1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * INET An implementation of the TCP/IP protocol suite for the LINUX 4 * operating system. INET is implemented using the BSD Socket 5 * interface as the means of communication with the user level. 6 * 7 * Implementation of the Transmission Control Protocol(TCP). 8 * 9 * IPv4 specific functions 10 * 11 * code split from: 12 * linux/ipv4/tcp.c 13 * linux/ipv4/tcp_input.c 14 * linux/ipv4/tcp_output.c 15 * 16 * See tcp.c for author information 17 */ 18 19 /* 20 * Changes: 21 * David S. Miller : New socket lookup architecture. 22 * This code is dedicated to John Dyson. 23 * David S. Miller : Change semantics of established hash, 24 * half is devoted to TIME_WAIT sockets 25 * and the rest go in the other half. 26 * Andi Kleen : Add support for syncookies and fixed 27 * some bugs: ip options weren't passed to 28 * the TCP layer, missed a check for an 29 * ACK bit. 30 * Andi Kleen : Implemented fast path mtu discovery. 31 * Fixed many serious bugs in the 32 * request_sock handling and moved 33 * most of it into the af independent code. 34 * Added tail drop and some other bugfixes. 35 * Added new listen semantics. 36 * Mike McLagan : Routing by source 37 * Juan Jose Ciarlante: ip_dynaddr bits 38 * Andi Kleen: various fixes. 39 * Vitaly E. Lavrov : Transparent proxy revived after year 40 * coma. 41 * Andi Kleen : Fix new listen. 42 * Andi Kleen : Fix accept error reporting. 43 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which 44 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind 45 * a single port at the same time. 46 */ 47 48 #define pr_fmt(fmt) "TCP: " fmt 49 50 #include <linux/bottom_half.h> 51 #include <linux/types.h> 52 #include <linux/fcntl.h> 53 #include <linux/module.h> 54 #include <linux/random.h> 55 #include <linux/cache.h> 56 #include <linux/jhash.h> 57 #include <linux/init.h> 58 #include <linux/times.h> 59 #include <linux/slab.h> 60 #include <linux/sched.h> 61 62 #include <net/net_namespace.h> 63 #include <net/icmp.h> 64 #include <net/inet_hashtables.h> 65 #include <net/tcp.h> 66 #include <net/transp_v6.h> 67 #include <net/ipv6.h> 68 #include <net/inet_common.h> 69 #include <net/timewait_sock.h> 70 #include <net/xfrm.h> 71 #include <net/secure_seq.h> 72 #include <net/busy_poll.h> 73 #include <net/rstreason.h> 74 75 #include <linux/inet.h> 76 #include <linux/ipv6.h> 77 #include <linux/stddef.h> 78 #include <linux/proc_fs.h> 79 #include <linux/seq_file.h> 80 #include <linux/inetdevice.h> 81 #include <linux/btf_ids.h> 82 #include <linux/skbuff_ref.h> 83 84 #include <crypto/hash.h> 85 #include <linux/scatterlist.h> 86 87 #include <trace/events/tcp.h> 88 89 #ifdef CONFIG_TCP_MD5SIG 90 static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key, 91 __be32 daddr, __be32 saddr, const struct tcphdr *th); 92 #endif 93 94 struct inet_hashinfo tcp_hashinfo; 95 EXPORT_SYMBOL(tcp_hashinfo); 96 97 static DEFINE_PER_CPU(struct sock_bh_locked, ipv4_tcp_sk) = { 98 .bh_lock = INIT_LOCAL_LOCK(bh_lock), 99 }; 100 101 static DEFINE_MUTEX(tcp_exit_batch_mutex); 102 tcp_v4_init_seq(const struct sk_buff * skb)103 static u32 tcp_v4_init_seq(const struct sk_buff *skb) 104 { 105 return secure_tcp_seq(ip_hdr(skb)->daddr, 106 ip_hdr(skb)->saddr, 107 tcp_hdr(skb)->dest, 108 tcp_hdr(skb)->source); 109 } 110 tcp_v4_init_ts_off(const struct net * net,const struct sk_buff * skb)111 static u32 tcp_v4_init_ts_off(const struct net *net, const struct sk_buff *skb) 112 { 113 return secure_tcp_ts_off(net, ip_hdr(skb)->daddr, ip_hdr(skb)->saddr); 114 } 115 tcp_twsk_unique(struct sock * sk,struct sock * sktw,void * twp)116 int tcp_twsk_unique(struct sock *sk, struct sock *sktw, void *twp) 117 { 118 int reuse = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_tw_reuse); 119 const struct inet_timewait_sock *tw = inet_twsk(sktw); 120 const struct tcp_timewait_sock *tcptw = tcp_twsk(sktw); 121 struct tcp_sock *tp = tcp_sk(sk); 122 int ts_recent_stamp; 123 124 if (READ_ONCE(tw->tw_substate) == TCP_FIN_WAIT2) 125 reuse = 0; 126 127 if (reuse == 2) { 128 /* Still does not detect *everything* that goes through 129 * lo, since we require a loopback src or dst address 130 * or direct binding to 'lo' interface. 131 */ 132 bool loopback = false; 133 if (tw->tw_bound_dev_if == LOOPBACK_IFINDEX) 134 loopback = true; 135 #if IS_ENABLED(CONFIG_IPV6) 136 if (tw->tw_family == AF_INET6) { 137 if (ipv6_addr_loopback(&tw->tw_v6_daddr) || 138 ipv6_addr_v4mapped_loopback(&tw->tw_v6_daddr) || 139 ipv6_addr_loopback(&tw->tw_v6_rcv_saddr) || 140 ipv6_addr_v4mapped_loopback(&tw->tw_v6_rcv_saddr)) 141 loopback = true; 142 } else 143 #endif 144 { 145 if (ipv4_is_loopback(tw->tw_daddr) || 146 ipv4_is_loopback(tw->tw_rcv_saddr)) 147 loopback = true; 148 } 149 if (!loopback) 150 reuse = 0; 151 } 152 153 /* With PAWS, it is safe from the viewpoint 154 of data integrity. Even without PAWS it is safe provided sequence 155 spaces do not overlap i.e. at data rates <= 80Mbit/sec. 156 157 Actually, the idea is close to VJ's one, only timestamp cache is 158 held not per host, but per port pair and TW bucket is used as state 159 holder. 160 161 If TW bucket has been already destroyed we fall back to VJ's scheme 162 and use initial timestamp retrieved from peer table. 163 */ 164 ts_recent_stamp = READ_ONCE(tcptw->tw_ts_recent_stamp); 165 if (ts_recent_stamp && 166 (!twp || (reuse && time_after32(ktime_get_seconds(), 167 ts_recent_stamp)))) { 168 /* inet_twsk_hashdance_schedule() sets sk_refcnt after putting twsk 169 * and releasing the bucket lock. 170 */ 171 if (unlikely(!refcount_inc_not_zero(&sktw->sk_refcnt))) 172 return 0; 173 174 /* In case of repair and re-using TIME-WAIT sockets we still 175 * want to be sure that it is safe as above but honor the 176 * sequence numbers and time stamps set as part of the repair 177 * process. 178 * 179 * Without this check re-using a TIME-WAIT socket with TCP 180 * repair would accumulate a -1 on the repair assigned 181 * sequence number. The first time it is reused the sequence 182 * is -1, the second time -2, etc. This fixes that issue 183 * without appearing to create any others. 184 */ 185 if (likely(!tp->repair)) { 186 u32 seq = tcptw->tw_snd_nxt + 65535 + 2; 187 188 if (!seq) 189 seq = 1; 190 WRITE_ONCE(tp->write_seq, seq); 191 tp->rx_opt.ts_recent = READ_ONCE(tcptw->tw_ts_recent); 192 tp->rx_opt.ts_recent_stamp = ts_recent_stamp; 193 } 194 195 return 1; 196 } 197 198 return 0; 199 } 200 EXPORT_SYMBOL_GPL(tcp_twsk_unique); 201 tcp_v4_pre_connect(struct sock * sk,struct sockaddr * uaddr,int addr_len)202 static int tcp_v4_pre_connect(struct sock *sk, struct sockaddr *uaddr, 203 int addr_len) 204 { 205 /* This check is replicated from tcp_v4_connect() and intended to 206 * prevent BPF program called below from accessing bytes that are out 207 * of the bound specified by user in addr_len. 208 */ 209 if (addr_len < sizeof(struct sockaddr_in)) 210 return -EINVAL; 211 212 sock_owned_by_me(sk); 213 214 return BPF_CGROUP_RUN_PROG_INET4_CONNECT(sk, uaddr, &addr_len); 215 } 216 217 /* This will initiate an outgoing connection. */ tcp_v4_connect(struct sock * sk,struct sockaddr * uaddr,int addr_len)218 int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) 219 { 220 struct sockaddr_in *usin = (struct sockaddr_in *)uaddr; 221 struct inet_timewait_death_row *tcp_death_row; 222 struct inet_sock *inet = inet_sk(sk); 223 struct tcp_sock *tp = tcp_sk(sk); 224 struct ip_options_rcu *inet_opt; 225 struct net *net = sock_net(sk); 226 __be16 orig_sport, orig_dport; 227 __be32 daddr, nexthop; 228 struct flowi4 *fl4; 229 struct rtable *rt; 230 int err; 231 232 if (addr_len < sizeof(struct sockaddr_in)) 233 return -EINVAL; 234 235 if (usin->sin_family != AF_INET) 236 return -EAFNOSUPPORT; 237 238 nexthop = daddr = usin->sin_addr.s_addr; 239 inet_opt = rcu_dereference_protected(inet->inet_opt, 240 lockdep_sock_is_held(sk)); 241 if (inet_opt && inet_opt->opt.srr) { 242 if (!daddr) 243 return -EINVAL; 244 nexthop = inet_opt->opt.faddr; 245 } 246 247 orig_sport = inet->inet_sport; 248 orig_dport = usin->sin_port; 249 fl4 = &inet->cork.fl.u.ip4; 250 rt = ip_route_connect(fl4, nexthop, inet->inet_saddr, 251 sk->sk_bound_dev_if, IPPROTO_TCP, orig_sport, 252 orig_dport, sk); 253 if (IS_ERR(rt)) { 254 err = PTR_ERR(rt); 255 if (err == -ENETUNREACH) 256 IP_INC_STATS(net, IPSTATS_MIB_OUTNOROUTES); 257 return err; 258 } 259 260 if (rt->rt_flags & (RTCF_MULTICAST | RTCF_BROADCAST)) { 261 ip_rt_put(rt); 262 return -ENETUNREACH; 263 } 264 265 if (!inet_opt || !inet_opt->opt.srr) 266 daddr = fl4->daddr; 267 268 tcp_death_row = &sock_net(sk)->ipv4.tcp_death_row; 269 270 if (!inet->inet_saddr) { 271 err = inet_bhash2_update_saddr(sk, &fl4->saddr, AF_INET); 272 if (err) { 273 ip_rt_put(rt); 274 return err; 275 } 276 } else { 277 sk_rcv_saddr_set(sk, inet->inet_saddr); 278 } 279 280 if (tp->rx_opt.ts_recent_stamp && inet->inet_daddr != daddr) { 281 /* Reset inherited state */ 282 tp->rx_opt.ts_recent = 0; 283 tp->rx_opt.ts_recent_stamp = 0; 284 if (likely(!tp->repair)) 285 WRITE_ONCE(tp->write_seq, 0); 286 } 287 288 inet->inet_dport = usin->sin_port; 289 sk_daddr_set(sk, daddr); 290 291 inet_csk(sk)->icsk_ext_hdr_len = 0; 292 if (inet_opt) 293 inet_csk(sk)->icsk_ext_hdr_len = inet_opt->opt.optlen; 294 295 tp->rx_opt.mss_clamp = TCP_MSS_DEFAULT; 296 297 /* Socket identity is still unknown (sport may be zero). 298 * However we set state to SYN-SENT and not releasing socket 299 * lock select source port, enter ourselves into the hash tables and 300 * complete initialization after this. 301 */ 302 tcp_set_state(sk, TCP_SYN_SENT); 303 err = inet_hash_connect(tcp_death_row, sk); 304 if (err) 305 goto failure; 306 307 sk_set_txhash(sk); 308 309 rt = ip_route_newports(fl4, rt, orig_sport, orig_dport, 310 inet->inet_sport, inet->inet_dport, sk); 311 if (IS_ERR(rt)) { 312 err = PTR_ERR(rt); 313 rt = NULL; 314 goto failure; 315 } 316 tp->tcp_usec_ts = dst_tcp_usec_ts(&rt->dst); 317 /* OK, now commit destination to socket. */ 318 sk->sk_gso_type = SKB_GSO_TCPV4; 319 sk_setup_caps(sk, &rt->dst); 320 rt = NULL; 321 322 if (likely(!tp->repair)) { 323 if (!tp->write_seq) 324 WRITE_ONCE(tp->write_seq, 325 secure_tcp_seq(inet->inet_saddr, 326 inet->inet_daddr, 327 inet->inet_sport, 328 usin->sin_port)); 329 WRITE_ONCE(tp->tsoffset, 330 secure_tcp_ts_off(net, inet->inet_saddr, 331 inet->inet_daddr)); 332 } 333 334 atomic_set(&inet->inet_id, get_random_u16()); 335 336 if (tcp_fastopen_defer_connect(sk, &err)) 337 return err; 338 if (err) 339 goto failure; 340 341 err = tcp_connect(sk); 342 343 if (err) 344 goto failure; 345 346 return 0; 347 348 failure: 349 /* 350 * This unhashes the socket and releases the local port, 351 * if necessary. 352 */ 353 tcp_set_state(sk, TCP_CLOSE); 354 inet_bhash2_reset_saddr(sk); 355 ip_rt_put(rt); 356 sk->sk_route_caps = 0; 357 inet->inet_dport = 0; 358 return err; 359 } 360 EXPORT_SYMBOL(tcp_v4_connect); 361 362 /* 363 * This routine reacts to ICMP_FRAG_NEEDED mtu indications as defined in RFC1191. 364 * It can be called through tcp_release_cb() if socket was owned by user 365 * at the time tcp_v4_err() was called to handle ICMP message. 366 */ tcp_v4_mtu_reduced(struct sock * sk)367 void tcp_v4_mtu_reduced(struct sock *sk) 368 { 369 struct inet_sock *inet = inet_sk(sk); 370 struct dst_entry *dst; 371 u32 mtu; 372 373 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) 374 return; 375 mtu = READ_ONCE(tcp_sk(sk)->mtu_info); 376 dst = inet_csk_update_pmtu(sk, mtu); 377 if (!dst) 378 return; 379 380 /* Something is about to be wrong... Remember soft error 381 * for the case, if this connection will not able to recover. 382 */ 383 if (mtu < dst_mtu(dst) && ip_dont_fragment(sk, dst)) 384 WRITE_ONCE(sk->sk_err_soft, EMSGSIZE); 385 386 mtu = dst_mtu(dst); 387 388 if (inet->pmtudisc != IP_PMTUDISC_DONT && 389 ip_sk_accept_pmtu(sk) && 390 inet_csk(sk)->icsk_pmtu_cookie > mtu) { 391 tcp_sync_mss(sk, mtu); 392 393 /* Resend the TCP packet because it's 394 * clear that the old packet has been 395 * dropped. This is the new "fast" path mtu 396 * discovery. 397 */ 398 tcp_simple_retransmit(sk); 399 } /* else let the usual retransmit timer handle it */ 400 } 401 EXPORT_SYMBOL(tcp_v4_mtu_reduced); 402 do_redirect(struct sk_buff * skb,struct sock * sk)403 static void do_redirect(struct sk_buff *skb, struct sock *sk) 404 { 405 struct dst_entry *dst = __sk_dst_check(sk, 0); 406 407 if (dst) 408 dst->ops->redirect(dst, sk, skb); 409 } 410 411 412 /* handle ICMP messages on TCP_NEW_SYN_RECV request sockets */ tcp_req_err(struct sock * sk,u32 seq,bool abort)413 void tcp_req_err(struct sock *sk, u32 seq, bool abort) 414 { 415 struct request_sock *req = inet_reqsk(sk); 416 struct net *net = sock_net(sk); 417 418 /* ICMPs are not backlogged, hence we cannot get 419 * an established socket here. 420 */ 421 if (seq != tcp_rsk(req)->snt_isn) { 422 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS); 423 } else if (abort) { 424 /* 425 * Still in SYN_RECV, just remove it silently. 426 * There is no good way to pass the error to the newly 427 * created socket, and POSIX does not want network 428 * errors returned from accept(). 429 */ 430 inet_csk_reqsk_queue_drop(req->rsk_listener, req); 431 tcp_listendrop(req->rsk_listener); 432 } 433 reqsk_put(req); 434 } 435 EXPORT_SYMBOL(tcp_req_err); 436 437 /* TCP-LD (RFC 6069) logic */ tcp_ld_RTO_revert(struct sock * sk,u32 seq)438 void tcp_ld_RTO_revert(struct sock *sk, u32 seq) 439 { 440 struct inet_connection_sock *icsk = inet_csk(sk); 441 struct tcp_sock *tp = tcp_sk(sk); 442 struct sk_buff *skb; 443 s32 remaining; 444 u32 delta_us; 445 446 if (sock_owned_by_user(sk)) 447 return; 448 449 if (seq != tp->snd_una || !icsk->icsk_retransmits || 450 !icsk->icsk_backoff) 451 return; 452 453 skb = tcp_rtx_queue_head(sk); 454 if (WARN_ON_ONCE(!skb)) 455 return; 456 457 icsk->icsk_backoff--; 458 icsk->icsk_rto = tp->srtt_us ? __tcp_set_rto(tp) : TCP_TIMEOUT_INIT; 459 icsk->icsk_rto = inet_csk_rto_backoff(icsk, TCP_RTO_MAX); 460 461 tcp_mstamp_refresh(tp); 462 delta_us = (u32)(tp->tcp_mstamp - tcp_skb_timestamp_us(skb)); 463 remaining = icsk->icsk_rto - usecs_to_jiffies(delta_us); 464 465 if (remaining > 0) { 466 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, 467 remaining, TCP_RTO_MAX); 468 } else { 469 /* RTO revert clocked out retransmission. 470 * Will retransmit now. 471 */ 472 tcp_retransmit_timer(sk); 473 } 474 } 475 EXPORT_SYMBOL(tcp_ld_RTO_revert); 476 477 /* 478 * This routine is called by the ICMP module when it gets some 479 * sort of error condition. If err < 0 then the socket should 480 * be closed and the error returned to the user. If err > 0 481 * it's just the icmp type << 8 | icmp code. After adjustment 482 * header points to the first 8 bytes of the tcp header. We need 483 * to find the appropriate port. 484 * 485 * The locking strategy used here is very "optimistic". When 486 * someone else accesses the socket the ICMP is just dropped 487 * and for some paths there is no check at all. 488 * A more general error queue to queue errors for later handling 489 * is probably better. 490 * 491 */ 492 tcp_v4_err(struct sk_buff * skb,u32 info)493 int tcp_v4_err(struct sk_buff *skb, u32 info) 494 { 495 const struct iphdr *iph = (const struct iphdr *)skb->data; 496 struct tcphdr *th = (struct tcphdr *)(skb->data + (iph->ihl << 2)); 497 struct tcp_sock *tp; 498 const int type = icmp_hdr(skb)->type; 499 const int code = icmp_hdr(skb)->code; 500 struct sock *sk; 501 struct request_sock *fastopen; 502 u32 seq, snd_una; 503 int err; 504 struct net *net = dev_net(skb->dev); 505 506 sk = __inet_lookup_established(net, net->ipv4.tcp_death_row.hashinfo, 507 iph->daddr, th->dest, iph->saddr, 508 ntohs(th->source), inet_iif(skb), 0); 509 if (!sk) { 510 __ICMP_INC_STATS(net, ICMP_MIB_INERRORS); 511 return -ENOENT; 512 } 513 if (sk->sk_state == TCP_TIME_WAIT) { 514 /* To increase the counter of ignored icmps for TCP-AO */ 515 tcp_ao_ignore_icmp(sk, AF_INET, type, code); 516 inet_twsk_put(inet_twsk(sk)); 517 return 0; 518 } 519 seq = ntohl(th->seq); 520 if (sk->sk_state == TCP_NEW_SYN_RECV) { 521 tcp_req_err(sk, seq, type == ICMP_PARAMETERPROB || 522 type == ICMP_TIME_EXCEEDED || 523 (type == ICMP_DEST_UNREACH && 524 (code == ICMP_NET_UNREACH || 525 code == ICMP_HOST_UNREACH))); 526 return 0; 527 } 528 529 if (tcp_ao_ignore_icmp(sk, AF_INET, type, code)) { 530 sock_put(sk); 531 return 0; 532 } 533 534 bh_lock_sock(sk); 535 /* If too many ICMPs get dropped on busy 536 * servers this needs to be solved differently. 537 * We do take care of PMTU discovery (RFC1191) special case : 538 * we can receive locally generated ICMP messages while socket is held. 539 */ 540 if (sock_owned_by_user(sk)) { 541 if (!(type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED)) 542 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS); 543 } 544 if (sk->sk_state == TCP_CLOSE) 545 goto out; 546 547 if (static_branch_unlikely(&ip4_min_ttl)) { 548 /* min_ttl can be changed concurrently from do_ip_setsockopt() */ 549 if (unlikely(iph->ttl < READ_ONCE(inet_sk(sk)->min_ttl))) { 550 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP); 551 goto out; 552 } 553 } 554 555 tp = tcp_sk(sk); 556 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */ 557 fastopen = rcu_dereference(tp->fastopen_rsk); 558 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una; 559 if (sk->sk_state != TCP_LISTEN && 560 !between(seq, snd_una, tp->snd_nxt)) { 561 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS); 562 goto out; 563 } 564 565 switch (type) { 566 case ICMP_REDIRECT: 567 if (!sock_owned_by_user(sk)) 568 do_redirect(skb, sk); 569 goto out; 570 case ICMP_SOURCE_QUENCH: 571 /* Just silently ignore these. */ 572 goto out; 573 case ICMP_PARAMETERPROB: 574 err = EPROTO; 575 break; 576 case ICMP_DEST_UNREACH: 577 if (code > NR_ICMP_UNREACH) 578 goto out; 579 580 if (code == ICMP_FRAG_NEEDED) { /* PMTU discovery (RFC1191) */ 581 /* We are not interested in TCP_LISTEN and open_requests 582 * (SYN-ACKs send out by Linux are always <576bytes so 583 * they should go through unfragmented). 584 */ 585 if (sk->sk_state == TCP_LISTEN) 586 goto out; 587 588 WRITE_ONCE(tp->mtu_info, info); 589 if (!sock_owned_by_user(sk)) { 590 tcp_v4_mtu_reduced(sk); 591 } else { 592 if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED, &sk->sk_tsq_flags)) 593 sock_hold(sk); 594 } 595 goto out; 596 } 597 598 err = icmp_err_convert[code].errno; 599 /* check if this ICMP message allows revert of backoff. 600 * (see RFC 6069) 601 */ 602 if (!fastopen && 603 (code == ICMP_NET_UNREACH || code == ICMP_HOST_UNREACH)) 604 tcp_ld_RTO_revert(sk, seq); 605 break; 606 case ICMP_TIME_EXCEEDED: 607 err = EHOSTUNREACH; 608 break; 609 default: 610 goto out; 611 } 612 613 switch (sk->sk_state) { 614 case TCP_SYN_SENT: 615 case TCP_SYN_RECV: 616 /* Only in fast or simultaneous open. If a fast open socket is 617 * already accepted it is treated as a connected one below. 618 */ 619 if (fastopen && !fastopen->sk) 620 break; 621 622 ip_icmp_error(sk, skb, err, th->dest, info, (u8 *)th); 623 624 if (!sock_owned_by_user(sk)) 625 tcp_done_with_error(sk, err); 626 else 627 WRITE_ONCE(sk->sk_err_soft, err); 628 goto out; 629 } 630 631 /* If we've already connected we will keep trying 632 * until we time out, or the user gives up. 633 * 634 * rfc1122 4.2.3.9 allows to consider as hard errors 635 * only PROTO_UNREACH and PORT_UNREACH (well, FRAG_FAILED too, 636 * but it is obsoleted by pmtu discovery). 637 * 638 * Note, that in modern internet, where routing is unreliable 639 * and in each dark corner broken firewalls sit, sending random 640 * errors ordered by their masters even this two messages finally lose 641 * their original sense (even Linux sends invalid PORT_UNREACHs) 642 * 643 * Now we are in compliance with RFCs. 644 * --ANK (980905) 645 */ 646 647 if (!sock_owned_by_user(sk) && 648 inet_test_bit(RECVERR, sk)) { 649 WRITE_ONCE(sk->sk_err, err); 650 sk_error_report(sk); 651 } else { /* Only an error on timeout */ 652 WRITE_ONCE(sk->sk_err_soft, err); 653 } 654 655 out: 656 bh_unlock_sock(sk); 657 sock_put(sk); 658 return 0; 659 } 660 __tcp_v4_send_check(struct sk_buff * skb,__be32 saddr,__be32 daddr)661 void __tcp_v4_send_check(struct sk_buff *skb, __be32 saddr, __be32 daddr) 662 { 663 struct tcphdr *th = tcp_hdr(skb); 664 665 th->check = ~tcp_v4_check(skb->len, saddr, daddr, 0); 666 skb->csum_start = skb_transport_header(skb) - skb->head; 667 skb->csum_offset = offsetof(struct tcphdr, check); 668 } 669 670 /* This routine computes an IPv4 TCP checksum. */ tcp_v4_send_check(struct sock * sk,struct sk_buff * skb)671 void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb) 672 { 673 const struct inet_sock *inet = inet_sk(sk); 674 675 __tcp_v4_send_check(skb, inet->inet_saddr, inet->inet_daddr); 676 } 677 EXPORT_SYMBOL(tcp_v4_send_check); 678 679 #define REPLY_OPTIONS_LEN (MAX_TCP_OPTION_SPACE / sizeof(__be32)) 680 tcp_v4_ao_sign_reset(const struct sock * sk,struct sk_buff * skb,const struct tcp_ao_hdr * aoh,struct ip_reply_arg * arg,struct tcphdr * reply,__be32 reply_options[REPLY_OPTIONS_LEN])681 static bool tcp_v4_ao_sign_reset(const struct sock *sk, struct sk_buff *skb, 682 const struct tcp_ao_hdr *aoh, 683 struct ip_reply_arg *arg, struct tcphdr *reply, 684 __be32 reply_options[REPLY_OPTIONS_LEN]) 685 { 686 #ifdef CONFIG_TCP_AO 687 int sdif = tcp_v4_sdif(skb); 688 int dif = inet_iif(skb); 689 int l3index = sdif ? dif : 0; 690 bool allocated_traffic_key; 691 struct tcp_ao_key *key; 692 char *traffic_key; 693 bool drop = true; 694 u32 ao_sne = 0; 695 u8 keyid; 696 697 rcu_read_lock(); 698 if (tcp_ao_prepare_reset(sk, skb, aoh, l3index, ntohl(reply->seq), 699 &key, &traffic_key, &allocated_traffic_key, 700 &keyid, &ao_sne)) 701 goto out; 702 703 reply_options[0] = htonl((TCPOPT_AO << 24) | (tcp_ao_len(key) << 16) | 704 (aoh->rnext_keyid << 8) | keyid); 705 arg->iov[0].iov_len += tcp_ao_len_aligned(key); 706 reply->doff = arg->iov[0].iov_len / 4; 707 708 if (tcp_ao_hash_hdr(AF_INET, (char *)&reply_options[1], 709 key, traffic_key, 710 (union tcp_ao_addr *)&ip_hdr(skb)->saddr, 711 (union tcp_ao_addr *)&ip_hdr(skb)->daddr, 712 reply, ao_sne)) 713 goto out; 714 drop = false; 715 out: 716 rcu_read_unlock(); 717 if (allocated_traffic_key) 718 kfree(traffic_key); 719 return drop; 720 #else 721 return true; 722 #endif 723 } 724 725 /* 726 * This routine will send an RST to the other tcp. 727 * 728 * Someone asks: why I NEVER use socket parameters (TOS, TTL etc.) 729 * for reset. 730 * Answer: if a packet caused RST, it is not for a socket 731 * existing in our system, if it is matched to a socket, 732 * it is just duplicate segment or bug in other side's TCP. 733 * So that we build reply only basing on parameters 734 * arrived with segment. 735 * Exception: precedence violation. We do not implement it in any case. 736 */ 737 tcp_v4_send_reset(const struct sock * sk,struct sk_buff * skb,enum sk_rst_reason reason)738 static void tcp_v4_send_reset(const struct sock *sk, struct sk_buff *skb, 739 enum sk_rst_reason reason) 740 { 741 const struct tcphdr *th = tcp_hdr(skb); 742 struct { 743 struct tcphdr th; 744 __be32 opt[REPLY_OPTIONS_LEN]; 745 } rep; 746 const __u8 *md5_hash_location = NULL; 747 const struct tcp_ao_hdr *aoh; 748 struct ip_reply_arg arg; 749 #ifdef CONFIG_TCP_MD5SIG 750 struct tcp_md5sig_key *key = NULL; 751 unsigned char newhash[16]; 752 struct sock *sk1 = NULL; 753 int genhash; 754 #endif 755 u64 transmit_time = 0; 756 struct sock *ctl_sk; 757 struct net *net; 758 u32 txhash = 0; 759 760 /* Never send a reset in response to a reset. */ 761 if (th->rst) 762 return; 763 764 /* If sk not NULL, it means we did a successful lookup and incoming 765 * route had to be correct. prequeue might have dropped our dst. 766 */ 767 if (!sk && skb_rtable(skb)->rt_type != RTN_LOCAL) 768 return; 769 770 /* Swap the send and the receive. */ 771 memset(&rep, 0, sizeof(rep)); 772 rep.th.dest = th->source; 773 rep.th.source = th->dest; 774 rep.th.doff = sizeof(struct tcphdr) / 4; 775 rep.th.rst = 1; 776 777 if (th->ack) { 778 rep.th.seq = th->ack_seq; 779 } else { 780 rep.th.ack = 1; 781 rep.th.ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin + 782 skb->len - (th->doff << 2)); 783 } 784 785 memset(&arg, 0, sizeof(arg)); 786 arg.iov[0].iov_base = (unsigned char *)&rep; 787 arg.iov[0].iov_len = sizeof(rep.th); 788 789 net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev); 790 791 /* Invalid TCP option size or twice included auth */ 792 if (tcp_parse_auth_options(tcp_hdr(skb), &md5_hash_location, &aoh)) 793 return; 794 795 if (aoh && tcp_v4_ao_sign_reset(sk, skb, aoh, &arg, &rep.th, rep.opt)) 796 return; 797 798 #ifdef CONFIG_TCP_MD5SIG 799 rcu_read_lock(); 800 if (sk && sk_fullsock(sk)) { 801 const union tcp_md5_addr *addr; 802 int l3index; 803 804 /* sdif set, means packet ingressed via a device 805 * in an L3 domain and inet_iif is set to it. 806 */ 807 l3index = tcp_v4_sdif(skb) ? inet_iif(skb) : 0; 808 addr = (union tcp_md5_addr *)&ip_hdr(skb)->saddr; 809 key = tcp_md5_do_lookup(sk, l3index, addr, AF_INET); 810 } else if (md5_hash_location) { 811 const union tcp_md5_addr *addr; 812 int sdif = tcp_v4_sdif(skb); 813 int dif = inet_iif(skb); 814 int l3index; 815 816 /* 817 * active side is lost. Try to find listening socket through 818 * source port, and then find md5 key through listening socket. 819 * we are not loose security here: 820 * Incoming packet is checked with md5 hash with finding key, 821 * no RST generated if md5 hash doesn't match. 822 */ 823 sk1 = __inet_lookup_listener(net, net->ipv4.tcp_death_row.hashinfo, 824 NULL, 0, ip_hdr(skb)->saddr, 825 th->source, ip_hdr(skb)->daddr, 826 ntohs(th->source), dif, sdif); 827 /* don't send rst if it can't find key */ 828 if (!sk1) 829 goto out; 830 831 /* sdif set, means packet ingressed via a device 832 * in an L3 domain and dif is set to it. 833 */ 834 l3index = sdif ? dif : 0; 835 addr = (union tcp_md5_addr *)&ip_hdr(skb)->saddr; 836 key = tcp_md5_do_lookup(sk1, l3index, addr, AF_INET); 837 if (!key) 838 goto out; 839 840 841 genhash = tcp_v4_md5_hash_skb(newhash, key, NULL, skb); 842 if (genhash || memcmp(md5_hash_location, newhash, 16) != 0) 843 goto out; 844 845 } 846 847 if (key) { 848 rep.opt[0] = htonl((TCPOPT_NOP << 24) | 849 (TCPOPT_NOP << 16) | 850 (TCPOPT_MD5SIG << 8) | 851 TCPOLEN_MD5SIG); 852 /* Update length and the length the header thinks exists */ 853 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED; 854 rep.th.doff = arg.iov[0].iov_len / 4; 855 856 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[1], 857 key, ip_hdr(skb)->saddr, 858 ip_hdr(skb)->daddr, &rep.th); 859 } 860 #endif 861 /* Can't co-exist with TCPMD5, hence check rep.opt[0] */ 862 if (rep.opt[0] == 0) { 863 __be32 mrst = mptcp_reset_option(skb); 864 865 if (mrst) { 866 rep.opt[0] = mrst; 867 arg.iov[0].iov_len += sizeof(mrst); 868 rep.th.doff = arg.iov[0].iov_len / 4; 869 } 870 } 871 872 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr, 873 ip_hdr(skb)->saddr, /* XXX */ 874 arg.iov[0].iov_len, IPPROTO_TCP, 0); 875 arg.csumoffset = offsetof(struct tcphdr, check) / 2; 876 arg.flags = (sk && inet_sk_transparent(sk)) ? IP_REPLY_ARG_NOSRCCHECK : 0; 877 878 /* When socket is gone, all binding information is lost. 879 * routing might fail in this case. No choice here, if we choose to force 880 * input interface, we will misroute in case of asymmetric route. 881 */ 882 if (sk) 883 arg.bound_dev_if = sk->sk_bound_dev_if; 884 885 trace_tcp_send_reset(sk, skb, reason); 886 887 BUILD_BUG_ON(offsetof(struct sock, sk_bound_dev_if) != 888 offsetof(struct inet_timewait_sock, tw_bound_dev_if)); 889 890 arg.tos = ip_hdr(skb)->tos; 891 arg.uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL); 892 local_bh_disable(); 893 local_lock_nested_bh(&ipv4_tcp_sk.bh_lock); 894 ctl_sk = this_cpu_read(ipv4_tcp_sk.sock); 895 896 sock_net_set(ctl_sk, net); 897 if (sk) { 898 ctl_sk->sk_mark = (sk->sk_state == TCP_TIME_WAIT) ? 899 inet_twsk(sk)->tw_mark : sk->sk_mark; 900 ctl_sk->sk_priority = (sk->sk_state == TCP_TIME_WAIT) ? 901 inet_twsk(sk)->tw_priority : READ_ONCE(sk->sk_priority); 902 transmit_time = tcp_transmit_time(sk); 903 xfrm_sk_clone_policy(ctl_sk, sk); 904 txhash = (sk->sk_state == TCP_TIME_WAIT) ? 905 inet_twsk(sk)->tw_txhash : sk->sk_txhash; 906 } else { 907 ctl_sk->sk_mark = 0; 908 ctl_sk->sk_priority = 0; 909 } 910 ip_send_unicast_reply(ctl_sk, 911 skb, &TCP_SKB_CB(skb)->header.h4.opt, 912 ip_hdr(skb)->saddr, ip_hdr(skb)->daddr, 913 &arg, arg.iov[0].iov_len, 914 transmit_time, txhash); 915 916 xfrm_sk_free_policy(ctl_sk); 917 sock_net_set(ctl_sk, &init_net); 918 __TCP_INC_STATS(net, TCP_MIB_OUTSEGS); 919 __TCP_INC_STATS(net, TCP_MIB_OUTRSTS); 920 local_unlock_nested_bh(&ipv4_tcp_sk.bh_lock); 921 local_bh_enable(); 922 923 #ifdef CONFIG_TCP_MD5SIG 924 out: 925 rcu_read_unlock(); 926 #endif 927 } 928 929 /* The code following below sending ACKs in SYN-RECV and TIME-WAIT states 930 outside socket context is ugly, certainly. What can I do? 931 */ 932 tcp_v4_send_ack(const struct sock * sk,struct sk_buff * skb,u32 seq,u32 ack,u32 win,u32 tsval,u32 tsecr,int oif,struct tcp_key * key,int reply_flags,u8 tos,u32 txhash)933 static void tcp_v4_send_ack(const struct sock *sk, 934 struct sk_buff *skb, u32 seq, u32 ack, 935 u32 win, u32 tsval, u32 tsecr, int oif, 936 struct tcp_key *key, 937 int reply_flags, u8 tos, u32 txhash) 938 { 939 const struct tcphdr *th = tcp_hdr(skb); 940 struct { 941 struct tcphdr th; 942 __be32 opt[(MAX_TCP_OPTION_SPACE >> 2)]; 943 } rep; 944 struct net *net = sock_net(sk); 945 struct ip_reply_arg arg; 946 struct sock *ctl_sk; 947 u64 transmit_time; 948 949 memset(&rep.th, 0, sizeof(struct tcphdr)); 950 memset(&arg, 0, sizeof(arg)); 951 952 arg.iov[0].iov_base = (unsigned char *)&rep; 953 arg.iov[0].iov_len = sizeof(rep.th); 954 if (tsecr) { 955 rep.opt[0] = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 956 (TCPOPT_TIMESTAMP << 8) | 957 TCPOLEN_TIMESTAMP); 958 rep.opt[1] = htonl(tsval); 959 rep.opt[2] = htonl(tsecr); 960 arg.iov[0].iov_len += TCPOLEN_TSTAMP_ALIGNED; 961 } 962 963 /* Swap the send and the receive. */ 964 rep.th.dest = th->source; 965 rep.th.source = th->dest; 966 rep.th.doff = arg.iov[0].iov_len / 4; 967 rep.th.seq = htonl(seq); 968 rep.th.ack_seq = htonl(ack); 969 rep.th.ack = 1; 970 rep.th.window = htons(win); 971 972 #ifdef CONFIG_TCP_MD5SIG 973 if (tcp_key_is_md5(key)) { 974 int offset = (tsecr) ? 3 : 0; 975 976 rep.opt[offset++] = htonl((TCPOPT_NOP << 24) | 977 (TCPOPT_NOP << 16) | 978 (TCPOPT_MD5SIG << 8) | 979 TCPOLEN_MD5SIG); 980 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED; 981 rep.th.doff = arg.iov[0].iov_len/4; 982 983 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[offset], 984 key->md5_key, ip_hdr(skb)->saddr, 985 ip_hdr(skb)->daddr, &rep.th); 986 } 987 #endif 988 #ifdef CONFIG_TCP_AO 989 if (tcp_key_is_ao(key)) { 990 int offset = (tsecr) ? 3 : 0; 991 992 rep.opt[offset++] = htonl((TCPOPT_AO << 24) | 993 (tcp_ao_len(key->ao_key) << 16) | 994 (key->ao_key->sndid << 8) | 995 key->rcv_next); 996 arg.iov[0].iov_len += tcp_ao_len_aligned(key->ao_key); 997 rep.th.doff = arg.iov[0].iov_len / 4; 998 999 tcp_ao_hash_hdr(AF_INET, (char *)&rep.opt[offset], 1000 key->ao_key, key->traffic_key, 1001 (union tcp_ao_addr *)&ip_hdr(skb)->saddr, 1002 (union tcp_ao_addr *)&ip_hdr(skb)->daddr, 1003 &rep.th, key->sne); 1004 } 1005 #endif 1006 arg.flags = reply_flags; 1007 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr, 1008 ip_hdr(skb)->saddr, /* XXX */ 1009 arg.iov[0].iov_len, IPPROTO_TCP, 0); 1010 arg.csumoffset = offsetof(struct tcphdr, check) / 2; 1011 if (oif) 1012 arg.bound_dev_if = oif; 1013 arg.tos = tos; 1014 arg.uid = sock_net_uid(net, sk_fullsock(sk) ? sk : NULL); 1015 local_bh_disable(); 1016 local_lock_nested_bh(&ipv4_tcp_sk.bh_lock); 1017 ctl_sk = this_cpu_read(ipv4_tcp_sk.sock); 1018 sock_net_set(ctl_sk, net); 1019 ctl_sk->sk_mark = (sk->sk_state == TCP_TIME_WAIT) ? 1020 inet_twsk(sk)->tw_mark : READ_ONCE(sk->sk_mark); 1021 ctl_sk->sk_priority = (sk->sk_state == TCP_TIME_WAIT) ? 1022 inet_twsk(sk)->tw_priority : READ_ONCE(sk->sk_priority); 1023 transmit_time = tcp_transmit_time(sk); 1024 ip_send_unicast_reply(ctl_sk, 1025 skb, &TCP_SKB_CB(skb)->header.h4.opt, 1026 ip_hdr(skb)->saddr, ip_hdr(skb)->daddr, 1027 &arg, arg.iov[0].iov_len, 1028 transmit_time, txhash); 1029 1030 sock_net_set(ctl_sk, &init_net); 1031 __TCP_INC_STATS(net, TCP_MIB_OUTSEGS); 1032 local_unlock_nested_bh(&ipv4_tcp_sk.bh_lock); 1033 local_bh_enable(); 1034 } 1035 tcp_v4_timewait_ack(struct sock * sk,struct sk_buff * skb)1036 static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb) 1037 { 1038 struct inet_timewait_sock *tw = inet_twsk(sk); 1039 struct tcp_timewait_sock *tcptw = tcp_twsk(sk); 1040 struct tcp_key key = {}; 1041 #ifdef CONFIG_TCP_AO 1042 struct tcp_ao_info *ao_info; 1043 1044 if (static_branch_unlikely(&tcp_ao_needed.key)) { 1045 /* FIXME: the segment to-be-acked is not verified yet */ 1046 ao_info = rcu_dereference(tcptw->ao_info); 1047 if (ao_info) { 1048 const struct tcp_ao_hdr *aoh; 1049 1050 if (tcp_parse_auth_options(tcp_hdr(skb), NULL, &aoh)) { 1051 inet_twsk_put(tw); 1052 return; 1053 } 1054 1055 if (aoh) 1056 key.ao_key = tcp_ao_established_key(ao_info, aoh->rnext_keyid, -1); 1057 } 1058 } 1059 if (key.ao_key) { 1060 struct tcp_ao_key *rnext_key; 1061 1062 key.traffic_key = snd_other_key(key.ao_key); 1063 key.sne = READ_ONCE(ao_info->snd_sne); 1064 rnext_key = READ_ONCE(ao_info->rnext_key); 1065 key.rcv_next = rnext_key->rcvid; 1066 key.type = TCP_KEY_AO; 1067 #else 1068 if (0) { 1069 #endif 1070 } else if (static_branch_tcp_md5()) { 1071 key.md5_key = tcp_twsk_md5_key(tcptw); 1072 if (key.md5_key) 1073 key.type = TCP_KEY_MD5; 1074 } 1075 1076 tcp_v4_send_ack(sk, skb, 1077 tcptw->tw_snd_nxt, READ_ONCE(tcptw->tw_rcv_nxt), 1078 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale, 1079 tcp_tw_tsval(tcptw), 1080 READ_ONCE(tcptw->tw_ts_recent), 1081 tw->tw_bound_dev_if, &key, 1082 tw->tw_transparent ? IP_REPLY_ARG_NOSRCCHECK : 0, 1083 tw->tw_tos, 1084 tw->tw_txhash); 1085 1086 inet_twsk_put(tw); 1087 } 1088 1089 static void tcp_v4_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb, 1090 struct request_sock *req) 1091 { 1092 struct tcp_key key = {}; 1093 1094 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV 1095 * sk->sk_state == TCP_SYN_RECV -> for Fast Open. 1096 */ 1097 u32 seq = (sk->sk_state == TCP_LISTEN) ? tcp_rsk(req)->snt_isn + 1 : 1098 tcp_sk(sk)->snd_nxt; 1099 1100 #ifdef CONFIG_TCP_AO 1101 if (static_branch_unlikely(&tcp_ao_needed.key) && 1102 tcp_rsk_used_ao(req)) { 1103 const union tcp_md5_addr *addr; 1104 const struct tcp_ao_hdr *aoh; 1105 int l3index; 1106 1107 /* Invalid TCP option size or twice included auth */ 1108 if (tcp_parse_auth_options(tcp_hdr(skb), NULL, &aoh)) 1109 return; 1110 if (!aoh) 1111 return; 1112 1113 addr = (union tcp_md5_addr *)&ip_hdr(skb)->saddr; 1114 l3index = tcp_v4_sdif(skb) ? inet_iif(skb) : 0; 1115 key.ao_key = tcp_ao_do_lookup(sk, l3index, addr, AF_INET, 1116 aoh->rnext_keyid, -1); 1117 if (unlikely(!key.ao_key)) { 1118 /* Send ACK with any matching MKT for the peer */ 1119 key.ao_key = tcp_ao_do_lookup(sk, l3index, addr, AF_INET, -1, -1); 1120 /* Matching key disappeared (user removed the key?) 1121 * let the handshake timeout. 1122 */ 1123 if (!key.ao_key) { 1124 net_info_ratelimited("TCP-AO key for (%pI4, %d)->(%pI4, %d) suddenly disappeared, won't ACK new connection\n", 1125 addr, 1126 ntohs(tcp_hdr(skb)->source), 1127 &ip_hdr(skb)->daddr, 1128 ntohs(tcp_hdr(skb)->dest)); 1129 return; 1130 } 1131 } 1132 key.traffic_key = kmalloc(tcp_ao_digest_size(key.ao_key), GFP_ATOMIC); 1133 if (!key.traffic_key) 1134 return; 1135 1136 key.type = TCP_KEY_AO; 1137 key.rcv_next = aoh->keyid; 1138 tcp_v4_ao_calc_key_rsk(key.ao_key, key.traffic_key, req); 1139 #else 1140 if (0) { 1141 #endif 1142 } else if (static_branch_tcp_md5()) { 1143 const union tcp_md5_addr *addr; 1144 int l3index; 1145 1146 addr = (union tcp_md5_addr *)&ip_hdr(skb)->saddr; 1147 l3index = tcp_v4_sdif(skb) ? inet_iif(skb) : 0; 1148 key.md5_key = tcp_md5_do_lookup(sk, l3index, addr, AF_INET); 1149 if (key.md5_key) 1150 key.type = TCP_KEY_MD5; 1151 } 1152 1153 tcp_v4_send_ack(sk, skb, seq, 1154 tcp_rsk(req)->rcv_nxt, 1155 tcp_synack_window(req) >> inet_rsk(req)->rcv_wscale, 1156 tcp_rsk_tsval(tcp_rsk(req)), 1157 READ_ONCE(req->ts_recent), 1158 0, &key, 1159 inet_rsk(req)->no_srccheck ? IP_REPLY_ARG_NOSRCCHECK : 0, 1160 ip_hdr(skb)->tos, 1161 READ_ONCE(tcp_rsk(req)->txhash)); 1162 if (tcp_key_is_ao(&key)) 1163 kfree(key.traffic_key); 1164 } 1165 1166 /* 1167 * Send a SYN-ACK after having received a SYN. 1168 * This still operates on a request_sock only, not on a big 1169 * socket. 1170 */ 1171 static int tcp_v4_send_synack(const struct sock *sk, struct dst_entry *dst, 1172 struct flowi *fl, 1173 struct request_sock *req, 1174 struct tcp_fastopen_cookie *foc, 1175 enum tcp_synack_type synack_type, 1176 struct sk_buff *syn_skb) 1177 { 1178 const struct inet_request_sock *ireq = inet_rsk(req); 1179 struct flowi4 fl4; 1180 int err = -1; 1181 struct sk_buff *skb; 1182 u8 tos; 1183 1184 /* First, grab a route. */ 1185 if (!dst && (dst = inet_csk_route_req(sk, &fl4, req)) == NULL) 1186 return -1; 1187 1188 skb = tcp_make_synack(sk, dst, req, foc, synack_type, syn_skb); 1189 1190 if (skb) { 1191 __tcp_v4_send_check(skb, ireq->ir_loc_addr, ireq->ir_rmt_addr); 1192 1193 tos = READ_ONCE(inet_sk(sk)->tos); 1194 1195 if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_reflect_tos)) 1196 tos = (tcp_rsk(req)->syn_tos & ~INET_ECN_MASK) | 1197 (tos & INET_ECN_MASK); 1198 1199 if (!INET_ECN_is_capable(tos) && 1200 tcp_bpf_ca_needs_ecn((struct sock *)req)) 1201 tos |= INET_ECN_ECT_0; 1202 1203 rcu_read_lock(); 1204 err = ip_build_and_send_pkt(skb, sk, ireq->ir_loc_addr, 1205 ireq->ir_rmt_addr, 1206 rcu_dereference(ireq->ireq_opt), 1207 tos); 1208 rcu_read_unlock(); 1209 err = net_xmit_eval(err); 1210 } 1211 1212 return err; 1213 } 1214 1215 /* 1216 * IPv4 request_sock destructor. 1217 */ 1218 static void tcp_v4_reqsk_destructor(struct request_sock *req) 1219 { 1220 kfree(rcu_dereference_protected(inet_rsk(req)->ireq_opt, 1)); 1221 } 1222 1223 #ifdef CONFIG_TCP_MD5SIG 1224 /* 1225 * RFC2385 MD5 checksumming requires a mapping of 1226 * IP address->MD5 Key. 1227 * We need to maintain these in the sk structure. 1228 */ 1229 1230 DEFINE_STATIC_KEY_DEFERRED_FALSE(tcp_md5_needed, HZ); 1231 EXPORT_SYMBOL(tcp_md5_needed); 1232 1233 static bool better_md5_match(struct tcp_md5sig_key *old, struct tcp_md5sig_key *new) 1234 { 1235 if (!old) 1236 return true; 1237 1238 /* l3index always overrides non-l3index */ 1239 if (old->l3index && new->l3index == 0) 1240 return false; 1241 if (old->l3index == 0 && new->l3index) 1242 return true; 1243 1244 return old->prefixlen < new->prefixlen; 1245 } 1246 1247 /* Find the Key structure for an address. */ 1248 struct tcp_md5sig_key *__tcp_md5_do_lookup(const struct sock *sk, int l3index, 1249 const union tcp_md5_addr *addr, 1250 int family, bool any_l3index) 1251 { 1252 const struct tcp_sock *tp = tcp_sk(sk); 1253 struct tcp_md5sig_key *key; 1254 const struct tcp_md5sig_info *md5sig; 1255 __be32 mask; 1256 struct tcp_md5sig_key *best_match = NULL; 1257 bool match; 1258 1259 /* caller either holds rcu_read_lock() or socket lock */ 1260 md5sig = rcu_dereference_check(tp->md5sig_info, 1261 lockdep_sock_is_held(sk)); 1262 if (!md5sig) 1263 return NULL; 1264 1265 hlist_for_each_entry_rcu(key, &md5sig->head, node, 1266 lockdep_sock_is_held(sk)) { 1267 if (key->family != family) 1268 continue; 1269 if (!any_l3index && key->flags & TCP_MD5SIG_FLAG_IFINDEX && 1270 key->l3index != l3index) 1271 continue; 1272 if (family == AF_INET) { 1273 mask = inet_make_mask(key->prefixlen); 1274 match = (key->addr.a4.s_addr & mask) == 1275 (addr->a4.s_addr & mask); 1276 #if IS_ENABLED(CONFIG_IPV6) 1277 } else if (family == AF_INET6) { 1278 match = ipv6_prefix_equal(&key->addr.a6, &addr->a6, 1279 key->prefixlen); 1280 #endif 1281 } else { 1282 match = false; 1283 } 1284 1285 if (match && better_md5_match(best_match, key)) 1286 best_match = key; 1287 } 1288 return best_match; 1289 } 1290 EXPORT_SYMBOL(__tcp_md5_do_lookup); 1291 1292 static struct tcp_md5sig_key *tcp_md5_do_lookup_exact(const struct sock *sk, 1293 const union tcp_md5_addr *addr, 1294 int family, u8 prefixlen, 1295 int l3index, u8 flags) 1296 { 1297 const struct tcp_sock *tp = tcp_sk(sk); 1298 struct tcp_md5sig_key *key; 1299 unsigned int size = sizeof(struct in_addr); 1300 const struct tcp_md5sig_info *md5sig; 1301 1302 /* caller either holds rcu_read_lock() or socket lock */ 1303 md5sig = rcu_dereference_check(tp->md5sig_info, 1304 lockdep_sock_is_held(sk)); 1305 if (!md5sig) 1306 return NULL; 1307 #if IS_ENABLED(CONFIG_IPV6) 1308 if (family == AF_INET6) 1309 size = sizeof(struct in6_addr); 1310 #endif 1311 hlist_for_each_entry_rcu(key, &md5sig->head, node, 1312 lockdep_sock_is_held(sk)) { 1313 if (key->family != family) 1314 continue; 1315 if ((key->flags & TCP_MD5SIG_FLAG_IFINDEX) != (flags & TCP_MD5SIG_FLAG_IFINDEX)) 1316 continue; 1317 if (key->l3index != l3index) 1318 continue; 1319 if (!memcmp(&key->addr, addr, size) && 1320 key->prefixlen == prefixlen) 1321 return key; 1322 } 1323 return NULL; 1324 } 1325 1326 struct tcp_md5sig_key *tcp_v4_md5_lookup(const struct sock *sk, 1327 const struct sock *addr_sk) 1328 { 1329 const union tcp_md5_addr *addr; 1330 int l3index; 1331 1332 l3index = l3mdev_master_ifindex_by_index(sock_net(sk), 1333 addr_sk->sk_bound_dev_if); 1334 addr = (const union tcp_md5_addr *)&addr_sk->sk_daddr; 1335 return tcp_md5_do_lookup(sk, l3index, addr, AF_INET); 1336 } 1337 EXPORT_SYMBOL(tcp_v4_md5_lookup); 1338 1339 static int tcp_md5sig_info_add(struct sock *sk, gfp_t gfp) 1340 { 1341 struct tcp_sock *tp = tcp_sk(sk); 1342 struct tcp_md5sig_info *md5sig; 1343 1344 md5sig = kmalloc(sizeof(*md5sig), gfp); 1345 if (!md5sig) 1346 return -ENOMEM; 1347 1348 sk_gso_disable(sk); 1349 INIT_HLIST_HEAD(&md5sig->head); 1350 rcu_assign_pointer(tp->md5sig_info, md5sig); 1351 return 0; 1352 } 1353 1354 /* This can be called on a newly created socket, from other files */ 1355 static int __tcp_md5_do_add(struct sock *sk, const union tcp_md5_addr *addr, 1356 int family, u8 prefixlen, int l3index, u8 flags, 1357 const u8 *newkey, u8 newkeylen, gfp_t gfp) 1358 { 1359 /* Add Key to the list */ 1360 struct tcp_md5sig_key *key; 1361 struct tcp_sock *tp = tcp_sk(sk); 1362 struct tcp_md5sig_info *md5sig; 1363 1364 key = tcp_md5_do_lookup_exact(sk, addr, family, prefixlen, l3index, flags); 1365 if (key) { 1366 /* Pre-existing entry - just update that one. 1367 * Note that the key might be used concurrently. 1368 * data_race() is telling kcsan that we do not care of 1369 * key mismatches, since changing MD5 key on live flows 1370 * can lead to packet drops. 1371 */ 1372 data_race(memcpy(key->key, newkey, newkeylen)); 1373 1374 /* Pairs with READ_ONCE() in tcp_md5_hash_key(). 1375 * Also note that a reader could catch new key->keylen value 1376 * but old key->key[], this is the reason we use __GFP_ZERO 1377 * at sock_kmalloc() time below these lines. 1378 */ 1379 WRITE_ONCE(key->keylen, newkeylen); 1380 1381 return 0; 1382 } 1383 1384 md5sig = rcu_dereference_protected(tp->md5sig_info, 1385 lockdep_sock_is_held(sk)); 1386 1387 key = sock_kmalloc(sk, sizeof(*key), gfp | __GFP_ZERO); 1388 if (!key) 1389 return -ENOMEM; 1390 1391 memcpy(key->key, newkey, newkeylen); 1392 key->keylen = newkeylen; 1393 key->family = family; 1394 key->prefixlen = prefixlen; 1395 key->l3index = l3index; 1396 key->flags = flags; 1397 memcpy(&key->addr, addr, 1398 (IS_ENABLED(CONFIG_IPV6) && family == AF_INET6) ? sizeof(struct in6_addr) : 1399 sizeof(struct in_addr)); 1400 hlist_add_head_rcu(&key->node, &md5sig->head); 1401 return 0; 1402 } 1403 1404 int tcp_md5_do_add(struct sock *sk, const union tcp_md5_addr *addr, 1405 int family, u8 prefixlen, int l3index, u8 flags, 1406 const u8 *newkey, u8 newkeylen) 1407 { 1408 struct tcp_sock *tp = tcp_sk(sk); 1409 1410 if (!rcu_dereference_protected(tp->md5sig_info, lockdep_sock_is_held(sk))) { 1411 if (tcp_md5_alloc_sigpool()) 1412 return -ENOMEM; 1413 1414 if (tcp_md5sig_info_add(sk, GFP_KERNEL)) { 1415 tcp_md5_release_sigpool(); 1416 return -ENOMEM; 1417 } 1418 1419 if (!static_branch_inc(&tcp_md5_needed.key)) { 1420 struct tcp_md5sig_info *md5sig; 1421 1422 md5sig = rcu_dereference_protected(tp->md5sig_info, lockdep_sock_is_held(sk)); 1423 rcu_assign_pointer(tp->md5sig_info, NULL); 1424 kfree_rcu(md5sig, rcu); 1425 tcp_md5_release_sigpool(); 1426 return -EUSERS; 1427 } 1428 } 1429 1430 return __tcp_md5_do_add(sk, addr, family, prefixlen, l3index, flags, 1431 newkey, newkeylen, GFP_KERNEL); 1432 } 1433 EXPORT_SYMBOL(tcp_md5_do_add); 1434 1435 int tcp_md5_key_copy(struct sock *sk, const union tcp_md5_addr *addr, 1436 int family, u8 prefixlen, int l3index, 1437 struct tcp_md5sig_key *key) 1438 { 1439 struct tcp_sock *tp = tcp_sk(sk); 1440 1441 if (!rcu_dereference_protected(tp->md5sig_info, lockdep_sock_is_held(sk))) { 1442 tcp_md5_add_sigpool(); 1443 1444 if (tcp_md5sig_info_add(sk, sk_gfp_mask(sk, GFP_ATOMIC))) { 1445 tcp_md5_release_sigpool(); 1446 return -ENOMEM; 1447 } 1448 1449 if (!static_key_fast_inc_not_disabled(&tcp_md5_needed.key.key)) { 1450 struct tcp_md5sig_info *md5sig; 1451 1452 md5sig = rcu_dereference_protected(tp->md5sig_info, lockdep_sock_is_held(sk)); 1453 net_warn_ratelimited("Too many TCP-MD5 keys in the system\n"); 1454 rcu_assign_pointer(tp->md5sig_info, NULL); 1455 kfree_rcu(md5sig, rcu); 1456 tcp_md5_release_sigpool(); 1457 return -EUSERS; 1458 } 1459 } 1460 1461 return __tcp_md5_do_add(sk, addr, family, prefixlen, l3index, 1462 key->flags, key->key, key->keylen, 1463 sk_gfp_mask(sk, GFP_ATOMIC)); 1464 } 1465 EXPORT_SYMBOL(tcp_md5_key_copy); 1466 1467 int tcp_md5_do_del(struct sock *sk, const union tcp_md5_addr *addr, int family, 1468 u8 prefixlen, int l3index, u8 flags) 1469 { 1470 struct tcp_md5sig_key *key; 1471 1472 key = tcp_md5_do_lookup_exact(sk, addr, family, prefixlen, l3index, flags); 1473 if (!key) 1474 return -ENOENT; 1475 hlist_del_rcu(&key->node); 1476 atomic_sub(sizeof(*key), &sk->sk_omem_alloc); 1477 kfree_rcu(key, rcu); 1478 return 0; 1479 } 1480 EXPORT_SYMBOL(tcp_md5_do_del); 1481 1482 void tcp_clear_md5_list(struct sock *sk) 1483 { 1484 struct tcp_sock *tp = tcp_sk(sk); 1485 struct tcp_md5sig_key *key; 1486 struct hlist_node *n; 1487 struct tcp_md5sig_info *md5sig; 1488 1489 md5sig = rcu_dereference_protected(tp->md5sig_info, 1); 1490 1491 hlist_for_each_entry_safe(key, n, &md5sig->head, node) { 1492 hlist_del_rcu(&key->node); 1493 atomic_sub(sizeof(*key), &sk->sk_omem_alloc); 1494 kfree_rcu(key, rcu); 1495 } 1496 } 1497 1498 static int tcp_v4_parse_md5_keys(struct sock *sk, int optname, 1499 sockptr_t optval, int optlen) 1500 { 1501 struct tcp_md5sig cmd; 1502 struct sockaddr_in *sin = (struct sockaddr_in *)&cmd.tcpm_addr; 1503 const union tcp_md5_addr *addr; 1504 u8 prefixlen = 32; 1505 int l3index = 0; 1506 bool l3flag; 1507 u8 flags; 1508 1509 if (optlen < sizeof(cmd)) 1510 return -EINVAL; 1511 1512 if (copy_from_sockptr(&cmd, optval, sizeof(cmd))) 1513 return -EFAULT; 1514 1515 if (sin->sin_family != AF_INET) 1516 return -EINVAL; 1517 1518 flags = cmd.tcpm_flags & TCP_MD5SIG_FLAG_IFINDEX; 1519 l3flag = cmd.tcpm_flags & TCP_MD5SIG_FLAG_IFINDEX; 1520 1521 if (optname == TCP_MD5SIG_EXT && 1522 cmd.tcpm_flags & TCP_MD5SIG_FLAG_PREFIX) { 1523 prefixlen = cmd.tcpm_prefixlen; 1524 if (prefixlen > 32) 1525 return -EINVAL; 1526 } 1527 1528 if (optname == TCP_MD5SIG_EXT && cmd.tcpm_ifindex && 1529 cmd.tcpm_flags & TCP_MD5SIG_FLAG_IFINDEX) { 1530 struct net_device *dev; 1531 1532 rcu_read_lock(); 1533 dev = dev_get_by_index_rcu(sock_net(sk), cmd.tcpm_ifindex); 1534 if (dev && netif_is_l3_master(dev)) 1535 l3index = dev->ifindex; 1536 1537 rcu_read_unlock(); 1538 1539 /* ok to reference set/not set outside of rcu; 1540 * right now device MUST be an L3 master 1541 */ 1542 if (!dev || !l3index) 1543 return -EINVAL; 1544 } 1545 1546 addr = (union tcp_md5_addr *)&sin->sin_addr.s_addr; 1547 1548 if (!cmd.tcpm_keylen) 1549 return tcp_md5_do_del(sk, addr, AF_INET, prefixlen, l3index, flags); 1550 1551 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN) 1552 return -EINVAL; 1553 1554 /* Don't allow keys for peers that have a matching TCP-AO key. 1555 * See the comment in tcp_ao_add_cmd() 1556 */ 1557 if (tcp_ao_required(sk, addr, AF_INET, l3flag ? l3index : -1, false)) 1558 return -EKEYREJECTED; 1559 1560 return tcp_md5_do_add(sk, addr, AF_INET, prefixlen, l3index, flags, 1561 cmd.tcpm_key, cmd.tcpm_keylen); 1562 } 1563 1564 static int tcp_v4_md5_hash_headers(struct tcp_sigpool *hp, 1565 __be32 daddr, __be32 saddr, 1566 const struct tcphdr *th, int nbytes) 1567 { 1568 struct tcp4_pseudohdr *bp; 1569 struct scatterlist sg; 1570 struct tcphdr *_th; 1571 1572 bp = hp->scratch; 1573 bp->saddr = saddr; 1574 bp->daddr = daddr; 1575 bp->pad = 0; 1576 bp->protocol = IPPROTO_TCP; 1577 bp->len = cpu_to_be16(nbytes); 1578 1579 _th = (struct tcphdr *)(bp + 1); 1580 memcpy(_th, th, sizeof(*th)); 1581 _th->check = 0; 1582 1583 sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th)); 1584 ahash_request_set_crypt(hp->req, &sg, NULL, 1585 sizeof(*bp) + sizeof(*th)); 1586 return crypto_ahash_update(hp->req); 1587 } 1588 1589 static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key, 1590 __be32 daddr, __be32 saddr, const struct tcphdr *th) 1591 { 1592 struct tcp_sigpool hp; 1593 1594 if (tcp_sigpool_start(tcp_md5_sigpool_id, &hp)) 1595 goto clear_hash_nostart; 1596 1597 if (crypto_ahash_init(hp.req)) 1598 goto clear_hash; 1599 if (tcp_v4_md5_hash_headers(&hp, daddr, saddr, th, th->doff << 2)) 1600 goto clear_hash; 1601 if (tcp_md5_hash_key(&hp, key)) 1602 goto clear_hash; 1603 ahash_request_set_crypt(hp.req, NULL, md5_hash, 0); 1604 if (crypto_ahash_final(hp.req)) 1605 goto clear_hash; 1606 1607 tcp_sigpool_end(&hp); 1608 return 0; 1609 1610 clear_hash: 1611 tcp_sigpool_end(&hp); 1612 clear_hash_nostart: 1613 memset(md5_hash, 0, 16); 1614 return 1; 1615 } 1616 1617 int tcp_v4_md5_hash_skb(char *md5_hash, const struct tcp_md5sig_key *key, 1618 const struct sock *sk, 1619 const struct sk_buff *skb) 1620 { 1621 const struct tcphdr *th = tcp_hdr(skb); 1622 struct tcp_sigpool hp; 1623 __be32 saddr, daddr; 1624 1625 if (sk) { /* valid for establish/request sockets */ 1626 saddr = sk->sk_rcv_saddr; 1627 daddr = sk->sk_daddr; 1628 } else { 1629 const struct iphdr *iph = ip_hdr(skb); 1630 saddr = iph->saddr; 1631 daddr = iph->daddr; 1632 } 1633 1634 if (tcp_sigpool_start(tcp_md5_sigpool_id, &hp)) 1635 goto clear_hash_nostart; 1636 1637 if (crypto_ahash_init(hp.req)) 1638 goto clear_hash; 1639 1640 if (tcp_v4_md5_hash_headers(&hp, daddr, saddr, th, skb->len)) 1641 goto clear_hash; 1642 if (tcp_sigpool_hash_skb_data(&hp, skb, th->doff << 2)) 1643 goto clear_hash; 1644 if (tcp_md5_hash_key(&hp, key)) 1645 goto clear_hash; 1646 ahash_request_set_crypt(hp.req, NULL, md5_hash, 0); 1647 if (crypto_ahash_final(hp.req)) 1648 goto clear_hash; 1649 1650 tcp_sigpool_end(&hp); 1651 return 0; 1652 1653 clear_hash: 1654 tcp_sigpool_end(&hp); 1655 clear_hash_nostart: 1656 memset(md5_hash, 0, 16); 1657 return 1; 1658 } 1659 EXPORT_SYMBOL(tcp_v4_md5_hash_skb); 1660 1661 #endif 1662 1663 static void tcp_v4_init_req(struct request_sock *req, 1664 const struct sock *sk_listener, 1665 struct sk_buff *skb) 1666 { 1667 struct inet_request_sock *ireq = inet_rsk(req); 1668 struct net *net = sock_net(sk_listener); 1669 1670 sk_rcv_saddr_set(req_to_sk(req), ip_hdr(skb)->daddr); 1671 sk_daddr_set(req_to_sk(req), ip_hdr(skb)->saddr); 1672 RCU_INIT_POINTER(ireq->ireq_opt, tcp_v4_save_options(net, skb)); 1673 } 1674 1675 static struct dst_entry *tcp_v4_route_req(const struct sock *sk, 1676 struct sk_buff *skb, 1677 struct flowi *fl, 1678 struct request_sock *req, 1679 u32 tw_isn) 1680 { 1681 tcp_v4_init_req(req, sk, skb); 1682 1683 if (security_inet_conn_request(sk, skb, req)) 1684 return NULL; 1685 1686 return inet_csk_route_req(sk, &fl->u.ip4, req); 1687 } 1688 1689 struct request_sock_ops tcp_request_sock_ops __read_mostly = { 1690 .family = PF_INET, 1691 .obj_size = sizeof(struct tcp_request_sock), 1692 .rtx_syn_ack = tcp_rtx_synack, 1693 .send_ack = tcp_v4_reqsk_send_ack, 1694 .destructor = tcp_v4_reqsk_destructor, 1695 .send_reset = tcp_v4_send_reset, 1696 .syn_ack_timeout = tcp_syn_ack_timeout, 1697 }; 1698 1699 const struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = { 1700 .mss_clamp = TCP_MSS_DEFAULT, 1701 #ifdef CONFIG_TCP_MD5SIG 1702 .req_md5_lookup = tcp_v4_md5_lookup, 1703 .calc_md5_hash = tcp_v4_md5_hash_skb, 1704 #endif 1705 #ifdef CONFIG_TCP_AO 1706 .ao_lookup = tcp_v4_ao_lookup_rsk, 1707 .ao_calc_key = tcp_v4_ao_calc_key_rsk, 1708 .ao_synack_hash = tcp_v4_ao_synack_hash, 1709 #endif 1710 #ifdef CONFIG_SYN_COOKIES 1711 .cookie_init_seq = cookie_v4_init_sequence, 1712 #endif 1713 .route_req = tcp_v4_route_req, 1714 .init_seq = tcp_v4_init_seq, 1715 .init_ts_off = tcp_v4_init_ts_off, 1716 .send_synack = tcp_v4_send_synack, 1717 }; 1718 1719 int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb) 1720 { 1721 /* Never answer to SYNs send to broadcast or multicast */ 1722 if (skb_rtable(skb)->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) 1723 goto drop; 1724 1725 return tcp_conn_request(&tcp_request_sock_ops, 1726 &tcp_request_sock_ipv4_ops, sk, skb); 1727 1728 drop: 1729 tcp_listendrop(sk); 1730 return 0; 1731 } 1732 EXPORT_SYMBOL(tcp_v4_conn_request); 1733 1734 1735 /* 1736 * The three way handshake has completed - we got a valid synack - 1737 * now create the new socket. 1738 */ 1739 struct sock *tcp_v4_syn_recv_sock(const struct sock *sk, struct sk_buff *skb, 1740 struct request_sock *req, 1741 struct dst_entry *dst, 1742 struct request_sock *req_unhash, 1743 bool *own_req) 1744 { 1745 struct inet_request_sock *ireq; 1746 bool found_dup_sk = false; 1747 struct inet_sock *newinet; 1748 struct tcp_sock *newtp; 1749 struct sock *newsk; 1750 #ifdef CONFIG_TCP_MD5SIG 1751 const union tcp_md5_addr *addr; 1752 struct tcp_md5sig_key *key; 1753 int l3index; 1754 #endif 1755 struct ip_options_rcu *inet_opt; 1756 1757 if (sk_acceptq_is_full(sk)) 1758 goto exit_overflow; 1759 1760 newsk = tcp_create_openreq_child(sk, req, skb); 1761 if (!newsk) 1762 goto exit_nonewsk; 1763 1764 newsk->sk_gso_type = SKB_GSO_TCPV4; 1765 inet_sk_rx_dst_set(newsk, skb); 1766 1767 newtp = tcp_sk(newsk); 1768 newinet = inet_sk(newsk); 1769 ireq = inet_rsk(req); 1770 sk_daddr_set(newsk, ireq->ir_rmt_addr); 1771 sk_rcv_saddr_set(newsk, ireq->ir_loc_addr); 1772 newsk->sk_bound_dev_if = ireq->ir_iif; 1773 newinet->inet_saddr = ireq->ir_loc_addr; 1774 inet_opt = rcu_dereference(ireq->ireq_opt); 1775 RCU_INIT_POINTER(newinet->inet_opt, inet_opt); 1776 newinet->mc_index = inet_iif(skb); 1777 newinet->mc_ttl = ip_hdr(skb)->ttl; 1778 newinet->rcv_tos = ip_hdr(skb)->tos; 1779 inet_csk(newsk)->icsk_ext_hdr_len = 0; 1780 if (inet_opt) 1781 inet_csk(newsk)->icsk_ext_hdr_len = inet_opt->opt.optlen; 1782 atomic_set(&newinet->inet_id, get_random_u16()); 1783 1784 /* Set ToS of the new socket based upon the value of incoming SYN. 1785 * ECT bits are set later in tcp_init_transfer(). 1786 */ 1787 if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_reflect_tos)) 1788 newinet->tos = tcp_rsk(req)->syn_tos & ~INET_ECN_MASK; 1789 1790 if (!dst) { 1791 dst = inet_csk_route_child_sock(sk, newsk, req); 1792 if (!dst) 1793 goto put_and_exit; 1794 } else { 1795 /* syncookie case : see end of cookie_v4_check() */ 1796 } 1797 sk_setup_caps(newsk, dst); 1798 1799 tcp_ca_openreq_child(newsk, dst); 1800 1801 tcp_sync_mss(newsk, dst_mtu(dst)); 1802 newtp->advmss = tcp_mss_clamp(tcp_sk(sk), dst_metric_advmss(dst)); 1803 1804 tcp_initialize_rcv_mss(newsk); 1805 1806 #ifdef CONFIG_TCP_MD5SIG 1807 l3index = l3mdev_master_ifindex_by_index(sock_net(sk), ireq->ir_iif); 1808 /* Copy over the MD5 key from the original socket */ 1809 addr = (union tcp_md5_addr *)&newinet->inet_daddr; 1810 key = tcp_md5_do_lookup(sk, l3index, addr, AF_INET); 1811 if (key && !tcp_rsk_used_ao(req)) { 1812 if (tcp_md5_key_copy(newsk, addr, AF_INET, 32, l3index, key)) 1813 goto put_and_exit; 1814 sk_gso_disable(newsk); 1815 } 1816 #endif 1817 #ifdef CONFIG_TCP_AO 1818 if (tcp_ao_copy_all_matching(sk, newsk, req, skb, AF_INET)) 1819 goto put_and_exit; /* OOM, release back memory */ 1820 #endif 1821 1822 if (__inet_inherit_port(sk, newsk) < 0) 1823 goto put_and_exit; 1824 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash), 1825 &found_dup_sk); 1826 if (likely(*own_req)) { 1827 tcp_move_syn(newtp, req); 1828 ireq->ireq_opt = NULL; 1829 } else { 1830 newinet->inet_opt = NULL; 1831 1832 if (!req_unhash && found_dup_sk) { 1833 /* This code path should only be executed in the 1834 * syncookie case only 1835 */ 1836 bh_unlock_sock(newsk); 1837 sock_put(newsk); 1838 newsk = NULL; 1839 } 1840 } 1841 return newsk; 1842 1843 exit_overflow: 1844 NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); 1845 exit_nonewsk: 1846 dst_release(dst); 1847 exit: 1848 tcp_listendrop(sk); 1849 return NULL; 1850 put_and_exit: 1851 newinet->inet_opt = NULL; 1852 inet_csk_prepare_forced_close(newsk); 1853 tcp_done(newsk); 1854 goto exit; 1855 } 1856 EXPORT_SYMBOL(tcp_v4_syn_recv_sock); 1857 1858 static struct sock *tcp_v4_cookie_check(struct sock *sk, struct sk_buff *skb) 1859 { 1860 #ifdef CONFIG_SYN_COOKIES 1861 const struct tcphdr *th = tcp_hdr(skb); 1862 1863 if (!th->syn) 1864 sk = cookie_v4_check(sk, skb); 1865 #endif 1866 return sk; 1867 } 1868 1869 u16 tcp_v4_get_syncookie(struct sock *sk, struct iphdr *iph, 1870 struct tcphdr *th, u32 *cookie) 1871 { 1872 u16 mss = 0; 1873 #ifdef CONFIG_SYN_COOKIES 1874 mss = tcp_get_syncookie_mss(&tcp_request_sock_ops, 1875 &tcp_request_sock_ipv4_ops, sk, th); 1876 if (mss) { 1877 *cookie = __cookie_v4_init_sequence(iph, th, &mss); 1878 tcp_synq_overflow(sk); 1879 } 1880 #endif 1881 return mss; 1882 } 1883 1884 INDIRECT_CALLABLE_DECLARE(struct dst_entry *ipv4_dst_check(struct dst_entry *, 1885 u32)); 1886 /* The socket must have it's spinlock held when we get 1887 * here, unless it is a TCP_LISTEN socket. 1888 * 1889 * We have a potential double-lock case here, so even when 1890 * doing backlog processing we use the BH locking scheme. 1891 * This is because we cannot sleep with the original spinlock 1892 * held. 1893 */ 1894 int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) 1895 { 1896 enum skb_drop_reason reason; 1897 struct sock *rsk; 1898 1899 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */ 1900 struct dst_entry *dst; 1901 1902 dst = rcu_dereference_protected(sk->sk_rx_dst, 1903 lockdep_sock_is_held(sk)); 1904 1905 sock_rps_save_rxhash(sk, skb); 1906 sk_mark_napi_id(sk, skb); 1907 if (dst) { 1908 if (sk->sk_rx_dst_ifindex != skb->skb_iif || 1909 !INDIRECT_CALL_1(dst->ops->check, ipv4_dst_check, 1910 dst, 0)) { 1911 RCU_INIT_POINTER(sk->sk_rx_dst, NULL); 1912 dst_release(dst); 1913 } 1914 } 1915 tcp_rcv_established(sk, skb); 1916 return 0; 1917 } 1918 1919 if (tcp_checksum_complete(skb)) 1920 goto csum_err; 1921 1922 if (sk->sk_state == TCP_LISTEN) { 1923 struct sock *nsk = tcp_v4_cookie_check(sk, skb); 1924 1925 if (!nsk) 1926 return 0; 1927 if (nsk != sk) { 1928 reason = tcp_child_process(sk, nsk, skb); 1929 if (reason) { 1930 rsk = nsk; 1931 goto reset; 1932 } 1933 return 0; 1934 } 1935 } else 1936 sock_rps_save_rxhash(sk, skb); 1937 1938 reason = tcp_rcv_state_process(sk, skb); 1939 if (reason) { 1940 rsk = sk; 1941 goto reset; 1942 } 1943 return 0; 1944 1945 reset: 1946 tcp_v4_send_reset(rsk, skb, sk_rst_convert_drop_reason(reason)); 1947 discard: 1948 sk_skb_reason_drop(sk, skb, reason); 1949 /* Be careful here. If this function gets more complicated and 1950 * gcc suffers from register pressure on the x86, sk (in %ebx) 1951 * might be destroyed here. This current version compiles correctly, 1952 * but you have been warned. 1953 */ 1954 return 0; 1955 1956 csum_err: 1957 reason = SKB_DROP_REASON_TCP_CSUM; 1958 trace_tcp_bad_csum(skb); 1959 TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS); 1960 TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS); 1961 goto discard; 1962 } 1963 EXPORT_SYMBOL(tcp_v4_do_rcv); 1964 1965 int tcp_v4_early_demux(struct sk_buff *skb) 1966 { 1967 struct net *net = dev_net(skb->dev); 1968 const struct iphdr *iph; 1969 const struct tcphdr *th; 1970 struct sock *sk; 1971 1972 if (skb->pkt_type != PACKET_HOST) 1973 return 0; 1974 1975 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr))) 1976 return 0; 1977 1978 iph = ip_hdr(skb); 1979 th = tcp_hdr(skb); 1980 1981 if (th->doff < sizeof(struct tcphdr) / 4) 1982 return 0; 1983 1984 sk = __inet_lookup_established(net, net->ipv4.tcp_death_row.hashinfo, 1985 iph->saddr, th->source, 1986 iph->daddr, ntohs(th->dest), 1987 skb->skb_iif, inet_sdif(skb)); 1988 if (sk) { 1989 skb->sk = sk; 1990 skb->destructor = sock_edemux; 1991 if (sk_fullsock(sk)) { 1992 struct dst_entry *dst = rcu_dereference(sk->sk_rx_dst); 1993 1994 if (dst) 1995 dst = dst_check(dst, 0); 1996 if (dst && 1997 sk->sk_rx_dst_ifindex == skb->skb_iif) 1998 skb_dst_set_noref(skb, dst); 1999 } 2000 } 2001 return 0; 2002 } 2003 2004 bool tcp_add_backlog(struct sock *sk, struct sk_buff *skb, 2005 enum skb_drop_reason *reason) 2006 { 2007 u32 tail_gso_size, tail_gso_segs; 2008 struct skb_shared_info *shinfo; 2009 const struct tcphdr *th; 2010 struct tcphdr *thtail; 2011 struct sk_buff *tail; 2012 unsigned int hdrlen; 2013 bool fragstolen; 2014 u32 gso_segs; 2015 u32 gso_size; 2016 u64 limit; 2017 int delta; 2018 2019 /* In case all data was pulled from skb frags (in __pskb_pull_tail()), 2020 * we can fix skb->truesize to its real value to avoid future drops. 2021 * This is valid because skb is not yet charged to the socket. 2022 * It has been noticed pure SACK packets were sometimes dropped 2023 * (if cooked by drivers without copybreak feature). 2024 */ 2025 skb_condense(skb); 2026 2027 skb_dst_drop(skb); 2028 2029 if (unlikely(tcp_checksum_complete(skb))) { 2030 bh_unlock_sock(sk); 2031 trace_tcp_bad_csum(skb); 2032 *reason = SKB_DROP_REASON_TCP_CSUM; 2033 __TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS); 2034 __TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS); 2035 return true; 2036 } 2037 2038 /* Attempt coalescing to last skb in backlog, even if we are 2039 * above the limits. 2040 * This is okay because skb capacity is limited to MAX_SKB_FRAGS. 2041 */ 2042 th = (const struct tcphdr *)skb->data; 2043 hdrlen = th->doff * 4; 2044 2045 tail = sk->sk_backlog.tail; 2046 if (!tail) 2047 goto no_coalesce; 2048 thtail = (struct tcphdr *)tail->data; 2049 2050 if (TCP_SKB_CB(tail)->end_seq != TCP_SKB_CB(skb)->seq || 2051 TCP_SKB_CB(tail)->ip_dsfield != TCP_SKB_CB(skb)->ip_dsfield || 2052 ((TCP_SKB_CB(tail)->tcp_flags | 2053 TCP_SKB_CB(skb)->tcp_flags) & (TCPHDR_SYN | TCPHDR_RST | TCPHDR_URG)) || 2054 !((TCP_SKB_CB(tail)->tcp_flags & 2055 TCP_SKB_CB(skb)->tcp_flags) & TCPHDR_ACK) || 2056 ((TCP_SKB_CB(tail)->tcp_flags ^ 2057 TCP_SKB_CB(skb)->tcp_flags) & (TCPHDR_ECE | TCPHDR_CWR)) || 2058 !tcp_skb_can_collapse_rx(tail, skb) || 2059 thtail->doff != th->doff || 2060 memcmp(thtail + 1, th + 1, hdrlen - sizeof(*th))) 2061 goto no_coalesce; 2062 2063 __skb_pull(skb, hdrlen); 2064 2065 shinfo = skb_shinfo(skb); 2066 gso_size = shinfo->gso_size ?: skb->len; 2067 gso_segs = shinfo->gso_segs ?: 1; 2068 2069 shinfo = skb_shinfo(tail); 2070 tail_gso_size = shinfo->gso_size ?: (tail->len - hdrlen); 2071 tail_gso_segs = shinfo->gso_segs ?: 1; 2072 2073 if (skb_try_coalesce(tail, skb, &fragstolen, &delta)) { 2074 TCP_SKB_CB(tail)->end_seq = TCP_SKB_CB(skb)->end_seq; 2075 2076 if (likely(!before(TCP_SKB_CB(skb)->ack_seq, TCP_SKB_CB(tail)->ack_seq))) { 2077 TCP_SKB_CB(tail)->ack_seq = TCP_SKB_CB(skb)->ack_seq; 2078 thtail->window = th->window; 2079 } 2080 2081 /* We have to update both TCP_SKB_CB(tail)->tcp_flags and 2082 * thtail->fin, so that the fast path in tcp_rcv_established() 2083 * is not entered if we append a packet with a FIN. 2084 * SYN, RST, URG are not present. 2085 * ACK is set on both packets. 2086 * PSH : we do not really care in TCP stack, 2087 * at least for 'GRO' packets. 2088 */ 2089 thtail->fin |= th->fin; 2090 TCP_SKB_CB(tail)->tcp_flags |= TCP_SKB_CB(skb)->tcp_flags; 2091 2092 if (TCP_SKB_CB(skb)->has_rxtstamp) { 2093 TCP_SKB_CB(tail)->has_rxtstamp = true; 2094 tail->tstamp = skb->tstamp; 2095 skb_hwtstamps(tail)->hwtstamp = skb_hwtstamps(skb)->hwtstamp; 2096 } 2097 2098 /* Not as strict as GRO. We only need to carry mss max value */ 2099 shinfo->gso_size = max(gso_size, tail_gso_size); 2100 shinfo->gso_segs = min_t(u32, gso_segs + tail_gso_segs, 0xFFFF); 2101 2102 sk->sk_backlog.len += delta; 2103 __NET_INC_STATS(sock_net(sk), 2104 LINUX_MIB_TCPBACKLOGCOALESCE); 2105 kfree_skb_partial(skb, fragstolen); 2106 return false; 2107 } 2108 __skb_push(skb, hdrlen); 2109 2110 no_coalesce: 2111 /* sk->sk_backlog.len is reset only at the end of __release_sock(). 2112 * Both sk->sk_backlog.len and sk->sk_rmem_alloc could reach 2113 * sk_rcvbuf in normal conditions. 2114 */ 2115 limit = ((u64)READ_ONCE(sk->sk_rcvbuf)) << 1; 2116 2117 limit += ((u32)READ_ONCE(sk->sk_sndbuf)) >> 1; 2118 2119 /* Only socket owner can try to collapse/prune rx queues 2120 * to reduce memory overhead, so add a little headroom here. 2121 * Few sockets backlog are possibly concurrently non empty. 2122 */ 2123 limit += 64 * 1024; 2124 2125 limit = min_t(u64, limit, UINT_MAX); 2126 2127 if (unlikely(sk_add_backlog(sk, skb, limit))) { 2128 bh_unlock_sock(sk); 2129 *reason = SKB_DROP_REASON_SOCKET_BACKLOG; 2130 __NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPBACKLOGDROP); 2131 return true; 2132 } 2133 return false; 2134 } 2135 EXPORT_SYMBOL(tcp_add_backlog); 2136 2137 int tcp_filter(struct sock *sk, struct sk_buff *skb) 2138 { 2139 struct tcphdr *th = (struct tcphdr *)skb->data; 2140 2141 return sk_filter_trim_cap(sk, skb, th->doff * 4); 2142 } 2143 EXPORT_SYMBOL(tcp_filter); 2144 2145 static void tcp_v4_restore_cb(struct sk_buff *skb) 2146 { 2147 memmove(IPCB(skb), &TCP_SKB_CB(skb)->header.h4, 2148 sizeof(struct inet_skb_parm)); 2149 } 2150 2151 static void tcp_v4_fill_cb(struct sk_buff *skb, const struct iphdr *iph, 2152 const struct tcphdr *th) 2153 { 2154 /* This is tricky : We move IPCB at its correct location into TCP_SKB_CB() 2155 * barrier() makes sure compiler wont play fool^Waliasing games. 2156 */ 2157 memmove(&TCP_SKB_CB(skb)->header.h4, IPCB(skb), 2158 sizeof(struct inet_skb_parm)); 2159 barrier(); 2160 2161 TCP_SKB_CB(skb)->seq = ntohl(th->seq); 2162 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin + 2163 skb->len - th->doff * 4); 2164 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq); 2165 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th); 2166 TCP_SKB_CB(skb)->ip_dsfield = ipv4_get_dsfield(iph); 2167 TCP_SKB_CB(skb)->sacked = 0; 2168 TCP_SKB_CB(skb)->has_rxtstamp = 2169 skb->tstamp || skb_hwtstamps(skb)->hwtstamp; 2170 } 2171 2172 /* 2173 * From tcp_input.c 2174 */ 2175 2176 int tcp_v4_rcv(struct sk_buff *skb) 2177 { 2178 struct net *net = dev_net(skb->dev); 2179 enum skb_drop_reason drop_reason; 2180 int sdif = inet_sdif(skb); 2181 int dif = inet_iif(skb); 2182 const struct iphdr *iph; 2183 const struct tcphdr *th; 2184 struct sock *sk = NULL; 2185 bool refcounted; 2186 int ret; 2187 u32 isn; 2188 2189 drop_reason = SKB_DROP_REASON_NOT_SPECIFIED; 2190 if (skb->pkt_type != PACKET_HOST) 2191 goto discard_it; 2192 2193 /* Count it even if it's bad */ 2194 __TCP_INC_STATS(net, TCP_MIB_INSEGS); 2195 2196 if (!pskb_may_pull(skb, sizeof(struct tcphdr))) 2197 goto discard_it; 2198 2199 th = (const struct tcphdr *)skb->data; 2200 2201 if (unlikely(th->doff < sizeof(struct tcphdr) / 4)) { 2202 drop_reason = SKB_DROP_REASON_PKT_TOO_SMALL; 2203 goto bad_packet; 2204 } 2205 if (!pskb_may_pull(skb, th->doff * 4)) 2206 goto discard_it; 2207 2208 /* An explanation is required here, I think. 2209 * Packet length and doff are validated by header prediction, 2210 * provided case of th->doff==0 is eliminated. 2211 * So, we defer the checks. */ 2212 2213 if (skb_checksum_init(skb, IPPROTO_TCP, inet_compute_pseudo)) 2214 goto csum_error; 2215 2216 th = (const struct tcphdr *)skb->data; 2217 iph = ip_hdr(skb); 2218 lookup: 2219 sk = __inet_lookup_skb(net->ipv4.tcp_death_row.hashinfo, 2220 skb, __tcp_hdrlen(th), th->source, 2221 th->dest, sdif, &refcounted); 2222 if (!sk) 2223 goto no_tcp_socket; 2224 2225 if (sk->sk_state == TCP_TIME_WAIT) 2226 goto do_time_wait; 2227 2228 if (sk->sk_state == TCP_NEW_SYN_RECV) { 2229 struct request_sock *req = inet_reqsk(sk); 2230 bool req_stolen = false; 2231 struct sock *nsk; 2232 2233 sk = req->rsk_listener; 2234 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) 2235 drop_reason = SKB_DROP_REASON_XFRM_POLICY; 2236 else 2237 drop_reason = tcp_inbound_hash(sk, req, skb, 2238 &iph->saddr, &iph->daddr, 2239 AF_INET, dif, sdif); 2240 if (unlikely(drop_reason)) { 2241 sk_drops_add(sk, skb); 2242 reqsk_put(req); 2243 goto discard_it; 2244 } 2245 if (tcp_checksum_complete(skb)) { 2246 reqsk_put(req); 2247 goto csum_error; 2248 } 2249 if (unlikely(sk->sk_state != TCP_LISTEN)) { 2250 nsk = reuseport_migrate_sock(sk, req_to_sk(req), skb); 2251 if (!nsk) { 2252 inet_csk_reqsk_queue_drop_and_put(sk, req); 2253 goto lookup; 2254 } 2255 sk = nsk; 2256 /* reuseport_migrate_sock() has already held one sk_refcnt 2257 * before returning. 2258 */ 2259 } else { 2260 /* We own a reference on the listener, increase it again 2261 * as we might lose it too soon. 2262 */ 2263 sock_hold(sk); 2264 } 2265 refcounted = true; 2266 nsk = NULL; 2267 if (!tcp_filter(sk, skb)) { 2268 th = (const struct tcphdr *)skb->data; 2269 iph = ip_hdr(skb); 2270 tcp_v4_fill_cb(skb, iph, th); 2271 nsk = tcp_check_req(sk, skb, req, false, &req_stolen); 2272 } else { 2273 drop_reason = SKB_DROP_REASON_SOCKET_FILTER; 2274 } 2275 if (!nsk) { 2276 reqsk_put(req); 2277 if (req_stolen) { 2278 /* Another cpu got exclusive access to req 2279 * and created a full blown socket. 2280 * Try to feed this packet to this socket 2281 * instead of discarding it. 2282 */ 2283 tcp_v4_restore_cb(skb); 2284 sock_put(sk); 2285 goto lookup; 2286 } 2287 goto discard_and_relse; 2288 } 2289 nf_reset_ct(skb); 2290 if (nsk == sk) { 2291 reqsk_put(req); 2292 tcp_v4_restore_cb(skb); 2293 } else { 2294 drop_reason = tcp_child_process(sk, nsk, skb); 2295 if (drop_reason) { 2296 enum sk_rst_reason rst_reason; 2297 2298 rst_reason = sk_rst_convert_drop_reason(drop_reason); 2299 tcp_v4_send_reset(nsk, skb, rst_reason); 2300 goto discard_and_relse; 2301 } 2302 sock_put(sk); 2303 return 0; 2304 } 2305 } 2306 2307 process: 2308 if (static_branch_unlikely(&ip4_min_ttl)) { 2309 /* min_ttl can be changed concurrently from do_ip_setsockopt() */ 2310 if (unlikely(iph->ttl < READ_ONCE(inet_sk(sk)->min_ttl))) { 2311 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP); 2312 drop_reason = SKB_DROP_REASON_TCP_MINTTL; 2313 goto discard_and_relse; 2314 } 2315 } 2316 2317 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) { 2318 drop_reason = SKB_DROP_REASON_XFRM_POLICY; 2319 goto discard_and_relse; 2320 } 2321 2322 drop_reason = tcp_inbound_hash(sk, NULL, skb, &iph->saddr, &iph->daddr, 2323 AF_INET, dif, sdif); 2324 if (drop_reason) 2325 goto discard_and_relse; 2326 2327 nf_reset_ct(skb); 2328 2329 if (tcp_filter(sk, skb)) { 2330 drop_reason = SKB_DROP_REASON_SOCKET_FILTER; 2331 goto discard_and_relse; 2332 } 2333 th = (const struct tcphdr *)skb->data; 2334 iph = ip_hdr(skb); 2335 tcp_v4_fill_cb(skb, iph, th); 2336 2337 skb->dev = NULL; 2338 2339 if (sk->sk_state == TCP_LISTEN) { 2340 ret = tcp_v4_do_rcv(sk, skb); 2341 goto put_and_return; 2342 } 2343 2344 sk_incoming_cpu_update(sk); 2345 2346 bh_lock_sock_nested(sk); 2347 tcp_segs_in(tcp_sk(sk), skb); 2348 ret = 0; 2349 if (!sock_owned_by_user(sk)) { 2350 ret = tcp_v4_do_rcv(sk, skb); 2351 } else { 2352 if (tcp_add_backlog(sk, skb, &drop_reason)) 2353 goto discard_and_relse; 2354 } 2355 bh_unlock_sock(sk); 2356 2357 put_and_return: 2358 if (refcounted) 2359 sock_put(sk); 2360 2361 return ret; 2362 2363 no_tcp_socket: 2364 drop_reason = SKB_DROP_REASON_NO_SOCKET; 2365 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) 2366 goto discard_it; 2367 2368 tcp_v4_fill_cb(skb, iph, th); 2369 2370 if (tcp_checksum_complete(skb)) { 2371 csum_error: 2372 drop_reason = SKB_DROP_REASON_TCP_CSUM; 2373 trace_tcp_bad_csum(skb); 2374 __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS); 2375 bad_packet: 2376 __TCP_INC_STATS(net, TCP_MIB_INERRS); 2377 } else { 2378 tcp_v4_send_reset(NULL, skb, sk_rst_convert_drop_reason(drop_reason)); 2379 } 2380 2381 discard_it: 2382 SKB_DR_OR(drop_reason, NOT_SPECIFIED); 2383 /* Discard frame. */ 2384 sk_skb_reason_drop(sk, skb, drop_reason); 2385 return 0; 2386 2387 discard_and_relse: 2388 sk_drops_add(sk, skb); 2389 if (refcounted) 2390 sock_put(sk); 2391 goto discard_it; 2392 2393 do_time_wait: 2394 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) { 2395 drop_reason = SKB_DROP_REASON_XFRM_POLICY; 2396 inet_twsk_put(inet_twsk(sk)); 2397 goto discard_it; 2398 } 2399 2400 tcp_v4_fill_cb(skb, iph, th); 2401 2402 if (tcp_checksum_complete(skb)) { 2403 inet_twsk_put(inet_twsk(sk)); 2404 goto csum_error; 2405 } 2406 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th, &isn)) { 2407 case TCP_TW_SYN: { 2408 struct sock *sk2 = inet_lookup_listener(net, 2409 net->ipv4.tcp_death_row.hashinfo, 2410 skb, __tcp_hdrlen(th), 2411 iph->saddr, th->source, 2412 iph->daddr, th->dest, 2413 inet_iif(skb), 2414 sdif); 2415 if (sk2) { 2416 inet_twsk_deschedule_put(inet_twsk(sk)); 2417 sk = sk2; 2418 tcp_v4_restore_cb(skb); 2419 refcounted = false; 2420 __this_cpu_write(tcp_tw_isn, isn); 2421 goto process; 2422 } 2423 } 2424 /* to ACK */ 2425 fallthrough; 2426 case TCP_TW_ACK: 2427 tcp_v4_timewait_ack(sk, skb); 2428 break; 2429 case TCP_TW_RST: 2430 tcp_v4_send_reset(sk, skb, SK_RST_REASON_TCP_TIMEWAIT_SOCKET); 2431 inet_twsk_deschedule_put(inet_twsk(sk)); 2432 goto discard_it; 2433 case TCP_TW_SUCCESS:; 2434 } 2435 goto discard_it; 2436 } 2437 2438 static struct timewait_sock_ops tcp_timewait_sock_ops = { 2439 .twsk_obj_size = sizeof(struct tcp_timewait_sock), 2440 .twsk_destructor= tcp_twsk_destructor, 2441 }; 2442 2443 void inet_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) 2444 { 2445 struct dst_entry *dst = skb_dst(skb); 2446 2447 if (dst && dst_hold_safe(dst)) { 2448 rcu_assign_pointer(sk->sk_rx_dst, dst); 2449 sk->sk_rx_dst_ifindex = skb->skb_iif; 2450 } 2451 } 2452 EXPORT_SYMBOL(inet_sk_rx_dst_set); 2453 2454 const struct inet_connection_sock_af_ops ipv4_specific = { 2455 .queue_xmit = ip_queue_xmit, 2456 .send_check = tcp_v4_send_check, 2457 .rebuild_header = inet_sk_rebuild_header, 2458 .sk_rx_dst_set = inet_sk_rx_dst_set, 2459 .conn_request = tcp_v4_conn_request, 2460 .syn_recv_sock = tcp_v4_syn_recv_sock, 2461 .net_header_len = sizeof(struct iphdr), 2462 .setsockopt = ip_setsockopt, 2463 .getsockopt = ip_getsockopt, 2464 .addr2sockaddr = inet_csk_addr2sockaddr, 2465 .sockaddr_len = sizeof(struct sockaddr_in), 2466 .mtu_reduced = tcp_v4_mtu_reduced, 2467 }; 2468 EXPORT_SYMBOL(ipv4_specific); 2469 2470 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO) 2471 static const struct tcp_sock_af_ops tcp_sock_ipv4_specific = { 2472 #ifdef CONFIG_TCP_MD5SIG 2473 .md5_lookup = tcp_v4_md5_lookup, 2474 .calc_md5_hash = tcp_v4_md5_hash_skb, 2475 .md5_parse = tcp_v4_parse_md5_keys, 2476 #endif 2477 #ifdef CONFIG_TCP_AO 2478 .ao_lookup = tcp_v4_ao_lookup, 2479 .calc_ao_hash = tcp_v4_ao_hash_skb, 2480 .ao_parse = tcp_v4_parse_ao, 2481 .ao_calc_key_sk = tcp_v4_ao_calc_key_sk, 2482 #endif 2483 }; 2484 #endif 2485 2486 /* NOTE: A lot of things set to zero explicitly by call to 2487 * sk_alloc() so need not be done here. 2488 */ 2489 static int tcp_v4_init_sock(struct sock *sk) 2490 { 2491 struct inet_connection_sock *icsk = inet_csk(sk); 2492 2493 tcp_init_sock(sk); 2494 2495 icsk->icsk_af_ops = &ipv4_specific; 2496 2497 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO) 2498 tcp_sk(sk)->af_specific = &tcp_sock_ipv4_specific; 2499 #endif 2500 2501 return 0; 2502 } 2503 2504 #ifdef CONFIG_TCP_MD5SIG 2505 static void tcp_md5sig_info_free_rcu(struct rcu_head *head) 2506 { 2507 struct tcp_md5sig_info *md5sig; 2508 2509 md5sig = container_of(head, struct tcp_md5sig_info, rcu); 2510 kfree(md5sig); 2511 static_branch_slow_dec_deferred(&tcp_md5_needed); 2512 tcp_md5_release_sigpool(); 2513 } 2514 #endif 2515 2516 static void tcp_release_user_frags(struct sock *sk) 2517 { 2518 #ifdef CONFIG_PAGE_POOL 2519 unsigned long index; 2520 void *netmem; 2521 2522 xa_for_each(&sk->sk_user_frags, index, netmem) 2523 WARN_ON_ONCE(!napi_pp_put_page((__force netmem_ref)netmem)); 2524 #endif 2525 } 2526 2527 void tcp_v4_destroy_sock(struct sock *sk) 2528 { 2529 struct tcp_sock *tp = tcp_sk(sk); 2530 2531 tcp_release_user_frags(sk); 2532 2533 xa_destroy(&sk->sk_user_frags); 2534 2535 trace_tcp_destroy_sock(sk); 2536 2537 tcp_clear_xmit_timers(sk); 2538 2539 tcp_cleanup_congestion_control(sk); 2540 2541 tcp_cleanup_ulp(sk); 2542 2543 /* Cleanup up the write buffer. */ 2544 tcp_write_queue_purge(sk); 2545 2546 /* Check if we want to disable active TFO */ 2547 tcp_fastopen_active_disable_ofo_check(sk); 2548 2549 /* Cleans up our, hopefully empty, out_of_order_queue. */ 2550 skb_rbtree_purge(&tp->out_of_order_queue); 2551 2552 #ifdef CONFIG_TCP_MD5SIG 2553 /* Clean up the MD5 key list, if any */ 2554 if (tp->md5sig_info) { 2555 struct tcp_md5sig_info *md5sig; 2556 2557 md5sig = rcu_dereference_protected(tp->md5sig_info, 1); 2558 tcp_clear_md5_list(sk); 2559 call_rcu(&md5sig->rcu, tcp_md5sig_info_free_rcu); 2560 rcu_assign_pointer(tp->md5sig_info, NULL); 2561 } 2562 #endif 2563 tcp_ao_destroy_sock(sk, false); 2564 2565 /* Clean up a referenced TCP bind bucket. */ 2566 if (inet_csk(sk)->icsk_bind_hash) 2567 inet_put_port(sk); 2568 2569 BUG_ON(rcu_access_pointer(tp->fastopen_rsk)); 2570 2571 /* If socket is aborted during connect operation */ 2572 tcp_free_fastopen_req(tp); 2573 tcp_fastopen_destroy_cipher(sk); 2574 tcp_saved_syn_free(tp); 2575 2576 sk_sockets_allocated_dec(sk); 2577 } 2578 EXPORT_SYMBOL(tcp_v4_destroy_sock); 2579 2580 #ifdef CONFIG_PROC_FS 2581 /* Proc filesystem TCP sock list dumping. */ 2582 2583 static unsigned short seq_file_family(const struct seq_file *seq); 2584 2585 static bool seq_sk_match(struct seq_file *seq, const struct sock *sk) 2586 { 2587 unsigned short family = seq_file_family(seq); 2588 2589 /* AF_UNSPEC is used as a match all */ 2590 return ((family == AF_UNSPEC || family == sk->sk_family) && 2591 net_eq(sock_net(sk), seq_file_net(seq))); 2592 } 2593 2594 /* Find a non empty bucket (starting from st->bucket) 2595 * and return the first sk from it. 2596 */ 2597 static void *listening_get_first(struct seq_file *seq) 2598 { 2599 struct inet_hashinfo *hinfo = seq_file_net(seq)->ipv4.tcp_death_row.hashinfo; 2600 struct tcp_iter_state *st = seq->private; 2601 2602 st->offset = 0; 2603 for (; st->bucket <= hinfo->lhash2_mask; st->bucket++) { 2604 struct inet_listen_hashbucket *ilb2; 2605 struct hlist_nulls_node *node; 2606 struct sock *sk; 2607 2608 ilb2 = &hinfo->lhash2[st->bucket]; 2609 if (hlist_nulls_empty(&ilb2->nulls_head)) 2610 continue; 2611 2612 spin_lock(&ilb2->lock); 2613 sk_nulls_for_each(sk, node, &ilb2->nulls_head) { 2614 if (seq_sk_match(seq, sk)) 2615 return sk; 2616 } 2617 spin_unlock(&ilb2->lock); 2618 } 2619 2620 return NULL; 2621 } 2622 2623 /* Find the next sk of "cur" within the same bucket (i.e. st->bucket). 2624 * If "cur" is the last one in the st->bucket, 2625 * call listening_get_first() to return the first sk of the next 2626 * non empty bucket. 2627 */ 2628 static void *listening_get_next(struct seq_file *seq, void *cur) 2629 { 2630 struct tcp_iter_state *st = seq->private; 2631 struct inet_listen_hashbucket *ilb2; 2632 struct hlist_nulls_node *node; 2633 struct inet_hashinfo *hinfo; 2634 struct sock *sk = cur; 2635 2636 ++st->num; 2637 ++st->offset; 2638 2639 sk = sk_nulls_next(sk); 2640 sk_nulls_for_each_from(sk, node) { 2641 if (seq_sk_match(seq, sk)) 2642 return sk; 2643 } 2644 2645 hinfo = seq_file_net(seq)->ipv4.tcp_death_row.hashinfo; 2646 ilb2 = &hinfo->lhash2[st->bucket]; 2647 spin_unlock(&ilb2->lock); 2648 ++st->bucket; 2649 return listening_get_first(seq); 2650 } 2651 2652 static void *listening_get_idx(struct seq_file *seq, loff_t *pos) 2653 { 2654 struct tcp_iter_state *st = seq->private; 2655 void *rc; 2656 2657 st->bucket = 0; 2658 st->offset = 0; 2659 rc = listening_get_first(seq); 2660 2661 while (rc && *pos) { 2662 rc = listening_get_next(seq, rc); 2663 --*pos; 2664 } 2665 return rc; 2666 } 2667 2668 static inline bool empty_bucket(struct inet_hashinfo *hinfo, 2669 const struct tcp_iter_state *st) 2670 { 2671 return hlist_nulls_empty(&hinfo->ehash[st->bucket].chain); 2672 } 2673 2674 /* 2675 * Get first established socket starting from bucket given in st->bucket. 2676 * If st->bucket is zero, the very first socket in the hash is returned. 2677 */ 2678 static void *established_get_first(struct seq_file *seq) 2679 { 2680 struct inet_hashinfo *hinfo = seq_file_net(seq)->ipv4.tcp_death_row.hashinfo; 2681 struct tcp_iter_state *st = seq->private; 2682 2683 st->offset = 0; 2684 for (; st->bucket <= hinfo->ehash_mask; ++st->bucket) { 2685 struct sock *sk; 2686 struct hlist_nulls_node *node; 2687 spinlock_t *lock = inet_ehash_lockp(hinfo, st->bucket); 2688 2689 cond_resched(); 2690 2691 /* Lockless fast path for the common case of empty buckets */ 2692 if (empty_bucket(hinfo, st)) 2693 continue; 2694 2695 spin_lock_bh(lock); 2696 sk_nulls_for_each(sk, node, &hinfo->ehash[st->bucket].chain) { 2697 if (seq_sk_match(seq, sk)) 2698 return sk; 2699 } 2700 spin_unlock_bh(lock); 2701 } 2702 2703 return NULL; 2704 } 2705 2706 static void *established_get_next(struct seq_file *seq, void *cur) 2707 { 2708 struct inet_hashinfo *hinfo = seq_file_net(seq)->ipv4.tcp_death_row.hashinfo; 2709 struct tcp_iter_state *st = seq->private; 2710 struct hlist_nulls_node *node; 2711 struct sock *sk = cur; 2712 2713 ++st->num; 2714 ++st->offset; 2715 2716 sk = sk_nulls_next(sk); 2717 2718 sk_nulls_for_each_from(sk, node) { 2719 if (seq_sk_match(seq, sk)) 2720 return sk; 2721 } 2722 2723 spin_unlock_bh(inet_ehash_lockp(hinfo, st->bucket)); 2724 ++st->bucket; 2725 return established_get_first(seq); 2726 } 2727 2728 static void *established_get_idx(struct seq_file *seq, loff_t pos) 2729 { 2730 struct tcp_iter_state *st = seq->private; 2731 void *rc; 2732 2733 st->bucket = 0; 2734 rc = established_get_first(seq); 2735 2736 while (rc && pos) { 2737 rc = established_get_next(seq, rc); 2738 --pos; 2739 } 2740 return rc; 2741 } 2742 2743 static void *tcp_get_idx(struct seq_file *seq, loff_t pos) 2744 { 2745 void *rc; 2746 struct tcp_iter_state *st = seq->private; 2747 2748 st->state = TCP_SEQ_STATE_LISTENING; 2749 rc = listening_get_idx(seq, &pos); 2750 2751 if (!rc) { 2752 st->state = TCP_SEQ_STATE_ESTABLISHED; 2753 rc = established_get_idx(seq, pos); 2754 } 2755 2756 return rc; 2757 } 2758 2759 static void *tcp_seek_last_pos(struct seq_file *seq) 2760 { 2761 struct inet_hashinfo *hinfo = seq_file_net(seq)->ipv4.tcp_death_row.hashinfo; 2762 struct tcp_iter_state *st = seq->private; 2763 int bucket = st->bucket; 2764 int offset = st->offset; 2765 int orig_num = st->num; 2766 void *rc = NULL; 2767 2768 switch (st->state) { 2769 case TCP_SEQ_STATE_LISTENING: 2770 if (st->bucket > hinfo->lhash2_mask) 2771 break; 2772 rc = listening_get_first(seq); 2773 while (offset-- && rc && bucket == st->bucket) 2774 rc = listening_get_next(seq, rc); 2775 if (rc) 2776 break; 2777 st->bucket = 0; 2778 st->state = TCP_SEQ_STATE_ESTABLISHED; 2779 fallthrough; 2780 case TCP_SEQ_STATE_ESTABLISHED: 2781 if (st->bucket > hinfo->ehash_mask) 2782 break; 2783 rc = established_get_first(seq); 2784 while (offset-- && rc && bucket == st->bucket) 2785 rc = established_get_next(seq, rc); 2786 } 2787 2788 st->num = orig_num; 2789 2790 return rc; 2791 } 2792 2793 void *tcp_seq_start(struct seq_file *seq, loff_t *pos) 2794 { 2795 struct tcp_iter_state *st = seq->private; 2796 void *rc; 2797 2798 if (*pos && *pos == st->last_pos) { 2799 rc = tcp_seek_last_pos(seq); 2800 if (rc) 2801 goto out; 2802 } 2803 2804 st->state = TCP_SEQ_STATE_LISTENING; 2805 st->num = 0; 2806 st->bucket = 0; 2807 st->offset = 0; 2808 rc = *pos ? tcp_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; 2809 2810 out: 2811 st->last_pos = *pos; 2812 return rc; 2813 } 2814 EXPORT_SYMBOL(tcp_seq_start); 2815 2816 void *tcp_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2817 { 2818 struct tcp_iter_state *st = seq->private; 2819 void *rc = NULL; 2820 2821 if (v == SEQ_START_TOKEN) { 2822 rc = tcp_get_idx(seq, 0); 2823 goto out; 2824 } 2825 2826 switch (st->state) { 2827 case TCP_SEQ_STATE_LISTENING: 2828 rc = listening_get_next(seq, v); 2829 if (!rc) { 2830 st->state = TCP_SEQ_STATE_ESTABLISHED; 2831 st->bucket = 0; 2832 st->offset = 0; 2833 rc = established_get_first(seq); 2834 } 2835 break; 2836 case TCP_SEQ_STATE_ESTABLISHED: 2837 rc = established_get_next(seq, v); 2838 break; 2839 } 2840 out: 2841 ++*pos; 2842 st->last_pos = *pos; 2843 return rc; 2844 } 2845 EXPORT_SYMBOL(tcp_seq_next); 2846 2847 void tcp_seq_stop(struct seq_file *seq, void *v) 2848 { 2849 struct inet_hashinfo *hinfo = seq_file_net(seq)->ipv4.tcp_death_row.hashinfo; 2850 struct tcp_iter_state *st = seq->private; 2851 2852 switch (st->state) { 2853 case TCP_SEQ_STATE_LISTENING: 2854 if (v != SEQ_START_TOKEN) 2855 spin_unlock(&hinfo->lhash2[st->bucket].lock); 2856 break; 2857 case TCP_SEQ_STATE_ESTABLISHED: 2858 if (v) 2859 spin_unlock_bh(inet_ehash_lockp(hinfo, st->bucket)); 2860 break; 2861 } 2862 } 2863 EXPORT_SYMBOL(tcp_seq_stop); 2864 2865 static void get_openreq4(const struct request_sock *req, 2866 struct seq_file *f, int i) 2867 { 2868 const struct inet_request_sock *ireq = inet_rsk(req); 2869 long delta = req->rsk_timer.expires - jiffies; 2870 2871 seq_printf(f, "%4d: %08X:%04X %08X:%04X" 2872 " %02X %08X:%08X %02X:%08lX %08X %5u %8d %u %d %pK", 2873 i, 2874 ireq->ir_loc_addr, 2875 ireq->ir_num, 2876 ireq->ir_rmt_addr, 2877 ntohs(ireq->ir_rmt_port), 2878 TCP_SYN_RECV, 2879 0, 0, /* could print option size, but that is af dependent. */ 2880 1, /* timers active (only the expire timer) */ 2881 jiffies_delta_to_clock_t(delta), 2882 req->num_timeout, 2883 from_kuid_munged(seq_user_ns(f), 2884 sock_i_uid(req->rsk_listener)), 2885 0, /* non standard timer */ 2886 0, /* open_requests have no inode */ 2887 0, 2888 req); 2889 } 2890 2891 static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i) 2892 { 2893 int timer_active; 2894 unsigned long timer_expires; 2895 const struct tcp_sock *tp = tcp_sk(sk); 2896 const struct inet_connection_sock *icsk = inet_csk(sk); 2897 const struct inet_sock *inet = inet_sk(sk); 2898 const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq; 2899 __be32 dest = inet->inet_daddr; 2900 __be32 src = inet->inet_rcv_saddr; 2901 __u16 destp = ntohs(inet->inet_dport); 2902 __u16 srcp = ntohs(inet->inet_sport); 2903 int rx_queue; 2904 int state; 2905 2906 if (icsk->icsk_pending == ICSK_TIME_RETRANS || 2907 icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT || 2908 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) { 2909 timer_active = 1; 2910 timer_expires = icsk->icsk_timeout; 2911 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) { 2912 timer_active = 4; 2913 timer_expires = icsk->icsk_timeout; 2914 } else if (timer_pending(&sk->sk_timer)) { 2915 timer_active = 2; 2916 timer_expires = sk->sk_timer.expires; 2917 } else { 2918 timer_active = 0; 2919 timer_expires = jiffies; 2920 } 2921 2922 state = inet_sk_state_load(sk); 2923 if (state == TCP_LISTEN) 2924 rx_queue = READ_ONCE(sk->sk_ack_backlog); 2925 else 2926 /* Because we don't lock the socket, 2927 * we might find a transient negative value. 2928 */ 2929 rx_queue = max_t(int, READ_ONCE(tp->rcv_nxt) - 2930 READ_ONCE(tp->copied_seq), 0); 2931 2932 seq_printf(f, "%4d: %08X:%04X %08X:%04X %02X %08X:%08X %02X:%08lX " 2933 "%08X %5u %8d %lu %d %pK %lu %lu %u %u %d", 2934 i, src, srcp, dest, destp, state, 2935 READ_ONCE(tp->write_seq) - tp->snd_una, 2936 rx_queue, 2937 timer_active, 2938 jiffies_delta_to_clock_t(timer_expires - jiffies), 2939 icsk->icsk_retransmits, 2940 from_kuid_munged(seq_user_ns(f), sock_i_uid(sk)), 2941 icsk->icsk_probes_out, 2942 sock_i_ino(sk), 2943 refcount_read(&sk->sk_refcnt), sk, 2944 jiffies_to_clock_t(icsk->icsk_rto), 2945 jiffies_to_clock_t(icsk->icsk_ack.ato), 2946 (icsk->icsk_ack.quick << 1) | inet_csk_in_pingpong_mode(sk), 2947 tcp_snd_cwnd(tp), 2948 state == TCP_LISTEN ? 2949 fastopenq->max_qlen : 2950 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)); 2951 } 2952 2953 static void get_timewait4_sock(const struct inet_timewait_sock *tw, 2954 struct seq_file *f, int i) 2955 { 2956 long delta = tw->tw_timer.expires - jiffies; 2957 __be32 dest, src; 2958 __u16 destp, srcp; 2959 2960 dest = tw->tw_daddr; 2961 src = tw->tw_rcv_saddr; 2962 destp = ntohs(tw->tw_dport); 2963 srcp = ntohs(tw->tw_sport); 2964 2965 seq_printf(f, "%4d: %08X:%04X %08X:%04X" 2966 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK", 2967 i, src, srcp, dest, destp, READ_ONCE(tw->tw_substate), 0, 0, 2968 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0, 2969 refcount_read(&tw->tw_refcnt), tw); 2970 } 2971 2972 #define TMPSZ 150 2973 2974 static int tcp4_seq_show(struct seq_file *seq, void *v) 2975 { 2976 struct tcp_iter_state *st; 2977 struct sock *sk = v; 2978 2979 seq_setwidth(seq, TMPSZ - 1); 2980 if (v == SEQ_START_TOKEN) { 2981 seq_puts(seq, " sl local_address rem_address st tx_queue " 2982 "rx_queue tr tm->when retrnsmt uid timeout " 2983 "inode"); 2984 goto out; 2985 } 2986 st = seq->private; 2987 2988 if (sk->sk_state == TCP_TIME_WAIT) 2989 get_timewait4_sock(v, seq, st->num); 2990 else if (sk->sk_state == TCP_NEW_SYN_RECV) 2991 get_openreq4(v, seq, st->num); 2992 else 2993 get_tcp4_sock(v, seq, st->num); 2994 out: 2995 seq_pad(seq, '\n'); 2996 return 0; 2997 } 2998 2999 #ifdef CONFIG_BPF_SYSCALL 3000 struct bpf_tcp_iter_state { 3001 struct tcp_iter_state state; 3002 unsigned int cur_sk; 3003 unsigned int end_sk; 3004 unsigned int max_sk; 3005 struct sock **batch; 3006 bool st_bucket_done; 3007 }; 3008 3009 struct bpf_iter__tcp { 3010 __bpf_md_ptr(struct bpf_iter_meta *, meta); 3011 __bpf_md_ptr(struct sock_common *, sk_common); 3012 uid_t uid __aligned(8); 3013 }; 3014 3015 static int tcp_prog_seq_show(struct bpf_prog *prog, struct bpf_iter_meta *meta, 3016 struct sock_common *sk_common, uid_t uid) 3017 { 3018 struct bpf_iter__tcp ctx; 3019 3020 meta->seq_num--; /* skip SEQ_START_TOKEN */ 3021 ctx.meta = meta; 3022 ctx.sk_common = sk_common; 3023 ctx.uid = uid; 3024 return bpf_iter_run_prog(prog, &ctx); 3025 } 3026 3027 static void bpf_iter_tcp_put_batch(struct bpf_tcp_iter_state *iter) 3028 { 3029 while (iter->cur_sk < iter->end_sk) 3030 sock_gen_put(iter->batch[iter->cur_sk++]); 3031 } 3032 3033 static int bpf_iter_tcp_realloc_batch(struct bpf_tcp_iter_state *iter, 3034 unsigned int new_batch_sz) 3035 { 3036 struct sock **new_batch; 3037 3038 new_batch = kvmalloc(sizeof(*new_batch) * new_batch_sz, 3039 GFP_USER | __GFP_NOWARN); 3040 if (!new_batch) 3041 return -ENOMEM; 3042 3043 bpf_iter_tcp_put_batch(iter); 3044 kvfree(iter->batch); 3045 iter->batch = new_batch; 3046 iter->max_sk = new_batch_sz; 3047 3048 return 0; 3049 } 3050 3051 static unsigned int bpf_iter_tcp_listening_batch(struct seq_file *seq, 3052 struct sock *start_sk) 3053 { 3054 struct inet_hashinfo *hinfo = seq_file_net(seq)->ipv4.tcp_death_row.hashinfo; 3055 struct bpf_tcp_iter_state *iter = seq->private; 3056 struct tcp_iter_state *st = &iter->state; 3057 struct hlist_nulls_node *node; 3058 unsigned int expected = 1; 3059 struct sock *sk; 3060 3061 sock_hold(start_sk); 3062 iter->batch[iter->end_sk++] = start_sk; 3063 3064 sk = sk_nulls_next(start_sk); 3065 sk_nulls_for_each_from(sk, node) { 3066 if (seq_sk_match(seq, sk)) { 3067 if (iter->end_sk < iter->max_sk) { 3068 sock_hold(sk); 3069 iter->batch[iter->end_sk++] = sk; 3070 } 3071 expected++; 3072 } 3073 } 3074 spin_unlock(&hinfo->lhash2[st->bucket].lock); 3075 3076 return expected; 3077 } 3078 3079 static unsigned int bpf_iter_tcp_established_batch(struct seq_file *seq, 3080 struct sock *start_sk) 3081 { 3082 struct inet_hashinfo *hinfo = seq_file_net(seq)->ipv4.tcp_death_row.hashinfo; 3083 struct bpf_tcp_iter_state *iter = seq->private; 3084 struct tcp_iter_state *st = &iter->state; 3085 struct hlist_nulls_node *node; 3086 unsigned int expected = 1; 3087 struct sock *sk; 3088 3089 sock_hold(start_sk); 3090 iter->batch[iter->end_sk++] = start_sk; 3091 3092 sk = sk_nulls_next(start_sk); 3093 sk_nulls_for_each_from(sk, node) { 3094 if (seq_sk_match(seq, sk)) { 3095 if (iter->end_sk < iter->max_sk) { 3096 sock_hold(sk); 3097 iter->batch[iter->end_sk++] = sk; 3098 } 3099 expected++; 3100 } 3101 } 3102 spin_unlock_bh(inet_ehash_lockp(hinfo, st->bucket)); 3103 3104 return expected; 3105 } 3106 3107 static struct sock *bpf_iter_tcp_batch(struct seq_file *seq) 3108 { 3109 struct inet_hashinfo *hinfo = seq_file_net(seq)->ipv4.tcp_death_row.hashinfo; 3110 struct bpf_tcp_iter_state *iter = seq->private; 3111 struct tcp_iter_state *st = &iter->state; 3112 unsigned int expected; 3113 bool resized = false; 3114 struct sock *sk; 3115 3116 /* The st->bucket is done. Directly advance to the next 3117 * bucket instead of having the tcp_seek_last_pos() to skip 3118 * one by one in the current bucket and eventually find out 3119 * it has to advance to the next bucket. 3120 */ 3121 if (iter->st_bucket_done) { 3122 st->offset = 0; 3123 st->bucket++; 3124 if (st->state == TCP_SEQ_STATE_LISTENING && 3125 st->bucket > hinfo->lhash2_mask) { 3126 st->state = TCP_SEQ_STATE_ESTABLISHED; 3127 st->bucket = 0; 3128 } 3129 } 3130 3131 again: 3132 /* Get a new batch */ 3133 iter->cur_sk = 0; 3134 iter->end_sk = 0; 3135 iter->st_bucket_done = false; 3136 3137 sk = tcp_seek_last_pos(seq); 3138 if (!sk) 3139 return NULL; /* Done */ 3140 3141 if (st->state == TCP_SEQ_STATE_LISTENING) 3142 expected = bpf_iter_tcp_listening_batch(seq, sk); 3143 else 3144 expected = bpf_iter_tcp_established_batch(seq, sk); 3145 3146 if (iter->end_sk == expected) { 3147 iter->st_bucket_done = true; 3148 return sk; 3149 } 3150 3151 if (!resized && !bpf_iter_tcp_realloc_batch(iter, expected * 3 / 2)) { 3152 resized = true; 3153 goto again; 3154 } 3155 3156 return sk; 3157 } 3158 3159 static void *bpf_iter_tcp_seq_start(struct seq_file *seq, loff_t *pos) 3160 { 3161 /* bpf iter does not support lseek, so it always 3162 * continue from where it was stop()-ped. 3163 */ 3164 if (*pos) 3165 return bpf_iter_tcp_batch(seq); 3166 3167 return SEQ_START_TOKEN; 3168 } 3169 3170 static void *bpf_iter_tcp_seq_next(struct seq_file *seq, void *v, loff_t *pos) 3171 { 3172 struct bpf_tcp_iter_state *iter = seq->private; 3173 struct tcp_iter_state *st = &iter->state; 3174 struct sock *sk; 3175 3176 /* Whenever seq_next() is called, the iter->cur_sk is 3177 * done with seq_show(), so advance to the next sk in 3178 * the batch. 3179 */ 3180 if (iter->cur_sk < iter->end_sk) { 3181 /* Keeping st->num consistent in tcp_iter_state. 3182 * bpf_iter_tcp does not use st->num. 3183 * meta.seq_num is used instead. 3184 */ 3185 st->num++; 3186 /* Move st->offset to the next sk in the bucket such that 3187 * the future start() will resume at st->offset in 3188 * st->bucket. See tcp_seek_last_pos(). 3189 */ 3190 st->offset++; 3191 sock_gen_put(iter->batch[iter->cur_sk++]); 3192 } 3193 3194 if (iter->cur_sk < iter->end_sk) 3195 sk = iter->batch[iter->cur_sk]; 3196 else 3197 sk = bpf_iter_tcp_batch(seq); 3198 3199 ++*pos; 3200 /* Keeping st->last_pos consistent in tcp_iter_state. 3201 * bpf iter does not do lseek, so st->last_pos always equals to *pos. 3202 */ 3203 st->last_pos = *pos; 3204 return sk; 3205 } 3206 3207 static int bpf_iter_tcp_seq_show(struct seq_file *seq, void *v) 3208 { 3209 struct bpf_iter_meta meta; 3210 struct bpf_prog *prog; 3211 struct sock *sk = v; 3212 uid_t uid; 3213 int ret; 3214 3215 if (v == SEQ_START_TOKEN) 3216 return 0; 3217 3218 if (sk_fullsock(sk)) 3219 lock_sock(sk); 3220 3221 if (unlikely(sk_unhashed(sk))) { 3222 ret = SEQ_SKIP; 3223 goto unlock; 3224 } 3225 3226 if (sk->sk_state == TCP_TIME_WAIT) { 3227 uid = 0; 3228 } else if (sk->sk_state == TCP_NEW_SYN_RECV) { 3229 const struct request_sock *req = v; 3230 3231 uid = from_kuid_munged(seq_user_ns(seq), 3232 sock_i_uid(req->rsk_listener)); 3233 } else { 3234 uid = from_kuid_munged(seq_user_ns(seq), sock_i_uid(sk)); 3235 } 3236 3237 meta.seq = seq; 3238 prog = bpf_iter_get_info(&meta, false); 3239 ret = tcp_prog_seq_show(prog, &meta, v, uid); 3240 3241 unlock: 3242 if (sk_fullsock(sk)) 3243 release_sock(sk); 3244 return ret; 3245 3246 } 3247 3248 static void bpf_iter_tcp_seq_stop(struct seq_file *seq, void *v) 3249 { 3250 struct bpf_tcp_iter_state *iter = seq->private; 3251 struct bpf_iter_meta meta; 3252 struct bpf_prog *prog; 3253 3254 if (!v) { 3255 meta.seq = seq; 3256 prog = bpf_iter_get_info(&meta, true); 3257 if (prog) 3258 (void)tcp_prog_seq_show(prog, &meta, v, 0); 3259 } 3260 3261 if (iter->cur_sk < iter->end_sk) { 3262 bpf_iter_tcp_put_batch(iter); 3263 iter->st_bucket_done = false; 3264 } 3265 } 3266 3267 static const struct seq_operations bpf_iter_tcp_seq_ops = { 3268 .show = bpf_iter_tcp_seq_show, 3269 .start = bpf_iter_tcp_seq_start, 3270 .next = bpf_iter_tcp_seq_next, 3271 .stop = bpf_iter_tcp_seq_stop, 3272 }; 3273 #endif 3274 static unsigned short seq_file_family(const struct seq_file *seq) 3275 { 3276 const struct tcp_seq_afinfo *afinfo; 3277 3278 #ifdef CONFIG_BPF_SYSCALL 3279 /* Iterated from bpf_iter. Let the bpf prog to filter instead. */ 3280 if (seq->op == &bpf_iter_tcp_seq_ops) 3281 return AF_UNSPEC; 3282 #endif 3283 3284 /* Iterated from proc fs */ 3285 afinfo = pde_data(file_inode(seq->file)); 3286 return afinfo->family; 3287 } 3288 3289 static const struct seq_operations tcp4_seq_ops = { 3290 .show = tcp4_seq_show, 3291 .start = tcp_seq_start, 3292 .next = tcp_seq_next, 3293 .stop = tcp_seq_stop, 3294 }; 3295 3296 static struct tcp_seq_afinfo tcp4_seq_afinfo = { 3297 .family = AF_INET, 3298 }; 3299 3300 static int __net_init tcp4_proc_init_net(struct net *net) 3301 { 3302 if (!proc_create_net_data("tcp", 0444, net->proc_net, &tcp4_seq_ops, 3303 sizeof(struct tcp_iter_state), &tcp4_seq_afinfo)) 3304 return -ENOMEM; 3305 return 0; 3306 } 3307 3308 static void __net_exit tcp4_proc_exit_net(struct net *net) 3309 { 3310 remove_proc_entry("tcp", net->proc_net); 3311 } 3312 3313 static struct pernet_operations tcp4_net_ops = { 3314 .init = tcp4_proc_init_net, 3315 .exit = tcp4_proc_exit_net, 3316 }; 3317 3318 int __init tcp4_proc_init(void) 3319 { 3320 return register_pernet_subsys(&tcp4_net_ops); 3321 } 3322 3323 void tcp4_proc_exit(void) 3324 { 3325 unregister_pernet_subsys(&tcp4_net_ops); 3326 } 3327 #endif /* CONFIG_PROC_FS */ 3328 3329 /* @wake is one when sk_stream_write_space() calls us. 3330 * This sends EPOLLOUT only if notsent_bytes is half the limit. 3331 * This mimics the strategy used in sock_def_write_space(). 3332 */ 3333 bool tcp_stream_memory_free(const struct sock *sk, int wake) 3334 { 3335 const struct tcp_sock *tp = tcp_sk(sk); 3336 u32 notsent_bytes = READ_ONCE(tp->write_seq) - 3337 READ_ONCE(tp->snd_nxt); 3338 3339 return (notsent_bytes << wake) < tcp_notsent_lowat(tp); 3340 } 3341 EXPORT_SYMBOL(tcp_stream_memory_free); 3342 3343 struct proto tcp_prot = { 3344 .name = "TCP", 3345 .owner = THIS_MODULE, 3346 .close = tcp_close, 3347 .pre_connect = tcp_v4_pre_connect, 3348 .connect = tcp_v4_connect, 3349 .disconnect = tcp_disconnect, 3350 .accept = inet_csk_accept, 3351 .ioctl = tcp_ioctl, 3352 .init = tcp_v4_init_sock, 3353 .destroy = tcp_v4_destroy_sock, 3354 .shutdown = tcp_shutdown, 3355 .setsockopt = tcp_setsockopt, 3356 .getsockopt = tcp_getsockopt, 3357 .bpf_bypass_getsockopt = tcp_bpf_bypass_getsockopt, 3358 .keepalive = tcp_set_keepalive, 3359 .recvmsg = tcp_recvmsg, 3360 .sendmsg = tcp_sendmsg, 3361 .splice_eof = tcp_splice_eof, 3362 .backlog_rcv = tcp_v4_do_rcv, 3363 .release_cb = tcp_release_cb, 3364 .hash = inet_hash, 3365 .unhash = inet_unhash, 3366 .get_port = inet_csk_get_port, 3367 .put_port = inet_put_port, 3368 #ifdef CONFIG_BPF_SYSCALL 3369 .psock_update_sk_prot = tcp_bpf_update_proto, 3370 #endif 3371 .enter_memory_pressure = tcp_enter_memory_pressure, 3372 .leave_memory_pressure = tcp_leave_memory_pressure, 3373 .stream_memory_free = tcp_stream_memory_free, 3374 .sockets_allocated = &tcp_sockets_allocated, 3375 .orphan_count = &tcp_orphan_count, 3376 3377 .memory_allocated = &tcp_memory_allocated, 3378 .per_cpu_fw_alloc = &tcp_memory_per_cpu_fw_alloc, 3379 3380 .memory_pressure = &tcp_memory_pressure, 3381 .sysctl_mem = sysctl_tcp_mem, 3382 .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_tcp_wmem), 3383 .sysctl_rmem_offset = offsetof(struct net, ipv4.sysctl_tcp_rmem), 3384 .max_header = MAX_TCP_HEADER, 3385 .obj_size = sizeof(struct tcp_sock), 3386 .slab_flags = SLAB_TYPESAFE_BY_RCU, 3387 .twsk_prot = &tcp_timewait_sock_ops, 3388 .rsk_prot = &tcp_request_sock_ops, 3389 .h.hashinfo = NULL, 3390 .no_autobind = true, 3391 .diag_destroy = tcp_abort, 3392 }; 3393 EXPORT_SYMBOL(tcp_prot); 3394 3395 static void __net_exit tcp_sk_exit(struct net *net) 3396 { 3397 if (net->ipv4.tcp_congestion_control) 3398 bpf_module_put(net->ipv4.tcp_congestion_control, 3399 net->ipv4.tcp_congestion_control->owner); 3400 } 3401 3402 static void __net_init tcp_set_hashinfo(struct net *net) 3403 { 3404 struct inet_hashinfo *hinfo; 3405 unsigned int ehash_entries; 3406 struct net *old_net; 3407 3408 if (net_eq(net, &init_net)) 3409 goto fallback; 3410 3411 old_net = current->nsproxy->net_ns; 3412 ehash_entries = READ_ONCE(old_net->ipv4.sysctl_tcp_child_ehash_entries); 3413 if (!ehash_entries) 3414 goto fallback; 3415 3416 ehash_entries = roundup_pow_of_two(ehash_entries); 3417 hinfo = inet_pernet_hashinfo_alloc(&tcp_hashinfo, ehash_entries); 3418 if (!hinfo) { 3419 pr_warn("Failed to allocate TCP ehash (entries: %u) " 3420 "for a netns, fallback to the global one\n", 3421 ehash_entries); 3422 fallback: 3423 hinfo = &tcp_hashinfo; 3424 ehash_entries = tcp_hashinfo.ehash_mask + 1; 3425 } 3426 3427 net->ipv4.tcp_death_row.hashinfo = hinfo; 3428 net->ipv4.tcp_death_row.sysctl_max_tw_buckets = ehash_entries / 2; 3429 net->ipv4.sysctl_max_syn_backlog = max(128U, ehash_entries / 128); 3430 } 3431 3432 static int __net_init tcp_sk_init(struct net *net) 3433 { 3434 net->ipv4.sysctl_tcp_ecn = 2; 3435 net->ipv4.sysctl_tcp_ecn_fallback = 1; 3436 3437 net->ipv4.sysctl_tcp_base_mss = TCP_BASE_MSS; 3438 net->ipv4.sysctl_tcp_min_snd_mss = TCP_MIN_SND_MSS; 3439 net->ipv4.sysctl_tcp_probe_threshold = TCP_PROBE_THRESHOLD; 3440 net->ipv4.sysctl_tcp_probe_interval = TCP_PROBE_INTERVAL; 3441 net->ipv4.sysctl_tcp_mtu_probe_floor = TCP_MIN_SND_MSS; 3442 3443 net->ipv4.sysctl_tcp_keepalive_time = TCP_KEEPALIVE_TIME; 3444 net->ipv4.sysctl_tcp_keepalive_probes = TCP_KEEPALIVE_PROBES; 3445 net->ipv4.sysctl_tcp_keepalive_intvl = TCP_KEEPALIVE_INTVL; 3446 3447 net->ipv4.sysctl_tcp_syn_retries = TCP_SYN_RETRIES; 3448 net->ipv4.sysctl_tcp_synack_retries = TCP_SYNACK_RETRIES; 3449 net->ipv4.sysctl_tcp_syncookies = 1; 3450 net->ipv4.sysctl_tcp_reordering = TCP_FASTRETRANS_THRESH; 3451 net->ipv4.sysctl_tcp_retries1 = TCP_RETR1; 3452 net->ipv4.sysctl_tcp_retries2 = TCP_RETR2; 3453 net->ipv4.sysctl_tcp_orphan_retries = 0; 3454 net->ipv4.sysctl_tcp_fin_timeout = TCP_FIN_TIMEOUT; 3455 net->ipv4.sysctl_tcp_notsent_lowat = UINT_MAX; 3456 net->ipv4.sysctl_tcp_tw_reuse = 2; 3457 net->ipv4.sysctl_tcp_no_ssthresh_metrics_save = 1; 3458 3459 refcount_set(&net->ipv4.tcp_death_row.tw_refcount, 1); 3460 tcp_set_hashinfo(net); 3461 3462 net->ipv4.sysctl_tcp_sack = 1; 3463 net->ipv4.sysctl_tcp_window_scaling = 1; 3464 net->ipv4.sysctl_tcp_timestamps = 1; 3465 net->ipv4.sysctl_tcp_early_retrans = 3; 3466 net->ipv4.sysctl_tcp_recovery = TCP_RACK_LOSS_DETECTION; 3467 net->ipv4.sysctl_tcp_slow_start_after_idle = 1; /* By default, RFC2861 behavior. */ 3468 net->ipv4.sysctl_tcp_retrans_collapse = 1; 3469 net->ipv4.sysctl_tcp_max_reordering = 300; 3470 net->ipv4.sysctl_tcp_dsack = 1; 3471 net->ipv4.sysctl_tcp_app_win = 31; 3472 net->ipv4.sysctl_tcp_adv_win_scale = 1; 3473 net->ipv4.sysctl_tcp_frto = 2; 3474 net->ipv4.sysctl_tcp_moderate_rcvbuf = 1; 3475 /* This limits the percentage of the congestion window which we 3476 * will allow a single TSO frame to consume. Building TSO frames 3477 * which are too large can cause TCP streams to be bursty. 3478 */ 3479 net->ipv4.sysctl_tcp_tso_win_divisor = 3; 3480 /* Default TSQ limit of 16 TSO segments */ 3481 net->ipv4.sysctl_tcp_limit_output_bytes = 16 * 65536; 3482 3483 /* rfc5961 challenge ack rate limiting, per net-ns, disabled by default. */ 3484 net->ipv4.sysctl_tcp_challenge_ack_limit = INT_MAX; 3485 3486 net->ipv4.sysctl_tcp_min_tso_segs = 2; 3487 net->ipv4.sysctl_tcp_tso_rtt_log = 9; /* 2^9 = 512 usec */ 3488 net->ipv4.sysctl_tcp_min_rtt_wlen = 300; 3489 net->ipv4.sysctl_tcp_autocorking = 1; 3490 net->ipv4.sysctl_tcp_invalid_ratelimit = HZ/2; 3491 net->ipv4.sysctl_tcp_pacing_ss_ratio = 200; 3492 net->ipv4.sysctl_tcp_pacing_ca_ratio = 120; 3493 if (net != &init_net) { 3494 memcpy(net->ipv4.sysctl_tcp_rmem, 3495 init_net.ipv4.sysctl_tcp_rmem, 3496 sizeof(init_net.ipv4.sysctl_tcp_rmem)); 3497 memcpy(net->ipv4.sysctl_tcp_wmem, 3498 init_net.ipv4.sysctl_tcp_wmem, 3499 sizeof(init_net.ipv4.sysctl_tcp_wmem)); 3500 } 3501 net->ipv4.sysctl_tcp_comp_sack_delay_ns = NSEC_PER_MSEC; 3502 net->ipv4.sysctl_tcp_comp_sack_slack_ns = 100 * NSEC_PER_USEC; 3503 net->ipv4.sysctl_tcp_comp_sack_nr = 44; 3504 net->ipv4.sysctl_tcp_backlog_ack_defer = 1; 3505 net->ipv4.sysctl_tcp_fastopen = TFO_CLIENT_ENABLE; 3506 net->ipv4.sysctl_tcp_fastopen_blackhole_timeout = 0; 3507 atomic_set(&net->ipv4.tfo_active_disable_times, 0); 3508 3509 /* Set default values for PLB */ 3510 net->ipv4.sysctl_tcp_plb_enabled = 0; /* Disabled by default */ 3511 net->ipv4.sysctl_tcp_plb_idle_rehash_rounds = 3; 3512 net->ipv4.sysctl_tcp_plb_rehash_rounds = 12; 3513 net->ipv4.sysctl_tcp_plb_suspend_rto_sec = 60; 3514 /* Default congestion threshold for PLB to mark a round is 50% */ 3515 net->ipv4.sysctl_tcp_plb_cong_thresh = (1 << TCP_PLB_SCALE) / 2; 3516 3517 /* Reno is always built in */ 3518 if (!net_eq(net, &init_net) && 3519 bpf_try_module_get(init_net.ipv4.tcp_congestion_control, 3520 init_net.ipv4.tcp_congestion_control->owner)) 3521 net->ipv4.tcp_congestion_control = init_net.ipv4.tcp_congestion_control; 3522 else 3523 net->ipv4.tcp_congestion_control = &tcp_reno; 3524 3525 net->ipv4.sysctl_tcp_syn_linear_timeouts = 4; 3526 net->ipv4.sysctl_tcp_shrink_window = 0; 3527 3528 net->ipv4.sysctl_tcp_pingpong_thresh = 1; 3529 net->ipv4.sysctl_tcp_rto_min_us = jiffies_to_usecs(TCP_RTO_MIN); 3530 3531 return 0; 3532 } 3533 3534 static void __net_exit tcp_sk_exit_batch(struct list_head *net_exit_list) 3535 { 3536 struct net *net; 3537 3538 /* make sure concurrent calls to tcp_sk_exit_batch from net_cleanup_work 3539 * and failed setup_net error unwinding path are serialized. 3540 * 3541 * tcp_twsk_purge() handles twsk in any dead netns, not just those in 3542 * net_exit_list, the thread that dismantles a particular twsk must 3543 * do so without other thread progressing to refcount_dec_and_test() of 3544 * tcp_death_row.tw_refcount. 3545 */ 3546 mutex_lock(&tcp_exit_batch_mutex); 3547 3548 tcp_twsk_purge(net_exit_list); 3549 3550 list_for_each_entry(net, net_exit_list, exit_list) { 3551 inet_pernet_hashinfo_free(net->ipv4.tcp_death_row.hashinfo); 3552 WARN_ON_ONCE(!refcount_dec_and_test(&net->ipv4.tcp_death_row.tw_refcount)); 3553 tcp_fastopen_ctx_destroy(net); 3554 } 3555 3556 mutex_unlock(&tcp_exit_batch_mutex); 3557 } 3558 3559 static struct pernet_operations __net_initdata tcp_sk_ops = { 3560 .init = tcp_sk_init, 3561 .exit = tcp_sk_exit, 3562 .exit_batch = tcp_sk_exit_batch, 3563 }; 3564 3565 #if defined(CONFIG_BPF_SYSCALL) && defined(CONFIG_PROC_FS) 3566 DEFINE_BPF_ITER_FUNC(tcp, struct bpf_iter_meta *meta, 3567 struct sock_common *sk_common, uid_t uid) 3568 3569 #define INIT_BATCH_SZ 16 3570 3571 static int bpf_iter_init_tcp(void *priv_data, struct bpf_iter_aux_info *aux) 3572 { 3573 struct bpf_tcp_iter_state *iter = priv_data; 3574 int err; 3575 3576 err = bpf_iter_init_seq_net(priv_data, aux); 3577 if (err) 3578 return err; 3579 3580 err = bpf_iter_tcp_realloc_batch(iter, INIT_BATCH_SZ); 3581 if (err) { 3582 bpf_iter_fini_seq_net(priv_data); 3583 return err; 3584 } 3585 3586 return 0; 3587 } 3588 3589 static void bpf_iter_fini_tcp(void *priv_data) 3590 { 3591 struct bpf_tcp_iter_state *iter = priv_data; 3592 3593 bpf_iter_fini_seq_net(priv_data); 3594 kvfree(iter->batch); 3595 } 3596 3597 static const struct bpf_iter_seq_info tcp_seq_info = { 3598 .seq_ops = &bpf_iter_tcp_seq_ops, 3599 .init_seq_private = bpf_iter_init_tcp, 3600 .fini_seq_private = bpf_iter_fini_tcp, 3601 .seq_priv_size = sizeof(struct bpf_tcp_iter_state), 3602 }; 3603 3604 static const struct bpf_func_proto * 3605 bpf_iter_tcp_get_func_proto(enum bpf_func_id func_id, 3606 const struct bpf_prog *prog) 3607 { 3608 switch (func_id) { 3609 case BPF_FUNC_setsockopt: 3610 return &bpf_sk_setsockopt_proto; 3611 case BPF_FUNC_getsockopt: 3612 return &bpf_sk_getsockopt_proto; 3613 default: 3614 return NULL; 3615 } 3616 } 3617 3618 static struct bpf_iter_reg tcp_reg_info = { 3619 .target = "tcp", 3620 .ctx_arg_info_size = 1, 3621 .ctx_arg_info = { 3622 { offsetof(struct bpf_iter__tcp, sk_common), 3623 PTR_TO_BTF_ID_OR_NULL | PTR_TRUSTED }, 3624 }, 3625 .get_func_proto = bpf_iter_tcp_get_func_proto, 3626 .seq_info = &tcp_seq_info, 3627 }; 3628 3629 static void __init bpf_iter_register(void) 3630 { 3631 tcp_reg_info.ctx_arg_info[0].btf_id = btf_sock_ids[BTF_SOCK_TYPE_SOCK_COMMON]; 3632 if (bpf_iter_reg_target(&tcp_reg_info)) 3633 pr_warn("Warning: could not register bpf iterator tcp\n"); 3634 } 3635 3636 #endif 3637 3638 void __init tcp_v4_init(void) 3639 { 3640 int cpu, res; 3641 3642 for_each_possible_cpu(cpu) { 3643 struct sock *sk; 3644 3645 res = inet_ctl_sock_create(&sk, PF_INET, SOCK_RAW, 3646 IPPROTO_TCP, &init_net); 3647 if (res) 3648 panic("Failed to create the TCP control socket.\n"); 3649 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE); 3650 3651 /* Please enforce IP_DF and IPID==0 for RST and 3652 * ACK sent in SYN-RECV and TIME-WAIT state. 3653 */ 3654 inet_sk(sk)->pmtudisc = IP_PMTUDISC_DO; 3655 3656 sk->sk_clockid = CLOCK_MONOTONIC; 3657 3658 per_cpu(ipv4_tcp_sk.sock, cpu) = sk; 3659 } 3660 if (register_pernet_subsys(&tcp_sk_ops)) 3661 panic("Failed to create the TCP control socket.\n"); 3662 3663 #if defined(CONFIG_BPF_SYSCALL) && defined(CONFIG_PROC_FS) 3664 bpf_iter_register(); 3665 #endif 3666 } 3667