1 /* 2 * TCP over IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on: 9 * linux/net/ipv4/tcp.c 10 * linux/net/ipv4/tcp_input.c 11 * linux/net/ipv4/tcp_output.c 12 * 13 * Fixes: 14 * Hideaki YOSHIFUJI : sin6_scope_id support 15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which 16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind 17 * a single port at the same time. 18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file. 19 * 20 * This program is free software; you can redistribute it and/or 21 * modify it under the terms of the GNU General Public License 22 * as published by the Free Software Foundation; either version 23 * 2 of the License, or (at your option) any later version. 24 */ 25 26 #include <linux/bottom_half.h> 27 #include <linux/module.h> 28 #include <linux/errno.h> 29 #include <linux/types.h> 30 #include <linux/socket.h> 31 #include <linux/sockios.h> 32 #include <linux/net.h> 33 #include <linux/jiffies.h> 34 #include <linux/in.h> 35 #include <linux/in6.h> 36 #include <linux/netdevice.h> 37 #include <linux/init.h> 38 #include <linux/jhash.h> 39 #include <linux/ipsec.h> 40 #include <linux/times.h> 41 #include <linux/slab.h> 42 43 #include <linux/ipv6.h> 44 #include <linux/icmpv6.h> 45 #include <linux/random.h> 46 47 #include <net/tcp.h> 48 #include <net/ndisc.h> 49 #include <net/inet6_hashtables.h> 50 #include <net/inet6_connection_sock.h> 51 #include <net/ipv6.h> 52 #include <net/transp_v6.h> 53 #include <net/addrconf.h> 54 #include <net/ip6_route.h> 55 #include <net/ip6_checksum.h> 56 #include <net/inet_ecn.h> 57 #include <net/protocol.h> 58 #include <net/xfrm.h> 59 #include <net/snmp.h> 60 #include <net/dsfield.h> 61 #include <net/timewait_sock.h> 62 #include <net/netdma.h> 63 #include <net/inet_common.h> 64 #include <net/secure_seq.h> 65 #include <net/tcp_memcontrol.h> 66 67 #include <asm/uaccess.h> 68 69 #include <linux/proc_fs.h> 70 #include <linux/seq_file.h> 71 72 #include <linux/crypto.h> 73 #include <linux/scatterlist.h> 74 75 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb); 76 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb, 77 struct request_sock *req); 78 79 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb); 80 81 static const struct inet_connection_sock_af_ops ipv6_mapped; 82 static const struct inet_connection_sock_af_ops ipv6_specific; 83 #ifdef CONFIG_TCP_MD5SIG 84 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific; 85 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific; 86 #else 87 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, 88 const struct in6_addr *addr) 89 { 90 return NULL; 91 } 92 #endif 93 94 static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) 95 { 96 struct dst_entry *dst = skb_dst(skb); 97 const struct rt6_info *rt = (const struct rt6_info *)dst; 98 99 dst_hold(dst); 100 sk->sk_rx_dst = dst; 101 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif; 102 if (rt->rt6i_node) 103 inet6_sk(sk)->rx_dst_cookie = rt->rt6i_node->fn_sernum; 104 } 105 106 static void tcp_v6_hash(struct sock *sk) 107 { 108 if (sk->sk_state != TCP_CLOSE) { 109 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) { 110 tcp_prot.hash(sk); 111 return; 112 } 113 local_bh_disable(); 114 __inet6_hash(sk, NULL); 115 local_bh_enable(); 116 } 117 } 118 119 static __u32 tcp_v6_init_sequence(const struct sk_buff *skb) 120 { 121 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32, 122 ipv6_hdr(skb)->saddr.s6_addr32, 123 tcp_hdr(skb)->dest, 124 tcp_hdr(skb)->source); 125 } 126 127 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 128 int addr_len) 129 { 130 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; 131 struct inet_sock *inet = inet_sk(sk); 132 struct inet_connection_sock *icsk = inet_csk(sk); 133 struct ipv6_pinfo *np = inet6_sk(sk); 134 struct tcp_sock *tp = tcp_sk(sk); 135 struct in6_addr *saddr = NULL, *final_p, final; 136 struct rt6_info *rt; 137 struct flowi6 fl6; 138 struct dst_entry *dst; 139 int addr_type; 140 int err; 141 142 if (addr_len < SIN6_LEN_RFC2133) 143 return -EINVAL; 144 145 if (usin->sin6_family != AF_INET6) 146 return -EAFNOSUPPORT; 147 148 memset(&fl6, 0, sizeof(fl6)); 149 150 if (np->sndflow) { 151 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK; 152 IP6_ECN_flow_init(fl6.flowlabel); 153 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) { 154 struct ip6_flowlabel *flowlabel; 155 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); 156 if (flowlabel == NULL) 157 return -EINVAL; 158 usin->sin6_addr = flowlabel->dst; 159 fl6_sock_release(flowlabel); 160 } 161 } 162 163 /* 164 * connect() to INADDR_ANY means loopback (BSD'ism). 165 */ 166 167 if(ipv6_addr_any(&usin->sin6_addr)) 168 usin->sin6_addr.s6_addr[15] = 0x1; 169 170 addr_type = ipv6_addr_type(&usin->sin6_addr); 171 172 if(addr_type & IPV6_ADDR_MULTICAST) 173 return -ENETUNREACH; 174 175 if (addr_type&IPV6_ADDR_LINKLOCAL) { 176 if (addr_len >= sizeof(struct sockaddr_in6) && 177 usin->sin6_scope_id) { 178 /* If interface is set while binding, indices 179 * must coincide. 180 */ 181 if (sk->sk_bound_dev_if && 182 sk->sk_bound_dev_if != usin->sin6_scope_id) 183 return -EINVAL; 184 185 sk->sk_bound_dev_if = usin->sin6_scope_id; 186 } 187 188 /* Connect to link-local address requires an interface */ 189 if (!sk->sk_bound_dev_if) 190 return -EINVAL; 191 } 192 193 if (tp->rx_opt.ts_recent_stamp && 194 !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) { 195 tp->rx_opt.ts_recent = 0; 196 tp->rx_opt.ts_recent_stamp = 0; 197 tp->write_seq = 0; 198 } 199 200 np->daddr = usin->sin6_addr; 201 np->flow_label = fl6.flowlabel; 202 203 /* 204 * TCP over IPv4 205 */ 206 207 if (addr_type == IPV6_ADDR_MAPPED) { 208 u32 exthdrlen = icsk->icsk_ext_hdr_len; 209 struct sockaddr_in sin; 210 211 SOCK_DEBUG(sk, "connect: ipv4 mapped\n"); 212 213 if (__ipv6_only_sock(sk)) 214 return -ENETUNREACH; 215 216 sin.sin_family = AF_INET; 217 sin.sin_port = usin->sin6_port; 218 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3]; 219 220 icsk->icsk_af_ops = &ipv6_mapped; 221 sk->sk_backlog_rcv = tcp_v4_do_rcv; 222 #ifdef CONFIG_TCP_MD5SIG 223 tp->af_specific = &tcp_sock_ipv6_mapped_specific; 224 #endif 225 226 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin)); 227 228 if (err) { 229 icsk->icsk_ext_hdr_len = exthdrlen; 230 icsk->icsk_af_ops = &ipv6_specific; 231 sk->sk_backlog_rcv = tcp_v6_do_rcv; 232 #ifdef CONFIG_TCP_MD5SIG 233 tp->af_specific = &tcp_sock_ipv6_specific; 234 #endif 235 goto failure; 236 } else { 237 ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr); 238 ipv6_addr_set_v4mapped(inet->inet_rcv_saddr, 239 &np->rcv_saddr); 240 } 241 242 return err; 243 } 244 245 if (!ipv6_addr_any(&np->rcv_saddr)) 246 saddr = &np->rcv_saddr; 247 248 fl6.flowi6_proto = IPPROTO_TCP; 249 fl6.daddr = np->daddr; 250 fl6.saddr = saddr ? *saddr : np->saddr; 251 fl6.flowi6_oif = sk->sk_bound_dev_if; 252 fl6.flowi6_mark = sk->sk_mark; 253 fl6.fl6_dport = usin->sin6_port; 254 fl6.fl6_sport = inet->inet_sport; 255 256 final_p = fl6_update_dst(&fl6, np->opt, &final); 257 258 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); 259 260 dst = ip6_dst_lookup_flow(sk, &fl6, final_p, true); 261 if (IS_ERR(dst)) { 262 err = PTR_ERR(dst); 263 goto failure; 264 } 265 266 if (saddr == NULL) { 267 saddr = &fl6.saddr; 268 np->rcv_saddr = *saddr; 269 } 270 271 /* set the source address */ 272 np->saddr = *saddr; 273 inet->inet_rcv_saddr = LOOPBACK4_IPV6; 274 275 sk->sk_gso_type = SKB_GSO_TCPV6; 276 __ip6_dst_store(sk, dst, NULL, NULL); 277 278 rt = (struct rt6_info *) dst; 279 if (tcp_death_row.sysctl_tw_recycle && 280 !tp->rx_opt.ts_recent_stamp && 281 ipv6_addr_equal(&rt->rt6i_dst.addr, &np->daddr)) 282 tcp_fetch_timewait_stamp(sk, dst); 283 284 icsk->icsk_ext_hdr_len = 0; 285 if (np->opt) 286 icsk->icsk_ext_hdr_len = (np->opt->opt_flen + 287 np->opt->opt_nflen); 288 289 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 290 291 inet->inet_dport = usin->sin6_port; 292 293 tcp_set_state(sk, TCP_SYN_SENT); 294 err = inet6_hash_connect(&tcp_death_row, sk); 295 if (err) 296 goto late_failure; 297 298 if (!tp->write_seq && likely(!tp->repair)) 299 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32, 300 np->daddr.s6_addr32, 301 inet->inet_sport, 302 inet->inet_dport); 303 304 err = tcp_connect(sk); 305 if (err) 306 goto late_failure; 307 308 return 0; 309 310 late_failure: 311 tcp_set_state(sk, TCP_CLOSE); 312 __sk_dst_reset(sk); 313 failure: 314 inet->inet_dport = 0; 315 sk->sk_route_caps = 0; 316 return err; 317 } 318 319 static void tcp_v6_mtu_reduced(struct sock *sk) 320 { 321 struct dst_entry *dst; 322 323 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) 324 return; 325 326 dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info); 327 if (!dst) 328 return; 329 330 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) { 331 tcp_sync_mss(sk, dst_mtu(dst)); 332 tcp_simple_retransmit(sk); 333 } 334 } 335 336 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 337 u8 type, u8 code, int offset, __be32 info) 338 { 339 const struct ipv6hdr *hdr = (const struct ipv6hdr*)skb->data; 340 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset); 341 struct ipv6_pinfo *np; 342 struct sock *sk; 343 int err; 344 struct tcp_sock *tp; 345 __u32 seq; 346 struct net *net = dev_net(skb->dev); 347 348 sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr, 349 th->dest, &hdr->saddr, th->source, skb->dev->ifindex); 350 351 if (sk == NULL) { 352 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev), 353 ICMP6_MIB_INERRORS); 354 return; 355 } 356 357 if (sk->sk_state == TCP_TIME_WAIT) { 358 inet_twsk_put(inet_twsk(sk)); 359 return; 360 } 361 362 bh_lock_sock(sk); 363 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG) 364 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS); 365 366 if (sk->sk_state == TCP_CLOSE) 367 goto out; 368 369 if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) { 370 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); 371 goto out; 372 } 373 374 tp = tcp_sk(sk); 375 seq = ntohl(th->seq); 376 if (sk->sk_state != TCP_LISTEN && 377 !between(seq, tp->snd_una, tp->snd_nxt)) { 378 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 379 goto out; 380 } 381 382 np = inet6_sk(sk); 383 384 if (type == NDISC_REDIRECT) { 385 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie); 386 387 if (dst) 388 dst->ops->redirect(dst, sk, skb); 389 goto out; 390 } 391 392 if (type == ICMPV6_PKT_TOOBIG) { 393 /* We are not interested in TCP_LISTEN and open_requests 394 * (SYN-ACKs send out by Linux are always <576bytes so 395 * they should go through unfragmented). 396 */ 397 if (sk->sk_state == TCP_LISTEN) 398 goto out; 399 400 tp->mtu_info = ntohl(info); 401 if (!sock_owned_by_user(sk)) 402 tcp_v6_mtu_reduced(sk); 403 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED, 404 &tp->tsq_flags)) 405 sock_hold(sk); 406 goto out; 407 } 408 409 icmpv6_err_convert(type, code, &err); 410 411 /* Might be for an request_sock */ 412 switch (sk->sk_state) { 413 struct request_sock *req, **prev; 414 case TCP_LISTEN: 415 if (sock_owned_by_user(sk)) 416 goto out; 417 418 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr, 419 &hdr->saddr, inet6_iif(skb)); 420 if (!req) 421 goto out; 422 423 /* ICMPs are not backlogged, hence we cannot get 424 * an established socket here. 425 */ 426 WARN_ON(req->sk != NULL); 427 428 if (seq != tcp_rsk(req)->snt_isn) { 429 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 430 goto out; 431 } 432 433 inet_csk_reqsk_queue_drop(sk, req, prev); 434 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); 435 goto out; 436 437 case TCP_SYN_SENT: 438 case TCP_SYN_RECV: /* Cannot happen. 439 It can, it SYNs are crossed. --ANK */ 440 if (!sock_owned_by_user(sk)) { 441 sk->sk_err = err; 442 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */ 443 444 tcp_done(sk); 445 } else 446 sk->sk_err_soft = err; 447 goto out; 448 } 449 450 if (!sock_owned_by_user(sk) && np->recverr) { 451 sk->sk_err = err; 452 sk->sk_error_report(sk); 453 } else 454 sk->sk_err_soft = err; 455 456 out: 457 bh_unlock_sock(sk); 458 sock_put(sk); 459 } 460 461 462 static int tcp_v6_send_synack(struct sock *sk, struct dst_entry *dst, 463 struct flowi6 *fl6, 464 struct request_sock *req, 465 struct request_values *rvp, 466 u16 queue_mapping) 467 { 468 struct inet6_request_sock *treq = inet6_rsk(req); 469 struct ipv6_pinfo *np = inet6_sk(sk); 470 struct sk_buff * skb; 471 int err = -ENOMEM; 472 473 /* First, grab a route. */ 474 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req)) == NULL) 475 goto done; 476 477 skb = tcp_make_synack(sk, dst, req, rvp, NULL); 478 479 if (skb) { 480 __tcp_v6_send_check(skb, &treq->loc_addr, &treq->rmt_addr); 481 482 fl6->daddr = treq->rmt_addr; 483 skb_set_queue_mapping(skb, queue_mapping); 484 err = ip6_xmit(sk, skb, fl6, np->opt, np->tclass); 485 err = net_xmit_eval(err); 486 } 487 488 done: 489 return err; 490 } 491 492 static int tcp_v6_rtx_synack(struct sock *sk, struct request_sock *req, 493 struct request_values *rvp) 494 { 495 struct flowi6 fl6; 496 int res; 497 498 res = tcp_v6_send_synack(sk, NULL, &fl6, req, rvp, 0); 499 if (!res) 500 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_RETRANSSEGS); 501 return res; 502 } 503 504 static void tcp_v6_reqsk_destructor(struct request_sock *req) 505 { 506 kfree_skb(inet6_rsk(req)->pktopts); 507 } 508 509 #ifdef CONFIG_TCP_MD5SIG 510 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, 511 const struct in6_addr *addr) 512 { 513 return tcp_md5_do_lookup(sk, (union tcp_md5_addr *)addr, AF_INET6); 514 } 515 516 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk, 517 struct sock *addr_sk) 518 { 519 return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr); 520 } 521 522 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk, 523 struct request_sock *req) 524 { 525 return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr); 526 } 527 528 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval, 529 int optlen) 530 { 531 struct tcp_md5sig cmd; 532 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr; 533 534 if (optlen < sizeof(cmd)) 535 return -EINVAL; 536 537 if (copy_from_user(&cmd, optval, sizeof(cmd))) 538 return -EFAULT; 539 540 if (sin6->sin6_family != AF_INET6) 541 return -EINVAL; 542 543 if (!cmd.tcpm_keylen) { 544 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) 545 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3], 546 AF_INET); 547 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr, 548 AF_INET6); 549 } 550 551 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN) 552 return -EINVAL; 553 554 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) 555 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3], 556 AF_INET, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL); 557 558 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr, 559 AF_INET6, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL); 560 } 561 562 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp, 563 const struct in6_addr *daddr, 564 const struct in6_addr *saddr, int nbytes) 565 { 566 struct tcp6_pseudohdr *bp; 567 struct scatterlist sg; 568 569 bp = &hp->md5_blk.ip6; 570 /* 1. TCP pseudo-header (RFC2460) */ 571 bp->saddr = *saddr; 572 bp->daddr = *daddr; 573 bp->protocol = cpu_to_be32(IPPROTO_TCP); 574 bp->len = cpu_to_be32(nbytes); 575 576 sg_init_one(&sg, bp, sizeof(*bp)); 577 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp)); 578 } 579 580 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key, 581 const struct in6_addr *daddr, struct in6_addr *saddr, 582 const struct tcphdr *th) 583 { 584 struct tcp_md5sig_pool *hp; 585 struct hash_desc *desc; 586 587 hp = tcp_get_md5sig_pool(); 588 if (!hp) 589 goto clear_hash_noput; 590 desc = &hp->md5_desc; 591 592 if (crypto_hash_init(desc)) 593 goto clear_hash; 594 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2)) 595 goto clear_hash; 596 if (tcp_md5_hash_header(hp, th)) 597 goto clear_hash; 598 if (tcp_md5_hash_key(hp, key)) 599 goto clear_hash; 600 if (crypto_hash_final(desc, md5_hash)) 601 goto clear_hash; 602 603 tcp_put_md5sig_pool(); 604 return 0; 605 606 clear_hash: 607 tcp_put_md5sig_pool(); 608 clear_hash_noput: 609 memset(md5_hash, 0, 16); 610 return 1; 611 } 612 613 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key, 614 const struct sock *sk, 615 const struct request_sock *req, 616 const struct sk_buff *skb) 617 { 618 const struct in6_addr *saddr, *daddr; 619 struct tcp_md5sig_pool *hp; 620 struct hash_desc *desc; 621 const struct tcphdr *th = tcp_hdr(skb); 622 623 if (sk) { 624 saddr = &inet6_sk(sk)->saddr; 625 daddr = &inet6_sk(sk)->daddr; 626 } else if (req) { 627 saddr = &inet6_rsk(req)->loc_addr; 628 daddr = &inet6_rsk(req)->rmt_addr; 629 } else { 630 const struct ipv6hdr *ip6h = ipv6_hdr(skb); 631 saddr = &ip6h->saddr; 632 daddr = &ip6h->daddr; 633 } 634 635 hp = tcp_get_md5sig_pool(); 636 if (!hp) 637 goto clear_hash_noput; 638 desc = &hp->md5_desc; 639 640 if (crypto_hash_init(desc)) 641 goto clear_hash; 642 643 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len)) 644 goto clear_hash; 645 if (tcp_md5_hash_header(hp, th)) 646 goto clear_hash; 647 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2)) 648 goto clear_hash; 649 if (tcp_md5_hash_key(hp, key)) 650 goto clear_hash; 651 if (crypto_hash_final(desc, md5_hash)) 652 goto clear_hash; 653 654 tcp_put_md5sig_pool(); 655 return 0; 656 657 clear_hash: 658 tcp_put_md5sig_pool(); 659 clear_hash_noput: 660 memset(md5_hash, 0, 16); 661 return 1; 662 } 663 664 static int tcp_v6_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb) 665 { 666 const __u8 *hash_location = NULL; 667 struct tcp_md5sig_key *hash_expected; 668 const struct ipv6hdr *ip6h = ipv6_hdr(skb); 669 const struct tcphdr *th = tcp_hdr(skb); 670 int genhash; 671 u8 newhash[16]; 672 673 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr); 674 hash_location = tcp_parse_md5sig_option(th); 675 676 /* We've parsed the options - do we have a hash? */ 677 if (!hash_expected && !hash_location) 678 return 0; 679 680 if (hash_expected && !hash_location) { 681 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND); 682 return 1; 683 } 684 685 if (!hash_expected && hash_location) { 686 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED); 687 return 1; 688 } 689 690 /* check the signature */ 691 genhash = tcp_v6_md5_hash_skb(newhash, 692 hash_expected, 693 NULL, NULL, skb); 694 695 if (genhash || memcmp(hash_location, newhash, 16) != 0) { 696 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n", 697 genhash ? "failed" : "mismatch", 698 &ip6h->saddr, ntohs(th->source), 699 &ip6h->daddr, ntohs(th->dest)); 700 return 1; 701 } 702 return 0; 703 } 704 #endif 705 706 struct request_sock_ops tcp6_request_sock_ops __read_mostly = { 707 .family = AF_INET6, 708 .obj_size = sizeof(struct tcp6_request_sock), 709 .rtx_syn_ack = tcp_v6_rtx_synack, 710 .send_ack = tcp_v6_reqsk_send_ack, 711 .destructor = tcp_v6_reqsk_destructor, 712 .send_reset = tcp_v6_send_reset, 713 .syn_ack_timeout = tcp_syn_ack_timeout, 714 }; 715 716 #ifdef CONFIG_TCP_MD5SIG 717 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = { 718 .md5_lookup = tcp_v6_reqsk_md5_lookup, 719 .calc_md5_hash = tcp_v6_md5_hash_skb, 720 }; 721 #endif 722 723 static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win, 724 u32 tsval, u32 tsecr, 725 struct tcp_md5sig_key *key, int rst, u8 tclass) 726 { 727 const struct tcphdr *th = tcp_hdr(skb); 728 struct tcphdr *t1; 729 struct sk_buff *buff; 730 struct flowi6 fl6; 731 struct net *net = dev_net(skb_dst(skb)->dev); 732 struct sock *ctl_sk = net->ipv6.tcp_sk; 733 unsigned int tot_len = sizeof(struct tcphdr); 734 struct dst_entry *dst; 735 __be32 *topt; 736 737 if (tsecr) 738 tot_len += TCPOLEN_TSTAMP_ALIGNED; 739 #ifdef CONFIG_TCP_MD5SIG 740 if (key) 741 tot_len += TCPOLEN_MD5SIG_ALIGNED; 742 #endif 743 744 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len, 745 GFP_ATOMIC); 746 if (buff == NULL) 747 return; 748 749 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len); 750 751 t1 = (struct tcphdr *) skb_push(buff, tot_len); 752 skb_reset_transport_header(buff); 753 754 /* Swap the send and the receive. */ 755 memset(t1, 0, sizeof(*t1)); 756 t1->dest = th->source; 757 t1->source = th->dest; 758 t1->doff = tot_len / 4; 759 t1->seq = htonl(seq); 760 t1->ack_seq = htonl(ack); 761 t1->ack = !rst || !th->ack; 762 t1->rst = rst; 763 t1->window = htons(win); 764 765 topt = (__be32 *)(t1 + 1); 766 767 if (tsecr) { 768 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 769 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP); 770 *topt++ = htonl(tsval); 771 *topt++ = htonl(tsecr); 772 } 773 774 #ifdef CONFIG_TCP_MD5SIG 775 if (key) { 776 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 777 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); 778 tcp_v6_md5_hash_hdr((__u8 *)topt, key, 779 &ipv6_hdr(skb)->saddr, 780 &ipv6_hdr(skb)->daddr, t1); 781 } 782 #endif 783 784 memset(&fl6, 0, sizeof(fl6)); 785 fl6.daddr = ipv6_hdr(skb)->saddr; 786 fl6.saddr = ipv6_hdr(skb)->daddr; 787 788 buff->ip_summed = CHECKSUM_PARTIAL; 789 buff->csum = 0; 790 791 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr); 792 793 fl6.flowi6_proto = IPPROTO_TCP; 794 if (ipv6_addr_type(&fl6.daddr) & IPV6_ADDR_LINKLOCAL) 795 fl6.flowi6_oif = inet6_iif(skb); 796 fl6.fl6_dport = t1->dest; 797 fl6.fl6_sport = t1->source; 798 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); 799 800 /* Pass a socket to ip6_dst_lookup either it is for RST 801 * Underlying function will use this to retrieve the network 802 * namespace 803 */ 804 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL, false); 805 if (!IS_ERR(dst)) { 806 skb_dst_set(buff, dst); 807 ip6_xmit(ctl_sk, buff, &fl6, NULL, tclass); 808 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS); 809 if (rst) 810 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS); 811 return; 812 } 813 814 kfree_skb(buff); 815 } 816 817 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb) 818 { 819 const struct tcphdr *th = tcp_hdr(skb); 820 u32 seq = 0, ack_seq = 0; 821 struct tcp_md5sig_key *key = NULL; 822 #ifdef CONFIG_TCP_MD5SIG 823 const __u8 *hash_location = NULL; 824 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 825 unsigned char newhash[16]; 826 int genhash; 827 struct sock *sk1 = NULL; 828 #endif 829 830 if (th->rst) 831 return; 832 833 if (!ipv6_unicast_destination(skb)) 834 return; 835 836 #ifdef CONFIG_TCP_MD5SIG 837 hash_location = tcp_parse_md5sig_option(th); 838 if (!sk && hash_location) { 839 /* 840 * active side is lost. Try to find listening socket through 841 * source port, and then find md5 key through listening socket. 842 * we are not loose security here: 843 * Incoming packet is checked with md5 hash with finding key, 844 * no RST generated if md5 hash doesn't match. 845 */ 846 sk1 = inet6_lookup_listener(dev_net(skb_dst(skb)->dev), 847 &tcp_hashinfo, &ipv6h->saddr, 848 th->source, &ipv6h->daddr, 849 ntohs(th->source), inet6_iif(skb)); 850 if (!sk1) 851 return; 852 853 rcu_read_lock(); 854 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr); 855 if (!key) 856 goto release_sk1; 857 858 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, NULL, skb); 859 if (genhash || memcmp(hash_location, newhash, 16) != 0) 860 goto release_sk1; 861 } else { 862 key = sk ? tcp_v6_md5_do_lookup(sk, &ipv6h->saddr) : NULL; 863 } 864 #endif 865 866 if (th->ack) 867 seq = ntohl(th->ack_seq); 868 else 869 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len - 870 (th->doff << 2); 871 872 tcp_v6_send_response(skb, seq, ack_seq, 0, 0, 0, key, 1, 0); 873 874 #ifdef CONFIG_TCP_MD5SIG 875 release_sk1: 876 if (sk1) { 877 rcu_read_unlock(); 878 sock_put(sk1); 879 } 880 #endif 881 } 882 883 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, 884 u32 win, u32 tsval, u32 tsecr, 885 struct tcp_md5sig_key *key, u8 tclass) 886 { 887 tcp_v6_send_response(skb, seq, ack, win, tsval, tsecr, key, 0, tclass); 888 } 889 890 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb) 891 { 892 struct inet_timewait_sock *tw = inet_twsk(sk); 893 struct tcp_timewait_sock *tcptw = tcp_twsk(sk); 894 895 tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt, 896 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale, 897 tcp_time_stamp + tcptw->tw_ts_offset, 898 tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw), 899 tw->tw_tclass); 900 901 inet_twsk_put(tw); 902 } 903 904 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb, 905 struct request_sock *req) 906 { 907 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, 908 req->rcv_wnd, tcp_time_stamp, req->ts_recent, 909 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr), 0); 910 } 911 912 913 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb) 914 { 915 struct request_sock *req, **prev; 916 const struct tcphdr *th = tcp_hdr(skb); 917 struct sock *nsk; 918 919 /* Find possible connection requests. */ 920 req = inet6_csk_search_req(sk, &prev, th->source, 921 &ipv6_hdr(skb)->saddr, 922 &ipv6_hdr(skb)->daddr, inet6_iif(skb)); 923 if (req) 924 return tcp_check_req(sk, skb, req, prev, false); 925 926 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo, 927 &ipv6_hdr(skb)->saddr, th->source, 928 &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb)); 929 930 if (nsk) { 931 if (nsk->sk_state != TCP_TIME_WAIT) { 932 bh_lock_sock(nsk); 933 return nsk; 934 } 935 inet_twsk_put(inet_twsk(nsk)); 936 return NULL; 937 } 938 939 #ifdef CONFIG_SYN_COOKIES 940 if (!th->syn) 941 sk = cookie_v6_check(sk, skb); 942 #endif 943 return sk; 944 } 945 946 /* FIXME: this is substantially similar to the ipv4 code. 947 * Can some kind of merge be done? -- erics 948 */ 949 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb) 950 { 951 struct tcp_extend_values tmp_ext; 952 struct tcp_options_received tmp_opt; 953 const u8 *hash_location; 954 struct request_sock *req; 955 struct inet6_request_sock *treq; 956 struct ipv6_pinfo *np = inet6_sk(sk); 957 struct tcp_sock *tp = tcp_sk(sk); 958 __u32 isn = TCP_SKB_CB(skb)->when; 959 struct dst_entry *dst = NULL; 960 struct flowi6 fl6; 961 bool want_cookie = false; 962 963 if (skb->protocol == htons(ETH_P_IP)) 964 return tcp_v4_conn_request(sk, skb); 965 966 if (!ipv6_unicast_destination(skb)) 967 goto drop; 968 969 if (inet_csk_reqsk_queue_is_full(sk) && !isn) { 970 want_cookie = tcp_syn_flood_action(sk, skb, "TCPv6"); 971 if (!want_cookie) 972 goto drop; 973 } 974 975 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) { 976 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); 977 goto drop; 978 } 979 980 req = inet6_reqsk_alloc(&tcp6_request_sock_ops); 981 if (req == NULL) 982 goto drop; 983 984 #ifdef CONFIG_TCP_MD5SIG 985 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops; 986 #endif 987 988 tcp_clear_options(&tmp_opt); 989 tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 990 tmp_opt.user_mss = tp->rx_opt.user_mss; 991 tcp_parse_options(skb, &tmp_opt, &hash_location, 0, NULL); 992 993 if (tmp_opt.cookie_plus > 0 && 994 tmp_opt.saw_tstamp && 995 !tp->rx_opt.cookie_out_never && 996 (sysctl_tcp_cookie_size > 0 || 997 (tp->cookie_values != NULL && 998 tp->cookie_values->cookie_desired > 0))) { 999 u8 *c; 1000 u32 *d; 1001 u32 *mess = &tmp_ext.cookie_bakery[COOKIE_DIGEST_WORDS]; 1002 int l = tmp_opt.cookie_plus - TCPOLEN_COOKIE_BASE; 1003 1004 if (tcp_cookie_generator(&tmp_ext.cookie_bakery[0]) != 0) 1005 goto drop_and_free; 1006 1007 /* Secret recipe starts with IP addresses */ 1008 d = (__force u32 *)&ipv6_hdr(skb)->daddr.s6_addr32[0]; 1009 *mess++ ^= *d++; 1010 *mess++ ^= *d++; 1011 *mess++ ^= *d++; 1012 *mess++ ^= *d++; 1013 d = (__force u32 *)&ipv6_hdr(skb)->saddr.s6_addr32[0]; 1014 *mess++ ^= *d++; 1015 *mess++ ^= *d++; 1016 *mess++ ^= *d++; 1017 *mess++ ^= *d++; 1018 1019 /* plus variable length Initiator Cookie */ 1020 c = (u8 *)mess; 1021 while (l-- > 0) 1022 *c++ ^= *hash_location++; 1023 1024 want_cookie = false; /* not our kind of cookie */ 1025 tmp_ext.cookie_out_never = 0; /* false */ 1026 tmp_ext.cookie_plus = tmp_opt.cookie_plus; 1027 } else if (!tp->rx_opt.cookie_in_always) { 1028 /* redundant indications, but ensure initialization. */ 1029 tmp_ext.cookie_out_never = 1; /* true */ 1030 tmp_ext.cookie_plus = 0; 1031 } else { 1032 goto drop_and_free; 1033 } 1034 tmp_ext.cookie_in_always = tp->rx_opt.cookie_in_always; 1035 1036 if (want_cookie && !tmp_opt.saw_tstamp) 1037 tcp_clear_options(&tmp_opt); 1038 1039 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp; 1040 tcp_openreq_init(req, &tmp_opt, skb); 1041 1042 treq = inet6_rsk(req); 1043 treq->rmt_addr = ipv6_hdr(skb)->saddr; 1044 treq->loc_addr = ipv6_hdr(skb)->daddr; 1045 if (!want_cookie || tmp_opt.tstamp_ok) 1046 TCP_ECN_create_request(req, skb, sock_net(sk)); 1047 1048 treq->iif = sk->sk_bound_dev_if; 1049 1050 /* So that link locals have meaning */ 1051 if (!sk->sk_bound_dev_if && 1052 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL) 1053 treq->iif = inet6_iif(skb); 1054 1055 if (!isn) { 1056 if (ipv6_opt_accepted(sk, skb) || 1057 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || 1058 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) { 1059 atomic_inc(&skb->users); 1060 treq->pktopts = skb; 1061 } 1062 1063 if (want_cookie) { 1064 isn = cookie_v6_init_sequence(sk, skb, &req->mss); 1065 req->cookie_ts = tmp_opt.tstamp_ok; 1066 goto have_isn; 1067 } 1068 1069 /* VJ's idea. We save last timestamp seen 1070 * from the destination in peer table, when entering 1071 * state TIME-WAIT, and check against it before 1072 * accepting new connection request. 1073 * 1074 * If "isn" is not zero, this request hit alive 1075 * timewait bucket, so that all the necessary checks 1076 * are made in the function processing timewait state. 1077 */ 1078 if (tmp_opt.saw_tstamp && 1079 tcp_death_row.sysctl_tw_recycle && 1080 (dst = inet6_csk_route_req(sk, &fl6, req)) != NULL) { 1081 if (!tcp_peer_is_proven(req, dst, true)) { 1082 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSPASSIVEREJECTED); 1083 goto drop_and_release; 1084 } 1085 } 1086 /* Kill the following clause, if you dislike this way. */ 1087 else if (!sysctl_tcp_syncookies && 1088 (sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) < 1089 (sysctl_max_syn_backlog >> 2)) && 1090 !tcp_peer_is_proven(req, dst, false)) { 1091 /* Without syncookies last quarter of 1092 * backlog is filled with destinations, 1093 * proven to be alive. 1094 * It means that we continue to communicate 1095 * to destinations, already remembered 1096 * to the moment of synflood. 1097 */ 1098 LIMIT_NETDEBUG(KERN_DEBUG "TCP: drop open request from %pI6/%u\n", 1099 &treq->rmt_addr, ntohs(tcp_hdr(skb)->source)); 1100 goto drop_and_release; 1101 } 1102 1103 isn = tcp_v6_init_sequence(skb); 1104 } 1105 have_isn: 1106 tcp_rsk(req)->snt_isn = isn; 1107 1108 if (security_inet_conn_request(sk, skb, req)) 1109 goto drop_and_release; 1110 1111 if (tcp_v6_send_synack(sk, dst, &fl6, req, 1112 (struct request_values *)&tmp_ext, 1113 skb_get_queue_mapping(skb)) || 1114 want_cookie) 1115 goto drop_and_free; 1116 1117 tcp_rsk(req)->snt_synack = tcp_time_stamp; 1118 tcp_rsk(req)->listener = NULL; 1119 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT); 1120 return 0; 1121 1122 drop_and_release: 1123 dst_release(dst); 1124 drop_and_free: 1125 reqsk_free(req); 1126 drop: 1127 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); 1128 return 0; /* don't send reset */ 1129 } 1130 1131 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb, 1132 struct request_sock *req, 1133 struct dst_entry *dst) 1134 { 1135 struct inet6_request_sock *treq; 1136 struct ipv6_pinfo *newnp, *np = inet6_sk(sk); 1137 struct tcp6_sock *newtcp6sk; 1138 struct inet_sock *newinet; 1139 struct tcp_sock *newtp; 1140 struct sock *newsk; 1141 #ifdef CONFIG_TCP_MD5SIG 1142 struct tcp_md5sig_key *key; 1143 #endif 1144 struct flowi6 fl6; 1145 1146 if (skb->protocol == htons(ETH_P_IP)) { 1147 /* 1148 * v6 mapped 1149 */ 1150 1151 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst); 1152 1153 if (newsk == NULL) 1154 return NULL; 1155 1156 newtcp6sk = (struct tcp6_sock *)newsk; 1157 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1158 1159 newinet = inet_sk(newsk); 1160 newnp = inet6_sk(newsk); 1161 newtp = tcp_sk(newsk); 1162 1163 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1164 1165 ipv6_addr_set_v4mapped(newinet->inet_daddr, &newnp->daddr); 1166 1167 ipv6_addr_set_v4mapped(newinet->inet_saddr, &newnp->saddr); 1168 1169 newnp->rcv_saddr = newnp->saddr; 1170 1171 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped; 1172 newsk->sk_backlog_rcv = tcp_v4_do_rcv; 1173 #ifdef CONFIG_TCP_MD5SIG 1174 newtp->af_specific = &tcp_sock_ipv6_mapped_specific; 1175 #endif 1176 1177 newnp->ipv6_ac_list = NULL; 1178 newnp->ipv6_fl_list = NULL; 1179 newnp->pktoptions = NULL; 1180 newnp->opt = NULL; 1181 newnp->mcast_oif = inet6_iif(skb); 1182 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1183 newnp->rcv_tclass = ipv6_get_dsfield(ipv6_hdr(skb)); 1184 1185 /* 1186 * No need to charge this sock to the relevant IPv6 refcnt debug socks count 1187 * here, tcp_create_openreq_child now does this for us, see the comment in 1188 * that function for the gory details. -acme 1189 */ 1190 1191 /* It is tricky place. Until this moment IPv4 tcp 1192 worked with IPv6 icsk.icsk_af_ops. 1193 Sync it now. 1194 */ 1195 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); 1196 1197 return newsk; 1198 } 1199 1200 treq = inet6_rsk(req); 1201 1202 if (sk_acceptq_is_full(sk)) 1203 goto out_overflow; 1204 1205 if (!dst) { 1206 dst = inet6_csk_route_req(sk, &fl6, req); 1207 if (!dst) 1208 goto out; 1209 } 1210 1211 newsk = tcp_create_openreq_child(sk, req, skb); 1212 if (newsk == NULL) 1213 goto out_nonewsk; 1214 1215 /* 1216 * No need to charge this sock to the relevant IPv6 refcnt debug socks 1217 * count here, tcp_create_openreq_child now does this for us, see the 1218 * comment in that function for the gory details. -acme 1219 */ 1220 1221 newsk->sk_gso_type = SKB_GSO_TCPV6; 1222 __ip6_dst_store(newsk, dst, NULL, NULL); 1223 inet6_sk_rx_dst_set(newsk, skb); 1224 1225 newtcp6sk = (struct tcp6_sock *)newsk; 1226 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1227 1228 newtp = tcp_sk(newsk); 1229 newinet = inet_sk(newsk); 1230 newnp = inet6_sk(newsk); 1231 1232 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1233 1234 newnp->daddr = treq->rmt_addr; 1235 newnp->saddr = treq->loc_addr; 1236 newnp->rcv_saddr = treq->loc_addr; 1237 newsk->sk_bound_dev_if = treq->iif; 1238 1239 /* Now IPv6 options... 1240 1241 First: no IPv4 options. 1242 */ 1243 newinet->inet_opt = NULL; 1244 newnp->ipv6_ac_list = NULL; 1245 newnp->ipv6_fl_list = NULL; 1246 1247 /* Clone RX bits */ 1248 newnp->rxopt.all = np->rxopt.all; 1249 1250 /* Clone pktoptions received with SYN */ 1251 newnp->pktoptions = NULL; 1252 if (treq->pktopts != NULL) { 1253 newnp->pktoptions = skb_clone(treq->pktopts, 1254 sk_gfp_atomic(sk, GFP_ATOMIC)); 1255 consume_skb(treq->pktopts); 1256 treq->pktopts = NULL; 1257 if (newnp->pktoptions) 1258 skb_set_owner_r(newnp->pktoptions, newsk); 1259 } 1260 newnp->opt = NULL; 1261 newnp->mcast_oif = inet6_iif(skb); 1262 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1263 newnp->rcv_tclass = ipv6_get_dsfield(ipv6_hdr(skb)); 1264 1265 /* Clone native IPv6 options from listening socket (if any) 1266 1267 Yes, keeping reference count would be much more clever, 1268 but we make one more one thing there: reattach optmem 1269 to newsk. 1270 */ 1271 if (np->opt) 1272 newnp->opt = ipv6_dup_options(newsk, np->opt); 1273 1274 inet_csk(newsk)->icsk_ext_hdr_len = 0; 1275 if (newnp->opt) 1276 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen + 1277 newnp->opt->opt_flen); 1278 1279 tcp_mtup_init(newsk); 1280 tcp_sync_mss(newsk, dst_mtu(dst)); 1281 newtp->advmss = dst_metric_advmss(dst); 1282 if (tcp_sk(sk)->rx_opt.user_mss && 1283 tcp_sk(sk)->rx_opt.user_mss < newtp->advmss) 1284 newtp->advmss = tcp_sk(sk)->rx_opt.user_mss; 1285 1286 tcp_initialize_rcv_mss(newsk); 1287 tcp_synack_rtt_meas(newsk, req); 1288 newtp->total_retrans = req->num_retrans; 1289 1290 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6; 1291 newinet->inet_rcv_saddr = LOOPBACK4_IPV6; 1292 1293 #ifdef CONFIG_TCP_MD5SIG 1294 /* Copy over the MD5 key from the original socket */ 1295 if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) { 1296 /* We're using one, so create a matching key 1297 * on the newsk structure. If we fail to get 1298 * memory, then we end up not copying the key 1299 * across. Shucks. 1300 */ 1301 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newnp->daddr, 1302 AF_INET6, key->key, key->keylen, 1303 sk_gfp_atomic(sk, GFP_ATOMIC)); 1304 } 1305 #endif 1306 1307 if (__inet_inherit_port(sk, newsk) < 0) { 1308 inet_csk_prepare_forced_close(newsk); 1309 tcp_done(newsk); 1310 goto out; 1311 } 1312 __inet6_hash(newsk, NULL); 1313 1314 return newsk; 1315 1316 out_overflow: 1317 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); 1318 out_nonewsk: 1319 dst_release(dst); 1320 out: 1321 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); 1322 return NULL; 1323 } 1324 1325 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb) 1326 { 1327 if (skb->ip_summed == CHECKSUM_COMPLETE) { 1328 if (!tcp_v6_check(skb->len, &ipv6_hdr(skb)->saddr, 1329 &ipv6_hdr(skb)->daddr, skb->csum)) { 1330 skb->ip_summed = CHECKSUM_UNNECESSARY; 1331 return 0; 1332 } 1333 } 1334 1335 skb->csum = ~csum_unfold(tcp_v6_check(skb->len, 1336 &ipv6_hdr(skb)->saddr, 1337 &ipv6_hdr(skb)->daddr, 0)); 1338 1339 if (skb->len <= 76) { 1340 return __skb_checksum_complete(skb); 1341 } 1342 return 0; 1343 } 1344 1345 /* The socket must have it's spinlock held when we get 1346 * here. 1347 * 1348 * We have a potential double-lock case here, so even when 1349 * doing backlog processing we use the BH locking scheme. 1350 * This is because we cannot sleep with the original spinlock 1351 * held. 1352 */ 1353 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) 1354 { 1355 struct ipv6_pinfo *np = inet6_sk(sk); 1356 struct tcp_sock *tp; 1357 struct sk_buff *opt_skb = NULL; 1358 1359 /* Imagine: socket is IPv6. IPv4 packet arrives, 1360 goes to IPv4 receive handler and backlogged. 1361 From backlog it always goes here. Kerboom... 1362 Fortunately, tcp_rcv_established and rcv_established 1363 handle them correctly, but it is not case with 1364 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK 1365 */ 1366 1367 if (skb->protocol == htons(ETH_P_IP)) 1368 return tcp_v4_do_rcv(sk, skb); 1369 1370 #ifdef CONFIG_TCP_MD5SIG 1371 if (tcp_v6_inbound_md5_hash (sk, skb)) 1372 goto discard; 1373 #endif 1374 1375 if (sk_filter(sk, skb)) 1376 goto discard; 1377 1378 /* 1379 * socket locking is here for SMP purposes as backlog rcv 1380 * is currently called with bh processing disabled. 1381 */ 1382 1383 /* Do Stevens' IPV6_PKTOPTIONS. 1384 1385 Yes, guys, it is the only place in our code, where we 1386 may make it not affecting IPv4. 1387 The rest of code is protocol independent, 1388 and I do not like idea to uglify IPv4. 1389 1390 Actually, all the idea behind IPV6_PKTOPTIONS 1391 looks not very well thought. For now we latch 1392 options, received in the last packet, enqueued 1393 by tcp. Feel free to propose better solution. 1394 --ANK (980728) 1395 */ 1396 if (np->rxopt.all) 1397 opt_skb = skb_clone(skb, sk_gfp_atomic(sk, GFP_ATOMIC)); 1398 1399 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ 1400 struct dst_entry *dst = sk->sk_rx_dst; 1401 1402 sock_rps_save_rxhash(sk, skb); 1403 if (dst) { 1404 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif || 1405 dst->ops->check(dst, np->rx_dst_cookie) == NULL) { 1406 dst_release(dst); 1407 sk->sk_rx_dst = NULL; 1408 } 1409 } 1410 1411 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) 1412 goto reset; 1413 if (opt_skb) 1414 goto ipv6_pktoptions; 1415 return 0; 1416 } 1417 1418 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb)) 1419 goto csum_err; 1420 1421 if (sk->sk_state == TCP_LISTEN) { 1422 struct sock *nsk = tcp_v6_hnd_req(sk, skb); 1423 if (!nsk) 1424 goto discard; 1425 1426 /* 1427 * Queue it on the new socket if the new socket is active, 1428 * otherwise we just shortcircuit this and continue with 1429 * the new socket.. 1430 */ 1431 if(nsk != sk) { 1432 sock_rps_save_rxhash(nsk, skb); 1433 if (tcp_child_process(sk, nsk, skb)) 1434 goto reset; 1435 if (opt_skb) 1436 __kfree_skb(opt_skb); 1437 return 0; 1438 } 1439 } else 1440 sock_rps_save_rxhash(sk, skb); 1441 1442 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) 1443 goto reset; 1444 if (opt_skb) 1445 goto ipv6_pktoptions; 1446 return 0; 1447 1448 reset: 1449 tcp_v6_send_reset(sk, skb); 1450 discard: 1451 if (opt_skb) 1452 __kfree_skb(opt_skb); 1453 kfree_skb(skb); 1454 return 0; 1455 csum_err: 1456 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS); 1457 goto discard; 1458 1459 1460 ipv6_pktoptions: 1461 /* Do you ask, what is it? 1462 1463 1. skb was enqueued by tcp. 1464 2. skb is added to tail of read queue, rather than out of order. 1465 3. socket is not in passive state. 1466 4. Finally, it really contains options, which user wants to receive. 1467 */ 1468 tp = tcp_sk(sk); 1469 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt && 1470 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) { 1471 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo) 1472 np->mcast_oif = inet6_iif(opt_skb); 1473 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) 1474 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit; 1475 if (np->rxopt.bits.rxtclass) 1476 np->rcv_tclass = ipv6_get_dsfield(ipv6_hdr(skb)); 1477 if (ipv6_opt_accepted(sk, opt_skb)) { 1478 skb_set_owner_r(opt_skb, sk); 1479 opt_skb = xchg(&np->pktoptions, opt_skb); 1480 } else { 1481 __kfree_skb(opt_skb); 1482 opt_skb = xchg(&np->pktoptions, NULL); 1483 } 1484 } 1485 1486 kfree_skb(opt_skb); 1487 return 0; 1488 } 1489 1490 static int tcp_v6_rcv(struct sk_buff *skb) 1491 { 1492 const struct tcphdr *th; 1493 const struct ipv6hdr *hdr; 1494 struct sock *sk; 1495 int ret; 1496 struct net *net = dev_net(skb->dev); 1497 1498 if (skb->pkt_type != PACKET_HOST) 1499 goto discard_it; 1500 1501 /* 1502 * Count it even if it's bad. 1503 */ 1504 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS); 1505 1506 if (!pskb_may_pull(skb, sizeof(struct tcphdr))) 1507 goto discard_it; 1508 1509 th = tcp_hdr(skb); 1510 1511 if (th->doff < sizeof(struct tcphdr)/4) 1512 goto bad_packet; 1513 if (!pskb_may_pull(skb, th->doff*4)) 1514 goto discard_it; 1515 1516 if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb)) 1517 goto bad_packet; 1518 1519 th = tcp_hdr(skb); 1520 hdr = ipv6_hdr(skb); 1521 TCP_SKB_CB(skb)->seq = ntohl(th->seq); 1522 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin + 1523 skb->len - th->doff*4); 1524 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq); 1525 TCP_SKB_CB(skb)->when = 0; 1526 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr); 1527 TCP_SKB_CB(skb)->sacked = 0; 1528 1529 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); 1530 if (!sk) 1531 goto no_tcp_socket; 1532 1533 process: 1534 if (sk->sk_state == TCP_TIME_WAIT) 1535 goto do_time_wait; 1536 1537 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) { 1538 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); 1539 goto discard_and_relse; 1540 } 1541 1542 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) 1543 goto discard_and_relse; 1544 1545 if (sk_filter(sk, skb)) 1546 goto discard_and_relse; 1547 1548 skb->dev = NULL; 1549 1550 bh_lock_sock_nested(sk); 1551 ret = 0; 1552 if (!sock_owned_by_user(sk)) { 1553 #ifdef CONFIG_NET_DMA 1554 struct tcp_sock *tp = tcp_sk(sk); 1555 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list) 1556 tp->ucopy.dma_chan = net_dma_find_channel(); 1557 if (tp->ucopy.dma_chan) 1558 ret = tcp_v6_do_rcv(sk, skb); 1559 else 1560 #endif 1561 { 1562 if (!tcp_prequeue(sk, skb)) 1563 ret = tcp_v6_do_rcv(sk, skb); 1564 } 1565 } else if (unlikely(sk_add_backlog(sk, skb, 1566 sk->sk_rcvbuf + sk->sk_sndbuf))) { 1567 bh_unlock_sock(sk); 1568 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP); 1569 goto discard_and_relse; 1570 } 1571 bh_unlock_sock(sk); 1572 1573 sock_put(sk); 1574 return ret ? -1 : 0; 1575 1576 no_tcp_socket: 1577 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 1578 goto discard_it; 1579 1580 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1581 bad_packet: 1582 TCP_INC_STATS_BH(net, TCP_MIB_INERRS); 1583 } else { 1584 tcp_v6_send_reset(NULL, skb); 1585 } 1586 1587 discard_it: 1588 1589 /* 1590 * Discard frame 1591 */ 1592 1593 kfree_skb(skb); 1594 return 0; 1595 1596 discard_and_relse: 1597 sock_put(sk); 1598 goto discard_it; 1599 1600 do_time_wait: 1601 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 1602 inet_twsk_put(inet_twsk(sk)); 1603 goto discard_it; 1604 } 1605 1606 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1607 TCP_INC_STATS_BH(net, TCP_MIB_INERRS); 1608 inet_twsk_put(inet_twsk(sk)); 1609 goto discard_it; 1610 } 1611 1612 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) { 1613 case TCP_TW_SYN: 1614 { 1615 struct sock *sk2; 1616 1617 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo, 1618 &ipv6_hdr(skb)->saddr, th->source, 1619 &ipv6_hdr(skb)->daddr, 1620 ntohs(th->dest), inet6_iif(skb)); 1621 if (sk2 != NULL) { 1622 struct inet_timewait_sock *tw = inet_twsk(sk); 1623 inet_twsk_deschedule(tw, &tcp_death_row); 1624 inet_twsk_put(tw); 1625 sk = sk2; 1626 goto process; 1627 } 1628 /* Fall through to ACK */ 1629 } 1630 case TCP_TW_ACK: 1631 tcp_v6_timewait_ack(sk, skb); 1632 break; 1633 case TCP_TW_RST: 1634 goto no_tcp_socket; 1635 case TCP_TW_SUCCESS:; 1636 } 1637 goto discard_it; 1638 } 1639 1640 static void tcp_v6_early_demux(struct sk_buff *skb) 1641 { 1642 const struct ipv6hdr *hdr; 1643 const struct tcphdr *th; 1644 struct sock *sk; 1645 1646 if (skb->pkt_type != PACKET_HOST) 1647 return; 1648 1649 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr))) 1650 return; 1651 1652 hdr = ipv6_hdr(skb); 1653 th = tcp_hdr(skb); 1654 1655 if (th->doff < sizeof(struct tcphdr) / 4) 1656 return; 1657 1658 sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo, 1659 &hdr->saddr, th->source, 1660 &hdr->daddr, ntohs(th->dest), 1661 inet6_iif(skb)); 1662 if (sk) { 1663 skb->sk = sk; 1664 skb->destructor = sock_edemux; 1665 if (sk->sk_state != TCP_TIME_WAIT) { 1666 struct dst_entry *dst = sk->sk_rx_dst; 1667 1668 if (dst) 1669 dst = dst_check(dst, inet6_sk(sk)->rx_dst_cookie); 1670 if (dst && 1671 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif) 1672 skb_dst_set_noref(skb, dst); 1673 } 1674 } 1675 } 1676 1677 static struct timewait_sock_ops tcp6_timewait_sock_ops = { 1678 .twsk_obj_size = sizeof(struct tcp6_timewait_sock), 1679 .twsk_unique = tcp_twsk_unique, 1680 .twsk_destructor= tcp_twsk_destructor, 1681 }; 1682 1683 static const struct inet_connection_sock_af_ops ipv6_specific = { 1684 .queue_xmit = inet6_csk_xmit, 1685 .send_check = tcp_v6_send_check, 1686 .rebuild_header = inet6_sk_rebuild_header, 1687 .sk_rx_dst_set = inet6_sk_rx_dst_set, 1688 .conn_request = tcp_v6_conn_request, 1689 .syn_recv_sock = tcp_v6_syn_recv_sock, 1690 .net_header_len = sizeof(struct ipv6hdr), 1691 .net_frag_header_len = sizeof(struct frag_hdr), 1692 .setsockopt = ipv6_setsockopt, 1693 .getsockopt = ipv6_getsockopt, 1694 .addr2sockaddr = inet6_csk_addr2sockaddr, 1695 .sockaddr_len = sizeof(struct sockaddr_in6), 1696 .bind_conflict = inet6_csk_bind_conflict, 1697 #ifdef CONFIG_COMPAT 1698 .compat_setsockopt = compat_ipv6_setsockopt, 1699 .compat_getsockopt = compat_ipv6_getsockopt, 1700 #endif 1701 }; 1702 1703 #ifdef CONFIG_TCP_MD5SIG 1704 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = { 1705 .md5_lookup = tcp_v6_md5_lookup, 1706 .calc_md5_hash = tcp_v6_md5_hash_skb, 1707 .md5_parse = tcp_v6_parse_md5_keys, 1708 }; 1709 #endif 1710 1711 /* 1712 * TCP over IPv4 via INET6 API 1713 */ 1714 1715 static const struct inet_connection_sock_af_ops ipv6_mapped = { 1716 .queue_xmit = ip_queue_xmit, 1717 .send_check = tcp_v4_send_check, 1718 .rebuild_header = inet_sk_rebuild_header, 1719 .sk_rx_dst_set = inet_sk_rx_dst_set, 1720 .conn_request = tcp_v6_conn_request, 1721 .syn_recv_sock = tcp_v6_syn_recv_sock, 1722 .net_header_len = sizeof(struct iphdr), 1723 .setsockopt = ipv6_setsockopt, 1724 .getsockopt = ipv6_getsockopt, 1725 .addr2sockaddr = inet6_csk_addr2sockaddr, 1726 .sockaddr_len = sizeof(struct sockaddr_in6), 1727 .bind_conflict = inet6_csk_bind_conflict, 1728 #ifdef CONFIG_COMPAT 1729 .compat_setsockopt = compat_ipv6_setsockopt, 1730 .compat_getsockopt = compat_ipv6_getsockopt, 1731 #endif 1732 }; 1733 1734 #ifdef CONFIG_TCP_MD5SIG 1735 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = { 1736 .md5_lookup = tcp_v4_md5_lookup, 1737 .calc_md5_hash = tcp_v4_md5_hash_skb, 1738 .md5_parse = tcp_v6_parse_md5_keys, 1739 }; 1740 #endif 1741 1742 /* NOTE: A lot of things set to zero explicitly by call to 1743 * sk_alloc() so need not be done here. 1744 */ 1745 static int tcp_v6_init_sock(struct sock *sk) 1746 { 1747 struct inet_connection_sock *icsk = inet_csk(sk); 1748 1749 tcp_init_sock(sk); 1750 1751 icsk->icsk_af_ops = &ipv6_specific; 1752 1753 #ifdef CONFIG_TCP_MD5SIG 1754 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific; 1755 #endif 1756 1757 return 0; 1758 } 1759 1760 static void tcp_v6_destroy_sock(struct sock *sk) 1761 { 1762 tcp_v4_destroy_sock(sk); 1763 inet6_destroy_sock(sk); 1764 } 1765 1766 #ifdef CONFIG_PROC_FS 1767 /* Proc filesystem TCPv6 sock list dumping. */ 1768 static void get_openreq6(struct seq_file *seq, 1769 const struct sock *sk, struct request_sock *req, int i, kuid_t uid) 1770 { 1771 int ttd = req->expires - jiffies; 1772 const struct in6_addr *src = &inet6_rsk(req)->loc_addr; 1773 const struct in6_addr *dest = &inet6_rsk(req)->rmt_addr; 1774 1775 if (ttd < 0) 1776 ttd = 0; 1777 1778 seq_printf(seq, 1779 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1780 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n", 1781 i, 1782 src->s6_addr32[0], src->s6_addr32[1], 1783 src->s6_addr32[2], src->s6_addr32[3], 1784 ntohs(inet_rsk(req)->loc_port), 1785 dest->s6_addr32[0], dest->s6_addr32[1], 1786 dest->s6_addr32[2], dest->s6_addr32[3], 1787 ntohs(inet_rsk(req)->rmt_port), 1788 TCP_SYN_RECV, 1789 0,0, /* could print option size, but that is af dependent. */ 1790 1, /* timers active (only the expire timer) */ 1791 jiffies_to_clock_t(ttd), 1792 req->num_timeout, 1793 from_kuid_munged(seq_user_ns(seq), uid), 1794 0, /* non standard timer */ 1795 0, /* open_requests have no inode */ 1796 0, req); 1797 } 1798 1799 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) 1800 { 1801 const struct in6_addr *dest, *src; 1802 __u16 destp, srcp; 1803 int timer_active; 1804 unsigned long timer_expires; 1805 const struct inet_sock *inet = inet_sk(sp); 1806 const struct tcp_sock *tp = tcp_sk(sp); 1807 const struct inet_connection_sock *icsk = inet_csk(sp); 1808 const struct ipv6_pinfo *np = inet6_sk(sp); 1809 1810 dest = &np->daddr; 1811 src = &np->rcv_saddr; 1812 destp = ntohs(inet->inet_dport); 1813 srcp = ntohs(inet->inet_sport); 1814 1815 if (icsk->icsk_pending == ICSK_TIME_RETRANS) { 1816 timer_active = 1; 1817 timer_expires = icsk->icsk_timeout; 1818 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) { 1819 timer_active = 4; 1820 timer_expires = icsk->icsk_timeout; 1821 } else if (timer_pending(&sp->sk_timer)) { 1822 timer_active = 2; 1823 timer_expires = sp->sk_timer.expires; 1824 } else { 1825 timer_active = 0; 1826 timer_expires = jiffies; 1827 } 1828 1829 seq_printf(seq, 1830 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1831 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %pK %lu %lu %u %u %d\n", 1832 i, 1833 src->s6_addr32[0], src->s6_addr32[1], 1834 src->s6_addr32[2], src->s6_addr32[3], srcp, 1835 dest->s6_addr32[0], dest->s6_addr32[1], 1836 dest->s6_addr32[2], dest->s6_addr32[3], destp, 1837 sp->sk_state, 1838 tp->write_seq-tp->snd_una, 1839 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq), 1840 timer_active, 1841 jiffies_delta_to_clock_t(timer_expires - jiffies), 1842 icsk->icsk_retransmits, 1843 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)), 1844 icsk->icsk_probes_out, 1845 sock_i_ino(sp), 1846 atomic_read(&sp->sk_refcnt), sp, 1847 jiffies_to_clock_t(icsk->icsk_rto), 1848 jiffies_to_clock_t(icsk->icsk_ack.ato), 1849 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong, 1850 tp->snd_cwnd, 1851 tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh 1852 ); 1853 } 1854 1855 static void get_timewait6_sock(struct seq_file *seq, 1856 struct inet_timewait_sock *tw, int i) 1857 { 1858 const struct in6_addr *dest, *src; 1859 __u16 destp, srcp; 1860 const struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw); 1861 long delta = tw->tw_ttd - jiffies; 1862 1863 dest = &tw6->tw_v6_daddr; 1864 src = &tw6->tw_v6_rcv_saddr; 1865 destp = ntohs(tw->tw_dport); 1866 srcp = ntohs(tw->tw_sport); 1867 1868 seq_printf(seq, 1869 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1870 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n", 1871 i, 1872 src->s6_addr32[0], src->s6_addr32[1], 1873 src->s6_addr32[2], src->s6_addr32[3], srcp, 1874 dest->s6_addr32[0], dest->s6_addr32[1], 1875 dest->s6_addr32[2], dest->s6_addr32[3], destp, 1876 tw->tw_substate, 0, 0, 1877 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0, 1878 atomic_read(&tw->tw_refcnt), tw); 1879 } 1880 1881 static int tcp6_seq_show(struct seq_file *seq, void *v) 1882 { 1883 struct tcp_iter_state *st; 1884 1885 if (v == SEQ_START_TOKEN) { 1886 seq_puts(seq, 1887 " sl " 1888 "local_address " 1889 "remote_address " 1890 "st tx_queue rx_queue tr tm->when retrnsmt" 1891 " uid timeout inode\n"); 1892 goto out; 1893 } 1894 st = seq->private; 1895 1896 switch (st->state) { 1897 case TCP_SEQ_STATE_LISTENING: 1898 case TCP_SEQ_STATE_ESTABLISHED: 1899 get_tcp6_sock(seq, v, st->num); 1900 break; 1901 case TCP_SEQ_STATE_OPENREQ: 1902 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid); 1903 break; 1904 case TCP_SEQ_STATE_TIME_WAIT: 1905 get_timewait6_sock(seq, v, st->num); 1906 break; 1907 } 1908 out: 1909 return 0; 1910 } 1911 1912 static const struct file_operations tcp6_afinfo_seq_fops = { 1913 .owner = THIS_MODULE, 1914 .open = tcp_seq_open, 1915 .read = seq_read, 1916 .llseek = seq_lseek, 1917 .release = seq_release_net 1918 }; 1919 1920 static struct tcp_seq_afinfo tcp6_seq_afinfo = { 1921 .name = "tcp6", 1922 .family = AF_INET6, 1923 .seq_fops = &tcp6_afinfo_seq_fops, 1924 .seq_ops = { 1925 .show = tcp6_seq_show, 1926 }, 1927 }; 1928 1929 int __net_init tcp6_proc_init(struct net *net) 1930 { 1931 return tcp_proc_register(net, &tcp6_seq_afinfo); 1932 } 1933 1934 void tcp6_proc_exit(struct net *net) 1935 { 1936 tcp_proc_unregister(net, &tcp6_seq_afinfo); 1937 } 1938 #endif 1939 1940 struct proto tcpv6_prot = { 1941 .name = "TCPv6", 1942 .owner = THIS_MODULE, 1943 .close = tcp_close, 1944 .connect = tcp_v6_connect, 1945 .disconnect = tcp_disconnect, 1946 .accept = inet_csk_accept, 1947 .ioctl = tcp_ioctl, 1948 .init = tcp_v6_init_sock, 1949 .destroy = tcp_v6_destroy_sock, 1950 .shutdown = tcp_shutdown, 1951 .setsockopt = tcp_setsockopt, 1952 .getsockopt = tcp_getsockopt, 1953 .recvmsg = tcp_recvmsg, 1954 .sendmsg = tcp_sendmsg, 1955 .sendpage = tcp_sendpage, 1956 .backlog_rcv = tcp_v6_do_rcv, 1957 .release_cb = tcp_release_cb, 1958 .mtu_reduced = tcp_v6_mtu_reduced, 1959 .hash = tcp_v6_hash, 1960 .unhash = inet_unhash, 1961 .get_port = inet_csk_get_port, 1962 .enter_memory_pressure = tcp_enter_memory_pressure, 1963 .sockets_allocated = &tcp_sockets_allocated, 1964 .memory_allocated = &tcp_memory_allocated, 1965 .memory_pressure = &tcp_memory_pressure, 1966 .orphan_count = &tcp_orphan_count, 1967 .sysctl_wmem = sysctl_tcp_wmem, 1968 .sysctl_rmem = sysctl_tcp_rmem, 1969 .max_header = MAX_TCP_HEADER, 1970 .obj_size = sizeof(struct tcp6_sock), 1971 .slab_flags = SLAB_DESTROY_BY_RCU, 1972 .twsk_prot = &tcp6_timewait_sock_ops, 1973 .rsk_prot = &tcp6_request_sock_ops, 1974 .h.hashinfo = &tcp_hashinfo, 1975 .no_autobind = true, 1976 #ifdef CONFIG_COMPAT 1977 .compat_setsockopt = compat_tcp_setsockopt, 1978 .compat_getsockopt = compat_tcp_getsockopt, 1979 #endif 1980 #ifdef CONFIG_MEMCG_KMEM 1981 .proto_cgroup = tcp_proto_cgroup, 1982 #endif 1983 }; 1984 1985 static const struct inet6_protocol tcpv6_protocol = { 1986 .early_demux = tcp_v6_early_demux, 1987 .handler = tcp_v6_rcv, 1988 .err_handler = tcp_v6_err, 1989 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 1990 }; 1991 1992 static struct inet_protosw tcpv6_protosw = { 1993 .type = SOCK_STREAM, 1994 .protocol = IPPROTO_TCP, 1995 .prot = &tcpv6_prot, 1996 .ops = &inet6_stream_ops, 1997 .no_check = 0, 1998 .flags = INET_PROTOSW_PERMANENT | 1999 INET_PROTOSW_ICSK, 2000 }; 2001 2002 static int __net_init tcpv6_net_init(struct net *net) 2003 { 2004 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6, 2005 SOCK_RAW, IPPROTO_TCP, net); 2006 } 2007 2008 static void __net_exit tcpv6_net_exit(struct net *net) 2009 { 2010 inet_ctl_sock_destroy(net->ipv6.tcp_sk); 2011 } 2012 2013 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list) 2014 { 2015 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET6); 2016 } 2017 2018 static struct pernet_operations tcpv6_net_ops = { 2019 .init = tcpv6_net_init, 2020 .exit = tcpv6_net_exit, 2021 .exit_batch = tcpv6_net_exit_batch, 2022 }; 2023 2024 int __init tcpv6_init(void) 2025 { 2026 int ret; 2027 2028 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP); 2029 if (ret) 2030 goto out; 2031 2032 /* register inet6 protocol */ 2033 ret = inet6_register_protosw(&tcpv6_protosw); 2034 if (ret) 2035 goto out_tcpv6_protocol; 2036 2037 ret = register_pernet_subsys(&tcpv6_net_ops); 2038 if (ret) 2039 goto out_tcpv6_protosw; 2040 out: 2041 return ret; 2042 2043 out_tcpv6_protosw: 2044 inet6_unregister_protosw(&tcpv6_protosw); 2045 out_tcpv6_protocol: 2046 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2047 goto out; 2048 } 2049 2050 void tcpv6_exit(void) 2051 { 2052 unregister_pernet_subsys(&tcpv6_net_ops); 2053 inet6_unregister_protosw(&tcpv6_protosw); 2054 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2055 } 2056