tcp_ipv6.c 63 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /*
  3. * TCP over IPv6
  4. * Linux INET6 implementation
  5. *
  6. * Authors:
  7. * Pedro Roque <roque@di.fc.ul.pt>
  8. *
  9. * Based on:
  10. * linux/net/ipv4/tcp.c
  11. * linux/net/ipv4/tcp_input.c
  12. * linux/net/ipv4/tcp_output.c
  13. *
  14. * Fixes:
  15. * Hideaki YOSHIFUJI : sin6_scope_id support
  16. * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
  17. * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
  18. * a single port at the same time.
  19. * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
  20. */
  21. #include <linux/bottom_half.h>
  22. #include <linux/module.h>
  23. #include <linux/errno.h>
  24. #include <linux/types.h>
  25. #include <linux/socket.h>
  26. #include <linux/sockios.h>
  27. #include <linux/net.h>
  28. #include <linux/jiffies.h>
  29. #include <linux/in.h>
  30. #include <linux/in6.h>
  31. #include <linux/netdevice.h>
  32. #include <linux/init.h>
  33. #include <linux/jhash.h>
  34. #include <linux/ipsec.h>
  35. #include <linux/times.h>
  36. #include <linux/slab.h>
  37. #include <linux/uaccess.h>
  38. #include <linux/ipv6.h>
  39. #include <linux/icmpv6.h>
  40. #include <linux/random.h>
  41. #include <linux/indirect_call_wrapper.h>
  42. #include <net/aligned_data.h>
  43. #include <net/tcp.h>
  44. #include <net/ndisc.h>
  45. #include <net/inet6_hashtables.h>
  46. #include <net/inet6_connection_sock.h>
  47. #include <net/ipv6.h>
  48. #include <net/transp_v6.h>
  49. #include <net/addrconf.h>
  50. #include <net/ip6_route.h>
  51. #include <net/ip6_checksum.h>
  52. #include <net/inet_ecn.h>
  53. #include <net/protocol.h>
  54. #include <net/xfrm.h>
  55. #include <net/snmp.h>
  56. #include <net/dsfield.h>
  57. #include <net/timewait_sock.h>
  58. #include <net/inet_common.h>
  59. #include <net/secure_seq.h>
  60. #include <net/hotdata.h>
  61. #include <net/busy_poll.h>
  62. #include <net/rstreason.h>
  63. #include <net/psp.h>
  64. #include <linux/proc_fs.h>
  65. #include <linux/seq_file.h>
  66. #include <crypto/md5.h>
  67. #include <crypto/utils.h>
  68. #include <trace/events/tcp.h>
  69. static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb,
  70. enum sk_rst_reason reason);
  71. static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
  72. struct request_sock *req);
  73. INDIRECT_CALLABLE_SCOPE int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
  74. static const struct inet_connection_sock_af_ops ipv6_mapped;
  75. const struct inet_connection_sock_af_ops ipv6_specific;
  76. #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
  77. static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
  78. static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
  79. #endif
  80. /* Helper returning the inet6 address from a given tcp socket.
  81. * It can be used in TCP stack instead of inet6_sk(sk).
  82. * This avoids a dereference and allow compiler optimizations.
  83. * It is a specialized version of inet6_sk_generic().
  84. */
  85. #define tcp_inet6_sk(sk) (&container_of_const(tcp_sk(sk), \
  86. struct tcp6_sock, tcp)->inet6)
  87. static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
  88. {
  89. struct dst_entry *dst = skb_dst(skb);
  90. if (dst && dst_hold_safe(dst)) {
  91. rcu_assign_pointer(sk->sk_rx_dst, dst);
  92. sk->sk_rx_dst_ifindex = skb->skb_iif;
  93. sk->sk_rx_dst_cookie = rt6_get_cookie(dst_rt6_info(dst));
  94. }
  95. }
  96. static union tcp_seq_and_ts_off
  97. tcp_v6_init_seq_and_ts_off(const struct net *net, const struct sk_buff *skb)
  98. {
  99. return secure_tcpv6_seq_and_ts_off(net,
  100. ipv6_hdr(skb)->daddr.s6_addr32,
  101. ipv6_hdr(skb)->saddr.s6_addr32,
  102. tcp_hdr(skb)->dest,
  103. tcp_hdr(skb)->source);
  104. }
  105. static int tcp_v6_pre_connect(struct sock *sk, struct sockaddr_unsized *uaddr,
  106. int addr_len)
  107. {
  108. /* This check is replicated from tcp_v6_connect() and intended to
  109. * prevent BPF program called below from accessing bytes that are out
  110. * of the bound specified by user in addr_len.
  111. */
  112. if (addr_len < SIN6_LEN_RFC2133)
  113. return -EINVAL;
  114. sock_owned_by_me(sk);
  115. return BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr, &addr_len);
  116. }
  117. static int tcp_v6_connect(struct sock *sk, struct sockaddr_unsized *uaddr,
  118. int addr_len)
  119. {
  120. struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
  121. struct inet_connection_sock *icsk = inet_csk(sk);
  122. struct inet_timewait_death_row *tcp_death_row;
  123. struct ipv6_pinfo *np = tcp_inet6_sk(sk);
  124. struct in6_addr *saddr = NULL, *final_p;
  125. struct inet_sock *inet = inet_sk(sk);
  126. struct tcp_sock *tp = tcp_sk(sk);
  127. struct net *net = sock_net(sk);
  128. struct ipv6_txoptions *opt;
  129. struct dst_entry *dst;
  130. struct flowi6 *fl6;
  131. int addr_type;
  132. int err;
  133. if (addr_len < SIN6_LEN_RFC2133)
  134. return -EINVAL;
  135. if (usin->sin6_family != AF_INET6)
  136. return -EAFNOSUPPORT;
  137. fl6 = &inet_sk(sk)->cork.fl.u.ip6;
  138. memset(fl6, 0, sizeof(*fl6));
  139. if (inet6_test_bit(SNDFLOW, sk)) {
  140. fl6->flowlabel = usin->sin6_flowinfo & IPV6_FLOWINFO_MASK;
  141. IP6_ECN_flow_init(fl6->flowlabel);
  142. if (fl6->flowlabel & IPV6_FLOWLABEL_MASK) {
  143. struct ip6_flowlabel *flowlabel;
  144. flowlabel = fl6_sock_lookup(sk, fl6->flowlabel);
  145. if (IS_ERR(flowlabel))
  146. return -EINVAL;
  147. fl6_sock_release(flowlabel);
  148. }
  149. }
  150. /*
  151. * connect() to INADDR_ANY means loopback (BSD'ism).
  152. */
  153. if (ipv6_addr_any(&usin->sin6_addr)) {
  154. if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr))
  155. ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK),
  156. &usin->sin6_addr);
  157. else
  158. usin->sin6_addr = in6addr_loopback;
  159. }
  160. addr_type = ipv6_addr_type(&usin->sin6_addr);
  161. if (addr_type & IPV6_ADDR_MULTICAST)
  162. return -ENETUNREACH;
  163. if (addr_type&IPV6_ADDR_LINKLOCAL) {
  164. if (addr_len >= sizeof(struct sockaddr_in6) &&
  165. usin->sin6_scope_id) {
  166. /* If interface is set while binding, indices
  167. * must coincide.
  168. */
  169. if (!sk_dev_equal_l3scope(sk, usin->sin6_scope_id))
  170. return -EINVAL;
  171. sk->sk_bound_dev_if = usin->sin6_scope_id;
  172. }
  173. /* Connect to link-local address requires an interface */
  174. if (!sk->sk_bound_dev_if)
  175. return -EINVAL;
  176. }
  177. if (tp->rx_opt.ts_recent_stamp &&
  178. !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
  179. tp->rx_opt.ts_recent = 0;
  180. tp->rx_opt.ts_recent_stamp = 0;
  181. WRITE_ONCE(tp->write_seq, 0);
  182. }
  183. sk->sk_v6_daddr = usin->sin6_addr;
  184. np->flow_label = fl6->flowlabel;
  185. /*
  186. * TCP over IPv4
  187. */
  188. if (addr_type & IPV6_ADDR_MAPPED) {
  189. u32 exthdrlen = icsk->icsk_ext_hdr_len;
  190. struct sockaddr_in sin;
  191. if (ipv6_only_sock(sk))
  192. return -ENETUNREACH;
  193. sin.sin_family = AF_INET;
  194. sin.sin_port = usin->sin6_port;
  195. sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
  196. /* Paired with READ_ONCE() in tcp_(get|set)sockopt() */
  197. WRITE_ONCE(icsk->icsk_af_ops, &ipv6_mapped);
  198. if (sk_is_mptcp(sk))
  199. mptcpv6_handle_mapped(sk, true);
  200. sk->sk_backlog_rcv = tcp_v4_do_rcv;
  201. #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
  202. tp->af_specific = &tcp_sock_ipv6_mapped_specific;
  203. #endif
  204. err = tcp_v4_connect(sk, (struct sockaddr_unsized *)&sin, sizeof(sin));
  205. if (err) {
  206. icsk->icsk_ext_hdr_len = exthdrlen;
  207. /* Paired with READ_ONCE() in tcp_(get|set)sockopt() */
  208. WRITE_ONCE(icsk->icsk_af_ops, &ipv6_specific);
  209. if (sk_is_mptcp(sk))
  210. mptcpv6_handle_mapped(sk, false);
  211. sk->sk_backlog_rcv = tcp_v6_do_rcv;
  212. #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
  213. tp->af_specific = &tcp_sock_ipv6_specific;
  214. #endif
  215. goto failure;
  216. }
  217. np->saddr = sk->sk_v6_rcv_saddr;
  218. return err;
  219. }
  220. if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
  221. saddr = &sk->sk_v6_rcv_saddr;
  222. fl6->flowi6_proto = IPPROTO_TCP;
  223. fl6->daddr = sk->sk_v6_daddr;
  224. fl6->saddr = saddr ? *saddr : np->saddr;
  225. fl6->flowlabel = ip6_make_flowinfo(np->tclass, np->flow_label);
  226. fl6->flowi6_oif = sk->sk_bound_dev_if;
  227. fl6->flowi6_mark = sk->sk_mark;
  228. fl6->fl6_dport = usin->sin6_port;
  229. fl6->fl6_sport = inet->inet_sport;
  230. if (IS_ENABLED(CONFIG_IP_ROUTE_MULTIPATH) && !fl6->fl6_sport)
  231. fl6->flowi6_flags = FLOWI_FLAG_ANY_SPORT;
  232. fl6->flowi6_uid = sk_uid(sk);
  233. opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
  234. final_p = fl6_update_dst(fl6, opt, &np->final);
  235. security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6));
  236. dst = ip6_dst_lookup_flow(net, sk, fl6, final_p);
  237. if (IS_ERR(dst)) {
  238. err = PTR_ERR(dst);
  239. goto failure;
  240. }
  241. tp->tcp_usec_ts = dst_tcp_usec_ts(dst);
  242. tcp_death_row = &sock_net(sk)->ipv4.tcp_death_row;
  243. if (!saddr) {
  244. saddr = &fl6->saddr;
  245. err = inet_bhash2_update_saddr(sk, saddr, AF_INET6);
  246. if (err)
  247. goto failure;
  248. }
  249. /* set the source address */
  250. np->saddr = *saddr;
  251. inet->inet_rcv_saddr = LOOPBACK4_IPV6;
  252. sk->sk_gso_type = SKB_GSO_TCPV6;
  253. ip6_dst_store(sk, dst, false, false);
  254. icsk->icsk_ext_hdr_len = psp_sk_overhead(sk);
  255. if (opt)
  256. icsk->icsk_ext_hdr_len += opt->opt_flen +
  257. opt->opt_nflen;
  258. tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
  259. inet->inet_dport = usin->sin6_port;
  260. tcp_set_state(sk, TCP_SYN_SENT);
  261. err = inet6_hash_connect(tcp_death_row, sk);
  262. if (err)
  263. goto late_failure;
  264. sk_set_txhash(sk);
  265. if (likely(!tp->repair)) {
  266. union tcp_seq_and_ts_off st;
  267. st = secure_tcpv6_seq_and_ts_off(net,
  268. np->saddr.s6_addr32,
  269. sk->sk_v6_daddr.s6_addr32,
  270. inet->inet_sport,
  271. inet->inet_dport);
  272. if (!tp->write_seq)
  273. WRITE_ONCE(tp->write_seq, st.seq);
  274. tp->tsoffset = st.ts_off;
  275. }
  276. if (tcp_fastopen_defer_connect(sk, &err))
  277. return err;
  278. if (err)
  279. goto late_failure;
  280. err = tcp_connect(sk);
  281. if (err)
  282. goto late_failure;
  283. return 0;
  284. late_failure:
  285. tcp_set_state(sk, TCP_CLOSE);
  286. inet_bhash2_reset_saddr(sk);
  287. failure:
  288. inet->inet_dport = 0;
  289. sk->sk_route_caps = 0;
  290. return err;
  291. }
  292. static void tcp_v6_mtu_reduced(struct sock *sk)
  293. {
  294. struct dst_entry *dst;
  295. u32 mtu, dmtu;
  296. if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
  297. return;
  298. mtu = READ_ONCE(tcp_sk(sk)->mtu_info);
  299. /* Drop requests trying to increase our current mss.
  300. * Check done in __ip6_rt_update_pmtu() is too late.
  301. */
  302. if (tcp_mtu_to_mss(sk, mtu) >= tcp_sk(sk)->mss_cache)
  303. return;
  304. dst = inet6_csk_update_pmtu(sk, mtu);
  305. if (!dst)
  306. return;
  307. dmtu = dst6_mtu(dst);
  308. if (inet_csk(sk)->icsk_pmtu_cookie > dmtu) {
  309. tcp_sync_mss(sk, dmtu);
  310. tcp_simple_retransmit(sk);
  311. }
  312. }
  313. static int tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
  314. u8 type, u8 code, int offset, __be32 info)
  315. {
  316. const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
  317. const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
  318. struct net *net = dev_net_rcu(skb->dev);
  319. struct request_sock *fastopen;
  320. struct ipv6_pinfo *np;
  321. struct tcp_sock *tp;
  322. __u32 seq, snd_una;
  323. struct sock *sk;
  324. bool fatal;
  325. int err;
  326. sk = __inet6_lookup_established(net, &hdr->daddr, th->dest,
  327. &hdr->saddr, ntohs(th->source),
  328. skb->dev->ifindex, inet6_sdif(skb));
  329. if (!sk) {
  330. __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev),
  331. ICMP6_MIB_INERRORS);
  332. return -ENOENT;
  333. }
  334. if (sk->sk_state == TCP_TIME_WAIT) {
  335. /* To increase the counter of ignored icmps for TCP-AO */
  336. tcp_ao_ignore_icmp(sk, AF_INET6, type, code);
  337. inet_twsk_put(inet_twsk(sk));
  338. return 0;
  339. }
  340. seq = ntohl(th->seq);
  341. fatal = icmpv6_err_convert(type, code, &err);
  342. if (sk->sk_state == TCP_NEW_SYN_RECV) {
  343. tcp_req_err(sk, seq, fatal);
  344. return 0;
  345. }
  346. if (tcp_ao_ignore_icmp(sk, AF_INET6, type, code)) {
  347. sock_put(sk);
  348. return 0;
  349. }
  350. bh_lock_sock(sk);
  351. if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
  352. __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS);
  353. if (sk->sk_state == TCP_CLOSE)
  354. goto out;
  355. if (static_branch_unlikely(&ip6_min_hopcount)) {
  356. /* min_hopcount can be changed concurrently from do_ipv6_setsockopt() */
  357. if (ipv6_hdr(skb)->hop_limit < READ_ONCE(tcp_inet6_sk(sk)->min_hopcount)) {
  358. __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
  359. goto out;
  360. }
  361. }
  362. tp = tcp_sk(sk);
  363. /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
  364. fastopen = rcu_dereference(tp->fastopen_rsk);
  365. snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
  366. if (sk->sk_state != TCP_LISTEN &&
  367. !between(seq, snd_una, tp->snd_nxt)) {
  368. __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
  369. goto out;
  370. }
  371. np = tcp_inet6_sk(sk);
  372. if (type == NDISC_REDIRECT) {
  373. if (!sock_owned_by_user(sk)) {
  374. struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
  375. if (dst)
  376. dst->ops->redirect(dst, sk, skb);
  377. }
  378. goto out;
  379. }
  380. if (type == ICMPV6_PKT_TOOBIG) {
  381. u32 mtu = ntohl(info);
  382. /* We are not interested in TCP_LISTEN and open_requests
  383. * (SYN-ACKs send out by Linux are always <576bytes so
  384. * they should go through unfragmented).
  385. */
  386. if (sk->sk_state == TCP_LISTEN)
  387. goto out;
  388. if (!ip6_sk_accept_pmtu(sk))
  389. goto out;
  390. if (mtu < IPV6_MIN_MTU)
  391. goto out;
  392. WRITE_ONCE(tp->mtu_info, mtu);
  393. if (!sock_owned_by_user(sk))
  394. tcp_v6_mtu_reduced(sk);
  395. else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
  396. &sk->sk_tsq_flags))
  397. sock_hold(sk);
  398. goto out;
  399. }
  400. /* Might be for an request_sock */
  401. switch (sk->sk_state) {
  402. case TCP_SYN_SENT:
  403. case TCP_SYN_RECV:
  404. /* Only in fast or simultaneous open. If a fast open socket is
  405. * already accepted it is treated as a connected one below.
  406. */
  407. if (fastopen && !fastopen->sk)
  408. break;
  409. ipv6_icmp_error(sk, skb, err, th->dest, ntohl(info), (u8 *)th);
  410. if (!sock_owned_by_user(sk))
  411. tcp_done_with_error(sk, err);
  412. else
  413. WRITE_ONCE(sk->sk_err_soft, err);
  414. goto out;
  415. case TCP_LISTEN:
  416. break;
  417. default:
  418. /* check if this ICMP message allows revert of backoff.
  419. * (see RFC 6069)
  420. */
  421. if (!fastopen && type == ICMPV6_DEST_UNREACH &&
  422. code == ICMPV6_NOROUTE)
  423. tcp_ld_RTO_revert(sk, seq);
  424. }
  425. if (!sock_owned_by_user(sk) && inet6_test_bit(RECVERR6, sk)) {
  426. WRITE_ONCE(sk->sk_err, err);
  427. sk_error_report(sk);
  428. } else {
  429. WRITE_ONCE(sk->sk_err_soft, err);
  430. }
  431. out:
  432. bh_unlock_sock(sk);
  433. sock_put(sk);
  434. return 0;
  435. }
  436. static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst,
  437. struct flowi *fl,
  438. struct request_sock *req,
  439. struct tcp_fastopen_cookie *foc,
  440. enum tcp_synack_type synack_type,
  441. struct sk_buff *syn_skb)
  442. {
  443. struct inet_request_sock *ireq = inet_rsk(req);
  444. const struct ipv6_pinfo *np = tcp_inet6_sk(sk);
  445. struct ipv6_txoptions *opt;
  446. struct flowi6 *fl6 = &fl->u.ip6;
  447. struct sk_buff *skb;
  448. int err = -ENOMEM;
  449. u8 tclass;
  450. /* First, grab a route. */
  451. if (!dst && (dst = inet6_csk_route_req(sk, NULL, fl6, req,
  452. IPPROTO_TCP)) == NULL)
  453. goto done;
  454. skb = tcp_make_synack(sk, dst, req, foc, synack_type, syn_skb);
  455. if (skb) {
  456. tcp_rsk(req)->syn_ect_snt = np->tclass & INET_ECN_MASK;
  457. __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
  458. &ireq->ir_v6_rmt_addr);
  459. fl6->daddr = ireq->ir_v6_rmt_addr;
  460. if (inet6_test_bit(REPFLOW, sk) && ireq->pktopts)
  461. fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
  462. tclass = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_reflect_tos) ?
  463. (tcp_rsk(req)->syn_tos & ~INET_ECN_MASK) |
  464. (np->tclass & INET_ECN_MASK) :
  465. np->tclass;
  466. if (!INET_ECN_is_capable(tclass) &&
  467. tcp_bpf_ca_needs_ecn((struct sock *)req))
  468. tclass |= INET_ECN_ECT_0;
  469. rcu_read_lock();
  470. opt = ireq->ipv6_opt;
  471. if (!opt)
  472. opt = rcu_dereference(np->opt);
  473. err = ip6_xmit(sk, skb, fl6, skb->mark ? : READ_ONCE(sk->sk_mark),
  474. opt, tclass, READ_ONCE(sk->sk_priority));
  475. rcu_read_unlock();
  476. err = net_xmit_eval(err);
  477. }
  478. done:
  479. return err;
  480. }
  481. static void tcp_v6_reqsk_destructor(struct request_sock *req)
  482. {
  483. kfree(inet_rsk(req)->ipv6_opt);
  484. consume_skb(inet_rsk(req)->pktopts);
  485. }
  486. #ifdef CONFIG_TCP_MD5SIG
  487. static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
  488. const struct in6_addr *addr,
  489. int l3index)
  490. {
  491. return tcp_md5_do_lookup(sk, l3index,
  492. (union tcp_md5_addr *)addr, AF_INET6);
  493. }
  494. static struct tcp_md5sig_key *tcp_v6_md5_lookup(const struct sock *sk,
  495. const struct sock *addr_sk)
  496. {
  497. int l3index;
  498. l3index = l3mdev_master_ifindex_by_index(sock_net(sk),
  499. addr_sk->sk_bound_dev_if);
  500. return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr,
  501. l3index);
  502. }
  503. static int tcp_v6_parse_md5_keys(struct sock *sk, int optname,
  504. sockptr_t optval, int optlen)
  505. {
  506. struct tcp_md5sig cmd;
  507. struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
  508. union tcp_ao_addr *addr;
  509. int l3index = 0;
  510. u8 prefixlen;
  511. bool l3flag;
  512. u8 flags;
  513. if (optlen < sizeof(cmd))
  514. return -EINVAL;
  515. if (copy_from_sockptr(&cmd, optval, sizeof(cmd)))
  516. return -EFAULT;
  517. if (sin6->sin6_family != AF_INET6)
  518. return -EINVAL;
  519. flags = cmd.tcpm_flags & TCP_MD5SIG_FLAG_IFINDEX;
  520. l3flag = cmd.tcpm_flags & TCP_MD5SIG_FLAG_IFINDEX;
  521. if (optname == TCP_MD5SIG_EXT &&
  522. cmd.tcpm_flags & TCP_MD5SIG_FLAG_PREFIX) {
  523. prefixlen = cmd.tcpm_prefixlen;
  524. if (prefixlen > 128 || (ipv6_addr_v4mapped(&sin6->sin6_addr) &&
  525. prefixlen > 32))
  526. return -EINVAL;
  527. } else {
  528. prefixlen = ipv6_addr_v4mapped(&sin6->sin6_addr) ? 32 : 128;
  529. }
  530. if (optname == TCP_MD5SIG_EXT && cmd.tcpm_ifindex &&
  531. cmd.tcpm_flags & TCP_MD5SIG_FLAG_IFINDEX) {
  532. struct net_device *dev;
  533. rcu_read_lock();
  534. dev = dev_get_by_index_rcu(sock_net(sk), cmd.tcpm_ifindex);
  535. if (dev && netif_is_l3_master(dev))
  536. l3index = dev->ifindex;
  537. rcu_read_unlock();
  538. /* ok to reference set/not set outside of rcu;
  539. * right now device MUST be an L3 master
  540. */
  541. if (!dev || !l3index)
  542. return -EINVAL;
  543. }
  544. if (!cmd.tcpm_keylen) {
  545. if (ipv6_addr_v4mapped(&sin6->sin6_addr))
  546. return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
  547. AF_INET, prefixlen,
  548. l3index, flags);
  549. return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
  550. AF_INET6, prefixlen, l3index, flags);
  551. }
  552. if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
  553. return -EINVAL;
  554. if (ipv6_addr_v4mapped(&sin6->sin6_addr)) {
  555. addr = (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3];
  556. /* Don't allow keys for peers that have a matching TCP-AO key.
  557. * See the comment in tcp_ao_add_cmd()
  558. */
  559. if (tcp_ao_required(sk, addr, AF_INET,
  560. l3flag ? l3index : -1, false))
  561. return -EKEYREJECTED;
  562. return tcp_md5_do_add(sk, addr,
  563. AF_INET, prefixlen, l3index, flags,
  564. cmd.tcpm_key, cmd.tcpm_keylen);
  565. }
  566. addr = (union tcp_md5_addr *)&sin6->sin6_addr;
  567. /* Don't allow keys for peers that have a matching TCP-AO key.
  568. * See the comment in tcp_ao_add_cmd()
  569. */
  570. if (tcp_ao_required(sk, addr, AF_INET6, l3flag ? l3index : -1, false))
  571. return -EKEYREJECTED;
  572. return tcp_md5_do_add(sk, addr, AF_INET6, prefixlen, l3index, flags,
  573. cmd.tcpm_key, cmd.tcpm_keylen);
  574. }
  575. static void tcp_v6_md5_hash_headers(struct md5_ctx *ctx,
  576. const struct in6_addr *daddr,
  577. const struct in6_addr *saddr,
  578. const struct tcphdr *th, int nbytes)
  579. {
  580. struct {
  581. struct tcp6_pseudohdr ip; /* TCP pseudo-header (RFC2460) */
  582. struct tcphdr tcp;
  583. } h;
  584. h.ip.saddr = *saddr;
  585. h.ip.daddr = *daddr;
  586. h.ip.protocol = cpu_to_be32(IPPROTO_TCP);
  587. h.ip.len = cpu_to_be32(nbytes);
  588. h.tcp = *th;
  589. h.tcp.check = 0;
  590. md5_update(ctx, (const u8 *)&h, sizeof(h.ip) + sizeof(h.tcp));
  591. }
  592. static noinline_for_stack void
  593. tcp_v6_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
  594. const struct in6_addr *daddr, struct in6_addr *saddr,
  595. const struct tcphdr *th)
  596. {
  597. struct md5_ctx ctx;
  598. md5_init(&ctx);
  599. tcp_v6_md5_hash_headers(&ctx, daddr, saddr, th, th->doff << 2);
  600. tcp_md5_hash_key(&ctx, key);
  601. md5_final(&ctx, md5_hash);
  602. }
  603. static noinline_for_stack void
  604. tcp_v6_md5_hash_skb(char *md5_hash, const struct tcp_md5sig_key *key,
  605. const struct sock *sk, const struct sk_buff *skb)
  606. {
  607. const struct tcphdr *th = tcp_hdr(skb);
  608. const struct in6_addr *saddr, *daddr;
  609. struct md5_ctx ctx;
  610. if (sk) { /* valid for establish/request sockets */
  611. saddr = &sk->sk_v6_rcv_saddr;
  612. daddr = &sk->sk_v6_daddr;
  613. } else {
  614. const struct ipv6hdr *ip6h = ipv6_hdr(skb);
  615. saddr = &ip6h->saddr;
  616. daddr = &ip6h->daddr;
  617. }
  618. md5_init(&ctx);
  619. tcp_v6_md5_hash_headers(&ctx, daddr, saddr, th, skb->len);
  620. tcp_md5_hash_skb_data(&ctx, skb, th->doff << 2);
  621. tcp_md5_hash_key(&ctx, key);
  622. md5_final(&ctx, md5_hash);
  623. }
  624. #endif
  625. static void tcp_v6_init_req(struct request_sock *req,
  626. const struct sock *sk_listener,
  627. struct sk_buff *skb,
  628. u32 tw_isn)
  629. {
  630. bool l3_slave = ipv6_l3mdev_skb(TCP_SKB_CB(skb)->header.h6.flags);
  631. struct inet_request_sock *ireq = inet_rsk(req);
  632. const struct ipv6_pinfo *np = tcp_inet6_sk(sk_listener);
  633. ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
  634. ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
  635. ireq->ir_rmt_addr = LOOPBACK4_IPV6;
  636. ireq->ir_loc_addr = LOOPBACK4_IPV6;
  637. /* So that link locals have meaning */
  638. if ((!sk_listener->sk_bound_dev_if || l3_slave) &&
  639. ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
  640. ireq->ir_iif = tcp_v6_iif(skb);
  641. if (!tw_isn &&
  642. (ipv6_opt_accepted(sk_listener, skb, &TCP_SKB_CB(skb)->header.h6) ||
  643. np->rxopt.bits.rxinfo ||
  644. np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim ||
  645. np->rxopt.bits.rxohlim || inet6_test_bit(REPFLOW, sk_listener))) {
  646. refcount_inc(&skb->users);
  647. ireq->pktopts = skb;
  648. }
  649. }
  650. static struct dst_entry *tcp_v6_route_req(const struct sock *sk,
  651. struct sk_buff *skb,
  652. struct flowi *fl,
  653. struct request_sock *req,
  654. u32 tw_isn)
  655. {
  656. tcp_v6_init_req(req, sk, skb, tw_isn);
  657. if (security_inet_conn_request(sk, skb, req))
  658. return NULL;
  659. return inet6_csk_route_req(sk, NULL, &fl->u.ip6, req, IPPROTO_TCP);
  660. }
  661. struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
  662. .family = AF_INET6,
  663. .obj_size = sizeof(struct tcp6_request_sock),
  664. .send_ack = tcp_v6_reqsk_send_ack,
  665. .destructor = tcp_v6_reqsk_destructor,
  666. .send_reset = tcp_v6_send_reset,
  667. };
  668. const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
  669. .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) -
  670. sizeof(struct ipv6hdr),
  671. #ifdef CONFIG_TCP_MD5SIG
  672. .req_md5_lookup = tcp_v6_md5_lookup,
  673. .calc_md5_hash = tcp_v6_md5_hash_skb,
  674. #endif
  675. #ifdef CONFIG_TCP_AO
  676. .ao_lookup = tcp_v6_ao_lookup_rsk,
  677. .ao_calc_key = tcp_v6_ao_calc_key_rsk,
  678. .ao_synack_hash = tcp_v6_ao_synack_hash,
  679. #endif
  680. #ifdef CONFIG_SYN_COOKIES
  681. .cookie_init_seq = cookie_v6_init_sequence,
  682. #endif
  683. .route_req = tcp_v6_route_req,
  684. .init_seq_and_ts_off = tcp_v6_init_seq_and_ts_off,
  685. .send_synack = tcp_v6_send_synack,
  686. };
  687. static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 seq,
  688. u32 ack, u32 win, u32 tsval, u32 tsecr,
  689. int oif, int rst, u8 tclass, __be32 label,
  690. u32 priority, u32 txhash, struct tcp_key *key)
  691. {
  692. struct net *net = sk ? sock_net(sk) : skb_dst_dev_net_rcu(skb);
  693. unsigned int tot_len = sizeof(struct tcphdr);
  694. struct sock *ctl_sk = net->ipv6.tcp_sk;
  695. const struct tcphdr *th = tcp_hdr(skb);
  696. __be32 mrst = 0, *topt;
  697. struct dst_entry *dst;
  698. struct sk_buff *buff;
  699. struct tcphdr *t1;
  700. struct flowi6 fl6;
  701. u32 mark = 0;
  702. if (tsecr)
  703. tot_len += TCPOLEN_TSTAMP_ALIGNED;
  704. if (tcp_key_is_md5(key))
  705. tot_len += TCPOLEN_MD5SIG_ALIGNED;
  706. if (tcp_key_is_ao(key))
  707. tot_len += tcp_ao_len_aligned(key->ao_key);
  708. #ifdef CONFIG_MPTCP
  709. if (rst && !tcp_key_is_md5(key)) {
  710. mrst = mptcp_reset_option(skb);
  711. if (mrst)
  712. tot_len += sizeof(__be32);
  713. }
  714. #endif
  715. buff = alloc_skb(MAX_TCP_HEADER, GFP_ATOMIC);
  716. if (!buff)
  717. return;
  718. skb_reserve(buff, MAX_TCP_HEADER);
  719. t1 = skb_push(buff, tot_len);
  720. skb_reset_transport_header(buff);
  721. /* Swap the send and the receive. */
  722. memset(t1, 0, sizeof(*t1));
  723. t1->dest = th->source;
  724. t1->source = th->dest;
  725. t1->doff = tot_len / 4;
  726. t1->seq = htonl(seq);
  727. t1->ack_seq = htonl(ack);
  728. t1->ack = !rst || !th->ack;
  729. t1->rst = rst;
  730. t1->window = htons(win);
  731. topt = (__be32 *)(t1 + 1);
  732. if (tsecr) {
  733. *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
  734. (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
  735. *topt++ = htonl(tsval);
  736. *topt++ = htonl(tsecr);
  737. }
  738. if (mrst)
  739. *topt++ = mrst;
  740. #ifdef CONFIG_TCP_MD5SIG
  741. if (tcp_key_is_md5(key)) {
  742. *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
  743. (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
  744. tcp_v6_md5_hash_hdr((__u8 *)topt, key->md5_key,
  745. &ipv6_hdr(skb)->saddr,
  746. &ipv6_hdr(skb)->daddr, t1);
  747. }
  748. #endif
  749. #ifdef CONFIG_TCP_AO
  750. if (tcp_key_is_ao(key)) {
  751. *topt++ = htonl((TCPOPT_AO << 24) |
  752. (tcp_ao_len(key->ao_key) << 16) |
  753. (key->ao_key->sndid << 8) |
  754. (key->rcv_next));
  755. tcp_ao_hash_hdr(AF_INET6, (char *)topt, key->ao_key,
  756. key->traffic_key,
  757. (union tcp_ao_addr *)&ipv6_hdr(skb)->saddr,
  758. (union tcp_ao_addr *)&ipv6_hdr(skb)->daddr,
  759. t1, key->sne);
  760. }
  761. #endif
  762. memset(&fl6, 0, sizeof(fl6));
  763. fl6.daddr = ipv6_hdr(skb)->saddr;
  764. fl6.saddr = ipv6_hdr(skb)->daddr;
  765. fl6.flowlabel = label;
  766. buff->ip_summed = CHECKSUM_PARTIAL;
  767. __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
  768. fl6.flowi6_proto = IPPROTO_TCP;
  769. if (rt6_need_strict(&fl6.daddr) && !oif)
  770. fl6.flowi6_oif = tcp_v6_iif(skb);
  771. else {
  772. if (!oif && netif_index_is_l3_master(net, skb->skb_iif))
  773. oif = skb->skb_iif;
  774. fl6.flowi6_oif = oif;
  775. }
  776. if (sk) {
  777. /* unconstify the socket only to attach it to buff with care. */
  778. skb_set_owner_edemux(buff, (struct sock *)sk);
  779. psp_reply_set_decrypted(sk, buff);
  780. if (sk->sk_state == TCP_TIME_WAIT)
  781. mark = inet_twsk(sk)->tw_mark;
  782. else
  783. mark = READ_ONCE(sk->sk_mark);
  784. skb_set_delivery_time(buff, tcp_transmit_time(sk), SKB_CLOCK_MONOTONIC);
  785. }
  786. if (txhash) {
  787. /* autoflowlabel/skb_get_hash_flowi6 rely on buff->hash */
  788. skb_set_hash(buff, txhash, PKT_HASH_TYPE_L4);
  789. }
  790. fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark) ?: mark;
  791. fl6.fl6_dport = t1->dest;
  792. fl6.fl6_sport = t1->source;
  793. fl6.flowi6_uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL);
  794. security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
  795. /* Pass a socket to ip6_dst_lookup either it is for RST
  796. * Underlying function will use this to retrieve the network
  797. * namespace
  798. */
  799. if (sk && sk->sk_state != TCP_TIME_WAIT)
  800. dst = ip6_dst_lookup_flow(net, sk, &fl6, NULL); /*sk's xfrm_policy can be referred*/
  801. else
  802. dst = ip6_dst_lookup_flow(net, ctl_sk, &fl6, NULL);
  803. if (!IS_ERR(dst)) {
  804. skb_dst_set(buff, dst);
  805. ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL,
  806. tclass, priority);
  807. TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
  808. if (rst)
  809. TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
  810. return;
  811. }
  812. kfree_skb(buff);
  813. }
  814. static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb,
  815. enum sk_rst_reason reason)
  816. {
  817. const struct tcphdr *th = tcp_hdr(skb);
  818. struct ipv6hdr *ipv6h = ipv6_hdr(skb);
  819. const __u8 *md5_hash_location = NULL;
  820. #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
  821. bool allocated_traffic_key = false;
  822. #endif
  823. const struct tcp_ao_hdr *aoh;
  824. struct tcp_key key = {};
  825. u32 seq = 0, ack_seq = 0;
  826. __be32 label = 0;
  827. u32 priority = 0;
  828. struct net *net;
  829. u32 txhash = 0;
  830. int oif = 0;
  831. #ifdef CONFIG_TCP_MD5SIG
  832. unsigned char newhash[16];
  833. struct sock *sk1 = NULL;
  834. #endif
  835. if (th->rst)
  836. return;
  837. /* If sk not NULL, it means we did a successful lookup and incoming
  838. * route had to be correct. prequeue might have dropped our dst.
  839. */
  840. if (!sk && !ipv6_unicast_destination(skb))
  841. return;
  842. net = sk ? sock_net(sk) : skb_dst_dev_net_rcu(skb);
  843. /* Invalid TCP option size or twice included auth */
  844. if (tcp_parse_auth_options(th, &md5_hash_location, &aoh))
  845. return;
  846. #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
  847. rcu_read_lock();
  848. #endif
  849. #ifdef CONFIG_TCP_MD5SIG
  850. if (sk && sk_fullsock(sk)) {
  851. int l3index;
  852. /* sdif set, means packet ingressed via a device
  853. * in an L3 domain and inet_iif is set to it.
  854. */
  855. l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
  856. key.md5_key = tcp_v6_md5_do_lookup(sk, &ipv6h->saddr, l3index);
  857. if (key.md5_key)
  858. key.type = TCP_KEY_MD5;
  859. } else if (md5_hash_location) {
  860. int dif = tcp_v6_iif_l3_slave(skb);
  861. int sdif = tcp_v6_sdif(skb);
  862. int l3index;
  863. /*
  864. * active side is lost. Try to find listening socket through
  865. * source port, and then find md5 key through listening socket.
  866. * we are not loose security here:
  867. * Incoming packet is checked with md5 hash with finding key,
  868. * no RST generated if md5 hash doesn't match.
  869. */
  870. sk1 = inet6_lookup_listener(net, NULL, 0, &ipv6h->saddr, th->source,
  871. &ipv6h->daddr, ntohs(th->source),
  872. dif, sdif);
  873. if (!sk1)
  874. goto out;
  875. /* sdif set, means packet ingressed via a device
  876. * in an L3 domain and dif is set to it.
  877. */
  878. l3index = tcp_v6_sdif(skb) ? dif : 0;
  879. key.md5_key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr, l3index);
  880. if (!key.md5_key)
  881. goto out;
  882. key.type = TCP_KEY_MD5;
  883. tcp_v6_md5_hash_skb(newhash, key.md5_key, NULL, skb);
  884. if (crypto_memneq(md5_hash_location, newhash, 16))
  885. goto out;
  886. }
  887. #endif
  888. if (th->ack)
  889. seq = ntohl(th->ack_seq);
  890. else
  891. ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
  892. (th->doff << 2);
  893. #ifdef CONFIG_TCP_AO
  894. if (aoh) {
  895. int l3index;
  896. l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
  897. if (tcp_ao_prepare_reset(sk, skb, aoh, l3index, seq,
  898. &key.ao_key, &key.traffic_key,
  899. &allocated_traffic_key,
  900. &key.rcv_next, &key.sne))
  901. goto out;
  902. key.type = TCP_KEY_AO;
  903. }
  904. #endif
  905. if (sk) {
  906. oif = sk->sk_bound_dev_if;
  907. if (sk_fullsock(sk)) {
  908. if (inet6_test_bit(REPFLOW, sk))
  909. label = ip6_flowlabel(ipv6h);
  910. priority = READ_ONCE(sk->sk_priority);
  911. txhash = sk->sk_txhash;
  912. }
  913. if (sk->sk_state == TCP_TIME_WAIT) {
  914. label = cpu_to_be32(inet_twsk(sk)->tw_flowlabel);
  915. priority = inet_twsk(sk)->tw_priority;
  916. txhash = inet_twsk(sk)->tw_txhash;
  917. }
  918. } else {
  919. if (READ_ONCE(net->ipv6.sysctl.flowlabel_reflect) &
  920. FLOWLABEL_REFLECT_TCP_RESET)
  921. label = ip6_flowlabel(ipv6h);
  922. }
  923. trace_tcp_send_reset(sk, skb, reason);
  924. tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, 1,
  925. ipv6_get_dsfield(ipv6h) & ~INET_ECN_MASK,
  926. label, priority, txhash,
  927. &key);
  928. #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
  929. out:
  930. if (allocated_traffic_key)
  931. kfree(key.traffic_key);
  932. rcu_read_unlock();
  933. #endif
  934. }
  935. static void tcp_v6_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq,
  936. u32 ack, u32 win, u32 tsval, u32 tsecr, int oif,
  937. struct tcp_key *key, u8 tclass,
  938. __be32 label, u32 priority, u32 txhash)
  939. {
  940. tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, 0,
  941. tclass, label, priority, txhash, key);
  942. }
  943. static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb,
  944. enum tcp_tw_status tw_status)
  945. {
  946. struct inet_timewait_sock *tw = inet_twsk(sk);
  947. struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
  948. u8 tclass = tw->tw_tclass;
  949. struct tcp_key key = {};
  950. if (tw_status == TCP_TW_ACK_OOW)
  951. tclass &= ~INET_ECN_MASK;
  952. #ifdef CONFIG_TCP_AO
  953. struct tcp_ao_info *ao_info;
  954. if (static_branch_unlikely(&tcp_ao_needed.key)) {
  955. /* FIXME: the segment to-be-acked is not verified yet */
  956. ao_info = rcu_dereference(tcptw->ao_info);
  957. if (ao_info) {
  958. const struct tcp_ao_hdr *aoh;
  959. /* Invalid TCP option size or twice included auth */
  960. if (tcp_parse_auth_options(tcp_hdr(skb), NULL, &aoh))
  961. goto out;
  962. if (aoh)
  963. key.ao_key = tcp_ao_established_key(sk, ao_info,
  964. aoh->rnext_keyid, -1);
  965. }
  966. }
  967. if (key.ao_key) {
  968. struct tcp_ao_key *rnext_key;
  969. key.traffic_key = snd_other_key(key.ao_key);
  970. /* rcv_next switches to our rcv_next */
  971. rnext_key = READ_ONCE(ao_info->rnext_key);
  972. key.rcv_next = rnext_key->rcvid;
  973. key.sne = READ_ONCE(ao_info->snd_sne);
  974. key.type = TCP_KEY_AO;
  975. #else
  976. if (0) {
  977. #endif
  978. #ifdef CONFIG_TCP_MD5SIG
  979. } else if (static_branch_unlikely(&tcp_md5_needed.key)) {
  980. key.md5_key = tcp_twsk_md5_key(tcptw);
  981. if (key.md5_key)
  982. key.type = TCP_KEY_MD5;
  983. #endif
  984. }
  985. tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt,
  986. READ_ONCE(tcptw->tw_rcv_nxt),
  987. tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
  988. tcp_tw_tsval(tcptw),
  989. READ_ONCE(tcptw->tw_ts_recent), tw->tw_bound_dev_if,
  990. &key, tclass, cpu_to_be32(tw->tw_flowlabel),
  991. tw->tw_priority, tw->tw_txhash);
  992. #ifdef CONFIG_TCP_AO
  993. out:
  994. #endif
  995. inet_twsk_put(tw);
  996. }
  997. static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
  998. struct request_sock *req)
  999. {
  1000. struct tcp_key key = {};
  1001. #ifdef CONFIG_TCP_AO
  1002. if (static_branch_unlikely(&tcp_ao_needed.key) &&
  1003. tcp_rsk_used_ao(req)) {
  1004. const struct in6_addr *addr = &ipv6_hdr(skb)->saddr;
  1005. const struct tcp_ao_hdr *aoh;
  1006. int l3index;
  1007. l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
  1008. /* Invalid TCP option size or twice included auth */
  1009. if (tcp_parse_auth_options(tcp_hdr(skb), NULL, &aoh))
  1010. return;
  1011. if (!aoh)
  1012. return;
  1013. key.ao_key = tcp_ao_do_lookup(sk, l3index,
  1014. (union tcp_ao_addr *)addr,
  1015. AF_INET6, aoh->rnext_keyid, -1);
  1016. if (unlikely(!key.ao_key)) {
  1017. /* Send ACK with any matching MKT for the peer */
  1018. key.ao_key = tcp_ao_do_lookup(sk, l3index,
  1019. (union tcp_ao_addr *)addr,
  1020. AF_INET6, -1, -1);
  1021. /* Matching key disappeared (user removed the key?)
  1022. * let the handshake timeout.
  1023. */
  1024. if (!key.ao_key) {
  1025. net_info_ratelimited("TCP-AO key for (%pI6, %d)->(%pI6, %d) suddenly disappeared, won't ACK new connection\n",
  1026. addr,
  1027. ntohs(tcp_hdr(skb)->source),
  1028. &ipv6_hdr(skb)->daddr,
  1029. ntohs(tcp_hdr(skb)->dest));
  1030. return;
  1031. }
  1032. }
  1033. key.traffic_key = kmalloc(tcp_ao_digest_size(key.ao_key), GFP_ATOMIC);
  1034. if (!key.traffic_key)
  1035. return;
  1036. key.type = TCP_KEY_AO;
  1037. key.rcv_next = aoh->keyid;
  1038. tcp_v6_ao_calc_key_rsk(key.ao_key, key.traffic_key, req);
  1039. #else
  1040. if (0) {
  1041. #endif
  1042. #ifdef CONFIG_TCP_MD5SIG
  1043. } else if (static_branch_unlikely(&tcp_md5_needed.key)) {
  1044. int l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
  1045. key.md5_key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->saddr,
  1046. l3index);
  1047. if (key.md5_key)
  1048. key.type = TCP_KEY_MD5;
  1049. #endif
  1050. }
  1051. /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
  1052. * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
  1053. */
  1054. tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ?
  1055. tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
  1056. tcp_rsk(req)->rcv_nxt,
  1057. tcp_synack_window(req) >> inet_rsk(req)->rcv_wscale,
  1058. tcp_rsk_tsval(tcp_rsk(req)),
  1059. req->ts_recent, sk->sk_bound_dev_if,
  1060. &key, ipv6_get_dsfield(ipv6_hdr(skb)) & ~INET_ECN_MASK,
  1061. 0,
  1062. READ_ONCE(sk->sk_priority),
  1063. READ_ONCE(tcp_rsk(req)->txhash));
  1064. if (tcp_key_is_ao(&key))
  1065. kfree(key.traffic_key);
  1066. }
  1067. static struct sock *tcp_v6_cookie_check(struct sock *sk, struct sk_buff *skb)
  1068. {
  1069. #ifdef CONFIG_SYN_COOKIES
  1070. const struct tcphdr *th = tcp_hdr(skb);
  1071. if (!th->syn)
  1072. sk = cookie_v6_check(sk, skb);
  1073. #endif
  1074. return sk;
  1075. }
  1076. u16 tcp_v6_get_syncookie(struct sock *sk, struct ipv6hdr *iph,
  1077. struct tcphdr *th, u32 *cookie)
  1078. {
  1079. u16 mss = 0;
  1080. #ifdef CONFIG_SYN_COOKIES
  1081. mss = tcp_get_syncookie_mss(&tcp6_request_sock_ops,
  1082. &tcp_request_sock_ipv6_ops, sk, th);
  1083. if (mss) {
  1084. *cookie = __cookie_v6_init_sequence(iph, th, &mss);
  1085. tcp_synq_overflow(sk);
  1086. }
  1087. #endif
  1088. return mss;
  1089. }
  1090. static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
  1091. {
  1092. if (skb->protocol == htons(ETH_P_IP))
  1093. return tcp_v4_conn_request(sk, skb);
  1094. if (!ipv6_unicast_destination(skb))
  1095. goto drop;
  1096. if (ipv6_addr_v4mapped(&ipv6_hdr(skb)->saddr)) {
  1097. __IP6_INC_STATS(sock_net(sk), NULL, IPSTATS_MIB_INHDRERRORS);
  1098. return 0;
  1099. }
  1100. return tcp_conn_request(&tcp6_request_sock_ops,
  1101. &tcp_request_sock_ipv6_ops, sk, skb);
  1102. drop:
  1103. tcp_listendrop(sk);
  1104. return 0; /* don't send reset */
  1105. }
  1106. static void tcp_v6_restore_cb(struct sk_buff *skb)
  1107. {
  1108. /* We need to move header back to the beginning if xfrm6_policy_check()
  1109. * and tcp_v6_fill_cb() are going to be called again.
  1110. * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there.
  1111. */
  1112. memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
  1113. sizeof(struct inet6_skb_parm));
  1114. }
  1115. /* Called from tcp_v4_syn_recv_sock() for v6_mapped children. */
  1116. static void tcp_v6_mapped_child_init(struct sock *newsk, const struct sock *sk)
  1117. {
  1118. struct inet_sock *newinet = inet_sk(newsk);
  1119. struct ipv6_pinfo *newnp;
  1120. newinet->pinet6 = newnp = tcp_inet6_sk(newsk);
  1121. newinet->ipv6_fl_list = NULL;
  1122. memcpy(newnp, tcp_inet6_sk(sk), sizeof(struct ipv6_pinfo));
  1123. newnp->saddr = newsk->sk_v6_rcv_saddr;
  1124. inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
  1125. if (sk_is_mptcp(newsk))
  1126. mptcpv6_handle_mapped(newsk, true);
  1127. newsk->sk_backlog_rcv = tcp_v4_do_rcv;
  1128. #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
  1129. tcp_sk(newsk)->af_specific = &tcp_sock_ipv6_mapped_specific;
  1130. #endif
  1131. newnp->ipv6_mc_list = NULL;
  1132. newnp->ipv6_ac_list = NULL;
  1133. newnp->pktoptions = NULL;
  1134. newnp->opt = NULL;
  1135. /* tcp_v4_syn_recv_sock() has initialized newinet->mc_{index,ttl} */
  1136. newnp->mcast_oif = newinet->mc_index;
  1137. newnp->mcast_hops = newinet->mc_ttl;
  1138. newnp->rcv_flowinfo = 0;
  1139. if (inet6_test_bit(REPFLOW, sk))
  1140. newnp->flow_label = 0;
  1141. }
  1142. static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
  1143. struct request_sock *req,
  1144. struct dst_entry *dst,
  1145. struct request_sock *req_unhash,
  1146. bool *own_req,
  1147. void (*opt_child_init)(struct sock *newsk,
  1148. const struct sock *sk))
  1149. {
  1150. const struct ipv6_pinfo *np = tcp_inet6_sk(sk);
  1151. struct inet_request_sock *ireq;
  1152. struct ipv6_txoptions *opt;
  1153. struct inet_sock *newinet;
  1154. bool found_dup_sk = false;
  1155. struct ipv6_pinfo *newnp;
  1156. struct tcp_sock *newtp;
  1157. struct sock *newsk;
  1158. #ifdef CONFIG_TCP_MD5SIG
  1159. struct tcp_md5sig_key *key;
  1160. int l3index;
  1161. #endif
  1162. struct flowi6 fl6;
  1163. if (skb->protocol == htons(ETH_P_IP))
  1164. return tcp_v4_syn_recv_sock(sk, skb, req, dst,
  1165. req_unhash, own_req,
  1166. tcp_v6_mapped_child_init);
  1167. ireq = inet_rsk(req);
  1168. if (sk_acceptq_is_full(sk))
  1169. goto exit_overflow;
  1170. dst = inet6_csk_route_req(sk, dst, &fl6, req, IPPROTO_TCP);
  1171. if (!dst)
  1172. goto exit;
  1173. newsk = tcp_create_openreq_child(sk, req, skb);
  1174. if (!newsk)
  1175. goto exit_nonewsk;
  1176. /*
  1177. * No need to charge this sock to the relevant IPv6 refcnt debug socks
  1178. * count here, tcp_create_openreq_child now does this for us, see the
  1179. * comment in that function for the gory details. -acme
  1180. */
  1181. newsk->sk_gso_type = SKB_GSO_TCPV6;
  1182. inet6_sk_rx_dst_set(newsk, skb);
  1183. newinet = inet_sk(newsk);
  1184. newinet->cork.fl.u.ip6 = fl6;
  1185. newinet->pinet6 = tcp_inet6_sk(newsk);
  1186. newinet->ipv6_fl_list = NULL;
  1187. newinet->inet_opt = NULL;
  1188. newtp = tcp_sk(newsk);
  1189. newnp = tcp_inet6_sk(newsk);
  1190. memcpy(newnp, np, sizeof(struct ipv6_pinfo));
  1191. ip6_dst_store(newsk, dst, false, false);
  1192. newnp->saddr = ireq->ir_v6_loc_addr;
  1193. /* Now IPv6 options...
  1194. First: no IPv4 options.
  1195. */
  1196. newnp->ipv6_mc_list = NULL;
  1197. newnp->ipv6_ac_list = NULL;
  1198. /* Clone RX bits */
  1199. newnp->rxopt.all = np->rxopt.all;
  1200. newnp->pktoptions = NULL;
  1201. newnp->opt = NULL;
  1202. newnp->mcast_oif = tcp_v6_iif(skb);
  1203. newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
  1204. newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
  1205. if (inet6_test_bit(REPFLOW, sk))
  1206. newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
  1207. /* Set ToS of the new socket based upon the value of incoming SYN.
  1208. * ECT bits are set later in tcp_init_transfer().
  1209. */
  1210. if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_reflect_tos))
  1211. newnp->tclass = tcp_rsk(req)->syn_tos & ~INET_ECN_MASK;
  1212. /* Clone native IPv6 options from listening socket (if any)
  1213. Yes, keeping reference count would be much more clever,
  1214. but we make one more one thing there: reattach optmem
  1215. to newsk.
  1216. */
  1217. opt = ireq->ipv6_opt;
  1218. if (!opt)
  1219. opt = rcu_dereference(np->opt);
  1220. if (opt) {
  1221. opt = ipv6_dup_options(newsk, opt);
  1222. RCU_INIT_POINTER(newnp->opt, opt);
  1223. }
  1224. inet_csk(newsk)->icsk_ext_hdr_len = 0;
  1225. if (opt)
  1226. inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen +
  1227. opt->opt_flen;
  1228. tcp_ca_openreq_child(newsk, dst);
  1229. tcp_sync_mss(newsk, dst6_mtu(dst));
  1230. newtp->advmss = tcp_mss_clamp(tcp_sk(sk), dst_metric_advmss(dst));
  1231. tcp_initialize_rcv_mss(newsk);
  1232. #ifdef CONFIG_TCP_MD5SIG
  1233. l3index = l3mdev_master_ifindex_by_index(sock_net(sk), ireq->ir_iif);
  1234. if (!tcp_rsk_used_ao(req)) {
  1235. /* Copy over the MD5 key from the original socket */
  1236. key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr, l3index);
  1237. if (key) {
  1238. const union tcp_md5_addr *addr;
  1239. addr = (union tcp_md5_addr *)&newsk->sk_v6_daddr;
  1240. if (tcp_md5_key_copy(newsk, addr, AF_INET6, 128, l3index, key))
  1241. goto put_and_exit;
  1242. }
  1243. }
  1244. #endif
  1245. #ifdef CONFIG_TCP_AO
  1246. /* Copy over tcp_ao_info if any */
  1247. if (tcp_ao_copy_all_matching(sk, newsk, req, skb, AF_INET6))
  1248. goto put_and_exit; /* OOM */
  1249. #endif
  1250. if (__inet_inherit_port(sk, newsk) < 0)
  1251. goto put_and_exit;
  1252. *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash),
  1253. &found_dup_sk);
  1254. if (*own_req) {
  1255. tcp_move_syn(newtp, req);
  1256. /* Clone pktoptions received with SYN, if we own the req */
  1257. if (ireq->pktopts) {
  1258. newnp->pktoptions = skb_clone_and_charge_r(ireq->pktopts, newsk);
  1259. consume_skb(ireq->pktopts);
  1260. ireq->pktopts = NULL;
  1261. if (newnp->pktoptions)
  1262. tcp_v6_restore_cb(newnp->pktoptions);
  1263. }
  1264. } else {
  1265. if (!req_unhash && found_dup_sk) {
  1266. /* This code path should only be executed in the
  1267. * syncookie case only
  1268. */
  1269. bh_unlock_sock(newsk);
  1270. sock_put(newsk);
  1271. newsk = NULL;
  1272. }
  1273. }
  1274. return newsk;
  1275. exit_overflow:
  1276. __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
  1277. exit_nonewsk:
  1278. dst_release(dst);
  1279. exit:
  1280. tcp_listendrop(sk);
  1281. return NULL;
  1282. put_and_exit:
  1283. inet_csk_prepare_forced_close(newsk);
  1284. tcp_done(newsk);
  1285. goto exit;
  1286. }
  1287. INDIRECT_CALLABLE_DECLARE(struct dst_entry *ipv4_dst_check(struct dst_entry *,
  1288. u32));
  1289. /* The socket must have it's spinlock held when we get
  1290. * here, unless it is a TCP_LISTEN socket.
  1291. *
  1292. * We have a potential double-lock case here, so even when
  1293. * doing backlog processing we use the BH locking scheme.
  1294. * This is because we cannot sleep with the original spinlock
  1295. * held.
  1296. */
  1297. INDIRECT_CALLABLE_SCOPE
  1298. int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
  1299. {
  1300. struct ipv6_pinfo *np = tcp_inet6_sk(sk);
  1301. struct sk_buff *opt_skb = NULL;
  1302. enum skb_drop_reason reason;
  1303. struct tcp_sock *tp;
  1304. /* Imagine: socket is IPv6. IPv4 packet arrives,
  1305. goes to IPv4 receive handler and backlogged.
  1306. From backlog it always goes here. Kerboom...
  1307. Fortunately, tcp_rcv_established and rcv_established
  1308. handle them correctly, but it is not case with
  1309. tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
  1310. */
  1311. if (skb->protocol == htons(ETH_P_IP))
  1312. return tcp_v4_do_rcv(sk, skb);
  1313. reason = psp_sk_rx_policy_check(sk, skb);
  1314. if (reason)
  1315. goto err_discard;
  1316. /*
  1317. * socket locking is here for SMP purposes as backlog rcv
  1318. * is currently called with bh processing disabled.
  1319. */
  1320. /* Do Stevens' IPV6_PKTOPTIONS.
  1321. Yes, guys, it is the only place in our code, where we
  1322. may make it not affecting IPv4.
  1323. The rest of code is protocol independent,
  1324. and I do not like idea to uglify IPv4.
  1325. Actually, all the idea behind IPV6_PKTOPTIONS
  1326. looks not very well thought. For now we latch
  1327. options, received in the last packet, enqueued
  1328. by tcp. Feel free to propose better solution.
  1329. --ANK (980728)
  1330. */
  1331. if (np->rxopt.all && sk->sk_state != TCP_LISTEN)
  1332. opt_skb = skb_clone_and_charge_r(skb, sk);
  1333. if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
  1334. struct dst_entry *dst;
  1335. dst = rcu_dereference_protected(sk->sk_rx_dst,
  1336. lockdep_sock_is_held(sk));
  1337. sock_rps_save_rxhash(sk, skb);
  1338. sk_mark_napi_id(sk, skb);
  1339. if (dst) {
  1340. if (sk->sk_rx_dst_ifindex != skb->skb_iif ||
  1341. INDIRECT_CALL_1(dst->ops->check, ip6_dst_check,
  1342. dst, sk->sk_rx_dst_cookie) == NULL) {
  1343. RCU_INIT_POINTER(sk->sk_rx_dst, NULL);
  1344. dst_release(dst);
  1345. }
  1346. }
  1347. tcp_rcv_established(sk, skb);
  1348. if (opt_skb)
  1349. goto ipv6_pktoptions;
  1350. return 0;
  1351. }
  1352. if (tcp_checksum_complete(skb))
  1353. goto csum_err;
  1354. if (sk->sk_state == TCP_LISTEN) {
  1355. struct sock *nsk = tcp_v6_cookie_check(sk, skb);
  1356. if (nsk != sk) {
  1357. if (nsk) {
  1358. reason = tcp_child_process(sk, nsk, skb);
  1359. if (reason)
  1360. goto reset;
  1361. }
  1362. return 0;
  1363. }
  1364. } else
  1365. sock_rps_save_rxhash(sk, skb);
  1366. reason = tcp_rcv_state_process(sk, skb);
  1367. if (reason)
  1368. goto reset;
  1369. if (opt_skb)
  1370. goto ipv6_pktoptions;
  1371. return 0;
  1372. reset:
  1373. tcp_v6_send_reset(sk, skb, sk_rst_convert_drop_reason(reason));
  1374. discard:
  1375. if (opt_skb)
  1376. __kfree_skb(opt_skb);
  1377. sk_skb_reason_drop(sk, skb, reason);
  1378. return 0;
  1379. csum_err:
  1380. reason = SKB_DROP_REASON_TCP_CSUM;
  1381. trace_tcp_bad_csum(skb);
  1382. TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS);
  1383. err_discard:
  1384. TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS);
  1385. goto discard;
  1386. ipv6_pktoptions:
  1387. /* Do you ask, what is it?
  1388. 1. skb was enqueued by tcp.
  1389. 2. skb is added to tail of read queue, rather than out of order.
  1390. 3. socket is not in passive state.
  1391. 4. Finally, it really contains options, which user wants to receive.
  1392. */
  1393. tp = tcp_sk(sk);
  1394. if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
  1395. !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
  1396. if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
  1397. WRITE_ONCE(np->mcast_oif, tcp_v6_iif(opt_skb));
  1398. if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
  1399. WRITE_ONCE(np->mcast_hops,
  1400. ipv6_hdr(opt_skb)->hop_limit);
  1401. if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
  1402. np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
  1403. if (inet6_test_bit(REPFLOW, sk))
  1404. np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
  1405. if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) {
  1406. tcp_v6_restore_cb(opt_skb);
  1407. opt_skb = xchg(&np->pktoptions, opt_skb);
  1408. } else {
  1409. __kfree_skb(opt_skb);
  1410. opt_skb = xchg(&np->pktoptions, NULL);
  1411. }
  1412. }
  1413. consume_skb(opt_skb);
  1414. return 0;
  1415. }
  1416. static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
  1417. const struct tcphdr *th)
  1418. {
  1419. /* This is tricky: we move IP6CB at its correct location into
  1420. * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
  1421. * _decode_session6() uses IP6CB().
  1422. * barrier() makes sure compiler won't play aliasing games.
  1423. */
  1424. memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
  1425. sizeof(struct inet6_skb_parm));
  1426. barrier();
  1427. TCP_SKB_CB(skb)->seq = ntohl(th->seq);
  1428. TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
  1429. skb->len - th->doff*4);
  1430. TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
  1431. TCP_SKB_CB(skb)->tcp_flags = tcp_flags_ntohs(th);
  1432. TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
  1433. TCP_SKB_CB(skb)->sacked = 0;
  1434. TCP_SKB_CB(skb)->has_rxtstamp =
  1435. skb->tstamp || skb_hwtstamps(skb)->hwtstamp;
  1436. }
  1437. INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
  1438. {
  1439. struct net *net = dev_net_rcu(skb->dev);
  1440. enum skb_drop_reason drop_reason;
  1441. enum tcp_tw_status tw_status;
  1442. int sdif = inet6_sdif(skb);
  1443. int dif = inet6_iif(skb);
  1444. const struct tcphdr *th;
  1445. const struct ipv6hdr *hdr;
  1446. struct sock *sk = NULL;
  1447. bool refcounted;
  1448. int ret;
  1449. u32 isn;
  1450. drop_reason = SKB_DROP_REASON_NOT_SPECIFIED;
  1451. if (skb->pkt_type != PACKET_HOST)
  1452. goto discard_it;
  1453. /*
  1454. * Count it even if it's bad.
  1455. */
  1456. __TCP_INC_STATS(net, TCP_MIB_INSEGS);
  1457. if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
  1458. goto discard_it;
  1459. th = (const struct tcphdr *)skb->data;
  1460. if (unlikely(th->doff < sizeof(struct tcphdr) / 4)) {
  1461. drop_reason = SKB_DROP_REASON_PKT_TOO_SMALL;
  1462. goto bad_packet;
  1463. }
  1464. if (!pskb_may_pull(skb, th->doff*4))
  1465. goto discard_it;
  1466. if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo))
  1467. goto csum_error;
  1468. th = (const struct tcphdr *)skb->data;
  1469. hdr = ipv6_hdr(skb);
  1470. lookup:
  1471. sk = __inet6_lookup_skb(skb, __tcp_hdrlen(th),
  1472. th->source, th->dest, inet6_iif(skb), sdif,
  1473. &refcounted);
  1474. if (!sk)
  1475. goto no_tcp_socket;
  1476. if (sk->sk_state == TCP_TIME_WAIT)
  1477. goto do_time_wait;
  1478. if (sk->sk_state == TCP_NEW_SYN_RECV) {
  1479. struct request_sock *req = inet_reqsk(sk);
  1480. bool req_stolen = false;
  1481. struct sock *nsk;
  1482. sk = req->rsk_listener;
  1483. if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
  1484. drop_reason = SKB_DROP_REASON_XFRM_POLICY;
  1485. else
  1486. drop_reason = tcp_inbound_hash(sk, req, skb,
  1487. &hdr->saddr, &hdr->daddr,
  1488. AF_INET6, dif, sdif);
  1489. if (drop_reason) {
  1490. sk_drops_skbadd(sk, skb);
  1491. reqsk_put(req);
  1492. goto discard_it;
  1493. }
  1494. if (tcp_checksum_complete(skb)) {
  1495. reqsk_put(req);
  1496. goto csum_error;
  1497. }
  1498. if (unlikely(sk->sk_state != TCP_LISTEN)) {
  1499. nsk = reuseport_migrate_sock(sk, req_to_sk(req), skb);
  1500. if (!nsk) {
  1501. inet_csk_reqsk_queue_drop_and_put(sk, req);
  1502. goto lookup;
  1503. }
  1504. sk = nsk;
  1505. /* reuseport_migrate_sock() has already held one sk_refcnt
  1506. * before returning.
  1507. */
  1508. } else {
  1509. sock_hold(sk);
  1510. }
  1511. refcounted = true;
  1512. nsk = NULL;
  1513. if (!tcp_filter(sk, skb, &drop_reason)) {
  1514. th = (const struct tcphdr *)skb->data;
  1515. hdr = ipv6_hdr(skb);
  1516. tcp_v6_fill_cb(skb, hdr, th);
  1517. nsk = tcp_check_req(sk, skb, req, false, &req_stolen,
  1518. &drop_reason);
  1519. }
  1520. if (!nsk) {
  1521. reqsk_put(req);
  1522. if (req_stolen) {
  1523. /* Another cpu got exclusive access to req
  1524. * and created a full blown socket.
  1525. * Try to feed this packet to this socket
  1526. * instead of discarding it.
  1527. */
  1528. tcp_v6_restore_cb(skb);
  1529. sock_put(sk);
  1530. goto lookup;
  1531. }
  1532. goto discard_and_relse;
  1533. }
  1534. nf_reset_ct(skb);
  1535. if (nsk == sk) {
  1536. reqsk_put(req);
  1537. tcp_v6_restore_cb(skb);
  1538. } else {
  1539. drop_reason = tcp_child_process(sk, nsk, skb);
  1540. if (drop_reason) {
  1541. enum sk_rst_reason rst_reason;
  1542. rst_reason = sk_rst_convert_drop_reason(drop_reason);
  1543. tcp_v6_send_reset(nsk, skb, rst_reason);
  1544. goto discard_and_relse;
  1545. }
  1546. sock_put(sk);
  1547. return 0;
  1548. }
  1549. }
  1550. process:
  1551. if (static_branch_unlikely(&ip6_min_hopcount)) {
  1552. /* min_hopcount can be changed concurrently from do_ipv6_setsockopt() */
  1553. if (unlikely(hdr->hop_limit < READ_ONCE(tcp_inet6_sk(sk)->min_hopcount))) {
  1554. __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
  1555. drop_reason = SKB_DROP_REASON_TCP_MINTTL;
  1556. goto discard_and_relse;
  1557. }
  1558. }
  1559. if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) {
  1560. drop_reason = SKB_DROP_REASON_XFRM_POLICY;
  1561. goto discard_and_relse;
  1562. }
  1563. drop_reason = tcp_inbound_hash(sk, NULL, skb, &hdr->saddr, &hdr->daddr,
  1564. AF_INET6, dif, sdif);
  1565. if (drop_reason)
  1566. goto discard_and_relse;
  1567. nf_reset_ct(skb);
  1568. if (tcp_filter(sk, skb, &drop_reason))
  1569. goto discard_and_relse;
  1570. th = (const struct tcphdr *)skb->data;
  1571. hdr = ipv6_hdr(skb);
  1572. tcp_v6_fill_cb(skb, hdr, th);
  1573. skb->dev = NULL;
  1574. if (sk->sk_state == TCP_LISTEN) {
  1575. ret = tcp_v6_do_rcv(sk, skb);
  1576. goto put_and_return;
  1577. }
  1578. sk_incoming_cpu_update(sk);
  1579. bh_lock_sock_nested(sk);
  1580. tcp_segs_in(tcp_sk(sk), skb);
  1581. ret = 0;
  1582. if (!sock_owned_by_user(sk)) {
  1583. ret = tcp_v6_do_rcv(sk, skb);
  1584. } else {
  1585. if (tcp_add_backlog(sk, skb, &drop_reason))
  1586. goto discard_and_relse;
  1587. }
  1588. bh_unlock_sock(sk);
  1589. put_and_return:
  1590. if (refcounted)
  1591. sock_put(sk);
  1592. return ret ? -1 : 0;
  1593. no_tcp_socket:
  1594. drop_reason = SKB_DROP_REASON_NO_SOCKET;
  1595. if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
  1596. goto discard_it;
  1597. tcp_v6_fill_cb(skb, hdr, th);
  1598. if (tcp_checksum_complete(skb)) {
  1599. csum_error:
  1600. drop_reason = SKB_DROP_REASON_TCP_CSUM;
  1601. trace_tcp_bad_csum(skb);
  1602. __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS);
  1603. bad_packet:
  1604. __TCP_INC_STATS(net, TCP_MIB_INERRS);
  1605. } else {
  1606. tcp_v6_send_reset(NULL, skb, sk_rst_convert_drop_reason(drop_reason));
  1607. }
  1608. discard_it:
  1609. SKB_DR_OR(drop_reason, NOT_SPECIFIED);
  1610. sk_skb_reason_drop(sk, skb, drop_reason);
  1611. return 0;
  1612. discard_and_relse:
  1613. sk_drops_skbadd(sk, skb);
  1614. if (refcounted)
  1615. sock_put(sk);
  1616. goto discard_it;
  1617. do_time_wait:
  1618. if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
  1619. drop_reason = SKB_DROP_REASON_XFRM_POLICY;
  1620. inet_twsk_put(inet_twsk(sk));
  1621. goto discard_it;
  1622. }
  1623. tcp_v6_fill_cb(skb, hdr, th);
  1624. if (tcp_checksum_complete(skb)) {
  1625. inet_twsk_put(inet_twsk(sk));
  1626. goto csum_error;
  1627. }
  1628. tw_status = tcp_timewait_state_process(inet_twsk(sk), skb, th, &isn,
  1629. &drop_reason);
  1630. switch (tw_status) {
  1631. case TCP_TW_SYN:
  1632. {
  1633. struct sock *sk2;
  1634. sk2 = inet6_lookup_listener(net, skb, __tcp_hdrlen(th),
  1635. &ipv6_hdr(skb)->saddr, th->source,
  1636. &ipv6_hdr(skb)->daddr,
  1637. ntohs(th->dest),
  1638. tcp_v6_iif_l3_slave(skb),
  1639. sdif);
  1640. if (sk2) {
  1641. struct inet_timewait_sock *tw = inet_twsk(sk);
  1642. inet_twsk_deschedule_put(tw);
  1643. sk = sk2;
  1644. tcp_v6_restore_cb(skb);
  1645. refcounted = false;
  1646. __this_cpu_write(tcp_tw_isn, isn);
  1647. goto process;
  1648. }
  1649. drop_reason = psp_twsk_rx_policy_check(inet_twsk(sk), skb);
  1650. if (drop_reason)
  1651. break;
  1652. }
  1653. /* to ACK */
  1654. fallthrough;
  1655. case TCP_TW_ACK:
  1656. case TCP_TW_ACK_OOW:
  1657. tcp_v6_timewait_ack(sk, skb, tw_status);
  1658. break;
  1659. case TCP_TW_RST:
  1660. tcp_v6_send_reset(sk, skb, SK_RST_REASON_TCP_TIMEWAIT_SOCKET);
  1661. inet_twsk_deschedule_put(inet_twsk(sk));
  1662. goto discard_it;
  1663. case TCP_TW_SUCCESS:
  1664. ;
  1665. }
  1666. goto discard_it;
  1667. }
  1668. void tcp_v6_early_demux(struct sk_buff *skb)
  1669. {
  1670. struct net *net = dev_net_rcu(skb->dev);
  1671. const struct ipv6hdr *hdr;
  1672. const struct tcphdr *th;
  1673. struct sock *sk;
  1674. if (skb->pkt_type != PACKET_HOST)
  1675. return;
  1676. if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
  1677. return;
  1678. hdr = ipv6_hdr(skb);
  1679. th = tcp_hdr(skb);
  1680. if (th->doff < sizeof(struct tcphdr) / 4)
  1681. return;
  1682. /* Note : We use inet6_iif() here, not tcp_v6_iif() */
  1683. sk = __inet6_lookup_established(net, &hdr->saddr, th->source,
  1684. &hdr->daddr, ntohs(th->dest),
  1685. inet6_iif(skb), inet6_sdif(skb));
  1686. if (sk) {
  1687. skb->sk = sk;
  1688. skb->destructor = sock_edemux;
  1689. if (sk_fullsock(sk)) {
  1690. struct dst_entry *dst = rcu_dereference(sk->sk_rx_dst);
  1691. if (dst)
  1692. dst = dst_check(dst, sk->sk_rx_dst_cookie);
  1693. if (dst &&
  1694. sk->sk_rx_dst_ifindex == skb->skb_iif)
  1695. skb_dst_set_noref(skb, dst);
  1696. }
  1697. }
  1698. }
  1699. static struct timewait_sock_ops tcp6_timewait_sock_ops = {
  1700. .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
  1701. };
  1702. INDIRECT_CALLABLE_SCOPE void tcp_v6_send_check(struct sock *sk, struct sk_buff *skb)
  1703. {
  1704. __tcp_v6_send_check(skb, &sk->sk_v6_rcv_saddr, &sk->sk_v6_daddr);
  1705. }
  1706. const struct inet_connection_sock_af_ops ipv6_specific = {
  1707. .queue_xmit = inet6_csk_xmit,
  1708. .send_check = tcp_v6_send_check,
  1709. .rebuild_header = inet6_sk_rebuild_header,
  1710. .sk_rx_dst_set = inet6_sk_rx_dst_set,
  1711. .conn_request = tcp_v6_conn_request,
  1712. .syn_recv_sock = tcp_v6_syn_recv_sock,
  1713. .net_header_len = sizeof(struct ipv6hdr),
  1714. .setsockopt = ipv6_setsockopt,
  1715. .getsockopt = ipv6_getsockopt,
  1716. .mtu_reduced = tcp_v6_mtu_reduced,
  1717. };
  1718. #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
  1719. static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
  1720. #ifdef CONFIG_TCP_MD5SIG
  1721. .md5_lookup = tcp_v6_md5_lookup,
  1722. .calc_md5_hash = tcp_v6_md5_hash_skb,
  1723. .md5_parse = tcp_v6_parse_md5_keys,
  1724. #endif
  1725. #ifdef CONFIG_TCP_AO
  1726. .ao_lookup = tcp_v6_ao_lookup,
  1727. .calc_ao_hash = tcp_v6_ao_hash_skb,
  1728. .ao_parse = tcp_v6_parse_ao,
  1729. .ao_calc_key_sk = tcp_v6_ao_calc_key_sk,
  1730. #endif
  1731. };
  1732. #endif
  1733. /*
  1734. * TCP over IPv4 via INET6 API
  1735. */
  1736. static const struct inet_connection_sock_af_ops ipv6_mapped = {
  1737. .queue_xmit = ip_queue_xmit,
  1738. .send_check = tcp_v4_send_check,
  1739. .rebuild_header = inet_sk_rebuild_header,
  1740. .sk_rx_dst_set = inet_sk_rx_dst_set,
  1741. .conn_request = tcp_v6_conn_request,
  1742. .syn_recv_sock = tcp_v6_syn_recv_sock,
  1743. .net_header_len = sizeof(struct iphdr),
  1744. .setsockopt = ipv6_setsockopt,
  1745. .getsockopt = ipv6_getsockopt,
  1746. .mtu_reduced = tcp_v4_mtu_reduced,
  1747. };
  1748. #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
  1749. static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
  1750. #ifdef CONFIG_TCP_MD5SIG
  1751. .md5_lookup = tcp_v4_md5_lookup,
  1752. .calc_md5_hash = tcp_v4_md5_hash_skb,
  1753. .md5_parse = tcp_v6_parse_md5_keys,
  1754. #endif
  1755. #ifdef CONFIG_TCP_AO
  1756. .ao_lookup = tcp_v6_ao_lookup,
  1757. .calc_ao_hash = tcp_v4_ao_hash_skb,
  1758. .ao_parse = tcp_v6_parse_ao,
  1759. .ao_calc_key_sk = tcp_v4_ao_calc_key_sk,
  1760. #endif
  1761. };
  1762. static void tcp6_destruct_sock(struct sock *sk)
  1763. {
  1764. tcp_md5_destruct_sock(sk);
  1765. tcp_ao_destroy_sock(sk, false);
  1766. inet6_sock_destruct(sk);
  1767. }
  1768. #endif
  1769. /* NOTE: A lot of things set to zero explicitly by call to
  1770. * sk_alloc() so need not be done here.
  1771. */
  1772. static int tcp_v6_init_sock(struct sock *sk)
  1773. {
  1774. struct inet_connection_sock *icsk = inet_csk(sk);
  1775. tcp_init_sock(sk);
  1776. icsk->icsk_af_ops = &ipv6_specific;
  1777. #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
  1778. tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
  1779. sk->sk_destruct = tcp6_destruct_sock;
  1780. #endif
  1781. return 0;
  1782. }
  1783. #ifdef CONFIG_PROC_FS
  1784. /* Proc filesystem TCPv6 sock list dumping. */
  1785. static void get_openreq6(struct seq_file *seq,
  1786. const struct request_sock *req, int i)
  1787. {
  1788. long ttd = req->rsk_timer.expires - jiffies;
  1789. const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
  1790. const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
  1791. if (ttd < 0)
  1792. ttd = 0;
  1793. seq_printf(seq,
  1794. "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
  1795. "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
  1796. i,
  1797. src->s6_addr32[0], src->s6_addr32[1],
  1798. src->s6_addr32[2], src->s6_addr32[3],
  1799. inet_rsk(req)->ir_num,
  1800. dest->s6_addr32[0], dest->s6_addr32[1],
  1801. dest->s6_addr32[2], dest->s6_addr32[3],
  1802. ntohs(inet_rsk(req)->ir_rmt_port),
  1803. TCP_SYN_RECV,
  1804. 0, 0, /* could print option size, but that is af dependent. */
  1805. 1, /* timers active (only the expire timer) */
  1806. jiffies_to_clock_t(ttd),
  1807. req->num_timeout,
  1808. from_kuid_munged(seq_user_ns(seq),
  1809. sk_uid(req->rsk_listener)),
  1810. 0, /* non standard timer */
  1811. 0, /* open_requests have no inode */
  1812. 0, req);
  1813. }
  1814. static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
  1815. {
  1816. const struct in6_addr *dest, *src;
  1817. __u16 destp, srcp;
  1818. int timer_active;
  1819. unsigned long timer_expires;
  1820. const struct inet_sock *inet = inet_sk(sp);
  1821. const struct tcp_sock *tp = tcp_sk(sp);
  1822. const struct inet_connection_sock *icsk = inet_csk(sp);
  1823. const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq;
  1824. u8 icsk_pending;
  1825. int rx_queue;
  1826. int state;
  1827. dest = &sp->sk_v6_daddr;
  1828. src = &sp->sk_v6_rcv_saddr;
  1829. destp = ntohs(inet->inet_dport);
  1830. srcp = ntohs(inet->inet_sport);
  1831. icsk_pending = smp_load_acquire(&icsk->icsk_pending);
  1832. if (icsk_pending == ICSK_TIME_RETRANS ||
  1833. icsk_pending == ICSK_TIME_REO_TIMEOUT ||
  1834. icsk_pending == ICSK_TIME_LOSS_PROBE) {
  1835. timer_active = 1;
  1836. timer_expires = tcp_timeout_expires(sp);
  1837. } else if (icsk_pending == ICSK_TIME_PROBE0) {
  1838. timer_active = 4;
  1839. timer_expires = tcp_timeout_expires(sp);
  1840. } else if (timer_pending(&icsk->icsk_keepalive_timer)) {
  1841. timer_active = 2;
  1842. timer_expires = icsk->icsk_keepalive_timer.expires;
  1843. } else {
  1844. timer_active = 0;
  1845. timer_expires = jiffies;
  1846. }
  1847. state = inet_sk_state_load(sp);
  1848. if (state == TCP_LISTEN)
  1849. rx_queue = READ_ONCE(sp->sk_ack_backlog);
  1850. else
  1851. /* Because we don't lock the socket,
  1852. * we might find a transient negative value.
  1853. */
  1854. rx_queue = max_t(int, READ_ONCE(tp->rcv_nxt) -
  1855. READ_ONCE(tp->copied_seq), 0);
  1856. seq_printf(seq,
  1857. "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
  1858. "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
  1859. i,
  1860. src->s6_addr32[0], src->s6_addr32[1],
  1861. src->s6_addr32[2], src->s6_addr32[3], srcp,
  1862. dest->s6_addr32[0], dest->s6_addr32[1],
  1863. dest->s6_addr32[2], dest->s6_addr32[3], destp,
  1864. state,
  1865. READ_ONCE(tp->write_seq) - tp->snd_una,
  1866. rx_queue,
  1867. timer_active,
  1868. jiffies_delta_to_clock_t(timer_expires - jiffies),
  1869. READ_ONCE(icsk->icsk_retransmits),
  1870. from_kuid_munged(seq_user_ns(seq), sk_uid(sp)),
  1871. READ_ONCE(icsk->icsk_probes_out),
  1872. sock_i_ino(sp),
  1873. refcount_read(&sp->sk_refcnt), sp,
  1874. jiffies_to_clock_t(icsk->icsk_rto),
  1875. jiffies_to_clock_t(icsk->icsk_ack.ato),
  1876. (icsk->icsk_ack.quick << 1) | inet_csk_in_pingpong_mode(sp),
  1877. tcp_snd_cwnd(tp),
  1878. state == TCP_LISTEN ?
  1879. fastopenq->max_qlen :
  1880. (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
  1881. );
  1882. }
  1883. static void get_timewait6_sock(struct seq_file *seq,
  1884. struct inet_timewait_sock *tw, int i)
  1885. {
  1886. long delta = tw->tw_timer.expires - jiffies;
  1887. const struct in6_addr *dest, *src;
  1888. __u16 destp, srcp;
  1889. dest = &tw->tw_v6_daddr;
  1890. src = &tw->tw_v6_rcv_saddr;
  1891. destp = ntohs(tw->tw_dport);
  1892. srcp = ntohs(tw->tw_sport);
  1893. seq_printf(seq,
  1894. "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
  1895. "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
  1896. i,
  1897. src->s6_addr32[0], src->s6_addr32[1],
  1898. src->s6_addr32[2], src->s6_addr32[3], srcp,
  1899. dest->s6_addr32[0], dest->s6_addr32[1],
  1900. dest->s6_addr32[2], dest->s6_addr32[3], destp,
  1901. READ_ONCE(tw->tw_substate), 0, 0,
  1902. 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
  1903. refcount_read(&tw->tw_refcnt), tw);
  1904. }
  1905. static int tcp6_seq_show(struct seq_file *seq, void *v)
  1906. {
  1907. struct tcp_iter_state *st;
  1908. struct sock *sk = v;
  1909. if (v == SEQ_START_TOKEN) {
  1910. seq_puts(seq,
  1911. " sl "
  1912. "local_address "
  1913. "remote_address "
  1914. "st tx_queue rx_queue tr tm->when retrnsmt"
  1915. " uid timeout inode\n");
  1916. goto out;
  1917. }
  1918. st = seq->private;
  1919. if (sk->sk_state == TCP_TIME_WAIT)
  1920. get_timewait6_sock(seq, v, st->num);
  1921. else if (sk->sk_state == TCP_NEW_SYN_RECV)
  1922. get_openreq6(seq, v, st->num);
  1923. else
  1924. get_tcp6_sock(seq, v, st->num);
  1925. out:
  1926. return 0;
  1927. }
  1928. static const struct seq_operations tcp6_seq_ops = {
  1929. .show = tcp6_seq_show,
  1930. .start = tcp_seq_start,
  1931. .next = tcp_seq_next,
  1932. .stop = tcp_seq_stop,
  1933. };
  1934. static struct tcp_seq_afinfo tcp6_seq_afinfo = {
  1935. .family = AF_INET6,
  1936. };
  1937. int __net_init tcp6_proc_init(struct net *net)
  1938. {
  1939. if (!proc_create_net_data("tcp6", 0444, net->proc_net, &tcp6_seq_ops,
  1940. sizeof(struct tcp_iter_state), &tcp6_seq_afinfo))
  1941. return -ENOMEM;
  1942. return 0;
  1943. }
  1944. void tcp6_proc_exit(struct net *net)
  1945. {
  1946. remove_proc_entry("tcp6", net->proc_net);
  1947. }
  1948. #endif
  1949. struct proto tcpv6_prot = {
  1950. .name = "TCPv6",
  1951. .owner = THIS_MODULE,
  1952. .close = tcp_close,
  1953. .pre_connect = tcp_v6_pre_connect,
  1954. .connect = tcp_v6_connect,
  1955. .disconnect = tcp_disconnect,
  1956. .accept = inet_csk_accept,
  1957. .ioctl = tcp_ioctl,
  1958. .init = tcp_v6_init_sock,
  1959. .destroy = tcp_v4_destroy_sock,
  1960. .shutdown = tcp_shutdown,
  1961. .setsockopt = tcp_setsockopt,
  1962. .getsockopt = tcp_getsockopt,
  1963. .bpf_bypass_getsockopt = tcp_bpf_bypass_getsockopt,
  1964. .keepalive = tcp_set_keepalive,
  1965. .recvmsg = tcp_recvmsg,
  1966. .sendmsg = tcp_sendmsg,
  1967. .splice_eof = tcp_splice_eof,
  1968. .backlog_rcv = tcp_v6_do_rcv,
  1969. .release_cb = tcp_release_cb,
  1970. .hash = inet_hash,
  1971. .unhash = inet_unhash,
  1972. .get_port = inet_csk_get_port,
  1973. .put_port = inet_put_port,
  1974. #ifdef CONFIG_BPF_SYSCALL
  1975. .psock_update_sk_prot = tcp_bpf_update_proto,
  1976. #endif
  1977. .enter_memory_pressure = tcp_enter_memory_pressure,
  1978. .leave_memory_pressure = tcp_leave_memory_pressure,
  1979. .stream_memory_free = tcp_stream_memory_free,
  1980. .sockets_allocated = &tcp_sockets_allocated,
  1981. .memory_allocated = &net_aligned_data.tcp_memory_allocated,
  1982. .per_cpu_fw_alloc = &tcp_memory_per_cpu_fw_alloc,
  1983. .memory_pressure = &tcp_memory_pressure,
  1984. .sysctl_mem = sysctl_tcp_mem,
  1985. .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_tcp_wmem),
  1986. .sysctl_rmem_offset = offsetof(struct net, ipv4.sysctl_tcp_rmem),
  1987. .max_header = MAX_TCP_HEADER,
  1988. .obj_size = sizeof(struct tcp6_sock),
  1989. .freeptr_offset = offsetof(struct tcp6_sock,
  1990. tcp.inet_conn.icsk_inet.sk.sk_freeptr),
  1991. .ipv6_pinfo_offset = offsetof(struct tcp6_sock, inet6),
  1992. .slab_flags = SLAB_TYPESAFE_BY_RCU,
  1993. .twsk_prot = &tcp6_timewait_sock_ops,
  1994. .rsk_prot = &tcp6_request_sock_ops,
  1995. .h.hashinfo = NULL,
  1996. .no_autobind = true,
  1997. .diag_destroy = tcp_abort,
  1998. };
  1999. EXPORT_SYMBOL_GPL(tcpv6_prot);
  2000. static struct inet_protosw tcpv6_protosw = {
  2001. .type = SOCK_STREAM,
  2002. .protocol = IPPROTO_TCP,
  2003. .prot = &tcpv6_prot,
  2004. .ops = &inet6_stream_ops,
  2005. .flags = INET_PROTOSW_PERMANENT |
  2006. INET_PROTOSW_ICSK,
  2007. };
  2008. static int __net_init tcpv6_net_init(struct net *net)
  2009. {
  2010. int res;
  2011. res = inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
  2012. SOCK_RAW, IPPROTO_TCP, net);
  2013. if (!res)
  2014. net->ipv6.tcp_sk->sk_clockid = CLOCK_MONOTONIC;
  2015. return res;
  2016. }
  2017. static void __net_exit tcpv6_net_exit(struct net *net)
  2018. {
  2019. inet_ctl_sock_destroy(net->ipv6.tcp_sk);
  2020. }
  2021. static struct pernet_operations tcpv6_net_ops = {
  2022. .init = tcpv6_net_init,
  2023. .exit = tcpv6_net_exit,
  2024. };
  2025. int __init tcpv6_init(void)
  2026. {
  2027. int ret;
  2028. net_hotdata.tcpv6_protocol = (struct inet6_protocol) {
  2029. .handler = tcp_v6_rcv,
  2030. .err_handler = tcp_v6_err,
  2031. .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_FINAL,
  2032. };
  2033. ret = inet6_add_protocol(&net_hotdata.tcpv6_protocol, IPPROTO_TCP);
  2034. if (ret)
  2035. goto out;
  2036. /* register inet6 protocol */
  2037. ret = inet6_register_protosw(&tcpv6_protosw);
  2038. if (ret)
  2039. goto out_tcpv6_protocol;
  2040. ret = register_pernet_subsys(&tcpv6_net_ops);
  2041. if (ret)
  2042. goto out_tcpv6_protosw;
  2043. ret = mptcpv6_init();
  2044. if (ret)
  2045. goto out_tcpv6_pernet_subsys;
  2046. out:
  2047. return ret;
  2048. out_tcpv6_pernet_subsys:
  2049. unregister_pernet_subsys(&tcpv6_net_ops);
  2050. out_tcpv6_protosw:
  2051. inet6_unregister_protosw(&tcpv6_protosw);
  2052. out_tcpv6_protocol:
  2053. inet6_del_protocol(&net_hotdata.tcpv6_protocol, IPPROTO_TCP);
  2054. goto out;
  2055. }
  2056. void tcpv6_exit(void)
  2057. {
  2058. unregister_pernet_subsys(&tcpv6_net_ops);
  2059. inet6_unregister_protosw(&tcpv6_protosw);
  2060. inet6_del_protocol(&net_hotdata.tcpv6_protocol, IPPROTO_TCP);
  2061. }