3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
8 * $Id: tcp_ipv6.c,v 1.144 2002/02/01 22:01:04 davem Exp $
11 * linux/net/ipv4/tcp.c
12 * linux/net/ipv4/tcp_input.c
13 * linux/net/ipv4/tcp_output.c
16 * Hideaki YOSHIFUJI : sin6_scope_id support
17 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
18 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
19 * a single port at the same time.
20 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
22 * This program is free software; you can redistribute it and/or
23 * modify it under the terms of the GNU General Public License
24 * as published by the Free Software Foundation; either version
25 * 2 of the License, or (at your option) any later version.
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/net.h>
34 #include <linux/jiffies.h>
36 #include <linux/in6.h>
37 #include <linux/netdevice.h>
38 #include <linux/init.h>
39 #include <linux/jhash.h>
40 #include <linux/ipsec.h>
41 #include <linux/times.h>
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
59 #include <net/addrconf.h>
61 #include <net/dsfield.h>
62 #include <net/timewait_sock.h>
64 #include <asm/uaccess.h>
66 #include <linux/proc_fs.h>
67 #include <linux/seq_file.h>
69 #include <linux/crypto.h>
70 #include <linux/scatterlist.h>
72 /* Socket used for sending RSTs and ACKs */
73 static struct socket *tcp6_socket;
75 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
76 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req);
77 static void tcp_v6_send_check(struct sock *sk, int len,
80 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
82 static struct inet_connection_sock_af_ops ipv6_mapped;
83 static struct inet_connection_sock_af_ops ipv6_specific;
84 #ifdef CONFIG_TCP_MD5SIG
85 static struct tcp_sock_af_ops tcp_sock_ipv6_specific;
86 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
89 static int tcp_v6_get_port(struct sock *sk, unsigned short snum)
91 return inet_csk_get_port(&tcp_hashinfo, sk, snum,
92 inet6_csk_bind_conflict);
95 static void tcp_v6_hash(struct sock *sk)
97 if (sk->sk_state != TCP_CLOSE) {
98 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
103 __inet6_hash(&tcp_hashinfo, sk);
108 static __inline__ __sum16 tcp_v6_check(struct tcphdr *th, int len,
109 struct in6_addr *saddr,
110 struct in6_addr *daddr,
113 return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
116 static __u32 tcp_v6_init_sequence(struct sk_buff *skb)
118 return secure_tcpv6_sequence_number(skb->nh.ipv6h->daddr.s6_addr32,
119 skb->nh.ipv6h->saddr.s6_addr32,
124 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
127 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
128 struct inet_sock *inet = inet_sk(sk);
129 struct inet_connection_sock *icsk = inet_csk(sk);
130 struct ipv6_pinfo *np = inet6_sk(sk);
131 struct tcp_sock *tp = tcp_sk(sk);
132 struct in6_addr *saddr = NULL, *final_p = NULL, final;
134 struct dst_entry *dst;
138 if (addr_len < SIN6_LEN_RFC2133)
141 if (usin->sin6_family != AF_INET6)
142 return(-EAFNOSUPPORT);
144 memset(&fl, 0, sizeof(fl));
147 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
148 IP6_ECN_flow_init(fl.fl6_flowlabel);
149 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
150 struct ip6_flowlabel *flowlabel;
151 flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
152 if (flowlabel == NULL)
154 ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
155 fl6_sock_release(flowlabel);
160 * connect() to INADDR_ANY means loopback (BSD'ism).
163 if(ipv6_addr_any(&usin->sin6_addr)) {
164 if (sk->sk_nx_info) {
165 if (sk->sk_nx_info->nbipv6) {
166 /* Linux-VServer: redirects to first IPv6 address set for guest
167 TODO: search for existing loopback address in guest context... */
168 usin->sin6_addr = sk->sk_nx_info->ipv6[0];
169 vxdprintk(VXD_CBIT(net, 4), "tcp_v6_connect(dest ::1 redirected to: " NIP6_FMT ", %d)",
170 NIP6(usin->sin6_addr), sk->sk_nx_info->nx_id);
174 usin->sin6_addr.s6_addr[15] = 0x1;
177 addr_type = ipv6_addr_type(&usin->sin6_addr);
179 if(addr_type & IPV6_ADDR_MULTICAST)
182 if (addr_type&IPV6_ADDR_LINKLOCAL) {
183 if (addr_len >= sizeof(struct sockaddr_in6) &&
184 usin->sin6_scope_id) {
185 /* If interface is set while binding, indices
188 if (sk->sk_bound_dev_if &&
189 sk->sk_bound_dev_if != usin->sin6_scope_id)
192 sk->sk_bound_dev_if = usin->sin6_scope_id;
195 /* Connect to link-local address requires an interface */
196 if (!sk->sk_bound_dev_if)
200 if (tp->rx_opt.ts_recent_stamp &&
201 !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
202 tp->rx_opt.ts_recent = 0;
203 tp->rx_opt.ts_recent_stamp = 0;
207 ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
208 np->flow_label = fl.fl6_flowlabel;
214 if (addr_type == IPV6_ADDR_MAPPED) {
215 u32 exthdrlen = icsk->icsk_ext_hdr_len;
216 struct sockaddr_in sin;
218 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
220 if (__ipv6_only_sock(sk))
223 sin.sin_family = AF_INET;
224 sin.sin_port = usin->sin6_port;
225 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
227 icsk->icsk_af_ops = &ipv6_mapped;
228 sk->sk_backlog_rcv = tcp_v4_do_rcv;
229 #ifdef CONFIG_TCP_MD5SIG
230 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
233 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
236 icsk->icsk_ext_hdr_len = exthdrlen;
237 icsk->icsk_af_ops = &ipv6_specific;
238 sk->sk_backlog_rcv = tcp_v6_do_rcv;
239 #ifdef CONFIG_TCP_MD5SIG
240 tp->af_specific = &tcp_sock_ipv6_specific;
244 ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF),
246 ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF),
253 if (!ipv6_addr_any(&np->rcv_saddr))
254 saddr = &np->rcv_saddr;
256 fl.proto = IPPROTO_TCP;
257 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
258 ipv6_addr_copy(&fl.fl6_src,
259 (saddr ? saddr : &np->saddr));
260 fl.oif = sk->sk_bound_dev_if;
261 fl.fl_ip_dport = usin->sin6_port;
262 fl.fl_ip_sport = inet->sport;
264 if (np->opt && np->opt->srcrt) {
265 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
266 ipv6_addr_copy(&final, &fl.fl6_dst);
267 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
271 security_sk_classify_flow(sk, &fl);
273 err = ip6_dst_lookup(sk, &dst, &fl);
277 ipv6_addr_copy(&fl.fl6_dst, final_p);
279 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
284 ipv6_addr_copy(&np->rcv_saddr, saddr);
287 /* set the source address */
288 ipv6_addr_copy(&np->saddr, saddr);
289 inet->rcv_saddr = LOOPBACK4_IPV6;
291 sk->sk_gso_type = SKB_GSO_TCPV6;
292 __ip6_dst_store(sk, dst, NULL, NULL);
294 icsk->icsk_ext_hdr_len = 0;
296 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
299 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
301 inet->dport = usin->sin6_port;
303 tcp_set_state(sk, TCP_SYN_SENT);
304 err = inet6_hash_connect(&tcp_death_row, sk);
309 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
314 err = tcp_connect(sk);
321 tcp_set_state(sk, TCP_CLOSE);
325 sk->sk_route_caps = 0;
329 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
330 int type, int code, int offset, __be32 info)
332 struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
333 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
334 struct ipv6_pinfo *np;
340 sk = inet6_lookup(&tcp_hashinfo, &hdr->daddr, th->dest, &hdr->saddr,
341 th->source, skb->dev->ifindex);
344 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
348 if (sk->sk_state == TCP_TIME_WAIT) {
349 inet_twsk_put(inet_twsk(sk));
354 if (sock_owned_by_user(sk))
355 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
357 if (sk->sk_state == TCP_CLOSE)
361 seq = ntohl(th->seq);
362 if (sk->sk_state != TCP_LISTEN &&
363 !between(seq, tp->snd_una, tp->snd_nxt)) {
364 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
370 if (type == ICMPV6_PKT_TOOBIG) {
371 struct dst_entry *dst = NULL;
373 if (sock_owned_by_user(sk))
375 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
378 /* icmp should have updated the destination cache entry */
379 dst = __sk_dst_check(sk, np->dst_cookie);
382 struct inet_sock *inet = inet_sk(sk);
385 /* BUGGG_FUTURE: Again, it is not clear how
386 to handle rthdr case. Ignore this complexity
389 memset(&fl, 0, sizeof(fl));
390 fl.proto = IPPROTO_TCP;
391 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
392 ipv6_addr_copy(&fl.fl6_src, &np->saddr);
393 fl.oif = sk->sk_bound_dev_if;
394 fl.fl_ip_dport = inet->dport;
395 fl.fl_ip_sport = inet->sport;
396 security_skb_classify_flow(skb, &fl);
398 if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
399 sk->sk_err_soft = -err;
403 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
404 sk->sk_err_soft = -err;
411 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
412 tcp_sync_mss(sk, dst_mtu(dst));
413 tcp_simple_retransmit(sk);
414 } /* else let the usual retransmit timer handle it */
419 icmpv6_err_convert(type, code, &err);
421 /* Might be for an request_sock */
422 switch (sk->sk_state) {
423 struct request_sock *req, **prev;
425 if (sock_owned_by_user(sk))
428 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
429 &hdr->saddr, inet6_iif(skb));
433 /* ICMPs are not backlogged, hence we cannot get
434 * an established socket here.
436 BUG_TRAP(req->sk == NULL);
438 if (seq != tcp_rsk(req)->snt_isn) {
439 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
443 inet_csk_reqsk_queue_drop(sk, req, prev);
447 case TCP_SYN_RECV: /* Cannot happen.
448 It can, it SYNs are crossed. --ANK */
449 if (!sock_owned_by_user(sk)) {
451 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
455 sk->sk_err_soft = err;
459 if (!sock_owned_by_user(sk) && np->recverr) {
461 sk->sk_error_report(sk);
463 sk->sk_err_soft = err;
471 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
472 struct dst_entry *dst)
474 struct inet6_request_sock *treq = inet6_rsk(req);
475 struct ipv6_pinfo *np = inet6_sk(sk);
476 struct sk_buff * skb;
477 struct ipv6_txoptions *opt = NULL;
478 struct in6_addr * final_p = NULL, final;
482 memset(&fl, 0, sizeof(fl));
483 fl.proto = IPPROTO_TCP;
484 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
485 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
486 fl.fl6_flowlabel = 0;
488 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
489 fl.fl_ip_sport = inet_sk(sk)->sport;
490 security_req_classify_flow(req, &fl);
495 np->rxopt.bits.osrcrt == 2 &&
497 struct sk_buff *pktopts = treq->pktopts;
498 struct inet6_skb_parm *rxopt = IP6CB(pktopts);
500 opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr*)(pktopts->nh.raw + rxopt->srcrt));
503 if (opt && opt->srcrt) {
504 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
505 ipv6_addr_copy(&final, &fl.fl6_dst);
506 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
510 err = ip6_dst_lookup(sk, &dst, &fl);
514 ipv6_addr_copy(&fl.fl6_dst, final_p);
515 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
519 skb = tcp_make_synack(sk, dst, req);
521 struct tcphdr *th = skb->h.th;
523 th->check = tcp_v6_check(th, skb->len,
524 &treq->loc_addr, &treq->rmt_addr,
525 csum_partial((char *)th, skb->len, skb->csum));
527 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
528 err = ip6_xmit(sk, skb, &fl, opt, 0);
529 err = net_xmit_eval(err);
533 if (opt && opt != np->opt)
534 sock_kfree_s(sk, opt, opt->tot_len);
539 static void tcp_v6_reqsk_destructor(struct request_sock *req)
541 if (inet6_rsk(req)->pktopts)
542 kfree_skb(inet6_rsk(req)->pktopts);
545 #ifdef CONFIG_TCP_MD5SIG
546 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
547 struct in6_addr *addr)
549 struct tcp_sock *tp = tcp_sk(sk);
554 if (!tp->md5sig_info || !tp->md5sig_info->entries6)
557 for (i = 0; i < tp->md5sig_info->entries6; i++) {
558 if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, addr) == 0)
559 return (struct tcp_md5sig_key *)&tp->md5sig_info->keys6[i];
564 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
565 struct sock *addr_sk)
567 return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
570 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
571 struct request_sock *req)
573 return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
576 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
577 char *newkey, u8 newkeylen)
579 /* Add key to the list */
580 struct tcp6_md5sig_key *key;
581 struct tcp_sock *tp = tcp_sk(sk);
582 struct tcp6_md5sig_key *keys;
584 key = (struct tcp6_md5sig_key*) tcp_v6_md5_do_lookup(sk, peer);
586 /* modify existing entry - just update that one */
589 key->keylen = newkeylen;
591 /* reallocate new list if current one is full. */
592 if (!tp->md5sig_info) {
593 tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC);
594 if (!tp->md5sig_info) {
599 tcp_alloc_md5sig_pool();
600 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) {
601 keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) *
602 (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
605 tcp_free_md5sig_pool();
610 if (tp->md5sig_info->entries6)
611 memmove(keys, tp->md5sig_info->keys6,
612 (sizeof (tp->md5sig_info->keys6[0]) *
613 tp->md5sig_info->entries6));
615 kfree(tp->md5sig_info->keys6);
616 tp->md5sig_info->keys6 = keys;
617 tp->md5sig_info->alloced6++;
620 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
622 tp->md5sig_info->keys6[tp->md5sig_info->entries6].key = newkey;
623 tp->md5sig_info->keys6[tp->md5sig_info->entries6].keylen = newkeylen;
625 tp->md5sig_info->entries6++;
630 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk,
631 u8 *newkey, __u8 newkeylen)
633 return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr,
637 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
639 struct tcp_sock *tp = tcp_sk(sk);
642 for (i = 0; i < tp->md5sig_info->entries6; i++) {
643 if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, peer) == 0) {
645 kfree(tp->md5sig_info->keys6[i].key);
646 tp->md5sig_info->entries6--;
648 if (tp->md5sig_info->entries6 == 0) {
649 kfree(tp->md5sig_info->keys6);
650 tp->md5sig_info->keys6 = NULL;
652 tcp_free_md5sig_pool();
656 /* shrink the database */
657 if (tp->md5sig_info->entries6 != i)
658 memmove(&tp->md5sig_info->keys6[i],
659 &tp->md5sig_info->keys6[i+1],
660 (tp->md5sig_info->entries6 - i)
661 * sizeof (tp->md5sig_info->keys6[0]));
668 static void tcp_v6_clear_md5_list (struct sock *sk)
670 struct tcp_sock *tp = tcp_sk(sk);
673 if (tp->md5sig_info->entries6) {
674 for (i = 0; i < tp->md5sig_info->entries6; i++)
675 kfree(tp->md5sig_info->keys6[i].key);
676 tp->md5sig_info->entries6 = 0;
677 tcp_free_md5sig_pool();
680 kfree(tp->md5sig_info->keys6);
681 tp->md5sig_info->keys6 = NULL;
682 tp->md5sig_info->alloced6 = 0;
684 if (tp->md5sig_info->entries4) {
685 for (i = 0; i < tp->md5sig_info->entries4; i++)
686 kfree(tp->md5sig_info->keys4[i].key);
687 tp->md5sig_info->entries4 = 0;
688 tcp_free_md5sig_pool();
691 kfree(tp->md5sig_info->keys4);
692 tp->md5sig_info->keys4 = NULL;
693 tp->md5sig_info->alloced4 = 0;
696 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
699 struct tcp_md5sig cmd;
700 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
703 if (optlen < sizeof(cmd))
706 if (copy_from_user(&cmd, optval, sizeof(cmd)))
709 if (sin6->sin6_family != AF_INET6)
712 if (!cmd.tcpm_keylen) {
713 if (!tcp_sk(sk)->md5sig_info)
715 if (ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_MAPPED)
716 return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
717 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr);
720 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
723 if (!tcp_sk(sk)->md5sig_info) {
724 struct tcp_sock *tp = tcp_sk(sk);
725 struct tcp_md5sig_info *p;
727 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL);
734 newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
737 if (ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_MAPPED) {
738 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3],
739 newkey, cmd.tcpm_keylen);
741 return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
744 static int tcp_v6_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
745 struct in6_addr *saddr,
746 struct in6_addr *daddr,
747 struct tcphdr *th, int protocol,
750 struct scatterlist sg[4];
754 struct tcp_md5sig_pool *hp;
755 struct tcp6_pseudohdr *bp;
756 struct hash_desc *desc;
758 unsigned int nbytes = 0;
760 hp = tcp_get_md5sig_pool();
762 printk(KERN_WARNING "%s(): hash pool not found...\n", __FUNCTION__);
763 goto clear_hash_noput;
765 bp = &hp->md5_blk.ip6;
766 desc = &hp->md5_desc;
768 /* 1. TCP pseudo-header (RFC2460) */
769 ipv6_addr_copy(&bp->saddr, saddr);
770 ipv6_addr_copy(&bp->daddr, daddr);
771 bp->len = htonl(tcplen);
772 bp->protocol = htonl(protocol);
774 sg_set_buf(&sg[block++], bp, sizeof(*bp));
775 nbytes += sizeof(*bp);
777 /* 2. TCP header, excluding options */
780 sg_set_buf(&sg[block++], th, sizeof(*th));
781 nbytes += sizeof(*th);
783 /* 3. TCP segment data (if any) */
784 data_len = tcplen - (th->doff << 2);
786 u8 *data = (u8 *)th + (th->doff << 2);
787 sg_set_buf(&sg[block++], data, data_len);
792 sg_set_buf(&sg[block++], key->key, key->keylen);
793 nbytes += key->keylen;
795 /* Now store the hash into the packet */
796 err = crypto_hash_init(desc);
798 printk(KERN_WARNING "%s(): hash_init failed\n", __FUNCTION__);
801 err = crypto_hash_update(desc, sg, nbytes);
803 printk(KERN_WARNING "%s(): hash_update failed\n", __FUNCTION__);
806 err = crypto_hash_final(desc, md5_hash);
808 printk(KERN_WARNING "%s(): hash_final failed\n", __FUNCTION__);
812 /* Reset header, and free up the crypto */
813 tcp_put_md5sig_pool();
818 tcp_put_md5sig_pool();
820 memset(md5_hash, 0, 16);
824 static int tcp_v6_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
826 struct dst_entry *dst,
827 struct request_sock *req,
828 struct tcphdr *th, int protocol,
831 struct in6_addr *saddr, *daddr;
834 saddr = &inet6_sk(sk)->saddr;
835 daddr = &inet6_sk(sk)->daddr;
837 saddr = &inet6_rsk(req)->loc_addr;
838 daddr = &inet6_rsk(req)->rmt_addr;
840 return tcp_v6_do_calc_md5_hash(md5_hash, key,
842 th, protocol, tcplen);
845 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
847 __u8 *hash_location = NULL;
848 struct tcp_md5sig_key *hash_expected;
849 struct ipv6hdr *ip6h = skb->nh.ipv6h;
850 struct tcphdr *th = skb->h.th;
851 int length = (th->doff << 2) - sizeof (*th);
856 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
858 /* If the TCP option is too short, we can short cut */
859 if (length < TCPOLEN_MD5SIG)
860 return hash_expected ? 1 : 0;
876 if (opsize < 2 || opsize > length)
878 if (opcode == TCPOPT_MD5SIG) {
888 /* do we have a hash as expected? */
889 if (!hash_expected) {
892 if (net_ratelimit()) {
893 printk(KERN_INFO "MD5 Hash NOT expected but found "
894 "(" NIP6_FMT ", %u)->"
895 "(" NIP6_FMT ", %u)\n",
896 NIP6(ip6h->saddr), ntohs(th->source),
897 NIP6(ip6h->daddr), ntohs(th->dest));
902 if (!hash_location) {
903 if (net_ratelimit()) {
904 printk(KERN_INFO "MD5 Hash expected but NOT found "
905 "(" NIP6_FMT ", %u)->"
906 "(" NIP6_FMT ", %u)\n",
907 NIP6(ip6h->saddr), ntohs(th->source),
908 NIP6(ip6h->daddr), ntohs(th->dest));
913 /* check the signature */
914 genhash = tcp_v6_do_calc_md5_hash(newhash,
916 &ip6h->saddr, &ip6h->daddr,
919 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
920 if (net_ratelimit()) {
921 printk(KERN_INFO "MD5 Hash %s for "
922 "(" NIP6_FMT ", %u)->"
923 "(" NIP6_FMT ", %u)\n",
924 genhash ? "failed" : "mismatch",
925 NIP6(ip6h->saddr), ntohs(th->source),
926 NIP6(ip6h->daddr), ntohs(th->dest));
934 static struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
936 .obj_size = sizeof(struct tcp6_request_sock),
937 .rtx_syn_ack = tcp_v6_send_synack,
938 .send_ack = tcp_v6_reqsk_send_ack,
939 .destructor = tcp_v6_reqsk_destructor,
940 .send_reset = tcp_v6_send_reset
943 #ifdef CONFIG_TCP_MD5SIG
944 static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
945 .md5_lookup = tcp_v6_reqsk_md5_lookup,
949 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
950 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
951 .twsk_unique = tcp_twsk_unique,
952 .twsk_destructor= tcp_twsk_destructor,
955 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb)
957 struct ipv6_pinfo *np = inet6_sk(sk);
958 struct tcphdr *th = skb->h.th;
960 if (skb->ip_summed == CHECKSUM_PARTIAL) {
961 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP, 0);
962 skb->csum_offset = offsetof(struct tcphdr, check);
964 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,
965 csum_partial((char *)th, th->doff<<2,
970 static int tcp_v6_gso_send_check(struct sk_buff *skb)
972 struct ipv6hdr *ipv6h;
975 if (!pskb_may_pull(skb, sizeof(*th)))
978 ipv6h = skb->nh.ipv6h;
982 th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len,
984 skb->csum_offset = offsetof(struct tcphdr, check);
985 skb->ip_summed = CHECKSUM_PARTIAL;
989 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
991 struct tcphdr *th = skb->h.th, *t1;
992 struct sk_buff *buff;
994 int tot_len = sizeof(*th);
995 #ifdef CONFIG_TCP_MD5SIG
996 struct tcp_md5sig_key *key;
1002 if (!ipv6_unicast_destination(skb))
1005 #ifdef CONFIG_TCP_MD5SIG
1007 key = tcp_v6_md5_do_lookup(sk, &skb->nh.ipv6h->daddr);
1012 tot_len += TCPOLEN_MD5SIG_ALIGNED;
1016 * We need to grab some memory, and put together an RST,
1017 * and then put it into the queue to be sent.
1020 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1025 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1027 t1 = (struct tcphdr *) skb_push(buff, tot_len);
1029 /* Swap the send and the receive. */
1030 memset(t1, 0, sizeof(*t1));
1031 t1->dest = th->source;
1032 t1->source = th->dest;
1033 t1->doff = tot_len / 4;
1037 t1->seq = th->ack_seq;
1040 t1->ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin
1041 + skb->len - (th->doff<<2));
1044 #ifdef CONFIG_TCP_MD5SIG
1046 __be32 *opt = (__be32*)(t1 + 1);
1047 opt[0] = htonl((TCPOPT_NOP << 24) |
1048 (TCPOPT_NOP << 16) |
1049 (TCPOPT_MD5SIG << 8) |
1051 tcp_v6_do_calc_md5_hash((__u8*)&opt[1],
1053 &skb->nh.ipv6h->daddr,
1054 &skb->nh.ipv6h->saddr,
1060 buff->csum = csum_partial((char *)t1, sizeof(*t1), 0);
1062 memset(&fl, 0, sizeof(fl));
1063 ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
1064 ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
1066 t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1067 sizeof(*t1), IPPROTO_TCP,
1070 fl.proto = IPPROTO_TCP;
1071 fl.oif = inet6_iif(skb);
1072 fl.fl_ip_dport = t1->dest;
1073 fl.fl_ip_sport = t1->source;
1074 security_skb_classify_flow(skb, &fl);
1076 /* sk = NULL, but it is safe for now. RST socket required. */
1077 if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
1079 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1080 ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
1081 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1082 TCP_INC_STATS_BH(TCP_MIB_OUTRSTS);
1090 static void tcp_v6_send_ack(struct tcp_timewait_sock *tw,
1091 struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts)
1093 struct tcphdr *th = skb->h.th, *t1;
1094 struct sk_buff *buff;
1096 int tot_len = sizeof(struct tcphdr);
1098 #ifdef CONFIG_TCP_MD5SIG
1099 struct tcp_md5sig_key *key;
1100 struct tcp_md5sig_key tw_key;
1103 #ifdef CONFIG_TCP_MD5SIG
1104 if (!tw && skb->sk) {
1105 key = tcp_v6_md5_do_lookup(skb->sk, &skb->nh.ipv6h->daddr);
1106 } else if (tw && tw->tw_md5_keylen) {
1107 tw_key.key = tw->tw_md5_key;
1108 tw_key.keylen = tw->tw_md5_keylen;
1116 tot_len += TCPOLEN_TSTAMP_ALIGNED;
1117 #ifdef CONFIG_TCP_MD5SIG
1119 tot_len += TCPOLEN_MD5SIG_ALIGNED;
1122 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1127 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1129 t1 = (struct tcphdr *) skb_push(buff,tot_len);
1131 /* Swap the send and the receive. */
1132 memset(t1, 0, sizeof(*t1));
1133 t1->dest = th->source;
1134 t1->source = th->dest;
1135 t1->doff = tot_len/4;
1136 t1->seq = htonl(seq);
1137 t1->ack_seq = htonl(ack);
1139 t1->window = htons(win);
1141 topt = (__be32 *)(t1 + 1);
1144 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1145 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
1146 *topt++ = htonl(tcp_time_stamp);
1150 #ifdef CONFIG_TCP_MD5SIG
1152 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1153 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1154 tcp_v6_do_calc_md5_hash((__u8 *)topt,
1156 &skb->nh.ipv6h->daddr,
1157 &skb->nh.ipv6h->saddr,
1163 buff->csum = csum_partial((char *)t1, tot_len, 0);
1165 memset(&fl, 0, sizeof(fl));
1166 ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
1167 ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
1169 t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1170 tot_len, IPPROTO_TCP,
1173 fl.proto = IPPROTO_TCP;
1174 fl.oif = inet6_iif(skb);
1175 fl.fl_ip_dport = t1->dest;
1176 fl.fl_ip_sport = t1->source;
1177 security_skb_classify_flow(skb, &fl);
1179 if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
1180 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1181 ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
1182 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1190 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1192 struct inet_timewait_sock *tw = inet_twsk(sk);
1193 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1195 tcp_v6_send_ack(tcptw, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1196 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1197 tcptw->tw_ts_recent);
1202 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req)
1204 tcp_v6_send_ack(NULL, skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent);
1208 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1210 struct request_sock *req, **prev;
1211 const struct tcphdr *th = skb->h.th;
1214 /* Find possible connection requests. */
1215 req = inet6_csk_search_req(sk, &prev, th->source,
1216 &skb->nh.ipv6h->saddr,
1217 &skb->nh.ipv6h->daddr, inet6_iif(skb));
1219 return tcp_check_req(sk, skb, req, prev);
1221 nsk = __inet6_lookup_established(&tcp_hashinfo, &skb->nh.ipv6h->saddr,
1222 th->source, &skb->nh.ipv6h->daddr,
1223 ntohs(th->dest), inet6_iif(skb));
1226 if (nsk->sk_state != TCP_TIME_WAIT) {
1230 inet_twsk_put(inet_twsk(nsk));
1234 #if 0 /*def CONFIG_SYN_COOKIES*/
1235 if (!th->rst && !th->syn && th->ack)
1236 sk = cookie_v6_check(sk, skb, &(IPCB(skb)->opt));
1241 /* FIXME: this is substantially similar to the ipv4 code.
1242 * Can some kind of merge be done? -- erics
1244 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1246 struct inet6_request_sock *treq;
1247 struct ipv6_pinfo *np = inet6_sk(sk);
1248 struct tcp_options_received tmp_opt;
1249 struct tcp_sock *tp = tcp_sk(sk);
1250 struct request_sock *req = NULL;
1251 __u32 isn = TCP_SKB_CB(skb)->when;
1253 if (skb->protocol == htons(ETH_P_IP))
1254 return tcp_v4_conn_request(sk, skb);
1256 if (!ipv6_unicast_destination(skb))
1260 * There are no SYN attacks on IPv6, yet...
1262 if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1263 if (net_ratelimit())
1264 printk(KERN_INFO "TCPv6: dropping request, synflood is possible\n");
1268 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1271 req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
1275 #ifdef CONFIG_TCP_MD5SIG
1276 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
1279 tcp_clear_options(&tmp_opt);
1280 tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1281 tmp_opt.user_mss = tp->rx_opt.user_mss;
1283 tcp_parse_options(skb, &tmp_opt, 0);
1285 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1286 tcp_openreq_init(req, &tmp_opt, skb);
1288 treq = inet6_rsk(req);
1289 ipv6_addr_copy(&treq->rmt_addr, &skb->nh.ipv6h->saddr);
1290 ipv6_addr_copy(&treq->loc_addr, &skb->nh.ipv6h->daddr);
1291 TCP_ECN_create_request(req, skb->h.th);
1292 treq->pktopts = NULL;
1293 if (ipv6_opt_accepted(sk, skb) ||
1294 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1295 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1296 atomic_inc(&skb->users);
1297 treq->pktopts = skb;
1299 treq->iif = sk->sk_bound_dev_if;
1301 /* So that link locals have meaning */
1302 if (!sk->sk_bound_dev_if &&
1303 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1304 treq->iif = inet6_iif(skb);
1307 isn = tcp_v6_init_sequence(skb);
1309 tcp_rsk(req)->snt_isn = isn;
1311 security_inet_conn_request(sk, skb, req);
1313 if (tcp_v6_send_synack(sk, req, NULL))
1316 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1323 return 0; /* don't send reset */
1326 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1327 struct request_sock *req,
1328 struct dst_entry *dst)
1330 struct inet6_request_sock *treq = inet6_rsk(req);
1331 struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1332 struct tcp6_sock *newtcp6sk;
1333 struct inet_sock *newinet;
1334 struct tcp_sock *newtp;
1336 struct ipv6_txoptions *opt;
1337 #ifdef CONFIG_TCP_MD5SIG
1338 struct tcp_md5sig_key *key;
1341 if (skb->protocol == htons(ETH_P_IP)) {
1346 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1351 newtcp6sk = (struct tcp6_sock *)newsk;
1352 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1354 newinet = inet_sk(newsk);
1355 newnp = inet6_sk(newsk);
1356 newtp = tcp_sk(newsk);
1358 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1360 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF),
1363 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF),
1366 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1368 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1369 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1370 #ifdef CONFIG_TCP_MD5SIG
1371 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1374 newnp->pktoptions = NULL;
1376 newnp->mcast_oif = inet6_iif(skb);
1377 newnp->mcast_hops = skb->nh.ipv6h->hop_limit;
1380 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1381 * here, tcp_create_openreq_child now does this for us, see the comment in
1382 * that function for the gory details. -acme
1385 /* It is tricky place. Until this moment IPv4 tcp
1386 worked with IPv6 icsk.icsk_af_ops.
1389 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1396 if (sk_acceptq_is_full(sk))
1399 if (np->rxopt.bits.osrcrt == 2 &&
1400 opt == NULL && treq->pktopts) {
1401 struct inet6_skb_parm *rxopt = IP6CB(treq->pktopts);
1403 opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr *)(treq->pktopts->nh.raw + rxopt->srcrt));
1407 struct in6_addr *final_p = NULL, final;
1410 memset(&fl, 0, sizeof(fl));
1411 fl.proto = IPPROTO_TCP;
1412 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
1413 if (opt && opt->srcrt) {
1414 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
1415 ipv6_addr_copy(&final, &fl.fl6_dst);
1416 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1419 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
1420 fl.oif = sk->sk_bound_dev_if;
1421 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
1422 fl.fl_ip_sport = inet_sk(sk)->sport;
1423 security_req_classify_flow(req, &fl);
1425 if (ip6_dst_lookup(sk, &dst, &fl))
1429 ipv6_addr_copy(&fl.fl6_dst, final_p);
1431 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
1435 newsk = tcp_create_openreq_child(sk, req, skb);
1440 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1441 * count here, tcp_create_openreq_child now does this for us, see the
1442 * comment in that function for the gory details. -acme
1445 newsk->sk_gso_type = SKB_GSO_TCPV6;
1446 __ip6_dst_store(newsk, dst, NULL, NULL);
1448 newtcp6sk = (struct tcp6_sock *)newsk;
1449 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1451 newtp = tcp_sk(newsk);
1452 newinet = inet_sk(newsk);
1453 newnp = inet6_sk(newsk);
1455 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1457 ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1458 ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1459 ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1460 newsk->sk_bound_dev_if = treq->iif;
1462 /* Now IPv6 options...
1464 First: no IPv4 options.
1466 newinet->opt = NULL;
1467 newnp->ipv6_fl_list = NULL;
1470 newnp->rxopt.all = np->rxopt.all;
1472 /* Clone pktoptions received with SYN */
1473 newnp->pktoptions = NULL;
1474 if (treq->pktopts != NULL) {
1475 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1476 kfree_skb(treq->pktopts);
1477 treq->pktopts = NULL;
1478 if (newnp->pktoptions)
1479 skb_set_owner_r(newnp->pktoptions, newsk);
1482 newnp->mcast_oif = inet6_iif(skb);
1483 newnp->mcast_hops = skb->nh.ipv6h->hop_limit;
1485 /* Clone native IPv6 options from listening socket (if any)
1487 Yes, keeping reference count would be much more clever,
1488 but we make one more one thing there: reattach optmem
1492 newnp->opt = ipv6_dup_options(newsk, opt);
1494 sock_kfree_s(sk, opt, opt->tot_len);
1497 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1499 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1500 newnp->opt->opt_flen);
1502 tcp_mtup_init(newsk);
1503 tcp_sync_mss(newsk, dst_mtu(dst));
1504 newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1505 tcp_initialize_rcv_mss(newsk);
1507 newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
1509 #ifdef CONFIG_TCP_MD5SIG
1510 /* Copy over the MD5 key from the original socket */
1511 if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
1512 /* We're using one, so create a matching key
1513 * on the newsk structure. If we fail to get
1514 * memory, then we end up not copying the key
1517 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1519 tcp_v6_md5_do_add(newsk, &inet6_sk(sk)->daddr,
1520 newkey, key->keylen);
1524 __inet6_hash(&tcp_hashinfo, newsk);
1525 inet_inherit_port(&tcp_hashinfo, sk, newsk);
1530 NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
1532 NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
1533 if (opt && opt != np->opt)
1534 sock_kfree_s(sk, opt, opt->tot_len);
1539 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1541 if (skb->ip_summed == CHECKSUM_COMPLETE) {
1542 if (!tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1543 &skb->nh.ipv6h->daddr,skb->csum)) {
1544 skb->ip_summed = CHECKSUM_UNNECESSARY;
1549 skb->csum = ~csum_unfold(tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1550 &skb->nh.ipv6h->daddr, 0));
1552 if (skb->len <= 76) {
1553 return __skb_checksum_complete(skb);
1558 /* The socket must have it's spinlock held when we get
1561 * We have a potential double-lock case here, so even when
1562 * doing backlog processing we use the BH locking scheme.
1563 * This is because we cannot sleep with the original spinlock
1566 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1568 struct ipv6_pinfo *np = inet6_sk(sk);
1569 struct tcp_sock *tp;
1570 struct sk_buff *opt_skb = NULL;
1572 /* Imagine: socket is IPv6. IPv4 packet arrives,
1573 goes to IPv4 receive handler and backlogged.
1574 From backlog it always goes here. Kerboom...
1575 Fortunately, tcp_rcv_established and rcv_established
1576 handle them correctly, but it is not case with
1577 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1580 if (skb->protocol == htons(ETH_P_IP))
1581 return tcp_v4_do_rcv(sk, skb);
1583 #ifdef CONFIG_TCP_MD5SIG
1584 if (tcp_v6_inbound_md5_hash (sk, skb))
1588 if (sk_filter(sk, skb))
1592 * socket locking is here for SMP purposes as backlog rcv
1593 * is currently called with bh processing disabled.
1596 /* Do Stevens' IPV6_PKTOPTIONS.
1598 Yes, guys, it is the only place in our code, where we
1599 may make it not affecting IPv4.
1600 The rest of code is protocol independent,
1601 and I do not like idea to uglify IPv4.
1603 Actually, all the idea behind IPV6_PKTOPTIONS
1604 looks not very well thought. For now we latch
1605 options, received in the last packet, enqueued
1606 by tcp. Feel free to propose better solution.
1610 opt_skb = skb_clone(skb, GFP_ATOMIC);
1612 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1613 TCP_CHECK_TIMER(sk);
1614 if (tcp_rcv_established(sk, skb, skb->h.th, skb->len))
1616 TCP_CHECK_TIMER(sk);
1618 goto ipv6_pktoptions;
1622 if (skb->len < (skb->h.th->doff<<2) || tcp_checksum_complete(skb))
1625 if (sk->sk_state == TCP_LISTEN) {
1626 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1631 * Queue it on the new socket if the new socket is active,
1632 * otherwise we just shortcircuit this and continue with
1636 if (tcp_child_process(sk, nsk, skb))
1639 __kfree_skb(opt_skb);
1644 TCP_CHECK_TIMER(sk);
1645 if (tcp_rcv_state_process(sk, skb, skb->h.th, skb->len))
1647 TCP_CHECK_TIMER(sk);
1649 goto ipv6_pktoptions;
1653 tcp_v6_send_reset(sk, skb);
1656 __kfree_skb(opt_skb);
1660 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1665 /* Do you ask, what is it?
1667 1. skb was enqueued by tcp.
1668 2. skb is added to tail of read queue, rather than out of order.
1669 3. socket is not in passive state.
1670 4. Finally, it really contains options, which user wants to receive.
1673 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1674 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1675 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1676 np->mcast_oif = inet6_iif(opt_skb);
1677 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1678 np->mcast_hops = opt_skb->nh.ipv6h->hop_limit;
1679 if (ipv6_opt_accepted(sk, opt_skb)) {
1680 skb_set_owner_r(opt_skb, sk);
1681 opt_skb = xchg(&np->pktoptions, opt_skb);
1683 __kfree_skb(opt_skb);
1684 opt_skb = xchg(&np->pktoptions, NULL);
1693 static int tcp_v6_rcv(struct sk_buff **pskb)
1695 struct sk_buff *skb = *pskb;
1700 if (skb->pkt_type != PACKET_HOST)
1704 * Count it even if it's bad.
1706 TCP_INC_STATS_BH(TCP_MIB_INSEGS);
1708 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1713 if (th->doff < sizeof(struct tcphdr)/4)
1715 if (!pskb_may_pull(skb, th->doff*4))
1718 if ((skb->ip_summed != CHECKSUM_UNNECESSARY &&
1719 tcp_v6_checksum_init(skb)))
1723 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1724 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1725 skb->len - th->doff*4);
1726 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1727 TCP_SKB_CB(skb)->when = 0;
1728 TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(skb->nh.ipv6h);
1729 TCP_SKB_CB(skb)->sacked = 0;
1731 sk = __inet6_lookup(&tcp_hashinfo, &skb->nh.ipv6h->saddr, th->source,
1732 &skb->nh.ipv6h->daddr, ntohs(th->dest),
1739 if (sk->sk_state == TCP_TIME_WAIT)
1742 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1743 goto discard_and_relse;
1745 if (sk_filter(sk, skb))
1746 goto discard_and_relse;
1750 bh_lock_sock_nested(sk);
1752 if (!sock_owned_by_user(sk)) {
1753 #ifdef CONFIG_NET_DMA
1754 struct tcp_sock *tp = tcp_sk(sk);
1755 if (tp->ucopy.dma_chan)
1756 ret = tcp_v6_do_rcv(sk, skb);
1760 if (!tcp_prequeue(sk, skb))
1761 ret = tcp_v6_do_rcv(sk, skb);
1764 sk_add_backlog(sk, skb);
1768 return ret ? -1 : 0;
1771 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1774 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1776 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1778 tcp_v6_send_reset(NULL, skb);
1795 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1796 inet_twsk_put(inet_twsk(sk));
1800 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1801 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1802 inet_twsk_put(inet_twsk(sk));
1806 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1811 sk2 = inet6_lookup_listener(&tcp_hashinfo,
1812 &skb->nh.ipv6h->daddr,
1813 ntohs(th->dest), inet6_iif(skb));
1815 struct inet_timewait_sock *tw = inet_twsk(sk);
1816 inet_twsk_deschedule(tw, &tcp_death_row);
1821 /* Fall through to ACK */
1824 tcp_v6_timewait_ack(sk, skb);
1828 case TCP_TW_SUCCESS:;
1833 static int tcp_v6_remember_stamp(struct sock *sk)
1835 /* Alas, not yet... */
1839 static struct inet_connection_sock_af_ops ipv6_specific = {
1840 .queue_xmit = inet6_csk_xmit,
1841 .send_check = tcp_v6_send_check,
1842 .rebuild_header = inet6_sk_rebuild_header,
1843 .conn_request = tcp_v6_conn_request,
1844 .syn_recv_sock = tcp_v6_syn_recv_sock,
1845 .remember_stamp = tcp_v6_remember_stamp,
1846 .net_header_len = sizeof(struct ipv6hdr),
1847 .setsockopt = ipv6_setsockopt,
1848 .getsockopt = ipv6_getsockopt,
1849 .addr2sockaddr = inet6_csk_addr2sockaddr,
1850 .sockaddr_len = sizeof(struct sockaddr_in6),
1851 #ifdef CONFIG_COMPAT
1852 .compat_setsockopt = compat_ipv6_setsockopt,
1853 .compat_getsockopt = compat_ipv6_getsockopt,
1857 #ifdef CONFIG_TCP_MD5SIG
1858 static struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1859 .md5_lookup = tcp_v6_md5_lookup,
1860 .calc_md5_hash = tcp_v6_calc_md5_hash,
1861 .md5_add = tcp_v6_md5_add_func,
1862 .md5_parse = tcp_v6_parse_md5_keys,
1867 * TCP over IPv4 via INET6 API
1870 static struct inet_connection_sock_af_ops ipv6_mapped = {
1871 .queue_xmit = ip_queue_xmit,
1872 .send_check = tcp_v4_send_check,
1873 .rebuild_header = inet_sk_rebuild_header,
1874 .conn_request = tcp_v6_conn_request,
1875 .syn_recv_sock = tcp_v6_syn_recv_sock,
1876 .remember_stamp = tcp_v4_remember_stamp,
1877 .net_header_len = sizeof(struct iphdr),
1878 .setsockopt = ipv6_setsockopt,
1879 .getsockopt = ipv6_getsockopt,
1880 .addr2sockaddr = inet6_csk_addr2sockaddr,
1881 .sockaddr_len = sizeof(struct sockaddr_in6),
1882 #ifdef CONFIG_COMPAT
1883 .compat_setsockopt = compat_ipv6_setsockopt,
1884 .compat_getsockopt = compat_ipv6_getsockopt,
1888 #ifdef CONFIG_TCP_MD5SIG
1889 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1890 .md5_lookup = tcp_v4_md5_lookup,
1891 .calc_md5_hash = tcp_v4_calc_md5_hash,
1892 .md5_add = tcp_v6_md5_add_func,
1893 .md5_parse = tcp_v6_parse_md5_keys,
1897 /* NOTE: A lot of things set to zero explicitly by call to
1898 * sk_alloc() so need not be done here.
1900 static int tcp_v6_init_sock(struct sock *sk)
1902 struct inet_connection_sock *icsk = inet_csk(sk);
1903 struct tcp_sock *tp = tcp_sk(sk);
1905 skb_queue_head_init(&tp->out_of_order_queue);
1906 tcp_init_xmit_timers(sk);
1907 tcp_prequeue_init(tp);
1909 icsk->icsk_rto = TCP_TIMEOUT_INIT;
1910 tp->mdev = TCP_TIMEOUT_INIT;
1912 /* So many TCP implementations out there (incorrectly) count the
1913 * initial SYN frame in their delayed-ACK and congestion control
1914 * algorithms that we must have the following bandaid to talk
1915 * efficiently to them. -DaveM
1919 /* See draft-stevens-tcpca-spec-01 for discussion of the
1920 * initialization of these values.
1922 tp->snd_ssthresh = 0x7fffffff;
1923 tp->snd_cwnd_clamp = ~0;
1924 tp->mss_cache = 536;
1926 tp->reordering = sysctl_tcp_reordering;
1928 sk->sk_state = TCP_CLOSE;
1930 icsk->icsk_af_ops = &ipv6_specific;
1931 icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1932 icsk->icsk_sync_mss = tcp_sync_mss;
1933 sk->sk_write_space = sk_stream_write_space;
1934 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1936 #ifdef CONFIG_TCP_MD5SIG
1937 tp->af_specific = &tcp_sock_ipv6_specific;
1940 sk->sk_sndbuf = sysctl_tcp_wmem[1];
1941 sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1943 atomic_inc(&tcp_sockets_allocated);
1948 static int tcp_v6_destroy_sock(struct sock *sk)
1950 #ifdef CONFIG_TCP_MD5SIG
1951 /* Clean up the MD5 key list */
1952 if (tcp_sk(sk)->md5sig_info)
1953 tcp_v6_clear_md5_list(sk);
1955 tcp_v4_destroy_sock(sk);
1956 return inet6_destroy_sock(sk);
1959 /* Proc filesystem TCPv6 sock list dumping. */
1960 static void get_openreq6(struct seq_file *seq,
1961 struct sock *sk, struct request_sock *req, int i, int uid)
1963 int ttd = req->expires - jiffies;
1964 struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1965 struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1971 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1972 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1974 src->s6_addr32[0], src->s6_addr32[1],
1975 src->s6_addr32[2], src->s6_addr32[3],
1976 ntohs(inet_sk(sk)->sport),
1977 dest->s6_addr32[0], dest->s6_addr32[1],
1978 dest->s6_addr32[2], dest->s6_addr32[3],
1979 ntohs(inet_rsk(req)->rmt_port),
1981 0,0, /* could print option size, but that is af dependent. */
1982 1, /* timers active (only the expire timer) */
1983 jiffies_to_clock_t(ttd),
1986 0, /* non standard timer */
1987 0, /* open_requests have no inode */
1991 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1993 struct in6_addr *dest, *src;
1996 unsigned long timer_expires;
1997 struct inet_sock *inet = inet_sk(sp);
1998 struct tcp_sock *tp = tcp_sk(sp);
1999 const struct inet_connection_sock *icsk = inet_csk(sp);
2000 struct ipv6_pinfo *np = inet6_sk(sp);
2003 src = &np->rcv_saddr;
2004 destp = ntohs(inet->dport);
2005 srcp = ntohs(inet->sport);
2007 if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
2009 timer_expires = icsk->icsk_timeout;
2010 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2012 timer_expires = icsk->icsk_timeout;
2013 } else if (timer_pending(&sp->sk_timer)) {
2015 timer_expires = sp->sk_timer.expires;
2018 timer_expires = jiffies;
2022 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2023 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %u %u %u %u %d\n",
2025 src->s6_addr32[0], src->s6_addr32[1],
2026 src->s6_addr32[2], src->s6_addr32[3], srcp,
2027 dest->s6_addr32[0], dest->s6_addr32[1],
2028 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2030 tp->write_seq-tp->snd_una,
2031 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
2033 jiffies_to_clock_t(timer_expires - jiffies),
2034 icsk->icsk_retransmits,
2036 icsk->icsk_probes_out,
2038 atomic_read(&sp->sk_refcnt), sp,
2041 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
2042 tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
2046 static void get_timewait6_sock(struct seq_file *seq,
2047 struct inet_timewait_sock *tw, int i)
2049 struct in6_addr *dest, *src;
2051 struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
2052 int ttd = tw->tw_ttd - jiffies;
2057 dest = &tw6->tw_v6_daddr;
2058 src = &tw6->tw_v6_rcv_saddr;
2059 destp = ntohs(tw->tw_dport);
2060 srcp = ntohs(tw->tw_sport);
2063 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2064 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
2066 src->s6_addr32[0], src->s6_addr32[1],
2067 src->s6_addr32[2], src->s6_addr32[3], srcp,
2068 dest->s6_addr32[0], dest->s6_addr32[1],
2069 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2070 tw->tw_substate, 0, 0,
2071 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2072 atomic_read(&tw->tw_refcnt), tw);
2075 #ifdef CONFIG_PROC_FS
2076 static int tcp6_seq_show(struct seq_file *seq, void *v)
2078 struct tcp_iter_state *st;
2080 if (v == SEQ_START_TOKEN) {
2085 "st tx_queue rx_queue tr tm->when retrnsmt"
2086 " uid timeout inode\n");
2091 switch (st->state) {
2092 case TCP_SEQ_STATE_LISTENING:
2093 case TCP_SEQ_STATE_ESTABLISHED:
2094 get_tcp6_sock(seq, v, st->num);
2096 case TCP_SEQ_STATE_OPENREQ:
2097 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
2099 case TCP_SEQ_STATE_TIME_WAIT:
2100 get_timewait6_sock(seq, v, st->num);
2107 static struct file_operations tcp6_seq_fops;
2108 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2109 .owner = THIS_MODULE,
2112 .seq_show = tcp6_seq_show,
2113 .seq_fops = &tcp6_seq_fops,
2116 int __init tcp6_proc_init(void)
2118 return tcp_proc_register(&tcp6_seq_afinfo);
2121 void tcp6_proc_exit(void)
2123 tcp_proc_unregister(&tcp6_seq_afinfo);
2127 struct proto tcpv6_prot = {
2129 .owner = THIS_MODULE,
2131 .connect = tcp_v6_connect,
2132 .disconnect = tcp_disconnect,
2133 .accept = inet_csk_accept,
2135 .init = tcp_v6_init_sock,
2136 .destroy = tcp_v6_destroy_sock,
2137 .shutdown = tcp_shutdown,
2138 .setsockopt = tcp_setsockopt,
2139 .getsockopt = tcp_getsockopt,
2140 .sendmsg = tcp_sendmsg,
2141 .recvmsg = tcp_recvmsg,
2142 .backlog_rcv = tcp_v6_do_rcv,
2143 .hash = tcp_v6_hash,
2144 .unhash = tcp_unhash,
2145 .get_port = tcp_v6_get_port,
2146 .enter_memory_pressure = tcp_enter_memory_pressure,
2147 .sockets_allocated = &tcp_sockets_allocated,
2148 .memory_allocated = &tcp_memory_allocated,
2149 .memory_pressure = &tcp_memory_pressure,
2150 .orphan_count = &tcp_orphan_count,
2151 .sysctl_mem = sysctl_tcp_mem,
2152 .sysctl_wmem = sysctl_tcp_wmem,
2153 .sysctl_rmem = sysctl_tcp_rmem,
2154 .max_header = MAX_TCP_HEADER,
2155 .obj_size = sizeof(struct tcp6_sock),
2156 .twsk_prot = &tcp6_timewait_sock_ops,
2157 .rsk_prot = &tcp6_request_sock_ops,
2158 #ifdef CONFIG_COMPAT
2159 .compat_setsockopt = compat_tcp_setsockopt,
2160 .compat_getsockopt = compat_tcp_getsockopt,
2164 static struct inet6_protocol tcpv6_protocol = {
2165 .handler = tcp_v6_rcv,
2166 .err_handler = tcp_v6_err,
2167 .gso_send_check = tcp_v6_gso_send_check,
2168 .gso_segment = tcp_tso_segment,
2169 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2172 static struct inet_protosw tcpv6_protosw = {
2173 .type = SOCK_STREAM,
2174 .protocol = IPPROTO_TCP,
2175 .prot = &tcpv6_prot,
2176 .ops = &inet6_stream_ops,
2179 .flags = INET_PROTOSW_PERMANENT |
2183 void __init tcpv6_init(void)
2185 /* register inet6 protocol */
2186 if (inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP) < 0)
2187 printk(KERN_ERR "tcpv6_init: Could not register protocol\n");
2188 inet6_register_protosw(&tcpv6_protosw);
2190 if (inet_csk_ctl_sock_create(&tcp6_socket, PF_INET6, SOCK_RAW,
2192 panic("Failed to create the TCPv6 control socket.\n");