Gitiles
Code Review Sign In
192.168.1.100 / T800 / 08a5868039568a63e6a85597bfbd7739f60b718a / . / src / kernel / linux / v4.19 / net / ipv6 / tcp_ipv6.c
blob: c5f4e89b6ff30fbb9b23b10b90b0cd7939c84cb4 [file] [log] [blame]
xjb04a4022021-11-25 15:01:52 +0800[diff] [blame]1/*
2 * TCP over IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * Based on:
9 * linux/net/ipv4/tcp.c
10 * linux/net/ipv4/tcp_input.c
11 * linux/net/ipv4/tcp_output.c
12 *
13 * Fixes:
14 * Hideaki YOSHIFUJI : sin6_scope_id support
15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
17 * a single port at the same time.
18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
19 *
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
24 */
25
26#include <linux/bottom_half.h>
27#include <linux/module.h>
28#include <linux/errno.h>
29#include <linux/types.h>
30#include <linux/socket.h>
31#include <linux/sockios.h>
32#include <linux/net.h>
33#include <linux/jiffies.h>
34#include <linux/in.h>
35#include <linux/in6.h>
36#include <linux/netdevice.h>
37#include <linux/init.h>
38#include <linux/jhash.h>
39#include <linux/ipsec.h>
40#include <linux/times.h>
41#include <linux/slab.h>
42#include <linux/uaccess.h>
43#include <linux/ipv6.h>
44#include <linux/icmpv6.h>
45#include <linux/random.h>
46
47#include <net/tcp.h>
48#include <net/ndisc.h>
49#include <net/inet6_hashtables.h>
50#include <net/inet6_connection_sock.h>
51#include <net/ipv6.h>
52#include <net/transp_v6.h>
53#include <net/addrconf.h>
54#include <net/ip6_route.h>
55#include <net/ip6_checksum.h>
56#include <net/inet_ecn.h>
57#include <net/protocol.h>
58#include <net/xfrm.h>
59#include <net/snmp.h>
60#include <net/dsfield.h>
61#include <net/timewait_sock.h>
62#include <net/inet_common.h>
63#include <net/secure_seq.h>
64#include <net/busy_poll.h>
65
66#include <linux/proc_fs.h>
67#include <linux/seq_file.h>
68
69#include <crypto/hash.h>
70#include <linux/scatterlist.h>
71
72#include <trace/events/tcp.h>
73
74static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb);
75static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
76 struct request_sock *req);
77
78static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
79
80static const struct inet_connection_sock_af_ops ipv6_mapped;
81static const struct inet_connection_sock_af_ops ipv6_specific;
82#ifdef CONFIG_TCP_MD5SIG
83static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
84static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
85#else
86static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
87 const struct in6_addr *addr)
88{
89 return NULL;
90}
91#endif
92
93static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
94{
95 struct dst_entry *dst = skb_dst(skb);
96
97 if (dst && dst_hold_safe(dst)) {
98 const struct rt6_info *rt = (const struct rt6_info *)dst;
99
100 sk->sk_rx_dst = dst;
101 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
102 inet6_sk(sk)->rx_dst_cookie = rt6_get_cookie(rt);
103 }
104}
105
106static u32 tcp_v6_init_seq(const struct sk_buff *skb)
107{
108 return secure_tcpv6_seq(ipv6_hdr(skb)->daddr.s6_addr32,
109 ipv6_hdr(skb)->saddr.s6_addr32,
110 tcp_hdr(skb)->dest,
111 tcp_hdr(skb)->source);
112}
113
114static u32 tcp_v6_init_ts_off(const struct net *net, const struct sk_buff *skb)
115{
116 return secure_tcpv6_ts_off(net, ipv6_hdr(skb)->daddr.s6_addr32,
117 ipv6_hdr(skb)->saddr.s6_addr32);
118}
119
120static int tcp_v6_pre_connect(struct sock *sk, struct sockaddr *uaddr,
121 int addr_len)
122{
123 /* This check is replicated from tcp_v6_connect() and intended to
124 * prevent BPF program called below from accessing bytes that are out
125 * of the bound specified by user in addr_len.
126 */
127 if (addr_len < SIN6_LEN_RFC2133)
128 return -EINVAL;
129
130 sock_owned_by_me(sk);
131
132 return BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr);
133}
134
135static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
136 int addr_len)
137{
138 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
139 struct inet_sock *inet = inet_sk(sk);
140 struct inet_connection_sock *icsk = inet_csk(sk);
141 struct ipv6_pinfo *np = inet6_sk(sk);
142 struct tcp_sock *tp = tcp_sk(sk);
143 struct in6_addr *saddr = NULL, *final_p, final;
144 struct ipv6_txoptions *opt;
145 struct flowi6 fl6;
146 struct dst_entry *dst;
147 int addr_type;
148 int err;
149 struct inet_timewait_death_row *tcp_death_row = &sock_net(sk)->ipv4.tcp_death_row;
150
151 if (addr_len < SIN6_LEN_RFC2133)
152 return -EINVAL;
153
154 if (usin->sin6_family != AF_INET6)
155 return -EAFNOSUPPORT;
156
157 memset(&fl6, 0, sizeof(fl6));
158
159 if (np->sndflow) {
160 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
161 IP6_ECN_flow_init(fl6.flowlabel);
162 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
163 struct ip6_flowlabel *flowlabel;
164 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
165 if (!flowlabel)
166 return -EINVAL;
167 fl6_sock_release(flowlabel);
168 }
169 }
170
171 /*
172 * connect() to INADDR_ANY means loopback (BSD'ism).
173 */
174
175 if (ipv6_addr_any(&usin->sin6_addr)) {
176 if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr))
177 ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK),
178 &usin->sin6_addr);
179 else
180 usin->sin6_addr = in6addr_loopback;
181 }
182
183 addr_type = ipv6_addr_type(&usin->sin6_addr);
184
185 if (addr_type & IPV6_ADDR_MULTICAST)
186 return -ENETUNREACH;
187
188 if (addr_type&IPV6_ADDR_LINKLOCAL) {
189 if (addr_len >= sizeof(struct sockaddr_in6) &&
190 usin->sin6_scope_id) {
191 /* If interface is set while binding, indices
192 * must coincide.
193 */
194 if (!sk_dev_equal_l3scope(sk, usin->sin6_scope_id))
195 return -EINVAL;
196
197 sk->sk_bound_dev_if = usin->sin6_scope_id;
198 }
199
200 /* Connect to link-local address requires an interface */
201 if (!sk->sk_bound_dev_if)
202 return -EINVAL;
203 }
204
205 if (tp->rx_opt.ts_recent_stamp &&
206 !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
207 tp->rx_opt.ts_recent = 0;
208 tp->rx_opt.ts_recent_stamp = 0;
209 tp->write_seq = 0;
210 }
211
212 sk->sk_v6_daddr = usin->sin6_addr;
213 np->flow_label = fl6.flowlabel;
214
215 /*
216 * TCP over IPv4
217 */
218
219 if (addr_type & IPV6_ADDR_MAPPED) {
220 u32 exthdrlen = icsk->icsk_ext_hdr_len;
221 struct sockaddr_in sin;
222
223 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
224
225 if (__ipv6_only_sock(sk))
226 return -ENETUNREACH;
227
228 sin.sin_family = AF_INET;
229 sin.sin_port = usin->sin6_port;
230 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
231
232 icsk->icsk_af_ops = &ipv6_mapped;
233 sk->sk_backlog_rcv = tcp_v4_do_rcv;
234#ifdef CONFIG_TCP_MD5SIG
235 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
236#endif
237
238 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
239
240 if (err) {
241 icsk->icsk_ext_hdr_len = exthdrlen;
242 icsk->icsk_af_ops = &ipv6_specific;
243 sk->sk_backlog_rcv = tcp_v6_do_rcv;
244#ifdef CONFIG_TCP_MD5SIG
245 tp->af_specific = &tcp_sock_ipv6_specific;
246#endif
247 goto failure;
248 }
249 np->saddr = sk->sk_v6_rcv_saddr;
250
251 return err;
252 }
253
254 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
255 saddr = &sk->sk_v6_rcv_saddr;
256
257 fl6.flowi6_proto = IPPROTO_TCP;
258 fl6.daddr = sk->sk_v6_daddr;
259 fl6.saddr = saddr ? *saddr : np->saddr;
260 fl6.flowi6_oif = sk->sk_bound_dev_if;
261 fl6.flowi6_mark = sk->sk_mark;
262 fl6.fl6_dport = usin->sin6_port;
263 fl6.fl6_sport = inet->inet_sport;
264 fl6.flowi6_uid = sk->sk_uid;
265
266 opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
267 final_p = fl6_update_dst(&fl6, opt, &final);
268
269 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
270
271 dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
272 if (IS_ERR(dst)) {
273 err = PTR_ERR(dst);
274 goto failure;
275 }
276
277 if (!saddr) {
278 saddr = &fl6.saddr;
279 sk->sk_v6_rcv_saddr = *saddr;
280 }
281
282 /* set the source address */
283 np->saddr = *saddr;
284 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
285
286 sk->sk_gso_type = SKB_GSO_TCPV6;
287 ip6_dst_store(sk, dst, NULL, NULL);
288
289 icsk->icsk_ext_hdr_len = 0;
290 if (opt)
291 icsk->icsk_ext_hdr_len = opt->opt_flen +
292 opt->opt_nflen;
293
294 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
295
296 inet->inet_dport = usin->sin6_port;
297
298 tcp_set_state(sk, TCP_SYN_SENT);
299 err = inet6_hash_connect(tcp_death_row, sk);
300 if (err)
301 goto late_failure;
302
303 sk_set_txhash(sk);
304
305 if (likely(!tp->repair)) {
306 if (!tp->write_seq)
307 tp->write_seq = secure_tcpv6_seq(np->saddr.s6_addr32,
308 sk->sk_v6_daddr.s6_addr32,
309 inet->inet_sport,
310 inet->inet_dport);
311 tp->tsoffset = secure_tcpv6_ts_off(sock_net(sk),
312 np->saddr.s6_addr32,
313 sk->sk_v6_daddr.s6_addr32);
314 }
315
316 if (tcp_fastopen_defer_connect(sk, &err))
317 return err;
318 if (err)
319 goto late_failure;
320
321 err = tcp_connect(sk);
322 if (err)
323 goto late_failure;
324
325 return 0;
326
327late_failure:
328 tcp_set_state(sk, TCP_CLOSE);
329failure:
330 inet->inet_dport = 0;
331 sk->sk_route_caps = 0;
332 return err;
333}
334
335static void tcp_v6_mtu_reduced(struct sock *sk)
336{
337 struct dst_entry *dst;
338
339 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
340 return;
341
342 dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info);
343 if (!dst)
344 return;
345
346 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
347 tcp_sync_mss(sk, dst_mtu(dst));
348 tcp_simple_retransmit(sk);
349 }
350}
351
352static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
353 u8 type, u8 code, int offset, __be32 info)
354{
355 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
356 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
357 struct net *net = dev_net(skb->dev);
358 struct request_sock *fastopen;
359 struct ipv6_pinfo *np;
360 struct tcp_sock *tp;
361 __u32 seq, snd_una;
362 struct sock *sk;
363 bool fatal;
364 int err;
365
366 sk = __inet6_lookup_established(net, &tcp_hashinfo,
367 &hdr->daddr, th->dest,
368 &hdr->saddr, ntohs(th->source),
369 skb->dev->ifindex, inet6_sdif(skb));
370
371 if (!sk) {
372 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev),
373 ICMP6_MIB_INERRORS);
374 return;
375 }
376
377 if (sk->sk_state == TCP_TIME_WAIT) {
378 inet_twsk_put(inet_twsk(sk));
379 return;
380 }
381 seq = ntohl(th->seq);
382 fatal = icmpv6_err_convert(type, code, &err);
383 if (sk->sk_state == TCP_NEW_SYN_RECV)
384 return tcp_req_err(sk, seq, fatal);
385
386 bh_lock_sock(sk);
387 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
388 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS);
389
390 if (sk->sk_state == TCP_CLOSE)
391 goto out;
392
393 if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) {
394 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
395 goto out;
396 }
397
398 tp = tcp_sk(sk);
399 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
400 fastopen = tp->fastopen_rsk;
401 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
402 if (sk->sk_state != TCP_LISTEN &&
403 !between(seq, snd_una, tp->snd_nxt)) {
404 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
405 goto out;
406 }
407
408 np = inet6_sk(sk);
409
410 if (type == NDISC_REDIRECT) {
411 if (!sock_owned_by_user(sk)) {
412 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
413
414 if (dst)
415 dst->ops->redirect(dst, sk, skb);
416 }
417 goto out;
418 }
419
420 if (type == ICMPV6_PKT_TOOBIG) {
421 /* We are not interested in TCP_LISTEN and open_requests
422 * (SYN-ACKs send out by Linux are always <576bytes so
423 * they should go through unfragmented).
424 */
425 if (sk->sk_state == TCP_LISTEN)
426 goto out;
427
428 if (!ip6_sk_accept_pmtu(sk))
429 goto out;
430
431 tp->mtu_info = ntohl(info);
432 if (!sock_owned_by_user(sk))
433 tcp_v6_mtu_reduced(sk);
434 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
435 &sk->sk_tsq_flags))
436 sock_hold(sk);
437 goto out;
438 }
439
440
441 /* Might be for an request_sock */
442 switch (sk->sk_state) {
443 case TCP_SYN_SENT:
444 case TCP_SYN_RECV:
445 /* Only in fast or simultaneous open. If a fast open socket is
446 * is already accepted it is treated as a connected one below.
447 */
448 if (fastopen && !fastopen->sk)
449 break;
450
451 if (!sock_owned_by_user(sk)) {
452 sk->sk_err = err;
453 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
454
455 tcp_done(sk);
456 } else
457 sk->sk_err_soft = err;
458 goto out;
459 }
460
461 if (!sock_owned_by_user(sk) && np->recverr) {
462 sk->sk_err = err;
463 sk->sk_error_report(sk);
464 } else
465 sk->sk_err_soft = err;
466
467out:
468 bh_unlock_sock(sk);
469 sock_put(sk);
470}
471
472
473static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst,
474 struct flowi *fl,
475 struct request_sock *req,
476 struct tcp_fastopen_cookie *foc,
477 enum tcp_synack_type synack_type)
478{
479 struct inet_request_sock *ireq = inet_rsk(req);
480 struct ipv6_pinfo *np = inet6_sk(sk);
481 struct ipv6_txoptions *opt;
482 struct flowi6 *fl6 = &fl->u.ip6;
483 struct sk_buff *skb;
484 int err = -ENOMEM;
485
486 /* First, grab a route. */
487 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req,
488 IPPROTO_TCP)) == NULL)
489 goto done;
490
491 skb = tcp_make_synack(sk, dst, req, foc, synack_type);
492
493 if (skb) {
494 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
495 &ireq->ir_v6_rmt_addr);
496
497 fl6->daddr = ireq->ir_v6_rmt_addr;
498 if (np->repflow && ireq->pktopts)
499 fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
500
501 rcu_read_lock();
502 opt = ireq->ipv6_opt;
503 if (!opt)
504 opt = rcu_dereference(np->opt);
505 err = ip6_xmit(sk, skb, fl6, sk->sk_mark, opt, np->tclass);
506 rcu_read_unlock();
507 err = net_xmit_eval(err);
508 }
509
510done:
511 return err;
512}
513
514
515static void tcp_v6_reqsk_destructor(struct request_sock *req)
516{
517 kfree(inet_rsk(req)->ipv6_opt);
518 kfree_skb(inet_rsk(req)->pktopts);
519}
520
521#ifdef CONFIG_TCP_MD5SIG
522static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
523 const struct in6_addr *addr)
524{
525 return tcp_md5_do_lookup(sk, (union tcp_md5_addr *)addr, AF_INET6);
526}
527
528static struct tcp_md5sig_key *tcp_v6_md5_lookup(const struct sock *sk,
529 const struct sock *addr_sk)
530{
531 return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr);
532}
533
534static int tcp_v6_parse_md5_keys(struct sock *sk, int optname,
535 char __user *optval, int optlen)
536{
537 struct tcp_md5sig cmd;
538 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
539 u8 prefixlen;
540
541 if (optlen < sizeof(cmd))
542 return -EINVAL;
543
544 if (copy_from_user(&cmd, optval, sizeof(cmd)))
545 return -EFAULT;
546
547 if (sin6->sin6_family != AF_INET6)
548 return -EINVAL;
549
550 if (optname == TCP_MD5SIG_EXT &&
551 cmd.tcpm_flags & TCP_MD5SIG_FLAG_PREFIX) {
552 prefixlen = cmd.tcpm_prefixlen;
553 if (prefixlen > 128 || (ipv6_addr_v4mapped(&sin6->sin6_addr) &&
554 prefixlen > 32))
555 return -EINVAL;
556 } else {
557 prefixlen = ipv6_addr_v4mapped(&sin6->sin6_addr) ? 32 : 128;
558 }
559
560 if (!cmd.tcpm_keylen) {
561 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
562 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
563 AF_INET, prefixlen);
564 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
565 AF_INET6, prefixlen);
566 }
567
568 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
569 return -EINVAL;
570
571 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
572 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
573 AF_INET, prefixlen, cmd.tcpm_key,
574 cmd.tcpm_keylen, GFP_KERNEL);
575
576 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
577 AF_INET6, prefixlen, cmd.tcpm_key,
578 cmd.tcpm_keylen, GFP_KERNEL);
579}
580
581static int tcp_v6_md5_hash_headers(struct tcp_md5sig_pool *hp,
582 const struct in6_addr *daddr,
583 const struct in6_addr *saddr,
584 const struct tcphdr *th, int nbytes)
585{
586 struct tcp6_pseudohdr *bp;
587 struct scatterlist sg;
588 struct tcphdr *_th;
589
590 bp = hp->scratch;
591 /* 1. TCP pseudo-header (RFC2460) */
592 bp->saddr = *saddr;
593 bp->daddr = *daddr;
594 bp->protocol = cpu_to_be32(IPPROTO_TCP);
595 bp->len = cpu_to_be32(nbytes);
596
597 _th = (struct tcphdr *)(bp + 1);
598 memcpy(_th, th, sizeof(*th));
599 _th->check = 0;
600
601 sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th));
602 ahash_request_set_crypt(hp->md5_req, &sg, NULL,
603 sizeof(*bp) + sizeof(*th));
604 return crypto_ahash_update(hp->md5_req);
605}
606
607static int tcp_v6_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
608 const struct in6_addr *daddr, struct in6_addr *saddr,
609 const struct tcphdr *th)
610{
611 struct tcp_md5sig_pool *hp;
612 struct ahash_request *req;
613
614 hp = tcp_get_md5sig_pool();
615 if (!hp)
616 goto clear_hash_noput;
617 req = hp->md5_req;
618
619 if (crypto_ahash_init(req))
620 goto clear_hash;
621 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, th->doff << 2))
622 goto clear_hash;
623 if (tcp_md5_hash_key(hp, key))
624 goto clear_hash;
625 ahash_request_set_crypt(req, NULL, md5_hash, 0);
626 if (crypto_ahash_final(req))
627 goto clear_hash;
628
629 tcp_put_md5sig_pool();
630 return 0;
631
632clear_hash:
633 tcp_put_md5sig_pool();
634clear_hash_noput:
635 memset(md5_hash, 0, 16);
636 return 1;
637}
638
639static int tcp_v6_md5_hash_skb(char *md5_hash,
640 const struct tcp_md5sig_key *key,
641 const struct sock *sk,
642 const struct sk_buff *skb)
643{
644 const struct in6_addr *saddr, *daddr;
645 struct tcp_md5sig_pool *hp;
646 struct ahash_request *req;
647 const struct tcphdr *th = tcp_hdr(skb);
648
649 if (sk) { /* valid for establish/request sockets */
650 saddr = &sk->sk_v6_rcv_saddr;
651 daddr = &sk->sk_v6_daddr;
652 } else {
653 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
654 saddr = &ip6h->saddr;
655 daddr = &ip6h->daddr;
656 }
657
658 hp = tcp_get_md5sig_pool();
659 if (!hp)
660 goto clear_hash_noput;
661 req = hp->md5_req;
662
663 if (crypto_ahash_init(req))
664 goto clear_hash;
665
666 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, skb->len))
667 goto clear_hash;
668 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
669 goto clear_hash;
670 if (tcp_md5_hash_key(hp, key))
671 goto clear_hash;
672 ahash_request_set_crypt(req, NULL, md5_hash, 0);
673 if (crypto_ahash_final(req))
674 goto clear_hash;
675
676 tcp_put_md5sig_pool();
677 return 0;
678
679clear_hash:
680 tcp_put_md5sig_pool();
681clear_hash_noput:
682 memset(md5_hash, 0, 16);
683 return 1;
684}
685
686#endif
687
688static bool tcp_v6_inbound_md5_hash(const struct sock *sk,
689 const struct sk_buff *skb)
690{
691#ifdef CONFIG_TCP_MD5SIG
692 const __u8 *hash_location = NULL;
693 struct tcp_md5sig_key *hash_expected;
694 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
695 const struct tcphdr *th = tcp_hdr(skb);
696 int genhash;
697 u8 newhash[16];
698
699 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
700 hash_location = tcp_parse_md5sig_option(th);
701
702 /* We've parsed the options - do we have a hash? */
703 if (!hash_expected && !hash_location)
704 return false;
705
706 if (hash_expected && !hash_location) {
707 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
708 return true;
709 }
710
711 if (!hash_expected && hash_location) {
712 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
713 return true;
714 }
715
716 /* check the signature */
717 genhash = tcp_v6_md5_hash_skb(newhash,
718 hash_expected,
719 NULL, skb);
720
721 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
722 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5FAILURE);
723 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
724 genhash ? "failed" : "mismatch",
725 &ip6h->saddr, ntohs(th->source),
726 &ip6h->daddr, ntohs(th->dest));
727 return true;
728 }
729#endif
730 return false;
731}
732
733static void tcp_v6_init_req(struct request_sock *req,
734 const struct sock *sk_listener,
735 struct sk_buff *skb)
736{
737 bool l3_slave = ipv6_l3mdev_skb(TCP_SKB_CB(skb)->header.h6.flags);
738 struct inet_request_sock *ireq = inet_rsk(req);
739 const struct ipv6_pinfo *np = inet6_sk(sk_listener);
740
741 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
742 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
743
744 /* So that link locals have meaning */
745 if ((!sk_listener->sk_bound_dev_if || l3_slave) &&
746 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
747 ireq->ir_iif = tcp_v6_iif(skb);
748
749 if (!TCP_SKB_CB(skb)->tcp_tw_isn &&
750 (ipv6_opt_accepted(sk_listener, skb, &TCP_SKB_CB(skb)->header.h6) ||
751 np->rxopt.bits.rxinfo ||
752 np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim ||
753 np->rxopt.bits.rxohlim || np->repflow)) {
754 refcount_inc(&skb->users);
755 ireq->pktopts = skb;
756 }
757}
758
759static struct dst_entry *tcp_v6_route_req(const struct sock *sk,
760 struct flowi *fl,
761 const struct request_sock *req)
762{
763 return inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP);
764}
765
766struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
767 .family = AF_INET6,
768 .obj_size = sizeof(struct tcp6_request_sock),
769 .rtx_syn_ack = tcp_rtx_synack,
770 .send_ack = tcp_v6_reqsk_send_ack,
771 .destructor = tcp_v6_reqsk_destructor,
772 .send_reset = tcp_v6_send_reset,
773 .syn_ack_timeout = tcp_syn_ack_timeout,
774};
775
776static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
777 .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) -
778 sizeof(struct ipv6hdr),
779#ifdef CONFIG_TCP_MD5SIG
780 .req_md5_lookup = tcp_v6_md5_lookup,
781 .calc_md5_hash = tcp_v6_md5_hash_skb,
782#endif
783 .init_req = tcp_v6_init_req,
784#ifdef CONFIG_SYN_COOKIES
785 .cookie_init_seq = cookie_v6_init_sequence,
786#endif
787 .route_req = tcp_v6_route_req,
788 .init_seq = tcp_v6_init_seq,
789 .init_ts_off = tcp_v6_init_ts_off,
790 .send_synack = tcp_v6_send_synack,
791};
792
793static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 seq,
794 u32 ack, u32 win, u32 tsval, u32 tsecr,
795 int oif, struct tcp_md5sig_key *key, int rst,
796 u8 tclass, __be32 label)
797{
798 const struct tcphdr *th = tcp_hdr(skb);
799 struct tcphdr *t1;
800 struct sk_buff *buff;
801 struct flowi6 fl6;
802 struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
803 struct sock *ctl_sk = net->ipv6.tcp_sk;
804 unsigned int tot_len = sizeof(struct tcphdr);
805 struct dst_entry *dst;
806 __be32 *topt;
807 __u32 mark = 0;
808
809 if (tsecr)
810 tot_len += TCPOLEN_TSTAMP_ALIGNED;
811#ifdef CONFIG_TCP_MD5SIG
812 if (key)
813 tot_len += TCPOLEN_MD5SIG_ALIGNED;
814#endif
815
816 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
817 GFP_ATOMIC);
818 if (!buff)
819 return;
820
821 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
822
823 t1 = skb_push(buff, tot_len);
824 skb_reset_transport_header(buff);
825
826 /* Swap the send and the receive. */
827 memset(t1, 0, sizeof(*t1));
828 t1->dest = th->source;
829 t1->source = th->dest;
830 t1->doff = tot_len / 4;
831 t1->seq = htonl(seq);
832 t1->ack_seq = htonl(ack);
833 t1->ack = !rst || !th->ack;
834 t1->rst = rst;
835 t1->window = htons(win);
836
837 topt = (__be32 *)(t1 + 1);
838
839 if (tsecr) {
840 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
841 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
842 *topt++ = htonl(tsval);
843 *topt++ = htonl(tsecr);
844 }
845
846#ifdef CONFIG_TCP_MD5SIG
847 if (key) {
848 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
849 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
850 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
851 &ipv6_hdr(skb)->saddr,
852 &ipv6_hdr(skb)->daddr, t1);
853 }
854#endif
855
856 memset(&fl6, 0, sizeof(fl6));
857 fl6.daddr = ipv6_hdr(skb)->saddr;
858 fl6.saddr = ipv6_hdr(skb)->daddr;
859 fl6.flowlabel = label;
860
861 buff->ip_summed = CHECKSUM_PARTIAL;
862 buff->csum = 0;
863
864 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
865
866 fl6.flowi6_proto = IPPROTO_TCP;
867 if (rt6_need_strict(&fl6.daddr) && !oif)
868 fl6.flowi6_oif = tcp_v6_iif(skb);
869 else {
870 if (!oif && netif_index_is_l3_master(net, skb->skb_iif))
871 oif = skb->skb_iif;
872
873 fl6.flowi6_oif = oif;
874 }
875
876 if (sk)
877 mark = (sk->sk_state == TCP_TIME_WAIT) ?
878 inet_twsk(sk)->tw_mark : sk->sk_mark;
879 fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark) ?: mark;
880 fl6.fl6_dport = t1->dest;
881 fl6.fl6_sport = t1->source;
882 fl6.flowi6_uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL);
883 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
884
885 /* Pass a socket to ip6_dst_lookup either it is for RST
886 * Underlying function will use this to retrieve the network
887 * namespace
888 */
889 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
890 if (!IS_ERR(dst)) {
891 skb_dst_set(buff, dst);
892 ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL, tclass);
893 TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
894 if (rst)
895 TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
896 return;
897 }
898
899 kfree_skb(buff);
900}
901
902static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb)
903{
904 const struct tcphdr *th = tcp_hdr(skb);
905 u32 seq = 0, ack_seq = 0;
906 struct tcp_md5sig_key *key = NULL;
907#ifdef CONFIG_TCP_MD5SIG
908 const __u8 *hash_location = NULL;
909 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
910 unsigned char newhash[16];
911 int genhash;
912 struct sock *sk1 = NULL;
913#endif
914 int oif = 0;
915
916 if (th->rst)
917 return;
918
919 /* If sk not NULL, it means we did a successful lookup and incoming
920 * route had to be correct. prequeue might have dropped our dst.
921 */
922 if (!sk && !ipv6_unicast_destination(skb))
923 return;
924
925#ifdef CONFIG_TCP_MD5SIG
926 rcu_read_lock();
927 hash_location = tcp_parse_md5sig_option(th);
928 if (sk && sk_fullsock(sk)) {
929 key = tcp_v6_md5_do_lookup(sk, &ipv6h->saddr);
930 } else if (hash_location) {
931 /*
932 * active side is lost. Try to find listening socket through
933 * source port, and then find md5 key through listening socket.
934 * we are not loose security here:
935 * Incoming packet is checked with md5 hash with finding key,
936 * no RST generated if md5 hash doesn't match.
937 */
938 sk1 = inet6_lookup_listener(dev_net(skb_dst(skb)->dev),
939 &tcp_hashinfo, NULL, 0,
940 &ipv6h->saddr,
941 th->source, &ipv6h->daddr,
942 ntohs(th->source),
943 tcp_v6_iif_l3_slave(skb),
944 tcp_v6_sdif(skb));
945 if (!sk1)
946 goto out;
947
948 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr);
949 if (!key)
950 goto out;
951
952 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, skb);
953 if (genhash || memcmp(hash_location, newhash, 16) != 0)
954 goto out;
955 }
956#endif
957
958 if (th->ack)
959 seq = ntohl(th->ack_seq);
960 else
961 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
962 (th->doff << 2);
963
964 if (sk) {
965 oif = sk->sk_bound_dev_if;
966 if (sk_fullsock(sk))
967 trace_tcp_send_reset(sk, skb);
968 }
969
970 tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, key, 1, 0, 0);
971
972#ifdef CONFIG_TCP_MD5SIG
973out:
974 rcu_read_unlock();
975#endif
976}
977
978static void tcp_v6_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq,
979 u32 ack, u32 win, u32 tsval, u32 tsecr, int oif,
980 struct tcp_md5sig_key *key, u8 tclass,
981 __be32 label)
982{
983 tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, key, 0,
984 tclass, label);
985}
986
987static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
988{
989 struct inet_timewait_sock *tw = inet_twsk(sk);
990 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
991
992 tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
993 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
994 tcp_time_stamp_raw() + tcptw->tw_ts_offset,
995 tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw),
996 tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel));
997
998 inet_twsk_put(tw);
999}
1000
1001static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
1002 struct request_sock *req)
1003{
1004 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
1005 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
1006 */
1007 /* RFC 7323 2.3
1008 * The window field (SEG.WND) of every outgoing segment, with the
1009 * exception of <SYN> segments, MUST be right-shifted by
1010 * Rcv.Wind.Shift bits:
1011 */
1012 tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ?
1013 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
1014 tcp_rsk(req)->rcv_nxt,
1015 req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale,
1016 tcp_time_stamp_raw() + tcp_rsk(req)->ts_off,
1017 req->ts_recent, sk->sk_bound_dev_if,
1018 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->saddr),
1019 0, 0);
1020}
1021
1022
1023static struct sock *tcp_v6_cookie_check(struct sock *sk, struct sk_buff *skb)
1024{
1025#ifdef CONFIG_SYN_COOKIES
1026 const struct tcphdr *th = tcp_hdr(skb);
1027
1028 if (!th->syn)
1029 sk = cookie_v6_check(sk, skb);
1030#endif
1031 return sk;
1032}
1033
1034static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1035{
1036 if (skb->protocol == htons(ETH_P_IP))
1037 return tcp_v4_conn_request(sk, skb);
1038
1039 if (!ipv6_unicast_destination(skb))
1040 goto drop;
1041
1042 return tcp_conn_request(&tcp6_request_sock_ops,
1043 &tcp_request_sock_ipv6_ops, sk, skb);
1044
1045drop:
1046 tcp_listendrop(sk);
1047 return 0; /* don't send reset */
1048}
1049
1050static void tcp_v6_restore_cb(struct sk_buff *skb)
1051{
1052 /* We need to move header back to the beginning if xfrm6_policy_check()
1053 * and tcp_v6_fill_cb() are going to be called again.
1054 * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there.
1055 */
1056 memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
1057 sizeof(struct inet6_skb_parm));
1058}
1059
1060static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
1061 struct request_sock *req,
1062 struct dst_entry *dst,
1063 struct request_sock *req_unhash,
1064 bool *own_req)
1065{
1066 struct inet_request_sock *ireq;
1067 struct ipv6_pinfo *newnp;
1068 const struct ipv6_pinfo *np = inet6_sk(sk);
1069 struct ipv6_txoptions *opt;
1070 struct tcp6_sock *newtcp6sk;
1071 struct inet_sock *newinet;
1072 struct tcp_sock *newtp;
1073 struct sock *newsk;
1074#ifdef CONFIG_TCP_MD5SIG
1075 struct tcp_md5sig_key *key;
1076#endif
1077 struct flowi6 fl6;
1078
1079 if (skb->protocol == htons(ETH_P_IP)) {
1080 /*
1081 * v6 mapped
1082 */
1083
1084 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst,
1085 req_unhash, own_req);
1086
1087 if (!newsk)
1088 return NULL;
1089
1090 newtcp6sk = (struct tcp6_sock *)newsk;
1091 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1092
1093 newinet = inet_sk(newsk);
1094 newnp = inet6_sk(newsk);
1095 newtp = tcp_sk(newsk);
1096
1097 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1098
1099 newnp->saddr = newsk->sk_v6_rcv_saddr;
1100
1101 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1102 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1103#ifdef CONFIG_TCP_MD5SIG
1104 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1105#endif
1106
1107 newnp->ipv6_mc_list = NULL;
1108 newnp->ipv6_ac_list = NULL;
1109 newnp->ipv6_fl_list = NULL;
1110 newnp->pktoptions = NULL;
1111 newnp->opt = NULL;
1112 newnp->mcast_oif = inet_iif(skb);
1113 newnp->mcast_hops = ip_hdr(skb)->ttl;
1114 newnp->rcv_flowinfo = 0;
1115 if (np->repflow)
1116 newnp->flow_label = 0;
1117
1118 /*
1119 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1120 * here, tcp_create_openreq_child now does this for us, see the comment in
1121 * that function for the gory details. -acme
1122 */
1123
1124 /* It is tricky place. Until this moment IPv4 tcp
1125 worked with IPv6 icsk.icsk_af_ops.
1126 Sync it now.
1127 */
1128 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1129
1130 return newsk;
1131 }
1132
1133 ireq = inet_rsk(req);
1134
1135 if (sk_acceptq_is_full(sk))
1136 goto out_overflow;
1137
1138 if (!dst) {
1139 dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_TCP);
1140 if (!dst)
1141 goto out;
1142 }
1143
1144 newsk = tcp_create_openreq_child(sk, req, skb);
1145 if (!newsk)
1146 goto out_nonewsk;
1147
1148 /*
1149 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1150 * count here, tcp_create_openreq_child now does this for us, see the
1151 * comment in that function for the gory details. -acme
1152 */
1153
1154 newsk->sk_gso_type = SKB_GSO_TCPV6;
1155 ip6_dst_store(newsk, dst, NULL, NULL);
1156 inet6_sk_rx_dst_set(newsk, skb);
1157
1158 newtcp6sk = (struct tcp6_sock *)newsk;
1159 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1160
1161 newtp = tcp_sk(newsk);
1162 newinet = inet_sk(newsk);
1163 newnp = inet6_sk(newsk);
1164
1165 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1166
1167 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
1168 newnp->saddr = ireq->ir_v6_loc_addr;
1169 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
1170 newsk->sk_bound_dev_if = ireq->ir_iif;
1171
1172 /* Now IPv6 options...
1173
1174 First: no IPv4 options.
1175 */
1176 newinet->inet_opt = NULL;
1177 newnp->ipv6_mc_list = NULL;
1178 newnp->ipv6_ac_list = NULL;
1179 newnp->ipv6_fl_list = NULL;
1180
1181 /* Clone RX bits */
1182 newnp->rxopt.all = np->rxopt.all;
1183
1184 newnp->pktoptions = NULL;
1185 newnp->opt = NULL;
1186 newnp->mcast_oif = tcp_v6_iif(skb);
1187 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1188 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1189 if (np->repflow)
1190 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1191
1192 /* Clone native IPv6 options from listening socket (if any)
1193
1194 Yes, keeping reference count would be much more clever,
1195 but we make one more one thing there: reattach optmem
1196 to newsk.
1197 */
1198 opt = ireq->ipv6_opt;
1199 if (!opt)
1200 opt = rcu_dereference(np->opt);
1201 if (opt) {
1202 opt = ipv6_dup_options(newsk, opt);
1203 RCU_INIT_POINTER(newnp->opt, opt);
1204 }
1205 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1206 if (opt)
1207 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen +
1208 opt->opt_flen;
1209
1210 tcp_ca_openreq_child(newsk, dst);
1211
1212 tcp_sync_mss(newsk, dst_mtu(dst));
1213 newtp->advmss = tcp_mss_clamp(tcp_sk(sk), dst_metric_advmss(dst));
1214
1215 tcp_initialize_rcv_mss(newsk);
1216
1217 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1218 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1219
1220#ifdef CONFIG_TCP_MD5SIG
1221 /* Copy over the MD5 key from the original socket */
1222 key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr);
1223 if (key) {
1224 /* We're using one, so create a matching key
1225 * on the newsk structure. If we fail to get
1226 * memory, then we end up not copying the key
1227 * across. Shucks.
1228 */
1229 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr,
1230 AF_INET6, 128, key->key, key->keylen,
1231 sk_gfp_mask(sk, GFP_ATOMIC));
1232 }
1233#endif
1234
1235 if (__inet_inherit_port(sk, newsk) < 0) {
1236 inet_csk_prepare_forced_close(newsk);
1237 tcp_done(newsk);
1238 goto out;
1239 }
1240 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash));
1241 if (*own_req) {
1242 tcp_move_syn(newtp, req);
1243
1244 /* Clone pktoptions received with SYN, if we own the req */
1245 if (ireq->pktopts) {
1246 newnp->pktoptions = skb_clone(ireq->pktopts,
1247 sk_gfp_mask(sk, GFP_ATOMIC));
1248 consume_skb(ireq->pktopts);
1249 ireq->pktopts = NULL;
1250 if (newnp->pktoptions) {
1251 tcp_v6_restore_cb(newnp->pktoptions);
1252 skb_set_owner_r(newnp->pktoptions, newsk);
1253 }
1254 }
1255 }
1256
1257 return newsk;
1258
1259out_overflow:
1260 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1261out_nonewsk:
1262 dst_release(dst);
1263out:
1264 tcp_listendrop(sk);
1265 return NULL;
1266}
1267
1268/* The socket must have it's spinlock held when we get
1269 * here, unless it is a TCP_LISTEN socket.
1270 *
1271 * We have a potential double-lock case here, so even when
1272 * doing backlog processing we use the BH locking scheme.
1273 * This is because we cannot sleep with the original spinlock
1274 * held.
1275 */
1276static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1277{
1278 struct ipv6_pinfo *np = inet6_sk(sk);
1279 struct tcp_sock *tp;
1280 struct sk_buff *opt_skb = NULL;
1281
1282 /* Imagine: socket is IPv6. IPv4 packet arrives,
1283 goes to IPv4 receive handler and backlogged.
1284 From backlog it always goes here. Kerboom...
1285 Fortunately, tcp_rcv_established and rcv_established
1286 handle them correctly, but it is not case with
1287 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1288 */
1289
1290 if (skb->protocol == htons(ETH_P_IP))
1291 return tcp_v4_do_rcv(sk, skb);
1292
1293 /*
1294 * socket locking is here for SMP purposes as backlog rcv
1295 * is currently called with bh processing disabled.
1296 */
1297
1298 /* Do Stevens' IPV6_PKTOPTIONS.
1299
1300 Yes, guys, it is the only place in our code, where we
1301 may make it not affecting IPv4.
1302 The rest of code is protocol independent,
1303 and I do not like idea to uglify IPv4.
1304
1305 Actually, all the idea behind IPV6_PKTOPTIONS
1306 looks not very well thought. For now we latch
1307 options, received in the last packet, enqueued
1308 by tcp. Feel free to propose better solution.
1309 --ANK (980728)
1310 */
1311 if (np->rxopt.all)
1312 opt_skb = skb_clone(skb, sk_gfp_mask(sk, GFP_ATOMIC));
1313
1314 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1315 struct dst_entry *dst = sk->sk_rx_dst;
1316
1317 sock_rps_save_rxhash(sk, skb);
1318 sk_mark_napi_id(sk, skb);
1319 if (dst) {
1320 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
1321 dst->ops->check(dst, np->rx_dst_cookie) == NULL) {
1322 dst_release(dst);
1323 sk->sk_rx_dst = NULL;
1324 }
1325 }
1326
1327 tcp_rcv_established(sk, skb);
1328 if (opt_skb)
1329 goto ipv6_pktoptions;
1330 return 0;
1331 }
1332
1333 if (tcp_checksum_complete(skb))
1334 goto csum_err;
1335
1336 if (sk->sk_state == TCP_LISTEN) {
1337 struct sock *nsk = tcp_v6_cookie_check(sk, skb);
1338
1339 if (!nsk)
1340 goto discard;
1341
1342 if (nsk != sk) {
1343 if (tcp_child_process(sk, nsk, skb))
1344 goto reset;
1345 if (opt_skb)
1346 __kfree_skb(opt_skb);
1347 return 0;
1348 }
1349 } else
1350 sock_rps_save_rxhash(sk, skb);
1351
1352 if (tcp_rcv_state_process(sk, skb))
1353 goto reset;
1354 if (opt_skb)
1355 goto ipv6_pktoptions;
1356 return 0;
1357
1358reset:
1359 tcp_v6_send_reset(sk, skb);
1360discard:
1361 if (opt_skb)
1362 __kfree_skb(opt_skb);
1363 kfree_skb(skb);
1364 return 0;
1365csum_err:
1366 TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS);
1367 TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS);
1368 goto discard;
1369
1370
1371ipv6_pktoptions:
1372 /* Do you ask, what is it?
1373
1374 1. skb was enqueued by tcp.
1375 2. skb is added to tail of read queue, rather than out of order.
1376 3. socket is not in passive state.
1377 4. Finally, it really contains options, which user wants to receive.
1378 */
1379 tp = tcp_sk(sk);
1380 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1381 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1382 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1383 np->mcast_oif = tcp_v6_iif(opt_skb);
1384 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1385 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1386 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
1387 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
1388 if (np->repflow)
1389 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
1390 if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) {
1391 skb_set_owner_r(opt_skb, sk);
1392 tcp_v6_restore_cb(opt_skb);
1393 opt_skb = xchg(&np->pktoptions, opt_skb);
1394 } else {
1395 __kfree_skb(opt_skb);
1396 opt_skb = xchg(&np->pktoptions, NULL);
1397 }
1398 }
1399
1400 kfree_skb(opt_skb);
1401 return 0;
1402}
1403
1404static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
1405 const struct tcphdr *th)
1406{
1407 /* This is tricky: we move IP6CB at its correct location into
1408 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
1409 * _decode_session6() uses IP6CB().
1410 * barrier() makes sure compiler won't play aliasing games.
1411 */
1412 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
1413 sizeof(struct inet6_skb_parm));
1414 barrier();
1415
1416 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1417 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1418 skb->len - th->doff*4);
1419 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1420 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1421 TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1422 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1423 TCP_SKB_CB(skb)->sacked = 0;
1424 TCP_SKB_CB(skb)->has_rxtstamp =
1425 skb->tstamp || skb_hwtstamps(skb)->hwtstamp;
1426}
1427
1428static int tcp_v6_rcv(struct sk_buff *skb)
1429{
1430 int sdif = inet6_sdif(skb);
1431 const struct tcphdr *th;
1432 const struct ipv6hdr *hdr;
1433 bool refcounted;
1434 struct sock *sk;
1435 int ret;
1436 struct net *net = dev_net(skb->dev);
1437
1438 if (skb->pkt_type != PACKET_HOST)
1439 goto discard_it;
1440
1441 /*
1442 * Count it even if it's bad.
1443 */
1444 __TCP_INC_STATS(net, TCP_MIB_INSEGS);
1445
1446 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1447 goto discard_it;
1448
1449 th = (const struct tcphdr *)skb->data;
1450
1451 if (unlikely(th->doff < sizeof(struct tcphdr)/4))
1452 goto bad_packet;
1453 if (!pskb_may_pull(skb, th->doff*4))
1454 goto discard_it;
1455
1456 if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo))
1457 goto csum_error;
1458
1459 th = (const struct tcphdr *)skb->data;
1460 hdr = ipv6_hdr(skb);
1461
1462lookup:
1463 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th),
1464 th->source, th->dest, inet6_iif(skb), sdif,
1465 &refcounted);
1466 if (!sk)
1467 goto no_tcp_socket;
1468
1469process:
1470 if (sk->sk_state == TCP_TIME_WAIT)
1471 goto do_time_wait;
1472
1473 if (sk->sk_state == TCP_NEW_SYN_RECV) {
1474 struct request_sock *req = inet_reqsk(sk);
1475 bool req_stolen = false;
1476 struct sock *nsk;
1477
1478 sk = req->rsk_listener;
1479 if (tcp_v6_inbound_md5_hash(sk, skb)) {
1480 sk_drops_add(sk, skb);
1481 reqsk_put(req);
1482 goto discard_it;
1483 }
1484 if (tcp_checksum_complete(skb)) {
1485 reqsk_put(req);
1486 goto csum_error;
1487 }
1488 if (unlikely(sk->sk_state != TCP_LISTEN)) {
1489 inet_csk_reqsk_queue_drop_and_put(sk, req);
1490 goto lookup;
1491 }
1492 sock_hold(sk);
1493 refcounted = true;
1494 nsk = NULL;
1495 if (!tcp_filter(sk, skb)) {
1496 th = (const struct tcphdr *)skb->data;
1497 hdr = ipv6_hdr(skb);
1498 tcp_v6_fill_cb(skb, hdr, th);
1499 nsk = tcp_check_req(sk, skb, req, false, &req_stolen);
1500 }
1501 if (!nsk) {
1502 reqsk_put(req);
1503 if (req_stolen) {
1504 /* Another cpu got exclusive access to req
1505 * and created a full blown socket.
1506 * Try to feed this packet to this socket
1507 * instead of discarding it.
1508 */
1509 tcp_v6_restore_cb(skb);
1510 sock_put(sk);
1511 goto lookup;
1512 }
1513 goto discard_and_relse;
1514 }
1515 if (nsk == sk) {
1516 reqsk_put(req);
1517 tcp_v6_restore_cb(skb);
1518 } else if (tcp_child_process(sk, nsk, skb)) {
1519 tcp_v6_send_reset(nsk, skb);
1520 goto discard_and_relse;
1521 } else {
1522 sock_put(sk);
1523 return 0;
1524 }
1525 }
1526 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
1527 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
1528 goto discard_and_relse;
1529 }
1530
1531 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1532 goto discard_and_relse;
1533
1534 if (tcp_v6_inbound_md5_hash(sk, skb))
1535 goto discard_and_relse;
1536
1537 if (tcp_filter(sk, skb))
1538 goto discard_and_relse;
1539 th = (const struct tcphdr *)skb->data;
1540 hdr = ipv6_hdr(skb);
1541 tcp_v6_fill_cb(skb, hdr, th);
1542
1543 skb->dev = NULL;
1544
1545 if (sk->sk_state == TCP_LISTEN) {
1546 ret = tcp_v6_do_rcv(sk, skb);
1547 goto put_and_return;
1548 }
1549
1550 sk_incoming_cpu_update(sk);
1551
1552 bh_lock_sock_nested(sk);
1553 tcp_segs_in(tcp_sk(sk), skb);
1554 ret = 0;
1555 if (!sock_owned_by_user(sk)) {
1556 ret = tcp_v6_do_rcv(sk, skb);
1557 } else if (tcp_add_backlog(sk, skb)) {
1558 goto discard_and_relse;
1559 }
1560 bh_unlock_sock(sk);
1561
1562put_and_return:
1563 if (refcounted)
1564 sock_put(sk);
1565 return ret ? -1 : 0;
1566
1567no_tcp_socket:
1568 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1569 goto discard_it;
1570
1571 tcp_v6_fill_cb(skb, hdr, th);
1572
1573 if (tcp_checksum_complete(skb)) {
1574csum_error:
1575 __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS);
1576bad_packet:
1577 __TCP_INC_STATS(net, TCP_MIB_INERRS);
1578 } else {
1579 tcp_v6_send_reset(NULL, skb);
1580 }
1581
1582discard_it:
1583 kfree_skb(skb);
1584 return 0;
1585
1586discard_and_relse:
1587 sk_drops_add(sk, skb);
1588 if (refcounted)
1589 sock_put(sk);
1590 goto discard_it;
1591
1592do_time_wait:
1593 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1594 inet_twsk_put(inet_twsk(sk));
1595 goto discard_it;
1596 }
1597
1598 tcp_v6_fill_cb(skb, hdr, th);
1599
1600 if (tcp_checksum_complete(skb)) {
1601 inet_twsk_put(inet_twsk(sk));
1602 goto csum_error;
1603 }
1604
1605 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1606 case TCP_TW_SYN:
1607 {
1608 struct sock *sk2;
1609
1610 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1611 skb, __tcp_hdrlen(th),
1612 &ipv6_hdr(skb)->saddr, th->source,
1613 &ipv6_hdr(skb)->daddr,
1614 ntohs(th->dest),
1615 tcp_v6_iif_l3_slave(skb),
1616 sdif);
1617 if (sk2) {
1618 struct inet_timewait_sock *tw = inet_twsk(sk);
1619 inet_twsk_deschedule_put(tw);
1620 sk = sk2;
1621 tcp_v6_restore_cb(skb);
1622 refcounted = false;
1623 goto process;
1624 }
1625 }
1626 /* to ACK */
1627 /* fall through */
1628 case TCP_TW_ACK:
1629 tcp_v6_timewait_ack(sk, skb);
1630 break;
1631 case TCP_TW_RST:
1632 tcp_v6_send_reset(sk, skb);
1633 inet_twsk_deschedule_put(inet_twsk(sk));
1634 goto discard_it;
1635 case TCP_TW_SUCCESS:
1636 ;
1637 }
1638 goto discard_it;
1639}
1640
1641static void tcp_v6_early_demux(struct sk_buff *skb)
1642{
1643 const struct ipv6hdr *hdr;
1644 const struct tcphdr *th;
1645 struct sock *sk;
1646
1647 if (skb->pkt_type != PACKET_HOST)
1648 return;
1649
1650 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1651 return;
1652
1653 hdr = ipv6_hdr(skb);
1654 th = tcp_hdr(skb);
1655
1656 if (th->doff < sizeof(struct tcphdr) / 4)
1657 return;
1658
1659 /* Note : We use inet6_iif() here, not tcp_v6_iif() */
1660 sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1661 &hdr->saddr, th->source,
1662 &hdr->daddr, ntohs(th->dest),
1663 inet6_iif(skb), inet6_sdif(skb));
1664 if (sk) {
1665 skb->sk = sk;
1666 skb->destructor = sock_edemux;
1667 if (sk_fullsock(sk)) {
1668 struct dst_entry *dst = READ_ONCE(sk->sk_rx_dst);
1669
1670 if (dst)
1671 dst = dst_check(dst, inet6_sk(sk)->rx_dst_cookie);
1672 if (dst &&
1673 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
1674 skb_dst_set_noref(skb, dst);
1675 }
1676 }
1677}
1678
1679static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1680 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
1681 .twsk_unique = tcp_twsk_unique,
1682 .twsk_destructor = tcp_twsk_destructor,
1683};
1684
1685static const struct inet_connection_sock_af_ops ipv6_specific = {
1686 .queue_xmit = inet6_csk_xmit,
1687 .send_check = tcp_v6_send_check,
1688 .rebuild_header = inet6_sk_rebuild_header,
1689 .sk_rx_dst_set = inet6_sk_rx_dst_set,
1690 .conn_request = tcp_v6_conn_request,
1691 .syn_recv_sock = tcp_v6_syn_recv_sock,
1692 .net_header_len = sizeof(struct ipv6hdr),
1693 .net_frag_header_len = sizeof(struct frag_hdr),
1694 .setsockopt = ipv6_setsockopt,
1695 .getsockopt = ipv6_getsockopt,
1696 .addr2sockaddr = inet6_csk_addr2sockaddr,
1697 .sockaddr_len = sizeof(struct sockaddr_in6),
1698#ifdef CONFIG_COMPAT
1699 .compat_setsockopt = compat_ipv6_setsockopt,
1700 .compat_getsockopt = compat_ipv6_getsockopt,
1701#endif
1702 .mtu_reduced = tcp_v6_mtu_reduced,
1703};
1704
1705#ifdef CONFIG_TCP_MD5SIG
1706static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1707 .md5_lookup = tcp_v6_md5_lookup,
1708 .calc_md5_hash = tcp_v6_md5_hash_skb,
1709 .md5_parse = tcp_v6_parse_md5_keys,
1710};
1711#endif
1712
1713/*
1714 * TCP over IPv4 via INET6 API
1715 */
1716static const struct inet_connection_sock_af_ops ipv6_mapped = {
1717 .queue_xmit = ip_queue_xmit,
1718 .send_check = tcp_v4_send_check,
1719 .rebuild_header = inet_sk_rebuild_header,
1720 .sk_rx_dst_set = inet_sk_rx_dst_set,
1721 .conn_request = tcp_v6_conn_request,
1722 .syn_recv_sock = tcp_v6_syn_recv_sock,
1723 .net_header_len = sizeof(struct iphdr),
1724 .setsockopt = ipv6_setsockopt,
1725 .getsockopt = ipv6_getsockopt,
1726 .addr2sockaddr = inet6_csk_addr2sockaddr,
1727 .sockaddr_len = sizeof(struct sockaddr_in6),
1728#ifdef CONFIG_COMPAT
1729 .compat_setsockopt = compat_ipv6_setsockopt,
1730 .compat_getsockopt = compat_ipv6_getsockopt,
1731#endif
1732 .mtu_reduced = tcp_v4_mtu_reduced,
1733};
1734
1735#ifdef CONFIG_TCP_MD5SIG
1736static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1737 .md5_lookup = tcp_v4_md5_lookup,
1738 .calc_md5_hash = tcp_v4_md5_hash_skb,
1739 .md5_parse = tcp_v6_parse_md5_keys,
1740};
1741#endif
1742
1743/* NOTE: A lot of things set to zero explicitly by call to
1744 * sk_alloc() so need not be done here.
1745 */
1746static int tcp_v6_init_sock(struct sock *sk)
1747{
1748 struct inet_connection_sock *icsk = inet_csk(sk);
1749
1750 tcp_init_sock(sk);
1751
1752 icsk->icsk_af_ops = &ipv6_specific;
1753
1754#ifdef CONFIG_TCP_MD5SIG
1755 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
1756#endif
1757
1758 return 0;
1759}
1760
1761static void tcp_v6_destroy_sock(struct sock *sk)
1762{
1763 tcp_v4_destroy_sock(sk);
1764 inet6_destroy_sock(sk);
1765}
1766
1767#ifdef CONFIG_PROC_FS
1768/* Proc filesystem TCPv6 sock list dumping. */
1769static void get_openreq6(struct seq_file *seq,
1770 const struct request_sock *req, int i)
1771{
1772 long ttd = req->rsk_timer.expires - jiffies;
1773 const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
1774 const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
1775
1776 if (ttd < 0)
1777 ttd = 0;
1778
1779 seq_printf(seq,
1780 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1781 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
1782 i,
1783 src->s6_addr32[0], src->s6_addr32[1],
1784 src->s6_addr32[2], src->s6_addr32[3],
1785 inet_rsk(req)->ir_num,
1786 dest->s6_addr32[0], dest->s6_addr32[1],
1787 dest->s6_addr32[2], dest->s6_addr32[3],
1788 ntohs(inet_rsk(req)->ir_rmt_port),
1789 TCP_SYN_RECV,
1790 0, 0, /* could print option size, but that is af dependent. */
1791 1, /* timers active (only the expire timer) */
1792 jiffies_to_clock_t(ttd),
1793 req->num_timeout,
1794 from_kuid_munged(seq_user_ns(seq),
1795 sock_i_uid(req->rsk_listener)),
1796 0, /* non standard timer */
1797 0, /* open_requests have no inode */
1798 0, req);
1799}
1800
1801static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1802{
1803 const struct in6_addr *dest, *src;
1804 __u16 destp, srcp;
1805 int timer_active;
1806 unsigned long timer_expires;
1807 const struct inet_sock *inet = inet_sk(sp);
1808 const struct tcp_sock *tp = tcp_sk(sp);
1809 const struct inet_connection_sock *icsk = inet_csk(sp);
1810 const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq;
1811 int rx_queue;
1812 int state;
1813
1814 dest = &sp->sk_v6_daddr;
1815 src = &sp->sk_v6_rcv_saddr;
1816 destp = ntohs(inet->inet_dport);
1817 srcp = ntohs(inet->inet_sport);
1818
1819 if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
1820 icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT ||
1821 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
1822 timer_active = 1;
1823 timer_expires = icsk->icsk_timeout;
1824 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1825 timer_active = 4;
1826 timer_expires = icsk->icsk_timeout;
1827 } else if (timer_pending(&sp->sk_timer)) {
1828 timer_active = 2;
1829 timer_expires = sp->sk_timer.expires;
1830 } else {
1831 timer_active = 0;
1832 timer_expires = jiffies;
1833 }
1834
1835 state = inet_sk_state_load(sp);
1836 if (state == TCP_LISTEN)
1837 rx_queue = sp->sk_ack_backlog;
1838 else
1839 /* Because we don't lock the socket,
1840 * we might find a transient negative value.
1841 */
1842 rx_queue = max_t(int, READ_ONCE(tp->rcv_nxt) -
1843 tp->copied_seq, 0);
1844
1845 seq_printf(seq,
1846 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1847 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
1848 i,
1849 src->s6_addr32[0], src->s6_addr32[1],
1850 src->s6_addr32[2], src->s6_addr32[3], srcp,
1851 dest->s6_addr32[0], dest->s6_addr32[1],
1852 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1853 state,
1854 tp->write_seq - tp->snd_una,
1855 rx_queue,
1856 timer_active,
1857 jiffies_delta_to_clock_t(timer_expires - jiffies),
1858 icsk->icsk_retransmits,
1859 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
1860 icsk->icsk_probes_out,
1861 sock_i_ino(sp),
1862 refcount_read(&sp->sk_refcnt), sp,
1863 jiffies_to_clock_t(icsk->icsk_rto),
1864 jiffies_to_clock_t(icsk->icsk_ack.ato),
1865 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
1866 tp->snd_cwnd,
1867 state == TCP_LISTEN ?
1868 fastopenq->max_qlen :
1869 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
1870 );
1871}
1872
1873static void get_timewait6_sock(struct seq_file *seq,
1874 struct inet_timewait_sock *tw, int i)
1875{
1876 long delta = tw->tw_timer.expires - jiffies;
1877 const struct in6_addr *dest, *src;
1878 __u16 destp, srcp;
1879
1880 dest = &tw->tw_v6_daddr;
1881 src = &tw->tw_v6_rcv_saddr;
1882 destp = ntohs(tw->tw_dport);
1883 srcp = ntohs(tw->tw_sport);
1884
1885 seq_printf(seq,
1886 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1887 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1888 i,
1889 src->s6_addr32[0], src->s6_addr32[1],
1890 src->s6_addr32[2], src->s6_addr32[3], srcp,
1891 dest->s6_addr32[0], dest->s6_addr32[1],
1892 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1893 tw->tw_substate, 0, 0,
1894 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
1895 refcount_read(&tw->tw_refcnt), tw);
1896}
1897
1898static int tcp6_seq_show(struct seq_file *seq, void *v)
1899{
1900 struct tcp_iter_state *st;
1901 struct sock *sk = v;
1902
1903 if (v == SEQ_START_TOKEN) {
1904 seq_puts(seq,
1905 " sl "
1906 "local_address "
1907 "remote_address "
1908 "st tx_queue rx_queue tr tm->when retrnsmt"
1909 " uid timeout inode\n");
1910 goto out;
1911 }
1912 st = seq->private;
1913
1914 if (sk->sk_state == TCP_TIME_WAIT)
1915 get_timewait6_sock(seq, v, st->num);
1916 else if (sk->sk_state == TCP_NEW_SYN_RECV)
1917 get_openreq6(seq, v, st->num);
1918 else
1919 get_tcp6_sock(seq, v, st->num);
1920out:
1921 return 0;
1922}
1923
1924static const struct seq_operations tcp6_seq_ops = {
1925 .show = tcp6_seq_show,
1926 .start = tcp_seq_start,
1927 .next = tcp_seq_next,
1928 .stop = tcp_seq_stop,
1929};
1930
1931static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1932 .family = AF_INET6,
1933};
1934
1935int __net_init tcp6_proc_init(struct net *net)
1936{
1937 if (!proc_create_net_data("tcp6", 0444, net->proc_net, &tcp6_seq_ops,
1938 sizeof(struct tcp_iter_state), &tcp6_seq_afinfo))
1939 return -ENOMEM;
1940 return 0;
1941}
1942
1943void tcp6_proc_exit(struct net *net)
1944{
1945 remove_proc_entry("tcp6", net->proc_net);
1946}
1947#endif
1948
1949struct proto tcpv6_prot = {
1950 .name = "TCPv6",
1951 .owner = THIS_MODULE,
1952 .close = tcp_close,
1953 .pre_connect = tcp_v6_pre_connect,
1954 .connect = tcp_v6_connect,
1955 .disconnect = tcp_disconnect,
1956 .accept = inet_csk_accept,
1957 .ioctl = tcp_ioctl,
1958 .init = tcp_v6_init_sock,
1959 .destroy = tcp_v6_destroy_sock,
1960 .shutdown = tcp_shutdown,
1961 .setsockopt = tcp_setsockopt,
1962 .getsockopt = tcp_getsockopt,
1963 .keepalive = tcp_set_keepalive,
1964 .recvmsg = tcp_recvmsg,
1965 .sendmsg = tcp_sendmsg,
1966 .sendpage = tcp_sendpage,
1967 .backlog_rcv = tcp_v6_do_rcv,
1968 .release_cb = tcp_release_cb,
1969 .hash = inet6_hash,
1970 .unhash = inet_unhash,
1971 .get_port = inet_csk_get_port,
1972 .enter_memory_pressure = tcp_enter_memory_pressure,
1973 .leave_memory_pressure = tcp_leave_memory_pressure,
1974 .stream_memory_free = tcp_stream_memory_free,
1975 .sockets_allocated = &tcp_sockets_allocated,
1976 .memory_allocated = &tcp_memory_allocated,
1977 .memory_pressure = &tcp_memory_pressure,
1978 .orphan_count = &tcp_orphan_count,
1979 .sysctl_mem = sysctl_tcp_mem,
1980 .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_tcp_wmem),
1981 .sysctl_rmem_offset = offsetof(struct net, ipv4.sysctl_tcp_rmem),
1982 .max_header = MAX_TCP_HEADER,
1983 .obj_size = sizeof(struct tcp6_sock),
1984 .slab_flags = SLAB_TYPESAFE_BY_RCU,
1985 .twsk_prot = &tcp6_timewait_sock_ops,
1986 .rsk_prot = &tcp6_request_sock_ops,
1987 .h.hashinfo = &tcp_hashinfo,
1988 .no_autobind = true,
1989#ifdef CONFIG_COMPAT
1990 .compat_setsockopt = compat_tcp_setsockopt,
1991 .compat_getsockopt = compat_tcp_getsockopt,
1992#endif
1993 .diag_destroy = tcp_abort,
1994};
1995
1996/* thinking of making this const? Don't.
1997 * early_demux can change based on sysctl.
1998 */
1999static struct inet6_protocol tcpv6_protocol = {
2000 .early_demux = tcp_v6_early_demux,
2001 .early_demux_handler = tcp_v6_early_demux,
2002 .handler = tcp_v6_rcv,
2003 .err_handler = tcp_v6_err,
2004 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2005};
2006
2007static struct inet_protosw tcpv6_protosw = {
2008 .type = SOCK_STREAM,
2009 .protocol = IPPROTO_TCP,
2010 .prot = &tcpv6_prot,
2011 .ops = &inet6_stream_ops,
2012 .flags = INET_PROTOSW_PERMANENT |
2013 INET_PROTOSW_ICSK,
2014};
2015
2016static int __net_init tcpv6_net_init(struct net *net)
2017{
2018 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2019 SOCK_RAW, IPPROTO_TCP, net);
2020}
2021
2022static void __net_exit tcpv6_net_exit(struct net *net)
2023{
2024 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
2025}
2026
2027static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
2028{
2029 inet_twsk_purge(&tcp_hashinfo, AF_INET6);
2030}
2031
2032static struct pernet_operations tcpv6_net_ops = {
2033 .init = tcpv6_net_init,
2034 .exit = tcpv6_net_exit,
2035 .exit_batch = tcpv6_net_exit_batch,
2036};
2037
2038int __init tcpv6_init(void)
2039{
2040 int ret;
2041
2042 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2043 if (ret)
2044 goto out;
2045
2046 /* register inet6 protocol */
2047 ret = inet6_register_protosw(&tcpv6_protosw);
2048 if (ret)
2049 goto out_tcpv6_protocol;
2050
2051 ret = register_pernet_subsys(&tcpv6_net_ops);
2052 if (ret)
2053 goto out_tcpv6_protosw;
2054out:
2055 return ret;
2056
2057out_tcpv6_protosw:
2058 inet6_unregister_protosw(&tcpv6_protosw);
2059out_tcpv6_protocol:
2060 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2061 goto out;
2062}
2063
2064void tcpv6_exit(void)
2065{
2066 unregister_pernet_subsys(&tcpv6_net_ops);
2067 inet6_unregister_protosw(&tcpv6_protosw);
2068 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2069}