1 /* 2 * TCP over IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on: 9 * linux/net/ipv4/tcp.c 10 * linux/net/ipv4/tcp_input.c 11 * linux/net/ipv4/tcp_output.c 12 * 13 * Fixes: 14 * Hideaki YOSHIFUJI : sin6_scope_id support 15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which 16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind 17 * a single port at the same time. 18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file. 19 * 20 * This program is free software; you can redistribute it and/or 21 * modify it under the terms of the GNU General Public License 22 * as published by the Free Software Foundation; either version 23 * 2 of the License, or (at your option) any later version. 24 */ 25 26 #include <linux/bottom_half.h> 27 #include <linux/module.h> 28 #include <linux/errno.h> 29 #include <linux/types.h> 30 #include <linux/socket.h> 31 #include <linux/sockios.h> 32 #include <linux/net.h> 33 #include <linux/jiffies.h> 34 #include <linux/in.h> 35 #include <linux/in6.h> 36 #include <linux/netdevice.h> 37 #include <linux/init.h> 38 #include <linux/jhash.h> 39 #include <linux/ipsec.h> 40 #include <linux/times.h> 41 #include <linux/slab.h> 42 #include <linux/uaccess.h> 43 #include <linux/ipv6.h> 44 #include <linux/icmpv6.h> 45 #include <linux/random.h> 46 47 #include <net/tcp.h> 48 #include <net/ndisc.h> 49 #include <net/inet6_hashtables.h> 50 #include <net/inet6_connection_sock.h> 51 #include <net/ipv6.h> 52 #include <net/transp_v6.h> 53 #include <net/addrconf.h> 54 #include <net/ip6_route.h> 55 #include <net/ip6_checksum.h> 56 #include <net/inet_ecn.h> 57 #include <net/protocol.h> 58 #include <net/xfrm.h> 59 #include <net/snmp.h> 60 #include <net/dsfield.h> 61 #include <net/timewait_sock.h> 62 #include <net/inet_common.h> 63 #include <net/secure_seq.h> 64 #include <net/busy_poll.h> 65 66 #include <linux/proc_fs.h> 67 #include <linux/seq_file.h> 68 69 #include <crypto/hash.h> 70 #include <linux/scatterlist.h> 71 72 #include <trace/events/tcp.h> 73 74 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb); 75 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb, 76 struct request_sock *req); 77 78 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb); 79 80 static const struct inet_connection_sock_af_ops ipv6_mapped; 81 static const struct inet_connection_sock_af_ops ipv6_specific; 82 #ifdef CONFIG_TCP_MD5SIG 83 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific; 84 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific; 85 #else 86 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk, 87 const struct in6_addr *addr) 88 { 89 return NULL; 90 } 91 #endif 92 93 /* Helper returning the inet6 address from a given tcp socket. 94 * It can be used in TCP stack instead of inet6_sk(sk). 95 * This avoids a dereference and allow compiler optimizations. 96 * It is a specialized version of inet6_sk_generic(). 97 */ 98 static struct ipv6_pinfo *tcp_inet6_sk(const struct sock *sk) 99 { 100 unsigned int offset = sizeof(struct tcp6_sock) - sizeof(struct ipv6_pinfo); 101 102 return (struct ipv6_pinfo *)(((u8 *)sk) + offset); 103 } 104 105 static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) 106 { 107 struct dst_entry *dst = skb_dst(skb); 108 109 if (dst && dst_hold_safe(dst)) { 110 const struct rt6_info *rt = (const struct rt6_info *)dst; 111 112 sk->sk_rx_dst = dst; 113 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif; 114 tcp_inet6_sk(sk)->rx_dst_cookie = rt6_get_cookie(rt); 115 } 116 } 117 118 static u32 tcp_v6_init_seq(const struct sk_buff *skb) 119 { 120 return secure_tcpv6_seq(ipv6_hdr(skb)->daddr.s6_addr32, 121 ipv6_hdr(skb)->saddr.s6_addr32, 122 tcp_hdr(skb)->dest, 123 tcp_hdr(skb)->source); 124 } 125 126 static u32 tcp_v6_init_ts_off(const struct net *net, const struct sk_buff *skb) 127 { 128 return secure_tcpv6_ts_off(net, ipv6_hdr(skb)->daddr.s6_addr32, 129 ipv6_hdr(skb)->saddr.s6_addr32); 130 } 131 132 static int tcp_v6_pre_connect(struct sock *sk, struct sockaddr *uaddr, 133 int addr_len) 134 { 135 /* This check is replicated from tcp_v6_connect() and intended to 136 * prevent BPF program called below from accessing bytes that are out 137 * of the bound specified by user in addr_len. 138 */ 139 if (addr_len < SIN6_LEN_RFC2133) 140 return -EINVAL; 141 142 sock_owned_by_me(sk); 143 144 return BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr); 145 } 146 147 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 148 int addr_len) 149 { 150 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; 151 struct inet_sock *inet = inet_sk(sk); 152 struct inet_connection_sock *icsk = inet_csk(sk); 153 struct ipv6_pinfo *np = tcp_inet6_sk(sk); 154 struct tcp_sock *tp = tcp_sk(sk); 155 struct in6_addr *saddr = NULL, *final_p, final; 156 struct ipv6_txoptions *opt; 157 struct flowi6 fl6; 158 struct dst_entry *dst; 159 int addr_type; 160 int err; 161 struct inet_timewait_death_row *tcp_death_row = &sock_net(sk)->ipv4.tcp_death_row; 162 163 if (addr_len < SIN6_LEN_RFC2133) 164 return -EINVAL; 165 166 if (usin->sin6_family != AF_INET6) 167 return -EAFNOSUPPORT; 168 169 memset(&fl6, 0, sizeof(fl6)); 170 171 if (np->sndflow) { 172 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK; 173 IP6_ECN_flow_init(fl6.flowlabel); 174 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) { 175 struct ip6_flowlabel *flowlabel; 176 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); 177 if (!flowlabel) 178 return -EINVAL; 179 fl6_sock_release(flowlabel); 180 } 181 } 182 183 /* 184 * connect() to INADDR_ANY means loopback (BSD'ism). 185 */ 186 187 if (ipv6_addr_any(&usin->sin6_addr)) { 188 if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr)) 189 ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK), 190 &usin->sin6_addr); 191 else 192 usin->sin6_addr = in6addr_loopback; 193 } 194 195 addr_type = ipv6_addr_type(&usin->sin6_addr); 196 197 if (addr_type & IPV6_ADDR_MULTICAST) 198 return -ENETUNREACH; 199 200 if (addr_type&IPV6_ADDR_LINKLOCAL) { 201 if (addr_len >= sizeof(struct sockaddr_in6) && 202 usin->sin6_scope_id) { 203 /* If interface is set while binding, indices 204 * must coincide. 205 */ 206 if (!sk_dev_equal_l3scope(sk, usin->sin6_scope_id)) 207 return -EINVAL; 208 209 sk->sk_bound_dev_if = usin->sin6_scope_id; 210 } 211 212 /* Connect to link-local address requires an interface */ 213 if (!sk->sk_bound_dev_if) 214 return -EINVAL; 215 } 216 217 if (tp->rx_opt.ts_recent_stamp && 218 !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) { 219 tp->rx_opt.ts_recent = 0; 220 tp->rx_opt.ts_recent_stamp = 0; 221 tp->write_seq = 0; 222 } 223 224 sk->sk_v6_daddr = usin->sin6_addr; 225 np->flow_label = fl6.flowlabel; 226 227 /* 228 * TCP over IPv4 229 */ 230 231 if (addr_type & IPV6_ADDR_MAPPED) { 232 u32 exthdrlen = icsk->icsk_ext_hdr_len; 233 struct sockaddr_in sin; 234 235 if (__ipv6_only_sock(sk)) 236 return -ENETUNREACH; 237 238 sin.sin_family = AF_INET; 239 sin.sin_port = usin->sin6_port; 240 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3]; 241 242 icsk->icsk_af_ops = &ipv6_mapped; 243 sk->sk_backlog_rcv = tcp_v4_do_rcv; 244 #ifdef CONFIG_TCP_MD5SIG 245 tp->af_specific = &tcp_sock_ipv6_mapped_specific; 246 #endif 247 248 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin)); 249 250 if (err) { 251 icsk->icsk_ext_hdr_len = exthdrlen; 252 icsk->icsk_af_ops = &ipv6_specific; 253 sk->sk_backlog_rcv = tcp_v6_do_rcv; 254 #ifdef CONFIG_TCP_MD5SIG 255 tp->af_specific = &tcp_sock_ipv6_specific; 256 #endif 257 goto failure; 258 } 259 np->saddr = sk->sk_v6_rcv_saddr; 260 261 return err; 262 } 263 264 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr)) 265 saddr = &sk->sk_v6_rcv_saddr; 266 267 fl6.flowi6_proto = IPPROTO_TCP; 268 fl6.daddr = sk->sk_v6_daddr; 269 fl6.saddr = saddr ? *saddr : np->saddr; 270 fl6.flowi6_oif = sk->sk_bound_dev_if; 271 fl6.flowi6_mark = sk->sk_mark; 272 fl6.fl6_dport = usin->sin6_port; 273 fl6.fl6_sport = inet->inet_sport; 274 fl6.flowi6_uid = sk->sk_uid; 275 276 opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk)); 277 final_p = fl6_update_dst(&fl6, opt, &final); 278 279 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); 280 281 dst = ip6_dst_lookup_flow(sk, &fl6, final_p); 282 if (IS_ERR(dst)) { 283 err = PTR_ERR(dst); 284 goto failure; 285 } 286 287 if (!saddr) { 288 saddr = &fl6.saddr; 289 sk->sk_v6_rcv_saddr = *saddr; 290 } 291 292 /* set the source address */ 293 np->saddr = *saddr; 294 inet->inet_rcv_saddr = LOOPBACK4_IPV6; 295 296 sk->sk_gso_type = SKB_GSO_TCPV6; 297 ip6_dst_store(sk, dst, NULL, NULL); 298 299 icsk->icsk_ext_hdr_len = 0; 300 if (opt) 301 icsk->icsk_ext_hdr_len = opt->opt_flen + 302 opt->opt_nflen; 303 304 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 305 306 inet->inet_dport = usin->sin6_port; 307 308 tcp_set_state(sk, TCP_SYN_SENT); 309 err = inet6_hash_connect(tcp_death_row, sk); 310 if (err) 311 goto late_failure; 312 313 sk_set_txhash(sk); 314 315 if (likely(!tp->repair)) { 316 if (!tp->write_seq) 317 tp->write_seq = secure_tcpv6_seq(np->saddr.s6_addr32, 318 sk->sk_v6_daddr.s6_addr32, 319 inet->inet_sport, 320 inet->inet_dport); 321 tp->tsoffset = secure_tcpv6_ts_off(sock_net(sk), 322 np->saddr.s6_addr32, 323 sk->sk_v6_daddr.s6_addr32); 324 } 325 326 if (tcp_fastopen_defer_connect(sk, &err)) 327 return err; 328 if (err) 329 goto late_failure; 330 331 err = tcp_connect(sk); 332 if (err) 333 goto late_failure; 334 335 return 0; 336 337 late_failure: 338 tcp_set_state(sk, TCP_CLOSE); 339 failure: 340 inet->inet_dport = 0; 341 sk->sk_route_caps = 0; 342 return err; 343 } 344 345 static void tcp_v6_mtu_reduced(struct sock *sk) 346 { 347 struct dst_entry *dst; 348 349 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) 350 return; 351 352 dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info); 353 if (!dst) 354 return; 355 356 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) { 357 tcp_sync_mss(sk, dst_mtu(dst)); 358 tcp_simple_retransmit(sk); 359 } 360 } 361 362 static int tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 363 u8 type, u8 code, int offset, __be32 info) 364 { 365 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data; 366 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset); 367 struct net *net = dev_net(skb->dev); 368 struct request_sock *fastopen; 369 struct ipv6_pinfo *np; 370 struct tcp_sock *tp; 371 __u32 seq, snd_una; 372 struct sock *sk; 373 bool fatal; 374 int err; 375 376 sk = __inet6_lookup_established(net, &tcp_hashinfo, 377 &hdr->daddr, th->dest, 378 &hdr->saddr, ntohs(th->source), 379 skb->dev->ifindex, inet6_sdif(skb)); 380 381 if (!sk) { 382 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), 383 ICMP6_MIB_INERRORS); 384 return -ENOENT; 385 } 386 387 if (sk->sk_state == TCP_TIME_WAIT) { 388 inet_twsk_put(inet_twsk(sk)); 389 return 0; 390 } 391 seq = ntohl(th->seq); 392 fatal = icmpv6_err_convert(type, code, &err); 393 if (sk->sk_state == TCP_NEW_SYN_RECV) { 394 tcp_req_err(sk, seq, fatal); 395 return 0; 396 } 397 398 bh_lock_sock(sk); 399 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG) 400 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS); 401 402 if (sk->sk_state == TCP_CLOSE) 403 goto out; 404 405 if (ipv6_hdr(skb)->hop_limit < tcp_inet6_sk(sk)->min_hopcount) { 406 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP); 407 goto out; 408 } 409 410 tp = tcp_sk(sk); 411 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */ 412 fastopen = tp->fastopen_rsk; 413 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una; 414 if (sk->sk_state != TCP_LISTEN && 415 !between(seq, snd_una, tp->snd_nxt)) { 416 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS); 417 goto out; 418 } 419 420 np = tcp_inet6_sk(sk); 421 422 if (type == NDISC_REDIRECT) { 423 if (!sock_owned_by_user(sk)) { 424 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie); 425 426 if (dst) 427 dst->ops->redirect(dst, sk, skb); 428 } 429 goto out; 430 } 431 432 if (type == ICMPV6_PKT_TOOBIG) { 433 /* We are not interested in TCP_LISTEN and open_requests 434 * (SYN-ACKs send out by Linux are always <576bytes so 435 * they should go through unfragmented). 436 */ 437 if (sk->sk_state == TCP_LISTEN) 438 goto out; 439 440 if (!ip6_sk_accept_pmtu(sk)) 441 goto out; 442 443 tp->mtu_info = ntohl(info); 444 if (!sock_owned_by_user(sk)) 445 tcp_v6_mtu_reduced(sk); 446 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED, 447 &sk->sk_tsq_flags)) 448 sock_hold(sk); 449 goto out; 450 } 451 452 453 /* Might be for an request_sock */ 454 switch (sk->sk_state) { 455 case TCP_SYN_SENT: 456 case TCP_SYN_RECV: 457 /* Only in fast or simultaneous open. If a fast open socket is 458 * is already accepted it is treated as a connected one below. 459 */ 460 if (fastopen && !fastopen->sk) 461 break; 462 463 if (!sock_owned_by_user(sk)) { 464 sk->sk_err = err; 465 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */ 466 467 tcp_done(sk); 468 } else 469 sk->sk_err_soft = err; 470 goto out; 471 } 472 473 if (!sock_owned_by_user(sk) && np->recverr) { 474 sk->sk_err = err; 475 sk->sk_error_report(sk); 476 } else 477 sk->sk_err_soft = err; 478 479 out: 480 bh_unlock_sock(sk); 481 sock_put(sk); 482 return 0; 483 } 484 485 486 static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst, 487 struct flowi *fl, 488 struct request_sock *req, 489 struct tcp_fastopen_cookie *foc, 490 enum tcp_synack_type synack_type) 491 { 492 struct inet_request_sock *ireq = inet_rsk(req); 493 struct ipv6_pinfo *np = tcp_inet6_sk(sk); 494 struct ipv6_txoptions *opt; 495 struct flowi6 *fl6 = &fl->u.ip6; 496 struct sk_buff *skb; 497 int err = -ENOMEM; 498 499 /* First, grab a route. */ 500 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req, 501 IPPROTO_TCP)) == NULL) 502 goto done; 503 504 skb = tcp_make_synack(sk, dst, req, foc, synack_type); 505 506 if (skb) { 507 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr, 508 &ireq->ir_v6_rmt_addr); 509 510 fl6->daddr = ireq->ir_v6_rmt_addr; 511 if (np->repflow && ireq->pktopts) 512 fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts)); 513 514 rcu_read_lock(); 515 opt = ireq->ipv6_opt; 516 if (!opt) 517 opt = rcu_dereference(np->opt); 518 err = ip6_xmit(sk, skb, fl6, sk->sk_mark, opt, np->tclass); 519 rcu_read_unlock(); 520 err = net_xmit_eval(err); 521 } 522 523 done: 524 return err; 525 } 526 527 528 static void tcp_v6_reqsk_destructor(struct request_sock *req) 529 { 530 kfree(inet_rsk(req)->ipv6_opt); 531 kfree_skb(inet_rsk(req)->pktopts); 532 } 533 534 #ifdef CONFIG_TCP_MD5SIG 535 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk, 536 const struct in6_addr *addr) 537 { 538 return tcp_md5_do_lookup(sk, (union tcp_md5_addr *)addr, AF_INET6); 539 } 540 541 static struct tcp_md5sig_key *tcp_v6_md5_lookup(const struct sock *sk, 542 const struct sock *addr_sk) 543 { 544 return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr); 545 } 546 547 static int tcp_v6_parse_md5_keys(struct sock *sk, int optname, 548 char __user *optval, int optlen) 549 { 550 struct tcp_md5sig cmd; 551 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr; 552 u8 prefixlen; 553 554 if (optlen < sizeof(cmd)) 555 return -EINVAL; 556 557 if (copy_from_user(&cmd, optval, sizeof(cmd))) 558 return -EFAULT; 559 560 if (sin6->sin6_family != AF_INET6) 561 return -EINVAL; 562 563 if (optname == TCP_MD5SIG_EXT && 564 cmd.tcpm_flags & TCP_MD5SIG_FLAG_PREFIX) { 565 prefixlen = cmd.tcpm_prefixlen; 566 if (prefixlen > 128 || (ipv6_addr_v4mapped(&sin6->sin6_addr) && 567 prefixlen > 32)) 568 return -EINVAL; 569 } else { 570 prefixlen = ipv6_addr_v4mapped(&sin6->sin6_addr) ? 32 : 128; 571 } 572 573 if (!cmd.tcpm_keylen) { 574 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) 575 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3], 576 AF_INET, prefixlen); 577 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr, 578 AF_INET6, prefixlen); 579 } 580 581 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN) 582 return -EINVAL; 583 584 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) 585 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3], 586 AF_INET, prefixlen, cmd.tcpm_key, 587 cmd.tcpm_keylen, GFP_KERNEL); 588 589 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr, 590 AF_INET6, prefixlen, cmd.tcpm_key, 591 cmd.tcpm_keylen, GFP_KERNEL); 592 } 593 594 static int tcp_v6_md5_hash_headers(struct tcp_md5sig_pool *hp, 595 const struct in6_addr *daddr, 596 const struct in6_addr *saddr, 597 const struct tcphdr *th, int nbytes) 598 { 599 struct tcp6_pseudohdr *bp; 600 struct scatterlist sg; 601 struct tcphdr *_th; 602 603 bp = hp->scratch; 604 /* 1. TCP pseudo-header (RFC2460) */ 605 bp->saddr = *saddr; 606 bp->daddr = *daddr; 607 bp->protocol = cpu_to_be32(IPPROTO_TCP); 608 bp->len = cpu_to_be32(nbytes); 609 610 _th = (struct tcphdr *)(bp + 1); 611 memcpy(_th, th, sizeof(*th)); 612 _th->check = 0; 613 614 sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th)); 615 ahash_request_set_crypt(hp->md5_req, &sg, NULL, 616 sizeof(*bp) + sizeof(*th)); 617 return crypto_ahash_update(hp->md5_req); 618 } 619 620 static int tcp_v6_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key, 621 const struct in6_addr *daddr, struct in6_addr *saddr, 622 const struct tcphdr *th) 623 { 624 struct tcp_md5sig_pool *hp; 625 struct ahash_request *req; 626 627 hp = tcp_get_md5sig_pool(); 628 if (!hp) 629 goto clear_hash_noput; 630 req = hp->md5_req; 631 632 if (crypto_ahash_init(req)) 633 goto clear_hash; 634 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, th->doff << 2)) 635 goto clear_hash; 636 if (tcp_md5_hash_key(hp, key)) 637 goto clear_hash; 638 ahash_request_set_crypt(req, NULL, md5_hash, 0); 639 if (crypto_ahash_final(req)) 640 goto clear_hash; 641 642 tcp_put_md5sig_pool(); 643 return 0; 644 645 clear_hash: 646 tcp_put_md5sig_pool(); 647 clear_hash_noput: 648 memset(md5_hash, 0, 16); 649 return 1; 650 } 651 652 static int tcp_v6_md5_hash_skb(char *md5_hash, 653 const struct tcp_md5sig_key *key, 654 const struct sock *sk, 655 const struct sk_buff *skb) 656 { 657 const struct in6_addr *saddr, *daddr; 658 struct tcp_md5sig_pool *hp; 659 struct ahash_request *req; 660 const struct tcphdr *th = tcp_hdr(skb); 661 662 if (sk) { /* valid for establish/request sockets */ 663 saddr = &sk->sk_v6_rcv_saddr; 664 daddr = &sk->sk_v6_daddr; 665 } else { 666 const struct ipv6hdr *ip6h = ipv6_hdr(skb); 667 saddr = &ip6h->saddr; 668 daddr = &ip6h->daddr; 669 } 670 671 hp = tcp_get_md5sig_pool(); 672 if (!hp) 673 goto clear_hash_noput; 674 req = hp->md5_req; 675 676 if (crypto_ahash_init(req)) 677 goto clear_hash; 678 679 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, skb->len)) 680 goto clear_hash; 681 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2)) 682 goto clear_hash; 683 if (tcp_md5_hash_key(hp, key)) 684 goto clear_hash; 685 ahash_request_set_crypt(req, NULL, md5_hash, 0); 686 if (crypto_ahash_final(req)) 687 goto clear_hash; 688 689 tcp_put_md5sig_pool(); 690 return 0; 691 692 clear_hash: 693 tcp_put_md5sig_pool(); 694 clear_hash_noput: 695 memset(md5_hash, 0, 16); 696 return 1; 697 } 698 699 #endif 700 701 static bool tcp_v6_inbound_md5_hash(const struct sock *sk, 702 const struct sk_buff *skb) 703 { 704 #ifdef CONFIG_TCP_MD5SIG 705 const __u8 *hash_location = NULL; 706 struct tcp_md5sig_key *hash_expected; 707 const struct ipv6hdr *ip6h = ipv6_hdr(skb); 708 const struct tcphdr *th = tcp_hdr(skb); 709 int genhash; 710 u8 newhash[16]; 711 712 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr); 713 hash_location = tcp_parse_md5sig_option(th); 714 715 /* We've parsed the options - do we have a hash? */ 716 if (!hash_expected && !hash_location) 717 return false; 718 719 if (hash_expected && !hash_location) { 720 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND); 721 return true; 722 } 723 724 if (!hash_expected && hash_location) { 725 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED); 726 return true; 727 } 728 729 /* check the signature */ 730 genhash = tcp_v6_md5_hash_skb(newhash, 731 hash_expected, 732 NULL, skb); 733 734 if (genhash || memcmp(hash_location, newhash, 16) != 0) { 735 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5FAILURE); 736 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n", 737 genhash ? "failed" : "mismatch", 738 &ip6h->saddr, ntohs(th->source), 739 &ip6h->daddr, ntohs(th->dest)); 740 return true; 741 } 742 #endif 743 return false; 744 } 745 746 static void tcp_v6_init_req(struct request_sock *req, 747 const struct sock *sk_listener, 748 struct sk_buff *skb) 749 { 750 bool l3_slave = ipv6_l3mdev_skb(TCP_SKB_CB(skb)->header.h6.flags); 751 struct inet_request_sock *ireq = inet_rsk(req); 752 const struct ipv6_pinfo *np = tcp_inet6_sk(sk_listener); 753 754 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr; 755 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr; 756 757 /* So that link locals have meaning */ 758 if ((!sk_listener->sk_bound_dev_if || l3_slave) && 759 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL) 760 ireq->ir_iif = tcp_v6_iif(skb); 761 762 if (!TCP_SKB_CB(skb)->tcp_tw_isn && 763 (ipv6_opt_accepted(sk_listener, skb, &TCP_SKB_CB(skb)->header.h6) || 764 np->rxopt.bits.rxinfo || 765 np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim || 766 np->rxopt.bits.rxohlim || np->repflow)) { 767 refcount_inc(&skb->users); 768 ireq->pktopts = skb; 769 } 770 } 771 772 static struct dst_entry *tcp_v6_route_req(const struct sock *sk, 773 struct flowi *fl, 774 const struct request_sock *req) 775 { 776 return inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP); 777 } 778 779 struct request_sock_ops tcp6_request_sock_ops __read_mostly = { 780 .family = AF_INET6, 781 .obj_size = sizeof(struct tcp6_request_sock), 782 .rtx_syn_ack = tcp_rtx_synack, 783 .send_ack = tcp_v6_reqsk_send_ack, 784 .destructor = tcp_v6_reqsk_destructor, 785 .send_reset = tcp_v6_send_reset, 786 .syn_ack_timeout = tcp_syn_ack_timeout, 787 }; 788 789 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = { 790 .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - 791 sizeof(struct ipv6hdr), 792 #ifdef CONFIG_TCP_MD5SIG 793 .req_md5_lookup = tcp_v6_md5_lookup, 794 .calc_md5_hash = tcp_v6_md5_hash_skb, 795 #endif 796 .init_req = tcp_v6_init_req, 797 #ifdef CONFIG_SYN_COOKIES 798 .cookie_init_seq = cookie_v6_init_sequence, 799 #endif 800 .route_req = tcp_v6_route_req, 801 .init_seq = tcp_v6_init_seq, 802 .init_ts_off = tcp_v6_init_ts_off, 803 .send_synack = tcp_v6_send_synack, 804 }; 805 806 static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 seq, 807 u32 ack, u32 win, u32 tsval, u32 tsecr, 808 int oif, struct tcp_md5sig_key *key, int rst, 809 u8 tclass, __be32 label) 810 { 811 const struct tcphdr *th = tcp_hdr(skb); 812 struct tcphdr *t1; 813 struct sk_buff *buff; 814 struct flowi6 fl6; 815 struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev); 816 struct sock *ctl_sk = net->ipv6.tcp_sk; 817 unsigned int tot_len = sizeof(struct tcphdr); 818 struct dst_entry *dst; 819 __be32 *topt; 820 __u32 mark = 0; 821 822 if (tsecr) 823 tot_len += TCPOLEN_TSTAMP_ALIGNED; 824 #ifdef CONFIG_TCP_MD5SIG 825 if (key) 826 tot_len += TCPOLEN_MD5SIG_ALIGNED; 827 #endif 828 829 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len, 830 GFP_ATOMIC); 831 if (!buff) 832 return; 833 834 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len); 835 836 t1 = skb_push(buff, tot_len); 837 skb_reset_transport_header(buff); 838 839 /* Swap the send and the receive. */ 840 memset(t1, 0, sizeof(*t1)); 841 t1->dest = th->source; 842 t1->source = th->dest; 843 t1->doff = tot_len / 4; 844 t1->seq = htonl(seq); 845 t1->ack_seq = htonl(ack); 846 t1->ack = !rst || !th->ack; 847 t1->rst = rst; 848 t1->window = htons(win); 849 850 topt = (__be32 *)(t1 + 1); 851 852 if (tsecr) { 853 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 854 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP); 855 *topt++ = htonl(tsval); 856 *topt++ = htonl(tsecr); 857 } 858 859 #ifdef CONFIG_TCP_MD5SIG 860 if (key) { 861 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 862 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); 863 tcp_v6_md5_hash_hdr((__u8 *)topt, key, 864 &ipv6_hdr(skb)->saddr, 865 &ipv6_hdr(skb)->daddr, t1); 866 } 867 #endif 868 869 memset(&fl6, 0, sizeof(fl6)); 870 fl6.daddr = ipv6_hdr(skb)->saddr; 871 fl6.saddr = ipv6_hdr(skb)->daddr; 872 fl6.flowlabel = label; 873 874 buff->ip_summed = CHECKSUM_PARTIAL; 875 buff->csum = 0; 876 877 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr); 878 879 fl6.flowi6_proto = IPPROTO_TCP; 880 if (rt6_need_strict(&fl6.daddr) && !oif) 881 fl6.flowi6_oif = tcp_v6_iif(skb); 882 else { 883 if (!oif && netif_index_is_l3_master(net, skb->skb_iif)) 884 oif = skb->skb_iif; 885 886 fl6.flowi6_oif = oif; 887 } 888 889 if (sk) 890 mark = (sk->sk_state == TCP_TIME_WAIT) ? 891 inet_twsk(sk)->tw_mark : sk->sk_mark; 892 fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark) ?: mark; 893 fl6.fl6_dport = t1->dest; 894 fl6.fl6_sport = t1->source; 895 fl6.flowi6_uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL); 896 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); 897 898 /* Pass a socket to ip6_dst_lookup either it is for RST 899 * Underlying function will use this to retrieve the network 900 * namespace 901 */ 902 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL); 903 if (!IS_ERR(dst)) { 904 skb_dst_set(buff, dst); 905 ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL, tclass); 906 TCP_INC_STATS(net, TCP_MIB_OUTSEGS); 907 if (rst) 908 TCP_INC_STATS(net, TCP_MIB_OUTRSTS); 909 return; 910 } 911 912 kfree_skb(buff); 913 } 914 915 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb) 916 { 917 const struct tcphdr *th = tcp_hdr(skb); 918 u32 seq = 0, ack_seq = 0; 919 struct tcp_md5sig_key *key = NULL; 920 #ifdef CONFIG_TCP_MD5SIG 921 const __u8 *hash_location = NULL; 922 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 923 unsigned char newhash[16]; 924 int genhash; 925 struct sock *sk1 = NULL; 926 #endif 927 int oif = 0; 928 929 if (th->rst) 930 return; 931 932 /* If sk not NULL, it means we did a successful lookup and incoming 933 * route had to be correct. prequeue might have dropped our dst. 934 */ 935 if (!sk && !ipv6_unicast_destination(skb)) 936 return; 937 938 #ifdef CONFIG_TCP_MD5SIG 939 rcu_read_lock(); 940 hash_location = tcp_parse_md5sig_option(th); 941 if (sk && sk_fullsock(sk)) { 942 key = tcp_v6_md5_do_lookup(sk, &ipv6h->saddr); 943 } else if (hash_location) { 944 /* 945 * active side is lost. Try to find listening socket through 946 * source port, and then find md5 key through listening socket. 947 * we are not loose security here: 948 * Incoming packet is checked with md5 hash with finding key, 949 * no RST generated if md5 hash doesn't match. 950 */ 951 sk1 = inet6_lookup_listener(dev_net(skb_dst(skb)->dev), 952 &tcp_hashinfo, NULL, 0, 953 &ipv6h->saddr, 954 th->source, &ipv6h->daddr, 955 ntohs(th->source), 956 tcp_v6_iif_l3_slave(skb), 957 tcp_v6_sdif(skb)); 958 if (!sk1) 959 goto out; 960 961 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr); 962 if (!key) 963 goto out; 964 965 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, skb); 966 if (genhash || memcmp(hash_location, newhash, 16) != 0) 967 goto out; 968 } 969 #endif 970 971 if (th->ack) 972 seq = ntohl(th->ack_seq); 973 else 974 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len - 975 (th->doff << 2); 976 977 if (sk) { 978 oif = sk->sk_bound_dev_if; 979 if (sk_fullsock(sk)) 980 trace_tcp_send_reset(sk, skb); 981 } 982 983 tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, key, 1, 0, 0); 984 985 #ifdef CONFIG_TCP_MD5SIG 986 out: 987 rcu_read_unlock(); 988 #endif 989 } 990 991 static void tcp_v6_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq, 992 u32 ack, u32 win, u32 tsval, u32 tsecr, int oif, 993 struct tcp_md5sig_key *key, u8 tclass, 994 __be32 label) 995 { 996 tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, key, 0, 997 tclass, label); 998 } 999 1000 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb) 1001 { 1002 struct inet_timewait_sock *tw = inet_twsk(sk); 1003 struct tcp_timewait_sock *tcptw = tcp_twsk(sk); 1004 1005 tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt, 1006 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale, 1007 tcp_time_stamp_raw() + tcptw->tw_ts_offset, 1008 tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw), 1009 tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel)); 1010 1011 inet_twsk_put(tw); 1012 } 1013 1014 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb, 1015 struct request_sock *req) 1016 { 1017 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV 1018 * sk->sk_state == TCP_SYN_RECV -> for Fast Open. 1019 */ 1020 /* RFC 7323 2.3 1021 * The window field (SEG.WND) of every outgoing segment, with the 1022 * exception of <SYN> segments, MUST be right-shifted by 1023 * Rcv.Wind.Shift bits: 1024 */ 1025 tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ? 1026 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt, 1027 tcp_rsk(req)->rcv_nxt, 1028 req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale, 1029 tcp_time_stamp_raw() + tcp_rsk(req)->ts_off, 1030 req->ts_recent, sk->sk_bound_dev_if, 1031 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->saddr), 1032 0, 0); 1033 } 1034 1035 1036 static struct sock *tcp_v6_cookie_check(struct sock *sk, struct sk_buff *skb) 1037 { 1038 #ifdef CONFIG_SYN_COOKIES 1039 const struct tcphdr *th = tcp_hdr(skb); 1040 1041 if (!th->syn) 1042 sk = cookie_v6_check(sk, skb); 1043 #endif 1044 return sk; 1045 } 1046 1047 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb) 1048 { 1049 if (skb->protocol == htons(ETH_P_IP)) 1050 return tcp_v4_conn_request(sk, skb); 1051 1052 if (!ipv6_unicast_destination(skb)) 1053 goto drop; 1054 1055 return tcp_conn_request(&tcp6_request_sock_ops, 1056 &tcp_request_sock_ipv6_ops, sk, skb); 1057 1058 drop: 1059 tcp_listendrop(sk); 1060 return 0; /* don't send reset */ 1061 } 1062 1063 static void tcp_v6_restore_cb(struct sk_buff *skb) 1064 { 1065 /* We need to move header back to the beginning if xfrm6_policy_check() 1066 * and tcp_v6_fill_cb() are going to be called again. 1067 * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there. 1068 */ 1069 memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6, 1070 sizeof(struct inet6_skb_parm)); 1071 } 1072 1073 static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb, 1074 struct request_sock *req, 1075 struct dst_entry *dst, 1076 struct request_sock *req_unhash, 1077 bool *own_req) 1078 { 1079 struct inet_request_sock *ireq; 1080 struct ipv6_pinfo *newnp; 1081 const struct ipv6_pinfo *np = tcp_inet6_sk(sk); 1082 struct ipv6_txoptions *opt; 1083 struct inet_sock *newinet; 1084 struct tcp_sock *newtp; 1085 struct sock *newsk; 1086 #ifdef CONFIG_TCP_MD5SIG 1087 struct tcp_md5sig_key *key; 1088 #endif 1089 struct flowi6 fl6; 1090 1091 if (skb->protocol == htons(ETH_P_IP)) { 1092 /* 1093 * v6 mapped 1094 */ 1095 1096 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst, 1097 req_unhash, own_req); 1098 1099 if (!newsk) 1100 return NULL; 1101 1102 inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk); 1103 1104 newinet = inet_sk(newsk); 1105 newnp = tcp_inet6_sk(newsk); 1106 newtp = tcp_sk(newsk); 1107 1108 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1109 1110 newnp->saddr = newsk->sk_v6_rcv_saddr; 1111 1112 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped; 1113 newsk->sk_backlog_rcv = tcp_v4_do_rcv; 1114 #ifdef CONFIG_TCP_MD5SIG 1115 newtp->af_specific = &tcp_sock_ipv6_mapped_specific; 1116 #endif 1117 1118 newnp->ipv6_mc_list = NULL; 1119 newnp->ipv6_ac_list = NULL; 1120 newnp->ipv6_fl_list = NULL; 1121 newnp->pktoptions = NULL; 1122 newnp->opt = NULL; 1123 newnp->mcast_oif = inet_iif(skb); 1124 newnp->mcast_hops = ip_hdr(skb)->ttl; 1125 newnp->rcv_flowinfo = 0; 1126 if (np->repflow) 1127 newnp->flow_label = 0; 1128 1129 /* 1130 * No need to charge this sock to the relevant IPv6 refcnt debug socks count 1131 * here, tcp_create_openreq_child now does this for us, see the comment in 1132 * that function for the gory details. -acme 1133 */ 1134 1135 /* It is tricky place. Until this moment IPv4 tcp 1136 worked with IPv6 icsk.icsk_af_ops. 1137 Sync it now. 1138 */ 1139 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); 1140 1141 return newsk; 1142 } 1143 1144 ireq = inet_rsk(req); 1145 1146 if (sk_acceptq_is_full(sk)) 1147 goto out_overflow; 1148 1149 if (!dst) { 1150 dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_TCP); 1151 if (!dst) 1152 goto out; 1153 } 1154 1155 newsk = tcp_create_openreq_child(sk, req, skb); 1156 if (!newsk) 1157 goto out_nonewsk; 1158 1159 /* 1160 * No need to charge this sock to the relevant IPv6 refcnt debug socks 1161 * count here, tcp_create_openreq_child now does this for us, see the 1162 * comment in that function for the gory details. -acme 1163 */ 1164 1165 newsk->sk_gso_type = SKB_GSO_TCPV6; 1166 ip6_dst_store(newsk, dst, NULL, NULL); 1167 inet6_sk_rx_dst_set(newsk, skb); 1168 1169 inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk); 1170 1171 newtp = tcp_sk(newsk); 1172 newinet = inet_sk(newsk); 1173 newnp = tcp_inet6_sk(newsk); 1174 1175 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1176 1177 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr; 1178 newnp->saddr = ireq->ir_v6_loc_addr; 1179 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr; 1180 newsk->sk_bound_dev_if = ireq->ir_iif; 1181 1182 /* Now IPv6 options... 1183 1184 First: no IPv4 options. 1185 */ 1186 newinet->inet_opt = NULL; 1187 newnp->ipv6_mc_list = NULL; 1188 newnp->ipv6_ac_list = NULL; 1189 newnp->ipv6_fl_list = NULL; 1190 1191 /* Clone RX bits */ 1192 newnp->rxopt.all = np->rxopt.all; 1193 1194 newnp->pktoptions = NULL; 1195 newnp->opt = NULL; 1196 newnp->mcast_oif = tcp_v6_iif(skb); 1197 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1198 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb)); 1199 if (np->repflow) 1200 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb)); 1201 1202 /* Clone native IPv6 options from listening socket (if any) 1203 1204 Yes, keeping reference count would be much more clever, 1205 but we make one more one thing there: reattach optmem 1206 to newsk. 1207 */ 1208 opt = ireq->ipv6_opt; 1209 if (!opt) 1210 opt = rcu_dereference(np->opt); 1211 if (opt) { 1212 opt = ipv6_dup_options(newsk, opt); 1213 RCU_INIT_POINTER(newnp->opt, opt); 1214 } 1215 inet_csk(newsk)->icsk_ext_hdr_len = 0; 1216 if (opt) 1217 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen + 1218 opt->opt_flen; 1219 1220 tcp_ca_openreq_child(newsk, dst); 1221 1222 tcp_sync_mss(newsk, dst_mtu(dst)); 1223 newtp->advmss = tcp_mss_clamp(tcp_sk(sk), dst_metric_advmss(dst)); 1224 1225 tcp_initialize_rcv_mss(newsk); 1226 1227 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6; 1228 newinet->inet_rcv_saddr = LOOPBACK4_IPV6; 1229 1230 #ifdef CONFIG_TCP_MD5SIG 1231 /* Copy over the MD5 key from the original socket */ 1232 key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr); 1233 if (key) { 1234 /* We're using one, so create a matching key 1235 * on the newsk structure. If we fail to get 1236 * memory, then we end up not copying the key 1237 * across. Shucks. 1238 */ 1239 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr, 1240 AF_INET6, 128, key->key, key->keylen, 1241 sk_gfp_mask(sk, GFP_ATOMIC)); 1242 } 1243 #endif 1244 1245 if (__inet_inherit_port(sk, newsk) < 0) { 1246 inet_csk_prepare_forced_close(newsk); 1247 tcp_done(newsk); 1248 goto out; 1249 } 1250 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash)); 1251 if (*own_req) { 1252 tcp_move_syn(newtp, req); 1253 1254 /* Clone pktoptions received with SYN, if we own the req */ 1255 if (ireq->pktopts) { 1256 newnp->pktoptions = skb_clone(ireq->pktopts, 1257 sk_gfp_mask(sk, GFP_ATOMIC)); 1258 consume_skb(ireq->pktopts); 1259 ireq->pktopts = NULL; 1260 if (newnp->pktoptions) { 1261 tcp_v6_restore_cb(newnp->pktoptions); 1262 skb_set_owner_r(newnp->pktoptions, newsk); 1263 } 1264 } 1265 } 1266 1267 return newsk; 1268 1269 out_overflow: 1270 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); 1271 out_nonewsk: 1272 dst_release(dst); 1273 out: 1274 tcp_listendrop(sk); 1275 return NULL; 1276 } 1277 1278 /* The socket must have it's spinlock held when we get 1279 * here, unless it is a TCP_LISTEN socket. 1280 * 1281 * We have a potential double-lock case here, so even when 1282 * doing backlog processing we use the BH locking scheme. 1283 * This is because we cannot sleep with the original spinlock 1284 * held. 1285 */ 1286 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) 1287 { 1288 struct ipv6_pinfo *np = tcp_inet6_sk(sk); 1289 struct sk_buff *opt_skb = NULL; 1290 struct tcp_sock *tp; 1291 1292 /* Imagine: socket is IPv6. IPv4 packet arrives, 1293 goes to IPv4 receive handler and backlogged. 1294 From backlog it always goes here. Kerboom... 1295 Fortunately, tcp_rcv_established and rcv_established 1296 handle them correctly, but it is not case with 1297 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK 1298 */ 1299 1300 if (skb->protocol == htons(ETH_P_IP)) 1301 return tcp_v4_do_rcv(sk, skb); 1302 1303 /* 1304 * socket locking is here for SMP purposes as backlog rcv 1305 * is currently called with bh processing disabled. 1306 */ 1307 1308 /* Do Stevens' IPV6_PKTOPTIONS. 1309 1310 Yes, guys, it is the only place in our code, where we 1311 may make it not affecting IPv4. 1312 The rest of code is protocol independent, 1313 and I do not like idea to uglify IPv4. 1314 1315 Actually, all the idea behind IPV6_PKTOPTIONS 1316 looks not very well thought. For now we latch 1317 options, received in the last packet, enqueued 1318 by tcp. Feel free to propose better solution. 1319 --ANK (980728) 1320 */ 1321 if (np->rxopt.all) 1322 opt_skb = skb_clone(skb, sk_gfp_mask(sk, GFP_ATOMIC)); 1323 1324 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ 1325 struct dst_entry *dst = sk->sk_rx_dst; 1326 1327 sock_rps_save_rxhash(sk, skb); 1328 sk_mark_napi_id(sk, skb); 1329 if (dst) { 1330 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif || 1331 dst->ops->check(dst, np->rx_dst_cookie) == NULL) { 1332 dst_release(dst); 1333 sk->sk_rx_dst = NULL; 1334 } 1335 } 1336 1337 tcp_rcv_established(sk, skb); 1338 if (opt_skb) 1339 goto ipv6_pktoptions; 1340 return 0; 1341 } 1342 1343 if (tcp_checksum_complete(skb)) 1344 goto csum_err; 1345 1346 if (sk->sk_state == TCP_LISTEN) { 1347 struct sock *nsk = tcp_v6_cookie_check(sk, skb); 1348 1349 if (!nsk) 1350 goto discard; 1351 1352 if (nsk != sk) { 1353 if (tcp_child_process(sk, nsk, skb)) 1354 goto reset; 1355 if (opt_skb) 1356 __kfree_skb(opt_skb); 1357 return 0; 1358 } 1359 } else 1360 sock_rps_save_rxhash(sk, skb); 1361 1362 if (tcp_rcv_state_process(sk, skb)) 1363 goto reset; 1364 if (opt_skb) 1365 goto ipv6_pktoptions; 1366 return 0; 1367 1368 reset: 1369 tcp_v6_send_reset(sk, skb); 1370 discard: 1371 if (opt_skb) 1372 __kfree_skb(opt_skb); 1373 kfree_skb(skb); 1374 return 0; 1375 csum_err: 1376 TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS); 1377 TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS); 1378 goto discard; 1379 1380 1381 ipv6_pktoptions: 1382 /* Do you ask, what is it? 1383 1384 1. skb was enqueued by tcp. 1385 2. skb is added to tail of read queue, rather than out of order. 1386 3. socket is not in passive state. 1387 4. Finally, it really contains options, which user wants to receive. 1388 */ 1389 tp = tcp_sk(sk); 1390 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt && 1391 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) { 1392 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo) 1393 np->mcast_oif = tcp_v6_iif(opt_skb); 1394 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) 1395 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit; 1396 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass) 1397 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb)); 1398 if (np->repflow) 1399 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb)); 1400 if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) { 1401 skb_set_owner_r(opt_skb, sk); 1402 tcp_v6_restore_cb(opt_skb); 1403 opt_skb = xchg(&np->pktoptions, opt_skb); 1404 } else { 1405 __kfree_skb(opt_skb); 1406 opt_skb = xchg(&np->pktoptions, NULL); 1407 } 1408 } 1409 1410 kfree_skb(opt_skb); 1411 return 0; 1412 } 1413 1414 static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr, 1415 const struct tcphdr *th) 1416 { 1417 /* This is tricky: we move IP6CB at its correct location into 1418 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because 1419 * _decode_session6() uses IP6CB(). 1420 * barrier() makes sure compiler won't play aliasing games. 1421 */ 1422 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb), 1423 sizeof(struct inet6_skb_parm)); 1424 barrier(); 1425 1426 TCP_SKB_CB(skb)->seq = ntohl(th->seq); 1427 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin + 1428 skb->len - th->doff*4); 1429 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq); 1430 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th); 1431 TCP_SKB_CB(skb)->tcp_tw_isn = 0; 1432 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr); 1433 TCP_SKB_CB(skb)->sacked = 0; 1434 TCP_SKB_CB(skb)->has_rxtstamp = 1435 skb->tstamp || skb_hwtstamps(skb)->hwtstamp; 1436 } 1437 1438 static int tcp_v6_rcv(struct sk_buff *skb) 1439 { 1440 struct sk_buff *skb_to_free; 1441 int sdif = inet6_sdif(skb); 1442 const struct tcphdr *th; 1443 const struct ipv6hdr *hdr; 1444 bool refcounted; 1445 struct sock *sk; 1446 int ret; 1447 struct net *net = dev_net(skb->dev); 1448 1449 if (skb->pkt_type != PACKET_HOST) 1450 goto discard_it; 1451 1452 /* 1453 * Count it even if it's bad. 1454 */ 1455 __TCP_INC_STATS(net, TCP_MIB_INSEGS); 1456 1457 if (!pskb_may_pull(skb, sizeof(struct tcphdr))) 1458 goto discard_it; 1459 1460 th = (const struct tcphdr *)skb->data; 1461 1462 if (unlikely(th->doff < sizeof(struct tcphdr)/4)) 1463 goto bad_packet; 1464 if (!pskb_may_pull(skb, th->doff*4)) 1465 goto discard_it; 1466 1467 if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo)) 1468 goto csum_error; 1469 1470 th = (const struct tcphdr *)skb->data; 1471 hdr = ipv6_hdr(skb); 1472 1473 lookup: 1474 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th), 1475 th->source, th->dest, inet6_iif(skb), sdif, 1476 &refcounted); 1477 if (!sk) 1478 goto no_tcp_socket; 1479 1480 process: 1481 if (sk->sk_state == TCP_TIME_WAIT) 1482 goto do_time_wait; 1483 1484 if (sk->sk_state == TCP_NEW_SYN_RECV) { 1485 struct request_sock *req = inet_reqsk(sk); 1486 bool req_stolen = false; 1487 struct sock *nsk; 1488 1489 sk = req->rsk_listener; 1490 if (tcp_v6_inbound_md5_hash(sk, skb)) { 1491 sk_drops_add(sk, skb); 1492 reqsk_put(req); 1493 goto discard_it; 1494 } 1495 if (tcp_checksum_complete(skb)) { 1496 reqsk_put(req); 1497 goto csum_error; 1498 } 1499 if (unlikely(sk->sk_state != TCP_LISTEN)) { 1500 inet_csk_reqsk_queue_drop_and_put(sk, req); 1501 goto lookup; 1502 } 1503 sock_hold(sk); 1504 refcounted = true; 1505 nsk = NULL; 1506 if (!tcp_filter(sk, skb)) { 1507 th = (const struct tcphdr *)skb->data; 1508 hdr = ipv6_hdr(skb); 1509 tcp_v6_fill_cb(skb, hdr, th); 1510 nsk = tcp_check_req(sk, skb, req, false, &req_stolen); 1511 } 1512 if (!nsk) { 1513 reqsk_put(req); 1514 if (req_stolen) { 1515 /* Another cpu got exclusive access to req 1516 * and created a full blown socket. 1517 * Try to feed this packet to this socket 1518 * instead of discarding it. 1519 */ 1520 tcp_v6_restore_cb(skb); 1521 sock_put(sk); 1522 goto lookup; 1523 } 1524 goto discard_and_relse; 1525 } 1526 if (nsk == sk) { 1527 reqsk_put(req); 1528 tcp_v6_restore_cb(skb); 1529 } else if (tcp_child_process(sk, nsk, skb)) { 1530 tcp_v6_send_reset(nsk, skb); 1531 goto discard_and_relse; 1532 } else { 1533 sock_put(sk); 1534 return 0; 1535 } 1536 } 1537 if (hdr->hop_limit < tcp_inet6_sk(sk)->min_hopcount) { 1538 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP); 1539 goto discard_and_relse; 1540 } 1541 1542 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) 1543 goto discard_and_relse; 1544 1545 if (tcp_v6_inbound_md5_hash(sk, skb)) 1546 goto discard_and_relse; 1547 1548 if (tcp_filter(sk, skb)) 1549 goto discard_and_relse; 1550 th = (const struct tcphdr *)skb->data; 1551 hdr = ipv6_hdr(skb); 1552 tcp_v6_fill_cb(skb, hdr, th); 1553 1554 skb->dev = NULL; 1555 1556 if (sk->sk_state == TCP_LISTEN) { 1557 ret = tcp_v6_do_rcv(sk, skb); 1558 goto put_and_return; 1559 } 1560 1561 sk_incoming_cpu_update(sk); 1562 1563 bh_lock_sock_nested(sk); 1564 tcp_segs_in(tcp_sk(sk), skb); 1565 ret = 0; 1566 if (!sock_owned_by_user(sk)) { 1567 skb_to_free = sk->sk_rx_skb_cache; 1568 sk->sk_rx_skb_cache = NULL; 1569 ret = tcp_v6_do_rcv(sk, skb); 1570 } else { 1571 if (tcp_add_backlog(sk, skb)) 1572 goto discard_and_relse; 1573 skb_to_free = NULL; 1574 } 1575 bh_unlock_sock(sk); 1576 if (skb_to_free) 1577 __kfree_skb(skb_to_free); 1578 put_and_return: 1579 if (refcounted) 1580 sock_put(sk); 1581 return ret ? -1 : 0; 1582 1583 no_tcp_socket: 1584 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 1585 goto discard_it; 1586 1587 tcp_v6_fill_cb(skb, hdr, th); 1588 1589 if (tcp_checksum_complete(skb)) { 1590 csum_error: 1591 __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS); 1592 bad_packet: 1593 __TCP_INC_STATS(net, TCP_MIB_INERRS); 1594 } else { 1595 tcp_v6_send_reset(NULL, skb); 1596 } 1597 1598 discard_it: 1599 kfree_skb(skb); 1600 return 0; 1601 1602 discard_and_relse: 1603 sk_drops_add(sk, skb); 1604 if (refcounted) 1605 sock_put(sk); 1606 goto discard_it; 1607 1608 do_time_wait: 1609 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 1610 inet_twsk_put(inet_twsk(sk)); 1611 goto discard_it; 1612 } 1613 1614 tcp_v6_fill_cb(skb, hdr, th); 1615 1616 if (tcp_checksum_complete(skb)) { 1617 inet_twsk_put(inet_twsk(sk)); 1618 goto csum_error; 1619 } 1620 1621 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) { 1622 case TCP_TW_SYN: 1623 { 1624 struct sock *sk2; 1625 1626 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo, 1627 skb, __tcp_hdrlen(th), 1628 &ipv6_hdr(skb)->saddr, th->source, 1629 &ipv6_hdr(skb)->daddr, 1630 ntohs(th->dest), 1631 tcp_v6_iif_l3_slave(skb), 1632 sdif); 1633 if (sk2) { 1634 struct inet_timewait_sock *tw = inet_twsk(sk); 1635 inet_twsk_deschedule_put(tw); 1636 sk = sk2; 1637 tcp_v6_restore_cb(skb); 1638 refcounted = false; 1639 goto process; 1640 } 1641 } 1642 /* to ACK */ 1643 /* fall through */ 1644 case TCP_TW_ACK: 1645 tcp_v6_timewait_ack(sk, skb); 1646 break; 1647 case TCP_TW_RST: 1648 tcp_v6_send_reset(sk, skb); 1649 inet_twsk_deschedule_put(inet_twsk(sk)); 1650 goto discard_it; 1651 case TCP_TW_SUCCESS: 1652 ; 1653 } 1654 goto discard_it; 1655 } 1656 1657 static void tcp_v6_early_demux(struct sk_buff *skb) 1658 { 1659 const struct ipv6hdr *hdr; 1660 const struct tcphdr *th; 1661 struct sock *sk; 1662 1663 if (skb->pkt_type != PACKET_HOST) 1664 return; 1665 1666 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr))) 1667 return; 1668 1669 hdr = ipv6_hdr(skb); 1670 th = tcp_hdr(skb); 1671 1672 if (th->doff < sizeof(struct tcphdr) / 4) 1673 return; 1674 1675 /* Note : We use inet6_iif() here, not tcp_v6_iif() */ 1676 sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo, 1677 &hdr->saddr, th->source, 1678 &hdr->daddr, ntohs(th->dest), 1679 inet6_iif(skb), inet6_sdif(skb)); 1680 if (sk) { 1681 skb->sk = sk; 1682 skb->destructor = sock_edemux; 1683 if (sk_fullsock(sk)) { 1684 struct dst_entry *dst = READ_ONCE(sk->sk_rx_dst); 1685 1686 if (dst) 1687 dst = dst_check(dst, tcp_inet6_sk(sk)->rx_dst_cookie); 1688 if (dst && 1689 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif) 1690 skb_dst_set_noref(skb, dst); 1691 } 1692 } 1693 } 1694 1695 static struct timewait_sock_ops tcp6_timewait_sock_ops = { 1696 .twsk_obj_size = sizeof(struct tcp6_timewait_sock), 1697 .twsk_unique = tcp_twsk_unique, 1698 .twsk_destructor = tcp_twsk_destructor, 1699 }; 1700 1701 static const struct inet_connection_sock_af_ops ipv6_specific = { 1702 .queue_xmit = inet6_csk_xmit, 1703 .send_check = tcp_v6_send_check, 1704 .rebuild_header = inet6_sk_rebuild_header, 1705 .sk_rx_dst_set = inet6_sk_rx_dst_set, 1706 .conn_request = tcp_v6_conn_request, 1707 .syn_recv_sock = tcp_v6_syn_recv_sock, 1708 .net_header_len = sizeof(struct ipv6hdr), 1709 .net_frag_header_len = sizeof(struct frag_hdr), 1710 .setsockopt = ipv6_setsockopt, 1711 .getsockopt = ipv6_getsockopt, 1712 .addr2sockaddr = inet6_csk_addr2sockaddr, 1713 .sockaddr_len = sizeof(struct sockaddr_in6), 1714 #ifdef CONFIG_COMPAT 1715 .compat_setsockopt = compat_ipv6_setsockopt, 1716 .compat_getsockopt = compat_ipv6_getsockopt, 1717 #endif 1718 .mtu_reduced = tcp_v6_mtu_reduced, 1719 }; 1720 1721 #ifdef CONFIG_TCP_MD5SIG 1722 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = { 1723 .md5_lookup = tcp_v6_md5_lookup, 1724 .calc_md5_hash = tcp_v6_md5_hash_skb, 1725 .md5_parse = tcp_v6_parse_md5_keys, 1726 }; 1727 #endif 1728 1729 /* 1730 * TCP over IPv4 via INET6 API 1731 */ 1732 static const struct inet_connection_sock_af_ops ipv6_mapped = { 1733 .queue_xmit = ip_queue_xmit, 1734 .send_check = tcp_v4_send_check, 1735 .rebuild_header = inet_sk_rebuild_header, 1736 .sk_rx_dst_set = inet_sk_rx_dst_set, 1737 .conn_request = tcp_v6_conn_request, 1738 .syn_recv_sock = tcp_v6_syn_recv_sock, 1739 .net_header_len = sizeof(struct iphdr), 1740 .setsockopt = ipv6_setsockopt, 1741 .getsockopt = ipv6_getsockopt, 1742 .addr2sockaddr = inet6_csk_addr2sockaddr, 1743 .sockaddr_len = sizeof(struct sockaddr_in6), 1744 #ifdef CONFIG_COMPAT 1745 .compat_setsockopt = compat_ipv6_setsockopt, 1746 .compat_getsockopt = compat_ipv6_getsockopt, 1747 #endif 1748 .mtu_reduced = tcp_v4_mtu_reduced, 1749 }; 1750 1751 #ifdef CONFIG_TCP_MD5SIG 1752 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = { 1753 .md5_lookup = tcp_v4_md5_lookup, 1754 .calc_md5_hash = tcp_v4_md5_hash_skb, 1755 .md5_parse = tcp_v6_parse_md5_keys, 1756 }; 1757 #endif 1758 1759 /* NOTE: A lot of things set to zero explicitly by call to 1760 * sk_alloc() so need not be done here. 1761 */ 1762 static int tcp_v6_init_sock(struct sock *sk) 1763 { 1764 struct inet_connection_sock *icsk = inet_csk(sk); 1765 1766 tcp_init_sock(sk); 1767 1768 icsk->icsk_af_ops = &ipv6_specific; 1769 1770 #ifdef CONFIG_TCP_MD5SIG 1771 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific; 1772 #endif 1773 1774 return 0; 1775 } 1776 1777 static void tcp_v6_destroy_sock(struct sock *sk) 1778 { 1779 tcp_v4_destroy_sock(sk); 1780 inet6_destroy_sock(sk); 1781 } 1782 1783 #ifdef CONFIG_PROC_FS 1784 /* Proc filesystem TCPv6 sock list dumping. */ 1785 static void get_openreq6(struct seq_file *seq, 1786 const struct request_sock *req, int i) 1787 { 1788 long ttd = req->rsk_timer.expires - jiffies; 1789 const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr; 1790 const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr; 1791 1792 if (ttd < 0) 1793 ttd = 0; 1794 1795 seq_printf(seq, 1796 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1797 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n", 1798 i, 1799 src->s6_addr32[0], src->s6_addr32[1], 1800 src->s6_addr32[2], src->s6_addr32[3], 1801 inet_rsk(req)->ir_num, 1802 dest->s6_addr32[0], dest->s6_addr32[1], 1803 dest->s6_addr32[2], dest->s6_addr32[3], 1804 ntohs(inet_rsk(req)->ir_rmt_port), 1805 TCP_SYN_RECV, 1806 0, 0, /* could print option size, but that is af dependent. */ 1807 1, /* timers active (only the expire timer) */ 1808 jiffies_to_clock_t(ttd), 1809 req->num_timeout, 1810 from_kuid_munged(seq_user_ns(seq), 1811 sock_i_uid(req->rsk_listener)), 1812 0, /* non standard timer */ 1813 0, /* open_requests have no inode */ 1814 0, req); 1815 } 1816 1817 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) 1818 { 1819 const struct in6_addr *dest, *src; 1820 __u16 destp, srcp; 1821 int timer_active; 1822 unsigned long timer_expires; 1823 const struct inet_sock *inet = inet_sk(sp); 1824 const struct tcp_sock *tp = tcp_sk(sp); 1825 const struct inet_connection_sock *icsk = inet_csk(sp); 1826 const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq; 1827 int rx_queue; 1828 int state; 1829 1830 dest = &sp->sk_v6_daddr; 1831 src = &sp->sk_v6_rcv_saddr; 1832 destp = ntohs(inet->inet_dport); 1833 srcp = ntohs(inet->inet_sport); 1834 1835 if (icsk->icsk_pending == ICSK_TIME_RETRANS || 1836 icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT || 1837 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) { 1838 timer_active = 1; 1839 timer_expires = icsk->icsk_timeout; 1840 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) { 1841 timer_active = 4; 1842 timer_expires = icsk->icsk_timeout; 1843 } else if (timer_pending(&sp->sk_timer)) { 1844 timer_active = 2; 1845 timer_expires = sp->sk_timer.expires; 1846 } else { 1847 timer_active = 0; 1848 timer_expires = jiffies; 1849 } 1850 1851 state = inet_sk_state_load(sp); 1852 if (state == TCP_LISTEN) 1853 rx_queue = sp->sk_ack_backlog; 1854 else 1855 /* Because we don't lock the socket, 1856 * we might find a transient negative value. 1857 */ 1858 rx_queue = max_t(int, tp->rcv_nxt - tp->copied_seq, 0); 1859 1860 seq_printf(seq, 1861 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1862 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n", 1863 i, 1864 src->s6_addr32[0], src->s6_addr32[1], 1865 src->s6_addr32[2], src->s6_addr32[3], srcp, 1866 dest->s6_addr32[0], dest->s6_addr32[1], 1867 dest->s6_addr32[2], dest->s6_addr32[3], destp, 1868 state, 1869 tp->write_seq - tp->snd_una, 1870 rx_queue, 1871 timer_active, 1872 jiffies_delta_to_clock_t(timer_expires - jiffies), 1873 icsk->icsk_retransmits, 1874 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)), 1875 icsk->icsk_probes_out, 1876 sock_i_ino(sp), 1877 refcount_read(&sp->sk_refcnt), sp, 1878 jiffies_to_clock_t(icsk->icsk_rto), 1879 jiffies_to_clock_t(icsk->icsk_ack.ato), 1880 (icsk->icsk_ack.quick << 1) | inet_csk_in_pingpong_mode(sp), 1881 tp->snd_cwnd, 1882 state == TCP_LISTEN ? 1883 fastopenq->max_qlen : 1884 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh) 1885 ); 1886 } 1887 1888 static void get_timewait6_sock(struct seq_file *seq, 1889 struct inet_timewait_sock *tw, int i) 1890 { 1891 long delta = tw->tw_timer.expires - jiffies; 1892 const struct in6_addr *dest, *src; 1893 __u16 destp, srcp; 1894 1895 dest = &tw->tw_v6_daddr; 1896 src = &tw->tw_v6_rcv_saddr; 1897 destp = ntohs(tw->tw_dport); 1898 srcp = ntohs(tw->tw_sport); 1899 1900 seq_printf(seq, 1901 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1902 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n", 1903 i, 1904 src->s6_addr32[0], src->s6_addr32[1], 1905 src->s6_addr32[2], src->s6_addr32[3], srcp, 1906 dest->s6_addr32[0], dest->s6_addr32[1], 1907 dest->s6_addr32[2], dest->s6_addr32[3], destp, 1908 tw->tw_substate, 0, 0, 1909 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0, 1910 refcount_read(&tw->tw_refcnt), tw); 1911 } 1912 1913 static int tcp6_seq_show(struct seq_file *seq, void *v) 1914 { 1915 struct tcp_iter_state *st; 1916 struct sock *sk = v; 1917 1918 if (v == SEQ_START_TOKEN) { 1919 seq_puts(seq, 1920 " sl " 1921 "local_address " 1922 "remote_address " 1923 "st tx_queue rx_queue tr tm->when retrnsmt" 1924 " uid timeout inode\n"); 1925 goto out; 1926 } 1927 st = seq->private; 1928 1929 if (sk->sk_state == TCP_TIME_WAIT) 1930 get_timewait6_sock(seq, v, st->num); 1931 else if (sk->sk_state == TCP_NEW_SYN_RECV) 1932 get_openreq6(seq, v, st->num); 1933 else 1934 get_tcp6_sock(seq, v, st->num); 1935 out: 1936 return 0; 1937 } 1938 1939 static const struct seq_operations tcp6_seq_ops = { 1940 .show = tcp6_seq_show, 1941 .start = tcp_seq_start, 1942 .next = tcp_seq_next, 1943 .stop = tcp_seq_stop, 1944 }; 1945 1946 static struct tcp_seq_afinfo tcp6_seq_afinfo = { 1947 .family = AF_INET6, 1948 }; 1949 1950 int __net_init tcp6_proc_init(struct net *net) 1951 { 1952 if (!proc_create_net_data("tcp6", 0444, net->proc_net, &tcp6_seq_ops, 1953 sizeof(struct tcp_iter_state), &tcp6_seq_afinfo)) 1954 return -ENOMEM; 1955 return 0; 1956 } 1957 1958 void tcp6_proc_exit(struct net *net) 1959 { 1960 remove_proc_entry("tcp6", net->proc_net); 1961 } 1962 #endif 1963 1964 struct proto tcpv6_prot = { 1965 .name = "TCPv6", 1966 .owner = THIS_MODULE, 1967 .close = tcp_close, 1968 .pre_connect = tcp_v6_pre_connect, 1969 .connect = tcp_v6_connect, 1970 .disconnect = tcp_disconnect, 1971 .accept = inet_csk_accept, 1972 .ioctl = tcp_ioctl, 1973 .init = tcp_v6_init_sock, 1974 .destroy = tcp_v6_destroy_sock, 1975 .shutdown = tcp_shutdown, 1976 .setsockopt = tcp_setsockopt, 1977 .getsockopt = tcp_getsockopt, 1978 .keepalive = tcp_set_keepalive, 1979 .recvmsg = tcp_recvmsg, 1980 .sendmsg = tcp_sendmsg, 1981 .sendpage = tcp_sendpage, 1982 .backlog_rcv = tcp_v6_do_rcv, 1983 .release_cb = tcp_release_cb, 1984 .hash = inet6_hash, 1985 .unhash = inet_unhash, 1986 .get_port = inet_csk_get_port, 1987 .enter_memory_pressure = tcp_enter_memory_pressure, 1988 .leave_memory_pressure = tcp_leave_memory_pressure, 1989 .stream_memory_free = tcp_stream_memory_free, 1990 .sockets_allocated = &tcp_sockets_allocated, 1991 .memory_allocated = &tcp_memory_allocated, 1992 .memory_pressure = &tcp_memory_pressure, 1993 .orphan_count = &tcp_orphan_count, 1994 .sysctl_mem = sysctl_tcp_mem, 1995 .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_tcp_wmem), 1996 .sysctl_rmem_offset = offsetof(struct net, ipv4.sysctl_tcp_rmem), 1997 .max_header = MAX_TCP_HEADER, 1998 .obj_size = sizeof(struct tcp6_sock), 1999 .slab_flags = SLAB_TYPESAFE_BY_RCU, 2000 .twsk_prot = &tcp6_timewait_sock_ops, 2001 .rsk_prot = &tcp6_request_sock_ops, 2002 .h.hashinfo = &tcp_hashinfo, 2003 .no_autobind = true, 2004 #ifdef CONFIG_COMPAT 2005 .compat_setsockopt = compat_tcp_setsockopt, 2006 .compat_getsockopt = compat_tcp_getsockopt, 2007 #endif 2008 .diag_destroy = tcp_abort, 2009 }; 2010 2011 /* thinking of making this const? Don't. 2012 * early_demux can change based on sysctl. 2013 */ 2014 static struct inet6_protocol tcpv6_protocol = { 2015 .early_demux = tcp_v6_early_demux, 2016 .early_demux_handler = tcp_v6_early_demux, 2017 .handler = tcp_v6_rcv, 2018 .err_handler = tcp_v6_err, 2019 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 2020 }; 2021 2022 static struct inet_protosw tcpv6_protosw = { 2023 .type = SOCK_STREAM, 2024 .protocol = IPPROTO_TCP, 2025 .prot = &tcpv6_prot, 2026 .ops = &inet6_stream_ops, 2027 .flags = INET_PROTOSW_PERMANENT | 2028 INET_PROTOSW_ICSK, 2029 }; 2030 2031 static int __net_init tcpv6_net_init(struct net *net) 2032 { 2033 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6, 2034 SOCK_RAW, IPPROTO_TCP, net); 2035 } 2036 2037 static void __net_exit tcpv6_net_exit(struct net *net) 2038 { 2039 inet_ctl_sock_destroy(net->ipv6.tcp_sk); 2040 } 2041 2042 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list) 2043 { 2044 inet_twsk_purge(&tcp_hashinfo, AF_INET6); 2045 } 2046 2047 static struct pernet_operations tcpv6_net_ops = { 2048 .init = tcpv6_net_init, 2049 .exit = tcpv6_net_exit, 2050 .exit_batch = tcpv6_net_exit_batch, 2051 }; 2052 2053 int __init tcpv6_init(void) 2054 { 2055 int ret; 2056 2057 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP); 2058 if (ret) 2059 goto out; 2060 2061 /* register inet6 protocol */ 2062 ret = inet6_register_protosw(&tcpv6_protosw); 2063 if (ret) 2064 goto out_tcpv6_protocol; 2065 2066 ret = register_pernet_subsys(&tcpv6_net_ops); 2067 if (ret) 2068 goto out_tcpv6_protosw; 2069 out: 2070 return ret; 2071 2072 out_tcpv6_protosw: 2073 inet6_unregister_protosw(&tcpv6_protosw); 2074 out_tcpv6_protocol: 2075 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2076 goto out; 2077 } 2078 2079 void tcpv6_exit(void) 2080 { 2081 unregister_pernet_subsys(&tcpv6_net_ops); 2082 inet6_unregister_protosw(&tcpv6_protosw); 2083 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2084 } 2085