2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * Implementation of the Transmission Control Protocol(TCP).
8 * Version: $Id: tcp_ipv4.c,v 1.240 2002/02/01 22:01:04 davem Exp $
10 * IPv4 specific functions
15 * linux/ipv4/tcp_input.c
16 * linux/ipv4/tcp_output.c
18 * See tcp.c for author information
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
28 * David S. Miller : New socket lookup architecture.
29 * This code is dedicated to John Dyson.
30 * David S. Miller : Change semantics of established hash,
31 * half is devoted to TIME_WAIT sockets
32 * and the rest go in the other half.
33 * Andi Kleen : Add support for syncookies and fixed
34 * some bugs: ip options weren't passed to
35 * the TCP layer, missed a check for an
37 * Andi Kleen : Implemented fast path mtu discovery.
38 * Fixed many serious bugs in the
39 * request_sock handling and moved
40 * most of it into the af independent code.
41 * Added tail drop and some other bugfixes.
42 * Added new listen semantics.
43 * Mike McLagan : Routing by source
44 * Juan Jose Ciarlante: ip_dynaddr bits
45 * Andi Kleen: various fixes.
46 * Vitaly E. Lavrov : Transparent proxy revived after year
48 * Andi Kleen : Fix new listen.
49 * Andi Kleen : Fix accept error reporting.
50 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
51 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
52 * a single port at the same time.
56 #include <linux/types.h>
57 #include <linux/fcntl.h>
58 #include <linux/module.h>
59 #include <linux/random.h>
60 #include <linux/cache.h>
61 #include <linux/jhash.h>
62 #include <linux/init.h>
63 #include <linux/times.h>
66 #include <net/inet_hashtables.h>
68 #include <net/transp_v6.h>
70 #include <net/inet_common.h>
71 #include <net/timewait_sock.h>
73 #include <net/netdma.h>
75 #include <linux/inet.h>
76 #include <linux/ipv6.h>
77 #include <linux/stddef.h>
78 #include <linux/proc_fs.h>
79 #include <linux/seq_file.h>
81 #include <linux/crypto.h>
82 #include <linux/scatterlist.h>
84 int sysctl_tcp_tw_reuse __read_mostly;
85 int sysctl_tcp_low_latency __read_mostly;
87 /* Check TCP sequence numbers in ICMP packets. */
88 #define ICMP_MIN_LENGTH 8
90 /* Socket used for sending RSTs */
91 static struct socket *tcp_socket __read_mostly;
93 void tcp_v4_send_check(struct sock *sk, int len, struct sk_buff *skb);
95 #ifdef CONFIG_TCP_MD5SIG
96 static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk,
98 static int tcp_v4_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
99 __be32 saddr, __be32 daddr,
100 struct tcphdr *th, int protocol,
104 struct inet_hashinfo __cacheline_aligned tcp_hashinfo = {
105 .lhash_lock = __RW_LOCK_UNLOCKED(tcp_hashinfo.lhash_lock),
106 .lhash_users = ATOMIC_INIT(0),
107 .lhash_wait = __WAIT_QUEUE_HEAD_INITIALIZER(tcp_hashinfo.lhash_wait),
110 static int tcp_v4_get_port(struct sock *sk, unsigned short snum)
112 return inet_csk_get_port(&tcp_hashinfo, sk, snum,
113 inet_csk_bind_conflict);
116 static void tcp_v4_hash(struct sock *sk)
118 inet_hash(&tcp_hashinfo, sk);
121 void tcp_unhash(struct sock *sk)
123 inet_unhash(&tcp_hashinfo, sk);
126 static inline __u32 tcp_v4_init_sequence(struct sk_buff *skb)
128 return secure_tcp_sequence_number(ip_hdr(skb)->daddr,
131 tcp_hdr(skb)->source);
134 int tcp_twsk_unique(struct sock *sk, struct sock *sktw, void *twp)
136 const struct tcp_timewait_sock *tcptw = tcp_twsk(sktw);
137 struct tcp_sock *tp = tcp_sk(sk);
139 /* With PAWS, it is safe from the viewpoint
140 of data integrity. Even without PAWS it is safe provided sequence
141 spaces do not overlap i.e. at data rates <= 80Mbit/sec.
143 Actually, the idea is close to VJ's one, only timestamp cache is
144 held not per host, but per port pair and TW bucket is used as state
147 If TW bucket has been already destroyed we fall back to VJ's scheme
148 and use initial timestamp retrieved from peer table.
150 if (tcptw->tw_ts_recent_stamp &&
151 (twp == NULL || (sysctl_tcp_tw_reuse &&
152 get_seconds() - tcptw->tw_ts_recent_stamp > 1))) {
153 tp->write_seq = tcptw->tw_snd_nxt + 65535 + 2;
154 if (tp->write_seq == 0)
156 tp->rx_opt.ts_recent = tcptw->tw_ts_recent;
157 tp->rx_opt.ts_recent_stamp = tcptw->tw_ts_recent_stamp;
165 EXPORT_SYMBOL_GPL(tcp_twsk_unique);
167 /* This will initiate an outgoing connection. */
168 int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
170 struct inet_sock *inet = inet_sk(sk);
171 struct tcp_sock *tp = tcp_sk(sk);
172 struct sockaddr_in *usin = (struct sockaddr_in *)uaddr;
174 __be32 daddr, nexthop;
178 if (addr_len < sizeof(struct sockaddr_in))
181 if (usin->sin_family != AF_INET)
182 return -EAFNOSUPPORT;
184 nexthop = daddr = usin->sin_addr.s_addr;
185 if (inet->opt && inet->opt->srr) {
188 nexthop = inet->opt->faddr;
191 tmp = ip_route_connect(&rt, nexthop, inet->saddr,
192 RT_CONN_FLAGS(sk), sk->sk_bound_dev_if,
194 inet->sport, usin->sin_port, sk, 1);
198 if (rt->rt_flags & (RTCF_MULTICAST | RTCF_BROADCAST)) {
203 if (!inet->opt || !inet->opt->srr)
207 inet->saddr = rt->rt_src;
208 inet->rcv_saddr = inet->saddr;
210 if (tp->rx_opt.ts_recent_stamp && inet->daddr != daddr) {
211 /* Reset inherited state */
212 tp->rx_opt.ts_recent = 0;
213 tp->rx_opt.ts_recent_stamp = 0;
217 if (tcp_death_row.sysctl_tw_recycle &&
218 !tp->rx_opt.ts_recent_stamp && rt->rt_dst == daddr) {
219 struct inet_peer *peer = rt_get_peer(rt);
221 * VJ's idea. We save last timestamp seen from
222 * the destination in peer table, when entering state
223 * TIME-WAIT * and initialize rx_opt.ts_recent from it,
224 * when trying new connection.
227 peer->tcp_ts_stamp + TCP_PAWS_MSL >= get_seconds()) {
228 tp->rx_opt.ts_recent_stamp = peer->tcp_ts_stamp;
229 tp->rx_opt.ts_recent = peer->tcp_ts;
233 inet->dport = usin->sin_port;
236 inet_csk(sk)->icsk_ext_hdr_len = 0;
238 inet_csk(sk)->icsk_ext_hdr_len = inet->opt->optlen;
240 tp->rx_opt.mss_clamp = 536;
242 /* Socket identity is still unknown (sport may be zero).
243 * However we set state to SYN-SENT and not releasing socket
244 * lock select source port, enter ourselves into the hash tables and
245 * complete initialization after this.
247 tcp_set_state(sk, TCP_SYN_SENT);
248 err = inet_hash_connect(&tcp_death_row, sk);
252 err = ip_route_newports(&rt, IPPROTO_TCP,
253 inet->sport, inet->dport, sk);
257 /* OK, now commit destination to socket. */
258 sk->sk_gso_type = SKB_GSO_TCPV4;
259 sk_setup_caps(sk, &rt->u.dst);
262 tp->write_seq = secure_tcp_sequence_number(inet->saddr,
267 inet->id = tp->write_seq ^ jiffies;
269 err = tcp_connect(sk);
278 * This unhashes the socket and releases the local port,
281 tcp_set_state(sk, TCP_CLOSE);
283 sk->sk_route_caps = 0;
289 * This routine does path mtu discovery as defined in RFC1191.
291 static void do_pmtu_discovery(struct sock *sk, struct iphdr *iph, u32 mtu)
293 struct dst_entry *dst;
294 struct inet_sock *inet = inet_sk(sk);
296 /* We are not interested in TCP_LISTEN and open_requests (SYN-ACKs
297 * send out by Linux are always <576bytes so they should go through
300 if (sk->sk_state == TCP_LISTEN)
303 /* We don't check in the destentry if pmtu discovery is forbidden
304 * on this route. We just assume that no packet_to_big packets
305 * are send back when pmtu discovery is not active.
306 * There is a small race when the user changes this flag in the
307 * route, but I think that's acceptable.
309 if ((dst = __sk_dst_check(sk, 0)) == NULL)
312 dst->ops->update_pmtu(dst, mtu);
314 /* Something is about to be wrong... Remember soft error
315 * for the case, if this connection will not able to recover.
317 if (mtu < dst_mtu(dst) && ip_dont_fragment(sk, dst))
318 sk->sk_err_soft = EMSGSIZE;
322 if (inet->pmtudisc != IP_PMTUDISC_DONT &&
323 inet_csk(sk)->icsk_pmtu_cookie > mtu) {
324 tcp_sync_mss(sk, mtu);
326 /* Resend the TCP packet because it's
327 * clear that the old packet has been
328 * dropped. This is the new "fast" path mtu
331 tcp_simple_retransmit(sk);
332 } /* else let the usual retransmit timer handle it */
336 * This routine is called by the ICMP module when it gets some
337 * sort of error condition. If err < 0 then the socket should
338 * be closed and the error returned to the user. If err > 0
339 * it's just the icmp type << 8 | icmp code. After adjustment
340 * header points to the first 8 bytes of the tcp header. We need
341 * to find the appropriate port.
343 * The locking strategy used here is very "optimistic". When
344 * someone else accesses the socket the ICMP is just dropped
345 * and for some paths there is no check at all.
346 * A more general error queue to queue errors for later handling
347 * is probably better.
351 void tcp_v4_err(struct sk_buff *skb, u32 info)
353 struct iphdr *iph = (struct iphdr *)skb->data;
354 struct tcphdr *th = (struct tcphdr *)(skb->data + (iph->ihl << 2));
356 struct inet_sock *inet;
357 const int type = icmp_hdr(skb)->type;
358 const int code = icmp_hdr(skb)->code;
363 if (skb->len < (iph->ihl << 2) + 8) {
364 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS);
368 sk = inet_lookup(&tcp_hashinfo, iph->daddr, th->dest, iph->saddr,
369 th->source, inet_iif(skb));
371 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS);
374 if (sk->sk_state == TCP_TIME_WAIT) {
375 inet_twsk_put(inet_twsk(sk));
380 /* If too many ICMPs get dropped on busy
381 * servers this needs to be solved differently.
383 if (sock_owned_by_user(sk))
384 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
386 if (sk->sk_state == TCP_CLOSE)
390 seq = ntohl(th->seq);
391 if (sk->sk_state != TCP_LISTEN &&
392 !between(seq, tp->snd_una, tp->snd_nxt)) {
393 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
398 case ICMP_SOURCE_QUENCH:
399 /* Just silently ignore these. */
401 case ICMP_PARAMETERPROB:
404 case ICMP_DEST_UNREACH:
405 if (code > NR_ICMP_UNREACH)
408 if (code == ICMP_FRAG_NEEDED) { /* PMTU discovery (RFC1191) */
409 if (!sock_owned_by_user(sk))
410 do_pmtu_discovery(sk, iph, info);
414 err = icmp_err_convert[code].errno;
416 case ICMP_TIME_EXCEEDED:
423 switch (sk->sk_state) {
424 struct request_sock *req, **prev;
426 if (sock_owned_by_user(sk))
429 req = inet_csk_search_req(sk, &prev, th->dest,
430 iph->daddr, iph->saddr);
434 /* ICMPs are not backlogged, hence we cannot get
435 an established socket here.
439 if (seq != tcp_rsk(req)->snt_isn) {
440 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
445 * Still in SYN_RECV, just remove it silently.
446 * There is no good way to pass the error to the newly
447 * created socket, and POSIX does not want network
448 * errors returned from accept().
450 inet_csk_reqsk_queue_drop(sk, req, prev);
454 case TCP_SYN_RECV: /* Cannot happen.
455 It can f.e. if SYNs crossed.
457 if (!sock_owned_by_user(sk)) {
460 sk->sk_error_report(sk);
464 sk->sk_err_soft = err;
469 /* If we've already connected we will keep trying
470 * until we time out, or the user gives up.
472 * rfc1122 4.2.3.9 allows to consider as hard errors
473 * only PROTO_UNREACH and PORT_UNREACH (well, FRAG_FAILED too,
474 * but it is obsoleted by pmtu discovery).
476 * Note, that in modern internet, where routing is unreliable
477 * and in each dark corner broken firewalls sit, sending random
478 * errors ordered by their masters even this two messages finally lose
479 * their original sense (even Linux sends invalid PORT_UNREACHs)
481 * Now we are in compliance with RFCs.
486 if (!sock_owned_by_user(sk) && inet->recverr) {
488 sk->sk_error_report(sk);
489 } else { /* Only an error on timeout */
490 sk->sk_err_soft = err;
498 /* This routine computes an IPv4 TCP checksum. */
499 void tcp_v4_send_check(struct sock *sk, int len, struct sk_buff *skb)
501 struct inet_sock *inet = inet_sk(sk);
502 struct tcphdr *th = tcp_hdr(skb);
504 if (skb->ip_summed == CHECKSUM_PARTIAL) {
505 th->check = ~tcp_v4_check(len, inet->saddr,
507 skb->csum_start = skb_transport_header(skb) - skb->head;
508 skb->csum_offset = offsetof(struct tcphdr, check);
510 th->check = tcp_v4_check(len, inet->saddr, inet->daddr,
511 csum_partial((char *)th,
517 int tcp_v4_gso_send_check(struct sk_buff *skb)
519 const struct iphdr *iph;
522 if (!pskb_may_pull(skb, sizeof(*th)))
529 th->check = ~tcp_v4_check(skb->len, iph->saddr, iph->daddr, 0);
530 skb->csum_start = skb_transport_header(skb) - skb->head;
531 skb->csum_offset = offsetof(struct tcphdr, check);
532 skb->ip_summed = CHECKSUM_PARTIAL;
537 * This routine will send an RST to the other tcp.
539 * Someone asks: why I NEVER use socket parameters (TOS, TTL etc.)
541 * Answer: if a packet caused RST, it is not for a socket
542 * existing in our system, if it is matched to a socket,
543 * it is just duplicate segment or bug in other side's TCP.
544 * So that we build reply only basing on parameters
545 * arrived with segment.
546 * Exception: precedence violation. We do not implement it in any case.
549 static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
551 struct tcphdr *th = tcp_hdr(skb);
554 #ifdef CONFIG_TCP_MD5SIG
555 __be32 opt[(TCPOLEN_MD5SIG_ALIGNED >> 2)];
558 struct ip_reply_arg arg;
559 #ifdef CONFIG_TCP_MD5SIG
560 struct tcp_md5sig_key *key;
563 /* Never send a reset in response to a reset. */
567 if (((struct rtable *)skb->dst)->rt_type != RTN_LOCAL)
570 /* Swap the send and the receive. */
571 memset(&rep, 0, sizeof(rep));
572 rep.th.dest = th->source;
573 rep.th.source = th->dest;
574 rep.th.doff = sizeof(struct tcphdr) / 4;
578 rep.th.seq = th->ack_seq;
581 rep.th.ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin +
582 skb->len - (th->doff << 2));
585 memset(&arg, 0, sizeof(arg));
586 arg.iov[0].iov_base = (unsigned char *)&rep;
587 arg.iov[0].iov_len = sizeof(rep.th);
589 #ifdef CONFIG_TCP_MD5SIG
590 key = sk ? tcp_v4_md5_do_lookup(sk, ip_hdr(skb)->daddr) : NULL;
592 rep.opt[0] = htonl((TCPOPT_NOP << 24) |
594 (TCPOPT_MD5SIG << 8) |
596 /* Update length and the length the header thinks exists */
597 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
598 rep.th.doff = arg.iov[0].iov_len / 4;
600 tcp_v4_do_calc_md5_hash((__u8 *)&rep.opt[1],
604 &rep.th, IPPROTO_TCP,
608 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
609 ip_hdr(skb)->saddr, /* XXX */
610 sizeof(struct tcphdr), IPPROTO_TCP, 0);
611 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
613 ip_send_reply(tcp_socket->sk, skb, &arg, arg.iov[0].iov_len);
615 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
616 TCP_INC_STATS_BH(TCP_MIB_OUTRSTS);
619 /* The code following below sending ACKs in SYN-RECV and TIME-WAIT states
620 outside socket context is ugly, certainly. What can I do?
623 static void tcp_v4_send_ack(struct tcp_timewait_sock *twsk,
624 struct sk_buff *skb, u32 seq, u32 ack,
627 struct tcphdr *th = tcp_hdr(skb);
630 __be32 opt[(TCPOLEN_TSTAMP_ALIGNED >> 2)
631 #ifdef CONFIG_TCP_MD5SIG
632 + (TCPOLEN_MD5SIG_ALIGNED >> 2)
636 struct ip_reply_arg arg;
637 #ifdef CONFIG_TCP_MD5SIG
638 struct tcp_md5sig_key *key;
639 struct tcp_md5sig_key tw_key;
642 memset(&rep.th, 0, sizeof(struct tcphdr));
643 memset(&arg, 0, sizeof(arg));
645 arg.iov[0].iov_base = (unsigned char *)&rep;
646 arg.iov[0].iov_len = sizeof(rep.th);
648 rep.opt[0] = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
649 (TCPOPT_TIMESTAMP << 8) |
651 rep.opt[1] = htonl(tcp_time_stamp);
652 rep.opt[2] = htonl(ts);
653 arg.iov[0].iov_len += TCPOLEN_TSTAMP_ALIGNED;
656 /* Swap the send and the receive. */
657 rep.th.dest = th->source;
658 rep.th.source = th->dest;
659 rep.th.doff = arg.iov[0].iov_len / 4;
660 rep.th.seq = htonl(seq);
661 rep.th.ack_seq = htonl(ack);
663 rep.th.window = htons(win);
665 #ifdef CONFIG_TCP_MD5SIG
667 * The SKB holds an imcoming packet, but may not have a valid ->sk
668 * pointer. This is especially the case when we're dealing with a
669 * TIME_WAIT ack, because the sk structure is long gone, and only
670 * the tcp_timewait_sock remains. So the md5 key is stashed in that
671 * structure, and we use it in preference. I believe that (twsk ||
672 * skb->sk) holds true, but we program defensively.
674 if (!twsk && skb->sk) {
675 key = tcp_v4_md5_do_lookup(skb->sk, ip_hdr(skb)->daddr);
676 } else if (twsk && twsk->tw_md5_keylen) {
677 tw_key.key = twsk->tw_md5_key;
678 tw_key.keylen = twsk->tw_md5_keylen;
684 int offset = (ts) ? 3 : 0;
686 rep.opt[offset++] = htonl((TCPOPT_NOP << 24) |
688 (TCPOPT_MD5SIG << 8) |
690 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
691 rep.th.doff = arg.iov[0].iov_len/4;
693 tcp_v4_do_calc_md5_hash((__u8 *)&rep.opt[offset],
697 &rep.th, IPPROTO_TCP,
701 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
702 ip_hdr(skb)->saddr, /* XXX */
703 arg.iov[0].iov_len, IPPROTO_TCP, 0);
704 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
706 ip_send_reply(tcp_socket->sk, skb, &arg, arg.iov[0].iov_len);
708 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
711 static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb)
713 struct inet_timewait_sock *tw = inet_twsk(sk);
714 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
716 tcp_v4_send_ack(tcptw, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
717 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
718 tcptw->tw_ts_recent);
723 static void tcp_v4_reqsk_send_ack(struct sk_buff *skb,
724 struct request_sock *req)
726 tcp_v4_send_ack(NULL, skb, tcp_rsk(req)->snt_isn + 1,
727 tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd,
732 * Send a SYN-ACK after having received an ACK.
733 * This still operates on a request_sock only, not on a big
736 static int tcp_v4_send_synack(struct sock *sk, struct request_sock *req,
737 struct dst_entry *dst)
739 const struct inet_request_sock *ireq = inet_rsk(req);
741 struct sk_buff * skb;
743 /* First, grab a route. */
744 if (!dst && (dst = inet_csk_route_req(sk, req)) == NULL)
747 skb = tcp_make_synack(sk, dst, req);
750 struct tcphdr *th = tcp_hdr(skb);
752 th->check = tcp_v4_check(skb->len,
755 csum_partial((char *)th, skb->len,
758 err = ip_build_and_send_pkt(skb, sk, ireq->loc_addr,
761 err = net_xmit_eval(err);
770 * IPv4 request_sock destructor.
772 static void tcp_v4_reqsk_destructor(struct request_sock *req)
774 kfree(inet_rsk(req)->opt);
777 #ifdef CONFIG_SYN_COOKIES
778 static void syn_flood_warning(struct sk_buff *skb)
780 static unsigned long warntime;
782 if (time_after(jiffies, (warntime + HZ * 60))) {
785 "possible SYN flooding on port %d. Sending cookies.\n",
786 ntohs(tcp_hdr(skb)->dest));
792 * Save and compile IPv4 options into the request_sock if needed.
794 static struct ip_options *tcp_v4_save_options(struct sock *sk,
797 struct ip_options *opt = &(IPCB(skb)->opt);
798 struct ip_options *dopt = NULL;
800 if (opt && opt->optlen) {
801 int opt_size = optlength(opt);
802 dopt = kmalloc(opt_size, GFP_ATOMIC);
804 if (ip_options_echo(dopt, skb)) {
813 #ifdef CONFIG_TCP_MD5SIG
815 * RFC2385 MD5 checksumming requires a mapping of
816 * IP address->MD5 Key.
817 * We need to maintain these in the sk structure.
820 /* Find the Key structure for an address. */
821 static struct tcp_md5sig_key *
822 tcp_v4_md5_do_lookup(struct sock *sk, __be32 addr)
824 struct tcp_sock *tp = tcp_sk(sk);
827 if (!tp->md5sig_info || !tp->md5sig_info->entries4)
829 for (i = 0; i < tp->md5sig_info->entries4; i++) {
830 if (tp->md5sig_info->keys4[i].addr == addr)
831 return (struct tcp_md5sig_key *)
832 &tp->md5sig_info->keys4[i];
837 struct tcp_md5sig_key *tcp_v4_md5_lookup(struct sock *sk,
838 struct sock *addr_sk)
840 return tcp_v4_md5_do_lookup(sk, inet_sk(addr_sk)->daddr);
843 EXPORT_SYMBOL(tcp_v4_md5_lookup);
845 static struct tcp_md5sig_key *tcp_v4_reqsk_md5_lookup(struct sock *sk,
846 struct request_sock *req)
848 return tcp_v4_md5_do_lookup(sk, inet_rsk(req)->rmt_addr);
851 /* This can be called on a newly created socket, from other files */
852 int tcp_v4_md5_do_add(struct sock *sk, __be32 addr,
853 u8 *newkey, u8 newkeylen)
855 /* Add Key to the list */
856 struct tcp4_md5sig_key *key;
857 struct tcp_sock *tp = tcp_sk(sk);
858 struct tcp4_md5sig_key *keys;
860 key = (struct tcp4_md5sig_key *)tcp_v4_md5_do_lookup(sk, addr);
862 /* Pre-existing entry - just update that one. */
865 key->keylen = newkeylen;
867 struct tcp_md5sig_info *md5sig;
869 if (!tp->md5sig_info) {
870 tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info),
872 if (!tp->md5sig_info) {
877 if (tcp_alloc_md5sig_pool() == NULL) {
881 md5sig = tp->md5sig_info;
883 if (md5sig->alloced4 == md5sig->entries4) {
884 keys = kmalloc((sizeof(*keys) *
885 (md5sig->entries4 + 1)), GFP_ATOMIC);
888 tcp_free_md5sig_pool();
892 if (md5sig->entries4)
893 memcpy(keys, md5sig->keys4,
894 sizeof(*keys) * md5sig->entries4);
896 /* Free old key list, and reference new one */
898 kfree(md5sig->keys4);
899 md5sig->keys4 = keys;
903 md5sig->keys4[md5sig->entries4 - 1].addr = addr;
904 md5sig->keys4[md5sig->entries4 - 1].key = newkey;
905 md5sig->keys4[md5sig->entries4 - 1].keylen = newkeylen;
910 EXPORT_SYMBOL(tcp_v4_md5_do_add);
912 static int tcp_v4_md5_add_func(struct sock *sk, struct sock *addr_sk,
913 u8 *newkey, u8 newkeylen)
915 return tcp_v4_md5_do_add(sk, inet_sk(addr_sk)->daddr,
919 int tcp_v4_md5_do_del(struct sock *sk, __be32 addr)
921 struct tcp_sock *tp = tcp_sk(sk);
924 for (i = 0; i < tp->md5sig_info->entries4; i++) {
925 if (tp->md5sig_info->keys4[i].addr == addr) {
927 kfree(tp->md5sig_info->keys4[i].key);
928 tp->md5sig_info->entries4--;
930 if (tp->md5sig_info->entries4 == 0) {
931 kfree(tp->md5sig_info->keys4);
932 tp->md5sig_info->keys4 = NULL;
933 tp->md5sig_info->alloced4 = 0;
934 } else if (tp->md5sig_info->entries4 != i) {
935 /* Need to do some manipulation */
936 memcpy(&tp->md5sig_info->keys4[i],
937 &tp->md5sig_info->keys4[i+1],
938 (tp->md5sig_info->entries4 - i) *
939 sizeof(struct tcp4_md5sig_key));
941 tcp_free_md5sig_pool();
948 EXPORT_SYMBOL(tcp_v4_md5_do_del);
950 static void tcp_v4_clear_md5_list(struct sock *sk)
952 struct tcp_sock *tp = tcp_sk(sk);
954 /* Free each key, then the set of key keys,
955 * the crypto element, and then decrement our
956 * hold on the last resort crypto.
958 if (tp->md5sig_info->entries4) {
960 for (i = 0; i < tp->md5sig_info->entries4; i++)
961 kfree(tp->md5sig_info->keys4[i].key);
962 tp->md5sig_info->entries4 = 0;
963 tcp_free_md5sig_pool();
965 if (tp->md5sig_info->keys4) {
966 kfree(tp->md5sig_info->keys4);
967 tp->md5sig_info->keys4 = NULL;
968 tp->md5sig_info->alloced4 = 0;
972 static int tcp_v4_parse_md5_keys(struct sock *sk, char __user *optval,
975 struct tcp_md5sig cmd;
976 struct sockaddr_in *sin = (struct sockaddr_in *)&cmd.tcpm_addr;
979 if (optlen < sizeof(cmd))
982 if (copy_from_user(&cmd, optval, sizeof(cmd)))
985 if (sin->sin_family != AF_INET)
988 if (!cmd.tcpm_key || !cmd.tcpm_keylen) {
989 if (!tcp_sk(sk)->md5sig_info)
991 return tcp_v4_md5_do_del(sk, sin->sin_addr.s_addr);
994 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
997 if (!tcp_sk(sk)->md5sig_info) {
998 struct tcp_sock *tp = tcp_sk(sk);
999 struct tcp_md5sig_info *p = kzalloc(sizeof(*p), GFP_KERNEL);
1004 tp->md5sig_info = p;
1008 newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
1011 return tcp_v4_md5_do_add(sk, sin->sin_addr.s_addr,
1012 newkey, cmd.tcpm_keylen);
1015 static int tcp_v4_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
1016 __be32 saddr, __be32 daddr,
1017 struct tcphdr *th, int protocol,
1020 struct scatterlist sg[4];
1023 __sum16 old_checksum;
1024 struct tcp_md5sig_pool *hp;
1025 struct tcp4_pseudohdr *bp;
1026 struct hash_desc *desc;
1028 unsigned int nbytes = 0;
1031 * Okay, so RFC2385 is turned on for this connection,
1032 * so we need to generate the MD5 hash for the packet now.
1035 hp = tcp_get_md5sig_pool();
1037 goto clear_hash_noput;
1039 bp = &hp->md5_blk.ip4;
1040 desc = &hp->md5_desc;
1043 * 1. the TCP pseudo-header (in the order: source IP address,
1044 * destination IP address, zero-padded protocol number, and
1050 bp->protocol = protocol;
1051 bp->len = htons(tcplen);
1052 sg_set_buf(&sg[block++], bp, sizeof(*bp));
1053 nbytes += sizeof(*bp);
1055 /* 2. the TCP header, excluding options, and assuming a
1058 old_checksum = th->check;
1060 sg_set_buf(&sg[block++], th, sizeof(struct tcphdr));
1061 nbytes += sizeof(struct tcphdr);
1063 /* 3. the TCP segment data (if any) */
1064 data_len = tcplen - (th->doff << 2);
1066 unsigned char *data = (unsigned char *)th + (th->doff << 2);
1067 sg_set_buf(&sg[block++], data, data_len);
1071 /* 4. an independently-specified key or password, known to both
1072 * TCPs and presumably connection-specific
1074 sg_set_buf(&sg[block++], key->key, key->keylen);
1075 nbytes += key->keylen;
1077 /* Now store the Hash into the packet */
1078 err = crypto_hash_init(desc);
1081 err = crypto_hash_update(desc, sg, nbytes);
1084 err = crypto_hash_final(desc, md5_hash);
1088 /* Reset header, and free up the crypto */
1089 tcp_put_md5sig_pool();
1090 th->check = old_checksum;
1095 tcp_put_md5sig_pool();
1097 memset(md5_hash, 0, 16);
1101 int tcp_v4_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
1103 struct dst_entry *dst,
1104 struct request_sock *req,
1105 struct tcphdr *th, int protocol,
1108 __be32 saddr, daddr;
1111 saddr = inet_sk(sk)->saddr;
1112 daddr = inet_sk(sk)->daddr;
1114 struct rtable *rt = (struct rtable *)dst;
1119 return tcp_v4_do_calc_md5_hash(md5_hash, key,
1121 th, protocol, tcplen);
1124 EXPORT_SYMBOL(tcp_v4_calc_md5_hash);
1126 static int tcp_v4_inbound_md5_hash(struct sock *sk, struct sk_buff *skb)
1129 * This gets called for each TCP segment that arrives
1130 * so we want to be efficient.
1131 * We have 3 drop cases:
1132 * o No MD5 hash and one expected.
1133 * o MD5 hash and we're not expecting one.
1134 * o MD5 hash and its wrong.
1136 __u8 *hash_location = NULL;
1137 struct tcp_md5sig_key *hash_expected;
1138 const struct iphdr *iph = ip_hdr(skb);
1139 struct tcphdr *th = tcp_hdr(skb);
1140 int length = (th->doff << 2) - sizeof(struct tcphdr);
1143 unsigned char newhash[16];
1145 hash_expected = tcp_v4_md5_do_lookup(sk, iph->saddr);
1148 * If the TCP option length is less than the TCP_MD5SIG
1149 * option length, then we can shortcut
1151 if (length < TCPOLEN_MD5SIG) {
1158 /* Okay, we can't shortcut - we have to grub through the options */
1159 ptr = (unsigned char *)(th + 1);
1160 while (length > 0) {
1161 int opcode = *ptr++;
1174 if (opsize > length)
1177 if (opcode == TCPOPT_MD5SIG) {
1178 hash_location = ptr;
1186 /* We've parsed the options - do we have a hash? */
1187 if (!hash_expected && !hash_location)
1190 if (hash_expected && !hash_location) {
1191 LIMIT_NETDEBUG(KERN_INFO "MD5 Hash expected but NOT found "
1192 "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n",
1193 NIPQUAD(iph->saddr), ntohs(th->source),
1194 NIPQUAD(iph->daddr), ntohs(th->dest));
1198 if (!hash_expected && hash_location) {
1199 LIMIT_NETDEBUG(KERN_INFO "MD5 Hash NOT expected but found "
1200 "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n",
1201 NIPQUAD(iph->saddr), ntohs(th->source),
1202 NIPQUAD(iph->daddr), ntohs(th->dest));
1206 /* Okay, so this is hash_expected and hash_location -
1207 * so we need to calculate the checksum.
1209 genhash = tcp_v4_do_calc_md5_hash(newhash,
1211 iph->saddr, iph->daddr,
1212 th, sk->sk_protocol,
1215 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
1216 if (net_ratelimit()) {
1217 printk(KERN_INFO "MD5 Hash failed for "
1218 "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)%s\n",
1219 NIPQUAD(iph->saddr), ntohs(th->source),
1220 NIPQUAD(iph->daddr), ntohs(th->dest),
1221 genhash ? " tcp_v4_calc_md5_hash failed" : "");
1230 struct request_sock_ops tcp_request_sock_ops __read_mostly = {
1232 .obj_size = sizeof(struct tcp_request_sock),
1233 .rtx_syn_ack = tcp_v4_send_synack,
1234 .send_ack = tcp_v4_reqsk_send_ack,
1235 .destructor = tcp_v4_reqsk_destructor,
1236 .send_reset = tcp_v4_send_reset,
1239 #ifdef CONFIG_TCP_MD5SIG
1240 static struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = {
1241 .md5_lookup = tcp_v4_reqsk_md5_lookup,
1245 static struct timewait_sock_ops tcp_timewait_sock_ops = {
1246 .twsk_obj_size = sizeof(struct tcp_timewait_sock),
1247 .twsk_unique = tcp_twsk_unique,
1248 .twsk_destructor= tcp_twsk_destructor,
1251 int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1253 struct inet_request_sock *ireq;
1254 struct tcp_options_received tmp_opt;
1255 struct request_sock *req;
1256 __be32 saddr = ip_hdr(skb)->saddr;
1257 __be32 daddr = ip_hdr(skb)->daddr;
1258 __u32 isn = TCP_SKB_CB(skb)->when;
1259 struct dst_entry *dst = NULL;
1260 #ifdef CONFIG_SYN_COOKIES
1261 int want_cookie = 0;
1263 #define want_cookie 0 /* Argh, why doesn't gcc optimize this :( */
1266 /* Never answer to SYNs send to broadcast or multicast */
1267 if (((struct rtable *)skb->dst)->rt_flags &
1268 (RTCF_BROADCAST | RTCF_MULTICAST))
1271 /* TW buckets are converted to open requests without
1272 * limitations, they conserve resources and peer is
1273 * evidently real one.
1275 if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1276 #ifdef CONFIG_SYN_COOKIES
1277 if (sysctl_tcp_syncookies) {
1284 /* Accept backlog is full. If we have already queued enough
1285 * of warm entries in syn queue, drop request. It is better than
1286 * clogging syn queue with openreqs with exponentially increasing
1289 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1292 req = reqsk_alloc(&tcp_request_sock_ops);
1296 #ifdef CONFIG_TCP_MD5SIG
1297 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv4_ops;
1300 tcp_clear_options(&tmp_opt);
1301 tmp_opt.mss_clamp = 536;
1302 tmp_opt.user_mss = tcp_sk(sk)->rx_opt.user_mss;
1304 tcp_parse_options(skb, &tmp_opt, 0);
1307 tcp_clear_options(&tmp_opt);
1308 tmp_opt.saw_tstamp = 0;
1311 if (tmp_opt.saw_tstamp && !tmp_opt.rcv_tsval) {
1312 /* Some OSes (unknown ones, but I see them on web server, which
1313 * contains information interesting only for windows'
1314 * users) do not send their stamp in SYN. It is easy case.
1315 * We simply do not advertise TS support.
1317 tmp_opt.saw_tstamp = 0;
1318 tmp_opt.tstamp_ok = 0;
1320 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1322 tcp_openreq_init(req, &tmp_opt, skb);
1324 if (security_inet_conn_request(sk, skb, req))
1327 ireq = inet_rsk(req);
1328 ireq->loc_addr = daddr;
1329 ireq->rmt_addr = saddr;
1330 ireq->opt = tcp_v4_save_options(sk, skb);
1332 TCP_ECN_create_request(req, tcp_hdr(skb));
1335 #ifdef CONFIG_SYN_COOKIES
1336 syn_flood_warning(skb);
1338 isn = cookie_v4_init_sequence(sk, skb, &req->mss);
1340 struct inet_peer *peer = NULL;
1342 /* VJ's idea. We save last timestamp seen
1343 * from the destination in peer table, when entering
1344 * state TIME-WAIT, and check against it before
1345 * accepting new connection request.
1347 * If "isn" is not zero, this request hit alive
1348 * timewait bucket, so that all the necessary checks
1349 * are made in the function processing timewait state.
1351 if (tmp_opt.saw_tstamp &&
1352 tcp_death_row.sysctl_tw_recycle &&
1353 (dst = inet_csk_route_req(sk, req)) != NULL &&
1354 (peer = rt_get_peer((struct rtable *)dst)) != NULL &&
1355 peer->v4daddr == saddr) {
1356 if (get_seconds() < peer->tcp_ts_stamp + TCP_PAWS_MSL &&
1357 (s32)(peer->tcp_ts - req->ts_recent) >
1359 NET_INC_STATS_BH(LINUX_MIB_PAWSPASSIVEREJECTED);
1364 /* Kill the following clause, if you dislike this way. */
1365 else if (!sysctl_tcp_syncookies &&
1366 (sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) <
1367 (sysctl_max_syn_backlog >> 2)) &&
1368 (!peer || !peer->tcp_ts_stamp) &&
1369 (!dst || !dst_metric(dst, RTAX_RTT))) {
1370 /* Without syncookies last quarter of
1371 * backlog is filled with destinations,
1372 * proven to be alive.
1373 * It means that we continue to communicate
1374 * to destinations, already remembered
1375 * to the moment of synflood.
1377 LIMIT_NETDEBUG(KERN_DEBUG "TCP: drop open "
1378 "request from %u.%u.%u.%u/%u\n",
1380 ntohs(tcp_hdr(skb)->source));
1385 isn = tcp_v4_init_sequence(skb);
1387 tcp_rsk(req)->snt_isn = isn;
1389 if (tcp_v4_send_synack(sk, req, dst))
1395 inet_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1407 * The three way handshake has completed - we got a valid synack -
1408 * now create the new socket.
1410 struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1411 struct request_sock *req,
1412 struct dst_entry *dst)
1414 struct inet_request_sock *ireq;
1415 struct inet_sock *newinet;
1416 struct tcp_sock *newtp;
1418 #ifdef CONFIG_TCP_MD5SIG
1419 struct tcp_md5sig_key *key;
1422 if (sk_acceptq_is_full(sk))
1425 if (!dst && (dst = inet_csk_route_req(sk, req)) == NULL)
1428 newsk = tcp_create_openreq_child(sk, req, skb);
1432 newsk->sk_gso_type = SKB_GSO_TCPV4;
1433 sk_setup_caps(newsk, dst);
1435 newtp = tcp_sk(newsk);
1436 newinet = inet_sk(newsk);
1437 ireq = inet_rsk(req);
1438 newinet->daddr = ireq->rmt_addr;
1439 newinet->rcv_saddr = ireq->loc_addr;
1440 newinet->saddr = ireq->loc_addr;
1441 newinet->opt = ireq->opt;
1443 newinet->mc_index = inet_iif(skb);
1444 newinet->mc_ttl = ip_hdr(skb)->ttl;
1445 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1447 inet_csk(newsk)->icsk_ext_hdr_len = newinet->opt->optlen;
1448 newinet->id = newtp->write_seq ^ jiffies;
1450 tcp_mtup_init(newsk);
1451 tcp_sync_mss(newsk, dst_mtu(dst));
1452 newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1453 tcp_initialize_rcv_mss(newsk);
1455 #ifdef CONFIG_TCP_MD5SIG
1456 /* Copy over the MD5 key from the original socket */
1457 if ((key = tcp_v4_md5_do_lookup(sk, newinet->daddr)) != NULL) {
1459 * We're using one, so create a matching key
1460 * on the newsk structure. If we fail to get
1461 * memory, then we end up not copying the key
1464 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1466 tcp_v4_md5_do_add(newsk, inet_sk(sk)->daddr,
1467 newkey, key->keylen);
1471 __inet_hash(&tcp_hashinfo, newsk, 0);
1472 __inet_inherit_port(&tcp_hashinfo, sk, newsk);
1477 NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
1479 NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
1484 static struct sock *tcp_v4_hnd_req(struct sock *sk, struct sk_buff *skb)
1486 struct tcphdr *th = tcp_hdr(skb);
1487 const struct iphdr *iph = ip_hdr(skb);
1489 struct request_sock **prev;
1490 /* Find possible connection requests. */
1491 struct request_sock *req = inet_csk_search_req(sk, &prev, th->source,
1492 iph->saddr, iph->daddr);
1494 return tcp_check_req(sk, skb, req, prev);
1496 nsk = inet_lookup_established(&tcp_hashinfo, iph->saddr, th->source,
1497 iph->daddr, th->dest, inet_iif(skb));
1500 if (nsk->sk_state != TCP_TIME_WAIT) {
1504 inet_twsk_put(inet_twsk(nsk));
1508 #ifdef CONFIG_SYN_COOKIES
1509 if (!th->rst && !th->syn && th->ack)
1510 sk = cookie_v4_check(sk, skb, &(IPCB(skb)->opt));
1515 static __sum16 tcp_v4_checksum_init(struct sk_buff *skb)
1517 const struct iphdr *iph = ip_hdr(skb);
1519 if (skb->ip_summed == CHECKSUM_COMPLETE) {
1520 if (!tcp_v4_check(skb->len, iph->saddr,
1521 iph->daddr, skb->csum)) {
1522 skb->ip_summed = CHECKSUM_UNNECESSARY;
1527 skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr,
1528 skb->len, IPPROTO_TCP, 0);
1530 if (skb->len <= 76) {
1531 return __skb_checksum_complete(skb);
1537 /* The socket must have it's spinlock held when we get
1540 * We have a potential double-lock case here, so even when
1541 * doing backlog processing we use the BH locking scheme.
1542 * This is because we cannot sleep with the original spinlock
1545 int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
1548 #ifdef CONFIG_TCP_MD5SIG
1550 * We really want to reject the packet as early as possible
1552 * o We're expecting an MD5'd packet and this is no MD5 tcp option
1553 * o There is an MD5 option and we're not expecting one
1555 if (tcp_v4_inbound_md5_hash(sk, skb))
1559 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1560 TCP_CHECK_TIMER(sk);
1561 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) {
1565 TCP_CHECK_TIMER(sk);
1569 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1572 if (sk->sk_state == TCP_LISTEN) {
1573 struct sock *nsk = tcp_v4_hnd_req(sk, skb);
1578 if (tcp_child_process(sk, nsk, skb)) {
1586 TCP_CHECK_TIMER(sk);
1587 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) {
1591 TCP_CHECK_TIMER(sk);
1595 tcp_v4_send_reset(rsk, skb);
1598 /* Be careful here. If this function gets more complicated and
1599 * gcc suffers from register pressure on the x86, sk (in %ebx)
1600 * might be destroyed here. This current version compiles correctly,
1601 * but you have been warned.
1606 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1614 int tcp_v4_rcv(struct sk_buff *skb)
1616 const struct iphdr *iph;
1621 if (skb->pkt_type != PACKET_HOST)
1624 /* Count it even if it's bad */
1625 TCP_INC_STATS_BH(TCP_MIB_INSEGS);
1627 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1632 if (th->doff < sizeof(struct tcphdr) / 4)
1634 if (!pskb_may_pull(skb, th->doff * 4))
1637 /* An explanation is required here, I think.
1638 * Packet length and doff are validated by header prediction,
1639 * provided case of th->doff==0 is eliminated.
1640 * So, we defer the checks. */
1641 if (!skb_csum_unnecessary(skb) && tcp_v4_checksum_init(skb))
1646 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1647 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1648 skb->len - th->doff * 4);
1649 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1650 TCP_SKB_CB(skb)->when = 0;
1651 TCP_SKB_CB(skb)->flags = iph->tos;
1652 TCP_SKB_CB(skb)->sacked = 0;
1654 sk = __inet_lookup(&tcp_hashinfo, iph->saddr, th->source,
1655 iph->daddr, th->dest, inet_iif(skb));
1660 if (sk->sk_state == TCP_TIME_WAIT)
1663 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
1664 goto discard_and_relse;
1667 if (sk_filter(sk, skb))
1668 goto discard_and_relse;
1672 bh_lock_sock_nested(sk);
1674 if (!sock_owned_by_user(sk)) {
1675 #ifdef CONFIG_NET_DMA
1676 struct tcp_sock *tp = tcp_sk(sk);
1677 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1678 tp->ucopy.dma_chan = get_softnet_dma();
1679 if (tp->ucopy.dma_chan)
1680 ret = tcp_v4_do_rcv(sk, skb);
1684 if (!tcp_prequeue(sk, skb))
1685 ret = tcp_v4_do_rcv(sk, skb);
1688 sk_add_backlog(sk, skb);
1696 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
1699 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) {
1701 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1703 tcp_v4_send_reset(NULL, skb);
1707 /* Discard frame. */
1716 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1717 inet_twsk_put(inet_twsk(sk));
1721 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) {
1722 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1723 inet_twsk_put(inet_twsk(sk));
1726 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1728 struct sock *sk2 = inet_lookup_listener(&tcp_hashinfo,
1729 iph->daddr, th->dest,
1732 inet_twsk_deschedule(inet_twsk(sk), &tcp_death_row);
1733 inet_twsk_put(inet_twsk(sk));
1737 /* Fall through to ACK */
1740 tcp_v4_timewait_ack(sk, skb);
1744 case TCP_TW_SUCCESS:;
1749 /* VJ's idea. Save last timestamp seen from this destination
1750 * and hold it at least for normal timewait interval to use for duplicate
1751 * segment detection in subsequent connections, before they enter synchronized
1755 int tcp_v4_remember_stamp(struct sock *sk)
1757 struct inet_sock *inet = inet_sk(sk);
1758 struct tcp_sock *tp = tcp_sk(sk);
1759 struct rtable *rt = (struct rtable *)__sk_dst_get(sk);
1760 struct inet_peer *peer = NULL;
1763 if (!rt || rt->rt_dst != inet->daddr) {
1764 peer = inet_getpeer(inet->daddr, 1);
1768 rt_bind_peer(rt, 1);
1773 if ((s32)(peer->tcp_ts - tp->rx_opt.ts_recent) <= 0 ||
1774 (peer->tcp_ts_stamp + TCP_PAWS_MSL < get_seconds() &&
1775 peer->tcp_ts_stamp <= tp->rx_opt.ts_recent_stamp)) {
1776 peer->tcp_ts_stamp = tp->rx_opt.ts_recent_stamp;
1777 peer->tcp_ts = tp->rx_opt.ts_recent;
1787 int tcp_v4_tw_remember_stamp(struct inet_timewait_sock *tw)
1789 struct inet_peer *peer = inet_getpeer(tw->tw_daddr, 1);
1792 const struct tcp_timewait_sock *tcptw = tcp_twsk((struct sock *)tw);
1794 if ((s32)(peer->tcp_ts - tcptw->tw_ts_recent) <= 0 ||
1795 (peer->tcp_ts_stamp + TCP_PAWS_MSL < get_seconds() &&
1796 peer->tcp_ts_stamp <= tcptw->tw_ts_recent_stamp)) {
1797 peer->tcp_ts_stamp = tcptw->tw_ts_recent_stamp;
1798 peer->tcp_ts = tcptw->tw_ts_recent;
1807 struct inet_connection_sock_af_ops ipv4_specific = {
1808 .queue_xmit = ip_queue_xmit,
1809 .send_check = tcp_v4_send_check,
1810 .rebuild_header = inet_sk_rebuild_header,
1811 .conn_request = tcp_v4_conn_request,
1812 .syn_recv_sock = tcp_v4_syn_recv_sock,
1813 .remember_stamp = tcp_v4_remember_stamp,
1814 .net_header_len = sizeof(struct iphdr),
1815 .setsockopt = ip_setsockopt,
1816 .getsockopt = ip_getsockopt,
1817 .addr2sockaddr = inet_csk_addr2sockaddr,
1818 .sockaddr_len = sizeof(struct sockaddr_in),
1819 #ifdef CONFIG_COMPAT
1820 .compat_setsockopt = compat_ip_setsockopt,
1821 .compat_getsockopt = compat_ip_getsockopt,
1825 #ifdef CONFIG_TCP_MD5SIG
1826 static struct tcp_sock_af_ops tcp_sock_ipv4_specific = {
1827 .md5_lookup = tcp_v4_md5_lookup,
1828 .calc_md5_hash = tcp_v4_calc_md5_hash,
1829 .md5_add = tcp_v4_md5_add_func,
1830 .md5_parse = tcp_v4_parse_md5_keys,
1834 /* NOTE: A lot of things set to zero explicitly by call to
1835 * sk_alloc() so need not be done here.
1837 static int tcp_v4_init_sock(struct sock *sk)
1839 struct inet_connection_sock *icsk = inet_csk(sk);
1840 struct tcp_sock *tp = tcp_sk(sk);
1842 skb_queue_head_init(&tp->out_of_order_queue);
1843 tcp_init_xmit_timers(sk);
1844 tcp_prequeue_init(tp);
1846 icsk->icsk_rto = TCP_TIMEOUT_INIT;
1847 tp->mdev = TCP_TIMEOUT_INIT;
1849 /* So many TCP implementations out there (incorrectly) count the
1850 * initial SYN frame in their delayed-ACK and congestion control
1851 * algorithms that we must have the following bandaid to talk
1852 * efficiently to them. -DaveM
1856 /* See draft-stevens-tcpca-spec-01 for discussion of the
1857 * initialization of these values.
1859 tp->snd_ssthresh = 0x7fffffff; /* Infinity */
1860 tp->snd_cwnd_clamp = ~0;
1861 tp->mss_cache = 536;
1863 tp->reordering = sysctl_tcp_reordering;
1864 icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1866 sk->sk_state = TCP_CLOSE;
1868 sk->sk_write_space = sk_stream_write_space;
1869 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1871 icsk->icsk_af_ops = &ipv4_specific;
1872 icsk->icsk_sync_mss = tcp_sync_mss;
1873 #ifdef CONFIG_TCP_MD5SIG
1874 tp->af_specific = &tcp_sock_ipv4_specific;
1877 sk->sk_sndbuf = sysctl_tcp_wmem[1];
1878 sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1880 atomic_inc(&tcp_sockets_allocated);
1885 int tcp_v4_destroy_sock(struct sock *sk)
1887 struct tcp_sock *tp = tcp_sk(sk);
1889 tcp_clear_xmit_timers(sk);
1891 tcp_cleanup_congestion_control(sk);
1893 /* Cleanup up the write buffer. */
1894 tcp_write_queue_purge(sk);
1896 /* Cleans up our, hopefully empty, out_of_order_queue. */
1897 __skb_queue_purge(&tp->out_of_order_queue);
1899 #ifdef CONFIG_TCP_MD5SIG
1900 /* Clean up the MD5 key list, if any */
1901 if (tp->md5sig_info) {
1902 tcp_v4_clear_md5_list(sk);
1903 kfree(tp->md5sig_info);
1904 tp->md5sig_info = NULL;
1908 #ifdef CONFIG_NET_DMA
1909 /* Cleans up our sk_async_wait_queue */
1910 __skb_queue_purge(&sk->sk_async_wait_queue);
1913 /* Clean prequeue, it must be empty really */
1914 __skb_queue_purge(&tp->ucopy.prequeue);
1916 /* Clean up a referenced TCP bind bucket. */
1917 if (inet_csk(sk)->icsk_bind_hash)
1918 inet_put_port(&tcp_hashinfo, sk);
1921 * If sendmsg cached page exists, toss it.
1923 if (sk->sk_sndmsg_page) {
1924 __free_page(sk->sk_sndmsg_page);
1925 sk->sk_sndmsg_page = NULL;
1928 atomic_dec(&tcp_sockets_allocated);
1933 EXPORT_SYMBOL(tcp_v4_destroy_sock);
1935 #ifdef CONFIG_PROC_FS
1936 /* Proc filesystem TCP sock list dumping. */
1938 static inline struct inet_timewait_sock *tw_head(struct hlist_head *head)
1940 return hlist_empty(head) ? NULL :
1941 list_entry(head->first, struct inet_timewait_sock, tw_node);
1944 static inline struct inet_timewait_sock *tw_next(struct inet_timewait_sock *tw)
1946 return tw->tw_node.next ?
1947 hlist_entry(tw->tw_node.next, typeof(*tw), tw_node) : NULL;
1950 static void *listening_get_next(struct seq_file *seq, void *cur)
1952 struct inet_connection_sock *icsk;
1953 struct hlist_node *node;
1954 struct sock *sk = cur;
1955 struct tcp_iter_state* st = seq->private;
1959 sk = sk_head(&tcp_hashinfo.listening_hash[0]);
1965 if (st->state == TCP_SEQ_STATE_OPENREQ) {
1966 struct request_sock *req = cur;
1968 icsk = inet_csk(st->syn_wait_sk);
1972 if (req->rsk_ops->family == st->family) {
1978 if (++st->sbucket >= icsk->icsk_accept_queue.listen_opt->nr_table_entries)
1981 req = icsk->icsk_accept_queue.listen_opt->syn_table[st->sbucket];
1983 sk = sk_next(st->syn_wait_sk);
1984 st->state = TCP_SEQ_STATE_LISTENING;
1985 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
1987 icsk = inet_csk(sk);
1988 read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
1989 if (reqsk_queue_len(&icsk->icsk_accept_queue))
1991 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
1995 sk_for_each_from(sk, node) {
1996 if (sk->sk_family == st->family) {
2000 icsk = inet_csk(sk);
2001 read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2002 if (reqsk_queue_len(&icsk->icsk_accept_queue)) {
2004 st->uid = sock_i_uid(sk);
2005 st->syn_wait_sk = sk;
2006 st->state = TCP_SEQ_STATE_OPENREQ;
2010 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2012 if (++st->bucket < INET_LHTABLE_SIZE) {
2013 sk = sk_head(&tcp_hashinfo.listening_hash[st->bucket]);
2021 static void *listening_get_idx(struct seq_file *seq, loff_t *pos)
2023 void *rc = listening_get_next(seq, NULL);
2025 while (rc && *pos) {
2026 rc = listening_get_next(seq, rc);
2032 static void *established_get_first(struct seq_file *seq)
2034 struct tcp_iter_state* st = seq->private;
2037 for (st->bucket = 0; st->bucket < tcp_hashinfo.ehash_size; ++st->bucket) {
2039 struct hlist_node *node;
2040 struct inet_timewait_sock *tw;
2042 /* We can reschedule _before_ having picked the target: */
2043 cond_resched_softirq();
2045 read_lock(&tcp_hashinfo.ehash[st->bucket].lock);
2046 sk_for_each(sk, node, &tcp_hashinfo.ehash[st->bucket].chain) {
2047 if (sk->sk_family != st->family) {
2053 st->state = TCP_SEQ_STATE_TIME_WAIT;
2054 inet_twsk_for_each(tw, node,
2055 &tcp_hashinfo.ehash[st->bucket].twchain) {
2056 if (tw->tw_family != st->family) {
2062 read_unlock(&tcp_hashinfo.ehash[st->bucket].lock);
2063 st->state = TCP_SEQ_STATE_ESTABLISHED;
2069 static void *established_get_next(struct seq_file *seq, void *cur)
2071 struct sock *sk = cur;
2072 struct inet_timewait_sock *tw;
2073 struct hlist_node *node;
2074 struct tcp_iter_state* st = seq->private;
2078 if (st->state == TCP_SEQ_STATE_TIME_WAIT) {
2082 while (tw && tw->tw_family != st->family) {
2089 read_unlock(&tcp_hashinfo.ehash[st->bucket].lock);
2090 st->state = TCP_SEQ_STATE_ESTABLISHED;
2092 /* We can reschedule between buckets: */
2093 cond_resched_softirq();
2095 if (++st->bucket < tcp_hashinfo.ehash_size) {
2096 read_lock(&tcp_hashinfo.ehash[st->bucket].lock);
2097 sk = sk_head(&tcp_hashinfo.ehash[st->bucket].chain);
2105 sk_for_each_from(sk, node) {
2106 if (sk->sk_family == st->family)
2110 st->state = TCP_SEQ_STATE_TIME_WAIT;
2111 tw = tw_head(&tcp_hashinfo.ehash[st->bucket].twchain);
2119 static void *established_get_idx(struct seq_file *seq, loff_t pos)
2121 void *rc = established_get_first(seq);
2124 rc = established_get_next(seq, rc);
2130 static void *tcp_get_idx(struct seq_file *seq, loff_t pos)
2133 struct tcp_iter_state* st = seq->private;
2135 inet_listen_lock(&tcp_hashinfo);
2136 st->state = TCP_SEQ_STATE_LISTENING;
2137 rc = listening_get_idx(seq, &pos);
2140 inet_listen_unlock(&tcp_hashinfo);
2142 st->state = TCP_SEQ_STATE_ESTABLISHED;
2143 rc = established_get_idx(seq, pos);
2149 static void *tcp_seq_start(struct seq_file *seq, loff_t *pos)
2151 struct tcp_iter_state* st = seq->private;
2152 st->state = TCP_SEQ_STATE_LISTENING;
2154 return *pos ? tcp_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2157 static void *tcp_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2160 struct tcp_iter_state* st;
2162 if (v == SEQ_START_TOKEN) {
2163 rc = tcp_get_idx(seq, 0);
2168 switch (st->state) {
2169 case TCP_SEQ_STATE_OPENREQ:
2170 case TCP_SEQ_STATE_LISTENING:
2171 rc = listening_get_next(seq, v);
2173 inet_listen_unlock(&tcp_hashinfo);
2175 st->state = TCP_SEQ_STATE_ESTABLISHED;
2176 rc = established_get_first(seq);
2179 case TCP_SEQ_STATE_ESTABLISHED:
2180 case TCP_SEQ_STATE_TIME_WAIT:
2181 rc = established_get_next(seq, v);
2189 static void tcp_seq_stop(struct seq_file *seq, void *v)
2191 struct tcp_iter_state* st = seq->private;
2193 switch (st->state) {
2194 case TCP_SEQ_STATE_OPENREQ:
2196 struct inet_connection_sock *icsk = inet_csk(st->syn_wait_sk);
2197 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2199 case TCP_SEQ_STATE_LISTENING:
2200 if (v != SEQ_START_TOKEN)
2201 inet_listen_unlock(&tcp_hashinfo);
2203 case TCP_SEQ_STATE_TIME_WAIT:
2204 case TCP_SEQ_STATE_ESTABLISHED:
2206 read_unlock(&tcp_hashinfo.ehash[st->bucket].lock);
2212 static int tcp_seq_open(struct inode *inode, struct file *file)
2214 struct tcp_seq_afinfo *afinfo = PDE(inode)->data;
2215 struct seq_file *seq;
2216 struct tcp_iter_state *s;
2219 if (unlikely(afinfo == NULL))
2222 s = kzalloc(sizeof(*s), GFP_KERNEL);
2225 s->family = afinfo->family;
2226 s->seq_ops.start = tcp_seq_start;
2227 s->seq_ops.next = tcp_seq_next;
2228 s->seq_ops.show = afinfo->seq_show;
2229 s->seq_ops.stop = tcp_seq_stop;
2231 rc = seq_open(file, &s->seq_ops);
2234 seq = file->private_data;
2243 int tcp_proc_register(struct tcp_seq_afinfo *afinfo)
2246 struct proc_dir_entry *p;
2250 afinfo->seq_fops->owner = afinfo->owner;
2251 afinfo->seq_fops->open = tcp_seq_open;
2252 afinfo->seq_fops->read = seq_read;
2253 afinfo->seq_fops->llseek = seq_lseek;
2254 afinfo->seq_fops->release = seq_release_private;
2256 p = proc_net_fops_create(afinfo->name, S_IRUGO, afinfo->seq_fops);
2264 void tcp_proc_unregister(struct tcp_seq_afinfo *afinfo)
2268 proc_net_remove(afinfo->name);
2269 memset(afinfo->seq_fops, 0, sizeof(*afinfo->seq_fops));
2272 static void get_openreq4(struct sock *sk, struct request_sock *req,
2273 char *tmpbuf, int i, int uid)
2275 const struct inet_request_sock *ireq = inet_rsk(req);
2276 int ttd = req->expires - jiffies;
2278 sprintf(tmpbuf, "%4d: %08X:%04X %08X:%04X"
2279 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %u %d %p",
2282 ntohs(inet_sk(sk)->sport),
2284 ntohs(ireq->rmt_port),
2286 0, 0, /* could print option size, but that is af dependent. */
2287 1, /* timers active (only the expire timer) */
2288 jiffies_to_clock_t(ttd),
2291 0, /* non standard timer */
2292 0, /* open_requests have no inode */
2293 atomic_read(&sk->sk_refcnt),
2297 static void get_tcp4_sock(struct sock *sk, char *tmpbuf, int i)
2300 unsigned long timer_expires;
2301 struct tcp_sock *tp = tcp_sk(sk);
2302 const struct inet_connection_sock *icsk = inet_csk(sk);
2303 struct inet_sock *inet = inet_sk(sk);
2304 __be32 dest = inet->daddr;
2305 __be32 src = inet->rcv_saddr;
2306 __u16 destp = ntohs(inet->dport);
2307 __u16 srcp = ntohs(inet->sport);
2309 if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
2311 timer_expires = icsk->icsk_timeout;
2312 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2314 timer_expires = icsk->icsk_timeout;
2315 } else if (timer_pending(&sk->sk_timer)) {
2317 timer_expires = sk->sk_timer.expires;
2320 timer_expires = jiffies;
2323 sprintf(tmpbuf, "%4d: %08X:%04X %08X:%04X %02X %08X:%08X %02X:%08lX "
2324 "%08X %5d %8d %lu %d %p %u %u %u %u %d",
2325 i, src, srcp, dest, destp, sk->sk_state,
2326 tp->write_seq - tp->snd_una,
2327 sk->sk_state == TCP_LISTEN ? sk->sk_ack_backlog :
2328 (tp->rcv_nxt - tp->copied_seq),
2330 jiffies_to_clock_t(timer_expires - jiffies),
2331 icsk->icsk_retransmits,
2333 icsk->icsk_probes_out,
2335 atomic_read(&sk->sk_refcnt), sk,
2338 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
2340 tp->snd_ssthresh >= 0xFFFF ? -1 : tp->snd_ssthresh);
2343 static void get_timewait4_sock(struct inet_timewait_sock *tw,
2344 char *tmpbuf, int i)
2348 int ttd = tw->tw_ttd - jiffies;
2353 dest = tw->tw_daddr;
2354 src = tw->tw_rcv_saddr;
2355 destp = ntohs(tw->tw_dport);
2356 srcp = ntohs(tw->tw_sport);
2358 sprintf(tmpbuf, "%4d: %08X:%04X %08X:%04X"
2359 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p",
2360 i, src, srcp, dest, destp, tw->tw_substate, 0, 0,
2361 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2362 atomic_read(&tw->tw_refcnt), tw);
2367 static int tcp4_seq_show(struct seq_file *seq, void *v)
2369 struct tcp_iter_state* st;
2370 char tmpbuf[TMPSZ + 1];
2372 if (v == SEQ_START_TOKEN) {
2373 seq_printf(seq, "%-*s\n", TMPSZ - 1,
2374 " sl local_address rem_address st tx_queue "
2375 "rx_queue tr tm->when retrnsmt uid timeout "
2381 switch (st->state) {
2382 case TCP_SEQ_STATE_LISTENING:
2383 case TCP_SEQ_STATE_ESTABLISHED:
2384 get_tcp4_sock(v, tmpbuf, st->num);
2386 case TCP_SEQ_STATE_OPENREQ:
2387 get_openreq4(st->syn_wait_sk, v, tmpbuf, st->num, st->uid);
2389 case TCP_SEQ_STATE_TIME_WAIT:
2390 get_timewait4_sock(v, tmpbuf, st->num);
2393 seq_printf(seq, "%-*s\n", TMPSZ - 1, tmpbuf);
2398 static struct file_operations tcp4_seq_fops;
2399 static struct tcp_seq_afinfo tcp4_seq_afinfo = {
2400 .owner = THIS_MODULE,
2403 .seq_show = tcp4_seq_show,
2404 .seq_fops = &tcp4_seq_fops,
2407 int __init tcp4_proc_init(void)
2409 return tcp_proc_register(&tcp4_seq_afinfo);
2412 void tcp4_proc_exit(void)
2414 tcp_proc_unregister(&tcp4_seq_afinfo);
2416 #endif /* CONFIG_PROC_FS */
2418 struct proto tcp_prot = {
2420 .owner = THIS_MODULE,
2422 .connect = tcp_v4_connect,
2423 .disconnect = tcp_disconnect,
2424 .accept = inet_csk_accept,
2426 .init = tcp_v4_init_sock,
2427 .destroy = tcp_v4_destroy_sock,
2428 .shutdown = tcp_shutdown,
2429 .setsockopt = tcp_setsockopt,
2430 .getsockopt = tcp_getsockopt,
2431 .sendmsg = tcp_sendmsg,
2432 .recvmsg = tcp_recvmsg,
2433 .backlog_rcv = tcp_v4_do_rcv,
2434 .hash = tcp_v4_hash,
2435 .unhash = tcp_unhash,
2436 .get_port = tcp_v4_get_port,
2437 .enter_memory_pressure = tcp_enter_memory_pressure,
2438 .sockets_allocated = &tcp_sockets_allocated,
2439 .orphan_count = &tcp_orphan_count,
2440 .memory_allocated = &tcp_memory_allocated,
2441 .memory_pressure = &tcp_memory_pressure,
2442 .sysctl_mem = sysctl_tcp_mem,
2443 .sysctl_wmem = sysctl_tcp_wmem,
2444 .sysctl_rmem = sysctl_tcp_rmem,
2445 .max_header = MAX_TCP_HEADER,
2446 .obj_size = sizeof(struct tcp_sock),
2447 .twsk_prot = &tcp_timewait_sock_ops,
2448 .rsk_prot = &tcp_request_sock_ops,
2449 #ifdef CONFIG_COMPAT
2450 .compat_setsockopt = compat_tcp_setsockopt,
2451 .compat_getsockopt = compat_tcp_getsockopt,
2455 void __init tcp_v4_init(struct net_proto_family *ops)
2457 if (inet_csk_ctl_sock_create(&tcp_socket, PF_INET, SOCK_RAW,
2459 panic("Failed to create the TCP control socket.\n");
2462 EXPORT_SYMBOL(ipv4_specific);
2463 EXPORT_SYMBOL(tcp_hashinfo);
2464 EXPORT_SYMBOL(tcp_prot);
2465 EXPORT_SYMBOL(tcp_unhash);
2466 EXPORT_SYMBOL(tcp_v4_conn_request);
2467 EXPORT_SYMBOL(tcp_v4_connect);
2468 EXPORT_SYMBOL(tcp_v4_do_rcv);
2469 EXPORT_SYMBOL(tcp_v4_remember_stamp);
2470 EXPORT_SYMBOL(tcp_v4_send_check);
2471 EXPORT_SYMBOL(tcp_v4_syn_recv_sock);
2473 #ifdef CONFIG_PROC_FS
2474 EXPORT_SYMBOL(tcp_proc_register);
2475 EXPORT_SYMBOL(tcp_proc_unregister);
2477 EXPORT_SYMBOL(sysctl_local_port_range);
2478 EXPORT_SYMBOL(sysctl_tcp_low_latency);
git.openpandora.org / pandora-kernel.git / blob