2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * Implementation of the Transmission Control Protocol(TCP).
8 * IPv4 specific functions
13 * linux/ipv4/tcp_input.c
14 * linux/ipv4/tcp_output.c
16 * See tcp.c for author information
18 * This program is free software; you can redistribute it and/or
19 * modify it under the terms of the GNU General Public License
20 * as published by the Free Software Foundation; either version
21 * 2 of the License, or (at your option) any later version.
26 * David S. Miller : New socket lookup architecture.
27 * This code is dedicated to John Dyson.
28 * David S. Miller : Change semantics of established hash,
29 * half is devoted to TIME_WAIT sockets
30 * and the rest go in the other half.
31 * Andi Kleen : Add support for syncookies and fixed
32 * some bugs: ip options weren't passed to
33 * the TCP layer, missed a check for an
35 * Andi Kleen : Implemented fast path mtu discovery.
36 * Fixed many serious bugs in the
37 * request_sock handling and moved
38 * most of it into the af independent code.
39 * Added tail drop and some other bugfixes.
40 * Added new listen semantics.
41 * Mike McLagan : Routing by source
42 * Juan Jose Ciarlante: ip_dynaddr bits
43 * Andi Kleen: various fixes.
44 * Vitaly E. Lavrov : Transparent proxy revived after year
46 * Andi Kleen : Fix new listen.
47 * Andi Kleen : Fix accept error reporting.
48 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
49 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
50 * a single port at the same time.
53 #define pr_fmt(fmt) "TCP: " fmt
55 #include <linux/bottom_half.h>
56 #include <linux/types.h>
57 #include <linux/fcntl.h>
58 #include <linux/module.h>
59 #include <linux/random.h>
60 #include <linux/cache.h>
61 #include <linux/jhash.h>
62 #include <linux/init.h>
63 #include <linux/times.h>
64 #include <linux/slab.h>
66 #include <net/net_namespace.h>
68 #include <net/inet_hashtables.h>
70 #include <net/transp_v6.h>
72 #include <net/inet_common.h>
73 #include <net/timewait_sock.h>
75 #include <net/netdma.h>
76 #include <net/secure_seq.h>
77 #include <net/tcp_memcontrol.h>
79 #include <linux/inet.h>
80 #include <linux/ipv6.h>
81 #include <linux/stddef.h>
82 #include <linux/proc_fs.h>
83 #include <linux/seq_file.h>
85 #include <linux/crypto.h>
86 #include <linux/scatterlist.h>
88 int sysctl_tcp_tw_reuse __read_mostly;
89 int sysctl_tcp_low_latency __read_mostly;
90 EXPORT_SYMBOL(sysctl_tcp_low_latency);
93 #ifdef CONFIG_TCP_MD5SIG
94 static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
95 __be32 daddr, __be32 saddr, const struct tcphdr *th);
98 struct inet_hashinfo tcp_hashinfo;
99 EXPORT_SYMBOL(tcp_hashinfo);
101 static inline __u32 tcp_v4_init_sequence(const struct sk_buff *skb)
103 return secure_tcp_sequence_number(ip_hdr(skb)->daddr,
106 tcp_hdr(skb)->source);
109 int tcp_twsk_unique(struct sock *sk, struct sock *sktw, void *twp)
111 const struct tcp_timewait_sock *tcptw = tcp_twsk(sktw);
112 struct tcp_sock *tp = tcp_sk(sk);
114 /* With PAWS, it is safe from the viewpoint
115 of data integrity. Even without PAWS it is safe provided sequence
116 spaces do not overlap i.e. at data rates <= 80Mbit/sec.
118 Actually, the idea is close to VJ's one, only timestamp cache is
119 held not per host, but per port pair and TW bucket is used as state
122 If TW bucket has been already destroyed we fall back to VJ's scheme
123 and use initial timestamp retrieved from peer table.
125 if (tcptw->tw_ts_recent_stamp &&
126 (twp == NULL || (sysctl_tcp_tw_reuse &&
127 get_seconds() - tcptw->tw_ts_recent_stamp > 1))) {
128 tp->write_seq = tcptw->tw_snd_nxt + 65535 + 2;
129 if (tp->write_seq == 0)
131 tp->rx_opt.ts_recent = tcptw->tw_ts_recent;
132 tp->rx_opt.ts_recent_stamp = tcptw->tw_ts_recent_stamp;
139 EXPORT_SYMBOL_GPL(tcp_twsk_unique);
141 static int tcp_repair_connect(struct sock *sk)
143 tcp_connect_init(sk);
144 tcp_finish_connect(sk, NULL);
149 /* This will initiate an outgoing connection. */
150 int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
152 struct sockaddr_in *usin = (struct sockaddr_in *)uaddr;
153 struct inet_sock *inet = inet_sk(sk);
154 struct tcp_sock *tp = tcp_sk(sk);
155 __be16 orig_sport, orig_dport;
156 __be32 daddr, nexthop;
160 struct ip_options_rcu *inet_opt;
162 if (addr_len < sizeof(struct sockaddr_in))
165 if (usin->sin_family != AF_INET)
166 return -EAFNOSUPPORT;
168 nexthop = daddr = usin->sin_addr.s_addr;
169 inet_opt = rcu_dereference_protected(inet->inet_opt,
170 sock_owned_by_user(sk));
171 if (inet_opt && inet_opt->opt.srr) {
174 nexthop = inet_opt->opt.faddr;
177 orig_sport = inet->inet_sport;
178 orig_dport = usin->sin_port;
179 fl4 = &inet->cork.fl.u.ip4;
180 rt = ip_route_connect(fl4, nexthop, inet->inet_saddr,
181 RT_CONN_FLAGS(sk), sk->sk_bound_dev_if,
183 orig_sport, orig_dport, sk, true);
186 if (err == -ENETUNREACH)
187 IP_INC_STATS_BH(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
191 if (rt->rt_flags & (RTCF_MULTICAST | RTCF_BROADCAST)) {
196 if (!inet_opt || !inet_opt->opt.srr)
199 if (!inet->inet_saddr)
200 inet->inet_saddr = fl4->saddr;
201 inet->inet_rcv_saddr = inet->inet_saddr;
203 if (tp->rx_opt.ts_recent_stamp && inet->inet_daddr != daddr) {
204 /* Reset inherited state */
205 tp->rx_opt.ts_recent = 0;
206 tp->rx_opt.ts_recent_stamp = 0;
207 if (likely(!tp->repair))
211 if (tcp_death_row.sysctl_tw_recycle &&
212 !tp->rx_opt.ts_recent_stamp && fl4->daddr == daddr)
213 tcp_fetch_timewait_stamp(sk, &rt->dst);
215 inet->inet_dport = usin->sin_port;
216 inet->inet_daddr = daddr;
218 inet_csk(sk)->icsk_ext_hdr_len = 0;
220 inet_csk(sk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
222 tp->rx_opt.mss_clamp = TCP_MSS_DEFAULT;
224 /* Socket identity is still unknown (sport may be zero).
225 * However we set state to SYN-SENT and not releasing socket
226 * lock select source port, enter ourselves into the hash tables and
227 * complete initialization after this.
229 tcp_set_state(sk, TCP_SYN_SENT);
230 err = inet_hash_connect(&tcp_death_row, sk);
234 rt = ip_route_newports(fl4, rt, orig_sport, orig_dport,
235 inet->inet_sport, inet->inet_dport, sk);
241 /* OK, now commit destination to socket. */
242 sk->sk_gso_type = SKB_GSO_TCPV4;
243 sk_setup_caps(sk, &rt->dst);
245 if (!tp->write_seq && likely(!tp->repair))
246 tp->write_seq = secure_tcp_sequence_number(inet->inet_saddr,
251 inet->inet_id = tp->write_seq ^ jiffies;
253 if (likely(!tp->repair))
254 err = tcp_connect(sk);
256 err = tcp_repair_connect(sk);
266 * This unhashes the socket and releases the local port,
269 tcp_set_state(sk, TCP_CLOSE);
271 sk->sk_route_caps = 0;
272 inet->inet_dport = 0;
275 EXPORT_SYMBOL(tcp_v4_connect);
278 * This routine reacts to ICMP_FRAG_NEEDED mtu indications as defined in RFC1191.
279 * It can be called through tcp_release_cb() if socket was owned by user
280 * at the time tcp_v4_err() was called to handle ICMP message.
282 static void tcp_v4_mtu_reduced(struct sock *sk)
284 struct dst_entry *dst;
285 struct inet_sock *inet = inet_sk(sk);
286 u32 mtu = tcp_sk(sk)->mtu_info;
288 /* We are not interested in TCP_LISTEN and open_requests (SYN-ACKs
289 * send out by Linux are always <576bytes so they should go through
292 if (sk->sk_state == TCP_LISTEN)
295 dst = inet_csk_update_pmtu(sk, mtu);
299 /* Something is about to be wrong... Remember soft error
300 * for the case, if this connection will not able to recover.
302 if (mtu < dst_mtu(dst) && ip_dont_fragment(sk, dst))
303 sk->sk_err_soft = EMSGSIZE;
307 if (inet->pmtudisc != IP_PMTUDISC_DONT &&
308 inet_csk(sk)->icsk_pmtu_cookie > mtu) {
309 tcp_sync_mss(sk, mtu);
311 /* Resend the TCP packet because it's
312 * clear that the old packet has been
313 * dropped. This is the new "fast" path mtu
316 tcp_simple_retransmit(sk);
317 } /* else let the usual retransmit timer handle it */
320 static void do_redirect(struct sk_buff *skb, struct sock *sk)
322 struct dst_entry *dst = __sk_dst_check(sk, 0);
325 dst->ops->redirect(dst, sk, skb);
329 * This routine is called by the ICMP module when it gets some
330 * sort of error condition. If err < 0 then the socket should
331 * be closed and the error returned to the user. If err > 0
332 * it's just the icmp type << 8 | icmp code. After adjustment
333 * header points to the first 8 bytes of the tcp header. We need
334 * to find the appropriate port.
336 * The locking strategy used here is very "optimistic". When
337 * someone else accesses the socket the ICMP is just dropped
338 * and for some paths there is no check at all.
339 * A more general error queue to queue errors for later handling
340 * is probably better.
344 void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
346 const struct iphdr *iph = (const struct iphdr *)icmp_skb->data;
347 struct tcphdr *th = (struct tcphdr *)(icmp_skb->data + (iph->ihl << 2));
348 struct inet_connection_sock *icsk;
350 struct inet_sock *inet;
351 const int type = icmp_hdr(icmp_skb)->type;
352 const int code = icmp_hdr(icmp_skb)->code;
355 struct request_sock *req;
359 struct net *net = dev_net(icmp_skb->dev);
361 if (icmp_skb->len < (iph->ihl << 2) + 8) {
362 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
366 sk = inet_lookup(net, &tcp_hashinfo, iph->daddr, th->dest,
367 iph->saddr, th->source, inet_iif(icmp_skb));
369 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
372 if (sk->sk_state == TCP_TIME_WAIT) {
373 inet_twsk_put(inet_twsk(sk));
378 /* If too many ICMPs get dropped on busy
379 * servers this needs to be solved differently.
380 * We do take care of PMTU discovery (RFC1191) special case :
381 * we can receive locally generated ICMP messages while socket is held.
383 if (sock_owned_by_user(sk) &&
384 type != ICMP_DEST_UNREACH &&
385 code != ICMP_FRAG_NEEDED)
386 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
388 if (sk->sk_state == TCP_CLOSE)
391 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
392 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
398 req = tp->fastopen_rsk;
399 seq = ntohl(th->seq);
400 if (sk->sk_state != TCP_LISTEN &&
401 !between(seq, tp->snd_una, tp->snd_nxt) &&
402 (req == NULL || seq != tcp_rsk(req)->snt_isn)) {
403 /* For a Fast Open socket, allow seq to be snt_isn. */
404 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
410 do_redirect(icmp_skb, sk);
412 case ICMP_SOURCE_QUENCH:
413 /* Just silently ignore these. */
415 case ICMP_PARAMETERPROB:
418 case ICMP_DEST_UNREACH:
419 if (code > NR_ICMP_UNREACH)
422 if (code == ICMP_FRAG_NEEDED) { /* PMTU discovery (RFC1191) */
424 if (!sock_owned_by_user(sk)) {
425 tcp_v4_mtu_reduced(sk);
427 if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED, &tp->tsq_flags))
433 err = icmp_err_convert[code].errno;
434 /* check if icmp_skb allows revert of backoff
435 * (see draft-zimmermann-tcp-lcd) */
436 if (code != ICMP_NET_UNREACH && code != ICMP_HOST_UNREACH)
438 if (seq != tp->snd_una || !icsk->icsk_retransmits ||
442 /* XXX (TFO) - revisit the following logic for TFO */
444 if (sock_owned_by_user(sk))
447 icsk->icsk_backoff--;
448 inet_csk(sk)->icsk_rto = (tp->srtt ? __tcp_set_rto(tp) :
449 TCP_TIMEOUT_INIT) << icsk->icsk_backoff;
452 skb = tcp_write_queue_head(sk);
455 remaining = icsk->icsk_rto - min(icsk->icsk_rto,
456 tcp_time_stamp - TCP_SKB_CB(skb)->when);
459 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
460 remaining, TCP_RTO_MAX);
462 /* RTO revert clocked out retransmission.
463 * Will retransmit now */
464 tcp_retransmit_timer(sk);
468 case ICMP_TIME_EXCEEDED:
475 /* XXX (TFO) - if it's a TFO socket and has been accepted, rather
476 * than following the TCP_SYN_RECV case and closing the socket,
477 * we ignore the ICMP error and keep trying like a fully established
478 * socket. Is this the right thing to do?
480 if (req && req->sk == NULL)
483 switch (sk->sk_state) {
484 struct request_sock *req, **prev;
486 if (sock_owned_by_user(sk))
489 req = inet_csk_search_req(sk, &prev, th->dest,
490 iph->daddr, iph->saddr);
494 /* ICMPs are not backlogged, hence we cannot get
495 an established socket here.
499 if (seq != tcp_rsk(req)->snt_isn) {
500 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
505 * Still in SYN_RECV, just remove it silently.
506 * There is no good way to pass the error to the newly
507 * created socket, and POSIX does not want network
508 * errors returned from accept().
510 inet_csk_reqsk_queue_drop(sk, req, prev);
514 case TCP_SYN_RECV: /* Cannot happen.
515 It can f.e. if SYNs crossed,
518 if (!sock_owned_by_user(sk)) {
521 sk->sk_error_report(sk);
525 sk->sk_err_soft = err;
530 /* If we've already connected we will keep trying
531 * until we time out, or the user gives up.
533 * rfc1122 4.2.3.9 allows to consider as hard errors
534 * only PROTO_UNREACH and PORT_UNREACH (well, FRAG_FAILED too,
535 * but it is obsoleted by pmtu discovery).
537 * Note, that in modern internet, where routing is unreliable
538 * and in each dark corner broken firewalls sit, sending random
539 * errors ordered by their masters even this two messages finally lose
540 * their original sense (even Linux sends invalid PORT_UNREACHs)
542 * Now we are in compliance with RFCs.
547 if (!sock_owned_by_user(sk) && inet->recverr) {
549 sk->sk_error_report(sk);
550 } else { /* Only an error on timeout */
551 sk->sk_err_soft = err;
559 static void __tcp_v4_send_check(struct sk_buff *skb,
560 __be32 saddr, __be32 daddr)
562 struct tcphdr *th = tcp_hdr(skb);
564 if (skb->ip_summed == CHECKSUM_PARTIAL) {
565 th->check = ~tcp_v4_check(skb->len, saddr, daddr, 0);
566 skb->csum_start = skb_transport_header(skb) - skb->head;
567 skb->csum_offset = offsetof(struct tcphdr, check);
569 th->check = tcp_v4_check(skb->len, saddr, daddr,
576 /* This routine computes an IPv4 TCP checksum. */
577 void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb)
579 const struct inet_sock *inet = inet_sk(sk);
581 __tcp_v4_send_check(skb, inet->inet_saddr, inet->inet_daddr);
583 EXPORT_SYMBOL(tcp_v4_send_check);
585 int tcp_v4_gso_send_check(struct sk_buff *skb)
587 const struct iphdr *iph;
590 if (!pskb_may_pull(skb, sizeof(*th)))
597 skb->ip_summed = CHECKSUM_PARTIAL;
598 __tcp_v4_send_check(skb, iph->saddr, iph->daddr);
603 * This routine will send an RST to the other tcp.
605 * Someone asks: why I NEVER use socket parameters (TOS, TTL etc.)
607 * Answer: if a packet caused RST, it is not for a socket
608 * existing in our system, if it is matched to a socket,
609 * it is just duplicate segment or bug in other side's TCP.
610 * So that we build reply only basing on parameters
611 * arrived with segment.
612 * Exception: precedence violation. We do not implement it in any case.
615 static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
617 const struct tcphdr *th = tcp_hdr(skb);
620 #ifdef CONFIG_TCP_MD5SIG
621 __be32 opt[(TCPOLEN_MD5SIG_ALIGNED >> 2)];
624 struct ip_reply_arg arg;
625 #ifdef CONFIG_TCP_MD5SIG
626 struct tcp_md5sig_key *key;
627 const __u8 *hash_location = NULL;
628 unsigned char newhash[16];
630 struct sock *sk1 = NULL;
634 /* Never send a reset in response to a reset. */
638 if (skb_rtable(skb)->rt_type != RTN_LOCAL)
641 /* Swap the send and the receive. */
642 memset(&rep, 0, sizeof(rep));
643 rep.th.dest = th->source;
644 rep.th.source = th->dest;
645 rep.th.doff = sizeof(struct tcphdr) / 4;
649 rep.th.seq = th->ack_seq;
652 rep.th.ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin +
653 skb->len - (th->doff << 2));
656 memset(&arg, 0, sizeof(arg));
657 arg.iov[0].iov_base = (unsigned char *)&rep;
658 arg.iov[0].iov_len = sizeof(rep.th);
660 #ifdef CONFIG_TCP_MD5SIG
661 hash_location = tcp_parse_md5sig_option(th);
662 if (!sk && hash_location) {
664 * active side is lost. Try to find listening socket through
665 * source port, and then find md5 key through listening socket.
666 * we are not loose security here:
667 * Incoming packet is checked with md5 hash with finding key,
668 * no RST generated if md5 hash doesn't match.
670 sk1 = __inet_lookup_listener(dev_net(skb_dst(skb)->dev),
671 &tcp_hashinfo, ip_hdr(skb)->daddr,
672 ntohs(th->source), inet_iif(skb));
673 /* don't send rst if it can't find key */
677 key = tcp_md5_do_lookup(sk1, (union tcp_md5_addr *)
678 &ip_hdr(skb)->saddr, AF_INET);
682 genhash = tcp_v4_md5_hash_skb(newhash, key, NULL, NULL, skb);
683 if (genhash || memcmp(hash_location, newhash, 16) != 0)
686 key = sk ? tcp_md5_do_lookup(sk, (union tcp_md5_addr *)
692 rep.opt[0] = htonl((TCPOPT_NOP << 24) |
694 (TCPOPT_MD5SIG << 8) |
696 /* Update length and the length the header thinks exists */
697 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
698 rep.th.doff = arg.iov[0].iov_len / 4;
700 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[1],
701 key, ip_hdr(skb)->saddr,
702 ip_hdr(skb)->daddr, &rep.th);
705 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
706 ip_hdr(skb)->saddr, /* XXX */
707 arg.iov[0].iov_len, IPPROTO_TCP, 0);
708 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
709 arg.flags = (sk && inet_sk(sk)->transparent) ? IP_REPLY_ARG_NOSRCCHECK : 0;
710 /* When socket is gone, all binding information is lost.
711 * routing might fail in this case. No choice here, if we choose to force
712 * input interface, we will misroute in case of asymmetric route.
715 arg.bound_dev_if = sk->sk_bound_dev_if;
717 net = dev_net(skb_dst(skb)->dev);
718 arg.tos = ip_hdr(skb)->tos;
719 ip_send_unicast_reply(net, skb, ip_hdr(skb)->saddr,
720 ip_hdr(skb)->daddr, &arg, arg.iov[0].iov_len);
722 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
723 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
725 #ifdef CONFIG_TCP_MD5SIG
734 /* The code following below sending ACKs in SYN-RECV and TIME-WAIT states
735 outside socket context is ugly, certainly. What can I do?
738 static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, u32 ack,
739 u32 win, u32 ts, int oif,
740 struct tcp_md5sig_key *key,
741 int reply_flags, u8 tos)
743 const struct tcphdr *th = tcp_hdr(skb);
746 __be32 opt[(TCPOLEN_TSTAMP_ALIGNED >> 2)
747 #ifdef CONFIG_TCP_MD5SIG
748 + (TCPOLEN_MD5SIG_ALIGNED >> 2)
752 struct ip_reply_arg arg;
753 struct net *net = dev_net(skb_dst(skb)->dev);
755 memset(&rep.th, 0, sizeof(struct tcphdr));
756 memset(&arg, 0, sizeof(arg));
758 arg.iov[0].iov_base = (unsigned char *)&rep;
759 arg.iov[0].iov_len = sizeof(rep.th);
761 rep.opt[0] = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
762 (TCPOPT_TIMESTAMP << 8) |
764 rep.opt[1] = htonl(tcp_time_stamp);
765 rep.opt[2] = htonl(ts);
766 arg.iov[0].iov_len += TCPOLEN_TSTAMP_ALIGNED;
769 /* Swap the send and the receive. */
770 rep.th.dest = th->source;
771 rep.th.source = th->dest;
772 rep.th.doff = arg.iov[0].iov_len / 4;
773 rep.th.seq = htonl(seq);
774 rep.th.ack_seq = htonl(ack);
776 rep.th.window = htons(win);
778 #ifdef CONFIG_TCP_MD5SIG
780 int offset = (ts) ? 3 : 0;
782 rep.opt[offset++] = htonl((TCPOPT_NOP << 24) |
784 (TCPOPT_MD5SIG << 8) |
786 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
787 rep.th.doff = arg.iov[0].iov_len/4;
789 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[offset],
790 key, ip_hdr(skb)->saddr,
791 ip_hdr(skb)->daddr, &rep.th);
794 arg.flags = reply_flags;
795 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
796 ip_hdr(skb)->saddr, /* XXX */
797 arg.iov[0].iov_len, IPPROTO_TCP, 0);
798 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
800 arg.bound_dev_if = oif;
802 ip_send_unicast_reply(net, skb, ip_hdr(skb)->saddr,
803 ip_hdr(skb)->daddr, &arg, arg.iov[0].iov_len);
805 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
808 static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb)
810 struct inet_timewait_sock *tw = inet_twsk(sk);
811 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
813 tcp_v4_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
814 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
817 tcp_twsk_md5_key(tcptw),
818 tw->tw_transparent ? IP_REPLY_ARG_NOSRCCHECK : 0,
825 static void tcp_v4_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
826 struct request_sock *req)
828 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
829 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
831 tcp_v4_send_ack(skb, (sk->sk_state == TCP_LISTEN) ?
832 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
833 tcp_rsk(req)->rcv_nxt, req->rcv_wnd,
836 tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&ip_hdr(skb)->daddr,
838 inet_rsk(req)->no_srccheck ? IP_REPLY_ARG_NOSRCCHECK : 0,
843 * Send a SYN-ACK after having received a SYN.
844 * This still operates on a request_sock only, not on a big
847 static int tcp_v4_send_synack(struct sock *sk, struct dst_entry *dst,
848 struct request_sock *req,
849 struct request_values *rvp,
853 const struct inet_request_sock *ireq = inet_rsk(req);
856 struct sk_buff * skb;
858 /* First, grab a route. */
859 if (!dst && (dst = inet_csk_route_req(sk, &fl4, req)) == NULL)
862 skb = tcp_make_synack(sk, dst, req, rvp, NULL);
865 __tcp_v4_send_check(skb, ireq->loc_addr, ireq->rmt_addr);
867 skb_set_queue_mapping(skb, queue_mapping);
868 err = ip_build_and_send_pkt(skb, sk, ireq->loc_addr,
871 err = net_xmit_eval(err);
872 if (!tcp_rsk(req)->snt_synack && !err)
873 tcp_rsk(req)->snt_synack = tcp_time_stamp;
879 static int tcp_v4_rtx_synack(struct sock *sk, struct request_sock *req,
880 struct request_values *rvp)
882 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_RETRANSSEGS);
883 return tcp_v4_send_synack(sk, NULL, req, rvp, 0, false);
887 * IPv4 request_sock destructor.
889 static void tcp_v4_reqsk_destructor(struct request_sock *req)
891 kfree(inet_rsk(req)->opt);
895 * Return true if a syncookie should be sent
897 bool tcp_syn_flood_action(struct sock *sk,
898 const struct sk_buff *skb,
901 const char *msg = "Dropping request";
902 bool want_cookie = false;
903 struct listen_sock *lopt;
907 #ifdef CONFIG_SYN_COOKIES
908 if (sysctl_tcp_syncookies) {
909 msg = "Sending cookies";
911 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPREQQFULLDOCOOKIES);
914 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPREQQFULLDROP);
916 lopt = inet_csk(sk)->icsk_accept_queue.listen_opt;
917 if (!lopt->synflood_warned) {
918 lopt->synflood_warned = 1;
919 pr_info("%s: Possible SYN flooding on port %d. %s. Check SNMP counters.\n",
920 proto, ntohs(tcp_hdr(skb)->dest), msg);
924 EXPORT_SYMBOL(tcp_syn_flood_action);
927 * Save and compile IPv4 options into the request_sock if needed.
929 static struct ip_options_rcu *tcp_v4_save_options(struct sk_buff *skb)
931 const struct ip_options *opt = &(IPCB(skb)->opt);
932 struct ip_options_rcu *dopt = NULL;
934 if (opt && opt->optlen) {
935 int opt_size = sizeof(*dopt) + opt->optlen;
937 dopt = kmalloc(opt_size, GFP_ATOMIC);
939 if (ip_options_echo(&dopt->opt, skb)) {
948 #ifdef CONFIG_TCP_MD5SIG
950 * RFC2385 MD5 checksumming requires a mapping of
951 * IP address->MD5 Key.
952 * We need to maintain these in the sk structure.
955 /* Find the Key structure for an address. */
956 struct tcp_md5sig_key *tcp_md5_do_lookup(struct sock *sk,
957 const union tcp_md5_addr *addr,
960 struct tcp_sock *tp = tcp_sk(sk);
961 struct tcp_md5sig_key *key;
962 struct hlist_node *pos;
963 unsigned int size = sizeof(struct in_addr);
964 struct tcp_md5sig_info *md5sig;
966 /* caller either holds rcu_read_lock() or socket lock */
967 md5sig = rcu_dereference_check(tp->md5sig_info,
968 sock_owned_by_user(sk) ||
969 lockdep_is_held(&sk->sk_lock.slock));
972 #if IS_ENABLED(CONFIG_IPV6)
973 if (family == AF_INET6)
974 size = sizeof(struct in6_addr);
976 hlist_for_each_entry_rcu(key, pos, &md5sig->head, node) {
977 if (key->family != family)
979 if (!memcmp(&key->addr, addr, size))
984 EXPORT_SYMBOL(tcp_md5_do_lookup);
986 struct tcp_md5sig_key *tcp_v4_md5_lookup(struct sock *sk,
987 struct sock *addr_sk)
989 union tcp_md5_addr *addr;
991 addr = (union tcp_md5_addr *)&inet_sk(addr_sk)->inet_daddr;
992 return tcp_md5_do_lookup(sk, addr, AF_INET);
994 EXPORT_SYMBOL(tcp_v4_md5_lookup);
996 static struct tcp_md5sig_key *tcp_v4_reqsk_md5_lookup(struct sock *sk,
997 struct request_sock *req)
999 union tcp_md5_addr *addr;
1001 addr = (union tcp_md5_addr *)&inet_rsk(req)->rmt_addr;
1002 return tcp_md5_do_lookup(sk, addr, AF_INET);
1005 /* This can be called on a newly created socket, from other files */
1006 int tcp_md5_do_add(struct sock *sk, const union tcp_md5_addr *addr,
1007 int family, const u8 *newkey, u8 newkeylen, gfp_t gfp)
1009 /* Add Key to the list */
1010 struct tcp_md5sig_key *key;
1011 struct tcp_sock *tp = tcp_sk(sk);
1012 struct tcp_md5sig_info *md5sig;
1014 key = tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&addr, AF_INET);
1016 /* Pre-existing entry - just update that one. */
1017 memcpy(key->key, newkey, newkeylen);
1018 key->keylen = newkeylen;
1022 md5sig = rcu_dereference_protected(tp->md5sig_info,
1023 sock_owned_by_user(sk));
1025 md5sig = kmalloc(sizeof(*md5sig), gfp);
1029 sk_nocaps_add(sk, NETIF_F_GSO_MASK);
1030 INIT_HLIST_HEAD(&md5sig->head);
1031 rcu_assign_pointer(tp->md5sig_info, md5sig);
1034 key = sock_kmalloc(sk, sizeof(*key), gfp);
1037 if (hlist_empty(&md5sig->head) && !tcp_alloc_md5sig_pool(sk)) {
1038 sock_kfree_s(sk, key, sizeof(*key));
1042 memcpy(key->key, newkey, newkeylen);
1043 key->keylen = newkeylen;
1044 key->family = family;
1045 memcpy(&key->addr, addr,
1046 (family == AF_INET6) ? sizeof(struct in6_addr) :
1047 sizeof(struct in_addr));
1048 hlist_add_head_rcu(&key->node, &md5sig->head);
1051 EXPORT_SYMBOL(tcp_md5_do_add);
1053 int tcp_md5_do_del(struct sock *sk, const union tcp_md5_addr *addr, int family)
1055 struct tcp_sock *tp = tcp_sk(sk);
1056 struct tcp_md5sig_key *key;
1057 struct tcp_md5sig_info *md5sig;
1059 key = tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&addr, AF_INET);
1062 hlist_del_rcu(&key->node);
1063 atomic_sub(sizeof(*key), &sk->sk_omem_alloc);
1064 kfree_rcu(key, rcu);
1065 md5sig = rcu_dereference_protected(tp->md5sig_info,
1066 sock_owned_by_user(sk));
1067 if (hlist_empty(&md5sig->head))
1068 tcp_free_md5sig_pool();
1071 EXPORT_SYMBOL(tcp_md5_do_del);
1073 void tcp_clear_md5_list(struct sock *sk)
1075 struct tcp_sock *tp = tcp_sk(sk);
1076 struct tcp_md5sig_key *key;
1077 struct hlist_node *pos, *n;
1078 struct tcp_md5sig_info *md5sig;
1080 md5sig = rcu_dereference_protected(tp->md5sig_info, 1);
1082 if (!hlist_empty(&md5sig->head))
1083 tcp_free_md5sig_pool();
1084 hlist_for_each_entry_safe(key, pos, n, &md5sig->head, node) {
1085 hlist_del_rcu(&key->node);
1086 atomic_sub(sizeof(*key), &sk->sk_omem_alloc);
1087 kfree_rcu(key, rcu);
1091 static int tcp_v4_parse_md5_keys(struct sock *sk, char __user *optval,
1094 struct tcp_md5sig cmd;
1095 struct sockaddr_in *sin = (struct sockaddr_in *)&cmd.tcpm_addr;
1097 if (optlen < sizeof(cmd))
1100 if (copy_from_user(&cmd, optval, sizeof(cmd)))
1103 if (sin->sin_family != AF_INET)
1106 if (!cmd.tcpm_key || !cmd.tcpm_keylen)
1107 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin->sin_addr.s_addr,
1110 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
1113 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin->sin_addr.s_addr,
1114 AF_INET, cmd.tcpm_key, cmd.tcpm_keylen,
1118 static int tcp_v4_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
1119 __be32 daddr, __be32 saddr, int nbytes)
1121 struct tcp4_pseudohdr *bp;
1122 struct scatterlist sg;
1124 bp = &hp->md5_blk.ip4;
1127 * 1. the TCP pseudo-header (in the order: source IP address,
1128 * destination IP address, zero-padded protocol number, and
1134 bp->protocol = IPPROTO_TCP;
1135 bp->len = cpu_to_be16(nbytes);
1137 sg_init_one(&sg, bp, sizeof(*bp));
1138 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
1141 static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
1142 __be32 daddr, __be32 saddr, const struct tcphdr *th)
1144 struct tcp_md5sig_pool *hp;
1145 struct hash_desc *desc;
1147 hp = tcp_get_md5sig_pool();
1149 goto clear_hash_noput;
1150 desc = &hp->md5_desc;
1152 if (crypto_hash_init(desc))
1154 if (tcp_v4_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
1156 if (tcp_md5_hash_header(hp, th))
1158 if (tcp_md5_hash_key(hp, key))
1160 if (crypto_hash_final(desc, md5_hash))
1163 tcp_put_md5sig_pool();
1167 tcp_put_md5sig_pool();
1169 memset(md5_hash, 0, 16);
1173 int tcp_v4_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
1174 const struct sock *sk, const struct request_sock *req,
1175 const struct sk_buff *skb)
1177 struct tcp_md5sig_pool *hp;
1178 struct hash_desc *desc;
1179 const struct tcphdr *th = tcp_hdr(skb);
1180 __be32 saddr, daddr;
1183 saddr = inet_sk(sk)->inet_saddr;
1184 daddr = inet_sk(sk)->inet_daddr;
1186 saddr = inet_rsk(req)->loc_addr;
1187 daddr = inet_rsk(req)->rmt_addr;
1189 const struct iphdr *iph = ip_hdr(skb);
1194 hp = tcp_get_md5sig_pool();
1196 goto clear_hash_noput;
1197 desc = &hp->md5_desc;
1199 if (crypto_hash_init(desc))
1202 if (tcp_v4_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
1204 if (tcp_md5_hash_header(hp, th))
1206 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
1208 if (tcp_md5_hash_key(hp, key))
1210 if (crypto_hash_final(desc, md5_hash))
1213 tcp_put_md5sig_pool();
1217 tcp_put_md5sig_pool();
1219 memset(md5_hash, 0, 16);
1222 EXPORT_SYMBOL(tcp_v4_md5_hash_skb);
1224 static bool tcp_v4_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb)
1227 * This gets called for each TCP segment that arrives
1228 * so we want to be efficient.
1229 * We have 3 drop cases:
1230 * o No MD5 hash and one expected.
1231 * o MD5 hash and we're not expecting one.
1232 * o MD5 hash and its wrong.
1234 const __u8 *hash_location = NULL;
1235 struct tcp_md5sig_key *hash_expected;
1236 const struct iphdr *iph = ip_hdr(skb);
1237 const struct tcphdr *th = tcp_hdr(skb);
1239 unsigned char newhash[16];
1241 hash_expected = tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&iph->saddr,
1243 hash_location = tcp_parse_md5sig_option(th);
1245 /* We've parsed the options - do we have a hash? */
1246 if (!hash_expected && !hash_location)
1249 if (hash_expected && !hash_location) {
1250 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
1254 if (!hash_expected && hash_location) {
1255 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
1259 /* Okay, so this is hash_expected and hash_location -
1260 * so we need to calculate the checksum.
1262 genhash = tcp_v4_md5_hash_skb(newhash,
1266 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
1267 net_info_ratelimited("MD5 Hash failed for (%pI4, %d)->(%pI4, %d)%s\n",
1268 &iph->saddr, ntohs(th->source),
1269 &iph->daddr, ntohs(th->dest),
1270 genhash ? " tcp_v4_calc_md5_hash failed"
1279 struct request_sock_ops tcp_request_sock_ops __read_mostly = {
1281 .obj_size = sizeof(struct tcp_request_sock),
1282 .rtx_syn_ack = tcp_v4_rtx_synack,
1283 .send_ack = tcp_v4_reqsk_send_ack,
1284 .destructor = tcp_v4_reqsk_destructor,
1285 .send_reset = tcp_v4_send_reset,
1286 .syn_ack_timeout = tcp_syn_ack_timeout,
1289 #ifdef CONFIG_TCP_MD5SIG
1290 static const struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = {
1291 .md5_lookup = tcp_v4_reqsk_md5_lookup,
1292 .calc_md5_hash = tcp_v4_md5_hash_skb,
1296 static bool tcp_fastopen_check(struct sock *sk, struct sk_buff *skb,
1297 struct request_sock *req,
1298 struct tcp_fastopen_cookie *foc,
1299 struct tcp_fastopen_cookie *valid_foc)
1301 bool skip_cookie = false;
1302 struct fastopen_queue *fastopenq;
1304 if (likely(!fastopen_cookie_present(foc))) {
1305 /* See include/net/tcp.h for the meaning of these knobs */
1306 if ((sysctl_tcp_fastopen & TFO_SERVER_ALWAYS) ||
1307 ((sysctl_tcp_fastopen & TFO_SERVER_COOKIE_NOT_REQD) &&
1308 (TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq + 1)))
1309 skip_cookie = true; /* no cookie to validate */
1313 fastopenq = inet_csk(sk)->icsk_accept_queue.fastopenq;
1314 /* A FO option is present; bump the counter. */
1315 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPFASTOPENPASSIVE);
1317 /* Make sure the listener has enabled fastopen, and we don't
1318 * exceed the max # of pending TFO requests allowed before trying
1319 * to validating the cookie in order to avoid burning CPU cycles
1322 * XXX (TFO) - The implication of checking the max_qlen before
1323 * processing a cookie request is that clients can't differentiate
1324 * between qlen overflow causing Fast Open to be disabled
1325 * temporarily vs a server not supporting Fast Open at all.
1327 if ((sysctl_tcp_fastopen & TFO_SERVER_ENABLE) == 0 ||
1328 fastopenq == NULL || fastopenq->max_qlen == 0)
1331 if (fastopenq->qlen >= fastopenq->max_qlen) {
1332 struct request_sock *req1;
1333 spin_lock(&fastopenq->lock);
1334 req1 = fastopenq->rskq_rst_head;
1335 if ((req1 == NULL) || time_after(req1->expires, jiffies)) {
1336 spin_unlock(&fastopenq->lock);
1337 NET_INC_STATS_BH(sock_net(sk),
1338 LINUX_MIB_TCPFASTOPENLISTENOVERFLOW);
1339 /* Avoid bumping LINUX_MIB_TCPFASTOPENPASSIVEFAIL*/
1343 fastopenq->rskq_rst_head = req1->dl_next;
1345 spin_unlock(&fastopenq->lock);
1349 tcp_rsk(req)->rcv_nxt = TCP_SKB_CB(skb)->end_seq;
1352 if (foc->len == TCP_FASTOPEN_COOKIE_SIZE) {
1353 if ((sysctl_tcp_fastopen & TFO_SERVER_COOKIE_NOT_CHKED) == 0) {
1354 tcp_fastopen_cookie_gen(ip_hdr(skb)->saddr, valid_foc);
1355 if ((valid_foc->len != TCP_FASTOPEN_COOKIE_SIZE) ||
1356 memcmp(&foc->val[0], &valid_foc->val[0],
1357 TCP_FASTOPEN_COOKIE_SIZE) != 0)
1359 valid_foc->len = -1;
1361 /* Acknowledge the data received from the peer. */
1362 tcp_rsk(req)->rcv_nxt = TCP_SKB_CB(skb)->end_seq;
1364 } else if (foc->len == 0) { /* Client requesting a cookie */
1365 tcp_fastopen_cookie_gen(ip_hdr(skb)->saddr, valid_foc);
1366 NET_INC_STATS_BH(sock_net(sk),
1367 LINUX_MIB_TCPFASTOPENCOOKIEREQD);
1369 /* Client sent a cookie with wrong size. Treat it
1370 * the same as invalid and return a valid one.
1372 tcp_fastopen_cookie_gen(ip_hdr(skb)->saddr, valid_foc);
1377 static int tcp_v4_conn_req_fastopen(struct sock *sk,
1378 struct sk_buff *skb,
1379 struct sk_buff *skb_synack,
1380 struct request_sock *req,
1381 struct request_values *rvp)
1383 struct tcp_sock *tp = tcp_sk(sk);
1384 struct request_sock_queue *queue = &inet_csk(sk)->icsk_accept_queue;
1385 const struct inet_request_sock *ireq = inet_rsk(req);
1392 child = inet_csk(sk)->icsk_af_ops->syn_recv_sock(sk, skb, req, NULL);
1393 if (child == NULL) {
1394 NET_INC_STATS_BH(sock_net(sk),
1395 LINUX_MIB_TCPFASTOPENPASSIVEFAIL);
1396 kfree_skb(skb_synack);
1399 err = ip_build_and_send_pkt(skb_synack, sk, ireq->loc_addr,
1400 ireq->rmt_addr, ireq->opt);
1401 err = net_xmit_eval(err);
1403 tcp_rsk(req)->snt_synack = tcp_time_stamp;
1404 /* XXX (TFO) - is it ok to ignore error and continue? */
1406 spin_lock(&queue->fastopenq->lock);
1407 queue->fastopenq->qlen++;
1408 spin_unlock(&queue->fastopenq->lock);
1410 /* Initialize the child socket. Have to fix some values to take
1411 * into account the child is a Fast Open socket and is created
1412 * only out of the bits carried in the SYN packet.
1416 tp->fastopen_rsk = req;
1417 /* Do a hold on the listner sk so that if the listener is being
1418 * closed, the child that has been accepted can live on and still
1419 * access listen_lock.
1422 tcp_rsk(req)->listener = sk;
1424 /* RFC1323: The window in SYN & SYN/ACK segments is never
1425 * scaled. So correct it appropriately.
1427 tp->snd_wnd = ntohs(tcp_hdr(skb)->window);
1429 /* Activate the retrans timer so that SYNACK can be retransmitted.
1430 * The request socket is not added to the SYN table of the parent
1431 * because it's been added to the accept queue directly.
1433 inet_csk_reset_xmit_timer(child, ICSK_TIME_RETRANS,
1434 TCP_TIMEOUT_INIT, TCP_RTO_MAX);
1436 /* Add the child socket directly into the accept queue */
1437 inet_csk_reqsk_queue_add(sk, req, child);
1439 /* Now finish processing the fastopen child socket. */
1440 inet_csk(child)->icsk_af_ops->rebuild_header(child);
1441 tcp_init_congestion_control(child);
1442 tcp_mtup_init(child);
1443 tcp_init_buffer_space(child);
1444 tcp_init_metrics(child);
1446 /* Queue the data carried in the SYN packet. We need to first
1447 * bump skb's refcnt because the caller will attempt to free it.
1449 * XXX (TFO) - we honor a zero-payload TFO request for now.
1450 * (Any reason not to?)
1452 if (TCP_SKB_CB(skb)->end_seq == TCP_SKB_CB(skb)->seq + 1) {
1453 /* Don't queue the skb if there is no payload in SYN.
1454 * XXX (TFO) - How about SYN+FIN?
1456 tp->rcv_nxt = TCP_SKB_CB(skb)->end_seq;
1460 __skb_pull(skb, tcp_hdr(skb)->doff * 4);
1461 skb_set_owner_r(skb, child);
1462 __skb_queue_tail(&child->sk_receive_queue, skb);
1463 tp->rcv_nxt = TCP_SKB_CB(skb)->end_seq;
1464 tp->syn_data_acked = 1;
1466 sk->sk_data_ready(sk, 0);
1467 bh_unlock_sock(child);
1469 WARN_ON(req->sk == NULL);
1473 int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1475 struct tcp_extend_values tmp_ext;
1476 struct tcp_options_received tmp_opt;
1477 const u8 *hash_location;
1478 struct request_sock *req;
1479 struct inet_request_sock *ireq;
1480 struct tcp_sock *tp = tcp_sk(sk);
1481 struct dst_entry *dst = NULL;
1482 __be32 saddr = ip_hdr(skb)->saddr;
1483 __be32 daddr = ip_hdr(skb)->daddr;
1484 __u32 isn = TCP_SKB_CB(skb)->when;
1485 bool want_cookie = false;
1487 struct tcp_fastopen_cookie foc = { .len = -1 };
1488 struct tcp_fastopen_cookie valid_foc = { .len = -1 };
1489 struct sk_buff *skb_synack;
1492 /* Never answer to SYNs send to broadcast or multicast */
1493 if (skb_rtable(skb)->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))
1496 /* TW buckets are converted to open requests without
1497 * limitations, they conserve resources and peer is
1498 * evidently real one.
1500 if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1501 want_cookie = tcp_syn_flood_action(sk, skb, "TCP");
1506 /* Accept backlog is full. If we have already queued enough
1507 * of warm entries in syn queue, drop request. It is better than
1508 * clogging syn queue with openreqs with exponentially increasing
1511 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1514 req = inet_reqsk_alloc(&tcp_request_sock_ops);
1518 #ifdef CONFIG_TCP_MD5SIG
1519 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv4_ops;
1522 tcp_clear_options(&tmp_opt);
1523 tmp_opt.mss_clamp = TCP_MSS_DEFAULT;
1524 tmp_opt.user_mss = tp->rx_opt.user_mss;
1525 tcp_parse_options(skb, &tmp_opt, &hash_location, 0,
1526 want_cookie ? NULL : &foc);
1528 if (tmp_opt.cookie_plus > 0 &&
1529 tmp_opt.saw_tstamp &&
1530 !tp->rx_opt.cookie_out_never &&
1531 (sysctl_tcp_cookie_size > 0 ||
1532 (tp->cookie_values != NULL &&
1533 tp->cookie_values->cookie_desired > 0))) {
1535 u32 *mess = &tmp_ext.cookie_bakery[COOKIE_DIGEST_WORDS];
1536 int l = tmp_opt.cookie_plus - TCPOLEN_COOKIE_BASE;
1538 if (tcp_cookie_generator(&tmp_ext.cookie_bakery[0]) != 0)
1539 goto drop_and_release;
1541 /* Secret recipe starts with IP addresses */
1542 *mess++ ^= (__force u32)daddr;
1543 *mess++ ^= (__force u32)saddr;
1545 /* plus variable length Initiator Cookie */
1548 *c++ ^= *hash_location++;
1550 want_cookie = false; /* not our kind of cookie */
1551 tmp_ext.cookie_out_never = 0; /* false */
1552 tmp_ext.cookie_plus = tmp_opt.cookie_plus;
1553 } else if (!tp->rx_opt.cookie_in_always) {
1554 /* redundant indications, but ensure initialization. */
1555 tmp_ext.cookie_out_never = 1; /* true */
1556 tmp_ext.cookie_plus = 0;
1558 goto drop_and_release;
1560 tmp_ext.cookie_in_always = tp->rx_opt.cookie_in_always;
1562 if (want_cookie && !tmp_opt.saw_tstamp)
1563 tcp_clear_options(&tmp_opt);
1565 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1566 tcp_openreq_init(req, &tmp_opt, skb);
1568 ireq = inet_rsk(req);
1569 ireq->loc_addr = daddr;
1570 ireq->rmt_addr = saddr;
1571 ireq->no_srccheck = inet_sk(sk)->transparent;
1572 ireq->opt = tcp_v4_save_options(skb);
1574 if (security_inet_conn_request(sk, skb, req))
1577 if (!want_cookie || tmp_opt.tstamp_ok)
1578 TCP_ECN_create_request(req, skb);
1581 isn = cookie_v4_init_sequence(sk, skb, &req->mss);
1582 req->cookie_ts = tmp_opt.tstamp_ok;
1584 /* VJ's idea. We save last timestamp seen
1585 * from the destination in peer table, when entering
1586 * state TIME-WAIT, and check against it before
1587 * accepting new connection request.
1589 * If "isn" is not zero, this request hit alive
1590 * timewait bucket, so that all the necessary checks
1591 * are made in the function processing timewait state.
1593 if (tmp_opt.saw_tstamp &&
1594 tcp_death_row.sysctl_tw_recycle &&
1595 (dst = inet_csk_route_req(sk, &fl4, req)) != NULL &&
1596 fl4.daddr == saddr) {
1597 if (!tcp_peer_is_proven(req, dst, true)) {
1598 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSPASSIVEREJECTED);
1599 goto drop_and_release;
1602 /* Kill the following clause, if you dislike this way. */
1603 else if (!sysctl_tcp_syncookies &&
1604 (sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) <
1605 (sysctl_max_syn_backlog >> 2)) &&
1606 !tcp_peer_is_proven(req, dst, false)) {
1607 /* Without syncookies last quarter of
1608 * backlog is filled with destinations,
1609 * proven to be alive.
1610 * It means that we continue to communicate
1611 * to destinations, already remembered
1612 * to the moment of synflood.
1614 LIMIT_NETDEBUG(KERN_DEBUG pr_fmt("drop open request from %pI4/%u\n"),
1615 &saddr, ntohs(tcp_hdr(skb)->source));
1616 goto drop_and_release;
1619 isn = tcp_v4_init_sequence(skb);
1621 tcp_rsk(req)->snt_isn = isn;
1624 dst = inet_csk_route_req(sk, &fl4, req);
1628 do_fastopen = tcp_fastopen_check(sk, skb, req, &foc, &valid_foc);
1630 /* We don't call tcp_v4_send_synack() directly because we need
1631 * to make sure a child socket can be created successfully before
1632 * sending back synack!
1634 * XXX (TFO) - Ideally one would simply call tcp_v4_send_synack()
1635 * (or better yet, call tcp_send_synack() in the child context
1636 * directly, but will have to fix bunch of other code first)
1637 * after syn_recv_sock() except one will need to first fix the
1638 * latter to remove its dependency on the current implementation
1639 * of tcp_v4_send_synack()->tcp_select_initial_window().
1641 skb_synack = tcp_make_synack(sk, dst, req,
1642 (struct request_values *)&tmp_ext,
1643 fastopen_cookie_present(&valid_foc) ? &valid_foc : NULL);
1646 __tcp_v4_send_check(skb_synack, ireq->loc_addr, ireq->rmt_addr);
1647 skb_set_queue_mapping(skb_synack, skb_get_queue_mapping(skb));
1651 if (likely(!do_fastopen)) {
1653 err = ip_build_and_send_pkt(skb_synack, sk, ireq->loc_addr,
1654 ireq->rmt_addr, ireq->opt);
1655 err = net_xmit_eval(err);
1656 if (err || want_cookie)
1659 tcp_rsk(req)->snt_synack = tcp_time_stamp;
1660 tcp_rsk(req)->listener = NULL;
1661 /* Add the request_sock to the SYN table */
1662 inet_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1663 if (fastopen_cookie_present(&foc) && foc.len != 0)
1664 NET_INC_STATS_BH(sock_net(sk),
1665 LINUX_MIB_TCPFASTOPENPASSIVEFAIL);
1666 } else if (tcp_v4_conn_req_fastopen(sk, skb, skb_synack, req,
1667 (struct request_values *)&tmp_ext))
1679 EXPORT_SYMBOL(tcp_v4_conn_request);
1683 * The three way handshake has completed - we got a valid synack -
1684 * now create the new socket.
1686 struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1687 struct request_sock *req,
1688 struct dst_entry *dst)
1690 struct inet_request_sock *ireq;
1691 struct inet_sock *newinet;
1692 struct tcp_sock *newtp;
1694 #ifdef CONFIG_TCP_MD5SIG
1695 struct tcp_md5sig_key *key;
1697 struct ip_options_rcu *inet_opt;
1699 if (sk_acceptq_is_full(sk))
1702 newsk = tcp_create_openreq_child(sk, req, skb);
1706 newsk->sk_gso_type = SKB_GSO_TCPV4;
1707 inet_sk_rx_dst_set(newsk, skb);
1709 newtp = tcp_sk(newsk);
1710 newinet = inet_sk(newsk);
1711 ireq = inet_rsk(req);
1712 newinet->inet_daddr = ireq->rmt_addr;
1713 newinet->inet_rcv_saddr = ireq->loc_addr;
1714 newinet->inet_saddr = ireq->loc_addr;
1715 inet_opt = ireq->opt;
1716 rcu_assign_pointer(newinet->inet_opt, inet_opt);
1718 newinet->mc_index = inet_iif(skb);
1719 newinet->mc_ttl = ip_hdr(skb)->ttl;
1720 newinet->rcv_tos = ip_hdr(skb)->tos;
1721 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1723 inet_csk(newsk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
1724 newinet->inet_id = newtp->write_seq ^ jiffies;
1727 dst = inet_csk_route_child_sock(sk, newsk, req);
1731 /* syncookie case : see end of cookie_v4_check() */
1733 sk_setup_caps(newsk, dst);
1735 tcp_mtup_init(newsk);
1736 tcp_sync_mss(newsk, dst_mtu(dst));
1737 newtp->advmss = dst_metric_advmss(dst);
1738 if (tcp_sk(sk)->rx_opt.user_mss &&
1739 tcp_sk(sk)->rx_opt.user_mss < newtp->advmss)
1740 newtp->advmss = tcp_sk(sk)->rx_opt.user_mss;
1742 tcp_initialize_rcv_mss(newsk);
1743 tcp_synack_rtt_meas(newsk, req);
1744 newtp->total_retrans = req->retrans;
1746 #ifdef CONFIG_TCP_MD5SIG
1747 /* Copy over the MD5 key from the original socket */
1748 key = tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&newinet->inet_daddr,
1752 * We're using one, so create a matching key
1753 * on the newsk structure. If we fail to get
1754 * memory, then we end up not copying the key
1757 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newinet->inet_daddr,
1758 AF_INET, key->key, key->keylen, GFP_ATOMIC);
1759 sk_nocaps_add(newsk, NETIF_F_GSO_MASK);
1763 if (__inet_inherit_port(sk, newsk) < 0)
1765 __inet_hash_nolisten(newsk, NULL);
1770 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1774 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1777 tcp_clear_xmit_timers(newsk);
1778 tcp_cleanup_congestion_control(newsk);
1779 bh_unlock_sock(newsk);
1783 EXPORT_SYMBOL(tcp_v4_syn_recv_sock);
1785 static struct sock *tcp_v4_hnd_req(struct sock *sk, struct sk_buff *skb)
1787 struct tcphdr *th = tcp_hdr(skb);
1788 const struct iphdr *iph = ip_hdr(skb);
1790 struct request_sock **prev;
1791 /* Find possible connection requests. */
1792 struct request_sock *req = inet_csk_search_req(sk, &prev, th->source,
1793 iph->saddr, iph->daddr);
1795 return tcp_check_req(sk, skb, req, prev, false);
1797 nsk = inet_lookup_established(sock_net(sk), &tcp_hashinfo, iph->saddr,
1798 th->source, iph->daddr, th->dest, inet_iif(skb));
1801 if (nsk->sk_state != TCP_TIME_WAIT) {
1805 inet_twsk_put(inet_twsk(nsk));
1809 #ifdef CONFIG_SYN_COOKIES
1811 sk = cookie_v4_check(sk, skb, &(IPCB(skb)->opt));
1816 static __sum16 tcp_v4_checksum_init(struct sk_buff *skb)
1818 const struct iphdr *iph = ip_hdr(skb);
1820 if (skb->ip_summed == CHECKSUM_COMPLETE) {
1821 if (!tcp_v4_check(skb->len, iph->saddr,
1822 iph->daddr, skb->csum)) {
1823 skb->ip_summed = CHECKSUM_UNNECESSARY;
1828 skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr,
1829 skb->len, IPPROTO_TCP, 0);
1831 if (skb->len <= 76) {
1832 return __skb_checksum_complete(skb);
1838 /* The socket must have it's spinlock held when we get
1841 * We have a potential double-lock case here, so even when
1842 * doing backlog processing we use the BH locking scheme.
1843 * This is because we cannot sleep with the original spinlock
1846 int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
1849 #ifdef CONFIG_TCP_MD5SIG
1851 * We really want to reject the packet as early as possible
1853 * o We're expecting an MD5'd packet and this is no MD5 tcp option
1854 * o There is an MD5 option and we're not expecting one
1856 if (tcp_v4_inbound_md5_hash(sk, skb))
1860 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1861 struct dst_entry *dst = sk->sk_rx_dst;
1863 sock_rps_save_rxhash(sk, skb);
1865 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
1866 dst->ops->check(dst, 0) == NULL) {
1868 sk->sk_rx_dst = NULL;
1871 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) {
1878 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1881 if (sk->sk_state == TCP_LISTEN) {
1882 struct sock *nsk = tcp_v4_hnd_req(sk, skb);
1887 sock_rps_save_rxhash(nsk, skb);
1888 if (tcp_child_process(sk, nsk, skb)) {
1895 sock_rps_save_rxhash(sk, skb);
1897 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) {
1904 tcp_v4_send_reset(rsk, skb);
1907 /* Be careful here. If this function gets more complicated and
1908 * gcc suffers from register pressure on the x86, sk (in %ebx)
1909 * might be destroyed here. This current version compiles correctly,
1910 * but you have been warned.
1915 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1918 EXPORT_SYMBOL(tcp_v4_do_rcv);
1920 void tcp_v4_early_demux(struct sk_buff *skb)
1922 struct net *net = dev_net(skb->dev);
1923 const struct iphdr *iph;
1924 const struct tcphdr *th;
1927 if (skb->pkt_type != PACKET_HOST)
1930 if (!pskb_may_pull(skb, ip_hdrlen(skb) + sizeof(struct tcphdr)))
1934 th = (struct tcphdr *) ((char *)iph + ip_hdrlen(skb));
1936 if (th->doff < sizeof(struct tcphdr) / 4)
1939 sk = __inet_lookup_established(net, &tcp_hashinfo,
1940 iph->saddr, th->source,
1941 iph->daddr, ntohs(th->dest),
1945 skb->destructor = sock_edemux;
1946 if (sk->sk_state != TCP_TIME_WAIT) {
1947 struct dst_entry *dst = sk->sk_rx_dst;
1950 dst = dst_check(dst, 0);
1952 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
1953 skb_dst_set_noref(skb, dst);
1962 int tcp_v4_rcv(struct sk_buff *skb)
1964 const struct iphdr *iph;
1965 const struct tcphdr *th;
1968 struct net *net = dev_net(skb->dev);
1970 if (skb->pkt_type != PACKET_HOST)
1973 /* Count it even if it's bad */
1974 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1976 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1981 if (th->doff < sizeof(struct tcphdr) / 4)
1983 if (!pskb_may_pull(skb, th->doff * 4))
1986 /* An explanation is required here, I think.
1987 * Packet length and doff are validated by header prediction,
1988 * provided case of th->doff==0 is eliminated.
1989 * So, we defer the checks. */
1990 if (!skb_csum_unnecessary(skb) && tcp_v4_checksum_init(skb))
1995 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1996 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1997 skb->len - th->doff * 4);
1998 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1999 TCP_SKB_CB(skb)->when = 0;
2000 TCP_SKB_CB(skb)->ip_dsfield = ipv4_get_dsfield(iph);
2001 TCP_SKB_CB(skb)->sacked = 0;
2003 sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
2008 if (sk->sk_state == TCP_TIME_WAIT)
2011 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
2012 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
2013 goto discard_and_relse;
2016 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
2017 goto discard_and_relse;
2020 if (sk_filter(sk, skb))
2021 goto discard_and_relse;
2025 bh_lock_sock_nested(sk);
2027 if (!sock_owned_by_user(sk)) {
2028 #ifdef CONFIG_NET_DMA
2029 struct tcp_sock *tp = tcp_sk(sk);
2030 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
2031 tp->ucopy.dma_chan = net_dma_find_channel();
2032 if (tp->ucopy.dma_chan)
2033 ret = tcp_v4_do_rcv(sk, skb);
2037 if (!tcp_prequeue(sk, skb))
2038 ret = tcp_v4_do_rcv(sk, skb);
2040 } else if (unlikely(sk_add_backlog(sk, skb,
2041 sk->sk_rcvbuf + sk->sk_sndbuf))) {
2043 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP);
2044 goto discard_and_relse;
2053 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
2056 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) {
2058 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
2060 tcp_v4_send_reset(NULL, skb);
2064 /* Discard frame. */
2073 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
2074 inet_twsk_put(inet_twsk(sk));
2078 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) {
2079 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
2080 inet_twsk_put(inet_twsk(sk));
2083 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
2085 struct sock *sk2 = inet_lookup_listener(dev_net(skb->dev),
2087 iph->daddr, th->dest,
2090 inet_twsk_deschedule(inet_twsk(sk), &tcp_death_row);
2091 inet_twsk_put(inet_twsk(sk));
2095 /* Fall through to ACK */
2098 tcp_v4_timewait_ack(sk, skb);
2102 case TCP_TW_SUCCESS:;
2107 static struct timewait_sock_ops tcp_timewait_sock_ops = {
2108 .twsk_obj_size = sizeof(struct tcp_timewait_sock),
2109 .twsk_unique = tcp_twsk_unique,
2110 .twsk_destructor= tcp_twsk_destructor,
2113 void inet_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
2115 struct dst_entry *dst = skb_dst(skb);
2118 sk->sk_rx_dst = dst;
2119 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
2121 EXPORT_SYMBOL(inet_sk_rx_dst_set);
2123 const struct inet_connection_sock_af_ops ipv4_specific = {
2124 .queue_xmit = ip_queue_xmit,
2125 .send_check = tcp_v4_send_check,
2126 .rebuild_header = inet_sk_rebuild_header,
2127 .sk_rx_dst_set = inet_sk_rx_dst_set,
2128 .conn_request = tcp_v4_conn_request,
2129 .syn_recv_sock = tcp_v4_syn_recv_sock,
2130 .net_header_len = sizeof(struct iphdr),
2131 .setsockopt = ip_setsockopt,
2132 .getsockopt = ip_getsockopt,
2133 .addr2sockaddr = inet_csk_addr2sockaddr,
2134 .sockaddr_len = sizeof(struct sockaddr_in),
2135 .bind_conflict = inet_csk_bind_conflict,
2136 #ifdef CONFIG_COMPAT
2137 .compat_setsockopt = compat_ip_setsockopt,
2138 .compat_getsockopt = compat_ip_getsockopt,
2141 EXPORT_SYMBOL(ipv4_specific);
2143 #ifdef CONFIG_TCP_MD5SIG
2144 static const struct tcp_sock_af_ops tcp_sock_ipv4_specific = {
2145 .md5_lookup = tcp_v4_md5_lookup,
2146 .calc_md5_hash = tcp_v4_md5_hash_skb,
2147 .md5_parse = tcp_v4_parse_md5_keys,
2151 /* NOTE: A lot of things set to zero explicitly by call to
2152 * sk_alloc() so need not be done here.
2154 static int tcp_v4_init_sock(struct sock *sk)
2156 struct inet_connection_sock *icsk = inet_csk(sk);
2160 icsk->icsk_af_ops = &ipv4_specific;
2162 #ifdef CONFIG_TCP_MD5SIG
2163 tcp_sk(sk)->af_specific = &tcp_sock_ipv4_specific;
2169 void tcp_v4_destroy_sock(struct sock *sk)
2171 struct tcp_sock *tp = tcp_sk(sk);
2173 tcp_clear_xmit_timers(sk);
2175 tcp_cleanup_congestion_control(sk);
2177 /* Cleanup up the write buffer. */
2178 tcp_write_queue_purge(sk);
2180 /* Cleans up our, hopefully empty, out_of_order_queue. */
2181 __skb_queue_purge(&tp->out_of_order_queue);
2183 #ifdef CONFIG_TCP_MD5SIG
2184 /* Clean up the MD5 key list, if any */
2185 if (tp->md5sig_info) {
2186 tcp_clear_md5_list(sk);
2187 kfree_rcu(tp->md5sig_info, rcu);
2188 tp->md5sig_info = NULL;
2192 #ifdef CONFIG_NET_DMA
2193 /* Cleans up our sk_async_wait_queue */
2194 __skb_queue_purge(&sk->sk_async_wait_queue);
2197 /* Clean prequeue, it must be empty really */
2198 __skb_queue_purge(&tp->ucopy.prequeue);
2200 /* Clean up a referenced TCP bind bucket. */
2201 if (inet_csk(sk)->icsk_bind_hash)
2204 /* TCP Cookie Transactions */
2205 if (tp->cookie_values != NULL) {
2206 kref_put(&tp->cookie_values->kref,
2207 tcp_cookie_values_release);
2208 tp->cookie_values = NULL;
2210 BUG_ON(tp->fastopen_rsk != NULL);
2212 /* If socket is aborted during connect operation */
2213 tcp_free_fastopen_req(tp);
2215 sk_sockets_allocated_dec(sk);
2216 sock_release_memcg(sk);
2218 EXPORT_SYMBOL(tcp_v4_destroy_sock);
2220 #ifdef CONFIG_PROC_FS
2221 /* Proc filesystem TCP sock list dumping. */
2223 static inline struct inet_timewait_sock *tw_head(struct hlist_nulls_head *head)
2225 return hlist_nulls_empty(head) ? NULL :
2226 list_entry(head->first, struct inet_timewait_sock, tw_node);
2229 static inline struct inet_timewait_sock *tw_next(struct inet_timewait_sock *tw)
2231 return !is_a_nulls(tw->tw_node.next) ?
2232 hlist_nulls_entry(tw->tw_node.next, typeof(*tw), tw_node) : NULL;
2236 * Get next listener socket follow cur. If cur is NULL, get first socket
2237 * starting from bucket given in st->bucket; when st->bucket is zero the
2238 * very first socket in the hash table is returned.
2240 static void *listening_get_next(struct seq_file *seq, void *cur)
2242 struct inet_connection_sock *icsk;
2243 struct hlist_nulls_node *node;
2244 struct sock *sk = cur;
2245 struct inet_listen_hashbucket *ilb;
2246 struct tcp_iter_state *st = seq->private;
2247 struct net *net = seq_file_net(seq);
2250 ilb = &tcp_hashinfo.listening_hash[st->bucket];
2251 spin_lock_bh(&ilb->lock);
2252 sk = sk_nulls_head(&ilb->head);
2256 ilb = &tcp_hashinfo.listening_hash[st->bucket];
2260 if (st->state == TCP_SEQ_STATE_OPENREQ) {
2261 struct request_sock *req = cur;
2263 icsk = inet_csk(st->syn_wait_sk);
2267 if (req->rsk_ops->family == st->family) {
2273 if (++st->sbucket >= icsk->icsk_accept_queue.listen_opt->nr_table_entries)
2276 req = icsk->icsk_accept_queue.listen_opt->syn_table[st->sbucket];
2278 sk = sk_nulls_next(st->syn_wait_sk);
2279 st->state = TCP_SEQ_STATE_LISTENING;
2280 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2282 icsk = inet_csk(sk);
2283 read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2284 if (reqsk_queue_len(&icsk->icsk_accept_queue))
2286 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2287 sk = sk_nulls_next(sk);
2290 sk_nulls_for_each_from(sk, node) {
2291 if (!net_eq(sock_net(sk), net))
2293 if (sk->sk_family == st->family) {
2297 icsk = inet_csk(sk);
2298 read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2299 if (reqsk_queue_len(&icsk->icsk_accept_queue)) {
2301 st->uid = sock_i_uid(sk);
2302 st->syn_wait_sk = sk;
2303 st->state = TCP_SEQ_STATE_OPENREQ;
2307 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2309 spin_unlock_bh(&ilb->lock);
2311 if (++st->bucket < INET_LHTABLE_SIZE) {
2312 ilb = &tcp_hashinfo.listening_hash[st->bucket];
2313 spin_lock_bh(&ilb->lock);
2314 sk = sk_nulls_head(&ilb->head);
2322 static void *listening_get_idx(struct seq_file *seq, loff_t *pos)
2324 struct tcp_iter_state *st = seq->private;
2329 rc = listening_get_next(seq, NULL);
2331 while (rc && *pos) {
2332 rc = listening_get_next(seq, rc);
2338 static inline bool empty_bucket(struct tcp_iter_state *st)
2340 return hlist_nulls_empty(&tcp_hashinfo.ehash[st->bucket].chain) &&
2341 hlist_nulls_empty(&tcp_hashinfo.ehash[st->bucket].twchain);
2345 * Get first established socket starting from bucket given in st->bucket.
2346 * If st->bucket is zero, the very first socket in the hash is returned.
2348 static void *established_get_first(struct seq_file *seq)
2350 struct tcp_iter_state *st = seq->private;
2351 struct net *net = seq_file_net(seq);
2355 for (; st->bucket <= tcp_hashinfo.ehash_mask; ++st->bucket) {
2357 struct hlist_nulls_node *node;
2358 struct inet_timewait_sock *tw;
2359 spinlock_t *lock = inet_ehash_lockp(&tcp_hashinfo, st->bucket);
2361 /* Lockless fast path for the common case of empty buckets */
2362 if (empty_bucket(st))
2366 sk_nulls_for_each(sk, node, &tcp_hashinfo.ehash[st->bucket].chain) {
2367 if (sk->sk_family != st->family ||
2368 !net_eq(sock_net(sk), net)) {
2374 st->state = TCP_SEQ_STATE_TIME_WAIT;
2375 inet_twsk_for_each(tw, node,
2376 &tcp_hashinfo.ehash[st->bucket].twchain) {
2377 if (tw->tw_family != st->family ||
2378 !net_eq(twsk_net(tw), net)) {
2384 spin_unlock_bh(lock);
2385 st->state = TCP_SEQ_STATE_ESTABLISHED;
2391 static void *established_get_next(struct seq_file *seq, void *cur)
2393 struct sock *sk = cur;
2394 struct inet_timewait_sock *tw;
2395 struct hlist_nulls_node *node;
2396 struct tcp_iter_state *st = seq->private;
2397 struct net *net = seq_file_net(seq);
2402 if (st->state == TCP_SEQ_STATE_TIME_WAIT) {
2406 while (tw && (tw->tw_family != st->family || !net_eq(twsk_net(tw), net))) {
2413 spin_unlock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2414 st->state = TCP_SEQ_STATE_ESTABLISHED;
2416 /* Look for next non empty bucket */
2418 while (++st->bucket <= tcp_hashinfo.ehash_mask &&
2421 if (st->bucket > tcp_hashinfo.ehash_mask)
2424 spin_lock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2425 sk = sk_nulls_head(&tcp_hashinfo.ehash[st->bucket].chain);
2427 sk = sk_nulls_next(sk);
2429 sk_nulls_for_each_from(sk, node) {
2430 if (sk->sk_family == st->family && net_eq(sock_net(sk), net))
2434 st->state = TCP_SEQ_STATE_TIME_WAIT;
2435 tw = tw_head(&tcp_hashinfo.ehash[st->bucket].twchain);
2443 static void *established_get_idx(struct seq_file *seq, loff_t pos)
2445 struct tcp_iter_state *st = seq->private;
2449 rc = established_get_first(seq);
2452 rc = established_get_next(seq, rc);
2458 static void *tcp_get_idx(struct seq_file *seq, loff_t pos)
2461 struct tcp_iter_state *st = seq->private;
2463 st->state = TCP_SEQ_STATE_LISTENING;
2464 rc = listening_get_idx(seq, &pos);
2467 st->state = TCP_SEQ_STATE_ESTABLISHED;
2468 rc = established_get_idx(seq, pos);
2474 static void *tcp_seek_last_pos(struct seq_file *seq)
2476 struct tcp_iter_state *st = seq->private;
2477 int offset = st->offset;
2478 int orig_num = st->num;
2481 switch (st->state) {
2482 case TCP_SEQ_STATE_OPENREQ:
2483 case TCP_SEQ_STATE_LISTENING:
2484 if (st->bucket >= INET_LHTABLE_SIZE)
2486 st->state = TCP_SEQ_STATE_LISTENING;
2487 rc = listening_get_next(seq, NULL);
2488 while (offset-- && rc)
2489 rc = listening_get_next(seq, rc);
2494 case TCP_SEQ_STATE_ESTABLISHED:
2495 case TCP_SEQ_STATE_TIME_WAIT:
2496 st->state = TCP_SEQ_STATE_ESTABLISHED;
2497 if (st->bucket > tcp_hashinfo.ehash_mask)
2499 rc = established_get_first(seq);
2500 while (offset-- && rc)
2501 rc = established_get_next(seq, rc);
2509 static void *tcp_seq_start(struct seq_file *seq, loff_t *pos)
2511 struct tcp_iter_state *st = seq->private;
2514 if (*pos && *pos == st->last_pos) {
2515 rc = tcp_seek_last_pos(seq);
2520 st->state = TCP_SEQ_STATE_LISTENING;
2524 rc = *pos ? tcp_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2527 st->last_pos = *pos;
2531 static void *tcp_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2533 struct tcp_iter_state *st = seq->private;
2536 if (v == SEQ_START_TOKEN) {
2537 rc = tcp_get_idx(seq, 0);
2541 switch (st->state) {
2542 case TCP_SEQ_STATE_OPENREQ:
2543 case TCP_SEQ_STATE_LISTENING:
2544 rc = listening_get_next(seq, v);
2546 st->state = TCP_SEQ_STATE_ESTABLISHED;
2549 rc = established_get_first(seq);
2552 case TCP_SEQ_STATE_ESTABLISHED:
2553 case TCP_SEQ_STATE_TIME_WAIT:
2554 rc = established_get_next(seq, v);
2559 st->last_pos = *pos;
2563 static void tcp_seq_stop(struct seq_file *seq, void *v)
2565 struct tcp_iter_state *st = seq->private;
2567 switch (st->state) {
2568 case TCP_SEQ_STATE_OPENREQ:
2570 struct inet_connection_sock *icsk = inet_csk(st->syn_wait_sk);
2571 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2573 case TCP_SEQ_STATE_LISTENING:
2574 if (v != SEQ_START_TOKEN)
2575 spin_unlock_bh(&tcp_hashinfo.listening_hash[st->bucket].lock);
2577 case TCP_SEQ_STATE_TIME_WAIT:
2578 case TCP_SEQ_STATE_ESTABLISHED:
2580 spin_unlock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2585 int tcp_seq_open(struct inode *inode, struct file *file)
2587 struct tcp_seq_afinfo *afinfo = PDE(inode)->data;
2588 struct tcp_iter_state *s;
2591 err = seq_open_net(inode, file, &afinfo->seq_ops,
2592 sizeof(struct tcp_iter_state));
2596 s = ((struct seq_file *)file->private_data)->private;
2597 s->family = afinfo->family;
2601 EXPORT_SYMBOL(tcp_seq_open);
2603 int tcp_proc_register(struct net *net, struct tcp_seq_afinfo *afinfo)
2606 struct proc_dir_entry *p;
2608 afinfo->seq_ops.start = tcp_seq_start;
2609 afinfo->seq_ops.next = tcp_seq_next;
2610 afinfo->seq_ops.stop = tcp_seq_stop;
2612 p = proc_create_data(afinfo->name, S_IRUGO, net->proc_net,
2613 afinfo->seq_fops, afinfo);
2618 EXPORT_SYMBOL(tcp_proc_register);
2620 void tcp_proc_unregister(struct net *net, struct tcp_seq_afinfo *afinfo)
2622 proc_net_remove(net, afinfo->name);
2624 EXPORT_SYMBOL(tcp_proc_unregister);
2626 static void get_openreq4(const struct sock *sk, const struct request_sock *req,
2627 struct seq_file *f, int i, kuid_t uid, int *len)
2629 const struct inet_request_sock *ireq = inet_rsk(req);
2630 long delta = req->expires - jiffies;
2632 seq_printf(f, "%4d: %08X:%04X %08X:%04X"
2633 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %u %d %pK%n",
2636 ntohs(inet_sk(sk)->inet_sport),
2638 ntohs(ireq->rmt_port),
2640 0, 0, /* could print option size, but that is af dependent. */
2641 1, /* timers active (only the expire timer) */
2642 jiffies_delta_to_clock_t(delta),
2644 from_kuid_munged(seq_user_ns(f), uid),
2645 0, /* non standard timer */
2646 0, /* open_requests have no inode */
2647 atomic_read(&sk->sk_refcnt),
2652 static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
2655 unsigned long timer_expires;
2656 const struct tcp_sock *tp = tcp_sk(sk);
2657 const struct inet_connection_sock *icsk = inet_csk(sk);
2658 const struct inet_sock *inet = inet_sk(sk);
2659 struct fastopen_queue *fastopenq = icsk->icsk_accept_queue.fastopenq;
2660 __be32 dest = inet->inet_daddr;
2661 __be32 src = inet->inet_rcv_saddr;
2662 __u16 destp = ntohs(inet->inet_dport);
2663 __u16 srcp = ntohs(inet->inet_sport);
2666 if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
2668 timer_expires = icsk->icsk_timeout;
2669 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2671 timer_expires = icsk->icsk_timeout;
2672 } else if (timer_pending(&sk->sk_timer)) {
2674 timer_expires = sk->sk_timer.expires;
2677 timer_expires = jiffies;
2680 if (sk->sk_state == TCP_LISTEN)
2681 rx_queue = sk->sk_ack_backlog;
2684 * because we dont lock socket, we might find a transient negative value
2686 rx_queue = max_t(int, tp->rcv_nxt - tp->copied_seq, 0);
2688 seq_printf(f, "%4d: %08X:%04X %08X:%04X %02X %08X:%08X %02X:%08lX "
2689 "%08X %5d %8d %lu %d %pK %lu %lu %u %u %d%n",
2690 i, src, srcp, dest, destp, sk->sk_state,
2691 tp->write_seq - tp->snd_una,
2694 jiffies_delta_to_clock_t(timer_expires - jiffies),
2695 icsk->icsk_retransmits,
2696 from_kuid_munged(seq_user_ns(f), sock_i_uid(sk)),
2697 icsk->icsk_probes_out,
2699 atomic_read(&sk->sk_refcnt), sk,
2700 jiffies_to_clock_t(icsk->icsk_rto),
2701 jiffies_to_clock_t(icsk->icsk_ack.ato),
2702 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
2704 sk->sk_state == TCP_LISTEN ?
2705 (fastopenq ? fastopenq->max_qlen : 0) :
2706 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh),
2710 static void get_timewait4_sock(const struct inet_timewait_sock *tw,
2711 struct seq_file *f, int i, int *len)
2715 long delta = tw->tw_ttd - jiffies;
2717 dest = tw->tw_daddr;
2718 src = tw->tw_rcv_saddr;
2719 destp = ntohs(tw->tw_dport);
2720 srcp = ntohs(tw->tw_sport);
2722 seq_printf(f, "%4d: %08X:%04X %08X:%04X"
2723 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK%n",
2724 i, src, srcp, dest, destp, tw->tw_substate, 0, 0,
2725 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
2726 atomic_read(&tw->tw_refcnt), tw, len);
2731 static int tcp4_seq_show(struct seq_file *seq, void *v)
2733 struct tcp_iter_state *st;
2736 if (v == SEQ_START_TOKEN) {
2737 seq_printf(seq, "%-*s\n", TMPSZ - 1,
2738 " sl local_address rem_address st tx_queue "
2739 "rx_queue tr tm->when retrnsmt uid timeout "
2745 switch (st->state) {
2746 case TCP_SEQ_STATE_LISTENING:
2747 case TCP_SEQ_STATE_ESTABLISHED:
2748 get_tcp4_sock(v, seq, st->num, &len);
2750 case TCP_SEQ_STATE_OPENREQ:
2751 get_openreq4(st->syn_wait_sk, v, seq, st->num, st->uid, &len);
2753 case TCP_SEQ_STATE_TIME_WAIT:
2754 get_timewait4_sock(v, seq, st->num, &len);
2757 seq_printf(seq, "%*s\n", TMPSZ - 1 - len, "");
2762 static const struct file_operations tcp_afinfo_seq_fops = {
2763 .owner = THIS_MODULE,
2764 .open = tcp_seq_open,
2766 .llseek = seq_lseek,
2767 .release = seq_release_net
2770 static struct tcp_seq_afinfo tcp4_seq_afinfo = {
2773 .seq_fops = &tcp_afinfo_seq_fops,
2775 .show = tcp4_seq_show,
2779 static int __net_init tcp4_proc_init_net(struct net *net)
2781 return tcp_proc_register(net, &tcp4_seq_afinfo);
2784 static void __net_exit tcp4_proc_exit_net(struct net *net)
2786 tcp_proc_unregister(net, &tcp4_seq_afinfo);
2789 static struct pernet_operations tcp4_net_ops = {
2790 .init = tcp4_proc_init_net,
2791 .exit = tcp4_proc_exit_net,
2794 int __init tcp4_proc_init(void)
2796 return register_pernet_subsys(&tcp4_net_ops);
2799 void tcp4_proc_exit(void)
2801 unregister_pernet_subsys(&tcp4_net_ops);
2803 #endif /* CONFIG_PROC_FS */
2805 struct sk_buff **tcp4_gro_receive(struct sk_buff **head, struct sk_buff *skb)
2807 const struct iphdr *iph = skb_gro_network_header(skb);
2811 switch (skb->ip_summed) {
2812 case CHECKSUM_COMPLETE:
2813 if (!tcp_v4_check(skb_gro_len(skb), iph->saddr, iph->daddr,
2815 skb->ip_summed = CHECKSUM_UNNECESSARY;
2819 NAPI_GRO_CB(skb)->flush = 1;
2823 wsum = csum_tcpudp_nofold(iph->saddr, iph->daddr,
2824 skb_gro_len(skb), IPPROTO_TCP, 0);
2825 sum = csum_fold(skb_checksum(skb,
2826 skb_gro_offset(skb),
2832 skb->ip_summed = CHECKSUM_UNNECESSARY;
2836 return tcp_gro_receive(head, skb);
2839 int tcp4_gro_complete(struct sk_buff *skb)
2841 const struct iphdr *iph = ip_hdr(skb);
2842 struct tcphdr *th = tcp_hdr(skb);
2844 th->check = ~tcp_v4_check(skb->len - skb_transport_offset(skb),
2845 iph->saddr, iph->daddr, 0);
2846 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV4;
2848 return tcp_gro_complete(skb);
2851 struct proto tcp_prot = {
2853 .owner = THIS_MODULE,
2855 .connect = tcp_v4_connect,
2856 .disconnect = tcp_disconnect,
2857 .accept = inet_csk_accept,
2859 .init = tcp_v4_init_sock,
2860 .destroy = tcp_v4_destroy_sock,
2861 .shutdown = tcp_shutdown,
2862 .setsockopt = tcp_setsockopt,
2863 .getsockopt = tcp_getsockopt,
2864 .recvmsg = tcp_recvmsg,
2865 .sendmsg = tcp_sendmsg,
2866 .sendpage = tcp_sendpage,
2867 .backlog_rcv = tcp_v4_do_rcv,
2868 .release_cb = tcp_release_cb,
2869 .mtu_reduced = tcp_v4_mtu_reduced,
2871 .unhash = inet_unhash,
2872 .get_port = inet_csk_get_port,
2873 .enter_memory_pressure = tcp_enter_memory_pressure,
2874 .sockets_allocated = &tcp_sockets_allocated,
2875 .orphan_count = &tcp_orphan_count,
2876 .memory_allocated = &tcp_memory_allocated,
2877 .memory_pressure = &tcp_memory_pressure,
2878 .sysctl_wmem = sysctl_tcp_wmem,
2879 .sysctl_rmem = sysctl_tcp_rmem,
2880 .max_header = MAX_TCP_HEADER,
2881 .obj_size = sizeof(struct tcp_sock),
2882 .slab_flags = SLAB_DESTROY_BY_RCU,
2883 .twsk_prot = &tcp_timewait_sock_ops,
2884 .rsk_prot = &tcp_request_sock_ops,
2885 .h.hashinfo = &tcp_hashinfo,
2886 .no_autobind = true,
2887 #ifdef CONFIG_COMPAT
2888 .compat_setsockopt = compat_tcp_setsockopt,
2889 .compat_getsockopt = compat_tcp_getsockopt,
2891 #ifdef CONFIG_MEMCG_KMEM
2892 .init_cgroup = tcp_init_cgroup,
2893 .destroy_cgroup = tcp_destroy_cgroup,
2894 .proto_cgroup = tcp_proto_cgroup,
2897 EXPORT_SYMBOL(tcp_prot);
2899 static int __net_init tcp_sk_init(struct net *net)
2904 static void __net_exit tcp_sk_exit(struct net *net)
2908 static void __net_exit tcp_sk_exit_batch(struct list_head *net_exit_list)
2910 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET);
2913 static struct pernet_operations __net_initdata tcp_sk_ops = {
2914 .init = tcp_sk_init,
2915 .exit = tcp_sk_exit,
2916 .exit_batch = tcp_sk_exit_batch,
2919 void __init tcp_v4_init(void)
2921 inet_hashinfo_init(&tcp_hashinfo);
2922 if (register_pernet_subsys(&tcp_sk_ops))
2923 panic("Failed to create the TCP control socket.\n");
projects / can-eth-gw-linux.git / blob