3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
10 * linux/net/ipv4/tcp_input.c
11 * linux/net/ipv4/tcp_output.c
14 * Hideaki YOSHIFUJI : sin6_scope_id support
15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
17 * a single port at the same time.
18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
41 #include <linux/slab.h>
42 #include <linux/uaccess.h>
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
60 #include <net/dsfield.h>
61 #include <net/timewait_sock.h>
62 #include <net/inet_common.h>
63 #include <net/secure_seq.h>
64 #include <net/tcp_memcontrol.h>
65 #include <net/busy_poll.h>
67 #include <linux/proc_fs.h>
68 #include <linux/seq_file.h>
70 #include <linux/crypto.h>
71 #include <linux/scatterlist.h>
73 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
74 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
75 struct request_sock *req);
77 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
79 static const struct inet_connection_sock_af_ops ipv6_mapped;
80 static const struct inet_connection_sock_af_ops ipv6_specific;
81 #ifdef CONFIG_TCP_MD5SIG
82 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
83 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
85 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
86 const struct in6_addr *addr)
92 static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
94 struct dst_entry *dst = skb_dst(skb);
97 const struct rt6_info *rt = (const struct rt6_info *)dst;
101 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
103 inet6_sk(sk)->rx_dst_cookie = rt->rt6i_node->fn_sernum;
107 static __u32 tcp_v6_init_sequence(const struct sk_buff *skb)
109 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
110 ipv6_hdr(skb)->saddr.s6_addr32,
112 tcp_hdr(skb)->source);
115 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
118 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
119 struct inet_sock *inet = inet_sk(sk);
120 struct inet_connection_sock *icsk = inet_csk(sk);
121 struct ipv6_pinfo *np = inet6_sk(sk);
122 struct tcp_sock *tp = tcp_sk(sk);
123 struct in6_addr *saddr = NULL, *final_p, final;
126 struct dst_entry *dst;
130 if (addr_len < SIN6_LEN_RFC2133)
133 if (usin->sin6_family != AF_INET6)
134 return -EAFNOSUPPORT;
136 memset(&fl6, 0, sizeof(fl6));
139 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
140 IP6_ECN_flow_init(fl6.flowlabel);
141 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
142 struct ip6_flowlabel *flowlabel;
143 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
144 if (flowlabel == NULL)
146 fl6_sock_release(flowlabel);
151 * connect() to INADDR_ANY means loopback (BSD'ism).
154 if (ipv6_addr_any(&usin->sin6_addr))
155 usin->sin6_addr.s6_addr[15] = 0x1;
157 addr_type = ipv6_addr_type(&usin->sin6_addr);
159 if (addr_type & IPV6_ADDR_MULTICAST)
162 if (addr_type&IPV6_ADDR_LINKLOCAL) {
163 if (addr_len >= sizeof(struct sockaddr_in6) &&
164 usin->sin6_scope_id) {
165 /* If interface is set while binding, indices
168 if (sk->sk_bound_dev_if &&
169 sk->sk_bound_dev_if != usin->sin6_scope_id)
172 sk->sk_bound_dev_if = usin->sin6_scope_id;
175 /* Connect to link-local address requires an interface */
176 if (!sk->sk_bound_dev_if)
180 if (tp->rx_opt.ts_recent_stamp &&
181 !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
182 tp->rx_opt.ts_recent = 0;
183 tp->rx_opt.ts_recent_stamp = 0;
187 sk->sk_v6_daddr = usin->sin6_addr;
188 np->flow_label = fl6.flowlabel;
194 if (addr_type == IPV6_ADDR_MAPPED) {
195 u32 exthdrlen = icsk->icsk_ext_hdr_len;
196 struct sockaddr_in sin;
198 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
200 if (__ipv6_only_sock(sk))
203 sin.sin_family = AF_INET;
204 sin.sin_port = usin->sin6_port;
205 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
207 icsk->icsk_af_ops = &ipv6_mapped;
208 sk->sk_backlog_rcv = tcp_v4_do_rcv;
209 #ifdef CONFIG_TCP_MD5SIG
210 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
213 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
216 icsk->icsk_ext_hdr_len = exthdrlen;
217 icsk->icsk_af_ops = &ipv6_specific;
218 sk->sk_backlog_rcv = tcp_v6_do_rcv;
219 #ifdef CONFIG_TCP_MD5SIG
220 tp->af_specific = &tcp_sock_ipv6_specific;
224 np->saddr = sk->sk_v6_rcv_saddr;
229 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
230 saddr = &sk->sk_v6_rcv_saddr;
232 fl6.flowi6_proto = IPPROTO_TCP;
233 fl6.daddr = sk->sk_v6_daddr;
234 fl6.saddr = saddr ? *saddr : np->saddr;
235 fl6.flowi6_oif = sk->sk_bound_dev_if;
236 fl6.flowi6_mark = sk->sk_mark;
237 fl6.fl6_dport = usin->sin6_port;
238 fl6.fl6_sport = inet->inet_sport;
240 final_p = fl6_update_dst(&fl6, np->opt, &final);
242 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
244 dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
252 sk->sk_v6_rcv_saddr = *saddr;
255 /* set the source address */
257 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
259 sk->sk_gso_type = SKB_GSO_TCPV6;
260 __ip6_dst_store(sk, dst, NULL, NULL);
262 rt = (struct rt6_info *) dst;
263 if (tcp_death_row.sysctl_tw_recycle &&
264 !tp->rx_opt.ts_recent_stamp &&
265 ipv6_addr_equal(&rt->rt6i_dst.addr, &sk->sk_v6_daddr))
266 tcp_fetch_timewait_stamp(sk, dst);
268 icsk->icsk_ext_hdr_len = 0;
270 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
273 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
275 inet->inet_dport = usin->sin6_port;
277 tcp_set_state(sk, TCP_SYN_SENT);
278 err = inet6_hash_connect(&tcp_death_row, sk);
284 if (!tp->write_seq && likely(!tp->repair))
285 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
286 sk->sk_v6_daddr.s6_addr32,
290 err = tcp_connect(sk);
297 tcp_set_state(sk, TCP_CLOSE);
300 inet->inet_dport = 0;
301 sk->sk_route_caps = 0;
305 static void tcp_v6_mtu_reduced(struct sock *sk)
307 struct dst_entry *dst;
309 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
312 dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info);
316 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
317 tcp_sync_mss(sk, dst_mtu(dst));
318 tcp_simple_retransmit(sk);
322 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
323 u8 type, u8 code, int offset, __be32 info)
325 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
326 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
327 struct net *net = dev_net(skb->dev);
328 struct request_sock *fastopen;
329 struct ipv6_pinfo *np;
335 sk = __inet6_lookup_established(net, &tcp_hashinfo,
336 &hdr->daddr, th->dest,
337 &hdr->saddr, ntohs(th->source),
341 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev),
346 if (sk->sk_state == TCP_TIME_WAIT) {
347 inet_twsk_put(inet_twsk(sk));
350 seq = ntohl(th->seq);
351 if (sk->sk_state == TCP_NEW_SYN_RECV)
352 return tcp_req_err(sk, seq);
355 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
356 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
358 if (sk->sk_state == TCP_CLOSE)
361 if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) {
362 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
367 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
368 fastopen = tp->fastopen_rsk;
369 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
370 if (sk->sk_state != TCP_LISTEN &&
371 !between(seq, snd_una, tp->snd_nxt)) {
372 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
378 if (type == NDISC_REDIRECT) {
379 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
382 dst->ops->redirect(dst, sk, skb);
386 if (type == ICMPV6_PKT_TOOBIG) {
387 /* We are not interested in TCP_LISTEN and open_requests
388 * (SYN-ACKs send out by Linux are always <576bytes so
389 * they should go through unfragmented).
391 if (sk->sk_state == TCP_LISTEN)
394 if (!ip6_sk_accept_pmtu(sk))
397 tp->mtu_info = ntohl(info);
398 if (!sock_owned_by_user(sk))
399 tcp_v6_mtu_reduced(sk);
400 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
406 icmpv6_err_convert(type, code, &err);
408 /* Might be for an request_sock */
409 switch (sk->sk_state) {
412 /* Only in fast or simultaneous open. If a fast open socket is
413 * is already accepted it is treated as a connected one below.
415 if (fastopen && fastopen->sk == NULL)
418 if (!sock_owned_by_user(sk)) {
420 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
424 sk->sk_err_soft = err;
428 if (!sock_owned_by_user(sk) && np->recverr) {
430 sk->sk_error_report(sk);
432 sk->sk_err_soft = err;
440 static int tcp_v6_send_synack(struct sock *sk, struct dst_entry *dst,
442 struct request_sock *req,
444 struct tcp_fastopen_cookie *foc)
446 struct inet_request_sock *ireq = inet_rsk(req);
447 struct ipv6_pinfo *np = inet6_sk(sk);
448 struct flowi6 *fl6 = &fl->u.ip6;
452 /* First, grab a route. */
453 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req)) == NULL)
456 skb = tcp_make_synack(sk, dst, req, foc);
459 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
460 &ireq->ir_v6_rmt_addr);
462 fl6->daddr = ireq->ir_v6_rmt_addr;
463 if (np->repflow && (ireq->pktopts != NULL))
464 fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
466 skb_set_queue_mapping(skb, queue_mapping);
467 err = ip6_xmit(sk, skb, fl6, np->opt, np->tclass);
468 err = net_xmit_eval(err);
476 static void tcp_v6_reqsk_destructor(struct request_sock *req)
478 kfree_skb(inet_rsk(req)->pktopts);
481 #ifdef CONFIG_TCP_MD5SIG
482 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
483 const struct in6_addr *addr)
485 return tcp_md5_do_lookup(sk, (union tcp_md5_addr *)addr, AF_INET6);
488 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
489 struct sock *addr_sk)
491 return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr);
494 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
495 struct request_sock *req)
497 return tcp_v6_md5_do_lookup(sk, &inet_rsk(req)->ir_v6_rmt_addr);
500 static int tcp_v6_parse_md5_keys(struct sock *sk, char __user *optval,
503 struct tcp_md5sig cmd;
504 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
506 if (optlen < sizeof(cmd))
509 if (copy_from_user(&cmd, optval, sizeof(cmd)))
512 if (sin6->sin6_family != AF_INET6)
515 if (!cmd.tcpm_keylen) {
516 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
517 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
519 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
523 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
526 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
527 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
528 AF_INET, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
530 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
531 AF_INET6, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
534 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
535 const struct in6_addr *daddr,
536 const struct in6_addr *saddr, int nbytes)
538 struct tcp6_pseudohdr *bp;
539 struct scatterlist sg;
541 bp = &hp->md5_blk.ip6;
542 /* 1. TCP pseudo-header (RFC2460) */
545 bp->protocol = cpu_to_be32(IPPROTO_TCP);
546 bp->len = cpu_to_be32(nbytes);
548 sg_init_one(&sg, bp, sizeof(*bp));
549 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
552 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
553 const struct in6_addr *daddr, struct in6_addr *saddr,
554 const struct tcphdr *th)
556 struct tcp_md5sig_pool *hp;
557 struct hash_desc *desc;
559 hp = tcp_get_md5sig_pool();
561 goto clear_hash_noput;
562 desc = &hp->md5_desc;
564 if (crypto_hash_init(desc))
566 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
568 if (tcp_md5_hash_header(hp, th))
570 if (tcp_md5_hash_key(hp, key))
572 if (crypto_hash_final(desc, md5_hash))
575 tcp_put_md5sig_pool();
579 tcp_put_md5sig_pool();
581 memset(md5_hash, 0, 16);
585 static int tcp_v6_md5_hash_skb(char *md5_hash,
586 const struct tcp_md5sig_key *key,
587 const struct sock *sk,
588 const struct sk_buff *skb)
590 const struct in6_addr *saddr, *daddr;
591 struct tcp_md5sig_pool *hp;
592 struct hash_desc *desc;
593 const struct tcphdr *th = tcp_hdr(skb);
595 if (sk) { /* valid for establish/request sockets */
596 saddr = &sk->sk_v6_rcv_saddr;
597 daddr = &sk->sk_v6_daddr;
599 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
600 saddr = &ip6h->saddr;
601 daddr = &ip6h->daddr;
604 hp = tcp_get_md5sig_pool();
606 goto clear_hash_noput;
607 desc = &hp->md5_desc;
609 if (crypto_hash_init(desc))
612 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
614 if (tcp_md5_hash_header(hp, th))
616 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
618 if (tcp_md5_hash_key(hp, key))
620 if (crypto_hash_final(desc, md5_hash))
623 tcp_put_md5sig_pool();
627 tcp_put_md5sig_pool();
629 memset(md5_hash, 0, 16);
633 static bool tcp_v6_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb)
635 const __u8 *hash_location = NULL;
636 struct tcp_md5sig_key *hash_expected;
637 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
638 const struct tcphdr *th = tcp_hdr(skb);
642 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
643 hash_location = tcp_parse_md5sig_option(th);
645 /* We've parsed the options - do we have a hash? */
646 if (!hash_expected && !hash_location)
649 if (hash_expected && !hash_location) {
650 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
654 if (!hash_expected && hash_location) {
655 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
659 /* check the signature */
660 genhash = tcp_v6_md5_hash_skb(newhash,
664 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
665 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
666 genhash ? "failed" : "mismatch",
667 &ip6h->saddr, ntohs(th->source),
668 &ip6h->daddr, ntohs(th->dest));
675 static void tcp_v6_init_req(struct request_sock *req, struct sock *sk,
678 struct inet_request_sock *ireq = inet_rsk(req);
679 struct ipv6_pinfo *np = inet6_sk(sk);
681 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
682 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
684 /* So that link locals have meaning */
685 if (!sk->sk_bound_dev_if &&
686 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
687 ireq->ir_iif = tcp_v6_iif(skb);
689 if (!TCP_SKB_CB(skb)->tcp_tw_isn &&
690 (ipv6_opt_accepted(sk, skb, &TCP_SKB_CB(skb)->header.h6) ||
691 np->rxopt.bits.rxinfo ||
692 np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim ||
693 np->rxopt.bits.rxohlim || np->repflow)) {
694 atomic_inc(&skb->users);
697 ireq->ireq_family = AF_INET6;
700 static struct dst_entry *tcp_v6_route_req(struct sock *sk, struct flowi *fl,
701 const struct request_sock *req,
706 return inet6_csk_route_req(sk, &fl->u.ip6, req);
709 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
711 .obj_size = sizeof(struct tcp6_request_sock),
712 .rtx_syn_ack = tcp_rtx_synack,
713 .send_ack = tcp_v6_reqsk_send_ack,
714 .destructor = tcp_v6_reqsk_destructor,
715 .send_reset = tcp_v6_send_reset,
716 .syn_ack_timeout = tcp_syn_ack_timeout,
719 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
720 .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) -
721 sizeof(struct ipv6hdr),
722 #ifdef CONFIG_TCP_MD5SIG
723 .md5_lookup = tcp_v6_reqsk_md5_lookup,
724 .calc_md5_hash = tcp_v6_md5_hash_skb,
726 .init_req = tcp_v6_init_req,
727 #ifdef CONFIG_SYN_COOKIES
728 .cookie_init_seq = cookie_v6_init_sequence,
730 .route_req = tcp_v6_route_req,
731 .init_seq = tcp_v6_init_sequence,
732 .send_synack = tcp_v6_send_synack,
733 .queue_hash_add = inet6_csk_reqsk_queue_hash_add,
736 static void tcp_v6_send_response(struct sock *sk, struct sk_buff *skb, u32 seq,
737 u32 ack, u32 win, u32 tsval, u32 tsecr,
738 int oif, struct tcp_md5sig_key *key, int rst,
739 u8 tclass, u32 label)
741 const struct tcphdr *th = tcp_hdr(skb);
743 struct sk_buff *buff;
745 struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
746 struct sock *ctl_sk = net->ipv6.tcp_sk;
747 unsigned int tot_len = sizeof(struct tcphdr);
748 struct dst_entry *dst;
752 tot_len += TCPOLEN_TSTAMP_ALIGNED;
753 #ifdef CONFIG_TCP_MD5SIG
755 tot_len += TCPOLEN_MD5SIG_ALIGNED;
758 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
763 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
765 t1 = (struct tcphdr *) skb_push(buff, tot_len);
766 skb_reset_transport_header(buff);
768 /* Swap the send and the receive. */
769 memset(t1, 0, sizeof(*t1));
770 t1->dest = th->source;
771 t1->source = th->dest;
772 t1->doff = tot_len / 4;
773 t1->seq = htonl(seq);
774 t1->ack_seq = htonl(ack);
775 t1->ack = !rst || !th->ack;
777 t1->window = htons(win);
779 topt = (__be32 *)(t1 + 1);
782 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
783 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
784 *topt++ = htonl(tsval);
785 *topt++ = htonl(tsecr);
788 #ifdef CONFIG_TCP_MD5SIG
790 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
791 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
792 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
793 &ipv6_hdr(skb)->saddr,
794 &ipv6_hdr(skb)->daddr, t1);
798 memset(&fl6, 0, sizeof(fl6));
799 fl6.daddr = ipv6_hdr(skb)->saddr;
800 fl6.saddr = ipv6_hdr(skb)->daddr;
801 fl6.flowlabel = label;
803 buff->ip_summed = CHECKSUM_PARTIAL;
806 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
808 fl6.flowi6_proto = IPPROTO_TCP;
809 if (rt6_need_strict(&fl6.daddr) && !oif)
810 fl6.flowi6_oif = tcp_v6_iif(skb);
812 fl6.flowi6_oif = oif;
813 fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark);
814 fl6.fl6_dport = t1->dest;
815 fl6.fl6_sport = t1->source;
816 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
818 /* Pass a socket to ip6_dst_lookup either it is for RST
819 * Underlying function will use this to retrieve the network
822 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
824 skb_dst_set(buff, dst);
825 ip6_xmit(ctl_sk, buff, &fl6, NULL, tclass);
826 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
828 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
835 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
837 const struct tcphdr *th = tcp_hdr(skb);
838 u32 seq = 0, ack_seq = 0;
839 struct tcp_md5sig_key *key = NULL;
840 #ifdef CONFIG_TCP_MD5SIG
841 const __u8 *hash_location = NULL;
842 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
843 unsigned char newhash[16];
845 struct sock *sk1 = NULL;
852 /* If sk not NULL, it means we did a successful lookup and incoming
853 * route had to be correct. prequeue might have dropped our dst.
855 if (!sk && !ipv6_unicast_destination(skb))
858 #ifdef CONFIG_TCP_MD5SIG
859 hash_location = tcp_parse_md5sig_option(th);
860 if (!sk && hash_location) {
862 * active side is lost. Try to find listening socket through
863 * source port, and then find md5 key through listening socket.
864 * we are not loose security here:
865 * Incoming packet is checked with md5 hash with finding key,
866 * no RST generated if md5 hash doesn't match.
868 sk1 = inet6_lookup_listener(dev_net(skb_dst(skb)->dev),
869 &tcp_hashinfo, &ipv6h->saddr,
870 th->source, &ipv6h->daddr,
871 ntohs(th->source), tcp_v6_iif(skb));
876 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr);
880 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, skb);
881 if (genhash || memcmp(hash_location, newhash, 16) != 0)
884 key = sk ? tcp_v6_md5_do_lookup(sk, &ipv6h->saddr) : NULL;
889 seq = ntohl(th->ack_seq);
891 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
894 oif = sk ? sk->sk_bound_dev_if : 0;
895 tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, key, 1, 0, 0);
897 #ifdef CONFIG_TCP_MD5SIG
906 static void tcp_v6_send_ack(struct sock *sk, struct sk_buff *skb, u32 seq,
907 u32 ack, u32 win, u32 tsval, u32 tsecr, int oif,
908 struct tcp_md5sig_key *key, u8 tclass,
911 tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, key, 0,
915 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
917 struct inet_timewait_sock *tw = inet_twsk(sk);
918 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
920 tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
921 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
922 tcp_time_stamp + tcptw->tw_ts_offset,
923 tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw),
924 tw->tw_tclass, (tw->tw_flowlabel << 12));
929 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
930 struct request_sock *req)
932 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
933 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
935 tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ?
936 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
937 tcp_rsk(req)->rcv_nxt, req->rcv_wnd,
938 tcp_time_stamp, req->ts_recent, sk->sk_bound_dev_if,
939 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr),
944 static struct sock *tcp_v6_hnd_req(struct sock *sk, struct sk_buff *skb)
946 const struct tcphdr *th = tcp_hdr(skb);
947 struct request_sock *req;
950 /* Find possible connection requests. */
951 req = inet6_csk_search_req(sk, th->source,
952 &ipv6_hdr(skb)->saddr,
953 &ipv6_hdr(skb)->daddr, tcp_v6_iif(skb));
955 nsk = tcp_check_req(sk, skb, req, false);
959 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
960 &ipv6_hdr(skb)->saddr, th->source,
961 &ipv6_hdr(skb)->daddr, ntohs(th->dest),
965 if (nsk->sk_state != TCP_TIME_WAIT) {
969 inet_twsk_put(inet_twsk(nsk));
973 #ifdef CONFIG_SYN_COOKIES
975 sk = cookie_v6_check(sk, skb);
980 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
982 if (skb->protocol == htons(ETH_P_IP))
983 return tcp_v4_conn_request(sk, skb);
985 if (!ipv6_unicast_destination(skb))
988 return tcp_conn_request(&tcp6_request_sock_ops,
989 &tcp_request_sock_ipv6_ops, sk, skb);
992 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
993 return 0; /* don't send reset */
996 static struct sock *tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
997 struct request_sock *req,
998 struct dst_entry *dst)
1000 struct inet_request_sock *ireq;
1001 struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1002 struct tcp6_sock *newtcp6sk;
1003 struct inet_sock *newinet;
1004 struct tcp_sock *newtp;
1006 #ifdef CONFIG_TCP_MD5SIG
1007 struct tcp_md5sig_key *key;
1011 if (skb->protocol == htons(ETH_P_IP)) {
1016 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1021 newtcp6sk = (struct tcp6_sock *)newsk;
1022 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1024 newinet = inet_sk(newsk);
1025 newnp = inet6_sk(newsk);
1026 newtp = tcp_sk(newsk);
1028 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1030 newnp->saddr = newsk->sk_v6_rcv_saddr;
1032 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1033 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1034 #ifdef CONFIG_TCP_MD5SIG
1035 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1038 newnp->ipv6_ac_list = NULL;
1039 newnp->ipv6_fl_list = NULL;
1040 newnp->pktoptions = NULL;
1042 newnp->mcast_oif = tcp_v6_iif(skb);
1043 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1044 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1046 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1049 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1050 * here, tcp_create_openreq_child now does this for us, see the comment in
1051 * that function for the gory details. -acme
1054 /* It is tricky place. Until this moment IPv4 tcp
1055 worked with IPv6 icsk.icsk_af_ops.
1058 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1063 ireq = inet_rsk(req);
1065 if (sk_acceptq_is_full(sk))
1069 dst = inet6_csk_route_req(sk, &fl6, req);
1074 newsk = tcp_create_openreq_child(sk, req, skb);
1079 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1080 * count here, tcp_create_openreq_child now does this for us, see the
1081 * comment in that function for the gory details. -acme
1084 newsk->sk_gso_type = SKB_GSO_TCPV6;
1085 __ip6_dst_store(newsk, dst, NULL, NULL);
1086 inet6_sk_rx_dst_set(newsk, skb);
1088 newtcp6sk = (struct tcp6_sock *)newsk;
1089 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1091 newtp = tcp_sk(newsk);
1092 newinet = inet_sk(newsk);
1093 newnp = inet6_sk(newsk);
1095 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1097 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
1098 newnp->saddr = ireq->ir_v6_loc_addr;
1099 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
1100 newsk->sk_bound_dev_if = ireq->ir_iif;
1102 ip6_set_txhash(newsk);
1104 /* Now IPv6 options...
1106 First: no IPv4 options.
1108 newinet->inet_opt = NULL;
1109 newnp->ipv6_ac_list = NULL;
1110 newnp->ipv6_fl_list = NULL;
1113 newnp->rxopt.all = np->rxopt.all;
1115 /* Clone pktoptions received with SYN */
1116 newnp->pktoptions = NULL;
1117 if (ireq->pktopts != NULL) {
1118 newnp->pktoptions = skb_clone(ireq->pktopts,
1119 sk_gfp_atomic(sk, GFP_ATOMIC));
1120 consume_skb(ireq->pktopts);
1121 ireq->pktopts = NULL;
1122 if (newnp->pktoptions)
1123 skb_set_owner_r(newnp->pktoptions, newsk);
1126 newnp->mcast_oif = tcp_v6_iif(skb);
1127 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1128 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1130 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1132 /* Clone native IPv6 options from listening socket (if any)
1134 Yes, keeping reference count would be much more clever,
1135 but we make one more one thing there: reattach optmem
1139 newnp->opt = ipv6_dup_options(newsk, np->opt);
1141 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1143 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1144 newnp->opt->opt_flen);
1146 tcp_ca_openreq_child(newsk, dst);
1148 tcp_sync_mss(newsk, dst_mtu(dst));
1149 newtp->advmss = dst_metric_advmss(dst);
1150 if (tcp_sk(sk)->rx_opt.user_mss &&
1151 tcp_sk(sk)->rx_opt.user_mss < newtp->advmss)
1152 newtp->advmss = tcp_sk(sk)->rx_opt.user_mss;
1154 tcp_initialize_rcv_mss(newsk);
1156 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1157 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1159 #ifdef CONFIG_TCP_MD5SIG
1160 /* Copy over the MD5 key from the original socket */
1161 key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr);
1163 /* We're using one, so create a matching key
1164 * on the newsk structure. If we fail to get
1165 * memory, then we end up not copying the key
1168 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr,
1169 AF_INET6, key->key, key->keylen,
1170 sk_gfp_atomic(sk, GFP_ATOMIC));
1174 if (__inet_inherit_port(sk, newsk) < 0) {
1175 inet_csk_prepare_forced_close(newsk);
1179 __inet_hash(newsk, NULL);
1184 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1188 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1192 /* The socket must have it's spinlock held when we get
1195 * We have a potential double-lock case here, so even when
1196 * doing backlog processing we use the BH locking scheme.
1197 * This is because we cannot sleep with the original spinlock
1200 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1202 struct ipv6_pinfo *np = inet6_sk(sk);
1203 struct tcp_sock *tp;
1204 struct sk_buff *opt_skb = NULL;
1206 /* Imagine: socket is IPv6. IPv4 packet arrives,
1207 goes to IPv4 receive handler and backlogged.
1208 From backlog it always goes here. Kerboom...
1209 Fortunately, tcp_rcv_established and rcv_established
1210 handle them correctly, but it is not case with
1211 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1214 if (skb->protocol == htons(ETH_P_IP))
1215 return tcp_v4_do_rcv(sk, skb);
1217 if (sk_filter(sk, skb))
1221 * socket locking is here for SMP purposes as backlog rcv
1222 * is currently called with bh processing disabled.
1225 /* Do Stevens' IPV6_PKTOPTIONS.
1227 Yes, guys, it is the only place in our code, where we
1228 may make it not affecting IPv4.
1229 The rest of code is protocol independent,
1230 and I do not like idea to uglify IPv4.
1232 Actually, all the idea behind IPV6_PKTOPTIONS
1233 looks not very well thought. For now we latch
1234 options, received in the last packet, enqueued
1235 by tcp. Feel free to propose better solution.
1239 opt_skb = skb_clone(skb, sk_gfp_atomic(sk, GFP_ATOMIC));
1241 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1242 struct dst_entry *dst = sk->sk_rx_dst;
1244 sock_rps_save_rxhash(sk, skb);
1245 sk_mark_napi_id(sk, skb);
1247 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
1248 dst->ops->check(dst, np->rx_dst_cookie) == NULL) {
1250 sk->sk_rx_dst = NULL;
1254 tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len);
1256 goto ipv6_pktoptions;
1260 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1263 if (sk->sk_state == TCP_LISTEN) {
1264 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1269 * Queue it on the new socket if the new socket is active,
1270 * otherwise we just shortcircuit this and continue with
1274 sock_rps_save_rxhash(nsk, skb);
1275 sk_mark_napi_id(sk, skb);
1276 if (tcp_child_process(sk, nsk, skb))
1279 __kfree_skb(opt_skb);
1283 sock_rps_save_rxhash(sk, skb);
1285 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1288 goto ipv6_pktoptions;
1292 tcp_v6_send_reset(sk, skb);
1295 __kfree_skb(opt_skb);
1299 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_CSUMERRORS);
1300 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1305 /* Do you ask, what is it?
1307 1. skb was enqueued by tcp.
1308 2. skb is added to tail of read queue, rather than out of order.
1309 3. socket is not in passive state.
1310 4. Finally, it really contains options, which user wants to receive.
1313 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1314 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1315 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1316 np->mcast_oif = tcp_v6_iif(opt_skb);
1317 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1318 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1319 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
1320 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
1322 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
1323 if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) {
1324 skb_set_owner_r(opt_skb, sk);
1325 opt_skb = xchg(&np->pktoptions, opt_skb);
1327 __kfree_skb(opt_skb);
1328 opt_skb = xchg(&np->pktoptions, NULL);
1336 static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
1337 const struct tcphdr *th)
1339 /* This is tricky: we move IP6CB at its correct location into
1340 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
1341 * _decode_session6() uses IP6CB().
1342 * barrier() makes sure compiler won't play aliasing games.
1344 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
1345 sizeof(struct inet6_skb_parm));
1348 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1349 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1350 skb->len - th->doff*4);
1351 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1352 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1353 TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1354 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1355 TCP_SKB_CB(skb)->sacked = 0;
1358 static int tcp_v6_rcv(struct sk_buff *skb)
1360 const struct tcphdr *th;
1361 const struct ipv6hdr *hdr;
1364 struct net *net = dev_net(skb->dev);
1366 if (skb->pkt_type != PACKET_HOST)
1370 * Count it even if it's bad.
1372 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1374 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1379 if (th->doff < sizeof(struct tcphdr)/4)
1381 if (!pskb_may_pull(skb, th->doff*4))
1384 if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo))
1388 hdr = ipv6_hdr(skb);
1390 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest,
1396 if (sk->sk_state == TCP_TIME_WAIT)
1399 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
1400 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
1401 goto discard_and_relse;
1404 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1405 goto discard_and_relse;
1407 tcp_v6_fill_cb(skb, hdr, th);
1409 #ifdef CONFIG_TCP_MD5SIG
1410 if (tcp_v6_inbound_md5_hash(sk, skb))
1411 goto discard_and_relse;
1414 if (sk_filter(sk, skb))
1415 goto discard_and_relse;
1417 sk_incoming_cpu_update(sk);
1420 bh_lock_sock_nested(sk);
1422 if (!sock_owned_by_user(sk)) {
1423 if (!tcp_prequeue(sk, skb))
1424 ret = tcp_v6_do_rcv(sk, skb);
1425 } else if (unlikely(sk_add_backlog(sk, skb,
1426 sk->sk_rcvbuf + sk->sk_sndbuf))) {
1428 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP);
1429 goto discard_and_relse;
1434 return ret ? -1 : 0;
1437 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1440 tcp_v6_fill_cb(skb, hdr, th);
1442 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1444 TCP_INC_STATS_BH(net, TCP_MIB_CSUMERRORS);
1446 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1448 tcp_v6_send_reset(NULL, skb);
1460 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1461 inet_twsk_put(inet_twsk(sk));
1465 tcp_v6_fill_cb(skb, hdr, th);
1467 if (skb->len < (th->doff<<2)) {
1468 inet_twsk_put(inet_twsk(sk));
1471 if (tcp_checksum_complete(skb)) {
1472 inet_twsk_put(inet_twsk(sk));
1476 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1481 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1482 &ipv6_hdr(skb)->saddr, th->source,
1483 &ipv6_hdr(skb)->daddr,
1484 ntohs(th->dest), tcp_v6_iif(skb));
1486 struct inet_timewait_sock *tw = inet_twsk(sk);
1487 inet_twsk_deschedule(tw, &tcp_death_row);
1492 /* Fall through to ACK */
1495 tcp_v6_timewait_ack(sk, skb);
1499 case TCP_TW_SUCCESS:
1505 static void tcp_v6_early_demux(struct sk_buff *skb)
1507 const struct ipv6hdr *hdr;
1508 const struct tcphdr *th;
1511 if (skb->pkt_type != PACKET_HOST)
1514 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1517 hdr = ipv6_hdr(skb);
1520 if (th->doff < sizeof(struct tcphdr) / 4)
1523 /* Note : We use inet6_iif() here, not tcp_v6_iif() */
1524 sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1525 &hdr->saddr, th->source,
1526 &hdr->daddr, ntohs(th->dest),
1530 skb->destructor = sock_edemux;
1531 if (sk_fullsock(sk)) {
1532 struct dst_entry *dst = sk->sk_rx_dst;
1535 dst = dst_check(dst, inet6_sk(sk)->rx_dst_cookie);
1537 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
1538 skb_dst_set_noref(skb, dst);
1543 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1544 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
1545 .twsk_unique = tcp_twsk_unique,
1546 .twsk_destructor = tcp_twsk_destructor,
1549 static const struct inet_connection_sock_af_ops ipv6_specific = {
1550 .queue_xmit = inet6_csk_xmit,
1551 .send_check = tcp_v6_send_check,
1552 .rebuild_header = inet6_sk_rebuild_header,
1553 .sk_rx_dst_set = inet6_sk_rx_dst_set,
1554 .conn_request = tcp_v6_conn_request,
1555 .syn_recv_sock = tcp_v6_syn_recv_sock,
1556 .net_header_len = sizeof(struct ipv6hdr),
1557 .net_frag_header_len = sizeof(struct frag_hdr),
1558 .setsockopt = ipv6_setsockopt,
1559 .getsockopt = ipv6_getsockopt,
1560 .addr2sockaddr = inet6_csk_addr2sockaddr,
1561 .sockaddr_len = sizeof(struct sockaddr_in6),
1562 .bind_conflict = inet6_csk_bind_conflict,
1563 #ifdef CONFIG_COMPAT
1564 .compat_setsockopt = compat_ipv6_setsockopt,
1565 .compat_getsockopt = compat_ipv6_getsockopt,
1567 .mtu_reduced = tcp_v6_mtu_reduced,
1570 #ifdef CONFIG_TCP_MD5SIG
1571 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1572 .md5_lookup = tcp_v6_md5_lookup,
1573 .calc_md5_hash = tcp_v6_md5_hash_skb,
1574 .md5_parse = tcp_v6_parse_md5_keys,
1579 * TCP over IPv4 via INET6 API
1581 static const struct inet_connection_sock_af_ops ipv6_mapped = {
1582 .queue_xmit = ip_queue_xmit,
1583 .send_check = tcp_v4_send_check,
1584 .rebuild_header = inet_sk_rebuild_header,
1585 .sk_rx_dst_set = inet_sk_rx_dst_set,
1586 .conn_request = tcp_v6_conn_request,
1587 .syn_recv_sock = tcp_v6_syn_recv_sock,
1588 .net_header_len = sizeof(struct iphdr),
1589 .setsockopt = ipv6_setsockopt,
1590 .getsockopt = ipv6_getsockopt,
1591 .addr2sockaddr = inet6_csk_addr2sockaddr,
1592 .sockaddr_len = sizeof(struct sockaddr_in6),
1593 .bind_conflict = inet6_csk_bind_conflict,
1594 #ifdef CONFIG_COMPAT
1595 .compat_setsockopt = compat_ipv6_setsockopt,
1596 .compat_getsockopt = compat_ipv6_getsockopt,
1598 .mtu_reduced = tcp_v4_mtu_reduced,
1601 #ifdef CONFIG_TCP_MD5SIG
1602 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1603 .md5_lookup = tcp_v4_md5_lookup,
1604 .calc_md5_hash = tcp_v4_md5_hash_skb,
1605 .md5_parse = tcp_v6_parse_md5_keys,
1609 /* NOTE: A lot of things set to zero explicitly by call to
1610 * sk_alloc() so need not be done here.
1612 static int tcp_v6_init_sock(struct sock *sk)
1614 struct inet_connection_sock *icsk = inet_csk(sk);
1618 icsk->icsk_af_ops = &ipv6_specific;
1620 #ifdef CONFIG_TCP_MD5SIG
1621 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
1627 static void tcp_v6_destroy_sock(struct sock *sk)
1629 tcp_v4_destroy_sock(sk);
1630 inet6_destroy_sock(sk);
1633 #ifdef CONFIG_PROC_FS
1634 /* Proc filesystem TCPv6 sock list dumping. */
1635 static void get_openreq6(struct seq_file *seq,
1636 struct request_sock *req, int i, kuid_t uid)
1638 long ttd = req->rsk_timer.expires - jiffies;
1639 const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
1640 const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
1646 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1647 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
1649 src->s6_addr32[0], src->s6_addr32[1],
1650 src->s6_addr32[2], src->s6_addr32[3],
1651 inet_rsk(req)->ir_num,
1652 dest->s6_addr32[0], dest->s6_addr32[1],
1653 dest->s6_addr32[2], dest->s6_addr32[3],
1654 ntohs(inet_rsk(req)->ir_rmt_port),
1656 0, 0, /* could print option size, but that is af dependent. */
1657 1, /* timers active (only the expire timer) */
1658 jiffies_to_clock_t(ttd),
1660 from_kuid_munged(seq_user_ns(seq), uid),
1661 0, /* non standard timer */
1662 0, /* open_requests have no inode */
1666 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1668 const struct in6_addr *dest, *src;
1671 unsigned long timer_expires;
1672 const struct inet_sock *inet = inet_sk(sp);
1673 const struct tcp_sock *tp = tcp_sk(sp);
1674 const struct inet_connection_sock *icsk = inet_csk(sp);
1675 struct fastopen_queue *fastopenq = icsk->icsk_accept_queue.fastopenq;
1677 dest = &sp->sk_v6_daddr;
1678 src = &sp->sk_v6_rcv_saddr;
1679 destp = ntohs(inet->inet_dport);
1680 srcp = ntohs(inet->inet_sport);
1682 if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1684 timer_expires = icsk->icsk_timeout;
1685 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1687 timer_expires = icsk->icsk_timeout;
1688 } else if (timer_pending(&sp->sk_timer)) {
1690 timer_expires = sp->sk_timer.expires;
1693 timer_expires = jiffies;
1697 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1698 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
1700 src->s6_addr32[0], src->s6_addr32[1],
1701 src->s6_addr32[2], src->s6_addr32[3], srcp,
1702 dest->s6_addr32[0], dest->s6_addr32[1],
1703 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1705 tp->write_seq-tp->snd_una,
1706 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
1708 jiffies_delta_to_clock_t(timer_expires - jiffies),
1709 icsk->icsk_retransmits,
1710 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
1711 icsk->icsk_probes_out,
1713 atomic_read(&sp->sk_refcnt), sp,
1714 jiffies_to_clock_t(icsk->icsk_rto),
1715 jiffies_to_clock_t(icsk->icsk_ack.ato),
1716 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
1718 sp->sk_state == TCP_LISTEN ?
1719 (fastopenq ? fastopenq->max_qlen : 0) :
1720 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
1724 static void get_timewait6_sock(struct seq_file *seq,
1725 struct inet_timewait_sock *tw, int i)
1727 const struct in6_addr *dest, *src;
1729 s32 delta = tw->tw_ttd - inet_tw_time_stamp();
1731 dest = &tw->tw_v6_daddr;
1732 src = &tw->tw_v6_rcv_saddr;
1733 destp = ntohs(tw->tw_dport);
1734 srcp = ntohs(tw->tw_sport);
1737 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1738 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1740 src->s6_addr32[0], src->s6_addr32[1],
1741 src->s6_addr32[2], src->s6_addr32[3], srcp,
1742 dest->s6_addr32[0], dest->s6_addr32[1],
1743 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1744 tw->tw_substate, 0, 0,
1745 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
1746 atomic_read(&tw->tw_refcnt), tw);
1749 static int tcp6_seq_show(struct seq_file *seq, void *v)
1751 struct tcp_iter_state *st;
1752 struct sock *sk = v;
1754 if (v == SEQ_START_TOKEN) {
1759 "st tx_queue rx_queue tr tm->when retrnsmt"
1760 " uid timeout inode\n");
1765 switch (st->state) {
1766 case TCP_SEQ_STATE_LISTENING:
1767 case TCP_SEQ_STATE_ESTABLISHED:
1768 if (sk->sk_state == TCP_TIME_WAIT)
1769 get_timewait6_sock(seq, v, st->num);
1771 get_tcp6_sock(seq, v, st->num);
1773 case TCP_SEQ_STATE_OPENREQ:
1774 get_openreq6(seq, v, st->num, st->uid);
1781 static const struct file_operations tcp6_afinfo_seq_fops = {
1782 .owner = THIS_MODULE,
1783 .open = tcp_seq_open,
1785 .llseek = seq_lseek,
1786 .release = seq_release_net
1789 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1792 .seq_fops = &tcp6_afinfo_seq_fops,
1794 .show = tcp6_seq_show,
1798 int __net_init tcp6_proc_init(struct net *net)
1800 return tcp_proc_register(net, &tcp6_seq_afinfo);
1803 void tcp6_proc_exit(struct net *net)
1805 tcp_proc_unregister(net, &tcp6_seq_afinfo);
1809 static void tcp_v6_clear_sk(struct sock *sk, int size)
1811 struct inet_sock *inet = inet_sk(sk);
1813 /* we do not want to clear pinet6 field, because of RCU lookups */
1814 sk_prot_clear_nulls(sk, offsetof(struct inet_sock, pinet6));
1816 size -= offsetof(struct inet_sock, pinet6) + sizeof(inet->pinet6);
1817 memset(&inet->pinet6 + 1, 0, size);
1820 struct proto tcpv6_prot = {
1822 .owner = THIS_MODULE,
1824 .connect = tcp_v6_connect,
1825 .disconnect = tcp_disconnect,
1826 .accept = inet_csk_accept,
1828 .init = tcp_v6_init_sock,
1829 .destroy = tcp_v6_destroy_sock,
1830 .shutdown = tcp_shutdown,
1831 .setsockopt = tcp_setsockopt,
1832 .getsockopt = tcp_getsockopt,
1833 .recvmsg = tcp_recvmsg,
1834 .sendmsg = tcp_sendmsg,
1835 .sendpage = tcp_sendpage,
1836 .backlog_rcv = tcp_v6_do_rcv,
1837 .release_cb = tcp_release_cb,
1839 .unhash = inet_unhash,
1840 .get_port = inet_csk_get_port,
1841 .enter_memory_pressure = tcp_enter_memory_pressure,
1842 .stream_memory_free = tcp_stream_memory_free,
1843 .sockets_allocated = &tcp_sockets_allocated,
1844 .memory_allocated = &tcp_memory_allocated,
1845 .memory_pressure = &tcp_memory_pressure,
1846 .orphan_count = &tcp_orphan_count,
1847 .sysctl_mem = sysctl_tcp_mem,
1848 .sysctl_wmem = sysctl_tcp_wmem,
1849 .sysctl_rmem = sysctl_tcp_rmem,
1850 .max_header = MAX_TCP_HEADER,
1851 .obj_size = sizeof(struct tcp6_sock),
1852 .slab_flags = SLAB_DESTROY_BY_RCU,
1853 .twsk_prot = &tcp6_timewait_sock_ops,
1854 .rsk_prot = &tcp6_request_sock_ops,
1855 .h.hashinfo = &tcp_hashinfo,
1856 .no_autobind = true,
1857 #ifdef CONFIG_COMPAT
1858 .compat_setsockopt = compat_tcp_setsockopt,
1859 .compat_getsockopt = compat_tcp_getsockopt,
1861 #ifdef CONFIG_MEMCG_KMEM
1862 .proto_cgroup = tcp_proto_cgroup,
1864 .clear_sk = tcp_v6_clear_sk,
1867 static const struct inet6_protocol tcpv6_protocol = {
1868 .early_demux = tcp_v6_early_demux,
1869 .handler = tcp_v6_rcv,
1870 .err_handler = tcp_v6_err,
1871 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1874 static struct inet_protosw tcpv6_protosw = {
1875 .type = SOCK_STREAM,
1876 .protocol = IPPROTO_TCP,
1877 .prot = &tcpv6_prot,
1878 .ops = &inet6_stream_ops,
1879 .flags = INET_PROTOSW_PERMANENT |
1883 static int __net_init tcpv6_net_init(struct net *net)
1885 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
1886 SOCK_RAW, IPPROTO_TCP, net);
1889 static void __net_exit tcpv6_net_exit(struct net *net)
1891 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
1894 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
1896 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET6);
1899 static struct pernet_operations tcpv6_net_ops = {
1900 .init = tcpv6_net_init,
1901 .exit = tcpv6_net_exit,
1902 .exit_batch = tcpv6_net_exit_batch,
1905 int __init tcpv6_init(void)
1909 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
1913 /* register inet6 protocol */
1914 ret = inet6_register_protosw(&tcpv6_protosw);
1916 goto out_tcpv6_protocol;
1918 ret = register_pernet_subsys(&tcpv6_net_ops);
1920 goto out_tcpv6_protosw;
1925 inet6_unregister_protosw(&tcpv6_protosw);
1927 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
1931 void tcpv6_exit(void)
1933 unregister_pernet_subsys(&tcpv6_net_ops);
1934 inet6_unregister_protosw(&tcpv6_protosw);
1935 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);