1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * INET An implementation of the TCP/IP protocol suite for the LINUX
4 * operating system. INET is implemented using the BSD Socket
5 * interface as the means of communication with the user level.
7 * Generic INET6 transport hashtables
9 * Authors: Lotsa people, from code originally in tcp, generalised here
10 * by Arnaldo Carvalho de Melo <acme@mandriva.com>
13 #include <linux/module.h>
14 #include <linux/random.h>
16 #include <net/addrconf.h>
17 #include <net/hotdata.h>
18 #include <net/inet_connection_sock.h>
19 #include <net/inet_hashtables.h>
20 #include <net/inet6_hashtables.h>
21 #include <net/secure_seq.h>
23 #include <net/sock_reuseport.h>
25 u32 inet6_ehashfn(const struct net *net,
26 const struct in6_addr *laddr, const u16 lport,
27 const struct in6_addr *faddr, const __be16 fport)
31 net_get_random_once(&inet6_ehash_secret, sizeof(inet6_ehash_secret));
32 net_get_random_once(&tcp_ipv6_hash_secret, sizeof(tcp_ipv6_hash_secret));
34 lhash = (__force u32)laddr->s6_addr32[3];
35 fhash = __ipv6_addr_jhash(faddr, tcp_ipv6_hash_secret);
37 return __inet6_ehashfn(lhash, lport, fhash, fport,
38 inet6_ehash_secret + net_hash_mix(net));
40 EXPORT_SYMBOL_GPL(inet6_ehashfn);
43 * Sockets in TCP_CLOSE state are _always_ taken out of the hash, so
44 * we need not check it for TCP lookups anymore, thanks Alexey. -DaveM
46 * The sockhash lock must be held as a reader here.
48 struct sock *__inet6_lookup_established(struct net *net,
49 struct inet_hashinfo *hashinfo,
50 const struct in6_addr *saddr,
52 const struct in6_addr *daddr,
54 const int dif, const int sdif)
57 const struct hlist_nulls_node *node;
58 const __portpair ports = INET_COMBINED_PORTS(sport, hnum);
59 /* Optimize here for direct hit, only listening connections can
60 * have wildcards anyways.
62 unsigned int hash = inet6_ehashfn(net, daddr, hnum, saddr, sport);
63 unsigned int slot = hash & hashinfo->ehash_mask;
64 struct inet_ehash_bucket *head = &hashinfo->ehash[slot];
68 sk_nulls_for_each_rcu(sk, node, &head->chain) {
69 if (sk->sk_hash != hash)
71 if (!inet6_match(net, sk, saddr, daddr, ports, dif, sdif))
73 if (unlikely(!refcount_inc_not_zero(&sk->sk_refcnt)))
76 if (unlikely(!inet6_match(net, sk, saddr, daddr, ports, dif, sdif))) {
82 if (get_nulls_value(node) != slot)
89 EXPORT_SYMBOL(__inet6_lookup_established);
91 static inline int compute_score(struct sock *sk, struct net *net,
92 const unsigned short hnum,
93 const struct in6_addr *daddr,
94 const int dif, const int sdif)
98 if (net_eq(sock_net(sk), net) && inet_sk(sk)->inet_num == hnum &&
99 sk->sk_family == PF_INET6) {
100 if (!ipv6_addr_equal(&sk->sk_v6_rcv_saddr, daddr))
103 if (!inet_sk_bound_dev_eq(net, sk->sk_bound_dev_if, dif, sdif))
106 score = sk->sk_bound_dev_if ? 2 : 1;
107 if (READ_ONCE(sk->sk_incoming_cpu) == raw_smp_processor_id())
114 * inet6_lookup_reuseport() - execute reuseport logic on AF_INET6 socket if necessary.
115 * @net: network namespace.
116 * @sk: AF_INET6 socket, must be in TCP_LISTEN state for TCP or TCP_CLOSE for UDP.
117 * @skb: context for a potential SK_REUSEPORT program.
118 * @doff: header offset.
119 * @saddr: source address.
120 * @sport: source port.
121 * @daddr: destination address.
122 * @hnum: destination port in host byte order.
123 * @ehashfn: hash function used to generate the fallback hash.
125 * Return: NULL if sk doesn't have SO_REUSEPORT set, otherwise a pointer to
126 * the selected sock or an error.
128 struct sock *inet6_lookup_reuseport(struct net *net, struct sock *sk,
129 struct sk_buff *skb, int doff,
130 const struct in6_addr *saddr,
132 const struct in6_addr *daddr,
134 inet6_ehashfn_t *ehashfn)
136 struct sock *reuse_sk = NULL;
139 if (sk->sk_reuseport) {
140 phash = INDIRECT_CALL_INET(ehashfn, udp6_ehashfn, inet6_ehashfn,
141 net, daddr, hnum, saddr, sport);
142 reuse_sk = reuseport_select_sock(sk, phash, skb, doff);
146 EXPORT_SYMBOL_GPL(inet6_lookup_reuseport);
148 /* called with rcu_read_lock() */
149 static struct sock *inet6_lhash2_lookup(struct net *net,
150 struct inet_listen_hashbucket *ilb2,
151 struct sk_buff *skb, int doff,
152 const struct in6_addr *saddr,
153 const __be16 sport, const struct in6_addr *daddr,
154 const unsigned short hnum, const int dif, const int sdif)
156 struct sock *sk, *result = NULL;
157 struct hlist_nulls_node *node;
158 int score, hiscore = 0;
160 sk_nulls_for_each_rcu(sk, node, &ilb2->nulls_head) {
161 score = compute_score(sk, net, hnum, daddr, dif, sdif);
162 if (score > hiscore) {
163 result = inet6_lookup_reuseport(net, sk, skb, doff,
164 saddr, sport, daddr, hnum, inet6_ehashfn);
176 struct sock *inet6_lookup_run_sk_lookup(struct net *net,
178 struct sk_buff *skb, int doff,
179 const struct in6_addr *saddr,
181 const struct in6_addr *daddr,
182 const u16 hnum, const int dif,
183 inet6_ehashfn_t *ehashfn)
185 struct sock *sk, *reuse_sk;
188 no_reuseport = bpf_sk_lookup_run_v6(net, protocol, saddr, sport,
189 daddr, hnum, dif, &sk);
190 if (no_reuseport || IS_ERR_OR_NULL(sk))
193 reuse_sk = inet6_lookup_reuseport(net, sk, skb, doff,
194 saddr, sport, daddr, hnum, ehashfn);
199 EXPORT_SYMBOL_GPL(inet6_lookup_run_sk_lookup);
201 struct sock *inet6_lookup_listener(struct net *net,
202 struct inet_hashinfo *hashinfo,
203 struct sk_buff *skb, int doff,
204 const struct in6_addr *saddr,
205 const __be16 sport, const struct in6_addr *daddr,
206 const unsigned short hnum, const int dif, const int sdif)
208 struct inet_listen_hashbucket *ilb2;
209 struct sock *result = NULL;
212 /* Lookup redirect from BPF */
213 if (static_branch_unlikely(&bpf_sk_lookup_enabled) &&
214 hashinfo == net->ipv4.tcp_death_row.hashinfo) {
215 result = inet6_lookup_run_sk_lookup(net, IPPROTO_TCP, skb, doff,
216 saddr, sport, daddr, hnum, dif,
222 hash2 = ipv6_portaddr_hash(net, daddr, hnum);
223 ilb2 = inet_lhash2_bucket(hashinfo, hash2);
225 result = inet6_lhash2_lookup(net, ilb2, skb, doff,
226 saddr, sport, daddr, hnum,
231 /* Lookup lhash2 with in6addr_any */
232 hash2 = ipv6_portaddr_hash(net, &in6addr_any, hnum);
233 ilb2 = inet_lhash2_bucket(hashinfo, hash2);
235 result = inet6_lhash2_lookup(net, ilb2, skb, doff,
236 saddr, sport, &in6addr_any, hnum,
243 EXPORT_SYMBOL_GPL(inet6_lookup_listener);
245 struct sock *inet6_lookup(struct net *net, struct inet_hashinfo *hashinfo,
246 struct sk_buff *skb, int doff,
247 const struct in6_addr *saddr, const __be16 sport,
248 const struct in6_addr *daddr, const __be16 dport,
254 sk = __inet6_lookup(net, hashinfo, skb, doff, saddr, sport, daddr,
255 ntohs(dport), dif, 0, &refcounted);
256 if (sk && !refcounted && !refcount_inc_not_zero(&sk->sk_refcnt))
260 EXPORT_SYMBOL_GPL(inet6_lookup);
262 static int __inet6_check_established(struct inet_timewait_death_row *death_row,
263 struct sock *sk, const __u16 lport,
264 struct inet_timewait_sock **twp)
266 struct inet_hashinfo *hinfo = death_row->hashinfo;
267 struct inet_sock *inet = inet_sk(sk);
268 const struct in6_addr *daddr = &sk->sk_v6_rcv_saddr;
269 const struct in6_addr *saddr = &sk->sk_v6_daddr;
270 const int dif = sk->sk_bound_dev_if;
271 struct net *net = sock_net(sk);
272 const int sdif = l3mdev_master_ifindex_by_index(net, dif);
273 const __portpair ports = INET_COMBINED_PORTS(inet->inet_dport, lport);
274 const unsigned int hash = inet6_ehashfn(net, daddr, lport, saddr,
276 struct inet_ehash_bucket *head = inet_ehash_bucket(hinfo, hash);
277 spinlock_t *lock = inet_ehash_lockp(hinfo, hash);
279 const struct hlist_nulls_node *node;
280 struct inet_timewait_sock *tw = NULL;
284 sk_nulls_for_each(sk2, node, &head->chain) {
285 if (sk2->sk_hash != hash)
288 if (likely(inet6_match(net, sk2, saddr, daddr, ports,
290 if (sk2->sk_state == TCP_TIME_WAIT) {
292 if (twsk_unique(sk, sk2, twp))
299 /* Must record num and sport now. Otherwise we will see
300 * in hash table socket with a funny identity.
302 inet->inet_num = lport;
303 inet->inet_sport = htons(lport);
305 WARN_ON(!sk_unhashed(sk));
306 __sk_nulls_add_node_rcu(sk, &head->chain);
308 sk_nulls_del_node_init_rcu((struct sock *)tw);
309 __NET_INC_STATS(net, LINUX_MIB_TIMEWAITRECYCLED);
312 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
317 /* Silly. Should hash-dance instead... */
318 inet_twsk_deschedule_put(tw);
324 return -EADDRNOTAVAIL;
327 static u64 inet6_sk_port_offset(const struct sock *sk)
329 const struct inet_sock *inet = inet_sk(sk);
331 return secure_ipv6_port_ephemeral(sk->sk_v6_rcv_saddr.s6_addr32,
332 sk->sk_v6_daddr.s6_addr32,
336 int inet6_hash_connect(struct inet_timewait_death_row *death_row,
341 if (!inet_sk(sk)->inet_num)
342 port_offset = inet6_sk_port_offset(sk);
343 return __inet_hash_connect(death_row, sk, port_offset,
344 __inet6_check_established);
346 EXPORT_SYMBOL_GPL(inet6_hash_connect);
348 int inet6_hash(struct sock *sk)
352 if (sk->sk_state != TCP_CLOSE)
353 err = __inet_hash(sk, NULL);
357 EXPORT_SYMBOL_GPL(inet6_hash);