1 /* 2 * TCP over IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on: 9 * linux/net/ipv4/tcp.c 10 * linux/net/ipv4/tcp_input.c 11 * linux/net/ipv4/tcp_output.c 12 * 13 * Fixes: 14 * Hideaki YOSHIFUJI : sin6_scope_id support 15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which 16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind 17 * a single port at the same time. 18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file. 19 * 20 * This program is free software; you can redistribute it and/or 21 * modify it under the terms of the GNU General Public License 22 * as published by the Free Software Foundation; either version 23 * 2 of the License, or (at your option) any later version. 24 */ 25 26 #include <linux/bottom_half.h> 27 #include <linux/module.h> 28 #include <linux/errno.h> 29 #include <linux/types.h> 30 #include <linux/socket.h> 31 #include <linux/sockios.h> 32 #include <linux/net.h> 33 #include <linux/jiffies.h> 34 #include <linux/in.h> 35 #include <linux/in6.h> 36 #include <linux/netdevice.h> 37 #include <linux/init.h> 38 #include <linux/jhash.h> 39 #include <linux/ipsec.h> 40 #include <linux/times.h> 41 #include <linux/slab.h> 42 43 #include <linux/ipv6.h> 44 #include <linux/icmpv6.h> 45 #include <linux/random.h> 46 47 #include <net/tcp.h> 48 #include <net/ndisc.h> 49 #include <net/inet6_hashtables.h> 50 #include <net/inet6_connection_sock.h> 51 #include <net/ipv6.h> 52 #include <net/transp_v6.h> 53 #include <net/addrconf.h> 54 #include <net/ip6_route.h> 55 #include <net/ip6_checksum.h> 56 #include <net/inet_ecn.h> 57 #include <net/protocol.h> 58 #include <net/xfrm.h> 59 #include <net/snmp.h> 60 #include <net/dsfield.h> 61 #include <net/timewait_sock.h> 62 #include <net/netdma.h> 63 #include <net/inet_common.h> 64 #include <net/secure_seq.h> 65 66 #include <asm/uaccess.h> 67 68 #include <linux/proc_fs.h> 69 #include <linux/seq_file.h> 70 71 #include <linux/crypto.h> 72 #include <linux/scatterlist.h> 73 74 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb); 75 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb, 76 struct request_sock *req); 77 78 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb); 79 static void __tcp_v6_send_check(struct sk_buff *skb, 80 const struct in6_addr *saddr, 81 const struct in6_addr *daddr); 82 83 static const struct inet_connection_sock_af_ops ipv6_mapped; 84 static const struct inet_connection_sock_af_ops ipv6_specific; 85 #ifdef CONFIG_TCP_MD5SIG 86 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific; 87 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific; 88 #else 89 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, 90 const struct in6_addr *addr) 91 { 92 return NULL; 93 } 94 #endif 95 96 static void tcp_v6_hash(struct sock *sk) 97 { 98 if (sk->sk_state != TCP_CLOSE) { 99 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) { 100 tcp_prot.hash(sk); 101 return; 102 } 103 local_bh_disable(); 104 __inet6_hash(sk, NULL); 105 local_bh_enable(); 106 } 107 } 108 109 static __inline__ __sum16 tcp_v6_check(int len, 110 const struct in6_addr *saddr, 111 const struct in6_addr *daddr, 112 __wsum base) 113 { 114 return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base); 115 } 116 117 static __u32 tcp_v6_init_sequence(const struct sk_buff *skb) 118 { 119 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32, 120 ipv6_hdr(skb)->saddr.s6_addr32, 121 tcp_hdr(skb)->dest, 122 tcp_hdr(skb)->source); 123 } 124 125 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 126 int addr_len) 127 { 128 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; 129 struct inet_sock *inet = inet_sk(sk); 130 struct inet_connection_sock *icsk = inet_csk(sk); 131 struct ipv6_pinfo *np = inet6_sk(sk); 132 struct tcp_sock *tp = tcp_sk(sk); 133 struct in6_addr *saddr = NULL, *final_p, final; 134 struct rt6_info *rt; 135 struct flowi6 fl6; 136 struct dst_entry *dst; 137 int addr_type; 138 int err; 139 140 if (addr_len < SIN6_LEN_RFC2133) 141 return -EINVAL; 142 143 if (usin->sin6_family != AF_INET6) 144 return -EAFNOSUPPORT; 145 146 memset(&fl6, 0, sizeof(fl6)); 147 148 if (np->sndflow) { 149 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK; 150 IP6_ECN_flow_init(fl6.flowlabel); 151 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) { 152 struct ip6_flowlabel *flowlabel; 153 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); 154 if (flowlabel == NULL) 155 return -EINVAL; 156 ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst); 157 fl6_sock_release(flowlabel); 158 } 159 } 160 161 /* 162 * connect() to INADDR_ANY means loopback (BSD'ism). 163 */ 164 165 if(ipv6_addr_any(&usin->sin6_addr)) 166 usin->sin6_addr.s6_addr[15] = 0x1; 167 168 addr_type = ipv6_addr_type(&usin->sin6_addr); 169 170 if(addr_type & IPV6_ADDR_MULTICAST) 171 return -ENETUNREACH; 172 173 if (addr_type&IPV6_ADDR_LINKLOCAL) { 174 if (addr_len >= sizeof(struct sockaddr_in6) && 175 usin->sin6_scope_id) { 176 /* If interface is set while binding, indices 177 * must coincide. 178 */ 179 if (sk->sk_bound_dev_if && 180 sk->sk_bound_dev_if != usin->sin6_scope_id) 181 return -EINVAL; 182 183 sk->sk_bound_dev_if = usin->sin6_scope_id; 184 } 185 186 /* Connect to link-local address requires an interface */ 187 if (!sk->sk_bound_dev_if) 188 return -EINVAL; 189 } 190 191 if (tp->rx_opt.ts_recent_stamp && 192 !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) { 193 tp->rx_opt.ts_recent = 0; 194 tp->rx_opt.ts_recent_stamp = 0; 195 tp->write_seq = 0; 196 } 197 198 ipv6_addr_copy(&np->daddr, &usin->sin6_addr); 199 np->flow_label = fl6.flowlabel; 200 201 /* 202 * TCP over IPv4 203 */ 204 205 if (addr_type == IPV6_ADDR_MAPPED) { 206 u32 exthdrlen = icsk->icsk_ext_hdr_len; 207 struct sockaddr_in sin; 208 209 SOCK_DEBUG(sk, "connect: ipv4 mapped\n"); 210 211 if (__ipv6_only_sock(sk)) 212 return -ENETUNREACH; 213 214 sin.sin_family = AF_INET; 215 sin.sin_port = usin->sin6_port; 216 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3]; 217 218 icsk->icsk_af_ops = &ipv6_mapped; 219 sk->sk_backlog_rcv = tcp_v4_do_rcv; 220 #ifdef CONFIG_TCP_MD5SIG 221 tp->af_specific = &tcp_sock_ipv6_mapped_specific; 222 #endif 223 224 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin)); 225 226 if (err) { 227 icsk->icsk_ext_hdr_len = exthdrlen; 228 icsk->icsk_af_ops = &ipv6_specific; 229 sk->sk_backlog_rcv = tcp_v6_do_rcv; 230 #ifdef CONFIG_TCP_MD5SIG 231 tp->af_specific = &tcp_sock_ipv6_specific; 232 #endif 233 goto failure; 234 } else { 235 ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr); 236 ipv6_addr_set_v4mapped(inet->inet_rcv_saddr, 237 &np->rcv_saddr); 238 } 239 240 return err; 241 } 242 243 if (!ipv6_addr_any(&np->rcv_saddr)) 244 saddr = &np->rcv_saddr; 245 246 fl6.flowi6_proto = IPPROTO_TCP; 247 ipv6_addr_copy(&fl6.daddr, &np->daddr); 248 ipv6_addr_copy(&fl6.saddr, 249 (saddr ? saddr : &np->saddr)); 250 fl6.flowi6_oif = sk->sk_bound_dev_if; 251 fl6.flowi6_mark = sk->sk_mark; 252 fl6.fl6_dport = usin->sin6_port; 253 fl6.fl6_sport = inet->inet_sport; 254 255 final_p = fl6_update_dst(&fl6, np->opt, &final); 256 257 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); 258 259 dst = ip6_dst_lookup_flow(sk, &fl6, final_p, true); 260 if (IS_ERR(dst)) { 261 err = PTR_ERR(dst); 262 goto failure; 263 } 264 265 if (saddr == NULL) { 266 saddr = &fl6.saddr; 267 ipv6_addr_copy(&np->rcv_saddr, saddr); 268 } 269 270 /* set the source address */ 271 ipv6_addr_copy(&np->saddr, saddr); 272 inet->inet_rcv_saddr = LOOPBACK4_IPV6; 273 274 sk->sk_gso_type = SKB_GSO_TCPV6; 275 __ip6_dst_store(sk, dst, NULL, NULL); 276 277 rt = (struct rt6_info *) dst; 278 if (tcp_death_row.sysctl_tw_recycle && 279 !tp->rx_opt.ts_recent_stamp && 280 ipv6_addr_equal(&rt->rt6i_dst.addr, &np->daddr)) { 281 struct inet_peer *peer = rt6_get_peer(rt); 282 /* 283 * VJ's idea. We save last timestamp seen from 284 * the destination in peer table, when entering state 285 * TIME-WAIT * and initialize rx_opt.ts_recent from it, 286 * when trying new connection. 287 */ 288 if (peer) { 289 inet_peer_refcheck(peer); 290 if ((u32)get_seconds() - peer->tcp_ts_stamp <= TCP_PAWS_MSL) { 291 tp->rx_opt.ts_recent_stamp = peer->tcp_ts_stamp; 292 tp->rx_opt.ts_recent = peer->tcp_ts; 293 } 294 } 295 } 296 297 icsk->icsk_ext_hdr_len = 0; 298 if (np->opt) 299 icsk->icsk_ext_hdr_len = (np->opt->opt_flen + 300 np->opt->opt_nflen); 301 302 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 303 304 inet->inet_dport = usin->sin6_port; 305 306 tcp_set_state(sk, TCP_SYN_SENT); 307 err = inet6_hash_connect(&tcp_death_row, sk); 308 if (err) 309 goto late_failure; 310 311 if (!tp->write_seq) 312 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32, 313 np->daddr.s6_addr32, 314 inet->inet_sport, 315 inet->inet_dport); 316 317 err = tcp_connect(sk); 318 if (err) 319 goto late_failure; 320 321 return 0; 322 323 late_failure: 324 tcp_set_state(sk, TCP_CLOSE); 325 __sk_dst_reset(sk); 326 failure: 327 inet->inet_dport = 0; 328 sk->sk_route_caps = 0; 329 return err; 330 } 331 332 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 333 u8 type, u8 code, int offset, __be32 info) 334 { 335 const struct ipv6hdr *hdr = (const struct ipv6hdr*)skb->data; 336 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset); 337 struct ipv6_pinfo *np; 338 struct sock *sk; 339 int err; 340 struct tcp_sock *tp; 341 __u32 seq; 342 struct net *net = dev_net(skb->dev); 343 344 sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr, 345 th->dest, &hdr->saddr, th->source, skb->dev->ifindex); 346 347 if (sk == NULL) { 348 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev), 349 ICMP6_MIB_INERRORS); 350 return; 351 } 352 353 if (sk->sk_state == TCP_TIME_WAIT) { 354 inet_twsk_put(inet_twsk(sk)); 355 return; 356 } 357 358 bh_lock_sock(sk); 359 if (sock_owned_by_user(sk)) 360 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS); 361 362 if (sk->sk_state == TCP_CLOSE) 363 goto out; 364 365 if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) { 366 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); 367 goto out; 368 } 369 370 tp = tcp_sk(sk); 371 seq = ntohl(th->seq); 372 if (sk->sk_state != TCP_LISTEN && 373 !between(seq, tp->snd_una, tp->snd_nxt)) { 374 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 375 goto out; 376 } 377 378 np = inet6_sk(sk); 379 380 if (type == ICMPV6_PKT_TOOBIG) { 381 struct dst_entry *dst; 382 383 if (sock_owned_by_user(sk)) 384 goto out; 385 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) 386 goto out; 387 388 /* icmp should have updated the destination cache entry */ 389 dst = __sk_dst_check(sk, np->dst_cookie); 390 391 if (dst == NULL) { 392 struct inet_sock *inet = inet_sk(sk); 393 struct flowi6 fl6; 394 395 /* BUGGG_FUTURE: Again, it is not clear how 396 to handle rthdr case. Ignore this complexity 397 for now. 398 */ 399 memset(&fl6, 0, sizeof(fl6)); 400 fl6.flowi6_proto = IPPROTO_TCP; 401 ipv6_addr_copy(&fl6.daddr, &np->daddr); 402 ipv6_addr_copy(&fl6.saddr, &np->saddr); 403 fl6.flowi6_oif = sk->sk_bound_dev_if; 404 fl6.flowi6_mark = sk->sk_mark; 405 fl6.fl6_dport = inet->inet_dport; 406 fl6.fl6_sport = inet->inet_sport; 407 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); 408 409 dst = ip6_dst_lookup_flow(sk, &fl6, NULL, false); 410 if (IS_ERR(dst)) { 411 sk->sk_err_soft = -PTR_ERR(dst); 412 goto out; 413 } 414 415 } else 416 dst_hold(dst); 417 418 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) { 419 tcp_sync_mss(sk, dst_mtu(dst)); 420 tcp_simple_retransmit(sk); 421 } /* else let the usual retransmit timer handle it */ 422 dst_release(dst); 423 goto out; 424 } 425 426 icmpv6_err_convert(type, code, &err); 427 428 /* Might be for an request_sock */ 429 switch (sk->sk_state) { 430 struct request_sock *req, **prev; 431 case TCP_LISTEN: 432 if (sock_owned_by_user(sk)) 433 goto out; 434 435 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr, 436 &hdr->saddr, inet6_iif(skb)); 437 if (!req) 438 goto out; 439 440 /* ICMPs are not backlogged, hence we cannot get 441 * an established socket here. 442 */ 443 WARN_ON(req->sk != NULL); 444 445 if (seq != tcp_rsk(req)->snt_isn) { 446 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 447 goto out; 448 } 449 450 inet_csk_reqsk_queue_drop(sk, req, prev); 451 goto out; 452 453 case TCP_SYN_SENT: 454 case TCP_SYN_RECV: /* Cannot happen. 455 It can, it SYNs are crossed. --ANK */ 456 if (!sock_owned_by_user(sk)) { 457 sk->sk_err = err; 458 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */ 459 460 tcp_done(sk); 461 } else 462 sk->sk_err_soft = err; 463 goto out; 464 } 465 466 if (!sock_owned_by_user(sk) && np->recverr) { 467 sk->sk_err = err; 468 sk->sk_error_report(sk); 469 } else 470 sk->sk_err_soft = err; 471 472 out: 473 bh_unlock_sock(sk); 474 sock_put(sk); 475 } 476 477 478 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req, 479 struct request_values *rvp) 480 { 481 struct inet6_request_sock *treq = inet6_rsk(req); 482 struct ipv6_pinfo *np = inet6_sk(sk); 483 struct sk_buff * skb; 484 struct ipv6_txoptions *opt = NULL; 485 struct in6_addr * final_p, final; 486 struct flowi6 fl6; 487 struct dst_entry *dst; 488 int err; 489 490 memset(&fl6, 0, sizeof(fl6)); 491 fl6.flowi6_proto = IPPROTO_TCP; 492 ipv6_addr_copy(&fl6.daddr, &treq->rmt_addr); 493 ipv6_addr_copy(&fl6.saddr, &treq->loc_addr); 494 fl6.flowlabel = 0; 495 fl6.flowi6_oif = treq->iif; 496 fl6.flowi6_mark = sk->sk_mark; 497 fl6.fl6_dport = inet_rsk(req)->rmt_port; 498 fl6.fl6_sport = inet_rsk(req)->loc_port; 499 security_req_classify_flow(req, flowi6_to_flowi(&fl6)); 500 501 opt = np->opt; 502 final_p = fl6_update_dst(&fl6, opt, &final); 503 504 dst = ip6_dst_lookup_flow(sk, &fl6, final_p, false); 505 if (IS_ERR(dst)) { 506 err = PTR_ERR(dst); 507 dst = NULL; 508 goto done; 509 } 510 skb = tcp_make_synack(sk, dst, req, rvp); 511 err = -ENOMEM; 512 if (skb) { 513 __tcp_v6_send_check(skb, &treq->loc_addr, &treq->rmt_addr); 514 515 ipv6_addr_copy(&fl6.daddr, &treq->rmt_addr); 516 err = ip6_xmit(sk, skb, &fl6, opt, np->tclass); 517 err = net_xmit_eval(err); 518 } 519 520 done: 521 if (opt && opt != np->opt) 522 sock_kfree_s(sk, opt, opt->tot_len); 523 dst_release(dst); 524 return err; 525 } 526 527 static int tcp_v6_rtx_synack(struct sock *sk, struct request_sock *req, 528 struct request_values *rvp) 529 { 530 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_RETRANSSEGS); 531 return tcp_v6_send_synack(sk, req, rvp); 532 } 533 534 static void tcp_v6_reqsk_destructor(struct request_sock *req) 535 { 536 kfree_skb(inet6_rsk(req)->pktopts); 537 } 538 539 #ifdef CONFIG_TCP_MD5SIG 540 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, 541 const struct in6_addr *addr) 542 { 543 struct tcp_sock *tp = tcp_sk(sk); 544 int i; 545 546 BUG_ON(tp == NULL); 547 548 if (!tp->md5sig_info || !tp->md5sig_info->entries6) 549 return NULL; 550 551 for (i = 0; i < tp->md5sig_info->entries6; i++) { 552 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr)) 553 return &tp->md5sig_info->keys6[i].base; 554 } 555 return NULL; 556 } 557 558 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk, 559 struct sock *addr_sk) 560 { 561 return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr); 562 } 563 564 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk, 565 struct request_sock *req) 566 { 567 return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr); 568 } 569 570 static int tcp_v6_md5_do_add(struct sock *sk, const struct in6_addr *peer, 571 char *newkey, u8 newkeylen) 572 { 573 /* Add key to the list */ 574 struct tcp_md5sig_key *key; 575 struct tcp_sock *tp = tcp_sk(sk); 576 struct tcp6_md5sig_key *keys; 577 578 key = tcp_v6_md5_do_lookup(sk, peer); 579 if (key) { 580 /* modify existing entry - just update that one */ 581 kfree(key->key); 582 key->key = newkey; 583 key->keylen = newkeylen; 584 } else { 585 /* reallocate new list if current one is full. */ 586 if (!tp->md5sig_info) { 587 tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC); 588 if (!tp->md5sig_info) { 589 kfree(newkey); 590 return -ENOMEM; 591 } 592 sk_nocaps_add(sk, NETIF_F_GSO_MASK); 593 } 594 if (tp->md5sig_info->entries6 == 0 && 595 tcp_alloc_md5sig_pool(sk) == NULL) { 596 kfree(newkey); 597 return -ENOMEM; 598 } 599 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) { 600 keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) * 601 (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC); 602 603 if (!keys) { 604 kfree(newkey); 605 if (tp->md5sig_info->entries6 == 0) 606 tcp_free_md5sig_pool(); 607 return -ENOMEM; 608 } 609 610 if (tp->md5sig_info->entries6) 611 memmove(keys, tp->md5sig_info->keys6, 612 (sizeof (tp->md5sig_info->keys6[0]) * 613 tp->md5sig_info->entries6)); 614 615 kfree(tp->md5sig_info->keys6); 616 tp->md5sig_info->keys6 = keys; 617 tp->md5sig_info->alloced6++; 618 } 619 620 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr, 621 peer); 622 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey; 623 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen; 624 625 tp->md5sig_info->entries6++; 626 } 627 return 0; 628 } 629 630 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk, 631 u8 *newkey, __u8 newkeylen) 632 { 633 return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr, 634 newkey, newkeylen); 635 } 636 637 static int tcp_v6_md5_do_del(struct sock *sk, const struct in6_addr *peer) 638 { 639 struct tcp_sock *tp = tcp_sk(sk); 640 int i; 641 642 for (i = 0; i < tp->md5sig_info->entries6; i++) { 643 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) { 644 /* Free the key */ 645 kfree(tp->md5sig_info->keys6[i].base.key); 646 tp->md5sig_info->entries6--; 647 648 if (tp->md5sig_info->entries6 == 0) { 649 kfree(tp->md5sig_info->keys6); 650 tp->md5sig_info->keys6 = NULL; 651 tp->md5sig_info->alloced6 = 0; 652 tcp_free_md5sig_pool(); 653 } else { 654 /* shrink the database */ 655 if (tp->md5sig_info->entries6 != i) 656 memmove(&tp->md5sig_info->keys6[i], 657 &tp->md5sig_info->keys6[i+1], 658 (tp->md5sig_info->entries6 - i) 659 * sizeof (tp->md5sig_info->keys6[0])); 660 } 661 return 0; 662 } 663 } 664 return -ENOENT; 665 } 666 667 static void tcp_v6_clear_md5_list (struct sock *sk) 668 { 669 struct tcp_sock *tp = tcp_sk(sk); 670 int i; 671 672 if (tp->md5sig_info->entries6) { 673 for (i = 0; i < tp->md5sig_info->entries6; i++) 674 kfree(tp->md5sig_info->keys6[i].base.key); 675 tp->md5sig_info->entries6 = 0; 676 tcp_free_md5sig_pool(); 677 } 678 679 kfree(tp->md5sig_info->keys6); 680 tp->md5sig_info->keys6 = NULL; 681 tp->md5sig_info->alloced6 = 0; 682 683 if (tp->md5sig_info->entries4) { 684 for (i = 0; i < tp->md5sig_info->entries4; i++) 685 kfree(tp->md5sig_info->keys4[i].base.key); 686 tp->md5sig_info->entries4 = 0; 687 tcp_free_md5sig_pool(); 688 } 689 690 kfree(tp->md5sig_info->keys4); 691 tp->md5sig_info->keys4 = NULL; 692 tp->md5sig_info->alloced4 = 0; 693 } 694 695 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval, 696 int optlen) 697 { 698 struct tcp_md5sig cmd; 699 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr; 700 u8 *newkey; 701 702 if (optlen < sizeof(cmd)) 703 return -EINVAL; 704 705 if (copy_from_user(&cmd, optval, sizeof(cmd))) 706 return -EFAULT; 707 708 if (sin6->sin6_family != AF_INET6) 709 return -EINVAL; 710 711 if (!cmd.tcpm_keylen) { 712 if (!tcp_sk(sk)->md5sig_info) 713 return -ENOENT; 714 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) 715 return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]); 716 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr); 717 } 718 719 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN) 720 return -EINVAL; 721 722 if (!tcp_sk(sk)->md5sig_info) { 723 struct tcp_sock *tp = tcp_sk(sk); 724 struct tcp_md5sig_info *p; 725 726 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL); 727 if (!p) 728 return -ENOMEM; 729 730 tp->md5sig_info = p; 731 sk_nocaps_add(sk, NETIF_F_GSO_MASK); 732 } 733 734 newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL); 735 if (!newkey) 736 return -ENOMEM; 737 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) { 738 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3], 739 newkey, cmd.tcpm_keylen); 740 } 741 return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen); 742 } 743 744 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp, 745 const struct in6_addr *daddr, 746 const struct in6_addr *saddr, int nbytes) 747 { 748 struct tcp6_pseudohdr *bp; 749 struct scatterlist sg; 750 751 bp = &hp->md5_blk.ip6; 752 /* 1. TCP pseudo-header (RFC2460) */ 753 ipv6_addr_copy(&bp->saddr, saddr); 754 ipv6_addr_copy(&bp->daddr, daddr); 755 bp->protocol = cpu_to_be32(IPPROTO_TCP); 756 bp->len = cpu_to_be32(nbytes); 757 758 sg_init_one(&sg, bp, sizeof(*bp)); 759 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp)); 760 } 761 762 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key, 763 const struct in6_addr *daddr, struct in6_addr *saddr, 764 const struct tcphdr *th) 765 { 766 struct tcp_md5sig_pool *hp; 767 struct hash_desc *desc; 768 769 hp = tcp_get_md5sig_pool(); 770 if (!hp) 771 goto clear_hash_noput; 772 desc = &hp->md5_desc; 773 774 if (crypto_hash_init(desc)) 775 goto clear_hash; 776 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2)) 777 goto clear_hash; 778 if (tcp_md5_hash_header(hp, th)) 779 goto clear_hash; 780 if (tcp_md5_hash_key(hp, key)) 781 goto clear_hash; 782 if (crypto_hash_final(desc, md5_hash)) 783 goto clear_hash; 784 785 tcp_put_md5sig_pool(); 786 return 0; 787 788 clear_hash: 789 tcp_put_md5sig_pool(); 790 clear_hash_noput: 791 memset(md5_hash, 0, 16); 792 return 1; 793 } 794 795 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key, 796 const struct sock *sk, 797 const struct request_sock *req, 798 const struct sk_buff *skb) 799 { 800 const struct in6_addr *saddr, *daddr; 801 struct tcp_md5sig_pool *hp; 802 struct hash_desc *desc; 803 const struct tcphdr *th = tcp_hdr(skb); 804 805 if (sk) { 806 saddr = &inet6_sk(sk)->saddr; 807 daddr = &inet6_sk(sk)->daddr; 808 } else if (req) { 809 saddr = &inet6_rsk(req)->loc_addr; 810 daddr = &inet6_rsk(req)->rmt_addr; 811 } else { 812 const struct ipv6hdr *ip6h = ipv6_hdr(skb); 813 saddr = &ip6h->saddr; 814 daddr = &ip6h->daddr; 815 } 816 817 hp = tcp_get_md5sig_pool(); 818 if (!hp) 819 goto clear_hash_noput; 820 desc = &hp->md5_desc; 821 822 if (crypto_hash_init(desc)) 823 goto clear_hash; 824 825 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len)) 826 goto clear_hash; 827 if (tcp_md5_hash_header(hp, th)) 828 goto clear_hash; 829 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2)) 830 goto clear_hash; 831 if (tcp_md5_hash_key(hp, key)) 832 goto clear_hash; 833 if (crypto_hash_final(desc, md5_hash)) 834 goto clear_hash; 835 836 tcp_put_md5sig_pool(); 837 return 0; 838 839 clear_hash: 840 tcp_put_md5sig_pool(); 841 clear_hash_noput: 842 memset(md5_hash, 0, 16); 843 return 1; 844 } 845 846 static int tcp_v6_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb) 847 { 848 const __u8 *hash_location = NULL; 849 struct tcp_md5sig_key *hash_expected; 850 const struct ipv6hdr *ip6h = ipv6_hdr(skb); 851 const struct tcphdr *th = tcp_hdr(skb); 852 int genhash; 853 u8 newhash[16]; 854 855 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr); 856 hash_location = tcp_parse_md5sig_option(th); 857 858 /* We've parsed the options - do we have a hash? */ 859 if (!hash_expected && !hash_location) 860 return 0; 861 862 if (hash_expected && !hash_location) { 863 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND); 864 return 1; 865 } 866 867 if (!hash_expected && hash_location) { 868 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED); 869 return 1; 870 } 871 872 /* check the signature */ 873 genhash = tcp_v6_md5_hash_skb(newhash, 874 hash_expected, 875 NULL, NULL, skb); 876 877 if (genhash || memcmp(hash_location, newhash, 16) != 0) { 878 if (net_ratelimit()) { 879 printk(KERN_INFO "MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n", 880 genhash ? "failed" : "mismatch", 881 &ip6h->saddr, ntohs(th->source), 882 &ip6h->daddr, ntohs(th->dest)); 883 } 884 return 1; 885 } 886 return 0; 887 } 888 #endif 889 890 struct request_sock_ops tcp6_request_sock_ops __read_mostly = { 891 .family = AF_INET6, 892 .obj_size = sizeof(struct tcp6_request_sock), 893 .rtx_syn_ack = tcp_v6_rtx_synack, 894 .send_ack = tcp_v6_reqsk_send_ack, 895 .destructor = tcp_v6_reqsk_destructor, 896 .send_reset = tcp_v6_send_reset, 897 .syn_ack_timeout = tcp_syn_ack_timeout, 898 }; 899 900 #ifdef CONFIG_TCP_MD5SIG 901 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = { 902 .md5_lookup = tcp_v6_reqsk_md5_lookup, 903 .calc_md5_hash = tcp_v6_md5_hash_skb, 904 }; 905 #endif 906 907 static void __tcp_v6_send_check(struct sk_buff *skb, 908 const struct in6_addr *saddr, const struct in6_addr *daddr) 909 { 910 struct tcphdr *th = tcp_hdr(skb); 911 912 if (skb->ip_summed == CHECKSUM_PARTIAL) { 913 th->check = ~tcp_v6_check(skb->len, saddr, daddr, 0); 914 skb->csum_start = skb_transport_header(skb) - skb->head; 915 skb->csum_offset = offsetof(struct tcphdr, check); 916 } else { 917 th->check = tcp_v6_check(skb->len, saddr, daddr, 918 csum_partial(th, th->doff << 2, 919 skb->csum)); 920 } 921 } 922 923 static void tcp_v6_send_check(struct sock *sk, struct sk_buff *skb) 924 { 925 struct ipv6_pinfo *np = inet6_sk(sk); 926 927 __tcp_v6_send_check(skb, &np->saddr, &np->daddr); 928 } 929 930 static int tcp_v6_gso_send_check(struct sk_buff *skb) 931 { 932 const struct ipv6hdr *ipv6h; 933 struct tcphdr *th; 934 935 if (!pskb_may_pull(skb, sizeof(*th))) 936 return -EINVAL; 937 938 ipv6h = ipv6_hdr(skb); 939 th = tcp_hdr(skb); 940 941 th->check = 0; 942 skb->ip_summed = CHECKSUM_PARTIAL; 943 __tcp_v6_send_check(skb, &ipv6h->saddr, &ipv6h->daddr); 944 return 0; 945 } 946 947 static struct sk_buff **tcp6_gro_receive(struct sk_buff **head, 948 struct sk_buff *skb) 949 { 950 const struct ipv6hdr *iph = skb_gro_network_header(skb); 951 952 switch (skb->ip_summed) { 953 case CHECKSUM_COMPLETE: 954 if (!tcp_v6_check(skb_gro_len(skb), &iph->saddr, &iph->daddr, 955 skb->csum)) { 956 skb->ip_summed = CHECKSUM_UNNECESSARY; 957 break; 958 } 959 960 /* fall through */ 961 case CHECKSUM_NONE: 962 NAPI_GRO_CB(skb)->flush = 1; 963 return NULL; 964 } 965 966 return tcp_gro_receive(head, skb); 967 } 968 969 static int tcp6_gro_complete(struct sk_buff *skb) 970 { 971 const struct ipv6hdr *iph = ipv6_hdr(skb); 972 struct tcphdr *th = tcp_hdr(skb); 973 974 th->check = ~tcp_v6_check(skb->len - skb_transport_offset(skb), 975 &iph->saddr, &iph->daddr, 0); 976 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6; 977 978 return tcp_gro_complete(skb); 979 } 980 981 static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win, 982 u32 ts, struct tcp_md5sig_key *key, int rst, u8 tclass) 983 { 984 const struct tcphdr *th = tcp_hdr(skb); 985 struct tcphdr *t1; 986 struct sk_buff *buff; 987 struct flowi6 fl6; 988 struct net *net = dev_net(skb_dst(skb)->dev); 989 struct sock *ctl_sk = net->ipv6.tcp_sk; 990 unsigned int tot_len = sizeof(struct tcphdr); 991 struct dst_entry *dst; 992 __be32 *topt; 993 994 if (ts) 995 tot_len += TCPOLEN_TSTAMP_ALIGNED; 996 #ifdef CONFIG_TCP_MD5SIG 997 if (key) 998 tot_len += TCPOLEN_MD5SIG_ALIGNED; 999 #endif 1000 1001 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len, 1002 GFP_ATOMIC); 1003 if (buff == NULL) 1004 return; 1005 1006 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len); 1007 1008 t1 = (struct tcphdr *) skb_push(buff, tot_len); 1009 skb_reset_transport_header(buff); 1010 1011 /* Swap the send and the receive. */ 1012 memset(t1, 0, sizeof(*t1)); 1013 t1->dest = th->source; 1014 t1->source = th->dest; 1015 t1->doff = tot_len / 4; 1016 t1->seq = htonl(seq); 1017 t1->ack_seq = htonl(ack); 1018 t1->ack = !rst || !th->ack; 1019 t1->rst = rst; 1020 t1->window = htons(win); 1021 1022 topt = (__be32 *)(t1 + 1); 1023 1024 if (ts) { 1025 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 1026 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP); 1027 *topt++ = htonl(tcp_time_stamp); 1028 *topt++ = htonl(ts); 1029 } 1030 1031 #ifdef CONFIG_TCP_MD5SIG 1032 if (key) { 1033 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 1034 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); 1035 tcp_v6_md5_hash_hdr((__u8 *)topt, key, 1036 &ipv6_hdr(skb)->saddr, 1037 &ipv6_hdr(skb)->daddr, t1); 1038 } 1039 #endif 1040 1041 memset(&fl6, 0, sizeof(fl6)); 1042 ipv6_addr_copy(&fl6.daddr, &ipv6_hdr(skb)->saddr); 1043 ipv6_addr_copy(&fl6.saddr, &ipv6_hdr(skb)->daddr); 1044 1045 buff->ip_summed = CHECKSUM_PARTIAL; 1046 buff->csum = 0; 1047 1048 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr); 1049 1050 fl6.flowi6_proto = IPPROTO_TCP; 1051 fl6.flowi6_oif = inet6_iif(skb); 1052 fl6.fl6_dport = t1->dest; 1053 fl6.fl6_sport = t1->source; 1054 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); 1055 1056 /* Pass a socket to ip6_dst_lookup either it is for RST 1057 * Underlying function will use this to retrieve the network 1058 * namespace 1059 */ 1060 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL, false); 1061 if (!IS_ERR(dst)) { 1062 skb_dst_set(buff, dst); 1063 ip6_xmit(ctl_sk, buff, &fl6, NULL, tclass); 1064 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS); 1065 if (rst) 1066 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS); 1067 return; 1068 } 1069 1070 kfree_skb(buff); 1071 } 1072 1073 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb) 1074 { 1075 const struct tcphdr *th = tcp_hdr(skb); 1076 u32 seq = 0, ack_seq = 0; 1077 struct tcp_md5sig_key *key = NULL; 1078 1079 if (th->rst) 1080 return; 1081 1082 if (!ipv6_unicast_destination(skb)) 1083 return; 1084 1085 #ifdef CONFIG_TCP_MD5SIG 1086 if (sk) 1087 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr); 1088 #endif 1089 1090 if (th->ack) 1091 seq = ntohl(th->ack_seq); 1092 else 1093 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len - 1094 (th->doff << 2); 1095 1096 tcp_v6_send_response(skb, seq, ack_seq, 0, 0, key, 1, 0); 1097 } 1098 1099 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts, 1100 struct tcp_md5sig_key *key, u8 tclass) 1101 { 1102 tcp_v6_send_response(skb, seq, ack, win, ts, key, 0, tclass); 1103 } 1104 1105 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb) 1106 { 1107 struct inet_timewait_sock *tw = inet_twsk(sk); 1108 struct tcp_timewait_sock *tcptw = tcp_twsk(sk); 1109 1110 tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt, 1111 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale, 1112 tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw), 1113 tw->tw_tclass); 1114 1115 inet_twsk_put(tw); 1116 } 1117 1118 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb, 1119 struct request_sock *req) 1120 { 1121 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent, 1122 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr), 0); 1123 } 1124 1125 1126 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb) 1127 { 1128 struct request_sock *req, **prev; 1129 const struct tcphdr *th = tcp_hdr(skb); 1130 struct sock *nsk; 1131 1132 /* Find possible connection requests. */ 1133 req = inet6_csk_search_req(sk, &prev, th->source, 1134 &ipv6_hdr(skb)->saddr, 1135 &ipv6_hdr(skb)->daddr, inet6_iif(skb)); 1136 if (req) 1137 return tcp_check_req(sk, skb, req, prev); 1138 1139 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo, 1140 &ipv6_hdr(skb)->saddr, th->source, 1141 &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb)); 1142 1143 if (nsk) { 1144 if (nsk->sk_state != TCP_TIME_WAIT) { 1145 bh_lock_sock(nsk); 1146 return nsk; 1147 } 1148 inet_twsk_put(inet_twsk(nsk)); 1149 return NULL; 1150 } 1151 1152 #ifdef CONFIG_SYN_COOKIES 1153 if (!th->syn) 1154 sk = cookie_v6_check(sk, skb); 1155 #endif 1156 return sk; 1157 } 1158 1159 /* FIXME: this is substantially similar to the ipv4 code. 1160 * Can some kind of merge be done? -- erics 1161 */ 1162 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb) 1163 { 1164 struct tcp_extend_values tmp_ext; 1165 struct tcp_options_received tmp_opt; 1166 const u8 *hash_location; 1167 struct request_sock *req; 1168 struct inet6_request_sock *treq; 1169 struct ipv6_pinfo *np = inet6_sk(sk); 1170 struct tcp_sock *tp = tcp_sk(sk); 1171 __u32 isn = TCP_SKB_CB(skb)->when; 1172 struct dst_entry *dst = NULL; 1173 int want_cookie = 0; 1174 1175 if (skb->protocol == htons(ETH_P_IP)) 1176 return tcp_v4_conn_request(sk, skb); 1177 1178 if (!ipv6_unicast_destination(skb)) 1179 goto drop; 1180 1181 if (inet_csk_reqsk_queue_is_full(sk) && !isn) { 1182 want_cookie = tcp_syn_flood_action(sk, skb, "TCPv6"); 1183 if (!want_cookie) 1184 goto drop; 1185 } 1186 1187 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) 1188 goto drop; 1189 1190 req = inet6_reqsk_alloc(&tcp6_request_sock_ops); 1191 if (req == NULL) 1192 goto drop; 1193 1194 #ifdef CONFIG_TCP_MD5SIG 1195 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops; 1196 #endif 1197 1198 tcp_clear_options(&tmp_opt); 1199 tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 1200 tmp_opt.user_mss = tp->rx_opt.user_mss; 1201 tcp_parse_options(skb, &tmp_opt, &hash_location, 0); 1202 1203 if (tmp_opt.cookie_plus > 0 && 1204 tmp_opt.saw_tstamp && 1205 !tp->rx_opt.cookie_out_never && 1206 (sysctl_tcp_cookie_size > 0 || 1207 (tp->cookie_values != NULL && 1208 tp->cookie_values->cookie_desired > 0))) { 1209 u8 *c; 1210 u32 *d; 1211 u32 *mess = &tmp_ext.cookie_bakery[COOKIE_DIGEST_WORDS]; 1212 int l = tmp_opt.cookie_plus - TCPOLEN_COOKIE_BASE; 1213 1214 if (tcp_cookie_generator(&tmp_ext.cookie_bakery[0]) != 0) 1215 goto drop_and_free; 1216 1217 /* Secret recipe starts with IP addresses */ 1218 d = (__force u32 *)&ipv6_hdr(skb)->daddr.s6_addr32[0]; 1219 *mess++ ^= *d++; 1220 *mess++ ^= *d++; 1221 *mess++ ^= *d++; 1222 *mess++ ^= *d++; 1223 d = (__force u32 *)&ipv6_hdr(skb)->saddr.s6_addr32[0]; 1224 *mess++ ^= *d++; 1225 *mess++ ^= *d++; 1226 *mess++ ^= *d++; 1227 *mess++ ^= *d++; 1228 1229 /* plus variable length Initiator Cookie */ 1230 c = (u8 *)mess; 1231 while (l-- > 0) 1232 *c++ ^= *hash_location++; 1233 1234 want_cookie = 0; /* not our kind of cookie */ 1235 tmp_ext.cookie_out_never = 0; /* false */ 1236 tmp_ext.cookie_plus = tmp_opt.cookie_plus; 1237 } else if (!tp->rx_opt.cookie_in_always) { 1238 /* redundant indications, but ensure initialization. */ 1239 tmp_ext.cookie_out_never = 1; /* true */ 1240 tmp_ext.cookie_plus = 0; 1241 } else { 1242 goto drop_and_free; 1243 } 1244 tmp_ext.cookie_in_always = tp->rx_opt.cookie_in_always; 1245 1246 if (want_cookie && !tmp_opt.saw_tstamp) 1247 tcp_clear_options(&tmp_opt); 1248 1249 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp; 1250 tcp_openreq_init(req, &tmp_opt, skb); 1251 1252 treq = inet6_rsk(req); 1253 ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr); 1254 ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr); 1255 if (!want_cookie || tmp_opt.tstamp_ok) 1256 TCP_ECN_create_request(req, tcp_hdr(skb)); 1257 1258 if (!isn) { 1259 struct inet_peer *peer = NULL; 1260 1261 if (ipv6_opt_accepted(sk, skb) || 1262 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || 1263 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) { 1264 atomic_inc(&skb->users); 1265 treq->pktopts = skb; 1266 } 1267 treq->iif = sk->sk_bound_dev_if; 1268 1269 /* So that link locals have meaning */ 1270 if (!sk->sk_bound_dev_if && 1271 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL) 1272 treq->iif = inet6_iif(skb); 1273 1274 if (want_cookie) { 1275 isn = cookie_v6_init_sequence(sk, skb, &req->mss); 1276 req->cookie_ts = tmp_opt.tstamp_ok; 1277 goto have_isn; 1278 } 1279 1280 /* VJ's idea. We save last timestamp seen 1281 * from the destination in peer table, when entering 1282 * state TIME-WAIT, and check against it before 1283 * accepting new connection request. 1284 * 1285 * If "isn" is not zero, this request hit alive 1286 * timewait bucket, so that all the necessary checks 1287 * are made in the function processing timewait state. 1288 */ 1289 if (tmp_opt.saw_tstamp && 1290 tcp_death_row.sysctl_tw_recycle && 1291 (dst = inet6_csk_route_req(sk, req)) != NULL && 1292 (peer = rt6_get_peer((struct rt6_info *)dst)) != NULL && 1293 ipv6_addr_equal((struct in6_addr *)peer->daddr.addr.a6, 1294 &treq->rmt_addr)) { 1295 inet_peer_refcheck(peer); 1296 if ((u32)get_seconds() - peer->tcp_ts_stamp < TCP_PAWS_MSL && 1297 (s32)(peer->tcp_ts - req->ts_recent) > 1298 TCP_PAWS_WINDOW) { 1299 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSPASSIVEREJECTED); 1300 goto drop_and_release; 1301 } 1302 } 1303 /* Kill the following clause, if you dislike this way. */ 1304 else if (!sysctl_tcp_syncookies && 1305 (sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) < 1306 (sysctl_max_syn_backlog >> 2)) && 1307 (!peer || !peer->tcp_ts_stamp) && 1308 (!dst || !dst_metric(dst, RTAX_RTT))) { 1309 /* Without syncookies last quarter of 1310 * backlog is filled with destinations, 1311 * proven to be alive. 1312 * It means that we continue to communicate 1313 * to destinations, already remembered 1314 * to the moment of synflood. 1315 */ 1316 LIMIT_NETDEBUG(KERN_DEBUG "TCP: drop open request from %pI6/%u\n", 1317 &treq->rmt_addr, ntohs(tcp_hdr(skb)->source)); 1318 goto drop_and_release; 1319 } 1320 1321 isn = tcp_v6_init_sequence(skb); 1322 } 1323 have_isn: 1324 tcp_rsk(req)->snt_isn = isn; 1325 tcp_rsk(req)->snt_synack = tcp_time_stamp; 1326 1327 security_inet_conn_request(sk, skb, req); 1328 1329 if (tcp_v6_send_synack(sk, req, 1330 (struct request_values *)&tmp_ext) || 1331 want_cookie) 1332 goto drop_and_free; 1333 1334 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT); 1335 return 0; 1336 1337 drop_and_release: 1338 dst_release(dst); 1339 drop_and_free: 1340 reqsk_free(req); 1341 drop: 1342 return 0; /* don't send reset */ 1343 } 1344 1345 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb, 1346 struct request_sock *req, 1347 struct dst_entry *dst) 1348 { 1349 struct inet6_request_sock *treq; 1350 struct ipv6_pinfo *newnp, *np = inet6_sk(sk); 1351 struct tcp6_sock *newtcp6sk; 1352 struct inet_sock *newinet; 1353 struct tcp_sock *newtp; 1354 struct sock *newsk; 1355 struct ipv6_txoptions *opt; 1356 #ifdef CONFIG_TCP_MD5SIG 1357 struct tcp_md5sig_key *key; 1358 #endif 1359 1360 if (skb->protocol == htons(ETH_P_IP)) { 1361 /* 1362 * v6 mapped 1363 */ 1364 1365 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst); 1366 1367 if (newsk == NULL) 1368 return NULL; 1369 1370 newtcp6sk = (struct tcp6_sock *)newsk; 1371 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1372 1373 newinet = inet_sk(newsk); 1374 newnp = inet6_sk(newsk); 1375 newtp = tcp_sk(newsk); 1376 1377 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1378 1379 ipv6_addr_set_v4mapped(newinet->inet_daddr, &newnp->daddr); 1380 1381 ipv6_addr_set_v4mapped(newinet->inet_saddr, &newnp->saddr); 1382 1383 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr); 1384 1385 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped; 1386 newsk->sk_backlog_rcv = tcp_v4_do_rcv; 1387 #ifdef CONFIG_TCP_MD5SIG 1388 newtp->af_specific = &tcp_sock_ipv6_mapped_specific; 1389 #endif 1390 1391 newnp->ipv6_ac_list = NULL; 1392 newnp->ipv6_fl_list = NULL; 1393 newnp->pktoptions = NULL; 1394 newnp->opt = NULL; 1395 newnp->mcast_oif = inet6_iif(skb); 1396 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1397 1398 /* 1399 * No need to charge this sock to the relevant IPv6 refcnt debug socks count 1400 * here, tcp_create_openreq_child now does this for us, see the comment in 1401 * that function for the gory details. -acme 1402 */ 1403 1404 /* It is tricky place. Until this moment IPv4 tcp 1405 worked with IPv6 icsk.icsk_af_ops. 1406 Sync it now. 1407 */ 1408 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); 1409 1410 return newsk; 1411 } 1412 1413 treq = inet6_rsk(req); 1414 opt = np->opt; 1415 1416 if (sk_acceptq_is_full(sk)) 1417 goto out_overflow; 1418 1419 if (!dst) { 1420 dst = inet6_csk_route_req(sk, req); 1421 if (!dst) 1422 goto out; 1423 } 1424 1425 newsk = tcp_create_openreq_child(sk, req, skb); 1426 if (newsk == NULL) 1427 goto out_nonewsk; 1428 1429 /* 1430 * No need to charge this sock to the relevant IPv6 refcnt debug socks 1431 * count here, tcp_create_openreq_child now does this for us, see the 1432 * comment in that function for the gory details. -acme 1433 */ 1434 1435 newsk->sk_gso_type = SKB_GSO_TCPV6; 1436 __ip6_dst_store(newsk, dst, NULL, NULL); 1437 1438 newtcp6sk = (struct tcp6_sock *)newsk; 1439 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1440 1441 newtp = tcp_sk(newsk); 1442 newinet = inet_sk(newsk); 1443 newnp = inet6_sk(newsk); 1444 1445 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1446 1447 ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr); 1448 ipv6_addr_copy(&newnp->saddr, &treq->loc_addr); 1449 ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr); 1450 newsk->sk_bound_dev_if = treq->iif; 1451 1452 /* Now IPv6 options... 1453 1454 First: no IPv4 options. 1455 */ 1456 newinet->inet_opt = NULL; 1457 newnp->ipv6_ac_list = NULL; 1458 newnp->ipv6_fl_list = NULL; 1459 1460 /* Clone RX bits */ 1461 newnp->rxopt.all = np->rxopt.all; 1462 1463 /* Clone pktoptions received with SYN */ 1464 newnp->pktoptions = NULL; 1465 if (treq->pktopts != NULL) { 1466 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC); 1467 kfree_skb(treq->pktopts); 1468 treq->pktopts = NULL; 1469 if (newnp->pktoptions) 1470 skb_set_owner_r(newnp->pktoptions, newsk); 1471 } 1472 newnp->opt = NULL; 1473 newnp->mcast_oif = inet6_iif(skb); 1474 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1475 1476 /* Clone native IPv6 options from listening socket (if any) 1477 1478 Yes, keeping reference count would be much more clever, 1479 but we make one more one thing there: reattach optmem 1480 to newsk. 1481 */ 1482 if (opt) { 1483 newnp->opt = ipv6_dup_options(newsk, opt); 1484 if (opt != np->opt) 1485 sock_kfree_s(sk, opt, opt->tot_len); 1486 } 1487 1488 inet_csk(newsk)->icsk_ext_hdr_len = 0; 1489 if (newnp->opt) 1490 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen + 1491 newnp->opt->opt_flen); 1492 1493 tcp_mtup_init(newsk); 1494 tcp_sync_mss(newsk, dst_mtu(dst)); 1495 newtp->advmss = dst_metric_advmss(dst); 1496 tcp_initialize_rcv_mss(newsk); 1497 if (tcp_rsk(req)->snt_synack) 1498 tcp_valid_rtt_meas(newsk, 1499 tcp_time_stamp - tcp_rsk(req)->snt_synack); 1500 newtp->total_retrans = req->retrans; 1501 1502 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6; 1503 newinet->inet_rcv_saddr = LOOPBACK4_IPV6; 1504 1505 #ifdef CONFIG_TCP_MD5SIG 1506 /* Copy over the MD5 key from the original socket */ 1507 if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) { 1508 /* We're using one, so create a matching key 1509 * on the newsk structure. If we fail to get 1510 * memory, then we end up not copying the key 1511 * across. Shucks. 1512 */ 1513 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC); 1514 if (newkey != NULL) 1515 tcp_v6_md5_do_add(newsk, &newnp->daddr, 1516 newkey, key->keylen); 1517 } 1518 #endif 1519 1520 if (__inet_inherit_port(sk, newsk) < 0) { 1521 sock_put(newsk); 1522 goto out; 1523 } 1524 __inet6_hash(newsk, NULL); 1525 1526 return newsk; 1527 1528 out_overflow: 1529 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); 1530 out_nonewsk: 1531 if (opt && opt != np->opt) 1532 sock_kfree_s(sk, opt, opt->tot_len); 1533 dst_release(dst); 1534 out: 1535 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); 1536 return NULL; 1537 } 1538 1539 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb) 1540 { 1541 if (skb->ip_summed == CHECKSUM_COMPLETE) { 1542 if (!tcp_v6_check(skb->len, &ipv6_hdr(skb)->saddr, 1543 &ipv6_hdr(skb)->daddr, skb->csum)) { 1544 skb->ip_summed = CHECKSUM_UNNECESSARY; 1545 return 0; 1546 } 1547 } 1548 1549 skb->csum = ~csum_unfold(tcp_v6_check(skb->len, 1550 &ipv6_hdr(skb)->saddr, 1551 &ipv6_hdr(skb)->daddr, 0)); 1552 1553 if (skb->len <= 76) { 1554 return __skb_checksum_complete(skb); 1555 } 1556 return 0; 1557 } 1558 1559 /* The socket must have it's spinlock held when we get 1560 * here. 1561 * 1562 * We have a potential double-lock case here, so even when 1563 * doing backlog processing we use the BH locking scheme. 1564 * This is because we cannot sleep with the original spinlock 1565 * held. 1566 */ 1567 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) 1568 { 1569 struct ipv6_pinfo *np = inet6_sk(sk); 1570 struct tcp_sock *tp; 1571 struct sk_buff *opt_skb = NULL; 1572 1573 /* Imagine: socket is IPv6. IPv4 packet arrives, 1574 goes to IPv4 receive handler and backlogged. 1575 From backlog it always goes here. Kerboom... 1576 Fortunately, tcp_rcv_established and rcv_established 1577 handle them correctly, but it is not case with 1578 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK 1579 */ 1580 1581 if (skb->protocol == htons(ETH_P_IP)) 1582 return tcp_v4_do_rcv(sk, skb); 1583 1584 #ifdef CONFIG_TCP_MD5SIG 1585 if (tcp_v6_inbound_md5_hash (sk, skb)) 1586 goto discard; 1587 #endif 1588 1589 if (sk_filter(sk, skb)) 1590 goto discard; 1591 1592 /* 1593 * socket locking is here for SMP purposes as backlog rcv 1594 * is currently called with bh processing disabled. 1595 */ 1596 1597 /* Do Stevens' IPV6_PKTOPTIONS. 1598 1599 Yes, guys, it is the only place in our code, where we 1600 may make it not affecting IPv4. 1601 The rest of code is protocol independent, 1602 and I do not like idea to uglify IPv4. 1603 1604 Actually, all the idea behind IPV6_PKTOPTIONS 1605 looks not very well thought. For now we latch 1606 options, received in the last packet, enqueued 1607 by tcp. Feel free to propose better solution. 1608 --ANK (980728) 1609 */ 1610 if (np->rxopt.all) 1611 opt_skb = skb_clone(skb, GFP_ATOMIC); 1612 1613 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ 1614 sock_rps_save_rxhash(sk, skb); 1615 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) 1616 goto reset; 1617 if (opt_skb) 1618 goto ipv6_pktoptions; 1619 return 0; 1620 } 1621 1622 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb)) 1623 goto csum_err; 1624 1625 if (sk->sk_state == TCP_LISTEN) { 1626 struct sock *nsk = tcp_v6_hnd_req(sk, skb); 1627 if (!nsk) 1628 goto discard; 1629 1630 /* 1631 * Queue it on the new socket if the new socket is active, 1632 * otherwise we just shortcircuit this and continue with 1633 * the new socket.. 1634 */ 1635 if(nsk != sk) { 1636 sock_rps_save_rxhash(nsk, skb); 1637 if (tcp_child_process(sk, nsk, skb)) 1638 goto reset; 1639 if (opt_skb) 1640 __kfree_skb(opt_skb); 1641 return 0; 1642 } 1643 } else 1644 sock_rps_save_rxhash(sk, skb); 1645 1646 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) 1647 goto reset; 1648 if (opt_skb) 1649 goto ipv6_pktoptions; 1650 return 0; 1651 1652 reset: 1653 tcp_v6_send_reset(sk, skb); 1654 discard: 1655 if (opt_skb) 1656 __kfree_skb(opt_skb); 1657 kfree_skb(skb); 1658 return 0; 1659 csum_err: 1660 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS); 1661 goto discard; 1662 1663 1664 ipv6_pktoptions: 1665 /* Do you ask, what is it? 1666 1667 1. skb was enqueued by tcp. 1668 2. skb is added to tail of read queue, rather than out of order. 1669 3. socket is not in passive state. 1670 4. Finally, it really contains options, which user wants to receive. 1671 */ 1672 tp = tcp_sk(sk); 1673 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt && 1674 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) { 1675 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo) 1676 np->mcast_oif = inet6_iif(opt_skb); 1677 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) 1678 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit; 1679 if (ipv6_opt_accepted(sk, opt_skb)) { 1680 skb_set_owner_r(opt_skb, sk); 1681 opt_skb = xchg(&np->pktoptions, opt_skb); 1682 } else { 1683 __kfree_skb(opt_skb); 1684 opt_skb = xchg(&np->pktoptions, NULL); 1685 } 1686 } 1687 1688 kfree_skb(opt_skb); 1689 return 0; 1690 } 1691 1692 static int tcp_v6_rcv(struct sk_buff *skb) 1693 { 1694 const struct tcphdr *th; 1695 const struct ipv6hdr *hdr; 1696 struct sock *sk; 1697 int ret; 1698 struct net *net = dev_net(skb->dev); 1699 1700 if (skb->pkt_type != PACKET_HOST) 1701 goto discard_it; 1702 1703 /* 1704 * Count it even if it's bad. 1705 */ 1706 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS); 1707 1708 if (!pskb_may_pull(skb, sizeof(struct tcphdr))) 1709 goto discard_it; 1710 1711 th = tcp_hdr(skb); 1712 1713 if (th->doff < sizeof(struct tcphdr)/4) 1714 goto bad_packet; 1715 if (!pskb_may_pull(skb, th->doff*4)) 1716 goto discard_it; 1717 1718 if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb)) 1719 goto bad_packet; 1720 1721 th = tcp_hdr(skb); 1722 hdr = ipv6_hdr(skb); 1723 TCP_SKB_CB(skb)->seq = ntohl(th->seq); 1724 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin + 1725 skb->len - th->doff*4); 1726 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq); 1727 TCP_SKB_CB(skb)->when = 0; 1728 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr); 1729 TCP_SKB_CB(skb)->sacked = 0; 1730 1731 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); 1732 if (!sk) 1733 goto no_tcp_socket; 1734 1735 process: 1736 if (sk->sk_state == TCP_TIME_WAIT) 1737 goto do_time_wait; 1738 1739 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) { 1740 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); 1741 goto discard_and_relse; 1742 } 1743 1744 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) 1745 goto discard_and_relse; 1746 1747 if (sk_filter(sk, skb)) 1748 goto discard_and_relse; 1749 1750 skb->dev = NULL; 1751 1752 bh_lock_sock_nested(sk); 1753 ret = 0; 1754 if (!sock_owned_by_user(sk)) { 1755 #ifdef CONFIG_NET_DMA 1756 struct tcp_sock *tp = tcp_sk(sk); 1757 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list) 1758 tp->ucopy.dma_chan = dma_find_channel(DMA_MEMCPY); 1759 if (tp->ucopy.dma_chan) 1760 ret = tcp_v6_do_rcv(sk, skb); 1761 else 1762 #endif 1763 { 1764 if (!tcp_prequeue(sk, skb)) 1765 ret = tcp_v6_do_rcv(sk, skb); 1766 } 1767 } else if (unlikely(sk_add_backlog(sk, skb))) { 1768 bh_unlock_sock(sk); 1769 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP); 1770 goto discard_and_relse; 1771 } 1772 bh_unlock_sock(sk); 1773 1774 sock_put(sk); 1775 return ret ? -1 : 0; 1776 1777 no_tcp_socket: 1778 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 1779 goto discard_it; 1780 1781 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1782 bad_packet: 1783 TCP_INC_STATS_BH(net, TCP_MIB_INERRS); 1784 } else { 1785 tcp_v6_send_reset(NULL, skb); 1786 } 1787 1788 discard_it: 1789 1790 /* 1791 * Discard frame 1792 */ 1793 1794 kfree_skb(skb); 1795 return 0; 1796 1797 discard_and_relse: 1798 sock_put(sk); 1799 goto discard_it; 1800 1801 do_time_wait: 1802 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 1803 inet_twsk_put(inet_twsk(sk)); 1804 goto discard_it; 1805 } 1806 1807 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1808 TCP_INC_STATS_BH(net, TCP_MIB_INERRS); 1809 inet_twsk_put(inet_twsk(sk)); 1810 goto discard_it; 1811 } 1812 1813 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) { 1814 case TCP_TW_SYN: 1815 { 1816 struct sock *sk2; 1817 1818 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo, 1819 &ipv6_hdr(skb)->daddr, 1820 ntohs(th->dest), inet6_iif(skb)); 1821 if (sk2 != NULL) { 1822 struct inet_timewait_sock *tw = inet_twsk(sk); 1823 inet_twsk_deschedule(tw, &tcp_death_row); 1824 inet_twsk_put(tw); 1825 sk = sk2; 1826 goto process; 1827 } 1828 /* Fall through to ACK */ 1829 } 1830 case TCP_TW_ACK: 1831 tcp_v6_timewait_ack(sk, skb); 1832 break; 1833 case TCP_TW_RST: 1834 goto no_tcp_socket; 1835 case TCP_TW_SUCCESS:; 1836 } 1837 goto discard_it; 1838 } 1839 1840 static struct inet_peer *tcp_v6_get_peer(struct sock *sk, bool *release_it) 1841 { 1842 struct rt6_info *rt = (struct rt6_info *) __sk_dst_get(sk); 1843 struct ipv6_pinfo *np = inet6_sk(sk); 1844 struct inet_peer *peer; 1845 1846 if (!rt || 1847 !ipv6_addr_equal(&np->daddr, &rt->rt6i_dst.addr)) { 1848 peer = inet_getpeer_v6(&np->daddr, 1); 1849 *release_it = true; 1850 } else { 1851 if (!rt->rt6i_peer) 1852 rt6_bind_peer(rt, 1); 1853 peer = rt->rt6i_peer; 1854 *release_it = false; 1855 } 1856 1857 return peer; 1858 } 1859 1860 static void *tcp_v6_tw_get_peer(struct sock *sk) 1861 { 1862 const struct inet6_timewait_sock *tw6 = inet6_twsk(sk); 1863 const struct inet_timewait_sock *tw = inet_twsk(sk); 1864 1865 if (tw->tw_family == AF_INET) 1866 return tcp_v4_tw_get_peer(sk); 1867 1868 return inet_getpeer_v6(&tw6->tw_v6_daddr, 1); 1869 } 1870 1871 static struct timewait_sock_ops tcp6_timewait_sock_ops = { 1872 .twsk_obj_size = sizeof(struct tcp6_timewait_sock), 1873 .twsk_unique = tcp_twsk_unique, 1874 .twsk_destructor= tcp_twsk_destructor, 1875 .twsk_getpeer = tcp_v6_tw_get_peer, 1876 }; 1877 1878 static const struct inet_connection_sock_af_ops ipv6_specific = { 1879 .queue_xmit = inet6_csk_xmit, 1880 .send_check = tcp_v6_send_check, 1881 .rebuild_header = inet6_sk_rebuild_header, 1882 .conn_request = tcp_v6_conn_request, 1883 .syn_recv_sock = tcp_v6_syn_recv_sock, 1884 .get_peer = tcp_v6_get_peer, 1885 .net_header_len = sizeof(struct ipv6hdr), 1886 .setsockopt = ipv6_setsockopt, 1887 .getsockopt = ipv6_getsockopt, 1888 .addr2sockaddr = inet6_csk_addr2sockaddr, 1889 .sockaddr_len = sizeof(struct sockaddr_in6), 1890 .bind_conflict = inet6_csk_bind_conflict, 1891 #ifdef CONFIG_COMPAT 1892 .compat_setsockopt = compat_ipv6_setsockopt, 1893 .compat_getsockopt = compat_ipv6_getsockopt, 1894 #endif 1895 }; 1896 1897 #ifdef CONFIG_TCP_MD5SIG 1898 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = { 1899 .md5_lookup = tcp_v6_md5_lookup, 1900 .calc_md5_hash = tcp_v6_md5_hash_skb, 1901 .md5_add = tcp_v6_md5_add_func, 1902 .md5_parse = tcp_v6_parse_md5_keys, 1903 }; 1904 #endif 1905 1906 /* 1907 * TCP over IPv4 via INET6 API 1908 */ 1909 1910 static const struct inet_connection_sock_af_ops ipv6_mapped = { 1911 .queue_xmit = ip_queue_xmit, 1912 .send_check = tcp_v4_send_check, 1913 .rebuild_header = inet_sk_rebuild_header, 1914 .conn_request = tcp_v6_conn_request, 1915 .syn_recv_sock = tcp_v6_syn_recv_sock, 1916 .get_peer = tcp_v4_get_peer, 1917 .net_header_len = sizeof(struct iphdr), 1918 .setsockopt = ipv6_setsockopt, 1919 .getsockopt = ipv6_getsockopt, 1920 .addr2sockaddr = inet6_csk_addr2sockaddr, 1921 .sockaddr_len = sizeof(struct sockaddr_in6), 1922 .bind_conflict = inet6_csk_bind_conflict, 1923 #ifdef CONFIG_COMPAT 1924 .compat_setsockopt = compat_ipv6_setsockopt, 1925 .compat_getsockopt = compat_ipv6_getsockopt, 1926 #endif 1927 }; 1928 1929 #ifdef CONFIG_TCP_MD5SIG 1930 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = { 1931 .md5_lookup = tcp_v4_md5_lookup, 1932 .calc_md5_hash = tcp_v4_md5_hash_skb, 1933 .md5_add = tcp_v6_md5_add_func, 1934 .md5_parse = tcp_v6_parse_md5_keys, 1935 }; 1936 #endif 1937 1938 /* NOTE: A lot of things set to zero explicitly by call to 1939 * sk_alloc() so need not be done here. 1940 */ 1941 static int tcp_v6_init_sock(struct sock *sk) 1942 { 1943 struct inet_connection_sock *icsk = inet_csk(sk); 1944 struct tcp_sock *tp = tcp_sk(sk); 1945 1946 skb_queue_head_init(&tp->out_of_order_queue); 1947 tcp_init_xmit_timers(sk); 1948 tcp_prequeue_init(tp); 1949 1950 icsk->icsk_rto = TCP_TIMEOUT_INIT; 1951 tp->mdev = TCP_TIMEOUT_INIT; 1952 1953 /* So many TCP implementations out there (incorrectly) count the 1954 * initial SYN frame in their delayed-ACK and congestion control 1955 * algorithms that we must have the following bandaid to talk 1956 * efficiently to them. -DaveM 1957 */ 1958 tp->snd_cwnd = 2; 1959 1960 /* See draft-stevens-tcpca-spec-01 for discussion of the 1961 * initialization of these values. 1962 */ 1963 tp->snd_ssthresh = TCP_INFINITE_SSTHRESH; 1964 tp->snd_cwnd_clamp = ~0; 1965 tp->mss_cache = TCP_MSS_DEFAULT; 1966 1967 tp->reordering = sysctl_tcp_reordering; 1968 1969 sk->sk_state = TCP_CLOSE; 1970 1971 icsk->icsk_af_ops = &ipv6_specific; 1972 icsk->icsk_ca_ops = &tcp_init_congestion_ops; 1973 icsk->icsk_sync_mss = tcp_sync_mss; 1974 sk->sk_write_space = sk_stream_write_space; 1975 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE); 1976 1977 #ifdef CONFIG_TCP_MD5SIG 1978 tp->af_specific = &tcp_sock_ipv6_specific; 1979 #endif 1980 1981 /* TCP Cookie Transactions */ 1982 if (sysctl_tcp_cookie_size > 0) { 1983 /* Default, cookies without s_data_payload. */ 1984 tp->cookie_values = 1985 kzalloc(sizeof(*tp->cookie_values), 1986 sk->sk_allocation); 1987 if (tp->cookie_values != NULL) 1988 kref_init(&tp->cookie_values->kref); 1989 } 1990 /* Presumed zeroed, in order of appearance: 1991 * cookie_in_always, cookie_out_never, 1992 * s_data_constant, s_data_in, s_data_out 1993 */ 1994 sk->sk_sndbuf = sysctl_tcp_wmem[1]; 1995 sk->sk_rcvbuf = sysctl_tcp_rmem[1]; 1996 1997 local_bh_disable(); 1998 percpu_counter_inc(&tcp_sockets_allocated); 1999 local_bh_enable(); 2000 2001 return 0; 2002 } 2003 2004 static void tcp_v6_destroy_sock(struct sock *sk) 2005 { 2006 #ifdef CONFIG_TCP_MD5SIG 2007 /* Clean up the MD5 key list */ 2008 if (tcp_sk(sk)->md5sig_info) 2009 tcp_v6_clear_md5_list(sk); 2010 #endif 2011 tcp_v4_destroy_sock(sk); 2012 inet6_destroy_sock(sk); 2013 } 2014 2015 #ifdef CONFIG_PROC_FS 2016 /* Proc filesystem TCPv6 sock list dumping. */ 2017 static void get_openreq6(struct seq_file *seq, 2018 const struct sock *sk, struct request_sock *req, int i, int uid) 2019 { 2020 int ttd = req->expires - jiffies; 2021 const struct in6_addr *src = &inet6_rsk(req)->loc_addr; 2022 const struct in6_addr *dest = &inet6_rsk(req)->rmt_addr; 2023 2024 if (ttd < 0) 2025 ttd = 0; 2026 2027 seq_printf(seq, 2028 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 2029 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n", 2030 i, 2031 src->s6_addr32[0], src->s6_addr32[1], 2032 src->s6_addr32[2], src->s6_addr32[3], 2033 ntohs(inet_rsk(req)->loc_port), 2034 dest->s6_addr32[0], dest->s6_addr32[1], 2035 dest->s6_addr32[2], dest->s6_addr32[3], 2036 ntohs(inet_rsk(req)->rmt_port), 2037 TCP_SYN_RECV, 2038 0,0, /* could print option size, but that is af dependent. */ 2039 1, /* timers active (only the expire timer) */ 2040 jiffies_to_clock_t(ttd), 2041 req->retrans, 2042 uid, 2043 0, /* non standard timer */ 2044 0, /* open_requests have no inode */ 2045 0, req); 2046 } 2047 2048 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) 2049 { 2050 const struct in6_addr *dest, *src; 2051 __u16 destp, srcp; 2052 int timer_active; 2053 unsigned long timer_expires; 2054 const struct inet_sock *inet = inet_sk(sp); 2055 const struct tcp_sock *tp = tcp_sk(sp); 2056 const struct inet_connection_sock *icsk = inet_csk(sp); 2057 const struct ipv6_pinfo *np = inet6_sk(sp); 2058 2059 dest = &np->daddr; 2060 src = &np->rcv_saddr; 2061 destp = ntohs(inet->inet_dport); 2062 srcp = ntohs(inet->inet_sport); 2063 2064 if (icsk->icsk_pending == ICSK_TIME_RETRANS) { 2065 timer_active = 1; 2066 timer_expires = icsk->icsk_timeout; 2067 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) { 2068 timer_active = 4; 2069 timer_expires = icsk->icsk_timeout; 2070 } else if (timer_pending(&sp->sk_timer)) { 2071 timer_active = 2; 2072 timer_expires = sp->sk_timer.expires; 2073 } else { 2074 timer_active = 0; 2075 timer_expires = jiffies; 2076 } 2077 2078 seq_printf(seq, 2079 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 2080 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %pK %lu %lu %u %u %d\n", 2081 i, 2082 src->s6_addr32[0], src->s6_addr32[1], 2083 src->s6_addr32[2], src->s6_addr32[3], srcp, 2084 dest->s6_addr32[0], dest->s6_addr32[1], 2085 dest->s6_addr32[2], dest->s6_addr32[3], destp, 2086 sp->sk_state, 2087 tp->write_seq-tp->snd_una, 2088 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq), 2089 timer_active, 2090 jiffies_to_clock_t(timer_expires - jiffies), 2091 icsk->icsk_retransmits, 2092 sock_i_uid(sp), 2093 icsk->icsk_probes_out, 2094 sock_i_ino(sp), 2095 atomic_read(&sp->sk_refcnt), sp, 2096 jiffies_to_clock_t(icsk->icsk_rto), 2097 jiffies_to_clock_t(icsk->icsk_ack.ato), 2098 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong, 2099 tp->snd_cwnd, 2100 tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh 2101 ); 2102 } 2103 2104 static void get_timewait6_sock(struct seq_file *seq, 2105 struct inet_timewait_sock *tw, int i) 2106 { 2107 const struct in6_addr *dest, *src; 2108 __u16 destp, srcp; 2109 const struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw); 2110 int ttd = tw->tw_ttd - jiffies; 2111 2112 if (ttd < 0) 2113 ttd = 0; 2114 2115 dest = &tw6->tw_v6_daddr; 2116 src = &tw6->tw_v6_rcv_saddr; 2117 destp = ntohs(tw->tw_dport); 2118 srcp = ntohs(tw->tw_sport); 2119 2120 seq_printf(seq, 2121 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 2122 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n", 2123 i, 2124 src->s6_addr32[0], src->s6_addr32[1], 2125 src->s6_addr32[2], src->s6_addr32[3], srcp, 2126 dest->s6_addr32[0], dest->s6_addr32[1], 2127 dest->s6_addr32[2], dest->s6_addr32[3], destp, 2128 tw->tw_substate, 0, 0, 2129 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0, 2130 atomic_read(&tw->tw_refcnt), tw); 2131 } 2132 2133 static int tcp6_seq_show(struct seq_file *seq, void *v) 2134 { 2135 struct tcp_iter_state *st; 2136 2137 if (v == SEQ_START_TOKEN) { 2138 seq_puts(seq, 2139 " sl " 2140 "local_address " 2141 "remote_address " 2142 "st tx_queue rx_queue tr tm->when retrnsmt" 2143 " uid timeout inode\n"); 2144 goto out; 2145 } 2146 st = seq->private; 2147 2148 switch (st->state) { 2149 case TCP_SEQ_STATE_LISTENING: 2150 case TCP_SEQ_STATE_ESTABLISHED: 2151 get_tcp6_sock(seq, v, st->num); 2152 break; 2153 case TCP_SEQ_STATE_OPENREQ: 2154 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid); 2155 break; 2156 case TCP_SEQ_STATE_TIME_WAIT: 2157 get_timewait6_sock(seq, v, st->num); 2158 break; 2159 } 2160 out: 2161 return 0; 2162 } 2163 2164 static const struct file_operations tcp6_afinfo_seq_fops = { 2165 .owner = THIS_MODULE, 2166 .open = tcp_seq_open, 2167 .read = seq_read, 2168 .llseek = seq_lseek, 2169 .release = seq_release_net 2170 }; 2171 2172 static struct tcp_seq_afinfo tcp6_seq_afinfo = { 2173 .name = "tcp6", 2174 .family = AF_INET6, 2175 .seq_fops = &tcp6_afinfo_seq_fops, 2176 .seq_ops = { 2177 .show = tcp6_seq_show, 2178 }, 2179 }; 2180 2181 int __net_init tcp6_proc_init(struct net *net) 2182 { 2183 return tcp_proc_register(net, &tcp6_seq_afinfo); 2184 } 2185 2186 void tcp6_proc_exit(struct net *net) 2187 { 2188 tcp_proc_unregister(net, &tcp6_seq_afinfo); 2189 } 2190 #endif 2191 2192 struct proto tcpv6_prot = { 2193 .name = "TCPv6", 2194 .owner = THIS_MODULE, 2195 .close = tcp_close, 2196 .connect = tcp_v6_connect, 2197 .disconnect = tcp_disconnect, 2198 .accept = inet_csk_accept, 2199 .ioctl = tcp_ioctl, 2200 .init = tcp_v6_init_sock, 2201 .destroy = tcp_v6_destroy_sock, 2202 .shutdown = tcp_shutdown, 2203 .setsockopt = tcp_setsockopt, 2204 .getsockopt = tcp_getsockopt, 2205 .recvmsg = tcp_recvmsg, 2206 .sendmsg = tcp_sendmsg, 2207 .sendpage = tcp_sendpage, 2208 .backlog_rcv = tcp_v6_do_rcv, 2209 .hash = tcp_v6_hash, 2210 .unhash = inet_unhash, 2211 .get_port = inet_csk_get_port, 2212 .enter_memory_pressure = tcp_enter_memory_pressure, 2213 .sockets_allocated = &tcp_sockets_allocated, 2214 .memory_allocated = &tcp_memory_allocated, 2215 .memory_pressure = &tcp_memory_pressure, 2216 .orphan_count = &tcp_orphan_count, 2217 .sysctl_mem = sysctl_tcp_mem, 2218 .sysctl_wmem = sysctl_tcp_wmem, 2219 .sysctl_rmem = sysctl_tcp_rmem, 2220 .max_header = MAX_TCP_HEADER, 2221 .obj_size = sizeof(struct tcp6_sock), 2222 .slab_flags = SLAB_DESTROY_BY_RCU, 2223 .twsk_prot = &tcp6_timewait_sock_ops, 2224 .rsk_prot = &tcp6_request_sock_ops, 2225 .h.hashinfo = &tcp_hashinfo, 2226 .no_autobind = true, 2227 #ifdef CONFIG_COMPAT 2228 .compat_setsockopt = compat_tcp_setsockopt, 2229 .compat_getsockopt = compat_tcp_getsockopt, 2230 #endif 2231 }; 2232 2233 static const struct inet6_protocol tcpv6_protocol = { 2234 .handler = tcp_v6_rcv, 2235 .err_handler = tcp_v6_err, 2236 .gso_send_check = tcp_v6_gso_send_check, 2237 .gso_segment = tcp_tso_segment, 2238 .gro_receive = tcp6_gro_receive, 2239 .gro_complete = tcp6_gro_complete, 2240 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 2241 }; 2242 2243 static struct inet_protosw tcpv6_protosw = { 2244 .type = SOCK_STREAM, 2245 .protocol = IPPROTO_TCP, 2246 .prot = &tcpv6_prot, 2247 .ops = &inet6_stream_ops, 2248 .no_check = 0, 2249 .flags = INET_PROTOSW_PERMANENT | 2250 INET_PROTOSW_ICSK, 2251 }; 2252 2253 static int __net_init tcpv6_net_init(struct net *net) 2254 { 2255 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6, 2256 SOCK_RAW, IPPROTO_TCP, net); 2257 } 2258 2259 static void __net_exit tcpv6_net_exit(struct net *net) 2260 { 2261 inet_ctl_sock_destroy(net->ipv6.tcp_sk); 2262 } 2263 2264 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list) 2265 { 2266 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET6); 2267 } 2268 2269 static struct pernet_operations tcpv6_net_ops = { 2270 .init = tcpv6_net_init, 2271 .exit = tcpv6_net_exit, 2272 .exit_batch = tcpv6_net_exit_batch, 2273 }; 2274 2275 int __init tcpv6_init(void) 2276 { 2277 int ret; 2278 2279 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP); 2280 if (ret) 2281 goto out; 2282 2283 /* register inet6 protocol */ 2284 ret = inet6_register_protosw(&tcpv6_protosw); 2285 if (ret) 2286 goto out_tcpv6_protocol; 2287 2288 ret = register_pernet_subsys(&tcpv6_net_ops); 2289 if (ret) 2290 goto out_tcpv6_protosw; 2291 out: 2292 return ret; 2293 2294 out_tcpv6_protocol: 2295 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2296 out_tcpv6_protosw: 2297 inet6_unregister_protosw(&tcpv6_protosw); 2298 goto out; 2299 } 2300 2301 void tcpv6_exit(void) 2302 { 2303 unregister_pernet_subsys(&tcpv6_net_ops); 2304 inet6_unregister_protosw(&tcpv6_protosw); 2305 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2306 } 2307