1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * TCP over IPv6 4 * Linux INET6 implementation 5 * 6 * Authors: 7 * Pedro Roque <roque@di.fc.ul.pt> 8 * 9 * Based on: 10 * linux/net/ipv4/tcp.c 11 * linux/net/ipv4/tcp_input.c 12 * linux/net/ipv4/tcp_output.c 13 * 14 * Fixes: 15 * Hideaki YOSHIFUJI : sin6_scope_id support 16 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which 17 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind 18 * a single port at the same time. 19 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file. 20 */ 21 22 #include <linux/bottom_half.h> 23 #include <linux/module.h> 24 #include <linux/errno.h> 25 #include <linux/types.h> 26 #include <linux/socket.h> 27 #include <linux/sockios.h> 28 #include <linux/net.h> 29 #include <linux/jiffies.h> 30 #include <linux/in.h> 31 #include <linux/in6.h> 32 #include <linux/netdevice.h> 33 #include <linux/init.h> 34 #include <linux/jhash.h> 35 #include <linux/ipsec.h> 36 #include <linux/times.h> 37 #include <linux/slab.h> 38 #include <linux/uaccess.h> 39 #include <linux/ipv6.h> 40 #include <linux/icmpv6.h> 41 #include <linux/random.h> 42 #include <linux/indirect_call_wrapper.h> 43 44 #include <net/tcp.h> 45 #include <net/ndisc.h> 46 #include <net/inet6_hashtables.h> 47 #include <net/inet6_connection_sock.h> 48 #include <net/ipv6.h> 49 #include <net/transp_v6.h> 50 #include <net/addrconf.h> 51 #include <net/ip6_route.h> 52 #include <net/ip6_checksum.h> 53 #include <net/inet_ecn.h> 54 #include <net/protocol.h> 55 #include <net/xfrm.h> 56 #include <net/snmp.h> 57 #include <net/dsfield.h> 58 #include <net/timewait_sock.h> 59 #include <net/inet_common.h> 60 #include <net/secure_seq.h> 61 #include <net/hotdata.h> 62 #include <net/busy_poll.h> 63 64 #include <linux/proc_fs.h> 65 #include <linux/seq_file.h> 66 67 #include <crypto/hash.h> 68 #include <linux/scatterlist.h> 69 70 #include <trace/events/tcp.h> 71 72 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb); 73 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb, 74 struct request_sock *req); 75 76 INDIRECT_CALLABLE_SCOPE int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb); 77 78 static const struct inet_connection_sock_af_ops ipv6_mapped; 79 const struct inet_connection_sock_af_ops ipv6_specific; 80 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO) 81 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific; 82 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific; 83 #endif 84 85 /* Helper returning the inet6 address from a given tcp socket. 86 * It can be used in TCP stack instead of inet6_sk(sk). 87 * This avoids a dereference and allow compiler optimizations. 88 * It is a specialized version of inet6_sk_generic(). 89 */ 90 #define tcp_inet6_sk(sk) (&container_of_const(tcp_sk(sk), \ 91 struct tcp6_sock, tcp)->inet6) 92 93 static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) 94 { 95 struct dst_entry *dst = skb_dst(skb); 96 97 if (dst && dst_hold_safe(dst)) { 98 const struct rt6_info *rt = (const struct rt6_info *)dst; 99 100 rcu_assign_pointer(sk->sk_rx_dst, dst); 101 sk->sk_rx_dst_ifindex = skb->skb_iif; 102 sk->sk_rx_dst_cookie = rt6_get_cookie(rt); 103 } 104 } 105 106 static u32 tcp_v6_init_seq(const struct sk_buff *skb) 107 { 108 return secure_tcpv6_seq(ipv6_hdr(skb)->daddr.s6_addr32, 109 ipv6_hdr(skb)->saddr.s6_addr32, 110 tcp_hdr(skb)->dest, 111 tcp_hdr(skb)->source); 112 } 113 114 static u32 tcp_v6_init_ts_off(const struct net *net, const struct sk_buff *skb) 115 { 116 return secure_tcpv6_ts_off(net, ipv6_hdr(skb)->daddr.s6_addr32, 117 ipv6_hdr(skb)->saddr.s6_addr32); 118 } 119 120 static int tcp_v6_pre_connect(struct sock *sk, struct sockaddr *uaddr, 121 int addr_len) 122 { 123 /* This check is replicated from tcp_v6_connect() and intended to 124 * prevent BPF program called below from accessing bytes that are out 125 * of the bound specified by user in addr_len. 126 */ 127 if (addr_len < SIN6_LEN_RFC2133) 128 return -EINVAL; 129 130 sock_owned_by_me(sk); 131 132 return BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr, &addr_len); 133 } 134 135 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 136 int addr_len) 137 { 138 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; 139 struct inet_connection_sock *icsk = inet_csk(sk); 140 struct in6_addr *saddr = NULL, *final_p, final; 141 struct inet_timewait_death_row *tcp_death_row; 142 struct ipv6_pinfo *np = tcp_inet6_sk(sk); 143 struct inet_sock *inet = inet_sk(sk); 144 struct tcp_sock *tp = tcp_sk(sk); 145 struct net *net = sock_net(sk); 146 struct ipv6_txoptions *opt; 147 struct dst_entry *dst; 148 struct flowi6 fl6; 149 int addr_type; 150 int err; 151 152 if (addr_len < SIN6_LEN_RFC2133) 153 return -EINVAL; 154 155 if (usin->sin6_family != AF_INET6) 156 return -EAFNOSUPPORT; 157 158 memset(&fl6, 0, sizeof(fl6)); 159 160 if (inet6_test_bit(SNDFLOW, sk)) { 161 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK; 162 IP6_ECN_flow_init(fl6.flowlabel); 163 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) { 164 struct ip6_flowlabel *flowlabel; 165 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); 166 if (IS_ERR(flowlabel)) 167 return -EINVAL; 168 fl6_sock_release(flowlabel); 169 } 170 } 171 172 /* 173 * connect() to INADDR_ANY means loopback (BSD'ism). 174 */ 175 176 if (ipv6_addr_any(&usin->sin6_addr)) { 177 if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr)) 178 ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK), 179 &usin->sin6_addr); 180 else 181 usin->sin6_addr = in6addr_loopback; 182 } 183 184 addr_type = ipv6_addr_type(&usin->sin6_addr); 185 186 if (addr_type & IPV6_ADDR_MULTICAST) 187 return -ENETUNREACH; 188 189 if (addr_type&IPV6_ADDR_LINKLOCAL) { 190 if (addr_len >= sizeof(struct sockaddr_in6) && 191 usin->sin6_scope_id) { 192 /* If interface is set while binding, indices 193 * must coincide. 194 */ 195 if (!sk_dev_equal_l3scope(sk, usin->sin6_scope_id)) 196 return -EINVAL; 197 198 sk->sk_bound_dev_if = usin->sin6_scope_id; 199 } 200 201 /* Connect to link-local address requires an interface */ 202 if (!sk->sk_bound_dev_if) 203 return -EINVAL; 204 } 205 206 if (tp->rx_opt.ts_recent_stamp && 207 !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) { 208 tp->rx_opt.ts_recent = 0; 209 tp->rx_opt.ts_recent_stamp = 0; 210 WRITE_ONCE(tp->write_seq, 0); 211 } 212 213 sk->sk_v6_daddr = usin->sin6_addr; 214 np->flow_label = fl6.flowlabel; 215 216 /* 217 * TCP over IPv4 218 */ 219 220 if (addr_type & IPV6_ADDR_MAPPED) { 221 u32 exthdrlen = icsk->icsk_ext_hdr_len; 222 struct sockaddr_in sin; 223 224 if (ipv6_only_sock(sk)) 225 return -ENETUNREACH; 226 227 sin.sin_family = AF_INET; 228 sin.sin_port = usin->sin6_port; 229 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3]; 230 231 /* Paired with READ_ONCE() in tcp_(get|set)sockopt() */ 232 WRITE_ONCE(icsk->icsk_af_ops, &ipv6_mapped); 233 if (sk_is_mptcp(sk)) 234 mptcpv6_handle_mapped(sk, true); 235 sk->sk_backlog_rcv = tcp_v4_do_rcv; 236 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO) 237 tp->af_specific = &tcp_sock_ipv6_mapped_specific; 238 #endif 239 240 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin)); 241 242 if (err) { 243 icsk->icsk_ext_hdr_len = exthdrlen; 244 /* Paired with READ_ONCE() in tcp_(get|set)sockopt() */ 245 WRITE_ONCE(icsk->icsk_af_ops, &ipv6_specific); 246 if (sk_is_mptcp(sk)) 247 mptcpv6_handle_mapped(sk, false); 248 sk->sk_backlog_rcv = tcp_v6_do_rcv; 249 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO) 250 tp->af_specific = &tcp_sock_ipv6_specific; 251 #endif 252 goto failure; 253 } 254 np->saddr = sk->sk_v6_rcv_saddr; 255 256 return err; 257 } 258 259 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr)) 260 saddr = &sk->sk_v6_rcv_saddr; 261 262 fl6.flowi6_proto = IPPROTO_TCP; 263 fl6.daddr = sk->sk_v6_daddr; 264 fl6.saddr = saddr ? *saddr : np->saddr; 265 fl6.flowlabel = ip6_make_flowinfo(np->tclass, np->flow_label); 266 fl6.flowi6_oif = sk->sk_bound_dev_if; 267 fl6.flowi6_mark = sk->sk_mark; 268 fl6.fl6_dport = usin->sin6_port; 269 fl6.fl6_sport = inet->inet_sport; 270 fl6.flowi6_uid = sk->sk_uid; 271 272 opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk)); 273 final_p = fl6_update_dst(&fl6, opt, &final); 274 275 security_sk_classify_flow(sk, flowi6_to_flowi_common(&fl6)); 276 277 dst = ip6_dst_lookup_flow(net, sk, &fl6, final_p); 278 if (IS_ERR(dst)) { 279 err = PTR_ERR(dst); 280 goto failure; 281 } 282 283 tp->tcp_usec_ts = dst_tcp_usec_ts(dst); 284 tcp_death_row = &sock_net(sk)->ipv4.tcp_death_row; 285 286 if (!saddr) { 287 saddr = &fl6.saddr; 288 289 err = inet_bhash2_update_saddr(sk, saddr, AF_INET6); 290 if (err) 291 goto failure; 292 } 293 294 /* set the source address */ 295 np->saddr = *saddr; 296 inet->inet_rcv_saddr = LOOPBACK4_IPV6; 297 298 sk->sk_gso_type = SKB_GSO_TCPV6; 299 ip6_dst_store(sk, dst, NULL, NULL); 300 301 icsk->icsk_ext_hdr_len = 0; 302 if (opt) 303 icsk->icsk_ext_hdr_len = opt->opt_flen + 304 opt->opt_nflen; 305 306 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 307 308 inet->inet_dport = usin->sin6_port; 309 310 tcp_set_state(sk, TCP_SYN_SENT); 311 err = inet6_hash_connect(tcp_death_row, sk); 312 if (err) 313 goto late_failure; 314 315 sk_set_txhash(sk); 316 317 if (likely(!tp->repair)) { 318 if (!tp->write_seq) 319 WRITE_ONCE(tp->write_seq, 320 secure_tcpv6_seq(np->saddr.s6_addr32, 321 sk->sk_v6_daddr.s6_addr32, 322 inet->inet_sport, 323 inet->inet_dport)); 324 tp->tsoffset = secure_tcpv6_ts_off(net, np->saddr.s6_addr32, 325 sk->sk_v6_daddr.s6_addr32); 326 } 327 328 if (tcp_fastopen_defer_connect(sk, &err)) 329 return err; 330 if (err) 331 goto late_failure; 332 333 err = tcp_connect(sk); 334 if (err) 335 goto late_failure; 336 337 return 0; 338 339 late_failure: 340 tcp_set_state(sk, TCP_CLOSE); 341 inet_bhash2_reset_saddr(sk); 342 failure: 343 inet->inet_dport = 0; 344 sk->sk_route_caps = 0; 345 return err; 346 } 347 348 static void tcp_v6_mtu_reduced(struct sock *sk) 349 { 350 struct dst_entry *dst; 351 u32 mtu; 352 353 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) 354 return; 355 356 mtu = READ_ONCE(tcp_sk(sk)->mtu_info); 357 358 /* Drop requests trying to increase our current mss. 359 * Check done in __ip6_rt_update_pmtu() is too late. 360 */ 361 if (tcp_mtu_to_mss(sk, mtu) >= tcp_sk(sk)->mss_cache) 362 return; 363 364 dst = inet6_csk_update_pmtu(sk, mtu); 365 if (!dst) 366 return; 367 368 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) { 369 tcp_sync_mss(sk, dst_mtu(dst)); 370 tcp_simple_retransmit(sk); 371 } 372 } 373 374 static int tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 375 u8 type, u8 code, int offset, __be32 info) 376 { 377 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data; 378 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset); 379 struct net *net = dev_net(skb->dev); 380 struct request_sock *fastopen; 381 struct ipv6_pinfo *np; 382 struct tcp_sock *tp; 383 __u32 seq, snd_una; 384 struct sock *sk; 385 bool fatal; 386 int err; 387 388 sk = __inet6_lookup_established(net, net->ipv4.tcp_death_row.hashinfo, 389 &hdr->daddr, th->dest, 390 &hdr->saddr, ntohs(th->source), 391 skb->dev->ifindex, inet6_sdif(skb)); 392 393 if (!sk) { 394 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), 395 ICMP6_MIB_INERRORS); 396 return -ENOENT; 397 } 398 399 if (sk->sk_state == TCP_TIME_WAIT) { 400 /* To increase the counter of ignored icmps for TCP-AO */ 401 tcp_ao_ignore_icmp(sk, AF_INET6, type, code); 402 inet_twsk_put(inet_twsk(sk)); 403 return 0; 404 } 405 seq = ntohl(th->seq); 406 fatal = icmpv6_err_convert(type, code, &err); 407 if (sk->sk_state == TCP_NEW_SYN_RECV) { 408 tcp_req_err(sk, seq, fatal); 409 return 0; 410 } 411 412 if (tcp_ao_ignore_icmp(sk, AF_INET6, type, code)) { 413 sock_put(sk); 414 return 0; 415 } 416 417 bh_lock_sock(sk); 418 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG) 419 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS); 420 421 if (sk->sk_state == TCP_CLOSE) 422 goto out; 423 424 if (static_branch_unlikely(&ip6_min_hopcount)) { 425 /* min_hopcount can be changed concurrently from do_ipv6_setsockopt() */ 426 if (ipv6_hdr(skb)->hop_limit < READ_ONCE(tcp_inet6_sk(sk)->min_hopcount)) { 427 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP); 428 goto out; 429 } 430 } 431 432 tp = tcp_sk(sk); 433 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */ 434 fastopen = rcu_dereference(tp->fastopen_rsk); 435 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una; 436 if (sk->sk_state != TCP_LISTEN && 437 !between(seq, snd_una, tp->snd_nxt)) { 438 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS); 439 goto out; 440 } 441 442 np = tcp_inet6_sk(sk); 443 444 if (type == NDISC_REDIRECT) { 445 if (!sock_owned_by_user(sk)) { 446 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie); 447 448 if (dst) 449 dst->ops->redirect(dst, sk, skb); 450 } 451 goto out; 452 } 453 454 if (type == ICMPV6_PKT_TOOBIG) { 455 u32 mtu = ntohl(info); 456 457 /* We are not interested in TCP_LISTEN and open_requests 458 * (SYN-ACKs send out by Linux are always <576bytes so 459 * they should go through unfragmented). 460 */ 461 if (sk->sk_state == TCP_LISTEN) 462 goto out; 463 464 if (!ip6_sk_accept_pmtu(sk)) 465 goto out; 466 467 if (mtu < IPV6_MIN_MTU) 468 goto out; 469 470 WRITE_ONCE(tp->mtu_info, mtu); 471 472 if (!sock_owned_by_user(sk)) 473 tcp_v6_mtu_reduced(sk); 474 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED, 475 &sk->sk_tsq_flags)) 476 sock_hold(sk); 477 goto out; 478 } 479 480 481 /* Might be for an request_sock */ 482 switch (sk->sk_state) { 483 case TCP_SYN_SENT: 484 case TCP_SYN_RECV: 485 /* Only in fast or simultaneous open. If a fast open socket is 486 * already accepted it is treated as a connected one below. 487 */ 488 if (fastopen && !fastopen->sk) 489 break; 490 491 ipv6_icmp_error(sk, skb, err, th->dest, ntohl(info), (u8 *)th); 492 493 if (!sock_owned_by_user(sk)) { 494 WRITE_ONCE(sk->sk_err, err); 495 sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */ 496 497 tcp_done(sk); 498 } else { 499 WRITE_ONCE(sk->sk_err_soft, err); 500 } 501 goto out; 502 case TCP_LISTEN: 503 break; 504 default: 505 /* check if this ICMP message allows revert of backoff. 506 * (see RFC 6069) 507 */ 508 if (!fastopen && type == ICMPV6_DEST_UNREACH && 509 code == ICMPV6_NOROUTE) 510 tcp_ld_RTO_revert(sk, seq); 511 } 512 513 if (!sock_owned_by_user(sk) && inet6_test_bit(RECVERR6, sk)) { 514 WRITE_ONCE(sk->sk_err, err); 515 sk_error_report(sk); 516 } else { 517 WRITE_ONCE(sk->sk_err_soft, err); 518 } 519 out: 520 bh_unlock_sock(sk); 521 sock_put(sk); 522 return 0; 523 } 524 525 526 static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst, 527 struct flowi *fl, 528 struct request_sock *req, 529 struct tcp_fastopen_cookie *foc, 530 enum tcp_synack_type synack_type, 531 struct sk_buff *syn_skb) 532 { 533 struct inet_request_sock *ireq = inet_rsk(req); 534 const struct ipv6_pinfo *np = tcp_inet6_sk(sk); 535 struct ipv6_txoptions *opt; 536 struct flowi6 *fl6 = &fl->u.ip6; 537 struct sk_buff *skb; 538 int err = -ENOMEM; 539 u8 tclass; 540 541 /* First, grab a route. */ 542 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req, 543 IPPROTO_TCP)) == NULL) 544 goto done; 545 546 skb = tcp_make_synack(sk, dst, req, foc, synack_type, syn_skb); 547 548 if (skb) { 549 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr, 550 &ireq->ir_v6_rmt_addr); 551 552 fl6->daddr = ireq->ir_v6_rmt_addr; 553 if (inet6_test_bit(REPFLOW, sk) && ireq->pktopts) 554 fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts)); 555 556 tclass = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_reflect_tos) ? 557 (tcp_rsk(req)->syn_tos & ~INET_ECN_MASK) | 558 (np->tclass & INET_ECN_MASK) : 559 np->tclass; 560 561 if (!INET_ECN_is_capable(tclass) && 562 tcp_bpf_ca_needs_ecn((struct sock *)req)) 563 tclass |= INET_ECN_ECT_0; 564 565 rcu_read_lock(); 566 opt = ireq->ipv6_opt; 567 if (!opt) 568 opt = rcu_dereference(np->opt); 569 err = ip6_xmit(sk, skb, fl6, skb->mark ? : READ_ONCE(sk->sk_mark), 570 opt, tclass, READ_ONCE(sk->sk_priority)); 571 rcu_read_unlock(); 572 err = net_xmit_eval(err); 573 } 574 575 done: 576 return err; 577 } 578 579 580 static void tcp_v6_reqsk_destructor(struct request_sock *req) 581 { 582 kfree(inet_rsk(req)->ipv6_opt); 583 consume_skb(inet_rsk(req)->pktopts); 584 } 585 586 #ifdef CONFIG_TCP_MD5SIG 587 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk, 588 const struct in6_addr *addr, 589 int l3index) 590 { 591 return tcp_md5_do_lookup(sk, l3index, 592 (union tcp_md5_addr *)addr, AF_INET6); 593 } 594 595 static struct tcp_md5sig_key *tcp_v6_md5_lookup(const struct sock *sk, 596 const struct sock *addr_sk) 597 { 598 int l3index; 599 600 l3index = l3mdev_master_ifindex_by_index(sock_net(sk), 601 addr_sk->sk_bound_dev_if); 602 return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr, 603 l3index); 604 } 605 606 static int tcp_v6_parse_md5_keys(struct sock *sk, int optname, 607 sockptr_t optval, int optlen) 608 { 609 struct tcp_md5sig cmd; 610 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr; 611 union tcp_ao_addr *addr; 612 int l3index = 0; 613 u8 prefixlen; 614 bool l3flag; 615 u8 flags; 616 617 if (optlen < sizeof(cmd)) 618 return -EINVAL; 619 620 if (copy_from_sockptr(&cmd, optval, sizeof(cmd))) 621 return -EFAULT; 622 623 if (sin6->sin6_family != AF_INET6) 624 return -EINVAL; 625 626 flags = cmd.tcpm_flags & TCP_MD5SIG_FLAG_IFINDEX; 627 l3flag = cmd.tcpm_flags & TCP_MD5SIG_FLAG_IFINDEX; 628 629 if (optname == TCP_MD5SIG_EXT && 630 cmd.tcpm_flags & TCP_MD5SIG_FLAG_PREFIX) { 631 prefixlen = cmd.tcpm_prefixlen; 632 if (prefixlen > 128 || (ipv6_addr_v4mapped(&sin6->sin6_addr) && 633 prefixlen > 32)) 634 return -EINVAL; 635 } else { 636 prefixlen = ipv6_addr_v4mapped(&sin6->sin6_addr) ? 32 : 128; 637 } 638 639 if (optname == TCP_MD5SIG_EXT && cmd.tcpm_ifindex && 640 cmd.tcpm_flags & TCP_MD5SIG_FLAG_IFINDEX) { 641 struct net_device *dev; 642 643 rcu_read_lock(); 644 dev = dev_get_by_index_rcu(sock_net(sk), cmd.tcpm_ifindex); 645 if (dev && netif_is_l3_master(dev)) 646 l3index = dev->ifindex; 647 rcu_read_unlock(); 648 649 /* ok to reference set/not set outside of rcu; 650 * right now device MUST be an L3 master 651 */ 652 if (!dev || !l3index) 653 return -EINVAL; 654 } 655 656 if (!cmd.tcpm_keylen) { 657 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) 658 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3], 659 AF_INET, prefixlen, 660 l3index, flags); 661 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr, 662 AF_INET6, prefixlen, l3index, flags); 663 } 664 665 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN) 666 return -EINVAL; 667 668 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) { 669 addr = (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3]; 670 671 /* Don't allow keys for peers that have a matching TCP-AO key. 672 * See the comment in tcp_ao_add_cmd() 673 */ 674 if (tcp_ao_required(sk, addr, AF_INET, 675 l3flag ? l3index : -1, false)) 676 return -EKEYREJECTED; 677 return tcp_md5_do_add(sk, addr, 678 AF_INET, prefixlen, l3index, flags, 679 cmd.tcpm_key, cmd.tcpm_keylen); 680 } 681 682 addr = (union tcp_md5_addr *)&sin6->sin6_addr; 683 684 /* Don't allow keys for peers that have a matching TCP-AO key. 685 * See the comment in tcp_ao_add_cmd() 686 */ 687 if (tcp_ao_required(sk, addr, AF_INET6, l3flag ? l3index : -1, false)) 688 return -EKEYREJECTED; 689 690 return tcp_md5_do_add(sk, addr, AF_INET6, prefixlen, l3index, flags, 691 cmd.tcpm_key, cmd.tcpm_keylen); 692 } 693 694 static int tcp_v6_md5_hash_headers(struct tcp_sigpool *hp, 695 const struct in6_addr *daddr, 696 const struct in6_addr *saddr, 697 const struct tcphdr *th, int nbytes) 698 { 699 struct tcp6_pseudohdr *bp; 700 struct scatterlist sg; 701 struct tcphdr *_th; 702 703 bp = hp->scratch; 704 /* 1. TCP pseudo-header (RFC2460) */ 705 bp->saddr = *saddr; 706 bp->daddr = *daddr; 707 bp->protocol = cpu_to_be32(IPPROTO_TCP); 708 bp->len = cpu_to_be32(nbytes); 709 710 _th = (struct tcphdr *)(bp + 1); 711 memcpy(_th, th, sizeof(*th)); 712 _th->check = 0; 713 714 sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th)); 715 ahash_request_set_crypt(hp->req, &sg, NULL, 716 sizeof(*bp) + sizeof(*th)); 717 return crypto_ahash_update(hp->req); 718 } 719 720 static int tcp_v6_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key, 721 const struct in6_addr *daddr, struct in6_addr *saddr, 722 const struct tcphdr *th) 723 { 724 struct tcp_sigpool hp; 725 726 if (tcp_sigpool_start(tcp_md5_sigpool_id, &hp)) 727 goto clear_hash_nostart; 728 729 if (crypto_ahash_init(hp.req)) 730 goto clear_hash; 731 if (tcp_v6_md5_hash_headers(&hp, daddr, saddr, th, th->doff << 2)) 732 goto clear_hash; 733 if (tcp_md5_hash_key(&hp, key)) 734 goto clear_hash; 735 ahash_request_set_crypt(hp.req, NULL, md5_hash, 0); 736 if (crypto_ahash_final(hp.req)) 737 goto clear_hash; 738 739 tcp_sigpool_end(&hp); 740 return 0; 741 742 clear_hash: 743 tcp_sigpool_end(&hp); 744 clear_hash_nostart: 745 memset(md5_hash, 0, 16); 746 return 1; 747 } 748 749 static int tcp_v6_md5_hash_skb(char *md5_hash, 750 const struct tcp_md5sig_key *key, 751 const struct sock *sk, 752 const struct sk_buff *skb) 753 { 754 const struct tcphdr *th = tcp_hdr(skb); 755 const struct in6_addr *saddr, *daddr; 756 struct tcp_sigpool hp; 757 758 if (sk) { /* valid for establish/request sockets */ 759 saddr = &sk->sk_v6_rcv_saddr; 760 daddr = &sk->sk_v6_daddr; 761 } else { 762 const struct ipv6hdr *ip6h = ipv6_hdr(skb); 763 saddr = &ip6h->saddr; 764 daddr = &ip6h->daddr; 765 } 766 767 if (tcp_sigpool_start(tcp_md5_sigpool_id, &hp)) 768 goto clear_hash_nostart; 769 770 if (crypto_ahash_init(hp.req)) 771 goto clear_hash; 772 773 if (tcp_v6_md5_hash_headers(&hp, daddr, saddr, th, skb->len)) 774 goto clear_hash; 775 if (tcp_sigpool_hash_skb_data(&hp, skb, th->doff << 2)) 776 goto clear_hash; 777 if (tcp_md5_hash_key(&hp, key)) 778 goto clear_hash; 779 ahash_request_set_crypt(hp.req, NULL, md5_hash, 0); 780 if (crypto_ahash_final(hp.req)) 781 goto clear_hash; 782 783 tcp_sigpool_end(&hp); 784 return 0; 785 786 clear_hash: 787 tcp_sigpool_end(&hp); 788 clear_hash_nostart: 789 memset(md5_hash, 0, 16); 790 return 1; 791 } 792 #endif 793 794 static void tcp_v6_init_req(struct request_sock *req, 795 const struct sock *sk_listener, 796 struct sk_buff *skb) 797 { 798 bool l3_slave = ipv6_l3mdev_skb(TCP_SKB_CB(skb)->header.h6.flags); 799 struct inet_request_sock *ireq = inet_rsk(req); 800 const struct ipv6_pinfo *np = tcp_inet6_sk(sk_listener); 801 802 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr; 803 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr; 804 805 /* So that link locals have meaning */ 806 if ((!sk_listener->sk_bound_dev_if || l3_slave) && 807 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL) 808 ireq->ir_iif = tcp_v6_iif(skb); 809 810 if (!TCP_SKB_CB(skb)->tcp_tw_isn && 811 (ipv6_opt_accepted(sk_listener, skb, &TCP_SKB_CB(skb)->header.h6) || 812 np->rxopt.bits.rxinfo || 813 np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim || 814 np->rxopt.bits.rxohlim || inet6_test_bit(REPFLOW, sk_listener))) { 815 refcount_inc(&skb->users); 816 ireq->pktopts = skb; 817 } 818 } 819 820 static struct dst_entry *tcp_v6_route_req(const struct sock *sk, 821 struct sk_buff *skb, 822 struct flowi *fl, 823 struct request_sock *req) 824 { 825 tcp_v6_init_req(req, sk, skb); 826 827 if (security_inet_conn_request(sk, skb, req)) 828 return NULL; 829 830 return inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP); 831 } 832 833 struct request_sock_ops tcp6_request_sock_ops __read_mostly = { 834 .family = AF_INET6, 835 .obj_size = sizeof(struct tcp6_request_sock), 836 .rtx_syn_ack = tcp_rtx_synack, 837 .send_ack = tcp_v6_reqsk_send_ack, 838 .destructor = tcp_v6_reqsk_destructor, 839 .send_reset = tcp_v6_send_reset, 840 .syn_ack_timeout = tcp_syn_ack_timeout, 841 }; 842 843 const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = { 844 .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - 845 sizeof(struct ipv6hdr), 846 #ifdef CONFIG_TCP_MD5SIG 847 .req_md5_lookup = tcp_v6_md5_lookup, 848 .calc_md5_hash = tcp_v6_md5_hash_skb, 849 #endif 850 #ifdef CONFIG_TCP_AO 851 .ao_lookup = tcp_v6_ao_lookup_rsk, 852 .ao_calc_key = tcp_v6_ao_calc_key_rsk, 853 .ao_synack_hash = tcp_v6_ao_synack_hash, 854 #endif 855 #ifdef CONFIG_SYN_COOKIES 856 .cookie_init_seq = cookie_v6_init_sequence, 857 #endif 858 .route_req = tcp_v6_route_req, 859 .init_seq = tcp_v6_init_seq, 860 .init_ts_off = tcp_v6_init_ts_off, 861 .send_synack = tcp_v6_send_synack, 862 }; 863 864 static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 seq, 865 u32 ack, u32 win, u32 tsval, u32 tsecr, 866 int oif, int rst, u8 tclass, __be32 label, 867 u32 priority, u32 txhash, struct tcp_key *key) 868 { 869 const struct tcphdr *th = tcp_hdr(skb); 870 struct tcphdr *t1; 871 struct sk_buff *buff; 872 struct flowi6 fl6; 873 struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev); 874 struct sock *ctl_sk = net->ipv6.tcp_sk; 875 unsigned int tot_len = sizeof(struct tcphdr); 876 __be32 mrst = 0, *topt; 877 struct dst_entry *dst; 878 __u32 mark = 0; 879 880 if (tsecr) 881 tot_len += TCPOLEN_TSTAMP_ALIGNED; 882 if (tcp_key_is_md5(key)) 883 tot_len += TCPOLEN_MD5SIG_ALIGNED; 884 if (tcp_key_is_ao(key)) 885 tot_len += tcp_ao_len_aligned(key->ao_key); 886 887 #ifdef CONFIG_MPTCP 888 if (rst && !tcp_key_is_md5(key)) { 889 mrst = mptcp_reset_option(skb); 890 891 if (mrst) 892 tot_len += sizeof(__be32); 893 } 894 #endif 895 896 buff = alloc_skb(MAX_TCP_HEADER, GFP_ATOMIC); 897 if (!buff) 898 return; 899 900 skb_reserve(buff, MAX_TCP_HEADER); 901 902 t1 = skb_push(buff, tot_len); 903 skb_reset_transport_header(buff); 904 905 /* Swap the send and the receive. */ 906 memset(t1, 0, sizeof(*t1)); 907 t1->dest = th->source; 908 t1->source = th->dest; 909 t1->doff = tot_len / 4; 910 t1->seq = htonl(seq); 911 t1->ack_seq = htonl(ack); 912 t1->ack = !rst || !th->ack; 913 t1->rst = rst; 914 t1->window = htons(win); 915 916 topt = (__be32 *)(t1 + 1); 917 918 if (tsecr) { 919 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 920 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP); 921 *topt++ = htonl(tsval); 922 *topt++ = htonl(tsecr); 923 } 924 925 if (mrst) 926 *topt++ = mrst; 927 928 #ifdef CONFIG_TCP_MD5SIG 929 if (tcp_key_is_md5(key)) { 930 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 931 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); 932 tcp_v6_md5_hash_hdr((__u8 *)topt, key->md5_key, 933 &ipv6_hdr(skb)->saddr, 934 &ipv6_hdr(skb)->daddr, t1); 935 } 936 #endif 937 #ifdef CONFIG_TCP_AO 938 if (tcp_key_is_ao(key)) { 939 *topt++ = htonl((TCPOPT_AO << 24) | 940 (tcp_ao_len(key->ao_key) << 16) | 941 (key->ao_key->sndid << 8) | 942 (key->rcv_next)); 943 944 tcp_ao_hash_hdr(AF_INET6, (char *)topt, key->ao_key, 945 key->traffic_key, 946 (union tcp_ao_addr *)&ipv6_hdr(skb)->saddr, 947 (union tcp_ao_addr *)&ipv6_hdr(skb)->daddr, 948 t1, key->sne); 949 } 950 #endif 951 952 memset(&fl6, 0, sizeof(fl6)); 953 fl6.daddr = ipv6_hdr(skb)->saddr; 954 fl6.saddr = ipv6_hdr(skb)->daddr; 955 fl6.flowlabel = label; 956 957 buff->ip_summed = CHECKSUM_PARTIAL; 958 959 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr); 960 961 fl6.flowi6_proto = IPPROTO_TCP; 962 if (rt6_need_strict(&fl6.daddr) && !oif) 963 fl6.flowi6_oif = tcp_v6_iif(skb); 964 else { 965 if (!oif && netif_index_is_l3_master(net, skb->skb_iif)) 966 oif = skb->skb_iif; 967 968 fl6.flowi6_oif = oif; 969 } 970 971 if (sk) { 972 if (sk->sk_state == TCP_TIME_WAIT) 973 mark = inet_twsk(sk)->tw_mark; 974 else 975 mark = READ_ONCE(sk->sk_mark); 976 skb_set_delivery_time(buff, tcp_transmit_time(sk), true); 977 } 978 if (txhash) { 979 /* autoflowlabel/skb_get_hash_flowi6 rely on buff->hash */ 980 skb_set_hash(buff, txhash, PKT_HASH_TYPE_L4); 981 } 982 fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark) ?: mark; 983 fl6.fl6_dport = t1->dest; 984 fl6.fl6_sport = t1->source; 985 fl6.flowi6_uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL); 986 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6)); 987 988 /* Pass a socket to ip6_dst_lookup either it is for RST 989 * Underlying function will use this to retrieve the network 990 * namespace 991 */ 992 if (sk && sk->sk_state != TCP_TIME_WAIT) 993 dst = ip6_dst_lookup_flow(net, sk, &fl6, NULL); /*sk's xfrm_policy can be referred*/ 994 else 995 dst = ip6_dst_lookup_flow(net, ctl_sk, &fl6, NULL); 996 if (!IS_ERR(dst)) { 997 skb_dst_set(buff, dst); 998 ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL, 999 tclass & ~INET_ECN_MASK, priority); 1000 TCP_INC_STATS(net, TCP_MIB_OUTSEGS); 1001 if (rst) 1002 TCP_INC_STATS(net, TCP_MIB_OUTRSTS); 1003 return; 1004 } 1005 1006 kfree_skb(buff); 1007 } 1008 1009 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb) 1010 { 1011 const struct tcphdr *th = tcp_hdr(skb); 1012 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 1013 const __u8 *md5_hash_location = NULL; 1014 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO) 1015 bool allocated_traffic_key = false; 1016 #endif 1017 const struct tcp_ao_hdr *aoh; 1018 struct tcp_key key = {}; 1019 u32 seq = 0, ack_seq = 0; 1020 __be32 label = 0; 1021 u32 priority = 0; 1022 struct net *net; 1023 u32 txhash = 0; 1024 int oif = 0; 1025 #ifdef CONFIG_TCP_MD5SIG 1026 unsigned char newhash[16]; 1027 int genhash; 1028 struct sock *sk1 = NULL; 1029 #endif 1030 1031 if (th->rst) 1032 return; 1033 1034 /* If sk not NULL, it means we did a successful lookup and incoming 1035 * route had to be correct. prequeue might have dropped our dst. 1036 */ 1037 if (!sk && !ipv6_unicast_destination(skb)) 1038 return; 1039 1040 net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev); 1041 /* Invalid TCP option size or twice included auth */ 1042 if (tcp_parse_auth_options(th, &md5_hash_location, &aoh)) 1043 return; 1044 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO) 1045 rcu_read_lock(); 1046 #endif 1047 #ifdef CONFIG_TCP_MD5SIG 1048 if (sk && sk_fullsock(sk)) { 1049 int l3index; 1050 1051 /* sdif set, means packet ingressed via a device 1052 * in an L3 domain and inet_iif is set to it. 1053 */ 1054 l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0; 1055 key.md5_key = tcp_v6_md5_do_lookup(sk, &ipv6h->saddr, l3index); 1056 if (key.md5_key) 1057 key.type = TCP_KEY_MD5; 1058 } else if (md5_hash_location) { 1059 int dif = tcp_v6_iif_l3_slave(skb); 1060 int sdif = tcp_v6_sdif(skb); 1061 int l3index; 1062 1063 /* 1064 * active side is lost. Try to find listening socket through 1065 * source port, and then find md5 key through listening socket. 1066 * we are not loose security here: 1067 * Incoming packet is checked with md5 hash with finding key, 1068 * no RST generated if md5 hash doesn't match. 1069 */ 1070 sk1 = inet6_lookup_listener(net, net->ipv4.tcp_death_row.hashinfo, 1071 NULL, 0, &ipv6h->saddr, th->source, 1072 &ipv6h->daddr, ntohs(th->source), 1073 dif, sdif); 1074 if (!sk1) 1075 goto out; 1076 1077 /* sdif set, means packet ingressed via a device 1078 * in an L3 domain and dif is set to it. 1079 */ 1080 l3index = tcp_v6_sdif(skb) ? dif : 0; 1081 1082 key.md5_key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr, l3index); 1083 if (!key.md5_key) 1084 goto out; 1085 key.type = TCP_KEY_MD5; 1086 1087 genhash = tcp_v6_md5_hash_skb(newhash, key.md5_key, NULL, skb); 1088 if (genhash || memcmp(md5_hash_location, newhash, 16) != 0) 1089 goto out; 1090 } 1091 #endif 1092 1093 if (th->ack) 1094 seq = ntohl(th->ack_seq); 1095 else 1096 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len - 1097 (th->doff << 2); 1098 1099 #ifdef CONFIG_TCP_AO 1100 if (aoh) { 1101 int l3index; 1102 1103 l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0; 1104 if (tcp_ao_prepare_reset(sk, skb, aoh, l3index, seq, 1105 &key.ao_key, &key.traffic_key, 1106 &allocated_traffic_key, 1107 &key.rcv_next, &key.sne)) 1108 goto out; 1109 key.type = TCP_KEY_AO; 1110 } 1111 #endif 1112 1113 if (sk) { 1114 oif = sk->sk_bound_dev_if; 1115 if (sk_fullsock(sk)) { 1116 if (inet6_test_bit(REPFLOW, sk)) 1117 label = ip6_flowlabel(ipv6h); 1118 priority = READ_ONCE(sk->sk_priority); 1119 txhash = sk->sk_txhash; 1120 } 1121 if (sk->sk_state == TCP_TIME_WAIT) { 1122 label = cpu_to_be32(inet_twsk(sk)->tw_flowlabel); 1123 priority = inet_twsk(sk)->tw_priority; 1124 txhash = inet_twsk(sk)->tw_txhash; 1125 } 1126 } else { 1127 if (net->ipv6.sysctl.flowlabel_reflect & FLOWLABEL_REFLECT_TCP_RESET) 1128 label = ip6_flowlabel(ipv6h); 1129 } 1130 1131 trace_tcp_send_reset(sk, skb); 1132 1133 tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, 1, 1134 ipv6_get_dsfield(ipv6h), label, priority, txhash, 1135 &key); 1136 1137 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO) 1138 out: 1139 if (allocated_traffic_key) 1140 kfree(key.traffic_key); 1141 rcu_read_unlock(); 1142 #endif 1143 } 1144 1145 static void tcp_v6_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq, 1146 u32 ack, u32 win, u32 tsval, u32 tsecr, int oif, 1147 struct tcp_key *key, u8 tclass, 1148 __be32 label, u32 priority, u32 txhash) 1149 { 1150 tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, 0, 1151 tclass, label, priority, txhash, key); 1152 } 1153 1154 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb) 1155 { 1156 struct inet_timewait_sock *tw = inet_twsk(sk); 1157 struct tcp_timewait_sock *tcptw = tcp_twsk(sk); 1158 struct tcp_key key = {}; 1159 #ifdef CONFIG_TCP_AO 1160 struct tcp_ao_info *ao_info; 1161 1162 if (static_branch_unlikely(&tcp_ao_needed.key)) { 1163 1164 /* FIXME: the segment to-be-acked is not verified yet */ 1165 ao_info = rcu_dereference(tcptw->ao_info); 1166 if (ao_info) { 1167 const struct tcp_ao_hdr *aoh; 1168 1169 /* Invalid TCP option size or twice included auth */ 1170 if (tcp_parse_auth_options(tcp_hdr(skb), NULL, &aoh)) 1171 goto out; 1172 if (aoh) 1173 key.ao_key = tcp_ao_established_key(ao_info, 1174 aoh->rnext_keyid, -1); 1175 } 1176 } 1177 if (key.ao_key) { 1178 struct tcp_ao_key *rnext_key; 1179 1180 key.traffic_key = snd_other_key(key.ao_key); 1181 /* rcv_next switches to our rcv_next */ 1182 rnext_key = READ_ONCE(ao_info->rnext_key); 1183 key.rcv_next = rnext_key->rcvid; 1184 key.sne = READ_ONCE(ao_info->snd_sne); 1185 key.type = TCP_KEY_AO; 1186 #else 1187 if (0) { 1188 #endif 1189 #ifdef CONFIG_TCP_MD5SIG 1190 } else if (static_branch_unlikely(&tcp_md5_needed.key)) { 1191 key.md5_key = tcp_twsk_md5_key(tcptw); 1192 if (key.md5_key) 1193 key.type = TCP_KEY_MD5; 1194 #endif 1195 } 1196 1197 tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt, 1198 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale, 1199 tcp_tw_tsval(tcptw), 1200 tcptw->tw_ts_recent, tw->tw_bound_dev_if, &key, 1201 tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel), tw->tw_priority, 1202 tw->tw_txhash); 1203 1204 #ifdef CONFIG_TCP_AO 1205 out: 1206 #endif 1207 inet_twsk_put(tw); 1208 } 1209 1210 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb, 1211 struct request_sock *req) 1212 { 1213 struct tcp_key key = {}; 1214 1215 #ifdef CONFIG_TCP_AO 1216 if (static_branch_unlikely(&tcp_ao_needed.key) && 1217 tcp_rsk_used_ao(req)) { 1218 const struct in6_addr *addr = &ipv6_hdr(skb)->saddr; 1219 const struct tcp_ao_hdr *aoh; 1220 int l3index; 1221 1222 l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0; 1223 /* Invalid TCP option size or twice included auth */ 1224 if (tcp_parse_auth_options(tcp_hdr(skb), NULL, &aoh)) 1225 return; 1226 if (!aoh) 1227 return; 1228 key.ao_key = tcp_ao_do_lookup(sk, l3index, 1229 (union tcp_ao_addr *)addr, 1230 AF_INET6, aoh->rnext_keyid, -1); 1231 if (unlikely(!key.ao_key)) { 1232 /* Send ACK with any matching MKT for the peer */ 1233 key.ao_key = tcp_ao_do_lookup(sk, l3index, 1234 (union tcp_ao_addr *)addr, 1235 AF_INET6, -1, -1); 1236 /* Matching key disappeared (user removed the key?) 1237 * let the handshake timeout. 1238 */ 1239 if (!key.ao_key) { 1240 net_info_ratelimited("TCP-AO key for (%pI6, %d)->(%pI6, %d) suddenly disappeared, won't ACK new connection\n", 1241 addr, 1242 ntohs(tcp_hdr(skb)->source), 1243 &ipv6_hdr(skb)->daddr, 1244 ntohs(tcp_hdr(skb)->dest)); 1245 return; 1246 } 1247 } 1248 key.traffic_key = kmalloc(tcp_ao_digest_size(key.ao_key), GFP_ATOMIC); 1249 if (!key.traffic_key) 1250 return; 1251 1252 key.type = TCP_KEY_AO; 1253 key.rcv_next = aoh->keyid; 1254 tcp_v6_ao_calc_key_rsk(key.ao_key, key.traffic_key, req); 1255 #else 1256 if (0) { 1257 #endif 1258 #ifdef CONFIG_TCP_MD5SIG 1259 } else if (static_branch_unlikely(&tcp_md5_needed.key)) { 1260 int l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0; 1261 1262 key.md5_key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->saddr, 1263 l3index); 1264 if (key.md5_key) 1265 key.type = TCP_KEY_MD5; 1266 #endif 1267 } 1268 1269 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV 1270 * sk->sk_state == TCP_SYN_RECV -> for Fast Open. 1271 */ 1272 /* RFC 7323 2.3 1273 * The window field (SEG.WND) of every outgoing segment, with the 1274 * exception of <SYN> segments, MUST be right-shifted by 1275 * Rcv.Wind.Shift bits: 1276 */ 1277 tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ? 1278 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt, 1279 tcp_rsk(req)->rcv_nxt, 1280 req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale, 1281 tcp_rsk_tsval(tcp_rsk(req)), 1282 READ_ONCE(req->ts_recent), sk->sk_bound_dev_if, 1283 &key, ipv6_get_dsfield(ipv6_hdr(skb)), 0, 1284 READ_ONCE(sk->sk_priority), 1285 READ_ONCE(tcp_rsk(req)->txhash)); 1286 if (tcp_key_is_ao(&key)) 1287 kfree(key.traffic_key); 1288 } 1289 1290 1291 static struct sock *tcp_v6_cookie_check(struct sock *sk, struct sk_buff *skb) 1292 { 1293 #ifdef CONFIG_SYN_COOKIES 1294 const struct tcphdr *th = tcp_hdr(skb); 1295 1296 if (!th->syn) 1297 sk = cookie_v6_check(sk, skb); 1298 #endif 1299 return sk; 1300 } 1301 1302 u16 tcp_v6_get_syncookie(struct sock *sk, struct ipv6hdr *iph, 1303 struct tcphdr *th, u32 *cookie) 1304 { 1305 u16 mss = 0; 1306 #ifdef CONFIG_SYN_COOKIES 1307 mss = tcp_get_syncookie_mss(&tcp6_request_sock_ops, 1308 &tcp_request_sock_ipv6_ops, sk, th); 1309 if (mss) { 1310 *cookie = __cookie_v6_init_sequence(iph, th, &mss); 1311 tcp_synq_overflow(sk); 1312 } 1313 #endif 1314 return mss; 1315 } 1316 1317 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb) 1318 { 1319 if (skb->protocol == htons(ETH_P_IP)) 1320 return tcp_v4_conn_request(sk, skb); 1321 1322 if (!ipv6_unicast_destination(skb)) 1323 goto drop; 1324 1325 if (ipv6_addr_v4mapped(&ipv6_hdr(skb)->saddr)) { 1326 __IP6_INC_STATS(sock_net(sk), NULL, IPSTATS_MIB_INHDRERRORS); 1327 return 0; 1328 } 1329 1330 return tcp_conn_request(&tcp6_request_sock_ops, 1331 &tcp_request_sock_ipv6_ops, sk, skb); 1332 1333 drop: 1334 tcp_listendrop(sk); 1335 return 0; /* don't send reset */ 1336 } 1337 1338 static void tcp_v6_restore_cb(struct sk_buff *skb) 1339 { 1340 /* We need to move header back to the beginning if xfrm6_policy_check() 1341 * and tcp_v6_fill_cb() are going to be called again. 1342 * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there. 1343 */ 1344 memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6, 1345 sizeof(struct inet6_skb_parm)); 1346 } 1347 1348 static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb, 1349 struct request_sock *req, 1350 struct dst_entry *dst, 1351 struct request_sock *req_unhash, 1352 bool *own_req) 1353 { 1354 struct inet_request_sock *ireq; 1355 struct ipv6_pinfo *newnp; 1356 const struct ipv6_pinfo *np = tcp_inet6_sk(sk); 1357 struct ipv6_txoptions *opt; 1358 struct inet_sock *newinet; 1359 bool found_dup_sk = false; 1360 struct tcp_sock *newtp; 1361 struct sock *newsk; 1362 #ifdef CONFIG_TCP_MD5SIG 1363 struct tcp_md5sig_key *key; 1364 int l3index; 1365 #endif 1366 struct flowi6 fl6; 1367 1368 if (skb->protocol == htons(ETH_P_IP)) { 1369 /* 1370 * v6 mapped 1371 */ 1372 1373 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst, 1374 req_unhash, own_req); 1375 1376 if (!newsk) 1377 return NULL; 1378 1379 inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk); 1380 1381 newnp = tcp_inet6_sk(newsk); 1382 newtp = tcp_sk(newsk); 1383 1384 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1385 1386 newnp->saddr = newsk->sk_v6_rcv_saddr; 1387 1388 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped; 1389 if (sk_is_mptcp(newsk)) 1390 mptcpv6_handle_mapped(newsk, true); 1391 newsk->sk_backlog_rcv = tcp_v4_do_rcv; 1392 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO) 1393 newtp->af_specific = &tcp_sock_ipv6_mapped_specific; 1394 #endif 1395 1396 newnp->ipv6_mc_list = NULL; 1397 newnp->ipv6_ac_list = NULL; 1398 newnp->ipv6_fl_list = NULL; 1399 newnp->pktoptions = NULL; 1400 newnp->opt = NULL; 1401 newnp->mcast_oif = inet_iif(skb); 1402 newnp->mcast_hops = ip_hdr(skb)->ttl; 1403 newnp->rcv_flowinfo = 0; 1404 if (inet6_test_bit(REPFLOW, sk)) 1405 newnp->flow_label = 0; 1406 1407 /* 1408 * No need to charge this sock to the relevant IPv6 refcnt debug socks count 1409 * here, tcp_create_openreq_child now does this for us, see the comment in 1410 * that function for the gory details. -acme 1411 */ 1412 1413 /* It is tricky place. Until this moment IPv4 tcp 1414 worked with IPv6 icsk.icsk_af_ops. 1415 Sync it now. 1416 */ 1417 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); 1418 1419 return newsk; 1420 } 1421 1422 ireq = inet_rsk(req); 1423 1424 if (sk_acceptq_is_full(sk)) 1425 goto out_overflow; 1426 1427 if (!dst) { 1428 dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_TCP); 1429 if (!dst) 1430 goto out; 1431 } 1432 1433 newsk = tcp_create_openreq_child(sk, req, skb); 1434 if (!newsk) 1435 goto out_nonewsk; 1436 1437 /* 1438 * No need to charge this sock to the relevant IPv6 refcnt debug socks 1439 * count here, tcp_create_openreq_child now does this for us, see the 1440 * comment in that function for the gory details. -acme 1441 */ 1442 1443 newsk->sk_gso_type = SKB_GSO_TCPV6; 1444 ip6_dst_store(newsk, dst, NULL, NULL); 1445 inet6_sk_rx_dst_set(newsk, skb); 1446 1447 inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk); 1448 1449 newtp = tcp_sk(newsk); 1450 newinet = inet_sk(newsk); 1451 newnp = tcp_inet6_sk(newsk); 1452 1453 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1454 1455 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr; 1456 newnp->saddr = ireq->ir_v6_loc_addr; 1457 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr; 1458 newsk->sk_bound_dev_if = ireq->ir_iif; 1459 1460 /* Now IPv6 options... 1461 1462 First: no IPv4 options. 1463 */ 1464 newinet->inet_opt = NULL; 1465 newnp->ipv6_mc_list = NULL; 1466 newnp->ipv6_ac_list = NULL; 1467 newnp->ipv6_fl_list = NULL; 1468 1469 /* Clone RX bits */ 1470 newnp->rxopt.all = np->rxopt.all; 1471 1472 newnp->pktoptions = NULL; 1473 newnp->opt = NULL; 1474 newnp->mcast_oif = tcp_v6_iif(skb); 1475 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1476 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb)); 1477 if (inet6_test_bit(REPFLOW, sk)) 1478 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb)); 1479 1480 /* Set ToS of the new socket based upon the value of incoming SYN. 1481 * ECT bits are set later in tcp_init_transfer(). 1482 */ 1483 if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_reflect_tos)) 1484 newnp->tclass = tcp_rsk(req)->syn_tos & ~INET_ECN_MASK; 1485 1486 /* Clone native IPv6 options from listening socket (if any) 1487 1488 Yes, keeping reference count would be much more clever, 1489 but we make one more one thing there: reattach optmem 1490 to newsk. 1491 */ 1492 opt = ireq->ipv6_opt; 1493 if (!opt) 1494 opt = rcu_dereference(np->opt); 1495 if (opt) { 1496 opt = ipv6_dup_options(newsk, opt); 1497 RCU_INIT_POINTER(newnp->opt, opt); 1498 } 1499 inet_csk(newsk)->icsk_ext_hdr_len = 0; 1500 if (opt) 1501 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen + 1502 opt->opt_flen; 1503 1504 tcp_ca_openreq_child(newsk, dst); 1505 1506 tcp_sync_mss(newsk, dst_mtu(dst)); 1507 newtp->advmss = tcp_mss_clamp(tcp_sk(sk), dst_metric_advmss(dst)); 1508 1509 tcp_initialize_rcv_mss(newsk); 1510 1511 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6; 1512 newinet->inet_rcv_saddr = LOOPBACK4_IPV6; 1513 1514 #ifdef CONFIG_TCP_MD5SIG 1515 l3index = l3mdev_master_ifindex_by_index(sock_net(sk), ireq->ir_iif); 1516 1517 if (!tcp_rsk_used_ao(req)) { 1518 /* Copy over the MD5 key from the original socket */ 1519 key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr, l3index); 1520 if (key) { 1521 const union tcp_md5_addr *addr; 1522 1523 addr = (union tcp_md5_addr *)&newsk->sk_v6_daddr; 1524 if (tcp_md5_key_copy(newsk, addr, AF_INET6, 128, l3index, key)) { 1525 inet_csk_prepare_forced_close(newsk); 1526 tcp_done(newsk); 1527 goto out; 1528 } 1529 } 1530 } 1531 #endif 1532 #ifdef CONFIG_TCP_AO 1533 /* Copy over tcp_ao_info if any */ 1534 if (tcp_ao_copy_all_matching(sk, newsk, req, skb, AF_INET6)) 1535 goto out; /* OOM */ 1536 #endif 1537 1538 if (__inet_inherit_port(sk, newsk) < 0) { 1539 inet_csk_prepare_forced_close(newsk); 1540 tcp_done(newsk); 1541 goto out; 1542 } 1543 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash), 1544 &found_dup_sk); 1545 if (*own_req) { 1546 tcp_move_syn(newtp, req); 1547 1548 /* Clone pktoptions received with SYN, if we own the req */ 1549 if (ireq->pktopts) { 1550 newnp->pktoptions = skb_clone_and_charge_r(ireq->pktopts, newsk); 1551 consume_skb(ireq->pktopts); 1552 ireq->pktopts = NULL; 1553 if (newnp->pktoptions) 1554 tcp_v6_restore_cb(newnp->pktoptions); 1555 } 1556 } else { 1557 if (!req_unhash && found_dup_sk) { 1558 /* This code path should only be executed in the 1559 * syncookie case only 1560 */ 1561 bh_unlock_sock(newsk); 1562 sock_put(newsk); 1563 newsk = NULL; 1564 } 1565 } 1566 1567 return newsk; 1568 1569 out_overflow: 1570 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); 1571 out_nonewsk: 1572 dst_release(dst); 1573 out: 1574 tcp_listendrop(sk); 1575 return NULL; 1576 } 1577 1578 INDIRECT_CALLABLE_DECLARE(struct dst_entry *ipv4_dst_check(struct dst_entry *, 1579 u32)); 1580 /* The socket must have it's spinlock held when we get 1581 * here, unless it is a TCP_LISTEN socket. 1582 * 1583 * We have a potential double-lock case here, so even when 1584 * doing backlog processing we use the BH locking scheme. 1585 * This is because we cannot sleep with the original spinlock 1586 * held. 1587 */ 1588 INDIRECT_CALLABLE_SCOPE 1589 int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) 1590 { 1591 struct ipv6_pinfo *np = tcp_inet6_sk(sk); 1592 struct sk_buff *opt_skb = NULL; 1593 enum skb_drop_reason reason; 1594 struct tcp_sock *tp; 1595 1596 /* Imagine: socket is IPv6. IPv4 packet arrives, 1597 goes to IPv4 receive handler and backlogged. 1598 From backlog it always goes here. Kerboom... 1599 Fortunately, tcp_rcv_established and rcv_established 1600 handle them correctly, but it is not case with 1601 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK 1602 */ 1603 1604 if (skb->protocol == htons(ETH_P_IP)) 1605 return tcp_v4_do_rcv(sk, skb); 1606 1607 /* 1608 * socket locking is here for SMP purposes as backlog rcv 1609 * is currently called with bh processing disabled. 1610 */ 1611 1612 /* Do Stevens' IPV6_PKTOPTIONS. 1613 1614 Yes, guys, it is the only place in our code, where we 1615 may make it not affecting IPv4. 1616 The rest of code is protocol independent, 1617 and I do not like idea to uglify IPv4. 1618 1619 Actually, all the idea behind IPV6_PKTOPTIONS 1620 looks not very well thought. For now we latch 1621 options, received in the last packet, enqueued 1622 by tcp. Feel free to propose better solution. 1623 --ANK (980728) 1624 */ 1625 if (np->rxopt.all) 1626 opt_skb = skb_clone_and_charge_r(skb, sk); 1627 1628 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ 1629 struct dst_entry *dst; 1630 1631 dst = rcu_dereference_protected(sk->sk_rx_dst, 1632 lockdep_sock_is_held(sk)); 1633 1634 sock_rps_save_rxhash(sk, skb); 1635 sk_mark_napi_id(sk, skb); 1636 if (dst) { 1637 if (sk->sk_rx_dst_ifindex != skb->skb_iif || 1638 INDIRECT_CALL_1(dst->ops->check, ip6_dst_check, 1639 dst, sk->sk_rx_dst_cookie) == NULL) { 1640 RCU_INIT_POINTER(sk->sk_rx_dst, NULL); 1641 dst_release(dst); 1642 } 1643 } 1644 1645 tcp_rcv_established(sk, skb); 1646 if (opt_skb) 1647 goto ipv6_pktoptions; 1648 return 0; 1649 } 1650 1651 if (tcp_checksum_complete(skb)) 1652 goto csum_err; 1653 1654 if (sk->sk_state == TCP_LISTEN) { 1655 struct sock *nsk = tcp_v6_cookie_check(sk, skb); 1656 1657 if (nsk != sk) { 1658 if (nsk) { 1659 reason = tcp_child_process(sk, nsk, skb); 1660 if (reason) 1661 goto reset; 1662 } 1663 if (opt_skb) 1664 __kfree_skb(opt_skb); 1665 return 0; 1666 } 1667 } else 1668 sock_rps_save_rxhash(sk, skb); 1669 1670 reason = tcp_rcv_state_process(sk, skb); 1671 if (reason) 1672 goto reset; 1673 if (opt_skb) 1674 goto ipv6_pktoptions; 1675 return 0; 1676 1677 reset: 1678 tcp_v6_send_reset(sk, skb); 1679 discard: 1680 if (opt_skb) 1681 __kfree_skb(opt_skb); 1682 kfree_skb_reason(skb, reason); 1683 return 0; 1684 csum_err: 1685 reason = SKB_DROP_REASON_TCP_CSUM; 1686 trace_tcp_bad_csum(skb); 1687 TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS); 1688 TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS); 1689 goto discard; 1690 1691 1692 ipv6_pktoptions: 1693 /* Do you ask, what is it? 1694 1695 1. skb was enqueued by tcp. 1696 2. skb is added to tail of read queue, rather than out of order. 1697 3. socket is not in passive state. 1698 4. Finally, it really contains options, which user wants to receive. 1699 */ 1700 tp = tcp_sk(sk); 1701 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt && 1702 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) { 1703 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo) 1704 WRITE_ONCE(np->mcast_oif, tcp_v6_iif(opt_skb)); 1705 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) 1706 WRITE_ONCE(np->mcast_hops, 1707 ipv6_hdr(opt_skb)->hop_limit); 1708 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass) 1709 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb)); 1710 if (inet6_test_bit(REPFLOW, sk)) 1711 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb)); 1712 if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) { 1713 tcp_v6_restore_cb(opt_skb); 1714 opt_skb = xchg(&np->pktoptions, opt_skb); 1715 } else { 1716 __kfree_skb(opt_skb); 1717 opt_skb = xchg(&np->pktoptions, NULL); 1718 } 1719 } 1720 1721 consume_skb(opt_skb); 1722 return 0; 1723 } 1724 1725 static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr, 1726 const struct tcphdr *th) 1727 { 1728 /* This is tricky: we move IP6CB at its correct location into 1729 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because 1730 * _decode_session6() uses IP6CB(). 1731 * barrier() makes sure compiler won't play aliasing games. 1732 */ 1733 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb), 1734 sizeof(struct inet6_skb_parm)); 1735 barrier(); 1736 1737 TCP_SKB_CB(skb)->seq = ntohl(th->seq); 1738 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin + 1739 skb->len - th->doff*4); 1740 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq); 1741 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th); 1742 TCP_SKB_CB(skb)->tcp_tw_isn = 0; 1743 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr); 1744 TCP_SKB_CB(skb)->sacked = 0; 1745 TCP_SKB_CB(skb)->has_rxtstamp = 1746 skb->tstamp || skb_hwtstamps(skb)->hwtstamp; 1747 } 1748 1749 INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb) 1750 { 1751 enum skb_drop_reason drop_reason; 1752 int sdif = inet6_sdif(skb); 1753 int dif = inet6_iif(skb); 1754 const struct tcphdr *th; 1755 const struct ipv6hdr *hdr; 1756 bool refcounted; 1757 struct sock *sk; 1758 int ret; 1759 struct net *net = dev_net(skb->dev); 1760 1761 drop_reason = SKB_DROP_REASON_NOT_SPECIFIED; 1762 if (skb->pkt_type != PACKET_HOST) 1763 goto discard_it; 1764 1765 /* 1766 * Count it even if it's bad. 1767 */ 1768 __TCP_INC_STATS(net, TCP_MIB_INSEGS); 1769 1770 if (!pskb_may_pull(skb, sizeof(struct tcphdr))) 1771 goto discard_it; 1772 1773 th = (const struct tcphdr *)skb->data; 1774 1775 if (unlikely(th->doff < sizeof(struct tcphdr) / 4)) { 1776 drop_reason = SKB_DROP_REASON_PKT_TOO_SMALL; 1777 goto bad_packet; 1778 } 1779 if (!pskb_may_pull(skb, th->doff*4)) 1780 goto discard_it; 1781 1782 if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo)) 1783 goto csum_error; 1784 1785 th = (const struct tcphdr *)skb->data; 1786 hdr = ipv6_hdr(skb); 1787 1788 lookup: 1789 sk = __inet6_lookup_skb(net->ipv4.tcp_death_row.hashinfo, skb, __tcp_hdrlen(th), 1790 th->source, th->dest, inet6_iif(skb), sdif, 1791 &refcounted); 1792 if (!sk) 1793 goto no_tcp_socket; 1794 1795 process: 1796 if (sk->sk_state == TCP_TIME_WAIT) 1797 goto do_time_wait; 1798 1799 if (sk->sk_state == TCP_NEW_SYN_RECV) { 1800 struct request_sock *req = inet_reqsk(sk); 1801 bool req_stolen = false; 1802 struct sock *nsk; 1803 1804 sk = req->rsk_listener; 1805 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) 1806 drop_reason = SKB_DROP_REASON_XFRM_POLICY; 1807 else 1808 drop_reason = tcp_inbound_hash(sk, req, skb, 1809 &hdr->saddr, &hdr->daddr, 1810 AF_INET6, dif, sdif); 1811 if (drop_reason) { 1812 sk_drops_add(sk, skb); 1813 reqsk_put(req); 1814 goto discard_it; 1815 } 1816 if (tcp_checksum_complete(skb)) { 1817 reqsk_put(req); 1818 goto csum_error; 1819 } 1820 if (unlikely(sk->sk_state != TCP_LISTEN)) { 1821 nsk = reuseport_migrate_sock(sk, req_to_sk(req), skb); 1822 if (!nsk) { 1823 inet_csk_reqsk_queue_drop_and_put(sk, req); 1824 goto lookup; 1825 } 1826 sk = nsk; 1827 /* reuseport_migrate_sock() has already held one sk_refcnt 1828 * before returning. 1829 */ 1830 } else { 1831 sock_hold(sk); 1832 } 1833 refcounted = true; 1834 nsk = NULL; 1835 if (!tcp_filter(sk, skb)) { 1836 th = (const struct tcphdr *)skb->data; 1837 hdr = ipv6_hdr(skb); 1838 tcp_v6_fill_cb(skb, hdr, th); 1839 nsk = tcp_check_req(sk, skb, req, false, &req_stolen); 1840 } else { 1841 drop_reason = SKB_DROP_REASON_SOCKET_FILTER; 1842 } 1843 if (!nsk) { 1844 reqsk_put(req); 1845 if (req_stolen) { 1846 /* Another cpu got exclusive access to req 1847 * and created a full blown socket. 1848 * Try to feed this packet to this socket 1849 * instead of discarding it. 1850 */ 1851 tcp_v6_restore_cb(skb); 1852 sock_put(sk); 1853 goto lookup; 1854 } 1855 goto discard_and_relse; 1856 } 1857 nf_reset_ct(skb); 1858 if (nsk == sk) { 1859 reqsk_put(req); 1860 tcp_v6_restore_cb(skb); 1861 } else { 1862 drop_reason = tcp_child_process(sk, nsk, skb); 1863 if (drop_reason) { 1864 tcp_v6_send_reset(nsk, skb); 1865 goto discard_and_relse; 1866 } 1867 sock_put(sk); 1868 return 0; 1869 } 1870 } 1871 1872 if (static_branch_unlikely(&ip6_min_hopcount)) { 1873 /* min_hopcount can be changed concurrently from do_ipv6_setsockopt() */ 1874 if (unlikely(hdr->hop_limit < READ_ONCE(tcp_inet6_sk(sk)->min_hopcount))) { 1875 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP); 1876 drop_reason = SKB_DROP_REASON_TCP_MINTTL; 1877 goto discard_and_relse; 1878 } 1879 } 1880 1881 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) { 1882 drop_reason = SKB_DROP_REASON_XFRM_POLICY; 1883 goto discard_and_relse; 1884 } 1885 1886 drop_reason = tcp_inbound_hash(sk, NULL, skb, &hdr->saddr, &hdr->daddr, 1887 AF_INET6, dif, sdif); 1888 if (drop_reason) 1889 goto discard_and_relse; 1890 1891 nf_reset_ct(skb); 1892 1893 if (tcp_filter(sk, skb)) { 1894 drop_reason = SKB_DROP_REASON_SOCKET_FILTER; 1895 goto discard_and_relse; 1896 } 1897 th = (const struct tcphdr *)skb->data; 1898 hdr = ipv6_hdr(skb); 1899 tcp_v6_fill_cb(skb, hdr, th); 1900 1901 skb->dev = NULL; 1902 1903 if (sk->sk_state == TCP_LISTEN) { 1904 ret = tcp_v6_do_rcv(sk, skb); 1905 goto put_and_return; 1906 } 1907 1908 sk_incoming_cpu_update(sk); 1909 1910 bh_lock_sock_nested(sk); 1911 tcp_segs_in(tcp_sk(sk), skb); 1912 ret = 0; 1913 if (!sock_owned_by_user(sk)) { 1914 ret = tcp_v6_do_rcv(sk, skb); 1915 } else { 1916 if (tcp_add_backlog(sk, skb, &drop_reason)) 1917 goto discard_and_relse; 1918 } 1919 bh_unlock_sock(sk); 1920 put_and_return: 1921 if (refcounted) 1922 sock_put(sk); 1923 return ret ? -1 : 0; 1924 1925 no_tcp_socket: 1926 drop_reason = SKB_DROP_REASON_NO_SOCKET; 1927 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 1928 goto discard_it; 1929 1930 tcp_v6_fill_cb(skb, hdr, th); 1931 1932 if (tcp_checksum_complete(skb)) { 1933 csum_error: 1934 drop_reason = SKB_DROP_REASON_TCP_CSUM; 1935 trace_tcp_bad_csum(skb); 1936 __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS); 1937 bad_packet: 1938 __TCP_INC_STATS(net, TCP_MIB_INERRS); 1939 } else { 1940 tcp_v6_send_reset(NULL, skb); 1941 } 1942 1943 discard_it: 1944 SKB_DR_OR(drop_reason, NOT_SPECIFIED); 1945 kfree_skb_reason(skb, drop_reason); 1946 return 0; 1947 1948 discard_and_relse: 1949 sk_drops_add(sk, skb); 1950 if (refcounted) 1951 sock_put(sk); 1952 goto discard_it; 1953 1954 do_time_wait: 1955 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 1956 drop_reason = SKB_DROP_REASON_XFRM_POLICY; 1957 inet_twsk_put(inet_twsk(sk)); 1958 goto discard_it; 1959 } 1960 1961 tcp_v6_fill_cb(skb, hdr, th); 1962 1963 if (tcp_checksum_complete(skb)) { 1964 inet_twsk_put(inet_twsk(sk)); 1965 goto csum_error; 1966 } 1967 1968 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) { 1969 case TCP_TW_SYN: 1970 { 1971 struct sock *sk2; 1972 1973 sk2 = inet6_lookup_listener(net, net->ipv4.tcp_death_row.hashinfo, 1974 skb, __tcp_hdrlen(th), 1975 &ipv6_hdr(skb)->saddr, th->source, 1976 &ipv6_hdr(skb)->daddr, 1977 ntohs(th->dest), 1978 tcp_v6_iif_l3_slave(skb), 1979 sdif); 1980 if (sk2) { 1981 struct inet_timewait_sock *tw = inet_twsk(sk); 1982 inet_twsk_deschedule_put(tw); 1983 sk = sk2; 1984 tcp_v6_restore_cb(skb); 1985 refcounted = false; 1986 goto process; 1987 } 1988 } 1989 /* to ACK */ 1990 fallthrough; 1991 case TCP_TW_ACK: 1992 tcp_v6_timewait_ack(sk, skb); 1993 break; 1994 case TCP_TW_RST: 1995 tcp_v6_send_reset(sk, skb); 1996 inet_twsk_deschedule_put(inet_twsk(sk)); 1997 goto discard_it; 1998 case TCP_TW_SUCCESS: 1999 ; 2000 } 2001 goto discard_it; 2002 } 2003 2004 void tcp_v6_early_demux(struct sk_buff *skb) 2005 { 2006 struct net *net = dev_net(skb->dev); 2007 const struct ipv6hdr *hdr; 2008 const struct tcphdr *th; 2009 struct sock *sk; 2010 2011 if (skb->pkt_type != PACKET_HOST) 2012 return; 2013 2014 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr))) 2015 return; 2016 2017 hdr = ipv6_hdr(skb); 2018 th = tcp_hdr(skb); 2019 2020 if (th->doff < sizeof(struct tcphdr) / 4) 2021 return; 2022 2023 /* Note : We use inet6_iif() here, not tcp_v6_iif() */ 2024 sk = __inet6_lookup_established(net, net->ipv4.tcp_death_row.hashinfo, 2025 &hdr->saddr, th->source, 2026 &hdr->daddr, ntohs(th->dest), 2027 inet6_iif(skb), inet6_sdif(skb)); 2028 if (sk) { 2029 skb->sk = sk; 2030 skb->destructor = sock_edemux; 2031 if (sk_fullsock(sk)) { 2032 struct dst_entry *dst = rcu_dereference(sk->sk_rx_dst); 2033 2034 if (dst) 2035 dst = dst_check(dst, sk->sk_rx_dst_cookie); 2036 if (dst && 2037 sk->sk_rx_dst_ifindex == skb->skb_iif) 2038 skb_dst_set_noref(skb, dst); 2039 } 2040 } 2041 } 2042 2043 static struct timewait_sock_ops tcp6_timewait_sock_ops = { 2044 .twsk_obj_size = sizeof(struct tcp6_timewait_sock), 2045 .twsk_unique = tcp_twsk_unique, 2046 .twsk_destructor = tcp_twsk_destructor, 2047 }; 2048 2049 INDIRECT_CALLABLE_SCOPE void tcp_v6_send_check(struct sock *sk, struct sk_buff *skb) 2050 { 2051 __tcp_v6_send_check(skb, &sk->sk_v6_rcv_saddr, &sk->sk_v6_daddr); 2052 } 2053 2054 const struct inet_connection_sock_af_ops ipv6_specific = { 2055 .queue_xmit = inet6_csk_xmit, 2056 .send_check = tcp_v6_send_check, 2057 .rebuild_header = inet6_sk_rebuild_header, 2058 .sk_rx_dst_set = inet6_sk_rx_dst_set, 2059 .conn_request = tcp_v6_conn_request, 2060 .syn_recv_sock = tcp_v6_syn_recv_sock, 2061 .net_header_len = sizeof(struct ipv6hdr), 2062 .setsockopt = ipv6_setsockopt, 2063 .getsockopt = ipv6_getsockopt, 2064 .addr2sockaddr = inet6_csk_addr2sockaddr, 2065 .sockaddr_len = sizeof(struct sockaddr_in6), 2066 .mtu_reduced = tcp_v6_mtu_reduced, 2067 }; 2068 2069 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO) 2070 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = { 2071 #ifdef CONFIG_TCP_MD5SIG 2072 .md5_lookup = tcp_v6_md5_lookup, 2073 .calc_md5_hash = tcp_v6_md5_hash_skb, 2074 .md5_parse = tcp_v6_parse_md5_keys, 2075 #endif 2076 #ifdef CONFIG_TCP_AO 2077 .ao_lookup = tcp_v6_ao_lookup, 2078 .calc_ao_hash = tcp_v6_ao_hash_skb, 2079 .ao_parse = tcp_v6_parse_ao, 2080 .ao_calc_key_sk = tcp_v6_ao_calc_key_sk, 2081 #endif 2082 }; 2083 #endif 2084 2085 /* 2086 * TCP over IPv4 via INET6 API 2087 */ 2088 static const struct inet_connection_sock_af_ops ipv6_mapped = { 2089 .queue_xmit = ip_queue_xmit, 2090 .send_check = tcp_v4_send_check, 2091 .rebuild_header = inet_sk_rebuild_header, 2092 .sk_rx_dst_set = inet_sk_rx_dst_set, 2093 .conn_request = tcp_v6_conn_request, 2094 .syn_recv_sock = tcp_v6_syn_recv_sock, 2095 .net_header_len = sizeof(struct iphdr), 2096 .setsockopt = ipv6_setsockopt, 2097 .getsockopt = ipv6_getsockopt, 2098 .addr2sockaddr = inet6_csk_addr2sockaddr, 2099 .sockaddr_len = sizeof(struct sockaddr_in6), 2100 .mtu_reduced = tcp_v4_mtu_reduced, 2101 }; 2102 2103 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO) 2104 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = { 2105 #ifdef CONFIG_TCP_MD5SIG 2106 .md5_lookup = tcp_v4_md5_lookup, 2107 .calc_md5_hash = tcp_v4_md5_hash_skb, 2108 .md5_parse = tcp_v6_parse_md5_keys, 2109 #endif 2110 #ifdef CONFIG_TCP_AO 2111 .ao_lookup = tcp_v6_ao_lookup, 2112 .calc_ao_hash = tcp_v4_ao_hash_skb, 2113 .ao_parse = tcp_v6_parse_ao, 2114 .ao_calc_key_sk = tcp_v4_ao_calc_key_sk, 2115 #endif 2116 }; 2117 #endif 2118 2119 /* NOTE: A lot of things set to zero explicitly by call to 2120 * sk_alloc() so need not be done here. 2121 */ 2122 static int tcp_v6_init_sock(struct sock *sk) 2123 { 2124 struct inet_connection_sock *icsk = inet_csk(sk); 2125 2126 tcp_init_sock(sk); 2127 2128 icsk->icsk_af_ops = &ipv6_specific; 2129 2130 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO) 2131 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific; 2132 #endif 2133 2134 return 0; 2135 } 2136 2137 #ifdef CONFIG_PROC_FS 2138 /* Proc filesystem TCPv6 sock list dumping. */ 2139 static void get_openreq6(struct seq_file *seq, 2140 const struct request_sock *req, int i) 2141 { 2142 long ttd = req->rsk_timer.expires - jiffies; 2143 const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr; 2144 const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr; 2145 2146 if (ttd < 0) 2147 ttd = 0; 2148 2149 seq_printf(seq, 2150 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 2151 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n", 2152 i, 2153 src->s6_addr32[0], src->s6_addr32[1], 2154 src->s6_addr32[2], src->s6_addr32[3], 2155 inet_rsk(req)->ir_num, 2156 dest->s6_addr32[0], dest->s6_addr32[1], 2157 dest->s6_addr32[2], dest->s6_addr32[3], 2158 ntohs(inet_rsk(req)->ir_rmt_port), 2159 TCP_SYN_RECV, 2160 0, 0, /* could print option size, but that is af dependent. */ 2161 1, /* timers active (only the expire timer) */ 2162 jiffies_to_clock_t(ttd), 2163 req->num_timeout, 2164 from_kuid_munged(seq_user_ns(seq), 2165 sock_i_uid(req->rsk_listener)), 2166 0, /* non standard timer */ 2167 0, /* open_requests have no inode */ 2168 0, req); 2169 } 2170 2171 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) 2172 { 2173 const struct in6_addr *dest, *src; 2174 __u16 destp, srcp; 2175 int timer_active; 2176 unsigned long timer_expires; 2177 const struct inet_sock *inet = inet_sk(sp); 2178 const struct tcp_sock *tp = tcp_sk(sp); 2179 const struct inet_connection_sock *icsk = inet_csk(sp); 2180 const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq; 2181 int rx_queue; 2182 int state; 2183 2184 dest = &sp->sk_v6_daddr; 2185 src = &sp->sk_v6_rcv_saddr; 2186 destp = ntohs(inet->inet_dport); 2187 srcp = ntohs(inet->inet_sport); 2188 2189 if (icsk->icsk_pending == ICSK_TIME_RETRANS || 2190 icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT || 2191 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) { 2192 timer_active = 1; 2193 timer_expires = icsk->icsk_timeout; 2194 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) { 2195 timer_active = 4; 2196 timer_expires = icsk->icsk_timeout; 2197 } else if (timer_pending(&sp->sk_timer)) { 2198 timer_active = 2; 2199 timer_expires = sp->sk_timer.expires; 2200 } else { 2201 timer_active = 0; 2202 timer_expires = jiffies; 2203 } 2204 2205 state = inet_sk_state_load(sp); 2206 if (state == TCP_LISTEN) 2207 rx_queue = READ_ONCE(sp->sk_ack_backlog); 2208 else 2209 /* Because we don't lock the socket, 2210 * we might find a transient negative value. 2211 */ 2212 rx_queue = max_t(int, READ_ONCE(tp->rcv_nxt) - 2213 READ_ONCE(tp->copied_seq), 0); 2214 2215 seq_printf(seq, 2216 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 2217 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n", 2218 i, 2219 src->s6_addr32[0], src->s6_addr32[1], 2220 src->s6_addr32[2], src->s6_addr32[3], srcp, 2221 dest->s6_addr32[0], dest->s6_addr32[1], 2222 dest->s6_addr32[2], dest->s6_addr32[3], destp, 2223 state, 2224 READ_ONCE(tp->write_seq) - tp->snd_una, 2225 rx_queue, 2226 timer_active, 2227 jiffies_delta_to_clock_t(timer_expires - jiffies), 2228 icsk->icsk_retransmits, 2229 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)), 2230 icsk->icsk_probes_out, 2231 sock_i_ino(sp), 2232 refcount_read(&sp->sk_refcnt), sp, 2233 jiffies_to_clock_t(icsk->icsk_rto), 2234 jiffies_to_clock_t(icsk->icsk_ack.ato), 2235 (icsk->icsk_ack.quick << 1) | inet_csk_in_pingpong_mode(sp), 2236 tcp_snd_cwnd(tp), 2237 state == TCP_LISTEN ? 2238 fastopenq->max_qlen : 2239 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh) 2240 ); 2241 } 2242 2243 static void get_timewait6_sock(struct seq_file *seq, 2244 struct inet_timewait_sock *tw, int i) 2245 { 2246 long delta = tw->tw_timer.expires - jiffies; 2247 const struct in6_addr *dest, *src; 2248 __u16 destp, srcp; 2249 2250 dest = &tw->tw_v6_daddr; 2251 src = &tw->tw_v6_rcv_saddr; 2252 destp = ntohs(tw->tw_dport); 2253 srcp = ntohs(tw->tw_sport); 2254 2255 seq_printf(seq, 2256 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 2257 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n", 2258 i, 2259 src->s6_addr32[0], src->s6_addr32[1], 2260 src->s6_addr32[2], src->s6_addr32[3], srcp, 2261 dest->s6_addr32[0], dest->s6_addr32[1], 2262 dest->s6_addr32[2], dest->s6_addr32[3], destp, 2263 tw->tw_substate, 0, 0, 2264 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0, 2265 refcount_read(&tw->tw_refcnt), tw); 2266 } 2267 2268 static int tcp6_seq_show(struct seq_file *seq, void *v) 2269 { 2270 struct tcp_iter_state *st; 2271 struct sock *sk = v; 2272 2273 if (v == SEQ_START_TOKEN) { 2274 seq_puts(seq, 2275 " sl " 2276 "local_address " 2277 "remote_address " 2278 "st tx_queue rx_queue tr tm->when retrnsmt" 2279 " uid timeout inode\n"); 2280 goto out; 2281 } 2282 st = seq->private; 2283 2284 if (sk->sk_state == TCP_TIME_WAIT) 2285 get_timewait6_sock(seq, v, st->num); 2286 else if (sk->sk_state == TCP_NEW_SYN_RECV) 2287 get_openreq6(seq, v, st->num); 2288 else 2289 get_tcp6_sock(seq, v, st->num); 2290 out: 2291 return 0; 2292 } 2293 2294 static const struct seq_operations tcp6_seq_ops = { 2295 .show = tcp6_seq_show, 2296 .start = tcp_seq_start, 2297 .next = tcp_seq_next, 2298 .stop = tcp_seq_stop, 2299 }; 2300 2301 static struct tcp_seq_afinfo tcp6_seq_afinfo = { 2302 .family = AF_INET6, 2303 }; 2304 2305 int __net_init tcp6_proc_init(struct net *net) 2306 { 2307 if (!proc_create_net_data("tcp6", 0444, net->proc_net, &tcp6_seq_ops, 2308 sizeof(struct tcp_iter_state), &tcp6_seq_afinfo)) 2309 return -ENOMEM; 2310 return 0; 2311 } 2312 2313 void tcp6_proc_exit(struct net *net) 2314 { 2315 remove_proc_entry("tcp6", net->proc_net); 2316 } 2317 #endif 2318 2319 struct proto tcpv6_prot = { 2320 .name = "TCPv6", 2321 .owner = THIS_MODULE, 2322 .close = tcp_close, 2323 .pre_connect = tcp_v6_pre_connect, 2324 .connect = tcp_v6_connect, 2325 .disconnect = tcp_disconnect, 2326 .accept = inet_csk_accept, 2327 .ioctl = tcp_ioctl, 2328 .init = tcp_v6_init_sock, 2329 .destroy = tcp_v4_destroy_sock, 2330 .shutdown = tcp_shutdown, 2331 .setsockopt = tcp_setsockopt, 2332 .getsockopt = tcp_getsockopt, 2333 .bpf_bypass_getsockopt = tcp_bpf_bypass_getsockopt, 2334 .keepalive = tcp_set_keepalive, 2335 .recvmsg = tcp_recvmsg, 2336 .sendmsg = tcp_sendmsg, 2337 .splice_eof = tcp_splice_eof, 2338 .backlog_rcv = tcp_v6_do_rcv, 2339 .release_cb = tcp_release_cb, 2340 .hash = inet6_hash, 2341 .unhash = inet_unhash, 2342 .get_port = inet_csk_get_port, 2343 .put_port = inet_put_port, 2344 #ifdef CONFIG_BPF_SYSCALL 2345 .psock_update_sk_prot = tcp_bpf_update_proto, 2346 #endif 2347 .enter_memory_pressure = tcp_enter_memory_pressure, 2348 .leave_memory_pressure = tcp_leave_memory_pressure, 2349 .stream_memory_free = tcp_stream_memory_free, 2350 .sockets_allocated = &tcp_sockets_allocated, 2351 2352 .memory_allocated = &tcp_memory_allocated, 2353 .per_cpu_fw_alloc = &tcp_memory_per_cpu_fw_alloc, 2354 2355 .memory_pressure = &tcp_memory_pressure, 2356 .orphan_count = &tcp_orphan_count, 2357 .sysctl_mem = sysctl_tcp_mem, 2358 .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_tcp_wmem), 2359 .sysctl_rmem_offset = offsetof(struct net, ipv4.sysctl_tcp_rmem), 2360 .max_header = MAX_TCP_HEADER, 2361 .obj_size = sizeof(struct tcp6_sock), 2362 .ipv6_pinfo_offset = offsetof(struct tcp6_sock, inet6), 2363 .slab_flags = SLAB_TYPESAFE_BY_RCU, 2364 .twsk_prot = &tcp6_timewait_sock_ops, 2365 .rsk_prot = &tcp6_request_sock_ops, 2366 .h.hashinfo = NULL, 2367 .no_autobind = true, 2368 .diag_destroy = tcp_abort, 2369 }; 2370 EXPORT_SYMBOL_GPL(tcpv6_prot); 2371 2372 2373 static struct inet_protosw tcpv6_protosw = { 2374 .type = SOCK_STREAM, 2375 .protocol = IPPROTO_TCP, 2376 .prot = &tcpv6_prot, 2377 .ops = &inet6_stream_ops, 2378 .flags = INET_PROTOSW_PERMANENT | 2379 INET_PROTOSW_ICSK, 2380 }; 2381 2382 static int __net_init tcpv6_net_init(struct net *net) 2383 { 2384 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6, 2385 SOCK_RAW, IPPROTO_TCP, net); 2386 } 2387 2388 static void __net_exit tcpv6_net_exit(struct net *net) 2389 { 2390 inet_ctl_sock_destroy(net->ipv6.tcp_sk); 2391 } 2392 2393 static struct pernet_operations tcpv6_net_ops = { 2394 .init = tcpv6_net_init, 2395 .exit = tcpv6_net_exit, 2396 }; 2397 2398 int __init tcpv6_init(void) 2399 { 2400 int ret; 2401 2402 net_hotdata.tcpv6_protocol = (struct inet6_protocol) { 2403 .handler = tcp_v6_rcv, 2404 .err_handler = tcp_v6_err, 2405 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_FINAL, 2406 }; 2407 ret = inet6_add_protocol(&net_hotdata.tcpv6_protocol, IPPROTO_TCP); 2408 if (ret) 2409 goto out; 2410 2411 /* register inet6 protocol */ 2412 ret = inet6_register_protosw(&tcpv6_protosw); 2413 if (ret) 2414 goto out_tcpv6_protocol; 2415 2416 ret = register_pernet_subsys(&tcpv6_net_ops); 2417 if (ret) 2418 goto out_tcpv6_protosw; 2419 2420 ret = mptcpv6_init(); 2421 if (ret) 2422 goto out_tcpv6_pernet_subsys; 2423 2424 out: 2425 return ret; 2426 2427 out_tcpv6_pernet_subsys: 2428 unregister_pernet_subsys(&tcpv6_net_ops); 2429 out_tcpv6_protosw: 2430 inet6_unregister_protosw(&tcpv6_protosw); 2431 out_tcpv6_protocol: 2432 inet6_del_protocol(&net_hotdata.tcpv6_protocol, IPPROTO_TCP); 2433 goto out; 2434 } 2435 2436 void tcpv6_exit(void) 2437 { 2438 unregister_pernet_subsys(&tcpv6_net_ops); 2439 inet6_unregister_protosw(&tcpv6_protosw); 2440 inet6_del_protocol(&net_hotdata.tcpv6_protocol, IPPROTO_TCP); 2441 } 2442