]> git.ipfire.org Git - thirdparty/kernel/linux.git/blame - net/ipv6/tcp_ipv6.c
projects / thirdparty / kernel / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
[thirdparty/kernel/linux.git] / net / ipv6 / tcp_ipv6.c
CommitLineData
2874c5fd 1// SPDX-License-Identifier: GPL-2.0-or-later
1da177e4
LT		 2/*
3 * TCP over IPv6
1ab1457c 4 * Linux INET6 implementation
1da177e4
LT		 5 *
6 * Authors:
1ab1457c 7 * Pedro Roque <roque@di.fc.ul.pt>
1da177e4 8 *
1ab1457c 9 * Based on:
1da177e4
LT		 10 * linux/net/ipv4/tcp.c
11 * linux/net/ipv4/tcp_input.c
12 * linux/net/ipv4/tcp_output.c
13 *
14 * Fixes:
15 * Hideaki YOSHIFUJI : sin6_scope_id support
16 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
17 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
18 * a single port at the same time.
19 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
1da177e4
LT		 20 */
21
eb4dea58 22#include <linux/bottom_half.h>
1da177e4 23#include <linux/module.h>
1da177e4
LT		 24#include <linux/errno.h>
25#include <linux/types.h>
26#include <linux/socket.h>
27#include <linux/sockios.h>
28#include <linux/net.h>
29#include <linux/jiffies.h>
30#include <linux/in.h>
31#include <linux/in6.h>
32#include <linux/netdevice.h>
33#include <linux/init.h>
34#include <linux/jhash.h>
35#include <linux/ipsec.h>
36#include <linux/times.h>
5a0e3ad6 37#include <linux/slab.h>
4aa956d8 38#include <linux/uaccess.h>
1da177e4
LT		 39#include <linux/ipv6.h>
40#include <linux/icmpv6.h>
41#include <linux/random.h>
0e219ae4 42#include <linux/indirect_call_wrapper.h>
1da177e4
LT		 43
44#include <net/tcp.h>
45#include <net/ndisc.h>
5324a040 46#include <net/inet6_hashtables.h>
8129765a 47#include <net/inet6_connection_sock.h>
1da177e4
LT		 48#include <net/ipv6.h>
49#include <net/transp_v6.h>
50#include <net/addrconf.h>
51#include <net/ip6_route.h>
52#include <net/ip6_checksum.h>
53#include <net/inet_ecn.h>
54#include <net/protocol.h>
55#include <net/xfrm.h>
1da177e4
LT		 56#include <net/snmp.h>
57#include <net/dsfield.h>
6d6ee43e 58#include <net/timewait_sock.h>
3d58b5fa 59#include <net/inet_common.h>
6e5714ea 60#include <net/secure_seq.h>
4ea0875b 61#include <net/hotdata.h>
076bb0c8 62#include <net/busy_poll.h>
6be49dea 63#include <net/rstreason.h>
1da177e4 64
1da177e4
LT		 65#include <linux/proc_fs.h>
66#include <linux/seq_file.h>
67
cf80e0e4 68#include <crypto/hash.h>
cfb6eeb4
YH		 69#include <linux/scatterlist.h>
70
c24b14c4
SL		 71#include <trace/events/tcp.h>
72
6be49dea
JX		 73static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb,
74 enum sk_rst_reason reason);
a00e7444 75static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
6edafaaf 76 struct request_sock *req);
1da177e4 77
d2489c7b 78INDIRECT_CALLABLE_SCOPE int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
1da177e4 79
3b401a81 80static const struct inet_connection_sock_af_ops ipv6_mapped;
35b2c321 81const struct inet_connection_sock_af_ops ipv6_specific;
4954f17d 82#if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
b2e4b3de
SH		 83static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
84static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
a928630a 85#endif
1da177e4 86
93a77c11
ED		 87/* Helper returning the inet6 address from a given tcp socket.
88 * It can be used in TCP stack instead of inet6_sk(sk).
89 * This avoids a dereference and allow compiler optimizations.
f5d54767 90 * It is a specialized version of inet6_sk_generic().
93a77c11 91 */
fe79bd65
PB		 92#define tcp_inet6_sk(sk) (&container_of_const(tcp_sk(sk), \
93 struct tcp6_sock, tcp)->inet6)
93a77c11 94
fae6ef87
NC		 95static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
96{
97 struct dst_entry *dst = skb_dst(skb);
fae6ef87 98
5037e9ef 99 if (dst && dst_hold_safe(dst)) {
8f905c0e 100 rcu_assign_pointer(sk->sk_rx_dst, dst);
0c0a5ef8 101 sk->sk_rx_dst_ifindex = skb->skb_iif;
e8dfd42c 102 sk->sk_rx_dst_cookie = rt6_get_cookie(dst_rt6_info(dst));
ca777eff 103 }
fae6ef87
NC		 104}
105
84b114b9 106static u32 tcp_v6_init_seq(const struct sk_buff *skb)
1da177e4 107{
84b114b9
ED		 108 return secure_tcpv6_seq(ipv6_hdr(skb)->daddr.s6_addr32,
109 ipv6_hdr(skb)->saddr.s6_addr32,
110 tcp_hdr(skb)->dest,
111 tcp_hdr(skb)->source);
112}
113
5d2ed052 114static u32 tcp_v6_init_ts_off(const struct net *net, const struct sk_buff *skb)
84b114b9 115{
5d2ed052 116 return secure_tcpv6_ts_off(net, ipv6_hdr(skb)->daddr.s6_addr32,
84b114b9 117 ipv6_hdr(skb)->saddr.s6_addr32);
1da177e4
LT		 118}
119
d74bad4e
AI		 120static int tcp_v6_pre_connect(struct sock *sk, struct sockaddr *uaddr,
121 int addr_len)
122{
123 /* This check is replicated from tcp_v6_connect() and intended to
124 * prevent BPF program called below from accessing bytes that are out
125 * of the bound specified by user in addr_len.
126 */
127 if (addr_len < SIN6_LEN_RFC2133)
128 return -EINVAL;
129
130 sock_owned_by_me(sk);
131
fefba7d1 132 return BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr, &addr_len);
d74bad4e
AI		 133}
134
1ab1457c 135static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
1da177e4
LT		 136 int addr_len)
137{
138 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
d83d8461 139 struct inet_connection_sock *icsk = inet_csk(sk);
08eaef90 140 struct in6_addr *saddr = NULL, *final_p, final;
fbb82952 141 struct inet_timewait_death_row *tcp_death_row;
93a77c11 142 struct ipv6_pinfo *np = tcp_inet6_sk(sk);
08eaef90 143 struct inet_sock *inet = inet_sk(sk);
1da177e4 144 struct tcp_sock *tp = tcp_sk(sk);
08eaef90 145 struct net *net = sock_net(sk);
45f6fad8 146 struct ipv6_txoptions *opt;
1da177e4 147 struct dst_entry *dst;
08eaef90 148 struct flowi6 fl6;
1da177e4
LT		 149 int addr_type;
150 int err;
151
1ab1457c 152 if (addr_len < SIN6_LEN_RFC2133)
1da177e4
LT		 153 return -EINVAL;
154
1ab1457c 155 if (usin->sin6_family != AF_INET6)
a02cec21 156 return -EAFNOSUPPORT;
1da177e4 157
4c9483b2 158 memset(&fl6, 0, sizeof(fl6));
1da177e4 159
859f8b26 160 if (inet6_test_bit(SNDFLOW, sk)) {
4c9483b2
DM		 161 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
162 IP6_ECN_flow_init(fl6.flowlabel);
163 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
1da177e4 164 struct ip6_flowlabel *flowlabel;
4c9483b2 165 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
59c820b2 166 if (IS_ERR(flowlabel))
1da177e4 167 return -EINVAL;
1da177e4
LT		 168 fl6_sock_release(flowlabel);
169 }
170 }
171
172 /*
1ab1457c
YH		 173 * connect() to INADDR_ANY means loopback (BSD'ism).
174 */
175
052d2369
JL		 176 if (ipv6_addr_any(&usin->sin6_addr)) {
177 if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr))
178 ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK),
179 &usin->sin6_addr);
180 else
181 usin->sin6_addr = in6addr_loopback;
182 }
1da177e4
LT		 183
184 addr_type = ipv6_addr_type(&usin->sin6_addr);
185
4c99aa40 186 if (addr_type & IPV6_ADDR_MULTICAST)
1da177e4
LT		 187 return -ENETUNREACH;
188
189 if (addr_type&IPV6_ADDR_LINKLOCAL) {
190 if (addr_len >= sizeof(struct sockaddr_in6) &&
191 usin->sin6_scope_id) {
192 /* If interface is set while binding, indices
193 * must coincide.
194 */
54dc3e33 195 if (!sk_dev_equal_l3scope(sk, usin->sin6_scope_id))
1da177e4
LT		 196 return -EINVAL;
197
198 sk->sk_bound_dev_if = usin->sin6_scope_id;
199 }
200
201 /* Connect to link-local address requires an interface */
202 if (!sk->sk_bound_dev_if)
203 return -EINVAL;
204 }
205
206 if (tp->rx_opt.ts_recent_stamp &&
efe4208f 207 !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
1da177e4
LT		 208 tp->rx_opt.ts_recent = 0;
209 tp->rx_opt.ts_recent_stamp = 0;
0f317464 210 WRITE_ONCE(tp->write_seq, 0);
1da177e4
LT		 211 }
212
efe4208f 213 sk->sk_v6_daddr = usin->sin6_addr;
4c9483b2 214 np->flow_label = fl6.flowlabel;
1da177e4
LT		 215
216 /*
217 * TCP over IPv4
218 */
219
052d2369 220 if (addr_type & IPV6_ADDR_MAPPED) {
d83d8461 221 u32 exthdrlen = icsk->icsk_ext_hdr_len;
1da177e4
LT		 222 struct sockaddr_in sin;
223
89e9c728 224 if (ipv6_only_sock(sk))
1da177e4
LT		 225 return -ENETUNREACH;
226
227 sin.sin_family = AF_INET;
228 sin.sin_port = usin->sin6_port;
229 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
230
f49cd2f4
KI		 231 /* Paired with READ_ONCE() in tcp_(get|set)sockopt() */
232 WRITE_ONCE(icsk->icsk_af_ops, &ipv6_mapped);
cec37a6e 233 if (sk_is_mptcp(sk))
31484d56 234 mptcpv6_handle_mapped(sk, true);
1da177e4 235 sk->sk_backlog_rcv = tcp_v4_do_rcv;
4954f17d 236#if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
cfb6eeb4
YH		 237 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
238#endif
1da177e4
LT		 239
240 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
241
242 if (err) {
d83d8461 243 icsk->icsk_ext_hdr_len = exthdrlen;
f49cd2f4
KI		 244 /* Paired with READ_ONCE() in tcp_(get|set)sockopt() */
245 WRITE_ONCE(icsk->icsk_af_ops, &ipv6_specific);
cec37a6e 246 if (sk_is_mptcp(sk))
31484d56 247 mptcpv6_handle_mapped(sk, false);
1da177e4 248 sk->sk_backlog_rcv = tcp_v6_do_rcv;
4954f17d 249#if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
cfb6eeb4
YH		 250 tp->af_specific = &tcp_sock_ipv6_specific;
251#endif
1da177e4 252 goto failure;
1da177e4 253 }
d1e559d0 254 np->saddr = sk->sk_v6_rcv_saddr;
1da177e4
LT		 255
256 return err;
257 }
258
efe4208f
ED		 259 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
260 saddr = &sk->sk_v6_rcv_saddr;
1da177e4 261
4c9483b2 262 fl6.flowi6_proto = IPPROTO_TCP;
efe4208f 263 fl6.daddr = sk->sk_v6_daddr;
4e3fd7a0 264 fl6.saddr = saddr ? *saddr : np->saddr;
8230680f 265 fl6.flowlabel = ip6_make_flowinfo(np->tclass, np->flow_label);
4c9483b2
DM		 266 fl6.flowi6_oif = sk->sk_bound_dev_if;
267 fl6.flowi6_mark = sk->sk_mark;
1958b856
DM		 268 fl6.fl6_dport = usin->sin6_port;
269 fl6.fl6_sport = inet->inet_sport;
e2d118a1 270 fl6.flowi6_uid = sk->sk_uid;
1da177e4 271
1e1d04e6 272 opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
45f6fad8 273 final_p = fl6_update_dst(&fl6, opt, &final);
1da177e4 274
3df98d79 275 security_sk_classify_flow(sk, flowi6_to_flowi_common(&fl6));
beb8d13b 276
08eaef90 277 dst = ip6_dst_lookup_flow(net, sk, &fl6, final_p);
68d0c6d3
DM		 278 if (IS_ERR(dst)) {
279 err = PTR_ERR(dst);
1da177e4 280 goto failure;
14e50e57 281 }
1da177e4 282
614e8316 283 tp->tcp_usec_ts = dst_tcp_usec_ts(dst);
4461568a
KI		 284 tcp_death_row = &sock_net(sk)->ipv4.tcp_death_row;
285
63159f29 286 if (!saddr) {
4c9483b2 287 saddr = &fl6.saddr;
8c5dae4c
KI		 288
289 err = inet_bhash2_update_saddr(sk, saddr, AF_INET6);
290 if (err)
291 goto failure;
1da177e4
LT		 292 }
293
294 /* set the source address */
4e3fd7a0 295 np->saddr = *saddr;
c720c7e8 296 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
1da177e4 297
f83ef8c0 298 sk->sk_gso_type = SKB_GSO_TCPV6;
6bd4f355 299 ip6_dst_store(sk, dst, NULL, NULL);
1da177e4 300
d83d8461 301 icsk->icsk_ext_hdr_len = 0;
45f6fad8
ED		 302 if (opt)
303 icsk->icsk_ext_hdr_len = opt->opt_flen +
304 opt->opt_nflen;
1da177e4
LT		 305
306 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
307
c720c7e8 308 inet->inet_dport = usin->sin6_port;
1da177e4
LT		 309
310 tcp_set_state(sk, TCP_SYN_SENT);
1946e672 311 err = inet6_hash_connect(tcp_death_row, sk);
1da177e4
LT		 312 if (err)
313 goto late_failure;
314
877d1f62 315 sk_set_txhash(sk);
9e7ceb06 316
00355fa5 317 if (likely(!tp->repair)) {
00355fa5 318 if (!tp->write_seq)
0f317464
ED		 319 WRITE_ONCE(tp->write_seq,
320 secure_tcpv6_seq(np->saddr.s6_addr32,
321 sk->sk_v6_daddr.s6_addr32,
322 inet->inet_sport,
323 inet->inet_dport));
08eaef90 324 tp->tsoffset = secure_tcpv6_ts_off(net, np->saddr.s6_addr32,
84b114b9 325 sk->sk_v6_daddr.s6_addr32);
00355fa5 326 }
1da177e4 327
19f6d3f3
WW		 328 if (tcp_fastopen_defer_connect(sk, &err))
329 return err;
330 if (err)
331 goto late_failure;
332
1da177e4
LT		 333 err = tcp_connect(sk);
334 if (err)
335 goto late_failure;
336
337 return 0;
338
339late_failure:
340 tcp_set_state(sk, TCP_CLOSE);
e0833d1f 341 inet_bhash2_reset_saddr(sk);
1da177e4 342failure:
c720c7e8 343 inet->inet_dport = 0;
1da177e4
LT		 344 sk->sk_route_caps = 0;
345 return err;
346}
347
563d34d0
ED		 348static void tcp_v6_mtu_reduced(struct sock *sk)
349{
350 struct dst_entry *dst;
c7bb4b89 351 u32 mtu;
563d34d0
ED		 352
353 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
354 return;
355
c7bb4b89
ED		 356 mtu = READ_ONCE(tcp_sk(sk)->mtu_info);
357
358 /* Drop requests trying to increase our current mss.
359 * Check done in __ip6_rt_update_pmtu() is too late.
360 */
361 if (tcp_mtu_to_mss(sk, mtu) >= tcp_sk(sk)->mss_cache)
362 return;
363
364 dst = inet6_csk_update_pmtu(sk, mtu);
563d34d0
ED		 365 if (!dst)
366 return;
367
368 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
369 tcp_sync_mss(sk, dst_mtu(dst));
370 tcp_simple_retransmit(sk);
371 }
372}
373
32bbd879 374static int tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
d5fdd6ba 375 u8 type, u8 code, int offset, __be32 info)
1da177e4 376{
4c99aa40 377 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
505cbfc5 378 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
2215089b
ED		 379 struct net *net = dev_net(skb->dev);
380 struct request_sock *fastopen;
1da177e4 381 struct ipv6_pinfo *np;
1ab1457c 382 struct tcp_sock *tp;
0a672f74 383 __u32 seq, snd_una;
2215089b 384 struct sock *sk;
b59db45d 385 bool fatal;
2215089b 386 int err;
1da177e4 387
4461568a 388 sk = __inet6_lookup_established(net, net->ipv4.tcp_death_row.hashinfo,
2215089b
ED		 389 &hdr->daddr, th->dest,
390 &hdr->saddr, ntohs(th->source),
4297a0ef 391 skb->dev->ifindex, inet6_sdif(skb));
1da177e4 392
2215089b 393 if (!sk) {
a16292a0
ED		 394 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev),
395 ICMP6_MIB_INERRORS);
32bbd879 396 return -ENOENT;
1da177e4
LT		 397 }
398
399 if (sk->sk_state == TCP_TIME_WAIT) {
953af8e3
DS		 400 /* To increase the counter of ignored icmps for TCP-AO */
401 tcp_ao_ignore_icmp(sk, AF_INET6, type, code);
9469c7b4 402 inet_twsk_put(inet_twsk(sk));
32bbd879 403 return 0;
1da177e4 404 }
2215089b 405 seq = ntohl(th->seq);
b59db45d 406 fatal = icmpv6_err_convert(type, code, &err);
32bbd879 407 if (sk->sk_state == TCP_NEW_SYN_RECV) {
b59db45d 408 tcp_req_err(sk, seq, fatal);
32bbd879
SB		 409 return 0;
410 }
1da177e4 411
953af8e3
DS		 412 if (tcp_ao_ignore_icmp(sk, AF_INET6, type, code)) {
413 sock_put(sk);
414 return 0;
415 }
416
1da177e4 417 bh_lock_sock(sk);
563d34d0 418 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
02a1d6e7 419 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS);
1da177e4
LT		 420
421 if (sk->sk_state == TCP_CLOSE)
422 goto out;
423
790eb673
ED		 424 if (static_branch_unlikely(&ip6_min_hopcount)) {
425 /* min_hopcount can be changed concurrently from do_ipv6_setsockopt() */
426 if (ipv6_hdr(skb)->hop_limit < READ_ONCE(tcp_inet6_sk(sk)->min_hopcount)) {
427 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
428 goto out;
429 }
e802af9c
SH		 430 }
431
1da177e4 432 tp = tcp_sk(sk);
0a672f74 433 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
d983ea6f 434 fastopen = rcu_dereference(tp->fastopen_rsk);
0a672f74 435 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
1da177e4 436 if (sk->sk_state != TCP_LISTEN &&
0a672f74 437 !between(seq, snd_una, tp->snd_nxt)) {
02a1d6e7 438 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
1da177e4
LT		 439 goto out;
440 }
441
93a77c11 442 np = tcp_inet6_sk(sk);
1da177e4 443
ec18d9a2 444 if (type == NDISC_REDIRECT) {
45caeaa5
JM		 445 if (!sock_owned_by_user(sk)) {
446 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
ec18d9a2 447
45caeaa5
JM		 448 if (dst)
449 dst->ops->redirect(dst, sk, skb);
450 }
50a75a89 451 goto out;
ec18d9a2
DM		 452 }
453
1da177e4 454 if (type == ICMPV6_PKT_TOOBIG) {
c7bb4b89
ED		 455 u32 mtu = ntohl(info);
456
0d4f0608
ED		 457 /* We are not interested in TCP_LISTEN and open_requests
458 * (SYN-ACKs send out by Linux are always <576bytes so
459 * they should go through unfragmented).
460 */
461 if (sk->sk_state == TCP_LISTEN)
462 goto out;
463
93b36cf3
HFS		 464 if (!ip6_sk_accept_pmtu(sk))
465 goto out;
466
c7bb4b89
ED		 467 if (mtu < IPV6_MIN_MTU)
468 goto out;
469
470 WRITE_ONCE(tp->mtu_info, mtu);
471
563d34d0
ED		 472 if (!sock_owned_by_user(sk))
473 tcp_v6_mtu_reduced(sk);
d013ef2a 474 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
7aa5470c 475 &sk->sk_tsq_flags))
d013ef2a 476 sock_hold(sk);
1da177e4
LT		 477 goto out;
478 }
479
1da177e4 480
60236fdd 481 /* Might be for an request_sock */
1da177e4 482 switch (sk->sk_state) {
1da177e4 483 case TCP_SYN_SENT:
0a672f74
YC		 484 case TCP_SYN_RECV:
485 /* Only in fast or simultaneous open. If a fast open socket is
634a63e7 486 * already accepted it is treated as a connected one below.
0a672f74 487 */
63159f29 488 if (fastopen && !fastopen->sk)
0a672f74
YC		 489 break;
490
45af29ca
ED		 491 ipv6_icmp_error(sk, skb, err, th->dest, ntohl(info), (u8 *)th);
492
1da177e4 493 if (!sock_owned_by_user(sk)) {
e13ec3da 494 WRITE_ONCE(sk->sk_err, err);
e3ae2365 495 sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
1da177e4
LT		 496
497 tcp_done(sk);
cee1af82
ED		 498 } else {
499 WRITE_ONCE(sk->sk_err_soft, err);
500 }
1da177e4 501 goto out;
d2924569
ED		 502 case TCP_LISTEN:
503 break;
504 default:
505 /* check if this ICMP message allows revert of backoff.
506 * (see RFC 6069)
507 */
508 if (!fastopen && type == ICMPV6_DEST_UNREACH &&
509 code == ICMPV6_NOROUTE)
510 tcp_ld_RTO_revert(sk, seq);
1da177e4
LT		 511 }
512
3fa29971 513 if (!sock_owned_by_user(sk) && inet6_test_bit(RECVERR6, sk)) {
e13ec3da 514 WRITE_ONCE(sk->sk_err, err);
e3ae2365 515 sk_error_report(sk);
cee1af82
ED		 516 } else {
517 WRITE_ONCE(sk->sk_err_soft, err);
518 }
1da177e4
LT		 519out:
520 bh_unlock_sock(sk);
521 sock_put(sk);
32bbd879 522 return 0;
1da177e4
LT		 523}
524
525
0f935dbe 526static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst,
d6274bd8 527 struct flowi *fl,
3840a06e 528 struct request_sock *req,
ca6fb065 529 struct tcp_fastopen_cookie *foc,
331fca43
MKL		 530 enum tcp_synack_type synack_type,
531 struct sk_buff *syn_skb)
1da177e4 532{
634fb979 533 struct inet_request_sock *ireq = inet_rsk(req);
fe79bd65 534 const struct ipv6_pinfo *np = tcp_inet6_sk(sk);
56ac42bc 535 struct ipv6_txoptions *opt;
d6274bd8 536 struct flowi6 *fl6 = &fl->u.ip6;
4c99aa40 537 struct sk_buff *skb;
9494218f 538 int err = -ENOMEM;
ac8f1710 539 u8 tclass;
1da177e4 540
9f10d3f6 541 /* First, grab a route. */
f76b33c3
ED		 542 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req,
543 IPPROTO_TCP)) == NULL)
fd80eb94 544 goto done;
9494218f 545
331fca43 546 skb = tcp_make_synack(sk, dst, req, foc, synack_type, syn_skb);
9494218f 547
1da177e4 548 if (skb) {
634fb979
ED		 549 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
550 &ireq->ir_v6_rmt_addr);
1da177e4 551
634fb979 552 fl6->daddr = ireq->ir_v6_rmt_addr;
3cccda8d 553 if (inet6_test_bit(REPFLOW, sk) && ireq->pktopts)
df3687ff
FF		 554 fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
555
870e3a63 556 tclass = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_reflect_tos) ?
8ef44b6f
WW		 557 (tcp_rsk(req)->syn_tos & ~INET_ECN_MASK) |
558 (np->tclass & INET_ECN_MASK) :
861602b5 559 np->tclass;
407c85c7
AD		 560
561 if (!INET_ECN_is_capable(tclass) &&
562 tcp_bpf_ca_needs_ecn((struct sock *)req))
563 tclass |= INET_ECN_ECT_0;
564
565 rcu_read_lock();
566 opt = ireq->ipv6_opt;
56ac42bc
HD		 567 if (!opt)
568 opt = rcu_dereference(np->opt);
3c5b4d69 569 err = ip6_xmit(sk, skb, fl6, skb->mark ? : READ_ONCE(sk->sk_mark),
10bbf165 570 opt, tclass, READ_ONCE(sk->sk_priority));
3e4006f0 571 rcu_read_unlock();
b9df3cb8 572 err = net_xmit_eval(err);
1da177e4
LT		 573 }
574
575done:
1da177e4
LT		 576 return err;
577}
578
72659ecc 579
60236fdd 580static void tcp_v6_reqsk_destructor(struct request_sock *req)
1da177e4 581{
56ac42bc 582 kfree(inet_rsk(req)->ipv6_opt);
12c8691d 583 consume_skb(inet_rsk(req)->pktopts);
1da177e4
LT		 584}
585
cfb6eeb4 586#ifdef CONFIG_TCP_MD5SIG
b83e3deb 587static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
dea53bb8
DA		 588 const struct in6_addr *addr,
589 int l3index)
cfb6eeb4 590{
dea53bb8
DA		 591 return tcp_md5_do_lookup(sk, l3index,
592 (union tcp_md5_addr *)addr, AF_INET6);
cfb6eeb4
YH		 593}
594
b83e3deb 595static struct tcp_md5sig_key *tcp_v6_md5_lookup(const struct sock *sk,
fd3a154a 596 const struct sock *addr_sk)
cfb6eeb4 597{
dea53bb8
DA		 598 int l3index;
599
600 l3index = l3mdev_master_ifindex_by_index(sock_net(sk),
601 addr_sk->sk_bound_dev_if);
602 return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr,
603 l3index);
cfb6eeb4
YH		 604}
605
8917a777 606static int tcp_v6_parse_md5_keys(struct sock *sk, int optname,
d4c19c49 607 sockptr_t optval, int optlen)
cfb6eeb4
YH		 608{
609 struct tcp_md5sig cmd;
610 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
0aadc739 611 union tcp_ao_addr *addr;
dea53bb8 612 int l3index = 0;
8917a777 613 u8 prefixlen;
248411b8 614 bool l3flag;
a76c2315 615 u8 flags;
cfb6eeb4
YH		 616
617 if (optlen < sizeof(cmd))
618 return -EINVAL;
619
d4c19c49 620 if (copy_from_sockptr(&cmd, optval, sizeof(cmd)))
cfb6eeb4
YH		 621 return -EFAULT;
622
623 if (sin6->sin6_family != AF_INET6)
624 return -EINVAL;
625
a76c2315 626 flags = cmd.tcpm_flags & TCP_MD5SIG_FLAG_IFINDEX;
248411b8 627 l3flag = cmd.tcpm_flags & TCP_MD5SIG_FLAG_IFINDEX;
a76c2315 628
8917a777
ID		 629 if (optname == TCP_MD5SIG_EXT &&
630 cmd.tcpm_flags & TCP_MD5SIG_FLAG_PREFIX) {
631 prefixlen = cmd.tcpm_prefixlen;
632 if (prefixlen > 128 || (ipv6_addr_v4mapped(&sin6->sin6_addr) &&
633 prefixlen > 32))
634 return -EINVAL;
635 } else {
636 prefixlen = ipv6_addr_v4mapped(&sin6->sin6_addr) ? 32 : 128;
637 }
638
a76c2315 639 if (optname == TCP_MD5SIG_EXT && cmd.tcpm_ifindex &&
6b102db5
DA		 640 cmd.tcpm_flags & TCP_MD5SIG_FLAG_IFINDEX) {
641 struct net_device *dev;
642
643 rcu_read_lock();
644 dev = dev_get_by_index_rcu(sock_net(sk), cmd.tcpm_ifindex);
645 if (dev && netif_is_l3_master(dev))
646 l3index = dev->ifindex;
647 rcu_read_unlock();
648
649 /* ok to reference set/not set outside of rcu;
650 * right now device MUST be an L3 master
651 */
652 if (!dev || !l3index)
653 return -EINVAL;
654 }
655
cfb6eeb4 656 if (!cmd.tcpm_keylen) {
e773e4fa 657 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
a915da9b 658 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
6b102db5 659 AF_INET, prefixlen,
a76c2315 660 l3index, flags);
a915da9b 661 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
a76c2315 662 AF_INET6, prefixlen, l3index, flags);
cfb6eeb4
YH		 663 }
664
665 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
666 return -EINVAL;
667
0aadc739
DS		 668 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) {
669 addr = (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3];
670
671 /* Don't allow keys for peers that have a matching TCP-AO key.
672 * See the comment in tcp_ao_add_cmd()
673 */
248411b8
DS		 674 if (tcp_ao_required(sk, addr, AF_INET,
675 l3flag ? l3index : -1, false))
0aadc739
DS		 676 return -EKEYREJECTED;
677 return tcp_md5_do_add(sk, addr,
a76c2315 678 AF_INET, prefixlen, l3index, flags,
459837b5 679 cmd.tcpm_key, cmd.tcpm_keylen);
0aadc739
DS		 680 }
681
682 addr = (union tcp_md5_addr *)&sin6->sin6_addr;
683
684 /* Don't allow keys for peers that have a matching TCP-AO key.
685 * See the comment in tcp_ao_add_cmd()
686 */
248411b8 687 if (tcp_ao_required(sk, addr, AF_INET6, l3flag ? l3index : -1, false))
0aadc739 688 return -EKEYREJECTED;
cfb6eeb4 689
0aadc739 690 return tcp_md5_do_add(sk, addr, AF_INET6, prefixlen, l3index, flags,
459837b5 691 cmd.tcpm_key, cmd.tcpm_keylen);
cfb6eeb4
YH		 692}
693
8c73b263 694static int tcp_v6_md5_hash_headers(struct tcp_sigpool *hp,
19689e38
ED		 695 const struct in6_addr *daddr,
696 const struct in6_addr *saddr,
697 const struct tcphdr *th, int nbytes)
cfb6eeb4 698{
cfb6eeb4 699 struct tcp6_pseudohdr *bp;
49a72dfb 700 struct scatterlist sg;
19689e38 701 struct tcphdr *_th;
8d26d76d 702
19689e38 703 bp = hp->scratch;
cfb6eeb4 704 /* 1. TCP pseudo-header (RFC2460) */
4e3fd7a0
AD		 705 bp->saddr = *saddr;
706 bp->daddr = *daddr;
49a72dfb 707 bp->protocol = cpu_to_be32(IPPROTO_TCP);
00b1304c 708 bp->len = cpu_to_be32(nbytes);
cfb6eeb4 709
19689e38
ED		 710 _th = (struct tcphdr *)(bp + 1);
711 memcpy(_th, th, sizeof(*th));
712 _th->check = 0;
713
714 sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th));
8c73b263 715 ahash_request_set_crypt(hp->req, &sg, NULL,
19689e38 716 sizeof(*bp) + sizeof(*th));
8c73b263 717 return crypto_ahash_update(hp->req);
49a72dfb 718}
c7da57a1 719
19689e38 720static int tcp_v6_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
b71d1d42 721 const struct in6_addr *daddr, struct in6_addr *saddr,
318cf7aa 722 const struct tcphdr *th)
49a72dfb 723{
8c73b263 724 struct tcp_sigpool hp;
49a72dfb 725
8c73b263
DS		 726 if (tcp_sigpool_start(tcp_md5_sigpool_id, &hp))
727 goto clear_hash_nostart;
49a72dfb 728
8c73b263 729 if (crypto_ahash_init(hp.req))
49a72dfb 730 goto clear_hash;
8c73b263 731 if (tcp_v6_md5_hash_headers(&hp, daddr, saddr, th, th->doff << 2))
49a72dfb 732 goto clear_hash;
8c73b263 733 if (tcp_md5_hash_key(&hp, key))
49a72dfb 734 goto clear_hash;
8c73b263
DS		 735 ahash_request_set_crypt(hp.req, NULL, md5_hash, 0);
736 if (crypto_ahash_final(hp.req))
cfb6eeb4 737 goto clear_hash;
cfb6eeb4 738
8c73b263 739 tcp_sigpool_end(&hp);
cfb6eeb4 740 return 0;
49a72dfb 741
cfb6eeb4 742clear_hash:
8c73b263
DS		 743 tcp_sigpool_end(&hp);
744clear_hash_nostart:
cfb6eeb4 745 memset(md5_hash, 0, 16);
49a72dfb 746 return 1;
cfb6eeb4
YH		 747}
748
39f8e58e
ED		 749static int tcp_v6_md5_hash_skb(char *md5_hash,
750 const struct tcp_md5sig_key *key,
318cf7aa 751 const struct sock *sk,
318cf7aa 752 const struct sk_buff *skb)
cfb6eeb4 753{
318cf7aa 754 const struct tcphdr *th = tcp_hdr(skb);
8c73b263
DS		 755 const struct in6_addr *saddr, *daddr;
756 struct tcp_sigpool hp;
cfb6eeb4 757
39f8e58e
ED		 758 if (sk) { /* valid for establish/request sockets */
759 saddr = &sk->sk_v6_rcv_saddr;
efe4208f 760 daddr = &sk->sk_v6_daddr;
49a72dfb 761 } else {
b71d1d42 762 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
49a72dfb
AL		 763 saddr = &ip6h->saddr;
764 daddr = &ip6h->daddr;
cfb6eeb4 765 }
49a72dfb 766
8c73b263
DS		 767 if (tcp_sigpool_start(tcp_md5_sigpool_id, &hp))
768 goto clear_hash_nostart;
49a72dfb 769
8c73b263 770 if (crypto_ahash_init(hp.req))
49a72dfb
AL		 771 goto clear_hash;
772
8c73b263 773 if (tcp_v6_md5_hash_headers(&hp, daddr, saddr, th, skb->len))
49a72dfb 774 goto clear_hash;
8c73b263 775 if (tcp_sigpool_hash_skb_data(&hp, skb, th->doff << 2))
49a72dfb 776 goto clear_hash;
8c73b263 777 if (tcp_md5_hash_key(&hp, key))
49a72dfb 778 goto clear_hash;
8c73b263
DS		 779 ahash_request_set_crypt(hp.req, NULL, md5_hash, 0);
780 if (crypto_ahash_final(hp.req))
49a72dfb
AL		 781 goto clear_hash;
782
8c73b263 783 tcp_sigpool_end(&hp);
49a72dfb
AL		 784 return 0;
785
786clear_hash:
8c73b263
DS		 787 tcp_sigpool_end(&hp);
788clear_hash_nostart:
49a72dfb
AL		 789 memset(md5_hash, 0, 16);
790 return 1;
cfb6eeb4 791}
ba8e275a
ED		 792#endif
793
b40cf18e
ED		 794static void tcp_v6_init_req(struct request_sock *req,
795 const struct sock *sk_listener,
b9e81040
ED		 796 struct sk_buff *skb,
797 u32 tw_isn)
16bea70a 798{
c2027d1e 799 bool l3_slave = ipv6_l3mdev_skb(TCP_SKB_CB(skb)->header.h6.flags);
16bea70a 800 struct inet_request_sock *ireq = inet_rsk(req);
93a77c11 801 const struct ipv6_pinfo *np = tcp_inet6_sk(sk_listener);
16bea70a
OP		 802
803 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
804 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
805
16bea70a 806 /* So that link locals have meaning */
c2027d1e 807 if ((!sk_listener->sk_bound_dev_if || l3_slave) &&
16bea70a 808 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
870c3151 809 ireq->ir_iif = tcp_v6_iif(skb);
16bea70a 810
b9e81040 811 if (!tw_isn &&
b40cf18e 812 (ipv6_opt_accepted(sk_listener, skb, &TCP_SKB_CB(skb)->header.h6) ||
a224772d 813 np->rxopt.bits.rxinfo ||
16bea70a 814 np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim ||
3cccda8d 815 np->rxopt.bits.rxohlim || inet6_test_bit(REPFLOW, sk_listener))) {
63354797 816 refcount_inc(&skb->users);
16bea70a
OP		 817 ireq->pktopts = skb;
818 }
819}
820
f964629e 821static struct dst_entry *tcp_v6_route_req(const struct sock *sk,
7ea851d1 822 struct sk_buff *skb,
f964629e 823 struct flowi *fl,
b9e81040
ED		 824 struct request_sock *req,
825 u32 tw_isn)
d94e0417 826{
b9e81040 827 tcp_v6_init_req(req, sk, skb, tw_isn);
7ea851d1
FW		 828
829 if (security_inet_conn_request(sk, skb, req))
830 return NULL;
831
f76b33c3 832 return inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP);
d94e0417
OP		 833}
834
c6aefafb 835struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
1da177e4 836 .family = AF_INET6,
2e6599cb 837 .obj_size = sizeof(struct tcp6_request_sock),
5db92c99 838 .rtx_syn_ack = tcp_rtx_synack,
60236fdd
ACM		 839 .send_ack = tcp_v6_reqsk_send_ack,
840 .destructor = tcp_v6_reqsk_destructor,
72659ecc 841 .send_reset = tcp_v6_send_reset,
4aa956d8 842 .syn_ack_timeout = tcp_syn_ack_timeout,
1da177e4
LT		 843};
844
35b2c321 845const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
2aec4a29
OP		 846 .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) -
847 sizeof(struct ipv6hdr),
16bea70a 848#ifdef CONFIG_TCP_MD5SIG
fd3a154a 849 .req_md5_lookup = tcp_v6_md5_lookup,
e3afe7b7 850 .calc_md5_hash = tcp_v6_md5_hash_skb,
b6332e6c 851#endif
06b22ef2
DS		 852#ifdef CONFIG_TCP_AO
853 .ao_lookup = tcp_v6_ao_lookup_rsk,
854 .ao_calc_key = tcp_v6_ao_calc_key_rsk,
9427c6aa 855 .ao_synack_hash = tcp_v6_ao_synack_hash,
06b22ef2 856#endif
fb7b37a7
OP		 857#ifdef CONFIG_SYN_COOKIES
858 .cookie_init_seq = cookie_v6_init_sequence,
859#endif
d94e0417 860 .route_req = tcp_v6_route_req,
84b114b9
ED		 861 .init_seq = tcp_v6_init_seq,
862 .init_ts_off = tcp_v6_init_ts_off,
d6274bd8 863 .send_synack = tcp_v6_send_synack,
16bea70a 864};
cfb6eeb4 865
a00e7444 866static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 seq,
0f85feae 867 u32 ack, u32 win, u32 tsval, u32 tsecr,
ba7783ad
DS		 868 int oif, int rst, u8 tclass, __be32 label,
869 u32 priority, u32 txhash, struct tcp_key *key)
1da177e4 870{
cf533ea5
ED		 871 const struct tcphdr *th = tcp_hdr(skb);
872 struct tcphdr *t1;
1da177e4 873 struct sk_buff *buff;
4c9483b2 874 struct flowi6 fl6;
0f85feae 875 struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
e5047992 876 struct sock *ctl_sk = net->ipv6.tcp_sk;
77c676da 877 unsigned int tot_len = sizeof(struct tcphdr);
dc87efdb 878 __be32 mrst = 0, *topt;
adf30907 879 struct dst_entry *dst;
00483690 880 __u32 mark = 0;
1da177e4 881
ee684b6f 882 if (tsecr)
626e264d 883 tot_len += TCPOLEN_TSTAMP_ALIGNED;
ba7783ad 884 if (tcp_key_is_md5(key))
cfb6eeb4 885 tot_len += TCPOLEN_MD5SIG_ALIGNED;
ba7783ad 886 if (tcp_key_is_ao(key))
da7dfaa6 887 tot_len += tcp_ao_len_aligned(key->ao_key);
cfb6eeb4 888
dc87efdb 889#ifdef CONFIG_MPTCP
ba7783ad 890 if (rst && !tcp_key_is_md5(key)) {
dc87efdb
FW		 891 mrst = mptcp_reset_option(skb);
892
893 if (mrst)
894 tot_len += sizeof(__be32);
895 }
896#endif
897
0ebea8f9 898 buff = alloc_skb(MAX_TCP_HEADER, GFP_ATOMIC);
63159f29 899 if (!buff)
1ab1457c 900 return;
1da177e4 901
0ebea8f9 902 skb_reserve(buff, MAX_TCP_HEADER);
1da177e4 903
d58ff351 904 t1 = skb_push(buff, tot_len);
6651ffc8 905 skb_reset_transport_header(buff);
1da177e4
LT		 906
907 /* Swap the send and the receive. */
908 memset(t1, 0, sizeof(*t1));
909 t1->dest = th->source;
910 t1->source = th->dest;
cfb6eeb4 911 t1->doff = tot_len / 4;
626e264d
IJ		 912 t1->seq = htonl(seq);
913 t1->ack_seq = htonl(ack);
914 t1->ack = !rst || !th->ack;
915 t1->rst = rst;
916 t1->window = htons(win);
1da177e4 917
81ada62d
IJ		 918 topt = (__be32 *)(t1 + 1);
919
ee684b6f 920 if (tsecr) {
626e264d
IJ		 921 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
922 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
ee684b6f
AV		 923 *topt++ = htonl(tsval);
924 *topt++ = htonl(tsecr);
626e264d
IJ		 925 }
926
dc87efdb
FW		 927 if (mrst)
928 *topt++ = mrst;
929
cfb6eeb4 930#ifdef CONFIG_TCP_MD5SIG
ba7783ad 931 if (tcp_key_is_md5(key)) {
81ada62d
IJ		 932 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
933 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
ba7783ad 934 tcp_v6_md5_hash_hdr((__u8 *)topt, key->md5_key,
78e645cb
IJ		 935 &ipv6_hdr(skb)->saddr,
936 &ipv6_hdr(skb)->daddr, t1);
cfb6eeb4
YH		 937 }
938#endif
ba7783ad
DS		 939#ifdef CONFIG_TCP_AO
940 if (tcp_key_is_ao(key)) {
941 *topt++ = htonl((TCPOPT_AO << 24) |
942 (tcp_ao_len(key->ao_key) << 16) |
943 (key->ao_key->sndid << 8) |
944 (key->rcv_next));
945
946 tcp_ao_hash_hdr(AF_INET6, (char *)topt, key->ao_key,
947 key->traffic_key,
948 (union tcp_ao_addr *)&ipv6_hdr(skb)->saddr,
949 (union tcp_ao_addr *)&ipv6_hdr(skb)->daddr,
950 t1, key->sne);
951 }
952#endif
cfb6eeb4 953
4c9483b2 954 memset(&fl6, 0, sizeof(fl6));
4e3fd7a0
AD		 955 fl6.daddr = ipv6_hdr(skb)->saddr;
956 fl6.saddr = ipv6_hdr(skb)->daddr;
1d13a96c 957 fl6.flowlabel = label;
1da177e4 958
e5700aff 959 buff->ip_summed = CHECKSUM_PARTIAL;
e5700aff 960
4c9483b2 961 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
1da177e4 962
4c9483b2 963 fl6.flowi6_proto = IPPROTO_TCP;
a36dbdb2 964 if (rt6_need_strict(&fl6.daddr) && !oif)
870c3151 965 fl6.flowi6_oif = tcp_v6_iif(skb);
9b6c14d5
DA		 966 else {
967 if (!oif && netif_index_is_l3_master(net, skb->skb_iif))
968 oif = skb->skb_iif;
969
970 fl6.flowi6_oif = oif;
971 }
1d2f7b2d 972
c67b8555 973 if (sk) {
aa51b80e 974 if (sk->sk_state == TCP_TIME_WAIT)
c67b8555 975 mark = inet_twsk(sk)->tw_mark;
aa51b80e 976 else
3c5b4d69 977 mark = READ_ONCE(sk->sk_mark);
a1ac9c8a 978 skb_set_delivery_time(buff, tcp_transmit_time(sk), true);
c67b8555 979 }
aa51b80e
ED		 980 if (txhash) {
981 /* autoflowlabel/skb_get_hash_flowi6 rely on buff->hash */
982 skb_set_hash(buff, txhash, PKT_HASH_TYPE_L4);
983 }
00483690 984 fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark) ?: mark;
1958b856
DM		 985 fl6.fl6_dport = t1->dest;
986 fl6.fl6_sport = t1->source;
e2d118a1 987 fl6.flowi6_uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL);
3df98d79 988 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
1da177e4 989
c20121ae
DL		 990 /* Pass a socket to ip6_dst_lookup either it is for RST
991 * Underlying function will use this to retrieve the network
992 * namespace
993 */
e22aa148 994 if (sk && sk->sk_state != TCP_TIME_WAIT)
995 dst = ip6_dst_lookup_flow(net, sk, &fl6, NULL); /*sk's xfrm_policy can be referred*/
996 else
997 dst = ip6_dst_lookup_flow(net, ctl_sk, &fl6, NULL);
68d0c6d3
DM		 998 if (!IS_ERR(dst)) {
999 skb_dst_set(buff, dst);
e92dd77e
WW		 1000 ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL,
1001 tclass & ~INET_ECN_MASK, priority);
c10d9310 1002 TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
68d0c6d3 1003 if (rst)
c10d9310 1004 TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
68d0c6d3 1005 return;
1da177e4
LT		 1006 }
1007
1008 kfree_skb(buff);
1009}
1010
6be49dea
JX		 1011static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb,
1012 enum sk_rst_reason reason)
1da177e4 1013{
cf533ea5 1014 const struct tcphdr *th = tcp_hdr(skb);
323a53c4 1015 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
f7dca36f 1016 const __u8 *md5_hash_location = NULL;
ba7783ad
DS		 1017#if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
1018 bool allocated_traffic_key = false;
658ddaaf 1019#endif
ba7783ad
DS		 1020 const struct tcp_ao_hdr *aoh;
1021 struct tcp_key key = {};
1022 u32 seq = 0, ack_seq = 0;
323a53c4 1023 __be32 label = 0;
e9a5dcee 1024 u32 priority = 0;
323a53c4 1025 struct net *net;
9258b8b1 1026 u32 txhash = 0;
c24b14c4 1027 int oif = 0;
ba7783ad
DS		 1028#ifdef CONFIG_TCP_MD5SIG
1029 unsigned char newhash[16];
1030 int genhash;
1031 struct sock *sk1 = NULL;
1032#endif
1da177e4 1033
626e264d 1034 if (th->rst)
1da177e4
LT		 1035 return;
1036
c3658e8d
ED		 1037 /* If sk not NULL, it means we did a successful lookup and incoming
1038 * route had to be correct. prequeue might have dropped our dst.
1039 */
1040 if (!sk && !ipv6_unicast_destination(skb))
626e264d 1041 return;
1da177e4 1042
39209673 1043 net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
f7dca36f 1044 /* Invalid TCP option size or twice included auth */
ba7783ad 1045 if (tcp_parse_auth_options(th, &md5_hash_location, &aoh))
f7dca36f 1046 return;
ba7783ad 1047#if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
3b24d854 1048 rcu_read_lock();
ba7783ad
DS		 1049#endif
1050#ifdef CONFIG_TCP_MD5SIG
271c3b9b 1051 if (sk && sk_fullsock(sk)) {
dea53bb8
DA		 1052 int l3index;
1053
1054 /* sdif set, means packet ingressed via a device
1055 * in an L3 domain and inet_iif is set to it.
1056 */
1057 l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
ba7783ad
DS		 1058 key.md5_key = tcp_v6_md5_do_lookup(sk, &ipv6h->saddr, l3index);
1059 if (key.md5_key)
1060 key.type = TCP_KEY_MD5;
f7dca36f 1061 } else if (md5_hash_location) {
d14c77e0
DA		 1062 int dif = tcp_v6_iif_l3_slave(skb);
1063 int sdif = tcp_v6_sdif(skb);
dea53bb8 1064 int l3index;
d14c77e0 1065
658ddaaf
SL		 1066 /*
1067 * active side is lost. Try to find listening socket through
1068 * source port, and then find md5 key through listening socket.
1069 * we are not loose security here:
1070 * Incoming packet is checked with md5 hash with finding key,
1071 * no RST generated if md5 hash doesn't match.
1072 */
4461568a
KI		 1073 sk1 = inet6_lookup_listener(net, net->ipv4.tcp_death_row.hashinfo,
1074 NULL, 0, &ipv6h->saddr, th->source,
1075 &ipv6h->daddr, ntohs(th->source),
1076 dif, sdif);
658ddaaf 1077 if (!sk1)
3b24d854 1078 goto out;
658ddaaf 1079
dea53bb8
DA		 1080 /* sdif set, means packet ingressed via a device
1081 * in an L3 domain and dif is set to it.
1082 */
1083 l3index = tcp_v6_sdif(skb) ? dif : 0;
1084
ba7783ad
DS		 1085 key.md5_key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr, l3index);
1086 if (!key.md5_key)
3b24d854 1087 goto out;
ba7783ad 1088 key.type = TCP_KEY_MD5;
658ddaaf 1089
ba7783ad 1090 genhash = tcp_v6_md5_hash_skb(newhash, key.md5_key, NULL, skb);
f7dca36f 1091 if (genhash || memcmp(md5_hash_location, newhash, 16) != 0)
3b24d854 1092 goto out;
658ddaaf 1093 }
cfb6eeb4
YH		 1094#endif
1095
626e264d
IJ		 1096 if (th->ack)
1097 seq = ntohl(th->ack_seq);
1098 else
1099 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
1100 (th->doff << 2);
1da177e4 1101
ba7783ad
DS		 1102#ifdef CONFIG_TCP_AO
1103 if (aoh) {
1104 int l3index;
1105
1106 l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
64382c71 1107 if (tcp_ao_prepare_reset(sk, skb, aoh, l3index, seq,
ba7783ad
DS		 1108 &key.ao_key, &key.traffic_key,
1109 &allocated_traffic_key,
1110 &key.rcv_next, &key.sne))
1111 goto out;
1112 key.type = TCP_KEY_AO;
1113 }
1114#endif
1115
c24b14c4
SL		 1116 if (sk) {
1117 oif = sk->sk_bound_dev_if;
052e0690 1118 if (sk_fullsock(sk)) {
3cccda8d 1119 if (inet6_test_bit(REPFLOW, sk))
052e0690 1120 label = ip6_flowlabel(ipv6h);
10bbf165 1121 priority = READ_ONCE(sk->sk_priority);
dc6456e9 1122 txhash = sk->sk_txhash;
052e0690 1123 }
f6c0f5d2 1124 if (sk->sk_state == TCP_TIME_WAIT) {
50a8accf 1125 label = cpu_to_be32(inet_twsk(sk)->tw_flowlabel);
f6c0f5d2 1126 priority = inet_twsk(sk)->tw_priority;
9258b8b1 1127 txhash = inet_twsk(sk)->tw_txhash;
f6c0f5d2 1128 }
323a53c4 1129 } else {
a346abe0 1130 if (net->ipv6.sysctl.flowlabel_reflect & FLOWLABEL_REFLECT_TCP_RESET)
323a53c4 1131 label = ip6_flowlabel(ipv6h);
c24b14c4
SL		 1132 }
1133
b533fb9c 1134 trace_tcp_send_reset(sk, skb, reason);
19822a98 1135
ba7783ad
DS		 1136 tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, 1,
1137 ipv6_get_dsfield(ipv6h), label, priority, txhash,
1138 &key);
658ddaaf 1139
ba7783ad 1140#if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
3b24d854 1141out:
ba7783ad
DS		 1142 if (allocated_traffic_key)
1143 kfree(key.traffic_key);
3b24d854 1144 rcu_read_unlock();
658ddaaf 1145#endif
626e264d 1146}
1da177e4 1147
a00e7444 1148static void tcp_v6_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq,
0f85feae 1149 u32 ack, u32 win, u32 tsval, u32 tsecr, int oif,
decde258 1150 struct tcp_key *key, u8 tclass,
aa51b80e 1151 __be32 label, u32 priority, u32 txhash)
626e264d 1152{
ba7783ad 1153 tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, 0,
decde258 1154 tclass, label, priority, txhash, key);
1da177e4
LT		 1155}
1156
1157static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1158{
8feaf0c0 1159 struct inet_timewait_sock *tw = inet_twsk(sk);
cfb6eeb4 1160 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
decde258
DS		 1161 struct tcp_key key = {};
1162#ifdef CONFIG_TCP_AO
1163 struct tcp_ao_info *ao_info;
1164
67fa83f7
DS		 1165 if (static_branch_unlikely(&tcp_ao_needed.key)) {
1166
1167 /* FIXME: the segment to-be-acked is not verified yet */
1168 ao_info = rcu_dereference(tcptw->ao_info);
1169 if (ao_info) {
1170 const struct tcp_ao_hdr *aoh;
1171
1172 /* Invalid TCP option size or twice included auth */
1173 if (tcp_parse_auth_options(tcp_hdr(skb), NULL, &aoh))
1174 goto out;
1175 if (aoh)
1176 key.ao_key = tcp_ao_established_key(ao_info,
1177 aoh->rnext_keyid, -1);
decde258
DS		 1178 }
1179 }
1180 if (key.ao_key) {
1181 struct tcp_ao_key *rnext_key;
1182
1183 key.traffic_key = snd_other_key(key.ao_key);
1184 /* rcv_next switches to our rcv_next */
1185 rnext_key = READ_ONCE(ao_info->rnext_key);
1186 key.rcv_next = rnext_key->rcvid;
64382c71 1187 key.sne = READ_ONCE(ao_info->snd_sne);
decde258
DS		 1188 key.type = TCP_KEY_AO;
1189#else
1190 if (0) {
1191#endif
1192#ifdef CONFIG_TCP_MD5SIG
1193 } else if (static_branch_unlikely(&tcp_md5_needed.key)) {
1194 key.md5_key = tcp_twsk_md5_key(tcptw);
1195 if (key.md5_key)
1196 key.type = TCP_KEY_MD5;
1197#endif
1198 }
1da177e4 1199
0f85feae 1200 tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
8feaf0c0 1201 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
16cf6477 1202 tcp_tw_tsval(tcptw),
decde258 1203 tcptw->tw_ts_recent, tw->tw_bound_dev_if, &key,
aa51b80e
ED		 1204 tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel), tw->tw_priority,
1205 tw->tw_txhash);
1da177e4 1206
decde258
DS		 1207#ifdef CONFIG_TCP_AO
1208out:
1209#endif
8feaf0c0 1210 inet_twsk_put(tw);
1da177e4
LT		 1211}
1212
a00e7444 1213static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
6edafaaf 1214 struct request_sock *req)
1da177e4 1215{
decde258
DS		 1216 struct tcp_key key = {};
1217
06b22ef2 1218#ifdef CONFIG_TCP_AO
67fa83f7
DS		 1219 if (static_branch_unlikely(&tcp_ao_needed.key) &&
1220 tcp_rsk_used_ao(req)) {
06b22ef2
DS		 1221 const struct in6_addr *addr = &ipv6_hdr(skb)->saddr;
1222 const struct tcp_ao_hdr *aoh;
1223 int l3index;
1224
1225 l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
1226 /* Invalid TCP option size or twice included auth */
1227 if (tcp_parse_auth_options(tcp_hdr(skb), NULL, &aoh))
1228 return;
1229 if (!aoh)
1230 return;
248411b8
DS		 1231 key.ao_key = tcp_ao_do_lookup(sk, l3index,
1232 (union tcp_ao_addr *)addr,
1233 AF_INET6, aoh->rnext_keyid, -1);
06b22ef2
DS		 1234 if (unlikely(!key.ao_key)) {
1235 /* Send ACK with any matching MKT for the peer */
248411b8
DS		 1236 key.ao_key = tcp_ao_do_lookup(sk, l3index,
1237 (union tcp_ao_addr *)addr,
1238 AF_INET6, -1, -1);
06b22ef2
DS		 1239 /* Matching key disappeared (user removed the key?)
1240 * let the handshake timeout.
1241 */
1242 if (!key.ao_key) {
1243 net_info_ratelimited("TCP-AO key for (%pI6, %d)->(%pI6, %d) suddenly disappeared, won't ACK new connection\n",
1244 addr,
1245 ntohs(tcp_hdr(skb)->source),
1246 &ipv6_hdr(skb)->daddr,
1247 ntohs(tcp_hdr(skb)->dest));
1248 return;
1249 }
1250 }
1251 key.traffic_key = kmalloc(tcp_ao_digest_size(key.ao_key), GFP_ATOMIC);
1252 if (!key.traffic_key)
1253 return;
1254
1255 key.type = TCP_KEY_AO;
1256 key.rcv_next = aoh->keyid;
1257 tcp_v6_ao_calc_key_rsk(key.ao_key, key.traffic_key, req);
1258#else
1259 if (0) {
1260#endif
decde258 1261#ifdef CONFIG_TCP_MD5SIG
06b22ef2 1262 } else if (static_branch_unlikely(&tcp_md5_needed.key)) {
decde258 1263 int l3index = tcp_v6_sdif(skb) ? tcp_v6_iif_l3_slave(skb) : 0;
dea53bb8 1264
decde258
DS		 1265 key.md5_key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->saddr,
1266 l3index);
1267 if (key.md5_key)
1268 key.type = TCP_KEY_MD5;
decde258 1269#endif
06b22ef2 1270 }
dea53bb8 1271
3a19ce0e
DL		 1272 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
1273 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
1274 */
20a2b49f
ED		 1275 /* RFC 7323 2.3
1276 * The window field (SEG.WND) of every outgoing segment, with the
1277 * exception of <SYN> segments, MUST be right-shifted by
1278 * Rcv.Wind.Shift bits:
1279 */
0f85feae 1280 tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ?
3a19ce0e 1281 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
20a2b49f
ED		 1282 tcp_rsk(req)->rcv_nxt,
1283 req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale,
16cf6477 1284 tcp_rsk_tsval(tcp_rsk(req)),
eba20811 1285 READ_ONCE(req->ts_recent), sk->sk_bound_dev_if,
decde258 1286 &key, ipv6_get_dsfield(ipv6_hdr(skb)), 0,
8bf43be7 1287 READ_ONCE(sk->sk_priority),
5e526552 1288 READ_ONCE(tcp_rsk(req)->txhash));
06b22ef2
DS		 1289 if (tcp_key_is_ao(&key))
1290 kfree(key.traffic_key);
1da177e4
LT		 1291}
1292
1293
079096f1 1294static struct sock *tcp_v6_cookie_check(struct sock *sk, struct sk_buff *skb)
1da177e4 1295{
079096f1 1296#ifdef CONFIG_SYN_COOKIES
aa8223c7 1297 const struct tcphdr *th = tcp_hdr(skb);
1da177e4 1298
af9b4738 1299 if (!th->syn)
c6aefafb 1300 sk = cookie_v6_check(sk, skb);
1da177e4
LT		 1301#endif
1302 return sk;
1303}
1304
9349d600
PP		 1305u16 tcp_v6_get_syncookie(struct sock *sk, struct ipv6hdr *iph,
1306 struct tcphdr *th, u32 *cookie)
1307{
1308 u16 mss = 0;
1309#ifdef CONFIG_SYN_COOKIES
1310 mss = tcp_get_syncookie_mss(&tcp6_request_sock_ops,
1311 &tcp_request_sock_ipv6_ops, sk, th);
1312 if (mss) {
1313 *cookie = __cookie_v6_init_sequence(iph, th, &mss);
1314 tcp_synq_overflow(sk);
1315 }
1316#endif
1317 return mss;
1318}
1319
1da177e4
LT		 1320static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1321{
1da177e4
LT		 1322 if (skb->protocol == htons(ETH_P_IP))
1323 return tcp_v4_conn_request(sk, skb);
1324
1325 if (!ipv6_unicast_destination(skb))
1ab1457c 1326 goto drop;
1da177e4 1327
dcc32f4f
JK		 1328 if (ipv6_addr_v4mapped(&ipv6_hdr(skb)->saddr)) {
1329 __IP6_INC_STATS(sock_net(sk), NULL, IPSTATS_MIB_INHDRERRORS);
1330 return 0;
1331 }
1332
1fb6f159
OP		 1333 return tcp_conn_request(&tcp6_request_sock_ops,
1334 &tcp_request_sock_ipv6_ops, sk, skb);
1da177e4
LT		 1335
1336drop:
9caad864 1337 tcp_listendrop(sk);
1da177e4
LT		 1338 return 0; /* don't send reset */
1339}
1340
ebf6c9cb
ED		 1341static void tcp_v6_restore_cb(struct sk_buff *skb)
1342{
1343 /* We need to move header back to the beginning if xfrm6_policy_check()
1344 * and tcp_v6_fill_cb() are going to be called again.
1345 * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there.
1346 */
1347 memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
1348 sizeof(struct inet6_skb_parm));
1349}
1350
0c27171e 1351static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
4c99aa40 1352 struct request_sock *req,
5e0724d0
ED		 1353 struct dst_entry *dst,
1354 struct request_sock *req_unhash,
1355 bool *own_req)
1da177e4 1356{
634fb979 1357 struct inet_request_sock *ireq;
0c27171e 1358 struct ipv6_pinfo *newnp;
93a77c11 1359 const struct ipv6_pinfo *np = tcp_inet6_sk(sk);
45f6fad8 1360 struct ipv6_txoptions *opt;
1da177e4 1361 struct inet_sock *newinet;
01770a16 1362 bool found_dup_sk = false;
1da177e4
LT		 1363 struct tcp_sock *newtp;
1364 struct sock *newsk;
cfb6eeb4
YH		 1365#ifdef CONFIG_TCP_MD5SIG
1366 struct tcp_md5sig_key *key;
dea53bb8 1367 int l3index;
cfb6eeb4 1368#endif
3840a06e 1369 struct flowi6 fl6;
1da177e4
LT		 1370
1371 if (skb->protocol == htons(ETH_P_IP)) {
1372 /*
1373 * v6 mapped
1374 */
1375
5e0724d0
ED		 1376 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst,
1377 req_unhash, own_req);
1da177e4 1378
63159f29 1379 if (!newsk)
1da177e4
LT		 1380 return NULL;
1381
93a77c11 1382 inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk);
1da177e4 1383
93a77c11 1384 newnp = tcp_inet6_sk(newsk);
1da177e4
LT		 1385 newtp = tcp_sk(newsk);
1386
1387 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1388
d1e559d0 1389 newnp->saddr = newsk->sk_v6_rcv_saddr;
1da177e4 1390
8292a17a 1391 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
cec37a6e 1392 if (sk_is_mptcp(newsk))
31484d56 1393 mptcpv6_handle_mapped(newsk, true);
1da177e4 1394 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
4954f17d 1395#if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
cfb6eeb4
YH		 1396 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1397#endif
1398
83eaddab 1399 newnp->ipv6_mc_list = NULL;
676a1184
YZ		 1400 newnp->ipv6_ac_list = NULL;
1401 newnp->ipv6_fl_list = NULL;
1da177e4
LT		 1402 newnp->pktoptions = NULL;
1403 newnp->opt = NULL;
89e41309
ED		 1404 newnp->mcast_oif = inet_iif(skb);
1405 newnp->mcast_hops = ip_hdr(skb)->ttl;
1406 newnp->rcv_flowinfo = 0;
3cccda8d 1407 if (inet6_test_bit(REPFLOW, sk))
89e41309 1408 newnp->flow_label = 0;
1da177e4 1409
e6848976
ACM		 1410 /*
1411 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1412 * here, tcp_create_openreq_child now does this for us, see the comment in
1413 * that function for the gory details. -acme
1da177e4 1414 */
1da177e4
LT		 1415
1416 /* It is tricky place. Until this moment IPv4 tcp
8292a17a 1417 worked with IPv6 icsk.icsk_af_ops.
1da177e4
LT		 1418 Sync it now.
1419 */
d83d8461 1420 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1da177e4
LT		 1421
1422 return newsk;
1423 }
1424
634fb979 1425 ireq = inet_rsk(req);
1da177e4
LT		 1426
1427 if (sk_acceptq_is_full(sk))
1428 goto out_overflow;
1429
493f377d 1430 if (!dst) {
f76b33c3 1431 dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_TCP);
493f377d 1432 if (!dst)
1da177e4 1433 goto out;
1ab1457c 1434 }
1da177e4
LT		 1435
1436 newsk = tcp_create_openreq_child(sk, req, skb);
63159f29 1437 if (!newsk)
093d2823 1438 goto out_nonewsk;
1da177e4 1439
e6848976
ACM		 1440 /*
1441 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1442 * count here, tcp_create_openreq_child now does this for us, see the
1443 * comment in that function for the gory details. -acme
1444 */
1da177e4 1445
59eed279 1446 newsk->sk_gso_type = SKB_GSO_TCPV6;
6bd4f355 1447 ip6_dst_store(newsk, dst, NULL, NULL);
fae6ef87 1448 inet6_sk_rx_dst_set(newsk, skb);
1da177e4 1449
93a77c11 1450 inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk);
1da177e4
LT		 1451
1452 newtp = tcp_sk(newsk);
1453 newinet = inet_sk(newsk);
93a77c11 1454 newnp = tcp_inet6_sk(newsk);
1da177e4
LT		 1455
1456 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1457
634fb979
ED		 1458 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
1459 newnp->saddr = ireq->ir_v6_loc_addr;
1460 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
1461 newsk->sk_bound_dev_if = ireq->ir_iif;
1da177e4 1462
1ab1457c 1463 /* Now IPv6 options...
1da177e4
LT		 1464
1465 First: no IPv4 options.
1466 */
f6d8bd05 1467 newinet->inet_opt = NULL;
83eaddab 1468 newnp->ipv6_mc_list = NULL;
676a1184 1469 newnp->ipv6_ac_list = NULL;
d35690be 1470 newnp->ipv6_fl_list = NULL;
1da177e4
LT		 1471
1472 /* Clone RX bits */
1473 newnp->rxopt.all = np->rxopt.all;
1474
1da177e4 1475 newnp->pktoptions = NULL;
1da177e4 1476 newnp->opt = NULL;
870c3151 1477 newnp->mcast_oif = tcp_v6_iif(skb);
0660e03f 1478 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1397ed35 1479 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
3cccda8d 1480 if (inet6_test_bit(REPFLOW, sk))
df3687ff 1481 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1da177e4 1482
8ef44b6f
WW		 1483 /* Set ToS of the new socket based upon the value of incoming SYN.
1484 * ECT bits are set later in tcp_init_transfer().
1485 */
870e3a63 1486 if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_reflect_tos))
ac8f1710
WW		 1487 newnp->tclass = tcp_rsk(req)->syn_tos & ~INET_ECN_MASK;
1488
1da177e4
LT		 1489 /* Clone native IPv6 options from listening socket (if any)
1490
1491 Yes, keeping reference count would be much more clever,
1492 but we make one more one thing there: reattach optmem
1493 to newsk.
1494 */
56ac42bc
HD		 1495 opt = ireq->ipv6_opt;
1496 if (!opt)
1497 opt = rcu_dereference(np->opt);
45f6fad8
ED		 1498 if (opt) {
1499 opt = ipv6_dup_options(newsk, opt);
1500 RCU_INIT_POINTER(newnp->opt, opt);
1501 }
d83d8461 1502 inet_csk(newsk)->icsk_ext_hdr_len = 0;
45f6fad8
ED		 1503 if (opt)
1504 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen +
1505 opt->opt_flen;
1da177e4 1506
81164413
DB		 1507 tcp_ca_openreq_child(newsk, dst);
1508
1da177e4 1509 tcp_sync_mss(newsk, dst_mtu(dst));
3541f9e8 1510 newtp->advmss = tcp_mss_clamp(tcp_sk(sk), dst_metric_advmss(dst));
d135c522 1511
1da177e4
LT		 1512 tcp_initialize_rcv_mss(newsk);
1513
c720c7e8
ED		 1514 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1515 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1da177e4 1516
cfb6eeb4 1517#ifdef CONFIG_TCP_MD5SIG
dea53bb8
DA		 1518 l3index = l3mdev_master_ifindex_by_index(sock_net(sk), ireq->ir_iif);
1519
06b22ef2
DS		 1520 if (!tcp_rsk_used_ao(req)) {
1521 /* Copy over the MD5 key from the original socket */
1522 key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr, l3index);
1523 if (key) {
1524 const union tcp_md5_addr *addr;
1525
1526 addr = (union tcp_md5_addr *)&newsk->sk_v6_daddr;
1527 if (tcp_md5_key_copy(newsk, addr, AF_INET6, 128, l3index, key)) {
1528 inet_csk_prepare_forced_close(newsk);
1529 tcp_done(newsk);
1530 goto out;
1531 }
b389d1af 1532 }
cfb6eeb4
YH		 1533 }
1534#endif
06b22ef2
DS		 1535#ifdef CONFIG_TCP_AO
1536 /* Copy over tcp_ao_info if any */
1537 if (tcp_ao_copy_all_matching(sk, newsk, req, skb, AF_INET6))
1538 goto out; /* OOM */
1539#endif
cfb6eeb4 1540
093d2823 1541 if (__inet_inherit_port(sk, newsk) < 0) {
e337e24d
CP		 1542 inet_csk_prepare_forced_close(newsk);
1543 tcp_done(newsk);
093d2823
BS		 1544 goto out;
1545 }
01770a16
RD		 1546 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash),
1547 &found_dup_sk);
805c4bc0 1548 if (*own_req) {
49a496c9 1549 tcp_move_syn(newtp, req);
805c4bc0
ED		 1550
1551 /* Clone pktoptions received with SYN, if we own the req */
1552 if (ireq->pktopts) {
ca43ccf4 1553 newnp->pktoptions = skb_clone_and_charge_r(ireq->pktopts, newsk);
805c4bc0
ED		 1554 consume_skb(ireq->pktopts);
1555 ireq->pktopts = NULL;
ca43ccf4 1556 if (newnp->pktoptions)
ebf6c9cb 1557 tcp_v6_restore_cb(newnp->pktoptions);
805c4bc0 1558 }
01770a16
RD		 1559 } else {
1560 if (!req_unhash && found_dup_sk) {
1561 /* This code path should only be executed in the
1562 * syncookie case only
1563 */
1564 bh_unlock_sock(newsk);
1565 sock_put(newsk);
1566 newsk = NULL;
1567 }
ce105008 1568 }
1da177e4
LT		 1569
1570 return newsk;
1571
1572out_overflow:
02a1d6e7 1573 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
093d2823 1574out_nonewsk:
1da177e4 1575 dst_release(dst);
093d2823 1576out:
9caad864 1577 tcp_listendrop(sk);
1da177e4
LT		 1578 return NULL;
1579}
1580
bbd807df
BV		 1581INDIRECT_CALLABLE_DECLARE(struct dst_entry *ipv4_dst_check(struct dst_entry *,
1582 u32));
1da177e4 1583/* The socket must have it's spinlock held when we get
e994b2f0 1584 * here, unless it is a TCP_LISTEN socket.
1da177e4
LT		 1585 *
1586 * We have a potential double-lock case here, so even when
1587 * doing backlog processing we use the BH locking scheme.
1588 * This is because we cannot sleep with the original spinlock
1589 * held.
1590 */
d2489c7b
ED		 1591INDIRECT_CALLABLE_SCOPE
1592int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1da177e4 1593{
93a77c11 1594 struct ipv6_pinfo *np = tcp_inet6_sk(sk);
1da177e4 1595 struct sk_buff *opt_skb = NULL;
8eba65fa 1596 enum skb_drop_reason reason;
93a77c11 1597 struct tcp_sock *tp;
1da177e4
LT		 1598
1599 /* Imagine: socket is IPv6. IPv4 packet arrives,
1600 goes to IPv4 receive handler and backlogged.
1601 From backlog it always goes here. Kerboom...
1602 Fortunately, tcp_rcv_established and rcv_established
1603 handle them correctly, but it is not case with
1604 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1605 */
1606
1607 if (skb->protocol == htons(ETH_P_IP))
1608 return tcp_v4_do_rcv(sk, skb);
1609
1da177e4
LT		 1610 /*
1611 * socket locking is here for SMP purposes as backlog rcv
1612 * is currently called with bh processing disabled.
1613 */
1614
1615 /* Do Stevens' IPV6_PKTOPTIONS.
1616
1617 Yes, guys, it is the only place in our code, where we
1618 may make it not affecting IPv4.
1619 The rest of code is protocol independent,
1620 and I do not like idea to uglify IPv4.
1621
1622 Actually, all the idea behind IPV6_PKTOPTIONS
1623 looks not very well thought. For now we latch
1624 options, received in the last packet, enqueued
1625 by tcp. Feel free to propose better solution.
1ab1457c 1626 --ANK (980728)
1da177e4
LT		 1627 */
1628 if (np->rxopt.all)
ca43ccf4 1629 opt_skb = skb_clone_and_charge_r(skb, sk);
1da177e4
LT		 1630
1631 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
8f905c0e
ED		 1632 struct dst_entry *dst;
1633
1634 dst = rcu_dereference_protected(sk->sk_rx_dst,
1635 lockdep_sock_is_held(sk));
5d299f3d 1636
bdeab991 1637 sock_rps_save_rxhash(sk, skb);
3d97379a 1638 sk_mark_napi_id(sk, skb);
5d299f3d 1639 if (dst) {
0c0a5ef8 1640 if (sk->sk_rx_dst_ifindex != skb->skb_iif ||
bbd807df 1641 INDIRECT_CALL_1(dst->ops->check, ip6_dst_check,
ef57c161 1642 dst, sk->sk_rx_dst_cookie) == NULL) {
8f905c0e 1643 RCU_INIT_POINTER(sk->sk_rx_dst, NULL);
5d299f3d 1644 dst_release(dst);
5d299f3d
ED		 1645 }
1646 }
1647
3d97d88e 1648 tcp_rcv_established(sk, skb);
1da177e4
LT		 1649 if (opt_skb)
1650 goto ipv6_pktoptions;
1651 return 0;
1652 }
1653
12e25e10 1654 if (tcp_checksum_complete(skb))
1da177e4
LT		 1655 goto csum_err;
1656
1ab1457c 1657 if (sk->sk_state == TCP_LISTEN) {
079096f1
ED		 1658 struct sock *nsk = tcp_v6_cookie_check(sk, skb);
1659
4c99aa40 1660 if (nsk != sk) {
ee01defe
JX		 1661 if (nsk) {
1662 reason = tcp_child_process(sk, nsk, skb);
1663 if (reason)
1664 goto reset;
1665 }
1da177e4
LT		 1666 if (opt_skb)
1667 __kfree_skb(opt_skb);
1668 return 0;
1669 }
47482f13 1670 } else
bdeab991 1671 sock_rps_save_rxhash(sk, skb);
1da177e4 1672
b9825695
JX		 1673 reason = tcp_rcv_state_process(sk, skb);
1674 if (reason)
1da177e4 1675 goto reset;
1da177e4
LT		 1676 if (opt_skb)
1677 goto ipv6_pktoptions;
1678 return 0;
1679
1680reset:
120391ef 1681 tcp_v6_send_reset(sk, skb, sk_rst_convert_drop_reason(reason));
1da177e4
LT		 1682discard:
1683 if (opt_skb)
1684 __kfree_skb(opt_skb);
8eba65fa 1685 kfree_skb_reason(skb, reason);
1da177e4
LT		 1686 return 0;
1687csum_err:
8eba65fa 1688 reason = SKB_DROP_REASON_TCP_CSUM;
709c0314 1689 trace_tcp_bad_csum(skb);
c10d9310
ED		 1690 TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS);
1691 TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS);
1da177e4
LT		 1692 goto discard;
1693
1694
1695ipv6_pktoptions:
1696 /* Do you ask, what is it?
1697
1698 1. skb was enqueued by tcp.
1699 2. skb is added to tail of read queue, rather than out of order.
1700 3. socket is not in passive state.
1701 4. Finally, it really contains options, which user wants to receive.
1702 */
1703 tp = tcp_sk(sk);
1704 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1705 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
333fad53 1706 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
d2f011a0 1707 WRITE_ONCE(np->mcast_oif, tcp_v6_iif(opt_skb));
333fad53 1708 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
2da23eb0
ED		 1709 WRITE_ONCE(np->mcast_hops,
1710 ipv6_hdr(opt_skb)->hop_limit);
82e9f105 1711 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
1397ed35 1712 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
3cccda8d 1713 if (inet6_test_bit(REPFLOW, sk))
df3687ff 1714 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
a224772d 1715 if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) {
8ce48623 1716 tcp_v6_restore_cb(opt_skb);
1da177e4
LT		 1717 opt_skb = xchg(&np->pktoptions, opt_skb);
1718 } else {
1719 __kfree_skb(opt_skb);
1720 opt_skb = xchg(&np->pktoptions, NULL);
1721 }
1722 }
1723
12c8691d 1724 consume_skb(opt_skb);
1da177e4
LT		 1725 return 0;
1726}
1727
2dc49d16
ND		 1728static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
1729 const struct tcphdr *th)
1730{
1731 /* This is tricky: we move IP6CB at its correct location into
1732 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
1733 * _decode_session6() uses IP6CB().
1734 * barrier() makes sure compiler won't play aliasing games.
1735 */
1736 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
1737 sizeof(struct inet6_skb_parm));
1738 barrier();
1739
1740 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1741 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1742 skb->len - th->doff*4);
1743 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1744 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
2dc49d16
ND		 1745 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1746 TCP_SKB_CB(skb)->sacked = 0;
98aaa913
MM		 1747 TCP_SKB_CB(skb)->has_rxtstamp =
1748 skb->tstamp || skb_hwtstamps(skb)->hwtstamp;
2dc49d16
ND		 1749}
1750
0e219ae4 1751INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
1da177e4 1752{
c0e3154d 1753 enum skb_drop_reason drop_reason;
4297a0ef 1754 int sdif = inet6_sdif(skb);
d14c77e0 1755 int dif = inet6_iif(skb);
cf533ea5 1756 const struct tcphdr *th;
b71d1d42 1757 const struct ipv6hdr *hdr;
3b24d854 1758 bool refcounted;
1da177e4
LT		 1759 struct sock *sk;
1760 int ret;
41eecbd7 1761 u32 isn;
a86b1e30 1762 struct net *net = dev_net(skb->dev);
1da177e4 1763
c0e3154d 1764 drop_reason = SKB_DROP_REASON_NOT_SPECIFIED;
1da177e4
LT		 1765 if (skb->pkt_type != PACKET_HOST)
1766 goto discard_it;
1767
1768 /*
1769 * Count it even if it's bad.
1770 */
90bbcc60 1771 __TCP_INC_STATS(net, TCP_MIB_INSEGS);
1da177e4
LT		 1772
1773 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1774 goto discard_it;
1775
ea1627c2 1776 th = (const struct tcphdr *)skb->data;
1da177e4 1777
c0e3154d
MD		 1778 if (unlikely(th->doff < sizeof(struct tcphdr) / 4)) {
1779 drop_reason = SKB_DROP_REASON_PKT_TOO_SMALL;
1da177e4 1780 goto bad_packet;
c0e3154d 1781 }
1da177e4
LT		 1782 if (!pskb_may_pull(skb, th->doff*4))
1783 goto discard_it;
1784
e4f45b7f 1785 if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo))
6a5dc9e5 1786 goto csum_error;
1da177e4 1787
ea1627c2 1788 th = (const struct tcphdr *)skb->data;
e802af9c 1789 hdr = ipv6_hdr(skb);
1da177e4 1790
4bdc3d66 1791lookup:
4461568a 1792 sk = __inet6_lookup_skb(net->ipv4.tcp_death_row.hashinfo, skb, __tcp_hdrlen(th),
4297a0ef 1793 th->source, th->dest, inet6_iif(skb), sdif,
3b24d854 1794 &refcounted);
1da177e4
LT		 1795 if (!sk)
1796 goto no_tcp_socket;
1797
1da177e4
LT		 1798 if (sk->sk_state == TCP_TIME_WAIT)
1799 goto do_time_wait;
1800
079096f1
ED		 1801 if (sk->sk_state == TCP_NEW_SYN_RECV) {
1802 struct request_sock *req = inet_reqsk(sk);
e0f9759f 1803 bool req_stolen = false;
7716682c 1804 struct sock *nsk;
079096f1
ED		 1805
1806 sk = req->rsk_listener;
9593c7cb
IM		 1807 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1808 drop_reason = SKB_DROP_REASON_XFRM_POLICY;
1809 else
0a3a8090
DS		 1810 drop_reason = tcp_inbound_hash(sk, req, skb,
1811 &hdr->saddr, &hdr->daddr,
1812 AF_INET6, dif, sdif);
1330b6ef 1813 if (drop_reason) {
e65c332d 1814 sk_drops_add(sk, skb);
079096f1
ED		 1815 reqsk_put(req);
1816 goto discard_it;
1817 }
4fd44a98
FL		 1818 if (tcp_checksum_complete(skb)) {
1819 reqsk_put(req);
1820 goto csum_error;
1821 }
7716682c 1822 if (unlikely(sk->sk_state != TCP_LISTEN)) {
d4f2c86b
KI		 1823 nsk = reuseport_migrate_sock(sk, req_to_sk(req), skb);
1824 if (!nsk) {
1825 inet_csk_reqsk_queue_drop_and_put(sk, req);
1826 goto lookup;
1827 }
1828 sk = nsk;
1829 /* reuseport_migrate_sock() has already held one sk_refcnt
1830 * before returning.
1831 */
1832 } else {
1833 sock_hold(sk);
4bdc3d66 1834 }
3b24d854 1835 refcounted = true;
1f3b359f 1836 nsk = NULL;
eeea10b8
ED		 1837 if (!tcp_filter(sk, skb)) {
1838 th = (const struct tcphdr *)skb->data;
1839 hdr = ipv6_hdr(skb);
1840 tcp_v6_fill_cb(skb, hdr, th);
e0f9759f 1841 nsk = tcp_check_req(sk, skb, req, false, &req_stolen);
c0e3154d
MD		 1842 } else {
1843 drop_reason = SKB_DROP_REASON_SOCKET_FILTER;
eeea10b8 1844 }
079096f1
ED		 1845 if (!nsk) {
1846 reqsk_put(req);
e0f9759f
ED		 1847 if (req_stolen) {
1848 /* Another cpu got exclusive access to req
1849 * and created a full blown socket.
1850 * Try to feed this packet to this socket
1851 * instead of discarding it.
1852 */
1853 tcp_v6_restore_cb(skb);
1854 sock_put(sk);
1855 goto lookup;
1856 }
7716682c 1857 goto discard_and_relse;
079096f1 1858 }
9593c7cb 1859 nf_reset_ct(skb);
079096f1 1860 if (nsk == sk) {
079096f1
ED		 1861 reqsk_put(req);
1862 tcp_v6_restore_cb(skb);
079096f1 1863 } else {
ee01defe
JX		 1864 drop_reason = tcp_child_process(sk, nsk, skb);
1865 if (drop_reason) {
120391ef
JX		 1866 enum sk_rst_reason rst_reason;
1867
1868 rst_reason = sk_rst_convert_drop_reason(drop_reason);
1869 tcp_v6_send_reset(nsk, skb, rst_reason);
ee01defe
JX		 1870 goto discard_and_relse;
1871 }
7716682c 1872 sock_put(sk);
079096f1
ED		 1873 return 0;
1874 }
1875 }
790eb673 1876
d13b0596 1877process:
790eb673
ED		 1878 if (static_branch_unlikely(&ip6_min_hopcount)) {
1879 /* min_hopcount can be changed concurrently from do_ipv6_setsockopt() */
2798e36d 1880 if (unlikely(hdr->hop_limit < READ_ONCE(tcp_inet6_sk(sk)->min_hopcount))) {
790eb673 1881 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
2798e36d 1882 drop_reason = SKB_DROP_REASON_TCP_MINTTL;
790eb673
ED		 1883 goto discard_and_relse;
1884 }
e802af9c
SH		 1885 }
1886
c0e3154d
MD		 1887 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) {
1888 drop_reason = SKB_DROP_REASON_XFRM_POLICY;
1da177e4 1889 goto discard_and_relse;
c0e3154d 1890 }
1da177e4 1891
0a3a8090
DS		 1892 drop_reason = tcp_inbound_hash(sk, NULL, skb, &hdr->saddr, &hdr->daddr,
1893 AF_INET6, dif, sdif);
1330b6ef 1894 if (drop_reason)
9ea88a15 1895 goto discard_and_relse;
9ea88a15 1896
b0e214d2
MK		 1897 nf_reset_ct(skb);
1898
c0e3154d
MD		 1899 if (tcp_filter(sk, skb)) {
1900 drop_reason = SKB_DROP_REASON_SOCKET_FILTER;
1da177e4 1901 goto discard_and_relse;
c0e3154d 1902 }
ac6e7800
ED		 1903 th = (const struct tcphdr *)skb->data;
1904 hdr = ipv6_hdr(skb);
eeea10b8 1905 tcp_v6_fill_cb(skb, hdr, th);
1da177e4
LT		 1906
1907 skb->dev = NULL;
1908
e994b2f0
ED		 1909 if (sk->sk_state == TCP_LISTEN) {
1910 ret = tcp_v6_do_rcv(sk, skb);
1911 goto put_and_return;
1912 }
1913
1914 sk_incoming_cpu_update(sk);
1915
293b9c42 1916 bh_lock_sock_nested(sk);
a44d6eac 1917 tcp_segs_in(tcp_sk(sk), skb);
1da177e4
LT		 1918 ret = 0;
1919 if (!sock_owned_by_user(sk)) {
e7942d06 1920 ret = tcp_v6_do_rcv(sk, skb);
8b27dae5 1921 } else {
7a26dc9e 1922 if (tcp_add_backlog(sk, skb, &drop_reason))
8b27dae5 1923 goto discard_and_relse;
6b03a53a 1924 }
1da177e4 1925 bh_unlock_sock(sk);
e994b2f0 1926put_and_return:
3b24d854
ED		 1927 if (refcounted)
1928 sock_put(sk);
1da177e4
LT		 1929 return ret ? -1 : 0;
1930
1931no_tcp_socket:
c0e3154d 1932 drop_reason = SKB_DROP_REASON_NO_SOCKET;
1da177e4
LT		 1933 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1934 goto discard_it;
1935
2dc49d16
ND		 1936 tcp_v6_fill_cb(skb, hdr, th);
1937
12e25e10 1938 if (tcp_checksum_complete(skb)) {
6a5dc9e5 1939csum_error:
c0e3154d 1940 drop_reason = SKB_DROP_REASON_TCP_CSUM;
709c0314 1941 trace_tcp_bad_csum(skb);
90bbcc60 1942 __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS);
1da177e4 1943bad_packet:
90bbcc60 1944 __TCP_INC_STATS(net, TCP_MIB_INERRS);
1da177e4 1945 } else {
120391ef 1946 tcp_v6_send_reset(NULL, skb, sk_rst_convert_drop_reason(drop_reason));
1da177e4
LT		 1947 }
1948
1949discard_it:
dc776924 1950 SKB_DR_OR(drop_reason, NOT_SPECIFIED);
c0e3154d 1951 kfree_skb_reason(skb, drop_reason);
1da177e4
LT		 1952 return 0;
1953
1954discard_and_relse:
532182cd 1955 sk_drops_add(sk, skb);
3b24d854
ED		 1956 if (refcounted)
1957 sock_put(sk);
1da177e4
LT		 1958 goto discard_it;
1959
1960do_time_wait:
1961 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
c0e3154d 1962 drop_reason = SKB_DROP_REASON_XFRM_POLICY;
9469c7b4 1963 inet_twsk_put(inet_twsk(sk));
1da177e4
LT		 1964 goto discard_it;
1965 }
1966
2dc49d16
ND		 1967 tcp_v6_fill_cb(skb, hdr, th);
1968
6a5dc9e5
ED		 1969 if (tcp_checksum_complete(skb)) {
1970 inet_twsk_put(inet_twsk(sk));
1971 goto csum_error;
1da177e4
LT		 1972 }
1973
41eecbd7 1974 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th, &isn)) {
1da177e4
LT		 1975 case TCP_TW_SYN:
1976 {
1977 struct sock *sk2;
1978
4461568a 1979 sk2 = inet6_lookup_listener(net, net->ipv4.tcp_death_row.hashinfo,
a583636a 1980 skb, __tcp_hdrlen(th),
5ba24953 1981 &ipv6_hdr(skb)->saddr, th->source,
0660e03f 1982 &ipv6_hdr(skb)->daddr,
24b711ed
DA		 1983 ntohs(th->dest),
1984 tcp_v6_iif_l3_slave(skb),
4297a0ef 1985 sdif);
53b24b8f 1986 if (sk2) {
295ff7ed 1987 struct inet_timewait_sock *tw = inet_twsk(sk);
dbe7faa4 1988 inet_twsk_deschedule_put(tw);
1da177e4 1989 sk = sk2;
4ad19de8 1990 tcp_v6_restore_cb(skb);
3b24d854 1991 refcounted = false;
41eecbd7 1992 __this_cpu_write(tcp_tw_isn, isn);
1da177e4
LT		 1993 goto process;
1994 }
1da177e4 1995 }
275757e6 1996 /* to ACK */
a8eceea8 1997 fallthrough;
1da177e4
LT		 1998 case TCP_TW_ACK:
1999 tcp_v6_timewait_ack(sk, skb);
2000 break;
2001 case TCP_TW_RST:
22a32557 2002 tcp_v6_send_reset(sk, skb, SK_RST_REASON_TCP_TIMEWAIT_SOCKET);
271c3b9b
FW		 2003 inet_twsk_deschedule_put(inet_twsk(sk));
2004 goto discard_it;
4aa956d8
WY		 2005 case TCP_TW_SUCCESS:
2006 ;
1da177e4
LT		 2007 }
2008 goto discard_it;
2009}
2010
11052589 2011void tcp_v6_early_demux(struct sk_buff *skb)
c7109986 2012{
4461568a 2013 struct net *net = dev_net(skb->dev);
c7109986
ED		 2014 const struct ipv6hdr *hdr;
2015 const struct tcphdr *th;
2016 struct sock *sk;
2017
2018 if (skb->pkt_type != PACKET_HOST)
2019 return;
2020
2021 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
2022 return;
2023
2024 hdr = ipv6_hdr(skb);
2025 th = tcp_hdr(skb);
2026
2027 if (th->doff < sizeof(struct tcphdr) / 4)
2028 return;
2029
870c3151 2030 /* Note : We use inet6_iif() here, not tcp_v6_iif() */
4461568a 2031 sk = __inet6_lookup_established(net, net->ipv4.tcp_death_row.hashinfo,
c7109986
ED		 2032 &hdr->saddr, th->source,
2033 &hdr->daddr, ntohs(th->dest),
4297a0ef 2034 inet6_iif(skb), inet6_sdif(skb));
c7109986
ED		 2035 if (sk) {
2036 skb->sk = sk;
2037 skb->destructor = sock_edemux;
f7e4eb03 2038 if (sk_fullsock(sk)) {
8f905c0e 2039 struct dst_entry *dst = rcu_dereference(sk->sk_rx_dst);
f3f12135 2040
c7109986 2041 if (dst)
ef57c161 2042 dst = dst_check(dst, sk->sk_rx_dst_cookie);
c7109986 2043 if (dst &&
0c0a5ef8 2044 sk->sk_rx_dst_ifindex == skb->skb_iif)
c7109986
ED		 2045 skb_dst_set_noref(skb, dst);
2046 }
2047 }
2048}
2049
ccb7c410
DM		 2050static struct timewait_sock_ops tcp6_timewait_sock_ops = {
2051 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
4aa956d8 2052 .twsk_destructor = tcp_twsk_destructor,
ccb7c410
DM		 2053};
2054
dd2e0b86
ED		 2055INDIRECT_CALLABLE_SCOPE void tcp_v6_send_check(struct sock *sk, struct sk_buff *skb)
2056{
37354402 2057 __tcp_v6_send_check(skb, &sk->sk_v6_rcv_saddr, &sk->sk_v6_daddr);
dd2e0b86
ED		 2058}
2059
35b2c321 2060const struct inet_connection_sock_af_ops ipv6_specific = {
543d9cfe
ACM		 2061 .queue_xmit = inet6_csk_xmit,
2062 .send_check = tcp_v6_send_check,
2063 .rebuild_header = inet6_sk_rebuild_header,
5d299f3d 2064 .sk_rx_dst_set = inet6_sk_rx_dst_set,
543d9cfe
ACM		 2065 .conn_request = tcp_v6_conn_request,
2066 .syn_recv_sock = tcp_v6_syn_recv_sock,
543d9cfe
ACM		 2067 .net_header_len = sizeof(struct ipv6hdr),
2068 .setsockopt = ipv6_setsockopt,
2069 .getsockopt = ipv6_getsockopt,
2070 .addr2sockaddr = inet6_csk_addr2sockaddr,
2071 .sockaddr_len = sizeof(struct sockaddr_in6),
4fab9071 2072 .mtu_reduced = tcp_v6_mtu_reduced,
1da177e4
LT		 2073};
2074
4954f17d 2075#if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
b2e4b3de 2076static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
4954f17d 2077#ifdef CONFIG_TCP_MD5SIG
cfb6eeb4 2078 .md5_lookup = tcp_v6_md5_lookup,
49a72dfb 2079 .calc_md5_hash = tcp_v6_md5_hash_skb,
cfb6eeb4 2080 .md5_parse = tcp_v6_parse_md5_keys,
4954f17d
DS		 2081#endif
2082#ifdef CONFIG_TCP_AO
0aadc739 2083 .ao_lookup = tcp_v6_ao_lookup,
1e03d32b 2084 .calc_ao_hash = tcp_v6_ao_hash_skb,
4954f17d 2085 .ao_parse = tcp_v6_parse_ao,
7c2ffaf2 2086 .ao_calc_key_sk = tcp_v6_ao_calc_key_sk,
4954f17d 2087#endif
cfb6eeb4 2088};
a928630a 2089#endif
cfb6eeb4 2090
1da177e4
LT		 2091/*
2092 * TCP over IPv4 via INET6 API
2093 */
3b401a81 2094static const struct inet_connection_sock_af_ops ipv6_mapped = {
543d9cfe
ACM		 2095 .queue_xmit = ip_queue_xmit,
2096 .send_check = tcp_v4_send_check,
2097 .rebuild_header = inet_sk_rebuild_header,
63d02d15 2098 .sk_rx_dst_set = inet_sk_rx_dst_set,
543d9cfe
ACM		 2099 .conn_request = tcp_v6_conn_request,
2100 .syn_recv_sock = tcp_v6_syn_recv_sock,
543d9cfe
ACM		 2101 .net_header_len = sizeof(struct iphdr),
2102 .setsockopt = ipv6_setsockopt,
2103 .getsockopt = ipv6_getsockopt,
2104 .addr2sockaddr = inet6_csk_addr2sockaddr,
2105 .sockaddr_len = sizeof(struct sockaddr_in6),
4fab9071 2106 .mtu_reduced = tcp_v4_mtu_reduced,
1da177e4
LT		 2107};
2108
4954f17d 2109#if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
b2e4b3de 2110static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
4954f17d 2111#ifdef CONFIG_TCP_MD5SIG
cfb6eeb4 2112 .md5_lookup = tcp_v4_md5_lookup,
49a72dfb 2113 .calc_md5_hash = tcp_v4_md5_hash_skb,
cfb6eeb4 2114 .md5_parse = tcp_v6_parse_md5_keys,
4954f17d
DS		 2115#endif
2116#ifdef CONFIG_TCP_AO
0aadc739 2117 .ao_lookup = tcp_v6_ao_lookup,
1e03d32b 2118 .calc_ao_hash = tcp_v4_ao_hash_skb,
4954f17d 2119 .ao_parse = tcp_v6_parse_ao,
0a3a8090 2120 .ao_calc_key_sk = tcp_v4_ao_calc_key_sk,
4954f17d 2121#endif
cfb6eeb4 2122};
a928630a 2123#endif
cfb6eeb4 2124
1da177e4
LT		 2125/* NOTE: A lot of things set to zero explicitly by call to
2126 * sk_alloc() so need not be done here.
2127 */
2128static int tcp_v6_init_sock(struct sock *sk)
2129{
6687e988 2130 struct inet_connection_sock *icsk = inet_csk(sk);
1da177e4 2131
900f65d3 2132 tcp_init_sock(sk);
1da177e4 2133
8292a17a 2134 icsk->icsk_af_ops = &ipv6_specific;
1da177e4 2135
4954f17d 2136#if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
ac807fa8 2137 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
cfb6eeb4
YH		 2138#endif
2139
1da177e4
LT		 2140 return 0;
2141}
2142
952a10be 2143#ifdef CONFIG_PROC_FS
1da177e4 2144/* Proc filesystem TCPv6 sock list dumping. */
1ab1457c 2145static void get_openreq6(struct seq_file *seq,
aa3a0c8c 2146 const struct request_sock *req, int i)
1da177e4 2147{
fa76ce73 2148 long ttd = req->rsk_timer.expires - jiffies;
634fb979
ED		 2149 const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
2150 const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
1da177e4
LT		 2151
2152 if (ttd < 0)
2153 ttd = 0;
2154
1da177e4
LT		 2155 seq_printf(seq,
2156 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
d14c5ab6 2157 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
1da177e4
LT		 2158 i,
2159 src->s6_addr32[0], src->s6_addr32[1],
2160 src->s6_addr32[2], src->s6_addr32[3],
b44084c2 2161 inet_rsk(req)->ir_num,
1da177e4
LT		 2162 dest->s6_addr32[0], dest->s6_addr32[1],
2163 dest->s6_addr32[2], dest->s6_addr32[3],
634fb979 2164 ntohs(inet_rsk(req)->ir_rmt_port),
1da177e4 2165 TCP_SYN_RECV,
4c99aa40 2166 0, 0, /* could print option size, but that is af dependent. */
1ab1457c
YH		 2167 1, /* timers active (only the expire timer) */
2168 jiffies_to_clock_t(ttd),
e6c022a4 2169 req->num_timeout,
aa3a0c8c
ED		 2170 from_kuid_munged(seq_user_ns(seq),
2171 sock_i_uid(req->rsk_listener)),
1ab1457c 2172 0, /* non standard timer */
1da177e4
LT		 2173 0, /* open_requests have no inode */
2174 0, req);
2175}
2176
2177static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
2178{
b71d1d42 2179 const struct in6_addr *dest, *src;
1da177e4
LT		 2180 __u16 destp, srcp;
2181 int timer_active;
2182 unsigned long timer_expires;
cf533ea5
ED		 2183 const struct inet_sock *inet = inet_sk(sp);
2184 const struct tcp_sock *tp = tcp_sk(sp);
463c84b9 2185 const struct inet_connection_sock *icsk = inet_csk(sp);
0536fcc0 2186 const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq;
00fd38d9
ED		 2187 int rx_queue;
2188 int state;
1da177e4 2189
efe4208f
ED		 2190 dest = &sp->sk_v6_daddr;
2191 src = &sp->sk_v6_rcv_saddr;
c720c7e8
ED		 2192 destp = ntohs(inet->inet_dport);
2193 srcp = ntohs(inet->inet_sport);
463c84b9 2194
ce3cf4ec 2195 if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
57dde7f7 2196 icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT ||
ce3cf4ec 2197 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
1da177e4 2198 timer_active = 1;
463c84b9
ACM		 2199 timer_expires = icsk->icsk_timeout;
2200 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1da177e4 2201 timer_active = 4;
463c84b9 2202 timer_expires = icsk->icsk_timeout;
1da177e4
LT		 2203 } else if (timer_pending(&sp->sk_timer)) {
2204 timer_active = 2;
2205 timer_expires = sp->sk_timer.expires;
2206 } else {
2207 timer_active = 0;
2208 timer_expires = jiffies;
2209 }
2210
986ffdfd 2211 state = inet_sk_state_load(sp);
00fd38d9 2212 if (state == TCP_LISTEN)
288efe86 2213 rx_queue = READ_ONCE(sp->sk_ack_backlog);
00fd38d9
ED		 2214 else
2215 /* Because we don't lock the socket,
2216 * we might find a transient negative value.
2217 */
dba7d9b8 2218 rx_queue = max_t(int, READ_ONCE(tp->rcv_nxt) -
7db48e98 2219 READ_ONCE(tp->copied_seq), 0);
00fd38d9 2220
1da177e4
LT		 2221 seq_printf(seq,
2222 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
d14c5ab6 2223 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
1da177e4
LT		 2224 i,
2225 src->s6_addr32[0], src->s6_addr32[1],
2226 src->s6_addr32[2], src->s6_addr32[3], srcp,
2227 dest->s6_addr32[0], dest->s6_addr32[1],
2228 dest->s6_addr32[2], dest->s6_addr32[3], destp,
00fd38d9 2229 state,
0f317464 2230 READ_ONCE(tp->write_seq) - tp->snd_una,
00fd38d9 2231 rx_queue,
1da177e4 2232 timer_active,
a399a805 2233 jiffies_delta_to_clock_t(timer_expires - jiffies),
463c84b9 2234 icsk->icsk_retransmits,
a7cb5a49 2235 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
6687e988 2236 icsk->icsk_probes_out,
1da177e4 2237 sock_i_ino(sp),
41c6d650 2238 refcount_read(&sp->sk_refcnt), sp,
7be87351
SH		 2239 jiffies_to_clock_t(icsk->icsk_rto),
2240 jiffies_to_clock_t(icsk->icsk_ack.ato),
31954cd8 2241 (icsk->icsk_ack.quick << 1) | inet_csk_in_pingpong_mode(sp),
40570375 2242 tcp_snd_cwnd(tp),
00fd38d9 2243 state == TCP_LISTEN ?
0536fcc0 2244 fastopenq->max_qlen :
0a672f74 2245 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
1da177e4
LT		 2246 );
2247}
2248
1ab1457c 2249static void get_timewait6_sock(struct seq_file *seq,
8feaf0c0 2250 struct inet_timewait_sock *tw, int i)
1da177e4 2251{
789f558c 2252 long delta = tw->tw_timer.expires - jiffies;
b71d1d42 2253 const struct in6_addr *dest, *src;
1da177e4 2254 __u16 destp, srcp;
1da177e4 2255
efe4208f
ED		 2256 dest = &tw->tw_v6_daddr;
2257 src = &tw->tw_v6_rcv_saddr;
1da177e4
LT		 2258 destp = ntohs(tw->tw_dport);
2259 srcp = ntohs(tw->tw_sport);
2260
2261 seq_printf(seq,
2262 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
71338aa7 2263 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1da177e4
LT		 2264 i,
2265 src->s6_addr32[0], src->s6_addr32[1],
2266 src->s6_addr32[2], src->s6_addr32[3], srcp,
2267 dest->s6_addr32[0], dest->s6_addr32[1],
2268 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2269 tw->tw_substate, 0, 0,
a399a805 2270 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
41c6d650 2271 refcount_read(&tw->tw_refcnt), tw);
1da177e4
LT		 2272}
2273
1da177e4
LT		 2274static int tcp6_seq_show(struct seq_file *seq, void *v)
2275{
2276 struct tcp_iter_state *st;
05dbc7b5 2277 struct sock *sk = v;
1da177e4
LT		 2278
2279 if (v == SEQ_START_TOKEN) {
2280 seq_puts(seq,
2281 " sl "
2282 "local_address "
2283 "remote_address "
2284 "st tx_queue rx_queue tr tm->when retrnsmt"
2285 " uid timeout inode\n");
2286 goto out;
2287 }
2288 st = seq->private;
2289
079096f1
ED		 2290 if (sk->sk_state == TCP_TIME_WAIT)
2291 get_timewait6_sock(seq, v, st->num);
2292 else if (sk->sk_state == TCP_NEW_SYN_RECV)
aa3a0c8c 2293 get_openreq6(seq, v, st->num);
079096f1
ED		 2294 else
2295 get_tcp6_sock(seq, v, st->num);
1da177e4
LT		 2296out:
2297 return 0;
2298}
2299
37d849bb
CH		 2300static const struct seq_operations tcp6_seq_ops = {
2301 .show = tcp6_seq_show,
2302 .start = tcp_seq_start,
2303 .next = tcp_seq_next,
2304 .stop = tcp_seq_stop,
2305};
2306
1da177e4 2307static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1da177e4 2308 .family = AF_INET6,
1da177e4
LT		 2309};
2310
2c8c1e72 2311int __net_init tcp6_proc_init(struct net *net)
1da177e4 2312{
c3506372
CH		 2313 if (!proc_create_net_data("tcp6", 0444, net->proc_net, &tcp6_seq_ops,
2314 sizeof(struct tcp_iter_state), &tcp6_seq_afinfo))
37d849bb
CH		 2315 return -ENOMEM;
2316 return 0;
1da177e4
LT		 2317}
2318
6f8b13bc 2319void tcp6_proc_exit(struct net *net)
1da177e4 2320{
37d849bb 2321 remove_proc_entry("tcp6", net->proc_net);
1da177e4
LT		 2322}
2323#endif
2324
2325struct proto tcpv6_prot = {
2326 .name = "TCPv6",
2327 .owner = THIS_MODULE,
2328 .close = tcp_close,
d74bad4e 2329 .pre_connect = tcp_v6_pre_connect,
1da177e4
LT		 2330 .connect = tcp_v6_connect,
2331 .disconnect = tcp_disconnect,
463c84b9 2332 .accept = inet_csk_accept,
1da177e4
LT		 2333 .ioctl = tcp_ioctl,
2334 .init = tcp_v6_init_sock,
b5fc2923 2335 .destroy = tcp_v4_destroy_sock,
1da177e4
LT		 2336 .shutdown = tcp_shutdown,
2337 .setsockopt = tcp_setsockopt,
2338 .getsockopt = tcp_getsockopt,
9cacf81f 2339 .bpf_bypass_getsockopt = tcp_bpf_bypass_getsockopt,
4b9d07a4 2340 .keepalive = tcp_set_keepalive,
1da177e4 2341 .recvmsg = tcp_recvmsg,
7ba42910 2342 .sendmsg = tcp_sendmsg,
1d7e4538 2343 .splice_eof = tcp_splice_eof,
1da177e4 2344 .backlog_rcv = tcp_v6_do_rcv,
46d3ceab 2345 .release_cb = tcp_release_cb,
496611d7 2346 .hash = inet6_hash,
ab1e0a13
ACM		 2347 .unhash = inet_unhash,
2348 .get_port = inet_csk_get_port,
91a760b2 2349 .put_port = inet_put_port,
8a59f9d1
CW		 2350#ifdef CONFIG_BPF_SYSCALL
2351 .psock_update_sk_prot = tcp_bpf_update_proto,
2352#endif
1da177e4 2353 .enter_memory_pressure = tcp_enter_memory_pressure,
06044751 2354 .leave_memory_pressure = tcp_leave_memory_pressure,
c9bee3b7 2355 .stream_memory_free = tcp_stream_memory_free,
1da177e4 2356 .sockets_allocated = &tcp_sockets_allocated,
0defbb0a 2357
1da177e4 2358 .memory_allocated = &tcp_memory_allocated,
0defbb0a
ED		 2359 .per_cpu_fw_alloc = &tcp_memory_per_cpu_fw_alloc,
2360
1da177e4 2361 .memory_pressure = &tcp_memory_pressure,
0a5578cf 2362 .orphan_count = &tcp_orphan_count,
a4fe34bf 2363 .sysctl_mem = sysctl_tcp_mem,
356d1833
ED		 2364 .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_tcp_wmem),
2365 .sysctl_rmem_offset = offsetof(struct net, ipv4.sysctl_tcp_rmem),
1da177e4
LT		 2366 .max_header = MAX_TCP_HEADER,
2367 .obj_size = sizeof(struct tcp6_sock),
f5f80e32 2368 .ipv6_pinfo_offset = offsetof(struct tcp6_sock, inet6),
5f0d5a3a 2369 .slab_flags = SLAB_TYPESAFE_BY_RCU,
6d6ee43e 2370 .twsk_prot = &tcp6_timewait_sock_ops,
60236fdd 2371 .rsk_prot = &tcp6_request_sock_ops,
429e42c1 2372 .h.hashinfo = NULL,
7ba42910 2373 .no_autobind = true,
c1e64e29 2374 .diag_destroy = tcp_abort,
1da177e4 2375};
6abde0b2 2376EXPORT_SYMBOL_GPL(tcpv6_prot);
1da177e4 2377
1da177e4 2378
1da177e4
LT		 2379static struct inet_protosw tcpv6_protosw = {
2380 .type = SOCK_STREAM,
2381 .protocol = IPPROTO_TCP,
2382 .prot = &tcpv6_prot,
2383 .ops = &inet6_stream_ops,
d83d8461
ACM		 2384 .flags = INET_PROTOSW_PERMANENT |
2385 INET_PROTOSW_ICSK,
1da177e4
LT		 2386};
2387
2c8c1e72 2388static int __net_init tcpv6_net_init(struct net *net)
93ec926b 2389{
5677242f
DL		 2390 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2391 SOCK_RAW, IPPROTO_TCP, net);
93ec926b
DL		 2392}
2393
2c8c1e72 2394static void __net_exit tcpv6_net_exit(struct net *net)
93ec926b 2395{
5677242f 2396 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
b099ce26
EB		 2397}
2398
93ec926b 2399static struct pernet_operations tcpv6_net_ops = {
b099ce26
EB		 2400 .init = tcpv6_net_init,
2401 .exit = tcpv6_net_exit,
93ec926b
DL		 2402};
2403
7f4e4868 2404int __init tcpv6_init(void)
1da177e4 2405{
7f4e4868
DL		 2406 int ret;
2407
4ea0875b
ED		 2408 net_hotdata.tcpv6_protocol = (struct inet6_protocol) {
2409 .handler = tcp_v6_rcv,
2410 .err_handler = tcp_v6_err,
2411 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_FINAL,
2412 };
2413 ret = inet6_add_protocol(&net_hotdata.tcpv6_protocol, IPPROTO_TCP);
3336288a 2414 if (ret)
c6b641a4 2415 goto out;
3336288a 2416
1da177e4 2417 /* register inet6 protocol */
7f4e4868
DL		 2418 ret = inet6_register_protosw(&tcpv6_protosw);
2419 if (ret)
2420 goto out_tcpv6_protocol;
2421
93ec926b 2422 ret = register_pernet_subsys(&tcpv6_net_ops);
7f4e4868
DL		 2423 if (ret)
2424 goto out_tcpv6_protosw;
f870fa0b
MM		 2425
2426 ret = mptcpv6_init();
2427 if (ret)
2428 goto out_tcpv6_pernet_subsys;
2429
7f4e4868
DL		 2430out:
2431 return ret;
ae0f7d5f 2432
f870fa0b
MM		 2433out_tcpv6_pernet_subsys:
2434 unregister_pernet_subsys(&tcpv6_net_ops);
7f4e4868
DL		 2435out_tcpv6_protosw:
2436 inet6_unregister_protosw(&tcpv6_protosw);
3336288a 2437out_tcpv6_protocol:
4ea0875b 2438 inet6_del_protocol(&net_hotdata.tcpv6_protocol, IPPROTO_TCP);
7f4e4868
DL		 2439 goto out;
2440}
2441
09f7709f 2442void tcpv6_exit(void)
7f4e4868 2443{
93ec926b 2444 unregister_pernet_subsys(&tcpv6_net_ops);
7f4e4868 2445 inet6_unregister_protosw(&tcpv6_protosw);
4ea0875b 2446 inet6_del_protocol(&net_hotdata.tcpv6_protocol, IPPROTO_TCP);
1da177e4 2447}
A mirror of Linus' kernel repository