1 /* 2 * TCP over IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on: 9 * linux/net/ipv4/tcp.c 10 * linux/net/ipv4/tcp_input.c 11 * linux/net/ipv4/tcp_output.c 12 * 13 * Fixes: 14 * Hideaki YOSHIFUJI : sin6_scope_id support 15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which 16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind 17 * a single port at the same time. 18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file. 19 * 20 * This program is free software; you can redistribute it and/or 21 * modify it under the terms of the GNU General Public License 22 * as published by the Free Software Foundation; either version 23 * 2 of the License, or (at your option) any later version. 24 */ 25 26 #include <linux/bottom_half.h> 27 #include <linux/module.h> 28 #include <linux/errno.h> 29 #include <linux/types.h> 30 #include <linux/socket.h> 31 #include <linux/sockios.h> 32 #include <linux/net.h> 33 #include <linux/jiffies.h> 34 #include <linux/in.h> 35 #include <linux/in6.h> 36 #include <linux/netdevice.h> 37 #include <linux/init.h> 38 #include <linux/jhash.h> 39 #include <linux/ipsec.h> 40 #include <linux/times.h> 41 #include <linux/slab.h> 42 43 #include <linux/ipv6.h> 44 #include <linux/icmpv6.h> 45 #include <linux/random.h> 46 47 #include <net/tcp.h> 48 #include <net/ndisc.h> 49 #include <net/inet6_hashtables.h> 50 #include <net/inet6_connection_sock.h> 51 #include <net/ipv6.h> 52 #include <net/transp_v6.h> 53 #include <net/addrconf.h> 54 #include <net/ip6_route.h> 55 #include <net/ip6_checksum.h> 56 #include <net/inet_ecn.h> 57 #include <net/protocol.h> 58 #include <net/xfrm.h> 59 #include <net/snmp.h> 60 #include <net/dsfield.h> 61 #include <net/timewait_sock.h> 62 #include <net/netdma.h> 63 #include <net/inet_common.h> 64 65 #include <asm/uaccess.h> 66 67 #include <linux/proc_fs.h> 68 #include <linux/seq_file.h> 69 70 #include <linux/crypto.h> 71 #include <linux/scatterlist.h> 72 73 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb); 74 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb, 75 struct request_sock *req); 76 77 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb); 78 static void __tcp_v6_send_check(struct sk_buff *skb, 79 struct in6_addr *saddr, 80 struct in6_addr *daddr); 81 82 static const struct inet_connection_sock_af_ops ipv6_mapped; 83 static const struct inet_connection_sock_af_ops ipv6_specific; 84 #ifdef CONFIG_TCP_MD5SIG 85 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific; 86 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific; 87 #else 88 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, 89 struct in6_addr *addr) 90 { 91 return NULL; 92 } 93 #endif 94 95 static void tcp_v6_hash(struct sock *sk) 96 { 97 if (sk->sk_state != TCP_CLOSE) { 98 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) { 99 tcp_prot.hash(sk); 100 return; 101 } 102 local_bh_disable(); 103 __inet6_hash(sk, NULL); 104 local_bh_enable(); 105 } 106 } 107 108 static __inline__ __sum16 tcp_v6_check(int len, 109 struct in6_addr *saddr, 110 struct in6_addr *daddr, 111 __wsum base) 112 { 113 return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base); 114 } 115 116 static __u32 tcp_v6_init_sequence(struct sk_buff *skb) 117 { 118 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32, 119 ipv6_hdr(skb)->saddr.s6_addr32, 120 tcp_hdr(skb)->dest, 121 tcp_hdr(skb)->source); 122 } 123 124 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 125 int addr_len) 126 { 127 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; 128 struct inet_sock *inet = inet_sk(sk); 129 struct inet_connection_sock *icsk = inet_csk(sk); 130 struct ipv6_pinfo *np = inet6_sk(sk); 131 struct tcp_sock *tp = tcp_sk(sk); 132 struct in6_addr *saddr = NULL, *final_p, final; 133 struct rt6_info *rt; 134 struct flowi6 fl6; 135 struct dst_entry *dst; 136 int addr_type; 137 int err; 138 139 if (addr_len < SIN6_LEN_RFC2133) 140 return -EINVAL; 141 142 if (usin->sin6_family != AF_INET6) 143 return -EAFNOSUPPORT; 144 145 memset(&fl6, 0, sizeof(fl6)); 146 147 if (np->sndflow) { 148 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK; 149 IP6_ECN_flow_init(fl6.flowlabel); 150 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) { 151 struct ip6_flowlabel *flowlabel; 152 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); 153 if (flowlabel == NULL) 154 return -EINVAL; 155 ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst); 156 fl6_sock_release(flowlabel); 157 } 158 } 159 160 /* 161 * connect() to INADDR_ANY means loopback (BSD'ism). 162 */ 163 164 if(ipv6_addr_any(&usin->sin6_addr)) 165 usin->sin6_addr.s6_addr[15] = 0x1; 166 167 addr_type = ipv6_addr_type(&usin->sin6_addr); 168 169 if(addr_type & IPV6_ADDR_MULTICAST) 170 return -ENETUNREACH; 171 172 if (addr_type&IPV6_ADDR_LINKLOCAL) { 173 if (addr_len >= sizeof(struct sockaddr_in6) && 174 usin->sin6_scope_id) { 175 /* If interface is set while binding, indices 176 * must coincide. 177 */ 178 if (sk->sk_bound_dev_if && 179 sk->sk_bound_dev_if != usin->sin6_scope_id) 180 return -EINVAL; 181 182 sk->sk_bound_dev_if = usin->sin6_scope_id; 183 } 184 185 /* Connect to link-local address requires an interface */ 186 if (!sk->sk_bound_dev_if) 187 return -EINVAL; 188 } 189 190 if (tp->rx_opt.ts_recent_stamp && 191 !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) { 192 tp->rx_opt.ts_recent = 0; 193 tp->rx_opt.ts_recent_stamp = 0; 194 tp->write_seq = 0; 195 } 196 197 ipv6_addr_copy(&np->daddr, &usin->sin6_addr); 198 np->flow_label = fl6.flowlabel; 199 200 /* 201 * TCP over IPv4 202 */ 203 204 if (addr_type == IPV6_ADDR_MAPPED) { 205 u32 exthdrlen = icsk->icsk_ext_hdr_len; 206 struct sockaddr_in sin; 207 208 SOCK_DEBUG(sk, "connect: ipv4 mapped\n"); 209 210 if (__ipv6_only_sock(sk)) 211 return -ENETUNREACH; 212 213 sin.sin_family = AF_INET; 214 sin.sin_port = usin->sin6_port; 215 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3]; 216 217 icsk->icsk_af_ops = &ipv6_mapped; 218 sk->sk_backlog_rcv = tcp_v4_do_rcv; 219 #ifdef CONFIG_TCP_MD5SIG 220 tp->af_specific = &tcp_sock_ipv6_mapped_specific; 221 #endif 222 223 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin)); 224 225 if (err) { 226 icsk->icsk_ext_hdr_len = exthdrlen; 227 icsk->icsk_af_ops = &ipv6_specific; 228 sk->sk_backlog_rcv = tcp_v6_do_rcv; 229 #ifdef CONFIG_TCP_MD5SIG 230 tp->af_specific = &tcp_sock_ipv6_specific; 231 #endif 232 goto failure; 233 } else { 234 ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr); 235 ipv6_addr_set_v4mapped(inet->inet_rcv_saddr, 236 &np->rcv_saddr); 237 } 238 239 return err; 240 } 241 242 if (!ipv6_addr_any(&np->rcv_saddr)) 243 saddr = &np->rcv_saddr; 244 245 fl6.flowi6_proto = IPPROTO_TCP; 246 ipv6_addr_copy(&fl6.daddr, &np->daddr); 247 ipv6_addr_copy(&fl6.saddr, 248 (saddr ? saddr : &np->saddr)); 249 fl6.flowi6_oif = sk->sk_bound_dev_if; 250 fl6.flowi6_mark = sk->sk_mark; 251 fl6.fl6_dport = usin->sin6_port; 252 fl6.fl6_sport = inet->inet_sport; 253 254 final_p = fl6_update_dst(&fl6, np->opt, &final); 255 256 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); 257 258 dst = ip6_dst_lookup_flow(sk, &fl6, final_p, true); 259 if (IS_ERR(dst)) { 260 err = PTR_ERR(dst); 261 goto failure; 262 } 263 264 if (saddr == NULL) { 265 saddr = &fl6.saddr; 266 ipv6_addr_copy(&np->rcv_saddr, saddr); 267 } 268 269 /* set the source address */ 270 ipv6_addr_copy(&np->saddr, saddr); 271 inet->inet_rcv_saddr = LOOPBACK4_IPV6; 272 273 sk->sk_gso_type = SKB_GSO_TCPV6; 274 __ip6_dst_store(sk, dst, NULL, NULL); 275 276 rt = (struct rt6_info *) dst; 277 if (tcp_death_row.sysctl_tw_recycle && 278 !tp->rx_opt.ts_recent_stamp && 279 ipv6_addr_equal(&rt->rt6i_dst.addr, &np->daddr)) { 280 struct inet_peer *peer = rt6_get_peer(rt); 281 /* 282 * VJ's idea. We save last timestamp seen from 283 * the destination in peer table, when entering state 284 * TIME-WAIT * and initialize rx_opt.ts_recent from it, 285 * when trying new connection. 286 */ 287 if (peer) { 288 inet_peer_refcheck(peer); 289 if ((u32)get_seconds() - peer->tcp_ts_stamp <= TCP_PAWS_MSL) { 290 tp->rx_opt.ts_recent_stamp = peer->tcp_ts_stamp; 291 tp->rx_opt.ts_recent = peer->tcp_ts; 292 } 293 } 294 } 295 296 icsk->icsk_ext_hdr_len = 0; 297 if (np->opt) 298 icsk->icsk_ext_hdr_len = (np->opt->opt_flen + 299 np->opt->opt_nflen); 300 301 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 302 303 inet->inet_dport = usin->sin6_port; 304 305 tcp_set_state(sk, TCP_SYN_SENT); 306 err = inet6_hash_connect(&tcp_death_row, sk); 307 if (err) 308 goto late_failure; 309 310 if (!tp->write_seq) 311 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32, 312 np->daddr.s6_addr32, 313 inet->inet_sport, 314 inet->inet_dport); 315 316 err = tcp_connect(sk); 317 if (err) 318 goto late_failure; 319 320 return 0; 321 322 late_failure: 323 tcp_set_state(sk, TCP_CLOSE); 324 __sk_dst_reset(sk); 325 failure: 326 inet->inet_dport = 0; 327 sk->sk_route_caps = 0; 328 return err; 329 } 330 331 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 332 u8 type, u8 code, int offset, __be32 info) 333 { 334 struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data; 335 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset); 336 struct ipv6_pinfo *np; 337 struct sock *sk; 338 int err; 339 struct tcp_sock *tp; 340 __u32 seq; 341 struct net *net = dev_net(skb->dev); 342 343 sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr, 344 th->dest, &hdr->saddr, th->source, skb->dev->ifindex); 345 346 if (sk == NULL) { 347 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev), 348 ICMP6_MIB_INERRORS); 349 return; 350 } 351 352 if (sk->sk_state == TCP_TIME_WAIT) { 353 inet_twsk_put(inet_twsk(sk)); 354 return; 355 } 356 357 bh_lock_sock(sk); 358 if (sock_owned_by_user(sk)) 359 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS); 360 361 if (sk->sk_state == TCP_CLOSE) 362 goto out; 363 364 if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) { 365 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); 366 goto out; 367 } 368 369 tp = tcp_sk(sk); 370 seq = ntohl(th->seq); 371 if (sk->sk_state != TCP_LISTEN && 372 !between(seq, tp->snd_una, tp->snd_nxt)) { 373 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 374 goto out; 375 } 376 377 np = inet6_sk(sk); 378 379 if (type == ICMPV6_PKT_TOOBIG) { 380 struct dst_entry *dst; 381 382 if (sock_owned_by_user(sk)) 383 goto out; 384 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) 385 goto out; 386 387 /* icmp should have updated the destination cache entry */ 388 dst = __sk_dst_check(sk, np->dst_cookie); 389 390 if (dst == NULL) { 391 struct inet_sock *inet = inet_sk(sk); 392 struct flowi6 fl6; 393 394 /* BUGGG_FUTURE: Again, it is not clear how 395 to handle rthdr case. Ignore this complexity 396 for now. 397 */ 398 memset(&fl6, 0, sizeof(fl6)); 399 fl6.flowi6_proto = IPPROTO_TCP; 400 ipv6_addr_copy(&fl6.daddr, &np->daddr); 401 ipv6_addr_copy(&fl6.saddr, &np->saddr); 402 fl6.flowi6_oif = sk->sk_bound_dev_if; 403 fl6.flowi6_mark = sk->sk_mark; 404 fl6.fl6_dport = inet->inet_dport; 405 fl6.fl6_sport = inet->inet_sport; 406 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); 407 408 dst = ip6_dst_lookup_flow(sk, &fl6, NULL, false); 409 if (IS_ERR(dst)) { 410 sk->sk_err_soft = -PTR_ERR(dst); 411 goto out; 412 } 413 414 } else 415 dst_hold(dst); 416 417 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) { 418 tcp_sync_mss(sk, dst_mtu(dst)); 419 tcp_simple_retransmit(sk); 420 } /* else let the usual retransmit timer handle it */ 421 dst_release(dst); 422 goto out; 423 } 424 425 icmpv6_err_convert(type, code, &err); 426 427 /* Might be for an request_sock */ 428 switch (sk->sk_state) { 429 struct request_sock *req, **prev; 430 case TCP_LISTEN: 431 if (sock_owned_by_user(sk)) 432 goto out; 433 434 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr, 435 &hdr->saddr, inet6_iif(skb)); 436 if (!req) 437 goto out; 438 439 /* ICMPs are not backlogged, hence we cannot get 440 * an established socket here. 441 */ 442 WARN_ON(req->sk != NULL); 443 444 if (seq != tcp_rsk(req)->snt_isn) { 445 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 446 goto out; 447 } 448 449 inet_csk_reqsk_queue_drop(sk, req, prev); 450 goto out; 451 452 case TCP_SYN_SENT: 453 case TCP_SYN_RECV: /* Cannot happen. 454 It can, it SYNs are crossed. --ANK */ 455 if (!sock_owned_by_user(sk)) { 456 sk->sk_err = err; 457 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */ 458 459 tcp_done(sk); 460 } else 461 sk->sk_err_soft = err; 462 goto out; 463 } 464 465 if (!sock_owned_by_user(sk) && np->recverr) { 466 sk->sk_err = err; 467 sk->sk_error_report(sk); 468 } else 469 sk->sk_err_soft = err; 470 471 out: 472 bh_unlock_sock(sk); 473 sock_put(sk); 474 } 475 476 477 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req, 478 struct request_values *rvp) 479 { 480 struct inet6_request_sock *treq = inet6_rsk(req); 481 struct ipv6_pinfo *np = inet6_sk(sk); 482 struct sk_buff * skb; 483 struct ipv6_txoptions *opt = NULL; 484 struct in6_addr * final_p, final; 485 struct flowi6 fl6; 486 struct dst_entry *dst; 487 int err; 488 489 memset(&fl6, 0, sizeof(fl6)); 490 fl6.flowi6_proto = IPPROTO_TCP; 491 ipv6_addr_copy(&fl6.daddr, &treq->rmt_addr); 492 ipv6_addr_copy(&fl6.saddr, &treq->loc_addr); 493 fl6.flowlabel = 0; 494 fl6.flowi6_oif = treq->iif; 495 fl6.flowi6_mark = sk->sk_mark; 496 fl6.fl6_dport = inet_rsk(req)->rmt_port; 497 fl6.fl6_sport = inet_rsk(req)->loc_port; 498 security_req_classify_flow(req, flowi6_to_flowi(&fl6)); 499 500 opt = np->opt; 501 final_p = fl6_update_dst(&fl6, opt, &final); 502 503 dst = ip6_dst_lookup_flow(sk, &fl6, final_p, false); 504 if (IS_ERR(dst)) { 505 err = PTR_ERR(dst); 506 goto done; 507 } 508 skb = tcp_make_synack(sk, dst, req, rvp); 509 err = -ENOMEM; 510 if (skb) { 511 __tcp_v6_send_check(skb, &treq->loc_addr, &treq->rmt_addr); 512 513 ipv6_addr_copy(&fl6.daddr, &treq->rmt_addr); 514 err = ip6_xmit(sk, skb, &fl6, opt); 515 err = net_xmit_eval(err); 516 } 517 518 done: 519 if (opt && opt != np->opt) 520 sock_kfree_s(sk, opt, opt->tot_len); 521 dst_release(dst); 522 return err; 523 } 524 525 static int tcp_v6_rtx_synack(struct sock *sk, struct request_sock *req, 526 struct request_values *rvp) 527 { 528 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_RETRANSSEGS); 529 return tcp_v6_send_synack(sk, req, rvp); 530 } 531 532 static inline void syn_flood_warning(struct sk_buff *skb) 533 { 534 #ifdef CONFIG_SYN_COOKIES 535 if (sysctl_tcp_syncookies) 536 printk(KERN_INFO 537 "TCPv6: Possible SYN flooding on port %d. " 538 "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest)); 539 else 540 #endif 541 printk(KERN_INFO 542 "TCPv6: Possible SYN flooding on port %d. " 543 "Dropping request.\n", ntohs(tcp_hdr(skb)->dest)); 544 } 545 546 static void tcp_v6_reqsk_destructor(struct request_sock *req) 547 { 548 kfree_skb(inet6_rsk(req)->pktopts); 549 } 550 551 #ifdef CONFIG_TCP_MD5SIG 552 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, 553 struct in6_addr *addr) 554 { 555 struct tcp_sock *tp = tcp_sk(sk); 556 int i; 557 558 BUG_ON(tp == NULL); 559 560 if (!tp->md5sig_info || !tp->md5sig_info->entries6) 561 return NULL; 562 563 for (i = 0; i < tp->md5sig_info->entries6; i++) { 564 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr)) 565 return &tp->md5sig_info->keys6[i].base; 566 } 567 return NULL; 568 } 569 570 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk, 571 struct sock *addr_sk) 572 { 573 return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr); 574 } 575 576 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk, 577 struct request_sock *req) 578 { 579 return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr); 580 } 581 582 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer, 583 char *newkey, u8 newkeylen) 584 { 585 /* Add key to the list */ 586 struct tcp_md5sig_key *key; 587 struct tcp_sock *tp = tcp_sk(sk); 588 struct tcp6_md5sig_key *keys; 589 590 key = tcp_v6_md5_do_lookup(sk, peer); 591 if (key) { 592 /* modify existing entry - just update that one */ 593 kfree(key->key); 594 key->key = newkey; 595 key->keylen = newkeylen; 596 } else { 597 /* reallocate new list if current one is full. */ 598 if (!tp->md5sig_info) { 599 tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC); 600 if (!tp->md5sig_info) { 601 kfree(newkey); 602 return -ENOMEM; 603 } 604 sk_nocaps_add(sk, NETIF_F_GSO_MASK); 605 } 606 if (tcp_alloc_md5sig_pool(sk) == NULL) { 607 kfree(newkey); 608 return -ENOMEM; 609 } 610 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) { 611 keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) * 612 (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC); 613 614 if (!keys) { 615 tcp_free_md5sig_pool(); 616 kfree(newkey); 617 return -ENOMEM; 618 } 619 620 if (tp->md5sig_info->entries6) 621 memmove(keys, tp->md5sig_info->keys6, 622 (sizeof (tp->md5sig_info->keys6[0]) * 623 tp->md5sig_info->entries6)); 624 625 kfree(tp->md5sig_info->keys6); 626 tp->md5sig_info->keys6 = keys; 627 tp->md5sig_info->alloced6++; 628 } 629 630 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr, 631 peer); 632 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey; 633 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen; 634 635 tp->md5sig_info->entries6++; 636 } 637 return 0; 638 } 639 640 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk, 641 u8 *newkey, __u8 newkeylen) 642 { 643 return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr, 644 newkey, newkeylen); 645 } 646 647 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer) 648 { 649 struct tcp_sock *tp = tcp_sk(sk); 650 int i; 651 652 for (i = 0; i < tp->md5sig_info->entries6; i++) { 653 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) { 654 /* Free the key */ 655 kfree(tp->md5sig_info->keys6[i].base.key); 656 tp->md5sig_info->entries6--; 657 658 if (tp->md5sig_info->entries6 == 0) { 659 kfree(tp->md5sig_info->keys6); 660 tp->md5sig_info->keys6 = NULL; 661 tp->md5sig_info->alloced6 = 0; 662 } else { 663 /* shrink the database */ 664 if (tp->md5sig_info->entries6 != i) 665 memmove(&tp->md5sig_info->keys6[i], 666 &tp->md5sig_info->keys6[i+1], 667 (tp->md5sig_info->entries6 - i) 668 * sizeof (tp->md5sig_info->keys6[0])); 669 } 670 tcp_free_md5sig_pool(); 671 return 0; 672 } 673 } 674 return -ENOENT; 675 } 676 677 static void tcp_v6_clear_md5_list (struct sock *sk) 678 { 679 struct tcp_sock *tp = tcp_sk(sk); 680 int i; 681 682 if (tp->md5sig_info->entries6) { 683 for (i = 0; i < tp->md5sig_info->entries6; i++) 684 kfree(tp->md5sig_info->keys6[i].base.key); 685 tp->md5sig_info->entries6 = 0; 686 tcp_free_md5sig_pool(); 687 } 688 689 kfree(tp->md5sig_info->keys6); 690 tp->md5sig_info->keys6 = NULL; 691 tp->md5sig_info->alloced6 = 0; 692 693 if (tp->md5sig_info->entries4) { 694 for (i = 0; i < tp->md5sig_info->entries4; i++) 695 kfree(tp->md5sig_info->keys4[i].base.key); 696 tp->md5sig_info->entries4 = 0; 697 tcp_free_md5sig_pool(); 698 } 699 700 kfree(tp->md5sig_info->keys4); 701 tp->md5sig_info->keys4 = NULL; 702 tp->md5sig_info->alloced4 = 0; 703 } 704 705 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval, 706 int optlen) 707 { 708 struct tcp_md5sig cmd; 709 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr; 710 u8 *newkey; 711 712 if (optlen < sizeof(cmd)) 713 return -EINVAL; 714 715 if (copy_from_user(&cmd, optval, sizeof(cmd))) 716 return -EFAULT; 717 718 if (sin6->sin6_family != AF_INET6) 719 return -EINVAL; 720 721 if (!cmd.tcpm_keylen) { 722 if (!tcp_sk(sk)->md5sig_info) 723 return -ENOENT; 724 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) 725 return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]); 726 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr); 727 } 728 729 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN) 730 return -EINVAL; 731 732 if (!tcp_sk(sk)->md5sig_info) { 733 struct tcp_sock *tp = tcp_sk(sk); 734 struct tcp_md5sig_info *p; 735 736 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL); 737 if (!p) 738 return -ENOMEM; 739 740 tp->md5sig_info = p; 741 sk_nocaps_add(sk, NETIF_F_GSO_MASK); 742 } 743 744 newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL); 745 if (!newkey) 746 return -ENOMEM; 747 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) { 748 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3], 749 newkey, cmd.tcpm_keylen); 750 } 751 return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen); 752 } 753 754 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp, 755 struct in6_addr *daddr, 756 struct in6_addr *saddr, int nbytes) 757 { 758 struct tcp6_pseudohdr *bp; 759 struct scatterlist sg; 760 761 bp = &hp->md5_blk.ip6; 762 /* 1. TCP pseudo-header (RFC2460) */ 763 ipv6_addr_copy(&bp->saddr, saddr); 764 ipv6_addr_copy(&bp->daddr, daddr); 765 bp->protocol = cpu_to_be32(IPPROTO_TCP); 766 bp->len = cpu_to_be32(nbytes); 767 768 sg_init_one(&sg, bp, sizeof(*bp)); 769 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp)); 770 } 771 772 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key, 773 struct in6_addr *daddr, struct in6_addr *saddr, 774 struct tcphdr *th) 775 { 776 struct tcp_md5sig_pool *hp; 777 struct hash_desc *desc; 778 779 hp = tcp_get_md5sig_pool(); 780 if (!hp) 781 goto clear_hash_noput; 782 desc = &hp->md5_desc; 783 784 if (crypto_hash_init(desc)) 785 goto clear_hash; 786 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2)) 787 goto clear_hash; 788 if (tcp_md5_hash_header(hp, th)) 789 goto clear_hash; 790 if (tcp_md5_hash_key(hp, key)) 791 goto clear_hash; 792 if (crypto_hash_final(desc, md5_hash)) 793 goto clear_hash; 794 795 tcp_put_md5sig_pool(); 796 return 0; 797 798 clear_hash: 799 tcp_put_md5sig_pool(); 800 clear_hash_noput: 801 memset(md5_hash, 0, 16); 802 return 1; 803 } 804 805 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key, 806 struct sock *sk, struct request_sock *req, 807 struct sk_buff *skb) 808 { 809 struct in6_addr *saddr, *daddr; 810 struct tcp_md5sig_pool *hp; 811 struct hash_desc *desc; 812 struct tcphdr *th = tcp_hdr(skb); 813 814 if (sk) { 815 saddr = &inet6_sk(sk)->saddr; 816 daddr = &inet6_sk(sk)->daddr; 817 } else if (req) { 818 saddr = &inet6_rsk(req)->loc_addr; 819 daddr = &inet6_rsk(req)->rmt_addr; 820 } else { 821 struct ipv6hdr *ip6h = ipv6_hdr(skb); 822 saddr = &ip6h->saddr; 823 daddr = &ip6h->daddr; 824 } 825 826 hp = tcp_get_md5sig_pool(); 827 if (!hp) 828 goto clear_hash_noput; 829 desc = &hp->md5_desc; 830 831 if (crypto_hash_init(desc)) 832 goto clear_hash; 833 834 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len)) 835 goto clear_hash; 836 if (tcp_md5_hash_header(hp, th)) 837 goto clear_hash; 838 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2)) 839 goto clear_hash; 840 if (tcp_md5_hash_key(hp, key)) 841 goto clear_hash; 842 if (crypto_hash_final(desc, md5_hash)) 843 goto clear_hash; 844 845 tcp_put_md5sig_pool(); 846 return 0; 847 848 clear_hash: 849 tcp_put_md5sig_pool(); 850 clear_hash_noput: 851 memset(md5_hash, 0, 16); 852 return 1; 853 } 854 855 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb) 856 { 857 __u8 *hash_location = NULL; 858 struct tcp_md5sig_key *hash_expected; 859 struct ipv6hdr *ip6h = ipv6_hdr(skb); 860 struct tcphdr *th = tcp_hdr(skb); 861 int genhash; 862 u8 newhash[16]; 863 864 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr); 865 hash_location = tcp_parse_md5sig_option(th); 866 867 /* We've parsed the options - do we have a hash? */ 868 if (!hash_expected && !hash_location) 869 return 0; 870 871 if (hash_expected && !hash_location) { 872 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND); 873 return 1; 874 } 875 876 if (!hash_expected && hash_location) { 877 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED); 878 return 1; 879 } 880 881 /* check the signature */ 882 genhash = tcp_v6_md5_hash_skb(newhash, 883 hash_expected, 884 NULL, NULL, skb); 885 886 if (genhash || memcmp(hash_location, newhash, 16) != 0) { 887 if (net_ratelimit()) { 888 printk(KERN_INFO "MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n", 889 genhash ? "failed" : "mismatch", 890 &ip6h->saddr, ntohs(th->source), 891 &ip6h->daddr, ntohs(th->dest)); 892 } 893 return 1; 894 } 895 return 0; 896 } 897 #endif 898 899 struct request_sock_ops tcp6_request_sock_ops __read_mostly = { 900 .family = AF_INET6, 901 .obj_size = sizeof(struct tcp6_request_sock), 902 .rtx_syn_ack = tcp_v6_rtx_synack, 903 .send_ack = tcp_v6_reqsk_send_ack, 904 .destructor = tcp_v6_reqsk_destructor, 905 .send_reset = tcp_v6_send_reset, 906 .syn_ack_timeout = tcp_syn_ack_timeout, 907 }; 908 909 #ifdef CONFIG_TCP_MD5SIG 910 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = { 911 .md5_lookup = tcp_v6_reqsk_md5_lookup, 912 .calc_md5_hash = tcp_v6_md5_hash_skb, 913 }; 914 #endif 915 916 static void __tcp_v6_send_check(struct sk_buff *skb, 917 struct in6_addr *saddr, struct in6_addr *daddr) 918 { 919 struct tcphdr *th = tcp_hdr(skb); 920 921 if (skb->ip_summed == CHECKSUM_PARTIAL) { 922 th->check = ~tcp_v6_check(skb->len, saddr, daddr, 0); 923 skb->csum_start = skb_transport_header(skb) - skb->head; 924 skb->csum_offset = offsetof(struct tcphdr, check); 925 } else { 926 th->check = tcp_v6_check(skb->len, saddr, daddr, 927 csum_partial(th, th->doff << 2, 928 skb->csum)); 929 } 930 } 931 932 static void tcp_v6_send_check(struct sock *sk, struct sk_buff *skb) 933 { 934 struct ipv6_pinfo *np = inet6_sk(sk); 935 936 __tcp_v6_send_check(skb, &np->saddr, &np->daddr); 937 } 938 939 static int tcp_v6_gso_send_check(struct sk_buff *skb) 940 { 941 struct ipv6hdr *ipv6h; 942 struct tcphdr *th; 943 944 if (!pskb_may_pull(skb, sizeof(*th))) 945 return -EINVAL; 946 947 ipv6h = ipv6_hdr(skb); 948 th = tcp_hdr(skb); 949 950 th->check = 0; 951 skb->ip_summed = CHECKSUM_PARTIAL; 952 __tcp_v6_send_check(skb, &ipv6h->saddr, &ipv6h->daddr); 953 return 0; 954 } 955 956 static struct sk_buff **tcp6_gro_receive(struct sk_buff **head, 957 struct sk_buff *skb) 958 { 959 struct ipv6hdr *iph = skb_gro_network_header(skb); 960 961 switch (skb->ip_summed) { 962 case CHECKSUM_COMPLETE: 963 if (!tcp_v6_check(skb_gro_len(skb), &iph->saddr, &iph->daddr, 964 skb->csum)) { 965 skb->ip_summed = CHECKSUM_UNNECESSARY; 966 break; 967 } 968 969 /* fall through */ 970 case CHECKSUM_NONE: 971 NAPI_GRO_CB(skb)->flush = 1; 972 return NULL; 973 } 974 975 return tcp_gro_receive(head, skb); 976 } 977 978 static int tcp6_gro_complete(struct sk_buff *skb) 979 { 980 struct ipv6hdr *iph = ipv6_hdr(skb); 981 struct tcphdr *th = tcp_hdr(skb); 982 983 th->check = ~tcp_v6_check(skb->len - skb_transport_offset(skb), 984 &iph->saddr, &iph->daddr, 0); 985 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6; 986 987 return tcp_gro_complete(skb); 988 } 989 990 static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win, 991 u32 ts, struct tcp_md5sig_key *key, int rst) 992 { 993 struct tcphdr *th = tcp_hdr(skb), *t1; 994 struct sk_buff *buff; 995 struct flowi6 fl6; 996 struct net *net = dev_net(skb_dst(skb)->dev); 997 struct sock *ctl_sk = net->ipv6.tcp_sk; 998 unsigned int tot_len = sizeof(struct tcphdr); 999 struct dst_entry *dst; 1000 __be32 *topt; 1001 1002 if (ts) 1003 tot_len += TCPOLEN_TSTAMP_ALIGNED; 1004 #ifdef CONFIG_TCP_MD5SIG 1005 if (key) 1006 tot_len += TCPOLEN_MD5SIG_ALIGNED; 1007 #endif 1008 1009 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len, 1010 GFP_ATOMIC); 1011 if (buff == NULL) 1012 return; 1013 1014 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len); 1015 1016 t1 = (struct tcphdr *) skb_push(buff, tot_len); 1017 skb_reset_transport_header(buff); 1018 1019 /* Swap the send and the receive. */ 1020 memset(t1, 0, sizeof(*t1)); 1021 t1->dest = th->source; 1022 t1->source = th->dest; 1023 t1->doff = tot_len / 4; 1024 t1->seq = htonl(seq); 1025 t1->ack_seq = htonl(ack); 1026 t1->ack = !rst || !th->ack; 1027 t1->rst = rst; 1028 t1->window = htons(win); 1029 1030 topt = (__be32 *)(t1 + 1); 1031 1032 if (ts) { 1033 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 1034 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP); 1035 *topt++ = htonl(tcp_time_stamp); 1036 *topt++ = htonl(ts); 1037 } 1038 1039 #ifdef CONFIG_TCP_MD5SIG 1040 if (key) { 1041 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 1042 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); 1043 tcp_v6_md5_hash_hdr((__u8 *)topt, key, 1044 &ipv6_hdr(skb)->saddr, 1045 &ipv6_hdr(skb)->daddr, t1); 1046 } 1047 #endif 1048 1049 memset(&fl6, 0, sizeof(fl6)); 1050 ipv6_addr_copy(&fl6.daddr, &ipv6_hdr(skb)->saddr); 1051 ipv6_addr_copy(&fl6.saddr, &ipv6_hdr(skb)->daddr); 1052 1053 buff->ip_summed = CHECKSUM_PARTIAL; 1054 buff->csum = 0; 1055 1056 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr); 1057 1058 fl6.flowi6_proto = IPPROTO_TCP; 1059 fl6.flowi6_oif = inet6_iif(skb); 1060 fl6.fl6_dport = t1->dest; 1061 fl6.fl6_sport = t1->source; 1062 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); 1063 1064 /* Pass a socket to ip6_dst_lookup either it is for RST 1065 * Underlying function will use this to retrieve the network 1066 * namespace 1067 */ 1068 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL, false); 1069 if (!IS_ERR(dst)) { 1070 skb_dst_set(buff, dst); 1071 ip6_xmit(ctl_sk, buff, &fl6, NULL); 1072 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS); 1073 if (rst) 1074 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS); 1075 return; 1076 } 1077 1078 kfree_skb(buff); 1079 } 1080 1081 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb) 1082 { 1083 struct tcphdr *th = tcp_hdr(skb); 1084 u32 seq = 0, ack_seq = 0; 1085 struct tcp_md5sig_key *key = NULL; 1086 1087 if (th->rst) 1088 return; 1089 1090 if (!ipv6_unicast_destination(skb)) 1091 return; 1092 1093 #ifdef CONFIG_TCP_MD5SIG 1094 if (sk) 1095 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr); 1096 #endif 1097 1098 if (th->ack) 1099 seq = ntohl(th->ack_seq); 1100 else 1101 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len - 1102 (th->doff << 2); 1103 1104 tcp_v6_send_response(skb, seq, ack_seq, 0, 0, key, 1); 1105 } 1106 1107 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts, 1108 struct tcp_md5sig_key *key) 1109 { 1110 tcp_v6_send_response(skb, seq, ack, win, ts, key, 0); 1111 } 1112 1113 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb) 1114 { 1115 struct inet_timewait_sock *tw = inet_twsk(sk); 1116 struct tcp_timewait_sock *tcptw = tcp_twsk(sk); 1117 1118 tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt, 1119 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale, 1120 tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw)); 1121 1122 inet_twsk_put(tw); 1123 } 1124 1125 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb, 1126 struct request_sock *req) 1127 { 1128 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent, 1129 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr)); 1130 } 1131 1132 1133 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb) 1134 { 1135 struct request_sock *req, **prev; 1136 const struct tcphdr *th = tcp_hdr(skb); 1137 struct sock *nsk; 1138 1139 /* Find possible connection requests. */ 1140 req = inet6_csk_search_req(sk, &prev, th->source, 1141 &ipv6_hdr(skb)->saddr, 1142 &ipv6_hdr(skb)->daddr, inet6_iif(skb)); 1143 if (req) 1144 return tcp_check_req(sk, skb, req, prev); 1145 1146 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo, 1147 &ipv6_hdr(skb)->saddr, th->source, 1148 &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb)); 1149 1150 if (nsk) { 1151 if (nsk->sk_state != TCP_TIME_WAIT) { 1152 bh_lock_sock(nsk); 1153 return nsk; 1154 } 1155 inet_twsk_put(inet_twsk(nsk)); 1156 return NULL; 1157 } 1158 1159 #ifdef CONFIG_SYN_COOKIES 1160 if (!th->syn) 1161 sk = cookie_v6_check(sk, skb); 1162 #endif 1163 return sk; 1164 } 1165 1166 /* FIXME: this is substantially similar to the ipv4 code. 1167 * Can some kind of merge be done? -- erics 1168 */ 1169 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb) 1170 { 1171 struct tcp_extend_values tmp_ext; 1172 struct tcp_options_received tmp_opt; 1173 u8 *hash_location; 1174 struct request_sock *req; 1175 struct inet6_request_sock *treq; 1176 struct ipv6_pinfo *np = inet6_sk(sk); 1177 struct tcp_sock *tp = tcp_sk(sk); 1178 __u32 isn = TCP_SKB_CB(skb)->when; 1179 struct dst_entry *dst = NULL; 1180 #ifdef CONFIG_SYN_COOKIES 1181 int want_cookie = 0; 1182 #else 1183 #define want_cookie 0 1184 #endif 1185 1186 if (skb->protocol == htons(ETH_P_IP)) 1187 return tcp_v4_conn_request(sk, skb); 1188 1189 if (!ipv6_unicast_destination(skb)) 1190 goto drop; 1191 1192 if (inet_csk_reqsk_queue_is_full(sk) && !isn) { 1193 if (net_ratelimit()) 1194 syn_flood_warning(skb); 1195 #ifdef CONFIG_SYN_COOKIES 1196 if (sysctl_tcp_syncookies) 1197 want_cookie = 1; 1198 else 1199 #endif 1200 goto drop; 1201 } 1202 1203 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) 1204 goto drop; 1205 1206 req = inet6_reqsk_alloc(&tcp6_request_sock_ops); 1207 if (req == NULL) 1208 goto drop; 1209 1210 #ifdef CONFIG_TCP_MD5SIG 1211 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops; 1212 #endif 1213 1214 tcp_clear_options(&tmp_opt); 1215 tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 1216 tmp_opt.user_mss = tp->rx_opt.user_mss; 1217 tcp_parse_options(skb, &tmp_opt, &hash_location, 0); 1218 1219 if (tmp_opt.cookie_plus > 0 && 1220 tmp_opt.saw_tstamp && 1221 !tp->rx_opt.cookie_out_never && 1222 (sysctl_tcp_cookie_size > 0 || 1223 (tp->cookie_values != NULL && 1224 tp->cookie_values->cookie_desired > 0))) { 1225 u8 *c; 1226 u32 *d; 1227 u32 *mess = &tmp_ext.cookie_bakery[COOKIE_DIGEST_WORDS]; 1228 int l = tmp_opt.cookie_plus - TCPOLEN_COOKIE_BASE; 1229 1230 if (tcp_cookie_generator(&tmp_ext.cookie_bakery[0]) != 0) 1231 goto drop_and_free; 1232 1233 /* Secret recipe starts with IP addresses */ 1234 d = (__force u32 *)&ipv6_hdr(skb)->daddr.s6_addr32[0]; 1235 *mess++ ^= *d++; 1236 *mess++ ^= *d++; 1237 *mess++ ^= *d++; 1238 *mess++ ^= *d++; 1239 d = (__force u32 *)&ipv6_hdr(skb)->saddr.s6_addr32[0]; 1240 *mess++ ^= *d++; 1241 *mess++ ^= *d++; 1242 *mess++ ^= *d++; 1243 *mess++ ^= *d++; 1244 1245 /* plus variable length Initiator Cookie */ 1246 c = (u8 *)mess; 1247 while (l-- > 0) 1248 *c++ ^= *hash_location++; 1249 1250 #ifdef CONFIG_SYN_COOKIES 1251 want_cookie = 0; /* not our kind of cookie */ 1252 #endif 1253 tmp_ext.cookie_out_never = 0; /* false */ 1254 tmp_ext.cookie_plus = tmp_opt.cookie_plus; 1255 } else if (!tp->rx_opt.cookie_in_always) { 1256 /* redundant indications, but ensure initialization. */ 1257 tmp_ext.cookie_out_never = 1; /* true */ 1258 tmp_ext.cookie_plus = 0; 1259 } else { 1260 goto drop_and_free; 1261 } 1262 tmp_ext.cookie_in_always = tp->rx_opt.cookie_in_always; 1263 1264 if (want_cookie && !tmp_opt.saw_tstamp) 1265 tcp_clear_options(&tmp_opt); 1266 1267 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp; 1268 tcp_openreq_init(req, &tmp_opt, skb); 1269 1270 treq = inet6_rsk(req); 1271 ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr); 1272 ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr); 1273 if (!want_cookie || tmp_opt.tstamp_ok) 1274 TCP_ECN_create_request(req, tcp_hdr(skb)); 1275 1276 if (!isn) { 1277 struct inet_peer *peer = NULL; 1278 1279 if (ipv6_opt_accepted(sk, skb) || 1280 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || 1281 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) { 1282 atomic_inc(&skb->users); 1283 treq->pktopts = skb; 1284 } 1285 treq->iif = sk->sk_bound_dev_if; 1286 1287 /* So that link locals have meaning */ 1288 if (!sk->sk_bound_dev_if && 1289 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL) 1290 treq->iif = inet6_iif(skb); 1291 1292 if (want_cookie) { 1293 isn = cookie_v6_init_sequence(sk, skb, &req->mss); 1294 req->cookie_ts = tmp_opt.tstamp_ok; 1295 goto have_isn; 1296 } 1297 1298 /* VJ's idea. We save last timestamp seen 1299 * from the destination in peer table, when entering 1300 * state TIME-WAIT, and check against it before 1301 * accepting new connection request. 1302 * 1303 * If "isn" is not zero, this request hit alive 1304 * timewait bucket, so that all the necessary checks 1305 * are made in the function processing timewait state. 1306 */ 1307 if (tmp_opt.saw_tstamp && 1308 tcp_death_row.sysctl_tw_recycle && 1309 (dst = inet6_csk_route_req(sk, req)) != NULL && 1310 (peer = rt6_get_peer((struct rt6_info *)dst)) != NULL && 1311 ipv6_addr_equal((struct in6_addr *)peer->daddr.addr.a6, 1312 &treq->rmt_addr)) { 1313 inet_peer_refcheck(peer); 1314 if ((u32)get_seconds() - peer->tcp_ts_stamp < TCP_PAWS_MSL && 1315 (s32)(peer->tcp_ts - req->ts_recent) > 1316 TCP_PAWS_WINDOW) { 1317 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSPASSIVEREJECTED); 1318 goto drop_and_release; 1319 } 1320 } 1321 /* Kill the following clause, if you dislike this way. */ 1322 else if (!sysctl_tcp_syncookies && 1323 (sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) < 1324 (sysctl_max_syn_backlog >> 2)) && 1325 (!peer || !peer->tcp_ts_stamp) && 1326 (!dst || !dst_metric(dst, RTAX_RTT))) { 1327 /* Without syncookies last quarter of 1328 * backlog is filled with destinations, 1329 * proven to be alive. 1330 * It means that we continue to communicate 1331 * to destinations, already remembered 1332 * to the moment of synflood. 1333 */ 1334 LIMIT_NETDEBUG(KERN_DEBUG "TCP: drop open request from %pI6/%u\n", 1335 &treq->rmt_addr, ntohs(tcp_hdr(skb)->source)); 1336 goto drop_and_release; 1337 } 1338 1339 isn = tcp_v6_init_sequence(skb); 1340 } 1341 have_isn: 1342 tcp_rsk(req)->snt_isn = isn; 1343 1344 security_inet_conn_request(sk, skb, req); 1345 1346 if (tcp_v6_send_synack(sk, req, 1347 (struct request_values *)&tmp_ext) || 1348 want_cookie) 1349 goto drop_and_free; 1350 1351 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT); 1352 return 0; 1353 1354 drop_and_release: 1355 dst_release(dst); 1356 drop_and_free: 1357 reqsk_free(req); 1358 drop: 1359 return 0; /* don't send reset */ 1360 } 1361 1362 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb, 1363 struct request_sock *req, 1364 struct dst_entry *dst) 1365 { 1366 struct inet6_request_sock *treq; 1367 struct ipv6_pinfo *newnp, *np = inet6_sk(sk); 1368 struct tcp6_sock *newtcp6sk; 1369 struct inet_sock *newinet; 1370 struct tcp_sock *newtp; 1371 struct sock *newsk; 1372 struct ipv6_txoptions *opt; 1373 #ifdef CONFIG_TCP_MD5SIG 1374 struct tcp_md5sig_key *key; 1375 #endif 1376 1377 if (skb->protocol == htons(ETH_P_IP)) { 1378 /* 1379 * v6 mapped 1380 */ 1381 1382 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst); 1383 1384 if (newsk == NULL) 1385 return NULL; 1386 1387 newtcp6sk = (struct tcp6_sock *)newsk; 1388 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1389 1390 newinet = inet_sk(newsk); 1391 newnp = inet6_sk(newsk); 1392 newtp = tcp_sk(newsk); 1393 1394 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1395 1396 ipv6_addr_set_v4mapped(newinet->inet_daddr, &newnp->daddr); 1397 1398 ipv6_addr_set_v4mapped(newinet->inet_saddr, &newnp->saddr); 1399 1400 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr); 1401 1402 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped; 1403 newsk->sk_backlog_rcv = tcp_v4_do_rcv; 1404 #ifdef CONFIG_TCP_MD5SIG 1405 newtp->af_specific = &tcp_sock_ipv6_mapped_specific; 1406 #endif 1407 1408 newnp->pktoptions = NULL; 1409 newnp->opt = NULL; 1410 newnp->mcast_oif = inet6_iif(skb); 1411 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1412 1413 /* 1414 * No need to charge this sock to the relevant IPv6 refcnt debug socks count 1415 * here, tcp_create_openreq_child now does this for us, see the comment in 1416 * that function for the gory details. -acme 1417 */ 1418 1419 /* It is tricky place. Until this moment IPv4 tcp 1420 worked with IPv6 icsk.icsk_af_ops. 1421 Sync it now. 1422 */ 1423 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); 1424 1425 return newsk; 1426 } 1427 1428 treq = inet6_rsk(req); 1429 opt = np->opt; 1430 1431 if (sk_acceptq_is_full(sk)) 1432 goto out_overflow; 1433 1434 if (!dst) { 1435 dst = inet6_csk_route_req(sk, req); 1436 if (!dst) 1437 goto out; 1438 } 1439 1440 newsk = tcp_create_openreq_child(sk, req, skb); 1441 if (newsk == NULL) 1442 goto out_nonewsk; 1443 1444 /* 1445 * No need to charge this sock to the relevant IPv6 refcnt debug socks 1446 * count here, tcp_create_openreq_child now does this for us, see the 1447 * comment in that function for the gory details. -acme 1448 */ 1449 1450 newsk->sk_gso_type = SKB_GSO_TCPV6; 1451 __ip6_dst_store(newsk, dst, NULL, NULL); 1452 1453 newtcp6sk = (struct tcp6_sock *)newsk; 1454 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1455 1456 newtp = tcp_sk(newsk); 1457 newinet = inet_sk(newsk); 1458 newnp = inet6_sk(newsk); 1459 1460 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1461 1462 ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr); 1463 ipv6_addr_copy(&newnp->saddr, &treq->loc_addr); 1464 ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr); 1465 newsk->sk_bound_dev_if = treq->iif; 1466 1467 /* Now IPv6 options... 1468 1469 First: no IPv4 options. 1470 */ 1471 newinet->opt = NULL; 1472 newnp->ipv6_fl_list = NULL; 1473 1474 /* Clone RX bits */ 1475 newnp->rxopt.all = np->rxopt.all; 1476 1477 /* Clone pktoptions received with SYN */ 1478 newnp->pktoptions = NULL; 1479 if (treq->pktopts != NULL) { 1480 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC); 1481 kfree_skb(treq->pktopts); 1482 treq->pktopts = NULL; 1483 if (newnp->pktoptions) 1484 skb_set_owner_r(newnp->pktoptions, newsk); 1485 } 1486 newnp->opt = NULL; 1487 newnp->mcast_oif = inet6_iif(skb); 1488 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1489 1490 /* Clone native IPv6 options from listening socket (if any) 1491 1492 Yes, keeping reference count would be much more clever, 1493 but we make one more one thing there: reattach optmem 1494 to newsk. 1495 */ 1496 if (opt) { 1497 newnp->opt = ipv6_dup_options(newsk, opt); 1498 if (opt != np->opt) 1499 sock_kfree_s(sk, opt, opt->tot_len); 1500 } 1501 1502 inet_csk(newsk)->icsk_ext_hdr_len = 0; 1503 if (newnp->opt) 1504 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen + 1505 newnp->opt->opt_flen); 1506 1507 tcp_mtup_init(newsk); 1508 tcp_sync_mss(newsk, dst_mtu(dst)); 1509 newtp->advmss = dst_metric_advmss(dst); 1510 tcp_initialize_rcv_mss(newsk); 1511 1512 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6; 1513 newinet->inet_rcv_saddr = LOOPBACK4_IPV6; 1514 1515 #ifdef CONFIG_TCP_MD5SIG 1516 /* Copy over the MD5 key from the original socket */ 1517 if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) { 1518 /* We're using one, so create a matching key 1519 * on the newsk structure. If we fail to get 1520 * memory, then we end up not copying the key 1521 * across. Shucks. 1522 */ 1523 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC); 1524 if (newkey != NULL) 1525 tcp_v6_md5_do_add(newsk, &newnp->daddr, 1526 newkey, key->keylen); 1527 } 1528 #endif 1529 1530 if (__inet_inherit_port(sk, newsk) < 0) { 1531 sock_put(newsk); 1532 goto out; 1533 } 1534 __inet6_hash(newsk, NULL); 1535 1536 return newsk; 1537 1538 out_overflow: 1539 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); 1540 out_nonewsk: 1541 if (opt && opt != np->opt) 1542 sock_kfree_s(sk, opt, opt->tot_len); 1543 dst_release(dst); 1544 out: 1545 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); 1546 return NULL; 1547 } 1548 1549 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb) 1550 { 1551 if (skb->ip_summed == CHECKSUM_COMPLETE) { 1552 if (!tcp_v6_check(skb->len, &ipv6_hdr(skb)->saddr, 1553 &ipv6_hdr(skb)->daddr, skb->csum)) { 1554 skb->ip_summed = CHECKSUM_UNNECESSARY; 1555 return 0; 1556 } 1557 } 1558 1559 skb->csum = ~csum_unfold(tcp_v6_check(skb->len, 1560 &ipv6_hdr(skb)->saddr, 1561 &ipv6_hdr(skb)->daddr, 0)); 1562 1563 if (skb->len <= 76) { 1564 return __skb_checksum_complete(skb); 1565 } 1566 return 0; 1567 } 1568 1569 /* The socket must have it's spinlock held when we get 1570 * here. 1571 * 1572 * We have a potential double-lock case here, so even when 1573 * doing backlog processing we use the BH locking scheme. 1574 * This is because we cannot sleep with the original spinlock 1575 * held. 1576 */ 1577 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) 1578 { 1579 struct ipv6_pinfo *np = inet6_sk(sk); 1580 struct tcp_sock *tp; 1581 struct sk_buff *opt_skb = NULL; 1582 1583 /* Imagine: socket is IPv6. IPv4 packet arrives, 1584 goes to IPv4 receive handler and backlogged. 1585 From backlog it always goes here. Kerboom... 1586 Fortunately, tcp_rcv_established and rcv_established 1587 handle them correctly, but it is not case with 1588 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK 1589 */ 1590 1591 if (skb->protocol == htons(ETH_P_IP)) 1592 return tcp_v4_do_rcv(sk, skb); 1593 1594 #ifdef CONFIG_TCP_MD5SIG 1595 if (tcp_v6_inbound_md5_hash (sk, skb)) 1596 goto discard; 1597 #endif 1598 1599 if (sk_filter(sk, skb)) 1600 goto discard; 1601 1602 /* 1603 * socket locking is here for SMP purposes as backlog rcv 1604 * is currently called with bh processing disabled. 1605 */ 1606 1607 /* Do Stevens' IPV6_PKTOPTIONS. 1608 1609 Yes, guys, it is the only place in our code, where we 1610 may make it not affecting IPv4. 1611 The rest of code is protocol independent, 1612 and I do not like idea to uglify IPv4. 1613 1614 Actually, all the idea behind IPV6_PKTOPTIONS 1615 looks not very well thought. For now we latch 1616 options, received in the last packet, enqueued 1617 by tcp. Feel free to propose better solution. 1618 --ANK (980728) 1619 */ 1620 if (np->rxopt.all) 1621 opt_skb = skb_clone(skb, GFP_ATOMIC); 1622 1623 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ 1624 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) 1625 goto reset; 1626 if (opt_skb) 1627 goto ipv6_pktoptions; 1628 return 0; 1629 } 1630 1631 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb)) 1632 goto csum_err; 1633 1634 if (sk->sk_state == TCP_LISTEN) { 1635 struct sock *nsk = tcp_v6_hnd_req(sk, skb); 1636 if (!nsk) 1637 goto discard; 1638 1639 /* 1640 * Queue it on the new socket if the new socket is active, 1641 * otherwise we just shortcircuit this and continue with 1642 * the new socket.. 1643 */ 1644 if(nsk != sk) { 1645 if (tcp_child_process(sk, nsk, skb)) 1646 goto reset; 1647 if (opt_skb) 1648 __kfree_skb(opt_skb); 1649 return 0; 1650 } 1651 } 1652 1653 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) 1654 goto reset; 1655 if (opt_skb) 1656 goto ipv6_pktoptions; 1657 return 0; 1658 1659 reset: 1660 tcp_v6_send_reset(sk, skb); 1661 discard: 1662 if (opt_skb) 1663 __kfree_skb(opt_skb); 1664 kfree_skb(skb); 1665 return 0; 1666 csum_err: 1667 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS); 1668 goto discard; 1669 1670 1671 ipv6_pktoptions: 1672 /* Do you ask, what is it? 1673 1674 1. skb was enqueued by tcp. 1675 2. skb is added to tail of read queue, rather than out of order. 1676 3. socket is not in passive state. 1677 4. Finally, it really contains options, which user wants to receive. 1678 */ 1679 tp = tcp_sk(sk); 1680 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt && 1681 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) { 1682 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo) 1683 np->mcast_oif = inet6_iif(opt_skb); 1684 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) 1685 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit; 1686 if (ipv6_opt_accepted(sk, opt_skb)) { 1687 skb_set_owner_r(opt_skb, sk); 1688 opt_skb = xchg(&np->pktoptions, opt_skb); 1689 } else { 1690 __kfree_skb(opt_skb); 1691 opt_skb = xchg(&np->pktoptions, NULL); 1692 } 1693 } 1694 1695 kfree_skb(opt_skb); 1696 return 0; 1697 } 1698 1699 static int tcp_v6_rcv(struct sk_buff *skb) 1700 { 1701 struct tcphdr *th; 1702 struct ipv6hdr *hdr; 1703 struct sock *sk; 1704 int ret; 1705 struct net *net = dev_net(skb->dev); 1706 1707 if (skb->pkt_type != PACKET_HOST) 1708 goto discard_it; 1709 1710 /* 1711 * Count it even if it's bad. 1712 */ 1713 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS); 1714 1715 if (!pskb_may_pull(skb, sizeof(struct tcphdr))) 1716 goto discard_it; 1717 1718 th = tcp_hdr(skb); 1719 1720 if (th->doff < sizeof(struct tcphdr)/4) 1721 goto bad_packet; 1722 if (!pskb_may_pull(skb, th->doff*4)) 1723 goto discard_it; 1724 1725 if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb)) 1726 goto bad_packet; 1727 1728 th = tcp_hdr(skb); 1729 hdr = ipv6_hdr(skb); 1730 TCP_SKB_CB(skb)->seq = ntohl(th->seq); 1731 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin + 1732 skb->len - th->doff*4); 1733 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq); 1734 TCP_SKB_CB(skb)->when = 0; 1735 TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(hdr); 1736 TCP_SKB_CB(skb)->sacked = 0; 1737 1738 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); 1739 if (!sk) 1740 goto no_tcp_socket; 1741 1742 process: 1743 if (sk->sk_state == TCP_TIME_WAIT) 1744 goto do_time_wait; 1745 1746 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) { 1747 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); 1748 goto discard_and_relse; 1749 } 1750 1751 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) 1752 goto discard_and_relse; 1753 1754 if (sk_filter(sk, skb)) 1755 goto discard_and_relse; 1756 1757 skb->dev = NULL; 1758 1759 bh_lock_sock_nested(sk); 1760 ret = 0; 1761 if (!sock_owned_by_user(sk)) { 1762 #ifdef CONFIG_NET_DMA 1763 struct tcp_sock *tp = tcp_sk(sk); 1764 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list) 1765 tp->ucopy.dma_chan = dma_find_channel(DMA_MEMCPY); 1766 if (tp->ucopy.dma_chan) 1767 ret = tcp_v6_do_rcv(sk, skb); 1768 else 1769 #endif 1770 { 1771 if (!tcp_prequeue(sk, skb)) 1772 ret = tcp_v6_do_rcv(sk, skb); 1773 } 1774 } else if (unlikely(sk_add_backlog(sk, skb))) { 1775 bh_unlock_sock(sk); 1776 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP); 1777 goto discard_and_relse; 1778 } 1779 bh_unlock_sock(sk); 1780 1781 sock_put(sk); 1782 return ret ? -1 : 0; 1783 1784 no_tcp_socket: 1785 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 1786 goto discard_it; 1787 1788 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1789 bad_packet: 1790 TCP_INC_STATS_BH(net, TCP_MIB_INERRS); 1791 } else { 1792 tcp_v6_send_reset(NULL, skb); 1793 } 1794 1795 discard_it: 1796 1797 /* 1798 * Discard frame 1799 */ 1800 1801 kfree_skb(skb); 1802 return 0; 1803 1804 discard_and_relse: 1805 sock_put(sk); 1806 goto discard_it; 1807 1808 do_time_wait: 1809 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 1810 inet_twsk_put(inet_twsk(sk)); 1811 goto discard_it; 1812 } 1813 1814 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1815 TCP_INC_STATS_BH(net, TCP_MIB_INERRS); 1816 inet_twsk_put(inet_twsk(sk)); 1817 goto discard_it; 1818 } 1819 1820 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) { 1821 case TCP_TW_SYN: 1822 { 1823 struct sock *sk2; 1824 1825 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo, 1826 &ipv6_hdr(skb)->daddr, 1827 ntohs(th->dest), inet6_iif(skb)); 1828 if (sk2 != NULL) { 1829 struct inet_timewait_sock *tw = inet_twsk(sk); 1830 inet_twsk_deschedule(tw, &tcp_death_row); 1831 inet_twsk_put(tw); 1832 sk = sk2; 1833 goto process; 1834 } 1835 /* Fall through to ACK */ 1836 } 1837 case TCP_TW_ACK: 1838 tcp_v6_timewait_ack(sk, skb); 1839 break; 1840 case TCP_TW_RST: 1841 goto no_tcp_socket; 1842 case TCP_TW_SUCCESS:; 1843 } 1844 goto discard_it; 1845 } 1846 1847 static struct inet_peer *tcp_v6_get_peer(struct sock *sk, bool *release_it) 1848 { 1849 struct rt6_info *rt = (struct rt6_info *) __sk_dst_get(sk); 1850 struct ipv6_pinfo *np = inet6_sk(sk); 1851 struct inet_peer *peer; 1852 1853 if (!rt || 1854 !ipv6_addr_equal(&np->daddr, &rt->rt6i_dst.addr)) { 1855 peer = inet_getpeer_v6(&np->daddr, 1); 1856 *release_it = true; 1857 } else { 1858 if (!rt->rt6i_peer) 1859 rt6_bind_peer(rt, 1); 1860 peer = rt->rt6i_peer; 1861 *release_it = false; 1862 } 1863 1864 return peer; 1865 } 1866 1867 static void *tcp_v6_tw_get_peer(struct sock *sk) 1868 { 1869 struct inet6_timewait_sock *tw6 = inet6_twsk(sk); 1870 struct inet_timewait_sock *tw = inet_twsk(sk); 1871 1872 if (tw->tw_family == AF_INET) 1873 return tcp_v4_tw_get_peer(sk); 1874 1875 return inet_getpeer_v6(&tw6->tw_v6_daddr, 1); 1876 } 1877 1878 static struct timewait_sock_ops tcp6_timewait_sock_ops = { 1879 .twsk_obj_size = sizeof(struct tcp6_timewait_sock), 1880 .twsk_unique = tcp_twsk_unique, 1881 .twsk_destructor= tcp_twsk_destructor, 1882 .twsk_getpeer = tcp_v6_tw_get_peer, 1883 }; 1884 1885 static const struct inet_connection_sock_af_ops ipv6_specific = { 1886 .queue_xmit = inet6_csk_xmit, 1887 .send_check = tcp_v6_send_check, 1888 .rebuild_header = inet6_sk_rebuild_header, 1889 .conn_request = tcp_v6_conn_request, 1890 .syn_recv_sock = tcp_v6_syn_recv_sock, 1891 .get_peer = tcp_v6_get_peer, 1892 .net_header_len = sizeof(struct ipv6hdr), 1893 .setsockopt = ipv6_setsockopt, 1894 .getsockopt = ipv6_getsockopt, 1895 .addr2sockaddr = inet6_csk_addr2sockaddr, 1896 .sockaddr_len = sizeof(struct sockaddr_in6), 1897 .bind_conflict = inet6_csk_bind_conflict, 1898 #ifdef CONFIG_COMPAT 1899 .compat_setsockopt = compat_ipv6_setsockopt, 1900 .compat_getsockopt = compat_ipv6_getsockopt, 1901 #endif 1902 }; 1903 1904 #ifdef CONFIG_TCP_MD5SIG 1905 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = { 1906 .md5_lookup = tcp_v6_md5_lookup, 1907 .calc_md5_hash = tcp_v6_md5_hash_skb, 1908 .md5_add = tcp_v6_md5_add_func, 1909 .md5_parse = tcp_v6_parse_md5_keys, 1910 }; 1911 #endif 1912 1913 /* 1914 * TCP over IPv4 via INET6 API 1915 */ 1916 1917 static const struct inet_connection_sock_af_ops ipv6_mapped = { 1918 .queue_xmit = ip_queue_xmit, 1919 .send_check = tcp_v4_send_check, 1920 .rebuild_header = inet_sk_rebuild_header, 1921 .conn_request = tcp_v6_conn_request, 1922 .syn_recv_sock = tcp_v6_syn_recv_sock, 1923 .get_peer = tcp_v4_get_peer, 1924 .net_header_len = sizeof(struct iphdr), 1925 .setsockopt = ipv6_setsockopt, 1926 .getsockopt = ipv6_getsockopt, 1927 .addr2sockaddr = inet6_csk_addr2sockaddr, 1928 .sockaddr_len = sizeof(struct sockaddr_in6), 1929 .bind_conflict = inet6_csk_bind_conflict, 1930 #ifdef CONFIG_COMPAT 1931 .compat_setsockopt = compat_ipv6_setsockopt, 1932 .compat_getsockopt = compat_ipv6_getsockopt, 1933 #endif 1934 }; 1935 1936 #ifdef CONFIG_TCP_MD5SIG 1937 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = { 1938 .md5_lookup = tcp_v4_md5_lookup, 1939 .calc_md5_hash = tcp_v4_md5_hash_skb, 1940 .md5_add = tcp_v6_md5_add_func, 1941 .md5_parse = tcp_v6_parse_md5_keys, 1942 }; 1943 #endif 1944 1945 /* NOTE: A lot of things set to zero explicitly by call to 1946 * sk_alloc() so need not be done here. 1947 */ 1948 static int tcp_v6_init_sock(struct sock *sk) 1949 { 1950 struct inet_connection_sock *icsk = inet_csk(sk); 1951 struct tcp_sock *tp = tcp_sk(sk); 1952 1953 skb_queue_head_init(&tp->out_of_order_queue); 1954 tcp_init_xmit_timers(sk); 1955 tcp_prequeue_init(tp); 1956 1957 icsk->icsk_rto = TCP_TIMEOUT_INIT; 1958 tp->mdev = TCP_TIMEOUT_INIT; 1959 1960 /* So many TCP implementations out there (incorrectly) count the 1961 * initial SYN frame in their delayed-ACK and congestion control 1962 * algorithms that we must have the following bandaid to talk 1963 * efficiently to them. -DaveM 1964 */ 1965 tp->snd_cwnd = 2; 1966 1967 /* See draft-stevens-tcpca-spec-01 for discussion of the 1968 * initialization of these values. 1969 */ 1970 tp->snd_ssthresh = TCP_INFINITE_SSTHRESH; 1971 tp->snd_cwnd_clamp = ~0; 1972 tp->mss_cache = TCP_MSS_DEFAULT; 1973 1974 tp->reordering = sysctl_tcp_reordering; 1975 1976 sk->sk_state = TCP_CLOSE; 1977 1978 icsk->icsk_af_ops = &ipv6_specific; 1979 icsk->icsk_ca_ops = &tcp_init_congestion_ops; 1980 icsk->icsk_sync_mss = tcp_sync_mss; 1981 sk->sk_write_space = sk_stream_write_space; 1982 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE); 1983 1984 #ifdef CONFIG_TCP_MD5SIG 1985 tp->af_specific = &tcp_sock_ipv6_specific; 1986 #endif 1987 1988 /* TCP Cookie Transactions */ 1989 if (sysctl_tcp_cookie_size > 0) { 1990 /* Default, cookies without s_data_payload. */ 1991 tp->cookie_values = 1992 kzalloc(sizeof(*tp->cookie_values), 1993 sk->sk_allocation); 1994 if (tp->cookie_values != NULL) 1995 kref_init(&tp->cookie_values->kref); 1996 } 1997 /* Presumed zeroed, in order of appearance: 1998 * cookie_in_always, cookie_out_never, 1999 * s_data_constant, s_data_in, s_data_out 2000 */ 2001 sk->sk_sndbuf = sysctl_tcp_wmem[1]; 2002 sk->sk_rcvbuf = sysctl_tcp_rmem[1]; 2003 2004 local_bh_disable(); 2005 percpu_counter_inc(&tcp_sockets_allocated); 2006 local_bh_enable(); 2007 2008 return 0; 2009 } 2010 2011 static void tcp_v6_destroy_sock(struct sock *sk) 2012 { 2013 #ifdef CONFIG_TCP_MD5SIG 2014 /* Clean up the MD5 key list */ 2015 if (tcp_sk(sk)->md5sig_info) 2016 tcp_v6_clear_md5_list(sk); 2017 #endif 2018 tcp_v4_destroy_sock(sk); 2019 inet6_destroy_sock(sk); 2020 } 2021 2022 #ifdef CONFIG_PROC_FS 2023 /* Proc filesystem TCPv6 sock list dumping. */ 2024 static void get_openreq6(struct seq_file *seq, 2025 struct sock *sk, struct request_sock *req, int i, int uid) 2026 { 2027 int ttd = req->expires - jiffies; 2028 struct in6_addr *src = &inet6_rsk(req)->loc_addr; 2029 struct in6_addr *dest = &inet6_rsk(req)->rmt_addr; 2030 2031 if (ttd < 0) 2032 ttd = 0; 2033 2034 seq_printf(seq, 2035 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 2036 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n", 2037 i, 2038 src->s6_addr32[0], src->s6_addr32[1], 2039 src->s6_addr32[2], src->s6_addr32[3], 2040 ntohs(inet_rsk(req)->loc_port), 2041 dest->s6_addr32[0], dest->s6_addr32[1], 2042 dest->s6_addr32[2], dest->s6_addr32[3], 2043 ntohs(inet_rsk(req)->rmt_port), 2044 TCP_SYN_RECV, 2045 0,0, /* could print option size, but that is af dependent. */ 2046 1, /* timers active (only the expire timer) */ 2047 jiffies_to_clock_t(ttd), 2048 req->retrans, 2049 uid, 2050 0, /* non standard timer */ 2051 0, /* open_requests have no inode */ 2052 0, req); 2053 } 2054 2055 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) 2056 { 2057 struct in6_addr *dest, *src; 2058 __u16 destp, srcp; 2059 int timer_active; 2060 unsigned long timer_expires; 2061 struct inet_sock *inet = inet_sk(sp); 2062 struct tcp_sock *tp = tcp_sk(sp); 2063 const struct inet_connection_sock *icsk = inet_csk(sp); 2064 struct ipv6_pinfo *np = inet6_sk(sp); 2065 2066 dest = &np->daddr; 2067 src = &np->rcv_saddr; 2068 destp = ntohs(inet->inet_dport); 2069 srcp = ntohs(inet->inet_sport); 2070 2071 if (icsk->icsk_pending == ICSK_TIME_RETRANS) { 2072 timer_active = 1; 2073 timer_expires = icsk->icsk_timeout; 2074 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) { 2075 timer_active = 4; 2076 timer_expires = icsk->icsk_timeout; 2077 } else if (timer_pending(&sp->sk_timer)) { 2078 timer_active = 2; 2079 timer_expires = sp->sk_timer.expires; 2080 } else { 2081 timer_active = 0; 2082 timer_expires = jiffies; 2083 } 2084 2085 seq_printf(seq, 2086 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 2087 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %lu %lu %u %u %d\n", 2088 i, 2089 src->s6_addr32[0], src->s6_addr32[1], 2090 src->s6_addr32[2], src->s6_addr32[3], srcp, 2091 dest->s6_addr32[0], dest->s6_addr32[1], 2092 dest->s6_addr32[2], dest->s6_addr32[3], destp, 2093 sp->sk_state, 2094 tp->write_seq-tp->snd_una, 2095 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq), 2096 timer_active, 2097 jiffies_to_clock_t(timer_expires - jiffies), 2098 icsk->icsk_retransmits, 2099 sock_i_uid(sp), 2100 icsk->icsk_probes_out, 2101 sock_i_ino(sp), 2102 atomic_read(&sp->sk_refcnt), sp, 2103 jiffies_to_clock_t(icsk->icsk_rto), 2104 jiffies_to_clock_t(icsk->icsk_ack.ato), 2105 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong, 2106 tp->snd_cwnd, 2107 tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh 2108 ); 2109 } 2110 2111 static void get_timewait6_sock(struct seq_file *seq, 2112 struct inet_timewait_sock *tw, int i) 2113 { 2114 struct in6_addr *dest, *src; 2115 __u16 destp, srcp; 2116 struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw); 2117 int ttd = tw->tw_ttd - jiffies; 2118 2119 if (ttd < 0) 2120 ttd = 0; 2121 2122 dest = &tw6->tw_v6_daddr; 2123 src = &tw6->tw_v6_rcv_saddr; 2124 destp = ntohs(tw->tw_dport); 2125 srcp = ntohs(tw->tw_sport); 2126 2127 seq_printf(seq, 2128 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 2129 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n", 2130 i, 2131 src->s6_addr32[0], src->s6_addr32[1], 2132 src->s6_addr32[2], src->s6_addr32[3], srcp, 2133 dest->s6_addr32[0], dest->s6_addr32[1], 2134 dest->s6_addr32[2], dest->s6_addr32[3], destp, 2135 tw->tw_substate, 0, 0, 2136 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0, 2137 atomic_read(&tw->tw_refcnt), tw); 2138 } 2139 2140 static int tcp6_seq_show(struct seq_file *seq, void *v) 2141 { 2142 struct tcp_iter_state *st; 2143 2144 if (v == SEQ_START_TOKEN) { 2145 seq_puts(seq, 2146 " sl " 2147 "local_address " 2148 "remote_address " 2149 "st tx_queue rx_queue tr tm->when retrnsmt" 2150 " uid timeout inode\n"); 2151 goto out; 2152 } 2153 st = seq->private; 2154 2155 switch (st->state) { 2156 case TCP_SEQ_STATE_LISTENING: 2157 case TCP_SEQ_STATE_ESTABLISHED: 2158 get_tcp6_sock(seq, v, st->num); 2159 break; 2160 case TCP_SEQ_STATE_OPENREQ: 2161 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid); 2162 break; 2163 case TCP_SEQ_STATE_TIME_WAIT: 2164 get_timewait6_sock(seq, v, st->num); 2165 break; 2166 } 2167 out: 2168 return 0; 2169 } 2170 2171 static struct tcp_seq_afinfo tcp6_seq_afinfo = { 2172 .name = "tcp6", 2173 .family = AF_INET6, 2174 .seq_fops = { 2175 .owner = THIS_MODULE, 2176 }, 2177 .seq_ops = { 2178 .show = tcp6_seq_show, 2179 }, 2180 }; 2181 2182 int __net_init tcp6_proc_init(struct net *net) 2183 { 2184 return tcp_proc_register(net, &tcp6_seq_afinfo); 2185 } 2186 2187 void tcp6_proc_exit(struct net *net) 2188 { 2189 tcp_proc_unregister(net, &tcp6_seq_afinfo); 2190 } 2191 #endif 2192 2193 struct proto tcpv6_prot = { 2194 .name = "TCPv6", 2195 .owner = THIS_MODULE, 2196 .close = tcp_close, 2197 .connect = tcp_v6_connect, 2198 .disconnect = tcp_disconnect, 2199 .accept = inet_csk_accept, 2200 .ioctl = tcp_ioctl, 2201 .init = tcp_v6_init_sock, 2202 .destroy = tcp_v6_destroy_sock, 2203 .shutdown = tcp_shutdown, 2204 .setsockopt = tcp_setsockopt, 2205 .getsockopt = tcp_getsockopt, 2206 .recvmsg = tcp_recvmsg, 2207 .sendmsg = tcp_sendmsg, 2208 .sendpage = tcp_sendpage, 2209 .backlog_rcv = tcp_v6_do_rcv, 2210 .hash = tcp_v6_hash, 2211 .unhash = inet_unhash, 2212 .get_port = inet_csk_get_port, 2213 .enter_memory_pressure = tcp_enter_memory_pressure, 2214 .sockets_allocated = &tcp_sockets_allocated, 2215 .memory_allocated = &tcp_memory_allocated, 2216 .memory_pressure = &tcp_memory_pressure, 2217 .orphan_count = &tcp_orphan_count, 2218 .sysctl_mem = sysctl_tcp_mem, 2219 .sysctl_wmem = sysctl_tcp_wmem, 2220 .sysctl_rmem = sysctl_tcp_rmem, 2221 .max_header = MAX_TCP_HEADER, 2222 .obj_size = sizeof(struct tcp6_sock), 2223 .slab_flags = SLAB_DESTROY_BY_RCU, 2224 .twsk_prot = &tcp6_timewait_sock_ops, 2225 .rsk_prot = &tcp6_request_sock_ops, 2226 .h.hashinfo = &tcp_hashinfo, 2227 .no_autobind = true, 2228 #ifdef CONFIG_COMPAT 2229 .compat_setsockopt = compat_tcp_setsockopt, 2230 .compat_getsockopt = compat_tcp_getsockopt, 2231 #endif 2232 }; 2233 2234 static const struct inet6_protocol tcpv6_protocol = { 2235 .handler = tcp_v6_rcv, 2236 .err_handler = tcp_v6_err, 2237 .gso_send_check = tcp_v6_gso_send_check, 2238 .gso_segment = tcp_tso_segment, 2239 .gro_receive = tcp6_gro_receive, 2240 .gro_complete = tcp6_gro_complete, 2241 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 2242 }; 2243 2244 static struct inet_protosw tcpv6_protosw = { 2245 .type = SOCK_STREAM, 2246 .protocol = IPPROTO_TCP, 2247 .prot = &tcpv6_prot, 2248 .ops = &inet6_stream_ops, 2249 .no_check = 0, 2250 .flags = INET_PROTOSW_PERMANENT | 2251 INET_PROTOSW_ICSK, 2252 }; 2253 2254 static int __net_init tcpv6_net_init(struct net *net) 2255 { 2256 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6, 2257 SOCK_RAW, IPPROTO_TCP, net); 2258 } 2259 2260 static void __net_exit tcpv6_net_exit(struct net *net) 2261 { 2262 inet_ctl_sock_destroy(net->ipv6.tcp_sk); 2263 } 2264 2265 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list) 2266 { 2267 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET6); 2268 } 2269 2270 static struct pernet_operations tcpv6_net_ops = { 2271 .init = tcpv6_net_init, 2272 .exit = tcpv6_net_exit, 2273 .exit_batch = tcpv6_net_exit_batch, 2274 }; 2275 2276 int __init tcpv6_init(void) 2277 { 2278 int ret; 2279 2280 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP); 2281 if (ret) 2282 goto out; 2283 2284 /* register inet6 protocol */ 2285 ret = inet6_register_protosw(&tcpv6_protosw); 2286 if (ret) 2287 goto out_tcpv6_protocol; 2288 2289 ret = register_pernet_subsys(&tcpv6_net_ops); 2290 if (ret) 2291 goto out_tcpv6_protosw; 2292 out: 2293 return ret; 2294 2295 out_tcpv6_protocol: 2296 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2297 out_tcpv6_protosw: 2298 inet6_unregister_protosw(&tcpv6_protosw); 2299 goto out; 2300 } 2301 2302 void tcpv6_exit(void) 2303 { 2304 unregister_pernet_subsys(&tcpv6_net_ops); 2305 inet6_unregister_protosw(&tcpv6_protosw); 2306 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2307 } 2308