~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/ipv4/tcp_ipv4.c

Version: ~ [ linux-5.3-rc4 ] ~ [ linux-5.2.8 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.66 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.138 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.189 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.189 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.71 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * INET         An implementation of the TCP/IP protocol suite for the LINUX
  3  *              operating system.  INET is implemented using the  BSD Socket
  4  *              interface as the means of communication with the user level.
  5  *
  6  *              Implementation of the Transmission Control Protocol(TCP).
  7  *
  8  *              IPv4 specific functions
  9  *
 10  *
 11  *              code split from:
 12  *              linux/ipv4/tcp.c
 13  *              linux/ipv4/tcp_input.c
 14  *              linux/ipv4/tcp_output.c
 15  *
 16  *              See tcp.c for author information
 17  *
 18  *      This program is free software; you can redistribute it and/or
 19  *      modify it under the terms of the GNU General Public License
 20  *      as published by the Free Software Foundation; either version
 21  *      2 of the License, or (at your option) any later version.
 22  */
 23 
 24 /*
 25  * Changes:
 26  *              David S. Miller :       New socket lookup architecture.
 27  *                                      This code is dedicated to John Dyson.
 28  *              David S. Miller :       Change semantics of established hash,
 29  *                                      half is devoted to TIME_WAIT sockets
 30  *                                      and the rest go in the other half.
 31  *              Andi Kleen :            Add support for syncookies and fixed
 32  *                                      some bugs: ip options weren't passed to
 33  *                                      the TCP layer, missed a check for an
 34  *                                      ACK bit.
 35  *              Andi Kleen :            Implemented fast path mtu discovery.
 36  *                                      Fixed many serious bugs in the
 37  *                                      request_sock handling and moved
 38  *                                      most of it into the af independent code.
 39  *                                      Added tail drop and some other bugfixes.
 40  *                                      Added new listen semantics.
 41  *              Mike McLagan    :       Routing by source
 42  *      Juan Jose Ciarlante:            ip_dynaddr bits
 43  *              Andi Kleen:             various fixes.
 44  *      Vitaly E. Lavrov        :       Transparent proxy revived after year
 45  *                                      coma.
 46  *      Andi Kleen              :       Fix new listen.
 47  *      Andi Kleen              :       Fix accept error reporting.
 48  *      YOSHIFUJI Hideaki @USAGI and:   Support IPV6_V6ONLY socket option, which
 49  *      Alexey Kuznetsov                allow both IPv4 and IPv6 sockets to bind
 50  *                                      a single port at the same time.
 51  */
 52 
 53 
 54 #include <linux/bottom_half.h>
 55 #include <linux/types.h>
 56 #include <linux/fcntl.h>
 57 #include <linux/module.h>
 58 #include <linux/random.h>
 59 #include <linux/cache.h>
 60 #include <linux/jhash.h>
 61 #include <linux/init.h>
 62 #include <linux/times.h>
 63 #include <linux/slab.h>
 64 
 65 #include <net/net_namespace.h>
 66 #include <net/icmp.h>
 67 #include <net/inet_hashtables.h>
 68 #include <net/tcp.h>
 69 #include <net/transp_v6.h>
 70 #include <net/ipv6.h>
 71 #include <net/inet_common.h>
 72 #include <net/timewait_sock.h>
 73 #include <net/xfrm.h>
 74 #include <net/netdma.h>
 75 #include <net/secure_seq.h>
 76 
 77 #include <linux/inet.h>
 78 #include <linux/ipv6.h>
 79 #include <linux/stddef.h>
 80 #include <linux/proc_fs.h>
 81 #include <linux/seq_file.h>
 82 
 83 #include <linux/crypto.h>
 84 #include <linux/scatterlist.h>
 85 
 86 int sysctl_tcp_tw_reuse __read_mostly;
 87 int sysctl_tcp_low_latency __read_mostly;
 88 EXPORT_SYMBOL(sysctl_tcp_low_latency);
 89 
 90 
 91 #ifdef CONFIG_TCP_MD5SIG
 92 static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk,
 93                                                    __be32 addr);
 94 static int tcp_v4_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
 95                                __be32 daddr, __be32 saddr, const struct tcphdr *th);
 96 #else
 97 static inline
 98 struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk, __be32 addr)
 99 {
100         return NULL;
101 }
102 #endif
103 
104 struct inet_hashinfo tcp_hashinfo;
105 EXPORT_SYMBOL(tcp_hashinfo);
106 
107 static inline __u32 tcp_v4_init_sequence(const struct sk_buff *skb)
108 {
109         return secure_tcp_sequence_number(ip_hdr(skb)->daddr,
110                                           ip_hdr(skb)->saddr,
111                                           tcp_hdr(skb)->dest,
112                                           tcp_hdr(skb)->source);
113 }
114 
115 int tcp_twsk_unique(struct sock *sk, struct sock *sktw, void *twp)
116 {
117         const struct tcp_timewait_sock *tcptw = tcp_twsk(sktw);
118         struct tcp_sock *tp = tcp_sk(sk);
119 
120         /* With PAWS, it is safe from the viewpoint
121            of data integrity. Even without PAWS it is safe provided sequence
122            spaces do not overlap i.e. at data rates <= 80Mbit/sec.
123 
124            Actually, the idea is close to VJ's one, only timestamp cache is
125            held not per host, but per port pair and TW bucket is used as state
126            holder.
127 
128            If TW bucket has been already destroyed we fall back to VJ's scheme
129            and use initial timestamp retrieved from peer table.
130          */
131         if (tcptw->tw_ts_recent_stamp &&
132             (twp == NULL || (sysctl_tcp_tw_reuse &&
133                              get_seconds() - tcptw->tw_ts_recent_stamp > 1))) {
134                 tp->write_seq = tcptw->tw_snd_nxt + 65535 + 2;
135                 if (tp->write_seq == 0)
136                         tp->write_seq = 1;
137                 tp->rx_opt.ts_recent       = tcptw->tw_ts_recent;
138                 tp->rx_opt.ts_recent_stamp = tcptw->tw_ts_recent_stamp;
139                 sock_hold(sktw);
140                 return 1;
141         }
142 
143         return 0;
144 }
145 EXPORT_SYMBOL_GPL(tcp_twsk_unique);
146 
147 /* This will initiate an outgoing connection. */
148 int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
149 {
150         struct sockaddr_in *usin = (struct sockaddr_in *)uaddr;
151         struct inet_sock *inet = inet_sk(sk);
152         struct tcp_sock *tp = tcp_sk(sk);
153         __be16 orig_sport, orig_dport;
154         __be32 daddr, nexthop;
155         struct flowi4 *fl4;
156         struct rtable *rt;
157         int err;
158         struct ip_options_rcu *inet_opt;
159 
160         if (addr_len < sizeof(struct sockaddr_in))
161                 return -EINVAL;
162 
163         if (usin->sin_family != AF_INET)
164                 return -EAFNOSUPPORT;
165 
166         nexthop = daddr = usin->sin_addr.s_addr;
167         inet_opt = rcu_dereference_protected(inet->inet_opt,
168                                              sock_owned_by_user(sk));
169         if (inet_opt && inet_opt->opt.srr) {
170                 if (!daddr)
171                         return -EINVAL;
172                 nexthop = inet_opt->opt.faddr;
173         }
174 
175         orig_sport = inet->inet_sport;
176         orig_dport = usin->sin_port;
177         fl4 = &inet->cork.fl.u.ip4;
178         rt = ip_route_connect(fl4, nexthop, inet->inet_saddr,
179                               RT_CONN_FLAGS(sk), sk->sk_bound_dev_if,
180                               IPPROTO_TCP,
181                               orig_sport, orig_dport, sk, true);
182         if (IS_ERR(rt)) {
183                 err = PTR_ERR(rt);
184                 if (err == -ENETUNREACH)
185                         IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
186                 return err;
187         }
188 
189         if (rt->rt_flags & (RTCF_MULTICAST | RTCF_BROADCAST)) {
190                 ip_rt_put(rt);
191                 return -ENETUNREACH;
192         }
193 
194         if (!inet_opt || !inet_opt->opt.srr)
195                 daddr = fl4->daddr;
196 
197         if (!inet->inet_saddr)
198                 inet->inet_saddr = fl4->saddr;
199         inet->inet_rcv_saddr = inet->inet_saddr;
200 
201         if (tp->rx_opt.ts_recent_stamp && inet->inet_daddr != daddr) {
202                 /* Reset inherited state */
203                 tp->rx_opt.ts_recent       = 0;
204                 tp->rx_opt.ts_recent_stamp = 0;
205                 tp->write_seq              = 0;
206         }
207 
208         if (tcp_death_row.sysctl_tw_recycle &&
209             !tp->rx_opt.ts_recent_stamp && fl4->daddr == daddr) {
210                 struct inet_peer *peer = rt_get_peer(rt, fl4->daddr);
211                 /*
212                  * VJ's idea. We save last timestamp seen from
213                  * the destination in peer table, when entering state
214                  * TIME-WAIT * and initialize rx_opt.ts_recent from it,
215                  * when trying new connection.
216                  */
217                 if (peer) {
218                         inet_peer_refcheck(peer);
219                         if ((u32)get_seconds() - peer->tcp_ts_stamp <= TCP_PAWS_MSL) {
220                                 tp->rx_opt.ts_recent_stamp = peer->tcp_ts_stamp;
221                                 tp->rx_opt.ts_recent = peer->tcp_ts;
222                         }
223                 }
224         }
225 
226         inet->inet_dport = usin->sin_port;
227         inet->inet_daddr = daddr;
228 
229         inet_csk(sk)->icsk_ext_hdr_len = 0;
230         if (inet_opt)
231                 inet_csk(sk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
232 
233         tp->rx_opt.mss_clamp = TCP_MSS_DEFAULT;
234 
235         /* Socket identity is still unknown (sport may be zero).
236          * However we set state to SYN-SENT and not releasing socket
237          * lock select source port, enter ourselves into the hash tables and
238          * complete initialization after this.
239          */
240         tcp_set_state(sk, TCP_SYN_SENT);
241         err = inet_hash_connect(&tcp_death_row, sk);
242         if (err)
243                 goto failure;
244 
245         rt = ip_route_newports(fl4, rt, orig_sport, orig_dport,
246                                inet->inet_sport, inet->inet_dport, sk);
247         if (IS_ERR(rt)) {
248                 err = PTR_ERR(rt);
249                 rt = NULL;
250                 goto failure;
251         }
252         /* OK, now commit destination to socket.  */
253         sk->sk_gso_type = SKB_GSO_TCPV4;
254         sk_setup_caps(sk, &rt->dst);
255 
256         if (!tp->write_seq)
257                 tp->write_seq = secure_tcp_sequence_number(inet->inet_saddr,
258                                                            inet->inet_daddr,
259                                                            inet->inet_sport,
260                                                            usin->sin_port);
261 
262         inet->inet_id = tp->write_seq ^ jiffies;
263 
264         err = tcp_connect(sk);
265         rt = NULL;
266         if (err)
267                 goto failure;
268 
269         return 0;
270 
271 failure:
272         /*
273          * This unhashes the socket and releases the local port,
274          * if necessary.
275          */
276         tcp_set_state(sk, TCP_CLOSE);
277         ip_rt_put(rt);
278         sk->sk_route_caps = 0;
279         inet->inet_dport = 0;
280         return err;
281 }
282 EXPORT_SYMBOL(tcp_v4_connect);
283 
284 /*
285  * This routine does path mtu discovery as defined in RFC1191.
286  */
287 static void do_pmtu_discovery(struct sock *sk, const struct iphdr *iph, u32 mtu)
288 {
289         struct dst_entry *dst;
290         struct inet_sock *inet = inet_sk(sk);
291 
292         /* We are not interested in TCP_LISTEN and open_requests (SYN-ACKs
293          * send out by Linux are always <576bytes so they should go through
294          * unfragmented).
295          */
296         if (sk->sk_state == TCP_LISTEN)
297                 return;
298 
299         /* We don't check in the destentry if pmtu discovery is forbidden
300          * on this route. We just assume that no packet_to_big packets
301          * are send back when pmtu discovery is not active.
302          * There is a small race when the user changes this flag in the
303          * route, but I think that's acceptable.
304          */
305         if ((dst = __sk_dst_check(sk, 0)) == NULL)
306                 return;
307 
308         dst->ops->update_pmtu(dst, mtu);
309 
310         /* Something is about to be wrong... Remember soft error
311          * for the case, if this connection will not able to recover.
312          */
313         if (mtu < dst_mtu(dst) && ip_dont_fragment(sk, dst))
314                 sk->sk_err_soft = EMSGSIZE;
315 
316         mtu = dst_mtu(dst);
317 
318         if (inet->pmtudisc != IP_PMTUDISC_DONT &&
319             inet_csk(sk)->icsk_pmtu_cookie > mtu) {
320                 tcp_sync_mss(sk, mtu);
321 
322                 /* Resend the TCP packet because it's
323                  * clear that the old packet has been
324                  * dropped. This is the new "fast" path mtu
325                  * discovery.
326                  */
327                 tcp_simple_retransmit(sk);
328         } /* else let the usual retransmit timer handle it */
329 }
330 
331 /*
332  * This routine is called by the ICMP module when it gets some
333  * sort of error condition.  If err < 0 then the socket should
334  * be closed and the error returned to the user.  If err > 0
335  * it's just the icmp type << 8 | icmp code.  After adjustment
336  * header points to the first 8 bytes of the tcp header.  We need
337  * to find the appropriate port.
338  *
339  * The locking strategy used here is very "optimistic". When
340  * someone else accesses the socket the ICMP is just dropped
341  * and for some paths there is no check at all.
342  * A more general error queue to queue errors for later handling
343  * is probably better.
344  *
345  */
346 
347 void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
348 {
349         const struct iphdr *iph = (const struct iphdr *)icmp_skb->data;
350         struct tcphdr *th = (struct tcphdr *)(icmp_skb->data + (iph->ihl << 2));
351         struct inet_connection_sock *icsk;
352         struct tcp_sock *tp;
353         struct inet_sock *inet;
354         const int type = icmp_hdr(icmp_skb)->type;
355         const int code = icmp_hdr(icmp_skb)->code;
356         struct sock *sk;
357         struct sk_buff *skb;
358         __u32 seq;
359         __u32 remaining;
360         int err;
361         struct net *net = dev_net(icmp_skb->dev);
362 
363         if (icmp_skb->len < (iph->ihl << 2) + 8) {
364                 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
365                 return;
366         }
367 
368         sk = inet_lookup(net, &tcp_hashinfo, iph->daddr, th->dest,
369                         iph->saddr, th->source, inet_iif(icmp_skb));
370         if (!sk) {
371                 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
372                 return;
373         }
374         if (sk->sk_state == TCP_TIME_WAIT) {
375                 inet_twsk_put(inet_twsk(sk));
376                 return;
377         }
378 
379         bh_lock_sock(sk);
380         /* If too many ICMPs get dropped on busy
381          * servers this needs to be solved differently.
382          */
383         if (sock_owned_by_user(sk))
384                 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
385 
386         if (sk->sk_state == TCP_CLOSE)
387                 goto out;
388 
389         if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
390                 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
391                 goto out;
392         }
393 
394         icsk = inet_csk(sk);
395         tp = tcp_sk(sk);
396         seq = ntohl(th->seq);
397         if (sk->sk_state != TCP_LISTEN &&
398             !between(seq, tp->snd_una, tp->snd_nxt)) {
399                 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
400                 goto out;
401         }
402 
403         switch (type) {
404         case ICMP_SOURCE_QUENCH:
405                 /* Just silently ignore these. */
406                 goto out;
407         case ICMP_PARAMETERPROB:
408                 err = EPROTO;
409                 break;
410         case ICMP_DEST_UNREACH:
411                 if (code > NR_ICMP_UNREACH)
412                         goto out;
413 
414                 if (code == ICMP_FRAG_NEEDED) { /* PMTU discovery (RFC1191) */
415                         if (!sock_owned_by_user(sk))
416                                 do_pmtu_discovery(sk, iph, info);
417                         goto out;
418                 }
419 
420                 err = icmp_err_convert[code].errno;
421                 /* check if icmp_skb allows revert of backoff
422                  * (see draft-zimmermann-tcp-lcd) */
423                 if (code != ICMP_NET_UNREACH && code != ICMP_HOST_UNREACH)
424                         break;
425                 if (seq != tp->snd_una  || !icsk->icsk_retransmits ||
426                     !icsk->icsk_backoff)
427                         break;
428 
429                 if (sock_owned_by_user(sk))
430                         break;
431 
432                 icsk->icsk_backoff--;
433                 inet_csk(sk)->icsk_rto = (tp->srtt ? __tcp_set_rto(tp) :
434                         TCP_TIMEOUT_INIT) << icsk->icsk_backoff;
435                 tcp_bound_rto(sk);
436 
437                 skb = tcp_write_queue_head(sk);
438                 BUG_ON(!skb);
439 
440                 remaining = icsk->icsk_rto - min(icsk->icsk_rto,
441                                 tcp_time_stamp - TCP_SKB_CB(skb)->when);
442 
443                 if (remaining) {
444                         inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
445                                                   remaining, TCP_RTO_MAX);
446                 } else {
447                         /* RTO revert clocked out retransmission.
448                          * Will retransmit now */
449                         tcp_retransmit_timer(sk);
450                 }
451 
452                 break;
453         case ICMP_TIME_EXCEEDED:
454                 err = EHOSTUNREACH;
455                 break;
456         default:
457                 goto out;
458         }
459 
460         switch (sk->sk_state) {
461                 struct request_sock *req, **prev;
462         case TCP_LISTEN:
463                 if (sock_owned_by_user(sk))
464                         goto out;
465 
466                 req = inet_csk_search_req(sk, &prev, th->dest,
467                                           iph->daddr, iph->saddr);
468                 if (!req)
469                         goto out;
470 
471                 /* ICMPs are not backlogged, hence we cannot get
472                    an established socket here.
473                  */
474                 WARN_ON(req->sk);
475 
476                 if (seq != tcp_rsk(req)->snt_isn) {
477                         NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
478                         goto out;
479                 }
480 
481                 /*
482                  * Still in SYN_RECV, just remove it silently.
483                  * There is no good way to pass the error to the newly
484                  * created socket, and POSIX does not want network
485                  * errors returned from accept().
486                  */
487                 inet_csk_reqsk_queue_drop(sk, req, prev);
488                 goto out;
489 
490         case TCP_SYN_SENT:
491         case TCP_SYN_RECV:  /* Cannot happen.
492                                It can f.e. if SYNs crossed.
493                              */
494                 if (!sock_owned_by_user(sk)) {
495                         sk->sk_err = err;
496 
497                         sk->sk_error_report(sk);
498 
499                         tcp_done(sk);
500                 } else {
501                         sk->sk_err_soft = err;
502                 }
503                 goto out;
504         }
505 
506         /* If we've already connected we will keep trying
507          * until we time out, or the user gives up.
508          *
509          * rfc1122 4.2.3.9 allows to consider as hard errors
510          * only PROTO_UNREACH and PORT_UNREACH (well, FRAG_FAILED too,
511          * but it is obsoleted by pmtu discovery).
512          *
513          * Note, that in modern internet, where routing is unreliable
514          * and in each dark corner broken firewalls sit, sending random
515          * errors ordered by their masters even this two messages finally lose
516          * their original sense (even Linux sends invalid PORT_UNREACHs)
517          *
518          * Now we are in compliance with RFCs.
519          *                                                      --ANK (980905)
520          */
521 
522         inet = inet_sk(sk);
523         if (!sock_owned_by_user(sk) && inet->recverr) {
524                 sk->sk_err = err;
525                 sk->sk_error_report(sk);
526         } else  { /* Only an error on timeout */
527                 sk->sk_err_soft = err;
528         }
529 
530 out:
531         bh_unlock_sock(sk);
532         sock_put(sk);
533 }
534 
535 static void __tcp_v4_send_check(struct sk_buff *skb,
536                                 __be32 saddr, __be32 daddr)
537 {
538         struct tcphdr *th = tcp_hdr(skb);
539 
540         if (skb->ip_summed == CHECKSUM_PARTIAL) {
541                 th->check = ~tcp_v4_check(skb->len, saddr, daddr, 0);
542                 skb->csum_start = skb_transport_header(skb) - skb->head;
543                 skb->csum_offset = offsetof(struct tcphdr, check);
544         } else {
545                 th->check = tcp_v4_check(skb->len, saddr, daddr,
546                                          csum_partial(th,
547                                                       th->doff << 2,
548                                                       skb->csum));
549         }
550 }
551 
552 /* This routine computes an IPv4 TCP checksum. */
553 void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb)
554 {
555         const struct inet_sock *inet = inet_sk(sk);
556 
557         __tcp_v4_send_check(skb, inet->inet_saddr, inet->inet_daddr);
558 }
559 EXPORT_SYMBOL(tcp_v4_send_check);
560 
561 int tcp_v4_gso_send_check(struct sk_buff *skb)
562 {
563         const struct iphdr *iph;
564         struct tcphdr *th;
565 
566         if (!pskb_may_pull(skb, sizeof(*th)))
567                 return -EINVAL;
568 
569         iph = ip_hdr(skb);
570         th = tcp_hdr(skb);
571 
572         th->check = 0;
573         skb->ip_summed = CHECKSUM_PARTIAL;
574         __tcp_v4_send_check(skb, iph->saddr, iph->daddr);
575         return 0;
576 }
577 
578 /*
579  *      This routine will send an RST to the other tcp.
580  *
581  *      Someone asks: why I NEVER use socket parameters (TOS, TTL etc.)
582  *                    for reset.
583  *      Answer: if a packet caused RST, it is not for a socket
584  *              existing in our system, if it is matched to a socket,
585  *              it is just duplicate segment or bug in other side's TCP.
586  *              So that we build reply only basing on parameters
587  *              arrived with segment.
588  *      Exception: precedence violation. We do not implement it in any case.
589  */
590 
591 static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
592 {
593         const struct tcphdr *th = tcp_hdr(skb);
594         struct {
595                 struct tcphdr th;
596 #ifdef CONFIG_TCP_MD5SIG
597                 __be32 opt[(TCPOLEN_MD5SIG_ALIGNED >> 2)];
598 #endif
599         } rep;
600         struct ip_reply_arg arg;
601 #ifdef CONFIG_TCP_MD5SIG
602         struct tcp_md5sig_key *key;
603 #endif
604         struct net *net;
605 
606         /* Never send a reset in response to a reset. */
607         if (th->rst)
608                 return;
609 
610         if (skb_rtable(skb)->rt_type != RTN_LOCAL)
611                 return;
612 
613         /* Swap the send and the receive. */
614         memset(&rep, 0, sizeof(rep));
615         rep.th.dest   = th->source;
616         rep.th.source = th->dest;
617         rep.th.doff   = sizeof(struct tcphdr) / 4;
618         rep.th.rst    = 1;
619 
620         if (th->ack) {
621                 rep.th.seq = th->ack_seq;
622         } else {
623                 rep.th.ack = 1;
624                 rep.th.ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin +
625                                        skb->len - (th->doff << 2));
626         }
627 
628         memset(&arg, 0, sizeof(arg));
629         arg.iov[0].iov_base = (unsigned char *)&rep;
630         arg.iov[0].iov_len  = sizeof(rep.th);
631 
632 #ifdef CONFIG_TCP_MD5SIG
633         key = sk ? tcp_v4_md5_do_lookup(sk, ip_hdr(skb)->saddr) : NULL;
634         if (key) {
635                 rep.opt[0] = htonl((TCPOPT_NOP << 24) |
636                                    (TCPOPT_NOP << 16) |
637                                    (TCPOPT_MD5SIG << 8) |
638                                    TCPOLEN_MD5SIG);
639                 /* Update length and the length the header thinks exists */
640                 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
641                 rep.th.doff = arg.iov[0].iov_len / 4;
642 
643                 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[1],
644                                      key, ip_hdr(skb)->saddr,
645                                      ip_hdr(skb)->daddr, &rep.th);
646         }
647 #endif
648         arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
649                                       ip_hdr(skb)->saddr, /* XXX */
650                                       arg.iov[0].iov_len, IPPROTO_TCP, 0);
651         arg.csumoffset = offsetof(struct tcphdr, check) / 2;
652         arg.flags = (sk && inet_sk(sk)->transparent) ? IP_REPLY_ARG_NOSRCCHECK : 0;
653         /* When socket is gone, all binding information is lost.
654          * routing might fail in this case. No choice here, if we choose to force
655          * input interface, we will misroute in case of asymmetric route.
656          */
657         if (sk)
658                 arg.bound_dev_if = sk->sk_bound_dev_if;
659 
660         net = dev_net(skb_dst(skb)->dev);
661         arg.tos = ip_hdr(skb)->tos;
662         ip_send_reply(net->ipv4.tcp_sock, skb, ip_hdr(skb)->saddr,
663                       &arg, arg.iov[0].iov_len);
664 
665         TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
666         TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
667 }
668 
669 /* The code following below sending ACKs in SYN-RECV and TIME-WAIT states
670    outside socket context is ugly, certainly. What can I do?
671  */
672 
673 static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, u32 ack,
674                             u32 win, u32 ts, int oif,
675                             struct tcp_md5sig_key *key,
676                             int reply_flags, u8 tos)
677 {
678         const struct tcphdr *th = tcp_hdr(skb);
679         struct {
680                 struct tcphdr th;
681                 __be32 opt[(TCPOLEN_TSTAMP_ALIGNED >> 2)
682 #ifdef CONFIG_TCP_MD5SIG
683                            + (TCPOLEN_MD5SIG_ALIGNED >> 2)
684 #endif
685                         ];
686         } rep;
687         struct ip_reply_arg arg;
688         struct net *net = dev_net(skb_dst(skb)->dev);
689 
690         memset(&rep.th, 0, sizeof(struct tcphdr));
691         memset(&arg, 0, sizeof(arg));
692 
693         arg.iov[0].iov_base = (unsigned char *)&rep;
694         arg.iov[0].iov_len  = sizeof(rep.th);
695         if (ts) {
696                 rep.opt[0] = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
697                                    (TCPOPT_TIMESTAMP << 8) |
698                                    TCPOLEN_TIMESTAMP);
699                 rep.opt[1] = htonl(tcp_time_stamp);
700                 rep.opt[2] = htonl(ts);
701                 arg.iov[0].iov_len += TCPOLEN_TSTAMP_ALIGNED;
702         }
703 
704         /* Swap the send and the receive. */
705         rep.th.dest    = th->source;
706         rep.th.source  = th->dest;
707         rep.th.doff    = arg.iov[0].iov_len / 4;
708         rep.th.seq     = htonl(seq);
709         rep.th.ack_seq = htonl(ack);
710         rep.th.ack     = 1;
711         rep.th.window  = htons(win);
712 
713 #ifdef CONFIG_TCP_MD5SIG
714         if (key) {
715                 int offset = (ts) ? 3 : 0;
716 
717                 rep.opt[offset++] = htonl((TCPOPT_NOP << 24) |
718                                           (TCPOPT_NOP << 16) |
719                                           (TCPOPT_MD5SIG << 8) |
720                                           TCPOLEN_MD5SIG);
721                 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
722                 rep.th.doff = arg.iov[0].iov_len/4;
723 
724                 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[offset],
725                                     key, ip_hdr(skb)->saddr,
726                                     ip_hdr(skb)->daddr, &rep.th);
727         }
728 #endif
729         arg.flags = reply_flags;
730         arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
731                                       ip_hdr(skb)->saddr, /* XXX */
732                                       arg.iov[0].iov_len, IPPROTO_TCP, 0);
733         arg.csumoffset = offsetof(struct tcphdr, check) / 2;
734         if (oif)
735                 arg.bound_dev_if = oif;
736         arg.tos = tos;
737         ip_send_reply(net->ipv4.tcp_sock, skb, ip_hdr(skb)->saddr,
738                       &arg, arg.iov[0].iov_len);
739 
740         TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
741 }
742 
743 static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb)
744 {
745         struct inet_timewait_sock *tw = inet_twsk(sk);
746         struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
747 
748         tcp_v4_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
749                         tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
750                         tcptw->tw_ts_recent,
751                         tw->tw_bound_dev_if,
752                         tcp_twsk_md5_key(tcptw),
753                         tw->tw_transparent ? IP_REPLY_ARG_NOSRCCHECK : 0,
754                         tw->tw_tos
755                         );
756 
757         inet_twsk_put(tw);
758 }
759 
760 static void tcp_v4_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
761                                   struct request_sock *req)
762 {
763         tcp_v4_send_ack(skb, tcp_rsk(req)->snt_isn + 1,
764                         tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd,
765                         req->ts_recent,
766                         0,
767                         tcp_v4_md5_do_lookup(sk, ip_hdr(skb)->saddr),
768                         inet_rsk(req)->no_srccheck ? IP_REPLY_ARG_NOSRCCHECK : 0,
769                         ip_hdr(skb)->tos);
770 }
771 
772 /*
773  *      Send a SYN-ACK after having received a SYN.
774  *      This still operates on a request_sock only, not on a big
775  *      socket.
776  */
777 static int tcp_v4_send_synack(struct sock *sk, struct dst_entry *dst,
778                               struct request_sock *req,
779                               struct request_values *rvp)
780 {
781         const struct inet_request_sock *ireq = inet_rsk(req);
782         struct flowi4 fl4;
783         int err = -1;
784         struct sk_buff * skb;
785 
786         /* First, grab a route. */
787         if (!dst && (dst = inet_csk_route_req(sk, &fl4, req)) == NULL)
788                 return -1;
789 
790         skb = tcp_make_synack(sk, dst, req, rvp);
791 
792         if (skb) {
793                 __tcp_v4_send_check(skb, ireq->loc_addr, ireq->rmt_addr);
794 
795                 err = ip_build_and_send_pkt(skb, sk, ireq->loc_addr,
796                                             ireq->rmt_addr,
797                                             ireq->opt);
798                 err = net_xmit_eval(err);
799         }
800 
801         dst_release(dst);
802         return err;
803 }
804 
805 static int tcp_v4_rtx_synack(struct sock *sk, struct request_sock *req,
806                               struct request_values *rvp)
807 {
808         TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_RETRANSSEGS);
809         return tcp_v4_send_synack(sk, NULL, req, rvp);
810 }
811 
812 /*
813  *      IPv4 request_sock destructor.
814  */
815 static void tcp_v4_reqsk_destructor(struct request_sock *req)
816 {
817         kfree(inet_rsk(req)->opt);
818 }
819 
820 /*
821  * Return 1 if a syncookie should be sent
822  */
823 int tcp_syn_flood_action(struct sock *sk,
824                          const struct sk_buff *skb,
825                          const char *proto)
826 {
827         const char *msg = "Dropping request";
828         int want_cookie = 0;
829         struct listen_sock *lopt;
830 
831 
832 
833 #ifdef CONFIG_SYN_COOKIES
834         if (sysctl_tcp_syncookies) {
835                 msg = "Sending cookies";
836                 want_cookie = 1;
837                 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPREQQFULLDOCOOKIES);
838         } else
839 #endif
840                 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPREQQFULLDROP);
841 
842         lopt = inet_csk(sk)->icsk_accept_queue.listen_opt;
843         if (!lopt->synflood_warned) {
844                 lopt->synflood_warned = 1;
845                 pr_info("%s: Possible SYN flooding on port %d. %s. "
846                         " Check SNMP counters.\n",
847                         proto, ntohs(tcp_hdr(skb)->dest), msg);
848         }
849         return want_cookie;
850 }
851 EXPORT_SYMBOL(tcp_syn_flood_action);
852 
853 /*
854  * Save and compile IPv4 options into the request_sock if needed.
855  */
856 static struct ip_options_rcu *tcp_v4_save_options(struct sock *sk,
857                                                   struct sk_buff *skb)
858 {
859         const struct ip_options *opt = &(IPCB(skb)->opt);
860         struct ip_options_rcu *dopt = NULL;
861 
862         if (opt && opt->optlen) {
863                 int opt_size = sizeof(*dopt) + opt->optlen;
864 
865                 dopt = kmalloc(opt_size, GFP_ATOMIC);
866                 if (dopt) {
867                         if (ip_options_echo(&dopt->opt, skb)) {
868                                 kfree(dopt);
869                                 dopt = NULL;
870                         }
871                 }
872         }
873         return dopt;
874 }
875 
876 #ifdef CONFIG_TCP_MD5SIG
877 /*
878  * RFC2385 MD5 checksumming requires a mapping of
879  * IP address->MD5 Key.
880  * We need to maintain these in the sk structure.
881  */
882 
883 /* Find the Key structure for an address.  */
884 static struct tcp_md5sig_key *
885                         tcp_v4_md5_do_lookup(struct sock *sk, __be32 addr)
886 {
887         struct tcp_sock *tp = tcp_sk(sk);
888         int i;
889 
890         if (!tp->md5sig_info || !tp->md5sig_info->entries4)
891                 return NULL;
892         for (i = 0; i < tp->md5sig_info->entries4; i++) {
893                 if (tp->md5sig_info->keys4[i].addr == addr)
894                         return &tp->md5sig_info->keys4[i].base;
895         }
896         return NULL;
897 }
898 
899 struct tcp_md5sig_key *tcp_v4_md5_lookup(struct sock *sk,
900                                          struct sock *addr_sk)
901 {
902         return tcp_v4_md5_do_lookup(sk, inet_sk(addr_sk)->inet_daddr);
903 }
904 EXPORT_SYMBOL(tcp_v4_md5_lookup);
905 
906 static struct tcp_md5sig_key *tcp_v4_reqsk_md5_lookup(struct sock *sk,
907                                                       struct request_sock *req)
908 {
909         return tcp_v4_md5_do_lookup(sk, inet_rsk(req)->rmt_addr);
910 }
911 
912 /* This can be called on a newly created socket, from other files */
913 int tcp_v4_md5_do_add(struct sock *sk, __be32 addr,
914                       u8 *newkey, u8 newkeylen)
915 {
916         /* Add Key to the list */
917         struct tcp_md5sig_key *key;
918         struct tcp_sock *tp = tcp_sk(sk);
919         struct tcp4_md5sig_key *keys;
920 
921         key = tcp_v4_md5_do_lookup(sk, addr);
922         if (key) {
923                 /* Pre-existing entry - just update that one. */
924                 kfree(key->key);
925                 key->key = newkey;
926                 key->keylen = newkeylen;
927         } else {
928                 struct tcp_md5sig_info *md5sig;
929 
930                 if (!tp->md5sig_info) {
931                         tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info),
932                                                   GFP_ATOMIC);
933                         if (!tp->md5sig_info) {
934                                 kfree(newkey);
935                                 return -ENOMEM;
936                         }
937                         sk_nocaps_add(sk, NETIF_F_GSO_MASK);
938                 }
939 
940                 md5sig = tp->md5sig_info;
941                 if (md5sig->entries4 == 0 && !tcp_alloc_md5sig_pool()) {
942                         kfree(newkey);
943                         return -ENOMEM;
944                 }
945 
946                 if (md5sig->alloced4 == md5sig->entries4) {
947                         keys = kmalloc((sizeof(*keys) *
948                                         (md5sig->entries4 + 1)), GFP_ATOMIC);
949                         if (!keys) {
950                                 kfree(newkey);
951                                 return -ENOMEM;
952                         }
953 
954                         if (md5sig->entries4)
955                                 memcpy(keys, md5sig->keys4,
956                                        sizeof(*keys) * md5sig->entries4);
957 
958                         /* Free old key list, and reference new one */
959                         kfree(md5sig->keys4);
960                         md5sig->keys4 = keys;
961                         md5sig->alloced4++;
962                 }
963                 md5sig->entries4++;
964                 md5sig->keys4[md5sig->entries4 - 1].addr        = addr;
965                 md5sig->keys4[md5sig->entries4 - 1].base.key    = newkey;
966                 md5sig->keys4[md5sig->entries4 - 1].base.keylen = newkeylen;
967         }
968         return 0;
969 }
970 EXPORT_SYMBOL(tcp_v4_md5_do_add);
971 
972 static int tcp_v4_md5_add_func(struct sock *sk, struct sock *addr_sk,
973                                u8 *newkey, u8 newkeylen)
974 {
975         return tcp_v4_md5_do_add(sk, inet_sk(addr_sk)->inet_daddr,
976                                  newkey, newkeylen);
977 }
978 
979 int tcp_v4_md5_do_del(struct sock *sk, __be32 addr)
980 {
981         struct tcp_sock *tp = tcp_sk(sk);
982         int i;
983 
984         for (i = 0; i < tp->md5sig_info->entries4; i++) {
985                 if (tp->md5sig_info->keys4[i].addr == addr) {
986                         /* Free the key */
987                         kfree(tp->md5sig_info->keys4[i].base.key);
988                         tp->md5sig_info->entries4--;
989 
990                         if (tp->md5sig_info->entries4 == 0) {
991                                 kfree(tp->md5sig_info->keys4);
992                                 tp->md5sig_info->keys4 = NULL;
993                                 tp->md5sig_info->alloced4 = 0;
994                         } else if (tp->md5sig_info->entries4 != i) {
995                                 /* Need to do some manipulation */
996                                 memmove(&tp->md5sig_info->keys4[i],
997                                         &tp->md5sig_info->keys4[i+1],
998                                         (tp->md5sig_info->entries4 - i) *
999                                          sizeof(struct tcp4_md5sig_key));
1000                         }
1001                         return 0;
1002                 }
1003         }
1004         return -ENOENT;
1005 }
1006 EXPORT_SYMBOL(tcp_v4_md5_do_del);
1007 
1008 static void tcp_v4_clear_md5_list(struct sock *sk)
1009 {
1010         struct tcp_sock *tp = tcp_sk(sk);
1011 
1012         /* Free each key, then the set of key keys,
1013          * the crypto element, and then decrement our
1014          * hold on the last resort crypto.
1015          */
1016         if (tp->md5sig_info->entries4) {
1017                 int i;
1018                 for (i = 0; i < tp->md5sig_info->entries4; i++)
1019                         kfree(tp->md5sig_info->keys4[i].base.key);
1020                 tp->md5sig_info->entries4 = 0;
1021         }
1022         if (tp->md5sig_info->keys4) {
1023                 kfree(tp->md5sig_info->keys4);
1024                 tp->md5sig_info->keys4 = NULL;
1025                 tp->md5sig_info->alloced4  = 0;
1026         }
1027 }
1028 
1029 static int tcp_v4_parse_md5_keys(struct sock *sk, char __user *optval,
1030                                  int optlen)
1031 {
1032         struct tcp_md5sig cmd;
1033         struct sockaddr_in *sin = (struct sockaddr_in *)&cmd.tcpm_addr;
1034         u8 *newkey;
1035 
1036         if (optlen < sizeof(cmd))
1037                 return -EINVAL;
1038 
1039         if (copy_from_user(&cmd, optval, sizeof(cmd)))
1040                 return -EFAULT;
1041 
1042         if (sin->sin_family != AF_INET)
1043                 return -EINVAL;
1044 
1045         if (!cmd.tcpm_key || !cmd.tcpm_keylen) {
1046                 if (!tcp_sk(sk)->md5sig_info)
1047                         return -ENOENT;
1048                 return tcp_v4_md5_do_del(sk, sin->sin_addr.s_addr);
1049         }
1050 
1051         if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
1052                 return -EINVAL;
1053 
1054         if (!tcp_sk(sk)->md5sig_info) {
1055                 struct tcp_sock *tp = tcp_sk(sk);
1056                 struct tcp_md5sig_info *p;
1057 
1058                 p = kzalloc(sizeof(*p), sk->sk_allocation);
1059                 if (!p)
1060                         return -EINVAL;
1061 
1062                 tp->md5sig_info = p;
1063                 sk_nocaps_add(sk, NETIF_F_GSO_MASK);
1064         }
1065 
1066         newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, sk->sk_allocation);
1067         if (!newkey)
1068                 return -ENOMEM;
1069         return tcp_v4_md5_do_add(sk, sin->sin_addr.s_addr,
1070                                  newkey, cmd.tcpm_keylen);
1071 }
1072 
1073 static int tcp_v4_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
1074                                         __be32 daddr, __be32 saddr, int nbytes)
1075 {
1076         struct tcp4_pseudohdr *bp;
1077         struct scatterlist sg;
1078 
1079         bp = &hp->md5_blk.ip4;
1080 
1081         /*
1082          * 1. the TCP pseudo-header (in the order: source IP address,
1083          * destination IP address, zero-padded protocol number, and
1084          * segment length)
1085          */
1086         bp->saddr = saddr;
1087         bp->daddr = daddr;
1088         bp->pad = 0;
1089         bp->protocol = IPPROTO_TCP;
1090         bp->len = cpu_to_be16(nbytes);
1091 
1092         sg_init_one(&sg, bp, sizeof(*bp));
1093         return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
1094 }
1095 
1096 static int tcp_v4_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
1097                                __be32 daddr, __be32 saddr, const struct tcphdr *th)
1098 {
1099         struct tcp_md5sig_pool *hp;
1100         struct hash_desc *desc;
1101 
1102         hp = tcp_get_md5sig_pool();
1103         if (!hp)
1104                 goto clear_hash_noput;
1105         desc = &hp->md5_desc;
1106 
1107         if (crypto_hash_init(desc))
1108                 goto clear_hash;
1109         if (tcp_v4_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
1110                 goto clear_hash;
1111         if (tcp_md5_hash_header(hp, th))
1112                 goto clear_hash;
1113         if (tcp_md5_hash_key(hp, key))
1114                 goto clear_hash;
1115         if (crypto_hash_final(desc, md5_hash))
1116                 goto clear_hash;
1117 
1118         tcp_put_md5sig_pool();
1119         return 0;
1120 
1121 clear_hash:
1122         tcp_put_md5sig_pool();
1123 clear_hash_noput:
1124         memset(md5_hash, 0, 16);
1125         return 1;
1126 }
1127 
1128 int tcp_v4_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
1129                         const struct sock *sk, const struct request_sock *req,
1130                         const struct sk_buff *skb)
1131 {
1132         struct tcp_md5sig_pool *hp;
1133         struct hash_desc *desc;
1134         const struct tcphdr *th = tcp_hdr(skb);
1135         __be32 saddr, daddr;
1136 
1137         if (sk) {
1138                 saddr = inet_sk(sk)->inet_saddr;
1139                 daddr = inet_sk(sk)->inet_daddr;
1140         } else if (req) {
1141                 saddr = inet_rsk(req)->loc_addr;
1142                 daddr = inet_rsk(req)->rmt_addr;
1143         } else {
1144                 const struct iphdr *iph = ip_hdr(skb);
1145                 saddr = iph->saddr;
1146                 daddr = iph->daddr;
1147         }
1148 
1149         hp = tcp_get_md5sig_pool();
1150         if (!hp)
1151                 goto clear_hash_noput;
1152         desc = &hp->md5_desc;
1153 
1154         if (crypto_hash_init(desc))
1155                 goto clear_hash;
1156 
1157         if (tcp_v4_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
1158                 goto clear_hash;
1159         if (tcp_md5_hash_header(hp, th))
1160                 goto clear_hash;
1161         if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
1162                 goto clear_hash;
1163         if (tcp_md5_hash_key(hp, key))
1164                 goto clear_hash;
1165         if (crypto_hash_final(desc, md5_hash))
1166                 goto clear_hash;
1167 
1168         tcp_put_md5sig_pool();
1169         return 0;
1170 
1171 clear_hash:
1172         tcp_put_md5sig_pool();
1173 clear_hash_noput:
1174         memset(md5_hash, 0, 16);
1175         return 1;
1176 }
1177 EXPORT_SYMBOL(tcp_v4_md5_hash_skb);
1178 
1179 static int tcp_v4_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb)
1180 {
1181         /*
1182          * This gets called for each TCP segment that arrives
1183          * so we want to be efficient.
1184          * We have 3 drop cases:
1185          * o No MD5 hash and one expected.
1186          * o MD5 hash and we're not expecting one.
1187          * o MD5 hash and its wrong.
1188          */
1189         const __u8 *hash_location = NULL;
1190         struct tcp_md5sig_key *hash_expected;
1191         const struct iphdr *iph = ip_hdr(skb);
1192         const struct tcphdr *th = tcp_hdr(skb);
1193         int genhash;
1194         unsigned char newhash[16];
1195 
1196         hash_expected = tcp_v4_md5_do_lookup(sk, iph->saddr);
1197         hash_location = tcp_parse_md5sig_option(th);
1198 
1199         /* We've parsed the options - do we have a hash? */
1200         if (!hash_expected && !hash_location)
1201                 return 0;
1202 
1203         if (hash_expected && !hash_location) {
1204                 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
1205                 return 1;
1206         }
1207 
1208         if (!hash_expected && hash_location) {
1209                 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
1210                 return 1;
1211         }
1212 
1213         /* Okay, so this is hash_expected and hash_location -
1214          * so we need to calculate the checksum.
1215          */
1216         genhash = tcp_v4_md5_hash_skb(newhash,
1217                                       hash_expected,
1218                                       NULL, NULL, skb);
1219 
1220         if (genhash || memcmp(hash_location, newhash, 16) != 0) {
1221                 if (net_ratelimit()) {
1222                         printk(KERN_INFO "MD5 Hash failed for (%pI4, %d)->(%pI4, %d)%s\n",
1223                                &iph->saddr, ntohs(th->source),
1224                                &iph->daddr, ntohs(th->dest),
1225                                genhash ? " tcp_v4_calc_md5_hash failed" : "");
1226                 }
1227                 return 1;
1228         }
1229         return 0;
1230 }
1231 
1232 #endif
1233 
1234 struct request_sock_ops tcp_request_sock_ops __read_mostly = {
1235         .family         =       PF_INET,
1236         .obj_size       =       sizeof(struct tcp_request_sock),
1237         .rtx_syn_ack    =       tcp_v4_rtx_synack,
1238         .send_ack       =       tcp_v4_reqsk_send_ack,
1239         .destructor     =       tcp_v4_reqsk_destructor,
1240         .send_reset     =       tcp_v4_send_reset,
1241         .syn_ack_timeout =      tcp_syn_ack_timeout,
1242 };
1243 
1244 #ifdef CONFIG_TCP_MD5SIG
1245 static const struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = {
1246         .md5_lookup     =       tcp_v4_reqsk_md5_lookup,
1247         .calc_md5_hash  =       tcp_v4_md5_hash_skb,
1248 };
1249 #endif
1250 
1251 int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1252 {
1253         struct tcp_extend_values tmp_ext;
1254         struct tcp_options_received tmp_opt;
1255         const u8 *hash_location;
1256         struct request_sock *req;
1257         struct inet_request_sock *ireq;
1258         struct tcp_sock *tp = tcp_sk(sk);
1259         struct dst_entry *dst = NULL;
1260         __be32 saddr = ip_hdr(skb)->saddr;
1261         __be32 daddr = ip_hdr(skb)->daddr;
1262         __u32 isn = TCP_SKB_CB(skb)->when;
1263         int want_cookie = 0;
1264 
1265         /* Never answer to SYNs send to broadcast or multicast */
1266         if (skb_rtable(skb)->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))
1267                 goto drop;
1268 
1269         /* TW buckets are converted to open requests without
1270          * limitations, they conserve resources and peer is
1271          * evidently real one.
1272          */
1273         if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1274                 want_cookie = tcp_syn_flood_action(sk, skb, "TCP");
1275                 if (!want_cookie)
1276                         goto drop;
1277         }
1278 
1279         /* Accept backlog is full. If we have already queued enough
1280          * of warm entries in syn queue, drop request. It is better than
1281          * clogging syn queue with openreqs with exponentially increasing
1282          * timeout.
1283          */
1284         if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1285                 goto drop;
1286 
1287         req = inet_reqsk_alloc(&tcp_request_sock_ops);
1288         if (!req)
1289                 goto drop;
1290 
1291 #ifdef CONFIG_TCP_MD5SIG
1292         tcp_rsk(req)->af_specific = &tcp_request_sock_ipv4_ops;
1293 #endif
1294 
1295         tcp_clear_options(&tmp_opt);
1296         tmp_opt.mss_clamp = TCP_MSS_DEFAULT;
1297         tmp_opt.user_mss  = tp->rx_opt.user_mss;
1298         tcp_parse_options(skb, &tmp_opt, &hash_location, 0);
1299 
1300         if (tmp_opt.cookie_plus > 0 &&
1301             tmp_opt.saw_tstamp &&
1302             !tp->rx_opt.cookie_out_never &&
1303             (sysctl_tcp_cookie_size > 0 ||
1304              (tp->cookie_values != NULL &&
1305               tp->cookie_values->cookie_desired > 0))) {
1306                 u8 *c;
1307                 u32 *mess = &tmp_ext.cookie_bakery[COOKIE_DIGEST_WORDS];
1308                 int l = tmp_opt.cookie_plus - TCPOLEN_COOKIE_BASE;
1309 
1310                 if (tcp_cookie_generator(&tmp_ext.cookie_bakery[0]) != 0)
1311                         goto drop_and_release;
1312 
1313                 /* Secret recipe starts with IP addresses */
1314                 *mess++ ^= (__force u32)daddr;
1315                 *mess++ ^= (__force u32)saddr;
1316 
1317                 /* plus variable length Initiator Cookie */
1318                 c = (u8 *)mess;
1319                 while (l-- > 0)
1320                         *c++ ^= *hash_location++;
1321 
1322                 want_cookie = 0;        /* not our kind of cookie */
1323                 tmp_ext.cookie_out_never = 0; /* false */
1324                 tmp_ext.cookie_plus = tmp_opt.cookie_plus;
1325         } else if (!tp->rx_opt.cookie_in_always) {
1326                 /* redundant indications, but ensure initialization. */
1327                 tmp_ext.cookie_out_never = 1; /* true */
1328                 tmp_ext.cookie_plus = 0;
1329         } else {
1330                 goto drop_and_release;
1331         }
1332         tmp_ext.cookie_in_always = tp->rx_opt.cookie_in_always;
1333 
1334         if (want_cookie && !tmp_opt.saw_tstamp)
1335                 tcp_clear_options(&tmp_opt);
1336 
1337         tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1338         tcp_openreq_init(req, &tmp_opt, skb);
1339 
1340         ireq = inet_rsk(req);
1341         ireq->loc_addr = daddr;
1342         ireq->rmt_addr = saddr;
1343         ireq->no_srccheck = inet_sk(sk)->transparent;
1344         ireq->opt = tcp_v4_save_options(sk, skb);
1345 
1346         if (security_inet_conn_request(sk, skb, req))
1347                 goto drop_and_free;
1348 
1349         if (!want_cookie || tmp_opt.tstamp_ok)
1350                 TCP_ECN_create_request(req, skb);
1351 
1352         if (want_cookie) {
1353                 isn = cookie_v4_init_sequence(sk, skb, &req->mss);
1354                 req->cookie_ts = tmp_opt.tstamp_ok;
1355         } else if (!isn) {
1356                 struct inet_peer *peer = NULL;
1357                 struct flowi4 fl4;
1358 
1359                 /* VJ's idea. We save last timestamp seen
1360                  * from the destination in peer table, when entering
1361                  * state TIME-WAIT, and check against it before
1362                  * accepting new connection request.
1363                  *
1364                  * If "isn" is not zero, this request hit alive
1365                  * timewait bucket, so that all the necessary checks
1366                  * are made in the function processing timewait state.
1367                  */
1368                 if (tmp_opt.saw_tstamp &&
1369                     tcp_death_row.sysctl_tw_recycle &&
1370                     (dst = inet_csk_route_req(sk, &fl4, req)) != NULL &&
1371                     fl4.daddr == saddr &&
1372                     (peer = rt_get_peer((struct rtable *)dst, fl4.daddr)) != NULL) {
1373                         inet_peer_refcheck(peer);
1374                         if ((u32)get_seconds() - peer->tcp_ts_stamp < TCP_PAWS_MSL &&
1375                             (s32)(peer->tcp_ts - req->ts_recent) >
1376                                                         TCP_PAWS_WINDOW) {
1377                                 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSPASSIVEREJECTED);
1378                                 goto drop_and_release;
1379                         }
1380                 }
1381                 /* Kill the following clause, if you dislike this way. */
1382                 else if (!sysctl_tcp_syncookies &&
1383                          (sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) <
1384                           (sysctl_max_syn_backlog >> 2)) &&
1385                          (!peer || !peer->tcp_ts_stamp) &&
1386                          (!dst || !dst_metric(dst, RTAX_RTT))) {
1387                         /* Without syncookies last quarter of
1388                          * backlog is filled with destinations,
1389                          * proven to be alive.
1390                          * It means that we continue to communicate
1391                          * to destinations, already remembered
1392                          * to the moment of synflood.
1393                          */
1394                         LIMIT_NETDEBUG(KERN_DEBUG "TCP: drop open request from %pI4/%u\n",
1395                                        &saddr, ntohs(tcp_hdr(skb)->source));
1396                         goto drop_and_release;
1397                 }
1398 
1399                 isn = tcp_v4_init_sequence(skb);
1400         }
1401         tcp_rsk(req)->snt_isn = isn;
1402         tcp_rsk(req)->snt_synack = tcp_time_stamp;
1403 
1404         if (tcp_v4_send_synack(sk, dst, req,
1405                                (struct request_values *)&tmp_ext) ||
1406             want_cookie)
1407                 goto drop_and_free;
1408 
1409         inet_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1410         return 0;
1411 
1412 drop_and_release:
1413         dst_release(dst);
1414 drop_and_free:
1415         reqsk_free(req);
1416 drop:
1417         return 0;
1418 }
1419 EXPORT_SYMBOL(tcp_v4_conn_request);
1420 
1421 
1422 /*
1423  * The three way handshake has completed - we got a valid synack -
1424  * now create the new socket.
1425  */
1426 struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1427                                   struct request_sock *req,
1428                                   struct dst_entry *dst)
1429 {
1430         struct inet_request_sock *ireq;
1431         struct inet_sock *newinet;
1432         struct tcp_sock *newtp;
1433         struct sock *newsk;
1434 #ifdef CONFIG_TCP_MD5SIG
1435         struct tcp_md5sig_key *key;
1436 #endif
1437         struct ip_options_rcu *inet_opt;
1438 
1439         if (sk_acceptq_is_full(sk))
1440                 goto exit_overflow;
1441 
1442         newsk = tcp_create_openreq_child(sk, req, skb);
1443         if (!newsk)
1444                 goto exit_nonewsk;
1445 
1446         newsk->sk_gso_type = SKB_GSO_TCPV4;
1447 
1448         newtp                 = tcp_sk(newsk);
1449         newinet               = inet_sk(newsk);
1450         ireq                  = inet_rsk(req);
1451         newinet->inet_daddr   = ireq->rmt_addr;
1452         newinet->inet_rcv_saddr = ireq->loc_addr;
1453         newinet->inet_saddr           = ireq->loc_addr;
1454         inet_opt              = ireq->opt;
1455         rcu_assign_pointer(newinet->inet_opt, inet_opt);
1456         ireq->opt             = NULL;
1457         newinet->mc_index     = inet_iif(skb);
1458         newinet->mc_ttl       = ip_hdr(skb)->ttl;
1459         inet_csk(newsk)->icsk_ext_hdr_len = 0;
1460         if (inet_opt)
1461                 inet_csk(newsk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
1462         newinet->inet_id = newtp->write_seq ^ jiffies;
1463 
1464         if (!dst) {
1465                 dst = inet_csk_route_child_sock(sk, newsk, req);
1466                 if (!dst)
1467                         goto put_and_exit;
1468         } else {
1469                 /* syncookie case : see end of cookie_v4_check() */
1470         }
1471         sk_setup_caps(newsk, dst);
1472 
1473         tcp_mtup_init(newsk);
1474         tcp_sync_mss(newsk, dst_mtu(dst));
1475         newtp->advmss = dst_metric_advmss(dst);
1476         if (tcp_sk(sk)->rx_opt.user_mss &&
1477             tcp_sk(sk)->rx_opt.user_mss < newtp->advmss)
1478                 newtp->advmss = tcp_sk(sk)->rx_opt.user_mss;
1479 
1480         tcp_initialize_rcv_mss(newsk);
1481         if (tcp_rsk(req)->snt_synack)
1482                 tcp_valid_rtt_meas(newsk,
1483                     tcp_time_stamp - tcp_rsk(req)->snt_synack);
1484         newtp->total_retrans = req->retrans;
1485 
1486 #ifdef CONFIG_TCP_MD5SIG
1487         /* Copy over the MD5 key from the original socket */
1488         key = tcp_v4_md5_do_lookup(sk, newinet->inet_daddr);
1489         if (key != NULL) {
1490                 /*
1491                  * We're using one, so create a matching key
1492                  * on the newsk structure. If we fail to get
1493                  * memory, then we end up not copying the key
1494                  * across. Shucks.
1495                  */
1496                 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1497                 if (newkey != NULL)
1498                         tcp_v4_md5_do_add(newsk, newinet->inet_daddr,
1499                                           newkey, key->keylen);
1500                 sk_nocaps_add(newsk, NETIF_F_GSO_MASK);
1501         }
1502 #endif
1503 
1504         if (__inet_inherit_port(sk, newsk) < 0)
1505                 goto put_and_exit;
1506         __inet_hash_nolisten(newsk, NULL);
1507 
1508         return newsk;
1509 
1510 exit_overflow:
1511         NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1512 exit_nonewsk:
1513         dst_release(dst);
1514 exit:
1515         NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1516         return NULL;
1517 put_and_exit:
1518         inet_csk_prepare_forced_close(newsk);
1519         tcp_done(newsk);
1520         goto exit;
1521 }
1522 EXPORT_SYMBOL(tcp_v4_syn_recv_sock);
1523 
1524 static struct sock *tcp_v4_hnd_req(struct sock *sk, struct sk_buff *skb)
1525 {
1526         struct tcphdr *th = tcp_hdr(skb);
1527         const struct iphdr *iph = ip_hdr(skb);
1528         struct sock *nsk;
1529         struct request_sock **prev;
1530         /* Find possible connection requests. */
1531         struct request_sock *req = inet_csk_search_req(sk, &prev, th->source,
1532                                                        iph->saddr, iph->daddr);
1533         if (req)
1534                 return tcp_check_req(sk, skb, req, prev);
1535 
1536         nsk = inet_lookup_established(sock_net(sk), &tcp_hashinfo, iph->saddr,
1537                         th->source, iph->daddr, th->dest, inet_iif(skb));
1538 
1539         if (nsk) {
1540                 if (nsk->sk_state != TCP_TIME_WAIT) {
1541                         bh_lock_sock(nsk);
1542                         return nsk;
1543                 }
1544                 inet_twsk_put(inet_twsk(nsk));
1545                 return NULL;
1546         }
1547 
1548 #ifdef CONFIG_SYN_COOKIES
1549         if (!th->syn)
1550                 sk = cookie_v4_check(sk, skb, &(IPCB(skb)->opt));
1551 #endif
1552         return sk;
1553 }
1554 
1555 static __sum16 tcp_v4_checksum_init(struct sk_buff *skb)
1556 {
1557         const struct iphdr *iph = ip_hdr(skb);
1558 
1559         if (skb->ip_summed == CHECKSUM_COMPLETE) {
1560                 if (!tcp_v4_check(skb->len, iph->saddr,
1561                                   iph->daddr, skb->csum)) {
1562                         skb->ip_summed = CHECKSUM_UNNECESSARY;
1563                         return 0;
1564                 }
1565         }
1566 
1567         skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr,
1568                                        skb->len, IPPROTO_TCP, 0);
1569 
1570         if (skb->len <= 76) {
1571                 return __skb_checksum_complete(skb);
1572         }
1573         return 0;
1574 }
1575 
1576 
1577 /* The socket must have it's spinlock held when we get
1578  * here.
1579  *
1580  * We have a potential double-lock case here, so even when
1581  * doing backlog processing we use the BH locking scheme.
1582  * This is because we cannot sleep with the original spinlock
1583  * held.
1584  */
1585 int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
1586 {
1587         struct sock *rsk;
1588 #ifdef CONFIG_TCP_MD5SIG
1589         /*
1590          * We really want to reject the packet as early as possible
1591          * if:
1592          *  o We're expecting an MD5'd packet and this is no MD5 tcp option
1593          *  o There is an MD5 option and we're not expecting one
1594          */
1595         if (tcp_v4_inbound_md5_hash(sk, skb))
1596                 goto discard;
1597 #endif
1598 
1599         if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1600                 sock_rps_save_rxhash(sk, skb);
1601                 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) {
1602                         rsk = sk;
1603                         goto reset;
1604                 }
1605                 return 0;
1606         }
1607 
1608         if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1609                 goto csum_err;
1610 
1611         if (sk->sk_state == TCP_LISTEN) {
1612                 struct sock *nsk = tcp_v4_hnd_req(sk, skb);
1613                 if (!nsk)
1614                         goto discard;
1615 
1616                 if (nsk != sk) {
1617                         sock_rps_save_rxhash(nsk, skb);
1618                         if (tcp_child_process(sk, nsk, skb)) {
1619                                 rsk = nsk;
1620                                 goto reset;
1621                         }
1622                         return 0;
1623                 }
1624         } else
1625                 sock_rps_save_rxhash(sk, skb);
1626 
1627         if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) {
1628                 rsk = sk;
1629                 goto reset;
1630         }
1631         return 0;
1632 
1633 reset:
1634         tcp_v4_send_reset(rsk, skb);
1635 discard:
1636         kfree_skb(skb);
1637         /* Be careful here. If this function gets more complicated and
1638          * gcc suffers from register pressure on the x86, sk (in %ebx)
1639          * might be destroyed here. This current version compiles correctly,
1640          * but you have been warned.
1641          */
1642         return 0;
1643 
1644 csum_err:
1645         TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1646         goto discard;
1647 }
1648 EXPORT_SYMBOL(tcp_v4_do_rcv);
1649 
1650 int tcp_filter(struct sock *sk, struct sk_buff *skb)
1651 {
1652         struct tcphdr *th = (struct tcphdr *)skb->data;
1653         unsigned int eaten = skb->len;
1654         int err;
1655 
1656         err = sk_filter_trim_cap(sk, skb, th->doff * 4);
1657         if (!err) {
1658                 eaten -= skb->len;
1659                 TCP_SKB_CB(skb)->end_seq -= eaten;
1660         }
1661         return err;
1662 }
1663 EXPORT_SYMBOL(tcp_filter);
1664 
1665 /*
1666  *      From tcp_input.c
1667  */
1668 
1669 int tcp_v4_rcv(struct sk_buff *skb)
1670 {
1671         const struct iphdr *iph;
1672         const struct tcphdr *th;
1673         struct sock *sk;
1674         int ret;
1675         struct net *net = dev_net(skb->dev);
1676 
1677         if (skb->pkt_type != PACKET_HOST)
1678                 goto discard_it;
1679 
1680         /* Count it even if it's bad */
1681         TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1682 
1683         if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1684                 goto discard_it;
1685 
1686         th = tcp_hdr(skb);
1687 
1688         if (th->doff < sizeof(struct tcphdr) / 4)
1689                 goto bad_packet;
1690         if (!pskb_may_pull(skb, th->doff * 4))
1691                 goto discard_it;
1692 
1693         /* An explanation is required here, I think.
1694          * Packet length and doff are validated by header prediction,
1695          * provided case of th->doff==0 is eliminated.
1696          * So, we defer the checks. */
1697         if (!skb_csum_unnecessary(skb) && tcp_v4_checksum_init(skb))
1698                 goto bad_packet;
1699 
1700         th = tcp_hdr(skb);
1701         iph = ip_hdr(skb);
1702         TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1703         TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1704                                     skb->len - th->doff * 4);
1705         TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1706         TCP_SKB_CB(skb)->when    = 0;
1707         TCP_SKB_CB(skb)->ip_dsfield = ipv4_get_dsfield(iph);
1708         TCP_SKB_CB(skb)->sacked  = 0;
1709 
1710         sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
1711         if (!sk)
1712                 goto no_tcp_socket;
1713 
1714 process:
1715         if (sk->sk_state == TCP_TIME_WAIT)
1716                 goto do_time_wait;
1717 
1718         if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
1719                 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
1720                 goto discard_and_relse;
1721         }
1722 
1723         if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
1724                 goto discard_and_relse;
1725         nf_reset(skb);
1726 
1727         if (tcp_filter(sk, skb))
1728                 goto discard_and_relse;
1729         th = (const struct tcphdr *)skb->data;
1730         iph = ip_hdr(skb);
1731 
1732         skb->dev = NULL;
1733 
1734         bh_lock_sock_nested(sk);
1735         ret = 0;
1736         if (!sock_owned_by_user(sk)) {
1737 #ifdef CONFIG_NET_DMA
1738                 struct tcp_sock *tp = tcp_sk(sk);
1739                 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1740                         tp->ucopy.dma_chan = dma_find_channel(DMA_MEMCPY);
1741                 if (tp->ucopy.dma_chan)
1742                         ret = tcp_v4_do_rcv(sk, skb);
1743                 else
1744 #endif
1745                 {
1746                         if (!tcp_prequeue(sk, skb))
1747                                 ret = tcp_v4_do_rcv(sk, skb);
1748                 }
1749         } else if (unlikely(sk_add_backlog(sk, skb))) {
1750                 bh_unlock_sock(sk);
1751                 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP);
1752                 goto discard_and_relse;
1753         }
1754         bh_unlock_sock(sk);
1755 
1756         sock_put(sk);
1757 
1758         return ret;
1759 
1760 no_tcp_socket:
1761         if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
1762                 goto discard_it;
1763 
1764         if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) {
1765 bad_packet:
1766                 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1767         } else {
1768                 tcp_v4_send_reset(NULL, skb);
1769         }
1770 
1771 discard_it:
1772         /* Discard frame. */
1773         kfree_skb(skb);
1774         return 0;
1775 
1776 discard_and_relse:
1777         sock_put(sk);
1778         goto discard_it;
1779 
1780 do_time_wait:
1781         if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1782                 inet_twsk_put(inet_twsk(sk));
1783                 goto discard_it;
1784         }
1785 
1786         if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) {
1787                 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1788                 inet_twsk_put(inet_twsk(sk));
1789                 goto discard_it;
1790         }
1791         switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1792         case TCP_TW_SYN: {
1793                 struct sock *sk2 = inet_lookup_listener(dev_net(skb->dev),
1794                                                         &tcp_hashinfo,
1795                                                         iph->daddr, th->dest,
1796                                                         inet_iif(skb));
1797                 if (sk2) {
1798                         inet_twsk_deschedule(inet_twsk(sk), &tcp_death_row);
1799                         inet_twsk_put(inet_twsk(sk));
1800                         sk = sk2;
1801                         goto process;
1802                 }
1803                 /* Fall through to ACK */
1804         }
1805         case TCP_TW_ACK:
1806                 tcp_v4_timewait_ack(sk, skb);
1807                 break;
1808         case TCP_TW_RST:
1809                 goto no_tcp_socket;
1810         case TCP_TW_SUCCESS:;
1811         }
1812         goto discard_it;
1813 }
1814 
1815 struct inet_peer *tcp_v4_get_peer(struct sock *sk, bool *release_it)
1816 {
1817         struct rtable *rt = (struct rtable *) __sk_dst_get(sk);
1818         struct inet_sock *inet = inet_sk(sk);
1819         struct inet_peer *peer;
1820 
1821         if (!rt ||
1822             inet->cork.fl.u.ip4.daddr != inet->inet_daddr) {
1823                 peer = inet_getpeer_v4(inet->inet_daddr, 1);
1824                 *release_it = true;
1825         } else {
1826                 if (!rt->peer)
1827                         rt_bind_peer(rt, inet->inet_daddr, 1);
1828                 peer = rt->peer;
1829                 *release_it = false;
1830         }
1831 
1832         return peer;
1833 }
1834 EXPORT_SYMBOL(tcp_v4_get_peer);
1835 
1836 void *tcp_v4_tw_get_peer(struct sock *sk)
1837 {
1838         const struct inet_timewait_sock *tw = inet_twsk(sk);
1839 
1840         return inet_getpeer_v4(tw->tw_daddr, 1);
1841 }
1842 EXPORT_SYMBOL(tcp_v4_tw_get_peer);
1843 
1844 static struct timewait_sock_ops tcp_timewait_sock_ops = {
1845         .twsk_obj_size  = sizeof(struct tcp_timewait_sock),
1846         .twsk_unique    = tcp_twsk_unique,
1847         .twsk_destructor= tcp_twsk_destructor,
1848         .twsk_getpeer   = tcp_v4_tw_get_peer,
1849 };
1850 
1851 const struct inet_connection_sock_af_ops ipv4_specific = {
1852         .queue_xmit        = ip_queue_xmit,
1853         .send_check        = tcp_v4_send_check,
1854         .rebuild_header    = inet_sk_rebuild_header,
1855         .conn_request      = tcp_v4_conn_request,
1856         .syn_recv_sock     = tcp_v4_syn_recv_sock,
1857         .get_peer          = tcp_v4_get_peer,
1858         .net_header_len    = sizeof(struct iphdr),
1859         .setsockopt        = ip_setsockopt,
1860         .getsockopt        = ip_getsockopt,
1861         .addr2sockaddr     = inet_csk_addr2sockaddr,
1862         .sockaddr_len      = sizeof(struct sockaddr_in),
1863         .bind_conflict     = inet_csk_bind_conflict,
1864 #ifdef CONFIG_COMPAT
1865         .compat_setsockopt = compat_ip_setsockopt,
1866         .compat_getsockopt = compat_ip_getsockopt,
1867 #endif
1868 };
1869 EXPORT_SYMBOL(ipv4_specific);
1870 
1871 #ifdef CONFIG_TCP_MD5SIG
1872 static const struct tcp_sock_af_ops tcp_sock_ipv4_specific = {
1873         .md5_lookup             = tcp_v4_md5_lookup,
1874         .calc_md5_hash          = tcp_v4_md5_hash_skb,
1875         .md5_add                = tcp_v4_md5_add_func,
1876         .md5_parse              = tcp_v4_parse_md5_keys,
1877 };
1878 #endif
1879 
1880 /* NOTE: A lot of things set to zero explicitly by call to
1881  *       sk_alloc() so need not be done here.
1882  */
1883 static int tcp_v4_init_sock(struct sock *sk)
1884 {
1885         struct inet_connection_sock *icsk = inet_csk(sk);
1886         struct tcp_sock *tp = tcp_sk(sk);
1887 
1888         skb_queue_head_init(&tp->out_of_order_queue);
1889         tcp_init_xmit_timers(sk);
1890         tcp_prequeue_init(tp);
1891 
1892         icsk->icsk_rto = TCP_TIMEOUT_INIT;
1893         tp->mdev = TCP_TIMEOUT_INIT;
1894 
1895         /* So many TCP implementations out there (incorrectly) count the
1896          * initial SYN frame in their delayed-ACK and congestion control
1897          * algorithms that we must have the following bandaid to talk
1898          * efficiently to them.  -DaveM
1899          */
1900         tp->snd_cwnd = TCP_INIT_CWND;
1901 
1902         /* See draft-stevens-tcpca-spec-01 for discussion of the
1903          * initialization of these values.
1904          */
1905         tp->snd_ssthresh = TCP_INFINITE_SSTHRESH;
1906         tp->snd_cwnd_clamp = ~0;
1907         tp->mss_cache = TCP_MSS_DEFAULT;
1908 
1909         tp->reordering = sysctl_tcp_reordering;
1910         icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1911 
1912         sk->sk_state = TCP_CLOSE;
1913 
1914         sk->sk_write_space = sk_stream_write_space;
1915         sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1916 
1917         icsk->icsk_af_ops = &ipv4_specific;
1918         icsk->icsk_sync_mss = tcp_sync_mss;
1919 #ifdef CONFIG_TCP_MD5SIG
1920         tp->af_specific = &tcp_sock_ipv4_specific;
1921 #endif
1922 
1923         /* TCP Cookie Transactions */
1924         if (sysctl_tcp_cookie_size > 0) {
1925                 /* Default, cookies without s_data_payload. */
1926                 tp->cookie_values =
1927                         kzalloc(sizeof(*tp->cookie_values),
1928                                 sk->sk_allocation);
1929                 if (tp->cookie_values != NULL)
1930                         kref_init(&tp->cookie_values->kref);
1931         }
1932         /* Presumed zeroed, in order of appearance:
1933          *      cookie_in_always, cookie_out_never,
1934          *      s_data_constant, s_data_in, s_data_out
1935          */
1936         sk->sk_sndbuf = sysctl_tcp_wmem[1];
1937         sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1938 
1939         local_bh_disable();
1940         percpu_counter_inc(&tcp_sockets_allocated);
1941         local_bh_enable();
1942 
1943         return 0;
1944 }
1945 
1946 void tcp_v4_destroy_sock(struct sock *sk)
1947 {
1948         struct tcp_sock *tp = tcp_sk(sk);
1949 
1950         tcp_clear_xmit_timers(sk);
1951 
1952         tcp_cleanup_congestion_control(sk);
1953 
1954         /* Cleanup up the write buffer. */
1955         tcp_write_queue_purge(sk);
1956 
1957         /* Cleans up our, hopefully empty, out_of_order_queue. */
1958         __skb_queue_purge(&tp->out_of_order_queue);
1959 
1960 #ifdef CONFIG_TCP_MD5SIG
1961         /* Clean up the MD5 key list, if any */
1962         if (tp->md5sig_info) {
1963                 tcp_v4_clear_md5_list(sk);
1964                 kfree(tp->md5sig_info);
1965                 tp->md5sig_info = NULL;
1966         }
1967 #endif
1968 
1969 #ifdef CONFIG_NET_DMA
1970         /* Cleans up our sk_async_wait_queue */
1971         __skb_queue_purge(&sk->sk_async_wait_queue);
1972 #endif
1973 
1974         /* Clean prequeue, it must be empty really */
1975         __skb_queue_purge(&tp->ucopy.prequeue);
1976 
1977         /* Clean up a referenced TCP bind bucket. */
1978         if (inet_csk(sk)->icsk_bind_hash)
1979                 inet_put_port(sk);
1980 
1981         /*
1982          * If sendmsg cached page exists, toss it.
1983          */
1984         if (sk->sk_sndmsg_page) {
1985                 __free_page(sk->sk_sndmsg_page);
1986                 sk->sk_sndmsg_page = NULL;
1987         }
1988 
1989         /* TCP Cookie Transactions */
1990         if (tp->cookie_values != NULL) {
1991                 kref_put(&tp->cookie_values->kref,
1992                          tcp_cookie_values_release);
1993                 tp->cookie_values = NULL;
1994         }
1995 
1996         percpu_counter_dec(&tcp_sockets_allocated);
1997 }
1998 EXPORT_SYMBOL(tcp_v4_destroy_sock);
1999 
2000 #ifdef CONFIG_PROC_FS
2001 /* Proc filesystem TCP sock list dumping. */
2002 
2003 static inline struct inet_timewait_sock *tw_head(struct hlist_nulls_head *head)
2004 {
2005         return hlist_nulls_empty(head) ? NULL :
2006                 list_entry(head->first, struct inet_timewait_sock, tw_node);
2007 }
2008 
2009 static inline struct inet_timewait_sock *tw_next(struct inet_timewait_sock *tw)
2010 {
2011         return !is_a_nulls(tw->tw_node.next) ?
2012                 hlist_nulls_entry(tw->tw_node.next, typeof(*tw), tw_node) : NULL;
2013 }
2014 
2015 /*
2016  * Get next listener socket follow cur.  If cur is NULL, get first socket
2017  * starting from bucket given in st->bucket; when st->bucket is zero the
2018  * very first socket in the hash table is returned.
2019  */
2020 static void *listening_get_next(struct seq_file *seq, void *cur)
2021 {
2022         struct inet_connection_sock *icsk;
2023         struct hlist_nulls_node *node;
2024         struct sock *sk = cur;
2025         struct inet_listen_hashbucket *ilb;
2026         struct tcp_iter_state *st = seq->private;
2027         struct net *net = seq_file_net(seq);
2028 
2029         if (!sk) {
2030                 ilb = &tcp_hashinfo.listening_hash[st->bucket];
2031                 spin_lock_bh(&ilb->lock);
2032                 sk = sk_nulls_head(&ilb->head);
2033                 st->offset = 0;
2034                 goto get_sk;
2035         }
2036         ilb = &tcp_hashinfo.listening_hash[st->bucket];
2037         ++st->num;
2038         ++st->offset;
2039 
2040         if (st->state == TCP_SEQ_STATE_OPENREQ) {
2041                 struct request_sock *req = cur;
2042 
2043                 icsk = inet_csk(st->syn_wait_sk);
2044                 req = req->dl_next;
2045                 while (1) {
2046                         while (req) {
2047                                 if (req->rsk_ops->family == st->family) {
2048                                         cur = req;
2049                                         goto out;
2050                                 }
2051                                 req = req->dl_next;
2052                         }
2053                         if (++st->sbucket >= icsk->icsk_accept_queue.listen_opt->nr_table_entries)
2054                                 break;
2055 get_req:
2056                         req = icsk->icsk_accept_queue.listen_opt->syn_table[st->sbucket];
2057                 }
2058                 sk        = sk_nulls_next(st->syn_wait_sk);
2059                 st->state = TCP_SEQ_STATE_LISTENING;
2060                 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2061         } else {
2062                 icsk = inet_csk(sk);
2063                 read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2064                 if (reqsk_queue_len(&icsk->icsk_accept_queue))
2065                         goto start_req;
2066                 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2067                 sk = sk_nulls_next(sk);
2068         }
2069 get_sk:
2070         sk_nulls_for_each_from(sk, node) {
2071                 if (!net_eq(sock_net(sk), net))
2072                         continue;
2073                 if (sk->sk_family == st->family) {
2074                         cur = sk;
2075                         goto out;
2076                 }
2077                 icsk = inet_csk(sk);
2078                 read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2079                 if (reqsk_queue_len(&icsk->icsk_accept_queue)) {
2080 start_req:
2081                         st->uid         = sock_i_uid(sk);
2082                         st->syn_wait_sk = sk;
2083                         st->state       = TCP_SEQ_STATE_OPENREQ;
2084                         st->sbucket     = 0;
2085                         goto get_req;
2086                 }
2087                 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2088         }
2089         spin_unlock_bh(&ilb->lock);
2090         st->offset = 0;
2091         if (++st->bucket < INET_LHTABLE_SIZE) {
2092                 ilb = &tcp_hashinfo.listening_hash[st->bucket];
2093                 spin_lock_bh(&ilb->lock);
2094                 sk = sk_nulls_head(&ilb->head);
2095                 goto get_sk;
2096         }
2097         cur = NULL;
2098 out:
2099         return cur;
2100 }
2101 
2102 static void *listening_get_idx(struct seq_file *seq, loff_t *pos)
2103 {
2104         struct tcp_iter_state *st = seq->private;
2105         void *rc;
2106 
2107         st->bucket = 0;
2108         st->offset = 0;
2109         rc = listening_get_next(seq, NULL);
2110 
2111         while (rc && *pos) {
2112                 rc = listening_get_next(seq, rc);
2113                 --*pos;
2114         }
2115         return rc;
2116 }
2117 
2118 static inline int empty_bucket(struct tcp_iter_state *st)
2119 {
2120         return hlist_nulls_empty(&tcp_hashinfo.ehash[st->bucket].chain) &&
2121                 hlist_nulls_empty(&tcp_hashinfo.ehash[st->bucket].twchain);
2122 }
2123 
2124 /*
2125  * Get first established socket starting from bucket given in st->bucket.
2126  * If st->bucket is zero, the very first socket in the hash is returned.
2127  */
2128 static void *established_get_first(struct seq_file *seq)
2129 {
2130         struct tcp_iter_state *st = seq->private;
2131         struct net *net = seq_file_net(seq);
2132         void *rc = NULL;
2133 
2134         st->offset = 0;
2135         for (; st->bucket <= tcp_hashinfo.ehash_mask; ++st->bucket) {
2136                 struct sock *sk;
2137                 struct hlist_nulls_node *node;
2138                 struct inet_timewait_sock *tw;
2139                 spinlock_t *lock = inet_ehash_lockp(&tcp_hashinfo, st->bucket);
2140 
2141                 /* Lockless fast path for the common case of empty buckets */
2142                 if (empty_bucket(st))
2143                         continue;
2144 
2145                 spin_lock_bh(lock);
2146                 sk_nulls_for_each(sk, node, &tcp_hashinfo.ehash[st->bucket].chain) {
2147                         if (sk->sk_family != st->family ||
2148                             !net_eq(sock_net(sk), net)) {
2149                                 continue;
2150                         }
2151                         rc = sk;
2152                         goto out;
2153                 }
2154                 st->state = TCP_SEQ_STATE_TIME_WAIT;
2155                 inet_twsk_for_each(tw, node,
2156                                    &tcp_hashinfo.ehash[st->bucket].twchain) {
2157                         if (tw->tw_family != st->family ||
2158                             !net_eq(twsk_net(tw), net)) {
2159                                 continue;
2160                         }
2161                         rc = tw;
2162                         goto out;
2163                 }
2164                 spin_unlock_bh(lock);
2165                 st->state = TCP_SEQ_STATE_ESTABLISHED;
2166         }
2167 out:
2168         return rc;
2169 }
2170 
2171 static void *established_get_next(struct seq_file *seq, void *cur)
2172 {
2173         struct sock *sk = cur;
2174         struct inet_timewait_sock *tw;
2175         struct hlist_nulls_node *node;
2176         struct tcp_iter_state *st = seq->private;
2177         struct net *net = seq_file_net(seq);
2178 
2179         ++st->num;
2180         ++st->offset;
2181 
2182         if (st->state == TCP_SEQ_STATE_TIME_WAIT) {
2183                 tw = cur;
2184                 tw = tw_next(tw);
2185 get_tw:
2186                 while (tw && (tw->tw_family != st->family || !net_eq(twsk_net(tw), net))) {
2187                         tw = tw_next(tw);
2188                 }
2189                 if (tw) {
2190                         cur = tw;
2191                         goto out;
2192                 }
2193                 spin_unlock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2194                 st->state = TCP_SEQ_STATE_ESTABLISHED;
2195 
2196                 /* Look for next non empty bucket */
2197                 st->offset = 0;
2198                 while (++st->bucket <= tcp_hashinfo.ehash_mask &&
2199                                 empty_bucket(st))
2200                         ;
2201                 if (st->bucket > tcp_hashinfo.ehash_mask)
2202                         return NULL;
2203 
2204                 spin_lock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2205                 sk = sk_nulls_head(&tcp_hashinfo.ehash[st->bucket].chain);
2206         } else
2207                 sk = sk_nulls_next(sk);
2208 
2209         sk_nulls_for_each_from(sk, node) {
2210                 if (sk->sk_family == st->family && net_eq(sock_net(sk), net))
2211                         goto found;
2212         }
2213 
2214         st->state = TCP_SEQ_STATE_TIME_WAIT;
2215         tw = tw_head(&tcp_hashinfo.ehash[st->bucket].twchain);
2216         goto get_tw;
2217 found:
2218         cur = sk;
2219 out:
2220         return cur;
2221 }
2222 
2223 static void *established_get_idx(struct seq_file *seq, loff_t pos)
2224 {
2225         struct tcp_iter_state *st = seq->private;
2226         void *rc;
2227 
2228         st->bucket = 0;
2229         rc = established_get_first(seq);
2230 
2231         while (rc && pos) {
2232                 rc = established_get_next(seq, rc);
2233                 --pos;
2234         }
2235         return rc;
2236 }
2237 
2238 static void *tcp_get_idx(struct seq_file *seq, loff_t pos)
2239 {
2240         void *rc;
2241         struct tcp_iter_state *st = seq->private;
2242 
2243         st->state = TCP_SEQ_STATE_LISTENING;
2244         rc        = listening_get_idx(seq, &pos);
2245 
2246         if (!rc) {
2247                 st->state = TCP_SEQ_STATE_ESTABLISHED;
2248                 rc        = established_get_idx(seq, pos);
2249         }
2250 
2251         return rc;
2252 }
2253 
2254 static void *tcp_seek_last_pos(struct seq_file *seq)
2255 {
2256         struct tcp_iter_state *st = seq->private;
2257         int offset = st->offset;
2258         int orig_num = st->num;
2259         void *rc = NULL;
2260 
2261         switch (st->state) {
2262         case TCP_SEQ_STATE_OPENREQ:
2263         case TCP_SEQ_STATE_LISTENING:
2264                 if (st->bucket >= INET_LHTABLE_SIZE)
2265                         break;
2266                 st->state = TCP_SEQ_STATE_LISTENING;
2267                 rc = listening_get_next(seq, NULL);
2268                 while (offset-- && rc)
2269                         rc = listening_get_next(seq, rc);
2270                 if (rc)
2271                         break;
2272                 st->bucket = 0;
2273                 /* Fallthrough */
2274         case TCP_SEQ_STATE_ESTABLISHED:
2275         case TCP_SEQ_STATE_TIME_WAIT:
2276                 st->state = TCP_SEQ_STATE_ESTABLISHED;
2277                 if (st->bucket > tcp_hashinfo.ehash_mask)
2278                         break;
2279                 rc = established_get_first(seq);
2280                 while (offset-- && rc)
2281                         rc = established_get_next(seq, rc);
2282         }
2283 
2284         st->num = orig_num;
2285 
2286         return rc;
2287 }
2288 
2289 static void *tcp_seq_start(struct seq_file *seq, loff_t *pos)
2290 {
2291         struct tcp_iter_state *st = seq->private;
2292         void *rc;
2293 
2294         if (*pos && *pos == st->last_pos) {
2295                 rc = tcp_seek_last_pos(seq);
2296                 if (rc)
2297                         goto out;
2298         }
2299 
2300         st->state = TCP_SEQ_STATE_LISTENING;
2301         st->num = 0;
2302         st->bucket = 0;
2303         st->offset = 0;
2304         rc = *pos ? tcp_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2305 
2306 out:
2307         st->last_pos = *pos;
2308         return rc;
2309 }
2310 
2311 static void *tcp_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2312 {
2313         struct tcp_iter_state *st = seq->private;
2314         void *rc = NULL;
2315 
2316         if (v == SEQ_START_TOKEN) {
2317                 rc = tcp_get_idx(seq, 0);
2318                 goto out;
2319         }
2320 
2321         switch (st->state) {
2322         case TCP_SEQ_STATE_OPENREQ:
2323         case TCP_SEQ_STATE_LISTENING:
2324                 rc = listening_get_next(seq, v);
2325                 if (!rc) {
2326                         st->state = TCP_SEQ_STATE_ESTABLISHED;
2327                         st->bucket = 0;
2328                         st->offset = 0;
2329                         rc        = established_get_first(seq);
2330                 }
2331                 break;
2332         case TCP_SEQ_STATE_ESTABLISHED:
2333         case TCP_SEQ_STATE_TIME_WAIT:
2334                 rc = established_get_next(seq, v);
2335                 break;
2336         }
2337 out:
2338         ++*pos;
2339         st->last_pos = *pos;
2340         return rc;
2341 }
2342 
2343 static void tcp_seq_stop(struct seq_file *seq, void *v)
2344 {
2345         struct tcp_iter_state *st = seq->private;
2346 
2347         switch (st->state) {
2348         case TCP_SEQ_STATE_OPENREQ:
2349                 if (v) {
2350                         struct inet_connection_sock *icsk = inet_csk(st->syn_wait_sk);
2351                         read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2352                 }
2353         case TCP_SEQ_STATE_LISTENING:
2354                 if (v != SEQ_START_TOKEN)
2355                         spin_unlock_bh(&tcp_hashinfo.listening_hash[st->bucket].lock);
2356                 break;
2357         case TCP_SEQ_STATE_TIME_WAIT:
2358         case TCP_SEQ_STATE_ESTABLISHED:
2359                 if (v)
2360                         spin_unlock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2361                 break;
2362         }
2363 }
2364 
2365 int tcp_seq_open(struct inode *inode, struct file *file)
2366 {
2367         struct tcp_seq_afinfo *afinfo = PDE(inode)->data;
2368         struct tcp_iter_state *s;
2369         int err;
2370 
2371         err = seq_open_net(inode, file, &afinfo->seq_ops,
2372                           sizeof(struct tcp_iter_state));
2373         if (err < 0)
2374                 return err;
2375 
2376         s = ((struct seq_file *)file->private_data)->private;
2377         s->family               = afinfo->family;
2378         s->last_pos             = 0;
2379         return 0;
2380 }
2381 EXPORT_SYMBOL(tcp_seq_open);
2382 
2383 int tcp_proc_register(struct net *net, struct tcp_seq_afinfo *afinfo)
2384 {
2385         int rc = 0;
2386         struct proc_dir_entry *p;
2387 
2388         afinfo->seq_ops.start           = tcp_seq_start;
2389         afinfo->seq_ops.next            = tcp_seq_next;
2390         afinfo->seq_ops.stop            = tcp_seq_stop;
2391 
2392         p = proc_create_data(afinfo->name, S_IRUGO, net->proc_net,
2393                              afinfo->seq_fops, afinfo);
2394         if (!p)
2395                 rc = -ENOMEM;
2396         return rc;
2397 }
2398 EXPORT_SYMBOL(tcp_proc_register);
2399 
2400 void tcp_proc_unregister(struct net *net, struct tcp_seq_afinfo *afinfo)
2401 {
2402         proc_net_remove(net, afinfo->name);
2403 }
2404 EXPORT_SYMBOL(tcp_proc_unregister);
2405 
2406 static void get_openreq4(const struct sock *sk, const struct request_sock *req,
2407                          struct seq_file *f, int i, int uid, int *len)
2408 {
2409         const struct inet_request_sock *ireq = inet_rsk(req);
2410         int ttd = req->expires - jiffies;
2411 
2412         seq_printf(f, "%4d: %08X:%04X %08X:%04X"
2413                 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %u %d %pK%n",
2414                 i,
2415                 ireq->loc_addr,
2416                 ntohs(inet_sk(sk)->inet_sport),
2417                 ireq->rmt_addr,
2418                 ntohs(ireq->rmt_port),
2419                 TCP_SYN_RECV,
2420                 0, 0, /* could print option size, but that is af dependent. */
2421                 1,    /* timers active (only the expire timer) */
2422                 jiffies_to_clock_t(ttd),
2423                 req->retrans,
2424                 uid,
2425                 0,  /* non standard timer */
2426                 0, /* open_requests have no inode */
2427                 atomic_read(&sk->sk_refcnt),
2428                 req,
2429                 len);
2430 }
2431 
2432 static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
2433 {
2434         int timer_active;
2435         unsigned long timer_expires;
2436         const struct tcp_sock *tp = tcp_sk(sk);
2437         const struct inet_connection_sock *icsk = inet_csk(sk);
2438         const struct inet_sock *inet = inet_sk(sk);
2439         __be32 dest = inet->inet_daddr;
2440         __be32 src = inet->inet_rcv_saddr;
2441         __u16 destp = ntohs(inet->inet_dport);
2442         __u16 srcp = ntohs(inet->inet_sport);
2443         int rx_queue;
2444 
2445         if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
2446                 timer_active    = 1;
2447                 timer_expires   = icsk->icsk_timeout;
2448         } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2449                 timer_active    = 4;
2450                 timer_expires   = icsk->icsk_timeout;
2451         } else if (timer_pending(&sk->sk_timer)) {
2452                 timer_active    = 2;
2453                 timer_expires   = sk->sk_timer.expires;
2454         } else {
2455                 timer_active    = 0;
2456                 timer_expires = jiffies;
2457         }
2458 
2459         if (sk->sk_state == TCP_LISTEN)
2460                 rx_queue = sk->sk_ack_backlog;
2461         else
2462                 /*
2463                  * because we dont lock socket, we might find a transient negative value
2464                  */
2465                 rx_queue = max_t(int, tp->rcv_nxt - tp->copied_seq, 0);
2466 
2467         seq_printf(f, "%4d: %08X:%04X %08X:%04X %02X %08X:%08X %02X:%08lX "
2468                         "%08X %5d %8d %lu %d %pK %lu %lu %u %u %d%n",
2469                 i, src, srcp, dest, destp, sk->sk_state,
2470                 tp->write_seq - tp->snd_una,
2471                 rx_queue,
2472                 timer_active,
2473                 jiffies_to_clock_t(timer_expires - jiffies),
2474                 icsk->icsk_retransmits,
2475                 sock_i_uid(sk),
2476                 icsk->icsk_probes_out,
2477                 sock_i_ino(sk),
2478                 atomic_read(&sk->sk_refcnt), sk,
2479                 jiffies_to_clock_t(icsk->icsk_rto),
2480                 jiffies_to_clock_t(icsk->icsk_ack.ato),
2481                 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
2482                 tp->snd_cwnd,
2483                 tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh,
2484                 len);
2485 }
2486 
2487 static void get_timewait4_sock(const struct inet_timewait_sock *tw,
2488                                struct seq_file *f, int i, int *len)
2489 {
2490         __be32 dest, src;
2491         __u16 destp, srcp;
2492         int ttd = tw->tw_ttd - jiffies;
2493 
2494         if (ttd < 0)
2495                 ttd = 0;
2496 
2497         dest  = tw->tw_daddr;
2498         src   = tw->tw_rcv_saddr;
2499         destp = ntohs(tw->tw_dport);
2500         srcp  = ntohs(tw->tw_sport);
2501 
2502         seq_printf(f, "%4d: %08X:%04X %08X:%04X"
2503                 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK%n",
2504                 i, src, srcp, dest, destp, tw->tw_substate, 0, 0,
2505                 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2506                 atomic_read(&tw->tw_refcnt), tw, len);
2507 }
2508 
2509 #define TMPSZ 150
2510 
2511 static int tcp4_seq_show(struct seq_file *seq, void *v)
2512 {
2513         struct tcp_iter_state *st;
2514         int len;
2515 
2516         if (v == SEQ_START_TOKEN) {
2517                 seq_printf(seq, "%-*s\n", TMPSZ - 1,
2518                            "  sl  local_address rem_address   st tx_queue "
2519                            "rx_queue tr tm->when retrnsmt   uid  timeout "
2520                            "inode");
2521                 goto out;
2522         }
2523         st = seq->private;
2524 
2525         switch (st->state) {
2526         case TCP_SEQ_STATE_LISTENING:
2527         case TCP_SEQ_STATE_ESTABLISHED:
2528                 get_tcp4_sock(v, seq, st->num, &len);
2529                 break;
2530         case TCP_SEQ_STATE_OPENREQ:
2531                 get_openreq4(st->syn_wait_sk, v, seq, st->num, st->uid, &len);
2532                 break;
2533         case TCP_SEQ_STATE_TIME_WAIT:
2534                 get_timewait4_sock(v, seq, st->num, &len);
2535                 break;
2536         }
2537         seq_printf(seq, "%*s\n", TMPSZ - 1 - len, "");
2538 out:
2539         return 0;
2540 }
2541 
2542 static const struct file_operations tcp_afinfo_seq_fops = {
2543         .owner   = THIS_MODULE,
2544         .open    = tcp_seq_open,
2545         .read    = seq_read,
2546         .llseek  = seq_lseek,
2547         .release = seq_release_net
2548 };
2549 
2550 static struct tcp_seq_afinfo tcp4_seq_afinfo = {
2551         .name           = "tcp",
2552         .family         = AF_INET,
2553         .seq_fops       = &tcp_afinfo_seq_fops,
2554         .seq_ops        = {
2555                 .show           = tcp4_seq_show,
2556         },
2557 };
2558 
2559 static int __net_init tcp4_proc_init_net(struct net *net)
2560 {
2561         return tcp_proc_register(net, &tcp4_seq_afinfo);
2562 }
2563 
2564 static void __net_exit tcp4_proc_exit_net(struct net *net)
2565 {
2566         tcp_proc_unregister(net, &tcp4_seq_afinfo);
2567 }
2568 
2569 static struct pernet_operations tcp4_net_ops = {
2570         .init = tcp4_proc_init_net,
2571         .exit = tcp4_proc_exit_net,
2572 };
2573 
2574 int __init tcp4_proc_init(void)
2575 {
2576         return register_pernet_subsys(&tcp4_net_ops);
2577 }
2578 
2579 void tcp4_proc_exit(void)
2580 {
2581         unregister_pernet_subsys(&tcp4_net_ops);
2582 }
2583 #endif /* CONFIG_PROC_FS */
2584 
2585 struct sk_buff **tcp4_gro_receive(struct sk_buff **head, struct sk_buff *skb)
2586 {
2587         const struct iphdr *iph = skb_gro_network_header(skb);
2588 
2589         switch (skb->ip_summed) {
2590         case CHECKSUM_COMPLETE:
2591                 if (!tcp_v4_check(skb_gro_len(skb), iph->saddr, iph->daddr,
2592                                   skb->csum)) {
2593                         skb->ip_summed = CHECKSUM_UNNECESSARY;
2594                         break;
2595                 }
2596 
2597                 /* fall through */
2598         case CHECKSUM_NONE:
2599                 NAPI_GRO_CB(skb)->flush = 1;
2600                 return NULL;
2601         }
2602 
2603         return tcp_gro_receive(head, skb);
2604 }
2605 
2606 int tcp4_gro_complete(struct sk_buff *skb)
2607 {
2608         const struct iphdr *iph = ip_hdr(skb);
2609         struct tcphdr *th = tcp_hdr(skb);
2610 
2611         th->check = ~tcp_v4_check(skb->len - skb_transport_offset(skb),
2612                                   iph->saddr, iph->daddr, 0);
2613         skb_shinfo(skb)->gso_type = SKB_GSO_TCPV4;
2614 
2615         return tcp_gro_complete(skb);
2616 }
2617 
2618 struct proto tcp_prot = {
2619         .name                   = "TCP",
2620         .owner                  = THIS_MODULE,
2621         .close                  = tcp_close,
2622         .connect                = tcp_v4_connect,
2623         .disconnect             = tcp_disconnect,
2624         .accept                 = inet_csk_accept,
2625         .ioctl                  = tcp_ioctl,
2626         .init                   = tcp_v4_init_sock,
2627         .destroy                = tcp_v4_destroy_sock,
2628         .shutdown               = tcp_shutdown,
2629         .setsockopt             = tcp_setsockopt,
2630         .getsockopt             = tcp_getsockopt,
2631         .recvmsg                = tcp_recvmsg,
2632         .sendmsg                = tcp_sendmsg,
2633         .sendpage               = tcp_sendpage,
2634         .backlog_rcv            = tcp_v4_do_rcv,
2635         .hash                   = inet_hash,
2636         .unhash                 = inet_unhash,
2637         .get_port               = inet_csk_get_port,
2638         .enter_memory_pressure  = tcp_enter_memory_pressure,
2639         .sockets_allocated      = &tcp_sockets_allocated,
2640         .orphan_count           = &tcp_orphan_count,
2641         .memory_allocated       = &tcp_memory_allocated,
2642         .memory_pressure        = &tcp_memory_pressure,
2643         .sysctl_mem             = sysctl_tcp_mem,
2644         .sysctl_wmem            = sysctl_tcp_wmem,
2645         .sysctl_rmem            = sysctl_tcp_rmem,
2646         .max_header             = MAX_TCP_HEADER,
2647         .obj_size               = sizeof(struct tcp_sock),
2648         .slab_flags             = SLAB_DESTROY_BY_RCU,
2649         .twsk_prot              = &tcp_timewait_sock_ops,
2650         .rsk_prot               = &tcp_request_sock_ops,
2651         .h.hashinfo             = &tcp_hashinfo,
2652         .no_autobind            = true,
2653 #ifdef CONFIG_COMPAT
2654         .compat_setsockopt      = compat_tcp_setsockopt,
2655         .compat_getsockopt      = compat_tcp_getsockopt,
2656 #endif
2657 };
2658 EXPORT_SYMBOL(tcp_prot);
2659 
2660 
2661 static int __net_init tcp_sk_init(struct net *net)
2662 {
2663         return inet_ctl_sock_create(&net->ipv4.tcp_sock,
2664                                     PF_INET, SOCK_RAW, IPPROTO_TCP, net);
2665 }
2666 
2667 static void __net_exit tcp_sk_exit(struct net *net)
2668 {
2669         inet_ctl_sock_destroy(net->ipv4.tcp_sock);
2670 }
2671 
2672 static void __net_exit tcp_sk_exit_batch(struct list_head *net_exit_list)
2673 {
2674         inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET);
2675 }
2676 
2677 static struct pernet_operations __net_initdata tcp_sk_ops = {
2678        .init       = tcp_sk_init,
2679        .exit       = tcp_sk_exit,
2680        .exit_batch = tcp_sk_exit_batch,
2681 };
2682 
2683 void __init tcp_v4_init(void)
2684 {
2685         inet_hashinfo_init(&tcp_hashinfo);
2686         if (register_pernet_subsys(&tcp_sk_ops))
2687                 panic("Failed to create the TCP control socket.\n");
2688 }
2689 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp