp; 1247 tcp_openreq_init(req, &tmp_opt, skb); 1248 1249 treq = inet6_rsk(req); 1250 ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr); 1251 ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr); 1252 if (!want_cookie) 1253 TCP_ECN_create_request(req, tcp_hdr(skb)); 1254 1255 if (want_cookie) { 1256 isn = cookie_v6_init_sequence(sk, skb, &req->mss); 1257 req->cookie_ts = tmp_opt.tstamp_ok; 1258 } else if (!isn) { 1259 if (ipv6_opt_accepted(sk, skb) || 1260 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || 1261 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) { 1262 atomic_inc(&skb->users); 1263 treq->pktopts = skb; 1264 } 1265 treq->iif = sk->sk_bound_dev_if; 1266 1267 /* So that link locals have meaning */ 1268 if (!sk->sk_bound_dev_if && 1269 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL) 1270 treq->iif = inet6_iif(skb); 1271 1272 isn = tcp_v6_init_sequence(skb); 1273 } 1274 1275 tcp_rsk(req)->snt_isn = isn; 1276 1277 security_inet_conn_request(sk, skb, req); 1278 1279 if (tcp_v6_send_synack(sk, req)) 1280 goto drop; 1281 1282 if (!want_cookie) { 1283 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT); 1284 return 0; 1285 } 1286 1287 drop: 1288 if (req) 1289 reqsk_free(req); 1290 1291 return 0; /* don't send reset */ 1292 } 1293 1294 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb, 1295 struct request_sock *req, 1296 struct dst_entry *dst) 1297 { 1298 struct inet6_request_sock *treq = inet6_rsk(req); 1299 struct ipv6_pinfo *newnp, *np = inet6_sk(sk); 1300 struct tcp6_sock *newtcp6sk; 1301 struct inet_sock *newinet; 1302 struct tcp_sock *newtp; 1303 struct sock *newsk; 1304 struct ipv6_txoptions *opt; 1305 #ifdef CONFIG_TCP_MD5SIG 1306 struct tcp_md5sig_key *key; 1307 #endif 1308 1309 if (skb->protocol == htons(ETH_P_IP)) { 1310 /* 1311 * v6 mapped 1312 */ 1313 1314 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst); 1315 1316 if (newsk == NULL) 1317 return NULL; 1318 1319 newtcp6sk = (struct tcp6_sock *)newsk; 1320 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1321 1322 newinet = inet_sk(newsk); 1323 newnp = inet6_sk(newsk); 1324 newtp = tcp_sk(newsk); 1325 1326 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1327 1328 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF), 1329 newinet->daddr); 1330 1331 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF), 1332 newinet->saddr); 1333 1334 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr); 1335 1336 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped; 1337 newsk->sk_backlog_rcv = tcp_v4_do_rcv; 1338 #ifdef CONFIG_TCP_MD5SIG 1339 newtp->af_specific = &tcp_sock_ipv6_mapped_specific; 1340 #endif 1341 1342 newnp->pktoptions = NULL; 1343 newnp->opt = NULL; 1344 newnp->mcast_oif = inet6_iif(skb); 1345 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1346 1347 /* 1348 * No need to charge this sock to the relevant IPv6 refcnt debug socks count 1349 * here, tcp_create_openreq_child now does this for us, see the comment in 1350 * that function for the gory details. -acme 1351 */ 1352 1353 /* It is tricky place. Until this moment IPv4 tcp 1354 worked with IPv6 icsk.icsk_af_ops. 1355 Sync it now. 1356 */ 1357 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); 1358 1359 return newsk; 1360 } 1361 1362 opt = np->opt; 1363 1364 if (sk_acceptq_is_full(sk)) 1365 goto out_overflow; 1366 1367 if (dst == NULL) { 1368 struct in6_addr *final_p = NULL, final; 1369 struct flowi fl; 1370 1371 memset(&fl, 0, sizeof(fl)); 1372 fl.proto = IPPROTO_TCP; 1373 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr); 1374 if (opt && opt->srcrt) { 1375 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt; 1376 ipv6_addr_copy(&final, &fl.fl6_dst); 1377 ipv6_addr_copy(&fl.fl6_dst, rt0->addr); 1378 final_p = &final; 1379 } 1380 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr); 1381 fl.oif = sk->sk_bound_dev_if; 1382 fl.fl_ip_dport = inet_rsk(req)->rmt_port; 1383 fl.fl_ip_sport = inet_sk(sk)->sport; 1384 security_req_classify_flow(req, &fl); 1385 1386 if (ip6_dst_lookup(sk, &dst, &fl)) 1387 goto out; 1388 1389 if (final_p) 1390 ipv6_addr_copy(&fl.fl6_dst, final_p); 1391 1392 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0) 1393 goto out; 1394 } 1395 1396 newsk = tcp_create_openreq_child(sk, req, skb); 1397 if (newsk == NULL) 1398 goto out; 1399 1400 /* 1401 * No need to charge this sock to the relevant IPv6 refcnt debug socks 1402 * count here, tcp_create_openreq_child now does this for us, see the 1403 * comment in that function for the gory details. -acme 1404 */ 1405 1406 newsk->sk_gso_type = SKB_GSO_TCPV6; 1407 __ip6_dst_store(newsk, dst, NULL, NULL); 1408 1409 newtcp6sk = (struct tcp6_sock *)newsk; 1410 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1411 1412 newtp = tcp_sk(newsk); 1413 newinet = inet_sk(newsk); 1414 newnp = inet6_sk(newsk); 1415 1416 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1417 1418 ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr); 1419 ipv6_addr_copy(&newnp->saddr, &treq->loc_addr); 1420 ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr); 1421 newsk->sk_bound_dev_if = treq->iif; 1422 1423 /* Now IPv6 options... 1424 1425 First: no IPv4 options. 1426 */ 1427 newinet->opt = NULL; 1428 newnp->ipv6_fl_list = NULL; 1429 1430 /* Clone RX bits */ 1431 newnp->rxopt.all = np->rxopt.all; 1432 1433 /* Clone pktoptions received with SYN */ 1434 newnp->pktoptions = NULL; 1435 if (treq->pktopts != NULL) { 1436 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC); 1437 kfree_skb(treq->pktopts); 1438 treq->pktopts = NULL; 1439 if (newnp->pktoptions) 1440 skb_set_owner_r(newnp->pktoptions, newsk); 1441 } 1442 newnp->opt = NULL; 1443 newnp->mcast_oif = inet6_iif(skb); 1444 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1445 1446 /* Clone native IPv6 options from listening socket (if any) 1447 1448 Yes, keeping reference count would be much more clever, 1449 but we make one more one thing there: reattach optmem 1450 to newsk. 1451 */ 1452 if (opt) { 1453 newnp->opt = ipv6_dup_options(newsk, opt); 1454 if (opt != np->opt) 1455 sock_kfree_s(sk, opt, opt->tot_len); 1456 } 1457 1458 inet_csk(newsk)->icsk_ext_hdr_len = 0; 1459 if (newnp->opt) 1460 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen + 1461 newnp->opt->opt_flen); 1462 1463 tcp_mtup_init(newsk); 1464 tcp_sync_mss(newsk, dst_mtu(dst)); 1465 newtp->advmss = dst_metric(dst, RTAX_ADVMSS); 1466 tcp_initialize_rcv_mss(newsk); 1467 1468 newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6; 1469 1470 #ifdef CONFIG_TCP_MD5SIG 1471 /* Copy over the MD5 key from the original socket */ 1472 if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) { 1473 /* We're using one, so create a matching key 1474 * on the newsk structure. If we fail to get 1475 * memory, then we end up not copying the key 1476 * across. Shucks. 1477 */ 1478 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC); 1479 if (newkey != NULL) 1480 tcp_v6_md5_do_add(newsk, &inet6_sk(sk)->daddr, 1481 newkey, key->keylen); 1482 } 1483 #endif 1484 1485 __inet6_hash(newsk); 1486 __inet_inherit_port(sk, newsk); 1487 1488 return newsk; 1489 1490 out_overflow: 1491 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); 1492 out: 1493 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); 1494 if (opt && opt != np->opt) 1495 sock_kfree_s(sk, opt, opt->tot_len); 1496 dst_release(dst); 1497 return NULL; 1498 } 1499 1500 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb) 1501 { 1502 if (skb->ip_summed == CHECKSUM_COMPLETE) { 1503 if (!tcp_v6_check(tcp_hdr(skb), skb->len, &ipv6_hdr(skb)->saddr, 1504 &ipv6_hdr(skb)->daddr, skb->csum)) { 1505 skb->ip_summed = CHECKSUM_UNNECESSARY; 1506 return 0; 1507 } 1508 } 1509 1510 skb->csum = ~csum_unfold(tcp_v6_check(tcp_hdr(skb), skb->len, 1511 &ipv6_hdr(skb)->saddr, 1512 &ipv6_hdr(skb)->daddr, 0)); 1513 1514 if (skb->len <= 76) { 1515 return __skb_checksum_complete(skb); 1516 } 1517 return 0; 1518 } 1519 1520 /* The socket must have it's spinlock held when we get 1521 * here. 1522 * 1523 * We have a potential double-lock case here, so even when 1524 * doing backlog processing we use the BH locking scheme. 1525 * This is because we cannot sleep with the original spinlock 1526 * held. 1527 */ 1528 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) 1529 { 1530 struct ipv6_pinfo *np = inet6_sk(sk); 1531 struct tcp_sock *tp; 1532 struct sk_buff *opt_skb = NULL; 1533 1534 /* Imagine: socket is IPv6. IPv4 packet arrives, 1535 goes to IPv4 receive handler and backlogged. 1536 From backlog it always goes here. Kerboom... 1537 Fortunately, tcp_rcv_established and rcv_established 1538 handle them correctly, but it is not case with 1539 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK 1540 */ 1541 1542 if (skb->protocol == htons(ETH_P_IP)) 1543 return tcp_v4_do_rcv(sk, skb); 1544 1545 #ifdef CONFIG_TCP_MD5SIG 1546 if (tcp_v6_inbound_md5_hash (sk, skb)) 1547 goto discard; 1548 #endif 1549 1550 if (sk_filter(sk, skb)) 1551 goto discard; 1552 1553 /* 1554 * socket locking is here for SMP purposes as backlog rcv 1555 * is currently called with bh processing disabled. 1556 */ 1557 1558 /* Do Stevens' IPV6_PKTOPTIONS. 1559 1560 Yes, guys, it is the only place in our code, where we 1561 may make it not affecting IPv4. 1562 The rest of code is protocol independent, 1563 and I do not like idea to uglify IPv4. 1564 1565 Actually, all the idea behind IPV6_PKTOPTIONS 1566 looks not very well thought. For now we latch 1567 options, received in the last packet, enqueued 1568 by tcp. Feel free to propose better solution. 1569 --ANK (980728) 1570 */ 1571 if (np->rxopt.all) 1572 opt_skb = skb_clone(skb, GFP_ATOMIC); 1573 1574 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ 1575 TCP_CHECK_TIMER(sk); 1576 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) 1577 goto reset; 1578 TCP_CHECK_TIMER(sk); 1579 if (opt_skb) 1580 goto ipv6_pktoptions; 1581 return 0; 1582 } 1583 1584 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb)) 1585 goto csum_err; 1586 1587 if (sk->sk_state == TCP_LISTEN) { 1588 struct sock *nsk = tcp_v6_hnd_req(sk, skb); 1589 if (!nsk) 1590 goto discard; 1591 1592 /* 1593 * Queue it on the new socket if the new socket is active, 1594 * otherwise we just shortcircuit this and continue with 1595 * the new socket.. 1596 */ 1597 if(nsk != sk) { 1598 if (tcp_child_process(sk, nsk, skb)) 1599 goto reset; 1600 if (opt_skb) 1601 __kfree_skb(opt_skb); 1602 return 0; 1603 } 1604 } 1605 1606 TCP_CHECK_TIMER(sk); 1607 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) 1608 goto reset; 1609 TCP_CHECK_TIMER(sk); 1610 if (opt_skb) 1611 goto ipv6_pktoptions; 1612 return 0; 1613 1614 reset: 1615 tcp_v6_send_reset(sk, skb); 1616 discard: 1617 if (opt_skb) 1618 __kfree_skb(opt_skb); 1619 kfree_skb(skb); 1620 return 0; 1621 csum_err: 1622 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS); 1623 goto discard; 1624 1625 1626 ipv6_pktoptions: 1627 /* Do you ask, what is it? 1628 1629 1. skb was enqueued by tcp. 1630 2. skb is added to tail of read queue, rather than out of order. 1631 3. socket is not in passive state. 1632 4. Finally, it really contains options, which user wants to receive. 1633 */ 1634 tp = tcp_sk(sk); 1635 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt && 1636 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) { 1637 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo) 1638 np->mcast_oif = inet6_iif(opt_skb); 1639 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) 1640 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit; 1641 if (ipv6_opt_accepted(sk, opt_skb)) { 1642 skb_set_owner_r(opt_skb, sk); 1643 opt_skb = xchg(&np->pktoptions, opt_skb); 1644 } else { 1645 __kfree_skb(opt_skb); 1646 opt_skb = xchg(&np->pktoptions, NULL); 1647 } 1648 } 1649 1650 if (opt_skb) 1651 kfree_skb(opt_skb); 1652 return 0; 1653 } 1654 1655 static int tcp_v6_rcv(struct sk_buff *skb) 1656 { 1657 struct tcphdr *th; 1658 struct sock *sk; 1659 int ret; 1660 struct net *net = dev_net(skb->dev); 1661 1662 if (skb->pkt_type != PACKET_HOST) 1663 goto discard_it; 1664 1665 /* 1666 * Count it even if it's bad. 1667 */ 1668 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS); 1669 1670 if (!pskb_may_pull(skb, sizeof(struct tcphdr))) 1671 goto discard_it; 1672 1673 th = tcp_hdr(skb); 1674 1675 if (th->doff < sizeof(struct tcphdr)/4) 1676 goto bad_packet; 1677 if (!pskb_may_pull(skb, th->doff*4)) 1678 goto discard_it; 1679 1680 if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb)) 1681 goto bad_packet; 1682 1683 th = tcp_hdr(skb); 1684 TCP_SKB_CB(skb)->seq = ntohl(th->seq); 1685 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin + 1686 skb->len - th->doff*4); 1687 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq); 1688 TCP_SKB_CB(skb)->when = 0; 1689 TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb)); 1690 TCP_SKB_CB(skb)->sacked = 0; 1691 1692 sk = __inet6_lookup(net, &tcp_hashinfo, 1693 &ipv6_hdr(skb)->saddr, th->source, 1694 &ipv6_hdr(skb)->daddr, ntohs(th->dest), 1695 inet6_iif(skb)); 1696 1697 if (!sk) 1698 goto no_tcp_socket; 1699 1700 process: 1701 if (sk->sk_state == TCP_TIME_WAIT) 1702 goto do_time_wait; 1703 1704 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) 1705 goto discard_and_relse; 1706 1707 if (sk_filter(sk, skb)) 1708 goto discard_and_relse; 1709 1710 skb->dev = NULL; 1711 1712 bh_lock_sock_nested(sk); 1713 ret = 0; 1714 if (!sock_owned_by_user(sk)) { 1715 #ifdef CONFIG_NET_DMA 1716 struct tcp_sock *tp = tcp_sk(sk); 1717 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list) 1718 tp->ucopy.dma_chan = get_softnet_dma(); 1719 if (tp->ucopy.dma_chan) 1720 ret = tcp_v6_do_rcv(sk, skb); 1721 else 1722 #endif 1723 { 1724 if (!tcp_prequeue(sk, skb)) 1725 ret = tcp_v6_do_rcv(sk, skb); 1726 } 1727 } else 1728 sk_add_backlog(sk, skb); 1729 bh_unlock_sock(sk); 1730 1731 sock_put(sk); 1732 return ret ? -1 : 0; 1733 1734 no_tcp_socket: 1735 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 1736 goto discard_it; 1737 1738 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1739 bad_packet: 1740 TCP_INC_STATS_BH(net, TCP_MIB_INERRS); 1741 } else { 1742 tcp_v6_send_reset(NULL, skb); 1743 } 1744 1745 discard_it: 1746 1747 /* 1748 * Discard frame 1749 */ 1750 1751 kfree_skb(skb); 1752 return 0; 1753 1754 discard_and_relse: 1755 sock_put(sk); 1756 goto discard_it; 1757 1758 do_time_wait: 1759 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 1760 inet_twsk_put(inet_twsk(sk)); 1761 goto discard_it; 1762 } 1763 1764 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1765 TCP_INC_STATS_BH(net, TCP_MIB_INERRS); 1766 inet_twsk_put(inet_twsk(sk)); 1767 goto discard_it; 1768 } 1769 1770 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) { 1771 case TCP_TW_SYN: 1772 { 1773 struct sock *sk2; 1774 1775 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo, 1776 &ipv6_hdr(skb)->daddr, 1777 ntohs(th->dest), inet6_iif(skb)); 1778 if (sk2 != NULL) { 1779 struct inet_timewait_sock *tw = inet_twsk(sk); 1780 inet_twsk_deschedule(tw, &tcp_death_row); 1781 inet_twsk_put(tw); 1782 sk = sk2; 1783 goto process; 1784 } 1785 /* Fall through to ACK */ 1786 } 1787 case TCP_TW_ACK: 1788 tcp_v6_timewait_ack(sk, skb); 1789 break; 1790 case TCP_TW_RST: 1791 goto no_tcp_socket; 1792 case TCP_TW_SUCCESS:; 1793 } 1794 goto discard_it; 1795 } 1796 1797 static int tcp_v6_remember_stamp(struct sock *sk) 1798 { 1799 /* Alas, not yet... */ 1800 return 0; 1801 } 1802 1803 static struct inet_connection_sock_af_ops ipv6_specific = { 1804 .queue_xmit = inet6_csk_xmit, 1805 .send_check = tcp_v6_send_check, 1806 .rebuild_header = inet6_sk_rebuild_header, 1807 .conn_request = tcp_v6_conn_request, 1808 .syn_recv_sock = tcp_v6_syn_recv_sock, 1809 .remember_stamp = tcp_v6_remember_stamp, 1810 .net_header_len = sizeof(struct ipv6hdr), 1811 .setsockopt = ipv6_setsockopt, 1812 .getsockopt = ipv6_getsockopt, 1813 .addr2sockaddr = inet6_csk_addr2sockaddr, 1814 .sockaddr_len = sizeof(struct sockaddr_in6), 1815 .bind_conflict = inet6_csk_bind_conflict, 1816 #ifdef CONFIG_COMPAT 1817 .compat_setsockopt = compat_ipv6_setsockopt, 1818 .compat_getsockopt = compat_ipv6_getsockopt, 1819 #endif 1820 }; 1821 1822 #ifdef CONFIG_TCP_MD5SIG 1823 static struct tcp_sock_af_ops tcp_sock_ipv6_specific = { 1824 .md5_lookup = tcp_v6_md5_lookup, 1825 .calc_md5_hash = tcp_v6_md5_hash_skb, 1826 .md5_add = tcp_v6_md5_add_func, 1827 .md5_parse = tcp_v6_parse_md5_keys, 1828 }; 1829 #endif 1830 1831 /* 1832 * TCP over IPv4 via INET6 API 1833 */ 1834 1835 static struct inet_connection_sock_af_ops ipv6_mapped = { 1836 .queue_xmit = ip_queue_xmit, 1837 .send_check = tcp_v4_send_check, 1838 .rebuild_header = inet_sk_rebuild_header, 1839 .conn_request = tcp_v6_conn_request, 1840 .syn_recv_sock = tcp_v6_syn_recv_sock, 1841 .remember_stamp = tcp_v4_remember_stamp, 1842 .net_header_len = sizeof(struct iphdr), 1843 .setsockopt = ipv6_setsockopt, 1844 .getsockopt = ipv6_getsockopt, 1845 .addr2sockaddr = inet6_csk_addr2sockaddr, 1846 .sockaddr_len = sizeof(struct sockaddr_in6), 1847 .bind_conflict = inet6_csk_bind_conflict, 1848 #ifdef CONFIG_COMPAT 1849 .compat_setsockopt = compat_ipv6_setsockopt, 1850 .compat_getsockopt = compat_ipv6_getsockopt, 1851 #endif 1852 }; 1853 1854 #ifdef CONFIG_TCP_MD5SIG 1855 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = { 1856 .md5_lookup = tcp_v4_md5_lookup, 1857 .calc_md5_hash = tcp_v4_md5_hash_skb, 1858 .md5_add = tcp_v6_md5_add_func, 1859 .md5_parse = tcp_v6_parse_md5_keys, 1860 }; 1861 #endif 1862 1863 /* NOTE: A lot of things set to zero explicitly by call to 1864 * sk_alloc() so need not be done here. 1865 */ 1866 static int tcp_v6_init_sock(struct sock *sk) 1867 { 1868 struct inet_connection_sock *icsk = inet_csk(sk); 1869 struct tcp_sock *tp = tcp_sk(sk); 1870 1871 skb_queue_head_init(&tp->out_of_order_queue); 1872 tcp_init_xmit_timers(sk); 1873 tcp_prequeue_init(tp); 1874 1875 icsk->icsk_rto = TCP_TIMEOUT_INIT; 1876 tp->mdev = TCP_TIMEOUT_INIT; 1877 1878 /* So many TCP implementations out there (incorrectly) count the 1879 * initial SYN frame in their delayed-ACK and congestion control 1880 * algorithms that we must have the following bandaid to talk 1881 * efficiently to them. -DaveM 1882 */ 1883 tp->snd_cwnd = 2; 1884 1885 /* See draft-stevens-tcpca-spec-01 for discussion of the 1886 * initialization of these values. 1887 */ 1888 tp->snd_ssthresh = 0x7fffffff; 1889 tp->snd_cwnd_clamp = ~0; 1890 tp->mss_cache = 536; 1891 1892 tp->reordering = sysctl_tcp_reordering; 1893 1894 sk->sk_state = TCP_CLOSE; 1895 1896 icsk->icsk_af_ops = &ipv6_specific; 1897 icsk->icsk_ca_ops = &tcp_init_congestion_ops; 1898 icsk->icsk_sync_mss = tcp_sync_mss; 1899 sk->sk_write_space = sk_stream_write_space; 1900 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE); 1901 1902 #ifdef CONFIG_TCP_MD5SIG 1903 tp->af_specific = &tcp_sock_ipv6_specific; 1904 #endif 1905 1906 sk->sk_sndbuf = sysctl_tcp_wmem[1]; 1907 sk->sk_rcvbuf = sysctl_tcp_rmem[1]; 1908 1909 atomic_inc(&tcp_sockets_allocated); 1910 1911 return 0; 1912 } 1913 1914 static void tcp_v6_destroy_sock(struct sock *sk) 1915 { 1916 #ifdef CONFIG_TCP_MD5SIG 1917 /* Clean up the MD5 key list */ 1918 if (tcp_sk(sk)->md5sig_info) 1919 tcp_v6_clear_md5_list(sk); 1920 #endif 1921 tcp_v4_destroy_sock(sk); 1922 inet6_destroy_sock(sk); 1923 } 1924 1925 #ifdef CONFIG_PROC_FS 1926 /* Proc filesystem TCPv6 sock list dumping. */ 1927 static void get_openreq6(struct seq_file *seq, 1928 struct sock *sk, struct request_sock *req, int i, int uid) 1929 { 1930 int ttd = req->expires - jiffies; 1931 struct in6_addr *src = &inet6_rsk(req)->loc_addr; 1932 struct in6_addr *dest = &inet6_rsk(req)->rmt_addr; 1933 1934 if (ttd < 0) 1935 ttd = 0; 1936 1937 seq_printf(seq, 1938 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1939 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n", 1940 i, 1941 src->s6_addr32[0], src->s6_addr32[1], 1942 src->s6_addr32[2], src->s6_addr32[3], 1943 ntohs(inet_sk(sk)->sport), 1944 dest->s6_addr32[0], dest->s6_addr32[1], 1945 dest->s6_addr32[2], dest->s6_addr32[3], 1946 ntohs(inet_rsk(req)->rmt_port), 1947 TCP_SYN_RECV, 1948 0,0, /* could print option size, but that is af dependent. */ 1949 1, /* timers active (only the expire timer) */ 1950 jiffies_to_clock_t(ttd), 1951 req->retrans, 1952 uid, 1953 0, /* non standard timer */ 1954 0, /* open_requests have no inode */ 1955 0, req); 1956 } 1957 1958 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) 1959 { 1960 struct in6_addr *dest, *src; 1961 __u16 destp, srcp; 1962 int timer_active; 1963 unsigned long timer_expires; 1964 struct inet_sock *inet = inet_sk(sp); 1965 struct tcp_sock *tp = tcp_sk(sp); 1966 const struct inet_connection_sock *icsk = inet_csk(sp); 1967 struct ipv6_pinfo *np = inet6_sk(sp); 1968 1969 dest = &np->daddr; 1970 src = &np->rcv_saddr; 1971 destp = ntohs(inet->dport); 1972 srcp = ntohs(inet->sport); 1973 1974 if (icsk->icsk_pending == ICSK_TIME_RETRANS) { 1975 timer_active = 1; 1976 timer_expires = icsk->icsk_timeout; 1977 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) { 1978 timer_active = 4; 1979 timer_expires = icsk->icsk_timeout; 1980 } else if (timer_pending(&sp->sk_timer)) { 1981 timer_active = 2; 1982 timer_expires = sp->sk_timer.expires; 1983 } else { 1984 timer_active = 0; 1985 timer_expires = jiffies; 1986 } 1987 1988 seq_printf(seq, 1989 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1990 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %lu %lu %u %u %d\n", 1991 i, 1992 src->s6_addr32[0], src->s6_addr32[1], 1993 src->s6_addr32[2], src->s6_addr32[3], srcp, 1994 dest->s6_addr32[0], dest->s6_addr32[1], 1995 dest->s6_addr32[2], dest->s6_addr32[3], destp, 1996 sp->sk_state, 1997 tp->write_seq-tp->snd_una, 1998 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq), 1999 timer_active, 2000 jiffies_to_clock_t(timer_expires - jiffies), 2001 icsk->icsk_retransmits, 2002 sock_i_uid(sp), 2003 icsk->icsk_probes_out, 2004 sock_i_ino(sp), 2005 atomic_read(&sp->sk_refcnt), sp, 2006 jiffies_to_clock_t(icsk->icsk_rto), 2007 jiffies_to_clock_t(icsk->icsk_ack.ato), 2008 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong, 2009 tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh 2010 ); 2011 } 2012 2013 static void get_timewait6_sock(struct seq_file *seq, 2014 struct inet_timewait_sock *tw, int i) 2015 { 2016 struct in6_addr *dest, *src; 2017 __u16 destp, srcp; 2018 struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw); 2019 int ttd = tw->tw_ttd - jiffies; 2020 2021 if (ttd < 0) 2022 ttd = 0; 2023 2024 dest = &tw6->tw_v6_daddr; 2025 src = &tw6->tw_v6_rcv_saddr; 2026 destp = ntohs(tw->tw_dport); 2027 srcp = ntohs(tw->tw_sport); 2028 2029 seq_printf(seq, 2030 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 2031 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n", 2032 i, 2033 src->s6_addr32[0], src->s6_addr32[1], 2034 src->s6_addr32[2], src->s6_addr32[3], srcp, 2035 dest->s6_addr32[0], dest->s6_addr32[1], 2036 dest->s6_addr32[2], dest->s6_addr32[3], destp, 2037 tw->tw_substate, 0, 0, 2038 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0, 2039 atomic_read(&tw->tw_refcnt), tw); 2040 } 2041 2042 static int tcp6_seq_show(struct seq_file *seq, void *v) 2043 { 2044 struct tcp_iter_state *st; 2045 2046 if (v == SEQ_START_TOKEN) { 2047 seq_puts(seq, 2048 " sl " 2049 "local_address " 2050 "remote_address " 2051 "st tx_queue rx_queue tr tm->when retrnsmt" 2052 " uid timeout inode\n"); 2053 goto out; 2054 } 2055 st = seq->private; 2056 2057 switch (st->state) { 2058 case TCP_SEQ_STATE_LISTENING: 2059 case TCP_SEQ_STATE_ESTABLISHED: 2060 get_tcp6_sock(seq, v, st->num); 2061 break; 2062 case TCP_SEQ_STATE_OPENREQ: 2063 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid); 2064 break; 2065 case TCP_SEQ_STATE_TIME_WAIT: 2066 get_timewait6_sock(seq, v, st->num); 2067 break; 2068 } 2069 out: 2070 return 0; 2071 } 2072 2073 static struct tcp_seq_afinfo tcp6_seq_afinfo = { 2074 .name = "tcp6", 2075 .family = AF_INET6, 2076 .seq_fops = { 2077 .owner = THIS_MODULE, 2078 }, 2079 .seq_ops = { 2080 .show = tcp6_seq_show, 2081 }, 2082 }; 2083 2084 int tcp6_proc_init(struct net *net) 2085 { 2086 return tcp_proc_register(net, &tcp6_seq_afinfo); 2087 } 2088 2089 void tcp6_proc_exit(struct net *net) 2090 { 2091 tcp_proc_unregister(net, &tcp6_seq_afinfo); 2092 } 2093 #endif 2094 2095 struct proto tcpv6_prot = { 2096 .name = "TCPv6", 2097 .owner = THIS_MODULE, 2098 .close = tcp_close, 2099 .connect = tcp_v6_connect, 2100 .disconnect = tcp_disconnect, 2101 .accept = inet_csk_accept, 2102 .ioctl = tcp_ioctl, 2103 .init = tcp_v6_init_sock, 2104 .destroy = tcp_v6_destroy_sock, 2105 .shutdown = tcp_shutdown, 2106 .setsockopt = tcp_setsockopt, 2107 .getsockopt = tcp_getsockopt, 2108 .recvmsg = tcp_recvmsg, 2109 .backlog_rcv = tcp_v6_do_rcv, 2110 .hash = tcp_v6_hash, 2111 .unhash = inet_unhash, 2112 .get_port = inet_csk_get_port, 2113 .enter_memory_pressure = tcp_enter_memory_pressure, 2114 .sockets_allocated = &tcp_sockets_allocated, 2115 .memory_allocated = &tcp_memory_allocated, 2116 .memory_pressure = &tcp_memory_pressure, 2117 .orphan_count = &tcp_orphan_count, 2118 .sysctl_mem = sysctl_tcp_mem, 2119 .sysctl_wmem = sysctl_tcp_wmem, 2120 .sysctl_rmem = sysctl_tcp_rmem, 2121 .max_header = MAX_TCP_HEADER, 2122 .obj_size = sizeof(struct tcp6_sock), 2123 .twsk_prot = &tcp6_timewait_sock_ops, 2124 .rsk_prot = &tcp6_request_sock_ops, 2125 .h.hashinfo = &tcp_hashinfo, 2126 #ifdef CONFIG_COMPAT 2127 .compat_setsockopt = compat_tcp_setsockopt, 2128 .compat_getsockopt = compat_tcp_getsockopt, 2129 #endif 2130 }; 2131 2132 static struct inet6_protocol tcpv6_protocol = { 2133 .handler = tcp_v6_rcv, 2134 .err_handler = tcp_v6_err, 2135 .gso_send_check = tcp_v6_gso_send_check, 2136 .gso_segment = tcp_tso_segment, 2137 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 2138 }; 2139 2140 static struct inet_protosw tcpv6_protosw = { 2141 .type = SOCK_STREAM, 2142 .protocol = IPPROTO_TCP, 2143 .prot = &tcpv6_prot, 2144 .ops = &inet6_stream_ops, 2145 .capability = -1, 2146 .no_check = 0, 2147 .flags = INET_PROTOSW_PERMANENT | 2148 INET_PROTOSW_ICSK, 2149 }; 2150 2151 static int tcpv6_net_init(struct net *net) 2152 { 2153 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6, 2154 SOCK_RAW, IPPROTO_TCP, net); 2155 } 2156 2157 static void tcpv6_net_exit(struct net *net) 2158 { 2159 inet_ctl_sock_destroy(net->ipv6.tcp_sk); 2160 } 2161 2162 static struct pernet_operations tcpv6_net_ops = { 2163 .init = tcpv6_net_init, 2164 .exit = tcpv6_net_exit, 2165 }; 2166 2167 int __init tcpv6_init(void) 2168 { 2169 int ret; 2170 2171 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP); 2172 if (ret) 2173 goto out; 2174 2175 /* register inet6 protocol */ 2176 ret = inet6_register_protosw(&tcpv6_protosw); 2177 if (ret) 2178 goto out_tcpv6_protocol; 2179 2180 ret = register_pernet_subsys(&tcpv6_net_ops); 2181 if (ret) 2182 goto out_tcpv6_protosw; 2183 out: 2184 return ret; 2185 2186 out_tcpv6_protocol: 2187 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2188 out_tcpv6_protosw: 2189 inet6_unregister_protosw(&tcpv6_protosw); 2190 goto out; 2191 } 2192 2193 void tcpv6_exit(void) 2194 { 2195 unregister_pernet_subsys(&tcpv6_net_ops); 2196 inet6_unregister_protosw(&tcpv6_protosw); 2197 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2198 } 2199