1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * TCP over IPv6 4 * Linux INET6 implementation 5 * 6 * Authors: 7 * Pedro Roque <roque@di.fc.ul.pt> 8 * 9 * Based on: 10 * linux/net/ipv4/tcp.c 11 * linux/net/ipv4/tcp_input.c 12 * linux/net/ipv4/tcp_output.c 13 * 14 * Fixes: 15 * Hideaki YOSHIFUJI : sin6_scope_id support 16 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which 17 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind 18 * a single port at the same time. 19 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file. 20 */ 21 22 #include <linux/bottom_half.h> 23 #include <linux/module.h> 24 #include <linux/errno.h> 25 #include <linux/types.h> 26 #include <linux/socket.h> 27 #include <linux/sockios.h> 28 #include <linux/net.h> 29 #include <linux/jiffies.h> 30 #include <linux/in.h> 31 #include <linux/in6.h> 32 #include <linux/netdevice.h> 33 #include <linux/init.h> 34 #include <linux/jhash.h> 35 #include <linux/ipsec.h> 36 #include <linux/times.h> 37 #include <linux/slab.h> 38 #include <linux/uaccess.h> 39 #include <linux/ipv6.h> 40 #include <linux/icmpv6.h> 41 #include <linux/random.h> 42 #include <linux/indirect_call_wrapper.h> 43 44 #include <net/tcp.h> 45 #include <net/ndisc.h> 46 #include <net/inet6_hashtables.h> 47 #include <net/inet6_connection_sock.h> 48 #include <net/ipv6.h> 49 #include <net/transp_v6.h> 50 #include <net/addrconf.h> 51 #include <net/ip6_route.h> 52 #include <net/ip6_checksum.h> 53 #include <net/inet_ecn.h> 54 #include <net/protocol.h> 55 #include <net/xfrm.h> 56 #include <net/snmp.h> 57 #include <net/dsfield.h> 58 #include <net/timewait_sock.h> 59 #include <net/inet_common.h> 60 #include <net/secure_seq.h> 61 #include <net/busy_poll.h> 62 63 #include <linux/proc_fs.h> 64 #include <linux/seq_file.h> 65 66 #include <crypto/hash.h> 67 #include <linux/scatterlist.h> 68 69 #include <trace/events/tcp.h> 70 71 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb); 72 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb, 73 struct request_sock *req); 74 75 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb); 76 77 static const struct inet_connection_sock_af_ops ipv6_mapped; 78 static const struct inet_connection_sock_af_ops ipv6_specific; 79 #ifdef CONFIG_TCP_MD5SIG 80 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific; 81 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific; 82 #else 83 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk, 84 const struct in6_addr *addr) 85 { 86 return NULL; 87 } 88 #endif 89 90 /* Helper returning the inet6 address from a given tcp socket. 91 * It can be used in TCP stack instead of inet6_sk(sk). 92 * This avoids a dereference and allow compiler optimizations. 93 * It is a specialized version of inet6_sk_generic(). 94 */ 95 static struct ipv6_pinfo *tcp_inet6_sk(const struct sock *sk) 96 { 97 unsigned int offset = sizeof(struct tcp6_sock) - sizeof(struct ipv6_pinfo); 98 99 return (struct ipv6_pinfo *)(((u8 *)sk) + offset); 100 } 101 102 static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) 103 { 104 struct dst_entry *dst = skb_dst(skb); 105 106 if (dst && dst_hold_safe(dst)) { 107 const struct rt6_info *rt = (const struct rt6_info *)dst; 108 109 sk->sk_rx_dst = dst; 110 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif; 111 tcp_inet6_sk(sk)->rx_dst_cookie = rt6_get_cookie(rt); 112 } 113 } 114 115 static u32 tcp_v6_init_seq(const struct sk_buff *skb) 116 { 117 return secure_tcpv6_seq(ipv6_hdr(skb)->daddr.s6_addr32, 118 ipv6_hdr(skb)->saddr.s6_addr32, 119 tcp_hdr(skb)->dest, 120 tcp_hdr(skb)->source); 121 } 122 123 static u32 tcp_v6_init_ts_off(const struct net *net, const struct sk_buff *skb) 124 { 125 return secure_tcpv6_ts_off(net, ipv6_hdr(skb)->daddr.s6_addr32, 126 ipv6_hdr(skb)->saddr.s6_addr32); 127 } 128 129 static int tcp_v6_pre_connect(struct sock *sk, struct sockaddr *uaddr, 130 int addr_len) 131 { 132 /* This check is replicated from tcp_v6_connect() and intended to 133 * prevent BPF program called below from accessing bytes that are out 134 * of the bound specified by user in addr_len. 135 */ 136 if (addr_len < SIN6_LEN_RFC2133) 137 return -EINVAL; 138 139 sock_owned_by_me(sk); 140 141 return BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr); 142 } 143 144 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 145 int addr_len) 146 { 147 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; 148 struct inet_sock *inet = inet_sk(sk); 149 struct inet_connection_sock *icsk = inet_csk(sk); 150 struct ipv6_pinfo *np = tcp_inet6_sk(sk); 151 struct tcp_sock *tp = tcp_sk(sk); 152 struct in6_addr *saddr = NULL, *final_p, final; 153 struct ipv6_txoptions *opt; 154 struct flowi6 fl6; 155 struct dst_entry *dst; 156 int addr_type; 157 int err; 158 struct inet_timewait_death_row *tcp_death_row = &sock_net(sk)->ipv4.tcp_death_row; 159 160 if (addr_len < SIN6_LEN_RFC2133) 161 return -EINVAL; 162 163 if (usin->sin6_family != AF_INET6) 164 return -EAFNOSUPPORT; 165 166 memset(&fl6, 0, sizeof(fl6)); 167 168 if (np->sndflow) { 169 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK; 170 IP6_ECN_flow_init(fl6.flowlabel); 171 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) { 172 struct ip6_flowlabel *flowlabel; 173 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); 174 if (!flowlabel) 175 return -EINVAL; 176 fl6_sock_release(flowlabel); 177 } 178 } 179 180 /* 181 * connect() to INADDR_ANY means loopback (BSD'ism). 182 */ 183 184 if (ipv6_addr_any(&usin->sin6_addr)) { 185 if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr)) 186 ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK), 187 &usin->sin6_addr); 188 else 189 usin->sin6_addr = in6addr_loopback; 190 } 191 192 addr_type = ipv6_addr_type(&usin->sin6_addr); 193 194 if (addr_type & IPV6_ADDR_MULTICAST) 195 return -ENETUNREACH; 196 197 if (addr_type&IPV6_ADDR_LINKLOCAL) { 198 if (addr_len >= sizeof(struct sockaddr_in6) && 199 usin->sin6_scope_id) { 200 /* If interface is set while binding, indices 201 * must coincide. 202 */ 203 if (!sk_dev_equal_l3scope(sk, usin->sin6_scope_id)) 204 return -EINVAL; 205 206 sk->sk_bound_dev_if = usin->sin6_scope_id; 207 } 208 209 /* Connect to link-local address requires an interface */ 210 if (!sk->sk_bound_dev_if) 211 return -EINVAL; 212 } 213 214 if (tp->rx_opt.ts_recent_stamp && 215 !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) { 216 tp->rx_opt.ts_recent = 0; 217 tp->rx_opt.ts_recent_stamp = 0; 218 tp->write_seq = 0; 219 } 220 221 sk->sk_v6_daddr = usin->sin6_addr; 222 np->flow_label = fl6.flowlabel; 223 224 /* 225 * TCP over IPv4 226 */ 227 228 if (addr_type & IPV6_ADDR_MAPPED) { 229 u32 exthdrlen = icsk->icsk_ext_hdr_len; 230 struct sockaddr_in sin; 231 232 if (__ipv6_only_sock(sk)) 233 return -ENETUNREACH; 234 235 sin.sin_family = AF_INET; 236 sin.sin_port = usin->sin6_port; 237 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3]; 238 239 icsk->icsk_af_ops = &ipv6_mapped; 240 sk->sk_backlog_rcv = tcp_v4_do_rcv; 241 #ifdef CONFIG_TCP_MD5SIG 242 tp->af_specific = &tcp_sock_ipv6_mapped_specific; 243 #endif 244 245 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin)); 246 247 if (err) { 248 icsk->icsk_ext_hdr_len = exthdrlen; 249 icsk->icsk_af_ops = &ipv6_specific; 250 sk->sk_backlog_rcv = tcp_v6_do_rcv; 251 #ifdef CONFIG_TCP_MD5SIG 252 tp->af_specific = &tcp_sock_ipv6_specific; 253 #endif 254 goto failure; 255 } 256 np->saddr = sk->sk_v6_rcv_saddr; 257 258 return err; 259 } 260 261 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr)) 262 saddr = &sk->sk_v6_rcv_saddr; 263 264 fl6.flowi6_proto = IPPROTO_TCP; 265 fl6.daddr = sk->sk_v6_daddr; 266 fl6.saddr = saddr ? *saddr : np->saddr; 267 fl6.flowi6_oif = sk->sk_bound_dev_if; 268 fl6.flowi6_mark = sk->sk_mark; 269 fl6.fl6_dport = usin->sin6_port; 270 fl6.fl6_sport = inet->inet_sport; 271 fl6.flowi6_uid = sk->sk_uid; 272 273 opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk)); 274 final_p = fl6_update_dst(&fl6, opt, &final); 275 276 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); 277 278 dst = ip6_dst_lookup_flow(sk, &fl6, final_p); 279 if (IS_ERR(dst)) { 280 err = PTR_ERR(dst); 281 goto failure; 282 } 283 284 if (!saddr) { 285 saddr = &fl6.saddr; 286 sk->sk_v6_rcv_saddr = *saddr; 287 } 288 289 /* set the source address */ 290 np->saddr = *saddr; 291 inet->inet_rcv_saddr = LOOPBACK4_IPV6; 292 293 sk->sk_gso_type = SKB_GSO_TCPV6; 294 ip6_dst_store(sk, dst, NULL, NULL); 295 296 icsk->icsk_ext_hdr_len = 0; 297 if (opt) 298 icsk->icsk_ext_hdr_len = opt->opt_flen + 299 opt->opt_nflen; 300 301 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 302 303 inet->inet_dport = usin->sin6_port; 304 305 tcp_set_state(sk, TCP_SYN_SENT); 306 err = inet6_hash_connect(tcp_death_row, sk); 307 if (err) 308 goto late_failure; 309 310 sk_set_txhash(sk); 311 312 if (likely(!tp->repair)) { 313 if (!tp->write_seq) 314 tp->write_seq = secure_tcpv6_seq(np->saddr.s6_addr32, 315 sk->sk_v6_daddr.s6_addr32, 316 inet->inet_sport, 317 inet->inet_dport); 318 tp->tsoffset = secure_tcpv6_ts_off(sock_net(sk), 319 np->saddr.s6_addr32, 320 sk->sk_v6_daddr.s6_addr32); 321 } 322 323 if (tcp_fastopen_defer_connect(sk, &err)) 324 return err; 325 if (err) 326 goto late_failure; 327 328 err = tcp_connect(sk); 329 if (err) 330 goto late_failure; 331 332 return 0; 333 334 late_failure: 335 tcp_set_state(sk, TCP_CLOSE); 336 failure: 337 inet->inet_dport = 0; 338 sk->sk_route_caps = 0; 339 return err; 340 } 341 342 static void tcp_v6_mtu_reduced(struct sock *sk) 343 { 344 struct dst_entry *dst; 345 346 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) 347 return; 348 349 dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info); 350 if (!dst) 351 return; 352 353 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) { 354 tcp_sync_mss(sk, dst_mtu(dst)); 355 tcp_simple_retransmit(sk); 356 } 357 } 358 359 static int tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 360 u8 type, u8 code, int offset, __be32 info) 361 { 362 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data; 363 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset); 364 struct net *net = dev_net(skb->dev); 365 struct request_sock *fastopen; 366 struct ipv6_pinfo *np; 367 struct tcp_sock *tp; 368 __u32 seq, snd_una; 369 struct sock *sk; 370 bool fatal; 371 int err; 372 373 sk = __inet6_lookup_established(net, &tcp_hashinfo, 374 &hdr->daddr, th->dest, 375 &hdr->saddr, ntohs(th->source), 376 skb->dev->ifindex, inet6_sdif(skb)); 377 378 if (!sk) { 379 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), 380 ICMP6_MIB_INERRORS); 381 return -ENOENT; 382 } 383 384 if (sk->sk_state == TCP_TIME_WAIT) { 385 inet_twsk_put(inet_twsk(sk)); 386 return 0; 387 } 388 seq = ntohl(th->seq); 389 fatal = icmpv6_err_convert(type, code, &err); 390 if (sk->sk_state == TCP_NEW_SYN_RECV) { 391 tcp_req_err(sk, seq, fatal); 392 return 0; 393 } 394 395 bh_lock_sock(sk); 396 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG) 397 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS); 398 399 if (sk->sk_state == TCP_CLOSE) 400 goto out; 401 402 if (ipv6_hdr(skb)->hop_limit < tcp_inet6_sk(sk)->min_hopcount) { 403 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP); 404 goto out; 405 } 406 407 tp = tcp_sk(sk); 408 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */ 409 fastopen = tp->fastopen_rsk; 410 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una; 411 if (sk->sk_state != TCP_LISTEN && 412 !between(seq, snd_una, tp->snd_nxt)) { 413 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS); 414 goto out; 415 } 416 417 np = tcp_inet6_sk(sk); 418 419 if (type == NDISC_REDIRECT) { 420 if (!sock_owned_by_user(sk)) { 421 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie); 422 423 if (dst) 424 dst->ops->redirect(dst, sk, skb); 425 } 426 goto out; 427 } 428 429 if (type == ICMPV6_PKT_TOOBIG) { 430 /* We are not interested in TCP_LISTEN and open_requests 431 * (SYN-ACKs send out by Linux are always <576bytes so 432 * they should go through unfragmented). 433 */ 434 if (sk->sk_state == TCP_LISTEN) 435 goto out; 436 437 if (!ip6_sk_accept_pmtu(sk)) 438 goto out; 439 440 tp->mtu_info = ntohl(info); 441 if (!sock_owned_by_user(sk)) 442 tcp_v6_mtu_reduced(sk); 443 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED, 444 &sk->sk_tsq_flags)) 445 sock_hold(sk); 446 goto out; 447 } 448 449 450 /* Might be for an request_sock */ 451 switch (sk->sk_state) { 452 case TCP_SYN_SENT: 453 case TCP_SYN_RECV: 454 /* Only in fast or simultaneous open. If a fast open socket is 455 * is already accepted it is treated as a connected one below. 456 */ 457 if (fastopen && !fastopen->sk) 458 break; 459 460 if (!sock_owned_by_user(sk)) { 461 sk->sk_err = err; 462 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */ 463 464 tcp_done(sk); 465 } else 466 sk->sk_err_soft = err; 467 goto out; 468 } 469 470 if (!sock_owned_by_user(sk) && np->recverr) { 471 sk->sk_err = err; 472 sk->sk_error_report(sk); 473 } else 474 sk->sk_err_soft = err; 475 476 out: 477 bh_unlock_sock(sk); 478 sock_put(sk); 479 return 0; 480 } 481 482 483 static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst, 484 struct flowi *fl, 485 struct request_sock *req, 486 struct tcp_fastopen_cookie *foc, 487 enum tcp_synack_type synack_type) 488 { 489 struct inet_request_sock *ireq = inet_rsk(req); 490 struct ipv6_pinfo *np = tcp_inet6_sk(sk); 491 struct ipv6_txoptions *opt; 492 struct flowi6 *fl6 = &fl->u.ip6; 493 struct sk_buff *skb; 494 int err = -ENOMEM; 495 496 /* First, grab a route. */ 497 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req, 498 IPPROTO_TCP)) == NULL) 499 goto done; 500 501 skb = tcp_make_synack(sk, dst, req, foc, synack_type); 502 503 if (skb) { 504 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr, 505 &ireq->ir_v6_rmt_addr); 506 507 fl6->daddr = ireq->ir_v6_rmt_addr; 508 if (np->repflow && ireq->pktopts) 509 fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts)); 510 511 rcu_read_lock(); 512 opt = ireq->ipv6_opt; 513 if (!opt) 514 opt = rcu_dereference(np->opt); 515 err = ip6_xmit(sk, skb, fl6, sk->sk_mark, opt, np->tclass); 516 rcu_read_unlock(); 517 err = net_xmit_eval(err); 518 } 519 520 done: 521 return err; 522 } 523 524 525 static void tcp_v6_reqsk_destructor(struct request_sock *req) 526 { 527 kfree(inet_rsk(req)->ipv6_opt); 528 kfree_skb(inet_rsk(req)->pktopts); 529 } 530 531 #ifdef CONFIG_TCP_MD5SIG 532 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk, 533 const struct in6_addr *addr) 534 { 535 return tcp_md5_do_lookup(sk, (union tcp_md5_addr *)addr, AF_INET6); 536 } 537 538 static struct tcp_md5sig_key *tcp_v6_md5_lookup(const struct sock *sk, 539 const struct sock *addr_sk) 540 { 541 return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr); 542 } 543 544 static int tcp_v6_parse_md5_keys(struct sock *sk, int optname, 545 char __user *optval, int optlen) 546 { 547 struct tcp_md5sig cmd; 548 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr; 549 u8 prefixlen; 550 551 if (optlen < sizeof(cmd)) 552 return -EINVAL; 553 554 if (copy_from_user(&cmd, optval, sizeof(cmd))) 555 return -EFAULT; 556 557 if (sin6->sin6_family != AF_INET6) 558 return -EINVAL; 559 560 if (optname == TCP_MD5SIG_EXT && 561 cmd.tcpm_flags & TCP_MD5SIG_FLAG_PREFIX) { 562 prefixlen = cmd.tcpm_prefixlen; 563 if (prefixlen > 128 || (ipv6_addr_v4mapped(&sin6->sin6_addr) && 564 prefixlen > 32)) 565 return -EINVAL; 566 } else { 567 prefixlen = ipv6_addr_v4mapped(&sin6->sin6_addr) ? 32 : 128; 568 } 569 570 if (!cmd.tcpm_keylen) { 571 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) 572 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3], 573 AF_INET, prefixlen); 574 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr, 575 AF_INET6, prefixlen); 576 } 577 578 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN) 579 return -EINVAL; 580 581 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) 582 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3], 583 AF_INET, prefixlen, cmd.tcpm_key, 584 cmd.tcpm_keylen, GFP_KERNEL); 585 586 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr, 587 AF_INET6, prefixlen, cmd.tcpm_key, 588 cmd.tcpm_keylen, GFP_KERNEL); 589 } 590 591 static int tcp_v6_md5_hash_headers(struct tcp_md5sig_pool *hp, 592 const struct in6_addr *daddr, 593 const struct in6_addr *saddr, 594 const struct tcphdr *th, int nbytes) 595 { 596 struct tcp6_pseudohdr *bp; 597 struct scatterlist sg; 598 struct tcphdr *_th; 599 600 bp = hp->scratch; 601 /* 1. TCP pseudo-header (RFC2460) */ 602 bp->saddr = *saddr; 603 bp->daddr = *daddr; 604 bp->protocol = cpu_to_be32(IPPROTO_TCP); 605 bp->len = cpu_to_be32(nbytes); 606 607 _th = (struct tcphdr *)(bp + 1); 608 memcpy(_th, th, sizeof(*th)); 609 _th->check = 0; 610 611 sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th)); 612 ahash_request_set_crypt(hp->md5_req, &sg, NULL, 613 sizeof(*bp) + sizeof(*th)); 614 return crypto_ahash_update(hp->md5_req); 615 } 616 617 static int tcp_v6_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key, 618 const struct in6_addr *daddr, struct in6_addr *saddr, 619 const struct tcphdr *th) 620 { 621 struct tcp_md5sig_pool *hp; 622 struct ahash_request *req; 623 624 hp = tcp_get_md5sig_pool(); 625 if (!hp) 626 goto clear_hash_noput; 627 req = hp->md5_req; 628 629 if (crypto_ahash_init(req)) 630 goto clear_hash; 631 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, th->doff << 2)) 632 goto clear_hash; 633 if (tcp_md5_hash_key(hp, key)) 634 goto clear_hash; 635 ahash_request_set_crypt(req, NULL, md5_hash, 0); 636 if (crypto_ahash_final(req)) 637 goto clear_hash; 638 639 tcp_put_md5sig_pool(); 640 return 0; 641 642 clear_hash: 643 tcp_put_md5sig_pool(); 644 clear_hash_noput: 645 memset(md5_hash, 0, 16); 646 return 1; 647 } 648 649 static int tcp_v6_md5_hash_skb(char *md5_hash, 650 const struct tcp_md5sig_key *key, 651 const struct sock *sk, 652 const struct sk_buff *skb) 653 { 654 const struct in6_addr *saddr, *daddr; 655 struct tcp_md5sig_pool *hp; 656 struct ahash_request *req; 657 const struct tcphdr *th = tcp_hdr(skb); 658 659 if (sk) { /* valid for establish/request sockets */ 660 saddr = &sk->sk_v6_rcv_saddr; 661 daddr = &sk->sk_v6_daddr; 662 } else { 663 const struct ipv6hdr *ip6h = ipv6_hdr(skb); 664 saddr = &ip6h->saddr; 665 daddr = &ip6h->daddr; 666 } 667 668 hp = tcp_get_md5sig_pool(); 669 if (!hp) 670 goto clear_hash_noput; 671 req = hp->md5_req; 672 673 if (crypto_ahash_init(req)) 674 goto clear_hash; 675 676 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, skb->len)) 677 goto clear_hash; 678 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2)) 679 goto clear_hash; 680 if (tcp_md5_hash_key(hp, key)) 681 goto clear_hash; 682 ahash_request_set_crypt(req, NULL, md5_hash, 0); 683 if (crypto_ahash_final(req)) 684 goto clear_hash; 685 686 tcp_put_md5sig_pool(); 687 return 0; 688 689 clear_hash: 690 tcp_put_md5sig_pool(); 691 clear_hash_noput: 692 memset(md5_hash, 0, 16); 693 return 1; 694 } 695 696 #endif 697 698 static bool tcp_v6_inbound_md5_hash(const struct sock *sk, 699 const struct sk_buff *skb) 700 { 701 #ifdef CONFIG_TCP_MD5SIG 702 const __u8 *hash_location = NULL; 703 struct tcp_md5sig_key *hash_expected; 704 const struct ipv6hdr *ip6h = ipv6_hdr(skb); 705 const struct tcphdr *th = tcp_hdr(skb); 706 int genhash; 707 u8 newhash[16]; 708 709 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr); 710 hash_location = tcp_parse_md5sig_option(th); 711 712 /* We've parsed the options - do we have a hash? */ 713 if (!hash_expected && !hash_location) 714 return false; 715 716 if (hash_expected && !hash_location) { 717 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND); 718 return true; 719 } 720 721 if (!hash_expected && hash_location) { 722 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED); 723 return true; 724 } 725 726 /* check the signature */ 727 genhash = tcp_v6_md5_hash_skb(newhash, 728 hash_expected, 729 NULL, skb); 730 731 if (genhash || memcmp(hash_location, newhash, 16) != 0) { 732 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5FAILURE); 733 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n", 734 genhash ? "failed" : "mismatch", 735 &ip6h->saddr, ntohs(th->source), 736 &ip6h->daddr, ntohs(th->dest)); 737 return true; 738 } 739 #endif 740 return false; 741 } 742 743 static void tcp_v6_init_req(struct request_sock *req, 744 const struct sock *sk_listener, 745 struct sk_buff *skb) 746 { 747 bool l3_slave = ipv6_l3mdev_skb(TCP_SKB_CB(skb)->header.h6.flags); 748 struct inet_request_sock *ireq = inet_rsk(req); 749 const struct ipv6_pinfo *np = tcp_inet6_sk(sk_listener); 750 751 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr; 752 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr; 753 754 /* So that link locals have meaning */ 755 if ((!sk_listener->sk_bound_dev_if || l3_slave) && 756 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL) 757 ireq->ir_iif = tcp_v6_iif(skb); 758 759 if (!TCP_SKB_CB(skb)->tcp_tw_isn && 760 (ipv6_opt_accepted(sk_listener, skb, &TCP_SKB_CB(skb)->header.h6) || 761 np->rxopt.bits.rxinfo || 762 np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim || 763 np->rxopt.bits.rxohlim || np->repflow)) { 764 refcount_inc(&skb->users); 765 ireq->pktopts = skb; 766 } 767 } 768 769 static struct dst_entry *tcp_v6_route_req(const struct sock *sk, 770 struct flowi *fl, 771 const struct request_sock *req) 772 { 773 return inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP); 774 } 775 776 struct request_sock_ops tcp6_request_sock_ops __read_mostly = { 777 .family = AF_INET6, 778 .obj_size = sizeof(struct tcp6_request_sock), 779 .rtx_syn_ack = tcp_rtx_synack, 780 .send_ack = tcp_v6_reqsk_send_ack, 781 .destructor = tcp_v6_reqsk_destructor, 782 .send_reset = tcp_v6_send_reset, 783 .syn_ack_timeout = tcp_syn_ack_timeout, 784 }; 785 786 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = { 787 .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - 788 sizeof(struct ipv6hdr), 789 #ifdef CONFIG_TCP_MD5SIG 790 .req_md5_lookup = tcp_v6_md5_lookup, 791 .calc_md5_hash = tcp_v6_md5_hash_skb, 792 #endif 793 .init_req = tcp_v6_init_req, 794 #ifdef CONFIG_SYN_COOKIES 795 .cookie_init_seq = cookie_v6_init_sequence, 796 #endif 797 .route_req = tcp_v6_route_req, 798 .init_seq = tcp_v6_init_seq, 799 .init_ts_off = tcp_v6_init_ts_off, 800 .send_synack = tcp_v6_send_synack, 801 }; 802 803 static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 seq, 804 u32 ack, u32 win, u32 tsval, u32 tsecr, 805 int oif, struct tcp_md5sig_key *key, int rst, 806 u8 tclass, __be32 label) 807 { 808 const struct tcphdr *th = tcp_hdr(skb); 809 struct tcphdr *t1; 810 struct sk_buff *buff; 811 struct flowi6 fl6; 812 struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev); 813 struct sock *ctl_sk = net->ipv6.tcp_sk; 814 unsigned int tot_len = sizeof(struct tcphdr); 815 struct dst_entry *dst; 816 __be32 *topt; 817 __u32 mark = 0; 818 819 if (tsecr) 820 tot_len += TCPOLEN_TSTAMP_ALIGNED; 821 #ifdef CONFIG_TCP_MD5SIG 822 if (key) 823 tot_len += TCPOLEN_MD5SIG_ALIGNED; 824 #endif 825 826 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len, 827 GFP_ATOMIC); 828 if (!buff) 829 return; 830 831 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len); 832 833 t1 = skb_push(buff, tot_len); 834 skb_reset_transport_header(buff); 835 836 /* Swap the send and the receive. */ 837 memset(t1, 0, sizeof(*t1)); 838 t1->dest = th->source; 839 t1->source = th->dest; 840 t1->doff = tot_len / 4; 841 t1->seq = htonl(seq); 842 t1->ack_seq = htonl(ack); 843 t1->ack = !rst || !th->ack; 844 t1->rst = rst; 845 t1->window = htons(win); 846 847 topt = (__be32 *)(t1 + 1); 848 849 if (tsecr) { 850 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 851 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP); 852 *topt++ = htonl(tsval); 853 *topt++ = htonl(tsecr); 854 } 855 856 #ifdef CONFIG_TCP_MD5SIG 857 if (key) { 858 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 859 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); 860 tcp_v6_md5_hash_hdr((__u8 *)topt, key, 861 &ipv6_hdr(skb)->saddr, 862 &ipv6_hdr(skb)->daddr, t1); 863 } 864 #endif 865 866 memset(&fl6, 0, sizeof(fl6)); 867 fl6.daddr = ipv6_hdr(skb)->saddr; 868 fl6.saddr = ipv6_hdr(skb)->daddr; 869 fl6.flowlabel = label; 870 871 buff->ip_summed = CHECKSUM_PARTIAL; 872 buff->csum = 0; 873 874 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr); 875 876 fl6.flowi6_proto = IPPROTO_TCP; 877 if (rt6_need_strict(&fl6.daddr) && !oif) 878 fl6.flowi6_oif = tcp_v6_iif(skb); 879 else { 880 if (!oif && netif_index_is_l3_master(net, skb->skb_iif)) 881 oif = skb->skb_iif; 882 883 fl6.flowi6_oif = oif; 884 } 885 886 if (sk) 887 mark = (sk->sk_state == TCP_TIME_WAIT) ? 888 inet_twsk(sk)->tw_mark : sk->sk_mark; 889 fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark) ?: mark; 890 fl6.fl6_dport = t1->dest; 891 fl6.fl6_sport = t1->source; 892 fl6.flowi6_uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL); 893 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); 894 895 /* Pass a socket to ip6_dst_lookup either it is for RST 896 * Underlying function will use this to retrieve the network 897 * namespace 898 */ 899 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL); 900 if (!IS_ERR(dst)) { 901 skb_dst_set(buff, dst); 902 ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL, tclass); 903 TCP_INC_STATS(net, TCP_MIB_OUTSEGS); 904 if (rst) 905 TCP_INC_STATS(net, TCP_MIB_OUTRSTS); 906 return; 907 } 908 909 kfree_skb(buff); 910 } 911 912 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb) 913 { 914 const struct tcphdr *th = tcp_hdr(skb); 915 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 916 u32 seq = 0, ack_seq = 0; 917 struct tcp_md5sig_key *key = NULL; 918 #ifdef CONFIG_TCP_MD5SIG 919 const __u8 *hash_location = NULL; 920 unsigned char newhash[16]; 921 int genhash; 922 struct sock *sk1 = NULL; 923 #endif 924 __be32 label = 0; 925 struct net *net; 926 int oif = 0; 927 928 if (th->rst) 929 return; 930 931 /* If sk not NULL, it means we did a successful lookup and incoming 932 * route had to be correct. prequeue might have dropped our dst. 933 */ 934 if (!sk && !ipv6_unicast_destination(skb)) 935 return; 936 937 net = dev_net(skb_dst(skb)->dev); 938 #ifdef CONFIG_TCP_MD5SIG 939 rcu_read_lock(); 940 hash_location = tcp_parse_md5sig_option(th); 941 if (sk && sk_fullsock(sk)) { 942 key = tcp_v6_md5_do_lookup(sk, &ipv6h->saddr); 943 } else if (hash_location) { 944 /* 945 * active side is lost. Try to find listening socket through 946 * source port, and then find md5 key through listening socket. 947 * we are not loose security here: 948 * Incoming packet is checked with md5 hash with finding key, 949 * no RST generated if md5 hash doesn't match. 950 */ 951 sk1 = inet6_lookup_listener(net, 952 &tcp_hashinfo, NULL, 0, 953 &ipv6h->saddr, 954 th->source, &ipv6h->daddr, 955 ntohs(th->source), 956 tcp_v6_iif_l3_slave(skb), 957 tcp_v6_sdif(skb)); 958 if (!sk1) 959 goto out; 960 961 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr); 962 if (!key) 963 goto out; 964 965 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, skb); 966 if (genhash || memcmp(hash_location, newhash, 16) != 0) 967 goto out; 968 } 969 #endif 970 971 if (th->ack) 972 seq = ntohl(th->ack_seq); 973 else 974 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len - 975 (th->doff << 2); 976 977 if (sk) { 978 oif = sk->sk_bound_dev_if; 979 if (sk_fullsock(sk)) 980 trace_tcp_send_reset(sk, skb); 981 if (sk->sk_state == TCP_TIME_WAIT) 982 label = cpu_to_be32(inet_twsk(sk)->tw_flowlabel); 983 } else { 984 if (net->ipv6.sysctl.flowlabel_reflect & 2) 985 label = ip6_flowlabel(ipv6h); 986 } 987 988 tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, key, 1, 0, 989 label); 990 991 #ifdef CONFIG_TCP_MD5SIG 992 out: 993 rcu_read_unlock(); 994 #endif 995 } 996 997 static void tcp_v6_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq, 998 u32 ack, u32 win, u32 tsval, u32 tsecr, int oif, 999 struct tcp_md5sig_key *key, u8 tclass, 1000 __be32 label) 1001 { 1002 tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, key, 0, 1003 tclass, label); 1004 } 1005 1006 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb) 1007 { 1008 struct inet_timewait_sock *tw = inet_twsk(sk); 1009 struct tcp_timewait_sock *tcptw = tcp_twsk(sk); 1010 1011 tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt, 1012 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale, 1013 tcp_time_stamp_raw() + tcptw->tw_ts_offset, 1014 tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw), 1015 tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel)); 1016 1017 inet_twsk_put(tw); 1018 } 1019 1020 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb, 1021 struct request_sock *req) 1022 { 1023 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV 1024 * sk->sk_state == TCP_SYN_RECV -> for Fast Open. 1025 */ 1026 /* RFC 7323 2.3 1027 * The window field (SEG.WND) of every outgoing segment, with the 1028 * exception of <SYN> segments, MUST be right-shifted by 1029 * Rcv.Wind.Shift bits: 1030 */ 1031 tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ? 1032 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt, 1033 tcp_rsk(req)->rcv_nxt, 1034 req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale, 1035 tcp_time_stamp_raw() + tcp_rsk(req)->ts_off, 1036 req->ts_recent, sk->sk_bound_dev_if, 1037 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->saddr), 1038 0, 0); 1039 } 1040 1041 1042 static struct sock *tcp_v6_cookie_check(struct sock *sk, struct sk_buff *skb) 1043 { 1044 #ifdef CONFIG_SYN_COOKIES 1045 const struct tcphdr *th = tcp_hdr(skb); 1046 1047 if (!th->syn) 1048 sk = cookie_v6_check(sk, skb); 1049 #endif 1050 return sk; 1051 } 1052 1053 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb) 1054 { 1055 if (skb->protocol == htons(ETH_P_IP)) 1056 return tcp_v4_conn_request(sk, skb); 1057 1058 if (!ipv6_unicast_destination(skb)) 1059 goto drop; 1060 1061 return tcp_conn_request(&tcp6_request_sock_ops, 1062 &tcp_request_sock_ipv6_ops, sk, skb); 1063 1064 drop: 1065 tcp_listendrop(sk); 1066 return 0; /* don't send reset */ 1067 } 1068 1069 static void tcp_v6_restore_cb(struct sk_buff *skb) 1070 { 1071 /* We need to move header back to the beginning if xfrm6_policy_check() 1072 * and tcp_v6_fill_cb() are going to be called again. 1073 * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there. 1074 */ 1075 memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6, 1076 sizeof(struct inet6_skb_parm)); 1077 } 1078 1079 static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb, 1080 struct request_sock *req, 1081 struct dst_entry *dst, 1082 struct request_sock *req_unhash, 1083 bool *own_req) 1084 { 1085 struct inet_request_sock *ireq; 1086 struct ipv6_pinfo *newnp; 1087 const struct ipv6_pinfo *np = tcp_inet6_sk(sk); 1088 struct ipv6_txoptions *opt; 1089 struct inet_sock *newinet; 1090 struct tcp_sock *newtp; 1091 struct sock *newsk; 1092 #ifdef CONFIG_TCP_MD5SIG 1093 struct tcp_md5sig_key *key; 1094 #endif 1095 struct flowi6 fl6; 1096 1097 if (skb->protocol == htons(ETH_P_IP)) { 1098 /* 1099 * v6 mapped 1100 */ 1101 1102 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst, 1103 req_unhash, own_req); 1104 1105 if (!newsk) 1106 return NULL; 1107 1108 inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk); 1109 1110 newinet = inet_sk(newsk); 1111 newnp = tcp_inet6_sk(newsk); 1112 newtp = tcp_sk(newsk); 1113 1114 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1115 1116 newnp->saddr = newsk->sk_v6_rcv_saddr; 1117 1118 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped; 1119 newsk->sk_backlog_rcv = tcp_v4_do_rcv; 1120 #ifdef CONFIG_TCP_MD5SIG 1121 newtp->af_specific = &tcp_sock_ipv6_mapped_specific; 1122 #endif 1123 1124 newnp->ipv6_mc_list = NULL; 1125 newnp->ipv6_ac_list = NULL; 1126 newnp->ipv6_fl_list = NULL; 1127 newnp->pktoptions = NULL; 1128 newnp->opt = NULL; 1129 newnp->mcast_oif = inet_iif(skb); 1130 newnp->mcast_hops = ip_hdr(skb)->ttl; 1131 newnp->rcv_flowinfo = 0; 1132 if (np->repflow) 1133 newnp->flow_label = 0; 1134 1135 /* 1136 * No need to charge this sock to the relevant IPv6 refcnt debug socks count 1137 * here, tcp_create_openreq_child now does this for us, see the comment in 1138 * that function for the gory details. -acme 1139 */ 1140 1141 /* It is tricky place. Until this moment IPv4 tcp 1142 worked with IPv6 icsk.icsk_af_ops. 1143 Sync it now. 1144 */ 1145 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); 1146 1147 return newsk; 1148 } 1149 1150 ireq = inet_rsk(req); 1151 1152 if (sk_acceptq_is_full(sk)) 1153 goto out_overflow; 1154 1155 if (!dst) { 1156 dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_TCP); 1157 if (!dst) 1158 goto out; 1159 } 1160 1161 newsk = tcp_create_openreq_child(sk, req, skb); 1162 if (!newsk) 1163 goto out_nonewsk; 1164 1165 /* 1166 * No need to charge this sock to the relevant IPv6 refcnt debug socks 1167 * count here, tcp_create_openreq_child now does this for us, see the 1168 * comment in that function for the gory details. -acme 1169 */ 1170 1171 newsk->sk_gso_type = SKB_GSO_TCPV6; 1172 ip6_dst_store(newsk, dst, NULL, NULL); 1173 inet6_sk_rx_dst_set(newsk, skb); 1174 1175 inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk); 1176 1177 newtp = tcp_sk(newsk); 1178 newinet = inet_sk(newsk); 1179 newnp = tcp_inet6_sk(newsk); 1180 1181 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1182 1183 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr; 1184 newnp->saddr = ireq->ir_v6_loc_addr; 1185 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr; 1186 newsk->sk_bound_dev_if = ireq->ir_iif; 1187 1188 /* Now IPv6 options... 1189 1190 First: no IPv4 options. 1191 */ 1192 newinet->inet_opt = NULL; 1193 newnp->ipv6_mc_list = NULL; 1194 newnp->ipv6_ac_list = NULL; 1195 newnp->ipv6_fl_list = NULL; 1196 1197 /* Clone RX bits */ 1198 newnp->rxopt.all = np->rxopt.all; 1199 1200 newnp->pktoptions = NULL; 1201 newnp->opt = NULL; 1202 newnp->mcast_oif = tcp_v6_iif(skb); 1203 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1204 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb)); 1205 if (np->repflow) 1206 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb)); 1207 1208 /* Clone native IPv6 options from listening socket (if any) 1209 1210 Yes, keeping reference count would be much more clever, 1211 but we make one more one thing there: reattach optmem 1212 to newsk. 1213 */ 1214 opt = ireq->ipv6_opt; 1215 if (!opt) 1216 opt = rcu_dereference(np->opt); 1217 if (opt) { 1218 opt = ipv6_dup_options(newsk, opt); 1219 RCU_INIT_POINTER(newnp->opt, opt); 1220 } 1221 inet_csk(newsk)->icsk_ext_hdr_len = 0; 1222 if (opt) 1223 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen + 1224 opt->opt_flen; 1225 1226 tcp_ca_openreq_child(newsk, dst); 1227 1228 tcp_sync_mss(newsk, dst_mtu(dst)); 1229 newtp->advmss = tcp_mss_clamp(tcp_sk(sk), dst_metric_advmss(dst)); 1230 1231 tcp_initialize_rcv_mss(newsk); 1232 1233 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6; 1234 newinet->inet_rcv_saddr = LOOPBACK4_IPV6; 1235 1236 #ifdef CONFIG_TCP_MD5SIG 1237 /* Copy over the MD5 key from the original socket */ 1238 key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr); 1239 if (key) { 1240 /* We're using one, so create a matching key 1241 * on the newsk structure. If we fail to get 1242 * memory, then we end up not copying the key 1243 * across. Shucks. 1244 */ 1245 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr, 1246 AF_INET6, 128, key->key, key->keylen, 1247 sk_gfp_mask(sk, GFP_ATOMIC)); 1248 } 1249 #endif 1250 1251 if (__inet_inherit_port(sk, newsk) < 0) { 1252 inet_csk_prepare_forced_close(newsk); 1253 tcp_done(newsk); 1254 goto out; 1255 } 1256 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash)); 1257 if (*own_req) { 1258 tcp_move_syn(newtp, req); 1259 1260 /* Clone pktoptions received with SYN, if we own the req */ 1261 if (ireq->pktopts) { 1262 newnp->pktoptions = skb_clone(ireq->pktopts, 1263 sk_gfp_mask(sk, GFP_ATOMIC)); 1264 consume_skb(ireq->pktopts); 1265 ireq->pktopts = NULL; 1266 if (newnp->pktoptions) { 1267 tcp_v6_restore_cb(newnp->pktoptions); 1268 skb_set_owner_r(newnp->pktoptions, newsk); 1269 } 1270 } 1271 } 1272 1273 return newsk; 1274 1275 out_overflow: 1276 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); 1277 out_nonewsk: 1278 dst_release(dst); 1279 out: 1280 tcp_listendrop(sk); 1281 return NULL; 1282 } 1283 1284 /* The socket must have it's spinlock held when we get 1285 * here, unless it is a TCP_LISTEN socket. 1286 * 1287 * We have a potential double-lock case here, so even when 1288 * doing backlog processing we use the BH locking scheme. 1289 * This is because we cannot sleep with the original spinlock 1290 * held. 1291 */ 1292 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) 1293 { 1294 struct ipv6_pinfo *np = tcp_inet6_sk(sk); 1295 struct sk_buff *opt_skb = NULL; 1296 struct tcp_sock *tp; 1297 1298 /* Imagine: socket is IPv6. IPv4 packet arrives, 1299 goes to IPv4 receive handler and backlogged. 1300 From backlog it always goes here. Kerboom... 1301 Fortunately, tcp_rcv_established and rcv_established 1302 handle them correctly, but it is not case with 1303 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK 1304 */ 1305 1306 if (skb->protocol == htons(ETH_P_IP)) 1307 return tcp_v4_do_rcv(sk, skb); 1308 1309 /* 1310 * socket locking is here for SMP purposes as backlog rcv 1311 * is currently called with bh processing disabled. 1312 */ 1313 1314 /* Do Stevens' IPV6_PKTOPTIONS. 1315 1316 Yes, guys, it is the only place in our code, where we 1317 may make it not affecting IPv4. 1318 The rest of code is protocol independent, 1319 and I do not like idea to uglify IPv4. 1320 1321 Actually, all the idea behind IPV6_PKTOPTIONS 1322 looks not very well thought. For now we latch 1323 options, received in the last packet, enqueued 1324 by tcp. Feel free to propose better solution. 1325 --ANK (980728) 1326 */ 1327 if (np->rxopt.all) 1328 opt_skb = skb_clone(skb, sk_gfp_mask(sk, GFP_ATOMIC)); 1329 1330 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ 1331 struct dst_entry *dst = sk->sk_rx_dst; 1332 1333 sock_rps_save_rxhash(sk, skb); 1334 sk_mark_napi_id(sk, skb); 1335 if (dst) { 1336 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif || 1337 dst->ops->check(dst, np->rx_dst_cookie) == NULL) { 1338 dst_release(dst); 1339 sk->sk_rx_dst = NULL; 1340 } 1341 } 1342 1343 tcp_rcv_established(sk, skb); 1344 if (opt_skb) 1345 goto ipv6_pktoptions; 1346 return 0; 1347 } 1348 1349 if (tcp_checksum_complete(skb)) 1350 goto csum_err; 1351 1352 if (sk->sk_state == TCP_LISTEN) { 1353 struct sock *nsk = tcp_v6_cookie_check(sk, skb); 1354 1355 if (!nsk) 1356 goto discard; 1357 1358 if (nsk != sk) { 1359 if (tcp_child_process(sk, nsk, skb)) 1360 goto reset; 1361 if (opt_skb) 1362 __kfree_skb(opt_skb); 1363 return 0; 1364 } 1365 } else 1366 sock_rps_save_rxhash(sk, skb); 1367 1368 if (tcp_rcv_state_process(sk, skb)) 1369 goto reset; 1370 if (opt_skb) 1371 goto ipv6_pktoptions; 1372 return 0; 1373 1374 reset: 1375 tcp_v6_send_reset(sk, skb); 1376 discard: 1377 if (opt_skb) 1378 __kfree_skb(opt_skb); 1379 kfree_skb(skb); 1380 return 0; 1381 csum_err: 1382 TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS); 1383 TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS); 1384 goto discard; 1385 1386 1387 ipv6_pktoptions: 1388 /* Do you ask, what is it? 1389 1390 1. skb was enqueued by tcp. 1391 2. skb is added to tail of read queue, rather than out of order. 1392 3. socket is not in passive state. 1393 4. Finally, it really contains options, which user wants to receive. 1394 */ 1395 tp = tcp_sk(sk); 1396 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt && 1397 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) { 1398 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo) 1399 np->mcast_oif = tcp_v6_iif(opt_skb); 1400 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) 1401 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit; 1402 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass) 1403 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb)); 1404 if (np->repflow) 1405 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb)); 1406 if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) { 1407 skb_set_owner_r(opt_skb, sk); 1408 tcp_v6_restore_cb(opt_skb); 1409 opt_skb = xchg(&np->pktoptions, opt_skb); 1410 } else { 1411 __kfree_skb(opt_skb); 1412 opt_skb = xchg(&np->pktoptions, NULL); 1413 } 1414 } 1415 1416 kfree_skb(opt_skb); 1417 return 0; 1418 } 1419 1420 static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr, 1421 const struct tcphdr *th) 1422 { 1423 /* This is tricky: we move IP6CB at its correct location into 1424 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because 1425 * _decode_session6() uses IP6CB(). 1426 * barrier() makes sure compiler won't play aliasing games. 1427 */ 1428 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb), 1429 sizeof(struct inet6_skb_parm)); 1430 barrier(); 1431 1432 TCP_SKB_CB(skb)->seq = ntohl(th->seq); 1433 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin + 1434 skb->len - th->doff*4); 1435 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq); 1436 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th); 1437 TCP_SKB_CB(skb)->tcp_tw_isn = 0; 1438 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr); 1439 TCP_SKB_CB(skb)->sacked = 0; 1440 TCP_SKB_CB(skb)->has_rxtstamp = 1441 skb->tstamp || skb_hwtstamps(skb)->hwtstamp; 1442 } 1443 1444 INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb) 1445 { 1446 struct sk_buff *skb_to_free; 1447 int sdif = inet6_sdif(skb); 1448 const struct tcphdr *th; 1449 const struct ipv6hdr *hdr; 1450 bool refcounted; 1451 struct sock *sk; 1452 int ret; 1453 struct net *net = dev_net(skb->dev); 1454 1455 if (skb->pkt_type != PACKET_HOST) 1456 goto discard_it; 1457 1458 /* 1459 * Count it even if it's bad. 1460 */ 1461 __TCP_INC_STATS(net, TCP_MIB_INSEGS); 1462 1463 if (!pskb_may_pull(skb, sizeof(struct tcphdr))) 1464 goto discard_it; 1465 1466 th = (const struct tcphdr *)skb->data; 1467 1468 if (unlikely(th->doff < sizeof(struct tcphdr)/4)) 1469 goto bad_packet; 1470 if (!pskb_may_pull(skb, th->doff*4)) 1471 goto discard_it; 1472 1473 if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo)) 1474 goto csum_error; 1475 1476 th = (const struct tcphdr *)skb->data; 1477 hdr = ipv6_hdr(skb); 1478 1479 lookup: 1480 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th), 1481 th->source, th->dest, inet6_iif(skb), sdif, 1482 &refcounted); 1483 if (!sk) 1484 goto no_tcp_socket; 1485 1486 process: 1487 if (sk->sk_state == TCP_TIME_WAIT) 1488 goto do_time_wait; 1489 1490 if (sk->sk_state == TCP_NEW_SYN_RECV) { 1491 struct request_sock *req = inet_reqsk(sk); 1492 bool req_stolen = false; 1493 struct sock *nsk; 1494 1495 sk = req->rsk_listener; 1496 if (tcp_v6_inbound_md5_hash(sk, skb)) { 1497 sk_drops_add(sk, skb); 1498 reqsk_put(req); 1499 goto discard_it; 1500 } 1501 if (tcp_checksum_complete(skb)) { 1502 reqsk_put(req); 1503 goto csum_error; 1504 } 1505 if (unlikely(sk->sk_state != TCP_LISTEN)) { 1506 inet_csk_reqsk_queue_drop_and_put(sk, req); 1507 goto lookup; 1508 } 1509 sock_hold(sk); 1510 refcounted = true; 1511 nsk = NULL; 1512 if (!tcp_filter(sk, skb)) { 1513 th = (const struct tcphdr *)skb->data; 1514 hdr = ipv6_hdr(skb); 1515 tcp_v6_fill_cb(skb, hdr, th); 1516 nsk = tcp_check_req(sk, skb, req, false, &req_stolen); 1517 } 1518 if (!nsk) { 1519 reqsk_put(req); 1520 if (req_stolen) { 1521 /* Another cpu got exclusive access to req 1522 * and created a full blown socket. 1523 * Try to feed this packet to this socket 1524 * instead of discarding it. 1525 */ 1526 tcp_v6_restore_cb(skb); 1527 sock_put(sk); 1528 goto lookup; 1529 } 1530 goto discard_and_relse; 1531 } 1532 if (nsk == sk) { 1533 reqsk_put(req); 1534 tcp_v6_restore_cb(skb); 1535 } else if (tcp_child_process(sk, nsk, skb)) { 1536 tcp_v6_send_reset(nsk, skb); 1537 goto discard_and_relse; 1538 } else { 1539 sock_put(sk); 1540 return 0; 1541 } 1542 } 1543 if (hdr->hop_limit < tcp_inet6_sk(sk)->min_hopcount) { 1544 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP); 1545 goto discard_and_relse; 1546 } 1547 1548 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) 1549 goto discard_and_relse; 1550 1551 if (tcp_v6_inbound_md5_hash(sk, skb)) 1552 goto discard_and_relse; 1553 1554 if (tcp_filter(sk, skb)) 1555 goto discard_and_relse; 1556 th = (const struct tcphdr *)skb->data; 1557 hdr = ipv6_hdr(skb); 1558 tcp_v6_fill_cb(skb, hdr, th); 1559 1560 skb->dev = NULL; 1561 1562 if (sk->sk_state == TCP_LISTEN) { 1563 ret = tcp_v6_do_rcv(sk, skb); 1564 goto put_and_return; 1565 } 1566 1567 sk_incoming_cpu_update(sk); 1568 1569 bh_lock_sock_nested(sk); 1570 tcp_segs_in(tcp_sk(sk), skb); 1571 ret = 0; 1572 if (!sock_owned_by_user(sk)) { 1573 skb_to_free = sk->sk_rx_skb_cache; 1574 sk->sk_rx_skb_cache = NULL; 1575 ret = tcp_v6_do_rcv(sk, skb); 1576 } else { 1577 if (tcp_add_backlog(sk, skb)) 1578 goto discard_and_relse; 1579 skb_to_free = NULL; 1580 } 1581 bh_unlock_sock(sk); 1582 if (skb_to_free) 1583 __kfree_skb(skb_to_free); 1584 put_and_return: 1585 if (refcounted) 1586 sock_put(sk); 1587 return ret ? -1 : 0; 1588 1589 no_tcp_socket: 1590 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 1591 goto discard_it; 1592 1593 tcp_v6_fill_cb(skb, hdr, th); 1594 1595 if (tcp_checksum_complete(skb)) { 1596 csum_error: 1597 __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS); 1598 bad_packet: 1599 __TCP_INC_STATS(net, TCP_MIB_INERRS); 1600 } else { 1601 tcp_v6_send_reset(NULL, skb); 1602 } 1603 1604 discard_it: 1605 kfree_skb(skb); 1606 return 0; 1607 1608 discard_and_relse: 1609 sk_drops_add(sk, skb); 1610 if (refcounted) 1611 sock_put(sk); 1612 goto discard_it; 1613 1614 do_time_wait: 1615 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 1616 inet_twsk_put(inet_twsk(sk)); 1617 goto discard_it; 1618 } 1619 1620 tcp_v6_fill_cb(skb, hdr, th); 1621 1622 if (tcp_checksum_complete(skb)) { 1623 inet_twsk_put(inet_twsk(sk)); 1624 goto csum_error; 1625 } 1626 1627 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) { 1628 case TCP_TW_SYN: 1629 { 1630 struct sock *sk2; 1631 1632 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo, 1633 skb, __tcp_hdrlen(th), 1634 &ipv6_hdr(skb)->saddr, th->source, 1635 &ipv6_hdr(skb)->daddr, 1636 ntohs(th->dest), 1637 tcp_v6_iif_l3_slave(skb), 1638 sdif); 1639 if (sk2) { 1640 struct inet_timewait_sock *tw = inet_twsk(sk); 1641 inet_twsk_deschedule_put(tw); 1642 sk = sk2; 1643 tcp_v6_restore_cb(skb); 1644 refcounted = false; 1645 goto process; 1646 } 1647 } 1648 /* to ACK */ 1649 /* fall through */ 1650 case TCP_TW_ACK: 1651 tcp_v6_timewait_ack(sk, skb); 1652 break; 1653 case TCP_TW_RST: 1654 tcp_v6_send_reset(sk, skb); 1655 inet_twsk_deschedule_put(inet_twsk(sk)); 1656 goto discard_it; 1657 case TCP_TW_SUCCESS: 1658 ; 1659 } 1660 goto discard_it; 1661 } 1662 1663 INDIRECT_CALLABLE_SCOPE void tcp_v6_early_demux(struct sk_buff *skb) 1664 { 1665 const struct ipv6hdr *hdr; 1666 const struct tcphdr *th; 1667 struct sock *sk; 1668 1669 if (skb->pkt_type != PACKET_HOST) 1670 return; 1671 1672 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr))) 1673 return; 1674 1675 hdr = ipv6_hdr(skb); 1676 th = tcp_hdr(skb); 1677 1678 if (th->doff < sizeof(struct tcphdr) / 4) 1679 return; 1680 1681 /* Note : We use inet6_iif() here, not tcp_v6_iif() */ 1682 sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo, 1683 &hdr->saddr, th->source, 1684 &hdr->daddr, ntohs(th->dest), 1685 inet6_iif(skb), inet6_sdif(skb)); 1686 if (sk) { 1687 skb->sk = sk; 1688 skb->destructor = sock_edemux; 1689 if (sk_fullsock(sk)) { 1690 struct dst_entry *dst = READ_ONCE(sk->sk_rx_dst); 1691 1692 if (dst) 1693 dst = dst_check(dst, tcp_inet6_sk(sk)->rx_dst_cookie); 1694 if (dst && 1695 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif) 1696 skb_dst_set_noref(skb, dst); 1697 } 1698 } 1699 } 1700 1701 static struct timewait_sock_ops tcp6_timewait_sock_ops = { 1702 .twsk_obj_size = sizeof(struct tcp6_timewait_sock), 1703 .twsk_unique = tcp_twsk_unique, 1704 .twsk_destructor = tcp_twsk_destructor, 1705 }; 1706 1707 static const struct inet_connection_sock_af_ops ipv6_specific = { 1708 .queue_xmit = inet6_csk_xmit, 1709 .send_check = tcp_v6_send_check, 1710 .rebuild_header = inet6_sk_rebuild_header, 1711 .sk_rx_dst_set = inet6_sk_rx_dst_set, 1712 .conn_request = tcp_v6_conn_request, 1713 .syn_recv_sock = tcp_v6_syn_recv_sock, 1714 .net_header_len = sizeof(struct ipv6hdr), 1715 .net_frag_header_len = sizeof(struct frag_hdr), 1716 .setsockopt = ipv6_setsockopt, 1717 .getsockopt = ipv6_getsockopt, 1718 .addr2sockaddr = inet6_csk_addr2sockaddr, 1719 .sockaddr_len = sizeof(struct sockaddr_in6), 1720 #ifdef CONFIG_COMPAT 1721 .compat_setsockopt = compat_ipv6_setsockopt, 1722 .compat_getsockopt = compat_ipv6_getsockopt, 1723 #endif 1724 .mtu_reduced = tcp_v6_mtu_reduced, 1725 }; 1726 1727 #ifdef CONFIG_TCP_MD5SIG 1728 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = { 1729 .md5_lookup = tcp_v6_md5_lookup, 1730 .calc_md5_hash = tcp_v6_md5_hash_skb, 1731 .md5_parse = tcp_v6_parse_md5_keys, 1732 }; 1733 #endif 1734 1735 /* 1736 * TCP over IPv4 via INET6 API 1737 */ 1738 static const struct inet_connection_sock_af_ops ipv6_mapped = { 1739 .queue_xmit = ip_queue_xmit, 1740 .send_check = tcp_v4_send_check, 1741 .rebuild_header = inet_sk_rebuild_header, 1742 .sk_rx_dst_set = inet_sk_rx_dst_set, 1743 .conn_request = tcp_v6_conn_request, 1744 .syn_recv_sock = tcp_v6_syn_recv_sock, 1745 .net_header_len = sizeof(struct iphdr), 1746 .setsockopt = ipv6_setsockopt, 1747 .getsockopt = ipv6_getsockopt, 1748 .addr2sockaddr = inet6_csk_addr2sockaddr, 1749 .sockaddr_len = sizeof(struct sockaddr_in6), 1750 #ifdef CONFIG_COMPAT 1751 .compat_setsockopt = compat_ipv6_setsockopt, 1752 .compat_getsockopt = compat_ipv6_getsockopt, 1753 #endif 1754 .mtu_reduced = tcp_v4_mtu_reduced, 1755 }; 1756 1757 #ifdef CONFIG_TCP_MD5SIG 1758 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = { 1759 .md5_lookup = tcp_v4_md5_lookup, 1760 .calc_md5_hash = tcp_v4_md5_hash_skb, 1761 .md5_parse = tcp_v6_parse_md5_keys, 1762 }; 1763 #endif 1764 1765 /* NOTE: A lot of things set to zero explicitly by call to 1766 * sk_alloc() so need not be done here. 1767 */ 1768 static int tcp_v6_init_sock(struct sock *sk) 1769 { 1770 struct inet_connection_sock *icsk = inet_csk(sk); 1771 1772 tcp_init_sock(sk); 1773 1774 icsk->icsk_af_ops = &ipv6_specific; 1775 1776 #ifdef CONFIG_TCP_MD5SIG 1777 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific; 1778 #endif 1779 1780 return 0; 1781 } 1782 1783 static void tcp_v6_destroy_sock(struct sock *sk) 1784 { 1785 tcp_v4_destroy_sock(sk); 1786 inet6_destroy_sock(sk); 1787 } 1788 1789 #ifdef CONFIG_PROC_FS 1790 /* Proc filesystem TCPv6 sock list dumping. */ 1791 static void get_openreq6(struct seq_file *seq, 1792 const struct request_sock *req, int i) 1793 { 1794 long ttd = req->rsk_timer.expires - jiffies; 1795 const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr; 1796 const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr; 1797 1798 if (ttd < 0) 1799 ttd = 0; 1800 1801 seq_printf(seq, 1802 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1803 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n", 1804 i, 1805 src->s6_addr32[0], src->s6_addr32[1], 1806 src->s6_addr32[2], src->s6_addr32[3], 1807 inet_rsk(req)->ir_num, 1808 dest->s6_addr32[0], dest->s6_addr32[1], 1809 dest->s6_addr32[2], dest->s6_addr32[3], 1810 ntohs(inet_rsk(req)->ir_rmt_port), 1811 TCP_SYN_RECV, 1812 0, 0, /* could print option size, but that is af dependent. */ 1813 1, /* timers active (only the expire timer) */ 1814 jiffies_to_clock_t(ttd), 1815 req->num_timeout, 1816 from_kuid_munged(seq_user_ns(seq), 1817 sock_i_uid(req->rsk_listener)), 1818 0, /* non standard timer */ 1819 0, /* open_requests have no inode */ 1820 0, req); 1821 } 1822 1823 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) 1824 { 1825 const struct in6_addr *dest, *src; 1826 __u16 destp, srcp; 1827 int timer_active; 1828 unsigned long timer_expires; 1829 const struct inet_sock *inet = inet_sk(sp); 1830 const struct tcp_sock *tp = tcp_sk(sp); 1831 const struct inet_connection_sock *icsk = inet_csk(sp); 1832 const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq; 1833 int rx_queue; 1834 int state; 1835 1836 dest = &sp->sk_v6_daddr; 1837 src = &sp->sk_v6_rcv_saddr; 1838 destp = ntohs(inet->inet_dport); 1839 srcp = ntohs(inet->inet_sport); 1840 1841 if (icsk->icsk_pending == ICSK_TIME_RETRANS || 1842 icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT || 1843 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) { 1844 timer_active = 1; 1845 timer_expires = icsk->icsk_timeout; 1846 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) { 1847 timer_active = 4; 1848 timer_expires = icsk->icsk_timeout; 1849 } else if (timer_pending(&sp->sk_timer)) { 1850 timer_active = 2; 1851 timer_expires = sp->sk_timer.expires; 1852 } else { 1853 timer_active = 0; 1854 timer_expires = jiffies; 1855 } 1856 1857 state = inet_sk_state_load(sp); 1858 if (state == TCP_LISTEN) 1859 rx_queue = sp->sk_ack_backlog; 1860 else 1861 /* Because we don't lock the socket, 1862 * we might find a transient negative value. 1863 */ 1864 rx_queue = max_t(int, tp->rcv_nxt - tp->copied_seq, 0); 1865 1866 seq_printf(seq, 1867 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1868 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n", 1869 i, 1870 src->s6_addr32[0], src->s6_addr32[1], 1871 src->s6_addr32[2], src->s6_addr32[3], srcp, 1872 dest->s6_addr32[0], dest->s6_addr32[1], 1873 dest->s6_addr32[2], dest->s6_addr32[3], destp, 1874 state, 1875 tp->write_seq - tp->snd_una, 1876 rx_queue, 1877 timer_active, 1878 jiffies_delta_to_clock_t(timer_expires - jiffies), 1879 icsk->icsk_retransmits, 1880 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)), 1881 icsk->icsk_probes_out, 1882 sock_i_ino(sp), 1883 refcount_read(&sp->sk_refcnt), sp, 1884 jiffies_to_clock_t(icsk->icsk_rto), 1885 jiffies_to_clock_t(icsk->icsk_ack.ato), 1886 (icsk->icsk_ack.quick << 1) | inet_csk_in_pingpong_mode(sp), 1887 tp->snd_cwnd, 1888 state == TCP_LISTEN ? 1889 fastopenq->max_qlen : 1890 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh) 1891 ); 1892 } 1893 1894 static void get_timewait6_sock(struct seq_file *seq, 1895 struct inet_timewait_sock *tw, int i) 1896 { 1897 long delta = tw->tw_timer.expires - jiffies; 1898 const struct in6_addr *dest, *src; 1899 __u16 destp, srcp; 1900 1901 dest = &tw->tw_v6_daddr; 1902 src = &tw->tw_v6_rcv_saddr; 1903 destp = ntohs(tw->tw_dport); 1904 srcp = ntohs(tw->tw_sport); 1905 1906 seq_printf(seq, 1907 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1908 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n", 1909 i, 1910 src->s6_addr32[0], src->s6_addr32[1], 1911 src->s6_addr32[2], src->s6_addr32[3], srcp, 1912 dest->s6_addr32[0], dest->s6_addr32[1], 1913 dest->s6_addr32[2], dest->s6_addr32[3], destp, 1914 tw->tw_substate, 0, 0, 1915 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0, 1916 refcount_read(&tw->tw_refcnt), tw); 1917 } 1918 1919 static int tcp6_seq_show(struct seq_file *seq, void *v) 1920 { 1921 struct tcp_iter_state *st; 1922 struct sock *sk = v; 1923 1924 if (v == SEQ_START_TOKEN) { 1925 seq_puts(seq, 1926 " sl " 1927 "local_address " 1928 "remote_address " 1929 "st tx_queue rx_queue tr tm->when retrnsmt" 1930 " uid timeout inode\n"); 1931 goto out; 1932 } 1933 st = seq->private; 1934 1935 if (sk->sk_state == TCP_TIME_WAIT) 1936 get_timewait6_sock(seq, v, st->num); 1937 else if (sk->sk_state == TCP_NEW_SYN_RECV) 1938 get_openreq6(seq, v, st->num); 1939 else 1940 get_tcp6_sock(seq, v, st->num); 1941 out: 1942 return 0; 1943 } 1944 1945 static const struct seq_operations tcp6_seq_ops = { 1946 .show = tcp6_seq_show, 1947 .start = tcp_seq_start, 1948 .next = tcp_seq_next, 1949 .stop = tcp_seq_stop, 1950 }; 1951 1952 static struct tcp_seq_afinfo tcp6_seq_afinfo = { 1953 .family = AF_INET6, 1954 }; 1955 1956 int __net_init tcp6_proc_init(struct net *net) 1957 { 1958 if (!proc_create_net_data("tcp6", 0444, net->proc_net, &tcp6_seq_ops, 1959 sizeof(struct tcp_iter_state), &tcp6_seq_afinfo)) 1960 return -ENOMEM; 1961 return 0; 1962 } 1963 1964 void tcp6_proc_exit(struct net *net) 1965 { 1966 remove_proc_entry("tcp6", net->proc_net); 1967 } 1968 #endif 1969 1970 struct proto tcpv6_prot = { 1971 .name = "TCPv6", 1972 .owner = THIS_MODULE, 1973 .close = tcp_close, 1974 .pre_connect = tcp_v6_pre_connect, 1975 .connect = tcp_v6_connect, 1976 .disconnect = tcp_disconnect, 1977 .accept = inet_csk_accept, 1978 .ioctl = tcp_ioctl, 1979 .init = tcp_v6_init_sock, 1980 .destroy = tcp_v6_destroy_sock, 1981 .shutdown = tcp_shutdown, 1982 .setsockopt = tcp_setsockopt, 1983 .getsockopt = tcp_getsockopt, 1984 .keepalive = tcp_set_keepalive, 1985 .recvmsg = tcp_recvmsg, 1986 .sendmsg = tcp_sendmsg, 1987 .sendpage = tcp_sendpage, 1988 .backlog_rcv = tcp_v6_do_rcv, 1989 .release_cb = tcp_release_cb, 1990 .hash = inet6_hash, 1991 .unhash = inet_unhash, 1992 .get_port = inet_csk_get_port, 1993 .enter_memory_pressure = tcp_enter_memory_pressure, 1994 .leave_memory_pressure = tcp_leave_memory_pressure, 1995 .stream_memory_free = tcp_stream_memory_free, 1996 .sockets_allocated = &tcp_sockets_allocated, 1997 .memory_allocated = &tcp_memory_allocated, 1998 .memory_pressure = &tcp_memory_pressure, 1999 .orphan_count = &tcp_orphan_count, 2000 .sysctl_mem = sysctl_tcp_mem, 2001 .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_tcp_wmem), 2002 .sysctl_rmem_offset = offsetof(struct net, ipv4.sysctl_tcp_rmem), 2003 .max_header = MAX_TCP_HEADER, 2004 .obj_size = sizeof(struct tcp6_sock), 2005 .slab_flags = SLAB_TYPESAFE_BY_RCU, 2006 .twsk_prot = &tcp6_timewait_sock_ops, 2007 .rsk_prot = &tcp6_request_sock_ops, 2008 .h.hashinfo = &tcp_hashinfo, 2009 .no_autobind = true, 2010 #ifdef CONFIG_COMPAT 2011 .compat_setsockopt = compat_tcp_setsockopt, 2012 .compat_getsockopt = compat_tcp_getsockopt, 2013 #endif 2014 .diag_destroy = tcp_abort, 2015 }; 2016 2017 /* thinking of making this const? Don't. 2018 * early_demux can change based on sysctl. 2019 */ 2020 static struct inet6_protocol tcpv6_protocol = { 2021 .early_demux = tcp_v6_early_demux, 2022 .early_demux_handler = tcp_v6_early_demux, 2023 .handler = tcp_v6_rcv, 2024 .err_handler = tcp_v6_err, 2025 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 2026 }; 2027 2028 static struct inet_protosw tcpv6_protosw = { 2029 .type = SOCK_STREAM, 2030 .protocol = IPPROTO_TCP, 2031 .prot = &tcpv6_prot, 2032 .ops = &inet6_stream_ops, 2033 .flags = INET_PROTOSW_PERMANENT | 2034 INET_PROTOSW_ICSK, 2035 }; 2036 2037 static int __net_init tcpv6_net_init(struct net *net) 2038 { 2039 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6, 2040 SOCK_RAW, IPPROTO_TCP, net); 2041 } 2042 2043 static void __net_exit tcpv6_net_exit(struct net *net) 2044 { 2045 inet_ctl_sock_destroy(net->ipv6.tcp_sk); 2046 } 2047 2048 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list) 2049 { 2050 inet_twsk_purge(&tcp_hashinfo, AF_INET6); 2051 } 2052 2053 static struct pernet_operations tcpv6_net_ops = { 2054 .init = tcpv6_net_init, 2055 .exit = tcpv6_net_exit, 2056 .exit_batch = tcpv6_net_exit_batch, 2057 }; 2058 2059 int __init tcpv6_init(void) 2060 { 2061 int ret; 2062 2063 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP); 2064 if (ret) 2065 goto out; 2066 2067 /* register inet6 protocol */ 2068 ret = inet6_register_protosw(&tcpv6_protosw); 2069 if (ret) 2070 goto out_tcpv6_protocol; 2071 2072 ret = register_pernet_subsys(&tcpv6_net_ops); 2073 if (ret) 2074 goto out_tcpv6_protosw; 2075 out: 2076 return ret; 2077 2078 out_tcpv6_protosw: 2079 inet6_unregister_protosw(&tcpv6_protosw); 2080 out_tcpv6_protocol: 2081 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2082 goto out; 2083 } 2084 2085 void tcpv6_exit(void) 2086 { 2087 unregister_pernet_subsys(&tcpv6_net_ops); 2088 inet6_unregister_protosw(&tcpv6_protosw); 2089 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2090 } 2091