projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
sock: Introduce sk->sk_prot->psock_update_sk_prot()
[linux-2.6-block.git] / net / ipv6 / tcp_ipv6.c
CommitLineData
2874c5fd 1// SPDX-License-Identifier: GPL-2.0-or-later
1da177e4
LT		 2/*
3 * TCP over IPv6
1ab1457c 4 * Linux INET6 implementation
1da177e4
LT		 5 *
6 * Authors:
1ab1457c 7 * Pedro Roque <roque@di.fc.ul.pt>
1da177e4 8 *
1ab1457c 9 * Based on:
1da177e4
LT		 10 * linux/net/ipv4/tcp.c
11 * linux/net/ipv4/tcp_input.c
12 * linux/net/ipv4/tcp_output.c
13 *
14 * Fixes:
15 * Hideaki YOSHIFUJI : sin6_scope_id support
16 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
17 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
18 * a single port at the same time.
19 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
1da177e4
LT		 20 */
21
eb4dea58 22#include <linux/bottom_half.h>
1da177e4 23#include <linux/module.h>
1da177e4
LT		 24#include <linux/errno.h>
25#include <linux/types.h>
26#include <linux/socket.h>
27#include <linux/sockios.h>
28#include <linux/net.h>
29#include <linux/jiffies.h>
30#include <linux/in.h>
31#include <linux/in6.h>
32#include <linux/netdevice.h>
33#include <linux/init.h>
34#include <linux/jhash.h>
35#include <linux/ipsec.h>
36#include <linux/times.h>
5a0e3ad6 37#include <linux/slab.h>
4aa956d8 38#include <linux/uaccess.h>
1da177e4
LT		 39#include <linux/ipv6.h>
40#include <linux/icmpv6.h>
41#include <linux/random.h>
0e219ae4 42#include <linux/indirect_call_wrapper.h>
1da177e4
LT		 43
44#include <net/tcp.h>
45#include <net/ndisc.h>
5324a040 46#include <net/inet6_hashtables.h>
8129765a 47#include <net/inet6_connection_sock.h>
1da177e4
LT		 48#include <net/ipv6.h>
49#include <net/transp_v6.h>
50#include <net/addrconf.h>
51#include <net/ip6_route.h>
52#include <net/ip6_checksum.h>
53#include <net/inet_ecn.h>
54#include <net/protocol.h>
55#include <net/xfrm.h>
1da177e4
LT		 56#include <net/snmp.h>
57#include <net/dsfield.h>
6d6ee43e 58#include <net/timewait_sock.h>
3d58b5fa 59#include <net/inet_common.h>
6e5714ea 60#include <net/secure_seq.h>
076bb0c8 61#include <net/busy_poll.h>
1da177e4 62
1da177e4
LT		 63#include <linux/proc_fs.h>
64#include <linux/seq_file.h>
65
cf80e0e4 66#include <crypto/hash.h>
cfb6eeb4
YH		 67#include <linux/scatterlist.h>
68
c24b14c4
SL		 69#include <trace/events/tcp.h>
70
a00e7444
ED		 71static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb);
72static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
6edafaaf 73 struct request_sock *req);
1da177e4
LT		 74
75static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
1da177e4 76
3b401a81 77static const struct inet_connection_sock_af_ops ipv6_mapped;
35b2c321 78const struct inet_connection_sock_af_ops ipv6_specific;
a928630a 79#ifdef CONFIG_TCP_MD5SIG
b2e4b3de
SH		 80static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
81static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
9501f972 82#else
51723935 83static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
dea53bb8
DA		 84 const struct in6_addr *addr,
85 int l3index)
9501f972
YH		 86{
87 return NULL;
88}
a928630a 89#endif
1da177e4 90
93a77c11
ED		 91/* Helper returning the inet6 address from a given tcp socket.
92 * It can be used in TCP stack instead of inet6_sk(sk).
93 * This avoids a dereference and allow compiler optimizations.
f5d54767 94 * It is a specialized version of inet6_sk_generic().
93a77c11
ED		 95 */
96static struct ipv6_pinfo *tcp_inet6_sk(const struct sock *sk)
97{
f5d54767 98 unsigned int offset = sizeof(struct tcp6_sock) - sizeof(struct ipv6_pinfo);
93a77c11 99
f5d54767 100 return (struct ipv6_pinfo *)(((u8 *)sk) + offset);
93a77c11
ED		 101}
102
fae6ef87
NC		 103static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
104{
105 struct dst_entry *dst = skb_dst(skb);
fae6ef87 106
5037e9ef 107 if (dst && dst_hold_safe(dst)) {
ca777eff
ED		 108 const struct rt6_info *rt = (const struct rt6_info *)dst;
109
ca777eff
ED		 110 sk->sk_rx_dst = dst;
111 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
93a77c11 112 tcp_inet6_sk(sk)->rx_dst_cookie = rt6_get_cookie(rt);
ca777eff 113 }
fae6ef87
NC		 114}
115
84b114b9 116static u32 tcp_v6_init_seq(const struct sk_buff *skb)
1da177e4 117{
84b114b9
ED		 118 return secure_tcpv6_seq(ipv6_hdr(skb)->daddr.s6_addr32,
119 ipv6_hdr(skb)->saddr.s6_addr32,
120 tcp_hdr(skb)->dest,
121 tcp_hdr(skb)->source);
122}
123
5d2ed052 124static u32 tcp_v6_init_ts_off(const struct net *net, const struct sk_buff *skb)
84b114b9 125{
5d2ed052 126 return secure_tcpv6_ts_off(net, ipv6_hdr(skb)->daddr.s6_addr32,
84b114b9 127 ipv6_hdr(skb)->saddr.s6_addr32);
1da177e4
LT		 128}
129
d74bad4e
AI		 130static int tcp_v6_pre_connect(struct sock *sk, struct sockaddr *uaddr,
131 int addr_len)
132{
133 /* This check is replicated from tcp_v6_connect() and intended to
134 * prevent BPF program called below from accessing bytes that are out
135 * of the bound specified by user in addr_len.
136 */
137 if (addr_len < SIN6_LEN_RFC2133)
138 return -EINVAL;
139
140 sock_owned_by_me(sk);
141
142 return BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr);
143}
144
1ab1457c 145static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
1da177e4
LT		 146 int addr_len)
147{
148 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
1ab1457c 149 struct inet_sock *inet = inet_sk(sk);
d83d8461 150 struct inet_connection_sock *icsk = inet_csk(sk);
93a77c11 151 struct ipv6_pinfo *np = tcp_inet6_sk(sk);
1da177e4 152 struct tcp_sock *tp = tcp_sk(sk);
20c59de2 153 struct in6_addr *saddr = NULL, *final_p, final;
45f6fad8 154 struct ipv6_txoptions *opt;
4c9483b2 155 struct flowi6 fl6;
1da177e4
LT		 156 struct dst_entry *dst;
157 int addr_type;
158 int err;
1946e672 159 struct inet_timewait_death_row *tcp_death_row = &sock_net(sk)->ipv4.tcp_death_row;
1da177e4 160
1ab1457c 161 if (addr_len < SIN6_LEN_RFC2133)
1da177e4
LT		 162 return -EINVAL;
163
1ab1457c 164 if (usin->sin6_family != AF_INET6)
a02cec21 165 return -EAFNOSUPPORT;
1da177e4 166
4c9483b2 167 memset(&fl6, 0, sizeof(fl6));
1da177e4
LT		 168
169 if (np->sndflow) {
4c9483b2
DM		 170 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
171 IP6_ECN_flow_init(fl6.flowlabel);
172 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
1da177e4 173 struct ip6_flowlabel *flowlabel;
4c9483b2 174 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
59c820b2 175 if (IS_ERR(flowlabel))
1da177e4 176 return -EINVAL;
1da177e4
LT		 177 fl6_sock_release(flowlabel);
178 }
179 }
180
181 /*
1ab1457c
YH		 182 * connect() to INADDR_ANY means loopback (BSD'ism).
183 */
184
052d2369
JL		 185 if (ipv6_addr_any(&usin->sin6_addr)) {
186 if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr))
187 ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK),
188 &usin->sin6_addr);
189 else
190 usin->sin6_addr = in6addr_loopback;
191 }
1da177e4
LT		 192
193 addr_type = ipv6_addr_type(&usin->sin6_addr);
194
4c99aa40 195 if (addr_type & IPV6_ADDR_MULTICAST)
1da177e4
LT		 196 return -ENETUNREACH;
197
198 if (addr_type&IPV6_ADDR_LINKLOCAL) {
199 if (addr_len >= sizeof(struct sockaddr_in6) &&
200 usin->sin6_scope_id) {
201 /* If interface is set while binding, indices
202 * must coincide.
203 */
54dc3e33 204 if (!sk_dev_equal_l3scope(sk, usin->sin6_scope_id))
1da177e4
LT		 205 return -EINVAL;
206
207 sk->sk_bound_dev_if = usin->sin6_scope_id;
208 }
209
210 /* Connect to link-local address requires an interface */
211 if (!sk->sk_bound_dev_if)
212 return -EINVAL;
213 }
214
215 if (tp->rx_opt.ts_recent_stamp &&
efe4208f 216 !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
1da177e4
LT		 217 tp->rx_opt.ts_recent = 0;
218 tp->rx_opt.ts_recent_stamp = 0;
0f317464 219 WRITE_ONCE(tp->write_seq, 0);
1da177e4
LT		 220 }
221
efe4208f 222 sk->sk_v6_daddr = usin->sin6_addr;
4c9483b2 223 np->flow_label = fl6.flowlabel;
1da177e4
LT		 224
225 /*
226 * TCP over IPv4
227 */
228
052d2369 229 if (addr_type & IPV6_ADDR_MAPPED) {
d83d8461 230 u32 exthdrlen = icsk->icsk_ext_hdr_len;
1da177e4
LT		 231 struct sockaddr_in sin;
232
1da177e4
LT		 233 if (__ipv6_only_sock(sk))
234 return -ENETUNREACH;
235
236 sin.sin_family = AF_INET;
237 sin.sin_port = usin->sin6_port;
238 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
239
d83d8461 240 icsk->icsk_af_ops = &ipv6_mapped;
cec37a6e 241 if (sk_is_mptcp(sk))
31484d56 242 mptcpv6_handle_mapped(sk, true);
1da177e4 243 sk->sk_backlog_rcv = tcp_v4_do_rcv;
cfb6eeb4
YH		 244#ifdef CONFIG_TCP_MD5SIG
245 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
246#endif
1da177e4
LT		 247
248 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
249
250 if (err) {
d83d8461
ACM		 251 icsk->icsk_ext_hdr_len = exthdrlen;
252 icsk->icsk_af_ops = &ipv6_specific;
cec37a6e 253 if (sk_is_mptcp(sk))
31484d56 254 mptcpv6_handle_mapped(sk, false);
1da177e4 255 sk->sk_backlog_rcv = tcp_v6_do_rcv;
cfb6eeb4
YH		 256#ifdef CONFIG_TCP_MD5SIG
257 tp->af_specific = &tcp_sock_ipv6_specific;
258#endif
1da177e4 259 goto failure;
1da177e4 260 }
d1e559d0 261 np->saddr = sk->sk_v6_rcv_saddr;
1da177e4
LT		 262
263 return err;
264 }
265
efe4208f
ED		 266 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
267 saddr = &sk->sk_v6_rcv_saddr;
1da177e4 268
4c9483b2 269 fl6.flowi6_proto = IPPROTO_TCP;
efe4208f 270 fl6.daddr = sk->sk_v6_daddr;
4e3fd7a0 271 fl6.saddr = saddr ? *saddr : np->saddr;
4c9483b2
DM		 272 fl6.flowi6_oif = sk->sk_bound_dev_if;
273 fl6.flowi6_mark = sk->sk_mark;
1958b856
DM		 274 fl6.fl6_dport = usin->sin6_port;
275 fl6.fl6_sport = inet->inet_sport;
e2d118a1 276 fl6.flowi6_uid = sk->sk_uid;
1da177e4 277
1e1d04e6 278 opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
45f6fad8 279 final_p = fl6_update_dst(&fl6, opt, &final);
1da177e4 280
3df98d79 281 security_sk_classify_flow(sk, flowi6_to_flowi_common(&fl6));
beb8d13b 282
c4e85f73 283 dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
68d0c6d3
DM		 284 if (IS_ERR(dst)) {
285 err = PTR_ERR(dst);
1da177e4 286 goto failure;
14e50e57 287 }
1da177e4 288
63159f29 289 if (!saddr) {
4c9483b2 290 saddr = &fl6.saddr;
efe4208f 291 sk->sk_v6_rcv_saddr = *saddr;
1da177e4
LT		 292 }
293
294 /* set the source address */
4e3fd7a0 295 np->saddr = *saddr;
c720c7e8 296 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
1da177e4 297
f83ef8c0 298 sk->sk_gso_type = SKB_GSO_TCPV6;
6bd4f355 299 ip6_dst_store(sk, dst, NULL, NULL);
1da177e4 300
d83d8461 301 icsk->icsk_ext_hdr_len = 0;
45f6fad8
ED		 302 if (opt)
303 icsk->icsk_ext_hdr_len = opt->opt_flen +
304 opt->opt_nflen;
1da177e4
LT		 305
306 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
307
c720c7e8 308 inet->inet_dport = usin->sin6_port;
1da177e4
LT		 309
310 tcp_set_state(sk, TCP_SYN_SENT);
1946e672 311 err = inet6_hash_connect(tcp_death_row, sk);
1da177e4
LT		 312 if (err)
313 goto late_failure;
314
877d1f62 315 sk_set_txhash(sk);
9e7ceb06 316
00355fa5 317 if (likely(!tp->repair)) {
00355fa5 318 if (!tp->write_seq)
0f317464
ED		 319 WRITE_ONCE(tp->write_seq,
320 secure_tcpv6_seq(np->saddr.s6_addr32,
321 sk->sk_v6_daddr.s6_addr32,
322 inet->inet_sport,
323 inet->inet_dport));
5d2ed052
ED		 324 tp->tsoffset = secure_tcpv6_ts_off(sock_net(sk),
325 np->saddr.s6_addr32,
84b114b9 326 sk->sk_v6_daddr.s6_addr32);
00355fa5 327 }
1da177e4 328
19f6d3f3
WW		 329 if (tcp_fastopen_defer_connect(sk, &err))
330 return err;
331 if (err)
332 goto late_failure;
333
1da177e4
LT		 334 err = tcp_connect(sk);
335 if (err)
336 goto late_failure;
337
338 return 0;
339
340late_failure:
341 tcp_set_state(sk, TCP_CLOSE);
1da177e4 342failure:
c720c7e8 343 inet->inet_dport = 0;
1da177e4
LT		 344 sk->sk_route_caps = 0;
345 return err;
346}
347
563d34d0
ED		 348static void tcp_v6_mtu_reduced(struct sock *sk)
349{
350 struct dst_entry *dst;
351
352 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
353 return;
354
355 dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info);
356 if (!dst)
357 return;
358
359 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
360 tcp_sync_mss(sk, dst_mtu(dst));
361 tcp_simple_retransmit(sk);
362 }
363}
364
32bbd879 365static int tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
d5fdd6ba 366 u8 type, u8 code, int offset, __be32 info)
1da177e4 367{
4c99aa40 368 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
505cbfc5 369 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
2215089b
ED		 370 struct net *net = dev_net(skb->dev);
371 struct request_sock *fastopen;
1da177e4 372 struct ipv6_pinfo *np;
1ab1457c 373 struct tcp_sock *tp;
0a672f74 374 __u32 seq, snd_una;
2215089b 375 struct sock *sk;
9cf74903 376 bool fatal;
2215089b 377 int err;
1da177e4 378
2215089b
ED		 379 sk = __inet6_lookup_established(net, &tcp_hashinfo,
380 &hdr->daddr, th->dest,
381 &hdr->saddr, ntohs(th->source),
4297a0ef 382 skb->dev->ifindex, inet6_sdif(skb));
1da177e4 383
2215089b 384 if (!sk) {
a16292a0
ED		 385 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev),
386 ICMP6_MIB_INERRORS);
32bbd879 387 return -ENOENT;
1da177e4
LT		 388 }
389
390 if (sk->sk_state == TCP_TIME_WAIT) {
9469c7b4 391 inet_twsk_put(inet_twsk(sk));
32bbd879 392 return 0;
1da177e4 393 }
2215089b 394 seq = ntohl(th->seq);
9cf74903 395 fatal = icmpv6_err_convert(type, code, &err);
32bbd879
SB		 396 if (sk->sk_state == TCP_NEW_SYN_RECV) {
397 tcp_req_err(sk, seq, fatal);
398 return 0;
399 }
1da177e4
LT		 400
401 bh_lock_sock(sk);
563d34d0 402 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
02a1d6e7 403 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS);
1da177e4
LT		 404
405 if (sk->sk_state == TCP_CLOSE)
406 goto out;
407
93a77c11 408 if (ipv6_hdr(skb)->hop_limit < tcp_inet6_sk(sk)->min_hopcount) {
02a1d6e7 409 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
e802af9c
SH		 410 goto out;
411 }
412
1da177e4 413 tp = tcp_sk(sk);
0a672f74 414 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
d983ea6f 415 fastopen = rcu_dereference(tp->fastopen_rsk);
0a672f74 416 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
1da177e4 417 if (sk->sk_state != TCP_LISTEN &&
0a672f74 418 !between(seq, snd_una, tp->snd_nxt)) {
02a1d6e7 419 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
1da177e4
LT		 420 goto out;
421 }
422
93a77c11 423 np = tcp_inet6_sk(sk);
1da177e4 424
ec18d9a2 425 if (type == NDISC_REDIRECT) {
45caeaa5
JM		 426 if (!sock_owned_by_user(sk)) {
427 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
ec18d9a2 428
45caeaa5
JM		 429 if (dst)
430 dst->ops->redirect(dst, sk, skb);
431 }
50a75a89 432 goto out;
ec18d9a2
DM		 433 }
434
1da177e4 435 if (type == ICMPV6_PKT_TOOBIG) {
0d4f0608
ED		 436 /* We are not interested in TCP_LISTEN and open_requests
437 * (SYN-ACKs send out by Linux are always <576bytes so
438 * they should go through unfragmented).
439 */
440 if (sk->sk_state == TCP_LISTEN)
441 goto out;
442
93b36cf3
HFS		 443 if (!ip6_sk_accept_pmtu(sk))
444 goto out;
445
563d34d0
ED		 446 tp->mtu_info = ntohl(info);
447 if (!sock_owned_by_user(sk))
448 tcp_v6_mtu_reduced(sk);
d013ef2a 449 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
7aa5470c 450 &sk->sk_tsq_flags))
d013ef2a 451 sock_hold(sk);
1da177e4
LT		 452 goto out;
453 }
454
1da177e4 455
60236fdd 456 /* Might be for an request_sock */
1da177e4 457 switch (sk->sk_state) {
1da177e4 458 case TCP_SYN_SENT:
0a672f74
YC		 459 case TCP_SYN_RECV:
460 /* Only in fast or simultaneous open. If a fast open socket is
634a63e7 461 * already accepted it is treated as a connected one below.
0a672f74 462 */
63159f29 463 if (fastopen && !fastopen->sk)
0a672f74
YC		 464 break;
465
45af29ca
ED		 466 ipv6_icmp_error(sk, skb, err, th->dest, ntohl(info), (u8 *)th);
467
1da177e4 468 if (!sock_owned_by_user(sk)) {
1da177e4
LT		 469 sk->sk_err = err;
470 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
471
472 tcp_done(sk);
473 } else
474 sk->sk_err_soft = err;
475 goto out;
d2924569
ED		 476 case TCP_LISTEN:
477 break;
478 default:
479 /* check if this ICMP message allows revert of backoff.
480 * (see RFC 6069)
481 */
482 if (!fastopen && type == ICMPV6_DEST_UNREACH &&
483 code == ICMPV6_NOROUTE)
484 tcp_ld_RTO_revert(sk, seq);
1da177e4
LT		 485 }
486
487 if (!sock_owned_by_user(sk) && np->recverr) {
488 sk->sk_err = err;
489 sk->sk_error_report(sk);
490 } else
491 sk->sk_err_soft = err;
492
493out:
494 bh_unlock_sock(sk);
495 sock_put(sk);
32bbd879 496 return 0;
1da177e4
LT		 497}
498
499
0f935dbe 500static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst,
d6274bd8 501 struct flowi *fl,
3840a06e 502 struct request_sock *req,
ca6fb065 503 struct tcp_fastopen_cookie *foc,
331fca43
MKL		 504 enum tcp_synack_type synack_type,
505 struct sk_buff *syn_skb)
1da177e4 506{
634fb979 507 struct inet_request_sock *ireq = inet_rsk(req);
93a77c11 508 struct ipv6_pinfo *np = tcp_inet6_sk(sk);
56ac42bc 509 struct ipv6_txoptions *opt;
d6274bd8 510 struct flowi6 *fl6 = &fl->u.ip6;
4c99aa40 511 struct sk_buff *skb;
9494218f 512 int err = -ENOMEM;
ac8f1710 513 u8 tclass;
1da177e4 514
9f10d3f6 515 /* First, grab a route. */
f76b33c3
ED		 516 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req,
517 IPPROTO_TCP)) == NULL)
fd80eb94 518 goto done;
9494218f 519
331fca43 520 skb = tcp_make_synack(sk, dst, req, foc, synack_type, syn_skb);
9494218f 521
1da177e4 522 if (skb) {
634fb979
ED		 523 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
524 &ireq->ir_v6_rmt_addr);
1da177e4 525
634fb979 526 fl6->daddr = ireq->ir_v6_rmt_addr;
53b24b8f 527 if (np->repflow && ireq->pktopts)
df3687ff
FF		 528 fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
529
ac8f1710 530 tclass = sock_net(sk)->ipv4.sysctl_tcp_reflect_tos ?
8ef44b6f
WW		 531 (tcp_rsk(req)->syn_tos & ~INET_ECN_MASK) |
532 (np->tclass & INET_ECN_MASK) :
861602b5 533 np->tclass;
407c85c7
AD		 534
535 if (!INET_ECN_is_capable(tclass) &&
536 tcp_bpf_ca_needs_ecn((struct sock *)req))
537 tclass |= INET_ECN_ECT_0;
538
539 rcu_read_lock();
540 opt = ireq->ipv6_opt;
56ac42bc
HD		 541 if (!opt)
542 opt = rcu_dereference(np->opt);
ac8f1710 543 err = ip6_xmit(sk, skb, fl6, sk->sk_mark, opt,
861602b5 544 tclass, sk->sk_priority);
3e4006f0 545 rcu_read_unlock();
b9df3cb8 546 err = net_xmit_eval(err);
1da177e4
LT		 547 }
548
549done:
1da177e4
LT		 550 return err;
551}
552
72659ecc 553
60236fdd 554static void tcp_v6_reqsk_destructor(struct request_sock *req)
1da177e4 555{
56ac42bc 556 kfree(inet_rsk(req)->ipv6_opt);
634fb979 557 kfree_skb(inet_rsk(req)->pktopts);
1da177e4
LT		 558}
559
cfb6eeb4 560#ifdef CONFIG_TCP_MD5SIG
b83e3deb 561static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
dea53bb8
DA		 562 const struct in6_addr *addr,
563 int l3index)
cfb6eeb4 564{
dea53bb8
DA		 565 return tcp_md5_do_lookup(sk, l3index,
566 (union tcp_md5_addr *)addr, AF_INET6);
cfb6eeb4
YH		 567}
568
b83e3deb 569static struct tcp_md5sig_key *tcp_v6_md5_lookup(const struct sock *sk,
fd3a154a 570 const struct sock *addr_sk)
cfb6eeb4 571{
dea53bb8
DA		 572 int l3index;
573
574 l3index = l3mdev_master_ifindex_by_index(sock_net(sk),
575 addr_sk->sk_bound_dev_if);
576 return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr,
577 l3index);
cfb6eeb4
YH		 578}
579
8917a777 580static int tcp_v6_parse_md5_keys(struct sock *sk, int optname,
d4c19c49 581 sockptr_t optval, int optlen)
cfb6eeb4
YH		 582{
583 struct tcp_md5sig cmd;
584 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
dea53bb8 585 int l3index = 0;
8917a777 586 u8 prefixlen;
cfb6eeb4
YH		 587
588 if (optlen < sizeof(cmd))
589 return -EINVAL;
590
d4c19c49 591 if (copy_from_sockptr(&cmd, optval, sizeof(cmd)))
cfb6eeb4
YH		 592 return -EFAULT;
593
594 if (sin6->sin6_family != AF_INET6)
595 return -EINVAL;
596
8917a777
ID		 597 if (optname == TCP_MD5SIG_EXT &&
598 cmd.tcpm_flags & TCP_MD5SIG_FLAG_PREFIX) {
599 prefixlen = cmd.tcpm_prefixlen;
600 if (prefixlen > 128 || (ipv6_addr_v4mapped(&sin6->sin6_addr) &&
601 prefixlen > 32))
602 return -EINVAL;
603 } else {
604 prefixlen = ipv6_addr_v4mapped(&sin6->sin6_addr) ? 32 : 128;
605 }
606
6b102db5
DA		 607 if (optname == TCP_MD5SIG_EXT &&
608 cmd.tcpm_flags & TCP_MD5SIG_FLAG_IFINDEX) {
609 struct net_device *dev;
610
611 rcu_read_lock();
612 dev = dev_get_by_index_rcu(sock_net(sk), cmd.tcpm_ifindex);
613 if (dev && netif_is_l3_master(dev))
614 l3index = dev->ifindex;
615 rcu_read_unlock();
616
617 /* ok to reference set/not set outside of rcu;
618 * right now device MUST be an L3 master
619 */
620 if (!dev || !l3index)
621 return -EINVAL;
622 }
623
cfb6eeb4 624 if (!cmd.tcpm_keylen) {
e773e4fa 625 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
a915da9b 626 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
6b102db5
DA		 627 AF_INET, prefixlen,
628 l3index);
a915da9b 629 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
dea53bb8 630 AF_INET6, prefixlen, l3index);
cfb6eeb4
YH		 631 }
632
633 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
634 return -EINVAL;
635
a915da9b
ED		 636 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
637 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
dea53bb8
DA		 638 AF_INET, prefixlen, l3index,
639 cmd.tcpm_key, cmd.tcpm_keylen,
640 GFP_KERNEL);
cfb6eeb4 641
a915da9b 642 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
dea53bb8
DA		 643 AF_INET6, prefixlen, l3index,
644 cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
cfb6eeb4
YH		 645}
646
19689e38
ED		 647static int tcp_v6_md5_hash_headers(struct tcp_md5sig_pool *hp,
648 const struct in6_addr *daddr,
649 const struct in6_addr *saddr,
650 const struct tcphdr *th, int nbytes)
cfb6eeb4 651{
cfb6eeb4 652 struct tcp6_pseudohdr *bp;
49a72dfb 653 struct scatterlist sg;
19689e38 654 struct tcphdr *_th;
8d26d76d 655
19689e38 656 bp = hp->scratch;
cfb6eeb4 657 /* 1. TCP pseudo-header (RFC2460) */
4e3fd7a0
AD		 658 bp->saddr = *saddr;
659 bp->daddr = *daddr;
49a72dfb 660 bp->protocol = cpu_to_be32(IPPROTO_TCP);
00b1304c 661 bp->len = cpu_to_be32(nbytes);
cfb6eeb4 662
19689e38
ED		 663 _th = (struct tcphdr *)(bp + 1);
664 memcpy(_th, th, sizeof(*th));
665 _th->check = 0;
666
667 sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th));
668 ahash_request_set_crypt(hp->md5_req, &sg, NULL,
669 sizeof(*bp) + sizeof(*th));
cf80e0e4 670 return crypto_ahash_update(hp->md5_req);
49a72dfb 671}
c7da57a1 672
19689e38 673static int tcp_v6_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
b71d1d42 674 const struct in6_addr *daddr, struct in6_addr *saddr,
318cf7aa 675 const struct tcphdr *th)
49a72dfb
AL		 676{
677 struct tcp_md5sig_pool *hp;
cf80e0e4 678 struct ahash_request *req;
49a72dfb
AL		 679
680 hp = tcp_get_md5sig_pool();
681 if (!hp)
682 goto clear_hash_noput;
cf80e0e4 683 req = hp->md5_req;
49a72dfb 684
cf80e0e4 685 if (crypto_ahash_init(req))
49a72dfb 686 goto clear_hash;
19689e38 687 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, th->doff << 2))
49a72dfb
AL		 688 goto clear_hash;
689 if (tcp_md5_hash_key(hp, key))
690 goto clear_hash;
cf80e0e4
HX		 691 ahash_request_set_crypt(req, NULL, md5_hash, 0);
692 if (crypto_ahash_final(req))
cfb6eeb4 693 goto clear_hash;
cfb6eeb4 694
cfb6eeb4 695 tcp_put_md5sig_pool();
cfb6eeb4 696 return 0;
49a72dfb 697
cfb6eeb4
YH		 698clear_hash:
699 tcp_put_md5sig_pool();
700clear_hash_noput:
701 memset(md5_hash, 0, 16);
49a72dfb 702 return 1;
cfb6eeb4
YH		 703}
704
39f8e58e
ED		 705static int tcp_v6_md5_hash_skb(char *md5_hash,
706 const struct tcp_md5sig_key *key,
318cf7aa 707 const struct sock *sk,
318cf7aa 708 const struct sk_buff *skb)
cfb6eeb4 709{
b71d1d42 710 const struct in6_addr *saddr, *daddr;
49a72dfb 711 struct tcp_md5sig_pool *hp;
cf80e0e4 712 struct ahash_request *req;
318cf7aa 713 const struct tcphdr *th = tcp_hdr(skb);
cfb6eeb4 714
39f8e58e
ED		 715 if (sk) { /* valid for establish/request sockets */
716 saddr = &sk->sk_v6_rcv_saddr;
efe4208f 717 daddr = &sk->sk_v6_daddr;
49a72dfb 718 } else {
b71d1d42 719 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
49a72dfb
AL		 720 saddr = &ip6h->saddr;
721 daddr = &ip6h->daddr;
cfb6eeb4 722 }
49a72dfb
AL		 723
724 hp = tcp_get_md5sig_pool();
725 if (!hp)
726 goto clear_hash_noput;
cf80e0e4 727 req = hp->md5_req;
49a72dfb 728
cf80e0e4 729 if (crypto_ahash_init(req))
49a72dfb
AL		 730 goto clear_hash;
731
19689e38 732 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, skb->len))
49a72dfb
AL		 733 goto clear_hash;
734 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
735 goto clear_hash;
736 if (tcp_md5_hash_key(hp, key))
737 goto clear_hash;
cf80e0e4
HX		 738 ahash_request_set_crypt(req, NULL, md5_hash, 0);
739 if (crypto_ahash_final(req))
49a72dfb
AL		 740 goto clear_hash;
741
742 tcp_put_md5sig_pool();
743 return 0;
744
745clear_hash:
746 tcp_put_md5sig_pool();
747clear_hash_noput:
748 memset(md5_hash, 0, 16);
749 return 1;
cfb6eeb4
YH		 750}
751
ba8e275a
ED		 752#endif
753
754static bool tcp_v6_inbound_md5_hash(const struct sock *sk,
d14c77e0
DA		 755 const struct sk_buff *skb,
756 int dif, int sdif)
cfb6eeb4 757{
ba8e275a 758#ifdef CONFIG_TCP_MD5SIG
cf533ea5 759 const __u8 *hash_location = NULL;
cfb6eeb4 760 struct tcp_md5sig_key *hash_expected;
b71d1d42 761 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
318cf7aa 762 const struct tcphdr *th = tcp_hdr(skb);
dea53bb8 763 int genhash, l3index;
cfb6eeb4
YH		 764 u8 newhash[16];
765
dea53bb8
DA		 766 /* sdif set, means packet ingressed via a device
767 * in an L3 domain and dif is set to the l3mdev
768 */
769 l3index = sdif ? dif : 0;
770
771 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr, l3index);
7d5d5525 772 hash_location = tcp_parse_md5sig_option(th);
cfb6eeb4 773
785957d3
DM		 774 /* We've parsed the options - do we have a hash? */
775 if (!hash_expected && !hash_location)
ff74e23f 776 return false;
785957d3
DM		 777
778 if (hash_expected && !hash_location) {
c10d9310 779 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
ff74e23f 780 return true;
cfb6eeb4
YH		 781 }
782
785957d3 783 if (!hash_expected && hash_location) {
c10d9310 784 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
ff74e23f 785 return true;
cfb6eeb4
YH		 786 }
787
788 /* check the signature */
49a72dfb
AL		 789 genhash = tcp_v6_md5_hash_skb(newhash,
790 hash_expected,
39f8e58e 791 NULL, skb);
49a72dfb 792
cfb6eeb4 793 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
72145a68 794 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5FAILURE);
dea53bb8 795 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u L3 index %d\n",
e87cc472
JP		 796 genhash ? "failed" : "mismatch",
797 &ip6h->saddr, ntohs(th->source),
dea53bb8 798 &ip6h->daddr, ntohs(th->dest), l3index);
ff74e23f 799 return true;
cfb6eeb4 800 }
ba8e275a 801#endif
ff74e23f 802 return false;
cfb6eeb4 803}
cfb6eeb4 804
b40cf18e
ED		 805static void tcp_v6_init_req(struct request_sock *req,
806 const struct sock *sk_listener,
16bea70a
OP		 807 struct sk_buff *skb)
808{
c2027d1e 809 bool l3_slave = ipv6_l3mdev_skb(TCP_SKB_CB(skb)->header.h6.flags);
16bea70a 810 struct inet_request_sock *ireq = inet_rsk(req);
93a77c11 811 const struct ipv6_pinfo *np = tcp_inet6_sk(sk_listener);
16bea70a
OP		 812
813 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
814 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
815
16bea70a 816 /* So that link locals have meaning */
c2027d1e 817 if ((!sk_listener->sk_bound_dev_if || l3_slave) &&
16bea70a 818 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
870c3151 819 ireq->ir_iif = tcp_v6_iif(skb);
16bea70a 820
04317daf 821 if (!TCP_SKB_CB(skb)->tcp_tw_isn &&
b40cf18e 822 (ipv6_opt_accepted(sk_listener, skb, &TCP_SKB_CB(skb)->header.h6) ||
a224772d 823 np->rxopt.bits.rxinfo ||
16bea70a
OP		 824 np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim ||
825 np->rxopt.bits.rxohlim || np->repflow)) {
63354797 826 refcount_inc(&skb->users);
16bea70a
OP		 827 ireq->pktopts = skb;
828 }
829}
830
f964629e 831static struct dst_entry *tcp_v6_route_req(const struct sock *sk,
7ea851d1 832 struct sk_buff *skb,
f964629e 833 struct flowi *fl,
7ea851d1 834 struct request_sock *req)
d94e0417 835{
7ea851d1
FW		 836 tcp_v6_init_req(req, sk, skb);
837
838 if (security_inet_conn_request(sk, skb, req))
839 return NULL;
840
f76b33c3 841 return inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP);
d94e0417
OP		 842}
843
c6aefafb 844struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
1da177e4 845 .family = AF_INET6,
2e6599cb 846 .obj_size = sizeof(struct tcp6_request_sock),
5db92c99 847 .rtx_syn_ack = tcp_rtx_synack,
60236fdd
ACM		 848 .send_ack = tcp_v6_reqsk_send_ack,
849 .destructor = tcp_v6_reqsk_destructor,
72659ecc 850 .send_reset = tcp_v6_send_reset,
4aa956d8 851 .syn_ack_timeout = tcp_syn_ack_timeout,
1da177e4
LT		 852};
853
35b2c321 854const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
2aec4a29
OP		 855 .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) -
856 sizeof(struct ipv6hdr),
16bea70a 857#ifdef CONFIG_TCP_MD5SIG
fd3a154a 858 .req_md5_lookup = tcp_v6_md5_lookup,
e3afe7b7 859 .calc_md5_hash = tcp_v6_md5_hash_skb,
b6332e6c 860#endif
fb7b37a7
OP		 861#ifdef CONFIG_SYN_COOKIES
862 .cookie_init_seq = cookie_v6_init_sequence,
863#endif
d94e0417 864 .route_req = tcp_v6_route_req,
84b114b9
ED		 865 .init_seq = tcp_v6_init_seq,
866 .init_ts_off = tcp_v6_init_ts_off,
d6274bd8 867 .send_synack = tcp_v6_send_synack,
16bea70a 868};
cfb6eeb4 869
a00e7444 870static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 seq,
0f85feae
ED		 871 u32 ack, u32 win, u32 tsval, u32 tsecr,
872 int oif, struct tcp_md5sig_key *key, int rst,
e9a5dcee 873 u8 tclass, __be32 label, u32 priority)
1da177e4 874{
cf533ea5
ED		 875 const struct tcphdr *th = tcp_hdr(skb);
876 struct tcphdr *t1;
1da177e4 877 struct sk_buff *buff;
4c9483b2 878 struct flowi6 fl6;
0f85feae 879 struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
e5047992 880 struct sock *ctl_sk = net->ipv6.tcp_sk;
77c676da 881 unsigned int tot_len = sizeof(struct tcphdr);
adf30907 882 struct dst_entry *dst;
81ada62d 883 __be32 *topt;
00483690 884 __u32 mark = 0;
1da177e4 885
ee684b6f 886 if (tsecr)
626e264d 887 tot_len += TCPOLEN_TSTAMP_ALIGNED;
cfb6eeb4 888#ifdef CONFIG_TCP_MD5SIG
cfb6eeb4
YH		 889 if (key)
890 tot_len += TCPOLEN_MD5SIG_ALIGNED;
891#endif
892
cfb6eeb4 893 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1da177e4 894 GFP_ATOMIC);
63159f29 895 if (!buff)
1ab1457c 896 return;
1da177e4 897
cfb6eeb4 898 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1da177e4 899
d58ff351 900 t1 = skb_push(buff, tot_len);
6651ffc8 901 skb_reset_transport_header(buff);
1da177e4
LT		 902
903 /* Swap the send and the receive. */
904 memset(t1, 0, sizeof(*t1));
905 t1->dest = th->source;
906 t1->source = th->dest;
cfb6eeb4 907 t1->doff = tot_len / 4;
626e264d
IJ		 908 t1->seq = htonl(seq);
909 t1->ack_seq = htonl(ack);
910 t1->ack = !rst || !th->ack;
911 t1->rst = rst;
912 t1->window = htons(win);
1da177e4 913
81ada62d
IJ		 914 topt = (__be32 *)(t1 + 1);
915
ee684b6f 916 if (tsecr) {
626e264d
IJ		 917 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
918 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
ee684b6f
AV		 919 *topt++ = htonl(tsval);
920 *topt++ = htonl(tsecr);
626e264d
IJ		 921 }
922
cfb6eeb4
YH		 923#ifdef CONFIG_TCP_MD5SIG
924 if (key) {
81ada62d
IJ		 925 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
926 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
927 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
78e645cb
IJ		 928 &ipv6_hdr(skb)->saddr,
929 &ipv6_hdr(skb)->daddr, t1);
cfb6eeb4
YH		 930 }
931#endif
932
4c9483b2 933 memset(&fl6, 0, sizeof(fl6));
4e3fd7a0
AD		 934 fl6.daddr = ipv6_hdr(skb)->saddr;
935 fl6.saddr = ipv6_hdr(skb)->daddr;
1d13a96c 936 fl6.flowlabel = label;
1da177e4 937
e5700aff
DM		 938 buff->ip_summed = CHECKSUM_PARTIAL;
939 buff->csum = 0;
940
4c9483b2 941 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
1da177e4 942
4c9483b2 943 fl6.flowi6_proto = IPPROTO_TCP;
a36dbdb2 944 if (rt6_need_strict(&fl6.daddr) && !oif)
870c3151 945 fl6.flowi6_oif = tcp_v6_iif(skb);
9b6c14d5
DA		 946 else {
947 if (!oif && netif_index_is_l3_master(net, skb->skb_iif))
948 oif = skb->skb_iif;
949
950 fl6.flowi6_oif = oif;
951 }
1d2f7b2d 952
c67b8555
ED		 953 if (sk) {
954 if (sk->sk_state == TCP_TIME_WAIT) {
955 mark = inet_twsk(sk)->tw_mark;
956 /* autoflowlabel relies on buff->hash */
957 skb_set_hash(buff, inet_twsk(sk)->tw_txhash,
958 PKT_HASH_TYPE_L4);
959 } else {
960 mark = sk->sk_mark;
961 }
d6fb396c 962 buff->tstamp = tcp_transmit_time(sk);
c67b8555 963 }
00483690 964 fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark) ?: mark;
1958b856
DM		 965 fl6.fl6_dport = t1->dest;
966 fl6.fl6_sport = t1->source;
e2d118a1 967 fl6.flowi6_uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL);
3df98d79 968 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
1da177e4 969
c20121ae
DL		 970 /* Pass a socket to ip6_dst_lookup either it is for RST
971 * Underlying function will use this to retrieve the network
972 * namespace
973 */
c4e85f73 974 dst = ip6_dst_lookup_flow(sock_net(ctl_sk), ctl_sk, &fl6, NULL);
68d0c6d3
DM		 975 if (!IS_ERR(dst)) {
976 skb_dst_set(buff, dst);
e92dd77e
WW		 977 ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL,
978 tclass & ~INET_ECN_MASK, priority);
c10d9310 979 TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
68d0c6d3 980 if (rst)
c10d9310 981 TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
68d0c6d3 982 return;
1da177e4
LT		 983 }
984
985 kfree_skb(buff);
986}
987
a00e7444 988static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb)
1da177e4 989{
cf533ea5 990 const struct tcphdr *th = tcp_hdr(skb);
323a53c4 991 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
626e264d 992 u32 seq = 0, ack_seq = 0;
fa3e5b4e 993 struct tcp_md5sig_key *key = NULL;
658ddaaf
SL		 994#ifdef CONFIG_TCP_MD5SIG
995 const __u8 *hash_location = NULL;
658ddaaf
SL		 996 unsigned char newhash[16];
997 int genhash;
998 struct sock *sk1 = NULL;
999#endif
323a53c4 1000 __be32 label = 0;
e9a5dcee 1001 u32 priority = 0;
323a53c4 1002 struct net *net;
c24b14c4 1003 int oif = 0;
1da177e4 1004
626e264d 1005 if (th->rst)
1da177e4
LT		 1006 return;
1007
c3658e8d
ED		 1008 /* If sk not NULL, it means we did a successful lookup and incoming
1009 * route had to be correct. prequeue might have dropped our dst.
1010 */
1011 if (!sk && !ipv6_unicast_destination(skb))
626e264d 1012 return;
1da177e4 1013
39209673 1014 net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
cfb6eeb4 1015#ifdef CONFIG_TCP_MD5SIG
3b24d854 1016 rcu_read_lock();
658ddaaf 1017 hash_location = tcp_parse_md5sig_option(th);
271c3b9b 1018 if (sk && sk_fullsock(sk)) {
dea53bb8
DA		 1019 int l3index;
1020
1021 /* sdif set, means packet ingressed via a device
1022 * in an L3 domain and inet_iif is set to it.
1023 */
1024 l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
1025 key = tcp_v6_md5_do_lookup(sk, &ipv6h->saddr, l3index);
e46787f0 1026 } else if (hash_location) {
d14c77e0
DA		 1027 int dif = tcp_v6_iif_l3_slave(skb);
1028 int sdif = tcp_v6_sdif(skb);
dea53bb8 1029 int l3index;
d14c77e0 1030
658ddaaf
SL		 1031 /*
1032 * active side is lost. Try to find listening socket through
1033 * source port, and then find md5 key through listening socket.
1034 * we are not loose security here:
1035 * Incoming packet is checked with md5 hash with finding key,
1036 * no RST generated if md5 hash doesn't match.
1037 */
323a53c4 1038 sk1 = inet6_lookup_listener(net,
a583636a
CG		 1039 &tcp_hashinfo, NULL, 0,
1040 &ipv6h->saddr,
5ba24953 1041 th->source, &ipv6h->daddr,
d14c77e0 1042 ntohs(th->source), dif, sdif);
658ddaaf 1043 if (!sk1)
3b24d854 1044 goto out;
658ddaaf 1045
dea53bb8
DA		 1046 /* sdif set, means packet ingressed via a device
1047 * in an L3 domain and dif is set to it.
1048 */
1049 l3index = tcp_v6_sdif(skb) ? dif : 0;
1050
1051 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr, l3index);
658ddaaf 1052 if (!key)
3b24d854 1053 goto out;
658ddaaf 1054
39f8e58e 1055 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, skb);
658ddaaf 1056 if (genhash || memcmp(hash_location, newhash, 16) != 0)
3b24d854 1057 goto out;
658ddaaf 1058 }
cfb6eeb4
YH		 1059#endif
1060
626e264d
IJ		 1061 if (th->ack)
1062 seq = ntohl(th->ack_seq);
1063 else
1064 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
1065 (th->doff << 2);
1da177e4 1066
c24b14c4
SL		 1067 if (sk) {
1068 oif = sk->sk_bound_dev_if;
052e0690
ED		 1069 if (sk_fullsock(sk)) {
1070 const struct ipv6_pinfo *np = tcp_inet6_sk(sk);
1071
5c487bb9 1072 trace_tcp_send_reset(sk, skb);
052e0690
ED		 1073 if (np->repflow)
1074 label = ip6_flowlabel(ipv6h);
e9a5dcee 1075 priority = sk->sk_priority;
052e0690 1076 }
f6c0f5d2 1077 if (sk->sk_state == TCP_TIME_WAIT) {
50a8accf 1078 label = cpu_to_be32(inet_twsk(sk)->tw_flowlabel);
f6c0f5d2
ED		 1079 priority = inet_twsk(sk)->tw_priority;
1080 }
323a53c4 1081 } else {
a346abe0 1082 if (net->ipv6.sysctl.flowlabel_reflect & FLOWLABEL_REFLECT_TCP_RESET)
323a53c4 1083 label = ip6_flowlabel(ipv6h);
c24b14c4
SL		 1084 }
1085
e92dd77e
WW		 1086 tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, key, 1,
1087 ipv6_get_dsfield(ipv6h), label, priority);
658ddaaf
SL		 1088
1089#ifdef CONFIG_TCP_MD5SIG
3b24d854
ED		 1090out:
1091 rcu_read_unlock();
658ddaaf 1092#endif
626e264d 1093}
1da177e4 1094
a00e7444 1095static void tcp_v6_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq,
0f85feae 1096 u32 ack, u32 win, u32 tsval, u32 tsecr, int oif,
1d13a96c 1097 struct tcp_md5sig_key *key, u8 tclass,
e9a5dcee 1098 __be32 label, u32 priority)
626e264d 1099{
0f85feae 1100 tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, key, 0,
e9a5dcee 1101 tclass, label, priority);
1da177e4
LT		 1102}
1103
1104static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1105{
8feaf0c0 1106 struct inet_timewait_sock *tw = inet_twsk(sk);
cfb6eeb4 1107 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1da177e4 1108
0f85feae 1109 tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
8feaf0c0 1110 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
9a568de4 1111 tcp_time_stamp_raw() + tcptw->tw_ts_offset,
9c76a114 1112 tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw),
f6c0f5d2 1113 tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel), tw->tw_priority);
1da177e4 1114
8feaf0c0 1115 inet_twsk_put(tw);
1da177e4
LT		 1116}
1117
a00e7444 1118static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
6edafaaf 1119 struct request_sock *req)
1da177e4 1120{
dea53bb8
DA		 1121 int l3index;
1122
1123 l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
1124
3a19ce0e
DL		 1125 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
1126 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
1127 */
20a2b49f
ED		 1128 /* RFC 7323 2.3
1129 * The window field (SEG.WND) of every outgoing segment, with the
1130 * exception of <SYN> segments, MUST be right-shifted by
1131 * Rcv.Wind.Shift bits:
1132 */
0f85feae 1133 tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ?
3a19ce0e 1134 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
20a2b49f
ED		 1135 tcp_rsk(req)->rcv_nxt,
1136 req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale,
9a568de4 1137 tcp_time_stamp_raw() + tcp_rsk(req)->ts_off,
95a22cae 1138 req->ts_recent, sk->sk_bound_dev_if,
dea53bb8 1139 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->saddr, l3index),
e92dd77e 1140 ipv6_get_dsfield(ipv6_hdr(skb)), 0, sk->sk_priority);
1da177e4
LT		 1141}
1142
1143
079096f1 1144static struct sock *tcp_v6_cookie_check(struct sock *sk, struct sk_buff *skb)
1da177e4 1145{
079096f1 1146#ifdef CONFIG_SYN_COOKIES
aa8223c7 1147 const struct tcphdr *th = tcp_hdr(skb);
1da177e4 1148
af9b4738 1149 if (!th->syn)
c6aefafb 1150 sk = cookie_v6_check(sk, skb);
1da177e4
LT		 1151#endif
1152 return sk;
1153}
1154
9349d600
PP		 1155u16 tcp_v6_get_syncookie(struct sock *sk, struct ipv6hdr *iph,
1156 struct tcphdr *th, u32 *cookie)
1157{
1158 u16 mss = 0;
1159#ifdef CONFIG_SYN_COOKIES
1160 mss = tcp_get_syncookie_mss(&tcp6_request_sock_ops,
1161 &tcp_request_sock_ipv6_ops, sk, th);
1162 if (mss) {
1163 *cookie = __cookie_v6_init_sequence(iph, th, &mss);
1164 tcp_synq_overflow(sk);
1165 }
1166#endif
1167 return mss;
1168}
1169
1da177e4
LT		 1170static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1171{
1da177e4
LT		 1172 if (skb->protocol == htons(ETH_P_IP))
1173 return tcp_v4_conn_request(sk, skb);
1174
1175 if (!ipv6_unicast_destination(skb))
1ab1457c 1176 goto drop;
1da177e4 1177
dcc32f4f
JK		 1178 if (ipv6_addr_v4mapped(&ipv6_hdr(skb)->saddr)) {
1179 __IP6_INC_STATS(sock_net(sk), NULL, IPSTATS_MIB_INHDRERRORS);
1180 return 0;
1181 }
1182
1fb6f159
OP		 1183 return tcp_conn_request(&tcp6_request_sock_ops,
1184 &tcp_request_sock_ipv6_ops, sk, skb);
1da177e4
LT		 1185
1186drop:
9caad864 1187 tcp_listendrop(sk);
1da177e4
LT		 1188 return 0; /* don't send reset */
1189}
1190
ebf6c9cb
ED		 1191static void tcp_v6_restore_cb(struct sk_buff *skb)
1192{
1193 /* We need to move header back to the beginning if xfrm6_policy_check()
1194 * and tcp_v6_fill_cb() are going to be called again.
1195 * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there.
1196 */
1197 memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
1198 sizeof(struct inet6_skb_parm));
1199}
1200
0c27171e 1201static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
4c99aa40 1202 struct request_sock *req,
5e0724d0
ED		 1203 struct dst_entry *dst,
1204 struct request_sock *req_unhash,
1205 bool *own_req)
1da177e4 1206{
634fb979 1207 struct inet_request_sock *ireq;
0c27171e 1208 struct ipv6_pinfo *newnp;
93a77c11 1209 const struct ipv6_pinfo *np = tcp_inet6_sk(sk);
45f6fad8 1210 struct ipv6_txoptions *opt;
1da177e4 1211 struct inet_sock *newinet;
01770a16 1212 bool found_dup_sk = false;
1da177e4
LT		 1213 struct tcp_sock *newtp;
1214 struct sock *newsk;
cfb6eeb4
YH		 1215#ifdef CONFIG_TCP_MD5SIG
1216 struct tcp_md5sig_key *key;
dea53bb8 1217 int l3index;
cfb6eeb4 1218#endif
3840a06e 1219 struct flowi6 fl6;
1da177e4
LT		 1220
1221 if (skb->protocol == htons(ETH_P_IP)) {
1222 /*
1223 * v6 mapped
1224 */
1225
5e0724d0
ED		 1226 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst,
1227 req_unhash, own_req);
1da177e4 1228
63159f29 1229 if (!newsk)
1da177e4
LT		 1230 return NULL;
1231
93a77c11 1232 inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk);
1da177e4
LT		 1233
1234 newinet = inet_sk(newsk);
93a77c11 1235 newnp = tcp_inet6_sk(newsk);
1da177e4
LT		 1236 newtp = tcp_sk(newsk);
1237
1238 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1239
d1e559d0 1240 newnp->saddr = newsk->sk_v6_rcv_saddr;
1da177e4 1241
8292a17a 1242 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
cec37a6e 1243 if (sk_is_mptcp(newsk))
31484d56 1244 mptcpv6_handle_mapped(newsk, true);
1da177e4 1245 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
cfb6eeb4
YH		 1246#ifdef CONFIG_TCP_MD5SIG
1247 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1248#endif
1249
83eaddab 1250 newnp->ipv6_mc_list = NULL;
676a1184
YZ		 1251 newnp->ipv6_ac_list = NULL;
1252 newnp->ipv6_fl_list = NULL;
1da177e4
LT		 1253 newnp->pktoptions = NULL;
1254 newnp->opt = NULL;
89e41309
ED		 1255 newnp->mcast_oif = inet_iif(skb);
1256 newnp->mcast_hops = ip_hdr(skb)->ttl;
1257 newnp->rcv_flowinfo = 0;
df3687ff 1258 if (np->repflow)
89e41309 1259 newnp->flow_label = 0;
1da177e4 1260
e6848976
ACM		 1261 /*
1262 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1263 * here, tcp_create_openreq_child now does this for us, see the comment in
1264 * that function for the gory details. -acme
1da177e4 1265 */
1da177e4
LT		 1266
1267 /* It is tricky place. Until this moment IPv4 tcp
8292a17a 1268 worked with IPv6 icsk.icsk_af_ops.
1da177e4
LT		 1269 Sync it now.
1270 */
d83d8461 1271 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1da177e4
LT		 1272
1273 return newsk;
1274 }
1275
634fb979 1276 ireq = inet_rsk(req);
1da177e4
LT		 1277
1278 if (sk_acceptq_is_full(sk))
1279 goto out_overflow;
1280
493f377d 1281 if (!dst) {
f76b33c3 1282 dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_TCP);
493f377d 1283 if (!dst)
1da177e4 1284 goto out;
1ab1457c 1285 }
1da177e4
LT		 1286
1287 newsk = tcp_create_openreq_child(sk, req, skb);
63159f29 1288 if (!newsk)
093d2823 1289 goto out_nonewsk;
1da177e4 1290
e6848976
ACM		 1291 /*
1292 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1293 * count here, tcp_create_openreq_child now does this for us, see the
1294 * comment in that function for the gory details. -acme
1295 */
1da177e4 1296
59eed279 1297 newsk->sk_gso_type = SKB_GSO_TCPV6;
6bd4f355 1298 ip6_dst_store(newsk, dst, NULL, NULL);
fae6ef87 1299 inet6_sk_rx_dst_set(newsk, skb);
1da177e4 1300
93a77c11 1301 inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk);
1da177e4
LT		 1302
1303 newtp = tcp_sk(newsk);
1304 newinet = inet_sk(newsk);
93a77c11 1305 newnp = tcp_inet6_sk(newsk);
1da177e4
LT		 1306
1307 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1308
634fb979
ED		 1309 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
1310 newnp->saddr = ireq->ir_v6_loc_addr;
1311 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
1312 newsk->sk_bound_dev_if = ireq->ir_iif;
1da177e4 1313
1ab1457c 1314 /* Now IPv6 options...
1da177e4
LT		 1315
1316 First: no IPv4 options.
1317 */
f6d8bd05 1318 newinet->inet_opt = NULL;
83eaddab 1319 newnp->ipv6_mc_list = NULL;
676a1184 1320 newnp->ipv6_ac_list = NULL;
d35690be 1321 newnp->ipv6_fl_list = NULL;
1da177e4
LT		 1322
1323 /* Clone RX bits */
1324 newnp->rxopt.all = np->rxopt.all;
1325
1da177e4 1326 newnp->pktoptions = NULL;
1da177e4 1327 newnp->opt = NULL;
870c3151 1328 newnp->mcast_oif = tcp_v6_iif(skb);
0660e03f 1329 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1397ed35 1330 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
df3687ff
FF		 1331 if (np->repflow)
1332 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1da177e4 1333
8ef44b6f
WW		 1334 /* Set ToS of the new socket based upon the value of incoming SYN.
1335 * ECT bits are set later in tcp_init_transfer().
1336 */
ac8f1710
WW		 1337 if (sock_net(sk)->ipv4.sysctl_tcp_reflect_tos)
1338 newnp->tclass = tcp_rsk(req)->syn_tos & ~INET_ECN_MASK;
1339
1da177e4
LT		 1340 /* Clone native IPv6 options from listening socket (if any)
1341
1342 Yes, keeping reference count would be much more clever,
1343 but we make one more one thing there: reattach optmem
1344 to newsk.
1345 */
56ac42bc
HD		 1346 opt = ireq->ipv6_opt;
1347 if (!opt)
1348 opt = rcu_dereference(np->opt);
45f6fad8
ED		 1349 if (opt) {
1350 opt = ipv6_dup_options(newsk, opt);
1351 RCU_INIT_POINTER(newnp->opt, opt);
1352 }
d83d8461 1353 inet_csk(newsk)->icsk_ext_hdr_len = 0;
45f6fad8
ED		 1354 if (opt)
1355 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen +
1356 opt->opt_flen;
1da177e4 1357
81164413
DB		 1358 tcp_ca_openreq_child(newsk, dst);
1359
1da177e4 1360 tcp_sync_mss(newsk, dst_mtu(dst));
3541f9e8 1361 newtp->advmss = tcp_mss_clamp(tcp_sk(sk), dst_metric_advmss(dst));
d135c522 1362
1da177e4
LT		 1363 tcp_initialize_rcv_mss(newsk);
1364
c720c7e8
ED		 1365 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1366 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1da177e4 1367
cfb6eeb4 1368#ifdef CONFIG_TCP_MD5SIG
dea53bb8
DA		 1369 l3index = l3mdev_master_ifindex_by_index(sock_net(sk), ireq->ir_iif);
1370
cfb6eeb4 1371 /* Copy over the MD5 key from the original socket */
dea53bb8 1372 key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr, l3index);
53b24b8f 1373 if (key) {
cfb6eeb4
YH		 1374 /* We're using one, so create a matching key
1375 * on the newsk structure. If we fail to get
1376 * memory, then we end up not copying the key
1377 * across. Shucks.
1378 */
efe4208f 1379 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr,
dea53bb8 1380 AF_INET6, 128, l3index, key->key, key->keylen,
7450aaf6 1381 sk_gfp_mask(sk, GFP_ATOMIC));
cfb6eeb4
YH		 1382 }
1383#endif
1384
093d2823 1385 if (__inet_inherit_port(sk, newsk) < 0) {
e337e24d
CP		 1386 inet_csk_prepare_forced_close(newsk);
1387 tcp_done(newsk);
093d2823
BS		 1388 goto out;
1389 }
01770a16
RD		 1390 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash),
1391 &found_dup_sk);
805c4bc0 1392 if (*own_req) {
49a496c9 1393 tcp_move_syn(newtp, req);
805c4bc0
ED		 1394
1395 /* Clone pktoptions received with SYN, if we own the req */
1396 if (ireq->pktopts) {
1397 newnp->pktoptions = skb_clone(ireq->pktopts,
7450aaf6 1398 sk_gfp_mask(sk, GFP_ATOMIC));
805c4bc0
ED		 1399 consume_skb(ireq->pktopts);
1400 ireq->pktopts = NULL;
ebf6c9cb
ED		 1401 if (newnp->pktoptions) {
1402 tcp_v6_restore_cb(newnp->pktoptions);
805c4bc0 1403 skb_set_owner_r(newnp->pktoptions, newsk);
ebf6c9cb 1404 }
805c4bc0 1405 }
01770a16
RD		 1406 } else {
1407 if (!req_unhash && found_dup_sk) {
1408 /* This code path should only be executed in the
1409 * syncookie case only
1410 */
1411 bh_unlock_sock(newsk);
1412 sock_put(newsk);
1413 newsk = NULL;
1414 }
ce105008 1415 }
1da177e4
LT		 1416
1417 return newsk;
1418
1419out_overflow:
02a1d6e7 1420 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
093d2823 1421out_nonewsk:
1da177e4 1422 dst_release(dst);
093d2823 1423out:
9caad864 1424 tcp_listendrop(sk);
1da177e4
LT		 1425 return NULL;
1426}
1427
bbd807df
BV		 1428INDIRECT_CALLABLE_DECLARE(struct dst_entry *ipv4_dst_check(struct dst_entry *,
1429 u32));
1da177e4 1430/* The socket must have it's spinlock held when we get
e994b2f0 1431 * here, unless it is a TCP_LISTEN socket.
1da177e4
LT		 1432 *
1433 * We have a potential double-lock case here, so even when
1434 * doing backlog processing we use the BH locking scheme.
1435 * This is because we cannot sleep with the original spinlock
1436 * held.
1437 */
1438static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1439{
93a77c11 1440 struct ipv6_pinfo *np = tcp_inet6_sk(sk);
1da177e4 1441 struct sk_buff *opt_skb = NULL;
93a77c11 1442 struct tcp_sock *tp;
1da177e4
LT		 1443
1444 /* Imagine: socket is IPv6. IPv4 packet arrives,
1445 goes to IPv4 receive handler and backlogged.
1446 From backlog it always goes here. Kerboom...
1447 Fortunately, tcp_rcv_established and rcv_established
1448 handle them correctly, but it is not case with
1449 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1450 */
1451
1452 if (skb->protocol == htons(ETH_P_IP))
1453 return tcp_v4_do_rcv(sk, skb);
1454
1da177e4
LT		 1455 /*
1456 * socket locking is here for SMP purposes as backlog rcv
1457 * is currently called with bh processing disabled.
1458 */
1459
1460 /* Do Stevens' IPV6_PKTOPTIONS.
1461
1462 Yes, guys, it is the only place in our code, where we
1463 may make it not affecting IPv4.
1464 The rest of code is protocol independent,
1465 and I do not like idea to uglify IPv4.
1466
1467 Actually, all the idea behind IPV6_PKTOPTIONS
1468 looks not very well thought. For now we latch
1469 options, received in the last packet, enqueued
1470 by tcp. Feel free to propose better solution.
1ab1457c 1471 --ANK (980728)
1da177e4
LT		 1472 */
1473 if (np->rxopt.all)
7450aaf6 1474 opt_skb = skb_clone(skb, sk_gfp_mask(sk, GFP_ATOMIC));
1da177e4
LT		 1475
1476 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
5d299f3d
ED		 1477 struct dst_entry *dst = sk->sk_rx_dst;
1478
bdeab991 1479 sock_rps_save_rxhash(sk, skb);
3d97379a 1480 sk_mark_napi_id(sk, skb);
5d299f3d
ED		 1481 if (dst) {
1482 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
bbd807df
BV		 1483 INDIRECT_CALL_1(dst->ops->check, ip6_dst_check,
1484 dst, np->rx_dst_cookie) == NULL) {
5d299f3d
ED		 1485 dst_release(dst);
1486 sk->sk_rx_dst = NULL;
1487 }
1488 }
1489
3d97d88e 1490 tcp_rcv_established(sk, skb);
1da177e4
LT		 1491 if (opt_skb)
1492 goto ipv6_pktoptions;
1493 return 0;
1494 }
1495
12e25e10 1496 if (tcp_checksum_complete(skb))
1da177e4
LT		 1497 goto csum_err;
1498
1ab1457c 1499 if (sk->sk_state == TCP_LISTEN) {
079096f1
ED		 1500 struct sock *nsk = tcp_v6_cookie_check(sk, skb);
1501
1da177e4
LT		 1502 if (!nsk)
1503 goto discard;
1504
4c99aa40 1505 if (nsk != sk) {
1da177e4
LT		 1506 if (tcp_child_process(sk, nsk, skb))
1507 goto reset;
1508 if (opt_skb)
1509 __kfree_skb(opt_skb);
1510 return 0;
1511 }
47482f13 1512 } else
bdeab991 1513 sock_rps_save_rxhash(sk, skb);
1da177e4 1514
72ab4a86 1515 if (tcp_rcv_state_process(sk, skb))
1da177e4 1516 goto reset;
1da177e4
LT		 1517 if (opt_skb)
1518 goto ipv6_pktoptions;
1519 return 0;
1520
1521reset:
cfb6eeb4 1522 tcp_v6_send_reset(sk, skb);
1da177e4
LT		 1523discard:
1524 if (opt_skb)
1525 __kfree_skb(opt_skb);
1526 kfree_skb(skb);
1527 return 0;
1528csum_err:
c10d9310
ED		 1529 TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS);
1530 TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS);
1da177e4
LT		 1531 goto discard;
1532
1533
1534ipv6_pktoptions:
1535 /* Do you ask, what is it?
1536
1537 1. skb was enqueued by tcp.
1538 2. skb is added to tail of read queue, rather than out of order.
1539 3. socket is not in passive state.
1540 4. Finally, it really contains options, which user wants to receive.
1541 */
1542 tp = tcp_sk(sk);
1543 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1544 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
333fad53 1545 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
870c3151 1546 np->mcast_oif = tcp_v6_iif(opt_skb);
333fad53 1547 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
0660e03f 1548 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
82e9f105 1549 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
1397ed35 1550 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
df3687ff
FF		 1551 if (np->repflow)
1552 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
a224772d 1553 if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) {
1da177e4 1554 skb_set_owner_r(opt_skb, sk);
8ce48623 1555 tcp_v6_restore_cb(opt_skb);
1da177e4
LT		 1556 opt_skb = xchg(&np->pktoptions, opt_skb);
1557 } else {
1558 __kfree_skb(opt_skb);
1559 opt_skb = xchg(&np->pktoptions, NULL);
1560 }
1561 }
1562
800d55f1 1563 kfree_skb(opt_skb);
1da177e4
LT		 1564 return 0;
1565}
1566
2dc49d16
ND		 1567static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
1568 const struct tcphdr *th)
1569{
1570 /* This is tricky: we move IP6CB at its correct location into
1571 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
1572 * _decode_session6() uses IP6CB().
1573 * barrier() makes sure compiler won't play aliasing games.
1574 */
1575 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
1576 sizeof(struct inet6_skb_parm));
1577 barrier();
1578
1579 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1580 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1581 skb->len - th->doff*4);
1582 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1583 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1584 TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1585 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1586 TCP_SKB_CB(skb)->sacked = 0;
98aaa913
MM		 1587 TCP_SKB_CB(skb)->has_rxtstamp =
1588 skb->tstamp || skb_hwtstamps(skb)->hwtstamp;
2dc49d16
ND		 1589}
1590
0e219ae4 1591INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
1da177e4 1592{
8b27dae5 1593 struct sk_buff *skb_to_free;
4297a0ef 1594 int sdif = inet6_sdif(skb);
d14c77e0 1595 int dif = inet6_iif(skb);
cf533ea5 1596 const struct tcphdr *th;
b71d1d42 1597 const struct ipv6hdr *hdr;
3b24d854 1598 bool refcounted;
1da177e4
LT		 1599 struct sock *sk;
1600 int ret;
a86b1e30 1601 struct net *net = dev_net(skb->dev);
1da177e4
LT		 1602
1603 if (skb->pkt_type != PACKET_HOST)
1604 goto discard_it;
1605
1606 /*
1607 * Count it even if it's bad.
1608 */
90bbcc60 1609 __TCP_INC_STATS(net, TCP_MIB_INSEGS);
1da177e4
LT		 1610
1611 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1612 goto discard_it;
1613
ea1627c2 1614 th = (const struct tcphdr *)skb->data;
1da177e4 1615
ea1627c2 1616 if (unlikely(th->doff < sizeof(struct tcphdr)/4))
1da177e4
LT		 1617 goto bad_packet;
1618 if (!pskb_may_pull(skb, th->doff*4))
1619 goto discard_it;
1620
e4f45b7f 1621 if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo))
6a5dc9e5 1622 goto csum_error;
1da177e4 1623
ea1627c2 1624 th = (const struct tcphdr *)skb->data;
e802af9c 1625 hdr = ipv6_hdr(skb);
1da177e4 1626
4bdc3d66 1627lookup:
a583636a 1628 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th),
4297a0ef 1629 th->source, th->dest, inet6_iif(skb), sdif,
3b24d854 1630 &refcounted);
1da177e4
LT		 1631 if (!sk)
1632 goto no_tcp_socket;
1633
1634process:
1635 if (sk->sk_state == TCP_TIME_WAIT)
1636 goto do_time_wait;
1637
079096f1
ED		 1638 if (sk->sk_state == TCP_NEW_SYN_RECV) {
1639 struct request_sock *req = inet_reqsk(sk);
e0f9759f 1640 bool req_stolen = false;
7716682c 1641 struct sock *nsk;
079096f1
ED		 1642
1643 sk = req->rsk_listener;
d14c77e0 1644 if (tcp_v6_inbound_md5_hash(sk, skb, dif, sdif)) {
e65c332d 1645 sk_drops_add(sk, skb);
079096f1
ED		 1646 reqsk_put(req);
1647 goto discard_it;
1648 }
4fd44a98
FL		 1649 if (tcp_checksum_complete(skb)) {
1650 reqsk_put(req);
1651 goto csum_error;
1652 }
7716682c 1653 if (unlikely(sk->sk_state != TCP_LISTEN)) {
f03f2e15 1654 inet_csk_reqsk_queue_drop_and_put(sk, req);
4bdc3d66
ED		 1655 goto lookup;
1656 }
7716682c 1657 sock_hold(sk);
3b24d854 1658 refcounted = true;
1f3b359f 1659 nsk = NULL;
eeea10b8
ED		 1660 if (!tcp_filter(sk, skb)) {
1661 th = (const struct tcphdr *)skb->data;
1662 hdr = ipv6_hdr(skb);
1663 tcp_v6_fill_cb(skb, hdr, th);
e0f9759f 1664 nsk = tcp_check_req(sk, skb, req, false, &req_stolen);
eeea10b8 1665 }
079096f1
ED		 1666 if (!nsk) {
1667 reqsk_put(req);
e0f9759f
ED		 1668 if (req_stolen) {
1669 /* Another cpu got exclusive access to req
1670 * and created a full blown socket.
1671 * Try to feed this packet to this socket
1672 * instead of discarding it.
1673 */
1674 tcp_v6_restore_cb(skb);
1675 sock_put(sk);
1676 goto lookup;
1677 }
7716682c 1678 goto discard_and_relse;
079096f1
ED		 1679 }
1680 if (nsk == sk) {
079096f1
ED		 1681 reqsk_put(req);
1682 tcp_v6_restore_cb(skb);
1683 } else if (tcp_child_process(sk, nsk, skb)) {
1684 tcp_v6_send_reset(nsk, skb);
7716682c 1685 goto discard_and_relse;
079096f1 1686 } else {
7716682c 1687 sock_put(sk);
079096f1
ED		 1688 return 0;
1689 }
1690 }
93a77c11 1691 if (hdr->hop_limit < tcp_inet6_sk(sk)->min_hopcount) {
02a1d6e7 1692 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
e802af9c
SH		 1693 goto discard_and_relse;
1694 }
1695
1da177e4
LT		 1696 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1697 goto discard_and_relse;
1698
d14c77e0 1699 if (tcp_v6_inbound_md5_hash(sk, skb, dif, sdif))
9ea88a15 1700 goto discard_and_relse;
9ea88a15 1701
ac6e7800 1702 if (tcp_filter(sk, skb))
1da177e4 1703 goto discard_and_relse;
ac6e7800
ED		 1704 th = (const struct tcphdr *)skb->data;
1705 hdr = ipv6_hdr(skb);
eeea10b8 1706 tcp_v6_fill_cb(skb, hdr, th);
1da177e4
LT		 1707
1708 skb->dev = NULL;
1709
e994b2f0
ED		 1710 if (sk->sk_state == TCP_LISTEN) {
1711 ret = tcp_v6_do_rcv(sk, skb);
1712 goto put_and_return;
1713 }
1714
1715 sk_incoming_cpu_update(sk);
1716
293b9c42 1717 bh_lock_sock_nested(sk);
a44d6eac 1718 tcp_segs_in(tcp_sk(sk), skb);
1da177e4
LT		 1719 ret = 0;
1720 if (!sock_owned_by_user(sk)) {
8b27dae5
ED		 1721 skb_to_free = sk->sk_rx_skb_cache;
1722 sk->sk_rx_skb_cache = NULL;
e7942d06 1723 ret = tcp_v6_do_rcv(sk, skb);
8b27dae5
ED		 1724 } else {
1725 if (tcp_add_backlog(sk, skb))
1726 goto discard_and_relse;
1727 skb_to_free = NULL;
6b03a53a 1728 }
1da177e4 1729 bh_unlock_sock(sk);
8b27dae5
ED		 1730 if (skb_to_free)
1731 __kfree_skb(skb_to_free);
e994b2f0 1732put_and_return:
3b24d854
ED		 1733 if (refcounted)
1734 sock_put(sk);
1da177e4
LT		 1735 return ret ? -1 : 0;
1736
1737no_tcp_socket:
1738 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1739 goto discard_it;
1740
2dc49d16
ND		 1741 tcp_v6_fill_cb(skb, hdr, th);
1742
12e25e10 1743 if (tcp_checksum_complete(skb)) {
6a5dc9e5 1744csum_error:
90bbcc60 1745 __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS);
1da177e4 1746bad_packet:
90bbcc60 1747 __TCP_INC_STATS(net, TCP_MIB_INERRS);
1da177e4 1748 } else {
cfb6eeb4 1749 tcp_v6_send_reset(NULL, skb);
1da177e4
LT		 1750 }
1751
1752discard_it:
1da177e4
LT		 1753 kfree_skb(skb);
1754 return 0;
1755
1756discard_and_relse:
532182cd 1757 sk_drops_add(sk, skb);
3b24d854
ED		 1758 if (refcounted)
1759 sock_put(sk);
1da177e4
LT		 1760 goto discard_it;
1761
1762do_time_wait:
1763 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
9469c7b4 1764 inet_twsk_put(inet_twsk(sk));
1da177e4
LT		 1765 goto discard_it;
1766 }
1767
2dc49d16
ND		 1768 tcp_v6_fill_cb(skb, hdr, th);
1769
6a5dc9e5
ED		 1770 if (tcp_checksum_complete(skb)) {
1771 inet_twsk_put(inet_twsk(sk));
1772 goto csum_error;
1da177e4
LT		 1773 }
1774
9469c7b4 1775 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1da177e4
LT		 1776 case TCP_TW_SYN:
1777 {
1778 struct sock *sk2;
1779
c346dca1 1780 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
a583636a 1781 skb, __tcp_hdrlen(th),
5ba24953 1782 &ipv6_hdr(skb)->saddr, th->source,
0660e03f 1783 &ipv6_hdr(skb)->daddr,
24b711ed
DA		 1784 ntohs(th->dest),
1785 tcp_v6_iif_l3_slave(skb),
4297a0ef 1786 sdif);
53b24b8f 1787 if (sk2) {
295ff7ed 1788 struct inet_timewait_sock *tw = inet_twsk(sk);
dbe7faa4 1789 inet_twsk_deschedule_put(tw);
1da177e4 1790 sk = sk2;
4ad19de8 1791 tcp_v6_restore_cb(skb);
3b24d854 1792 refcounted = false;
1da177e4
LT		 1793 goto process;
1794 }
1da177e4 1795 }
275757e6 1796 /* to ACK */
a8eceea8 1797 fallthrough;
1da177e4
LT		 1798 case TCP_TW_ACK:
1799 tcp_v6_timewait_ack(sk, skb);
1800 break;
1801 case TCP_TW_RST:
271c3b9b
FW		 1802 tcp_v6_send_reset(sk, skb);
1803 inet_twsk_deschedule_put(inet_twsk(sk));
1804 goto discard_it;
4aa956d8
WY		 1805 case TCP_TW_SUCCESS:
1806 ;
1da177e4
LT		 1807 }
1808 goto discard_it;
1809}
1810
97ff7ffb 1811INDIRECT_CALLABLE_SCOPE void tcp_v6_early_demux(struct sk_buff *skb)
c7109986
ED		 1812{
1813 const struct ipv6hdr *hdr;
1814 const struct tcphdr *th;
1815 struct sock *sk;
1816
1817 if (skb->pkt_type != PACKET_HOST)
1818 return;
1819
1820 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1821 return;
1822
1823 hdr = ipv6_hdr(skb);
1824 th = tcp_hdr(skb);
1825
1826 if (th->doff < sizeof(struct tcphdr) / 4)
1827 return;
1828
870c3151 1829 /* Note : We use inet6_iif() here, not tcp_v6_iif() */
c7109986
ED		 1830 sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1831 &hdr->saddr, th->source,
1832 &hdr->daddr, ntohs(th->dest),
4297a0ef 1833 inet6_iif(skb), inet6_sdif(skb));
c7109986
ED		 1834 if (sk) {
1835 skb->sk = sk;
1836 skb->destructor = sock_edemux;
f7e4eb03 1837 if (sk_fullsock(sk)) {
d0c294c5 1838 struct dst_entry *dst = READ_ONCE(sk->sk_rx_dst);
f3f12135 1839
c7109986 1840 if (dst)
93a77c11 1841 dst = dst_check(dst, tcp_inet6_sk(sk)->rx_dst_cookie);
c7109986 1842 if (dst &&
f3f12135 1843 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
c7109986
ED		 1844 skb_dst_set_noref(skb, dst);
1845 }
1846 }
1847}
1848
ccb7c410
DM		 1849static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1850 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
1851 .twsk_unique = tcp_twsk_unique,
4aa956d8 1852 .twsk_destructor = tcp_twsk_destructor,
ccb7c410
DM		 1853};
1854
dd2e0b86
ED		 1855INDIRECT_CALLABLE_SCOPE void tcp_v6_send_check(struct sock *sk, struct sk_buff *skb)
1856{
1857 struct ipv6_pinfo *np = inet6_sk(sk);
1858
1859 __tcp_v6_send_check(skb, &np->saddr, &sk->sk_v6_daddr);
1860}
1861
35b2c321 1862const struct inet_connection_sock_af_ops ipv6_specific = {
543d9cfe
ACM		 1863 .queue_xmit = inet6_csk_xmit,
1864 .send_check = tcp_v6_send_check,
1865 .rebuild_header = inet6_sk_rebuild_header,
5d299f3d 1866 .sk_rx_dst_set = inet6_sk_rx_dst_set,
543d9cfe
ACM		 1867 .conn_request = tcp_v6_conn_request,
1868 .syn_recv_sock = tcp_v6_syn_recv_sock,
543d9cfe 1869 .net_header_len = sizeof(struct ipv6hdr),
67469601 1870 .net_frag_header_len = sizeof(struct frag_hdr),
543d9cfe
ACM		 1871 .setsockopt = ipv6_setsockopt,
1872 .getsockopt = ipv6_getsockopt,
1873 .addr2sockaddr = inet6_csk_addr2sockaddr,
1874 .sockaddr_len = sizeof(struct sockaddr_in6),
4fab9071 1875 .mtu_reduced = tcp_v6_mtu_reduced,
1da177e4
LT		 1876};
1877
cfb6eeb4 1878#ifdef CONFIG_TCP_MD5SIG
b2e4b3de 1879static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
cfb6eeb4 1880 .md5_lookup = tcp_v6_md5_lookup,
49a72dfb 1881 .calc_md5_hash = tcp_v6_md5_hash_skb,
cfb6eeb4 1882 .md5_parse = tcp_v6_parse_md5_keys,
cfb6eeb4 1883};
a928630a 1884#endif
cfb6eeb4 1885
1da177e4
LT		 1886/*
1887 * TCP over IPv4 via INET6 API
1888 */
3b401a81 1889static const struct inet_connection_sock_af_ops ipv6_mapped = {
543d9cfe
ACM		 1890 .queue_xmit = ip_queue_xmit,
1891 .send_check = tcp_v4_send_check,
1892 .rebuild_header = inet_sk_rebuild_header,
63d02d15 1893 .sk_rx_dst_set = inet_sk_rx_dst_set,
543d9cfe
ACM		 1894 .conn_request = tcp_v6_conn_request,
1895 .syn_recv_sock = tcp_v6_syn_recv_sock,
543d9cfe
ACM		 1896 .net_header_len = sizeof(struct iphdr),
1897 .setsockopt = ipv6_setsockopt,
1898 .getsockopt = ipv6_getsockopt,
1899 .addr2sockaddr = inet6_csk_addr2sockaddr,
1900 .sockaddr_len = sizeof(struct sockaddr_in6),
4fab9071 1901 .mtu_reduced = tcp_v4_mtu_reduced,
1da177e4
LT		 1902};
1903
cfb6eeb4 1904#ifdef CONFIG_TCP_MD5SIG
b2e4b3de 1905static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
cfb6eeb4 1906 .md5_lookup = tcp_v4_md5_lookup,
49a72dfb 1907 .calc_md5_hash = tcp_v4_md5_hash_skb,
cfb6eeb4 1908 .md5_parse = tcp_v6_parse_md5_keys,
cfb6eeb4 1909};
a928630a 1910#endif
cfb6eeb4 1911
1da177e4
LT		 1912/* NOTE: A lot of things set to zero explicitly by call to
1913 * sk_alloc() so need not be done here.
1914 */
1915static int tcp_v6_init_sock(struct sock *sk)
1916{
6687e988 1917 struct inet_connection_sock *icsk = inet_csk(sk);
1da177e4 1918
900f65d3 1919 tcp_init_sock(sk);
1da177e4 1920
8292a17a 1921 icsk->icsk_af_ops = &ipv6_specific;
1da177e4 1922
cfb6eeb4 1923#ifdef CONFIG_TCP_MD5SIG
ac807fa8 1924 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
cfb6eeb4
YH		 1925#endif
1926
1da177e4
LT		 1927 return 0;
1928}
1929
7d06b2e0 1930static void tcp_v6_destroy_sock(struct sock *sk)
1da177e4 1931{
1da177e4 1932 tcp_v4_destroy_sock(sk);
7d06b2e0 1933 inet6_destroy_sock(sk);
1da177e4
LT		 1934}
1935
952a10be 1936#ifdef CONFIG_PROC_FS
1da177e4 1937/* Proc filesystem TCPv6 sock list dumping. */
1ab1457c 1938static void get_openreq6(struct seq_file *seq,
aa3a0c8c 1939 const struct request_sock *req, int i)
1da177e4 1940{
fa76ce73 1941 long ttd = req->rsk_timer.expires - jiffies;
634fb979
ED		 1942 const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
1943 const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
1da177e4
LT		 1944
1945 if (ttd < 0)
1946 ttd = 0;
1947
1da177e4
LT		 1948 seq_printf(seq,
1949 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
d14c5ab6 1950 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
1da177e4
LT		 1951 i,
1952 src->s6_addr32[0], src->s6_addr32[1],
1953 src->s6_addr32[2], src->s6_addr32[3],
b44084c2 1954 inet_rsk(req)->ir_num,
1da177e4
LT		 1955 dest->s6_addr32[0], dest->s6_addr32[1],
1956 dest->s6_addr32[2], dest->s6_addr32[3],
634fb979 1957 ntohs(inet_rsk(req)->ir_rmt_port),
1da177e4 1958 TCP_SYN_RECV,
4c99aa40 1959 0, 0, /* could print option size, but that is af dependent. */
1ab1457c
YH		 1960 1, /* timers active (only the expire timer) */
1961 jiffies_to_clock_t(ttd),
e6c022a4 1962 req->num_timeout,
aa3a0c8c
ED		 1963 from_kuid_munged(seq_user_ns(seq),
1964 sock_i_uid(req->rsk_listener)),
1ab1457c 1965 0, /* non standard timer */
1da177e4
LT		 1966 0, /* open_requests have no inode */
1967 0, req);
1968}
1969
1970static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1971{
b71d1d42 1972 const struct in6_addr *dest, *src;
1da177e4
LT		 1973 __u16 destp, srcp;
1974 int timer_active;
1975 unsigned long timer_expires;
cf533ea5
ED		 1976 const struct inet_sock *inet = inet_sk(sp);
1977 const struct tcp_sock *tp = tcp_sk(sp);
463c84b9 1978 const struct inet_connection_sock *icsk = inet_csk(sp);
0536fcc0 1979 const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq;
00fd38d9
ED		 1980 int rx_queue;
1981 int state;
1da177e4 1982
efe4208f
ED		 1983 dest = &sp->sk_v6_daddr;
1984 src = &sp->sk_v6_rcv_saddr;
c720c7e8
ED		 1985 destp = ntohs(inet->inet_dport);
1986 srcp = ntohs(inet->inet_sport);
463c84b9 1987
ce3cf4ec 1988 if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
57dde7f7 1989 icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT ||
ce3cf4ec 1990 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
1da177e4 1991 timer_active = 1;
463c84b9
ACM		 1992 timer_expires = icsk->icsk_timeout;
1993 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1da177e4 1994 timer_active = 4;
463c84b9 1995 timer_expires = icsk->icsk_timeout;
1da177e4
LT		 1996 } else if (timer_pending(&sp->sk_timer)) {
1997 timer_active = 2;
1998 timer_expires = sp->sk_timer.expires;
1999 } else {
2000 timer_active = 0;
2001 timer_expires = jiffies;
2002 }
2003
986ffdfd 2004 state = inet_sk_state_load(sp);
00fd38d9 2005 if (state == TCP_LISTEN)
288efe86 2006 rx_queue = READ_ONCE(sp->sk_ack_backlog);
00fd38d9
ED		 2007 else
2008 /* Because we don't lock the socket,
2009 * we might find a transient negative value.
2010 */
dba7d9b8 2011 rx_queue = max_t(int, READ_ONCE(tp->rcv_nxt) -
7db48e98 2012 READ_ONCE(tp->copied_seq), 0);
00fd38d9 2013
1da177e4
LT		 2014 seq_printf(seq,
2015 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
d14c5ab6 2016 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
1da177e4
LT		 2017 i,
2018 src->s6_addr32[0], src->s6_addr32[1],
2019 src->s6_addr32[2], src->s6_addr32[3], srcp,
2020 dest->s6_addr32[0], dest->s6_addr32[1],
2021 dest->s6_addr32[2], dest->s6_addr32[3], destp,
00fd38d9 2022 state,
0f317464 2023 READ_ONCE(tp->write_seq) - tp->snd_una,
00fd38d9 2024 rx_queue,
1da177e4 2025 timer_active,
a399a805 2026 jiffies_delta_to_clock_t(timer_expires - jiffies),
463c84b9 2027 icsk->icsk_retransmits,
a7cb5a49 2028 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
6687e988 2029 icsk->icsk_probes_out,
1da177e4 2030 sock_i_ino(sp),
41c6d650 2031 refcount_read(&sp->sk_refcnt), sp,
7be87351
SH		 2032 jiffies_to_clock_t(icsk->icsk_rto),
2033 jiffies_to_clock_t(icsk->icsk_ack.ato),
31954cd8 2034 (icsk->icsk_ack.quick << 1) | inet_csk_in_pingpong_mode(sp),
0b6a05c1 2035 tp->snd_cwnd,
00fd38d9 2036 state == TCP_LISTEN ?
0536fcc0 2037 fastopenq->max_qlen :
0a672f74 2038 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
1da177e4
LT		 2039 );
2040}
2041
1ab1457c 2042static void get_timewait6_sock(struct seq_file *seq,
8feaf0c0 2043 struct inet_timewait_sock *tw, int i)
1da177e4 2044{
789f558c 2045 long delta = tw->tw_timer.expires - jiffies;
b71d1d42 2046 const struct in6_addr *dest, *src;
1da177e4 2047 __u16 destp, srcp;
1da177e4 2048
efe4208f
ED		 2049 dest = &tw->tw_v6_daddr;
2050 src = &tw->tw_v6_rcv_saddr;
1da177e4
LT		 2051 destp = ntohs(tw->tw_dport);
2052 srcp = ntohs(tw->tw_sport);
2053
2054 seq_printf(seq,
2055 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
71338aa7 2056 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1da177e4
LT		 2057 i,
2058 src->s6_addr32[0], src->s6_addr32[1],
2059 src->s6_addr32[2], src->s6_addr32[3], srcp,
2060 dest->s6_addr32[0], dest->s6_addr32[1],
2061 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2062 tw->tw_substate, 0, 0,
a399a805 2063 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
41c6d650 2064 refcount_read(&tw->tw_refcnt), tw);
1da177e4
LT		 2065}
2066
1da177e4
LT		 2067static int tcp6_seq_show(struct seq_file *seq, void *v)
2068{
2069 struct tcp_iter_state *st;
05dbc7b5 2070 struct sock *sk = v;
1da177e4
LT		 2071
2072 if (v == SEQ_START_TOKEN) {
2073 seq_puts(seq,
2074 " sl "
2075 "local_address "
2076 "remote_address "
2077 "st tx_queue rx_queue tr tm->when retrnsmt"
2078 " uid timeout inode\n");
2079 goto out;
2080 }
2081 st = seq->private;
2082
079096f1
ED		 2083 if (sk->sk_state == TCP_TIME_WAIT)
2084 get_timewait6_sock(seq, v, st->num);
2085 else if (sk->sk_state == TCP_NEW_SYN_RECV)
aa3a0c8c 2086 get_openreq6(seq, v, st->num);
079096f1
ED		 2087 else
2088 get_tcp6_sock(seq, v, st->num);
1da177e4
LT		 2089out:
2090 return 0;
2091}
2092
37d849bb
CH		 2093static const struct seq_operations tcp6_seq_ops = {
2094 .show = tcp6_seq_show,
2095 .start = tcp_seq_start,
2096 .next = tcp_seq_next,
2097 .stop = tcp_seq_stop,
2098};
2099
1da177e4 2100static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1da177e4 2101 .family = AF_INET6,
1da177e4
LT		 2102};
2103
2c8c1e72 2104int __net_init tcp6_proc_init(struct net *net)
1da177e4 2105{
c3506372
CH		 2106 if (!proc_create_net_data("tcp6", 0444, net->proc_net, &tcp6_seq_ops,
2107 sizeof(struct tcp_iter_state), &tcp6_seq_afinfo))
37d849bb
CH		 2108 return -ENOMEM;
2109 return 0;
1da177e4
LT		 2110}
2111
6f8b13bc 2112void tcp6_proc_exit(struct net *net)
1da177e4 2113{
37d849bb 2114 remove_proc_entry("tcp6", net->proc_net);
1da177e4
LT		 2115}
2116#endif
2117
2118struct proto tcpv6_prot = {
2119 .name = "TCPv6",
2120 .owner = THIS_MODULE,
2121 .close = tcp_close,
d74bad4e 2122 .pre_connect = tcp_v6_pre_connect,
1da177e4
LT		 2123 .connect = tcp_v6_connect,
2124 .disconnect = tcp_disconnect,
463c84b9 2125 .accept = inet_csk_accept,
1da177e4
LT		 2126 .ioctl = tcp_ioctl,
2127 .init = tcp_v6_init_sock,
2128 .destroy = tcp_v6_destroy_sock,
2129 .shutdown = tcp_shutdown,
2130 .setsockopt = tcp_setsockopt,
2131 .getsockopt = tcp_getsockopt,
9cacf81f 2132 .bpf_bypass_getsockopt = tcp_bpf_bypass_getsockopt,
4b9d07a4 2133 .keepalive = tcp_set_keepalive,
1da177e4 2134 .recvmsg = tcp_recvmsg,
7ba42910
CG		 2135 .sendmsg = tcp_sendmsg,
2136 .sendpage = tcp_sendpage,
1da177e4 2137 .backlog_rcv = tcp_v6_do_rcv,
46d3ceab 2138 .release_cb = tcp_release_cb,
496611d7 2139 .hash = inet6_hash,
ab1e0a13
ACM		 2140 .unhash = inet_unhash,
2141 .get_port = inet_csk_get_port,
8a59f9d1
CW		 2142#ifdef CONFIG_BPF_SYSCALL
2143 .psock_update_sk_prot = tcp_bpf_update_proto,
2144#endif
1da177e4 2145 .enter_memory_pressure = tcp_enter_memory_pressure,
06044751 2146 .leave_memory_pressure = tcp_leave_memory_pressure,
c9bee3b7 2147 .stream_memory_free = tcp_stream_memory_free,
1da177e4
LT		 2148 .sockets_allocated = &tcp_sockets_allocated,
2149 .memory_allocated = &tcp_memory_allocated,
2150 .memory_pressure = &tcp_memory_pressure,
0a5578cf 2151 .orphan_count = &tcp_orphan_count,
a4fe34bf 2152 .sysctl_mem = sysctl_tcp_mem,
356d1833
ED		 2153 .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_tcp_wmem),
2154 .sysctl_rmem_offset = offsetof(struct net, ipv4.sysctl_tcp_rmem),
1da177e4
LT		 2155 .max_header = MAX_TCP_HEADER,
2156 .obj_size = sizeof(struct tcp6_sock),
5f0d5a3a 2157 .slab_flags = SLAB_TYPESAFE_BY_RCU,
6d6ee43e 2158 .twsk_prot = &tcp6_timewait_sock_ops,
60236fdd 2159 .rsk_prot = &tcp6_request_sock_ops,
39d8cda7 2160 .h.hashinfo = &tcp_hashinfo,
7ba42910 2161 .no_autobind = true,
c1e64e29 2162 .diag_destroy = tcp_abort,
1da177e4 2163};
6abde0b2 2164EXPORT_SYMBOL_GPL(tcpv6_prot);
1da177e4 2165
a8e3bb34
DA		 2166/* thinking of making this const? Don't.
2167 * early_demux can change based on sysctl.
2168 */
39294c3d 2169static struct inet6_protocol tcpv6_protocol = {
c7109986 2170 .early_demux = tcp_v6_early_demux,
dddb64bc 2171 .early_demux_handler = tcp_v6_early_demux,
1da177e4
LT		 2172 .handler = tcp_v6_rcv,
2173 .err_handler = tcp_v6_err,
2174 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2175};
2176
1da177e4
LT		 2177static struct inet_protosw tcpv6_protosw = {
2178 .type = SOCK_STREAM,
2179 .protocol = IPPROTO_TCP,
2180 .prot = &tcpv6_prot,
2181 .ops = &inet6_stream_ops,
d83d8461
ACM		 2182 .flags = INET_PROTOSW_PERMANENT |
2183 INET_PROTOSW_ICSK,
1da177e4
LT		 2184};
2185
2c8c1e72 2186static int __net_init tcpv6_net_init(struct net *net)
93ec926b 2187{
5677242f
DL		 2188 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2189 SOCK_RAW, IPPROTO_TCP, net);
93ec926b
DL		 2190}
2191
2c8c1e72 2192static void __net_exit tcpv6_net_exit(struct net *net)
93ec926b 2193{
5677242f 2194 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
b099ce26
EB		 2195}
2196
2c8c1e72 2197static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
b099ce26 2198{
1946e672 2199 inet_twsk_purge(&tcp_hashinfo, AF_INET6);
93ec926b
DL		 2200}
2201
2202static struct pernet_operations tcpv6_net_ops = {
b099ce26
EB		 2203 .init = tcpv6_net_init,
2204 .exit = tcpv6_net_exit,
2205 .exit_batch = tcpv6_net_exit_batch,
93ec926b
DL		 2206};
2207
7f4e4868 2208int __init tcpv6_init(void)
1da177e4 2209{
7f4e4868
DL		 2210 int ret;
2211
3336288a
VY		 2212 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2213 if (ret)
c6b641a4 2214 goto out;
3336288a 2215
1da177e4 2216 /* register inet6 protocol */
7f4e4868
DL		 2217 ret = inet6_register_protosw(&tcpv6_protosw);
2218 if (ret)
2219 goto out_tcpv6_protocol;
2220
93ec926b 2221 ret = register_pernet_subsys(&tcpv6_net_ops);
7f4e4868
DL		 2222 if (ret)
2223 goto out_tcpv6_protosw;
f870fa0b
MM		 2224
2225 ret = mptcpv6_init();
2226 if (ret)
2227 goto out_tcpv6_pernet_subsys;
2228
7f4e4868
DL		 2229out:
2230 return ret;
ae0f7d5f 2231
f870fa0b
MM		 2232out_tcpv6_pernet_subsys:
2233 unregister_pernet_subsys(&tcpv6_net_ops);
7f4e4868
DL		 2234out_tcpv6_protosw:
2235 inet6_unregister_protosw(&tcpv6_protosw);
3336288a
VY		 2236out_tcpv6_protocol:
2237 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
7f4e4868
DL		 2238 goto out;
2239}
2240
09f7709f 2241void tcpv6_exit(void)
7f4e4868 2242{
93ec926b 2243 unregister_pernet_subsys(&tcpv6_net_ops);
7f4e4868
DL		 2244 inet6_unregister_protosw(&tcpv6_protosw);
2245 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
1da177e4 2246}
Linux 6.x block layer and io_uring tree(s)