projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ASoC: Merge up v6.6-rc7
[linux-block.git] / net / ipv6 / tcp_ipv6.c
CommitLineData
2874c5fd 1// SPDX-License-Identifier: GPL-2.0-or-later
1da177e4
LT		 2/*
3 * TCP over IPv6
1ab1457c 4 * Linux INET6 implementation
1da177e4
LT		 5 *
6 * Authors:
1ab1457c 7 * Pedro Roque <roque@di.fc.ul.pt>
1da177e4 8 *
1ab1457c 9 * Based on:
1da177e4
LT		 10 * linux/net/ipv4/tcp.c
11 * linux/net/ipv4/tcp_input.c
12 * linux/net/ipv4/tcp_output.c
13 *
14 * Fixes:
15 * Hideaki YOSHIFUJI : sin6_scope_id support
16 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
17 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
18 * a single port at the same time.
19 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
1da177e4
LT		 20 */
21
eb4dea58 22#include <linux/bottom_half.h>
1da177e4 23#include <linux/module.h>
1da177e4
LT		 24#include <linux/errno.h>
25#include <linux/types.h>
26#include <linux/socket.h>
27#include <linux/sockios.h>
28#include <linux/net.h>
29#include <linux/jiffies.h>
30#include <linux/in.h>
31#include <linux/in6.h>
32#include <linux/netdevice.h>
33#include <linux/init.h>
34#include <linux/jhash.h>
35#include <linux/ipsec.h>
36#include <linux/times.h>
5a0e3ad6 37#include <linux/slab.h>
4aa956d8 38#include <linux/uaccess.h>
1da177e4
LT		 39#include <linux/ipv6.h>
40#include <linux/icmpv6.h>
41#include <linux/random.h>
0e219ae4 42#include <linux/indirect_call_wrapper.h>
1da177e4
LT		 43
44#include <net/tcp.h>
45#include <net/ndisc.h>
5324a040 46#include <net/inet6_hashtables.h>
8129765a 47#include <net/inet6_connection_sock.h>
1da177e4
LT		 48#include <net/ipv6.h>
49#include <net/transp_v6.h>
50#include <net/addrconf.h>
51#include <net/ip6_route.h>
52#include <net/ip6_checksum.h>
53#include <net/inet_ecn.h>
54#include <net/protocol.h>
55#include <net/xfrm.h>
1da177e4
LT		 56#include <net/snmp.h>
57#include <net/dsfield.h>
6d6ee43e 58#include <net/timewait_sock.h>
3d58b5fa 59#include <net/inet_common.h>
6e5714ea 60#include <net/secure_seq.h>
076bb0c8 61#include <net/busy_poll.h>
1da177e4 62
1da177e4
LT		 63#include <linux/proc_fs.h>
64#include <linux/seq_file.h>
65
cf80e0e4 66#include <crypto/hash.h>
cfb6eeb4
YH		 67#include <linux/scatterlist.h>
68
c24b14c4
SL		 69#include <trace/events/tcp.h>
70
a00e7444
ED		 71static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb);
72static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
6edafaaf 73 struct request_sock *req);
1da177e4 74
d2489c7b 75INDIRECT_CALLABLE_SCOPE int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
1da177e4 76
3b401a81 77static const struct inet_connection_sock_af_ops ipv6_mapped;
35b2c321 78const struct inet_connection_sock_af_ops ipv6_specific;
a928630a 79#ifdef CONFIG_TCP_MD5SIG
b2e4b3de
SH		 80static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
81static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
9501f972 82#else
51723935 83static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
dea53bb8
DA		 84 const struct in6_addr *addr,
85 int l3index)
9501f972
YH		 86{
87 return NULL;
88}
a928630a 89#endif
1da177e4 90
93a77c11
ED		 91/* Helper returning the inet6 address from a given tcp socket.
92 * It can be used in TCP stack instead of inet6_sk(sk).
93 * This avoids a dereference and allow compiler optimizations.
f5d54767 94 * It is a specialized version of inet6_sk_generic().
93a77c11 95 */
fe79bd65
PB		 96#define tcp_inet6_sk(sk) (&container_of_const(tcp_sk(sk), \
97 struct tcp6_sock, tcp)->inet6)
93a77c11 98
fae6ef87
NC		 99static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
100{
101 struct dst_entry *dst = skb_dst(skb);
fae6ef87 102
5037e9ef 103 if (dst && dst_hold_safe(dst)) {
ca777eff
ED		 104 const struct rt6_info *rt = (const struct rt6_info *)dst;
105
8f905c0e 106 rcu_assign_pointer(sk->sk_rx_dst, dst);
0c0a5ef8 107 sk->sk_rx_dst_ifindex = skb->skb_iif;
ef57c161 108 sk->sk_rx_dst_cookie = rt6_get_cookie(rt);
ca777eff 109 }
fae6ef87
NC		 110}
111
84b114b9 112static u32 tcp_v6_init_seq(const struct sk_buff *skb)
1da177e4 113{
84b114b9
ED		 114 return secure_tcpv6_seq(ipv6_hdr(skb)->daddr.s6_addr32,
115 ipv6_hdr(skb)->saddr.s6_addr32,
116 tcp_hdr(skb)->dest,
117 tcp_hdr(skb)->source);
118}
119
5d2ed052 120static u32 tcp_v6_init_ts_off(const struct net *net, const struct sk_buff *skb)
84b114b9 121{
5d2ed052 122 return secure_tcpv6_ts_off(net, ipv6_hdr(skb)->daddr.s6_addr32,
84b114b9 123 ipv6_hdr(skb)->saddr.s6_addr32);
1da177e4
LT		 124}
125
d74bad4e
AI		 126static int tcp_v6_pre_connect(struct sock *sk, struct sockaddr *uaddr,
127 int addr_len)
128{
129 /* This check is replicated from tcp_v6_connect() and intended to
130 * prevent BPF program called below from accessing bytes that are out
131 * of the bound specified by user in addr_len.
132 */
133 if (addr_len < SIN6_LEN_RFC2133)
134 return -EINVAL;
135
136 sock_owned_by_me(sk);
137
138 return BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr);
139}
140
1ab1457c 141static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
1da177e4
LT		 142 int addr_len)
143{
144 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
d83d8461 145 struct inet_connection_sock *icsk = inet_csk(sk);
08eaef90 146 struct in6_addr *saddr = NULL, *final_p, final;
fbb82952 147 struct inet_timewait_death_row *tcp_death_row;
93a77c11 148 struct ipv6_pinfo *np = tcp_inet6_sk(sk);
08eaef90 149 struct inet_sock *inet = inet_sk(sk);
1da177e4 150 struct tcp_sock *tp = tcp_sk(sk);
08eaef90 151 struct net *net = sock_net(sk);
45f6fad8 152 struct ipv6_txoptions *opt;
1da177e4 153 struct dst_entry *dst;
08eaef90 154 struct flowi6 fl6;
1da177e4
LT		 155 int addr_type;
156 int err;
157
1ab1457c 158 if (addr_len < SIN6_LEN_RFC2133)
1da177e4
LT		 159 return -EINVAL;
160
1ab1457c 161 if (usin->sin6_family != AF_INET6)
a02cec21 162 return -EAFNOSUPPORT;
1da177e4 163
4c9483b2 164 memset(&fl6, 0, sizeof(fl6));
1da177e4
LT		 165
166 if (np->sndflow) {
4c9483b2
DM		 167 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
168 IP6_ECN_flow_init(fl6.flowlabel);
169 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
1da177e4 170 struct ip6_flowlabel *flowlabel;
4c9483b2 171 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
59c820b2 172 if (IS_ERR(flowlabel))
1da177e4 173 return -EINVAL;
1da177e4
LT		 174 fl6_sock_release(flowlabel);
175 }
176 }
177
178 /*
1ab1457c
YH		 179 * connect() to INADDR_ANY means loopback (BSD'ism).
180 */
181
052d2369
JL		 182 if (ipv6_addr_any(&usin->sin6_addr)) {
183 if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr))
184 ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK),
185 &usin->sin6_addr);
186 else
187 usin->sin6_addr = in6addr_loopback;
188 }
1da177e4
LT		 189
190 addr_type = ipv6_addr_type(&usin->sin6_addr);
191
4c99aa40 192 if (addr_type & IPV6_ADDR_MULTICAST)
1da177e4
LT		 193 return -ENETUNREACH;
194
195 if (addr_type&IPV6_ADDR_LINKLOCAL) {
196 if (addr_len >= sizeof(struct sockaddr_in6) &&
197 usin->sin6_scope_id) {
198 /* If interface is set while binding, indices
199 * must coincide.
200 */
54dc3e33 201 if (!sk_dev_equal_l3scope(sk, usin->sin6_scope_id))
1da177e4
LT		 202 return -EINVAL;
203
204 sk->sk_bound_dev_if = usin->sin6_scope_id;
205 }
206
207 /* Connect to link-local address requires an interface */
208 if (!sk->sk_bound_dev_if)
209 return -EINVAL;
210 }
211
212 if (tp->rx_opt.ts_recent_stamp &&
efe4208f 213 !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
1da177e4
LT		 214 tp->rx_opt.ts_recent = 0;
215 tp->rx_opt.ts_recent_stamp = 0;
0f317464 216 WRITE_ONCE(tp->write_seq, 0);
1da177e4
LT		 217 }
218
efe4208f 219 sk->sk_v6_daddr = usin->sin6_addr;
4c9483b2 220 np->flow_label = fl6.flowlabel;
1da177e4
LT		 221
222 /*
223 * TCP over IPv4
224 */
225
052d2369 226 if (addr_type & IPV6_ADDR_MAPPED) {
d83d8461 227 u32 exthdrlen = icsk->icsk_ext_hdr_len;
1da177e4
LT		 228 struct sockaddr_in sin;
229
89e9c728 230 if (ipv6_only_sock(sk))
1da177e4
LT		 231 return -ENETUNREACH;
232
233 sin.sin_family = AF_INET;
234 sin.sin_port = usin->sin6_port;
235 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
236
f49cd2f4
KI		 237 /* Paired with READ_ONCE() in tcp_(get|set)sockopt() */
238 WRITE_ONCE(icsk->icsk_af_ops, &ipv6_mapped);
cec37a6e 239 if (sk_is_mptcp(sk))
31484d56 240 mptcpv6_handle_mapped(sk, true);
1da177e4 241 sk->sk_backlog_rcv = tcp_v4_do_rcv;
cfb6eeb4
YH		 242#ifdef CONFIG_TCP_MD5SIG
243 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
244#endif
1da177e4
LT		 245
246 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
247
248 if (err) {
d83d8461 249 icsk->icsk_ext_hdr_len = exthdrlen;
f49cd2f4
KI		 250 /* Paired with READ_ONCE() in tcp_(get|set)sockopt() */
251 WRITE_ONCE(icsk->icsk_af_ops, &ipv6_specific);
cec37a6e 252 if (sk_is_mptcp(sk))
31484d56 253 mptcpv6_handle_mapped(sk, false);
1da177e4 254 sk->sk_backlog_rcv = tcp_v6_do_rcv;
cfb6eeb4
YH		 255#ifdef CONFIG_TCP_MD5SIG
256 tp->af_specific = &tcp_sock_ipv6_specific;
257#endif
1da177e4 258 goto failure;
1da177e4 259 }
d1e559d0 260 np->saddr = sk->sk_v6_rcv_saddr;
1da177e4
LT		 261
262 return err;
263 }
264
efe4208f
ED		 265 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
266 saddr = &sk->sk_v6_rcv_saddr;
1da177e4 267
4c9483b2 268 fl6.flowi6_proto = IPPROTO_TCP;
efe4208f 269 fl6.daddr = sk->sk_v6_daddr;
4e3fd7a0 270 fl6.saddr = saddr ? *saddr : np->saddr;
8230680f 271 fl6.flowlabel = ip6_make_flowinfo(np->tclass, np->flow_label);
4c9483b2
DM		 272 fl6.flowi6_oif = sk->sk_bound_dev_if;
273 fl6.flowi6_mark = sk->sk_mark;
1958b856
DM		 274 fl6.fl6_dport = usin->sin6_port;
275 fl6.fl6_sport = inet->inet_sport;
e2d118a1 276 fl6.flowi6_uid = sk->sk_uid;
1da177e4 277
1e1d04e6 278 opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
45f6fad8 279 final_p = fl6_update_dst(&fl6, opt, &final);
1da177e4 280
3df98d79 281 security_sk_classify_flow(sk, flowi6_to_flowi_common(&fl6));
beb8d13b 282
08eaef90 283 dst = ip6_dst_lookup_flow(net, sk, &fl6, final_p);
68d0c6d3
DM		 284 if (IS_ERR(dst)) {
285 err = PTR_ERR(dst);
1da177e4 286 goto failure;
14e50e57 287 }
1da177e4 288
4461568a
KI		 289 tcp_death_row = &sock_net(sk)->ipv4.tcp_death_row;
290
63159f29 291 if (!saddr) {
4c9483b2 292 saddr = &fl6.saddr;
8c5dae4c
KI		 293
294 err = inet_bhash2_update_saddr(sk, saddr, AF_INET6);
295 if (err)
296 goto failure;
1da177e4
LT		 297 }
298
299 /* set the source address */
4e3fd7a0 300 np->saddr = *saddr;
c720c7e8 301 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
1da177e4 302
f83ef8c0 303 sk->sk_gso_type = SKB_GSO_TCPV6;
6bd4f355 304 ip6_dst_store(sk, dst, NULL, NULL);
1da177e4 305
d83d8461 306 icsk->icsk_ext_hdr_len = 0;
45f6fad8
ED		 307 if (opt)
308 icsk->icsk_ext_hdr_len = opt->opt_flen +
309 opt->opt_nflen;
1da177e4
LT		 310
311 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
312
c720c7e8 313 inet->inet_dport = usin->sin6_port;
1da177e4
LT		 314
315 tcp_set_state(sk, TCP_SYN_SENT);
1946e672 316 err = inet6_hash_connect(tcp_death_row, sk);
1da177e4
LT		 317 if (err)
318 goto late_failure;
319
877d1f62 320 sk_set_txhash(sk);
9e7ceb06 321
00355fa5 322 if (likely(!tp->repair)) {
00355fa5 323 if (!tp->write_seq)
0f317464
ED		 324 WRITE_ONCE(tp->write_seq,
325 secure_tcpv6_seq(np->saddr.s6_addr32,
326 sk->sk_v6_daddr.s6_addr32,
327 inet->inet_sport,
328 inet->inet_dport));
08eaef90 329 tp->tsoffset = secure_tcpv6_ts_off(net, np->saddr.s6_addr32,
84b114b9 330 sk->sk_v6_daddr.s6_addr32);
00355fa5 331 }
1da177e4 332
19f6d3f3
WW		 333 if (tcp_fastopen_defer_connect(sk, &err))
334 return err;
335 if (err)
336 goto late_failure;
337
1da177e4
LT		 338 err = tcp_connect(sk);
339 if (err)
340 goto late_failure;
341
342 return 0;
343
344late_failure:
345 tcp_set_state(sk, TCP_CLOSE);
e0833d1f 346 inet_bhash2_reset_saddr(sk);
1da177e4 347failure:
c720c7e8 348 inet->inet_dport = 0;
1da177e4
LT		 349 sk->sk_route_caps = 0;
350 return err;
351}
352
563d34d0
ED		 353static void tcp_v6_mtu_reduced(struct sock *sk)
354{
355 struct dst_entry *dst;
c7bb4b89 356 u32 mtu;
563d34d0
ED		 357
358 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
359 return;
360
c7bb4b89
ED		 361 mtu = READ_ONCE(tcp_sk(sk)->mtu_info);
362
363 /* Drop requests trying to increase our current mss.
364 * Check done in __ip6_rt_update_pmtu() is too late.
365 */
366 if (tcp_mtu_to_mss(sk, mtu) >= tcp_sk(sk)->mss_cache)
367 return;
368
369 dst = inet6_csk_update_pmtu(sk, mtu);
563d34d0
ED		 370 if (!dst)
371 return;
372
373 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
374 tcp_sync_mss(sk, dst_mtu(dst));
375 tcp_simple_retransmit(sk);
376 }
377}
378
32bbd879 379static int tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
d5fdd6ba 380 u8 type, u8 code, int offset, __be32 info)
1da177e4 381{
4c99aa40 382 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
505cbfc5 383 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
2215089b
ED		 384 struct net *net = dev_net(skb->dev);
385 struct request_sock *fastopen;
1da177e4 386 struct ipv6_pinfo *np;
1ab1457c 387 struct tcp_sock *tp;
0a672f74 388 __u32 seq, snd_una;
2215089b 389 struct sock *sk;
9cf74903 390 bool fatal;
2215089b 391 int err;
1da177e4 392
4461568a 393 sk = __inet6_lookup_established(net, net->ipv4.tcp_death_row.hashinfo,
2215089b
ED		 394 &hdr->daddr, th->dest,
395 &hdr->saddr, ntohs(th->source),
4297a0ef 396 skb->dev->ifindex, inet6_sdif(skb));
1da177e4 397
2215089b 398 if (!sk) {
a16292a0
ED		 399 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev),
400 ICMP6_MIB_INERRORS);
32bbd879 401 return -ENOENT;
1da177e4
LT		 402 }
403
404 if (sk->sk_state == TCP_TIME_WAIT) {
9469c7b4 405 inet_twsk_put(inet_twsk(sk));
32bbd879 406 return 0;
1da177e4 407 }
2215089b 408 seq = ntohl(th->seq);
9cf74903 409 fatal = icmpv6_err_convert(type, code, &err);
32bbd879
SB		 410 if (sk->sk_state == TCP_NEW_SYN_RECV) {
411 tcp_req_err(sk, seq, fatal);
412 return 0;
413 }
1da177e4
LT		 414
415 bh_lock_sock(sk);
563d34d0 416 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
02a1d6e7 417 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS);
1da177e4
LT		 418
419 if (sk->sk_state == TCP_CLOSE)
420 goto out;
421
790eb673
ED		 422 if (static_branch_unlikely(&ip6_min_hopcount)) {
423 /* min_hopcount can be changed concurrently from do_ipv6_setsockopt() */
424 if (ipv6_hdr(skb)->hop_limit < READ_ONCE(tcp_inet6_sk(sk)->min_hopcount)) {
425 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
426 goto out;
427 }
e802af9c
SH		 428 }
429
1da177e4 430 tp = tcp_sk(sk);
0a672f74 431 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
d983ea6f 432 fastopen = rcu_dereference(tp->fastopen_rsk);
0a672f74 433 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
1da177e4 434 if (sk->sk_state != TCP_LISTEN &&
0a672f74 435 !between(seq, snd_una, tp->snd_nxt)) {
02a1d6e7 436 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
1da177e4
LT		 437 goto out;
438 }
439
93a77c11 440 np = tcp_inet6_sk(sk);
1da177e4 441
ec18d9a2 442 if (type == NDISC_REDIRECT) {
45caeaa5
JM		 443 if (!sock_owned_by_user(sk)) {
444 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
ec18d9a2 445
45caeaa5
JM		 446 if (dst)
447 dst->ops->redirect(dst, sk, skb);
448 }
50a75a89 449 goto out;
ec18d9a2
DM		 450 }
451
1da177e4 452 if (type == ICMPV6_PKT_TOOBIG) {
c7bb4b89
ED		 453 u32 mtu = ntohl(info);
454
0d4f0608
ED		 455 /* We are not interested in TCP_LISTEN and open_requests
456 * (SYN-ACKs send out by Linux are always <576bytes so
457 * they should go through unfragmented).
458 */
459 if (sk->sk_state == TCP_LISTEN)
460 goto out;
461
93b36cf3
HFS		 462 if (!ip6_sk_accept_pmtu(sk))
463 goto out;
464
c7bb4b89
ED		 465 if (mtu < IPV6_MIN_MTU)
466 goto out;
467
468 WRITE_ONCE(tp->mtu_info, mtu);
469
563d34d0
ED		 470 if (!sock_owned_by_user(sk))
471 tcp_v6_mtu_reduced(sk);
d013ef2a 472 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
7aa5470c 473 &sk->sk_tsq_flags))
d013ef2a 474 sock_hold(sk);
1da177e4
LT		 475 goto out;
476 }
477
1da177e4 478
60236fdd 479 /* Might be for an request_sock */
1da177e4 480 switch (sk->sk_state) {
1da177e4 481 case TCP_SYN_SENT:
0a672f74
YC		 482 case TCP_SYN_RECV:
483 /* Only in fast or simultaneous open. If a fast open socket is
634a63e7 484 * already accepted it is treated as a connected one below.
0a672f74 485 */
63159f29 486 if (fastopen && !fastopen->sk)
0a672f74
YC		 487 break;
488
45af29ca
ED		 489 ipv6_icmp_error(sk, skb, err, th->dest, ntohl(info), (u8 *)th);
490
1da177e4 491 if (!sock_owned_by_user(sk)) {
e13ec3da 492 WRITE_ONCE(sk->sk_err, err);
e3ae2365 493 sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
1da177e4
LT		 494
495 tcp_done(sk);
cee1af82
ED		 496 } else {
497 WRITE_ONCE(sk->sk_err_soft, err);
498 }
1da177e4 499 goto out;
d2924569
ED		 500 case TCP_LISTEN:
501 break;
502 default:
503 /* check if this ICMP message allows revert of backoff.
504 * (see RFC 6069)
505 */
506 if (!fastopen && type == ICMPV6_DEST_UNREACH &&
507 code == ICMPV6_NOROUTE)
508 tcp_ld_RTO_revert(sk, seq);
1da177e4
LT		 509 }
510
511 if (!sock_owned_by_user(sk) && np->recverr) {
e13ec3da 512 WRITE_ONCE(sk->sk_err, err);
e3ae2365 513 sk_error_report(sk);
cee1af82
ED		 514 } else {
515 WRITE_ONCE(sk->sk_err_soft, err);
516 }
1da177e4
LT		 517out:
518 bh_unlock_sock(sk);
519 sock_put(sk);
32bbd879 520 return 0;
1da177e4
LT		 521}
522
523
0f935dbe 524static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst,
d6274bd8 525 struct flowi *fl,
3840a06e 526 struct request_sock *req,
ca6fb065 527 struct tcp_fastopen_cookie *foc,
331fca43
MKL		 528 enum tcp_synack_type synack_type,
529 struct sk_buff *syn_skb)
1da177e4 530{
634fb979 531 struct inet_request_sock *ireq = inet_rsk(req);
fe79bd65 532 const struct ipv6_pinfo *np = tcp_inet6_sk(sk);
56ac42bc 533 struct ipv6_txoptions *opt;
d6274bd8 534 struct flowi6 *fl6 = &fl->u.ip6;
4c99aa40 535 struct sk_buff *skb;
9494218f 536 int err = -ENOMEM;
ac8f1710 537 u8 tclass;
1da177e4 538
9f10d3f6 539 /* First, grab a route. */
f76b33c3
ED		 540 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req,
541 IPPROTO_TCP)) == NULL)
fd80eb94 542 goto done;
9494218f 543
331fca43 544 skb = tcp_make_synack(sk, dst, req, foc, synack_type, syn_skb);
9494218f 545
1da177e4 546 if (skb) {
634fb979
ED		 547 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
548 &ireq->ir_v6_rmt_addr);
1da177e4 549
634fb979 550 fl6->daddr = ireq->ir_v6_rmt_addr;
53b24b8f 551 if (np->repflow && ireq->pktopts)
df3687ff
FF		 552 fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
553
870e3a63 554 tclass = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_reflect_tos) ?
8ef44b6f
WW		 555 (tcp_rsk(req)->syn_tos & ~INET_ECN_MASK) |
556 (np->tclass & INET_ECN_MASK) :
861602b5 557 np->tclass;
407c85c7
AD		 558
559 if (!INET_ECN_is_capable(tclass) &&
560 tcp_bpf_ca_needs_ecn((struct sock *)req))
561 tclass |= INET_ECN_ECT_0;
562
563 rcu_read_lock();
564 opt = ireq->ipv6_opt;
56ac42bc
HD		 565 if (!opt)
566 opt = rcu_dereference(np->opt);
3c5b4d69
ED		 567 err = ip6_xmit(sk, skb, fl6, skb->mark ? : READ_ONCE(sk->sk_mark),
568 opt, tclass, sk->sk_priority);
3e4006f0 569 rcu_read_unlock();
b9df3cb8 570 err = net_xmit_eval(err);
1da177e4
LT		 571 }
572
573done:
1da177e4
LT		 574 return err;
575}
576
72659ecc 577
60236fdd 578static void tcp_v6_reqsk_destructor(struct request_sock *req)
1da177e4 579{
56ac42bc 580 kfree(inet_rsk(req)->ipv6_opt);
12c8691d 581 consume_skb(inet_rsk(req)->pktopts);
1da177e4
LT		 582}
583
cfb6eeb4 584#ifdef CONFIG_TCP_MD5SIG
b83e3deb 585static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
dea53bb8
DA		 586 const struct in6_addr *addr,
587 int l3index)
cfb6eeb4 588{
dea53bb8
DA		 589 return tcp_md5_do_lookup(sk, l3index,
590 (union tcp_md5_addr *)addr, AF_INET6);
cfb6eeb4
YH		 591}
592
b83e3deb 593static struct tcp_md5sig_key *tcp_v6_md5_lookup(const struct sock *sk,
fd3a154a 594 const struct sock *addr_sk)
cfb6eeb4 595{
dea53bb8
DA		 596 int l3index;
597
598 l3index = l3mdev_master_ifindex_by_index(sock_net(sk),
599 addr_sk->sk_bound_dev_if);
600 return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr,
601 l3index);
cfb6eeb4
YH		 602}
603
8917a777 604static int tcp_v6_parse_md5_keys(struct sock *sk, int optname,
d4c19c49 605 sockptr_t optval, int optlen)
cfb6eeb4
YH		 606{
607 struct tcp_md5sig cmd;
608 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
dea53bb8 609 int l3index = 0;
8917a777 610 u8 prefixlen;
a76c2315 611 u8 flags;
cfb6eeb4
YH		 612
613 if (optlen < sizeof(cmd))
614 return -EINVAL;
615
d4c19c49 616 if (copy_from_sockptr(&cmd, optval, sizeof(cmd)))
cfb6eeb4
YH		 617 return -EFAULT;
618
619 if (sin6->sin6_family != AF_INET6)
620 return -EINVAL;
621
a76c2315
LC		 622 flags = cmd.tcpm_flags & TCP_MD5SIG_FLAG_IFINDEX;
623
8917a777
ID		 624 if (optname == TCP_MD5SIG_EXT &&
625 cmd.tcpm_flags & TCP_MD5SIG_FLAG_PREFIX) {
626 prefixlen = cmd.tcpm_prefixlen;
627 if (prefixlen > 128 || (ipv6_addr_v4mapped(&sin6->sin6_addr) &&
628 prefixlen > 32))
629 return -EINVAL;
630 } else {
631 prefixlen = ipv6_addr_v4mapped(&sin6->sin6_addr) ? 32 : 128;
632 }
633
a76c2315 634 if (optname == TCP_MD5SIG_EXT && cmd.tcpm_ifindex &&
6b102db5
DA		 635 cmd.tcpm_flags & TCP_MD5SIG_FLAG_IFINDEX) {
636 struct net_device *dev;
637
638 rcu_read_lock();
639 dev = dev_get_by_index_rcu(sock_net(sk), cmd.tcpm_ifindex);
640 if (dev && netif_is_l3_master(dev))
641 l3index = dev->ifindex;
642 rcu_read_unlock();
643
644 /* ok to reference set/not set outside of rcu;
645 * right now device MUST be an L3 master
646 */
647 if (!dev || !l3index)
648 return -EINVAL;
649 }
650
cfb6eeb4 651 if (!cmd.tcpm_keylen) {
e773e4fa 652 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
a915da9b 653 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
6b102db5 654 AF_INET, prefixlen,
a76c2315 655 l3index, flags);
a915da9b 656 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
a76c2315 657 AF_INET6, prefixlen, l3index, flags);
cfb6eeb4
YH		 658 }
659
660 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
661 return -EINVAL;
662
a915da9b
ED		 663 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
664 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
a76c2315 665 AF_INET, prefixlen, l3index, flags,
459837b5 666 cmd.tcpm_key, cmd.tcpm_keylen);
cfb6eeb4 667
a915da9b 668 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
a76c2315 669 AF_INET6, prefixlen, l3index, flags,
459837b5 670 cmd.tcpm_key, cmd.tcpm_keylen);
cfb6eeb4
YH		 671}
672
19689e38
ED		 673static int tcp_v6_md5_hash_headers(struct tcp_md5sig_pool *hp,
674 const struct in6_addr *daddr,
675 const struct in6_addr *saddr,
676 const struct tcphdr *th, int nbytes)
cfb6eeb4 677{
cfb6eeb4 678 struct tcp6_pseudohdr *bp;
49a72dfb 679 struct scatterlist sg;
19689e38 680 struct tcphdr *_th;
8d26d76d 681
19689e38 682 bp = hp->scratch;
cfb6eeb4 683 /* 1. TCP pseudo-header (RFC2460) */
4e3fd7a0
AD		 684 bp->saddr = *saddr;
685 bp->daddr = *daddr;
49a72dfb 686 bp->protocol = cpu_to_be32(IPPROTO_TCP);
00b1304c 687 bp->len = cpu_to_be32(nbytes);
cfb6eeb4 688
19689e38
ED		 689 _th = (struct tcphdr *)(bp + 1);
690 memcpy(_th, th, sizeof(*th));
691 _th->check = 0;
692
693 sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th));
694 ahash_request_set_crypt(hp->md5_req, &sg, NULL,
695 sizeof(*bp) + sizeof(*th));
cf80e0e4 696 return crypto_ahash_update(hp->md5_req);
49a72dfb 697}
c7da57a1 698
19689e38 699static int tcp_v6_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
b71d1d42 700 const struct in6_addr *daddr, struct in6_addr *saddr,
318cf7aa 701 const struct tcphdr *th)
49a72dfb
AL		 702{
703 struct tcp_md5sig_pool *hp;
cf80e0e4 704 struct ahash_request *req;
49a72dfb
AL		 705
706 hp = tcp_get_md5sig_pool();
707 if (!hp)
708 goto clear_hash_noput;
cf80e0e4 709 req = hp->md5_req;
49a72dfb 710
cf80e0e4 711 if (crypto_ahash_init(req))
49a72dfb 712 goto clear_hash;
19689e38 713 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, th->doff << 2))
49a72dfb
AL		 714 goto clear_hash;
715 if (tcp_md5_hash_key(hp, key))
716 goto clear_hash;
cf80e0e4
HX		 717 ahash_request_set_crypt(req, NULL, md5_hash, 0);
718 if (crypto_ahash_final(req))
cfb6eeb4 719 goto clear_hash;
cfb6eeb4 720
cfb6eeb4 721 tcp_put_md5sig_pool();
cfb6eeb4 722 return 0;
49a72dfb 723
cfb6eeb4
YH		 724clear_hash:
725 tcp_put_md5sig_pool();
726clear_hash_noput:
727 memset(md5_hash, 0, 16);
49a72dfb 728 return 1;
cfb6eeb4
YH		 729}
730
39f8e58e
ED		 731static int tcp_v6_md5_hash_skb(char *md5_hash,
732 const struct tcp_md5sig_key *key,
318cf7aa 733 const struct sock *sk,
318cf7aa 734 const struct sk_buff *skb)
cfb6eeb4 735{
b71d1d42 736 const struct in6_addr *saddr, *daddr;
49a72dfb 737 struct tcp_md5sig_pool *hp;
cf80e0e4 738 struct ahash_request *req;
318cf7aa 739 const struct tcphdr *th = tcp_hdr(skb);
cfb6eeb4 740
39f8e58e
ED		 741 if (sk) { /* valid for establish/request sockets */
742 saddr = &sk->sk_v6_rcv_saddr;
efe4208f 743 daddr = &sk->sk_v6_daddr;
49a72dfb 744 } else {
b71d1d42 745 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
49a72dfb
AL		 746 saddr = &ip6h->saddr;
747 daddr = &ip6h->daddr;
cfb6eeb4 748 }
49a72dfb
AL		 749
750 hp = tcp_get_md5sig_pool();
751 if (!hp)
752 goto clear_hash_noput;
cf80e0e4 753 req = hp->md5_req;
49a72dfb 754
cf80e0e4 755 if (crypto_ahash_init(req))
49a72dfb
AL		 756 goto clear_hash;
757
19689e38 758 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, skb->len))
49a72dfb
AL		 759 goto clear_hash;
760 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
761 goto clear_hash;
762 if (tcp_md5_hash_key(hp, key))
763 goto clear_hash;
cf80e0e4
HX		 764 ahash_request_set_crypt(req, NULL, md5_hash, 0);
765 if (crypto_ahash_final(req))
49a72dfb
AL		 766 goto clear_hash;
767
768 tcp_put_md5sig_pool();
769 return 0;
770
771clear_hash:
772 tcp_put_md5sig_pool();
773clear_hash_noput:
774 memset(md5_hash, 0, 16);
775 return 1;
cfb6eeb4
YH		 776}
777
ba8e275a
ED		 778#endif
779
b40cf18e
ED		 780static void tcp_v6_init_req(struct request_sock *req,
781 const struct sock *sk_listener,
16bea70a
OP		 782 struct sk_buff *skb)
783{
c2027d1e 784 bool l3_slave = ipv6_l3mdev_skb(TCP_SKB_CB(skb)->header.h6.flags);
16bea70a 785 struct inet_request_sock *ireq = inet_rsk(req);
93a77c11 786 const struct ipv6_pinfo *np = tcp_inet6_sk(sk_listener);
16bea70a
OP		 787
788 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
789 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
790
16bea70a 791 /* So that link locals have meaning */
c2027d1e 792 if ((!sk_listener->sk_bound_dev_if || l3_slave) &&
16bea70a 793 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
870c3151 794 ireq->ir_iif = tcp_v6_iif(skb);
16bea70a 795
04317daf 796 if (!TCP_SKB_CB(skb)->tcp_tw_isn &&
b40cf18e 797 (ipv6_opt_accepted(sk_listener, skb, &TCP_SKB_CB(skb)->header.h6) ||
a224772d 798 np->rxopt.bits.rxinfo ||
16bea70a
OP		 799 np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim ||
800 np->rxopt.bits.rxohlim || np->repflow)) {
63354797 801 refcount_inc(&skb->users);
16bea70a
OP		 802 ireq->pktopts = skb;
803 }
804}
805
f964629e 806static struct dst_entry *tcp_v6_route_req(const struct sock *sk,
7ea851d1 807 struct sk_buff *skb,
f964629e 808 struct flowi *fl,
7ea851d1 809 struct request_sock *req)
d94e0417 810{
7ea851d1
FW		 811 tcp_v6_init_req(req, sk, skb);
812
813 if (security_inet_conn_request(sk, skb, req))
814 return NULL;
815
f76b33c3 816 return inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP);
d94e0417
OP		 817}
818
c6aefafb 819struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
1da177e4 820 .family = AF_INET6,
2e6599cb 821 .obj_size = sizeof(struct tcp6_request_sock),
5db92c99 822 .rtx_syn_ack = tcp_rtx_synack,
60236fdd
ACM		 823 .send_ack = tcp_v6_reqsk_send_ack,
824 .destructor = tcp_v6_reqsk_destructor,
72659ecc 825 .send_reset = tcp_v6_send_reset,
4aa956d8 826 .syn_ack_timeout = tcp_syn_ack_timeout,
1da177e4
LT		 827};
828
35b2c321 829const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
2aec4a29
OP		 830 .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) -
831 sizeof(struct ipv6hdr),
16bea70a 832#ifdef CONFIG_TCP_MD5SIG
fd3a154a 833 .req_md5_lookup = tcp_v6_md5_lookup,
e3afe7b7 834 .calc_md5_hash = tcp_v6_md5_hash_skb,
b6332e6c 835#endif
fb7b37a7
OP		 836#ifdef CONFIG_SYN_COOKIES
837 .cookie_init_seq = cookie_v6_init_sequence,
838#endif
d94e0417 839 .route_req = tcp_v6_route_req,
84b114b9
ED		 840 .init_seq = tcp_v6_init_seq,
841 .init_ts_off = tcp_v6_init_ts_off,
d6274bd8 842 .send_synack = tcp_v6_send_synack,
16bea70a 843};
cfb6eeb4 844
a00e7444 845static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 seq,
0f85feae
ED		 846 u32 ack, u32 win, u32 tsval, u32 tsecr,
847 int oif, struct tcp_md5sig_key *key, int rst,
aa51b80e 848 u8 tclass, __be32 label, u32 priority, u32 txhash)
1da177e4 849{
cf533ea5
ED		 850 const struct tcphdr *th = tcp_hdr(skb);
851 struct tcphdr *t1;
1da177e4 852 struct sk_buff *buff;
4c9483b2 853 struct flowi6 fl6;
0f85feae 854 struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
e5047992 855 struct sock *ctl_sk = net->ipv6.tcp_sk;
77c676da 856 unsigned int tot_len = sizeof(struct tcphdr);
dc87efdb 857 __be32 mrst = 0, *topt;
adf30907 858 struct dst_entry *dst;
00483690 859 __u32 mark = 0;
1da177e4 860
ee684b6f 861 if (tsecr)
626e264d 862 tot_len += TCPOLEN_TSTAMP_ALIGNED;
cfb6eeb4 863#ifdef CONFIG_TCP_MD5SIG
cfb6eeb4
YH		 864 if (key)
865 tot_len += TCPOLEN_MD5SIG_ALIGNED;
866#endif
867
dc87efdb
FW		 868#ifdef CONFIG_MPTCP
869 if (rst && !key) {
870 mrst = mptcp_reset_option(skb);
871
872 if (mrst)
873 tot_len += sizeof(__be32);
874 }
875#endif
876
0ebea8f9 877 buff = alloc_skb(MAX_TCP_HEADER, GFP_ATOMIC);
63159f29 878 if (!buff)
1ab1457c 879 return;
1da177e4 880
0ebea8f9 881 skb_reserve(buff, MAX_TCP_HEADER);
1da177e4 882
d58ff351 883 t1 = skb_push(buff, tot_len);
6651ffc8 884 skb_reset_transport_header(buff);
1da177e4
LT		 885
886 /* Swap the send and the receive. */
887 memset(t1, 0, sizeof(*t1));
888 t1->dest = th->source;
889 t1->source = th->dest;
cfb6eeb4 890 t1->doff = tot_len / 4;
626e264d
IJ		 891 t1->seq = htonl(seq);
892 t1->ack_seq = htonl(ack);
893 t1->ack = !rst || !th->ack;
894 t1->rst = rst;
895 t1->window = htons(win);
1da177e4 896
81ada62d
IJ		 897 topt = (__be32 *)(t1 + 1);
898
ee684b6f 899 if (tsecr) {
626e264d
IJ		 900 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
901 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
ee684b6f
AV		 902 *topt++ = htonl(tsval);
903 *topt++ = htonl(tsecr);
626e264d
IJ		 904 }
905
dc87efdb
FW		 906 if (mrst)
907 *topt++ = mrst;
908
cfb6eeb4
YH		 909#ifdef CONFIG_TCP_MD5SIG
910 if (key) {
81ada62d
IJ		 911 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
912 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
913 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
78e645cb
IJ		 914 &ipv6_hdr(skb)->saddr,
915 &ipv6_hdr(skb)->daddr, t1);
cfb6eeb4
YH		 916 }
917#endif
918
4c9483b2 919 memset(&fl6, 0, sizeof(fl6));
4e3fd7a0
AD		 920 fl6.daddr = ipv6_hdr(skb)->saddr;
921 fl6.saddr = ipv6_hdr(skb)->daddr;
1d13a96c 922 fl6.flowlabel = label;
1da177e4 923
e5700aff 924 buff->ip_summed = CHECKSUM_PARTIAL;
e5700aff 925
4c9483b2 926 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
1da177e4 927
4c9483b2 928 fl6.flowi6_proto = IPPROTO_TCP;
a36dbdb2 929 if (rt6_need_strict(&fl6.daddr) && !oif)
870c3151 930 fl6.flowi6_oif = tcp_v6_iif(skb);
9b6c14d5
DA		 931 else {
932 if (!oif && netif_index_is_l3_master(net, skb->skb_iif))
933 oif = skb->skb_iif;
934
935 fl6.flowi6_oif = oif;
936 }
1d2f7b2d 937
c67b8555 938 if (sk) {
aa51b80e 939 if (sk->sk_state == TCP_TIME_WAIT)
c67b8555 940 mark = inet_twsk(sk)->tw_mark;
aa51b80e 941 else
3c5b4d69 942 mark = READ_ONCE(sk->sk_mark);
a1ac9c8a 943 skb_set_delivery_time(buff, tcp_transmit_time(sk), true);
c67b8555 944 }
aa51b80e
ED		 945 if (txhash) {
946 /* autoflowlabel/skb_get_hash_flowi6 rely on buff->hash */
947 skb_set_hash(buff, txhash, PKT_HASH_TYPE_L4);
948 }
00483690 949 fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark) ?: mark;
1958b856
DM		 950 fl6.fl6_dport = t1->dest;
951 fl6.fl6_sport = t1->source;
e2d118a1 952 fl6.flowi6_uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL);
3df98d79 953 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
1da177e4 954
c20121ae
DL		 955 /* Pass a socket to ip6_dst_lookup either it is for RST
956 * Underlying function will use this to retrieve the network
957 * namespace
958 */
e22aa148 959 if (sk && sk->sk_state != TCP_TIME_WAIT)
960 dst = ip6_dst_lookup_flow(net, sk, &fl6, NULL); /*sk's xfrm_policy can be referred*/
961 else
962 dst = ip6_dst_lookup_flow(net, ctl_sk, &fl6, NULL);
68d0c6d3
DM		 963 if (!IS_ERR(dst)) {
964 skb_dst_set(buff, dst);
e92dd77e
WW		 965 ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL,
966 tclass & ~INET_ECN_MASK, priority);
c10d9310 967 TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
68d0c6d3 968 if (rst)
c10d9310 969 TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
68d0c6d3 970 return;
1da177e4
LT		 971 }
972
973 kfree_skb(buff);
974}
975
a00e7444 976static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb)
1da177e4 977{
cf533ea5 978 const struct tcphdr *th = tcp_hdr(skb);
323a53c4 979 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
626e264d 980 u32 seq = 0, ack_seq = 0;
fa3e5b4e 981 struct tcp_md5sig_key *key = NULL;
658ddaaf
SL		 982#ifdef CONFIG_TCP_MD5SIG
983 const __u8 *hash_location = NULL;
658ddaaf
SL		 984 unsigned char newhash[16];
985 int genhash;
986 struct sock *sk1 = NULL;
987#endif
323a53c4 988 __be32 label = 0;
e9a5dcee 989 u32 priority = 0;
323a53c4 990 struct net *net;
9258b8b1 991 u32 txhash = 0;
c24b14c4 992 int oif = 0;
1da177e4 993
626e264d 994 if (th->rst)
1da177e4
LT		 995 return;
996
c3658e8d
ED		 997 /* If sk not NULL, it means we did a successful lookup and incoming
998 * route had to be correct. prequeue might have dropped our dst.
999 */
1000 if (!sk && !ipv6_unicast_destination(skb))
626e264d 1001 return;
1da177e4 1002
39209673 1003 net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
cfb6eeb4 1004#ifdef CONFIG_TCP_MD5SIG
3b24d854 1005 rcu_read_lock();
658ddaaf 1006 hash_location = tcp_parse_md5sig_option(th);
271c3b9b 1007 if (sk && sk_fullsock(sk)) {
dea53bb8
DA		 1008 int l3index;
1009
1010 /* sdif set, means packet ingressed via a device
1011 * in an L3 domain and inet_iif is set to it.
1012 */
1013 l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
1014 key = tcp_v6_md5_do_lookup(sk, &ipv6h->saddr, l3index);
e46787f0 1015 } else if (hash_location) {
d14c77e0
DA		 1016 int dif = tcp_v6_iif_l3_slave(skb);
1017 int sdif = tcp_v6_sdif(skb);
dea53bb8 1018 int l3index;
d14c77e0 1019
658ddaaf
SL		 1020 /*
1021 * active side is lost. Try to find listening socket through
1022 * source port, and then find md5 key through listening socket.
1023 * we are not loose security here:
1024 * Incoming packet is checked with md5 hash with finding key,
1025 * no RST generated if md5 hash doesn't match.
1026 */
4461568a
KI		 1027 sk1 = inet6_lookup_listener(net, net->ipv4.tcp_death_row.hashinfo,
1028 NULL, 0, &ipv6h->saddr, th->source,
1029 &ipv6h->daddr, ntohs(th->source),
1030 dif, sdif);
658ddaaf 1031 if (!sk1)
3b24d854 1032 goto out;
658ddaaf 1033
dea53bb8
DA		 1034 /* sdif set, means packet ingressed via a device
1035 * in an L3 domain and dif is set to it.
1036 */
1037 l3index = tcp_v6_sdif(skb) ? dif : 0;
1038
1039 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr, l3index);
658ddaaf 1040 if (!key)
3b24d854 1041 goto out;
658ddaaf 1042
39f8e58e 1043 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, skb);
658ddaaf 1044 if (genhash || memcmp(hash_location, newhash, 16) != 0)
3b24d854 1045 goto out;
658ddaaf 1046 }
cfb6eeb4
YH		 1047#endif
1048
626e264d
IJ		 1049 if (th->ack)
1050 seq = ntohl(th->ack_seq);
1051 else
1052 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
1053 (th->doff << 2);
1da177e4 1054
c24b14c4
SL		 1055 if (sk) {
1056 oif = sk->sk_bound_dev_if;
052e0690
ED		 1057 if (sk_fullsock(sk)) {
1058 const struct ipv6_pinfo *np = tcp_inet6_sk(sk);
1059
5c487bb9 1060 trace_tcp_send_reset(sk, skb);
052e0690
ED		 1061 if (np->repflow)
1062 label = ip6_flowlabel(ipv6h);
e9a5dcee 1063 priority = sk->sk_priority;
dc6456e9 1064 txhash = sk->sk_txhash;
052e0690 1065 }
f6c0f5d2 1066 if (sk->sk_state == TCP_TIME_WAIT) {
50a8accf 1067 label = cpu_to_be32(inet_twsk(sk)->tw_flowlabel);
f6c0f5d2 1068 priority = inet_twsk(sk)->tw_priority;
9258b8b1 1069 txhash = inet_twsk(sk)->tw_txhash;
f6c0f5d2 1070 }
323a53c4 1071 } else {
a346abe0 1072 if (net->ipv6.sysctl.flowlabel_reflect & FLOWLABEL_REFLECT_TCP_RESET)
323a53c4 1073 label = ip6_flowlabel(ipv6h);
c24b14c4
SL		 1074 }
1075
e92dd77e 1076 tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, key, 1,
9258b8b1 1077 ipv6_get_dsfield(ipv6h), label, priority, txhash);
658ddaaf
SL		 1078
1079#ifdef CONFIG_TCP_MD5SIG
3b24d854
ED		 1080out:
1081 rcu_read_unlock();
658ddaaf 1082#endif
626e264d 1083}
1da177e4 1084
a00e7444 1085static void tcp_v6_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq,
0f85feae 1086 u32 ack, u32 win, u32 tsval, u32 tsecr, int oif,
1d13a96c 1087 struct tcp_md5sig_key *key, u8 tclass,
aa51b80e 1088 __be32 label, u32 priority, u32 txhash)
626e264d 1089{
0f85feae 1090 tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, key, 0,
aa51b80e 1091 tclass, label, priority, txhash);
1da177e4
LT		 1092}
1093
1094static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1095{
8feaf0c0 1096 struct inet_timewait_sock *tw = inet_twsk(sk);
cfb6eeb4 1097 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1da177e4 1098
0f85feae 1099 tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
8feaf0c0 1100 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
9a568de4 1101 tcp_time_stamp_raw() + tcptw->tw_ts_offset,
9c76a114 1102 tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw),
aa51b80e
ED		 1103 tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel), tw->tw_priority,
1104 tw->tw_txhash);
1da177e4 1105
8feaf0c0 1106 inet_twsk_put(tw);
1da177e4
LT		 1107}
1108
a00e7444 1109static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
6edafaaf 1110 struct request_sock *req)
1da177e4 1111{
dea53bb8
DA		 1112 int l3index;
1113
1114 l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
1115
3a19ce0e
DL		 1116 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
1117 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
1118 */
20a2b49f
ED		 1119 /* RFC 7323 2.3
1120 * The window field (SEG.WND) of every outgoing segment, with the
1121 * exception of <SYN> segments, MUST be right-shifted by
1122 * Rcv.Wind.Shift bits:
1123 */
0f85feae 1124 tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ?
3a19ce0e 1125 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
20a2b49f
ED		 1126 tcp_rsk(req)->rcv_nxt,
1127 req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale,
9a568de4 1128 tcp_time_stamp_raw() + tcp_rsk(req)->ts_off,
eba20811 1129 READ_ONCE(req->ts_recent), sk->sk_bound_dev_if,
dea53bb8 1130 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->saddr, l3index),
8bf43be7
ED		 1131 ipv6_get_dsfield(ipv6_hdr(skb)), 0,
1132 READ_ONCE(sk->sk_priority),
5e526552 1133 READ_ONCE(tcp_rsk(req)->txhash));
1da177e4
LT		 1134}
1135
1136
079096f1 1137static struct sock *tcp_v6_cookie_check(struct sock *sk, struct sk_buff *skb)
1da177e4 1138{
079096f1 1139#ifdef CONFIG_SYN_COOKIES
aa8223c7 1140 const struct tcphdr *th = tcp_hdr(skb);
1da177e4 1141
af9b4738 1142 if (!th->syn)
c6aefafb 1143 sk = cookie_v6_check(sk, skb);
1da177e4
LT		 1144#endif
1145 return sk;
1146}
1147
9349d600
PP		 1148u16 tcp_v6_get_syncookie(struct sock *sk, struct ipv6hdr *iph,
1149 struct tcphdr *th, u32 *cookie)
1150{
1151 u16 mss = 0;
1152#ifdef CONFIG_SYN_COOKIES
1153 mss = tcp_get_syncookie_mss(&tcp6_request_sock_ops,
1154 &tcp_request_sock_ipv6_ops, sk, th);
1155 if (mss) {
1156 *cookie = __cookie_v6_init_sequence(iph, th, &mss);
1157 tcp_synq_overflow(sk);
1158 }
1159#endif
1160 return mss;
1161}
1162
1da177e4
LT		 1163static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1164{
1da177e4
LT		 1165 if (skb->protocol == htons(ETH_P_IP))
1166 return tcp_v4_conn_request(sk, skb);
1167
1168 if (!ipv6_unicast_destination(skb))
1ab1457c 1169 goto drop;
1da177e4 1170
dcc32f4f
JK		 1171 if (ipv6_addr_v4mapped(&ipv6_hdr(skb)->saddr)) {
1172 __IP6_INC_STATS(sock_net(sk), NULL, IPSTATS_MIB_INHDRERRORS);
1173 return 0;
1174 }
1175
1fb6f159
OP		 1176 return tcp_conn_request(&tcp6_request_sock_ops,
1177 &tcp_request_sock_ipv6_ops, sk, skb);
1da177e4
LT		 1178
1179drop:
9caad864 1180 tcp_listendrop(sk);
1da177e4
LT		 1181 return 0; /* don't send reset */
1182}
1183
ebf6c9cb
ED		 1184static void tcp_v6_restore_cb(struct sk_buff *skb)
1185{
1186 /* We need to move header back to the beginning if xfrm6_policy_check()
1187 * and tcp_v6_fill_cb() are going to be called again.
1188 * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there.
1189 */
1190 memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
1191 sizeof(struct inet6_skb_parm));
1192}
1193
0c27171e 1194static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
4c99aa40 1195 struct request_sock *req,
5e0724d0
ED		 1196 struct dst_entry *dst,
1197 struct request_sock *req_unhash,
1198 bool *own_req)
1da177e4 1199{
634fb979 1200 struct inet_request_sock *ireq;
0c27171e 1201 struct ipv6_pinfo *newnp;
93a77c11 1202 const struct ipv6_pinfo *np = tcp_inet6_sk(sk);
45f6fad8 1203 struct ipv6_txoptions *opt;
1da177e4 1204 struct inet_sock *newinet;
01770a16 1205 bool found_dup_sk = false;
1da177e4
LT		 1206 struct tcp_sock *newtp;
1207 struct sock *newsk;
cfb6eeb4
YH		 1208#ifdef CONFIG_TCP_MD5SIG
1209 struct tcp_md5sig_key *key;
dea53bb8 1210 int l3index;
cfb6eeb4 1211#endif
3840a06e 1212 struct flowi6 fl6;
1da177e4
LT		 1213
1214 if (skb->protocol == htons(ETH_P_IP)) {
1215 /*
1216 * v6 mapped
1217 */
1218
5e0724d0
ED		 1219 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst,
1220 req_unhash, own_req);
1da177e4 1221
63159f29 1222 if (!newsk)
1da177e4
LT		 1223 return NULL;
1224
93a77c11 1225 inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk);
1da177e4 1226
93a77c11 1227 newnp = tcp_inet6_sk(newsk);
1da177e4
LT		 1228 newtp = tcp_sk(newsk);
1229
1230 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1231
d1e559d0 1232 newnp->saddr = newsk->sk_v6_rcv_saddr;
1da177e4 1233
8292a17a 1234 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
cec37a6e 1235 if (sk_is_mptcp(newsk))
31484d56 1236 mptcpv6_handle_mapped(newsk, true);
1da177e4 1237 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
cfb6eeb4
YH		 1238#ifdef CONFIG_TCP_MD5SIG
1239 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1240#endif
1241
83eaddab 1242 newnp->ipv6_mc_list = NULL;
676a1184
YZ		 1243 newnp->ipv6_ac_list = NULL;
1244 newnp->ipv6_fl_list = NULL;
1da177e4
LT		 1245 newnp->pktoptions = NULL;
1246 newnp->opt = NULL;
89e41309
ED		 1247 newnp->mcast_oif = inet_iif(skb);
1248 newnp->mcast_hops = ip_hdr(skb)->ttl;
1249 newnp->rcv_flowinfo = 0;
df3687ff 1250 if (np->repflow)
89e41309 1251 newnp->flow_label = 0;
1da177e4 1252
e6848976
ACM		 1253 /*
1254 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1255 * here, tcp_create_openreq_child now does this for us, see the comment in
1256 * that function for the gory details. -acme
1da177e4 1257 */
1da177e4
LT		 1258
1259 /* It is tricky place. Until this moment IPv4 tcp
8292a17a 1260 worked with IPv6 icsk.icsk_af_ops.
1da177e4
LT		 1261 Sync it now.
1262 */
d83d8461 1263 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1da177e4
LT		 1264
1265 return newsk;
1266 }
1267
634fb979 1268 ireq = inet_rsk(req);
1da177e4
LT		 1269
1270 if (sk_acceptq_is_full(sk))
1271 goto out_overflow;
1272
493f377d 1273 if (!dst) {
f76b33c3 1274 dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_TCP);
493f377d 1275 if (!dst)
1da177e4 1276 goto out;
1ab1457c 1277 }
1da177e4
LT		 1278
1279 newsk = tcp_create_openreq_child(sk, req, skb);
63159f29 1280 if (!newsk)
093d2823 1281 goto out_nonewsk;
1da177e4 1282
e6848976
ACM		 1283 /*
1284 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1285 * count here, tcp_create_openreq_child now does this for us, see the
1286 * comment in that function for the gory details. -acme
1287 */
1da177e4 1288
59eed279 1289 newsk->sk_gso_type = SKB_GSO_TCPV6;
6bd4f355 1290 ip6_dst_store(newsk, dst, NULL, NULL);
fae6ef87 1291 inet6_sk_rx_dst_set(newsk, skb);
1da177e4 1292
93a77c11 1293 inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk);
1da177e4
LT		 1294
1295 newtp = tcp_sk(newsk);
1296 newinet = inet_sk(newsk);
93a77c11 1297 newnp = tcp_inet6_sk(newsk);
1da177e4
LT		 1298
1299 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1300
634fb979
ED		 1301 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
1302 newnp->saddr = ireq->ir_v6_loc_addr;
1303 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
1304 newsk->sk_bound_dev_if = ireq->ir_iif;
1da177e4 1305
1ab1457c 1306 /* Now IPv6 options...
1da177e4
LT		 1307
1308 First: no IPv4 options.
1309 */
f6d8bd05 1310 newinet->inet_opt = NULL;
83eaddab 1311 newnp->ipv6_mc_list = NULL;
676a1184 1312 newnp->ipv6_ac_list = NULL;
d35690be 1313 newnp->ipv6_fl_list = NULL;
1da177e4
LT		 1314
1315 /* Clone RX bits */
1316 newnp->rxopt.all = np->rxopt.all;
1317
1da177e4 1318 newnp->pktoptions = NULL;
1da177e4 1319 newnp->opt = NULL;
870c3151 1320 newnp->mcast_oif = tcp_v6_iif(skb);
0660e03f 1321 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1397ed35 1322 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
df3687ff
FF		 1323 if (np->repflow)
1324 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1da177e4 1325
8ef44b6f
WW		 1326 /* Set ToS of the new socket based upon the value of incoming SYN.
1327 * ECT bits are set later in tcp_init_transfer().
1328 */
870e3a63 1329 if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_reflect_tos))
ac8f1710
WW		 1330 newnp->tclass = tcp_rsk(req)->syn_tos & ~INET_ECN_MASK;
1331
1da177e4
LT		 1332 /* Clone native IPv6 options from listening socket (if any)
1333
1334 Yes, keeping reference count would be much more clever,
1335 but we make one more one thing there: reattach optmem
1336 to newsk.
1337 */
56ac42bc
HD		 1338 opt = ireq->ipv6_opt;
1339 if (!opt)
1340 opt = rcu_dereference(np->opt);
45f6fad8
ED		 1341 if (opt) {
1342 opt = ipv6_dup_options(newsk, opt);
1343 RCU_INIT_POINTER(newnp->opt, opt);
1344 }
d83d8461 1345 inet_csk(newsk)->icsk_ext_hdr_len = 0;
45f6fad8
ED		 1346 if (opt)
1347 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen +
1348 opt->opt_flen;
1da177e4 1349
81164413
DB		 1350 tcp_ca_openreq_child(newsk, dst);
1351
1da177e4 1352 tcp_sync_mss(newsk, dst_mtu(dst));
3541f9e8 1353 newtp->advmss = tcp_mss_clamp(tcp_sk(sk), dst_metric_advmss(dst));
d135c522 1354
1da177e4
LT		 1355 tcp_initialize_rcv_mss(newsk);
1356
c720c7e8
ED		 1357 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1358 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1da177e4 1359
cfb6eeb4 1360#ifdef CONFIG_TCP_MD5SIG
dea53bb8
DA		 1361 l3index = l3mdev_master_ifindex_by_index(sock_net(sk), ireq->ir_iif);
1362
cfb6eeb4 1363 /* Copy over the MD5 key from the original socket */
dea53bb8 1364 key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr, l3index);
53b24b8f 1365 if (key) {
b389d1af
DS		 1366 const union tcp_md5_addr *addr;
1367
1368 addr = (union tcp_md5_addr *)&newsk->sk_v6_daddr;
1369 if (tcp_md5_key_copy(newsk, addr, AF_INET6, 128, l3index, key)) {
1370 inet_csk_prepare_forced_close(newsk);
1371 tcp_done(newsk);
1372 goto out;
1373 }
cfb6eeb4
YH		 1374 }
1375#endif
1376
093d2823 1377 if (__inet_inherit_port(sk, newsk) < 0) {
e337e24d
CP		 1378 inet_csk_prepare_forced_close(newsk);
1379 tcp_done(newsk);
093d2823
BS		 1380 goto out;
1381 }
01770a16
RD		 1382 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash),
1383 &found_dup_sk);
805c4bc0 1384 if (*own_req) {
49a496c9 1385 tcp_move_syn(newtp, req);
805c4bc0
ED		 1386
1387 /* Clone pktoptions received with SYN, if we own the req */
1388 if (ireq->pktopts) {
ca43ccf4 1389 newnp->pktoptions = skb_clone_and_charge_r(ireq->pktopts, newsk);
805c4bc0
ED		 1390 consume_skb(ireq->pktopts);
1391 ireq->pktopts = NULL;
ca43ccf4 1392 if (newnp->pktoptions)
ebf6c9cb 1393 tcp_v6_restore_cb(newnp->pktoptions);
805c4bc0 1394 }
01770a16
RD		 1395 } else {
1396 if (!req_unhash && found_dup_sk) {
1397 /* This code path should only be executed in the
1398 * syncookie case only
1399 */
1400 bh_unlock_sock(newsk);
1401 sock_put(newsk);
1402 newsk = NULL;
1403 }
ce105008 1404 }
1da177e4
LT		 1405
1406 return newsk;
1407
1408out_overflow:
02a1d6e7 1409 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
093d2823 1410out_nonewsk:
1da177e4 1411 dst_release(dst);
093d2823 1412out:
9caad864 1413 tcp_listendrop(sk);
1da177e4
LT		 1414 return NULL;
1415}
1416
bbd807df
BV		 1417INDIRECT_CALLABLE_DECLARE(struct dst_entry *ipv4_dst_check(struct dst_entry *,
1418 u32));
1da177e4 1419/* The socket must have it's spinlock held when we get
e994b2f0 1420 * here, unless it is a TCP_LISTEN socket.
1da177e4
LT		 1421 *
1422 * We have a potential double-lock case here, so even when
1423 * doing backlog processing we use the BH locking scheme.
1424 * This is because we cannot sleep with the original spinlock
1425 * held.
1426 */
d2489c7b
ED		 1427INDIRECT_CALLABLE_SCOPE
1428int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1da177e4 1429{
93a77c11 1430 struct ipv6_pinfo *np = tcp_inet6_sk(sk);
1da177e4 1431 struct sk_buff *opt_skb = NULL;
8eba65fa 1432 enum skb_drop_reason reason;
93a77c11 1433 struct tcp_sock *tp;
1da177e4
LT		 1434
1435 /* Imagine: socket is IPv6. IPv4 packet arrives,
1436 goes to IPv4 receive handler and backlogged.
1437 From backlog it always goes here. Kerboom...
1438 Fortunately, tcp_rcv_established and rcv_established
1439 handle them correctly, but it is not case with
1440 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1441 */
1442
1443 if (skb->protocol == htons(ETH_P_IP))
1444 return tcp_v4_do_rcv(sk, skb);
1445
1da177e4
LT		 1446 /*
1447 * socket locking is here for SMP purposes as backlog rcv
1448 * is currently called with bh processing disabled.
1449 */
1450
1451 /* Do Stevens' IPV6_PKTOPTIONS.
1452
1453 Yes, guys, it is the only place in our code, where we
1454 may make it not affecting IPv4.
1455 The rest of code is protocol independent,
1456 and I do not like idea to uglify IPv4.
1457
1458 Actually, all the idea behind IPV6_PKTOPTIONS
1459 looks not very well thought. For now we latch
1460 options, received in the last packet, enqueued
1461 by tcp. Feel free to propose better solution.
1ab1457c 1462 --ANK (980728)
1da177e4
LT		 1463 */
1464 if (np->rxopt.all)
ca43ccf4 1465 opt_skb = skb_clone_and_charge_r(skb, sk);
1da177e4 1466
8eba65fa 1467 reason = SKB_DROP_REASON_NOT_SPECIFIED;
1da177e4 1468 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
8f905c0e
ED		 1469 struct dst_entry *dst;
1470
1471 dst = rcu_dereference_protected(sk->sk_rx_dst,
1472 lockdep_sock_is_held(sk));
5d299f3d 1473
bdeab991 1474 sock_rps_save_rxhash(sk, skb);
3d97379a 1475 sk_mark_napi_id(sk, skb);
5d299f3d 1476 if (dst) {
0c0a5ef8 1477 if (sk->sk_rx_dst_ifindex != skb->skb_iif ||
bbd807df 1478 INDIRECT_CALL_1(dst->ops->check, ip6_dst_check,
ef57c161 1479 dst, sk->sk_rx_dst_cookie) == NULL) {
8f905c0e 1480 RCU_INIT_POINTER(sk->sk_rx_dst, NULL);
5d299f3d 1481 dst_release(dst);
5d299f3d
ED		 1482 }
1483 }
1484
3d97d88e 1485 tcp_rcv_established(sk, skb);
1da177e4
LT		 1486 if (opt_skb)
1487 goto ipv6_pktoptions;
1488 return 0;
1489 }
1490
12e25e10 1491 if (tcp_checksum_complete(skb))
1da177e4
LT		 1492 goto csum_err;
1493
1ab1457c 1494 if (sk->sk_state == TCP_LISTEN) {
079096f1
ED		 1495 struct sock *nsk = tcp_v6_cookie_check(sk, skb);
1496
1da177e4
LT		 1497 if (!nsk)
1498 goto discard;
1499
4c99aa40 1500 if (nsk != sk) {
1da177e4
LT		 1501 if (tcp_child_process(sk, nsk, skb))
1502 goto reset;
1503 if (opt_skb)
1504 __kfree_skb(opt_skb);
1505 return 0;
1506 }
47482f13 1507 } else
bdeab991 1508 sock_rps_save_rxhash(sk, skb);
1da177e4 1509
72ab4a86 1510 if (tcp_rcv_state_process(sk, skb))
1da177e4 1511 goto reset;
1da177e4
LT		 1512 if (opt_skb)
1513 goto ipv6_pktoptions;
1514 return 0;
1515
1516reset:
cfb6eeb4 1517 tcp_v6_send_reset(sk, skb);
1da177e4
LT		 1518discard:
1519 if (opt_skb)
1520 __kfree_skb(opt_skb);
8eba65fa 1521 kfree_skb_reason(skb, reason);
1da177e4
LT		 1522 return 0;
1523csum_err:
8eba65fa 1524 reason = SKB_DROP_REASON_TCP_CSUM;
709c0314 1525 trace_tcp_bad_csum(skb);
c10d9310
ED		 1526 TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS);
1527 TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS);
1da177e4
LT		 1528 goto discard;
1529
1530
1531ipv6_pktoptions:
1532 /* Do you ask, what is it?
1533
1534 1. skb was enqueued by tcp.
1535 2. skb is added to tail of read queue, rather than out of order.
1536 3. socket is not in passive state.
1537 4. Finally, it really contains options, which user wants to receive.
1538 */
1539 tp = tcp_sk(sk);
1540 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1541 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
333fad53 1542 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
870c3151 1543 np->mcast_oif = tcp_v6_iif(opt_skb);
333fad53 1544 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
0660e03f 1545 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
82e9f105 1546 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
1397ed35 1547 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
df3687ff
FF		 1548 if (np->repflow)
1549 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
a224772d 1550 if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) {
8ce48623 1551 tcp_v6_restore_cb(opt_skb);
1da177e4
LT		 1552 opt_skb = xchg(&np->pktoptions, opt_skb);
1553 } else {
1554 __kfree_skb(opt_skb);
1555 opt_skb = xchg(&np->pktoptions, NULL);
1556 }
1557 }
1558
12c8691d 1559 consume_skb(opt_skb);
1da177e4
LT		 1560 return 0;
1561}
1562
2dc49d16
ND		 1563static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
1564 const struct tcphdr *th)
1565{
1566 /* This is tricky: we move IP6CB at its correct location into
1567 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
1568 * _decode_session6() uses IP6CB().
1569 * barrier() makes sure compiler won't play aliasing games.
1570 */
1571 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
1572 sizeof(struct inet6_skb_parm));
1573 barrier();
1574
1575 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1576 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1577 skb->len - th->doff*4);
1578 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1579 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1580 TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1581 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1582 TCP_SKB_CB(skb)->sacked = 0;
98aaa913
MM		 1583 TCP_SKB_CB(skb)->has_rxtstamp =
1584 skb->tstamp || skb_hwtstamps(skb)->hwtstamp;
2dc49d16
ND		 1585}
1586
0e219ae4 1587INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
1da177e4 1588{
c0e3154d 1589 enum skb_drop_reason drop_reason;
4297a0ef 1590 int sdif = inet6_sdif(skb);
d14c77e0 1591 int dif = inet6_iif(skb);
cf533ea5 1592 const struct tcphdr *th;
b71d1d42 1593 const struct ipv6hdr *hdr;
3b24d854 1594 bool refcounted;
1da177e4
LT		 1595 struct sock *sk;
1596 int ret;
a86b1e30 1597 struct net *net = dev_net(skb->dev);
1da177e4 1598
c0e3154d 1599 drop_reason = SKB_DROP_REASON_NOT_SPECIFIED;
1da177e4
LT		 1600 if (skb->pkt_type != PACKET_HOST)
1601 goto discard_it;
1602
1603 /*
1604 * Count it even if it's bad.
1605 */
90bbcc60 1606 __TCP_INC_STATS(net, TCP_MIB_INSEGS);
1da177e4
LT		 1607
1608 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1609 goto discard_it;
1610
ea1627c2 1611 th = (const struct tcphdr *)skb->data;
1da177e4 1612
c0e3154d
MD		 1613 if (unlikely(th->doff < sizeof(struct tcphdr) / 4)) {
1614 drop_reason = SKB_DROP_REASON_PKT_TOO_SMALL;
1da177e4 1615 goto bad_packet;
c0e3154d 1616 }
1da177e4
LT		 1617 if (!pskb_may_pull(skb, th->doff*4))
1618 goto discard_it;
1619
e4f45b7f 1620 if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo))
6a5dc9e5 1621 goto csum_error;
1da177e4 1622
ea1627c2 1623 th = (const struct tcphdr *)skb->data;
e802af9c 1624 hdr = ipv6_hdr(skb);
1da177e4 1625
4bdc3d66 1626lookup:
4461568a 1627 sk = __inet6_lookup_skb(net->ipv4.tcp_death_row.hashinfo, skb, __tcp_hdrlen(th),
4297a0ef 1628 th->source, th->dest, inet6_iif(skb), sdif,
3b24d854 1629 &refcounted);
1da177e4
LT		 1630 if (!sk)
1631 goto no_tcp_socket;
1632
1633process:
1634 if (sk->sk_state == TCP_TIME_WAIT)
1635 goto do_time_wait;
1636
079096f1
ED		 1637 if (sk->sk_state == TCP_NEW_SYN_RECV) {
1638 struct request_sock *req = inet_reqsk(sk);
e0f9759f 1639 bool req_stolen = false;
7716682c 1640 struct sock *nsk;
079096f1
ED		 1641
1642 sk = req->rsk_listener;
9593c7cb
IM		 1643 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1644 drop_reason = SKB_DROP_REASON_XFRM_POLICY;
1645 else
1646 drop_reason = tcp_inbound_md5_hash(sk, skb,
1647 &hdr->saddr, &hdr->daddr,
1648 AF_INET6, dif, sdif);
1330b6ef 1649 if (drop_reason) {
e65c332d 1650 sk_drops_add(sk, skb);
079096f1
ED		 1651 reqsk_put(req);
1652 goto discard_it;
1653 }
4fd44a98
FL		 1654 if (tcp_checksum_complete(skb)) {
1655 reqsk_put(req);
1656 goto csum_error;
1657 }
7716682c 1658 if (unlikely(sk->sk_state != TCP_LISTEN)) {
d4f2c86b
KI		 1659 nsk = reuseport_migrate_sock(sk, req_to_sk(req), skb);
1660 if (!nsk) {
1661 inet_csk_reqsk_queue_drop_and_put(sk, req);
1662 goto lookup;
1663 }
1664 sk = nsk;
1665 /* reuseport_migrate_sock() has already held one sk_refcnt
1666 * before returning.
1667 */
1668 } else {
1669 sock_hold(sk);
4bdc3d66 1670 }
3b24d854 1671 refcounted = true;
1f3b359f 1672 nsk = NULL;
eeea10b8
ED		 1673 if (!tcp_filter(sk, skb)) {
1674 th = (const struct tcphdr *)skb->data;
1675 hdr = ipv6_hdr(skb);
1676 tcp_v6_fill_cb(skb, hdr, th);
e0f9759f 1677 nsk = tcp_check_req(sk, skb, req, false, &req_stolen);
c0e3154d
MD		 1678 } else {
1679 drop_reason = SKB_DROP_REASON_SOCKET_FILTER;
eeea10b8 1680 }
079096f1
ED		 1681 if (!nsk) {
1682 reqsk_put(req);
e0f9759f
ED		 1683 if (req_stolen) {
1684 /* Another cpu got exclusive access to req
1685 * and created a full blown socket.
1686 * Try to feed this packet to this socket
1687 * instead of discarding it.
1688 */
1689 tcp_v6_restore_cb(skb);
1690 sock_put(sk);
1691 goto lookup;
1692 }
7716682c 1693 goto discard_and_relse;
079096f1 1694 }
9593c7cb 1695 nf_reset_ct(skb);
079096f1 1696 if (nsk == sk) {
079096f1
ED		 1697 reqsk_put(req);
1698 tcp_v6_restore_cb(skb);
1699 } else if (tcp_child_process(sk, nsk, skb)) {
1700 tcp_v6_send_reset(nsk, skb);
7716682c 1701 goto discard_and_relse;
079096f1 1702 } else {
7716682c 1703 sock_put(sk);
079096f1
ED		 1704 return 0;
1705 }
1706 }
790eb673
ED		 1707
1708 if (static_branch_unlikely(&ip6_min_hopcount)) {
1709 /* min_hopcount can be changed concurrently from do_ipv6_setsockopt() */
2798e36d 1710 if (unlikely(hdr->hop_limit < READ_ONCE(tcp_inet6_sk(sk)->min_hopcount))) {
790eb673 1711 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
2798e36d 1712 drop_reason = SKB_DROP_REASON_TCP_MINTTL;
790eb673
ED		 1713 goto discard_and_relse;
1714 }
e802af9c
SH		 1715 }
1716
c0e3154d
MD		 1717 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) {
1718 drop_reason = SKB_DROP_REASON_XFRM_POLICY;
1da177e4 1719 goto discard_and_relse;
c0e3154d 1720 }
1da177e4 1721
1330b6ef
JK		 1722 drop_reason = tcp_inbound_md5_hash(sk, skb, &hdr->saddr, &hdr->daddr,
1723 AF_INET6, dif, sdif);
1724 if (drop_reason)
9ea88a15 1725 goto discard_and_relse;
9ea88a15 1726
b0e214d2
MK		 1727 nf_reset_ct(skb);
1728
c0e3154d
MD		 1729 if (tcp_filter(sk, skb)) {
1730 drop_reason = SKB_DROP_REASON_SOCKET_FILTER;
1da177e4 1731 goto discard_and_relse;
c0e3154d 1732 }
ac6e7800
ED		 1733 th = (const struct tcphdr *)skb->data;
1734 hdr = ipv6_hdr(skb);
eeea10b8 1735 tcp_v6_fill_cb(skb, hdr, th);
1da177e4
LT		 1736
1737 skb->dev = NULL;
1738
e994b2f0
ED		 1739 if (sk->sk_state == TCP_LISTEN) {
1740 ret = tcp_v6_do_rcv(sk, skb);
1741 goto put_and_return;
1742 }
1743
1744 sk_incoming_cpu_update(sk);
1745
293b9c42 1746 bh_lock_sock_nested(sk);
a44d6eac 1747 tcp_segs_in(tcp_sk(sk), skb);
1da177e4
LT		 1748 ret = 0;
1749 if (!sock_owned_by_user(sk)) {
e7942d06 1750 ret = tcp_v6_do_rcv(sk, skb);
8b27dae5 1751 } else {
7a26dc9e 1752 if (tcp_add_backlog(sk, skb, &drop_reason))
8b27dae5 1753 goto discard_and_relse;
6b03a53a 1754 }
1da177e4 1755 bh_unlock_sock(sk);
e994b2f0 1756put_and_return:
3b24d854
ED		 1757 if (refcounted)
1758 sock_put(sk);
1da177e4
LT		 1759 return ret ? -1 : 0;
1760
1761no_tcp_socket:
c0e3154d 1762 drop_reason = SKB_DROP_REASON_NO_SOCKET;
1da177e4
LT		 1763 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1764 goto discard_it;
1765
2dc49d16
ND		 1766 tcp_v6_fill_cb(skb, hdr, th);
1767
12e25e10 1768 if (tcp_checksum_complete(skb)) {
6a5dc9e5 1769csum_error:
c0e3154d 1770 drop_reason = SKB_DROP_REASON_TCP_CSUM;
709c0314 1771 trace_tcp_bad_csum(skb);
90bbcc60 1772 __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS);
1da177e4 1773bad_packet:
90bbcc60 1774 __TCP_INC_STATS(net, TCP_MIB_INERRS);
1da177e4 1775 } else {
cfb6eeb4 1776 tcp_v6_send_reset(NULL, skb);
1da177e4
LT		 1777 }
1778
1779discard_it:
dc776924 1780 SKB_DR_OR(drop_reason, NOT_SPECIFIED);
c0e3154d 1781 kfree_skb_reason(skb, drop_reason);
1da177e4
LT		 1782 return 0;
1783
1784discard_and_relse:
532182cd 1785 sk_drops_add(sk, skb);
3b24d854
ED		 1786 if (refcounted)
1787 sock_put(sk);
1da177e4
LT		 1788 goto discard_it;
1789
1790do_time_wait:
1791 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
c0e3154d 1792 drop_reason = SKB_DROP_REASON_XFRM_POLICY;
9469c7b4 1793 inet_twsk_put(inet_twsk(sk));
1da177e4
LT		 1794 goto discard_it;
1795 }
1796
2dc49d16
ND		 1797 tcp_v6_fill_cb(skb, hdr, th);
1798
6a5dc9e5
ED		 1799 if (tcp_checksum_complete(skb)) {
1800 inet_twsk_put(inet_twsk(sk));
1801 goto csum_error;
1da177e4
LT		 1802 }
1803
9469c7b4 1804 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1da177e4
LT		 1805 case TCP_TW_SYN:
1806 {
1807 struct sock *sk2;
1808
4461568a 1809 sk2 = inet6_lookup_listener(net, net->ipv4.tcp_death_row.hashinfo,
a583636a 1810 skb, __tcp_hdrlen(th),
5ba24953 1811 &ipv6_hdr(skb)->saddr, th->source,
0660e03f 1812 &ipv6_hdr(skb)->daddr,
24b711ed
DA		 1813 ntohs(th->dest),
1814 tcp_v6_iif_l3_slave(skb),
4297a0ef 1815 sdif);
53b24b8f 1816 if (sk2) {
295ff7ed 1817 struct inet_timewait_sock *tw = inet_twsk(sk);
dbe7faa4 1818 inet_twsk_deschedule_put(tw);
1da177e4 1819 sk = sk2;
4ad19de8 1820 tcp_v6_restore_cb(skb);
3b24d854 1821 refcounted = false;
1da177e4
LT		 1822 goto process;
1823 }
1da177e4 1824 }
275757e6 1825 /* to ACK */
a8eceea8 1826 fallthrough;
1da177e4
LT		 1827 case TCP_TW_ACK:
1828 tcp_v6_timewait_ack(sk, skb);
1829 break;
1830 case TCP_TW_RST:
271c3b9b
FW		 1831 tcp_v6_send_reset(sk, skb);
1832 inet_twsk_deschedule_put(inet_twsk(sk));
1833 goto discard_it;
4aa956d8
WY		 1834 case TCP_TW_SUCCESS:
1835 ;
1da177e4
LT		 1836 }
1837 goto discard_it;
1838}
1839
11052589 1840void tcp_v6_early_demux(struct sk_buff *skb)
c7109986 1841{
4461568a 1842 struct net *net = dev_net(skb->dev);
c7109986
ED		 1843 const struct ipv6hdr *hdr;
1844 const struct tcphdr *th;
1845 struct sock *sk;
1846
1847 if (skb->pkt_type != PACKET_HOST)
1848 return;
1849
1850 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1851 return;
1852
1853 hdr = ipv6_hdr(skb);
1854 th = tcp_hdr(skb);
1855
1856 if (th->doff < sizeof(struct tcphdr) / 4)
1857 return;
1858
870c3151 1859 /* Note : We use inet6_iif() here, not tcp_v6_iif() */
4461568a 1860 sk = __inet6_lookup_established(net, net->ipv4.tcp_death_row.hashinfo,
c7109986
ED		 1861 &hdr->saddr, th->source,
1862 &hdr->daddr, ntohs(th->dest),
4297a0ef 1863 inet6_iif(skb), inet6_sdif(skb));
c7109986
ED		 1864 if (sk) {
1865 skb->sk = sk;
1866 skb->destructor = sock_edemux;
f7e4eb03 1867 if (sk_fullsock(sk)) {
8f905c0e 1868 struct dst_entry *dst = rcu_dereference(sk->sk_rx_dst);
f3f12135 1869
c7109986 1870 if (dst)
ef57c161 1871 dst = dst_check(dst, sk->sk_rx_dst_cookie);
c7109986 1872 if (dst &&
0c0a5ef8 1873 sk->sk_rx_dst_ifindex == skb->skb_iif)
c7109986
ED		 1874 skb_dst_set_noref(skb, dst);
1875 }
1876 }
1877}
1878
ccb7c410
DM		 1879static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1880 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
1881 .twsk_unique = tcp_twsk_unique,
4aa956d8 1882 .twsk_destructor = tcp_twsk_destructor,
ccb7c410
DM		 1883};
1884
dd2e0b86
ED		 1885INDIRECT_CALLABLE_SCOPE void tcp_v6_send_check(struct sock *sk, struct sk_buff *skb)
1886{
37354402 1887 __tcp_v6_send_check(skb, &sk->sk_v6_rcv_saddr, &sk->sk_v6_daddr);
dd2e0b86
ED		 1888}
1889
35b2c321 1890const struct inet_connection_sock_af_ops ipv6_specific = {
543d9cfe
ACM		 1891 .queue_xmit = inet6_csk_xmit,
1892 .send_check = tcp_v6_send_check,
1893 .rebuild_header = inet6_sk_rebuild_header,
5d299f3d 1894 .sk_rx_dst_set = inet6_sk_rx_dst_set,
543d9cfe
ACM		 1895 .conn_request = tcp_v6_conn_request,
1896 .syn_recv_sock = tcp_v6_syn_recv_sock,
543d9cfe 1897 .net_header_len = sizeof(struct ipv6hdr),
67469601 1898 .net_frag_header_len = sizeof(struct frag_hdr),
543d9cfe
ACM		 1899 .setsockopt = ipv6_setsockopt,
1900 .getsockopt = ipv6_getsockopt,
1901 .addr2sockaddr = inet6_csk_addr2sockaddr,
1902 .sockaddr_len = sizeof(struct sockaddr_in6),
4fab9071 1903 .mtu_reduced = tcp_v6_mtu_reduced,
1da177e4
LT		 1904};
1905
cfb6eeb4 1906#ifdef CONFIG_TCP_MD5SIG
b2e4b3de 1907static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
cfb6eeb4 1908 .md5_lookup = tcp_v6_md5_lookup,
49a72dfb 1909 .calc_md5_hash = tcp_v6_md5_hash_skb,
cfb6eeb4 1910 .md5_parse = tcp_v6_parse_md5_keys,
cfb6eeb4 1911};
a928630a 1912#endif
cfb6eeb4 1913
1da177e4
LT		 1914/*
1915 * TCP over IPv4 via INET6 API
1916 */
3b401a81 1917static const struct inet_connection_sock_af_ops ipv6_mapped = {
543d9cfe
ACM		 1918 .queue_xmit = ip_queue_xmit,
1919 .send_check = tcp_v4_send_check,
1920 .rebuild_header = inet_sk_rebuild_header,
63d02d15 1921 .sk_rx_dst_set = inet_sk_rx_dst_set,
543d9cfe
ACM		 1922 .conn_request = tcp_v6_conn_request,
1923 .syn_recv_sock = tcp_v6_syn_recv_sock,
543d9cfe
ACM		 1924 .net_header_len = sizeof(struct iphdr),
1925 .setsockopt = ipv6_setsockopt,
1926 .getsockopt = ipv6_getsockopt,
1927 .addr2sockaddr = inet6_csk_addr2sockaddr,
1928 .sockaddr_len = sizeof(struct sockaddr_in6),
4fab9071 1929 .mtu_reduced = tcp_v4_mtu_reduced,
1da177e4
LT		 1930};
1931
cfb6eeb4 1932#ifdef CONFIG_TCP_MD5SIG
b2e4b3de 1933static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
cfb6eeb4 1934 .md5_lookup = tcp_v4_md5_lookup,
49a72dfb 1935 .calc_md5_hash = tcp_v4_md5_hash_skb,
cfb6eeb4 1936 .md5_parse = tcp_v6_parse_md5_keys,
cfb6eeb4 1937};
a928630a 1938#endif
cfb6eeb4 1939
1da177e4
LT		 1940/* NOTE: A lot of things set to zero explicitly by call to
1941 * sk_alloc() so need not be done here.
1942 */
1943static int tcp_v6_init_sock(struct sock *sk)
1944{
6687e988 1945 struct inet_connection_sock *icsk = inet_csk(sk);
1da177e4 1946
900f65d3 1947 tcp_init_sock(sk);
1da177e4 1948
8292a17a 1949 icsk->icsk_af_ops = &ipv6_specific;
1da177e4 1950
cfb6eeb4 1951#ifdef CONFIG_TCP_MD5SIG
ac807fa8 1952 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
cfb6eeb4
YH		 1953#endif
1954
1da177e4
LT		 1955 return 0;
1956}
1957
952a10be 1958#ifdef CONFIG_PROC_FS
1da177e4 1959/* Proc filesystem TCPv6 sock list dumping. */
1ab1457c 1960static void get_openreq6(struct seq_file *seq,
aa3a0c8c 1961 const struct request_sock *req, int i)
1da177e4 1962{
fa76ce73 1963 long ttd = req->rsk_timer.expires - jiffies;
634fb979
ED		 1964 const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
1965 const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
1da177e4
LT		 1966
1967 if (ttd < 0)
1968 ttd = 0;
1969
1da177e4
LT		 1970 seq_printf(seq,
1971 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
d14c5ab6 1972 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
1da177e4
LT		 1973 i,
1974 src->s6_addr32[0], src->s6_addr32[1],
1975 src->s6_addr32[2], src->s6_addr32[3],
b44084c2 1976 inet_rsk(req)->ir_num,
1da177e4
LT		 1977 dest->s6_addr32[0], dest->s6_addr32[1],
1978 dest->s6_addr32[2], dest->s6_addr32[3],
634fb979 1979 ntohs(inet_rsk(req)->ir_rmt_port),
1da177e4 1980 TCP_SYN_RECV,
4c99aa40 1981 0, 0, /* could print option size, but that is af dependent. */
1ab1457c
YH		 1982 1, /* timers active (only the expire timer) */
1983 jiffies_to_clock_t(ttd),
e6c022a4 1984 req->num_timeout,
aa3a0c8c
ED		 1985 from_kuid_munged(seq_user_ns(seq),
1986 sock_i_uid(req->rsk_listener)),
1ab1457c 1987 0, /* non standard timer */
1da177e4
LT		 1988 0, /* open_requests have no inode */
1989 0, req);
1990}
1991
1992static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1993{
b71d1d42 1994 const struct in6_addr *dest, *src;
1da177e4
LT		 1995 __u16 destp, srcp;
1996 int timer_active;
1997 unsigned long timer_expires;
cf533ea5
ED		 1998 const struct inet_sock *inet = inet_sk(sp);
1999 const struct tcp_sock *tp = tcp_sk(sp);
463c84b9 2000 const struct inet_connection_sock *icsk = inet_csk(sp);
0536fcc0 2001 const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq;
00fd38d9
ED		 2002 int rx_queue;
2003 int state;
1da177e4 2004
efe4208f
ED		 2005 dest = &sp->sk_v6_daddr;
2006 src = &sp->sk_v6_rcv_saddr;
c720c7e8
ED		 2007 destp = ntohs(inet->inet_dport);
2008 srcp = ntohs(inet->inet_sport);
463c84b9 2009
ce3cf4ec 2010 if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
57dde7f7 2011 icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT ||
ce3cf4ec 2012 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
1da177e4 2013 timer_active = 1;
463c84b9
ACM		 2014 timer_expires = icsk->icsk_timeout;
2015 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1da177e4 2016 timer_active = 4;
463c84b9 2017 timer_expires = icsk->icsk_timeout;
1da177e4
LT		 2018 } else if (timer_pending(&sp->sk_timer)) {
2019 timer_active = 2;
2020 timer_expires = sp->sk_timer.expires;
2021 } else {
2022 timer_active = 0;
2023 timer_expires = jiffies;
2024 }
2025
986ffdfd 2026 state = inet_sk_state_load(sp);
00fd38d9 2027 if (state == TCP_LISTEN)
288efe86 2028 rx_queue = READ_ONCE(sp->sk_ack_backlog);
00fd38d9
ED		 2029 else
2030 /* Because we don't lock the socket,
2031 * we might find a transient negative value.
2032 */
dba7d9b8 2033 rx_queue = max_t(int, READ_ONCE(tp->rcv_nxt) -
7db48e98 2034 READ_ONCE(tp->copied_seq), 0);
00fd38d9 2035
1da177e4
LT		 2036 seq_printf(seq,
2037 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
d14c5ab6 2038 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
1da177e4
LT		 2039 i,
2040 src->s6_addr32[0], src->s6_addr32[1],
2041 src->s6_addr32[2], src->s6_addr32[3], srcp,
2042 dest->s6_addr32[0], dest->s6_addr32[1],
2043 dest->s6_addr32[2], dest->s6_addr32[3], destp,
00fd38d9 2044 state,
0f317464 2045 READ_ONCE(tp->write_seq) - tp->snd_una,
00fd38d9 2046 rx_queue,
1da177e4 2047 timer_active,
a399a805 2048 jiffies_delta_to_clock_t(timer_expires - jiffies),
463c84b9 2049 icsk->icsk_retransmits,
a7cb5a49 2050 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
6687e988 2051 icsk->icsk_probes_out,
1da177e4 2052 sock_i_ino(sp),
41c6d650 2053 refcount_read(&sp->sk_refcnt), sp,
7be87351
SH		 2054 jiffies_to_clock_t(icsk->icsk_rto),
2055 jiffies_to_clock_t(icsk->icsk_ack.ato),
31954cd8 2056 (icsk->icsk_ack.quick << 1) | inet_csk_in_pingpong_mode(sp),
40570375 2057 tcp_snd_cwnd(tp),
00fd38d9 2058 state == TCP_LISTEN ?
0536fcc0 2059 fastopenq->max_qlen :
0a672f74 2060 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
1da177e4
LT		 2061 );
2062}
2063
1ab1457c 2064static void get_timewait6_sock(struct seq_file *seq,
8feaf0c0 2065 struct inet_timewait_sock *tw, int i)
1da177e4 2066{
789f558c 2067 long delta = tw->tw_timer.expires - jiffies;
b71d1d42 2068 const struct in6_addr *dest, *src;
1da177e4 2069 __u16 destp, srcp;
1da177e4 2070
efe4208f
ED		 2071 dest = &tw->tw_v6_daddr;
2072 src = &tw->tw_v6_rcv_saddr;
1da177e4
LT		 2073 destp = ntohs(tw->tw_dport);
2074 srcp = ntohs(tw->tw_sport);
2075
2076 seq_printf(seq,
2077 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
71338aa7 2078 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1da177e4
LT		 2079 i,
2080 src->s6_addr32[0], src->s6_addr32[1],
2081 src->s6_addr32[2], src->s6_addr32[3], srcp,
2082 dest->s6_addr32[0], dest->s6_addr32[1],
2083 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2084 tw->tw_substate, 0, 0,
a399a805 2085 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
41c6d650 2086 refcount_read(&tw->tw_refcnt), tw);
1da177e4
LT		 2087}
2088
1da177e4
LT		 2089static int tcp6_seq_show(struct seq_file *seq, void *v)
2090{
2091 struct tcp_iter_state *st;
05dbc7b5 2092 struct sock *sk = v;
1da177e4
LT		 2093
2094 if (v == SEQ_START_TOKEN) {
2095 seq_puts(seq,
2096 " sl "
2097 "local_address "
2098 "remote_address "
2099 "st tx_queue rx_queue tr tm->when retrnsmt"
2100 " uid timeout inode\n");
2101 goto out;
2102 }
2103 st = seq->private;
2104
079096f1
ED		 2105 if (sk->sk_state == TCP_TIME_WAIT)
2106 get_timewait6_sock(seq, v, st->num);
2107 else if (sk->sk_state == TCP_NEW_SYN_RECV)
aa3a0c8c 2108 get_openreq6(seq, v, st->num);
079096f1
ED		 2109 else
2110 get_tcp6_sock(seq, v, st->num);
1da177e4
LT		 2111out:
2112 return 0;
2113}
2114
37d849bb
CH		 2115static const struct seq_operations tcp6_seq_ops = {
2116 .show = tcp6_seq_show,
2117 .start = tcp_seq_start,
2118 .next = tcp_seq_next,
2119 .stop = tcp_seq_stop,
2120};
2121
1da177e4 2122static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1da177e4 2123 .family = AF_INET6,
1da177e4
LT		 2124};
2125
2c8c1e72 2126int __net_init tcp6_proc_init(struct net *net)
1da177e4 2127{
c3506372
CH		 2128 if (!proc_create_net_data("tcp6", 0444, net->proc_net, &tcp6_seq_ops,
2129 sizeof(struct tcp_iter_state), &tcp6_seq_afinfo))
37d849bb
CH		 2130 return -ENOMEM;
2131 return 0;
1da177e4
LT		 2132}
2133
6f8b13bc 2134void tcp6_proc_exit(struct net *net)
1da177e4 2135{
37d849bb 2136 remove_proc_entry("tcp6", net->proc_net);
1da177e4
LT		 2137}
2138#endif
2139
2140struct proto tcpv6_prot = {
2141 .name = "TCPv6",
2142 .owner = THIS_MODULE,
2143 .close = tcp_close,
d74bad4e 2144 .pre_connect = tcp_v6_pre_connect,
1da177e4
LT		 2145 .connect = tcp_v6_connect,
2146 .disconnect = tcp_disconnect,
463c84b9 2147 .accept = inet_csk_accept,
1da177e4
LT		 2148 .ioctl = tcp_ioctl,
2149 .init = tcp_v6_init_sock,
b5fc2923 2150 .destroy = tcp_v4_destroy_sock,
1da177e4
LT		 2151 .shutdown = tcp_shutdown,
2152 .setsockopt = tcp_setsockopt,
2153 .getsockopt = tcp_getsockopt,
9cacf81f 2154 .bpf_bypass_getsockopt = tcp_bpf_bypass_getsockopt,
4b9d07a4 2155 .keepalive = tcp_set_keepalive,
1da177e4 2156 .recvmsg = tcp_recvmsg,
7ba42910 2157 .sendmsg = tcp_sendmsg,
1d7e4538 2158 .splice_eof = tcp_splice_eof,
1da177e4 2159 .backlog_rcv = tcp_v6_do_rcv,
46d3ceab 2160 .release_cb = tcp_release_cb,
496611d7 2161 .hash = inet6_hash,
ab1e0a13
ACM		 2162 .unhash = inet_unhash,
2163 .get_port = inet_csk_get_port,
91a760b2 2164 .put_port = inet_put_port,
8a59f9d1
CW		 2165#ifdef CONFIG_BPF_SYSCALL
2166 .psock_update_sk_prot = tcp_bpf_update_proto,
2167#endif
1da177e4 2168 .enter_memory_pressure = tcp_enter_memory_pressure,
06044751 2169 .leave_memory_pressure = tcp_leave_memory_pressure,
c9bee3b7 2170 .stream_memory_free = tcp_stream_memory_free,
1da177e4 2171 .sockets_allocated = &tcp_sockets_allocated,
0defbb0a 2172
1da177e4 2173 .memory_allocated = &tcp_memory_allocated,
0defbb0a
ED		 2174 .per_cpu_fw_alloc = &tcp_memory_per_cpu_fw_alloc,
2175
1da177e4 2176 .memory_pressure = &tcp_memory_pressure,
0a5578cf 2177 .orphan_count = &tcp_orphan_count,
a4fe34bf 2178 .sysctl_mem = sysctl_tcp_mem,
356d1833
ED		 2179 .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_tcp_wmem),
2180 .sysctl_rmem_offset = offsetof(struct net, ipv4.sysctl_tcp_rmem),
1da177e4
LT		 2181 .max_header = MAX_TCP_HEADER,
2182 .obj_size = sizeof(struct tcp6_sock),
f5f80e32 2183 .ipv6_pinfo_offset = offsetof(struct tcp6_sock, inet6),
5f0d5a3a 2184 .slab_flags = SLAB_TYPESAFE_BY_RCU,
6d6ee43e 2185 .twsk_prot = &tcp6_timewait_sock_ops,
60236fdd 2186 .rsk_prot = &tcp6_request_sock_ops,
429e42c1 2187 .h.hashinfo = NULL,
7ba42910 2188 .no_autobind = true,
c1e64e29 2189 .diag_destroy = tcp_abort,
1da177e4 2190};
6abde0b2 2191EXPORT_SYMBOL_GPL(tcpv6_prot);
1da177e4 2192
11052589 2193static const struct inet6_protocol tcpv6_protocol = {
1da177e4
LT		 2194 .handler = tcp_v6_rcv,
2195 .err_handler = tcp_v6_err,
2196 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2197};
2198
1da177e4
LT		 2199static struct inet_protosw tcpv6_protosw = {
2200 .type = SOCK_STREAM,
2201 .protocol = IPPROTO_TCP,
2202 .prot = &tcpv6_prot,
2203 .ops = &inet6_stream_ops,
d83d8461
ACM		 2204 .flags = INET_PROTOSW_PERMANENT |
2205 INET_PROTOSW_ICSK,
1da177e4
LT		 2206};
2207
2c8c1e72 2208static int __net_init tcpv6_net_init(struct net *net)
93ec926b 2209{
5677242f
DL		 2210 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2211 SOCK_RAW, IPPROTO_TCP, net);
93ec926b
DL		 2212}
2213
2c8c1e72 2214static void __net_exit tcpv6_net_exit(struct net *net)
93ec926b 2215{
5677242f 2216 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
b099ce26
EB		 2217}
2218
04c494e6
ED		 2219static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
2220{
edc12f03 2221 tcp_twsk_purge(net_exit_list, AF_INET6);
04c494e6
ED		 2222}
2223
93ec926b 2224static struct pernet_operations tcpv6_net_ops = {
b099ce26
EB		 2225 .init = tcpv6_net_init,
2226 .exit = tcpv6_net_exit,
04c494e6 2227 .exit_batch = tcpv6_net_exit_batch,
93ec926b
DL		 2228};
2229
7f4e4868 2230int __init tcpv6_init(void)
1da177e4 2231{
7f4e4868
DL		 2232 int ret;
2233
3336288a
VY		 2234 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2235 if (ret)
c6b641a4 2236 goto out;
3336288a 2237
1da177e4 2238 /* register inet6 protocol */
7f4e4868
DL		 2239 ret = inet6_register_protosw(&tcpv6_protosw);
2240 if (ret)
2241 goto out_tcpv6_protocol;
2242
93ec926b 2243 ret = register_pernet_subsys(&tcpv6_net_ops);
7f4e4868
DL		 2244 if (ret)
2245 goto out_tcpv6_protosw;
f870fa0b
MM		 2246
2247 ret = mptcpv6_init();
2248 if (ret)
2249 goto out_tcpv6_pernet_subsys;
2250
7f4e4868
DL		 2251out:
2252 return ret;
ae0f7d5f 2253
f870fa0b
MM		 2254out_tcpv6_pernet_subsys:
2255 unregister_pernet_subsys(&tcpv6_net_ops);
7f4e4868
DL		 2256out_tcpv6_protosw:
2257 inet6_unregister_protosw(&tcpv6_protosw);
3336288a
VY		 2258out_tcpv6_protocol:
2259 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
7f4e4868
DL		 2260 goto out;
2261}
2262
09f7709f 2263void tcpv6_exit(void)
7f4e4868 2264{
93ec926b 2265 unregister_pernet_subsys(&tcpv6_net_ops);
7f4e4868
DL		 2266 inet6_unregister_protosw(&tcpv6_protosw);
2267 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
1da177e4 2268}
Linux 6.x block layer and io_uring tree(s)