3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
10 * linux/net/ipv4/tcp_input.c
11 * linux/net/ipv4/tcp_output.c
14 * Hideaki YOSHIFUJI : sin6_scope_id support
15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
17 * a single port at the same time.
18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
41 #include <linux/slab.h>
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
60 #include <net/dsfield.h>
61 #include <net/timewait_sock.h>
62 #include <net/netdma.h>
63 #include <net/inet_common.h>
65 #include <asm/uaccess.h>
67 #include <linux/proc_fs.h>
68 #include <linux/seq_file.h>
70 #include <linux/crypto.h>
71 #include <linux/scatterlist.h>
73 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
74 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
75 struct request_sock *req);
77 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
78 static void __tcp_v6_send_check(struct sk_buff *skb,
79 struct in6_addr *saddr,
80 struct in6_addr *daddr);
82 static const struct inet_connection_sock_af_ops ipv6_mapped;
83 static const struct inet_connection_sock_af_ops ipv6_specific;
84 #ifdef CONFIG_TCP_MD5SIG
85 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
86 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
88 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
89 struct in6_addr *addr)
95 static void tcp_v6_hash(struct sock *sk)
97 if (sk->sk_state != TCP_CLOSE) {
98 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
103 __inet6_hash(sk, NULL);
108 static __inline__ __sum16 tcp_v6_check(int len,
109 struct in6_addr *saddr,
110 struct in6_addr *daddr,
113 return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
116 static __u32 tcp_v6_init_sequence(struct sk_buff *skb)
118 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
119 ipv6_hdr(skb)->saddr.s6_addr32,
121 tcp_hdr(skb)->source);
124 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
127 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
128 struct inet_sock *inet = inet_sk(sk);
129 struct inet_connection_sock *icsk = inet_csk(sk);
130 struct ipv6_pinfo *np = inet6_sk(sk);
131 struct tcp_sock *tp = tcp_sk(sk);
132 struct in6_addr *saddr = NULL, *final_p = NULL, final;
134 struct dst_entry *dst;
138 if (addr_len < SIN6_LEN_RFC2133)
141 if (usin->sin6_family != AF_INET6)
142 return(-EAFNOSUPPORT);
144 memset(&fl, 0, sizeof(fl));
147 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
148 IP6_ECN_flow_init(fl.fl6_flowlabel);
149 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
150 struct ip6_flowlabel *flowlabel;
151 flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
152 if (flowlabel == NULL)
154 ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
155 fl6_sock_release(flowlabel);
160 * connect() to INADDR_ANY means loopback (BSD'ism).
163 if(ipv6_addr_any(&usin->sin6_addr))
164 usin->sin6_addr.s6_addr[15] = 0x1;
166 addr_type = ipv6_addr_type(&usin->sin6_addr);
168 if(addr_type & IPV6_ADDR_MULTICAST)
171 if (addr_type&IPV6_ADDR_LINKLOCAL) {
172 if (addr_len >= sizeof(struct sockaddr_in6) &&
173 usin->sin6_scope_id) {
174 /* If interface is set while binding, indices
177 if (sk->sk_bound_dev_if &&
178 sk->sk_bound_dev_if != usin->sin6_scope_id)
181 sk->sk_bound_dev_if = usin->sin6_scope_id;
184 /* Connect to link-local address requires an interface */
185 if (!sk->sk_bound_dev_if)
189 if (tp->rx_opt.ts_recent_stamp &&
190 !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
191 tp->rx_opt.ts_recent = 0;
192 tp->rx_opt.ts_recent_stamp = 0;
196 ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
197 np->flow_label = fl.fl6_flowlabel;
203 if (addr_type == IPV6_ADDR_MAPPED) {
204 u32 exthdrlen = icsk->icsk_ext_hdr_len;
205 struct sockaddr_in sin;
207 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
209 if (__ipv6_only_sock(sk))
212 sin.sin_family = AF_INET;
213 sin.sin_port = usin->sin6_port;
214 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
216 icsk->icsk_af_ops = &ipv6_mapped;
217 sk->sk_backlog_rcv = tcp_v4_do_rcv;
218 #ifdef CONFIG_TCP_MD5SIG
219 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
222 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
225 icsk->icsk_ext_hdr_len = exthdrlen;
226 icsk->icsk_af_ops = &ipv6_specific;
227 sk->sk_backlog_rcv = tcp_v6_do_rcv;
228 #ifdef CONFIG_TCP_MD5SIG
229 tp->af_specific = &tcp_sock_ipv6_specific;
233 ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr);
234 ipv6_addr_set_v4mapped(inet->inet_rcv_saddr,
241 if (!ipv6_addr_any(&np->rcv_saddr))
242 saddr = &np->rcv_saddr;
244 fl.proto = IPPROTO_TCP;
245 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
246 ipv6_addr_copy(&fl.fl6_src,
247 (saddr ? saddr : &np->saddr));
248 fl.oif = sk->sk_bound_dev_if;
249 fl.mark = sk->sk_mark;
250 fl.fl_ip_dport = usin->sin6_port;
251 fl.fl_ip_sport = inet->inet_sport;
253 if (np->opt && np->opt->srcrt) {
254 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
255 ipv6_addr_copy(&final, &fl.fl6_dst);
256 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
260 security_sk_classify_flow(sk, &fl);
262 err = ip6_dst_lookup(sk, &dst, &fl);
266 ipv6_addr_copy(&fl.fl6_dst, final_p);
268 err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
271 err = ip6_dst_blackhole(sk, &dst, &fl);
278 ipv6_addr_copy(&np->rcv_saddr, saddr);
281 /* set the source address */
282 ipv6_addr_copy(&np->saddr, saddr);
283 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
285 sk->sk_gso_type = SKB_GSO_TCPV6;
286 __ip6_dst_store(sk, dst, NULL, NULL);
288 icsk->icsk_ext_hdr_len = 0;
290 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
293 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
295 inet->inet_dport = usin->sin6_port;
297 tcp_set_state(sk, TCP_SYN_SENT);
298 err = inet6_hash_connect(&tcp_death_row, sk);
303 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
308 err = tcp_connect(sk);
315 tcp_set_state(sk, TCP_CLOSE);
318 inet->inet_dport = 0;
319 sk->sk_route_caps = 0;
323 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
324 u8 type, u8 code, int offset, __be32 info)
326 struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
327 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
328 struct ipv6_pinfo *np;
333 struct net *net = dev_net(skb->dev);
335 sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr,
336 th->dest, &hdr->saddr, th->source, skb->dev->ifindex);
339 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev),
344 if (sk->sk_state == TCP_TIME_WAIT) {
345 inet_twsk_put(inet_twsk(sk));
350 if (sock_owned_by_user(sk))
351 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
353 if (sk->sk_state == TCP_CLOSE)
357 seq = ntohl(th->seq);
358 if (sk->sk_state != TCP_LISTEN &&
359 !between(seq, tp->snd_una, tp->snd_nxt)) {
360 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
366 if (type == ICMPV6_PKT_TOOBIG) {
367 struct dst_entry *dst = NULL;
369 if (sock_owned_by_user(sk))
371 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
374 /* icmp should have updated the destination cache entry */
375 dst = __sk_dst_check(sk, np->dst_cookie);
378 struct inet_sock *inet = inet_sk(sk);
381 /* BUGGG_FUTURE: Again, it is not clear how
382 to handle rthdr case. Ignore this complexity
385 memset(&fl, 0, sizeof(fl));
386 fl.proto = IPPROTO_TCP;
387 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
388 ipv6_addr_copy(&fl.fl6_src, &np->saddr);
389 fl.oif = sk->sk_bound_dev_if;
390 fl.mark = sk->sk_mark;
391 fl.fl_ip_dport = inet->inet_dport;
392 fl.fl_ip_sport = inet->inet_sport;
393 security_skb_classify_flow(skb, &fl);
395 if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
396 sk->sk_err_soft = -err;
400 if ((err = xfrm_lookup(net, &dst, &fl, sk, 0)) < 0) {
401 sk->sk_err_soft = -err;
408 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
409 tcp_sync_mss(sk, dst_mtu(dst));
410 tcp_simple_retransmit(sk);
411 } /* else let the usual retransmit timer handle it */
416 icmpv6_err_convert(type, code, &err);
418 /* Might be for an request_sock */
419 switch (sk->sk_state) {
420 struct request_sock *req, **prev;
422 if (sock_owned_by_user(sk))
425 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
426 &hdr->saddr, inet6_iif(skb));
430 /* ICMPs are not backlogged, hence we cannot get
431 * an established socket here.
433 WARN_ON(req->sk != NULL);
435 if (seq != tcp_rsk(req)->snt_isn) {
436 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
440 inet_csk_reqsk_queue_drop(sk, req, prev);
444 case TCP_SYN_RECV: /* Cannot happen.
445 It can, it SYNs are crossed. --ANK */
446 if (!sock_owned_by_user(sk)) {
448 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
452 sk->sk_err_soft = err;
456 if (!sock_owned_by_user(sk) && np->recverr) {
458 sk->sk_error_report(sk);
460 sk->sk_err_soft = err;
468 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
469 struct request_values *rvp)
471 struct inet6_request_sock *treq = inet6_rsk(req);
472 struct ipv6_pinfo *np = inet6_sk(sk);
473 struct sk_buff * skb;
474 struct ipv6_txoptions *opt = NULL;
475 struct in6_addr * final_p = NULL, final;
477 struct dst_entry *dst;
480 memset(&fl, 0, sizeof(fl));
481 fl.proto = IPPROTO_TCP;
482 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
483 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
484 fl.fl6_flowlabel = 0;
486 fl.mark = sk->sk_mark;
487 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
488 fl.fl_ip_sport = inet_rsk(req)->loc_port;
489 security_req_classify_flow(req, &fl);
492 if (opt && opt->srcrt) {
493 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
494 ipv6_addr_copy(&final, &fl.fl6_dst);
495 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
499 err = ip6_dst_lookup(sk, &dst, &fl);
503 ipv6_addr_copy(&fl.fl6_dst, final_p);
504 if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
507 skb = tcp_make_synack(sk, dst, req, rvp);
509 __tcp_v6_send_check(skb, &treq->loc_addr, &treq->rmt_addr);
511 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
512 err = ip6_xmit(sk, skb, &fl, opt);
513 err = net_xmit_eval(err);
517 if (opt && opt != np->opt)
518 sock_kfree_s(sk, opt, opt->tot_len);
523 static int tcp_v6_rtx_synack(struct sock *sk, struct request_sock *req,
524 struct request_values *rvp)
526 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_RETRANSSEGS);
527 return tcp_v6_send_synack(sk, req, rvp);
530 static inline void syn_flood_warning(struct sk_buff *skb)
532 #ifdef CONFIG_SYN_COOKIES
533 if (sysctl_tcp_syncookies)
535 "TCPv6: Possible SYN flooding on port %d. "
536 "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest));
540 "TCPv6: Possible SYN flooding on port %d. "
541 "Dropping request.\n", ntohs(tcp_hdr(skb)->dest));
544 static void tcp_v6_reqsk_destructor(struct request_sock *req)
546 kfree_skb(inet6_rsk(req)->pktopts);
549 #ifdef CONFIG_TCP_MD5SIG
550 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
551 struct in6_addr *addr)
553 struct tcp_sock *tp = tcp_sk(sk);
558 if (!tp->md5sig_info || !tp->md5sig_info->entries6)
561 for (i = 0; i < tp->md5sig_info->entries6; i++) {
562 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr))
563 return &tp->md5sig_info->keys6[i].base;
568 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
569 struct sock *addr_sk)
571 return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
574 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
575 struct request_sock *req)
577 return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
580 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
581 char *newkey, u8 newkeylen)
583 /* Add key to the list */
584 struct tcp_md5sig_key *key;
585 struct tcp_sock *tp = tcp_sk(sk);
586 struct tcp6_md5sig_key *keys;
588 key = tcp_v6_md5_do_lookup(sk, peer);
590 /* modify existing entry - just update that one */
593 key->keylen = newkeylen;
595 /* reallocate new list if current one is full. */
596 if (!tp->md5sig_info) {
597 tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC);
598 if (!tp->md5sig_info) {
602 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
604 if (tcp_alloc_md5sig_pool(sk) == NULL) {
608 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) {
609 keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) *
610 (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
613 tcp_free_md5sig_pool();
618 if (tp->md5sig_info->entries6)
619 memmove(keys, tp->md5sig_info->keys6,
620 (sizeof (tp->md5sig_info->keys6[0]) *
621 tp->md5sig_info->entries6));
623 kfree(tp->md5sig_info->keys6);
624 tp->md5sig_info->keys6 = keys;
625 tp->md5sig_info->alloced6++;
628 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
630 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey;
631 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen;
633 tp->md5sig_info->entries6++;
638 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk,
639 u8 *newkey, __u8 newkeylen)
641 return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr,
645 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
647 struct tcp_sock *tp = tcp_sk(sk);
650 for (i = 0; i < tp->md5sig_info->entries6; i++) {
651 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) {
653 kfree(tp->md5sig_info->keys6[i].base.key);
654 tp->md5sig_info->entries6--;
656 if (tp->md5sig_info->entries6 == 0) {
657 kfree(tp->md5sig_info->keys6);
658 tp->md5sig_info->keys6 = NULL;
659 tp->md5sig_info->alloced6 = 0;
661 /* shrink the database */
662 if (tp->md5sig_info->entries6 != i)
663 memmove(&tp->md5sig_info->keys6[i],
664 &tp->md5sig_info->keys6[i+1],
665 (tp->md5sig_info->entries6 - i)
666 * sizeof (tp->md5sig_info->keys6[0]));
668 tcp_free_md5sig_pool();
675 static void tcp_v6_clear_md5_list (struct sock *sk)
677 struct tcp_sock *tp = tcp_sk(sk);
680 if (tp->md5sig_info->entries6) {
681 for (i = 0; i < tp->md5sig_info->entries6; i++)
682 kfree(tp->md5sig_info->keys6[i].base.key);
683 tp->md5sig_info->entries6 = 0;
684 tcp_free_md5sig_pool();
687 kfree(tp->md5sig_info->keys6);
688 tp->md5sig_info->keys6 = NULL;
689 tp->md5sig_info->alloced6 = 0;
691 if (tp->md5sig_info->entries4) {
692 for (i = 0; i < tp->md5sig_info->entries4; i++)
693 kfree(tp->md5sig_info->keys4[i].base.key);
694 tp->md5sig_info->entries4 = 0;
695 tcp_free_md5sig_pool();
698 kfree(tp->md5sig_info->keys4);
699 tp->md5sig_info->keys4 = NULL;
700 tp->md5sig_info->alloced4 = 0;
703 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
706 struct tcp_md5sig cmd;
707 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
710 if (optlen < sizeof(cmd))
713 if (copy_from_user(&cmd, optval, sizeof(cmd)))
716 if (sin6->sin6_family != AF_INET6)
719 if (!cmd.tcpm_keylen) {
720 if (!tcp_sk(sk)->md5sig_info)
722 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
723 return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
724 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr);
727 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
730 if (!tcp_sk(sk)->md5sig_info) {
731 struct tcp_sock *tp = tcp_sk(sk);
732 struct tcp_md5sig_info *p;
734 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL);
739 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
742 newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
745 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) {
746 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3],
747 newkey, cmd.tcpm_keylen);
749 return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
752 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
753 struct in6_addr *daddr,
754 struct in6_addr *saddr, int nbytes)
756 struct tcp6_pseudohdr *bp;
757 struct scatterlist sg;
759 bp = &hp->md5_blk.ip6;
760 /* 1. TCP pseudo-header (RFC2460) */
761 ipv6_addr_copy(&bp->saddr, saddr);
762 ipv6_addr_copy(&bp->daddr, daddr);
763 bp->protocol = cpu_to_be32(IPPROTO_TCP);
764 bp->len = cpu_to_be32(nbytes);
766 sg_init_one(&sg, bp, sizeof(*bp));
767 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
770 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
771 struct in6_addr *daddr, struct in6_addr *saddr,
774 struct tcp_md5sig_pool *hp;
775 struct hash_desc *desc;
777 hp = tcp_get_md5sig_pool();
779 goto clear_hash_noput;
780 desc = &hp->md5_desc;
782 if (crypto_hash_init(desc))
784 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
786 if (tcp_md5_hash_header(hp, th))
788 if (tcp_md5_hash_key(hp, key))
790 if (crypto_hash_final(desc, md5_hash))
793 tcp_put_md5sig_pool();
797 tcp_put_md5sig_pool();
799 memset(md5_hash, 0, 16);
803 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
804 struct sock *sk, struct request_sock *req,
807 struct in6_addr *saddr, *daddr;
808 struct tcp_md5sig_pool *hp;
809 struct hash_desc *desc;
810 struct tcphdr *th = tcp_hdr(skb);
813 saddr = &inet6_sk(sk)->saddr;
814 daddr = &inet6_sk(sk)->daddr;
816 saddr = &inet6_rsk(req)->loc_addr;
817 daddr = &inet6_rsk(req)->rmt_addr;
819 struct ipv6hdr *ip6h = ipv6_hdr(skb);
820 saddr = &ip6h->saddr;
821 daddr = &ip6h->daddr;
824 hp = tcp_get_md5sig_pool();
826 goto clear_hash_noput;
827 desc = &hp->md5_desc;
829 if (crypto_hash_init(desc))
832 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
834 if (tcp_md5_hash_header(hp, th))
836 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
838 if (tcp_md5_hash_key(hp, key))
840 if (crypto_hash_final(desc, md5_hash))
843 tcp_put_md5sig_pool();
847 tcp_put_md5sig_pool();
849 memset(md5_hash, 0, 16);
853 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
855 __u8 *hash_location = NULL;
856 struct tcp_md5sig_key *hash_expected;
857 struct ipv6hdr *ip6h = ipv6_hdr(skb);
858 struct tcphdr *th = tcp_hdr(skb);
862 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
863 hash_location = tcp_parse_md5sig_option(th);
865 /* We've parsed the options - do we have a hash? */
866 if (!hash_expected && !hash_location)
869 if (hash_expected && !hash_location) {
870 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
874 if (!hash_expected && hash_location) {
875 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
879 /* check the signature */
880 genhash = tcp_v6_md5_hash_skb(newhash,
884 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
885 if (net_ratelimit()) {
886 printk(KERN_INFO "MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
887 genhash ? "failed" : "mismatch",
888 &ip6h->saddr, ntohs(th->source),
889 &ip6h->daddr, ntohs(th->dest));
897 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
899 .obj_size = sizeof(struct tcp6_request_sock),
900 .rtx_syn_ack = tcp_v6_rtx_synack,
901 .send_ack = tcp_v6_reqsk_send_ack,
902 .destructor = tcp_v6_reqsk_destructor,
903 .send_reset = tcp_v6_send_reset,
904 .syn_ack_timeout = tcp_syn_ack_timeout,
907 #ifdef CONFIG_TCP_MD5SIG
908 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
909 .md5_lookup = tcp_v6_reqsk_md5_lookup,
910 .calc_md5_hash = tcp_v6_md5_hash_skb,
914 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
915 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
916 .twsk_unique = tcp_twsk_unique,
917 .twsk_destructor= tcp_twsk_destructor,
920 static void __tcp_v6_send_check(struct sk_buff *skb,
921 struct in6_addr *saddr, struct in6_addr *daddr)
923 struct tcphdr *th = tcp_hdr(skb);
925 if (skb->ip_summed == CHECKSUM_PARTIAL) {
926 th->check = ~tcp_v6_check(skb->len, saddr, daddr, 0);
927 skb->csum_start = skb_transport_header(skb) - skb->head;
928 skb->csum_offset = offsetof(struct tcphdr, check);
930 th->check = tcp_v6_check(skb->len, saddr, daddr,
931 csum_partial(th, th->doff << 2,
936 static void tcp_v6_send_check(struct sock *sk, struct sk_buff *skb)
938 struct ipv6_pinfo *np = inet6_sk(sk);
940 __tcp_v6_send_check(skb, &np->saddr, &np->daddr);
943 static int tcp_v6_gso_send_check(struct sk_buff *skb)
945 struct ipv6hdr *ipv6h;
948 if (!pskb_may_pull(skb, sizeof(*th)))
951 ipv6h = ipv6_hdr(skb);
955 skb->ip_summed = CHECKSUM_PARTIAL;
956 __tcp_v6_send_check(skb, &ipv6h->saddr, &ipv6h->daddr);
960 static struct sk_buff **tcp6_gro_receive(struct sk_buff **head,
963 struct ipv6hdr *iph = skb_gro_network_header(skb);
965 switch (skb->ip_summed) {
966 case CHECKSUM_COMPLETE:
967 if (!tcp_v6_check(skb_gro_len(skb), &iph->saddr, &iph->daddr,
969 skb->ip_summed = CHECKSUM_UNNECESSARY;
975 NAPI_GRO_CB(skb)->flush = 1;
979 return tcp_gro_receive(head, skb);
982 static int tcp6_gro_complete(struct sk_buff *skb)
984 struct ipv6hdr *iph = ipv6_hdr(skb);
985 struct tcphdr *th = tcp_hdr(skb);
987 th->check = ~tcp_v6_check(skb->len - skb_transport_offset(skb),
988 &iph->saddr, &iph->daddr, 0);
989 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6;
991 return tcp_gro_complete(skb);
994 static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
995 u32 ts, struct tcp_md5sig_key *key, int rst)
997 struct tcphdr *th = tcp_hdr(skb), *t1;
998 struct sk_buff *buff;
1000 struct net *net = dev_net(skb_dst(skb)->dev);
1001 struct sock *ctl_sk = net->ipv6.tcp_sk;
1002 unsigned int tot_len = sizeof(struct tcphdr);
1003 struct dst_entry *dst;
1007 tot_len += TCPOLEN_TSTAMP_ALIGNED;
1008 #ifdef CONFIG_TCP_MD5SIG
1010 tot_len += TCPOLEN_MD5SIG_ALIGNED;
1013 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1018 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1020 t1 = (struct tcphdr *) skb_push(buff, tot_len);
1021 skb_reset_transport_header(skb);
1023 /* Swap the send and the receive. */
1024 memset(t1, 0, sizeof(*t1));
1025 t1->dest = th->source;
1026 t1->source = th->dest;
1027 t1->doff = tot_len / 4;
1028 t1->seq = htonl(seq);
1029 t1->ack_seq = htonl(ack);
1030 t1->ack = !rst || !th->ack;
1032 t1->window = htons(win);
1034 topt = (__be32 *)(t1 + 1);
1037 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1038 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
1039 *topt++ = htonl(tcp_time_stamp);
1040 *topt++ = htonl(ts);
1043 #ifdef CONFIG_TCP_MD5SIG
1045 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1046 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1047 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
1048 &ipv6_hdr(skb)->saddr,
1049 &ipv6_hdr(skb)->daddr, t1);
1053 buff->csum = csum_partial(t1, tot_len, 0);
1055 memset(&fl, 0, sizeof(fl));
1056 ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1057 ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr);
1059 __tcp_v6_send_check(buff, &fl.fl6_src, &fl.fl6_dst);
1061 fl.proto = IPPROTO_TCP;
1062 fl.oif = inet6_iif(skb);
1063 fl.fl_ip_dport = t1->dest;
1064 fl.fl_ip_sport = t1->source;
1065 security_skb_classify_flow(skb, &fl);
1067 /* Pass a socket to ip6_dst_lookup either it is for RST
1068 * Underlying function will use this to retrieve the network
1071 if (!ip6_dst_lookup(ctl_sk, &dst, &fl)) {
1072 if (xfrm_lookup(net, &dst, &fl, NULL, 0) >= 0) {
1073 skb_dst_set(buff, dst);
1074 ip6_xmit(ctl_sk, buff, &fl, NULL);
1075 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
1077 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
1085 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
1087 struct tcphdr *th = tcp_hdr(skb);
1088 u32 seq = 0, ack_seq = 0;
1089 struct tcp_md5sig_key *key = NULL;
1094 if (!ipv6_unicast_destination(skb))
1097 #ifdef CONFIG_TCP_MD5SIG
1099 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr);
1103 seq = ntohl(th->ack_seq);
1105 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
1108 tcp_v6_send_response(skb, seq, ack_seq, 0, 0, key, 1);
1111 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts,
1112 struct tcp_md5sig_key *key)
1114 tcp_v6_send_response(skb, seq, ack, win, ts, key, 0);
1117 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1119 struct inet_timewait_sock *tw = inet_twsk(sk);
1120 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1122 tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1123 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1124 tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw));
1129 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
1130 struct request_sock *req)
1132 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent,
1133 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr));
1137 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1139 struct request_sock *req, **prev;
1140 const struct tcphdr *th = tcp_hdr(skb);
1143 /* Find possible connection requests. */
1144 req = inet6_csk_search_req(sk, &prev, th->source,
1145 &ipv6_hdr(skb)->saddr,
1146 &ipv6_hdr(skb)->daddr, inet6_iif(skb));
1148 return tcp_check_req(sk, skb, req, prev);
1150 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
1151 &ipv6_hdr(skb)->saddr, th->source,
1152 &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb));
1155 if (nsk->sk_state != TCP_TIME_WAIT) {
1159 inet_twsk_put(inet_twsk(nsk));
1163 #ifdef CONFIG_SYN_COOKIES
1164 if (!th->rst && !th->syn && th->ack)
1165 sk = cookie_v6_check(sk, skb);
1170 /* FIXME: this is substantially similar to the ipv4 code.
1171 * Can some kind of merge be done? -- erics
1173 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1175 struct tcp_extend_values tmp_ext;
1176 struct tcp_options_received tmp_opt;
1178 struct request_sock *req;
1179 struct inet6_request_sock *treq;
1180 struct ipv6_pinfo *np = inet6_sk(sk);
1181 struct tcp_sock *tp = tcp_sk(sk);
1182 __u32 isn = TCP_SKB_CB(skb)->when;
1183 #ifdef CONFIG_SYN_COOKIES
1184 int want_cookie = 0;
1186 #define want_cookie 0
1189 if (skb->protocol == htons(ETH_P_IP))
1190 return tcp_v4_conn_request(sk, skb);
1192 if (!ipv6_unicast_destination(skb))
1195 if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1196 if (net_ratelimit())
1197 syn_flood_warning(skb);
1198 #ifdef CONFIG_SYN_COOKIES
1199 if (sysctl_tcp_syncookies)
1206 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1209 req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
1213 #ifdef CONFIG_TCP_MD5SIG
1214 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
1217 tcp_clear_options(&tmp_opt);
1218 tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1219 tmp_opt.user_mss = tp->rx_opt.user_mss;
1220 tcp_parse_options(skb, &tmp_opt, &hash_location, 0);
1222 if (tmp_opt.cookie_plus > 0 &&
1223 tmp_opt.saw_tstamp &&
1224 !tp->rx_opt.cookie_out_never &&
1225 (sysctl_tcp_cookie_size > 0 ||
1226 (tp->cookie_values != NULL &&
1227 tp->cookie_values->cookie_desired > 0))) {
1230 u32 *mess = &tmp_ext.cookie_bakery[COOKIE_DIGEST_WORDS];
1231 int l = tmp_opt.cookie_plus - TCPOLEN_COOKIE_BASE;
1233 if (tcp_cookie_generator(&tmp_ext.cookie_bakery[0]) != 0)
1236 /* Secret recipe starts with IP addresses */
1237 d = (__force u32 *)&ipv6_hdr(skb)->daddr.s6_addr32[0];
1242 d = (__force u32 *)&ipv6_hdr(skb)->saddr.s6_addr32[0];
1248 /* plus variable length Initiator Cookie */
1251 *c++ ^= *hash_location++;
1253 #ifdef CONFIG_SYN_COOKIES
1254 want_cookie = 0; /* not our kind of cookie */
1256 tmp_ext.cookie_out_never = 0; /* false */
1257 tmp_ext.cookie_plus = tmp_opt.cookie_plus;
1258 } else if (!tp->rx_opt.cookie_in_always) {
1259 /* redundant indications, but ensure initialization. */
1260 tmp_ext.cookie_out_never = 1; /* true */
1261 tmp_ext.cookie_plus = 0;
1265 tmp_ext.cookie_in_always = tp->rx_opt.cookie_in_always;
1267 if (want_cookie && !tmp_opt.saw_tstamp)
1268 tcp_clear_options(&tmp_opt);
1270 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1271 tcp_openreq_init(req, &tmp_opt, skb);
1273 treq = inet6_rsk(req);
1274 ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr);
1275 ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr);
1277 TCP_ECN_create_request(req, tcp_hdr(skb));
1280 isn = cookie_v6_init_sequence(sk, skb, &req->mss);
1281 req->cookie_ts = tmp_opt.tstamp_ok;
1283 if (ipv6_opt_accepted(sk, skb) ||
1284 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1285 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1286 atomic_inc(&skb->users);
1287 treq->pktopts = skb;
1289 treq->iif = sk->sk_bound_dev_if;
1291 /* So that link locals have meaning */
1292 if (!sk->sk_bound_dev_if &&
1293 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1294 treq->iif = inet6_iif(skb);
1296 isn = tcp_v6_init_sequence(skb);
1298 tcp_rsk(req)->snt_isn = isn;
1300 security_inet_conn_request(sk, skb, req);
1302 if (tcp_v6_send_synack(sk, req,
1303 (struct request_values *)&tmp_ext) ||
1307 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1313 return 0; /* don't send reset */
1316 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1317 struct request_sock *req,
1318 struct dst_entry *dst)
1320 struct inet6_request_sock *treq;
1321 struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1322 struct tcp6_sock *newtcp6sk;
1323 struct inet_sock *newinet;
1324 struct tcp_sock *newtp;
1326 struct ipv6_txoptions *opt;
1327 #ifdef CONFIG_TCP_MD5SIG
1328 struct tcp_md5sig_key *key;
1331 if (skb->protocol == htons(ETH_P_IP)) {
1336 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1341 newtcp6sk = (struct tcp6_sock *)newsk;
1342 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1344 newinet = inet_sk(newsk);
1345 newnp = inet6_sk(newsk);
1346 newtp = tcp_sk(newsk);
1348 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1350 ipv6_addr_set_v4mapped(newinet->inet_daddr, &newnp->daddr);
1352 ipv6_addr_set_v4mapped(newinet->inet_saddr, &newnp->saddr);
1354 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1356 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1357 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1358 #ifdef CONFIG_TCP_MD5SIG
1359 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1362 newnp->pktoptions = NULL;
1364 newnp->mcast_oif = inet6_iif(skb);
1365 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1368 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1369 * here, tcp_create_openreq_child now does this for us, see the comment in
1370 * that function for the gory details. -acme
1373 /* It is tricky place. Until this moment IPv4 tcp
1374 worked with IPv6 icsk.icsk_af_ops.
1377 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1382 treq = inet6_rsk(req);
1385 if (sk_acceptq_is_full(sk))
1389 struct in6_addr *final_p = NULL, final;
1392 memset(&fl, 0, sizeof(fl));
1393 fl.proto = IPPROTO_TCP;
1394 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
1395 if (opt && opt->srcrt) {
1396 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
1397 ipv6_addr_copy(&final, &fl.fl6_dst);
1398 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1401 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
1402 fl.oif = sk->sk_bound_dev_if;
1403 fl.mark = sk->sk_mark;
1404 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
1405 fl.fl_ip_sport = inet_rsk(req)->loc_port;
1406 security_req_classify_flow(req, &fl);
1408 if (ip6_dst_lookup(sk, &dst, &fl))
1412 ipv6_addr_copy(&fl.fl6_dst, final_p);
1414 if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
1418 newsk = tcp_create_openreq_child(sk, req, skb);
1423 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1424 * count here, tcp_create_openreq_child now does this for us, see the
1425 * comment in that function for the gory details. -acme
1428 newsk->sk_gso_type = SKB_GSO_TCPV6;
1429 __ip6_dst_store(newsk, dst, NULL, NULL);
1431 newtcp6sk = (struct tcp6_sock *)newsk;
1432 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1434 newtp = tcp_sk(newsk);
1435 newinet = inet_sk(newsk);
1436 newnp = inet6_sk(newsk);
1438 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1440 ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1441 ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1442 ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1443 newsk->sk_bound_dev_if = treq->iif;
1445 /* Now IPv6 options...
1447 First: no IPv4 options.
1449 newinet->opt = NULL;
1450 newnp->ipv6_fl_list = NULL;
1453 newnp->rxopt.all = np->rxopt.all;
1455 /* Clone pktoptions received with SYN */
1456 newnp->pktoptions = NULL;
1457 if (treq->pktopts != NULL) {
1458 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1459 kfree_skb(treq->pktopts);
1460 treq->pktopts = NULL;
1461 if (newnp->pktoptions)
1462 skb_set_owner_r(newnp->pktoptions, newsk);
1465 newnp->mcast_oif = inet6_iif(skb);
1466 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1468 /* Clone native IPv6 options from listening socket (if any)
1470 Yes, keeping reference count would be much more clever,
1471 but we make one more one thing there: reattach optmem
1475 newnp->opt = ipv6_dup_options(newsk, opt);
1477 sock_kfree_s(sk, opt, opt->tot_len);
1480 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1482 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1483 newnp->opt->opt_flen);
1485 tcp_mtup_init(newsk);
1486 tcp_sync_mss(newsk, dst_mtu(dst));
1487 newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1488 tcp_initialize_rcv_mss(newsk);
1490 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1491 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1493 #ifdef CONFIG_TCP_MD5SIG
1494 /* Copy over the MD5 key from the original socket */
1495 if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
1496 /* We're using one, so create a matching key
1497 * on the newsk structure. If we fail to get
1498 * memory, then we end up not copying the key
1501 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1503 tcp_v6_md5_do_add(newsk, &newnp->daddr,
1504 newkey, key->keylen);
1508 __inet6_hash(newsk, NULL);
1509 __inet_inherit_port(sk, newsk);
1514 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1516 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1517 if (opt && opt != np->opt)
1518 sock_kfree_s(sk, opt, opt->tot_len);
1523 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1525 if (skb->ip_summed == CHECKSUM_COMPLETE) {
1526 if (!tcp_v6_check(skb->len, &ipv6_hdr(skb)->saddr,
1527 &ipv6_hdr(skb)->daddr, skb->csum)) {
1528 skb->ip_summed = CHECKSUM_UNNECESSARY;
1533 skb->csum = ~csum_unfold(tcp_v6_check(skb->len,
1534 &ipv6_hdr(skb)->saddr,
1535 &ipv6_hdr(skb)->daddr, 0));
1537 if (skb->len <= 76) {
1538 return __skb_checksum_complete(skb);
1543 /* The socket must have it's spinlock held when we get
1546 * We have a potential double-lock case here, so even when
1547 * doing backlog processing we use the BH locking scheme.
1548 * This is because we cannot sleep with the original spinlock
1551 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1553 struct ipv6_pinfo *np = inet6_sk(sk);
1554 struct tcp_sock *tp;
1555 struct sk_buff *opt_skb = NULL;
1557 /* Imagine: socket is IPv6. IPv4 packet arrives,
1558 goes to IPv4 receive handler and backlogged.
1559 From backlog it always goes here. Kerboom...
1560 Fortunately, tcp_rcv_established and rcv_established
1561 handle them correctly, but it is not case with
1562 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1565 if (skb->protocol == htons(ETH_P_IP))
1566 return tcp_v4_do_rcv(sk, skb);
1568 #ifdef CONFIG_TCP_MD5SIG
1569 if (tcp_v6_inbound_md5_hash (sk, skb))
1573 if (sk_filter(sk, skb))
1577 * socket locking is here for SMP purposes as backlog rcv
1578 * is currently called with bh processing disabled.
1581 /* Do Stevens' IPV6_PKTOPTIONS.
1583 Yes, guys, it is the only place in our code, where we
1584 may make it not affecting IPv4.
1585 The rest of code is protocol independent,
1586 and I do not like idea to uglify IPv4.
1588 Actually, all the idea behind IPV6_PKTOPTIONS
1589 looks not very well thought. For now we latch
1590 options, received in the last packet, enqueued
1591 by tcp. Feel free to propose better solution.
1595 opt_skb = skb_clone(skb, GFP_ATOMIC);
1597 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1598 TCP_CHECK_TIMER(sk);
1599 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len))
1601 TCP_CHECK_TIMER(sk);
1603 goto ipv6_pktoptions;
1607 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1610 if (sk->sk_state == TCP_LISTEN) {
1611 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1616 * Queue it on the new socket if the new socket is active,
1617 * otherwise we just shortcircuit this and continue with
1621 if (tcp_child_process(sk, nsk, skb))
1624 __kfree_skb(opt_skb);
1629 TCP_CHECK_TIMER(sk);
1630 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1632 TCP_CHECK_TIMER(sk);
1634 goto ipv6_pktoptions;
1638 tcp_v6_send_reset(sk, skb);
1641 __kfree_skb(opt_skb);
1645 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1650 /* Do you ask, what is it?
1652 1. skb was enqueued by tcp.
1653 2. skb is added to tail of read queue, rather than out of order.
1654 3. socket is not in passive state.
1655 4. Finally, it really contains options, which user wants to receive.
1658 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1659 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1660 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1661 np->mcast_oif = inet6_iif(opt_skb);
1662 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1663 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1664 if (ipv6_opt_accepted(sk, opt_skb)) {
1665 skb_set_owner_r(opt_skb, sk);
1666 opt_skb = xchg(&np->pktoptions, opt_skb);
1668 __kfree_skb(opt_skb);
1669 opt_skb = xchg(&np->pktoptions, NULL);
1677 static int tcp_v6_rcv(struct sk_buff *skb)
1682 struct net *net = dev_net(skb->dev);
1684 if (skb->pkt_type != PACKET_HOST)
1688 * Count it even if it's bad.
1690 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1692 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1697 if (th->doff < sizeof(struct tcphdr)/4)
1699 if (!pskb_may_pull(skb, th->doff*4))
1702 if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb))
1706 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1707 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1708 skb->len - th->doff*4);
1709 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1710 TCP_SKB_CB(skb)->when = 0;
1711 TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb));
1712 TCP_SKB_CB(skb)->sacked = 0;
1714 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
1719 if (sk->sk_state == TCP_TIME_WAIT)
1722 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1723 goto discard_and_relse;
1725 if (sk_filter(sk, skb))
1726 goto discard_and_relse;
1730 bh_lock_sock_nested(sk);
1732 if (!sock_owned_by_user(sk)) {
1733 #ifdef CONFIG_NET_DMA
1734 struct tcp_sock *tp = tcp_sk(sk);
1735 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1736 tp->ucopy.dma_chan = dma_find_channel(DMA_MEMCPY);
1737 if (tp->ucopy.dma_chan)
1738 ret = tcp_v6_do_rcv(sk, skb);
1742 if (!tcp_prequeue(sk, skb))
1743 ret = tcp_v6_do_rcv(sk, skb);
1745 } else if (unlikely(sk_add_backlog(sk, skb))) {
1747 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP);
1748 goto discard_and_relse;
1753 return ret ? -1 : 0;
1756 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1759 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1761 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1763 tcp_v6_send_reset(NULL, skb);
1780 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1781 inet_twsk_put(inet_twsk(sk));
1785 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1786 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1787 inet_twsk_put(inet_twsk(sk));
1791 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1796 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1797 &ipv6_hdr(skb)->daddr,
1798 ntohs(th->dest), inet6_iif(skb));
1800 struct inet_timewait_sock *tw = inet_twsk(sk);
1801 inet_twsk_deschedule(tw, &tcp_death_row);
1806 /* Fall through to ACK */
1809 tcp_v6_timewait_ack(sk, skb);
1813 case TCP_TW_SUCCESS:;
1818 static int tcp_v6_remember_stamp(struct sock *sk)
1820 /* Alas, not yet... */
1824 static const struct inet_connection_sock_af_ops ipv6_specific = {
1825 .queue_xmit = inet6_csk_xmit,
1826 .send_check = tcp_v6_send_check,
1827 .rebuild_header = inet6_sk_rebuild_header,
1828 .conn_request = tcp_v6_conn_request,
1829 .syn_recv_sock = tcp_v6_syn_recv_sock,
1830 .remember_stamp = tcp_v6_remember_stamp,
1831 .net_header_len = sizeof(struct ipv6hdr),
1832 .setsockopt = ipv6_setsockopt,
1833 .getsockopt = ipv6_getsockopt,
1834 .addr2sockaddr = inet6_csk_addr2sockaddr,
1835 .sockaddr_len = sizeof(struct sockaddr_in6),
1836 .bind_conflict = inet6_csk_bind_conflict,
1837 #ifdef CONFIG_COMPAT
1838 .compat_setsockopt = compat_ipv6_setsockopt,
1839 .compat_getsockopt = compat_ipv6_getsockopt,
1843 #ifdef CONFIG_TCP_MD5SIG
1844 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1845 .md5_lookup = tcp_v6_md5_lookup,
1846 .calc_md5_hash = tcp_v6_md5_hash_skb,
1847 .md5_add = tcp_v6_md5_add_func,
1848 .md5_parse = tcp_v6_parse_md5_keys,
1853 * TCP over IPv4 via INET6 API
1856 static const struct inet_connection_sock_af_ops ipv6_mapped = {
1857 .queue_xmit = ip_queue_xmit,
1858 .send_check = tcp_v4_send_check,
1859 .rebuild_header = inet_sk_rebuild_header,
1860 .conn_request = tcp_v6_conn_request,
1861 .syn_recv_sock = tcp_v6_syn_recv_sock,
1862 .remember_stamp = tcp_v4_remember_stamp,
1863 .net_header_len = sizeof(struct iphdr),
1864 .setsockopt = ipv6_setsockopt,
1865 .getsockopt = ipv6_getsockopt,
1866 .addr2sockaddr = inet6_csk_addr2sockaddr,
1867 .sockaddr_len = sizeof(struct sockaddr_in6),
1868 .bind_conflict = inet6_csk_bind_conflict,
1869 #ifdef CONFIG_COMPAT
1870 .compat_setsockopt = compat_ipv6_setsockopt,
1871 .compat_getsockopt = compat_ipv6_getsockopt,
1875 #ifdef CONFIG_TCP_MD5SIG
1876 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1877 .md5_lookup = tcp_v4_md5_lookup,
1878 .calc_md5_hash = tcp_v4_md5_hash_skb,
1879 .md5_add = tcp_v6_md5_add_func,
1880 .md5_parse = tcp_v6_parse_md5_keys,
1884 /* NOTE: A lot of things set to zero explicitly by call to
1885 * sk_alloc() so need not be done here.
1887 static int tcp_v6_init_sock(struct sock *sk)
1889 struct inet_connection_sock *icsk = inet_csk(sk);
1890 struct tcp_sock *tp = tcp_sk(sk);
1892 skb_queue_head_init(&tp->out_of_order_queue);
1893 tcp_init_xmit_timers(sk);
1894 tcp_prequeue_init(tp);
1896 icsk->icsk_rto = TCP_TIMEOUT_INIT;
1897 tp->mdev = TCP_TIMEOUT_INIT;
1899 /* So many TCP implementations out there (incorrectly) count the
1900 * initial SYN frame in their delayed-ACK and congestion control
1901 * algorithms that we must have the following bandaid to talk
1902 * efficiently to them. -DaveM
1906 /* See draft-stevens-tcpca-spec-01 for discussion of the
1907 * initialization of these values.
1909 tp->snd_ssthresh = TCP_INFINITE_SSTHRESH;
1910 tp->snd_cwnd_clamp = ~0;
1911 tp->mss_cache = TCP_MSS_DEFAULT;
1913 tp->reordering = sysctl_tcp_reordering;
1915 sk->sk_state = TCP_CLOSE;
1917 icsk->icsk_af_ops = &ipv6_specific;
1918 icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1919 icsk->icsk_sync_mss = tcp_sync_mss;
1920 sk->sk_write_space = sk_stream_write_space;
1921 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1923 #ifdef CONFIG_TCP_MD5SIG
1924 tp->af_specific = &tcp_sock_ipv6_specific;
1927 /* TCP Cookie Transactions */
1928 if (sysctl_tcp_cookie_size > 0) {
1929 /* Default, cookies without s_data_payload. */
1931 kzalloc(sizeof(*tp->cookie_values),
1933 if (tp->cookie_values != NULL)
1934 kref_init(&tp->cookie_values->kref);
1936 /* Presumed zeroed, in order of appearance:
1937 * cookie_in_always, cookie_out_never,
1938 * s_data_constant, s_data_in, s_data_out
1940 sk->sk_sndbuf = sysctl_tcp_wmem[1];
1941 sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1944 percpu_counter_inc(&tcp_sockets_allocated);
1950 static void tcp_v6_destroy_sock(struct sock *sk)
1952 #ifdef CONFIG_TCP_MD5SIG
1953 /* Clean up the MD5 key list */
1954 if (tcp_sk(sk)->md5sig_info)
1955 tcp_v6_clear_md5_list(sk);
1957 tcp_v4_destroy_sock(sk);
1958 inet6_destroy_sock(sk);
1961 #ifdef CONFIG_PROC_FS
1962 /* Proc filesystem TCPv6 sock list dumping. */
1963 static void get_openreq6(struct seq_file *seq,
1964 struct sock *sk, struct request_sock *req, int i, int uid)
1966 int ttd = req->expires - jiffies;
1967 struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1968 struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1974 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1975 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1977 src->s6_addr32[0], src->s6_addr32[1],
1978 src->s6_addr32[2], src->s6_addr32[3],
1979 ntohs(inet_rsk(req)->loc_port),
1980 dest->s6_addr32[0], dest->s6_addr32[1],
1981 dest->s6_addr32[2], dest->s6_addr32[3],
1982 ntohs(inet_rsk(req)->rmt_port),
1984 0,0, /* could print option size, but that is af dependent. */
1985 1, /* timers active (only the expire timer) */
1986 jiffies_to_clock_t(ttd),
1989 0, /* non standard timer */
1990 0, /* open_requests have no inode */
1994 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1996 struct in6_addr *dest, *src;
1999 unsigned long timer_expires;
2000 struct inet_sock *inet = inet_sk(sp);
2001 struct tcp_sock *tp = tcp_sk(sp);
2002 const struct inet_connection_sock *icsk = inet_csk(sp);
2003 struct ipv6_pinfo *np = inet6_sk(sp);
2006 src = &np->rcv_saddr;
2007 destp = ntohs(inet->inet_dport);
2008 srcp = ntohs(inet->inet_sport);
2010 if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
2012 timer_expires = icsk->icsk_timeout;
2013 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2015 timer_expires = icsk->icsk_timeout;
2016 } else if (timer_pending(&sp->sk_timer)) {
2018 timer_expires = sp->sk_timer.expires;
2021 timer_expires = jiffies;
2025 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2026 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %lu %lu %u %u %d\n",
2028 src->s6_addr32[0], src->s6_addr32[1],
2029 src->s6_addr32[2], src->s6_addr32[3], srcp,
2030 dest->s6_addr32[0], dest->s6_addr32[1],
2031 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2033 tp->write_seq-tp->snd_una,
2034 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
2036 jiffies_to_clock_t(timer_expires - jiffies),
2037 icsk->icsk_retransmits,
2039 icsk->icsk_probes_out,
2041 atomic_read(&sp->sk_refcnt), sp,
2042 jiffies_to_clock_t(icsk->icsk_rto),
2043 jiffies_to_clock_t(icsk->icsk_ack.ato),
2044 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
2046 tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh
2050 static void get_timewait6_sock(struct seq_file *seq,
2051 struct inet_timewait_sock *tw, int i)
2053 struct in6_addr *dest, *src;
2055 struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
2056 int ttd = tw->tw_ttd - jiffies;
2061 dest = &tw6->tw_v6_daddr;
2062 src = &tw6->tw_v6_rcv_saddr;
2063 destp = ntohs(tw->tw_dport);
2064 srcp = ntohs(tw->tw_sport);
2067 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2068 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
2070 src->s6_addr32[0], src->s6_addr32[1],
2071 src->s6_addr32[2], src->s6_addr32[3], srcp,
2072 dest->s6_addr32[0], dest->s6_addr32[1],
2073 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2074 tw->tw_substate, 0, 0,
2075 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2076 atomic_read(&tw->tw_refcnt), tw);
2079 static int tcp6_seq_show(struct seq_file *seq, void *v)
2081 struct tcp_iter_state *st;
2083 if (v == SEQ_START_TOKEN) {
2088 "st tx_queue rx_queue tr tm->when retrnsmt"
2089 " uid timeout inode\n");
2094 switch (st->state) {
2095 case TCP_SEQ_STATE_LISTENING:
2096 case TCP_SEQ_STATE_ESTABLISHED:
2097 get_tcp6_sock(seq, v, st->num);
2099 case TCP_SEQ_STATE_OPENREQ:
2100 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
2102 case TCP_SEQ_STATE_TIME_WAIT:
2103 get_timewait6_sock(seq, v, st->num);
2110 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2114 .owner = THIS_MODULE,
2117 .show = tcp6_seq_show,
2121 int __net_init tcp6_proc_init(struct net *net)
2123 return tcp_proc_register(net, &tcp6_seq_afinfo);
2126 void tcp6_proc_exit(struct net *net)
2128 tcp_proc_unregister(net, &tcp6_seq_afinfo);
2132 struct proto tcpv6_prot = {
2134 .owner = THIS_MODULE,
2136 .connect = tcp_v6_connect,
2137 .disconnect = tcp_disconnect,
2138 .accept = inet_csk_accept,
2140 .init = tcp_v6_init_sock,
2141 .destroy = tcp_v6_destroy_sock,
2142 .shutdown = tcp_shutdown,
2143 .setsockopt = tcp_setsockopt,
2144 .getsockopt = tcp_getsockopt,
2145 .recvmsg = tcp_recvmsg,
2146 .backlog_rcv = tcp_v6_do_rcv,
2147 .hash = tcp_v6_hash,
2148 .unhash = inet_unhash,
2149 .get_port = inet_csk_get_port,
2150 .enter_memory_pressure = tcp_enter_memory_pressure,
2151 .sockets_allocated = &tcp_sockets_allocated,
2152 .memory_allocated = &tcp_memory_allocated,
2153 .memory_pressure = &tcp_memory_pressure,
2154 .orphan_count = &tcp_orphan_count,
2155 .sysctl_mem = sysctl_tcp_mem,
2156 .sysctl_wmem = sysctl_tcp_wmem,
2157 .sysctl_rmem = sysctl_tcp_rmem,
2158 .max_header = MAX_TCP_HEADER,
2159 .obj_size = sizeof(struct tcp6_sock),
2160 .slab_flags = SLAB_DESTROY_BY_RCU,
2161 .twsk_prot = &tcp6_timewait_sock_ops,
2162 .rsk_prot = &tcp6_request_sock_ops,
2163 .h.hashinfo = &tcp_hashinfo,
2164 #ifdef CONFIG_COMPAT
2165 .compat_setsockopt = compat_tcp_setsockopt,
2166 .compat_getsockopt = compat_tcp_getsockopt,
2170 static const struct inet6_protocol tcpv6_protocol = {
2171 .handler = tcp_v6_rcv,
2172 .err_handler = tcp_v6_err,
2173 .gso_send_check = tcp_v6_gso_send_check,
2174 .gso_segment = tcp_tso_segment,
2175 .gro_receive = tcp6_gro_receive,
2176 .gro_complete = tcp6_gro_complete,
2177 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2180 static struct inet_protosw tcpv6_protosw = {
2181 .type = SOCK_STREAM,
2182 .protocol = IPPROTO_TCP,
2183 .prot = &tcpv6_prot,
2184 .ops = &inet6_stream_ops,
2186 .flags = INET_PROTOSW_PERMANENT |
2190 static int __net_init tcpv6_net_init(struct net *net)
2192 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2193 SOCK_RAW, IPPROTO_TCP, net);
2196 static void __net_exit tcpv6_net_exit(struct net *net)
2198 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
2201 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
2203 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET6);
2206 static struct pernet_operations tcpv6_net_ops = {
2207 .init = tcpv6_net_init,
2208 .exit = tcpv6_net_exit,
2209 .exit_batch = tcpv6_net_exit_batch,
2212 int __init tcpv6_init(void)
2216 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2220 /* register inet6 protocol */
2221 ret = inet6_register_protosw(&tcpv6_protosw);
2223 goto out_tcpv6_protocol;
2225 ret = register_pernet_subsys(&tcpv6_net_ops);
2227 goto out_tcpv6_protosw;
2232 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2234 inet6_unregister_protosw(&tcpv6_protosw);
2238 void tcpv6_exit(void)
2240 unregister_pernet_subsys(&tcpv6_net_ops);
2241 inet6_unregister_protosw(&tcpv6_protosw);
2242 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);