3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
10 * linux/net/ipv4/tcp_input.c
11 * linux/net/ipv4/tcp_output.c
14 * Hideaki YOSHIFUJI : sin6_scope_id support
15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
17 * a single port at the same time.
18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
41 #include <linux/slab.h>
42 #include <linux/uaccess.h>
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
60 #include <net/dsfield.h>
61 #include <net/timewait_sock.h>
62 #include <net/netdma.h>
63 #include <net/inet_common.h>
64 #include <net/secure_seq.h>
65 #include <net/tcp_memcontrol.h>
66 #include <net/busy_poll.h>
68 #include <linux/proc_fs.h>
69 #include <linux/seq_file.h>
71 #include <linux/crypto.h>
72 #include <linux/scatterlist.h>
74 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
75 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
76 struct request_sock *req);
78 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
80 static const struct inet_connection_sock_af_ops ipv6_mapped;
81 static const struct inet_connection_sock_af_ops ipv6_specific;
82 #ifdef CONFIG_TCP_MD5SIG
83 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
84 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
86 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
87 const struct in6_addr *addr)
93 static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
95 struct dst_entry *dst = skb_dst(skb);
98 const struct rt6_info *rt = (const struct rt6_info *)dst;
102 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
104 inet6_sk(sk)->rx_dst_cookie = rt->rt6i_node->fn_sernum;
108 static void tcp_v6_hash(struct sock *sk)
110 if (sk->sk_state != TCP_CLOSE) {
111 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
116 __inet6_hash(sk, NULL);
121 static __u32 tcp_v6_init_sequence(const struct sk_buff *skb)
123 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
124 ipv6_hdr(skb)->saddr.s6_addr32,
126 tcp_hdr(skb)->source);
129 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
132 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
133 struct inet_sock *inet = inet_sk(sk);
134 struct inet_connection_sock *icsk = inet_csk(sk);
135 struct ipv6_pinfo *np = inet6_sk(sk);
136 struct tcp_sock *tp = tcp_sk(sk);
137 struct in6_addr *saddr = NULL, *final_p, final;
140 struct dst_entry *dst;
144 if (addr_len < SIN6_LEN_RFC2133)
147 if (usin->sin6_family != AF_INET6)
148 return -EAFNOSUPPORT;
150 memset(&fl6, 0, sizeof(fl6));
153 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
154 IP6_ECN_flow_init(fl6.flowlabel);
155 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
156 struct ip6_flowlabel *flowlabel;
157 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
158 if (flowlabel == NULL)
160 fl6_sock_release(flowlabel);
165 * connect() to INADDR_ANY means loopback (BSD'ism).
168 if (ipv6_addr_any(&usin->sin6_addr))
169 usin->sin6_addr.s6_addr[15] = 0x1;
171 addr_type = ipv6_addr_type(&usin->sin6_addr);
173 if (addr_type & IPV6_ADDR_MULTICAST)
176 if (addr_type&IPV6_ADDR_LINKLOCAL) {
177 if (addr_len >= sizeof(struct sockaddr_in6) &&
178 usin->sin6_scope_id) {
179 /* If interface is set while binding, indices
182 if (sk->sk_bound_dev_if &&
183 sk->sk_bound_dev_if != usin->sin6_scope_id)
186 sk->sk_bound_dev_if = usin->sin6_scope_id;
189 /* Connect to link-local address requires an interface */
190 if (!sk->sk_bound_dev_if)
194 if (tp->rx_opt.ts_recent_stamp &&
195 !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
196 tp->rx_opt.ts_recent = 0;
197 tp->rx_opt.ts_recent_stamp = 0;
201 sk->sk_v6_daddr = usin->sin6_addr;
202 np->flow_label = fl6.flowlabel;
210 if (addr_type == IPV6_ADDR_MAPPED) {
211 u32 exthdrlen = icsk->icsk_ext_hdr_len;
212 struct sockaddr_in sin;
214 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
216 if (__ipv6_only_sock(sk))
219 sin.sin_family = AF_INET;
220 sin.sin_port = usin->sin6_port;
221 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
223 icsk->icsk_af_ops = &ipv6_mapped;
224 sk->sk_backlog_rcv = tcp_v4_do_rcv;
225 #ifdef CONFIG_TCP_MD5SIG
226 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
229 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
232 icsk->icsk_ext_hdr_len = exthdrlen;
233 icsk->icsk_af_ops = &ipv6_specific;
234 sk->sk_backlog_rcv = tcp_v6_do_rcv;
235 #ifdef CONFIG_TCP_MD5SIG
236 tp->af_specific = &tcp_sock_ipv6_specific;
240 ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr);
241 ipv6_addr_set_v4mapped(inet->inet_rcv_saddr,
242 &sk->sk_v6_rcv_saddr);
248 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
249 saddr = &sk->sk_v6_rcv_saddr;
251 fl6.flowi6_proto = IPPROTO_TCP;
252 fl6.daddr = sk->sk_v6_daddr;
253 fl6.saddr = saddr ? *saddr : np->saddr;
254 fl6.flowi6_oif = sk->sk_bound_dev_if;
255 fl6.flowi6_mark = sk->sk_mark;
256 fl6.fl6_dport = usin->sin6_port;
257 fl6.fl6_sport = inet->inet_sport;
259 final_p = fl6_update_dst(&fl6, np->opt, &final);
261 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
263 dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
271 sk->sk_v6_rcv_saddr = *saddr;
274 /* set the source address */
276 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
278 sk->sk_gso_type = SKB_GSO_TCPV6;
279 __ip6_dst_store(sk, dst, NULL, NULL);
281 rt = (struct rt6_info *) dst;
282 if (tcp_death_row.sysctl_tw_recycle &&
283 !tp->rx_opt.ts_recent_stamp &&
284 ipv6_addr_equal(&rt->rt6i_dst.addr, &sk->sk_v6_daddr))
285 tcp_fetch_timewait_stamp(sk, dst);
287 icsk->icsk_ext_hdr_len = 0;
289 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
292 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
294 inet->inet_dport = usin->sin6_port;
296 tcp_set_state(sk, TCP_SYN_SENT);
297 err = inet6_hash_connect(&tcp_death_row, sk);
301 if (!tp->write_seq && likely(!tp->repair))
302 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
303 sk->sk_v6_daddr.s6_addr32,
307 err = tcp_connect(sk);
314 tcp_set_state(sk, TCP_CLOSE);
317 inet->inet_dport = 0;
318 sk->sk_route_caps = 0;
322 static void tcp_v6_mtu_reduced(struct sock *sk)
324 struct dst_entry *dst;
326 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
329 dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info);
333 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
334 tcp_sync_mss(sk, dst_mtu(dst));
335 tcp_simple_retransmit(sk);
339 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
340 u8 type, u8 code, int offset, __be32 info)
342 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
343 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
344 struct ipv6_pinfo *np;
348 struct request_sock *fastopen;
350 struct net *net = dev_net(skb->dev);
352 sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr,
353 th->dest, &hdr->saddr, th->source, skb->dev->ifindex);
356 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev),
361 if (sk->sk_state == TCP_TIME_WAIT) {
362 inet_twsk_put(inet_twsk(sk));
367 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
368 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
370 if (sk->sk_state == TCP_CLOSE)
373 if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) {
374 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
379 seq = ntohl(th->seq);
380 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
381 fastopen = tp->fastopen_rsk;
382 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
383 if (sk->sk_state != TCP_LISTEN &&
384 !between(seq, snd_una, tp->snd_nxt)) {
385 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
391 if (type == NDISC_REDIRECT) {
392 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
395 dst->ops->redirect(dst, sk, skb);
399 if (type == ICMPV6_PKT_TOOBIG) {
400 /* We are not interested in TCP_LISTEN and open_requests
401 * (SYN-ACKs send out by Linux are always <576bytes so
402 * they should go through unfragmented).
404 if (sk->sk_state == TCP_LISTEN)
407 if (!ip6_sk_accept_pmtu(sk))
410 tp->mtu_info = ntohl(info);
411 if (!sock_owned_by_user(sk))
412 tcp_v6_mtu_reduced(sk);
413 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
419 icmpv6_err_convert(type, code, &err);
421 /* Might be for an request_sock */
422 switch (sk->sk_state) {
423 struct request_sock *req, **prev;
425 if (sock_owned_by_user(sk))
428 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
429 &hdr->saddr, inet6_iif(skb));
433 /* ICMPs are not backlogged, hence we cannot get
434 * an established socket here.
436 WARN_ON(req->sk != NULL);
438 if (seq != tcp_rsk(req)->snt_isn) {
439 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
443 inet_csk_reqsk_queue_drop(sk, req, prev);
444 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
449 /* Only in fast or simultaneous open. If a fast open socket is
450 * is already accepted it is treated as a connected one below.
452 if (fastopen && fastopen->sk == NULL)
455 if (!sock_owned_by_user(sk)) {
457 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
461 sk->sk_err_soft = err;
465 if (!sock_owned_by_user(sk) && np->recverr) {
467 sk->sk_error_report(sk);
469 sk->sk_err_soft = err;
477 static int tcp_v6_send_synack(struct sock *sk, struct dst_entry *dst,
479 struct request_sock *req,
481 struct tcp_fastopen_cookie *foc)
483 struct inet_request_sock *ireq = inet_rsk(req);
484 struct ipv6_pinfo *np = inet6_sk(sk);
485 struct flowi6 *fl6 = &fl->u.ip6;
489 /* First, grab a route. */
490 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req)) == NULL)
493 skb = tcp_make_synack(sk, dst, req, foc);
496 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
497 &ireq->ir_v6_rmt_addr);
499 fl6->daddr = ireq->ir_v6_rmt_addr;
500 if (np->repflow && (ireq->pktopts != NULL))
501 fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
503 skb_set_queue_mapping(skb, queue_mapping);
504 err = ip6_xmit(sk, skb, fl6, np->opt, np->tclass);
505 err = net_xmit_eval(err);
513 static void tcp_v6_reqsk_destructor(struct request_sock *req)
515 kfree_skb(inet_rsk(req)->pktopts);
518 #ifdef CONFIG_TCP_MD5SIG
519 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
520 const struct in6_addr *addr)
522 return tcp_md5_do_lookup(sk, (union tcp_md5_addr *)addr, AF_INET6);
525 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
526 struct sock *addr_sk)
528 return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr);
531 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
532 struct request_sock *req)
534 return tcp_v6_md5_do_lookup(sk, &inet_rsk(req)->ir_v6_rmt_addr);
537 static int tcp_v6_parse_md5_keys(struct sock *sk, char __user *optval,
540 struct tcp_md5sig cmd;
541 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
543 if (optlen < sizeof(cmd))
546 if (copy_from_user(&cmd, optval, sizeof(cmd)))
549 if (sin6->sin6_family != AF_INET6)
552 if (!cmd.tcpm_keylen) {
553 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
554 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
556 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
560 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
563 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
564 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
565 AF_INET, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
567 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
568 AF_INET6, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
571 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
572 const struct in6_addr *daddr,
573 const struct in6_addr *saddr, int nbytes)
575 struct tcp6_pseudohdr *bp;
576 struct scatterlist sg;
578 bp = &hp->md5_blk.ip6;
579 /* 1. TCP pseudo-header (RFC2460) */
582 bp->protocol = cpu_to_be32(IPPROTO_TCP);
583 bp->len = cpu_to_be32(nbytes);
585 sg_init_one(&sg, bp, sizeof(*bp));
586 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
589 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
590 const struct in6_addr *daddr, struct in6_addr *saddr,
591 const struct tcphdr *th)
593 struct tcp_md5sig_pool *hp;
594 struct hash_desc *desc;
596 hp = tcp_get_md5sig_pool();
598 goto clear_hash_noput;
599 desc = &hp->md5_desc;
601 if (crypto_hash_init(desc))
603 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
605 if (tcp_md5_hash_header(hp, th))
607 if (tcp_md5_hash_key(hp, key))
609 if (crypto_hash_final(desc, md5_hash))
612 tcp_put_md5sig_pool();
616 tcp_put_md5sig_pool();
618 memset(md5_hash, 0, 16);
622 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
623 const struct sock *sk,
624 const struct request_sock *req,
625 const struct sk_buff *skb)
627 const struct in6_addr *saddr, *daddr;
628 struct tcp_md5sig_pool *hp;
629 struct hash_desc *desc;
630 const struct tcphdr *th = tcp_hdr(skb);
633 saddr = &inet6_sk(sk)->saddr;
634 daddr = &sk->sk_v6_daddr;
636 saddr = &inet_rsk(req)->ir_v6_loc_addr;
637 daddr = &inet_rsk(req)->ir_v6_rmt_addr;
639 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
640 saddr = &ip6h->saddr;
641 daddr = &ip6h->daddr;
644 hp = tcp_get_md5sig_pool();
646 goto clear_hash_noput;
647 desc = &hp->md5_desc;
649 if (crypto_hash_init(desc))
652 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
654 if (tcp_md5_hash_header(hp, th))
656 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
658 if (tcp_md5_hash_key(hp, key))
660 if (crypto_hash_final(desc, md5_hash))
663 tcp_put_md5sig_pool();
667 tcp_put_md5sig_pool();
669 memset(md5_hash, 0, 16);
673 static int __tcp_v6_inbound_md5_hash(struct sock *sk,
674 const struct sk_buff *skb)
676 const __u8 *hash_location = NULL;
677 struct tcp_md5sig_key *hash_expected;
678 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
679 const struct tcphdr *th = tcp_hdr(skb);
683 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
684 hash_location = tcp_parse_md5sig_option(th);
686 /* We've parsed the options - do we have a hash? */
687 if (!hash_expected && !hash_location)
690 if (hash_expected && !hash_location) {
691 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
695 if (!hash_expected && hash_location) {
696 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
700 /* check the signature */
701 genhash = tcp_v6_md5_hash_skb(newhash,
705 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
706 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
707 genhash ? "failed" : "mismatch",
708 &ip6h->saddr, ntohs(th->source),
709 &ip6h->daddr, ntohs(th->dest));
715 static int tcp_v6_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb)
720 ret = __tcp_v6_inbound_md5_hash(sk, skb);
728 static void tcp_v6_init_req(struct request_sock *req, struct sock *sk,
731 struct inet_request_sock *ireq = inet_rsk(req);
732 struct ipv6_pinfo *np = inet6_sk(sk);
734 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
735 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
737 ireq->ir_iif = sk->sk_bound_dev_if;
739 /* So that link locals have meaning */
740 if (!sk->sk_bound_dev_if &&
741 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
742 ireq->ir_iif = inet6_iif(skb);
744 if (!TCP_SKB_CB(skb)->tcp_tw_isn &&
745 (ipv6_opt_accepted(sk, skb) || np->rxopt.bits.rxinfo ||
746 np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim ||
747 np->rxopt.bits.rxohlim || np->repflow)) {
748 atomic_inc(&skb->users);
753 static struct dst_entry *tcp_v6_route_req(struct sock *sk, struct flowi *fl,
754 const struct request_sock *req,
759 return inet6_csk_route_req(sk, &fl->u.ip6, req);
762 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
764 .obj_size = sizeof(struct tcp6_request_sock),
765 .rtx_syn_ack = tcp_rtx_synack,
766 .send_ack = tcp_v6_reqsk_send_ack,
767 .destructor = tcp_v6_reqsk_destructor,
768 .send_reset = tcp_v6_send_reset,
769 .syn_ack_timeout = tcp_syn_ack_timeout,
772 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
773 .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) -
774 sizeof(struct ipv6hdr),
775 #ifdef CONFIG_TCP_MD5SIG
776 .md5_lookup = tcp_v6_reqsk_md5_lookup,
777 .calc_md5_hash = tcp_v6_md5_hash_skb,
779 .init_req = tcp_v6_init_req,
780 #ifdef CONFIG_SYN_COOKIES
781 .cookie_init_seq = cookie_v6_init_sequence,
783 .route_req = tcp_v6_route_req,
784 .init_seq = tcp_v6_init_sequence,
785 .send_synack = tcp_v6_send_synack,
786 .queue_hash_add = inet6_csk_reqsk_queue_hash_add,
789 static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
790 u32 tsval, u32 tsecr, int oif,
791 struct tcp_md5sig_key *key, int rst, u8 tclass,
794 const struct tcphdr *th = tcp_hdr(skb);
796 struct sk_buff *buff;
798 struct net *net = dev_net(skb_dst(skb)->dev);
799 struct sock *ctl_sk = net->ipv6.tcp_sk;
800 unsigned int tot_len = sizeof(struct tcphdr);
801 struct dst_entry *dst;
805 tot_len += TCPOLEN_TSTAMP_ALIGNED;
806 #ifdef CONFIG_TCP_MD5SIG
808 tot_len += TCPOLEN_MD5SIG_ALIGNED;
811 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
816 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
818 t1 = (struct tcphdr *) skb_push(buff, tot_len);
819 skb_reset_transport_header(buff);
821 /* Swap the send and the receive. */
822 memset(t1, 0, sizeof(*t1));
823 t1->dest = th->source;
824 t1->source = th->dest;
825 t1->doff = tot_len / 4;
826 t1->seq = htonl(seq);
827 t1->ack_seq = htonl(ack);
828 t1->ack = !rst || !th->ack;
830 t1->window = htons(win);
832 topt = (__be32 *)(t1 + 1);
835 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
836 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
837 *topt++ = htonl(tsval);
838 *topt++ = htonl(tsecr);
841 #ifdef CONFIG_TCP_MD5SIG
843 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
844 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
845 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
846 &ipv6_hdr(skb)->saddr,
847 &ipv6_hdr(skb)->daddr, t1);
851 memset(&fl6, 0, sizeof(fl6));
852 fl6.daddr = ipv6_hdr(skb)->saddr;
853 fl6.saddr = ipv6_hdr(skb)->daddr;
854 fl6.flowlabel = label;
856 buff->ip_summed = CHECKSUM_PARTIAL;
859 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
861 fl6.flowi6_proto = IPPROTO_TCP;
862 if (rt6_need_strict(&fl6.daddr) && !oif)
863 fl6.flowi6_oif = inet6_iif(skb);
865 fl6.flowi6_oif = oif;
866 fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark);
867 fl6.fl6_dport = t1->dest;
868 fl6.fl6_sport = t1->source;
869 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
871 /* Pass a socket to ip6_dst_lookup either it is for RST
872 * Underlying function will use this to retrieve the network
875 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
877 skb_dst_set(buff, dst);
878 ip6_xmit(ctl_sk, buff, &fl6, NULL, tclass);
879 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
881 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
888 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
890 const struct tcphdr *th = tcp_hdr(skb);
891 u32 seq = 0, ack_seq = 0;
892 struct tcp_md5sig_key *key = NULL;
893 #ifdef CONFIG_TCP_MD5SIG
894 const __u8 *hash_location = NULL;
895 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
896 unsigned char newhash[16];
898 struct sock *sk1 = NULL;
905 if (!ipv6_unicast_destination(skb))
908 #ifdef CONFIG_TCP_MD5SIG
909 hash_location = tcp_parse_md5sig_option(th);
910 if (!sk && hash_location) {
912 * active side is lost. Try to find listening socket through
913 * source port, and then find md5 key through listening socket.
914 * we are not loose security here:
915 * Incoming packet is checked with md5 hash with finding key,
916 * no RST generated if md5 hash doesn't match.
918 sk1 = inet6_lookup_listener(dev_net(skb_dst(skb)->dev),
919 &tcp_hashinfo, &ipv6h->saddr,
920 th->source, &ipv6h->daddr,
921 ntohs(th->source), inet6_iif(skb));
926 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr);
930 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, NULL, skb);
931 if (genhash || memcmp(hash_location, newhash, 16) != 0)
934 key = sk ? tcp_v6_md5_do_lookup(sk, &ipv6h->saddr) : NULL;
939 seq = ntohl(th->ack_seq);
941 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
944 oif = sk ? sk->sk_bound_dev_if : 0;
945 tcp_v6_send_response(skb, seq, ack_seq, 0, 0, 0, oif, key, 1, 0, 0);
947 #ifdef CONFIG_TCP_MD5SIG
956 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack,
957 u32 win, u32 tsval, u32 tsecr, int oif,
958 struct tcp_md5sig_key *key, u8 tclass,
961 tcp_v6_send_response(skb, seq, ack, win, tsval, tsecr, oif, key, 0, tclass,
965 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
967 struct inet_timewait_sock *tw = inet_twsk(sk);
968 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
970 tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
971 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
972 tcp_time_stamp + tcptw->tw_ts_offset,
973 tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw),
974 tw->tw_tclass, (tw->tw_flowlabel << 12));
979 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
980 struct request_sock *req)
982 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
983 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
985 tcp_v6_send_ack(skb, (sk->sk_state == TCP_LISTEN) ?
986 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
987 tcp_rsk(req)->rcv_nxt,
988 req->rcv_wnd, tcp_time_stamp, req->ts_recent, sk->sk_bound_dev_if,
989 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr),
994 static struct sock *tcp_v6_hnd_req(struct sock *sk, struct sk_buff *skb)
996 struct request_sock *req, **prev;
997 const struct tcphdr *th = tcp_hdr(skb);
1000 /* Find possible connection requests. */
1001 req = inet6_csk_search_req(sk, &prev, th->source,
1002 &ipv6_hdr(skb)->saddr,
1003 &ipv6_hdr(skb)->daddr, inet6_iif(skb));
1005 return tcp_check_req(sk, skb, req, prev, false);
1007 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
1008 &ipv6_hdr(skb)->saddr, th->source,
1009 &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb));
1012 if (nsk->sk_state != TCP_TIME_WAIT) {
1016 inet_twsk_put(inet_twsk(nsk));
1020 #ifdef CONFIG_SYN_COOKIES
1022 sk = cookie_v6_check(sk, skb);
1027 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1029 if (skb->protocol == htons(ETH_P_IP))
1030 return tcp_v4_conn_request(sk, skb);
1032 if (!ipv6_unicast_destination(skb))
1035 return tcp_conn_request(&tcp6_request_sock_ops,
1036 &tcp_request_sock_ipv6_ops, sk, skb);
1039 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1040 return 0; /* don't send reset */
1043 static struct sock *tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1044 struct request_sock *req,
1045 struct dst_entry *dst)
1047 struct inet_request_sock *ireq;
1048 struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1049 struct tcp6_sock *newtcp6sk;
1050 struct inet_sock *newinet;
1051 struct tcp_sock *newtp;
1053 #ifdef CONFIG_TCP_MD5SIG
1054 struct tcp_md5sig_key *key;
1058 if (skb->protocol == htons(ETH_P_IP)) {
1063 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1068 newtcp6sk = (struct tcp6_sock *)newsk;
1069 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1071 newinet = inet_sk(newsk);
1072 newnp = inet6_sk(newsk);
1073 newtp = tcp_sk(newsk);
1075 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1077 ipv6_addr_set_v4mapped(newinet->inet_daddr, &newsk->sk_v6_daddr);
1079 ipv6_addr_set_v4mapped(newinet->inet_saddr, &newnp->saddr);
1081 newsk->sk_v6_rcv_saddr = newnp->saddr;
1083 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1084 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1085 #ifdef CONFIG_TCP_MD5SIG
1086 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1089 newnp->ipv6_ac_list = NULL;
1090 newnp->ipv6_fl_list = NULL;
1091 newnp->pktoptions = NULL;
1093 newnp->mcast_oif = inet6_iif(skb);
1094 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1095 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1097 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1100 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1101 * here, tcp_create_openreq_child now does this for us, see the comment in
1102 * that function for the gory details. -acme
1105 /* It is tricky place. Until this moment IPv4 tcp
1106 worked with IPv6 icsk.icsk_af_ops.
1109 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1114 ireq = inet_rsk(req);
1116 if (sk_acceptq_is_full(sk))
1120 dst = inet6_csk_route_req(sk, &fl6, req);
1125 newsk = tcp_create_openreq_child(sk, req, skb);
1130 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1131 * count here, tcp_create_openreq_child now does this for us, see the
1132 * comment in that function for the gory details. -acme
1135 newsk->sk_gso_type = SKB_GSO_TCPV6;
1136 __ip6_dst_store(newsk, dst, NULL, NULL);
1137 inet6_sk_rx_dst_set(newsk, skb);
1139 newtcp6sk = (struct tcp6_sock *)newsk;
1140 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1142 newtp = tcp_sk(newsk);
1143 newinet = inet_sk(newsk);
1144 newnp = inet6_sk(newsk);
1146 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1148 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
1149 newnp->saddr = ireq->ir_v6_loc_addr;
1150 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
1151 newsk->sk_bound_dev_if = ireq->ir_iif;
1153 ip6_set_txhash(newsk);
1155 /* Now IPv6 options...
1157 First: no IPv4 options.
1159 newinet->inet_opt = NULL;
1160 newnp->ipv6_ac_list = NULL;
1161 newnp->ipv6_fl_list = NULL;
1164 newnp->rxopt.all = np->rxopt.all;
1166 /* Clone pktoptions received with SYN */
1167 newnp->pktoptions = NULL;
1168 if (ireq->pktopts != NULL) {
1169 newnp->pktoptions = skb_clone(ireq->pktopts,
1170 sk_gfp_atomic(sk, GFP_ATOMIC));
1171 consume_skb(ireq->pktopts);
1172 ireq->pktopts = NULL;
1173 if (newnp->pktoptions)
1174 skb_set_owner_r(newnp->pktoptions, newsk);
1177 newnp->mcast_oif = inet6_iif(skb);
1178 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1179 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1181 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1183 /* Clone native IPv6 options from listening socket (if any)
1185 Yes, keeping reference count would be much more clever,
1186 but we make one more one thing there: reattach optmem
1190 newnp->opt = ipv6_dup_options(newsk, np->opt);
1192 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1194 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1195 newnp->opt->opt_flen);
1197 tcp_sync_mss(newsk, dst_mtu(dst));
1198 newtp->advmss = dst_metric_advmss(dst);
1199 if (tcp_sk(sk)->rx_opt.user_mss &&
1200 tcp_sk(sk)->rx_opt.user_mss < newtp->advmss)
1201 newtp->advmss = tcp_sk(sk)->rx_opt.user_mss;
1203 tcp_initialize_rcv_mss(newsk);
1205 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1206 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1208 #ifdef CONFIG_TCP_MD5SIG
1209 /* Copy over the MD5 key from the original socket */
1210 key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr);
1212 /* We're using one, so create a matching key
1213 * on the newsk structure. If we fail to get
1214 * memory, then we end up not copying the key
1217 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr,
1218 AF_INET6, key->key, key->keylen,
1219 sk_gfp_atomic(sk, GFP_ATOMIC));
1223 if (__inet_inherit_port(sk, newsk) < 0) {
1224 inet_csk_prepare_forced_close(newsk);
1228 __inet6_hash(newsk, NULL);
1233 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1237 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1241 /* The socket must have it's spinlock held when we get
1244 * We have a potential double-lock case here, so even when
1245 * doing backlog processing we use the BH locking scheme.
1246 * This is because we cannot sleep with the original spinlock
1249 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1251 struct ipv6_pinfo *np = inet6_sk(sk);
1252 struct tcp_sock *tp;
1253 struct sk_buff *opt_skb = NULL;
1255 /* Imagine: socket is IPv6. IPv4 packet arrives,
1256 goes to IPv4 receive handler and backlogged.
1257 From backlog it always goes here. Kerboom...
1258 Fortunately, tcp_rcv_established and rcv_established
1259 handle them correctly, but it is not case with
1260 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1263 if (skb->protocol == htons(ETH_P_IP))
1264 return tcp_v4_do_rcv(sk, skb);
1266 if (sk_filter(sk, skb))
1270 * socket locking is here for SMP purposes as backlog rcv
1271 * is currently called with bh processing disabled.
1274 /* Do Stevens' IPV6_PKTOPTIONS.
1276 Yes, guys, it is the only place in our code, where we
1277 may make it not affecting IPv4.
1278 The rest of code is protocol independent,
1279 and I do not like idea to uglify IPv4.
1281 Actually, all the idea behind IPV6_PKTOPTIONS
1282 looks not very well thought. For now we latch
1283 options, received in the last packet, enqueued
1284 by tcp. Feel free to propose better solution.
1288 opt_skb = skb_clone(skb, sk_gfp_atomic(sk, GFP_ATOMIC));
1290 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1291 struct dst_entry *dst = sk->sk_rx_dst;
1293 sock_rps_save_rxhash(sk, skb);
1295 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
1296 dst->ops->check(dst, np->rx_dst_cookie) == NULL) {
1298 sk->sk_rx_dst = NULL;
1302 tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len);
1304 goto ipv6_pktoptions;
1308 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1311 if (sk->sk_state == TCP_LISTEN) {
1312 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1317 * Queue it on the new socket if the new socket is active,
1318 * otherwise we just shortcircuit this and continue with
1322 sock_rps_save_rxhash(nsk, skb);
1323 if (tcp_child_process(sk, nsk, skb))
1326 __kfree_skb(opt_skb);
1330 sock_rps_save_rxhash(sk, skb);
1332 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1335 goto ipv6_pktoptions;
1339 tcp_v6_send_reset(sk, skb);
1342 __kfree_skb(opt_skb);
1346 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_CSUMERRORS);
1347 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1352 /* Do you ask, what is it?
1354 1. skb was enqueued by tcp.
1355 2. skb is added to tail of read queue, rather than out of order.
1356 3. socket is not in passive state.
1357 4. Finally, it really contains options, which user wants to receive.
1360 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1361 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1362 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1363 np->mcast_oif = inet6_iif(opt_skb);
1364 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1365 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1366 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
1367 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
1369 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
1370 if (ipv6_opt_accepted(sk, opt_skb)) {
1371 skb_set_owner_r(opt_skb, sk);
1372 opt_skb = xchg(&np->pktoptions, opt_skb);
1374 __kfree_skb(opt_skb);
1375 opt_skb = xchg(&np->pktoptions, NULL);
1383 static int tcp_v6_rcv(struct sk_buff *skb)
1385 const struct tcphdr *th;
1386 const struct ipv6hdr *hdr;
1389 struct net *net = dev_net(skb->dev);
1391 if (skb->pkt_type != PACKET_HOST)
1395 * Count it even if it's bad.
1397 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1399 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1404 if (th->doff < sizeof(struct tcphdr)/4)
1406 if (!pskb_may_pull(skb, th->doff*4))
1409 if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo))
1413 hdr = ipv6_hdr(skb);
1414 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1415 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1416 skb->len - th->doff*4);
1417 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1418 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1419 TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1420 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1421 TCP_SKB_CB(skb)->sacked = 0;
1423 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
1428 if (sk->sk_state == TCP_TIME_WAIT)
1431 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
1432 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
1433 goto discard_and_relse;
1436 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1437 goto discard_and_relse;
1439 #ifdef CONFIG_TCP_MD5SIG
1440 if (tcp_v6_inbound_md5_hash(sk, skb))
1441 goto discard_and_relse;
1444 if (sk_filter(sk, skb))
1445 goto discard_and_relse;
1447 sk_mark_napi_id(sk, skb);
1450 bh_lock_sock_nested(sk);
1452 if (!sock_owned_by_user(sk)) {
1453 #ifdef CONFIG_NET_DMA
1454 struct tcp_sock *tp = tcp_sk(sk);
1455 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1456 tp->ucopy.dma_chan = net_dma_find_channel();
1457 if (tp->ucopy.dma_chan)
1458 ret = tcp_v6_do_rcv(sk, skb);
1462 if (!tcp_prequeue(sk, skb))
1463 ret = tcp_v6_do_rcv(sk, skb);
1465 } else if (unlikely(sk_add_backlog(sk, skb,
1466 sk->sk_rcvbuf + sk->sk_sndbuf))) {
1468 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP);
1469 goto discard_and_relse;
1474 return ret ? -1 : 0;
1477 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1480 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1482 TCP_INC_STATS_BH(net, TCP_MIB_CSUMERRORS);
1484 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1486 tcp_v6_send_reset(NULL, skb);
1498 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1499 inet_twsk_put(inet_twsk(sk));
1503 if (skb->len < (th->doff<<2)) {
1504 inet_twsk_put(inet_twsk(sk));
1507 if (tcp_checksum_complete(skb)) {
1508 inet_twsk_put(inet_twsk(sk));
1512 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1517 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1518 &ipv6_hdr(skb)->saddr, th->source,
1519 &ipv6_hdr(skb)->daddr,
1520 ntohs(th->dest), inet6_iif(skb));
1522 struct inet_timewait_sock *tw = inet_twsk(sk);
1523 inet_twsk_deschedule(tw, &tcp_death_row);
1528 /* Fall through to ACK */
1531 tcp_v6_timewait_ack(sk, skb);
1535 case TCP_TW_SUCCESS:
1541 static void tcp_v6_early_demux(struct sk_buff *skb)
1543 const struct ipv6hdr *hdr;
1544 const struct tcphdr *th;
1547 if (skb->pkt_type != PACKET_HOST)
1550 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1553 hdr = ipv6_hdr(skb);
1556 if (th->doff < sizeof(struct tcphdr) / 4)
1559 sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1560 &hdr->saddr, th->source,
1561 &hdr->daddr, ntohs(th->dest),
1565 skb->destructor = sock_edemux;
1566 if (sk->sk_state != TCP_TIME_WAIT) {
1567 struct dst_entry *dst = sk->sk_rx_dst;
1570 dst = dst_check(dst, inet6_sk(sk)->rx_dst_cookie);
1572 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
1573 skb_dst_set_noref(skb, dst);
1578 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1579 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
1580 .twsk_unique = tcp_twsk_unique,
1581 .twsk_destructor = tcp_twsk_destructor,
1584 static const struct inet_connection_sock_af_ops ipv6_specific = {
1585 .queue_xmit = inet6_csk_xmit,
1586 .send_check = tcp_v6_send_check,
1587 .rebuild_header = inet6_sk_rebuild_header,
1588 .sk_rx_dst_set = inet6_sk_rx_dst_set,
1589 .conn_request = tcp_v6_conn_request,
1590 .syn_recv_sock = tcp_v6_syn_recv_sock,
1591 .net_header_len = sizeof(struct ipv6hdr),
1592 .net_frag_header_len = sizeof(struct frag_hdr),
1593 .setsockopt = ipv6_setsockopt,
1594 .getsockopt = ipv6_getsockopt,
1595 .addr2sockaddr = inet6_csk_addr2sockaddr,
1596 .sockaddr_len = sizeof(struct sockaddr_in6),
1597 .bind_conflict = inet6_csk_bind_conflict,
1598 #ifdef CONFIG_COMPAT
1599 .compat_setsockopt = compat_ipv6_setsockopt,
1600 .compat_getsockopt = compat_ipv6_getsockopt,
1602 .mtu_reduced = tcp_v6_mtu_reduced,
1605 #ifdef CONFIG_TCP_MD5SIG
1606 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1607 .md5_lookup = tcp_v6_md5_lookup,
1608 .calc_md5_hash = tcp_v6_md5_hash_skb,
1609 .md5_parse = tcp_v6_parse_md5_keys,
1614 * TCP over IPv4 via INET6 API
1616 static const struct inet_connection_sock_af_ops ipv6_mapped = {
1617 .queue_xmit = ip_queue_xmit,
1618 .send_check = tcp_v4_send_check,
1619 .rebuild_header = inet_sk_rebuild_header,
1620 .sk_rx_dst_set = inet_sk_rx_dst_set,
1621 .conn_request = tcp_v6_conn_request,
1622 .syn_recv_sock = tcp_v6_syn_recv_sock,
1623 .net_header_len = sizeof(struct iphdr),
1624 .setsockopt = ipv6_setsockopt,
1625 .getsockopt = ipv6_getsockopt,
1626 .addr2sockaddr = inet6_csk_addr2sockaddr,
1627 .sockaddr_len = sizeof(struct sockaddr_in6),
1628 .bind_conflict = inet6_csk_bind_conflict,
1629 #ifdef CONFIG_COMPAT
1630 .compat_setsockopt = compat_ipv6_setsockopt,
1631 .compat_getsockopt = compat_ipv6_getsockopt,
1633 .mtu_reduced = tcp_v4_mtu_reduced,
1636 #ifdef CONFIG_TCP_MD5SIG
1637 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1638 .md5_lookup = tcp_v4_md5_lookup,
1639 .calc_md5_hash = tcp_v4_md5_hash_skb,
1640 .md5_parse = tcp_v6_parse_md5_keys,
1644 /* NOTE: A lot of things set to zero explicitly by call to
1645 * sk_alloc() so need not be done here.
1647 static int tcp_v6_init_sock(struct sock *sk)
1649 struct inet_connection_sock *icsk = inet_csk(sk);
1653 icsk->icsk_af_ops = &ipv6_specific;
1655 #ifdef CONFIG_TCP_MD5SIG
1656 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
1662 static void tcp_v6_destroy_sock(struct sock *sk)
1664 tcp_v4_destroy_sock(sk);
1665 inet6_destroy_sock(sk);
1668 #ifdef CONFIG_PROC_FS
1669 /* Proc filesystem TCPv6 sock list dumping. */
1670 static void get_openreq6(struct seq_file *seq,
1671 const struct sock *sk, struct request_sock *req, int i, kuid_t uid)
1673 int ttd = req->expires - jiffies;
1674 const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
1675 const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
1681 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1682 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
1684 src->s6_addr32[0], src->s6_addr32[1],
1685 src->s6_addr32[2], src->s6_addr32[3],
1686 inet_rsk(req)->ir_num,
1687 dest->s6_addr32[0], dest->s6_addr32[1],
1688 dest->s6_addr32[2], dest->s6_addr32[3],
1689 ntohs(inet_rsk(req)->ir_rmt_port),
1691 0, 0, /* could print option size, but that is af dependent. */
1692 1, /* timers active (only the expire timer) */
1693 jiffies_to_clock_t(ttd),
1695 from_kuid_munged(seq_user_ns(seq), uid),
1696 0, /* non standard timer */
1697 0, /* open_requests have no inode */
1701 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1703 const struct in6_addr *dest, *src;
1706 unsigned long timer_expires;
1707 const struct inet_sock *inet = inet_sk(sp);
1708 const struct tcp_sock *tp = tcp_sk(sp);
1709 const struct inet_connection_sock *icsk = inet_csk(sp);
1710 struct fastopen_queue *fastopenq = icsk->icsk_accept_queue.fastopenq;
1712 dest = &sp->sk_v6_daddr;
1713 src = &sp->sk_v6_rcv_saddr;
1714 destp = ntohs(inet->inet_dport);
1715 srcp = ntohs(inet->inet_sport);
1717 if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1719 timer_expires = icsk->icsk_timeout;
1720 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1722 timer_expires = icsk->icsk_timeout;
1723 } else if (timer_pending(&sp->sk_timer)) {
1725 timer_expires = sp->sk_timer.expires;
1728 timer_expires = jiffies;
1732 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1733 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
1735 src->s6_addr32[0], src->s6_addr32[1],
1736 src->s6_addr32[2], src->s6_addr32[3], srcp,
1737 dest->s6_addr32[0], dest->s6_addr32[1],
1738 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1740 tp->write_seq-tp->snd_una,
1741 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
1743 jiffies_delta_to_clock_t(timer_expires - jiffies),
1744 icsk->icsk_retransmits,
1745 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
1746 icsk->icsk_probes_out,
1748 atomic_read(&sp->sk_refcnt), sp,
1749 jiffies_to_clock_t(icsk->icsk_rto),
1750 jiffies_to_clock_t(icsk->icsk_ack.ato),
1751 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
1753 sp->sk_state == TCP_LISTEN ?
1754 (fastopenq ? fastopenq->max_qlen : 0) :
1755 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
1759 static void get_timewait6_sock(struct seq_file *seq,
1760 struct inet_timewait_sock *tw, int i)
1762 const struct in6_addr *dest, *src;
1764 s32 delta = tw->tw_ttd - inet_tw_time_stamp();
1766 dest = &tw->tw_v6_daddr;
1767 src = &tw->tw_v6_rcv_saddr;
1768 destp = ntohs(tw->tw_dport);
1769 srcp = ntohs(tw->tw_sport);
1772 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1773 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1775 src->s6_addr32[0], src->s6_addr32[1],
1776 src->s6_addr32[2], src->s6_addr32[3], srcp,
1777 dest->s6_addr32[0], dest->s6_addr32[1],
1778 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1779 tw->tw_substate, 0, 0,
1780 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
1781 atomic_read(&tw->tw_refcnt), tw);
1784 static int tcp6_seq_show(struct seq_file *seq, void *v)
1786 struct tcp_iter_state *st;
1787 struct sock *sk = v;
1789 if (v == SEQ_START_TOKEN) {
1794 "st tx_queue rx_queue tr tm->when retrnsmt"
1795 " uid timeout inode\n");
1800 switch (st->state) {
1801 case TCP_SEQ_STATE_LISTENING:
1802 case TCP_SEQ_STATE_ESTABLISHED:
1803 if (sk->sk_state == TCP_TIME_WAIT)
1804 get_timewait6_sock(seq, v, st->num);
1806 get_tcp6_sock(seq, v, st->num);
1808 case TCP_SEQ_STATE_OPENREQ:
1809 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
1816 static const struct file_operations tcp6_afinfo_seq_fops = {
1817 .owner = THIS_MODULE,
1818 .open = tcp_seq_open,
1820 .llseek = seq_lseek,
1821 .release = seq_release_net
1824 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1827 .seq_fops = &tcp6_afinfo_seq_fops,
1829 .show = tcp6_seq_show,
1833 int __net_init tcp6_proc_init(struct net *net)
1835 return tcp_proc_register(net, &tcp6_seq_afinfo);
1838 void tcp6_proc_exit(struct net *net)
1840 tcp_proc_unregister(net, &tcp6_seq_afinfo);
1844 static void tcp_v6_clear_sk(struct sock *sk, int size)
1846 struct inet_sock *inet = inet_sk(sk);
1848 /* we do not want to clear pinet6 field, because of RCU lookups */
1849 sk_prot_clear_nulls(sk, offsetof(struct inet_sock, pinet6));
1851 size -= offsetof(struct inet_sock, pinet6) + sizeof(inet->pinet6);
1852 memset(&inet->pinet6 + 1, 0, size);
1855 struct proto tcpv6_prot = {
1857 .owner = THIS_MODULE,
1859 .connect = tcp_v6_connect,
1860 .disconnect = tcp_disconnect,
1861 .accept = inet_csk_accept,
1863 .init = tcp_v6_init_sock,
1864 .destroy = tcp_v6_destroy_sock,
1865 .shutdown = tcp_shutdown,
1866 .setsockopt = tcp_setsockopt,
1867 .getsockopt = tcp_getsockopt,
1868 .recvmsg = tcp_recvmsg,
1869 .sendmsg = tcp_sendmsg,
1870 .sendpage = tcp_sendpage,
1871 .backlog_rcv = tcp_v6_do_rcv,
1872 .release_cb = tcp_release_cb,
1873 .hash = tcp_v6_hash,
1874 .unhash = inet_unhash,
1875 .get_port = inet_csk_get_port,
1876 .enter_memory_pressure = tcp_enter_memory_pressure,
1877 .stream_memory_free = tcp_stream_memory_free,
1878 .sockets_allocated = &tcp_sockets_allocated,
1879 .memory_allocated = &tcp_memory_allocated,
1880 .memory_pressure = &tcp_memory_pressure,
1881 .orphan_count = &tcp_orphan_count,
1882 .sysctl_mem = sysctl_tcp_mem,
1883 .sysctl_wmem = sysctl_tcp_wmem,
1884 .sysctl_rmem = sysctl_tcp_rmem,
1885 .max_header = MAX_TCP_HEADER,
1886 .obj_size = sizeof(struct tcp6_sock),
1887 .slab_flags = SLAB_DESTROY_BY_RCU,
1888 .twsk_prot = &tcp6_timewait_sock_ops,
1889 .rsk_prot = &tcp6_request_sock_ops,
1890 .h.hashinfo = &tcp_hashinfo,
1891 .no_autobind = true,
1892 #ifdef CONFIG_COMPAT
1893 .compat_setsockopt = compat_tcp_setsockopt,
1894 .compat_getsockopt = compat_tcp_getsockopt,
1896 #ifdef CONFIG_MEMCG_KMEM
1897 .proto_cgroup = tcp_proto_cgroup,
1899 .clear_sk = tcp_v6_clear_sk,
1902 static const struct inet6_protocol tcpv6_protocol = {
1903 .early_demux = tcp_v6_early_demux,
1904 .handler = tcp_v6_rcv,
1905 .err_handler = tcp_v6_err,
1906 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1909 static struct inet_protosw tcpv6_protosw = {
1910 .type = SOCK_STREAM,
1911 .protocol = IPPROTO_TCP,
1912 .prot = &tcpv6_prot,
1913 .ops = &inet6_stream_ops,
1914 .flags = INET_PROTOSW_PERMANENT |
1918 static int __net_init tcpv6_net_init(struct net *net)
1920 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
1921 SOCK_RAW, IPPROTO_TCP, net);
1924 static void __net_exit tcpv6_net_exit(struct net *net)
1926 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
1929 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
1931 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET6);
1934 static struct pernet_operations tcpv6_net_ops = {
1935 .init = tcpv6_net_init,
1936 .exit = tcpv6_net_exit,
1937 .exit_batch = tcpv6_net_exit_batch,
1940 int __init tcpv6_init(void)
1944 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
1948 /* register inet6 protocol */
1949 ret = inet6_register_protosw(&tcpv6_protosw);
1951 goto out_tcpv6_protocol;
1953 ret = register_pernet_subsys(&tcpv6_net_ops);
1955 goto out_tcpv6_protosw;
1960 inet6_unregister_protosw(&tcpv6_protosw);
1962 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
1966 void tcpv6_exit(void)
1968 unregister_pernet_subsys(&tcpv6_net_ops);
1969 inet6_unregister_protosw(&tcpv6_protosw);
1970 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);