search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
offb: Fix bug in calculating requested vram size
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / net / ipv6 / tcp_ipv6.c
blob296510a82c359f893d00db885dfd077ce7b54f52
1 /*
2 * TCP over IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * Based on:
9 * linux/net/ipv4/tcp.c
10 * linux/net/ipv4/tcp_input.c
11 * linux/net/ipv4/tcp_output.c
12 *
13 * Fixes:
14 * Hideaki YOSHIFUJI : sin6_scope_id support
15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
17 * a single port at the same time.
18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
19 *
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
24 */
25
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
34 #include <linux/in.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
41 #include <linux/slab.h>
42
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
46
47 #include <net/tcp.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
51 #include <net/ipv6.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
58 #include <net/xfrm.h>
59 #include <net/snmp.h>
60 #include <net/dsfield.h>
61 #include <net/timewait_sock.h>
62 #include <net/netdma.h>
63 #include <net/inet_common.h>
64 #include <net/secure_seq.h>
65
66 #include <asm/uaccess.h>
67
68 #include <linux/proc_fs.h>
69 #include <linux/seq_file.h>
70
71 #include <linux/crypto.h>
72 #include <linux/scatterlist.h>
73
74 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
75 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
76 struct request_sock *req);
77
78 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
79 static void __tcp_v6_send_check(struct sk_buff *skb,
80 const struct in6_addr *saddr,
81 const struct in6_addr *daddr);
82
83 static const struct inet_connection_sock_af_ops ipv6_mapped;
84 static const struct inet_connection_sock_af_ops ipv6_specific;
85 #ifdef CONFIG_TCP_MD5SIG
86 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
87 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
88 #else
89 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
90 const struct in6_addr *addr)
91 {
92 return NULL;
93 }
94 #endif
95
96 static void tcp_v6_hash(struct sock *sk)
97 {
98 if (sk->sk_state != TCP_CLOSE) {
99 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
100 tcp_prot.hash(sk);
101 return;
102 }
103 local_bh_disable();
104 __inet6_hash(sk, NULL);
105 local_bh_enable();
106 }
107 }
108
109 static __inline__ __sum16 tcp_v6_check(int len,
110 const struct in6_addr *saddr,
111 const struct in6_addr *daddr,
112 __wsum base)
113 {
114 return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
115 }
116
117 static __u32 tcp_v6_init_sequence(struct sk_buff *skb)
118 {
119 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
120 ipv6_hdr(skb)->saddr.s6_addr32,
121 tcp_hdr(skb)->dest,
122 tcp_hdr(skb)->source);
123 }
124
125 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
126 int addr_len)
127 {
128 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
129 struct inet_sock *inet = inet_sk(sk);
130 struct inet_connection_sock *icsk = inet_csk(sk);
131 struct ipv6_pinfo *np = inet6_sk(sk);
132 struct tcp_sock *tp = tcp_sk(sk);
133 struct in6_addr *saddr = NULL, *final_p, final;
134 struct rt6_info *rt;
135 struct flowi6 fl6;
136 struct dst_entry *dst;
137 int addr_type;
138 int err;
139
140 if (addr_len < SIN6_LEN_RFC2133)
141 return -EINVAL;
142
143 if (usin->sin6_family != AF_INET6)
144 return -EAFNOSUPPORT;
145
146 memset(&fl6, 0, sizeof(fl6));
147
148 if (np->sndflow) {
149 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
150 IP6_ECN_flow_init(fl6.flowlabel);
151 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
152 struct ip6_flowlabel *flowlabel;
153 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
154 if (flowlabel == NULL)
155 return -EINVAL;
156 ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
157 fl6_sock_release(flowlabel);
158 }
159 }
160
161 /*
162 * connect() to INADDR_ANY means loopback (BSD'ism).
163 */
164
165 if(ipv6_addr_any(&usin->sin6_addr))
166 usin->sin6_addr.s6_addr[15] = 0x1;
167
168 addr_type = ipv6_addr_type(&usin->sin6_addr);
169
170 if(addr_type & IPV6_ADDR_MULTICAST)
171 return -ENETUNREACH;
172
173 if (addr_type&IPV6_ADDR_LINKLOCAL) {
174 if (addr_len >= sizeof(struct sockaddr_in6) &&
175 usin->sin6_scope_id) {
176 /* If interface is set while binding, indices
177 * must coincide.
178 */
179 if (sk->sk_bound_dev_if &&
180 sk->sk_bound_dev_if != usin->sin6_scope_id)
181 return -EINVAL;
182
183 sk->sk_bound_dev_if = usin->sin6_scope_id;
184 }
185
186 /* Connect to link-local address requires an interface */
187 if (!sk->sk_bound_dev_if)
188 return -EINVAL;
189 }
190
191 if (tp->rx_opt.ts_recent_stamp &&
192 !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
193 tp->rx_opt.ts_recent = 0;
194 tp->rx_opt.ts_recent_stamp = 0;
195 tp->write_seq = 0;
196 }
197
198 ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
199 np->flow_label = fl6.flowlabel;
200
201 /*
202 * TCP over IPv4
203 */
204
205 if (addr_type == IPV6_ADDR_MAPPED) {
206 u32 exthdrlen = icsk->icsk_ext_hdr_len;
207 struct sockaddr_in sin;
208
209 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
210
211 if (__ipv6_only_sock(sk))
212 return -ENETUNREACH;
213
214 sin.sin_family = AF_INET;
215 sin.sin_port = usin->sin6_port;
216 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
217
218 icsk->icsk_af_ops = &ipv6_mapped;
219 sk->sk_backlog_rcv = tcp_v4_do_rcv;
220 #ifdef CONFIG_TCP_MD5SIG
221 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
222 #endif
223
224 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
225
226 if (err) {
227 icsk->icsk_ext_hdr_len = exthdrlen;
228 icsk->icsk_af_ops = &ipv6_specific;
229 sk->sk_backlog_rcv = tcp_v6_do_rcv;
230 #ifdef CONFIG_TCP_MD5SIG
231 tp->af_specific = &tcp_sock_ipv6_specific;
232 #endif
233 goto failure;
234 } else {
235 ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr);
236 ipv6_addr_set_v4mapped(inet->inet_rcv_saddr,
237 &np->rcv_saddr);
238 }
239
240 return err;
241 }
242
243 if (!ipv6_addr_any(&np->rcv_saddr))
244 saddr = &np->rcv_saddr;
245
246 fl6.flowi6_proto = IPPROTO_TCP;
247 ipv6_addr_copy(&fl6.daddr, &np->daddr);
248 ipv6_addr_copy(&fl6.saddr,
249 (saddr ? saddr : &np->saddr));
250 fl6.flowi6_oif = sk->sk_bound_dev_if;
251 fl6.flowi6_mark = sk->sk_mark;
252 fl6.fl6_dport = usin->sin6_port;
253 fl6.fl6_sport = inet->inet_sport;
254
255 final_p = fl6_update_dst(&fl6, np->opt, &final);
256
257 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
258
259 dst = ip6_dst_lookup_flow(sk, &fl6, final_p, true);
260 if (IS_ERR(dst)) {
261 err = PTR_ERR(dst);
262 goto failure;
263 }
264
265 if (saddr == NULL) {
266 saddr = &fl6.saddr;
267 ipv6_addr_copy(&np->rcv_saddr, saddr);
268 }
269
270 /* set the source address */
271 ipv6_addr_copy(&np->saddr, saddr);
272 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
273
274 sk->sk_gso_type = SKB_GSO_TCPV6;
275 __ip6_dst_store(sk, dst, NULL, NULL);
276
277 rt = (struct rt6_info *) dst;
278 if (tcp_death_row.sysctl_tw_recycle &&
279 !tp->rx_opt.ts_recent_stamp &&
280 ipv6_addr_equal(&rt->rt6i_dst.addr, &np->daddr)) {
281 struct inet_peer *peer = rt6_get_peer(rt);
282 /*
283 * VJ's idea. We save last timestamp seen from
284 * the destination in peer table, when entering state
285 * TIME-WAIT * and initialize rx_opt.ts_recent from it,
286 * when trying new connection.
287 */
288 if (peer) {
289 inet_peer_refcheck(peer);
290 if ((u32)get_seconds() - peer->tcp_ts_stamp <= TCP_PAWS_MSL) {
291 tp->rx_opt.ts_recent_stamp = peer->tcp_ts_stamp;
292 tp->rx_opt.ts_recent = peer->tcp_ts;
293 }
294 }
295 }
296
297 icsk->icsk_ext_hdr_len = 0;
298 if (np->opt)
299 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
300 np->opt->opt_nflen);
301
302 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
303
304 inet->inet_dport = usin->sin6_port;
305
306 tcp_set_state(sk, TCP_SYN_SENT);
307 err = inet6_hash_connect(&tcp_death_row, sk);
308 if (err)
309 goto late_failure;
310
311 if (!tp->write_seq)
312 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
313 np->daddr.s6_addr32,
314 inet->inet_sport,
315 inet->inet_dport);
316
317 err = tcp_connect(sk);
318 if (err)
319 goto late_failure;
320
321 return 0;
322
323 late_failure:
324 tcp_set_state(sk, TCP_CLOSE);
325 __sk_dst_reset(sk);
326 failure:
327 inet->inet_dport = 0;
328 sk->sk_route_caps = 0;
329 return err;
330 }
331
332 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
333 u8 type, u8 code, int offset, __be32 info)
334 {
335 const struct ipv6hdr *hdr = (const struct ipv6hdr*)skb->data;
336 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
337 struct ipv6_pinfo *np;
338 struct sock *sk;
339 int err;
340 struct tcp_sock *tp;
341 __u32 seq;
342 struct net *net = dev_net(skb->dev);
343
344 sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr,
345 th->dest, &hdr->saddr, th->source, skb->dev->ifindex);
346
347 if (sk == NULL) {
348 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev),
349 ICMP6_MIB_INERRORS);
350 return;
351 }
352
353 if (sk->sk_state == TCP_TIME_WAIT) {
354 inet_twsk_put(inet_twsk(sk));
355 return;
356 }
357
358 bh_lock_sock(sk);
359 if (sock_owned_by_user(sk))
360 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
361
362 if (sk->sk_state == TCP_CLOSE)
363 goto out;
364
365 if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) {
366 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
367 goto out;
368 }
369
370 tp = tcp_sk(sk);
371 seq = ntohl(th->seq);
372 if (sk->sk_state != TCP_LISTEN &&
373 !between(seq, tp->snd_una, tp->snd_nxt)) {
374 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
375 goto out;
376 }
377
378 np = inet6_sk(sk);
379
380 if (type == ICMPV6_PKT_TOOBIG) {
381 struct dst_entry *dst;
382
383 if (sock_owned_by_user(sk))
384 goto out;
385 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
386 goto out;
387
388 /* icmp should have updated the destination cache entry */
389 dst = __sk_dst_check(sk, np->dst_cookie);
390
391 if (dst == NULL) {
392 struct inet_sock *inet = inet_sk(sk);
393 struct flowi6 fl6;
394
395 /* BUGGG_FUTURE: Again, it is not clear how
396 to handle rthdr case. Ignore this complexity
397 for now.
398 */
399 memset(&fl6, 0, sizeof(fl6));
400 fl6.flowi6_proto = IPPROTO_TCP;
401 ipv6_addr_copy(&fl6.daddr, &np->daddr);
402 ipv6_addr_copy(&fl6.saddr, &np->saddr);
403 fl6.flowi6_oif = sk->sk_bound_dev_if;
404 fl6.flowi6_mark = sk->sk_mark;
405 fl6.fl6_dport = inet->inet_dport;
406 fl6.fl6_sport = inet->inet_sport;
407 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
408
409 dst = ip6_dst_lookup_flow(sk, &fl6, NULL, false);
410 if (IS_ERR(dst)) {
411 sk->sk_err_soft = -PTR_ERR(dst);
412 goto out;
413 }
414
415 } else
416 dst_hold(dst);
417
418 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
419 tcp_sync_mss(sk, dst_mtu(dst));
420 tcp_simple_retransmit(sk);
421 } /* else let the usual retransmit timer handle it */
422 dst_release(dst);
423 goto out;
424 }
425
426 icmpv6_err_convert(type, code, &err);
427
428 /* Might be for an request_sock */
429 switch (sk->sk_state) {
430 struct request_sock *req, **prev;
431 case TCP_LISTEN:
432 if (sock_owned_by_user(sk))
433 goto out;
434
435 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
436 &hdr->saddr, inet6_iif(skb));
437 if (!req)
438 goto out;
439
440 /* ICMPs are not backlogged, hence we cannot get
441 * an established socket here.
442 */
443 WARN_ON(req->sk != NULL);
444
445 if (seq != tcp_rsk(req)->snt_isn) {
446 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
447 goto out;
448 }
449
450 inet_csk_reqsk_queue_drop(sk, req, prev);
451 goto out;
452
453 case TCP_SYN_SENT:
454 case TCP_SYN_RECV: /* Cannot happen.
455 It can, it SYNs are crossed. --ANK */
456 if (!sock_owned_by_user(sk)) {
457 sk->sk_err = err;
458 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
459
460 tcp_done(sk);
461 } else
462 sk->sk_err_soft = err;
463 goto out;
464 }
465
466 if (!sock_owned_by_user(sk) && np->recverr) {
467 sk->sk_err = err;
468 sk->sk_error_report(sk);
469 } else
470 sk->sk_err_soft = err;
471
472 out:
473 bh_unlock_sock(sk);
474 sock_put(sk);
475 }
476
477
478 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
479 struct request_values *rvp)
480 {
481 struct inet6_request_sock *treq = inet6_rsk(req);
482 struct ipv6_pinfo *np = inet6_sk(sk);
483 struct sk_buff * skb;
484 struct ipv6_txoptions *opt = NULL;
485 struct in6_addr * final_p, final;
486 struct flowi6 fl6;
487 struct dst_entry *dst;
488 int err;
489
490 memset(&fl6, 0, sizeof(fl6));
491 fl6.flowi6_proto = IPPROTO_TCP;
492 ipv6_addr_copy(&fl6.daddr, &treq->rmt_addr);
493 ipv6_addr_copy(&fl6.saddr, &treq->loc_addr);
494 fl6.flowlabel = 0;
495 fl6.flowi6_oif = treq->iif;
496 fl6.flowi6_mark = sk->sk_mark;
497 fl6.fl6_dport = inet_rsk(req)->rmt_port;
498 fl6.fl6_sport = inet_rsk(req)->loc_port;
499 security_req_classify_flow(req, flowi6_to_flowi(&fl6));
500
501 opt = np->opt;
502 final_p = fl6_update_dst(&fl6, opt, &final);
503
504 dst = ip6_dst_lookup_flow(sk, &fl6, final_p, false);
505 if (IS_ERR(dst)) {
506 err = PTR_ERR(dst);
507 dst = NULL;
508 goto done;
509 }
510 skb = tcp_make_synack(sk, dst, req, rvp);
511 err = -ENOMEM;
512 if (skb) {
513 __tcp_v6_send_check(skb, &treq->loc_addr, &treq->rmt_addr);
514
515 ipv6_addr_copy(&fl6.daddr, &treq->rmt_addr);
516 err = ip6_xmit(sk, skb, &fl6, opt);
517 err = net_xmit_eval(err);
518 }
519
520 done:
521 if (opt && opt != np->opt)
522 sock_kfree_s(sk, opt, opt->tot_len);
523 dst_release(dst);
524 return err;
525 }
526
527 static int tcp_v6_rtx_synack(struct sock *sk, struct request_sock *req,
528 struct request_values *rvp)
529 {
530 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_RETRANSSEGS);
531 return tcp_v6_send_synack(sk, req, rvp);
532 }
533
534 static inline void syn_flood_warning(struct sk_buff *skb)
535 {
536 #ifdef CONFIG_SYN_COOKIES
537 if (sysctl_tcp_syncookies)
538 printk(KERN_INFO
539 "TCPv6: Possible SYN flooding on port %d. "
540 "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest));
541 else
542 #endif
543 printk(KERN_INFO
544 "TCPv6: Possible SYN flooding on port %d. "
545 "Dropping request.\n", ntohs(tcp_hdr(skb)->dest));
546 }
547
548 static void tcp_v6_reqsk_destructor(struct request_sock *req)
549 {
550 kfree_skb(inet6_rsk(req)->pktopts);
551 }
552
553 #ifdef CONFIG_TCP_MD5SIG
554 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
555 const struct in6_addr *addr)
556 {
557 struct tcp_sock *tp = tcp_sk(sk);
558 int i;
559
560 BUG_ON(tp == NULL);
561
562 if (!tp->md5sig_info || !tp->md5sig_info->entries6)
563 return NULL;
564
565 for (i = 0; i < tp->md5sig_info->entries6; i++) {
566 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr))
567 return &tp->md5sig_info->keys6[i].base;
568 }
569 return NULL;
570 }
571
572 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
573 struct sock *addr_sk)
574 {
575 return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
576 }
577
578 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
579 struct request_sock *req)
580 {
581 return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
582 }
583
584 static int tcp_v6_md5_do_add(struct sock *sk, const struct in6_addr *peer,
585 char *newkey, u8 newkeylen)
586 {
587 /* Add key to the list */
588 struct tcp_md5sig_key *key;
589 struct tcp_sock *tp = tcp_sk(sk);
590 struct tcp6_md5sig_key *keys;
591
592 key = tcp_v6_md5_do_lookup(sk, peer);
593 if (key) {
594 /* modify existing entry - just update that one */
595 kfree(key->key);
596 key->key = newkey;
597 key->keylen = newkeylen;
598 } else {
599 /* reallocate new list if current one is full. */
600 if (!tp->md5sig_info) {
601 tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC);
602 if (!tp->md5sig_info) {
603 kfree(newkey);
604 return -ENOMEM;
605 }
606 sk_nocaps_add(sk, NETIF_F_GSO_MASK);
607 }
608 if (tp->md5sig_info->entries6 == 0 &&
609 tcp_alloc_md5sig_pool(sk) == NULL) {
610 kfree(newkey);
611 return -ENOMEM;
612 }
613 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) {
614 keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) *
615 (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
616
617 if (!keys) {
618 kfree(newkey);
619 if (tp->md5sig_info->entries6 == 0)
620 tcp_free_md5sig_pool();
621 return -ENOMEM;
622 }
623
624 if (tp->md5sig_info->entries6)
625 memmove(keys, tp->md5sig_info->keys6,
626 (sizeof (tp->md5sig_info->keys6[0]) *
627 tp->md5sig_info->entries6));
628
629 kfree(tp->md5sig_info->keys6);
630 tp->md5sig_info->keys6 = keys;
631 tp->md5sig_info->alloced6++;
632 }
633
634 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
635 peer);
636 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey;
637 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen;
638
639 tp->md5sig_info->entries6++;
640 }
641 return 0;
642 }
643
644 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk,
645 u8 *newkey, __u8 newkeylen)
646 {
647 return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr,
648 newkey, newkeylen);
649 }
650
651 static int tcp_v6_md5_do_del(struct sock *sk, const struct in6_addr *peer)
652 {
653 struct tcp_sock *tp = tcp_sk(sk);
654 int i;
655
656 for (i = 0; i < tp->md5sig_info->entries6; i++) {
657 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) {
658 /* Free the key */
659 kfree(tp->md5sig_info->keys6[i].base.key);
660 tp->md5sig_info->entries6--;
661
662 if (tp->md5sig_info->entries6 == 0) {
663 kfree(tp->md5sig_info->keys6);
664 tp->md5sig_info->keys6 = NULL;
665 tp->md5sig_info->alloced6 = 0;
666 tcp_free_md5sig_pool();
667 } else {
668 /* shrink the database */
669 if (tp->md5sig_info->entries6 != i)
670 memmove(&tp->md5sig_info->keys6[i],
671 &tp->md5sig_info->keys6[i+1],
672 (tp->md5sig_info->entries6 - i)
673 * sizeof (tp->md5sig_info->keys6[0]));
674 }
675 return 0;
676 }
677 }
678 return -ENOENT;
679 }
680
681 static void tcp_v6_clear_md5_list (struct sock *sk)
682 {
683 struct tcp_sock *tp = tcp_sk(sk);
684 int i;
685
686 if (tp->md5sig_info->entries6) {
687 for (i = 0; i < tp->md5sig_info->entries6; i++)
688 kfree(tp->md5sig_info->keys6[i].base.key);
689 tp->md5sig_info->entries6 = 0;
690 tcp_free_md5sig_pool();
691 }
692
693 kfree(tp->md5sig_info->keys6);
694 tp->md5sig_info->keys6 = NULL;
695 tp->md5sig_info->alloced6 = 0;
696
697 if (tp->md5sig_info->entries4) {
698 for (i = 0; i < tp->md5sig_info->entries4; i++)
699 kfree(tp->md5sig_info->keys4[i].base.key);
700 tp->md5sig_info->entries4 = 0;
701 tcp_free_md5sig_pool();
702 }
703
704 kfree(tp->md5sig_info->keys4);
705 tp->md5sig_info->keys4 = NULL;
706 tp->md5sig_info->alloced4 = 0;
707 }
708
709 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
710 int optlen)
711 {
712 struct tcp_md5sig cmd;
713 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
714 u8 *newkey;
715
716 if (optlen < sizeof(cmd))
717 return -EINVAL;
718
719 if (copy_from_user(&cmd, optval, sizeof(cmd)))
720 return -EFAULT;
721
722 if (sin6->sin6_family != AF_INET6)
723 return -EINVAL;
724
725 if (!cmd.tcpm_keylen) {
726 if (!tcp_sk(sk)->md5sig_info)
727 return -ENOENT;
728 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
729 return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
730 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr);
731 }
732
733 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
734 return -EINVAL;
735
736 if (!tcp_sk(sk)->md5sig_info) {
737 struct tcp_sock *tp = tcp_sk(sk);
738 struct tcp_md5sig_info *p;
739
740 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL);
741 if (!p)
742 return -ENOMEM;
743
744 tp->md5sig_info = p;
745 sk_nocaps_add(sk, NETIF_F_GSO_MASK);
746 }
747
748 newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
749 if (!newkey)
750 return -ENOMEM;
751 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) {
752 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3],
753 newkey, cmd.tcpm_keylen);
754 }
755 return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
756 }
757
758 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
759 const struct in6_addr *daddr,
760 const struct in6_addr *saddr, int nbytes)
761 {
762 struct tcp6_pseudohdr *bp;
763 struct scatterlist sg;
764
765 bp = &hp->md5_blk.ip6;
766 /* 1. TCP pseudo-header (RFC2460) */
767 ipv6_addr_copy(&bp->saddr, saddr);
768 ipv6_addr_copy(&bp->daddr, daddr);
769 bp->protocol = cpu_to_be32(IPPROTO_TCP);
770 bp->len = cpu_to_be32(nbytes);
771
772 sg_init_one(&sg, bp, sizeof(*bp));
773 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
774 }
775
776 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
777 const struct in6_addr *daddr, struct in6_addr *saddr,
778 struct tcphdr *th)
779 {
780 struct tcp_md5sig_pool *hp;
781 struct hash_desc *desc;
782
783 hp = tcp_get_md5sig_pool();
784 if (!hp)
785 goto clear_hash_noput;
786 desc = &hp->md5_desc;
787
788 if (crypto_hash_init(desc))
789 goto clear_hash;
790 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
791 goto clear_hash;
792 if (tcp_md5_hash_header(hp, th))
793 goto clear_hash;
794 if (tcp_md5_hash_key(hp, key))
795 goto clear_hash;
796 if (crypto_hash_final(desc, md5_hash))
797 goto clear_hash;
798
799 tcp_put_md5sig_pool();
800 return 0;
801
802 clear_hash:
803 tcp_put_md5sig_pool();
804 clear_hash_noput:
805 memset(md5_hash, 0, 16);
806 return 1;
807 }
808
809 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
810 struct sock *sk, struct request_sock *req,
811 struct sk_buff *skb)
812 {
813 const struct in6_addr *saddr, *daddr;
814 struct tcp_md5sig_pool *hp;
815 struct hash_desc *desc;
816 struct tcphdr *th = tcp_hdr(skb);
817
818 if (sk) {
819 saddr = &inet6_sk(sk)->saddr;
820 daddr = &inet6_sk(sk)->daddr;
821 } else if (req) {
822 saddr = &inet6_rsk(req)->loc_addr;
823 daddr = &inet6_rsk(req)->rmt_addr;
824 } else {
825 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
826 saddr = &ip6h->saddr;
827 daddr = &ip6h->daddr;
828 }
829
830 hp = tcp_get_md5sig_pool();
831 if (!hp)
832 goto clear_hash_noput;
833 desc = &hp->md5_desc;
834
835 if (crypto_hash_init(desc))
836 goto clear_hash;
837
838 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
839 goto clear_hash;
840 if (tcp_md5_hash_header(hp, th))
841 goto clear_hash;
842 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
843 goto clear_hash;
844 if (tcp_md5_hash_key(hp, key))
845 goto clear_hash;
846 if (crypto_hash_final(desc, md5_hash))
847 goto clear_hash;
848
849 tcp_put_md5sig_pool();
850 return 0;
851
852 clear_hash:
853 tcp_put_md5sig_pool();
854 clear_hash_noput:
855 memset(md5_hash, 0, 16);
856 return 1;
857 }
858
859 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
860 {
861 __u8 *hash_location = NULL;
862 struct tcp_md5sig_key *hash_expected;
863 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
864 struct tcphdr *th = tcp_hdr(skb);
865 int genhash;
866 u8 newhash[16];
867
868 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
869 hash_location = tcp_parse_md5sig_option(th);
870
871 /* We've parsed the options - do we have a hash? */
872 if (!hash_expected && !hash_location)
873 return 0;
874
875 if (hash_expected && !hash_location) {
876 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
877 return 1;
878 }
879
880 if (!hash_expected && hash_location) {
881 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
882 return 1;
883 }
884
885 /* check the signature */
886 genhash = tcp_v6_md5_hash_skb(newhash,
887 hash_expected,
888 NULL, NULL, skb);
889
890 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
891 if (net_ratelimit()) {
892 printk(KERN_INFO "MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
893 genhash ? "failed" : "mismatch",
894 &ip6h->saddr, ntohs(th->source),
895 &ip6h->daddr, ntohs(th->dest));
896 }
897 return 1;
898 }
899 return 0;
900 }
901 #endif
902
903 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
904 .family = AF_INET6,
905 .obj_size = sizeof(struct tcp6_request_sock),
906 .rtx_syn_ack = tcp_v6_rtx_synack,
907 .send_ack = tcp_v6_reqsk_send_ack,
908 .destructor = tcp_v6_reqsk_destructor,
909 .send_reset = tcp_v6_send_reset,
910 .syn_ack_timeout = tcp_syn_ack_timeout,
911 };
912
913 #ifdef CONFIG_TCP_MD5SIG
914 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
915 .md5_lookup = tcp_v6_reqsk_md5_lookup,
916 .calc_md5_hash = tcp_v6_md5_hash_skb,
917 };
918 #endif
919
920 static void __tcp_v6_send_check(struct sk_buff *skb,
921 const struct in6_addr *saddr, const struct in6_addr *daddr)
922 {
923 struct tcphdr *th = tcp_hdr(skb);
924
925 if (skb->ip_summed == CHECKSUM_PARTIAL) {
926 th->check = ~tcp_v6_check(skb->len, saddr, daddr, 0);
927 skb->csum_start = skb_transport_header(skb) - skb->head;
928 skb->csum_offset = offsetof(struct tcphdr, check);
929 } else {
930 th->check = tcp_v6_check(skb->len, saddr, daddr,
931 csum_partial(th, th->doff << 2,
932 skb->csum));
933 }
934 }
935
936 static void tcp_v6_send_check(struct sock *sk, struct sk_buff *skb)
937 {
938 struct ipv6_pinfo *np = inet6_sk(sk);
939
940 __tcp_v6_send_check(skb, &np->saddr, &np->daddr);
941 }
942
943 static int tcp_v6_gso_send_check(struct sk_buff *skb)
944 {
945 const struct ipv6hdr *ipv6h;
946 struct tcphdr *th;
947
948 if (!pskb_may_pull(skb, sizeof(*th)))
949 return -EINVAL;
950
951 ipv6h = ipv6_hdr(skb);
952 th = tcp_hdr(skb);
953
954 th->check = 0;
955 skb->ip_summed = CHECKSUM_PARTIAL;
956 __tcp_v6_send_check(skb, &ipv6h->saddr, &ipv6h->daddr);
957 return 0;
958 }
959
960 static struct sk_buff **tcp6_gro_receive(struct sk_buff **head,
961 struct sk_buff *skb)
962 {
963 const struct ipv6hdr *iph = skb_gro_network_header(skb);
964
965 switch (skb->ip_summed) {
966 case CHECKSUM_COMPLETE:
967 if (!tcp_v6_check(skb_gro_len(skb), &iph->saddr, &iph->daddr,
968 skb->csum)) {
969 skb->ip_summed = CHECKSUM_UNNECESSARY;
970 break;
971 }
972
973 /* fall through */
974 case CHECKSUM_NONE:
975 NAPI_GRO_CB(skb)->flush = 1;
976 return NULL;
977 }
978
979 return tcp_gro_receive(head, skb);
980 }
981
982 static int tcp6_gro_complete(struct sk_buff *skb)
983 {
984 const struct ipv6hdr *iph = ipv6_hdr(skb);
985 struct tcphdr *th = tcp_hdr(skb);
986
987 th->check = ~tcp_v6_check(skb->len - skb_transport_offset(skb),
988 &iph->saddr, &iph->daddr, 0);
989 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6;
990
991 return tcp_gro_complete(skb);
992 }
993
994 static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
995 u32 ts, struct tcp_md5sig_key *key, int rst)
996 {
997 struct tcphdr *th = tcp_hdr(skb), *t1;
998 struct sk_buff *buff;
999 struct flowi6 fl6;
1000 struct net *net = dev_net(skb_dst(skb)->dev);
1001 struct sock *ctl_sk = net->ipv6.tcp_sk;
1002 unsigned int tot_len = sizeof(struct tcphdr);
1003 struct dst_entry *dst;
1004 __be32 *topt;
1005
1006 if (ts)
1007 tot_len += TCPOLEN_TSTAMP_ALIGNED;
1008 #ifdef CONFIG_TCP_MD5SIG
1009 if (key)
1010 tot_len += TCPOLEN_MD5SIG_ALIGNED;
1011 #endif
1012
1013 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1014 GFP_ATOMIC);
1015 if (buff == NULL)
1016 return;
1017
1018 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1019
1020 t1 = (struct tcphdr *) skb_push(buff, tot_len);
1021 skb_reset_transport_header(buff);
1022
1023 /* Swap the send and the receive. */
1024 memset(t1, 0, sizeof(*t1));
1025 t1->dest = th->source;
1026 t1->source = th->dest;
1027 t1->doff = tot_len / 4;
1028 t1->seq = htonl(seq);
1029 t1->ack_seq = htonl(ack);
1030 t1->ack = !rst || !th->ack;
1031 t1->rst = rst;
1032 t1->window = htons(win);
1033
1034 topt = (__be32 *)(t1 + 1);
1035
1036 if (ts) {
1037 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1038 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
1039 *topt++ = htonl(tcp_time_stamp);
1040 *topt++ = htonl(ts);
1041 }
1042
1043 #ifdef CONFIG_TCP_MD5SIG
1044 if (key) {
1045 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1046 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1047 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
1048 &ipv6_hdr(skb)->saddr,
1049 &ipv6_hdr(skb)->daddr, t1);
1050 }
1051 #endif
1052
1053 memset(&fl6, 0, sizeof(fl6));
1054 ipv6_addr_copy(&fl6.daddr, &ipv6_hdr(skb)->saddr);
1055 ipv6_addr_copy(&fl6.saddr, &ipv6_hdr(skb)->daddr);
1056
1057 buff->ip_summed = CHECKSUM_PARTIAL;
1058 buff->csum = 0;
1059
1060 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
1061
1062 fl6.flowi6_proto = IPPROTO_TCP;
1063 fl6.flowi6_oif = inet6_iif(skb);
1064 fl6.fl6_dport = t1->dest;
1065 fl6.fl6_sport = t1->source;
1066 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
1067
1068 /* Pass a socket to ip6_dst_lookup either it is for RST
1069 * Underlying function will use this to retrieve the network
1070 * namespace
1071 */
1072 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL, false);
1073 if (!IS_ERR(dst)) {
1074 skb_dst_set(buff, dst);
1075 ip6_xmit(ctl_sk, buff, &fl6, NULL);
1076 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
1077 if (rst)
1078 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
1079 return;
1080 }
1081
1082 kfree_skb(buff);
1083 }
1084
1085 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
1086 {
1087 struct tcphdr *th = tcp_hdr(skb);
1088 u32 seq = 0, ack_seq = 0;
1089 struct tcp_md5sig_key *key = NULL;
1090
1091 if (th->rst)
1092 return;
1093
1094 if (!ipv6_unicast_destination(skb))
1095 return;
1096
1097 #ifdef CONFIG_TCP_MD5SIG
1098 if (sk)
1099 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr);
1100 #endif
1101
1102 if (th->ack)
1103 seq = ntohl(th->ack_seq);
1104 else
1105 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
1106 (th->doff << 2);
1107
1108 tcp_v6_send_response(skb, seq, ack_seq, 0, 0, key, 1);
1109 }
1110
1111 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts,
1112 struct tcp_md5sig_key *key)
1113 {
1114 tcp_v6_send_response(skb, seq, ack, win, ts, key, 0);
1115 }
1116
1117 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1118 {
1119 struct inet_timewait_sock *tw = inet_twsk(sk);
1120 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1121
1122 tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1123 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1124 tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw));
1125
1126 inet_twsk_put(tw);
1127 }
1128
1129 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
1130 struct request_sock *req)
1131 {
1132 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent,
1133 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr));
1134 }
1135
1136
1137 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1138 {
1139 struct request_sock *req, **prev;
1140 const struct tcphdr *th = tcp_hdr(skb);
1141 struct sock *nsk;
1142
1143 /* Find possible connection requests. */
1144 req = inet6_csk_search_req(sk, &prev, th->source,
1145 &ipv6_hdr(skb)->saddr,
1146 &ipv6_hdr(skb)->daddr, inet6_iif(skb));
1147 if (req)
1148 return tcp_check_req(sk, skb, req, prev);
1149
1150 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
1151 &ipv6_hdr(skb)->saddr, th->source,
1152 &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb));
1153
1154 if (nsk) {
1155 if (nsk->sk_state != TCP_TIME_WAIT) {
1156 bh_lock_sock(nsk);
1157 return nsk;
1158 }
1159 inet_twsk_put(inet_twsk(nsk));
1160 return NULL;
1161 }
1162
1163 #ifdef CONFIG_SYN_COOKIES
1164 if (!th->syn)
1165 sk = cookie_v6_check(sk, skb);
1166 #endif
1167 return sk;
1168 }
1169
1170 /* FIXME: this is substantially similar to the ipv4 code.
1171 * Can some kind of merge be done? -- erics
1172 */
1173 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1174 {
1175 struct tcp_extend_values tmp_ext;
1176 struct tcp_options_received tmp_opt;
1177 u8 *hash_location;
1178 struct request_sock *req;
1179 struct inet6_request_sock *treq;
1180 struct ipv6_pinfo *np = inet6_sk(sk);
1181 struct tcp_sock *tp = tcp_sk(sk);
1182 __u32 isn = TCP_SKB_CB(skb)->when;
1183 struct dst_entry *dst = NULL;
1184 #ifdef CONFIG_SYN_COOKIES
1185 int want_cookie = 0;
1186 #else
1187 #define want_cookie 0
1188 #endif
1189
1190 if (skb->protocol == htons(ETH_P_IP))
1191 return tcp_v4_conn_request(sk, skb);
1192
1193 if (!ipv6_unicast_destination(skb))
1194 goto drop;
1195
1196 if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1197 if (net_ratelimit())
1198 syn_flood_warning(skb);
1199 #ifdef CONFIG_SYN_COOKIES
1200 if (sysctl_tcp_syncookies)
1201 want_cookie = 1;
1202 else
1203 #endif
1204 goto drop;
1205 }
1206
1207 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1208 goto drop;
1209
1210 req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
1211 if (req == NULL)
1212 goto drop;
1213
1214 #ifdef CONFIG_TCP_MD5SIG
1215 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
1216 #endif
1217
1218 tcp_clear_options(&tmp_opt);
1219 tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1220 tmp_opt.user_mss = tp->rx_opt.user_mss;
1221 tcp_parse_options(skb, &tmp_opt, &hash_location, 0);
1222
1223 if (tmp_opt.cookie_plus > 0 &&
1224 tmp_opt.saw_tstamp &&
1225 !tp->rx_opt.cookie_out_never &&
1226 (sysctl_tcp_cookie_size > 0 ||
1227 (tp->cookie_values != NULL &&
1228 tp->cookie_values->cookie_desired > 0))) {
1229 u8 *c;
1230 u32 *d;
1231 u32 *mess = &tmp_ext.cookie_bakery[COOKIE_DIGEST_WORDS];
1232 int l = tmp_opt.cookie_plus - TCPOLEN_COOKIE_BASE;
1233
1234 if (tcp_cookie_generator(&tmp_ext.cookie_bakery[0]) != 0)
1235 goto drop_and_free;
1236
1237 /* Secret recipe starts with IP addresses */
1238 d = (__force u32 *)&ipv6_hdr(skb)->daddr.s6_addr32[0];
1239 *mess++ ^= *d++;
1240 *mess++ ^= *d++;
1241 *mess++ ^= *d++;
1242 *mess++ ^= *d++;
1243 d = (__force u32 *)&ipv6_hdr(skb)->saddr.s6_addr32[0];
1244 *mess++ ^= *d++;
1245 *mess++ ^= *d++;
1246 *mess++ ^= *d++;
1247 *mess++ ^= *d++;
1248
1249 /* plus variable length Initiator Cookie */
1250 c = (u8 *)mess;
1251 while (l-- > 0)
1252 *c++ ^= *hash_location++;
1253
1254 #ifdef CONFIG_SYN_COOKIES
1255 want_cookie = 0; /* not our kind of cookie */
1256 #endif
1257 tmp_ext.cookie_out_never = 0; /* false */
1258 tmp_ext.cookie_plus = tmp_opt.cookie_plus;
1259 } else if (!tp->rx_opt.cookie_in_always) {
1260 /* redundant indications, but ensure initialization. */
1261 tmp_ext.cookie_out_never = 1; /* true */
1262 tmp_ext.cookie_plus = 0;
1263 } else {
1264 goto drop_and_free;
1265 }
1266 tmp_ext.cookie_in_always = tp->rx_opt.cookie_in_always;
1267
1268 if (want_cookie && !tmp_opt.saw_tstamp)
1269 tcp_clear_options(&tmp_opt);
1270
1271 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1272 tcp_openreq_init(req, &tmp_opt, skb);
1273
1274 treq = inet6_rsk(req);
1275 ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr);
1276 ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr);
1277 if (!want_cookie || tmp_opt.tstamp_ok)
1278 TCP_ECN_create_request(req, tcp_hdr(skb));
1279
1280 if (!isn) {
1281 struct inet_peer *peer = NULL;
1282
1283 if (ipv6_opt_accepted(sk, skb) ||
1284 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1285 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1286 atomic_inc(&skb->users);
1287 treq->pktopts = skb;
1288 }
1289 treq->iif = sk->sk_bound_dev_if;
1290
1291 /* So that link locals have meaning */
1292 if (!sk->sk_bound_dev_if &&
1293 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1294 treq->iif = inet6_iif(skb);
1295
1296 if (want_cookie) {
1297 isn = cookie_v6_init_sequence(sk, skb, &req->mss);
1298 req->cookie_ts = tmp_opt.tstamp_ok;
1299 goto have_isn;
1300 }
1301
1302 /* VJ's idea. We save last timestamp seen
1303 * from the destination in peer table, when entering
1304 * state TIME-WAIT, and check against it before
1305 * accepting new connection request.
1306 *
1307 * If "isn" is not zero, this request hit alive
1308 * timewait bucket, so that all the necessary checks
1309 * are made in the function processing timewait state.
1310 */
1311 if (tmp_opt.saw_tstamp &&
1312 tcp_death_row.sysctl_tw_recycle &&
1313 (dst = inet6_csk_route_req(sk, req)) != NULL &&
1314 (peer = rt6_get_peer((struct rt6_info *)dst)) != NULL &&
1315 ipv6_addr_equal((struct in6_addr *)peer->daddr.addr.a6,
1316 &treq->rmt_addr)) {
1317 inet_peer_refcheck(peer);
1318 if ((u32)get_seconds() - peer->tcp_ts_stamp < TCP_PAWS_MSL &&
1319 (s32)(peer->tcp_ts - req->ts_recent) >
1320 TCP_PAWS_WINDOW) {
1321 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSPASSIVEREJECTED);
1322 goto drop_and_release;
1323 }
1324 }
1325 /* Kill the following clause, if you dislike this way. */
1326 else if (!sysctl_tcp_syncookies &&
1327 (sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) <
1328 (sysctl_max_syn_backlog >> 2)) &&
1329 (!peer || !peer->tcp_ts_stamp) &&
1330 (!dst || !dst_metric(dst, RTAX_RTT))) {
1331 /* Without syncookies last quarter of
1332 * backlog is filled with destinations,
1333 * proven to be alive.
1334 * It means that we continue to communicate
1335 * to destinations, already remembered
1336 * to the moment of synflood.
1337 */
1338 LIMIT_NETDEBUG(KERN_DEBUG "TCP: drop open request from %pI6/%u\n",
1339 &treq->rmt_addr, ntohs(tcp_hdr(skb)->source));
1340 goto drop_and_release;
1341 }
1342
1343 isn = tcp_v6_init_sequence(skb);
1344 }
1345 have_isn:
1346 tcp_rsk(req)->snt_isn = isn;
1347
1348 security_inet_conn_request(sk, skb, req);
1349
1350 if (tcp_v6_send_synack(sk, req,
1351 (struct request_values *)&tmp_ext) ||
1352 want_cookie)
1353 goto drop_and_free;
1354
1355 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1356 return 0;
1357
1358 drop_and_release:
1359 dst_release(dst);
1360 drop_and_free:
1361 reqsk_free(req);
1362 drop:
1363 return 0; /* don't send reset */
1364 }
1365
1366 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1367 struct request_sock *req,
1368 struct dst_entry *dst)
1369 {
1370 struct inet6_request_sock *treq;
1371 struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1372 struct tcp6_sock *newtcp6sk;
1373 struct inet_sock *newinet;
1374 struct tcp_sock *newtp;
1375 struct sock *newsk;
1376 struct ipv6_txoptions *opt;
1377 #ifdef CONFIG_TCP_MD5SIG
1378 struct tcp_md5sig_key *key;
1379 #endif
1380
1381 if (skb->protocol == htons(ETH_P_IP)) {
1382 /*
1383 * v6 mapped
1384 */
1385
1386 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1387
1388 if (newsk == NULL)
1389 return NULL;
1390
1391 newtcp6sk = (struct tcp6_sock *)newsk;
1392 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1393
1394 newinet = inet_sk(newsk);
1395 newnp = inet6_sk(newsk);
1396 newtp = tcp_sk(newsk);
1397
1398 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1399
1400 ipv6_addr_set_v4mapped(newinet->inet_daddr, &newnp->daddr);
1401
1402 ipv6_addr_set_v4mapped(newinet->inet_saddr, &newnp->saddr);
1403
1404 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1405
1406 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1407 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1408 #ifdef CONFIG_TCP_MD5SIG
1409 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1410 #endif
1411
1412 newnp->ipv6_ac_list = NULL;
1413 newnp->ipv6_fl_list = NULL;
1414 newnp->pktoptions = NULL;
1415 newnp->opt = NULL;
1416 newnp->mcast_oif = inet6_iif(skb);
1417 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1418
1419 /*
1420 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1421 * here, tcp_create_openreq_child now does this for us, see the comment in
1422 * that function for the gory details. -acme
1423 */
1424
1425 /* It is tricky place. Until this moment IPv4 tcp
1426 worked with IPv6 icsk.icsk_af_ops.
1427 Sync it now.
1428 */
1429 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1430
1431 return newsk;
1432 }
1433
1434 treq = inet6_rsk(req);
1435 opt = np->opt;
1436
1437 if (sk_acceptq_is_full(sk))
1438 goto out_overflow;
1439
1440 if (!dst) {
1441 dst = inet6_csk_route_req(sk, req);
1442 if (!dst)
1443 goto out;
1444 }
1445
1446 newsk = tcp_create_openreq_child(sk, req, skb);
1447 if (newsk == NULL)
1448 goto out_nonewsk;
1449
1450 /*
1451 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1452 * count here, tcp_create_openreq_child now does this for us, see the
1453 * comment in that function for the gory details. -acme
1454 */
1455
1456 newsk->sk_gso_type = SKB_GSO_TCPV6;
1457 __ip6_dst_store(newsk, dst, NULL, NULL);
1458
1459 newtcp6sk = (struct tcp6_sock *)newsk;
1460 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1461
1462 newtp = tcp_sk(newsk);
1463 newinet = inet_sk(newsk);
1464 newnp = inet6_sk(newsk);
1465
1466 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1467
1468 ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1469 ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1470 ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1471 newsk->sk_bound_dev_if = treq->iif;
1472
1473 /* Now IPv6 options...
1474
1475 First: no IPv4 options.
1476 */
1477 newinet->inet_opt = NULL;
1478 newnp->ipv6_ac_list = NULL;
1479 newnp->ipv6_fl_list = NULL;
1480
1481 /* Clone RX bits */
1482 newnp->rxopt.all = np->rxopt.all;
1483
1484 /* Clone pktoptions received with SYN */
1485 newnp->pktoptions = NULL;
1486 if (treq->pktopts != NULL) {
1487 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1488 kfree_skb(treq->pktopts);
1489 treq->pktopts = NULL;
1490 if (newnp->pktoptions)
1491 skb_set_owner_r(newnp->pktoptions, newsk);
1492 }
1493 newnp->opt = NULL;
1494 newnp->mcast_oif = inet6_iif(skb);
1495 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1496
1497 /* Clone native IPv6 options from listening socket (if any)
1498
1499 Yes, keeping reference count would be much more clever,
1500 but we make one more one thing there: reattach optmem
1501 to newsk.
1502 */
1503 if (opt) {
1504 newnp->opt = ipv6_dup_options(newsk, opt);
1505 if (opt != np->opt)
1506 sock_kfree_s(sk, opt, opt->tot_len);
1507 }
1508
1509 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1510 if (newnp->opt)
1511 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1512 newnp->opt->opt_flen);
1513
1514 tcp_mtup_init(newsk);
1515 tcp_sync_mss(newsk, dst_mtu(dst));
1516 newtp->advmss = dst_metric_advmss(dst);
1517 tcp_initialize_rcv_mss(newsk);
1518
1519 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1520 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1521
1522 #ifdef CONFIG_TCP_MD5SIG
1523 /* Copy over the MD5 key from the original socket */
1524 if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
1525 /* We're using one, so create a matching key
1526 * on the newsk structure. If we fail to get
1527 * memory, then we end up not copying the key
1528 * across. Shucks.
1529 */
1530 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1531 if (newkey != NULL)
1532 tcp_v6_md5_do_add(newsk, &newnp->daddr,
1533 newkey, key->keylen);
1534 }
1535 #endif
1536
1537 if (__inet_inherit_port(sk, newsk) < 0) {
1538 sock_put(newsk);
1539 goto out;
1540 }
1541 __inet6_hash(newsk, NULL);
1542
1543 return newsk;
1544
1545 out_overflow:
1546 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1547 out_nonewsk:
1548 if (opt && opt != np->opt)
1549 sock_kfree_s(sk, opt, opt->tot_len);
1550 dst_release(dst);
1551 out:
1552 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1553 return NULL;
1554 }
1555
1556 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1557 {
1558 if (skb->ip_summed == CHECKSUM_COMPLETE) {
1559 if (!tcp_v6_check(skb->len, &ipv6_hdr(skb)->saddr,
1560 &ipv6_hdr(skb)->daddr, skb->csum)) {
1561 skb->ip_summed = CHECKSUM_UNNECESSARY;
1562 return 0;
1563 }
1564 }
1565
1566 skb->csum = ~csum_unfold(tcp_v6_check(skb->len,
1567 &ipv6_hdr(skb)->saddr,
1568 &ipv6_hdr(skb)->daddr, 0));
1569
1570 if (skb->len <= 76) {
1571 return __skb_checksum_complete(skb);
1572 }
1573 return 0;
1574 }
1575
1576 /* The socket must have it's spinlock held when we get
1577 * here.
1578 *
1579 * We have a potential double-lock case here, so even when
1580 * doing backlog processing we use the BH locking scheme.
1581 * This is because we cannot sleep with the original spinlock
1582 * held.
1583 */
1584 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1585 {
1586 struct ipv6_pinfo *np = inet6_sk(sk);
1587 struct tcp_sock *tp;
1588 struct sk_buff *opt_skb = NULL;
1589
1590 /* Imagine: socket is IPv6. IPv4 packet arrives,
1591 goes to IPv4 receive handler and backlogged.
1592 From backlog it always goes here. Kerboom...
1593 Fortunately, tcp_rcv_established and rcv_established
1594 handle them correctly, but it is not case with
1595 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1596 */
1597
1598 if (skb->protocol == htons(ETH_P_IP))
1599 return tcp_v4_do_rcv(sk, skb);
1600
1601 #ifdef CONFIG_TCP_MD5SIG
1602 if (tcp_v6_inbound_md5_hash (sk, skb))
1603 goto discard;
1604 #endif
1605
1606 if (sk_filter(sk, skb))
1607 goto discard;
1608
1609 /*
1610 * socket locking is here for SMP purposes as backlog rcv
1611 * is currently called with bh processing disabled.
1612 */
1613
1614 /* Do Stevens' IPV6_PKTOPTIONS.
1615
1616 Yes, guys, it is the only place in our code, where we
1617 may make it not affecting IPv4.
1618 The rest of code is protocol independent,
1619 and I do not like idea to uglify IPv4.
1620
1621 Actually, all the idea behind IPV6_PKTOPTIONS
1622 looks not very well thought. For now we latch
1623 options, received in the last packet, enqueued
1624 by tcp. Feel free to propose better solution.
1625 --ANK (980728)
1626 */
1627 if (np->rxopt.all)
1628 opt_skb = skb_clone(skb, GFP_ATOMIC);
1629
1630 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1631 sock_rps_save_rxhash(sk, skb->rxhash);
1632 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len))
1633 goto reset;
1634 if (opt_skb)
1635 goto ipv6_pktoptions;
1636 return 0;
1637 }
1638
1639 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1640 goto csum_err;
1641
1642 if (sk->sk_state == TCP_LISTEN) {
1643 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1644 if (!nsk)
1645 goto discard;
1646
1647 /*
1648 * Queue it on the new socket if the new socket is active,
1649 * otherwise we just shortcircuit this and continue with
1650 * the new socket..
1651 */
1652 if(nsk != sk) {
1653 sock_rps_save_rxhash(nsk, skb->rxhash);
1654 if (tcp_child_process(sk, nsk, skb))
1655 goto reset;
1656 if (opt_skb)
1657 __kfree_skb(opt_skb);
1658 return 0;
1659 }
1660 } else
1661 sock_rps_save_rxhash(sk, skb->rxhash);
1662
1663 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1664 goto reset;
1665 if (opt_skb)
1666 goto ipv6_pktoptions;
1667 return 0;
1668
1669 reset:
1670 tcp_v6_send_reset(sk, skb);
1671 discard:
1672 if (opt_skb)
1673 __kfree_skb(opt_skb);
1674 kfree_skb(skb);
1675 return 0;
1676 csum_err:
1677 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1678 goto discard;
1679
1680
1681 ipv6_pktoptions:
1682 /* Do you ask, what is it?
1683
1684 1. skb was enqueued by tcp.
1685 2. skb is added to tail of read queue, rather than out of order.
1686 3. socket is not in passive state.
1687 4. Finally, it really contains options, which user wants to receive.
1688 */
1689 tp = tcp_sk(sk);
1690 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1691 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1692 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1693 np->mcast_oif = inet6_iif(opt_skb);
1694 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1695 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1696 if (ipv6_opt_accepted(sk, opt_skb)) {
1697 skb_set_owner_r(opt_skb, sk);
1698 opt_skb = xchg(&np->pktoptions, opt_skb);
1699 } else {
1700 __kfree_skb(opt_skb);
1701 opt_skb = xchg(&np->pktoptions, NULL);
1702 }
1703 }
1704
1705 kfree_skb(opt_skb);
1706 return 0;
1707 }
1708
1709 static int tcp_v6_rcv(struct sk_buff *skb)
1710 {
1711 struct tcphdr *th;
1712 const struct ipv6hdr *hdr;
1713 struct sock *sk;
1714 int ret;
1715 struct net *net = dev_net(skb->dev);
1716
1717 if (skb->pkt_type != PACKET_HOST)
1718 goto discard_it;
1719
1720 /*
1721 * Count it even if it's bad.
1722 */
1723 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1724
1725 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1726 goto discard_it;
1727
1728 th = tcp_hdr(skb);
1729
1730 if (th->doff < sizeof(struct tcphdr)/4)
1731 goto bad_packet;
1732 if (!pskb_may_pull(skb, th->doff*4))
1733 goto discard_it;
1734
1735 if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb))
1736 goto bad_packet;
1737
1738 th = tcp_hdr(skb);
1739 hdr = ipv6_hdr(skb);
1740 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1741 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1742 skb->len - th->doff*4);
1743 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1744 TCP_SKB_CB(skb)->when = 0;
1745 TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(hdr);
1746 TCP_SKB_CB(skb)->sacked = 0;
1747
1748 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
1749 if (!sk)
1750 goto no_tcp_socket;
1751
1752 process:
1753 if (sk->sk_state == TCP_TIME_WAIT)
1754 goto do_time_wait;
1755
1756 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
1757 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
1758 goto discard_and_relse;
1759 }
1760
1761 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1762 goto discard_and_relse;
1763
1764 if (sk_filter(sk, skb))
1765 goto discard_and_relse;
1766
1767 skb->dev = NULL;
1768
1769 bh_lock_sock_nested(sk);
1770 ret = 0;
1771 if (!sock_owned_by_user(sk)) {
1772 #ifdef CONFIG_NET_DMA
1773 struct tcp_sock *tp = tcp_sk(sk);
1774 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1775 tp->ucopy.dma_chan = dma_find_channel(DMA_MEMCPY);
1776 if (tp->ucopy.dma_chan)
1777 ret = tcp_v6_do_rcv(sk, skb);
1778 else
1779 #endif
1780 {
1781 if (!tcp_prequeue(sk, skb))
1782 ret = tcp_v6_do_rcv(sk, skb);
1783 }
1784 } else if (unlikely(sk_add_backlog(sk, skb))) {
1785 bh_unlock_sock(sk);
1786 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP);
1787 goto discard_and_relse;
1788 }
1789 bh_unlock_sock(sk);
1790
1791 sock_put(sk);
1792 return ret ? -1 : 0;
1793
1794 no_tcp_socket:
1795 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1796 goto discard_it;
1797
1798 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1799 bad_packet:
1800 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1801 } else {
1802 tcp_v6_send_reset(NULL, skb);
1803 }
1804
1805 discard_it:
1806
1807 /*
1808 * Discard frame
1809 */
1810
1811 kfree_skb(skb);
1812 return 0;
1813
1814 discard_and_relse:
1815 sock_put(sk);
1816 goto discard_it;
1817
1818 do_time_wait:
1819 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1820 inet_twsk_put(inet_twsk(sk));
1821 goto discard_it;
1822 }
1823
1824 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1825 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1826 inet_twsk_put(inet_twsk(sk));
1827 goto discard_it;
1828 }
1829
1830 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1831 case TCP_TW_SYN:
1832 {
1833 struct sock *sk2;
1834
1835 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1836 &ipv6_hdr(skb)->daddr,
1837 ntohs(th->dest), inet6_iif(skb));
1838 if (sk2 != NULL) {
1839 struct inet_timewait_sock *tw = inet_twsk(sk);
1840 inet_twsk_deschedule(tw, &tcp_death_row);
1841 inet_twsk_put(tw);
1842 sk = sk2;
1843 goto process;
1844 }
1845 /* Fall through to ACK */
1846 }
1847 case TCP_TW_ACK:
1848 tcp_v6_timewait_ack(sk, skb);
1849 break;
1850 case TCP_TW_RST:
1851 goto no_tcp_socket;
1852 case TCP_TW_SUCCESS:;
1853 }
1854 goto discard_it;
1855 }
1856
1857 static struct inet_peer *tcp_v6_get_peer(struct sock *sk, bool *release_it)
1858 {
1859 struct rt6_info *rt = (struct rt6_info *) __sk_dst_get(sk);
1860 struct ipv6_pinfo *np = inet6_sk(sk);
1861 struct inet_peer *peer;
1862
1863 if (!rt ||
1864 !ipv6_addr_equal(&np->daddr, &rt->rt6i_dst.addr)) {
1865 peer = inet_getpeer_v6(&np->daddr, 1);
1866 *release_it = true;
1867 } else {
1868 if (!rt->rt6i_peer)
1869 rt6_bind_peer(rt, 1);
1870 peer = rt->rt6i_peer;
1871 *release_it = false;
1872 }
1873
1874 return peer;
1875 }
1876
1877 static void *tcp_v6_tw_get_peer(struct sock *sk)
1878 {
1879 struct inet6_timewait_sock *tw6 = inet6_twsk(sk);
1880 struct inet_timewait_sock *tw = inet_twsk(sk);
1881
1882 if (tw->tw_family == AF_INET)
1883 return tcp_v4_tw_get_peer(sk);
1884
1885 return inet_getpeer_v6(&tw6->tw_v6_daddr, 1);
1886 }
1887
1888 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1889 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
1890 .twsk_unique = tcp_twsk_unique,
1891 .twsk_destructor= tcp_twsk_destructor,
1892 .twsk_getpeer = tcp_v6_tw_get_peer,
1893 };
1894
1895 static const struct inet_connection_sock_af_ops ipv6_specific = {
1896 .queue_xmit = inet6_csk_xmit,
1897 .send_check = tcp_v6_send_check,
1898 .rebuild_header = inet6_sk_rebuild_header,
1899 .conn_request = tcp_v6_conn_request,
1900 .syn_recv_sock = tcp_v6_syn_recv_sock,
1901 .get_peer = tcp_v6_get_peer,
1902 .net_header_len = sizeof(struct ipv6hdr),
1903 .setsockopt = ipv6_setsockopt,
1904 .getsockopt = ipv6_getsockopt,
1905 .addr2sockaddr = inet6_csk_addr2sockaddr,
1906 .sockaddr_len = sizeof(struct sockaddr_in6),
1907 .bind_conflict = inet6_csk_bind_conflict,
1908 #ifdef CONFIG_COMPAT
1909 .compat_setsockopt = compat_ipv6_setsockopt,
1910 .compat_getsockopt = compat_ipv6_getsockopt,
1911 #endif
1912 };
1913
1914 #ifdef CONFIG_TCP_MD5SIG
1915 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1916 .md5_lookup = tcp_v6_md5_lookup,
1917 .calc_md5_hash = tcp_v6_md5_hash_skb,
1918 .md5_add = tcp_v6_md5_add_func,
1919 .md5_parse = tcp_v6_parse_md5_keys,
1920 };
1921 #endif
1922
1923 /*
1924 * TCP over IPv4 via INET6 API
1925 */
1926
1927 static const struct inet_connection_sock_af_ops ipv6_mapped = {
1928 .queue_xmit = ip_queue_xmit,
1929 .send_check = tcp_v4_send_check,
1930 .rebuild_header = inet_sk_rebuild_header,
1931 .conn_request = tcp_v6_conn_request,
1932 .syn_recv_sock = tcp_v6_syn_recv_sock,
1933 .get_peer = tcp_v4_get_peer,
1934 .net_header_len = sizeof(struct iphdr),
1935 .setsockopt = ipv6_setsockopt,
1936 .getsockopt = ipv6_getsockopt,
1937 .addr2sockaddr = inet6_csk_addr2sockaddr,
1938 .sockaddr_len = sizeof(struct sockaddr_in6),
1939 .bind_conflict = inet6_csk_bind_conflict,
1940 #ifdef CONFIG_COMPAT
1941 .compat_setsockopt = compat_ipv6_setsockopt,
1942 .compat_getsockopt = compat_ipv6_getsockopt,
1943 #endif
1944 };
1945
1946 #ifdef CONFIG_TCP_MD5SIG
1947 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1948 .md5_lookup = tcp_v4_md5_lookup,
1949 .calc_md5_hash = tcp_v4_md5_hash_skb,
1950 .md5_add = tcp_v6_md5_add_func,
1951 .md5_parse = tcp_v6_parse_md5_keys,
1952 };
1953 #endif
1954
1955 /* NOTE: A lot of things set to zero explicitly by call to
1956 * sk_alloc() so need not be done here.
1957 */
1958 static int tcp_v6_init_sock(struct sock *sk)
1959 {
1960 struct inet_connection_sock *icsk = inet_csk(sk);
1961 struct tcp_sock *tp = tcp_sk(sk);
1962
1963 skb_queue_head_init(&tp->out_of_order_queue);
1964 tcp_init_xmit_timers(sk);
1965 tcp_prequeue_init(tp);
1966
1967 icsk->icsk_rto = TCP_TIMEOUT_INIT;
1968 tp->mdev = TCP_TIMEOUT_INIT;
1969
1970 /* So many TCP implementations out there (incorrectly) count the
1971 * initial SYN frame in their delayed-ACK and congestion control
1972 * algorithms that we must have the following bandaid to talk
1973 * efficiently to them. -DaveM
1974 */
1975 tp->snd_cwnd = 2;
1976
1977 /* See draft-stevens-tcpca-spec-01 for discussion of the
1978 * initialization of these values.
1979 */
1980 tp->snd_ssthresh = TCP_INFINITE_SSTHRESH;
1981 tp->snd_cwnd_clamp = ~0;
1982 tp->mss_cache = TCP_MSS_DEFAULT;
1983
1984 tp->reordering = sysctl_tcp_reordering;
1985
1986 sk->sk_state = TCP_CLOSE;
1987
1988 icsk->icsk_af_ops = &ipv6_specific;
1989 icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1990 icsk->icsk_sync_mss = tcp_sync_mss;
1991 sk->sk_write_space = sk_stream_write_space;
1992 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1993
1994 #ifdef CONFIG_TCP_MD5SIG
1995 tp->af_specific = &tcp_sock_ipv6_specific;
1996 #endif
1997
1998 /* TCP Cookie Transactions */
1999 if (sysctl_tcp_cookie_size > 0) {
2000 /* Default, cookies without s_data_payload. */
2001 tp->cookie_values =
2002 kzalloc(sizeof(*tp->cookie_values),
2003 sk->sk_allocation);
2004 if (tp->cookie_values != NULL)
2005 kref_init(&tp->cookie_values->kref);
2006 }
2007 /* Presumed zeroed, in order of appearance:
2008 * cookie_in_always, cookie_out_never,
2009 * s_data_constant, s_data_in, s_data_out
2010 */
2011 sk->sk_sndbuf = sysctl_tcp_wmem[1];
2012 sk->sk_rcvbuf = sysctl_tcp_rmem[1];
2013
2014 local_bh_disable();
2015 percpu_counter_inc(&tcp_sockets_allocated);
2016 local_bh_enable();
2017
2018 return 0;
2019 }
2020
2021 static void tcp_v6_destroy_sock(struct sock *sk)
2022 {
2023 #ifdef CONFIG_TCP_MD5SIG
2024 /* Clean up the MD5 key list */
2025 if (tcp_sk(sk)->md5sig_info)
2026 tcp_v6_clear_md5_list(sk);
2027 #endif
2028 tcp_v4_destroy_sock(sk);
2029 inet6_destroy_sock(sk);
2030 }
2031
2032 #ifdef CONFIG_PROC_FS
2033 /* Proc filesystem TCPv6 sock list dumping. */
2034 static void get_openreq6(struct seq_file *seq,
2035 struct sock *sk, struct request_sock *req, int i, int uid)
2036 {
2037 int ttd = req->expires - jiffies;
2038 const struct in6_addr *src = &inet6_rsk(req)->loc_addr;
2039 const struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
2040
2041 if (ttd < 0)
2042 ttd = 0;
2043
2044 seq_printf(seq,
2045 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2046 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
2047 i,
2048 src->s6_addr32[0], src->s6_addr32[1],
2049 src->s6_addr32[2], src->s6_addr32[3],
2050 ntohs(inet_rsk(req)->loc_port),
2051 dest->s6_addr32[0], dest->s6_addr32[1],
2052 dest->s6_addr32[2], dest->s6_addr32[3],
2053 ntohs(inet_rsk(req)->rmt_port),
2054 TCP_SYN_RECV,
2055 0,0, /* could print option size, but that is af dependent. */
2056 1, /* timers active (only the expire timer) */
2057 jiffies_to_clock_t(ttd),
2058 req->retrans,
2059 uid,
2060 0, /* non standard timer */
2061 0, /* open_requests have no inode */
2062 0, req);
2063 }
2064
2065 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
2066 {
2067 const struct in6_addr *dest, *src;
2068 __u16 destp, srcp;
2069 int timer_active;
2070 unsigned long timer_expires;
2071 struct inet_sock *inet = inet_sk(sp);
2072 struct tcp_sock *tp = tcp_sk(sp);
2073 const struct inet_connection_sock *icsk = inet_csk(sp);
2074 struct ipv6_pinfo *np = inet6_sk(sp);
2075
2076 dest = &np->daddr;
2077 src = &np->rcv_saddr;
2078 destp = ntohs(inet->inet_dport);
2079 srcp = ntohs(inet->inet_sport);
2080
2081 if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
2082 timer_active = 1;
2083 timer_expires = icsk->icsk_timeout;
2084 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2085 timer_active = 4;
2086 timer_expires = icsk->icsk_timeout;
2087 } else if (timer_pending(&sp->sk_timer)) {
2088 timer_active = 2;
2089 timer_expires = sp->sk_timer.expires;
2090 } else {
2091 timer_active = 0;
2092 timer_expires = jiffies;
2093 }
2094
2095 seq_printf(seq,
2096 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2097 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %pK %lu %lu %u %u %d\n",
2098 i,
2099 src->s6_addr32[0], src->s6_addr32[1],
2100 src->s6_addr32[2], src->s6_addr32[3], srcp,
2101 dest->s6_addr32[0], dest->s6_addr32[1],
2102 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2103 sp->sk_state,
2104 tp->write_seq-tp->snd_una,
2105 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
2106 timer_active,
2107 jiffies_to_clock_t(timer_expires - jiffies),
2108 icsk->icsk_retransmits,
2109 sock_i_uid(sp),
2110 icsk->icsk_probes_out,
2111 sock_i_ino(sp),
2112 atomic_read(&sp->sk_refcnt), sp,
2113 jiffies_to_clock_t(icsk->icsk_rto),
2114 jiffies_to_clock_t(icsk->icsk_ack.ato),
2115 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
2116 tp->snd_cwnd,
2117 tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh
2118 );
2119 }
2120
2121 static void get_timewait6_sock(struct seq_file *seq,
2122 struct inet_timewait_sock *tw, int i)
2123 {
2124 const struct in6_addr *dest, *src;
2125 __u16 destp, srcp;
2126 struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
2127 int ttd = tw->tw_ttd - jiffies;
2128
2129 if (ttd < 0)
2130 ttd = 0;
2131
2132 dest = &tw6->tw_v6_daddr;
2133 src = &tw6->tw_v6_rcv_saddr;
2134 destp = ntohs(tw->tw_dport);
2135 srcp = ntohs(tw->tw_sport);
2136
2137 seq_printf(seq,
2138 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2139 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
2140 i,
2141 src->s6_addr32[0], src->s6_addr32[1],
2142 src->s6_addr32[2], src->s6_addr32[3], srcp,
2143 dest->s6_addr32[0], dest->s6_addr32[1],
2144 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2145 tw->tw_substate, 0, 0,
2146 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2147 atomic_read(&tw->tw_refcnt), tw);
2148 }
2149
2150 static int tcp6_seq_show(struct seq_file *seq, void *v)
2151 {
2152 struct tcp_iter_state *st;
2153
2154 if (v == SEQ_START_TOKEN) {
2155 seq_puts(seq,
2156 " sl "
2157 "local_address "
2158 "remote_address "
2159 "st tx_queue rx_queue tr tm->when retrnsmt"
2160 " uid timeout inode\n");
2161 goto out;
2162 }
2163 st = seq->private;
2164
2165 switch (st->state) {
2166 case TCP_SEQ_STATE_LISTENING:
2167 case TCP_SEQ_STATE_ESTABLISHED:
2168 get_tcp6_sock(seq, v, st->num);
2169 break;
2170 case TCP_SEQ_STATE_OPENREQ:
2171 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
2172 break;
2173 case TCP_SEQ_STATE_TIME_WAIT:
2174 get_timewait6_sock(seq, v, st->num);
2175 break;
2176 }
2177 out:
2178 return 0;
2179 }
2180
2181 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2182 .name = "tcp6",
2183 .family = AF_INET6,
2184 .seq_fops = {
2185 .owner = THIS_MODULE,
2186 },
2187 .seq_ops = {
2188 .show = tcp6_seq_show,
2189 },
2190 };
2191
2192 int __net_init tcp6_proc_init(struct net *net)
2193 {
2194 return tcp_proc_register(net, &tcp6_seq_afinfo);
2195 }
2196
2197 void tcp6_proc_exit(struct net *net)
2198 {
2199 tcp_proc_unregister(net, &tcp6_seq_afinfo);
2200 }
2201 #endif
2202
2203 struct proto tcpv6_prot = {
2204 .name = "TCPv6",
2205 .owner = THIS_MODULE,
2206 .close = tcp_close,
2207 .connect = tcp_v6_connect,
2208 .disconnect = tcp_disconnect,
2209 .accept = inet_csk_accept,
2210 .ioctl = tcp_ioctl,
2211 .init = tcp_v6_init_sock,
2212 .destroy = tcp_v6_destroy_sock,
2213 .shutdown = tcp_shutdown,
2214 .setsockopt = tcp_setsockopt,
2215 .getsockopt = tcp_getsockopt,
2216 .recvmsg = tcp_recvmsg,
2217 .sendmsg = tcp_sendmsg,
2218 .sendpage = tcp_sendpage,
2219 .backlog_rcv = tcp_v6_do_rcv,
2220 .hash = tcp_v6_hash,
2221 .unhash = inet_unhash,
2222 .get_port = inet_csk_get_port,
2223 .enter_memory_pressure = tcp_enter_memory_pressure,
2224 .sockets_allocated = &tcp_sockets_allocated,
2225 .memory_allocated = &tcp_memory_allocated,
2226 .memory_pressure = &tcp_memory_pressure,
2227 .orphan_count = &tcp_orphan_count,
2228 .sysctl_mem = sysctl_tcp_mem,
2229 .sysctl_wmem = sysctl_tcp_wmem,
2230 .sysctl_rmem = sysctl_tcp_rmem,
2231 .max_header = MAX_TCP_HEADER,
2232 .obj_size = sizeof(struct tcp6_sock),
2233 .slab_flags = SLAB_DESTROY_BY_RCU,
2234 .twsk_prot = &tcp6_timewait_sock_ops,
2235 .rsk_prot = &tcp6_request_sock_ops,
2236 .h.hashinfo = &tcp_hashinfo,
2237 .no_autobind = true,
2238 #ifdef CONFIG_COMPAT
2239 .compat_setsockopt = compat_tcp_setsockopt,
2240 .compat_getsockopt = compat_tcp_getsockopt,
2241 #endif
2242 };
2243
2244 static const struct inet6_protocol tcpv6_protocol = {
2245 .handler = tcp_v6_rcv,
2246 .err_handler = tcp_v6_err,
2247 .gso_send_check = tcp_v6_gso_send_check,
2248 .gso_segment = tcp_tso_segment,
2249 .gro_receive = tcp6_gro_receive,
2250 .gro_complete = tcp6_gro_complete,
2251 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2252 };
2253
2254 static struct inet_protosw tcpv6_protosw = {
2255 .type = SOCK_STREAM,
2256 .protocol = IPPROTO_TCP,
2257 .prot = &tcpv6_prot,
2258 .ops = &inet6_stream_ops,
2259 .no_check = 0,
2260 .flags = INET_PROTOSW_PERMANENT |
2261 INET_PROTOSW_ICSK,
2262 };
2263
2264 static int __net_init tcpv6_net_init(struct net *net)
2265 {
2266 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2267 SOCK_RAW, IPPROTO_TCP, net);
2268 }
2269
2270 static void __net_exit tcpv6_net_exit(struct net *net)
2271 {
2272 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
2273 }
2274
2275 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
2276 {
2277 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET6);
2278 }
2279
2280 static struct pernet_operations tcpv6_net_ops = {
2281 .init = tcpv6_net_init,
2282 .exit = tcpv6_net_exit,
2283 .exit_batch = tcpv6_net_exit_batch,
2284 };
2285
2286 int __init tcpv6_init(void)
2287 {
2288 int ret;
2289
2290 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2291 if (ret)
2292 goto out;
2293
2294 /* register inet6 protocol */
2295 ret = inet6_register_protosw(&tcpv6_protosw);
2296 if (ret)
2297 goto out_tcpv6_protocol;
2298
2299 ret = register_pernet_subsys(&tcpv6_net_ops);
2300 if (ret)
2301 goto out_tcpv6_protosw;
2302 out:
2303 return ret;
2304
2305 out_tcpv6_protocol:
2306 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2307 out_tcpv6_protosw:
2308 inet6_unregister_protosw(&tcpv6_protosw);
2309 goto out;
2310 }
2311
2312 void tcpv6_exit(void)
2313 {
2314 unregister_pernet_subsys(&tcpv6_net_ops);
2315 inet6_unregister_protosw(&tcpv6_protosw);
2316 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2317 }
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree