3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
10 * linux/net/ipv4/tcp_input.c
11 * linux/net/ipv4/tcp_output.c
14 * Hideaki YOSHIFUJI : sin6_scope_id support
15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
17 * a single port at the same time.
18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
41 #include <linux/slab.h>
42 #include <linux/uaccess.h>
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
60 #include <net/dsfield.h>
61 #include <net/timewait_sock.h>
62 #include <net/inet_common.h>
63 #include <net/secure_seq.h>
64 #include <net/busy_poll.h>
66 #include <linux/proc_fs.h>
67 #include <linux/seq_file.h>
69 #include <crypto/hash.h>
70 #include <linux/scatterlist.h>
72 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb);
73 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
74 struct request_sock *req);
76 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
78 static const struct inet_connection_sock_af_ops ipv6_mapped;
79 static const struct inet_connection_sock_af_ops ipv6_specific;
80 #ifdef CONFIG_TCP_MD5SIG
81 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
82 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
84 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
85 const struct in6_addr *addr)
91 static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
93 struct dst_entry *dst = skb_dst(skb);
95 if (dst && dst_hold_safe(dst)) {
96 const struct rt6_info *rt = (const struct rt6_info *)dst;
99 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
100 inet6_sk(sk)->rx_dst_cookie = rt6_get_cookie(rt);
104 static u32 tcp_v6_init_sequence(const struct sk_buff *skb, u32 *tsoff)
106 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
107 ipv6_hdr(skb)->saddr.s6_addr32,
109 tcp_hdr(skb)->source, tsoff);
112 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
115 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
116 struct inet_sock *inet = inet_sk(sk);
117 struct inet_connection_sock *icsk = inet_csk(sk);
118 struct ipv6_pinfo *np = inet6_sk(sk);
119 struct tcp_sock *tp = tcp_sk(sk);
120 struct in6_addr *saddr = NULL, *final_p, final;
121 struct ipv6_txoptions *opt;
123 struct dst_entry *dst;
126 struct inet_timewait_death_row *tcp_death_row = &sock_net(sk)->ipv4.tcp_death_row;
128 if (addr_len < SIN6_LEN_RFC2133)
131 if (usin->sin6_family != AF_INET6)
132 return -EAFNOSUPPORT;
134 memset(&fl6, 0, sizeof(fl6));
137 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
138 IP6_ECN_flow_init(fl6.flowlabel);
139 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
140 struct ip6_flowlabel *flowlabel;
141 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
144 fl6_sock_release(flowlabel);
149 * connect() to INADDR_ANY means loopback (BSD'ism).
152 if (ipv6_addr_any(&usin->sin6_addr))
153 usin->sin6_addr.s6_addr[15] = 0x1;
155 addr_type = ipv6_addr_type(&usin->sin6_addr);
157 if (addr_type & IPV6_ADDR_MULTICAST)
160 if (addr_type&IPV6_ADDR_LINKLOCAL) {
161 if (addr_len >= sizeof(struct sockaddr_in6) &&
162 usin->sin6_scope_id) {
163 /* If interface is set while binding, indices
166 if (sk->sk_bound_dev_if &&
167 sk->sk_bound_dev_if != usin->sin6_scope_id)
170 sk->sk_bound_dev_if = usin->sin6_scope_id;
173 /* Connect to link-local address requires an interface */
174 if (!sk->sk_bound_dev_if)
178 if (tp->rx_opt.ts_recent_stamp &&
179 !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
180 tp->rx_opt.ts_recent = 0;
181 tp->rx_opt.ts_recent_stamp = 0;
185 sk->sk_v6_daddr = usin->sin6_addr;
186 np->flow_label = fl6.flowlabel;
192 if (addr_type == IPV6_ADDR_MAPPED) {
193 u32 exthdrlen = icsk->icsk_ext_hdr_len;
194 struct sockaddr_in sin;
196 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
198 if (__ipv6_only_sock(sk))
201 sin.sin_family = AF_INET;
202 sin.sin_port = usin->sin6_port;
203 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
205 icsk->icsk_af_ops = &ipv6_mapped;
206 sk->sk_backlog_rcv = tcp_v4_do_rcv;
207 #ifdef CONFIG_TCP_MD5SIG
208 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
211 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
214 icsk->icsk_ext_hdr_len = exthdrlen;
215 icsk->icsk_af_ops = &ipv6_specific;
216 sk->sk_backlog_rcv = tcp_v6_do_rcv;
217 #ifdef CONFIG_TCP_MD5SIG
218 tp->af_specific = &tcp_sock_ipv6_specific;
222 np->saddr = sk->sk_v6_rcv_saddr;
227 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
228 saddr = &sk->sk_v6_rcv_saddr;
230 fl6.flowi6_proto = IPPROTO_TCP;
231 fl6.daddr = sk->sk_v6_daddr;
232 fl6.saddr = saddr ? *saddr : np->saddr;
233 fl6.flowi6_oif = sk->sk_bound_dev_if;
234 fl6.flowi6_mark = sk->sk_mark;
235 fl6.fl6_dport = usin->sin6_port;
236 fl6.fl6_sport = inet->inet_sport;
237 fl6.flowi6_uid = sk->sk_uid;
239 opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
240 final_p = fl6_update_dst(&fl6, opt, &final);
242 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
244 dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
252 sk->sk_v6_rcv_saddr = *saddr;
255 /* set the source address */
257 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
259 sk->sk_gso_type = SKB_GSO_TCPV6;
260 ip6_dst_store(sk, dst, NULL, NULL);
262 if (tcp_death_row->sysctl_tw_recycle &&
263 !tp->rx_opt.ts_recent_stamp &&
264 ipv6_addr_equal(&fl6.daddr, &sk->sk_v6_daddr))
265 tcp_fetch_timewait_stamp(sk, dst);
267 icsk->icsk_ext_hdr_len = 0;
269 icsk->icsk_ext_hdr_len = opt->opt_flen +
272 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
274 inet->inet_dport = usin->sin6_port;
276 tcp_set_state(sk, TCP_SYN_SENT);
277 err = inet6_hash_connect(tcp_death_row, sk);
283 if (!tp->write_seq && likely(!tp->repair))
284 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
285 sk->sk_v6_daddr.s6_addr32,
290 err = tcp_connect(sk);
297 tcp_set_state(sk, TCP_CLOSE);
300 inet->inet_dport = 0;
301 sk->sk_route_caps = 0;
305 static void tcp_v6_mtu_reduced(struct sock *sk)
307 struct dst_entry *dst;
309 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
312 dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info);
316 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
317 tcp_sync_mss(sk, dst_mtu(dst));
318 tcp_simple_retransmit(sk);
322 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
323 u8 type, u8 code, int offset, __be32 info)
325 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
326 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
327 struct net *net = dev_net(skb->dev);
328 struct request_sock *fastopen;
329 struct ipv6_pinfo *np;
336 sk = __inet6_lookup_established(net, &tcp_hashinfo,
337 &hdr->daddr, th->dest,
338 &hdr->saddr, ntohs(th->source),
342 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev),
347 if (sk->sk_state == TCP_TIME_WAIT) {
348 inet_twsk_put(inet_twsk(sk));
351 seq = ntohl(th->seq);
352 fatal = icmpv6_err_convert(type, code, &err);
353 if (sk->sk_state == TCP_NEW_SYN_RECV)
354 return tcp_req_err(sk, seq, fatal);
357 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
358 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS);
360 if (sk->sk_state == TCP_CLOSE)
363 if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) {
364 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
369 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
370 fastopen = tp->fastopen_rsk;
371 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
372 if (sk->sk_state != TCP_LISTEN &&
373 !between(seq, snd_una, tp->snd_nxt)) {
374 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
380 if (type == NDISC_REDIRECT) {
381 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
384 dst->ops->redirect(dst, sk, skb);
388 if (type == ICMPV6_PKT_TOOBIG) {
389 /* We are not interested in TCP_LISTEN and open_requests
390 * (SYN-ACKs send out by Linux are always <576bytes so
391 * they should go through unfragmented).
393 if (sk->sk_state == TCP_LISTEN)
396 if (!ip6_sk_accept_pmtu(sk))
399 tp->mtu_info = ntohl(info);
400 if (!sock_owned_by_user(sk))
401 tcp_v6_mtu_reduced(sk);
402 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
409 /* Might be for an request_sock */
410 switch (sk->sk_state) {
413 /* Only in fast or simultaneous open. If a fast open socket is
414 * is already accepted it is treated as a connected one below.
416 if (fastopen && !fastopen->sk)
419 if (!sock_owned_by_user(sk)) {
421 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
425 sk->sk_err_soft = err;
429 if (!sock_owned_by_user(sk) && np->recverr) {
431 sk->sk_error_report(sk);
433 sk->sk_err_soft = err;
441 static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst,
443 struct request_sock *req,
444 struct tcp_fastopen_cookie *foc,
445 enum tcp_synack_type synack_type)
447 struct inet_request_sock *ireq = inet_rsk(req);
448 struct ipv6_pinfo *np = inet6_sk(sk);
449 struct ipv6_txoptions *opt;
450 struct flowi6 *fl6 = &fl->u.ip6;
454 /* First, grab a route. */
455 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req,
456 IPPROTO_TCP)) == NULL)
459 skb = tcp_make_synack(sk, dst, req, foc, synack_type);
462 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
463 &ireq->ir_v6_rmt_addr);
465 fl6->daddr = ireq->ir_v6_rmt_addr;
466 if (np->repflow && ireq->pktopts)
467 fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
470 opt = ireq->ipv6_opt;
472 opt = rcu_dereference(np->opt);
473 err = ip6_xmit(sk, skb, fl6, opt, np->tclass);
475 err = net_xmit_eval(err);
483 static void tcp_v6_reqsk_destructor(struct request_sock *req)
485 kfree(inet_rsk(req)->ipv6_opt);
486 kfree_skb(inet_rsk(req)->pktopts);
489 #ifdef CONFIG_TCP_MD5SIG
490 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
491 const struct in6_addr *addr)
493 return tcp_md5_do_lookup(sk, (union tcp_md5_addr *)addr, AF_INET6);
496 static struct tcp_md5sig_key *tcp_v6_md5_lookup(const struct sock *sk,
497 const struct sock *addr_sk)
499 return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr);
502 static int tcp_v6_parse_md5_keys(struct sock *sk, char __user *optval,
505 struct tcp_md5sig cmd;
506 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
508 if (optlen < sizeof(cmd))
511 if (copy_from_user(&cmd, optval, sizeof(cmd)))
514 if (sin6->sin6_family != AF_INET6)
517 if (!cmd.tcpm_keylen) {
518 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
519 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
521 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
525 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
528 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
529 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
530 AF_INET, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
532 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
533 AF_INET6, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
536 static int tcp_v6_md5_hash_headers(struct tcp_md5sig_pool *hp,
537 const struct in6_addr *daddr,
538 const struct in6_addr *saddr,
539 const struct tcphdr *th, int nbytes)
541 struct tcp6_pseudohdr *bp;
542 struct scatterlist sg;
546 /* 1. TCP pseudo-header (RFC2460) */
549 bp->protocol = cpu_to_be32(IPPROTO_TCP);
550 bp->len = cpu_to_be32(nbytes);
552 _th = (struct tcphdr *)(bp + 1);
553 memcpy(_th, th, sizeof(*th));
556 sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th));
557 ahash_request_set_crypt(hp->md5_req, &sg, NULL,
558 sizeof(*bp) + sizeof(*th));
559 return crypto_ahash_update(hp->md5_req);
562 static int tcp_v6_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
563 const struct in6_addr *daddr, struct in6_addr *saddr,
564 const struct tcphdr *th)
566 struct tcp_md5sig_pool *hp;
567 struct ahash_request *req;
569 hp = tcp_get_md5sig_pool();
571 goto clear_hash_noput;
574 if (crypto_ahash_init(req))
576 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, th->doff << 2))
578 if (tcp_md5_hash_key(hp, key))
580 ahash_request_set_crypt(req, NULL, md5_hash, 0);
581 if (crypto_ahash_final(req))
584 tcp_put_md5sig_pool();
588 tcp_put_md5sig_pool();
590 memset(md5_hash, 0, 16);
594 static int tcp_v6_md5_hash_skb(char *md5_hash,
595 const struct tcp_md5sig_key *key,
596 const struct sock *sk,
597 const struct sk_buff *skb)
599 const struct in6_addr *saddr, *daddr;
600 struct tcp_md5sig_pool *hp;
601 struct ahash_request *req;
602 const struct tcphdr *th = tcp_hdr(skb);
604 if (sk) { /* valid for establish/request sockets */
605 saddr = &sk->sk_v6_rcv_saddr;
606 daddr = &sk->sk_v6_daddr;
608 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
609 saddr = &ip6h->saddr;
610 daddr = &ip6h->daddr;
613 hp = tcp_get_md5sig_pool();
615 goto clear_hash_noput;
618 if (crypto_ahash_init(req))
621 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, skb->len))
623 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
625 if (tcp_md5_hash_key(hp, key))
627 ahash_request_set_crypt(req, NULL, md5_hash, 0);
628 if (crypto_ahash_final(req))
631 tcp_put_md5sig_pool();
635 tcp_put_md5sig_pool();
637 memset(md5_hash, 0, 16);
643 static bool tcp_v6_inbound_md5_hash(const struct sock *sk,
644 const struct sk_buff *skb)
646 #ifdef CONFIG_TCP_MD5SIG
647 const __u8 *hash_location = NULL;
648 struct tcp_md5sig_key *hash_expected;
649 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
650 const struct tcphdr *th = tcp_hdr(skb);
654 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
655 hash_location = tcp_parse_md5sig_option(th);
657 /* We've parsed the options - do we have a hash? */
658 if (!hash_expected && !hash_location)
661 if (hash_expected && !hash_location) {
662 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
666 if (!hash_expected && hash_location) {
667 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
671 /* check the signature */
672 genhash = tcp_v6_md5_hash_skb(newhash,
676 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
677 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5FAILURE);
678 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
679 genhash ? "failed" : "mismatch",
680 &ip6h->saddr, ntohs(th->source),
681 &ip6h->daddr, ntohs(th->dest));
688 static void tcp_v6_init_req(struct request_sock *req,
689 const struct sock *sk_listener,
692 struct inet_request_sock *ireq = inet_rsk(req);
693 const struct ipv6_pinfo *np = inet6_sk(sk_listener);
695 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
696 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
698 /* So that link locals have meaning */
699 if (!sk_listener->sk_bound_dev_if &&
700 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
701 ireq->ir_iif = tcp_v6_iif(skb);
703 if (!TCP_SKB_CB(skb)->tcp_tw_isn &&
704 (ipv6_opt_accepted(sk_listener, skb, &TCP_SKB_CB(skb)->header.h6) ||
705 np->rxopt.bits.rxinfo ||
706 np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim ||
707 np->rxopt.bits.rxohlim || np->repflow)) {
708 atomic_inc(&skb->users);
713 static struct dst_entry *tcp_v6_route_req(const struct sock *sk,
715 const struct request_sock *req,
720 return inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP);
723 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
725 .obj_size = sizeof(struct tcp6_request_sock),
726 .rtx_syn_ack = tcp_rtx_synack,
727 .send_ack = tcp_v6_reqsk_send_ack,
728 .destructor = tcp_v6_reqsk_destructor,
729 .send_reset = tcp_v6_send_reset,
730 .syn_ack_timeout = tcp_syn_ack_timeout,
733 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
734 .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) -
735 sizeof(struct ipv6hdr),
736 #ifdef CONFIG_TCP_MD5SIG
737 .req_md5_lookup = tcp_v6_md5_lookup,
738 .calc_md5_hash = tcp_v6_md5_hash_skb,
740 .init_req = tcp_v6_init_req,
741 #ifdef CONFIG_SYN_COOKIES
742 .cookie_init_seq = cookie_v6_init_sequence,
744 .route_req = tcp_v6_route_req,
745 .init_seq = tcp_v6_init_sequence,
746 .send_synack = tcp_v6_send_synack,
749 static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 seq,
750 u32 ack, u32 win, u32 tsval, u32 tsecr,
751 int oif, struct tcp_md5sig_key *key, int rst,
752 u8 tclass, __be32 label)
754 const struct tcphdr *th = tcp_hdr(skb);
756 struct sk_buff *buff;
758 struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
759 struct sock *ctl_sk = net->ipv6.tcp_sk;
760 unsigned int tot_len = sizeof(struct tcphdr);
761 struct dst_entry *dst;
765 tot_len += TCPOLEN_TSTAMP_ALIGNED;
766 #ifdef CONFIG_TCP_MD5SIG
768 tot_len += TCPOLEN_MD5SIG_ALIGNED;
771 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
776 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
778 t1 = (struct tcphdr *) skb_push(buff, tot_len);
779 skb_reset_transport_header(buff);
781 /* Swap the send and the receive. */
782 memset(t1, 0, sizeof(*t1));
783 t1->dest = th->source;
784 t1->source = th->dest;
785 t1->doff = tot_len / 4;
786 t1->seq = htonl(seq);
787 t1->ack_seq = htonl(ack);
788 t1->ack = !rst || !th->ack;
790 t1->window = htons(win);
792 topt = (__be32 *)(t1 + 1);
795 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
796 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
797 *topt++ = htonl(tsval);
798 *topt++ = htonl(tsecr);
801 #ifdef CONFIG_TCP_MD5SIG
803 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
804 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
805 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
806 &ipv6_hdr(skb)->saddr,
807 &ipv6_hdr(skb)->daddr, t1);
811 memset(&fl6, 0, sizeof(fl6));
812 fl6.daddr = ipv6_hdr(skb)->saddr;
813 fl6.saddr = ipv6_hdr(skb)->daddr;
814 fl6.flowlabel = label;
816 buff->ip_summed = CHECKSUM_PARTIAL;
819 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
821 fl6.flowi6_proto = IPPROTO_TCP;
822 if (rt6_need_strict(&fl6.daddr) && !oif)
823 fl6.flowi6_oif = tcp_v6_iif(skb);
825 if (!oif && netif_index_is_l3_master(net, skb->skb_iif))
828 fl6.flowi6_oif = oif;
831 fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark);
832 fl6.fl6_dport = t1->dest;
833 fl6.fl6_sport = t1->source;
834 fl6.flowi6_uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL);
835 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
837 /* Pass a socket to ip6_dst_lookup either it is for RST
838 * Underlying function will use this to retrieve the network
841 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
843 skb_dst_set(buff, dst);
844 ip6_xmit(ctl_sk, buff, &fl6, NULL, tclass);
845 TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
847 TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
854 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb)
856 const struct tcphdr *th = tcp_hdr(skb);
857 u32 seq = 0, ack_seq = 0;
858 struct tcp_md5sig_key *key = NULL;
859 #ifdef CONFIG_TCP_MD5SIG
860 const __u8 *hash_location = NULL;
861 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
862 unsigned char newhash[16];
864 struct sock *sk1 = NULL;
871 /* If sk not NULL, it means we did a successful lookup and incoming
872 * route had to be correct. prequeue might have dropped our dst.
874 if (!sk && !ipv6_unicast_destination(skb))
877 #ifdef CONFIG_TCP_MD5SIG
879 hash_location = tcp_parse_md5sig_option(th);
880 if (sk && sk_fullsock(sk)) {
881 key = tcp_v6_md5_do_lookup(sk, &ipv6h->saddr);
882 } else if (hash_location) {
884 * active side is lost. Try to find listening socket through
885 * source port, and then find md5 key through listening socket.
886 * we are not loose security here:
887 * Incoming packet is checked with md5 hash with finding key,
888 * no RST generated if md5 hash doesn't match.
890 sk1 = inet6_lookup_listener(dev_net(skb_dst(skb)->dev),
891 &tcp_hashinfo, NULL, 0,
893 th->source, &ipv6h->daddr,
894 ntohs(th->source), tcp_v6_iif(skb));
898 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr);
902 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, skb);
903 if (genhash || memcmp(hash_location, newhash, 16) != 0)
909 seq = ntohl(th->ack_seq);
911 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
914 oif = sk ? sk->sk_bound_dev_if : 0;
915 tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, key, 1, 0, 0);
917 #ifdef CONFIG_TCP_MD5SIG
923 static void tcp_v6_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq,
924 u32 ack, u32 win, u32 tsval, u32 tsecr, int oif,
925 struct tcp_md5sig_key *key, u8 tclass,
928 tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, key, 0,
932 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
934 struct inet_timewait_sock *tw = inet_twsk(sk);
935 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
937 tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
938 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
939 tcp_time_stamp + tcptw->tw_ts_offset,
940 tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw),
941 tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel));
946 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
947 struct request_sock *req)
949 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
950 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
953 * The window field (SEG.WND) of every outgoing segment, with the
954 * exception of <SYN> segments, MUST be right-shifted by
955 * Rcv.Wind.Shift bits:
957 tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ?
958 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
959 tcp_rsk(req)->rcv_nxt,
960 req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale,
961 tcp_time_stamp + tcp_rsk(req)->ts_off,
962 req->ts_recent, sk->sk_bound_dev_if,
963 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr),
968 static struct sock *tcp_v6_cookie_check(struct sock *sk, struct sk_buff *skb)
970 #ifdef CONFIG_SYN_COOKIES
971 const struct tcphdr *th = tcp_hdr(skb);
974 sk = cookie_v6_check(sk, skb);
979 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
981 if (skb->protocol == htons(ETH_P_IP))
982 return tcp_v4_conn_request(sk, skb);
984 if (!ipv6_unicast_destination(skb))
987 return tcp_conn_request(&tcp6_request_sock_ops,
988 &tcp_request_sock_ipv6_ops, sk, skb);
992 return 0; /* don't send reset */
995 static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
996 struct request_sock *req,
997 struct dst_entry *dst,
998 struct request_sock *req_unhash,
1001 struct inet_request_sock *ireq;
1002 struct ipv6_pinfo *newnp;
1003 const struct ipv6_pinfo *np = inet6_sk(sk);
1004 struct ipv6_txoptions *opt;
1005 struct tcp6_sock *newtcp6sk;
1006 struct inet_sock *newinet;
1007 struct tcp_sock *newtp;
1009 #ifdef CONFIG_TCP_MD5SIG
1010 struct tcp_md5sig_key *key;
1014 if (skb->protocol == htons(ETH_P_IP)) {
1019 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst,
1020 req_unhash, own_req);
1025 newtcp6sk = (struct tcp6_sock *)newsk;
1026 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1028 newinet = inet_sk(newsk);
1029 newnp = inet6_sk(newsk);
1030 newtp = tcp_sk(newsk);
1032 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1034 newnp->saddr = newsk->sk_v6_rcv_saddr;
1036 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1037 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1038 #ifdef CONFIG_TCP_MD5SIG
1039 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1042 newnp->ipv6_ac_list = NULL;
1043 newnp->ipv6_fl_list = NULL;
1044 newnp->pktoptions = NULL;
1046 newnp->mcast_oif = tcp_v6_iif(skb);
1047 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1048 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1050 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1053 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1054 * here, tcp_create_openreq_child now does this for us, see the comment in
1055 * that function for the gory details. -acme
1058 /* It is tricky place. Until this moment IPv4 tcp
1059 worked with IPv6 icsk.icsk_af_ops.
1062 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1067 ireq = inet_rsk(req);
1069 if (sk_acceptq_is_full(sk))
1073 dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_TCP);
1078 newsk = tcp_create_openreq_child(sk, req, skb);
1083 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1084 * count here, tcp_create_openreq_child now does this for us, see the
1085 * comment in that function for the gory details. -acme
1088 newsk->sk_gso_type = SKB_GSO_TCPV6;
1089 ip6_dst_store(newsk, dst, NULL, NULL);
1090 inet6_sk_rx_dst_set(newsk, skb);
1092 newtcp6sk = (struct tcp6_sock *)newsk;
1093 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1095 newtp = tcp_sk(newsk);
1096 newinet = inet_sk(newsk);
1097 newnp = inet6_sk(newsk);
1099 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1101 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
1102 newnp->saddr = ireq->ir_v6_loc_addr;
1103 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
1104 newsk->sk_bound_dev_if = ireq->ir_iif;
1106 /* Now IPv6 options...
1108 First: no IPv4 options.
1110 newinet->inet_opt = NULL;
1111 newnp->ipv6_ac_list = NULL;
1112 newnp->ipv6_fl_list = NULL;
1115 newnp->rxopt.all = np->rxopt.all;
1117 newnp->pktoptions = NULL;
1119 newnp->mcast_oif = tcp_v6_iif(skb);
1120 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1121 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1123 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1125 /* Clone native IPv6 options from listening socket (if any)
1127 Yes, keeping reference count would be much more clever,
1128 but we make one more one thing there: reattach optmem
1131 opt = ireq->ipv6_opt;
1133 opt = rcu_dereference(np->opt);
1135 opt = ipv6_dup_options(newsk, opt);
1136 RCU_INIT_POINTER(newnp->opt, opt);
1138 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1140 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen +
1143 tcp_ca_openreq_child(newsk, dst);
1145 tcp_sync_mss(newsk, dst_mtu(dst));
1146 newtp->advmss = dst_metric_advmss(dst);
1147 if (tcp_sk(sk)->rx_opt.user_mss &&
1148 tcp_sk(sk)->rx_opt.user_mss < newtp->advmss)
1149 newtp->advmss = tcp_sk(sk)->rx_opt.user_mss;
1151 tcp_initialize_rcv_mss(newsk);
1153 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1154 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1156 #ifdef CONFIG_TCP_MD5SIG
1157 /* Copy over the MD5 key from the original socket */
1158 key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr);
1160 /* We're using one, so create a matching key
1161 * on the newsk structure. If we fail to get
1162 * memory, then we end up not copying the key
1165 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr,
1166 AF_INET6, key->key, key->keylen,
1167 sk_gfp_mask(sk, GFP_ATOMIC));
1171 if (__inet_inherit_port(sk, newsk) < 0) {
1172 inet_csk_prepare_forced_close(newsk);
1176 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash));
1178 tcp_move_syn(newtp, req);
1180 /* Clone pktoptions received with SYN, if we own the req */
1181 if (ireq->pktopts) {
1182 newnp->pktoptions = skb_clone(ireq->pktopts,
1183 sk_gfp_mask(sk, GFP_ATOMIC));
1184 consume_skb(ireq->pktopts);
1185 ireq->pktopts = NULL;
1186 if (newnp->pktoptions)
1187 skb_set_owner_r(newnp->pktoptions, newsk);
1194 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1202 static void tcp_v6_restore_cb(struct sk_buff *skb)
1204 /* We need to move header back to the beginning if xfrm6_policy_check()
1205 * and tcp_v6_fill_cb() are going to be called again.
1206 * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there.
1208 memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
1209 sizeof(struct inet6_skb_parm));
1212 /* The socket must have it's spinlock held when we get
1213 * here, unless it is a TCP_LISTEN socket.
1215 * We have a potential double-lock case here, so even when
1216 * doing backlog processing we use the BH locking scheme.
1217 * This is because we cannot sleep with the original spinlock
1220 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1222 struct ipv6_pinfo *np = inet6_sk(sk);
1223 struct tcp_sock *tp;
1224 struct sk_buff *opt_skb = NULL;
1226 /* Imagine: socket is IPv6. IPv4 packet arrives,
1227 goes to IPv4 receive handler and backlogged.
1228 From backlog it always goes here. Kerboom...
1229 Fortunately, tcp_rcv_established and rcv_established
1230 handle them correctly, but it is not case with
1231 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1234 if (skb->protocol == htons(ETH_P_IP))
1235 return tcp_v4_do_rcv(sk, skb);
1237 if (tcp_filter(sk, skb))
1241 * socket locking is here for SMP purposes as backlog rcv
1242 * is currently called with bh processing disabled.
1245 /* Do Stevens' IPV6_PKTOPTIONS.
1247 Yes, guys, it is the only place in our code, where we
1248 may make it not affecting IPv4.
1249 The rest of code is protocol independent,
1250 and I do not like idea to uglify IPv4.
1252 Actually, all the idea behind IPV6_PKTOPTIONS
1253 looks not very well thought. For now we latch
1254 options, received in the last packet, enqueued
1255 by tcp. Feel free to propose better solution.
1259 opt_skb = skb_clone(skb, sk_gfp_mask(sk, GFP_ATOMIC));
1261 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1262 struct dst_entry *dst = sk->sk_rx_dst;
1264 sock_rps_save_rxhash(sk, skb);
1265 sk_mark_napi_id(sk, skb);
1267 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
1268 dst->ops->check(dst, np->rx_dst_cookie) == NULL) {
1270 sk->sk_rx_dst = NULL;
1274 tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len);
1276 goto ipv6_pktoptions;
1280 if (tcp_checksum_complete(skb))
1283 if (sk->sk_state == TCP_LISTEN) {
1284 struct sock *nsk = tcp_v6_cookie_check(sk, skb);
1290 sock_rps_save_rxhash(nsk, skb);
1291 sk_mark_napi_id(nsk, skb);
1292 if (tcp_child_process(sk, nsk, skb))
1295 __kfree_skb(opt_skb);
1299 sock_rps_save_rxhash(sk, skb);
1301 if (tcp_rcv_state_process(sk, skb))
1304 goto ipv6_pktoptions;
1308 tcp_v6_send_reset(sk, skb);
1311 __kfree_skb(opt_skb);
1315 TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS);
1316 TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS);
1321 /* Do you ask, what is it?
1323 1. skb was enqueued by tcp.
1324 2. skb is added to tail of read queue, rather than out of order.
1325 3. socket is not in passive state.
1326 4. Finally, it really contains options, which user wants to receive.
1329 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1330 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1331 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1332 np->mcast_oif = tcp_v6_iif(opt_skb);
1333 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1334 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1335 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
1336 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
1338 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
1339 if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) {
1340 skb_set_owner_r(opt_skb, sk);
1341 tcp_v6_restore_cb(opt_skb);
1342 opt_skb = xchg(&np->pktoptions, opt_skb);
1344 __kfree_skb(opt_skb);
1345 opt_skb = xchg(&np->pktoptions, NULL);
1353 static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
1354 const struct tcphdr *th)
1356 /* This is tricky: we move IP6CB at its correct location into
1357 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
1358 * _decode_session6() uses IP6CB().
1359 * barrier() makes sure compiler won't play aliasing games.
1361 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
1362 sizeof(struct inet6_skb_parm));
1365 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1366 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1367 skb->len - th->doff*4);
1368 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1369 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1370 TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1371 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1372 TCP_SKB_CB(skb)->sacked = 0;
1375 static int tcp_v6_rcv(struct sk_buff *skb)
1377 const struct tcphdr *th;
1378 const struct ipv6hdr *hdr;
1382 struct net *net = dev_net(skb->dev);
1384 if (skb->pkt_type != PACKET_HOST)
1388 * Count it even if it's bad.
1390 __TCP_INC_STATS(net, TCP_MIB_INSEGS);
1392 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1395 th = (const struct tcphdr *)skb->data;
1397 if (unlikely(th->doff < sizeof(struct tcphdr)/4))
1399 if (!pskb_may_pull(skb, th->doff*4))
1402 if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo))
1405 th = (const struct tcphdr *)skb->data;
1406 hdr = ipv6_hdr(skb);
1409 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th),
1410 th->source, th->dest, inet6_iif(skb),
1416 if (sk->sk_state == TCP_TIME_WAIT)
1419 if (sk->sk_state == TCP_NEW_SYN_RECV) {
1420 struct request_sock *req = inet_reqsk(sk);
1423 sk = req->rsk_listener;
1424 tcp_v6_fill_cb(skb, hdr, th);
1425 if (tcp_v6_inbound_md5_hash(sk, skb)) {
1426 sk_drops_add(sk, skb);
1430 if (unlikely(sk->sk_state != TCP_LISTEN)) {
1431 inet_csk_reqsk_queue_drop_and_put(sk, req);
1436 nsk = tcp_check_req(sk, skb, req, false);
1439 goto discard_and_relse;
1443 tcp_v6_restore_cb(skb);
1444 } else if (tcp_child_process(sk, nsk, skb)) {
1445 tcp_v6_send_reset(nsk, skb);
1446 goto discard_and_relse;
1452 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
1453 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
1454 goto discard_and_relse;
1457 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1458 goto discard_and_relse;
1460 tcp_v6_fill_cb(skb, hdr, th);
1462 if (tcp_v6_inbound_md5_hash(sk, skb))
1463 goto discard_and_relse;
1465 if (tcp_filter(sk, skb))
1466 goto discard_and_relse;
1467 th = (const struct tcphdr *)skb->data;
1468 hdr = ipv6_hdr(skb);
1472 if (sk->sk_state == TCP_LISTEN) {
1473 ret = tcp_v6_do_rcv(sk, skb);
1474 goto put_and_return;
1477 sk_incoming_cpu_update(sk);
1479 bh_lock_sock_nested(sk);
1480 tcp_segs_in(tcp_sk(sk), skb);
1482 if (!sock_owned_by_user(sk)) {
1483 if (!tcp_prequeue(sk, skb))
1484 ret = tcp_v6_do_rcv(sk, skb);
1485 } else if (tcp_add_backlog(sk, skb)) {
1486 goto discard_and_relse;
1493 return ret ? -1 : 0;
1496 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1499 tcp_v6_fill_cb(skb, hdr, th);
1501 if (tcp_checksum_complete(skb)) {
1503 __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS);
1505 __TCP_INC_STATS(net, TCP_MIB_INERRS);
1507 tcp_v6_send_reset(NULL, skb);
1515 sk_drops_add(sk, skb);
1521 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1522 inet_twsk_put(inet_twsk(sk));
1526 tcp_v6_fill_cb(skb, hdr, th);
1528 if (tcp_checksum_complete(skb)) {
1529 inet_twsk_put(inet_twsk(sk));
1533 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1538 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1539 skb, __tcp_hdrlen(th),
1540 &ipv6_hdr(skb)->saddr, th->source,
1541 &ipv6_hdr(skb)->daddr,
1542 ntohs(th->dest), tcp_v6_iif(skb));
1544 struct inet_timewait_sock *tw = inet_twsk(sk);
1545 inet_twsk_deschedule_put(tw);
1547 tcp_v6_restore_cb(skb);
1551 /* Fall through to ACK */
1554 tcp_v6_timewait_ack(sk, skb);
1557 tcp_v6_restore_cb(skb);
1558 tcp_v6_send_reset(sk, skb);
1559 inet_twsk_deschedule_put(inet_twsk(sk));
1561 case TCP_TW_SUCCESS:
1567 static void tcp_v6_early_demux(struct sk_buff *skb)
1569 const struct ipv6hdr *hdr;
1570 const struct tcphdr *th;
1573 if (skb->pkt_type != PACKET_HOST)
1576 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1579 hdr = ipv6_hdr(skb);
1582 if (th->doff < sizeof(struct tcphdr) / 4)
1585 /* Note : We use inet6_iif() here, not tcp_v6_iif() */
1586 sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1587 &hdr->saddr, th->source,
1588 &hdr->daddr, ntohs(th->dest),
1592 skb->destructor = sock_edemux;
1593 if (sk_fullsock(sk)) {
1594 struct dst_entry *dst = READ_ONCE(sk->sk_rx_dst);
1597 dst = dst_check(dst, inet6_sk(sk)->rx_dst_cookie);
1599 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
1600 skb_dst_set_noref(skb, dst);
1605 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1606 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
1607 .twsk_unique = tcp_twsk_unique,
1608 .twsk_destructor = tcp_twsk_destructor,
1611 static const struct inet_connection_sock_af_ops ipv6_specific = {
1612 .queue_xmit = inet6_csk_xmit,
1613 .send_check = tcp_v6_send_check,
1614 .rebuild_header = inet6_sk_rebuild_header,
1615 .sk_rx_dst_set = inet6_sk_rx_dst_set,
1616 .conn_request = tcp_v6_conn_request,
1617 .syn_recv_sock = tcp_v6_syn_recv_sock,
1618 .net_header_len = sizeof(struct ipv6hdr),
1619 .net_frag_header_len = sizeof(struct frag_hdr),
1620 .setsockopt = ipv6_setsockopt,
1621 .getsockopt = ipv6_getsockopt,
1622 .addr2sockaddr = inet6_csk_addr2sockaddr,
1623 .sockaddr_len = sizeof(struct sockaddr_in6),
1624 .bind_conflict = inet6_csk_bind_conflict,
1625 #ifdef CONFIG_COMPAT
1626 .compat_setsockopt = compat_ipv6_setsockopt,
1627 .compat_getsockopt = compat_ipv6_getsockopt,
1629 .mtu_reduced = tcp_v6_mtu_reduced,
1632 #ifdef CONFIG_TCP_MD5SIG
1633 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1634 .md5_lookup = tcp_v6_md5_lookup,
1635 .calc_md5_hash = tcp_v6_md5_hash_skb,
1636 .md5_parse = tcp_v6_parse_md5_keys,
1641 * TCP over IPv4 via INET6 API
1643 static const struct inet_connection_sock_af_ops ipv6_mapped = {
1644 .queue_xmit = ip_queue_xmit,
1645 .send_check = tcp_v4_send_check,
1646 .rebuild_header = inet_sk_rebuild_header,
1647 .sk_rx_dst_set = inet_sk_rx_dst_set,
1648 .conn_request = tcp_v6_conn_request,
1649 .syn_recv_sock = tcp_v6_syn_recv_sock,
1650 .net_header_len = sizeof(struct iphdr),
1651 .setsockopt = ipv6_setsockopt,
1652 .getsockopt = ipv6_getsockopt,
1653 .addr2sockaddr = inet6_csk_addr2sockaddr,
1654 .sockaddr_len = sizeof(struct sockaddr_in6),
1655 .bind_conflict = inet6_csk_bind_conflict,
1656 #ifdef CONFIG_COMPAT
1657 .compat_setsockopt = compat_ipv6_setsockopt,
1658 .compat_getsockopt = compat_ipv6_getsockopt,
1660 .mtu_reduced = tcp_v4_mtu_reduced,
1663 #ifdef CONFIG_TCP_MD5SIG
1664 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1665 .md5_lookup = tcp_v4_md5_lookup,
1666 .calc_md5_hash = tcp_v4_md5_hash_skb,
1667 .md5_parse = tcp_v6_parse_md5_keys,
1671 /* NOTE: A lot of things set to zero explicitly by call to
1672 * sk_alloc() so need not be done here.
1674 static int tcp_v6_init_sock(struct sock *sk)
1676 struct inet_connection_sock *icsk = inet_csk(sk);
1680 icsk->icsk_af_ops = &ipv6_specific;
1682 #ifdef CONFIG_TCP_MD5SIG
1683 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
1689 static void tcp_v6_destroy_sock(struct sock *sk)
1691 tcp_v4_destroy_sock(sk);
1692 inet6_destroy_sock(sk);
1695 #ifdef CONFIG_PROC_FS
1696 /* Proc filesystem TCPv6 sock list dumping. */
1697 static void get_openreq6(struct seq_file *seq,
1698 const struct request_sock *req, int i)
1700 long ttd = req->rsk_timer.expires - jiffies;
1701 const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
1702 const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
1708 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1709 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
1711 src->s6_addr32[0], src->s6_addr32[1],
1712 src->s6_addr32[2], src->s6_addr32[3],
1713 inet_rsk(req)->ir_num,
1714 dest->s6_addr32[0], dest->s6_addr32[1],
1715 dest->s6_addr32[2], dest->s6_addr32[3],
1716 ntohs(inet_rsk(req)->ir_rmt_port),
1718 0, 0, /* could print option size, but that is af dependent. */
1719 1, /* timers active (only the expire timer) */
1720 jiffies_to_clock_t(ttd),
1722 from_kuid_munged(seq_user_ns(seq),
1723 sock_i_uid(req->rsk_listener)),
1724 0, /* non standard timer */
1725 0, /* open_requests have no inode */
1729 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1731 const struct in6_addr *dest, *src;
1734 unsigned long timer_expires;
1735 const struct inet_sock *inet = inet_sk(sp);
1736 const struct tcp_sock *tp = tcp_sk(sp);
1737 const struct inet_connection_sock *icsk = inet_csk(sp);
1738 const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq;
1742 dest = &sp->sk_v6_daddr;
1743 src = &sp->sk_v6_rcv_saddr;
1744 destp = ntohs(inet->inet_dport);
1745 srcp = ntohs(inet->inet_sport);
1747 if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
1748 icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT ||
1749 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
1751 timer_expires = icsk->icsk_timeout;
1752 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1754 timer_expires = icsk->icsk_timeout;
1755 } else if (timer_pending(&sp->sk_timer)) {
1757 timer_expires = sp->sk_timer.expires;
1760 timer_expires = jiffies;
1763 state = sk_state_load(sp);
1764 if (state == TCP_LISTEN)
1765 rx_queue = sp->sk_ack_backlog;
1767 /* Because we don't lock the socket,
1768 * we might find a transient negative value.
1770 rx_queue = max_t(int, tp->rcv_nxt - tp->copied_seq, 0);
1773 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1774 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
1776 src->s6_addr32[0], src->s6_addr32[1],
1777 src->s6_addr32[2], src->s6_addr32[3], srcp,
1778 dest->s6_addr32[0], dest->s6_addr32[1],
1779 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1781 tp->write_seq - tp->snd_una,
1784 jiffies_delta_to_clock_t(timer_expires - jiffies),
1785 icsk->icsk_retransmits,
1786 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
1787 icsk->icsk_probes_out,
1789 atomic_read(&sp->sk_refcnt), sp,
1790 jiffies_to_clock_t(icsk->icsk_rto),
1791 jiffies_to_clock_t(icsk->icsk_ack.ato),
1792 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
1794 state == TCP_LISTEN ?
1795 fastopenq->max_qlen :
1796 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
1800 static void get_timewait6_sock(struct seq_file *seq,
1801 struct inet_timewait_sock *tw, int i)
1803 long delta = tw->tw_timer.expires - jiffies;
1804 const struct in6_addr *dest, *src;
1807 dest = &tw->tw_v6_daddr;
1808 src = &tw->tw_v6_rcv_saddr;
1809 destp = ntohs(tw->tw_dport);
1810 srcp = ntohs(tw->tw_sport);
1813 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1814 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1816 src->s6_addr32[0], src->s6_addr32[1],
1817 src->s6_addr32[2], src->s6_addr32[3], srcp,
1818 dest->s6_addr32[0], dest->s6_addr32[1],
1819 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1820 tw->tw_substate, 0, 0,
1821 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
1822 atomic_read(&tw->tw_refcnt), tw);
1825 static int tcp6_seq_show(struct seq_file *seq, void *v)
1827 struct tcp_iter_state *st;
1828 struct sock *sk = v;
1830 if (v == SEQ_START_TOKEN) {
1835 "st tx_queue rx_queue tr tm->when retrnsmt"
1836 " uid timeout inode\n");
1841 if (sk->sk_state == TCP_TIME_WAIT)
1842 get_timewait6_sock(seq, v, st->num);
1843 else if (sk->sk_state == TCP_NEW_SYN_RECV)
1844 get_openreq6(seq, v, st->num);
1846 get_tcp6_sock(seq, v, st->num);
1851 static const struct file_operations tcp6_afinfo_seq_fops = {
1852 .owner = THIS_MODULE,
1853 .open = tcp_seq_open,
1855 .llseek = seq_lseek,
1856 .release = seq_release_net
1859 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1862 .seq_fops = &tcp6_afinfo_seq_fops,
1864 .show = tcp6_seq_show,
1868 int __net_init tcp6_proc_init(struct net *net)
1870 return tcp_proc_register(net, &tcp6_seq_afinfo);
1873 void tcp6_proc_exit(struct net *net)
1875 tcp_proc_unregister(net, &tcp6_seq_afinfo);
1879 struct proto tcpv6_prot = {
1881 .owner = THIS_MODULE,
1883 .connect = tcp_v6_connect,
1884 .disconnect = tcp_disconnect,
1885 .accept = inet_csk_accept,
1887 .init = tcp_v6_init_sock,
1888 .destroy = tcp_v6_destroy_sock,
1889 .shutdown = tcp_shutdown,
1890 .setsockopt = tcp_setsockopt,
1891 .getsockopt = tcp_getsockopt,
1892 .keepalive = tcp_set_keepalive,
1893 .recvmsg = tcp_recvmsg,
1894 .sendmsg = tcp_sendmsg,
1895 .sendpage = tcp_sendpage,
1896 .backlog_rcv = tcp_v6_do_rcv,
1897 .release_cb = tcp_release_cb,
1899 .unhash = inet_unhash,
1900 .get_port = inet_csk_get_port,
1901 .enter_memory_pressure = tcp_enter_memory_pressure,
1902 .stream_memory_free = tcp_stream_memory_free,
1903 .sockets_allocated = &tcp_sockets_allocated,
1904 .memory_allocated = &tcp_memory_allocated,
1905 .memory_pressure = &tcp_memory_pressure,
1906 .orphan_count = &tcp_orphan_count,
1907 .sysctl_mem = sysctl_tcp_mem,
1908 .sysctl_wmem = sysctl_tcp_wmem,
1909 .sysctl_rmem = sysctl_tcp_rmem,
1910 .max_header = MAX_TCP_HEADER,
1911 .obj_size = sizeof(struct tcp6_sock),
1912 .slab_flags = SLAB_DESTROY_BY_RCU,
1913 .twsk_prot = &tcp6_timewait_sock_ops,
1914 .rsk_prot = &tcp6_request_sock_ops,
1915 .h.hashinfo = &tcp_hashinfo,
1916 .no_autobind = true,
1917 #ifdef CONFIG_COMPAT
1918 .compat_setsockopt = compat_tcp_setsockopt,
1919 .compat_getsockopt = compat_tcp_getsockopt,
1921 .diag_destroy = tcp_abort,
1924 static const struct inet6_protocol tcpv6_protocol = {
1925 .early_demux = tcp_v6_early_demux,
1926 .handler = tcp_v6_rcv,
1927 .err_handler = tcp_v6_err,
1928 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1931 static struct inet_protosw tcpv6_protosw = {
1932 .type = SOCK_STREAM,
1933 .protocol = IPPROTO_TCP,
1934 .prot = &tcpv6_prot,
1935 .ops = &inet6_stream_ops,
1936 .flags = INET_PROTOSW_PERMANENT |
1940 static int __net_init tcpv6_net_init(struct net *net)
1942 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
1943 SOCK_RAW, IPPROTO_TCP, net);
1946 static void __net_exit tcpv6_net_exit(struct net *net)
1948 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
1951 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
1953 inet_twsk_purge(&tcp_hashinfo, AF_INET6);
1956 static struct pernet_operations tcpv6_net_ops = {
1957 .init = tcpv6_net_init,
1958 .exit = tcpv6_net_exit,
1959 .exit_batch = tcpv6_net_exit_batch,
1962 int __init tcpv6_init(void)
1966 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
1970 /* register inet6 protocol */
1971 ret = inet6_register_protosw(&tcpv6_protosw);
1973 goto out_tcpv6_protocol;
1975 ret = register_pernet_subsys(&tcpv6_net_ops);
1977 goto out_tcpv6_protosw;
1982 inet6_unregister_protosw(&tcpv6_protosw);
1984 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
1988 void tcpv6_exit(void)
1990 unregister_pernet_subsys(&tcpv6_net_ops);
1991 inet6_unregister_protosw(&tcpv6_protosw);
1992 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);