1 /* 2 * TCP over IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on: 9 * linux/net/ipv4/tcp.c 10 * linux/net/ipv4/tcp_input.c 11 * linux/net/ipv4/tcp_output.c 12 * 13 * Fixes: 14 * Hideaki YOSHIFUJI : sin6_scope_id support 15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which 16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind 17 * a single port at the same time. 18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file. 19 * 20 * This program is free software; you can redistribute it and/or 21 * modify it under the terms of the GNU General Public License 22 * as published by the Free Software Foundation; either version 23 * 2 of the License, or (at your option) any later version. 24 */ 25 26 #include <linux/bottom_half.h> 27 #include <linux/module.h> 28 #include <linux/errno.h> 29 #include <linux/types.h> 30 #include <linux/socket.h> 31 #include <linux/sockios.h> 32 #include <linux/net.h> 33 #include <linux/jiffies.h> 34 #include <linux/in.h> 35 #include <linux/in6.h> 36 #include <linux/netdevice.h> 37 #include <linux/init.h> 38 #include <linux/jhash.h> 39 #include <linux/ipsec.h> 40 #include <linux/times.h> 41 #include <linux/slab.h> 42 43 #include <linux/ipv6.h> 44 #include <linux/icmpv6.h> 45 #include <linux/random.h> 46 47 #include <net/tcp.h> 48 #include <net/ndisc.h> 49 #include <net/inet6_hashtables.h> 50 #include <net/inet6_connection_sock.h> 51 #include <net/ipv6.h> 52 #include <net/transp_v6.h> 53 #include <net/addrconf.h> 54 #include <net/ip6_route.h> 55 #include <net/ip6_checksum.h> 56 #include <net/inet_ecn.h> 57 #include <net/protocol.h> 58 #include <net/xfrm.h> 59 #include <net/snmp.h> 60 #include <net/dsfield.h> 61 #include <net/timewait_sock.h> 62 #include <net/netdma.h> 63 #include <net/inet_common.h> 64 65 #include <asm/uaccess.h> 66 67 #include <linux/proc_fs.h> 68 #include <linux/seq_file.h> 69 70 #include <linux/crypto.h> 71 #include <linux/scatterlist.h> 72 73 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb); 74 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb, 75 struct request_sock *req); 76 77 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb); 78 static void __tcp_v6_send_check(struct sk_buff *skb, 79 const struct in6_addr *saddr, 80 const struct in6_addr *daddr); 81 82 static const struct inet_connection_sock_af_ops ipv6_mapped; 83 static const struct inet_connection_sock_af_ops ipv6_specific; 84 #ifdef CONFIG_TCP_MD5SIG 85 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific; 86 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific; 87 #else 88 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, 89 const struct in6_addr *addr) 90 { 91 return NULL; 92 } 93 #endif 94 95 static void tcp_v6_hash(struct sock *sk) 96 { 97 if (sk->sk_state != TCP_CLOSE) { 98 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) { 99 tcp_prot.hash(sk); 100 return; 101 } 102 local_bh_disable(); 103 __inet6_hash(sk, NULL); 104 local_bh_enable(); 105 } 106 } 107 108 static __inline__ __sum16 tcp_v6_check(int len, 109 const struct in6_addr *saddr, 110 const struct in6_addr *daddr, 111 __wsum base) 112 { 113 return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base); 114 } 115 116 static __u32 tcp_v6_init_sequence(struct sk_buff *skb) 117 { 118 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32, 119 ipv6_hdr(skb)->saddr.s6_addr32, 120 tcp_hdr(skb)->dest, 121 tcp_hdr(skb)->source); 122 } 123 124 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 125 int addr_len) 126 { 127 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; 128 struct inet_sock *inet = inet_sk(sk); 129 struct inet_connection_sock *icsk = inet_csk(sk); 130 struct ipv6_pinfo *np = inet6_sk(sk); 131 struct tcp_sock *tp = tcp_sk(sk); 132 struct in6_addr *saddr = NULL, *final_p, final; 133 struct rt6_info *rt; 134 struct flowi6 fl6; 135 struct dst_entry *dst; 136 int addr_type; 137 int err; 138 139 if (addr_len < SIN6_LEN_RFC2133) 140 return -EINVAL; 141 142 if (usin->sin6_family != AF_INET6) 143 return -EAFNOSUPPORT; 144 145 memset(&fl6, 0, sizeof(fl6)); 146 147 if (np->sndflow) { 148 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK; 149 IP6_ECN_flow_init(fl6.flowlabel); 150 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) { 151 struct ip6_flowlabel *flowlabel; 152 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); 153 if (flowlabel == NULL) 154 return -EINVAL; 155 ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst); 156 fl6_sock_release(flowlabel); 157 } 158 } 159 160 /* 161 * connect() to INADDR_ANY means loopback (BSD'ism). 162 */ 163 164 if(ipv6_addr_any(&usin->sin6_addr)) 165 usin->sin6_addr.s6_addr[15] = 0x1; 166 167 addr_type = ipv6_addr_type(&usin->sin6_addr); 168 169 if(addr_type & IPV6_ADDR_MULTICAST) 170 return -ENETUNREACH; 171 172 if (addr_type&IPV6_ADDR_LINKLOCAL) { 173 if (addr_len >= sizeof(struct sockaddr_in6) && 174 usin->sin6_scope_id) { 175 /* If interface is set while binding, indices 176 * must coincide. 177 */ 178 if (sk->sk_bound_dev_if && 179 sk->sk_bound_dev_if != usin->sin6_scope_id) 180 return -EINVAL; 181 182 sk->sk_bound_dev_if = usin->sin6_scope_id; 183 } 184 185 /* Connect to link-local address requires an interface */ 186 if (!sk->sk_bound_dev_if) 187 return -EINVAL; 188 } 189 190 if (tp->rx_opt.ts_recent_stamp && 191 !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) { 192 tp->rx_opt.ts_recent = 0; 193 tp->rx_opt.ts_recent_stamp = 0; 194 tp->write_seq = 0; 195 } 196 197 ipv6_addr_copy(&np->daddr, &usin->sin6_addr); 198 np->flow_label = fl6.flowlabel; 199 200 /* 201 * TCP over IPv4 202 */ 203 204 if (addr_type == IPV6_ADDR_MAPPED) { 205 u32 exthdrlen = icsk->icsk_ext_hdr_len; 206 struct sockaddr_in sin; 207 208 SOCK_DEBUG(sk, "connect: ipv4 mapped\n"); 209 210 if (__ipv6_only_sock(sk)) 211 return -ENETUNREACH; 212 213 sin.sin_family = AF_INET; 214 sin.sin_port = usin->sin6_port; 215 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3]; 216 217 icsk->icsk_af_ops = &ipv6_mapped; 218 sk->sk_backlog_rcv = tcp_v4_do_rcv; 219 #ifdef CONFIG_TCP_MD5SIG 220 tp->af_specific = &tcp_sock_ipv6_mapped_specific; 221 #endif 222 223 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin)); 224 225 if (err) { 226 icsk->icsk_ext_hdr_len = exthdrlen; 227 icsk->icsk_af_ops = &ipv6_specific; 228 sk->sk_backlog_rcv = tcp_v6_do_rcv; 229 #ifdef CONFIG_TCP_MD5SIG 230 tp->af_specific = &tcp_sock_ipv6_specific; 231 #endif 232 goto failure; 233 } else { 234 ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr); 235 ipv6_addr_set_v4mapped(inet->inet_rcv_saddr, 236 &np->rcv_saddr); 237 } 238 239 return err; 240 } 241 242 if (!ipv6_addr_any(&np->rcv_saddr)) 243 saddr = &np->rcv_saddr; 244 245 fl6.flowi6_proto = IPPROTO_TCP; 246 ipv6_addr_copy(&fl6.daddr, &np->daddr); 247 ipv6_addr_copy(&fl6.saddr, 248 (saddr ? saddr : &np->saddr)); 249 fl6.flowi6_oif = sk->sk_bound_dev_if; 250 fl6.flowi6_mark = sk->sk_mark; 251 fl6.fl6_dport = usin->sin6_port; 252 fl6.fl6_sport = inet->inet_sport; 253 254 final_p = fl6_update_dst(&fl6, np->opt, &final); 255 256 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); 257 258 dst = ip6_dst_lookup_flow(sk, &fl6, final_p, true); 259 if (IS_ERR(dst)) { 260 err = PTR_ERR(dst); 261 goto failure; 262 } 263 264 if (saddr == NULL) { 265 saddr = &fl6.saddr; 266 ipv6_addr_copy(&np->rcv_saddr, saddr); 267 } 268 269 /* set the source address */ 270 ipv6_addr_copy(&np->saddr, saddr); 271 inet->inet_rcv_saddr = LOOPBACK4_IPV6; 272 273 sk->sk_gso_type = SKB_GSO_TCPV6; 274 __ip6_dst_store(sk, dst, NULL, NULL); 275 276 rt = (struct rt6_info *) dst; 277 if (tcp_death_row.sysctl_tw_recycle && 278 !tp->rx_opt.ts_recent_stamp && 279 ipv6_addr_equal(&rt->rt6i_dst.addr, &np->daddr)) { 280 struct inet_peer *peer = rt6_get_peer(rt); 281 /* 282 * VJ's idea. We save last timestamp seen from 283 * the destination in peer table, when entering state 284 * TIME-WAIT * and initialize rx_opt.ts_recent from it, 285 * when trying new connection. 286 */ 287 if (peer) { 288 inet_peer_refcheck(peer); 289 if ((u32)get_seconds() - peer->tcp_ts_stamp <= TCP_PAWS_MSL) { 290 tp->rx_opt.ts_recent_stamp = peer->tcp_ts_stamp; 291 tp->rx_opt.ts_recent = peer->tcp_ts; 292 } 293 } 294 } 295 296 icsk->icsk_ext_hdr_len = 0; 297 if (np->opt) 298 icsk->icsk_ext_hdr_len = (np->opt->opt_flen + 299 np->opt->opt_nflen); 300 301 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 302 303 inet->inet_dport = usin->sin6_port; 304 305 tcp_set_state(sk, TCP_SYN_SENT); 306 err = inet6_hash_connect(&tcp_death_row, sk); 307 if (err) 308 goto late_failure; 309 310 if (!tp->write_seq) 311 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32, 312 np->daddr.s6_addr32, 313 inet->inet_sport, 314 inet->inet_dport); 315 316 err = tcp_connect(sk); 317 if (err) 318 goto late_failure; 319 320 return 0; 321 322 late_failure: 323 tcp_set_state(sk, TCP_CLOSE); 324 __sk_dst_reset(sk); 325 failure: 326 inet->inet_dport = 0; 327 sk->sk_route_caps = 0; 328 return err; 329 } 330 331 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 332 u8 type, u8 code, int offset, __be32 info) 333 { 334 const struct ipv6hdr *hdr = (const struct ipv6hdr*)skb->data; 335 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset); 336 struct ipv6_pinfo *np; 337 struct sock *sk; 338 int err; 339 struct tcp_sock *tp; 340 __u32 seq; 341 struct net *net = dev_net(skb->dev); 342 343 sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr, 344 th->dest, &hdr->saddr, th->source, skb->dev->ifindex); 345 346 if (sk == NULL) { 347 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev), 348 ICMP6_MIB_INERRORS); 349 return; 350 } 351 352 if (sk->sk_state == TCP_TIME_WAIT) { 353 inet_twsk_put(inet_twsk(sk)); 354 return; 355 } 356 357 bh_lock_sock(sk); 358 if (sock_owned_by_user(sk)) 359 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS); 360 361 if (sk->sk_state == TCP_CLOSE) 362 goto out; 363 364 if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) { 365 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); 366 goto out; 367 } 368 369 tp = tcp_sk(sk); 370 seq = ntohl(th->seq); 371 if (sk->sk_state != TCP_LISTEN && 372 !between(seq, tp->snd_una, tp->snd_nxt)) { 373 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 374 goto out; 375 } 376 377 np = inet6_sk(sk); 378 379 if (type == ICMPV6_PKT_TOOBIG) { 380 struct dst_entry *dst; 381 382 if (sock_owned_by_user(sk)) 383 goto out; 384 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) 385 goto out; 386 387 /* icmp should have updated the destination cache entry */ 388 dst = __sk_dst_check(sk, np->dst_cookie); 389 390 if (dst == NULL) { 391 struct inet_sock *inet = inet_sk(sk); 392 struct flowi6 fl6; 393 394 /* BUGGG_FUTURE: Again, it is not clear how 395 to handle rthdr case. Ignore this complexity 396 for now. 397 */ 398 memset(&fl6, 0, sizeof(fl6)); 399 fl6.flowi6_proto = IPPROTO_TCP; 400 ipv6_addr_copy(&fl6.daddr, &np->daddr); 401 ipv6_addr_copy(&fl6.saddr, &np->saddr); 402 fl6.flowi6_oif = sk->sk_bound_dev_if; 403 fl6.flowi6_mark = sk->sk_mark; 404 fl6.fl6_dport = inet->inet_dport; 405 fl6.fl6_sport = inet->inet_sport; 406 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); 407 408 dst = ip6_dst_lookup_flow(sk, &fl6, NULL, false); 409 if (IS_ERR(dst)) { 410 sk->sk_err_soft = -PTR_ERR(dst); 411 goto out; 412 } 413 414 } else 415 dst_hold(dst); 416 417 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) { 418 tcp_sync_mss(sk, dst_mtu(dst)); 419 tcp_simple_retransmit(sk); 420 } /* else let the usual retransmit timer handle it */ 421 dst_release(dst); 422 goto out; 423 } 424 425 icmpv6_err_convert(type, code, &err); 426 427 /* Might be for an request_sock */ 428 switch (sk->sk_state) { 429 struct request_sock *req, **prev; 430 case TCP_LISTEN: 431 if (sock_owned_by_user(sk)) 432 goto out; 433 434 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr, 435 &hdr->saddr, inet6_iif(skb)); 436 if (!req) 437 goto out; 438 439 /* ICMPs are not backlogged, hence we cannot get 440 * an established socket here. 441 */ 442 WARN_ON(req->sk != NULL); 443 444 if (seq != tcp_rsk(req)->snt_isn) { 445 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 446 goto out; 447 } 448 449 inet_csk_reqsk_queue_drop(sk, req, prev); 450 goto out; 451 452 case TCP_SYN_SENT: 453 case TCP_SYN_RECV: /* Cannot happen. 454 It can, it SYNs are crossed. --ANK */ 455 if (!sock_owned_by_user(sk)) { 456 sk->sk_err = err; 457 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */ 458 459 tcp_done(sk); 460 } else 461 sk->sk_err_soft = err; 462 goto out; 463 } 464 465 if (!sock_owned_by_user(sk) && np->recverr) { 466 sk->sk_err = err; 467 sk->sk_error_report(sk); 468 } else 469 sk->sk_err_soft = err; 470 471 out: 472 bh_unlock_sock(sk); 473 sock_put(sk); 474 } 475 476 477 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req, 478 struct request_values *rvp) 479 { 480 struct inet6_request_sock *treq = inet6_rsk(req); 481 struct ipv6_pinfo *np = inet6_sk(sk); 482 struct sk_buff * skb; 483 struct ipv6_txoptions *opt = NULL; 484 struct in6_addr * final_p, final; 485 struct flowi6 fl6; 486 struct dst_entry *dst; 487 int err; 488 489 memset(&fl6, 0, sizeof(fl6)); 490 fl6.flowi6_proto = IPPROTO_TCP; 491 ipv6_addr_copy(&fl6.daddr, &treq->rmt_addr); 492 ipv6_addr_copy(&fl6.saddr, &treq->loc_addr); 493 fl6.flowlabel = 0; 494 fl6.flowi6_oif = treq->iif; 495 fl6.flowi6_mark = sk->sk_mark; 496 fl6.fl6_dport = inet_rsk(req)->rmt_port; 497 fl6.fl6_sport = inet_rsk(req)->loc_port; 498 security_req_classify_flow(req, flowi6_to_flowi(&fl6)); 499 500 opt = np->opt; 501 final_p = fl6_update_dst(&fl6, opt, &final); 502 503 dst = ip6_dst_lookup_flow(sk, &fl6, final_p, false); 504 if (IS_ERR(dst)) { 505 err = PTR_ERR(dst); 506 dst = NULL; 507 goto done; 508 } 509 skb = tcp_make_synack(sk, dst, req, rvp); 510 err = -ENOMEM; 511 if (skb) { 512 __tcp_v6_send_check(skb, &treq->loc_addr, &treq->rmt_addr); 513 514 ipv6_addr_copy(&fl6.daddr, &treq->rmt_addr); 515 err = ip6_xmit(sk, skb, &fl6, opt); 516 err = net_xmit_eval(err); 517 } 518 519 done: 520 if (opt && opt != np->opt) 521 sock_kfree_s(sk, opt, opt->tot_len); 522 dst_release(dst); 523 return err; 524 } 525 526 static int tcp_v6_rtx_synack(struct sock *sk, struct request_sock *req, 527 struct request_values *rvp) 528 { 529 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_RETRANSSEGS); 530 return tcp_v6_send_synack(sk, req, rvp); 531 } 532 533 static inline void syn_flood_warning(struct sk_buff *skb) 534 { 535 #ifdef CONFIG_SYN_COOKIES 536 if (sysctl_tcp_syncookies) 537 printk(KERN_INFO 538 "TCPv6: Possible SYN flooding on port %d. " 539 "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest)); 540 else 541 #endif 542 printk(KERN_INFO 543 "TCPv6: Possible SYN flooding on port %d. " 544 "Dropping request.\n", ntohs(tcp_hdr(skb)->dest)); 545 } 546 547 static void tcp_v6_reqsk_destructor(struct request_sock *req) 548 { 549 kfree_skb(inet6_rsk(req)->pktopts); 550 } 551 552 #ifdef CONFIG_TCP_MD5SIG 553 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, 554 const struct in6_addr *addr) 555 { 556 struct tcp_sock *tp = tcp_sk(sk); 557 int i; 558 559 BUG_ON(tp == NULL); 560 561 if (!tp->md5sig_info || !tp->md5sig_info->entries6) 562 return NULL; 563 564 for (i = 0; i < tp->md5sig_info->entries6; i++) { 565 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr)) 566 return &tp->md5sig_info->keys6[i].base; 567 } 568 return NULL; 569 } 570 571 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk, 572 struct sock *addr_sk) 573 { 574 return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr); 575 } 576 577 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk, 578 struct request_sock *req) 579 { 580 return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr); 581 } 582 583 static int tcp_v6_md5_do_add(struct sock *sk, const struct in6_addr *peer, 584 char *newkey, u8 newkeylen) 585 { 586 /* Add key to the list */ 587 struct tcp_md5sig_key *key; 588 struct tcp_sock *tp = tcp_sk(sk); 589 struct tcp6_md5sig_key *keys; 590 591 key = tcp_v6_md5_do_lookup(sk, peer); 592 if (key) { 593 /* modify existing entry - just update that one */ 594 kfree(key->key); 595 key->key = newkey; 596 key->keylen = newkeylen; 597 } else { 598 /* reallocate new list if current one is full. */ 599 if (!tp->md5sig_info) { 600 tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC); 601 if (!tp->md5sig_info) { 602 kfree(newkey); 603 return -ENOMEM; 604 } 605 sk_nocaps_add(sk, NETIF_F_GSO_MASK); 606 } 607 if (tcp_alloc_md5sig_pool(sk) == NULL) { 608 kfree(newkey); 609 return -ENOMEM; 610 } 611 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) { 612 keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) * 613 (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC); 614 615 if (!keys) { 616 tcp_free_md5sig_pool(); 617 kfree(newkey); 618 return -ENOMEM; 619 } 620 621 if (tp->md5sig_info->entries6) 622 memmove(keys, tp->md5sig_info->keys6, 623 (sizeof (tp->md5sig_info->keys6[0]) * 624 tp->md5sig_info->entries6)); 625 626 kfree(tp->md5sig_info->keys6); 627 tp->md5sig_info->keys6 = keys; 628 tp->md5sig_info->alloced6++; 629 } 630 631 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr, 632 peer); 633 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey; 634 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen; 635 636 tp->md5sig_info->entries6++; 637 } 638 return 0; 639 } 640 641 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk, 642 u8 *newkey, __u8 newkeylen) 643 { 644 return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr, 645 newkey, newkeylen); 646 } 647 648 static int tcp_v6_md5_do_del(struct sock *sk, const struct in6_addr *peer) 649 { 650 struct tcp_sock *tp = tcp_sk(sk); 651 int i; 652 653 for (i = 0; i < tp->md5sig_info->entries6; i++) { 654 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) { 655 /* Free the key */ 656 kfree(tp->md5sig_info->keys6[i].base.key); 657 tp->md5sig_info->entries6--; 658 659 if (tp->md5sig_info->entries6 == 0) { 660 kfree(tp->md5sig_info->keys6); 661 tp->md5sig_info->keys6 = NULL; 662 tp->md5sig_info->alloced6 = 0; 663 } else { 664 /* shrink the database */ 665 if (tp->md5sig_info->entries6 != i) 666 memmove(&tp->md5sig_info->keys6[i], 667 &tp->md5sig_info->keys6[i+1], 668 (tp->md5sig_info->entries6 - i) 669 * sizeof (tp->md5sig_info->keys6[0])); 670 } 671 tcp_free_md5sig_pool(); 672 return 0; 673 } 674 } 675 return -ENOENT; 676 } 677 678 static void tcp_v6_clear_md5_list (struct sock *sk) 679 { 680 struct tcp_sock *tp = tcp_sk(sk); 681 int i; 682 683 if (tp->md5sig_info->entries6) { 684 for (i = 0; i < tp->md5sig_info->entries6; i++) 685 kfree(tp->md5sig_info->keys6[i].base.key); 686 tp->md5sig_info->entries6 = 0; 687 tcp_free_md5sig_pool(); 688 } 689 690 kfree(tp->md5sig_info->keys6); 691 tp->md5sig_info->keys6 = NULL; 692 tp->md5sig_info->alloced6 = 0; 693 694 if (tp->md5sig_info->entries4) { 695 for (i = 0; i < tp->md5sig_info->entries4; i++) 696 kfree(tp->md5sig_info->keys4[i].base.key); 697 tp->md5sig_info->entries4 = 0; 698 tcp_free_md5sig_pool(); 699 } 700 701 kfree(tp->md5sig_info->keys4); 702 tp->md5sig_info->keys4 = NULL; 703 tp->md5sig_info->alloced4 = 0; 704 } 705 706 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval, 707 int optlen) 708 { 709 struct tcp_md5sig cmd; 710 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr; 711 u8 *newkey; 712 713 if (optlen < sizeof(cmd)) 714 return -EINVAL; 715 716 if (copy_from_user(&cmd, optval, sizeof(cmd))) 717 return -EFAULT; 718 719 if (sin6->sin6_family != AF_INET6) 720 return -EINVAL; 721 722 if (!cmd.tcpm_keylen) { 723 if (!tcp_sk(sk)->md5sig_info) 724 return -ENOENT; 725 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) 726 return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]); 727 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr); 728 } 729 730 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN) 731 return -EINVAL; 732 733 if (!tcp_sk(sk)->md5sig_info) { 734 struct tcp_sock *tp = tcp_sk(sk); 735 struct tcp_md5sig_info *p; 736 737 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL); 738 if (!p) 739 return -ENOMEM; 740 741 tp->md5sig_info = p; 742 sk_nocaps_add(sk, NETIF_F_GSO_MASK); 743 } 744 745 newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL); 746 if (!newkey) 747 return -ENOMEM; 748 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) { 749 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3], 750 newkey, cmd.tcpm_keylen); 751 } 752 return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen); 753 } 754 755 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp, 756 const struct in6_addr *daddr, 757 const struct in6_addr *saddr, int nbytes) 758 { 759 struct tcp6_pseudohdr *bp; 760 struct scatterlist sg; 761 762 bp = &hp->md5_blk.ip6; 763 /* 1. TCP pseudo-header (RFC2460) */ 764 ipv6_addr_copy(&bp->saddr, saddr); 765 ipv6_addr_copy(&bp->daddr, daddr); 766 bp->protocol = cpu_to_be32(IPPROTO_TCP); 767 bp->len = cpu_to_be32(nbytes); 768 769 sg_init_one(&sg, bp, sizeof(*bp)); 770 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp)); 771 } 772 773 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key, 774 const struct in6_addr *daddr, struct in6_addr *saddr, 775 struct tcphdr *th) 776 { 777 struct tcp_md5sig_pool *hp; 778 struct hash_desc *desc; 779 780 hp = tcp_get_md5sig_pool(); 781 if (!hp) 782 goto clear_hash_noput; 783 desc = &hp->md5_desc; 784 785 if (crypto_hash_init(desc)) 786 goto clear_hash; 787 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2)) 788 goto clear_hash; 789 if (tcp_md5_hash_header(hp, th)) 790 goto clear_hash; 791 if (tcp_md5_hash_key(hp, key)) 792 goto clear_hash; 793 if (crypto_hash_final(desc, md5_hash)) 794 goto clear_hash; 795 796 tcp_put_md5sig_pool(); 797 return 0; 798 799 clear_hash: 800 tcp_put_md5sig_pool(); 801 clear_hash_noput: 802 memset(md5_hash, 0, 16); 803 return 1; 804 } 805 806 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key, 807 struct sock *sk, struct request_sock *req, 808 struct sk_buff *skb) 809 { 810 const struct in6_addr *saddr, *daddr; 811 struct tcp_md5sig_pool *hp; 812 struct hash_desc *desc; 813 struct tcphdr *th = tcp_hdr(skb); 814 815 if (sk) { 816 saddr = &inet6_sk(sk)->saddr; 817 daddr = &inet6_sk(sk)->daddr; 818 } else if (req) { 819 saddr = &inet6_rsk(req)->loc_addr; 820 daddr = &inet6_rsk(req)->rmt_addr; 821 } else { 822 const struct ipv6hdr *ip6h = ipv6_hdr(skb); 823 saddr = &ip6h->saddr; 824 daddr = &ip6h->daddr; 825 } 826 827 hp = tcp_get_md5sig_pool(); 828 if (!hp) 829 goto clear_hash_noput; 830 desc = &hp->md5_desc; 831 832 if (crypto_hash_init(desc)) 833 goto clear_hash; 834 835 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len)) 836 goto clear_hash; 837 if (tcp_md5_hash_header(hp, th)) 838 goto clear_hash; 839 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2)) 840 goto clear_hash; 841 if (tcp_md5_hash_key(hp, key)) 842 goto clear_hash; 843 if (crypto_hash_final(desc, md5_hash)) 844 goto clear_hash; 845 846 tcp_put_md5sig_pool(); 847 return 0; 848 849 clear_hash: 850 tcp_put_md5sig_pool(); 851 clear_hash_noput: 852 memset(md5_hash, 0, 16); 853 return 1; 854 } 855 856 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb) 857 { 858 __u8 *hash_location = NULL; 859 struct tcp_md5sig_key *hash_expected; 860 const struct ipv6hdr *ip6h = ipv6_hdr(skb); 861 struct tcphdr *th = tcp_hdr(skb); 862 int genhash; 863 u8 newhash[16]; 864 865 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr); 866 hash_location = tcp_parse_md5sig_option(th); 867 868 /* We've parsed the options - do we have a hash? */ 869 if (!hash_expected && !hash_location) 870 return 0; 871 872 if (hash_expected && !hash_location) { 873 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND); 874 return 1; 875 } 876 877 if (!hash_expected && hash_location) { 878 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED); 879 return 1; 880 } 881 882 /* check the signature */ 883 genhash = tcp_v6_md5_hash_skb(newhash, 884 hash_expected, 885 NULL, NULL, skb); 886 887 if (genhash || memcmp(hash_location, newhash, 16) != 0) { 888 if (net_ratelimit()) { 889 printk(KERN_INFO "MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n", 890 genhash ? "failed" : "mismatch", 891 &ip6h->saddr, ntohs(th->source), 892 &ip6h->daddr, ntohs(th->dest)); 893 } 894 return 1; 895 } 896 return 0; 897 } 898 #endif 899 900 struct request_sock_ops tcp6_request_sock_ops __read_mostly = { 901 .family = AF_INET6, 902 .obj_size = sizeof(struct tcp6_request_sock), 903 .rtx_syn_ack = tcp_v6_rtx_synack, 904 .send_ack = tcp_v6_reqsk_send_ack, 905 .destructor = tcp_v6_reqsk_destructor, 906 .send_reset = tcp_v6_send_reset, 907 .syn_ack_timeout = tcp_syn_ack_timeout, 908 }; 909 910 #ifdef CONFIG_TCP_MD5SIG 911 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = { 912 .md5_lookup = tcp_v6_reqsk_md5_lookup, 913 .calc_md5_hash = tcp_v6_md5_hash_skb, 914 }; 915 #endif 916 917 static void __tcp_v6_send_check(struct sk_buff *skb, 918 const struct in6_addr *saddr, const struct in6_addr *daddr) 919 { 920 struct tcphdr *th = tcp_hdr(skb); 921 922 if (skb->ip_summed == CHECKSUM_PARTIAL) { 923 th->check = ~tcp_v6_check(skb->len, saddr, daddr, 0); 924 skb->csum_start = skb_transport_header(skb) - skb->head; 925 skb->csum_offset = offsetof(struct tcphdr, check); 926 } else { 927 th->check = tcp_v6_check(skb->len, saddr, daddr, 928 csum_partial(th, th->doff << 2, 929 skb->csum)); 930 } 931 } 932 933 static void tcp_v6_send_check(struct sock *sk, struct sk_buff *skb) 934 { 935 struct ipv6_pinfo *np = inet6_sk(sk); 936 937 __tcp_v6_send_check(skb, &np->saddr, &np->daddr); 938 } 939 940 static int tcp_v6_gso_send_check(struct sk_buff *skb) 941 { 942 const struct ipv6hdr *ipv6h; 943 struct tcphdr *th; 944 945 if (!pskb_may_pull(skb, sizeof(*th))) 946 return -EINVAL; 947 948 ipv6h = ipv6_hdr(skb); 949 th = tcp_hdr(skb); 950 951 th->check = 0; 952 skb->ip_summed = CHECKSUM_PARTIAL; 953 __tcp_v6_send_check(skb, &ipv6h->saddr, &ipv6h->daddr); 954 return 0; 955 } 956 957 static struct sk_buff **tcp6_gro_receive(struct sk_buff **head, 958 struct sk_buff *skb) 959 { 960 const struct ipv6hdr *iph = skb_gro_network_header(skb); 961 962 switch (skb->ip_summed) { 963 case CHECKSUM_COMPLETE: 964 if (!tcp_v6_check(skb_gro_len(skb), &iph->saddr, &iph->daddr, 965 skb->csum)) { 966 skb->ip_summed = CHECKSUM_UNNECESSARY; 967 break; 968 } 969 970 /* fall through */ 971 case CHECKSUM_NONE: 972 NAPI_GRO_CB(skb)->flush = 1; 973 return NULL; 974 } 975 976 return tcp_gro_receive(head, skb); 977 } 978 979 static int tcp6_gro_complete(struct sk_buff *skb) 980 { 981 const struct ipv6hdr *iph = ipv6_hdr(skb); 982 struct tcphdr *th = tcp_hdr(skb); 983 984 th->check = ~tcp_v6_check(skb->len - skb_transport_offset(skb), 985 &iph->saddr, &iph->daddr, 0); 986 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6; 987 988 return tcp_gro_complete(skb); 989 } 990 991 static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win, 992 u32 ts, struct tcp_md5sig_key *key, int rst) 993 { 994 struct tcphdr *th = tcp_hdr(skb), *t1; 995 struct sk_buff *buff; 996 struct flowi6 fl6; 997 struct net *net = dev_net(skb_dst(skb)->dev); 998 struct sock *ctl_sk = net->ipv6.tcp_sk; 999 unsigned int tot_len = sizeof(struct tcphdr); 1000 struct dst_entry *dst; 1001 __be32 *topt; 1002 1003 if (ts) 1004 tot_len += TCPOLEN_TSTAMP_ALIGNED; 1005 #ifdef CONFIG_TCP_MD5SIG 1006 if (key) 1007 tot_len += TCPOLEN_MD5SIG_ALIGNED; 1008 #endif 1009 1010 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len, 1011 GFP_ATOMIC); 1012 if (buff == NULL) 1013 return; 1014 1015 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len); 1016 1017 t1 = (struct tcphdr *) skb_push(buff, tot_len); 1018 skb_reset_transport_header(buff); 1019 1020 /* Swap the send and the receive. */ 1021 memset(t1, 0, sizeof(*t1)); 1022 t1->dest = th->source; 1023 t1->source = th->dest; 1024 t1->doff = tot_len / 4; 1025 t1->seq = htonl(seq); 1026 t1->ack_seq = htonl(ack); 1027 t1->ack = !rst || !th->ack; 1028 t1->rst = rst; 1029 t1->window = htons(win); 1030 1031 topt = (__be32 *)(t1 + 1); 1032 1033 if (ts) { 1034 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 1035 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP); 1036 *topt++ = htonl(tcp_time_stamp); 1037 *topt++ = htonl(ts); 1038 } 1039 1040 #ifdef CONFIG_TCP_MD5SIG 1041 if (key) { 1042 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 1043 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); 1044 tcp_v6_md5_hash_hdr((__u8 *)topt, key, 1045 &ipv6_hdr(skb)->saddr, 1046 &ipv6_hdr(skb)->daddr, t1); 1047 } 1048 #endif 1049 1050 memset(&fl6, 0, sizeof(fl6)); 1051 ipv6_addr_copy(&fl6.daddr, &ipv6_hdr(skb)->saddr); 1052 ipv6_addr_copy(&fl6.saddr, &ipv6_hdr(skb)->daddr); 1053 1054 buff->ip_summed = CHECKSUM_PARTIAL; 1055 buff->csum = 0; 1056 1057 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr); 1058 1059 fl6.flowi6_proto = IPPROTO_TCP; 1060 fl6.flowi6_oif = inet6_iif(skb); 1061 fl6.fl6_dport = t1->dest; 1062 fl6.fl6_sport = t1->source; 1063 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); 1064 1065 /* Pass a socket to ip6_dst_lookup either it is for RST 1066 * Underlying function will use this to retrieve the network 1067 * namespace 1068 */ 1069 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL, false); 1070 if (!IS_ERR(dst)) { 1071 skb_dst_set(buff, dst); 1072 ip6_xmit(ctl_sk, buff, &fl6, NULL); 1073 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS); 1074 if (rst) 1075 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS); 1076 return; 1077 } 1078 1079 kfree_skb(buff); 1080 } 1081 1082 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb) 1083 { 1084 struct tcphdr *th = tcp_hdr(skb); 1085 u32 seq = 0, ack_seq = 0; 1086 struct tcp_md5sig_key *key = NULL; 1087 1088 if (th->rst) 1089 return; 1090 1091 if (!ipv6_unicast_destination(skb)) 1092 return; 1093 1094 #ifdef CONFIG_TCP_MD5SIG 1095 if (sk) 1096 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr); 1097 #endif 1098 1099 if (th->ack) 1100 seq = ntohl(th->ack_seq); 1101 else 1102 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len - 1103 (th->doff << 2); 1104 1105 tcp_v6_send_response(skb, seq, ack_seq, 0, 0, key, 1); 1106 } 1107 1108 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts, 1109 struct tcp_md5sig_key *key) 1110 { 1111 tcp_v6_send_response(skb, seq, ack, win, ts, key, 0); 1112 } 1113 1114 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb) 1115 { 1116 struct inet_timewait_sock *tw = inet_twsk(sk); 1117 struct tcp_timewait_sock *tcptw = tcp_twsk(sk); 1118 1119 tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt, 1120 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale, 1121 tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw)); 1122 1123 inet_twsk_put(tw); 1124 } 1125 1126 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb, 1127 struct request_sock *req) 1128 { 1129 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent, 1130 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr)); 1131 } 1132 1133 1134 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb) 1135 { 1136 struct request_sock *req, **prev; 1137 const struct tcphdr *th = tcp_hdr(skb); 1138 struct sock *nsk; 1139 1140 /* Find possible connection requests. */ 1141 req = inet6_csk_search_req(sk, &prev, th->source, 1142 &ipv6_hdr(skb)->saddr, 1143 &ipv6_hdr(skb)->daddr, inet6_iif(skb)); 1144 if (req) 1145 return tcp_check_req(sk, skb, req, prev); 1146 1147 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo, 1148 &ipv6_hdr(skb)->saddr, th->source, 1149 &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb)); 1150 1151 if (nsk) { 1152 if (nsk->sk_state != TCP_TIME_WAIT) { 1153 bh_lock_sock(nsk); 1154 return nsk; 1155 } 1156 inet_twsk_put(inet_twsk(nsk)); 1157 return NULL; 1158 } 1159 1160 #ifdef CONFIG_SYN_COOKIES 1161 if (!th->syn) 1162 sk = cookie_v6_check(sk, skb); 1163 #endif 1164 return sk; 1165 } 1166 1167 /* FIXME: this is substantially similar to the ipv4 code. 1168 * Can some kind of merge be done? -- erics 1169 */ 1170 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb) 1171 { 1172 struct tcp_extend_values tmp_ext; 1173 struct tcp_options_received tmp_opt; 1174 u8 *hash_location; 1175 struct request_sock *req; 1176 struct inet6_request_sock *treq; 1177 struct ipv6_pinfo *np = inet6_sk(sk); 1178 struct tcp_sock *tp = tcp_sk(sk); 1179 __u32 isn = TCP_SKB_CB(skb)->when; 1180 struct dst_entry *dst = NULL; 1181 #ifdef CONFIG_SYN_COOKIES 1182 int want_cookie = 0; 1183 #else 1184 #define want_cookie 0 1185 #endif 1186 1187 if (skb->protocol == htons(ETH_P_IP)) 1188 return tcp_v4_conn_request(sk, skb); 1189 1190 if (!ipv6_unicast_destination(skb)) 1191 goto drop; 1192 1193 if (inet_csk_reqsk_queue_is_full(sk) && !isn) { 1194 if (net_ratelimit()) 1195 syn_flood_warning(skb); 1196 #ifdef CONFIG_SYN_COOKIES 1197 if (sysctl_tcp_syncookies) 1198 want_cookie = 1; 1199 else 1200 #endif 1201 goto drop; 1202 } 1203 1204 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) 1205 goto drop; 1206 1207 req = inet6_reqsk_alloc(&tcp6_request_sock_ops); 1208 if (req == NULL) 1209 goto drop; 1210 1211 #ifdef CONFIG_TCP_MD5SIG 1212 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops; 1213 #endif 1214 1215 tcp_clear_options(&tmp_opt); 1216 tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 1217 tmp_opt.user_mss = tp->rx_opt.user_mss; 1218 tcp_parse_options(skb, &tmp_opt, &hash_location, 0); 1219 1220 if (tmp_opt.cookie_plus > 0 && 1221 tmp_opt.saw_tstamp && 1222 !tp->rx_opt.cookie_out_never && 1223 (sysctl_tcp_cookie_size > 0 || 1224 (tp->cookie_values != NULL && 1225 tp->cookie_values->cookie_desired > 0))) { 1226 u8 *c; 1227 u32 *d; 1228 u32 *mess = &tmp_ext.cookie_bakery[COOKIE_DIGEST_WORDS]; 1229 int l = tmp_opt.cookie_plus - TCPOLEN_COOKIE_BASE; 1230 1231 if (tcp_cookie_generator(&tmp_ext.cookie_bakery[0]) != 0) 1232 goto drop_and_free; 1233 1234 /* Secret recipe starts with IP addresses */ 1235 d = (__force u32 *)&ipv6_hdr(skb)->daddr.s6_addr32[0]; 1236 *mess++ ^= *d++; 1237 *mess++ ^= *d++; 1238 *mess++ ^= *d++; 1239 *mess++ ^= *d++; 1240 d = (__force u32 *)&ipv6_hdr(skb)->saddr.s6_addr32[0]; 1241 *mess++ ^= *d++; 1242 *mess++ ^= *d++; 1243 *mess++ ^= *d++; 1244 *mess++ ^= *d++; 1245 1246 /* plus variable length Initiator Cookie */ 1247 c = (u8 *)mess; 1248 while (l-- > 0) 1249 *c++ ^= *hash_location++; 1250 1251 #ifdef CONFIG_SYN_COOKIES 1252 want_cookie = 0; /* not our kind of cookie */ 1253 #endif 1254 tmp_ext.cookie_out_never = 0; /* false */ 1255 tmp_ext.cookie_plus = tmp_opt.cookie_plus; 1256 } else if (!tp->rx_opt.cookie_in_always) { 1257 /* redundant indications, but ensure initialization. */ 1258 tmp_ext.cookie_out_never = 1; /* true */ 1259 tmp_ext.cookie_plus = 0; 1260 } else { 1261 goto drop_and_free; 1262 } 1263 tmp_ext.cookie_in_always = tp->rx_opt.cookie_in_always; 1264 1265 if (want_cookie && !tmp_opt.saw_tstamp) 1266 tcp_clear_options(&tmp_opt); 1267 1268 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp; 1269 tcp_openreq_init(req, &tmp_opt, skb); 1270 1271 treq = inet6_rsk(req); 1272 ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr); 1273 ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr); 1274 if (!want_cookie || tmp_opt.tstamp_ok) 1275 TCP_ECN_create_request(req, tcp_hdr(skb)); 1276 1277 if (!isn) { 1278 struct inet_peer *peer = NULL; 1279 1280 if (ipv6_opt_accepted(sk, skb) || 1281 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || 1282 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) { 1283 atomic_inc(&skb->users); 1284 treq->pktopts = skb; 1285 } 1286 treq->iif = sk->sk_bound_dev_if; 1287 1288 /* So that link locals have meaning */ 1289 if (!sk->sk_bound_dev_if && 1290 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL) 1291 treq->iif = inet6_iif(skb); 1292 1293 if (want_cookie) { 1294 isn = cookie_v6_init_sequence(sk, skb, &req->mss); 1295 req->cookie_ts = tmp_opt.tstamp_ok; 1296 goto have_isn; 1297 } 1298 1299 /* VJ's idea. We save last timestamp seen 1300 * from the destination in peer table, when entering 1301 * state TIME-WAIT, and check against it before 1302 * accepting new connection request. 1303 * 1304 * If "isn" is not zero, this request hit alive 1305 * timewait bucket, so that all the necessary checks 1306 * are made in the function processing timewait state. 1307 */ 1308 if (tmp_opt.saw_tstamp && 1309 tcp_death_row.sysctl_tw_recycle && 1310 (dst = inet6_csk_route_req(sk, req)) != NULL && 1311 (peer = rt6_get_peer((struct rt6_info *)dst)) != NULL && 1312 ipv6_addr_equal((struct in6_addr *)peer->daddr.addr.a6, 1313 &treq->rmt_addr)) { 1314 inet_peer_refcheck(peer); 1315 if ((u32)get_seconds() - peer->tcp_ts_stamp < TCP_PAWS_MSL && 1316 (s32)(peer->tcp_ts - req->ts_recent) > 1317 TCP_PAWS_WINDOW) { 1318 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSPASSIVEREJECTED); 1319 goto drop_and_release; 1320 } 1321 } 1322 /* Kill the following clause, if you dislike this way. */ 1323 else if (!sysctl_tcp_syncookies && 1324 (sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) < 1325 (sysctl_max_syn_backlog >> 2)) && 1326 (!peer || !peer->tcp_ts_stamp) && 1327 (!dst || !dst_metric(dst, RTAX_RTT))) { 1328 /* Without syncookies last quarter of 1329 * backlog is filled with destinations, 1330 * proven to be alive. 1331 * It means that we continue to communicate 1332 * to destinations, already remembered 1333 * to the moment of synflood. 1334 */ 1335 LIMIT_NETDEBUG(KERN_DEBUG "TCP: drop open request from %pI6/%u\n", 1336 &treq->rmt_addr, ntohs(tcp_hdr(skb)->source)); 1337 goto drop_and_release; 1338 } 1339 1340 isn = tcp_v6_init_sequence(skb); 1341 } 1342 have_isn: 1343 tcp_rsk(req)->snt_isn = isn; 1344 1345 security_inet_conn_request(sk, skb, req); 1346 1347 if (tcp_v6_send_synack(sk, req, 1348 (struct request_values *)&tmp_ext) || 1349 want_cookie) 1350 goto drop_and_free; 1351 1352 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT); 1353 return 0; 1354 1355 drop_and_release: 1356 dst_release(dst); 1357 drop_and_free: 1358 reqsk_free(req); 1359 drop: 1360 return 0; /* don't send reset */ 1361 } 1362 1363 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb, 1364 struct request_sock *req, 1365 struct dst_entry *dst) 1366 { 1367 struct inet6_request_sock *treq; 1368 struct ipv6_pinfo *newnp, *np = inet6_sk(sk); 1369 struct tcp6_sock *newtcp6sk; 1370 struct inet_sock *newinet; 1371 struct tcp_sock *newtp; 1372 struct sock *newsk; 1373 struct ipv6_txoptions *opt; 1374 #ifdef CONFIG_TCP_MD5SIG 1375 struct tcp_md5sig_key *key; 1376 #endif 1377 1378 if (skb->protocol == htons(ETH_P_IP)) { 1379 /* 1380 * v6 mapped 1381 */ 1382 1383 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst); 1384 1385 if (newsk == NULL) 1386 return NULL; 1387 1388 newtcp6sk = (struct tcp6_sock *)newsk; 1389 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1390 1391 newinet = inet_sk(newsk); 1392 newnp = inet6_sk(newsk); 1393 newtp = tcp_sk(newsk); 1394 1395 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1396 1397 ipv6_addr_set_v4mapped(newinet->inet_daddr, &newnp->daddr); 1398 1399 ipv6_addr_set_v4mapped(newinet->inet_saddr, &newnp->saddr); 1400 1401 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr); 1402 1403 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped; 1404 newsk->sk_backlog_rcv = tcp_v4_do_rcv; 1405 #ifdef CONFIG_TCP_MD5SIG 1406 newtp->af_specific = &tcp_sock_ipv6_mapped_specific; 1407 #endif 1408 1409 newnp->pktoptions = NULL; 1410 newnp->opt = NULL; 1411 newnp->mcast_oif = inet6_iif(skb); 1412 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1413 1414 /* 1415 * No need to charge this sock to the relevant IPv6 refcnt debug socks count 1416 * here, tcp_create_openreq_child now does this for us, see the comment in 1417 * that function for the gory details. -acme 1418 */ 1419 1420 /* It is tricky place. Until this moment IPv4 tcp 1421 worked with IPv6 icsk.icsk_af_ops. 1422 Sync it now. 1423 */ 1424 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); 1425 1426 return newsk; 1427 } 1428 1429 treq = inet6_rsk(req); 1430 opt = np->opt; 1431 1432 if (sk_acceptq_is_full(sk)) 1433 goto out_overflow; 1434 1435 if (!dst) { 1436 dst = inet6_csk_route_req(sk, req); 1437 if (!dst) 1438 goto out; 1439 } 1440 1441 newsk = tcp_create_openreq_child(sk, req, skb); 1442 if (newsk == NULL) 1443 goto out_nonewsk; 1444 1445 /* 1446 * No need to charge this sock to the relevant IPv6 refcnt debug socks 1447 * count here, tcp_create_openreq_child now does this for us, see the 1448 * comment in that function for the gory details. -acme 1449 */ 1450 1451 newsk->sk_gso_type = SKB_GSO_TCPV6; 1452 __ip6_dst_store(newsk, dst, NULL, NULL); 1453 1454 newtcp6sk = (struct tcp6_sock *)newsk; 1455 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1456 1457 newtp = tcp_sk(newsk); 1458 newinet = inet_sk(newsk); 1459 newnp = inet6_sk(newsk); 1460 1461 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1462 1463 ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr); 1464 ipv6_addr_copy(&newnp->saddr, &treq->loc_addr); 1465 ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr); 1466 newsk->sk_bound_dev_if = treq->iif; 1467 1468 /* Now IPv6 options... 1469 1470 First: no IPv4 options. 1471 */ 1472 newinet->inet_opt = NULL; 1473 newnp->ipv6_fl_list = NULL; 1474 1475 /* Clone RX bits */ 1476 newnp->rxopt.all = np->rxopt.all; 1477 1478 /* Clone pktoptions received with SYN */ 1479 newnp->pktoptions = NULL; 1480 if (treq->pktopts != NULL) { 1481 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC); 1482 kfree_skb(treq->pktopts); 1483 treq->pktopts = NULL; 1484 if (newnp->pktoptions) 1485 skb_set_owner_r(newnp->pktoptions, newsk); 1486 } 1487 newnp->opt = NULL; 1488 newnp->mcast_oif = inet6_iif(skb); 1489 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1490 1491 /* Clone native IPv6 options from listening socket (if any) 1492 1493 Yes, keeping reference count would be much more clever, 1494 but we make one more one thing there: reattach optmem 1495 to newsk. 1496 */ 1497 if (opt) { 1498 newnp->opt = ipv6_dup_options(newsk, opt); 1499 if (opt != np->opt) 1500 sock_kfree_s(sk, opt, opt->tot_len); 1501 } 1502 1503 inet_csk(newsk)->icsk_ext_hdr_len = 0; 1504 if (newnp->opt) 1505 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen + 1506 newnp->opt->opt_flen); 1507 1508 tcp_mtup_init(newsk); 1509 tcp_sync_mss(newsk, dst_mtu(dst)); 1510 newtp->advmss = dst_metric_advmss(dst); 1511 tcp_initialize_rcv_mss(newsk); 1512 1513 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6; 1514 newinet->inet_rcv_saddr = LOOPBACK4_IPV6; 1515 1516 #ifdef CONFIG_TCP_MD5SIG 1517 /* Copy over the MD5 key from the original socket */ 1518 if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) { 1519 /* We're using one, so create a matching key 1520 * on the newsk structure. If we fail to get 1521 * memory, then we end up not copying the key 1522 * across. Shucks. 1523 */ 1524 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC); 1525 if (newkey != NULL) 1526 tcp_v6_md5_do_add(newsk, &newnp->daddr, 1527 newkey, key->keylen); 1528 } 1529 #endif 1530 1531 if (__inet_inherit_port(sk, newsk) < 0) { 1532 sock_put(newsk); 1533 goto out; 1534 } 1535 __inet6_hash(newsk, NULL); 1536 1537 return newsk; 1538 1539 out_overflow: 1540 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); 1541 out_nonewsk: 1542 if (opt && opt != np->opt) 1543 sock_kfree_s(sk, opt, opt->tot_len); 1544 dst_release(dst); 1545 out: 1546 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); 1547 return NULL; 1548 } 1549 1550 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb) 1551 { 1552 if (skb->ip_summed == CHECKSUM_COMPLETE) { 1553 if (!tcp_v6_check(skb->len, &ipv6_hdr(skb)->saddr, 1554 &ipv6_hdr(skb)->daddr, skb->csum)) { 1555 skb->ip_summed = CHECKSUM_UNNECESSARY; 1556 return 0; 1557 } 1558 } 1559 1560 skb->csum = ~csum_unfold(tcp_v6_check(skb->len, 1561 &ipv6_hdr(skb)->saddr, 1562 &ipv6_hdr(skb)->daddr, 0)); 1563 1564 if (skb->len <= 76) { 1565 return __skb_checksum_complete(skb); 1566 } 1567 return 0; 1568 } 1569 1570 /* The socket must have it's spinlock held when we get 1571 * here. 1572 * 1573 * We have a potential double-lock case here, so even when 1574 * doing backlog processing we use the BH locking scheme. 1575 * This is because we cannot sleep with the original spinlock 1576 * held. 1577 */ 1578 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) 1579 { 1580 struct ipv6_pinfo *np = inet6_sk(sk); 1581 struct tcp_sock *tp; 1582 struct sk_buff *opt_skb = NULL; 1583 1584 /* Imagine: socket is IPv6. IPv4 packet arrives, 1585 goes to IPv4 receive handler and backlogged. 1586 From backlog it always goes here. Kerboom... 1587 Fortunately, tcp_rcv_established and rcv_established 1588 handle them correctly, but it is not case with 1589 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK 1590 */ 1591 1592 if (skb->protocol == htons(ETH_P_IP)) 1593 return tcp_v4_do_rcv(sk, skb); 1594 1595 #ifdef CONFIG_TCP_MD5SIG 1596 if (tcp_v6_inbound_md5_hash (sk, skb)) 1597 goto discard; 1598 #endif 1599 1600 if (sk_filter(sk, skb)) 1601 goto discard; 1602 1603 /* 1604 * socket locking is here for SMP purposes as backlog rcv 1605 * is currently called with bh processing disabled. 1606 */ 1607 1608 /* Do Stevens' IPV6_PKTOPTIONS. 1609 1610 Yes, guys, it is the only place in our code, where we 1611 may make it not affecting IPv4. 1612 The rest of code is protocol independent, 1613 and I do not like idea to uglify IPv4. 1614 1615 Actually, all the idea behind IPV6_PKTOPTIONS 1616 looks not very well thought. For now we latch 1617 options, received in the last packet, enqueued 1618 by tcp. Feel free to propose better solution. 1619 --ANK (980728) 1620 */ 1621 if (np->rxopt.all) 1622 opt_skb = skb_clone(skb, GFP_ATOMIC); 1623 1624 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ 1625 sock_rps_save_rxhash(sk, skb->rxhash); 1626 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) 1627 goto reset; 1628 if (opt_skb) 1629 goto ipv6_pktoptions; 1630 return 0; 1631 } 1632 1633 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb)) 1634 goto csum_err; 1635 1636 if (sk->sk_state == TCP_LISTEN) { 1637 struct sock *nsk = tcp_v6_hnd_req(sk, skb); 1638 if (!nsk) 1639 goto discard; 1640 1641 /* 1642 * Queue it on the new socket if the new socket is active, 1643 * otherwise we just shortcircuit this and continue with 1644 * the new socket.. 1645 */ 1646 if(nsk != sk) { 1647 sock_rps_save_rxhash(nsk, skb->rxhash); 1648 if (tcp_child_process(sk, nsk, skb)) 1649 goto reset; 1650 if (opt_skb) 1651 __kfree_skb(opt_skb); 1652 return 0; 1653 } 1654 } else 1655 sock_rps_save_rxhash(sk, skb->rxhash); 1656 1657 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) 1658 goto reset; 1659 if (opt_skb) 1660 goto ipv6_pktoptions; 1661 return 0; 1662 1663 reset: 1664 tcp_v6_send_reset(sk, skb); 1665 discard: 1666 if (opt_skb) 1667 __kfree_skb(opt_skb); 1668 kfree_skb(skb); 1669 return 0; 1670 csum_err: 1671 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS); 1672 goto discard; 1673 1674 1675 ipv6_pktoptions: 1676 /* Do you ask, what is it? 1677 1678 1. skb was enqueued by tcp. 1679 2. skb is added to tail of read queue, rather than out of order. 1680 3. socket is not in passive state. 1681 4. Finally, it really contains options, which user wants to receive. 1682 */ 1683 tp = tcp_sk(sk); 1684 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt && 1685 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) { 1686 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo) 1687 np->mcast_oif = inet6_iif(opt_skb); 1688 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) 1689 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit; 1690 if (ipv6_opt_accepted(sk, opt_skb)) { 1691 skb_set_owner_r(opt_skb, sk); 1692 opt_skb = xchg(&np->pktoptions, opt_skb); 1693 } else { 1694 __kfree_skb(opt_skb); 1695 opt_skb = xchg(&np->pktoptions, NULL); 1696 } 1697 } 1698 1699 kfree_skb(opt_skb); 1700 return 0; 1701 } 1702 1703 static int tcp_v6_rcv(struct sk_buff *skb) 1704 { 1705 struct tcphdr *th; 1706 const struct ipv6hdr *hdr; 1707 struct sock *sk; 1708 int ret; 1709 struct net *net = dev_net(skb->dev); 1710 1711 if (skb->pkt_type != PACKET_HOST) 1712 goto discard_it; 1713 1714 /* 1715 * Count it even if it's bad. 1716 */ 1717 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS); 1718 1719 if (!pskb_may_pull(skb, sizeof(struct tcphdr))) 1720 goto discard_it; 1721 1722 th = tcp_hdr(skb); 1723 1724 if (th->doff < sizeof(struct tcphdr)/4) 1725 goto bad_packet; 1726 if (!pskb_may_pull(skb, th->doff*4)) 1727 goto discard_it; 1728 1729 if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb)) 1730 goto bad_packet; 1731 1732 th = tcp_hdr(skb); 1733 hdr = ipv6_hdr(skb); 1734 TCP_SKB_CB(skb)->seq = ntohl(th->seq); 1735 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin + 1736 skb->len - th->doff*4); 1737 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq); 1738 TCP_SKB_CB(skb)->when = 0; 1739 TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(hdr); 1740 TCP_SKB_CB(skb)->sacked = 0; 1741 1742 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); 1743 if (!sk) 1744 goto no_tcp_socket; 1745 1746 process: 1747 if (sk->sk_state == TCP_TIME_WAIT) 1748 goto do_time_wait; 1749 1750 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) { 1751 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); 1752 goto discard_and_relse; 1753 } 1754 1755 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) 1756 goto discard_and_relse; 1757 1758 if (sk_filter(sk, skb)) 1759 goto discard_and_relse; 1760 1761 skb->dev = NULL; 1762 1763 bh_lock_sock_nested(sk); 1764 ret = 0; 1765 if (!sock_owned_by_user(sk)) { 1766 #ifdef CONFIG_NET_DMA 1767 struct tcp_sock *tp = tcp_sk(sk); 1768 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list) 1769 tp->ucopy.dma_chan = dma_find_channel(DMA_MEMCPY); 1770 if (tp->ucopy.dma_chan) 1771 ret = tcp_v6_do_rcv(sk, skb); 1772 else 1773 #endif 1774 { 1775 if (!tcp_prequeue(sk, skb)) 1776 ret = tcp_v6_do_rcv(sk, skb); 1777 } 1778 } else if (unlikely(sk_add_backlog(sk, skb))) { 1779 bh_unlock_sock(sk); 1780 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP); 1781 goto discard_and_relse; 1782 } 1783 bh_unlock_sock(sk); 1784 1785 sock_put(sk); 1786 return ret ? -1 : 0; 1787 1788 no_tcp_socket: 1789 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 1790 goto discard_it; 1791 1792 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1793 bad_packet: 1794 TCP_INC_STATS_BH(net, TCP_MIB_INERRS); 1795 } else { 1796 tcp_v6_send_reset(NULL, skb); 1797 } 1798 1799 discard_it: 1800 1801 /* 1802 * Discard frame 1803 */ 1804 1805 kfree_skb(skb); 1806 return 0; 1807 1808 discard_and_relse: 1809 sock_put(sk); 1810 goto discard_it; 1811 1812 do_time_wait: 1813 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 1814 inet_twsk_put(inet_twsk(sk)); 1815 goto discard_it; 1816 } 1817 1818 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1819 TCP_INC_STATS_BH(net, TCP_MIB_INERRS); 1820 inet_twsk_put(inet_twsk(sk)); 1821 goto discard_it; 1822 } 1823 1824 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) { 1825 case TCP_TW_SYN: 1826 { 1827 struct sock *sk2; 1828 1829 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo, 1830 &ipv6_hdr(skb)->daddr, 1831 ntohs(th->dest), inet6_iif(skb)); 1832 if (sk2 != NULL) { 1833 struct inet_timewait_sock *tw = inet_twsk(sk); 1834 inet_twsk_deschedule(tw, &tcp_death_row); 1835 inet_twsk_put(tw); 1836 sk = sk2; 1837 goto process; 1838 } 1839 /* Fall through to ACK */ 1840 } 1841 case TCP_TW_ACK: 1842 tcp_v6_timewait_ack(sk, skb); 1843 break; 1844 case TCP_TW_RST: 1845 goto no_tcp_socket; 1846 case TCP_TW_SUCCESS:; 1847 } 1848 goto discard_it; 1849 } 1850 1851 static struct inet_peer *tcp_v6_get_peer(struct sock *sk, bool *release_it) 1852 { 1853 struct rt6_info *rt = (struct rt6_info *) __sk_dst_get(sk); 1854 struct ipv6_pinfo *np = inet6_sk(sk); 1855 struct inet_peer *peer; 1856 1857 if (!rt || 1858 !ipv6_addr_equal(&np->daddr, &rt->rt6i_dst.addr)) { 1859 peer = inet_getpeer_v6(&np->daddr, 1); 1860 *release_it = true; 1861 } else { 1862 if (!rt->rt6i_peer) 1863 rt6_bind_peer(rt, 1); 1864 peer = rt->rt6i_peer; 1865 *release_it = false; 1866 } 1867 1868 return peer; 1869 } 1870 1871 static void *tcp_v6_tw_get_peer(struct sock *sk) 1872 { 1873 struct inet6_timewait_sock *tw6 = inet6_twsk(sk); 1874 struct inet_timewait_sock *tw = inet_twsk(sk); 1875 1876 if (tw->tw_family == AF_INET) 1877 return tcp_v4_tw_get_peer(sk); 1878 1879 return inet_getpeer_v6(&tw6->tw_v6_daddr, 1); 1880 } 1881 1882 static struct timewait_sock_ops tcp6_timewait_sock_ops = { 1883 .twsk_obj_size = sizeof(struct tcp6_timewait_sock), 1884 .twsk_unique = tcp_twsk_unique, 1885 .twsk_destructor= tcp_twsk_destructor, 1886 .twsk_getpeer = tcp_v6_tw_get_peer, 1887 }; 1888 1889 static const struct inet_connection_sock_af_ops ipv6_specific = { 1890 .queue_xmit = inet6_csk_xmit, 1891 .send_check = tcp_v6_send_check, 1892 .rebuild_header = inet6_sk_rebuild_header, 1893 .conn_request = tcp_v6_conn_request, 1894 .syn_recv_sock = tcp_v6_syn_recv_sock, 1895 .get_peer = tcp_v6_get_peer, 1896 .net_header_len = sizeof(struct ipv6hdr), 1897 .setsockopt = ipv6_setsockopt, 1898 .getsockopt = ipv6_getsockopt, 1899 .addr2sockaddr = inet6_csk_addr2sockaddr, 1900 .sockaddr_len = sizeof(struct sockaddr_in6), 1901 .bind_conflict = inet6_csk_bind_conflict, 1902 #ifdef CONFIG_COMPAT 1903 .compat_setsockopt = compat_ipv6_setsockopt, 1904 .compat_getsockopt = compat_ipv6_getsockopt, 1905 #endif 1906 }; 1907 1908 #ifdef CONFIG_TCP_MD5SIG 1909 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = { 1910 .md5_lookup = tcp_v6_md5_lookup, 1911 .calc_md5_hash = tcp_v6_md5_hash_skb, 1912 .md5_add = tcp_v6_md5_add_func, 1913 .md5_parse = tcp_v6_parse_md5_keys, 1914 }; 1915 #endif 1916 1917 /* 1918 * TCP over IPv4 via INET6 API 1919 */ 1920 1921 static const struct inet_connection_sock_af_ops ipv6_mapped = { 1922 .queue_xmit = ip_queue_xmit, 1923 .send_check = tcp_v4_send_check, 1924 .rebuild_header = inet_sk_rebuild_header, 1925 .conn_request = tcp_v6_conn_request, 1926 .syn_recv_sock = tcp_v6_syn_recv_sock, 1927 .get_peer = tcp_v4_get_peer, 1928 .net_header_len = sizeof(struct iphdr), 1929 .setsockopt = ipv6_setsockopt, 1930 .getsockopt = ipv6_getsockopt, 1931 .addr2sockaddr = inet6_csk_addr2sockaddr, 1932 .sockaddr_len = sizeof(struct sockaddr_in6), 1933 .bind_conflict = inet6_csk_bind_conflict, 1934 #ifdef CONFIG_COMPAT 1935 .compat_setsockopt = compat_ipv6_setsockopt, 1936 .compat_getsockopt = compat_ipv6_getsockopt, 1937 #endif 1938 }; 1939 1940 #ifdef CONFIG_TCP_MD5SIG 1941 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = { 1942 .md5_lookup = tcp_v4_md5_lookup, 1943 .calc_md5_hash = tcp_v4_md5_hash_skb, 1944 .md5_add = tcp_v6_md5_add_func, 1945 .md5_parse = tcp_v6_parse_md5_keys, 1946 }; 1947 #endif 1948 1949 /* NOTE: A lot of things set to zero explicitly by call to 1950 * sk_alloc() so need not be done here. 1951 */ 1952 static int tcp_v6_init_sock(struct sock *sk) 1953 { 1954 struct inet_connection_sock *icsk = inet_csk(sk); 1955 struct tcp_sock *tp = tcp_sk(sk); 1956 1957 skb_queue_head_init(&tp->out_of_order_queue); 1958 tcp_init_xmit_timers(sk); 1959 tcp_prequeue_init(tp); 1960 1961 icsk->icsk_rto = TCP_TIMEOUT_INIT; 1962 tp->mdev = TCP_TIMEOUT_INIT; 1963 1964 /* So many TCP implementations out there (incorrectly) count the 1965 * initial SYN frame in their delayed-ACK and congestion control 1966 * algorithms that we must have the following bandaid to talk 1967 * efficiently to them. -DaveM 1968 */ 1969 tp->snd_cwnd = 2; 1970 1971 /* See draft-stevens-tcpca-spec-01 for discussion of the 1972 * initialization of these values. 1973 */ 1974 tp->snd_ssthresh = TCP_INFINITE_SSTHRESH; 1975 tp->snd_cwnd_clamp = ~0; 1976 tp->mss_cache = TCP_MSS_DEFAULT; 1977 1978 tp->reordering = sysctl_tcp_reordering; 1979 1980 sk->sk_state = TCP_CLOSE; 1981 1982 icsk->icsk_af_ops = &ipv6_specific; 1983 icsk->icsk_ca_ops = &tcp_init_congestion_ops; 1984 icsk->icsk_sync_mss = tcp_sync_mss; 1985 sk->sk_write_space = sk_stream_write_space; 1986 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE); 1987 1988 #ifdef CONFIG_TCP_MD5SIG 1989 tp->af_specific = &tcp_sock_ipv6_specific; 1990 #endif 1991 1992 /* TCP Cookie Transactions */ 1993 if (sysctl_tcp_cookie_size > 0) { 1994 /* Default, cookies without s_data_payload. */ 1995 tp->cookie_values = 1996 kzalloc(sizeof(*tp->cookie_values), 1997 sk->sk_allocation); 1998 if (tp->cookie_values != NULL) 1999 kref_init(&tp->cookie_values->kref); 2000 } 2001 /* Presumed zeroed, in order of appearance: 2002 * cookie_in_always, cookie_out_never, 2003 * s_data_constant, s_data_in, s_data_out 2004 */ 2005 sk->sk_sndbuf = sysctl_tcp_wmem[1]; 2006 sk->sk_rcvbuf = sysctl_tcp_rmem[1]; 2007 2008 local_bh_disable(); 2009 percpu_counter_inc(&tcp_sockets_allocated); 2010 local_bh_enable(); 2011 2012 return 0; 2013 } 2014 2015 static void tcp_v6_destroy_sock(struct sock *sk) 2016 { 2017 #ifdef CONFIG_TCP_MD5SIG 2018 /* Clean up the MD5 key list */ 2019 if (tcp_sk(sk)->md5sig_info) 2020 tcp_v6_clear_md5_list(sk); 2021 #endif 2022 tcp_v4_destroy_sock(sk); 2023 inet6_destroy_sock(sk); 2024 } 2025 2026 #ifdef CONFIG_PROC_FS 2027 /* Proc filesystem TCPv6 sock list dumping. */ 2028 static void get_openreq6(struct seq_file *seq, 2029 struct sock *sk, struct request_sock *req, int i, int uid) 2030 { 2031 int ttd = req->expires - jiffies; 2032 const struct in6_addr *src = &inet6_rsk(req)->loc_addr; 2033 const struct in6_addr *dest = &inet6_rsk(req)->rmt_addr; 2034 2035 if (ttd < 0) 2036 ttd = 0; 2037 2038 seq_printf(seq, 2039 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 2040 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n", 2041 i, 2042 src->s6_addr32[0], src->s6_addr32[1], 2043 src->s6_addr32[2], src->s6_addr32[3], 2044 ntohs(inet_rsk(req)->loc_port), 2045 dest->s6_addr32[0], dest->s6_addr32[1], 2046 dest->s6_addr32[2], dest->s6_addr32[3], 2047 ntohs(inet_rsk(req)->rmt_port), 2048 TCP_SYN_RECV, 2049 0,0, /* could print option size, but that is af dependent. */ 2050 1, /* timers active (only the expire timer) */ 2051 jiffies_to_clock_t(ttd), 2052 req->retrans, 2053 uid, 2054 0, /* non standard timer */ 2055 0, /* open_requests have no inode */ 2056 0, req); 2057 } 2058 2059 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) 2060 { 2061 const struct in6_addr *dest, *src; 2062 __u16 destp, srcp; 2063 int timer_active; 2064 unsigned long timer_expires; 2065 struct inet_sock *inet = inet_sk(sp); 2066 struct tcp_sock *tp = tcp_sk(sp); 2067 const struct inet_connection_sock *icsk = inet_csk(sp); 2068 struct ipv6_pinfo *np = inet6_sk(sp); 2069 2070 dest = &np->daddr; 2071 src = &np->rcv_saddr; 2072 destp = ntohs(inet->inet_dport); 2073 srcp = ntohs(inet->inet_sport); 2074 2075 if (icsk->icsk_pending == ICSK_TIME_RETRANS) { 2076 timer_active = 1; 2077 timer_expires = icsk->icsk_timeout; 2078 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) { 2079 timer_active = 4; 2080 timer_expires = icsk->icsk_timeout; 2081 } else if (timer_pending(&sp->sk_timer)) { 2082 timer_active = 2; 2083 timer_expires = sp->sk_timer.expires; 2084 } else { 2085 timer_active = 0; 2086 timer_expires = jiffies; 2087 } 2088 2089 seq_printf(seq, 2090 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 2091 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %pK %lu %lu %u %u %d\n", 2092 i, 2093 src->s6_addr32[0], src->s6_addr32[1], 2094 src->s6_addr32[2], src->s6_addr32[3], srcp, 2095 dest->s6_addr32[0], dest->s6_addr32[1], 2096 dest->s6_addr32[2], dest->s6_addr32[3], destp, 2097 sp->sk_state, 2098 tp->write_seq-tp->snd_una, 2099 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq), 2100 timer_active, 2101 jiffies_to_clock_t(timer_expires - jiffies), 2102 icsk->icsk_retransmits, 2103 sock_i_uid(sp), 2104 icsk->icsk_probes_out, 2105 sock_i_ino(sp), 2106 atomic_read(&sp->sk_refcnt), sp, 2107 jiffies_to_clock_t(icsk->icsk_rto), 2108 jiffies_to_clock_t(icsk->icsk_ack.ato), 2109 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong, 2110 tp->snd_cwnd, 2111 tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh 2112 ); 2113 } 2114 2115 static void get_timewait6_sock(struct seq_file *seq, 2116 struct inet_timewait_sock *tw, int i) 2117 { 2118 const struct in6_addr *dest, *src; 2119 __u16 destp, srcp; 2120 struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw); 2121 int ttd = tw->tw_ttd - jiffies; 2122 2123 if (ttd < 0) 2124 ttd = 0; 2125 2126 dest = &tw6->tw_v6_daddr; 2127 src = &tw6->tw_v6_rcv_saddr; 2128 destp = ntohs(tw->tw_dport); 2129 srcp = ntohs(tw->tw_sport); 2130 2131 seq_printf(seq, 2132 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 2133 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n", 2134 i, 2135 src->s6_addr32[0], src->s6_addr32[1], 2136 src->s6_addr32[2], src->s6_addr32[3], srcp, 2137 dest->s6_addr32[0], dest->s6_addr32[1], 2138 dest->s6_addr32[2], dest->s6_addr32[3], destp, 2139 tw->tw_substate, 0, 0, 2140 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0, 2141 atomic_read(&tw->tw_refcnt), tw); 2142 } 2143 2144 static int tcp6_seq_show(struct seq_file *seq, void *v) 2145 { 2146 struct tcp_iter_state *st; 2147 2148 if (v == SEQ_START_TOKEN) { 2149 seq_puts(seq, 2150 " sl " 2151 "local_address " 2152 "remote_address " 2153 "st tx_queue rx_queue tr tm->when retrnsmt" 2154 " uid timeout inode\n"); 2155 goto out; 2156 } 2157 st = seq->private; 2158 2159 switch (st->state) { 2160 case TCP_SEQ_STATE_LISTENING: 2161 case TCP_SEQ_STATE_ESTABLISHED: 2162 get_tcp6_sock(seq, v, st->num); 2163 break; 2164 case TCP_SEQ_STATE_OPENREQ: 2165 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid); 2166 break; 2167 case TCP_SEQ_STATE_TIME_WAIT: 2168 get_timewait6_sock(seq, v, st->num); 2169 break; 2170 } 2171 out: 2172 return 0; 2173 } 2174 2175 static struct tcp_seq_afinfo tcp6_seq_afinfo = { 2176 .name = "tcp6", 2177 .family = AF_INET6, 2178 .seq_fops = { 2179 .owner = THIS_MODULE, 2180 }, 2181 .seq_ops = { 2182 .show = tcp6_seq_show, 2183 }, 2184 }; 2185 2186 int __net_init tcp6_proc_init(struct net *net) 2187 { 2188 return tcp_proc_register(net, &tcp6_seq_afinfo); 2189 } 2190 2191 void tcp6_proc_exit(struct net *net) 2192 { 2193 tcp_proc_unregister(net, &tcp6_seq_afinfo); 2194 } 2195 #endif 2196 2197 struct proto tcpv6_prot = { 2198 .name = "TCPv6", 2199 .owner = THIS_MODULE, 2200 .close = tcp_close, 2201 .connect = tcp_v6_connect, 2202 .disconnect = tcp_disconnect, 2203 .accept = inet_csk_accept, 2204 .ioctl = tcp_ioctl, 2205 .init = tcp_v6_init_sock, 2206 .destroy = tcp_v6_destroy_sock, 2207 .shutdown = tcp_shutdown, 2208 .setsockopt = tcp_setsockopt, 2209 .getsockopt = tcp_getsockopt, 2210 .recvmsg = tcp_recvmsg, 2211 .sendmsg = tcp_sendmsg, 2212 .sendpage = tcp_sendpage, 2213 .backlog_rcv = tcp_v6_do_rcv, 2214 .hash = tcp_v6_hash, 2215 .unhash = inet_unhash, 2216 .get_port = inet_csk_get_port, 2217 .enter_memory_pressure = tcp_enter_memory_pressure, 2218 .sockets_allocated = &tcp_sockets_allocated, 2219 .memory_allocated = &tcp_memory_allocated, 2220 .memory_pressure = &tcp_memory_pressure, 2221 .orphan_count = &tcp_orphan_count, 2222 .sysctl_mem = sysctl_tcp_mem, 2223 .sysctl_wmem = sysctl_tcp_wmem, 2224 .sysctl_rmem = sysctl_tcp_rmem, 2225 .max_header = MAX_TCP_HEADER, 2226 .obj_size = sizeof(struct tcp6_sock), 2227 .slab_flags = SLAB_DESTROY_BY_RCU, 2228 .twsk_prot = &tcp6_timewait_sock_ops, 2229 .rsk_prot = &tcp6_request_sock_ops, 2230 .h.hashinfo = &tcp_hashinfo, 2231 .no_autobind = true, 2232 #ifdef CONFIG_COMPAT 2233 .compat_setsockopt = compat_tcp_setsockopt, 2234 .compat_getsockopt = compat_tcp_getsockopt, 2235 #endif 2236 }; 2237 2238 static const struct inet6_protocol tcpv6_protocol = { 2239 .handler = tcp_v6_rcv, 2240 .err_handler = tcp_v6_err, 2241 .gso_send_check = tcp_v6_gso_send_check, 2242 .gso_segment = tcp_tso_segment, 2243 .gro_receive = tcp6_gro_receive, 2244 .gro_complete = tcp6_gro_complete, 2245 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 2246 }; 2247 2248 static struct inet_protosw tcpv6_protosw = { 2249 .type = SOCK_STREAM, 2250 .protocol = IPPROTO_TCP, 2251 .prot = &tcpv6_prot, 2252 .ops = &inet6_stream_ops, 2253 .no_check = 0, 2254 .flags = INET_PROTOSW_PERMANENT | 2255 INET_PROTOSW_ICSK, 2256 }; 2257 2258 static int __net_init tcpv6_net_init(struct net *net) 2259 { 2260 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6, 2261 SOCK_RAW, IPPROTO_TCP, net); 2262 } 2263 2264 static void __net_exit tcpv6_net_exit(struct net *net) 2265 { 2266 inet_ctl_sock_destroy(net->ipv6.tcp_sk); 2267 } 2268 2269 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list) 2270 { 2271 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET6); 2272 } 2273 2274 static struct pernet_operations tcpv6_net_ops = { 2275 .init = tcpv6_net_init, 2276 .exit = tcpv6_net_exit, 2277 .exit_batch = tcpv6_net_exit_batch, 2278 }; 2279 2280 int __init tcpv6_init(void) 2281 { 2282 int ret; 2283 2284 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP); 2285 if (ret) 2286 goto out; 2287 2288 /* register inet6 protocol */ 2289 ret = inet6_register_protosw(&tcpv6_protosw); 2290 if (ret) 2291 goto out_tcpv6_protocol; 2292 2293 ret = register_pernet_subsys(&tcpv6_net_ops); 2294 if (ret) 2295 goto out_tcpv6_protosw; 2296 out: 2297 return ret; 2298 2299 out_tcpv6_protocol: 2300 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2301 out_tcpv6_protosw: 2302 inet6_unregister_protosw(&tcpv6_protosw); 2303 goto out; 2304 } 2305 2306 void tcpv6_exit(void) 2307 { 2308 unregister_pernet_subsys(&tcpv6_net_ops); 2309 inet6_unregister_protosw(&tcpv6_protosw); 2310 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2311 } 2312