1/* 2 * TCP over IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * $Id: tcp_ipv6.c,v 1.1.1.1 2007/08/03 18:53:52 Exp $ 9 * 10 * Based on: 11 * linux/net/ipv4/tcp.c 12 * linux/net/ipv4/tcp_input.c 13 * linux/net/ipv4/tcp_output.c 14 * 15 * Fixes: 16 * Hideaki YOSHIFUJI : sin6_scope_id support 17 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which 18 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind 19 * a single port at the same time. 20 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file. 21 * 22 * This program is free software; you can redistribute it and/or 23 * modify it under the terms of the GNU General Public License 24 * as published by the Free Software Foundation; either version 25 * 2 of the License, or (at your option) any later version. 26 */ 27 28#include <linux/module.h> 29#include <linux/errno.h> 30#include <linux/types.h> 31#include <linux/socket.h> 32#include <linux/sockios.h> 33#include <linux/net.h> 34#include <linux/jiffies.h> 35#include <linux/in.h> 36#include <linux/in6.h> 37#include <linux/netdevice.h> 38#include <linux/init.h> 39#include <linux/jhash.h> 40#include <linux/ipsec.h> 41#include <linux/times.h> 42 43#include <linux/ipv6.h> 44#include <linux/icmpv6.h> 45#include <linux/random.h> 46 47#include <net/tcp.h> 48#include <net/ndisc.h> 49#include <net/inet6_hashtables.h> 50#include <net/inet6_connection_sock.h> 51#include <net/ipv6.h> 52#include <net/transp_v6.h> 53#include <net/addrconf.h> 54#include <net/ip6_route.h> 55#include <net/ip6_checksum.h> 56#include <net/inet_ecn.h> 57#include <net/protocol.h> 58#include <net/xfrm.h> 59#include <net/addrconf.h> 60#include <net/snmp.h> 61#include <net/dsfield.h> 62#include <net/timewait_sock.h> 63 64#include <asm/uaccess.h> 65 66#include <linux/proc_fs.h> 67#include <linux/seq_file.h> 68 69#include <linux/crypto.h> 70#include <linux/scatterlist.h> 71 72/* Socket used for sending RSTs and ACKs */ 73static struct socket *tcp6_socket; 74 75static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb); 76static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req); 77static void tcp_v6_send_check(struct sock *sk, int len, 78 struct sk_buff *skb); 79 80static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb); 81 82static struct inet_connection_sock_af_ops ipv6_mapped; 83static struct inet_connection_sock_af_ops ipv6_specific; 84#ifdef CONFIG_TCP_MD5SIG 85static struct tcp_sock_af_ops tcp_sock_ipv6_specific; 86static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific; 87#endif 88 89static int tcp_v6_get_port(struct sock *sk, unsigned short snum) 90{ 91 return inet_csk_get_port(&tcp_hashinfo, sk, snum, 92 inet6_csk_bind_conflict); 93} 94 95static void tcp_v6_hash(struct sock *sk) 96{ 97 if (sk->sk_state != TCP_CLOSE) { 98 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) { 99 tcp_prot.hash(sk); 100 return; 101 } 102 local_bh_disable(); 103 __inet6_hash(&tcp_hashinfo, sk); 104 local_bh_enable(); 105 } 106} 107 108static __inline__ __sum16 tcp_v6_check(struct tcphdr *th, int len, 109 struct in6_addr *saddr, 110 struct in6_addr *daddr, 111 __wsum base) 112{ 113 return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base); 114} 115 116static __u32 tcp_v6_init_sequence(struct sk_buff *skb) 117{ 118 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32, 119 ipv6_hdr(skb)->saddr.s6_addr32, 120 tcp_hdr(skb)->dest, 121 tcp_hdr(skb)->source); 122} 123 124static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 125 int addr_len) 126{ 127 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; 128 struct inet_sock *inet = inet_sk(sk); 129 struct inet_connection_sock *icsk = inet_csk(sk); 130 struct ipv6_pinfo *np = inet6_sk(sk); 131 struct tcp_sock *tp = tcp_sk(sk); 132 struct in6_addr *saddr = NULL, *final_p = NULL, final; 133 struct flowi fl; 134 struct dst_entry *dst; 135 int addr_type; 136 int err; 137 138 if (addr_len < SIN6_LEN_RFC2133) 139 return -EINVAL; 140 141 if (usin->sin6_family != AF_INET6) 142 return(-EAFNOSUPPORT); 143 144 memset(&fl, 0, sizeof(fl)); 145 146 if (np->sndflow) { 147 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK; 148 IP6_ECN_flow_init(fl.fl6_flowlabel); 149 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) { 150 struct ip6_flowlabel *flowlabel; 151 flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel); 152 if (flowlabel == NULL) 153 return -EINVAL; 154 ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst); 155 fl6_sock_release(flowlabel); 156 } 157 } 158 159 /* 160 * connect() to INADDR_ANY means loopback (BSD'ism). 161 */ 162 163 if(ipv6_addr_any(&usin->sin6_addr)) 164 usin->sin6_addr.s6_addr[15] = 0x1; 165 166 addr_type = ipv6_addr_type(&usin->sin6_addr); 167 168 if(addr_type & IPV6_ADDR_MULTICAST) 169 return -ENETUNREACH; 170 171 if (addr_type&IPV6_ADDR_LINKLOCAL) { 172 if (addr_len >= sizeof(struct sockaddr_in6) && 173 usin->sin6_scope_id) { 174 /* If interface is set while binding, indices 175 * must coincide. 176 */ 177 if (sk->sk_bound_dev_if && 178 sk->sk_bound_dev_if != usin->sin6_scope_id) 179 return -EINVAL; 180 181 sk->sk_bound_dev_if = usin->sin6_scope_id; 182 } 183 184 /* Connect to link-local address requires an interface */ 185 if (!sk->sk_bound_dev_if) 186 return -EINVAL; 187 } 188 189 if (tp->rx_opt.ts_recent_stamp && 190 !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) { 191 tp->rx_opt.ts_recent = 0; 192 tp->rx_opt.ts_recent_stamp = 0; 193 tp->write_seq = 0; 194 } 195 196 ipv6_addr_copy(&np->daddr, &usin->sin6_addr); 197 np->flow_label = fl.fl6_flowlabel; 198 199 /* 200 * TCP over IPv4 201 */ 202 203 if (addr_type == IPV6_ADDR_MAPPED) { 204 u32 exthdrlen = icsk->icsk_ext_hdr_len; 205 struct sockaddr_in sin; 206 207 SOCK_DEBUG(sk, "connect: ipv4 mapped\n"); 208 209 if (__ipv6_only_sock(sk)) 210 return -ENETUNREACH; 211 212 sin.sin_family = AF_INET; 213 sin.sin_port = usin->sin6_port; 214 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3]; 215 216 icsk->icsk_af_ops = &ipv6_mapped; 217 sk->sk_backlog_rcv = tcp_v4_do_rcv; 218#ifdef CONFIG_TCP_MD5SIG 219 tp->af_specific = &tcp_sock_ipv6_mapped_specific; 220#endif 221 222 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin)); 223 224 if (err) { 225 icsk->icsk_ext_hdr_len = exthdrlen; 226 icsk->icsk_af_ops = &ipv6_specific; 227 sk->sk_backlog_rcv = tcp_v6_do_rcv; 228#ifdef CONFIG_TCP_MD5SIG 229 tp->af_specific = &tcp_sock_ipv6_specific; 230#endif 231 goto failure; 232 } else { 233 ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF), 234 inet->saddr); 235 ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF), 236 inet->rcv_saddr); 237 } 238 239 return err; 240 } 241 242 if (!ipv6_addr_any(&np->rcv_saddr)) 243 saddr = &np->rcv_saddr; 244 245 fl.proto = IPPROTO_TCP; 246 ipv6_addr_copy(&fl.fl6_dst, &np->daddr); 247 ipv6_addr_copy(&fl.fl6_src, 248 (saddr ? saddr : &np->saddr)); 249 fl.oif = sk->sk_bound_dev_if; 250 fl.fl_ip_dport = usin->sin6_port; 251 fl.fl_ip_sport = inet->sport; 252 253 if (np->opt && np->opt->srcrt) { 254 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt; 255 ipv6_addr_copy(&final, &fl.fl6_dst); 256 ipv6_addr_copy(&fl.fl6_dst, rt0->addr); 257 final_p = &final; 258 } 259 260 security_sk_classify_flow(sk, &fl); 261 262 err = ip6_dst_lookup(sk, &dst, &fl); 263 if (err) 264 goto failure; 265 if (final_p) 266 ipv6_addr_copy(&fl.fl6_dst, final_p); 267 268 if ((err = __xfrm_lookup(&dst, &fl, sk, 1)) < 0) { 269 if (err == -EREMOTE) 270 err = ip6_dst_blackhole(sk, &dst, &fl); 271 if (err < 0) 272 goto failure; 273 } 274 275 if (saddr == NULL) { 276 saddr = &fl.fl6_src; 277 ipv6_addr_copy(&np->rcv_saddr, saddr); 278 } 279 280 /* set the source address */ 281 ipv6_addr_copy(&np->saddr, saddr); 282 inet->rcv_saddr = LOOPBACK4_IPV6; 283 284 sk->sk_gso_type = SKB_GSO_TCPV6; 285 __ip6_dst_store(sk, dst, NULL, NULL); 286 287 icsk->icsk_ext_hdr_len = 0; 288 if (np->opt) 289 icsk->icsk_ext_hdr_len = (np->opt->opt_flen + 290 np->opt->opt_nflen); 291 292 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 293 294 inet->dport = usin->sin6_port; 295 296 tcp_set_state(sk, TCP_SYN_SENT); 297 err = inet6_hash_connect(&tcp_death_row, sk); 298 if (err) 299 goto late_failure; 300 301 if (!tp->write_seq) 302 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32, 303 np->daddr.s6_addr32, 304 inet->sport, 305 inet->dport); 306 307 err = tcp_connect(sk); 308 if (err) 309 goto late_failure; 310 311 return 0; 312 313late_failure: 314 tcp_set_state(sk, TCP_CLOSE); 315 __sk_dst_reset(sk); 316failure: 317 inet->dport = 0; 318 sk->sk_route_caps = 0; 319 return err; 320} 321 322static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 323 int type, int code, int offset, __be32 info) 324{ 325 struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data; 326 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset); 327 struct ipv6_pinfo *np; 328 struct sock *sk; 329 int err; 330 struct tcp_sock *tp; 331 __u32 seq; 332 333 sk = inet6_lookup(&tcp_hashinfo, &hdr->daddr, th->dest, &hdr->saddr, 334 th->source, skb->dev->ifindex); 335 336 if (sk == NULL) { 337 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS); 338 return; 339 } 340 341 if (sk->sk_state == TCP_TIME_WAIT) { 342 inet_twsk_put(inet_twsk(sk)); 343 return; 344 } 345 346 bh_lock_sock(sk); 347 if (sock_owned_by_user(sk)) 348 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS); 349 350 if (sk->sk_state == TCP_CLOSE) 351 goto out; 352 353 tp = tcp_sk(sk); 354 seq = ntohl(th->seq); 355 if (sk->sk_state != TCP_LISTEN && 356 !between(seq, tp->snd_una, tp->snd_nxt)) { 357 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS); 358 goto out; 359 } 360 361 np = inet6_sk(sk); 362 363 if (type == ICMPV6_PKT_TOOBIG) { 364 struct dst_entry *dst = NULL; 365 366 if (sock_owned_by_user(sk)) 367 goto out; 368 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) 369 goto out; 370 371 /* icmp should have updated the destination cache entry */ 372 dst = __sk_dst_check(sk, np->dst_cookie); 373 374 if (dst == NULL) { 375 struct inet_sock *inet = inet_sk(sk); 376 struct flowi fl; 377 378 /* BUGGG_FUTURE: Again, it is not clear how 379 to handle rthdr case. Ignore this complexity 380 for now. 381 */ 382 memset(&fl, 0, sizeof(fl)); 383 fl.proto = IPPROTO_TCP; 384 ipv6_addr_copy(&fl.fl6_dst, &np->daddr); 385 ipv6_addr_copy(&fl.fl6_src, &np->saddr); 386 fl.oif = sk->sk_bound_dev_if; 387 fl.fl_ip_dport = inet->dport; 388 fl.fl_ip_sport = inet->sport; 389 security_skb_classify_flow(skb, &fl); 390 391 if ((err = ip6_dst_lookup(sk, &dst, &fl))) { 392 sk->sk_err_soft = -err; 393 goto out; 394 } 395 396 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) { 397 sk->sk_err_soft = -err; 398 goto out; 399 } 400 401 } else 402 dst_hold(dst); 403 404 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) { 405 tcp_sync_mss(sk, dst_mtu(dst)); 406 tcp_simple_retransmit(sk); 407 } /* else let the usual retransmit timer handle it */ 408 dst_release(dst); 409 goto out; 410 } 411 412 icmpv6_err_convert(type, code, &err); 413 414 /* Might be for an request_sock */ 415 switch (sk->sk_state) { 416 struct request_sock *req, **prev; 417 case TCP_LISTEN: 418 if (sock_owned_by_user(sk)) 419 goto out; 420 421 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr, 422 &hdr->saddr, inet6_iif(skb)); 423 if (!req) 424 goto out; 425 426 /* ICMPs are not backlogged, hence we cannot get 427 * an established socket here. 428 */ 429 BUG_TRAP(req->sk == NULL); 430 431 if (seq != tcp_rsk(req)->snt_isn) { 432 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS); 433 goto out; 434 } 435 436 inet_csk_reqsk_queue_drop(sk, req, prev); 437 goto out; 438 439 case TCP_SYN_SENT: 440 case TCP_SYN_RECV: /* Cannot happen. 441 It can, it SYNs are crossed. --ANK */ 442 if (!sock_owned_by_user(sk)) { 443 sk->sk_err = err; 444 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */ 445 446 tcp_done(sk); 447 } else 448 sk->sk_err_soft = err; 449 goto out; 450 } 451 452 if (!sock_owned_by_user(sk) && np->recverr) { 453 sk->sk_err = err; 454 sk->sk_error_report(sk); 455 } else 456 sk->sk_err_soft = err; 457 458out: 459 bh_unlock_sock(sk); 460 sock_put(sk); 461} 462 463 464static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req, 465 struct dst_entry *dst) 466{ 467 struct inet6_request_sock *treq = inet6_rsk(req); 468 struct ipv6_pinfo *np = inet6_sk(sk); 469 struct sk_buff * skb; 470 struct ipv6_txoptions *opt = NULL; 471 struct in6_addr * final_p = NULL, final; 472 struct flowi fl; 473 int err = -1; 474 475 memset(&fl, 0, sizeof(fl)); 476 fl.proto = IPPROTO_TCP; 477 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr); 478 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr); 479 fl.fl6_flowlabel = 0; 480 fl.oif = treq->iif; 481 fl.fl_ip_dport = inet_rsk(req)->rmt_port; 482 fl.fl_ip_sport = inet_sk(sk)->sport; 483 security_req_classify_flow(req, &fl); 484 485 if (dst == NULL) { 486 opt = np->opt; 487 if (opt == NULL && 488 np->rxopt.bits.osrcrt == 2 && 489 treq->pktopts) { 490 struct sk_buff *pktopts = treq->pktopts; 491 struct inet6_skb_parm *rxopt = IP6CB(pktopts); 492 if (rxopt->srcrt) 493 opt = ipv6_invert_rthdr(sk, 494 (struct ipv6_rt_hdr *)(skb_network_header(pktopts) + 495 rxopt->srcrt)); 496 } 497 498 if (opt && opt->srcrt) { 499 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt; 500 ipv6_addr_copy(&final, &fl.fl6_dst); 501 ipv6_addr_copy(&fl.fl6_dst, rt0->addr); 502 final_p = &final; 503 } 504 505 err = ip6_dst_lookup(sk, &dst, &fl); 506 if (err) 507 goto done; 508 if (final_p) 509 ipv6_addr_copy(&fl.fl6_dst, final_p); 510 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) 511 goto done; 512 } 513 514 skb = tcp_make_synack(sk, dst, req); 515 if (skb) { 516 struct tcphdr *th = tcp_hdr(skb); 517 518 th->check = tcp_v6_check(th, skb->len, 519 &treq->loc_addr, &treq->rmt_addr, 520 csum_partial((char *)th, skb->len, skb->csum)); 521 522 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr); 523 err = ip6_xmit(sk, skb, &fl, opt, 0); 524 err = net_xmit_eval(err); 525 } 526 527done: 528 if (opt && opt != np->opt) 529 sock_kfree_s(sk, opt, opt->tot_len); 530 dst_release(dst); 531 return err; 532} 533 534static void tcp_v6_reqsk_destructor(struct request_sock *req) 535{ 536 if (inet6_rsk(req)->pktopts) 537 kfree_skb(inet6_rsk(req)->pktopts); 538} 539 540#ifdef CONFIG_TCP_MD5SIG 541static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, 542 struct in6_addr *addr) 543{ 544 struct tcp_sock *tp = tcp_sk(sk); 545 int i; 546 547 BUG_ON(tp == NULL); 548 549 if (!tp->md5sig_info || !tp->md5sig_info->entries6) 550 return NULL; 551 552 for (i = 0; i < tp->md5sig_info->entries6; i++) { 553 if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, addr) == 0) 554 return (struct tcp_md5sig_key *)&tp->md5sig_info->keys6[i]; 555 } 556 return NULL; 557} 558 559static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk, 560 struct sock *addr_sk) 561{ 562 return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr); 563} 564 565static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk, 566 struct request_sock *req) 567{ 568 return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr); 569} 570 571static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer, 572 char *newkey, u8 newkeylen) 573{ 574 /* Add key to the list */ 575 struct tcp6_md5sig_key *key; 576 struct tcp_sock *tp = tcp_sk(sk); 577 struct tcp6_md5sig_key *keys; 578 579 key = (struct tcp6_md5sig_key*) tcp_v6_md5_do_lookup(sk, peer); 580 if (key) { 581 /* modify existing entry - just update that one */ 582 kfree(key->key); 583 key->key = newkey; 584 key->keylen = newkeylen; 585 } else { 586 /* reallocate new list if current one is full. */ 587 if (!tp->md5sig_info) { 588 tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC); 589 if (!tp->md5sig_info) { 590 kfree(newkey); 591 return -ENOMEM; 592 } 593 sk->sk_route_caps &= ~NETIF_F_GSO_MASK; 594 } 595 tcp_alloc_md5sig_pool(); 596 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) { 597 keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) * 598 (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC); 599 600 if (!keys) { 601 tcp_free_md5sig_pool(); 602 kfree(newkey); 603 return -ENOMEM; 604 } 605 606 if (tp->md5sig_info->entries6) 607 memmove(keys, tp->md5sig_info->keys6, 608 (sizeof (tp->md5sig_info->keys6[0]) * 609 tp->md5sig_info->entries6)); 610 611 kfree(tp->md5sig_info->keys6); 612 tp->md5sig_info->keys6 = keys; 613 tp->md5sig_info->alloced6++; 614 } 615 616 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr, 617 peer); 618 tp->md5sig_info->keys6[tp->md5sig_info->entries6].key = newkey; 619 tp->md5sig_info->keys6[tp->md5sig_info->entries6].keylen = newkeylen; 620 621 tp->md5sig_info->entries6++; 622 } 623 return 0; 624} 625 626static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk, 627 u8 *newkey, __u8 newkeylen) 628{ 629 return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr, 630 newkey, newkeylen); 631} 632 633static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer) 634{ 635 struct tcp_sock *tp = tcp_sk(sk); 636 int i; 637 638 for (i = 0; i < tp->md5sig_info->entries6; i++) { 639 if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, peer) == 0) { 640 /* Free the key */ 641 kfree(tp->md5sig_info->keys6[i].key); 642 tp->md5sig_info->entries6--; 643 644 if (tp->md5sig_info->entries6 == 0) { 645 kfree(tp->md5sig_info->keys6); 646 tp->md5sig_info->keys6 = NULL; 647 648 tcp_free_md5sig_pool(); 649 650 return 0; 651 } else { 652 /* shrink the database */ 653 if (tp->md5sig_info->entries6 != i) 654 memmove(&tp->md5sig_info->keys6[i], 655 &tp->md5sig_info->keys6[i+1], 656 (tp->md5sig_info->entries6 - i) 657 * sizeof (tp->md5sig_info->keys6[0])); 658 } 659 } 660 } 661 return -ENOENT; 662} 663 664static void tcp_v6_clear_md5_list (struct sock *sk) 665{ 666 struct tcp_sock *tp = tcp_sk(sk); 667 int i; 668 669 if (tp->md5sig_info->entries6) { 670 for (i = 0; i < tp->md5sig_info->entries6; i++) 671 kfree(tp->md5sig_info->keys6[i].key); 672 tp->md5sig_info->entries6 = 0; 673 tcp_free_md5sig_pool(); 674 } 675 676 kfree(tp->md5sig_info->keys6); 677 tp->md5sig_info->keys6 = NULL; 678 tp->md5sig_info->alloced6 = 0; 679 680 if (tp->md5sig_info->entries4) { 681 for (i = 0; i < tp->md5sig_info->entries4; i++) 682 kfree(tp->md5sig_info->keys4[i].key); 683 tp->md5sig_info->entries4 = 0; 684 tcp_free_md5sig_pool(); 685 } 686 687 kfree(tp->md5sig_info->keys4); 688 tp->md5sig_info->keys4 = NULL; 689 tp->md5sig_info->alloced4 = 0; 690} 691 692static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval, 693 int optlen) 694{ 695 struct tcp_md5sig cmd; 696 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr; 697 u8 *newkey; 698 699 if (optlen < sizeof(cmd)) 700 return -EINVAL; 701 702 if (copy_from_user(&cmd, optval, sizeof(cmd))) 703 return -EFAULT; 704 705 if (sin6->sin6_family != AF_INET6) 706 return -EINVAL; 707 708 if (!cmd.tcpm_keylen) { 709 if (!tcp_sk(sk)->md5sig_info) 710 return -ENOENT; 711 if (ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_MAPPED) 712 return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]); 713 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr); 714 } 715 716 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN) 717 return -EINVAL; 718 719 if (!tcp_sk(sk)->md5sig_info) { 720 struct tcp_sock *tp = tcp_sk(sk); 721 struct tcp_md5sig_info *p; 722 723 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL); 724 if (!p) 725 return -ENOMEM; 726 727 tp->md5sig_info = p; 728 sk->sk_route_caps &= ~NETIF_F_GSO_MASK; 729 } 730 731 newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL); 732 if (!newkey) 733 return -ENOMEM; 734 if (ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_MAPPED) { 735 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3], 736 newkey, cmd.tcpm_keylen); 737 } 738 return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen); 739} 740 741static int tcp_v6_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key, 742 struct in6_addr *saddr, 743 struct in6_addr *daddr, 744 struct tcphdr *th, int protocol, 745 int tcplen) 746{ 747 struct scatterlist sg[4]; 748 __u16 data_len; 749 int block = 0; 750 __sum16 cksum; 751 struct tcp_md5sig_pool *hp; 752 struct tcp6_pseudohdr *bp; 753 struct hash_desc *desc; 754 int err; 755 unsigned int nbytes = 0; 756 757 hp = tcp_get_md5sig_pool(); 758 if (!hp) { 759 printk(KERN_WARNING "%s(): hash pool not found...\n", __FUNCTION__); 760 goto clear_hash_noput; 761 } 762 bp = &hp->md5_blk.ip6; 763 desc = &hp->md5_desc; 764 765 /* 1. TCP pseudo-header (RFC2460) */ 766 ipv6_addr_copy(&bp->saddr, saddr); 767 ipv6_addr_copy(&bp->daddr, daddr); 768 bp->len = htonl(tcplen); 769 bp->protocol = htonl(protocol); 770 771 sg_set_buf(&sg[block++], bp, sizeof(*bp)); 772 nbytes += sizeof(*bp); 773 774 /* 2. TCP header, excluding options */ 775 cksum = th->check; 776 th->check = 0; 777 sg_set_buf(&sg[block++], th, sizeof(*th)); 778 nbytes += sizeof(*th); 779 780 /* 3. TCP segment data (if any) */ 781 data_len = tcplen - (th->doff << 2); 782 if (data_len > 0) { 783 u8 *data = (u8 *)th + (th->doff << 2); 784 sg_set_buf(&sg[block++], data, data_len); 785 nbytes += data_len; 786 } 787 788 /* 4. shared key */ 789 sg_set_buf(&sg[block++], key->key, key->keylen); 790 nbytes += key->keylen; 791 792 /* Now store the hash into the packet */ 793 err = crypto_hash_init(desc); 794 if (err) { 795 printk(KERN_WARNING "%s(): hash_init failed\n", __FUNCTION__); 796 goto clear_hash; 797 } 798 err = crypto_hash_update(desc, sg, nbytes); 799 if (err) { 800 printk(KERN_WARNING "%s(): hash_update failed\n", __FUNCTION__); 801 goto clear_hash; 802 } 803 err = crypto_hash_final(desc, md5_hash); 804 if (err) { 805 printk(KERN_WARNING "%s(): hash_final failed\n", __FUNCTION__); 806 goto clear_hash; 807 } 808 809 /* Reset header, and free up the crypto */ 810 tcp_put_md5sig_pool(); 811 th->check = cksum; 812out: 813 return 0; 814clear_hash: 815 tcp_put_md5sig_pool(); 816clear_hash_noput: 817 memset(md5_hash, 0, 16); 818 goto out; 819} 820 821static int tcp_v6_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key, 822 struct sock *sk, 823 struct dst_entry *dst, 824 struct request_sock *req, 825 struct tcphdr *th, int protocol, 826 int tcplen) 827{ 828 struct in6_addr *saddr, *daddr; 829 830 if (sk) { 831 saddr = &inet6_sk(sk)->saddr; 832 daddr = &inet6_sk(sk)->daddr; 833 } else { 834 saddr = &inet6_rsk(req)->loc_addr; 835 daddr = &inet6_rsk(req)->rmt_addr; 836 } 837 return tcp_v6_do_calc_md5_hash(md5_hash, key, 838 saddr, daddr, 839 th, protocol, tcplen); 840} 841 842static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb) 843{ 844 __u8 *hash_location = NULL; 845 struct tcp_md5sig_key *hash_expected; 846 struct ipv6hdr *ip6h = ipv6_hdr(skb); 847 struct tcphdr *th = tcp_hdr(skb); 848 int length = (th->doff << 2) - sizeof (*th); 849 int genhash; 850 u8 *ptr; 851 u8 newhash[16]; 852 853 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr); 854 855 /* If the TCP option is too short, we can short cut */ 856 if (length < TCPOLEN_MD5SIG) 857 return hash_expected ? 1 : 0; 858 859 /* parse options */ 860 ptr = (u8*)(th + 1); 861 while (length > 0) { 862 int opcode = *ptr++; 863 int opsize; 864 865 switch(opcode) { 866 case TCPOPT_EOL: 867 goto done_opts; 868 case TCPOPT_NOP: 869 length--; 870 continue; 871 default: 872 opsize = *ptr++; 873 if (opsize < 2 || opsize > length) 874 goto done_opts; 875 if (opcode == TCPOPT_MD5SIG) { 876 hash_location = ptr; 877 goto done_opts; 878 } 879 } 880 ptr += opsize - 2; 881 length -= opsize; 882 } 883 884done_opts: 885 /* do we have a hash as expected? */ 886 if (!hash_expected) { 887 if (!hash_location) 888 return 0; 889 if (net_ratelimit()) { 890 printk(KERN_INFO "MD5 Hash NOT expected but found " 891 "(" NIP6_FMT ", %u)->" 892 "(" NIP6_FMT ", %u)\n", 893 NIP6(ip6h->saddr), ntohs(th->source), 894 NIP6(ip6h->daddr), ntohs(th->dest)); 895 } 896 return 1; 897 } 898 899 if (!hash_location) { 900 if (net_ratelimit()) { 901 printk(KERN_INFO "MD5 Hash expected but NOT found " 902 "(" NIP6_FMT ", %u)->" 903 "(" NIP6_FMT ", %u)\n", 904 NIP6(ip6h->saddr), ntohs(th->source), 905 NIP6(ip6h->daddr), ntohs(th->dest)); 906 } 907 return 1; 908 } 909 910 /* check the signature */ 911 genhash = tcp_v6_do_calc_md5_hash(newhash, 912 hash_expected, 913 &ip6h->saddr, &ip6h->daddr, 914 th, sk->sk_protocol, 915 skb->len); 916 if (genhash || memcmp(hash_location, newhash, 16) != 0) { 917 if (net_ratelimit()) { 918 printk(KERN_INFO "MD5 Hash %s for " 919 "(" NIP6_FMT ", %u)->" 920 "(" NIP6_FMT ", %u)\n", 921 genhash ? "failed" : "mismatch", 922 NIP6(ip6h->saddr), ntohs(th->source), 923 NIP6(ip6h->daddr), ntohs(th->dest)); 924 } 925 return 1; 926 } 927 return 0; 928} 929#endif 930 931static struct request_sock_ops tcp6_request_sock_ops __read_mostly = { 932 .family = AF_INET6, 933 .obj_size = sizeof(struct tcp6_request_sock), 934 .rtx_syn_ack = tcp_v6_send_synack, 935 .send_ack = tcp_v6_reqsk_send_ack, 936 .destructor = tcp_v6_reqsk_destructor, 937 .send_reset = tcp_v6_send_reset 938}; 939 940#ifdef CONFIG_TCP_MD5SIG 941static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = { 942 .md5_lookup = tcp_v6_reqsk_md5_lookup, 943}; 944#endif 945 946static struct timewait_sock_ops tcp6_timewait_sock_ops = { 947 .twsk_obj_size = sizeof(struct tcp6_timewait_sock), 948 .twsk_unique = tcp_twsk_unique, 949 .twsk_destructor= tcp_twsk_destructor, 950}; 951 952static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb) 953{ 954 struct ipv6_pinfo *np = inet6_sk(sk); 955 struct tcphdr *th = tcp_hdr(skb); 956 957 if (skb->ip_summed == CHECKSUM_PARTIAL) { 958 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP, 0); 959 skb->csum_start = skb_transport_header(skb) - skb->head; 960 skb->csum_offset = offsetof(struct tcphdr, check); 961 } else { 962 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP, 963 csum_partial((char *)th, th->doff<<2, 964 skb->csum)); 965 } 966} 967 968static int tcp_v6_gso_send_check(struct sk_buff *skb) 969{ 970 struct ipv6hdr *ipv6h; 971 struct tcphdr *th; 972 973 if (!pskb_may_pull(skb, sizeof(*th))) 974 return -EINVAL; 975 976 ipv6h = ipv6_hdr(skb); 977 th = tcp_hdr(skb); 978 979 th->check = 0; 980 th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len, 981 IPPROTO_TCP, 0); 982 skb->csum_start = skb_transport_header(skb) - skb->head; 983 skb->csum_offset = offsetof(struct tcphdr, check); 984 skb->ip_summed = CHECKSUM_PARTIAL; 985 return 0; 986} 987 988static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb) 989{ 990 struct tcphdr *th = tcp_hdr(skb), *t1; 991 struct sk_buff *buff; 992 struct flowi fl; 993 int tot_len = sizeof(*th); 994#ifdef CONFIG_TCP_MD5SIG 995 struct tcp_md5sig_key *key; 996#endif 997 998 if (th->rst) 999 return; 1000 1001 if (!ipv6_unicast_destination(skb)) 1002 return; 1003 1004#ifdef CONFIG_TCP_MD5SIG 1005 if (sk) 1006 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr); 1007 else 1008 key = NULL; 1009 1010 if (key) 1011 tot_len += TCPOLEN_MD5SIG_ALIGNED; 1012#endif 1013 1014 /* 1015 * We need to grab some memory, and put together an RST, 1016 * and then put it into the queue to be sent. 1017 */ 1018 1019 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len, 1020 GFP_ATOMIC); 1021 if (buff == NULL) 1022 return; 1023 1024 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len); 1025 1026 t1 = (struct tcphdr *) skb_push(buff, tot_len); 1027 1028 /* Swap the send and the receive. */ 1029 memset(t1, 0, sizeof(*t1)); 1030 t1->dest = th->source; 1031 t1->source = th->dest; 1032 t1->doff = tot_len / 4; 1033 t1->rst = 1; 1034 1035 if(th->ack) { 1036 t1->seq = th->ack_seq; 1037 } else { 1038 t1->ack = 1; 1039 t1->ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin 1040 + skb->len - (th->doff<<2)); 1041 } 1042 1043#ifdef CONFIG_TCP_MD5SIG 1044 if (key) { 1045 __be32 *opt = (__be32*)(t1 + 1); 1046 opt[0] = htonl((TCPOPT_NOP << 24) | 1047 (TCPOPT_NOP << 16) | 1048 (TCPOPT_MD5SIG << 8) | 1049 TCPOLEN_MD5SIG); 1050 tcp_v6_do_calc_md5_hash((__u8 *)&opt[1], key, 1051 &ipv6_hdr(skb)->daddr, 1052 &ipv6_hdr(skb)->saddr, 1053 t1, IPPROTO_TCP, tot_len); 1054 } 1055#endif 1056 1057 buff->csum = csum_partial((char *)t1, sizeof(*t1), 0); 1058 1059 memset(&fl, 0, sizeof(fl)); 1060 ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr); 1061 ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr); 1062 1063 t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst, 1064 sizeof(*t1), IPPROTO_TCP, 1065 buff->csum); 1066 1067 fl.proto = IPPROTO_TCP; 1068 fl.oif = inet6_iif(skb); 1069 fl.fl_ip_dport = t1->dest; 1070 fl.fl_ip_sport = t1->source; 1071 security_skb_classify_flow(skb, &fl); 1072 1073 /* sk = NULL, but it is safe for now. RST socket required. */ 1074 if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) { 1075 1076 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) { 1077 ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0); 1078 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS); 1079 TCP_INC_STATS_BH(TCP_MIB_OUTRSTS); 1080 return; 1081 } 1082 } 1083 1084 kfree_skb(buff); 1085} 1086 1087static void tcp_v6_send_ack(struct tcp_timewait_sock *tw, 1088 struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts) 1089{ 1090 struct tcphdr *th = tcp_hdr(skb), *t1; 1091 struct sk_buff *buff; 1092 struct flowi fl; 1093 int tot_len = sizeof(struct tcphdr); 1094 __be32 *topt; 1095#ifdef CONFIG_TCP_MD5SIG 1096 struct tcp_md5sig_key *key; 1097 struct tcp_md5sig_key tw_key; 1098#endif 1099 1100#ifdef CONFIG_TCP_MD5SIG 1101 if (!tw && skb->sk) { 1102 key = tcp_v6_md5_do_lookup(skb->sk, &ipv6_hdr(skb)->daddr); 1103 } else if (tw && tw->tw_md5_keylen) { 1104 tw_key.key = tw->tw_md5_key; 1105 tw_key.keylen = tw->tw_md5_keylen; 1106 key = &tw_key; 1107 } else { 1108 key = NULL; 1109 } 1110#endif 1111 1112 if (ts) 1113 tot_len += TCPOLEN_TSTAMP_ALIGNED; 1114#ifdef CONFIG_TCP_MD5SIG 1115 if (key) 1116 tot_len += TCPOLEN_MD5SIG_ALIGNED; 1117#endif 1118 1119 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len, 1120 GFP_ATOMIC); 1121 if (buff == NULL) 1122 return; 1123 1124 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len); 1125 1126 t1 = (struct tcphdr *) skb_push(buff,tot_len); 1127 1128 /* Swap the send and the receive. */ 1129 memset(t1, 0, sizeof(*t1)); 1130 t1->dest = th->source; 1131 t1->source = th->dest; 1132 t1->doff = tot_len/4; 1133 t1->seq = htonl(seq); 1134 t1->ack_seq = htonl(ack); 1135 t1->ack = 1; 1136 t1->window = htons(win); 1137 1138 topt = (__be32 *)(t1 + 1); 1139 1140 if (ts) { 1141 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 1142 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP); 1143 *topt++ = htonl(tcp_time_stamp); 1144 *topt = htonl(ts); 1145 } 1146 1147#ifdef CONFIG_TCP_MD5SIG 1148 if (key) { 1149 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 1150 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); 1151 tcp_v6_do_calc_md5_hash((__u8 *)topt, key, 1152 &ipv6_hdr(skb)->daddr, 1153 &ipv6_hdr(skb)->saddr, 1154 t1, IPPROTO_TCP, tot_len); 1155 } 1156#endif 1157 1158 buff->csum = csum_partial((char *)t1, tot_len, 0); 1159 1160 memset(&fl, 0, sizeof(fl)); 1161 ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr); 1162 ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr); 1163 1164 t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst, 1165 tot_len, IPPROTO_TCP, 1166 buff->csum); 1167 1168 fl.proto = IPPROTO_TCP; 1169 fl.oif = inet6_iif(skb); 1170 fl.fl_ip_dport = t1->dest; 1171 fl.fl_ip_sport = t1->source; 1172 security_skb_classify_flow(skb, &fl); 1173 1174 if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) { 1175 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) { 1176 ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0); 1177 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS); 1178 return; 1179 } 1180 } 1181 1182 kfree_skb(buff); 1183} 1184 1185static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb) 1186{ 1187 struct inet_timewait_sock *tw = inet_twsk(sk); 1188 struct tcp_timewait_sock *tcptw = tcp_twsk(sk); 1189 1190 tcp_v6_send_ack(tcptw, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt, 1191 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale, 1192 tcptw->tw_ts_recent); 1193 1194 inet_twsk_put(tw); 1195} 1196 1197static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req) 1198{ 1199 tcp_v6_send_ack(NULL, skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent); 1200} 1201 1202 1203static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb) 1204{ 1205 struct request_sock *req, **prev; 1206 const struct tcphdr *th = tcp_hdr(skb); 1207 struct sock *nsk; 1208 1209 /* Find possible connection requests. */ 1210 req = inet6_csk_search_req(sk, &prev, th->source, 1211 &ipv6_hdr(skb)->saddr, 1212 &ipv6_hdr(skb)->daddr, inet6_iif(skb)); 1213 if (req) 1214 return tcp_check_req(sk, skb, req, prev); 1215 1216 nsk = __inet6_lookup_established(&tcp_hashinfo, &ipv6_hdr(skb)->saddr, 1217 th->source, &ipv6_hdr(skb)->daddr, 1218 ntohs(th->dest), inet6_iif(skb)); 1219 1220 if (nsk) { 1221 if (nsk->sk_state != TCP_TIME_WAIT) { 1222 bh_lock_sock(nsk); 1223 return nsk; 1224 } 1225 inet_twsk_put(inet_twsk(nsk)); 1226 return NULL; 1227 } 1228 1229 return sk; 1230} 1231 1232static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb) 1233{ 1234 struct inet6_request_sock *treq; 1235 struct ipv6_pinfo *np = inet6_sk(sk); 1236 struct tcp_options_received tmp_opt; 1237 struct tcp_sock *tp = tcp_sk(sk); 1238 struct request_sock *req = NULL; 1239 __u32 isn = TCP_SKB_CB(skb)->when; 1240 1241 if (skb->protocol == htons(ETH_P_IP)) 1242 return tcp_v4_conn_request(sk, skb); 1243 1244 if (!ipv6_unicast_destination(skb)) 1245 goto drop; 1246 1247 /* 1248 * There are no SYN attacks on IPv6, yet... 1249 */ 1250 if (inet_csk_reqsk_queue_is_full(sk) && !isn) { 1251 if (net_ratelimit()) 1252 printk(KERN_INFO "TCPv6: dropping request, synflood is possible\n"); 1253 goto drop; 1254 } 1255 1256 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) 1257 goto drop; 1258 1259 req = inet6_reqsk_alloc(&tcp6_request_sock_ops); 1260 if (req == NULL) 1261 goto drop; 1262 1263#ifdef CONFIG_TCP_MD5SIG 1264 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops; 1265#endif 1266 1267 tcp_clear_options(&tmp_opt); 1268 tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); 1269 tmp_opt.user_mss = tp->rx_opt.user_mss; 1270 1271 tcp_parse_options(skb, &tmp_opt, 0); 1272 1273 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp; 1274 tcp_openreq_init(req, &tmp_opt, skb); 1275 1276 treq = inet6_rsk(req); 1277 ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr); 1278 ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr); 1279 TCP_ECN_create_request(req, tcp_hdr(skb)); 1280 treq->pktopts = NULL; 1281 if (ipv6_opt_accepted(sk, skb) || 1282 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || 1283 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) { 1284 atomic_inc(&skb->users); 1285 treq->pktopts = skb; 1286 } 1287 treq->iif = sk->sk_bound_dev_if; 1288 1289 /* So that link locals have meaning */ 1290 if (!sk->sk_bound_dev_if && 1291 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL) 1292 treq->iif = inet6_iif(skb); 1293 1294 if (isn == 0) 1295 isn = tcp_v6_init_sequence(skb); 1296 1297 tcp_rsk(req)->snt_isn = isn; 1298 1299 security_inet_conn_request(sk, skb, req); 1300 1301 if (tcp_v6_send_synack(sk, req, NULL)) 1302 goto drop; 1303 1304 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT); 1305 return 0; 1306 1307drop: 1308 if (req) 1309 reqsk_free(req); 1310 1311 return 0; /* don't send reset */ 1312} 1313 1314static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb, 1315 struct request_sock *req, 1316 struct dst_entry *dst) 1317{ 1318 struct inet6_request_sock *treq = inet6_rsk(req); 1319 struct ipv6_pinfo *newnp, *np = inet6_sk(sk); 1320 struct tcp6_sock *newtcp6sk; 1321 struct inet_sock *newinet; 1322 struct tcp_sock *newtp; 1323 struct sock *newsk; 1324 struct ipv6_txoptions *opt; 1325#ifdef CONFIG_TCP_MD5SIG 1326 struct tcp_md5sig_key *key; 1327#endif 1328 1329 if (skb->protocol == htons(ETH_P_IP)) { 1330 /* 1331 * v6 mapped 1332 */ 1333 1334 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst); 1335 1336 if (newsk == NULL) 1337 return NULL; 1338 1339 newtcp6sk = (struct tcp6_sock *)newsk; 1340 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1341 1342 newinet = inet_sk(newsk); 1343 newnp = inet6_sk(newsk); 1344 newtp = tcp_sk(newsk); 1345 1346 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1347 1348 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF), 1349 newinet->daddr); 1350 1351 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF), 1352 newinet->saddr); 1353 1354 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr); 1355 1356 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped; 1357 newsk->sk_backlog_rcv = tcp_v4_do_rcv; 1358#ifdef CONFIG_TCP_MD5SIG 1359 newtp->af_specific = &tcp_sock_ipv6_mapped_specific; 1360#endif 1361 1362 newnp->pktoptions = NULL; 1363 newnp->opt = NULL; 1364 newnp->mcast_oif = inet6_iif(skb); 1365 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1366 1367 /* 1368 * No need to charge this sock to the relevant IPv6 refcnt debug socks count 1369 * here, tcp_create_openreq_child now does this for us, see the comment in 1370 * that function for the gory details. -acme 1371 */ 1372 1373 /* It is tricky place. Until this moment IPv4 tcp 1374 worked with IPv6 icsk.icsk_af_ops. 1375 Sync it now. 1376 */ 1377 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); 1378 1379 return newsk; 1380 } 1381 1382 opt = np->opt; 1383 1384 if (sk_acceptq_is_full(sk)) 1385 goto out_overflow; 1386 1387 if (np->rxopt.bits.osrcrt == 2 && 1388 opt == NULL && treq->pktopts) { 1389 struct inet6_skb_parm *rxopt = IP6CB(treq->pktopts); 1390 if (rxopt->srcrt) 1391 opt = ipv6_invert_rthdr(sk, 1392 (struct ipv6_rt_hdr *)(skb_network_header(treq->pktopts) + 1393 rxopt->srcrt)); 1394 } 1395 1396 if (dst == NULL) { 1397 struct in6_addr *final_p = NULL, final; 1398 struct flowi fl; 1399 1400 memset(&fl, 0, sizeof(fl)); 1401 fl.proto = IPPROTO_TCP; 1402 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr); 1403 if (opt && opt->srcrt) { 1404 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt; 1405 ipv6_addr_copy(&final, &fl.fl6_dst); 1406 ipv6_addr_copy(&fl.fl6_dst, rt0->addr); 1407 final_p = &final; 1408 } 1409 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr); 1410 fl.oif = sk->sk_bound_dev_if; 1411 fl.fl_ip_dport = inet_rsk(req)->rmt_port; 1412 fl.fl_ip_sport = inet_sk(sk)->sport; 1413 security_req_classify_flow(req, &fl); 1414 1415 if (ip6_dst_lookup(sk, &dst, &fl)) 1416 goto out; 1417 1418 if (final_p) 1419 ipv6_addr_copy(&fl.fl6_dst, final_p); 1420 1421 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0) 1422 goto out; 1423 } 1424 1425 newsk = tcp_create_openreq_child(sk, req, skb); 1426 if (newsk == NULL) 1427 goto out; 1428 1429 /* 1430 * No need to charge this sock to the relevant IPv6 refcnt debug socks 1431 * count here, tcp_create_openreq_child now does this for us, see the 1432 * comment in that function for the gory details. -acme 1433 */ 1434 1435 newsk->sk_gso_type = SKB_GSO_TCPV6; 1436 __ip6_dst_store(newsk, dst, NULL, NULL); 1437 1438 newtcp6sk = (struct tcp6_sock *)newsk; 1439 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; 1440 1441 newtp = tcp_sk(newsk); 1442 newinet = inet_sk(newsk); 1443 newnp = inet6_sk(newsk); 1444 1445 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 1446 1447 ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr); 1448 ipv6_addr_copy(&newnp->saddr, &treq->loc_addr); 1449 ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr); 1450 newsk->sk_bound_dev_if = treq->iif; 1451 1452 /* Now IPv6 options... 1453 1454 First: no IPv4 options. 1455 */ 1456 newinet->opt = NULL; 1457 newnp->ipv6_fl_list = NULL; 1458 1459 /* Clone RX bits */ 1460 newnp->rxopt.all = np->rxopt.all; 1461 1462 /* Clone pktoptions received with SYN */ 1463 newnp->pktoptions = NULL; 1464 if (treq->pktopts != NULL) { 1465 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC); 1466 kfree_skb(treq->pktopts); 1467 treq->pktopts = NULL; 1468 if (newnp->pktoptions) 1469 skb_set_owner_r(newnp->pktoptions, newsk); 1470 } 1471 newnp->opt = NULL; 1472 newnp->mcast_oif = inet6_iif(skb); 1473 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 1474 1475 /* Clone native IPv6 options from listening socket (if any) 1476 1477 Yes, keeping reference count would be much more clever, 1478 but we make one more one thing there: reattach optmem 1479 to newsk. 1480 */ 1481 if (opt) { 1482 newnp->opt = ipv6_dup_options(newsk, opt); 1483 if (opt != np->opt) 1484 sock_kfree_s(sk, opt, opt->tot_len); 1485 } 1486 1487 inet_csk(newsk)->icsk_ext_hdr_len = 0; 1488 if (newnp->opt) 1489 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen + 1490 newnp->opt->opt_flen); 1491 1492 tcp_mtup_init(newsk); 1493 tcp_sync_mss(newsk, dst_mtu(dst)); 1494 newtp->advmss = dst_metric(dst, RTAX_ADVMSS); 1495 tcp_initialize_rcv_mss(newsk); 1496 1497 newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6; 1498 1499#ifdef CONFIG_TCP_MD5SIG 1500 /* Copy over the MD5 key from the original socket */ 1501 if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) { 1502 /* We're using one, so create a matching key 1503 * on the newsk structure. If we fail to get 1504 * memory, then we end up not copying the key 1505 * across. Shucks. 1506 */ 1507 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC); 1508 if (newkey != NULL) 1509 tcp_v6_md5_do_add(newsk, &inet6_sk(sk)->daddr, 1510 newkey, key->keylen); 1511 } 1512#endif 1513 1514 __inet6_hash(&tcp_hashinfo, newsk); 1515 inet_inherit_port(&tcp_hashinfo, sk, newsk); 1516 1517 return newsk; 1518 1519out_overflow: 1520 NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS); 1521out: 1522 NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS); 1523 if (opt && opt != np->opt) 1524 sock_kfree_s(sk, opt, opt->tot_len); 1525 dst_release(dst); 1526 return NULL; 1527} 1528 1529static __sum16 tcp_v6_checksum_init(struct sk_buff *skb) 1530{ 1531 if (skb->ip_summed == CHECKSUM_COMPLETE) { 1532 if (!tcp_v6_check(tcp_hdr(skb), skb->len, &ipv6_hdr(skb)->saddr, 1533 &ipv6_hdr(skb)->daddr, skb->csum)) { 1534 skb->ip_summed = CHECKSUM_UNNECESSARY; 1535 return 0; 1536 } 1537 } 1538 1539 skb->csum = ~csum_unfold(tcp_v6_check(tcp_hdr(skb), skb->len, 1540 &ipv6_hdr(skb)->saddr, 1541 &ipv6_hdr(skb)->daddr, 0)); 1542 1543 if (skb->len <= 76) { 1544 return __skb_checksum_complete(skb); 1545 } 1546 return 0; 1547} 1548 1549/* The socket must have it's spinlock held when we get 1550 * here. 1551 * 1552 * We have a potential double-lock case here, so even when 1553 * doing backlog processing we use the BH locking scheme. 1554 * This is because we cannot sleep with the original spinlock 1555 * held. 1556 */ 1557static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) 1558{ 1559 struct ipv6_pinfo *np = inet6_sk(sk); 1560 struct tcp_sock *tp; 1561 struct sk_buff *opt_skb = NULL; 1562 1563 /* Imagine: socket is IPv6. IPv4 packet arrives, 1564 goes to IPv4 receive handler and backlogged. 1565 From backlog it always goes here. Kerboom... 1566 Fortunately, tcp_rcv_established and rcv_established 1567 handle them correctly, but it is not case with 1568 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK 1569 */ 1570 1571 if (skb->protocol == htons(ETH_P_IP)) 1572 return tcp_v4_do_rcv(sk, skb); 1573 1574#ifdef CONFIG_TCP_MD5SIG 1575 if (tcp_v6_inbound_md5_hash (sk, skb)) 1576 goto discard; 1577#endif 1578 1579 if (sk_filter(sk, skb)) 1580 goto discard; 1581 1582 /* 1583 * socket locking is here for SMP purposes as backlog rcv 1584 * is currently called with bh processing disabled. 1585 */ 1586 1587 /* Do Stevens' IPV6_PKTOPTIONS. 1588 1589 Yes, guys, it is the only place in our code, where we 1590 may make it not affecting IPv4. 1591 The rest of code is protocol independent, 1592 and I do not like idea to uglify IPv4. 1593 1594 Actually, all the idea behind IPV6_PKTOPTIONS 1595 looks not very well thought. For now we latch 1596 options, received in the last packet, enqueued 1597 by tcp. Feel free to propose better solution. 1598 --ANK (980728) 1599 */ 1600 if (np->rxopt.all) 1601 opt_skb = skb_clone(skb, GFP_ATOMIC); 1602 1603 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ 1604 TCP_CHECK_TIMER(sk); 1605 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) 1606 goto reset; 1607 TCP_CHECK_TIMER(sk); 1608 if (opt_skb) 1609 goto ipv6_pktoptions; 1610 return 0; 1611 } 1612 1613 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb)) 1614 goto csum_err; 1615 1616 if (sk->sk_state == TCP_LISTEN) { 1617 struct sock *nsk = tcp_v6_hnd_req(sk, skb); 1618 if (!nsk) 1619 goto discard; 1620 1621 /* 1622 * Queue it on the new socket if the new socket is active, 1623 * otherwise we just shortcircuit this and continue with 1624 * the new socket.. 1625 */ 1626 if(nsk != sk) { 1627 if (tcp_child_process(sk, nsk, skb)) 1628 goto reset; 1629 if (opt_skb) 1630 __kfree_skb(opt_skb); 1631 return 0; 1632 } 1633 } 1634 1635 TCP_CHECK_TIMER(sk); 1636 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) 1637 goto reset; 1638 TCP_CHECK_TIMER(sk); 1639 if (opt_skb) 1640 goto ipv6_pktoptions; 1641 return 0; 1642 1643reset: 1644 tcp_v6_send_reset(sk, skb); 1645discard: 1646 if (opt_skb) 1647 __kfree_skb(opt_skb); 1648 kfree_skb(skb); 1649 return 0; 1650csum_err: 1651 TCP_INC_STATS_BH(TCP_MIB_INERRS); 1652 goto discard; 1653 1654 1655ipv6_pktoptions: 1656 /* Do you ask, what is it? 1657 1658 1. skb was enqueued by tcp. 1659 2. skb is added to tail of read queue, rather than out of order. 1660 3. socket is not in passive state. 1661 4. Finally, it really contains options, which user wants to receive. 1662 */ 1663 tp = tcp_sk(sk); 1664 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt && 1665 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) { 1666 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo) 1667 np->mcast_oif = inet6_iif(opt_skb); 1668 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) 1669 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit; 1670 if (ipv6_opt_accepted(sk, opt_skb)) { 1671 skb_set_owner_r(opt_skb, sk); 1672 opt_skb = xchg(&np->pktoptions, opt_skb); 1673 } else { 1674 __kfree_skb(opt_skb); 1675 opt_skb = xchg(&np->pktoptions, NULL); 1676 } 1677 } 1678 1679 if (opt_skb) 1680 kfree_skb(opt_skb); 1681 return 0; 1682} 1683 1684static int tcp_v6_rcv(struct sk_buff **pskb) 1685{ 1686 struct sk_buff *skb = *pskb; 1687 struct tcphdr *th; 1688 struct sock *sk; 1689 int ret; 1690 1691 if (skb->pkt_type != PACKET_HOST) 1692 goto discard_it; 1693 1694 /* 1695 * Count it even if it's bad. 1696 */ 1697 TCP_INC_STATS_BH(TCP_MIB_INSEGS); 1698 1699 if (!pskb_may_pull(skb, sizeof(struct tcphdr))) 1700 goto discard_it; 1701 1702 th = tcp_hdr(skb); 1703 1704 if (th->doff < sizeof(struct tcphdr)/4) 1705 goto bad_packet; 1706 if (!pskb_may_pull(skb, th->doff*4)) 1707 goto discard_it; 1708 1709 if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb)) 1710 goto bad_packet; 1711 1712 th = tcp_hdr(skb); 1713 TCP_SKB_CB(skb)->seq = ntohl(th->seq); 1714 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin + 1715 skb->len - th->doff*4); 1716 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq); 1717 TCP_SKB_CB(skb)->when = 0; 1718 TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb)); 1719 TCP_SKB_CB(skb)->sacked = 0; 1720 1721 sk = __inet6_lookup(&tcp_hashinfo, &ipv6_hdr(skb)->saddr, th->source, 1722 &ipv6_hdr(skb)->daddr, ntohs(th->dest), 1723 inet6_iif(skb)); 1724 1725 if (!sk) 1726 goto no_tcp_socket; 1727 1728process: 1729 if (sk->sk_state == TCP_TIME_WAIT) 1730 goto do_time_wait; 1731 1732 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) 1733 goto discard_and_relse; 1734 1735 if (sk_filter(sk, skb)) 1736 goto discard_and_relse; 1737 1738 skb->dev = NULL; 1739 1740 bh_lock_sock_nested(sk); 1741 ret = 0; 1742 if (!sock_owned_by_user(sk)) { 1743#ifdef CONFIG_NET_DMA 1744 struct tcp_sock *tp = tcp_sk(sk); 1745 if (tp->ucopy.dma_chan) 1746 ret = tcp_v6_do_rcv(sk, skb); 1747 else 1748#endif 1749 { 1750 if (!tcp_prequeue(sk, skb)) 1751 ret = tcp_v6_do_rcv(sk, skb); 1752 } 1753 } else 1754 sk_add_backlog(sk, skb); 1755 bh_unlock_sock(sk); 1756 1757 sock_put(sk); 1758 return ret ? -1 : 0; 1759 1760no_tcp_socket: 1761 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 1762 goto discard_it; 1763 1764 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1765bad_packet: 1766 TCP_INC_STATS_BH(TCP_MIB_INERRS); 1767 } else { 1768 tcp_v6_send_reset(NULL, skb); 1769 } 1770 1771discard_it: 1772 1773 /* 1774 * Discard frame 1775 */ 1776 1777 kfree_skb(skb); 1778 return 0; 1779 1780discard_and_relse: 1781 sock_put(sk); 1782 goto discard_it; 1783 1784do_time_wait: 1785 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 1786 inet_twsk_put(inet_twsk(sk)); 1787 goto discard_it; 1788 } 1789 1790 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) { 1791 TCP_INC_STATS_BH(TCP_MIB_INERRS); 1792 inet_twsk_put(inet_twsk(sk)); 1793 goto discard_it; 1794 } 1795 1796 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) { 1797 case TCP_TW_SYN: 1798 { 1799 struct sock *sk2; 1800 1801 sk2 = inet6_lookup_listener(&tcp_hashinfo, 1802 &ipv6_hdr(skb)->daddr, 1803 ntohs(th->dest), inet6_iif(skb)); 1804 if (sk2 != NULL) { 1805 struct inet_timewait_sock *tw = inet_twsk(sk); 1806 inet_twsk_deschedule(tw, &tcp_death_row); 1807 inet_twsk_put(tw); 1808 sk = sk2; 1809 goto process; 1810 } 1811 /* Fall through to ACK */ 1812 } 1813 case TCP_TW_ACK: 1814 tcp_v6_timewait_ack(sk, skb); 1815 break; 1816 case TCP_TW_RST: 1817 goto no_tcp_socket; 1818 case TCP_TW_SUCCESS:; 1819 } 1820 goto discard_it; 1821} 1822 1823static int tcp_v6_remember_stamp(struct sock *sk) 1824{ 1825 /* Alas, not yet... */ 1826 return 0; 1827} 1828 1829static struct inet_connection_sock_af_ops ipv6_specific = { 1830 .queue_xmit = inet6_csk_xmit, 1831 .send_check = tcp_v6_send_check, 1832 .rebuild_header = inet6_sk_rebuild_header, 1833 .conn_request = tcp_v6_conn_request, 1834 .syn_recv_sock = tcp_v6_syn_recv_sock, 1835 .remember_stamp = tcp_v6_remember_stamp, 1836 .net_header_len = sizeof(struct ipv6hdr), 1837 .setsockopt = ipv6_setsockopt, 1838 .getsockopt = ipv6_getsockopt, 1839 .addr2sockaddr = inet6_csk_addr2sockaddr, 1840 .sockaddr_len = sizeof(struct sockaddr_in6), 1841#ifdef CONFIG_COMPAT 1842 .compat_setsockopt = compat_ipv6_setsockopt, 1843 .compat_getsockopt = compat_ipv6_getsockopt, 1844#endif 1845}; 1846 1847#ifdef CONFIG_TCP_MD5SIG 1848static struct tcp_sock_af_ops tcp_sock_ipv6_specific = { 1849 .md5_lookup = tcp_v6_md5_lookup, 1850 .calc_md5_hash = tcp_v6_calc_md5_hash, 1851 .md5_add = tcp_v6_md5_add_func, 1852 .md5_parse = tcp_v6_parse_md5_keys, 1853}; 1854#endif 1855 1856/* 1857 * TCP over IPv4 via INET6 API 1858 */ 1859 1860static struct inet_connection_sock_af_ops ipv6_mapped = { 1861 .queue_xmit = ip_queue_xmit, 1862 .send_check = tcp_v4_send_check, 1863 .rebuild_header = inet_sk_rebuild_header, 1864 .conn_request = tcp_v6_conn_request, 1865 .syn_recv_sock = tcp_v6_syn_recv_sock, 1866 .remember_stamp = tcp_v4_remember_stamp, 1867 .net_header_len = sizeof(struct iphdr), 1868 .setsockopt = ipv6_setsockopt, 1869 .getsockopt = ipv6_getsockopt, 1870 .addr2sockaddr = inet6_csk_addr2sockaddr, 1871 .sockaddr_len = sizeof(struct sockaddr_in6), 1872#ifdef CONFIG_COMPAT 1873 .compat_setsockopt = compat_ipv6_setsockopt, 1874 .compat_getsockopt = compat_ipv6_getsockopt, 1875#endif 1876}; 1877 1878#ifdef CONFIG_TCP_MD5SIG 1879static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = { 1880 .md5_lookup = tcp_v4_md5_lookup, 1881 .calc_md5_hash = tcp_v4_calc_md5_hash, 1882 .md5_add = tcp_v6_md5_add_func, 1883 .md5_parse = tcp_v6_parse_md5_keys, 1884}; 1885#endif 1886 1887/* NOTE: A lot of things set to zero explicitly by call to 1888 * sk_alloc() so need not be done here. 1889 */ 1890static int tcp_v6_init_sock(struct sock *sk) 1891{ 1892 struct inet_connection_sock *icsk = inet_csk(sk); 1893 struct tcp_sock *tp = tcp_sk(sk); 1894 1895 skb_queue_head_init(&tp->out_of_order_queue); 1896 tcp_init_xmit_timers(sk); 1897 tcp_prequeue_init(tp); 1898 1899 icsk->icsk_rto = TCP_TIMEOUT_INIT; 1900 tp->mdev = TCP_TIMEOUT_INIT; 1901 1902 /* So many TCP implementations out there (incorrectly) count the 1903 * initial SYN frame in their delayed-ACK and congestion control 1904 * algorithms that we must have the following bandaid to talk 1905 * efficiently to them. -DaveM 1906 */ 1907 tp->snd_cwnd = 2; 1908 1909 /* See draft-stevens-tcpca-spec-01 for discussion of the 1910 * initialization of these values. 1911 */ 1912 tp->snd_ssthresh = 0x7fffffff; 1913 tp->snd_cwnd_clamp = ~0; 1914 tp->mss_cache = 536; 1915 1916 tp->reordering = sysctl_tcp_reordering; 1917 1918 sk->sk_state = TCP_CLOSE; 1919 1920 icsk->icsk_af_ops = &ipv6_specific; 1921 icsk->icsk_ca_ops = &tcp_init_congestion_ops; 1922 icsk->icsk_sync_mss = tcp_sync_mss; 1923 sk->sk_write_space = sk_stream_write_space; 1924 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE); 1925 1926#ifdef CONFIG_TCP_MD5SIG 1927 tp->af_specific = &tcp_sock_ipv6_specific; 1928#endif 1929 1930 sk->sk_sndbuf = sysctl_tcp_wmem[1]; 1931 sk->sk_rcvbuf = sysctl_tcp_rmem[1]; 1932 1933 atomic_inc(&tcp_sockets_allocated); 1934 1935 return 0; 1936} 1937 1938static int tcp_v6_destroy_sock(struct sock *sk) 1939{ 1940#ifdef CONFIG_TCP_MD5SIG 1941 /* Clean up the MD5 key list */ 1942 if (tcp_sk(sk)->md5sig_info) 1943 tcp_v6_clear_md5_list(sk); 1944#endif 1945 tcp_v4_destroy_sock(sk); 1946 return inet6_destroy_sock(sk); 1947} 1948 1949#ifdef CONFIG_PROC_FS 1950/* Proc filesystem TCPv6 sock list dumping. */ 1951static void get_openreq6(struct seq_file *seq, 1952 struct sock *sk, struct request_sock *req, int i, int uid) 1953{ 1954 int ttd = req->expires - jiffies; 1955 struct in6_addr *src = &inet6_rsk(req)->loc_addr; 1956 struct in6_addr *dest = &inet6_rsk(req)->rmt_addr; 1957 1958 if (ttd < 0) 1959 ttd = 0; 1960 1961 seq_printf(seq, 1962 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1963 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n", 1964 i, 1965 src->s6_addr32[0], src->s6_addr32[1], 1966 src->s6_addr32[2], src->s6_addr32[3], 1967 ntohs(inet_sk(sk)->sport), 1968 dest->s6_addr32[0], dest->s6_addr32[1], 1969 dest->s6_addr32[2], dest->s6_addr32[3], 1970 ntohs(inet_rsk(req)->rmt_port), 1971 TCP_SYN_RECV, 1972 0,0, /* could print option size, but that is af dependent. */ 1973 1, /* timers active (only the expire timer) */ 1974 jiffies_to_clock_t(ttd), 1975 req->retrans, 1976 uid, 1977 0, /* non standard timer */ 1978 0, /* open_requests have no inode */ 1979 0, req); 1980} 1981 1982static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) 1983{ 1984 struct in6_addr *dest, *src; 1985 __u16 destp, srcp; 1986 int timer_active; 1987 unsigned long timer_expires; 1988 struct inet_sock *inet = inet_sk(sp); 1989 struct tcp_sock *tp = tcp_sk(sp); 1990 const struct inet_connection_sock *icsk = inet_csk(sp); 1991 struct ipv6_pinfo *np = inet6_sk(sp); 1992 1993 dest = &np->daddr; 1994 src = &np->rcv_saddr; 1995 destp = ntohs(inet->dport); 1996 srcp = ntohs(inet->sport); 1997 1998 if (icsk->icsk_pending == ICSK_TIME_RETRANS) { 1999 timer_active = 1; 2000 timer_expires = icsk->icsk_timeout; 2001 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) { 2002 timer_active = 4; 2003 timer_expires = icsk->icsk_timeout; 2004 } else if (timer_pending(&sp->sk_timer)) { 2005 timer_active = 2; 2006 timer_expires = sp->sk_timer.expires; 2007 } else { 2008 timer_active = 0; 2009 timer_expires = jiffies; 2010 } 2011 2012 seq_printf(seq, 2013 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 2014 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %u %u %u %u %d\n", 2015 i, 2016 src->s6_addr32[0], src->s6_addr32[1], 2017 src->s6_addr32[2], src->s6_addr32[3], srcp, 2018 dest->s6_addr32[0], dest->s6_addr32[1], 2019 dest->s6_addr32[2], dest->s6_addr32[3], destp, 2020 sp->sk_state, 2021 tp->write_seq-tp->snd_una, 2022 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq), 2023 timer_active, 2024 jiffies_to_clock_t(timer_expires - jiffies), 2025 icsk->icsk_retransmits, 2026 sock_i_uid(sp), 2027 icsk->icsk_probes_out, 2028 sock_i_ino(sp), 2029 atomic_read(&sp->sk_refcnt), sp, 2030 icsk->icsk_rto, 2031 icsk->icsk_ack.ato, 2032 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong, 2033 tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh 2034 ); 2035} 2036 2037static void get_timewait6_sock(struct seq_file *seq, 2038 struct inet_timewait_sock *tw, int i) 2039{ 2040 struct in6_addr *dest, *src; 2041 __u16 destp, srcp; 2042 struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw); 2043 int ttd = tw->tw_ttd - jiffies; 2044 2045 if (ttd < 0) 2046 ttd = 0; 2047 2048 dest = &tw6->tw_v6_daddr; 2049 src = &tw6->tw_v6_rcv_saddr; 2050 destp = ntohs(tw->tw_dport); 2051 srcp = ntohs(tw->tw_sport); 2052 2053 seq_printf(seq, 2054 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 2055 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n", 2056 i, 2057 src->s6_addr32[0], src->s6_addr32[1], 2058 src->s6_addr32[2], src->s6_addr32[3], srcp, 2059 dest->s6_addr32[0], dest->s6_addr32[1], 2060 dest->s6_addr32[2], dest->s6_addr32[3], destp, 2061 tw->tw_substate, 0, 0, 2062 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0, 2063 atomic_read(&tw->tw_refcnt), tw); 2064} 2065 2066static int tcp6_seq_show(struct seq_file *seq, void *v) 2067{ 2068 struct tcp_iter_state *st; 2069 2070 if (v == SEQ_START_TOKEN) { 2071 seq_puts(seq, 2072 " sl " 2073 "local_address " 2074 "remote_address " 2075 "st tx_queue rx_queue tr tm->when retrnsmt" 2076 " uid timeout inode\n"); 2077 goto out; 2078 } 2079 st = seq->private; 2080 2081 switch (st->state) { 2082 case TCP_SEQ_STATE_LISTENING: 2083 case TCP_SEQ_STATE_ESTABLISHED: 2084 get_tcp6_sock(seq, v, st->num); 2085 break; 2086 case TCP_SEQ_STATE_OPENREQ: 2087 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid); 2088 break; 2089 case TCP_SEQ_STATE_TIME_WAIT: 2090 get_timewait6_sock(seq, v, st->num); 2091 break; 2092 } 2093out: 2094 return 0; 2095} 2096 2097static struct file_operations tcp6_seq_fops; 2098static struct tcp_seq_afinfo tcp6_seq_afinfo = { 2099 .owner = THIS_MODULE, 2100 .name = "tcp6", 2101 .family = AF_INET6, 2102 .seq_show = tcp6_seq_show, 2103 .seq_fops = &tcp6_seq_fops, 2104}; 2105 2106int __init tcp6_proc_init(void) 2107{ 2108 return tcp_proc_register(&tcp6_seq_afinfo); 2109} 2110 2111void tcp6_proc_exit(void) 2112{ 2113 tcp_proc_unregister(&tcp6_seq_afinfo); 2114} 2115#endif 2116 2117struct proto tcpv6_prot = { 2118 .name = "TCPv6", 2119 .owner = THIS_MODULE, 2120 .close = tcp_close, 2121 .connect = tcp_v6_connect, 2122 .disconnect = tcp_disconnect, 2123 .accept = inet_csk_accept, 2124 .ioctl = tcp_ioctl, 2125 .init = tcp_v6_init_sock, 2126 .destroy = tcp_v6_destroy_sock, 2127 .shutdown = tcp_shutdown, 2128 .setsockopt = tcp_setsockopt, 2129 .getsockopt = tcp_getsockopt, 2130 .sendmsg = tcp_sendmsg, 2131 .recvmsg = tcp_recvmsg, 2132 .backlog_rcv = tcp_v6_do_rcv, 2133 .hash = tcp_v6_hash, 2134 .unhash = tcp_unhash, 2135 .get_port = tcp_v6_get_port, 2136 .enter_memory_pressure = tcp_enter_memory_pressure, 2137 .sockets_allocated = &tcp_sockets_allocated, 2138 .memory_allocated = &tcp_memory_allocated, 2139 .memory_pressure = &tcp_memory_pressure, 2140 .orphan_count = &tcp_orphan_count, 2141 .sysctl_mem = sysctl_tcp_mem, 2142 .sysctl_wmem = sysctl_tcp_wmem, 2143 .sysctl_rmem = sysctl_tcp_rmem, 2144 .max_header = MAX_TCP_HEADER, 2145 .obj_size = sizeof(struct tcp6_sock), 2146 .twsk_prot = &tcp6_timewait_sock_ops, 2147 .rsk_prot = &tcp6_request_sock_ops, 2148#ifdef CONFIG_COMPAT 2149 .compat_setsockopt = compat_tcp_setsockopt, 2150 .compat_getsockopt = compat_tcp_getsockopt, 2151#endif 2152}; 2153 2154static struct inet6_protocol tcpv6_protocol = { 2155 .handler = tcp_v6_rcv, 2156 .err_handler = tcp_v6_err, 2157 .gso_send_check = tcp_v6_gso_send_check, 2158 .gso_segment = tcp_tso_segment, 2159 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 2160}; 2161 2162static struct inet_protosw tcpv6_protosw = { 2163 .type = SOCK_STREAM, 2164 .protocol = IPPROTO_TCP, 2165 .prot = &tcpv6_prot, 2166 .ops = &inet6_stream_ops, 2167 .capability = -1, 2168 .no_check = 0, 2169 .flags = INET_PROTOSW_PERMANENT | 2170 INET_PROTOSW_ICSK, 2171}; 2172 2173void __init tcpv6_init(void) 2174{ 2175 /* register inet6 protocol */ 2176 if (inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP) < 0) 2177 printk(KERN_ERR "tcpv6_init: Could not register protocol\n"); 2178 inet6_register_protosw(&tcpv6_protosw); 2179 2180 if (inet_csk_ctl_sock_create(&tcp6_socket, PF_INET6, SOCK_RAW, 2181 IPPROTO_TCP) < 0) 2182 panic("Failed to create the TCPv6 control socket.\n"); 2183} 2184