2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * Implementation of the Transmission Control Protocol(TCP).
9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
10 * Mark Evans, <evansmp@uhura.aston.ac.uk>
11 * Corey Minyard <wf-rch!minyard@relay.EU.net>
12 * Florian La Roche, <flla@stud.uni-sb.de>
13 * Charles Hedrick, <hedrick@klinzhai.rutgers.edu>
14 * Linus Torvalds, <torvalds@cs.helsinki.fi>
15 * Alan Cox, <gw4pts@gw4pts.ampr.org>
16 * Matthew Dillon, <dillon@apollo.west.oic.com>
17 * Arnt Gulbrandsen, <agulbra@nvg.unit.no>
18 * Jorge Cwik, <jorge@laser.satlink.net>
22 #include <linux/module.h>
23 #include <linux/slab.h>
24 #include <linux/sysctl.h>
25 #include <linux/workqueue.h>
27 #include <net/inet_common.h>
30 int sysctl_tcp_syncookies __read_mostly = 1;
31 EXPORT_SYMBOL(sysctl_tcp_syncookies);
33 int sysctl_tcp_abort_on_overflow __read_mostly;
35 struct inet_timewait_death_row tcp_death_row = {
36 .sysctl_max_tw_buckets = NR_FILE * 2,
37 .period = TCP_TIMEWAIT_LEN / INET_TWDR_TWKILL_SLOTS,
38 .death_lock = __SPIN_LOCK_UNLOCKED(tcp_death_row.death_lock),
39 .hashinfo = &tcp_hashinfo,
40 .tw_timer = TIMER_INITIALIZER(inet_twdr_hangman, 0,
41 (unsigned long)&tcp_death_row),
42 .twkill_work = __WORK_INITIALIZER(tcp_death_row.twkill_work,
43 inet_twdr_twkill_work),
44 /* Short-time timewait calendar */
47 .twcal_timer = TIMER_INITIALIZER(inet_twdr_twcal_tick, 0,
48 (unsigned long)&tcp_death_row),
50 EXPORT_SYMBOL_GPL(tcp_death_row);
52 static __inline__ int tcp_in_window(u32 seq, u32 end_seq, u32 s_win, u32 e_win)
56 if (after(end_seq, s_win) && before(seq, e_win))
58 return seq == e_win && seq == end_seq;
62 * * Main purpose of TIME-WAIT state is to close connection gracefully,
63 * when one of ends sits in LAST-ACK or CLOSING retransmitting FIN
64 * (and, probably, tail of data) and one or more our ACKs are lost.
65 * * What is TIME-WAIT timeout? It is associated with maximal packet
66 * lifetime in the internet, which results in wrong conclusion, that
67 * it is set to catch "old duplicate segments" wandering out of their path.
68 * It is not quite correct. This timeout is calculated so that it exceeds
69 * maximal retransmission timeout enough to allow to lose one (or more)
70 * segments sent by peer and our ACKs. This time may be calculated from RTO.
71 * * When TIME-WAIT socket receives RST, it means that another end
72 * finally closed and we are allowed to kill TIME-WAIT too.
73 * * Second purpose of TIME-WAIT is catching old duplicate segments.
74 * Well, certainly it is pure paranoia, but if we load TIME-WAIT
75 * with this semantics, we MUST NOT kill TIME-WAIT state with RSTs.
76 * * If we invented some more clever way to catch duplicates
77 * (f.e. based on PAWS), we could truncate TIME-WAIT to several RTOs.
79 * The algorithm below is based on FORMAL INTERPRETATION of RFCs.
80 * When you compare it to RFCs, please, read section SEGMENT ARRIVES
81 * from the very beginning.
83 * NOTE. With recycling (and later with fin-wait-2) TW bucket
84 * is _not_ stateless. It means, that strictly speaking we must
85 * spinlock it. I do not want! Well, probability of misbehaviour
86 * is ridiculously low and, seems, we could use some mb() tricks
87 * to avoid misread sequence numbers, states etc. --ANK
90 tcp_timewait_state_process(struct inet_timewait_sock *tw, struct sk_buff *skb,
91 const struct tcphdr *th)
93 struct tcp_options_received tmp_opt;
95 struct tcp_timewait_sock *tcptw = tcp_twsk((struct sock *)tw);
98 tmp_opt.saw_tstamp = 0;
99 if (th->doff > (sizeof(*th) >> 2) && tcptw->tw_ts_recent_stamp) {
100 tcp_parse_options(skb, &tmp_opt, &hash_location, 0);
102 if (tmp_opt.saw_tstamp) {
103 tmp_opt.ts_recent = tcptw->tw_ts_recent;
104 tmp_opt.ts_recent_stamp = tcptw->tw_ts_recent_stamp;
105 paws_reject = tcp_paws_reject(&tmp_opt, th->rst);
109 if (tw->tw_substate == TCP_FIN_WAIT2) {
110 /* Just repeat all the checks of tcp_rcv_state_process() */
112 /* Out of window, send ACK */
114 !tcp_in_window(TCP_SKB_CB(skb)->seq, TCP_SKB_CB(skb)->end_seq,
116 tcptw->tw_rcv_nxt + tcptw->tw_rcv_wnd))
122 if (th->syn && !before(TCP_SKB_CB(skb)->seq, tcptw->tw_rcv_nxt))
127 !after(TCP_SKB_CB(skb)->end_seq, tcptw->tw_rcv_nxt) ||
128 TCP_SKB_CB(skb)->end_seq == TCP_SKB_CB(skb)->seq) {
130 return TCP_TW_SUCCESS;
133 /* New data or FIN. If new data arrive after half-duplex close,
137 TCP_SKB_CB(skb)->end_seq != tcptw->tw_rcv_nxt + 1) {
139 inet_twsk_deschedule(tw, &tcp_death_row);
144 /* FIN arrived, enter true time-wait state. */
145 tw->tw_substate = TCP_TIME_WAIT;
146 tcptw->tw_rcv_nxt = TCP_SKB_CB(skb)->end_seq;
147 if (tmp_opt.saw_tstamp) {
148 tcptw->tw_ts_recent_stamp = get_seconds();
149 tcptw->tw_ts_recent = tmp_opt.rcv_tsval;
152 /* I am shamed, but failed to make it more elegant.
153 * Yes, it is direct reference to IP, which is impossible
154 * to generalize to IPv6. Taking into account that IPv6
155 * do not understand recycling in any case, it not
156 * a big problem in practice. --ANK */
157 if (tw->tw_family == AF_INET &&
158 tcp_death_row.sysctl_tw_recycle && tcptw->tw_ts_recent_stamp &&
159 tcp_v4_tw_remember_stamp(tw))
160 inet_twsk_schedule(tw, &tcp_death_row, tw->tw_timeout,
163 inet_twsk_schedule(tw, &tcp_death_row, TCP_TIMEWAIT_LEN,
169 * Now real TIME-WAIT state.
172 * "When a connection is [...] on TIME-WAIT state [...]
173 * [a TCP] MAY accept a new SYN from the remote TCP to
174 * reopen the connection directly, if it:
176 * (1) assigns its initial sequence number for the new
177 * connection to be larger than the largest sequence
178 * number it used on the previous connection incarnation,
181 * (2) returns to TIME-WAIT state if the SYN turns out
182 * to be an old duplicate".
186 (TCP_SKB_CB(skb)->seq == tcptw->tw_rcv_nxt &&
187 (TCP_SKB_CB(skb)->seq == TCP_SKB_CB(skb)->end_seq || th->rst))) {
188 /* In window segment, it may be only reset or bare ack. */
191 /* This is TIME_WAIT assassination, in two flavors.
192 * Oh well... nobody has a sufficient solution to this
195 if (sysctl_tcp_rfc1337 == 0) {
197 inet_twsk_deschedule(tw, &tcp_death_row);
199 return TCP_TW_SUCCESS;
202 inet_twsk_schedule(tw, &tcp_death_row, TCP_TIMEWAIT_LEN,
205 if (tmp_opt.saw_tstamp) {
206 tcptw->tw_ts_recent = tmp_opt.rcv_tsval;
207 tcptw->tw_ts_recent_stamp = get_seconds();
211 return TCP_TW_SUCCESS;
214 /* Out of window segment.
216 All the segments are ACKed immediately.
218 The only exception is new SYN. We accept it, if it is
219 not old duplicate and we are not in danger to be killed
220 by delayed old duplicates. RFC check is that it has
221 newer sequence number works at rates <40Mbit/sec.
222 However, if paws works, it is reliable AND even more,
223 we even may relax silly seq space cutoff.
225 RED-PEN: we violate main RFC requirement, if this SYN will appear
226 old duplicate (i.e. we receive RST in reply to SYN-ACK),
227 we must return socket to time-wait state. It is not good,
231 if (th->syn && !th->rst && !th->ack && !paws_reject &&
232 (after(TCP_SKB_CB(skb)->seq, tcptw->tw_rcv_nxt) ||
233 (tmp_opt.saw_tstamp &&
234 (s32)(tcptw->tw_ts_recent - tmp_opt.rcv_tsval) < 0))) {
235 u32 isn = tcptw->tw_snd_nxt + 65535 + 2;
238 TCP_SKB_CB(skb)->when = isn;
243 NET_INC_STATS_BH(twsk_net(tw), LINUX_MIB_PAWSESTABREJECTED);
246 /* In this case we must reset the TIMEWAIT timer.
248 * If it is ACKless SYN it may be both old duplicate
249 * and new good SYN with random sequence number <rcv_nxt.
250 * Do not reschedule in the last case.
252 if (paws_reject || th->ack)
253 inet_twsk_schedule(tw, &tcp_death_row, TCP_TIMEWAIT_LEN,
256 /* Send ACK. Note, we do not put the bucket,
257 * it will be released by caller.
262 return TCP_TW_SUCCESS;
264 EXPORT_SYMBOL(tcp_timewait_state_process);
267 * Move a socket to time-wait or dead fin-wait-2 state.
269 void tcp_time_wait(struct sock *sk, int state, int timeo)
271 struct inet_timewait_sock *tw = NULL;
272 const struct inet_connection_sock *icsk = inet_csk(sk);
273 const struct tcp_sock *tp = tcp_sk(sk);
276 if (tcp_death_row.sysctl_tw_recycle && tp->rx_opt.ts_recent_stamp)
277 recycle_ok = icsk->icsk_af_ops->remember_stamp(sk);
279 if (tcp_death_row.tw_count < tcp_death_row.sysctl_max_tw_buckets)
280 tw = inet_twsk_alloc(sk, state);
283 struct tcp_timewait_sock *tcptw = tcp_twsk((struct sock *)tw);
284 const int rto = (icsk->icsk_rto << 2) - (icsk->icsk_rto >> 1);
286 tw->tw_rcv_wscale = tp->rx_opt.rcv_wscale;
287 tcptw->tw_rcv_nxt = tp->rcv_nxt;
288 tcptw->tw_snd_nxt = tp->snd_nxt;
289 tcptw->tw_rcv_wnd = tcp_receive_window(tp);
290 tcptw->tw_ts_recent = tp->rx_opt.ts_recent;
291 tcptw->tw_ts_recent_stamp = tp->rx_opt.ts_recent_stamp;
293 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
294 if (tw->tw_family == PF_INET6) {
295 struct ipv6_pinfo *np = inet6_sk(sk);
296 struct inet6_timewait_sock *tw6;
298 tw->tw_ipv6_offset = inet6_tw_offset(sk->sk_prot);
299 tw6 = inet6_twsk((struct sock *)tw);
300 ipv6_addr_copy(&tw6->tw_v6_daddr, &np->daddr);
301 ipv6_addr_copy(&tw6->tw_v6_rcv_saddr, &np->rcv_saddr);
302 tw->tw_ipv6only = np->ipv6only;
306 #ifdef CONFIG_TCP_MD5SIG
308 * The timewait bucket does not have the key DB from the
309 * sock structure. We just make a quick copy of the
310 * md5 key being used (if indeed we are using one)
311 * so the timewait ack generating code has the key.
314 struct tcp_md5sig_key *key;
315 memset(tcptw->tw_md5_key, 0, sizeof(tcptw->tw_md5_key));
316 tcptw->tw_md5_keylen = 0;
317 key = tp->af_specific->md5_lookup(sk, sk);
319 memcpy(&tcptw->tw_md5_key, key->key, key->keylen);
320 tcptw->tw_md5_keylen = key->keylen;
321 if (tcp_alloc_md5sig_pool(sk) == NULL)
327 /* Linkage updates. */
328 __inet_twsk_hashdance(tw, sk, &tcp_hashinfo);
330 /* Get the TIME_WAIT timeout firing. */
335 tw->tw_timeout = rto;
337 tw->tw_timeout = TCP_TIMEWAIT_LEN;
338 if (state == TCP_TIME_WAIT)
339 timeo = TCP_TIMEWAIT_LEN;
342 inet_twsk_schedule(tw, &tcp_death_row, timeo,
346 /* Sorry, if we're out of memory, just CLOSE this
347 * socket up. We've got bigger problems than
348 * non-graceful socket closings.
350 LIMIT_NETDEBUG(KERN_INFO "TCP: time wait bucket table overflow\n");
353 tcp_update_metrics(sk);
357 void tcp_twsk_destructor(struct sock *sk)
359 #ifdef CONFIG_TCP_MD5SIG
360 struct tcp_timewait_sock *twsk = tcp_twsk(sk);
361 if (twsk->tw_md5_keylen)
362 tcp_free_md5sig_pool();
365 EXPORT_SYMBOL_GPL(tcp_twsk_destructor);
367 static inline void TCP_ECN_openreq_child(struct tcp_sock *tp,
368 struct request_sock *req)
370 tp->ecn_flags = inet_rsk(req)->ecn_ok ? TCP_ECN_OK : 0;
373 /* This is not only more efficient than what we used to do, it eliminates
374 * a lot of code duplication between IPv4/IPv6 SYN recv processing. -DaveM
376 * Actually, we could lots of memory writes here. tp of listening
377 * socket contains all necessary default parameters.
379 struct sock *tcp_create_openreq_child(struct sock *sk, struct request_sock *req, struct sk_buff *skb)
381 struct sock *newsk = inet_csk_clone(sk, req, GFP_ATOMIC);
384 const struct inet_request_sock *ireq = inet_rsk(req);
385 struct tcp_request_sock *treq = tcp_rsk(req);
386 struct inet_connection_sock *newicsk = inet_csk(newsk);
387 struct tcp_sock *newtp = tcp_sk(newsk);
388 struct tcp_sock *oldtp = tcp_sk(sk);
389 struct tcp_cookie_values *oldcvp = oldtp->cookie_values;
391 /* TCP Cookie Transactions require space for the cookie pair,
392 * as it differs for each connection. There is no need to
393 * copy any s_data_payload stored at the original socket.
394 * Failure will prevent resuming the connection.
396 * Presumed copied, in order of appearance:
397 * cookie_in_always, cookie_out_never
399 if (oldcvp != NULL) {
400 struct tcp_cookie_values *newcvp =
401 kzalloc(sizeof(*newtp->cookie_values),
404 if (newcvp != NULL) {
405 kref_init(&newcvp->kref);
406 newcvp->cookie_desired =
407 oldcvp->cookie_desired;
408 newtp->cookie_values = newcvp;
410 /* Not Yet Implemented */
411 newtp->cookie_values = NULL;
415 /* Now setup tcp_sock */
416 newtp->pred_flags = 0;
418 newtp->rcv_wup = newtp->copied_seq =
419 newtp->rcv_nxt = treq->rcv_isn + 1;
421 newtp->snd_sml = newtp->snd_una =
422 newtp->snd_nxt = newtp->snd_up =
423 treq->snt_isn + 1 + tcp_s_data_size(oldtp);
425 tcp_prequeue_init(newtp);
427 tcp_init_wl(newtp, treq->rcv_isn);
430 newtp->mdev = TCP_TIMEOUT_INIT;
431 newicsk->icsk_rto = TCP_TIMEOUT_INIT;
433 newtp->packets_out = 0;
434 newtp->retrans_out = 0;
435 newtp->sacked_out = 0;
436 newtp->fackets_out = 0;
437 newtp->snd_ssthresh = TCP_INFINITE_SSTHRESH;
439 /* So many TCP implementations out there (incorrectly) count the
440 * initial SYN frame in their delayed-ACK and congestion control
441 * algorithms that we must have the following bandaid to talk
442 * efficiently to them. -DaveM
445 newtp->snd_cwnd_cnt = 0;
446 newtp->bytes_acked = 0;
448 newtp->frto_counter = 0;
449 newtp->frto_highmark = 0;
451 newicsk->icsk_ca_ops = &tcp_init_congestion_ops;
453 tcp_set_ca_state(newsk, TCP_CA_Open);
454 tcp_init_xmit_timers(newsk);
455 skb_queue_head_init(&newtp->out_of_order_queue);
456 newtp->write_seq = newtp->pushed_seq =
457 treq->snt_isn + 1 + tcp_s_data_size(oldtp);
459 newtp->rx_opt.saw_tstamp = 0;
461 newtp->rx_opt.dsack = 0;
462 newtp->rx_opt.num_sacks = 0;
466 if (sock_flag(newsk, SOCK_KEEPOPEN))
467 inet_csk_reset_keepalive_timer(newsk,
468 keepalive_time_when(newtp));
470 newtp->rx_opt.tstamp_ok = ireq->tstamp_ok;
471 if ((newtp->rx_opt.sack_ok = ireq->sack_ok) != 0) {
473 tcp_enable_fack(newtp);
475 newtp->window_clamp = req->window_clamp;
476 newtp->rcv_ssthresh = req->rcv_wnd;
477 newtp->rcv_wnd = req->rcv_wnd;
478 newtp->rx_opt.wscale_ok = ireq->wscale_ok;
479 if (newtp->rx_opt.wscale_ok) {
480 newtp->rx_opt.snd_wscale = ireq->snd_wscale;
481 newtp->rx_opt.rcv_wscale = ireq->rcv_wscale;
483 newtp->rx_opt.snd_wscale = newtp->rx_opt.rcv_wscale = 0;
484 newtp->window_clamp = min(newtp->window_clamp, 65535U);
486 newtp->snd_wnd = (ntohs(tcp_hdr(skb)->window) <<
487 newtp->rx_opt.snd_wscale);
488 newtp->max_window = newtp->snd_wnd;
490 if (newtp->rx_opt.tstamp_ok) {
491 newtp->rx_opt.ts_recent = req->ts_recent;
492 newtp->rx_opt.ts_recent_stamp = get_seconds();
493 newtp->tcp_header_len = sizeof(struct tcphdr) + TCPOLEN_TSTAMP_ALIGNED;
495 newtp->rx_opt.ts_recent_stamp = 0;
496 newtp->tcp_header_len = sizeof(struct tcphdr);
498 #ifdef CONFIG_TCP_MD5SIG
499 newtp->md5sig_info = NULL; /*XXX*/
500 if (newtp->af_specific->md5_lookup(sk, newsk))
501 newtp->tcp_header_len += TCPOLEN_MD5SIG_ALIGNED;
503 if (skb->len >= TCP_MSS_DEFAULT + newtp->tcp_header_len)
504 newicsk->icsk_ack.last_seg_size = skb->len - newtp->tcp_header_len;
505 newtp->rx_opt.mss_clamp = req->mss;
506 TCP_ECN_openreq_child(newtp, req);
508 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_PASSIVEOPENS);
512 EXPORT_SYMBOL(tcp_create_openreq_child);
515 * Process an incoming packet for SYN_RECV sockets represented
519 struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb,
520 struct request_sock *req,
521 struct request_sock **prev)
523 struct tcp_options_received tmp_opt;
526 const struct tcphdr *th = tcp_hdr(skb);
527 __be32 flg = tcp_flag_word(th) & (TCP_FLAG_RST|TCP_FLAG_SYN|TCP_FLAG_ACK);
530 tmp_opt.saw_tstamp = 0;
531 if (th->doff > (sizeof(struct tcphdr)>>2)) {
532 tcp_parse_options(skb, &tmp_opt, &hash_location, 0);
534 if (tmp_opt.saw_tstamp) {
535 tmp_opt.ts_recent = req->ts_recent;
536 /* We do not store true stamp, but it is not required,
537 * it can be estimated (approximately)
540 tmp_opt.ts_recent_stamp = get_seconds() - ((TCP_TIMEOUT_INIT/HZ)<<req->retrans);
541 paws_reject = tcp_paws_reject(&tmp_opt, th->rst);
545 /* Check for pure retransmitted SYN. */
546 if (TCP_SKB_CB(skb)->seq == tcp_rsk(req)->rcv_isn &&
547 flg == TCP_FLAG_SYN &&
550 * RFC793 draws (Incorrectly! It was fixed in RFC1122)
551 * this case on figure 6 and figure 8, but formal
552 * protocol description says NOTHING.
553 * To be more exact, it says that we should send ACK,
554 * because this segment (at least, if it has no data)
557 * CONCLUSION: RFC793 (even with RFC1122) DOES NOT
558 * describe SYN-RECV state. All the description
559 * is wrong, we cannot believe to it and should
560 * rely only on common sense and implementation
563 * Enforce "SYN-ACK" according to figure 8, figure 6
564 * of RFC793, fixed by RFC1122.
566 req->rsk_ops->rtx_syn_ack(sk, req, NULL);
570 /* Further reproduces section "SEGMENT ARRIVES"
571 for state SYN-RECEIVED of RFC793.
572 It is broken, however, it does not work only
573 when SYNs are crossed.
575 You would think that SYN crossing is impossible here, since
576 we should have a SYN_SENT socket (from connect()) on our end,
577 but this is not true if the crossed SYNs were sent to both
578 ends by a malicious third party. We must defend against this,
579 and to do that we first verify the ACK (as per RFC793, page
580 36) and reset if it is invalid. Is this a true full defense?
581 To convince ourselves, let us consider a way in which the ACK
582 test can still pass in this 'malicious crossed SYNs' case.
583 Malicious sender sends identical SYNs (and thus identical sequence
584 numbers) to both A and B:
589 By our good fortune, both A and B select the same initial
590 send sequence number of seven :-)
592 A: sends SYN|ACK, seq=7, ack_seq=8
593 B: sends SYN|ACK, seq=7, ack_seq=8
595 So we are now A eating this SYN|ACK, ACK test passes. So
596 does sequence test, SYN is truncated, and thus we consider
599 If icsk->icsk_accept_queue.rskq_defer_accept, we silently drop this
600 bare ACK. Otherwise, we create an established connection. Both
601 ends (listening sockets) accept the new incoming connection and try
602 to talk to each other. 8-)
604 Note: This case is both harmless, and rare. Possibility is about the
605 same as us discovering intelligent life on another plant tomorrow.
607 But generally, we should (RFC lies!) to accept ACK
608 from SYNACK both here and in tcp_rcv_state_process().
609 tcp_rcv_state_process() does not, hence, we do not too.
611 Note that the case is absolutely generic:
612 we cannot optimize anything here without
613 violating protocol. All the checks must be made
614 before attempt to create socket.
617 /* RFC793 page 36: "If the connection is in any non-synchronized state ...
618 * and the incoming segment acknowledges something not yet
619 * sent (the segment carries an unacceptable ACK) ...
622 * Invalid ACK: reset will be sent by listening socket
624 if ((flg & TCP_FLAG_ACK) &&
625 (TCP_SKB_CB(skb)->ack_seq !=
626 tcp_rsk(req)->snt_isn + 1 + tcp_s_data_size(tcp_sk(sk))))
629 /* Also, it would be not so bad idea to check rcv_tsecr, which
630 * is essentially ACK extension and too early or too late values
631 * should cause reset in unsynchronized states.
634 /* RFC793: "first check sequence number". */
636 if (paws_reject || !tcp_in_window(TCP_SKB_CB(skb)->seq, TCP_SKB_CB(skb)->end_seq,
637 tcp_rsk(req)->rcv_isn + 1, tcp_rsk(req)->rcv_isn + 1 + req->rcv_wnd)) {
638 /* Out of window: send ACK and drop. */
639 if (!(flg & TCP_FLAG_RST))
640 req->rsk_ops->send_ack(sk, skb, req);
642 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSESTABREJECTED);
646 /* In sequence, PAWS is OK. */
648 if (tmp_opt.saw_tstamp && !after(TCP_SKB_CB(skb)->seq, tcp_rsk(req)->rcv_isn + 1))
649 req->ts_recent = tmp_opt.rcv_tsval;
651 if (TCP_SKB_CB(skb)->seq == tcp_rsk(req)->rcv_isn) {
652 /* Truncate SYN, it is out of window starting
653 at tcp_rsk(req)->rcv_isn + 1. */
654 flg &= ~TCP_FLAG_SYN;
657 /* RFC793: "second check the RST bit" and
658 * "fourth, check the SYN bit"
660 if (flg & (TCP_FLAG_RST|TCP_FLAG_SYN)) {
661 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_ATTEMPTFAILS);
662 goto embryonic_reset;
665 /* ACK sequence verified above, just make sure ACK is
666 * set. If ACK not set, just silently drop the packet.
668 if (!(flg & TCP_FLAG_ACK))
671 /* While TCP_DEFER_ACCEPT is active, drop bare ACK. */
672 if (req->retrans < inet_csk(sk)->icsk_accept_queue.rskq_defer_accept &&
673 TCP_SKB_CB(skb)->end_seq == tcp_rsk(req)->rcv_isn + 1) {
674 inet_rsk(req)->acked = 1;
675 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPDEFERACCEPTDROP);
679 /* OK, ACK is valid, create big socket and
680 * feed this segment to it. It will repeat all
681 * the tests. THIS SEGMENT MUST MOVE SOCKET TO
682 * ESTABLISHED STATE. If it will be dropped after
683 * socket is created, wait for troubles.
685 child = inet_csk(sk)->icsk_af_ops->syn_recv_sock(sk, skb, req, NULL);
687 goto listen_overflow;
689 inet_csk_reqsk_queue_unlink(sk, req, prev);
690 inet_csk_reqsk_queue_removed(sk, req);
692 inet_csk_reqsk_queue_add(sk, req, child);
696 if (!sysctl_tcp_abort_on_overflow) {
697 inet_rsk(req)->acked = 1;
702 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_EMBRYONICRSTS);
703 if (!(flg & TCP_FLAG_RST))
704 req->rsk_ops->send_reset(sk, skb);
706 inet_csk_reqsk_queue_drop(sk, req, prev);
709 EXPORT_SYMBOL(tcp_check_req);
712 * Queue segment on the new socket if the new socket is active,
713 * otherwise we just shortcircuit this and continue with
717 int tcp_child_process(struct sock *parent, struct sock *child,
721 int state = child->sk_state;
723 if (!sock_owned_by_user(child)) {
724 ret = tcp_rcv_state_process(child, skb, tcp_hdr(skb),
726 /* Wakeup parent, send SIGIO */
727 if (state == TCP_SYN_RECV && child->sk_state != state)
728 parent->sk_data_ready(parent, 0);
730 /* Alas, it is possible again, because we do lookup
731 * in main socket hash table and lock on listening
732 * socket does not protect us more.
734 __sk_add_backlog(child, skb);
737 bh_unlock_sock(child);
741 EXPORT_SYMBOL(tcp_child_process);
git.openpandora.org / pandora-kernel.git / blob