1 /*
2 * TCP over IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * Based on:
9 * linux/net/ipv4/tcp.c
10 * linux/net/ipv4/tcp_input.c
11 * linux/net/ipv4/tcp_output.c
12 *
13 * Fixes:
14 * Hideaki YOSHIFUJI : sin6_scope_id support
15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
17 * a single port at the same time.
18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
19 *
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
24 */
25
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
34 #include <linux/in.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
41 #include <linux/slab.h>
42 #include <linux/uaccess.h>
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
46
47 #include <net/tcp.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
51 #include <net/ipv6.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
58 #include <net/xfrm.h>
59 #include <net/snmp.h>
60 #include <net/dsfield.h>
61 #include <net/timewait_sock.h>
62 #include <net/inet_common.h>
63 #include <net/secure_seq.h>
64 #include <net/busy_poll.h>
65
66 #include <linux/proc_fs.h>
67 #include <linux/seq_file.h>
68
69 #include <crypto/hash.h>
70 #include <linux/scatterlist.h>
71
72 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb);
73 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
74 struct request_sock *req);
75
76 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
77
78 static const struct inet_connection_sock_af_ops ipv6_mapped;
79 static const struct inet_connection_sock_af_ops ipv6_specific;
80 #ifdef CONFIG_TCP_MD5SIG
81 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
82 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
83 #else
tcp_v6_md5_do_lookup(const struct sock * sk,const struct in6_addr * addr)84 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
85 const struct in6_addr *addr)
86 {
87 return NULL;
88 }
89 #endif
90
inet6_sk_rx_dst_set(struct sock * sk,const struct sk_buff * skb)91 static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
92 {
93 struct dst_entry *dst = skb_dst(skb);
94
95 if (dst && dst_hold_safe(dst)) {
96 const struct rt6_info *rt = (const struct rt6_info *)dst;
97
98 sk->sk_rx_dst = dst;
99 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
100 inet6_sk(sk)->rx_dst_cookie = rt6_get_cookie(rt);
101 }
102 }
103
tcp_v6_init_sequence(const struct sk_buff * skb)104 static __u32 tcp_v6_init_sequence(const struct sk_buff *skb)
105 {
106 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
107 ipv6_hdr(skb)->saddr.s6_addr32,
108 tcp_hdr(skb)->dest,
109 tcp_hdr(skb)->source);
110 }
111
tcp_v6_connect(struct sock * sk,struct sockaddr * uaddr,int addr_len)112 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
113 int addr_len)
114 {
115 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
116 struct inet_sock *inet = inet_sk(sk);
117 struct inet_connection_sock *icsk = inet_csk(sk);
118 struct ipv6_pinfo *np = inet6_sk(sk);
119 struct tcp_sock *tp = tcp_sk(sk);
120 struct in6_addr *saddr = NULL, *final_p, final;
121 struct ipv6_txoptions *opt;
122 struct flowi6 fl6;
123 struct dst_entry *dst;
124 int addr_type;
125 int err;
126
127 if (addr_len < SIN6_LEN_RFC2133)
128 return -EINVAL;
129
130 if (usin->sin6_family != AF_INET6)
131 return -EAFNOSUPPORT;
132
133 memset(&fl6, 0, sizeof(fl6));
134
135 if (np->sndflow) {
136 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
137 IP6_ECN_flow_init(fl6.flowlabel);
138 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
139 struct ip6_flowlabel *flowlabel;
140 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
141 if (!flowlabel)
142 return -EINVAL;
143 fl6_sock_release(flowlabel);
144 }
145 }
146
147 /*
148 * connect() to INADDR_ANY means loopback (BSD'ism).
149 */
150
151 if (ipv6_addr_any(&usin->sin6_addr)) {
152 if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr))
153 ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK),
154 &usin->sin6_addr);
155 else
156 usin->sin6_addr = in6addr_loopback;
157 }
158
159 addr_type = ipv6_addr_type(&usin->sin6_addr);
160
161 if (addr_type & IPV6_ADDR_MULTICAST)
162 return -ENETUNREACH;
163
164 if (addr_type&IPV6_ADDR_LINKLOCAL) {
165 if (addr_len >= sizeof(struct sockaddr_in6) &&
166 usin->sin6_scope_id) {
167 /* If interface is set while binding, indices
168 * must coincide.
169 */
170 if (sk->sk_bound_dev_if &&
171 sk->sk_bound_dev_if != usin->sin6_scope_id)
172 return -EINVAL;
173
174 sk->sk_bound_dev_if = usin->sin6_scope_id;
175 }
176
177 /* Connect to link-local address requires an interface */
178 if (!sk->sk_bound_dev_if)
179 return -EINVAL;
180 }
181
182 if (tp->rx_opt.ts_recent_stamp &&
183 !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
184 tp->rx_opt.ts_recent = 0;
185 tp->rx_opt.ts_recent_stamp = 0;
186 tp->write_seq = 0;
187 }
188
189 sk->sk_v6_daddr = usin->sin6_addr;
190 np->flow_label = fl6.flowlabel;
191
192 /*
193 * TCP over IPv4
194 */
195
196 if (addr_type & IPV6_ADDR_MAPPED) {
197 u32 exthdrlen = icsk->icsk_ext_hdr_len;
198 struct sockaddr_in sin;
199
200 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
201
202 if (__ipv6_only_sock(sk))
203 return -ENETUNREACH;
204
205 sin.sin_family = AF_INET;
206 sin.sin_port = usin->sin6_port;
207 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
208
209 icsk->icsk_af_ops = &ipv6_mapped;
210 sk->sk_backlog_rcv = tcp_v4_do_rcv;
211 #ifdef CONFIG_TCP_MD5SIG
212 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
213 #endif
214
215 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
216
217 if (err) {
218 icsk->icsk_ext_hdr_len = exthdrlen;
219 icsk->icsk_af_ops = &ipv6_specific;
220 sk->sk_backlog_rcv = tcp_v6_do_rcv;
221 #ifdef CONFIG_TCP_MD5SIG
222 tp->af_specific = &tcp_sock_ipv6_specific;
223 #endif
224 goto failure;
225 }
226 np->saddr = sk->sk_v6_rcv_saddr;
227
228 return err;
229 }
230
231 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
232 saddr = &sk->sk_v6_rcv_saddr;
233
234 fl6.flowi6_proto = IPPROTO_TCP;
235 fl6.daddr = sk->sk_v6_daddr;
236 fl6.saddr = saddr ? *saddr : np->saddr;
237 fl6.flowi6_oif = sk->sk_bound_dev_if;
238 fl6.flowi6_mark = sk->sk_mark;
239 fl6.fl6_dport = usin->sin6_port;
240 fl6.fl6_sport = inet->inet_sport;
241 fl6.flowi6_uid = sk->sk_uid;
242
243 opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
244 final_p = fl6_update_dst(&fl6, opt, &final);
245
246 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
247
248 dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
249 if (IS_ERR(dst)) {
250 err = PTR_ERR(dst);
251 goto failure;
252 }
253
254 if (!saddr) {
255 saddr = &fl6.saddr;
256 sk->sk_v6_rcv_saddr = *saddr;
257 }
258
259 /* set the source address */
260 np->saddr = *saddr;
261 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
262
263 sk->sk_gso_type = SKB_GSO_TCPV6;
264 ip6_dst_store(sk, dst, NULL, NULL);
265
266 if (tcp_death_row.sysctl_tw_recycle &&
267 !tp->rx_opt.ts_recent_stamp &&
268 ipv6_addr_equal(&fl6.daddr, &sk->sk_v6_daddr))
269 tcp_fetch_timewait_stamp(sk, dst);
270
271 icsk->icsk_ext_hdr_len = 0;
272 if (opt)
273 icsk->icsk_ext_hdr_len = opt->opt_flen +
274 opt->opt_nflen;
275
276 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
277
278 inet->inet_dport = usin->sin6_port;
279
280 tcp_set_state(sk, TCP_SYN_SENT);
281 err = inet6_hash_connect(&tcp_death_row, sk);
282 if (err)
283 goto late_failure;
284
285 sk_set_txhash(sk);
286
287 if (!tp->write_seq && likely(!tp->repair))
288 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
289 sk->sk_v6_daddr.s6_addr32,
290 inet->inet_sport,
291 inet->inet_dport);
292
293 if (tcp_fastopen_defer_connect(sk, &err))
294 return err;
295 if (err)
296 goto late_failure;
297
298 err = tcp_connect(sk);
299 if (err)
300 goto late_failure;
301
302 return 0;
303
304 late_failure:
305 tcp_set_state(sk, TCP_CLOSE);
306 failure:
307 inet->inet_dport = 0;
308 sk->sk_route_caps = 0;
309 return err;
310 }
311
tcp_v6_mtu_reduced(struct sock * sk)312 static void tcp_v6_mtu_reduced(struct sock *sk)
313 {
314 struct dst_entry *dst;
315
316 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
317 return;
318
319 dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info);
320 if (!dst)
321 return;
322
323 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
324 tcp_sync_mss(sk, dst_mtu(dst));
325 tcp_simple_retransmit(sk);
326 }
327 }
328
tcp_v6_err(struct sk_buff * skb,struct inet6_skb_parm * opt,u8 type,u8 code,int offset,__be32 info)329 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
330 u8 type, u8 code, int offset, __be32 info)
331 {
332 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
333 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
334 struct net *net = dev_net(skb->dev);
335 struct request_sock *fastopen;
336 struct ipv6_pinfo *np;
337 struct tcp_sock *tp;
338 __u32 seq, snd_una;
339 struct sock *sk;
340 bool fatal;
341 int err;
342
343 sk = __inet6_lookup_established(net, &tcp_hashinfo,
344 &hdr->daddr, th->dest,
345 &hdr->saddr, ntohs(th->source),
346 skb->dev->ifindex);
347
348 if (!sk) {
349 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev),
350 ICMP6_MIB_INERRORS);
351 return;
352 }
353
354 if (sk->sk_state == TCP_TIME_WAIT) {
355 inet_twsk_put(inet_twsk(sk));
356 return;
357 }
358 seq = ntohl(th->seq);
359 fatal = icmpv6_err_convert(type, code, &err);
360 if (sk->sk_state == TCP_NEW_SYN_RECV)
361 return tcp_req_err(sk, seq, fatal);
362
363 bh_lock_sock(sk);
364 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
365 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS);
366
367 if (sk->sk_state == TCP_CLOSE)
368 goto out;
369
370 if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) {
371 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
372 goto out;
373 }
374
375 tp = tcp_sk(sk);
376 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
377 fastopen = tp->fastopen_rsk;
378 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
379 if (sk->sk_state != TCP_LISTEN &&
380 !between(seq, snd_una, tp->snd_nxt)) {
381 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
382 goto out;
383 }
384
385 np = inet6_sk(sk);
386
387 if (type == NDISC_REDIRECT) {
388 if (!sock_owned_by_user(sk)) {
389 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
390
391 if (dst)
392 dst->ops->redirect(dst, sk, skb);
393 }
394 goto out;
395 }
396
397 if (type == ICMPV6_PKT_TOOBIG) {
398 /* We are not interested in TCP_LISTEN and open_requests
399 * (SYN-ACKs send out by Linux are always <576bytes so
400 * they should go through unfragmented).
401 */
402 if (sk->sk_state == TCP_LISTEN)
403 goto out;
404
405 if (!ip6_sk_accept_pmtu(sk))
406 goto out;
407
408 tp->mtu_info = ntohl(info);
409 if (!sock_owned_by_user(sk))
410 tcp_v6_mtu_reduced(sk);
411 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
412 &tp->tsq_flags))
413 sock_hold(sk);
414 goto out;
415 }
416
417
418 /* Might be for an request_sock */
419 switch (sk->sk_state) {
420 case TCP_SYN_SENT:
421 case TCP_SYN_RECV:
422 /* Only in fast or simultaneous open. If a fast open socket is
423 * is already accepted it is treated as a connected one below.
424 */
425 if (fastopen && !fastopen->sk)
426 break;
427
428 if (!sock_owned_by_user(sk)) {
429 sk->sk_err = err;
430 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
431
432 tcp_done(sk);
433 } else
434 sk->sk_err_soft = err;
435 goto out;
436 }
437
438 if (!sock_owned_by_user(sk) && np->recverr) {
439 sk->sk_err = err;
440 sk->sk_error_report(sk);
441 } else
442 sk->sk_err_soft = err;
443
444 out:
445 bh_unlock_sock(sk);
446 sock_put(sk);
447 }
448
449
tcp_v6_send_synack(const struct sock * sk,struct dst_entry * dst,struct flowi * fl,struct request_sock * req,struct tcp_fastopen_cookie * foc,enum tcp_synack_type synack_type)450 static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst,
451 struct flowi *fl,
452 struct request_sock *req,
453 struct tcp_fastopen_cookie *foc,
454 enum tcp_synack_type synack_type)
455 {
456 struct inet_request_sock *ireq = inet_rsk(req);
457 struct ipv6_pinfo *np = inet6_sk(sk);
458 struct ipv6_txoptions *opt;
459 struct flowi6 *fl6 = &fl->u.ip6;
460 struct sk_buff *skb;
461 int err = -ENOMEM;
462
463 /* First, grab a route. */
464 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req,
465 IPPROTO_TCP)) == NULL)
466 goto done;
467
468 skb = tcp_make_synack(sk, dst, req, foc, synack_type);
469
470 if (skb) {
471 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
472 &ireq->ir_v6_rmt_addr);
473
474 fl6->daddr = ireq->ir_v6_rmt_addr;
475 if (np->repflow && ireq->pktopts)
476 fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
477
478 rcu_read_lock();
479 opt = ireq->ipv6_opt;
480 if (!opt)
481 opt = rcu_dereference(np->opt);
482 err = ip6_xmit(sk, skb, fl6, sk->sk_mark, opt, np->tclass);
483 rcu_read_unlock();
484 err = net_xmit_eval(err);
485 }
486
487 done:
488 return err;
489 }
490
491
tcp_v6_reqsk_destructor(struct request_sock * req)492 static void tcp_v6_reqsk_destructor(struct request_sock *req)
493 {
494 kfree(inet_rsk(req)->ipv6_opt);
495 kfree_skb(inet_rsk(req)->pktopts);
496 }
497
498 #ifdef CONFIG_TCP_MD5SIG
tcp_v6_md5_do_lookup(const struct sock * sk,const struct in6_addr * addr)499 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
500 const struct in6_addr *addr)
501 {
502 return tcp_md5_do_lookup(sk, (union tcp_md5_addr *)addr, AF_INET6);
503 }
504
tcp_v6_md5_lookup(const struct sock * sk,const struct sock * addr_sk)505 static struct tcp_md5sig_key *tcp_v6_md5_lookup(const struct sock *sk,
506 const struct sock *addr_sk)
507 {
508 return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr);
509 }
510
tcp_v6_parse_md5_keys(struct sock * sk,char __user * optval,int optlen)511 static int tcp_v6_parse_md5_keys(struct sock *sk, char __user *optval,
512 int optlen)
513 {
514 struct tcp_md5sig cmd;
515 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
516
517 if (optlen < sizeof(cmd))
518 return -EINVAL;
519
520 if (copy_from_user(&cmd, optval, sizeof(cmd)))
521 return -EFAULT;
522
523 if (sin6->sin6_family != AF_INET6)
524 return -EINVAL;
525
526 if (!cmd.tcpm_keylen) {
527 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
528 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
529 AF_INET);
530 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
531 AF_INET6);
532 }
533
534 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
535 return -EINVAL;
536
537 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
538 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
539 AF_INET, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
540
541 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
542 AF_INET6, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
543 }
544
tcp_v6_md5_hash_headers(struct tcp_md5sig_pool * hp,const struct in6_addr * daddr,const struct in6_addr * saddr,const struct tcphdr * th,int nbytes)545 static int tcp_v6_md5_hash_headers(struct tcp_md5sig_pool *hp,
546 const struct in6_addr *daddr,
547 const struct in6_addr *saddr,
548 const struct tcphdr *th, int nbytes)
549 {
550 struct tcp6_pseudohdr *bp;
551 struct scatterlist sg;
552 struct tcphdr *_th;
553
554 bp = hp->scratch;
555 /* 1. TCP pseudo-header (RFC2460) */
556 bp->saddr = *saddr;
557 bp->daddr = *daddr;
558 bp->protocol = cpu_to_be32(IPPROTO_TCP);
559 bp->len = cpu_to_be32(nbytes);
560
561 _th = (struct tcphdr *)(bp + 1);
562 memcpy(_th, th, sizeof(*th));
563 _th->check = 0;
564
565 sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th));
566 ahash_request_set_crypt(hp->md5_req, &sg, NULL,
567 sizeof(*bp) + sizeof(*th));
568 return crypto_ahash_update(hp->md5_req);
569 }
570
tcp_v6_md5_hash_hdr(char * md5_hash,const struct tcp_md5sig_key * key,const struct in6_addr * daddr,struct in6_addr * saddr,const struct tcphdr * th)571 static int tcp_v6_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
572 const struct in6_addr *daddr, struct in6_addr *saddr,
573 const struct tcphdr *th)
574 {
575 struct tcp_md5sig_pool *hp;
576 struct ahash_request *req;
577
578 hp = tcp_get_md5sig_pool();
579 if (!hp)
580 goto clear_hash_noput;
581 req = hp->md5_req;
582
583 if (crypto_ahash_init(req))
584 goto clear_hash;
585 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, th->doff << 2))
586 goto clear_hash;
587 if (tcp_md5_hash_key(hp, key))
588 goto clear_hash;
589 ahash_request_set_crypt(req, NULL, md5_hash, 0);
590 if (crypto_ahash_final(req))
591 goto clear_hash;
592
593 tcp_put_md5sig_pool();
594 return 0;
595
596 clear_hash:
597 tcp_put_md5sig_pool();
598 clear_hash_noput:
599 memset(md5_hash, 0, 16);
600 return 1;
601 }
602
tcp_v6_md5_hash_skb(char * md5_hash,const struct tcp_md5sig_key * key,const struct sock * sk,const struct sk_buff * skb)603 static int tcp_v6_md5_hash_skb(char *md5_hash,
604 const struct tcp_md5sig_key *key,
605 const struct sock *sk,
606 const struct sk_buff *skb)
607 {
608 const struct in6_addr *saddr, *daddr;
609 struct tcp_md5sig_pool *hp;
610 struct ahash_request *req;
611 const struct tcphdr *th = tcp_hdr(skb);
612
613 if (sk) { /* valid for establish/request sockets */
614 saddr = &sk->sk_v6_rcv_saddr;
615 daddr = &sk->sk_v6_daddr;
616 } else {
617 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
618 saddr = &ip6h->saddr;
619 daddr = &ip6h->daddr;
620 }
621
622 hp = tcp_get_md5sig_pool();
623 if (!hp)
624 goto clear_hash_noput;
625 req = hp->md5_req;
626
627 if (crypto_ahash_init(req))
628 goto clear_hash;
629
630 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, skb->len))
631 goto clear_hash;
632 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
633 goto clear_hash;
634 if (tcp_md5_hash_key(hp, key))
635 goto clear_hash;
636 ahash_request_set_crypt(req, NULL, md5_hash, 0);
637 if (crypto_ahash_final(req))
638 goto clear_hash;
639
640 tcp_put_md5sig_pool();
641 return 0;
642
643 clear_hash:
644 tcp_put_md5sig_pool();
645 clear_hash_noput:
646 memset(md5_hash, 0, 16);
647 return 1;
648 }
649
650 #endif
651
tcp_v6_inbound_md5_hash(const struct sock * sk,const struct sk_buff * skb)652 static bool tcp_v6_inbound_md5_hash(const struct sock *sk,
653 const struct sk_buff *skb)
654 {
655 #ifdef CONFIG_TCP_MD5SIG
656 const __u8 *hash_location = NULL;
657 struct tcp_md5sig_key *hash_expected;
658 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
659 const struct tcphdr *th = tcp_hdr(skb);
660 int genhash;
661 u8 newhash[16];
662
663 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
664 hash_location = tcp_parse_md5sig_option(th);
665
666 /* We've parsed the options - do we have a hash? */
667 if (!hash_expected && !hash_location)
668 return false;
669
670 if (hash_expected && !hash_location) {
671 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
672 return true;
673 }
674
675 if (!hash_expected && hash_location) {
676 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
677 return true;
678 }
679
680 /* check the signature */
681 genhash = tcp_v6_md5_hash_skb(newhash,
682 hash_expected,
683 NULL, skb);
684
685 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
686 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5FAILURE);
687 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
688 genhash ? "failed" : "mismatch",
689 &ip6h->saddr, ntohs(th->source),
690 &ip6h->daddr, ntohs(th->dest));
691 return true;
692 }
693 #endif
694 return false;
695 }
696
tcp_v6_init_req(struct request_sock * req,const struct sock * sk_listener,struct sk_buff * skb)697 static void tcp_v6_init_req(struct request_sock *req,
698 const struct sock *sk_listener,
699 struct sk_buff *skb)
700 {
701 struct inet_request_sock *ireq = inet_rsk(req);
702 const struct ipv6_pinfo *np = inet6_sk(sk_listener);
703
704 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
705 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
706
707 /* So that link locals have meaning */
708 if (!sk_listener->sk_bound_dev_if &&
709 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
710 ireq->ir_iif = tcp_v6_iif(skb);
711
712 if (!TCP_SKB_CB(skb)->tcp_tw_isn &&
713 (ipv6_opt_accepted(sk_listener, skb, &TCP_SKB_CB(skb)->header.h6) ||
714 np->rxopt.bits.rxinfo ||
715 np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim ||
716 np->rxopt.bits.rxohlim || np->repflow)) {
717 atomic_inc(&skb->users);
718 ireq->pktopts = skb;
719 }
720 }
721
tcp_v6_route_req(const struct sock * sk,struct flowi * fl,const struct request_sock * req,bool * strict)722 static struct dst_entry *tcp_v6_route_req(const struct sock *sk,
723 struct flowi *fl,
724 const struct request_sock *req,
725 bool *strict)
726 {
727 if (strict)
728 *strict = true;
729 return inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP);
730 }
731
732 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
733 .family = AF_INET6,
734 .obj_size = sizeof(struct tcp6_request_sock),
735 .rtx_syn_ack = tcp_rtx_synack,
736 .send_ack = tcp_v6_reqsk_send_ack,
737 .destructor = tcp_v6_reqsk_destructor,
738 .send_reset = tcp_v6_send_reset,
739 .syn_ack_timeout = tcp_syn_ack_timeout,
740 };
741
742 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
743 .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) -
744 sizeof(struct ipv6hdr),
745 #ifdef CONFIG_TCP_MD5SIG
746 .req_md5_lookup = tcp_v6_md5_lookup,
747 .calc_md5_hash = tcp_v6_md5_hash_skb,
748 #endif
749 .init_req = tcp_v6_init_req,
750 #ifdef CONFIG_SYN_COOKIES
751 .cookie_init_seq = cookie_v6_init_sequence,
752 #endif
753 .route_req = tcp_v6_route_req,
754 .init_seq = tcp_v6_init_sequence,
755 .send_synack = tcp_v6_send_synack,
756 };
757
tcp_v6_send_response(const struct sock * sk,struct sk_buff * skb,u32 seq,u32 ack,u32 win,u32 tsval,u32 tsecr,int oif,struct tcp_md5sig_key * key,int rst,u8 tclass,__be32 label)758 static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 seq,
759 u32 ack, u32 win, u32 tsval, u32 tsecr,
760 int oif, struct tcp_md5sig_key *key, int rst,
761 u8 tclass, __be32 label)
762 {
763 const struct tcphdr *th = tcp_hdr(skb);
764 struct tcphdr *t1;
765 struct sk_buff *buff;
766 struct flowi6 fl6;
767 struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
768 struct sock *ctl_sk = net->ipv6.tcp_sk;
769 unsigned int tot_len = sizeof(struct tcphdr);
770 struct dst_entry *dst;
771 __be32 *topt;
772
773 if (tsecr)
774 tot_len += TCPOLEN_TSTAMP_ALIGNED;
775 #ifdef CONFIG_TCP_MD5SIG
776 if (key)
777 tot_len += TCPOLEN_MD5SIG_ALIGNED;
778 #endif
779
780 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
781 GFP_ATOMIC);
782 if (!buff)
783 return;
784
785 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
786
787 t1 = (struct tcphdr *) skb_push(buff, tot_len);
788 skb_reset_transport_header(buff);
789
790 /* Swap the send and the receive. */
791 memset(t1, 0, sizeof(*t1));
792 t1->dest = th->source;
793 t1->source = th->dest;
794 t1->doff = tot_len / 4;
795 t1->seq = htonl(seq);
796 t1->ack_seq = htonl(ack);
797 t1->ack = !rst || !th->ack;
798 t1->rst = rst;
799 t1->window = htons(win);
800
801 topt = (__be32 *)(t1 + 1);
802
803 if (tsecr) {
804 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
805 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
806 *topt++ = htonl(tsval);
807 *topt++ = htonl(tsecr);
808 }
809
810 #ifdef CONFIG_TCP_MD5SIG
811 if (key) {
812 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
813 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
814 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
815 &ipv6_hdr(skb)->saddr,
816 &ipv6_hdr(skb)->daddr, t1);
817 }
818 #endif
819
820 memset(&fl6, 0, sizeof(fl6));
821 fl6.daddr = ipv6_hdr(skb)->saddr;
822 fl6.saddr = ipv6_hdr(skb)->daddr;
823 fl6.flowlabel = label;
824
825 buff->ip_summed = CHECKSUM_PARTIAL;
826 buff->csum = 0;
827
828 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
829
830 fl6.flowi6_proto = IPPROTO_TCP;
831 if (rt6_need_strict(&fl6.daddr) && !oif)
832 fl6.flowi6_oif = tcp_v6_iif(skb);
833 else {
834 if (!oif && netif_index_is_l3_master(net, skb->skb_iif))
835 oif = skb->skb_iif;
836
837 fl6.flowi6_oif = oif;
838 }
839
840 fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark);
841 fl6.fl6_dport = t1->dest;
842 fl6.fl6_sport = t1->source;
843 fl6.flowi6_uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL);
844 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
845
846 /* Pass a socket to ip6_dst_lookup either it is for RST
847 * Underlying function will use this to retrieve the network
848 * namespace
849 */
850 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
851 if (!IS_ERR(dst)) {
852 skb_dst_set(buff, dst);
853 ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL, tclass);
854 TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
855 if (rst)
856 TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
857 return;
858 }
859
860 kfree_skb(buff);
861 }
862
tcp_v6_send_reset(const struct sock * sk,struct sk_buff * skb)863 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb)
864 {
865 const struct tcphdr *th = tcp_hdr(skb);
866 u32 seq = 0, ack_seq = 0;
867 struct tcp_md5sig_key *key = NULL;
868 #ifdef CONFIG_TCP_MD5SIG
869 const __u8 *hash_location = NULL;
870 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
871 unsigned char newhash[16];
872 int genhash;
873 struct sock *sk1 = NULL;
874 #endif
875 int oif;
876
877 if (th->rst)
878 return;
879
880 /* If sk not NULL, it means we did a successful lookup and incoming
881 * route had to be correct. prequeue might have dropped our dst.
882 */
883 if (!sk && !ipv6_unicast_destination(skb))
884 return;
885
886 #ifdef CONFIG_TCP_MD5SIG
887 rcu_read_lock();
888 hash_location = tcp_parse_md5sig_option(th);
889 if (sk && sk_fullsock(sk)) {
890 key = tcp_v6_md5_do_lookup(sk, &ipv6h->saddr);
891 } else if (hash_location) {
892 /*
893 * active side is lost. Try to find listening socket through
894 * source port, and then find md5 key through listening socket.
895 * we are not loose security here:
896 * Incoming packet is checked with md5 hash with finding key,
897 * no RST generated if md5 hash doesn't match.
898 */
899 sk1 = inet6_lookup_listener(dev_net(skb_dst(skb)->dev),
900 &tcp_hashinfo, NULL, 0,
901 &ipv6h->saddr,
902 th->source, &ipv6h->daddr,
903 ntohs(th->source), tcp_v6_iif(skb));
904 if (!sk1)
905 goto out;
906
907 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr);
908 if (!key)
909 goto out;
910
911 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, skb);
912 if (genhash || memcmp(hash_location, newhash, 16) != 0)
913 goto out;
914 }
915 #endif
916
917 if (th->ack)
918 seq = ntohl(th->ack_seq);
919 else
920 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
921 (th->doff << 2);
922
923 oif = sk ? sk->sk_bound_dev_if : 0;
924 tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, key, 1, 0, 0);
925
926 #ifdef CONFIG_TCP_MD5SIG
927 out:
928 rcu_read_unlock();
929 #endif
930 }
931
tcp_v6_send_ack(const struct sock * sk,struct sk_buff * skb,u32 seq,u32 ack,u32 win,u32 tsval,u32 tsecr,int oif,struct tcp_md5sig_key * key,u8 tclass,__be32 label)932 static void tcp_v6_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq,
933 u32 ack, u32 win, u32 tsval, u32 tsecr, int oif,
934 struct tcp_md5sig_key *key, u8 tclass,
935 __be32 label)
936 {
937 tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, key, 0,
938 tclass, label);
939 }
940
tcp_v6_timewait_ack(struct sock * sk,struct sk_buff * skb)941 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
942 {
943 struct inet_timewait_sock *tw = inet_twsk(sk);
944 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
945
946 tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
947 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
948 tcp_time_stamp + tcptw->tw_ts_offset,
949 tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw),
950 tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel));
951
952 inet_twsk_put(tw);
953 }
954
tcp_v6_reqsk_send_ack(const struct sock * sk,struct sk_buff * skb,struct request_sock * req)955 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
956 struct request_sock *req)
957 {
958 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
959 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
960 */
961 /* RFC 7323 2.3
962 * The window field (SEG.WND) of every outgoing segment, with the
963 * exception of <SYN> segments, MUST be right-shifted by
964 * Rcv.Wind.Shift bits:
965 */
966 tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ?
967 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
968 tcp_rsk(req)->rcv_nxt,
969 req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale,
970 tcp_time_stamp, req->ts_recent, sk->sk_bound_dev_if,
971 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->saddr),
972 0, 0);
973 }
974
975
tcp_v6_cookie_check(struct sock * sk,struct sk_buff * skb)976 static struct sock *tcp_v6_cookie_check(struct sock *sk, struct sk_buff *skb)
977 {
978 #ifdef CONFIG_SYN_COOKIES
979 const struct tcphdr *th = tcp_hdr(skb);
980
981 if (!th->syn)
982 sk = cookie_v6_check(sk, skb);
983 #endif
984 return sk;
985 }
986
tcp_v6_conn_request(struct sock * sk,struct sk_buff * skb)987 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
988 {
989 if (skb->protocol == htons(ETH_P_IP))
990 return tcp_v4_conn_request(sk, skb);
991
992 if (!ipv6_unicast_destination(skb))
993 goto drop;
994
995 return tcp_conn_request(&tcp6_request_sock_ops,
996 &tcp_request_sock_ipv6_ops, sk, skb);
997
998 drop:
999 tcp_listendrop(sk);
1000 return 0; /* don't send reset */
1001 }
1002
tcp_v6_restore_cb(struct sk_buff * skb)1003 static void tcp_v6_restore_cb(struct sk_buff *skb)
1004 {
1005 /* We need to move header back to the beginning if xfrm6_policy_check()
1006 * and tcp_v6_fill_cb() are going to be called again.
1007 * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there.
1008 */
1009 memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
1010 sizeof(struct inet6_skb_parm));
1011 }
1012
tcp_v6_syn_recv_sock(const struct sock * sk,struct sk_buff * skb,struct request_sock * req,struct dst_entry * dst,struct request_sock * req_unhash,bool * own_req)1013 static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
1014 struct request_sock *req,
1015 struct dst_entry *dst,
1016 struct request_sock *req_unhash,
1017 bool *own_req)
1018 {
1019 struct inet_request_sock *ireq;
1020 struct ipv6_pinfo *newnp;
1021 const struct ipv6_pinfo *np = inet6_sk(sk);
1022 struct ipv6_txoptions *opt;
1023 struct tcp6_sock *newtcp6sk;
1024 struct inet_sock *newinet;
1025 struct tcp_sock *newtp;
1026 struct sock *newsk;
1027 #ifdef CONFIG_TCP_MD5SIG
1028 struct tcp_md5sig_key *key;
1029 #endif
1030 struct flowi6 fl6;
1031
1032 if (skb->protocol == htons(ETH_P_IP)) {
1033 /*
1034 * v6 mapped
1035 */
1036
1037 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst,
1038 req_unhash, own_req);
1039
1040 if (!newsk)
1041 return NULL;
1042
1043 newtcp6sk = (struct tcp6_sock *)newsk;
1044 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1045
1046 newinet = inet_sk(newsk);
1047 newnp = inet6_sk(newsk);
1048 newtp = tcp_sk(newsk);
1049
1050 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1051
1052 newnp->saddr = newsk->sk_v6_rcv_saddr;
1053
1054 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1055 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1056 #ifdef CONFIG_TCP_MD5SIG
1057 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1058 #endif
1059
1060 newnp->ipv6_mc_list = NULL;
1061 newnp->ipv6_ac_list = NULL;
1062 newnp->ipv6_fl_list = NULL;
1063 newnp->pktoptions = NULL;
1064 newnp->opt = NULL;
1065 newnp->mcast_oif = tcp_v6_iif(skb);
1066 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1067 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1068 if (np->repflow)
1069 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1070
1071 /*
1072 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1073 * here, tcp_create_openreq_child now does this for us, see the comment in
1074 * that function for the gory details. -acme
1075 */
1076
1077 /* It is tricky place. Until this moment IPv4 tcp
1078 worked with IPv6 icsk.icsk_af_ops.
1079 Sync it now.
1080 */
1081 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1082
1083 return newsk;
1084 }
1085
1086 ireq = inet_rsk(req);
1087
1088 if (sk_acceptq_is_full(sk))
1089 goto out_overflow;
1090
1091 if (!dst) {
1092 dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_TCP);
1093 if (!dst)
1094 goto out;
1095 }
1096
1097 newsk = tcp_create_openreq_child(sk, req, skb);
1098 if (!newsk)
1099 goto out_nonewsk;
1100
1101 /*
1102 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1103 * count here, tcp_create_openreq_child now does this for us, see the
1104 * comment in that function for the gory details. -acme
1105 */
1106
1107 newsk->sk_gso_type = SKB_GSO_TCPV6;
1108 ip6_dst_store(newsk, dst, NULL, NULL);
1109 inet6_sk_rx_dst_set(newsk, skb);
1110
1111 newtcp6sk = (struct tcp6_sock *)newsk;
1112 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1113
1114 newtp = tcp_sk(newsk);
1115 newinet = inet_sk(newsk);
1116 newnp = inet6_sk(newsk);
1117
1118 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1119
1120 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
1121 newnp->saddr = ireq->ir_v6_loc_addr;
1122 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
1123 newsk->sk_bound_dev_if = ireq->ir_iif;
1124
1125 /* Now IPv6 options...
1126
1127 First: no IPv4 options.
1128 */
1129 newinet->inet_opt = NULL;
1130 newnp->ipv6_mc_list = NULL;
1131 newnp->ipv6_ac_list = NULL;
1132 newnp->ipv6_fl_list = NULL;
1133
1134 /* Clone RX bits */
1135 newnp->rxopt.all = np->rxopt.all;
1136
1137 newnp->pktoptions = NULL;
1138 newnp->opt = NULL;
1139 newnp->mcast_oif = tcp_v6_iif(skb);
1140 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1141 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1142 if (np->repflow)
1143 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1144
1145 /* Clone native IPv6 options from listening socket (if any)
1146
1147 Yes, keeping reference count would be much more clever,
1148 but we make one more one thing there: reattach optmem
1149 to newsk.
1150 */
1151 opt = ireq->ipv6_opt;
1152 if (!opt)
1153 opt = rcu_dereference(np->opt);
1154 if (opt) {
1155 opt = ipv6_dup_options(newsk, opt);
1156 RCU_INIT_POINTER(newnp->opt, opt);
1157 }
1158 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1159 if (opt)
1160 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen +
1161 opt->opt_flen;
1162
1163 tcp_ca_openreq_child(newsk, dst);
1164
1165 tcp_sync_mss(newsk, dst_mtu(dst));
1166 newtp->advmss = dst_metric_advmss(dst);
1167 if (tcp_sk(sk)->rx_opt.user_mss &&
1168 tcp_sk(sk)->rx_opt.user_mss < newtp->advmss)
1169 newtp->advmss = tcp_sk(sk)->rx_opt.user_mss;
1170
1171 tcp_initialize_rcv_mss(newsk);
1172
1173 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1174 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1175
1176 #ifdef CONFIG_TCP_MD5SIG
1177 /* Copy over the MD5 key from the original socket */
1178 key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr);
1179 if (key) {
1180 /* We're using one, so create a matching key
1181 * on the newsk structure. If we fail to get
1182 * memory, then we end up not copying the key
1183 * across. Shucks.
1184 */
1185 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr,
1186 AF_INET6, key->key, key->keylen,
1187 sk_gfp_mask(sk, GFP_ATOMIC));
1188 }
1189 #endif
1190
1191 if (__inet_inherit_port(sk, newsk) < 0) {
1192 inet_csk_prepare_forced_close(newsk);
1193 tcp_done(newsk);
1194 goto out;
1195 }
1196 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash));
1197 if (*own_req) {
1198 tcp_move_syn(newtp, req);
1199
1200 /* Clone pktoptions received with SYN, if we own the req */
1201 if (ireq->pktopts) {
1202 newnp->pktoptions = skb_clone(ireq->pktopts,
1203 sk_gfp_mask(sk, GFP_ATOMIC));
1204 consume_skb(ireq->pktopts);
1205 ireq->pktopts = NULL;
1206 if (newnp->pktoptions) {
1207 tcp_v6_restore_cb(newnp->pktoptions);
1208 skb_set_owner_r(newnp->pktoptions, newsk);
1209 }
1210 }
1211 }
1212
1213 return newsk;
1214
1215 out_overflow:
1216 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1217 out_nonewsk:
1218 dst_release(dst);
1219 out:
1220 tcp_listendrop(sk);
1221 return NULL;
1222 }
1223
1224 /* The socket must have it's spinlock held when we get
1225 * here, unless it is a TCP_LISTEN socket.
1226 *
1227 * We have a potential double-lock case here, so even when
1228 * doing backlog processing we use the BH locking scheme.
1229 * This is because we cannot sleep with the original spinlock
1230 * held.
1231 */
tcp_v6_do_rcv(struct sock * sk,struct sk_buff * skb)1232 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1233 {
1234 struct ipv6_pinfo *np = inet6_sk(sk);
1235 struct tcp_sock *tp;
1236 struct sk_buff *opt_skb = NULL;
1237
1238 /* Imagine: socket is IPv6. IPv4 packet arrives,
1239 goes to IPv4 receive handler and backlogged.
1240 From backlog it always goes here. Kerboom...
1241 Fortunately, tcp_rcv_established and rcv_established
1242 handle them correctly, but it is not case with
1243 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1244 */
1245
1246 if (skb->protocol == htons(ETH_P_IP))
1247 return tcp_v4_do_rcv(sk, skb);
1248
1249 /*
1250 * socket locking is here for SMP purposes as backlog rcv
1251 * is currently called with bh processing disabled.
1252 */
1253
1254 /* Do Stevens' IPV6_PKTOPTIONS.
1255
1256 Yes, guys, it is the only place in our code, where we
1257 may make it not affecting IPv4.
1258 The rest of code is protocol independent,
1259 and I do not like idea to uglify IPv4.
1260
1261 Actually, all the idea behind IPV6_PKTOPTIONS
1262 looks not very well thought. For now we latch
1263 options, received in the last packet, enqueued
1264 by tcp. Feel free to propose better solution.
1265 --ANK (980728)
1266 */
1267 if (np->rxopt.all)
1268 opt_skb = skb_clone(skb, sk_gfp_mask(sk, GFP_ATOMIC));
1269
1270 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1271 struct dst_entry *dst = sk->sk_rx_dst;
1272
1273 sock_rps_save_rxhash(sk, skb);
1274 sk_mark_napi_id(sk, skb);
1275 if (dst) {
1276 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
1277 dst->ops->check(dst, np->rx_dst_cookie) == NULL) {
1278 dst_release(dst);
1279 sk->sk_rx_dst = NULL;
1280 }
1281 }
1282
1283 tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len);
1284 if (opt_skb)
1285 goto ipv6_pktoptions;
1286 return 0;
1287 }
1288
1289 if (tcp_checksum_complete(skb))
1290 goto csum_err;
1291
1292 if (sk->sk_state == TCP_LISTEN) {
1293 struct sock *nsk = tcp_v6_cookie_check(sk, skb);
1294
1295 if (!nsk)
1296 goto discard;
1297
1298 if (nsk != sk) {
1299 sock_rps_save_rxhash(nsk, skb);
1300 sk_mark_napi_id(nsk, skb);
1301 if (tcp_child_process(sk, nsk, skb))
1302 goto reset;
1303 if (opt_skb)
1304 __kfree_skb(opt_skb);
1305 return 0;
1306 }
1307 } else
1308 sock_rps_save_rxhash(sk, skb);
1309
1310 if (tcp_rcv_state_process(sk, skb))
1311 goto reset;
1312 if (opt_skb)
1313 goto ipv6_pktoptions;
1314 return 0;
1315
1316 reset:
1317 tcp_v6_send_reset(sk, skb);
1318 discard:
1319 if (opt_skb)
1320 __kfree_skb(opt_skb);
1321 kfree_skb(skb);
1322 return 0;
1323 csum_err:
1324 TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS);
1325 TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS);
1326 goto discard;
1327
1328
1329 ipv6_pktoptions:
1330 /* Do you ask, what is it?
1331
1332 1. skb was enqueued by tcp.
1333 2. skb is added to tail of read queue, rather than out of order.
1334 3. socket is not in passive state.
1335 4. Finally, it really contains options, which user wants to receive.
1336 */
1337 tp = tcp_sk(sk);
1338 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1339 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1340 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1341 np->mcast_oif = tcp_v6_iif(opt_skb);
1342 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1343 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1344 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
1345 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
1346 if (np->repflow)
1347 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
1348 if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) {
1349 skb_set_owner_r(opt_skb, sk);
1350 tcp_v6_restore_cb(opt_skb);
1351 opt_skb = xchg(&np->pktoptions, opt_skb);
1352 } else {
1353 __kfree_skb(opt_skb);
1354 opt_skb = xchg(&np->pktoptions, NULL);
1355 }
1356 }
1357
1358 kfree_skb(opt_skb);
1359 return 0;
1360 }
1361
tcp_v6_fill_cb(struct sk_buff * skb,const struct ipv6hdr * hdr,const struct tcphdr * th)1362 static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
1363 const struct tcphdr *th)
1364 {
1365 /* This is tricky: we move IP6CB at its correct location into
1366 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
1367 * _decode_session6() uses IP6CB().
1368 * barrier() makes sure compiler won't play aliasing games.
1369 */
1370 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
1371 sizeof(struct inet6_skb_parm));
1372 barrier();
1373
1374 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1375 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1376 skb->len - th->doff*4);
1377 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1378 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1379 TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1380 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1381 TCP_SKB_CB(skb)->sacked = 0;
1382 }
1383
tcp_v6_rcv(struct sk_buff * skb)1384 static int tcp_v6_rcv(struct sk_buff *skb)
1385 {
1386 const struct tcphdr *th;
1387 const struct ipv6hdr *hdr;
1388 bool refcounted;
1389 struct sock *sk;
1390 int ret;
1391 struct net *net = dev_net(skb->dev);
1392
1393 if (skb->pkt_type != PACKET_HOST)
1394 goto discard_it;
1395
1396 /*
1397 * Count it even if it's bad.
1398 */
1399 __TCP_INC_STATS(net, TCP_MIB_INSEGS);
1400
1401 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1402 goto discard_it;
1403
1404 th = (const struct tcphdr *)skb->data;
1405
1406 if (unlikely(th->doff < sizeof(struct tcphdr)/4))
1407 goto bad_packet;
1408 if (!pskb_may_pull(skb, th->doff*4))
1409 goto discard_it;
1410
1411 if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo))
1412 goto csum_error;
1413
1414 th = (const struct tcphdr *)skb->data;
1415 hdr = ipv6_hdr(skb);
1416
1417 lookup:
1418 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th),
1419 th->source, th->dest, inet6_iif(skb),
1420 &refcounted);
1421 if (!sk)
1422 goto no_tcp_socket;
1423
1424 process:
1425 if (sk->sk_state == TCP_TIME_WAIT)
1426 goto do_time_wait;
1427
1428 if (sk->sk_state == TCP_NEW_SYN_RECV) {
1429 struct request_sock *req = inet_reqsk(sk);
1430 struct sock *nsk;
1431
1432 sk = req->rsk_listener;
1433 tcp_v6_fill_cb(skb, hdr, th);
1434 if (tcp_v6_inbound_md5_hash(sk, skb)) {
1435 sk_drops_add(sk, skb);
1436 reqsk_put(req);
1437 goto discard_it;
1438 }
1439 if (unlikely(sk->sk_state != TCP_LISTEN)) {
1440 inet_csk_reqsk_queue_drop_and_put(sk, req);
1441 goto lookup;
1442 }
1443 sock_hold(sk);
1444 refcounted = true;
1445 nsk = NULL;
1446 if (!tcp_filter(sk, skb))
1447 nsk = tcp_check_req(sk, skb, req, false);
1448 if (!nsk) {
1449 reqsk_put(req);
1450 goto discard_and_relse;
1451 }
1452 if (nsk == sk) {
1453 reqsk_put(req);
1454 tcp_v6_restore_cb(skb);
1455 } else if (tcp_child_process(sk, nsk, skb)) {
1456 tcp_v6_send_reset(nsk, skb);
1457 goto discard_and_relse;
1458 } else {
1459 sock_put(sk);
1460 return 0;
1461 }
1462 }
1463 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
1464 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
1465 goto discard_and_relse;
1466 }
1467
1468 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1469 goto discard_and_relse;
1470
1471 tcp_v6_fill_cb(skb, hdr, th);
1472
1473 if (tcp_v6_inbound_md5_hash(sk, skb))
1474 goto discard_and_relse;
1475
1476 if (tcp_filter(sk, skb))
1477 goto discard_and_relse;
1478 th = (const struct tcphdr *)skb->data;
1479 hdr = ipv6_hdr(skb);
1480
1481 skb->dev = NULL;
1482
1483 if (sk->sk_state == TCP_LISTEN) {
1484 ret = tcp_v6_do_rcv(sk, skb);
1485 goto put_and_return;
1486 }
1487
1488 sk_incoming_cpu_update(sk);
1489
1490 bh_lock_sock_nested(sk);
1491 tcp_segs_in(tcp_sk(sk), skb);
1492 ret = 0;
1493 if (!sock_owned_by_user(sk)) {
1494 if (!tcp_prequeue(sk, skb))
1495 ret = tcp_v6_do_rcv(sk, skb);
1496 } else if (tcp_add_backlog(sk, skb)) {
1497 goto discard_and_relse;
1498 }
1499 bh_unlock_sock(sk);
1500
1501 put_and_return:
1502 if (refcounted)
1503 sock_put(sk);
1504 return ret ? -1 : 0;
1505
1506 no_tcp_socket:
1507 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1508 goto discard_it;
1509
1510 tcp_v6_fill_cb(skb, hdr, th);
1511
1512 if (tcp_checksum_complete(skb)) {
1513 csum_error:
1514 __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS);
1515 bad_packet:
1516 __TCP_INC_STATS(net, TCP_MIB_INERRS);
1517 } else {
1518 tcp_v6_send_reset(NULL, skb);
1519 }
1520
1521 discard_it:
1522 kfree_skb(skb);
1523 return 0;
1524
1525 discard_and_relse:
1526 sk_drops_add(sk, skb);
1527 if (refcounted)
1528 sock_put(sk);
1529 goto discard_it;
1530
1531 do_time_wait:
1532 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1533 inet_twsk_put(inet_twsk(sk));
1534 goto discard_it;
1535 }
1536
1537 tcp_v6_fill_cb(skb, hdr, th);
1538
1539 if (tcp_checksum_complete(skb)) {
1540 inet_twsk_put(inet_twsk(sk));
1541 goto csum_error;
1542 }
1543
1544 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1545 case TCP_TW_SYN:
1546 {
1547 struct sock *sk2;
1548
1549 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1550 skb, __tcp_hdrlen(th),
1551 &ipv6_hdr(skb)->saddr, th->source,
1552 &ipv6_hdr(skb)->daddr,
1553 ntohs(th->dest), tcp_v6_iif(skb));
1554 if (sk2) {
1555 struct inet_timewait_sock *tw = inet_twsk(sk);
1556 inet_twsk_deschedule_put(tw);
1557 sk = sk2;
1558 tcp_v6_restore_cb(skb);
1559 refcounted = false;
1560 goto process;
1561 }
1562 /* Fall through to ACK */
1563 }
1564 case TCP_TW_ACK:
1565 tcp_v6_timewait_ack(sk, skb);
1566 break;
1567 case TCP_TW_RST:
1568 tcp_v6_restore_cb(skb);
1569 tcp_v6_send_reset(sk, skb);
1570 inet_twsk_deschedule_put(inet_twsk(sk));
1571 goto discard_it;
1572 case TCP_TW_SUCCESS:
1573 ;
1574 }
1575 goto discard_it;
1576 }
1577
tcp_v6_early_demux(struct sk_buff * skb)1578 static void tcp_v6_early_demux(struct sk_buff *skb)
1579 {
1580 const struct ipv6hdr *hdr;
1581 const struct tcphdr *th;
1582 struct sock *sk;
1583
1584 if (skb->pkt_type != PACKET_HOST)
1585 return;
1586
1587 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1588 return;
1589
1590 hdr = ipv6_hdr(skb);
1591 th = tcp_hdr(skb);
1592
1593 if (th->doff < sizeof(struct tcphdr) / 4)
1594 return;
1595
1596 /* Note : We use inet6_iif() here, not tcp_v6_iif() */
1597 sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1598 &hdr->saddr, th->source,
1599 &hdr->daddr, ntohs(th->dest),
1600 inet6_iif(skb));
1601 if (sk) {
1602 skb->sk = sk;
1603 skb->destructor = sock_edemux;
1604 if (sk_fullsock(sk)) {
1605 struct dst_entry *dst = READ_ONCE(sk->sk_rx_dst);
1606
1607 if (dst)
1608 dst = dst_check(dst, inet6_sk(sk)->rx_dst_cookie);
1609 if (dst &&
1610 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
1611 skb_dst_set_noref(skb, dst);
1612 }
1613 }
1614 }
1615
1616 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1617 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
1618 .twsk_unique = tcp_twsk_unique,
1619 .twsk_destructor = tcp_twsk_destructor,
1620 };
1621
1622 static const struct inet_connection_sock_af_ops ipv6_specific = {
1623 .queue_xmit = inet6_csk_xmit,
1624 .send_check = tcp_v6_send_check,
1625 .rebuild_header = inet6_sk_rebuild_header,
1626 .sk_rx_dst_set = inet6_sk_rx_dst_set,
1627 .conn_request = tcp_v6_conn_request,
1628 .syn_recv_sock = tcp_v6_syn_recv_sock,
1629 .net_header_len = sizeof(struct ipv6hdr),
1630 .net_frag_header_len = sizeof(struct frag_hdr),
1631 .setsockopt = ipv6_setsockopt,
1632 .getsockopt = ipv6_getsockopt,
1633 .addr2sockaddr = inet6_csk_addr2sockaddr,
1634 .sockaddr_len = sizeof(struct sockaddr_in6),
1635 .bind_conflict = inet6_csk_bind_conflict,
1636 #ifdef CONFIG_COMPAT
1637 .compat_setsockopt = compat_ipv6_setsockopt,
1638 .compat_getsockopt = compat_ipv6_getsockopt,
1639 #endif
1640 .mtu_reduced = tcp_v6_mtu_reduced,
1641 };
1642
1643 #ifdef CONFIG_TCP_MD5SIG
1644 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1645 .md5_lookup = tcp_v6_md5_lookup,
1646 .calc_md5_hash = tcp_v6_md5_hash_skb,
1647 .md5_parse = tcp_v6_parse_md5_keys,
1648 };
1649 #endif
1650
1651 /*
1652 * TCP over IPv4 via INET6 API
1653 */
1654 static const struct inet_connection_sock_af_ops ipv6_mapped = {
1655 .queue_xmit = ip_queue_xmit,
1656 .send_check = tcp_v4_send_check,
1657 .rebuild_header = inet_sk_rebuild_header,
1658 .sk_rx_dst_set = inet_sk_rx_dst_set,
1659 .conn_request = tcp_v6_conn_request,
1660 .syn_recv_sock = tcp_v6_syn_recv_sock,
1661 .net_header_len = sizeof(struct iphdr),
1662 .setsockopt = ipv6_setsockopt,
1663 .getsockopt = ipv6_getsockopt,
1664 .addr2sockaddr = inet6_csk_addr2sockaddr,
1665 .sockaddr_len = sizeof(struct sockaddr_in6),
1666 .bind_conflict = inet6_csk_bind_conflict,
1667 #ifdef CONFIG_COMPAT
1668 .compat_setsockopt = compat_ipv6_setsockopt,
1669 .compat_getsockopt = compat_ipv6_getsockopt,
1670 #endif
1671 .mtu_reduced = tcp_v4_mtu_reduced,
1672 };
1673
1674 #ifdef CONFIG_TCP_MD5SIG
1675 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1676 .md5_lookup = tcp_v4_md5_lookup,
1677 .calc_md5_hash = tcp_v4_md5_hash_skb,
1678 .md5_parse = tcp_v6_parse_md5_keys,
1679 };
1680 #endif
1681
1682 /* NOTE: A lot of things set to zero explicitly by call to
1683 * sk_alloc() so need not be done here.
1684 */
tcp_v6_init_sock(struct sock * sk)1685 static int tcp_v6_init_sock(struct sock *sk)
1686 {
1687 struct inet_connection_sock *icsk = inet_csk(sk);
1688
1689 tcp_init_sock(sk);
1690
1691 icsk->icsk_af_ops = &ipv6_specific;
1692
1693 #ifdef CONFIG_TCP_MD5SIG
1694 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
1695 #endif
1696
1697 return 0;
1698 }
1699
tcp_v6_destroy_sock(struct sock * sk)1700 static void tcp_v6_destroy_sock(struct sock *sk)
1701 {
1702 tcp_v4_destroy_sock(sk);
1703 inet6_destroy_sock(sk);
1704 }
1705
1706 #ifdef CONFIG_PROC_FS
1707 /* Proc filesystem TCPv6 sock list dumping. */
get_openreq6(struct seq_file * seq,const struct request_sock * req,int i)1708 static void get_openreq6(struct seq_file *seq,
1709 const struct request_sock *req, int i)
1710 {
1711 long ttd = req->rsk_timer.expires - jiffies;
1712 const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
1713 const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
1714
1715 if (ttd < 0)
1716 ttd = 0;
1717
1718 seq_printf(seq,
1719 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1720 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
1721 i,
1722 src->s6_addr32[0], src->s6_addr32[1],
1723 src->s6_addr32[2], src->s6_addr32[3],
1724 inet_rsk(req)->ir_num,
1725 dest->s6_addr32[0], dest->s6_addr32[1],
1726 dest->s6_addr32[2], dest->s6_addr32[3],
1727 ntohs(inet_rsk(req)->ir_rmt_port),
1728 TCP_SYN_RECV,
1729 0, 0, /* could print option size, but that is af dependent. */
1730 1, /* timers active (only the expire timer) */
1731 jiffies_to_clock_t(ttd),
1732 req->num_timeout,
1733 from_kuid_munged(seq_user_ns(seq),
1734 sock_i_uid(req->rsk_listener)),
1735 0, /* non standard timer */
1736 0, /* open_requests have no inode */
1737 0, req);
1738 }
1739
get_tcp6_sock(struct seq_file * seq,struct sock * sp,int i)1740 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1741 {
1742 const struct in6_addr *dest, *src;
1743 __u16 destp, srcp;
1744 int timer_active;
1745 unsigned long timer_expires;
1746 const struct inet_sock *inet = inet_sk(sp);
1747 const struct tcp_sock *tp = tcp_sk(sp);
1748 const struct inet_connection_sock *icsk = inet_csk(sp);
1749 const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq;
1750 int rx_queue;
1751 int state;
1752
1753 dest = &sp->sk_v6_daddr;
1754 src = &sp->sk_v6_rcv_saddr;
1755 destp = ntohs(inet->inet_dport);
1756 srcp = ntohs(inet->inet_sport);
1757
1758 if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
1759 icsk->icsk_pending == ICSK_TIME_EARLY_RETRANS ||
1760 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
1761 timer_active = 1;
1762 timer_expires = icsk->icsk_timeout;
1763 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1764 timer_active = 4;
1765 timer_expires = icsk->icsk_timeout;
1766 } else if (timer_pending(&sp->sk_timer)) {
1767 timer_active = 2;
1768 timer_expires = sp->sk_timer.expires;
1769 } else {
1770 timer_active = 0;
1771 timer_expires = jiffies;
1772 }
1773
1774 state = sk_state_load(sp);
1775 if (state == TCP_LISTEN)
1776 rx_queue = sp->sk_ack_backlog;
1777 else
1778 /* Because we don't lock the socket,
1779 * we might find a transient negative value.
1780 */
1781 rx_queue = max_t(int, tp->rcv_nxt - tp->copied_seq, 0);
1782
1783 seq_printf(seq,
1784 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1785 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
1786 i,
1787 src->s6_addr32[0], src->s6_addr32[1],
1788 src->s6_addr32[2], src->s6_addr32[3], srcp,
1789 dest->s6_addr32[0], dest->s6_addr32[1],
1790 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1791 state,
1792 tp->write_seq - tp->snd_una,
1793 rx_queue,
1794 timer_active,
1795 jiffies_delta_to_clock_t(timer_expires - jiffies),
1796 icsk->icsk_retransmits,
1797 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
1798 icsk->icsk_probes_out,
1799 sock_i_ino(sp),
1800 atomic_read(&sp->sk_refcnt), sp,
1801 jiffies_to_clock_t(icsk->icsk_rto),
1802 jiffies_to_clock_t(icsk->icsk_ack.ato),
1803 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
1804 tp->snd_cwnd,
1805 state == TCP_LISTEN ?
1806 fastopenq->max_qlen :
1807 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
1808 );
1809 }
1810
get_timewait6_sock(struct seq_file * seq,struct inet_timewait_sock * tw,int i)1811 static void get_timewait6_sock(struct seq_file *seq,
1812 struct inet_timewait_sock *tw, int i)
1813 {
1814 long delta = tw->tw_timer.expires - jiffies;
1815 const struct in6_addr *dest, *src;
1816 __u16 destp, srcp;
1817
1818 dest = &tw->tw_v6_daddr;
1819 src = &tw->tw_v6_rcv_saddr;
1820 destp = ntohs(tw->tw_dport);
1821 srcp = ntohs(tw->tw_sport);
1822
1823 seq_printf(seq,
1824 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1825 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1826 i,
1827 src->s6_addr32[0], src->s6_addr32[1],
1828 src->s6_addr32[2], src->s6_addr32[3], srcp,
1829 dest->s6_addr32[0], dest->s6_addr32[1],
1830 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1831 tw->tw_substate, 0, 0,
1832 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
1833 atomic_read(&tw->tw_refcnt), tw);
1834 }
1835
tcp6_seq_show(struct seq_file * seq,void * v)1836 static int tcp6_seq_show(struct seq_file *seq, void *v)
1837 {
1838 struct tcp_iter_state *st;
1839 struct sock *sk = v;
1840
1841 if (v == SEQ_START_TOKEN) {
1842 seq_puts(seq,
1843 " sl "
1844 "local_address "
1845 "remote_address "
1846 "st tx_queue rx_queue tr tm->when retrnsmt"
1847 " uid timeout inode\n");
1848 goto out;
1849 }
1850 st = seq->private;
1851
1852 if (sk->sk_state == TCP_TIME_WAIT)
1853 get_timewait6_sock(seq, v, st->num);
1854 else if (sk->sk_state == TCP_NEW_SYN_RECV)
1855 get_openreq6(seq, v, st->num);
1856 else
1857 get_tcp6_sock(seq, v, st->num);
1858 out:
1859 return 0;
1860 }
1861
1862 static const struct file_operations tcp6_afinfo_seq_fops = {
1863 .owner = THIS_MODULE,
1864 .open = tcp_seq_open,
1865 .read = seq_read,
1866 .llseek = seq_lseek,
1867 .release = seq_release_net
1868 };
1869
1870 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1871 .name = "tcp6",
1872 .family = AF_INET6,
1873 .seq_fops = &tcp6_afinfo_seq_fops,
1874 .seq_ops = {
1875 .show = tcp6_seq_show,
1876 },
1877 };
1878
tcp6_proc_init(struct net * net)1879 int __net_init tcp6_proc_init(struct net *net)
1880 {
1881 return tcp_proc_register(net, &tcp6_seq_afinfo);
1882 }
1883
tcp6_proc_exit(struct net * net)1884 void tcp6_proc_exit(struct net *net)
1885 {
1886 tcp_proc_unregister(net, &tcp6_seq_afinfo);
1887 }
1888 #endif
1889
1890 struct proto tcpv6_prot = {
1891 .name = "TCPv6",
1892 .owner = THIS_MODULE,
1893 .close = tcp_close,
1894 .connect = tcp_v6_connect,
1895 .disconnect = tcp_disconnect,
1896 .accept = inet_csk_accept,
1897 .ioctl = tcp_ioctl,
1898 .init = tcp_v6_init_sock,
1899 .destroy = tcp_v6_destroy_sock,
1900 .shutdown = tcp_shutdown,
1901 .setsockopt = tcp_setsockopt,
1902 .getsockopt = tcp_getsockopt,
1903 .recvmsg = tcp_recvmsg,
1904 .sendmsg = tcp_sendmsg,
1905 .sendpage = tcp_sendpage,
1906 .backlog_rcv = tcp_v6_do_rcv,
1907 .release_cb = tcp_release_cb,
1908 .hash = inet6_hash,
1909 .unhash = inet_unhash,
1910 .get_port = inet_csk_get_port,
1911 .enter_memory_pressure = tcp_enter_memory_pressure,
1912 .stream_memory_free = tcp_stream_memory_free,
1913 .sockets_allocated = &tcp_sockets_allocated,
1914 .memory_allocated = &tcp_memory_allocated,
1915 .memory_pressure = &tcp_memory_pressure,
1916 .orphan_count = &tcp_orphan_count,
1917 .sysctl_mem = sysctl_tcp_mem,
1918 .sysctl_wmem = sysctl_tcp_wmem,
1919 .sysctl_rmem = sysctl_tcp_rmem,
1920 .max_header = MAX_TCP_HEADER,
1921 .obj_size = sizeof(struct tcp6_sock),
1922 .slab_flags = SLAB_DESTROY_BY_RCU,
1923 .twsk_prot = &tcp6_timewait_sock_ops,
1924 .rsk_prot = &tcp6_request_sock_ops,
1925 .h.hashinfo = &tcp_hashinfo,
1926 .no_autobind = true,
1927 #ifdef CONFIG_COMPAT
1928 .compat_setsockopt = compat_tcp_setsockopt,
1929 .compat_getsockopt = compat_tcp_getsockopt,
1930 #endif
1931 .diag_destroy = tcp_abort,
1932 };
1933
1934 static const struct inet6_protocol tcpv6_protocol = {
1935 .early_demux = tcp_v6_early_demux,
1936 .handler = tcp_v6_rcv,
1937 .err_handler = tcp_v6_err,
1938 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1939 };
1940
1941 static struct inet_protosw tcpv6_protosw = {
1942 .type = SOCK_STREAM,
1943 .protocol = IPPROTO_TCP,
1944 .prot = &tcpv6_prot,
1945 .ops = &inet6_stream_ops,
1946 .flags = INET_PROTOSW_PERMANENT |
1947 INET_PROTOSW_ICSK,
1948 };
1949
tcpv6_net_init(struct net * net)1950 static int __net_init tcpv6_net_init(struct net *net)
1951 {
1952 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
1953 SOCK_RAW, IPPROTO_TCP, net);
1954 }
1955
tcpv6_net_exit(struct net * net)1956 static void __net_exit tcpv6_net_exit(struct net *net)
1957 {
1958 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
1959 }
1960
tcpv6_net_exit_batch(struct list_head * net_exit_list)1961 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
1962 {
1963 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET6);
1964 }
1965
1966 static struct pernet_operations tcpv6_net_ops = {
1967 .init = tcpv6_net_init,
1968 .exit = tcpv6_net_exit,
1969 .exit_batch = tcpv6_net_exit_batch,
1970 };
1971
tcpv6_init(void)1972 int __init tcpv6_init(void)
1973 {
1974 int ret;
1975
1976 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
1977 if (ret)
1978 goto out;
1979
1980 /* register inet6 protocol */
1981 ret = inet6_register_protosw(&tcpv6_protosw);
1982 if (ret)
1983 goto out_tcpv6_protocol;
1984
1985 ret = register_pernet_subsys(&tcpv6_net_ops);
1986 if (ret)
1987 goto out_tcpv6_protosw;
1988 out:
1989 return ret;
1990
1991 out_tcpv6_protosw:
1992 inet6_unregister_protosw(&tcpv6_protosw);
1993 out_tcpv6_protocol:
1994 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
1995 goto out;
1996 }
1997
tcpv6_exit(void)1998 void tcpv6_exit(void)
1999 {
2000 unregister_pernet_subsys(&tcpv6_net_ops);
2001 inet6_unregister_protosw(&tcpv6_protosw);
2002 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2003 }
2004