2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * Implementation of the Transmission Control Protocol(TCP).
8 * IPv4 specific functions
13 * linux/ipv4/tcp_input.c
14 * linux/ipv4/tcp_output.c
16 * See tcp.c for author information
18 * This program is free software; you can redistribute it and/or
19 * modify it under the terms of the GNU General Public License
20 * as published by the Free Software Foundation; either version
21 * 2 of the License, or (at your option) any later version.
26 * David S. Miller : New socket lookup architecture.
27 * This code is dedicated to John Dyson.
28 * David S. Miller : Change semantics of established hash,
29 * half is devoted to TIME_WAIT sockets
30 * and the rest go in the other half.
31 * Andi Kleen : Add support for syncookies and fixed
32 * some bugs: ip options weren't passed to
33 * the TCP layer, missed a check for an
35 * Andi Kleen : Implemented fast path mtu discovery.
36 * Fixed many serious bugs in the
37 * request_sock handling and moved
38 * most of it into the af independent code.
39 * Added tail drop and some other bugfixes.
40 * Added new listen semantics.
41 * Mike McLagan : Routing by source
42 * Juan Jose Ciarlante: ip_dynaddr bits
43 * Andi Kleen: various fixes.
44 * Vitaly E. Lavrov : Transparent proxy revived after year
46 * Andi Kleen : Fix new listen.
47 * Andi Kleen : Fix accept error reporting.
48 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
49 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
50 * a single port at the same time.
53 #define pr_fmt(fmt) "TCP: " fmt
55 #include <linux/bottom_half.h>
56 #include <linux/types.h>
57 #include <linux/fcntl.h>
58 #include <linux/module.h>
59 #include <linux/random.h>
60 #include <linux/cache.h>
61 #include <linux/jhash.h>
62 #include <linux/init.h>
63 #include <linux/times.h>
64 #include <linux/slab.h>
66 #include <net/net_namespace.h>
68 #include <net/inet_hashtables.h>
70 #include <net/transp_v6.h>
72 #include <net/inet_common.h>
73 #include <net/timewait_sock.h>
75 #include <net/netdma.h>
76 #include <net/secure_seq.h>
77 #include <net/tcp_memcontrol.h>
78 #include <net/busy_poll.h>
80 #include <linux/inet.h>
81 #include <linux/ipv6.h>
82 #include <linux/stddef.h>
83 #include <linux/proc_fs.h>
84 #include <linux/seq_file.h>
86 #include <linux/crypto.h>
87 #include <linux/scatterlist.h>
89 int sysctl_tcp_tw_reuse __read_mostly;
90 int sysctl_tcp_low_latency __read_mostly;
91 EXPORT_SYMBOL(sysctl_tcp_low_latency);
94 #ifdef CONFIG_TCP_MD5SIG
95 static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
96 __be32 daddr, __be32 saddr, const struct tcphdr *th);
99 struct inet_hashinfo tcp_hashinfo;
100 EXPORT_SYMBOL(tcp_hashinfo);
102 static inline __u32 tcp_v4_init_sequence(const struct sk_buff *skb)
104 return secure_tcp_sequence_number(ip_hdr(skb)->daddr,
107 tcp_hdr(skb)->source);
110 int tcp_twsk_unique(struct sock *sk, struct sock *sktw, void *twp)
112 const struct tcp_timewait_sock *tcptw = tcp_twsk(sktw);
113 struct tcp_sock *tp = tcp_sk(sk);
115 /* With PAWS, it is safe from the viewpoint
116 of data integrity. Even without PAWS it is safe provided sequence
117 spaces do not overlap i.e. at data rates <= 80Mbit/sec.
119 Actually, the idea is close to VJ's one, only timestamp cache is
120 held not per host, but per port pair and TW bucket is used as state
123 If TW bucket has been already destroyed we fall back to VJ's scheme
124 and use initial timestamp retrieved from peer table.
126 if (tcptw->tw_ts_recent_stamp &&
127 (twp == NULL || (sysctl_tcp_tw_reuse &&
128 get_seconds() - tcptw->tw_ts_recent_stamp > 1))) {
129 tp->write_seq = tcptw->tw_snd_nxt + 65535 + 2;
130 if (tp->write_seq == 0)
132 tp->rx_opt.ts_recent = tcptw->tw_ts_recent;
133 tp->rx_opt.ts_recent_stamp = tcptw->tw_ts_recent_stamp;
140 EXPORT_SYMBOL_GPL(tcp_twsk_unique);
142 /* This will initiate an outgoing connection. */
143 int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
145 struct sockaddr_in *usin = (struct sockaddr_in *)uaddr;
146 struct inet_sock *inet = inet_sk(sk);
147 struct tcp_sock *tp = tcp_sk(sk);
148 __be16 orig_sport, orig_dport;
149 __be32 daddr, nexthop;
153 struct ip_options_rcu *inet_opt;
155 if (addr_len < sizeof(struct sockaddr_in))
158 if (usin->sin_family != AF_INET)
159 return -EAFNOSUPPORT;
161 nexthop = daddr = usin->sin_addr.s_addr;
162 inet_opt = rcu_dereference_protected(inet->inet_opt,
163 sock_owned_by_user(sk));
164 if (inet_opt && inet_opt->opt.srr) {
167 nexthop = inet_opt->opt.faddr;
170 orig_sport = inet->inet_sport;
171 orig_dport = usin->sin_port;
172 fl4 = &inet->cork.fl.u.ip4;
173 rt = ip_route_connect(fl4, nexthop, inet->inet_saddr,
174 RT_CONN_FLAGS(sk), sk->sk_bound_dev_if,
176 orig_sport, orig_dport, sk, true);
179 if (err == -ENETUNREACH)
180 IP_INC_STATS_BH(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
184 if (rt->rt_flags & (RTCF_MULTICAST | RTCF_BROADCAST)) {
189 if (!inet_opt || !inet_opt->opt.srr)
192 if (!inet->inet_saddr)
193 inet->inet_saddr = fl4->saddr;
194 inet->inet_rcv_saddr = inet->inet_saddr;
196 if (tp->rx_opt.ts_recent_stamp && inet->inet_daddr != daddr) {
197 /* Reset inherited state */
198 tp->rx_opt.ts_recent = 0;
199 tp->rx_opt.ts_recent_stamp = 0;
200 if (likely(!tp->repair))
204 if (tcp_death_row.sysctl_tw_recycle &&
205 !tp->rx_opt.ts_recent_stamp && fl4->daddr == daddr)
206 tcp_fetch_timewait_stamp(sk, &rt->dst);
208 inet->inet_dport = usin->sin_port;
209 inet->inet_daddr = daddr;
211 inet_csk(sk)->icsk_ext_hdr_len = 0;
213 inet_csk(sk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
215 tp->rx_opt.mss_clamp = TCP_MSS_DEFAULT;
217 /* Socket identity is still unknown (sport may be zero).
218 * However we set state to SYN-SENT and not releasing socket
219 * lock select source port, enter ourselves into the hash tables and
220 * complete initialization after this.
222 tcp_set_state(sk, TCP_SYN_SENT);
223 err = inet_hash_connect(&tcp_death_row, sk);
227 rt = ip_route_newports(fl4, rt, orig_sport, orig_dport,
228 inet->inet_sport, inet->inet_dport, sk);
234 /* OK, now commit destination to socket. */
235 sk->sk_gso_type = SKB_GSO_TCPV4;
236 sk_setup_caps(sk, &rt->dst);
238 if (!tp->write_seq && likely(!tp->repair))
239 tp->write_seq = secure_tcp_sequence_number(inet->inet_saddr,
244 inet->inet_id = tp->write_seq ^ jiffies;
246 err = tcp_connect(sk);
256 * This unhashes the socket and releases the local port,
259 tcp_set_state(sk, TCP_CLOSE);
261 sk->sk_route_caps = 0;
262 inet->inet_dport = 0;
265 EXPORT_SYMBOL(tcp_v4_connect);
268 * This routine reacts to ICMP_FRAG_NEEDED mtu indications as defined in RFC1191.
269 * It can be called through tcp_release_cb() if socket was owned by user
270 * at the time tcp_v4_err() was called to handle ICMP message.
272 static void tcp_v4_mtu_reduced(struct sock *sk)
274 struct dst_entry *dst;
275 struct inet_sock *inet = inet_sk(sk);
276 u32 mtu = tcp_sk(sk)->mtu_info;
278 dst = inet_csk_update_pmtu(sk, mtu);
282 /* Something is about to be wrong... Remember soft error
283 * for the case, if this connection will not able to recover.
285 if (mtu < dst_mtu(dst) && ip_dont_fragment(sk, dst))
286 sk->sk_err_soft = EMSGSIZE;
290 if (inet->pmtudisc != IP_PMTUDISC_DONT &&
291 inet_csk(sk)->icsk_pmtu_cookie > mtu) {
292 tcp_sync_mss(sk, mtu);
294 /* Resend the TCP packet because it's
295 * clear that the old packet has been
296 * dropped. This is the new "fast" path mtu
299 tcp_simple_retransmit(sk);
300 } /* else let the usual retransmit timer handle it */
303 static void do_redirect(struct sk_buff *skb, struct sock *sk)
305 struct dst_entry *dst = __sk_dst_check(sk, 0);
308 dst->ops->redirect(dst, sk, skb);
312 * This routine is called by the ICMP module when it gets some
313 * sort of error condition. If err < 0 then the socket should
314 * be closed and the error returned to the user. If err > 0
315 * it's just the icmp type << 8 | icmp code. After adjustment
316 * header points to the first 8 bytes of the tcp header. We need
317 * to find the appropriate port.
319 * The locking strategy used here is very "optimistic". When
320 * someone else accesses the socket the ICMP is just dropped
321 * and for some paths there is no check at all.
322 * A more general error queue to queue errors for later handling
323 * is probably better.
327 void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
329 const struct iphdr *iph = (const struct iphdr *)icmp_skb->data;
330 struct tcphdr *th = (struct tcphdr *)(icmp_skb->data + (iph->ihl << 2));
331 struct inet_connection_sock *icsk;
333 struct inet_sock *inet;
334 const int type = icmp_hdr(icmp_skb)->type;
335 const int code = icmp_hdr(icmp_skb)->code;
338 struct request_sock *req;
342 struct net *net = dev_net(icmp_skb->dev);
344 if (icmp_skb->len < (iph->ihl << 2) + 8) {
345 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
349 sk = inet_lookup(net, &tcp_hashinfo, iph->daddr, th->dest,
350 iph->saddr, th->source, inet_iif(icmp_skb));
352 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
355 if (sk->sk_state == TCP_TIME_WAIT) {
356 inet_twsk_put(inet_twsk(sk));
361 /* If too many ICMPs get dropped on busy
362 * servers this needs to be solved differently.
363 * We do take care of PMTU discovery (RFC1191) special case :
364 * we can receive locally generated ICMP messages while socket is held.
366 if (sock_owned_by_user(sk)) {
367 if (!(type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED))
368 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
370 if (sk->sk_state == TCP_CLOSE)
373 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
374 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
380 req = tp->fastopen_rsk;
381 seq = ntohl(th->seq);
382 if (sk->sk_state != TCP_LISTEN &&
383 !between(seq, tp->snd_una, tp->snd_nxt) &&
384 (req == NULL || seq != tcp_rsk(req)->snt_isn)) {
385 /* For a Fast Open socket, allow seq to be snt_isn. */
386 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
392 do_redirect(icmp_skb, sk);
394 case ICMP_SOURCE_QUENCH:
395 /* Just silently ignore these. */
397 case ICMP_PARAMETERPROB:
400 case ICMP_DEST_UNREACH:
401 if (code > NR_ICMP_UNREACH)
404 if (code == ICMP_FRAG_NEEDED) { /* PMTU discovery (RFC1191) */
405 /* We are not interested in TCP_LISTEN and open_requests
406 * (SYN-ACKs send out by Linux are always <576bytes so
407 * they should go through unfragmented).
409 if (sk->sk_state == TCP_LISTEN)
413 if (!sock_owned_by_user(sk)) {
414 tcp_v4_mtu_reduced(sk);
416 if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED, &tp->tsq_flags))
422 err = icmp_err_convert[code].errno;
423 /* check if icmp_skb allows revert of backoff
424 * (see draft-zimmermann-tcp-lcd) */
425 if (code != ICMP_NET_UNREACH && code != ICMP_HOST_UNREACH)
427 if (seq != tp->snd_una || !icsk->icsk_retransmits ||
431 /* XXX (TFO) - revisit the following logic for TFO */
433 if (sock_owned_by_user(sk))
436 icsk->icsk_backoff--;
437 inet_csk(sk)->icsk_rto = (tp->srtt ? __tcp_set_rto(tp) :
438 TCP_TIMEOUT_INIT) << icsk->icsk_backoff;
441 skb = tcp_write_queue_head(sk);
444 remaining = icsk->icsk_rto - min(icsk->icsk_rto,
445 tcp_time_stamp - TCP_SKB_CB(skb)->when);
448 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
449 remaining, TCP_RTO_MAX);
451 /* RTO revert clocked out retransmission.
452 * Will retransmit now */
453 tcp_retransmit_timer(sk);
457 case ICMP_TIME_EXCEEDED:
464 /* XXX (TFO) - if it's a TFO socket and has been accepted, rather
465 * than following the TCP_SYN_RECV case and closing the socket,
466 * we ignore the ICMP error and keep trying like a fully established
467 * socket. Is this the right thing to do?
469 if (req && req->sk == NULL)
472 switch (sk->sk_state) {
473 struct request_sock *req, **prev;
475 if (sock_owned_by_user(sk))
478 req = inet_csk_search_req(sk, &prev, th->dest,
479 iph->daddr, iph->saddr);
483 /* ICMPs are not backlogged, hence we cannot get
484 an established socket here.
488 if (seq != tcp_rsk(req)->snt_isn) {
489 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
494 * Still in SYN_RECV, just remove it silently.
495 * There is no good way to pass the error to the newly
496 * created socket, and POSIX does not want network
497 * errors returned from accept().
499 inet_csk_reqsk_queue_drop(sk, req, prev);
500 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
504 case TCP_SYN_RECV: /* Cannot happen.
505 It can f.e. if SYNs crossed,
508 if (!sock_owned_by_user(sk)) {
511 sk->sk_error_report(sk);
515 sk->sk_err_soft = err;
520 /* If we've already connected we will keep trying
521 * until we time out, or the user gives up.
523 * rfc1122 4.2.3.9 allows to consider as hard errors
524 * only PROTO_UNREACH and PORT_UNREACH (well, FRAG_FAILED too,
525 * but it is obsoleted by pmtu discovery).
527 * Note, that in modern internet, where routing is unreliable
528 * and in each dark corner broken firewalls sit, sending random
529 * errors ordered by their masters even this two messages finally lose
530 * their original sense (even Linux sends invalid PORT_UNREACHs)
532 * Now we are in compliance with RFCs.
537 if (!sock_owned_by_user(sk) && inet->recverr) {
539 sk->sk_error_report(sk);
540 } else { /* Only an error on timeout */
541 sk->sk_err_soft = err;
549 void __tcp_v4_send_check(struct sk_buff *skb, __be32 saddr, __be32 daddr)
551 struct tcphdr *th = tcp_hdr(skb);
553 if (skb->ip_summed == CHECKSUM_PARTIAL) {
554 th->check = ~tcp_v4_check(skb->len, saddr, daddr, 0);
555 skb->csum_start = skb_transport_header(skb) - skb->head;
556 skb->csum_offset = offsetof(struct tcphdr, check);
558 th->check = tcp_v4_check(skb->len, saddr, daddr,
565 /* This routine computes an IPv4 TCP checksum. */
566 void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb)
568 const struct inet_sock *inet = inet_sk(sk);
570 __tcp_v4_send_check(skb, inet->inet_saddr, inet->inet_daddr);
572 EXPORT_SYMBOL(tcp_v4_send_check);
575 * This routine will send an RST to the other tcp.
577 * Someone asks: why I NEVER use socket parameters (TOS, TTL etc.)
579 * Answer: if a packet caused RST, it is not for a socket
580 * existing in our system, if it is matched to a socket,
581 * it is just duplicate segment or bug in other side's TCP.
582 * So that we build reply only basing on parameters
583 * arrived with segment.
584 * Exception: precedence violation. We do not implement it in any case.
587 static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
589 const struct tcphdr *th = tcp_hdr(skb);
592 #ifdef CONFIG_TCP_MD5SIG
593 __be32 opt[(TCPOLEN_MD5SIG_ALIGNED >> 2)];
596 struct ip_reply_arg arg;
597 #ifdef CONFIG_TCP_MD5SIG
598 struct tcp_md5sig_key *key;
599 const __u8 *hash_location = NULL;
600 unsigned char newhash[16];
602 struct sock *sk1 = NULL;
606 /* Never send a reset in response to a reset. */
610 if (skb_rtable(skb)->rt_type != RTN_LOCAL)
613 /* Swap the send and the receive. */
614 memset(&rep, 0, sizeof(rep));
615 rep.th.dest = th->source;
616 rep.th.source = th->dest;
617 rep.th.doff = sizeof(struct tcphdr) / 4;
621 rep.th.seq = th->ack_seq;
624 rep.th.ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin +
625 skb->len - (th->doff << 2));
628 memset(&arg, 0, sizeof(arg));
629 arg.iov[0].iov_base = (unsigned char *)&rep;
630 arg.iov[0].iov_len = sizeof(rep.th);
632 #ifdef CONFIG_TCP_MD5SIG
633 hash_location = tcp_parse_md5sig_option(th);
634 if (!sk && hash_location) {
636 * active side is lost. Try to find listening socket through
637 * source port, and then find md5 key through listening socket.
638 * we are not loose security here:
639 * Incoming packet is checked with md5 hash with finding key,
640 * no RST generated if md5 hash doesn't match.
642 sk1 = __inet_lookup_listener(dev_net(skb_dst(skb)->dev),
643 &tcp_hashinfo, ip_hdr(skb)->saddr,
644 th->source, ip_hdr(skb)->daddr,
645 ntohs(th->source), inet_iif(skb));
646 /* don't send rst if it can't find key */
650 key = tcp_md5_do_lookup(sk1, (union tcp_md5_addr *)
651 &ip_hdr(skb)->saddr, AF_INET);
655 genhash = tcp_v4_md5_hash_skb(newhash, key, NULL, NULL, skb);
656 if (genhash || memcmp(hash_location, newhash, 16) != 0)
659 key = sk ? tcp_md5_do_lookup(sk, (union tcp_md5_addr *)
665 rep.opt[0] = htonl((TCPOPT_NOP << 24) |
667 (TCPOPT_MD5SIG << 8) |
669 /* Update length and the length the header thinks exists */
670 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
671 rep.th.doff = arg.iov[0].iov_len / 4;
673 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[1],
674 key, ip_hdr(skb)->saddr,
675 ip_hdr(skb)->daddr, &rep.th);
678 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
679 ip_hdr(skb)->saddr, /* XXX */
680 arg.iov[0].iov_len, IPPROTO_TCP, 0);
681 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
682 arg.flags = (sk && inet_sk(sk)->transparent) ? IP_REPLY_ARG_NOSRCCHECK : 0;
683 /* When socket is gone, all binding information is lost.
684 * routing might fail in this case. No choice here, if we choose to force
685 * input interface, we will misroute in case of asymmetric route.
688 arg.bound_dev_if = sk->sk_bound_dev_if;
690 net = dev_net(skb_dst(skb)->dev);
691 arg.tos = ip_hdr(skb)->tos;
692 ip_send_unicast_reply(net, skb, ip_hdr(skb)->saddr,
693 ip_hdr(skb)->daddr, &arg, arg.iov[0].iov_len);
695 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
696 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
698 #ifdef CONFIG_TCP_MD5SIG
707 /* The code following below sending ACKs in SYN-RECV and TIME-WAIT states
708 outside socket context is ugly, certainly. What can I do?
711 static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, u32 ack,
712 u32 win, u32 tsval, u32 tsecr, int oif,
713 struct tcp_md5sig_key *key,
714 int reply_flags, u8 tos)
716 const struct tcphdr *th = tcp_hdr(skb);
719 __be32 opt[(TCPOLEN_TSTAMP_ALIGNED >> 2)
720 #ifdef CONFIG_TCP_MD5SIG
721 + (TCPOLEN_MD5SIG_ALIGNED >> 2)
725 struct ip_reply_arg arg;
726 struct net *net = dev_net(skb_dst(skb)->dev);
728 memset(&rep.th, 0, sizeof(struct tcphdr));
729 memset(&arg, 0, sizeof(arg));
731 arg.iov[0].iov_base = (unsigned char *)&rep;
732 arg.iov[0].iov_len = sizeof(rep.th);
734 rep.opt[0] = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
735 (TCPOPT_TIMESTAMP << 8) |
737 rep.opt[1] = htonl(tsval);
738 rep.opt[2] = htonl(tsecr);
739 arg.iov[0].iov_len += TCPOLEN_TSTAMP_ALIGNED;
742 /* Swap the send and the receive. */
743 rep.th.dest = th->source;
744 rep.th.source = th->dest;
745 rep.th.doff = arg.iov[0].iov_len / 4;
746 rep.th.seq = htonl(seq);
747 rep.th.ack_seq = htonl(ack);
749 rep.th.window = htons(win);
751 #ifdef CONFIG_TCP_MD5SIG
753 int offset = (tsecr) ? 3 : 0;
755 rep.opt[offset++] = htonl((TCPOPT_NOP << 24) |
757 (TCPOPT_MD5SIG << 8) |
759 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
760 rep.th.doff = arg.iov[0].iov_len/4;
762 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[offset],
763 key, ip_hdr(skb)->saddr,
764 ip_hdr(skb)->daddr, &rep.th);
767 arg.flags = reply_flags;
768 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
769 ip_hdr(skb)->saddr, /* XXX */
770 arg.iov[0].iov_len, IPPROTO_TCP, 0);
771 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
773 arg.bound_dev_if = oif;
775 ip_send_unicast_reply(net, skb, ip_hdr(skb)->saddr,
776 ip_hdr(skb)->daddr, &arg, arg.iov[0].iov_len);
778 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
781 static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb)
783 struct inet_timewait_sock *tw = inet_twsk(sk);
784 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
786 tcp_v4_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
787 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
788 tcp_time_stamp + tcptw->tw_ts_offset,
791 tcp_twsk_md5_key(tcptw),
792 tw->tw_transparent ? IP_REPLY_ARG_NOSRCCHECK : 0,
799 static void tcp_v4_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
800 struct request_sock *req)
802 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
803 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
805 tcp_v4_send_ack(skb, (sk->sk_state == TCP_LISTEN) ?
806 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
807 tcp_rsk(req)->rcv_nxt, req->rcv_wnd,
811 tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&ip_hdr(skb)->daddr,
813 inet_rsk(req)->no_srccheck ? IP_REPLY_ARG_NOSRCCHECK : 0,
818 * Send a SYN-ACK after having received a SYN.
819 * This still operates on a request_sock only, not on a big
822 static int tcp_v4_send_synack(struct sock *sk, struct dst_entry *dst,
823 struct request_sock *req,
826 const struct inet_request_sock *ireq = inet_rsk(req);
829 struct sk_buff * skb;
831 /* First, grab a route. */
832 if (!dst && (dst = inet_csk_route_req(sk, &fl4, req)) == NULL)
835 skb = tcp_make_synack(sk, dst, req, NULL);
838 __tcp_v4_send_check(skb, ireq->loc_addr, ireq->rmt_addr);
840 skb_set_queue_mapping(skb, queue_mapping);
841 err = ip_build_and_send_pkt(skb, sk, ireq->loc_addr,
844 err = net_xmit_eval(err);
845 if (!tcp_rsk(req)->snt_synack && !err)
846 tcp_rsk(req)->snt_synack = tcp_time_stamp;
852 static int tcp_v4_rtx_synack(struct sock *sk, struct request_sock *req)
854 int res = tcp_v4_send_synack(sk, NULL, req, 0);
857 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_RETRANSSEGS);
862 * IPv4 request_sock destructor.
864 static void tcp_v4_reqsk_destructor(struct request_sock *req)
866 kfree(inet_rsk(req)->opt);
870 * Return true if a syncookie should be sent
872 bool tcp_syn_flood_action(struct sock *sk,
873 const struct sk_buff *skb,
876 const char *msg = "Dropping request";
877 bool want_cookie = false;
878 struct listen_sock *lopt;
882 #ifdef CONFIG_SYN_COOKIES
883 if (sysctl_tcp_syncookies) {
884 msg = "Sending cookies";
886 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPREQQFULLDOCOOKIES);
889 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPREQQFULLDROP);
891 lopt = inet_csk(sk)->icsk_accept_queue.listen_opt;
892 if (!lopt->synflood_warned && sysctl_tcp_syncookies != 2) {
893 lopt->synflood_warned = 1;
894 pr_info("%s: Possible SYN flooding on port %d. %s. Check SNMP counters.\n",
895 proto, ntohs(tcp_hdr(skb)->dest), msg);
899 EXPORT_SYMBOL(tcp_syn_flood_action);
902 * Save and compile IPv4 options into the request_sock if needed.
904 static struct ip_options_rcu *tcp_v4_save_options(struct sk_buff *skb)
906 const struct ip_options *opt = &(IPCB(skb)->opt);
907 struct ip_options_rcu *dopt = NULL;
909 if (opt && opt->optlen) {
910 int opt_size = sizeof(*dopt) + opt->optlen;
912 dopt = kmalloc(opt_size, GFP_ATOMIC);
914 if (ip_options_echo(&dopt->opt, skb)) {
923 #ifdef CONFIG_TCP_MD5SIG
925 * RFC2385 MD5 checksumming requires a mapping of
926 * IP address->MD5 Key.
927 * We need to maintain these in the sk structure.
930 /* Find the Key structure for an address. */
931 struct tcp_md5sig_key *tcp_md5_do_lookup(struct sock *sk,
932 const union tcp_md5_addr *addr,
935 struct tcp_sock *tp = tcp_sk(sk);
936 struct tcp_md5sig_key *key;
937 unsigned int size = sizeof(struct in_addr);
938 struct tcp_md5sig_info *md5sig;
940 /* caller either holds rcu_read_lock() or socket lock */
941 md5sig = rcu_dereference_check(tp->md5sig_info,
942 sock_owned_by_user(sk) ||
943 lockdep_is_held(&sk->sk_lock.slock));
946 #if IS_ENABLED(CONFIG_IPV6)
947 if (family == AF_INET6)
948 size = sizeof(struct in6_addr);
950 hlist_for_each_entry_rcu(key, &md5sig->head, node) {
951 if (key->family != family)
953 if (!memcmp(&key->addr, addr, size))
958 EXPORT_SYMBOL(tcp_md5_do_lookup);
960 struct tcp_md5sig_key *tcp_v4_md5_lookup(struct sock *sk,
961 struct sock *addr_sk)
963 union tcp_md5_addr *addr;
965 addr = (union tcp_md5_addr *)&inet_sk(addr_sk)->inet_daddr;
966 return tcp_md5_do_lookup(sk, addr, AF_INET);
968 EXPORT_SYMBOL(tcp_v4_md5_lookup);
970 static struct tcp_md5sig_key *tcp_v4_reqsk_md5_lookup(struct sock *sk,
971 struct request_sock *req)
973 union tcp_md5_addr *addr;
975 addr = (union tcp_md5_addr *)&inet_rsk(req)->rmt_addr;
976 return tcp_md5_do_lookup(sk, addr, AF_INET);
979 /* This can be called on a newly created socket, from other files */
980 int tcp_md5_do_add(struct sock *sk, const union tcp_md5_addr *addr,
981 int family, const u8 *newkey, u8 newkeylen, gfp_t gfp)
983 /* Add Key to the list */
984 struct tcp_md5sig_key *key;
985 struct tcp_sock *tp = tcp_sk(sk);
986 struct tcp_md5sig_info *md5sig;
988 key = tcp_md5_do_lookup(sk, addr, family);
990 /* Pre-existing entry - just update that one. */
991 memcpy(key->key, newkey, newkeylen);
992 key->keylen = newkeylen;
996 md5sig = rcu_dereference_protected(tp->md5sig_info,
997 sock_owned_by_user(sk));
999 md5sig = kmalloc(sizeof(*md5sig), gfp);
1003 sk_nocaps_add(sk, NETIF_F_GSO_MASK);
1004 INIT_HLIST_HEAD(&md5sig->head);
1005 rcu_assign_pointer(tp->md5sig_info, md5sig);
1008 key = sock_kmalloc(sk, sizeof(*key), gfp);
1011 if (!tcp_alloc_md5sig_pool()) {
1012 sock_kfree_s(sk, key, sizeof(*key));
1016 memcpy(key->key, newkey, newkeylen);
1017 key->keylen = newkeylen;
1018 key->family = family;
1019 memcpy(&key->addr, addr,
1020 (family == AF_INET6) ? sizeof(struct in6_addr) :
1021 sizeof(struct in_addr));
1022 hlist_add_head_rcu(&key->node, &md5sig->head);
1025 EXPORT_SYMBOL(tcp_md5_do_add);
1027 int tcp_md5_do_del(struct sock *sk, const union tcp_md5_addr *addr, int family)
1029 struct tcp_md5sig_key *key;
1031 key = tcp_md5_do_lookup(sk, addr, family);
1034 hlist_del_rcu(&key->node);
1035 atomic_sub(sizeof(*key), &sk->sk_omem_alloc);
1036 kfree_rcu(key, rcu);
1039 EXPORT_SYMBOL(tcp_md5_do_del);
1041 static void tcp_clear_md5_list(struct sock *sk)
1043 struct tcp_sock *tp = tcp_sk(sk);
1044 struct tcp_md5sig_key *key;
1045 struct hlist_node *n;
1046 struct tcp_md5sig_info *md5sig;
1048 md5sig = rcu_dereference_protected(tp->md5sig_info, 1);
1050 hlist_for_each_entry_safe(key, n, &md5sig->head, node) {
1051 hlist_del_rcu(&key->node);
1052 atomic_sub(sizeof(*key), &sk->sk_omem_alloc);
1053 kfree_rcu(key, rcu);
1057 static int tcp_v4_parse_md5_keys(struct sock *sk, char __user *optval,
1060 struct tcp_md5sig cmd;
1061 struct sockaddr_in *sin = (struct sockaddr_in *)&cmd.tcpm_addr;
1063 if (optlen < sizeof(cmd))
1066 if (copy_from_user(&cmd, optval, sizeof(cmd)))
1069 if (sin->sin_family != AF_INET)
1072 if (!cmd.tcpm_key || !cmd.tcpm_keylen)
1073 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin->sin_addr.s_addr,
1076 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
1079 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin->sin_addr.s_addr,
1080 AF_INET, cmd.tcpm_key, cmd.tcpm_keylen,
1084 static int tcp_v4_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
1085 __be32 daddr, __be32 saddr, int nbytes)
1087 struct tcp4_pseudohdr *bp;
1088 struct scatterlist sg;
1090 bp = &hp->md5_blk.ip4;
1093 * 1. the TCP pseudo-header (in the order: source IP address,
1094 * destination IP address, zero-padded protocol number, and
1100 bp->protocol = IPPROTO_TCP;
1101 bp->len = cpu_to_be16(nbytes);
1103 sg_init_one(&sg, bp, sizeof(*bp));
1104 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
1107 static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
1108 __be32 daddr, __be32 saddr, const struct tcphdr *th)
1110 struct tcp_md5sig_pool *hp;
1111 struct hash_desc *desc;
1113 hp = tcp_get_md5sig_pool();
1115 goto clear_hash_noput;
1116 desc = &hp->md5_desc;
1118 if (crypto_hash_init(desc))
1120 if (tcp_v4_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
1122 if (tcp_md5_hash_header(hp, th))
1124 if (tcp_md5_hash_key(hp, key))
1126 if (crypto_hash_final(desc, md5_hash))
1129 tcp_put_md5sig_pool();
1133 tcp_put_md5sig_pool();
1135 memset(md5_hash, 0, 16);
1139 int tcp_v4_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
1140 const struct sock *sk, const struct request_sock *req,
1141 const struct sk_buff *skb)
1143 struct tcp_md5sig_pool *hp;
1144 struct hash_desc *desc;
1145 const struct tcphdr *th = tcp_hdr(skb);
1146 __be32 saddr, daddr;
1149 saddr = inet_sk(sk)->inet_saddr;
1150 daddr = inet_sk(sk)->inet_daddr;
1152 saddr = inet_rsk(req)->loc_addr;
1153 daddr = inet_rsk(req)->rmt_addr;
1155 const struct iphdr *iph = ip_hdr(skb);
1160 hp = tcp_get_md5sig_pool();
1162 goto clear_hash_noput;
1163 desc = &hp->md5_desc;
1165 if (crypto_hash_init(desc))
1168 if (tcp_v4_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
1170 if (tcp_md5_hash_header(hp, th))
1172 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
1174 if (tcp_md5_hash_key(hp, key))
1176 if (crypto_hash_final(desc, md5_hash))
1179 tcp_put_md5sig_pool();
1183 tcp_put_md5sig_pool();
1185 memset(md5_hash, 0, 16);
1188 EXPORT_SYMBOL(tcp_v4_md5_hash_skb);
1190 static bool tcp_v4_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb)
1193 * This gets called for each TCP segment that arrives
1194 * so we want to be efficient.
1195 * We have 3 drop cases:
1196 * o No MD5 hash and one expected.
1197 * o MD5 hash and we're not expecting one.
1198 * o MD5 hash and its wrong.
1200 const __u8 *hash_location = NULL;
1201 struct tcp_md5sig_key *hash_expected;
1202 const struct iphdr *iph = ip_hdr(skb);
1203 const struct tcphdr *th = tcp_hdr(skb);
1205 unsigned char newhash[16];
1207 hash_expected = tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&iph->saddr,
1209 hash_location = tcp_parse_md5sig_option(th);
1211 /* We've parsed the options - do we have a hash? */
1212 if (!hash_expected && !hash_location)
1215 if (hash_expected && !hash_location) {
1216 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
1220 if (!hash_expected && hash_location) {
1221 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
1225 /* Okay, so this is hash_expected and hash_location -
1226 * so we need to calculate the checksum.
1228 genhash = tcp_v4_md5_hash_skb(newhash,
1232 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
1233 net_info_ratelimited("MD5 Hash failed for (%pI4, %d)->(%pI4, %d)%s\n",
1234 &iph->saddr, ntohs(th->source),
1235 &iph->daddr, ntohs(th->dest),
1236 genhash ? " tcp_v4_calc_md5_hash failed"
1245 struct request_sock_ops tcp_request_sock_ops __read_mostly = {
1247 .obj_size = sizeof(struct tcp_request_sock),
1248 .rtx_syn_ack = tcp_v4_rtx_synack,
1249 .send_ack = tcp_v4_reqsk_send_ack,
1250 .destructor = tcp_v4_reqsk_destructor,
1251 .send_reset = tcp_v4_send_reset,
1252 .syn_ack_timeout = tcp_syn_ack_timeout,
1255 #ifdef CONFIG_TCP_MD5SIG
1256 static const struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = {
1257 .md5_lookup = tcp_v4_reqsk_md5_lookup,
1258 .calc_md5_hash = tcp_v4_md5_hash_skb,
1262 static bool tcp_fastopen_check(struct sock *sk, struct sk_buff *skb,
1263 struct request_sock *req,
1264 struct tcp_fastopen_cookie *foc,
1265 struct tcp_fastopen_cookie *valid_foc)
1267 bool skip_cookie = false;
1268 struct fastopen_queue *fastopenq;
1270 if (likely(!fastopen_cookie_present(foc))) {
1271 /* See include/net/tcp.h for the meaning of these knobs */
1272 if ((sysctl_tcp_fastopen & TFO_SERVER_ALWAYS) ||
1273 ((sysctl_tcp_fastopen & TFO_SERVER_COOKIE_NOT_REQD) &&
1274 (TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq + 1)))
1275 skip_cookie = true; /* no cookie to validate */
1279 fastopenq = inet_csk(sk)->icsk_accept_queue.fastopenq;
1280 /* A FO option is present; bump the counter. */
1281 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPFASTOPENPASSIVE);
1283 /* Make sure the listener has enabled fastopen, and we don't
1284 * exceed the max # of pending TFO requests allowed before trying
1285 * to validating the cookie in order to avoid burning CPU cycles
1288 * XXX (TFO) - The implication of checking the max_qlen before
1289 * processing a cookie request is that clients can't differentiate
1290 * between qlen overflow causing Fast Open to be disabled
1291 * temporarily vs a server not supporting Fast Open at all.
1293 if ((sysctl_tcp_fastopen & TFO_SERVER_ENABLE) == 0 ||
1294 fastopenq == NULL || fastopenq->max_qlen == 0)
1297 if (fastopenq->qlen >= fastopenq->max_qlen) {
1298 struct request_sock *req1;
1299 spin_lock(&fastopenq->lock);
1300 req1 = fastopenq->rskq_rst_head;
1301 if ((req1 == NULL) || time_after(req1->expires, jiffies)) {
1302 spin_unlock(&fastopenq->lock);
1303 NET_INC_STATS_BH(sock_net(sk),
1304 LINUX_MIB_TCPFASTOPENLISTENOVERFLOW);
1305 /* Avoid bumping LINUX_MIB_TCPFASTOPENPASSIVEFAIL*/
1309 fastopenq->rskq_rst_head = req1->dl_next;
1311 spin_unlock(&fastopenq->lock);
1315 tcp_rsk(req)->rcv_nxt = TCP_SKB_CB(skb)->end_seq;
1319 if (foc->len == TCP_FASTOPEN_COOKIE_SIZE) {
1320 if ((sysctl_tcp_fastopen & TFO_SERVER_COOKIE_NOT_CHKED) == 0) {
1321 tcp_fastopen_cookie_gen(ip_hdr(skb)->saddr,
1322 ip_hdr(skb)->daddr, valid_foc);
1323 if ((valid_foc->len != TCP_FASTOPEN_COOKIE_SIZE) ||
1324 memcmp(&foc->val[0], &valid_foc->val[0],
1325 TCP_FASTOPEN_COOKIE_SIZE) != 0)
1327 valid_foc->len = -1;
1329 /* Acknowledge the data received from the peer. */
1330 tcp_rsk(req)->rcv_nxt = TCP_SKB_CB(skb)->end_seq;
1332 } else if (foc->len == 0) { /* Client requesting a cookie */
1333 tcp_fastopen_cookie_gen(ip_hdr(skb)->saddr,
1334 ip_hdr(skb)->daddr, valid_foc);
1335 NET_INC_STATS_BH(sock_net(sk),
1336 LINUX_MIB_TCPFASTOPENCOOKIEREQD);
1338 /* Client sent a cookie with wrong size. Treat it
1339 * the same as invalid and return a valid one.
1341 tcp_fastopen_cookie_gen(ip_hdr(skb)->saddr,
1342 ip_hdr(skb)->daddr, valid_foc);
1347 static int tcp_v4_conn_req_fastopen(struct sock *sk,
1348 struct sk_buff *skb,
1349 struct sk_buff *skb_synack,
1350 struct request_sock *req)
1352 struct tcp_sock *tp = tcp_sk(sk);
1353 struct request_sock_queue *queue = &inet_csk(sk)->icsk_accept_queue;
1354 const struct inet_request_sock *ireq = inet_rsk(req);
1358 req->num_retrans = 0;
1359 req->num_timeout = 0;
1362 child = inet_csk(sk)->icsk_af_ops->syn_recv_sock(sk, skb, req, NULL);
1363 if (child == NULL) {
1364 NET_INC_STATS_BH(sock_net(sk),
1365 LINUX_MIB_TCPFASTOPENPASSIVEFAIL);
1366 kfree_skb(skb_synack);
1369 err = ip_build_and_send_pkt(skb_synack, sk, ireq->loc_addr,
1370 ireq->rmt_addr, ireq->opt);
1371 err = net_xmit_eval(err);
1373 tcp_rsk(req)->snt_synack = tcp_time_stamp;
1374 /* XXX (TFO) - is it ok to ignore error and continue? */
1376 spin_lock(&queue->fastopenq->lock);
1377 queue->fastopenq->qlen++;
1378 spin_unlock(&queue->fastopenq->lock);
1380 /* Initialize the child socket. Have to fix some values to take
1381 * into account the child is a Fast Open socket and is created
1382 * only out of the bits carried in the SYN packet.
1386 tp->fastopen_rsk = req;
1387 /* Do a hold on the listner sk so that if the listener is being
1388 * closed, the child that has been accepted can live on and still
1389 * access listen_lock.
1392 tcp_rsk(req)->listener = sk;
1394 /* RFC1323: The window in SYN & SYN/ACK segments is never
1395 * scaled. So correct it appropriately.
1397 tp->snd_wnd = ntohs(tcp_hdr(skb)->window);
1399 /* Activate the retrans timer so that SYNACK can be retransmitted.
1400 * The request socket is not added to the SYN table of the parent
1401 * because it's been added to the accept queue directly.
1403 inet_csk_reset_xmit_timer(child, ICSK_TIME_RETRANS,
1404 TCP_TIMEOUT_INIT, TCP_RTO_MAX);
1406 /* Add the child socket directly into the accept queue */
1407 inet_csk_reqsk_queue_add(sk, req, child);
1409 /* Now finish processing the fastopen child socket. */
1410 inet_csk(child)->icsk_af_ops->rebuild_header(child);
1411 tcp_init_congestion_control(child);
1412 tcp_mtup_init(child);
1413 tcp_init_buffer_space(child);
1414 tcp_init_metrics(child);
1416 /* Queue the data carried in the SYN packet. We need to first
1417 * bump skb's refcnt because the caller will attempt to free it.
1419 * XXX (TFO) - we honor a zero-payload TFO request for now.
1420 * (Any reason not to?)
1422 if (TCP_SKB_CB(skb)->end_seq == TCP_SKB_CB(skb)->seq + 1) {
1423 /* Don't queue the skb if there is no payload in SYN.
1424 * XXX (TFO) - How about SYN+FIN?
1426 tp->rcv_nxt = TCP_SKB_CB(skb)->end_seq;
1430 __skb_pull(skb, tcp_hdr(skb)->doff * 4);
1431 skb_set_owner_r(skb, child);
1432 __skb_queue_tail(&child->sk_receive_queue, skb);
1433 tp->rcv_nxt = TCP_SKB_CB(skb)->end_seq;
1434 tp->syn_data_acked = 1;
1436 sk->sk_data_ready(sk, 0);
1437 bh_unlock_sock(child);
1439 WARN_ON(req->sk == NULL);
1443 int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1445 struct tcp_options_received tmp_opt;
1446 struct request_sock *req;
1447 struct inet_request_sock *ireq;
1448 struct tcp_sock *tp = tcp_sk(sk);
1449 struct dst_entry *dst = NULL;
1450 __be32 saddr = ip_hdr(skb)->saddr;
1451 __be32 daddr = ip_hdr(skb)->daddr;
1452 __u32 isn = TCP_SKB_CB(skb)->when;
1453 bool want_cookie = false;
1455 struct tcp_fastopen_cookie foc = { .len = -1 };
1456 struct tcp_fastopen_cookie valid_foc = { .len = -1 };
1457 struct sk_buff *skb_synack;
1460 /* Never answer to SYNs send to broadcast or multicast */
1461 if (skb_rtable(skb)->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))
1464 /* TW buckets are converted to open requests without
1465 * limitations, they conserve resources and peer is
1466 * evidently real one.
1468 if ((sysctl_tcp_syncookies == 2 ||
1469 inet_csk_reqsk_queue_is_full(sk)) && !isn) {
1470 want_cookie = tcp_syn_flood_action(sk, skb, "TCP");
1475 /* Accept backlog is full. If we have already queued enough
1476 * of warm entries in syn queue, drop request. It is better than
1477 * clogging syn queue with openreqs with exponentially increasing
1480 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) {
1481 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1485 req = inet_reqsk_alloc(&tcp_request_sock_ops);
1489 #ifdef CONFIG_TCP_MD5SIG
1490 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv4_ops;
1493 tcp_clear_options(&tmp_opt);
1494 tmp_opt.mss_clamp = TCP_MSS_DEFAULT;
1495 tmp_opt.user_mss = tp->rx_opt.user_mss;
1496 tcp_parse_options(skb, &tmp_opt, 0, want_cookie ? NULL : &foc);
1498 if (want_cookie && !tmp_opt.saw_tstamp)
1499 tcp_clear_options(&tmp_opt);
1501 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1502 tcp_openreq_init(req, &tmp_opt, skb);
1504 ireq = inet_rsk(req);
1505 ireq->loc_addr = daddr;
1506 ireq->rmt_addr = saddr;
1507 ireq->no_srccheck = inet_sk(sk)->transparent;
1508 ireq->opt = tcp_v4_save_options(skb);
1510 if (security_inet_conn_request(sk, skb, req))
1513 if (!want_cookie || tmp_opt.tstamp_ok)
1514 TCP_ECN_create_request(req, skb, sock_net(sk));
1517 isn = cookie_v4_init_sequence(sk, skb, &req->mss);
1518 req->cookie_ts = tmp_opt.tstamp_ok;
1520 /* VJ's idea. We save last timestamp seen
1521 * from the destination in peer table, when entering
1522 * state TIME-WAIT, and check against it before
1523 * accepting new connection request.
1525 * If "isn" is not zero, this request hit alive
1526 * timewait bucket, so that all the necessary checks
1527 * are made in the function processing timewait state.
1529 if (tmp_opt.saw_tstamp &&
1530 tcp_death_row.sysctl_tw_recycle &&
1531 (dst = inet_csk_route_req(sk, &fl4, req)) != NULL &&
1532 fl4.daddr == saddr) {
1533 if (!tcp_peer_is_proven(req, dst, true)) {
1534 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSPASSIVEREJECTED);
1535 goto drop_and_release;
1538 /* Kill the following clause, if you dislike this way. */
1539 else if (!sysctl_tcp_syncookies &&
1540 (sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) <
1541 (sysctl_max_syn_backlog >> 2)) &&
1542 !tcp_peer_is_proven(req, dst, false)) {
1543 /* Without syncookies last quarter of
1544 * backlog is filled with destinations,
1545 * proven to be alive.
1546 * It means that we continue to communicate
1547 * to destinations, already remembered
1548 * to the moment of synflood.
1550 LIMIT_NETDEBUG(KERN_DEBUG pr_fmt("drop open request from %pI4/%u\n"),
1551 &saddr, ntohs(tcp_hdr(skb)->source));
1552 goto drop_and_release;
1555 isn = tcp_v4_init_sequence(skb);
1557 tcp_rsk(req)->snt_isn = isn;
1560 dst = inet_csk_route_req(sk, &fl4, req);
1564 do_fastopen = tcp_fastopen_check(sk, skb, req, &foc, &valid_foc);
1566 /* We don't call tcp_v4_send_synack() directly because we need
1567 * to make sure a child socket can be created successfully before
1568 * sending back synack!
1570 * XXX (TFO) - Ideally one would simply call tcp_v4_send_synack()
1571 * (or better yet, call tcp_send_synack() in the child context
1572 * directly, but will have to fix bunch of other code first)
1573 * after syn_recv_sock() except one will need to first fix the
1574 * latter to remove its dependency on the current implementation
1575 * of tcp_v4_send_synack()->tcp_select_initial_window().
1577 skb_synack = tcp_make_synack(sk, dst, req,
1578 fastopen_cookie_present(&valid_foc) ? &valid_foc : NULL);
1581 __tcp_v4_send_check(skb_synack, ireq->loc_addr, ireq->rmt_addr);
1582 skb_set_queue_mapping(skb_synack, skb_get_queue_mapping(skb));
1586 if (likely(!do_fastopen)) {
1588 err = ip_build_and_send_pkt(skb_synack, sk, ireq->loc_addr,
1589 ireq->rmt_addr, ireq->opt);
1590 err = net_xmit_eval(err);
1591 if (err || want_cookie)
1594 tcp_rsk(req)->snt_synack = tcp_time_stamp;
1595 tcp_rsk(req)->listener = NULL;
1596 /* Add the request_sock to the SYN table */
1597 inet_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1598 if (fastopen_cookie_present(&foc) && foc.len != 0)
1599 NET_INC_STATS_BH(sock_net(sk),
1600 LINUX_MIB_TCPFASTOPENPASSIVEFAIL);
1601 } else if (tcp_v4_conn_req_fastopen(sk, skb, skb_synack, req))
1611 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1614 EXPORT_SYMBOL(tcp_v4_conn_request);
1618 * The three way handshake has completed - we got a valid synack -
1619 * now create the new socket.
1621 struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1622 struct request_sock *req,
1623 struct dst_entry *dst)
1625 struct inet_request_sock *ireq;
1626 struct inet_sock *newinet;
1627 struct tcp_sock *newtp;
1629 #ifdef CONFIG_TCP_MD5SIG
1630 struct tcp_md5sig_key *key;
1632 struct ip_options_rcu *inet_opt;
1634 if (sk_acceptq_is_full(sk))
1637 newsk = tcp_create_openreq_child(sk, req, skb);
1641 newsk->sk_gso_type = SKB_GSO_TCPV4;
1642 inet_sk_rx_dst_set(newsk, skb);
1644 newtp = tcp_sk(newsk);
1645 newinet = inet_sk(newsk);
1646 ireq = inet_rsk(req);
1647 newinet->inet_daddr = ireq->rmt_addr;
1648 newinet->inet_rcv_saddr = ireq->loc_addr;
1649 newinet->inet_saddr = ireq->loc_addr;
1650 inet_opt = ireq->opt;
1651 rcu_assign_pointer(newinet->inet_opt, inet_opt);
1653 newinet->mc_index = inet_iif(skb);
1654 newinet->mc_ttl = ip_hdr(skb)->ttl;
1655 newinet->rcv_tos = ip_hdr(skb)->tos;
1656 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1658 inet_csk(newsk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
1659 newinet->inet_id = newtp->write_seq ^ jiffies;
1662 dst = inet_csk_route_child_sock(sk, newsk, req);
1666 /* syncookie case : see end of cookie_v4_check() */
1668 sk_setup_caps(newsk, dst);
1670 tcp_mtup_init(newsk);
1671 tcp_sync_mss(newsk, dst_mtu(dst));
1672 newtp->advmss = dst_metric_advmss(dst);
1673 if (tcp_sk(sk)->rx_opt.user_mss &&
1674 tcp_sk(sk)->rx_opt.user_mss < newtp->advmss)
1675 newtp->advmss = tcp_sk(sk)->rx_opt.user_mss;
1677 tcp_initialize_rcv_mss(newsk);
1679 #ifdef CONFIG_TCP_MD5SIG
1680 /* Copy over the MD5 key from the original socket */
1681 key = tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&newinet->inet_daddr,
1685 * We're using one, so create a matching key
1686 * on the newsk structure. If we fail to get
1687 * memory, then we end up not copying the key
1690 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newinet->inet_daddr,
1691 AF_INET, key->key, key->keylen, GFP_ATOMIC);
1692 sk_nocaps_add(newsk, NETIF_F_GSO_MASK);
1696 if (__inet_inherit_port(sk, newsk) < 0)
1698 __inet_hash_nolisten(newsk, NULL);
1703 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1707 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1710 inet_csk_prepare_forced_close(newsk);
1714 EXPORT_SYMBOL(tcp_v4_syn_recv_sock);
1716 static struct sock *tcp_v4_hnd_req(struct sock *sk, struct sk_buff *skb)
1718 struct tcphdr *th = tcp_hdr(skb);
1719 const struct iphdr *iph = ip_hdr(skb);
1721 struct request_sock **prev;
1722 /* Find possible connection requests. */
1723 struct request_sock *req = inet_csk_search_req(sk, &prev, th->source,
1724 iph->saddr, iph->daddr);
1726 return tcp_check_req(sk, skb, req, prev, false);
1728 nsk = inet_lookup_established(sock_net(sk), &tcp_hashinfo, iph->saddr,
1729 th->source, iph->daddr, th->dest, inet_iif(skb));
1732 if (nsk->sk_state != TCP_TIME_WAIT) {
1736 inet_twsk_put(inet_twsk(nsk));
1740 #ifdef CONFIG_SYN_COOKIES
1742 sk = cookie_v4_check(sk, skb, &(IPCB(skb)->opt));
1747 static __sum16 tcp_v4_checksum_init(struct sk_buff *skb)
1749 const struct iphdr *iph = ip_hdr(skb);
1751 if (skb->ip_summed == CHECKSUM_COMPLETE) {
1752 if (!tcp_v4_check(skb->len, iph->saddr,
1753 iph->daddr, skb->csum)) {
1754 skb->ip_summed = CHECKSUM_UNNECESSARY;
1759 skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr,
1760 skb->len, IPPROTO_TCP, 0);
1762 if (skb->len <= 76) {
1763 return __skb_checksum_complete(skb);
1769 /* The socket must have it's spinlock held when we get
1772 * We have a potential double-lock case here, so even when
1773 * doing backlog processing we use the BH locking scheme.
1774 * This is because we cannot sleep with the original spinlock
1777 int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
1780 #ifdef CONFIG_TCP_MD5SIG
1782 * We really want to reject the packet as early as possible
1784 * o We're expecting an MD5'd packet and this is no MD5 tcp option
1785 * o There is an MD5 option and we're not expecting one
1787 if (tcp_v4_inbound_md5_hash(sk, skb))
1791 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1792 struct dst_entry *dst = sk->sk_rx_dst;
1794 sock_rps_save_rxhash(sk, skb);
1796 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
1797 dst->ops->check(dst, 0) == NULL) {
1799 sk->sk_rx_dst = NULL;
1802 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) {
1809 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1812 if (sk->sk_state == TCP_LISTEN) {
1813 struct sock *nsk = tcp_v4_hnd_req(sk, skb);
1818 sock_rps_save_rxhash(nsk, skb);
1819 if (tcp_child_process(sk, nsk, skb)) {
1826 sock_rps_save_rxhash(sk, skb);
1828 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) {
1835 tcp_v4_send_reset(rsk, skb);
1838 /* Be careful here. If this function gets more complicated and
1839 * gcc suffers from register pressure on the x86, sk (in %ebx)
1840 * might be destroyed here. This current version compiles correctly,
1841 * but you have been warned.
1846 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_CSUMERRORS);
1847 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1850 EXPORT_SYMBOL(tcp_v4_do_rcv);
1852 void tcp_v4_early_demux(struct sk_buff *skb)
1854 const struct iphdr *iph;
1855 const struct tcphdr *th;
1858 if (skb->pkt_type != PACKET_HOST)
1861 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1867 if (th->doff < sizeof(struct tcphdr) / 4)
1870 sk = __inet_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1871 iph->saddr, th->source,
1872 iph->daddr, ntohs(th->dest),
1876 skb->destructor = sock_edemux;
1877 if (sk->sk_state != TCP_TIME_WAIT) {
1878 struct dst_entry *dst = sk->sk_rx_dst;
1881 dst = dst_check(dst, 0);
1883 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
1884 skb_dst_set_noref(skb, dst);
1889 /* Packet is added to VJ-style prequeue for processing in process
1890 * context, if a reader task is waiting. Apparently, this exciting
1891 * idea (VJ's mail "Re: query about TCP header on tcp-ip" of 07 Sep 93)
1892 * failed somewhere. Latency? Burstiness? Well, at least now we will
1893 * see, why it failed. 8)8) --ANK
1896 bool tcp_prequeue(struct sock *sk, struct sk_buff *skb)
1898 struct tcp_sock *tp = tcp_sk(sk);
1900 if (sysctl_tcp_low_latency || !tp->ucopy.task)
1903 if (skb->len <= tcp_hdrlen(skb) &&
1904 skb_queue_len(&tp->ucopy.prequeue) == 0)
1908 __skb_queue_tail(&tp->ucopy.prequeue, skb);
1909 tp->ucopy.memory += skb->truesize;
1910 if (tp->ucopy.memory > sk->sk_rcvbuf) {
1911 struct sk_buff *skb1;
1913 BUG_ON(sock_owned_by_user(sk));
1915 while ((skb1 = __skb_dequeue(&tp->ucopy.prequeue)) != NULL) {
1916 sk_backlog_rcv(sk, skb1);
1917 NET_INC_STATS_BH(sock_net(sk),
1918 LINUX_MIB_TCPPREQUEUEDROPPED);
1921 tp->ucopy.memory = 0;
1922 } else if (skb_queue_len(&tp->ucopy.prequeue) == 1) {
1923 wake_up_interruptible_sync_poll(sk_sleep(sk),
1924 POLLIN | POLLRDNORM | POLLRDBAND);
1925 if (!inet_csk_ack_scheduled(sk))
1926 inet_csk_reset_xmit_timer(sk, ICSK_TIME_DACK,
1927 (3 * tcp_rto_min(sk)) / 4,
1932 EXPORT_SYMBOL(tcp_prequeue);
1938 int tcp_v4_rcv(struct sk_buff *skb)
1940 const struct iphdr *iph;
1941 const struct tcphdr *th;
1944 struct net *net = dev_net(skb->dev);
1946 if (skb->pkt_type != PACKET_HOST)
1949 /* Count it even if it's bad */
1950 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1952 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1957 if (th->doff < sizeof(struct tcphdr) / 4)
1959 if (!pskb_may_pull(skb, th->doff * 4))
1962 /* An explanation is required here, I think.
1963 * Packet length and doff are validated by header prediction,
1964 * provided case of th->doff==0 is eliminated.
1965 * So, we defer the checks. */
1966 if (!skb_csum_unnecessary(skb) && tcp_v4_checksum_init(skb))
1971 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1972 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1973 skb->len - th->doff * 4);
1974 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1975 TCP_SKB_CB(skb)->when = 0;
1976 TCP_SKB_CB(skb)->ip_dsfield = ipv4_get_dsfield(iph);
1977 TCP_SKB_CB(skb)->sacked = 0;
1979 sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
1984 if (sk->sk_state == TCP_TIME_WAIT)
1987 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
1988 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
1989 goto discard_and_relse;
1992 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
1993 goto discard_and_relse;
1996 if (sk_filter(sk, skb))
1997 goto discard_and_relse;
1999 sk_mark_napi_id(sk, skb);
2002 bh_lock_sock_nested(sk);
2004 if (!sock_owned_by_user(sk)) {
2005 #ifdef CONFIG_NET_DMA
2006 struct tcp_sock *tp = tcp_sk(sk);
2007 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
2008 tp->ucopy.dma_chan = net_dma_find_channel();
2009 if (tp->ucopy.dma_chan)
2010 ret = tcp_v4_do_rcv(sk, skb);
2014 if (!tcp_prequeue(sk, skb))
2015 ret = tcp_v4_do_rcv(sk, skb);
2017 } else if (unlikely(sk_add_backlog(sk, skb,
2018 sk->sk_rcvbuf + sk->sk_sndbuf))) {
2020 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP);
2021 goto discard_and_relse;
2030 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
2033 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) {
2035 TCP_INC_STATS_BH(net, TCP_MIB_CSUMERRORS);
2037 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
2039 tcp_v4_send_reset(NULL, skb);
2043 /* Discard frame. */
2052 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
2053 inet_twsk_put(inet_twsk(sk));
2057 if (skb->len < (th->doff << 2)) {
2058 inet_twsk_put(inet_twsk(sk));
2061 if (tcp_checksum_complete(skb)) {
2062 inet_twsk_put(inet_twsk(sk));
2065 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
2067 struct sock *sk2 = inet_lookup_listener(dev_net(skb->dev),
2069 iph->saddr, th->source,
2070 iph->daddr, th->dest,
2073 inet_twsk_deschedule(inet_twsk(sk), &tcp_death_row);
2074 inet_twsk_put(inet_twsk(sk));
2078 /* Fall through to ACK */
2081 tcp_v4_timewait_ack(sk, skb);
2085 case TCP_TW_SUCCESS:;
2090 static struct timewait_sock_ops tcp_timewait_sock_ops = {
2091 .twsk_obj_size = sizeof(struct tcp_timewait_sock),
2092 .twsk_unique = tcp_twsk_unique,
2093 .twsk_destructor= tcp_twsk_destructor,
2096 void inet_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
2098 struct dst_entry *dst = skb_dst(skb);
2101 sk->sk_rx_dst = dst;
2102 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
2104 EXPORT_SYMBOL(inet_sk_rx_dst_set);
2106 const struct inet_connection_sock_af_ops ipv4_specific = {
2107 .queue_xmit = ip_queue_xmit,
2108 .send_check = tcp_v4_send_check,
2109 .rebuild_header = inet_sk_rebuild_header,
2110 .sk_rx_dst_set = inet_sk_rx_dst_set,
2111 .conn_request = tcp_v4_conn_request,
2112 .syn_recv_sock = tcp_v4_syn_recv_sock,
2113 .net_header_len = sizeof(struct iphdr),
2114 .setsockopt = ip_setsockopt,
2115 .getsockopt = ip_getsockopt,
2116 .addr2sockaddr = inet_csk_addr2sockaddr,
2117 .sockaddr_len = sizeof(struct sockaddr_in),
2118 .bind_conflict = inet_csk_bind_conflict,
2119 #ifdef CONFIG_COMPAT
2120 .compat_setsockopt = compat_ip_setsockopt,
2121 .compat_getsockopt = compat_ip_getsockopt,
2124 EXPORT_SYMBOL(ipv4_specific);
2126 #ifdef CONFIG_TCP_MD5SIG
2127 static const struct tcp_sock_af_ops tcp_sock_ipv4_specific = {
2128 .md5_lookup = tcp_v4_md5_lookup,
2129 .calc_md5_hash = tcp_v4_md5_hash_skb,
2130 .md5_parse = tcp_v4_parse_md5_keys,
2134 /* NOTE: A lot of things set to zero explicitly by call to
2135 * sk_alloc() so need not be done here.
2137 static int tcp_v4_init_sock(struct sock *sk)
2139 struct inet_connection_sock *icsk = inet_csk(sk);
2143 icsk->icsk_af_ops = &ipv4_specific;
2145 #ifdef CONFIG_TCP_MD5SIG
2146 tcp_sk(sk)->af_specific = &tcp_sock_ipv4_specific;
2152 void tcp_v4_destroy_sock(struct sock *sk)
2154 struct tcp_sock *tp = tcp_sk(sk);
2156 tcp_clear_xmit_timers(sk);
2158 tcp_cleanup_congestion_control(sk);
2160 /* Cleanup up the write buffer. */
2161 tcp_write_queue_purge(sk);
2163 /* Cleans up our, hopefully empty, out_of_order_queue. */
2164 __skb_queue_purge(&tp->out_of_order_queue);
2166 #ifdef CONFIG_TCP_MD5SIG
2167 /* Clean up the MD5 key list, if any */
2168 if (tp->md5sig_info) {
2169 tcp_clear_md5_list(sk);
2170 kfree_rcu(tp->md5sig_info, rcu);
2171 tp->md5sig_info = NULL;
2175 #ifdef CONFIG_NET_DMA
2176 /* Cleans up our sk_async_wait_queue */
2177 __skb_queue_purge(&sk->sk_async_wait_queue);
2180 /* Clean prequeue, it must be empty really */
2181 __skb_queue_purge(&tp->ucopy.prequeue);
2183 /* Clean up a referenced TCP bind bucket. */
2184 if (inet_csk(sk)->icsk_bind_hash)
2187 BUG_ON(tp->fastopen_rsk != NULL);
2189 /* If socket is aborted during connect operation */
2190 tcp_free_fastopen_req(tp);
2192 sk_sockets_allocated_dec(sk);
2193 sock_release_memcg(sk);
2195 EXPORT_SYMBOL(tcp_v4_destroy_sock);
2197 #ifdef CONFIG_PROC_FS
2198 /* Proc filesystem TCP sock list dumping. */
2200 static inline struct inet_timewait_sock *tw_head(struct hlist_nulls_head *head)
2202 return hlist_nulls_empty(head) ? NULL :
2203 list_entry(head->first, struct inet_timewait_sock, tw_node);
2206 static inline struct inet_timewait_sock *tw_next(struct inet_timewait_sock *tw)
2208 return !is_a_nulls(tw->tw_node.next) ?
2209 hlist_nulls_entry(tw->tw_node.next, typeof(*tw), tw_node) : NULL;
2213 * Get next listener socket follow cur. If cur is NULL, get first socket
2214 * starting from bucket given in st->bucket; when st->bucket is zero the
2215 * very first socket in the hash table is returned.
2217 static void *listening_get_next(struct seq_file *seq, void *cur)
2219 struct inet_connection_sock *icsk;
2220 struct hlist_nulls_node *node;
2221 struct sock *sk = cur;
2222 struct inet_listen_hashbucket *ilb;
2223 struct tcp_iter_state *st = seq->private;
2224 struct net *net = seq_file_net(seq);
2227 ilb = &tcp_hashinfo.listening_hash[st->bucket];
2228 spin_lock_bh(&ilb->lock);
2229 sk = sk_nulls_head(&ilb->head);
2233 ilb = &tcp_hashinfo.listening_hash[st->bucket];
2237 if (st->state == TCP_SEQ_STATE_OPENREQ) {
2238 struct request_sock *req = cur;
2240 icsk = inet_csk(st->syn_wait_sk);
2244 if (req->rsk_ops->family == st->family) {
2250 if (++st->sbucket >= icsk->icsk_accept_queue.listen_opt->nr_table_entries)
2253 req = icsk->icsk_accept_queue.listen_opt->syn_table[st->sbucket];
2255 sk = sk_nulls_next(st->syn_wait_sk);
2256 st->state = TCP_SEQ_STATE_LISTENING;
2257 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2259 icsk = inet_csk(sk);
2260 read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2261 if (reqsk_queue_len(&icsk->icsk_accept_queue))
2263 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2264 sk = sk_nulls_next(sk);
2267 sk_nulls_for_each_from(sk, node) {
2268 if (!net_eq(sock_net(sk), net))
2270 if (sk->sk_family == st->family) {
2274 icsk = inet_csk(sk);
2275 read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2276 if (reqsk_queue_len(&icsk->icsk_accept_queue)) {
2278 st->uid = sock_i_uid(sk);
2279 st->syn_wait_sk = sk;
2280 st->state = TCP_SEQ_STATE_OPENREQ;
2284 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2286 spin_unlock_bh(&ilb->lock);
2288 if (++st->bucket < INET_LHTABLE_SIZE) {
2289 ilb = &tcp_hashinfo.listening_hash[st->bucket];
2290 spin_lock_bh(&ilb->lock);
2291 sk = sk_nulls_head(&ilb->head);
2299 static void *listening_get_idx(struct seq_file *seq, loff_t *pos)
2301 struct tcp_iter_state *st = seq->private;
2306 rc = listening_get_next(seq, NULL);
2308 while (rc && *pos) {
2309 rc = listening_get_next(seq, rc);
2315 static inline bool empty_bucket(struct tcp_iter_state *st)
2317 return hlist_nulls_empty(&tcp_hashinfo.ehash[st->bucket].chain) &&
2318 hlist_nulls_empty(&tcp_hashinfo.ehash[st->bucket].twchain);
2322 * Get first established socket starting from bucket given in st->bucket.
2323 * If st->bucket is zero, the very first socket in the hash is returned.
2325 static void *established_get_first(struct seq_file *seq)
2327 struct tcp_iter_state *st = seq->private;
2328 struct net *net = seq_file_net(seq);
2332 for (; st->bucket <= tcp_hashinfo.ehash_mask; ++st->bucket) {
2334 struct hlist_nulls_node *node;
2335 struct inet_timewait_sock *tw;
2336 spinlock_t *lock = inet_ehash_lockp(&tcp_hashinfo, st->bucket);
2338 /* Lockless fast path for the common case of empty buckets */
2339 if (empty_bucket(st))
2343 sk_nulls_for_each(sk, node, &tcp_hashinfo.ehash[st->bucket].chain) {
2344 if (sk->sk_family != st->family ||
2345 !net_eq(sock_net(sk), net)) {
2351 st->state = TCP_SEQ_STATE_TIME_WAIT;
2352 inet_twsk_for_each(tw, node,
2353 &tcp_hashinfo.ehash[st->bucket].twchain) {
2354 if (tw->tw_family != st->family ||
2355 !net_eq(twsk_net(tw), net)) {
2361 spin_unlock_bh(lock);
2362 st->state = TCP_SEQ_STATE_ESTABLISHED;
2368 static void *established_get_next(struct seq_file *seq, void *cur)
2370 struct sock *sk = cur;
2371 struct inet_timewait_sock *tw;
2372 struct hlist_nulls_node *node;
2373 struct tcp_iter_state *st = seq->private;
2374 struct net *net = seq_file_net(seq);
2379 if (st->state == TCP_SEQ_STATE_TIME_WAIT) {
2383 while (tw && (tw->tw_family != st->family || !net_eq(twsk_net(tw), net))) {
2390 spin_unlock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2391 st->state = TCP_SEQ_STATE_ESTABLISHED;
2393 /* Look for next non empty bucket */
2395 while (++st->bucket <= tcp_hashinfo.ehash_mask &&
2398 if (st->bucket > tcp_hashinfo.ehash_mask)
2401 spin_lock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2402 sk = sk_nulls_head(&tcp_hashinfo.ehash[st->bucket].chain);
2404 sk = sk_nulls_next(sk);
2406 sk_nulls_for_each_from(sk, node) {
2407 if (sk->sk_family == st->family && net_eq(sock_net(sk), net))
2411 st->state = TCP_SEQ_STATE_TIME_WAIT;
2412 tw = tw_head(&tcp_hashinfo.ehash[st->bucket].twchain);
2420 static void *established_get_idx(struct seq_file *seq, loff_t pos)
2422 struct tcp_iter_state *st = seq->private;
2426 rc = established_get_first(seq);
2429 rc = established_get_next(seq, rc);
2435 static void *tcp_get_idx(struct seq_file *seq, loff_t pos)
2438 struct tcp_iter_state *st = seq->private;
2440 st->state = TCP_SEQ_STATE_LISTENING;
2441 rc = listening_get_idx(seq, &pos);
2444 st->state = TCP_SEQ_STATE_ESTABLISHED;
2445 rc = established_get_idx(seq, pos);
2451 static void *tcp_seek_last_pos(struct seq_file *seq)
2453 struct tcp_iter_state *st = seq->private;
2454 int offset = st->offset;
2455 int orig_num = st->num;
2458 switch (st->state) {
2459 case TCP_SEQ_STATE_OPENREQ:
2460 case TCP_SEQ_STATE_LISTENING:
2461 if (st->bucket >= INET_LHTABLE_SIZE)
2463 st->state = TCP_SEQ_STATE_LISTENING;
2464 rc = listening_get_next(seq, NULL);
2465 while (offset-- && rc)
2466 rc = listening_get_next(seq, rc);
2471 case TCP_SEQ_STATE_ESTABLISHED:
2472 case TCP_SEQ_STATE_TIME_WAIT:
2473 st->state = TCP_SEQ_STATE_ESTABLISHED;
2474 if (st->bucket > tcp_hashinfo.ehash_mask)
2476 rc = established_get_first(seq);
2477 while (offset-- && rc)
2478 rc = established_get_next(seq, rc);
2486 static void *tcp_seq_start(struct seq_file *seq, loff_t *pos)
2488 struct tcp_iter_state *st = seq->private;
2491 if (*pos && *pos == st->last_pos) {
2492 rc = tcp_seek_last_pos(seq);
2497 st->state = TCP_SEQ_STATE_LISTENING;
2501 rc = *pos ? tcp_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2504 st->last_pos = *pos;
2508 static void *tcp_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2510 struct tcp_iter_state *st = seq->private;
2513 if (v == SEQ_START_TOKEN) {
2514 rc = tcp_get_idx(seq, 0);
2518 switch (st->state) {
2519 case TCP_SEQ_STATE_OPENREQ:
2520 case TCP_SEQ_STATE_LISTENING:
2521 rc = listening_get_next(seq, v);
2523 st->state = TCP_SEQ_STATE_ESTABLISHED;
2526 rc = established_get_first(seq);
2529 case TCP_SEQ_STATE_ESTABLISHED:
2530 case TCP_SEQ_STATE_TIME_WAIT:
2531 rc = established_get_next(seq, v);
2536 st->last_pos = *pos;
2540 static void tcp_seq_stop(struct seq_file *seq, void *v)
2542 struct tcp_iter_state *st = seq->private;
2544 switch (st->state) {
2545 case TCP_SEQ_STATE_OPENREQ:
2547 struct inet_connection_sock *icsk = inet_csk(st->syn_wait_sk);
2548 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2550 case TCP_SEQ_STATE_LISTENING:
2551 if (v != SEQ_START_TOKEN)
2552 spin_unlock_bh(&tcp_hashinfo.listening_hash[st->bucket].lock);
2554 case TCP_SEQ_STATE_TIME_WAIT:
2555 case TCP_SEQ_STATE_ESTABLISHED:
2557 spin_unlock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2562 int tcp_seq_open(struct inode *inode, struct file *file)
2564 struct tcp_seq_afinfo *afinfo = PDE_DATA(inode);
2565 struct tcp_iter_state *s;
2568 err = seq_open_net(inode, file, &afinfo->seq_ops,
2569 sizeof(struct tcp_iter_state));
2573 s = ((struct seq_file *)file->private_data)->private;
2574 s->family = afinfo->family;
2578 EXPORT_SYMBOL(tcp_seq_open);
2580 int tcp_proc_register(struct net *net, struct tcp_seq_afinfo *afinfo)
2583 struct proc_dir_entry *p;
2585 afinfo->seq_ops.start = tcp_seq_start;
2586 afinfo->seq_ops.next = tcp_seq_next;
2587 afinfo->seq_ops.stop = tcp_seq_stop;
2589 p = proc_create_data(afinfo->name, S_IRUGO, net->proc_net,
2590 afinfo->seq_fops, afinfo);
2595 EXPORT_SYMBOL(tcp_proc_register);
2597 void tcp_proc_unregister(struct net *net, struct tcp_seq_afinfo *afinfo)
2599 remove_proc_entry(afinfo->name, net->proc_net);
2601 EXPORT_SYMBOL(tcp_proc_unregister);
2603 static void get_openreq4(const struct sock *sk, const struct request_sock *req,
2604 struct seq_file *f, int i, kuid_t uid, int *len)
2606 const struct inet_request_sock *ireq = inet_rsk(req);
2607 long delta = req->expires - jiffies;
2609 seq_printf(f, "%4d: %08X:%04X %08X:%04X"
2610 " %02X %08X:%08X %02X:%08lX %08X %5u %8d %u %d %pK%n",
2613 ntohs(inet_sk(sk)->inet_sport),
2615 ntohs(ireq->rmt_port),
2617 0, 0, /* could print option size, but that is af dependent. */
2618 1, /* timers active (only the expire timer) */
2619 jiffies_delta_to_clock_t(delta),
2621 from_kuid_munged(seq_user_ns(f), uid),
2622 0, /* non standard timer */
2623 0, /* open_requests have no inode */
2624 atomic_read(&sk->sk_refcnt),
2629 static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
2632 unsigned long timer_expires;
2633 const struct tcp_sock *tp = tcp_sk(sk);
2634 const struct inet_connection_sock *icsk = inet_csk(sk);
2635 const struct inet_sock *inet = inet_sk(sk);
2636 struct fastopen_queue *fastopenq = icsk->icsk_accept_queue.fastopenq;
2637 __be32 dest = inet->inet_daddr;
2638 __be32 src = inet->inet_rcv_saddr;
2639 __u16 destp = ntohs(inet->inet_dport);
2640 __u16 srcp = ntohs(inet->inet_sport);
2643 if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
2644 icsk->icsk_pending == ICSK_TIME_EARLY_RETRANS ||
2645 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
2647 timer_expires = icsk->icsk_timeout;
2648 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2650 timer_expires = icsk->icsk_timeout;
2651 } else if (timer_pending(&sk->sk_timer)) {
2653 timer_expires = sk->sk_timer.expires;
2656 timer_expires = jiffies;
2659 if (sk->sk_state == TCP_LISTEN)
2660 rx_queue = sk->sk_ack_backlog;
2663 * because we dont lock socket, we might find a transient negative value
2665 rx_queue = max_t(int, tp->rcv_nxt - tp->copied_seq, 0);
2667 seq_printf(f, "%4d: %08X:%04X %08X:%04X %02X %08X:%08X %02X:%08lX "
2668 "%08X %5u %8d %lu %d %pK %lu %lu %u %u %d%n",
2669 i, src, srcp, dest, destp, sk->sk_state,
2670 tp->write_seq - tp->snd_una,
2673 jiffies_delta_to_clock_t(timer_expires - jiffies),
2674 icsk->icsk_retransmits,
2675 from_kuid_munged(seq_user_ns(f), sock_i_uid(sk)),
2676 icsk->icsk_probes_out,
2678 atomic_read(&sk->sk_refcnt), sk,
2679 jiffies_to_clock_t(icsk->icsk_rto),
2680 jiffies_to_clock_t(icsk->icsk_ack.ato),
2681 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
2683 sk->sk_state == TCP_LISTEN ?
2684 (fastopenq ? fastopenq->max_qlen : 0) :
2685 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh),
2689 static void get_timewait4_sock(const struct inet_timewait_sock *tw,
2690 struct seq_file *f, int i, int *len)
2694 long delta = tw->tw_ttd - jiffies;
2696 dest = tw->tw_daddr;
2697 src = tw->tw_rcv_saddr;
2698 destp = ntohs(tw->tw_dport);
2699 srcp = ntohs(tw->tw_sport);
2701 seq_printf(f, "%4d: %08X:%04X %08X:%04X"
2702 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK%n",
2703 i, src, srcp, dest, destp, tw->tw_substate, 0, 0,
2704 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
2705 atomic_read(&tw->tw_refcnt), tw, len);
2710 static int tcp4_seq_show(struct seq_file *seq, void *v)
2712 struct tcp_iter_state *st;
2715 if (v == SEQ_START_TOKEN) {
2716 seq_printf(seq, "%-*s\n", TMPSZ - 1,
2717 " sl local_address rem_address st tx_queue "
2718 "rx_queue tr tm->when retrnsmt uid timeout "
2724 switch (st->state) {
2725 case TCP_SEQ_STATE_LISTENING:
2726 case TCP_SEQ_STATE_ESTABLISHED:
2727 get_tcp4_sock(v, seq, st->num, &len);
2729 case TCP_SEQ_STATE_OPENREQ:
2730 get_openreq4(st->syn_wait_sk, v, seq, st->num, st->uid, &len);
2732 case TCP_SEQ_STATE_TIME_WAIT:
2733 get_timewait4_sock(v, seq, st->num, &len);
2736 seq_printf(seq, "%*s\n", TMPSZ - 1 - len, "");
2741 static const struct file_operations tcp_afinfo_seq_fops = {
2742 .owner = THIS_MODULE,
2743 .open = tcp_seq_open,
2745 .llseek = seq_lseek,
2746 .release = seq_release_net
2749 static struct tcp_seq_afinfo tcp4_seq_afinfo = {
2752 .seq_fops = &tcp_afinfo_seq_fops,
2754 .show = tcp4_seq_show,
2758 static int __net_init tcp4_proc_init_net(struct net *net)
2760 return tcp_proc_register(net, &tcp4_seq_afinfo);
2763 static void __net_exit tcp4_proc_exit_net(struct net *net)
2765 tcp_proc_unregister(net, &tcp4_seq_afinfo);
2768 static struct pernet_operations tcp4_net_ops = {
2769 .init = tcp4_proc_init_net,
2770 .exit = tcp4_proc_exit_net,
2773 int __init tcp4_proc_init(void)
2775 return register_pernet_subsys(&tcp4_net_ops);
2778 void tcp4_proc_exit(void)
2780 unregister_pernet_subsys(&tcp4_net_ops);
2782 #endif /* CONFIG_PROC_FS */
2784 struct proto tcp_prot = {
2786 .owner = THIS_MODULE,
2788 .connect = tcp_v4_connect,
2789 .disconnect = tcp_disconnect,
2790 .accept = inet_csk_accept,
2792 .init = tcp_v4_init_sock,
2793 .destroy = tcp_v4_destroy_sock,
2794 .shutdown = tcp_shutdown,
2795 .setsockopt = tcp_setsockopt,
2796 .getsockopt = tcp_getsockopt,
2797 .recvmsg = tcp_recvmsg,
2798 .sendmsg = tcp_sendmsg,
2799 .sendpage = tcp_sendpage,
2800 .backlog_rcv = tcp_v4_do_rcv,
2801 .release_cb = tcp_release_cb,
2802 .mtu_reduced = tcp_v4_mtu_reduced,
2804 .unhash = inet_unhash,
2805 .get_port = inet_csk_get_port,
2806 .enter_memory_pressure = tcp_enter_memory_pressure,
2807 .stream_memory_free = tcp_stream_memory_free,
2808 .sockets_allocated = &tcp_sockets_allocated,
2809 .orphan_count = &tcp_orphan_count,
2810 .memory_allocated = &tcp_memory_allocated,
2811 .memory_pressure = &tcp_memory_pressure,
2812 .sysctl_wmem = sysctl_tcp_wmem,
2813 .sysctl_rmem = sysctl_tcp_rmem,
2814 .max_header = MAX_TCP_HEADER,
2815 .obj_size = sizeof(struct tcp_sock),
2816 .slab_flags = SLAB_DESTROY_BY_RCU,
2817 .twsk_prot = &tcp_timewait_sock_ops,
2818 .rsk_prot = &tcp_request_sock_ops,
2819 .h.hashinfo = &tcp_hashinfo,
2820 .no_autobind = true,
2821 #ifdef CONFIG_COMPAT
2822 .compat_setsockopt = compat_tcp_setsockopt,
2823 .compat_getsockopt = compat_tcp_getsockopt,
2825 #ifdef CONFIG_MEMCG_KMEM
2826 .init_cgroup = tcp_init_cgroup,
2827 .destroy_cgroup = tcp_destroy_cgroup,
2828 .proto_cgroup = tcp_proto_cgroup,
2831 EXPORT_SYMBOL(tcp_prot);
2833 static int __net_init tcp_sk_init(struct net *net)
2835 net->ipv4.sysctl_tcp_ecn = 2;
2839 static void __net_exit tcp_sk_exit(struct net *net)
2843 static void __net_exit tcp_sk_exit_batch(struct list_head *net_exit_list)
2845 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET);
2848 static struct pernet_operations __net_initdata tcp_sk_ops = {
2849 .init = tcp_sk_init,
2850 .exit = tcp_sk_exit,
2851 .exit_batch = tcp_sk_exit_batch,
2854 void __init tcp_v4_init(void)
2856 inet_hashinfo_init(&tcp_hashinfo);
2857 if (register_pernet_subsys(&tcp_sk_ops))
2858 panic("Failed to create the TCP control socket.\n");