2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * Implementation of the Transmission Control Protocol(TCP).
8 * IPv4 specific functions
13 * linux/ipv4/tcp_input.c
14 * linux/ipv4/tcp_output.c
16 * See tcp.c for author information
18 * This program is free software; you can redistribute it and/or
19 * modify it under the terms of the GNU General Public License
20 * as published by the Free Software Foundation; either version
21 * 2 of the License, or (at your option) any later version.
26 * David S. Miller : New socket lookup architecture.
27 * This code is dedicated to John Dyson.
28 * David S. Miller : Change semantics of established hash,
29 * half is devoted to TIME_WAIT sockets
30 * and the rest go in the other half.
31 * Andi Kleen : Add support for syncookies and fixed
32 * some bugs: ip options weren't passed to
33 * the TCP layer, missed a check for an
35 * Andi Kleen : Implemented fast path mtu discovery.
36 * Fixed many serious bugs in the
37 * request_sock handling and moved
38 * most of it into the af independent code.
39 * Added tail drop and some other bugfixes.
40 * Added new listen semantics.
41 * Mike McLagan : Routing by source
42 * Juan Jose Ciarlante: ip_dynaddr bits
43 * Andi Kleen: various fixes.
44 * Vitaly E. Lavrov : Transparent proxy revived after year
46 * Andi Kleen : Fix new listen.
47 * Andi Kleen : Fix accept error reporting.
48 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
49 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
50 * a single port at the same time.
54 #include <linux/bottom_half.h>
55 #include <linux/types.h>
56 #include <linux/fcntl.h>
57 #include <linux/module.h>
58 #include <linux/random.h>
59 #include <linux/cache.h>
60 #include <linux/jhash.h>
61 #include <linux/init.h>
62 #include <linux/times.h>
64 #include <net/net_namespace.h>
66 #include <net/inet_hashtables.h>
68 #include <net/transp_v6.h>
70 #include <net/inet_common.h>
71 #include <net/timewait_sock.h>
73 #include <net/netdma.h>
75 #include <linux/inet.h>
76 #include <linux/ipv6.h>
77 #include <linux/stddef.h>
78 #include <linux/proc_fs.h>
79 #include <linux/seq_file.h>
81 #include <linux/crypto.h>
82 #include <linux/scatterlist.h>
84 int sysctl_tcp_tw_reuse __read_mostly;
85 int sysctl_tcp_low_latency __read_mostly;
88 #ifdef CONFIG_TCP_MD5SIG
89 static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk,
91 static int tcp_v4_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
92 __be32 daddr, __be32 saddr, struct tcphdr *th);
95 struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk, __be32 addr)
101 struct inet_hashinfo tcp_hashinfo;
103 static inline __u32 tcp_v4_init_sequence(struct sk_buff *skb)
105 return secure_tcp_sequence_number(ip_hdr(skb)->daddr,
108 tcp_hdr(skb)->source);
111 int tcp_twsk_unique(struct sock *sk, struct sock *sktw, void *twp)
113 const struct tcp_timewait_sock *tcptw = tcp_twsk(sktw);
114 struct tcp_sock *tp = tcp_sk(sk);
116 /* With PAWS, it is safe from the viewpoint
117 of data integrity. Even without PAWS it is safe provided sequence
118 spaces do not overlap i.e. at data rates <= 80Mbit/sec.
120 Actually, the idea is close to VJ's one, only timestamp cache is
121 held not per host, but per port pair and TW bucket is used as state
124 If TW bucket has been already destroyed we fall back to VJ's scheme
125 and use initial timestamp retrieved from peer table.
127 if (tcptw->tw_ts_recent_stamp &&
128 (twp == NULL || (sysctl_tcp_tw_reuse &&
129 get_seconds() - tcptw->tw_ts_recent_stamp > 1))) {
130 tp->write_seq = tcptw->tw_snd_nxt + 65535 + 2;
131 if (tp->write_seq == 0)
133 tp->rx_opt.ts_recent = tcptw->tw_ts_recent;
134 tp->rx_opt.ts_recent_stamp = tcptw->tw_ts_recent_stamp;
142 EXPORT_SYMBOL_GPL(tcp_twsk_unique);
144 /* This will initiate an outgoing connection. */
145 int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
147 struct inet_sock *inet = inet_sk(sk);
148 struct tcp_sock *tp = tcp_sk(sk);
149 struct sockaddr_in *usin = (struct sockaddr_in *)uaddr;
151 __be32 daddr, nexthop;
155 if (addr_len < sizeof(struct sockaddr_in))
158 if (usin->sin_family != AF_INET)
159 return -EAFNOSUPPORT;
161 nexthop = daddr = usin->sin_addr.s_addr;
162 if (inet->opt && inet->opt->srr) {
165 nexthop = inet->opt->faddr;
168 tmp = ip_route_connect(&rt, nexthop, inet->saddr,
169 RT_CONN_FLAGS(sk), sk->sk_bound_dev_if,
171 inet->sport, usin->sin_port, sk, 1);
173 if (tmp == -ENETUNREACH)
174 IP_INC_STATS_BH(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
178 if (rt->rt_flags & (RTCF_MULTICAST | RTCF_BROADCAST)) {
183 if (!inet->opt || !inet->opt->srr)
187 inet->saddr = rt->rt_src;
188 inet->rcv_saddr = inet->saddr;
190 if (tp->rx_opt.ts_recent_stamp && inet->daddr != daddr) {
191 /* Reset inherited state */
192 tp->rx_opt.ts_recent = 0;
193 tp->rx_opt.ts_recent_stamp = 0;
197 if (tcp_death_row.sysctl_tw_recycle &&
198 !tp->rx_opt.ts_recent_stamp && rt->rt_dst == daddr) {
199 struct inet_peer *peer = rt_get_peer(rt);
201 * VJ's idea. We save last timestamp seen from
202 * the destination in peer table, when entering state
203 * TIME-WAIT * and initialize rx_opt.ts_recent from it,
204 * when trying new connection.
207 peer->tcp_ts_stamp + TCP_PAWS_MSL >= get_seconds()) {
208 tp->rx_opt.ts_recent_stamp = peer->tcp_ts_stamp;
209 tp->rx_opt.ts_recent = peer->tcp_ts;
213 inet->dport = usin->sin_port;
216 inet_csk(sk)->icsk_ext_hdr_len = 0;
218 inet_csk(sk)->icsk_ext_hdr_len = inet->opt->optlen;
220 tp->rx_opt.mss_clamp = 536;
222 /* Socket identity is still unknown (sport may be zero).
223 * However we set state to SYN-SENT and not releasing socket
224 * lock select source port, enter ourselves into the hash tables and
225 * complete initialization after this.
227 tcp_set_state(sk, TCP_SYN_SENT);
228 err = inet_hash_connect(&tcp_death_row, sk);
232 err = ip_route_newports(&rt, IPPROTO_TCP,
233 inet->sport, inet->dport, sk);
237 /* OK, now commit destination to socket. */
238 sk->sk_gso_type = SKB_GSO_TCPV4;
239 sk_setup_caps(sk, &rt->u.dst);
242 tp->write_seq = secure_tcp_sequence_number(inet->saddr,
247 inet->id = tp->write_seq ^ jiffies;
249 err = tcp_connect(sk);
258 * This unhashes the socket and releases the local port,
261 tcp_set_state(sk, TCP_CLOSE);
263 sk->sk_route_caps = 0;
269 * This routine does path mtu discovery as defined in RFC1191.
271 static void do_pmtu_discovery(struct sock *sk, struct iphdr *iph, u32 mtu)
273 struct dst_entry *dst;
274 struct inet_sock *inet = inet_sk(sk);
276 /* We are not interested in TCP_LISTEN and open_requests (SYN-ACKs
277 * send out by Linux are always <576bytes so they should go through
280 if (sk->sk_state == TCP_LISTEN)
283 /* We don't check in the destentry if pmtu discovery is forbidden
284 * on this route. We just assume that no packet_to_big packets
285 * are send back when pmtu discovery is not active.
286 * There is a small race when the user changes this flag in the
287 * route, but I think that's acceptable.
289 if ((dst = __sk_dst_check(sk, 0)) == NULL)
292 dst->ops->update_pmtu(dst, mtu);
294 /* Something is about to be wrong... Remember soft error
295 * for the case, if this connection will not able to recover.
297 if (mtu < dst_mtu(dst) && ip_dont_fragment(sk, dst))
298 sk->sk_err_soft = EMSGSIZE;
302 if (inet->pmtudisc != IP_PMTUDISC_DONT &&
303 inet_csk(sk)->icsk_pmtu_cookie > mtu) {
304 tcp_sync_mss(sk, mtu);
306 /* Resend the TCP packet because it's
307 * clear that the old packet has been
308 * dropped. This is the new "fast" path mtu
311 tcp_simple_retransmit(sk);
312 } /* else let the usual retransmit timer handle it */
316 * This routine is called by the ICMP module when it gets some
317 * sort of error condition. If err < 0 then the socket should
318 * be closed and the error returned to the user. If err > 0
319 * it's just the icmp type << 8 | icmp code. After adjustment
320 * header points to the first 8 bytes of the tcp header. We need
321 * to find the appropriate port.
323 * The locking strategy used here is very "optimistic". When
324 * someone else accesses the socket the ICMP is just dropped
325 * and for some paths there is no check at all.
326 * A more general error queue to queue errors for later handling
327 * is probably better.
331 void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
333 struct iphdr *iph = (struct iphdr *)icmp_skb->data;
334 struct tcphdr *th = (struct tcphdr *)(icmp_skb->data + (iph->ihl << 2));
335 struct inet_connection_sock *icsk;
337 struct inet_sock *inet;
338 const int type = icmp_hdr(icmp_skb)->type;
339 const int code = icmp_hdr(icmp_skb)->code;
345 struct net *net = dev_net(icmp_skb->dev);
347 if (icmp_skb->len < (iph->ihl << 2) + 8) {
348 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
352 sk = inet_lookup(net, &tcp_hashinfo, iph->daddr, th->dest,
353 iph->saddr, th->source, inet_iif(icmp_skb));
355 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
358 if (sk->sk_state == TCP_TIME_WAIT) {
359 inet_twsk_put(inet_twsk(sk));
364 /* If too many ICMPs get dropped on busy
365 * servers this needs to be solved differently.
367 if (sock_owned_by_user(sk))
368 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
370 if (sk->sk_state == TCP_CLOSE)
375 seq = ntohl(th->seq);
376 if (sk->sk_state != TCP_LISTEN &&
377 !between(seq, tp->snd_una, tp->snd_nxt)) {
378 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
383 case ICMP_SOURCE_QUENCH:
384 /* Just silently ignore these. */
386 case ICMP_PARAMETERPROB:
389 case ICMP_DEST_UNREACH:
390 if (code > NR_ICMP_UNREACH)
393 if (code == ICMP_FRAG_NEEDED) { /* PMTU discovery (RFC1191) */
394 if (!sock_owned_by_user(sk))
395 do_pmtu_discovery(sk, iph, info);
399 err = icmp_err_convert[code].errno;
400 /* check if icmp_skb allows revert of backoff
401 * (see draft-zimmermann-tcp-lcd) */
402 if (code != ICMP_NET_UNREACH && code != ICMP_HOST_UNREACH)
404 if (seq != tp->snd_una || !icsk->icsk_retransmits ||
408 icsk->icsk_backoff--;
409 inet_csk(sk)->icsk_rto = __tcp_set_rto(tp) <<
413 skb = tcp_write_queue_head(sk);
416 remaining = icsk->icsk_rto - min(icsk->icsk_rto,
417 tcp_time_stamp - TCP_SKB_CB(skb)->when);
420 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
421 remaining, TCP_RTO_MAX);
422 } else if (sock_owned_by_user(sk)) {
423 /* RTO revert clocked out retransmission,
424 * but socket is locked. Will defer. */
425 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
428 /* RTO revert clocked out retransmission.
429 * Will retransmit now */
430 tcp_retransmit_timer(sk);
434 case ICMP_TIME_EXCEEDED:
441 switch (sk->sk_state) {
442 struct request_sock *req, **prev;
444 if (sock_owned_by_user(sk))
447 req = inet_csk_search_req(sk, &prev, th->dest,
448 iph->daddr, iph->saddr);
452 /* ICMPs are not backlogged, hence we cannot get
453 an established socket here.
457 if (seq != tcp_rsk(req)->snt_isn) {
458 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
463 * Still in SYN_RECV, just remove it silently.
464 * There is no good way to pass the error to the newly
465 * created socket, and POSIX does not want network
466 * errors returned from accept().
468 inet_csk_reqsk_queue_drop(sk, req, prev);
472 case TCP_SYN_RECV: /* Cannot happen.
473 It can f.e. if SYNs crossed.
475 if (!sock_owned_by_user(sk)) {
478 sk->sk_error_report(sk);
482 sk->sk_err_soft = err;
487 /* If we've already connected we will keep trying
488 * until we time out, or the user gives up.
490 * rfc1122 4.2.3.9 allows to consider as hard errors
491 * only PROTO_UNREACH and PORT_UNREACH (well, FRAG_FAILED too,
492 * but it is obsoleted by pmtu discovery).
494 * Note, that in modern internet, where routing is unreliable
495 * and in each dark corner broken firewalls sit, sending random
496 * errors ordered by their masters even this two messages finally lose
497 * their original sense (even Linux sends invalid PORT_UNREACHs)
499 * Now we are in compliance with RFCs.
504 if (!sock_owned_by_user(sk) && inet->recverr) {
506 sk->sk_error_report(sk);
507 } else { /* Only an error on timeout */
508 sk->sk_err_soft = err;
516 /* This routine computes an IPv4 TCP checksum. */
517 void tcp_v4_send_check(struct sock *sk, int len, struct sk_buff *skb)
519 struct inet_sock *inet = inet_sk(sk);
520 struct tcphdr *th = tcp_hdr(skb);
522 if (skb->ip_summed == CHECKSUM_PARTIAL) {
523 th->check = ~tcp_v4_check(len, inet->saddr,
525 skb->csum_start = skb_transport_header(skb) - skb->head;
526 skb->csum_offset = offsetof(struct tcphdr, check);
528 th->check = tcp_v4_check(len, inet->saddr, inet->daddr,
535 int tcp_v4_gso_send_check(struct sk_buff *skb)
537 const struct iphdr *iph;
540 if (!pskb_may_pull(skb, sizeof(*th)))
547 th->check = ~tcp_v4_check(skb->len, iph->saddr, iph->daddr, 0);
548 skb->csum_start = skb_transport_header(skb) - skb->head;
549 skb->csum_offset = offsetof(struct tcphdr, check);
550 skb->ip_summed = CHECKSUM_PARTIAL;
555 * This routine will send an RST to the other tcp.
557 * Someone asks: why I NEVER use socket parameters (TOS, TTL etc.)
559 * Answer: if a packet caused RST, it is not for a socket
560 * existing in our system, if it is matched to a socket,
561 * it is just duplicate segment or bug in other side's TCP.
562 * So that we build reply only basing on parameters
563 * arrived with segment.
564 * Exception: precedence violation. We do not implement it in any case.
567 static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
569 struct tcphdr *th = tcp_hdr(skb);
572 #ifdef CONFIG_TCP_MD5SIG
573 __be32 opt[(TCPOLEN_MD5SIG_ALIGNED >> 2)];
576 struct ip_reply_arg arg;
577 #ifdef CONFIG_TCP_MD5SIG
578 struct tcp_md5sig_key *key;
582 /* Never send a reset in response to a reset. */
586 if (skb_rtable(skb)->rt_type != RTN_LOCAL)
589 /* Swap the send and the receive. */
590 memset(&rep, 0, sizeof(rep));
591 rep.th.dest = th->source;
592 rep.th.source = th->dest;
593 rep.th.doff = sizeof(struct tcphdr) / 4;
597 rep.th.seq = th->ack_seq;
600 rep.th.ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin +
601 skb->len - (th->doff << 2));
604 memset(&arg, 0, sizeof(arg));
605 arg.iov[0].iov_base = (unsigned char *)&rep;
606 arg.iov[0].iov_len = sizeof(rep.th);
608 #ifdef CONFIG_TCP_MD5SIG
609 key = sk ? tcp_v4_md5_do_lookup(sk, ip_hdr(skb)->daddr) : NULL;
611 rep.opt[0] = htonl((TCPOPT_NOP << 24) |
613 (TCPOPT_MD5SIG << 8) |
615 /* Update length and the length the header thinks exists */
616 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
617 rep.th.doff = arg.iov[0].iov_len / 4;
619 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[1],
620 key, ip_hdr(skb)->saddr,
621 ip_hdr(skb)->daddr, &rep.th);
624 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
625 ip_hdr(skb)->saddr, /* XXX */
626 arg.iov[0].iov_len, IPPROTO_TCP, 0);
627 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
628 arg.flags = (sk && inet_sk(sk)->transparent) ? IP_REPLY_ARG_NOSRCCHECK : 0;
630 net = dev_net(skb_dst(skb)->dev);
631 ip_send_reply(net->ipv4.tcp_sock, skb,
632 &arg, arg.iov[0].iov_len);
634 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
635 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
638 /* The code following below sending ACKs in SYN-RECV and TIME-WAIT states
639 outside socket context is ugly, certainly. What can I do?
642 static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, u32 ack,
643 u32 win, u32 ts, int oif,
644 struct tcp_md5sig_key *key,
647 struct tcphdr *th = tcp_hdr(skb);
650 __be32 opt[(TCPOLEN_TSTAMP_ALIGNED >> 2)
651 #ifdef CONFIG_TCP_MD5SIG
652 + (TCPOLEN_MD5SIG_ALIGNED >> 2)
656 struct ip_reply_arg arg;
657 struct net *net = dev_net(skb_dst(skb)->dev);
659 memset(&rep.th, 0, sizeof(struct tcphdr));
660 memset(&arg, 0, sizeof(arg));
662 arg.iov[0].iov_base = (unsigned char *)&rep;
663 arg.iov[0].iov_len = sizeof(rep.th);
665 rep.opt[0] = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
666 (TCPOPT_TIMESTAMP << 8) |
668 rep.opt[1] = htonl(tcp_time_stamp);
669 rep.opt[2] = htonl(ts);
670 arg.iov[0].iov_len += TCPOLEN_TSTAMP_ALIGNED;
673 /* Swap the send and the receive. */
674 rep.th.dest = th->source;
675 rep.th.source = th->dest;
676 rep.th.doff = arg.iov[0].iov_len / 4;
677 rep.th.seq = htonl(seq);
678 rep.th.ack_seq = htonl(ack);
680 rep.th.window = htons(win);
682 #ifdef CONFIG_TCP_MD5SIG
684 int offset = (ts) ? 3 : 0;
686 rep.opt[offset++] = htonl((TCPOPT_NOP << 24) |
688 (TCPOPT_MD5SIG << 8) |
690 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
691 rep.th.doff = arg.iov[0].iov_len/4;
693 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[offset],
694 key, ip_hdr(skb)->saddr,
695 ip_hdr(skb)->daddr, &rep.th);
698 arg.flags = reply_flags;
699 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
700 ip_hdr(skb)->saddr, /* XXX */
701 arg.iov[0].iov_len, IPPROTO_TCP, 0);
702 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
704 arg.bound_dev_if = oif;
706 ip_send_reply(net->ipv4.tcp_sock, skb,
707 &arg, arg.iov[0].iov_len);
709 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
712 static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb)
714 struct inet_timewait_sock *tw = inet_twsk(sk);
715 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
717 tcp_v4_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
718 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
721 tcp_twsk_md5_key(tcptw),
722 tw->tw_transparent ? IP_REPLY_ARG_NOSRCCHECK : 0
728 static void tcp_v4_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
729 struct request_sock *req)
731 tcp_v4_send_ack(skb, tcp_rsk(req)->snt_isn + 1,
732 tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd,
735 tcp_v4_md5_do_lookup(sk, ip_hdr(skb)->daddr),
736 inet_rsk(req)->no_srccheck ? IP_REPLY_ARG_NOSRCCHECK : 0);
740 * Send a SYN-ACK after having received a SYN.
741 * This still operates on a request_sock only, not on a big
744 static int __tcp_v4_send_synack(struct sock *sk, struct request_sock *req,
745 struct dst_entry *dst)
747 const struct inet_request_sock *ireq = inet_rsk(req);
749 struct sk_buff * skb;
751 /* First, grab a route. */
752 if (!dst && (dst = inet_csk_route_req(sk, req)) == NULL)
755 skb = tcp_make_synack(sk, dst, req);
758 struct tcphdr *th = tcp_hdr(skb);
760 th->check = tcp_v4_check(skb->len,
763 csum_partial(th, skb->len,
766 err = ip_build_and_send_pkt(skb, sk, ireq->loc_addr,
769 err = net_xmit_eval(err);
776 static int tcp_v4_send_synack(struct sock *sk, struct request_sock *req)
778 return __tcp_v4_send_synack(sk, req, NULL);
782 * IPv4 request_sock destructor.
784 static void tcp_v4_reqsk_destructor(struct request_sock *req)
786 kfree(inet_rsk(req)->opt);
789 #ifdef CONFIG_SYN_COOKIES
790 static void syn_flood_warning(struct sk_buff *skb)
792 static unsigned long warntime;
794 if (time_after(jiffies, (warntime + HZ * 60))) {
797 "possible SYN flooding on port %d. Sending cookies.\n",
798 ntohs(tcp_hdr(skb)->dest));
804 * Save and compile IPv4 options into the request_sock if needed.
806 static struct ip_options *tcp_v4_save_options(struct sock *sk,
809 struct ip_options *opt = &(IPCB(skb)->opt);
810 struct ip_options *dopt = NULL;
812 if (opt && opt->optlen) {
813 int opt_size = optlength(opt);
814 dopt = kmalloc(opt_size, GFP_ATOMIC);
816 if (ip_options_echo(dopt, skb)) {
825 #ifdef CONFIG_TCP_MD5SIG
827 * RFC2385 MD5 checksumming requires a mapping of
828 * IP address->MD5 Key.
829 * We need to maintain these in the sk structure.
832 /* Find the Key structure for an address. */
833 static struct tcp_md5sig_key *
834 tcp_v4_md5_do_lookup(struct sock *sk, __be32 addr)
836 struct tcp_sock *tp = tcp_sk(sk);
839 if (!tp->md5sig_info || !tp->md5sig_info->entries4)
841 for (i = 0; i < tp->md5sig_info->entries4; i++) {
842 if (tp->md5sig_info->keys4[i].addr == addr)
843 return &tp->md5sig_info->keys4[i].base;
848 struct tcp_md5sig_key *tcp_v4_md5_lookup(struct sock *sk,
849 struct sock *addr_sk)
851 return tcp_v4_md5_do_lookup(sk, inet_sk(addr_sk)->daddr);
854 EXPORT_SYMBOL(tcp_v4_md5_lookup);
856 static struct tcp_md5sig_key *tcp_v4_reqsk_md5_lookup(struct sock *sk,
857 struct request_sock *req)
859 return tcp_v4_md5_do_lookup(sk, inet_rsk(req)->rmt_addr);
862 /* This can be called on a newly created socket, from other files */
863 int tcp_v4_md5_do_add(struct sock *sk, __be32 addr,
864 u8 *newkey, u8 newkeylen)
866 /* Add Key to the list */
867 struct tcp_md5sig_key *key;
868 struct tcp_sock *tp = tcp_sk(sk);
869 struct tcp4_md5sig_key *keys;
871 key = tcp_v4_md5_do_lookup(sk, addr);
873 /* Pre-existing entry - just update that one. */
876 key->keylen = newkeylen;
878 struct tcp_md5sig_info *md5sig;
880 if (!tp->md5sig_info) {
881 tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info),
883 if (!tp->md5sig_info) {
887 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
889 if (tcp_alloc_md5sig_pool(sk) == NULL) {
893 md5sig = tp->md5sig_info;
895 if (md5sig->alloced4 == md5sig->entries4) {
896 keys = kmalloc((sizeof(*keys) *
897 (md5sig->entries4 + 1)), GFP_ATOMIC);
900 tcp_free_md5sig_pool();
904 if (md5sig->entries4)
905 memcpy(keys, md5sig->keys4,
906 sizeof(*keys) * md5sig->entries4);
908 /* Free old key list, and reference new one */
909 kfree(md5sig->keys4);
910 md5sig->keys4 = keys;
914 md5sig->keys4[md5sig->entries4 - 1].addr = addr;
915 md5sig->keys4[md5sig->entries4 - 1].base.key = newkey;
916 md5sig->keys4[md5sig->entries4 - 1].base.keylen = newkeylen;
921 EXPORT_SYMBOL(tcp_v4_md5_do_add);
923 static int tcp_v4_md5_add_func(struct sock *sk, struct sock *addr_sk,
924 u8 *newkey, u8 newkeylen)
926 return tcp_v4_md5_do_add(sk, inet_sk(addr_sk)->daddr,
930 int tcp_v4_md5_do_del(struct sock *sk, __be32 addr)
932 struct tcp_sock *tp = tcp_sk(sk);
935 for (i = 0; i < tp->md5sig_info->entries4; i++) {
936 if (tp->md5sig_info->keys4[i].addr == addr) {
938 kfree(tp->md5sig_info->keys4[i].base.key);
939 tp->md5sig_info->entries4--;
941 if (tp->md5sig_info->entries4 == 0) {
942 kfree(tp->md5sig_info->keys4);
943 tp->md5sig_info->keys4 = NULL;
944 tp->md5sig_info->alloced4 = 0;
945 } else if (tp->md5sig_info->entries4 != i) {
946 /* Need to do some manipulation */
947 memmove(&tp->md5sig_info->keys4[i],
948 &tp->md5sig_info->keys4[i+1],
949 (tp->md5sig_info->entries4 - i) *
950 sizeof(struct tcp4_md5sig_key));
952 tcp_free_md5sig_pool();
959 EXPORT_SYMBOL(tcp_v4_md5_do_del);
961 static void tcp_v4_clear_md5_list(struct sock *sk)
963 struct tcp_sock *tp = tcp_sk(sk);
965 /* Free each key, then the set of key keys,
966 * the crypto element, and then decrement our
967 * hold on the last resort crypto.
969 if (tp->md5sig_info->entries4) {
971 for (i = 0; i < tp->md5sig_info->entries4; i++)
972 kfree(tp->md5sig_info->keys4[i].base.key);
973 tp->md5sig_info->entries4 = 0;
974 tcp_free_md5sig_pool();
976 if (tp->md5sig_info->keys4) {
977 kfree(tp->md5sig_info->keys4);
978 tp->md5sig_info->keys4 = NULL;
979 tp->md5sig_info->alloced4 = 0;
983 static int tcp_v4_parse_md5_keys(struct sock *sk, char __user *optval,
986 struct tcp_md5sig cmd;
987 struct sockaddr_in *sin = (struct sockaddr_in *)&cmd.tcpm_addr;
990 if (optlen < sizeof(cmd))
993 if (copy_from_user(&cmd, optval, sizeof(cmd)))
996 if (sin->sin_family != AF_INET)
999 if (!cmd.tcpm_key || !cmd.tcpm_keylen) {
1000 if (!tcp_sk(sk)->md5sig_info)
1002 return tcp_v4_md5_do_del(sk, sin->sin_addr.s_addr);
1005 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
1008 if (!tcp_sk(sk)->md5sig_info) {
1009 struct tcp_sock *tp = tcp_sk(sk);
1010 struct tcp_md5sig_info *p;
1012 p = kzalloc(sizeof(*p), sk->sk_allocation);
1016 tp->md5sig_info = p;
1017 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
1020 newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, sk->sk_allocation);
1023 return tcp_v4_md5_do_add(sk, sin->sin_addr.s_addr,
1024 newkey, cmd.tcpm_keylen);
1027 static int tcp_v4_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
1028 __be32 daddr, __be32 saddr, int nbytes)
1030 struct tcp4_pseudohdr *bp;
1031 struct scatterlist sg;
1033 bp = &hp->md5_blk.ip4;
1036 * 1. the TCP pseudo-header (in the order: source IP address,
1037 * destination IP address, zero-padded protocol number, and
1043 bp->protocol = IPPROTO_TCP;
1044 bp->len = cpu_to_be16(nbytes);
1046 sg_init_one(&sg, bp, sizeof(*bp));
1047 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
1050 static int tcp_v4_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
1051 __be32 daddr, __be32 saddr, struct tcphdr *th)
1053 struct tcp_md5sig_pool *hp;
1054 struct hash_desc *desc;
1056 hp = tcp_get_md5sig_pool();
1058 goto clear_hash_noput;
1059 desc = &hp->md5_desc;
1061 if (crypto_hash_init(desc))
1063 if (tcp_v4_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
1065 if (tcp_md5_hash_header(hp, th))
1067 if (tcp_md5_hash_key(hp, key))
1069 if (crypto_hash_final(desc, md5_hash))
1072 tcp_put_md5sig_pool();
1076 tcp_put_md5sig_pool();
1078 memset(md5_hash, 0, 16);
1082 int tcp_v4_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
1083 struct sock *sk, struct request_sock *req,
1084 struct sk_buff *skb)
1086 struct tcp_md5sig_pool *hp;
1087 struct hash_desc *desc;
1088 struct tcphdr *th = tcp_hdr(skb);
1089 __be32 saddr, daddr;
1092 saddr = inet_sk(sk)->saddr;
1093 daddr = inet_sk(sk)->daddr;
1095 saddr = inet_rsk(req)->loc_addr;
1096 daddr = inet_rsk(req)->rmt_addr;
1098 const struct iphdr *iph = ip_hdr(skb);
1103 hp = tcp_get_md5sig_pool();
1105 goto clear_hash_noput;
1106 desc = &hp->md5_desc;
1108 if (crypto_hash_init(desc))
1111 if (tcp_v4_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
1113 if (tcp_md5_hash_header(hp, th))
1115 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
1117 if (tcp_md5_hash_key(hp, key))
1119 if (crypto_hash_final(desc, md5_hash))
1122 tcp_put_md5sig_pool();
1126 tcp_put_md5sig_pool();
1128 memset(md5_hash, 0, 16);
1132 EXPORT_SYMBOL(tcp_v4_md5_hash_skb);
1134 static int tcp_v4_inbound_md5_hash(struct sock *sk, struct sk_buff *skb)
1137 * This gets called for each TCP segment that arrives
1138 * so we want to be efficient.
1139 * We have 3 drop cases:
1140 * o No MD5 hash and one expected.
1141 * o MD5 hash and we're not expecting one.
1142 * o MD5 hash and its wrong.
1144 __u8 *hash_location = NULL;
1145 struct tcp_md5sig_key *hash_expected;
1146 const struct iphdr *iph = ip_hdr(skb);
1147 struct tcphdr *th = tcp_hdr(skb);
1149 unsigned char newhash[16];
1151 hash_expected = tcp_v4_md5_do_lookup(sk, iph->saddr);
1152 hash_location = tcp_parse_md5sig_option(th);
1154 /* We've parsed the options - do we have a hash? */
1155 if (!hash_expected && !hash_location)
1158 if (hash_expected && !hash_location) {
1159 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
1163 if (!hash_expected && hash_location) {
1164 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
1168 /* Okay, so this is hash_expected and hash_location -
1169 * so we need to calculate the checksum.
1171 genhash = tcp_v4_md5_hash_skb(newhash,
1175 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
1176 if (net_ratelimit()) {
1177 printk(KERN_INFO "MD5 Hash failed for (%pI4, %d)->(%pI4, %d)%s\n",
1178 &iph->saddr, ntohs(th->source),
1179 &iph->daddr, ntohs(th->dest),
1180 genhash ? " tcp_v4_calc_md5_hash failed" : "");
1189 struct request_sock_ops tcp_request_sock_ops __read_mostly = {
1191 .obj_size = sizeof(struct tcp_request_sock),
1192 .rtx_syn_ack = tcp_v4_send_synack,
1193 .send_ack = tcp_v4_reqsk_send_ack,
1194 .destructor = tcp_v4_reqsk_destructor,
1195 .send_reset = tcp_v4_send_reset,
1198 #ifdef CONFIG_TCP_MD5SIG
1199 static const struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = {
1200 .md5_lookup = tcp_v4_reqsk_md5_lookup,
1201 .calc_md5_hash = tcp_v4_md5_hash_skb,
1205 static struct timewait_sock_ops tcp_timewait_sock_ops = {
1206 .twsk_obj_size = sizeof(struct tcp_timewait_sock),
1207 .twsk_unique = tcp_twsk_unique,
1208 .twsk_destructor= tcp_twsk_destructor,
1211 int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1213 struct inet_request_sock *ireq;
1214 struct tcp_options_received tmp_opt;
1215 struct request_sock *req;
1216 __be32 saddr = ip_hdr(skb)->saddr;
1217 __be32 daddr = ip_hdr(skb)->daddr;
1218 __u32 isn = TCP_SKB_CB(skb)->when;
1219 struct dst_entry *dst = NULL;
1220 #ifdef CONFIG_SYN_COOKIES
1221 int want_cookie = 0;
1223 #define want_cookie 0 /* Argh, why doesn't gcc optimize this :( */
1226 /* Never answer to SYNs send to broadcast or multicast */
1227 if (skb_rtable(skb)->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))
1230 /* TW buckets are converted to open requests without
1231 * limitations, they conserve resources and peer is
1232 * evidently real one.
1234 if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1235 #ifdef CONFIG_SYN_COOKIES
1236 if (sysctl_tcp_syncookies) {
1243 /* Accept backlog is full. If we have already queued enough
1244 * of warm entries in syn queue, drop request. It is better than
1245 * clogging syn queue with openreqs with exponentially increasing
1248 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1251 req = inet_reqsk_alloc(&tcp_request_sock_ops);
1255 #ifdef CONFIG_TCP_MD5SIG
1256 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv4_ops;
1259 tcp_clear_options(&tmp_opt);
1260 tmp_opt.mss_clamp = 536;
1261 tmp_opt.user_mss = tcp_sk(sk)->rx_opt.user_mss;
1263 tcp_parse_options(skb, &tmp_opt, 0);
1265 if (want_cookie && !tmp_opt.saw_tstamp)
1266 tcp_clear_options(&tmp_opt);
1268 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1270 tcp_openreq_init(req, &tmp_opt, skb);
1272 ireq = inet_rsk(req);
1273 ireq->loc_addr = daddr;
1274 ireq->rmt_addr = saddr;
1275 ireq->no_srccheck = inet_sk(sk)->transparent;
1276 ireq->opt = tcp_v4_save_options(sk, skb);
1278 if (security_inet_conn_request(sk, skb, req))
1282 TCP_ECN_create_request(req, tcp_hdr(skb));
1285 #ifdef CONFIG_SYN_COOKIES
1286 syn_flood_warning(skb);
1287 req->cookie_ts = tmp_opt.tstamp_ok;
1289 isn = cookie_v4_init_sequence(sk, skb, &req->mss);
1291 struct inet_peer *peer = NULL;
1293 /* VJ's idea. We save last timestamp seen
1294 * from the destination in peer table, when entering
1295 * state TIME-WAIT, and check against it before
1296 * accepting new connection request.
1298 * If "isn" is not zero, this request hit alive
1299 * timewait bucket, so that all the necessary checks
1300 * are made in the function processing timewait state.
1302 if (tmp_opt.saw_tstamp &&
1303 tcp_death_row.sysctl_tw_recycle &&
1304 (dst = inet_csk_route_req(sk, req)) != NULL &&
1305 (peer = rt_get_peer((struct rtable *)dst)) != NULL &&
1306 peer->v4daddr == saddr) {
1307 if (get_seconds() < peer->tcp_ts_stamp + TCP_PAWS_MSL &&
1308 (s32)(peer->tcp_ts - req->ts_recent) >
1310 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSPASSIVEREJECTED);
1311 goto drop_and_release;
1314 /* Kill the following clause, if you dislike this way. */
1315 else if (!sysctl_tcp_syncookies &&
1316 (sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) <
1317 (sysctl_max_syn_backlog >> 2)) &&
1318 (!peer || !peer->tcp_ts_stamp) &&
1319 (!dst || !dst_metric(dst, RTAX_RTT))) {
1320 /* Without syncookies last quarter of
1321 * backlog is filled with destinations,
1322 * proven to be alive.
1323 * It means that we continue to communicate
1324 * to destinations, already remembered
1325 * to the moment of synflood.
1327 LIMIT_NETDEBUG(KERN_DEBUG "TCP: drop open request from %pI4/%u\n",
1328 &saddr, ntohs(tcp_hdr(skb)->source));
1329 goto drop_and_release;
1332 isn = tcp_v4_init_sequence(skb);
1334 tcp_rsk(req)->snt_isn = isn;
1336 if (__tcp_v4_send_synack(sk, req, dst) || want_cookie)
1339 inet_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1352 * The three way handshake has completed - we got a valid synack -
1353 * now create the new socket.
1355 struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1356 struct request_sock *req,
1357 struct dst_entry *dst)
1359 struct inet_request_sock *ireq;
1360 struct inet_sock *newinet;
1361 struct tcp_sock *newtp;
1363 #ifdef CONFIG_TCP_MD5SIG
1364 struct tcp_md5sig_key *key;
1367 if (sk_acceptq_is_full(sk))
1370 if (!dst && (dst = inet_csk_route_req(sk, req)) == NULL)
1373 newsk = tcp_create_openreq_child(sk, req, skb);
1377 newsk->sk_gso_type = SKB_GSO_TCPV4;
1378 sk_setup_caps(newsk, dst);
1380 newtp = tcp_sk(newsk);
1381 newinet = inet_sk(newsk);
1382 ireq = inet_rsk(req);
1383 newinet->daddr = ireq->rmt_addr;
1384 newinet->rcv_saddr = ireq->loc_addr;
1385 newinet->saddr = ireq->loc_addr;
1386 newinet->opt = ireq->opt;
1388 newinet->mc_index = inet_iif(skb);
1389 newinet->mc_ttl = ip_hdr(skb)->ttl;
1390 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1392 inet_csk(newsk)->icsk_ext_hdr_len = newinet->opt->optlen;
1393 newinet->id = newtp->write_seq ^ jiffies;
1395 tcp_mtup_init(newsk);
1396 tcp_sync_mss(newsk, dst_mtu(dst));
1397 newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1398 if (tcp_sk(sk)->rx_opt.user_mss &&
1399 tcp_sk(sk)->rx_opt.user_mss < newtp->advmss)
1400 newtp->advmss = tcp_sk(sk)->rx_opt.user_mss;
1402 tcp_initialize_rcv_mss(newsk);
1404 #ifdef CONFIG_TCP_MD5SIG
1405 /* Copy over the MD5 key from the original socket */
1406 if ((key = tcp_v4_md5_do_lookup(sk, newinet->daddr)) != NULL) {
1408 * We're using one, so create a matching key
1409 * on the newsk structure. If we fail to get
1410 * memory, then we end up not copying the key
1413 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1415 tcp_v4_md5_do_add(newsk, newinet->daddr,
1416 newkey, key->keylen);
1417 newsk->sk_route_caps &= ~NETIF_F_GSO_MASK;
1421 __inet_hash_nolisten(newsk);
1422 __inet_inherit_port(sk, newsk);
1427 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1429 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1434 static struct sock *tcp_v4_hnd_req(struct sock *sk, struct sk_buff *skb)
1436 struct tcphdr *th = tcp_hdr(skb);
1437 const struct iphdr *iph = ip_hdr(skb);
1439 struct request_sock **prev;
1440 /* Find possible connection requests. */
1441 struct request_sock *req = inet_csk_search_req(sk, &prev, th->source,
1442 iph->saddr, iph->daddr);
1444 return tcp_check_req(sk, skb, req, prev);
1446 nsk = inet_lookup_established(sock_net(sk), &tcp_hashinfo, iph->saddr,
1447 th->source, iph->daddr, th->dest, inet_iif(skb));
1450 if (nsk->sk_state != TCP_TIME_WAIT) {
1454 inet_twsk_put(inet_twsk(nsk));
1458 #ifdef CONFIG_SYN_COOKIES
1459 if (!th->rst && !th->syn && th->ack)
1460 sk = cookie_v4_check(sk, skb, &(IPCB(skb)->opt));
1465 static __sum16 tcp_v4_checksum_init(struct sk_buff *skb)
1467 const struct iphdr *iph = ip_hdr(skb);
1469 if (skb->ip_summed == CHECKSUM_COMPLETE) {
1470 if (!tcp_v4_check(skb->len, iph->saddr,
1471 iph->daddr, skb->csum)) {
1472 skb->ip_summed = CHECKSUM_UNNECESSARY;
1477 skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr,
1478 skb->len, IPPROTO_TCP, 0);
1480 if (skb->len <= 76) {
1481 return __skb_checksum_complete(skb);
1487 /* The socket must have it's spinlock held when we get
1490 * We have a potential double-lock case here, so even when
1491 * doing backlog processing we use the BH locking scheme.
1492 * This is because we cannot sleep with the original spinlock
1495 int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
1498 #ifdef CONFIG_TCP_MD5SIG
1500 * We really want to reject the packet as early as possible
1502 * o We're expecting an MD5'd packet and this is no MD5 tcp option
1503 * o There is an MD5 option and we're not expecting one
1505 if (tcp_v4_inbound_md5_hash(sk, skb))
1509 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1510 TCP_CHECK_TIMER(sk);
1511 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) {
1515 TCP_CHECK_TIMER(sk);
1519 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1522 if (sk->sk_state == TCP_LISTEN) {
1523 struct sock *nsk = tcp_v4_hnd_req(sk, skb);
1528 if (tcp_child_process(sk, nsk, skb)) {
1536 TCP_CHECK_TIMER(sk);
1537 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) {
1541 TCP_CHECK_TIMER(sk);
1545 tcp_v4_send_reset(rsk, skb);
1548 /* Be careful here. If this function gets more complicated and
1549 * gcc suffers from register pressure on the x86, sk (in %ebx)
1550 * might be destroyed here. This current version compiles correctly,
1551 * but you have been warned.
1556 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1564 int tcp_v4_rcv(struct sk_buff *skb)
1566 const struct iphdr *iph;
1570 struct net *net = dev_net(skb->dev);
1572 if (skb->pkt_type != PACKET_HOST)
1575 /* Count it even if it's bad */
1576 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1578 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1583 if (th->doff < sizeof(struct tcphdr) / 4)
1585 if (!pskb_may_pull(skb, th->doff * 4))
1588 /* An explanation is required here, I think.
1589 * Packet length and doff are validated by header prediction,
1590 * provided case of th->doff==0 is eliminated.
1591 * So, we defer the checks. */
1592 if (!skb_csum_unnecessary(skb) && tcp_v4_checksum_init(skb))
1597 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1598 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1599 skb->len - th->doff * 4);
1600 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1601 TCP_SKB_CB(skb)->when = 0;
1602 TCP_SKB_CB(skb)->flags = iph->tos;
1603 TCP_SKB_CB(skb)->sacked = 0;
1605 sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
1610 if (sk->sk_state == TCP_TIME_WAIT)
1613 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
1614 goto discard_and_relse;
1617 if (sk_filter(sk, skb))
1618 goto discard_and_relse;
1622 bh_lock_sock_nested(sk);
1624 if (!sock_owned_by_user(sk)) {
1625 #ifdef CONFIG_NET_DMA
1626 struct tcp_sock *tp = tcp_sk(sk);
1627 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1628 tp->ucopy.dma_chan = dma_find_channel(DMA_MEMCPY);
1629 if (tp->ucopy.dma_chan)
1630 ret = tcp_v4_do_rcv(sk, skb);
1634 if (!tcp_prequeue(sk, skb))
1635 ret = tcp_v4_do_rcv(sk, skb);
1638 sk_add_backlog(sk, skb);
1646 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
1649 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) {
1651 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1653 tcp_v4_send_reset(NULL, skb);
1657 /* Discard frame. */
1666 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1667 inet_twsk_put(inet_twsk(sk));
1671 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) {
1672 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1673 inet_twsk_put(inet_twsk(sk));
1676 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1678 struct sock *sk2 = inet_lookup_listener(dev_net(skb->dev),
1680 iph->daddr, th->dest,
1683 inet_twsk_deschedule(inet_twsk(sk), &tcp_death_row);
1684 inet_twsk_put(inet_twsk(sk));
1688 /* Fall through to ACK */
1691 tcp_v4_timewait_ack(sk, skb);
1695 case TCP_TW_SUCCESS:;
1700 /* VJ's idea. Save last timestamp seen from this destination
1701 * and hold it at least for normal timewait interval to use for duplicate
1702 * segment detection in subsequent connections, before they enter synchronized
1706 int tcp_v4_remember_stamp(struct sock *sk)
1708 struct inet_sock *inet = inet_sk(sk);
1709 struct tcp_sock *tp = tcp_sk(sk);
1710 struct rtable *rt = (struct rtable *)__sk_dst_get(sk);
1711 struct inet_peer *peer = NULL;
1714 if (!rt || rt->rt_dst != inet->daddr) {
1715 peer = inet_getpeer(inet->daddr, 1);
1719 rt_bind_peer(rt, 1);
1724 if ((s32)(peer->tcp_ts - tp->rx_opt.ts_recent) <= 0 ||
1725 (peer->tcp_ts_stamp + TCP_PAWS_MSL < get_seconds() &&
1726 peer->tcp_ts_stamp <= tp->rx_opt.ts_recent_stamp)) {
1727 peer->tcp_ts_stamp = tp->rx_opt.ts_recent_stamp;
1728 peer->tcp_ts = tp->rx_opt.ts_recent;
1738 int tcp_v4_tw_remember_stamp(struct inet_timewait_sock *tw)
1740 struct inet_peer *peer = inet_getpeer(tw->tw_daddr, 1);
1743 const struct tcp_timewait_sock *tcptw = tcp_twsk((struct sock *)tw);
1745 if ((s32)(peer->tcp_ts - tcptw->tw_ts_recent) <= 0 ||
1746 (peer->tcp_ts_stamp + TCP_PAWS_MSL < get_seconds() &&
1747 peer->tcp_ts_stamp <= tcptw->tw_ts_recent_stamp)) {
1748 peer->tcp_ts_stamp = tcptw->tw_ts_recent_stamp;
1749 peer->tcp_ts = tcptw->tw_ts_recent;
1758 const struct inet_connection_sock_af_ops ipv4_specific = {
1759 .queue_xmit = ip_queue_xmit,
1760 .send_check = tcp_v4_send_check,
1761 .rebuild_header = inet_sk_rebuild_header,
1762 .conn_request = tcp_v4_conn_request,
1763 .syn_recv_sock = tcp_v4_syn_recv_sock,
1764 .remember_stamp = tcp_v4_remember_stamp,
1765 .net_header_len = sizeof(struct iphdr),
1766 .setsockopt = ip_setsockopt,
1767 .getsockopt = ip_getsockopt,
1768 .addr2sockaddr = inet_csk_addr2sockaddr,
1769 .sockaddr_len = sizeof(struct sockaddr_in),
1770 .bind_conflict = inet_csk_bind_conflict,
1771 #ifdef CONFIG_COMPAT
1772 .compat_setsockopt = compat_ip_setsockopt,
1773 .compat_getsockopt = compat_ip_getsockopt,
1777 #ifdef CONFIG_TCP_MD5SIG
1778 static const struct tcp_sock_af_ops tcp_sock_ipv4_specific = {
1779 .md5_lookup = tcp_v4_md5_lookup,
1780 .calc_md5_hash = tcp_v4_md5_hash_skb,
1781 .md5_add = tcp_v4_md5_add_func,
1782 .md5_parse = tcp_v4_parse_md5_keys,
1786 /* NOTE: A lot of things set to zero explicitly by call to
1787 * sk_alloc() so need not be done here.
1789 static int tcp_v4_init_sock(struct sock *sk)
1791 struct inet_connection_sock *icsk = inet_csk(sk);
1792 struct tcp_sock *tp = tcp_sk(sk);
1794 skb_queue_head_init(&tp->out_of_order_queue);
1795 tcp_init_xmit_timers(sk);
1796 tcp_prequeue_init(tp);
1798 icsk->icsk_rto = TCP_TIMEOUT_INIT;
1799 tp->mdev = TCP_TIMEOUT_INIT;
1801 /* So many TCP implementations out there (incorrectly) count the
1802 * initial SYN frame in their delayed-ACK and congestion control
1803 * algorithms that we must have the following bandaid to talk
1804 * efficiently to them. -DaveM
1808 /* See draft-stevens-tcpca-spec-01 for discussion of the
1809 * initialization of these values.
1811 tp->snd_ssthresh = TCP_INFINITE_SSTHRESH;
1812 tp->snd_cwnd_clamp = ~0;
1813 tp->mss_cache = 536;
1815 tp->reordering = sysctl_tcp_reordering;
1816 icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1818 sk->sk_state = TCP_CLOSE;
1820 sk->sk_write_space = sk_stream_write_space;
1821 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1823 icsk->icsk_af_ops = &ipv4_specific;
1824 icsk->icsk_sync_mss = tcp_sync_mss;
1825 #ifdef CONFIG_TCP_MD5SIG
1826 tp->af_specific = &tcp_sock_ipv4_specific;
1829 sk->sk_sndbuf = sysctl_tcp_wmem[1];
1830 sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1833 percpu_counter_inc(&tcp_sockets_allocated);
1839 void tcp_v4_destroy_sock(struct sock *sk)
1841 struct tcp_sock *tp = tcp_sk(sk);
1843 tcp_clear_xmit_timers(sk);
1845 tcp_cleanup_congestion_control(sk);
1847 /* Cleanup up the write buffer. */
1848 tcp_write_queue_purge(sk);
1850 /* Cleans up our, hopefully empty, out_of_order_queue. */
1851 __skb_queue_purge(&tp->out_of_order_queue);
1853 #ifdef CONFIG_TCP_MD5SIG
1854 /* Clean up the MD5 key list, if any */
1855 if (tp->md5sig_info) {
1856 tcp_v4_clear_md5_list(sk);
1857 kfree(tp->md5sig_info);
1858 tp->md5sig_info = NULL;
1862 #ifdef CONFIG_NET_DMA
1863 /* Cleans up our sk_async_wait_queue */
1864 __skb_queue_purge(&sk->sk_async_wait_queue);
1867 /* Clean prequeue, it must be empty really */
1868 __skb_queue_purge(&tp->ucopy.prequeue);
1870 /* Clean up a referenced TCP bind bucket. */
1871 if (inet_csk(sk)->icsk_bind_hash)
1875 * If sendmsg cached page exists, toss it.
1877 if (sk->sk_sndmsg_page) {
1878 __free_page(sk->sk_sndmsg_page);
1879 sk->sk_sndmsg_page = NULL;
1882 percpu_counter_dec(&tcp_sockets_allocated);
1885 EXPORT_SYMBOL(tcp_v4_destroy_sock);
1888 * tcp_v4_nuke_addr - destroy all sockets on the given local address
1890 void tcp_v4_nuke_addr(__u32 saddr)
1892 unsigned int bucket;
1894 for (bucket = 0; bucket < tcp_hashinfo.ehash_size; bucket++) {
1895 struct hlist_nulls_node *node;
1897 spinlock_t *lock = inet_ehash_lockp(&tcp_hashinfo, bucket);
1901 sk_nulls_for_each(sk, node, &tcp_hashinfo.ehash[bucket].chain) {
1902 struct inet_sock *inet = inet_sk(sk);
1904 if (inet->rcv_saddr != saddr)
1906 if (sysctl_ip_dynaddr && sk->sk_state == TCP_SYN_SENT)
1908 if (sock_flag(sk, SOCK_DEAD))
1912 spin_unlock_bh(lock);
1916 sk->sk_err = ETIMEDOUT;
1917 sk->sk_error_report(sk);
1926 spin_unlock_bh(lock);
1930 #ifdef CONFIG_PROC_FS
1931 /* Proc filesystem TCP sock list dumping. */
1933 static inline struct inet_timewait_sock *tw_head(struct hlist_nulls_head *head)
1935 return hlist_nulls_empty(head) ? NULL :
1936 list_entry(head->first, struct inet_timewait_sock, tw_node);
1939 static inline struct inet_timewait_sock *tw_next(struct inet_timewait_sock *tw)
1941 return !is_a_nulls(tw->tw_node.next) ?
1942 hlist_nulls_entry(tw->tw_node.next, typeof(*tw), tw_node) : NULL;
1945 static void *listening_get_next(struct seq_file *seq, void *cur)
1947 struct inet_connection_sock *icsk;
1948 struct hlist_nulls_node *node;
1949 struct sock *sk = cur;
1950 struct inet_listen_hashbucket *ilb;
1951 struct tcp_iter_state *st = seq->private;
1952 struct net *net = seq_file_net(seq);
1956 ilb = &tcp_hashinfo.listening_hash[0];
1957 spin_lock_bh(&ilb->lock);
1958 sk = sk_nulls_head(&ilb->head);
1961 ilb = &tcp_hashinfo.listening_hash[st->bucket];
1964 if (st->state == TCP_SEQ_STATE_OPENREQ) {
1965 struct request_sock *req = cur;
1967 icsk = inet_csk(st->syn_wait_sk);
1971 if (req->rsk_ops->family == st->family) {
1977 if (++st->sbucket >= icsk->icsk_accept_queue.listen_opt->nr_table_entries)
1980 req = icsk->icsk_accept_queue.listen_opt->syn_table[st->sbucket];
1982 sk = sk_next(st->syn_wait_sk);
1983 st->state = TCP_SEQ_STATE_LISTENING;
1984 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
1986 icsk = inet_csk(sk);
1987 read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
1988 if (reqsk_queue_len(&icsk->icsk_accept_queue))
1990 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
1994 sk_nulls_for_each_from(sk, node) {
1995 if (sk->sk_family == st->family && net_eq(sock_net(sk), net)) {
1999 icsk = inet_csk(sk);
2000 read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2001 if (reqsk_queue_len(&icsk->icsk_accept_queue)) {
2003 st->uid = sock_i_uid(sk);
2004 st->syn_wait_sk = sk;
2005 st->state = TCP_SEQ_STATE_OPENREQ;
2009 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2011 spin_unlock_bh(&ilb->lock);
2012 if (++st->bucket < INET_LHTABLE_SIZE) {
2013 ilb = &tcp_hashinfo.listening_hash[st->bucket];
2014 spin_lock_bh(&ilb->lock);
2015 sk = sk_nulls_head(&ilb->head);
2023 static void *listening_get_idx(struct seq_file *seq, loff_t *pos)
2025 void *rc = listening_get_next(seq, NULL);
2027 while (rc && *pos) {
2028 rc = listening_get_next(seq, rc);
2034 static inline int empty_bucket(struct tcp_iter_state *st)
2036 return hlist_nulls_empty(&tcp_hashinfo.ehash[st->bucket].chain) &&
2037 hlist_nulls_empty(&tcp_hashinfo.ehash[st->bucket].twchain);
2040 static void *established_get_first(struct seq_file *seq)
2042 struct tcp_iter_state *st = seq->private;
2043 struct net *net = seq_file_net(seq);
2046 for (st->bucket = 0; st->bucket < tcp_hashinfo.ehash_size; ++st->bucket) {
2048 struct hlist_nulls_node *node;
2049 struct inet_timewait_sock *tw;
2050 spinlock_t *lock = inet_ehash_lockp(&tcp_hashinfo, st->bucket);
2052 /* Lockless fast path for the common case of empty buckets */
2053 if (empty_bucket(st))
2057 sk_nulls_for_each(sk, node, &tcp_hashinfo.ehash[st->bucket].chain) {
2058 if (sk->sk_family != st->family ||
2059 !net_eq(sock_net(sk), net)) {
2065 st->state = TCP_SEQ_STATE_TIME_WAIT;
2066 inet_twsk_for_each(tw, node,
2067 &tcp_hashinfo.ehash[st->bucket].twchain) {
2068 if (tw->tw_family != st->family ||
2069 !net_eq(twsk_net(tw), net)) {
2075 spin_unlock_bh(lock);
2076 st->state = TCP_SEQ_STATE_ESTABLISHED;
2082 static void *established_get_next(struct seq_file *seq, void *cur)
2084 struct sock *sk = cur;
2085 struct inet_timewait_sock *tw;
2086 struct hlist_nulls_node *node;
2087 struct tcp_iter_state *st = seq->private;
2088 struct net *net = seq_file_net(seq);
2092 if (st->state == TCP_SEQ_STATE_TIME_WAIT) {
2096 while (tw && (tw->tw_family != st->family || !net_eq(twsk_net(tw), net))) {
2103 spin_unlock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2104 st->state = TCP_SEQ_STATE_ESTABLISHED;
2106 /* Look for next non empty bucket */
2107 while (++st->bucket < tcp_hashinfo.ehash_size &&
2110 if (st->bucket >= tcp_hashinfo.ehash_size)
2113 spin_lock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2114 sk = sk_nulls_head(&tcp_hashinfo.ehash[st->bucket].chain);
2116 sk = sk_nulls_next(sk);
2118 sk_nulls_for_each_from(sk, node) {
2119 if (sk->sk_family == st->family && net_eq(sock_net(sk), net))
2123 st->state = TCP_SEQ_STATE_TIME_WAIT;
2124 tw = tw_head(&tcp_hashinfo.ehash[st->bucket].twchain);
2132 static void *established_get_idx(struct seq_file *seq, loff_t pos)
2134 void *rc = established_get_first(seq);
2137 rc = established_get_next(seq, rc);
2143 static void *tcp_get_idx(struct seq_file *seq, loff_t pos)
2146 struct tcp_iter_state *st = seq->private;
2148 st->state = TCP_SEQ_STATE_LISTENING;
2149 rc = listening_get_idx(seq, &pos);
2152 st->state = TCP_SEQ_STATE_ESTABLISHED;
2153 rc = established_get_idx(seq, pos);
2159 static void *tcp_seq_start(struct seq_file *seq, loff_t *pos)
2161 struct tcp_iter_state *st = seq->private;
2162 st->state = TCP_SEQ_STATE_LISTENING;
2164 return *pos ? tcp_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2167 static void *tcp_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2170 struct tcp_iter_state *st;
2172 if (v == SEQ_START_TOKEN) {
2173 rc = tcp_get_idx(seq, 0);
2178 switch (st->state) {
2179 case TCP_SEQ_STATE_OPENREQ:
2180 case TCP_SEQ_STATE_LISTENING:
2181 rc = listening_get_next(seq, v);
2183 st->state = TCP_SEQ_STATE_ESTABLISHED;
2184 rc = established_get_first(seq);
2187 case TCP_SEQ_STATE_ESTABLISHED:
2188 case TCP_SEQ_STATE_TIME_WAIT:
2189 rc = established_get_next(seq, v);
2197 static void tcp_seq_stop(struct seq_file *seq, void *v)
2199 struct tcp_iter_state *st = seq->private;
2201 switch (st->state) {
2202 case TCP_SEQ_STATE_OPENREQ:
2204 struct inet_connection_sock *icsk = inet_csk(st->syn_wait_sk);
2205 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2207 case TCP_SEQ_STATE_LISTENING:
2208 if (v != SEQ_START_TOKEN)
2209 spin_unlock_bh(&tcp_hashinfo.listening_hash[st->bucket].lock);
2211 case TCP_SEQ_STATE_TIME_WAIT:
2212 case TCP_SEQ_STATE_ESTABLISHED:
2214 spin_unlock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2219 static int tcp_seq_open(struct inode *inode, struct file *file)
2221 struct tcp_seq_afinfo *afinfo = PDE(inode)->data;
2222 struct tcp_iter_state *s;
2225 err = seq_open_net(inode, file, &afinfo->seq_ops,
2226 sizeof(struct tcp_iter_state));
2230 s = ((struct seq_file *)file->private_data)->private;
2231 s->family = afinfo->family;
2235 int tcp_proc_register(struct net *net, struct tcp_seq_afinfo *afinfo)
2238 struct proc_dir_entry *p;
2240 afinfo->seq_fops.open = tcp_seq_open;
2241 afinfo->seq_fops.read = seq_read;
2242 afinfo->seq_fops.llseek = seq_lseek;
2243 afinfo->seq_fops.release = seq_release_net;
2245 afinfo->seq_ops.start = tcp_seq_start;
2246 afinfo->seq_ops.next = tcp_seq_next;
2247 afinfo->seq_ops.stop = tcp_seq_stop;
2249 p = proc_create_data(afinfo->name, S_IRUGO, net->proc_net,
2250 &afinfo->seq_fops, afinfo);
2256 void tcp_proc_unregister(struct net *net, struct tcp_seq_afinfo *afinfo)
2258 proc_net_remove(net, afinfo->name);
2261 static void get_openreq4(struct sock *sk, struct request_sock *req,
2262 struct seq_file *f, int i, int uid, int *len)
2264 const struct inet_request_sock *ireq = inet_rsk(req);
2265 int ttd = req->expires - jiffies;
2267 seq_printf(f, "%4d: %08X:%04X %08X:%04X"
2268 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %u %d %p%n",
2271 ntohs(inet_sk(sk)->sport),
2273 ntohs(ireq->rmt_port),
2275 0, 0, /* could print option size, but that is af dependent. */
2276 1, /* timers active (only the expire timer) */
2277 jiffies_to_clock_t(ttd),
2280 0, /* non standard timer */
2281 0, /* open_requests have no inode */
2282 atomic_read(&sk->sk_refcnt),
2287 static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
2290 unsigned long timer_expires;
2291 struct tcp_sock *tp = tcp_sk(sk);
2292 const struct inet_connection_sock *icsk = inet_csk(sk);
2293 struct inet_sock *inet = inet_sk(sk);
2294 __be32 dest = inet->daddr;
2295 __be32 src = inet->rcv_saddr;
2296 __u16 destp = ntohs(inet->dport);
2297 __u16 srcp = ntohs(inet->sport);
2299 if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
2301 timer_expires = icsk->icsk_timeout;
2302 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2304 timer_expires = icsk->icsk_timeout;
2305 } else if (timer_pending(&sk->sk_timer)) {
2307 timer_expires = sk->sk_timer.expires;
2310 timer_expires = jiffies;
2313 seq_printf(f, "%4d: %08X:%04X %08X:%04X %02X %08X:%08X %02X:%08lX "
2314 "%08X %5d %8d %lu %d %p %lu %lu %u %u %d%n",
2315 i, src, srcp, dest, destp, sk->sk_state,
2316 tp->write_seq - tp->snd_una,
2317 sk->sk_state == TCP_LISTEN ? sk->sk_ack_backlog :
2318 (tp->rcv_nxt - tp->copied_seq),
2320 jiffies_to_clock_t(timer_expires - jiffies),
2321 icsk->icsk_retransmits,
2323 icsk->icsk_probes_out,
2325 atomic_read(&sk->sk_refcnt), sk,
2326 jiffies_to_clock_t(icsk->icsk_rto),
2327 jiffies_to_clock_t(icsk->icsk_ack.ato),
2328 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
2330 tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh,
2334 static void get_timewait4_sock(struct inet_timewait_sock *tw,
2335 struct seq_file *f, int i, int *len)
2339 int ttd = tw->tw_ttd - jiffies;
2344 dest = tw->tw_daddr;
2345 src = tw->tw_rcv_saddr;
2346 destp = ntohs(tw->tw_dport);
2347 srcp = ntohs(tw->tw_sport);
2349 seq_printf(f, "%4d: %08X:%04X %08X:%04X"
2350 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p%n",
2351 i, src, srcp, dest, destp, tw->tw_substate, 0, 0,
2352 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2353 atomic_read(&tw->tw_refcnt), tw, len);
2358 static int tcp4_seq_show(struct seq_file *seq, void *v)
2360 struct tcp_iter_state *st;
2363 if (v == SEQ_START_TOKEN) {
2364 seq_printf(seq, "%-*s\n", TMPSZ - 1,
2365 " sl local_address rem_address st tx_queue "
2366 "rx_queue tr tm->when retrnsmt uid timeout "
2372 switch (st->state) {
2373 case TCP_SEQ_STATE_LISTENING:
2374 case TCP_SEQ_STATE_ESTABLISHED:
2375 get_tcp4_sock(v, seq, st->num, &len);
2377 case TCP_SEQ_STATE_OPENREQ:
2378 get_openreq4(st->syn_wait_sk, v, seq, st->num, st->uid, &len);
2380 case TCP_SEQ_STATE_TIME_WAIT:
2381 get_timewait4_sock(v, seq, st->num, &len);
2384 seq_printf(seq, "%*s\n", TMPSZ - 1 - len, "");
2389 static struct tcp_seq_afinfo tcp4_seq_afinfo = {
2393 .owner = THIS_MODULE,
2396 .show = tcp4_seq_show,
2400 static int tcp4_proc_init_net(struct net *net)
2402 return tcp_proc_register(net, &tcp4_seq_afinfo);
2405 static void tcp4_proc_exit_net(struct net *net)
2407 tcp_proc_unregister(net, &tcp4_seq_afinfo);
2410 static struct pernet_operations tcp4_net_ops = {
2411 .init = tcp4_proc_init_net,
2412 .exit = tcp4_proc_exit_net,
2415 int __init tcp4_proc_init(void)
2417 return register_pernet_subsys(&tcp4_net_ops);
2420 void tcp4_proc_exit(void)
2422 unregister_pernet_subsys(&tcp4_net_ops);
2424 #endif /* CONFIG_PROC_FS */
2426 struct sk_buff **tcp4_gro_receive(struct sk_buff **head, struct sk_buff *skb)
2428 struct iphdr *iph = skb_gro_network_header(skb);
2430 switch (skb->ip_summed) {
2431 case CHECKSUM_COMPLETE:
2432 if (!tcp_v4_check(skb_gro_len(skb), iph->saddr, iph->daddr,
2434 skb->ip_summed = CHECKSUM_UNNECESSARY;
2440 NAPI_GRO_CB(skb)->flush = 1;
2444 return tcp_gro_receive(head, skb);
2446 EXPORT_SYMBOL(tcp4_gro_receive);
2448 int tcp4_gro_complete(struct sk_buff *skb)
2450 struct iphdr *iph = ip_hdr(skb);
2451 struct tcphdr *th = tcp_hdr(skb);
2453 th->check = ~tcp_v4_check(skb->len - skb_transport_offset(skb),
2454 iph->saddr, iph->daddr, 0);
2455 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV4;
2457 return tcp_gro_complete(skb);
2459 EXPORT_SYMBOL(tcp4_gro_complete);
2461 struct proto tcp_prot = {
2463 .owner = THIS_MODULE,
2465 .connect = tcp_v4_connect,
2466 .disconnect = tcp_disconnect,
2467 .accept = inet_csk_accept,
2469 .init = tcp_v4_init_sock,
2470 .destroy = tcp_v4_destroy_sock,
2471 .shutdown = tcp_shutdown,
2472 .setsockopt = tcp_setsockopt,
2473 .getsockopt = tcp_getsockopt,
2474 .recvmsg = tcp_recvmsg,
2475 .backlog_rcv = tcp_v4_do_rcv,
2477 .unhash = inet_unhash,
2478 .get_port = inet_csk_get_port,
2479 .enter_memory_pressure = tcp_enter_memory_pressure,
2480 .sockets_allocated = &tcp_sockets_allocated,
2481 .orphan_count = &tcp_orphan_count,
2482 .memory_allocated = &tcp_memory_allocated,
2483 .memory_pressure = &tcp_memory_pressure,
2484 .sysctl_mem = sysctl_tcp_mem,
2485 .sysctl_wmem = sysctl_tcp_wmem,
2486 .sysctl_rmem = sysctl_tcp_rmem,
2487 .max_header = MAX_TCP_HEADER,
2488 .obj_size = sizeof(struct tcp_sock),
2489 .slab_flags = SLAB_DESTROY_BY_RCU,
2490 .twsk_prot = &tcp_timewait_sock_ops,
2491 .rsk_prot = &tcp_request_sock_ops,
2492 .h.hashinfo = &tcp_hashinfo,
2493 #ifdef CONFIG_COMPAT
2494 .compat_setsockopt = compat_tcp_setsockopt,
2495 .compat_getsockopt = compat_tcp_getsockopt,
2500 static int __net_init tcp_sk_init(struct net *net)
2502 return inet_ctl_sock_create(&net->ipv4.tcp_sock,
2503 PF_INET, SOCK_RAW, IPPROTO_TCP, net);
2506 static void __net_exit tcp_sk_exit(struct net *net)
2508 inet_ctl_sock_destroy(net->ipv4.tcp_sock);
2509 inet_twsk_purge(net, &tcp_hashinfo, &tcp_death_row, AF_INET);
2512 static struct pernet_operations __net_initdata tcp_sk_ops = {
2513 .init = tcp_sk_init,
2514 .exit = tcp_sk_exit,
2517 void __init tcp_v4_init(void)
2519 inet_hashinfo_init(&tcp_hashinfo);
2520 if (register_pernet_subsys(&tcp_sk_ops))
2521 panic("Failed to create the TCP control socket.\n");
2524 EXPORT_SYMBOL(ipv4_specific);
2525 EXPORT_SYMBOL(tcp_hashinfo);
2526 EXPORT_SYMBOL(tcp_prot);
2527 EXPORT_SYMBOL(tcp_v4_conn_request);
2528 EXPORT_SYMBOL(tcp_v4_connect);
2529 EXPORT_SYMBOL(tcp_v4_do_rcv);
2530 EXPORT_SYMBOL(tcp_v4_remember_stamp);
2531 EXPORT_SYMBOL(tcp_v4_send_check);
2532 EXPORT_SYMBOL(tcp_v4_syn_recv_sock);
2534 #ifdef CONFIG_PROC_FS
2535 EXPORT_SYMBOL(tcp_proc_register);
2536 EXPORT_SYMBOL(tcp_proc_unregister);
2538 EXPORT_SYMBOL(sysctl_tcp_low_latency);
projects / firefly-linux-kernel-4.4.55.git / blob