2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * Implementation of the Transmission Control Protocol(TCP).
8 * IPv4 specific functions
13 * linux/ipv4/tcp_input.c
14 * linux/ipv4/tcp_output.c
16 * See tcp.c for author information
18 * This program is free software; you can redistribute it and/or
19 * modify it under the terms of the GNU General Public License
20 * as published by the Free Software Foundation; either version
21 * 2 of the License, or (at your option) any later version.
26 * David S. Miller : New socket lookup architecture.
27 * This code is dedicated to John Dyson.
28 * David S. Miller : Change semantics of established hash,
29 * half is devoted to TIME_WAIT sockets
30 * and the rest go in the other half.
31 * Andi Kleen : Add support for syncookies and fixed
32 * some bugs: ip options weren't passed to
33 * the TCP layer, missed a check for an
35 * Andi Kleen : Implemented fast path mtu discovery.
36 * Fixed many serious bugs in the
37 * request_sock handling and moved
38 * most of it into the af independent code.
39 * Added tail drop and some other bugfixes.
40 * Added new listen semantics.
41 * Mike McLagan : Routing by source
42 * Juan Jose Ciarlante: ip_dynaddr bits
43 * Andi Kleen: various fixes.
44 * Vitaly E. Lavrov : Transparent proxy revived after year
46 * Andi Kleen : Fix new listen.
47 * Andi Kleen : Fix accept error reporting.
48 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
49 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
50 * a single port at the same time.
54 #include <linux/bottom_half.h>
55 #include <linux/types.h>
56 #include <linux/fcntl.h>
57 #include <linux/module.h>
58 #include <linux/random.h>
59 #include <linux/cache.h>
60 #include <linux/jhash.h>
61 #include <linux/init.h>
62 #include <linux/times.h>
63 #include <linux/slab.h>
65 #include <net/net_namespace.h>
67 #include <net/inet_hashtables.h>
69 #include <net/transp_v6.h>
71 #include <net/inet_common.h>
72 #include <net/timewait_sock.h>
74 #include <net/netdma.h>
76 #include <linux/inet.h>
77 #include <linux/ipv6.h>
78 #include <linux/stddef.h>
79 #include <linux/proc_fs.h>
80 #include <linux/seq_file.h>
82 #include <linux/crypto.h>
83 #include <linux/scatterlist.h>
85 int sysctl_tcp_tw_reuse __read_mostly;
86 int sysctl_tcp_low_latency __read_mostly;
87 EXPORT_SYMBOL(sysctl_tcp_low_latency);
90 #ifdef CONFIG_TCP_MD5SIG
91 static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk,
93 static int tcp_v4_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
94 __be32 daddr, __be32 saddr, struct tcphdr *th);
97 struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk, __be32 addr)
103 struct inet_hashinfo tcp_hashinfo;
104 EXPORT_SYMBOL(tcp_hashinfo);
106 static inline __u32 tcp_v4_init_sequence(struct sk_buff *skb)
108 return secure_tcp_sequence_number(ip_hdr(skb)->daddr,
111 tcp_hdr(skb)->source);
114 int tcp_twsk_unique(struct sock *sk, struct sock *sktw, void *twp)
116 const struct tcp_timewait_sock *tcptw = tcp_twsk(sktw);
117 struct tcp_sock *tp = tcp_sk(sk);
119 /* With PAWS, it is safe from the viewpoint
120 of data integrity. Even without PAWS it is safe provided sequence
121 spaces do not overlap i.e. at data rates <= 80Mbit/sec.
123 Actually, the idea is close to VJ's one, only timestamp cache is
124 held not per host, but per port pair and TW bucket is used as state
127 If TW bucket has been already destroyed we fall back to VJ's scheme
128 and use initial timestamp retrieved from peer table.
130 if (tcptw->tw_ts_recent_stamp &&
131 (twp == NULL || (sysctl_tcp_tw_reuse &&
132 get_seconds() - tcptw->tw_ts_recent_stamp > 1))) {
133 tp->write_seq = tcptw->tw_snd_nxt + 65535 + 2;
134 if (tp->write_seq == 0)
136 tp->rx_opt.ts_recent = tcptw->tw_ts_recent;
137 tp->rx_opt.ts_recent_stamp = tcptw->tw_ts_recent_stamp;
144 EXPORT_SYMBOL_GPL(tcp_twsk_unique);
146 /* This will initiate an outgoing connection. */
147 int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
149 struct inet_sock *inet = inet_sk(sk);
150 struct tcp_sock *tp = tcp_sk(sk);
151 struct sockaddr_in *usin = (struct sockaddr_in *)uaddr;
153 __be32 daddr, nexthop;
157 if (addr_len < sizeof(struct sockaddr_in))
160 if (usin->sin_family != AF_INET)
161 return -EAFNOSUPPORT;
163 nexthop = daddr = usin->sin_addr.s_addr;
164 if (inet->opt && inet->opt->srr) {
167 nexthop = inet->opt->faddr;
170 tmp = ip_route_connect(&rt, nexthop, inet->inet_saddr,
171 RT_CONN_FLAGS(sk), sk->sk_bound_dev_if,
173 inet->inet_sport, usin->sin_port, sk, 1);
175 if (tmp == -ENETUNREACH)
176 IP_INC_STATS_BH(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
180 if (rt->rt_flags & (RTCF_MULTICAST | RTCF_BROADCAST)) {
185 if (!inet->opt || !inet->opt->srr)
188 if (!inet->inet_saddr)
189 inet->inet_saddr = rt->rt_src;
190 inet->inet_rcv_saddr = inet->inet_saddr;
192 if (tp->rx_opt.ts_recent_stamp && inet->inet_daddr != daddr) {
193 /* Reset inherited state */
194 tp->rx_opt.ts_recent = 0;
195 tp->rx_opt.ts_recent_stamp = 0;
199 if (tcp_death_row.sysctl_tw_recycle &&
200 !tp->rx_opt.ts_recent_stamp && rt->rt_dst == daddr) {
201 struct inet_peer *peer = rt_get_peer(rt);
203 * VJ's idea. We save last timestamp seen from
204 * the destination in peer table, when entering state
205 * TIME-WAIT * and initialize rx_opt.ts_recent from it,
206 * when trying new connection.
209 inet_peer_refcheck(peer);
210 if ((u32)get_seconds() - peer->tcp_ts_stamp <= TCP_PAWS_MSL) {
211 tp->rx_opt.ts_recent_stamp = peer->tcp_ts_stamp;
212 tp->rx_opt.ts_recent = peer->tcp_ts;
217 inet->inet_dport = usin->sin_port;
218 inet->inet_daddr = daddr;
220 inet_csk(sk)->icsk_ext_hdr_len = 0;
222 inet_csk(sk)->icsk_ext_hdr_len = inet->opt->optlen;
224 tp->rx_opt.mss_clamp = TCP_MSS_DEFAULT;
226 /* Socket identity is still unknown (sport may be zero).
227 * However we set state to SYN-SENT and not releasing socket
228 * lock select source port, enter ourselves into the hash tables and
229 * complete initialization after this.
231 tcp_set_state(sk, TCP_SYN_SENT);
232 err = inet_hash_connect(&tcp_death_row, sk);
236 err = ip_route_newports(&rt, IPPROTO_TCP,
237 inet->inet_sport, inet->inet_dport, sk);
241 /* OK, now commit destination to socket. */
242 sk->sk_gso_type = SKB_GSO_TCPV4;
243 sk_setup_caps(sk, &rt->dst);
246 tp->write_seq = secure_tcp_sequence_number(inet->inet_saddr,
251 inet->inet_id = tp->write_seq ^ jiffies;
253 err = tcp_connect(sk);
262 * This unhashes the socket and releases the local port,
265 tcp_set_state(sk, TCP_CLOSE);
267 sk->sk_route_caps = 0;
268 inet->inet_dport = 0;
271 EXPORT_SYMBOL(tcp_v4_connect);
274 * This routine does path mtu discovery as defined in RFC1191.
276 static void do_pmtu_discovery(struct sock *sk, struct iphdr *iph, u32 mtu)
278 struct dst_entry *dst;
279 struct inet_sock *inet = inet_sk(sk);
281 /* We are not interested in TCP_LISTEN and open_requests (SYN-ACKs
282 * send out by Linux are always <576bytes so they should go through
285 if (sk->sk_state == TCP_LISTEN)
288 /* We don't check in the destentry if pmtu discovery is forbidden
289 * on this route. We just assume that no packet_to_big packets
290 * are send back when pmtu discovery is not active.
291 * There is a small race when the user changes this flag in the
292 * route, but I think that's acceptable.
294 if ((dst = __sk_dst_check(sk, 0)) == NULL)
297 dst->ops->update_pmtu(dst, mtu);
299 /* Something is about to be wrong... Remember soft error
300 * for the case, if this connection will not able to recover.
302 if (mtu < dst_mtu(dst) && ip_dont_fragment(sk, dst))
303 sk->sk_err_soft = EMSGSIZE;
307 if (inet->pmtudisc != IP_PMTUDISC_DONT &&
308 inet_csk(sk)->icsk_pmtu_cookie > mtu) {
309 tcp_sync_mss(sk, mtu);
311 /* Resend the TCP packet because it's
312 * clear that the old packet has been
313 * dropped. This is the new "fast" path mtu
316 tcp_simple_retransmit(sk);
317 } /* else let the usual retransmit timer handle it */
321 * This routine is called by the ICMP module when it gets some
322 * sort of error condition. If err < 0 then the socket should
323 * be closed and the error returned to the user. If err > 0
324 * it's just the icmp type << 8 | icmp code. After adjustment
325 * header points to the first 8 bytes of the tcp header. We need
326 * to find the appropriate port.
328 * The locking strategy used here is very "optimistic". When
329 * someone else accesses the socket the ICMP is just dropped
330 * and for some paths there is no check at all.
331 * A more general error queue to queue errors for later handling
332 * is probably better.
336 void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
338 struct iphdr *iph = (struct iphdr *)icmp_skb->data;
339 struct tcphdr *th = (struct tcphdr *)(icmp_skb->data + (iph->ihl << 2));
340 struct inet_connection_sock *icsk;
342 struct inet_sock *inet;
343 const int type = icmp_hdr(icmp_skb)->type;
344 const int code = icmp_hdr(icmp_skb)->code;
350 struct net *net = dev_net(icmp_skb->dev);
352 if (icmp_skb->len < (iph->ihl << 2) + 8) {
353 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
357 sk = inet_lookup(net, &tcp_hashinfo, iph->daddr, th->dest,
358 iph->saddr, th->source, inet_iif(icmp_skb));
360 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
363 if (sk->sk_state == TCP_TIME_WAIT) {
364 inet_twsk_put(inet_twsk(sk));
369 /* If too many ICMPs get dropped on busy
370 * servers this needs to be solved differently.
372 if (sock_owned_by_user(sk))
373 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
375 if (sk->sk_state == TCP_CLOSE)
378 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
379 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
385 seq = ntohl(th->seq);
386 if (sk->sk_state != TCP_LISTEN &&
387 !between(seq, tp->snd_una, tp->snd_nxt)) {
388 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
393 case ICMP_SOURCE_QUENCH:
394 /* Just silently ignore these. */
396 case ICMP_PARAMETERPROB:
399 case ICMP_DEST_UNREACH:
400 if (code > NR_ICMP_UNREACH)
403 if (code == ICMP_FRAG_NEEDED) { /* PMTU discovery (RFC1191) */
404 if (!sock_owned_by_user(sk))
405 do_pmtu_discovery(sk, iph, info);
409 err = icmp_err_convert[code].errno;
410 /* check if icmp_skb allows revert of backoff
411 * (see draft-zimmermann-tcp-lcd) */
412 if (code != ICMP_NET_UNREACH && code != ICMP_HOST_UNREACH)
414 if (seq != tp->snd_una || !icsk->icsk_retransmits ||
418 icsk->icsk_backoff--;
419 inet_csk(sk)->icsk_rto = __tcp_set_rto(tp) <<
423 skb = tcp_write_queue_head(sk);
426 remaining = icsk->icsk_rto - min(icsk->icsk_rto,
427 tcp_time_stamp - TCP_SKB_CB(skb)->when);
430 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
431 remaining, TCP_RTO_MAX);
432 } else if (sock_owned_by_user(sk)) {
433 /* RTO revert clocked out retransmission,
434 * but socket is locked. Will defer. */
435 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
438 /* RTO revert clocked out retransmission.
439 * Will retransmit now */
440 tcp_retransmit_timer(sk);
444 case ICMP_TIME_EXCEEDED:
451 switch (sk->sk_state) {
452 struct request_sock *req, **prev;
454 if (sock_owned_by_user(sk))
457 req = inet_csk_search_req(sk, &prev, th->dest,
458 iph->daddr, iph->saddr);
462 /* ICMPs are not backlogged, hence we cannot get
463 an established socket here.
467 if (seq != tcp_rsk(req)->snt_isn) {
468 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
473 * Still in SYN_RECV, just remove it silently.
474 * There is no good way to pass the error to the newly
475 * created socket, and POSIX does not want network
476 * errors returned from accept().
478 inet_csk_reqsk_queue_drop(sk, req, prev);
482 case TCP_SYN_RECV: /* Cannot happen.
483 It can f.e. if SYNs crossed.
485 if (!sock_owned_by_user(sk)) {
488 sk->sk_error_report(sk);
492 sk->sk_err_soft = err;
497 /* If we've already connected we will keep trying
498 * until we time out, or the user gives up.
500 * rfc1122 4.2.3.9 allows to consider as hard errors
501 * only PROTO_UNREACH and PORT_UNREACH (well, FRAG_FAILED too,
502 * but it is obsoleted by pmtu discovery).
504 * Note, that in modern internet, where routing is unreliable
505 * and in each dark corner broken firewalls sit, sending random
506 * errors ordered by their masters even this two messages finally lose
507 * their original sense (even Linux sends invalid PORT_UNREACHs)
509 * Now we are in compliance with RFCs.
514 if (!sock_owned_by_user(sk) && inet->recverr) {
516 sk->sk_error_report(sk);
517 } else { /* Only an error on timeout */
518 sk->sk_err_soft = err;
526 static void __tcp_v4_send_check(struct sk_buff *skb,
527 __be32 saddr, __be32 daddr)
529 struct tcphdr *th = tcp_hdr(skb);
531 if (skb->ip_summed == CHECKSUM_PARTIAL) {
532 th->check = ~tcp_v4_check(skb->len, saddr, daddr, 0);
533 skb->csum_start = skb_transport_header(skb) - skb->head;
534 skb->csum_offset = offsetof(struct tcphdr, check);
536 th->check = tcp_v4_check(skb->len, saddr, daddr,
543 /* This routine computes an IPv4 TCP checksum. */
544 void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb)
546 struct inet_sock *inet = inet_sk(sk);
548 __tcp_v4_send_check(skb, inet->inet_saddr, inet->inet_daddr);
550 EXPORT_SYMBOL(tcp_v4_send_check);
552 int tcp_v4_gso_send_check(struct sk_buff *skb)
554 const struct iphdr *iph;
557 if (!pskb_may_pull(skb, sizeof(*th)))
564 skb->ip_summed = CHECKSUM_PARTIAL;
565 __tcp_v4_send_check(skb, iph->saddr, iph->daddr);
570 * This routine will send an RST to the other tcp.
572 * Someone asks: why I NEVER use socket parameters (TOS, TTL etc.)
574 * Answer: if a packet caused RST, it is not for a socket
575 * existing in our system, if it is matched to a socket,
576 * it is just duplicate segment or bug in other side's TCP.
577 * So that we build reply only basing on parameters
578 * arrived with segment.
579 * Exception: precedence violation. We do not implement it in any case.
582 static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
584 struct tcphdr *th = tcp_hdr(skb);
587 #ifdef CONFIG_TCP_MD5SIG
588 __be32 opt[(TCPOLEN_MD5SIG_ALIGNED >> 2)];
591 struct ip_reply_arg arg;
592 #ifdef CONFIG_TCP_MD5SIG
593 struct tcp_md5sig_key *key;
597 /* Never send a reset in response to a reset. */
601 if (skb_rtable(skb)->rt_type != RTN_LOCAL)
604 /* Swap the send and the receive. */
605 memset(&rep, 0, sizeof(rep));
606 rep.th.dest = th->source;
607 rep.th.source = th->dest;
608 rep.th.doff = sizeof(struct tcphdr) / 4;
612 rep.th.seq = th->ack_seq;
615 rep.th.ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin +
616 skb->len - (th->doff << 2));
619 memset(&arg, 0, sizeof(arg));
620 arg.iov[0].iov_base = (unsigned char *)&rep;
621 arg.iov[0].iov_len = sizeof(rep.th);
623 #ifdef CONFIG_TCP_MD5SIG
624 key = sk ? tcp_v4_md5_do_lookup(sk, ip_hdr(skb)->daddr) : NULL;
626 rep.opt[0] = htonl((TCPOPT_NOP << 24) |
628 (TCPOPT_MD5SIG << 8) |
630 /* Update length and the length the header thinks exists */
631 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
632 rep.th.doff = arg.iov[0].iov_len / 4;
634 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[1],
635 key, ip_hdr(skb)->saddr,
636 ip_hdr(skb)->daddr, &rep.th);
639 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
640 ip_hdr(skb)->saddr, /* XXX */
641 arg.iov[0].iov_len, IPPROTO_TCP, 0);
642 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
643 arg.flags = (sk && inet_sk(sk)->transparent) ? IP_REPLY_ARG_NOSRCCHECK : 0;
645 net = dev_net(skb_dst(skb)->dev);
646 ip_send_reply(net->ipv4.tcp_sock, skb,
647 &arg, arg.iov[0].iov_len);
649 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
650 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
653 /* The code following below sending ACKs in SYN-RECV and TIME-WAIT states
654 outside socket context is ugly, certainly. What can I do?
657 static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, u32 ack,
658 u32 win, u32 ts, int oif,
659 struct tcp_md5sig_key *key,
662 struct tcphdr *th = tcp_hdr(skb);
665 __be32 opt[(TCPOLEN_TSTAMP_ALIGNED >> 2)
666 #ifdef CONFIG_TCP_MD5SIG
667 + (TCPOLEN_MD5SIG_ALIGNED >> 2)
671 struct ip_reply_arg arg;
672 struct net *net = dev_net(skb_dst(skb)->dev);
674 memset(&rep.th, 0, sizeof(struct tcphdr));
675 memset(&arg, 0, sizeof(arg));
677 arg.iov[0].iov_base = (unsigned char *)&rep;
678 arg.iov[0].iov_len = sizeof(rep.th);
680 rep.opt[0] = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
681 (TCPOPT_TIMESTAMP << 8) |
683 rep.opt[1] = htonl(tcp_time_stamp);
684 rep.opt[2] = htonl(ts);
685 arg.iov[0].iov_len += TCPOLEN_TSTAMP_ALIGNED;
688 /* Swap the send and the receive. */
689 rep.th.dest = th->source;
690 rep.th.source = th->dest;
691 rep.th.doff = arg.iov[0].iov_len / 4;
692 rep.th.seq = htonl(seq);
693 rep.th.ack_seq = htonl(ack);
695 rep.th.window = htons(win);
697 #ifdef CONFIG_TCP_MD5SIG
699 int offset = (ts) ? 3 : 0;
701 rep.opt[offset++] = htonl((TCPOPT_NOP << 24) |
703 (TCPOPT_MD5SIG << 8) |
705 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
706 rep.th.doff = arg.iov[0].iov_len/4;
708 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[offset],
709 key, ip_hdr(skb)->saddr,
710 ip_hdr(skb)->daddr, &rep.th);
713 arg.flags = reply_flags;
714 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
715 ip_hdr(skb)->saddr, /* XXX */
716 arg.iov[0].iov_len, IPPROTO_TCP, 0);
717 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
719 arg.bound_dev_if = oif;
721 ip_send_reply(net->ipv4.tcp_sock, skb,
722 &arg, arg.iov[0].iov_len);
724 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
727 static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb)
729 struct inet_timewait_sock *tw = inet_twsk(sk);
730 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
732 tcp_v4_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
733 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
736 tcp_twsk_md5_key(tcptw),
737 tw->tw_transparent ? IP_REPLY_ARG_NOSRCCHECK : 0
743 static void tcp_v4_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
744 struct request_sock *req)
746 tcp_v4_send_ack(skb, tcp_rsk(req)->snt_isn + 1,
747 tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd,
750 tcp_v4_md5_do_lookup(sk, ip_hdr(skb)->daddr),
751 inet_rsk(req)->no_srccheck ? IP_REPLY_ARG_NOSRCCHECK : 0);
755 * Send a SYN-ACK after having received a SYN.
756 * This still operates on a request_sock only, not on a big
759 static int tcp_v4_send_synack(struct sock *sk, struct dst_entry *dst,
760 struct request_sock *req,
761 struct request_values *rvp)
763 const struct inet_request_sock *ireq = inet_rsk(req);
765 struct sk_buff * skb;
767 /* First, grab a route. */
768 if (!dst && (dst = inet_csk_route_req(sk, req)) == NULL)
771 skb = tcp_make_synack(sk, dst, req, rvp);
774 __tcp_v4_send_check(skb, ireq->loc_addr, ireq->rmt_addr);
776 err = ip_build_and_send_pkt(skb, sk, ireq->loc_addr,
779 err = net_xmit_eval(err);
786 static int tcp_v4_rtx_synack(struct sock *sk, struct request_sock *req,
787 struct request_values *rvp)
789 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_RETRANSSEGS);
790 return tcp_v4_send_synack(sk, NULL, req, rvp);
794 * IPv4 request_sock destructor.
796 static void tcp_v4_reqsk_destructor(struct request_sock *req)
798 kfree(inet_rsk(req)->opt);
801 static void syn_flood_warning(const struct sk_buff *skb)
805 #ifdef CONFIG_SYN_COOKIES
806 if (sysctl_tcp_syncookies)
807 msg = "Sending cookies";
810 msg = "Dropping request";
812 pr_info("TCP: Possible SYN flooding on port %d. %s.\n",
813 ntohs(tcp_hdr(skb)->dest), msg);
817 * Save and compile IPv4 options into the request_sock if needed.
819 static struct ip_options *tcp_v4_save_options(struct sock *sk,
822 struct ip_options *opt = &(IPCB(skb)->opt);
823 struct ip_options *dopt = NULL;
825 if (opt && opt->optlen) {
826 int opt_size = optlength(opt);
827 dopt = kmalloc(opt_size, GFP_ATOMIC);
829 if (ip_options_echo(dopt, skb)) {
838 #ifdef CONFIG_TCP_MD5SIG
840 * RFC2385 MD5 checksumming requires a mapping of
841 * IP address->MD5 Key.
842 * We need to maintain these in the sk structure.
845 /* Find the Key structure for an address. */
846 static struct tcp_md5sig_key *
847 tcp_v4_md5_do_lookup(struct sock *sk, __be32 addr)
849 struct tcp_sock *tp = tcp_sk(sk);
852 if (!tp->md5sig_info || !tp->md5sig_info->entries4)
854 for (i = 0; i < tp->md5sig_info->entries4; i++) {
855 if (tp->md5sig_info->keys4[i].addr == addr)
856 return &tp->md5sig_info->keys4[i].base;
861 struct tcp_md5sig_key *tcp_v4_md5_lookup(struct sock *sk,
862 struct sock *addr_sk)
864 return tcp_v4_md5_do_lookup(sk, inet_sk(addr_sk)->inet_daddr);
866 EXPORT_SYMBOL(tcp_v4_md5_lookup);
868 static struct tcp_md5sig_key *tcp_v4_reqsk_md5_lookup(struct sock *sk,
869 struct request_sock *req)
871 return tcp_v4_md5_do_lookup(sk, inet_rsk(req)->rmt_addr);
874 /* This can be called on a newly created socket, from other files */
875 int tcp_v4_md5_do_add(struct sock *sk, __be32 addr,
876 u8 *newkey, u8 newkeylen)
878 /* Add Key to the list */
879 struct tcp_md5sig_key *key;
880 struct tcp_sock *tp = tcp_sk(sk);
881 struct tcp4_md5sig_key *keys;
883 key = tcp_v4_md5_do_lookup(sk, addr);
885 /* Pre-existing entry - just update that one. */
888 key->keylen = newkeylen;
890 struct tcp_md5sig_info *md5sig;
892 if (!tp->md5sig_info) {
893 tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info),
895 if (!tp->md5sig_info) {
899 sk_nocaps_add(sk, NETIF_F_GSO_MASK);
901 if (tcp_alloc_md5sig_pool(sk) == NULL) {
905 md5sig = tp->md5sig_info;
907 if (md5sig->alloced4 == md5sig->entries4) {
908 keys = kmalloc((sizeof(*keys) *
909 (md5sig->entries4 + 1)), GFP_ATOMIC);
912 tcp_free_md5sig_pool();
916 if (md5sig->entries4)
917 memcpy(keys, md5sig->keys4,
918 sizeof(*keys) * md5sig->entries4);
920 /* Free old key list, and reference new one */
921 kfree(md5sig->keys4);
922 md5sig->keys4 = keys;
926 md5sig->keys4[md5sig->entries4 - 1].addr = addr;
927 md5sig->keys4[md5sig->entries4 - 1].base.key = newkey;
928 md5sig->keys4[md5sig->entries4 - 1].base.keylen = newkeylen;
932 EXPORT_SYMBOL(tcp_v4_md5_do_add);
934 static int tcp_v4_md5_add_func(struct sock *sk, struct sock *addr_sk,
935 u8 *newkey, u8 newkeylen)
937 return tcp_v4_md5_do_add(sk, inet_sk(addr_sk)->inet_daddr,
941 int tcp_v4_md5_do_del(struct sock *sk, __be32 addr)
943 struct tcp_sock *tp = tcp_sk(sk);
946 for (i = 0; i < tp->md5sig_info->entries4; i++) {
947 if (tp->md5sig_info->keys4[i].addr == addr) {
949 kfree(tp->md5sig_info->keys4[i].base.key);
950 tp->md5sig_info->entries4--;
952 if (tp->md5sig_info->entries4 == 0) {
953 kfree(tp->md5sig_info->keys4);
954 tp->md5sig_info->keys4 = NULL;
955 tp->md5sig_info->alloced4 = 0;
956 } else if (tp->md5sig_info->entries4 != i) {
957 /* Need to do some manipulation */
958 memmove(&tp->md5sig_info->keys4[i],
959 &tp->md5sig_info->keys4[i+1],
960 (tp->md5sig_info->entries4 - i) *
961 sizeof(struct tcp4_md5sig_key));
963 tcp_free_md5sig_pool();
969 EXPORT_SYMBOL(tcp_v4_md5_do_del);
971 static void tcp_v4_clear_md5_list(struct sock *sk)
973 struct tcp_sock *tp = tcp_sk(sk);
975 /* Free each key, then the set of key keys,
976 * the crypto element, and then decrement our
977 * hold on the last resort crypto.
979 if (tp->md5sig_info->entries4) {
981 for (i = 0; i < tp->md5sig_info->entries4; i++)
982 kfree(tp->md5sig_info->keys4[i].base.key);
983 tp->md5sig_info->entries4 = 0;
984 tcp_free_md5sig_pool();
986 if (tp->md5sig_info->keys4) {
987 kfree(tp->md5sig_info->keys4);
988 tp->md5sig_info->keys4 = NULL;
989 tp->md5sig_info->alloced4 = 0;
993 static int tcp_v4_parse_md5_keys(struct sock *sk, char __user *optval,
996 struct tcp_md5sig cmd;
997 struct sockaddr_in *sin = (struct sockaddr_in *)&cmd.tcpm_addr;
1000 if (optlen < sizeof(cmd))
1003 if (copy_from_user(&cmd, optval, sizeof(cmd)))
1006 if (sin->sin_family != AF_INET)
1009 if (!cmd.tcpm_key || !cmd.tcpm_keylen) {
1010 if (!tcp_sk(sk)->md5sig_info)
1012 return tcp_v4_md5_do_del(sk, sin->sin_addr.s_addr);
1015 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
1018 if (!tcp_sk(sk)->md5sig_info) {
1019 struct tcp_sock *tp = tcp_sk(sk);
1020 struct tcp_md5sig_info *p;
1022 p = kzalloc(sizeof(*p), sk->sk_allocation);
1026 tp->md5sig_info = p;
1027 sk_nocaps_add(sk, NETIF_F_GSO_MASK);
1030 newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, sk->sk_allocation);
1033 return tcp_v4_md5_do_add(sk, sin->sin_addr.s_addr,
1034 newkey, cmd.tcpm_keylen);
1037 static int tcp_v4_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
1038 __be32 daddr, __be32 saddr, int nbytes)
1040 struct tcp4_pseudohdr *bp;
1041 struct scatterlist sg;
1043 bp = &hp->md5_blk.ip4;
1046 * 1. the TCP pseudo-header (in the order: source IP address,
1047 * destination IP address, zero-padded protocol number, and
1053 bp->protocol = IPPROTO_TCP;
1054 bp->len = cpu_to_be16(nbytes);
1056 sg_init_one(&sg, bp, sizeof(*bp));
1057 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
1060 static int tcp_v4_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
1061 __be32 daddr, __be32 saddr, struct tcphdr *th)
1063 struct tcp_md5sig_pool *hp;
1064 struct hash_desc *desc;
1066 hp = tcp_get_md5sig_pool();
1068 goto clear_hash_noput;
1069 desc = &hp->md5_desc;
1071 if (crypto_hash_init(desc))
1073 if (tcp_v4_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
1075 if (tcp_md5_hash_header(hp, th))
1077 if (tcp_md5_hash_key(hp, key))
1079 if (crypto_hash_final(desc, md5_hash))
1082 tcp_put_md5sig_pool();
1086 tcp_put_md5sig_pool();
1088 memset(md5_hash, 0, 16);
1092 int tcp_v4_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
1093 struct sock *sk, struct request_sock *req,
1094 struct sk_buff *skb)
1096 struct tcp_md5sig_pool *hp;
1097 struct hash_desc *desc;
1098 struct tcphdr *th = tcp_hdr(skb);
1099 __be32 saddr, daddr;
1102 saddr = inet_sk(sk)->inet_saddr;
1103 daddr = inet_sk(sk)->inet_daddr;
1105 saddr = inet_rsk(req)->loc_addr;
1106 daddr = inet_rsk(req)->rmt_addr;
1108 const struct iphdr *iph = ip_hdr(skb);
1113 hp = tcp_get_md5sig_pool();
1115 goto clear_hash_noput;
1116 desc = &hp->md5_desc;
1118 if (crypto_hash_init(desc))
1121 if (tcp_v4_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
1123 if (tcp_md5_hash_header(hp, th))
1125 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
1127 if (tcp_md5_hash_key(hp, key))
1129 if (crypto_hash_final(desc, md5_hash))
1132 tcp_put_md5sig_pool();
1136 tcp_put_md5sig_pool();
1138 memset(md5_hash, 0, 16);
1141 EXPORT_SYMBOL(tcp_v4_md5_hash_skb);
1143 static int tcp_v4_inbound_md5_hash(struct sock *sk, struct sk_buff *skb)
1146 * This gets called for each TCP segment that arrives
1147 * so we want to be efficient.
1148 * We have 3 drop cases:
1149 * o No MD5 hash and one expected.
1150 * o MD5 hash and we're not expecting one.
1151 * o MD5 hash and its wrong.
1153 __u8 *hash_location = NULL;
1154 struct tcp_md5sig_key *hash_expected;
1155 const struct iphdr *iph = ip_hdr(skb);
1156 struct tcphdr *th = tcp_hdr(skb);
1158 unsigned char newhash[16];
1160 hash_expected = tcp_v4_md5_do_lookup(sk, iph->saddr);
1161 hash_location = tcp_parse_md5sig_option(th);
1163 /* We've parsed the options - do we have a hash? */
1164 if (!hash_expected && !hash_location)
1167 if (hash_expected && !hash_location) {
1168 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
1172 if (!hash_expected && hash_location) {
1173 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
1177 /* Okay, so this is hash_expected and hash_location -
1178 * so we need to calculate the checksum.
1180 genhash = tcp_v4_md5_hash_skb(newhash,
1184 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
1185 if (net_ratelimit()) {
1186 printk(KERN_INFO "MD5 Hash failed for (%pI4, %d)->(%pI4, %d)%s\n",
1187 &iph->saddr, ntohs(th->source),
1188 &iph->daddr, ntohs(th->dest),
1189 genhash ? " tcp_v4_calc_md5_hash failed" : "");
1198 struct request_sock_ops tcp_request_sock_ops __read_mostly = {
1200 .obj_size = sizeof(struct tcp_request_sock),
1201 .rtx_syn_ack = tcp_v4_rtx_synack,
1202 .send_ack = tcp_v4_reqsk_send_ack,
1203 .destructor = tcp_v4_reqsk_destructor,
1204 .send_reset = tcp_v4_send_reset,
1205 .syn_ack_timeout = tcp_syn_ack_timeout,
1208 #ifdef CONFIG_TCP_MD5SIG
1209 static const struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = {
1210 .md5_lookup = tcp_v4_reqsk_md5_lookup,
1211 .calc_md5_hash = tcp_v4_md5_hash_skb,
1215 static struct timewait_sock_ops tcp_timewait_sock_ops = {
1216 .twsk_obj_size = sizeof(struct tcp_timewait_sock),
1217 .twsk_unique = tcp_twsk_unique,
1218 .twsk_destructor= tcp_twsk_destructor,
1221 int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1223 struct tcp_extend_values tmp_ext;
1224 struct tcp_options_received tmp_opt;
1226 struct request_sock *req;
1227 struct inet_request_sock *ireq;
1228 struct tcp_sock *tp = tcp_sk(sk);
1229 struct dst_entry *dst = NULL;
1230 __be32 saddr = ip_hdr(skb)->saddr;
1231 __be32 daddr = ip_hdr(skb)->daddr;
1232 __u32 isn = TCP_SKB_CB(skb)->when;
1233 #ifdef CONFIG_SYN_COOKIES
1234 int want_cookie = 0;
1236 #define want_cookie 0 /* Argh, why doesn't gcc optimize this :( */
1239 /* Never answer to SYNs send to broadcast or multicast */
1240 if (skb_rtable(skb)->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))
1243 /* TW buckets are converted to open requests without
1244 * limitations, they conserve resources and peer is
1245 * evidently real one.
1247 if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1248 if (net_ratelimit())
1249 syn_flood_warning(skb);
1250 #ifdef CONFIG_SYN_COOKIES
1251 if (sysctl_tcp_syncookies) {
1258 /* Accept backlog is full. If we have already queued enough
1259 * of warm entries in syn queue, drop request. It is better than
1260 * clogging syn queue with openreqs with exponentially increasing
1263 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1266 req = inet_reqsk_alloc(&tcp_request_sock_ops);
1270 #ifdef CONFIG_TCP_MD5SIG
1271 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv4_ops;
1274 tcp_clear_options(&tmp_opt);
1275 tmp_opt.mss_clamp = TCP_MSS_DEFAULT;
1276 tmp_opt.user_mss = tp->rx_opt.user_mss;
1277 tcp_parse_options(skb, &tmp_opt, &hash_location, 0);
1279 if (tmp_opt.cookie_plus > 0 &&
1280 tmp_opt.saw_tstamp &&
1281 !tp->rx_opt.cookie_out_never &&
1282 (sysctl_tcp_cookie_size > 0 ||
1283 (tp->cookie_values != NULL &&
1284 tp->cookie_values->cookie_desired > 0))) {
1286 u32 *mess = &tmp_ext.cookie_bakery[COOKIE_DIGEST_WORDS];
1287 int l = tmp_opt.cookie_plus - TCPOLEN_COOKIE_BASE;
1289 if (tcp_cookie_generator(&tmp_ext.cookie_bakery[0]) != 0)
1290 goto drop_and_release;
1292 /* Secret recipe starts with IP addresses */
1293 *mess++ ^= (__force u32)daddr;
1294 *mess++ ^= (__force u32)saddr;
1296 /* plus variable length Initiator Cookie */
1299 *c++ ^= *hash_location++;
1301 #ifdef CONFIG_SYN_COOKIES
1302 want_cookie = 0; /* not our kind of cookie */
1304 tmp_ext.cookie_out_never = 0; /* false */
1305 tmp_ext.cookie_plus = tmp_opt.cookie_plus;
1306 } else if (!tp->rx_opt.cookie_in_always) {
1307 /* redundant indications, but ensure initialization. */
1308 tmp_ext.cookie_out_never = 1; /* true */
1309 tmp_ext.cookie_plus = 0;
1311 goto drop_and_release;
1313 tmp_ext.cookie_in_always = tp->rx_opt.cookie_in_always;
1315 if (want_cookie && !tmp_opt.saw_tstamp)
1316 tcp_clear_options(&tmp_opt);
1318 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1319 tcp_openreq_init(req, &tmp_opt, skb);
1321 ireq = inet_rsk(req);
1322 ireq->loc_addr = daddr;
1323 ireq->rmt_addr = saddr;
1324 ireq->no_srccheck = inet_sk(sk)->transparent;
1325 ireq->opt = tcp_v4_save_options(sk, skb);
1327 if (security_inet_conn_request(sk, skb, req))
1330 if (!want_cookie || tmp_opt.tstamp_ok)
1331 TCP_ECN_create_request(req, tcp_hdr(skb));
1334 isn = cookie_v4_init_sequence(sk, skb, &req->mss);
1335 req->cookie_ts = tmp_opt.tstamp_ok;
1337 struct inet_peer *peer = NULL;
1339 /* VJ's idea. We save last timestamp seen
1340 * from the destination in peer table, when entering
1341 * state TIME-WAIT, and check against it before
1342 * accepting new connection request.
1344 * If "isn" is not zero, this request hit alive
1345 * timewait bucket, so that all the necessary checks
1346 * are made in the function processing timewait state.
1348 if (tmp_opt.saw_tstamp &&
1349 tcp_death_row.sysctl_tw_recycle &&
1350 (dst = inet_csk_route_req(sk, req)) != NULL &&
1351 (peer = rt_get_peer((struct rtable *)dst)) != NULL &&
1352 peer->v4daddr == saddr) {
1353 inet_peer_refcheck(peer);
1354 if ((u32)get_seconds() - peer->tcp_ts_stamp < TCP_PAWS_MSL &&
1355 (s32)(peer->tcp_ts - req->ts_recent) >
1357 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSPASSIVEREJECTED);
1358 goto drop_and_release;
1361 /* Kill the following clause, if you dislike this way. */
1362 else if (!sysctl_tcp_syncookies &&
1363 (sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) <
1364 (sysctl_max_syn_backlog >> 2)) &&
1365 (!peer || !peer->tcp_ts_stamp) &&
1366 (!dst || !dst_metric(dst, RTAX_RTT))) {
1367 /* Without syncookies last quarter of
1368 * backlog is filled with destinations,
1369 * proven to be alive.
1370 * It means that we continue to communicate
1371 * to destinations, already remembered
1372 * to the moment of synflood.
1374 LIMIT_NETDEBUG(KERN_DEBUG "TCP: drop open request from %pI4/%u\n",
1375 &saddr, ntohs(tcp_hdr(skb)->source));
1376 goto drop_and_release;
1379 isn = tcp_v4_init_sequence(skb);
1381 tcp_rsk(req)->snt_isn = isn;
1383 if (tcp_v4_send_synack(sk, dst, req,
1384 (struct request_values *)&tmp_ext) ||
1388 inet_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1398 EXPORT_SYMBOL(tcp_v4_conn_request);
1402 * The three way handshake has completed - we got a valid synack -
1403 * now create the new socket.
1405 struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1406 struct request_sock *req,
1407 struct dst_entry *dst)
1409 struct inet_request_sock *ireq;
1410 struct inet_sock *newinet;
1411 struct tcp_sock *newtp;
1413 #ifdef CONFIG_TCP_MD5SIG
1414 struct tcp_md5sig_key *key;
1417 if (sk_acceptq_is_full(sk))
1420 if (!dst && (dst = inet_csk_route_req(sk, req)) == NULL)
1423 newsk = tcp_create_openreq_child(sk, req, skb);
1427 newsk->sk_gso_type = SKB_GSO_TCPV4;
1428 sk_setup_caps(newsk, dst);
1430 newtp = tcp_sk(newsk);
1431 newinet = inet_sk(newsk);
1432 ireq = inet_rsk(req);
1433 newinet->inet_daddr = ireq->rmt_addr;
1434 newinet->inet_rcv_saddr = ireq->loc_addr;
1435 newinet->inet_saddr = ireq->loc_addr;
1436 newinet->opt = ireq->opt;
1438 newinet->mc_index = inet_iif(skb);
1439 newinet->mc_ttl = ip_hdr(skb)->ttl;
1440 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1442 inet_csk(newsk)->icsk_ext_hdr_len = newinet->opt->optlen;
1443 newinet->inet_id = newtp->write_seq ^ jiffies;
1445 tcp_mtup_init(newsk);
1446 tcp_sync_mss(newsk, dst_mtu(dst));
1447 newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1448 if (tcp_sk(sk)->rx_opt.user_mss &&
1449 tcp_sk(sk)->rx_opt.user_mss < newtp->advmss)
1450 newtp->advmss = tcp_sk(sk)->rx_opt.user_mss;
1452 tcp_initialize_rcv_mss(newsk);
1454 #ifdef CONFIG_TCP_MD5SIG
1455 /* Copy over the MD5 key from the original socket */
1456 key = tcp_v4_md5_do_lookup(sk, newinet->inet_daddr);
1459 * We're using one, so create a matching key
1460 * on the newsk structure. If we fail to get
1461 * memory, then we end up not copying the key
1464 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1466 tcp_v4_md5_do_add(newsk, newinet->inet_daddr,
1467 newkey, key->keylen);
1468 sk_nocaps_add(newsk, NETIF_F_GSO_MASK);
1472 __inet_hash_nolisten(newsk, NULL);
1473 __inet_inherit_port(sk, newsk);
1478 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1480 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1484 EXPORT_SYMBOL(tcp_v4_syn_recv_sock);
1486 static struct sock *tcp_v4_hnd_req(struct sock *sk, struct sk_buff *skb)
1488 struct tcphdr *th = tcp_hdr(skb);
1489 const struct iphdr *iph = ip_hdr(skb);
1491 struct request_sock **prev;
1492 /* Find possible connection requests. */
1493 struct request_sock *req = inet_csk_search_req(sk, &prev, th->source,
1494 iph->saddr, iph->daddr);
1496 return tcp_check_req(sk, skb, req, prev);
1498 nsk = inet_lookup_established(sock_net(sk), &tcp_hashinfo, iph->saddr,
1499 th->source, iph->daddr, th->dest, inet_iif(skb));
1502 if (nsk->sk_state != TCP_TIME_WAIT) {
1506 inet_twsk_put(inet_twsk(nsk));
1510 #ifdef CONFIG_SYN_COOKIES
1512 sk = cookie_v4_check(sk, skb, &(IPCB(skb)->opt));
1517 static __sum16 tcp_v4_checksum_init(struct sk_buff *skb)
1519 const struct iphdr *iph = ip_hdr(skb);
1521 if (skb->ip_summed == CHECKSUM_COMPLETE) {
1522 if (!tcp_v4_check(skb->len, iph->saddr,
1523 iph->daddr, skb->csum)) {
1524 skb->ip_summed = CHECKSUM_UNNECESSARY;
1529 skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr,
1530 skb->len, IPPROTO_TCP, 0);
1532 if (skb->len <= 76) {
1533 return __skb_checksum_complete(skb);
1539 /* The socket must have it's spinlock held when we get
1542 * We have a potential double-lock case here, so even when
1543 * doing backlog processing we use the BH locking scheme.
1544 * This is because we cannot sleep with the original spinlock
1547 int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
1550 #ifdef CONFIG_TCP_MD5SIG
1552 * We really want to reject the packet as early as possible
1554 * o We're expecting an MD5'd packet and this is no MD5 tcp option
1555 * o There is an MD5 option and we're not expecting one
1557 if (tcp_v4_inbound_md5_hash(sk, skb))
1561 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1562 sock_rps_save_rxhash(sk, skb->rxhash);
1563 TCP_CHECK_TIMER(sk);
1564 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) {
1568 TCP_CHECK_TIMER(sk);
1572 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1575 if (sk->sk_state == TCP_LISTEN) {
1576 struct sock *nsk = tcp_v4_hnd_req(sk, skb);
1581 if (tcp_child_process(sk, nsk, skb)) {
1588 sock_rps_save_rxhash(sk, skb->rxhash);
1591 TCP_CHECK_TIMER(sk);
1592 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) {
1596 TCP_CHECK_TIMER(sk);
1600 tcp_v4_send_reset(rsk, skb);
1603 /* Be careful here. If this function gets more complicated and
1604 * gcc suffers from register pressure on the x86, sk (in %ebx)
1605 * might be destroyed here. This current version compiles correctly,
1606 * but you have been warned.
1611 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1614 EXPORT_SYMBOL(tcp_v4_do_rcv);
1620 int tcp_v4_rcv(struct sk_buff *skb)
1622 const struct iphdr *iph;
1626 struct net *net = dev_net(skb->dev);
1628 if (skb->pkt_type != PACKET_HOST)
1631 /* Count it even if it's bad */
1632 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1634 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1639 if (th->doff < sizeof(struct tcphdr) / 4)
1641 if (!pskb_may_pull(skb, th->doff * 4))
1644 /* An explanation is required here, I think.
1645 * Packet length and doff are validated by header prediction,
1646 * provided case of th->doff==0 is eliminated.
1647 * So, we defer the checks. */
1648 if (!skb_csum_unnecessary(skb) && tcp_v4_checksum_init(skb))
1653 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1654 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1655 skb->len - th->doff * 4);
1656 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1657 TCP_SKB_CB(skb)->when = 0;
1658 TCP_SKB_CB(skb)->flags = iph->tos;
1659 TCP_SKB_CB(skb)->sacked = 0;
1661 sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
1666 if (sk->sk_state == TCP_TIME_WAIT)
1669 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
1670 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
1671 goto discard_and_relse;
1674 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
1675 goto discard_and_relse;
1678 if (sk_filter(sk, skb))
1679 goto discard_and_relse;
1683 bh_lock_sock_nested(sk);
1685 if (!sock_owned_by_user(sk)) {
1686 #ifdef CONFIG_NET_DMA
1687 struct tcp_sock *tp = tcp_sk(sk);
1688 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1689 tp->ucopy.dma_chan = dma_find_channel(DMA_MEMCPY);
1690 if (tp->ucopy.dma_chan)
1691 ret = tcp_v4_do_rcv(sk, skb);
1695 if (!tcp_prequeue(sk, skb))
1696 ret = tcp_v4_do_rcv(sk, skb);
1698 } else if (unlikely(sk_add_backlog(sk, skb))) {
1700 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP);
1701 goto discard_and_relse;
1710 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
1713 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) {
1715 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1717 tcp_v4_send_reset(NULL, skb);
1721 /* Discard frame. */
1730 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1731 inet_twsk_put(inet_twsk(sk));
1735 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) {
1736 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1737 inet_twsk_put(inet_twsk(sk));
1740 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1742 struct sock *sk2 = inet_lookup_listener(dev_net(skb->dev),
1744 iph->daddr, th->dest,
1747 inet_twsk_deschedule(inet_twsk(sk), &tcp_death_row);
1748 inet_twsk_put(inet_twsk(sk));
1752 /* Fall through to ACK */
1755 tcp_v4_timewait_ack(sk, skb);
1759 case TCP_TW_SUCCESS:;
1764 /* VJ's idea. Save last timestamp seen from this destination
1765 * and hold it at least for normal timewait interval to use for duplicate
1766 * segment detection in subsequent connections, before they enter synchronized
1770 int tcp_v4_remember_stamp(struct sock *sk)
1772 struct inet_sock *inet = inet_sk(sk);
1773 struct tcp_sock *tp = tcp_sk(sk);
1774 struct rtable *rt = (struct rtable *)__sk_dst_get(sk);
1775 struct inet_peer *peer = NULL;
1778 if (!rt || rt->rt_dst != inet->inet_daddr) {
1779 peer = inet_getpeer(inet->inet_daddr, 1);
1783 rt_bind_peer(rt, 1);
1788 if ((s32)(peer->tcp_ts - tp->rx_opt.ts_recent) <= 0 ||
1789 ((u32)get_seconds() - peer->tcp_ts_stamp > TCP_PAWS_MSL &&
1790 peer->tcp_ts_stamp <= (u32)tp->rx_opt.ts_recent_stamp)) {
1791 peer->tcp_ts_stamp = (u32)tp->rx_opt.ts_recent_stamp;
1792 peer->tcp_ts = tp->rx_opt.ts_recent;
1801 EXPORT_SYMBOL(tcp_v4_remember_stamp);
1803 int tcp_v4_tw_remember_stamp(struct inet_timewait_sock *tw)
1805 struct inet_peer *peer = inet_getpeer(tw->tw_daddr, 1);
1808 const struct tcp_timewait_sock *tcptw = tcp_twsk((struct sock *)tw);
1810 if ((s32)(peer->tcp_ts - tcptw->tw_ts_recent) <= 0 ||
1811 ((u32)get_seconds() - peer->tcp_ts_stamp > TCP_PAWS_MSL &&
1812 peer->tcp_ts_stamp <= (u32)tcptw->tw_ts_recent_stamp)) {
1813 peer->tcp_ts_stamp = (u32)tcptw->tw_ts_recent_stamp;
1814 peer->tcp_ts = tcptw->tw_ts_recent;
1823 const struct inet_connection_sock_af_ops ipv4_specific = {
1824 .queue_xmit = ip_queue_xmit,
1825 .send_check = tcp_v4_send_check,
1826 .rebuild_header = inet_sk_rebuild_header,
1827 .conn_request = tcp_v4_conn_request,
1828 .syn_recv_sock = tcp_v4_syn_recv_sock,
1829 .remember_stamp = tcp_v4_remember_stamp,
1830 .net_header_len = sizeof(struct iphdr),
1831 .setsockopt = ip_setsockopt,
1832 .getsockopt = ip_getsockopt,
1833 .addr2sockaddr = inet_csk_addr2sockaddr,
1834 .sockaddr_len = sizeof(struct sockaddr_in),
1835 .bind_conflict = inet_csk_bind_conflict,
1836 #ifdef CONFIG_COMPAT
1837 .compat_setsockopt = compat_ip_setsockopt,
1838 .compat_getsockopt = compat_ip_getsockopt,
1841 EXPORT_SYMBOL(ipv4_specific);
1843 #ifdef CONFIG_TCP_MD5SIG
1844 static const struct tcp_sock_af_ops tcp_sock_ipv4_specific = {
1845 .md5_lookup = tcp_v4_md5_lookup,
1846 .calc_md5_hash = tcp_v4_md5_hash_skb,
1847 .md5_add = tcp_v4_md5_add_func,
1848 .md5_parse = tcp_v4_parse_md5_keys,
1852 /* NOTE: A lot of things set to zero explicitly by call to
1853 * sk_alloc() so need not be done here.
1855 static int tcp_v4_init_sock(struct sock *sk)
1857 struct inet_connection_sock *icsk = inet_csk(sk);
1858 struct tcp_sock *tp = tcp_sk(sk);
1860 skb_queue_head_init(&tp->out_of_order_queue);
1861 tcp_init_xmit_timers(sk);
1862 tcp_prequeue_init(tp);
1864 icsk->icsk_rto = TCP_TIMEOUT_INIT;
1865 tp->mdev = TCP_TIMEOUT_INIT;
1867 /* So many TCP implementations out there (incorrectly) count the
1868 * initial SYN frame in their delayed-ACK and congestion control
1869 * algorithms that we must have the following bandaid to talk
1870 * efficiently to them. -DaveM
1874 /* See draft-stevens-tcpca-spec-01 for discussion of the
1875 * initialization of these values.
1877 tp->snd_ssthresh = TCP_INFINITE_SSTHRESH;
1878 tp->snd_cwnd_clamp = ~0;
1879 tp->mss_cache = TCP_MSS_DEFAULT;
1881 tp->reordering = sysctl_tcp_reordering;
1882 icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1884 sk->sk_state = TCP_CLOSE;
1886 sk->sk_write_space = sk_stream_write_space;
1887 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1889 icsk->icsk_af_ops = &ipv4_specific;
1890 icsk->icsk_sync_mss = tcp_sync_mss;
1891 #ifdef CONFIG_TCP_MD5SIG
1892 tp->af_specific = &tcp_sock_ipv4_specific;
1895 /* TCP Cookie Transactions */
1896 if (sysctl_tcp_cookie_size > 0) {
1897 /* Default, cookies without s_data_payload. */
1899 kzalloc(sizeof(*tp->cookie_values),
1901 if (tp->cookie_values != NULL)
1902 kref_init(&tp->cookie_values->kref);
1904 /* Presumed zeroed, in order of appearance:
1905 * cookie_in_always, cookie_out_never,
1906 * s_data_constant, s_data_in, s_data_out
1908 sk->sk_sndbuf = sysctl_tcp_wmem[1];
1909 sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1912 percpu_counter_inc(&tcp_sockets_allocated);
1918 void tcp_v4_destroy_sock(struct sock *sk)
1920 struct tcp_sock *tp = tcp_sk(sk);
1922 tcp_clear_xmit_timers(sk);
1924 tcp_cleanup_congestion_control(sk);
1926 /* Cleanup up the write buffer. */
1927 tcp_write_queue_purge(sk);
1929 /* Cleans up our, hopefully empty, out_of_order_queue. */
1930 __skb_queue_purge(&tp->out_of_order_queue);
1932 #ifdef CONFIG_TCP_MD5SIG
1933 /* Clean up the MD5 key list, if any */
1934 if (tp->md5sig_info) {
1935 tcp_v4_clear_md5_list(sk);
1936 kfree(tp->md5sig_info);
1937 tp->md5sig_info = NULL;
1941 #ifdef CONFIG_NET_DMA
1942 /* Cleans up our sk_async_wait_queue */
1943 __skb_queue_purge(&sk->sk_async_wait_queue);
1946 /* Clean prequeue, it must be empty really */
1947 __skb_queue_purge(&tp->ucopy.prequeue);
1949 /* Clean up a referenced TCP bind bucket. */
1950 if (inet_csk(sk)->icsk_bind_hash)
1954 * If sendmsg cached page exists, toss it.
1956 if (sk->sk_sndmsg_page) {
1957 __free_page(sk->sk_sndmsg_page);
1958 sk->sk_sndmsg_page = NULL;
1961 /* TCP Cookie Transactions */
1962 if (tp->cookie_values != NULL) {
1963 kref_put(&tp->cookie_values->kref,
1964 tcp_cookie_values_release);
1965 tp->cookie_values = NULL;
1968 percpu_counter_dec(&tcp_sockets_allocated);
1970 EXPORT_SYMBOL(tcp_v4_destroy_sock);
1972 #ifdef CONFIG_PROC_FS
1973 /* Proc filesystem TCP sock list dumping. */
1975 static inline struct inet_timewait_sock *tw_head(struct hlist_nulls_head *head)
1977 return hlist_nulls_empty(head) ? NULL :
1978 list_entry(head->first, struct inet_timewait_sock, tw_node);
1981 static inline struct inet_timewait_sock *tw_next(struct inet_timewait_sock *tw)
1983 return !is_a_nulls(tw->tw_node.next) ?
1984 hlist_nulls_entry(tw->tw_node.next, typeof(*tw), tw_node) : NULL;
1988 * Get next listener socket follow cur. If cur is NULL, get first socket
1989 * starting from bucket given in st->bucket; when st->bucket is zero the
1990 * very first socket in the hash table is returned.
1992 static void *listening_get_next(struct seq_file *seq, void *cur)
1994 struct inet_connection_sock *icsk;
1995 struct hlist_nulls_node *node;
1996 struct sock *sk = cur;
1997 struct inet_listen_hashbucket *ilb;
1998 struct tcp_iter_state *st = seq->private;
1999 struct net *net = seq_file_net(seq);
2002 ilb = &tcp_hashinfo.listening_hash[st->bucket];
2003 spin_lock_bh(&ilb->lock);
2004 sk = sk_nulls_head(&ilb->head);
2008 ilb = &tcp_hashinfo.listening_hash[st->bucket];
2012 if (st->state == TCP_SEQ_STATE_OPENREQ) {
2013 struct request_sock *req = cur;
2015 icsk = inet_csk(st->syn_wait_sk);
2019 if (req->rsk_ops->family == st->family) {
2026 if (++st->sbucket >= icsk->icsk_accept_queue.listen_opt->nr_table_entries)
2029 req = icsk->icsk_accept_queue.listen_opt->syn_table[st->sbucket];
2031 sk = sk_next(st->syn_wait_sk);
2032 st->state = TCP_SEQ_STATE_LISTENING;
2033 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2035 icsk = inet_csk(sk);
2036 read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2037 if (reqsk_queue_len(&icsk->icsk_accept_queue))
2039 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2043 sk_nulls_for_each_from(sk, node) {
2044 if (sk->sk_family == st->family && net_eq(sock_net(sk), net)) {
2048 icsk = inet_csk(sk);
2049 read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2050 if (reqsk_queue_len(&icsk->icsk_accept_queue)) {
2052 st->uid = sock_i_uid(sk);
2053 st->syn_wait_sk = sk;
2054 st->state = TCP_SEQ_STATE_OPENREQ;
2058 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2060 spin_unlock_bh(&ilb->lock);
2062 if (++st->bucket < INET_LHTABLE_SIZE) {
2063 ilb = &tcp_hashinfo.listening_hash[st->bucket];
2064 spin_lock_bh(&ilb->lock);
2065 sk = sk_nulls_head(&ilb->head);
2073 static void *listening_get_idx(struct seq_file *seq, loff_t *pos)
2075 struct tcp_iter_state *st = seq->private;
2080 rc = listening_get_next(seq, NULL);
2082 while (rc && *pos) {
2083 rc = listening_get_next(seq, rc);
2089 static inline int empty_bucket(struct tcp_iter_state *st)
2091 return hlist_nulls_empty(&tcp_hashinfo.ehash[st->bucket].chain) &&
2092 hlist_nulls_empty(&tcp_hashinfo.ehash[st->bucket].twchain);
2096 * Get first established socket starting from bucket given in st->bucket.
2097 * If st->bucket is zero, the very first socket in the hash is returned.
2099 static void *established_get_first(struct seq_file *seq)
2101 struct tcp_iter_state *st = seq->private;
2102 struct net *net = seq_file_net(seq);
2106 for (; st->bucket <= tcp_hashinfo.ehash_mask; ++st->bucket) {
2108 struct hlist_nulls_node *node;
2109 struct inet_timewait_sock *tw;
2110 spinlock_t *lock = inet_ehash_lockp(&tcp_hashinfo, st->bucket);
2112 /* Lockless fast path for the common case of empty buckets */
2113 if (empty_bucket(st))
2117 sk_nulls_for_each(sk, node, &tcp_hashinfo.ehash[st->bucket].chain) {
2118 if (sk->sk_family != st->family ||
2119 !net_eq(sock_net(sk), net)) {
2125 st->state = TCP_SEQ_STATE_TIME_WAIT;
2126 inet_twsk_for_each(tw, node,
2127 &tcp_hashinfo.ehash[st->bucket].twchain) {
2128 if (tw->tw_family != st->family ||
2129 !net_eq(twsk_net(tw), net)) {
2135 spin_unlock_bh(lock);
2136 st->state = TCP_SEQ_STATE_ESTABLISHED;
2142 static void *established_get_next(struct seq_file *seq, void *cur)
2144 struct sock *sk = cur;
2145 struct inet_timewait_sock *tw;
2146 struct hlist_nulls_node *node;
2147 struct tcp_iter_state *st = seq->private;
2148 struct net *net = seq_file_net(seq);
2153 if (st->state == TCP_SEQ_STATE_TIME_WAIT) {
2157 while (tw && (tw->tw_family != st->family || !net_eq(twsk_net(tw), net))) {
2164 spin_unlock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2165 st->state = TCP_SEQ_STATE_ESTABLISHED;
2167 /* Look for next non empty bucket */
2169 while (++st->bucket <= tcp_hashinfo.ehash_mask &&
2172 if (st->bucket > tcp_hashinfo.ehash_mask)
2175 spin_lock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2176 sk = sk_nulls_head(&tcp_hashinfo.ehash[st->bucket].chain);
2178 sk = sk_nulls_next(sk);
2180 sk_nulls_for_each_from(sk, node) {
2181 if (sk->sk_family == st->family && net_eq(sock_net(sk), net))
2185 st->state = TCP_SEQ_STATE_TIME_WAIT;
2186 tw = tw_head(&tcp_hashinfo.ehash[st->bucket].twchain);
2194 static void *established_get_idx(struct seq_file *seq, loff_t pos)
2196 struct tcp_iter_state *st = seq->private;
2200 rc = established_get_first(seq);
2203 rc = established_get_next(seq, rc);
2209 static void *tcp_get_idx(struct seq_file *seq, loff_t pos)
2212 struct tcp_iter_state *st = seq->private;
2214 st->state = TCP_SEQ_STATE_LISTENING;
2215 rc = listening_get_idx(seq, &pos);
2218 st->state = TCP_SEQ_STATE_ESTABLISHED;
2219 rc = established_get_idx(seq, pos);
2225 static void *tcp_seek_last_pos(struct seq_file *seq)
2227 struct tcp_iter_state *st = seq->private;
2228 int offset = st->offset;
2229 int orig_num = st->num;
2232 switch (st->state) {
2233 case TCP_SEQ_STATE_OPENREQ:
2234 case TCP_SEQ_STATE_LISTENING:
2235 if (st->bucket >= INET_LHTABLE_SIZE)
2237 st->state = TCP_SEQ_STATE_LISTENING;
2238 rc = listening_get_next(seq, NULL);
2239 while (offset-- && rc)
2240 rc = listening_get_next(seq, rc);
2245 case TCP_SEQ_STATE_ESTABLISHED:
2246 case TCP_SEQ_STATE_TIME_WAIT:
2247 st->state = TCP_SEQ_STATE_ESTABLISHED;
2248 if (st->bucket > tcp_hashinfo.ehash_mask)
2250 rc = established_get_first(seq);
2251 while (offset-- && rc)
2252 rc = established_get_next(seq, rc);
2260 static void *tcp_seq_start(struct seq_file *seq, loff_t *pos)
2262 struct tcp_iter_state *st = seq->private;
2265 if (*pos && *pos == st->last_pos) {
2266 rc = tcp_seek_last_pos(seq);
2271 st->state = TCP_SEQ_STATE_LISTENING;
2275 rc = *pos ? tcp_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2278 st->last_pos = *pos;
2282 static void *tcp_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2284 struct tcp_iter_state *st = seq->private;
2287 if (v == SEQ_START_TOKEN) {
2288 rc = tcp_get_idx(seq, 0);
2292 switch (st->state) {
2293 case TCP_SEQ_STATE_OPENREQ:
2294 case TCP_SEQ_STATE_LISTENING:
2295 rc = listening_get_next(seq, v);
2297 st->state = TCP_SEQ_STATE_ESTABLISHED;
2300 rc = established_get_first(seq);
2303 case TCP_SEQ_STATE_ESTABLISHED:
2304 case TCP_SEQ_STATE_TIME_WAIT:
2305 rc = established_get_next(seq, v);
2310 st->last_pos = *pos;
2314 static void tcp_seq_stop(struct seq_file *seq, void *v)
2316 struct tcp_iter_state *st = seq->private;
2318 switch (st->state) {
2319 case TCP_SEQ_STATE_OPENREQ:
2321 struct inet_connection_sock *icsk = inet_csk(st->syn_wait_sk);
2322 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2324 case TCP_SEQ_STATE_LISTENING:
2325 if (v != SEQ_START_TOKEN)
2326 spin_unlock_bh(&tcp_hashinfo.listening_hash[st->bucket].lock);
2328 case TCP_SEQ_STATE_TIME_WAIT:
2329 case TCP_SEQ_STATE_ESTABLISHED:
2331 spin_unlock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2336 static int tcp_seq_open(struct inode *inode, struct file *file)
2338 struct tcp_seq_afinfo *afinfo = PDE(inode)->data;
2339 struct tcp_iter_state *s;
2342 err = seq_open_net(inode, file, &afinfo->seq_ops,
2343 sizeof(struct tcp_iter_state));
2347 s = ((struct seq_file *)file->private_data)->private;
2348 s->family = afinfo->family;
2353 int tcp_proc_register(struct net *net, struct tcp_seq_afinfo *afinfo)
2356 struct proc_dir_entry *p;
2358 afinfo->seq_fops.open = tcp_seq_open;
2359 afinfo->seq_fops.read = seq_read;
2360 afinfo->seq_fops.llseek = seq_lseek;
2361 afinfo->seq_fops.release = seq_release_net;
2363 afinfo->seq_ops.start = tcp_seq_start;
2364 afinfo->seq_ops.next = tcp_seq_next;
2365 afinfo->seq_ops.stop = tcp_seq_stop;
2367 p = proc_create_data(afinfo->name, S_IRUGO, net->proc_net,
2368 &afinfo->seq_fops, afinfo);
2373 EXPORT_SYMBOL(tcp_proc_register);
2375 void tcp_proc_unregister(struct net *net, struct tcp_seq_afinfo *afinfo)
2377 proc_net_remove(net, afinfo->name);
2379 EXPORT_SYMBOL(tcp_proc_unregister);
2381 static void get_openreq4(struct sock *sk, struct request_sock *req,
2382 struct seq_file *f, int i, int uid, int *len)
2384 const struct inet_request_sock *ireq = inet_rsk(req);
2385 int ttd = req->expires - jiffies;
2387 seq_printf(f, "%4d: %08X:%04X %08X:%04X"
2388 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %u %d %p%n",
2391 ntohs(inet_sk(sk)->inet_sport),
2393 ntohs(ireq->rmt_port),
2395 0, 0, /* could print option size, but that is af dependent. */
2396 1, /* timers active (only the expire timer) */
2397 jiffies_to_clock_t(ttd),
2400 0, /* non standard timer */
2401 0, /* open_requests have no inode */
2402 atomic_read(&sk->sk_refcnt),
2407 static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
2410 unsigned long timer_expires;
2411 struct tcp_sock *tp = tcp_sk(sk);
2412 const struct inet_connection_sock *icsk = inet_csk(sk);
2413 struct inet_sock *inet = inet_sk(sk);
2414 __be32 dest = inet->inet_daddr;
2415 __be32 src = inet->inet_rcv_saddr;
2416 __u16 destp = ntohs(inet->inet_dport);
2417 __u16 srcp = ntohs(inet->inet_sport);
2420 if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
2422 timer_expires = icsk->icsk_timeout;
2423 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2425 timer_expires = icsk->icsk_timeout;
2426 } else if (timer_pending(&sk->sk_timer)) {
2428 timer_expires = sk->sk_timer.expires;
2431 timer_expires = jiffies;
2434 if (sk->sk_state == TCP_LISTEN)
2435 rx_queue = sk->sk_ack_backlog;
2438 * because we dont lock socket, we might find a transient negative value
2440 rx_queue = max_t(int, tp->rcv_nxt - tp->copied_seq, 0);
2442 seq_printf(f, "%4d: %08X:%04X %08X:%04X %02X %08X:%08X %02X:%08lX "
2443 "%08X %5d %8d %lu %d %p %lu %lu %u %u %d%n",
2444 i, src, srcp, dest, destp, sk->sk_state,
2445 tp->write_seq - tp->snd_una,
2448 jiffies_to_clock_t(timer_expires - jiffies),
2449 icsk->icsk_retransmits,
2451 icsk->icsk_probes_out,
2453 atomic_read(&sk->sk_refcnt), sk,
2454 jiffies_to_clock_t(icsk->icsk_rto),
2455 jiffies_to_clock_t(icsk->icsk_ack.ato),
2456 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
2458 tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh,
2462 static void get_timewait4_sock(struct inet_timewait_sock *tw,
2463 struct seq_file *f, int i, int *len)
2467 int ttd = tw->tw_ttd - jiffies;
2472 dest = tw->tw_daddr;
2473 src = tw->tw_rcv_saddr;
2474 destp = ntohs(tw->tw_dport);
2475 srcp = ntohs(tw->tw_sport);
2477 seq_printf(f, "%4d: %08X:%04X %08X:%04X"
2478 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p%n",
2479 i, src, srcp, dest, destp, tw->tw_substate, 0, 0,
2480 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2481 atomic_read(&tw->tw_refcnt), tw, len);
2486 static int tcp4_seq_show(struct seq_file *seq, void *v)
2488 struct tcp_iter_state *st;
2491 if (v == SEQ_START_TOKEN) {
2492 seq_printf(seq, "%-*s\n", TMPSZ - 1,
2493 " sl local_address rem_address st tx_queue "
2494 "rx_queue tr tm->when retrnsmt uid timeout "
2500 switch (st->state) {
2501 case TCP_SEQ_STATE_LISTENING:
2502 case TCP_SEQ_STATE_ESTABLISHED:
2503 get_tcp4_sock(v, seq, st->num, &len);
2505 case TCP_SEQ_STATE_OPENREQ:
2506 get_openreq4(st->syn_wait_sk, v, seq, st->num, st->uid, &len);
2508 case TCP_SEQ_STATE_TIME_WAIT:
2509 get_timewait4_sock(v, seq, st->num, &len);
2512 seq_printf(seq, "%*s\n", TMPSZ - 1 - len, "");
2517 static struct tcp_seq_afinfo tcp4_seq_afinfo = {
2521 .owner = THIS_MODULE,
2524 .show = tcp4_seq_show,
2528 static int __net_init tcp4_proc_init_net(struct net *net)
2530 return tcp_proc_register(net, &tcp4_seq_afinfo);
2533 static void __net_exit tcp4_proc_exit_net(struct net *net)
2535 tcp_proc_unregister(net, &tcp4_seq_afinfo);
2538 static struct pernet_operations tcp4_net_ops = {
2539 .init = tcp4_proc_init_net,
2540 .exit = tcp4_proc_exit_net,
2543 int __init tcp4_proc_init(void)
2545 return register_pernet_subsys(&tcp4_net_ops);
2548 void tcp4_proc_exit(void)
2550 unregister_pernet_subsys(&tcp4_net_ops);
2552 #endif /* CONFIG_PROC_FS */
2554 struct sk_buff **tcp4_gro_receive(struct sk_buff **head, struct sk_buff *skb)
2556 struct iphdr *iph = skb_gro_network_header(skb);
2558 switch (skb->ip_summed) {
2559 case CHECKSUM_COMPLETE:
2560 if (!tcp_v4_check(skb_gro_len(skb), iph->saddr, iph->daddr,
2562 skb->ip_summed = CHECKSUM_UNNECESSARY;
2568 NAPI_GRO_CB(skb)->flush = 1;
2572 return tcp_gro_receive(head, skb);
2575 int tcp4_gro_complete(struct sk_buff *skb)
2577 struct iphdr *iph = ip_hdr(skb);
2578 struct tcphdr *th = tcp_hdr(skb);
2580 th->check = ~tcp_v4_check(skb->len - skb_transport_offset(skb),
2581 iph->saddr, iph->daddr, 0);
2582 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV4;
2584 return tcp_gro_complete(skb);
2587 struct proto tcp_prot = {
2589 .owner = THIS_MODULE,
2591 .connect = tcp_v4_connect,
2592 .disconnect = tcp_disconnect,
2593 .accept = inet_csk_accept,
2595 .init = tcp_v4_init_sock,
2596 .destroy = tcp_v4_destroy_sock,
2597 .shutdown = tcp_shutdown,
2598 .setsockopt = tcp_setsockopt,
2599 .getsockopt = tcp_getsockopt,
2600 .recvmsg = tcp_recvmsg,
2601 .sendmsg = tcp_sendmsg,
2602 .sendpage = tcp_sendpage,
2603 .backlog_rcv = tcp_v4_do_rcv,
2605 .unhash = inet_unhash,
2606 .get_port = inet_csk_get_port,
2607 .enter_memory_pressure = tcp_enter_memory_pressure,
2608 .sockets_allocated = &tcp_sockets_allocated,
2609 .orphan_count = &tcp_orphan_count,
2610 .memory_allocated = &tcp_memory_allocated,
2611 .memory_pressure = &tcp_memory_pressure,
2612 .sysctl_mem = sysctl_tcp_mem,
2613 .sysctl_wmem = sysctl_tcp_wmem,
2614 .sysctl_rmem = sysctl_tcp_rmem,
2615 .max_header = MAX_TCP_HEADER,
2616 .obj_size = sizeof(struct tcp_sock),
2617 .slab_flags = SLAB_DESTROY_BY_RCU,
2618 .twsk_prot = &tcp_timewait_sock_ops,
2619 .rsk_prot = &tcp_request_sock_ops,
2620 .h.hashinfo = &tcp_hashinfo,
2621 .no_autobind = true,
2622 #ifdef CONFIG_COMPAT
2623 .compat_setsockopt = compat_tcp_setsockopt,
2624 .compat_getsockopt = compat_tcp_getsockopt,
2627 EXPORT_SYMBOL(tcp_prot);
2630 static int __net_init tcp_sk_init(struct net *net)
2632 return inet_ctl_sock_create(&net->ipv4.tcp_sock,
2633 PF_INET, SOCK_RAW, IPPROTO_TCP, net);
2636 static void __net_exit tcp_sk_exit(struct net *net)
2638 inet_ctl_sock_destroy(net->ipv4.tcp_sock);
2641 static void __net_exit tcp_sk_exit_batch(struct list_head *net_exit_list)
2643 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET);
2646 static struct pernet_operations __net_initdata tcp_sk_ops = {
2647 .init = tcp_sk_init,
2648 .exit = tcp_sk_exit,
2649 .exit_batch = tcp_sk_exit_batch,
2652 void __init tcp_v4_init(void)
2654 inet_hashinfo_init(&tcp_hashinfo);
2655 if (register_pernet_subsys(&tcp_sk_ops))
2656 panic("Failed to create the TCP control socket.\n");
projects / linux-flexiantxendom0-natty.git / blob