1 /*
2 * TCP over IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * Based on:
9 * linux/net/ipv4/tcp.c
10 * linux/net/ipv4/tcp_input.c
11 * linux/net/ipv4/tcp_output.c
12 *
13 * Fixes:
14 * Hideaki YOSHIFUJI : sin6_scope_id support
15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
17 * a single port at the same time.
18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
19 *
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
24 */
25
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
34 #include <linux/in.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
41
42 #include <linux/ipv6.h>
43 #include <linux/icmpv6.h>
44 #include <linux/random.h>
45
46 #include <net/tcp.h>
47 #include <net/ndisc.h>
48 #include <net/inet6_hashtables.h>
49 #include <net/inet6_connection_sock.h>
50 #include <net/ipv6.h>
51 #include <net/transp_v6.h>
52 #include <net/addrconf.h>
53 #include <net/ip6_route.h>
54 #include <net/ip6_checksum.h>
55 #include <net/inet_ecn.h>
56 #include <net/protocol.h>
57 #include <net/xfrm.h>
58 #include <net/snmp.h>
59 #include <net/dsfield.h>
60 #include <net/timewait_sock.h>
61 #include <net/netdma.h>
62 #include <net/inet_common.h>
63
64 #include <asm/uaccess.h>
65
66 #include <linux/proc_fs.h>
67 #include <linux/seq_file.h>
68
69 #include <linux/crypto.h>
70 #include <linux/scatterlist.h>
71
72 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
73 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
74 struct request_sock *req);
75
76 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
77
78 static struct inet_connection_sock_af_ops ipv6_mapped;
79 static struct inet_connection_sock_af_ops ipv6_specific;
80 #ifdef CONFIG_TCP_MD5SIG
81 static struct tcp_sock_af_ops tcp_sock_ipv6_specific;
82 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
83 #else
tcp_v6_md5_do_lookup(struct sock * sk,struct in6_addr * addr)84 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
85 struct in6_addr *addr)
86 {
87 return NULL;
88 }
89 #endif
90
tcp_v6_hash(struct sock * sk)91 static void tcp_v6_hash(struct sock *sk)
92 {
93 if (sk->sk_state != TCP_CLOSE) {
94 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
95 tcp_prot.hash(sk);
96 return;
97 }
98 local_bh_disable();
99 __inet6_hash(sk);
100 local_bh_enable();
101 }
102 }
103
tcp_v6_check(int len,struct in6_addr * saddr,struct in6_addr * daddr,__wsum base)104 static __inline__ __sum16 tcp_v6_check(int len,
105 struct in6_addr *saddr,
106 struct in6_addr *daddr,
107 __wsum base)
108 {
109 return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
110 }
111
tcp_v6_init_sequence(struct sk_buff * skb)112 static __u32 tcp_v6_init_sequence(struct sk_buff *skb)
113 {
114 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
115 ipv6_hdr(skb)->saddr.s6_addr32,
116 tcp_hdr(skb)->dest,
117 tcp_hdr(skb)->source);
118 }
119
tcp_v6_connect(struct sock * sk,struct sockaddr * uaddr,int addr_len)120 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
121 int addr_len)
122 {
123 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
124 struct inet_sock *inet = inet_sk(sk);
125 struct inet_connection_sock *icsk = inet_csk(sk);
126 struct ipv6_pinfo *np = inet6_sk(sk);
127 struct tcp_sock *tp = tcp_sk(sk);
128 struct in6_addr *saddr = NULL, *final_p = NULL, final;
129 struct flowi fl;
130 struct dst_entry *dst;
131 int addr_type;
132 int err;
133
134 if (addr_len < SIN6_LEN_RFC2133)
135 return -EINVAL;
136
137 if (usin->sin6_family != AF_INET6)
138 return(-EAFNOSUPPORT);
139
140 memset(&fl, 0, sizeof(fl));
141
142 if (np->sndflow) {
143 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
144 IP6_ECN_flow_init(fl.fl6_flowlabel);
145 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
146 struct ip6_flowlabel *flowlabel;
147 flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
148 if (flowlabel == NULL)
149 return -EINVAL;
150 ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
151 fl6_sock_release(flowlabel);
152 }
153 }
154
155 /*
156 * connect() to INADDR_ANY means loopback (BSD'ism).
157 */
158
159 if(ipv6_addr_any(&usin->sin6_addr))
160 usin->sin6_addr.s6_addr[15] = 0x1;
161
162 addr_type = ipv6_addr_type(&usin->sin6_addr);
163
164 if(addr_type & IPV6_ADDR_MULTICAST)
165 return -ENETUNREACH;
166
167 if (addr_type&IPV6_ADDR_LINKLOCAL) {
168 if (addr_len >= sizeof(struct sockaddr_in6) &&
169 usin->sin6_scope_id) {
170 /* If interface is set while binding, indices
171 * must coincide.
172 */
173 if (sk->sk_bound_dev_if &&
174 sk->sk_bound_dev_if != usin->sin6_scope_id)
175 return -EINVAL;
176
177 sk->sk_bound_dev_if = usin->sin6_scope_id;
178 }
179
180 /* Connect to link-local address requires an interface */
181 if (!sk->sk_bound_dev_if)
182 return -EINVAL;
183 }
184
185 if (tp->rx_opt.ts_recent_stamp &&
186 !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
187 tp->rx_opt.ts_recent = 0;
188 tp->rx_opt.ts_recent_stamp = 0;
189 tp->write_seq = 0;
190 }
191
192 ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
193 np->flow_label = fl.fl6_flowlabel;
194
195 /*
196 * TCP over IPv4
197 */
198
199 if (addr_type == IPV6_ADDR_MAPPED) {
200 u32 exthdrlen = icsk->icsk_ext_hdr_len;
201 struct sockaddr_in sin;
202
203 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
204
205 if (__ipv6_only_sock(sk))
206 return -ENETUNREACH;
207
208 sin.sin_family = AF_INET;
209 sin.sin_port = usin->sin6_port;
210 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
211
212 icsk->icsk_af_ops = &ipv6_mapped;
213 sk->sk_backlog_rcv = tcp_v4_do_rcv;
214 #ifdef CONFIG_TCP_MD5SIG
215 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
216 #endif
217
218 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
219
220 if (err) {
221 icsk->icsk_ext_hdr_len = exthdrlen;
222 icsk->icsk_af_ops = &ipv6_specific;
223 sk->sk_backlog_rcv = tcp_v6_do_rcv;
224 #ifdef CONFIG_TCP_MD5SIG
225 tp->af_specific = &tcp_sock_ipv6_specific;
226 #endif
227 goto failure;
228 } else {
229 ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF),
230 inet->saddr);
231 ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF),
232 inet->rcv_saddr);
233 }
234
235 return err;
236 }
237
238 if (!ipv6_addr_any(&np->rcv_saddr))
239 saddr = &np->rcv_saddr;
240
241 fl.proto = IPPROTO_TCP;
242 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
243 ipv6_addr_copy(&fl.fl6_src,
244 (saddr ? saddr : &np->saddr));
245 fl.oif = sk->sk_bound_dev_if;
246 fl.fl_ip_dport = usin->sin6_port;
247 fl.fl_ip_sport = inet->sport;
248
249 if (np->opt && np->opt->srcrt) {
250 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
251 ipv6_addr_copy(&final, &fl.fl6_dst);
252 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
253 final_p = &final;
254 }
255
256 security_sk_classify_flow(sk, &fl);
257
258 err = ip6_dst_lookup(sk, &dst, &fl);
259 if (err)
260 goto failure;
261 if (final_p)
262 ipv6_addr_copy(&fl.fl6_dst, final_p);
263
264 err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
265 if (err < 0) {
266 if (err == -EREMOTE)
267 err = ip6_dst_blackhole(sk, &dst, &fl);
268 if (err < 0)
269 goto failure;
270 }
271
272 if (saddr == NULL) {
273 saddr = &fl.fl6_src;
274 ipv6_addr_copy(&np->rcv_saddr, saddr);
275 }
276
277 /* set the source address */
278 ipv6_addr_copy(&np->saddr, saddr);
279 inet->rcv_saddr = LOOPBACK4_IPV6;
280
281 sk->sk_gso_type = SKB_GSO_TCPV6;
282 __ip6_dst_store(sk, dst, NULL, NULL);
283
284 icsk->icsk_ext_hdr_len = 0;
285 if (np->opt)
286 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
287 np->opt->opt_nflen);
288
289 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
290
291 inet->dport = usin->sin6_port;
292
293 tcp_set_state(sk, TCP_SYN_SENT);
294 err = inet6_hash_connect(&tcp_death_row, sk);
295 if (err)
296 goto late_failure;
297
298 if (!tp->write_seq)
299 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
300 np->daddr.s6_addr32,
301 inet->sport,
302 inet->dport);
303
304 err = tcp_connect(sk);
305 if (err)
306 goto late_failure;
307
308 return 0;
309
310 late_failure:
311 tcp_set_state(sk, TCP_CLOSE);
312 __sk_dst_reset(sk);
313 failure:
314 inet->dport = 0;
315 sk->sk_route_caps = 0;
316 return err;
317 }
318
tcp_v6_err(struct sk_buff * skb,struct inet6_skb_parm * opt,int type,int code,int offset,__be32 info)319 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
320 int type, int code, int offset, __be32 info)
321 {
322 struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
323 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
324 struct ipv6_pinfo *np;
325 struct sock *sk;
326 int err;
327 struct tcp_sock *tp;
328 __u32 seq;
329 struct net *net = dev_net(skb->dev);
330
331 sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr,
332 th->dest, &hdr->saddr, th->source, skb->dev->ifindex);
333
334 if (sk == NULL) {
335 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev),
336 ICMP6_MIB_INERRORS);
337 return;
338 }
339
340 if (sk->sk_state == TCP_TIME_WAIT) {
341 inet_twsk_put(inet_twsk(sk));
342 return;
343 }
344
345 bh_lock_sock(sk);
346 if (sock_owned_by_user(sk))
347 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
348
349 if (sk->sk_state == TCP_CLOSE)
350 goto out;
351
352 tp = tcp_sk(sk);
353 seq = ntohl(th->seq);
354 if (sk->sk_state != TCP_LISTEN &&
355 !between(seq, tp->snd_una, tp->snd_nxt)) {
356 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
357 goto out;
358 }
359
360 np = inet6_sk(sk);
361
362 if (type == ICMPV6_PKT_TOOBIG) {
363 struct dst_entry *dst = NULL;
364
365 if (sock_owned_by_user(sk))
366 goto out;
367 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
368 goto out;
369
370 /* icmp should have updated the destination cache entry */
371 dst = __sk_dst_check(sk, np->dst_cookie);
372
373 if (dst == NULL) {
374 struct inet_sock *inet = inet_sk(sk);
375 struct flowi fl;
376
377 /* BUGGG_FUTURE: Again, it is not clear how
378 to handle rthdr case. Ignore this complexity
379 for now.
380 */
381 memset(&fl, 0, sizeof(fl));
382 fl.proto = IPPROTO_TCP;
383 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
384 ipv6_addr_copy(&fl.fl6_src, &np->saddr);
385 fl.oif = sk->sk_bound_dev_if;
386 fl.fl_ip_dport = inet->dport;
387 fl.fl_ip_sport = inet->sport;
388 security_skb_classify_flow(skb, &fl);
389
390 if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
391 sk->sk_err_soft = -err;
392 goto out;
393 }
394
395 if ((err = xfrm_lookup(net, &dst, &fl, sk, 0)) < 0) {
396 sk->sk_err_soft = -err;
397 goto out;
398 }
399
400 } else
401 dst_hold(dst);
402
403 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
404 tcp_sync_mss(sk, dst_mtu(dst));
405 tcp_simple_retransmit(sk);
406 } /* else let the usual retransmit timer handle it */
407 dst_release(dst);
408 goto out;
409 }
410
411 icmpv6_err_convert(type, code, &err);
412
413 /* Might be for an request_sock */
414 switch (sk->sk_state) {
415 struct request_sock *req, **prev;
416 case TCP_LISTEN:
417 if (sock_owned_by_user(sk))
418 goto out;
419
420 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
421 &hdr->saddr, inet6_iif(skb));
422 if (!req)
423 goto out;
424
425 /* ICMPs are not backlogged, hence we cannot get
426 * an established socket here.
427 */
428 WARN_ON(req->sk != NULL);
429
430 if (seq != tcp_rsk(req)->snt_isn) {
431 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
432 goto out;
433 }
434
435 inet_csk_reqsk_queue_drop(sk, req, prev);
436 goto out;
437
438 case TCP_SYN_SENT:
439 case TCP_SYN_RECV: /* Cannot happen.
440 It can, it SYNs are crossed. --ANK */
441 if (!sock_owned_by_user(sk)) {
442 sk->sk_err = err;
443 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
444
445 tcp_done(sk);
446 } else
447 sk->sk_err_soft = err;
448 goto out;
449 }
450
451 if (!sock_owned_by_user(sk) && np->recverr) {
452 sk->sk_err = err;
453 sk->sk_error_report(sk);
454 } else
455 sk->sk_err_soft = err;
456
457 out:
458 bh_unlock_sock(sk);
459 sock_put(sk);
460 }
461
462
tcp_v6_send_synack(struct sock * sk,struct request_sock * req)463 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req)
464 {
465 struct inet6_request_sock *treq = inet6_rsk(req);
466 struct ipv6_pinfo *np = inet6_sk(sk);
467 struct sk_buff * skb;
468 struct ipv6_txoptions *opt = NULL;
469 struct in6_addr * final_p = NULL, final;
470 struct flowi fl;
471 struct dst_entry *dst;
472 int err = -1;
473
474 memset(&fl, 0, sizeof(fl));
475 fl.proto = IPPROTO_TCP;
476 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
477 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
478 fl.fl6_flowlabel = 0;
479 fl.oif = treq->iif;
480 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
481 fl.fl_ip_sport = inet_rsk(req)->loc_port;
482 security_req_classify_flow(req, &fl);
483
484 opt = np->opt;
485 if (opt && opt->srcrt) {
486 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
487 ipv6_addr_copy(&final, &fl.fl6_dst);
488 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
489 final_p = &final;
490 }
491
492 err = ip6_dst_lookup(sk, &dst, &fl);
493 if (err)
494 goto done;
495 if (final_p)
496 ipv6_addr_copy(&fl.fl6_dst, final_p);
497 if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
498 goto done;
499
500 skb = tcp_make_synack(sk, dst, req);
501 if (skb) {
502 struct tcphdr *th = tcp_hdr(skb);
503
504 th->check = tcp_v6_check(skb->len,
505 &treq->loc_addr, &treq->rmt_addr,
506 csum_partial(th, skb->len, skb->csum));
507
508 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
509 err = ip6_xmit(sk, skb, &fl, opt, 0);
510 err = net_xmit_eval(err);
511 }
512
513 done:
514 if (opt && opt != np->opt)
515 sock_kfree_s(sk, opt, opt->tot_len);
516 dst_release(dst);
517 return err;
518 }
519
syn_flood_warning(struct sk_buff * skb)520 static inline void syn_flood_warning(struct sk_buff *skb)
521 {
522 #ifdef CONFIG_SYN_COOKIES
523 if (sysctl_tcp_syncookies)
524 printk(KERN_INFO
525 "TCPv6: Possible SYN flooding on port %d. "
526 "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest));
527 else
528 #endif
529 printk(KERN_INFO
530 "TCPv6: Possible SYN flooding on port %d. "
531 "Dropping request.\n", ntohs(tcp_hdr(skb)->dest));
532 }
533
tcp_v6_reqsk_destructor(struct request_sock * req)534 static void tcp_v6_reqsk_destructor(struct request_sock *req)
535 {
536 if (inet6_rsk(req)->pktopts)
537 kfree_skb(inet6_rsk(req)->pktopts);
538 }
539
540 #ifdef CONFIG_TCP_MD5SIG
tcp_v6_md5_do_lookup(struct sock * sk,struct in6_addr * addr)541 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
542 struct in6_addr *addr)
543 {
544 struct tcp_sock *tp = tcp_sk(sk);
545 int i;
546
547 BUG_ON(tp == NULL);
548
549 if (!tp->md5sig_info || !tp->md5sig_info->entries6)
550 return NULL;
551
552 for (i = 0; i < tp->md5sig_info->entries6; i++) {
553 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr))
554 return &tp->md5sig_info->keys6[i].base;
555 }
556 return NULL;
557 }
558
tcp_v6_md5_lookup(struct sock * sk,struct sock * addr_sk)559 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
560 struct sock *addr_sk)
561 {
562 return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
563 }
564
tcp_v6_reqsk_md5_lookup(struct sock * sk,struct request_sock * req)565 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
566 struct request_sock *req)
567 {
568 return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
569 }
570
tcp_v6_md5_do_add(struct sock * sk,struct in6_addr * peer,char * newkey,u8 newkeylen)571 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
572 char *newkey, u8 newkeylen)
573 {
574 /* Add key to the list */
575 struct tcp_md5sig_key *key;
576 struct tcp_sock *tp = tcp_sk(sk);
577 struct tcp6_md5sig_key *keys;
578
579 key = tcp_v6_md5_do_lookup(sk, peer);
580 if (key) {
581 /* modify existing entry - just update that one */
582 kfree(key->key);
583 key->key = newkey;
584 key->keylen = newkeylen;
585 } else {
586 /* reallocate new list if current one is full. */
587 if (!tp->md5sig_info) {
588 tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC);
589 if (!tp->md5sig_info) {
590 kfree(newkey);
591 return -ENOMEM;
592 }
593 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
594 }
595 if (tcp_alloc_md5sig_pool() == NULL) {
596 kfree(newkey);
597 return -ENOMEM;
598 }
599 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) {
600 keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) *
601 (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
602
603 if (!keys) {
604 tcp_free_md5sig_pool();
605 kfree(newkey);
606 return -ENOMEM;
607 }
608
609 if (tp->md5sig_info->entries6)
610 memmove(keys, tp->md5sig_info->keys6,
611 (sizeof (tp->md5sig_info->keys6[0]) *
612 tp->md5sig_info->entries6));
613
614 kfree(tp->md5sig_info->keys6);
615 tp->md5sig_info->keys6 = keys;
616 tp->md5sig_info->alloced6++;
617 }
618
619 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
620 peer);
621 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey;
622 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen;
623
624 tp->md5sig_info->entries6++;
625 }
626 return 0;
627 }
628
tcp_v6_md5_add_func(struct sock * sk,struct sock * addr_sk,u8 * newkey,__u8 newkeylen)629 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk,
630 u8 *newkey, __u8 newkeylen)
631 {
632 return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr,
633 newkey, newkeylen);
634 }
635
tcp_v6_md5_do_del(struct sock * sk,struct in6_addr * peer)636 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
637 {
638 struct tcp_sock *tp = tcp_sk(sk);
639 int i;
640
641 for (i = 0; i < tp->md5sig_info->entries6; i++) {
642 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) {
643 /* Free the key */
644 kfree(tp->md5sig_info->keys6[i].base.key);
645 tp->md5sig_info->entries6--;
646
647 if (tp->md5sig_info->entries6 == 0) {
648 kfree(tp->md5sig_info->keys6);
649 tp->md5sig_info->keys6 = NULL;
650 tp->md5sig_info->alloced6 = 0;
651 } else {
652 /* shrink the database */
653 if (tp->md5sig_info->entries6 != i)
654 memmove(&tp->md5sig_info->keys6[i],
655 &tp->md5sig_info->keys6[i+1],
656 (tp->md5sig_info->entries6 - i)
657 * sizeof (tp->md5sig_info->keys6[0]));
658 }
659 tcp_free_md5sig_pool();
660 return 0;
661 }
662 }
663 return -ENOENT;
664 }
665
tcp_v6_clear_md5_list(struct sock * sk)666 static void tcp_v6_clear_md5_list (struct sock *sk)
667 {
668 struct tcp_sock *tp = tcp_sk(sk);
669 int i;
670
671 if (tp->md5sig_info->entries6) {
672 for (i = 0; i < tp->md5sig_info->entries6; i++)
673 kfree(tp->md5sig_info->keys6[i].base.key);
674 tp->md5sig_info->entries6 = 0;
675 tcp_free_md5sig_pool();
676 }
677
678 kfree(tp->md5sig_info->keys6);
679 tp->md5sig_info->keys6 = NULL;
680 tp->md5sig_info->alloced6 = 0;
681
682 if (tp->md5sig_info->entries4) {
683 for (i = 0; i < tp->md5sig_info->entries4; i++)
684 kfree(tp->md5sig_info->keys4[i].base.key);
685 tp->md5sig_info->entries4 = 0;
686 tcp_free_md5sig_pool();
687 }
688
689 kfree(tp->md5sig_info->keys4);
690 tp->md5sig_info->keys4 = NULL;
691 tp->md5sig_info->alloced4 = 0;
692 }
693
tcp_v6_parse_md5_keys(struct sock * sk,char __user * optval,int optlen)694 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
695 int optlen)
696 {
697 struct tcp_md5sig cmd;
698 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
699 u8 *newkey;
700
701 if (optlen < sizeof(cmd))
702 return -EINVAL;
703
704 if (copy_from_user(&cmd, optval, sizeof(cmd)))
705 return -EFAULT;
706
707 if (sin6->sin6_family != AF_INET6)
708 return -EINVAL;
709
710 if (!cmd.tcpm_keylen) {
711 if (!tcp_sk(sk)->md5sig_info)
712 return -ENOENT;
713 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
714 return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
715 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr);
716 }
717
718 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
719 return -EINVAL;
720
721 if (!tcp_sk(sk)->md5sig_info) {
722 struct tcp_sock *tp = tcp_sk(sk);
723 struct tcp_md5sig_info *p;
724
725 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL);
726 if (!p)
727 return -ENOMEM;
728
729 tp->md5sig_info = p;
730 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
731 }
732
733 newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
734 if (!newkey)
735 return -ENOMEM;
736 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) {
737 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3],
738 newkey, cmd.tcpm_keylen);
739 }
740 return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
741 }
742
tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool * hp,struct in6_addr * daddr,struct in6_addr * saddr,int nbytes)743 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
744 struct in6_addr *daddr,
745 struct in6_addr *saddr, int nbytes)
746 {
747 struct tcp6_pseudohdr *bp;
748 struct scatterlist sg;
749
750 bp = &hp->md5_blk.ip6;
751 /* 1. TCP pseudo-header (RFC2460) */
752 ipv6_addr_copy(&bp->saddr, saddr);
753 ipv6_addr_copy(&bp->daddr, daddr);
754 bp->protocol = cpu_to_be32(IPPROTO_TCP);
755 bp->len = cpu_to_be32(nbytes);
756
757 sg_init_one(&sg, bp, sizeof(*bp));
758 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
759 }
760
tcp_v6_md5_hash_hdr(char * md5_hash,struct tcp_md5sig_key * key,struct in6_addr * daddr,struct in6_addr * saddr,struct tcphdr * th)761 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
762 struct in6_addr *daddr, struct in6_addr *saddr,
763 struct tcphdr *th)
764 {
765 struct tcp_md5sig_pool *hp;
766 struct hash_desc *desc;
767
768 hp = tcp_get_md5sig_pool();
769 if (!hp)
770 goto clear_hash_noput;
771 desc = &hp->md5_desc;
772
773 if (crypto_hash_init(desc))
774 goto clear_hash;
775 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
776 goto clear_hash;
777 if (tcp_md5_hash_header(hp, th))
778 goto clear_hash;
779 if (tcp_md5_hash_key(hp, key))
780 goto clear_hash;
781 if (crypto_hash_final(desc, md5_hash))
782 goto clear_hash;
783
784 tcp_put_md5sig_pool();
785 return 0;
786
787 clear_hash:
788 tcp_put_md5sig_pool();
789 clear_hash_noput:
790 memset(md5_hash, 0, 16);
791 return 1;
792 }
793
tcp_v6_md5_hash_skb(char * md5_hash,struct tcp_md5sig_key * key,struct sock * sk,struct request_sock * req,struct sk_buff * skb)794 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
795 struct sock *sk, struct request_sock *req,
796 struct sk_buff *skb)
797 {
798 struct in6_addr *saddr, *daddr;
799 struct tcp_md5sig_pool *hp;
800 struct hash_desc *desc;
801 struct tcphdr *th = tcp_hdr(skb);
802
803 if (sk) {
804 saddr = &inet6_sk(sk)->saddr;
805 daddr = &inet6_sk(sk)->daddr;
806 } else if (req) {
807 saddr = &inet6_rsk(req)->loc_addr;
808 daddr = &inet6_rsk(req)->rmt_addr;
809 } else {
810 struct ipv6hdr *ip6h = ipv6_hdr(skb);
811 saddr = &ip6h->saddr;
812 daddr = &ip6h->daddr;
813 }
814
815 hp = tcp_get_md5sig_pool();
816 if (!hp)
817 goto clear_hash_noput;
818 desc = &hp->md5_desc;
819
820 if (crypto_hash_init(desc))
821 goto clear_hash;
822
823 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
824 goto clear_hash;
825 if (tcp_md5_hash_header(hp, th))
826 goto clear_hash;
827 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
828 goto clear_hash;
829 if (tcp_md5_hash_key(hp, key))
830 goto clear_hash;
831 if (crypto_hash_final(desc, md5_hash))
832 goto clear_hash;
833
834 tcp_put_md5sig_pool();
835 return 0;
836
837 clear_hash:
838 tcp_put_md5sig_pool();
839 clear_hash_noput:
840 memset(md5_hash, 0, 16);
841 return 1;
842 }
843
tcp_v6_inbound_md5_hash(struct sock * sk,struct sk_buff * skb)844 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
845 {
846 __u8 *hash_location = NULL;
847 struct tcp_md5sig_key *hash_expected;
848 struct ipv6hdr *ip6h = ipv6_hdr(skb);
849 struct tcphdr *th = tcp_hdr(skb);
850 int genhash;
851 u8 newhash[16];
852
853 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
854 hash_location = tcp_parse_md5sig_option(th);
855
856 /* We've parsed the options - do we have a hash? */
857 if (!hash_expected && !hash_location)
858 return 0;
859
860 if (hash_expected && !hash_location) {
861 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
862 return 1;
863 }
864
865 if (!hash_expected && hash_location) {
866 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
867 return 1;
868 }
869
870 /* check the signature */
871 genhash = tcp_v6_md5_hash_skb(newhash,
872 hash_expected,
873 NULL, NULL, skb);
874
875 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
876 if (net_ratelimit()) {
877 printk(KERN_INFO "MD5 Hash %s for (%pI6, %u)->(%pI6, %u)\n",
878 genhash ? "failed" : "mismatch",
879 &ip6h->saddr, ntohs(th->source),
880 &ip6h->daddr, ntohs(th->dest));
881 }
882 return 1;
883 }
884 return 0;
885 }
886 #endif
887
888 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
889 .family = AF_INET6,
890 .obj_size = sizeof(struct tcp6_request_sock),
891 .rtx_syn_ack = tcp_v6_send_synack,
892 .send_ack = tcp_v6_reqsk_send_ack,
893 .destructor = tcp_v6_reqsk_destructor,
894 .send_reset = tcp_v6_send_reset
895 };
896
897 #ifdef CONFIG_TCP_MD5SIG
898 static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
899 .md5_lookup = tcp_v6_reqsk_md5_lookup,
900 };
901 #endif
902
903 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
904 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
905 .twsk_unique = tcp_twsk_unique,
906 .twsk_destructor= tcp_twsk_destructor,
907 };
908
tcp_v6_send_check(struct sock * sk,int len,struct sk_buff * skb)909 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb)
910 {
911 struct ipv6_pinfo *np = inet6_sk(sk);
912 struct tcphdr *th = tcp_hdr(skb);
913
914 if (skb->ip_summed == CHECKSUM_PARTIAL) {
915 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP, 0);
916 skb->csum_start = skb_transport_header(skb) - skb->head;
917 skb->csum_offset = offsetof(struct tcphdr, check);
918 } else {
919 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,
920 csum_partial(th, th->doff<<2,
921 skb->csum));
922 }
923 }
924
tcp_v6_gso_send_check(struct sk_buff * skb)925 static int tcp_v6_gso_send_check(struct sk_buff *skb)
926 {
927 struct ipv6hdr *ipv6h;
928 struct tcphdr *th;
929
930 if (!pskb_may_pull(skb, sizeof(*th)))
931 return -EINVAL;
932
933 ipv6h = ipv6_hdr(skb);
934 th = tcp_hdr(skb);
935
936 th->check = 0;
937 th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len,
938 IPPROTO_TCP, 0);
939 skb->csum_start = skb_transport_header(skb) - skb->head;
940 skb->csum_offset = offsetof(struct tcphdr, check);
941 skb->ip_summed = CHECKSUM_PARTIAL;
942 return 0;
943 }
944
tcp6_gro_receive(struct sk_buff ** head,struct sk_buff * skb)945 struct sk_buff **tcp6_gro_receive(struct sk_buff **head, struct sk_buff *skb)
946 {
947 struct ipv6hdr *iph = ipv6_hdr(skb);
948
949 switch (skb->ip_summed) {
950 case CHECKSUM_COMPLETE:
951 if (!tcp_v6_check(skb->len, &iph->saddr, &iph->daddr,
952 skb->csum)) {
953 skb->ip_summed = CHECKSUM_UNNECESSARY;
954 break;
955 }
956
957 /* fall through */
958 case CHECKSUM_NONE:
959 NAPI_GRO_CB(skb)->flush = 1;
960 return NULL;
961 }
962
963 return tcp_gro_receive(head, skb);
964 }
965 EXPORT_SYMBOL(tcp6_gro_receive);
966
tcp6_gro_complete(struct sk_buff * skb)967 int tcp6_gro_complete(struct sk_buff *skb)
968 {
969 struct ipv6hdr *iph = ipv6_hdr(skb);
970 struct tcphdr *th = tcp_hdr(skb);
971
972 th->check = ~tcp_v6_check(skb->len - skb_transport_offset(skb),
973 &iph->saddr, &iph->daddr, 0);
974 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6;
975
976 return tcp_gro_complete(skb);
977 }
978 EXPORT_SYMBOL(tcp6_gro_complete);
979
tcp_v6_send_response(struct sk_buff * skb,u32 seq,u32 ack,u32 win,u32 ts,struct tcp_md5sig_key * key,int rst)980 static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
981 u32 ts, struct tcp_md5sig_key *key, int rst)
982 {
983 struct tcphdr *th = tcp_hdr(skb), *t1;
984 struct sk_buff *buff;
985 struct flowi fl;
986 struct net *net = dev_net(skb->dst->dev);
987 struct sock *ctl_sk = net->ipv6.tcp_sk;
988 unsigned int tot_len = sizeof(struct tcphdr);
989 __be32 *topt;
990
991 if (ts)
992 tot_len += TCPOLEN_TSTAMP_ALIGNED;
993 #ifdef CONFIG_TCP_MD5SIG
994 if (key)
995 tot_len += TCPOLEN_MD5SIG_ALIGNED;
996 #endif
997
998 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
999 GFP_ATOMIC);
1000 if (buff == NULL)
1001 return;
1002
1003 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1004
1005 t1 = (struct tcphdr *) skb_push(buff, tot_len);
1006
1007 /* Swap the send and the receive. */
1008 memset(t1, 0, sizeof(*t1));
1009 t1->dest = th->source;
1010 t1->source = th->dest;
1011 t1->doff = tot_len / 4;
1012 t1->seq = htonl(seq);
1013 t1->ack_seq = htonl(ack);
1014 t1->ack = !rst || !th->ack;
1015 t1->rst = rst;
1016 t1->window = htons(win);
1017
1018 topt = (__be32 *)(t1 + 1);
1019
1020 if (ts) {
1021 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1022 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
1023 *topt++ = htonl(tcp_time_stamp);
1024 *topt++ = htonl(ts);
1025 }
1026
1027 #ifdef CONFIG_TCP_MD5SIG
1028 if (key) {
1029 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1030 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1031 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
1032 &ipv6_hdr(skb)->saddr,
1033 &ipv6_hdr(skb)->daddr, t1);
1034 }
1035 #endif
1036
1037 buff->csum = csum_partial(t1, tot_len, 0);
1038
1039 memset(&fl, 0, sizeof(fl));
1040 ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1041 ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr);
1042
1043 t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1044 tot_len, IPPROTO_TCP,
1045 buff->csum);
1046
1047 fl.proto = IPPROTO_TCP;
1048 fl.oif = inet6_iif(skb);
1049 fl.fl_ip_dport = t1->dest;
1050 fl.fl_ip_sport = t1->source;
1051 security_skb_classify_flow(skb, &fl);
1052
1053 /* Pass a socket to ip6_dst_lookup either it is for RST
1054 * Underlying function will use this to retrieve the network
1055 * namespace
1056 */
1057 if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) {
1058 if (xfrm_lookup(net, &buff->dst, &fl, NULL, 0) >= 0) {
1059 ip6_xmit(ctl_sk, buff, &fl, NULL, 0);
1060 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
1061 if (rst)
1062 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
1063 return;
1064 }
1065 }
1066
1067 kfree_skb(buff);
1068 }
1069
tcp_v6_send_reset(struct sock * sk,struct sk_buff * skb)1070 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
1071 {
1072 struct tcphdr *th = tcp_hdr(skb);
1073 u32 seq = 0, ack_seq = 0;
1074 struct tcp_md5sig_key *key = NULL;
1075
1076 if (th->rst)
1077 return;
1078
1079 if (!ipv6_unicast_destination(skb))
1080 return;
1081
1082 #ifdef CONFIG_TCP_MD5SIG
1083 if (sk)
1084 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr);
1085 #endif
1086
1087 if (th->ack)
1088 seq = ntohl(th->ack_seq);
1089 else
1090 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
1091 (th->doff << 2);
1092
1093 tcp_v6_send_response(skb, seq, ack_seq, 0, 0, key, 1);
1094 }
1095
tcp_v6_send_ack(struct sk_buff * skb,u32 seq,u32 ack,u32 win,u32 ts,struct tcp_md5sig_key * key)1096 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts,
1097 struct tcp_md5sig_key *key)
1098 {
1099 tcp_v6_send_response(skb, seq, ack, win, ts, key, 0);
1100 }
1101
tcp_v6_timewait_ack(struct sock * sk,struct sk_buff * skb)1102 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1103 {
1104 struct inet_timewait_sock *tw = inet_twsk(sk);
1105 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1106
1107 tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1108 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1109 tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw));
1110
1111 inet_twsk_put(tw);
1112 }
1113
tcp_v6_reqsk_send_ack(struct sock * sk,struct sk_buff * skb,struct request_sock * req)1114 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
1115 struct request_sock *req)
1116 {
1117 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent,
1118 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr));
1119 }
1120
1121
tcp_v6_hnd_req(struct sock * sk,struct sk_buff * skb)1122 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1123 {
1124 struct request_sock *req, **prev;
1125 const struct tcphdr *th = tcp_hdr(skb);
1126 struct sock *nsk;
1127
1128 /* Find possible connection requests. */
1129 req = inet6_csk_search_req(sk, &prev, th->source,
1130 &ipv6_hdr(skb)->saddr,
1131 &ipv6_hdr(skb)->daddr, inet6_iif(skb));
1132 if (req)
1133 return tcp_check_req(sk, skb, req, prev);
1134
1135 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
1136 &ipv6_hdr(skb)->saddr, th->source,
1137 &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb));
1138
1139 if (nsk) {
1140 if (nsk->sk_state != TCP_TIME_WAIT) {
1141 bh_lock_sock(nsk);
1142 return nsk;
1143 }
1144 inet_twsk_put(inet_twsk(nsk));
1145 return NULL;
1146 }
1147
1148 #ifdef CONFIG_SYN_COOKIES
1149 if (!th->rst && !th->syn && th->ack)
1150 sk = cookie_v6_check(sk, skb);
1151 #endif
1152 return sk;
1153 }
1154
1155 /* FIXME: this is substantially similar to the ipv4 code.
1156 * Can some kind of merge be done? -- erics
1157 */
tcp_v6_conn_request(struct sock * sk,struct sk_buff * skb)1158 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1159 {
1160 struct inet6_request_sock *treq;
1161 struct ipv6_pinfo *np = inet6_sk(sk);
1162 struct tcp_options_received tmp_opt;
1163 struct tcp_sock *tp = tcp_sk(sk);
1164 struct request_sock *req = NULL;
1165 __u32 isn = TCP_SKB_CB(skb)->when;
1166 #ifdef CONFIG_SYN_COOKIES
1167 int want_cookie = 0;
1168 #else
1169 #define want_cookie 0
1170 #endif
1171
1172 if (skb->protocol == htons(ETH_P_IP))
1173 return tcp_v4_conn_request(sk, skb);
1174
1175 if (!ipv6_unicast_destination(skb))
1176 goto drop;
1177
1178 if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1179 if (net_ratelimit())
1180 syn_flood_warning(skb);
1181 #ifdef CONFIG_SYN_COOKIES
1182 if (sysctl_tcp_syncookies)
1183 want_cookie = 1;
1184 else
1185 #endif
1186 goto drop;
1187 }
1188
1189 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1190 goto drop;
1191
1192 req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
1193 if (req == NULL)
1194 goto drop;
1195
1196 #ifdef CONFIG_TCP_MD5SIG
1197 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
1198 #endif
1199
1200 tcp_clear_options(&tmp_opt);
1201 tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1202 tmp_opt.user_mss = tp->rx_opt.user_mss;
1203
1204 tcp_parse_options(skb, &tmp_opt, 0);
1205
1206 if (want_cookie && !tmp_opt.saw_tstamp)
1207 tcp_clear_options(&tmp_opt);
1208
1209 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1210 tcp_openreq_init(req, &tmp_opt, skb);
1211
1212 treq = inet6_rsk(req);
1213 ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr);
1214 ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr);
1215 if (!want_cookie)
1216 TCP_ECN_create_request(req, tcp_hdr(skb));
1217
1218 if (want_cookie) {
1219 isn = cookie_v6_init_sequence(sk, skb, &req->mss);
1220 req->cookie_ts = tmp_opt.tstamp_ok;
1221 } else if (!isn) {
1222 if (ipv6_opt_accepted(sk, skb) ||
1223 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1224 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1225 atomic_inc(&skb->users);
1226 treq->pktopts = skb;
1227 }
1228 treq->iif = sk->sk_bound_dev_if;
1229
1230 /* So that link locals have meaning */
1231 if (!sk->sk_bound_dev_if &&
1232 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1233 treq->iif = inet6_iif(skb);
1234
1235 isn = tcp_v6_init_sequence(skb);
1236 }
1237
1238 tcp_rsk(req)->snt_isn = isn;
1239
1240 security_inet_conn_request(sk, skb, req);
1241
1242 if (tcp_v6_send_synack(sk, req))
1243 goto drop;
1244
1245 if (!want_cookie) {
1246 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1247 return 0;
1248 }
1249
1250 drop:
1251 if (req)
1252 reqsk_free(req);
1253
1254 return 0; /* don't send reset */
1255 }
1256
tcp_v6_syn_recv_sock(struct sock * sk,struct sk_buff * skb,struct request_sock * req,struct dst_entry * dst)1257 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1258 struct request_sock *req,
1259 struct dst_entry *dst)
1260 {
1261 struct inet6_request_sock *treq;
1262 struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1263 struct tcp6_sock *newtcp6sk;
1264 struct inet_sock *newinet;
1265 struct tcp_sock *newtp;
1266 struct sock *newsk;
1267 struct ipv6_txoptions *opt;
1268 #ifdef CONFIG_TCP_MD5SIG
1269 struct tcp_md5sig_key *key;
1270 #endif
1271
1272 if (skb->protocol == htons(ETH_P_IP)) {
1273 /*
1274 * v6 mapped
1275 */
1276
1277 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1278
1279 if (newsk == NULL)
1280 return NULL;
1281
1282 newtcp6sk = (struct tcp6_sock *)newsk;
1283 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1284
1285 newinet = inet_sk(newsk);
1286 newnp = inet6_sk(newsk);
1287 newtp = tcp_sk(newsk);
1288
1289 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1290
1291 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF),
1292 newinet->daddr);
1293
1294 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF),
1295 newinet->saddr);
1296
1297 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1298
1299 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1300 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1301 #ifdef CONFIG_TCP_MD5SIG
1302 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1303 #endif
1304
1305 newnp->pktoptions = NULL;
1306 newnp->opt = NULL;
1307 newnp->mcast_oif = inet6_iif(skb);
1308 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1309
1310 /*
1311 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1312 * here, tcp_create_openreq_child now does this for us, see the comment in
1313 * that function for the gory details. -acme
1314 */
1315
1316 /* It is tricky place. Until this moment IPv4 tcp
1317 worked with IPv6 icsk.icsk_af_ops.
1318 Sync it now.
1319 */
1320 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1321
1322 return newsk;
1323 }
1324
1325 treq = inet6_rsk(req);
1326 opt = np->opt;
1327
1328 if (sk_acceptq_is_full(sk))
1329 goto out_overflow;
1330
1331 if (dst == NULL) {
1332 struct in6_addr *final_p = NULL, final;
1333 struct flowi fl;
1334
1335 memset(&fl, 0, sizeof(fl));
1336 fl.proto = IPPROTO_TCP;
1337 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
1338 if (opt && opt->srcrt) {
1339 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
1340 ipv6_addr_copy(&final, &fl.fl6_dst);
1341 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1342 final_p = &final;
1343 }
1344 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
1345 fl.oif = sk->sk_bound_dev_if;
1346 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
1347 fl.fl_ip_sport = inet_rsk(req)->loc_port;
1348 security_req_classify_flow(req, &fl);
1349
1350 if (ip6_dst_lookup(sk, &dst, &fl))
1351 goto out;
1352
1353 if (final_p)
1354 ipv6_addr_copy(&fl.fl6_dst, final_p);
1355
1356 if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
1357 goto out;
1358 }
1359
1360 newsk = tcp_create_openreq_child(sk, req, skb);
1361 if (newsk == NULL)
1362 goto out;
1363
1364 /*
1365 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1366 * count here, tcp_create_openreq_child now does this for us, see the
1367 * comment in that function for the gory details. -acme
1368 */
1369
1370 newsk->sk_gso_type = SKB_GSO_TCPV6;
1371 __ip6_dst_store(newsk, dst, NULL, NULL);
1372
1373 newtcp6sk = (struct tcp6_sock *)newsk;
1374 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1375
1376 newtp = tcp_sk(newsk);
1377 newinet = inet_sk(newsk);
1378 newnp = inet6_sk(newsk);
1379
1380 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1381
1382 ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1383 ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1384 ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1385 newsk->sk_bound_dev_if = treq->iif;
1386
1387 /* Now IPv6 options...
1388
1389 First: no IPv4 options.
1390 */
1391 newinet->opt = NULL;
1392 newnp->ipv6_fl_list = NULL;
1393
1394 /* Clone RX bits */
1395 newnp->rxopt.all = np->rxopt.all;
1396
1397 /* Clone pktoptions received with SYN */
1398 newnp->pktoptions = NULL;
1399 if (treq->pktopts != NULL) {
1400 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1401 kfree_skb(treq->pktopts);
1402 treq->pktopts = NULL;
1403 if (newnp->pktoptions)
1404 skb_set_owner_r(newnp->pktoptions, newsk);
1405 }
1406 newnp->opt = NULL;
1407 newnp->mcast_oif = inet6_iif(skb);
1408 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1409
1410 /* Clone native IPv6 options from listening socket (if any)
1411
1412 Yes, keeping reference count would be much more clever,
1413 but we make one more one thing there: reattach optmem
1414 to newsk.
1415 */
1416 if (opt) {
1417 newnp->opt = ipv6_dup_options(newsk, opt);
1418 if (opt != np->opt)
1419 sock_kfree_s(sk, opt, opt->tot_len);
1420 }
1421
1422 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1423 if (newnp->opt)
1424 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1425 newnp->opt->opt_flen);
1426
1427 tcp_mtup_init(newsk);
1428 tcp_sync_mss(newsk, dst_mtu(dst));
1429 newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1430 tcp_initialize_rcv_mss(newsk);
1431
1432 newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
1433
1434 #ifdef CONFIG_TCP_MD5SIG
1435 /* Copy over the MD5 key from the original socket */
1436 if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
1437 /* We're using one, so create a matching key
1438 * on the newsk structure. If we fail to get
1439 * memory, then we end up not copying the key
1440 * across. Shucks.
1441 */
1442 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1443 if (newkey != NULL)
1444 tcp_v6_md5_do_add(newsk, &inet6_sk(sk)->daddr,
1445 newkey, key->keylen);
1446 }
1447 #endif
1448
1449 __inet6_hash(newsk);
1450 __inet_inherit_port(sk, newsk);
1451
1452 return newsk;
1453
1454 out_overflow:
1455 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1456 out:
1457 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1458 if (opt && opt != np->opt)
1459 sock_kfree_s(sk, opt, opt->tot_len);
1460 dst_release(dst);
1461 return NULL;
1462 }
1463
tcp_v6_checksum_init(struct sk_buff * skb)1464 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1465 {
1466 if (skb->ip_summed == CHECKSUM_COMPLETE) {
1467 if (!tcp_v6_check(skb->len, &ipv6_hdr(skb)->saddr,
1468 &ipv6_hdr(skb)->daddr, skb->csum)) {
1469 skb->ip_summed = CHECKSUM_UNNECESSARY;
1470 return 0;
1471 }
1472 }
1473
1474 skb->csum = ~csum_unfold(tcp_v6_check(skb->len,
1475 &ipv6_hdr(skb)->saddr,
1476 &ipv6_hdr(skb)->daddr, 0));
1477
1478 if (skb->len <= 76) {
1479 return __skb_checksum_complete(skb);
1480 }
1481 return 0;
1482 }
1483
1484 /* The socket must have it's spinlock held when we get
1485 * here.
1486 *
1487 * We have a potential double-lock case here, so even when
1488 * doing backlog processing we use the BH locking scheme.
1489 * This is because we cannot sleep with the original spinlock
1490 * held.
1491 */
tcp_v6_do_rcv(struct sock * sk,struct sk_buff * skb)1492 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1493 {
1494 struct ipv6_pinfo *np = inet6_sk(sk);
1495 struct tcp_sock *tp;
1496 struct sk_buff *opt_skb = NULL;
1497
1498 /* Imagine: socket is IPv6. IPv4 packet arrives,
1499 goes to IPv4 receive handler and backlogged.
1500 From backlog it always goes here. Kerboom...
1501 Fortunately, tcp_rcv_established and rcv_established
1502 handle them correctly, but it is not case with
1503 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1504 */
1505
1506 if (skb->protocol == htons(ETH_P_IP))
1507 return tcp_v4_do_rcv(sk, skb);
1508
1509 #ifdef CONFIG_TCP_MD5SIG
1510 if (tcp_v6_inbound_md5_hash (sk, skb))
1511 goto discard;
1512 #endif
1513
1514 if (sk_filter(sk, skb))
1515 goto discard;
1516
1517 /*
1518 * socket locking is here for SMP purposes as backlog rcv
1519 * is currently called with bh processing disabled.
1520 */
1521
1522 /* Do Stevens' IPV6_PKTOPTIONS.
1523
1524 Yes, guys, it is the only place in our code, where we
1525 may make it not affecting IPv4.
1526 The rest of code is protocol independent,
1527 and I do not like idea to uglify IPv4.
1528
1529 Actually, all the idea behind IPV6_PKTOPTIONS
1530 looks not very well thought. For now we latch
1531 options, received in the last packet, enqueued
1532 by tcp. Feel free to propose better solution.
1533 --ANK (980728)
1534 */
1535 if (np->rxopt.all)
1536 opt_skb = skb_clone(skb, GFP_ATOMIC);
1537
1538 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1539 TCP_CHECK_TIMER(sk);
1540 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len))
1541 goto reset;
1542 TCP_CHECK_TIMER(sk);
1543 if (opt_skb)
1544 goto ipv6_pktoptions;
1545 return 0;
1546 }
1547
1548 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1549 goto csum_err;
1550
1551 if (sk->sk_state == TCP_LISTEN) {
1552 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1553 if (!nsk)
1554 goto discard;
1555
1556 /*
1557 * Queue it on the new socket if the new socket is active,
1558 * otherwise we just shortcircuit this and continue with
1559 * the new socket..
1560 */
1561 if(nsk != sk) {
1562 if (tcp_child_process(sk, nsk, skb))
1563 goto reset;
1564 if (opt_skb)
1565 __kfree_skb(opt_skb);
1566 return 0;
1567 }
1568 }
1569
1570 TCP_CHECK_TIMER(sk);
1571 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1572 goto reset;
1573 TCP_CHECK_TIMER(sk);
1574 if (opt_skb)
1575 goto ipv6_pktoptions;
1576 return 0;
1577
1578 reset:
1579 tcp_v6_send_reset(sk, skb);
1580 discard:
1581 if (opt_skb)
1582 __kfree_skb(opt_skb);
1583 kfree_skb(skb);
1584 return 0;
1585 csum_err:
1586 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1587 goto discard;
1588
1589
1590 ipv6_pktoptions:
1591 /* Do you ask, what is it?
1592
1593 1. skb was enqueued by tcp.
1594 2. skb is added to tail of read queue, rather than out of order.
1595 3. socket is not in passive state.
1596 4. Finally, it really contains options, which user wants to receive.
1597 */
1598 tp = tcp_sk(sk);
1599 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1600 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1601 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1602 np->mcast_oif = inet6_iif(opt_skb);
1603 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1604 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1605 if (ipv6_opt_accepted(sk, opt_skb)) {
1606 skb_set_owner_r(opt_skb, sk);
1607 opt_skb = xchg(&np->pktoptions, opt_skb);
1608 } else {
1609 __kfree_skb(opt_skb);
1610 opt_skb = xchg(&np->pktoptions, NULL);
1611 }
1612 }
1613
1614 if (opt_skb)
1615 kfree_skb(opt_skb);
1616 return 0;
1617 }
1618
tcp_v6_rcv(struct sk_buff * skb)1619 static int tcp_v6_rcv(struct sk_buff *skb)
1620 {
1621 struct tcphdr *th;
1622 struct sock *sk;
1623 int ret;
1624 struct net *net = dev_net(skb->dev);
1625
1626 if (skb->pkt_type != PACKET_HOST)
1627 goto discard_it;
1628
1629 /*
1630 * Count it even if it's bad.
1631 */
1632 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1633
1634 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1635 goto discard_it;
1636
1637 th = tcp_hdr(skb);
1638
1639 if (th->doff < sizeof(struct tcphdr)/4)
1640 goto bad_packet;
1641 if (!pskb_may_pull(skb, th->doff*4))
1642 goto discard_it;
1643
1644 if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb))
1645 goto bad_packet;
1646
1647 th = tcp_hdr(skb);
1648 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1649 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1650 skb->len - th->doff*4);
1651 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1652 TCP_SKB_CB(skb)->when = 0;
1653 TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb));
1654 TCP_SKB_CB(skb)->sacked = 0;
1655
1656 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
1657 if (!sk)
1658 goto no_tcp_socket;
1659
1660 process:
1661 if (sk->sk_state == TCP_TIME_WAIT)
1662 goto do_time_wait;
1663
1664 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1665 goto discard_and_relse;
1666
1667 if (sk_filter(sk, skb))
1668 goto discard_and_relse;
1669
1670 skb->dev = NULL;
1671
1672 bh_lock_sock_nested(sk);
1673 ret = 0;
1674 if (!sock_owned_by_user(sk)) {
1675 #ifdef CONFIG_NET_DMA
1676 struct tcp_sock *tp = tcp_sk(sk);
1677 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1678 tp->ucopy.dma_chan = dma_find_channel(DMA_MEMCPY);
1679 if (tp->ucopy.dma_chan)
1680 ret = tcp_v6_do_rcv(sk, skb);
1681 else
1682 #endif
1683 {
1684 if (!tcp_prequeue(sk, skb))
1685 ret = tcp_v6_do_rcv(sk, skb);
1686 }
1687 } else
1688 sk_add_backlog(sk, skb);
1689 bh_unlock_sock(sk);
1690
1691 sock_put(sk);
1692 return ret ? -1 : 0;
1693
1694 no_tcp_socket:
1695 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1696 goto discard_it;
1697
1698 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1699 bad_packet:
1700 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1701 } else {
1702 tcp_v6_send_reset(NULL, skb);
1703 }
1704
1705 discard_it:
1706
1707 /*
1708 * Discard frame
1709 */
1710
1711 kfree_skb(skb);
1712 return 0;
1713
1714 discard_and_relse:
1715 sock_put(sk);
1716 goto discard_it;
1717
1718 do_time_wait:
1719 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1720 inet_twsk_put(inet_twsk(sk));
1721 goto discard_it;
1722 }
1723
1724 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1725 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1726 inet_twsk_put(inet_twsk(sk));
1727 goto discard_it;
1728 }
1729
1730 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1731 case TCP_TW_SYN:
1732 {
1733 struct sock *sk2;
1734
1735 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1736 &ipv6_hdr(skb)->daddr,
1737 ntohs(th->dest), inet6_iif(skb));
1738 if (sk2 != NULL) {
1739 struct inet_timewait_sock *tw = inet_twsk(sk);
1740 inet_twsk_deschedule(tw, &tcp_death_row);
1741 inet_twsk_put(tw);
1742 sk = sk2;
1743 goto process;
1744 }
1745 /* Fall through to ACK */
1746 }
1747 case TCP_TW_ACK:
1748 tcp_v6_timewait_ack(sk, skb);
1749 break;
1750 case TCP_TW_RST:
1751 goto no_tcp_socket;
1752 case TCP_TW_SUCCESS:;
1753 }
1754 goto discard_it;
1755 }
1756
tcp_v6_remember_stamp(struct sock * sk)1757 static int tcp_v6_remember_stamp(struct sock *sk)
1758 {
1759 /* Alas, not yet... */
1760 return 0;
1761 }
1762
1763 static struct inet_connection_sock_af_ops ipv6_specific = {
1764 .queue_xmit = inet6_csk_xmit,
1765 .send_check = tcp_v6_send_check,
1766 .rebuild_header = inet6_sk_rebuild_header,
1767 .conn_request = tcp_v6_conn_request,
1768 .syn_recv_sock = tcp_v6_syn_recv_sock,
1769 .remember_stamp = tcp_v6_remember_stamp,
1770 .net_header_len = sizeof(struct ipv6hdr),
1771 .setsockopt = ipv6_setsockopt,
1772 .getsockopt = ipv6_getsockopt,
1773 .addr2sockaddr = inet6_csk_addr2sockaddr,
1774 .sockaddr_len = sizeof(struct sockaddr_in6),
1775 .bind_conflict = inet6_csk_bind_conflict,
1776 #ifdef CONFIG_COMPAT
1777 .compat_setsockopt = compat_ipv6_setsockopt,
1778 .compat_getsockopt = compat_ipv6_getsockopt,
1779 #endif
1780 };
1781
1782 #ifdef CONFIG_TCP_MD5SIG
1783 static struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1784 .md5_lookup = tcp_v6_md5_lookup,
1785 .calc_md5_hash = tcp_v6_md5_hash_skb,
1786 .md5_add = tcp_v6_md5_add_func,
1787 .md5_parse = tcp_v6_parse_md5_keys,
1788 };
1789 #endif
1790
1791 /*
1792 * TCP over IPv4 via INET6 API
1793 */
1794
1795 static struct inet_connection_sock_af_ops ipv6_mapped = {
1796 .queue_xmit = ip_queue_xmit,
1797 .send_check = tcp_v4_send_check,
1798 .rebuild_header = inet_sk_rebuild_header,
1799 .conn_request = tcp_v6_conn_request,
1800 .syn_recv_sock = tcp_v6_syn_recv_sock,
1801 .remember_stamp = tcp_v4_remember_stamp,
1802 .net_header_len = sizeof(struct iphdr),
1803 .setsockopt = ipv6_setsockopt,
1804 .getsockopt = ipv6_getsockopt,
1805 .addr2sockaddr = inet6_csk_addr2sockaddr,
1806 .sockaddr_len = sizeof(struct sockaddr_in6),
1807 .bind_conflict = inet6_csk_bind_conflict,
1808 #ifdef CONFIG_COMPAT
1809 .compat_setsockopt = compat_ipv6_setsockopt,
1810 .compat_getsockopt = compat_ipv6_getsockopt,
1811 #endif
1812 };
1813
1814 #ifdef CONFIG_TCP_MD5SIG
1815 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1816 .md5_lookup = tcp_v4_md5_lookup,
1817 .calc_md5_hash = tcp_v4_md5_hash_skb,
1818 .md5_add = tcp_v6_md5_add_func,
1819 .md5_parse = tcp_v6_parse_md5_keys,
1820 };
1821 #endif
1822
1823 /* NOTE: A lot of things set to zero explicitly by call to
1824 * sk_alloc() so need not be done here.
1825 */
tcp_v6_init_sock(struct sock * sk)1826 static int tcp_v6_init_sock(struct sock *sk)
1827 {
1828 struct inet_connection_sock *icsk = inet_csk(sk);
1829 struct tcp_sock *tp = tcp_sk(sk);
1830
1831 skb_queue_head_init(&tp->out_of_order_queue);
1832 tcp_init_xmit_timers(sk);
1833 tcp_prequeue_init(tp);
1834
1835 icsk->icsk_rto = TCP_TIMEOUT_INIT;
1836 tp->mdev = TCP_TIMEOUT_INIT;
1837
1838 /* So many TCP implementations out there (incorrectly) count the
1839 * initial SYN frame in their delayed-ACK and congestion control
1840 * algorithms that we must have the following bandaid to talk
1841 * efficiently to them. -DaveM
1842 */
1843 tp->snd_cwnd = 2;
1844
1845 /* See draft-stevens-tcpca-spec-01 for discussion of the
1846 * initialization of these values.
1847 */
1848 tp->snd_ssthresh = 0x7fffffff;
1849 tp->snd_cwnd_clamp = ~0;
1850 tp->mss_cache = 536;
1851
1852 tp->reordering = sysctl_tcp_reordering;
1853
1854 sk->sk_state = TCP_CLOSE;
1855
1856 icsk->icsk_af_ops = &ipv6_specific;
1857 icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1858 icsk->icsk_sync_mss = tcp_sync_mss;
1859 sk->sk_write_space = sk_stream_write_space;
1860 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1861
1862 #ifdef CONFIG_TCP_MD5SIG
1863 tp->af_specific = &tcp_sock_ipv6_specific;
1864 #endif
1865
1866 sk->sk_sndbuf = sysctl_tcp_wmem[1];
1867 sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1868
1869 local_bh_disable();
1870 percpu_counter_inc(&tcp_sockets_allocated);
1871 local_bh_enable();
1872
1873 return 0;
1874 }
1875
tcp_v6_destroy_sock(struct sock * sk)1876 static void tcp_v6_destroy_sock(struct sock *sk)
1877 {
1878 #ifdef CONFIG_TCP_MD5SIG
1879 /* Clean up the MD5 key list */
1880 if (tcp_sk(sk)->md5sig_info)
1881 tcp_v6_clear_md5_list(sk);
1882 #endif
1883 tcp_v4_destroy_sock(sk);
1884 inet6_destroy_sock(sk);
1885 }
1886
1887 #ifdef CONFIG_PROC_FS
1888 /* Proc filesystem TCPv6 sock list dumping. */
get_openreq6(struct seq_file * seq,struct sock * sk,struct request_sock * req,int i,int uid)1889 static void get_openreq6(struct seq_file *seq,
1890 struct sock *sk, struct request_sock *req, int i, int uid)
1891 {
1892 int ttd = req->expires - jiffies;
1893 struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1894 struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1895
1896 if (ttd < 0)
1897 ttd = 0;
1898
1899 seq_printf(seq,
1900 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1901 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1902 i,
1903 src->s6_addr32[0], src->s6_addr32[1],
1904 src->s6_addr32[2], src->s6_addr32[3],
1905 ntohs(inet_rsk(req)->loc_port),
1906 dest->s6_addr32[0], dest->s6_addr32[1],
1907 dest->s6_addr32[2], dest->s6_addr32[3],
1908 ntohs(inet_rsk(req)->rmt_port),
1909 TCP_SYN_RECV,
1910 0,0, /* could print option size, but that is af dependent. */
1911 1, /* timers active (only the expire timer) */
1912 jiffies_to_clock_t(ttd),
1913 req->retrans,
1914 uid,
1915 0, /* non standard timer */
1916 0, /* open_requests have no inode */
1917 0, req);
1918 }
1919
get_tcp6_sock(struct seq_file * seq,struct sock * sp,int i)1920 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1921 {
1922 struct in6_addr *dest, *src;
1923 __u16 destp, srcp;
1924 int timer_active;
1925 unsigned long timer_expires;
1926 struct inet_sock *inet = inet_sk(sp);
1927 struct tcp_sock *tp = tcp_sk(sp);
1928 const struct inet_connection_sock *icsk = inet_csk(sp);
1929 struct ipv6_pinfo *np = inet6_sk(sp);
1930
1931 dest = &np->daddr;
1932 src = &np->rcv_saddr;
1933 destp = ntohs(inet->dport);
1934 srcp = ntohs(inet->sport);
1935
1936 if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1937 timer_active = 1;
1938 timer_expires = icsk->icsk_timeout;
1939 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1940 timer_active = 4;
1941 timer_expires = icsk->icsk_timeout;
1942 } else if (timer_pending(&sp->sk_timer)) {
1943 timer_active = 2;
1944 timer_expires = sp->sk_timer.expires;
1945 } else {
1946 timer_active = 0;
1947 timer_expires = jiffies;
1948 }
1949
1950 seq_printf(seq,
1951 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1952 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %lu %lu %u %u %d\n",
1953 i,
1954 src->s6_addr32[0], src->s6_addr32[1],
1955 src->s6_addr32[2], src->s6_addr32[3], srcp,
1956 dest->s6_addr32[0], dest->s6_addr32[1],
1957 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1958 sp->sk_state,
1959 tp->write_seq-tp->snd_una,
1960 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
1961 timer_active,
1962 jiffies_to_clock_t(timer_expires - jiffies),
1963 icsk->icsk_retransmits,
1964 sock_i_uid(sp),
1965 icsk->icsk_probes_out,
1966 sock_i_ino(sp),
1967 atomic_read(&sp->sk_refcnt), sp,
1968 jiffies_to_clock_t(icsk->icsk_rto),
1969 jiffies_to_clock_t(icsk->icsk_ack.ato),
1970 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
1971 tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
1972 );
1973 }
1974
get_timewait6_sock(struct seq_file * seq,struct inet_timewait_sock * tw,int i)1975 static void get_timewait6_sock(struct seq_file *seq,
1976 struct inet_timewait_sock *tw, int i)
1977 {
1978 struct in6_addr *dest, *src;
1979 __u16 destp, srcp;
1980 struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
1981 int ttd = tw->tw_ttd - jiffies;
1982
1983 if (ttd < 0)
1984 ttd = 0;
1985
1986 dest = &tw6->tw_v6_daddr;
1987 src = &tw6->tw_v6_rcv_saddr;
1988 destp = ntohs(tw->tw_dport);
1989 srcp = ntohs(tw->tw_sport);
1990
1991 seq_printf(seq,
1992 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1993 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1994 i,
1995 src->s6_addr32[0], src->s6_addr32[1],
1996 src->s6_addr32[2], src->s6_addr32[3], srcp,
1997 dest->s6_addr32[0], dest->s6_addr32[1],
1998 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1999 tw->tw_substate, 0, 0,
2000 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2001 atomic_read(&tw->tw_refcnt), tw);
2002 }
2003
tcp6_seq_show(struct seq_file * seq,void * v)2004 static int tcp6_seq_show(struct seq_file *seq, void *v)
2005 {
2006 struct tcp_iter_state *st;
2007
2008 if (v == SEQ_START_TOKEN) {
2009 seq_puts(seq,
2010 " sl "
2011 "local_address "
2012 "remote_address "
2013 "st tx_queue rx_queue tr tm->when retrnsmt"
2014 " uid timeout inode\n");
2015 goto out;
2016 }
2017 st = seq->private;
2018
2019 switch (st->state) {
2020 case TCP_SEQ_STATE_LISTENING:
2021 case TCP_SEQ_STATE_ESTABLISHED:
2022 get_tcp6_sock(seq, v, st->num);
2023 break;
2024 case TCP_SEQ_STATE_OPENREQ:
2025 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
2026 break;
2027 case TCP_SEQ_STATE_TIME_WAIT:
2028 get_timewait6_sock(seq, v, st->num);
2029 break;
2030 }
2031 out:
2032 return 0;
2033 }
2034
2035 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2036 .name = "tcp6",
2037 .family = AF_INET6,
2038 .seq_fops = {
2039 .owner = THIS_MODULE,
2040 },
2041 .seq_ops = {
2042 .show = tcp6_seq_show,
2043 },
2044 };
2045
tcp6_proc_init(struct net * net)2046 int tcp6_proc_init(struct net *net)
2047 {
2048 return tcp_proc_register(net, &tcp6_seq_afinfo);
2049 }
2050
tcp6_proc_exit(struct net * net)2051 void tcp6_proc_exit(struct net *net)
2052 {
2053 tcp_proc_unregister(net, &tcp6_seq_afinfo);
2054 }
2055 #endif
2056
2057 struct proto tcpv6_prot = {
2058 .name = "TCPv6",
2059 .owner = THIS_MODULE,
2060 .close = tcp_close,
2061 .connect = tcp_v6_connect,
2062 .disconnect = tcp_disconnect,
2063 .accept = inet_csk_accept,
2064 .ioctl = tcp_ioctl,
2065 .init = tcp_v6_init_sock,
2066 .destroy = tcp_v6_destroy_sock,
2067 .shutdown = tcp_shutdown,
2068 .setsockopt = tcp_setsockopt,
2069 .getsockopt = tcp_getsockopt,
2070 .recvmsg = tcp_recvmsg,
2071 .backlog_rcv = tcp_v6_do_rcv,
2072 .hash = tcp_v6_hash,
2073 .unhash = inet_unhash,
2074 .get_port = inet_csk_get_port,
2075 .enter_memory_pressure = tcp_enter_memory_pressure,
2076 .sockets_allocated = &tcp_sockets_allocated,
2077 .memory_allocated = &tcp_memory_allocated,
2078 .memory_pressure = &tcp_memory_pressure,
2079 .orphan_count = &tcp_orphan_count,
2080 .sysctl_mem = sysctl_tcp_mem,
2081 .sysctl_wmem = sysctl_tcp_wmem,
2082 .sysctl_rmem = sysctl_tcp_rmem,
2083 .max_header = MAX_TCP_HEADER,
2084 .obj_size = sizeof(struct tcp6_sock),
2085 .slab_flags = SLAB_DESTROY_BY_RCU,
2086 .twsk_prot = &tcp6_timewait_sock_ops,
2087 .rsk_prot = &tcp6_request_sock_ops,
2088 .h.hashinfo = &tcp_hashinfo,
2089 #ifdef CONFIG_COMPAT
2090 .compat_setsockopt = compat_tcp_setsockopt,
2091 .compat_getsockopt = compat_tcp_getsockopt,
2092 #endif
2093 };
2094
2095 static struct inet6_protocol tcpv6_protocol = {
2096 .handler = tcp_v6_rcv,
2097 .err_handler = tcp_v6_err,
2098 .gso_send_check = tcp_v6_gso_send_check,
2099 .gso_segment = tcp_tso_segment,
2100 .gro_receive = tcp6_gro_receive,
2101 .gro_complete = tcp6_gro_complete,
2102 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2103 };
2104
2105 static struct inet_protosw tcpv6_protosw = {
2106 .type = SOCK_STREAM,
2107 .protocol = IPPROTO_TCP,
2108 .prot = &tcpv6_prot,
2109 .ops = &inet6_stream_ops,
2110 .capability = -1,
2111 .no_check = 0,
2112 .flags = INET_PROTOSW_PERMANENT |
2113 INET_PROTOSW_ICSK,
2114 };
2115
tcpv6_net_init(struct net * net)2116 static int tcpv6_net_init(struct net *net)
2117 {
2118 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2119 SOCK_RAW, IPPROTO_TCP, net);
2120 }
2121
tcpv6_net_exit(struct net * net)2122 static void tcpv6_net_exit(struct net *net)
2123 {
2124 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
2125 inet_twsk_purge(net, &tcp_hashinfo, &tcp_death_row, AF_INET6);
2126 }
2127
2128 static struct pernet_operations tcpv6_net_ops = {
2129 .init = tcpv6_net_init,
2130 .exit = tcpv6_net_exit,
2131 };
2132
tcpv6_init(void)2133 int __init tcpv6_init(void)
2134 {
2135 int ret;
2136
2137 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2138 if (ret)
2139 goto out;
2140
2141 /* register inet6 protocol */
2142 ret = inet6_register_protosw(&tcpv6_protosw);
2143 if (ret)
2144 goto out_tcpv6_protocol;
2145
2146 ret = register_pernet_subsys(&tcpv6_net_ops);
2147 if (ret)
2148 goto out_tcpv6_protosw;
2149 out:
2150 return ret;
2151
2152 out_tcpv6_protocol:
2153 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2154 out_tcpv6_protosw:
2155 inet6_unregister_protosw(&tcpv6_protosw);
2156 goto out;
2157 }
2158
tcpv6_exit(void)2159 void tcpv6_exit(void)
2160 {
2161 unregister_pernet_subsys(&tcpv6_net_ops);
2162 inet6_unregister_protosw(&tcpv6_protosw);
2163 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2164 }
2165