1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * TCP over IPv6
4 * Linux INET6 implementation
5 *
6 * Authors:
7 * Pedro Roque <roque@di.fc.ul.pt>
8 *
9 * Based on:
10 * linux/net/ipv4/tcp.c
11 * linux/net/ipv4/tcp_input.c
12 * linux/net/ipv4/tcp_output.c
13 *
14 * Fixes:
15 * Hideaki YOSHIFUJI : sin6_scope_id support
16 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
17 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
18 * a single port at the same time.
19 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
20 */
21
22 #include <linux/bottom_half.h>
23 #include <linux/module.h>
24 #include <linux/errno.h>
25 #include <linux/types.h>
26 #include <linux/socket.h>
27 #include <linux/sockios.h>
28 #include <linux/net.h>
29 #include <linux/jiffies.h>
30 #include <linux/in.h>
31 #include <linux/in6.h>
32 #include <linux/netdevice.h>
33 #include <linux/init.h>
34 #include <linux/jhash.h>
35 #include <linux/ipsec.h>
36 #include <linux/times.h>
37 #include <linux/slab.h>
38 #include <linux/uaccess.h>
39 #include <linux/ipv6.h>
40 #include <linux/icmpv6.h>
41 #include <linux/random.h>
42 #include <linux/indirect_call_wrapper.h>
43
44 #include <net/tcp.h>
45 #include <net/ndisc.h>
46 #include <net/inet6_hashtables.h>
47 #include <net/inet6_connection_sock.h>
48 #include <net/ipv6.h>
49 #include <net/transp_v6.h>
50 #include <net/addrconf.h>
51 #include <net/ip6_route.h>
52 #include <net/ip6_checksum.h>
53 #include <net/inet_ecn.h>
54 #include <net/protocol.h>
55 #include <net/xfrm.h>
56 #include <net/snmp.h>
57 #include <net/dsfield.h>
58 #include <net/timewait_sock.h>
59 #include <net/inet_common.h>
60 #include <net/secure_seq.h>
61 #include <net/hotdata.h>
62 #include <net/busy_poll.h>
63 #include <net/rstreason.h>
64
65 #include <linux/proc_fs.h>
66 #include <linux/seq_file.h>
67
68 #include <crypto/hash.h>
69 #include <linux/scatterlist.h>
70
71 #include <trace/events/tcp.h>
72 #include <trace/hooks/net.h>
73
74 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb,
75 enum sk_rst_reason reason);
76 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
77 struct request_sock *req);
78
79 INDIRECT_CALLABLE_SCOPE int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
80
81 static const struct inet_connection_sock_af_ops ipv6_mapped;
82 const struct inet_connection_sock_af_ops ipv6_specific;
83 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
84 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
85 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
86 #endif
87
88 /* Helper returning the inet6 address from a given tcp socket.
89 * It can be used in TCP stack instead of inet6_sk(sk).
90 * This avoids a dereference and allow compiler optimizations.
91 * It is a specialized version of inet6_sk_generic().
92 */
93 #define tcp_inet6_sk(sk) (&container_of_const(tcp_sk(sk), \
94 struct tcp6_sock, tcp)->inet6)
95
inet6_sk_rx_dst_set(struct sock * sk,const struct sk_buff * skb)96 static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
97 {
98 struct dst_entry *dst = skb_dst(skb);
99
100 if (dst && dst_hold_safe(dst)) {
101 rcu_assign_pointer(sk->sk_rx_dst, dst);
102 sk->sk_rx_dst_ifindex = skb->skb_iif;
103 sk->sk_rx_dst_cookie = rt6_get_cookie(dst_rt6_info(dst));
104 }
105 }
106
tcp_v6_init_seq(const struct sk_buff * skb)107 static u32 tcp_v6_init_seq(const struct sk_buff *skb)
108 {
109 return secure_tcpv6_seq(ipv6_hdr(skb)->daddr.s6_addr32,
110 ipv6_hdr(skb)->saddr.s6_addr32,
111 tcp_hdr(skb)->dest,
112 tcp_hdr(skb)->source);
113 }
114
tcp_v6_init_ts_off(const struct net * net,const struct sk_buff * skb)115 static u32 tcp_v6_init_ts_off(const struct net *net, const struct sk_buff *skb)
116 {
117 return secure_tcpv6_ts_off(net, ipv6_hdr(skb)->daddr.s6_addr32,
118 ipv6_hdr(skb)->saddr.s6_addr32);
119 }
120
tcp_v6_pre_connect(struct sock * sk,struct sockaddr * uaddr,int addr_len)121 static int tcp_v6_pre_connect(struct sock *sk, struct sockaddr *uaddr,
122 int addr_len)
123 {
124 /* This check is replicated from tcp_v6_connect() and intended to
125 * prevent BPF program called below from accessing bytes that are out
126 * of the bound specified by user in addr_len.
127 */
128 if (addr_len < SIN6_LEN_RFC2133)
129 return -EINVAL;
130
131 sock_owned_by_me(sk);
132
133 return BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr, &addr_len);
134 }
135
tcp_v6_connect(struct sock * sk,struct sockaddr * uaddr,int addr_len)136 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
137 int addr_len)
138 {
139 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
140 struct inet_connection_sock *icsk = inet_csk(sk);
141 struct in6_addr *saddr = NULL, *final_p, final;
142 struct inet_timewait_death_row *tcp_death_row;
143 struct ipv6_pinfo *np = tcp_inet6_sk(sk);
144 struct inet_sock *inet = inet_sk(sk);
145 struct tcp_sock *tp = tcp_sk(sk);
146 struct net *net = sock_net(sk);
147 struct ipv6_txoptions *opt;
148 struct dst_entry *dst;
149 struct flowi6 fl6;
150 int addr_type;
151 int err;
152
153 if (addr_len < SIN6_LEN_RFC2133)
154 return -EINVAL;
155
156 if (usin->sin6_family != AF_INET6)
157 return -EAFNOSUPPORT;
158
159 memset(&fl6, 0, sizeof(fl6));
160
161 if (inet6_test_bit(SNDFLOW, sk)) {
162 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
163 IP6_ECN_flow_init(fl6.flowlabel);
164 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
165 struct ip6_flowlabel *flowlabel;
166 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
167 if (IS_ERR(flowlabel))
168 return -EINVAL;
169 fl6_sock_release(flowlabel);
170 }
171 }
172
173 /*
174 * connect() to INADDR_ANY means loopback (BSD'ism).
175 */
176
177 if (ipv6_addr_any(&usin->sin6_addr)) {
178 if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr))
179 ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK),
180 &usin->sin6_addr);
181 else
182 usin->sin6_addr = in6addr_loopback;
183 }
184
185 addr_type = ipv6_addr_type(&usin->sin6_addr);
186
187 if (addr_type & IPV6_ADDR_MULTICAST)
188 return -ENETUNREACH;
189
190 if (addr_type&IPV6_ADDR_LINKLOCAL) {
191 if (addr_len >= sizeof(struct sockaddr_in6) &&
192 usin->sin6_scope_id) {
193 /* If interface is set while binding, indices
194 * must coincide.
195 */
196 if (!sk_dev_equal_l3scope(sk, usin->sin6_scope_id))
197 return -EINVAL;
198
199 sk->sk_bound_dev_if = usin->sin6_scope_id;
200 }
201
202 /* Connect to link-local address requires an interface */
203 if (!sk->sk_bound_dev_if)
204 return -EINVAL;
205 }
206
207 if (tp->rx_opt.ts_recent_stamp &&
208 !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
209 tp->rx_opt.ts_recent = 0;
210 tp->rx_opt.ts_recent_stamp = 0;
211 WRITE_ONCE(tp->write_seq, 0);
212 }
213
214 sk->sk_v6_daddr = usin->sin6_addr;
215 np->flow_label = fl6.flowlabel;
216
217 /*
218 * TCP over IPv4
219 */
220
221 if (addr_type & IPV6_ADDR_MAPPED) {
222 u32 exthdrlen = icsk->icsk_ext_hdr_len;
223 struct sockaddr_in sin;
224
225 if (ipv6_only_sock(sk))
226 return -ENETUNREACH;
227
228 sin.sin_family = AF_INET;
229 sin.sin_port = usin->sin6_port;
230 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
231
232 /* Paired with READ_ONCE() in tcp_(get|set)sockopt() */
233 WRITE_ONCE(icsk->icsk_af_ops, &ipv6_mapped);
234 if (sk_is_mptcp(sk))
235 mptcpv6_handle_mapped(sk, true);
236 sk->sk_backlog_rcv = tcp_v4_do_rcv;
237 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
238 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
239 #endif
240
241 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
242
243 if (err) {
244 icsk->icsk_ext_hdr_len = exthdrlen;
245 /* Paired with READ_ONCE() in tcp_(get|set)sockopt() */
246 WRITE_ONCE(icsk->icsk_af_ops, &ipv6_specific);
247 if (sk_is_mptcp(sk))
248 mptcpv6_handle_mapped(sk, false);
249 sk->sk_backlog_rcv = tcp_v6_do_rcv;
250 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
251 tp->af_specific = &tcp_sock_ipv6_specific;
252 #endif
253 goto failure;
254 }
255 np->saddr = sk->sk_v6_rcv_saddr;
256
257 return err;
258 }
259
260 trace_android_vh_tcp_v6_connect(sk, uaddr);
261
262 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
263 saddr = &sk->sk_v6_rcv_saddr;
264
265 fl6.flowi6_proto = IPPROTO_TCP;
266 fl6.daddr = sk->sk_v6_daddr;
267 fl6.saddr = saddr ? *saddr : np->saddr;
268 fl6.flowlabel = ip6_make_flowinfo(np->tclass, np->flow_label);
269 fl6.flowi6_oif = sk->sk_bound_dev_if;
270 fl6.flowi6_mark = sk->sk_mark;
271 fl6.fl6_dport = usin->sin6_port;
272 fl6.fl6_sport = inet->inet_sport;
273 fl6.flowi6_uid = sk->sk_uid;
274
275 opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
276 final_p = fl6_update_dst(&fl6, opt, &final);
277
278 security_sk_classify_flow(sk, flowi6_to_flowi_common(&fl6));
279
280 dst = ip6_dst_lookup_flow(net, sk, &fl6, final_p);
281 if (IS_ERR(dst)) {
282 err = PTR_ERR(dst);
283 goto failure;
284 }
285
286 tp->tcp_usec_ts = dst_tcp_usec_ts(dst);
287 tcp_death_row = &sock_net(sk)->ipv4.tcp_death_row;
288
289 if (!saddr) {
290 saddr = &fl6.saddr;
291
292 err = inet_bhash2_update_saddr(sk, saddr, AF_INET6);
293 if (err)
294 goto failure;
295 }
296
297 /* set the source address */
298 np->saddr = *saddr;
299 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
300
301 sk->sk_gso_type = SKB_GSO_TCPV6;
302 ip6_dst_store(sk, dst, NULL, NULL);
303
304 icsk->icsk_ext_hdr_len = 0;
305 if (opt)
306 icsk->icsk_ext_hdr_len = opt->opt_flen +
307 opt->opt_nflen;
308
309 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
310
311 inet->inet_dport = usin->sin6_port;
312
313 tcp_set_state(sk, TCP_SYN_SENT);
314 err = inet6_hash_connect(tcp_death_row, sk);
315 if (err)
316 goto late_failure;
317
318 sk_set_txhash(sk);
319
320 if (likely(!tp->repair)) {
321 if (!tp->write_seq)
322 WRITE_ONCE(tp->write_seq,
323 secure_tcpv6_seq(np->saddr.s6_addr32,
324 sk->sk_v6_daddr.s6_addr32,
325 inet->inet_sport,
326 inet->inet_dport));
327 tp->tsoffset = secure_tcpv6_ts_off(net, np->saddr.s6_addr32,
328 sk->sk_v6_daddr.s6_addr32);
329 }
330
331 if (tcp_fastopen_defer_connect(sk, &err))
332 return err;
333 if (err)
334 goto late_failure;
335
336 err = tcp_connect(sk);
337 if (err)
338 goto late_failure;
339
340 return 0;
341
342 late_failure:
343 tcp_set_state(sk, TCP_CLOSE);
344 inet_bhash2_reset_saddr(sk);
345 failure:
346 inet->inet_dport = 0;
347 sk->sk_route_caps = 0;
348 return err;
349 }
350
tcp_v6_mtu_reduced(struct sock * sk)351 static void tcp_v6_mtu_reduced(struct sock *sk)
352 {
353 struct dst_entry *dst;
354 u32 mtu;
355
356 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
357 return;
358
359 mtu = READ_ONCE(tcp_sk(sk)->mtu_info);
360
361 /* Drop requests trying to increase our current mss.
362 * Check done in __ip6_rt_update_pmtu() is too late.
363 */
364 if (tcp_mtu_to_mss(sk, mtu) >= tcp_sk(sk)->mss_cache)
365 return;
366
367 dst = inet6_csk_update_pmtu(sk, mtu);
368 if (!dst)
369 return;
370
371 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
372 tcp_sync_mss(sk, dst_mtu(dst));
373 tcp_simple_retransmit(sk);
374 }
375 }
376
tcp_v6_err(struct sk_buff * skb,struct inet6_skb_parm * opt,u8 type,u8 code,int offset,__be32 info)377 static int tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
378 u8 type, u8 code, int offset, __be32 info)
379 {
380 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
381 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
382 struct net *net = dev_net(skb->dev);
383 struct request_sock *fastopen;
384 struct ipv6_pinfo *np;
385 struct tcp_sock *tp;
386 __u32 seq, snd_una;
387 struct sock *sk;
388 bool fatal;
389 int err;
390
391 sk = __inet6_lookup_established(net, net->ipv4.tcp_death_row.hashinfo,
392 &hdr->daddr, th->dest,
393 &hdr->saddr, ntohs(th->source),
394 skb->dev->ifindex, inet6_sdif(skb));
395
396 if (!sk) {
397 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev),
398 ICMP6_MIB_INERRORS);
399 return -ENOENT;
400 }
401
402 if (sk->sk_state == TCP_TIME_WAIT) {
403 /* To increase the counter of ignored icmps for TCP-AO */
404 tcp_ao_ignore_icmp(sk, AF_INET6, type, code);
405 inet_twsk_put(inet_twsk(sk));
406 return 0;
407 }
408 seq = ntohl(th->seq);
409 fatal = icmpv6_err_convert(type, code, &err);
410 if (sk->sk_state == TCP_NEW_SYN_RECV) {
411 tcp_req_err(sk, seq, fatal);
412 return 0;
413 }
414
415 if (tcp_ao_ignore_icmp(sk, AF_INET6, type, code)) {
416 sock_put(sk);
417 return 0;
418 }
419
420 bh_lock_sock(sk);
421 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
422 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS);
423
424 if (sk->sk_state == TCP_CLOSE)
425 goto out;
426
427 if (static_branch_unlikely(&ip6_min_hopcount)) {
428 /* min_hopcount can be changed concurrently from do_ipv6_setsockopt() */
429 if (ipv6_hdr(skb)->hop_limit < READ_ONCE(tcp_inet6_sk(sk)->min_hopcount)) {
430 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
431 goto out;
432 }
433 }
434
435 tp = tcp_sk(sk);
436 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
437 fastopen = rcu_dereference(tp->fastopen_rsk);
438 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
439 if (sk->sk_state != TCP_LISTEN &&
440 !between(seq, snd_una, tp->snd_nxt)) {
441 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
442 goto out;
443 }
444
445 np = tcp_inet6_sk(sk);
446
447 if (type == NDISC_REDIRECT) {
448 if (!sock_owned_by_user(sk)) {
449 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
450
451 if (dst)
452 dst->ops->redirect(dst, sk, skb);
453 }
454 goto out;
455 }
456
457 if (type == ICMPV6_PKT_TOOBIG) {
458 u32 mtu = ntohl(info);
459
460 /* We are not interested in TCP_LISTEN and open_requests
461 * (SYN-ACKs send out by Linux are always <576bytes so
462 * they should go through unfragmented).
463 */
464 if (sk->sk_state == TCP_LISTEN)
465 goto out;
466
467 if (!ip6_sk_accept_pmtu(sk))
468 goto out;
469
470 if (mtu < IPV6_MIN_MTU)
471 goto out;
472
473 WRITE_ONCE(tp->mtu_info, mtu);
474
475 if (!sock_owned_by_user(sk))
476 tcp_v6_mtu_reduced(sk);
477 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
478 &sk->sk_tsq_flags))
479 sock_hold(sk);
480 goto out;
481 }
482
483
484 /* Might be for an request_sock */
485 switch (sk->sk_state) {
486 case TCP_SYN_SENT:
487 case TCP_SYN_RECV:
488 /* Only in fast or simultaneous open. If a fast open socket is
489 * already accepted it is treated as a connected one below.
490 */
491 if (fastopen && !fastopen->sk)
492 break;
493
494 ipv6_icmp_error(sk, skb, err, th->dest, ntohl(info), (u8 *)th);
495
496 if (!sock_owned_by_user(sk))
497 tcp_done_with_error(sk, err);
498 else
499 WRITE_ONCE(sk->sk_err_soft, err);
500 goto out;
501 case TCP_LISTEN:
502 break;
503 default:
504 /* check if this ICMP message allows revert of backoff.
505 * (see RFC 6069)
506 */
507 if (!fastopen && type == ICMPV6_DEST_UNREACH &&
508 code == ICMPV6_NOROUTE)
509 tcp_ld_RTO_revert(sk, seq);
510 }
511
512 if (!sock_owned_by_user(sk) && inet6_test_bit(RECVERR6, sk)) {
513 WRITE_ONCE(sk->sk_err, err);
514 sk_error_report(sk);
515 } else {
516 WRITE_ONCE(sk->sk_err_soft, err);
517 }
518 out:
519 bh_unlock_sock(sk);
520 sock_put(sk);
521 return 0;
522 }
523
524
tcp_v6_send_synack(const struct sock * sk,struct dst_entry * dst,struct flowi * fl,struct request_sock * req,struct tcp_fastopen_cookie * foc,enum tcp_synack_type synack_type,struct sk_buff * syn_skb)525 static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst,
526 struct flowi *fl,
527 struct request_sock *req,
528 struct tcp_fastopen_cookie *foc,
529 enum tcp_synack_type synack_type,
530 struct sk_buff *syn_skb)
531 {
532 struct inet_request_sock *ireq = inet_rsk(req);
533 const struct ipv6_pinfo *np = tcp_inet6_sk(sk);
534 struct ipv6_txoptions *opt;
535 struct flowi6 *fl6 = &fl->u.ip6;
536 struct sk_buff *skb;
537 int err = -ENOMEM;
538 u8 tclass;
539
540 /* First, grab a route. */
541 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req,
542 IPPROTO_TCP)) == NULL)
543 goto done;
544
545 skb = tcp_make_synack(sk, dst, req, foc, synack_type, syn_skb);
546
547 if (skb) {
548 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
549 &ireq->ir_v6_rmt_addr);
550
551 fl6->daddr = ireq->ir_v6_rmt_addr;
552 if (inet6_test_bit(REPFLOW, sk) && ireq->pktopts)
553 fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
554
555 tclass = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_reflect_tos) ?
556 (tcp_rsk(req)->syn_tos & ~INET_ECN_MASK) |
557 (np->tclass & INET_ECN_MASK) :
558 np->tclass;
559
560 if (!INET_ECN_is_capable(tclass) &&
561 tcp_bpf_ca_needs_ecn((struct sock *)req))
562 tclass |= INET_ECN_ECT_0;
563
564 rcu_read_lock();
565 opt = ireq->ipv6_opt;
566 if (!opt)
567 opt = rcu_dereference(np->opt);
568 err = ip6_xmit(sk, skb, fl6, skb->mark ? : READ_ONCE(sk->sk_mark),
569 opt, tclass, READ_ONCE(sk->sk_priority));
570 rcu_read_unlock();
571 err = net_xmit_eval(err);
572 }
573
574 done:
575 return err;
576 }
577
578
tcp_v6_reqsk_destructor(struct request_sock * req)579 static void tcp_v6_reqsk_destructor(struct request_sock *req)
580 {
581 kfree(inet_rsk(req)->ipv6_opt);
582 consume_skb(inet_rsk(req)->pktopts);
583 }
584
585 #ifdef CONFIG_TCP_MD5SIG
tcp_v6_md5_do_lookup(const struct sock * sk,const struct in6_addr * addr,int l3index)586 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
587 const struct in6_addr *addr,
588 int l3index)
589 {
590 return tcp_md5_do_lookup(sk, l3index,
591 (union tcp_md5_addr *)addr, AF_INET6);
592 }
593
tcp_v6_md5_lookup(const struct sock * sk,const struct sock * addr_sk)594 static struct tcp_md5sig_key *tcp_v6_md5_lookup(const struct sock *sk,
595 const struct sock *addr_sk)
596 {
597 int l3index;
598
599 l3index = l3mdev_master_ifindex_by_index(sock_net(sk),
600 addr_sk->sk_bound_dev_if);
601 return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr,
602 l3index);
603 }
604
tcp_v6_parse_md5_keys(struct sock * sk,int optname,sockptr_t optval,int optlen)605 static int tcp_v6_parse_md5_keys(struct sock *sk, int optname,
606 sockptr_t optval, int optlen)
607 {
608 struct tcp_md5sig cmd;
609 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
610 union tcp_ao_addr *addr;
611 int l3index = 0;
612 u8 prefixlen;
613 bool l3flag;
614 u8 flags;
615
616 if (optlen < sizeof(cmd))
617 return -EINVAL;
618
619 if (copy_from_sockptr(&cmd, optval, sizeof(cmd)))
620 return -EFAULT;
621
622 if (sin6->sin6_family != AF_INET6)
623 return -EINVAL;
624
625 flags = cmd.tcpm_flags & TCP_MD5SIG_FLAG_IFINDEX;
626 l3flag = cmd.tcpm_flags & TCP_MD5SIG_FLAG_IFINDEX;
627
628 if (optname == TCP_MD5SIG_EXT &&
629 cmd.tcpm_flags & TCP_MD5SIG_FLAG_PREFIX) {
630 prefixlen = cmd.tcpm_prefixlen;
631 if (prefixlen > 128 || (ipv6_addr_v4mapped(&sin6->sin6_addr) &&
632 prefixlen > 32))
633 return -EINVAL;
634 } else {
635 prefixlen = ipv6_addr_v4mapped(&sin6->sin6_addr) ? 32 : 128;
636 }
637
638 if (optname == TCP_MD5SIG_EXT && cmd.tcpm_ifindex &&
639 cmd.tcpm_flags & TCP_MD5SIG_FLAG_IFINDEX) {
640 struct net_device *dev;
641
642 rcu_read_lock();
643 dev = dev_get_by_index_rcu(sock_net(sk), cmd.tcpm_ifindex);
644 if (dev && netif_is_l3_master(dev))
645 l3index = dev->ifindex;
646 rcu_read_unlock();
647
648 /* ok to reference set/not set outside of rcu;
649 * right now device MUST be an L3 master
650 */
651 if (!dev || !l3index)
652 return -EINVAL;
653 }
654
655 if (!cmd.tcpm_keylen) {
656 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
657 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
658 AF_INET, prefixlen,
659 l3index, flags);
660 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
661 AF_INET6, prefixlen, l3index, flags);
662 }
663
664 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
665 return -EINVAL;
666
667 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) {
668 addr = (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3];
669
670 /* Don't allow keys for peers that have a matching TCP-AO key.
671 * See the comment in tcp_ao_add_cmd()
672 */
673 if (tcp_ao_required(sk, addr, AF_INET,
674 l3flag ? l3index : -1, false))
675 return -EKEYREJECTED;
676 return tcp_md5_do_add(sk, addr,
677 AF_INET, prefixlen, l3index, flags,
678 cmd.tcpm_key, cmd.tcpm_keylen);
679 }
680
681 addr = (union tcp_md5_addr *)&sin6->sin6_addr;
682
683 /* Don't allow keys for peers that have a matching TCP-AO key.
684 * See the comment in tcp_ao_add_cmd()
685 */
686 if (tcp_ao_required(sk, addr, AF_INET6, l3flag ? l3index : -1, false))
687 return -EKEYREJECTED;
688
689 return tcp_md5_do_add(sk, addr, AF_INET6, prefixlen, l3index, flags,
690 cmd.tcpm_key, cmd.tcpm_keylen);
691 }
692
tcp_v6_md5_hash_headers(struct tcp_sigpool * hp,const struct in6_addr * daddr,const struct in6_addr * saddr,const struct tcphdr * th,int nbytes)693 static int tcp_v6_md5_hash_headers(struct tcp_sigpool *hp,
694 const struct in6_addr *daddr,
695 const struct in6_addr *saddr,
696 const struct tcphdr *th, int nbytes)
697 {
698 struct tcp6_pseudohdr *bp;
699 struct scatterlist sg;
700 struct tcphdr *_th;
701
702 bp = hp->scratch;
703 /* 1. TCP pseudo-header (RFC2460) */
704 bp->saddr = *saddr;
705 bp->daddr = *daddr;
706 bp->protocol = cpu_to_be32(IPPROTO_TCP);
707 bp->len = cpu_to_be32(nbytes);
708
709 _th = (struct tcphdr *)(bp + 1);
710 memcpy(_th, th, sizeof(*th));
711 _th->check = 0;
712
713 sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th));
714 ahash_request_set_crypt(hp->req, &sg, NULL,
715 sizeof(*bp) + sizeof(*th));
716 return crypto_ahash_update(hp->req);
717 }
718
tcp_v6_md5_hash_hdr(char * md5_hash,const struct tcp_md5sig_key * key,const struct in6_addr * daddr,struct in6_addr * saddr,const struct tcphdr * th)719 static int tcp_v6_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
720 const struct in6_addr *daddr, struct in6_addr *saddr,
721 const struct tcphdr *th)
722 {
723 struct tcp_sigpool hp;
724
725 if (tcp_sigpool_start(tcp_md5_sigpool_id, &hp))
726 goto clear_hash_nostart;
727
728 if (crypto_ahash_init(hp.req))
729 goto clear_hash;
730 if (tcp_v6_md5_hash_headers(&hp, daddr, saddr, th, th->doff << 2))
731 goto clear_hash;
732 if (tcp_md5_hash_key(&hp, key))
733 goto clear_hash;
734 ahash_request_set_crypt(hp.req, NULL, md5_hash, 0);
735 if (crypto_ahash_final(hp.req))
736 goto clear_hash;
737
738 tcp_sigpool_end(&hp);
739 return 0;
740
741 clear_hash:
742 tcp_sigpool_end(&hp);
743 clear_hash_nostart:
744 memset(md5_hash, 0, 16);
745 return 1;
746 }
747
tcp_v6_md5_hash_skb(char * md5_hash,const struct tcp_md5sig_key * key,const struct sock * sk,const struct sk_buff * skb)748 static int tcp_v6_md5_hash_skb(char *md5_hash,
749 const struct tcp_md5sig_key *key,
750 const struct sock *sk,
751 const struct sk_buff *skb)
752 {
753 const struct tcphdr *th = tcp_hdr(skb);
754 const struct in6_addr *saddr, *daddr;
755 struct tcp_sigpool hp;
756
757 if (sk) { /* valid for establish/request sockets */
758 saddr = &sk->sk_v6_rcv_saddr;
759 daddr = &sk->sk_v6_daddr;
760 } else {
761 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
762 saddr = &ip6h->saddr;
763 daddr = &ip6h->daddr;
764 }
765
766 if (tcp_sigpool_start(tcp_md5_sigpool_id, &hp))
767 goto clear_hash_nostart;
768
769 if (crypto_ahash_init(hp.req))
770 goto clear_hash;
771
772 if (tcp_v6_md5_hash_headers(&hp, daddr, saddr, th, skb->len))
773 goto clear_hash;
774 if (tcp_sigpool_hash_skb_data(&hp, skb, th->doff << 2))
775 goto clear_hash;
776 if (tcp_md5_hash_key(&hp, key))
777 goto clear_hash;
778 ahash_request_set_crypt(hp.req, NULL, md5_hash, 0);
779 if (crypto_ahash_final(hp.req))
780 goto clear_hash;
781
782 tcp_sigpool_end(&hp);
783 return 0;
784
785 clear_hash:
786 tcp_sigpool_end(&hp);
787 clear_hash_nostart:
788 memset(md5_hash, 0, 16);
789 return 1;
790 }
791 #endif
792
tcp_v6_init_req(struct request_sock * req,const struct sock * sk_listener,struct sk_buff * skb,u32 tw_isn)793 static void tcp_v6_init_req(struct request_sock *req,
794 const struct sock *sk_listener,
795 struct sk_buff *skb,
796 u32 tw_isn)
797 {
798 bool l3_slave = ipv6_l3mdev_skb(TCP_SKB_CB(skb)->header.h6.flags);
799 struct inet_request_sock *ireq = inet_rsk(req);
800 const struct ipv6_pinfo *np = tcp_inet6_sk(sk_listener);
801
802 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
803 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
804
805 /* So that link locals have meaning */
806 if ((!sk_listener->sk_bound_dev_if || l3_slave) &&
807 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
808 ireq->ir_iif = tcp_v6_iif(skb);
809
810 if (!tw_isn &&
811 (ipv6_opt_accepted(sk_listener, skb, &TCP_SKB_CB(skb)->header.h6) ||
812 np->rxopt.bits.rxinfo ||
813 np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim ||
814 np->rxopt.bits.rxohlim || inet6_test_bit(REPFLOW, sk_listener))) {
815 refcount_inc(&skb->users);
816 ireq->pktopts = skb;
817 }
818 }
819
tcp_v6_route_req(const struct sock * sk,struct sk_buff * skb,struct flowi * fl,struct request_sock * req,u32 tw_isn)820 static struct dst_entry *tcp_v6_route_req(const struct sock *sk,
821 struct sk_buff *skb,
822 struct flowi *fl,
823 struct request_sock *req,
824 u32 tw_isn)
825 {
826 tcp_v6_init_req(req, sk, skb, tw_isn);
827
828 if (security_inet_conn_request(sk, skb, req))
829 return NULL;
830
831 return inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP);
832 }
833
834 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
835 .family = AF_INET6,
836 .obj_size = sizeof(struct tcp6_request_sock),
837 .rtx_syn_ack = tcp_rtx_synack,
838 .send_ack = tcp_v6_reqsk_send_ack,
839 .destructor = tcp_v6_reqsk_destructor,
840 .send_reset = tcp_v6_send_reset,
841 .syn_ack_timeout = tcp_syn_ack_timeout,
842 };
843
844 const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
845 .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) -
846 sizeof(struct ipv6hdr),
847 #ifdef CONFIG_TCP_MD5SIG
848 .req_md5_lookup = tcp_v6_md5_lookup,
849 .calc_md5_hash = tcp_v6_md5_hash_skb,
850 #endif
851 #ifdef CONFIG_TCP_AO
852 .ao_lookup = tcp_v6_ao_lookup_rsk,
853 .ao_calc_key = tcp_v6_ao_calc_key_rsk,
854 .ao_synack_hash = tcp_v6_ao_synack_hash,
855 #endif
856 #ifdef CONFIG_SYN_COOKIES
857 .cookie_init_seq = cookie_v6_init_sequence,
858 #endif
859 .route_req = tcp_v6_route_req,
860 .init_seq = tcp_v6_init_seq,
861 .init_ts_off = tcp_v6_init_ts_off,
862 .send_synack = tcp_v6_send_synack,
863 };
864
tcp_v6_send_response(const struct sock * sk,struct sk_buff * skb,u32 seq,u32 ack,u32 win,u32 tsval,u32 tsecr,int oif,int rst,u8 tclass,__be32 label,u32 priority,u32 txhash,struct tcp_key * key)865 static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 seq,
866 u32 ack, u32 win, u32 tsval, u32 tsecr,
867 int oif, int rst, u8 tclass, __be32 label,
868 u32 priority, u32 txhash, struct tcp_key *key)
869 {
870 const struct tcphdr *th = tcp_hdr(skb);
871 struct tcphdr *t1;
872 struct sk_buff *buff;
873 struct flowi6 fl6;
874 struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
875 struct sock *ctl_sk = net->ipv6.tcp_sk;
876 unsigned int tot_len = sizeof(struct tcphdr);
877 __be32 mrst = 0, *topt;
878 struct dst_entry *dst;
879 __u32 mark = 0;
880
881 if (tsecr)
882 tot_len += TCPOLEN_TSTAMP_ALIGNED;
883 if (tcp_key_is_md5(key))
884 tot_len += TCPOLEN_MD5SIG_ALIGNED;
885 if (tcp_key_is_ao(key))
886 tot_len += tcp_ao_len_aligned(key->ao_key);
887
888 #ifdef CONFIG_MPTCP
889 if (rst && !tcp_key_is_md5(key)) {
890 mrst = mptcp_reset_option(skb);
891
892 if (mrst)
893 tot_len += sizeof(__be32);
894 }
895 #endif
896
897 buff = alloc_skb(MAX_TCP_HEADER, GFP_ATOMIC);
898 if (!buff)
899 return;
900
901 skb_reserve(buff, MAX_TCP_HEADER);
902
903 t1 = skb_push(buff, tot_len);
904 skb_reset_transport_header(buff);
905
906 /* Swap the send and the receive. */
907 memset(t1, 0, sizeof(*t1));
908 t1->dest = th->source;
909 t1->source = th->dest;
910 t1->doff = tot_len / 4;
911 t1->seq = htonl(seq);
912 t1->ack_seq = htonl(ack);
913 t1->ack = !rst || !th->ack;
914 t1->rst = rst;
915 t1->window = htons(win);
916
917 topt = (__be32 *)(t1 + 1);
918
919 if (tsecr) {
920 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
921 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
922 *topt++ = htonl(tsval);
923 *topt++ = htonl(tsecr);
924 }
925
926 if (mrst)
927 *topt++ = mrst;
928
929 #ifdef CONFIG_TCP_MD5SIG
930 if (tcp_key_is_md5(key)) {
931 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
932 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
933 tcp_v6_md5_hash_hdr((__u8 *)topt, key->md5_key,
934 &ipv6_hdr(skb)->saddr,
935 &ipv6_hdr(skb)->daddr, t1);
936 }
937 #endif
938 #ifdef CONFIG_TCP_AO
939 if (tcp_key_is_ao(key)) {
940 *topt++ = htonl((TCPOPT_AO << 24) |
941 (tcp_ao_len(key->ao_key) << 16) |
942 (key->ao_key->sndid << 8) |
943 (key->rcv_next));
944
945 tcp_ao_hash_hdr(AF_INET6, (char *)topt, key->ao_key,
946 key->traffic_key,
947 (union tcp_ao_addr *)&ipv6_hdr(skb)->saddr,
948 (union tcp_ao_addr *)&ipv6_hdr(skb)->daddr,
949 t1, key->sne);
950 }
951 #endif
952
953 memset(&fl6, 0, sizeof(fl6));
954 fl6.daddr = ipv6_hdr(skb)->saddr;
955 fl6.saddr = ipv6_hdr(skb)->daddr;
956 fl6.flowlabel = label;
957
958 buff->ip_summed = CHECKSUM_PARTIAL;
959
960 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
961
962 fl6.flowi6_proto = IPPROTO_TCP;
963 if (rt6_need_strict(&fl6.daddr) && !oif)
964 fl6.flowi6_oif = tcp_v6_iif(skb);
965 else {
966 if (!oif && netif_index_is_l3_master(net, skb->skb_iif))
967 oif = skb->skb_iif;
968
969 fl6.flowi6_oif = oif;
970 }
971
972 if (sk) {
973 if (sk->sk_state == TCP_TIME_WAIT)
974 mark = inet_twsk(sk)->tw_mark;
975 else
976 mark = READ_ONCE(sk->sk_mark);
977 skb_set_delivery_time(buff, tcp_transmit_time(sk), SKB_CLOCK_MONOTONIC);
978 }
979 if (txhash) {
980 /* autoflowlabel/skb_get_hash_flowi6 rely on buff->hash */
981 skb_set_hash(buff, txhash, PKT_HASH_TYPE_L4);
982 }
983 fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark) ?: mark;
984 fl6.fl6_dport = t1->dest;
985 fl6.fl6_sport = t1->source;
986 fl6.flowi6_uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL);
987 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
988
989 /* Pass a socket to ip6_dst_lookup either it is for RST
990 * Underlying function will use this to retrieve the network
991 * namespace
992 */
993 if (sk && sk->sk_state != TCP_TIME_WAIT)
994 dst = ip6_dst_lookup_flow(net, sk, &fl6, NULL); /*sk's xfrm_policy can be referred*/
995 else
996 dst = ip6_dst_lookup_flow(net, ctl_sk, &fl6, NULL);
997 if (!IS_ERR(dst)) {
998 skb_dst_set(buff, dst);
999 ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL,
1000 tclass & ~INET_ECN_MASK, priority);
1001 TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
1002 if (rst)
1003 TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
1004 return;
1005 }
1006
1007 kfree_skb(buff);
1008 }
1009
tcp_v6_send_reset(const struct sock * sk,struct sk_buff * skb,enum sk_rst_reason reason)1010 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb,
1011 enum sk_rst_reason reason)
1012 {
1013 const struct tcphdr *th = tcp_hdr(skb);
1014 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
1015 const __u8 *md5_hash_location = NULL;
1016 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
1017 bool allocated_traffic_key = false;
1018 #endif
1019 const struct tcp_ao_hdr *aoh;
1020 struct tcp_key key = {};
1021 u32 seq = 0, ack_seq = 0;
1022 __be32 label = 0;
1023 u32 priority = 0;
1024 struct net *net;
1025 u32 txhash = 0;
1026 int oif = 0;
1027 #ifdef CONFIG_TCP_MD5SIG
1028 unsigned char newhash[16];
1029 int genhash;
1030 struct sock *sk1 = NULL;
1031 #endif
1032
1033 if (th->rst)
1034 return;
1035
1036 /* If sk not NULL, it means we did a successful lookup and incoming
1037 * route had to be correct. prequeue might have dropped our dst.
1038 */
1039 if (!sk && !ipv6_unicast_destination(skb))
1040 return;
1041
1042 net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
1043 /* Invalid TCP option size or twice included auth */
1044 if (tcp_parse_auth_options(th, &md5_hash_location, &aoh))
1045 return;
1046 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
1047 rcu_read_lock();
1048 #endif
1049 #ifdef CONFIG_TCP_MD5SIG
1050 if (sk && sk_fullsock(sk)) {
1051 int l3index;
1052
1053 /* sdif set, means packet ingressed via a device
1054 * in an L3 domain and inet_iif is set to it.
1055 */
1056 l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
1057 key.md5_key = tcp_v6_md5_do_lookup(sk, &ipv6h->saddr, l3index);
1058 if (key.md5_key)
1059 key.type = TCP_KEY_MD5;
1060 } else if (md5_hash_location) {
1061 int dif = tcp_v6_iif_l3_slave(skb);
1062 int sdif = tcp_v6_sdif(skb);
1063 int l3index;
1064
1065 /*
1066 * active side is lost. Try to find listening socket through
1067 * source port, and then find md5 key through listening socket.
1068 * we are not loose security here:
1069 * Incoming packet is checked with md5 hash with finding key,
1070 * no RST generated if md5 hash doesn't match.
1071 */
1072 sk1 = inet6_lookup_listener(net, net->ipv4.tcp_death_row.hashinfo,
1073 NULL, 0, &ipv6h->saddr, th->source,
1074 &ipv6h->daddr, ntohs(th->source),
1075 dif, sdif);
1076 if (!sk1)
1077 goto out;
1078
1079 /* sdif set, means packet ingressed via a device
1080 * in an L3 domain and dif is set to it.
1081 */
1082 l3index = tcp_v6_sdif(skb) ? dif : 0;
1083
1084 key.md5_key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr, l3index);
1085 if (!key.md5_key)
1086 goto out;
1087 key.type = TCP_KEY_MD5;
1088
1089 genhash = tcp_v6_md5_hash_skb(newhash, key.md5_key, NULL, skb);
1090 if (genhash || memcmp(md5_hash_location, newhash, 16) != 0)
1091 goto out;
1092 }
1093 #endif
1094
1095 if (th->ack)
1096 seq = ntohl(th->ack_seq);
1097 else
1098 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
1099 (th->doff << 2);
1100
1101 #ifdef CONFIG_TCP_AO
1102 if (aoh) {
1103 int l3index;
1104
1105 l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
1106 if (tcp_ao_prepare_reset(sk, skb, aoh, l3index, seq,
1107 &key.ao_key, &key.traffic_key,
1108 &allocated_traffic_key,
1109 &key.rcv_next, &key.sne))
1110 goto out;
1111 key.type = TCP_KEY_AO;
1112 }
1113 #endif
1114
1115 if (sk) {
1116 oif = sk->sk_bound_dev_if;
1117 if (sk_fullsock(sk)) {
1118 if (inet6_test_bit(REPFLOW, sk))
1119 label = ip6_flowlabel(ipv6h);
1120 priority = READ_ONCE(sk->sk_priority);
1121 txhash = sk->sk_txhash;
1122 }
1123 if (sk->sk_state == TCP_TIME_WAIT) {
1124 label = cpu_to_be32(inet_twsk(sk)->tw_flowlabel);
1125 priority = inet_twsk(sk)->tw_priority;
1126 txhash = inet_twsk(sk)->tw_txhash;
1127 }
1128 } else {
1129 if (net->ipv6.sysctl.flowlabel_reflect & FLOWLABEL_REFLECT_TCP_RESET)
1130 label = ip6_flowlabel(ipv6h);
1131 }
1132
1133 trace_tcp_send_reset(sk, skb, reason);
1134
1135 tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, 1,
1136 ipv6_get_dsfield(ipv6h), label, priority, txhash,
1137 &key);
1138
1139 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
1140 out:
1141 if (allocated_traffic_key)
1142 kfree(key.traffic_key);
1143 rcu_read_unlock();
1144 #endif
1145 }
1146
tcp_v6_send_ack(const struct sock * sk,struct sk_buff * skb,u32 seq,u32 ack,u32 win,u32 tsval,u32 tsecr,int oif,struct tcp_key * key,u8 tclass,__be32 label,u32 priority,u32 txhash)1147 static void tcp_v6_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq,
1148 u32 ack, u32 win, u32 tsval, u32 tsecr, int oif,
1149 struct tcp_key *key, u8 tclass,
1150 __be32 label, u32 priority, u32 txhash)
1151 {
1152 tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, 0,
1153 tclass, label, priority, txhash, key);
1154 }
1155
tcp_v6_timewait_ack(struct sock * sk,struct sk_buff * skb)1156 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1157 {
1158 struct inet_timewait_sock *tw = inet_twsk(sk);
1159 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1160 struct tcp_key key = {};
1161 #ifdef CONFIG_TCP_AO
1162 struct tcp_ao_info *ao_info;
1163
1164 if (static_branch_unlikely(&tcp_ao_needed.key)) {
1165
1166 /* FIXME: the segment to-be-acked is not verified yet */
1167 ao_info = rcu_dereference(tcptw->ao_info);
1168 if (ao_info) {
1169 const struct tcp_ao_hdr *aoh;
1170
1171 /* Invalid TCP option size or twice included auth */
1172 if (tcp_parse_auth_options(tcp_hdr(skb), NULL, &aoh))
1173 goto out;
1174 if (aoh)
1175 key.ao_key = tcp_ao_established_key(sk, ao_info,
1176 aoh->rnext_keyid, -1);
1177 }
1178 }
1179 if (key.ao_key) {
1180 struct tcp_ao_key *rnext_key;
1181
1182 key.traffic_key = snd_other_key(key.ao_key);
1183 /* rcv_next switches to our rcv_next */
1184 rnext_key = READ_ONCE(ao_info->rnext_key);
1185 key.rcv_next = rnext_key->rcvid;
1186 key.sne = READ_ONCE(ao_info->snd_sne);
1187 key.type = TCP_KEY_AO;
1188 #else
1189 if (0) {
1190 #endif
1191 #ifdef CONFIG_TCP_MD5SIG
1192 } else if (static_branch_unlikely(&tcp_md5_needed.key)) {
1193 key.md5_key = tcp_twsk_md5_key(tcptw);
1194 if (key.md5_key)
1195 key.type = TCP_KEY_MD5;
1196 #endif
1197 }
1198
1199 tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt,
1200 READ_ONCE(tcptw->tw_rcv_nxt),
1201 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1202 tcp_tw_tsval(tcptw),
1203 READ_ONCE(tcptw->tw_ts_recent), tw->tw_bound_dev_if,
1204 &key, tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel),
1205 tw->tw_priority, tw->tw_txhash);
1206
1207 #ifdef CONFIG_TCP_AO
1208 out:
1209 #endif
1210 inet_twsk_put(tw);
1211 }
1212
1213 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
1214 struct request_sock *req)
1215 {
1216 struct tcp_key key = {};
1217
1218 #ifdef CONFIG_TCP_AO
1219 if (static_branch_unlikely(&tcp_ao_needed.key) &&
1220 tcp_rsk_used_ao(req)) {
1221 const struct in6_addr *addr = &ipv6_hdr(skb)->saddr;
1222 const struct tcp_ao_hdr *aoh;
1223 int l3index;
1224
1225 l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
1226 /* Invalid TCP option size or twice included auth */
1227 if (tcp_parse_auth_options(tcp_hdr(skb), NULL, &aoh))
1228 return;
1229 if (!aoh)
1230 return;
1231 key.ao_key = tcp_ao_do_lookup(sk, l3index,
1232 (union tcp_ao_addr *)addr,
1233 AF_INET6, aoh->rnext_keyid, -1);
1234 if (unlikely(!key.ao_key)) {
1235 /* Send ACK with any matching MKT for the peer */
1236 key.ao_key = tcp_ao_do_lookup(sk, l3index,
1237 (union tcp_ao_addr *)addr,
1238 AF_INET6, -1, -1);
1239 /* Matching key disappeared (user removed the key?)
1240 * let the handshake timeout.
1241 */
1242 if (!key.ao_key) {
1243 net_info_ratelimited("TCP-AO key for (%pI6, %d)->(%pI6, %d) suddenly disappeared, won't ACK new connection\n",
1244 addr,
1245 ntohs(tcp_hdr(skb)->source),
1246 &ipv6_hdr(skb)->daddr,
1247 ntohs(tcp_hdr(skb)->dest));
1248 return;
1249 }
1250 }
1251 key.traffic_key = kmalloc(tcp_ao_digest_size(key.ao_key), GFP_ATOMIC);
1252 if (!key.traffic_key)
1253 return;
1254
1255 key.type = TCP_KEY_AO;
1256 key.rcv_next = aoh->keyid;
1257 tcp_v6_ao_calc_key_rsk(key.ao_key, key.traffic_key, req);
1258 #else
1259 if (0) {
1260 #endif
1261 #ifdef CONFIG_TCP_MD5SIG
1262 } else if (static_branch_unlikely(&tcp_md5_needed.key)) {
1263 int l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
1264
1265 key.md5_key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->saddr,
1266 l3index);
1267 if (key.md5_key)
1268 key.type = TCP_KEY_MD5;
1269 #endif
1270 }
1271
1272 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
1273 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
1274 */
1275 tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ?
1276 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
1277 tcp_rsk(req)->rcv_nxt,
1278 tcp_synack_window(req) >> inet_rsk(req)->rcv_wscale,
1279 tcp_rsk_tsval(tcp_rsk(req)),
1280 READ_ONCE(req->ts_recent), sk->sk_bound_dev_if,
1281 &key, ipv6_get_dsfield(ipv6_hdr(skb)), 0,
1282 READ_ONCE(sk->sk_priority),
1283 READ_ONCE(tcp_rsk(req)->txhash));
1284 if (tcp_key_is_ao(&key))
1285 kfree(key.traffic_key);
1286 }
1287
1288
1289 static struct sock *tcp_v6_cookie_check(struct sock *sk, struct sk_buff *skb)
1290 {
1291 #ifdef CONFIG_SYN_COOKIES
1292 const struct tcphdr *th = tcp_hdr(skb);
1293
1294 if (!th->syn)
1295 sk = cookie_v6_check(sk, skb);
1296 #endif
1297 return sk;
1298 }
1299
1300 u16 tcp_v6_get_syncookie(struct sock *sk, struct ipv6hdr *iph,
1301 struct tcphdr *th, u32 *cookie)
1302 {
1303 u16 mss = 0;
1304 #ifdef CONFIG_SYN_COOKIES
1305 mss = tcp_get_syncookie_mss(&tcp6_request_sock_ops,
1306 &tcp_request_sock_ipv6_ops, sk, th);
1307 if (mss) {
1308 *cookie = __cookie_v6_init_sequence(iph, th, &mss);
1309 tcp_synq_overflow(sk);
1310 }
1311 #endif
1312 return mss;
1313 }
1314
1315 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1316 {
1317 if (skb->protocol == htons(ETH_P_IP))
1318 return tcp_v4_conn_request(sk, skb);
1319
1320 if (!ipv6_unicast_destination(skb))
1321 goto drop;
1322
1323 if (ipv6_addr_v4mapped(&ipv6_hdr(skb)->saddr)) {
1324 __IP6_INC_STATS(sock_net(sk), NULL, IPSTATS_MIB_INHDRERRORS);
1325 return 0;
1326 }
1327
1328 return tcp_conn_request(&tcp6_request_sock_ops,
1329 &tcp_request_sock_ipv6_ops, sk, skb);
1330
1331 drop:
1332 tcp_listendrop(sk);
1333 return 0; /* don't send reset */
1334 }
1335
1336 static void tcp_v6_restore_cb(struct sk_buff *skb)
1337 {
1338 /* We need to move header back to the beginning if xfrm6_policy_check()
1339 * and tcp_v6_fill_cb() are going to be called again.
1340 * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there.
1341 */
1342 memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
1343 sizeof(struct inet6_skb_parm));
1344 }
1345
1346 static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
1347 struct request_sock *req,
1348 struct dst_entry *dst,
1349 struct request_sock *req_unhash,
1350 bool *own_req)
1351 {
1352 struct inet_request_sock *ireq;
1353 struct ipv6_pinfo *newnp;
1354 const struct ipv6_pinfo *np = tcp_inet6_sk(sk);
1355 struct ipv6_txoptions *opt;
1356 struct inet_sock *newinet;
1357 bool found_dup_sk = false;
1358 struct tcp_sock *newtp;
1359 struct sock *newsk;
1360 #ifdef CONFIG_TCP_MD5SIG
1361 struct tcp_md5sig_key *key;
1362 int l3index;
1363 #endif
1364 struct flowi6 fl6;
1365
1366 if (skb->protocol == htons(ETH_P_IP)) {
1367 /*
1368 * v6 mapped
1369 */
1370
1371 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst,
1372 req_unhash, own_req);
1373
1374 if (!newsk)
1375 return NULL;
1376
1377 inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk);
1378
1379 newnp = tcp_inet6_sk(newsk);
1380 newtp = tcp_sk(newsk);
1381
1382 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1383
1384 newnp->saddr = newsk->sk_v6_rcv_saddr;
1385
1386 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1387 if (sk_is_mptcp(newsk))
1388 mptcpv6_handle_mapped(newsk, true);
1389 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1390 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
1391 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1392 #endif
1393
1394 newnp->ipv6_mc_list = NULL;
1395 newnp->ipv6_ac_list = NULL;
1396 newnp->ipv6_fl_list = NULL;
1397 newnp->pktoptions = NULL;
1398 newnp->opt = NULL;
1399 newnp->mcast_oif = inet_iif(skb);
1400 newnp->mcast_hops = ip_hdr(skb)->ttl;
1401 newnp->rcv_flowinfo = 0;
1402 if (inet6_test_bit(REPFLOW, sk))
1403 newnp->flow_label = 0;
1404
1405 /*
1406 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1407 * here, tcp_create_openreq_child now does this for us, see the comment in
1408 * that function for the gory details. -acme
1409 */
1410
1411 /* It is tricky place. Until this moment IPv4 tcp
1412 worked with IPv6 icsk.icsk_af_ops.
1413 Sync it now.
1414 */
1415 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1416
1417 return newsk;
1418 }
1419
1420 ireq = inet_rsk(req);
1421
1422 if (sk_acceptq_is_full(sk))
1423 goto exit_overflow;
1424
1425 if (!dst) {
1426 dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_TCP);
1427 if (!dst)
1428 goto exit;
1429 }
1430
1431 newsk = tcp_create_openreq_child(sk, req, skb);
1432 if (!newsk)
1433 goto exit_nonewsk;
1434
1435 /*
1436 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1437 * count here, tcp_create_openreq_child now does this for us, see the
1438 * comment in that function for the gory details. -acme
1439 */
1440
1441 newsk->sk_gso_type = SKB_GSO_TCPV6;
1442 inet6_sk_rx_dst_set(newsk, skb);
1443
1444 inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk);
1445
1446 newtp = tcp_sk(newsk);
1447 newinet = inet_sk(newsk);
1448 newnp = tcp_inet6_sk(newsk);
1449
1450 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1451
1452 ip6_dst_store(newsk, dst, NULL, NULL);
1453
1454 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
1455 newnp->saddr = ireq->ir_v6_loc_addr;
1456 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
1457 newsk->sk_bound_dev_if = ireq->ir_iif;
1458
1459 /* Now IPv6 options...
1460
1461 First: no IPv4 options.
1462 */
1463 newinet->inet_opt = NULL;
1464 newnp->ipv6_mc_list = NULL;
1465 newnp->ipv6_ac_list = NULL;
1466 newnp->ipv6_fl_list = NULL;
1467
1468 /* Clone RX bits */
1469 newnp->rxopt.all = np->rxopt.all;
1470
1471 newnp->pktoptions = NULL;
1472 newnp->opt = NULL;
1473 newnp->mcast_oif = tcp_v6_iif(skb);
1474 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1475 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1476 if (inet6_test_bit(REPFLOW, sk))
1477 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1478
1479 /* Set ToS of the new socket based upon the value of incoming SYN.
1480 * ECT bits are set later in tcp_init_transfer().
1481 */
1482 if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_reflect_tos))
1483 newnp->tclass = tcp_rsk(req)->syn_tos & ~INET_ECN_MASK;
1484
1485 /* Clone native IPv6 options from listening socket (if any)
1486
1487 Yes, keeping reference count would be much more clever,
1488 but we make one more one thing there: reattach optmem
1489 to newsk.
1490 */
1491 opt = ireq->ipv6_opt;
1492 if (!opt)
1493 opt = rcu_dereference(np->opt);
1494 if (opt) {
1495 opt = ipv6_dup_options(newsk, opt);
1496 RCU_INIT_POINTER(newnp->opt, opt);
1497 }
1498 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1499 if (opt)
1500 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen +
1501 opt->opt_flen;
1502
1503 tcp_ca_openreq_child(newsk, dst);
1504
1505 tcp_sync_mss(newsk, dst_mtu(dst));
1506 newtp->advmss = tcp_mss_clamp(tcp_sk(sk), dst_metric_advmss(dst));
1507
1508 tcp_initialize_rcv_mss(newsk);
1509
1510 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1511 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1512
1513 #ifdef CONFIG_TCP_MD5SIG
1514 l3index = l3mdev_master_ifindex_by_index(sock_net(sk), ireq->ir_iif);
1515
1516 if (!tcp_rsk_used_ao(req)) {
1517 /* Copy over the MD5 key from the original socket */
1518 key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr, l3index);
1519 if (key) {
1520 const union tcp_md5_addr *addr;
1521
1522 addr = (union tcp_md5_addr *)&newsk->sk_v6_daddr;
1523 if (tcp_md5_key_copy(newsk, addr, AF_INET6, 128, l3index, key))
1524 goto put_and_exit;
1525 }
1526 }
1527 #endif
1528 #ifdef CONFIG_TCP_AO
1529 /* Copy over tcp_ao_info if any */
1530 if (tcp_ao_copy_all_matching(sk, newsk, req, skb, AF_INET6))
1531 goto put_and_exit; /* OOM */
1532 #endif
1533
1534 if (__inet_inherit_port(sk, newsk) < 0)
1535 goto put_and_exit;
1536 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash),
1537 &found_dup_sk);
1538 if (*own_req) {
1539 tcp_move_syn(newtp, req);
1540
1541 /* Clone pktoptions received with SYN, if we own the req */
1542 if (ireq->pktopts) {
1543 newnp->pktoptions = skb_clone_and_charge_r(ireq->pktopts, newsk);
1544 consume_skb(ireq->pktopts);
1545 ireq->pktopts = NULL;
1546 if (newnp->pktoptions)
1547 tcp_v6_restore_cb(newnp->pktoptions);
1548 }
1549 } else {
1550 if (!req_unhash && found_dup_sk) {
1551 /* This code path should only be executed in the
1552 * syncookie case only
1553 */
1554 bh_unlock_sock(newsk);
1555 sock_put(newsk);
1556 newsk = NULL;
1557 }
1558 }
1559
1560 return newsk;
1561
1562 exit_overflow:
1563 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1564 exit_nonewsk:
1565 dst_release(dst);
1566 exit:
1567 tcp_listendrop(sk);
1568 return NULL;
1569 put_and_exit:
1570 inet_csk_prepare_forced_close(newsk);
1571 tcp_done(newsk);
1572 goto exit;
1573 }
1574
1575 INDIRECT_CALLABLE_DECLARE(struct dst_entry *ipv4_dst_check(struct dst_entry *,
1576 u32));
1577 /* The socket must have it's spinlock held when we get
1578 * here, unless it is a TCP_LISTEN socket.
1579 *
1580 * We have a potential double-lock case here, so even when
1581 * doing backlog processing we use the BH locking scheme.
1582 * This is because we cannot sleep with the original spinlock
1583 * held.
1584 */
1585 INDIRECT_CALLABLE_SCOPE
1586 int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1587 {
1588 struct ipv6_pinfo *np = tcp_inet6_sk(sk);
1589 struct sk_buff *opt_skb = NULL;
1590 enum skb_drop_reason reason;
1591 struct tcp_sock *tp;
1592
1593 /* Imagine: socket is IPv6. IPv4 packet arrives,
1594 goes to IPv4 receive handler and backlogged.
1595 From backlog it always goes here. Kerboom...
1596 Fortunately, tcp_rcv_established and rcv_established
1597 handle them correctly, but it is not case with
1598 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1599 */
1600
1601 if (skb->protocol == htons(ETH_P_IP))
1602 return tcp_v4_do_rcv(sk, skb);
1603
1604 /*
1605 * socket locking is here for SMP purposes as backlog rcv
1606 * is currently called with bh processing disabled.
1607 */
1608
1609 /* Do Stevens' IPV6_PKTOPTIONS.
1610
1611 Yes, guys, it is the only place in our code, where we
1612 may make it not affecting IPv4.
1613 The rest of code is protocol independent,
1614 and I do not like idea to uglify IPv4.
1615
1616 Actually, all the idea behind IPV6_PKTOPTIONS
1617 looks not very well thought. For now we latch
1618 options, received in the last packet, enqueued
1619 by tcp. Feel free to propose better solution.
1620 --ANK (980728)
1621 */
1622 if (np->rxopt.all && sk->sk_state != TCP_LISTEN)
1623 opt_skb = skb_clone_and_charge_r(skb, sk);
1624
1625 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1626 struct dst_entry *dst;
1627
1628 dst = rcu_dereference_protected(sk->sk_rx_dst,
1629 lockdep_sock_is_held(sk));
1630
1631 sock_rps_save_rxhash(sk, skb);
1632 sk_mark_napi_id(sk, skb);
1633 if (dst) {
1634 if (sk->sk_rx_dst_ifindex != skb->skb_iif ||
1635 INDIRECT_CALL_1(dst->ops->check, ip6_dst_check,
1636 dst, sk->sk_rx_dst_cookie) == NULL) {
1637 RCU_INIT_POINTER(sk->sk_rx_dst, NULL);
1638 dst_release(dst);
1639 }
1640 }
1641
1642 tcp_rcv_established(sk, skb);
1643 if (opt_skb)
1644 goto ipv6_pktoptions;
1645 return 0;
1646 }
1647
1648 if (tcp_checksum_complete(skb))
1649 goto csum_err;
1650
1651 if (sk->sk_state == TCP_LISTEN) {
1652 struct sock *nsk = tcp_v6_cookie_check(sk, skb);
1653
1654 if (nsk != sk) {
1655 if (nsk) {
1656 reason = tcp_child_process(sk, nsk, skb);
1657 if (reason)
1658 goto reset;
1659 }
1660 return 0;
1661 }
1662 } else
1663 sock_rps_save_rxhash(sk, skb);
1664
1665 reason = tcp_rcv_state_process(sk, skb);
1666 if (reason)
1667 goto reset;
1668 if (opt_skb)
1669 goto ipv6_pktoptions;
1670 return 0;
1671
1672 reset:
1673 tcp_v6_send_reset(sk, skb, sk_rst_convert_drop_reason(reason));
1674 discard:
1675 if (opt_skb)
1676 __kfree_skb(opt_skb);
1677 sk_skb_reason_drop(sk, skb, reason);
1678 return 0;
1679 csum_err:
1680 reason = SKB_DROP_REASON_TCP_CSUM;
1681 trace_tcp_bad_csum(skb);
1682 TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS);
1683 TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS);
1684 goto discard;
1685
1686
1687 ipv6_pktoptions:
1688 /* Do you ask, what is it?
1689
1690 1. skb was enqueued by tcp.
1691 2. skb is added to tail of read queue, rather than out of order.
1692 3. socket is not in passive state.
1693 4. Finally, it really contains options, which user wants to receive.
1694 */
1695 tp = tcp_sk(sk);
1696 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1697 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1698 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1699 WRITE_ONCE(np->mcast_oif, tcp_v6_iif(opt_skb));
1700 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1701 WRITE_ONCE(np->mcast_hops,
1702 ipv6_hdr(opt_skb)->hop_limit);
1703 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
1704 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
1705 if (inet6_test_bit(REPFLOW, sk))
1706 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
1707 if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) {
1708 tcp_v6_restore_cb(opt_skb);
1709 opt_skb = xchg(&np->pktoptions, opt_skb);
1710 } else {
1711 __kfree_skb(opt_skb);
1712 opt_skb = xchg(&np->pktoptions, NULL);
1713 }
1714 }
1715
1716 consume_skb(opt_skb);
1717 return 0;
1718 }
1719
1720 static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
1721 const struct tcphdr *th)
1722 {
1723 /* This is tricky: we move IP6CB at its correct location into
1724 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
1725 * _decode_session6() uses IP6CB().
1726 * barrier() makes sure compiler won't play aliasing games.
1727 */
1728 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
1729 sizeof(struct inet6_skb_parm));
1730 barrier();
1731
1732 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1733 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1734 skb->len - th->doff*4);
1735 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1736 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1737 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1738 TCP_SKB_CB(skb)->sacked = 0;
1739 TCP_SKB_CB(skb)->has_rxtstamp =
1740 skb->tstamp || skb_hwtstamps(skb)->hwtstamp;
1741 }
1742
1743 INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
1744 {
1745 enum skb_drop_reason drop_reason;
1746 int sdif = inet6_sdif(skb);
1747 int dif = inet6_iif(skb);
1748 const struct tcphdr *th;
1749 const struct ipv6hdr *hdr;
1750 struct sock *sk = NULL;
1751 bool refcounted;
1752 int ret;
1753 u32 isn;
1754 struct net *net = dev_net(skb->dev);
1755
1756 drop_reason = SKB_DROP_REASON_NOT_SPECIFIED;
1757 if (skb->pkt_type != PACKET_HOST)
1758 goto discard_it;
1759
1760 /*
1761 * Count it even if it's bad.
1762 */
1763 __TCP_INC_STATS(net, TCP_MIB_INSEGS);
1764
1765 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1766 goto discard_it;
1767
1768 th = (const struct tcphdr *)skb->data;
1769
1770 if (unlikely(th->doff < sizeof(struct tcphdr) / 4)) {
1771 drop_reason = SKB_DROP_REASON_PKT_TOO_SMALL;
1772 goto bad_packet;
1773 }
1774 if (!pskb_may_pull(skb, th->doff*4))
1775 goto discard_it;
1776
1777 if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo))
1778 goto csum_error;
1779
1780 th = (const struct tcphdr *)skb->data;
1781 hdr = ipv6_hdr(skb);
1782
1783 lookup:
1784 sk = __inet6_lookup_skb(net->ipv4.tcp_death_row.hashinfo, skb, __tcp_hdrlen(th),
1785 th->source, th->dest, inet6_iif(skb), sdif,
1786 &refcounted);
1787 if (!sk)
1788 goto no_tcp_socket;
1789
1790 if (sk->sk_state == TCP_TIME_WAIT)
1791 goto do_time_wait;
1792
1793 if (sk->sk_state == TCP_NEW_SYN_RECV) {
1794 struct request_sock *req = inet_reqsk(sk);
1795 bool req_stolen = false;
1796 struct sock *nsk;
1797
1798 sk = req->rsk_listener;
1799 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1800 drop_reason = SKB_DROP_REASON_XFRM_POLICY;
1801 else
1802 drop_reason = tcp_inbound_hash(sk, req, skb,
1803 &hdr->saddr, &hdr->daddr,
1804 AF_INET6, dif, sdif);
1805 if (drop_reason) {
1806 sk_drops_add(sk, skb);
1807 reqsk_put(req);
1808 goto discard_it;
1809 }
1810 if (tcp_checksum_complete(skb)) {
1811 reqsk_put(req);
1812 goto csum_error;
1813 }
1814 if (unlikely(sk->sk_state != TCP_LISTEN)) {
1815 nsk = reuseport_migrate_sock(sk, req_to_sk(req), skb);
1816 if (!nsk) {
1817 inet_csk_reqsk_queue_drop_and_put(sk, req);
1818 goto lookup;
1819 }
1820 sk = nsk;
1821 /* reuseport_migrate_sock() has already held one sk_refcnt
1822 * before returning.
1823 */
1824 } else {
1825 sock_hold(sk);
1826 }
1827 refcounted = true;
1828 nsk = NULL;
1829 if (!tcp_filter(sk, skb)) {
1830 th = (const struct tcphdr *)skb->data;
1831 hdr = ipv6_hdr(skb);
1832 tcp_v6_fill_cb(skb, hdr, th);
1833 nsk = tcp_check_req(sk, skb, req, false, &req_stolen);
1834 } else {
1835 drop_reason = SKB_DROP_REASON_SOCKET_FILTER;
1836 }
1837 if (!nsk) {
1838 reqsk_put(req);
1839 if (req_stolen) {
1840 /* Another cpu got exclusive access to req
1841 * and created a full blown socket.
1842 * Try to feed this packet to this socket
1843 * instead of discarding it.
1844 */
1845 tcp_v6_restore_cb(skb);
1846 sock_put(sk);
1847 goto lookup;
1848 }
1849 goto discard_and_relse;
1850 }
1851 nf_reset_ct(skb);
1852 if (nsk == sk) {
1853 reqsk_put(req);
1854 tcp_v6_restore_cb(skb);
1855 } else {
1856 drop_reason = tcp_child_process(sk, nsk, skb);
1857 if (drop_reason) {
1858 enum sk_rst_reason rst_reason;
1859
1860 rst_reason = sk_rst_convert_drop_reason(drop_reason);
1861 tcp_v6_send_reset(nsk, skb, rst_reason);
1862 goto discard_and_relse;
1863 }
1864 sock_put(sk);
1865 return 0;
1866 }
1867 }
1868
1869 process:
1870 if (static_branch_unlikely(&ip6_min_hopcount)) {
1871 /* min_hopcount can be changed concurrently from do_ipv6_setsockopt() */
1872 if (unlikely(hdr->hop_limit < READ_ONCE(tcp_inet6_sk(sk)->min_hopcount))) {
1873 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
1874 drop_reason = SKB_DROP_REASON_TCP_MINTTL;
1875 goto discard_and_relse;
1876 }
1877 }
1878
1879 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) {
1880 drop_reason = SKB_DROP_REASON_XFRM_POLICY;
1881 goto discard_and_relse;
1882 }
1883
1884 drop_reason = tcp_inbound_hash(sk, NULL, skb, &hdr->saddr, &hdr->daddr,
1885 AF_INET6, dif, sdif);
1886 if (drop_reason)
1887 goto discard_and_relse;
1888
1889 nf_reset_ct(skb);
1890
1891 if (tcp_filter(sk, skb)) {
1892 drop_reason = SKB_DROP_REASON_SOCKET_FILTER;
1893 goto discard_and_relse;
1894 }
1895 th = (const struct tcphdr *)skb->data;
1896 hdr = ipv6_hdr(skb);
1897 tcp_v6_fill_cb(skb, hdr, th);
1898
1899 skb->dev = NULL;
1900
1901 if (sk->sk_state == TCP_LISTEN) {
1902 ret = tcp_v6_do_rcv(sk, skb);
1903 goto put_and_return;
1904 }
1905
1906 sk_incoming_cpu_update(sk);
1907
1908 bh_lock_sock_nested(sk);
1909 tcp_segs_in(tcp_sk(sk), skb);
1910 ret = 0;
1911 if (!sock_owned_by_user(sk)) {
1912 ret = tcp_v6_do_rcv(sk, skb);
1913 } else {
1914 if (tcp_add_backlog(sk, skb, &drop_reason))
1915 goto discard_and_relse;
1916 }
1917 bh_unlock_sock(sk);
1918 put_and_return:
1919 if (refcounted)
1920 sock_put(sk);
1921 return ret ? -1 : 0;
1922
1923 no_tcp_socket:
1924 drop_reason = SKB_DROP_REASON_NO_SOCKET;
1925 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1926 goto discard_it;
1927
1928 tcp_v6_fill_cb(skb, hdr, th);
1929
1930 if (tcp_checksum_complete(skb)) {
1931 csum_error:
1932 drop_reason = SKB_DROP_REASON_TCP_CSUM;
1933 trace_tcp_bad_csum(skb);
1934 __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS);
1935 bad_packet:
1936 __TCP_INC_STATS(net, TCP_MIB_INERRS);
1937 } else {
1938 tcp_v6_send_reset(NULL, skb, sk_rst_convert_drop_reason(drop_reason));
1939 }
1940
1941 discard_it:
1942 SKB_DR_OR(drop_reason, NOT_SPECIFIED);
1943 sk_skb_reason_drop(sk, skb, drop_reason);
1944 return 0;
1945
1946 discard_and_relse:
1947 sk_drops_add(sk, skb);
1948 if (refcounted)
1949 sock_put(sk);
1950 goto discard_it;
1951
1952 do_time_wait:
1953 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1954 drop_reason = SKB_DROP_REASON_XFRM_POLICY;
1955 inet_twsk_put(inet_twsk(sk));
1956 goto discard_it;
1957 }
1958
1959 tcp_v6_fill_cb(skb, hdr, th);
1960
1961 if (tcp_checksum_complete(skb)) {
1962 inet_twsk_put(inet_twsk(sk));
1963 goto csum_error;
1964 }
1965
1966 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th, &isn)) {
1967 case TCP_TW_SYN:
1968 {
1969 struct sock *sk2;
1970
1971 sk2 = inet6_lookup_listener(net, net->ipv4.tcp_death_row.hashinfo,
1972 skb, __tcp_hdrlen(th),
1973 &ipv6_hdr(skb)->saddr, th->source,
1974 &ipv6_hdr(skb)->daddr,
1975 ntohs(th->dest),
1976 tcp_v6_iif_l3_slave(skb),
1977 sdif);
1978 if (sk2) {
1979 struct inet_timewait_sock *tw = inet_twsk(sk);
1980 inet_twsk_deschedule_put(tw);
1981 sk = sk2;
1982 tcp_v6_restore_cb(skb);
1983 refcounted = false;
1984 __this_cpu_write(tcp_tw_isn, isn);
1985 goto process;
1986 }
1987 }
1988 /* to ACK */
1989 fallthrough;
1990 case TCP_TW_ACK:
1991 tcp_v6_timewait_ack(sk, skb);
1992 break;
1993 case TCP_TW_RST:
1994 tcp_v6_send_reset(sk, skb, SK_RST_REASON_TCP_TIMEWAIT_SOCKET);
1995 inet_twsk_deschedule_put(inet_twsk(sk));
1996 goto discard_it;
1997 case TCP_TW_SUCCESS:
1998 ;
1999 }
2000 goto discard_it;
2001 }
2002
2003 void tcp_v6_early_demux(struct sk_buff *skb)
2004 {
2005 struct net *net = dev_net(skb->dev);
2006 const struct ipv6hdr *hdr;
2007 const struct tcphdr *th;
2008 struct sock *sk;
2009
2010 if (skb->pkt_type != PACKET_HOST)
2011 return;
2012
2013 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
2014 return;
2015
2016 hdr = ipv6_hdr(skb);
2017 th = tcp_hdr(skb);
2018
2019 if (th->doff < sizeof(struct tcphdr) / 4)
2020 return;
2021
2022 /* Note : We use inet6_iif() here, not tcp_v6_iif() */
2023 sk = __inet6_lookup_established(net, net->ipv4.tcp_death_row.hashinfo,
2024 &hdr->saddr, th->source,
2025 &hdr->daddr, ntohs(th->dest),
2026 inet6_iif(skb), inet6_sdif(skb));
2027 if (sk) {
2028 skb->sk = sk;
2029 skb->destructor = sock_edemux;
2030 if (sk_fullsock(sk)) {
2031 struct dst_entry *dst = rcu_dereference(sk->sk_rx_dst);
2032
2033 if (dst)
2034 dst = dst_check(dst, sk->sk_rx_dst_cookie);
2035 if (dst &&
2036 sk->sk_rx_dst_ifindex == skb->skb_iif)
2037 skb_dst_set_noref(skb, dst);
2038 }
2039 }
2040 }
2041
2042 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
2043 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
2044 .twsk_destructor = tcp_twsk_destructor,
2045 };
2046
2047 INDIRECT_CALLABLE_SCOPE void tcp_v6_send_check(struct sock *sk, struct sk_buff *skb)
2048 {
2049 __tcp_v6_send_check(skb, &sk->sk_v6_rcv_saddr, &sk->sk_v6_daddr);
2050 }
2051
2052 const struct inet_connection_sock_af_ops ipv6_specific = {
2053 .queue_xmit = inet6_csk_xmit,
2054 .send_check = tcp_v6_send_check,
2055 .rebuild_header = inet6_sk_rebuild_header,
2056 .sk_rx_dst_set = inet6_sk_rx_dst_set,
2057 .conn_request = tcp_v6_conn_request,
2058 .syn_recv_sock = tcp_v6_syn_recv_sock,
2059 .net_header_len = sizeof(struct ipv6hdr),
2060 .setsockopt = ipv6_setsockopt,
2061 .getsockopt = ipv6_getsockopt,
2062 .addr2sockaddr = inet6_csk_addr2sockaddr,
2063 .sockaddr_len = sizeof(struct sockaddr_in6),
2064 .mtu_reduced = tcp_v6_mtu_reduced,
2065 };
2066
2067 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
2068 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
2069 #ifdef CONFIG_TCP_MD5SIG
2070 .md5_lookup = tcp_v6_md5_lookup,
2071 .calc_md5_hash = tcp_v6_md5_hash_skb,
2072 .md5_parse = tcp_v6_parse_md5_keys,
2073 #endif
2074 #ifdef CONFIG_TCP_AO
2075 .ao_lookup = tcp_v6_ao_lookup,
2076 .calc_ao_hash = tcp_v6_ao_hash_skb,
2077 .ao_parse = tcp_v6_parse_ao,
2078 .ao_calc_key_sk = tcp_v6_ao_calc_key_sk,
2079 #endif
2080 };
2081 #endif
2082
2083 /*
2084 * TCP over IPv4 via INET6 API
2085 */
2086 static const struct inet_connection_sock_af_ops ipv6_mapped = {
2087 .queue_xmit = ip_queue_xmit,
2088 .send_check = tcp_v4_send_check,
2089 .rebuild_header = inet_sk_rebuild_header,
2090 .sk_rx_dst_set = inet_sk_rx_dst_set,
2091 .conn_request = tcp_v6_conn_request,
2092 .syn_recv_sock = tcp_v6_syn_recv_sock,
2093 .net_header_len = sizeof(struct iphdr),
2094 .setsockopt = ipv6_setsockopt,
2095 .getsockopt = ipv6_getsockopt,
2096 .addr2sockaddr = inet6_csk_addr2sockaddr,
2097 .sockaddr_len = sizeof(struct sockaddr_in6),
2098 .mtu_reduced = tcp_v4_mtu_reduced,
2099 };
2100
2101 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
2102 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
2103 #ifdef CONFIG_TCP_MD5SIG
2104 .md5_lookup = tcp_v4_md5_lookup,
2105 .calc_md5_hash = tcp_v4_md5_hash_skb,
2106 .md5_parse = tcp_v6_parse_md5_keys,
2107 #endif
2108 #ifdef CONFIG_TCP_AO
2109 .ao_lookup = tcp_v6_ao_lookup,
2110 .calc_ao_hash = tcp_v4_ao_hash_skb,
2111 .ao_parse = tcp_v6_parse_ao,
2112 .ao_calc_key_sk = tcp_v4_ao_calc_key_sk,
2113 #endif
2114 };
2115 #endif
2116
2117 /* NOTE: A lot of things set to zero explicitly by call to
2118 * sk_alloc() so need not be done here.
2119 */
2120 static int tcp_v6_init_sock(struct sock *sk)
2121 {
2122 struct inet_connection_sock *icsk = inet_csk(sk);
2123
2124 tcp_init_sock(sk);
2125
2126 icsk->icsk_af_ops = &ipv6_specific;
2127
2128 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
2129 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
2130 #endif
2131
2132 return 0;
2133 }
2134
2135 #ifdef CONFIG_PROC_FS
2136 /* Proc filesystem TCPv6 sock list dumping. */
2137 static void get_openreq6(struct seq_file *seq,
2138 const struct request_sock *req, int i)
2139 {
2140 long ttd = req->rsk_timer.expires - jiffies;
2141 const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
2142 const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
2143
2144 if (ttd < 0)
2145 ttd = 0;
2146
2147 seq_printf(seq,
2148 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2149 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
2150 i,
2151 src->s6_addr32[0], src->s6_addr32[1],
2152 src->s6_addr32[2], src->s6_addr32[3],
2153 inet_rsk(req)->ir_num,
2154 dest->s6_addr32[0], dest->s6_addr32[1],
2155 dest->s6_addr32[2], dest->s6_addr32[3],
2156 ntohs(inet_rsk(req)->ir_rmt_port),
2157 TCP_SYN_RECV,
2158 0, 0, /* could print option size, but that is af dependent. */
2159 1, /* timers active (only the expire timer) */
2160 jiffies_to_clock_t(ttd),
2161 req->num_timeout,
2162 from_kuid_munged(seq_user_ns(seq),
2163 sock_i_uid(req->rsk_listener)),
2164 0, /* non standard timer */
2165 0, /* open_requests have no inode */
2166 0, req);
2167 }
2168
2169 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
2170 {
2171 const struct in6_addr *dest, *src;
2172 __u16 destp, srcp;
2173 int timer_active;
2174 unsigned long timer_expires;
2175 const struct inet_sock *inet = inet_sk(sp);
2176 const struct tcp_sock *tp = tcp_sk(sp);
2177 const struct inet_connection_sock *icsk = inet_csk(sp);
2178 const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq;
2179 int rx_queue;
2180 int state;
2181
2182 dest = &sp->sk_v6_daddr;
2183 src = &sp->sk_v6_rcv_saddr;
2184 destp = ntohs(inet->inet_dport);
2185 srcp = ntohs(inet->inet_sport);
2186
2187 if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
2188 icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT ||
2189 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
2190 timer_active = 1;
2191 timer_expires = icsk->icsk_timeout;
2192 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2193 timer_active = 4;
2194 timer_expires = icsk->icsk_timeout;
2195 } else if (timer_pending(&sp->sk_timer)) {
2196 timer_active = 2;
2197 timer_expires = sp->sk_timer.expires;
2198 } else {
2199 timer_active = 0;
2200 timer_expires = jiffies;
2201 }
2202
2203 state = inet_sk_state_load(sp);
2204 if (state == TCP_LISTEN)
2205 rx_queue = READ_ONCE(sp->sk_ack_backlog);
2206 else
2207 /* Because we don't lock the socket,
2208 * we might find a transient negative value.
2209 */
2210 rx_queue = max_t(int, READ_ONCE(tp->rcv_nxt) -
2211 READ_ONCE(tp->copied_seq), 0);
2212
2213 seq_printf(seq,
2214 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2215 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
2216 i,
2217 src->s6_addr32[0], src->s6_addr32[1],
2218 src->s6_addr32[2], src->s6_addr32[3], srcp,
2219 dest->s6_addr32[0], dest->s6_addr32[1],
2220 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2221 state,
2222 READ_ONCE(tp->write_seq) - tp->snd_una,
2223 rx_queue,
2224 timer_active,
2225 jiffies_delta_to_clock_t(timer_expires - jiffies),
2226 icsk->icsk_retransmits,
2227 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
2228 icsk->icsk_probes_out,
2229 sock_i_ino(sp),
2230 refcount_read(&sp->sk_refcnt), sp,
2231 jiffies_to_clock_t(icsk->icsk_rto),
2232 jiffies_to_clock_t(icsk->icsk_ack.ato),
2233 (icsk->icsk_ack.quick << 1) | inet_csk_in_pingpong_mode(sp),
2234 tcp_snd_cwnd(tp),
2235 state == TCP_LISTEN ?
2236 fastopenq->max_qlen :
2237 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
2238 );
2239 }
2240
2241 static void get_timewait6_sock(struct seq_file *seq,
2242 struct inet_timewait_sock *tw, int i)
2243 {
2244 long delta = tw->tw_timer.expires - jiffies;
2245 const struct in6_addr *dest, *src;
2246 __u16 destp, srcp;
2247
2248 dest = &tw->tw_v6_daddr;
2249 src = &tw->tw_v6_rcv_saddr;
2250 destp = ntohs(tw->tw_dport);
2251 srcp = ntohs(tw->tw_sport);
2252
2253 seq_printf(seq,
2254 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2255 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
2256 i,
2257 src->s6_addr32[0], src->s6_addr32[1],
2258 src->s6_addr32[2], src->s6_addr32[3], srcp,
2259 dest->s6_addr32[0], dest->s6_addr32[1],
2260 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2261 READ_ONCE(tw->tw_substate), 0, 0,
2262 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
2263 refcount_read(&tw->tw_refcnt), tw);
2264 }
2265
2266 static int tcp6_seq_show(struct seq_file *seq, void *v)
2267 {
2268 struct tcp_iter_state *st;
2269 struct sock *sk = v;
2270
2271 if (v == SEQ_START_TOKEN) {
2272 seq_puts(seq,
2273 " sl "
2274 "local_address "
2275 "remote_address "
2276 "st tx_queue rx_queue tr tm->when retrnsmt"
2277 " uid timeout inode\n");
2278 goto out;
2279 }
2280 st = seq->private;
2281
2282 if (sk->sk_state == TCP_TIME_WAIT)
2283 get_timewait6_sock(seq, v, st->num);
2284 else if (sk->sk_state == TCP_NEW_SYN_RECV)
2285 get_openreq6(seq, v, st->num);
2286 else
2287 get_tcp6_sock(seq, v, st->num);
2288 out:
2289 return 0;
2290 }
2291
2292 static const struct seq_operations tcp6_seq_ops = {
2293 .show = tcp6_seq_show,
2294 .start = tcp_seq_start,
2295 .next = tcp_seq_next,
2296 .stop = tcp_seq_stop,
2297 };
2298
2299 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2300 .family = AF_INET6,
2301 };
2302
2303 int __net_init tcp6_proc_init(struct net *net)
2304 {
2305 if (!proc_create_net_data("tcp6", 0444, net->proc_net, &tcp6_seq_ops,
2306 sizeof(struct tcp_iter_state), &tcp6_seq_afinfo))
2307 return -ENOMEM;
2308 return 0;
2309 }
2310
2311 void tcp6_proc_exit(struct net *net)
2312 {
2313 remove_proc_entry("tcp6", net->proc_net);
2314 }
2315 #endif
2316
2317 struct proto tcpv6_prot = {
2318 .name = "TCPv6",
2319 .owner = THIS_MODULE,
2320 .close = tcp_close,
2321 .pre_connect = tcp_v6_pre_connect,
2322 .connect = tcp_v6_connect,
2323 .disconnect = tcp_disconnect,
2324 .accept = inet_csk_accept,
2325 .ioctl = tcp_ioctl,
2326 .init = tcp_v6_init_sock,
2327 .destroy = tcp_v4_destroy_sock,
2328 .shutdown = tcp_shutdown,
2329 .setsockopt = tcp_setsockopt,
2330 .getsockopt = tcp_getsockopt,
2331 .bpf_bypass_getsockopt = tcp_bpf_bypass_getsockopt,
2332 .keepalive = tcp_set_keepalive,
2333 .recvmsg = tcp_recvmsg,
2334 .sendmsg = tcp_sendmsg,
2335 .splice_eof = tcp_splice_eof,
2336 .backlog_rcv = tcp_v6_do_rcv,
2337 .release_cb = tcp_release_cb,
2338 .hash = inet6_hash,
2339 .unhash = inet_unhash,
2340 .get_port = inet_csk_get_port,
2341 .put_port = inet_put_port,
2342 #ifdef CONFIG_BPF_SYSCALL
2343 .psock_update_sk_prot = tcp_bpf_update_proto,
2344 #endif
2345 .enter_memory_pressure = tcp_enter_memory_pressure,
2346 .leave_memory_pressure = tcp_leave_memory_pressure,
2347 .stream_memory_free = tcp_stream_memory_free,
2348 .sockets_allocated = &tcp_sockets_allocated,
2349
2350 .memory_allocated = &tcp_memory_allocated,
2351 .per_cpu_fw_alloc = &tcp_memory_per_cpu_fw_alloc,
2352
2353 .memory_pressure = &tcp_memory_pressure,
2354 .orphan_count = &tcp_orphan_count,
2355 .sysctl_mem = sysctl_tcp_mem,
2356 .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_tcp_wmem),
2357 .sysctl_rmem_offset = offsetof(struct net, ipv4.sysctl_tcp_rmem),
2358 .max_header = MAX_TCP_HEADER,
2359 .obj_size = sizeof(struct tcp6_sock),
2360 .ipv6_pinfo_offset = offsetof(struct tcp6_sock, inet6),
2361 .slab_flags = SLAB_TYPESAFE_BY_RCU,
2362 .twsk_prot = &tcp6_timewait_sock_ops,
2363 .rsk_prot = &tcp6_request_sock_ops,
2364 .h.hashinfo = NULL,
2365 .no_autobind = true,
2366 .diag_destroy = tcp_abort,
2367 };
2368 EXPORT_SYMBOL_GPL(tcpv6_prot);
2369
2370
2371 static struct inet_protosw tcpv6_protosw = {
2372 .type = SOCK_STREAM,
2373 .protocol = IPPROTO_TCP,
2374 .prot = &tcpv6_prot,
2375 .ops = &inet6_stream_ops,
2376 .flags = INET_PROTOSW_PERMANENT |
2377 INET_PROTOSW_ICSK,
2378 };
2379
2380 static int __net_init tcpv6_net_init(struct net *net)
2381 {
2382 int res;
2383
2384 res = inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2385 SOCK_RAW, IPPROTO_TCP, net);
2386 if (!res)
2387 net->ipv6.tcp_sk->sk_clockid = CLOCK_MONOTONIC;
2388
2389 return res;
2390 }
2391
2392 static void __net_exit tcpv6_net_exit(struct net *net)
2393 {
2394 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
2395 }
2396
2397 static struct pernet_operations tcpv6_net_ops = {
2398 .init = tcpv6_net_init,
2399 .exit = tcpv6_net_exit,
2400 };
2401
2402 int __init tcpv6_init(void)
2403 {
2404 int ret;
2405
2406 net_hotdata.tcpv6_protocol = (struct inet6_protocol) {
2407 .handler = tcp_v6_rcv,
2408 .err_handler = tcp_v6_err,
2409 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_FINAL,
2410 };
2411 ret = inet6_add_protocol(&net_hotdata.tcpv6_protocol, IPPROTO_TCP);
2412 if (ret)
2413 goto out;
2414
2415 /* register inet6 protocol */
2416 ret = inet6_register_protosw(&tcpv6_protosw);
2417 if (ret)
2418 goto out_tcpv6_protocol;
2419
2420 ret = register_pernet_subsys(&tcpv6_net_ops);
2421 if (ret)
2422 goto out_tcpv6_protosw;
2423
2424 ret = mptcpv6_init();
2425 if (ret)
2426 goto out_tcpv6_pernet_subsys;
2427
2428 out:
2429 return ret;
2430
2431 out_tcpv6_pernet_subsys:
2432 unregister_pernet_subsys(&tcpv6_net_ops);
2433 out_tcpv6_protosw:
2434 inet6_unregister_protosw(&tcpv6_protosw);
2435 out_tcpv6_protocol:
2436 inet6_del_protocol(&net_hotdata.tcpv6_protocol, IPPROTO_TCP);
2437 goto out;
2438 }
2439
2440 void tcpv6_exit(void)
2441 {
2442 unregister_pernet_subsys(&tcpv6_net_ops);
2443 inet6_unregister_protosw(&tcpv6_protosw);
2444 inet6_del_protocol(&net_hotdata.tcpv6_protocol, IPPROTO_TCP);
2445 }
2446