Version:  2.6.34 2.6.35 2.6.36 2.6.37 2.6.38 2.6.39 3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 3.14

Linux/net/ipv4/tcp_ipv4.c

  1 /*
  2  * INET         An implementation of the TCP/IP protocol suite for the LINUX
  3  *              operating system.  INET is implemented using the  BSD Socket
  4  *              interface as the means of communication with the user level.
  5  *
  6  *              Implementation of the Transmission Control Protocol(TCP).
  7  *
  8  *              IPv4 specific functions
  9  *
 10  *
 11  *              code split from:
 12  *              linux/ipv4/tcp.c
 13  *              linux/ipv4/tcp_input.c
 14  *              linux/ipv4/tcp_output.c
 15  *
 16  *              See tcp.c for author information
 17  *
 18  *      This program is free software; you can redistribute it and/or
 19  *      modify it under the terms of the GNU General Public License
 20  *      as published by the Free Software Foundation; either version
 21  *      2 of the License, or (at your option) any later version.
 22  */
 23 
 24 /*
 25  * Changes:
 26  *              David S. Miller :       New socket lookup architecture.
 27  *                                      This code is dedicated to John Dyson.
 28  *              David S. Miller :       Change semantics of established hash,
 29  *                                      half is devoted to TIME_WAIT sockets
 30  *                                      and the rest go in the other half.
 31  *              Andi Kleen :            Add support for syncookies and fixed
 32  *                                      some bugs: ip options weren't passed to
 33  *                                      the TCP layer, missed a check for an
 34  *                                      ACK bit.
 35  *              Andi Kleen :            Implemented fast path mtu discovery.
 36  *                                      Fixed many serious bugs in the
 37  *                                      request_sock handling and moved
 38  *                                      most of it into the af independent code.
 39  *                                      Added tail drop and some other bugfixes.
 40  *                                      Added new listen semantics.
 41  *              Mike McLagan    :       Routing by source
 42  *      Juan Jose Ciarlante:            ip_dynaddr bits
 43  *              Andi Kleen:             various fixes.
 44  *      Vitaly E. Lavrov        :       Transparent proxy revived after year
 45  *                                      coma.
 46  *      Andi Kleen              :       Fix new listen.
 47  *      Andi Kleen              :       Fix accept error reporting.
 48  *      YOSHIFUJI Hideaki @USAGI and:   Support IPV6_V6ONLY socket option, which
 49  *      Alexey Kuznetsov                allow both IPv4 and IPv6 sockets to bind
 50  *                                      a single port at the same time.
 51  */
 52 
 53 #define pr_fmt(fmt) "TCP: " fmt
 54 
 55 #include <linux/bottom_half.h>
 56 #include <linux/types.h>
 57 #include <linux/fcntl.h>
 58 #include <linux/module.h>
 59 #include <linux/random.h>
 60 #include <linux/cache.h>
 61 #include <linux/jhash.h>
 62 #include <linux/init.h>
 63 #include <linux/times.h>
 64 #include <linux/slab.h>
 65 
 66 #include <net/net_namespace.h>
 67 #include <net/icmp.h>
 68 #include <net/inet_hashtables.h>
 69 #include <net/tcp.h>
 70 #include <net/transp_v6.h>
 71 #include <net/ipv6.h>
 72 #include <net/inet_common.h>
 73 #include <net/timewait_sock.h>
 74 #include <net/xfrm.h>
 75 #include <net/netdma.h>
 76 #include <net/secure_seq.h>
 77 #include <net/tcp_memcontrol.h>
 78 #include <net/busy_poll.h>
 79 
 80 #include <linux/inet.h>
 81 #include <linux/ipv6.h>
 82 #include <linux/stddef.h>
 83 #include <linux/proc_fs.h>
 84 #include <linux/seq_file.h>
 85 
 86 #include <linux/crypto.h>
 87 #include <linux/scatterlist.h>
 88 
 89 int sysctl_tcp_tw_reuse __read_mostly;
 90 int sysctl_tcp_low_latency __read_mostly;
 91 EXPORT_SYMBOL(sysctl_tcp_low_latency);
 92 
 93 
 94 #ifdef CONFIG_TCP_MD5SIG
 95 static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
 96                                __be32 daddr, __be32 saddr, const struct tcphdr *th);
 97 #endif
 98 
 99 struct inet_hashinfo tcp_hashinfo;
100 EXPORT_SYMBOL(tcp_hashinfo);
101 
102 static inline __u32 tcp_v4_init_sequence(const struct sk_buff *skb)
103 {
104         return secure_tcp_sequence_number(ip_hdr(skb)->daddr,
105                                           ip_hdr(skb)->saddr,
106                                           tcp_hdr(skb)->dest,
107                                           tcp_hdr(skb)->source);
108 }
109 
110 int tcp_twsk_unique(struct sock *sk, struct sock *sktw, void *twp)
111 {
112         const struct tcp_timewait_sock *tcptw = tcp_twsk(sktw);
113         struct tcp_sock *tp = tcp_sk(sk);
114 
115         /* With PAWS, it is safe from the viewpoint
116            of data integrity. Even without PAWS it is safe provided sequence
117            spaces do not overlap i.e. at data rates <= 80Mbit/sec.
118 
119            Actually, the idea is close to VJ's one, only timestamp cache is
120            held not per host, but per port pair and TW bucket is used as state
121            holder.
122 
123            If TW bucket has been already destroyed we fall back to VJ's scheme
124            and use initial timestamp retrieved from peer table.
125          */
126         if (tcptw->tw_ts_recent_stamp &&
127             (twp == NULL || (sysctl_tcp_tw_reuse &&
128                              get_seconds() - tcptw->tw_ts_recent_stamp > 1))) {
129                 tp->write_seq = tcptw->tw_snd_nxt + 65535 + 2;
130                 if (tp->write_seq == 0)
131                         tp->write_seq = 1;
132                 tp->rx_opt.ts_recent       = tcptw->tw_ts_recent;
133                 tp->rx_opt.ts_recent_stamp = tcptw->tw_ts_recent_stamp;
134                 sock_hold(sktw);
135                 return 1;
136         }
137 
138         return 0;
139 }
140 EXPORT_SYMBOL_GPL(tcp_twsk_unique);
141 
142 /* This will initiate an outgoing connection. */
143 int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
144 {
145         struct sockaddr_in *usin = (struct sockaddr_in *)uaddr;
146         struct inet_sock *inet = inet_sk(sk);
147         struct tcp_sock *tp = tcp_sk(sk);
148         __be16 orig_sport, orig_dport;
149         __be32 daddr, nexthop;
150         struct flowi4 *fl4;
151         struct rtable *rt;
152         int err;
153         struct ip_options_rcu *inet_opt;
154 
155         if (addr_len < sizeof(struct sockaddr_in))
156                 return -EINVAL;
157 
158         if (usin->sin_family != AF_INET)
159                 return -EAFNOSUPPORT;
160 
161         nexthop = daddr = usin->sin_addr.s_addr;
162         inet_opt = rcu_dereference_protected(inet->inet_opt,
163                                              sock_owned_by_user(sk));
164         if (inet_opt && inet_opt->opt.srr) {
165                 if (!daddr)
166                         return -EINVAL;
167                 nexthop = inet_opt->opt.faddr;
168         }
169 
170         orig_sport = inet->inet_sport;
171         orig_dport = usin->sin_port;
172         fl4 = &inet->cork.fl.u.ip4;
173         rt = ip_route_connect(fl4, nexthop, inet->inet_saddr,
174                               RT_CONN_FLAGS(sk), sk->sk_bound_dev_if,
175                               IPPROTO_TCP,
176                               orig_sport, orig_dport, sk);
177         if (IS_ERR(rt)) {
178                 err = PTR_ERR(rt);
179                 if (err == -ENETUNREACH)
180                         IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
181                 return err;
182         }
183 
184         if (rt->rt_flags & (RTCF_MULTICAST | RTCF_BROADCAST)) {
185                 ip_rt_put(rt);
186                 return -ENETUNREACH;
187         }
188 
189         if (!inet_opt || !inet_opt->opt.srr)
190                 daddr = fl4->daddr;
191 
192         if (!inet->inet_saddr)
193                 inet->inet_saddr = fl4->saddr;
194         inet->inet_rcv_saddr = inet->inet_saddr;
195 
196         if (tp->rx_opt.ts_recent_stamp && inet->inet_daddr != daddr) {
197                 /* Reset inherited state */
198                 tp->rx_opt.ts_recent       = 0;
199                 tp->rx_opt.ts_recent_stamp = 0;
200                 if (likely(!tp->repair))
201                         tp->write_seq      = 0;
202         }
203 
204         if (tcp_death_row.sysctl_tw_recycle &&
205             !tp->rx_opt.ts_recent_stamp && fl4->daddr == daddr)
206                 tcp_fetch_timewait_stamp(sk, &rt->dst);
207 
208         inet->inet_dport = usin->sin_port;
209         inet->inet_daddr = daddr;
210 
211         inet_csk(sk)->icsk_ext_hdr_len = 0;
212         if (inet_opt)
213                 inet_csk(sk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
214 
215         tp->rx_opt.mss_clamp = TCP_MSS_DEFAULT;
216 
217         /* Socket identity is still unknown (sport may be zero).
218          * However we set state to SYN-SENT and not releasing socket
219          * lock select source port, enter ourselves into the hash tables and
220          * complete initialization after this.
221          */
222         tcp_set_state(sk, TCP_SYN_SENT);
223         err = inet_hash_connect(&tcp_death_row, sk);
224         if (err)
225                 goto failure;
226 
227         rt = ip_route_newports(fl4, rt, orig_sport, orig_dport,
228                                inet->inet_sport, inet->inet_dport, sk);
229         if (IS_ERR(rt)) {
230                 err = PTR_ERR(rt);
231                 rt = NULL;
232                 goto failure;
233         }
234         /* OK, now commit destination to socket.  */
235         sk->sk_gso_type = SKB_GSO_TCPV4;
236         sk_setup_caps(sk, &rt->dst);
237 
238         if (!tp->write_seq && likely(!tp->repair))
239                 tp->write_seq = secure_tcp_sequence_number(inet->inet_saddr,
240                                                            inet->inet_daddr,
241                                                            inet->inet_sport,
242                                                            usin->sin_port);
243 
244         inet->inet_id = tp->write_seq ^ jiffies;
245 
246         err = tcp_connect(sk);
247 
248         rt = NULL;
249         if (err)
250                 goto failure;
251 
252         return 0;
253 
254 failure:
255         /*
256          * This unhashes the socket and releases the local port,
257          * if necessary.
258          */
259         tcp_set_state(sk, TCP_CLOSE);
260         ip_rt_put(rt);
261         sk->sk_route_caps = 0;
262         inet->inet_dport = 0;
263         return err;
264 }
265 EXPORT_SYMBOL(tcp_v4_connect);
266 
267 /*
268  * This routine reacts to ICMP_FRAG_NEEDED mtu indications as defined in RFC1191.
269  * It can be called through tcp_release_cb() if socket was owned by user
270  * at the time tcp_v4_err() was called to handle ICMP message.
271  */
272 static void tcp_v4_mtu_reduced(struct sock *sk)
273 {
274         struct dst_entry *dst;
275         struct inet_sock *inet = inet_sk(sk);
276         u32 mtu = tcp_sk(sk)->mtu_info;
277 
278         dst = inet_csk_update_pmtu(sk, mtu);
279         if (!dst)
280                 return;
281 
282         /* Something is about to be wrong... Remember soft error
283          * for the case, if this connection will not able to recover.
284          */
285         if (mtu < dst_mtu(dst) && ip_dont_fragment(sk, dst))
286                 sk->sk_err_soft = EMSGSIZE;
287 
288         mtu = dst_mtu(dst);
289 
290         if (inet->pmtudisc != IP_PMTUDISC_DONT &&
291             ip_sk_accept_pmtu(sk) &&
292             inet_csk(sk)->icsk_pmtu_cookie > mtu) {
293                 tcp_sync_mss(sk, mtu);
294 
295                 /* Resend the TCP packet because it's
296                  * clear that the old packet has been
297                  * dropped. This is the new "fast" path mtu
298                  * discovery.
299                  */
300                 tcp_simple_retransmit(sk);
301         } /* else let the usual retransmit timer handle it */
302 }
303 
304 static void do_redirect(struct sk_buff *skb, struct sock *sk)
305 {
306         struct dst_entry *dst = __sk_dst_check(sk, 0);
307 
308         if (dst)
309                 dst->ops->redirect(dst, sk, skb);
310 }
311 
312 /*
313  * This routine is called by the ICMP module when it gets some
314  * sort of error condition.  If err < 0 then the socket should
315  * be closed and the error returned to the user.  If err > 0
316  * it's just the icmp type << 8 | icmp code.  After adjustment
317  * header points to the first 8 bytes of the tcp header.  We need
318  * to find the appropriate port.
319  *
320  * The locking strategy used here is very "optimistic". When
321  * someone else accesses the socket the ICMP is just dropped
322  * and for some paths there is no check at all.
323  * A more general error queue to queue errors for later handling
324  * is probably better.
325  *
326  */
327 
328 void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
329 {
330         const struct iphdr *iph = (const struct iphdr *)icmp_skb->data;
331         struct tcphdr *th = (struct tcphdr *)(icmp_skb->data + (iph->ihl << 2));
332         struct inet_connection_sock *icsk;
333         struct tcp_sock *tp;
334         struct inet_sock *inet;
335         const int type = icmp_hdr(icmp_skb)->type;
336         const int code = icmp_hdr(icmp_skb)->code;
337         struct sock *sk;
338         struct sk_buff *skb;
339         struct request_sock *req;
340         __u32 seq;
341         __u32 remaining;
342         int err;
343         struct net *net = dev_net(icmp_skb->dev);
344 
345         if (icmp_skb->len < (iph->ihl << 2) + 8) {
346                 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
347                 return;
348         }
349 
350         sk = inet_lookup(net, &tcp_hashinfo, iph->daddr, th->dest,
351                         iph->saddr, th->source, inet_iif(icmp_skb));
352         if (!sk) {
353                 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
354                 return;
355         }
356         if (sk->sk_state == TCP_TIME_WAIT) {
357                 inet_twsk_put(inet_twsk(sk));
358                 return;
359         }
360 
361         bh_lock_sock(sk);
362         /* If too many ICMPs get dropped on busy
363          * servers this needs to be solved differently.
364          * We do take care of PMTU discovery (RFC1191) special case :
365          * we can receive locally generated ICMP messages while socket is held.
366          */
367         if (sock_owned_by_user(sk)) {
368                 if (!(type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED))
369                         NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
370         }
371         if (sk->sk_state == TCP_CLOSE)
372                 goto out;
373 
374         if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
375                 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
376                 goto out;
377         }
378 
379         icsk = inet_csk(sk);
380         tp = tcp_sk(sk);
381         req = tp->fastopen_rsk;
382         seq = ntohl(th->seq);
383         if (sk->sk_state != TCP_LISTEN &&
384             !between(seq, tp->snd_una, tp->snd_nxt) &&
385             (req == NULL || seq != tcp_rsk(req)->snt_isn)) {
386                 /* For a Fast Open socket, allow seq to be snt_isn. */
387                 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
388                 goto out;
389         }
390 
391         switch (type) {
392         case ICMP_REDIRECT:
393                 do_redirect(icmp_skb, sk);
394                 goto out;
395         case ICMP_SOURCE_QUENCH:
396                 /* Just silently ignore these. */
397                 goto out;
398         case ICMP_PARAMETERPROB:
399                 err = EPROTO;
400                 break;
401         case ICMP_DEST_UNREACH:
402                 if (code > NR_ICMP_UNREACH)
403                         goto out;
404 
405                 if (code == ICMP_FRAG_NEEDED) { /* PMTU discovery (RFC1191) */
406                         /* We are not interested in TCP_LISTEN and open_requests
407                          * (SYN-ACKs send out by Linux are always <576bytes so
408                          * they should go through unfragmented).
409                          */
410                         if (sk->sk_state == TCP_LISTEN)
411                                 goto out;
412 
413                         tp->mtu_info = info;
414                         if (!sock_owned_by_user(sk)) {
415                                 tcp_v4_mtu_reduced(sk);
416                         } else {
417                                 if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED, &tp->tsq_flags))
418                                         sock_hold(sk);
419                         }
420                         goto out;
421                 }
422 
423                 err = icmp_err_convert[code].errno;
424                 /* check if icmp_skb allows revert of backoff
425                  * (see draft-zimmermann-tcp-lcd) */
426                 if (code != ICMP_NET_UNREACH && code != ICMP_HOST_UNREACH)
427                         break;
428                 if (seq != tp->snd_una  || !icsk->icsk_retransmits ||
429                     !icsk->icsk_backoff)
430                         break;
431 
432                 /* XXX (TFO) - revisit the following logic for TFO */
433 
434                 if (sock_owned_by_user(sk))
435                         break;
436 
437                 icsk->icsk_backoff--;
438                 inet_csk(sk)->icsk_rto = (tp->srtt ? __tcp_set_rto(tp) :
439                         TCP_TIMEOUT_INIT) << icsk->icsk_backoff;
440                 tcp_bound_rto(sk);
441 
442                 skb = tcp_write_queue_head(sk);
443                 BUG_ON(!skb);
444 
445                 remaining = icsk->icsk_rto - min(icsk->icsk_rto,
446                                 tcp_time_stamp - TCP_SKB_CB(skb)->when);
447 
448                 if (remaining) {
449                         inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
450                                                   remaining, TCP_RTO_MAX);
451                 } else {
452                         /* RTO revert clocked out retransmission.
453                          * Will retransmit now */
454                         tcp_retransmit_timer(sk);
455                 }
456 
457                 break;
458         case ICMP_TIME_EXCEEDED:
459                 err = EHOSTUNREACH;
460                 break;
461         default:
462                 goto out;
463         }
464 
465         /* XXX (TFO) - if it's a TFO socket and has been accepted, rather
466          * than following the TCP_SYN_RECV case and closing the socket,
467          * we ignore the ICMP error and keep trying like a fully established
468          * socket. Is this the right thing to do?
469          */
470         if (req && req->sk == NULL)
471                 goto out;
472 
473         switch (sk->sk_state) {
474                 struct request_sock *req, **prev;
475         case TCP_LISTEN:
476                 if (sock_owned_by_user(sk))
477                         goto out;
478 
479                 req = inet_csk_search_req(sk, &prev, th->dest,
480                                           iph->daddr, iph->saddr);
481                 if (!req)
482                         goto out;
483 
484                 /* ICMPs are not backlogged, hence we cannot get
485                    an established socket here.
486                  */
487                 WARN_ON(req->sk);
488 
489                 if (seq != tcp_rsk(req)->snt_isn) {
490                         NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
491                         goto out;
492                 }
493 
494                 /*
495                  * Still in SYN_RECV, just remove it silently.
496                  * There is no good way to pass the error to the newly
497                  * created socket, and POSIX does not want network
498                  * errors returned from accept().
499                  */
500                 inet_csk_reqsk_queue_drop(sk, req, prev);
501                 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
502                 goto out;
503 
504         case TCP_SYN_SENT:
505         case TCP_SYN_RECV:  /* Cannot happen.
506                                It can f.e. if SYNs crossed,
507                                or Fast Open.
508                              */
509                 if (!sock_owned_by_user(sk)) {
510                         sk->sk_err = err;
511 
512                         sk->sk_error_report(sk);
513 
514                         tcp_done(sk);
515                 } else {
516                         sk->sk_err_soft = err;
517                 }
518                 goto out;
519         }
520 
521         /* If we've already connected we will keep trying
522          * until we time out, or the user gives up.
523          *
524          * rfc1122 4.2.3.9 allows to consider as hard errors
525          * only PROTO_UNREACH and PORT_UNREACH (well, FRAG_FAILED too,
526          * but it is obsoleted by pmtu discovery).
527          *
528          * Note, that in modern internet, where routing is unreliable
529          * and in each dark corner broken firewalls sit, sending random
530          * errors ordered by their masters even this two messages finally lose
531          * their original sense (even Linux sends invalid PORT_UNREACHs)
532          *
533          * Now we are in compliance with RFCs.
534          *                                                      --ANK (980905)
535          */
536 
537         inet = inet_sk(sk);
538         if (!sock_owned_by_user(sk) && inet->recverr) {
539                 sk->sk_err = err;
540                 sk->sk_error_report(sk);
541         } else  { /* Only an error on timeout */
542                 sk->sk_err_soft = err;
543         }
544 
545 out:
546         bh_unlock_sock(sk);
547         sock_put(sk);
548 }
549 
550 void __tcp_v4_send_check(struct sk_buff *skb, __be32 saddr, __be32 daddr)
551 {
552         struct tcphdr *th = tcp_hdr(skb);
553 
554         if (skb->ip_summed == CHECKSUM_PARTIAL) {
555                 th->check = ~tcp_v4_check(skb->len, saddr, daddr, 0);
556                 skb->csum_start = skb_transport_header(skb) - skb->head;
557                 skb->csum_offset = offsetof(struct tcphdr, check);
558         } else {
559                 th->check = tcp_v4_check(skb->len, saddr, daddr,
560                                          csum_partial(th,
561                                                       th->doff << 2,
562                                                       skb->csum));
563         }
564 }
565 
566 /* This routine computes an IPv4 TCP checksum. */
567 void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb)
568 {
569         const struct inet_sock *inet = inet_sk(sk);
570 
571         __tcp_v4_send_check(skb, inet->inet_saddr, inet->inet_daddr);
572 }
573 EXPORT_SYMBOL(tcp_v4_send_check);
574 
575 /*
576  *      This routine will send an RST to the other tcp.
577  *
578  *      Someone asks: why I NEVER use socket parameters (TOS, TTL etc.)
579  *                    for reset.
580  *      Answer: if a packet caused RST, it is not for a socket
581  *              existing in our system, if it is matched to a socket,
582  *              it is just duplicate segment or bug in other side's TCP.
583  *              So that we build reply only basing on parameters
584  *              arrived with segment.
585  *      Exception: precedence violation. We do not implement it in any case.
586  */
587 
588 static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
589 {
590         const struct tcphdr *th = tcp_hdr(skb);
591         struct {
592                 struct tcphdr th;
593 #ifdef CONFIG_TCP_MD5SIG
594                 __be32 opt[(TCPOLEN_MD5SIG_ALIGNED >> 2)];
595 #endif
596         } rep;
597         struct ip_reply_arg arg;
598 #ifdef CONFIG_TCP_MD5SIG
599         struct tcp_md5sig_key *key;
600         const __u8 *hash_location = NULL;
601         unsigned char newhash[16];
602         int genhash;
603         struct sock *sk1 = NULL;
604 #endif
605         struct net *net;
606 
607         /* Never send a reset in response to a reset. */
608         if (th->rst)
609                 return;
610 
611         if (skb_rtable(skb)->rt_type != RTN_LOCAL)
612                 return;
613 
614         /* Swap the send and the receive. */
615         memset(&rep, 0, sizeof(rep));
616         rep.th.dest   = th->source;
617         rep.th.source = th->dest;
618         rep.th.doff   = sizeof(struct tcphdr) / 4;
619         rep.th.rst    = 1;
620 
621         if (th->ack) {
622                 rep.th.seq = th->ack_seq;
623         } else {
624                 rep.th.ack = 1;
625                 rep.th.ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin +
626                                        skb->len - (th->doff << 2));
627         }
628 
629         memset(&arg, 0, sizeof(arg));
630         arg.iov[0].iov_base = (unsigned char *)&rep;
631         arg.iov[0].iov_len  = sizeof(rep.th);
632 
633 #ifdef CONFIG_TCP_MD5SIG
634         hash_location = tcp_parse_md5sig_option(th);
635         if (!sk && hash_location) {
636                 /*
637                  * active side is lost. Try to find listening socket through
638                  * source port, and then find md5 key through listening socket.
639                  * we are not loose security here:
640                  * Incoming packet is checked with md5 hash with finding key,
641                  * no RST generated if md5 hash doesn't match.
642                  */
643                 sk1 = __inet_lookup_listener(dev_net(skb_dst(skb)->dev),
644                                              &tcp_hashinfo, ip_hdr(skb)->saddr,
645                                              th->source, ip_hdr(skb)->daddr,
646                                              ntohs(th->source), inet_iif(skb));
647                 /* don't send rst if it can't find key */
648                 if (!sk1)
649                         return;
650                 rcu_read_lock();
651                 key = tcp_md5_do_lookup(sk1, (union tcp_md5_addr *)
652                                         &ip_hdr(skb)->saddr, AF_INET);
653                 if (!key)
654                         goto release_sk1;
655 
656                 genhash = tcp_v4_md5_hash_skb(newhash, key, NULL, NULL, skb);
657                 if (genhash || memcmp(hash_location, newhash, 16) != 0)
658                         goto release_sk1;
659         } else {
660                 key = sk ? tcp_md5_do_lookup(sk, (union tcp_md5_addr *)
661                                              &ip_hdr(skb)->saddr,
662                                              AF_INET) : NULL;
663         }
664 
665         if (key) {
666                 rep.opt[0] = htonl((TCPOPT_NOP << 24) |
667                                    (TCPOPT_NOP << 16) |
668                                    (TCPOPT_MD5SIG << 8) |
669                                    TCPOLEN_MD5SIG);
670                 /* Update length and the length the header thinks exists */
671                 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
672                 rep.th.doff = arg.iov[0].iov_len / 4;
673 
674                 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[1],
675                                      key, ip_hdr(skb)->saddr,
676                                      ip_hdr(skb)->daddr, &rep.th);
677         }
678 #endif
679         arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
680                                       ip_hdr(skb)->saddr, /* XXX */
681                                       arg.iov[0].iov_len, IPPROTO_TCP, 0);
682         arg.csumoffset = offsetof(struct tcphdr, check) / 2;
683         arg.flags = (sk && inet_sk(sk)->transparent) ? IP_REPLY_ARG_NOSRCCHECK : 0;
684         /* When socket is gone, all binding information is lost.
685          * routing might fail in this case. No choice here, if we choose to force
686          * input interface, we will misroute in case of asymmetric route.
687          */
688         if (sk)
689                 arg.bound_dev_if = sk->sk_bound_dev_if;
690 
691         net = dev_net(skb_dst(skb)->dev);
692         arg.tos = ip_hdr(skb)->tos;
693         ip_send_unicast_reply(net, skb, ip_hdr(skb)->saddr,
694                               ip_hdr(skb)->daddr, &arg, arg.iov[0].iov_len);
695 
696         TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
697         TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
698 
699 #ifdef CONFIG_TCP_MD5SIG
700 release_sk1:
701         if (sk1) {
702                 rcu_read_unlock();
703                 sock_put(sk1);
704         }
705 #endif
706 }
707 
708 /* The code following below sending ACKs in SYN-RECV and TIME-WAIT states
709    outside socket context is ugly, certainly. What can I do?
710  */
711 
712 static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, u32 ack,
713                             u32 win, u32 tsval, u32 tsecr, int oif,
714                             struct tcp_md5sig_key *key,
715                             int reply_flags, u8 tos)
716 {
717         const struct tcphdr *th = tcp_hdr(skb);
718         struct {
719                 struct tcphdr th;
720                 __be32 opt[(TCPOLEN_TSTAMP_ALIGNED >> 2)
721 #ifdef CONFIG_TCP_MD5SIG
722                            + (TCPOLEN_MD5SIG_ALIGNED >> 2)
723 #endif
724                         ];
725         } rep;
726         struct ip_reply_arg arg;
727         struct net *net = dev_net(skb_dst(skb)->dev);
728 
729         memset(&rep.th, 0, sizeof(struct tcphdr));
730         memset(&arg, 0, sizeof(arg));
731 
732         arg.iov[0].iov_base = (unsigned char *)&rep;
733         arg.iov[0].iov_len  = sizeof(rep.th);
734         if (tsecr) {
735                 rep.opt[0] = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
736                                    (TCPOPT_TIMESTAMP << 8) |
737                                    TCPOLEN_TIMESTAMP);
738                 rep.opt[1] = htonl(tsval);
739                 rep.opt[2] = htonl(tsecr);
740                 arg.iov[0].iov_len += TCPOLEN_TSTAMP_ALIGNED;
741         }
742 
743         /* Swap the send and the receive. */
744         rep.th.dest    = th->source;
745         rep.th.source  = th->dest;
746         rep.th.doff    = arg.iov[0].iov_len / 4;
747         rep.th.seq     = htonl(seq);
748         rep.th.ack_seq = htonl(ack);
749         rep.th.ack     = 1;
750         rep.th.window  = htons(win);
751 
752 #ifdef CONFIG_TCP_MD5SIG
753         if (key) {
754                 int offset = (tsecr) ? 3 : 0;
755 
756                 rep.opt[offset++] = htonl((TCPOPT_NOP << 24) |
757                                           (TCPOPT_NOP << 16) |
758                                           (TCPOPT_MD5SIG << 8) |
759                                           TCPOLEN_MD5SIG);
760                 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
761                 rep.th.doff = arg.iov[0].iov_len/4;
762 
763                 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[offset],
764                                     key, ip_hdr(skb)->saddr,
765                                     ip_hdr(skb)->daddr, &rep.th);
766         }
767 #endif
768         arg.flags = reply_flags;
769         arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
770                                       ip_hdr(skb)->saddr, /* XXX */
771                                       arg.iov[0].iov_len, IPPROTO_TCP, 0);
772         arg.csumoffset = offsetof(struct tcphdr, check) / 2;
773         if (oif)
774                 arg.bound_dev_if = oif;
775         arg.tos = tos;
776         ip_send_unicast_reply(net, skb, ip_hdr(skb)->saddr,
777                               ip_hdr(skb)->daddr, &arg, arg.iov[0].iov_len);
778 
779         TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
780 }
781 
782 static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb)
783 {
784         struct inet_timewait_sock *tw = inet_twsk(sk);
785         struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
786 
787         tcp_v4_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
788                         tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
789                         tcp_time_stamp + tcptw->tw_ts_offset,
790                         tcptw->tw_ts_recent,
791                         tw->tw_bound_dev_if,
792                         tcp_twsk_md5_key(tcptw),
793                         tw->tw_transparent ? IP_REPLY_ARG_NOSRCCHECK : 0,
794                         tw->tw_tos
795                         );
796 
797         inet_twsk_put(tw);
798 }
799 
800 static void tcp_v4_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
801                                   struct request_sock *req)
802 {
803         /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
804          * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
805          */
806         tcp_v4_send_ack(skb, (sk->sk_state == TCP_LISTEN) ?
807                         tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
808                         tcp_rsk(req)->rcv_nxt, req->rcv_wnd,
809                         tcp_time_stamp,
810                         req->ts_recent,
811                         0,
812                         tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&ip_hdr(skb)->daddr,
813                                           AF_INET),
814                         inet_rsk(req)->no_srccheck ? IP_REPLY_ARG_NOSRCCHECK : 0,
815                         ip_hdr(skb)->tos);
816 }
817 
818 /*
819  *      Send a SYN-ACK after having received a SYN.
820  *      This still operates on a request_sock only, not on a big
821  *      socket.
822  */
823 static int tcp_v4_send_synack(struct sock *sk, struct dst_entry *dst,
824                               struct request_sock *req,
825                               u16 queue_mapping)
826 {
827         const struct inet_request_sock *ireq = inet_rsk(req);
828         struct flowi4 fl4;
829         int err = -1;
830         struct sk_buff *skb;
831 
832         /* First, grab a route. */
833         if (!dst && (dst = inet_csk_route_req(sk, &fl4, req)) == NULL)
834                 return -1;
835 
836         skb = tcp_make_synack(sk, dst, req, NULL);
837 
838         if (skb) {
839                 __tcp_v4_send_check(skb, ireq->ir_loc_addr, ireq->ir_rmt_addr);
840 
841                 skb_set_queue_mapping(skb, queue_mapping);
842                 err = ip_build_and_send_pkt(skb, sk, ireq->ir_loc_addr,
843                                             ireq->ir_rmt_addr,
844                                             ireq->opt);
845                 err = net_xmit_eval(err);
846                 if (!tcp_rsk(req)->snt_synack && !err)
847                         tcp_rsk(req)->snt_synack = tcp_time_stamp;
848         }
849 
850         return err;
851 }
852 
853 static int tcp_v4_rtx_synack(struct sock *sk, struct request_sock *req)
854 {
855         int res = tcp_v4_send_synack(sk, NULL, req, 0);
856 
857         if (!res)
858                 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_RETRANSSEGS);
859         return res;
860 }
861 
862 /*
863  *      IPv4 request_sock destructor.
864  */
865 static void tcp_v4_reqsk_destructor(struct request_sock *req)
866 {
867         kfree(inet_rsk(req)->opt);
868 }
869 
870 /*
871  * Return true if a syncookie should be sent
872  */
873 bool tcp_syn_flood_action(struct sock *sk,
874                          const struct sk_buff *skb,
875                          const char *proto)
876 {
877         const char *msg = "Dropping request";
878         bool want_cookie = false;
879         struct listen_sock *lopt;
880 
881 
882 
883 #ifdef CONFIG_SYN_COOKIES
884         if (sysctl_tcp_syncookies) {
885                 msg = "Sending cookies";
886                 want_cookie = true;
887                 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPREQQFULLDOCOOKIES);
888         } else
889 #endif
890                 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPREQQFULLDROP);
891 
892         lopt = inet_csk(sk)->icsk_accept_queue.listen_opt;
893         if (!lopt->synflood_warned && sysctl_tcp_syncookies != 2) {
894                 lopt->synflood_warned = 1;
895                 pr_info("%s: Possible SYN flooding on port %d. %s.  Check SNMP counters.\n",
896                         proto, ntohs(tcp_hdr(skb)->dest), msg);
897         }
898         return want_cookie;
899 }
900 EXPORT_SYMBOL(tcp_syn_flood_action);
901 
902 /*
903  * Save and compile IPv4 options into the request_sock if needed.
904  */
905 static struct ip_options_rcu *tcp_v4_save_options(struct sk_buff *skb)
906 {
907         const struct ip_options *opt = &(IPCB(skb)->opt);
908         struct ip_options_rcu *dopt = NULL;
909 
910         if (opt && opt->optlen) {
911                 int opt_size = sizeof(*dopt) + opt->optlen;
912 
913                 dopt = kmalloc(opt_size, GFP_ATOMIC);
914                 if (dopt) {
915                         if (ip_options_echo(&dopt->opt, skb)) {
916                                 kfree(dopt);
917                                 dopt = NULL;
918                         }
919                 }
920         }
921         return dopt;
922 }
923 
924 #ifdef CONFIG_TCP_MD5SIG
925 /*
926  * RFC2385 MD5 checksumming requires a mapping of
927  * IP address->MD5 Key.
928  * We need to maintain these in the sk structure.
929  */
930 
931 /* Find the Key structure for an address.  */
932 struct tcp_md5sig_key *tcp_md5_do_lookup(struct sock *sk,
933                                          const union tcp_md5_addr *addr,
934                                          int family)
935 {
936         struct tcp_sock *tp = tcp_sk(sk);
937         struct tcp_md5sig_key *key;
938         unsigned int size = sizeof(struct in_addr);
939         struct tcp_md5sig_info *md5sig;
940 
941         /* caller either holds rcu_read_lock() or socket lock */
942         md5sig = rcu_dereference_check(tp->md5sig_info,
943                                        sock_owned_by_user(sk) ||
944                                        lockdep_is_held(&sk->sk_lock.slock));
945         if (!md5sig)
946                 return NULL;
947 #if IS_ENABLED(CONFIG_IPV6)
948         if (family == AF_INET6)
949                 size = sizeof(struct in6_addr);
950 #endif
951         hlist_for_each_entry_rcu(key, &md5sig->head, node) {
952                 if (key->family != family)
953                         continue;
954                 if (!memcmp(&key->addr, addr, size))
955                         return key;
956         }
957         return NULL;
958 }
959 EXPORT_SYMBOL(tcp_md5_do_lookup);
960 
961 struct tcp_md5sig_key *tcp_v4_md5_lookup(struct sock *sk,
962                                          struct sock *addr_sk)
963 {
964         union tcp_md5_addr *addr;
965 
966         addr = (union tcp_md5_addr *)&inet_sk(addr_sk)->inet_daddr;
967         return tcp_md5_do_lookup(sk, addr, AF_INET);
968 }
969 EXPORT_SYMBOL(tcp_v4_md5_lookup);
970 
971 static struct tcp_md5sig_key *tcp_v4_reqsk_md5_lookup(struct sock *sk,
972                                                       struct request_sock *req)
973 {
974         union tcp_md5_addr *addr;
975 
976         addr = (union tcp_md5_addr *)&inet_rsk(req)->ir_rmt_addr;
977         return tcp_md5_do_lookup(sk, addr, AF_INET);
978 }
979 
980 /* This can be called on a newly created socket, from other files */
981 int tcp_md5_do_add(struct sock *sk, const union tcp_md5_addr *addr,
982                    int family, const u8 *newkey, u8 newkeylen, gfp_t gfp)
983 {
984         /* Add Key to the list */
985         struct tcp_md5sig_key *key;
986         struct tcp_sock *tp = tcp_sk(sk);
987         struct tcp_md5sig_info *md5sig;
988 
989         key = tcp_md5_do_lookup(sk, addr, family);
990         if (key) {
991                 /* Pre-existing entry - just update that one. */
992                 memcpy(key->key, newkey, newkeylen);
993                 key->keylen = newkeylen;
994                 return 0;
995         }
996 
997         md5sig = rcu_dereference_protected(tp->md5sig_info,
998                                            sock_owned_by_user(sk));
999         if (!md5sig) {
1000                 md5sig = kmalloc(sizeof(*md5sig), gfp);
1001                 if (!md5sig)
1002                         return -ENOMEM;
1003 
1004                 sk_nocaps_add(sk, NETIF_F_GSO_MASK);
1005                 INIT_HLIST_HEAD(&md5sig->head);
1006                 rcu_assign_pointer(tp->md5sig_info, md5sig);
1007         }
1008 
1009         key = sock_kmalloc(sk, sizeof(*key), gfp);
1010         if (!key)
1011                 return -ENOMEM;
1012         if (!tcp_alloc_md5sig_pool()) {
1013                 sock_kfree_s(sk, key, sizeof(*key));
1014                 return -ENOMEM;
1015         }
1016 
1017         memcpy(key->key, newkey, newkeylen);
1018         key->keylen = newkeylen;
1019         key->family = family;
1020         memcpy(&key->addr, addr,
1021                (family == AF_INET6) ? sizeof(struct in6_addr) :
1022                                       sizeof(struct in_addr));
1023         hlist_add_head_rcu(&key->node, &md5sig->head);
1024         return 0;
1025 }
1026 EXPORT_SYMBOL(tcp_md5_do_add);
1027 
1028 int tcp_md5_do_del(struct sock *sk, const union tcp_md5_addr *addr, int family)
1029 {
1030         struct tcp_md5sig_key *key;
1031 
1032         key = tcp_md5_do_lookup(sk, addr, family);
1033         if (!key)
1034                 return -ENOENT;
1035         hlist_del_rcu(&key->node);
1036         atomic_sub(sizeof(*key), &sk->sk_omem_alloc);
1037         kfree_rcu(key, rcu);
1038         return 0;
1039 }
1040 EXPORT_SYMBOL(tcp_md5_do_del);
1041 
1042 static void tcp_clear_md5_list(struct sock *sk)
1043 {
1044         struct tcp_sock *tp = tcp_sk(sk);
1045         struct tcp_md5sig_key *key;
1046         struct hlist_node *n;
1047         struct tcp_md5sig_info *md5sig;
1048 
1049         md5sig = rcu_dereference_protected(tp->md5sig_info, 1);
1050 
1051         hlist_for_each_entry_safe(key, n, &md5sig->head, node) {
1052                 hlist_del_rcu(&key->node);
1053                 atomic_sub(sizeof(*key), &sk->sk_omem_alloc);
1054                 kfree_rcu(key, rcu);
1055         }
1056 }
1057 
1058 static int tcp_v4_parse_md5_keys(struct sock *sk, char __user *optval,
1059                                  int optlen)
1060 {
1061         struct tcp_md5sig cmd;
1062         struct sockaddr_in *sin = (struct sockaddr_in *)&cmd.tcpm_addr;
1063 
1064         if (optlen < sizeof(cmd))
1065                 return -EINVAL;
1066 
1067         if (copy_from_user(&cmd, optval, sizeof(cmd)))
1068                 return -EFAULT;
1069 
1070         if (sin->sin_family != AF_INET)
1071                 return -EINVAL;
1072 
1073         if (!cmd.tcpm_key || !cmd.tcpm_keylen)
1074                 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin->sin_addr.s_addr,
1075                                       AF_INET);
1076 
1077         if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
1078                 return -EINVAL;
1079 
1080         return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin->sin_addr.s_addr,
1081                               AF_INET, cmd.tcpm_key, cmd.tcpm_keylen,
1082                               GFP_KERNEL);
1083 }
1084 
1085 static int tcp_v4_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
1086                                         __be32 daddr, __be32 saddr, int nbytes)
1087 {
1088         struct tcp4_pseudohdr *bp;
1089         struct scatterlist sg;
1090 
1091         bp = &hp->md5_blk.ip4;
1092 
1093         /*
1094          * 1. the TCP pseudo-header (in the order: source IP address,
1095          * destination IP address, zero-padded protocol number, and
1096          * segment length)
1097          */
1098         bp->saddr = saddr;
1099         bp->daddr = daddr;
1100         bp->pad = 0;
1101         bp->protocol = IPPROTO_TCP;
1102         bp->len = cpu_to_be16(nbytes);
1103 
1104         sg_init_one(&sg, bp, sizeof(*bp));
1105         return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
1106 }
1107 
1108 static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
1109                                __be32 daddr, __be32 saddr, const struct tcphdr *th)
1110 {
1111         struct tcp_md5sig_pool *hp;
1112         struct hash_desc *desc;
1113 
1114         hp = tcp_get_md5sig_pool();
1115         if (!hp)
1116                 goto clear_hash_noput;
1117         desc = &hp->md5_desc;
1118 
1119         if (crypto_hash_init(desc))
1120                 goto clear_hash;
1121         if (tcp_v4_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
1122                 goto clear_hash;
1123         if (tcp_md5_hash_header(hp, th))
1124                 goto clear_hash;
1125         if (tcp_md5_hash_key(hp, key))
1126                 goto clear_hash;
1127         if (crypto_hash_final(desc, md5_hash))
1128                 goto clear_hash;
1129 
1130         tcp_put_md5sig_pool();
1131         return 0;
1132 
1133 clear_hash:
1134         tcp_put_md5sig_pool();
1135 clear_hash_noput:
1136         memset(md5_hash, 0, 16);
1137         return 1;
1138 }
1139 
1140 int tcp_v4_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
1141                         const struct sock *sk, const struct request_sock *req,
1142                         const struct sk_buff *skb)
1143 {
1144         struct tcp_md5sig_pool *hp;
1145         struct hash_desc *desc;
1146         const struct tcphdr *th = tcp_hdr(skb);
1147         __be32 saddr, daddr;
1148 
1149         if (sk) {
1150                 saddr = inet_sk(sk)->inet_saddr;
1151                 daddr = inet_sk(sk)->inet_daddr;
1152         } else if (req) {
1153                 saddr = inet_rsk(req)->ir_loc_addr;
1154                 daddr = inet_rsk(req)->ir_rmt_addr;
1155         } else {
1156                 const struct iphdr *iph = ip_hdr(skb);
1157                 saddr = iph->saddr;
1158                 daddr = iph->daddr;
1159         }
1160 
1161         hp = tcp_get_md5sig_pool();
1162         if (!hp)
1163                 goto clear_hash_noput;
1164         desc = &hp->md5_desc;
1165 
1166         if (crypto_hash_init(desc))
1167                 goto clear_hash;
1168 
1169         if (tcp_v4_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
1170                 goto clear_hash;
1171         if (tcp_md5_hash_header(hp, th))
1172                 goto clear_hash;
1173         if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
1174                 goto clear_hash;
1175         if (tcp_md5_hash_key(hp, key))
1176                 goto clear_hash;
1177         if (crypto_hash_final(desc, md5_hash))
1178                 goto clear_hash;
1179 
1180         tcp_put_md5sig_pool();
1181         return 0;
1182 
1183 clear_hash:
1184         tcp_put_md5sig_pool();
1185 clear_hash_noput:
1186         memset(md5_hash, 0, 16);
1187         return 1;
1188 }
1189 EXPORT_SYMBOL(tcp_v4_md5_hash_skb);
1190 
1191 static bool tcp_v4_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb)
1192 {
1193         /*
1194          * This gets called for each TCP segment that arrives
1195          * so we want to be efficient.
1196          * We have 3 drop cases:
1197          * o No MD5 hash and one expected.
1198          * o MD5 hash and we're not expecting one.
1199          * o MD5 hash and its wrong.
1200          */
1201         const __u8 *hash_location = NULL;
1202         struct tcp_md5sig_key *hash_expected;
1203         const struct iphdr *iph = ip_hdr(skb);
1204         const struct tcphdr *th = tcp_hdr(skb);
1205         int genhash;
1206         unsigned char newhash[16];
1207 
1208         hash_expected = tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&iph->saddr,
1209                                           AF_INET);
1210         hash_location = tcp_parse_md5sig_option(th);
1211 
1212         /* We've parsed the options - do we have a hash? */
1213         if (!hash_expected && !hash_location)
1214                 return false;
1215 
1216         if (hash_expected && !hash_location) {
1217                 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
1218                 return true;
1219         }
1220 
1221         if (!hash_expected && hash_location) {
1222                 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
1223                 return true;
1224         }
1225 
1226         /* Okay, so this is hash_expected and hash_location -
1227          * so we need to calculate the checksum.
1228          */
1229         genhash = tcp_v4_md5_hash_skb(newhash,
1230                                       hash_expected,
1231                                       NULL, NULL, skb);
1232 
1233         if (genhash || memcmp(hash_location, newhash, 16) != 0) {
1234                 net_info_ratelimited("MD5 Hash failed for (%pI4, %d)->(%pI4, %d)%s\n",
1235                                      &iph->saddr, ntohs(th->source),
1236                                      &iph->daddr, ntohs(th->dest),
1237                                      genhash ? " tcp_v4_calc_md5_hash failed"
1238                                      : "");
1239                 return true;
1240         }
1241         return false;
1242 }
1243 
1244 #endif
1245 
1246 struct request_sock_ops tcp_request_sock_ops __read_mostly = {
1247         .family         =       PF_INET,
1248         .obj_size       =       sizeof(struct tcp_request_sock),
1249         .rtx_syn_ack    =       tcp_v4_rtx_synack,
1250         .send_ack       =       tcp_v4_reqsk_send_ack,
1251         .destructor     =       tcp_v4_reqsk_destructor,
1252         .send_reset     =       tcp_v4_send_reset,
1253         .syn_ack_timeout =      tcp_syn_ack_timeout,
1254 };
1255 
1256 #ifdef CONFIG_TCP_MD5SIG
1257 static const struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = {
1258         .md5_lookup     =       tcp_v4_reqsk_md5_lookup,
1259         .calc_md5_hash  =       tcp_v4_md5_hash_skb,
1260 };
1261 #endif
1262 
1263 static bool tcp_fastopen_check(struct sock *sk, struct sk_buff *skb,
1264                                struct request_sock *req,
1265                                struct tcp_fastopen_cookie *foc,
1266                                struct tcp_fastopen_cookie *valid_foc)
1267 {
1268         bool skip_cookie = false;
1269         struct fastopen_queue *fastopenq;
1270 
1271         if (likely(!fastopen_cookie_present(foc))) {
1272                 /* See include/net/tcp.h for the meaning of these knobs */
1273                 if ((sysctl_tcp_fastopen & TFO_SERVER_ALWAYS) ||
1274                     ((sysctl_tcp_fastopen & TFO_SERVER_COOKIE_NOT_REQD) &&
1275                     (TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq + 1)))
1276                         skip_cookie = true; /* no cookie to validate */
1277                 else
1278                         return false;
1279         }
1280         fastopenq = inet_csk(sk)->icsk_accept_queue.fastopenq;
1281         /* A FO option is present; bump the counter. */
1282         NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPFASTOPENPASSIVE);
1283 
1284         /* Make sure the listener has enabled fastopen, and we don't
1285          * exceed the max # of pending TFO requests allowed before trying
1286          * to validating the cookie in order to avoid burning CPU cycles
1287          * unnecessarily.
1288          *
1289          * XXX (TFO) - The implication of checking the max_qlen before
1290          * processing a cookie request is that clients can't differentiate
1291          * between qlen overflow causing Fast Open to be disabled
1292          * temporarily vs a server not supporting Fast Open at all.
1293          */
1294         if ((sysctl_tcp_fastopen & TFO_SERVER_ENABLE) == 0 ||
1295             fastopenq == NULL || fastopenq->max_qlen == 0)
1296                 return false;
1297 
1298         if (fastopenq->qlen >= fastopenq->max_qlen) {
1299                 struct request_sock *req1;
1300                 spin_lock(&fastopenq->lock);
1301                 req1 = fastopenq->rskq_rst_head;
1302                 if ((req1 == NULL) || time_after(req1->expires, jiffies)) {
1303                         spin_unlock(&fastopenq->lock);
1304                         NET_INC_STATS_BH(sock_net(sk),
1305                             LINUX_MIB_TCPFASTOPENLISTENOVERFLOW);
1306                         /* Avoid bumping LINUX_MIB_TCPFASTOPENPASSIVEFAIL*/
1307                         foc->len = -1;
1308                         return false;
1309                 }
1310                 fastopenq->rskq_rst_head = req1->dl_next;
1311                 fastopenq->qlen--;
1312                 spin_unlock(&fastopenq->lock);
1313                 reqsk_free(req1);
1314         }
1315         if (skip_cookie) {
1316                 tcp_rsk(req)->rcv_nxt = TCP_SKB_CB(skb)->end_seq;
1317                 return true;
1318         }
1319 
1320         if (foc->len == TCP_FASTOPEN_COOKIE_SIZE) {
1321                 if ((sysctl_tcp_fastopen & TFO_SERVER_COOKIE_NOT_CHKED) == 0) {
1322                         tcp_fastopen_cookie_gen(ip_hdr(skb)->saddr,
1323                                                 ip_hdr(skb)->daddr, valid_foc);
1324                         if ((valid_foc->len != TCP_FASTOPEN_COOKIE_SIZE) ||
1325                             memcmp(&foc->val[0], &valid_foc->val[0],
1326                             TCP_FASTOPEN_COOKIE_SIZE) != 0)
1327                                 return false;
1328                         valid_foc->len = -1;
1329                 }
1330                 /* Acknowledge the data received from the peer. */
1331                 tcp_rsk(req)->rcv_nxt = TCP_SKB_CB(skb)->end_seq;
1332                 return true;
1333         } else if (foc->len == 0) { /* Client requesting a cookie */
1334                 tcp_fastopen_cookie_gen(ip_hdr(skb)->saddr,
1335                                         ip_hdr(skb)->daddr, valid_foc);
1336                 NET_INC_STATS_BH(sock_net(sk),
1337                     LINUX_MIB_TCPFASTOPENCOOKIEREQD);
1338         } else {
1339                 /* Client sent a cookie with wrong size. Treat it
1340                  * the same as invalid and return a valid one.
1341                  */
1342                 tcp_fastopen_cookie_gen(ip_hdr(skb)->saddr,
1343                                         ip_hdr(skb)->daddr, valid_foc);
1344         }
1345         return false;
1346 }
1347 
1348 static int tcp_v4_conn_req_fastopen(struct sock *sk,
1349                                     struct sk_buff *skb,
1350                                     struct sk_buff *skb_synack,
1351                                     struct request_sock *req)
1352 {
1353         struct tcp_sock *tp = tcp_sk(sk);
1354         struct request_sock_queue *queue = &inet_csk(sk)->icsk_accept_queue;
1355         const struct inet_request_sock *ireq = inet_rsk(req);
1356         struct sock *child;
1357         int err;
1358 
1359         req->num_retrans = 0;
1360         req->num_timeout = 0;
1361         req->sk = NULL;
1362 
1363         child = inet_csk(sk)->icsk_af_ops->syn_recv_sock(sk, skb, req, NULL);
1364         if (child == NULL) {
1365                 NET_INC_STATS_BH(sock_net(sk),
1366                                  LINUX_MIB_TCPFASTOPENPASSIVEFAIL);
1367                 kfree_skb(skb_synack);
1368                 return -1;
1369         }
1370         err = ip_build_and_send_pkt(skb_synack, sk, ireq->ir_loc_addr,
1371                                     ireq->ir_rmt_addr, ireq->opt);
1372         err = net_xmit_eval(err);
1373         if (!err)
1374                 tcp_rsk(req)->snt_synack = tcp_time_stamp;
1375         /* XXX (TFO) - is it ok to ignore error and continue? */
1376 
1377         spin_lock(&queue->fastopenq->lock);
1378         queue->fastopenq->qlen++;
1379         spin_unlock(&queue->fastopenq->lock);
1380 
1381         /* Initialize the child socket. Have to fix some values to take
1382          * into account the child is a Fast Open socket and is created
1383          * only out of the bits carried in the SYN packet.
1384          */
1385         tp = tcp_sk(child);
1386 
1387         tp->fastopen_rsk = req;
1388         /* Do a hold on the listner sk so that if the listener is being
1389          * closed, the child that has been accepted can live on and still
1390          * access listen_lock.
1391          */
1392         sock_hold(sk);
1393         tcp_rsk(req)->listener = sk;
1394 
1395         /* RFC1323: The window in SYN & SYN/ACK segments is never
1396          * scaled. So correct it appropriately.
1397          */
1398         tp->snd_wnd = ntohs(tcp_hdr(skb)->window);
1399 
1400         /* Activate the retrans timer so that SYNACK can be retransmitted.
1401          * The request socket is not added to the SYN table of the parent
1402          * because it's been added to the accept queue directly.
1403          */
1404         inet_csk_reset_xmit_timer(child, ICSK_TIME_RETRANS,
1405             TCP_TIMEOUT_INIT, TCP_RTO_MAX);
1406 
1407         /* Add the child socket directly into the accept queue */
1408         inet_csk_reqsk_queue_add(sk, req, child);
1409 
1410         /* Now finish processing the fastopen child socket. */
1411         inet_csk(child)->icsk_af_ops->rebuild_header(child);
1412         tcp_init_congestion_control(child);
1413         tcp_mtup_init(child);
1414         tcp_init_metrics(child);
1415         tcp_init_buffer_space(child);
1416 
1417         /* Queue the data carried in the SYN packet. We need to first
1418          * bump skb's refcnt because the caller will attempt to free it.
1419          *
1420          * XXX (TFO) - we honor a zero-payload TFO request for now.
1421          * (Any reason not to?)
1422          */
1423         if (TCP_SKB_CB(skb)->end_seq == TCP_SKB_CB(skb)->seq + 1) {
1424                 /* Don't queue the skb if there is no payload in SYN.
1425                  * XXX (TFO) - How about SYN+FIN?
1426                  */
1427                 tp->rcv_nxt = TCP_SKB_CB(skb)->end_seq;
1428         } else {
1429                 skb = skb_get(skb);
1430                 skb_dst_drop(skb);
1431                 __skb_pull(skb, tcp_hdr(skb)->doff * 4);
1432                 skb_set_owner_r(skb, child);
1433                 __skb_queue_tail(&child->sk_receive_queue, skb);
1434                 tp->rcv_nxt = TCP_SKB_CB(skb)->end_seq;
1435                 tp->syn_data_acked = 1;
1436         }
1437         sk->sk_data_ready(sk, 0);
1438         bh_unlock_sock(child);
1439         sock_put(child);
1440         WARN_ON(req->sk == NULL);
1441         return 0;
1442 }
1443 
1444 int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1445 {
1446         struct tcp_options_received tmp_opt;
1447         struct request_sock *req;
1448         struct inet_request_sock *ireq;
1449         struct tcp_sock *tp = tcp_sk(sk);
1450         struct dst_entry *dst = NULL;
1451         __be32 saddr = ip_hdr(skb)->saddr;
1452         __be32 daddr = ip_hdr(skb)->daddr;
1453         __u32 isn = TCP_SKB_CB(skb)->when;
1454         bool want_cookie = false;
1455         struct flowi4 fl4;
1456         struct tcp_fastopen_cookie foc = { .len = -1 };
1457         struct tcp_fastopen_cookie valid_foc = { .len = -1 };
1458         struct sk_buff *skb_synack;
1459         int do_fastopen;
1460 
1461         /* Never answer to SYNs send to broadcast or multicast */
1462         if (skb_rtable(skb)->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))
1463                 goto drop;
1464 
1465         /* TW buckets are converted to open requests without
1466          * limitations, they conserve resources and peer is
1467          * evidently real one.
1468          */
1469         if ((sysctl_tcp_syncookies == 2 ||
1470              inet_csk_reqsk_queue_is_full(sk)) && !isn) {
1471                 want_cookie = tcp_syn_flood_action(sk, skb, "TCP");
1472                 if (!want_cookie)
1473                         goto drop;
1474         }
1475 
1476         /* Accept backlog is full. If we have already queued enough
1477          * of warm entries in syn queue, drop request. It is better than
1478          * clogging syn queue with openreqs with exponentially increasing
1479          * timeout.
1480          */
1481         if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) {
1482                 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1483                 goto drop;
1484         }
1485 
1486         req = inet_reqsk_alloc(&tcp_request_sock_ops);
1487         if (!req)
1488                 goto drop;
1489 
1490 #ifdef CONFIG_TCP_MD5SIG
1491         tcp_rsk(req)->af_specific = &tcp_request_sock_ipv4_ops;
1492 #endif
1493 
1494         tcp_clear_options(&tmp_opt);
1495         tmp_opt.mss_clamp = TCP_MSS_DEFAULT;
1496         tmp_opt.user_mss  = tp->rx_opt.user_mss;
1497         tcp_parse_options(skb, &tmp_opt, 0, want_cookie ? NULL : &foc);
1498 
1499         if (want_cookie && !tmp_opt.saw_tstamp)
1500                 tcp_clear_options(&tmp_opt);
1501 
1502         tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1503         tcp_openreq_init(req, &tmp_opt, skb);
1504 
1505         ireq = inet_rsk(req);
1506         ireq->ir_loc_addr = daddr;
1507         ireq->ir_rmt_addr = saddr;
1508         ireq->no_srccheck = inet_sk(sk)->transparent;
1509         ireq->opt = tcp_v4_save_options(skb);
1510 
1511         if (security_inet_conn_request(sk, skb, req))
1512                 goto drop_and_free;
1513 
1514         if (!want_cookie || tmp_opt.tstamp_ok)
1515                 TCP_ECN_create_request(req, skb, sock_net(sk));
1516 
1517         if (want_cookie) {
1518                 isn = cookie_v4_init_sequence(sk, skb, &req->mss);
1519                 req->cookie_ts = tmp_opt.tstamp_ok;
1520         } else if (!isn) {
1521                 /* VJ's idea. We save last timestamp seen
1522                  * from the destination in peer table, when entering
1523                  * state TIME-WAIT, and check against it before
1524                  * accepting new connection request.
1525                  *
1526                  * If "isn" is not zero, this request hit alive
1527                  * timewait bucket, so that all the necessary checks
1528                  * are made in the function processing timewait state.
1529                  */
1530                 if (tmp_opt.saw_tstamp &&
1531                     tcp_death_row.sysctl_tw_recycle &&
1532                     (dst = inet_csk_route_req(sk, &fl4, req)) != NULL &&
1533                     fl4.daddr == saddr) {
1534                         if (!tcp_peer_is_proven(req, dst, true)) {
1535                                 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSPASSIVEREJECTED);
1536                                 goto drop_and_release;
1537                         }
1538                 }
1539                 /* Kill the following clause, if you dislike this way. */
1540                 else if (!sysctl_tcp_syncookies &&
1541                          (sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) <
1542                           (sysctl_max_syn_backlog >> 2)) &&
1543                          !tcp_peer_is_proven(req, dst, false)) {
1544                         /* Without syncookies last quarter of
1545                          * backlog is filled with destinations,
1546                          * proven to be alive.
1547                          * It means that we continue to communicate
1548                          * to destinations, already remembered
1549                          * to the moment of synflood.
1550                          */
1551                         LIMIT_NETDEBUG(KERN_DEBUG pr_fmt("drop open request from %pI4/%u\n"),
1552                                        &saddr, ntohs(tcp_hdr(skb)->source));
1553                         goto drop_and_release;
1554                 }
1555 
1556                 isn = tcp_v4_init_sequence(skb);
1557         }
1558         tcp_rsk(req)->snt_isn = isn;
1559 
1560         if (dst == NULL) {
1561                 dst = inet_csk_route_req(sk, &fl4, req);
1562                 if (dst == NULL)
1563                         goto drop_and_free;
1564         }
1565         do_fastopen = tcp_fastopen_check(sk, skb, req, &foc, &valid_foc);
1566 
1567         /* We don't call tcp_v4_send_synack() directly because we need
1568          * to make sure a child socket can be created successfully before
1569          * sending back synack!
1570          *
1571          * XXX (TFO) - Ideally one would simply call tcp_v4_send_synack()
1572          * (or better yet, call tcp_send_synack() in the child context
1573          * directly, but will have to fix bunch of other code first)
1574          * after syn_recv_sock() except one will need to first fix the
1575          * latter to remove its dependency on the current implementation
1576          * of tcp_v4_send_synack()->tcp_select_initial_window().
1577          */
1578         skb_synack = tcp_make_synack(sk, dst, req,
1579             fastopen_cookie_present(&valid_foc) ? &valid_foc : NULL);
1580 
1581         if (skb_synack) {
1582                 __tcp_v4_send_check(skb_synack, ireq->ir_loc_addr, ireq->ir_rmt_addr);
1583                 skb_set_queue_mapping(skb_synack, skb_get_queue_mapping(skb));
1584         } else
1585                 goto drop_and_free;
1586 
1587         if (likely(!do_fastopen)) {
1588                 int err;
1589                 err = ip_build_and_send_pkt(skb_synack, sk, ireq->ir_loc_addr,
1590                      ireq->ir_rmt_addr, ireq->opt);
1591                 err = net_xmit_eval(err);
1592                 if (err || want_cookie)
1593                         goto drop_and_free;
1594 
1595                 tcp_rsk(req)->snt_synack = tcp_time_stamp;
1596                 tcp_rsk(req)->listener = NULL;
1597                 /* Add the request_sock to the SYN table */
1598                 inet_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1599                 if (fastopen_cookie_present(&foc) && foc.len != 0)
1600                         NET_INC_STATS_BH(sock_net(sk),
1601                             LINUX_MIB_TCPFASTOPENPASSIVEFAIL);
1602         } else if (tcp_v4_conn_req_fastopen(sk, skb, skb_synack, req))
1603                 goto drop_and_free;
1604 
1605         return 0;
1606 
1607 drop_and_release:
1608         dst_release(dst);
1609 drop_and_free:
1610         reqsk_free(req);
1611 drop:
1612         NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1613         return 0;
1614 }
1615 EXPORT_SYMBOL(tcp_v4_conn_request);
1616 
1617 
1618 /*
1619  * The three way handshake has completed - we got a valid synack -
1620  * now create the new socket.
1621  */
1622 struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1623                                   struct request_sock *req,
1624                                   struct dst_entry *dst)
1625 {
1626         struct inet_request_sock *ireq;
1627         struct inet_sock *newinet;
1628         struct tcp_sock *newtp;
1629         struct sock *newsk;
1630 #ifdef CONFIG_TCP_MD5SIG
1631         struct tcp_md5sig_key *key;
1632 #endif
1633         struct ip_options_rcu *inet_opt;
1634 
1635         if (sk_acceptq_is_full(sk))
1636                 goto exit_overflow;
1637 
1638         newsk = tcp_create_openreq_child(sk, req, skb);
1639         if (!newsk)
1640                 goto exit_nonewsk;
1641 
1642         newsk->sk_gso_type = SKB_GSO_TCPV4;
1643         inet_sk_rx_dst_set(newsk, skb);
1644 
1645         newtp                 = tcp_sk(newsk);
1646         newinet               = inet_sk(newsk);
1647         ireq                  = inet_rsk(req);
1648         newinet->inet_daddr   = ireq->ir_rmt_addr;
1649         newinet->inet_rcv_saddr = ireq->ir_loc_addr;
1650         newinet->inet_saddr           = ireq->ir_loc_addr;
1651         inet_opt              = ireq->opt;
1652         rcu_assign_pointer(newinet->inet_opt, inet_opt);
1653         ireq->opt             = NULL;
1654         newinet->mc_index     = inet_iif(skb);
1655         newinet->mc_ttl       = ip_hdr(skb)->ttl;
1656         newinet->rcv_tos      = ip_hdr(skb)->tos;
1657         inet_csk(newsk)->icsk_ext_hdr_len = 0;
1658         if (inet_opt)
1659                 inet_csk(newsk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
1660         newinet->inet_id = newtp->write_seq ^ jiffies;
1661 
1662         if (!dst) {
1663                 dst = inet_csk_route_child_sock(sk, newsk, req);
1664                 if (!dst)
1665                         goto put_and_exit;
1666         } else {
1667                 /* syncookie case : see end of cookie_v4_check() */
1668         }
1669         sk_setup_caps(newsk, dst);
1670 
1671         tcp_sync_mss(newsk, dst_mtu(dst));
1672         newtp->advmss = dst_metric_advmss(dst);
1673         if (tcp_sk(sk)->rx_opt.user_mss &&
1674             tcp_sk(sk)->rx_opt.user_mss < newtp->advmss)
1675                 newtp->advmss = tcp_sk(sk)->rx_opt.user_mss;
1676 
1677         tcp_initialize_rcv_mss(newsk);
1678 
1679 #ifdef CONFIG_TCP_MD5SIG
1680         /* Copy over the MD5 key from the original socket */
1681         key = tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&newinet->inet_daddr,
1682                                 AF_INET);
1683         if (key != NULL) {
1684                 /*
1685                  * We're using one, so create a matching key
1686                  * on the newsk structure. If we fail to get
1687                  * memory, then we end up not copying the key
1688                  * across. Shucks.
1689                  */
1690                 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newinet->inet_daddr,
1691                                AF_INET, key->key, key->keylen, GFP_ATOMIC);
1692                 sk_nocaps_add(newsk, NETIF_F_GSO_MASK);
1693         }
1694 #endif
1695 
1696         if (__inet_inherit_port(sk, newsk) < 0)
1697                 goto put_and_exit;
1698         __inet_hash_nolisten(newsk, NULL);
1699 
1700         return newsk;
1701 
1702 exit_overflow:
1703         NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1704 exit_nonewsk:
1705         dst_release(dst);
1706 exit:
1707         NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1708         return NULL;
1709 put_and_exit:
1710         inet_csk_prepare_forced_close(newsk);
1711         tcp_done(newsk);
1712         goto exit;
1713 }
1714 EXPORT_SYMBOL(tcp_v4_syn_recv_sock);
1715 
1716 static struct sock *tcp_v4_hnd_req(struct sock *sk, struct sk_buff *skb)
1717 {
1718         struct tcphdr *th = tcp_hdr(skb);
1719         const struct iphdr *iph = ip_hdr(skb);
1720         struct sock *nsk;
1721         struct request_sock **prev;
1722         /* Find possible connection requests. */
1723         struct request_sock *req = inet_csk_search_req(sk, &prev, th->source,
1724                                                        iph->saddr, iph->daddr);
1725         if (req)
1726                 return tcp_check_req(sk, skb, req, prev, false);
1727 
1728         nsk = inet_lookup_established(sock_net(sk), &tcp_hashinfo, iph->saddr,
1729                         th->source, iph->daddr, th->dest, inet_iif(skb));
1730 
1731         if (nsk) {
1732                 if (nsk->sk_state != TCP_TIME_WAIT) {
1733                         bh_lock_sock(nsk);
1734                         return nsk;
1735                 }
1736                 inet_twsk_put(inet_twsk(nsk));
1737                 return NULL;
1738         }
1739 
1740 #ifdef CONFIG_SYN_COOKIES
1741         if (!th->syn)
1742                 sk = cookie_v4_check(sk, skb, &(IPCB(skb)->opt));
1743 #endif
1744         return sk;
1745 }
1746 
1747 static __sum16 tcp_v4_checksum_init(struct sk_buff *skb)
1748 {
1749         const struct iphdr *iph = ip_hdr(skb);
1750 
1751         if (skb->ip_summed == CHECKSUM_COMPLETE) {
1752                 if (!tcp_v4_check(skb->len, iph->saddr,
1753                                   iph->daddr, skb->csum)) {
1754                         skb->ip_summed = CHECKSUM_UNNECESSARY;
1755                         return 0;
1756                 }
1757         }
1758 
1759         skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr,
1760                                        skb->len, IPPROTO_TCP, 0);
1761 
1762         if (skb->len <= 76) {
1763                 return __skb_checksum_complete(skb);
1764         }
1765         return 0;
1766 }
1767 
1768 
1769 /* The socket must have it's spinlock held when we get
1770  * here.
1771  *
1772  * We have a potential double-lock case here, so even when
1773  * doing backlog processing we use the BH locking scheme.
1774  * This is because we cannot sleep with the original spinlock
1775  * held.
1776  */
1777 int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
1778 {
1779         struct sock *rsk;
1780 #ifdef CONFIG_TCP_MD5SIG
1781         /*
1782          * We really want to reject the packet as early as possible
1783          * if:
1784          *  o We're expecting an MD5'd packet and this is no MD5 tcp option
1785          *  o There is an MD5 option and we're not expecting one
1786          */
1787         if (tcp_v4_inbound_md5_hash(sk, skb))
1788                 goto discard;
1789 #endif
1790 
1791         if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1792                 struct dst_entry *dst = sk->sk_rx_dst;
1793 
1794                 sock_rps_save_rxhash(sk, skb);
1795                 if (dst) {
1796                         if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
1797                             dst->ops->check(dst, 0) == NULL) {
1798                                 dst_release(dst);
1799                                 sk->sk_rx_dst = NULL;
1800                         }
1801                 }
1802                 tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len);
1803                 return 0;
1804         }
1805 
1806         if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1807                 goto csum_err;
1808 
1809         if (sk->sk_state == TCP_LISTEN) {
1810                 struct sock *nsk = tcp_v4_hnd_req(sk, skb);
1811                 if (!nsk)
1812                         goto discard;
1813 
1814                 if (nsk != sk) {
1815                         sock_rps_save_rxhash(nsk, skb);
1816                         if (tcp_child_process(sk, nsk, skb)) {
1817                                 rsk = nsk;
1818                                 goto reset;
1819                         }
1820                         return 0;
1821                 }
1822         } else
1823                 sock_rps_save_rxhash(sk, skb);
1824 
1825         if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) {
1826                 rsk = sk;
1827                 goto reset;
1828         }
1829         return 0;
1830 
1831 reset:
1832         tcp_v4_send_reset(rsk, skb);
1833 discard:
1834         kfree_skb(skb);
1835         /* Be careful here. If this function gets more complicated and
1836          * gcc suffers from register pressure on the x86, sk (in %ebx)
1837          * might be destroyed here. This current version compiles correctly,
1838          * but you have been warned.
1839          */
1840         return 0;
1841 
1842 csum_err:
1843         TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_CSUMERRORS);
1844         TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1845         goto discard;
1846 }
1847 EXPORT_SYMBOL(tcp_v4_do_rcv);
1848 
1849 void tcp_v4_early_demux(struct sk_buff *skb)
1850 {
1851         const struct iphdr *iph;
1852         const struct tcphdr *th;
1853         struct sock *sk;
1854 
1855         if (skb->pkt_type != PACKET_HOST)
1856                 return;
1857 
1858         if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1859                 return;
1860 
1861         iph = ip_hdr(skb);
1862         th = tcp_hdr(skb);
1863 
1864         if (th->doff < sizeof(struct tcphdr) / 4)
1865                 return;
1866 
1867         sk = __inet_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1868                                        iph->saddr, th->source,
1869                                        iph->daddr, ntohs(th->dest),
1870                                        skb->skb_iif);
1871         if (sk) {
1872                 skb->sk = sk;
1873                 skb->destructor = sock_edemux;
1874                 if (sk->sk_state != TCP_TIME_WAIT) {
1875                         struct dst_entry *dst = sk->sk_rx_dst;
1876 
1877                         if (dst)
1878                                 dst = dst_check(dst, 0);
1879                         if (dst &&
1880                             inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
1881                                 skb_dst_set_noref(skb, dst);
1882                 }
1883         }
1884 }
1885 
1886 /* Packet is added to VJ-style prequeue for processing in process
1887  * context, if a reader task is waiting. Apparently, this exciting
1888  * idea (VJ's mail "Re: query about TCP header on tcp-ip" of 07 Sep 93)
1889  * failed somewhere. Latency? Burstiness? Well, at least now we will
1890  * see, why it failed. 8)8)                               --ANK
1891  *
1892  */
1893 bool tcp_prequeue(struct sock *sk, struct sk_buff *skb)
1894 {
1895         struct tcp_sock *tp = tcp_sk(sk);
1896 
1897         if (sysctl_tcp_low_latency || !tp->ucopy.task)
1898                 return false;
1899 
1900         if (skb->len <= tcp_hdrlen(skb) &&
1901             skb_queue_len(&tp->ucopy.prequeue) == 0)
1902                 return false;
1903 
1904         skb_dst_force(skb);
1905         __skb_queue_tail(&tp->ucopy.prequeue, skb);
1906         tp->ucopy.memory += skb->truesize;
1907         if (tp->ucopy.memory > sk->sk_rcvbuf) {
1908                 struct sk_buff *skb1;
1909 
1910                 BUG_ON(sock_owned_by_user(sk));
1911 
1912                 while ((skb1 = __skb_dequeue(&tp->ucopy.prequeue)) != NULL) {
1913                         sk_backlog_rcv(sk, skb1);
1914                         NET_INC_STATS_BH(sock_net(sk),
1915                                          LINUX_MIB_TCPPREQUEUEDROPPED);
1916                 }
1917 
1918                 tp->ucopy.memory = 0;
1919         } else if (skb_queue_len(&tp->ucopy.prequeue) == 1) {
1920                 wake_up_interruptible_sync_poll(sk_sleep(sk),
1921                                            POLLIN | POLLRDNORM | POLLRDBAND);
1922                 if (!inet_csk_ack_scheduled(sk))
1923                         inet_csk_reset_xmit_timer(sk, ICSK_TIME_DACK,
1924                                                   (3 * tcp_rto_min(sk)) / 4,
1925                                                   TCP_RTO_MAX);
1926         }
1927         return true;
1928 }
1929 EXPORT_SYMBOL(tcp_prequeue);
1930 
1931 /*
1932  *      From tcp_input.c
1933  */
1934 
1935 int tcp_v4_rcv(struct sk_buff *skb)
1936 {
1937         const struct iphdr *iph;
1938         const struct tcphdr *th;
1939         struct sock *sk;
1940         int ret;
1941         struct net *net = dev_net(skb->dev);
1942 
1943         if (skb->pkt_type != PACKET_HOST)
1944                 goto discard_it;
1945 
1946         /* Count it even if it's bad */
1947         TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1948 
1949         if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1950                 goto discard_it;
1951 
1952         th = tcp_hdr(skb);
1953 
1954         if (th->doff < sizeof(struct tcphdr) / 4)
1955                 goto bad_packet;
1956         if (!pskb_may_pull(skb, th->doff * 4))
1957                 goto discard_it;
1958 
1959         /* An explanation is required here, I think.
1960          * Packet length and doff are validated by header prediction,
1961          * provided case of th->doff==0 is eliminated.
1962          * So, we defer the checks. */
1963         if (!skb_csum_unnecessary(skb) && tcp_v4_checksum_init(skb))
1964                 goto csum_error;
1965 
1966         th = tcp_hdr(skb);
1967         iph = ip_hdr(skb);
1968         TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1969         TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1970                                     skb->len - th->doff * 4);
1971         TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1972         TCP_SKB_CB(skb)->when    = 0;
1973         TCP_SKB_CB(skb)->ip_dsfield = ipv4_get_dsfield(iph);
1974         TCP_SKB_CB(skb)->sacked  = 0;
1975 
1976         sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
1977         if (!sk)
1978                 goto no_tcp_socket;
1979 
1980 process:
1981         if (sk->sk_state == TCP_TIME_WAIT)
1982                 goto do_time_wait;
1983 
1984         if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
1985                 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
1986                 goto discard_and_relse;
1987         }
1988 
1989         if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
1990                 goto discard_and_relse;
1991         nf_reset(skb);
1992 
1993         if (sk_filter(sk, skb))
1994                 goto discard_and_relse;
1995 
1996         sk_mark_napi_id(sk, skb);
1997         skb->dev = NULL;
1998 
1999         bh_lock_sock_nested(sk);
2000         ret = 0;
2001         if (!sock_owned_by_user(sk)) {
2002 #ifdef CONFIG_NET_DMA
2003                 struct tcp_sock *tp = tcp_sk(sk);
2004                 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
2005                         tp->ucopy.dma_chan = net_dma_find_channel();
2006                 if (tp->ucopy.dma_chan)
2007                         ret = tcp_v4_do_rcv(sk, skb);
2008                 else
2009 #endif
2010                 {
2011                         if (!tcp_prequeue(sk, skb))
2012                                 ret = tcp_v4_do_rcv(sk, skb);
2013                 }
2014         } else if (unlikely(sk_add_backlog(sk, skb,
2015                                            sk->sk_rcvbuf + sk->sk_sndbuf))) {
2016                 bh_unlock_sock(sk);
2017                 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP);
2018                 goto discard_and_relse;
2019         }
2020         bh_unlock_sock(sk);
2021 
2022         sock_put(sk);
2023 
2024         return ret;
2025 
2026 no_tcp_socket:
2027         if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
2028                 goto discard_it;
2029 
2030         if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) {
2031 csum_error:
2032                 TCP_INC_STATS_BH(net, TCP_MIB_CSUMERRORS);
2033 bad_packet:
2034                 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
2035         } else {
2036                 tcp_v4_send_reset(NULL, skb);
2037         }
2038 
2039 discard_it:
2040         /* Discard frame. */
2041         kfree_skb(skb);
2042         return 0;
2043 
2044 discard_and_relse:
2045         sock_put(sk);
2046         goto discard_it;
2047 
2048 do_time_wait:
2049         if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
2050                 inet_twsk_put(inet_twsk(sk));
2051                 goto discard_it;
2052         }
2053 
2054         if (skb->len < (th->doff << 2)) {
2055                 inet_twsk_put(inet_twsk(sk));
2056                 goto bad_packet;
2057         }
2058         if (tcp_checksum_complete(skb)) {
2059                 inet_twsk_put(inet_twsk(sk));
2060                 goto csum_error;
2061         }
2062         switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
2063         case TCP_TW_SYN: {
2064                 struct sock *sk2 = inet_lookup_listener(dev_net(skb->dev),
2065                                                         &tcp_hashinfo,
2066                                                         iph->saddr, th->source,
2067                                                         iph->daddr, th->dest,
2068                                                         inet_iif(skb));
2069                 if (sk2) {
2070                         inet_twsk_deschedule(inet_twsk(sk), &tcp_death_row);
2071                         inet_twsk_put(inet_twsk(sk));
2072                         sk = sk2;
2073                         goto process;
2074                 }
2075                 /* Fall through to ACK */
2076         }
2077         case TCP_TW_ACK:
2078                 tcp_v4_timewait_ack(sk, skb);
2079                 break;
2080         case TCP_TW_RST:
2081                 goto no_tcp_socket;
2082         case TCP_TW_SUCCESS:;
2083         }
2084         goto discard_it;
2085 }
2086 
2087 static struct timewait_sock_ops tcp_timewait_sock_ops = {
2088         .twsk_obj_size  = sizeof(struct tcp_timewait_sock),
2089         .twsk_unique    = tcp_twsk_unique,
2090         .twsk_destructor= tcp_twsk_destructor,
2091 };
2092 
2093 void inet_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
2094 {
2095         struct dst_entry *dst = skb_dst(skb);
2096 
2097         dst_hold(dst);
2098         sk->sk_rx_dst = dst;
2099         inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
2100 }
2101 EXPORT_SYMBOL(inet_sk_rx_dst_set);
2102 
2103 const struct inet_connection_sock_af_ops ipv4_specific = {
2104         .queue_xmit        = ip_queue_xmit,
2105         .send_check        = tcp_v4_send_check,
2106         .rebuild_header    = inet_sk_rebuild_header,
2107         .sk_rx_dst_set     = inet_sk_rx_dst_set,
2108         .conn_request      = tcp_v4_conn_request,
2109         .syn_recv_sock     = tcp_v4_syn_recv_sock,
2110         .net_header_len    = sizeof(struct iphdr),
2111         .setsockopt        = ip_setsockopt,
2112         .getsockopt        = ip_getsockopt,
2113         .addr2sockaddr     = inet_csk_addr2sockaddr,
2114         .sockaddr_len      = sizeof(struct sockaddr_in),
2115         .bind_conflict     = inet_csk_bind_conflict,
2116 #ifdef CONFIG_COMPAT
2117         .compat_setsockopt = compat_ip_setsockopt,
2118         .compat_getsockopt = compat_ip_getsockopt,
2119 #endif
2120 };
2121 EXPORT_SYMBOL(ipv4_specific);
2122 
2123 #ifdef CONFIG_TCP_MD5SIG
2124 static const struct tcp_sock_af_ops tcp_sock_ipv4_specific = {
2125         .md5_lookup             = tcp_v4_md5_lookup,
2126         .calc_md5_hash          = tcp_v4_md5_hash_skb,
2127         .md5_parse              = tcp_v4_parse_md5_keys,
2128 };
2129 #endif
2130 
2131 /* NOTE: A lot of things set to zero explicitly by call to
2132  *       sk_alloc() so need not be done here.
2133  */
2134 static int tcp_v4_init_sock(struct sock *sk)
2135 {
2136         struct inet_connection_sock *icsk = inet_csk(sk);
2137 
2138         tcp_init_sock(sk);
2139 
2140         icsk->icsk_af_ops = &ipv4_specific;
2141 
2142 #ifdef CONFIG_TCP_MD5SIG
2143         tcp_sk(sk)->af_specific = &tcp_sock_ipv4_specific;
2144 #endif
2145 
2146         return 0;
2147 }
2148 
2149 void tcp_v4_destroy_sock(struct sock *sk)
2150 {
2151         struct tcp_sock *tp = tcp_sk(sk);
2152 
2153         tcp_clear_xmit_timers(sk);
2154 
2155         tcp_cleanup_congestion_control(sk);
2156 
2157         /* Cleanup up the write buffer. */
2158         tcp_write_queue_purge(sk);
2159 
2160         /* Cleans up our, hopefully empty, out_of_order_queue. */
2161         __skb_queue_purge(&tp->out_of_order_queue);
2162 
2163 #ifdef CONFIG_TCP_MD5SIG
2164         /* Clean up the MD5 key list, if any */
2165         if (tp->md5sig_info) {
2166                 tcp_clear_md5_list(sk);
2167                 kfree_rcu(tp->md5sig_info, rcu);
2168                 tp->md5sig_info = NULL;
2169         }
2170 #endif
2171 
2172 #ifdef CONFIG_NET_DMA
2173         /* Cleans up our sk_async_wait_queue */
2174         __skb_queue_purge(&sk->sk_async_wait_queue);
2175 #endif
2176 
2177         /* Clean prequeue, it must be empty really */
2178         __skb_queue_purge(&tp->ucopy.prequeue);
2179 
2180         /* Clean up a referenced TCP bind bucket. */
2181         if (inet_csk(sk)->icsk_bind_hash)
2182                 inet_put_port(sk);
2183 
2184         BUG_ON(tp->fastopen_rsk != NULL);
2185 
2186         /* If socket is aborted during connect operation */
2187         tcp_free_fastopen_req(tp);
2188 
2189         sk_sockets_allocated_dec(sk);
2190         sock_release_memcg(sk);
2191 }
2192 EXPORT_SYMBOL(tcp_v4_destroy_sock);
2193 
2194 #ifdef CONFIG_PROC_FS
2195 /* Proc filesystem TCP sock list dumping. */
2196 
2197 /*
2198  * Get next listener socket follow cur.  If cur is NULL, get first socket
2199  * starting from bucket given in st->bucket; when st->bucket is zero the
2200  * very first socket in the hash table is returned.
2201  */
2202 static void *listening_get_next(struct seq_file *seq, void *cur)
2203 {
2204         struct inet_connection_sock *icsk;
2205         struct hlist_nulls_node *node;
2206         struct sock *sk = cur;
2207         struct inet_listen_hashbucket *ilb;
2208         struct tcp_iter_state *st = seq->private;
2209         struct net *net = seq_file_net(seq);
2210 
2211         if (!sk) {
2212                 ilb = &tcp_hashinfo.listening_hash[st->bucket];
2213                 spin_lock_bh(&ilb->lock);
2214                 sk = sk_nulls_head(&ilb->head);
2215                 st->offset = 0;
2216                 goto get_sk;
2217         }
2218         ilb = &tcp_hashinfo.listening_hash[st->bucket];
2219         ++st->num;
2220         ++st->offset;
2221 
2222         if (st->state == TCP_SEQ_STATE_OPENREQ) {
2223                 struct request_sock *req = cur;
2224 
2225                 icsk = inet_csk(st->syn_wait_sk);
2226                 req = req->dl_next;
2227                 while (1) {
2228                         while (req) {
2229                                 if (req->rsk_ops->family == st->family) {
2230                                         cur = req;
2231                                         goto out;
2232                                 }
2233                                 req = req->dl_next;
2234                         }
2235                         if (++st->sbucket >= icsk->icsk_accept_queue.listen_opt->nr_table_entries)
2236                                 break;
2237 get_req:
2238                         req = icsk->icsk_accept_queue.listen_opt->syn_table[st->sbucket];
2239                 }
2240                 sk        = sk_nulls_next(st->syn_wait_sk);
2241                 st->state = TCP_SEQ_STATE_LISTENING;
2242                 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2243         } else {
2244                 icsk = inet_csk(sk);
2245                 read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2246                 if (reqsk_queue_len(&icsk->icsk_accept_queue))
2247                         goto start_req;
2248                 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2249                 sk = sk_nulls_next(sk);
2250         }
2251 get_sk:
2252         sk_nulls_for_each_from(sk, node) {
2253                 if (!net_eq(sock_net(sk), net))
2254                         continue;
2255                 if (sk->sk_family == st->family) {
2256                         cur = sk;
2257                         goto out;
2258                 }
2259                 icsk = inet_csk(sk);
2260                 read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2261                 if (reqsk_queue_len(&icsk->icsk_accept_queue)) {
2262 start_req:
2263                         st->uid         = sock_i_uid(sk);
2264                         st->syn_wait_sk = sk;
2265                         st->state       = TCP_SEQ_STATE_OPENREQ;
2266                         st->sbucket     = 0;
2267                         goto get_req;
2268                 }
2269                 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2270         }
2271         spin_unlock_bh(&ilb->lock);
2272         st->offset = 0;
2273         if (++st->bucket < INET_LHTABLE_SIZE) {
2274                 ilb = &tcp_hashinfo.listening_hash[st->bucket];
2275                 spin_lock_bh(&ilb->lock);
2276                 sk = sk_nulls_head(&ilb->head);
2277                 goto get_sk;
2278         }
2279         cur = NULL;
2280 out:
2281         return cur;
2282 }
2283 
2284 static void *listening_get_idx(struct seq_file *seq, loff_t *pos)
2285 {
2286         struct tcp_iter_state *st = seq->private;
2287         void *rc;
2288 
2289         st->bucket = 0;
2290         st->offset = 0;
2291         rc = listening_get_next(seq, NULL);
2292 
2293         while (rc && *pos) {
2294                 rc = listening_get_next(seq, rc);
2295                 --*pos;
2296         }
2297         return rc;
2298 }
2299 
2300 static inline bool empty_bucket(const struct tcp_iter_state *st)
2301 {
2302         return hlist_nulls_empty(&tcp_hashinfo.ehash[st->bucket].chain);
2303 }
2304 
2305 /*
2306  * Get first established socket starting from bucket given in st->bucket.
2307  * If st->bucket is zero, the very first socket in the hash is returned.
2308  */
2309 static void *established_get_first(struct seq_file *seq)
2310 {
2311         struct tcp_iter_state *st = seq->private;
2312         struct net *net = seq_file_net(seq);
2313         void *rc = NULL;
2314 
2315         st->offset = 0;
2316         for (; st->bucket <= tcp_hashinfo.ehash_mask; ++st->bucket) {
2317                 struct sock *sk;
2318                 struct hlist_nulls_node *node;
2319                 spinlock_t *lock = inet_ehash_lockp(&tcp_hashinfo, st->bucket);
2320 
2321                 /* Lockless fast path for the common case of empty buckets */
2322                 if (empty_bucket(st))
2323                         continue;
2324 
2325                 spin_lock_bh(lock);
2326                 sk_nulls_for_each(sk, node, &tcp_hashinfo.ehash[st->bucket].chain) {
2327                         if (sk->sk_family != st->family ||
2328                             !net_eq(sock_net(sk), net)) {
2329                                 continue;
2330                         }
2331                         rc = sk;
2332                         goto out;
2333                 }
2334                 spin_unlock_bh(lock);
2335         }
2336 out:
2337         return rc;
2338 }
2339 
2340 static void *established_get_next(struct seq_file *seq, void *cur)
2341 {
2342         struct sock *sk = cur;
2343         struct hlist_nulls_node *node;
2344         struct tcp_iter_state *st = seq->private;
2345         struct net *net = seq_file_net(seq);
2346 
2347         ++st->num;
2348         ++st->offset;
2349 
2350         sk = sk_nulls_next(sk);
2351 
2352         sk_nulls_for_each_from(sk, node) {
2353                 if (sk->sk_family == st->family && net_eq(sock_net(sk), net))
2354                         return sk;
2355         }
2356 
2357         spin_unlock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2358         ++st->bucket;
2359         return established_get_first(seq);
2360 }
2361 
2362 static void *established_get_idx(struct seq_file *seq, loff_t pos)
2363 {
2364         struct tcp_iter_state *st = seq->private;
2365         void *rc;
2366 
2367         st->bucket = 0;
2368         rc = established_get_first(seq);
2369 
2370         while (rc && pos) {
2371                 rc = established_get_next(seq, rc);
2372                 --pos;
2373         }
2374         return rc;
2375 }
2376 
2377 static void *tcp_get_idx(struct seq_file *seq, loff_t pos)
2378 {
2379         void *rc;
2380         struct tcp_iter_state *st = seq->private;
2381 
2382         st->state = TCP_SEQ_STATE_LISTENING;
2383         rc        = listening_get_idx(seq, &pos);
2384 
2385         if (!rc) {
2386                 st->state = TCP_SEQ_STATE_ESTABLISHED;
2387                 rc        = established_get_idx(seq, pos);
2388         }
2389 
2390         return rc;
2391 }
2392 
2393 static void *tcp_seek_last_pos(struct seq_file *seq)
2394 {
2395         struct tcp_iter_state *st = seq->private;
2396         int offset = st->offset;
2397         int orig_num = st->num;
2398         void *rc = NULL;
2399 
2400         switch (st->state) {
2401         case TCP_SEQ_STATE_OPENREQ:
2402         case TCP_SEQ_STATE_LISTENING:
2403                 if (st->bucket >= INET_LHTABLE_SIZE)
2404                         break;
2405                 st->state = TCP_SEQ_STATE_LISTENING;
2406                 rc = listening_get_next(seq, NULL);
2407                 while (offset-- && rc)
2408                         rc = listening_get_next(seq, rc);
2409                 if (rc)
2410                         break;
2411                 st->bucket = 0;
2412                 st->state = TCP_SEQ_STATE_ESTABLISHED;
2413                 /* Fallthrough */
2414         case TCP_SEQ_STATE_ESTABLISHED:
2415                 if (st->bucket > tcp_hashinfo.ehash_mask)
2416                         break;
2417                 rc = established_get_first(seq);
2418                 while (offset-- && rc)
2419                         rc = established_get_next(seq, rc);
2420         }
2421 
2422         st->num = orig_num;
2423 
2424         return rc;
2425 }
2426 
2427 static void *tcp_seq_start(struct seq_file *seq, loff_t *pos)
2428 {
2429         struct tcp_iter_state *st = seq->private;
2430         void *rc;
2431 
2432         if (*pos && *pos == st->last_pos) {
2433                 rc = tcp_seek_last_pos(seq);
2434                 if (rc)
2435                         goto out;
2436         }
2437 
2438         st->state = TCP_SEQ_STATE_LISTENING;
2439         st->num = 0;
2440         st->bucket = 0;
2441         st->offset = 0;
2442         rc = *pos ? tcp_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2443 
2444 out:
2445         st->last_pos = *pos;
2446         return rc;
2447 }
2448 
2449 static void *tcp_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2450 {
2451         struct tcp_iter_state *st = seq->private;
2452         void *rc = NULL;
2453 
2454         if (v == SEQ_START_TOKEN) {
2455                 rc = tcp_get_idx(seq, 0);
2456                 goto out;
2457         }
2458 
2459         switch (st->state) {
2460         case TCP_SEQ_STATE_OPENREQ:
2461         case TCP_SEQ_STATE_LISTENING:
2462                 rc = listening_get_next(seq, v);
2463                 if (!rc) {
2464                         st->state = TCP_SEQ_STATE_ESTABLISHED;
2465                         st->bucket = 0;
2466                         st->offset = 0;
2467                         rc        = established_get_first(seq);
2468                 }
2469                 break;
2470         case TCP_SEQ_STATE_ESTABLISHED:
2471                 rc = established_get_next(seq, v);
2472                 break;
2473         }
2474 out:
2475         ++*pos;
2476         st->last_pos = *pos;
2477         return rc;
2478 }
2479 
2480 static void tcp_seq_stop(struct seq_file *seq, void *v)
2481 {
2482         struct tcp_iter_state *st = seq->private;
2483 
2484         switch (st->state) {
2485         case TCP_SEQ_STATE_OPENREQ:
2486                 if (v) {
2487                         struct inet_connection_sock *icsk = inet_csk(st->syn_wait_sk);
2488                         read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2489                 }
2490         case TCP_SEQ_STATE_LISTENING:
2491                 if (v != SEQ_START_TOKEN)
2492                         spin_unlock_bh(&tcp_hashinfo.listening_hash[st->bucket].lock);
2493                 break;
2494         case TCP_SEQ_STATE_ESTABLISHED:
2495                 if (v)
2496                         spin_unlock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2497                 break;
2498         }
2499 }
2500 
2501 int tcp_seq_open(struct inode *inode, struct file *file)
2502 {
2503         struct tcp_seq_afinfo *afinfo = PDE_DATA(inode);
2504         struct tcp_iter_state *s;
2505         int err;
2506 
2507         err = seq_open_net(inode, file, &afinfo->seq_ops,
2508                           sizeof(struct tcp_iter_state));
2509         if (err < 0)
2510                 return err;
2511 
2512         s = ((struct seq_file *)file->private_data)->private;
2513         s->family               = afinfo->family;
2514         s->last_pos             = 0;
2515         return 0;
2516 }
2517 EXPORT_SYMBOL(tcp_seq_open);
2518 
2519 int tcp_proc_register(struct net *net, struct tcp_seq_afinfo *afinfo)
2520 {
2521         int rc = 0;
2522         struct proc_dir_entry *p;
2523 
2524         afinfo->seq_ops.start           = tcp_seq_start;
2525         afinfo->seq_ops.next            = tcp_seq_next;
2526         afinfo->seq_ops.stop            = tcp_seq_stop;
2527 
2528         p = proc_create_data(afinfo->name, S_IRUGO, net->proc_net,
2529                              afinfo->seq_fops, afinfo);
2530         if (!p)
2531                 rc = -ENOMEM;
2532         return rc;
2533 }
2534 EXPORT_SYMBOL(tcp_proc_register);
2535 
2536 void tcp_proc_unregister(struct net *net, struct tcp_seq_afinfo *afinfo)
2537 {
2538         remove_proc_entry(afinfo->name, net->proc_net);
2539 }
2540 EXPORT_SYMBOL(tcp_proc_unregister);
2541 
2542 static void get_openreq4(const struct sock *sk, const struct request_sock *req,
2543                          struct seq_file *f, int i, kuid_t uid)
2544 {
2545         const struct inet_request_sock *ireq = inet_rsk(req);
2546         long delta = req->expires - jiffies;
2547 
2548         seq_printf(f, "%4d: %08X:%04X %08X:%04X"
2549                 " %02X %08X:%08X %02X:%08lX %08X %5u %8d %u %d %pK",
2550                 i,
2551                 ireq->ir_loc_addr,
2552                 ntohs(inet_sk(sk)->inet_sport),
2553                 ireq->ir_rmt_addr,
2554                 ntohs(ireq->ir_rmt_port),
2555                 TCP_SYN_RECV,
2556                 0, 0, /* could print option size, but that is af dependent. */
2557                 1,    /* timers active (only the expire timer) */
2558                 jiffies_delta_to_clock_t(delta),
2559                 req->num_timeout,
2560                 from_kuid_munged(seq_user_ns(f), uid),
2561                 0,  /* non standard timer */
2562                 0, /* open_requests have no inode */
2563                 atomic_read(&sk->sk_refcnt),
2564                 req);
2565 }
2566 
2567 static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i)
2568 {
2569         int timer_active;
2570         unsigned long timer_expires;
2571         const struct tcp_sock *tp = tcp_sk(sk);
2572         const struct inet_connection_sock *icsk = inet_csk(sk);
2573         const struct inet_sock *inet = inet_sk(sk);
2574         struct fastopen_queue *fastopenq = icsk->icsk_accept_queue.fastopenq;
2575         __be32 dest = inet->inet_daddr;
2576         __be32 src = inet->inet_rcv_saddr;
2577         __u16 destp = ntohs(inet->inet_dport);
2578         __u16 srcp = ntohs(inet->inet_sport);
2579         int rx_queue;
2580 
2581         if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
2582             icsk->icsk_pending == ICSK_TIME_EARLY_RETRANS ||
2583             icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
2584                 timer_active    = 1;
2585                 timer_expires   = icsk->icsk_timeout;
2586         } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2587                 timer_active    = 4;
2588                 timer_expires   = icsk->icsk_timeout;
2589         } else if (timer_pending(&sk->sk_timer)) {
2590                 timer_active    = 2;
2591                 timer_expires   = sk->sk_timer.expires;
2592         } else {
2593                 timer_active    = 0;
2594                 timer_expires = jiffies;
2595         }
2596 
2597         if (sk->sk_state == TCP_LISTEN)
2598                 rx_queue = sk->sk_ack_backlog;
2599         else
2600                 /*
2601                  * because we dont lock socket, we might find a transient negative value
2602                  */
2603                 rx_queue = max_t(int, tp->rcv_nxt - tp->copied_seq, 0);
2604 
2605         seq_printf(f, "%4d: %08X:%04X %08X:%04X %02X %08X:%08X %02X:%08lX "
2606                         "%08X %5u %8d %lu %d %pK %lu %lu %u %u %d",
2607                 i, src, srcp, dest, destp, sk->sk_state,
2608                 tp->write_seq - tp->snd_una,
2609                 rx_queue,
2610                 timer_active,
2611                 jiffies_delta_to_clock_t(timer_expires - jiffies),
2612                 icsk->icsk_retransmits,
2613                 from_kuid_munged(seq_user_ns(f), sock_i_uid(sk)),
2614                 icsk->icsk_probes_out,
2615                 sock_i_ino(sk),
2616                 atomic_read(&sk->sk_refcnt), sk,
2617                 jiffies_to_clock_t(icsk->icsk_rto),
2618                 jiffies_to_clock_t(icsk->icsk_ack.ato),
2619                 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
2620                 tp->snd_cwnd,
2621                 sk->sk_state == TCP_LISTEN ?
2622                     (fastopenq ? fastopenq->max_qlen : 0) :
2623                     (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh));
2624 }
2625 
2626 static void get_timewait4_sock(const struct inet_timewait_sock *tw,
2627                                struct seq_file *f, int i)
2628 {
2629         __be32 dest, src;
2630         __u16 destp, srcp;
2631         s32 delta = tw->tw_ttd - inet_tw_time_stamp();
2632 
2633         dest  = tw->tw_daddr;
2634         src   = tw->tw_rcv_saddr;
2635         destp = ntohs(tw->tw_dport);
2636         srcp  = ntohs(tw->tw_sport);
2637 
2638         seq_printf(f, "%4d: %08X:%04X %08X:%04X"
2639                 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK",
2640                 i, src, srcp, dest, destp, tw->tw_substate, 0, 0,
2641                 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
2642                 atomic_read(&tw->tw_refcnt), tw);
2643 }
2644 
2645 #define TMPSZ 150
2646 
2647 static int tcp4_seq_show(struct seq_file *seq, void *v)
2648 {
2649         struct tcp_iter_state *st;
2650         struct sock *sk = v;
2651 
2652         seq_setwidth(seq, TMPSZ - 1);
2653         if (v == SEQ_START_TOKEN) {
2654                 seq_puts(seq, "  sl  local_address rem_address   st tx_queue "
2655                            "rx_queue tr tm->when retrnsmt   uid  timeout "
2656                            "inode");
2657                 goto out;
2658         }
2659         st = seq->private;
2660 
2661         switch (st->state) {
2662         case TCP_SEQ_STATE_LISTENING:
2663         case TCP_SEQ_STATE_ESTABLISHED:
2664                 if (sk->sk_state == TCP_TIME_WAIT)
2665                         get_timewait4_sock(v, seq, st->num);
2666                 else
2667                         get_tcp4_sock(v, seq, st->num);
2668                 break;
2669         case TCP_SEQ_STATE_OPENREQ:
2670                 get_openreq4(st->syn_wait_sk, v, seq, st->num, st->uid);
2671                 break;
2672         }
2673 out:
2674         seq_pad(seq, '\n');
2675         return 0;
2676 }
2677 
2678 static const struct file_operations tcp_afinfo_seq_fops = {
2679         .owner   = THIS_MODULE,
2680         .open    = tcp_seq_open,
2681         .read    = seq_read,
2682         .llseek  = seq_lseek,
2683         .release = seq_release_net
2684 };
2685 
2686 static struct tcp_seq_afinfo tcp4_seq_afinfo = {
2687         .name           = "tcp",
2688         .family         = AF_INET,
2689         .seq_fops       = &tcp_afinfo_seq_fops,
2690         .seq_ops        = {
2691                 .show           = tcp4_seq_show,
2692         },
2693 };
2694 
2695 static int __net_init tcp4_proc_init_net(struct net *net)
2696 {
2697         return tcp_proc_register(net, &tcp4_seq_afinfo);
2698 }
2699 
2700 static void __net_exit tcp4_proc_exit_net(struct net *net)
2701 {
2702         tcp_proc_unregister(net, &tcp4_seq_afinfo);
2703 }
2704 
2705 static struct pernet_operations tcp4_net_ops = {
2706         .init = tcp4_proc_init_net,
2707         .exit = tcp4_proc_exit_net,
2708 };
2709 
2710 int __init tcp4_proc_init(void)
2711 {
2712         return register_pernet_subsys(&tcp4_net_ops);
2713 }
2714 
2715 void tcp4_proc_exit(void)
2716 {
2717         unregister_pernet_subsys(&tcp4_net_ops);
2718 }
2719 #endif /* CONFIG_PROC_FS */
2720 
2721 struct proto tcp_prot = {
2722         .name                   = "TCP",
2723         .owner                  = THIS_MODULE,
2724         .close                  = tcp_close,
2725         .connect                = tcp_v4_connect,
2726         .disconnect             = tcp_disconnect,
2727         .accept                 = inet_csk_accept,
2728         .ioctl                  = tcp_ioctl,
2729         .init                   = tcp_v4_init_sock,
2730         .destroy                = tcp_v4_destroy_sock,
2731         .shutdown               = tcp_shutdown,
2732         .setsockopt             = tcp_setsockopt,
2733         .getsockopt             = tcp_getsockopt,
2734         .recvmsg                = tcp_recvmsg,
2735         .sendmsg                = tcp_sendmsg,
2736         .sendpage               = tcp_sendpage,
2737         .backlog_rcv            = tcp_v4_do_rcv,
2738         .release_cb             = tcp_release_cb,
2739         .mtu_reduced            = tcp_v4_mtu_reduced,
2740         .hash                   = inet_hash,
2741         .unhash                 = inet_unhash,
2742         .get_port               = inet_csk_get_port,
2743         .enter_memory_pressure  = tcp_enter_memory_pressure,
2744         .stream_memory_free     = tcp_stream_memory_free,
2745         .sockets_allocated      = &tcp_sockets_allocated,
2746         .orphan_count           = &tcp_orphan_count,
2747         .memory_allocated       = &tcp_memory_allocated,
2748         .memory_pressure        = &tcp_memory_pressure,
2749         .sysctl_mem             = sysctl_tcp_mem,
2750         .sysctl_wmem            = sysctl_tcp_wmem,
2751         .sysctl_rmem            = sysctl_tcp_rmem,
2752         .max_header             = MAX_TCP_HEADER,
2753         .obj_size               = sizeof(struct tcp_sock),
2754         .slab_flags             = SLAB_DESTROY_BY_RCU,
2755         .twsk_prot              = &tcp_timewait_sock_ops,
2756         .rsk_prot               = &tcp_request_sock_ops,
2757         .h.hashinfo             = &tcp_hashinfo,
2758         .no_autobind            = true,
2759 #ifdef CONFIG_COMPAT
2760         .compat_setsockopt      = compat_tcp_setsockopt,
2761         .compat_getsockopt      = compat_tcp_getsockopt,
2762 #endif
2763 #ifdef CONFIG_MEMCG_KMEM
2764         .init_cgroup            = tcp_init_cgroup,
2765         .destroy_cgroup         = tcp_destroy_cgroup,
2766         .proto_cgroup           = tcp_proto_cgroup,
2767 #endif
2768 };
2769 EXPORT_SYMBOL(tcp_prot);
2770 
2771 static int __net_init tcp_sk_init(struct net *net)
2772 {
2773         net->ipv4.sysctl_tcp_ecn = 2;
2774         return 0;
2775 }
2776 
2777 static void __net_exit tcp_sk_exit(struct net *net)
2778 {
2779 }
2780 
2781 static void __net_exit tcp_sk_exit_batch(struct list_head *net_exit_list)
2782 {
2783         inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET);
2784 }
2785 
2786 static struct pernet_operations __net_initdata tcp_sk_ops = {
2787        .init       = tcp_sk_init,
2788        .exit       = tcp_sk_exit,
2789        .exit_batch = tcp_sk_exit_batch,
2790 };
2791 
2792 void __init tcp_v4_init(void)
2793 {
2794         inet_hashinfo_init(&tcp_hashinfo);
2795         if (register_pernet_subsys(&tcp_sk_ops))
2796                 panic("Failed to create the TCP control socket.\n");
2797 }
2798 

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us