1 // SPDX-License-Identifier: GPL-2.0-or-later
4 * Linux INET6 implementation
7 * Pedro Roque <roque@di.fc.ul.pt>
10 * linux/net/ipv4/tcp.c
11 * linux/net/ipv4/tcp_input.c
12 * linux/net/ipv4/tcp_output.c
15 * Hideaki YOSHIFUJI : sin6_scope_id support
16 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
17 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
18 * a single port at the same time.
19 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
22 #include <linux/bottom_half.h>
23 #include <linux/module.h>
24 #include <linux/errno.h>
25 #include <linux/types.h>
26 #include <linux/socket.h>
27 #include <linux/sockios.h>
28 #include <linux/net.h>
29 #include <linux/jiffies.h>
31 #include <linux/in6.h>
32 #include <linux/netdevice.h>
33 #include <linux/init.h>
34 #include <linux/jhash.h>
35 #include <linux/ipsec.h>
36 #include <linux/times.h>
37 #include <linux/slab.h>
38 #include <linux/uaccess.h>
39 #include <linux/ipv6.h>
40 #include <linux/icmpv6.h>
41 #include <linux/random.h>
42 #include <linux/indirect_call_wrapper.h>
45 #include <net/ndisc.h>
46 #include <net/inet6_hashtables.h>
47 #include <net/inet6_connection_sock.h>
49 #include <net/transp_v6.h>
50 #include <net/addrconf.h>
51 #include <net/ip6_route.h>
52 #include <net/ip6_checksum.h>
53 #include <net/inet_ecn.h>
54 #include <net/protocol.h>
57 #include <net/dsfield.h>
58 #include <net/timewait_sock.h>
59 #include <net/inet_common.h>
60 #include <net/secure_seq.h>
61 #include <net/busy_poll.h>
63 #include <linux/proc_fs.h>
64 #include <linux/seq_file.h>
66 #include <crypto/hash.h>
67 #include <linux/scatterlist.h>
69 #include <trace/events/tcp.h>
71 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb);
72 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
73 struct request_sock *req);
75 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
77 static const struct inet_connection_sock_af_ops ipv6_mapped;
78 const struct inet_connection_sock_af_ops ipv6_specific;
79 #ifdef CONFIG_TCP_MD5SIG
80 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
81 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
83 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
84 const struct in6_addr *addr,
91 /* Helper returning the inet6 address from a given tcp socket.
92 * It can be used in TCP stack instead of inet6_sk(sk).
93 * This avoids a dereference and allow compiler optimizations.
94 * It is a specialized version of inet6_sk_generic().
96 static struct ipv6_pinfo *tcp_inet6_sk(const struct sock *sk)
98 unsigned int offset = sizeof(struct tcp6_sock) - sizeof(struct ipv6_pinfo);
100 return (struct ipv6_pinfo *)(((u8 *)sk) + offset);
103 static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
105 struct dst_entry *dst = skb_dst(skb);
107 if (dst && dst_hold_safe(dst)) {
108 const struct rt6_info *rt = (const struct rt6_info *)dst;
111 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
112 tcp_inet6_sk(sk)->rx_dst_cookie = rt6_get_cookie(rt);
116 static u32 tcp_v6_init_seq(const struct sk_buff *skb)
118 return secure_tcpv6_seq(ipv6_hdr(skb)->daddr.s6_addr32,
119 ipv6_hdr(skb)->saddr.s6_addr32,
121 tcp_hdr(skb)->source);
124 static u32 tcp_v6_init_ts_off(const struct net *net, const struct sk_buff *skb)
126 return secure_tcpv6_ts_off(net, ipv6_hdr(skb)->daddr.s6_addr32,
127 ipv6_hdr(skb)->saddr.s6_addr32);
130 static int tcp_v6_pre_connect(struct sock *sk, struct sockaddr *uaddr,
133 /* This check is replicated from tcp_v6_connect() and intended to
134 * prevent BPF program called below from accessing bytes that are out
135 * of the bound specified by user in addr_len.
137 if (addr_len < SIN6_LEN_RFC2133)
140 sock_owned_by_me(sk);
142 return BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr);
145 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
148 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
149 struct inet_sock *inet = inet_sk(sk);
150 struct inet_connection_sock *icsk = inet_csk(sk);
151 struct ipv6_pinfo *np = tcp_inet6_sk(sk);
152 struct tcp_sock *tp = tcp_sk(sk);
153 struct in6_addr *saddr = NULL, *final_p, final;
154 struct ipv6_txoptions *opt;
156 struct dst_entry *dst;
159 struct inet_timewait_death_row *tcp_death_row = &sock_net(sk)->ipv4.tcp_death_row;
161 if (addr_len < SIN6_LEN_RFC2133)
164 if (usin->sin6_family != AF_INET6)
165 return -EAFNOSUPPORT;
167 memset(&fl6, 0, sizeof(fl6));
170 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
171 IP6_ECN_flow_init(fl6.flowlabel);
172 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
173 struct ip6_flowlabel *flowlabel;
174 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
175 if (IS_ERR(flowlabel))
177 fl6_sock_release(flowlabel);
182 * connect() to INADDR_ANY means loopback (BSD'ism).
185 if (ipv6_addr_any(&usin->sin6_addr)) {
186 if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr))
187 ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK),
190 usin->sin6_addr = in6addr_loopback;
193 addr_type = ipv6_addr_type(&usin->sin6_addr);
195 if (addr_type & IPV6_ADDR_MULTICAST)
198 if (addr_type&IPV6_ADDR_LINKLOCAL) {
199 if (addr_len >= sizeof(struct sockaddr_in6) &&
200 usin->sin6_scope_id) {
201 /* If interface is set while binding, indices
204 if (!sk_dev_equal_l3scope(sk, usin->sin6_scope_id))
207 sk->sk_bound_dev_if = usin->sin6_scope_id;
210 /* Connect to link-local address requires an interface */
211 if (!sk->sk_bound_dev_if)
215 if (tp->rx_opt.ts_recent_stamp &&
216 !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
217 tp->rx_opt.ts_recent = 0;
218 tp->rx_opt.ts_recent_stamp = 0;
219 WRITE_ONCE(tp->write_seq, 0);
222 sk->sk_v6_daddr = usin->sin6_addr;
223 np->flow_label = fl6.flowlabel;
229 if (addr_type & IPV6_ADDR_MAPPED) {
230 u32 exthdrlen = icsk->icsk_ext_hdr_len;
231 struct sockaddr_in sin;
233 if (__ipv6_only_sock(sk))
236 sin.sin_family = AF_INET;
237 sin.sin_port = usin->sin6_port;
238 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
240 icsk->icsk_af_ops = &ipv6_mapped;
242 mptcpv6_handle_mapped(sk, true);
243 sk->sk_backlog_rcv = tcp_v4_do_rcv;
244 #ifdef CONFIG_TCP_MD5SIG
245 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
248 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
251 icsk->icsk_ext_hdr_len = exthdrlen;
252 icsk->icsk_af_ops = &ipv6_specific;
254 mptcpv6_handle_mapped(sk, false);
255 sk->sk_backlog_rcv = tcp_v6_do_rcv;
256 #ifdef CONFIG_TCP_MD5SIG
257 tp->af_specific = &tcp_sock_ipv6_specific;
261 np->saddr = sk->sk_v6_rcv_saddr;
266 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
267 saddr = &sk->sk_v6_rcv_saddr;
269 fl6.flowi6_proto = IPPROTO_TCP;
270 fl6.daddr = sk->sk_v6_daddr;
271 fl6.saddr = saddr ? *saddr : np->saddr;
272 fl6.flowi6_oif = sk->sk_bound_dev_if;
273 fl6.flowi6_mark = sk->sk_mark;
274 fl6.fl6_dport = usin->sin6_port;
275 fl6.fl6_sport = inet->inet_sport;
276 fl6.flowi6_uid = sk->sk_uid;
278 opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
279 final_p = fl6_update_dst(&fl6, opt, &final);
281 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
283 dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
291 sk->sk_v6_rcv_saddr = *saddr;
294 /* set the source address */
296 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
298 sk->sk_gso_type = SKB_GSO_TCPV6;
299 ip6_dst_store(sk, dst, NULL, NULL);
301 icsk->icsk_ext_hdr_len = 0;
303 icsk->icsk_ext_hdr_len = opt->opt_flen +
306 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
308 inet->inet_dport = usin->sin6_port;
310 tcp_set_state(sk, TCP_SYN_SENT);
311 err = inet6_hash_connect(tcp_death_row, sk);
317 if (likely(!tp->repair)) {
319 WRITE_ONCE(tp->write_seq,
320 secure_tcpv6_seq(np->saddr.s6_addr32,
321 sk->sk_v6_daddr.s6_addr32,
324 tp->tsoffset = secure_tcpv6_ts_off(sock_net(sk),
326 sk->sk_v6_daddr.s6_addr32);
329 if (tcp_fastopen_defer_connect(sk, &err))
334 err = tcp_connect(sk);
341 tcp_set_state(sk, TCP_CLOSE);
343 inet->inet_dport = 0;
344 sk->sk_route_caps = 0;
348 static void tcp_v6_mtu_reduced(struct sock *sk)
350 struct dst_entry *dst;
352 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
355 dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info);
359 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
360 tcp_sync_mss(sk, dst_mtu(dst));
361 tcp_simple_retransmit(sk);
365 static int tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
366 u8 type, u8 code, int offset, __be32 info)
368 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
369 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
370 struct net *net = dev_net(skb->dev);
371 struct request_sock *fastopen;
372 struct ipv6_pinfo *np;
379 sk = __inet6_lookup_established(net, &tcp_hashinfo,
380 &hdr->daddr, th->dest,
381 &hdr->saddr, ntohs(th->source),
382 skb->dev->ifindex, inet6_sdif(skb));
385 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev),
390 if (sk->sk_state == TCP_TIME_WAIT) {
391 inet_twsk_put(inet_twsk(sk));
394 seq = ntohl(th->seq);
395 fatal = icmpv6_err_convert(type, code, &err);
396 if (sk->sk_state == TCP_NEW_SYN_RECV) {
397 tcp_req_err(sk, seq, fatal);
402 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
403 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS);
405 if (sk->sk_state == TCP_CLOSE)
408 if (ipv6_hdr(skb)->hop_limit < tcp_inet6_sk(sk)->min_hopcount) {
409 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
414 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
415 fastopen = rcu_dereference(tp->fastopen_rsk);
416 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
417 if (sk->sk_state != TCP_LISTEN &&
418 !between(seq, snd_una, tp->snd_nxt)) {
419 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
423 np = tcp_inet6_sk(sk);
425 if (type == NDISC_REDIRECT) {
426 if (!sock_owned_by_user(sk)) {
427 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
430 dst->ops->redirect(dst, sk, skb);
435 if (type == ICMPV6_PKT_TOOBIG) {
436 /* We are not interested in TCP_LISTEN and open_requests
437 * (SYN-ACKs send out by Linux are always <576bytes so
438 * they should go through unfragmented).
440 if (sk->sk_state == TCP_LISTEN)
443 if (!ip6_sk_accept_pmtu(sk))
446 tp->mtu_info = ntohl(info);
447 if (!sock_owned_by_user(sk))
448 tcp_v6_mtu_reduced(sk);
449 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
456 /* Might be for an request_sock */
457 switch (sk->sk_state) {
460 /* Only in fast or simultaneous open. If a fast open socket is
461 * is already accepted it is treated as a connected one below.
463 if (fastopen && !fastopen->sk)
466 ipv6_icmp_error(sk, skb, err, th->dest, ntohl(info), (u8 *)th);
468 if (!sock_owned_by_user(sk)) {
470 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
474 sk->sk_err_soft = err;
479 /* check if this ICMP message allows revert of backoff.
482 if (!fastopen && type == ICMPV6_DEST_UNREACH &&
483 code == ICMPV6_NOROUTE)
484 tcp_ld_RTO_revert(sk, seq);
487 if (!sock_owned_by_user(sk) && np->recverr) {
489 sk->sk_error_report(sk);
491 sk->sk_err_soft = err;
500 static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst,
502 struct request_sock *req,
503 struct tcp_fastopen_cookie *foc,
504 enum tcp_synack_type synack_type)
506 struct inet_request_sock *ireq = inet_rsk(req);
507 struct ipv6_pinfo *np = tcp_inet6_sk(sk);
508 struct ipv6_txoptions *opt;
509 struct flowi6 *fl6 = &fl->u.ip6;
513 /* First, grab a route. */
514 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req,
515 IPPROTO_TCP)) == NULL)
518 skb = tcp_make_synack(sk, dst, req, foc, synack_type);
521 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
522 &ireq->ir_v6_rmt_addr);
524 fl6->daddr = ireq->ir_v6_rmt_addr;
525 if (np->repflow && ireq->pktopts)
526 fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
529 opt = ireq->ipv6_opt;
531 opt = rcu_dereference(np->opt);
532 err = ip6_xmit(sk, skb, fl6, sk->sk_mark, opt, np->tclass,
535 err = net_xmit_eval(err);
543 static void tcp_v6_reqsk_destructor(struct request_sock *req)
545 kfree(inet_rsk(req)->ipv6_opt);
546 kfree_skb(inet_rsk(req)->pktopts);
549 #ifdef CONFIG_TCP_MD5SIG
550 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
551 const struct in6_addr *addr,
554 return tcp_md5_do_lookup(sk, l3index,
555 (union tcp_md5_addr *)addr, AF_INET6);
558 static struct tcp_md5sig_key *tcp_v6_md5_lookup(const struct sock *sk,
559 const struct sock *addr_sk)
563 l3index = l3mdev_master_ifindex_by_index(sock_net(sk),
564 addr_sk->sk_bound_dev_if);
565 return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr,
569 static int tcp_v6_parse_md5_keys(struct sock *sk, int optname,
570 sockptr_t optval, int optlen)
572 struct tcp_md5sig cmd;
573 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
577 if (optlen < sizeof(cmd))
580 if (copy_from_sockptr(&cmd, optval, sizeof(cmd)))
583 if (sin6->sin6_family != AF_INET6)
586 if (optname == TCP_MD5SIG_EXT &&
587 cmd.tcpm_flags & TCP_MD5SIG_FLAG_PREFIX) {
588 prefixlen = cmd.tcpm_prefixlen;
589 if (prefixlen > 128 || (ipv6_addr_v4mapped(&sin6->sin6_addr) &&
593 prefixlen = ipv6_addr_v4mapped(&sin6->sin6_addr) ? 32 : 128;
596 if (optname == TCP_MD5SIG_EXT &&
597 cmd.tcpm_flags & TCP_MD5SIG_FLAG_IFINDEX) {
598 struct net_device *dev;
601 dev = dev_get_by_index_rcu(sock_net(sk), cmd.tcpm_ifindex);
602 if (dev && netif_is_l3_master(dev))
603 l3index = dev->ifindex;
606 /* ok to reference set/not set outside of rcu;
607 * right now device MUST be an L3 master
609 if (!dev || !l3index)
613 if (!cmd.tcpm_keylen) {
614 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
615 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
618 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
619 AF_INET6, prefixlen, l3index);
622 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
625 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
626 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
627 AF_INET, prefixlen, l3index,
628 cmd.tcpm_key, cmd.tcpm_keylen,
631 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
632 AF_INET6, prefixlen, l3index,
633 cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
636 static int tcp_v6_md5_hash_headers(struct tcp_md5sig_pool *hp,
637 const struct in6_addr *daddr,
638 const struct in6_addr *saddr,
639 const struct tcphdr *th, int nbytes)
641 struct tcp6_pseudohdr *bp;
642 struct scatterlist sg;
646 /* 1. TCP pseudo-header (RFC2460) */
649 bp->protocol = cpu_to_be32(IPPROTO_TCP);
650 bp->len = cpu_to_be32(nbytes);
652 _th = (struct tcphdr *)(bp + 1);
653 memcpy(_th, th, sizeof(*th));
656 sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th));
657 ahash_request_set_crypt(hp->md5_req, &sg, NULL,
658 sizeof(*bp) + sizeof(*th));
659 return crypto_ahash_update(hp->md5_req);
662 static int tcp_v6_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
663 const struct in6_addr *daddr, struct in6_addr *saddr,
664 const struct tcphdr *th)
666 struct tcp_md5sig_pool *hp;
667 struct ahash_request *req;
669 hp = tcp_get_md5sig_pool();
671 goto clear_hash_noput;
674 if (crypto_ahash_init(req))
676 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, th->doff << 2))
678 if (tcp_md5_hash_key(hp, key))
680 ahash_request_set_crypt(req, NULL, md5_hash, 0);
681 if (crypto_ahash_final(req))
684 tcp_put_md5sig_pool();
688 tcp_put_md5sig_pool();
690 memset(md5_hash, 0, 16);
694 static int tcp_v6_md5_hash_skb(char *md5_hash,
695 const struct tcp_md5sig_key *key,
696 const struct sock *sk,
697 const struct sk_buff *skb)
699 const struct in6_addr *saddr, *daddr;
700 struct tcp_md5sig_pool *hp;
701 struct ahash_request *req;
702 const struct tcphdr *th = tcp_hdr(skb);
704 if (sk) { /* valid for establish/request sockets */
705 saddr = &sk->sk_v6_rcv_saddr;
706 daddr = &sk->sk_v6_daddr;
708 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
709 saddr = &ip6h->saddr;
710 daddr = &ip6h->daddr;
713 hp = tcp_get_md5sig_pool();
715 goto clear_hash_noput;
718 if (crypto_ahash_init(req))
721 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, skb->len))
723 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
725 if (tcp_md5_hash_key(hp, key))
727 ahash_request_set_crypt(req, NULL, md5_hash, 0);
728 if (crypto_ahash_final(req))
731 tcp_put_md5sig_pool();
735 tcp_put_md5sig_pool();
737 memset(md5_hash, 0, 16);
743 static bool tcp_v6_inbound_md5_hash(const struct sock *sk,
744 const struct sk_buff *skb,
747 #ifdef CONFIG_TCP_MD5SIG
748 const __u8 *hash_location = NULL;
749 struct tcp_md5sig_key *hash_expected;
750 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
751 const struct tcphdr *th = tcp_hdr(skb);
752 int genhash, l3index;
755 /* sdif set, means packet ingressed via a device
756 * in an L3 domain and dif is set to the l3mdev
758 l3index = sdif ? dif : 0;
760 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr, l3index);
761 hash_location = tcp_parse_md5sig_option(th);
763 /* We've parsed the options - do we have a hash? */
764 if (!hash_expected && !hash_location)
767 if (hash_expected && !hash_location) {
768 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
772 if (!hash_expected && hash_location) {
773 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
777 /* check the signature */
778 genhash = tcp_v6_md5_hash_skb(newhash,
782 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
783 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5FAILURE);
784 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u L3 index %d\n",
785 genhash ? "failed" : "mismatch",
786 &ip6h->saddr, ntohs(th->source),
787 &ip6h->daddr, ntohs(th->dest), l3index);
794 static void tcp_v6_init_req(struct request_sock *req,
795 const struct sock *sk_listener,
798 bool l3_slave = ipv6_l3mdev_skb(TCP_SKB_CB(skb)->header.h6.flags);
799 struct inet_request_sock *ireq = inet_rsk(req);
800 const struct ipv6_pinfo *np = tcp_inet6_sk(sk_listener);
802 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
803 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
805 /* So that link locals have meaning */
806 if ((!sk_listener->sk_bound_dev_if || l3_slave) &&
807 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
808 ireq->ir_iif = tcp_v6_iif(skb);
810 if (!TCP_SKB_CB(skb)->tcp_tw_isn &&
811 (ipv6_opt_accepted(sk_listener, skb, &TCP_SKB_CB(skb)->header.h6) ||
812 np->rxopt.bits.rxinfo ||
813 np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim ||
814 np->rxopt.bits.rxohlim || np->repflow)) {
815 refcount_inc(&skb->users);
820 static struct dst_entry *tcp_v6_route_req(const struct sock *sk,
822 const struct request_sock *req)
824 return inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP);
827 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
829 .obj_size = sizeof(struct tcp6_request_sock),
830 .rtx_syn_ack = tcp_rtx_synack,
831 .send_ack = tcp_v6_reqsk_send_ack,
832 .destructor = tcp_v6_reqsk_destructor,
833 .send_reset = tcp_v6_send_reset,
834 .syn_ack_timeout = tcp_syn_ack_timeout,
837 const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
838 .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) -
839 sizeof(struct ipv6hdr),
840 #ifdef CONFIG_TCP_MD5SIG
841 .req_md5_lookup = tcp_v6_md5_lookup,
842 .calc_md5_hash = tcp_v6_md5_hash_skb,
844 .init_req = tcp_v6_init_req,
845 #ifdef CONFIG_SYN_COOKIES
846 .cookie_init_seq = cookie_v6_init_sequence,
848 .route_req = tcp_v6_route_req,
849 .init_seq = tcp_v6_init_seq,
850 .init_ts_off = tcp_v6_init_ts_off,
851 .send_synack = tcp_v6_send_synack,
854 static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 seq,
855 u32 ack, u32 win, u32 tsval, u32 tsecr,
856 int oif, struct tcp_md5sig_key *key, int rst,
857 u8 tclass, __be32 label, u32 priority)
859 const struct tcphdr *th = tcp_hdr(skb);
861 struct sk_buff *buff;
863 struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
864 struct sock *ctl_sk = net->ipv6.tcp_sk;
865 unsigned int tot_len = sizeof(struct tcphdr);
866 struct dst_entry *dst;
871 tot_len += TCPOLEN_TSTAMP_ALIGNED;
872 #ifdef CONFIG_TCP_MD5SIG
874 tot_len += TCPOLEN_MD5SIG_ALIGNED;
877 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
882 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
884 t1 = skb_push(buff, tot_len);
885 skb_reset_transport_header(buff);
887 /* Swap the send and the receive. */
888 memset(t1, 0, sizeof(*t1));
889 t1->dest = th->source;
890 t1->source = th->dest;
891 t1->doff = tot_len / 4;
892 t1->seq = htonl(seq);
893 t1->ack_seq = htonl(ack);
894 t1->ack = !rst || !th->ack;
896 t1->window = htons(win);
898 topt = (__be32 *)(t1 + 1);
901 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
902 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
903 *topt++ = htonl(tsval);
904 *topt++ = htonl(tsecr);
907 #ifdef CONFIG_TCP_MD5SIG
909 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
910 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
911 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
912 &ipv6_hdr(skb)->saddr,
913 &ipv6_hdr(skb)->daddr, t1);
917 memset(&fl6, 0, sizeof(fl6));
918 fl6.daddr = ipv6_hdr(skb)->saddr;
919 fl6.saddr = ipv6_hdr(skb)->daddr;
920 fl6.flowlabel = label;
922 buff->ip_summed = CHECKSUM_PARTIAL;
925 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
927 fl6.flowi6_proto = IPPROTO_TCP;
928 if (rt6_need_strict(&fl6.daddr) && !oif)
929 fl6.flowi6_oif = tcp_v6_iif(skb);
931 if (!oif && netif_index_is_l3_master(net, skb->skb_iif))
934 fl6.flowi6_oif = oif;
938 if (sk->sk_state == TCP_TIME_WAIT) {
939 mark = inet_twsk(sk)->tw_mark;
940 /* autoflowlabel relies on buff->hash */
941 skb_set_hash(buff, inet_twsk(sk)->tw_txhash,
946 buff->tstamp = tcp_transmit_time(sk);
948 fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark) ?: mark;
949 fl6.fl6_dport = t1->dest;
950 fl6.fl6_sport = t1->source;
951 fl6.flowi6_uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL);
952 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
954 /* Pass a socket to ip6_dst_lookup either it is for RST
955 * Underlying function will use this to retrieve the network
958 dst = ip6_dst_lookup_flow(sock_net(ctl_sk), ctl_sk, &fl6, NULL);
960 skb_dst_set(buff, dst);
961 ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL, tclass,
963 TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
965 TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
972 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb)
974 const struct tcphdr *th = tcp_hdr(skb);
975 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
976 u32 seq = 0, ack_seq = 0;
977 struct tcp_md5sig_key *key = NULL;
978 #ifdef CONFIG_TCP_MD5SIG
979 const __u8 *hash_location = NULL;
980 unsigned char newhash[16];
982 struct sock *sk1 = NULL;
992 /* If sk not NULL, it means we did a successful lookup and incoming
993 * route had to be correct. prequeue might have dropped our dst.
995 if (!sk && !ipv6_unicast_destination(skb))
998 net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
999 #ifdef CONFIG_TCP_MD5SIG
1001 hash_location = tcp_parse_md5sig_option(th);
1002 if (sk && sk_fullsock(sk)) {
1005 /* sdif set, means packet ingressed via a device
1006 * in an L3 domain and inet_iif is set to it.
1008 l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
1009 key = tcp_v6_md5_do_lookup(sk, &ipv6h->saddr, l3index);
1010 } else if (hash_location) {
1011 int dif = tcp_v6_iif_l3_slave(skb);
1012 int sdif = tcp_v6_sdif(skb);
1016 * active side is lost. Try to find listening socket through
1017 * source port, and then find md5 key through listening socket.
1018 * we are not loose security here:
1019 * Incoming packet is checked with md5 hash with finding key,
1020 * no RST generated if md5 hash doesn't match.
1022 sk1 = inet6_lookup_listener(net,
1023 &tcp_hashinfo, NULL, 0,
1025 th->source, &ipv6h->daddr,
1026 ntohs(th->source), dif, sdif);
1030 /* sdif set, means packet ingressed via a device
1031 * in an L3 domain and dif is set to it.
1033 l3index = tcp_v6_sdif(skb) ? dif : 0;
1035 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr, l3index);
1039 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, skb);
1040 if (genhash || memcmp(hash_location, newhash, 16) != 0)
1046 seq = ntohl(th->ack_seq);
1048 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
1052 oif = sk->sk_bound_dev_if;
1053 if (sk_fullsock(sk)) {
1054 const struct ipv6_pinfo *np = tcp_inet6_sk(sk);
1056 trace_tcp_send_reset(sk, skb);
1058 label = ip6_flowlabel(ipv6h);
1059 priority = sk->sk_priority;
1061 if (sk->sk_state == TCP_TIME_WAIT) {
1062 label = cpu_to_be32(inet_twsk(sk)->tw_flowlabel);
1063 priority = inet_twsk(sk)->tw_priority;
1066 if (net->ipv6.sysctl.flowlabel_reflect & FLOWLABEL_REFLECT_TCP_RESET)
1067 label = ip6_flowlabel(ipv6h);
1070 tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, key, 1, 0,
1073 #ifdef CONFIG_TCP_MD5SIG
1079 static void tcp_v6_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq,
1080 u32 ack, u32 win, u32 tsval, u32 tsecr, int oif,
1081 struct tcp_md5sig_key *key, u8 tclass,
1082 __be32 label, u32 priority)
1084 tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, key, 0,
1085 tclass, label, priority);
1088 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1090 struct inet_timewait_sock *tw = inet_twsk(sk);
1091 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1093 tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1094 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1095 tcp_time_stamp_raw() + tcptw->tw_ts_offset,
1096 tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw),
1097 tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel), tw->tw_priority);
1102 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
1103 struct request_sock *req)
1107 l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
1109 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
1110 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
1113 * The window field (SEG.WND) of every outgoing segment, with the
1114 * exception of <SYN> segments, MUST be right-shifted by
1115 * Rcv.Wind.Shift bits:
1117 tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ?
1118 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
1119 tcp_rsk(req)->rcv_nxt,
1120 req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale,
1121 tcp_time_stamp_raw() + tcp_rsk(req)->ts_off,
1122 req->ts_recent, sk->sk_bound_dev_if,
1123 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->saddr, l3index),
1124 0, 0, sk->sk_priority);
1128 static struct sock *tcp_v6_cookie_check(struct sock *sk, struct sk_buff *skb)
1130 #ifdef CONFIG_SYN_COOKIES
1131 const struct tcphdr *th = tcp_hdr(skb);
1134 sk = cookie_v6_check(sk, skb);
1139 u16 tcp_v6_get_syncookie(struct sock *sk, struct ipv6hdr *iph,
1140 struct tcphdr *th, u32 *cookie)
1143 #ifdef CONFIG_SYN_COOKIES
1144 mss = tcp_get_syncookie_mss(&tcp6_request_sock_ops,
1145 &tcp_request_sock_ipv6_ops, sk, th);
1147 *cookie = __cookie_v6_init_sequence(iph, th, &mss);
1148 tcp_synq_overflow(sk);
1154 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1156 if (skb->protocol == htons(ETH_P_IP))
1157 return tcp_v4_conn_request(sk, skb);
1159 if (!ipv6_unicast_destination(skb))
1162 return tcp_conn_request(&tcp6_request_sock_ops,
1163 &tcp_request_sock_ipv6_ops, sk, skb);
1167 return 0; /* don't send reset */
1170 static void tcp_v6_restore_cb(struct sk_buff *skb)
1172 /* We need to move header back to the beginning if xfrm6_policy_check()
1173 * and tcp_v6_fill_cb() are going to be called again.
1174 * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there.
1176 memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
1177 sizeof(struct inet6_skb_parm));
1180 static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
1181 struct request_sock *req,
1182 struct dst_entry *dst,
1183 struct request_sock *req_unhash,
1186 struct inet_request_sock *ireq;
1187 struct ipv6_pinfo *newnp;
1188 const struct ipv6_pinfo *np = tcp_inet6_sk(sk);
1189 struct ipv6_txoptions *opt;
1190 struct inet_sock *newinet;
1191 struct tcp_sock *newtp;
1193 #ifdef CONFIG_TCP_MD5SIG
1194 struct tcp_md5sig_key *key;
1199 if (skb->protocol == htons(ETH_P_IP)) {
1204 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst,
1205 req_unhash, own_req);
1210 inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk);
1212 newinet = inet_sk(newsk);
1213 newnp = tcp_inet6_sk(newsk);
1214 newtp = tcp_sk(newsk);
1216 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1218 newnp->saddr = newsk->sk_v6_rcv_saddr;
1220 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1221 if (sk_is_mptcp(newsk))
1222 mptcpv6_handle_mapped(newsk, true);
1223 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1224 #ifdef CONFIG_TCP_MD5SIG
1225 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1228 newnp->ipv6_mc_list = NULL;
1229 newnp->ipv6_ac_list = NULL;
1230 newnp->ipv6_fl_list = NULL;
1231 newnp->pktoptions = NULL;
1233 newnp->mcast_oif = inet_iif(skb);
1234 newnp->mcast_hops = ip_hdr(skb)->ttl;
1235 newnp->rcv_flowinfo = 0;
1237 newnp->flow_label = 0;
1240 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1241 * here, tcp_create_openreq_child now does this for us, see the comment in
1242 * that function for the gory details. -acme
1245 /* It is tricky place. Until this moment IPv4 tcp
1246 worked with IPv6 icsk.icsk_af_ops.
1249 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1254 ireq = inet_rsk(req);
1256 if (sk_acceptq_is_full(sk))
1260 dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_TCP);
1265 newsk = tcp_create_openreq_child(sk, req, skb);
1270 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1271 * count here, tcp_create_openreq_child now does this for us, see the
1272 * comment in that function for the gory details. -acme
1275 newsk->sk_gso_type = SKB_GSO_TCPV6;
1276 ip6_dst_store(newsk, dst, NULL, NULL);
1277 inet6_sk_rx_dst_set(newsk, skb);
1279 inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk);
1281 newtp = tcp_sk(newsk);
1282 newinet = inet_sk(newsk);
1283 newnp = tcp_inet6_sk(newsk);
1285 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1287 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
1288 newnp->saddr = ireq->ir_v6_loc_addr;
1289 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
1290 newsk->sk_bound_dev_if = ireq->ir_iif;
1292 /* Now IPv6 options...
1294 First: no IPv4 options.
1296 newinet->inet_opt = NULL;
1297 newnp->ipv6_mc_list = NULL;
1298 newnp->ipv6_ac_list = NULL;
1299 newnp->ipv6_fl_list = NULL;
1302 newnp->rxopt.all = np->rxopt.all;
1304 newnp->pktoptions = NULL;
1306 newnp->mcast_oif = tcp_v6_iif(skb);
1307 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1308 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1310 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1312 /* Clone native IPv6 options from listening socket (if any)
1314 Yes, keeping reference count would be much more clever,
1315 but we make one more one thing there: reattach optmem
1318 opt = ireq->ipv6_opt;
1320 opt = rcu_dereference(np->opt);
1322 opt = ipv6_dup_options(newsk, opt);
1323 RCU_INIT_POINTER(newnp->opt, opt);
1325 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1327 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen +
1330 tcp_ca_openreq_child(newsk, dst);
1332 tcp_sync_mss(newsk, dst_mtu(dst));
1333 newtp->advmss = tcp_mss_clamp(tcp_sk(sk), dst_metric_advmss(dst));
1335 tcp_initialize_rcv_mss(newsk);
1337 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1338 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1340 #ifdef CONFIG_TCP_MD5SIG
1341 l3index = l3mdev_master_ifindex_by_index(sock_net(sk), ireq->ir_iif);
1343 /* Copy over the MD5 key from the original socket */
1344 key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr, l3index);
1346 /* We're using one, so create a matching key
1347 * on the newsk structure. If we fail to get
1348 * memory, then we end up not copying the key
1351 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr,
1352 AF_INET6, 128, l3index, key->key, key->keylen,
1353 sk_gfp_mask(sk, GFP_ATOMIC));
1357 if (__inet_inherit_port(sk, newsk) < 0) {
1358 inet_csk_prepare_forced_close(newsk);
1362 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash));
1364 tcp_move_syn(newtp, req);
1366 /* Clone pktoptions received with SYN, if we own the req */
1367 if (ireq->pktopts) {
1368 newnp->pktoptions = skb_clone(ireq->pktopts,
1369 sk_gfp_mask(sk, GFP_ATOMIC));
1370 consume_skb(ireq->pktopts);
1371 ireq->pktopts = NULL;
1372 if (newnp->pktoptions) {
1373 tcp_v6_restore_cb(newnp->pktoptions);
1374 skb_set_owner_r(newnp->pktoptions, newsk);
1382 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1390 /* The socket must have it's spinlock held when we get
1391 * here, unless it is a TCP_LISTEN socket.
1393 * We have a potential double-lock case here, so even when
1394 * doing backlog processing we use the BH locking scheme.
1395 * This is because we cannot sleep with the original spinlock
1398 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1400 struct ipv6_pinfo *np = tcp_inet6_sk(sk);
1401 struct sk_buff *opt_skb = NULL;
1402 struct tcp_sock *tp;
1404 /* Imagine: socket is IPv6. IPv4 packet arrives,
1405 goes to IPv4 receive handler and backlogged.
1406 From backlog it always goes here. Kerboom...
1407 Fortunately, tcp_rcv_established and rcv_established
1408 handle them correctly, but it is not case with
1409 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1412 if (skb->protocol == htons(ETH_P_IP))
1413 return tcp_v4_do_rcv(sk, skb);
1416 * socket locking is here for SMP purposes as backlog rcv
1417 * is currently called with bh processing disabled.
1420 /* Do Stevens' IPV6_PKTOPTIONS.
1422 Yes, guys, it is the only place in our code, where we
1423 may make it not affecting IPv4.
1424 The rest of code is protocol independent,
1425 and I do not like idea to uglify IPv4.
1427 Actually, all the idea behind IPV6_PKTOPTIONS
1428 looks not very well thought. For now we latch
1429 options, received in the last packet, enqueued
1430 by tcp. Feel free to propose better solution.
1434 opt_skb = skb_clone(skb, sk_gfp_mask(sk, GFP_ATOMIC));
1436 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1437 struct dst_entry *dst = sk->sk_rx_dst;
1439 sock_rps_save_rxhash(sk, skb);
1440 sk_mark_napi_id(sk, skb);
1442 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
1443 dst->ops->check(dst, np->rx_dst_cookie) == NULL) {
1445 sk->sk_rx_dst = NULL;
1449 tcp_rcv_established(sk, skb);
1451 goto ipv6_pktoptions;
1455 if (tcp_checksum_complete(skb))
1458 if (sk->sk_state == TCP_LISTEN) {
1459 struct sock *nsk = tcp_v6_cookie_check(sk, skb);
1465 if (tcp_child_process(sk, nsk, skb))
1468 __kfree_skb(opt_skb);
1472 sock_rps_save_rxhash(sk, skb);
1474 if (tcp_rcv_state_process(sk, skb))
1477 goto ipv6_pktoptions;
1481 tcp_v6_send_reset(sk, skb);
1484 __kfree_skb(opt_skb);
1488 TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS);
1489 TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS);
1494 /* Do you ask, what is it?
1496 1. skb was enqueued by tcp.
1497 2. skb is added to tail of read queue, rather than out of order.
1498 3. socket is not in passive state.
1499 4. Finally, it really contains options, which user wants to receive.
1502 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1503 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1504 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1505 np->mcast_oif = tcp_v6_iif(opt_skb);
1506 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1507 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1508 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
1509 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
1511 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
1512 if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) {
1513 skb_set_owner_r(opt_skb, sk);
1514 tcp_v6_restore_cb(opt_skb);
1515 opt_skb = xchg(&np->pktoptions, opt_skb);
1517 __kfree_skb(opt_skb);
1518 opt_skb = xchg(&np->pktoptions, NULL);
1526 static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
1527 const struct tcphdr *th)
1529 /* This is tricky: we move IP6CB at its correct location into
1530 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
1531 * _decode_session6() uses IP6CB().
1532 * barrier() makes sure compiler won't play aliasing games.
1534 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
1535 sizeof(struct inet6_skb_parm));
1538 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1539 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1540 skb->len - th->doff*4);
1541 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1542 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1543 TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1544 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1545 TCP_SKB_CB(skb)->sacked = 0;
1546 TCP_SKB_CB(skb)->has_rxtstamp =
1547 skb->tstamp || skb_hwtstamps(skb)->hwtstamp;
1550 INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
1552 struct sk_buff *skb_to_free;
1553 int sdif = inet6_sdif(skb);
1554 int dif = inet6_iif(skb);
1555 const struct tcphdr *th;
1556 const struct ipv6hdr *hdr;
1560 struct net *net = dev_net(skb->dev);
1562 if (skb->pkt_type != PACKET_HOST)
1566 * Count it even if it's bad.
1568 __TCP_INC_STATS(net, TCP_MIB_INSEGS);
1570 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1573 th = (const struct tcphdr *)skb->data;
1575 if (unlikely(th->doff < sizeof(struct tcphdr)/4))
1577 if (!pskb_may_pull(skb, th->doff*4))
1580 if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo))
1583 th = (const struct tcphdr *)skb->data;
1584 hdr = ipv6_hdr(skb);
1587 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th),
1588 th->source, th->dest, inet6_iif(skb), sdif,
1594 if (sk->sk_state == TCP_TIME_WAIT)
1597 if (sk->sk_state == TCP_NEW_SYN_RECV) {
1598 struct request_sock *req = inet_reqsk(sk);
1599 bool req_stolen = false;
1602 sk = req->rsk_listener;
1603 if (tcp_v6_inbound_md5_hash(sk, skb, dif, sdif)) {
1604 sk_drops_add(sk, skb);
1608 if (tcp_checksum_complete(skb)) {
1612 if (unlikely(sk->sk_state != TCP_LISTEN)) {
1613 inet_csk_reqsk_queue_drop_and_put(sk, req);
1619 if (!tcp_filter(sk, skb)) {
1620 th = (const struct tcphdr *)skb->data;
1621 hdr = ipv6_hdr(skb);
1622 tcp_v6_fill_cb(skb, hdr, th);
1623 nsk = tcp_check_req(sk, skb, req, false, &req_stolen);
1628 /* Another cpu got exclusive access to req
1629 * and created a full blown socket.
1630 * Try to feed this packet to this socket
1631 * instead of discarding it.
1633 tcp_v6_restore_cb(skb);
1637 goto discard_and_relse;
1641 tcp_v6_restore_cb(skb);
1642 } else if (tcp_child_process(sk, nsk, skb)) {
1643 tcp_v6_send_reset(nsk, skb);
1644 goto discard_and_relse;
1650 if (hdr->hop_limit < tcp_inet6_sk(sk)->min_hopcount) {
1651 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
1652 goto discard_and_relse;
1655 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1656 goto discard_and_relse;
1658 if (tcp_v6_inbound_md5_hash(sk, skb, dif, sdif))
1659 goto discard_and_relse;
1661 if (tcp_filter(sk, skb))
1662 goto discard_and_relse;
1663 th = (const struct tcphdr *)skb->data;
1664 hdr = ipv6_hdr(skb);
1665 tcp_v6_fill_cb(skb, hdr, th);
1669 if (sk->sk_state == TCP_LISTEN) {
1670 ret = tcp_v6_do_rcv(sk, skb);
1671 goto put_and_return;
1674 sk_incoming_cpu_update(sk);
1676 bh_lock_sock_nested(sk);
1677 tcp_segs_in(tcp_sk(sk), skb);
1679 if (!sock_owned_by_user(sk)) {
1680 skb_to_free = sk->sk_rx_skb_cache;
1681 sk->sk_rx_skb_cache = NULL;
1682 ret = tcp_v6_do_rcv(sk, skb);
1684 if (tcp_add_backlog(sk, skb))
1685 goto discard_and_relse;
1690 __kfree_skb(skb_to_free);
1694 return ret ? -1 : 0;
1697 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1700 tcp_v6_fill_cb(skb, hdr, th);
1702 if (tcp_checksum_complete(skb)) {
1704 __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS);
1706 __TCP_INC_STATS(net, TCP_MIB_INERRS);
1708 tcp_v6_send_reset(NULL, skb);
1716 sk_drops_add(sk, skb);
1722 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1723 inet_twsk_put(inet_twsk(sk));
1727 tcp_v6_fill_cb(skb, hdr, th);
1729 if (tcp_checksum_complete(skb)) {
1730 inet_twsk_put(inet_twsk(sk));
1734 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1739 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1740 skb, __tcp_hdrlen(th),
1741 &ipv6_hdr(skb)->saddr, th->source,
1742 &ipv6_hdr(skb)->daddr,
1744 tcp_v6_iif_l3_slave(skb),
1747 struct inet_timewait_sock *tw = inet_twsk(sk);
1748 inet_twsk_deschedule_put(tw);
1750 tcp_v6_restore_cb(skb);
1758 tcp_v6_timewait_ack(sk, skb);
1761 tcp_v6_send_reset(sk, skb);
1762 inet_twsk_deschedule_put(inet_twsk(sk));
1764 case TCP_TW_SUCCESS:
1770 INDIRECT_CALLABLE_SCOPE void tcp_v6_early_demux(struct sk_buff *skb)
1772 const struct ipv6hdr *hdr;
1773 const struct tcphdr *th;
1776 if (skb->pkt_type != PACKET_HOST)
1779 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1782 hdr = ipv6_hdr(skb);
1785 if (th->doff < sizeof(struct tcphdr) / 4)
1788 /* Note : We use inet6_iif() here, not tcp_v6_iif() */
1789 sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1790 &hdr->saddr, th->source,
1791 &hdr->daddr, ntohs(th->dest),
1792 inet6_iif(skb), inet6_sdif(skb));
1795 skb->destructor = sock_edemux;
1796 if (sk_fullsock(sk)) {
1797 struct dst_entry *dst = READ_ONCE(sk->sk_rx_dst);
1800 dst = dst_check(dst, tcp_inet6_sk(sk)->rx_dst_cookie);
1802 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
1803 skb_dst_set_noref(skb, dst);
1808 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1809 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
1810 .twsk_unique = tcp_twsk_unique,
1811 .twsk_destructor = tcp_twsk_destructor,
1814 INDIRECT_CALLABLE_SCOPE void tcp_v6_send_check(struct sock *sk, struct sk_buff *skb)
1816 struct ipv6_pinfo *np = inet6_sk(sk);
1818 __tcp_v6_send_check(skb, &np->saddr, &sk->sk_v6_daddr);
1821 const struct inet_connection_sock_af_ops ipv6_specific = {
1822 .queue_xmit = inet6_csk_xmit,
1823 .send_check = tcp_v6_send_check,
1824 .rebuild_header = inet6_sk_rebuild_header,
1825 .sk_rx_dst_set = inet6_sk_rx_dst_set,
1826 .conn_request = tcp_v6_conn_request,
1827 .syn_recv_sock = tcp_v6_syn_recv_sock,
1828 .net_header_len = sizeof(struct ipv6hdr),
1829 .net_frag_header_len = sizeof(struct frag_hdr),
1830 .setsockopt = ipv6_setsockopt,
1831 .getsockopt = ipv6_getsockopt,
1832 .addr2sockaddr = inet6_csk_addr2sockaddr,
1833 .sockaddr_len = sizeof(struct sockaddr_in6),
1834 .mtu_reduced = tcp_v6_mtu_reduced,
1837 #ifdef CONFIG_TCP_MD5SIG
1838 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1839 .md5_lookup = tcp_v6_md5_lookup,
1840 .calc_md5_hash = tcp_v6_md5_hash_skb,
1841 .md5_parse = tcp_v6_parse_md5_keys,
1846 * TCP over IPv4 via INET6 API
1848 static const struct inet_connection_sock_af_ops ipv6_mapped = {
1849 .queue_xmit = ip_queue_xmit,
1850 .send_check = tcp_v4_send_check,
1851 .rebuild_header = inet_sk_rebuild_header,
1852 .sk_rx_dst_set = inet_sk_rx_dst_set,
1853 .conn_request = tcp_v6_conn_request,
1854 .syn_recv_sock = tcp_v6_syn_recv_sock,
1855 .net_header_len = sizeof(struct iphdr),
1856 .setsockopt = ipv6_setsockopt,
1857 .getsockopt = ipv6_getsockopt,
1858 .addr2sockaddr = inet6_csk_addr2sockaddr,
1859 .sockaddr_len = sizeof(struct sockaddr_in6),
1860 .mtu_reduced = tcp_v4_mtu_reduced,
1863 #ifdef CONFIG_TCP_MD5SIG
1864 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1865 .md5_lookup = tcp_v4_md5_lookup,
1866 .calc_md5_hash = tcp_v4_md5_hash_skb,
1867 .md5_parse = tcp_v6_parse_md5_keys,
1871 /* NOTE: A lot of things set to zero explicitly by call to
1872 * sk_alloc() so need not be done here.
1874 static int tcp_v6_init_sock(struct sock *sk)
1876 struct inet_connection_sock *icsk = inet_csk(sk);
1880 icsk->icsk_af_ops = &ipv6_specific;
1882 #ifdef CONFIG_TCP_MD5SIG
1883 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
1889 static void tcp_v6_destroy_sock(struct sock *sk)
1891 tcp_v4_destroy_sock(sk);
1892 inet6_destroy_sock(sk);
1895 #ifdef CONFIG_PROC_FS
1896 /* Proc filesystem TCPv6 sock list dumping. */
1897 static void get_openreq6(struct seq_file *seq,
1898 const struct request_sock *req, int i)
1900 long ttd = req->rsk_timer.expires - jiffies;
1901 const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
1902 const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
1908 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1909 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
1911 src->s6_addr32[0], src->s6_addr32[1],
1912 src->s6_addr32[2], src->s6_addr32[3],
1913 inet_rsk(req)->ir_num,
1914 dest->s6_addr32[0], dest->s6_addr32[1],
1915 dest->s6_addr32[2], dest->s6_addr32[3],
1916 ntohs(inet_rsk(req)->ir_rmt_port),
1918 0, 0, /* could print option size, but that is af dependent. */
1919 1, /* timers active (only the expire timer) */
1920 jiffies_to_clock_t(ttd),
1922 from_kuid_munged(seq_user_ns(seq),
1923 sock_i_uid(req->rsk_listener)),
1924 0, /* non standard timer */
1925 0, /* open_requests have no inode */
1929 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1931 const struct in6_addr *dest, *src;
1934 unsigned long timer_expires;
1935 const struct inet_sock *inet = inet_sk(sp);
1936 const struct tcp_sock *tp = tcp_sk(sp);
1937 const struct inet_connection_sock *icsk = inet_csk(sp);
1938 const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq;
1942 dest = &sp->sk_v6_daddr;
1943 src = &sp->sk_v6_rcv_saddr;
1944 destp = ntohs(inet->inet_dport);
1945 srcp = ntohs(inet->inet_sport);
1947 if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
1948 icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT ||
1949 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
1951 timer_expires = icsk->icsk_timeout;
1952 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1954 timer_expires = icsk->icsk_timeout;
1955 } else if (timer_pending(&sp->sk_timer)) {
1957 timer_expires = sp->sk_timer.expires;
1960 timer_expires = jiffies;
1963 state = inet_sk_state_load(sp);
1964 if (state == TCP_LISTEN)
1965 rx_queue = READ_ONCE(sp->sk_ack_backlog);
1967 /* Because we don't lock the socket,
1968 * we might find a transient negative value.
1970 rx_queue = max_t(int, READ_ONCE(tp->rcv_nxt) -
1971 READ_ONCE(tp->copied_seq), 0);
1974 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1975 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
1977 src->s6_addr32[0], src->s6_addr32[1],
1978 src->s6_addr32[2], src->s6_addr32[3], srcp,
1979 dest->s6_addr32[0], dest->s6_addr32[1],
1980 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1982 READ_ONCE(tp->write_seq) - tp->snd_una,
1985 jiffies_delta_to_clock_t(timer_expires - jiffies),
1986 icsk->icsk_retransmits,
1987 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
1988 icsk->icsk_probes_out,
1990 refcount_read(&sp->sk_refcnt), sp,
1991 jiffies_to_clock_t(icsk->icsk_rto),
1992 jiffies_to_clock_t(icsk->icsk_ack.ato),
1993 (icsk->icsk_ack.quick << 1) | inet_csk_in_pingpong_mode(sp),
1995 state == TCP_LISTEN ?
1996 fastopenq->max_qlen :
1997 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
2001 static void get_timewait6_sock(struct seq_file *seq,
2002 struct inet_timewait_sock *tw, int i)
2004 long delta = tw->tw_timer.expires - jiffies;
2005 const struct in6_addr *dest, *src;
2008 dest = &tw->tw_v6_daddr;
2009 src = &tw->tw_v6_rcv_saddr;
2010 destp = ntohs(tw->tw_dport);
2011 srcp = ntohs(tw->tw_sport);
2014 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2015 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
2017 src->s6_addr32[0], src->s6_addr32[1],
2018 src->s6_addr32[2], src->s6_addr32[3], srcp,
2019 dest->s6_addr32[0], dest->s6_addr32[1],
2020 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2021 tw->tw_substate, 0, 0,
2022 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
2023 refcount_read(&tw->tw_refcnt), tw);
2026 static int tcp6_seq_show(struct seq_file *seq, void *v)
2028 struct tcp_iter_state *st;
2029 struct sock *sk = v;
2031 if (v == SEQ_START_TOKEN) {
2036 "st tx_queue rx_queue tr tm->when retrnsmt"
2037 " uid timeout inode\n");
2042 if (sk->sk_state == TCP_TIME_WAIT)
2043 get_timewait6_sock(seq, v, st->num);
2044 else if (sk->sk_state == TCP_NEW_SYN_RECV)
2045 get_openreq6(seq, v, st->num);
2047 get_tcp6_sock(seq, v, st->num);
2052 static const struct seq_operations tcp6_seq_ops = {
2053 .show = tcp6_seq_show,
2054 .start = tcp_seq_start,
2055 .next = tcp_seq_next,
2056 .stop = tcp_seq_stop,
2059 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2063 int __net_init tcp6_proc_init(struct net *net)
2065 if (!proc_create_net_data("tcp6", 0444, net->proc_net, &tcp6_seq_ops,
2066 sizeof(struct tcp_iter_state), &tcp6_seq_afinfo))
2071 void tcp6_proc_exit(struct net *net)
2073 remove_proc_entry("tcp6", net->proc_net);
2077 struct proto tcpv6_prot = {
2079 .owner = THIS_MODULE,
2081 .pre_connect = tcp_v6_pre_connect,
2082 .connect = tcp_v6_connect,
2083 .disconnect = tcp_disconnect,
2084 .accept = inet_csk_accept,
2086 .init = tcp_v6_init_sock,
2087 .destroy = tcp_v6_destroy_sock,
2088 .shutdown = tcp_shutdown,
2089 .setsockopt = tcp_setsockopt,
2090 .getsockopt = tcp_getsockopt,
2091 .keepalive = tcp_set_keepalive,
2092 .recvmsg = tcp_recvmsg,
2093 .sendmsg = tcp_sendmsg,
2094 .sendpage = tcp_sendpage,
2095 .backlog_rcv = tcp_v6_do_rcv,
2096 .release_cb = tcp_release_cb,
2098 .unhash = inet_unhash,
2099 .get_port = inet_csk_get_port,
2100 .enter_memory_pressure = tcp_enter_memory_pressure,
2101 .leave_memory_pressure = tcp_leave_memory_pressure,
2102 .stream_memory_free = tcp_stream_memory_free,
2103 .sockets_allocated = &tcp_sockets_allocated,
2104 .memory_allocated = &tcp_memory_allocated,
2105 .memory_pressure = &tcp_memory_pressure,
2106 .orphan_count = &tcp_orphan_count,
2107 .sysctl_mem = sysctl_tcp_mem,
2108 .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_tcp_wmem),
2109 .sysctl_rmem_offset = offsetof(struct net, ipv4.sysctl_tcp_rmem),
2110 .max_header = MAX_TCP_HEADER,
2111 .obj_size = sizeof(struct tcp6_sock),
2112 .slab_flags = SLAB_TYPESAFE_BY_RCU,
2113 .twsk_prot = &tcp6_timewait_sock_ops,
2114 .rsk_prot = &tcp6_request_sock_ops,
2115 .h.hashinfo = &tcp_hashinfo,
2116 .no_autobind = true,
2117 .diag_destroy = tcp_abort,
2119 EXPORT_SYMBOL_GPL(tcpv6_prot);
2121 /* thinking of making this const? Don't.
2122 * early_demux can change based on sysctl.
2124 static struct inet6_protocol tcpv6_protocol = {
2125 .early_demux = tcp_v6_early_demux,
2126 .early_demux_handler = tcp_v6_early_demux,
2127 .handler = tcp_v6_rcv,
2128 .err_handler = tcp_v6_err,
2129 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2132 static struct inet_protosw tcpv6_protosw = {
2133 .type = SOCK_STREAM,
2134 .protocol = IPPROTO_TCP,
2135 .prot = &tcpv6_prot,
2136 .ops = &inet6_stream_ops,
2137 .flags = INET_PROTOSW_PERMANENT |
2141 static int __net_init tcpv6_net_init(struct net *net)
2143 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2144 SOCK_RAW, IPPROTO_TCP, net);
2147 static void __net_exit tcpv6_net_exit(struct net *net)
2149 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
2152 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
2154 inet_twsk_purge(&tcp_hashinfo, AF_INET6);
2157 static struct pernet_operations tcpv6_net_ops = {
2158 .init = tcpv6_net_init,
2159 .exit = tcpv6_net_exit,
2160 .exit_batch = tcpv6_net_exit_batch,
2163 int __init tcpv6_init(void)
2167 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2171 /* register inet6 protocol */
2172 ret = inet6_register_protosw(&tcpv6_protosw);
2174 goto out_tcpv6_protocol;
2176 ret = register_pernet_subsys(&tcpv6_net_ops);
2178 goto out_tcpv6_protosw;
2180 ret = mptcpv6_init();
2182 goto out_tcpv6_pernet_subsys;
2187 out_tcpv6_pernet_subsys:
2188 unregister_pernet_subsys(&tcpv6_net_ops);
2190 inet6_unregister_protosw(&tcpv6_protosw);
2192 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2196 void tcpv6_exit(void)
2198 unregister_pernet_subsys(&tcpv6_net_ops);
2199 inet6_unregister_protosw(&tcpv6_protosw);
2200 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
projects / linux-2.6-microblaze.git / blob