3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
10 * linux/net/ipv4/tcp_input.c
11 * linux/net/ipv4/tcp_output.c
14 * Hideaki YOSHIFUJI : sin6_scope_id support
15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
17 * a single port at the same time.
18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
41 #include <linux/slab.h>
42 #include <linux/uaccess.h>
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
60 #include <net/dsfield.h>
61 #include <net/timewait_sock.h>
62 #include <net/inet_common.h>
63 #include <net/secure_seq.h>
64 #include <net/tcp_memcontrol.h>
65 #include <net/busy_poll.h>
67 #include <linux/proc_fs.h>
68 #include <linux/seq_file.h>
70 #include <linux/crypto.h>
71 #include <linux/scatterlist.h>
73 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
74 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
75 struct request_sock *req);
77 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
79 static const struct inet_connection_sock_af_ops ipv6_mapped;
80 static const struct inet_connection_sock_af_ops ipv6_specific;
81 #ifdef CONFIG_TCP_MD5SIG
82 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
83 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
85 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
86 const struct in6_addr *addr)
92 static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
94 struct dst_entry *dst = skb_dst(skb);
97 const struct rt6_info *rt = (const struct rt6_info *)dst;
101 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
103 inet6_sk(sk)->rx_dst_cookie = rt->rt6i_node->fn_sernum;
107 static void tcp_v6_hash(struct sock *sk)
109 if (sk->sk_state != TCP_CLOSE) {
110 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
115 __inet6_hash(sk, NULL);
120 static __u32 tcp_v6_init_sequence(const struct sk_buff *skb)
122 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
123 ipv6_hdr(skb)->saddr.s6_addr32,
125 tcp_hdr(skb)->source);
128 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
131 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
132 struct inet_sock *inet = inet_sk(sk);
133 struct inet_connection_sock *icsk = inet_csk(sk);
134 struct ipv6_pinfo *np = inet6_sk(sk);
135 struct tcp_sock *tp = tcp_sk(sk);
136 struct in6_addr *saddr = NULL, *final_p, final;
139 struct dst_entry *dst;
143 if (addr_len < SIN6_LEN_RFC2133)
146 if (usin->sin6_family != AF_INET6)
147 return -EAFNOSUPPORT;
149 memset(&fl6, 0, sizeof(fl6));
152 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
153 IP6_ECN_flow_init(fl6.flowlabel);
154 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
155 struct ip6_flowlabel *flowlabel;
156 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
157 if (flowlabel == NULL)
159 fl6_sock_release(flowlabel);
164 * connect() to INADDR_ANY means loopback (BSD'ism).
167 if (ipv6_addr_any(&usin->sin6_addr))
168 usin->sin6_addr.s6_addr[15] = 0x1;
170 addr_type = ipv6_addr_type(&usin->sin6_addr);
172 if (addr_type & IPV6_ADDR_MULTICAST)
175 if (addr_type&IPV6_ADDR_LINKLOCAL) {
176 if (addr_len >= sizeof(struct sockaddr_in6) &&
177 usin->sin6_scope_id) {
178 /* If interface is set while binding, indices
181 if (sk->sk_bound_dev_if &&
182 sk->sk_bound_dev_if != usin->sin6_scope_id)
185 sk->sk_bound_dev_if = usin->sin6_scope_id;
188 /* Connect to link-local address requires an interface */
189 if (!sk->sk_bound_dev_if)
193 if (tp->rx_opt.ts_recent_stamp &&
194 !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
195 tp->rx_opt.ts_recent = 0;
196 tp->rx_opt.ts_recent_stamp = 0;
200 sk->sk_v6_daddr = usin->sin6_addr;
201 np->flow_label = fl6.flowlabel;
207 if (addr_type == IPV6_ADDR_MAPPED) {
208 u32 exthdrlen = icsk->icsk_ext_hdr_len;
209 struct sockaddr_in sin;
211 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
213 if (__ipv6_only_sock(sk))
216 sin.sin_family = AF_INET;
217 sin.sin_port = usin->sin6_port;
218 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
220 icsk->icsk_af_ops = &ipv6_mapped;
221 sk->sk_backlog_rcv = tcp_v4_do_rcv;
222 #ifdef CONFIG_TCP_MD5SIG
223 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
226 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
229 icsk->icsk_ext_hdr_len = exthdrlen;
230 icsk->icsk_af_ops = &ipv6_specific;
231 sk->sk_backlog_rcv = tcp_v6_do_rcv;
232 #ifdef CONFIG_TCP_MD5SIG
233 tp->af_specific = &tcp_sock_ipv6_specific;
237 np->saddr = sk->sk_v6_rcv_saddr;
242 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
243 saddr = &sk->sk_v6_rcv_saddr;
245 fl6.flowi6_proto = IPPROTO_TCP;
246 fl6.daddr = sk->sk_v6_daddr;
247 fl6.saddr = saddr ? *saddr : np->saddr;
248 fl6.flowi6_oif = sk->sk_bound_dev_if;
249 fl6.flowi6_mark = sk->sk_mark;
250 fl6.fl6_dport = usin->sin6_port;
251 fl6.fl6_sport = inet->inet_sport;
253 final_p = fl6_update_dst(&fl6, np->opt, &final);
255 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
257 dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
265 sk->sk_v6_rcv_saddr = *saddr;
268 /* set the source address */
270 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
272 sk->sk_gso_type = SKB_GSO_TCPV6;
273 __ip6_dst_store(sk, dst, NULL, NULL);
275 rt = (struct rt6_info *) dst;
276 if (tcp_death_row.sysctl_tw_recycle &&
277 !tp->rx_opt.ts_recent_stamp &&
278 ipv6_addr_equal(&rt->rt6i_dst.addr, &sk->sk_v6_daddr))
279 tcp_fetch_timewait_stamp(sk, dst);
281 icsk->icsk_ext_hdr_len = 0;
283 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
286 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
288 inet->inet_dport = usin->sin6_port;
290 tcp_set_state(sk, TCP_SYN_SENT);
291 err = inet6_hash_connect(&tcp_death_row, sk);
297 if (!tp->write_seq && likely(!tp->repair))
298 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
299 sk->sk_v6_daddr.s6_addr32,
303 err = tcp_connect(sk);
310 tcp_set_state(sk, TCP_CLOSE);
313 inet->inet_dport = 0;
314 sk->sk_route_caps = 0;
318 static void tcp_v6_mtu_reduced(struct sock *sk)
320 struct dst_entry *dst;
322 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
325 dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info);
329 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
330 tcp_sync_mss(sk, dst_mtu(dst));
331 tcp_simple_retransmit(sk);
335 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
336 u8 type, u8 code, int offset, __be32 info)
338 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
339 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
340 struct ipv6_pinfo *np;
344 struct request_sock *fastopen;
346 struct net *net = dev_net(skb->dev);
348 sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr,
349 th->dest, &hdr->saddr, th->source, skb->dev->ifindex);
352 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev),
357 if (sk->sk_state == TCP_TIME_WAIT) {
358 inet_twsk_put(inet_twsk(sk));
363 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
364 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
366 if (sk->sk_state == TCP_CLOSE)
369 if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) {
370 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
375 seq = ntohl(th->seq);
376 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
377 fastopen = tp->fastopen_rsk;
378 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
379 if (sk->sk_state != TCP_LISTEN &&
380 !between(seq, snd_una, tp->snd_nxt)) {
381 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
387 if (type == NDISC_REDIRECT) {
388 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
391 dst->ops->redirect(dst, sk, skb);
395 if (type == ICMPV6_PKT_TOOBIG) {
396 /* We are not interested in TCP_LISTEN and open_requests
397 * (SYN-ACKs send out by Linux are always <576bytes so
398 * they should go through unfragmented).
400 if (sk->sk_state == TCP_LISTEN)
403 if (!ip6_sk_accept_pmtu(sk))
406 tp->mtu_info = ntohl(info);
407 if (!sock_owned_by_user(sk))
408 tcp_v6_mtu_reduced(sk);
409 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
415 icmpv6_err_convert(type, code, &err);
417 /* Might be for an request_sock */
418 switch (sk->sk_state) {
419 struct request_sock *req, **prev;
421 if (sock_owned_by_user(sk))
424 /* Note : We use inet6_iif() here, not tcp_v6_iif() */
425 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
426 &hdr->saddr, inet6_iif(skb));
430 /* ICMPs are not backlogged, hence we cannot get
431 * an established socket here.
433 WARN_ON(req->sk != NULL);
435 if (seq != tcp_rsk(req)->snt_isn) {
436 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
440 inet_csk_reqsk_queue_drop(sk, req, prev);
441 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
446 /* Only in fast or simultaneous open. If a fast open socket is
447 * is already accepted it is treated as a connected one below.
449 if (fastopen && fastopen->sk == NULL)
452 if (!sock_owned_by_user(sk)) {
454 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
458 sk->sk_err_soft = err;
462 if (!sock_owned_by_user(sk) && np->recverr) {
464 sk->sk_error_report(sk);
466 sk->sk_err_soft = err;
474 static int tcp_v6_send_synack(struct sock *sk, struct dst_entry *dst,
476 struct request_sock *req,
478 struct tcp_fastopen_cookie *foc)
480 struct inet_request_sock *ireq = inet_rsk(req);
481 struct ipv6_pinfo *np = inet6_sk(sk);
482 struct flowi6 *fl6 = &fl->u.ip6;
486 /* First, grab a route. */
487 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req)) == NULL)
490 skb = tcp_make_synack(sk, dst, req, foc);
493 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
494 &ireq->ir_v6_rmt_addr);
496 fl6->daddr = ireq->ir_v6_rmt_addr;
497 if (np->repflow && (ireq->pktopts != NULL))
498 fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
500 skb_set_queue_mapping(skb, queue_mapping);
501 err = ip6_xmit(sk, skb, fl6, np->opt, np->tclass);
502 err = net_xmit_eval(err);
510 static void tcp_v6_reqsk_destructor(struct request_sock *req)
512 kfree_skb(inet_rsk(req)->pktopts);
515 #ifdef CONFIG_TCP_MD5SIG
516 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
517 const struct in6_addr *addr)
519 return tcp_md5_do_lookup(sk, (union tcp_md5_addr *)addr, AF_INET6);
522 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
523 struct sock *addr_sk)
525 return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr);
528 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
529 struct request_sock *req)
531 return tcp_v6_md5_do_lookup(sk, &inet_rsk(req)->ir_v6_rmt_addr);
534 static int tcp_v6_parse_md5_keys(struct sock *sk, char __user *optval,
537 struct tcp_md5sig cmd;
538 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
540 if (optlen < sizeof(cmd))
543 if (copy_from_user(&cmd, optval, sizeof(cmd)))
546 if (sin6->sin6_family != AF_INET6)
549 if (!cmd.tcpm_keylen) {
550 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
551 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
553 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
557 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
560 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
561 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
562 AF_INET, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
564 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
565 AF_INET6, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
568 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
569 const struct in6_addr *daddr,
570 const struct in6_addr *saddr, int nbytes)
572 struct tcp6_pseudohdr *bp;
573 struct scatterlist sg;
575 bp = &hp->md5_blk.ip6;
576 /* 1. TCP pseudo-header (RFC2460) */
579 bp->protocol = cpu_to_be32(IPPROTO_TCP);
580 bp->len = cpu_to_be32(nbytes);
582 sg_init_one(&sg, bp, sizeof(*bp));
583 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
586 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
587 const struct in6_addr *daddr, struct in6_addr *saddr,
588 const struct tcphdr *th)
590 struct tcp_md5sig_pool *hp;
591 struct hash_desc *desc;
593 hp = tcp_get_md5sig_pool();
595 goto clear_hash_noput;
596 desc = &hp->md5_desc;
598 if (crypto_hash_init(desc))
600 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
602 if (tcp_md5_hash_header(hp, th))
604 if (tcp_md5_hash_key(hp, key))
606 if (crypto_hash_final(desc, md5_hash))
609 tcp_put_md5sig_pool();
613 tcp_put_md5sig_pool();
615 memset(md5_hash, 0, 16);
619 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
620 const struct sock *sk,
621 const struct request_sock *req,
622 const struct sk_buff *skb)
624 const struct in6_addr *saddr, *daddr;
625 struct tcp_md5sig_pool *hp;
626 struct hash_desc *desc;
627 const struct tcphdr *th = tcp_hdr(skb);
630 saddr = &inet6_sk(sk)->saddr;
631 daddr = &sk->sk_v6_daddr;
633 saddr = &inet_rsk(req)->ir_v6_loc_addr;
634 daddr = &inet_rsk(req)->ir_v6_rmt_addr;
636 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
637 saddr = &ip6h->saddr;
638 daddr = &ip6h->daddr;
641 hp = tcp_get_md5sig_pool();
643 goto clear_hash_noput;
644 desc = &hp->md5_desc;
646 if (crypto_hash_init(desc))
649 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
651 if (tcp_md5_hash_header(hp, th))
653 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
655 if (tcp_md5_hash_key(hp, key))
657 if (crypto_hash_final(desc, md5_hash))
660 tcp_put_md5sig_pool();
664 tcp_put_md5sig_pool();
666 memset(md5_hash, 0, 16);
670 static int __tcp_v6_inbound_md5_hash(struct sock *sk,
671 const struct sk_buff *skb)
673 const __u8 *hash_location = NULL;
674 struct tcp_md5sig_key *hash_expected;
675 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
676 const struct tcphdr *th = tcp_hdr(skb);
680 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
681 hash_location = tcp_parse_md5sig_option(th);
683 /* We've parsed the options - do we have a hash? */
684 if (!hash_expected && !hash_location)
687 if (hash_expected && !hash_location) {
688 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
692 if (!hash_expected && hash_location) {
693 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
697 /* check the signature */
698 genhash = tcp_v6_md5_hash_skb(newhash,
702 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
703 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
704 genhash ? "failed" : "mismatch",
705 &ip6h->saddr, ntohs(th->source),
706 &ip6h->daddr, ntohs(th->dest));
712 static int tcp_v6_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb)
717 ret = __tcp_v6_inbound_md5_hash(sk, skb);
725 static void tcp_v6_init_req(struct request_sock *req, struct sock *sk,
728 struct inet_request_sock *ireq = inet_rsk(req);
729 struct ipv6_pinfo *np = inet6_sk(sk);
731 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
732 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
734 /* So that link locals have meaning */
735 if (!sk->sk_bound_dev_if &&
736 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
737 ireq->ir_iif = tcp_v6_iif(skb);
739 if (!TCP_SKB_CB(skb)->tcp_tw_isn &&
740 (ipv6_opt_accepted(sk, skb, &TCP_SKB_CB(skb)->header.h6) ||
741 np->rxopt.bits.rxinfo ||
742 np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim ||
743 np->rxopt.bits.rxohlim || np->repflow)) {
744 atomic_inc(&skb->users);
747 ireq->ireq_family = AF_INET6;
750 static struct dst_entry *tcp_v6_route_req(struct sock *sk, struct flowi *fl,
751 const struct request_sock *req,
756 return inet6_csk_route_req(sk, &fl->u.ip6, req);
759 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
761 .obj_size = sizeof(struct tcp6_request_sock),
762 .rtx_syn_ack = tcp_rtx_synack,
763 .send_ack = tcp_v6_reqsk_send_ack,
764 .destructor = tcp_v6_reqsk_destructor,
765 .send_reset = tcp_v6_send_reset,
766 .syn_ack_timeout = tcp_syn_ack_timeout,
769 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
770 .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) -
771 sizeof(struct ipv6hdr),
772 #ifdef CONFIG_TCP_MD5SIG
773 .md5_lookup = tcp_v6_reqsk_md5_lookup,
774 .calc_md5_hash = tcp_v6_md5_hash_skb,
776 .init_req = tcp_v6_init_req,
777 #ifdef CONFIG_SYN_COOKIES
778 .cookie_init_seq = cookie_v6_init_sequence,
780 .route_req = tcp_v6_route_req,
781 .init_seq = tcp_v6_init_sequence,
782 .send_synack = tcp_v6_send_synack,
783 .queue_hash_add = inet6_csk_reqsk_queue_hash_add,
786 static void tcp_v6_send_response(struct sock *sk, struct sk_buff *skb, u32 seq,
787 u32 ack, u32 win, u32 tsval, u32 tsecr,
788 int oif, struct tcp_md5sig_key *key, int rst,
789 u8 tclass, u32 label)
791 const struct tcphdr *th = tcp_hdr(skb);
793 struct sk_buff *buff;
795 struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
796 struct sock *ctl_sk = net->ipv6.tcp_sk;
797 unsigned int tot_len = sizeof(struct tcphdr);
798 struct dst_entry *dst;
802 tot_len += TCPOLEN_TSTAMP_ALIGNED;
803 #ifdef CONFIG_TCP_MD5SIG
805 tot_len += TCPOLEN_MD5SIG_ALIGNED;
808 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
813 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
815 t1 = (struct tcphdr *) skb_push(buff, tot_len);
816 skb_reset_transport_header(buff);
818 /* Swap the send and the receive. */
819 memset(t1, 0, sizeof(*t1));
820 t1->dest = th->source;
821 t1->source = th->dest;
822 t1->doff = tot_len / 4;
823 t1->seq = htonl(seq);
824 t1->ack_seq = htonl(ack);
825 t1->ack = !rst || !th->ack;
827 t1->window = htons(win);
829 topt = (__be32 *)(t1 + 1);
832 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
833 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
834 *topt++ = htonl(tsval);
835 *topt++ = htonl(tsecr);
838 #ifdef CONFIG_TCP_MD5SIG
840 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
841 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
842 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
843 &ipv6_hdr(skb)->saddr,
844 &ipv6_hdr(skb)->daddr, t1);
848 memset(&fl6, 0, sizeof(fl6));
849 fl6.daddr = ipv6_hdr(skb)->saddr;
850 fl6.saddr = ipv6_hdr(skb)->daddr;
851 fl6.flowlabel = label;
853 buff->ip_summed = CHECKSUM_PARTIAL;
856 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
858 fl6.flowi6_proto = IPPROTO_TCP;
859 if (rt6_need_strict(&fl6.daddr) && !oif)
860 fl6.flowi6_oif = tcp_v6_iif(skb);
862 fl6.flowi6_oif = oif;
863 fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark);
864 fl6.fl6_dport = t1->dest;
865 fl6.fl6_sport = t1->source;
866 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
868 /* Pass a socket to ip6_dst_lookup either it is for RST
869 * Underlying function will use this to retrieve the network
872 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
874 skb_dst_set(buff, dst);
875 ip6_xmit(ctl_sk, buff, &fl6, NULL, tclass);
876 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
878 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
885 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
887 const struct tcphdr *th = tcp_hdr(skb);
888 u32 seq = 0, ack_seq = 0;
889 struct tcp_md5sig_key *key = NULL;
890 #ifdef CONFIG_TCP_MD5SIG
891 const __u8 *hash_location = NULL;
892 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
893 unsigned char newhash[16];
895 struct sock *sk1 = NULL;
902 /* If sk not NULL, it means we did a successful lookup and incoming
903 * route had to be correct. prequeue might have dropped our dst.
905 if (!sk && !ipv6_unicast_destination(skb))
908 #ifdef CONFIG_TCP_MD5SIG
909 hash_location = tcp_parse_md5sig_option(th);
910 if (!sk && hash_location) {
912 * active side is lost. Try to find listening socket through
913 * source port, and then find md5 key through listening socket.
914 * we are not loose security here:
915 * Incoming packet is checked with md5 hash with finding key,
916 * no RST generated if md5 hash doesn't match.
918 sk1 = inet6_lookup_listener(dev_net(skb_dst(skb)->dev),
919 &tcp_hashinfo, &ipv6h->saddr,
920 th->source, &ipv6h->daddr,
921 ntohs(th->source), tcp_v6_iif(skb));
926 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr);
930 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, NULL, skb);
931 if (genhash || memcmp(hash_location, newhash, 16) != 0)
934 key = sk ? tcp_v6_md5_do_lookup(sk, &ipv6h->saddr) : NULL;
939 seq = ntohl(th->ack_seq);
941 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
944 oif = sk ? sk->sk_bound_dev_if : 0;
945 tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, key, 1, 0, 0);
947 #ifdef CONFIG_TCP_MD5SIG
956 static void tcp_v6_send_ack(struct sock *sk, struct sk_buff *skb, u32 seq,
957 u32 ack, u32 win, u32 tsval, u32 tsecr, int oif,
958 struct tcp_md5sig_key *key, u8 tclass,
961 tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, key, 0,
965 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
967 struct inet_timewait_sock *tw = inet_twsk(sk);
968 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
970 tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
971 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
972 tcp_time_stamp + tcptw->tw_ts_offset,
973 tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw),
974 tw->tw_tclass, (tw->tw_flowlabel << 12));
979 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
980 struct request_sock *req)
982 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
983 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
985 tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ?
986 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
987 tcp_rsk(req)->rcv_nxt, req->rcv_wnd,
988 tcp_time_stamp, req->ts_recent, sk->sk_bound_dev_if,
989 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr),
994 static struct sock *tcp_v6_hnd_req(struct sock *sk, struct sk_buff *skb)
996 struct request_sock *req, **prev;
997 const struct tcphdr *th = tcp_hdr(skb);
1000 /* Find possible connection requests. */
1001 req = inet6_csk_search_req(sk, &prev, th->source,
1002 &ipv6_hdr(skb)->saddr,
1003 &ipv6_hdr(skb)->daddr, tcp_v6_iif(skb));
1005 return tcp_check_req(sk, skb, req, prev, false);
1007 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
1008 &ipv6_hdr(skb)->saddr, th->source,
1009 &ipv6_hdr(skb)->daddr, ntohs(th->dest),
1013 if (nsk->sk_state != TCP_TIME_WAIT) {
1017 inet_twsk_put(inet_twsk(nsk));
1021 #ifdef CONFIG_SYN_COOKIES
1023 sk = cookie_v6_check(sk, skb);
1028 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1030 if (skb->protocol == htons(ETH_P_IP))
1031 return tcp_v4_conn_request(sk, skb);
1033 if (!ipv6_unicast_destination(skb))
1036 return tcp_conn_request(&tcp6_request_sock_ops,
1037 &tcp_request_sock_ipv6_ops, sk, skb);
1040 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1041 return 0; /* don't send reset */
1044 static struct sock *tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1045 struct request_sock *req,
1046 struct dst_entry *dst)
1048 struct inet_request_sock *ireq;
1049 struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1050 struct tcp6_sock *newtcp6sk;
1051 struct inet_sock *newinet;
1052 struct tcp_sock *newtp;
1054 #ifdef CONFIG_TCP_MD5SIG
1055 struct tcp_md5sig_key *key;
1059 if (skb->protocol == htons(ETH_P_IP)) {
1064 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1069 newtcp6sk = (struct tcp6_sock *)newsk;
1070 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1072 newinet = inet_sk(newsk);
1073 newnp = inet6_sk(newsk);
1074 newtp = tcp_sk(newsk);
1076 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1078 newnp->saddr = newsk->sk_v6_rcv_saddr;
1080 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1081 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1082 #ifdef CONFIG_TCP_MD5SIG
1083 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1086 newnp->ipv6_ac_list = NULL;
1087 newnp->ipv6_fl_list = NULL;
1088 newnp->pktoptions = NULL;
1090 newnp->mcast_oif = tcp_v6_iif(skb);
1091 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1092 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1094 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1097 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1098 * here, tcp_create_openreq_child now does this for us, see the comment in
1099 * that function for the gory details. -acme
1102 /* It is tricky place. Until this moment IPv4 tcp
1103 worked with IPv6 icsk.icsk_af_ops.
1106 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1111 ireq = inet_rsk(req);
1113 if (sk_acceptq_is_full(sk))
1117 dst = inet6_csk_route_req(sk, &fl6, req);
1122 newsk = tcp_create_openreq_child(sk, req, skb);
1127 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1128 * count here, tcp_create_openreq_child now does this for us, see the
1129 * comment in that function for the gory details. -acme
1132 newsk->sk_gso_type = SKB_GSO_TCPV6;
1133 __ip6_dst_store(newsk, dst, NULL, NULL);
1134 inet6_sk_rx_dst_set(newsk, skb);
1136 newtcp6sk = (struct tcp6_sock *)newsk;
1137 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1139 newtp = tcp_sk(newsk);
1140 newinet = inet_sk(newsk);
1141 newnp = inet6_sk(newsk);
1143 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1145 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
1146 newnp->saddr = ireq->ir_v6_loc_addr;
1147 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
1148 newsk->sk_bound_dev_if = ireq->ir_iif;
1150 ip6_set_txhash(newsk);
1152 /* Now IPv6 options...
1154 First: no IPv4 options.
1156 newinet->inet_opt = NULL;
1157 newnp->ipv6_ac_list = NULL;
1158 newnp->ipv6_fl_list = NULL;
1161 newnp->rxopt.all = np->rxopt.all;
1163 /* Clone pktoptions received with SYN */
1164 newnp->pktoptions = NULL;
1165 if (ireq->pktopts != NULL) {
1166 newnp->pktoptions = skb_clone(ireq->pktopts,
1167 sk_gfp_atomic(sk, GFP_ATOMIC));
1168 consume_skb(ireq->pktopts);
1169 ireq->pktopts = NULL;
1170 if (newnp->pktoptions)
1171 skb_set_owner_r(newnp->pktoptions, newsk);
1174 newnp->mcast_oif = tcp_v6_iif(skb);
1175 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1176 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1178 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1180 /* Clone native IPv6 options from listening socket (if any)
1182 Yes, keeping reference count would be much more clever,
1183 but we make one more one thing there: reattach optmem
1187 newnp->opt = ipv6_dup_options(newsk, np->opt);
1189 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1191 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1192 newnp->opt->opt_flen);
1194 tcp_ca_openreq_child(newsk, dst);
1196 tcp_sync_mss(newsk, dst_mtu(dst));
1197 newtp->advmss = dst_metric_advmss(dst);
1198 if (tcp_sk(sk)->rx_opt.user_mss &&
1199 tcp_sk(sk)->rx_opt.user_mss < newtp->advmss)
1200 newtp->advmss = tcp_sk(sk)->rx_opt.user_mss;
1202 tcp_initialize_rcv_mss(newsk);
1204 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1205 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1207 #ifdef CONFIG_TCP_MD5SIG
1208 /* Copy over the MD5 key from the original socket */
1209 key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr);
1211 /* We're using one, so create a matching key
1212 * on the newsk structure. If we fail to get
1213 * memory, then we end up not copying the key
1216 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr,
1217 AF_INET6, key->key, key->keylen,
1218 sk_gfp_atomic(sk, GFP_ATOMIC));
1222 if (__inet_inherit_port(sk, newsk) < 0) {
1223 inet_csk_prepare_forced_close(newsk);
1227 __inet6_hash(newsk, NULL);
1232 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1236 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1240 /* The socket must have it's spinlock held when we get
1243 * We have a potential double-lock case here, so even when
1244 * doing backlog processing we use the BH locking scheme.
1245 * This is because we cannot sleep with the original spinlock
1248 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1250 struct ipv6_pinfo *np = inet6_sk(sk);
1251 struct tcp_sock *tp;
1252 struct sk_buff *opt_skb = NULL;
1254 /* Imagine: socket is IPv6. IPv4 packet arrives,
1255 goes to IPv4 receive handler and backlogged.
1256 From backlog it always goes here. Kerboom...
1257 Fortunately, tcp_rcv_established and rcv_established
1258 handle them correctly, but it is not case with
1259 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1262 if (skb->protocol == htons(ETH_P_IP))
1263 return tcp_v4_do_rcv(sk, skb);
1265 if (sk_filter(sk, skb))
1269 * socket locking is here for SMP purposes as backlog rcv
1270 * is currently called with bh processing disabled.
1273 /* Do Stevens' IPV6_PKTOPTIONS.
1275 Yes, guys, it is the only place in our code, where we
1276 may make it not affecting IPv4.
1277 The rest of code is protocol independent,
1278 and I do not like idea to uglify IPv4.
1280 Actually, all the idea behind IPV6_PKTOPTIONS
1281 looks not very well thought. For now we latch
1282 options, received in the last packet, enqueued
1283 by tcp. Feel free to propose better solution.
1287 opt_skb = skb_clone(skb, sk_gfp_atomic(sk, GFP_ATOMIC));
1289 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1290 struct dst_entry *dst = sk->sk_rx_dst;
1292 sock_rps_save_rxhash(sk, skb);
1293 sk_mark_napi_id(sk, skb);
1295 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
1296 dst->ops->check(dst, np->rx_dst_cookie) == NULL) {
1298 sk->sk_rx_dst = NULL;
1302 tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len);
1304 goto ipv6_pktoptions;
1308 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1311 if (sk->sk_state == TCP_LISTEN) {
1312 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1317 * Queue it on the new socket if the new socket is active,
1318 * otherwise we just shortcircuit this and continue with
1322 sock_rps_save_rxhash(nsk, skb);
1323 sk_mark_napi_id(sk, skb);
1324 if (tcp_child_process(sk, nsk, skb))
1327 __kfree_skb(opt_skb);
1331 sock_rps_save_rxhash(sk, skb);
1333 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1336 goto ipv6_pktoptions;
1340 tcp_v6_send_reset(sk, skb);
1343 __kfree_skb(opt_skb);
1347 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_CSUMERRORS);
1348 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1353 /* Do you ask, what is it?
1355 1. skb was enqueued by tcp.
1356 2. skb is added to tail of read queue, rather than out of order.
1357 3. socket is not in passive state.
1358 4. Finally, it really contains options, which user wants to receive.
1361 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1362 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1363 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1364 np->mcast_oif = tcp_v6_iif(opt_skb);
1365 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1366 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1367 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
1368 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
1370 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
1371 if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) {
1372 skb_set_owner_r(opt_skb, sk);
1373 opt_skb = xchg(&np->pktoptions, opt_skb);
1375 __kfree_skb(opt_skb);
1376 opt_skb = xchg(&np->pktoptions, NULL);
1384 static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
1385 const struct tcphdr *th)
1387 /* This is tricky: we move IP6CB at its correct location into
1388 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
1389 * _decode_session6() uses IP6CB().
1390 * barrier() makes sure compiler won't play aliasing games.
1392 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
1393 sizeof(struct inet6_skb_parm));
1396 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1397 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1398 skb->len - th->doff*4);
1399 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1400 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1401 TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1402 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1403 TCP_SKB_CB(skb)->sacked = 0;
1406 static int tcp_v6_rcv(struct sk_buff *skb)
1408 const struct tcphdr *th;
1409 const struct ipv6hdr *hdr;
1412 struct net *net = dev_net(skb->dev);
1414 if (skb->pkt_type != PACKET_HOST)
1418 * Count it even if it's bad.
1420 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1422 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1427 if (th->doff < sizeof(struct tcphdr)/4)
1429 if (!pskb_may_pull(skb, th->doff*4))
1432 if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo))
1436 hdr = ipv6_hdr(skb);
1438 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest,
1444 if (sk->sk_state == TCP_TIME_WAIT)
1447 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
1448 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
1449 goto discard_and_relse;
1452 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1453 goto discard_and_relse;
1455 tcp_v6_fill_cb(skb, hdr, th);
1457 #ifdef CONFIG_TCP_MD5SIG
1458 if (tcp_v6_inbound_md5_hash(sk, skb))
1459 goto discard_and_relse;
1462 if (sk_filter(sk, skb))
1463 goto discard_and_relse;
1465 sk_incoming_cpu_update(sk);
1468 bh_lock_sock_nested(sk);
1470 if (!sock_owned_by_user(sk)) {
1471 if (!tcp_prequeue(sk, skb))
1472 ret = tcp_v6_do_rcv(sk, skb);
1473 } else if (unlikely(sk_add_backlog(sk, skb,
1474 sk->sk_rcvbuf + sk->sk_sndbuf))) {
1476 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP);
1477 goto discard_and_relse;
1482 return ret ? -1 : 0;
1485 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1488 tcp_v6_fill_cb(skb, hdr, th);
1490 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1492 TCP_INC_STATS_BH(net, TCP_MIB_CSUMERRORS);
1494 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1496 tcp_v6_send_reset(NULL, skb);
1508 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1509 inet_twsk_put(inet_twsk(sk));
1513 tcp_v6_fill_cb(skb, hdr, th);
1515 if (skb->len < (th->doff<<2)) {
1516 inet_twsk_put(inet_twsk(sk));
1519 if (tcp_checksum_complete(skb)) {
1520 inet_twsk_put(inet_twsk(sk));
1524 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1529 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1530 &ipv6_hdr(skb)->saddr, th->source,
1531 &ipv6_hdr(skb)->daddr,
1532 ntohs(th->dest), tcp_v6_iif(skb));
1534 struct inet_timewait_sock *tw = inet_twsk(sk);
1535 inet_twsk_deschedule(tw, &tcp_death_row);
1540 /* Fall through to ACK */
1543 tcp_v6_timewait_ack(sk, skb);
1547 case TCP_TW_SUCCESS:
1553 static void tcp_v6_early_demux(struct sk_buff *skb)
1555 const struct ipv6hdr *hdr;
1556 const struct tcphdr *th;
1559 if (skb->pkt_type != PACKET_HOST)
1562 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1565 hdr = ipv6_hdr(skb);
1568 if (th->doff < sizeof(struct tcphdr) / 4)
1571 /* Note : We use inet6_iif() here, not tcp_v6_iif() */
1572 sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1573 &hdr->saddr, th->source,
1574 &hdr->daddr, ntohs(th->dest),
1578 skb->destructor = sock_edemux;
1579 if (sk_fullsock(sk)) {
1580 struct dst_entry *dst = sk->sk_rx_dst;
1583 dst = dst_check(dst, inet6_sk(sk)->rx_dst_cookie);
1585 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
1586 skb_dst_set_noref(skb, dst);
1591 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1592 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
1593 .twsk_unique = tcp_twsk_unique,
1594 .twsk_destructor = tcp_twsk_destructor,
1597 static const struct inet_connection_sock_af_ops ipv6_specific = {
1598 .queue_xmit = inet6_csk_xmit,
1599 .send_check = tcp_v6_send_check,
1600 .rebuild_header = inet6_sk_rebuild_header,
1601 .sk_rx_dst_set = inet6_sk_rx_dst_set,
1602 .conn_request = tcp_v6_conn_request,
1603 .syn_recv_sock = tcp_v6_syn_recv_sock,
1604 .net_header_len = sizeof(struct ipv6hdr),
1605 .net_frag_header_len = sizeof(struct frag_hdr),
1606 .setsockopt = ipv6_setsockopt,
1607 .getsockopt = ipv6_getsockopt,
1608 .addr2sockaddr = inet6_csk_addr2sockaddr,
1609 .sockaddr_len = sizeof(struct sockaddr_in6),
1610 .bind_conflict = inet6_csk_bind_conflict,
1611 #ifdef CONFIG_COMPAT
1612 .compat_setsockopt = compat_ipv6_setsockopt,
1613 .compat_getsockopt = compat_ipv6_getsockopt,
1615 .mtu_reduced = tcp_v6_mtu_reduced,
1618 #ifdef CONFIG_TCP_MD5SIG
1619 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1620 .md5_lookup = tcp_v6_md5_lookup,
1621 .calc_md5_hash = tcp_v6_md5_hash_skb,
1622 .md5_parse = tcp_v6_parse_md5_keys,
1627 * TCP over IPv4 via INET6 API
1629 static const struct inet_connection_sock_af_ops ipv6_mapped = {
1630 .queue_xmit = ip_queue_xmit,
1631 .send_check = tcp_v4_send_check,
1632 .rebuild_header = inet_sk_rebuild_header,
1633 .sk_rx_dst_set = inet_sk_rx_dst_set,
1634 .conn_request = tcp_v6_conn_request,
1635 .syn_recv_sock = tcp_v6_syn_recv_sock,
1636 .net_header_len = sizeof(struct iphdr),
1637 .setsockopt = ipv6_setsockopt,
1638 .getsockopt = ipv6_getsockopt,
1639 .addr2sockaddr = inet6_csk_addr2sockaddr,
1640 .sockaddr_len = sizeof(struct sockaddr_in6),
1641 .bind_conflict = inet6_csk_bind_conflict,
1642 #ifdef CONFIG_COMPAT
1643 .compat_setsockopt = compat_ipv6_setsockopt,
1644 .compat_getsockopt = compat_ipv6_getsockopt,
1646 .mtu_reduced = tcp_v4_mtu_reduced,
1649 #ifdef CONFIG_TCP_MD5SIG
1650 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1651 .md5_lookup = tcp_v4_md5_lookup,
1652 .calc_md5_hash = tcp_v4_md5_hash_skb,
1653 .md5_parse = tcp_v6_parse_md5_keys,
1657 /* NOTE: A lot of things set to zero explicitly by call to
1658 * sk_alloc() so need not be done here.
1660 static int tcp_v6_init_sock(struct sock *sk)
1662 struct inet_connection_sock *icsk = inet_csk(sk);
1666 icsk->icsk_af_ops = &ipv6_specific;
1668 #ifdef CONFIG_TCP_MD5SIG
1669 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
1675 static void tcp_v6_destroy_sock(struct sock *sk)
1677 tcp_v4_destroy_sock(sk);
1678 inet6_destroy_sock(sk);
1681 #ifdef CONFIG_PROC_FS
1682 /* Proc filesystem TCPv6 sock list dumping. */
1683 static void get_openreq6(struct seq_file *seq,
1684 struct request_sock *req, int i, kuid_t uid)
1686 int ttd = req->expires - jiffies;
1687 const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
1688 const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
1694 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1695 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
1697 src->s6_addr32[0], src->s6_addr32[1],
1698 src->s6_addr32[2], src->s6_addr32[3],
1699 inet_rsk(req)->ir_num,
1700 dest->s6_addr32[0], dest->s6_addr32[1],
1701 dest->s6_addr32[2], dest->s6_addr32[3],
1702 ntohs(inet_rsk(req)->ir_rmt_port),
1704 0, 0, /* could print option size, but that is af dependent. */
1705 1, /* timers active (only the expire timer) */
1706 jiffies_to_clock_t(ttd),
1708 from_kuid_munged(seq_user_ns(seq), uid),
1709 0, /* non standard timer */
1710 0, /* open_requests have no inode */
1714 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1716 const struct in6_addr *dest, *src;
1719 unsigned long timer_expires;
1720 const struct inet_sock *inet = inet_sk(sp);
1721 const struct tcp_sock *tp = tcp_sk(sp);
1722 const struct inet_connection_sock *icsk = inet_csk(sp);
1723 struct fastopen_queue *fastopenq = icsk->icsk_accept_queue.fastopenq;
1725 dest = &sp->sk_v6_daddr;
1726 src = &sp->sk_v6_rcv_saddr;
1727 destp = ntohs(inet->inet_dport);
1728 srcp = ntohs(inet->inet_sport);
1730 if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1732 timer_expires = icsk->icsk_timeout;
1733 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1735 timer_expires = icsk->icsk_timeout;
1736 } else if (timer_pending(&sp->sk_timer)) {
1738 timer_expires = sp->sk_timer.expires;
1741 timer_expires = jiffies;
1745 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1746 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
1748 src->s6_addr32[0], src->s6_addr32[1],
1749 src->s6_addr32[2], src->s6_addr32[3], srcp,
1750 dest->s6_addr32[0], dest->s6_addr32[1],
1751 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1753 tp->write_seq-tp->snd_una,
1754 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
1756 jiffies_delta_to_clock_t(timer_expires - jiffies),
1757 icsk->icsk_retransmits,
1758 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
1759 icsk->icsk_probes_out,
1761 atomic_read(&sp->sk_refcnt), sp,
1762 jiffies_to_clock_t(icsk->icsk_rto),
1763 jiffies_to_clock_t(icsk->icsk_ack.ato),
1764 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
1766 sp->sk_state == TCP_LISTEN ?
1767 (fastopenq ? fastopenq->max_qlen : 0) :
1768 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
1772 static void get_timewait6_sock(struct seq_file *seq,
1773 struct inet_timewait_sock *tw, int i)
1775 const struct in6_addr *dest, *src;
1777 s32 delta = tw->tw_ttd - inet_tw_time_stamp();
1779 dest = &tw->tw_v6_daddr;
1780 src = &tw->tw_v6_rcv_saddr;
1781 destp = ntohs(tw->tw_dport);
1782 srcp = ntohs(tw->tw_sport);
1785 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1786 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1788 src->s6_addr32[0], src->s6_addr32[1],
1789 src->s6_addr32[2], src->s6_addr32[3], srcp,
1790 dest->s6_addr32[0], dest->s6_addr32[1],
1791 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1792 tw->tw_substate, 0, 0,
1793 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
1794 atomic_read(&tw->tw_refcnt), tw);
1797 static int tcp6_seq_show(struct seq_file *seq, void *v)
1799 struct tcp_iter_state *st;
1800 struct sock *sk = v;
1802 if (v == SEQ_START_TOKEN) {
1807 "st tx_queue rx_queue tr tm->when retrnsmt"
1808 " uid timeout inode\n");
1813 switch (st->state) {
1814 case TCP_SEQ_STATE_LISTENING:
1815 case TCP_SEQ_STATE_ESTABLISHED:
1816 if (sk->sk_state == TCP_TIME_WAIT)
1817 get_timewait6_sock(seq, v, st->num);
1819 get_tcp6_sock(seq, v, st->num);
1821 case TCP_SEQ_STATE_OPENREQ:
1822 get_openreq6(seq, v, st->num, st->uid);
1829 static const struct file_operations tcp6_afinfo_seq_fops = {
1830 .owner = THIS_MODULE,
1831 .open = tcp_seq_open,
1833 .llseek = seq_lseek,
1834 .release = seq_release_net
1837 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1840 .seq_fops = &tcp6_afinfo_seq_fops,
1842 .show = tcp6_seq_show,
1846 int __net_init tcp6_proc_init(struct net *net)
1848 return tcp_proc_register(net, &tcp6_seq_afinfo);
1851 void tcp6_proc_exit(struct net *net)
1853 tcp_proc_unregister(net, &tcp6_seq_afinfo);
1857 static void tcp_v6_clear_sk(struct sock *sk, int size)
1859 struct inet_sock *inet = inet_sk(sk);
1861 /* we do not want to clear pinet6 field, because of RCU lookups */
1862 sk_prot_clear_nulls(sk, offsetof(struct inet_sock, pinet6));
1864 size -= offsetof(struct inet_sock, pinet6) + sizeof(inet->pinet6);
1865 memset(&inet->pinet6 + 1, 0, size);
1868 struct proto tcpv6_prot = {
1870 .owner = THIS_MODULE,
1872 .connect = tcp_v6_connect,
1873 .disconnect = tcp_disconnect,
1874 .accept = inet_csk_accept,
1876 .init = tcp_v6_init_sock,
1877 .destroy = tcp_v6_destroy_sock,
1878 .shutdown = tcp_shutdown,
1879 .setsockopt = tcp_setsockopt,
1880 .getsockopt = tcp_getsockopt,
1881 .recvmsg = tcp_recvmsg,
1882 .sendmsg = tcp_sendmsg,
1883 .sendpage = tcp_sendpage,
1884 .backlog_rcv = tcp_v6_do_rcv,
1885 .release_cb = tcp_release_cb,
1886 .hash = tcp_v6_hash,
1887 .unhash = inet_unhash,
1888 .get_port = inet_csk_get_port,
1889 .enter_memory_pressure = tcp_enter_memory_pressure,
1890 .stream_memory_free = tcp_stream_memory_free,
1891 .sockets_allocated = &tcp_sockets_allocated,
1892 .memory_allocated = &tcp_memory_allocated,
1893 .memory_pressure = &tcp_memory_pressure,
1894 .orphan_count = &tcp_orphan_count,
1895 .sysctl_mem = sysctl_tcp_mem,
1896 .sysctl_wmem = sysctl_tcp_wmem,
1897 .sysctl_rmem = sysctl_tcp_rmem,
1898 .max_header = MAX_TCP_HEADER,
1899 .obj_size = sizeof(struct tcp6_sock),
1900 .slab_flags = SLAB_DESTROY_BY_RCU,
1901 .twsk_prot = &tcp6_timewait_sock_ops,
1902 .rsk_prot = &tcp6_request_sock_ops,
1903 .h.hashinfo = &tcp_hashinfo,
1904 .no_autobind = true,
1905 #ifdef CONFIG_COMPAT
1906 .compat_setsockopt = compat_tcp_setsockopt,
1907 .compat_getsockopt = compat_tcp_getsockopt,
1909 #ifdef CONFIG_MEMCG_KMEM
1910 .proto_cgroup = tcp_proto_cgroup,
1912 .clear_sk = tcp_v6_clear_sk,
1915 static const struct inet6_protocol tcpv6_protocol = {
1916 .early_demux = tcp_v6_early_demux,
1917 .handler = tcp_v6_rcv,
1918 .err_handler = tcp_v6_err,
1919 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1922 static struct inet_protosw tcpv6_protosw = {
1923 .type = SOCK_STREAM,
1924 .protocol = IPPROTO_TCP,
1925 .prot = &tcpv6_prot,
1926 .ops = &inet6_stream_ops,
1927 .flags = INET_PROTOSW_PERMANENT |
1931 static int __net_init tcpv6_net_init(struct net *net)
1933 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
1934 SOCK_RAW, IPPROTO_TCP, net);
1937 static void __net_exit tcpv6_net_exit(struct net *net)
1939 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
1942 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
1944 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET6);
1947 static struct pernet_operations tcpv6_net_ops = {
1948 .init = tcpv6_net_init,
1949 .exit = tcpv6_net_exit,
1950 .exit_batch = tcpv6_net_exit_batch,
1953 int __init tcpv6_init(void)
1957 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
1961 /* register inet6 protocol */
1962 ret = inet6_register_protosw(&tcpv6_protosw);
1964 goto out_tcpv6_protocol;
1966 ret = register_pernet_subsys(&tcpv6_net_ops);
1968 goto out_tcpv6_protosw;
1973 inet6_unregister_protosw(&tcpv6_protosw);
1975 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
1979 void tcpv6_exit(void)
1981 unregister_pernet_subsys(&tcpv6_net_ops);
1982 inet6_unregister_protosw(&tcpv6_protosw);
1983 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);