1 /* 2 * TCP over IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on: 9 * linux/net/ipv4/tcp.c 10 * linux/net/ipv4/tcp_input.c 11 * linux/net/ipv4/tcp_output.c 12 * 13 * Fixes: 14 * Hideaki YOSHIFUJI : sin6_scope_id support 15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which 16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind 17 * a single port at the same time. 18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file. 19 * 20 * This program is free software; you can redistribute it and/or 21 * modify it under the terms of the GNU General Public License 22 * as published by the Free Software Foundation; either version 23 * 2 of the License, or (at your option) any later version. 24 */ 25 26 #include <linux/bottom_half.h> 27 #include <linux/module.h> 28 #include <linux/errno.h> 29 #include <linux/types.h> 30 #include <linux/socket.h> 31 #include <linux/sockios.h> 32 #include <linux/net.h> 33 #include <linux/jiffies.h> 34 #include <linux/in.h> 35 #include <linux/in6.h> 36 #include <linux/netdevice.h> 37 #include <linux/init.h> 38 #include <linux/jhash.h> 39 #include <linux/ipsec.h> 40 #include <linux/times.h> 41 #include <linux/slab.h> 42 #include <linux/uaccess.h> 43 #include <linux/ipv6.h> 44 #include <linux/icmpv6.h> 45 #include <linux/random.h> 46 47 #include <net/tcp.h> 48 #include <net/ndisc.h> 49 #include <net/inet6_hashtables.h> 50 #include <net/inet6_connection_sock.h> 51 #include <net/ipv6.h> 52 #include <net/transp_v6.h> 53 #include <net/addrconf.h> 54 #include <net/ip6_route.h> 55 #include <net/ip6_checksum.h> 56 #include <net/inet_ecn.h> 57 #include <net/protocol.h> 58 #include <net/xfrm.h> 59 #include <net/snmp.h> 60 #include <net/dsfield.h> 61 #include <net/timewait_sock.h> 62 #include <net/inet_common.h> 63 #include <net/secure_seq.h> 64 #include <net/busy_poll.h> 65 66 #include <linux/proc_fs.h> 67 #include <linux/seq_file.h> 68 69 #include <crypto/hash.h> 70 #include <linux/scatterlist.h> 71 72 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb); 73 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb, 74 struct request_sock *req); 75 76 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb); 77 78 static const struct inet_connection_sock_af_ops ipv6_mapped; 79 static const struct inet_connection_sock_af_ops ipv6_specific; 80 #ifdef CONFIG_TCP_MD5SIG 81 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific; 82 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific; 83 #else 84 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk, 85 const struct in6_addr *addr) 86 { 87 return NULL; 88 } 89 #endif 90 91 static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) 92 { 93 struct dst_entry *dst = skb_dst(skb); 94 95 if (dst && dst_hold_safe(dst)) { 96 const struct rt6_info *rt = (const struct rt6_info *)dst; 97 98 sk->sk_rx_dst = dst; 99 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif; 100 inet6_sk(sk)->rx_dst_cookie = rt6_get_cookie(rt); 101 } 102 } 103 104 static u32 tcp_v6_init_sequence(const struct sk_buff *skb, u32 *tsoff) 105 { 106 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32, 107 ipv6_hdr(skb)->saddr.s6_addr32, 108 tcp_hdr(skb)->dest, 109 tcp_hdr(skb)->source, tsoff); 110 } 111 112 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 113 int addr_len) 114 { 115 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; 116 struct inet_sock *inet = inet_sk(sk); 117 struct inet_connection_sock *icsk = inet_csk(sk); 118 struct ipv6_pinfo *np = inet6_sk(sk); 119 struct tcp_sock *tp = tcp_sk(sk); 120 struct in6_addr *saddr = NULL, *final_p, final; 121 struct ipv6_txoptions *opt; 122 struct flowi6 fl6; 123 struct dst_entry *dst; 124 int addr_type; 125 int err; 126 struct inet_timewait_death_row *tcp_death_row = &sock_net(sk)->ipv4.tcp_death_row; 127 128 if (addr_len < SIN6_LEN_RFC2133) 129 return -EINVAL; 130 131 if (usin->sin6_family != AF_INET6) 132 return -EAFNOSUPPORT; 133 134 memset(&fl6, 0, sizeof(fl6)); 135 136 if (np->sndflow) { 137 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK; 138 IP6_ECN_flow_init(fl6.flowlabel); 139 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) { 140 struct ip6_flowlabel *flowlabel; 141 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); 142 if (!flowlabel) 143 return -EINVAL; 144 fl6_sock_release(flowlabel); 145 } 146 } 147 148 /* 149 * connect() to INADDR_ANY means loopback (BSD'ism). 150 */ 151 152 if (ipv6_addr_any(&usin->sin6_addr)) 153 usin->sin6_addr.s6_addr[15] = 0x1; 154 155 addr_type = ipv6_addr_type(&usin->sin6_addr); 156 157 if (addr_type & IPV6_ADDR_MULTICAST) 158 return -ENETUNREACH; 159 160 if (addr_type&IPV6_ADDR_LINKLOCAL) { 161 if (addr_len >= sizeof(struct sockaddr_in6) && 162 usin->sin6_scope_id) { 163 /* If interface is set while binding, indices 164 * must coincide. 165 */ 166 if (sk->sk_bound_dev_if && 167 sk->sk_bound_dev_if != usin->sin6_scope_id) 168 return -EINVAL; 169 170 sk->sk_bound_dev_if = usin->sin6_scope_id; 171 } 172 173 /* Connect to link-local address requires an interface */ 174 if (!sk->sk_bound_dev_if) 175 return -EINVAL; 176 } 177 178 if (tp->rx_opt.ts_recent_stamp && 179 !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) { 180 tp->rx_opt.ts_recent = 0; 181 tp->rx_opt.ts_recent_stamp = 0; 182 tp->write_seq = 0; 183 } 184 185 sk->sk_v6_daddr = usin->sin6_addr; 186 np->flow_label = fl6.flowlabel; 187 188 /* 189 * TCP over IPv4 190 */ 191 192 if (addr_type == IPV6_ADDR_MAPPED) { 193 u32 exthdrlen = icsk->icsk_ext_hdr_len; 194 struct sockaddr_in sin; 195 196 SOCK_DEBUG(sk, "connect: ipv4 mapped\n"); 197 198 if (__ipv6_only_sock(sk)) 199 return -ENETUNREACH; 200 201 sin.sin_family = AF_INET; 202 sin.sin_port = usin->sin6_port; 203 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3]; 204 205 icsk->icsk_af_ops = &ipv6_mapped; 206 sk->sk_backlog_rcv = tcp_v4_do_rcv; 207 #ifdef CONFIG_TCP_MD5SIG 208 tp->af_specific = &tcp_sock_ipv6_mapped_specific; 209 #endif 210 211 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin)); 212 213 if (err) { 214 icsk->icsk_ext_hdr_len = exthdrlen; 215 icsk->icsk_af_ops = &ipv6_specific; 216 sk->sk_backlog_rcv = tcp_v6_do_rcv; 217 #ifdef CONFIG_TCP_MD5SIG 218 tp->af_specific = &tcp_sock_ipv6_specific; 219 #endif 220 goto failure; 221 } 222 np->saddr = sk->sk_v6_rcv_saddr; 223 224 return err; 225 } 226 227 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr)) 228 saddr = &sk->sk_v6_rcv_saddr; 229 230 fl6.flowi6_proto = IPPROTO_TCP; 231 fl6.daddr = sk->sk_v6_daddr; 232 fl6.saddr = saddr ? *saddr : np->saddr; 233 fl6.flowi6_oif = sk->sk_bound_dev_if; 234 fl6.flowi6_mark = sk->sk_mark; 235 fl6.fl6_dport = usin->sin6_port; 236 fl6.fl6_sport = inet->inet_sport; 237 fl6.flowi6_uid = sk->sk_uid; 238 239 opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk)); 240 final_p = fl6_update_dst(&fl6, opt, &final); 241 242 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); 243 244 dst = ip6_dst_lookup_flow(sk, &fl6, final_p); 245 if (IS_ERR(dst)) { 246 err = PTR_ERR(dst); 247 goto failure; 248 } 249 250 if (!saddr) { 251 saddr = &fl6.saddr; 252 sk->sk_v6_rcv_saddr = *saddr; 253 } 254 255 /* set the source address */ 256 np->saddr = *saddr; 257 inet->inet_rcv_saddr = LOOPBACK4_IPV6; 258 259 sk->sk_gso_type = SKB_GSO_TCPV6; 260 ip6_dst_store(sk, dst, NULL, NULL); 261 262 if (tcp_death_row->sysctl_tw_recycle && 263 !tp->rx_opt.ts_recent_stamp && 264 ipv6_addr_equal(&fl6.daddr, &sk->sk_v6_daddr)) 265 tcp_fetch_timewait_stamp(sk, dst); 266 267 icsk->icsk_ext_hdr_len = 0; 268 if (opt) 269 icsk->icsk_ext_hdr_len = opt->opt_flen + 270 opt->opt_nflen; 271 272 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 273 274 inet->inet_dport = usin->sin6_port; 275 276 tcp_set_state(sk, TCP_SYN_SENT); 277 err = inet6_hash_connect(tcp_death_row, sk); 278 if (err) 279 goto late_failure; 280 281 sk_set_txhash(sk); 282 283 if (!tp->write_seq && likely(!tp->repair)) 284 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32, 285 sk->sk_v6_daddr.s6_addr32, 286 inet->inet_sport, 287 inet->inet_dport, 288 &tp->tsoffset); 289 290 if (tcp_fastopen_defer_connect(sk, &err)) 291 return err; 292 if (err) 293 goto late_failure; 294 295 err = tcp_connect(sk); 296 if (err) 297 goto late_failure; 298 299 return 0; 300 301 late_failure: 302 tcp_set_state(sk, TCP_CLOSE); 303 failure: 304 inet->inet_dport = 0; 305 sk->sk_route_caps = 0; 306 return err; 307 } 308 309 static void tcp_v6_mtu_reduced(struct sock *sk) 310 { 311 struct dst_entry *dst; 312 313 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) 314 return; 315 316 dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info); 317 if (!dst) 318 return; 319 320 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) { 321 tcp_sync_mss(sk, dst_mtu(dst)); 322 tcp_simple_retransmit(sk); 323 } 324 } 325 326 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 327 u8 type, u8 code, int offset, __be32 info) 328 { 329 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data; 330 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset); 331 struct net *net = dev_net(skb->dev); 332 struct request_sock *fastopen; 333 struct ipv6_pinfo *np; 334 struct tcp_sock *tp; 335 __u32 seq, snd_una; 336 struct sock *sk; 337 bool fatal; 338 int err; 339 340 sk = __inet6_lookup_established(net, &tcp_hashinfo, 341 &hdr->daddr, th->dest, 342 &hdr->saddr, ntohs(th->source), 343 skb->dev->ifindex); 344 345 if (!sk) { 346 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), 347 ICMP6_MIB_INERRORS); 348 return; 349 } 350 351 if (sk->sk_state == TCP_TIME_WAIT) { 352 inet_twsk_put(inet_twsk(sk)); 353 return; 354 } 355 seq = ntohl(th->seq); 356 fatal = icmpv6_err_convert(type, code, &err); 357 if (sk->sk_state == TCP_NEW_SYN_RECV) 358 return tcp_req_err(sk, seq, fatal); 359 360 bh_lock_sock(sk); 361 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG) 362 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS); 363 364 if (sk->sk_state == TCP_CLOSE) 365 goto out; 366 367 if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) { 368 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP); 369 goto out; 370 } 371 372 tp = tcp_sk(sk); 373 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */ 374 fastopen = tp->fastopen_rsk; 375 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una; 376 if (sk->sk_state != TCP_LISTEN && 377 !between(seq, snd_una, tp->snd_nxt)) { 378 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS); 379 goto out; 380 } 381 382 np = inet6_sk(sk); 383 384 if (type == NDISC_REDIRECT) { 385 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie); 386 387 if (dst) 388 dst->ops->redirect(dst, sk, skb); 389 goto out; 390 } 391 392 if (type == ICMPV6_PKT_TOOBIG) { 393 /* We are not interested in TCP_LISTEN and open_requests 394 * (SYN-ACKs send out by Linux are always <576bytes so 395 * they should go through unfragmented). 396 */ 397 if (sk->sk_state == TCP_LISTEN) 398 goto out; 399 400 if (!ip6_sk_accept_pmtu(sk)) 401 goto out; 402 403 tp->mtu_info = ntohl(info); 404 if (!sock_owned_by_user(sk)) 405 tcp_v6_mtu_reduced(sk); 406 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED, 407 &sk->sk_tsq_flags)) 408 sock_hold(sk); 409 goto out; 410 } 411 412 413 /* Might be for an request_sock */ 414 switch (sk->sk_state) { 415 case TCP_SYN_SENT: 416 case TCP_SYN_RECV: 417 /* Only in fast or simultaneous open. If a fast open socket is 418 * is already accepted it is treated as a connected one below. 419 */ 420 if (fastopen && !fastopen->sk) 421 break; 422 423 if (!sock_owned_by_user(sk)) { 424 sk->sk_err = err; 425 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */ 426 427 tcp_done(sk); 428 } else 429 sk->sk_err_soft = err; 430 goto out; 431 } 432 433 if (!sock_owned_by_user(sk) && np->recverr) { 434 sk->sk_err = err; 435 sk->sk_error_report(sk); 436 } else 437 sk->sk_err_soft = err; 438 439 out: 440 bh_unlock_sock(sk); 441 sock_put(sk); 442 } 443 444 445 static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst, 446 struct flowi *fl, 447 struct request_sock *req, 448 struct tcp_fastopen_cookie *foc, 449 enum tcp_synack_type synack_type) 450 { 451 struct inet_request_sock *ireq = inet_rsk(req); 452 struct ipv6_pinfo *np = inet6_sk(sk); 453 struct ipv6_txoptions *opt; 454 struct flowi6 *fl6 = &fl->u.ip6; 455 struct sk_buff *skb; 456 int err = -ENOMEM; 457 458 /* First, grab a route. */ 459 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req, 460 IPPROTO_TCP)) == NULL) 461 goto done; 462 463 skb = tcp_make_synack(sk, dst, req, foc, synack_type); 464 465 if (skb) { 466 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr, 467 &ireq->ir_v6_rmt_addr); 468 469 fl6->daddr = ireq->ir_v6_rmt_addr; 470 if (np->repflow && ireq->pktopts) 471 fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts)); 472 473 rcu_read_lock(); 474 opt = ireq->ipv6_opt; 475 if (!opt) 476 opt = rcu_dereference(np->opt); 477 err = ip6_xmit(sk, skb, fl6, sk->sk_mark, opt, np->tclass); 478 rcu_read_unlock(); 479 err = net_xmit_eval(err); 480 } 481 482 done: 483 return err; 484 } 485 486 487 static void tcp_v6_reqsk_destructor(struct request_sock *req) 488 { 489 kfree(inet_rsk(req)->ipv6_opt); 490 kfree_skb(inet_rsk(req)->pktopts); 491 } 492 493 #ifdef CONFIG_TCP_MD5SIG 494 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk, 495 const struct in6_addr *addr) 496 { 497 return tcp_md5_do_lookup(sk, (union tcp_md5_addr *)addr, AF_INET6); 498 } 499 500 static struct tcp_md5sig_key *tcp_v6_md5_lookup(const struct sock *sk, 501 const struct sock *addr_sk) 502 { 503 return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr); 504 } 505 506 static int tcp_v6_parse_md5_keys(struct sock *sk, char __user *optval, 507 int optlen) 508 { 509 struct tcp_md5sig cmd; 510 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr; 511 512 if (optlen < sizeof(cmd)) 513 return -EINVAL; 514 515 if (copy_from_user(&cmd, optval, sizeof(cmd))) 516 return -EFAULT; 517 518 if (sin6->sin6_family != AF_INET6) 519 return -EINVAL; 520 521 if (!cmd.tcpm_keylen) { 522 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) 523 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3], 524 AF_INET); 525 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr, 526 AF_INET6); 527 } 528 529 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN) 530 return -EINVAL; 531 532 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) 533 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3], 534 AF_INET, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL); 535 536 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr, 537 AF_INET6, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL); 538 } 539 540 static int tcp_v6_md5_hash_headers(struct tcp_md5sig_pool *hp, 541 const struct in6_addr *daddr, 542 const struct in6_addr *saddr, 543 const struct tcphdr *th, int nbytes) 544 { 545 struct tcp6_pseudohdr *bp; 546 struct scatterlist sg; 547 struct tcphdr *_th; 548 549 bp = hp->scratch; 550 /* 1. TCP pseudo-header (RFC2460) */ 551 bp->saddr = *saddr; 552 bp->daddr = *daddr; 553 bp->protocol = cpu_to_be32(IPPROTO_TCP); 554 bp->len = cpu_to_be32(nbytes); 555 556 _th = (struct tcphdr *)(bp + 1); 557 memcpy(_th, th, sizeof(*th)); 558 _th->check = 0; 559 560 sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th)); 561 ahash_request_set_crypt(hp->md5_req, &sg, NULL, 562 sizeof(*bp) + sizeof(*th)); 563 return crypto_ahash_update(hp->md5_req); 564 } 565 566 static int tcp_v6_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key, 567 const struct in6_addr *daddr, struct in6_addr *saddr, 568 const struct tcphdr *th) 569 { 570 struct tcp_md5sig_pool *hp; 571 struct ahash_request *req; 572 573 hp = tcp_get_md5sig_pool(); 574 if (!hp) 575 goto clear_hash_noput; 576 req = hp->md5_req; 577 578 if (crypto_ahash_init(req)) 579 goto clear_hash; 580 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, th->doff << 2)) 581 goto clear_hash; 582 if (tcp_md5_hash_key(hp, key)) 583 goto clear_hash; 584 ahash_request_set_crypt(req, NULL, md5_hash, 0); 585 if (crypto_ahash_final(req)) 586 goto clear_hash; 587 588 tcp_put_md5sig_pool(); 589 return 0; 590 591 clear_hash: 592 tcp_put_md5sig_pool(); 593 clear_hash_noput: 594 memset(md5_hash, 0, 16); 595 return 1; 596 } 597 598 static int tcp_v6_md5_hash_skb(char *md5_hash, 599 const struct tcp_md5sig_key *key, 600 const struct sock *sk, 601 const struct sk_buff *skb) 602 { 603 const struct in6_addr *saddr, *daddr; 604 struct tcp_md5sig_pool *hp; 605 struct ahash_request *req; 606 const struct tcphdr *th = tcp_hdr(skb); 607 608 if (sk) { /* valid for establish/request sockets */ 609 saddr = &sk->sk_v6_rcv_saddr; 610 daddr = &sk->sk_v6_daddr; 611 } else { 612 const struct ipv6hdr *ip6h = ipv6_hdr(skb); 613 saddr = &ip6h->saddr; 614 daddr = &ip6h->daddr; 615 } 616 617 hp = tcp_get_md5sig_pool(); 618 if (!hp) 619 goto clear_hash_noput; 620 req = hp->md5_req; 621 622 if (crypto_ahash_init(req)) 623 goto clear_hash; 624 625 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, skb->len)) 626 goto clear_hash; 627 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2)) 628 goto clear_hash; 629 if (tcp_md5_hash_key(hp, key)) 630 goto clear_hash; 631 ahash_request_set_crypt(req, NULL, md5_hash, 0); 632 if (crypto_ahash_final(req)) 633 goto clear_hash; 634 635 tcp_put_md5sig_pool(); 636 return 0; 637 638 clear_hash: 639 tcp_put_md5sig_pool(); 640 clear_hash_noput: 641 memset(md5_hash, 0, 16); 642 return 1; 643 } 644 645 #endif 646 647 static bool tcp_v6_inbound_md5_hash(const struct sock *sk, 648 const struct sk_buff *skb) 649 { 650 #ifdef CONFIG_TCP_MD5SIG 651 const __u8 *hash_location = NULL; 652 struct tcp_md5sig_key *hash_expected; 653 const struct ipv6hdr *ip6h = ipv6_hdr(skb); 654 const struct tcphdr *th = tcp_hdr(skb); 655 int genhash; 656 u8 newhash[16]; 657 658 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr); 659 hash_location = tcp_parse_md5sig_option(th); 660 661 /* We've parsed the options - do we have a hash? */ 662 if (!hash_expected && !hash_location) 663 return false; 664 665 if (hash_expected && !hash_location) { 666 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND); 667 return true; 668 } 669 670 if (!hash_expected && hash_location) { 671 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED); 672 return true; 673 } 674 675 /* check the signature */ 676 genhash = tcp_v6_md5_hash_skb(newhash, 677 hash_expected, 678 NULL, skb); 679 680 if (genhash || memcmp(hash_location, newhash, 16) != 0) { 681 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5FAILURE); 682 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n", 683 genhash ? "failed" : "mismatch", 684 &ip6h->saddr, ntohs(th->source), 685 &ip6h->daddr, ntohs(th->dest)); 686 return true; 687 } 688 #endif 689 return false; 690 } 691 692 static void tcp_v6_init_req(struct request_sock *req, 693 const struct sock *sk_listener, 694 struct sk_buff *skb) 695 { 696 struct inet_request_sock *ireq = inet_rsk(req); 697 const struct ipv6_pinfo *np = inet6_sk(sk_listener); 698 699 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr; 700 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr; 701 702 /* So that link locals have meaning */ 703 if (!sk_listener->sk_bound_dev_if && 704 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL) 705 ireq->ir_iif = tcp_v6_iif(skb); 706 707 if (!TCP_SKB_CB(skb)->tcp_tw_isn && 708 (ipv6_opt_accepted(sk_listener, skb, &TCP_SKB_CB(skb)->header.h6) || 709 np->rxopt.bits.rxinfo || 710 np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim || 711 np->rxopt.bits.rxohlim || np->repflow)) { 712 atomic_inc(&skb->users); 713 ireq->pktopts = skb; 714 } 715 } 716 717 static struct dst_entry *tcp_v6_route_req(const struct sock *sk, 718 struct flowi *fl, 719 const struct request_sock *req, 720 bool *strict) 721 { 722 if (strict) 723 *strict = true; 724 return inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP); 725 } 726 727 struct request_sock_ops tcp6_request_sock_ops __read_mostly = { 728 .family = AF_INET6, 729 .obj_size = sizeof(struct tcp6_request_sock), 730 .rtx_syn_ack = tcp_rtx_synack, 731 .send_ack = tcp_v6_reqsk_send_ack, 732 .destructor = tcp_v6_reqsk_destructor, 733 .send_reset = tcp_v6_send_reset, 734 .syn_ack_timeout = tcp_syn_ack_timeout, 735 }; 736 737 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = { 738 .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - 739 sizeof(struct ipv6hdr), 740 #ifdef CONFIG_TCP_MD5SIG 741 .req_md5_lookup = tcp_v6_md5_lookup, 742 .calc_md5_hash = tcp_v6_md5_hash_skb, 743 #endif 744 .init_req = tcp_v6_init_req, 745 #ifdef CONFIG_SYN_COOKIES 746 .cookie_init_seq = cookie_v6_init_sequence, 747 #endif 748 .route_req = tcp_v6_route_req, 749 .init_seq = tcp_v6_init_sequence, 750 .send_synack = tcp_v6_send_synack, 751 }; 752 753 static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 seq, 754 u32 ack, u32 win, u32 tsval, u32 tsecr, 755 int oif, struct tcp_md5sig_key *key, int rst, 756 u8 tclass, __be32 label) 757 { 758 const struct tcphdr *th = tcp_hdr(skb); 759 struct tcphdr *t1; 760 struct sk_buff *buff; 761 struct flowi6 fl6; 762 struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev); 763 struct sock *ctl_sk = net->ipv6.tcp_sk; 764 unsigned int tot_len = sizeof(struct tcphdr); 765 struct dst_entry *dst; 766 __be32 *topt; 767 768 if (tsecr) 769 tot_len += TCPOLEN_TSTAMP_ALIGNED; 770 #ifdef CONFIG_TCP_MD5SIG 771 if (key) 772 tot_len += TCPOLEN_MD5SIG_ALIGNED; 773 #endif 774 775 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len, 776 GFP_ATOMIC); 777 if (!buff) 778 return; 779 780 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len); 781 782 t1 = (struct tcphdr *) skb_push(buff, tot_len); 783 skb_reset_transport_header(buff); 784 785 /* Swap the send and the receive. */ 786 memset(t1, 0, sizeof(*t1)); 787 t1->dest = th->source; 788 t1->source = th->dest; 789 t1->doff = tot_len / 4; 790 t1->seq = htonl(seq); 791 t1->ack_seq = htonl(ack); 792 t1->ack = !rst || !th->ack; 793 t1->rst = rst; 794 t1->window = htons(win); 795 796 topt = (__be32 *)(t1 + 1); 797 798 if (tsecr) { 799 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 800 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP); 801 *topt++ = htonl(tsval); 802 *topt++ = htonl(tsecr); 803 } 804 805 #ifdef CONFIG_TCP_MD5SIG 806 if (key) { 807 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 808 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); 809 tcp_v6_md5_hash_hdr((__u8 *)topt, key, 810 &ipv6_hdr(skb)->saddr, 811 &ipv6_hdr(skb)->daddr, t1); 812 } 813 #endif 814 815 memset(&fl6, 0, sizeof(fl6)); 816 fl6.daddr = ipv6_hdr(skb)->saddr; 817 fl6.saddr = ipv6_hdr(skb)->daddr; 818 fl6.flowlabel = label; 819 820 buff->ip_summed = CHECKSUM_PARTIAL; 821 buff->csum = 0; 822 823 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr); 824 825 fl6.flowi6_proto = IPPROTO_TCP; 826 if (rt6_need_strict(&fl6.daddr) && !oif) 827 fl6.flowi6_oif = tcp_v6_iif(skb); 828 else { 829 if (!oif && netif_index_is_l3_master(net, skb->skb_iif)) 830 oif = skb->skb_iif; 831 832 fl6.flowi6_oif = oif; 833 } 834 835 fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark); 836 fl6.fl6_dport = t1->dest; 837 fl6.fl6_sport = t1->source; 838 fl6.flowi6_uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL); 839 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); 840 841 /* Pass a socket to ip6_dst_lookup either it is for RST 842 * Underlying function will use this to retrieve the network 843 * namespace 844 */ 845 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL); 846 if (!IS_ERR(dst)) { 847 skb_dst_set(buff, dst); 848 ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL, tclass); 849 TCP_INC_STATS(net, TCP_MIB_OUTSEGS); 850 if (rst) 851 TCP_INC_STATS(net, TCP_MIB_OUTRSTS); 852 return; 853 } 854 855 kfree_skb(buff); 856 } 857 858 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb) 859 { 860 const struct tcphdr *th = tcp_hdr(skb); 861 u32 seq = 0, ack_seq = 0; 862 struct tcp_md5sig_key *key = NULL; 863 #ifdef CONFIG_TCP_MD5SIG 864 const __u8 *hash_location = NULL; 865 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 866 unsigned char newhash[16]; 867 int genhash; 868 struct sock *sk1 = NULL; 869 #endif 870 int oif; 871 872 if (th->rst) 873 return; 874 875 /* If sk not NULL, it means we did a successful lookup and incoming 876 * route had to be correct. prequeue might have dropped our dst. 877 */ 878 if (!sk && !ipv6_unicast_destination(skb)) 879 return; 880 881 #ifdef CONFIG_TCP_MD5SIG 882 rcu_read_lock(); 883 hash_location = tcp_parse_md5sig_option(th); 884 if (sk && sk_fullsock(sk)) { 885 key = tcp_v6_md5_do_lookup(sk, &ipv6h->saddr); 886 } else if (hash_location) { 887 /* 888 * active side is lost. Try to find listening socket through 889 * source port, and then find md5 key through listening socket. 890 * we are not loose security here: 891 * Incoming packet is checked with md5 hash with finding key, 892 * no RST generated if md5 hash doesn't match. 893 */ 894 sk1 = inet6_lookup_listener(dev_net(skb_dst(skb)->dev), 895 &tcp_hashinfo, NULL, 0, 896 &ipv6h->saddr, 897 th->source, &ipv6h->daddr, 898 ntohs(th->source), tcp_v6_iif(skb)); 899 if (!sk1) 900 goto out; 901 902 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr); 903 if (!key) 904 goto out; 905 906 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, skb); 907 if (genhash || memcmp(hash_location, newhash, 16) != 0) 908 goto out; 909 } 910 #endif 911 912 if (th->ack) 913 seq = ntohl(th->ack_seq); 914 else 915 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len - 916 (th->doff << 2); 917 918 oif = sk ? sk->sk_bound_dev_if : 0; 919 tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, key, 1, 0, 0); 920 921 #ifdef CONFIG_TCP_MD5SIG 922 out: 923 rcu_read_unlock(); 924 #endif 925 } 926 927 static void tcp_v6_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq, 928 u32 ack, u32 win, u32 tsval, u32 tsecr, int oif, 929 struct tcp_md5sig_key *key, u8 tclass, 930 __be32 label) 931 { 932 tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, key, 0, 933 tclass, label); 934 } 935 936 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb) 937 { 938 struct inet_timewait_sock *tw = inet_twsk(sk); 939 struct tcp_timewait_sock *tcptw = tcp_twsk(sk); 940 941 tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt, 942 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale, 943 tcp_time_stamp + tcptw->tw_ts_offset, 944 tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw), 945 tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel)); 946 947 inet_twsk_put(tw); 948 } 949 950 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb, 951 struct request_sock *req) 952 { 953 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV 954 * sk->sk_state == TCP_SYN_RECV -> for Fast Open. 955 */ 956 /* RFC 7323 2.3 957 * The window field (SEG.WND) of every outgoing segment, with the 958 * exception of <SYN> segments, MUST be right-shifted by 959 * Rcv.Wind.Shift bits: 960 */ 961 tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ? 962 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt, 963 tcp_rsk(req)->rcv_nxt, 964 req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale, 965 tcp_time_stamp + tcp_rsk(req)->ts_off, 966 req->ts_recent, sk->sk_bound_dev_if, 967 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr), 968 0, 0); 969 } 970 971 972 static struct sock *tcp_v6_cookie_check(struct sock *sk, struct sk_buff *skb) 973 { 974 #ifdef CONFIG_SYN_COOKIES 975 const struct tcphdr *th = tcp_hdr(skb); 976 977 if (!th->syn) 978 sk = cookie_v6_check(sk, skb); 979 #endif 980 return sk; 981 } 982 983 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb) 984 { 985 if (skb->protocol == htons(ETH_P_IP)) 986 return tcp_v4_conn_request(sk, skb); 987 988 if (!ipv6_unicast_destination(skb)) 989 goto drop; 990 991 return tcp_conn_request(&tcp6_request_sock_ops, 992 &tcp_request_sock_ipv6_ops, sk, skb); 993 994 drop: 995 tcp_listendrop(sk); 996 return 0; /* don't send reset */ 997 } 998 999 static void tcp_v6_restore_cb(struct sk_buff *skb) 1000 { 1001 /* We need to move header back to the beginning if xfrm6_policy_check() 1002 * and tcp_v6_fill_cb() are going to be called again. 1003 * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there. 1004 */ 1005 memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6, 1006 sizeof(struct inet6_skb_parm)); 1007 } 1008 1009 static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb, 1010 struct request_sock *req, 1011 struct dst_entry *dst, 1012 struct request_sock *req_unhash, 1013 bool *own_req) 1014 { 1015 struct inet_request_sock *ireq; 1016 struct ipv6_pinfo *newnp; 1017 const struct ipv6_pinfo *np = inet6_sk(sk); 1018 struct ipv6_txoptions *opt; 1019 struct tcp6_sock *newtcp6sk; 1020 struct inet_sock *newinet; 1021 struct tcp_sock *newtp; 1022 struct sock *newsk; 1023 #ifdef CONFIG_TCP_MD5SIG 1024 struct tcp_md5sig_key *key; 1025 #endif 1026 struct flowi6 fl6; 1027 1028 if (skb->protocol == htons(ETH_P_IP)) { 1029 /* 1030 * v6 mapped 1031 */ 1032 1033 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst, 1034 req_unhash, own_req); 1035 1036 if (!newsk) 1037 return NULL; 1038 1039 newtcp6sk = (struct tcp6_sock *)newsk; 1040 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1041 1042 newinet = inet_sk(newsk); 1043 newnp = inet6_sk(newsk); 1044 newtp = tcp_sk(newsk); 1045 1046 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1047 1048 newnp->saddr = newsk->sk_v6_rcv_saddr; 1049 1050 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped; 1051 newsk->sk_backlog_rcv = tcp_v4_do_rcv; 1052 #ifdef CONFIG_TCP_MD5SIG 1053 newtp->af_specific = &tcp_sock_ipv6_mapped_specific; 1054 #endif 1055 1056 newnp->ipv6_ac_list = NULL; 1057 newnp->ipv6_fl_list = NULL; 1058 newnp->pktoptions = NULL; 1059 newnp->opt = NULL; 1060 newnp->mcast_oif = tcp_v6_iif(skb); 1061 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1062 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb)); 1063 if (np->repflow) 1064 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb)); 1065 1066 /* 1067 * No need to charge this sock to the relevant IPv6 refcnt debug socks count 1068 * here, tcp_create_openreq_child now does this for us, see the comment in 1069 * that function for the gory details. -acme 1070 */ 1071 1072 /* It is tricky place. Until this moment IPv4 tcp 1073 worked with IPv6 icsk.icsk_af_ops. 1074 Sync it now. 1075 */ 1076 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); 1077 1078 return newsk; 1079 } 1080 1081 ireq = inet_rsk(req); 1082 1083 if (sk_acceptq_is_full(sk)) 1084 goto out_overflow; 1085 1086 if (!dst) { 1087 dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_TCP); 1088 if (!dst) 1089 goto out; 1090 } 1091 1092 newsk = tcp_create_openreq_child(sk, req, skb); 1093 if (!newsk) 1094 goto out_nonewsk; 1095 1096 /* 1097 * No need to charge this sock to the relevant IPv6 refcnt debug socks 1098 * count here, tcp_create_openreq_child now does this for us, see the 1099 * comment in that function for the gory details. -acme 1100 */ 1101 1102 newsk->sk_gso_type = SKB_GSO_TCPV6; 1103 ip6_dst_store(newsk, dst, NULL, NULL); 1104 inet6_sk_rx_dst_set(newsk, skb); 1105 1106 newtcp6sk = (struct tcp6_sock *)newsk; 1107 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1108 1109 newtp = tcp_sk(newsk); 1110 newinet = inet_sk(newsk); 1111 newnp = inet6_sk(newsk); 1112 1113 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1114 1115 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr; 1116 newnp->saddr = ireq->ir_v6_loc_addr; 1117 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr; 1118 newsk->sk_bound_dev_if = ireq->ir_iif; 1119 1120 /* Now IPv6 options... 1121 1122 First: no IPv4 options. 1123 */ 1124 newinet->inet_opt = NULL; 1125 newnp->ipv6_ac_list = NULL; 1126 newnp->ipv6_fl_list = NULL; 1127 1128 /* Clone RX bits */ 1129 newnp->rxopt.all = np->rxopt.all; 1130 1131 newnp->pktoptions = NULL; 1132 newnp->opt = NULL; 1133 newnp->mcast_oif = tcp_v6_iif(skb); 1134 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1135 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb)); 1136 if (np->repflow) 1137 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb)); 1138 1139 /* Clone native IPv6 options from listening socket (if any) 1140 1141 Yes, keeping reference count would be much more clever, 1142 but we make one more one thing there: reattach optmem 1143 to newsk. 1144 */ 1145 opt = ireq->ipv6_opt; 1146 if (!opt) 1147 opt = rcu_dereference(np->opt); 1148 if (opt) { 1149 opt = ipv6_dup_options(newsk, opt); 1150 RCU_INIT_POINTER(newnp->opt, opt); 1151 } 1152 inet_csk(newsk)->icsk_ext_hdr_len = 0; 1153 if (opt) 1154 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen + 1155 opt->opt_flen; 1156 1157 tcp_ca_openreq_child(newsk, dst); 1158 1159 tcp_sync_mss(newsk, dst_mtu(dst)); 1160 newtp->advmss = tcp_mss_clamp(tcp_sk(sk), dst_metric_advmss(dst)); 1161 1162 tcp_initialize_rcv_mss(newsk); 1163 1164 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6; 1165 newinet->inet_rcv_saddr = LOOPBACK4_IPV6; 1166 1167 #ifdef CONFIG_TCP_MD5SIG 1168 /* Copy over the MD5 key from the original socket */ 1169 key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr); 1170 if (key) { 1171 /* We're using one, so create a matching key 1172 * on the newsk structure. If we fail to get 1173 * memory, then we end up not copying the key 1174 * across. Shucks. 1175 */ 1176 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr, 1177 AF_INET6, key->key, key->keylen, 1178 sk_gfp_mask(sk, GFP_ATOMIC)); 1179 } 1180 #endif 1181 1182 if (__inet_inherit_port(sk, newsk) < 0) { 1183 inet_csk_prepare_forced_close(newsk); 1184 tcp_done(newsk); 1185 goto out; 1186 } 1187 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash)); 1188 if (*own_req) { 1189 tcp_move_syn(newtp, req); 1190 1191 /* Clone pktoptions received with SYN, if we own the req */ 1192 if (ireq->pktopts) { 1193 newnp->pktoptions = skb_clone(ireq->pktopts, 1194 sk_gfp_mask(sk, GFP_ATOMIC)); 1195 consume_skb(ireq->pktopts); 1196 ireq->pktopts = NULL; 1197 if (newnp->pktoptions) { 1198 tcp_v6_restore_cb(newnp->pktoptions); 1199 skb_set_owner_r(newnp->pktoptions, newsk); 1200 } 1201 } 1202 } 1203 1204 return newsk; 1205 1206 out_overflow: 1207 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); 1208 out_nonewsk: 1209 dst_release(dst); 1210 out: 1211 tcp_listendrop(sk); 1212 return NULL; 1213 } 1214 1215 /* The socket must have it's spinlock held when we get 1216 * here, unless it is a TCP_LISTEN socket. 1217 * 1218 * We have a potential double-lock case here, so even when 1219 * doing backlog processing we use the BH locking scheme. 1220 * This is because we cannot sleep with the original spinlock 1221 * held. 1222 */ 1223 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) 1224 { 1225 struct ipv6_pinfo *np = inet6_sk(sk); 1226 struct tcp_sock *tp; 1227 struct sk_buff *opt_skb = NULL; 1228 1229 /* Imagine: socket is IPv6. IPv4 packet arrives, 1230 goes to IPv4 receive handler and backlogged. 1231 From backlog it always goes here. Kerboom... 1232 Fortunately, tcp_rcv_established and rcv_established 1233 handle them correctly, but it is not case with 1234 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK 1235 */ 1236 1237 if (skb->protocol == htons(ETH_P_IP)) 1238 return tcp_v4_do_rcv(sk, skb); 1239 1240 if (tcp_filter(sk, skb)) 1241 goto discard; 1242 1243 /* 1244 * socket locking is here for SMP purposes as backlog rcv 1245 * is currently called with bh processing disabled. 1246 */ 1247 1248 /* Do Stevens' IPV6_PKTOPTIONS. 1249 1250 Yes, guys, it is the only place in our code, where we 1251 may make it not affecting IPv4. 1252 The rest of code is protocol independent, 1253 and I do not like idea to uglify IPv4. 1254 1255 Actually, all the idea behind IPV6_PKTOPTIONS 1256 looks not very well thought. For now we latch 1257 options, received in the last packet, enqueued 1258 by tcp. Feel free to propose better solution. 1259 --ANK (980728) 1260 */ 1261 if (np->rxopt.all) 1262 opt_skb = skb_clone(skb, sk_gfp_mask(sk, GFP_ATOMIC)); 1263 1264 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ 1265 struct dst_entry *dst = sk->sk_rx_dst; 1266 1267 sock_rps_save_rxhash(sk, skb); 1268 sk_mark_napi_id(sk, skb); 1269 if (dst) { 1270 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif || 1271 dst->ops->check(dst, np->rx_dst_cookie) == NULL) { 1272 dst_release(dst); 1273 sk->sk_rx_dst = NULL; 1274 } 1275 } 1276 1277 tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len); 1278 if (opt_skb) 1279 goto ipv6_pktoptions; 1280 return 0; 1281 } 1282 1283 if (tcp_checksum_complete(skb)) 1284 goto csum_err; 1285 1286 if (sk->sk_state == TCP_LISTEN) { 1287 struct sock *nsk = tcp_v6_cookie_check(sk, skb); 1288 1289 if (!nsk) 1290 goto discard; 1291 1292 if (nsk != sk) { 1293 sock_rps_save_rxhash(nsk, skb); 1294 sk_mark_napi_id(nsk, skb); 1295 if (tcp_child_process(sk, nsk, skb)) 1296 goto reset; 1297 if (opt_skb) 1298 __kfree_skb(opt_skb); 1299 return 0; 1300 } 1301 } else 1302 sock_rps_save_rxhash(sk, skb); 1303 1304 if (tcp_rcv_state_process(sk, skb)) 1305 goto reset; 1306 if (opt_skb) 1307 goto ipv6_pktoptions; 1308 return 0; 1309 1310 reset: 1311 tcp_v6_send_reset(sk, skb); 1312 discard: 1313 if (opt_skb) 1314 __kfree_skb(opt_skb); 1315 kfree_skb(skb); 1316 return 0; 1317 csum_err: 1318 TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS); 1319 TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS); 1320 goto discard; 1321 1322 1323 ipv6_pktoptions: 1324 /* Do you ask, what is it? 1325 1326 1. skb was enqueued by tcp. 1327 2. skb is added to tail of read queue, rather than out of order. 1328 3. socket is not in passive state. 1329 4. Finally, it really contains options, which user wants to receive. 1330 */ 1331 tp = tcp_sk(sk); 1332 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt && 1333 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) { 1334 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo) 1335 np->mcast_oif = tcp_v6_iif(opt_skb); 1336 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) 1337 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit; 1338 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass) 1339 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb)); 1340 if (np->repflow) 1341 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb)); 1342 if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) { 1343 skb_set_owner_r(opt_skb, sk); 1344 tcp_v6_restore_cb(opt_skb); 1345 opt_skb = xchg(&np->pktoptions, opt_skb); 1346 } else { 1347 __kfree_skb(opt_skb); 1348 opt_skb = xchg(&np->pktoptions, NULL); 1349 } 1350 } 1351 1352 kfree_skb(opt_skb); 1353 return 0; 1354 } 1355 1356 static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr, 1357 const struct tcphdr *th) 1358 { 1359 /* This is tricky: we move IP6CB at its correct location into 1360 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because 1361 * _decode_session6() uses IP6CB(). 1362 * barrier() makes sure compiler won't play aliasing games. 1363 */ 1364 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb), 1365 sizeof(struct inet6_skb_parm)); 1366 barrier(); 1367 1368 TCP_SKB_CB(skb)->seq = ntohl(th->seq); 1369 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin + 1370 skb->len - th->doff*4); 1371 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq); 1372 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th); 1373 TCP_SKB_CB(skb)->tcp_tw_isn = 0; 1374 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr); 1375 TCP_SKB_CB(skb)->sacked = 0; 1376 } 1377 1378 static int tcp_v6_rcv(struct sk_buff *skb) 1379 { 1380 const struct tcphdr *th; 1381 const struct ipv6hdr *hdr; 1382 bool refcounted; 1383 struct sock *sk; 1384 int ret; 1385 struct net *net = dev_net(skb->dev); 1386 1387 if (skb->pkt_type != PACKET_HOST) 1388 goto discard_it; 1389 1390 /* 1391 * Count it even if it's bad. 1392 */ 1393 __TCP_INC_STATS(net, TCP_MIB_INSEGS); 1394 1395 if (!pskb_may_pull(skb, sizeof(struct tcphdr))) 1396 goto discard_it; 1397 1398 th = (const struct tcphdr *)skb->data; 1399 1400 if (unlikely(th->doff < sizeof(struct tcphdr)/4)) 1401 goto bad_packet; 1402 if (!pskb_may_pull(skb, th->doff*4)) 1403 goto discard_it; 1404 1405 if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo)) 1406 goto csum_error; 1407 1408 th = (const struct tcphdr *)skb->data; 1409 hdr = ipv6_hdr(skb); 1410 1411 lookup: 1412 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th), 1413 th->source, th->dest, inet6_iif(skb), 1414 &refcounted); 1415 if (!sk) 1416 goto no_tcp_socket; 1417 1418 process: 1419 if (sk->sk_state == TCP_TIME_WAIT) 1420 goto do_time_wait; 1421 1422 if (sk->sk_state == TCP_NEW_SYN_RECV) { 1423 struct request_sock *req = inet_reqsk(sk); 1424 struct sock *nsk; 1425 1426 sk = req->rsk_listener; 1427 tcp_v6_fill_cb(skb, hdr, th); 1428 if (tcp_v6_inbound_md5_hash(sk, skb)) { 1429 sk_drops_add(sk, skb); 1430 reqsk_put(req); 1431 goto discard_it; 1432 } 1433 if (unlikely(sk->sk_state != TCP_LISTEN)) { 1434 inet_csk_reqsk_queue_drop_and_put(sk, req); 1435 goto lookup; 1436 } 1437 sock_hold(sk); 1438 refcounted = true; 1439 nsk = tcp_check_req(sk, skb, req, false); 1440 if (!nsk) { 1441 reqsk_put(req); 1442 goto discard_and_relse; 1443 } 1444 if (nsk == sk) { 1445 reqsk_put(req); 1446 tcp_v6_restore_cb(skb); 1447 } else if (tcp_child_process(sk, nsk, skb)) { 1448 tcp_v6_send_reset(nsk, skb); 1449 goto discard_and_relse; 1450 } else { 1451 sock_put(sk); 1452 return 0; 1453 } 1454 } 1455 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) { 1456 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP); 1457 goto discard_and_relse; 1458 } 1459 1460 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) 1461 goto discard_and_relse; 1462 1463 tcp_v6_fill_cb(skb, hdr, th); 1464 1465 if (tcp_v6_inbound_md5_hash(sk, skb)) 1466 goto discard_and_relse; 1467 1468 if (tcp_filter(sk, skb)) 1469 goto discard_and_relse; 1470 th = (const struct tcphdr *)skb->data; 1471 hdr = ipv6_hdr(skb); 1472 1473 skb->dev = NULL; 1474 1475 if (sk->sk_state == TCP_LISTEN) { 1476 ret = tcp_v6_do_rcv(sk, skb); 1477 goto put_and_return; 1478 } 1479 1480 sk_incoming_cpu_update(sk); 1481 1482 bh_lock_sock_nested(sk); 1483 tcp_segs_in(tcp_sk(sk), skb); 1484 ret = 0; 1485 if (!sock_owned_by_user(sk)) { 1486 if (!tcp_prequeue(sk, skb)) 1487 ret = tcp_v6_do_rcv(sk, skb); 1488 } else if (tcp_add_backlog(sk, skb)) { 1489 goto discard_and_relse; 1490 } 1491 bh_unlock_sock(sk); 1492 1493 put_and_return: 1494 if (refcounted) 1495 sock_put(sk); 1496 return ret ? -1 : 0; 1497 1498 no_tcp_socket: 1499 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 1500 goto discard_it; 1501 1502 tcp_v6_fill_cb(skb, hdr, th); 1503 1504 if (tcp_checksum_complete(skb)) { 1505 csum_error: 1506 __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS); 1507 bad_packet: 1508 __TCP_INC_STATS(net, TCP_MIB_INERRS); 1509 } else { 1510 tcp_v6_send_reset(NULL, skb); 1511 } 1512 1513 discard_it: 1514 kfree_skb(skb); 1515 return 0; 1516 1517 discard_and_relse: 1518 sk_drops_add(sk, skb); 1519 if (refcounted) 1520 sock_put(sk); 1521 goto discard_it; 1522 1523 do_time_wait: 1524 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 1525 inet_twsk_put(inet_twsk(sk)); 1526 goto discard_it; 1527 } 1528 1529 tcp_v6_fill_cb(skb, hdr, th); 1530 1531 if (tcp_checksum_complete(skb)) { 1532 inet_twsk_put(inet_twsk(sk)); 1533 goto csum_error; 1534 } 1535 1536 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) { 1537 case TCP_TW_SYN: 1538 { 1539 struct sock *sk2; 1540 1541 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo, 1542 skb, __tcp_hdrlen(th), 1543 &ipv6_hdr(skb)->saddr, th->source, 1544 &ipv6_hdr(skb)->daddr, 1545 ntohs(th->dest), tcp_v6_iif(skb)); 1546 if (sk2) { 1547 struct inet_timewait_sock *tw = inet_twsk(sk); 1548 inet_twsk_deschedule_put(tw); 1549 sk = sk2; 1550 tcp_v6_restore_cb(skb); 1551 refcounted = false; 1552 goto process; 1553 } 1554 /* Fall through to ACK */ 1555 } 1556 case TCP_TW_ACK: 1557 tcp_v6_timewait_ack(sk, skb); 1558 break; 1559 case TCP_TW_RST: 1560 tcp_v6_restore_cb(skb); 1561 tcp_v6_send_reset(sk, skb); 1562 inet_twsk_deschedule_put(inet_twsk(sk)); 1563 goto discard_it; 1564 case TCP_TW_SUCCESS: 1565 ; 1566 } 1567 goto discard_it; 1568 } 1569 1570 static void tcp_v6_early_demux(struct sk_buff *skb) 1571 { 1572 const struct ipv6hdr *hdr; 1573 const struct tcphdr *th; 1574 struct sock *sk; 1575 1576 if (skb->pkt_type != PACKET_HOST) 1577 return; 1578 1579 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr))) 1580 return; 1581 1582 hdr = ipv6_hdr(skb); 1583 th = tcp_hdr(skb); 1584 1585 if (th->doff < sizeof(struct tcphdr) / 4) 1586 return; 1587 1588 /* Note : We use inet6_iif() here, not tcp_v6_iif() */ 1589 sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo, 1590 &hdr->saddr, th->source, 1591 &hdr->daddr, ntohs(th->dest), 1592 inet6_iif(skb)); 1593 if (sk) { 1594 skb->sk = sk; 1595 skb->destructor = sock_edemux; 1596 if (sk_fullsock(sk)) { 1597 struct dst_entry *dst = READ_ONCE(sk->sk_rx_dst); 1598 1599 if (dst) 1600 dst = dst_check(dst, inet6_sk(sk)->rx_dst_cookie); 1601 if (dst && 1602 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif) 1603 skb_dst_set_noref(skb, dst); 1604 } 1605 } 1606 } 1607 1608 static struct timewait_sock_ops tcp6_timewait_sock_ops = { 1609 .twsk_obj_size = sizeof(struct tcp6_timewait_sock), 1610 .twsk_unique = tcp_twsk_unique, 1611 .twsk_destructor = tcp_twsk_destructor, 1612 }; 1613 1614 static const struct inet_connection_sock_af_ops ipv6_specific = { 1615 .queue_xmit = inet6_csk_xmit, 1616 .send_check = tcp_v6_send_check, 1617 .rebuild_header = inet6_sk_rebuild_header, 1618 .sk_rx_dst_set = inet6_sk_rx_dst_set, 1619 .conn_request = tcp_v6_conn_request, 1620 .syn_recv_sock = tcp_v6_syn_recv_sock, 1621 .net_header_len = sizeof(struct ipv6hdr), 1622 .net_frag_header_len = sizeof(struct frag_hdr), 1623 .setsockopt = ipv6_setsockopt, 1624 .getsockopt = ipv6_getsockopt, 1625 .addr2sockaddr = inet6_csk_addr2sockaddr, 1626 .sockaddr_len = sizeof(struct sockaddr_in6), 1627 #ifdef CONFIG_COMPAT 1628 .compat_setsockopt = compat_ipv6_setsockopt, 1629 .compat_getsockopt = compat_ipv6_getsockopt, 1630 #endif 1631 .mtu_reduced = tcp_v6_mtu_reduced, 1632 }; 1633 1634 #ifdef CONFIG_TCP_MD5SIG 1635 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = { 1636 .md5_lookup = tcp_v6_md5_lookup, 1637 .calc_md5_hash = tcp_v6_md5_hash_skb, 1638 .md5_parse = tcp_v6_parse_md5_keys, 1639 }; 1640 #endif 1641 1642 /* 1643 * TCP over IPv4 via INET6 API 1644 */ 1645 static const struct inet_connection_sock_af_ops ipv6_mapped = { 1646 .queue_xmit = ip_queue_xmit, 1647 .send_check = tcp_v4_send_check, 1648 .rebuild_header = inet_sk_rebuild_header, 1649 .sk_rx_dst_set = inet_sk_rx_dst_set, 1650 .conn_request = tcp_v6_conn_request, 1651 .syn_recv_sock = tcp_v6_syn_recv_sock, 1652 .net_header_len = sizeof(struct iphdr), 1653 .setsockopt = ipv6_setsockopt, 1654 .getsockopt = ipv6_getsockopt, 1655 .addr2sockaddr = inet6_csk_addr2sockaddr, 1656 .sockaddr_len = sizeof(struct sockaddr_in6), 1657 #ifdef CONFIG_COMPAT 1658 .compat_setsockopt = compat_ipv6_setsockopt, 1659 .compat_getsockopt = compat_ipv6_getsockopt, 1660 #endif 1661 .mtu_reduced = tcp_v4_mtu_reduced, 1662 }; 1663 1664 #ifdef CONFIG_TCP_MD5SIG 1665 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = { 1666 .md5_lookup = tcp_v4_md5_lookup, 1667 .calc_md5_hash = tcp_v4_md5_hash_skb, 1668 .md5_parse = tcp_v6_parse_md5_keys, 1669 }; 1670 #endif 1671 1672 /* NOTE: A lot of things set to zero explicitly by call to 1673 * sk_alloc() so need not be done here. 1674 */ 1675 static int tcp_v6_init_sock(struct sock *sk) 1676 { 1677 struct inet_connection_sock *icsk = inet_csk(sk); 1678 1679 tcp_init_sock(sk); 1680 1681 icsk->icsk_af_ops = &ipv6_specific; 1682 1683 #ifdef CONFIG_TCP_MD5SIG 1684 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific; 1685 #endif 1686 1687 return 0; 1688 } 1689 1690 static void tcp_v6_destroy_sock(struct sock *sk) 1691 { 1692 tcp_v4_destroy_sock(sk); 1693 inet6_destroy_sock(sk); 1694 } 1695 1696 #ifdef CONFIG_PROC_FS 1697 /* Proc filesystem TCPv6 sock list dumping. */ 1698 static void get_openreq6(struct seq_file *seq, 1699 const struct request_sock *req, int i) 1700 { 1701 long ttd = req->rsk_timer.expires - jiffies; 1702 const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr; 1703 const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr; 1704 1705 if (ttd < 0) 1706 ttd = 0; 1707 1708 seq_printf(seq, 1709 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1710 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n", 1711 i, 1712 src->s6_addr32[0], src->s6_addr32[1], 1713 src->s6_addr32[2], src->s6_addr32[3], 1714 inet_rsk(req)->ir_num, 1715 dest->s6_addr32[0], dest->s6_addr32[1], 1716 dest->s6_addr32[2], dest->s6_addr32[3], 1717 ntohs(inet_rsk(req)->ir_rmt_port), 1718 TCP_SYN_RECV, 1719 0, 0, /* could print option size, but that is af dependent. */ 1720 1, /* timers active (only the expire timer) */ 1721 jiffies_to_clock_t(ttd), 1722 req->num_timeout, 1723 from_kuid_munged(seq_user_ns(seq), 1724 sock_i_uid(req->rsk_listener)), 1725 0, /* non standard timer */ 1726 0, /* open_requests have no inode */ 1727 0, req); 1728 } 1729 1730 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) 1731 { 1732 const struct in6_addr *dest, *src; 1733 __u16 destp, srcp; 1734 int timer_active; 1735 unsigned long timer_expires; 1736 const struct inet_sock *inet = inet_sk(sp); 1737 const struct tcp_sock *tp = tcp_sk(sp); 1738 const struct inet_connection_sock *icsk = inet_csk(sp); 1739 const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq; 1740 int rx_queue; 1741 int state; 1742 1743 dest = &sp->sk_v6_daddr; 1744 src = &sp->sk_v6_rcv_saddr; 1745 destp = ntohs(inet->inet_dport); 1746 srcp = ntohs(inet->inet_sport); 1747 1748 if (icsk->icsk_pending == ICSK_TIME_RETRANS || 1749 icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT || 1750 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) { 1751 timer_active = 1; 1752 timer_expires = icsk->icsk_timeout; 1753 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) { 1754 timer_active = 4; 1755 timer_expires = icsk->icsk_timeout; 1756 } else if (timer_pending(&sp->sk_timer)) { 1757 timer_active = 2; 1758 timer_expires = sp->sk_timer.expires; 1759 } else { 1760 timer_active = 0; 1761 timer_expires = jiffies; 1762 } 1763 1764 state = sk_state_load(sp); 1765 if (state == TCP_LISTEN) 1766 rx_queue = sp->sk_ack_backlog; 1767 else 1768 /* Because we don't lock the socket, 1769 * we might find a transient negative value. 1770 */ 1771 rx_queue = max_t(int, tp->rcv_nxt - tp->copied_seq, 0); 1772 1773 seq_printf(seq, 1774 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1775 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n", 1776 i, 1777 src->s6_addr32[0], src->s6_addr32[1], 1778 src->s6_addr32[2], src->s6_addr32[3], srcp, 1779 dest->s6_addr32[0], dest->s6_addr32[1], 1780 dest->s6_addr32[2], dest->s6_addr32[3], destp, 1781 state, 1782 tp->write_seq - tp->snd_una, 1783 rx_queue, 1784 timer_active, 1785 jiffies_delta_to_clock_t(timer_expires - jiffies), 1786 icsk->icsk_retransmits, 1787 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)), 1788 icsk->icsk_probes_out, 1789 sock_i_ino(sp), 1790 atomic_read(&sp->sk_refcnt), sp, 1791 jiffies_to_clock_t(icsk->icsk_rto), 1792 jiffies_to_clock_t(icsk->icsk_ack.ato), 1793 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong, 1794 tp->snd_cwnd, 1795 state == TCP_LISTEN ? 1796 fastopenq->max_qlen : 1797 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh) 1798 ); 1799 } 1800 1801 static void get_timewait6_sock(struct seq_file *seq, 1802 struct inet_timewait_sock *tw, int i) 1803 { 1804 long delta = tw->tw_timer.expires - jiffies; 1805 const struct in6_addr *dest, *src; 1806 __u16 destp, srcp; 1807 1808 dest = &tw->tw_v6_daddr; 1809 src = &tw->tw_v6_rcv_saddr; 1810 destp = ntohs(tw->tw_dport); 1811 srcp = ntohs(tw->tw_sport); 1812 1813 seq_printf(seq, 1814 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1815 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n", 1816 i, 1817 src->s6_addr32[0], src->s6_addr32[1], 1818 src->s6_addr32[2], src->s6_addr32[3], srcp, 1819 dest->s6_addr32[0], dest->s6_addr32[1], 1820 dest->s6_addr32[2], dest->s6_addr32[3], destp, 1821 tw->tw_substate, 0, 0, 1822 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0, 1823 atomic_read(&tw->tw_refcnt), tw); 1824 } 1825 1826 static int tcp6_seq_show(struct seq_file *seq, void *v) 1827 { 1828 struct tcp_iter_state *st; 1829 struct sock *sk = v; 1830 1831 if (v == SEQ_START_TOKEN) { 1832 seq_puts(seq, 1833 " sl " 1834 "local_address " 1835 "remote_address " 1836 "st tx_queue rx_queue tr tm->when retrnsmt" 1837 " uid timeout inode\n"); 1838 goto out; 1839 } 1840 st = seq->private; 1841 1842 if (sk->sk_state == TCP_TIME_WAIT) 1843 get_timewait6_sock(seq, v, st->num); 1844 else if (sk->sk_state == TCP_NEW_SYN_RECV) 1845 get_openreq6(seq, v, st->num); 1846 else 1847 get_tcp6_sock(seq, v, st->num); 1848 out: 1849 return 0; 1850 } 1851 1852 static const struct file_operations tcp6_afinfo_seq_fops = { 1853 .owner = THIS_MODULE, 1854 .open = tcp_seq_open, 1855 .read = seq_read, 1856 .llseek = seq_lseek, 1857 .release = seq_release_net 1858 }; 1859 1860 static struct tcp_seq_afinfo tcp6_seq_afinfo = { 1861 .name = "tcp6", 1862 .family = AF_INET6, 1863 .seq_fops = &tcp6_afinfo_seq_fops, 1864 .seq_ops = { 1865 .show = tcp6_seq_show, 1866 }, 1867 }; 1868 1869 int __net_init tcp6_proc_init(struct net *net) 1870 { 1871 return tcp_proc_register(net, &tcp6_seq_afinfo); 1872 } 1873 1874 void tcp6_proc_exit(struct net *net) 1875 { 1876 tcp_proc_unregister(net, &tcp6_seq_afinfo); 1877 } 1878 #endif 1879 1880 struct proto tcpv6_prot = { 1881 .name = "TCPv6", 1882 .owner = THIS_MODULE, 1883 .close = tcp_close, 1884 .connect = tcp_v6_connect, 1885 .disconnect = tcp_disconnect, 1886 .accept = inet_csk_accept, 1887 .ioctl = tcp_ioctl, 1888 .init = tcp_v6_init_sock, 1889 .destroy = tcp_v6_destroy_sock, 1890 .shutdown = tcp_shutdown, 1891 .setsockopt = tcp_setsockopt, 1892 .getsockopt = tcp_getsockopt, 1893 .keepalive = tcp_set_keepalive, 1894 .recvmsg = tcp_recvmsg, 1895 .sendmsg = tcp_sendmsg, 1896 .sendpage = tcp_sendpage, 1897 .backlog_rcv = tcp_v6_do_rcv, 1898 .release_cb = tcp_release_cb, 1899 .hash = inet6_hash, 1900 .unhash = inet_unhash, 1901 .get_port = inet_csk_get_port, 1902 .enter_memory_pressure = tcp_enter_memory_pressure, 1903 .stream_memory_free = tcp_stream_memory_free, 1904 .sockets_allocated = &tcp_sockets_allocated, 1905 .memory_allocated = &tcp_memory_allocated, 1906 .memory_pressure = &tcp_memory_pressure, 1907 .orphan_count = &tcp_orphan_count, 1908 .sysctl_mem = sysctl_tcp_mem, 1909 .sysctl_wmem = sysctl_tcp_wmem, 1910 .sysctl_rmem = sysctl_tcp_rmem, 1911 .max_header = MAX_TCP_HEADER, 1912 .obj_size = sizeof(struct tcp6_sock), 1913 .slab_flags = SLAB_DESTROY_BY_RCU, 1914 .twsk_prot = &tcp6_timewait_sock_ops, 1915 .rsk_prot = &tcp6_request_sock_ops, 1916 .h.hashinfo = &tcp_hashinfo, 1917 .no_autobind = true, 1918 #ifdef CONFIG_COMPAT 1919 .compat_setsockopt = compat_tcp_setsockopt, 1920 .compat_getsockopt = compat_tcp_getsockopt, 1921 #endif 1922 .diag_destroy = tcp_abort, 1923 }; 1924 1925 static const struct inet6_protocol tcpv6_protocol = { 1926 .early_demux = tcp_v6_early_demux, 1927 .handler = tcp_v6_rcv, 1928 .err_handler = tcp_v6_err, 1929 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 1930 }; 1931 1932 static struct inet_protosw tcpv6_protosw = { 1933 .type = SOCK_STREAM, 1934 .protocol = IPPROTO_TCP, 1935 .prot = &tcpv6_prot, 1936 .ops = &inet6_stream_ops, 1937 .flags = INET_PROTOSW_PERMANENT | 1938 INET_PROTOSW_ICSK, 1939 }; 1940 1941 static int __net_init tcpv6_net_init(struct net *net) 1942 { 1943 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6, 1944 SOCK_RAW, IPPROTO_TCP, net); 1945 } 1946 1947 static void __net_exit tcpv6_net_exit(struct net *net) 1948 { 1949 inet_ctl_sock_destroy(net->ipv6.tcp_sk); 1950 } 1951 1952 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list) 1953 { 1954 inet_twsk_purge(&tcp_hashinfo, AF_INET6); 1955 } 1956 1957 static struct pernet_operations tcpv6_net_ops = { 1958 .init = tcpv6_net_init, 1959 .exit = tcpv6_net_exit, 1960 .exit_batch = tcpv6_net_exit_batch, 1961 }; 1962 1963 int __init tcpv6_init(void) 1964 { 1965 int ret; 1966 1967 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP); 1968 if (ret) 1969 goto out; 1970 1971 /* register inet6 protocol */ 1972 ret = inet6_register_protosw(&tcpv6_protosw); 1973 if (ret) 1974 goto out_tcpv6_protocol; 1975 1976 ret = register_pernet_subsys(&tcpv6_net_ops); 1977 if (ret) 1978 goto out_tcpv6_protosw; 1979 out: 1980 return ret; 1981 1982 out_tcpv6_protosw: 1983 inet6_unregister_protosw(&tcpv6_protosw); 1984 out_tcpv6_protocol: 1985 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 1986 goto out; 1987 } 1988 1989 void tcpv6_exit(void) 1990 { 1991 unregister_pernet_subsys(&tcpv6_net_ops); 1992 inet6_unregister_protosw(&tcpv6_protosw); 1993 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 1994 } 1995