search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[IPV6]: Audit all ip6_dst_lookup/ip6_dst_store calls
[linux-2.6/linux-loongson.git] / net / ipv6 / tcp_ipv6.c
blobb76fd7fba5f5b0cb6a76e6a658c53df86734e5f6
1 /*
2 * TCP over IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * $Id: tcp_ipv6.c,v 1.144 2002/02/01 22:01:04 davem Exp $
9 *
10 * Based on:
11 * linux/net/ipv4/tcp.c
12 * linux/net/ipv4/tcp_input.c
13 * linux/net/ipv4/tcp_output.c
14 *
15 * Fixes:
16 * Hideaki YOSHIFUJI : sin6_scope_id support
17 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
18 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
19 * a single port at the same time.
20 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
21 *
22 * This program is free software; you can redistribute it and/or
23 * modify it under the terms of the GNU General Public License
24 * as published by the Free Software Foundation; either version
25 * 2 of the License, or (at your option) any later version.
26 */
27
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/net.h>
34 #include <linux/jiffies.h>
35 #include <linux/in.h>
36 #include <linux/in6.h>
37 #include <linux/netdevice.h>
38 #include <linux/init.h>
39 #include <linux/jhash.h>
40 #include <linux/ipsec.h>
41 #include <linux/times.h>
42
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
46
47 #include <net/tcp.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
51 #include <net/ipv6.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
58 #include <net/xfrm.h>
59 #include <net/addrconf.h>
60 #include <net/snmp.h>
61 #include <net/dsfield.h>
62 #include <net/timewait_sock.h>
63
64 #include <asm/uaccess.h>
65
66 #include <linux/proc_fs.h>
67 #include <linux/seq_file.h>
68
69 /* Socket used for sending RSTs and ACKs */
70 static struct socket *tcp6_socket;
71
72 static void tcp_v6_send_reset(struct sk_buff *skb);
73 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req);
74 static void tcp_v6_send_check(struct sock *sk, int len,
75 struct sk_buff *skb);
76
77 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
78
79 static struct inet_connection_sock_af_ops ipv6_mapped;
80 static struct inet_connection_sock_af_ops ipv6_specific;
81
82 static int tcp_v6_get_port(struct sock *sk, unsigned short snum)
83 {
84 return inet_csk_get_port(&tcp_hashinfo, sk, snum,
85 inet6_csk_bind_conflict);
86 }
87
88 static void tcp_v6_hash(struct sock *sk)
89 {
90 if (sk->sk_state != TCP_CLOSE) {
91 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
92 tcp_prot.hash(sk);
93 return;
94 }
95 local_bh_disable();
96 __inet6_hash(&tcp_hashinfo, sk);
97 local_bh_enable();
98 }
99 }
100
101 static __inline__ u16 tcp_v6_check(struct tcphdr *th, int len,
102 struct in6_addr *saddr,
103 struct in6_addr *daddr,
104 unsigned long base)
105 {
106 return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
107 }
108
109 static __u32 tcp_v6_init_sequence(struct sock *sk, struct sk_buff *skb)
110 {
111 if (skb->protocol == htons(ETH_P_IPV6)) {
112 return secure_tcpv6_sequence_number(skb->nh.ipv6h->daddr.s6_addr32,
113 skb->nh.ipv6h->saddr.s6_addr32,
114 skb->h.th->dest,
115 skb->h.th->source);
116 } else {
117 return secure_tcp_sequence_number(skb->nh.iph->daddr,
118 skb->nh.iph->saddr,
119 skb->h.th->dest,
120 skb->h.th->source);
121 }
122 }
123
124 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
125 int addr_len)
126 {
127 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
128 struct inet_sock *inet = inet_sk(sk);
129 struct inet_connection_sock *icsk = inet_csk(sk);
130 struct ipv6_pinfo *np = inet6_sk(sk);
131 struct tcp_sock *tp = tcp_sk(sk);
132 struct in6_addr *saddr = NULL, *final_p = NULL, final;
133 struct flowi fl;
134 struct dst_entry *dst;
135 int addr_type;
136 int err;
137
138 if (addr_len < SIN6_LEN_RFC2133)
139 return -EINVAL;
140
141 if (usin->sin6_family != AF_INET6)
142 return(-EAFNOSUPPORT);
143
144 memset(&fl, 0, sizeof(fl));
145
146 if (np->sndflow) {
147 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
148 IP6_ECN_flow_init(fl.fl6_flowlabel);
149 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
150 struct ip6_flowlabel *flowlabel;
151 flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
152 if (flowlabel == NULL)
153 return -EINVAL;
154 ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
155 fl6_sock_release(flowlabel);
156 }
157 }
158
159 /*
160 * connect() to INADDR_ANY means loopback (BSD'ism).
161 */
162
163 if(ipv6_addr_any(&usin->sin6_addr))
164 usin->sin6_addr.s6_addr[15] = 0x1;
165
166 addr_type = ipv6_addr_type(&usin->sin6_addr);
167
168 if(addr_type & IPV6_ADDR_MULTICAST)
169 return -ENETUNREACH;
170
171 if (addr_type&IPV6_ADDR_LINKLOCAL) {
172 if (addr_len >= sizeof(struct sockaddr_in6) &&
173 usin->sin6_scope_id) {
174 /* If interface is set while binding, indices
175 * must coincide.
176 */
177 if (sk->sk_bound_dev_if &&
178 sk->sk_bound_dev_if != usin->sin6_scope_id)
179 return -EINVAL;
180
181 sk->sk_bound_dev_if = usin->sin6_scope_id;
182 }
183
184 /* Connect to link-local address requires an interface */
185 if (!sk->sk_bound_dev_if)
186 return -EINVAL;
187 }
188
189 if (tp->rx_opt.ts_recent_stamp &&
190 !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
191 tp->rx_opt.ts_recent = 0;
192 tp->rx_opt.ts_recent_stamp = 0;
193 tp->write_seq = 0;
194 }
195
196 ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
197 np->flow_label = fl.fl6_flowlabel;
198
199 /*
200 * TCP over IPv4
201 */
202
203 if (addr_type == IPV6_ADDR_MAPPED) {
204 u32 exthdrlen = icsk->icsk_ext_hdr_len;
205 struct sockaddr_in sin;
206
207 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
208
209 if (__ipv6_only_sock(sk))
210 return -ENETUNREACH;
211
212 sin.sin_family = AF_INET;
213 sin.sin_port = usin->sin6_port;
214 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
215
216 icsk->icsk_af_ops = &ipv6_mapped;
217 sk->sk_backlog_rcv = tcp_v4_do_rcv;
218
219 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
220
221 if (err) {
222 icsk->icsk_ext_hdr_len = exthdrlen;
223 icsk->icsk_af_ops = &ipv6_specific;
224 sk->sk_backlog_rcv = tcp_v6_do_rcv;
225 goto failure;
226 } else {
227 ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF),
228 inet->saddr);
229 ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF),
230 inet->rcv_saddr);
231 }
232
233 return err;
234 }
235
236 if (!ipv6_addr_any(&np->rcv_saddr))
237 saddr = &np->rcv_saddr;
238
239 fl.proto = IPPROTO_TCP;
240 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
241 ipv6_addr_copy(&fl.fl6_src,
242 (saddr ? saddr : &np->saddr));
243 fl.oif = sk->sk_bound_dev_if;
244 fl.fl_ip_dport = usin->sin6_port;
245 fl.fl_ip_sport = inet->sport;
246
247 if (np->opt && np->opt->srcrt) {
248 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
249 ipv6_addr_copy(&final, &fl.fl6_dst);
250 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
251 final_p = &final;
252 }
253
254 err = ip6_dst_lookup(sk, &dst, &fl);
255 if (err)
256 goto failure;
257 if (final_p)
258 ipv6_addr_copy(&fl.fl6_dst, final_p);
259
260 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
261 goto failure;
262
263 if (saddr == NULL) {
264 saddr = &fl.fl6_src;
265 ipv6_addr_copy(&np->rcv_saddr, saddr);
266 }
267
268 /* set the source address */
269 ipv6_addr_copy(&np->saddr, saddr);
270 inet->rcv_saddr = LOOPBACK4_IPV6;
271
272 sk->sk_gso_type = SKB_GSO_TCPV6;
273 __ip6_dst_store(sk, dst, NULL);
274
275 icsk->icsk_ext_hdr_len = 0;
276 if (np->opt)
277 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
278 np->opt->opt_nflen);
279
280 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
281
282 inet->dport = usin->sin6_port;
283
284 tcp_set_state(sk, TCP_SYN_SENT);
285 err = inet6_hash_connect(&tcp_death_row, sk);
286 if (err)
287 goto late_failure;
288
289 if (!tp->write_seq)
290 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
291 np->daddr.s6_addr32,
292 inet->sport,
293 inet->dport);
294
295 err = tcp_connect(sk);
296 if (err)
297 goto late_failure;
298
299 return 0;
300
301 late_failure:
302 tcp_set_state(sk, TCP_CLOSE);
303 __sk_dst_reset(sk);
304 failure:
305 inet->dport = 0;
306 sk->sk_route_caps = 0;
307 return err;
308 }
309
310 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
311 int type, int code, int offset, __u32 info)
312 {
313 struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
314 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
315 struct ipv6_pinfo *np;
316 struct sock *sk;
317 int err;
318 struct tcp_sock *tp;
319 __u32 seq;
320
321 sk = inet6_lookup(&tcp_hashinfo, &hdr->daddr, th->dest, &hdr->saddr,
322 th->source, skb->dev->ifindex);
323
324 if (sk == NULL) {
325 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
326 return;
327 }
328
329 if (sk->sk_state == TCP_TIME_WAIT) {
330 inet_twsk_put((struct inet_timewait_sock *)sk);
331 return;
332 }
333
334 bh_lock_sock(sk);
335 if (sock_owned_by_user(sk))
336 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
337
338 if (sk->sk_state == TCP_CLOSE)
339 goto out;
340
341 tp = tcp_sk(sk);
342 seq = ntohl(th->seq);
343 if (sk->sk_state != TCP_LISTEN &&
344 !between(seq, tp->snd_una, tp->snd_nxt)) {
345 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
346 goto out;
347 }
348
349 np = inet6_sk(sk);
350
351 if (type == ICMPV6_PKT_TOOBIG) {
352 struct dst_entry *dst = NULL;
353
354 if (sock_owned_by_user(sk))
355 goto out;
356 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
357 goto out;
358
359 /* icmp should have updated the destination cache entry */
360 dst = __sk_dst_check(sk, np->dst_cookie);
361
362 if (dst == NULL) {
363 struct inet_sock *inet = inet_sk(sk);
364 struct flowi fl;
365
366 /* BUGGG_FUTURE: Again, it is not clear how
367 to handle rthdr case. Ignore this complexity
368 for now.
369 */
370 memset(&fl, 0, sizeof(fl));
371 fl.proto = IPPROTO_TCP;
372 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
373 ipv6_addr_copy(&fl.fl6_src, &np->saddr);
374 fl.oif = sk->sk_bound_dev_if;
375 fl.fl_ip_dport = inet->dport;
376 fl.fl_ip_sport = inet->sport;
377
378 if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
379 sk->sk_err_soft = -err;
380 goto out;
381 }
382
383 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
384 sk->sk_err_soft = -err;
385 goto out;
386 }
387
388 } else
389 dst_hold(dst);
390
391 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
392 tcp_sync_mss(sk, dst_mtu(dst));
393 tcp_simple_retransmit(sk);
394 } /* else let the usual retransmit timer handle it */
395 dst_release(dst);
396 goto out;
397 }
398
399 icmpv6_err_convert(type, code, &err);
400
401 /* Might be for an request_sock */
402 switch (sk->sk_state) {
403 struct request_sock *req, **prev;
404 case TCP_LISTEN:
405 if (sock_owned_by_user(sk))
406 goto out;
407
408 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
409 &hdr->saddr, inet6_iif(skb));
410 if (!req)
411 goto out;
412
413 /* ICMPs are not backlogged, hence we cannot get
414 * an established socket here.
415 */
416 BUG_TRAP(req->sk == NULL);
417
418 if (seq != tcp_rsk(req)->snt_isn) {
419 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
420 goto out;
421 }
422
423 inet_csk_reqsk_queue_drop(sk, req, prev);
424 goto out;
425
426 case TCP_SYN_SENT:
427 case TCP_SYN_RECV: /* Cannot happen.
428 It can, it SYNs are crossed. --ANK */
429 if (!sock_owned_by_user(sk)) {
430 TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
431 sk->sk_err = err;
432 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
433
434 tcp_done(sk);
435 } else
436 sk->sk_err_soft = err;
437 goto out;
438 }
439
440 if (!sock_owned_by_user(sk) && np->recverr) {
441 sk->sk_err = err;
442 sk->sk_error_report(sk);
443 } else
444 sk->sk_err_soft = err;
445
446 out:
447 bh_unlock_sock(sk);
448 sock_put(sk);
449 }
450
451
452 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
453 struct dst_entry *dst)
454 {
455 struct inet6_request_sock *treq = inet6_rsk(req);
456 struct ipv6_pinfo *np = inet6_sk(sk);
457 struct sk_buff * skb;
458 struct ipv6_txoptions *opt = NULL;
459 struct in6_addr * final_p = NULL, final;
460 struct flowi fl;
461 int err = -1;
462
463 memset(&fl, 0, sizeof(fl));
464 fl.proto = IPPROTO_TCP;
465 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
466 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
467 fl.fl6_flowlabel = 0;
468 fl.oif = treq->iif;
469 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
470 fl.fl_ip_sport = inet_sk(sk)->sport;
471
472 if (dst == NULL) {
473 opt = np->opt;
474 if (opt == NULL &&
475 np->rxopt.bits.osrcrt == 2 &&
476 treq->pktopts) {
477 struct sk_buff *pktopts = treq->pktopts;
478 struct inet6_skb_parm *rxopt = IP6CB(pktopts);
479 if (rxopt->srcrt)
480 opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr*)(pktopts->nh.raw + rxopt->srcrt));
481 }
482
483 if (opt && opt->srcrt) {
484 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
485 ipv6_addr_copy(&final, &fl.fl6_dst);
486 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
487 final_p = &final;
488 }
489
490 err = ip6_dst_lookup(sk, &dst, &fl);
491 if (err)
492 goto done;
493 if (final_p)
494 ipv6_addr_copy(&fl.fl6_dst, final_p);
495 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
496 goto done;
497 }
498
499 skb = tcp_make_synack(sk, dst, req);
500 if (skb) {
501 struct tcphdr *th = skb->h.th;
502
503 th->check = tcp_v6_check(th, skb->len,
504 &treq->loc_addr, &treq->rmt_addr,
505 csum_partial((char *)th, skb->len, skb->csum));
506
507 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
508 err = ip6_xmit(sk, skb, &fl, opt, 0);
509 if (err == NET_XMIT_CN)
510 err = 0;
511 }
512
513 done:
514 if (opt && opt != np->opt)
515 sock_kfree_s(sk, opt, opt->tot_len);
516 dst_release(dst);
517 return err;
518 }
519
520 static void tcp_v6_reqsk_destructor(struct request_sock *req)
521 {
522 if (inet6_rsk(req)->pktopts)
523 kfree_skb(inet6_rsk(req)->pktopts);
524 }
525
526 static struct request_sock_ops tcp6_request_sock_ops = {
527 .family = AF_INET6,
528 .obj_size = sizeof(struct tcp6_request_sock),
529 .rtx_syn_ack = tcp_v6_send_synack,
530 .send_ack = tcp_v6_reqsk_send_ack,
531 .destructor = tcp_v6_reqsk_destructor,
532 .send_reset = tcp_v6_send_reset
533 };
534
535 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
536 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
537 .twsk_unique = tcp_twsk_unique,
538 };
539
540 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb)
541 {
542 struct ipv6_pinfo *np = inet6_sk(sk);
543 struct tcphdr *th = skb->h.th;
544
545 if (skb->ip_summed == CHECKSUM_HW) {
546 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP, 0);
547 skb->csum = offsetof(struct tcphdr, check);
548 } else {
549 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,
550 csum_partial((char *)th, th->doff<<2,
551 skb->csum));
552 }
553 }
554
555 static int tcp_v6_gso_send_check(struct sk_buff *skb)
556 {
557 struct ipv6hdr *ipv6h;
558 struct tcphdr *th;
559
560 if (!pskb_may_pull(skb, sizeof(*th)))
561 return -EINVAL;
562
563 ipv6h = skb->nh.ipv6h;
564 th = skb->h.th;
565
566 th->check = 0;
567 th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len,
568 IPPROTO_TCP, 0);
569 skb->csum = offsetof(struct tcphdr, check);
570 skb->ip_summed = CHECKSUM_HW;
571 return 0;
572 }
573
574 static void tcp_v6_send_reset(struct sk_buff *skb)
575 {
576 struct tcphdr *th = skb->h.th, *t1;
577 struct sk_buff *buff;
578 struct flowi fl;
579
580 if (th->rst)
581 return;
582
583 if (!ipv6_unicast_destination(skb))
584 return;
585
586 /*
587 * We need to grab some memory, and put together an RST,
588 * and then put it into the queue to be sent.
589 */
590
591 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + sizeof(struct tcphdr),
592 GFP_ATOMIC);
593 if (buff == NULL)
594 return;
595
596 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + sizeof(struct tcphdr));
597
598 t1 = (struct tcphdr *) skb_push(buff,sizeof(struct tcphdr));
599
600 /* Swap the send and the receive. */
601 memset(t1, 0, sizeof(*t1));
602 t1->dest = th->source;
603 t1->source = th->dest;
604 t1->doff = sizeof(*t1)/4;
605 t1->rst = 1;
606
607 if(th->ack) {
608 t1->seq = th->ack_seq;
609 } else {
610 t1->ack = 1;
611 t1->ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin
612 + skb->len - (th->doff<<2));
613 }
614
615 buff->csum = csum_partial((char *)t1, sizeof(*t1), 0);
616
617 memset(&fl, 0, sizeof(fl));
618 ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
619 ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
620
621 t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
622 sizeof(*t1), IPPROTO_TCP,
623 buff->csum);
624
625 fl.proto = IPPROTO_TCP;
626 fl.oif = inet6_iif(skb);
627 fl.fl_ip_dport = t1->dest;
628 fl.fl_ip_sport = t1->source;
629
630 /* sk = NULL, but it is safe for now. RST socket required. */
631 if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
632
633 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
634 ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
635 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
636 TCP_INC_STATS_BH(TCP_MIB_OUTRSTS);
637 return;
638 }
639 }
640
641 kfree_skb(buff);
642 }
643
644 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts)
645 {
646 struct tcphdr *th = skb->h.th, *t1;
647 struct sk_buff *buff;
648 struct flowi fl;
649 int tot_len = sizeof(struct tcphdr);
650
651 if (ts)
652 tot_len += 3*4;
653
654 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
655 GFP_ATOMIC);
656 if (buff == NULL)
657 return;
658
659 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
660
661 t1 = (struct tcphdr *) skb_push(buff,tot_len);
662
663 /* Swap the send and the receive. */
664 memset(t1, 0, sizeof(*t1));
665 t1->dest = th->source;
666 t1->source = th->dest;
667 t1->doff = tot_len/4;
668 t1->seq = htonl(seq);
669 t1->ack_seq = htonl(ack);
670 t1->ack = 1;
671 t1->window = htons(win);
672
673 if (ts) {
674 u32 *ptr = (u32*)(t1 + 1);
675 *ptr++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
676 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
677 *ptr++ = htonl(tcp_time_stamp);
678 *ptr = htonl(ts);
679 }
680
681 buff->csum = csum_partial((char *)t1, tot_len, 0);
682
683 memset(&fl, 0, sizeof(fl));
684 ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
685 ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
686
687 t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
688 tot_len, IPPROTO_TCP,
689 buff->csum);
690
691 fl.proto = IPPROTO_TCP;
692 fl.oif = inet6_iif(skb);
693 fl.fl_ip_dport = t1->dest;
694 fl.fl_ip_sport = t1->source;
695
696 if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
697 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
698 ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
699 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
700 return;
701 }
702 }
703
704 kfree_skb(buff);
705 }
706
707 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
708 {
709 struct inet_timewait_sock *tw = inet_twsk(sk);
710 const struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
711
712 tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
713 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
714 tcptw->tw_ts_recent);
715
716 inet_twsk_put(tw);
717 }
718
719 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req)
720 {
721 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent);
722 }
723
724
725 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
726 {
727 struct request_sock *req, **prev;
728 const struct tcphdr *th = skb->h.th;
729 struct sock *nsk;
730
731 /* Find possible connection requests. */
732 req = inet6_csk_search_req(sk, &prev, th->source,
733 &skb->nh.ipv6h->saddr,
734 &skb->nh.ipv6h->daddr, inet6_iif(skb));
735 if (req)
736 return tcp_check_req(sk, skb, req, prev);
737
738 nsk = __inet6_lookup_established(&tcp_hashinfo, &skb->nh.ipv6h->saddr,
739 th->source, &skb->nh.ipv6h->daddr,
740 ntohs(th->dest), inet6_iif(skb));
741
742 if (nsk) {
743 if (nsk->sk_state != TCP_TIME_WAIT) {
744 bh_lock_sock(nsk);
745 return nsk;
746 }
747 inet_twsk_put((struct inet_timewait_sock *)nsk);
748 return NULL;
749 }
750
751 #if 0 /*def CONFIG_SYN_COOKIES*/
752 if (!th->rst && !th->syn && th->ack)
753 sk = cookie_v6_check(sk, skb, &(IPCB(skb)->opt));
754 #endif
755 return sk;
756 }
757
758 /* FIXME: this is substantially similar to the ipv4 code.
759 * Can some kind of merge be done? -- erics
760 */
761 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
762 {
763 struct inet6_request_sock *treq;
764 struct ipv6_pinfo *np = inet6_sk(sk);
765 struct tcp_options_received tmp_opt;
766 struct tcp_sock *tp = tcp_sk(sk);
767 struct request_sock *req = NULL;
768 __u32 isn = TCP_SKB_CB(skb)->when;
769
770 if (skb->protocol == htons(ETH_P_IP))
771 return tcp_v4_conn_request(sk, skb);
772
773 if (!ipv6_unicast_destination(skb))
774 goto drop;
775
776 /*
777 * There are no SYN attacks on IPv6, yet...
778 */
779 if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
780 if (net_ratelimit())
781 printk(KERN_INFO "TCPv6: dropping request, synflood is possible\n");
782 goto drop;
783 }
784
785 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
786 goto drop;
787
788 req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
789 if (req == NULL)
790 goto drop;
791
792 tcp_clear_options(&tmp_opt);
793 tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
794 tmp_opt.user_mss = tp->rx_opt.user_mss;
795
796 tcp_parse_options(skb, &tmp_opt, 0);
797
798 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
799 tcp_openreq_init(req, &tmp_opt, skb);
800
801 treq = inet6_rsk(req);
802 ipv6_addr_copy(&treq->rmt_addr, &skb->nh.ipv6h->saddr);
803 ipv6_addr_copy(&treq->loc_addr, &skb->nh.ipv6h->daddr);
804 TCP_ECN_create_request(req, skb->h.th);
805 treq->pktopts = NULL;
806 if (ipv6_opt_accepted(sk, skb) ||
807 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
808 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
809 atomic_inc(&skb->users);
810 treq->pktopts = skb;
811 }
812 treq->iif = sk->sk_bound_dev_if;
813
814 /* So that link locals have meaning */
815 if (!sk->sk_bound_dev_if &&
816 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
817 treq->iif = inet6_iif(skb);
818
819 if (isn == 0)
820 isn = tcp_v6_init_sequence(sk,skb);
821
822 tcp_rsk(req)->snt_isn = isn;
823
824 if (tcp_v6_send_synack(sk, req, NULL))
825 goto drop;
826
827 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
828 return 0;
829
830 drop:
831 if (req)
832 reqsk_free(req);
833
834 TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
835 return 0; /* don't send reset */
836 }
837
838 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
839 struct request_sock *req,
840 struct dst_entry *dst)
841 {
842 struct inet6_request_sock *treq = inet6_rsk(req);
843 struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
844 struct tcp6_sock *newtcp6sk;
845 struct inet_sock *newinet;
846 struct tcp_sock *newtp;
847 struct sock *newsk;
848 struct ipv6_txoptions *opt;
849
850 if (skb->protocol == htons(ETH_P_IP)) {
851 /*
852 * v6 mapped
853 */
854
855 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
856
857 if (newsk == NULL)
858 return NULL;
859
860 newtcp6sk = (struct tcp6_sock *)newsk;
861 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
862
863 newinet = inet_sk(newsk);
864 newnp = inet6_sk(newsk);
865 newtp = tcp_sk(newsk);
866
867 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
868
869 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF),
870 newinet->daddr);
871
872 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF),
873 newinet->saddr);
874
875 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
876
877 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
878 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
879 newnp->pktoptions = NULL;
880 newnp->opt = NULL;
881 newnp->mcast_oif = inet6_iif(skb);
882 newnp->mcast_hops = skb->nh.ipv6h->hop_limit;
883
884 /*
885 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
886 * here, tcp_create_openreq_child now does this for us, see the comment in
887 * that function for the gory details. -acme
888 */
889
890 /* It is tricky place. Until this moment IPv4 tcp
891 worked with IPv6 icsk.icsk_af_ops.
892 Sync it now.
893 */
894 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
895
896 return newsk;
897 }
898
899 opt = np->opt;
900
901 if (sk_acceptq_is_full(sk))
902 goto out_overflow;
903
904 if (np->rxopt.bits.osrcrt == 2 &&
905 opt == NULL && treq->pktopts) {
906 struct inet6_skb_parm *rxopt = IP6CB(treq->pktopts);
907 if (rxopt->srcrt)
908 opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr *)(treq->pktopts->nh.raw + rxopt->srcrt));
909 }
910
911 if (dst == NULL) {
912 struct in6_addr *final_p = NULL, final;
913 struct flowi fl;
914
915 memset(&fl, 0, sizeof(fl));
916 fl.proto = IPPROTO_TCP;
917 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
918 if (opt && opt->srcrt) {
919 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
920 ipv6_addr_copy(&final, &fl.fl6_dst);
921 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
922 final_p = &final;
923 }
924 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
925 fl.oif = sk->sk_bound_dev_if;
926 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
927 fl.fl_ip_sport = inet_sk(sk)->sport;
928
929 if (ip6_dst_lookup(sk, &dst, &fl))
930 goto out;
931
932 if (final_p)
933 ipv6_addr_copy(&fl.fl6_dst, final_p);
934
935 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
936 goto out;
937 }
938
939 newsk = tcp_create_openreq_child(sk, req, skb);
940 if (newsk == NULL)
941 goto out;
942
943 /*
944 * No need to charge this sock to the relevant IPv6 refcnt debug socks
945 * count here, tcp_create_openreq_child now does this for us, see the
946 * comment in that function for the gory details. -acme
947 */
948
949 sk->sk_gso_type = SKB_GSO_TCPV6;
950 __ip6_dst_store(newsk, dst, NULL);
951
952 newtcp6sk = (struct tcp6_sock *)newsk;
953 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
954
955 newtp = tcp_sk(newsk);
956 newinet = inet_sk(newsk);
957 newnp = inet6_sk(newsk);
958
959 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
960
961 ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
962 ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
963 ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
964 newsk->sk_bound_dev_if = treq->iif;
965
966 /* Now IPv6 options...
967
968 First: no IPv4 options.
969 */
970 newinet->opt = NULL;
971
972 /* Clone RX bits */
973 newnp->rxopt.all = np->rxopt.all;
974
975 /* Clone pktoptions received with SYN */
976 newnp->pktoptions = NULL;
977 if (treq->pktopts != NULL) {
978 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
979 kfree_skb(treq->pktopts);
980 treq->pktopts = NULL;
981 if (newnp->pktoptions)
982 skb_set_owner_r(newnp->pktoptions, newsk);
983 }
984 newnp->opt = NULL;
985 newnp->mcast_oif = inet6_iif(skb);
986 newnp->mcast_hops = skb->nh.ipv6h->hop_limit;
987
988 /* Clone native IPv6 options from listening socket (if any)
989
990 Yes, keeping reference count would be much more clever,
991 but we make one more one thing there: reattach optmem
992 to newsk.
993 */
994 if (opt) {
995 newnp->opt = ipv6_dup_options(newsk, opt);
996 if (opt != np->opt)
997 sock_kfree_s(sk, opt, opt->tot_len);
998 }
999
1000 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1001 if (newnp->opt)
1002 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1003 newnp->opt->opt_flen);
1004
1005 tcp_mtup_init(newsk);
1006 tcp_sync_mss(newsk, dst_mtu(dst));
1007 newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1008 tcp_initialize_rcv_mss(newsk);
1009
1010 newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
1011
1012 __inet6_hash(&tcp_hashinfo, newsk);
1013 inet_inherit_port(&tcp_hashinfo, sk, newsk);
1014
1015 return newsk;
1016
1017 out_overflow:
1018 NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
1019 out:
1020 NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
1021 if (opt && opt != np->opt)
1022 sock_kfree_s(sk, opt, opt->tot_len);
1023 dst_release(dst);
1024 return NULL;
1025 }
1026
1027 static int tcp_v6_checksum_init(struct sk_buff *skb)
1028 {
1029 if (skb->ip_summed == CHECKSUM_HW) {
1030 if (!tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1031 &skb->nh.ipv6h->daddr,skb->csum)) {
1032 skb->ip_summed = CHECKSUM_UNNECESSARY;
1033 return 0;
1034 }
1035 }
1036
1037 skb->csum = ~tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1038 &skb->nh.ipv6h->daddr, 0);
1039
1040 if (skb->len <= 76) {
1041 return __skb_checksum_complete(skb);
1042 }
1043 return 0;
1044 }
1045
1046 /* The socket must have it's spinlock held when we get
1047 * here.
1048 *
1049 * We have a potential double-lock case here, so even when
1050 * doing backlog processing we use the BH locking scheme.
1051 * This is because we cannot sleep with the original spinlock
1052 * held.
1053 */
1054 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1055 {
1056 struct ipv6_pinfo *np = inet6_sk(sk);
1057 struct tcp_sock *tp;
1058 struct sk_buff *opt_skb = NULL;
1059
1060 /* Imagine: socket is IPv6. IPv4 packet arrives,
1061 goes to IPv4 receive handler and backlogged.
1062 From backlog it always goes here. Kerboom...
1063 Fortunately, tcp_rcv_established and rcv_established
1064 handle them correctly, but it is not case with
1065 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1066 */
1067
1068 if (skb->protocol == htons(ETH_P_IP))
1069 return tcp_v4_do_rcv(sk, skb);
1070
1071 if (sk_filter(sk, skb, 0))
1072 goto discard;
1073
1074 /*
1075 * socket locking is here for SMP purposes as backlog rcv
1076 * is currently called with bh processing disabled.
1077 */
1078
1079 /* Do Stevens' IPV6_PKTOPTIONS.
1080
1081 Yes, guys, it is the only place in our code, where we
1082 may make it not affecting IPv4.
1083 The rest of code is protocol independent,
1084 and I do not like idea to uglify IPv4.
1085
1086 Actually, all the idea behind IPV6_PKTOPTIONS
1087 looks not very well thought. For now we latch
1088 options, received in the last packet, enqueued
1089 by tcp. Feel free to propose better solution.
1090 --ANK (980728)
1091 */
1092 if (np->rxopt.all)
1093 opt_skb = skb_clone(skb, GFP_ATOMIC);
1094
1095 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1096 TCP_CHECK_TIMER(sk);
1097 if (tcp_rcv_established(sk, skb, skb->h.th, skb->len))
1098 goto reset;
1099 TCP_CHECK_TIMER(sk);
1100 if (opt_skb)
1101 goto ipv6_pktoptions;
1102 return 0;
1103 }
1104
1105 if (skb->len < (skb->h.th->doff<<2) || tcp_checksum_complete(skb))
1106 goto csum_err;
1107
1108 if (sk->sk_state == TCP_LISTEN) {
1109 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1110 if (!nsk)
1111 goto discard;
1112
1113 /*
1114 * Queue it on the new socket if the new socket is active,
1115 * otherwise we just shortcircuit this and continue with
1116 * the new socket..
1117 */
1118 if(nsk != sk) {
1119 if (tcp_child_process(sk, nsk, skb))
1120 goto reset;
1121 if (opt_skb)
1122 __kfree_skb(opt_skb);
1123 return 0;
1124 }
1125 }
1126
1127 TCP_CHECK_TIMER(sk);
1128 if (tcp_rcv_state_process(sk, skb, skb->h.th, skb->len))
1129 goto reset;
1130 TCP_CHECK_TIMER(sk);
1131 if (opt_skb)
1132 goto ipv6_pktoptions;
1133 return 0;
1134
1135 reset:
1136 tcp_v6_send_reset(skb);
1137 discard:
1138 if (opt_skb)
1139 __kfree_skb(opt_skb);
1140 kfree_skb(skb);
1141 return 0;
1142 csum_err:
1143 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1144 goto discard;
1145
1146
1147 ipv6_pktoptions:
1148 /* Do you ask, what is it?
1149
1150 1. skb was enqueued by tcp.
1151 2. skb is added to tail of read queue, rather than out of order.
1152 3. socket is not in passive state.
1153 4. Finally, it really contains options, which user wants to receive.
1154 */
1155 tp = tcp_sk(sk);
1156 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1157 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1158 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1159 np->mcast_oif = inet6_iif(opt_skb);
1160 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1161 np->mcast_hops = opt_skb->nh.ipv6h->hop_limit;
1162 if (ipv6_opt_accepted(sk, opt_skb)) {
1163 skb_set_owner_r(opt_skb, sk);
1164 opt_skb = xchg(&np->pktoptions, opt_skb);
1165 } else {
1166 __kfree_skb(opt_skb);
1167 opt_skb = xchg(&np->pktoptions, NULL);
1168 }
1169 }
1170
1171 if (opt_skb)
1172 kfree_skb(opt_skb);
1173 return 0;
1174 }
1175
1176 static int tcp_v6_rcv(struct sk_buff **pskb)
1177 {
1178 struct sk_buff *skb = *pskb;
1179 struct tcphdr *th;
1180 struct sock *sk;
1181 int ret;
1182
1183 if (skb->pkt_type != PACKET_HOST)
1184 goto discard_it;
1185
1186 /*
1187 * Count it even if it's bad.
1188 */
1189 TCP_INC_STATS_BH(TCP_MIB_INSEGS);
1190
1191 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1192 goto discard_it;
1193
1194 th = skb->h.th;
1195
1196 if (th->doff < sizeof(struct tcphdr)/4)
1197 goto bad_packet;
1198 if (!pskb_may_pull(skb, th->doff*4))
1199 goto discard_it;
1200
1201 if ((skb->ip_summed != CHECKSUM_UNNECESSARY &&
1202 tcp_v6_checksum_init(skb)))
1203 goto bad_packet;
1204
1205 th = skb->h.th;
1206 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1207 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1208 skb->len - th->doff*4);
1209 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1210 TCP_SKB_CB(skb)->when = 0;
1211 TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(skb->nh.ipv6h);
1212 TCP_SKB_CB(skb)->sacked = 0;
1213
1214 sk = __inet6_lookup(&tcp_hashinfo, &skb->nh.ipv6h->saddr, th->source,
1215 &skb->nh.ipv6h->daddr, ntohs(th->dest),
1216 inet6_iif(skb));
1217
1218 if (!sk)
1219 goto no_tcp_socket;
1220
1221 process:
1222 if (sk->sk_state == TCP_TIME_WAIT)
1223 goto do_time_wait;
1224
1225 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1226 goto discard_and_relse;
1227
1228 if (sk_filter(sk, skb, 0))
1229 goto discard_and_relse;
1230
1231 skb->dev = NULL;
1232
1233 bh_lock_sock(sk);
1234 ret = 0;
1235 if (!sock_owned_by_user(sk)) {
1236 #ifdef CONFIG_NET_DMA
1237 struct tcp_sock *tp = tcp_sk(sk);
1238 if (tp->ucopy.dma_chan)
1239 ret = tcp_v6_do_rcv(sk, skb);
1240 else
1241 #endif
1242 {
1243 if (!tcp_prequeue(sk, skb))
1244 ret = tcp_v6_do_rcv(sk, skb);
1245 }
1246 } else
1247 sk_add_backlog(sk, skb);
1248 bh_unlock_sock(sk);
1249
1250 sock_put(sk);
1251 return ret ? -1 : 0;
1252
1253 no_tcp_socket:
1254 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1255 goto discard_it;
1256
1257 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1258 bad_packet:
1259 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1260 } else {
1261 tcp_v6_send_reset(skb);
1262 }
1263
1264 discard_it:
1265
1266 /*
1267 * Discard frame
1268 */
1269
1270 kfree_skb(skb);
1271 return 0;
1272
1273 discard_and_relse:
1274 sock_put(sk);
1275 goto discard_it;
1276
1277 do_time_wait:
1278 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1279 inet_twsk_put((struct inet_timewait_sock *)sk);
1280 goto discard_it;
1281 }
1282
1283 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1284 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1285 inet_twsk_put((struct inet_timewait_sock *)sk);
1286 goto discard_it;
1287 }
1288
1289 switch (tcp_timewait_state_process((struct inet_timewait_sock *)sk,
1290 skb, th)) {
1291 case TCP_TW_SYN:
1292 {
1293 struct sock *sk2;
1294
1295 sk2 = inet6_lookup_listener(&tcp_hashinfo,
1296 &skb->nh.ipv6h->daddr,
1297 ntohs(th->dest), inet6_iif(skb));
1298 if (sk2 != NULL) {
1299 struct inet_timewait_sock *tw = inet_twsk(sk);
1300 inet_twsk_deschedule(tw, &tcp_death_row);
1301 inet_twsk_put(tw);
1302 sk = sk2;
1303 goto process;
1304 }
1305 /* Fall through to ACK */
1306 }
1307 case TCP_TW_ACK:
1308 tcp_v6_timewait_ack(sk, skb);
1309 break;
1310 case TCP_TW_RST:
1311 goto no_tcp_socket;
1312 case TCP_TW_SUCCESS:;
1313 }
1314 goto discard_it;
1315 }
1316
1317 static int tcp_v6_remember_stamp(struct sock *sk)
1318 {
1319 /* Alas, not yet... */
1320 return 0;
1321 }
1322
1323 static struct inet_connection_sock_af_ops ipv6_specific = {
1324 .queue_xmit = inet6_csk_xmit,
1325 .send_check = tcp_v6_send_check,
1326 .rebuild_header = inet6_sk_rebuild_header,
1327 .conn_request = tcp_v6_conn_request,
1328 .syn_recv_sock = tcp_v6_syn_recv_sock,
1329 .remember_stamp = tcp_v6_remember_stamp,
1330 .net_header_len = sizeof(struct ipv6hdr),
1331 .setsockopt = ipv6_setsockopt,
1332 .getsockopt = ipv6_getsockopt,
1333 .addr2sockaddr = inet6_csk_addr2sockaddr,
1334 .sockaddr_len = sizeof(struct sockaddr_in6),
1335 #ifdef CONFIG_COMPAT
1336 .compat_setsockopt = compat_ipv6_setsockopt,
1337 .compat_getsockopt = compat_ipv6_getsockopt,
1338 #endif
1339 };
1340
1341 /*
1342 * TCP over IPv4 via INET6 API
1343 */
1344
1345 static struct inet_connection_sock_af_ops ipv6_mapped = {
1346 .queue_xmit = ip_queue_xmit,
1347 .send_check = tcp_v4_send_check,
1348 .rebuild_header = inet_sk_rebuild_header,
1349 .conn_request = tcp_v6_conn_request,
1350 .syn_recv_sock = tcp_v6_syn_recv_sock,
1351 .remember_stamp = tcp_v4_remember_stamp,
1352 .net_header_len = sizeof(struct iphdr),
1353 .setsockopt = ipv6_setsockopt,
1354 .getsockopt = ipv6_getsockopt,
1355 .addr2sockaddr = inet6_csk_addr2sockaddr,
1356 .sockaddr_len = sizeof(struct sockaddr_in6),
1357 #ifdef CONFIG_COMPAT
1358 .compat_setsockopt = compat_ipv6_setsockopt,
1359 .compat_getsockopt = compat_ipv6_getsockopt,
1360 #endif
1361 };
1362
1363 /* NOTE: A lot of things set to zero explicitly by call to
1364 * sk_alloc() so need not be done here.
1365 */
1366 static int tcp_v6_init_sock(struct sock *sk)
1367 {
1368 struct inet_connection_sock *icsk = inet_csk(sk);
1369 struct tcp_sock *tp = tcp_sk(sk);
1370
1371 skb_queue_head_init(&tp->out_of_order_queue);
1372 tcp_init_xmit_timers(sk);
1373 tcp_prequeue_init(tp);
1374
1375 icsk->icsk_rto = TCP_TIMEOUT_INIT;
1376 tp->mdev = TCP_TIMEOUT_INIT;
1377
1378 /* So many TCP implementations out there (incorrectly) count the
1379 * initial SYN frame in their delayed-ACK and congestion control
1380 * algorithms that we must have the following bandaid to talk
1381 * efficiently to them. -DaveM
1382 */
1383 tp->snd_cwnd = 2;
1384
1385 /* See draft-stevens-tcpca-spec-01 for discussion of the
1386 * initialization of these values.
1387 */
1388 tp->snd_ssthresh = 0x7fffffff;
1389 tp->snd_cwnd_clamp = ~0;
1390 tp->mss_cache = 536;
1391
1392 tp->reordering = sysctl_tcp_reordering;
1393
1394 sk->sk_state = TCP_CLOSE;
1395
1396 icsk->icsk_af_ops = &ipv6_specific;
1397 icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1398 icsk->icsk_sync_mss = tcp_sync_mss;
1399 sk->sk_write_space = sk_stream_write_space;
1400 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1401
1402 sk->sk_sndbuf = sysctl_tcp_wmem[1];
1403 sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1404
1405 atomic_inc(&tcp_sockets_allocated);
1406
1407 return 0;
1408 }
1409
1410 static int tcp_v6_destroy_sock(struct sock *sk)
1411 {
1412 tcp_v4_destroy_sock(sk);
1413 return inet6_destroy_sock(sk);
1414 }
1415
1416 /* Proc filesystem TCPv6 sock list dumping. */
1417 static void get_openreq6(struct seq_file *seq,
1418 struct sock *sk, struct request_sock *req, int i, int uid)
1419 {
1420 int ttd = req->expires - jiffies;
1421 struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1422 struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1423
1424 if (ttd < 0)
1425 ttd = 0;
1426
1427 seq_printf(seq,
1428 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1429 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1430 i,
1431 src->s6_addr32[0], src->s6_addr32[1],
1432 src->s6_addr32[2], src->s6_addr32[3],
1433 ntohs(inet_sk(sk)->sport),
1434 dest->s6_addr32[0], dest->s6_addr32[1],
1435 dest->s6_addr32[2], dest->s6_addr32[3],
1436 ntohs(inet_rsk(req)->rmt_port),
1437 TCP_SYN_RECV,
1438 0,0, /* could print option size, but that is af dependent. */
1439 1, /* timers active (only the expire timer) */
1440 jiffies_to_clock_t(ttd),
1441 req->retrans,
1442 uid,
1443 0, /* non standard timer */
1444 0, /* open_requests have no inode */
1445 0, req);
1446 }
1447
1448 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1449 {
1450 struct in6_addr *dest, *src;
1451 __u16 destp, srcp;
1452 int timer_active;
1453 unsigned long timer_expires;
1454 struct inet_sock *inet = inet_sk(sp);
1455 struct tcp_sock *tp = tcp_sk(sp);
1456 const struct inet_connection_sock *icsk = inet_csk(sp);
1457 struct ipv6_pinfo *np = inet6_sk(sp);
1458
1459 dest = &np->daddr;
1460 src = &np->rcv_saddr;
1461 destp = ntohs(inet->dport);
1462 srcp = ntohs(inet->sport);
1463
1464 if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1465 timer_active = 1;
1466 timer_expires = icsk->icsk_timeout;
1467 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1468 timer_active = 4;
1469 timer_expires = icsk->icsk_timeout;
1470 } else if (timer_pending(&sp->sk_timer)) {
1471 timer_active = 2;
1472 timer_expires = sp->sk_timer.expires;
1473 } else {
1474 timer_active = 0;
1475 timer_expires = jiffies;
1476 }
1477
1478 seq_printf(seq,
1479 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1480 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %u %u %u %u %d\n",
1481 i,
1482 src->s6_addr32[0], src->s6_addr32[1],
1483 src->s6_addr32[2], src->s6_addr32[3], srcp,
1484 dest->s6_addr32[0], dest->s6_addr32[1],
1485 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1486 sp->sk_state,
1487 tp->write_seq-tp->snd_una,
1488 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
1489 timer_active,
1490 jiffies_to_clock_t(timer_expires - jiffies),
1491 icsk->icsk_retransmits,
1492 sock_i_uid(sp),
1493 icsk->icsk_probes_out,
1494 sock_i_ino(sp),
1495 atomic_read(&sp->sk_refcnt), sp,
1496 icsk->icsk_rto,
1497 icsk->icsk_ack.ato,
1498 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
1499 tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
1500 );
1501 }
1502
1503 static void get_timewait6_sock(struct seq_file *seq,
1504 struct inet_timewait_sock *tw, int i)
1505 {
1506 struct in6_addr *dest, *src;
1507 __u16 destp, srcp;
1508 struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
1509 int ttd = tw->tw_ttd - jiffies;
1510
1511 if (ttd < 0)
1512 ttd = 0;
1513
1514 dest = &tw6->tw_v6_daddr;
1515 src = &tw6->tw_v6_rcv_saddr;
1516 destp = ntohs(tw->tw_dport);
1517 srcp = ntohs(tw->tw_sport);
1518
1519 seq_printf(seq,
1520 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1521 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1522 i,
1523 src->s6_addr32[0], src->s6_addr32[1],
1524 src->s6_addr32[2], src->s6_addr32[3], srcp,
1525 dest->s6_addr32[0], dest->s6_addr32[1],
1526 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1527 tw->tw_substate, 0, 0,
1528 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
1529 atomic_read(&tw->tw_refcnt), tw);
1530 }
1531
1532 #ifdef CONFIG_PROC_FS
1533 static int tcp6_seq_show(struct seq_file *seq, void *v)
1534 {
1535 struct tcp_iter_state *st;
1536
1537 if (v == SEQ_START_TOKEN) {
1538 seq_puts(seq,
1539 " sl "
1540 "local_address "
1541 "remote_address "
1542 "st tx_queue rx_queue tr tm->when retrnsmt"
1543 " uid timeout inode\n");
1544 goto out;
1545 }
1546 st = seq->private;
1547
1548 switch (st->state) {
1549 case TCP_SEQ_STATE_LISTENING:
1550 case TCP_SEQ_STATE_ESTABLISHED:
1551 get_tcp6_sock(seq, v, st->num);
1552 break;
1553 case TCP_SEQ_STATE_OPENREQ:
1554 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
1555 break;
1556 case TCP_SEQ_STATE_TIME_WAIT:
1557 get_timewait6_sock(seq, v, st->num);
1558 break;
1559 }
1560 out:
1561 return 0;
1562 }
1563
1564 static struct file_operations tcp6_seq_fops;
1565 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1566 .owner = THIS_MODULE,
1567 .name = "tcp6",
1568 .family = AF_INET6,
1569 .seq_show = tcp6_seq_show,
1570 .seq_fops = &tcp6_seq_fops,
1571 };
1572
1573 int __init tcp6_proc_init(void)
1574 {
1575 return tcp_proc_register(&tcp6_seq_afinfo);
1576 }
1577
1578 void tcp6_proc_exit(void)
1579 {
1580 tcp_proc_unregister(&tcp6_seq_afinfo);
1581 }
1582 #endif
1583
1584 struct proto tcpv6_prot = {
1585 .name = "TCPv6",
1586 .owner = THIS_MODULE,
1587 .close = tcp_close,
1588 .connect = tcp_v6_connect,
1589 .disconnect = tcp_disconnect,
1590 .accept = inet_csk_accept,
1591 .ioctl = tcp_ioctl,
1592 .init = tcp_v6_init_sock,
1593 .destroy = tcp_v6_destroy_sock,
1594 .shutdown = tcp_shutdown,
1595 .setsockopt = tcp_setsockopt,
1596 .getsockopt = tcp_getsockopt,
1597 .sendmsg = tcp_sendmsg,
1598 .recvmsg = tcp_recvmsg,
1599 .backlog_rcv = tcp_v6_do_rcv,
1600 .hash = tcp_v6_hash,
1601 .unhash = tcp_unhash,
1602 .get_port = tcp_v6_get_port,
1603 .enter_memory_pressure = tcp_enter_memory_pressure,
1604 .sockets_allocated = &tcp_sockets_allocated,
1605 .memory_allocated = &tcp_memory_allocated,
1606 .memory_pressure = &tcp_memory_pressure,
1607 .orphan_count = &tcp_orphan_count,
1608 .sysctl_mem = sysctl_tcp_mem,
1609 .sysctl_wmem = sysctl_tcp_wmem,
1610 .sysctl_rmem = sysctl_tcp_rmem,
1611 .max_header = MAX_TCP_HEADER,
1612 .obj_size = sizeof(struct tcp6_sock),
1613 .twsk_prot = &tcp6_timewait_sock_ops,
1614 .rsk_prot = &tcp6_request_sock_ops,
1615 #ifdef CONFIG_COMPAT
1616 .compat_setsockopt = compat_tcp_setsockopt,
1617 .compat_getsockopt = compat_tcp_getsockopt,
1618 #endif
1619 };
1620
1621 static struct inet6_protocol tcpv6_protocol = {
1622 .handler = tcp_v6_rcv,
1623 .err_handler = tcp_v6_err,
1624 .gso_send_check = tcp_v6_gso_send_check,
1625 .gso_segment = tcp_tso_segment,
1626 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1627 };
1628
1629 static struct inet_protosw tcpv6_protosw = {
1630 .type = SOCK_STREAM,
1631 .protocol = IPPROTO_TCP,
1632 .prot = &tcpv6_prot,
1633 .ops = &inet6_stream_ops,
1634 .capability = -1,
1635 .no_check = 0,
1636 .flags = INET_PROTOSW_PERMANENT |
1637 INET_PROTOSW_ICSK,
1638 };
1639
1640 void __init tcpv6_init(void)
1641 {
1642 /* register inet6 protocol */
1643 if (inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP) < 0)
1644 printk(KERN_ERR "tcpv6_init: Could not register protocol\n");
1645 inet6_register_protosw(&tcpv6_protosw);
1646
1647 if (inet_csk_ctl_sock_create(&tcp6_socket, PF_INET6, SOCK_RAW,
1648 IPPROTO_TCP) < 0)
1649 panic("Failed to create the TCPv6 control socket.\n");
1650 }
linux kernel for loongson