1 /*
2 * TCP over IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * Based on:
9 * linux/net/ipv4/tcp.c
10 * linux/net/ipv4/tcp_input.c
11 * linux/net/ipv4/tcp_output.c
12 *
13 * Fixes:
14 * Hideaki YOSHIFUJI : sin6_scope_id support
15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
17 * a single port at the same time.
18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
19 *
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
24 */
25
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
34 #include <linux/in.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
41 #include <linux/slab.h>
42 #include <linux/uaccess.h>
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
46
47 #include <net/tcp.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
51 #include <net/ipv6.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
58 #include <net/xfrm.h>
59 #include <net/snmp.h>
60 #include <net/dsfield.h>
61 #include <net/timewait_sock.h>
62 #include <net/inet_common.h>
63 #include <net/secure_seq.h>
64 #include <net/tcp_memcontrol.h>
65 #include <net/busy_poll.h>
66
67 #include <linux/proc_fs.h>
68 #include <linux/seq_file.h>
69
70 #include <linux/crypto.h>
71 #include <linux/scatterlist.h>
72
73 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb);
74 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
75 struct request_sock *req);
76
77 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
78
79 static const struct inet_connection_sock_af_ops ipv6_mapped;
80 static const struct inet_connection_sock_af_ops ipv6_specific;
81 #ifdef CONFIG_TCP_MD5SIG
82 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
83 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
84 #else
tcp_v6_md5_do_lookup(const struct sock * sk,const struct in6_addr * addr)85 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
86 const struct in6_addr *addr)
87 {
88 return NULL;
89 }
90 #endif
91
inet6_sk_rx_dst_set(struct sock * sk,const struct sk_buff * skb)92 static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
93 {
94 struct dst_entry *dst = skb_dst(skb);
95
96 if (dst && dst_hold_safe(dst)) {
97 const struct rt6_info *rt = (const struct rt6_info *)dst;
98
99 sk->sk_rx_dst = dst;
100 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
101 inet6_sk(sk)->rx_dst_cookie = rt6_get_cookie(rt);
102 }
103 }
104
tcp_v6_init_sequence(const struct sk_buff * skb)105 static __u32 tcp_v6_init_sequence(const struct sk_buff *skb)
106 {
107 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
108 ipv6_hdr(skb)->saddr.s6_addr32,
109 tcp_hdr(skb)->dest,
110 tcp_hdr(skb)->source);
111 }
112
tcp_v6_connect(struct sock * sk,struct sockaddr * uaddr,int addr_len)113 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
114 int addr_len)
115 {
116 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
117 struct inet_sock *inet = inet_sk(sk);
118 struct inet_connection_sock *icsk = inet_csk(sk);
119 struct ipv6_pinfo *np = inet6_sk(sk);
120 struct tcp_sock *tp = tcp_sk(sk);
121 struct in6_addr *saddr = NULL, *final_p, final;
122 struct ipv6_txoptions *opt;
123 struct flowi6 fl6;
124 struct dst_entry *dst;
125 int addr_type;
126 int err;
127
128 if (addr_len < SIN6_LEN_RFC2133)
129 return -EINVAL;
130
131 if (usin->sin6_family != AF_INET6)
132 return -EAFNOSUPPORT;
133
134 memset(&fl6, 0, sizeof(fl6));
135
136 if (np->sndflow) {
137 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
138 IP6_ECN_flow_init(fl6.flowlabel);
139 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
140 struct ip6_flowlabel *flowlabel;
141 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
142 if (!flowlabel)
143 return -EINVAL;
144 fl6_sock_release(flowlabel);
145 }
146 }
147
148 /*
149 * connect() to INADDR_ANY means loopback (BSD'ism).
150 */
151
152 if (ipv6_addr_any(&usin->sin6_addr))
153 usin->sin6_addr.s6_addr[15] = 0x1;
154
155 addr_type = ipv6_addr_type(&usin->sin6_addr);
156
157 if (addr_type & IPV6_ADDR_MULTICAST)
158 return -ENETUNREACH;
159
160 if (addr_type&IPV6_ADDR_LINKLOCAL) {
161 if (addr_len >= sizeof(struct sockaddr_in6) &&
162 usin->sin6_scope_id) {
163 /* If interface is set while binding, indices
164 * must coincide.
165 */
166 if (sk->sk_bound_dev_if &&
167 sk->sk_bound_dev_if != usin->sin6_scope_id)
168 return -EINVAL;
169
170 sk->sk_bound_dev_if = usin->sin6_scope_id;
171 }
172
173 /* Connect to link-local address requires an interface */
174 if (!sk->sk_bound_dev_if)
175 return -EINVAL;
176 }
177
178 if (tp->rx_opt.ts_recent_stamp &&
179 !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
180 tp->rx_opt.ts_recent = 0;
181 tp->rx_opt.ts_recent_stamp = 0;
182 tp->write_seq = 0;
183 }
184
185 sk->sk_v6_daddr = usin->sin6_addr;
186 np->flow_label = fl6.flowlabel;
187
188 /*
189 * TCP over IPv4
190 */
191
192 if (addr_type == IPV6_ADDR_MAPPED) {
193 u32 exthdrlen = icsk->icsk_ext_hdr_len;
194 struct sockaddr_in sin;
195
196 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
197
198 if (__ipv6_only_sock(sk))
199 return -ENETUNREACH;
200
201 sin.sin_family = AF_INET;
202 sin.sin_port = usin->sin6_port;
203 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
204
205 icsk->icsk_af_ops = &ipv6_mapped;
206 sk->sk_backlog_rcv = tcp_v4_do_rcv;
207 #ifdef CONFIG_TCP_MD5SIG
208 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
209 #endif
210
211 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
212
213 if (err) {
214 icsk->icsk_ext_hdr_len = exthdrlen;
215 icsk->icsk_af_ops = &ipv6_specific;
216 sk->sk_backlog_rcv = tcp_v6_do_rcv;
217 #ifdef CONFIG_TCP_MD5SIG
218 tp->af_specific = &tcp_sock_ipv6_specific;
219 #endif
220 goto failure;
221 }
222 np->saddr = sk->sk_v6_rcv_saddr;
223
224 return err;
225 }
226
227 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
228 saddr = &sk->sk_v6_rcv_saddr;
229
230 fl6.flowi6_proto = IPPROTO_TCP;
231 fl6.daddr = sk->sk_v6_daddr;
232 fl6.saddr = saddr ? *saddr : np->saddr;
233 fl6.flowi6_oif = sk->sk_bound_dev_if;
234 fl6.flowi6_mark = sk->sk_mark;
235 fl6.fl6_dport = usin->sin6_port;
236 fl6.fl6_sport = inet->inet_sport;
237
238 opt = rcu_dereference_protected(np->opt, sock_owned_by_user(sk));
239 final_p = fl6_update_dst(&fl6, opt, &final);
240
241 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
242
243 dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
244 if (IS_ERR(dst)) {
245 err = PTR_ERR(dst);
246 goto failure;
247 }
248
249 if (!saddr) {
250 saddr = &fl6.saddr;
251 sk->sk_v6_rcv_saddr = *saddr;
252 }
253
254 /* set the source address */
255 np->saddr = *saddr;
256 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
257
258 sk->sk_gso_type = SKB_GSO_TCPV6;
259 ip6_dst_store(sk, dst, NULL, NULL);
260
261 if (tcp_death_row.sysctl_tw_recycle &&
262 !tp->rx_opt.ts_recent_stamp &&
263 ipv6_addr_equal(&fl6.daddr, &sk->sk_v6_daddr))
264 tcp_fetch_timewait_stamp(sk, dst);
265
266 icsk->icsk_ext_hdr_len = 0;
267 if (opt)
268 icsk->icsk_ext_hdr_len = opt->opt_flen +
269 opt->opt_nflen;
270
271 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
272
273 inet->inet_dport = usin->sin6_port;
274
275 tcp_set_state(sk, TCP_SYN_SENT);
276 err = inet6_hash_connect(&tcp_death_row, sk);
277 if (err)
278 goto late_failure;
279
280 sk_set_txhash(sk);
281
282 if (!tp->write_seq && likely(!tp->repair))
283 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
284 sk->sk_v6_daddr.s6_addr32,
285 inet->inet_sport,
286 inet->inet_dport);
287
288 err = tcp_connect(sk);
289 if (err)
290 goto late_failure;
291
292 return 0;
293
294 late_failure:
295 tcp_set_state(sk, TCP_CLOSE);
296 __sk_dst_reset(sk);
297 failure:
298 inet->inet_dport = 0;
299 sk->sk_route_caps = 0;
300 return err;
301 }
302
tcp_v6_mtu_reduced(struct sock * sk)303 static void tcp_v6_mtu_reduced(struct sock *sk)
304 {
305 struct dst_entry *dst;
306
307 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
308 return;
309
310 dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info);
311 if (!dst)
312 return;
313
314 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
315 tcp_sync_mss(sk, dst_mtu(dst));
316 tcp_simple_retransmit(sk);
317 }
318 }
319
tcp_v6_err(struct sk_buff * skb,struct inet6_skb_parm * opt,u8 type,u8 code,int offset,__be32 info)320 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
321 u8 type, u8 code, int offset, __be32 info)
322 {
323 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
324 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
325 struct net *net = dev_net(skb->dev);
326 struct request_sock *fastopen;
327 struct ipv6_pinfo *np;
328 struct tcp_sock *tp;
329 __u32 seq, snd_una;
330 struct sock *sk;
331 bool fatal;
332 int err;
333
334 sk = __inet6_lookup_established(net, &tcp_hashinfo,
335 &hdr->daddr, th->dest,
336 &hdr->saddr, ntohs(th->source),
337 skb->dev->ifindex);
338
339 if (!sk) {
340 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev),
341 ICMP6_MIB_INERRORS);
342 return;
343 }
344
345 if (sk->sk_state == TCP_TIME_WAIT) {
346 inet_twsk_put(inet_twsk(sk));
347 return;
348 }
349 seq = ntohl(th->seq);
350 fatal = icmpv6_err_convert(type, code, &err);
351 if (sk->sk_state == TCP_NEW_SYN_RECV)
352 return tcp_req_err(sk, seq, fatal);
353
354 bh_lock_sock(sk);
355 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
356 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
357
358 if (sk->sk_state == TCP_CLOSE)
359 goto out;
360
361 if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) {
362 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
363 goto out;
364 }
365
366 tp = tcp_sk(sk);
367 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
368 fastopen = tp->fastopen_rsk;
369 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
370 if (sk->sk_state != TCP_LISTEN &&
371 !between(seq, snd_una, tp->snd_nxt)) {
372 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
373 goto out;
374 }
375
376 np = inet6_sk(sk);
377
378 if (type == NDISC_REDIRECT) {
379 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
380
381 if (dst)
382 dst->ops->redirect(dst, sk, skb);
383 goto out;
384 }
385
386 if (type == ICMPV6_PKT_TOOBIG) {
387 /* We are not interested in TCP_LISTEN and open_requests
388 * (SYN-ACKs send out by Linux are always <576bytes so
389 * they should go through unfragmented).
390 */
391 if (sk->sk_state == TCP_LISTEN)
392 goto out;
393
394 if (!ip6_sk_accept_pmtu(sk))
395 goto out;
396
397 tp->mtu_info = ntohl(info);
398 if (!sock_owned_by_user(sk))
399 tcp_v6_mtu_reduced(sk);
400 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
401 &tp->tsq_flags))
402 sock_hold(sk);
403 goto out;
404 }
405
406
407 /* Might be for an request_sock */
408 switch (sk->sk_state) {
409 case TCP_SYN_SENT:
410 case TCP_SYN_RECV:
411 /* Only in fast or simultaneous open. If a fast open socket is
412 * is already accepted it is treated as a connected one below.
413 */
414 if (fastopen && !fastopen->sk)
415 break;
416
417 if (!sock_owned_by_user(sk)) {
418 sk->sk_err = err;
419 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
420
421 tcp_done(sk);
422 } else
423 sk->sk_err_soft = err;
424 goto out;
425 }
426
427 if (!sock_owned_by_user(sk) && np->recverr) {
428 sk->sk_err = err;
429 sk->sk_error_report(sk);
430 } else
431 sk->sk_err_soft = err;
432
433 out:
434 bh_unlock_sock(sk);
435 sock_put(sk);
436 }
437
438
tcp_v6_send_synack(const struct sock * sk,struct dst_entry * dst,struct flowi * fl,struct request_sock * req,struct tcp_fastopen_cookie * foc,bool attach_req)439 static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst,
440 struct flowi *fl,
441 struct request_sock *req,
442 struct tcp_fastopen_cookie *foc,
443 bool attach_req)
444 {
445 struct inet_request_sock *ireq = inet_rsk(req);
446 struct ipv6_pinfo *np = inet6_sk(sk);
447 struct flowi6 *fl6 = &fl->u.ip6;
448 struct sk_buff *skb;
449 int err = -ENOMEM;
450
451 /* First, grab a route. */
452 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req,
453 IPPROTO_TCP)) == NULL)
454 goto done;
455
456 skb = tcp_make_synack(sk, dst, req, foc, attach_req);
457
458 if (skb) {
459 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
460 &ireq->ir_v6_rmt_addr);
461
462 fl6->daddr = ireq->ir_v6_rmt_addr;
463 if (np->repflow && ireq->pktopts)
464 fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
465
466 rcu_read_lock();
467 err = ip6_xmit(sk, skb, fl6, rcu_dereference(np->opt),
468 np->tclass);
469 rcu_read_unlock();
470 err = net_xmit_eval(err);
471 }
472
473 done:
474 return err;
475 }
476
477
tcp_v6_reqsk_destructor(struct request_sock * req)478 static void tcp_v6_reqsk_destructor(struct request_sock *req)
479 {
480 kfree_skb(inet_rsk(req)->pktopts);
481 }
482
483 #ifdef CONFIG_TCP_MD5SIG
tcp_v6_md5_do_lookup(const struct sock * sk,const struct in6_addr * addr)484 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
485 const struct in6_addr *addr)
486 {
487 return tcp_md5_do_lookup(sk, (union tcp_md5_addr *)addr, AF_INET6);
488 }
489
tcp_v6_md5_lookup(const struct sock * sk,const struct sock * addr_sk)490 static struct tcp_md5sig_key *tcp_v6_md5_lookup(const struct sock *sk,
491 const struct sock *addr_sk)
492 {
493 return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr);
494 }
495
tcp_v6_parse_md5_keys(struct sock * sk,char __user * optval,int optlen)496 static int tcp_v6_parse_md5_keys(struct sock *sk, char __user *optval,
497 int optlen)
498 {
499 struct tcp_md5sig cmd;
500 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
501
502 if (optlen < sizeof(cmd))
503 return -EINVAL;
504
505 if (copy_from_user(&cmd, optval, sizeof(cmd)))
506 return -EFAULT;
507
508 if (sin6->sin6_family != AF_INET6)
509 return -EINVAL;
510
511 if (!cmd.tcpm_keylen) {
512 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
513 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
514 AF_INET);
515 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
516 AF_INET6);
517 }
518
519 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
520 return -EINVAL;
521
522 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
523 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
524 AF_INET, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
525
526 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
527 AF_INET6, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
528 }
529
tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool * hp,const struct in6_addr * daddr,const struct in6_addr * saddr,int nbytes)530 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
531 const struct in6_addr *daddr,
532 const struct in6_addr *saddr, int nbytes)
533 {
534 struct tcp6_pseudohdr *bp;
535 struct scatterlist sg;
536
537 bp = &hp->md5_blk.ip6;
538 /* 1. TCP pseudo-header (RFC2460) */
539 bp->saddr = *saddr;
540 bp->daddr = *daddr;
541 bp->protocol = cpu_to_be32(IPPROTO_TCP);
542 bp->len = cpu_to_be32(nbytes);
543
544 sg_init_one(&sg, bp, sizeof(*bp));
545 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
546 }
547
tcp_v6_md5_hash_hdr(char * md5_hash,struct tcp_md5sig_key * key,const struct in6_addr * daddr,struct in6_addr * saddr,const struct tcphdr * th)548 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
549 const struct in6_addr *daddr, struct in6_addr *saddr,
550 const struct tcphdr *th)
551 {
552 struct tcp_md5sig_pool *hp;
553 struct hash_desc *desc;
554
555 hp = tcp_get_md5sig_pool();
556 if (!hp)
557 goto clear_hash_noput;
558 desc = &hp->md5_desc;
559
560 if (crypto_hash_init(desc))
561 goto clear_hash;
562 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
563 goto clear_hash;
564 if (tcp_md5_hash_header(hp, th))
565 goto clear_hash;
566 if (tcp_md5_hash_key(hp, key))
567 goto clear_hash;
568 if (crypto_hash_final(desc, md5_hash))
569 goto clear_hash;
570
571 tcp_put_md5sig_pool();
572 return 0;
573
574 clear_hash:
575 tcp_put_md5sig_pool();
576 clear_hash_noput:
577 memset(md5_hash, 0, 16);
578 return 1;
579 }
580
tcp_v6_md5_hash_skb(char * md5_hash,const struct tcp_md5sig_key * key,const struct sock * sk,const struct sk_buff * skb)581 static int tcp_v6_md5_hash_skb(char *md5_hash,
582 const struct tcp_md5sig_key *key,
583 const struct sock *sk,
584 const struct sk_buff *skb)
585 {
586 const struct in6_addr *saddr, *daddr;
587 struct tcp_md5sig_pool *hp;
588 struct hash_desc *desc;
589 const struct tcphdr *th = tcp_hdr(skb);
590
591 if (sk) { /* valid for establish/request sockets */
592 saddr = &sk->sk_v6_rcv_saddr;
593 daddr = &sk->sk_v6_daddr;
594 } else {
595 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
596 saddr = &ip6h->saddr;
597 daddr = &ip6h->daddr;
598 }
599
600 hp = tcp_get_md5sig_pool();
601 if (!hp)
602 goto clear_hash_noput;
603 desc = &hp->md5_desc;
604
605 if (crypto_hash_init(desc))
606 goto clear_hash;
607
608 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
609 goto clear_hash;
610 if (tcp_md5_hash_header(hp, th))
611 goto clear_hash;
612 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
613 goto clear_hash;
614 if (tcp_md5_hash_key(hp, key))
615 goto clear_hash;
616 if (crypto_hash_final(desc, md5_hash))
617 goto clear_hash;
618
619 tcp_put_md5sig_pool();
620 return 0;
621
622 clear_hash:
623 tcp_put_md5sig_pool();
624 clear_hash_noput:
625 memset(md5_hash, 0, 16);
626 return 1;
627 }
628
629 #endif
630
tcp_v6_inbound_md5_hash(const struct sock * sk,const struct sk_buff * skb)631 static bool tcp_v6_inbound_md5_hash(const struct sock *sk,
632 const struct sk_buff *skb)
633 {
634 #ifdef CONFIG_TCP_MD5SIG
635 const __u8 *hash_location = NULL;
636 struct tcp_md5sig_key *hash_expected;
637 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
638 const struct tcphdr *th = tcp_hdr(skb);
639 int genhash;
640 u8 newhash[16];
641
642 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
643 hash_location = tcp_parse_md5sig_option(th);
644
645 /* We've parsed the options - do we have a hash? */
646 if (!hash_expected && !hash_location)
647 return false;
648
649 if (hash_expected && !hash_location) {
650 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
651 return true;
652 }
653
654 if (!hash_expected && hash_location) {
655 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
656 return true;
657 }
658
659 /* check the signature */
660 genhash = tcp_v6_md5_hash_skb(newhash,
661 hash_expected,
662 NULL, skb);
663
664 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
665 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
666 genhash ? "failed" : "mismatch",
667 &ip6h->saddr, ntohs(th->source),
668 &ip6h->daddr, ntohs(th->dest));
669 return true;
670 }
671 #endif
672 return false;
673 }
674
tcp_v6_init_req(struct request_sock * req,const struct sock * sk_listener,struct sk_buff * skb)675 static void tcp_v6_init_req(struct request_sock *req,
676 const struct sock *sk_listener,
677 struct sk_buff *skb)
678 {
679 struct inet_request_sock *ireq = inet_rsk(req);
680 const struct ipv6_pinfo *np = inet6_sk(sk_listener);
681
682 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
683 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
684
685 /* So that link locals have meaning */
686 if (!sk_listener->sk_bound_dev_if &&
687 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
688 ireq->ir_iif = tcp_v6_iif(skb);
689
690 if (!TCP_SKB_CB(skb)->tcp_tw_isn &&
691 (ipv6_opt_accepted(sk_listener, skb, &TCP_SKB_CB(skb)->header.h6) ||
692 np->rxopt.bits.rxinfo ||
693 np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim ||
694 np->rxopt.bits.rxohlim || np->repflow)) {
695 atomic_inc(&skb->users);
696 ireq->pktopts = skb;
697 }
698 }
699
tcp_v6_route_req(const struct sock * sk,struct flowi * fl,const struct request_sock * req,bool * strict)700 static struct dst_entry *tcp_v6_route_req(const struct sock *sk,
701 struct flowi *fl,
702 const struct request_sock *req,
703 bool *strict)
704 {
705 if (strict)
706 *strict = true;
707 return inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP);
708 }
709
710 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
711 .family = AF_INET6,
712 .obj_size = sizeof(struct tcp6_request_sock),
713 .rtx_syn_ack = tcp_rtx_synack,
714 .send_ack = tcp_v6_reqsk_send_ack,
715 .destructor = tcp_v6_reqsk_destructor,
716 .send_reset = tcp_v6_send_reset,
717 .syn_ack_timeout = tcp_syn_ack_timeout,
718 };
719
720 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
721 .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) -
722 sizeof(struct ipv6hdr),
723 #ifdef CONFIG_TCP_MD5SIG
724 .req_md5_lookup = tcp_v6_md5_lookup,
725 .calc_md5_hash = tcp_v6_md5_hash_skb,
726 #endif
727 .init_req = tcp_v6_init_req,
728 #ifdef CONFIG_SYN_COOKIES
729 .cookie_init_seq = cookie_v6_init_sequence,
730 #endif
731 .route_req = tcp_v6_route_req,
732 .init_seq = tcp_v6_init_sequence,
733 .send_synack = tcp_v6_send_synack,
734 };
735
tcp_v6_send_response(const struct sock * sk,struct sk_buff * skb,u32 seq,u32 ack,u32 win,u32 tsval,u32 tsecr,int oif,struct tcp_md5sig_key * key,int rst,u8 tclass,u32 label)736 static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 seq,
737 u32 ack, u32 win, u32 tsval, u32 tsecr,
738 int oif, struct tcp_md5sig_key *key, int rst,
739 u8 tclass, u32 label)
740 {
741 const struct tcphdr *th = tcp_hdr(skb);
742 struct tcphdr *t1;
743 struct sk_buff *buff;
744 struct flowi6 fl6;
745 struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
746 struct sock *ctl_sk = net->ipv6.tcp_sk;
747 unsigned int tot_len = sizeof(struct tcphdr);
748 struct dst_entry *dst;
749 __be32 *topt;
750
751 if (tsecr)
752 tot_len += TCPOLEN_TSTAMP_ALIGNED;
753 #ifdef CONFIG_TCP_MD5SIG
754 if (key)
755 tot_len += TCPOLEN_MD5SIG_ALIGNED;
756 #endif
757
758 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
759 GFP_ATOMIC);
760 if (!buff)
761 return;
762
763 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
764
765 t1 = (struct tcphdr *) skb_push(buff, tot_len);
766 skb_reset_transport_header(buff);
767
768 /* Swap the send and the receive. */
769 memset(t1, 0, sizeof(*t1));
770 t1->dest = th->source;
771 t1->source = th->dest;
772 t1->doff = tot_len / 4;
773 t1->seq = htonl(seq);
774 t1->ack_seq = htonl(ack);
775 t1->ack = !rst || !th->ack;
776 t1->rst = rst;
777 t1->window = htons(win);
778
779 topt = (__be32 *)(t1 + 1);
780
781 if (tsecr) {
782 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
783 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
784 *topt++ = htonl(tsval);
785 *topt++ = htonl(tsecr);
786 }
787
788 #ifdef CONFIG_TCP_MD5SIG
789 if (key) {
790 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
791 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
792 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
793 &ipv6_hdr(skb)->saddr,
794 &ipv6_hdr(skb)->daddr, t1);
795 }
796 #endif
797
798 memset(&fl6, 0, sizeof(fl6));
799 fl6.daddr = ipv6_hdr(skb)->saddr;
800 fl6.saddr = ipv6_hdr(skb)->daddr;
801 fl6.flowlabel = label;
802
803 buff->ip_summed = CHECKSUM_PARTIAL;
804 buff->csum = 0;
805
806 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
807
808 fl6.flowi6_proto = IPPROTO_TCP;
809 if (rt6_need_strict(&fl6.daddr) && !oif)
810 fl6.flowi6_oif = tcp_v6_iif(skb);
811 else
812 fl6.flowi6_oif = oif;
813 fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark);
814 fl6.fl6_dport = t1->dest;
815 fl6.fl6_sport = t1->source;
816 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
817
818 /* Pass a socket to ip6_dst_lookup either it is for RST
819 * Underlying function will use this to retrieve the network
820 * namespace
821 */
822 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
823 if (!IS_ERR(dst)) {
824 skb_dst_set(buff, dst);
825 ip6_xmit(ctl_sk, buff, &fl6, NULL, tclass);
826 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
827 if (rst)
828 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
829 return;
830 }
831
832 kfree_skb(buff);
833 }
834
tcp_v6_send_reset(const struct sock * sk,struct sk_buff * skb)835 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb)
836 {
837 const struct tcphdr *th = tcp_hdr(skb);
838 u32 seq = 0, ack_seq = 0;
839 struct tcp_md5sig_key *key = NULL;
840 #ifdef CONFIG_TCP_MD5SIG
841 const __u8 *hash_location = NULL;
842 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
843 unsigned char newhash[16];
844 int genhash;
845 struct sock *sk1 = NULL;
846 #endif
847 int oif;
848
849 if (th->rst)
850 return;
851
852 /* If sk not NULL, it means we did a successful lookup and incoming
853 * route had to be correct. prequeue might have dropped our dst.
854 */
855 if (!sk && !ipv6_unicast_destination(skb))
856 return;
857
858 #ifdef CONFIG_TCP_MD5SIG
859 hash_location = tcp_parse_md5sig_option(th);
860 if (!sk && hash_location) {
861 /*
862 * active side is lost. Try to find listening socket through
863 * source port, and then find md5 key through listening socket.
864 * we are not loose security here:
865 * Incoming packet is checked with md5 hash with finding key,
866 * no RST generated if md5 hash doesn't match.
867 */
868 sk1 = inet6_lookup_listener(dev_net(skb_dst(skb)->dev),
869 &tcp_hashinfo, &ipv6h->saddr,
870 th->source, &ipv6h->daddr,
871 ntohs(th->source), tcp_v6_iif(skb));
872 if (!sk1)
873 return;
874
875 rcu_read_lock();
876 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr);
877 if (!key)
878 goto release_sk1;
879
880 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, skb);
881 if (genhash || memcmp(hash_location, newhash, 16) != 0)
882 goto release_sk1;
883 } else {
884 key = sk ? tcp_v6_md5_do_lookup(sk, &ipv6h->saddr) : NULL;
885 }
886 #endif
887
888 if (th->ack)
889 seq = ntohl(th->ack_seq);
890 else
891 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
892 (th->doff << 2);
893
894 oif = sk ? sk->sk_bound_dev_if : 0;
895 tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, key, 1, 0, 0);
896
897 #ifdef CONFIG_TCP_MD5SIG
898 release_sk1:
899 if (sk1) {
900 rcu_read_unlock();
901 sock_put(sk1);
902 }
903 #endif
904 }
905
tcp_v6_send_ack(const struct sock * sk,struct sk_buff * skb,u32 seq,u32 ack,u32 win,u32 tsval,u32 tsecr,int oif,struct tcp_md5sig_key * key,u8 tclass,u32 label)906 static void tcp_v6_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq,
907 u32 ack, u32 win, u32 tsval, u32 tsecr, int oif,
908 struct tcp_md5sig_key *key, u8 tclass,
909 u32 label)
910 {
911 tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, key, 0,
912 tclass, label);
913 }
914
tcp_v6_timewait_ack(struct sock * sk,struct sk_buff * skb)915 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
916 {
917 struct inet_timewait_sock *tw = inet_twsk(sk);
918 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
919
920 tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
921 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
922 tcp_time_stamp + tcptw->tw_ts_offset,
923 tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw),
924 tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel));
925
926 inet_twsk_put(tw);
927 }
928
tcp_v6_reqsk_send_ack(const struct sock * sk,struct sk_buff * skb,struct request_sock * req)929 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
930 struct request_sock *req)
931 {
932 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
933 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
934 */
935 tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ?
936 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
937 tcp_rsk(req)->rcv_nxt, req->rsk_rcv_wnd,
938 tcp_time_stamp, req->ts_recent, sk->sk_bound_dev_if,
939 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr),
940 0, 0);
941 }
942
943
tcp_v6_cookie_check(struct sock * sk,struct sk_buff * skb)944 static struct sock *tcp_v6_cookie_check(struct sock *sk, struct sk_buff *skb)
945 {
946 #ifdef CONFIG_SYN_COOKIES
947 const struct tcphdr *th = tcp_hdr(skb);
948
949 if (!th->syn)
950 sk = cookie_v6_check(sk, skb);
951 #endif
952 return sk;
953 }
954
tcp_v6_conn_request(struct sock * sk,struct sk_buff * skb)955 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
956 {
957 if (skb->protocol == htons(ETH_P_IP))
958 return tcp_v4_conn_request(sk, skb);
959
960 if (!ipv6_unicast_destination(skb))
961 goto drop;
962
963 return tcp_conn_request(&tcp6_request_sock_ops,
964 &tcp_request_sock_ipv6_ops, sk, skb);
965
966 drop:
967 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
968 return 0; /* don't send reset */
969 }
970
tcp_v6_syn_recv_sock(const struct sock * sk,struct sk_buff * skb,struct request_sock * req,struct dst_entry * dst,struct request_sock * req_unhash,bool * own_req)971 static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
972 struct request_sock *req,
973 struct dst_entry *dst,
974 struct request_sock *req_unhash,
975 bool *own_req)
976 {
977 struct inet_request_sock *ireq;
978 struct ipv6_pinfo *newnp;
979 const struct ipv6_pinfo *np = inet6_sk(sk);
980 struct ipv6_txoptions *opt;
981 struct tcp6_sock *newtcp6sk;
982 struct inet_sock *newinet;
983 struct tcp_sock *newtp;
984 struct sock *newsk;
985 #ifdef CONFIG_TCP_MD5SIG
986 struct tcp_md5sig_key *key;
987 #endif
988 struct flowi6 fl6;
989
990 if (skb->protocol == htons(ETH_P_IP)) {
991 /*
992 * v6 mapped
993 */
994
995 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst,
996 req_unhash, own_req);
997
998 if (!newsk)
999 return NULL;
1000
1001 newtcp6sk = (struct tcp6_sock *)newsk;
1002 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1003
1004 newinet = inet_sk(newsk);
1005 newnp = inet6_sk(newsk);
1006 newtp = tcp_sk(newsk);
1007
1008 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1009
1010 newnp->saddr = newsk->sk_v6_rcv_saddr;
1011
1012 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1013 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1014 #ifdef CONFIG_TCP_MD5SIG
1015 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1016 #endif
1017
1018 newnp->ipv6_ac_list = NULL;
1019 newnp->ipv6_fl_list = NULL;
1020 newnp->pktoptions = NULL;
1021 newnp->opt = NULL;
1022 newnp->mcast_oif = tcp_v6_iif(skb);
1023 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1024 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1025 if (np->repflow)
1026 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1027
1028 /*
1029 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1030 * here, tcp_create_openreq_child now does this for us, see the comment in
1031 * that function for the gory details. -acme
1032 */
1033
1034 /* It is tricky place. Until this moment IPv4 tcp
1035 worked with IPv6 icsk.icsk_af_ops.
1036 Sync it now.
1037 */
1038 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1039
1040 return newsk;
1041 }
1042
1043 ireq = inet_rsk(req);
1044
1045 if (sk_acceptq_is_full(sk))
1046 goto out_overflow;
1047
1048 if (!dst) {
1049 dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_TCP);
1050 if (!dst)
1051 goto out;
1052 }
1053
1054 newsk = tcp_create_openreq_child(sk, req, skb);
1055 if (!newsk)
1056 goto out_nonewsk;
1057
1058 /*
1059 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1060 * count here, tcp_create_openreq_child now does this for us, see the
1061 * comment in that function for the gory details. -acme
1062 */
1063
1064 newsk->sk_gso_type = SKB_GSO_TCPV6;
1065 ip6_dst_store(newsk, dst, NULL, NULL);
1066 inet6_sk_rx_dst_set(newsk, skb);
1067
1068 newtcp6sk = (struct tcp6_sock *)newsk;
1069 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1070
1071 newtp = tcp_sk(newsk);
1072 newinet = inet_sk(newsk);
1073 newnp = inet6_sk(newsk);
1074
1075 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1076
1077 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
1078 newnp->saddr = ireq->ir_v6_loc_addr;
1079 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
1080 newsk->sk_bound_dev_if = ireq->ir_iif;
1081
1082 /* Now IPv6 options...
1083
1084 First: no IPv4 options.
1085 */
1086 newinet->inet_opt = NULL;
1087 newnp->ipv6_ac_list = NULL;
1088 newnp->ipv6_fl_list = NULL;
1089
1090 /* Clone RX bits */
1091 newnp->rxopt.all = np->rxopt.all;
1092
1093 newnp->pktoptions = NULL;
1094 newnp->opt = NULL;
1095 newnp->mcast_oif = tcp_v6_iif(skb);
1096 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1097 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1098 if (np->repflow)
1099 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1100
1101 /* Clone native IPv6 options from listening socket (if any)
1102
1103 Yes, keeping reference count would be much more clever,
1104 but we make one more one thing there: reattach optmem
1105 to newsk.
1106 */
1107 opt = rcu_dereference(np->opt);
1108 if (opt) {
1109 opt = ipv6_dup_options(newsk, opt);
1110 RCU_INIT_POINTER(newnp->opt, opt);
1111 }
1112 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1113 if (opt)
1114 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen +
1115 opt->opt_flen;
1116
1117 tcp_ca_openreq_child(newsk, dst);
1118
1119 tcp_sync_mss(newsk, dst_mtu(dst));
1120 newtp->advmss = dst_metric_advmss(dst);
1121 if (tcp_sk(sk)->rx_opt.user_mss &&
1122 tcp_sk(sk)->rx_opt.user_mss < newtp->advmss)
1123 newtp->advmss = tcp_sk(sk)->rx_opt.user_mss;
1124
1125 tcp_initialize_rcv_mss(newsk);
1126
1127 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1128 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1129
1130 #ifdef CONFIG_TCP_MD5SIG
1131 /* Copy over the MD5 key from the original socket */
1132 key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr);
1133 if (key) {
1134 /* We're using one, so create a matching key
1135 * on the newsk structure. If we fail to get
1136 * memory, then we end up not copying the key
1137 * across. Shucks.
1138 */
1139 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr,
1140 AF_INET6, key->key, key->keylen,
1141 sk_gfp_atomic(sk, GFP_ATOMIC));
1142 }
1143 #endif
1144
1145 if (__inet_inherit_port(sk, newsk) < 0) {
1146 inet_csk_prepare_forced_close(newsk);
1147 tcp_done(newsk);
1148 goto out;
1149 }
1150 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash));
1151 if (*own_req) {
1152 tcp_move_syn(newtp, req);
1153
1154 /* Clone pktoptions received with SYN, if we own the req */
1155 if (ireq->pktopts) {
1156 newnp->pktoptions = skb_clone(ireq->pktopts,
1157 sk_gfp_atomic(sk, GFP_ATOMIC));
1158 consume_skb(ireq->pktopts);
1159 ireq->pktopts = NULL;
1160 if (newnp->pktoptions)
1161 skb_set_owner_r(newnp->pktoptions, newsk);
1162 }
1163 }
1164
1165 return newsk;
1166
1167 out_overflow:
1168 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1169 out_nonewsk:
1170 dst_release(dst);
1171 out:
1172 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1173 return NULL;
1174 }
1175
1176 /* The socket must have it's spinlock held when we get
1177 * here, unless it is a TCP_LISTEN socket.
1178 *
1179 * We have a potential double-lock case here, so even when
1180 * doing backlog processing we use the BH locking scheme.
1181 * This is because we cannot sleep with the original spinlock
1182 * held.
1183 */
tcp_v6_do_rcv(struct sock * sk,struct sk_buff * skb)1184 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1185 {
1186 struct ipv6_pinfo *np = inet6_sk(sk);
1187 struct tcp_sock *tp;
1188 struct sk_buff *opt_skb = NULL;
1189
1190 /* Imagine: socket is IPv6. IPv4 packet arrives,
1191 goes to IPv4 receive handler and backlogged.
1192 From backlog it always goes here. Kerboom...
1193 Fortunately, tcp_rcv_established and rcv_established
1194 handle them correctly, but it is not case with
1195 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1196 */
1197
1198 if (skb->protocol == htons(ETH_P_IP))
1199 return tcp_v4_do_rcv(sk, skb);
1200
1201 if (sk_filter(sk, skb))
1202 goto discard;
1203
1204 /*
1205 * socket locking is here for SMP purposes as backlog rcv
1206 * is currently called with bh processing disabled.
1207 */
1208
1209 /* Do Stevens' IPV6_PKTOPTIONS.
1210
1211 Yes, guys, it is the only place in our code, where we
1212 may make it not affecting IPv4.
1213 The rest of code is protocol independent,
1214 and I do not like idea to uglify IPv4.
1215
1216 Actually, all the idea behind IPV6_PKTOPTIONS
1217 looks not very well thought. For now we latch
1218 options, received in the last packet, enqueued
1219 by tcp. Feel free to propose better solution.
1220 --ANK (980728)
1221 */
1222 if (np->rxopt.all)
1223 opt_skb = skb_clone(skb, sk_gfp_atomic(sk, GFP_ATOMIC));
1224
1225 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1226 struct dst_entry *dst = sk->sk_rx_dst;
1227
1228 sock_rps_save_rxhash(sk, skb);
1229 sk_mark_napi_id(sk, skb);
1230 if (dst) {
1231 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
1232 dst->ops->check(dst, np->rx_dst_cookie) == NULL) {
1233 dst_release(dst);
1234 sk->sk_rx_dst = NULL;
1235 }
1236 }
1237
1238 tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len);
1239 if (opt_skb)
1240 goto ipv6_pktoptions;
1241 return 0;
1242 }
1243
1244 if (tcp_checksum_complete(skb))
1245 goto csum_err;
1246
1247 if (sk->sk_state == TCP_LISTEN) {
1248 struct sock *nsk = tcp_v6_cookie_check(sk, skb);
1249
1250 if (!nsk)
1251 goto discard;
1252
1253 if (nsk != sk) {
1254 sock_rps_save_rxhash(nsk, skb);
1255 sk_mark_napi_id(nsk, skb);
1256 if (tcp_child_process(sk, nsk, skb))
1257 goto reset;
1258 if (opt_skb)
1259 __kfree_skb(opt_skb);
1260 return 0;
1261 }
1262 } else
1263 sock_rps_save_rxhash(sk, skb);
1264
1265 if (tcp_rcv_state_process(sk, skb))
1266 goto reset;
1267 if (opt_skb)
1268 goto ipv6_pktoptions;
1269 return 0;
1270
1271 reset:
1272 tcp_v6_send_reset(sk, skb);
1273 discard:
1274 if (opt_skb)
1275 __kfree_skb(opt_skb);
1276 kfree_skb(skb);
1277 return 0;
1278 csum_err:
1279 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_CSUMERRORS);
1280 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1281 goto discard;
1282
1283
1284 ipv6_pktoptions:
1285 /* Do you ask, what is it?
1286
1287 1. skb was enqueued by tcp.
1288 2. skb is added to tail of read queue, rather than out of order.
1289 3. socket is not in passive state.
1290 4. Finally, it really contains options, which user wants to receive.
1291 */
1292 tp = tcp_sk(sk);
1293 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1294 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1295 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1296 np->mcast_oif = tcp_v6_iif(opt_skb);
1297 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1298 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1299 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
1300 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
1301 if (np->repflow)
1302 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
1303 if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) {
1304 skb_set_owner_r(opt_skb, sk);
1305 opt_skb = xchg(&np->pktoptions, opt_skb);
1306 } else {
1307 __kfree_skb(opt_skb);
1308 opt_skb = xchg(&np->pktoptions, NULL);
1309 }
1310 }
1311
1312 kfree_skb(opt_skb);
1313 return 0;
1314 }
1315
tcp_v6_fill_cb(struct sk_buff * skb,const struct ipv6hdr * hdr,const struct tcphdr * th)1316 static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
1317 const struct tcphdr *th)
1318 {
1319 /* This is tricky: we move IP6CB at its correct location into
1320 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
1321 * _decode_session6() uses IP6CB().
1322 * barrier() makes sure compiler won't play aliasing games.
1323 */
1324 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
1325 sizeof(struct inet6_skb_parm));
1326 barrier();
1327
1328 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1329 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1330 skb->len - th->doff*4);
1331 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1332 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1333 TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1334 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1335 TCP_SKB_CB(skb)->sacked = 0;
1336 }
1337
tcp_v6_restore_cb(struct sk_buff * skb)1338 static void tcp_v6_restore_cb(struct sk_buff *skb)
1339 {
1340 /* We need to move header back to the beginning if xfrm6_policy_check()
1341 * and tcp_v6_fill_cb() are going to be called again.
1342 */
1343 memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
1344 sizeof(struct inet6_skb_parm));
1345 }
1346
tcp_v6_rcv(struct sk_buff * skb)1347 static int tcp_v6_rcv(struct sk_buff *skb)
1348 {
1349 const struct tcphdr *th;
1350 const struct ipv6hdr *hdr;
1351 struct sock *sk;
1352 int ret;
1353 struct net *net = dev_net(skb->dev);
1354
1355 if (skb->pkt_type != PACKET_HOST)
1356 goto discard_it;
1357
1358 /*
1359 * Count it even if it's bad.
1360 */
1361 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1362
1363 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1364 goto discard_it;
1365
1366 th = tcp_hdr(skb);
1367
1368 if (th->doff < sizeof(struct tcphdr)/4)
1369 goto bad_packet;
1370 if (!pskb_may_pull(skb, th->doff*4))
1371 goto discard_it;
1372
1373 if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo))
1374 goto csum_error;
1375
1376 th = tcp_hdr(skb);
1377 hdr = ipv6_hdr(skb);
1378
1379 lookup:
1380 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest,
1381 inet6_iif(skb));
1382 if (!sk)
1383 goto no_tcp_socket;
1384
1385 process:
1386 if (sk->sk_state == TCP_TIME_WAIT)
1387 goto do_time_wait;
1388
1389 if (sk->sk_state == TCP_NEW_SYN_RECV) {
1390 struct request_sock *req = inet_reqsk(sk);
1391 struct sock *nsk;
1392
1393 sk = req->rsk_listener;
1394 tcp_v6_fill_cb(skb, hdr, th);
1395 if (tcp_v6_inbound_md5_hash(sk, skb)) {
1396 reqsk_put(req);
1397 goto discard_it;
1398 }
1399 if (unlikely(sk->sk_state != TCP_LISTEN)) {
1400 inet_csk_reqsk_queue_drop_and_put(sk, req);
1401 goto lookup;
1402 }
1403 sock_hold(sk);
1404 nsk = tcp_check_req(sk, skb, req, false);
1405 if (!nsk) {
1406 reqsk_put(req);
1407 goto discard_and_relse;
1408 }
1409 if (nsk == sk) {
1410 reqsk_put(req);
1411 tcp_v6_restore_cb(skb);
1412 } else if (tcp_child_process(sk, nsk, skb)) {
1413 tcp_v6_send_reset(nsk, skb);
1414 goto discard_and_relse;
1415 } else {
1416 sock_put(sk);
1417 return 0;
1418 }
1419 }
1420 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
1421 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
1422 goto discard_and_relse;
1423 }
1424
1425 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1426 goto discard_and_relse;
1427
1428 tcp_v6_fill_cb(skb, hdr, th);
1429
1430 if (tcp_v6_inbound_md5_hash(sk, skb))
1431 goto discard_and_relse;
1432
1433 if (sk_filter(sk, skb))
1434 goto discard_and_relse;
1435
1436 skb->dev = NULL;
1437
1438 if (sk->sk_state == TCP_LISTEN) {
1439 ret = tcp_v6_do_rcv(sk, skb);
1440 goto put_and_return;
1441 }
1442
1443 sk_incoming_cpu_update(sk);
1444
1445 bh_lock_sock_nested(sk);
1446 tcp_sk(sk)->segs_in += max_t(u16, 1, skb_shinfo(skb)->gso_segs);
1447 ret = 0;
1448 if (!sock_owned_by_user(sk)) {
1449 if (!tcp_prequeue(sk, skb))
1450 ret = tcp_v6_do_rcv(sk, skb);
1451 } else if (unlikely(sk_add_backlog(sk, skb,
1452 sk->sk_rcvbuf + sk->sk_sndbuf))) {
1453 bh_unlock_sock(sk);
1454 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP);
1455 goto discard_and_relse;
1456 }
1457 bh_unlock_sock(sk);
1458
1459 put_and_return:
1460 sock_put(sk);
1461 return ret ? -1 : 0;
1462
1463 no_tcp_socket:
1464 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1465 goto discard_it;
1466
1467 tcp_v6_fill_cb(skb, hdr, th);
1468
1469 if (tcp_checksum_complete(skb)) {
1470 csum_error:
1471 TCP_INC_STATS_BH(net, TCP_MIB_CSUMERRORS);
1472 bad_packet:
1473 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1474 } else {
1475 tcp_v6_send_reset(NULL, skb);
1476 }
1477
1478 discard_it:
1479 kfree_skb(skb);
1480 return 0;
1481
1482 discard_and_relse:
1483 sock_put(sk);
1484 goto discard_it;
1485
1486 do_time_wait:
1487 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1488 inet_twsk_put(inet_twsk(sk));
1489 goto discard_it;
1490 }
1491
1492 tcp_v6_fill_cb(skb, hdr, th);
1493
1494 if (tcp_checksum_complete(skb)) {
1495 inet_twsk_put(inet_twsk(sk));
1496 goto csum_error;
1497 }
1498
1499 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1500 case TCP_TW_SYN:
1501 {
1502 struct sock *sk2;
1503
1504 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1505 &ipv6_hdr(skb)->saddr, th->source,
1506 &ipv6_hdr(skb)->daddr,
1507 ntohs(th->dest), tcp_v6_iif(skb));
1508 if (sk2) {
1509 struct inet_timewait_sock *tw = inet_twsk(sk);
1510 inet_twsk_deschedule_put(tw);
1511 sk = sk2;
1512 tcp_v6_restore_cb(skb);
1513 goto process;
1514 }
1515 /* Fall through to ACK */
1516 }
1517 case TCP_TW_ACK:
1518 tcp_v6_timewait_ack(sk, skb);
1519 break;
1520 case TCP_TW_RST:
1521 tcp_v6_restore_cb(skb);
1522 goto no_tcp_socket;
1523 case TCP_TW_SUCCESS:
1524 ;
1525 }
1526 goto discard_it;
1527 }
1528
tcp_v6_early_demux(struct sk_buff * skb)1529 static void tcp_v6_early_demux(struct sk_buff *skb)
1530 {
1531 const struct ipv6hdr *hdr;
1532 const struct tcphdr *th;
1533 struct sock *sk;
1534
1535 if (skb->pkt_type != PACKET_HOST)
1536 return;
1537
1538 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1539 return;
1540
1541 hdr = ipv6_hdr(skb);
1542 th = tcp_hdr(skb);
1543
1544 if (th->doff < sizeof(struct tcphdr) / 4)
1545 return;
1546
1547 /* Note : We use inet6_iif() here, not tcp_v6_iif() */
1548 sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1549 &hdr->saddr, th->source,
1550 &hdr->daddr, ntohs(th->dest),
1551 inet6_iif(skb));
1552 if (sk) {
1553 skb->sk = sk;
1554 skb->destructor = sock_edemux;
1555 if (sk_fullsock(sk)) {
1556 struct dst_entry *dst = READ_ONCE(sk->sk_rx_dst);
1557
1558 if (dst)
1559 dst = dst_check(dst, inet6_sk(sk)->rx_dst_cookie);
1560 if (dst &&
1561 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
1562 skb_dst_set_noref(skb, dst);
1563 }
1564 }
1565 }
1566
1567 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1568 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
1569 .twsk_unique = tcp_twsk_unique,
1570 .twsk_destructor = tcp_twsk_destructor,
1571 };
1572
1573 static const struct inet_connection_sock_af_ops ipv6_specific = {
1574 .queue_xmit = inet6_csk_xmit,
1575 .send_check = tcp_v6_send_check,
1576 .rebuild_header = inet6_sk_rebuild_header,
1577 .sk_rx_dst_set = inet6_sk_rx_dst_set,
1578 .conn_request = tcp_v6_conn_request,
1579 .syn_recv_sock = tcp_v6_syn_recv_sock,
1580 .net_header_len = sizeof(struct ipv6hdr),
1581 .net_frag_header_len = sizeof(struct frag_hdr),
1582 .setsockopt = ipv6_setsockopt,
1583 .getsockopt = ipv6_getsockopt,
1584 .addr2sockaddr = inet6_csk_addr2sockaddr,
1585 .sockaddr_len = sizeof(struct sockaddr_in6),
1586 .bind_conflict = inet6_csk_bind_conflict,
1587 #ifdef CONFIG_COMPAT
1588 .compat_setsockopt = compat_ipv6_setsockopt,
1589 .compat_getsockopt = compat_ipv6_getsockopt,
1590 #endif
1591 .mtu_reduced = tcp_v6_mtu_reduced,
1592 };
1593
1594 #ifdef CONFIG_TCP_MD5SIG
1595 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1596 .md5_lookup = tcp_v6_md5_lookup,
1597 .calc_md5_hash = tcp_v6_md5_hash_skb,
1598 .md5_parse = tcp_v6_parse_md5_keys,
1599 };
1600 #endif
1601
1602 /*
1603 * TCP over IPv4 via INET6 API
1604 */
1605 static const struct inet_connection_sock_af_ops ipv6_mapped = {
1606 .queue_xmit = ip_queue_xmit,
1607 .send_check = tcp_v4_send_check,
1608 .rebuild_header = inet_sk_rebuild_header,
1609 .sk_rx_dst_set = inet_sk_rx_dst_set,
1610 .conn_request = tcp_v6_conn_request,
1611 .syn_recv_sock = tcp_v6_syn_recv_sock,
1612 .net_header_len = sizeof(struct iphdr),
1613 .setsockopt = ipv6_setsockopt,
1614 .getsockopt = ipv6_getsockopt,
1615 .addr2sockaddr = inet6_csk_addr2sockaddr,
1616 .sockaddr_len = sizeof(struct sockaddr_in6),
1617 .bind_conflict = inet6_csk_bind_conflict,
1618 #ifdef CONFIG_COMPAT
1619 .compat_setsockopt = compat_ipv6_setsockopt,
1620 .compat_getsockopt = compat_ipv6_getsockopt,
1621 #endif
1622 .mtu_reduced = tcp_v4_mtu_reduced,
1623 };
1624
1625 #ifdef CONFIG_TCP_MD5SIG
1626 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1627 .md5_lookup = tcp_v4_md5_lookup,
1628 .calc_md5_hash = tcp_v4_md5_hash_skb,
1629 .md5_parse = tcp_v6_parse_md5_keys,
1630 };
1631 #endif
1632
1633 /* NOTE: A lot of things set to zero explicitly by call to
1634 * sk_alloc() so need not be done here.
1635 */
tcp_v6_init_sock(struct sock * sk)1636 static int tcp_v6_init_sock(struct sock *sk)
1637 {
1638 struct inet_connection_sock *icsk = inet_csk(sk);
1639
1640 tcp_init_sock(sk);
1641
1642 icsk->icsk_af_ops = &ipv6_specific;
1643
1644 #ifdef CONFIG_TCP_MD5SIG
1645 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
1646 #endif
1647
1648 return 0;
1649 }
1650
tcp_v6_destroy_sock(struct sock * sk)1651 static void tcp_v6_destroy_sock(struct sock *sk)
1652 {
1653 tcp_v4_destroy_sock(sk);
1654 inet6_destroy_sock(sk);
1655 }
1656
1657 #ifdef CONFIG_PROC_FS
1658 /* Proc filesystem TCPv6 sock list dumping. */
get_openreq6(struct seq_file * seq,const struct request_sock * req,int i)1659 static void get_openreq6(struct seq_file *seq,
1660 const struct request_sock *req, int i)
1661 {
1662 long ttd = req->rsk_timer.expires - jiffies;
1663 const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
1664 const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
1665
1666 if (ttd < 0)
1667 ttd = 0;
1668
1669 seq_printf(seq,
1670 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1671 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
1672 i,
1673 src->s6_addr32[0], src->s6_addr32[1],
1674 src->s6_addr32[2], src->s6_addr32[3],
1675 inet_rsk(req)->ir_num,
1676 dest->s6_addr32[0], dest->s6_addr32[1],
1677 dest->s6_addr32[2], dest->s6_addr32[3],
1678 ntohs(inet_rsk(req)->ir_rmt_port),
1679 TCP_SYN_RECV,
1680 0, 0, /* could print option size, but that is af dependent. */
1681 1, /* timers active (only the expire timer) */
1682 jiffies_to_clock_t(ttd),
1683 req->num_timeout,
1684 from_kuid_munged(seq_user_ns(seq),
1685 sock_i_uid(req->rsk_listener)),
1686 0, /* non standard timer */
1687 0, /* open_requests have no inode */
1688 0, req);
1689 }
1690
get_tcp6_sock(struct seq_file * seq,struct sock * sp,int i)1691 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1692 {
1693 const struct in6_addr *dest, *src;
1694 __u16 destp, srcp;
1695 int timer_active;
1696 unsigned long timer_expires;
1697 const struct inet_sock *inet = inet_sk(sp);
1698 const struct tcp_sock *tp = tcp_sk(sp);
1699 const struct inet_connection_sock *icsk = inet_csk(sp);
1700 const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq;
1701 int rx_queue;
1702 int state;
1703
1704 dest = &sp->sk_v6_daddr;
1705 src = &sp->sk_v6_rcv_saddr;
1706 destp = ntohs(inet->inet_dport);
1707 srcp = ntohs(inet->inet_sport);
1708
1709 if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
1710 icsk->icsk_pending == ICSK_TIME_EARLY_RETRANS ||
1711 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
1712 timer_active = 1;
1713 timer_expires = icsk->icsk_timeout;
1714 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1715 timer_active = 4;
1716 timer_expires = icsk->icsk_timeout;
1717 } else if (timer_pending(&sp->sk_timer)) {
1718 timer_active = 2;
1719 timer_expires = sp->sk_timer.expires;
1720 } else {
1721 timer_active = 0;
1722 timer_expires = jiffies;
1723 }
1724
1725 state = sk_state_load(sp);
1726 if (state == TCP_LISTEN)
1727 rx_queue = sp->sk_ack_backlog;
1728 else
1729 /* Because we don't lock the socket,
1730 * we might find a transient negative value.
1731 */
1732 rx_queue = max_t(int, tp->rcv_nxt - tp->copied_seq, 0);
1733
1734 seq_printf(seq,
1735 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1736 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
1737 i,
1738 src->s6_addr32[0], src->s6_addr32[1],
1739 src->s6_addr32[2], src->s6_addr32[3], srcp,
1740 dest->s6_addr32[0], dest->s6_addr32[1],
1741 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1742 state,
1743 tp->write_seq - tp->snd_una,
1744 rx_queue,
1745 timer_active,
1746 jiffies_delta_to_clock_t(timer_expires - jiffies),
1747 icsk->icsk_retransmits,
1748 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
1749 icsk->icsk_probes_out,
1750 sock_i_ino(sp),
1751 atomic_read(&sp->sk_refcnt), sp,
1752 jiffies_to_clock_t(icsk->icsk_rto),
1753 jiffies_to_clock_t(icsk->icsk_ack.ato),
1754 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
1755 tp->snd_cwnd,
1756 state == TCP_LISTEN ?
1757 fastopenq->max_qlen :
1758 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
1759 );
1760 }
1761
get_timewait6_sock(struct seq_file * seq,struct inet_timewait_sock * tw,int i)1762 static void get_timewait6_sock(struct seq_file *seq,
1763 struct inet_timewait_sock *tw, int i)
1764 {
1765 long delta = tw->tw_timer.expires - jiffies;
1766 const struct in6_addr *dest, *src;
1767 __u16 destp, srcp;
1768
1769 dest = &tw->tw_v6_daddr;
1770 src = &tw->tw_v6_rcv_saddr;
1771 destp = ntohs(tw->tw_dport);
1772 srcp = ntohs(tw->tw_sport);
1773
1774 seq_printf(seq,
1775 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1776 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1777 i,
1778 src->s6_addr32[0], src->s6_addr32[1],
1779 src->s6_addr32[2], src->s6_addr32[3], srcp,
1780 dest->s6_addr32[0], dest->s6_addr32[1],
1781 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1782 tw->tw_substate, 0, 0,
1783 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
1784 atomic_read(&tw->tw_refcnt), tw);
1785 }
1786
tcp6_seq_show(struct seq_file * seq,void * v)1787 static int tcp6_seq_show(struct seq_file *seq, void *v)
1788 {
1789 struct tcp_iter_state *st;
1790 struct sock *sk = v;
1791
1792 if (v == SEQ_START_TOKEN) {
1793 seq_puts(seq,
1794 " sl "
1795 "local_address "
1796 "remote_address "
1797 "st tx_queue rx_queue tr tm->when retrnsmt"
1798 " uid timeout inode\n");
1799 goto out;
1800 }
1801 st = seq->private;
1802
1803 if (sk->sk_state == TCP_TIME_WAIT)
1804 get_timewait6_sock(seq, v, st->num);
1805 else if (sk->sk_state == TCP_NEW_SYN_RECV)
1806 get_openreq6(seq, v, st->num);
1807 else
1808 get_tcp6_sock(seq, v, st->num);
1809 out:
1810 return 0;
1811 }
1812
1813 static const struct file_operations tcp6_afinfo_seq_fops = {
1814 .owner = THIS_MODULE,
1815 .open = tcp_seq_open,
1816 .read = seq_read,
1817 .llseek = seq_lseek,
1818 .release = seq_release_net
1819 };
1820
1821 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1822 .name = "tcp6",
1823 .family = AF_INET6,
1824 .seq_fops = &tcp6_afinfo_seq_fops,
1825 .seq_ops = {
1826 .show = tcp6_seq_show,
1827 },
1828 };
1829
tcp6_proc_init(struct net * net)1830 int __net_init tcp6_proc_init(struct net *net)
1831 {
1832 return tcp_proc_register(net, &tcp6_seq_afinfo);
1833 }
1834
tcp6_proc_exit(struct net * net)1835 void tcp6_proc_exit(struct net *net)
1836 {
1837 tcp_proc_unregister(net, &tcp6_seq_afinfo);
1838 }
1839 #endif
1840
tcp_v6_clear_sk(struct sock * sk,int size)1841 static void tcp_v6_clear_sk(struct sock *sk, int size)
1842 {
1843 struct inet_sock *inet = inet_sk(sk);
1844
1845 /* we do not want to clear pinet6 field, because of RCU lookups */
1846 sk_prot_clear_nulls(sk, offsetof(struct inet_sock, pinet6));
1847
1848 size -= offsetof(struct inet_sock, pinet6) + sizeof(inet->pinet6);
1849 memset(&inet->pinet6 + 1, 0, size);
1850 }
1851
1852 struct proto tcpv6_prot = {
1853 .name = "TCPv6",
1854 .owner = THIS_MODULE,
1855 .close = tcp_close,
1856 .connect = tcp_v6_connect,
1857 .disconnect = tcp_disconnect,
1858 .accept = inet_csk_accept,
1859 .ioctl = tcp_ioctl,
1860 .init = tcp_v6_init_sock,
1861 .destroy = tcp_v6_destroy_sock,
1862 .shutdown = tcp_shutdown,
1863 .setsockopt = tcp_setsockopt,
1864 .getsockopt = tcp_getsockopt,
1865 .recvmsg = tcp_recvmsg,
1866 .sendmsg = tcp_sendmsg,
1867 .sendpage = tcp_sendpage,
1868 .backlog_rcv = tcp_v6_do_rcv,
1869 .release_cb = tcp_release_cb,
1870 .hash = inet_hash,
1871 .unhash = inet_unhash,
1872 .get_port = inet_csk_get_port,
1873 .enter_memory_pressure = tcp_enter_memory_pressure,
1874 .stream_memory_free = tcp_stream_memory_free,
1875 .sockets_allocated = &tcp_sockets_allocated,
1876 .memory_allocated = &tcp_memory_allocated,
1877 .memory_pressure = &tcp_memory_pressure,
1878 .orphan_count = &tcp_orphan_count,
1879 .sysctl_mem = sysctl_tcp_mem,
1880 .sysctl_wmem = sysctl_tcp_wmem,
1881 .sysctl_rmem = sysctl_tcp_rmem,
1882 .max_header = MAX_TCP_HEADER,
1883 .obj_size = sizeof(struct tcp6_sock),
1884 .slab_flags = SLAB_DESTROY_BY_RCU,
1885 .twsk_prot = &tcp6_timewait_sock_ops,
1886 .rsk_prot = &tcp6_request_sock_ops,
1887 .h.hashinfo = &tcp_hashinfo,
1888 .no_autobind = true,
1889 #ifdef CONFIG_COMPAT
1890 .compat_setsockopt = compat_tcp_setsockopt,
1891 .compat_getsockopt = compat_tcp_getsockopt,
1892 #endif
1893 #ifdef CONFIG_MEMCG_KMEM
1894 .proto_cgroup = tcp_proto_cgroup,
1895 #endif
1896 .clear_sk = tcp_v6_clear_sk,
1897 };
1898
1899 static const struct inet6_protocol tcpv6_protocol = {
1900 .early_demux = tcp_v6_early_demux,
1901 .handler = tcp_v6_rcv,
1902 .err_handler = tcp_v6_err,
1903 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1904 };
1905
1906 static struct inet_protosw tcpv6_protosw = {
1907 .type = SOCK_STREAM,
1908 .protocol = IPPROTO_TCP,
1909 .prot = &tcpv6_prot,
1910 .ops = &inet6_stream_ops,
1911 .flags = INET_PROTOSW_PERMANENT |
1912 INET_PROTOSW_ICSK,
1913 };
1914
tcpv6_net_init(struct net * net)1915 static int __net_init tcpv6_net_init(struct net *net)
1916 {
1917 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
1918 SOCK_RAW, IPPROTO_TCP, net);
1919 }
1920
tcpv6_net_exit(struct net * net)1921 static void __net_exit tcpv6_net_exit(struct net *net)
1922 {
1923 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
1924 }
1925
tcpv6_net_exit_batch(struct list_head * net_exit_list)1926 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
1927 {
1928 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET6);
1929 }
1930
1931 static struct pernet_operations tcpv6_net_ops = {
1932 .init = tcpv6_net_init,
1933 .exit = tcpv6_net_exit,
1934 .exit_batch = tcpv6_net_exit_batch,
1935 };
1936
tcpv6_init(void)1937 int __init tcpv6_init(void)
1938 {
1939 int ret;
1940
1941 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
1942 if (ret)
1943 goto out;
1944
1945 /* register inet6 protocol */
1946 ret = inet6_register_protosw(&tcpv6_protosw);
1947 if (ret)
1948 goto out_tcpv6_protocol;
1949
1950 ret = register_pernet_subsys(&tcpv6_net_ops);
1951 if (ret)
1952 goto out_tcpv6_protosw;
1953 out:
1954 return ret;
1955
1956 out_tcpv6_protosw:
1957 inet6_unregister_protosw(&tcpv6_protosw);
1958 out_tcpv6_protocol:
1959 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
1960 goto out;
1961 }
1962
tcpv6_exit(void)1963 void tcpv6_exit(void)
1964 {
1965 unregister_pernet_subsys(&tcpv6_net_ops);
1966 inet6_unregister_protosw(&tcpv6_protosw);
1967 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
1968 }
1969