projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ipv6: make ip6_rt_gc_expire an atomic_t
[linux-block.git] / net / ipv6 / tcp_ipv6.c
CommitLineData
2874c5fd 1// SPDX-License-Identifier: GPL-2.0-or-later
1da177e4
LT		 2/*
3 * TCP over IPv6
1ab1457c 4 * Linux INET6 implementation
1da177e4
LT		 5 *
6 * Authors:
1ab1457c 7 * Pedro Roque <roque@di.fc.ul.pt>
1da177e4 8 *
1ab1457c 9 * Based on:
1da177e4
LT		 10 * linux/net/ipv4/tcp.c
11 * linux/net/ipv4/tcp_input.c
12 * linux/net/ipv4/tcp_output.c
13 *
14 * Fixes:
15 * Hideaki YOSHIFUJI : sin6_scope_id support
16 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
17 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
18 * a single port at the same time.
19 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
1da177e4
LT		 20 */
21
eb4dea58 22#include <linux/bottom_half.h>
1da177e4 23#include <linux/module.h>
1da177e4
LT		 24#include <linux/errno.h>
25#include <linux/types.h>
26#include <linux/socket.h>
27#include <linux/sockios.h>
28#include <linux/net.h>
29#include <linux/jiffies.h>
30#include <linux/in.h>
31#include <linux/in6.h>
32#include <linux/netdevice.h>
33#include <linux/init.h>
34#include <linux/jhash.h>
35#include <linux/ipsec.h>
36#include <linux/times.h>
5a0e3ad6 37#include <linux/slab.h>
4aa956d8 38#include <linux/uaccess.h>
1da177e4
LT		 39#include <linux/ipv6.h>
40#include <linux/icmpv6.h>
41#include <linux/random.h>
0e219ae4 42#include <linux/indirect_call_wrapper.h>
1da177e4
LT		 43
44#include <net/tcp.h>
45#include <net/ndisc.h>
5324a040 46#include <net/inet6_hashtables.h>
8129765a 47#include <net/inet6_connection_sock.h>
1da177e4
LT		 48#include <net/ipv6.h>
49#include <net/transp_v6.h>
50#include <net/addrconf.h>
51#include <net/ip6_route.h>
52#include <net/ip6_checksum.h>
53#include <net/inet_ecn.h>
54#include <net/protocol.h>
55#include <net/xfrm.h>
1da177e4
LT		 56#include <net/snmp.h>
57#include <net/dsfield.h>
6d6ee43e 58#include <net/timewait_sock.h>
3d58b5fa 59#include <net/inet_common.h>
6e5714ea 60#include <net/secure_seq.h>
076bb0c8 61#include <net/busy_poll.h>
1da177e4 62
1da177e4
LT		 63#include <linux/proc_fs.h>
64#include <linux/seq_file.h>
65
cf80e0e4 66#include <crypto/hash.h>
cfb6eeb4
YH		 67#include <linux/scatterlist.h>
68
c24b14c4
SL		 69#include <trace/events/tcp.h>
70
a00e7444
ED		 71static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb);
72static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
6edafaaf 73 struct request_sock *req);
1da177e4 74
d2489c7b 75INDIRECT_CALLABLE_SCOPE int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
1da177e4 76
3b401a81 77static const struct inet_connection_sock_af_ops ipv6_mapped;
35b2c321 78const struct inet_connection_sock_af_ops ipv6_specific;
a928630a 79#ifdef CONFIG_TCP_MD5SIG
b2e4b3de
SH		 80static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
81static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
9501f972 82#else
51723935 83static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
dea53bb8
DA		 84 const struct in6_addr *addr,
85 int l3index)
9501f972
YH		 86{
87 return NULL;
88}
a928630a 89#endif
1da177e4 90
93a77c11
ED		 91/* Helper returning the inet6 address from a given tcp socket.
92 * It can be used in TCP stack instead of inet6_sk(sk).
93 * This avoids a dereference and allow compiler optimizations.
f5d54767 94 * It is a specialized version of inet6_sk_generic().
93a77c11
ED		 95 */
96static struct ipv6_pinfo *tcp_inet6_sk(const struct sock *sk)
97{
f5d54767 98 unsigned int offset = sizeof(struct tcp6_sock) - sizeof(struct ipv6_pinfo);
93a77c11 99
f5d54767 100 return (struct ipv6_pinfo *)(((u8 *)sk) + offset);
93a77c11
ED		 101}
102
fae6ef87
NC		 103static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
104{
105 struct dst_entry *dst = skb_dst(skb);
fae6ef87 106
5037e9ef 107 if (dst && dst_hold_safe(dst)) {
ca777eff
ED		 108 const struct rt6_info *rt = (const struct rt6_info *)dst;
109
8f905c0e 110 rcu_assign_pointer(sk->sk_rx_dst, dst);
0c0a5ef8 111 sk->sk_rx_dst_ifindex = skb->skb_iif;
ef57c161 112 sk->sk_rx_dst_cookie = rt6_get_cookie(rt);
ca777eff 113 }
fae6ef87
NC		 114}
115
84b114b9 116static u32 tcp_v6_init_seq(const struct sk_buff *skb)
1da177e4 117{
84b114b9
ED		 118 return secure_tcpv6_seq(ipv6_hdr(skb)->daddr.s6_addr32,
119 ipv6_hdr(skb)->saddr.s6_addr32,
120 tcp_hdr(skb)->dest,
121 tcp_hdr(skb)->source);
122}
123
5d2ed052 124static u32 tcp_v6_init_ts_off(const struct net *net, const struct sk_buff *skb)
84b114b9 125{
5d2ed052 126 return secure_tcpv6_ts_off(net, ipv6_hdr(skb)->daddr.s6_addr32,
84b114b9 127 ipv6_hdr(skb)->saddr.s6_addr32);
1da177e4
LT		 128}
129
d74bad4e
AI		 130static int tcp_v6_pre_connect(struct sock *sk, struct sockaddr *uaddr,
131 int addr_len)
132{
133 /* This check is replicated from tcp_v6_connect() and intended to
134 * prevent BPF program called below from accessing bytes that are out
135 * of the bound specified by user in addr_len.
136 */
137 if (addr_len < SIN6_LEN_RFC2133)
138 return -EINVAL;
139
140 sock_owned_by_me(sk);
141
142 return BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr);
143}
144
1ab1457c 145static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
1da177e4
LT		 146 int addr_len)
147{
148 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
1ab1457c 149 struct inet_sock *inet = inet_sk(sk);
d83d8461 150 struct inet_connection_sock *icsk = inet_csk(sk);
fbb82952 151 struct inet_timewait_death_row *tcp_death_row;
93a77c11 152 struct ipv6_pinfo *np = tcp_inet6_sk(sk);
1da177e4 153 struct tcp_sock *tp = tcp_sk(sk);
20c59de2 154 struct in6_addr *saddr = NULL, *final_p, final;
45f6fad8 155 struct ipv6_txoptions *opt;
4c9483b2 156 struct flowi6 fl6;
1da177e4
LT		 157 struct dst_entry *dst;
158 int addr_type;
159 int err;
160
1ab1457c 161 if (addr_len < SIN6_LEN_RFC2133)
1da177e4
LT		 162 return -EINVAL;
163
1ab1457c 164 if (usin->sin6_family != AF_INET6)
a02cec21 165 return -EAFNOSUPPORT;
1da177e4 166
4c9483b2 167 memset(&fl6, 0, sizeof(fl6));
1da177e4
LT		 168
169 if (np->sndflow) {
4c9483b2
DM		 170 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
171 IP6_ECN_flow_init(fl6.flowlabel);
172 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
1da177e4 173 struct ip6_flowlabel *flowlabel;
4c9483b2 174 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
59c820b2 175 if (IS_ERR(flowlabel))
1da177e4 176 return -EINVAL;
1da177e4
LT		 177 fl6_sock_release(flowlabel);
178 }
179 }
180
181 /*
1ab1457c
YH		 182 * connect() to INADDR_ANY means loopback (BSD'ism).
183 */
184
052d2369
JL		 185 if (ipv6_addr_any(&usin->sin6_addr)) {
186 if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr))
187 ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK),
188 &usin->sin6_addr);
189 else
190 usin->sin6_addr = in6addr_loopback;
191 }
1da177e4
LT		 192
193 addr_type = ipv6_addr_type(&usin->sin6_addr);
194
4c99aa40 195 if (addr_type & IPV6_ADDR_MULTICAST)
1da177e4
LT		 196 return -ENETUNREACH;
197
198 if (addr_type&IPV6_ADDR_LINKLOCAL) {
199 if (addr_len >= sizeof(struct sockaddr_in6) &&
200 usin->sin6_scope_id) {
201 /* If interface is set while binding, indices
202 * must coincide.
203 */
54dc3e33 204 if (!sk_dev_equal_l3scope(sk, usin->sin6_scope_id))
1da177e4
LT		 205 return -EINVAL;
206
207 sk->sk_bound_dev_if = usin->sin6_scope_id;
208 }
209
210 /* Connect to link-local address requires an interface */
211 if (!sk->sk_bound_dev_if)
212 return -EINVAL;
213 }
214
215 if (tp->rx_opt.ts_recent_stamp &&
efe4208f 216 !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
1da177e4
LT		 217 tp->rx_opt.ts_recent = 0;
218 tp->rx_opt.ts_recent_stamp = 0;
0f317464 219 WRITE_ONCE(tp->write_seq, 0);
1da177e4
LT		 220 }
221
efe4208f 222 sk->sk_v6_daddr = usin->sin6_addr;
4c9483b2 223 np->flow_label = fl6.flowlabel;
1da177e4
LT		 224
225 /*
226 * TCP over IPv4
227 */
228
052d2369 229 if (addr_type & IPV6_ADDR_MAPPED) {
d83d8461 230 u32 exthdrlen = icsk->icsk_ext_hdr_len;
1da177e4
LT		 231 struct sockaddr_in sin;
232
1da177e4
LT		 233 if (__ipv6_only_sock(sk))
234 return -ENETUNREACH;
235
236 sin.sin_family = AF_INET;
237 sin.sin_port = usin->sin6_port;
238 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
239
d83d8461 240 icsk->icsk_af_ops = &ipv6_mapped;
cec37a6e 241 if (sk_is_mptcp(sk))
31484d56 242 mptcpv6_handle_mapped(sk, true);
1da177e4 243 sk->sk_backlog_rcv = tcp_v4_do_rcv;
cfb6eeb4
YH		 244#ifdef CONFIG_TCP_MD5SIG
245 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
246#endif
1da177e4
LT		 247
248 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
249
250 if (err) {
d83d8461
ACM		 251 icsk->icsk_ext_hdr_len = exthdrlen;
252 icsk->icsk_af_ops = &ipv6_specific;
cec37a6e 253 if (sk_is_mptcp(sk))
31484d56 254 mptcpv6_handle_mapped(sk, false);
1da177e4 255 sk->sk_backlog_rcv = tcp_v6_do_rcv;
cfb6eeb4
YH		 256#ifdef CONFIG_TCP_MD5SIG
257 tp->af_specific = &tcp_sock_ipv6_specific;
258#endif
1da177e4 259 goto failure;
1da177e4 260 }
d1e559d0 261 np->saddr = sk->sk_v6_rcv_saddr;
1da177e4
LT		 262
263 return err;
264 }
265
efe4208f
ED		 266 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
267 saddr = &sk->sk_v6_rcv_saddr;
1da177e4 268
4c9483b2 269 fl6.flowi6_proto = IPPROTO_TCP;
efe4208f 270 fl6.daddr = sk->sk_v6_daddr;
4e3fd7a0 271 fl6.saddr = saddr ? *saddr : np->saddr;
4c9483b2
DM		 272 fl6.flowi6_oif = sk->sk_bound_dev_if;
273 fl6.flowi6_mark = sk->sk_mark;
1958b856
DM		 274 fl6.fl6_dport = usin->sin6_port;
275 fl6.fl6_sport = inet->inet_sport;
e2d118a1 276 fl6.flowi6_uid = sk->sk_uid;
1da177e4 277
1e1d04e6 278 opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
45f6fad8 279 final_p = fl6_update_dst(&fl6, opt, &final);
1da177e4 280
3df98d79 281 security_sk_classify_flow(sk, flowi6_to_flowi_common(&fl6));
beb8d13b 282
c4e85f73 283 dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
68d0c6d3
DM		 284 if (IS_ERR(dst)) {
285 err = PTR_ERR(dst);
1da177e4 286 goto failure;
14e50e57 287 }
1da177e4 288
63159f29 289 if (!saddr) {
4c9483b2 290 saddr = &fl6.saddr;
efe4208f 291 sk->sk_v6_rcv_saddr = *saddr;
1da177e4
LT		 292 }
293
294 /* set the source address */
4e3fd7a0 295 np->saddr = *saddr;
c720c7e8 296 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
1da177e4 297
f83ef8c0 298 sk->sk_gso_type = SKB_GSO_TCPV6;
6bd4f355 299 ip6_dst_store(sk, dst, NULL, NULL);
1da177e4 300
d83d8461 301 icsk->icsk_ext_hdr_len = 0;
45f6fad8
ED		 302 if (opt)
303 icsk->icsk_ext_hdr_len = opt->opt_flen +
304 opt->opt_nflen;
1da177e4
LT		 305
306 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
307
c720c7e8 308 inet->inet_dport = usin->sin6_port;
1da177e4
LT		 309
310 tcp_set_state(sk, TCP_SYN_SENT);
fbb82952 311 tcp_death_row = sock_net(sk)->ipv4.tcp_death_row;
1946e672 312 err = inet6_hash_connect(tcp_death_row, sk);
1da177e4
LT		 313 if (err)
314 goto late_failure;
315
877d1f62 316 sk_set_txhash(sk);
9e7ceb06 317
00355fa5 318 if (likely(!tp->repair)) {
00355fa5 319 if (!tp->write_seq)
0f317464
ED		 320 WRITE_ONCE(tp->write_seq,
321 secure_tcpv6_seq(np->saddr.s6_addr32,
322 sk->sk_v6_daddr.s6_addr32,
323 inet->inet_sport,
324 inet->inet_dport));
5d2ed052
ED		 325 tp->tsoffset = secure_tcpv6_ts_off(sock_net(sk),
326 np->saddr.s6_addr32,
84b114b9 327 sk->sk_v6_daddr.s6_addr32);
00355fa5 328 }
1da177e4 329
19f6d3f3
WW		 330 if (tcp_fastopen_defer_connect(sk, &err))
331 return err;
332 if (err)
333 goto late_failure;
334
1da177e4
LT		 335 err = tcp_connect(sk);
336 if (err)
337 goto late_failure;
338
339 return 0;
340
341late_failure:
342 tcp_set_state(sk, TCP_CLOSE);
1da177e4 343failure:
c720c7e8 344 inet->inet_dport = 0;
1da177e4
LT		 345 sk->sk_route_caps = 0;
346 return err;
347}
348
563d34d0
ED		 349static void tcp_v6_mtu_reduced(struct sock *sk)
350{
351 struct dst_entry *dst;
c7bb4b89 352 u32 mtu;
563d34d0
ED		 353
354 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
355 return;
356
c7bb4b89
ED		 357 mtu = READ_ONCE(tcp_sk(sk)->mtu_info);
358
359 /* Drop requests trying to increase our current mss.
360 * Check done in __ip6_rt_update_pmtu() is too late.
361 */
362 if (tcp_mtu_to_mss(sk, mtu) >= tcp_sk(sk)->mss_cache)
363 return;
364
365 dst = inet6_csk_update_pmtu(sk, mtu);
563d34d0
ED		 366 if (!dst)
367 return;
368
369 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
370 tcp_sync_mss(sk, dst_mtu(dst));
371 tcp_simple_retransmit(sk);
372 }
373}
374
32bbd879 375static int tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
d5fdd6ba 376 u8 type, u8 code, int offset, __be32 info)
1da177e4 377{
4c99aa40 378 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
505cbfc5 379 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
2215089b
ED		 380 struct net *net = dev_net(skb->dev);
381 struct request_sock *fastopen;
1da177e4 382 struct ipv6_pinfo *np;
1ab1457c 383 struct tcp_sock *tp;
0a672f74 384 __u32 seq, snd_una;
2215089b 385 struct sock *sk;
9cf74903 386 bool fatal;
2215089b 387 int err;
1da177e4 388
2215089b
ED		 389 sk = __inet6_lookup_established(net, &tcp_hashinfo,
390 &hdr->daddr, th->dest,
391 &hdr->saddr, ntohs(th->source),
4297a0ef 392 skb->dev->ifindex, inet6_sdif(skb));
1da177e4 393
2215089b 394 if (!sk) {
a16292a0
ED		 395 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev),
396 ICMP6_MIB_INERRORS);
32bbd879 397 return -ENOENT;
1da177e4
LT		 398 }
399
400 if (sk->sk_state == TCP_TIME_WAIT) {
9469c7b4 401 inet_twsk_put(inet_twsk(sk));
32bbd879 402 return 0;
1da177e4 403 }
2215089b 404 seq = ntohl(th->seq);
9cf74903 405 fatal = icmpv6_err_convert(type, code, &err);
32bbd879
SB		 406 if (sk->sk_state == TCP_NEW_SYN_RECV) {
407 tcp_req_err(sk, seq, fatal);
408 return 0;
409 }
1da177e4
LT		 410
411 bh_lock_sock(sk);
563d34d0 412 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
02a1d6e7 413 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS);
1da177e4
LT		 414
415 if (sk->sk_state == TCP_CLOSE)
416 goto out;
417
790eb673
ED		 418 if (static_branch_unlikely(&ip6_min_hopcount)) {
419 /* min_hopcount can be changed concurrently from do_ipv6_setsockopt() */
420 if (ipv6_hdr(skb)->hop_limit < READ_ONCE(tcp_inet6_sk(sk)->min_hopcount)) {
421 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
422 goto out;
423 }
e802af9c
SH		 424 }
425
1da177e4 426 tp = tcp_sk(sk);
0a672f74 427 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
d983ea6f 428 fastopen = rcu_dereference(tp->fastopen_rsk);
0a672f74 429 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
1da177e4 430 if (sk->sk_state != TCP_LISTEN &&
0a672f74 431 !between(seq, snd_una, tp->snd_nxt)) {
02a1d6e7 432 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
1da177e4
LT		 433 goto out;
434 }
435
93a77c11 436 np = tcp_inet6_sk(sk);
1da177e4 437
ec18d9a2 438 if (type == NDISC_REDIRECT) {
45caeaa5
JM		 439 if (!sock_owned_by_user(sk)) {
440 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
ec18d9a2 441
45caeaa5
JM		 442 if (dst)
443 dst->ops->redirect(dst, sk, skb);
444 }
50a75a89 445 goto out;
ec18d9a2
DM		 446 }
447
1da177e4 448 if (type == ICMPV6_PKT_TOOBIG) {
c7bb4b89
ED		 449 u32 mtu = ntohl(info);
450
0d4f0608
ED		 451 /* We are not interested in TCP_LISTEN and open_requests
452 * (SYN-ACKs send out by Linux are always <576bytes so
453 * they should go through unfragmented).
454 */
455 if (sk->sk_state == TCP_LISTEN)
456 goto out;
457
93b36cf3
HFS		 458 if (!ip6_sk_accept_pmtu(sk))
459 goto out;
460
c7bb4b89
ED		 461 if (mtu < IPV6_MIN_MTU)
462 goto out;
463
464 WRITE_ONCE(tp->mtu_info, mtu);
465
563d34d0
ED		 466 if (!sock_owned_by_user(sk))
467 tcp_v6_mtu_reduced(sk);
d013ef2a 468 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
7aa5470c 469 &sk->sk_tsq_flags))
d013ef2a 470 sock_hold(sk);
1da177e4
LT		 471 goto out;
472 }
473
1da177e4 474
60236fdd 475 /* Might be for an request_sock */
1da177e4 476 switch (sk->sk_state) {
1da177e4 477 case TCP_SYN_SENT:
0a672f74
YC		 478 case TCP_SYN_RECV:
479 /* Only in fast or simultaneous open. If a fast open socket is
634a63e7 480 * already accepted it is treated as a connected one below.
0a672f74 481 */
63159f29 482 if (fastopen && !fastopen->sk)
0a672f74
YC		 483 break;
484
45af29ca
ED		 485 ipv6_icmp_error(sk, skb, err, th->dest, ntohl(info), (u8 *)th);
486
1da177e4 487 if (!sock_owned_by_user(sk)) {
1da177e4 488 sk->sk_err = err;
e3ae2365 489 sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
1da177e4
LT		 490
491 tcp_done(sk);
492 } else
493 sk->sk_err_soft = err;
494 goto out;
d2924569
ED		 495 case TCP_LISTEN:
496 break;
497 default:
498 /* check if this ICMP message allows revert of backoff.
499 * (see RFC 6069)
500 */
501 if (!fastopen && type == ICMPV6_DEST_UNREACH &&
502 code == ICMPV6_NOROUTE)
503 tcp_ld_RTO_revert(sk, seq);
1da177e4
LT		 504 }
505
506 if (!sock_owned_by_user(sk) && np->recverr) {
507 sk->sk_err = err;
e3ae2365 508 sk_error_report(sk);
1da177e4
LT		 509 } else
510 sk->sk_err_soft = err;
511
512out:
513 bh_unlock_sock(sk);
514 sock_put(sk);
32bbd879 515 return 0;
1da177e4
LT		 516}
517
518
0f935dbe 519static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst,
d6274bd8 520 struct flowi *fl,
3840a06e 521 struct request_sock *req,
ca6fb065 522 struct tcp_fastopen_cookie *foc,
331fca43
MKL		 523 enum tcp_synack_type synack_type,
524 struct sk_buff *syn_skb)
1da177e4 525{
634fb979 526 struct inet_request_sock *ireq = inet_rsk(req);
93a77c11 527 struct ipv6_pinfo *np = tcp_inet6_sk(sk);
56ac42bc 528 struct ipv6_txoptions *opt;
d6274bd8 529 struct flowi6 *fl6 = &fl->u.ip6;
4c99aa40 530 struct sk_buff *skb;
9494218f 531 int err = -ENOMEM;
ac8f1710 532 u8 tclass;
1da177e4 533
9f10d3f6 534 /* First, grab a route. */
f76b33c3
ED		 535 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req,
536 IPPROTO_TCP)) == NULL)
fd80eb94 537 goto done;
9494218f 538
331fca43 539 skb = tcp_make_synack(sk, dst, req, foc, synack_type, syn_skb);
9494218f 540
1da177e4 541 if (skb) {
634fb979
ED		 542 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
543 &ireq->ir_v6_rmt_addr);
1da177e4 544
634fb979 545 fl6->daddr = ireq->ir_v6_rmt_addr;
53b24b8f 546 if (np->repflow && ireq->pktopts)
df3687ff
FF		 547 fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
548
ac8f1710 549 tclass = sock_net(sk)->ipv4.sysctl_tcp_reflect_tos ?
8ef44b6f
WW		 550 (tcp_rsk(req)->syn_tos & ~INET_ECN_MASK) |
551 (np->tclass & INET_ECN_MASK) :
861602b5 552 np->tclass;
407c85c7
AD		 553
554 if (!INET_ECN_is_capable(tclass) &&
555 tcp_bpf_ca_needs_ecn((struct sock *)req))
556 tclass |= INET_ECN_ECT_0;
557
558 rcu_read_lock();
559 opt = ireq->ipv6_opt;
56ac42bc
HD		 560 if (!opt)
561 opt = rcu_dereference(np->opt);
43b90bfa 562 err = ip6_xmit(sk, skb, fl6, skb->mark ? : sk->sk_mark, opt,
861602b5 563 tclass, sk->sk_priority);
3e4006f0 564 rcu_read_unlock();
b9df3cb8 565 err = net_xmit_eval(err);
1da177e4
LT		 566 }
567
568done:
1da177e4
LT		 569 return err;
570}
571
72659ecc 572
60236fdd 573static void tcp_v6_reqsk_destructor(struct request_sock *req)
1da177e4 574{
56ac42bc 575 kfree(inet_rsk(req)->ipv6_opt);
12c8691d 576 consume_skb(inet_rsk(req)->pktopts);
1da177e4
LT		 577}
578
cfb6eeb4 579#ifdef CONFIG_TCP_MD5SIG
b83e3deb 580static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
dea53bb8
DA		 581 const struct in6_addr *addr,
582 int l3index)
cfb6eeb4 583{
dea53bb8
DA		 584 return tcp_md5_do_lookup(sk, l3index,
585 (union tcp_md5_addr *)addr, AF_INET6);
cfb6eeb4
YH		 586}
587
b83e3deb 588static struct tcp_md5sig_key *tcp_v6_md5_lookup(const struct sock *sk,
fd3a154a 589 const struct sock *addr_sk)
cfb6eeb4 590{
dea53bb8
DA		 591 int l3index;
592
593 l3index = l3mdev_master_ifindex_by_index(sock_net(sk),
594 addr_sk->sk_bound_dev_if);
595 return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr,
596 l3index);
cfb6eeb4
YH		 597}
598
8917a777 599static int tcp_v6_parse_md5_keys(struct sock *sk, int optname,
d4c19c49 600 sockptr_t optval, int optlen)
cfb6eeb4
YH		 601{
602 struct tcp_md5sig cmd;
603 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
dea53bb8 604 int l3index = 0;
8917a777 605 u8 prefixlen;
a76c2315 606 u8 flags;
cfb6eeb4
YH		 607
608 if (optlen < sizeof(cmd))
609 return -EINVAL;
610
d4c19c49 611 if (copy_from_sockptr(&cmd, optval, sizeof(cmd)))
cfb6eeb4
YH		 612 return -EFAULT;
613
614 if (sin6->sin6_family != AF_INET6)
615 return -EINVAL;
616
a76c2315
LC		 617 flags = cmd.tcpm_flags & TCP_MD5SIG_FLAG_IFINDEX;
618
8917a777
ID		 619 if (optname == TCP_MD5SIG_EXT &&
620 cmd.tcpm_flags & TCP_MD5SIG_FLAG_PREFIX) {
621 prefixlen = cmd.tcpm_prefixlen;
622 if (prefixlen > 128 || (ipv6_addr_v4mapped(&sin6->sin6_addr) &&
623 prefixlen > 32))
624 return -EINVAL;
625 } else {
626 prefixlen = ipv6_addr_v4mapped(&sin6->sin6_addr) ? 32 : 128;
627 }
628
a76c2315 629 if (optname == TCP_MD5SIG_EXT && cmd.tcpm_ifindex &&
6b102db5
DA		 630 cmd.tcpm_flags & TCP_MD5SIG_FLAG_IFINDEX) {
631 struct net_device *dev;
632
633 rcu_read_lock();
634 dev = dev_get_by_index_rcu(sock_net(sk), cmd.tcpm_ifindex);
635 if (dev && netif_is_l3_master(dev))
636 l3index = dev->ifindex;
637 rcu_read_unlock();
638
639 /* ok to reference set/not set outside of rcu;
640 * right now device MUST be an L3 master
641 */
642 if (!dev || !l3index)
643 return -EINVAL;
644 }
645
cfb6eeb4 646 if (!cmd.tcpm_keylen) {
e773e4fa 647 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
a915da9b 648 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
6b102db5 649 AF_INET, prefixlen,
a76c2315 650 l3index, flags);
a915da9b 651 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
a76c2315 652 AF_INET6, prefixlen, l3index, flags);
cfb6eeb4
YH		 653 }
654
655 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
656 return -EINVAL;
657
a915da9b
ED		 658 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
659 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
a76c2315 660 AF_INET, prefixlen, l3index, flags,
dea53bb8
DA		 661 cmd.tcpm_key, cmd.tcpm_keylen,
662 GFP_KERNEL);
cfb6eeb4 663
a915da9b 664 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
a76c2315 665 AF_INET6, prefixlen, l3index, flags,
dea53bb8 666 cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
cfb6eeb4
YH		 667}
668
19689e38
ED		 669static int tcp_v6_md5_hash_headers(struct tcp_md5sig_pool *hp,
670 const struct in6_addr *daddr,
671 const struct in6_addr *saddr,
672 const struct tcphdr *th, int nbytes)
cfb6eeb4 673{
cfb6eeb4 674 struct tcp6_pseudohdr *bp;
49a72dfb 675 struct scatterlist sg;
19689e38 676 struct tcphdr *_th;
8d26d76d 677
19689e38 678 bp = hp->scratch;
cfb6eeb4 679 /* 1. TCP pseudo-header (RFC2460) */
4e3fd7a0
AD		 680 bp->saddr = *saddr;
681 bp->daddr = *daddr;
49a72dfb 682 bp->protocol = cpu_to_be32(IPPROTO_TCP);
00b1304c 683 bp->len = cpu_to_be32(nbytes);
cfb6eeb4 684
19689e38
ED		 685 _th = (struct tcphdr *)(bp + 1);
686 memcpy(_th, th, sizeof(*th));
687 _th->check = 0;
688
689 sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th));
690 ahash_request_set_crypt(hp->md5_req, &sg, NULL,
691 sizeof(*bp) + sizeof(*th));
cf80e0e4 692 return crypto_ahash_update(hp->md5_req);
49a72dfb 693}
c7da57a1 694
19689e38 695static int tcp_v6_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
b71d1d42 696 const struct in6_addr *daddr, struct in6_addr *saddr,
318cf7aa 697 const struct tcphdr *th)
49a72dfb
AL		 698{
699 struct tcp_md5sig_pool *hp;
cf80e0e4 700 struct ahash_request *req;
49a72dfb
AL		 701
702 hp = tcp_get_md5sig_pool();
703 if (!hp)
704 goto clear_hash_noput;
cf80e0e4 705 req = hp->md5_req;
49a72dfb 706
cf80e0e4 707 if (crypto_ahash_init(req))
49a72dfb 708 goto clear_hash;
19689e38 709 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, th->doff << 2))
49a72dfb
AL		 710 goto clear_hash;
711 if (tcp_md5_hash_key(hp, key))
712 goto clear_hash;
cf80e0e4
HX		 713 ahash_request_set_crypt(req, NULL, md5_hash, 0);
714 if (crypto_ahash_final(req))
cfb6eeb4 715 goto clear_hash;
cfb6eeb4 716
cfb6eeb4 717 tcp_put_md5sig_pool();
cfb6eeb4 718 return 0;
49a72dfb 719
cfb6eeb4
YH		 720clear_hash:
721 tcp_put_md5sig_pool();
722clear_hash_noput:
723 memset(md5_hash, 0, 16);
49a72dfb 724 return 1;
cfb6eeb4
YH		 725}
726
39f8e58e
ED		 727static int tcp_v6_md5_hash_skb(char *md5_hash,
728 const struct tcp_md5sig_key *key,
318cf7aa 729 const struct sock *sk,
318cf7aa 730 const struct sk_buff *skb)
cfb6eeb4 731{
b71d1d42 732 const struct in6_addr *saddr, *daddr;
49a72dfb 733 struct tcp_md5sig_pool *hp;
cf80e0e4 734 struct ahash_request *req;
318cf7aa 735 const struct tcphdr *th = tcp_hdr(skb);
cfb6eeb4 736
39f8e58e
ED		 737 if (sk) { /* valid for establish/request sockets */
738 saddr = &sk->sk_v6_rcv_saddr;
efe4208f 739 daddr = &sk->sk_v6_daddr;
49a72dfb 740 } else {
b71d1d42 741 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
49a72dfb
AL		 742 saddr = &ip6h->saddr;
743 daddr = &ip6h->daddr;
cfb6eeb4 744 }
49a72dfb
AL		 745
746 hp = tcp_get_md5sig_pool();
747 if (!hp)
748 goto clear_hash_noput;
cf80e0e4 749 req = hp->md5_req;
49a72dfb 750
cf80e0e4 751 if (crypto_ahash_init(req))
49a72dfb
AL		 752 goto clear_hash;
753
19689e38 754 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, skb->len))
49a72dfb
AL		 755 goto clear_hash;
756 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
757 goto clear_hash;
758 if (tcp_md5_hash_key(hp, key))
759 goto clear_hash;
cf80e0e4
HX		 760 ahash_request_set_crypt(req, NULL, md5_hash, 0);
761 if (crypto_ahash_final(req))
49a72dfb
AL		 762 goto clear_hash;
763
764 tcp_put_md5sig_pool();
765 return 0;
766
767clear_hash:
768 tcp_put_md5sig_pool();
769clear_hash_noput:
770 memset(md5_hash, 0, 16);
771 return 1;
cfb6eeb4
YH		 772}
773
ba8e275a
ED		 774#endif
775
b40cf18e
ED		 776static void tcp_v6_init_req(struct request_sock *req,
777 const struct sock *sk_listener,
16bea70a
OP		 778 struct sk_buff *skb)
779{
c2027d1e 780 bool l3_slave = ipv6_l3mdev_skb(TCP_SKB_CB(skb)->header.h6.flags);
16bea70a 781 struct inet_request_sock *ireq = inet_rsk(req);
93a77c11 782 const struct ipv6_pinfo *np = tcp_inet6_sk(sk_listener);
16bea70a
OP		 783
784 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
785 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
786
16bea70a 787 /* So that link locals have meaning */
c2027d1e 788 if ((!sk_listener->sk_bound_dev_if || l3_slave) &&
16bea70a 789 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
870c3151 790 ireq->ir_iif = tcp_v6_iif(skb);
16bea70a 791
04317daf 792 if (!TCP_SKB_CB(skb)->tcp_tw_isn &&
b40cf18e 793 (ipv6_opt_accepted(sk_listener, skb, &TCP_SKB_CB(skb)->header.h6) ||
a224772d 794 np->rxopt.bits.rxinfo ||
16bea70a
OP		 795 np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim ||
796 np->rxopt.bits.rxohlim || np->repflow)) {
63354797 797 refcount_inc(&skb->users);
16bea70a
OP		 798 ireq->pktopts = skb;
799 }
800}
801
f964629e 802static struct dst_entry *tcp_v6_route_req(const struct sock *sk,
7ea851d1 803 struct sk_buff *skb,
f964629e 804 struct flowi *fl,
7ea851d1 805 struct request_sock *req)
d94e0417 806{
7ea851d1
FW		 807 tcp_v6_init_req(req, sk, skb);
808
809 if (security_inet_conn_request(sk, skb, req))
810 return NULL;
811
f76b33c3 812 return inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP);
d94e0417
OP		 813}
814
c6aefafb 815struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
1da177e4 816 .family = AF_INET6,
2e6599cb 817 .obj_size = sizeof(struct tcp6_request_sock),
5db92c99 818 .rtx_syn_ack = tcp_rtx_synack,
60236fdd
ACM		 819 .send_ack = tcp_v6_reqsk_send_ack,
820 .destructor = tcp_v6_reqsk_destructor,
72659ecc 821 .send_reset = tcp_v6_send_reset,
4aa956d8 822 .syn_ack_timeout = tcp_syn_ack_timeout,
1da177e4
LT		 823};
824
35b2c321 825const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
2aec4a29
OP		 826 .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) -
827 sizeof(struct ipv6hdr),
16bea70a 828#ifdef CONFIG_TCP_MD5SIG
fd3a154a 829 .req_md5_lookup = tcp_v6_md5_lookup,
e3afe7b7 830 .calc_md5_hash = tcp_v6_md5_hash_skb,
b6332e6c 831#endif
fb7b37a7
OP		 832#ifdef CONFIG_SYN_COOKIES
833 .cookie_init_seq = cookie_v6_init_sequence,
834#endif
d94e0417 835 .route_req = tcp_v6_route_req,
84b114b9
ED		 836 .init_seq = tcp_v6_init_seq,
837 .init_ts_off = tcp_v6_init_ts_off,
d6274bd8 838 .send_synack = tcp_v6_send_synack,
16bea70a 839};
cfb6eeb4 840
a00e7444 841static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 seq,
0f85feae
ED		 842 u32 ack, u32 win, u32 tsval, u32 tsecr,
843 int oif, struct tcp_md5sig_key *key, int rst,
e9a5dcee 844 u8 tclass, __be32 label, u32 priority)
1da177e4 845{
cf533ea5
ED		 846 const struct tcphdr *th = tcp_hdr(skb);
847 struct tcphdr *t1;
1da177e4 848 struct sk_buff *buff;
4c9483b2 849 struct flowi6 fl6;
0f85feae 850 struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
e5047992 851 struct sock *ctl_sk = net->ipv6.tcp_sk;
77c676da 852 unsigned int tot_len = sizeof(struct tcphdr);
dc87efdb 853 __be32 mrst = 0, *topt;
adf30907 854 struct dst_entry *dst;
00483690 855 __u32 mark = 0;
1da177e4 856
ee684b6f 857 if (tsecr)
626e264d 858 tot_len += TCPOLEN_TSTAMP_ALIGNED;
cfb6eeb4 859#ifdef CONFIG_TCP_MD5SIG
cfb6eeb4
YH		 860 if (key)
861 tot_len += TCPOLEN_MD5SIG_ALIGNED;
862#endif
863
dc87efdb
FW		 864#ifdef CONFIG_MPTCP
865 if (rst && !key) {
866 mrst = mptcp_reset_option(skb);
867
868 if (mrst)
869 tot_len += sizeof(__be32);
870 }
871#endif
872
0ebea8f9 873 buff = alloc_skb(MAX_TCP_HEADER, GFP_ATOMIC);
63159f29 874 if (!buff)
1ab1457c 875 return;
1da177e4 876
0ebea8f9 877 skb_reserve(buff, MAX_TCP_HEADER);
1da177e4 878
d58ff351 879 t1 = skb_push(buff, tot_len);
6651ffc8 880 skb_reset_transport_header(buff);
1da177e4
LT		 881
882 /* Swap the send and the receive. */
883 memset(t1, 0, sizeof(*t1));
884 t1->dest = th->source;
885 t1->source = th->dest;
cfb6eeb4 886 t1->doff = tot_len / 4;
626e264d
IJ		 887 t1->seq = htonl(seq);
888 t1->ack_seq = htonl(ack);
889 t1->ack = !rst || !th->ack;
890 t1->rst = rst;
891 t1->window = htons(win);
1da177e4 892
81ada62d
IJ		 893 topt = (__be32 *)(t1 + 1);
894
ee684b6f 895 if (tsecr) {
626e264d
IJ		 896 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
897 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
ee684b6f
AV		 898 *topt++ = htonl(tsval);
899 *topt++ = htonl(tsecr);
626e264d
IJ		 900 }
901
dc87efdb
FW		 902 if (mrst)
903 *topt++ = mrst;
904
cfb6eeb4
YH		 905#ifdef CONFIG_TCP_MD5SIG
906 if (key) {
81ada62d
IJ		 907 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
908 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
909 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
78e645cb
IJ		 910 &ipv6_hdr(skb)->saddr,
911 &ipv6_hdr(skb)->daddr, t1);
cfb6eeb4
YH		 912 }
913#endif
914
4c9483b2 915 memset(&fl6, 0, sizeof(fl6));
4e3fd7a0
AD		 916 fl6.daddr = ipv6_hdr(skb)->saddr;
917 fl6.saddr = ipv6_hdr(skb)->daddr;
1d13a96c 918 fl6.flowlabel = label;
1da177e4 919
e5700aff 920 buff->ip_summed = CHECKSUM_PARTIAL;
e5700aff 921
4c9483b2 922 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
1da177e4 923
4c9483b2 924 fl6.flowi6_proto = IPPROTO_TCP;
a36dbdb2 925 if (rt6_need_strict(&fl6.daddr) && !oif)
870c3151 926 fl6.flowi6_oif = tcp_v6_iif(skb);
9b6c14d5
DA		 927 else {
928 if (!oif && netif_index_is_l3_master(net, skb->skb_iif))
929 oif = skb->skb_iif;
930
931 fl6.flowi6_oif = oif;
932 }
1d2f7b2d 933
c67b8555
ED		 934 if (sk) {
935 if (sk->sk_state == TCP_TIME_WAIT) {
936 mark = inet_twsk(sk)->tw_mark;
937 /* autoflowlabel relies on buff->hash */
938 skb_set_hash(buff, inet_twsk(sk)->tw_txhash,
939 PKT_HASH_TYPE_L4);
940 } else {
941 mark = sk->sk_mark;
942 }
a1ac9c8a 943 skb_set_delivery_time(buff, tcp_transmit_time(sk), true);
c67b8555 944 }
00483690 945 fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark) ?: mark;
1958b856
DM		 946 fl6.fl6_dport = t1->dest;
947 fl6.fl6_sport = t1->source;
e2d118a1 948 fl6.flowi6_uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL);
3df98d79 949 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
1da177e4 950
c20121ae
DL		 951 /* Pass a socket to ip6_dst_lookup either it is for RST
952 * Underlying function will use this to retrieve the network
953 * namespace
954 */
c4e85f73 955 dst = ip6_dst_lookup_flow(sock_net(ctl_sk), ctl_sk, &fl6, NULL);
68d0c6d3
DM		 956 if (!IS_ERR(dst)) {
957 skb_dst_set(buff, dst);
e92dd77e
WW		 958 ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL,
959 tclass & ~INET_ECN_MASK, priority);
c10d9310 960 TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
68d0c6d3 961 if (rst)
c10d9310 962 TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
68d0c6d3 963 return;
1da177e4
LT		 964 }
965
966 kfree_skb(buff);
967}
968
a00e7444 969static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb)
1da177e4 970{
cf533ea5 971 const struct tcphdr *th = tcp_hdr(skb);
323a53c4 972 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
626e264d 973 u32 seq = 0, ack_seq = 0;
fa3e5b4e 974 struct tcp_md5sig_key *key = NULL;
658ddaaf
SL		 975#ifdef CONFIG_TCP_MD5SIG
976 const __u8 *hash_location = NULL;
658ddaaf
SL		 977 unsigned char newhash[16];
978 int genhash;
979 struct sock *sk1 = NULL;
980#endif
323a53c4 981 __be32 label = 0;
e9a5dcee 982 u32 priority = 0;
323a53c4 983 struct net *net;
c24b14c4 984 int oif = 0;
1da177e4 985
626e264d 986 if (th->rst)
1da177e4
LT		 987 return;
988
c3658e8d
ED		 989 /* If sk not NULL, it means we did a successful lookup and incoming
990 * route had to be correct. prequeue might have dropped our dst.
991 */
992 if (!sk && !ipv6_unicast_destination(skb))
626e264d 993 return;
1da177e4 994
39209673 995 net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
cfb6eeb4 996#ifdef CONFIG_TCP_MD5SIG
3b24d854 997 rcu_read_lock();
658ddaaf 998 hash_location = tcp_parse_md5sig_option(th);
271c3b9b 999 if (sk && sk_fullsock(sk)) {
dea53bb8
DA		 1000 int l3index;
1001
1002 /* sdif set, means packet ingressed via a device
1003 * in an L3 domain and inet_iif is set to it.
1004 */
1005 l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
1006 key = tcp_v6_md5_do_lookup(sk, &ipv6h->saddr, l3index);
e46787f0 1007 } else if (hash_location) {
d14c77e0
DA		 1008 int dif = tcp_v6_iif_l3_slave(skb);
1009 int sdif = tcp_v6_sdif(skb);
dea53bb8 1010 int l3index;
d14c77e0 1011
658ddaaf
SL		 1012 /*
1013 * active side is lost. Try to find listening socket through
1014 * source port, and then find md5 key through listening socket.
1015 * we are not loose security here:
1016 * Incoming packet is checked with md5 hash with finding key,
1017 * no RST generated if md5 hash doesn't match.
1018 */
323a53c4 1019 sk1 = inet6_lookup_listener(net,
a583636a
CG		 1020 &tcp_hashinfo, NULL, 0,
1021 &ipv6h->saddr,
5ba24953 1022 th->source, &ipv6h->daddr,
d14c77e0 1023 ntohs(th->source), dif, sdif);
658ddaaf 1024 if (!sk1)
3b24d854 1025 goto out;
658ddaaf 1026
dea53bb8
DA		 1027 /* sdif set, means packet ingressed via a device
1028 * in an L3 domain and dif is set to it.
1029 */
1030 l3index = tcp_v6_sdif(skb) ? dif : 0;
1031
1032 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr, l3index);
658ddaaf 1033 if (!key)
3b24d854 1034 goto out;
658ddaaf 1035
39f8e58e 1036 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, skb);
658ddaaf 1037 if (genhash || memcmp(hash_location, newhash, 16) != 0)
3b24d854 1038 goto out;
658ddaaf 1039 }
cfb6eeb4
YH		 1040#endif
1041
626e264d
IJ		 1042 if (th->ack)
1043 seq = ntohl(th->ack_seq);
1044 else
1045 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
1046 (th->doff << 2);
1da177e4 1047
c24b14c4
SL		 1048 if (sk) {
1049 oif = sk->sk_bound_dev_if;
052e0690
ED		 1050 if (sk_fullsock(sk)) {
1051 const struct ipv6_pinfo *np = tcp_inet6_sk(sk);
1052
5c487bb9 1053 trace_tcp_send_reset(sk, skb);
052e0690
ED		 1054 if (np->repflow)
1055 label = ip6_flowlabel(ipv6h);
e9a5dcee 1056 priority = sk->sk_priority;
052e0690 1057 }
f6c0f5d2 1058 if (sk->sk_state == TCP_TIME_WAIT) {
50a8accf 1059 label = cpu_to_be32(inet_twsk(sk)->tw_flowlabel);
f6c0f5d2
ED		 1060 priority = inet_twsk(sk)->tw_priority;
1061 }
323a53c4 1062 } else {
a346abe0 1063 if (net->ipv6.sysctl.flowlabel_reflect & FLOWLABEL_REFLECT_TCP_RESET)
323a53c4 1064 label = ip6_flowlabel(ipv6h);
c24b14c4
SL		 1065 }
1066
e92dd77e
WW		 1067 tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, key, 1,
1068 ipv6_get_dsfield(ipv6h), label, priority);
658ddaaf
SL		 1069
1070#ifdef CONFIG_TCP_MD5SIG
3b24d854
ED		 1071out:
1072 rcu_read_unlock();
658ddaaf 1073#endif
626e264d 1074}
1da177e4 1075
a00e7444 1076static void tcp_v6_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq,
0f85feae 1077 u32 ack, u32 win, u32 tsval, u32 tsecr, int oif,
1d13a96c 1078 struct tcp_md5sig_key *key, u8 tclass,
e9a5dcee 1079 __be32 label, u32 priority)
626e264d 1080{
0f85feae 1081 tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, key, 0,
e9a5dcee 1082 tclass, label, priority);
1da177e4
LT		 1083}
1084
1085static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1086{
8feaf0c0 1087 struct inet_timewait_sock *tw = inet_twsk(sk);
cfb6eeb4 1088 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1da177e4 1089
0f85feae 1090 tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
8feaf0c0 1091 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
9a568de4 1092 tcp_time_stamp_raw() + tcptw->tw_ts_offset,
9c76a114 1093 tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw),
f6c0f5d2 1094 tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel), tw->tw_priority);
1da177e4 1095
8feaf0c0 1096 inet_twsk_put(tw);
1da177e4
LT		 1097}
1098
a00e7444 1099static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
6edafaaf 1100 struct request_sock *req)
1da177e4 1101{
dea53bb8
DA		 1102 int l3index;
1103
1104 l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
1105
3a19ce0e
DL		 1106 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
1107 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
1108 */
20a2b49f
ED		 1109 /* RFC 7323 2.3
1110 * The window field (SEG.WND) of every outgoing segment, with the
1111 * exception of <SYN> segments, MUST be right-shifted by
1112 * Rcv.Wind.Shift bits:
1113 */
0f85feae 1114 tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ?
3a19ce0e 1115 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
20a2b49f
ED		 1116 tcp_rsk(req)->rcv_nxt,
1117 req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale,
9a568de4 1118 tcp_time_stamp_raw() + tcp_rsk(req)->ts_off,
95a22cae 1119 req->ts_recent, sk->sk_bound_dev_if,
dea53bb8 1120 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->saddr, l3index),
e92dd77e 1121 ipv6_get_dsfield(ipv6_hdr(skb)), 0, sk->sk_priority);
1da177e4
LT		 1122}
1123
1124
079096f1 1125static struct sock *tcp_v6_cookie_check(struct sock *sk, struct sk_buff *skb)
1da177e4 1126{
079096f1 1127#ifdef CONFIG_SYN_COOKIES
aa8223c7 1128 const struct tcphdr *th = tcp_hdr(skb);
1da177e4 1129
af9b4738 1130 if (!th->syn)
c6aefafb 1131 sk = cookie_v6_check(sk, skb);
1da177e4
LT		 1132#endif
1133 return sk;
1134}
1135
9349d600
PP		 1136u16 tcp_v6_get_syncookie(struct sock *sk, struct ipv6hdr *iph,
1137 struct tcphdr *th, u32 *cookie)
1138{
1139 u16 mss = 0;
1140#ifdef CONFIG_SYN_COOKIES
1141 mss = tcp_get_syncookie_mss(&tcp6_request_sock_ops,
1142 &tcp_request_sock_ipv6_ops, sk, th);
1143 if (mss) {
1144 *cookie = __cookie_v6_init_sequence(iph, th, &mss);
1145 tcp_synq_overflow(sk);
1146 }
1147#endif
1148 return mss;
1149}
1150
1da177e4
LT		 1151static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1152{
1da177e4
LT		 1153 if (skb->protocol == htons(ETH_P_IP))
1154 return tcp_v4_conn_request(sk, skb);
1155
1156 if (!ipv6_unicast_destination(skb))
1ab1457c 1157 goto drop;
1da177e4 1158
dcc32f4f
JK		 1159 if (ipv6_addr_v4mapped(&ipv6_hdr(skb)->saddr)) {
1160 __IP6_INC_STATS(sock_net(sk), NULL, IPSTATS_MIB_INHDRERRORS);
1161 return 0;
1162 }
1163
1fb6f159
OP		 1164 return tcp_conn_request(&tcp6_request_sock_ops,
1165 &tcp_request_sock_ipv6_ops, sk, skb);
1da177e4
LT		 1166
1167drop:
9caad864 1168 tcp_listendrop(sk);
1da177e4
LT		 1169 return 0; /* don't send reset */
1170}
1171
ebf6c9cb
ED		 1172static void tcp_v6_restore_cb(struct sk_buff *skb)
1173{
1174 /* We need to move header back to the beginning if xfrm6_policy_check()
1175 * and tcp_v6_fill_cb() are going to be called again.
1176 * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there.
1177 */
1178 memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
1179 sizeof(struct inet6_skb_parm));
1180}
1181
0c27171e 1182static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
4c99aa40 1183 struct request_sock *req,
5e0724d0
ED		 1184 struct dst_entry *dst,
1185 struct request_sock *req_unhash,
1186 bool *own_req)
1da177e4 1187{
634fb979 1188 struct inet_request_sock *ireq;
0c27171e 1189 struct ipv6_pinfo *newnp;
93a77c11 1190 const struct ipv6_pinfo *np = tcp_inet6_sk(sk);
45f6fad8 1191 struct ipv6_txoptions *opt;
1da177e4 1192 struct inet_sock *newinet;
01770a16 1193 bool found_dup_sk = false;
1da177e4
LT		 1194 struct tcp_sock *newtp;
1195 struct sock *newsk;
cfb6eeb4
YH		 1196#ifdef CONFIG_TCP_MD5SIG
1197 struct tcp_md5sig_key *key;
dea53bb8 1198 int l3index;
cfb6eeb4 1199#endif
3840a06e 1200 struct flowi6 fl6;
1da177e4
LT		 1201
1202 if (skb->protocol == htons(ETH_P_IP)) {
1203 /*
1204 * v6 mapped
1205 */
1206
5e0724d0
ED		 1207 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst,
1208 req_unhash, own_req);
1da177e4 1209
63159f29 1210 if (!newsk)
1da177e4
LT		 1211 return NULL;
1212
93a77c11 1213 inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk);
1da177e4 1214
93a77c11 1215 newnp = tcp_inet6_sk(newsk);
1da177e4
LT		 1216 newtp = tcp_sk(newsk);
1217
1218 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1219
d1e559d0 1220 newnp->saddr = newsk->sk_v6_rcv_saddr;
1da177e4 1221
8292a17a 1222 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
cec37a6e 1223 if (sk_is_mptcp(newsk))
31484d56 1224 mptcpv6_handle_mapped(newsk, true);
1da177e4 1225 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
cfb6eeb4
YH		 1226#ifdef CONFIG_TCP_MD5SIG
1227 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1228#endif
1229
83eaddab 1230 newnp->ipv6_mc_list = NULL;
676a1184
YZ		 1231 newnp->ipv6_ac_list = NULL;
1232 newnp->ipv6_fl_list = NULL;
1da177e4
LT		 1233 newnp->pktoptions = NULL;
1234 newnp->opt = NULL;
89e41309
ED		 1235 newnp->mcast_oif = inet_iif(skb);
1236 newnp->mcast_hops = ip_hdr(skb)->ttl;
1237 newnp->rcv_flowinfo = 0;
df3687ff 1238 if (np->repflow)
89e41309 1239 newnp->flow_label = 0;
1da177e4 1240
e6848976
ACM		 1241 /*
1242 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1243 * here, tcp_create_openreq_child now does this for us, see the comment in
1244 * that function for the gory details. -acme
1da177e4 1245 */
1da177e4
LT		 1246
1247 /* It is tricky place. Until this moment IPv4 tcp
8292a17a 1248 worked with IPv6 icsk.icsk_af_ops.
1da177e4
LT		 1249 Sync it now.
1250 */
d83d8461 1251 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1da177e4
LT		 1252
1253 return newsk;
1254 }
1255
634fb979 1256 ireq = inet_rsk(req);
1da177e4
LT		 1257
1258 if (sk_acceptq_is_full(sk))
1259 goto out_overflow;
1260
493f377d 1261 if (!dst) {
f76b33c3 1262 dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_TCP);
493f377d 1263 if (!dst)
1da177e4 1264 goto out;
1ab1457c 1265 }
1da177e4
LT		 1266
1267 newsk = tcp_create_openreq_child(sk, req, skb);
63159f29 1268 if (!newsk)
093d2823 1269 goto out_nonewsk;
1da177e4 1270
e6848976
ACM		 1271 /*
1272 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1273 * count here, tcp_create_openreq_child now does this for us, see the
1274 * comment in that function for the gory details. -acme
1275 */
1da177e4 1276
59eed279 1277 newsk->sk_gso_type = SKB_GSO_TCPV6;
6bd4f355 1278 ip6_dst_store(newsk, dst, NULL, NULL);
fae6ef87 1279 inet6_sk_rx_dst_set(newsk, skb);
1da177e4 1280
93a77c11 1281 inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk);
1da177e4
LT		 1282
1283 newtp = tcp_sk(newsk);
1284 newinet = inet_sk(newsk);
93a77c11 1285 newnp = tcp_inet6_sk(newsk);
1da177e4
LT		 1286
1287 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1288
634fb979
ED		 1289 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
1290 newnp->saddr = ireq->ir_v6_loc_addr;
1291 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
1292 newsk->sk_bound_dev_if = ireq->ir_iif;
1da177e4 1293
1ab1457c 1294 /* Now IPv6 options...
1da177e4
LT		 1295
1296 First: no IPv4 options.
1297 */
f6d8bd05 1298 newinet->inet_opt = NULL;
83eaddab 1299 newnp->ipv6_mc_list = NULL;
676a1184 1300 newnp->ipv6_ac_list = NULL;
d35690be 1301 newnp->ipv6_fl_list = NULL;
1da177e4
LT		 1302
1303 /* Clone RX bits */
1304 newnp->rxopt.all = np->rxopt.all;
1305
1da177e4 1306 newnp->pktoptions = NULL;
1da177e4 1307 newnp->opt = NULL;
870c3151 1308 newnp->mcast_oif = tcp_v6_iif(skb);
0660e03f 1309 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1397ed35 1310 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
df3687ff
FF		 1311 if (np->repflow)
1312 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1da177e4 1313
8ef44b6f
WW		 1314 /* Set ToS of the new socket based upon the value of incoming SYN.
1315 * ECT bits are set later in tcp_init_transfer().
1316 */
ac8f1710
WW		 1317 if (sock_net(sk)->ipv4.sysctl_tcp_reflect_tos)
1318 newnp->tclass = tcp_rsk(req)->syn_tos & ~INET_ECN_MASK;
1319
1da177e4
LT		 1320 /* Clone native IPv6 options from listening socket (if any)
1321
1322 Yes, keeping reference count would be much more clever,
1323 but we make one more one thing there: reattach optmem
1324 to newsk.
1325 */
56ac42bc
HD		 1326 opt = ireq->ipv6_opt;
1327 if (!opt)
1328 opt = rcu_dereference(np->opt);
45f6fad8
ED		 1329 if (opt) {
1330 opt = ipv6_dup_options(newsk, opt);
1331 RCU_INIT_POINTER(newnp->opt, opt);
1332 }
d83d8461 1333 inet_csk(newsk)->icsk_ext_hdr_len = 0;
45f6fad8
ED		 1334 if (opt)
1335 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen +
1336 opt->opt_flen;
1da177e4 1337
81164413
DB		 1338 tcp_ca_openreq_child(newsk, dst);
1339
1da177e4 1340 tcp_sync_mss(newsk, dst_mtu(dst));
3541f9e8 1341 newtp->advmss = tcp_mss_clamp(tcp_sk(sk), dst_metric_advmss(dst));
d135c522 1342
1da177e4
LT		 1343 tcp_initialize_rcv_mss(newsk);
1344
c720c7e8
ED		 1345 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1346 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1da177e4 1347
cfb6eeb4 1348#ifdef CONFIG_TCP_MD5SIG
dea53bb8
DA		 1349 l3index = l3mdev_master_ifindex_by_index(sock_net(sk), ireq->ir_iif);
1350
cfb6eeb4 1351 /* Copy over the MD5 key from the original socket */
dea53bb8 1352 key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr, l3index);
53b24b8f 1353 if (key) {
cfb6eeb4
YH		 1354 /* We're using one, so create a matching key
1355 * on the newsk structure. If we fail to get
1356 * memory, then we end up not copying the key
1357 * across. Shucks.
1358 */
efe4208f 1359 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr,
a76c2315 1360 AF_INET6, 128, l3index, key->flags, key->key, key->keylen,
7450aaf6 1361 sk_gfp_mask(sk, GFP_ATOMIC));
cfb6eeb4
YH		 1362 }
1363#endif
1364
093d2823 1365 if (__inet_inherit_port(sk, newsk) < 0) {
e337e24d
CP		 1366 inet_csk_prepare_forced_close(newsk);
1367 tcp_done(newsk);
093d2823
BS		 1368 goto out;
1369 }
01770a16
RD		 1370 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash),
1371 &found_dup_sk);
805c4bc0 1372 if (*own_req) {
49a496c9 1373 tcp_move_syn(newtp, req);
805c4bc0
ED		 1374
1375 /* Clone pktoptions received with SYN, if we own the req */
1376 if (ireq->pktopts) {
1377 newnp->pktoptions = skb_clone(ireq->pktopts,
7450aaf6 1378 sk_gfp_mask(sk, GFP_ATOMIC));
805c4bc0
ED		 1379 consume_skb(ireq->pktopts);
1380 ireq->pktopts = NULL;
ebf6c9cb
ED		 1381 if (newnp->pktoptions) {
1382 tcp_v6_restore_cb(newnp->pktoptions);
805c4bc0 1383 skb_set_owner_r(newnp->pktoptions, newsk);
ebf6c9cb 1384 }
805c4bc0 1385 }
01770a16
RD		 1386 } else {
1387 if (!req_unhash && found_dup_sk) {
1388 /* This code path should only be executed in the
1389 * syncookie case only
1390 */
1391 bh_unlock_sock(newsk);
1392 sock_put(newsk);
1393 newsk = NULL;
1394 }
ce105008 1395 }
1da177e4
LT		 1396
1397 return newsk;
1398
1399out_overflow:
02a1d6e7 1400 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
093d2823 1401out_nonewsk:
1da177e4 1402 dst_release(dst);
093d2823 1403out:
9caad864 1404 tcp_listendrop(sk);
1da177e4
LT		 1405 return NULL;
1406}
1407
bbd807df
BV		 1408INDIRECT_CALLABLE_DECLARE(struct dst_entry *ipv4_dst_check(struct dst_entry *,
1409 u32));
1da177e4 1410/* The socket must have it's spinlock held when we get
e994b2f0 1411 * here, unless it is a TCP_LISTEN socket.
1da177e4
LT		 1412 *
1413 * We have a potential double-lock case here, so even when
1414 * doing backlog processing we use the BH locking scheme.
1415 * This is because we cannot sleep with the original spinlock
1416 * held.
1417 */
d2489c7b
ED		 1418INDIRECT_CALLABLE_SCOPE
1419int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1da177e4 1420{
93a77c11 1421 struct ipv6_pinfo *np = tcp_inet6_sk(sk);
1da177e4 1422 struct sk_buff *opt_skb = NULL;
8eba65fa 1423 enum skb_drop_reason reason;
93a77c11 1424 struct tcp_sock *tp;
1da177e4
LT		 1425
1426 /* Imagine: socket is IPv6. IPv4 packet arrives,
1427 goes to IPv4 receive handler and backlogged.
1428 From backlog it always goes here. Kerboom...
1429 Fortunately, tcp_rcv_established and rcv_established
1430 handle them correctly, but it is not case with
1431 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1432 */
1433
1434 if (skb->protocol == htons(ETH_P_IP))
1435 return tcp_v4_do_rcv(sk, skb);
1436
1da177e4
LT		 1437 /*
1438 * socket locking is here for SMP purposes as backlog rcv
1439 * is currently called with bh processing disabled.
1440 */
1441
1442 /* Do Stevens' IPV6_PKTOPTIONS.
1443
1444 Yes, guys, it is the only place in our code, where we
1445 may make it not affecting IPv4.
1446 The rest of code is protocol independent,
1447 and I do not like idea to uglify IPv4.
1448
1449 Actually, all the idea behind IPV6_PKTOPTIONS
1450 looks not very well thought. For now we latch
1451 options, received in the last packet, enqueued
1452 by tcp. Feel free to propose better solution.
1ab1457c 1453 --ANK (980728)
1da177e4
LT		 1454 */
1455 if (np->rxopt.all)
7450aaf6 1456 opt_skb = skb_clone(skb, sk_gfp_mask(sk, GFP_ATOMIC));
1da177e4 1457
8eba65fa 1458 reason = SKB_DROP_REASON_NOT_SPECIFIED;
1da177e4 1459 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
8f905c0e
ED		 1460 struct dst_entry *dst;
1461
1462 dst = rcu_dereference_protected(sk->sk_rx_dst,
1463 lockdep_sock_is_held(sk));
5d299f3d 1464
bdeab991 1465 sock_rps_save_rxhash(sk, skb);
3d97379a 1466 sk_mark_napi_id(sk, skb);
5d299f3d 1467 if (dst) {
0c0a5ef8 1468 if (sk->sk_rx_dst_ifindex != skb->skb_iif ||
bbd807df 1469 INDIRECT_CALL_1(dst->ops->check, ip6_dst_check,
ef57c161 1470 dst, sk->sk_rx_dst_cookie) == NULL) {
8f905c0e 1471 RCU_INIT_POINTER(sk->sk_rx_dst, NULL);
5d299f3d 1472 dst_release(dst);
5d299f3d
ED		 1473 }
1474 }
1475
3d97d88e 1476 tcp_rcv_established(sk, skb);
1da177e4
LT		 1477 if (opt_skb)
1478 goto ipv6_pktoptions;
1479 return 0;
1480 }
1481
12e25e10 1482 if (tcp_checksum_complete(skb))
1da177e4
LT		 1483 goto csum_err;
1484
1ab1457c 1485 if (sk->sk_state == TCP_LISTEN) {
079096f1
ED		 1486 struct sock *nsk = tcp_v6_cookie_check(sk, skb);
1487
1da177e4
LT		 1488 if (!nsk)
1489 goto discard;
1490
4c99aa40 1491 if (nsk != sk) {
1da177e4
LT		 1492 if (tcp_child_process(sk, nsk, skb))
1493 goto reset;
1494 if (opt_skb)
1495 __kfree_skb(opt_skb);
1496 return 0;
1497 }
47482f13 1498 } else
bdeab991 1499 sock_rps_save_rxhash(sk, skb);
1da177e4 1500
72ab4a86 1501 if (tcp_rcv_state_process(sk, skb))
1da177e4 1502 goto reset;
1da177e4
LT		 1503 if (opt_skb)
1504 goto ipv6_pktoptions;
1505 return 0;
1506
1507reset:
cfb6eeb4 1508 tcp_v6_send_reset(sk, skb);
1da177e4
LT		 1509discard:
1510 if (opt_skb)
1511 __kfree_skb(opt_skb);
8eba65fa 1512 kfree_skb_reason(skb, reason);
1da177e4
LT		 1513 return 0;
1514csum_err:
8eba65fa 1515 reason = SKB_DROP_REASON_TCP_CSUM;
709c0314 1516 trace_tcp_bad_csum(skb);
c10d9310
ED		 1517 TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS);
1518 TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS);
1da177e4
LT		 1519 goto discard;
1520
1521
1522ipv6_pktoptions:
1523 /* Do you ask, what is it?
1524
1525 1. skb was enqueued by tcp.
1526 2. skb is added to tail of read queue, rather than out of order.
1527 3. socket is not in passive state.
1528 4. Finally, it really contains options, which user wants to receive.
1529 */
1530 tp = tcp_sk(sk);
1531 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1532 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
333fad53 1533 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
870c3151 1534 np->mcast_oif = tcp_v6_iif(opt_skb);
333fad53 1535 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
0660e03f 1536 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
82e9f105 1537 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
1397ed35 1538 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
df3687ff
FF		 1539 if (np->repflow)
1540 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
a224772d 1541 if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) {
1da177e4 1542 skb_set_owner_r(opt_skb, sk);
8ce48623 1543 tcp_v6_restore_cb(opt_skb);
1da177e4
LT		 1544 opt_skb = xchg(&np->pktoptions, opt_skb);
1545 } else {
1546 __kfree_skb(opt_skb);
1547 opt_skb = xchg(&np->pktoptions, NULL);
1548 }
1549 }
1550
12c8691d 1551 consume_skb(opt_skb);
1da177e4
LT		 1552 return 0;
1553}
1554
2dc49d16
ND		 1555static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
1556 const struct tcphdr *th)
1557{
1558 /* This is tricky: we move IP6CB at its correct location into
1559 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
1560 * _decode_session6() uses IP6CB().
1561 * barrier() makes sure compiler won't play aliasing games.
1562 */
1563 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
1564 sizeof(struct inet6_skb_parm));
1565 barrier();
1566
1567 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1568 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1569 skb->len - th->doff*4);
1570 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1571 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1572 TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1573 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1574 TCP_SKB_CB(skb)->sacked = 0;
98aaa913
MM		 1575 TCP_SKB_CB(skb)->has_rxtstamp =
1576 skb->tstamp || skb_hwtstamps(skb)->hwtstamp;
2dc49d16
ND		 1577}
1578
0e219ae4 1579INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
1da177e4 1580{
c0e3154d 1581 enum skb_drop_reason drop_reason;
4297a0ef 1582 int sdif = inet6_sdif(skb);
d14c77e0 1583 int dif = inet6_iif(skb);
cf533ea5 1584 const struct tcphdr *th;
b71d1d42 1585 const struct ipv6hdr *hdr;
3b24d854 1586 bool refcounted;
1da177e4
LT		 1587 struct sock *sk;
1588 int ret;
a86b1e30 1589 struct net *net = dev_net(skb->dev);
1da177e4 1590
c0e3154d 1591 drop_reason = SKB_DROP_REASON_NOT_SPECIFIED;
1da177e4
LT		 1592 if (skb->pkt_type != PACKET_HOST)
1593 goto discard_it;
1594
1595 /*
1596 * Count it even if it's bad.
1597 */
90bbcc60 1598 __TCP_INC_STATS(net, TCP_MIB_INSEGS);
1da177e4
LT		 1599
1600 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1601 goto discard_it;
1602
ea1627c2 1603 th = (const struct tcphdr *)skb->data;
1da177e4 1604
c0e3154d
MD		 1605 if (unlikely(th->doff < sizeof(struct tcphdr) / 4)) {
1606 drop_reason = SKB_DROP_REASON_PKT_TOO_SMALL;
1da177e4 1607 goto bad_packet;
c0e3154d 1608 }
1da177e4
LT		 1609 if (!pskb_may_pull(skb, th->doff*4))
1610 goto discard_it;
1611
e4f45b7f 1612 if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo))
6a5dc9e5 1613 goto csum_error;
1da177e4 1614
ea1627c2 1615 th = (const struct tcphdr *)skb->data;
e802af9c 1616 hdr = ipv6_hdr(skb);
1da177e4 1617
4bdc3d66 1618lookup:
a583636a 1619 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th),
4297a0ef 1620 th->source, th->dest, inet6_iif(skb), sdif,
3b24d854 1621 &refcounted);
1da177e4
LT		 1622 if (!sk)
1623 goto no_tcp_socket;
1624
1625process:
1626 if (sk->sk_state == TCP_TIME_WAIT)
1627 goto do_time_wait;
1628
079096f1
ED		 1629 if (sk->sk_state == TCP_NEW_SYN_RECV) {
1630 struct request_sock *req = inet_reqsk(sk);
e0f9759f 1631 bool req_stolen = false;
7716682c 1632 struct sock *nsk;
079096f1
ED		 1633
1634 sk = req->rsk_listener;
1330b6ef
JK		 1635 drop_reason = tcp_inbound_md5_hash(sk, skb,
1636 &hdr->saddr, &hdr->daddr,
1637 AF_INET6, dif, sdif);
1638 if (drop_reason) {
e65c332d 1639 sk_drops_add(sk, skb);
079096f1
ED		 1640 reqsk_put(req);
1641 goto discard_it;
1642 }
4fd44a98
FL		 1643 if (tcp_checksum_complete(skb)) {
1644 reqsk_put(req);
1645 goto csum_error;
1646 }
7716682c 1647 if (unlikely(sk->sk_state != TCP_LISTEN)) {
d4f2c86b
KI		 1648 nsk = reuseport_migrate_sock(sk, req_to_sk(req), skb);
1649 if (!nsk) {
1650 inet_csk_reqsk_queue_drop_and_put(sk, req);
1651 goto lookup;
1652 }
1653 sk = nsk;
1654 /* reuseport_migrate_sock() has already held one sk_refcnt
1655 * before returning.
1656 */
1657 } else {
1658 sock_hold(sk);
4bdc3d66 1659 }
3b24d854 1660 refcounted = true;
1f3b359f 1661 nsk = NULL;
eeea10b8
ED		 1662 if (!tcp_filter(sk, skb)) {
1663 th = (const struct tcphdr *)skb->data;
1664 hdr = ipv6_hdr(skb);
1665 tcp_v6_fill_cb(skb, hdr, th);
e0f9759f 1666 nsk = tcp_check_req(sk, skb, req, false, &req_stolen);
c0e3154d
MD		 1667 } else {
1668 drop_reason = SKB_DROP_REASON_SOCKET_FILTER;
eeea10b8 1669 }
079096f1
ED		 1670 if (!nsk) {
1671 reqsk_put(req);
e0f9759f
ED		 1672 if (req_stolen) {
1673 /* Another cpu got exclusive access to req
1674 * and created a full blown socket.
1675 * Try to feed this packet to this socket
1676 * instead of discarding it.
1677 */
1678 tcp_v6_restore_cb(skb);
1679 sock_put(sk);
1680 goto lookup;
1681 }
7716682c 1682 goto discard_and_relse;
079096f1
ED		 1683 }
1684 if (nsk == sk) {
079096f1
ED		 1685 reqsk_put(req);
1686 tcp_v6_restore_cb(skb);
1687 } else if (tcp_child_process(sk, nsk, skb)) {
1688 tcp_v6_send_reset(nsk, skb);
7716682c 1689 goto discard_and_relse;
079096f1 1690 } else {
7716682c 1691 sock_put(sk);
079096f1
ED		 1692 return 0;
1693 }
1694 }
790eb673
ED		 1695
1696 if (static_branch_unlikely(&ip6_min_hopcount)) {
1697 /* min_hopcount can be changed concurrently from do_ipv6_setsockopt() */
1698 if (hdr->hop_limit < READ_ONCE(tcp_inet6_sk(sk)->min_hopcount)) {
1699 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
1700 goto discard_and_relse;
1701 }
e802af9c
SH		 1702 }
1703
c0e3154d
MD		 1704 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) {
1705 drop_reason = SKB_DROP_REASON_XFRM_POLICY;
1da177e4 1706 goto discard_and_relse;
c0e3154d 1707 }
1da177e4 1708
1330b6ef
JK		 1709 drop_reason = tcp_inbound_md5_hash(sk, skb, &hdr->saddr, &hdr->daddr,
1710 AF_INET6, dif, sdif);
1711 if (drop_reason)
9ea88a15 1712 goto discard_and_relse;
9ea88a15 1713
c0e3154d
MD		 1714 if (tcp_filter(sk, skb)) {
1715 drop_reason = SKB_DROP_REASON_SOCKET_FILTER;
1da177e4 1716 goto discard_and_relse;
c0e3154d 1717 }
ac6e7800
ED		 1718 th = (const struct tcphdr *)skb->data;
1719 hdr = ipv6_hdr(skb);
eeea10b8 1720 tcp_v6_fill_cb(skb, hdr, th);
1da177e4
LT		 1721
1722 skb->dev = NULL;
1723
e994b2f0
ED		 1724 if (sk->sk_state == TCP_LISTEN) {
1725 ret = tcp_v6_do_rcv(sk, skb);
1726 goto put_and_return;
1727 }
1728
1729 sk_incoming_cpu_update(sk);
1730
f35f8219 1731 sk_defer_free_flush(sk);
293b9c42 1732 bh_lock_sock_nested(sk);
a44d6eac 1733 tcp_segs_in(tcp_sk(sk), skb);
1da177e4
LT		 1734 ret = 0;
1735 if (!sock_owned_by_user(sk)) {
e7942d06 1736 ret = tcp_v6_do_rcv(sk, skb);
8b27dae5 1737 } else {
7a26dc9e 1738 if (tcp_add_backlog(sk, skb, &drop_reason))
8b27dae5 1739 goto discard_and_relse;
6b03a53a 1740 }
1da177e4 1741 bh_unlock_sock(sk);
e994b2f0 1742put_and_return:
3b24d854
ED		 1743 if (refcounted)
1744 sock_put(sk);
1da177e4
LT		 1745 return ret ? -1 : 0;
1746
1747no_tcp_socket:
c0e3154d 1748 drop_reason = SKB_DROP_REASON_NO_SOCKET;
1da177e4
LT		 1749 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1750 goto discard_it;
1751
2dc49d16
ND		 1752 tcp_v6_fill_cb(skb, hdr, th);
1753
12e25e10 1754 if (tcp_checksum_complete(skb)) {
6a5dc9e5 1755csum_error:
c0e3154d 1756 drop_reason = SKB_DROP_REASON_TCP_CSUM;
709c0314 1757 trace_tcp_bad_csum(skb);
90bbcc60 1758 __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS);
1da177e4 1759bad_packet:
90bbcc60 1760 __TCP_INC_STATS(net, TCP_MIB_INERRS);
1da177e4 1761 } else {
cfb6eeb4 1762 tcp_v6_send_reset(NULL, skb);
1da177e4
LT		 1763 }
1764
1765discard_it:
c0e3154d 1766 kfree_skb_reason(skb, drop_reason);
1da177e4
LT		 1767 return 0;
1768
1769discard_and_relse:
532182cd 1770 sk_drops_add(sk, skb);
3b24d854
ED		 1771 if (refcounted)
1772 sock_put(sk);
1da177e4
LT		 1773 goto discard_it;
1774
1775do_time_wait:
1776 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
c0e3154d 1777 drop_reason = SKB_DROP_REASON_XFRM_POLICY;
9469c7b4 1778 inet_twsk_put(inet_twsk(sk));
1da177e4
LT		 1779 goto discard_it;
1780 }
1781
2dc49d16
ND		 1782 tcp_v6_fill_cb(skb, hdr, th);
1783
6a5dc9e5
ED		 1784 if (tcp_checksum_complete(skb)) {
1785 inet_twsk_put(inet_twsk(sk));
1786 goto csum_error;
1da177e4
LT		 1787 }
1788
9469c7b4 1789 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1da177e4
LT		 1790 case TCP_TW_SYN:
1791 {
1792 struct sock *sk2;
1793
c346dca1 1794 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
a583636a 1795 skb, __tcp_hdrlen(th),
5ba24953 1796 &ipv6_hdr(skb)->saddr, th->source,
0660e03f 1797 &ipv6_hdr(skb)->daddr,
24b711ed
DA		 1798 ntohs(th->dest),
1799 tcp_v6_iif_l3_slave(skb),
4297a0ef 1800 sdif);
53b24b8f 1801 if (sk2) {
295ff7ed 1802 struct inet_timewait_sock *tw = inet_twsk(sk);
dbe7faa4 1803 inet_twsk_deschedule_put(tw);
1da177e4 1804 sk = sk2;
4ad19de8 1805 tcp_v6_restore_cb(skb);
3b24d854 1806 refcounted = false;
1da177e4
LT		 1807 goto process;
1808 }
1da177e4 1809 }
275757e6 1810 /* to ACK */
a8eceea8 1811 fallthrough;
1da177e4
LT		 1812 case TCP_TW_ACK:
1813 tcp_v6_timewait_ack(sk, skb);
1814 break;
1815 case TCP_TW_RST:
271c3b9b
FW		 1816 tcp_v6_send_reset(sk, skb);
1817 inet_twsk_deschedule_put(inet_twsk(sk));
1818 goto discard_it;
4aa956d8
WY		 1819 case TCP_TW_SUCCESS:
1820 ;
1da177e4
LT		 1821 }
1822 goto discard_it;
1823}
1824
97ff7ffb 1825INDIRECT_CALLABLE_SCOPE void tcp_v6_early_demux(struct sk_buff *skb)
c7109986
ED		 1826{
1827 const struct ipv6hdr *hdr;
1828 const struct tcphdr *th;
1829 struct sock *sk;
1830
1831 if (skb->pkt_type != PACKET_HOST)
1832 return;
1833
1834 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1835 return;
1836
1837 hdr = ipv6_hdr(skb);
1838 th = tcp_hdr(skb);
1839
1840 if (th->doff < sizeof(struct tcphdr) / 4)
1841 return;
1842
870c3151 1843 /* Note : We use inet6_iif() here, not tcp_v6_iif() */
c7109986
ED		 1844 sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1845 &hdr->saddr, th->source,
1846 &hdr->daddr, ntohs(th->dest),
4297a0ef 1847 inet6_iif(skb), inet6_sdif(skb));
c7109986
ED		 1848 if (sk) {
1849 skb->sk = sk;
1850 skb->destructor = sock_edemux;
f7e4eb03 1851 if (sk_fullsock(sk)) {
8f905c0e 1852 struct dst_entry *dst = rcu_dereference(sk->sk_rx_dst);
f3f12135 1853
c7109986 1854 if (dst)
ef57c161 1855 dst = dst_check(dst, sk->sk_rx_dst_cookie);
c7109986 1856 if (dst &&
0c0a5ef8 1857 sk->sk_rx_dst_ifindex == skb->skb_iif)
c7109986
ED		 1858 skb_dst_set_noref(skb, dst);
1859 }
1860 }
1861}
1862
ccb7c410
DM		 1863static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1864 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
1865 .twsk_unique = tcp_twsk_unique,
4aa956d8 1866 .twsk_destructor = tcp_twsk_destructor,
ccb7c410
DM		 1867};
1868
dd2e0b86
ED		 1869INDIRECT_CALLABLE_SCOPE void tcp_v6_send_check(struct sock *sk, struct sk_buff *skb)
1870{
37354402 1871 __tcp_v6_send_check(skb, &sk->sk_v6_rcv_saddr, &sk->sk_v6_daddr);
dd2e0b86
ED		 1872}
1873
35b2c321 1874const struct inet_connection_sock_af_ops ipv6_specific = {
543d9cfe
ACM		 1875 .queue_xmit = inet6_csk_xmit,
1876 .send_check = tcp_v6_send_check,
1877 .rebuild_header = inet6_sk_rebuild_header,
5d299f3d 1878 .sk_rx_dst_set = inet6_sk_rx_dst_set,
543d9cfe
ACM		 1879 .conn_request = tcp_v6_conn_request,
1880 .syn_recv_sock = tcp_v6_syn_recv_sock,
543d9cfe 1881 .net_header_len = sizeof(struct ipv6hdr),
67469601 1882 .net_frag_header_len = sizeof(struct frag_hdr),
543d9cfe
ACM		 1883 .setsockopt = ipv6_setsockopt,
1884 .getsockopt = ipv6_getsockopt,
1885 .addr2sockaddr = inet6_csk_addr2sockaddr,
1886 .sockaddr_len = sizeof(struct sockaddr_in6),
4fab9071 1887 .mtu_reduced = tcp_v6_mtu_reduced,
1da177e4
LT		 1888};
1889
cfb6eeb4 1890#ifdef CONFIG_TCP_MD5SIG
b2e4b3de 1891static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
cfb6eeb4 1892 .md5_lookup = tcp_v6_md5_lookup,
49a72dfb 1893 .calc_md5_hash = tcp_v6_md5_hash_skb,
cfb6eeb4 1894 .md5_parse = tcp_v6_parse_md5_keys,
cfb6eeb4 1895};
a928630a 1896#endif
cfb6eeb4 1897
1da177e4
LT		 1898/*
1899 * TCP over IPv4 via INET6 API
1900 */
3b401a81 1901static const struct inet_connection_sock_af_ops ipv6_mapped = {
543d9cfe
ACM		 1902 .queue_xmit = ip_queue_xmit,
1903 .send_check = tcp_v4_send_check,
1904 .rebuild_header = inet_sk_rebuild_header,
63d02d15 1905 .sk_rx_dst_set = inet_sk_rx_dst_set,
543d9cfe
ACM		 1906 .conn_request = tcp_v6_conn_request,
1907 .syn_recv_sock = tcp_v6_syn_recv_sock,
543d9cfe
ACM		 1908 .net_header_len = sizeof(struct iphdr),
1909 .setsockopt = ipv6_setsockopt,
1910 .getsockopt = ipv6_getsockopt,
1911 .addr2sockaddr = inet6_csk_addr2sockaddr,
1912 .sockaddr_len = sizeof(struct sockaddr_in6),
4fab9071 1913 .mtu_reduced = tcp_v4_mtu_reduced,
1da177e4
LT		 1914};
1915
cfb6eeb4 1916#ifdef CONFIG_TCP_MD5SIG
b2e4b3de 1917static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
cfb6eeb4 1918 .md5_lookup = tcp_v4_md5_lookup,
49a72dfb 1919 .calc_md5_hash = tcp_v4_md5_hash_skb,
cfb6eeb4 1920 .md5_parse = tcp_v6_parse_md5_keys,
cfb6eeb4 1921};
a928630a 1922#endif
cfb6eeb4 1923
1da177e4
LT		 1924/* NOTE: A lot of things set to zero explicitly by call to
1925 * sk_alloc() so need not be done here.
1926 */
1927static int tcp_v6_init_sock(struct sock *sk)
1928{
6687e988 1929 struct inet_connection_sock *icsk = inet_csk(sk);
1da177e4 1930
900f65d3 1931 tcp_init_sock(sk);
1da177e4 1932
8292a17a 1933 icsk->icsk_af_ops = &ipv6_specific;
1da177e4 1934
cfb6eeb4 1935#ifdef CONFIG_TCP_MD5SIG
ac807fa8 1936 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
cfb6eeb4
YH		 1937#endif
1938
1da177e4
LT		 1939 return 0;
1940}
1941
7d06b2e0 1942static void tcp_v6_destroy_sock(struct sock *sk)
1da177e4 1943{
1da177e4 1944 tcp_v4_destroy_sock(sk);
7d06b2e0 1945 inet6_destroy_sock(sk);
1da177e4
LT		 1946}
1947
952a10be 1948#ifdef CONFIG_PROC_FS
1da177e4 1949/* Proc filesystem TCPv6 sock list dumping. */
1ab1457c 1950static void get_openreq6(struct seq_file *seq,
aa3a0c8c 1951 const struct request_sock *req, int i)
1da177e4 1952{
fa76ce73 1953 long ttd = req->rsk_timer.expires - jiffies;
634fb979
ED		 1954 const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
1955 const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
1da177e4
LT		 1956
1957 if (ttd < 0)
1958 ttd = 0;
1959
1da177e4
LT		 1960 seq_printf(seq,
1961 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
d14c5ab6 1962 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
1da177e4
LT		 1963 i,
1964 src->s6_addr32[0], src->s6_addr32[1],
1965 src->s6_addr32[2], src->s6_addr32[3],
b44084c2 1966 inet_rsk(req)->ir_num,
1da177e4
LT		 1967 dest->s6_addr32[0], dest->s6_addr32[1],
1968 dest->s6_addr32[2], dest->s6_addr32[3],
634fb979 1969 ntohs(inet_rsk(req)->ir_rmt_port),
1da177e4 1970 TCP_SYN_RECV,
4c99aa40 1971 0, 0, /* could print option size, but that is af dependent. */
1ab1457c
YH		 1972 1, /* timers active (only the expire timer) */
1973 jiffies_to_clock_t(ttd),
e6c022a4 1974 req->num_timeout,
aa3a0c8c
ED		 1975 from_kuid_munged(seq_user_ns(seq),
1976 sock_i_uid(req->rsk_listener)),
1ab1457c 1977 0, /* non standard timer */
1da177e4
LT		 1978 0, /* open_requests have no inode */
1979 0, req);
1980}
1981
1982static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1983{
b71d1d42 1984 const struct in6_addr *dest, *src;
1da177e4
LT		 1985 __u16 destp, srcp;
1986 int timer_active;
1987 unsigned long timer_expires;
cf533ea5
ED		 1988 const struct inet_sock *inet = inet_sk(sp);
1989 const struct tcp_sock *tp = tcp_sk(sp);
463c84b9 1990 const struct inet_connection_sock *icsk = inet_csk(sp);
0536fcc0 1991 const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq;
00fd38d9
ED		 1992 int rx_queue;
1993 int state;
1da177e4 1994
efe4208f
ED		 1995 dest = &sp->sk_v6_daddr;
1996 src = &sp->sk_v6_rcv_saddr;
c720c7e8
ED		 1997 destp = ntohs(inet->inet_dport);
1998 srcp = ntohs(inet->inet_sport);
463c84b9 1999
ce3cf4ec 2000 if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
57dde7f7 2001 icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT ||
ce3cf4ec 2002 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
1da177e4 2003 timer_active = 1;
463c84b9
ACM		 2004 timer_expires = icsk->icsk_timeout;
2005 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1da177e4 2006 timer_active = 4;
463c84b9 2007 timer_expires = icsk->icsk_timeout;
1da177e4
LT		 2008 } else if (timer_pending(&sp->sk_timer)) {
2009 timer_active = 2;
2010 timer_expires = sp->sk_timer.expires;
2011 } else {
2012 timer_active = 0;
2013 timer_expires = jiffies;
2014 }
2015
986ffdfd 2016 state = inet_sk_state_load(sp);
00fd38d9 2017 if (state == TCP_LISTEN)
288efe86 2018 rx_queue = READ_ONCE(sp->sk_ack_backlog);
00fd38d9
ED		 2019 else
2020 /* Because we don't lock the socket,
2021 * we might find a transient negative value.
2022 */
dba7d9b8 2023 rx_queue = max_t(int, READ_ONCE(tp->rcv_nxt) -
7db48e98 2024 READ_ONCE(tp->copied_seq), 0);
00fd38d9 2025
1da177e4
LT		 2026 seq_printf(seq,
2027 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
d14c5ab6 2028 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
1da177e4
LT		 2029 i,
2030 src->s6_addr32[0], src->s6_addr32[1],
2031 src->s6_addr32[2], src->s6_addr32[3], srcp,
2032 dest->s6_addr32[0], dest->s6_addr32[1],
2033 dest->s6_addr32[2], dest->s6_addr32[3], destp,
00fd38d9 2034 state,
0f317464 2035 READ_ONCE(tp->write_seq) - tp->snd_una,
00fd38d9 2036 rx_queue,
1da177e4 2037 timer_active,
a399a805 2038 jiffies_delta_to_clock_t(timer_expires - jiffies),
463c84b9 2039 icsk->icsk_retransmits,
a7cb5a49 2040 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
6687e988 2041 icsk->icsk_probes_out,
1da177e4 2042 sock_i_ino(sp),
41c6d650 2043 refcount_read(&sp->sk_refcnt), sp,
7be87351
SH		 2044 jiffies_to_clock_t(icsk->icsk_rto),
2045 jiffies_to_clock_t(icsk->icsk_ack.ato),
31954cd8 2046 (icsk->icsk_ack.quick << 1) | inet_csk_in_pingpong_mode(sp),
0b6a05c1 2047 tp->snd_cwnd,
00fd38d9 2048 state == TCP_LISTEN ?
0536fcc0 2049 fastopenq->max_qlen :
0a672f74 2050 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
1da177e4
LT		 2051 );
2052}
2053
1ab1457c 2054static void get_timewait6_sock(struct seq_file *seq,
8feaf0c0 2055 struct inet_timewait_sock *tw, int i)
1da177e4 2056{
789f558c 2057 long delta = tw->tw_timer.expires - jiffies;
b71d1d42 2058 const struct in6_addr *dest, *src;
1da177e4 2059 __u16 destp, srcp;
1da177e4 2060
efe4208f
ED		 2061 dest = &tw->tw_v6_daddr;
2062 src = &tw->tw_v6_rcv_saddr;
1da177e4
LT		 2063 destp = ntohs(tw->tw_dport);
2064 srcp = ntohs(tw->tw_sport);
2065
2066 seq_printf(seq,
2067 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
71338aa7 2068 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1da177e4
LT		 2069 i,
2070 src->s6_addr32[0], src->s6_addr32[1],
2071 src->s6_addr32[2], src->s6_addr32[3], srcp,
2072 dest->s6_addr32[0], dest->s6_addr32[1],
2073 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2074 tw->tw_substate, 0, 0,
a399a805 2075 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
41c6d650 2076 refcount_read(&tw->tw_refcnt), tw);
1da177e4
LT		 2077}
2078
1da177e4
LT		 2079static int tcp6_seq_show(struct seq_file *seq, void *v)
2080{
2081 struct tcp_iter_state *st;
05dbc7b5 2082 struct sock *sk = v;
1da177e4
LT		 2083
2084 if (v == SEQ_START_TOKEN) {
2085 seq_puts(seq,
2086 " sl "
2087 "local_address "
2088 "remote_address "
2089 "st tx_queue rx_queue tr tm->when retrnsmt"
2090 " uid timeout inode\n");
2091 goto out;
2092 }
2093 st = seq->private;
2094
079096f1
ED		 2095 if (sk->sk_state == TCP_TIME_WAIT)
2096 get_timewait6_sock(seq, v, st->num);
2097 else if (sk->sk_state == TCP_NEW_SYN_RECV)
aa3a0c8c 2098 get_openreq6(seq, v, st->num);
079096f1
ED		 2099 else
2100 get_tcp6_sock(seq, v, st->num);
1da177e4
LT		 2101out:
2102 return 0;
2103}
2104
37d849bb
CH		 2105static const struct seq_operations tcp6_seq_ops = {
2106 .show = tcp6_seq_show,
2107 .start = tcp_seq_start,
2108 .next = tcp_seq_next,
2109 .stop = tcp_seq_stop,
2110};
2111
1da177e4 2112static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1da177e4 2113 .family = AF_INET6,
1da177e4
LT		 2114};
2115
2c8c1e72 2116int __net_init tcp6_proc_init(struct net *net)
1da177e4 2117{
c3506372
CH		 2118 if (!proc_create_net_data("tcp6", 0444, net->proc_net, &tcp6_seq_ops,
2119 sizeof(struct tcp_iter_state), &tcp6_seq_afinfo))
37d849bb
CH		 2120 return -ENOMEM;
2121 return 0;
1da177e4
LT		 2122}
2123
6f8b13bc 2124void tcp6_proc_exit(struct net *net)
1da177e4 2125{
37d849bb 2126 remove_proc_entry("tcp6", net->proc_net);
1da177e4
LT		 2127}
2128#endif
2129
2130struct proto tcpv6_prot = {
2131 .name = "TCPv6",
2132 .owner = THIS_MODULE,
2133 .close = tcp_close,
d74bad4e 2134 .pre_connect = tcp_v6_pre_connect,
1da177e4
LT		 2135 .connect = tcp_v6_connect,
2136 .disconnect = tcp_disconnect,
463c84b9 2137 .accept = inet_csk_accept,
1da177e4
LT		 2138 .ioctl = tcp_ioctl,
2139 .init = tcp_v6_init_sock,
2140 .destroy = tcp_v6_destroy_sock,
2141 .shutdown = tcp_shutdown,
2142 .setsockopt = tcp_setsockopt,
2143 .getsockopt = tcp_getsockopt,
9cacf81f 2144 .bpf_bypass_getsockopt = tcp_bpf_bypass_getsockopt,
4b9d07a4 2145 .keepalive = tcp_set_keepalive,
1da177e4 2146 .recvmsg = tcp_recvmsg,
7ba42910
CG		 2147 .sendmsg = tcp_sendmsg,
2148 .sendpage = tcp_sendpage,
1da177e4 2149 .backlog_rcv = tcp_v6_do_rcv,
46d3ceab 2150 .release_cb = tcp_release_cb,
496611d7 2151 .hash = inet6_hash,
ab1e0a13
ACM		 2152 .unhash = inet_unhash,
2153 .get_port = inet_csk_get_port,
91a760b2 2154 .put_port = inet_put_port,
8a59f9d1
CW		 2155#ifdef CONFIG_BPF_SYSCALL
2156 .psock_update_sk_prot = tcp_bpf_update_proto,
2157#endif
1da177e4 2158 .enter_memory_pressure = tcp_enter_memory_pressure,
06044751 2159 .leave_memory_pressure = tcp_leave_memory_pressure,
c9bee3b7 2160 .stream_memory_free = tcp_stream_memory_free,
1da177e4
LT		 2161 .sockets_allocated = &tcp_sockets_allocated,
2162 .memory_allocated = &tcp_memory_allocated,
2163 .memory_pressure = &tcp_memory_pressure,
0a5578cf 2164 .orphan_count = &tcp_orphan_count,
a4fe34bf 2165 .sysctl_mem = sysctl_tcp_mem,
356d1833
ED		 2166 .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_tcp_wmem),
2167 .sysctl_rmem_offset = offsetof(struct net, ipv4.sysctl_tcp_rmem),
1da177e4
LT		 2168 .max_header = MAX_TCP_HEADER,
2169 .obj_size = sizeof(struct tcp6_sock),
5f0d5a3a 2170 .slab_flags = SLAB_TYPESAFE_BY_RCU,
6d6ee43e 2171 .twsk_prot = &tcp6_timewait_sock_ops,
60236fdd 2172 .rsk_prot = &tcp6_request_sock_ops,
39d8cda7 2173 .h.hashinfo = &tcp_hashinfo,
7ba42910 2174 .no_autobind = true,
c1e64e29 2175 .diag_destroy = tcp_abort,
1da177e4 2176};
6abde0b2 2177EXPORT_SYMBOL_GPL(tcpv6_prot);
1da177e4 2178
a8e3bb34
DA		 2179/* thinking of making this const? Don't.
2180 * early_demux can change based on sysctl.
2181 */
39294c3d 2182static struct inet6_protocol tcpv6_protocol = {
c7109986 2183 .early_demux = tcp_v6_early_demux,
dddb64bc 2184 .early_demux_handler = tcp_v6_early_demux,
1da177e4
LT		 2185 .handler = tcp_v6_rcv,
2186 .err_handler = tcp_v6_err,
2187 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2188};
2189
1da177e4
LT		 2190static struct inet_protosw tcpv6_protosw = {
2191 .type = SOCK_STREAM,
2192 .protocol = IPPROTO_TCP,
2193 .prot = &tcpv6_prot,
2194 .ops = &inet6_stream_ops,
d83d8461
ACM		 2195 .flags = INET_PROTOSW_PERMANENT |
2196 INET_PROTOSW_ICSK,
1da177e4
LT		 2197};
2198
2c8c1e72 2199static int __net_init tcpv6_net_init(struct net *net)
93ec926b 2200{
5677242f
DL		 2201 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2202 SOCK_RAW, IPPROTO_TCP, net);
93ec926b
DL		 2203}
2204
2c8c1e72 2205static void __net_exit tcpv6_net_exit(struct net *net)
93ec926b 2206{
5677242f 2207 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
b099ce26
EB		 2208}
2209
93ec926b 2210static struct pernet_operations tcpv6_net_ops = {
b099ce26
EB		 2211 .init = tcpv6_net_init,
2212 .exit = tcpv6_net_exit,
93ec926b
DL		 2213};
2214
7f4e4868 2215int __init tcpv6_init(void)
1da177e4 2216{
7f4e4868
DL		 2217 int ret;
2218
3336288a
VY		 2219 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2220 if (ret)
c6b641a4 2221 goto out;
3336288a 2222
1da177e4 2223 /* register inet6 protocol */
7f4e4868
DL		 2224 ret = inet6_register_protosw(&tcpv6_protosw);
2225 if (ret)
2226 goto out_tcpv6_protocol;
2227
93ec926b 2228 ret = register_pernet_subsys(&tcpv6_net_ops);
7f4e4868
DL		 2229 if (ret)
2230 goto out_tcpv6_protosw;
f870fa0b
MM		 2231
2232 ret = mptcpv6_init();
2233 if (ret)
2234 goto out_tcpv6_pernet_subsys;
2235
7f4e4868
DL		 2236out:
2237 return ret;
ae0f7d5f 2238
f870fa0b
MM		 2239out_tcpv6_pernet_subsys:
2240 unregister_pernet_subsys(&tcpv6_net_ops);
7f4e4868
DL		 2241out_tcpv6_protosw:
2242 inet6_unregister_protosw(&tcpv6_protosw);
3336288a
VY		 2243out_tcpv6_protocol:
2244 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
7f4e4868
DL		 2245 goto out;
2246}
2247
09f7709f 2248void tcpv6_exit(void)
7f4e4868 2249{
93ec926b 2250 unregister_pernet_subsys(&tcpv6_net_ops);
7f4e4868
DL		 2251 inet6_unregister_protosw(&tcpv6_protosw);
2252 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
1da177e4 2253}
Linux 6.x block layer and io_uring tree(s)