1 /* 2 * TCP over IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on: 9 * linux/net/ipv4/tcp.c 10 * linux/net/ipv4/tcp_input.c 11 * linux/net/ipv4/tcp_output.c 12 * 13 * Fixes: 14 * Hideaki YOSHIFUJI : sin6_scope_id support 15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which 16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind 17 * a single port at the same time. 18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file. 19 * 20 * This program is free software; you can redistribute it and/or 21 * modify it under the terms of the GNU General Public License 22 * as published by the Free Software Foundation; either version 23 * 2 of the License, or (at your option) any later version. 24 */ 25 26 #include <linux/bottom_half.h> 27 #include <linux/module.h> 28 #include <linux/errno.h> 29 #include <linux/types.h> 30 #include <linux/socket.h> 31 #include <linux/sockios.h> 32 #include <linux/net.h> 33 #include <linux/jiffies.h> 34 #include <linux/in.h> 35 #include <linux/in6.h> 36 #include <linux/netdevice.h> 37 #include <linux/init.h> 38 #include <linux/jhash.h> 39 #include <linux/ipsec.h> 40 #include <linux/times.h> 41 #include <linux/slab.h> 42 43 #include <linux/ipv6.h> 44 #include <linux/icmpv6.h> 45 #include <linux/random.h> 46 47 #include <net/tcp.h> 48 #include <net/ndisc.h> 49 #include <net/inet6_hashtables.h> 50 #include <net/inet6_connection_sock.h> 51 #include <net/ipv6.h> 52 #include <net/transp_v6.h> 53 #include <net/addrconf.h> 54 #include <net/ip6_route.h> 55 #include <net/ip6_checksum.h> 56 #include <net/inet_ecn.h> 57 #include <net/protocol.h> 58 #include <net/xfrm.h> 59 #include <net/snmp.h> 60 #include <net/dsfield.h> 61 #include <net/timewait_sock.h> 62 #include <net/netdma.h> 63 #include <net/inet_common.h> 64 65 #include <asm/uaccess.h> 66 67 #include <linux/proc_fs.h> 68 #include <linux/seq_file.h> 69 70 #include <linux/crypto.h> 71 #include <linux/scatterlist.h> 72 73 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb); 74 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb, 75 struct request_sock *req); 76 77 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb); 78 static void __tcp_v6_send_check(struct sk_buff *skb, 79 struct in6_addr *saddr, 80 struct in6_addr *daddr); 81 82 static const struct inet_connection_sock_af_ops ipv6_mapped; 83 static const struct inet_connection_sock_af_ops ipv6_specific; 84 #ifdef CONFIG_TCP_MD5SIG 85 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific; 86 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific; 87 #else 88 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, 89 struct in6_addr *addr) 90 { 91 return NULL; 92 } 93 #endif 94 95 static void tcp_v6_hash(struct sock *sk) 96 { 97 if (sk->sk_state != TCP_CLOSE) { 98 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) { 99 tcp_prot.hash(sk); 100 return; 101 } 102 local_bh_disable(); 103 __inet6_hash(sk, NULL); 104 local_bh_enable(); 105 } 106 } 107 108 static __inline__ __sum16 tcp_v6_check(int len, 109 struct in6_addr *saddr, 110 struct in6_addr *daddr, 111 __wsum base) 112 { 113 return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base); 114 } 115 116 static __u32 tcp_v6_init_sequence(struct sk_buff *skb) 117 { 118 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32, 119 ipv6_hdr(skb)->saddr.s6_addr32, 120 tcp_hdr(skb)->dest, 121 tcp_hdr(skb)->source); 122 } 123 124 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 125 int addr_len) 126 { 127 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; 128 struct inet_sock *inet = inet_sk(sk); 129 struct inet_connection_sock *icsk = inet_csk(sk); 130 struct ipv6_pinfo *np = inet6_sk(sk); 131 struct tcp_sock *tp = tcp_sk(sk); 132 struct in6_addr *saddr = NULL, *final_p = NULL, final; 133 struct flowi fl; 134 struct dst_entry *dst; 135 int addr_type; 136 int err; 137 138 if (addr_len < SIN6_LEN_RFC2133) 139 return -EINVAL; 140 141 if (usin->sin6_family != AF_INET6) 142 return(-EAFNOSUPPORT); 143 144 memset(&fl, 0, sizeof(fl)); 145 146 if (np->sndflow) { 147 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK; 148 IP6_ECN_flow_init(fl.fl6_flowlabel); 149 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) { 150 struct ip6_flowlabel *flowlabel; 151 flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel); 152 if (flowlabel == NULL) 153 return -EINVAL; 154 ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst); 155 fl6_sock_release(flowlabel); 156 } 157 } 158 159 /* 160 * connect() to INADDR_ANY means loopback (BSD'ism). 161 */ 162 163 if(ipv6_addr_any(&usin->sin6_addr)) 164 usin->sin6_addr.s6_addr[15] = 0x1; 165 166 addr_type = ipv6_addr_type(&usin->sin6_addr); 167 168 if(addr_type & IPV6_ADDR_MULTICAST) 169 return -ENETUNREACH; 170 171 if (addr_type&IPV6_ADDR_LINKLOCAL) { 172 if (addr_len >= sizeof(struct sockaddr_in6) && 173 usin->sin6_scope_id) { 174 /* If interface is set while binding, indices 175 * must coincide. 176 */ 177 if (sk->sk_bound_dev_if && 178 sk->sk_bound_dev_if != usin->sin6_scope_id) 179 return -EINVAL; 180 181 sk->sk_bound_dev_if = usin->sin6_scope_id; 182 } 183 184 /* Connect to link-local address requires an interface */ 185 if (!sk->sk_bound_dev_if) 186 return -EINVAL; 187 } 188 189 if (tp->rx_opt.ts_recent_stamp && 190 !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) { 191 tp->rx_opt.ts_recent = 0; 192 tp->rx_opt.ts_recent_stamp = 0; 193 tp->write_seq = 0; 194 } 195 196 ipv6_addr_copy(&np->daddr, &usin->sin6_addr); 197 np->flow_label = fl.fl6_flowlabel; 198 199 /* 200 * TCP over IPv4 201 */ 202 203 if (addr_type == IPV6_ADDR_MAPPED) { 204 u32 exthdrlen = icsk->icsk_ext_hdr_len; 205 struct sockaddr_in sin; 206 207 SOCK_DEBUG(sk, "connect: ipv4 mapped\n"); 208 209 if (__ipv6_only_sock(sk)) 210 return -ENETUNREACH; 211 212 sin.sin_family = AF_INET; 213 sin.sin_port = usin->sin6_port; 214 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3]; 215 216 icsk->icsk_af_ops = &ipv6_mapped; 217 sk->sk_backlog_rcv = tcp_v4_do_rcv; 218 #ifdef CONFIG_TCP_MD5SIG 219 tp->af_specific = &tcp_sock_ipv6_mapped_specific; 220 #endif 221 222 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin)); 223 224 if (err) { 225 icsk->icsk_ext_hdr_len = exthdrlen; 226 icsk->icsk_af_ops = &ipv6_specific; 227 sk->sk_backlog_rcv = tcp_v6_do_rcv; 228 #ifdef CONFIG_TCP_MD5SIG 229 tp->af_specific = &tcp_sock_ipv6_specific; 230 #endif 231 goto failure; 232 } else { 233 ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr); 234 ipv6_addr_set_v4mapped(inet->inet_rcv_saddr, 235 &np->rcv_saddr); 236 } 237 238 return err; 239 } 240 241 if (!ipv6_addr_any(&np->rcv_saddr)) 242 saddr = &np->rcv_saddr; 243 244 fl.proto = IPPROTO_TCP; 245 ipv6_addr_copy(&fl.fl6_dst, &np->daddr); 246 ipv6_addr_copy(&fl.fl6_src, 247 (saddr ? saddr : &np->saddr)); 248 fl.oif = sk->sk_bound_dev_if; 249 fl.mark = sk->sk_mark; 250 fl.fl_ip_dport = usin->sin6_port; 251 fl.fl_ip_sport = inet->inet_sport; 252 253 if (np->opt && np->opt->srcrt) { 254 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt; 255 ipv6_addr_copy(&final, &fl.fl6_dst); 256 ipv6_addr_copy(&fl.fl6_dst, rt0->addr); 257 final_p = &final; 258 } 259 260 security_sk_classify_flow(sk, &fl); 261 262 err = ip6_dst_lookup(sk, &dst, &fl); 263 if (err) 264 goto failure; 265 if (final_p) 266 ipv6_addr_copy(&fl.fl6_dst, final_p); 267 268 err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT); 269 if (err < 0) { 270 if (err == -EREMOTE) 271 err = ip6_dst_blackhole(sk, &dst, &fl); 272 if (err < 0) 273 goto failure; 274 } 275 276 if (saddr == NULL) { 277 saddr = &fl.fl6_src; 278 ipv6_addr_copy(&np->rcv_saddr, saddr); 279 } 280 281 /* set the source address */ 282 ipv6_addr_copy(&np->saddr, saddr); 283 inet->inet_rcv_saddr = LOOPBACK4_IPV6; 284 285 sk->sk_gso_type = SKB_GSO_TCPV6; 286 __ip6_dst_store(sk, dst, NULL, NULL); 287 288 icsk->icsk_ext_hdr_len = 0; 289 if (np->opt) 290 icsk->icsk_ext_hdr_len = (np->opt->opt_flen + 291 np->opt->opt_nflen); 292 293 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 294 295 inet->inet_dport = usin->sin6_port; 296 297 tcp_set_state(sk, TCP_SYN_SENT); 298 err = inet6_hash_connect(&tcp_death_row, sk); 299 if (err) 300 goto late_failure; 301 302 if (!tp->write_seq) 303 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32, 304 np->daddr.s6_addr32, 305 inet->inet_sport, 306 inet->inet_dport); 307 308 err = tcp_connect(sk); 309 if (err) 310 goto late_failure; 311 312 return 0; 313 314 late_failure: 315 tcp_set_state(sk, TCP_CLOSE); 316 __sk_dst_reset(sk); 317 failure: 318 inet->inet_dport = 0; 319 sk->sk_route_caps = 0; 320 return err; 321 } 322 323 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 324 u8 type, u8 code, int offset, __be32 info) 325 { 326 struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data; 327 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset); 328 struct ipv6_pinfo *np; 329 struct sock *sk; 330 int err; 331 struct tcp_sock *tp; 332 __u32 seq; 333 struct net *net = dev_net(skb->dev); 334 335 sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr, 336 th->dest, &hdr->saddr, th->source, skb->dev->ifindex); 337 338 if (sk == NULL) { 339 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev), 340 ICMP6_MIB_INERRORS); 341 return; 342 } 343 344 if (sk->sk_state == TCP_TIME_WAIT) { 345 inet_twsk_put(inet_twsk(sk)); 346 return; 347 } 348 349 bh_lock_sock(sk); 350 if (sock_owned_by_user(sk)) 351 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS); 352 353 if (sk->sk_state == TCP_CLOSE) 354 goto out; 355 356 if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) { 357 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); 358 goto out; 359 } 360 361 tp = tcp_sk(sk); 362 seq = ntohl(th->seq); 363 if (sk->sk_state != TCP_LISTEN && 364 !between(seq, tp->snd_una, tp->snd_nxt)) { 365 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 366 goto out; 367 } 368 369 np = inet6_sk(sk); 370 371 if (type == ICMPV6_PKT_TOOBIG) { 372 struct dst_entry *dst = NULL; 373 374 if (sock_owned_by_user(sk)) 375 goto out; 376 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) 377 goto out; 378 379 /* icmp should have updated the destination cache entry */ 380 dst = __sk_dst_check(sk, np->dst_cookie); 381 382 if (dst == NULL) { 383 struct inet_sock *inet = inet_sk(sk); 384 struct flowi fl; 385 386 /* BUGGG_FUTURE: Again, it is not clear how 387 to handle rthdr case. Ignore this complexity 388 for now. 389 */ 390 memset(&fl, 0, sizeof(fl)); 391 fl.proto = IPPROTO_TCP; 392 ipv6_addr_copy(&fl.fl6_dst, &np->daddr); 393 ipv6_addr_copy(&fl.fl6_src, &np->saddr); 394 fl.oif = sk->sk_bound_dev_if; 395 fl.mark = sk->sk_mark; 396 fl.fl_ip_dport = inet->inet_dport; 397 fl.fl_ip_sport = inet->inet_sport; 398 security_skb_classify_flow(skb, &fl); 399 400 if ((err = ip6_dst_lookup(sk, &dst, &fl))) { 401 sk->sk_err_soft = -err; 402 goto out; 403 } 404 405 if ((err = xfrm_lookup(net, &dst, &fl, sk, 0)) < 0) { 406 sk->sk_err_soft = -err; 407 goto out; 408 } 409 410 } else 411 dst_hold(dst); 412 413 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) { 414 tcp_sync_mss(sk, dst_mtu(dst)); 415 tcp_simple_retransmit(sk); 416 } /* else let the usual retransmit timer handle it */ 417 dst_release(dst); 418 goto out; 419 } 420 421 icmpv6_err_convert(type, code, &err); 422 423 /* Might be for an request_sock */ 424 switch (sk->sk_state) { 425 struct request_sock *req, **prev; 426 case TCP_LISTEN: 427 if (sock_owned_by_user(sk)) 428 goto out; 429 430 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr, 431 &hdr->saddr, inet6_iif(skb)); 432 if (!req) 433 goto out; 434 435 /* ICMPs are not backlogged, hence we cannot get 436 * an established socket here. 437 */ 438 WARN_ON(req->sk != NULL); 439 440 if (seq != tcp_rsk(req)->snt_isn) { 441 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 442 goto out; 443 } 444 445 inet_csk_reqsk_queue_drop(sk, req, prev); 446 goto out; 447 448 case TCP_SYN_SENT: 449 case TCP_SYN_RECV: /* Cannot happen. 450 It can, it SYNs are crossed. --ANK */ 451 if (!sock_owned_by_user(sk)) { 452 sk->sk_err = err; 453 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */ 454 455 tcp_done(sk); 456 } else 457 sk->sk_err_soft = err; 458 goto out; 459 } 460 461 if (!sock_owned_by_user(sk) && np->recverr) { 462 sk->sk_err = err; 463 sk->sk_error_report(sk); 464 } else 465 sk->sk_err_soft = err; 466 467 out: 468 bh_unlock_sock(sk); 469 sock_put(sk); 470 } 471 472 473 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req, 474 struct request_values *rvp) 475 { 476 struct inet6_request_sock *treq = inet6_rsk(req); 477 struct ipv6_pinfo *np = inet6_sk(sk); 478 struct sk_buff * skb; 479 struct ipv6_txoptions *opt = NULL; 480 struct in6_addr * final_p = NULL, final; 481 struct flowi fl; 482 struct dst_entry *dst; 483 int err = -1; 484 485 memset(&fl, 0, sizeof(fl)); 486 fl.proto = IPPROTO_TCP; 487 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr); 488 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr); 489 fl.fl6_flowlabel = 0; 490 fl.oif = treq->iif; 491 fl.mark = sk->sk_mark; 492 fl.fl_ip_dport = inet_rsk(req)->rmt_port; 493 fl.fl_ip_sport = inet_rsk(req)->loc_port; 494 security_req_classify_flow(req, &fl); 495 496 opt = np->opt; 497 if (opt && opt->srcrt) { 498 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt; 499 ipv6_addr_copy(&final, &fl.fl6_dst); 500 ipv6_addr_copy(&fl.fl6_dst, rt0->addr); 501 final_p = &final; 502 } 503 504 err = ip6_dst_lookup(sk, &dst, &fl); 505 if (err) 506 goto done; 507 if (final_p) 508 ipv6_addr_copy(&fl.fl6_dst, final_p); 509 if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0) 510 goto done; 511 512 skb = tcp_make_synack(sk, dst, req, rvp); 513 if (skb) { 514 __tcp_v6_send_check(skb, &treq->loc_addr, &treq->rmt_addr); 515 516 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr); 517 err = ip6_xmit(sk, skb, &fl, opt); 518 err = net_xmit_eval(err); 519 } 520 521 done: 522 if (opt && opt != np->opt) 523 sock_kfree_s(sk, opt, opt->tot_len); 524 dst_release(dst); 525 return err; 526 } 527 528 static int tcp_v6_rtx_synack(struct sock *sk, struct request_sock *req, 529 struct request_values *rvp) 530 { 531 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_RETRANSSEGS); 532 return tcp_v6_send_synack(sk, req, rvp); 533 } 534 535 static inline void syn_flood_warning(struct sk_buff *skb) 536 { 537 #ifdef CONFIG_SYN_COOKIES 538 if (sysctl_tcp_syncookies) 539 printk(KERN_INFO 540 "TCPv6: Possible SYN flooding on port %d. " 541 "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest)); 542 else 543 #endif 544 printk(KERN_INFO 545 "TCPv6: Possible SYN flooding on port %d. " 546 "Dropping request.\n", ntohs(tcp_hdr(skb)->dest)); 547 } 548 549 static void tcp_v6_reqsk_destructor(struct request_sock *req) 550 { 551 kfree_skb(inet6_rsk(req)->pktopts); 552 } 553 554 #ifdef CONFIG_TCP_MD5SIG 555 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, 556 struct in6_addr *addr) 557 { 558 struct tcp_sock *tp = tcp_sk(sk); 559 int i; 560 561 BUG_ON(tp == NULL); 562 563 if (!tp->md5sig_info || !tp->md5sig_info->entries6) 564 return NULL; 565 566 for (i = 0; i < tp->md5sig_info->entries6; i++) { 567 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr)) 568 return &tp->md5sig_info->keys6[i].base; 569 } 570 return NULL; 571 } 572 573 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk, 574 struct sock *addr_sk) 575 { 576 return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr); 577 } 578 579 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk, 580 struct request_sock *req) 581 { 582 return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr); 583 } 584 585 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer, 586 char *newkey, u8 newkeylen) 587 { 588 /* Add key to the list */ 589 struct tcp_md5sig_key *key; 590 struct tcp_sock *tp = tcp_sk(sk); 591 struct tcp6_md5sig_key *keys; 592 593 key = tcp_v6_md5_do_lookup(sk, peer); 594 if (key) { 595 /* modify existing entry - just update that one */ 596 kfree(key->key); 597 key->key = newkey; 598 key->keylen = newkeylen; 599 } else { 600 /* reallocate new list if current one is full. */ 601 if (!tp->md5sig_info) { 602 tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC); 603 if (!tp->md5sig_info) { 604 kfree(newkey); 605 return -ENOMEM; 606 } 607 sk_nocaps_add(sk, NETIF_F_GSO_MASK); 608 } 609 if (tcp_alloc_md5sig_pool(sk) == NULL) { 610 kfree(newkey); 611 return -ENOMEM; 612 } 613 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) { 614 keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) * 615 (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC); 616 617 if (!keys) { 618 tcp_free_md5sig_pool(); 619 kfree(newkey); 620 return -ENOMEM; 621 } 622 623 if (tp->md5sig_info->entries6) 624 memmove(keys, tp->md5sig_info->keys6, 625 (sizeof (tp->md5sig_info->keys6[0]) * 626 tp->md5sig_info->entries6)); 627 628 kfree(tp->md5sig_info->keys6); 629 tp->md5sig_info->keys6 = keys; 630 tp->md5sig_info->alloced6++; 631 } 632 633 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr, 634 peer); 635 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey; 636 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen; 637 638 tp->md5sig_info->entries6++; 639 } 640 return 0; 641 } 642 643 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk, 644 u8 *newkey, __u8 newkeylen) 645 { 646 return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr, 647 newkey, newkeylen); 648 } 649 650 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer) 651 { 652 struct tcp_sock *tp = tcp_sk(sk); 653 int i; 654 655 for (i = 0; i < tp->md5sig_info->entries6; i++) { 656 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) { 657 /* Free the key */ 658 kfree(tp->md5sig_info->keys6[i].base.key); 659 tp->md5sig_info->entries6--; 660 661 if (tp->md5sig_info->entries6 == 0) { 662 kfree(tp->md5sig_info->keys6); 663 tp->md5sig_info->keys6 = NULL; 664 tp->md5sig_info->alloced6 = 0; 665 } else { 666 /* shrink the database */ 667 if (tp->md5sig_info->entries6 != i) 668 memmove(&tp->md5sig_info->keys6[i], 669 &tp->md5sig_info->keys6[i+1], 670 (tp->md5sig_info->entries6 - i) 671 * sizeof (tp->md5sig_info->keys6[0])); 672 } 673 tcp_free_md5sig_pool(); 674 return 0; 675 } 676 } 677 return -ENOENT; 678 } 679 680 static void tcp_v6_clear_md5_list (struct sock *sk) 681 { 682 struct tcp_sock *tp = tcp_sk(sk); 683 int i; 684 685 if (tp->md5sig_info->entries6) { 686 for (i = 0; i < tp->md5sig_info->entries6; i++) 687 kfree(tp->md5sig_info->keys6[i].base.key); 688 tp->md5sig_info->entries6 = 0; 689 tcp_free_md5sig_pool(); 690 } 691 692 kfree(tp->md5sig_info->keys6); 693 tp->md5sig_info->keys6 = NULL; 694 tp->md5sig_info->alloced6 = 0; 695 696 if (tp->md5sig_info->entries4) { 697 for (i = 0; i < tp->md5sig_info->entries4; i++) 698 kfree(tp->md5sig_info->keys4[i].base.key); 699 tp->md5sig_info->entries4 = 0; 700 tcp_free_md5sig_pool(); 701 } 702 703 kfree(tp->md5sig_info->keys4); 704 tp->md5sig_info->keys4 = NULL; 705 tp->md5sig_info->alloced4 = 0; 706 } 707 708 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval, 709 int optlen) 710 { 711 struct tcp_md5sig cmd; 712 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr; 713 u8 *newkey; 714 715 if (optlen < sizeof(cmd)) 716 return -EINVAL; 717 718 if (copy_from_user(&cmd, optval, sizeof(cmd))) 719 return -EFAULT; 720 721 if (sin6->sin6_family != AF_INET6) 722 return -EINVAL; 723 724 if (!cmd.tcpm_keylen) { 725 if (!tcp_sk(sk)->md5sig_info) 726 return -ENOENT; 727 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) 728 return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]); 729 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr); 730 } 731 732 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN) 733 return -EINVAL; 734 735 if (!tcp_sk(sk)->md5sig_info) { 736 struct tcp_sock *tp = tcp_sk(sk); 737 struct tcp_md5sig_info *p; 738 739 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL); 740 if (!p) 741 return -ENOMEM; 742 743 tp->md5sig_info = p; 744 sk_nocaps_add(sk, NETIF_F_GSO_MASK); 745 } 746 747 newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL); 748 if (!newkey) 749 return -ENOMEM; 750 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) { 751 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3], 752 newkey, cmd.tcpm_keylen); 753 } 754 return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen); 755 } 756 757 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp, 758 struct in6_addr *daddr, 759 struct in6_addr *saddr, int nbytes) 760 { 761 struct tcp6_pseudohdr *bp; 762 struct scatterlist sg; 763 764 bp = &hp->md5_blk.ip6; 765 /* 1. TCP pseudo-header (RFC2460) */ 766 ipv6_addr_copy(&bp->saddr, saddr); 767 ipv6_addr_copy(&bp->daddr, daddr); 768 bp->protocol = cpu_to_be32(IPPROTO_TCP); 769 bp->len = cpu_to_be32(nbytes); 770 771 sg_init_one(&sg, bp, sizeof(*bp)); 772 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp)); 773 } 774 775 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key, 776 struct in6_addr *daddr, struct in6_addr *saddr, 777 struct tcphdr *th) 778 { 779 struct tcp_md5sig_pool *hp; 780 struct hash_desc *desc; 781 782 hp = tcp_get_md5sig_pool(); 783 if (!hp) 784 goto clear_hash_noput; 785 desc = &hp->md5_desc; 786 787 if (crypto_hash_init(desc)) 788 goto clear_hash; 789 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2)) 790 goto clear_hash; 791 if (tcp_md5_hash_header(hp, th)) 792 goto clear_hash; 793 if (tcp_md5_hash_key(hp, key)) 794 goto clear_hash; 795 if (crypto_hash_final(desc, md5_hash)) 796 goto clear_hash; 797 798 tcp_put_md5sig_pool(); 799 return 0; 800 801 clear_hash: 802 tcp_put_md5sig_pool(); 803 clear_hash_noput: 804 memset(md5_hash, 0, 16); 805 return 1; 806 } 807 808 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key, 809 struct sock *sk, struct request_sock *req, 810 struct sk_buff *skb) 811 { 812 struct in6_addr *saddr, *daddr; 813 struct tcp_md5sig_pool *hp; 814 struct hash_desc *desc; 815 struct tcphdr *th = tcp_hdr(skb); 816 817 if (sk) { 818 saddr = &inet6_sk(sk)->saddr; 819 daddr = &inet6_sk(sk)->daddr; 820 } else if (req) { 821 saddr = &inet6_rsk(req)->loc_addr; 822 daddr = &inet6_rsk(req)->rmt_addr; 823 } else { 824 struct ipv6hdr *ip6h = ipv6_hdr(skb); 825 saddr = &ip6h->saddr; 826 daddr = &ip6h->daddr; 827 } 828 829 hp = tcp_get_md5sig_pool(); 830 if (!hp) 831 goto clear_hash_noput; 832 desc = &hp->md5_desc; 833 834 if (crypto_hash_init(desc)) 835 goto clear_hash; 836 837 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len)) 838 goto clear_hash; 839 if (tcp_md5_hash_header(hp, th)) 840 goto clear_hash; 841 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2)) 842 goto clear_hash; 843 if (tcp_md5_hash_key(hp, key)) 844 goto clear_hash; 845 if (crypto_hash_final(desc, md5_hash)) 846 goto clear_hash; 847 848 tcp_put_md5sig_pool(); 849 return 0; 850 851 clear_hash: 852 tcp_put_md5sig_pool(); 853 clear_hash_noput: 854 memset(md5_hash, 0, 16); 855 return 1; 856 } 857 858 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb) 859 { 860 __u8 *hash_location = NULL; 861 struct tcp_md5sig_key *hash_expected; 862 struct ipv6hdr *ip6h = ipv6_hdr(skb); 863 struct tcphdr *th = tcp_hdr(skb); 864 int genhash; 865 u8 newhash[16]; 866 867 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr); 868 hash_location = tcp_parse_md5sig_option(th); 869 870 /* We've parsed the options - do we have a hash? */ 871 if (!hash_expected && !hash_location) 872 return 0; 873 874 if (hash_expected && !hash_location) { 875 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND); 876 return 1; 877 } 878 879 if (!hash_expected && hash_location) { 880 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED); 881 return 1; 882 } 883 884 /* check the signature */ 885 genhash = tcp_v6_md5_hash_skb(newhash, 886 hash_expected, 887 NULL, NULL, skb); 888 889 if (genhash || memcmp(hash_location, newhash, 16) != 0) { 890 if (net_ratelimit()) { 891 printk(KERN_INFO "MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n", 892 genhash ? "failed" : "mismatch", 893 &ip6h->saddr, ntohs(th->source), 894 &ip6h->daddr, ntohs(th->dest)); 895 } 896 return 1; 897 } 898 return 0; 899 } 900 #endif 901 902 struct request_sock_ops tcp6_request_sock_ops __read_mostly = { 903 .family = AF_INET6, 904 .obj_size = sizeof(struct tcp6_request_sock), 905 .rtx_syn_ack = tcp_v6_rtx_synack, 906 .send_ack = tcp_v6_reqsk_send_ack, 907 .destructor = tcp_v6_reqsk_destructor, 908 .send_reset = tcp_v6_send_reset, 909 .syn_ack_timeout = tcp_syn_ack_timeout, 910 }; 911 912 #ifdef CONFIG_TCP_MD5SIG 913 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = { 914 .md5_lookup = tcp_v6_reqsk_md5_lookup, 915 .calc_md5_hash = tcp_v6_md5_hash_skb, 916 }; 917 #endif 918 919 static struct timewait_sock_ops tcp6_timewait_sock_ops = { 920 .twsk_obj_size = sizeof(struct tcp6_timewait_sock), 921 .twsk_unique = tcp_twsk_unique, 922 .twsk_destructor= tcp_twsk_destructor, 923 }; 924 925 static void __tcp_v6_send_check(struct sk_buff *skb, 926 struct in6_addr *saddr, struct in6_addr *daddr) 927 { 928 struct tcphdr *th = tcp_hdr(skb); 929 930 if (skb->ip_summed == CHECKSUM_PARTIAL) { 931 th->check = ~tcp_v6_check(skb->len, saddr, daddr, 0); 932 skb->csum_start = skb_transport_header(skb) - skb->head; 933 skb->csum_offset = offsetof(struct tcphdr, check); 934 } else { 935 th->check = tcp_v6_check(skb->len, saddr, daddr, 936 csum_partial(th, th->doff << 2, 937 skb->csum)); 938 } 939 } 940 941 static void tcp_v6_send_check(struct sock *sk, struct sk_buff *skb) 942 { 943 struct ipv6_pinfo *np = inet6_sk(sk); 944 945 __tcp_v6_send_check(skb, &np->saddr, &np->daddr); 946 } 947 948 static int tcp_v6_gso_send_check(struct sk_buff *skb) 949 { 950 struct ipv6hdr *ipv6h; 951 struct tcphdr *th; 952 953 if (!pskb_may_pull(skb, sizeof(*th))) 954 return -EINVAL; 955 956 ipv6h = ipv6_hdr(skb); 957 th = tcp_hdr(skb); 958 959 th->check = 0; 960 skb->ip_summed = CHECKSUM_PARTIAL; 961 __tcp_v6_send_check(skb, &ipv6h->saddr, &ipv6h->daddr); 962 return 0; 963 } 964 965 static struct sk_buff **tcp6_gro_receive(struct sk_buff **head, 966 struct sk_buff *skb) 967 { 968 struct ipv6hdr *iph = skb_gro_network_header(skb); 969 970 switch (skb->ip_summed) { 971 case CHECKSUM_COMPLETE: 972 if (!tcp_v6_check(skb_gro_len(skb), &iph->saddr, &iph->daddr, 973 skb->csum)) { 974 skb->ip_summed = CHECKSUM_UNNECESSARY; 975 break; 976 } 977 978 /* fall through */ 979 case CHECKSUM_NONE: 980 NAPI_GRO_CB(skb)->flush = 1; 981 return NULL; 982 } 983 984 return tcp_gro_receive(head, skb); 985 } 986 987 static int tcp6_gro_complete(struct sk_buff *skb) 988 { 989 struct ipv6hdr *iph = ipv6_hdr(skb); 990 struct tcphdr *th = tcp_hdr(skb); 991 992 th->check = ~tcp_v6_check(skb->len - skb_transport_offset(skb), 993 &iph->saddr, &iph->daddr, 0); 994 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6; 995 996 return tcp_gro_complete(skb); 997 } 998 999 static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win, 1000 u32 ts, struct tcp_md5sig_key *key, int rst) 1001 { 1002 struct tcphdr *th = tcp_hdr(skb), *t1; 1003 struct sk_buff *buff; 1004 struct flowi fl; 1005 struct net *net = dev_net(skb_dst(skb)->dev); 1006 struct sock *ctl_sk = net->ipv6.tcp_sk; 1007 unsigned int tot_len = sizeof(struct tcphdr); 1008 struct dst_entry *dst; 1009 __be32 *topt; 1010 1011 if (ts) 1012 tot_len += TCPOLEN_TSTAMP_ALIGNED; 1013 #ifdef CONFIG_TCP_MD5SIG 1014 if (key) 1015 tot_len += TCPOLEN_MD5SIG_ALIGNED; 1016 #endif 1017 1018 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len, 1019 GFP_ATOMIC); 1020 if (buff == NULL) 1021 return; 1022 1023 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len); 1024 1025 t1 = (struct tcphdr *) skb_push(buff, tot_len); 1026 skb_reset_transport_header(buff); 1027 1028 /* Swap the send and the receive. */ 1029 memset(t1, 0, sizeof(*t1)); 1030 t1->dest = th->source; 1031 t1->source = th->dest; 1032 t1->doff = tot_len / 4; 1033 t1->seq = htonl(seq); 1034 t1->ack_seq = htonl(ack); 1035 t1->ack = !rst || !th->ack; 1036 t1->rst = rst; 1037 t1->window = htons(win); 1038 1039 topt = (__be32 *)(t1 + 1); 1040 1041 if (ts) { 1042 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 1043 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP); 1044 *topt++ = htonl(tcp_time_stamp); 1045 *topt++ = htonl(ts); 1046 } 1047 1048 #ifdef CONFIG_TCP_MD5SIG 1049 if (key) { 1050 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 1051 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); 1052 tcp_v6_md5_hash_hdr((__u8 *)topt, key, 1053 &ipv6_hdr(skb)->saddr, 1054 &ipv6_hdr(skb)->daddr, t1); 1055 } 1056 #endif 1057 1058 memset(&fl, 0, sizeof(fl)); 1059 ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr); 1060 ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr); 1061 1062 buff->ip_summed = CHECKSUM_PARTIAL; 1063 buff->csum = 0; 1064 1065 __tcp_v6_send_check(buff, &fl.fl6_src, &fl.fl6_dst); 1066 1067 fl.proto = IPPROTO_TCP; 1068 fl.oif = inet6_iif(skb); 1069 fl.fl_ip_dport = t1->dest; 1070 fl.fl_ip_sport = t1->source; 1071 security_skb_classify_flow(skb, &fl); 1072 1073 /* Pass a socket to ip6_dst_lookup either it is for RST 1074 * Underlying function will use this to retrieve the network 1075 * namespace 1076 */ 1077 if (!ip6_dst_lookup(ctl_sk, &dst, &fl)) { 1078 if (xfrm_lookup(net, &dst, &fl, NULL, 0) >= 0) { 1079 skb_dst_set(buff, dst); 1080 ip6_xmit(ctl_sk, buff, &fl, NULL); 1081 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS); 1082 if (rst) 1083 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS); 1084 return; 1085 } 1086 } 1087 1088 kfree_skb(buff); 1089 } 1090 1091 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb) 1092 { 1093 struct tcphdr *th = tcp_hdr(skb); 1094 u32 seq = 0, ack_seq = 0; 1095 struct tcp_md5sig_key *key = NULL; 1096 1097 if (th->rst) 1098 return; 1099 1100 if (!ipv6_unicast_destination(skb)) 1101 return; 1102 1103 #ifdef CONFIG_TCP_MD5SIG 1104 if (sk) 1105 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr); 1106 #endif 1107 1108 if (th->ack) 1109 seq = ntohl(th->ack_seq); 1110 else 1111 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len - 1112 (th->doff << 2); 1113 1114 tcp_v6_send_response(skb, seq, ack_seq, 0, 0, key, 1); 1115 } 1116 1117 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts, 1118 struct tcp_md5sig_key *key) 1119 { 1120 tcp_v6_send_response(skb, seq, ack, win, ts, key, 0); 1121 } 1122 1123 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb) 1124 { 1125 struct inet_timewait_sock *tw = inet_twsk(sk); 1126 struct tcp_timewait_sock *tcptw = tcp_twsk(sk); 1127 1128 tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt, 1129 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale, 1130 tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw)); 1131 1132 inet_twsk_put(tw); 1133 } 1134 1135 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb, 1136 struct request_sock *req) 1137 { 1138 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent, 1139 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr)); 1140 } 1141 1142 1143 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb) 1144 { 1145 struct request_sock *req, **prev; 1146 const struct tcphdr *th = tcp_hdr(skb); 1147 struct sock *nsk; 1148 1149 /* Find possible connection requests. */ 1150 req = inet6_csk_search_req(sk, &prev, th->source, 1151 &ipv6_hdr(skb)->saddr, 1152 &ipv6_hdr(skb)->daddr, inet6_iif(skb)); 1153 if (req) 1154 return tcp_check_req(sk, skb, req, prev); 1155 1156 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo, 1157 &ipv6_hdr(skb)->saddr, th->source, 1158 &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb)); 1159 1160 if (nsk) { 1161 if (nsk->sk_state != TCP_TIME_WAIT) { 1162 bh_lock_sock(nsk); 1163 return nsk; 1164 } 1165 inet_twsk_put(inet_twsk(nsk)); 1166 return NULL; 1167 } 1168 1169 #ifdef CONFIG_SYN_COOKIES 1170 if (!th->rst && !th->syn && th->ack) 1171 sk = cookie_v6_check(sk, skb); 1172 #endif 1173 return sk; 1174 } 1175 1176 /* FIXME: this is substantially similar to the ipv4 code. 1177 * Can some kind of merge be done? -- erics 1178 */ 1179 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb) 1180 { 1181 struct tcp_extend_values tmp_ext; 1182 struct tcp_options_received tmp_opt; 1183 u8 *hash_location; 1184 struct request_sock *req; 1185 struct inet6_request_sock *treq; 1186 struct ipv6_pinfo *np = inet6_sk(sk); 1187 struct tcp_sock *tp = tcp_sk(sk); 1188 __u32 isn = TCP_SKB_CB(skb)->when; 1189 #ifdef CONFIG_SYN_COOKIES 1190 int want_cookie = 0; 1191 #else 1192 #define want_cookie 0 1193 #endif 1194 1195 if (skb->protocol == htons(ETH_P_IP)) 1196 return tcp_v4_conn_request(sk, skb); 1197 1198 if (!ipv6_unicast_destination(skb)) 1199 goto drop; 1200 1201 if (inet_csk_reqsk_queue_is_full(sk) && !isn) { 1202 if (net_ratelimit()) 1203 syn_flood_warning(skb); 1204 #ifdef CONFIG_SYN_COOKIES 1205 if (sysctl_tcp_syncookies) 1206 want_cookie = 1; 1207 else 1208 #endif 1209 goto drop; 1210 } 1211 1212 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) 1213 goto drop; 1214 1215 req = inet6_reqsk_alloc(&tcp6_request_sock_ops); 1216 if (req == NULL) 1217 goto drop; 1218 1219 #ifdef CONFIG_TCP_MD5SIG 1220 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops; 1221 #endif 1222 1223 tcp_clear_options(&tmp_opt); 1224 tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 1225 tmp_opt.user_mss = tp->rx_opt.user_mss; 1226 tcp_parse_options(skb, &tmp_opt, &hash_location, 0); 1227 1228 if (tmp_opt.cookie_plus > 0 && 1229 tmp_opt.saw_tstamp && 1230 !tp->rx_opt.cookie_out_never && 1231 (sysctl_tcp_cookie_size > 0 || 1232 (tp->cookie_values != NULL && 1233 tp->cookie_values->cookie_desired > 0))) { 1234 u8 *c; 1235 u32 *d; 1236 u32 *mess = &tmp_ext.cookie_bakery[COOKIE_DIGEST_WORDS]; 1237 int l = tmp_opt.cookie_plus - TCPOLEN_COOKIE_BASE; 1238 1239 if (tcp_cookie_generator(&tmp_ext.cookie_bakery[0]) != 0) 1240 goto drop_and_free; 1241 1242 /* Secret recipe starts with IP addresses */ 1243 d = (__force u32 *)&ipv6_hdr(skb)->daddr.s6_addr32[0]; 1244 *mess++ ^= *d++; 1245 *mess++ ^= *d++; 1246 *mess++ ^= *d++; 1247 *mess++ ^= *d++; 1248 d = (__force u32 *)&ipv6_hdr(skb)->saddr.s6_addr32[0]; 1249 *mess++ ^= *d++; 1250 *mess++ ^= *d++; 1251 *mess++ ^= *d++; 1252 *mess++ ^= *d++; 1253 1254 /* plus variable length Initiator Cookie */ 1255 c = (u8 *)mess; 1256 while (l-- > 0) 1257 *c++ ^= *hash_location++; 1258 1259 #ifdef CONFIG_SYN_COOKIES 1260 want_cookie = 0; /* not our kind of cookie */ 1261 #endif 1262 tmp_ext.cookie_out_never = 0; /* false */ 1263 tmp_ext.cookie_plus = tmp_opt.cookie_plus; 1264 } else if (!tp->rx_opt.cookie_in_always) { 1265 /* redundant indications, but ensure initialization. */ 1266 tmp_ext.cookie_out_never = 1; /* true */ 1267 tmp_ext.cookie_plus = 0; 1268 } else { 1269 goto drop_and_free; 1270 } 1271 tmp_ext.cookie_in_always = tp->rx_opt.cookie_in_always; 1272 1273 if (want_cookie && !tmp_opt.saw_tstamp) 1274 tcp_clear_options(&tmp_opt); 1275 1276 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp; 1277 tcp_openreq_init(req, &tmp_opt, skb); 1278 1279 treq = inet6_rsk(req); 1280 ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr); 1281 ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr); 1282 if (!want_cookie) 1283 TCP_ECN_create_request(req, tcp_hdr(skb)); 1284 1285 if (want_cookie) { 1286 isn = cookie_v6_init_sequence(sk, skb, &req->mss); 1287 req->cookie_ts = tmp_opt.tstamp_ok; 1288 } else if (!isn) { 1289 if (ipv6_opt_accepted(sk, skb) || 1290 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || 1291 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) { 1292 atomic_inc(&skb->users); 1293 treq->pktopts = skb; 1294 } 1295 treq->iif = sk->sk_bound_dev_if; 1296 1297 /* So that link locals have meaning */ 1298 if (!sk->sk_bound_dev_if && 1299 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL) 1300 treq->iif = inet6_iif(skb); 1301 1302 isn = tcp_v6_init_sequence(skb); 1303 } 1304 tcp_rsk(req)->snt_isn = isn; 1305 1306 security_inet_conn_request(sk, skb, req); 1307 1308 if (tcp_v6_send_synack(sk, req, 1309 (struct request_values *)&tmp_ext) || 1310 want_cookie) 1311 goto drop_and_free; 1312 1313 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT); 1314 return 0; 1315 1316 drop_and_free: 1317 reqsk_free(req); 1318 drop: 1319 return 0; /* don't send reset */ 1320 } 1321 1322 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb, 1323 struct request_sock *req, 1324 struct dst_entry *dst) 1325 { 1326 struct inet6_request_sock *treq; 1327 struct ipv6_pinfo *newnp, *np = inet6_sk(sk); 1328 struct tcp6_sock *newtcp6sk; 1329 struct inet_sock *newinet; 1330 struct tcp_sock *newtp; 1331 struct sock *newsk; 1332 struct ipv6_txoptions *opt; 1333 #ifdef CONFIG_TCP_MD5SIG 1334 struct tcp_md5sig_key *key; 1335 #endif 1336 1337 if (skb->protocol == htons(ETH_P_IP)) { 1338 /* 1339 * v6 mapped 1340 */ 1341 1342 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst); 1343 1344 if (newsk == NULL) 1345 return NULL; 1346 1347 newtcp6sk = (struct tcp6_sock *)newsk; 1348 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1349 1350 newinet = inet_sk(newsk); 1351 newnp = inet6_sk(newsk); 1352 newtp = tcp_sk(newsk); 1353 1354 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1355 1356 ipv6_addr_set_v4mapped(newinet->inet_daddr, &newnp->daddr); 1357 1358 ipv6_addr_set_v4mapped(newinet->inet_saddr, &newnp->saddr); 1359 1360 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr); 1361 1362 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped; 1363 newsk->sk_backlog_rcv = tcp_v4_do_rcv; 1364 #ifdef CONFIG_TCP_MD5SIG 1365 newtp->af_specific = &tcp_sock_ipv6_mapped_specific; 1366 #endif 1367 1368 newnp->pktoptions = NULL; 1369 newnp->opt = NULL; 1370 newnp->mcast_oif = inet6_iif(skb); 1371 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1372 1373 /* 1374 * No need to charge this sock to the relevant IPv6 refcnt debug socks count 1375 * here, tcp_create_openreq_child now does this for us, see the comment in 1376 * that function for the gory details. -acme 1377 */ 1378 1379 /* It is tricky place. Until this moment IPv4 tcp 1380 worked with IPv6 icsk.icsk_af_ops. 1381 Sync it now. 1382 */ 1383 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); 1384 1385 return newsk; 1386 } 1387 1388 treq = inet6_rsk(req); 1389 opt = np->opt; 1390 1391 if (sk_acceptq_is_full(sk)) 1392 goto out_overflow; 1393 1394 if (dst == NULL) { 1395 struct in6_addr *final_p = NULL, final; 1396 struct flowi fl; 1397 1398 memset(&fl, 0, sizeof(fl)); 1399 fl.proto = IPPROTO_TCP; 1400 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr); 1401 if (opt && opt->srcrt) { 1402 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt; 1403 ipv6_addr_copy(&final, &fl.fl6_dst); 1404 ipv6_addr_copy(&fl.fl6_dst, rt0->addr); 1405 final_p = &final; 1406 } 1407 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr); 1408 fl.oif = sk->sk_bound_dev_if; 1409 fl.mark = sk->sk_mark; 1410 fl.fl_ip_dport = inet_rsk(req)->rmt_port; 1411 fl.fl_ip_sport = inet_rsk(req)->loc_port; 1412 security_req_classify_flow(req, &fl); 1413 1414 if (ip6_dst_lookup(sk, &dst, &fl)) 1415 goto out; 1416 1417 if (final_p) 1418 ipv6_addr_copy(&fl.fl6_dst, final_p); 1419 1420 if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0) 1421 goto out; 1422 } 1423 1424 newsk = tcp_create_openreq_child(sk, req, skb); 1425 if (newsk == NULL) 1426 goto out; 1427 1428 /* 1429 * No need to charge this sock to the relevant IPv6 refcnt debug socks 1430 * count here, tcp_create_openreq_child now does this for us, see the 1431 * comment in that function for the gory details. -acme 1432 */ 1433 1434 newsk->sk_gso_type = SKB_GSO_TCPV6; 1435 __ip6_dst_store(newsk, dst, NULL, NULL); 1436 1437 newtcp6sk = (struct tcp6_sock *)newsk; 1438 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1439 1440 newtp = tcp_sk(newsk); 1441 newinet = inet_sk(newsk); 1442 newnp = inet6_sk(newsk); 1443 1444 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1445 1446 ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr); 1447 ipv6_addr_copy(&newnp->saddr, &treq->loc_addr); 1448 ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr); 1449 newsk->sk_bound_dev_if = treq->iif; 1450 1451 /* Now IPv6 options... 1452 1453 First: no IPv4 options. 1454 */ 1455 newinet->opt = NULL; 1456 newnp->ipv6_fl_list = NULL; 1457 1458 /* Clone RX bits */ 1459 newnp->rxopt.all = np->rxopt.all; 1460 1461 /* Clone pktoptions received with SYN */ 1462 newnp->pktoptions = NULL; 1463 if (treq->pktopts != NULL) { 1464 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC); 1465 kfree_skb(treq->pktopts); 1466 treq->pktopts = NULL; 1467 if (newnp->pktoptions) 1468 skb_set_owner_r(newnp->pktoptions, newsk); 1469 } 1470 newnp->opt = NULL; 1471 newnp->mcast_oif = inet6_iif(skb); 1472 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1473 1474 /* Clone native IPv6 options from listening socket (if any) 1475 1476 Yes, keeping reference count would be much more clever, 1477 but we make one more one thing there: reattach optmem 1478 to newsk. 1479 */ 1480 if (opt) { 1481 newnp->opt = ipv6_dup_options(newsk, opt); 1482 if (opt != np->opt) 1483 sock_kfree_s(sk, opt, opt->tot_len); 1484 } 1485 1486 inet_csk(newsk)->icsk_ext_hdr_len = 0; 1487 if (newnp->opt) 1488 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen + 1489 newnp->opt->opt_flen); 1490 1491 tcp_mtup_init(newsk); 1492 tcp_sync_mss(newsk, dst_mtu(dst)); 1493 newtp->advmss = dst_metric(dst, RTAX_ADVMSS); 1494 tcp_initialize_rcv_mss(newsk); 1495 1496 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6; 1497 newinet->inet_rcv_saddr = LOOPBACK4_IPV6; 1498 1499 #ifdef CONFIG_TCP_MD5SIG 1500 /* Copy over the MD5 key from the original socket */ 1501 if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) { 1502 /* We're using one, so create a matching key 1503 * on the newsk structure. If we fail to get 1504 * memory, then we end up not copying the key 1505 * across. Shucks. 1506 */ 1507 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC); 1508 if (newkey != NULL) 1509 tcp_v6_md5_do_add(newsk, &newnp->daddr, 1510 newkey, key->keylen); 1511 } 1512 #endif 1513 1514 __inet6_hash(newsk, NULL); 1515 __inet_inherit_port(sk, newsk); 1516 1517 return newsk; 1518 1519 out_overflow: 1520 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); 1521 out: 1522 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); 1523 if (opt && opt != np->opt) 1524 sock_kfree_s(sk, opt, opt->tot_len); 1525 dst_release(dst); 1526 return NULL; 1527 } 1528 1529 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb) 1530 { 1531 if (skb->ip_summed == CHECKSUM_COMPLETE) { 1532 if (!tcp_v6_check(skb->len, &ipv6_hdr(skb)->saddr, 1533 &ipv6_hdr(skb)->daddr, skb->csum)) { 1534 skb->ip_summed = CHECKSUM_UNNECESSARY; 1535 return 0; 1536 } 1537 } 1538 1539 skb->csum = ~csum_unfold(tcp_v6_check(skb->len, 1540 &ipv6_hdr(skb)->saddr, 1541 &ipv6_hdr(skb)->daddr, 0)); 1542 1543 if (skb->len <= 76) { 1544 return __skb_checksum_complete(skb); 1545 } 1546 return 0; 1547 } 1548 1549 /* The socket must have it's spinlock held when we get 1550 * here. 1551 * 1552 * We have a potential double-lock case here, so even when 1553 * doing backlog processing we use the BH locking scheme. 1554 * This is because we cannot sleep with the original spinlock 1555 * held. 1556 */ 1557 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) 1558 { 1559 struct ipv6_pinfo *np = inet6_sk(sk); 1560 struct tcp_sock *tp; 1561 struct sk_buff *opt_skb = NULL; 1562 1563 /* Imagine: socket is IPv6. IPv4 packet arrives, 1564 goes to IPv4 receive handler and backlogged. 1565 From backlog it always goes here. Kerboom... 1566 Fortunately, tcp_rcv_established and rcv_established 1567 handle them correctly, but it is not case with 1568 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK 1569 */ 1570 1571 if (skb->protocol == htons(ETH_P_IP)) 1572 return tcp_v4_do_rcv(sk, skb); 1573 1574 #ifdef CONFIG_TCP_MD5SIG 1575 if (tcp_v6_inbound_md5_hash (sk, skb)) 1576 goto discard; 1577 #endif 1578 1579 if (sk_filter(sk, skb)) 1580 goto discard; 1581 1582 /* 1583 * socket locking is here for SMP purposes as backlog rcv 1584 * is currently called with bh processing disabled. 1585 */ 1586 1587 /* Do Stevens' IPV6_PKTOPTIONS. 1588 1589 Yes, guys, it is the only place in our code, where we 1590 may make it not affecting IPv4. 1591 The rest of code is protocol independent, 1592 and I do not like idea to uglify IPv4. 1593 1594 Actually, all the idea behind IPV6_PKTOPTIONS 1595 looks not very well thought. For now we latch 1596 options, received in the last packet, enqueued 1597 by tcp. Feel free to propose better solution. 1598 --ANK (980728) 1599 */ 1600 if (np->rxopt.all) 1601 opt_skb = skb_clone(skb, GFP_ATOMIC); 1602 1603 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ 1604 TCP_CHECK_TIMER(sk); 1605 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) 1606 goto reset; 1607 TCP_CHECK_TIMER(sk); 1608 if (opt_skb) 1609 goto ipv6_pktoptions; 1610 return 0; 1611 } 1612 1613 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb)) 1614 goto csum_err; 1615 1616 if (sk->sk_state == TCP_LISTEN) { 1617 struct sock *nsk = tcp_v6_hnd_req(sk, skb); 1618 if (!nsk) 1619 goto discard; 1620 1621 /* 1622 * Queue it on the new socket if the new socket is active, 1623 * otherwise we just shortcircuit this and continue with 1624 * the new socket.. 1625 */ 1626 if(nsk != sk) { 1627 if (tcp_child_process(sk, nsk, skb)) 1628 goto reset; 1629 if (opt_skb) 1630 __kfree_skb(opt_skb); 1631 return 0; 1632 } 1633 } 1634 1635 TCP_CHECK_TIMER(sk); 1636 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) 1637 goto reset; 1638 TCP_CHECK_TIMER(sk); 1639 if (opt_skb) 1640 goto ipv6_pktoptions; 1641 return 0; 1642 1643 reset: 1644 tcp_v6_send_reset(sk, skb); 1645 discard: 1646 if (opt_skb) 1647 __kfree_skb(opt_skb); 1648 kfree_skb(skb); 1649 return 0; 1650 csum_err: 1651 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS); 1652 goto discard; 1653 1654 1655 ipv6_pktoptions: 1656 /* Do you ask, what is it? 1657 1658 1. skb was enqueued by tcp. 1659 2. skb is added to tail of read queue, rather than out of order. 1660 3. socket is not in passive state. 1661 4. Finally, it really contains options, which user wants to receive. 1662 */ 1663 tp = tcp_sk(sk); 1664 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt && 1665 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) { 1666 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo) 1667 np->mcast_oif = inet6_iif(opt_skb); 1668 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) 1669 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit; 1670 if (ipv6_opt_accepted(sk, opt_skb)) { 1671 skb_set_owner_r(opt_skb, sk); 1672 opt_skb = xchg(&np->pktoptions, opt_skb); 1673 } else { 1674 __kfree_skb(opt_skb); 1675 opt_skb = xchg(&np->pktoptions, NULL); 1676 } 1677 } 1678 1679 kfree_skb(opt_skb); 1680 return 0; 1681 } 1682 1683 static int tcp_v6_rcv(struct sk_buff *skb) 1684 { 1685 struct tcphdr *th; 1686 struct ipv6hdr *hdr; 1687 struct sock *sk; 1688 int ret; 1689 struct net *net = dev_net(skb->dev); 1690 1691 if (skb->pkt_type != PACKET_HOST) 1692 goto discard_it; 1693 1694 /* 1695 * Count it even if it's bad. 1696 */ 1697 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS); 1698 1699 if (!pskb_may_pull(skb, sizeof(struct tcphdr))) 1700 goto discard_it; 1701 1702 th = tcp_hdr(skb); 1703 1704 if (th->doff < sizeof(struct tcphdr)/4) 1705 goto bad_packet; 1706 if (!pskb_may_pull(skb, th->doff*4)) 1707 goto discard_it; 1708 1709 if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb)) 1710 goto bad_packet; 1711 1712 th = tcp_hdr(skb); 1713 hdr = ipv6_hdr(skb); 1714 TCP_SKB_CB(skb)->seq = ntohl(th->seq); 1715 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin + 1716 skb->len - th->doff*4); 1717 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq); 1718 TCP_SKB_CB(skb)->when = 0; 1719 TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(hdr); 1720 TCP_SKB_CB(skb)->sacked = 0; 1721 1722 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); 1723 if (!sk) 1724 goto no_tcp_socket; 1725 1726 process: 1727 if (sk->sk_state == TCP_TIME_WAIT) 1728 goto do_time_wait; 1729 1730 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) { 1731 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); 1732 goto discard_and_relse; 1733 } 1734 1735 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) 1736 goto discard_and_relse; 1737 1738 if (sk_filter(sk, skb)) 1739 goto discard_and_relse; 1740 1741 skb->dev = NULL; 1742 1743 bh_lock_sock_nested(sk); 1744 ret = 0; 1745 if (!sock_owned_by_user(sk)) { 1746 #ifdef CONFIG_NET_DMA 1747 struct tcp_sock *tp = tcp_sk(sk); 1748 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list) 1749 tp->ucopy.dma_chan = dma_find_channel(DMA_MEMCPY); 1750 if (tp->ucopy.dma_chan) 1751 ret = tcp_v6_do_rcv(sk, skb); 1752 else 1753 #endif 1754 { 1755 if (!tcp_prequeue(sk, skb)) 1756 ret = tcp_v6_do_rcv(sk, skb); 1757 } 1758 } else if (unlikely(sk_add_backlog(sk, skb))) { 1759 bh_unlock_sock(sk); 1760 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP); 1761 goto discard_and_relse; 1762 } 1763 bh_unlock_sock(sk); 1764 1765 sock_put(sk); 1766 return ret ? -1 : 0; 1767 1768 no_tcp_socket: 1769 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 1770 goto discard_it; 1771 1772 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1773 bad_packet: 1774 TCP_INC_STATS_BH(net, TCP_MIB_INERRS); 1775 } else { 1776 tcp_v6_send_reset(NULL, skb); 1777 } 1778 1779 discard_it: 1780 1781 /* 1782 * Discard frame 1783 */ 1784 1785 kfree_skb(skb); 1786 return 0; 1787 1788 discard_and_relse: 1789 sock_put(sk); 1790 goto discard_it; 1791 1792 do_time_wait: 1793 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 1794 inet_twsk_put(inet_twsk(sk)); 1795 goto discard_it; 1796 } 1797 1798 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1799 TCP_INC_STATS_BH(net, TCP_MIB_INERRS); 1800 inet_twsk_put(inet_twsk(sk)); 1801 goto discard_it; 1802 } 1803 1804 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) { 1805 case TCP_TW_SYN: 1806 { 1807 struct sock *sk2; 1808 1809 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo, 1810 &ipv6_hdr(skb)->daddr, 1811 ntohs(th->dest), inet6_iif(skb)); 1812 if (sk2 != NULL) { 1813 struct inet_timewait_sock *tw = inet_twsk(sk); 1814 inet_twsk_deschedule(tw, &tcp_death_row); 1815 inet_twsk_put(tw); 1816 sk = sk2; 1817 goto process; 1818 } 1819 /* Fall through to ACK */ 1820 } 1821 case TCP_TW_ACK: 1822 tcp_v6_timewait_ack(sk, skb); 1823 break; 1824 case TCP_TW_RST: 1825 goto no_tcp_socket; 1826 case TCP_TW_SUCCESS:; 1827 } 1828 goto discard_it; 1829 } 1830 1831 static int tcp_v6_remember_stamp(struct sock *sk) 1832 { 1833 /* Alas, not yet... */ 1834 return 0; 1835 } 1836 1837 static const struct inet_connection_sock_af_ops ipv6_specific = { 1838 .queue_xmit = inet6_csk_xmit, 1839 .send_check = tcp_v6_send_check, 1840 .rebuild_header = inet6_sk_rebuild_header, 1841 .conn_request = tcp_v6_conn_request, 1842 .syn_recv_sock = tcp_v6_syn_recv_sock, 1843 .remember_stamp = tcp_v6_remember_stamp, 1844 .net_header_len = sizeof(struct ipv6hdr), 1845 .setsockopt = ipv6_setsockopt, 1846 .getsockopt = ipv6_getsockopt, 1847 .addr2sockaddr = inet6_csk_addr2sockaddr, 1848 .sockaddr_len = sizeof(struct sockaddr_in6), 1849 .bind_conflict = inet6_csk_bind_conflict, 1850 #ifdef CONFIG_COMPAT 1851 .compat_setsockopt = compat_ipv6_setsockopt, 1852 .compat_getsockopt = compat_ipv6_getsockopt, 1853 #endif 1854 }; 1855 1856 #ifdef CONFIG_TCP_MD5SIG 1857 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = { 1858 .md5_lookup = tcp_v6_md5_lookup, 1859 .calc_md5_hash = tcp_v6_md5_hash_skb, 1860 .md5_add = tcp_v6_md5_add_func, 1861 .md5_parse = tcp_v6_parse_md5_keys, 1862 }; 1863 #endif 1864 1865 /* 1866 * TCP over IPv4 via INET6 API 1867 */ 1868 1869 static const struct inet_connection_sock_af_ops ipv6_mapped = { 1870 .queue_xmit = ip_queue_xmit, 1871 .send_check = tcp_v4_send_check, 1872 .rebuild_header = inet_sk_rebuild_header, 1873 .conn_request = tcp_v6_conn_request, 1874 .syn_recv_sock = tcp_v6_syn_recv_sock, 1875 .remember_stamp = tcp_v4_remember_stamp, 1876 .net_header_len = sizeof(struct iphdr), 1877 .setsockopt = ipv6_setsockopt, 1878 .getsockopt = ipv6_getsockopt, 1879 .addr2sockaddr = inet6_csk_addr2sockaddr, 1880 .sockaddr_len = sizeof(struct sockaddr_in6), 1881 .bind_conflict = inet6_csk_bind_conflict, 1882 #ifdef CONFIG_COMPAT 1883 .compat_setsockopt = compat_ipv6_setsockopt, 1884 .compat_getsockopt = compat_ipv6_getsockopt, 1885 #endif 1886 }; 1887 1888 #ifdef CONFIG_TCP_MD5SIG 1889 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = { 1890 .md5_lookup = tcp_v4_md5_lookup, 1891 .calc_md5_hash = tcp_v4_md5_hash_skb, 1892 .md5_add = tcp_v6_md5_add_func, 1893 .md5_parse = tcp_v6_parse_md5_keys, 1894 }; 1895 #endif 1896 1897 /* NOTE: A lot of things set to zero explicitly by call to 1898 * sk_alloc() so need not be done here. 1899 */ 1900 static int tcp_v6_init_sock(struct sock *sk) 1901 { 1902 struct inet_connection_sock *icsk = inet_csk(sk); 1903 struct tcp_sock *tp = tcp_sk(sk); 1904 1905 skb_queue_head_init(&tp->out_of_order_queue); 1906 tcp_init_xmit_timers(sk); 1907 tcp_prequeue_init(tp); 1908 1909 icsk->icsk_rto = TCP_TIMEOUT_INIT; 1910 tp->mdev = TCP_TIMEOUT_INIT; 1911 1912 /* So many TCP implementations out there (incorrectly) count the 1913 * initial SYN frame in their delayed-ACK and congestion control 1914 * algorithms that we must have the following bandaid to talk 1915 * efficiently to them. -DaveM 1916 */ 1917 tp->snd_cwnd = 2; 1918 1919 /* See draft-stevens-tcpca-spec-01 for discussion of the 1920 * initialization of these values. 1921 */ 1922 tp->snd_ssthresh = TCP_INFINITE_SSTHRESH; 1923 tp->snd_cwnd_clamp = ~0; 1924 tp->mss_cache = TCP_MSS_DEFAULT; 1925 1926 tp->reordering = sysctl_tcp_reordering; 1927 1928 sk->sk_state = TCP_CLOSE; 1929 1930 icsk->icsk_af_ops = &ipv6_specific; 1931 icsk->icsk_ca_ops = &tcp_init_congestion_ops; 1932 icsk->icsk_sync_mss = tcp_sync_mss; 1933 sk->sk_write_space = sk_stream_write_space; 1934 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE); 1935 1936 #ifdef CONFIG_TCP_MD5SIG 1937 tp->af_specific = &tcp_sock_ipv6_specific; 1938 #endif 1939 1940 /* TCP Cookie Transactions */ 1941 if (sysctl_tcp_cookie_size > 0) { 1942 /* Default, cookies without s_data_payload. */ 1943 tp->cookie_values = 1944 kzalloc(sizeof(*tp->cookie_values), 1945 sk->sk_allocation); 1946 if (tp->cookie_values != NULL) 1947 kref_init(&tp->cookie_values->kref); 1948 } 1949 /* Presumed zeroed, in order of appearance: 1950 * cookie_in_always, cookie_out_never, 1951 * s_data_constant, s_data_in, s_data_out 1952 */ 1953 sk->sk_sndbuf = sysctl_tcp_wmem[1]; 1954 sk->sk_rcvbuf = sysctl_tcp_rmem[1]; 1955 1956 local_bh_disable(); 1957 percpu_counter_inc(&tcp_sockets_allocated); 1958 local_bh_enable(); 1959 1960 return 0; 1961 } 1962 1963 static void tcp_v6_destroy_sock(struct sock *sk) 1964 { 1965 #ifdef CONFIG_TCP_MD5SIG 1966 /* Clean up the MD5 key list */ 1967 if (tcp_sk(sk)->md5sig_info) 1968 tcp_v6_clear_md5_list(sk); 1969 #endif 1970 tcp_v4_destroy_sock(sk); 1971 inet6_destroy_sock(sk); 1972 } 1973 1974 #ifdef CONFIG_PROC_FS 1975 /* Proc filesystem TCPv6 sock list dumping. */ 1976 static void get_openreq6(struct seq_file *seq, 1977 struct sock *sk, struct request_sock *req, int i, int uid) 1978 { 1979 int ttd = req->expires - jiffies; 1980 struct in6_addr *src = &inet6_rsk(req)->loc_addr; 1981 struct in6_addr *dest = &inet6_rsk(req)->rmt_addr; 1982 1983 if (ttd < 0) 1984 ttd = 0; 1985 1986 seq_printf(seq, 1987 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1988 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n", 1989 i, 1990 src->s6_addr32[0], src->s6_addr32[1], 1991 src->s6_addr32[2], src->s6_addr32[3], 1992 ntohs(inet_rsk(req)->loc_port), 1993 dest->s6_addr32[0], dest->s6_addr32[1], 1994 dest->s6_addr32[2], dest->s6_addr32[3], 1995 ntohs(inet_rsk(req)->rmt_port), 1996 TCP_SYN_RECV, 1997 0,0, /* could print option size, but that is af dependent. */ 1998 1, /* timers active (only the expire timer) */ 1999 jiffies_to_clock_t(ttd), 2000 req->retrans, 2001 uid, 2002 0, /* non standard timer */ 2003 0, /* open_requests have no inode */ 2004 0, req); 2005 } 2006 2007 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) 2008 { 2009 struct in6_addr *dest, *src; 2010 __u16 destp, srcp; 2011 int timer_active; 2012 unsigned long timer_expires; 2013 struct inet_sock *inet = inet_sk(sp); 2014 struct tcp_sock *tp = tcp_sk(sp); 2015 const struct inet_connection_sock *icsk = inet_csk(sp); 2016 struct ipv6_pinfo *np = inet6_sk(sp); 2017 2018 dest = &np->daddr; 2019 src = &np->rcv_saddr; 2020 destp = ntohs(inet->inet_dport); 2021 srcp = ntohs(inet->inet_sport); 2022 2023 if (icsk->icsk_pending == ICSK_TIME_RETRANS) { 2024 timer_active = 1; 2025 timer_expires = icsk->icsk_timeout; 2026 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) { 2027 timer_active = 4; 2028 timer_expires = icsk->icsk_timeout; 2029 } else if (timer_pending(&sp->sk_timer)) { 2030 timer_active = 2; 2031 timer_expires = sp->sk_timer.expires; 2032 } else { 2033 timer_active = 0; 2034 timer_expires = jiffies; 2035 } 2036 2037 seq_printf(seq, 2038 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 2039 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %lu %lu %u %u %d\n", 2040 i, 2041 src->s6_addr32[0], src->s6_addr32[1], 2042 src->s6_addr32[2], src->s6_addr32[3], srcp, 2043 dest->s6_addr32[0], dest->s6_addr32[1], 2044 dest->s6_addr32[2], dest->s6_addr32[3], destp, 2045 sp->sk_state, 2046 tp->write_seq-tp->snd_una, 2047 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq), 2048 timer_active, 2049 jiffies_to_clock_t(timer_expires - jiffies), 2050 icsk->icsk_retransmits, 2051 sock_i_uid(sp), 2052 icsk->icsk_probes_out, 2053 sock_i_ino(sp), 2054 atomic_read(&sp->sk_refcnt), sp, 2055 jiffies_to_clock_t(icsk->icsk_rto), 2056 jiffies_to_clock_t(icsk->icsk_ack.ato), 2057 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong, 2058 tp->snd_cwnd, 2059 tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh 2060 ); 2061 } 2062 2063 static void get_timewait6_sock(struct seq_file *seq, 2064 struct inet_timewait_sock *tw, int i) 2065 { 2066 struct in6_addr *dest, *src; 2067 __u16 destp, srcp; 2068 struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw); 2069 int ttd = tw->tw_ttd - jiffies; 2070 2071 if (ttd < 0) 2072 ttd = 0; 2073 2074 dest = &tw6->tw_v6_daddr; 2075 src = &tw6->tw_v6_rcv_saddr; 2076 destp = ntohs(tw->tw_dport); 2077 srcp = ntohs(tw->tw_sport); 2078 2079 seq_printf(seq, 2080 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 2081 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n", 2082 i, 2083 src->s6_addr32[0], src->s6_addr32[1], 2084 src->s6_addr32[2], src->s6_addr32[3], srcp, 2085 dest->s6_addr32[0], dest->s6_addr32[1], 2086 dest->s6_addr32[2], dest->s6_addr32[3], destp, 2087 tw->tw_substate, 0, 0, 2088 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0, 2089 atomic_read(&tw->tw_refcnt), tw); 2090 } 2091 2092 static int tcp6_seq_show(struct seq_file *seq, void *v) 2093 { 2094 struct tcp_iter_state *st; 2095 2096 if (v == SEQ_START_TOKEN) { 2097 seq_puts(seq, 2098 " sl " 2099 "local_address " 2100 "remote_address " 2101 "st tx_queue rx_queue tr tm->when retrnsmt" 2102 " uid timeout inode\n"); 2103 goto out; 2104 } 2105 st = seq->private; 2106 2107 switch (st->state) { 2108 case TCP_SEQ_STATE_LISTENING: 2109 case TCP_SEQ_STATE_ESTABLISHED: 2110 get_tcp6_sock(seq, v, st->num); 2111 break; 2112 case TCP_SEQ_STATE_OPENREQ: 2113 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid); 2114 break; 2115 case TCP_SEQ_STATE_TIME_WAIT: 2116 get_timewait6_sock(seq, v, st->num); 2117 break; 2118 } 2119 out: 2120 return 0; 2121 } 2122 2123 static struct tcp_seq_afinfo tcp6_seq_afinfo = { 2124 .name = "tcp6", 2125 .family = AF_INET6, 2126 .seq_fops = { 2127 .owner = THIS_MODULE, 2128 }, 2129 .seq_ops = { 2130 .show = tcp6_seq_show, 2131 }, 2132 }; 2133 2134 int __net_init tcp6_proc_init(struct net *net) 2135 { 2136 return tcp_proc_register(net, &tcp6_seq_afinfo); 2137 } 2138 2139 void tcp6_proc_exit(struct net *net) 2140 { 2141 tcp_proc_unregister(net, &tcp6_seq_afinfo); 2142 } 2143 #endif 2144 2145 struct proto tcpv6_prot = { 2146 .name = "TCPv6", 2147 .owner = THIS_MODULE, 2148 .close = tcp_close, 2149 .connect = tcp_v6_connect, 2150 .disconnect = tcp_disconnect, 2151 .accept = inet_csk_accept, 2152 .ioctl = tcp_ioctl, 2153 .init = tcp_v6_init_sock, 2154 .destroy = tcp_v6_destroy_sock, 2155 .shutdown = tcp_shutdown, 2156 .setsockopt = tcp_setsockopt, 2157 .getsockopt = tcp_getsockopt, 2158 .recvmsg = tcp_recvmsg, 2159 .backlog_rcv = tcp_v6_do_rcv, 2160 .hash = tcp_v6_hash, 2161 .unhash = inet_unhash, 2162 .get_port = inet_csk_get_port, 2163 .enter_memory_pressure = tcp_enter_memory_pressure, 2164 .sockets_allocated = &tcp_sockets_allocated, 2165 .memory_allocated = &tcp_memory_allocated, 2166 .memory_pressure = &tcp_memory_pressure, 2167 .orphan_count = &tcp_orphan_count, 2168 .sysctl_mem = sysctl_tcp_mem, 2169 .sysctl_wmem = sysctl_tcp_wmem, 2170 .sysctl_rmem = sysctl_tcp_rmem, 2171 .max_header = MAX_TCP_HEADER, 2172 .obj_size = sizeof(struct tcp6_sock), 2173 .slab_flags = SLAB_DESTROY_BY_RCU, 2174 .twsk_prot = &tcp6_timewait_sock_ops, 2175 .rsk_prot = &tcp6_request_sock_ops, 2176 .h.hashinfo = &tcp_hashinfo, 2177 #ifdef CONFIG_COMPAT 2178 .compat_setsockopt = compat_tcp_setsockopt, 2179 .compat_getsockopt = compat_tcp_getsockopt, 2180 #endif 2181 }; 2182 2183 static const struct inet6_protocol tcpv6_protocol = { 2184 .handler = tcp_v6_rcv, 2185 .err_handler = tcp_v6_err, 2186 .gso_send_check = tcp_v6_gso_send_check, 2187 .gso_segment = tcp_tso_segment, 2188 .gro_receive = tcp6_gro_receive, 2189 .gro_complete = tcp6_gro_complete, 2190 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 2191 }; 2192 2193 static struct inet_protosw tcpv6_protosw = { 2194 .type = SOCK_STREAM, 2195 .protocol = IPPROTO_TCP, 2196 .prot = &tcpv6_prot, 2197 .ops = &inet6_stream_ops, 2198 .no_check = 0, 2199 .flags = INET_PROTOSW_PERMANENT | 2200 INET_PROTOSW_ICSK, 2201 }; 2202 2203 static int __net_init tcpv6_net_init(struct net *net) 2204 { 2205 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6, 2206 SOCK_RAW, IPPROTO_TCP, net); 2207 } 2208 2209 static void __net_exit tcpv6_net_exit(struct net *net) 2210 { 2211 inet_ctl_sock_destroy(net->ipv6.tcp_sk); 2212 } 2213 2214 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list) 2215 { 2216 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET6); 2217 } 2218 2219 static struct pernet_operations tcpv6_net_ops = { 2220 .init = tcpv6_net_init, 2221 .exit = tcpv6_net_exit, 2222 .exit_batch = tcpv6_net_exit_batch, 2223 }; 2224 2225 int __init tcpv6_init(void) 2226 { 2227 int ret; 2228 2229 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP); 2230 if (ret) 2231 goto out; 2232 2233 /* register inet6 protocol */ 2234 ret = inet6_register_protosw(&tcpv6_protosw); 2235 if (ret) 2236 goto out_tcpv6_protocol; 2237 2238 ret = register_pernet_subsys(&tcpv6_net_ops); 2239 if (ret) 2240 goto out_tcpv6_protosw; 2241 out: 2242 return ret; 2243 2244 out_tcpv6_protocol: 2245 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2246 out_tcpv6_protosw: 2247 inet6_unregister_protosw(&tcpv6_protosw); 2248 goto out; 2249 } 2250 2251 void tcpv6_exit(void) 2252 { 2253 unregister_pernet_subsys(&tcpv6_net_ops); 2254 inet6_unregister_protosw(&tcpv6_protosw); 2255 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2256 } 2257