1 /* 2 * TCP over IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on: 9 * linux/net/ipv4/tcp.c 10 * linux/net/ipv4/tcp_input.c 11 * linux/net/ipv4/tcp_output.c 12 * 13 * Fixes: 14 * Hideaki YOSHIFUJI : sin6_scope_id support 15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which 16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind 17 * a single port at the same time. 18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file. 19 * 20 * This program is free software; you can redistribute it and/or 21 * modify it under the terms of the GNU General Public License 22 * as published by the Free Software Foundation; either version 23 * 2 of the License, or (at your option) any later version. 24 */ 25 26 #include <linux/bottom_half.h> 27 #include <linux/module.h> 28 #include <linux/errno.h> 29 #include <linux/types.h> 30 #include <linux/socket.h> 31 #include <linux/sockios.h> 32 #include <linux/net.h> 33 #include <linux/jiffies.h> 34 #include <linux/in.h> 35 #include <linux/in6.h> 36 #include <linux/netdevice.h> 37 #include <linux/init.h> 38 #include <linux/jhash.h> 39 #include <linux/ipsec.h> 40 #include <linux/times.h> 41 #include <linux/slab.h> 42 #include <linux/uaccess.h> 43 #include <linux/ipv6.h> 44 #include <linux/icmpv6.h> 45 #include <linux/random.h> 46 47 #include <net/tcp.h> 48 #include <net/ndisc.h> 49 #include <net/inet6_hashtables.h> 50 #include <net/inet6_connection_sock.h> 51 #include <net/ipv6.h> 52 #include <net/transp_v6.h> 53 #include <net/addrconf.h> 54 #include <net/ip6_route.h> 55 #include <net/ip6_checksum.h> 56 #include <net/inet_ecn.h> 57 #include <net/protocol.h> 58 #include <net/xfrm.h> 59 #include <net/snmp.h> 60 #include <net/dsfield.h> 61 #include <net/timewait_sock.h> 62 #include <net/inet_common.h> 63 #include <net/secure_seq.h> 64 #include <net/busy_poll.h> 65 66 #include <linux/proc_fs.h> 67 #include <linux/seq_file.h> 68 69 #include <crypto/hash.h> 70 #include <linux/scatterlist.h> 71 72 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb); 73 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb, 74 struct request_sock *req); 75 76 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb); 77 78 static const struct inet_connection_sock_af_ops ipv6_mapped; 79 static const struct inet_connection_sock_af_ops ipv6_specific; 80 #ifdef CONFIG_TCP_MD5SIG 81 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific; 82 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific; 83 #else 84 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk, 85 const struct in6_addr *addr) 86 { 87 return NULL; 88 } 89 #endif 90 91 static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) 92 { 93 struct dst_entry *dst = skb_dst(skb); 94 95 if (dst && dst_hold_safe(dst)) { 96 const struct rt6_info *rt = (const struct rt6_info *)dst; 97 98 sk->sk_rx_dst = dst; 99 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif; 100 inet6_sk(sk)->rx_dst_cookie = rt6_get_cookie(rt); 101 } 102 } 103 104 static u32 tcp_v6_init_seq(const struct sk_buff *skb) 105 { 106 return secure_tcpv6_seq(ipv6_hdr(skb)->daddr.s6_addr32, 107 ipv6_hdr(skb)->saddr.s6_addr32, 108 tcp_hdr(skb)->dest, 109 tcp_hdr(skb)->source); 110 } 111 112 static u32 tcp_v6_init_ts_off(const struct net *net, const struct sk_buff *skb) 113 { 114 return secure_tcpv6_ts_off(net, ipv6_hdr(skb)->daddr.s6_addr32, 115 ipv6_hdr(skb)->saddr.s6_addr32); 116 } 117 118 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 119 int addr_len) 120 { 121 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; 122 struct inet_sock *inet = inet_sk(sk); 123 struct inet_connection_sock *icsk = inet_csk(sk); 124 struct ipv6_pinfo *np = inet6_sk(sk); 125 struct tcp_sock *tp = tcp_sk(sk); 126 struct in6_addr *saddr = NULL, *final_p, final; 127 struct ipv6_txoptions *opt; 128 struct flowi6 fl6; 129 struct dst_entry *dst; 130 int addr_type; 131 int err; 132 struct inet_timewait_death_row *tcp_death_row = &sock_net(sk)->ipv4.tcp_death_row; 133 134 if (addr_len < SIN6_LEN_RFC2133) 135 return -EINVAL; 136 137 if (usin->sin6_family != AF_INET6) 138 return -EAFNOSUPPORT; 139 140 memset(&fl6, 0, sizeof(fl6)); 141 142 if (np->sndflow) { 143 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK; 144 IP6_ECN_flow_init(fl6.flowlabel); 145 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) { 146 struct ip6_flowlabel *flowlabel; 147 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); 148 if (!flowlabel) 149 return -EINVAL; 150 fl6_sock_release(flowlabel); 151 } 152 } 153 154 /* 155 * connect() to INADDR_ANY means loopback (BSD'ism). 156 */ 157 158 if (ipv6_addr_any(&usin->sin6_addr)) { 159 if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr)) 160 ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK), 161 &usin->sin6_addr); 162 else 163 usin->sin6_addr = in6addr_loopback; 164 } 165 166 addr_type = ipv6_addr_type(&usin->sin6_addr); 167 168 if (addr_type & IPV6_ADDR_MULTICAST) 169 return -ENETUNREACH; 170 171 if (addr_type&IPV6_ADDR_LINKLOCAL) { 172 if (addr_len >= sizeof(struct sockaddr_in6) && 173 usin->sin6_scope_id) { 174 /* If interface is set while binding, indices 175 * must coincide. 176 */ 177 if (sk->sk_bound_dev_if && 178 sk->sk_bound_dev_if != usin->sin6_scope_id) 179 return -EINVAL; 180 181 sk->sk_bound_dev_if = usin->sin6_scope_id; 182 } 183 184 /* Connect to link-local address requires an interface */ 185 if (!sk->sk_bound_dev_if) 186 return -EINVAL; 187 } 188 189 if (tp->rx_opt.ts_recent_stamp && 190 !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) { 191 tp->rx_opt.ts_recent = 0; 192 tp->rx_opt.ts_recent_stamp = 0; 193 tp->write_seq = 0; 194 } 195 196 sk->sk_v6_daddr = usin->sin6_addr; 197 np->flow_label = fl6.flowlabel; 198 199 /* 200 * TCP over IPv4 201 */ 202 203 if (addr_type & IPV6_ADDR_MAPPED) { 204 u32 exthdrlen = icsk->icsk_ext_hdr_len; 205 struct sockaddr_in sin; 206 207 SOCK_DEBUG(sk, "connect: ipv4 mapped\n"); 208 209 if (__ipv6_only_sock(sk)) 210 return -ENETUNREACH; 211 212 sin.sin_family = AF_INET; 213 sin.sin_port = usin->sin6_port; 214 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3]; 215 216 icsk->icsk_af_ops = &ipv6_mapped; 217 sk->sk_backlog_rcv = tcp_v4_do_rcv; 218 #ifdef CONFIG_TCP_MD5SIG 219 tp->af_specific = &tcp_sock_ipv6_mapped_specific; 220 #endif 221 222 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin)); 223 224 if (err) { 225 icsk->icsk_ext_hdr_len = exthdrlen; 226 icsk->icsk_af_ops = &ipv6_specific; 227 sk->sk_backlog_rcv = tcp_v6_do_rcv; 228 #ifdef CONFIG_TCP_MD5SIG 229 tp->af_specific = &tcp_sock_ipv6_specific; 230 #endif 231 goto failure; 232 } 233 np->saddr = sk->sk_v6_rcv_saddr; 234 235 return err; 236 } 237 238 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr)) 239 saddr = &sk->sk_v6_rcv_saddr; 240 241 fl6.flowi6_proto = IPPROTO_TCP; 242 fl6.daddr = sk->sk_v6_daddr; 243 fl6.saddr = saddr ? *saddr : np->saddr; 244 fl6.flowi6_oif = sk->sk_bound_dev_if; 245 fl6.flowi6_mark = sk->sk_mark; 246 fl6.fl6_dport = usin->sin6_port; 247 fl6.fl6_sport = inet->inet_sport; 248 fl6.flowi6_uid = sk->sk_uid; 249 250 opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk)); 251 final_p = fl6_update_dst(&fl6, opt, &final); 252 253 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); 254 255 dst = ip6_dst_lookup_flow(sk, &fl6, final_p); 256 if (IS_ERR(dst)) { 257 err = PTR_ERR(dst); 258 goto failure; 259 } 260 261 if (!saddr) { 262 saddr = &fl6.saddr; 263 sk->sk_v6_rcv_saddr = *saddr; 264 } 265 266 /* set the source address */ 267 np->saddr = *saddr; 268 inet->inet_rcv_saddr = LOOPBACK4_IPV6; 269 270 sk->sk_gso_type = SKB_GSO_TCPV6; 271 ip6_dst_store(sk, dst, NULL, NULL); 272 273 icsk->icsk_ext_hdr_len = 0; 274 if (opt) 275 icsk->icsk_ext_hdr_len = opt->opt_flen + 276 opt->opt_nflen; 277 278 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 279 280 inet->inet_dport = usin->sin6_port; 281 282 tcp_set_state(sk, TCP_SYN_SENT); 283 err = inet6_hash_connect(tcp_death_row, sk); 284 if (err) 285 goto late_failure; 286 287 sk_set_txhash(sk); 288 289 if (likely(!tp->repair)) { 290 if (!tp->write_seq) 291 tp->write_seq = secure_tcpv6_seq(np->saddr.s6_addr32, 292 sk->sk_v6_daddr.s6_addr32, 293 inet->inet_sport, 294 inet->inet_dport); 295 tp->tsoffset = secure_tcpv6_ts_off(sock_net(sk), 296 np->saddr.s6_addr32, 297 sk->sk_v6_daddr.s6_addr32); 298 } 299 300 if (tcp_fastopen_defer_connect(sk, &err)) 301 return err; 302 if (err) 303 goto late_failure; 304 305 err = tcp_connect(sk); 306 if (err) 307 goto late_failure; 308 309 return 0; 310 311 late_failure: 312 tcp_set_state(sk, TCP_CLOSE); 313 failure: 314 inet->inet_dport = 0; 315 sk->sk_route_caps = 0; 316 return err; 317 } 318 319 static void tcp_v6_mtu_reduced(struct sock *sk) 320 { 321 struct dst_entry *dst; 322 323 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) 324 return; 325 326 dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info); 327 if (!dst) 328 return; 329 330 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) { 331 tcp_sync_mss(sk, dst_mtu(dst)); 332 tcp_simple_retransmit(sk); 333 } 334 } 335 336 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 337 u8 type, u8 code, int offset, __be32 info) 338 { 339 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data; 340 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset); 341 struct net *net = dev_net(skb->dev); 342 struct request_sock *fastopen; 343 struct ipv6_pinfo *np; 344 struct tcp_sock *tp; 345 __u32 seq, snd_una; 346 struct sock *sk; 347 bool fatal; 348 int err; 349 350 sk = __inet6_lookup_established(net, &tcp_hashinfo, 351 &hdr->daddr, th->dest, 352 &hdr->saddr, ntohs(th->source), 353 skb->dev->ifindex); 354 355 if (!sk) { 356 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), 357 ICMP6_MIB_INERRORS); 358 return; 359 } 360 361 if (sk->sk_state == TCP_TIME_WAIT) { 362 inet_twsk_put(inet_twsk(sk)); 363 return; 364 } 365 seq = ntohl(th->seq); 366 fatal = icmpv6_err_convert(type, code, &err); 367 if (sk->sk_state == TCP_NEW_SYN_RECV) 368 return tcp_req_err(sk, seq, fatal); 369 370 bh_lock_sock(sk); 371 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG) 372 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS); 373 374 if (sk->sk_state == TCP_CLOSE) 375 goto out; 376 377 if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) { 378 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP); 379 goto out; 380 } 381 382 tp = tcp_sk(sk); 383 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */ 384 fastopen = tp->fastopen_rsk; 385 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una; 386 if (sk->sk_state != TCP_LISTEN && 387 !between(seq, snd_una, tp->snd_nxt)) { 388 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS); 389 goto out; 390 } 391 392 np = inet6_sk(sk); 393 394 if (type == NDISC_REDIRECT) { 395 if (!sock_owned_by_user(sk)) { 396 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie); 397 398 if (dst) 399 dst->ops->redirect(dst, sk, skb); 400 } 401 goto out; 402 } 403 404 if (type == ICMPV6_PKT_TOOBIG) { 405 /* We are not interested in TCP_LISTEN and open_requests 406 * (SYN-ACKs send out by Linux are always <576bytes so 407 * they should go through unfragmented). 408 */ 409 if (sk->sk_state == TCP_LISTEN) 410 goto out; 411 412 if (!ip6_sk_accept_pmtu(sk)) 413 goto out; 414 415 tp->mtu_info = ntohl(info); 416 if (!sock_owned_by_user(sk)) 417 tcp_v6_mtu_reduced(sk); 418 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED, 419 &sk->sk_tsq_flags)) 420 sock_hold(sk); 421 goto out; 422 } 423 424 425 /* Might be for an request_sock */ 426 switch (sk->sk_state) { 427 case TCP_SYN_SENT: 428 case TCP_SYN_RECV: 429 /* Only in fast or simultaneous open. If a fast open socket is 430 * is already accepted it is treated as a connected one below. 431 */ 432 if (fastopen && !fastopen->sk) 433 break; 434 435 if (!sock_owned_by_user(sk)) { 436 sk->sk_err = err; 437 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */ 438 439 tcp_done(sk); 440 } else 441 sk->sk_err_soft = err; 442 goto out; 443 } 444 445 if (!sock_owned_by_user(sk) && np->recverr) { 446 sk->sk_err = err; 447 sk->sk_error_report(sk); 448 } else 449 sk->sk_err_soft = err; 450 451 out: 452 bh_unlock_sock(sk); 453 sock_put(sk); 454 } 455 456 457 static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst, 458 struct flowi *fl, 459 struct request_sock *req, 460 struct tcp_fastopen_cookie *foc, 461 enum tcp_synack_type synack_type) 462 { 463 struct inet_request_sock *ireq = inet_rsk(req); 464 struct ipv6_pinfo *np = inet6_sk(sk); 465 struct ipv6_txoptions *opt; 466 struct flowi6 *fl6 = &fl->u.ip6; 467 struct sk_buff *skb; 468 int err = -ENOMEM; 469 470 /* First, grab a route. */ 471 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req, 472 IPPROTO_TCP)) == NULL) 473 goto done; 474 475 skb = tcp_make_synack(sk, dst, req, foc, synack_type); 476 477 if (skb) { 478 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr, 479 &ireq->ir_v6_rmt_addr); 480 481 fl6->daddr = ireq->ir_v6_rmt_addr; 482 if (np->repflow && ireq->pktopts) 483 fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts)); 484 485 rcu_read_lock(); 486 opt = ireq->ipv6_opt; 487 if (!opt) 488 opt = rcu_dereference(np->opt); 489 err = ip6_xmit(sk, skb, fl6, sk->sk_mark, opt, np->tclass); 490 rcu_read_unlock(); 491 err = net_xmit_eval(err); 492 } 493 494 done: 495 return err; 496 } 497 498 499 static void tcp_v6_reqsk_destructor(struct request_sock *req) 500 { 501 kfree(inet_rsk(req)->ipv6_opt); 502 kfree_skb(inet_rsk(req)->pktopts); 503 } 504 505 #ifdef CONFIG_TCP_MD5SIG 506 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk, 507 const struct in6_addr *addr) 508 { 509 return tcp_md5_do_lookup(sk, (union tcp_md5_addr *)addr, AF_INET6); 510 } 511 512 static struct tcp_md5sig_key *tcp_v6_md5_lookup(const struct sock *sk, 513 const struct sock *addr_sk) 514 { 515 return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr); 516 } 517 518 static int tcp_v6_parse_md5_keys(struct sock *sk, int optname, 519 char __user *optval, int optlen) 520 { 521 struct tcp_md5sig cmd; 522 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr; 523 u8 prefixlen; 524 525 if (optlen < sizeof(cmd)) 526 return -EINVAL; 527 528 if (copy_from_user(&cmd, optval, sizeof(cmd))) 529 return -EFAULT; 530 531 if (sin6->sin6_family != AF_INET6) 532 return -EINVAL; 533 534 if (optname == TCP_MD5SIG_EXT && 535 cmd.tcpm_flags & TCP_MD5SIG_FLAG_PREFIX) { 536 prefixlen = cmd.tcpm_prefixlen; 537 if (prefixlen > 128 || (ipv6_addr_v4mapped(&sin6->sin6_addr) && 538 prefixlen > 32)) 539 return -EINVAL; 540 } else { 541 prefixlen = ipv6_addr_v4mapped(&sin6->sin6_addr) ? 32 : 128; 542 } 543 544 if (!cmd.tcpm_keylen) { 545 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) 546 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3], 547 AF_INET, prefixlen); 548 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr, 549 AF_INET6, prefixlen); 550 } 551 552 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN) 553 return -EINVAL; 554 555 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) 556 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3], 557 AF_INET, prefixlen, cmd.tcpm_key, 558 cmd.tcpm_keylen, GFP_KERNEL); 559 560 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr, 561 AF_INET6, prefixlen, cmd.tcpm_key, 562 cmd.tcpm_keylen, GFP_KERNEL); 563 } 564 565 static int tcp_v6_md5_hash_headers(struct tcp_md5sig_pool *hp, 566 const struct in6_addr *daddr, 567 const struct in6_addr *saddr, 568 const struct tcphdr *th, int nbytes) 569 { 570 struct tcp6_pseudohdr *bp; 571 struct scatterlist sg; 572 struct tcphdr *_th; 573 574 bp = hp->scratch; 575 /* 1. TCP pseudo-header (RFC2460) */ 576 bp->saddr = *saddr; 577 bp->daddr = *daddr; 578 bp->protocol = cpu_to_be32(IPPROTO_TCP); 579 bp->len = cpu_to_be32(nbytes); 580 581 _th = (struct tcphdr *)(bp + 1); 582 memcpy(_th, th, sizeof(*th)); 583 _th->check = 0; 584 585 sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th)); 586 ahash_request_set_crypt(hp->md5_req, &sg, NULL, 587 sizeof(*bp) + sizeof(*th)); 588 return crypto_ahash_update(hp->md5_req); 589 } 590 591 static int tcp_v6_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key, 592 const struct in6_addr *daddr, struct in6_addr *saddr, 593 const struct tcphdr *th) 594 { 595 struct tcp_md5sig_pool *hp; 596 struct ahash_request *req; 597 598 hp = tcp_get_md5sig_pool(); 599 if (!hp) 600 goto clear_hash_noput; 601 req = hp->md5_req; 602 603 if (crypto_ahash_init(req)) 604 goto clear_hash; 605 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, th->doff << 2)) 606 goto clear_hash; 607 if (tcp_md5_hash_key(hp, key)) 608 goto clear_hash; 609 ahash_request_set_crypt(req, NULL, md5_hash, 0); 610 if (crypto_ahash_final(req)) 611 goto clear_hash; 612 613 tcp_put_md5sig_pool(); 614 return 0; 615 616 clear_hash: 617 tcp_put_md5sig_pool(); 618 clear_hash_noput: 619 memset(md5_hash, 0, 16); 620 return 1; 621 } 622 623 static int tcp_v6_md5_hash_skb(char *md5_hash, 624 const struct tcp_md5sig_key *key, 625 const struct sock *sk, 626 const struct sk_buff *skb) 627 { 628 const struct in6_addr *saddr, *daddr; 629 struct tcp_md5sig_pool *hp; 630 struct ahash_request *req; 631 const struct tcphdr *th = tcp_hdr(skb); 632 633 if (sk) { /* valid for establish/request sockets */ 634 saddr = &sk->sk_v6_rcv_saddr; 635 daddr = &sk->sk_v6_daddr; 636 } else { 637 const struct ipv6hdr *ip6h = ipv6_hdr(skb); 638 saddr = &ip6h->saddr; 639 daddr = &ip6h->daddr; 640 } 641 642 hp = tcp_get_md5sig_pool(); 643 if (!hp) 644 goto clear_hash_noput; 645 req = hp->md5_req; 646 647 if (crypto_ahash_init(req)) 648 goto clear_hash; 649 650 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, skb->len)) 651 goto clear_hash; 652 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2)) 653 goto clear_hash; 654 if (tcp_md5_hash_key(hp, key)) 655 goto clear_hash; 656 ahash_request_set_crypt(req, NULL, md5_hash, 0); 657 if (crypto_ahash_final(req)) 658 goto clear_hash; 659 660 tcp_put_md5sig_pool(); 661 return 0; 662 663 clear_hash: 664 tcp_put_md5sig_pool(); 665 clear_hash_noput: 666 memset(md5_hash, 0, 16); 667 return 1; 668 } 669 670 #endif 671 672 static bool tcp_v6_inbound_md5_hash(const struct sock *sk, 673 const struct sk_buff *skb) 674 { 675 #ifdef CONFIG_TCP_MD5SIG 676 const __u8 *hash_location = NULL; 677 struct tcp_md5sig_key *hash_expected; 678 const struct ipv6hdr *ip6h = ipv6_hdr(skb); 679 const struct tcphdr *th = tcp_hdr(skb); 680 int genhash; 681 u8 newhash[16]; 682 683 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr); 684 hash_location = tcp_parse_md5sig_option(th); 685 686 /* We've parsed the options - do we have a hash? */ 687 if (!hash_expected && !hash_location) 688 return false; 689 690 if (hash_expected && !hash_location) { 691 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND); 692 return true; 693 } 694 695 if (!hash_expected && hash_location) { 696 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED); 697 return true; 698 } 699 700 /* check the signature */ 701 genhash = tcp_v6_md5_hash_skb(newhash, 702 hash_expected, 703 NULL, skb); 704 705 if (genhash || memcmp(hash_location, newhash, 16) != 0) { 706 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5FAILURE); 707 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n", 708 genhash ? "failed" : "mismatch", 709 &ip6h->saddr, ntohs(th->source), 710 &ip6h->daddr, ntohs(th->dest)); 711 return true; 712 } 713 #endif 714 return false; 715 } 716 717 static void tcp_v6_init_req(struct request_sock *req, 718 const struct sock *sk_listener, 719 struct sk_buff *skb) 720 { 721 struct inet_request_sock *ireq = inet_rsk(req); 722 const struct ipv6_pinfo *np = inet6_sk(sk_listener); 723 724 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr; 725 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr; 726 727 /* So that link locals have meaning */ 728 if (!sk_listener->sk_bound_dev_if && 729 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL) 730 ireq->ir_iif = tcp_v6_iif(skb); 731 732 if (!TCP_SKB_CB(skb)->tcp_tw_isn && 733 (ipv6_opt_accepted(sk_listener, skb, &TCP_SKB_CB(skb)->header.h6) || 734 np->rxopt.bits.rxinfo || 735 np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim || 736 np->rxopt.bits.rxohlim || np->repflow)) { 737 refcount_inc(&skb->users); 738 ireq->pktopts = skb; 739 } 740 } 741 742 static struct dst_entry *tcp_v6_route_req(const struct sock *sk, 743 struct flowi *fl, 744 const struct request_sock *req) 745 { 746 return inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP); 747 } 748 749 struct request_sock_ops tcp6_request_sock_ops __read_mostly = { 750 .family = AF_INET6, 751 .obj_size = sizeof(struct tcp6_request_sock), 752 .rtx_syn_ack = tcp_rtx_synack, 753 .send_ack = tcp_v6_reqsk_send_ack, 754 .destructor = tcp_v6_reqsk_destructor, 755 .send_reset = tcp_v6_send_reset, 756 .syn_ack_timeout = tcp_syn_ack_timeout, 757 }; 758 759 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = { 760 .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - 761 sizeof(struct ipv6hdr), 762 #ifdef CONFIG_TCP_MD5SIG 763 .req_md5_lookup = tcp_v6_md5_lookup, 764 .calc_md5_hash = tcp_v6_md5_hash_skb, 765 #endif 766 .init_req = tcp_v6_init_req, 767 #ifdef CONFIG_SYN_COOKIES 768 .cookie_init_seq = cookie_v6_init_sequence, 769 #endif 770 .route_req = tcp_v6_route_req, 771 .init_seq = tcp_v6_init_seq, 772 .init_ts_off = tcp_v6_init_ts_off, 773 .send_synack = tcp_v6_send_synack, 774 }; 775 776 static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 seq, 777 u32 ack, u32 win, u32 tsval, u32 tsecr, 778 int oif, struct tcp_md5sig_key *key, int rst, 779 u8 tclass, __be32 label) 780 { 781 const struct tcphdr *th = tcp_hdr(skb); 782 struct tcphdr *t1; 783 struct sk_buff *buff; 784 struct flowi6 fl6; 785 struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev); 786 struct sock *ctl_sk = net->ipv6.tcp_sk; 787 unsigned int tot_len = sizeof(struct tcphdr); 788 struct dst_entry *dst; 789 __be32 *topt; 790 791 if (tsecr) 792 tot_len += TCPOLEN_TSTAMP_ALIGNED; 793 #ifdef CONFIG_TCP_MD5SIG 794 if (key) 795 tot_len += TCPOLEN_MD5SIG_ALIGNED; 796 #endif 797 798 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len, 799 GFP_ATOMIC); 800 if (!buff) 801 return; 802 803 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len); 804 805 t1 = skb_push(buff, tot_len); 806 skb_reset_transport_header(buff); 807 808 /* Swap the send and the receive. */ 809 memset(t1, 0, sizeof(*t1)); 810 t1->dest = th->source; 811 t1->source = th->dest; 812 t1->doff = tot_len / 4; 813 t1->seq = htonl(seq); 814 t1->ack_seq = htonl(ack); 815 t1->ack = !rst || !th->ack; 816 t1->rst = rst; 817 t1->window = htons(win); 818 819 topt = (__be32 *)(t1 + 1); 820 821 if (tsecr) { 822 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 823 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP); 824 *topt++ = htonl(tsval); 825 *topt++ = htonl(tsecr); 826 } 827 828 #ifdef CONFIG_TCP_MD5SIG 829 if (key) { 830 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 831 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); 832 tcp_v6_md5_hash_hdr((__u8 *)topt, key, 833 &ipv6_hdr(skb)->saddr, 834 &ipv6_hdr(skb)->daddr, t1); 835 } 836 #endif 837 838 memset(&fl6, 0, sizeof(fl6)); 839 fl6.daddr = ipv6_hdr(skb)->saddr; 840 fl6.saddr = ipv6_hdr(skb)->daddr; 841 fl6.flowlabel = label; 842 843 buff->ip_summed = CHECKSUM_PARTIAL; 844 buff->csum = 0; 845 846 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr); 847 848 fl6.flowi6_proto = IPPROTO_TCP; 849 if (rt6_need_strict(&fl6.daddr) && !oif) 850 fl6.flowi6_oif = tcp_v6_iif(skb); 851 else { 852 if (!oif && netif_index_is_l3_master(net, skb->skb_iif)) 853 oif = skb->skb_iif; 854 855 fl6.flowi6_oif = oif; 856 } 857 858 fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark); 859 fl6.fl6_dport = t1->dest; 860 fl6.fl6_sport = t1->source; 861 fl6.flowi6_uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL); 862 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); 863 864 /* Pass a socket to ip6_dst_lookup either it is for RST 865 * Underlying function will use this to retrieve the network 866 * namespace 867 */ 868 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL); 869 if (!IS_ERR(dst)) { 870 skb_dst_set(buff, dst); 871 ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL, tclass); 872 TCP_INC_STATS(net, TCP_MIB_OUTSEGS); 873 if (rst) 874 TCP_INC_STATS(net, TCP_MIB_OUTRSTS); 875 return; 876 } 877 878 kfree_skb(buff); 879 } 880 881 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb) 882 { 883 const struct tcphdr *th = tcp_hdr(skb); 884 u32 seq = 0, ack_seq = 0; 885 struct tcp_md5sig_key *key = NULL; 886 #ifdef CONFIG_TCP_MD5SIG 887 const __u8 *hash_location = NULL; 888 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 889 unsigned char newhash[16]; 890 int genhash; 891 struct sock *sk1 = NULL; 892 #endif 893 int oif; 894 895 if (th->rst) 896 return; 897 898 /* If sk not NULL, it means we did a successful lookup and incoming 899 * route had to be correct. prequeue might have dropped our dst. 900 */ 901 if (!sk && !ipv6_unicast_destination(skb)) 902 return; 903 904 #ifdef CONFIG_TCP_MD5SIG 905 rcu_read_lock(); 906 hash_location = tcp_parse_md5sig_option(th); 907 if (sk && sk_fullsock(sk)) { 908 key = tcp_v6_md5_do_lookup(sk, &ipv6h->saddr); 909 } else if (hash_location) { 910 /* 911 * active side is lost. Try to find listening socket through 912 * source port, and then find md5 key through listening socket. 913 * we are not loose security here: 914 * Incoming packet is checked with md5 hash with finding key, 915 * no RST generated if md5 hash doesn't match. 916 */ 917 sk1 = inet6_lookup_listener(dev_net(skb_dst(skb)->dev), 918 &tcp_hashinfo, NULL, 0, 919 &ipv6h->saddr, 920 th->source, &ipv6h->daddr, 921 ntohs(th->source), tcp_v6_iif(skb)); 922 if (!sk1) 923 goto out; 924 925 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr); 926 if (!key) 927 goto out; 928 929 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, skb); 930 if (genhash || memcmp(hash_location, newhash, 16) != 0) 931 goto out; 932 } 933 #endif 934 935 if (th->ack) 936 seq = ntohl(th->ack_seq); 937 else 938 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len - 939 (th->doff << 2); 940 941 oif = sk ? sk->sk_bound_dev_if : 0; 942 tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, key, 1, 0, 0); 943 944 #ifdef CONFIG_TCP_MD5SIG 945 out: 946 rcu_read_unlock(); 947 #endif 948 } 949 950 static void tcp_v6_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq, 951 u32 ack, u32 win, u32 tsval, u32 tsecr, int oif, 952 struct tcp_md5sig_key *key, u8 tclass, 953 __be32 label) 954 { 955 tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, key, 0, 956 tclass, label); 957 } 958 959 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb) 960 { 961 struct inet_timewait_sock *tw = inet_twsk(sk); 962 struct tcp_timewait_sock *tcptw = tcp_twsk(sk); 963 964 tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt, 965 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale, 966 tcp_time_stamp_raw() + tcptw->tw_ts_offset, 967 tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw), 968 tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel)); 969 970 inet_twsk_put(tw); 971 } 972 973 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb, 974 struct request_sock *req) 975 { 976 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV 977 * sk->sk_state == TCP_SYN_RECV -> for Fast Open. 978 */ 979 /* RFC 7323 2.3 980 * The window field (SEG.WND) of every outgoing segment, with the 981 * exception of <SYN> segments, MUST be right-shifted by 982 * Rcv.Wind.Shift bits: 983 */ 984 tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ? 985 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt, 986 tcp_rsk(req)->rcv_nxt, 987 req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale, 988 tcp_time_stamp_raw() + tcp_rsk(req)->ts_off, 989 req->ts_recent, sk->sk_bound_dev_if, 990 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr), 991 0, 0); 992 } 993 994 995 static struct sock *tcp_v6_cookie_check(struct sock *sk, struct sk_buff *skb) 996 { 997 #ifdef CONFIG_SYN_COOKIES 998 const struct tcphdr *th = tcp_hdr(skb); 999 1000 if (!th->syn) 1001 sk = cookie_v6_check(sk, skb); 1002 #endif 1003 return sk; 1004 } 1005 1006 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb) 1007 { 1008 if (skb->protocol == htons(ETH_P_IP)) 1009 return tcp_v4_conn_request(sk, skb); 1010 1011 if (!ipv6_unicast_destination(skb)) 1012 goto drop; 1013 1014 return tcp_conn_request(&tcp6_request_sock_ops, 1015 &tcp_request_sock_ipv6_ops, sk, skb); 1016 1017 drop: 1018 tcp_listendrop(sk); 1019 return 0; /* don't send reset */ 1020 } 1021 1022 static void tcp_v6_restore_cb(struct sk_buff *skb) 1023 { 1024 /* We need to move header back to the beginning if xfrm6_policy_check() 1025 * and tcp_v6_fill_cb() are going to be called again. 1026 * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there. 1027 */ 1028 memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6, 1029 sizeof(struct inet6_skb_parm)); 1030 } 1031 1032 static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb, 1033 struct request_sock *req, 1034 struct dst_entry *dst, 1035 struct request_sock *req_unhash, 1036 bool *own_req) 1037 { 1038 struct inet_request_sock *ireq; 1039 struct ipv6_pinfo *newnp; 1040 const struct ipv6_pinfo *np = inet6_sk(sk); 1041 struct ipv6_txoptions *opt; 1042 struct tcp6_sock *newtcp6sk; 1043 struct inet_sock *newinet; 1044 struct tcp_sock *newtp; 1045 struct sock *newsk; 1046 #ifdef CONFIG_TCP_MD5SIG 1047 struct tcp_md5sig_key *key; 1048 #endif 1049 struct flowi6 fl6; 1050 1051 if (skb->protocol == htons(ETH_P_IP)) { 1052 /* 1053 * v6 mapped 1054 */ 1055 1056 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst, 1057 req_unhash, own_req); 1058 1059 if (!newsk) 1060 return NULL; 1061 1062 newtcp6sk = (struct tcp6_sock *)newsk; 1063 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1064 1065 newinet = inet_sk(newsk); 1066 newnp = inet6_sk(newsk); 1067 newtp = tcp_sk(newsk); 1068 1069 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1070 1071 newnp->saddr = newsk->sk_v6_rcv_saddr; 1072 1073 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped; 1074 newsk->sk_backlog_rcv = tcp_v4_do_rcv; 1075 #ifdef CONFIG_TCP_MD5SIG 1076 newtp->af_specific = &tcp_sock_ipv6_mapped_specific; 1077 #endif 1078 1079 newnp->ipv6_mc_list = NULL; 1080 newnp->ipv6_ac_list = NULL; 1081 newnp->ipv6_fl_list = NULL; 1082 newnp->pktoptions = NULL; 1083 newnp->opt = NULL; 1084 newnp->mcast_oif = tcp_v6_iif(skb); 1085 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1086 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb)); 1087 if (np->repflow) 1088 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb)); 1089 1090 /* 1091 * No need to charge this sock to the relevant IPv6 refcnt debug socks count 1092 * here, tcp_create_openreq_child now does this for us, see the comment in 1093 * that function for the gory details. -acme 1094 */ 1095 1096 /* It is tricky place. Until this moment IPv4 tcp 1097 worked with IPv6 icsk.icsk_af_ops. 1098 Sync it now. 1099 */ 1100 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); 1101 1102 return newsk; 1103 } 1104 1105 ireq = inet_rsk(req); 1106 1107 if (sk_acceptq_is_full(sk)) 1108 goto out_overflow; 1109 1110 if (!dst) { 1111 dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_TCP); 1112 if (!dst) 1113 goto out; 1114 } 1115 1116 newsk = tcp_create_openreq_child(sk, req, skb); 1117 if (!newsk) 1118 goto out_nonewsk; 1119 1120 /* 1121 * No need to charge this sock to the relevant IPv6 refcnt debug socks 1122 * count here, tcp_create_openreq_child now does this for us, see the 1123 * comment in that function for the gory details. -acme 1124 */ 1125 1126 newsk->sk_gso_type = SKB_GSO_TCPV6; 1127 ip6_dst_store(newsk, dst, NULL, NULL); 1128 inet6_sk_rx_dst_set(newsk, skb); 1129 1130 newtcp6sk = (struct tcp6_sock *)newsk; 1131 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1132 1133 newtp = tcp_sk(newsk); 1134 newinet = inet_sk(newsk); 1135 newnp = inet6_sk(newsk); 1136 1137 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1138 1139 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr; 1140 newnp->saddr = ireq->ir_v6_loc_addr; 1141 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr; 1142 newsk->sk_bound_dev_if = ireq->ir_iif; 1143 1144 /* Now IPv6 options... 1145 1146 First: no IPv4 options. 1147 */ 1148 newinet->inet_opt = NULL; 1149 newnp->ipv6_mc_list = NULL; 1150 newnp->ipv6_ac_list = NULL; 1151 newnp->ipv6_fl_list = NULL; 1152 1153 /* Clone RX bits */ 1154 newnp->rxopt.all = np->rxopt.all; 1155 1156 newnp->pktoptions = NULL; 1157 newnp->opt = NULL; 1158 newnp->mcast_oif = tcp_v6_iif(skb); 1159 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1160 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb)); 1161 if (np->repflow) 1162 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb)); 1163 1164 /* Clone native IPv6 options from listening socket (if any) 1165 1166 Yes, keeping reference count would be much more clever, 1167 but we make one more one thing there: reattach optmem 1168 to newsk. 1169 */ 1170 opt = ireq->ipv6_opt; 1171 if (!opt) 1172 opt = rcu_dereference(np->opt); 1173 if (opt) { 1174 opt = ipv6_dup_options(newsk, opt); 1175 RCU_INIT_POINTER(newnp->opt, opt); 1176 } 1177 inet_csk(newsk)->icsk_ext_hdr_len = 0; 1178 if (opt) 1179 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen + 1180 opt->opt_flen; 1181 1182 tcp_ca_openreq_child(newsk, dst); 1183 1184 tcp_sync_mss(newsk, dst_mtu(dst)); 1185 newtp->advmss = tcp_mss_clamp(tcp_sk(sk), dst_metric_advmss(dst)); 1186 1187 tcp_initialize_rcv_mss(newsk); 1188 1189 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6; 1190 newinet->inet_rcv_saddr = LOOPBACK4_IPV6; 1191 1192 #ifdef CONFIG_TCP_MD5SIG 1193 /* Copy over the MD5 key from the original socket */ 1194 key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr); 1195 if (key) { 1196 /* We're using one, so create a matching key 1197 * on the newsk structure. If we fail to get 1198 * memory, then we end up not copying the key 1199 * across. Shucks. 1200 */ 1201 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr, 1202 AF_INET6, 128, key->key, key->keylen, 1203 sk_gfp_mask(sk, GFP_ATOMIC)); 1204 } 1205 #endif 1206 1207 if (__inet_inherit_port(sk, newsk) < 0) { 1208 inet_csk_prepare_forced_close(newsk); 1209 tcp_done(newsk); 1210 goto out; 1211 } 1212 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash)); 1213 if (*own_req) { 1214 tcp_move_syn(newtp, req); 1215 1216 /* Clone pktoptions received with SYN, if we own the req */ 1217 if (ireq->pktopts) { 1218 newnp->pktoptions = skb_clone(ireq->pktopts, 1219 sk_gfp_mask(sk, GFP_ATOMIC)); 1220 consume_skb(ireq->pktopts); 1221 ireq->pktopts = NULL; 1222 if (newnp->pktoptions) { 1223 tcp_v6_restore_cb(newnp->pktoptions); 1224 skb_set_owner_r(newnp->pktoptions, newsk); 1225 } 1226 } 1227 } 1228 1229 return newsk; 1230 1231 out_overflow: 1232 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); 1233 out_nonewsk: 1234 dst_release(dst); 1235 out: 1236 tcp_listendrop(sk); 1237 return NULL; 1238 } 1239 1240 /* The socket must have it's spinlock held when we get 1241 * here, unless it is a TCP_LISTEN socket. 1242 * 1243 * We have a potential double-lock case here, so even when 1244 * doing backlog processing we use the BH locking scheme. 1245 * This is because we cannot sleep with the original spinlock 1246 * held. 1247 */ 1248 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) 1249 { 1250 struct ipv6_pinfo *np = inet6_sk(sk); 1251 struct tcp_sock *tp; 1252 struct sk_buff *opt_skb = NULL; 1253 1254 /* Imagine: socket is IPv6. IPv4 packet arrives, 1255 goes to IPv4 receive handler and backlogged. 1256 From backlog it always goes here. Kerboom... 1257 Fortunately, tcp_rcv_established and rcv_established 1258 handle them correctly, but it is not case with 1259 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK 1260 */ 1261 1262 if (skb->protocol == htons(ETH_P_IP)) 1263 return tcp_v4_do_rcv(sk, skb); 1264 1265 /* 1266 * socket locking is here for SMP purposes as backlog rcv 1267 * is currently called with bh processing disabled. 1268 */ 1269 1270 /* Do Stevens' IPV6_PKTOPTIONS. 1271 1272 Yes, guys, it is the only place in our code, where we 1273 may make it not affecting IPv4. 1274 The rest of code is protocol independent, 1275 and I do not like idea to uglify IPv4. 1276 1277 Actually, all the idea behind IPV6_PKTOPTIONS 1278 looks not very well thought. For now we latch 1279 options, received in the last packet, enqueued 1280 by tcp. Feel free to propose better solution. 1281 --ANK (980728) 1282 */ 1283 if (np->rxopt.all) 1284 opt_skb = skb_clone(skb, sk_gfp_mask(sk, GFP_ATOMIC)); 1285 1286 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ 1287 struct dst_entry *dst = sk->sk_rx_dst; 1288 1289 sock_rps_save_rxhash(sk, skb); 1290 sk_mark_napi_id(sk, skb); 1291 if (dst) { 1292 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif || 1293 dst->ops->check(dst, np->rx_dst_cookie) == NULL) { 1294 dst_release(dst); 1295 sk->sk_rx_dst = NULL; 1296 } 1297 } 1298 1299 tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len); 1300 if (opt_skb) 1301 goto ipv6_pktoptions; 1302 return 0; 1303 } 1304 1305 if (tcp_checksum_complete(skb)) 1306 goto csum_err; 1307 1308 if (sk->sk_state == TCP_LISTEN) { 1309 struct sock *nsk = tcp_v6_cookie_check(sk, skb); 1310 1311 if (!nsk) 1312 goto discard; 1313 1314 if (nsk != sk) { 1315 if (tcp_child_process(sk, nsk, skb)) 1316 goto reset; 1317 if (opt_skb) 1318 __kfree_skb(opt_skb); 1319 return 0; 1320 } 1321 } else 1322 sock_rps_save_rxhash(sk, skb); 1323 1324 if (tcp_rcv_state_process(sk, skb)) 1325 goto reset; 1326 if (opt_skb) 1327 goto ipv6_pktoptions; 1328 return 0; 1329 1330 reset: 1331 tcp_v6_send_reset(sk, skb); 1332 discard: 1333 if (opt_skb) 1334 __kfree_skb(opt_skb); 1335 kfree_skb(skb); 1336 return 0; 1337 csum_err: 1338 TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS); 1339 TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS); 1340 goto discard; 1341 1342 1343 ipv6_pktoptions: 1344 /* Do you ask, what is it? 1345 1346 1. skb was enqueued by tcp. 1347 2. skb is added to tail of read queue, rather than out of order. 1348 3. socket is not in passive state. 1349 4. Finally, it really contains options, which user wants to receive. 1350 */ 1351 tp = tcp_sk(sk); 1352 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt && 1353 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) { 1354 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo) 1355 np->mcast_oif = tcp_v6_iif(opt_skb); 1356 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) 1357 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit; 1358 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass) 1359 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb)); 1360 if (np->repflow) 1361 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb)); 1362 if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) { 1363 skb_set_owner_r(opt_skb, sk); 1364 tcp_v6_restore_cb(opt_skb); 1365 opt_skb = xchg(&np->pktoptions, opt_skb); 1366 } else { 1367 __kfree_skb(opt_skb); 1368 opt_skb = xchg(&np->pktoptions, NULL); 1369 } 1370 } 1371 1372 kfree_skb(opt_skb); 1373 return 0; 1374 } 1375 1376 static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr, 1377 const struct tcphdr *th) 1378 { 1379 /* This is tricky: we move IP6CB at its correct location into 1380 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because 1381 * _decode_session6() uses IP6CB(). 1382 * barrier() makes sure compiler won't play aliasing games. 1383 */ 1384 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb), 1385 sizeof(struct inet6_skb_parm)); 1386 barrier(); 1387 1388 TCP_SKB_CB(skb)->seq = ntohl(th->seq); 1389 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin + 1390 skb->len - th->doff*4); 1391 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq); 1392 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th); 1393 TCP_SKB_CB(skb)->tcp_tw_isn = 0; 1394 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr); 1395 TCP_SKB_CB(skb)->sacked = 0; 1396 } 1397 1398 static int tcp_v6_rcv(struct sk_buff *skb) 1399 { 1400 const struct tcphdr *th; 1401 const struct ipv6hdr *hdr; 1402 bool refcounted; 1403 struct sock *sk; 1404 int ret; 1405 struct net *net = dev_net(skb->dev); 1406 1407 if (skb->pkt_type != PACKET_HOST) 1408 goto discard_it; 1409 1410 /* 1411 * Count it even if it's bad. 1412 */ 1413 __TCP_INC_STATS(net, TCP_MIB_INSEGS); 1414 1415 if (!pskb_may_pull(skb, sizeof(struct tcphdr))) 1416 goto discard_it; 1417 1418 th = (const struct tcphdr *)skb->data; 1419 1420 if (unlikely(th->doff < sizeof(struct tcphdr)/4)) 1421 goto bad_packet; 1422 if (!pskb_may_pull(skb, th->doff*4)) 1423 goto discard_it; 1424 1425 if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo)) 1426 goto csum_error; 1427 1428 th = (const struct tcphdr *)skb->data; 1429 hdr = ipv6_hdr(skb); 1430 1431 lookup: 1432 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th), 1433 th->source, th->dest, inet6_iif(skb), 1434 &refcounted); 1435 if (!sk) 1436 goto no_tcp_socket; 1437 1438 process: 1439 if (sk->sk_state == TCP_TIME_WAIT) 1440 goto do_time_wait; 1441 1442 if (sk->sk_state == TCP_NEW_SYN_RECV) { 1443 struct request_sock *req = inet_reqsk(sk); 1444 struct sock *nsk; 1445 1446 sk = req->rsk_listener; 1447 tcp_v6_fill_cb(skb, hdr, th); 1448 if (tcp_v6_inbound_md5_hash(sk, skb)) { 1449 sk_drops_add(sk, skb); 1450 reqsk_put(req); 1451 goto discard_it; 1452 } 1453 if (unlikely(sk->sk_state != TCP_LISTEN)) { 1454 inet_csk_reqsk_queue_drop_and_put(sk, req); 1455 goto lookup; 1456 } 1457 sock_hold(sk); 1458 refcounted = true; 1459 if (tcp_filter(sk, skb)) 1460 goto discard_and_relse; 1461 nsk = tcp_check_req(sk, skb, req, false); 1462 if (!nsk) { 1463 reqsk_put(req); 1464 goto discard_and_relse; 1465 } 1466 if (nsk == sk) { 1467 reqsk_put(req); 1468 tcp_v6_restore_cb(skb); 1469 } else if (tcp_child_process(sk, nsk, skb)) { 1470 tcp_v6_send_reset(nsk, skb); 1471 goto discard_and_relse; 1472 } else { 1473 sock_put(sk); 1474 return 0; 1475 } 1476 } 1477 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) { 1478 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP); 1479 goto discard_and_relse; 1480 } 1481 1482 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) 1483 goto discard_and_relse; 1484 1485 tcp_v6_fill_cb(skb, hdr, th); 1486 1487 if (tcp_v6_inbound_md5_hash(sk, skb)) 1488 goto discard_and_relse; 1489 1490 if (tcp_filter(sk, skb)) 1491 goto discard_and_relse; 1492 th = (const struct tcphdr *)skb->data; 1493 hdr = ipv6_hdr(skb); 1494 1495 skb->dev = NULL; 1496 1497 if (sk->sk_state == TCP_LISTEN) { 1498 ret = tcp_v6_do_rcv(sk, skb); 1499 goto put_and_return; 1500 } 1501 1502 sk_incoming_cpu_update(sk); 1503 1504 bh_lock_sock_nested(sk); 1505 tcp_segs_in(tcp_sk(sk), skb); 1506 ret = 0; 1507 if (!sock_owned_by_user(sk)) { 1508 if (!tcp_prequeue(sk, skb)) 1509 ret = tcp_v6_do_rcv(sk, skb); 1510 } else if (tcp_add_backlog(sk, skb)) { 1511 goto discard_and_relse; 1512 } 1513 bh_unlock_sock(sk); 1514 1515 put_and_return: 1516 if (refcounted) 1517 sock_put(sk); 1518 return ret ? -1 : 0; 1519 1520 no_tcp_socket: 1521 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 1522 goto discard_it; 1523 1524 tcp_v6_fill_cb(skb, hdr, th); 1525 1526 if (tcp_checksum_complete(skb)) { 1527 csum_error: 1528 __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS); 1529 bad_packet: 1530 __TCP_INC_STATS(net, TCP_MIB_INERRS); 1531 } else { 1532 tcp_v6_send_reset(NULL, skb); 1533 } 1534 1535 discard_it: 1536 kfree_skb(skb); 1537 return 0; 1538 1539 discard_and_relse: 1540 sk_drops_add(sk, skb); 1541 if (refcounted) 1542 sock_put(sk); 1543 goto discard_it; 1544 1545 do_time_wait: 1546 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 1547 inet_twsk_put(inet_twsk(sk)); 1548 goto discard_it; 1549 } 1550 1551 tcp_v6_fill_cb(skb, hdr, th); 1552 1553 if (tcp_checksum_complete(skb)) { 1554 inet_twsk_put(inet_twsk(sk)); 1555 goto csum_error; 1556 } 1557 1558 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) { 1559 case TCP_TW_SYN: 1560 { 1561 struct sock *sk2; 1562 1563 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo, 1564 skb, __tcp_hdrlen(th), 1565 &ipv6_hdr(skb)->saddr, th->source, 1566 &ipv6_hdr(skb)->daddr, 1567 ntohs(th->dest), tcp_v6_iif(skb)); 1568 if (sk2) { 1569 struct inet_timewait_sock *tw = inet_twsk(sk); 1570 inet_twsk_deschedule_put(tw); 1571 sk = sk2; 1572 tcp_v6_restore_cb(skb); 1573 refcounted = false; 1574 goto process; 1575 } 1576 /* Fall through to ACK */ 1577 } 1578 case TCP_TW_ACK: 1579 tcp_v6_timewait_ack(sk, skb); 1580 break; 1581 case TCP_TW_RST: 1582 tcp_v6_restore_cb(skb); 1583 tcp_v6_send_reset(sk, skb); 1584 inet_twsk_deschedule_put(inet_twsk(sk)); 1585 goto discard_it; 1586 case TCP_TW_SUCCESS: 1587 ; 1588 } 1589 goto discard_it; 1590 } 1591 1592 static void tcp_v6_early_demux(struct sk_buff *skb) 1593 { 1594 const struct ipv6hdr *hdr; 1595 const struct tcphdr *th; 1596 struct sock *sk; 1597 1598 if (skb->pkt_type != PACKET_HOST) 1599 return; 1600 1601 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr))) 1602 return; 1603 1604 hdr = ipv6_hdr(skb); 1605 th = tcp_hdr(skb); 1606 1607 if (th->doff < sizeof(struct tcphdr) / 4) 1608 return; 1609 1610 /* Note : We use inet6_iif() here, not tcp_v6_iif() */ 1611 sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo, 1612 &hdr->saddr, th->source, 1613 &hdr->daddr, ntohs(th->dest), 1614 inet6_iif(skb)); 1615 if (sk) { 1616 skb->sk = sk; 1617 skb->destructor = sock_edemux; 1618 if (sk_fullsock(sk)) { 1619 struct dst_entry *dst = READ_ONCE(sk->sk_rx_dst); 1620 1621 if (dst) 1622 dst = dst_check(dst, inet6_sk(sk)->rx_dst_cookie); 1623 if (dst && 1624 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif) 1625 skb_dst_set_noref(skb, dst); 1626 } 1627 } 1628 } 1629 1630 static struct timewait_sock_ops tcp6_timewait_sock_ops = { 1631 .twsk_obj_size = sizeof(struct tcp6_timewait_sock), 1632 .twsk_unique = tcp_twsk_unique, 1633 .twsk_destructor = tcp_twsk_destructor, 1634 }; 1635 1636 static const struct inet_connection_sock_af_ops ipv6_specific = { 1637 .queue_xmit = inet6_csk_xmit, 1638 .send_check = tcp_v6_send_check, 1639 .rebuild_header = inet6_sk_rebuild_header, 1640 .sk_rx_dst_set = inet6_sk_rx_dst_set, 1641 .conn_request = tcp_v6_conn_request, 1642 .syn_recv_sock = tcp_v6_syn_recv_sock, 1643 .net_header_len = sizeof(struct ipv6hdr), 1644 .net_frag_header_len = sizeof(struct frag_hdr), 1645 .setsockopt = ipv6_setsockopt, 1646 .getsockopt = ipv6_getsockopt, 1647 .addr2sockaddr = inet6_csk_addr2sockaddr, 1648 .sockaddr_len = sizeof(struct sockaddr_in6), 1649 #ifdef CONFIG_COMPAT 1650 .compat_setsockopt = compat_ipv6_setsockopt, 1651 .compat_getsockopt = compat_ipv6_getsockopt, 1652 #endif 1653 .mtu_reduced = tcp_v6_mtu_reduced, 1654 }; 1655 1656 #ifdef CONFIG_TCP_MD5SIG 1657 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = { 1658 .md5_lookup = tcp_v6_md5_lookup, 1659 .calc_md5_hash = tcp_v6_md5_hash_skb, 1660 .md5_parse = tcp_v6_parse_md5_keys, 1661 }; 1662 #endif 1663 1664 /* 1665 * TCP over IPv4 via INET6 API 1666 */ 1667 static const struct inet_connection_sock_af_ops ipv6_mapped = { 1668 .queue_xmit = ip_queue_xmit, 1669 .send_check = tcp_v4_send_check, 1670 .rebuild_header = inet_sk_rebuild_header, 1671 .sk_rx_dst_set = inet_sk_rx_dst_set, 1672 .conn_request = tcp_v6_conn_request, 1673 .syn_recv_sock = tcp_v6_syn_recv_sock, 1674 .net_header_len = sizeof(struct iphdr), 1675 .setsockopt = ipv6_setsockopt, 1676 .getsockopt = ipv6_getsockopt, 1677 .addr2sockaddr = inet6_csk_addr2sockaddr, 1678 .sockaddr_len = sizeof(struct sockaddr_in6), 1679 #ifdef CONFIG_COMPAT 1680 .compat_setsockopt = compat_ipv6_setsockopt, 1681 .compat_getsockopt = compat_ipv6_getsockopt, 1682 #endif 1683 .mtu_reduced = tcp_v4_mtu_reduced, 1684 }; 1685 1686 #ifdef CONFIG_TCP_MD5SIG 1687 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = { 1688 .md5_lookup = tcp_v4_md5_lookup, 1689 .calc_md5_hash = tcp_v4_md5_hash_skb, 1690 .md5_parse = tcp_v6_parse_md5_keys, 1691 }; 1692 #endif 1693 1694 /* NOTE: A lot of things set to zero explicitly by call to 1695 * sk_alloc() so need not be done here. 1696 */ 1697 static int tcp_v6_init_sock(struct sock *sk) 1698 { 1699 struct inet_connection_sock *icsk = inet_csk(sk); 1700 1701 tcp_init_sock(sk); 1702 1703 icsk->icsk_af_ops = &ipv6_specific; 1704 1705 #ifdef CONFIG_TCP_MD5SIG 1706 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific; 1707 #endif 1708 1709 return 0; 1710 } 1711 1712 static void tcp_v6_destroy_sock(struct sock *sk) 1713 { 1714 tcp_v4_destroy_sock(sk); 1715 inet6_destroy_sock(sk); 1716 } 1717 1718 #ifdef CONFIG_PROC_FS 1719 /* Proc filesystem TCPv6 sock list dumping. */ 1720 static void get_openreq6(struct seq_file *seq, 1721 const struct request_sock *req, int i) 1722 { 1723 long ttd = req->rsk_timer.expires - jiffies; 1724 const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr; 1725 const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr; 1726 1727 if (ttd < 0) 1728 ttd = 0; 1729 1730 seq_printf(seq, 1731 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1732 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n", 1733 i, 1734 src->s6_addr32[0], src->s6_addr32[1], 1735 src->s6_addr32[2], src->s6_addr32[3], 1736 inet_rsk(req)->ir_num, 1737 dest->s6_addr32[0], dest->s6_addr32[1], 1738 dest->s6_addr32[2], dest->s6_addr32[3], 1739 ntohs(inet_rsk(req)->ir_rmt_port), 1740 TCP_SYN_RECV, 1741 0, 0, /* could print option size, but that is af dependent. */ 1742 1, /* timers active (only the expire timer) */ 1743 jiffies_to_clock_t(ttd), 1744 req->num_timeout, 1745 from_kuid_munged(seq_user_ns(seq), 1746 sock_i_uid(req->rsk_listener)), 1747 0, /* non standard timer */ 1748 0, /* open_requests have no inode */ 1749 0, req); 1750 } 1751 1752 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) 1753 { 1754 const struct in6_addr *dest, *src; 1755 __u16 destp, srcp; 1756 int timer_active; 1757 unsigned long timer_expires; 1758 const struct inet_sock *inet = inet_sk(sp); 1759 const struct tcp_sock *tp = tcp_sk(sp); 1760 const struct inet_connection_sock *icsk = inet_csk(sp); 1761 const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq; 1762 int rx_queue; 1763 int state; 1764 1765 dest = &sp->sk_v6_daddr; 1766 src = &sp->sk_v6_rcv_saddr; 1767 destp = ntohs(inet->inet_dport); 1768 srcp = ntohs(inet->inet_sport); 1769 1770 if (icsk->icsk_pending == ICSK_TIME_RETRANS || 1771 icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT || 1772 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) { 1773 timer_active = 1; 1774 timer_expires = icsk->icsk_timeout; 1775 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) { 1776 timer_active = 4; 1777 timer_expires = icsk->icsk_timeout; 1778 } else if (timer_pending(&sp->sk_timer)) { 1779 timer_active = 2; 1780 timer_expires = sp->sk_timer.expires; 1781 } else { 1782 timer_active = 0; 1783 timer_expires = jiffies; 1784 } 1785 1786 state = sk_state_load(sp); 1787 if (state == TCP_LISTEN) 1788 rx_queue = sp->sk_ack_backlog; 1789 else 1790 /* Because we don't lock the socket, 1791 * we might find a transient negative value. 1792 */ 1793 rx_queue = max_t(int, tp->rcv_nxt - tp->copied_seq, 0); 1794 1795 seq_printf(seq, 1796 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1797 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n", 1798 i, 1799 src->s6_addr32[0], src->s6_addr32[1], 1800 src->s6_addr32[2], src->s6_addr32[3], srcp, 1801 dest->s6_addr32[0], dest->s6_addr32[1], 1802 dest->s6_addr32[2], dest->s6_addr32[3], destp, 1803 state, 1804 tp->write_seq - tp->snd_una, 1805 rx_queue, 1806 timer_active, 1807 jiffies_delta_to_clock_t(timer_expires - jiffies), 1808 icsk->icsk_retransmits, 1809 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)), 1810 icsk->icsk_probes_out, 1811 sock_i_ino(sp), 1812 refcount_read(&sp->sk_refcnt), sp, 1813 jiffies_to_clock_t(icsk->icsk_rto), 1814 jiffies_to_clock_t(icsk->icsk_ack.ato), 1815 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong, 1816 tp->snd_cwnd, 1817 state == TCP_LISTEN ? 1818 fastopenq->max_qlen : 1819 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh) 1820 ); 1821 } 1822 1823 static void get_timewait6_sock(struct seq_file *seq, 1824 struct inet_timewait_sock *tw, int i) 1825 { 1826 long delta = tw->tw_timer.expires - jiffies; 1827 const struct in6_addr *dest, *src; 1828 __u16 destp, srcp; 1829 1830 dest = &tw->tw_v6_daddr; 1831 src = &tw->tw_v6_rcv_saddr; 1832 destp = ntohs(tw->tw_dport); 1833 srcp = ntohs(tw->tw_sport); 1834 1835 seq_printf(seq, 1836 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1837 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n", 1838 i, 1839 src->s6_addr32[0], src->s6_addr32[1], 1840 src->s6_addr32[2], src->s6_addr32[3], srcp, 1841 dest->s6_addr32[0], dest->s6_addr32[1], 1842 dest->s6_addr32[2], dest->s6_addr32[3], destp, 1843 tw->tw_substate, 0, 0, 1844 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0, 1845 refcount_read(&tw->tw_refcnt), tw); 1846 } 1847 1848 static int tcp6_seq_show(struct seq_file *seq, void *v) 1849 { 1850 struct tcp_iter_state *st; 1851 struct sock *sk = v; 1852 1853 if (v == SEQ_START_TOKEN) { 1854 seq_puts(seq, 1855 " sl " 1856 "local_address " 1857 "remote_address " 1858 "st tx_queue rx_queue tr tm->when retrnsmt" 1859 " uid timeout inode\n"); 1860 goto out; 1861 } 1862 st = seq->private; 1863 1864 if (sk->sk_state == TCP_TIME_WAIT) 1865 get_timewait6_sock(seq, v, st->num); 1866 else if (sk->sk_state == TCP_NEW_SYN_RECV) 1867 get_openreq6(seq, v, st->num); 1868 else 1869 get_tcp6_sock(seq, v, st->num); 1870 out: 1871 return 0; 1872 } 1873 1874 static const struct file_operations tcp6_afinfo_seq_fops = { 1875 .owner = THIS_MODULE, 1876 .open = tcp_seq_open, 1877 .read = seq_read, 1878 .llseek = seq_lseek, 1879 .release = seq_release_net 1880 }; 1881 1882 static struct tcp_seq_afinfo tcp6_seq_afinfo = { 1883 .name = "tcp6", 1884 .family = AF_INET6, 1885 .seq_fops = &tcp6_afinfo_seq_fops, 1886 .seq_ops = { 1887 .show = tcp6_seq_show, 1888 }, 1889 }; 1890 1891 int __net_init tcp6_proc_init(struct net *net) 1892 { 1893 return tcp_proc_register(net, &tcp6_seq_afinfo); 1894 } 1895 1896 void tcp6_proc_exit(struct net *net) 1897 { 1898 tcp_proc_unregister(net, &tcp6_seq_afinfo); 1899 } 1900 #endif 1901 1902 struct proto tcpv6_prot = { 1903 .name = "TCPv6", 1904 .owner = THIS_MODULE, 1905 .close = tcp_close, 1906 .connect = tcp_v6_connect, 1907 .disconnect = tcp_disconnect, 1908 .accept = inet_csk_accept, 1909 .ioctl = tcp_ioctl, 1910 .init = tcp_v6_init_sock, 1911 .destroy = tcp_v6_destroy_sock, 1912 .shutdown = tcp_shutdown, 1913 .setsockopt = tcp_setsockopt, 1914 .getsockopt = tcp_getsockopt, 1915 .keepalive = tcp_set_keepalive, 1916 .recvmsg = tcp_recvmsg, 1917 .sendmsg = tcp_sendmsg, 1918 .sendpage = tcp_sendpage, 1919 .backlog_rcv = tcp_v6_do_rcv, 1920 .release_cb = tcp_release_cb, 1921 .hash = inet6_hash, 1922 .unhash = inet_unhash, 1923 .get_port = inet_csk_get_port, 1924 .enter_memory_pressure = tcp_enter_memory_pressure, 1925 .leave_memory_pressure = tcp_leave_memory_pressure, 1926 .stream_memory_free = tcp_stream_memory_free, 1927 .sockets_allocated = &tcp_sockets_allocated, 1928 .memory_allocated = &tcp_memory_allocated, 1929 .memory_pressure = &tcp_memory_pressure, 1930 .orphan_count = &tcp_orphan_count, 1931 .sysctl_mem = sysctl_tcp_mem, 1932 .sysctl_wmem = sysctl_tcp_wmem, 1933 .sysctl_rmem = sysctl_tcp_rmem, 1934 .max_header = MAX_TCP_HEADER, 1935 .obj_size = sizeof(struct tcp6_sock), 1936 .slab_flags = SLAB_TYPESAFE_BY_RCU, 1937 .twsk_prot = &tcp6_timewait_sock_ops, 1938 .rsk_prot = &tcp6_request_sock_ops, 1939 .h.hashinfo = &tcp_hashinfo, 1940 .no_autobind = true, 1941 #ifdef CONFIG_COMPAT 1942 .compat_setsockopt = compat_tcp_setsockopt, 1943 .compat_getsockopt = compat_tcp_getsockopt, 1944 #endif 1945 .diag_destroy = tcp_abort, 1946 }; 1947 1948 static struct inet6_protocol tcpv6_protocol = { 1949 .early_demux = tcp_v6_early_demux, 1950 .early_demux_handler = tcp_v6_early_demux, 1951 .handler = tcp_v6_rcv, 1952 .err_handler = tcp_v6_err, 1953 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 1954 }; 1955 1956 static struct inet_protosw tcpv6_protosw = { 1957 .type = SOCK_STREAM, 1958 .protocol = IPPROTO_TCP, 1959 .prot = &tcpv6_prot, 1960 .ops = &inet6_stream_ops, 1961 .flags = INET_PROTOSW_PERMANENT | 1962 INET_PROTOSW_ICSK, 1963 }; 1964 1965 static int __net_init tcpv6_net_init(struct net *net) 1966 { 1967 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6, 1968 SOCK_RAW, IPPROTO_TCP, net); 1969 } 1970 1971 static void __net_exit tcpv6_net_exit(struct net *net) 1972 { 1973 inet_ctl_sock_destroy(net->ipv6.tcp_sk); 1974 } 1975 1976 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list) 1977 { 1978 inet_twsk_purge(&tcp_hashinfo, AF_INET6); 1979 } 1980 1981 static struct pernet_operations tcpv6_net_ops = { 1982 .init = tcpv6_net_init, 1983 .exit = tcpv6_net_exit, 1984 .exit_batch = tcpv6_net_exit_batch, 1985 }; 1986 1987 int __init tcpv6_init(void) 1988 { 1989 int ret; 1990 1991 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP); 1992 if (ret) 1993 goto out; 1994 1995 /* register inet6 protocol */ 1996 ret = inet6_register_protosw(&tcpv6_protosw); 1997 if (ret) 1998 goto out_tcpv6_protocol; 1999 2000 ret = register_pernet_subsys(&tcpv6_net_ops); 2001 if (ret) 2002 goto out_tcpv6_protosw; 2003 out: 2004 return ret; 2005 2006 out_tcpv6_protosw: 2007 inet6_unregister_protosw(&tcpv6_protosw); 2008 out_tcpv6_protocol: 2009 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2010 goto out; 2011 } 2012 2013 void tcpv6_exit(void) 2014 { 2015 unregister_pernet_subsys(&tcpv6_net_ops); 2016 inet6_unregister_protosw(&tcpv6_protosw); 2017 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2018 } 2019