search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Linux 3.0.62
[linux/fpc-iii.git] / net / ipv6 / tcp_ipv6.c
bloba6d58501a7384ae78410445d3043f2bab9c58f02
1 /*
2 * TCP over IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * Based on:
9 * linux/net/ipv4/tcp.c
10 * linux/net/ipv4/tcp_input.c
11 * linux/net/ipv4/tcp_output.c
12 *
13 * Fixes:
14 * Hideaki YOSHIFUJI : sin6_scope_id support
15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
17 * a single port at the same time.
18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
19 *
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
24 */
25
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
34 #include <linux/in.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
41 #include <linux/slab.h>
42
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
46
47 #include <net/tcp.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
51 #include <net/ipv6.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
58 #include <net/xfrm.h>
59 #include <net/snmp.h>
60 #include <net/dsfield.h>
61 #include <net/timewait_sock.h>
62 #include <net/netdma.h>
63 #include <net/inet_common.h>
64 #include <net/secure_seq.h>
65
66 #include <asm/uaccess.h>
67
68 #include <linux/proc_fs.h>
69 #include <linux/seq_file.h>
70
71 #include <linux/crypto.h>
72 #include <linux/scatterlist.h>
73
74 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
75 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
76 struct request_sock *req);
77
78 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
79 static void __tcp_v6_send_check(struct sk_buff *skb,
80 const struct in6_addr *saddr,
81 const struct in6_addr *daddr);
82
83 static const struct inet_connection_sock_af_ops ipv6_mapped;
84 static const struct inet_connection_sock_af_ops ipv6_specific;
85 #ifdef CONFIG_TCP_MD5SIG
86 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
87 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
88 #else
89 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
90 const struct in6_addr *addr)
91 {
92 return NULL;
93 }
94 #endif
95
96 static void tcp_v6_hash(struct sock *sk)
97 {
98 if (sk->sk_state != TCP_CLOSE) {
99 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
100 tcp_prot.hash(sk);
101 return;
102 }
103 local_bh_disable();
104 __inet6_hash(sk, NULL);
105 local_bh_enable();
106 }
107 }
108
109 static __inline__ __sum16 tcp_v6_check(int len,
110 const struct in6_addr *saddr,
111 const struct in6_addr *daddr,
112 __wsum base)
113 {
114 return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
115 }
116
117 static __u32 tcp_v6_init_sequence(struct sk_buff *skb)
118 {
119 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
120 ipv6_hdr(skb)->saddr.s6_addr32,
121 tcp_hdr(skb)->dest,
122 tcp_hdr(skb)->source);
123 }
124
125 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
126 int addr_len)
127 {
128 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
129 struct inet_sock *inet = inet_sk(sk);
130 struct inet_connection_sock *icsk = inet_csk(sk);
131 struct ipv6_pinfo *np = inet6_sk(sk);
132 struct tcp_sock *tp = tcp_sk(sk);
133 struct in6_addr *saddr = NULL, *final_p, final;
134 struct rt6_info *rt;
135 struct flowi6 fl6;
136 struct dst_entry *dst;
137 int addr_type;
138 int err;
139
140 if (addr_len < SIN6_LEN_RFC2133)
141 return -EINVAL;
142
143 if (usin->sin6_family != AF_INET6)
144 return -EAFNOSUPPORT;
145
146 memset(&fl6, 0, sizeof(fl6));
147
148 if (np->sndflow) {
149 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
150 IP6_ECN_flow_init(fl6.flowlabel);
151 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
152 struct ip6_flowlabel *flowlabel;
153 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
154 if (flowlabel == NULL)
155 return -EINVAL;
156 ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
157 fl6_sock_release(flowlabel);
158 }
159 }
160
161 /*
162 * connect() to INADDR_ANY means loopback (BSD'ism).
163 */
164
165 if(ipv6_addr_any(&usin->sin6_addr))
166 usin->sin6_addr.s6_addr[15] = 0x1;
167
168 addr_type = ipv6_addr_type(&usin->sin6_addr);
169
170 if(addr_type & IPV6_ADDR_MULTICAST)
171 return -ENETUNREACH;
172
173 if (addr_type&IPV6_ADDR_LINKLOCAL) {
174 if (addr_len >= sizeof(struct sockaddr_in6) &&
175 usin->sin6_scope_id) {
176 /* If interface is set while binding, indices
177 * must coincide.
178 */
179 if (sk->sk_bound_dev_if &&
180 sk->sk_bound_dev_if != usin->sin6_scope_id)
181 return -EINVAL;
182
183 sk->sk_bound_dev_if = usin->sin6_scope_id;
184 }
185
186 /* Connect to link-local address requires an interface */
187 if (!sk->sk_bound_dev_if)
188 return -EINVAL;
189 }
190
191 if (tp->rx_opt.ts_recent_stamp &&
192 !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
193 tp->rx_opt.ts_recent = 0;
194 tp->rx_opt.ts_recent_stamp = 0;
195 tp->write_seq = 0;
196 }
197
198 ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
199 np->flow_label = fl6.flowlabel;
200
201 /*
202 * TCP over IPv4
203 */
204
205 if (addr_type == IPV6_ADDR_MAPPED) {
206 u32 exthdrlen = icsk->icsk_ext_hdr_len;
207 struct sockaddr_in sin;
208
209 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
210
211 if (__ipv6_only_sock(sk))
212 return -ENETUNREACH;
213
214 sin.sin_family = AF_INET;
215 sin.sin_port = usin->sin6_port;
216 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
217
218 icsk->icsk_af_ops = &ipv6_mapped;
219 sk->sk_backlog_rcv = tcp_v4_do_rcv;
220 #ifdef CONFIG_TCP_MD5SIG
221 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
222 #endif
223
224 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
225
226 if (err) {
227 icsk->icsk_ext_hdr_len = exthdrlen;
228 icsk->icsk_af_ops = &ipv6_specific;
229 sk->sk_backlog_rcv = tcp_v6_do_rcv;
230 #ifdef CONFIG_TCP_MD5SIG
231 tp->af_specific = &tcp_sock_ipv6_specific;
232 #endif
233 goto failure;
234 } else {
235 ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr);
236 ipv6_addr_set_v4mapped(inet->inet_rcv_saddr,
237 &np->rcv_saddr);
238 }
239
240 return err;
241 }
242
243 if (!ipv6_addr_any(&np->rcv_saddr))
244 saddr = &np->rcv_saddr;
245
246 fl6.flowi6_proto = IPPROTO_TCP;
247 ipv6_addr_copy(&fl6.daddr, &np->daddr);
248 ipv6_addr_copy(&fl6.saddr,
249 (saddr ? saddr : &np->saddr));
250 fl6.flowi6_oif = sk->sk_bound_dev_if;
251 fl6.flowi6_mark = sk->sk_mark;
252 fl6.fl6_dport = usin->sin6_port;
253 fl6.fl6_sport = inet->inet_sport;
254
255 final_p = fl6_update_dst(&fl6, np->opt, &final);
256
257 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
258
259 dst = ip6_dst_lookup_flow(sk, &fl6, final_p, true);
260 if (IS_ERR(dst)) {
261 err = PTR_ERR(dst);
262 goto failure;
263 }
264
265 if (saddr == NULL) {
266 saddr = &fl6.saddr;
267 ipv6_addr_copy(&np->rcv_saddr, saddr);
268 }
269
270 /* set the source address */
271 ipv6_addr_copy(&np->saddr, saddr);
272 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
273
274 sk->sk_gso_type = SKB_GSO_TCPV6;
275 __ip6_dst_store(sk, dst, NULL, NULL);
276
277 rt = (struct rt6_info *) dst;
278 if (tcp_death_row.sysctl_tw_recycle &&
279 !tp->rx_opt.ts_recent_stamp &&
280 ipv6_addr_equal(&rt->rt6i_dst.addr, &np->daddr)) {
281 struct inet_peer *peer = rt6_get_peer(rt);
282 /*
283 * VJ's idea. We save last timestamp seen from
284 * the destination in peer table, when entering state
285 * TIME-WAIT * and initialize rx_opt.ts_recent from it,
286 * when trying new connection.
287 */
288 if (peer) {
289 inet_peer_refcheck(peer);
290 if ((u32)get_seconds() - peer->tcp_ts_stamp <= TCP_PAWS_MSL) {
291 tp->rx_opt.ts_recent_stamp = peer->tcp_ts_stamp;
292 tp->rx_opt.ts_recent = peer->tcp_ts;
293 }
294 }
295 }
296
297 icsk->icsk_ext_hdr_len = 0;
298 if (np->opt)
299 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
300 np->opt->opt_nflen);
301
302 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
303
304 inet->inet_dport = usin->sin6_port;
305
306 tcp_set_state(sk, TCP_SYN_SENT);
307 err = inet6_hash_connect(&tcp_death_row, sk);
308 if (err)
309 goto late_failure;
310
311 if (!tp->write_seq)
312 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
313 np->daddr.s6_addr32,
314 inet->inet_sport,
315 inet->inet_dport);
316
317 err = tcp_connect(sk);
318 if (err)
319 goto late_failure;
320
321 return 0;
322
323 late_failure:
324 tcp_set_state(sk, TCP_CLOSE);
325 __sk_dst_reset(sk);
326 failure:
327 inet->inet_dport = 0;
328 sk->sk_route_caps = 0;
329 return err;
330 }
331
332 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
333 u8 type, u8 code, int offset, __be32 info)
334 {
335 const struct ipv6hdr *hdr = (const struct ipv6hdr*)skb->data;
336 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
337 struct ipv6_pinfo *np;
338 struct sock *sk;
339 int err;
340 struct tcp_sock *tp;
341 __u32 seq;
342 struct net *net = dev_net(skb->dev);
343
344 sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr,
345 th->dest, &hdr->saddr, th->source, skb->dev->ifindex);
346
347 if (sk == NULL) {
348 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev),
349 ICMP6_MIB_INERRORS);
350 return;
351 }
352
353 if (sk->sk_state == TCP_TIME_WAIT) {
354 inet_twsk_put(inet_twsk(sk));
355 return;
356 }
357
358 bh_lock_sock(sk);
359 if (sock_owned_by_user(sk))
360 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
361
362 if (sk->sk_state == TCP_CLOSE)
363 goto out;
364
365 if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) {
366 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
367 goto out;
368 }
369
370 tp = tcp_sk(sk);
371 seq = ntohl(th->seq);
372 if (sk->sk_state != TCP_LISTEN &&
373 !between(seq, tp->snd_una, tp->snd_nxt)) {
374 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
375 goto out;
376 }
377
378 np = inet6_sk(sk);
379
380 if (type == ICMPV6_PKT_TOOBIG) {
381 struct dst_entry *dst;
382
383 if (sock_owned_by_user(sk))
384 goto out;
385 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
386 goto out;
387
388 /* icmp should have updated the destination cache entry */
389 dst = __sk_dst_check(sk, np->dst_cookie);
390
391 if (dst == NULL) {
392 struct inet_sock *inet = inet_sk(sk);
393 struct flowi6 fl6;
394
395 /* BUGGG_FUTURE: Again, it is not clear how
396 to handle rthdr case. Ignore this complexity
397 for now.
398 */
399 memset(&fl6, 0, sizeof(fl6));
400 fl6.flowi6_proto = IPPROTO_TCP;
401 ipv6_addr_copy(&fl6.daddr, &np->daddr);
402 ipv6_addr_copy(&fl6.saddr, &np->saddr);
403 fl6.flowi6_oif = sk->sk_bound_dev_if;
404 fl6.flowi6_mark = sk->sk_mark;
405 fl6.fl6_dport = inet->inet_dport;
406 fl6.fl6_sport = inet->inet_sport;
407 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
408
409 dst = ip6_dst_lookup_flow(sk, &fl6, NULL, false);
410 if (IS_ERR(dst)) {
411 sk->sk_err_soft = -PTR_ERR(dst);
412 goto out;
413 }
414
415 } else
416 dst_hold(dst);
417
418 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
419 tcp_sync_mss(sk, dst_mtu(dst));
420 tcp_simple_retransmit(sk);
421 } /* else let the usual retransmit timer handle it */
422 dst_release(dst);
423 goto out;
424 }
425
426 icmpv6_err_convert(type, code, &err);
427
428 /* Might be for an request_sock */
429 switch (sk->sk_state) {
430 struct request_sock *req, **prev;
431 case TCP_LISTEN:
432 if (sock_owned_by_user(sk))
433 goto out;
434
435 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
436 &hdr->saddr, inet6_iif(skb));
437 if (!req)
438 goto out;
439
440 /* ICMPs are not backlogged, hence we cannot get
441 * an established socket here.
442 */
443 WARN_ON(req->sk != NULL);
444
445 if (seq != tcp_rsk(req)->snt_isn) {
446 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
447 goto out;
448 }
449
450 inet_csk_reqsk_queue_drop(sk, req, prev);
451 goto out;
452
453 case TCP_SYN_SENT:
454 case TCP_SYN_RECV: /* Cannot happen.
455 It can, it SYNs are crossed. --ANK */
456 if (!sock_owned_by_user(sk)) {
457 sk->sk_err = err;
458 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
459
460 tcp_done(sk);
461 } else
462 sk->sk_err_soft = err;
463 goto out;
464 }
465
466 if (!sock_owned_by_user(sk) && np->recverr) {
467 sk->sk_err = err;
468 sk->sk_error_report(sk);
469 } else
470 sk->sk_err_soft = err;
471
472 out:
473 bh_unlock_sock(sk);
474 sock_put(sk);
475 }
476
477
478 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
479 struct request_values *rvp)
480 {
481 struct inet6_request_sock *treq = inet6_rsk(req);
482 struct ipv6_pinfo *np = inet6_sk(sk);
483 struct sk_buff * skb;
484 struct ipv6_txoptions *opt = NULL;
485 struct in6_addr * final_p, final;
486 struct flowi6 fl6;
487 struct dst_entry *dst;
488 int err;
489
490 memset(&fl6, 0, sizeof(fl6));
491 fl6.flowi6_proto = IPPROTO_TCP;
492 ipv6_addr_copy(&fl6.daddr, &treq->rmt_addr);
493 ipv6_addr_copy(&fl6.saddr, &treq->loc_addr);
494 fl6.flowlabel = 0;
495 fl6.flowi6_oif = treq->iif;
496 fl6.flowi6_mark = sk->sk_mark;
497 fl6.fl6_dport = inet_rsk(req)->rmt_port;
498 fl6.fl6_sport = inet_rsk(req)->loc_port;
499 security_req_classify_flow(req, flowi6_to_flowi(&fl6));
500
501 opt = np->opt;
502 final_p = fl6_update_dst(&fl6, opt, &final);
503
504 dst = ip6_dst_lookup_flow(sk, &fl6, final_p, false);
505 if (IS_ERR(dst)) {
506 err = PTR_ERR(dst);
507 dst = NULL;
508 goto done;
509 }
510 skb = tcp_make_synack(sk, dst, req, rvp);
511 err = -ENOMEM;
512 if (skb) {
513 __tcp_v6_send_check(skb, &treq->loc_addr, &treq->rmt_addr);
514
515 ipv6_addr_copy(&fl6.daddr, &treq->rmt_addr);
516 err = ip6_xmit(sk, skb, &fl6, opt);
517 err = net_xmit_eval(err);
518 }
519
520 done:
521 if (opt && opt != np->opt)
522 sock_kfree_s(sk, opt, opt->tot_len);
523 dst_release(dst);
524 return err;
525 }
526
527 static int tcp_v6_rtx_synack(struct sock *sk, struct request_sock *req,
528 struct request_values *rvp)
529 {
530 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_RETRANSSEGS);
531 return tcp_v6_send_synack(sk, req, rvp);
532 }
533
534 static inline void syn_flood_warning(struct sk_buff *skb)
535 {
536 #ifdef CONFIG_SYN_COOKIES
537 if (sysctl_tcp_syncookies)
538 printk(KERN_INFO
539 "TCPv6: Possible SYN flooding on port %d. "
540 "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest));
541 else
542 #endif
543 printk(KERN_INFO
544 "TCPv6: Possible SYN flooding on port %d. "
545 "Dropping request.\n", ntohs(tcp_hdr(skb)->dest));
546 }
547
548 static void tcp_v6_reqsk_destructor(struct request_sock *req)
549 {
550 kfree_skb(inet6_rsk(req)->pktopts);
551 }
552
553 #ifdef CONFIG_TCP_MD5SIG
554 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
555 const struct in6_addr *addr)
556 {
557 struct tcp_sock *tp = tcp_sk(sk);
558 int i;
559
560 BUG_ON(tp == NULL);
561
562 if (!tp->md5sig_info || !tp->md5sig_info->entries6)
563 return NULL;
564
565 for (i = 0; i < tp->md5sig_info->entries6; i++) {
566 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr))
567 return &tp->md5sig_info->keys6[i].base;
568 }
569 return NULL;
570 }
571
572 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
573 struct sock *addr_sk)
574 {
575 return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
576 }
577
578 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
579 struct request_sock *req)
580 {
581 return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
582 }
583
584 static int tcp_v6_md5_do_add(struct sock *sk, const struct in6_addr *peer,
585 char *newkey, u8 newkeylen)
586 {
587 /* Add key to the list */
588 struct tcp_md5sig_key *key;
589 struct tcp_sock *tp = tcp_sk(sk);
590 struct tcp6_md5sig_key *keys;
591
592 key = tcp_v6_md5_do_lookup(sk, peer);
593 if (key) {
594 /* modify existing entry - just update that one */
595 kfree(key->key);
596 key->key = newkey;
597 key->keylen = newkeylen;
598 } else {
599 /* reallocate new list if current one is full. */
600 if (!tp->md5sig_info) {
601 tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC);
602 if (!tp->md5sig_info) {
603 kfree(newkey);
604 return -ENOMEM;
605 }
606 sk_nocaps_add(sk, NETIF_F_GSO_MASK);
607 }
608 if (tp->md5sig_info->entries6 == 0 &&
609 tcp_alloc_md5sig_pool(sk) == NULL) {
610 kfree(newkey);
611 return -ENOMEM;
612 }
613 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) {
614 keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) *
615 (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
616
617 if (!keys) {
618 kfree(newkey);
619 if (tp->md5sig_info->entries6 == 0)
620 tcp_free_md5sig_pool();
621 return -ENOMEM;
622 }
623
624 if (tp->md5sig_info->entries6)
625 memmove(keys, tp->md5sig_info->keys6,
626 (sizeof (tp->md5sig_info->keys6[0]) *
627 tp->md5sig_info->entries6));
628
629 kfree(tp->md5sig_info->keys6);
630 tp->md5sig_info->keys6 = keys;
631 tp->md5sig_info->alloced6++;
632 }
633
634 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
635 peer);
636 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey;
637 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen;
638
639 tp->md5sig_info->entries6++;
640 }
641 return 0;
642 }
643
644 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk,
645 u8 *newkey, __u8 newkeylen)
646 {
647 return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr,
648 newkey, newkeylen);
649 }
650
651 static int tcp_v6_md5_do_del(struct sock *sk, const struct in6_addr *peer)
652 {
653 struct tcp_sock *tp = tcp_sk(sk);
654 int i;
655
656 for (i = 0; i < tp->md5sig_info->entries6; i++) {
657 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) {
658 /* Free the key */
659 kfree(tp->md5sig_info->keys6[i].base.key);
660 tp->md5sig_info->entries6--;
661
662 if (tp->md5sig_info->entries6 == 0) {
663 kfree(tp->md5sig_info->keys6);
664 tp->md5sig_info->keys6 = NULL;
665 tp->md5sig_info->alloced6 = 0;
666 tcp_free_md5sig_pool();
667 } else {
668 /* shrink the database */
669 if (tp->md5sig_info->entries6 != i)
670 memmove(&tp->md5sig_info->keys6[i],
671 &tp->md5sig_info->keys6[i+1],
672 (tp->md5sig_info->entries6 - i)
673 * sizeof (tp->md5sig_info->keys6[0]));
674 }
675 return 0;
676 }
677 }
678 return -ENOENT;
679 }
680
681 static void tcp_v6_clear_md5_list (struct sock *sk)
682 {
683 struct tcp_sock *tp = tcp_sk(sk);
684 int i;
685
686 if (tp->md5sig_info->entries6) {
687 for (i = 0; i < tp->md5sig_info->entries6; i++)
688 kfree(tp->md5sig_info->keys6[i].base.key);
689 tp->md5sig_info->entries6 = 0;
690 tcp_free_md5sig_pool();
691 }
692
693 kfree(tp->md5sig_info->keys6);
694 tp->md5sig_info->keys6 = NULL;
695 tp->md5sig_info->alloced6 = 0;
696
697 if (tp->md5sig_info->entries4) {
698 for (i = 0; i < tp->md5sig_info->entries4; i++)
699 kfree(tp->md5sig_info->keys4[i].base.key);
700 tp->md5sig_info->entries4 = 0;
701 tcp_free_md5sig_pool();
702 }
703
704 kfree(tp->md5sig_info->keys4);
705 tp->md5sig_info->keys4 = NULL;
706 tp->md5sig_info->alloced4 = 0;
707 }
708
709 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
710 int optlen)
711 {
712 struct tcp_md5sig cmd;
713 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
714 u8 *newkey;
715
716 if (optlen < sizeof(cmd))
717 return -EINVAL;
718
719 if (copy_from_user(&cmd, optval, sizeof(cmd)))
720 return -EFAULT;
721
722 if (sin6->sin6_family != AF_INET6)
723 return -EINVAL;
724
725 if (!cmd.tcpm_keylen) {
726 if (!tcp_sk(sk)->md5sig_info)
727 return -ENOENT;
728 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
729 return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
730 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr);
731 }
732
733 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
734 return -EINVAL;
735
736 if (!tcp_sk(sk)->md5sig_info) {
737 struct tcp_sock *tp = tcp_sk(sk);
738 struct tcp_md5sig_info *p;
739
740 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL);
741 if (!p)
742 return -ENOMEM;
743
744 tp->md5sig_info = p;
745 sk_nocaps_add(sk, NETIF_F_GSO_MASK);
746 }
747
748 newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
749 if (!newkey)
750 return -ENOMEM;
751 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) {
752 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3],
753 newkey, cmd.tcpm_keylen);
754 }
755 return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
756 }
757
758 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
759 const struct in6_addr *daddr,
760 const struct in6_addr *saddr, int nbytes)
761 {
762 struct tcp6_pseudohdr *bp;
763 struct scatterlist sg;
764
765 bp = &hp->md5_blk.ip6;
766 /* 1. TCP pseudo-header (RFC2460) */
767 ipv6_addr_copy(&bp->saddr, saddr);
768 ipv6_addr_copy(&bp->daddr, daddr);
769 bp->protocol = cpu_to_be32(IPPROTO_TCP);
770 bp->len = cpu_to_be32(nbytes);
771
772 sg_init_one(&sg, bp, sizeof(*bp));
773 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
774 }
775
776 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
777 const struct in6_addr *daddr, struct in6_addr *saddr,
778 struct tcphdr *th)
779 {
780 struct tcp_md5sig_pool *hp;
781 struct hash_desc *desc;
782
783 hp = tcp_get_md5sig_pool();
784 if (!hp)
785 goto clear_hash_noput;
786 desc = &hp->md5_desc;
787
788 if (crypto_hash_init(desc))
789 goto clear_hash;
790 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
791 goto clear_hash;
792 if (tcp_md5_hash_header(hp, th))
793 goto clear_hash;
794 if (tcp_md5_hash_key(hp, key))
795 goto clear_hash;
796 if (crypto_hash_final(desc, md5_hash))
797 goto clear_hash;
798
799 tcp_put_md5sig_pool();
800 return 0;
801
802 clear_hash:
803 tcp_put_md5sig_pool();
804 clear_hash_noput:
805 memset(md5_hash, 0, 16);
806 return 1;
807 }
808
809 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
810 struct sock *sk, struct request_sock *req,
811 struct sk_buff *skb)
812 {
813 const struct in6_addr *saddr, *daddr;
814 struct tcp_md5sig_pool *hp;
815 struct hash_desc *desc;
816 struct tcphdr *th = tcp_hdr(skb);
817
818 if (sk) {
819 saddr = &inet6_sk(sk)->saddr;
820 daddr = &inet6_sk(sk)->daddr;
821 } else if (req) {
822 saddr = &inet6_rsk(req)->loc_addr;
823 daddr = &inet6_rsk(req)->rmt_addr;
824 } else {
825 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
826 saddr = &ip6h->saddr;
827 daddr = &ip6h->daddr;
828 }
829
830 hp = tcp_get_md5sig_pool();
831 if (!hp)
832 goto clear_hash_noput;
833 desc = &hp->md5_desc;
834
835 if (crypto_hash_init(desc))
836 goto clear_hash;
837
838 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
839 goto clear_hash;
840 if (tcp_md5_hash_header(hp, th))
841 goto clear_hash;
842 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
843 goto clear_hash;
844 if (tcp_md5_hash_key(hp, key))
845 goto clear_hash;
846 if (crypto_hash_final(desc, md5_hash))
847 goto clear_hash;
848
849 tcp_put_md5sig_pool();
850 return 0;
851
852 clear_hash:
853 tcp_put_md5sig_pool();
854 clear_hash_noput:
855 memset(md5_hash, 0, 16);
856 return 1;
857 }
858
859 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
860 {
861 __u8 *hash_location = NULL;
862 struct tcp_md5sig_key *hash_expected;
863 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
864 struct tcphdr *th = tcp_hdr(skb);
865 int genhash;
866 u8 newhash[16];
867
868 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
869 hash_location = tcp_parse_md5sig_option(th);
870
871 /* We've parsed the options - do we have a hash? */
872 if (!hash_expected && !hash_location)
873 return 0;
874
875 if (hash_expected && !hash_location) {
876 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
877 return 1;
878 }
879
880 if (!hash_expected && hash_location) {
881 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
882 return 1;
883 }
884
885 /* check the signature */
886 genhash = tcp_v6_md5_hash_skb(newhash,
887 hash_expected,
888 NULL, NULL, skb);
889
890 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
891 if (net_ratelimit()) {
892 printk(KERN_INFO "MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
893 genhash ? "failed" : "mismatch",
894 &ip6h->saddr, ntohs(th->source),
895 &ip6h->daddr, ntohs(th->dest));
896 }
897 return 1;
898 }
899 return 0;
900 }
901 #endif
902
903 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
904 .family = AF_INET6,
905 .obj_size = sizeof(struct tcp6_request_sock),
906 .rtx_syn_ack = tcp_v6_rtx_synack,
907 .send_ack = tcp_v6_reqsk_send_ack,
908 .destructor = tcp_v6_reqsk_destructor,
909 .send_reset = tcp_v6_send_reset,
910 .syn_ack_timeout = tcp_syn_ack_timeout,
911 };
912
913 #ifdef CONFIG_TCP_MD5SIG
914 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
915 .md5_lookup = tcp_v6_reqsk_md5_lookup,
916 .calc_md5_hash = tcp_v6_md5_hash_skb,
917 };
918 #endif
919
920 static void __tcp_v6_send_check(struct sk_buff *skb,
921 const struct in6_addr *saddr, const struct in6_addr *daddr)
922 {
923 struct tcphdr *th = tcp_hdr(skb);
924
925 if (skb->ip_summed == CHECKSUM_PARTIAL) {
926 th->check = ~tcp_v6_check(skb->len, saddr, daddr, 0);
927 skb->csum_start = skb_transport_header(skb) - skb->head;
928 skb->csum_offset = offsetof(struct tcphdr, check);
929 } else {
930 th->check = tcp_v6_check(skb->len, saddr, daddr,
931 csum_partial(th, th->doff << 2,
932 skb->csum));
933 }
934 }
935
936 static void tcp_v6_send_check(struct sock *sk, struct sk_buff *skb)
937 {
938 struct ipv6_pinfo *np = inet6_sk(sk);
939
940 __tcp_v6_send_check(skb, &np->saddr, &np->daddr);
941 }
942
943 static int tcp_v6_gso_send_check(struct sk_buff *skb)
944 {
945 const struct ipv6hdr *ipv6h;
946 struct tcphdr *th;
947
948 if (!pskb_may_pull(skb, sizeof(*th)))
949 return -EINVAL;
950
951 ipv6h = ipv6_hdr(skb);
952 th = tcp_hdr(skb);
953
954 th->check = 0;
955 skb->ip_summed = CHECKSUM_PARTIAL;
956 __tcp_v6_send_check(skb, &ipv6h->saddr, &ipv6h->daddr);
957 return 0;
958 }
959
960 static struct sk_buff **tcp6_gro_receive(struct sk_buff **head,
961 struct sk_buff *skb)
962 {
963 const struct ipv6hdr *iph = skb_gro_network_header(skb);
964
965 switch (skb->ip_summed) {
966 case CHECKSUM_COMPLETE:
967 if (!tcp_v6_check(skb_gro_len(skb), &iph->saddr, &iph->daddr,
968 skb->csum)) {
969 skb->ip_summed = CHECKSUM_UNNECESSARY;
970 break;
971 }
972
973 /* fall through */
974 case CHECKSUM_NONE:
975 NAPI_GRO_CB(skb)->flush = 1;
976 return NULL;
977 }
978
979 return tcp_gro_receive(head, skb);
980 }
981
982 static int tcp6_gro_complete(struct sk_buff *skb)
983 {
984 const struct ipv6hdr *iph = ipv6_hdr(skb);
985 struct tcphdr *th = tcp_hdr(skb);
986
987 th->check = ~tcp_v6_check(skb->len - skb_transport_offset(skb),
988 &iph->saddr, &iph->daddr, 0);
989 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6;
990
991 return tcp_gro_complete(skb);
992 }
993
994 static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
995 u32 ts, struct tcp_md5sig_key *key, int rst)
996 {
997 struct tcphdr *th = tcp_hdr(skb), *t1;
998 struct sk_buff *buff;
999 struct flowi6 fl6;
1000 struct net *net = dev_net(skb_dst(skb)->dev);
1001 struct sock *ctl_sk = net->ipv6.tcp_sk;
1002 unsigned int tot_len = sizeof(struct tcphdr);
1003 struct dst_entry *dst;
1004 __be32 *topt;
1005
1006 if (ts)
1007 tot_len += TCPOLEN_TSTAMP_ALIGNED;
1008 #ifdef CONFIG_TCP_MD5SIG
1009 if (key)
1010 tot_len += TCPOLEN_MD5SIG_ALIGNED;
1011 #endif
1012
1013 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1014 GFP_ATOMIC);
1015 if (buff == NULL)
1016 return;
1017
1018 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1019
1020 t1 = (struct tcphdr *) skb_push(buff, tot_len);
1021 skb_reset_transport_header(buff);
1022
1023 /* Swap the send and the receive. */
1024 memset(t1, 0, sizeof(*t1));
1025 t1->dest = th->source;
1026 t1->source = th->dest;
1027 t1->doff = tot_len / 4;
1028 t1->seq = htonl(seq);
1029 t1->ack_seq = htonl(ack);
1030 t1->ack = !rst || !th->ack;
1031 t1->rst = rst;
1032 t1->window = htons(win);
1033
1034 topt = (__be32 *)(t1 + 1);
1035
1036 if (ts) {
1037 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1038 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
1039 *topt++ = htonl(tcp_time_stamp);
1040 *topt++ = htonl(ts);
1041 }
1042
1043 #ifdef CONFIG_TCP_MD5SIG
1044 if (key) {
1045 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1046 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1047 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
1048 &ipv6_hdr(skb)->saddr,
1049 &ipv6_hdr(skb)->daddr, t1);
1050 }
1051 #endif
1052
1053 memset(&fl6, 0, sizeof(fl6));
1054 ipv6_addr_copy(&fl6.daddr, &ipv6_hdr(skb)->saddr);
1055 ipv6_addr_copy(&fl6.saddr, &ipv6_hdr(skb)->daddr);
1056
1057 buff->ip_summed = CHECKSUM_PARTIAL;
1058 buff->csum = 0;
1059
1060 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
1061
1062 fl6.flowi6_proto = IPPROTO_TCP;
1063 if (ipv6_addr_type(&fl6.daddr) & IPV6_ADDR_LINKLOCAL)
1064 fl6.flowi6_oif = inet6_iif(skb);
1065 fl6.fl6_dport = t1->dest;
1066 fl6.fl6_sport = t1->source;
1067 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
1068
1069 /* Pass a socket to ip6_dst_lookup either it is for RST
1070 * Underlying function will use this to retrieve the network
1071 * namespace
1072 */
1073 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL, false);
1074 if (!IS_ERR(dst)) {
1075 skb_dst_set(buff, dst);
1076 ip6_xmit(ctl_sk, buff, &fl6, NULL);
1077 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
1078 if (rst)
1079 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
1080 return;
1081 }
1082
1083 kfree_skb(buff);
1084 }
1085
1086 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
1087 {
1088 struct tcphdr *th = tcp_hdr(skb);
1089 u32 seq = 0, ack_seq = 0;
1090 struct tcp_md5sig_key *key = NULL;
1091
1092 if (th->rst)
1093 return;
1094
1095 if (!ipv6_unicast_destination(skb))
1096 return;
1097
1098 #ifdef CONFIG_TCP_MD5SIG
1099 if (sk)
1100 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->saddr);
1101 #endif
1102
1103 if (th->ack)
1104 seq = ntohl(th->ack_seq);
1105 else
1106 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
1107 (th->doff << 2);
1108
1109 tcp_v6_send_response(skb, seq, ack_seq, 0, 0, key, 1);
1110 }
1111
1112 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts,
1113 struct tcp_md5sig_key *key)
1114 {
1115 tcp_v6_send_response(skb, seq, ack, win, ts, key, 0);
1116 }
1117
1118 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1119 {
1120 struct inet_timewait_sock *tw = inet_twsk(sk);
1121 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1122
1123 tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1124 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1125 tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw));
1126
1127 inet_twsk_put(tw);
1128 }
1129
1130 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
1131 struct request_sock *req)
1132 {
1133 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent,
1134 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr));
1135 }
1136
1137
1138 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1139 {
1140 struct request_sock *req, **prev;
1141 const struct tcphdr *th = tcp_hdr(skb);
1142 struct sock *nsk;
1143
1144 /* Find possible connection requests. */
1145 req = inet6_csk_search_req(sk, &prev, th->source,
1146 &ipv6_hdr(skb)->saddr,
1147 &ipv6_hdr(skb)->daddr, inet6_iif(skb));
1148 if (req)
1149 return tcp_check_req(sk, skb, req, prev);
1150
1151 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
1152 &ipv6_hdr(skb)->saddr, th->source,
1153 &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb));
1154
1155 if (nsk) {
1156 if (nsk->sk_state != TCP_TIME_WAIT) {
1157 bh_lock_sock(nsk);
1158 return nsk;
1159 }
1160 inet_twsk_put(inet_twsk(nsk));
1161 return NULL;
1162 }
1163
1164 #ifdef CONFIG_SYN_COOKIES
1165 if (!th->syn)
1166 sk = cookie_v6_check(sk, skb);
1167 #endif
1168 return sk;
1169 }
1170
1171 /* FIXME: this is substantially similar to the ipv4 code.
1172 * Can some kind of merge be done? -- erics
1173 */
1174 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1175 {
1176 struct tcp_extend_values tmp_ext;
1177 struct tcp_options_received tmp_opt;
1178 u8 *hash_location;
1179 struct request_sock *req;
1180 struct inet6_request_sock *treq;
1181 struct ipv6_pinfo *np = inet6_sk(sk);
1182 struct tcp_sock *tp = tcp_sk(sk);
1183 __u32 isn = TCP_SKB_CB(skb)->when;
1184 struct dst_entry *dst = NULL;
1185 #ifdef CONFIG_SYN_COOKIES
1186 int want_cookie = 0;
1187 #else
1188 #define want_cookie 0
1189 #endif
1190
1191 if (skb->protocol == htons(ETH_P_IP))
1192 return tcp_v4_conn_request(sk, skb);
1193
1194 if (!ipv6_unicast_destination(skb))
1195 goto drop;
1196
1197 if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1198 if (net_ratelimit())
1199 syn_flood_warning(skb);
1200 #ifdef CONFIG_SYN_COOKIES
1201 if (sysctl_tcp_syncookies)
1202 want_cookie = 1;
1203 else
1204 #endif
1205 goto drop;
1206 }
1207
1208 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1209 goto drop;
1210
1211 req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
1212 if (req == NULL)
1213 goto drop;
1214
1215 #ifdef CONFIG_TCP_MD5SIG
1216 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
1217 #endif
1218
1219 tcp_clear_options(&tmp_opt);
1220 tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1221 tmp_opt.user_mss = tp->rx_opt.user_mss;
1222 tcp_parse_options(skb, &tmp_opt, &hash_location, 0);
1223
1224 if (tmp_opt.cookie_plus > 0 &&
1225 tmp_opt.saw_tstamp &&
1226 !tp->rx_opt.cookie_out_never &&
1227 (sysctl_tcp_cookie_size > 0 ||
1228 (tp->cookie_values != NULL &&
1229 tp->cookie_values->cookie_desired > 0))) {
1230 u8 *c;
1231 u32 *d;
1232 u32 *mess = &tmp_ext.cookie_bakery[COOKIE_DIGEST_WORDS];
1233 int l = tmp_opt.cookie_plus - TCPOLEN_COOKIE_BASE;
1234
1235 if (tcp_cookie_generator(&tmp_ext.cookie_bakery[0]) != 0)
1236 goto drop_and_free;
1237
1238 /* Secret recipe starts with IP addresses */
1239 d = (__force u32 *)&ipv6_hdr(skb)->daddr.s6_addr32[0];
1240 *mess++ ^= *d++;
1241 *mess++ ^= *d++;
1242 *mess++ ^= *d++;
1243 *mess++ ^= *d++;
1244 d = (__force u32 *)&ipv6_hdr(skb)->saddr.s6_addr32[0];
1245 *mess++ ^= *d++;
1246 *mess++ ^= *d++;
1247 *mess++ ^= *d++;
1248 *mess++ ^= *d++;
1249
1250 /* plus variable length Initiator Cookie */
1251 c = (u8 *)mess;
1252 while (l-- > 0)
1253 *c++ ^= *hash_location++;
1254
1255 #ifdef CONFIG_SYN_COOKIES
1256 want_cookie = 0; /* not our kind of cookie */
1257 #endif
1258 tmp_ext.cookie_out_never = 0; /* false */
1259 tmp_ext.cookie_plus = tmp_opt.cookie_plus;
1260 } else if (!tp->rx_opt.cookie_in_always) {
1261 /* redundant indications, but ensure initialization. */
1262 tmp_ext.cookie_out_never = 1; /* true */
1263 tmp_ext.cookie_plus = 0;
1264 } else {
1265 goto drop_and_free;
1266 }
1267 tmp_ext.cookie_in_always = tp->rx_opt.cookie_in_always;
1268
1269 if (want_cookie && !tmp_opt.saw_tstamp)
1270 tcp_clear_options(&tmp_opt);
1271
1272 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1273 tcp_openreq_init(req, &tmp_opt, skb);
1274
1275 treq = inet6_rsk(req);
1276 ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr);
1277 ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr);
1278 if (!want_cookie || tmp_opt.tstamp_ok)
1279 TCP_ECN_create_request(req, tcp_hdr(skb));
1280
1281 if (!isn) {
1282 struct inet_peer *peer = NULL;
1283
1284 if (ipv6_opt_accepted(sk, skb) ||
1285 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1286 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1287 atomic_inc(&skb->users);
1288 treq->pktopts = skb;
1289 }
1290 treq->iif = sk->sk_bound_dev_if;
1291
1292 /* So that link locals have meaning */
1293 if (!sk->sk_bound_dev_if &&
1294 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1295 treq->iif = inet6_iif(skb);
1296
1297 if (want_cookie) {
1298 isn = cookie_v6_init_sequence(sk, skb, &req->mss);
1299 req->cookie_ts = tmp_opt.tstamp_ok;
1300 goto have_isn;
1301 }
1302
1303 /* VJ's idea. We save last timestamp seen
1304 * from the destination in peer table, when entering
1305 * state TIME-WAIT, and check against it before
1306 * accepting new connection request.
1307 *
1308 * If "isn" is not zero, this request hit alive
1309 * timewait bucket, so that all the necessary checks
1310 * are made in the function processing timewait state.
1311 */
1312 if (tmp_opt.saw_tstamp &&
1313 tcp_death_row.sysctl_tw_recycle &&
1314 (dst = inet6_csk_route_req(sk, req)) != NULL &&
1315 (peer = rt6_get_peer((struct rt6_info *)dst)) != NULL &&
1316 ipv6_addr_equal((struct in6_addr *)peer->daddr.addr.a6,
1317 &treq->rmt_addr)) {
1318 inet_peer_refcheck(peer);
1319 if ((u32)get_seconds() - peer->tcp_ts_stamp < TCP_PAWS_MSL &&
1320 (s32)(peer->tcp_ts - req->ts_recent) >
1321 TCP_PAWS_WINDOW) {
1322 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSPASSIVEREJECTED);
1323 goto drop_and_release;
1324 }
1325 }
1326 /* Kill the following clause, if you dislike this way. */
1327 else if (!sysctl_tcp_syncookies &&
1328 (sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) <
1329 (sysctl_max_syn_backlog >> 2)) &&
1330 (!peer || !peer->tcp_ts_stamp) &&
1331 (!dst || !dst_metric(dst, RTAX_RTT))) {
1332 /* Without syncookies last quarter of
1333 * backlog is filled with destinations,
1334 * proven to be alive.
1335 * It means that we continue to communicate
1336 * to destinations, already remembered
1337 * to the moment of synflood.
1338 */
1339 LIMIT_NETDEBUG(KERN_DEBUG "TCP: drop open request from %pI6/%u\n",
1340 &treq->rmt_addr, ntohs(tcp_hdr(skb)->source));
1341 goto drop_and_release;
1342 }
1343
1344 isn = tcp_v6_init_sequence(skb);
1345 }
1346 have_isn:
1347 tcp_rsk(req)->snt_isn = isn;
1348
1349 security_inet_conn_request(sk, skb, req);
1350
1351 if (tcp_v6_send_synack(sk, req,
1352 (struct request_values *)&tmp_ext) ||
1353 want_cookie)
1354 goto drop_and_free;
1355
1356 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1357 return 0;
1358
1359 drop_and_release:
1360 dst_release(dst);
1361 drop_and_free:
1362 reqsk_free(req);
1363 drop:
1364 return 0; /* don't send reset */
1365 }
1366
1367 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1368 struct request_sock *req,
1369 struct dst_entry *dst)
1370 {
1371 struct inet6_request_sock *treq;
1372 struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1373 struct tcp6_sock *newtcp6sk;
1374 struct inet_sock *newinet;
1375 struct tcp_sock *newtp;
1376 struct sock *newsk;
1377 struct ipv6_txoptions *opt;
1378 #ifdef CONFIG_TCP_MD5SIG
1379 struct tcp_md5sig_key *key;
1380 #endif
1381
1382 if (skb->protocol == htons(ETH_P_IP)) {
1383 /*
1384 * v6 mapped
1385 */
1386
1387 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1388
1389 if (newsk == NULL)
1390 return NULL;
1391
1392 newtcp6sk = (struct tcp6_sock *)newsk;
1393 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1394
1395 newinet = inet_sk(newsk);
1396 newnp = inet6_sk(newsk);
1397 newtp = tcp_sk(newsk);
1398
1399 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1400
1401 ipv6_addr_set_v4mapped(newinet->inet_daddr, &newnp->daddr);
1402
1403 ipv6_addr_set_v4mapped(newinet->inet_saddr, &newnp->saddr);
1404
1405 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1406
1407 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1408 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1409 #ifdef CONFIG_TCP_MD5SIG
1410 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1411 #endif
1412
1413 newnp->ipv6_ac_list = NULL;
1414 newnp->ipv6_fl_list = NULL;
1415 newnp->pktoptions = NULL;
1416 newnp->opt = NULL;
1417 newnp->mcast_oif = inet6_iif(skb);
1418 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1419
1420 /*
1421 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1422 * here, tcp_create_openreq_child now does this for us, see the comment in
1423 * that function for the gory details. -acme
1424 */
1425
1426 /* It is tricky place. Until this moment IPv4 tcp
1427 worked with IPv6 icsk.icsk_af_ops.
1428 Sync it now.
1429 */
1430 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1431
1432 return newsk;
1433 }
1434
1435 treq = inet6_rsk(req);
1436 opt = np->opt;
1437
1438 if (sk_acceptq_is_full(sk))
1439 goto out_overflow;
1440
1441 if (!dst) {
1442 dst = inet6_csk_route_req(sk, req);
1443 if (!dst)
1444 goto out;
1445 }
1446
1447 newsk = tcp_create_openreq_child(sk, req, skb);
1448 if (newsk == NULL)
1449 goto out_nonewsk;
1450
1451 /*
1452 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1453 * count here, tcp_create_openreq_child now does this for us, see the
1454 * comment in that function for the gory details. -acme
1455 */
1456
1457 newsk->sk_gso_type = SKB_GSO_TCPV6;
1458 __ip6_dst_store(newsk, dst, NULL, NULL);
1459
1460 newtcp6sk = (struct tcp6_sock *)newsk;
1461 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1462
1463 newtp = tcp_sk(newsk);
1464 newinet = inet_sk(newsk);
1465 newnp = inet6_sk(newsk);
1466
1467 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1468
1469 ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1470 ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1471 ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1472 newsk->sk_bound_dev_if = treq->iif;
1473
1474 /* Now IPv6 options...
1475
1476 First: no IPv4 options.
1477 */
1478 newinet->inet_opt = NULL;
1479 newnp->ipv6_ac_list = NULL;
1480 newnp->ipv6_fl_list = NULL;
1481
1482 /* Clone RX bits */
1483 newnp->rxopt.all = np->rxopt.all;
1484
1485 /* Clone pktoptions received with SYN */
1486 newnp->pktoptions = NULL;
1487 if (treq->pktopts != NULL) {
1488 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1489 kfree_skb(treq->pktopts);
1490 treq->pktopts = NULL;
1491 if (newnp->pktoptions)
1492 skb_set_owner_r(newnp->pktoptions, newsk);
1493 }
1494 newnp->opt = NULL;
1495 newnp->mcast_oif = inet6_iif(skb);
1496 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1497
1498 /* Clone native IPv6 options from listening socket (if any)
1499
1500 Yes, keeping reference count would be much more clever,
1501 but we make one more one thing there: reattach optmem
1502 to newsk.
1503 */
1504 if (opt) {
1505 newnp->opt = ipv6_dup_options(newsk, opt);
1506 if (opt != np->opt)
1507 sock_kfree_s(sk, opt, opt->tot_len);
1508 }
1509
1510 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1511 if (newnp->opt)
1512 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1513 newnp->opt->opt_flen);
1514
1515 tcp_mtup_init(newsk);
1516 tcp_sync_mss(newsk, dst_mtu(dst));
1517 newtp->advmss = dst_metric_advmss(dst);
1518 if (tcp_sk(sk)->rx_opt.user_mss &&
1519 tcp_sk(sk)->rx_opt.user_mss < newtp->advmss)
1520 newtp->advmss = tcp_sk(sk)->rx_opt.user_mss;
1521
1522 tcp_initialize_rcv_mss(newsk);
1523
1524 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1525 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1526
1527 #ifdef CONFIG_TCP_MD5SIG
1528 /* Copy over the MD5 key from the original socket */
1529 if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
1530 /* We're using one, so create a matching key
1531 * on the newsk structure. If we fail to get
1532 * memory, then we end up not copying the key
1533 * across. Shucks.
1534 */
1535 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1536 if (newkey != NULL)
1537 tcp_v6_md5_do_add(newsk, &newnp->daddr,
1538 newkey, key->keylen);
1539 }
1540 #endif
1541
1542 if (__inet_inherit_port(sk, newsk) < 0) {
1543 sock_put(newsk);
1544 goto out;
1545 }
1546 __inet6_hash(newsk, NULL);
1547
1548 return newsk;
1549
1550 out_overflow:
1551 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1552 out_nonewsk:
1553 if (opt && opt != np->opt)
1554 sock_kfree_s(sk, opt, opt->tot_len);
1555 dst_release(dst);
1556 out:
1557 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1558 return NULL;
1559 }
1560
1561 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1562 {
1563 if (skb->ip_summed == CHECKSUM_COMPLETE) {
1564 if (!tcp_v6_check(skb->len, &ipv6_hdr(skb)->saddr,
1565 &ipv6_hdr(skb)->daddr, skb->csum)) {
1566 skb->ip_summed = CHECKSUM_UNNECESSARY;
1567 return 0;
1568 }
1569 }
1570
1571 skb->csum = ~csum_unfold(tcp_v6_check(skb->len,
1572 &ipv6_hdr(skb)->saddr,
1573 &ipv6_hdr(skb)->daddr, 0));
1574
1575 if (skb->len <= 76) {
1576 return __skb_checksum_complete(skb);
1577 }
1578 return 0;
1579 }
1580
1581 /* The socket must have it's spinlock held when we get
1582 * here.
1583 *
1584 * We have a potential double-lock case here, so even when
1585 * doing backlog processing we use the BH locking scheme.
1586 * This is because we cannot sleep with the original spinlock
1587 * held.
1588 */
1589 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1590 {
1591 struct ipv6_pinfo *np = inet6_sk(sk);
1592 struct tcp_sock *tp;
1593 struct sk_buff *opt_skb = NULL;
1594
1595 /* Imagine: socket is IPv6. IPv4 packet arrives,
1596 goes to IPv4 receive handler and backlogged.
1597 From backlog it always goes here. Kerboom...
1598 Fortunately, tcp_rcv_established and rcv_established
1599 handle them correctly, but it is not case with
1600 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1601 */
1602
1603 if (skb->protocol == htons(ETH_P_IP))
1604 return tcp_v4_do_rcv(sk, skb);
1605
1606 #ifdef CONFIG_TCP_MD5SIG
1607 if (tcp_v6_inbound_md5_hash (sk, skb))
1608 goto discard;
1609 #endif
1610
1611 if (sk_filter(sk, skb))
1612 goto discard;
1613
1614 /*
1615 * socket locking is here for SMP purposes as backlog rcv
1616 * is currently called with bh processing disabled.
1617 */
1618
1619 /* Do Stevens' IPV6_PKTOPTIONS.
1620
1621 Yes, guys, it is the only place in our code, where we
1622 may make it not affecting IPv4.
1623 The rest of code is protocol independent,
1624 and I do not like idea to uglify IPv4.
1625
1626 Actually, all the idea behind IPV6_PKTOPTIONS
1627 looks not very well thought. For now we latch
1628 options, received in the last packet, enqueued
1629 by tcp. Feel free to propose better solution.
1630 --ANK (980728)
1631 */
1632 if (np->rxopt.all)
1633 opt_skb = skb_clone(skb, GFP_ATOMIC);
1634
1635 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1636 sock_rps_save_rxhash(sk, skb->rxhash);
1637 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len))
1638 goto reset;
1639 if (opt_skb)
1640 goto ipv6_pktoptions;
1641 return 0;
1642 }
1643
1644 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1645 goto csum_err;
1646
1647 if (sk->sk_state == TCP_LISTEN) {
1648 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1649 if (!nsk)
1650 goto discard;
1651
1652 /*
1653 * Queue it on the new socket if the new socket is active,
1654 * otherwise we just shortcircuit this and continue with
1655 * the new socket..
1656 */
1657 if(nsk != sk) {
1658 sock_rps_save_rxhash(nsk, skb->rxhash);
1659 if (tcp_child_process(sk, nsk, skb))
1660 goto reset;
1661 if (opt_skb)
1662 __kfree_skb(opt_skb);
1663 return 0;
1664 }
1665 } else
1666 sock_rps_save_rxhash(sk, skb->rxhash);
1667
1668 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1669 goto reset;
1670 if (opt_skb)
1671 goto ipv6_pktoptions;
1672 return 0;
1673
1674 reset:
1675 tcp_v6_send_reset(sk, skb);
1676 discard:
1677 if (opt_skb)
1678 __kfree_skb(opt_skb);
1679 kfree_skb(skb);
1680 return 0;
1681 csum_err:
1682 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1683 goto discard;
1684
1685
1686 ipv6_pktoptions:
1687 /* Do you ask, what is it?
1688
1689 1. skb was enqueued by tcp.
1690 2. skb is added to tail of read queue, rather than out of order.
1691 3. socket is not in passive state.
1692 4. Finally, it really contains options, which user wants to receive.
1693 */
1694 tp = tcp_sk(sk);
1695 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1696 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1697 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1698 np->mcast_oif = inet6_iif(opt_skb);
1699 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1700 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1701 if (ipv6_opt_accepted(sk, opt_skb)) {
1702 skb_set_owner_r(opt_skb, sk);
1703 opt_skb = xchg(&np->pktoptions, opt_skb);
1704 } else {
1705 __kfree_skb(opt_skb);
1706 opt_skb = xchg(&np->pktoptions, NULL);
1707 }
1708 }
1709
1710 kfree_skb(opt_skb);
1711 return 0;
1712 }
1713
1714 static int tcp_v6_rcv(struct sk_buff *skb)
1715 {
1716 struct tcphdr *th;
1717 const struct ipv6hdr *hdr;
1718 struct sock *sk;
1719 int ret;
1720 struct net *net = dev_net(skb->dev);
1721
1722 if (skb->pkt_type != PACKET_HOST)
1723 goto discard_it;
1724
1725 /*
1726 * Count it even if it's bad.
1727 */
1728 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1729
1730 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1731 goto discard_it;
1732
1733 th = tcp_hdr(skb);
1734
1735 if (th->doff < sizeof(struct tcphdr)/4)
1736 goto bad_packet;
1737 if (!pskb_may_pull(skb, th->doff*4))
1738 goto discard_it;
1739
1740 if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb))
1741 goto bad_packet;
1742
1743 th = tcp_hdr(skb);
1744 hdr = ipv6_hdr(skb);
1745 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1746 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1747 skb->len - th->doff*4);
1748 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1749 TCP_SKB_CB(skb)->when = 0;
1750 TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(hdr);
1751 TCP_SKB_CB(skb)->sacked = 0;
1752
1753 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
1754 if (!sk)
1755 goto no_tcp_socket;
1756
1757 process:
1758 if (sk->sk_state == TCP_TIME_WAIT)
1759 goto do_time_wait;
1760
1761 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
1762 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
1763 goto discard_and_relse;
1764 }
1765
1766 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1767 goto discard_and_relse;
1768
1769 if (sk_filter(sk, skb))
1770 goto discard_and_relse;
1771
1772 skb->dev = NULL;
1773
1774 bh_lock_sock_nested(sk);
1775 ret = 0;
1776 if (!sock_owned_by_user(sk)) {
1777 #ifdef CONFIG_NET_DMA
1778 struct tcp_sock *tp = tcp_sk(sk);
1779 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1780 tp->ucopy.dma_chan = dma_find_channel(DMA_MEMCPY);
1781 if (tp->ucopy.dma_chan)
1782 ret = tcp_v6_do_rcv(sk, skb);
1783 else
1784 #endif
1785 {
1786 if (!tcp_prequeue(sk, skb))
1787 ret = tcp_v6_do_rcv(sk, skb);
1788 }
1789 } else if (unlikely(sk_add_backlog(sk, skb))) {
1790 bh_unlock_sock(sk);
1791 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP);
1792 goto discard_and_relse;
1793 }
1794 bh_unlock_sock(sk);
1795
1796 sock_put(sk);
1797 return ret ? -1 : 0;
1798
1799 no_tcp_socket:
1800 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1801 goto discard_it;
1802
1803 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1804 bad_packet:
1805 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1806 } else {
1807 tcp_v6_send_reset(NULL, skb);
1808 }
1809
1810 discard_it:
1811
1812 /*
1813 * Discard frame
1814 */
1815
1816 kfree_skb(skb);
1817 return 0;
1818
1819 discard_and_relse:
1820 sock_put(sk);
1821 goto discard_it;
1822
1823 do_time_wait:
1824 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1825 inet_twsk_put(inet_twsk(sk));
1826 goto discard_it;
1827 }
1828
1829 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1830 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1831 inet_twsk_put(inet_twsk(sk));
1832 goto discard_it;
1833 }
1834
1835 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1836 case TCP_TW_SYN:
1837 {
1838 struct sock *sk2;
1839
1840 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1841 &ipv6_hdr(skb)->daddr,
1842 ntohs(th->dest), inet6_iif(skb));
1843 if (sk2 != NULL) {
1844 struct inet_timewait_sock *tw = inet_twsk(sk);
1845 inet_twsk_deschedule(tw, &tcp_death_row);
1846 inet_twsk_put(tw);
1847 sk = sk2;
1848 goto process;
1849 }
1850 /* Fall through to ACK */
1851 }
1852 case TCP_TW_ACK:
1853 tcp_v6_timewait_ack(sk, skb);
1854 break;
1855 case TCP_TW_RST:
1856 goto no_tcp_socket;
1857 case TCP_TW_SUCCESS:;
1858 }
1859 goto discard_it;
1860 }
1861
1862 static struct inet_peer *tcp_v6_get_peer(struct sock *sk, bool *release_it)
1863 {
1864 struct rt6_info *rt = (struct rt6_info *) __sk_dst_get(sk);
1865 struct ipv6_pinfo *np = inet6_sk(sk);
1866 struct inet_peer *peer;
1867
1868 if (!rt ||
1869 !ipv6_addr_equal(&np->daddr, &rt->rt6i_dst.addr)) {
1870 peer = inet_getpeer_v6(&np->daddr, 1);
1871 *release_it = true;
1872 } else {
1873 if (!rt->rt6i_peer)
1874 rt6_bind_peer(rt, 1);
1875 peer = rt->rt6i_peer;
1876 *release_it = false;
1877 }
1878
1879 return peer;
1880 }
1881
1882 static void *tcp_v6_tw_get_peer(struct sock *sk)
1883 {
1884 struct inet6_timewait_sock *tw6 = inet6_twsk(sk);
1885 struct inet_timewait_sock *tw = inet_twsk(sk);
1886
1887 if (tw->tw_family == AF_INET)
1888 return tcp_v4_tw_get_peer(sk);
1889
1890 return inet_getpeer_v6(&tw6->tw_v6_daddr, 1);
1891 }
1892
1893 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1894 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
1895 .twsk_unique = tcp_twsk_unique,
1896 .twsk_destructor= tcp_twsk_destructor,
1897 .twsk_getpeer = tcp_v6_tw_get_peer,
1898 };
1899
1900 static const struct inet_connection_sock_af_ops ipv6_specific = {
1901 .queue_xmit = inet6_csk_xmit,
1902 .send_check = tcp_v6_send_check,
1903 .rebuild_header = inet6_sk_rebuild_header,
1904 .conn_request = tcp_v6_conn_request,
1905 .syn_recv_sock = tcp_v6_syn_recv_sock,
1906 .get_peer = tcp_v6_get_peer,
1907 .net_header_len = sizeof(struct ipv6hdr),
1908 .setsockopt = ipv6_setsockopt,
1909 .getsockopt = ipv6_getsockopt,
1910 .addr2sockaddr = inet6_csk_addr2sockaddr,
1911 .sockaddr_len = sizeof(struct sockaddr_in6),
1912 .bind_conflict = inet6_csk_bind_conflict,
1913 #ifdef CONFIG_COMPAT
1914 .compat_setsockopt = compat_ipv6_setsockopt,
1915 .compat_getsockopt = compat_ipv6_getsockopt,
1916 #endif
1917 };
1918
1919 #ifdef CONFIG_TCP_MD5SIG
1920 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1921 .md5_lookup = tcp_v6_md5_lookup,
1922 .calc_md5_hash = tcp_v6_md5_hash_skb,
1923 .md5_add = tcp_v6_md5_add_func,
1924 .md5_parse = tcp_v6_parse_md5_keys,
1925 };
1926 #endif
1927
1928 /*
1929 * TCP over IPv4 via INET6 API
1930 */
1931
1932 static const struct inet_connection_sock_af_ops ipv6_mapped = {
1933 .queue_xmit = ip_queue_xmit,
1934 .send_check = tcp_v4_send_check,
1935 .rebuild_header = inet_sk_rebuild_header,
1936 .conn_request = tcp_v6_conn_request,
1937 .syn_recv_sock = tcp_v6_syn_recv_sock,
1938 .get_peer = tcp_v4_get_peer,
1939 .net_header_len = sizeof(struct iphdr),
1940 .setsockopt = ipv6_setsockopt,
1941 .getsockopt = ipv6_getsockopt,
1942 .addr2sockaddr = inet6_csk_addr2sockaddr,
1943 .sockaddr_len = sizeof(struct sockaddr_in6),
1944 .bind_conflict = inet6_csk_bind_conflict,
1945 #ifdef CONFIG_COMPAT
1946 .compat_setsockopt = compat_ipv6_setsockopt,
1947 .compat_getsockopt = compat_ipv6_getsockopt,
1948 #endif
1949 };
1950
1951 #ifdef CONFIG_TCP_MD5SIG
1952 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1953 .md5_lookup = tcp_v4_md5_lookup,
1954 .calc_md5_hash = tcp_v4_md5_hash_skb,
1955 .md5_add = tcp_v6_md5_add_func,
1956 .md5_parse = tcp_v6_parse_md5_keys,
1957 };
1958 #endif
1959
1960 /* NOTE: A lot of things set to zero explicitly by call to
1961 * sk_alloc() so need not be done here.
1962 */
1963 static int tcp_v6_init_sock(struct sock *sk)
1964 {
1965 struct inet_connection_sock *icsk = inet_csk(sk);
1966 struct tcp_sock *tp = tcp_sk(sk);
1967
1968 skb_queue_head_init(&tp->out_of_order_queue);
1969 tcp_init_xmit_timers(sk);
1970 tcp_prequeue_init(tp);
1971
1972 icsk->icsk_rto = TCP_TIMEOUT_INIT;
1973 tp->mdev = TCP_TIMEOUT_INIT;
1974
1975 /* So many TCP implementations out there (incorrectly) count the
1976 * initial SYN frame in their delayed-ACK and congestion control
1977 * algorithms that we must have the following bandaid to talk
1978 * efficiently to them. -DaveM
1979 */
1980 tp->snd_cwnd = 2;
1981
1982 /* See draft-stevens-tcpca-spec-01 for discussion of the
1983 * initialization of these values.
1984 */
1985 tp->snd_ssthresh = TCP_INFINITE_SSTHRESH;
1986 tp->snd_cwnd_clamp = ~0;
1987 tp->mss_cache = TCP_MSS_DEFAULT;
1988
1989 tp->reordering = sysctl_tcp_reordering;
1990
1991 sk->sk_state = TCP_CLOSE;
1992
1993 icsk->icsk_af_ops = &ipv6_specific;
1994 icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1995 icsk->icsk_sync_mss = tcp_sync_mss;
1996 sk->sk_write_space = sk_stream_write_space;
1997 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1998
1999 #ifdef CONFIG_TCP_MD5SIG
2000 tp->af_specific = &tcp_sock_ipv6_specific;
2001 #endif
2002
2003 /* TCP Cookie Transactions */
2004 if (sysctl_tcp_cookie_size > 0) {
2005 /* Default, cookies without s_data_payload. */
2006 tp->cookie_values =
2007 kzalloc(sizeof(*tp->cookie_values),
2008 sk->sk_allocation);
2009 if (tp->cookie_values != NULL)
2010 kref_init(&tp->cookie_values->kref);
2011 }
2012 /* Presumed zeroed, in order of appearance:
2013 * cookie_in_always, cookie_out_never,
2014 * s_data_constant, s_data_in, s_data_out
2015 */
2016 sk->sk_sndbuf = sysctl_tcp_wmem[1];
2017 sk->sk_rcvbuf = sysctl_tcp_rmem[1];
2018
2019 local_bh_disable();
2020 percpu_counter_inc(&tcp_sockets_allocated);
2021 local_bh_enable();
2022
2023 return 0;
2024 }
2025
2026 static void tcp_v6_destroy_sock(struct sock *sk)
2027 {
2028 #ifdef CONFIG_TCP_MD5SIG
2029 /* Clean up the MD5 key list */
2030 if (tcp_sk(sk)->md5sig_info)
2031 tcp_v6_clear_md5_list(sk);
2032 #endif
2033 tcp_v4_destroy_sock(sk);
2034 inet6_destroy_sock(sk);
2035 }
2036
2037 #ifdef CONFIG_PROC_FS
2038 /* Proc filesystem TCPv6 sock list dumping. */
2039 static void get_openreq6(struct seq_file *seq,
2040 struct sock *sk, struct request_sock *req, int i, int uid)
2041 {
2042 int ttd = req->expires - jiffies;
2043 const struct in6_addr *src = &inet6_rsk(req)->loc_addr;
2044 const struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
2045
2046 if (ttd < 0)
2047 ttd = 0;
2048
2049 seq_printf(seq,
2050 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2051 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
2052 i,
2053 src->s6_addr32[0], src->s6_addr32[1],
2054 src->s6_addr32[2], src->s6_addr32[3],
2055 ntohs(inet_rsk(req)->loc_port),
2056 dest->s6_addr32[0], dest->s6_addr32[1],
2057 dest->s6_addr32[2], dest->s6_addr32[3],
2058 ntohs(inet_rsk(req)->rmt_port),
2059 TCP_SYN_RECV,
2060 0,0, /* could print option size, but that is af dependent. */
2061 1, /* timers active (only the expire timer) */
2062 jiffies_to_clock_t(ttd),
2063 req->retrans,
2064 uid,
2065 0, /* non standard timer */
2066 0, /* open_requests have no inode */
2067 0, req);
2068 }
2069
2070 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
2071 {
2072 const struct in6_addr *dest, *src;
2073 __u16 destp, srcp;
2074 int timer_active;
2075 unsigned long timer_expires;
2076 struct inet_sock *inet = inet_sk(sp);
2077 struct tcp_sock *tp = tcp_sk(sp);
2078 const struct inet_connection_sock *icsk = inet_csk(sp);
2079 struct ipv6_pinfo *np = inet6_sk(sp);
2080
2081 dest = &np->daddr;
2082 src = &np->rcv_saddr;
2083 destp = ntohs(inet->inet_dport);
2084 srcp = ntohs(inet->inet_sport);
2085
2086 if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
2087 timer_active = 1;
2088 timer_expires = icsk->icsk_timeout;
2089 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2090 timer_active = 4;
2091 timer_expires = icsk->icsk_timeout;
2092 } else if (timer_pending(&sp->sk_timer)) {
2093 timer_active = 2;
2094 timer_expires = sp->sk_timer.expires;
2095 } else {
2096 timer_active = 0;
2097 timer_expires = jiffies;
2098 }
2099
2100 seq_printf(seq,
2101 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2102 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %pK %lu %lu %u %u %d\n",
2103 i,
2104 src->s6_addr32[0], src->s6_addr32[1],
2105 src->s6_addr32[2], src->s6_addr32[3], srcp,
2106 dest->s6_addr32[0], dest->s6_addr32[1],
2107 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2108 sp->sk_state,
2109 tp->write_seq-tp->snd_una,
2110 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
2111 timer_active,
2112 jiffies_to_clock_t(timer_expires - jiffies),
2113 icsk->icsk_retransmits,
2114 sock_i_uid(sp),
2115 icsk->icsk_probes_out,
2116 sock_i_ino(sp),
2117 atomic_read(&sp->sk_refcnt), sp,
2118 jiffies_to_clock_t(icsk->icsk_rto),
2119 jiffies_to_clock_t(icsk->icsk_ack.ato),
2120 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
2121 tp->snd_cwnd,
2122 tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh
2123 );
2124 }
2125
2126 static void get_timewait6_sock(struct seq_file *seq,
2127 struct inet_timewait_sock *tw, int i)
2128 {
2129 const struct in6_addr *dest, *src;
2130 __u16 destp, srcp;
2131 struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
2132 int ttd = tw->tw_ttd - jiffies;
2133
2134 if (ttd < 0)
2135 ttd = 0;
2136
2137 dest = &tw6->tw_v6_daddr;
2138 src = &tw6->tw_v6_rcv_saddr;
2139 destp = ntohs(tw->tw_dport);
2140 srcp = ntohs(tw->tw_sport);
2141
2142 seq_printf(seq,
2143 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2144 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
2145 i,
2146 src->s6_addr32[0], src->s6_addr32[1],
2147 src->s6_addr32[2], src->s6_addr32[3], srcp,
2148 dest->s6_addr32[0], dest->s6_addr32[1],
2149 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2150 tw->tw_substate, 0, 0,
2151 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2152 atomic_read(&tw->tw_refcnt), tw);
2153 }
2154
2155 static int tcp6_seq_show(struct seq_file *seq, void *v)
2156 {
2157 struct tcp_iter_state *st;
2158
2159 if (v == SEQ_START_TOKEN) {
2160 seq_puts(seq,
2161 " sl "
2162 "local_address "
2163 "remote_address "
2164 "st tx_queue rx_queue tr tm->when retrnsmt"
2165 " uid timeout inode\n");
2166 goto out;
2167 }
2168 st = seq->private;
2169
2170 switch (st->state) {
2171 case TCP_SEQ_STATE_LISTENING:
2172 case TCP_SEQ_STATE_ESTABLISHED:
2173 get_tcp6_sock(seq, v, st->num);
2174 break;
2175 case TCP_SEQ_STATE_OPENREQ:
2176 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
2177 break;
2178 case TCP_SEQ_STATE_TIME_WAIT:
2179 get_timewait6_sock(seq, v, st->num);
2180 break;
2181 }
2182 out:
2183 return 0;
2184 }
2185
2186 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2187 .name = "tcp6",
2188 .family = AF_INET6,
2189 .seq_fops = {
2190 .owner = THIS_MODULE,
2191 },
2192 .seq_ops = {
2193 .show = tcp6_seq_show,
2194 },
2195 };
2196
2197 int __net_init tcp6_proc_init(struct net *net)
2198 {
2199 return tcp_proc_register(net, &tcp6_seq_afinfo);
2200 }
2201
2202 void tcp6_proc_exit(struct net *net)
2203 {
2204 tcp_proc_unregister(net, &tcp6_seq_afinfo);
2205 }
2206 #endif
2207
2208 struct proto tcpv6_prot = {
2209 .name = "TCPv6",
2210 .owner = THIS_MODULE,
2211 .close = tcp_close,
2212 .connect = tcp_v6_connect,
2213 .disconnect = tcp_disconnect,
2214 .accept = inet_csk_accept,
2215 .ioctl = tcp_ioctl,
2216 .init = tcp_v6_init_sock,
2217 .destroy = tcp_v6_destroy_sock,
2218 .shutdown = tcp_shutdown,
2219 .setsockopt = tcp_setsockopt,
2220 .getsockopt = tcp_getsockopt,
2221 .recvmsg = tcp_recvmsg,
2222 .sendmsg = tcp_sendmsg,
2223 .sendpage = tcp_sendpage,
2224 .backlog_rcv = tcp_v6_do_rcv,
2225 .hash = tcp_v6_hash,
2226 .unhash = inet_unhash,
2227 .get_port = inet_csk_get_port,
2228 .enter_memory_pressure = tcp_enter_memory_pressure,
2229 .sockets_allocated = &tcp_sockets_allocated,
2230 .memory_allocated = &tcp_memory_allocated,
2231 .memory_pressure = &tcp_memory_pressure,
2232 .orphan_count = &tcp_orphan_count,
2233 .sysctl_mem = sysctl_tcp_mem,
2234 .sysctl_wmem = sysctl_tcp_wmem,
2235 .sysctl_rmem = sysctl_tcp_rmem,
2236 .max_header = MAX_TCP_HEADER,
2237 .obj_size = sizeof(struct tcp6_sock),
2238 .slab_flags = SLAB_DESTROY_BY_RCU,
2239 .twsk_prot = &tcp6_timewait_sock_ops,
2240 .rsk_prot = &tcp6_request_sock_ops,
2241 .h.hashinfo = &tcp_hashinfo,
2242 .no_autobind = true,
2243 #ifdef CONFIG_COMPAT
2244 .compat_setsockopt = compat_tcp_setsockopt,
2245 .compat_getsockopt = compat_tcp_getsockopt,
2246 #endif
2247 };
2248
2249 static const struct inet6_protocol tcpv6_protocol = {
2250 .handler = tcp_v6_rcv,
2251 .err_handler = tcp_v6_err,
2252 .gso_send_check = tcp_v6_gso_send_check,
2253 .gso_segment = tcp_tso_segment,
2254 .gro_receive = tcp6_gro_receive,
2255 .gro_complete = tcp6_gro_complete,
2256 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2257 };
2258
2259 static struct inet_protosw tcpv6_protosw = {
2260 .type = SOCK_STREAM,
2261 .protocol = IPPROTO_TCP,
2262 .prot = &tcpv6_prot,
2263 .ops = &inet6_stream_ops,
2264 .no_check = 0,
2265 .flags = INET_PROTOSW_PERMANENT |
2266 INET_PROTOSW_ICSK,
2267 };
2268
2269 static int __net_init tcpv6_net_init(struct net *net)
2270 {
2271 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2272 SOCK_RAW, IPPROTO_TCP, net);
2273 }
2274
2275 static void __net_exit tcpv6_net_exit(struct net *net)
2276 {
2277 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
2278 }
2279
2280 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
2281 {
2282 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET6);
2283 }
2284
2285 static struct pernet_operations tcpv6_net_ops = {
2286 .init = tcpv6_net_init,
2287 .exit = tcpv6_net_exit,
2288 .exit_batch = tcpv6_net_exit_batch,
2289 };
2290
2291 int __init tcpv6_init(void)
2292 {
2293 int ret;
2294
2295 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2296 if (ret)
2297 goto out;
2298
2299 /* register inet6 protocol */
2300 ret = inet6_register_protosw(&tcpv6_protosw);
2301 if (ret)
2302 goto out_tcpv6_protocol;
2303
2304 ret = register_pernet_subsys(&tcpv6_net_ops);
2305 if (ret)
2306 goto out_tcpv6_protosw;
2307 out:
2308 return ret;
2309
2310 out_tcpv6_protocol:
2311 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2312 out_tcpv6_protosw:
2313 inet6_unregister_protosw(&tcpv6_protosw);
2314 goto out;
2315 }
2316
2317 void tcpv6_exit(void)
2318 {
2319 unregister_pernet_subsys(&tcpv6_net_ops);
2320 inet6_unregister_protosw(&tcpv6_protosw);
2321 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2322 }
Linux with added FPC-III support