1 /* 2 * TCP over IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on: 9 * linux/net/ipv4/tcp.c 10 * linux/net/ipv4/tcp_input.c 11 * linux/net/ipv4/tcp_output.c 12 * 13 * Fixes: 14 * Hideaki YOSHIFUJI : sin6_scope_id support 15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which 16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind 17 * a single port at the same time. 18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file. 19 * 20 * This program is free software; you can redistribute it and/or 21 * modify it under the terms of the GNU General Public License 22 * as published by the Free Software Foundation; either version 23 * 2 of the License, or (at your option) any later version. 24 */ 25 26 #include <linux/bottom_half.h> 27 #include <linux/module.h> 28 #include <linux/errno.h> 29 #include <linux/types.h> 30 #include <linux/socket.h> 31 #include <linux/sockios.h> 32 #include <linux/net.h> 33 #include <linux/jiffies.h> 34 #include <linux/in.h> 35 #include <linux/in6.h> 36 #include <linux/netdevice.h> 37 #include <linux/init.h> 38 #include <linux/jhash.h> 39 #include <linux/ipsec.h> 40 #include <linux/times.h> 41 #include <linux/slab.h> 42 43 #include <linux/ipv6.h> 44 #include <linux/icmpv6.h> 45 #include <linux/random.h> 46 47 #include <net/tcp.h> 48 #include <net/ndisc.h> 49 #include <net/inet6_hashtables.h> 50 #include <net/inet6_connection_sock.h> 51 #include <net/ipv6.h> 52 #include <net/transp_v6.h> 53 #include <net/addrconf.h> 54 #include <net/ip6_route.h> 55 #include <net/ip6_checksum.h> 56 #include <net/inet_ecn.h> 57 #include <net/protocol.h> 58 #include <net/xfrm.h> 59 #include <net/snmp.h> 60 #include <net/dsfield.h> 61 #include <net/timewait_sock.h> 62 #include <net/netdma.h> 63 #include <net/inet_common.h> 64 #include <net/secure_seq.h> 65 #include <net/tcp_memcontrol.h> 66 67 #include <asm/uaccess.h> 68 69 #include <linux/proc_fs.h> 70 #include <linux/seq_file.h> 71 72 #include <linux/crypto.h> 73 #include <linux/scatterlist.h> 74 75 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb); 76 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb, 77 struct request_sock *req); 78 79 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb); 80 static void __tcp_v6_send_check(struct sk_buff *skb, 81 const struct in6_addr *saddr, 82 const struct in6_addr *daddr); 83 84 static const struct inet_connection_sock_af_ops ipv6_mapped; 85 static const struct inet_connection_sock_af_ops ipv6_specific; 86 #ifdef CONFIG_TCP_MD5SIG 87 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific; 88 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific; 89 #else 90 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, 91 const struct in6_addr *addr) 92 { 93 return NULL; 94 } 95 #endif 96 97 static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) 98 { 99 struct dst_entry *dst = skb_dst(skb); 100 const struct rt6_info *rt = (const struct rt6_info *)dst; 101 102 dst_hold(dst); 103 sk->sk_rx_dst = dst; 104 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif; 105 if (rt->rt6i_node) 106 inet6_sk(sk)->rx_dst_cookie = rt->rt6i_node->fn_sernum; 107 } 108 109 static void tcp_v6_hash(struct sock *sk) 110 { 111 if (sk->sk_state != TCP_CLOSE) { 112 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) { 113 tcp_prot.hash(sk); 114 return; 115 } 116 local_bh_disable(); 117 __inet6_hash(sk, NULL); 118 local_bh_enable(); 119 } 120 } 121 122 static __inline__ __sum16 tcp_v6_check(int len, 123 const struct in6_addr *saddr, 124 const struct in6_addr *daddr, 125 __wsum base) 126 { 127 return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base); 128 } 129 130 static __u32 tcp_v6_init_sequence(const struct sk_buff *skb) 131 { 132 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32, 133 ipv6_hdr(skb)->saddr.s6_addr32, 134 tcp_hdr(skb)->dest, 135 tcp_hdr(skb)->source); 136 } 137 138 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 139 int addr_len) 140 { 141 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; 142 struct inet_sock *inet = inet_sk(sk); 143 struct inet_connection_sock *icsk = inet_csk(sk); 144 struct ipv6_pinfo *np = inet6_sk(sk); 145 struct tcp_sock *tp = tcp_sk(sk); 146 struct in6_addr *saddr = NULL, *final_p, final; 147 struct rt6_info *rt; 148 struct flowi6 fl6; 149 struct dst_entry *dst; 150 int addr_type; 151 int err; 152 153 if (addr_len < SIN6_LEN_RFC2133) 154 return -EINVAL; 155 156 if (usin->sin6_family != AF_INET6) 157 return -EAFNOSUPPORT; 158 159 memset(&fl6, 0, sizeof(fl6)); 160 161 if (np->sndflow) { 162 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK; 163 IP6_ECN_flow_init(fl6.flowlabel); 164 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) { 165 struct ip6_flowlabel *flowlabel; 166 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); 167 if (flowlabel == NULL) 168 return -EINVAL; 169 usin->sin6_addr = flowlabel->dst; 170 fl6_sock_release(flowlabel); 171 } 172 } 173 174 /* 175 * connect() to INADDR_ANY means loopback (BSD'ism). 176 */ 177 178 if(ipv6_addr_any(&usin->sin6_addr)) 179 usin->sin6_addr.s6_addr[15] = 0x1; 180 181 addr_type = ipv6_addr_type(&usin->sin6_addr); 182 183 if(addr_type & IPV6_ADDR_MULTICAST) 184 return -ENETUNREACH; 185 186 if (addr_type&IPV6_ADDR_LINKLOCAL) { 187 if (addr_len >= sizeof(struct sockaddr_in6) && 188 usin->sin6_scope_id) { 189 /* If interface is set while binding, indices 190 * must coincide. 191 */ 192 if (sk->sk_bound_dev_if && 193 sk->sk_bound_dev_if != usin->sin6_scope_id) 194 return -EINVAL; 195 196 sk->sk_bound_dev_if = usin->sin6_scope_id; 197 } 198 199 /* Connect to link-local address requires an interface */ 200 if (!sk->sk_bound_dev_if) 201 return -EINVAL; 202 } 203 204 if (tp->rx_opt.ts_recent_stamp && 205 !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) { 206 tp->rx_opt.ts_recent = 0; 207 tp->rx_opt.ts_recent_stamp = 0; 208 tp->write_seq = 0; 209 } 210 211 np->daddr = usin->sin6_addr; 212 np->flow_label = fl6.flowlabel; 213 214 /* 215 * TCP over IPv4 216 */ 217 218 if (addr_type == IPV6_ADDR_MAPPED) { 219 u32 exthdrlen = icsk->icsk_ext_hdr_len; 220 struct sockaddr_in sin; 221 222 SOCK_DEBUG(sk, "connect: ipv4 mapped\n"); 223 224 if (__ipv6_only_sock(sk)) 225 return -ENETUNREACH; 226 227 sin.sin_family = AF_INET; 228 sin.sin_port = usin->sin6_port; 229 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3]; 230 231 icsk->icsk_af_ops = &ipv6_mapped; 232 sk->sk_backlog_rcv = tcp_v4_do_rcv; 233 #ifdef CONFIG_TCP_MD5SIG 234 tp->af_specific = &tcp_sock_ipv6_mapped_specific; 235 #endif 236 237 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin)); 238 239 if (err) { 240 icsk->icsk_ext_hdr_len = exthdrlen; 241 icsk->icsk_af_ops = &ipv6_specific; 242 sk->sk_backlog_rcv = tcp_v6_do_rcv; 243 #ifdef CONFIG_TCP_MD5SIG 244 tp->af_specific = &tcp_sock_ipv6_specific; 245 #endif 246 goto failure; 247 } else { 248 ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr); 249 ipv6_addr_set_v4mapped(inet->inet_rcv_saddr, 250 &np->rcv_saddr); 251 } 252 253 return err; 254 } 255 256 if (!ipv6_addr_any(&np->rcv_saddr)) 257 saddr = &np->rcv_saddr; 258 259 fl6.flowi6_proto = IPPROTO_TCP; 260 fl6.daddr = np->daddr; 261 fl6.saddr = saddr ? *saddr : np->saddr; 262 fl6.flowi6_oif = sk->sk_bound_dev_if; 263 fl6.flowi6_mark = sk->sk_mark; 264 fl6.fl6_dport = usin->sin6_port; 265 fl6.fl6_sport = inet->inet_sport; 266 267 final_p = fl6_update_dst(&fl6, np->opt, &final); 268 269 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); 270 271 dst = ip6_dst_lookup_flow(sk, &fl6, final_p, true); 272 if (IS_ERR(dst)) { 273 err = PTR_ERR(dst); 274 goto failure; 275 } 276 277 if (saddr == NULL) { 278 saddr = &fl6.saddr; 279 np->rcv_saddr = *saddr; 280 } 281 282 /* set the source address */ 283 np->saddr = *saddr; 284 inet->inet_rcv_saddr = LOOPBACK4_IPV6; 285 286 sk->sk_gso_type = SKB_GSO_TCPV6; 287 __ip6_dst_store(sk, dst, NULL, NULL); 288 289 rt = (struct rt6_info *) dst; 290 if (tcp_death_row.sysctl_tw_recycle && 291 !tp->rx_opt.ts_recent_stamp && 292 ipv6_addr_equal(&rt->rt6i_dst.addr, &np->daddr)) 293 tcp_fetch_timewait_stamp(sk, dst); 294 295 icsk->icsk_ext_hdr_len = 0; 296 if (np->opt) 297 icsk->icsk_ext_hdr_len = (np->opt->opt_flen + 298 np->opt->opt_nflen); 299 300 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 301 302 inet->inet_dport = usin->sin6_port; 303 304 tcp_set_state(sk, TCP_SYN_SENT); 305 err = inet6_hash_connect(&tcp_death_row, sk); 306 if (err) 307 goto late_failure; 308 309 if (!tp->write_seq) 310 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32, 311 np->daddr.s6_addr32, 312 inet->inet_sport, 313 inet->inet_dport); 314 315 err = tcp_connect(sk); 316 if (err) 317 goto late_failure; 318 319 return 0; 320 321 late_failure: 322 tcp_set_state(sk, TCP_CLOSE); 323 __sk_dst_reset(sk); 324 failure: 325 inet->inet_dport = 0; 326 sk->sk_route_caps = 0; 327 return err; 328 } 329 330 static void tcp_v6_mtu_reduced(struct sock *sk) 331 { 332 struct dst_entry *dst; 333 334 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) 335 return; 336 337 dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info); 338 if (!dst) 339 return; 340 341 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) { 342 tcp_sync_mss(sk, dst_mtu(dst)); 343 tcp_simple_retransmit(sk); 344 } 345 } 346 347 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 348 u8 type, u8 code, int offset, __be32 info) 349 { 350 const struct ipv6hdr *hdr = (const struct ipv6hdr*)skb->data; 351 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset); 352 struct ipv6_pinfo *np; 353 struct sock *sk; 354 int err; 355 struct tcp_sock *tp; 356 __u32 seq; 357 struct net *net = dev_net(skb->dev); 358 359 sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr, 360 th->dest, &hdr->saddr, th->source, skb->dev->ifindex); 361 362 if (sk == NULL) { 363 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev), 364 ICMP6_MIB_INERRORS); 365 return; 366 } 367 368 if (sk->sk_state == TCP_TIME_WAIT) { 369 inet_twsk_put(inet_twsk(sk)); 370 return; 371 } 372 373 bh_lock_sock(sk); 374 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG) 375 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS); 376 377 if (sk->sk_state == TCP_CLOSE) 378 goto out; 379 380 if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) { 381 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); 382 goto out; 383 } 384 385 tp = tcp_sk(sk); 386 seq = ntohl(th->seq); 387 if (sk->sk_state != TCP_LISTEN && 388 !between(seq, tp->snd_una, tp->snd_nxt)) { 389 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 390 goto out; 391 } 392 393 np = inet6_sk(sk); 394 395 if (type == NDISC_REDIRECT) { 396 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie); 397 398 if (dst) 399 dst->ops->redirect(dst, sk, skb); 400 } 401 402 if (type == ICMPV6_PKT_TOOBIG) { 403 tp->mtu_info = ntohl(info); 404 if (!sock_owned_by_user(sk)) 405 tcp_v6_mtu_reduced(sk); 406 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED, 407 &tp->tsq_flags)) 408 sock_hold(sk); 409 goto out; 410 } 411 412 icmpv6_err_convert(type, code, &err); 413 414 /* Might be for an request_sock */ 415 switch (sk->sk_state) { 416 struct request_sock *req, **prev; 417 case TCP_LISTEN: 418 if (sock_owned_by_user(sk)) 419 goto out; 420 421 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr, 422 &hdr->saddr, inet6_iif(skb)); 423 if (!req) 424 goto out; 425 426 /* ICMPs are not backlogged, hence we cannot get 427 * an established socket here. 428 */ 429 WARN_ON(req->sk != NULL); 430 431 if (seq != tcp_rsk(req)->snt_isn) { 432 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 433 goto out; 434 } 435 436 inet_csk_reqsk_queue_drop(sk, req, prev); 437 goto out; 438 439 case TCP_SYN_SENT: 440 case TCP_SYN_RECV: /* Cannot happen. 441 It can, it SYNs are crossed. --ANK */ 442 if (!sock_owned_by_user(sk)) { 443 sk->sk_err = err; 444 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */ 445 446 tcp_done(sk); 447 } else 448 sk->sk_err_soft = err; 449 goto out; 450 } 451 452 if (!sock_owned_by_user(sk) && np->recverr) { 453 sk->sk_err = err; 454 sk->sk_error_report(sk); 455 } else 456 sk->sk_err_soft = err; 457 458 out: 459 bh_unlock_sock(sk); 460 sock_put(sk); 461 } 462 463 464 static int tcp_v6_send_synack(struct sock *sk, struct dst_entry *dst, 465 struct flowi6 *fl6, 466 struct request_sock *req, 467 struct request_values *rvp, 468 u16 queue_mapping) 469 { 470 struct inet6_request_sock *treq = inet6_rsk(req); 471 struct ipv6_pinfo *np = inet6_sk(sk); 472 struct sk_buff * skb; 473 int err = -ENOMEM; 474 475 /* First, grab a route. */ 476 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req)) == NULL) 477 goto done; 478 479 skb = tcp_make_synack(sk, dst, req, rvp, NULL); 480 481 if (skb) { 482 __tcp_v6_send_check(skb, &treq->loc_addr, &treq->rmt_addr); 483 484 fl6->daddr = treq->rmt_addr; 485 skb_set_queue_mapping(skb, queue_mapping); 486 err = ip6_xmit(sk, skb, fl6, np->opt, np->tclass); 487 err = net_xmit_eval(err); 488 } 489 490 done: 491 return err; 492 } 493 494 static int tcp_v6_rtx_synack(struct sock *sk, struct request_sock *req, 495 struct request_values *rvp) 496 { 497 struct flowi6 fl6; 498 499 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_RETRANSSEGS); 500 return tcp_v6_send_synack(sk, NULL, &fl6, req, rvp, 0); 501 } 502 503 static void tcp_v6_reqsk_destructor(struct request_sock *req) 504 { 505 kfree_skb(inet6_rsk(req)->pktopts); 506 } 507 508 #ifdef CONFIG_TCP_MD5SIG 509 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, 510 const struct in6_addr *addr) 511 { 512 return tcp_md5_do_lookup(sk, (union tcp_md5_addr *)addr, AF_INET6); 513 } 514 515 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk, 516 struct sock *addr_sk) 517 { 518 return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr); 519 } 520 521 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk, 522 struct request_sock *req) 523 { 524 return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr); 525 } 526 527 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval, 528 int optlen) 529 { 530 struct tcp_md5sig cmd; 531 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr; 532 533 if (optlen < sizeof(cmd)) 534 return -EINVAL; 535 536 if (copy_from_user(&cmd, optval, sizeof(cmd))) 537 return -EFAULT; 538 539 if (sin6->sin6_family != AF_INET6) 540 return -EINVAL; 541 542 if (!cmd.tcpm_keylen) { 543 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) 544 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3], 545 AF_INET); 546 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr, 547 AF_INET6); 548 } 549 550 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN) 551 return -EINVAL; 552 553 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) 554 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3], 555 AF_INET, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL); 556 557 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr, 558 AF_INET6, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL); 559 } 560 561 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp, 562 const struct in6_addr *daddr, 563 const struct in6_addr *saddr, int nbytes) 564 { 565 struct tcp6_pseudohdr *bp; 566 struct scatterlist sg; 567 568 bp = &hp->md5_blk.ip6; 569 /* 1. TCP pseudo-header (RFC2460) */ 570 bp->saddr = *saddr; 571 bp->daddr = *daddr; 572 bp->protocol = cpu_to_be32(IPPROTO_TCP); 573 bp->len = cpu_to_be32(nbytes); 574 575 sg_init_one(&sg, bp, sizeof(*bp)); 576 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp)); 577 } 578 579 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key, 580 const struct in6_addr *daddr, struct in6_addr *saddr, 581 const struct tcphdr *th) 582 { 583 struct tcp_md5sig_pool *hp; 584 struct hash_desc *desc; 585 586 hp = tcp_get_md5sig_pool(); 587 if (!hp) 588 goto clear_hash_noput; 589 desc = &hp->md5_desc; 590 591 if (crypto_hash_init(desc)) 592 goto clear_hash; 593 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2)) 594 goto clear_hash; 595 if (tcp_md5_hash_header(hp, th)) 596 goto clear_hash; 597 if (tcp_md5_hash_key(hp, key)) 598 goto clear_hash; 599 if (crypto_hash_final(desc, md5_hash)) 600 goto clear_hash; 601 602 tcp_put_md5sig_pool(); 603 return 0; 604 605 clear_hash: 606 tcp_put_md5sig_pool(); 607 clear_hash_noput: 608 memset(md5_hash, 0, 16); 609 return 1; 610 } 611 612 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key, 613 const struct sock *sk, 614 const struct request_sock *req, 615 const struct sk_buff *skb) 616 { 617 const struct in6_addr *saddr, *daddr; 618 struct tcp_md5sig_pool *hp; 619 struct hash_desc *desc; 620 const struct tcphdr *th = tcp_hdr(skb); 621 622 if (sk) { 623 saddr = &inet6_sk(sk)->saddr; 624 daddr = &inet6_sk(sk)->daddr; 625 } else if (req) { 626 saddr = &inet6_rsk(req)->loc_addr; 627 daddr = &inet6_rsk(req)->rmt_addr; 628 } else { 629 const struct ipv6hdr *ip6h = ipv6_hdr(skb); 630 saddr = &ip6h->saddr; 631 daddr = &ip6h->daddr; 632 } 633 634 hp = tcp_get_md5sig_pool(); 635 if (!hp) 636 goto clear_hash_noput; 637 desc = &hp->md5_desc; 638 639 if (crypto_hash_init(desc)) 640 goto clear_hash; 641 642 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len)) 643 goto clear_hash; 644 if (tcp_md5_hash_header(hp, th)) 645 goto clear_hash; 646 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2)) 647 goto clear_hash; 648 if (tcp_md5_hash_key(hp, key)) 649 goto clear_hash; 650 if (crypto_hash_final(desc, md5_hash)) 651 goto clear_hash; 652 653 tcp_put_md5sig_pool(); 654 return 0; 655 656 clear_hash: 657 tcp_put_md5sig_pool(); 658 clear_hash_noput: 659 memset(md5_hash, 0, 16); 660 return 1; 661 } 662 663 static int tcp_v6_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb) 664 { 665 const __u8 *hash_location = NULL; 666 struct tcp_md5sig_key *hash_expected; 667 const struct ipv6hdr *ip6h = ipv6_hdr(skb); 668 const struct tcphdr *th = tcp_hdr(skb); 669 int genhash; 670 u8 newhash[16]; 671 672 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr); 673 hash_location = tcp_parse_md5sig_option(th); 674 675 /* We've parsed the options - do we have a hash? */ 676 if (!hash_expected && !hash_location) 677 return 0; 678 679 if (hash_expected && !hash_location) { 680 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND); 681 return 1; 682 } 683 684 if (!hash_expected && hash_location) { 685 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED); 686 return 1; 687 } 688 689 /* check the signature */ 690 genhash = tcp_v6_md5_hash_skb(newhash, 691 hash_expected, 692 NULL, NULL, skb); 693 694 if (genhash || memcmp(hash_location, newhash, 16) != 0) { 695 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n", 696 genhash ? "failed" : "mismatch", 697 &ip6h->saddr, ntohs(th->source), 698 &ip6h->daddr, ntohs(th->dest)); 699 return 1; 700 } 701 return 0; 702 } 703 #endif 704 705 struct request_sock_ops tcp6_request_sock_ops __read_mostly = { 706 .family = AF_INET6, 707 .obj_size = sizeof(struct tcp6_request_sock), 708 .rtx_syn_ack = tcp_v6_rtx_synack, 709 .send_ack = tcp_v6_reqsk_send_ack, 710 .destructor = tcp_v6_reqsk_destructor, 711 .send_reset = tcp_v6_send_reset, 712 .syn_ack_timeout = tcp_syn_ack_timeout, 713 }; 714 715 #ifdef CONFIG_TCP_MD5SIG 716 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = { 717 .md5_lookup = tcp_v6_reqsk_md5_lookup, 718 .calc_md5_hash = tcp_v6_md5_hash_skb, 719 }; 720 #endif 721 722 static void __tcp_v6_send_check(struct sk_buff *skb, 723 const struct in6_addr *saddr, const struct in6_addr *daddr) 724 { 725 struct tcphdr *th = tcp_hdr(skb); 726 727 if (skb->ip_summed == CHECKSUM_PARTIAL) { 728 th->check = ~tcp_v6_check(skb->len, saddr, daddr, 0); 729 skb->csum_start = skb_transport_header(skb) - skb->head; 730 skb->csum_offset = offsetof(struct tcphdr, check); 731 } else { 732 th->check = tcp_v6_check(skb->len, saddr, daddr, 733 csum_partial(th, th->doff << 2, 734 skb->csum)); 735 } 736 } 737 738 static void tcp_v6_send_check(struct sock *sk, struct sk_buff *skb) 739 { 740 struct ipv6_pinfo *np = inet6_sk(sk); 741 742 __tcp_v6_send_check(skb, &np->saddr, &np->daddr); 743 } 744 745 static int tcp_v6_gso_send_check(struct sk_buff *skb) 746 { 747 const struct ipv6hdr *ipv6h; 748 struct tcphdr *th; 749 750 if (!pskb_may_pull(skb, sizeof(*th))) 751 return -EINVAL; 752 753 ipv6h = ipv6_hdr(skb); 754 th = tcp_hdr(skb); 755 756 th->check = 0; 757 skb->ip_summed = CHECKSUM_PARTIAL; 758 __tcp_v6_send_check(skb, &ipv6h->saddr, &ipv6h->daddr); 759 return 0; 760 } 761 762 static struct sk_buff **tcp6_gro_receive(struct sk_buff **head, 763 struct sk_buff *skb) 764 { 765 const struct ipv6hdr *iph = skb_gro_network_header(skb); 766 __wsum wsum; 767 __sum16 sum; 768 769 switch (skb->ip_summed) { 770 case CHECKSUM_COMPLETE: 771 if (!tcp_v6_check(skb_gro_len(skb), &iph->saddr, &iph->daddr, 772 skb->csum)) { 773 skb->ip_summed = CHECKSUM_UNNECESSARY; 774 break; 775 } 776 flush: 777 NAPI_GRO_CB(skb)->flush = 1; 778 return NULL; 779 780 case CHECKSUM_NONE: 781 wsum = ~csum_unfold(csum_ipv6_magic(&iph->saddr, &iph->daddr, 782 skb_gro_len(skb), 783 IPPROTO_TCP, 0)); 784 sum = csum_fold(skb_checksum(skb, 785 skb_gro_offset(skb), 786 skb_gro_len(skb), 787 wsum)); 788 if (sum) 789 goto flush; 790 791 skb->ip_summed = CHECKSUM_UNNECESSARY; 792 break; 793 } 794 795 return tcp_gro_receive(head, skb); 796 } 797 798 static int tcp6_gro_complete(struct sk_buff *skb) 799 { 800 const struct ipv6hdr *iph = ipv6_hdr(skb); 801 struct tcphdr *th = tcp_hdr(skb); 802 803 th->check = ~tcp_v6_check(skb->len - skb_transport_offset(skb), 804 &iph->saddr, &iph->daddr, 0); 805 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6; 806 807 return tcp_gro_complete(skb); 808 } 809 810 static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win, 811 u32 ts, struct tcp_md5sig_key *key, int rst, u8 tclass) 812 { 813 const struct tcphdr *th = tcp_hdr(skb); 814 struct tcphdr *t1; 815 struct sk_buff *buff; 816 struct flowi6 fl6; 817 struct net *net = dev_net(skb_dst(skb)->dev); 818 struct sock *ctl_sk = net->ipv6.tcp_sk; 819 unsigned int tot_len = sizeof(struct tcphdr); 820 struct dst_entry *dst; 821 __be32 *topt; 822 823 if (ts) 824 tot_len += TCPOLEN_TSTAMP_ALIGNED; 825 #ifdef CONFIG_TCP_MD5SIG 826 if (key) 827 tot_len += TCPOLEN_MD5SIG_ALIGNED; 828 #endif 829 830 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len, 831 GFP_ATOMIC); 832 if (buff == NULL) 833 return; 834 835 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len); 836 837 t1 = (struct tcphdr *) skb_push(buff, tot_len); 838 skb_reset_transport_header(buff); 839 840 /* Swap the send and the receive. */ 841 memset(t1, 0, sizeof(*t1)); 842 t1->dest = th->source; 843 t1->source = th->dest; 844 t1->doff = tot_len / 4; 845 t1->seq = htonl(seq); 846 t1->ack_seq = htonl(ack); 847 t1->ack = !rst || !th->ack; 848 t1->rst = rst; 849 t1->window = htons(win); 850 851 topt = (__be32 *)(t1 + 1); 852 853 if (ts) { 854 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 855 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP); 856 *topt++ = htonl(tcp_time_stamp); 857 *topt++ = htonl(ts); 858 } 859 860 #ifdef CONFIG_TCP_MD5SIG 861 if (key) { 862 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 863 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); 864 tcp_v6_md5_hash_hdr((__u8 *)topt, key, 865 &ipv6_hdr(skb)->saddr, 866 &ipv6_hdr(skb)->daddr, t1); 867 } 868 #endif 869 870 memset(&fl6, 0, sizeof(fl6)); 871 fl6.daddr = ipv6_hdr(skb)->saddr; 872 fl6.saddr = ipv6_hdr(skb)->daddr; 873 874 buff->ip_summed = CHECKSUM_PARTIAL; 875 buff->csum = 0; 876 877 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr); 878 879 fl6.flowi6_proto = IPPROTO_TCP; 880 if (ipv6_addr_type(&fl6.daddr) & IPV6_ADDR_LINKLOCAL) 881 fl6.flowi6_oif = inet6_iif(skb); 882 fl6.fl6_dport = t1->dest; 883 fl6.fl6_sport = t1->source; 884 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); 885 886 /* Pass a socket to ip6_dst_lookup either it is for RST 887 * Underlying function will use this to retrieve the network 888 * namespace 889 */ 890 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL, false); 891 if (!IS_ERR(dst)) { 892 skb_dst_set(buff, dst); 893 ip6_xmit(ctl_sk, buff, &fl6, NULL, tclass); 894 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS); 895 if (rst) 896 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS); 897 return; 898 } 899 900 kfree_skb(buff); 901 } 902 903 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb) 904 { 905 const struct tcphdr *th = tcp_hdr(skb); 906 u32 seq = 0, ack_seq = 0; 907 struct tcp_md5sig_key *key = NULL; 908 #ifdef CONFIG_TCP_MD5SIG 909 const __u8 *hash_location = NULL; 910 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 911 unsigned char newhash[16]; 912 int genhash; 913 struct sock *sk1 = NULL; 914 #endif 915 916 if (th->rst) 917 return; 918 919 if (!ipv6_unicast_destination(skb)) 920 return; 921 922 #ifdef CONFIG_TCP_MD5SIG 923 hash_location = tcp_parse_md5sig_option(th); 924 if (!sk && hash_location) { 925 /* 926 * active side is lost. Try to find listening socket through 927 * source port, and then find md5 key through listening socket. 928 * we are not loose security here: 929 * Incoming packet is checked with md5 hash with finding key, 930 * no RST generated if md5 hash doesn't match. 931 */ 932 sk1 = inet6_lookup_listener(dev_net(skb_dst(skb)->dev), 933 &tcp_hashinfo, &ipv6h->daddr, 934 ntohs(th->source), inet6_iif(skb)); 935 if (!sk1) 936 return; 937 938 rcu_read_lock(); 939 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr); 940 if (!key) 941 goto release_sk1; 942 943 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, NULL, skb); 944 if (genhash || memcmp(hash_location, newhash, 16) != 0) 945 goto release_sk1; 946 } else { 947 key = sk ? tcp_v6_md5_do_lookup(sk, &ipv6h->saddr) : NULL; 948 } 949 #endif 950 951 if (th->ack) 952 seq = ntohl(th->ack_seq); 953 else 954 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len - 955 (th->doff << 2); 956 957 tcp_v6_send_response(skb, seq, ack_seq, 0, 0, key, 1, 0); 958 959 #ifdef CONFIG_TCP_MD5SIG 960 release_sk1: 961 if (sk1) { 962 rcu_read_unlock(); 963 sock_put(sk1); 964 } 965 #endif 966 } 967 968 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts, 969 struct tcp_md5sig_key *key, u8 tclass) 970 { 971 tcp_v6_send_response(skb, seq, ack, win, ts, key, 0, tclass); 972 } 973 974 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb) 975 { 976 struct inet_timewait_sock *tw = inet_twsk(sk); 977 struct tcp_timewait_sock *tcptw = tcp_twsk(sk); 978 979 tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt, 980 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale, 981 tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw), 982 tw->tw_tclass); 983 984 inet_twsk_put(tw); 985 } 986 987 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb, 988 struct request_sock *req) 989 { 990 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent, 991 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr), 0); 992 } 993 994 995 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb) 996 { 997 struct request_sock *req, **prev; 998 const struct tcphdr *th = tcp_hdr(skb); 999 struct sock *nsk; 1000 1001 /* Find possible connection requests. */ 1002 req = inet6_csk_search_req(sk, &prev, th->source, 1003 &ipv6_hdr(skb)->saddr, 1004 &ipv6_hdr(skb)->daddr, inet6_iif(skb)); 1005 if (req) 1006 return tcp_check_req(sk, skb, req, prev, false); 1007 1008 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo, 1009 &ipv6_hdr(skb)->saddr, th->source, 1010 &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb)); 1011 1012 if (nsk) { 1013 if (nsk->sk_state != TCP_TIME_WAIT) { 1014 bh_lock_sock(nsk); 1015 return nsk; 1016 } 1017 inet_twsk_put(inet_twsk(nsk)); 1018 return NULL; 1019 } 1020 1021 #ifdef CONFIG_SYN_COOKIES 1022 if (!th->syn) 1023 sk = cookie_v6_check(sk, skb); 1024 #endif 1025 return sk; 1026 } 1027 1028 /* FIXME: this is substantially similar to the ipv4 code. 1029 * Can some kind of merge be done? -- erics 1030 */ 1031 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb) 1032 { 1033 struct tcp_extend_values tmp_ext; 1034 struct tcp_options_received tmp_opt; 1035 const u8 *hash_location; 1036 struct request_sock *req; 1037 struct inet6_request_sock *treq; 1038 struct ipv6_pinfo *np = inet6_sk(sk); 1039 struct tcp_sock *tp = tcp_sk(sk); 1040 __u32 isn = TCP_SKB_CB(skb)->when; 1041 struct dst_entry *dst = NULL; 1042 struct flowi6 fl6; 1043 bool want_cookie = false; 1044 1045 if (skb->protocol == htons(ETH_P_IP)) 1046 return tcp_v4_conn_request(sk, skb); 1047 1048 if (!ipv6_unicast_destination(skb)) 1049 goto drop; 1050 1051 if (inet_csk_reqsk_queue_is_full(sk) && !isn) { 1052 want_cookie = tcp_syn_flood_action(sk, skb, "TCPv6"); 1053 if (!want_cookie) 1054 goto drop; 1055 } 1056 1057 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) 1058 goto drop; 1059 1060 req = inet6_reqsk_alloc(&tcp6_request_sock_ops); 1061 if (req == NULL) 1062 goto drop; 1063 1064 #ifdef CONFIG_TCP_MD5SIG 1065 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops; 1066 #endif 1067 1068 tcp_clear_options(&tmp_opt); 1069 tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 1070 tmp_opt.user_mss = tp->rx_opt.user_mss; 1071 tcp_parse_options(skb, &tmp_opt, &hash_location, 0, NULL); 1072 1073 if (tmp_opt.cookie_plus > 0 && 1074 tmp_opt.saw_tstamp && 1075 !tp->rx_opt.cookie_out_never && 1076 (sysctl_tcp_cookie_size > 0 || 1077 (tp->cookie_values != NULL && 1078 tp->cookie_values->cookie_desired > 0))) { 1079 u8 *c; 1080 u32 *d; 1081 u32 *mess = &tmp_ext.cookie_bakery[COOKIE_DIGEST_WORDS]; 1082 int l = tmp_opt.cookie_plus - TCPOLEN_COOKIE_BASE; 1083 1084 if (tcp_cookie_generator(&tmp_ext.cookie_bakery[0]) != 0) 1085 goto drop_and_free; 1086 1087 /* Secret recipe starts with IP addresses */ 1088 d = (__force u32 *)&ipv6_hdr(skb)->daddr.s6_addr32[0]; 1089 *mess++ ^= *d++; 1090 *mess++ ^= *d++; 1091 *mess++ ^= *d++; 1092 *mess++ ^= *d++; 1093 d = (__force u32 *)&ipv6_hdr(skb)->saddr.s6_addr32[0]; 1094 *mess++ ^= *d++; 1095 *mess++ ^= *d++; 1096 *mess++ ^= *d++; 1097 *mess++ ^= *d++; 1098 1099 /* plus variable length Initiator Cookie */ 1100 c = (u8 *)mess; 1101 while (l-- > 0) 1102 *c++ ^= *hash_location++; 1103 1104 want_cookie = false; /* not our kind of cookie */ 1105 tmp_ext.cookie_out_never = 0; /* false */ 1106 tmp_ext.cookie_plus = tmp_opt.cookie_plus; 1107 } else if (!tp->rx_opt.cookie_in_always) { 1108 /* redundant indications, but ensure initialization. */ 1109 tmp_ext.cookie_out_never = 1; /* true */ 1110 tmp_ext.cookie_plus = 0; 1111 } else { 1112 goto drop_and_free; 1113 } 1114 tmp_ext.cookie_in_always = tp->rx_opt.cookie_in_always; 1115 1116 if (want_cookie && !tmp_opt.saw_tstamp) 1117 tcp_clear_options(&tmp_opt); 1118 1119 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp; 1120 tcp_openreq_init(req, &tmp_opt, skb); 1121 1122 treq = inet6_rsk(req); 1123 treq->rmt_addr = ipv6_hdr(skb)->saddr; 1124 treq->loc_addr = ipv6_hdr(skb)->daddr; 1125 if (!want_cookie || tmp_opt.tstamp_ok) 1126 TCP_ECN_create_request(req, skb); 1127 1128 treq->iif = sk->sk_bound_dev_if; 1129 1130 /* So that link locals have meaning */ 1131 if (!sk->sk_bound_dev_if && 1132 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL) 1133 treq->iif = inet6_iif(skb); 1134 1135 if (!isn) { 1136 if (ipv6_opt_accepted(sk, skb) || 1137 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || 1138 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) { 1139 atomic_inc(&skb->users); 1140 treq->pktopts = skb; 1141 } 1142 1143 if (want_cookie) { 1144 isn = cookie_v6_init_sequence(sk, skb, &req->mss); 1145 req->cookie_ts = tmp_opt.tstamp_ok; 1146 goto have_isn; 1147 } 1148 1149 /* VJ's idea. We save last timestamp seen 1150 * from the destination in peer table, when entering 1151 * state TIME-WAIT, and check against it before 1152 * accepting new connection request. 1153 * 1154 * If "isn" is not zero, this request hit alive 1155 * timewait bucket, so that all the necessary checks 1156 * are made in the function processing timewait state. 1157 */ 1158 if (tmp_opt.saw_tstamp && 1159 tcp_death_row.sysctl_tw_recycle && 1160 (dst = inet6_csk_route_req(sk, &fl6, req)) != NULL) { 1161 if (!tcp_peer_is_proven(req, dst, true)) { 1162 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSPASSIVEREJECTED); 1163 goto drop_and_release; 1164 } 1165 } 1166 /* Kill the following clause, if you dislike this way. */ 1167 else if (!sysctl_tcp_syncookies && 1168 (sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) < 1169 (sysctl_max_syn_backlog >> 2)) && 1170 !tcp_peer_is_proven(req, dst, false)) { 1171 /* Without syncookies last quarter of 1172 * backlog is filled with destinations, 1173 * proven to be alive. 1174 * It means that we continue to communicate 1175 * to destinations, already remembered 1176 * to the moment of synflood. 1177 */ 1178 LIMIT_NETDEBUG(KERN_DEBUG "TCP: drop open request from %pI6/%u\n", 1179 &treq->rmt_addr, ntohs(tcp_hdr(skb)->source)); 1180 goto drop_and_release; 1181 } 1182 1183 isn = tcp_v6_init_sequence(skb); 1184 } 1185 have_isn: 1186 tcp_rsk(req)->snt_isn = isn; 1187 1188 if (security_inet_conn_request(sk, skb, req)) 1189 goto drop_and_release; 1190 1191 if (tcp_v6_send_synack(sk, dst, &fl6, req, 1192 (struct request_values *)&tmp_ext, 1193 skb_get_queue_mapping(skb)) || 1194 want_cookie) 1195 goto drop_and_free; 1196 1197 tcp_rsk(req)->snt_synack = tcp_time_stamp; 1198 tcp_rsk(req)->listener = NULL; 1199 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT); 1200 return 0; 1201 1202 drop_and_release: 1203 dst_release(dst); 1204 drop_and_free: 1205 reqsk_free(req); 1206 drop: 1207 return 0; /* don't send reset */ 1208 } 1209 1210 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb, 1211 struct request_sock *req, 1212 struct dst_entry *dst) 1213 { 1214 struct inet6_request_sock *treq; 1215 struct ipv6_pinfo *newnp, *np = inet6_sk(sk); 1216 struct tcp6_sock *newtcp6sk; 1217 struct inet_sock *newinet; 1218 struct tcp_sock *newtp; 1219 struct sock *newsk; 1220 #ifdef CONFIG_TCP_MD5SIG 1221 struct tcp_md5sig_key *key; 1222 #endif 1223 struct flowi6 fl6; 1224 1225 if (skb->protocol == htons(ETH_P_IP)) { 1226 /* 1227 * v6 mapped 1228 */ 1229 1230 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst); 1231 1232 if (newsk == NULL) 1233 return NULL; 1234 1235 newtcp6sk = (struct tcp6_sock *)newsk; 1236 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1237 1238 newinet = inet_sk(newsk); 1239 newnp = inet6_sk(newsk); 1240 newtp = tcp_sk(newsk); 1241 1242 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1243 1244 ipv6_addr_set_v4mapped(newinet->inet_daddr, &newnp->daddr); 1245 1246 ipv6_addr_set_v4mapped(newinet->inet_saddr, &newnp->saddr); 1247 1248 newnp->rcv_saddr = newnp->saddr; 1249 1250 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped; 1251 newsk->sk_backlog_rcv = tcp_v4_do_rcv; 1252 #ifdef CONFIG_TCP_MD5SIG 1253 newtp->af_specific = &tcp_sock_ipv6_mapped_specific; 1254 #endif 1255 1256 newnp->ipv6_ac_list = NULL; 1257 newnp->ipv6_fl_list = NULL; 1258 newnp->pktoptions = NULL; 1259 newnp->opt = NULL; 1260 newnp->mcast_oif = inet6_iif(skb); 1261 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1262 newnp->rcv_tclass = ipv6_tclass(ipv6_hdr(skb)); 1263 1264 /* 1265 * No need to charge this sock to the relevant IPv6 refcnt debug socks count 1266 * here, tcp_create_openreq_child now does this for us, see the comment in 1267 * that function for the gory details. -acme 1268 */ 1269 1270 /* It is tricky place. Until this moment IPv4 tcp 1271 worked with IPv6 icsk.icsk_af_ops. 1272 Sync it now. 1273 */ 1274 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); 1275 1276 return newsk; 1277 } 1278 1279 treq = inet6_rsk(req); 1280 1281 if (sk_acceptq_is_full(sk)) 1282 goto out_overflow; 1283 1284 if (!dst) { 1285 dst = inet6_csk_route_req(sk, &fl6, req); 1286 if (!dst) 1287 goto out; 1288 } 1289 1290 newsk = tcp_create_openreq_child(sk, req, skb); 1291 if (newsk == NULL) 1292 goto out_nonewsk; 1293 1294 /* 1295 * No need to charge this sock to the relevant IPv6 refcnt debug socks 1296 * count here, tcp_create_openreq_child now does this for us, see the 1297 * comment in that function for the gory details. -acme 1298 */ 1299 1300 newsk->sk_gso_type = SKB_GSO_TCPV6; 1301 __ip6_dst_store(newsk, dst, NULL, NULL); 1302 inet6_sk_rx_dst_set(newsk, skb); 1303 1304 newtcp6sk = (struct tcp6_sock *)newsk; 1305 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1306 1307 newtp = tcp_sk(newsk); 1308 newinet = inet_sk(newsk); 1309 newnp = inet6_sk(newsk); 1310 1311 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1312 1313 newnp->daddr = treq->rmt_addr; 1314 newnp->saddr = treq->loc_addr; 1315 newnp->rcv_saddr = treq->loc_addr; 1316 newsk->sk_bound_dev_if = treq->iif; 1317 1318 /* Now IPv6 options... 1319 1320 First: no IPv4 options. 1321 */ 1322 newinet->inet_opt = NULL; 1323 newnp->ipv6_ac_list = NULL; 1324 newnp->ipv6_fl_list = NULL; 1325 1326 /* Clone RX bits */ 1327 newnp->rxopt.all = np->rxopt.all; 1328 1329 /* Clone pktoptions received with SYN */ 1330 newnp->pktoptions = NULL; 1331 if (treq->pktopts != NULL) { 1332 newnp->pktoptions = skb_clone(treq->pktopts, 1333 sk_gfp_atomic(sk, GFP_ATOMIC)); 1334 consume_skb(treq->pktopts); 1335 treq->pktopts = NULL; 1336 if (newnp->pktoptions) 1337 skb_set_owner_r(newnp->pktoptions, newsk); 1338 } 1339 newnp->opt = NULL; 1340 newnp->mcast_oif = inet6_iif(skb); 1341 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1342 newnp->rcv_tclass = ipv6_tclass(ipv6_hdr(skb)); 1343 1344 /* Clone native IPv6 options from listening socket (if any) 1345 1346 Yes, keeping reference count would be much more clever, 1347 but we make one more one thing there: reattach optmem 1348 to newsk. 1349 */ 1350 if (np->opt) 1351 newnp->opt = ipv6_dup_options(newsk, np->opt); 1352 1353 inet_csk(newsk)->icsk_ext_hdr_len = 0; 1354 if (newnp->opt) 1355 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen + 1356 newnp->opt->opt_flen); 1357 1358 tcp_mtup_init(newsk); 1359 tcp_sync_mss(newsk, dst_mtu(dst)); 1360 newtp->advmss = dst_metric_advmss(dst); 1361 if (tcp_sk(sk)->rx_opt.user_mss && 1362 tcp_sk(sk)->rx_opt.user_mss < newtp->advmss) 1363 newtp->advmss = tcp_sk(sk)->rx_opt.user_mss; 1364 1365 tcp_initialize_rcv_mss(newsk); 1366 tcp_synack_rtt_meas(newsk, req); 1367 newtp->total_retrans = req->retrans; 1368 1369 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6; 1370 newinet->inet_rcv_saddr = LOOPBACK4_IPV6; 1371 1372 #ifdef CONFIG_TCP_MD5SIG 1373 /* Copy over the MD5 key from the original socket */ 1374 if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) { 1375 /* We're using one, so create a matching key 1376 * on the newsk structure. If we fail to get 1377 * memory, then we end up not copying the key 1378 * across. Shucks. 1379 */ 1380 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newnp->daddr, 1381 AF_INET6, key->key, key->keylen, 1382 sk_gfp_atomic(sk, GFP_ATOMIC)); 1383 } 1384 #endif 1385 1386 if (__inet_inherit_port(sk, newsk) < 0) { 1387 sock_put(newsk); 1388 goto out; 1389 } 1390 __inet6_hash(newsk, NULL); 1391 1392 return newsk; 1393 1394 out_overflow: 1395 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); 1396 out_nonewsk: 1397 dst_release(dst); 1398 out: 1399 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); 1400 return NULL; 1401 } 1402 1403 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb) 1404 { 1405 if (skb->ip_summed == CHECKSUM_COMPLETE) { 1406 if (!tcp_v6_check(skb->len, &ipv6_hdr(skb)->saddr, 1407 &ipv6_hdr(skb)->daddr, skb->csum)) { 1408 skb->ip_summed = CHECKSUM_UNNECESSARY; 1409 return 0; 1410 } 1411 } 1412 1413 skb->csum = ~csum_unfold(tcp_v6_check(skb->len, 1414 &ipv6_hdr(skb)->saddr, 1415 &ipv6_hdr(skb)->daddr, 0)); 1416 1417 if (skb->len <= 76) { 1418 return __skb_checksum_complete(skb); 1419 } 1420 return 0; 1421 } 1422 1423 /* The socket must have it's spinlock held when we get 1424 * here. 1425 * 1426 * We have a potential double-lock case here, so even when 1427 * doing backlog processing we use the BH locking scheme. 1428 * This is because we cannot sleep with the original spinlock 1429 * held. 1430 */ 1431 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) 1432 { 1433 struct ipv6_pinfo *np = inet6_sk(sk); 1434 struct tcp_sock *tp; 1435 struct sk_buff *opt_skb = NULL; 1436 1437 /* Imagine: socket is IPv6. IPv4 packet arrives, 1438 goes to IPv4 receive handler and backlogged. 1439 From backlog it always goes here. Kerboom... 1440 Fortunately, tcp_rcv_established and rcv_established 1441 handle them correctly, but it is not case with 1442 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK 1443 */ 1444 1445 if (skb->protocol == htons(ETH_P_IP)) 1446 return tcp_v4_do_rcv(sk, skb); 1447 1448 #ifdef CONFIG_TCP_MD5SIG 1449 if (tcp_v6_inbound_md5_hash (sk, skb)) 1450 goto discard; 1451 #endif 1452 1453 if (sk_filter(sk, skb)) 1454 goto discard; 1455 1456 /* 1457 * socket locking is here for SMP purposes as backlog rcv 1458 * is currently called with bh processing disabled. 1459 */ 1460 1461 /* Do Stevens' IPV6_PKTOPTIONS. 1462 1463 Yes, guys, it is the only place in our code, where we 1464 may make it not affecting IPv4. 1465 The rest of code is protocol independent, 1466 and I do not like idea to uglify IPv4. 1467 1468 Actually, all the idea behind IPV6_PKTOPTIONS 1469 looks not very well thought. For now we latch 1470 options, received in the last packet, enqueued 1471 by tcp. Feel free to propose better solution. 1472 --ANK (980728) 1473 */ 1474 if (np->rxopt.all) 1475 opt_skb = skb_clone(skb, sk_gfp_atomic(sk, GFP_ATOMIC)); 1476 1477 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ 1478 struct dst_entry *dst = sk->sk_rx_dst; 1479 1480 sock_rps_save_rxhash(sk, skb); 1481 if (dst) { 1482 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif || 1483 dst->ops->check(dst, np->rx_dst_cookie) == NULL) { 1484 dst_release(dst); 1485 sk->sk_rx_dst = NULL; 1486 } 1487 } 1488 1489 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) 1490 goto reset; 1491 if (opt_skb) 1492 goto ipv6_pktoptions; 1493 return 0; 1494 } 1495 1496 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb)) 1497 goto csum_err; 1498 1499 if (sk->sk_state == TCP_LISTEN) { 1500 struct sock *nsk = tcp_v6_hnd_req(sk, skb); 1501 if (!nsk) 1502 goto discard; 1503 1504 /* 1505 * Queue it on the new socket if the new socket is active, 1506 * otherwise we just shortcircuit this and continue with 1507 * the new socket.. 1508 */ 1509 if(nsk != sk) { 1510 sock_rps_save_rxhash(nsk, skb); 1511 if (tcp_child_process(sk, nsk, skb)) 1512 goto reset; 1513 if (opt_skb) 1514 __kfree_skb(opt_skb); 1515 return 0; 1516 } 1517 } else 1518 sock_rps_save_rxhash(sk, skb); 1519 1520 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) 1521 goto reset; 1522 if (opt_skb) 1523 goto ipv6_pktoptions; 1524 return 0; 1525 1526 reset: 1527 tcp_v6_send_reset(sk, skb); 1528 discard: 1529 if (opt_skb) 1530 __kfree_skb(opt_skb); 1531 kfree_skb(skb); 1532 return 0; 1533 csum_err: 1534 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS); 1535 goto discard; 1536 1537 1538 ipv6_pktoptions: 1539 /* Do you ask, what is it? 1540 1541 1. skb was enqueued by tcp. 1542 2. skb is added to tail of read queue, rather than out of order. 1543 3. socket is not in passive state. 1544 4. Finally, it really contains options, which user wants to receive. 1545 */ 1546 tp = tcp_sk(sk); 1547 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt && 1548 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) { 1549 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo) 1550 np->mcast_oif = inet6_iif(opt_skb); 1551 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) 1552 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit; 1553 if (np->rxopt.bits.rxtclass) 1554 np->rcv_tclass = ipv6_tclass(ipv6_hdr(skb)); 1555 if (ipv6_opt_accepted(sk, opt_skb)) { 1556 skb_set_owner_r(opt_skb, sk); 1557 opt_skb = xchg(&np->pktoptions, opt_skb); 1558 } else { 1559 __kfree_skb(opt_skb); 1560 opt_skb = xchg(&np->pktoptions, NULL); 1561 } 1562 } 1563 1564 kfree_skb(opt_skb); 1565 return 0; 1566 } 1567 1568 static int tcp_v6_rcv(struct sk_buff *skb) 1569 { 1570 const struct tcphdr *th; 1571 const struct ipv6hdr *hdr; 1572 struct sock *sk; 1573 int ret; 1574 struct net *net = dev_net(skb->dev); 1575 1576 if (skb->pkt_type != PACKET_HOST) 1577 goto discard_it; 1578 1579 /* 1580 * Count it even if it's bad. 1581 */ 1582 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS); 1583 1584 if (!pskb_may_pull(skb, sizeof(struct tcphdr))) 1585 goto discard_it; 1586 1587 th = tcp_hdr(skb); 1588 1589 if (th->doff < sizeof(struct tcphdr)/4) 1590 goto bad_packet; 1591 if (!pskb_may_pull(skb, th->doff*4)) 1592 goto discard_it; 1593 1594 if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb)) 1595 goto bad_packet; 1596 1597 th = tcp_hdr(skb); 1598 hdr = ipv6_hdr(skb); 1599 TCP_SKB_CB(skb)->seq = ntohl(th->seq); 1600 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin + 1601 skb->len - th->doff*4); 1602 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq); 1603 TCP_SKB_CB(skb)->when = 0; 1604 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr); 1605 TCP_SKB_CB(skb)->sacked = 0; 1606 1607 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); 1608 if (!sk) 1609 goto no_tcp_socket; 1610 1611 process: 1612 if (sk->sk_state == TCP_TIME_WAIT) 1613 goto do_time_wait; 1614 1615 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) { 1616 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); 1617 goto discard_and_relse; 1618 } 1619 1620 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) 1621 goto discard_and_relse; 1622 1623 if (sk_filter(sk, skb)) 1624 goto discard_and_relse; 1625 1626 skb->dev = NULL; 1627 1628 bh_lock_sock_nested(sk); 1629 ret = 0; 1630 if (!sock_owned_by_user(sk)) { 1631 #ifdef CONFIG_NET_DMA 1632 struct tcp_sock *tp = tcp_sk(sk); 1633 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list) 1634 tp->ucopy.dma_chan = net_dma_find_channel(); 1635 if (tp->ucopy.dma_chan) 1636 ret = tcp_v6_do_rcv(sk, skb); 1637 else 1638 #endif 1639 { 1640 if (!tcp_prequeue(sk, skb)) 1641 ret = tcp_v6_do_rcv(sk, skb); 1642 } 1643 } else if (unlikely(sk_add_backlog(sk, skb, 1644 sk->sk_rcvbuf + sk->sk_sndbuf))) { 1645 bh_unlock_sock(sk); 1646 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP); 1647 goto discard_and_relse; 1648 } 1649 bh_unlock_sock(sk); 1650 1651 sock_put(sk); 1652 return ret ? -1 : 0; 1653 1654 no_tcp_socket: 1655 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 1656 goto discard_it; 1657 1658 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1659 bad_packet: 1660 TCP_INC_STATS_BH(net, TCP_MIB_INERRS); 1661 } else { 1662 tcp_v6_send_reset(NULL, skb); 1663 } 1664 1665 discard_it: 1666 1667 /* 1668 * Discard frame 1669 */ 1670 1671 kfree_skb(skb); 1672 return 0; 1673 1674 discard_and_relse: 1675 sock_put(sk); 1676 goto discard_it; 1677 1678 do_time_wait: 1679 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 1680 inet_twsk_put(inet_twsk(sk)); 1681 goto discard_it; 1682 } 1683 1684 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1685 TCP_INC_STATS_BH(net, TCP_MIB_INERRS); 1686 inet_twsk_put(inet_twsk(sk)); 1687 goto discard_it; 1688 } 1689 1690 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) { 1691 case TCP_TW_SYN: 1692 { 1693 struct sock *sk2; 1694 1695 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo, 1696 &ipv6_hdr(skb)->daddr, 1697 ntohs(th->dest), inet6_iif(skb)); 1698 if (sk2 != NULL) { 1699 struct inet_timewait_sock *tw = inet_twsk(sk); 1700 inet_twsk_deschedule(tw, &tcp_death_row); 1701 inet_twsk_put(tw); 1702 sk = sk2; 1703 goto process; 1704 } 1705 /* Fall through to ACK */ 1706 } 1707 case TCP_TW_ACK: 1708 tcp_v6_timewait_ack(sk, skb); 1709 break; 1710 case TCP_TW_RST: 1711 goto no_tcp_socket; 1712 case TCP_TW_SUCCESS:; 1713 } 1714 goto discard_it; 1715 } 1716 1717 static void tcp_v6_early_demux(struct sk_buff *skb) 1718 { 1719 const struct ipv6hdr *hdr; 1720 const struct tcphdr *th; 1721 struct sock *sk; 1722 1723 if (skb->pkt_type != PACKET_HOST) 1724 return; 1725 1726 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr))) 1727 return; 1728 1729 hdr = ipv6_hdr(skb); 1730 th = tcp_hdr(skb); 1731 1732 if (th->doff < sizeof(struct tcphdr) / 4) 1733 return; 1734 1735 sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo, 1736 &hdr->saddr, th->source, 1737 &hdr->daddr, ntohs(th->dest), 1738 inet6_iif(skb)); 1739 if (sk) { 1740 skb->sk = sk; 1741 skb->destructor = sock_edemux; 1742 if (sk->sk_state != TCP_TIME_WAIT) { 1743 struct dst_entry *dst = sk->sk_rx_dst; 1744 struct inet_sock *icsk = inet_sk(sk); 1745 if (dst) 1746 dst = dst_check(dst, inet6_sk(sk)->rx_dst_cookie); 1747 if (dst && 1748 icsk->rx_dst_ifindex == skb->skb_iif) 1749 skb_dst_set_noref(skb, dst); 1750 } 1751 } 1752 } 1753 1754 static struct timewait_sock_ops tcp6_timewait_sock_ops = { 1755 .twsk_obj_size = sizeof(struct tcp6_timewait_sock), 1756 .twsk_unique = tcp_twsk_unique, 1757 .twsk_destructor= tcp_twsk_destructor, 1758 }; 1759 1760 static const struct inet_connection_sock_af_ops ipv6_specific = { 1761 .queue_xmit = inet6_csk_xmit, 1762 .send_check = tcp_v6_send_check, 1763 .rebuild_header = inet6_sk_rebuild_header, 1764 .sk_rx_dst_set = inet6_sk_rx_dst_set, 1765 .conn_request = tcp_v6_conn_request, 1766 .syn_recv_sock = tcp_v6_syn_recv_sock, 1767 .net_header_len = sizeof(struct ipv6hdr), 1768 .net_frag_header_len = sizeof(struct frag_hdr), 1769 .setsockopt = ipv6_setsockopt, 1770 .getsockopt = ipv6_getsockopt, 1771 .addr2sockaddr = inet6_csk_addr2sockaddr, 1772 .sockaddr_len = sizeof(struct sockaddr_in6), 1773 .bind_conflict = inet6_csk_bind_conflict, 1774 #ifdef CONFIG_COMPAT 1775 .compat_setsockopt = compat_ipv6_setsockopt, 1776 .compat_getsockopt = compat_ipv6_getsockopt, 1777 #endif 1778 }; 1779 1780 #ifdef CONFIG_TCP_MD5SIG 1781 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = { 1782 .md5_lookup = tcp_v6_md5_lookup, 1783 .calc_md5_hash = tcp_v6_md5_hash_skb, 1784 .md5_parse = tcp_v6_parse_md5_keys, 1785 }; 1786 #endif 1787 1788 /* 1789 * TCP over IPv4 via INET6 API 1790 */ 1791 1792 static const struct inet_connection_sock_af_ops ipv6_mapped = { 1793 .queue_xmit = ip_queue_xmit, 1794 .send_check = tcp_v4_send_check, 1795 .rebuild_header = inet_sk_rebuild_header, 1796 .sk_rx_dst_set = inet_sk_rx_dst_set, 1797 .conn_request = tcp_v6_conn_request, 1798 .syn_recv_sock = tcp_v6_syn_recv_sock, 1799 .net_header_len = sizeof(struct iphdr), 1800 .setsockopt = ipv6_setsockopt, 1801 .getsockopt = ipv6_getsockopt, 1802 .addr2sockaddr = inet6_csk_addr2sockaddr, 1803 .sockaddr_len = sizeof(struct sockaddr_in6), 1804 .bind_conflict = inet6_csk_bind_conflict, 1805 #ifdef CONFIG_COMPAT 1806 .compat_setsockopt = compat_ipv6_setsockopt, 1807 .compat_getsockopt = compat_ipv6_getsockopt, 1808 #endif 1809 }; 1810 1811 #ifdef CONFIG_TCP_MD5SIG 1812 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = { 1813 .md5_lookup = tcp_v4_md5_lookup, 1814 .calc_md5_hash = tcp_v4_md5_hash_skb, 1815 .md5_parse = tcp_v6_parse_md5_keys, 1816 }; 1817 #endif 1818 1819 /* NOTE: A lot of things set to zero explicitly by call to 1820 * sk_alloc() so need not be done here. 1821 */ 1822 static int tcp_v6_init_sock(struct sock *sk) 1823 { 1824 struct inet_connection_sock *icsk = inet_csk(sk); 1825 1826 tcp_init_sock(sk); 1827 1828 icsk->icsk_af_ops = &ipv6_specific; 1829 1830 #ifdef CONFIG_TCP_MD5SIG 1831 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific; 1832 #endif 1833 1834 return 0; 1835 } 1836 1837 static void tcp_v6_destroy_sock(struct sock *sk) 1838 { 1839 tcp_v4_destroy_sock(sk); 1840 inet6_destroy_sock(sk); 1841 } 1842 1843 #ifdef CONFIG_PROC_FS 1844 /* Proc filesystem TCPv6 sock list dumping. */ 1845 static void get_openreq6(struct seq_file *seq, 1846 const struct sock *sk, struct request_sock *req, int i, kuid_t uid) 1847 { 1848 int ttd = req->expires - jiffies; 1849 const struct in6_addr *src = &inet6_rsk(req)->loc_addr; 1850 const struct in6_addr *dest = &inet6_rsk(req)->rmt_addr; 1851 1852 if (ttd < 0) 1853 ttd = 0; 1854 1855 seq_printf(seq, 1856 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1857 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n", 1858 i, 1859 src->s6_addr32[0], src->s6_addr32[1], 1860 src->s6_addr32[2], src->s6_addr32[3], 1861 ntohs(inet_rsk(req)->loc_port), 1862 dest->s6_addr32[0], dest->s6_addr32[1], 1863 dest->s6_addr32[2], dest->s6_addr32[3], 1864 ntohs(inet_rsk(req)->rmt_port), 1865 TCP_SYN_RECV, 1866 0,0, /* could print option size, but that is af dependent. */ 1867 1, /* timers active (only the expire timer) */ 1868 jiffies_to_clock_t(ttd), 1869 req->retrans, 1870 from_kuid_munged(seq_user_ns(seq), uid), 1871 0, /* non standard timer */ 1872 0, /* open_requests have no inode */ 1873 0, req); 1874 } 1875 1876 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) 1877 { 1878 const struct in6_addr *dest, *src; 1879 __u16 destp, srcp; 1880 int timer_active; 1881 unsigned long timer_expires; 1882 const struct inet_sock *inet = inet_sk(sp); 1883 const struct tcp_sock *tp = tcp_sk(sp); 1884 const struct inet_connection_sock *icsk = inet_csk(sp); 1885 const struct ipv6_pinfo *np = inet6_sk(sp); 1886 1887 dest = &np->daddr; 1888 src = &np->rcv_saddr; 1889 destp = ntohs(inet->inet_dport); 1890 srcp = ntohs(inet->inet_sport); 1891 1892 if (icsk->icsk_pending == ICSK_TIME_RETRANS) { 1893 timer_active = 1; 1894 timer_expires = icsk->icsk_timeout; 1895 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) { 1896 timer_active = 4; 1897 timer_expires = icsk->icsk_timeout; 1898 } else if (timer_pending(&sp->sk_timer)) { 1899 timer_active = 2; 1900 timer_expires = sp->sk_timer.expires; 1901 } else { 1902 timer_active = 0; 1903 timer_expires = jiffies; 1904 } 1905 1906 seq_printf(seq, 1907 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1908 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %pK %lu %lu %u %u %d\n", 1909 i, 1910 src->s6_addr32[0], src->s6_addr32[1], 1911 src->s6_addr32[2], src->s6_addr32[3], srcp, 1912 dest->s6_addr32[0], dest->s6_addr32[1], 1913 dest->s6_addr32[2], dest->s6_addr32[3], destp, 1914 sp->sk_state, 1915 tp->write_seq-tp->snd_una, 1916 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq), 1917 timer_active, 1918 jiffies_delta_to_clock_t(timer_expires - jiffies), 1919 icsk->icsk_retransmits, 1920 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)), 1921 icsk->icsk_probes_out, 1922 sock_i_ino(sp), 1923 atomic_read(&sp->sk_refcnt), sp, 1924 jiffies_to_clock_t(icsk->icsk_rto), 1925 jiffies_to_clock_t(icsk->icsk_ack.ato), 1926 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong, 1927 tp->snd_cwnd, 1928 tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh 1929 ); 1930 } 1931 1932 static void get_timewait6_sock(struct seq_file *seq, 1933 struct inet_timewait_sock *tw, int i) 1934 { 1935 const struct in6_addr *dest, *src; 1936 __u16 destp, srcp; 1937 const struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw); 1938 long delta = tw->tw_ttd - jiffies; 1939 1940 dest = &tw6->tw_v6_daddr; 1941 src = &tw6->tw_v6_rcv_saddr; 1942 destp = ntohs(tw->tw_dport); 1943 srcp = ntohs(tw->tw_sport); 1944 1945 seq_printf(seq, 1946 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1947 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n", 1948 i, 1949 src->s6_addr32[0], src->s6_addr32[1], 1950 src->s6_addr32[2], src->s6_addr32[3], srcp, 1951 dest->s6_addr32[0], dest->s6_addr32[1], 1952 dest->s6_addr32[2], dest->s6_addr32[3], destp, 1953 tw->tw_substate, 0, 0, 1954 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0, 1955 atomic_read(&tw->tw_refcnt), tw); 1956 } 1957 1958 static int tcp6_seq_show(struct seq_file *seq, void *v) 1959 { 1960 struct tcp_iter_state *st; 1961 1962 if (v == SEQ_START_TOKEN) { 1963 seq_puts(seq, 1964 " sl " 1965 "local_address " 1966 "remote_address " 1967 "st tx_queue rx_queue tr tm->when retrnsmt" 1968 " uid timeout inode\n"); 1969 goto out; 1970 } 1971 st = seq->private; 1972 1973 switch (st->state) { 1974 case TCP_SEQ_STATE_LISTENING: 1975 case TCP_SEQ_STATE_ESTABLISHED: 1976 get_tcp6_sock(seq, v, st->num); 1977 break; 1978 case TCP_SEQ_STATE_OPENREQ: 1979 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid); 1980 break; 1981 case TCP_SEQ_STATE_TIME_WAIT: 1982 get_timewait6_sock(seq, v, st->num); 1983 break; 1984 } 1985 out: 1986 return 0; 1987 } 1988 1989 static const struct file_operations tcp6_afinfo_seq_fops = { 1990 .owner = THIS_MODULE, 1991 .open = tcp_seq_open, 1992 .read = seq_read, 1993 .llseek = seq_lseek, 1994 .release = seq_release_net 1995 }; 1996 1997 static struct tcp_seq_afinfo tcp6_seq_afinfo = { 1998 .name = "tcp6", 1999 .family = AF_INET6, 2000 .seq_fops = &tcp6_afinfo_seq_fops, 2001 .seq_ops = { 2002 .show = tcp6_seq_show, 2003 }, 2004 }; 2005 2006 int __net_init tcp6_proc_init(struct net *net) 2007 { 2008 return tcp_proc_register(net, &tcp6_seq_afinfo); 2009 } 2010 2011 void tcp6_proc_exit(struct net *net) 2012 { 2013 tcp_proc_unregister(net, &tcp6_seq_afinfo); 2014 } 2015 #endif 2016 2017 struct proto tcpv6_prot = { 2018 .name = "TCPv6", 2019 .owner = THIS_MODULE, 2020 .close = tcp_close, 2021 .connect = tcp_v6_connect, 2022 .disconnect = tcp_disconnect, 2023 .accept = inet_csk_accept, 2024 .ioctl = tcp_ioctl, 2025 .init = tcp_v6_init_sock, 2026 .destroy = tcp_v6_destroy_sock, 2027 .shutdown = tcp_shutdown, 2028 .setsockopt = tcp_setsockopt, 2029 .getsockopt = tcp_getsockopt, 2030 .recvmsg = tcp_recvmsg, 2031 .sendmsg = tcp_sendmsg, 2032 .sendpage = tcp_sendpage, 2033 .backlog_rcv = tcp_v6_do_rcv, 2034 .release_cb = tcp_release_cb, 2035 .mtu_reduced = tcp_v6_mtu_reduced, 2036 .hash = tcp_v6_hash, 2037 .unhash = inet_unhash, 2038 .get_port = inet_csk_get_port, 2039 .enter_memory_pressure = tcp_enter_memory_pressure, 2040 .sockets_allocated = &tcp_sockets_allocated, 2041 .memory_allocated = &tcp_memory_allocated, 2042 .memory_pressure = &tcp_memory_pressure, 2043 .orphan_count = &tcp_orphan_count, 2044 .sysctl_wmem = sysctl_tcp_wmem, 2045 .sysctl_rmem = sysctl_tcp_rmem, 2046 .max_header = MAX_TCP_HEADER, 2047 .obj_size = sizeof(struct tcp6_sock), 2048 .slab_flags = SLAB_DESTROY_BY_RCU, 2049 .twsk_prot = &tcp6_timewait_sock_ops, 2050 .rsk_prot = &tcp6_request_sock_ops, 2051 .h.hashinfo = &tcp_hashinfo, 2052 .no_autobind = true, 2053 #ifdef CONFIG_COMPAT 2054 .compat_setsockopt = compat_tcp_setsockopt, 2055 .compat_getsockopt = compat_tcp_getsockopt, 2056 #endif 2057 #ifdef CONFIG_MEMCG_KMEM 2058 .proto_cgroup = tcp_proto_cgroup, 2059 #endif 2060 }; 2061 2062 static const struct inet6_protocol tcpv6_protocol = { 2063 .early_demux = tcp_v6_early_demux, 2064 .handler = tcp_v6_rcv, 2065 .err_handler = tcp_v6_err, 2066 .gso_send_check = tcp_v6_gso_send_check, 2067 .gso_segment = tcp_tso_segment, 2068 .gro_receive = tcp6_gro_receive, 2069 .gro_complete = tcp6_gro_complete, 2070 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 2071 }; 2072 2073 static struct inet_protosw tcpv6_protosw = { 2074 .type = SOCK_STREAM, 2075 .protocol = IPPROTO_TCP, 2076 .prot = &tcpv6_prot, 2077 .ops = &inet6_stream_ops, 2078 .no_check = 0, 2079 .flags = INET_PROTOSW_PERMANENT | 2080 INET_PROTOSW_ICSK, 2081 }; 2082 2083 static int __net_init tcpv6_net_init(struct net *net) 2084 { 2085 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6, 2086 SOCK_RAW, IPPROTO_TCP, net); 2087 } 2088 2089 static void __net_exit tcpv6_net_exit(struct net *net) 2090 { 2091 inet_ctl_sock_destroy(net->ipv6.tcp_sk); 2092 } 2093 2094 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list) 2095 { 2096 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET6); 2097 } 2098 2099 static struct pernet_operations tcpv6_net_ops = { 2100 .init = tcpv6_net_init, 2101 .exit = tcpv6_net_exit, 2102 .exit_batch = tcpv6_net_exit_batch, 2103 }; 2104 2105 int __init tcpv6_init(void) 2106 { 2107 int ret; 2108 2109 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP); 2110 if (ret) 2111 goto out; 2112 2113 /* register inet6 protocol */ 2114 ret = inet6_register_protosw(&tcpv6_protosw); 2115 if (ret) 2116 goto out_tcpv6_protocol; 2117 2118 ret = register_pernet_subsys(&tcpv6_net_ops); 2119 if (ret) 2120 goto out_tcpv6_protosw; 2121 out: 2122 return ret; 2123 2124 out_tcpv6_protocol: 2125 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2126 out_tcpv6_protosw: 2127 inet6_unregister_protosw(&tcpv6_protosw); 2128 goto out; 2129 } 2130 2131 void tcpv6_exit(void) 2132 { 2133 unregister_pernet_subsys(&tcpv6_net_ops); 2134 inet6_unregister_protosw(&tcpv6_protosw); 2135 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2136 } 2137