1 /*
2 * TCP over IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * Based on:
9 * linux/net/ipv4/tcp.c
10 * linux/net/ipv4/tcp_input.c
11 * linux/net/ipv4/tcp_output.c
12 *
13 * Fixes:
14 * Hideaki YOSHIFUJI : sin6_scope_id support
15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
17 * a single port at the same time.
18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
19 *
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
24 */
25
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
34 #include <linux/in.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
41 #include <linux/slab.h>
42
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
46
47 #include <net/tcp.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
51 #include <net/ipv6.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
58 #include <net/xfrm.h>
59 #include <net/snmp.h>
60 #include <net/dsfield.h>
61 #include <net/timewait_sock.h>
62 #include <net/netdma.h>
63 #include <net/inet_common.h>
64
65 #include <asm/uaccess.h>
66
67 #include <linux/proc_fs.h>
68 #include <linux/seq_file.h>
69
70 #include <linux/crypto.h>
71 #include <linux/scatterlist.h>
72
73 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
74 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
75 struct request_sock *req);
76
77 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
78 static void __tcp_v6_send_check(struct sk_buff *skb,
79 struct in6_addr *saddr,
80 struct in6_addr *daddr);
81
82 static const struct inet_connection_sock_af_ops ipv6_mapped;
83 static const struct inet_connection_sock_af_ops ipv6_specific;
84 #ifdef CONFIG_TCP_MD5SIG
85 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
86 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
87 #else
tcp_v6_md5_do_lookup(struct sock * sk,struct in6_addr * addr)88 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
89 struct in6_addr *addr)
90 {
91 return NULL;
92 }
93 #endif
94
tcp_v6_hash(struct sock * sk)95 static void tcp_v6_hash(struct sock *sk)
96 {
97 if (sk->sk_state != TCP_CLOSE) {
98 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
99 tcp_prot.hash(sk);
100 return;
101 }
102 local_bh_disable();
103 __inet6_hash(sk, NULL);
104 local_bh_enable();
105 }
106 }
107
tcp_v6_check(int len,struct in6_addr * saddr,struct in6_addr * daddr,__wsum base)108 static __inline__ __sum16 tcp_v6_check(int len,
109 struct in6_addr *saddr,
110 struct in6_addr *daddr,
111 __wsum base)
112 {
113 return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
114 }
115
tcp_v6_init_sequence(struct sk_buff * skb)116 static __u32 tcp_v6_init_sequence(struct sk_buff *skb)
117 {
118 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
119 ipv6_hdr(skb)->saddr.s6_addr32,
120 tcp_hdr(skb)->dest,
121 tcp_hdr(skb)->source);
122 }
123
tcp_v6_connect(struct sock * sk,struct sockaddr * uaddr,int addr_len)124 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
125 int addr_len)
126 {
127 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
128 struct inet_sock *inet = inet_sk(sk);
129 struct inet_connection_sock *icsk = inet_csk(sk);
130 struct ipv6_pinfo *np = inet6_sk(sk);
131 struct tcp_sock *tp = tcp_sk(sk);
132 struct in6_addr *saddr = NULL, *final_p, final;
133 struct rt6_info *rt;
134 struct flowi6 fl6;
135 struct dst_entry *dst;
136 int addr_type;
137 int err;
138
139 if (addr_len < SIN6_LEN_RFC2133)
140 return -EINVAL;
141
142 if (usin->sin6_family != AF_INET6)
143 return -EAFNOSUPPORT;
144
145 memset(&fl6, 0, sizeof(fl6));
146
147 if (np->sndflow) {
148 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
149 IP6_ECN_flow_init(fl6.flowlabel);
150 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
151 struct ip6_flowlabel *flowlabel;
152 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
153 if (flowlabel == NULL)
154 return -EINVAL;
155 ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
156 fl6_sock_release(flowlabel);
157 }
158 }
159
160 /*
161 * connect() to INADDR_ANY means loopback (BSD'ism).
162 */
163
164 if(ipv6_addr_any(&usin->sin6_addr))
165 usin->sin6_addr.s6_addr[15] = 0x1;
166
167 addr_type = ipv6_addr_type(&usin->sin6_addr);
168
169 if(addr_type & IPV6_ADDR_MULTICAST)
170 return -ENETUNREACH;
171
172 if (addr_type&IPV6_ADDR_LINKLOCAL) {
173 if (addr_len >= sizeof(struct sockaddr_in6) &&
174 usin->sin6_scope_id) {
175 /* If interface is set while binding, indices
176 * must coincide.
177 */
178 if (sk->sk_bound_dev_if &&
179 sk->sk_bound_dev_if != usin->sin6_scope_id)
180 return -EINVAL;
181
182 sk->sk_bound_dev_if = usin->sin6_scope_id;
183 }
184
185 /* Connect to link-local address requires an interface */
186 if (!sk->sk_bound_dev_if)
187 return -EINVAL;
188 }
189
190 if (tp->rx_opt.ts_recent_stamp &&
191 !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
192 tp->rx_opt.ts_recent = 0;
193 tp->rx_opt.ts_recent_stamp = 0;
194 tp->write_seq = 0;
195 }
196
197 ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
198 np->flow_label = fl6.flowlabel;
199
200 /*
201 * TCP over IPv4
202 */
203
204 if (addr_type == IPV6_ADDR_MAPPED) {
205 u32 exthdrlen = icsk->icsk_ext_hdr_len;
206 struct sockaddr_in sin;
207
208 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
209
210 if (__ipv6_only_sock(sk))
211 return -ENETUNREACH;
212
213 sin.sin_family = AF_INET;
214 sin.sin_port = usin->sin6_port;
215 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
216
217 icsk->icsk_af_ops = &ipv6_mapped;
218 sk->sk_backlog_rcv = tcp_v4_do_rcv;
219 #ifdef CONFIG_TCP_MD5SIG
220 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
221 #endif
222
223 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
224
225 if (err) {
226 icsk->icsk_ext_hdr_len = exthdrlen;
227 icsk->icsk_af_ops = &ipv6_specific;
228 sk->sk_backlog_rcv = tcp_v6_do_rcv;
229 #ifdef CONFIG_TCP_MD5SIG
230 tp->af_specific = &tcp_sock_ipv6_specific;
231 #endif
232 goto failure;
233 } else {
234 ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr);
235 ipv6_addr_set_v4mapped(inet->inet_rcv_saddr,
236 &np->rcv_saddr);
237 }
238
239 return err;
240 }
241
242 if (!ipv6_addr_any(&np->rcv_saddr))
243 saddr = &np->rcv_saddr;
244
245 fl6.flowi6_proto = IPPROTO_TCP;
246 ipv6_addr_copy(&fl6.daddr, &np->daddr);
247 ipv6_addr_copy(&fl6.saddr,
248 (saddr ? saddr : &np->saddr));
249 fl6.flowi6_oif = sk->sk_bound_dev_if;
250 fl6.flowi6_mark = sk->sk_mark;
251 fl6.fl6_dport = usin->sin6_port;
252 fl6.fl6_sport = inet->inet_sport;
253
254 final_p = fl6_update_dst(&fl6, np->opt, &final);
255
256 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
257
258 dst = ip6_dst_lookup_flow(sk, &fl6, final_p, true);
259 if (IS_ERR(dst)) {
260 err = PTR_ERR(dst);
261 goto failure;
262 }
263
264 if (saddr == NULL) {
265 saddr = &fl6.saddr;
266 ipv6_addr_copy(&np->rcv_saddr, saddr);
267 }
268
269 /* set the source address */
270 ipv6_addr_copy(&np->saddr, saddr);
271 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
272
273 sk->sk_gso_type = SKB_GSO_TCPV6;
274 __ip6_dst_store(sk, dst, NULL, NULL);
275
276 rt = (struct rt6_info *) dst;
277 if (tcp_death_row.sysctl_tw_recycle &&
278 !tp->rx_opt.ts_recent_stamp &&
279 ipv6_addr_equal(&rt->rt6i_dst.addr, &np->daddr)) {
280 struct inet_peer *peer = rt6_get_peer(rt);
281 /*
282 * VJ's idea. We save last timestamp seen from
283 * the destination in peer table, when entering state
284 * TIME-WAIT * and initialize rx_opt.ts_recent from it,
285 * when trying new connection.
286 */
287 if (peer) {
288 inet_peer_refcheck(peer);
289 if ((u32)get_seconds() - peer->tcp_ts_stamp <= TCP_PAWS_MSL) {
290 tp->rx_opt.ts_recent_stamp = peer->tcp_ts_stamp;
291 tp->rx_opt.ts_recent = peer->tcp_ts;
292 }
293 }
294 }
295
296 icsk->icsk_ext_hdr_len = 0;
297 if (np->opt)
298 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
299 np->opt->opt_nflen);
300
301 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
302
303 inet->inet_dport = usin->sin6_port;
304
305 tcp_set_state(sk, TCP_SYN_SENT);
306 err = inet6_hash_connect(&tcp_death_row, sk);
307 if (err)
308 goto late_failure;
309
310 if (!tp->write_seq)
311 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
312 np->daddr.s6_addr32,
313 inet->inet_sport,
314 inet->inet_dport);
315
316 err = tcp_connect(sk);
317 if (err)
318 goto late_failure;
319
320 return 0;
321
322 late_failure:
323 tcp_set_state(sk, TCP_CLOSE);
324 __sk_dst_reset(sk);
325 failure:
326 inet->inet_dport = 0;
327 sk->sk_route_caps = 0;
328 return err;
329 }
330
tcp_v6_err(struct sk_buff * skb,struct inet6_skb_parm * opt,u8 type,u8 code,int offset,__be32 info)331 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
332 u8 type, u8 code, int offset, __be32 info)
333 {
334 struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
335 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
336 struct ipv6_pinfo *np;
337 struct sock *sk;
338 int err;
339 struct tcp_sock *tp;
340 __u32 seq;
341 struct net *net = dev_net(skb->dev);
342
343 sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr,
344 th->dest, &hdr->saddr, th->source, skb->dev->ifindex);
345
346 if (sk == NULL) {
347 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev),
348 ICMP6_MIB_INERRORS);
349 return;
350 }
351
352 if (sk->sk_state == TCP_TIME_WAIT) {
353 inet_twsk_put(inet_twsk(sk));
354 return;
355 }
356
357 bh_lock_sock(sk);
358 if (sock_owned_by_user(sk))
359 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
360
361 if (sk->sk_state == TCP_CLOSE)
362 goto out;
363
364 if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) {
365 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
366 goto out;
367 }
368
369 tp = tcp_sk(sk);
370 seq = ntohl(th->seq);
371 if (sk->sk_state != TCP_LISTEN &&
372 !between(seq, tp->snd_una, tp->snd_nxt)) {
373 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
374 goto out;
375 }
376
377 np = inet6_sk(sk);
378
379 if (type == ICMPV6_PKT_TOOBIG) {
380 struct dst_entry *dst;
381
382 if (sock_owned_by_user(sk))
383 goto out;
384 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
385 goto out;
386
387 /* icmp should have updated the destination cache entry */
388 dst = __sk_dst_check(sk, np->dst_cookie);
389
390 if (dst == NULL) {
391 struct inet_sock *inet = inet_sk(sk);
392 struct flowi6 fl6;
393
394 /* BUGGG_FUTURE: Again, it is not clear how
395 to handle rthdr case. Ignore this complexity
396 for now.
397 */
398 memset(&fl6, 0, sizeof(fl6));
399 fl6.flowi6_proto = IPPROTO_TCP;
400 ipv6_addr_copy(&fl6.daddr, &np->daddr);
401 ipv6_addr_copy(&fl6.saddr, &np->saddr);
402 fl6.flowi6_oif = sk->sk_bound_dev_if;
403 fl6.flowi6_mark = sk->sk_mark;
404 fl6.fl6_dport = inet->inet_dport;
405 fl6.fl6_sport = inet->inet_sport;
406 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
407
408 dst = ip6_dst_lookup_flow(sk, &fl6, NULL, false);
409 if (IS_ERR(dst)) {
410 sk->sk_err_soft = -PTR_ERR(dst);
411 goto out;
412 }
413
414 } else
415 dst_hold(dst);
416
417 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
418 tcp_sync_mss(sk, dst_mtu(dst));
419 tcp_simple_retransmit(sk);
420 } /* else let the usual retransmit timer handle it */
421 dst_release(dst);
422 goto out;
423 }
424
425 icmpv6_err_convert(type, code, &err);
426
427 /* Might be for an request_sock */
428 switch (sk->sk_state) {
429 struct request_sock *req, **prev;
430 case TCP_LISTEN:
431 if (sock_owned_by_user(sk))
432 goto out;
433
434 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
435 &hdr->saddr, inet6_iif(skb));
436 if (!req)
437 goto out;
438
439 /* ICMPs are not backlogged, hence we cannot get
440 * an established socket here.
441 */
442 WARN_ON(req->sk != NULL);
443
444 if (seq != tcp_rsk(req)->snt_isn) {
445 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
446 goto out;
447 }
448
449 inet_csk_reqsk_queue_drop(sk, req, prev);
450 goto out;
451
452 case TCP_SYN_SENT:
453 case TCP_SYN_RECV: /* Cannot happen.
454 It can, it SYNs are crossed. --ANK */
455 if (!sock_owned_by_user(sk)) {
456 sk->sk_err = err;
457 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
458
459 tcp_done(sk);
460 } else
461 sk->sk_err_soft = err;
462 goto out;
463 }
464
465 if (!sock_owned_by_user(sk) && np->recverr) {
466 sk->sk_err = err;
467 sk->sk_error_report(sk);
468 } else
469 sk->sk_err_soft = err;
470
471 out:
472 bh_unlock_sock(sk);
473 sock_put(sk);
474 }
475
476
tcp_v6_send_synack(struct sock * sk,struct request_sock * req,struct request_values * rvp)477 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
478 struct request_values *rvp)
479 {
480 struct inet6_request_sock *treq = inet6_rsk(req);
481 struct ipv6_pinfo *np = inet6_sk(sk);
482 struct sk_buff * skb;
483 struct ipv6_txoptions *opt = NULL;
484 struct in6_addr * final_p, final;
485 struct flowi6 fl6;
486 struct dst_entry *dst;
487 int err;
488
489 memset(&fl6, 0, sizeof(fl6));
490 fl6.flowi6_proto = IPPROTO_TCP;
491 ipv6_addr_copy(&fl6.daddr, &treq->rmt_addr);
492 ipv6_addr_copy(&fl6.saddr, &treq->loc_addr);
493 fl6.flowlabel = 0;
494 fl6.flowi6_oif = treq->iif;
495 fl6.flowi6_mark = sk->sk_mark;
496 fl6.fl6_dport = inet_rsk(req)->rmt_port;
497 fl6.fl6_sport = inet_rsk(req)->loc_port;
498 security_req_classify_flow(req, flowi6_to_flowi(&fl6));
499
500 opt = np->opt;
501 final_p = fl6_update_dst(&fl6, opt, &final);
502
503 dst = ip6_dst_lookup_flow(sk, &fl6, final_p, false);
504 if (IS_ERR(dst)) {
505 err = PTR_ERR(dst);
506 dst = NULL;
507 goto done;
508 }
509 skb = tcp_make_synack(sk, dst, req, rvp);
510 err = -ENOMEM;
511 if (skb) {
512 __tcp_v6_send_check(skb, &treq->loc_addr, &treq->rmt_addr);
513
514 ipv6_addr_copy(&fl6.daddr, &treq->rmt_addr);
515 err = ip6_xmit(sk, skb, &fl6, opt);
516 err = net_xmit_eval(err);
517 }
518
519 done:
520 if (opt && opt != np->opt)
521 sock_kfree_s(sk, opt, opt->tot_len);
522 dst_release(dst);
523 return err;
524 }
525
tcp_v6_rtx_synack(struct sock * sk,struct request_sock * req,struct request_values * rvp)526 static int tcp_v6_rtx_synack(struct sock *sk, struct request_sock *req,
527 struct request_values *rvp)
528 {
529 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_RETRANSSEGS);
530 return tcp_v6_send_synack(sk, req, rvp);
531 }
532
syn_flood_warning(struct sk_buff * skb)533 static inline void syn_flood_warning(struct sk_buff *skb)
534 {
535 #ifdef CONFIG_SYN_COOKIES
536 if (sysctl_tcp_syncookies)
537 printk(KERN_INFO
538 "TCPv6: Possible SYN flooding on port %d. "
539 "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest));
540 else
541 #endif
542 printk(KERN_INFO
543 "TCPv6: Possible SYN flooding on port %d. "
544 "Dropping request.\n", ntohs(tcp_hdr(skb)->dest));
545 }
546
tcp_v6_reqsk_destructor(struct request_sock * req)547 static void tcp_v6_reqsk_destructor(struct request_sock *req)
548 {
549 kfree_skb(inet6_rsk(req)->pktopts);
550 }
551
552 #ifdef CONFIG_TCP_MD5SIG
tcp_v6_md5_do_lookup(struct sock * sk,struct in6_addr * addr)553 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
554 struct in6_addr *addr)
555 {
556 struct tcp_sock *tp = tcp_sk(sk);
557 int i;
558
559 BUG_ON(tp == NULL);
560
561 if (!tp->md5sig_info || !tp->md5sig_info->entries6)
562 return NULL;
563
564 for (i = 0; i < tp->md5sig_info->entries6; i++) {
565 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr))
566 return &tp->md5sig_info->keys6[i].base;
567 }
568 return NULL;
569 }
570
tcp_v6_md5_lookup(struct sock * sk,struct sock * addr_sk)571 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
572 struct sock *addr_sk)
573 {
574 return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
575 }
576
tcp_v6_reqsk_md5_lookup(struct sock * sk,struct request_sock * req)577 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
578 struct request_sock *req)
579 {
580 return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
581 }
582
tcp_v6_md5_do_add(struct sock * sk,struct in6_addr * peer,char * newkey,u8 newkeylen)583 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
584 char *newkey, u8 newkeylen)
585 {
586 /* Add key to the list */
587 struct tcp_md5sig_key *key;
588 struct tcp_sock *tp = tcp_sk(sk);
589 struct tcp6_md5sig_key *keys;
590
591 key = tcp_v6_md5_do_lookup(sk, peer);
592 if (key) {
593 /* modify existing entry - just update that one */
594 kfree(key->key);
595 key->key = newkey;
596 key->keylen = newkeylen;
597 } else {
598 /* reallocate new list if current one is full. */
599 if (!tp->md5sig_info) {
600 tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC);
601 if (!tp->md5sig_info) {
602 kfree(newkey);
603 return -ENOMEM;
604 }
605 sk_nocaps_add(sk, NETIF_F_GSO_MASK);
606 }
607 if (tcp_alloc_md5sig_pool(sk) == NULL) {
608 kfree(newkey);
609 return -ENOMEM;
610 }
611 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) {
612 keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) *
613 (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
614
615 if (!keys) {
616 tcp_free_md5sig_pool();
617 kfree(newkey);
618 return -ENOMEM;
619 }
620
621 if (tp->md5sig_info->entries6)
622 memmove(keys, tp->md5sig_info->keys6,
623 (sizeof (tp->md5sig_info->keys6[0]) *
624 tp->md5sig_info->entries6));
625
626 kfree(tp->md5sig_info->keys6);
627 tp->md5sig_info->keys6 = keys;
628 tp->md5sig_info->alloced6++;
629 }
630
631 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
632 peer);
633 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey;
634 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen;
635
636 tp->md5sig_info->entries6++;
637 }
638 return 0;
639 }
640
tcp_v6_md5_add_func(struct sock * sk,struct sock * addr_sk,u8 * newkey,__u8 newkeylen)641 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk,
642 u8 *newkey, __u8 newkeylen)
643 {
644 return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr,
645 newkey, newkeylen);
646 }
647
tcp_v6_md5_do_del(struct sock * sk,struct in6_addr * peer)648 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
649 {
650 struct tcp_sock *tp = tcp_sk(sk);
651 int i;
652
653 for (i = 0; i < tp->md5sig_info->entries6; i++) {
654 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) {
655 /* Free the key */
656 kfree(tp->md5sig_info->keys6[i].base.key);
657 tp->md5sig_info->entries6--;
658
659 if (tp->md5sig_info->entries6 == 0) {
660 kfree(tp->md5sig_info->keys6);
661 tp->md5sig_info->keys6 = NULL;
662 tp->md5sig_info->alloced6 = 0;
663 } else {
664 /* shrink the database */
665 if (tp->md5sig_info->entries6 != i)
666 memmove(&tp->md5sig_info->keys6[i],
667 &tp->md5sig_info->keys6[i+1],
668 (tp->md5sig_info->entries6 - i)
669 * sizeof (tp->md5sig_info->keys6[0]));
670 }
671 tcp_free_md5sig_pool();
672 return 0;
673 }
674 }
675 return -ENOENT;
676 }
677
tcp_v6_clear_md5_list(struct sock * sk)678 static void tcp_v6_clear_md5_list (struct sock *sk)
679 {
680 struct tcp_sock *tp = tcp_sk(sk);
681 int i;
682
683 if (tp->md5sig_info->entries6) {
684 for (i = 0; i < tp->md5sig_info->entries6; i++)
685 kfree(tp->md5sig_info->keys6[i].base.key);
686 tp->md5sig_info->entries6 = 0;
687 tcp_free_md5sig_pool();
688 }
689
690 kfree(tp->md5sig_info->keys6);
691 tp->md5sig_info->keys6 = NULL;
692 tp->md5sig_info->alloced6 = 0;
693
694 if (tp->md5sig_info->entries4) {
695 for (i = 0; i < tp->md5sig_info->entries4; i++)
696 kfree(tp->md5sig_info->keys4[i].base.key);
697 tp->md5sig_info->entries4 = 0;
698 tcp_free_md5sig_pool();
699 }
700
701 kfree(tp->md5sig_info->keys4);
702 tp->md5sig_info->keys4 = NULL;
703 tp->md5sig_info->alloced4 = 0;
704 }
705
tcp_v6_parse_md5_keys(struct sock * sk,char __user * optval,int optlen)706 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
707 int optlen)
708 {
709 struct tcp_md5sig cmd;
710 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
711 u8 *newkey;
712
713 if (optlen < sizeof(cmd))
714 return -EINVAL;
715
716 if (copy_from_user(&cmd, optval, sizeof(cmd)))
717 return -EFAULT;
718
719 if (sin6->sin6_family != AF_INET6)
720 return -EINVAL;
721
722 if (!cmd.tcpm_keylen) {
723 if (!tcp_sk(sk)->md5sig_info)
724 return -ENOENT;
725 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
726 return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
727 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr);
728 }
729
730 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
731 return -EINVAL;
732
733 if (!tcp_sk(sk)->md5sig_info) {
734 struct tcp_sock *tp = tcp_sk(sk);
735 struct tcp_md5sig_info *p;
736
737 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL);
738 if (!p)
739 return -ENOMEM;
740
741 tp->md5sig_info = p;
742 sk_nocaps_add(sk, NETIF_F_GSO_MASK);
743 }
744
745 newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
746 if (!newkey)
747 return -ENOMEM;
748 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) {
749 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3],
750 newkey, cmd.tcpm_keylen);
751 }
752 return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
753 }
754
tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool * hp,struct in6_addr * daddr,struct in6_addr * saddr,int nbytes)755 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
756 struct in6_addr *daddr,
757 struct in6_addr *saddr, int nbytes)
758 {
759 struct tcp6_pseudohdr *bp;
760 struct scatterlist sg;
761
762 bp = &hp->md5_blk.ip6;
763 /* 1. TCP pseudo-header (RFC2460) */
764 ipv6_addr_copy(&bp->saddr, saddr);
765 ipv6_addr_copy(&bp->daddr, daddr);
766 bp->protocol = cpu_to_be32(IPPROTO_TCP);
767 bp->len = cpu_to_be32(nbytes);
768
769 sg_init_one(&sg, bp, sizeof(*bp));
770 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
771 }
772
tcp_v6_md5_hash_hdr(char * md5_hash,struct tcp_md5sig_key * key,struct in6_addr * daddr,struct in6_addr * saddr,struct tcphdr * th)773 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
774 struct in6_addr *daddr, struct in6_addr *saddr,
775 struct tcphdr *th)
776 {
777 struct tcp_md5sig_pool *hp;
778 struct hash_desc *desc;
779
780 hp = tcp_get_md5sig_pool();
781 if (!hp)
782 goto clear_hash_noput;
783 desc = &hp->md5_desc;
784
785 if (crypto_hash_init(desc))
786 goto clear_hash;
787 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
788 goto clear_hash;
789 if (tcp_md5_hash_header(hp, th))
790 goto clear_hash;
791 if (tcp_md5_hash_key(hp, key))
792 goto clear_hash;
793 if (crypto_hash_final(desc, md5_hash))
794 goto clear_hash;
795
796 tcp_put_md5sig_pool();
797 return 0;
798
799 clear_hash:
800 tcp_put_md5sig_pool();
801 clear_hash_noput:
802 memset(md5_hash, 0, 16);
803 return 1;
804 }
805
tcp_v6_md5_hash_skb(char * md5_hash,struct tcp_md5sig_key * key,struct sock * sk,struct request_sock * req,struct sk_buff * skb)806 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
807 struct sock *sk, struct request_sock *req,
808 struct sk_buff *skb)
809 {
810 struct in6_addr *saddr, *daddr;
811 struct tcp_md5sig_pool *hp;
812 struct hash_desc *desc;
813 struct tcphdr *th = tcp_hdr(skb);
814
815 if (sk) {
816 saddr = &inet6_sk(sk)->saddr;
817 daddr = &inet6_sk(sk)->daddr;
818 } else if (req) {
819 saddr = &inet6_rsk(req)->loc_addr;
820 daddr = &inet6_rsk(req)->rmt_addr;
821 } else {
822 struct ipv6hdr *ip6h = ipv6_hdr(skb);
823 saddr = &ip6h->saddr;
824 daddr = &ip6h->daddr;
825 }
826
827 hp = tcp_get_md5sig_pool();
828 if (!hp)
829 goto clear_hash_noput;
830 desc = &hp->md5_desc;
831
832 if (crypto_hash_init(desc))
833 goto clear_hash;
834
835 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
836 goto clear_hash;
837 if (tcp_md5_hash_header(hp, th))
838 goto clear_hash;
839 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
840 goto clear_hash;
841 if (tcp_md5_hash_key(hp, key))
842 goto clear_hash;
843 if (crypto_hash_final(desc, md5_hash))
844 goto clear_hash;
845
846 tcp_put_md5sig_pool();
847 return 0;
848
849 clear_hash:
850 tcp_put_md5sig_pool();
851 clear_hash_noput:
852 memset(md5_hash, 0, 16);
853 return 1;
854 }
855
tcp_v6_inbound_md5_hash(struct sock * sk,struct sk_buff * skb)856 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
857 {
858 __u8 *hash_location = NULL;
859 struct tcp_md5sig_key *hash_expected;
860 struct ipv6hdr *ip6h = ipv6_hdr(skb);
861 struct tcphdr *th = tcp_hdr(skb);
862 int genhash;
863 u8 newhash[16];
864
865 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
866 hash_location = tcp_parse_md5sig_option(th);
867
868 /* We've parsed the options - do we have a hash? */
869 if (!hash_expected && !hash_location)
870 return 0;
871
872 if (hash_expected && !hash_location) {
873 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
874 return 1;
875 }
876
877 if (!hash_expected && hash_location) {
878 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
879 return 1;
880 }
881
882 /* check the signature */
883 genhash = tcp_v6_md5_hash_skb(newhash,
884 hash_expected,
885 NULL, NULL, skb);
886
887 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
888 if (net_ratelimit()) {
889 printk(KERN_INFO "MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
890 genhash ? "failed" : "mismatch",
891 &ip6h->saddr, ntohs(th->source),
892 &ip6h->daddr, ntohs(th->dest));
893 }
894 return 1;
895 }
896 return 0;
897 }
898 #endif
899
900 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
901 .family = AF_INET6,
902 .obj_size = sizeof(struct tcp6_request_sock),
903 .rtx_syn_ack = tcp_v6_rtx_synack,
904 .send_ack = tcp_v6_reqsk_send_ack,
905 .destructor = tcp_v6_reqsk_destructor,
906 .send_reset = tcp_v6_send_reset,
907 .syn_ack_timeout = tcp_syn_ack_timeout,
908 };
909
910 #ifdef CONFIG_TCP_MD5SIG
911 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
912 .md5_lookup = tcp_v6_reqsk_md5_lookup,
913 .calc_md5_hash = tcp_v6_md5_hash_skb,
914 };
915 #endif
916
__tcp_v6_send_check(struct sk_buff * skb,struct in6_addr * saddr,struct in6_addr * daddr)917 static void __tcp_v6_send_check(struct sk_buff *skb,
918 struct in6_addr *saddr, struct in6_addr *daddr)
919 {
920 struct tcphdr *th = tcp_hdr(skb);
921
922 if (skb->ip_summed == CHECKSUM_PARTIAL) {
923 th->check = ~tcp_v6_check(skb->len, saddr, daddr, 0);
924 skb->csum_start = skb_transport_header(skb) - skb->head;
925 skb->csum_offset = offsetof(struct tcphdr, check);
926 } else {
927 th->check = tcp_v6_check(skb->len, saddr, daddr,
928 csum_partial(th, th->doff << 2,
929 skb->csum));
930 }
931 }
932
tcp_v6_send_check(struct sock * sk,struct sk_buff * skb)933 static void tcp_v6_send_check(struct sock *sk, struct sk_buff *skb)
934 {
935 struct ipv6_pinfo *np = inet6_sk(sk);
936
937 __tcp_v6_send_check(skb, &np->saddr, &np->daddr);
938 }
939
tcp_v6_gso_send_check(struct sk_buff * skb)940 static int tcp_v6_gso_send_check(struct sk_buff *skb)
941 {
942 struct ipv6hdr *ipv6h;
943 struct tcphdr *th;
944
945 if (!pskb_may_pull(skb, sizeof(*th)))
946 return -EINVAL;
947
948 ipv6h = ipv6_hdr(skb);
949 th = tcp_hdr(skb);
950
951 th->check = 0;
952 skb->ip_summed = CHECKSUM_PARTIAL;
953 __tcp_v6_send_check(skb, &ipv6h->saddr, &ipv6h->daddr);
954 return 0;
955 }
956
tcp6_gro_receive(struct sk_buff ** head,struct sk_buff * skb)957 static struct sk_buff **tcp6_gro_receive(struct sk_buff **head,
958 struct sk_buff *skb)
959 {
960 struct ipv6hdr *iph = skb_gro_network_header(skb);
961
962 switch (skb->ip_summed) {
963 case CHECKSUM_COMPLETE:
964 if (!tcp_v6_check(skb_gro_len(skb), &iph->saddr, &iph->daddr,
965 skb->csum)) {
966 skb->ip_summed = CHECKSUM_UNNECESSARY;
967 break;
968 }
969
970 /* fall through */
971 case CHECKSUM_NONE:
972 NAPI_GRO_CB(skb)->flush = 1;
973 return NULL;
974 }
975
976 return tcp_gro_receive(head, skb);
977 }
978
tcp6_gro_complete(struct sk_buff * skb)979 static int tcp6_gro_complete(struct sk_buff *skb)
980 {
981 struct ipv6hdr *iph = ipv6_hdr(skb);
982 struct tcphdr *th = tcp_hdr(skb);
983
984 th->check = ~tcp_v6_check(skb->len - skb_transport_offset(skb),
985 &iph->saddr, &iph->daddr, 0);
986 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6;
987
988 return tcp_gro_complete(skb);
989 }
990
tcp_v6_send_response(struct sk_buff * skb,u32 seq,u32 ack,u32 win,u32 ts,struct tcp_md5sig_key * key,int rst)991 static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
992 u32 ts, struct tcp_md5sig_key *key, int rst)
993 {
994 struct tcphdr *th = tcp_hdr(skb), *t1;
995 struct sk_buff *buff;
996 struct flowi6 fl6;
997 struct net *net = dev_net(skb_dst(skb)->dev);
998 struct sock *ctl_sk = net->ipv6.tcp_sk;
999 unsigned int tot_len = sizeof(struct tcphdr);
1000 struct dst_entry *dst;
1001 __be32 *topt;
1002
1003 if (ts)
1004 tot_len += TCPOLEN_TSTAMP_ALIGNED;
1005 #ifdef CONFIG_TCP_MD5SIG
1006 if (key)
1007 tot_len += TCPOLEN_MD5SIG_ALIGNED;
1008 #endif
1009
1010 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1011 GFP_ATOMIC);
1012 if (buff == NULL)
1013 return;
1014
1015 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1016
1017 t1 = (struct tcphdr *) skb_push(buff, tot_len);
1018 skb_reset_transport_header(buff);
1019
1020 /* Swap the send and the receive. */
1021 memset(t1, 0, sizeof(*t1));
1022 t1->dest = th->source;
1023 t1->source = th->dest;
1024 t1->doff = tot_len / 4;
1025 t1->seq = htonl(seq);
1026 t1->ack_seq = htonl(ack);
1027 t1->ack = !rst || !th->ack;
1028 t1->rst = rst;
1029 t1->window = htons(win);
1030
1031 topt = (__be32 *)(t1 + 1);
1032
1033 if (ts) {
1034 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1035 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
1036 *topt++ = htonl(tcp_time_stamp);
1037 *topt++ = htonl(ts);
1038 }
1039
1040 #ifdef CONFIG_TCP_MD5SIG
1041 if (key) {
1042 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1043 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1044 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
1045 &ipv6_hdr(skb)->saddr,
1046 &ipv6_hdr(skb)->daddr, t1);
1047 }
1048 #endif
1049
1050 memset(&fl6, 0, sizeof(fl6));
1051 ipv6_addr_copy(&fl6.daddr, &ipv6_hdr(skb)->saddr);
1052 ipv6_addr_copy(&fl6.saddr, &ipv6_hdr(skb)->daddr);
1053
1054 buff->ip_summed = CHECKSUM_PARTIAL;
1055 buff->csum = 0;
1056
1057 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
1058
1059 fl6.flowi6_proto = IPPROTO_TCP;
1060 fl6.flowi6_oif = inet6_iif(skb);
1061 fl6.fl6_dport = t1->dest;
1062 fl6.fl6_sport = t1->source;
1063 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
1064
1065 /* Pass a socket to ip6_dst_lookup either it is for RST
1066 * Underlying function will use this to retrieve the network
1067 * namespace
1068 */
1069 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL, false);
1070 if (!IS_ERR(dst)) {
1071 skb_dst_set(buff, dst);
1072 ip6_xmit(ctl_sk, buff, &fl6, NULL);
1073 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
1074 if (rst)
1075 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
1076 return;
1077 }
1078
1079 kfree_skb(buff);
1080 }
1081
tcp_v6_send_reset(struct sock * sk,struct sk_buff * skb)1082 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
1083 {
1084 struct tcphdr *th = tcp_hdr(skb);
1085 u32 seq = 0, ack_seq = 0;
1086 struct tcp_md5sig_key *key = NULL;
1087
1088 if (th->rst)
1089 return;
1090
1091 if (!ipv6_unicast_destination(skb))
1092 return;
1093
1094 #ifdef CONFIG_TCP_MD5SIG
1095 if (sk)
1096 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr);
1097 #endif
1098
1099 if (th->ack)
1100 seq = ntohl(th->ack_seq);
1101 else
1102 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
1103 (th->doff << 2);
1104
1105 tcp_v6_send_response(skb, seq, ack_seq, 0, 0, key, 1);
1106 }
1107
tcp_v6_send_ack(struct sk_buff * skb,u32 seq,u32 ack,u32 win,u32 ts,struct tcp_md5sig_key * key)1108 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts,
1109 struct tcp_md5sig_key *key)
1110 {
1111 tcp_v6_send_response(skb, seq, ack, win, ts, key, 0);
1112 }
1113
tcp_v6_timewait_ack(struct sock * sk,struct sk_buff * skb)1114 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1115 {
1116 struct inet_timewait_sock *tw = inet_twsk(sk);
1117 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1118
1119 tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1120 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1121 tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw));
1122
1123 inet_twsk_put(tw);
1124 }
1125
tcp_v6_reqsk_send_ack(struct sock * sk,struct sk_buff * skb,struct request_sock * req)1126 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
1127 struct request_sock *req)
1128 {
1129 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent,
1130 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr));
1131 }
1132
1133
tcp_v6_hnd_req(struct sock * sk,struct sk_buff * skb)1134 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1135 {
1136 struct request_sock *req, **prev;
1137 const struct tcphdr *th = tcp_hdr(skb);
1138 struct sock *nsk;
1139
1140 /* Find possible connection requests. */
1141 req = inet6_csk_search_req(sk, &prev, th->source,
1142 &ipv6_hdr(skb)->saddr,
1143 &ipv6_hdr(skb)->daddr, inet6_iif(skb));
1144 if (req)
1145 return tcp_check_req(sk, skb, req, prev);
1146
1147 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
1148 &ipv6_hdr(skb)->saddr, th->source,
1149 &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb));
1150
1151 if (nsk) {
1152 if (nsk->sk_state != TCP_TIME_WAIT) {
1153 bh_lock_sock(nsk);
1154 return nsk;
1155 }
1156 inet_twsk_put(inet_twsk(nsk));
1157 return NULL;
1158 }
1159
1160 #ifdef CONFIG_SYN_COOKIES
1161 if (!th->syn)
1162 sk = cookie_v6_check(sk, skb);
1163 #endif
1164 return sk;
1165 }
1166
1167 /* FIXME: this is substantially similar to the ipv4 code.
1168 * Can some kind of merge be done? -- erics
1169 */
tcp_v6_conn_request(struct sock * sk,struct sk_buff * skb)1170 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1171 {
1172 struct tcp_extend_values tmp_ext;
1173 struct tcp_options_received tmp_opt;
1174 u8 *hash_location;
1175 struct request_sock *req;
1176 struct inet6_request_sock *treq;
1177 struct ipv6_pinfo *np = inet6_sk(sk);
1178 struct tcp_sock *tp = tcp_sk(sk);
1179 __u32 isn = TCP_SKB_CB(skb)->when;
1180 struct dst_entry *dst = NULL;
1181 #ifdef CONFIG_SYN_COOKIES
1182 int want_cookie = 0;
1183 #else
1184 #define want_cookie 0
1185 #endif
1186
1187 if (skb->protocol == htons(ETH_P_IP))
1188 return tcp_v4_conn_request(sk, skb);
1189
1190 if (!ipv6_unicast_destination(skb))
1191 goto drop;
1192
1193 if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1194 if (net_ratelimit())
1195 syn_flood_warning(skb);
1196 #ifdef CONFIG_SYN_COOKIES
1197 if (sysctl_tcp_syncookies)
1198 want_cookie = 1;
1199 else
1200 #endif
1201 goto drop;
1202 }
1203
1204 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1205 goto drop;
1206
1207 req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
1208 if (req == NULL)
1209 goto drop;
1210
1211 #ifdef CONFIG_TCP_MD5SIG
1212 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
1213 #endif
1214
1215 tcp_clear_options(&tmp_opt);
1216 tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1217 tmp_opt.user_mss = tp->rx_opt.user_mss;
1218 tcp_parse_options(skb, &tmp_opt, &hash_location, 0);
1219
1220 if (tmp_opt.cookie_plus > 0 &&
1221 tmp_opt.saw_tstamp &&
1222 !tp->rx_opt.cookie_out_never &&
1223 (sysctl_tcp_cookie_size > 0 ||
1224 (tp->cookie_values != NULL &&
1225 tp->cookie_values->cookie_desired > 0))) {
1226 u8 *c;
1227 u32 *d;
1228 u32 *mess = &tmp_ext.cookie_bakery[COOKIE_DIGEST_WORDS];
1229 int l = tmp_opt.cookie_plus - TCPOLEN_COOKIE_BASE;
1230
1231 if (tcp_cookie_generator(&tmp_ext.cookie_bakery[0]) != 0)
1232 goto drop_and_free;
1233
1234 /* Secret recipe starts with IP addresses */
1235 d = (__force u32 *)&ipv6_hdr(skb)->daddr.s6_addr32[0];
1236 *mess++ ^= *d++;
1237 *mess++ ^= *d++;
1238 *mess++ ^= *d++;
1239 *mess++ ^= *d++;
1240 d = (__force u32 *)&ipv6_hdr(skb)->saddr.s6_addr32[0];
1241 *mess++ ^= *d++;
1242 *mess++ ^= *d++;
1243 *mess++ ^= *d++;
1244 *mess++ ^= *d++;
1245
1246 /* plus variable length Initiator Cookie */
1247 c = (u8 *)mess;
1248 while (l-- > 0)
1249 *c++ ^= *hash_location++;
1250
1251 #ifdef CONFIG_SYN_COOKIES
1252 want_cookie = 0; /* not our kind of cookie */
1253 #endif
1254 tmp_ext.cookie_out_never = 0; /* false */
1255 tmp_ext.cookie_plus = tmp_opt.cookie_plus;
1256 } else if (!tp->rx_opt.cookie_in_always) {
1257 /* redundant indications, but ensure initialization. */
1258 tmp_ext.cookie_out_never = 1; /* true */
1259 tmp_ext.cookie_plus = 0;
1260 } else {
1261 goto drop_and_free;
1262 }
1263 tmp_ext.cookie_in_always = tp->rx_opt.cookie_in_always;
1264
1265 if (want_cookie && !tmp_opt.saw_tstamp)
1266 tcp_clear_options(&tmp_opt);
1267
1268 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1269 tcp_openreq_init(req, &tmp_opt, skb);
1270
1271 treq = inet6_rsk(req);
1272 ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr);
1273 ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr);
1274 if (!want_cookie || tmp_opt.tstamp_ok)
1275 TCP_ECN_create_request(req, tcp_hdr(skb));
1276
1277 if (!isn) {
1278 struct inet_peer *peer = NULL;
1279
1280 if (ipv6_opt_accepted(sk, skb) ||
1281 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1282 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1283 atomic_inc(&skb->users);
1284 treq->pktopts = skb;
1285 }
1286 treq->iif = sk->sk_bound_dev_if;
1287
1288 /* So that link locals have meaning */
1289 if (!sk->sk_bound_dev_if &&
1290 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1291 treq->iif = inet6_iif(skb);
1292
1293 if (want_cookie) {
1294 isn = cookie_v6_init_sequence(sk, skb, &req->mss);
1295 req->cookie_ts = tmp_opt.tstamp_ok;
1296 goto have_isn;
1297 }
1298
1299 /* VJ's idea. We save last timestamp seen
1300 * from the destination in peer table, when entering
1301 * state TIME-WAIT, and check against it before
1302 * accepting new connection request.
1303 *
1304 * If "isn" is not zero, this request hit alive
1305 * timewait bucket, so that all the necessary checks
1306 * are made in the function processing timewait state.
1307 */
1308 if (tmp_opt.saw_tstamp &&
1309 tcp_death_row.sysctl_tw_recycle &&
1310 (dst = inet6_csk_route_req(sk, req)) != NULL &&
1311 (peer = rt6_get_peer((struct rt6_info *)dst)) != NULL &&
1312 ipv6_addr_equal((struct in6_addr *)peer->daddr.addr.a6,
1313 &treq->rmt_addr)) {
1314 inet_peer_refcheck(peer);
1315 if ((u32)get_seconds() - peer->tcp_ts_stamp < TCP_PAWS_MSL &&
1316 (s32)(peer->tcp_ts - req->ts_recent) >
1317 TCP_PAWS_WINDOW) {
1318 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSPASSIVEREJECTED);
1319 goto drop_and_release;
1320 }
1321 }
1322 /* Kill the following clause, if you dislike this way. */
1323 else if (!sysctl_tcp_syncookies &&
1324 (sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) <
1325 (sysctl_max_syn_backlog >> 2)) &&
1326 (!peer || !peer->tcp_ts_stamp) &&
1327 (!dst || !dst_metric(dst, RTAX_RTT))) {
1328 /* Without syncookies last quarter of
1329 * backlog is filled with destinations,
1330 * proven to be alive.
1331 * It means that we continue to communicate
1332 * to destinations, already remembered
1333 * to the moment of synflood.
1334 */
1335 LIMIT_NETDEBUG(KERN_DEBUG "TCP: drop open request from %pI6/%u\n",
1336 &treq->rmt_addr, ntohs(tcp_hdr(skb)->source));
1337 goto drop_and_release;
1338 }
1339
1340 isn = tcp_v6_init_sequence(skb);
1341 }
1342 have_isn:
1343 tcp_rsk(req)->snt_isn = isn;
1344
1345 security_inet_conn_request(sk, skb, req);
1346
1347 if (tcp_v6_send_synack(sk, req,
1348 (struct request_values *)&tmp_ext) ||
1349 want_cookie)
1350 goto drop_and_free;
1351
1352 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1353 return 0;
1354
1355 drop_and_release:
1356 dst_release(dst);
1357 drop_and_free:
1358 reqsk_free(req);
1359 drop:
1360 return 0; /* don't send reset */
1361 }
1362
tcp_v6_syn_recv_sock(struct sock * sk,struct sk_buff * skb,struct request_sock * req,struct dst_entry * dst)1363 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1364 struct request_sock *req,
1365 struct dst_entry *dst)
1366 {
1367 struct inet6_request_sock *treq;
1368 struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1369 struct tcp6_sock *newtcp6sk;
1370 struct inet_sock *newinet;
1371 struct tcp_sock *newtp;
1372 struct sock *newsk;
1373 struct ipv6_txoptions *opt;
1374 #ifdef CONFIG_TCP_MD5SIG
1375 struct tcp_md5sig_key *key;
1376 #endif
1377
1378 if (skb->protocol == htons(ETH_P_IP)) {
1379 /*
1380 * v6 mapped
1381 */
1382
1383 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1384
1385 if (newsk == NULL)
1386 return NULL;
1387
1388 newtcp6sk = (struct tcp6_sock *)newsk;
1389 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1390
1391 newinet = inet_sk(newsk);
1392 newnp = inet6_sk(newsk);
1393 newtp = tcp_sk(newsk);
1394
1395 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1396
1397 ipv6_addr_set_v4mapped(newinet->inet_daddr, &newnp->daddr);
1398
1399 ipv6_addr_set_v4mapped(newinet->inet_saddr, &newnp->saddr);
1400
1401 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1402
1403 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1404 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1405 #ifdef CONFIG_TCP_MD5SIG
1406 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1407 #endif
1408
1409 newnp->pktoptions = NULL;
1410 newnp->opt = NULL;
1411 newnp->mcast_oif = inet6_iif(skb);
1412 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1413
1414 /*
1415 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1416 * here, tcp_create_openreq_child now does this for us, see the comment in
1417 * that function for the gory details. -acme
1418 */
1419
1420 /* It is tricky place. Until this moment IPv4 tcp
1421 worked with IPv6 icsk.icsk_af_ops.
1422 Sync it now.
1423 */
1424 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1425
1426 return newsk;
1427 }
1428
1429 treq = inet6_rsk(req);
1430 opt = np->opt;
1431
1432 if (sk_acceptq_is_full(sk))
1433 goto out_overflow;
1434
1435 if (!dst) {
1436 dst = inet6_csk_route_req(sk, req);
1437 if (!dst)
1438 goto out;
1439 }
1440
1441 newsk = tcp_create_openreq_child(sk, req, skb);
1442 if (newsk == NULL)
1443 goto out_nonewsk;
1444
1445 /*
1446 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1447 * count here, tcp_create_openreq_child now does this for us, see the
1448 * comment in that function for the gory details. -acme
1449 */
1450
1451 newsk->sk_gso_type = SKB_GSO_TCPV6;
1452 __ip6_dst_store(newsk, dst, NULL, NULL);
1453
1454 newtcp6sk = (struct tcp6_sock *)newsk;
1455 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1456
1457 newtp = tcp_sk(newsk);
1458 newinet = inet_sk(newsk);
1459 newnp = inet6_sk(newsk);
1460
1461 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1462
1463 ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1464 ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1465 ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1466 newsk->sk_bound_dev_if = treq->iif;
1467
1468 /* Now IPv6 options...
1469
1470 First: no IPv4 options.
1471 */
1472 newinet->opt = NULL;
1473 newnp->ipv6_fl_list = NULL;
1474
1475 /* Clone RX bits */
1476 newnp->rxopt.all = np->rxopt.all;
1477
1478 /* Clone pktoptions received with SYN */
1479 newnp->pktoptions = NULL;
1480 if (treq->pktopts != NULL) {
1481 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1482 kfree_skb(treq->pktopts);
1483 treq->pktopts = NULL;
1484 if (newnp->pktoptions)
1485 skb_set_owner_r(newnp->pktoptions, newsk);
1486 }
1487 newnp->opt = NULL;
1488 newnp->mcast_oif = inet6_iif(skb);
1489 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1490
1491 /* Clone native IPv6 options from listening socket (if any)
1492
1493 Yes, keeping reference count would be much more clever,
1494 but we make one more one thing there: reattach optmem
1495 to newsk.
1496 */
1497 if (opt) {
1498 newnp->opt = ipv6_dup_options(newsk, opt);
1499 if (opt != np->opt)
1500 sock_kfree_s(sk, opt, opt->tot_len);
1501 }
1502
1503 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1504 if (newnp->opt)
1505 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1506 newnp->opt->opt_flen);
1507
1508 tcp_mtup_init(newsk);
1509 tcp_sync_mss(newsk, dst_mtu(dst));
1510 newtp->advmss = dst_metric_advmss(dst);
1511 tcp_initialize_rcv_mss(newsk);
1512
1513 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1514 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1515
1516 #ifdef CONFIG_TCP_MD5SIG
1517 /* Copy over the MD5 key from the original socket */
1518 if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
1519 /* We're using one, so create a matching key
1520 * on the newsk structure. If we fail to get
1521 * memory, then we end up not copying the key
1522 * across. Shucks.
1523 */
1524 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1525 if (newkey != NULL)
1526 tcp_v6_md5_do_add(newsk, &newnp->daddr,
1527 newkey, key->keylen);
1528 }
1529 #endif
1530
1531 if (__inet_inherit_port(sk, newsk) < 0) {
1532 sock_put(newsk);
1533 goto out;
1534 }
1535 __inet6_hash(newsk, NULL);
1536
1537 return newsk;
1538
1539 out_overflow:
1540 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1541 out_nonewsk:
1542 if (opt && opt != np->opt)
1543 sock_kfree_s(sk, opt, opt->tot_len);
1544 dst_release(dst);
1545 out:
1546 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1547 return NULL;
1548 }
1549
tcp_v6_checksum_init(struct sk_buff * skb)1550 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1551 {
1552 if (skb->ip_summed == CHECKSUM_COMPLETE) {
1553 if (!tcp_v6_check(skb->len, &ipv6_hdr(skb)->saddr,
1554 &ipv6_hdr(skb)->daddr, skb->csum)) {
1555 skb->ip_summed = CHECKSUM_UNNECESSARY;
1556 return 0;
1557 }
1558 }
1559
1560 skb->csum = ~csum_unfold(tcp_v6_check(skb->len,
1561 &ipv6_hdr(skb)->saddr,
1562 &ipv6_hdr(skb)->daddr, 0));
1563
1564 if (skb->len <= 76) {
1565 return __skb_checksum_complete(skb);
1566 }
1567 return 0;
1568 }
1569
1570 /* The socket must have it's spinlock held when we get
1571 * here.
1572 *
1573 * We have a potential double-lock case here, so even when
1574 * doing backlog processing we use the BH locking scheme.
1575 * This is because we cannot sleep with the original spinlock
1576 * held.
1577 */
tcp_v6_do_rcv(struct sock * sk,struct sk_buff * skb)1578 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1579 {
1580 struct ipv6_pinfo *np = inet6_sk(sk);
1581 struct tcp_sock *tp;
1582 struct sk_buff *opt_skb = NULL;
1583
1584 /* Imagine: socket is IPv6. IPv4 packet arrives,
1585 goes to IPv4 receive handler and backlogged.
1586 From backlog it always goes here. Kerboom...
1587 Fortunately, tcp_rcv_established and rcv_established
1588 handle them correctly, but it is not case with
1589 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1590 */
1591
1592 if (skb->protocol == htons(ETH_P_IP))
1593 return tcp_v4_do_rcv(sk, skb);
1594
1595 #ifdef CONFIG_TCP_MD5SIG
1596 if (tcp_v6_inbound_md5_hash (sk, skb))
1597 goto discard;
1598 #endif
1599
1600 if (sk_filter(sk, skb))
1601 goto discard;
1602
1603 /*
1604 * socket locking is here for SMP purposes as backlog rcv
1605 * is currently called with bh processing disabled.
1606 */
1607
1608 /* Do Stevens' IPV6_PKTOPTIONS.
1609
1610 Yes, guys, it is the only place in our code, where we
1611 may make it not affecting IPv4.
1612 The rest of code is protocol independent,
1613 and I do not like idea to uglify IPv4.
1614
1615 Actually, all the idea behind IPV6_PKTOPTIONS
1616 looks not very well thought. For now we latch
1617 options, received in the last packet, enqueued
1618 by tcp. Feel free to propose better solution.
1619 --ANK (980728)
1620 */
1621 if (np->rxopt.all)
1622 opt_skb = skb_clone(skb, GFP_ATOMIC);
1623
1624 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1625 sock_rps_save_rxhash(sk, skb->rxhash);
1626 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len))
1627 goto reset;
1628 if (opt_skb)
1629 goto ipv6_pktoptions;
1630 return 0;
1631 }
1632
1633 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1634 goto csum_err;
1635
1636 if (sk->sk_state == TCP_LISTEN) {
1637 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1638 if (!nsk)
1639 goto discard;
1640
1641 /*
1642 * Queue it on the new socket if the new socket is active,
1643 * otherwise we just shortcircuit this and continue with
1644 * the new socket..
1645 */
1646 if(nsk != sk) {
1647 if (tcp_child_process(sk, nsk, skb))
1648 goto reset;
1649 if (opt_skb)
1650 __kfree_skb(opt_skb);
1651 return 0;
1652 }
1653 } else
1654 sock_rps_save_rxhash(sk, skb->rxhash);
1655
1656 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1657 goto reset;
1658 if (opt_skb)
1659 goto ipv6_pktoptions;
1660 return 0;
1661
1662 reset:
1663 tcp_v6_send_reset(sk, skb);
1664 discard:
1665 if (opt_skb)
1666 __kfree_skb(opt_skb);
1667 kfree_skb(skb);
1668 return 0;
1669 csum_err:
1670 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1671 goto discard;
1672
1673
1674 ipv6_pktoptions:
1675 /* Do you ask, what is it?
1676
1677 1. skb was enqueued by tcp.
1678 2. skb is added to tail of read queue, rather than out of order.
1679 3. socket is not in passive state.
1680 4. Finally, it really contains options, which user wants to receive.
1681 */
1682 tp = tcp_sk(sk);
1683 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1684 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1685 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1686 np->mcast_oif = inet6_iif(opt_skb);
1687 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1688 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1689 if (ipv6_opt_accepted(sk, opt_skb)) {
1690 skb_set_owner_r(opt_skb, sk);
1691 opt_skb = xchg(&np->pktoptions, opt_skb);
1692 } else {
1693 __kfree_skb(opt_skb);
1694 opt_skb = xchg(&np->pktoptions, NULL);
1695 }
1696 }
1697
1698 kfree_skb(opt_skb);
1699 return 0;
1700 }
1701
tcp_v6_rcv(struct sk_buff * skb)1702 static int tcp_v6_rcv(struct sk_buff *skb)
1703 {
1704 struct tcphdr *th;
1705 struct ipv6hdr *hdr;
1706 struct sock *sk;
1707 int ret;
1708 struct net *net = dev_net(skb->dev);
1709
1710 if (skb->pkt_type != PACKET_HOST)
1711 goto discard_it;
1712
1713 /*
1714 * Count it even if it's bad.
1715 */
1716 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1717
1718 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1719 goto discard_it;
1720
1721 th = tcp_hdr(skb);
1722
1723 if (th->doff < sizeof(struct tcphdr)/4)
1724 goto bad_packet;
1725 if (!pskb_may_pull(skb, th->doff*4))
1726 goto discard_it;
1727
1728 if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb))
1729 goto bad_packet;
1730
1731 th = tcp_hdr(skb);
1732 hdr = ipv6_hdr(skb);
1733 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1734 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1735 skb->len - th->doff*4);
1736 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1737 TCP_SKB_CB(skb)->when = 0;
1738 TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(hdr);
1739 TCP_SKB_CB(skb)->sacked = 0;
1740
1741 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
1742 if (!sk)
1743 goto no_tcp_socket;
1744
1745 process:
1746 if (sk->sk_state == TCP_TIME_WAIT)
1747 goto do_time_wait;
1748
1749 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
1750 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
1751 goto discard_and_relse;
1752 }
1753
1754 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1755 goto discard_and_relse;
1756
1757 if (sk_filter(sk, skb))
1758 goto discard_and_relse;
1759
1760 skb->dev = NULL;
1761
1762 bh_lock_sock_nested(sk);
1763 ret = 0;
1764 if (!sock_owned_by_user(sk)) {
1765 #ifdef CONFIG_NET_DMA
1766 struct tcp_sock *tp = tcp_sk(sk);
1767 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1768 tp->ucopy.dma_chan = dma_find_channel(DMA_MEMCPY);
1769 if (tp->ucopy.dma_chan)
1770 ret = tcp_v6_do_rcv(sk, skb);
1771 else
1772 #endif
1773 {
1774 if (!tcp_prequeue(sk, skb))
1775 ret = tcp_v6_do_rcv(sk, skb);
1776 }
1777 } else if (unlikely(sk_add_backlog(sk, skb))) {
1778 bh_unlock_sock(sk);
1779 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP);
1780 goto discard_and_relse;
1781 }
1782 bh_unlock_sock(sk);
1783
1784 sock_put(sk);
1785 return ret ? -1 : 0;
1786
1787 no_tcp_socket:
1788 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1789 goto discard_it;
1790
1791 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1792 bad_packet:
1793 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1794 } else {
1795 tcp_v6_send_reset(NULL, skb);
1796 }
1797
1798 discard_it:
1799
1800 /*
1801 * Discard frame
1802 */
1803
1804 kfree_skb(skb);
1805 return 0;
1806
1807 discard_and_relse:
1808 sock_put(sk);
1809 goto discard_it;
1810
1811 do_time_wait:
1812 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1813 inet_twsk_put(inet_twsk(sk));
1814 goto discard_it;
1815 }
1816
1817 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1818 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1819 inet_twsk_put(inet_twsk(sk));
1820 goto discard_it;
1821 }
1822
1823 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1824 case TCP_TW_SYN:
1825 {
1826 struct sock *sk2;
1827
1828 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1829 &ipv6_hdr(skb)->daddr,
1830 ntohs(th->dest), inet6_iif(skb));
1831 if (sk2 != NULL) {
1832 struct inet_timewait_sock *tw = inet_twsk(sk);
1833 inet_twsk_deschedule(tw, &tcp_death_row);
1834 inet_twsk_put(tw);
1835 sk = sk2;
1836 goto process;
1837 }
1838 /* Fall through to ACK */
1839 }
1840 case TCP_TW_ACK:
1841 tcp_v6_timewait_ack(sk, skb);
1842 break;
1843 case TCP_TW_RST:
1844 goto no_tcp_socket;
1845 case TCP_TW_SUCCESS:;
1846 }
1847 goto discard_it;
1848 }
1849
tcp_v6_get_peer(struct sock * sk,bool * release_it)1850 static struct inet_peer *tcp_v6_get_peer(struct sock *sk, bool *release_it)
1851 {
1852 struct rt6_info *rt = (struct rt6_info *) __sk_dst_get(sk);
1853 struct ipv6_pinfo *np = inet6_sk(sk);
1854 struct inet_peer *peer;
1855
1856 if (!rt ||
1857 !ipv6_addr_equal(&np->daddr, &rt->rt6i_dst.addr)) {
1858 peer = inet_getpeer_v6(&np->daddr, 1);
1859 *release_it = true;
1860 } else {
1861 if (!rt->rt6i_peer)
1862 rt6_bind_peer(rt, 1);
1863 peer = rt->rt6i_peer;
1864 *release_it = false;
1865 }
1866
1867 return peer;
1868 }
1869
tcp_v6_tw_get_peer(struct sock * sk)1870 static void *tcp_v6_tw_get_peer(struct sock *sk)
1871 {
1872 struct inet6_timewait_sock *tw6 = inet6_twsk(sk);
1873 struct inet_timewait_sock *tw = inet_twsk(sk);
1874
1875 if (tw->tw_family == AF_INET)
1876 return tcp_v4_tw_get_peer(sk);
1877
1878 return inet_getpeer_v6(&tw6->tw_v6_daddr, 1);
1879 }
1880
1881 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1882 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
1883 .twsk_unique = tcp_twsk_unique,
1884 .twsk_destructor= tcp_twsk_destructor,
1885 .twsk_getpeer = tcp_v6_tw_get_peer,
1886 };
1887
1888 static const struct inet_connection_sock_af_ops ipv6_specific = {
1889 .queue_xmit = inet6_csk_xmit,
1890 .send_check = tcp_v6_send_check,
1891 .rebuild_header = inet6_sk_rebuild_header,
1892 .conn_request = tcp_v6_conn_request,
1893 .syn_recv_sock = tcp_v6_syn_recv_sock,
1894 .get_peer = tcp_v6_get_peer,
1895 .net_header_len = sizeof(struct ipv6hdr),
1896 .setsockopt = ipv6_setsockopt,
1897 .getsockopt = ipv6_getsockopt,
1898 .addr2sockaddr = inet6_csk_addr2sockaddr,
1899 .sockaddr_len = sizeof(struct sockaddr_in6),
1900 .bind_conflict = inet6_csk_bind_conflict,
1901 #ifdef CONFIG_COMPAT
1902 .compat_setsockopt = compat_ipv6_setsockopt,
1903 .compat_getsockopt = compat_ipv6_getsockopt,
1904 #endif
1905 };
1906
1907 #ifdef CONFIG_TCP_MD5SIG
1908 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1909 .md5_lookup = tcp_v6_md5_lookup,
1910 .calc_md5_hash = tcp_v6_md5_hash_skb,
1911 .md5_add = tcp_v6_md5_add_func,
1912 .md5_parse = tcp_v6_parse_md5_keys,
1913 };
1914 #endif
1915
1916 /*
1917 * TCP over IPv4 via INET6 API
1918 */
1919
1920 static const struct inet_connection_sock_af_ops ipv6_mapped = {
1921 .queue_xmit = ip_queue_xmit,
1922 .send_check = tcp_v4_send_check,
1923 .rebuild_header = inet_sk_rebuild_header,
1924 .conn_request = tcp_v6_conn_request,
1925 .syn_recv_sock = tcp_v6_syn_recv_sock,
1926 .get_peer = tcp_v4_get_peer,
1927 .net_header_len = sizeof(struct iphdr),
1928 .setsockopt = ipv6_setsockopt,
1929 .getsockopt = ipv6_getsockopt,
1930 .addr2sockaddr = inet6_csk_addr2sockaddr,
1931 .sockaddr_len = sizeof(struct sockaddr_in6),
1932 .bind_conflict = inet6_csk_bind_conflict,
1933 #ifdef CONFIG_COMPAT
1934 .compat_setsockopt = compat_ipv6_setsockopt,
1935 .compat_getsockopt = compat_ipv6_getsockopt,
1936 #endif
1937 };
1938
1939 #ifdef CONFIG_TCP_MD5SIG
1940 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1941 .md5_lookup = tcp_v4_md5_lookup,
1942 .calc_md5_hash = tcp_v4_md5_hash_skb,
1943 .md5_add = tcp_v6_md5_add_func,
1944 .md5_parse = tcp_v6_parse_md5_keys,
1945 };
1946 #endif
1947
1948 /* NOTE: A lot of things set to zero explicitly by call to
1949 * sk_alloc() so need not be done here.
1950 */
tcp_v6_init_sock(struct sock * sk)1951 static int tcp_v6_init_sock(struct sock *sk)
1952 {
1953 struct inet_connection_sock *icsk = inet_csk(sk);
1954 struct tcp_sock *tp = tcp_sk(sk);
1955
1956 skb_queue_head_init(&tp->out_of_order_queue);
1957 tcp_init_xmit_timers(sk);
1958 tcp_prequeue_init(tp);
1959
1960 icsk->icsk_rto = TCP_TIMEOUT_INIT;
1961 tp->mdev = TCP_TIMEOUT_INIT;
1962
1963 /* So many TCP implementations out there (incorrectly) count the
1964 * initial SYN frame in their delayed-ACK and congestion control
1965 * algorithms that we must have the following bandaid to talk
1966 * efficiently to them. -DaveM
1967 */
1968 tp->snd_cwnd = 2;
1969
1970 /* See draft-stevens-tcpca-spec-01 for discussion of the
1971 * initialization of these values.
1972 */
1973 tp->snd_ssthresh = TCP_INFINITE_SSTHRESH;
1974 tp->snd_cwnd_clamp = ~0;
1975 tp->mss_cache = TCP_MSS_DEFAULT;
1976
1977 tp->reordering = sysctl_tcp_reordering;
1978
1979 sk->sk_state = TCP_CLOSE;
1980
1981 icsk->icsk_af_ops = &ipv6_specific;
1982 icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1983 icsk->icsk_sync_mss = tcp_sync_mss;
1984 sk->sk_write_space = sk_stream_write_space;
1985 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1986
1987 #ifdef CONFIG_TCP_MD5SIG
1988 tp->af_specific = &tcp_sock_ipv6_specific;
1989 #endif
1990
1991 /* TCP Cookie Transactions */
1992 if (sysctl_tcp_cookie_size > 0) {
1993 /* Default, cookies without s_data_payload. */
1994 tp->cookie_values =
1995 kzalloc(sizeof(*tp->cookie_values),
1996 sk->sk_allocation);
1997 if (tp->cookie_values != NULL)
1998 kref_init(&tp->cookie_values->kref);
1999 }
2000 /* Presumed zeroed, in order of appearance:
2001 * cookie_in_always, cookie_out_never,
2002 * s_data_constant, s_data_in, s_data_out
2003 */
2004 sk->sk_sndbuf = sysctl_tcp_wmem[1];
2005 sk->sk_rcvbuf = sysctl_tcp_rmem[1];
2006
2007 local_bh_disable();
2008 percpu_counter_inc(&tcp_sockets_allocated);
2009 local_bh_enable();
2010
2011 return 0;
2012 }
2013
tcp_v6_destroy_sock(struct sock * sk)2014 static void tcp_v6_destroy_sock(struct sock *sk)
2015 {
2016 #ifdef CONFIG_TCP_MD5SIG
2017 /* Clean up the MD5 key list */
2018 if (tcp_sk(sk)->md5sig_info)
2019 tcp_v6_clear_md5_list(sk);
2020 #endif
2021 tcp_v4_destroy_sock(sk);
2022 inet6_destroy_sock(sk);
2023 }
2024
2025 #ifdef CONFIG_PROC_FS
2026 /* Proc filesystem TCPv6 sock list dumping. */
get_openreq6(struct seq_file * seq,struct sock * sk,struct request_sock * req,int i,int uid)2027 static void get_openreq6(struct seq_file *seq,
2028 struct sock *sk, struct request_sock *req, int i, int uid)
2029 {
2030 int ttd = req->expires - jiffies;
2031 struct in6_addr *src = &inet6_rsk(req)->loc_addr;
2032 struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
2033
2034 if (ttd < 0)
2035 ttd = 0;
2036
2037 seq_printf(seq,
2038 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2039 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
2040 i,
2041 src->s6_addr32[0], src->s6_addr32[1],
2042 src->s6_addr32[2], src->s6_addr32[3],
2043 ntohs(inet_rsk(req)->loc_port),
2044 dest->s6_addr32[0], dest->s6_addr32[1],
2045 dest->s6_addr32[2], dest->s6_addr32[3],
2046 ntohs(inet_rsk(req)->rmt_port),
2047 TCP_SYN_RECV,
2048 0,0, /* could print option size, but that is af dependent. */
2049 1, /* timers active (only the expire timer) */
2050 jiffies_to_clock_t(ttd),
2051 req->retrans,
2052 uid,
2053 0, /* non standard timer */
2054 0, /* open_requests have no inode */
2055 0, req);
2056 }
2057
get_tcp6_sock(struct seq_file * seq,struct sock * sp,int i)2058 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
2059 {
2060 struct in6_addr *dest, *src;
2061 __u16 destp, srcp;
2062 int timer_active;
2063 unsigned long timer_expires;
2064 struct inet_sock *inet = inet_sk(sp);
2065 struct tcp_sock *tp = tcp_sk(sp);
2066 const struct inet_connection_sock *icsk = inet_csk(sp);
2067 struct ipv6_pinfo *np = inet6_sk(sp);
2068
2069 dest = &np->daddr;
2070 src = &np->rcv_saddr;
2071 destp = ntohs(inet->inet_dport);
2072 srcp = ntohs(inet->inet_sport);
2073
2074 if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
2075 timer_active = 1;
2076 timer_expires = icsk->icsk_timeout;
2077 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2078 timer_active = 4;
2079 timer_expires = icsk->icsk_timeout;
2080 } else if (timer_pending(&sp->sk_timer)) {
2081 timer_active = 2;
2082 timer_expires = sp->sk_timer.expires;
2083 } else {
2084 timer_active = 0;
2085 timer_expires = jiffies;
2086 }
2087
2088 seq_printf(seq,
2089 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2090 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %lu %lu %u %u %d\n",
2091 i,
2092 src->s6_addr32[0], src->s6_addr32[1],
2093 src->s6_addr32[2], src->s6_addr32[3], srcp,
2094 dest->s6_addr32[0], dest->s6_addr32[1],
2095 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2096 sp->sk_state,
2097 tp->write_seq-tp->snd_una,
2098 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
2099 timer_active,
2100 jiffies_to_clock_t(timer_expires - jiffies),
2101 icsk->icsk_retransmits,
2102 sock_i_uid(sp),
2103 icsk->icsk_probes_out,
2104 sock_i_ino(sp),
2105 atomic_read(&sp->sk_refcnt), sp,
2106 jiffies_to_clock_t(icsk->icsk_rto),
2107 jiffies_to_clock_t(icsk->icsk_ack.ato),
2108 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
2109 tp->snd_cwnd,
2110 tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh
2111 );
2112 }
2113
get_timewait6_sock(struct seq_file * seq,struct inet_timewait_sock * tw,int i)2114 static void get_timewait6_sock(struct seq_file *seq,
2115 struct inet_timewait_sock *tw, int i)
2116 {
2117 struct in6_addr *dest, *src;
2118 __u16 destp, srcp;
2119 struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
2120 int ttd = tw->tw_ttd - jiffies;
2121
2122 if (ttd < 0)
2123 ttd = 0;
2124
2125 dest = &tw6->tw_v6_daddr;
2126 src = &tw6->tw_v6_rcv_saddr;
2127 destp = ntohs(tw->tw_dport);
2128 srcp = ntohs(tw->tw_sport);
2129
2130 seq_printf(seq,
2131 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2132 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
2133 i,
2134 src->s6_addr32[0], src->s6_addr32[1],
2135 src->s6_addr32[2], src->s6_addr32[3], srcp,
2136 dest->s6_addr32[0], dest->s6_addr32[1],
2137 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2138 tw->tw_substate, 0, 0,
2139 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2140 atomic_read(&tw->tw_refcnt), tw);
2141 }
2142
tcp6_seq_show(struct seq_file * seq,void * v)2143 static int tcp6_seq_show(struct seq_file *seq, void *v)
2144 {
2145 struct tcp_iter_state *st;
2146
2147 if (v == SEQ_START_TOKEN) {
2148 seq_puts(seq,
2149 " sl "
2150 "local_address "
2151 "remote_address "
2152 "st tx_queue rx_queue tr tm->when retrnsmt"
2153 " uid timeout inode\n");
2154 goto out;
2155 }
2156 st = seq->private;
2157
2158 switch (st->state) {
2159 case TCP_SEQ_STATE_LISTENING:
2160 case TCP_SEQ_STATE_ESTABLISHED:
2161 get_tcp6_sock(seq, v, st->num);
2162 break;
2163 case TCP_SEQ_STATE_OPENREQ:
2164 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
2165 break;
2166 case TCP_SEQ_STATE_TIME_WAIT:
2167 get_timewait6_sock(seq, v, st->num);
2168 break;
2169 }
2170 out:
2171 return 0;
2172 }
2173
2174 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2175 .name = "tcp6",
2176 .family = AF_INET6,
2177 .seq_fops = {
2178 .owner = THIS_MODULE,
2179 },
2180 .seq_ops = {
2181 .show = tcp6_seq_show,
2182 },
2183 };
2184
tcp6_proc_init(struct net * net)2185 int __net_init tcp6_proc_init(struct net *net)
2186 {
2187 return tcp_proc_register(net, &tcp6_seq_afinfo);
2188 }
2189
tcp6_proc_exit(struct net * net)2190 void tcp6_proc_exit(struct net *net)
2191 {
2192 tcp_proc_unregister(net, &tcp6_seq_afinfo);
2193 }
2194 #endif
2195
2196 struct proto tcpv6_prot = {
2197 .name = "TCPv6",
2198 .owner = THIS_MODULE,
2199 .close = tcp_close,
2200 .connect = tcp_v6_connect,
2201 .disconnect = tcp_disconnect,
2202 .accept = inet_csk_accept,
2203 .ioctl = tcp_ioctl,
2204 .init = tcp_v6_init_sock,
2205 .destroy = tcp_v6_destroy_sock,
2206 .shutdown = tcp_shutdown,
2207 .setsockopt = tcp_setsockopt,
2208 .getsockopt = tcp_getsockopt,
2209 .recvmsg = tcp_recvmsg,
2210 .sendmsg = tcp_sendmsg,
2211 .sendpage = tcp_sendpage,
2212 .backlog_rcv = tcp_v6_do_rcv,
2213 .hash = tcp_v6_hash,
2214 .unhash = inet_unhash,
2215 .get_port = inet_csk_get_port,
2216 .enter_memory_pressure = tcp_enter_memory_pressure,
2217 .sockets_allocated = &tcp_sockets_allocated,
2218 .memory_allocated = &tcp_memory_allocated,
2219 .memory_pressure = &tcp_memory_pressure,
2220 .orphan_count = &tcp_orphan_count,
2221 .sysctl_mem = sysctl_tcp_mem,
2222 .sysctl_wmem = sysctl_tcp_wmem,
2223 .sysctl_rmem = sysctl_tcp_rmem,
2224 .max_header = MAX_TCP_HEADER,
2225 .obj_size = sizeof(struct tcp6_sock),
2226 .slab_flags = SLAB_DESTROY_BY_RCU,
2227 .twsk_prot = &tcp6_timewait_sock_ops,
2228 .rsk_prot = &tcp6_request_sock_ops,
2229 .h.hashinfo = &tcp_hashinfo,
2230 .no_autobind = true,
2231 #ifdef CONFIG_COMPAT
2232 .compat_setsockopt = compat_tcp_setsockopt,
2233 .compat_getsockopt = compat_tcp_getsockopt,
2234 #endif
2235 };
2236
2237 static const struct inet6_protocol tcpv6_protocol = {
2238 .handler = tcp_v6_rcv,
2239 .err_handler = tcp_v6_err,
2240 .gso_send_check = tcp_v6_gso_send_check,
2241 .gso_segment = tcp_tso_segment,
2242 .gro_receive = tcp6_gro_receive,
2243 .gro_complete = tcp6_gro_complete,
2244 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2245 };
2246
2247 static struct inet_protosw tcpv6_protosw = {
2248 .type = SOCK_STREAM,
2249 .protocol = IPPROTO_TCP,
2250 .prot = &tcpv6_prot,
2251 .ops = &inet6_stream_ops,
2252 .no_check = 0,
2253 .flags = INET_PROTOSW_PERMANENT |
2254 INET_PROTOSW_ICSK,
2255 };
2256
tcpv6_net_init(struct net * net)2257 static int __net_init tcpv6_net_init(struct net *net)
2258 {
2259 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2260 SOCK_RAW, IPPROTO_TCP, net);
2261 }
2262
tcpv6_net_exit(struct net * net)2263 static void __net_exit tcpv6_net_exit(struct net *net)
2264 {
2265 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
2266 }
2267
tcpv6_net_exit_batch(struct list_head * net_exit_list)2268 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
2269 {
2270 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET6);
2271 }
2272
2273 static struct pernet_operations tcpv6_net_ops = {
2274 .init = tcpv6_net_init,
2275 .exit = tcpv6_net_exit,
2276 .exit_batch = tcpv6_net_exit_batch,
2277 };
2278
tcpv6_init(void)2279 int __init tcpv6_init(void)
2280 {
2281 int ret;
2282
2283 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2284 if (ret)
2285 goto out;
2286
2287 /* register inet6 protocol */
2288 ret = inet6_register_protosw(&tcpv6_protosw);
2289 if (ret)
2290 goto out_tcpv6_protocol;
2291
2292 ret = register_pernet_subsys(&tcpv6_net_ops);
2293 if (ret)
2294 goto out_tcpv6_protosw;
2295 out:
2296 return ret;
2297
2298 out_tcpv6_protocol:
2299 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2300 out_tcpv6_protosw:
2301 inet6_unregister_protosw(&tcpv6_protosw);
2302 goto out;
2303 }
2304
tcpv6_exit(void)2305 void tcpv6_exit(void)
2306 {
2307 unregister_pernet_subsys(&tcpv6_net_ops);
2308 inet6_unregister_protosw(&tcpv6_protosw);
2309 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2310 }
2311