2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * Implementation of the Transmission Control Protocol(TCP).
8 * IPv4 specific functions
13 * linux/ipv4/tcp_input.c
14 * linux/ipv4/tcp_output.c
16 * See tcp.c for author information
18 * This program is free software; you can redistribute it and/or
19 * modify it under the terms of the GNU General Public License
20 * as published by the Free Software Foundation; either version
21 * 2 of the License, or (at your option) any later version.
26 * David S. Miller : New socket lookup architecture.
27 * This code is dedicated to John Dyson.
28 * David S. Miller : Change semantics of established hash,
29 * half is devoted to TIME_WAIT sockets
30 * and the rest go in the other half.
31 * Andi Kleen : Add support for syncookies and fixed
32 * some bugs: ip options weren't passed to
33 * the TCP layer, missed a check for an
35 * Andi Kleen : Implemented fast path mtu discovery.
36 * Fixed many serious bugs in the
37 * request_sock handling and moved
38 * most of it into the af independent code.
39 * Added tail drop and some other bugfixes.
40 * Added new listen semantics.
41 * Mike McLagan : Routing by source
42 * Juan Jose Ciarlante: ip_dynaddr bits
43 * Andi Kleen: various fixes.
44 * Vitaly E. Lavrov : Transparent proxy revived after year
46 * Andi Kleen : Fix new listen.
47 * Andi Kleen : Fix accept error reporting.
48 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
49 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
50 * a single port at the same time.
53 #define pr_fmt(fmt) "TCP: " fmt
55 #include <linux/bottom_half.h>
56 #include <linux/types.h>
57 #include <linux/fcntl.h>
58 #include <linux/module.h>
59 #include <linux/random.h>
60 #include <linux/cache.h>
61 #include <linux/jhash.h>
62 #include <linux/init.h>
63 #include <linux/times.h>
64 #include <linux/slab.h>
66 #include <net/net_namespace.h>
68 #include <net/inet_hashtables.h>
70 #include <net/transp_v6.h>
72 #include <net/inet_common.h>
73 #include <net/timewait_sock.h>
75 #include <net/netdma.h>
76 #include <net/secure_seq.h>
77 #include <net/tcp_memcontrol.h>
78 #include <net/busy_poll.h>
80 #include <linux/inet.h>
81 #include <linux/ipv6.h>
82 #include <linux/stddef.h>
83 #include <linux/proc_fs.h>
84 #include <linux/seq_file.h>
86 #include <linux/crypto.h>
87 #include <linux/scatterlist.h>
89 int sysctl_tcp_tw_reuse __read_mostly;
90 int sysctl_tcp_low_latency __read_mostly;
91 EXPORT_SYMBOL(sysctl_tcp_low_latency);
93 #ifdef CONFIG_TCP_MD5SIG
94 static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
95 __be32 daddr, __be32 saddr, const struct tcphdr *th);
98 struct inet_hashinfo tcp_hashinfo;
99 EXPORT_SYMBOL(tcp_hashinfo);
101 static __u32 tcp_v4_init_sequence(const struct sk_buff *skb)
103 return secure_tcp_sequence_number(ip_hdr(skb)->daddr,
106 tcp_hdr(skb)->source);
109 int tcp_twsk_unique(struct sock *sk, struct sock *sktw, void *twp)
111 const struct tcp_timewait_sock *tcptw = tcp_twsk(sktw);
112 struct tcp_sock *tp = tcp_sk(sk);
114 /* With PAWS, it is safe from the viewpoint
115 of data integrity. Even without PAWS it is safe provided sequence
116 spaces do not overlap i.e. at data rates <= 80Mbit/sec.
118 Actually, the idea is close to VJ's one, only timestamp cache is
119 held not per host, but per port pair and TW bucket is used as state
122 If TW bucket has been already destroyed we fall back to VJ's scheme
123 and use initial timestamp retrieved from peer table.
125 if (tcptw->tw_ts_recent_stamp &&
126 (twp == NULL || (sysctl_tcp_tw_reuse &&
127 get_seconds() - tcptw->tw_ts_recent_stamp > 1))) {
128 tp->write_seq = tcptw->tw_snd_nxt + 65535 + 2;
129 if (tp->write_seq == 0)
131 tp->rx_opt.ts_recent = tcptw->tw_ts_recent;
132 tp->rx_opt.ts_recent_stamp = tcptw->tw_ts_recent_stamp;
139 EXPORT_SYMBOL_GPL(tcp_twsk_unique);
141 /* This will initiate an outgoing connection. */
142 int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
144 struct sockaddr_in *usin = (struct sockaddr_in *)uaddr;
145 struct inet_sock *inet = inet_sk(sk);
146 struct tcp_sock *tp = tcp_sk(sk);
147 __be16 orig_sport, orig_dport;
148 __be32 daddr, nexthop;
152 struct ip_options_rcu *inet_opt;
154 if (addr_len < sizeof(struct sockaddr_in))
157 if (usin->sin_family != AF_INET)
158 return -EAFNOSUPPORT;
160 nexthop = daddr = usin->sin_addr.s_addr;
161 inet_opt = rcu_dereference_protected(inet->inet_opt,
162 sock_owned_by_user(sk));
163 if (inet_opt && inet_opt->opt.srr) {
166 nexthop = inet_opt->opt.faddr;
169 orig_sport = inet->inet_sport;
170 orig_dport = usin->sin_port;
171 fl4 = &inet->cork.fl.u.ip4;
172 rt = ip_route_connect(fl4, nexthop, inet->inet_saddr,
173 RT_CONN_FLAGS(sk), sk->sk_bound_dev_if,
175 orig_sport, orig_dport, sk);
178 if (err == -ENETUNREACH)
179 IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
183 if (rt->rt_flags & (RTCF_MULTICAST | RTCF_BROADCAST)) {
188 if (!inet_opt || !inet_opt->opt.srr)
191 if (!inet->inet_saddr)
192 inet->inet_saddr = fl4->saddr;
193 inet->inet_rcv_saddr = inet->inet_saddr;
195 if (tp->rx_opt.ts_recent_stamp && inet->inet_daddr != daddr) {
196 /* Reset inherited state */
197 tp->rx_opt.ts_recent = 0;
198 tp->rx_opt.ts_recent_stamp = 0;
199 if (likely(!tp->repair))
203 if (tcp_death_row.sysctl_tw_recycle &&
204 !tp->rx_opt.ts_recent_stamp && fl4->daddr == daddr)
205 tcp_fetch_timewait_stamp(sk, &rt->dst);
207 inet->inet_dport = usin->sin_port;
208 inet->inet_daddr = daddr;
212 inet_csk(sk)->icsk_ext_hdr_len = 0;
214 inet_csk(sk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
216 tp->rx_opt.mss_clamp = TCP_MSS_DEFAULT;
218 /* Socket identity is still unknown (sport may be zero).
219 * However we set state to SYN-SENT and not releasing socket
220 * lock select source port, enter ourselves into the hash tables and
221 * complete initialization after this.
223 tcp_set_state(sk, TCP_SYN_SENT);
224 err = inet_hash_connect(&tcp_death_row, sk);
228 rt = ip_route_newports(fl4, rt, orig_sport, orig_dport,
229 inet->inet_sport, inet->inet_dport, sk);
235 /* OK, now commit destination to socket. */
236 sk->sk_gso_type = SKB_GSO_TCPV4;
237 sk_setup_caps(sk, &rt->dst);
239 if (!tp->write_seq && likely(!tp->repair))
240 tp->write_seq = secure_tcp_sequence_number(inet->inet_saddr,
245 inet->inet_id = tp->write_seq ^ jiffies;
247 err = tcp_connect(sk);
257 * This unhashes the socket and releases the local port,
260 tcp_set_state(sk, TCP_CLOSE);
262 sk->sk_route_caps = 0;
263 inet->inet_dport = 0;
266 EXPORT_SYMBOL(tcp_v4_connect);
269 * This routine reacts to ICMP_FRAG_NEEDED mtu indications as defined in RFC1191.
270 * It can be called through tcp_release_cb() if socket was owned by user
271 * at the time tcp_v4_err() was called to handle ICMP message.
273 void tcp_v4_mtu_reduced(struct sock *sk)
275 struct dst_entry *dst;
276 struct inet_sock *inet = inet_sk(sk);
277 u32 mtu = tcp_sk(sk)->mtu_info;
279 dst = inet_csk_update_pmtu(sk, mtu);
283 /* Something is about to be wrong... Remember soft error
284 * for the case, if this connection will not able to recover.
286 if (mtu < dst_mtu(dst) && ip_dont_fragment(sk, dst))
287 sk->sk_err_soft = EMSGSIZE;
291 if (inet->pmtudisc != IP_PMTUDISC_DONT &&
292 ip_sk_accept_pmtu(sk) &&
293 inet_csk(sk)->icsk_pmtu_cookie > mtu) {
294 tcp_sync_mss(sk, mtu);
296 /* Resend the TCP packet because it's
297 * clear that the old packet has been
298 * dropped. This is the new "fast" path mtu
301 tcp_simple_retransmit(sk);
302 } /* else let the usual retransmit timer handle it */
304 EXPORT_SYMBOL(tcp_v4_mtu_reduced);
306 static void do_redirect(struct sk_buff *skb, struct sock *sk)
308 struct dst_entry *dst = __sk_dst_check(sk, 0);
311 dst->ops->redirect(dst, sk, skb);
315 * This routine is called by the ICMP module when it gets some
316 * sort of error condition. If err < 0 then the socket should
317 * be closed and the error returned to the user. If err > 0
318 * it's just the icmp type << 8 | icmp code. After adjustment
319 * header points to the first 8 bytes of the tcp header. We need
320 * to find the appropriate port.
322 * The locking strategy used here is very "optimistic". When
323 * someone else accesses the socket the ICMP is just dropped
324 * and for some paths there is no check at all.
325 * A more general error queue to queue errors for later handling
326 * is probably better.
330 void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
332 const struct iphdr *iph = (const struct iphdr *)icmp_skb->data;
333 struct tcphdr *th = (struct tcphdr *)(icmp_skb->data + (iph->ihl << 2));
334 struct inet_connection_sock *icsk;
336 struct inet_sock *inet;
337 const int type = icmp_hdr(icmp_skb)->type;
338 const int code = icmp_hdr(icmp_skb)->code;
341 struct request_sock *fastopen;
345 struct net *net = dev_net(icmp_skb->dev);
347 sk = inet_lookup(net, &tcp_hashinfo, iph->daddr, th->dest,
348 iph->saddr, th->source, inet_iif(icmp_skb));
350 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
353 if (sk->sk_state == TCP_TIME_WAIT) {
354 inet_twsk_put(inet_twsk(sk));
359 /* If too many ICMPs get dropped on busy
360 * servers this needs to be solved differently.
361 * We do take care of PMTU discovery (RFC1191) special case :
362 * we can receive locally generated ICMP messages while socket is held.
364 if (sock_owned_by_user(sk)) {
365 if (!(type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED))
366 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
368 if (sk->sk_state == TCP_CLOSE)
371 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
372 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
378 seq = ntohl(th->seq);
379 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
380 fastopen = tp->fastopen_rsk;
381 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
382 if (sk->sk_state != TCP_LISTEN &&
383 !between(seq, snd_una, tp->snd_nxt)) {
384 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
390 do_redirect(icmp_skb, sk);
392 case ICMP_SOURCE_QUENCH:
393 /* Just silently ignore these. */
395 case ICMP_PARAMETERPROB:
398 case ICMP_DEST_UNREACH:
399 if (code > NR_ICMP_UNREACH)
402 if (code == ICMP_FRAG_NEEDED) { /* PMTU discovery (RFC1191) */
403 /* We are not interested in TCP_LISTEN and open_requests
404 * (SYN-ACKs send out by Linux are always <576bytes so
405 * they should go through unfragmented).
407 if (sk->sk_state == TCP_LISTEN)
411 if (!sock_owned_by_user(sk)) {
412 tcp_v4_mtu_reduced(sk);
414 if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED, &tp->tsq_flags))
420 err = icmp_err_convert[code].errno;
421 /* check if icmp_skb allows revert of backoff
422 * (see draft-zimmermann-tcp-lcd) */
423 if (code != ICMP_NET_UNREACH && code != ICMP_HOST_UNREACH)
425 if (seq != tp->snd_una || !icsk->icsk_retransmits ||
426 !icsk->icsk_backoff || fastopen)
429 if (sock_owned_by_user(sk))
432 icsk->icsk_backoff--;
433 icsk->icsk_rto = tp->srtt_us ? __tcp_set_rto(tp) :
435 icsk->icsk_rto = inet_csk_rto_backoff(icsk, TCP_RTO_MAX);
437 skb = tcp_write_queue_head(sk);
440 remaining = icsk->icsk_rto -
442 tcp_time_stamp - tcp_skb_timestamp(skb));
445 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
446 remaining, TCP_RTO_MAX);
448 /* RTO revert clocked out retransmission.
449 * Will retransmit now */
450 tcp_retransmit_timer(sk);
454 case ICMP_TIME_EXCEEDED:
461 switch (sk->sk_state) {
462 struct request_sock *req, **prev;
464 if (sock_owned_by_user(sk))
467 req = inet_csk_search_req(sk, &prev, th->dest,
468 iph->daddr, iph->saddr);
472 /* ICMPs are not backlogged, hence we cannot get
473 an established socket here.
477 if (seq != tcp_rsk(req)->snt_isn) {
478 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
483 * Still in SYN_RECV, just remove it silently.
484 * There is no good way to pass the error to the newly
485 * created socket, and POSIX does not want network
486 * errors returned from accept().
488 inet_csk_reqsk_queue_drop(sk, req, prev);
489 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
494 /* Only in fast or simultaneous open. If a fast open socket is
495 * is already accepted it is treated as a connected one below.
497 if (fastopen && fastopen->sk == NULL)
500 if (!sock_owned_by_user(sk)) {
503 sk->sk_error_report(sk);
507 sk->sk_err_soft = err;
512 /* If we've already connected we will keep trying
513 * until we time out, or the user gives up.
515 * rfc1122 4.2.3.9 allows to consider as hard errors
516 * only PROTO_UNREACH and PORT_UNREACH (well, FRAG_FAILED too,
517 * but it is obsoleted by pmtu discovery).
519 * Note, that in modern internet, where routing is unreliable
520 * and in each dark corner broken firewalls sit, sending random
521 * errors ordered by their masters even this two messages finally lose
522 * their original sense (even Linux sends invalid PORT_UNREACHs)
524 * Now we are in compliance with RFCs.
529 if (!sock_owned_by_user(sk) && inet->recverr) {
531 sk->sk_error_report(sk);
532 } else { /* Only an error on timeout */
533 sk->sk_err_soft = err;
541 void __tcp_v4_send_check(struct sk_buff *skb, __be32 saddr, __be32 daddr)
543 struct tcphdr *th = tcp_hdr(skb);
545 if (skb->ip_summed == CHECKSUM_PARTIAL) {
546 th->check = ~tcp_v4_check(skb->len, saddr, daddr, 0);
547 skb->csum_start = skb_transport_header(skb) - skb->head;
548 skb->csum_offset = offsetof(struct tcphdr, check);
550 th->check = tcp_v4_check(skb->len, saddr, daddr,
557 /* This routine computes an IPv4 TCP checksum. */
558 void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb)
560 const struct inet_sock *inet = inet_sk(sk);
562 __tcp_v4_send_check(skb, inet->inet_saddr, inet->inet_daddr);
564 EXPORT_SYMBOL(tcp_v4_send_check);
567 * This routine will send an RST to the other tcp.
569 * Someone asks: why I NEVER use socket parameters (TOS, TTL etc.)
571 * Answer: if a packet caused RST, it is not for a socket
572 * existing in our system, if it is matched to a socket,
573 * it is just duplicate segment or bug in other side's TCP.
574 * So that we build reply only basing on parameters
575 * arrived with segment.
576 * Exception: precedence violation. We do not implement it in any case.
579 static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
581 const struct tcphdr *th = tcp_hdr(skb);
584 #ifdef CONFIG_TCP_MD5SIG
585 __be32 opt[(TCPOLEN_MD5SIG_ALIGNED >> 2)];
588 struct ip_reply_arg arg;
589 #ifdef CONFIG_TCP_MD5SIG
590 struct tcp_md5sig_key *key;
591 const __u8 *hash_location = NULL;
592 unsigned char newhash[16];
594 struct sock *sk1 = NULL;
598 /* Never send a reset in response to a reset. */
602 if (skb_rtable(skb)->rt_type != RTN_LOCAL)
605 /* Swap the send and the receive. */
606 memset(&rep, 0, sizeof(rep));
607 rep.th.dest = th->source;
608 rep.th.source = th->dest;
609 rep.th.doff = sizeof(struct tcphdr) / 4;
613 rep.th.seq = th->ack_seq;
616 rep.th.ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin +
617 skb->len - (th->doff << 2));
620 memset(&arg, 0, sizeof(arg));
621 arg.iov[0].iov_base = (unsigned char *)&rep;
622 arg.iov[0].iov_len = sizeof(rep.th);
624 #ifdef CONFIG_TCP_MD5SIG
625 hash_location = tcp_parse_md5sig_option(th);
626 if (!sk && hash_location) {
628 * active side is lost. Try to find listening socket through
629 * source port, and then find md5 key through listening socket.
630 * we are not loose security here:
631 * Incoming packet is checked with md5 hash with finding key,
632 * no RST generated if md5 hash doesn't match.
634 sk1 = __inet_lookup_listener(dev_net(skb_dst(skb)->dev),
635 &tcp_hashinfo, ip_hdr(skb)->saddr,
636 th->source, ip_hdr(skb)->daddr,
637 ntohs(th->source), inet_iif(skb));
638 /* don't send rst if it can't find key */
642 key = tcp_md5_do_lookup(sk1, (union tcp_md5_addr *)
643 &ip_hdr(skb)->saddr, AF_INET);
647 genhash = tcp_v4_md5_hash_skb(newhash, key, NULL, NULL, skb);
648 if (genhash || memcmp(hash_location, newhash, 16) != 0)
651 key = sk ? tcp_md5_do_lookup(sk, (union tcp_md5_addr *)
657 rep.opt[0] = htonl((TCPOPT_NOP << 24) |
659 (TCPOPT_MD5SIG << 8) |
661 /* Update length and the length the header thinks exists */
662 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
663 rep.th.doff = arg.iov[0].iov_len / 4;
665 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[1],
666 key, ip_hdr(skb)->saddr,
667 ip_hdr(skb)->daddr, &rep.th);
670 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
671 ip_hdr(skb)->saddr, /* XXX */
672 arg.iov[0].iov_len, IPPROTO_TCP, 0);
673 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
674 arg.flags = (sk && inet_sk(sk)->transparent) ? IP_REPLY_ARG_NOSRCCHECK : 0;
675 /* When socket is gone, all binding information is lost.
676 * routing might fail in this case. No choice here, if we choose to force
677 * input interface, we will misroute in case of asymmetric route.
680 arg.bound_dev_if = sk->sk_bound_dev_if;
682 net = dev_net(skb_dst(skb)->dev);
683 arg.tos = ip_hdr(skb)->tos;
684 ip_send_unicast_reply(net, skb, &TCP_SKB_CB(skb)->header.h4.opt,
685 ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
686 &arg, arg.iov[0].iov_len);
688 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
689 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
691 #ifdef CONFIG_TCP_MD5SIG
700 /* The code following below sending ACKs in SYN-RECV and TIME-WAIT states
701 outside socket context is ugly, certainly. What can I do?
704 static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, u32 ack,
705 u32 win, u32 tsval, u32 tsecr, int oif,
706 struct tcp_md5sig_key *key,
707 int reply_flags, u8 tos)
709 const struct tcphdr *th = tcp_hdr(skb);
712 __be32 opt[(TCPOLEN_TSTAMP_ALIGNED >> 2)
713 #ifdef CONFIG_TCP_MD5SIG
714 + (TCPOLEN_MD5SIG_ALIGNED >> 2)
718 struct ip_reply_arg arg;
719 struct net *net = dev_net(skb_dst(skb)->dev);
721 memset(&rep.th, 0, sizeof(struct tcphdr));
722 memset(&arg, 0, sizeof(arg));
724 arg.iov[0].iov_base = (unsigned char *)&rep;
725 arg.iov[0].iov_len = sizeof(rep.th);
727 rep.opt[0] = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
728 (TCPOPT_TIMESTAMP << 8) |
730 rep.opt[1] = htonl(tsval);
731 rep.opt[2] = htonl(tsecr);
732 arg.iov[0].iov_len += TCPOLEN_TSTAMP_ALIGNED;
735 /* Swap the send and the receive. */
736 rep.th.dest = th->source;
737 rep.th.source = th->dest;
738 rep.th.doff = arg.iov[0].iov_len / 4;
739 rep.th.seq = htonl(seq);
740 rep.th.ack_seq = htonl(ack);
742 rep.th.window = htons(win);
744 #ifdef CONFIG_TCP_MD5SIG
746 int offset = (tsecr) ? 3 : 0;
748 rep.opt[offset++] = htonl((TCPOPT_NOP << 24) |
750 (TCPOPT_MD5SIG << 8) |
752 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
753 rep.th.doff = arg.iov[0].iov_len/4;
755 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[offset],
756 key, ip_hdr(skb)->saddr,
757 ip_hdr(skb)->daddr, &rep.th);
760 arg.flags = reply_flags;
761 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
762 ip_hdr(skb)->saddr, /* XXX */
763 arg.iov[0].iov_len, IPPROTO_TCP, 0);
764 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
766 arg.bound_dev_if = oif;
768 ip_send_unicast_reply(net, skb, &TCP_SKB_CB(skb)->header.h4.opt,
769 ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
770 &arg, arg.iov[0].iov_len);
772 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
775 static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb)
777 struct inet_timewait_sock *tw = inet_twsk(sk);
778 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
780 tcp_v4_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
781 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
782 tcp_time_stamp + tcptw->tw_ts_offset,
785 tcp_twsk_md5_key(tcptw),
786 tw->tw_transparent ? IP_REPLY_ARG_NOSRCCHECK : 0,
793 static void tcp_v4_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
794 struct request_sock *req)
796 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
797 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
799 tcp_v4_send_ack(skb, (sk->sk_state == TCP_LISTEN) ?
800 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
801 tcp_rsk(req)->rcv_nxt, req->rcv_wnd,
805 tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&ip_hdr(skb)->daddr,
807 inet_rsk(req)->no_srccheck ? IP_REPLY_ARG_NOSRCCHECK : 0,
812 * Send a SYN-ACK after having received a SYN.
813 * This still operates on a request_sock only, not on a big
816 static int tcp_v4_send_synack(struct sock *sk, struct dst_entry *dst,
818 struct request_sock *req,
820 struct tcp_fastopen_cookie *foc)
822 const struct inet_request_sock *ireq = inet_rsk(req);
827 /* First, grab a route. */
828 if (!dst && (dst = inet_csk_route_req(sk, &fl4, req)) == NULL)
831 skb = tcp_make_synack(sk, dst, req, foc);
834 __tcp_v4_send_check(skb, ireq->ir_loc_addr, ireq->ir_rmt_addr);
836 skb_set_queue_mapping(skb, queue_mapping);
837 err = ip_build_and_send_pkt(skb, sk, ireq->ir_loc_addr,
840 err = net_xmit_eval(err);
847 * IPv4 request_sock destructor.
849 static void tcp_v4_reqsk_destructor(struct request_sock *req)
851 kfree(inet_rsk(req)->opt);
855 * Return true if a syncookie should be sent
857 bool tcp_syn_flood_action(struct sock *sk,
858 const struct sk_buff *skb,
861 const char *msg = "Dropping request";
862 bool want_cookie = false;
863 struct listen_sock *lopt;
865 #ifdef CONFIG_SYN_COOKIES
866 if (sysctl_tcp_syncookies) {
867 msg = "Sending cookies";
869 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPREQQFULLDOCOOKIES);
872 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPREQQFULLDROP);
874 lopt = inet_csk(sk)->icsk_accept_queue.listen_opt;
875 if (!lopt->synflood_warned && sysctl_tcp_syncookies != 2) {
876 lopt->synflood_warned = 1;
877 pr_info("%s: Possible SYN flooding on port %d. %s. Check SNMP counters.\n",
878 proto, ntohs(tcp_hdr(skb)->dest), msg);
882 EXPORT_SYMBOL(tcp_syn_flood_action);
885 * Save and compile IPv4 options into the request_sock if needed.
887 static struct ip_options_rcu *tcp_v4_save_options(struct sk_buff *skb)
889 const struct ip_options *opt = &(IPCB(skb)->opt);
890 struct ip_options_rcu *dopt = NULL;
892 if (opt && opt->optlen) {
893 int opt_size = sizeof(*dopt) + opt->optlen;
895 dopt = kmalloc(opt_size, GFP_ATOMIC);
897 if (ip_options_echo(&dopt->opt, skb)) {
906 #ifdef CONFIG_TCP_MD5SIG
908 * RFC2385 MD5 checksumming requires a mapping of
909 * IP address->MD5 Key.
910 * We need to maintain these in the sk structure.
913 /* Find the Key structure for an address. */
914 struct tcp_md5sig_key *tcp_md5_do_lookup(struct sock *sk,
915 const union tcp_md5_addr *addr,
918 struct tcp_sock *tp = tcp_sk(sk);
919 struct tcp_md5sig_key *key;
920 unsigned int size = sizeof(struct in_addr);
921 struct tcp_md5sig_info *md5sig;
923 /* caller either holds rcu_read_lock() or socket lock */
924 md5sig = rcu_dereference_check(tp->md5sig_info,
925 sock_owned_by_user(sk) ||
926 lockdep_is_held(&sk->sk_lock.slock));
929 #if IS_ENABLED(CONFIG_IPV6)
930 if (family == AF_INET6)
931 size = sizeof(struct in6_addr);
933 hlist_for_each_entry_rcu(key, &md5sig->head, node) {
934 if (key->family != family)
936 if (!memcmp(&key->addr, addr, size))
941 EXPORT_SYMBOL(tcp_md5_do_lookup);
943 struct tcp_md5sig_key *tcp_v4_md5_lookup(struct sock *sk,
944 struct sock *addr_sk)
946 union tcp_md5_addr *addr;
948 addr = (union tcp_md5_addr *)&inet_sk(addr_sk)->inet_daddr;
949 return tcp_md5_do_lookup(sk, addr, AF_INET);
951 EXPORT_SYMBOL(tcp_v4_md5_lookup);
953 static struct tcp_md5sig_key *tcp_v4_reqsk_md5_lookup(struct sock *sk,
954 struct request_sock *req)
956 union tcp_md5_addr *addr;
958 addr = (union tcp_md5_addr *)&inet_rsk(req)->ir_rmt_addr;
959 return tcp_md5_do_lookup(sk, addr, AF_INET);
962 /* This can be called on a newly created socket, from other files */
963 int tcp_md5_do_add(struct sock *sk, const union tcp_md5_addr *addr,
964 int family, const u8 *newkey, u8 newkeylen, gfp_t gfp)
966 /* Add Key to the list */
967 struct tcp_md5sig_key *key;
968 struct tcp_sock *tp = tcp_sk(sk);
969 struct tcp_md5sig_info *md5sig;
971 key = tcp_md5_do_lookup(sk, addr, family);
973 /* Pre-existing entry - just update that one. */
974 memcpy(key->key, newkey, newkeylen);
975 key->keylen = newkeylen;
979 md5sig = rcu_dereference_protected(tp->md5sig_info,
980 sock_owned_by_user(sk));
982 md5sig = kmalloc(sizeof(*md5sig), gfp);
986 sk_nocaps_add(sk, NETIF_F_GSO_MASK);
987 INIT_HLIST_HEAD(&md5sig->head);
988 rcu_assign_pointer(tp->md5sig_info, md5sig);
991 key = sock_kmalloc(sk, sizeof(*key), gfp);
994 if (!tcp_alloc_md5sig_pool()) {
995 sock_kfree_s(sk, key, sizeof(*key));
999 memcpy(key->key, newkey, newkeylen);
1000 key->keylen = newkeylen;
1001 key->family = family;
1002 memcpy(&key->addr, addr,
1003 (family == AF_INET6) ? sizeof(struct in6_addr) :
1004 sizeof(struct in_addr));
1005 hlist_add_head_rcu(&key->node, &md5sig->head);
1008 EXPORT_SYMBOL(tcp_md5_do_add);
1010 int tcp_md5_do_del(struct sock *sk, const union tcp_md5_addr *addr, int family)
1012 struct tcp_md5sig_key *key;
1014 key = tcp_md5_do_lookup(sk, addr, family);
1017 hlist_del_rcu(&key->node);
1018 atomic_sub(sizeof(*key), &sk->sk_omem_alloc);
1019 kfree_rcu(key, rcu);
1022 EXPORT_SYMBOL(tcp_md5_do_del);
1024 static void tcp_clear_md5_list(struct sock *sk)
1026 struct tcp_sock *tp = tcp_sk(sk);
1027 struct tcp_md5sig_key *key;
1028 struct hlist_node *n;
1029 struct tcp_md5sig_info *md5sig;
1031 md5sig = rcu_dereference_protected(tp->md5sig_info, 1);
1033 hlist_for_each_entry_safe(key, n, &md5sig->head, node) {
1034 hlist_del_rcu(&key->node);
1035 atomic_sub(sizeof(*key), &sk->sk_omem_alloc);
1036 kfree_rcu(key, rcu);
1040 static int tcp_v4_parse_md5_keys(struct sock *sk, char __user *optval,
1043 struct tcp_md5sig cmd;
1044 struct sockaddr_in *sin = (struct sockaddr_in *)&cmd.tcpm_addr;
1046 if (optlen < sizeof(cmd))
1049 if (copy_from_user(&cmd, optval, sizeof(cmd)))
1052 if (sin->sin_family != AF_INET)
1055 if (!cmd.tcpm_keylen)
1056 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin->sin_addr.s_addr,
1059 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
1062 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin->sin_addr.s_addr,
1063 AF_INET, cmd.tcpm_key, cmd.tcpm_keylen,
1067 static int tcp_v4_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
1068 __be32 daddr, __be32 saddr, int nbytes)
1070 struct tcp4_pseudohdr *bp;
1071 struct scatterlist sg;
1073 bp = &hp->md5_blk.ip4;
1076 * 1. the TCP pseudo-header (in the order: source IP address,
1077 * destination IP address, zero-padded protocol number, and
1083 bp->protocol = IPPROTO_TCP;
1084 bp->len = cpu_to_be16(nbytes);
1086 sg_init_one(&sg, bp, sizeof(*bp));
1087 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
1090 static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
1091 __be32 daddr, __be32 saddr, const struct tcphdr *th)
1093 struct tcp_md5sig_pool *hp;
1094 struct hash_desc *desc;
1096 hp = tcp_get_md5sig_pool();
1098 goto clear_hash_noput;
1099 desc = &hp->md5_desc;
1101 if (crypto_hash_init(desc))
1103 if (tcp_v4_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
1105 if (tcp_md5_hash_header(hp, th))
1107 if (tcp_md5_hash_key(hp, key))
1109 if (crypto_hash_final(desc, md5_hash))
1112 tcp_put_md5sig_pool();
1116 tcp_put_md5sig_pool();
1118 memset(md5_hash, 0, 16);
1122 int tcp_v4_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
1123 const struct sock *sk, const struct request_sock *req,
1124 const struct sk_buff *skb)
1126 struct tcp_md5sig_pool *hp;
1127 struct hash_desc *desc;
1128 const struct tcphdr *th = tcp_hdr(skb);
1129 __be32 saddr, daddr;
1132 saddr = inet_sk(sk)->inet_saddr;
1133 daddr = inet_sk(sk)->inet_daddr;
1135 saddr = inet_rsk(req)->ir_loc_addr;
1136 daddr = inet_rsk(req)->ir_rmt_addr;
1138 const struct iphdr *iph = ip_hdr(skb);
1143 hp = tcp_get_md5sig_pool();
1145 goto clear_hash_noput;
1146 desc = &hp->md5_desc;
1148 if (crypto_hash_init(desc))
1151 if (tcp_v4_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
1153 if (tcp_md5_hash_header(hp, th))
1155 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
1157 if (tcp_md5_hash_key(hp, key))
1159 if (crypto_hash_final(desc, md5_hash))
1162 tcp_put_md5sig_pool();
1166 tcp_put_md5sig_pool();
1168 memset(md5_hash, 0, 16);
1171 EXPORT_SYMBOL(tcp_v4_md5_hash_skb);
1173 static bool __tcp_v4_inbound_md5_hash(struct sock *sk,
1174 const struct sk_buff *skb)
1177 * This gets called for each TCP segment that arrives
1178 * so we want to be efficient.
1179 * We have 3 drop cases:
1180 * o No MD5 hash and one expected.
1181 * o MD5 hash and we're not expecting one.
1182 * o MD5 hash and its wrong.
1184 const __u8 *hash_location = NULL;
1185 struct tcp_md5sig_key *hash_expected;
1186 const struct iphdr *iph = ip_hdr(skb);
1187 const struct tcphdr *th = tcp_hdr(skb);
1189 unsigned char newhash[16];
1191 hash_expected = tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&iph->saddr,
1193 hash_location = tcp_parse_md5sig_option(th);
1195 /* We've parsed the options - do we have a hash? */
1196 if (!hash_expected && !hash_location)
1199 if (hash_expected && !hash_location) {
1200 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
1204 if (!hash_expected && hash_location) {
1205 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
1209 /* Okay, so this is hash_expected and hash_location -
1210 * so we need to calculate the checksum.
1212 genhash = tcp_v4_md5_hash_skb(newhash,
1216 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
1217 net_info_ratelimited("MD5 Hash failed for (%pI4, %d)->(%pI4, %d)%s\n",
1218 &iph->saddr, ntohs(th->source),
1219 &iph->daddr, ntohs(th->dest),
1220 genhash ? " tcp_v4_calc_md5_hash failed"
1227 static bool tcp_v4_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb)
1232 ret = __tcp_v4_inbound_md5_hash(sk, skb);
1240 static void tcp_v4_init_req(struct request_sock *req, struct sock *sk,
1241 struct sk_buff *skb)
1243 struct inet_request_sock *ireq = inet_rsk(req);
1245 ireq->ir_loc_addr = ip_hdr(skb)->daddr;
1246 ireq->ir_rmt_addr = ip_hdr(skb)->saddr;
1247 ireq->no_srccheck = inet_sk(sk)->transparent;
1248 ireq->opt = tcp_v4_save_options(skb);
1251 static struct dst_entry *tcp_v4_route_req(struct sock *sk, struct flowi *fl,
1252 const struct request_sock *req,
1255 struct dst_entry *dst = inet_csk_route_req(sk, &fl->u.ip4, req);
1258 if (fl->u.ip4.daddr == inet_rsk(req)->ir_rmt_addr)
1267 struct request_sock_ops tcp_request_sock_ops __read_mostly = {
1269 .obj_size = sizeof(struct tcp_request_sock),
1270 .rtx_syn_ack = tcp_rtx_synack,
1271 .send_ack = tcp_v4_reqsk_send_ack,
1272 .destructor = tcp_v4_reqsk_destructor,
1273 .send_reset = tcp_v4_send_reset,
1274 .syn_ack_timeout = tcp_syn_ack_timeout,
1277 static const struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = {
1278 .mss_clamp = TCP_MSS_DEFAULT,
1279 #ifdef CONFIG_TCP_MD5SIG
1280 .md5_lookup = tcp_v4_reqsk_md5_lookup,
1281 .calc_md5_hash = tcp_v4_md5_hash_skb,
1283 .init_req = tcp_v4_init_req,
1284 #ifdef CONFIG_SYN_COOKIES
1285 .cookie_init_seq = cookie_v4_init_sequence,
1287 .route_req = tcp_v4_route_req,
1288 .init_seq = tcp_v4_init_sequence,
1289 .send_synack = tcp_v4_send_synack,
1290 .queue_hash_add = inet_csk_reqsk_queue_hash_add,
1293 int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1295 /* Never answer to SYNs send to broadcast or multicast */
1296 if (skb_rtable(skb)->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))
1299 return tcp_conn_request(&tcp_request_sock_ops,
1300 &tcp_request_sock_ipv4_ops, sk, skb);
1303 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1306 EXPORT_SYMBOL(tcp_v4_conn_request);
1310 * The three way handshake has completed - we got a valid synack -
1311 * now create the new socket.
1313 struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1314 struct request_sock *req,
1315 struct dst_entry *dst)
1317 struct inet_request_sock *ireq;
1318 struct inet_sock *newinet;
1319 struct tcp_sock *newtp;
1321 #ifdef CONFIG_TCP_MD5SIG
1322 struct tcp_md5sig_key *key;
1324 struct ip_options_rcu *inet_opt;
1326 if (sk_acceptq_is_full(sk))
1329 newsk = tcp_create_openreq_child(sk, req, skb);
1333 newsk->sk_gso_type = SKB_GSO_TCPV4;
1334 inet_sk_rx_dst_set(newsk, skb);
1336 newtp = tcp_sk(newsk);
1337 newinet = inet_sk(newsk);
1338 ireq = inet_rsk(req);
1339 newinet->inet_daddr = ireq->ir_rmt_addr;
1340 newinet->inet_rcv_saddr = ireq->ir_loc_addr;
1341 newinet->inet_saddr = ireq->ir_loc_addr;
1342 inet_opt = ireq->opt;
1343 rcu_assign_pointer(newinet->inet_opt, inet_opt);
1345 newinet->mc_index = inet_iif(skb);
1346 newinet->mc_ttl = ip_hdr(skb)->ttl;
1347 newinet->rcv_tos = ip_hdr(skb)->tos;
1348 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1349 inet_set_txhash(newsk);
1351 inet_csk(newsk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
1352 newinet->inet_id = newtp->write_seq ^ jiffies;
1355 dst = inet_csk_route_child_sock(sk, newsk, req);
1359 /* syncookie case : see end of cookie_v4_check() */
1361 sk_setup_caps(newsk, dst);
1363 tcp_sync_mss(newsk, dst_mtu(dst));
1364 newtp->advmss = dst_metric_advmss(dst);
1365 if (tcp_sk(sk)->rx_opt.user_mss &&
1366 tcp_sk(sk)->rx_opt.user_mss < newtp->advmss)
1367 newtp->advmss = tcp_sk(sk)->rx_opt.user_mss;
1369 tcp_initialize_rcv_mss(newsk);
1371 #ifdef CONFIG_TCP_MD5SIG
1372 /* Copy over the MD5 key from the original socket */
1373 key = tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&newinet->inet_daddr,
1377 * We're using one, so create a matching key
1378 * on the newsk structure. If we fail to get
1379 * memory, then we end up not copying the key
1382 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newinet->inet_daddr,
1383 AF_INET, key->key, key->keylen, GFP_ATOMIC);
1384 sk_nocaps_add(newsk, NETIF_F_GSO_MASK);
1388 if (__inet_inherit_port(sk, newsk) < 0)
1390 __inet_hash_nolisten(newsk, NULL);
1395 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1399 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1402 inet_csk_prepare_forced_close(newsk);
1406 EXPORT_SYMBOL(tcp_v4_syn_recv_sock);
1408 static struct sock *tcp_v4_hnd_req(struct sock *sk, struct sk_buff *skb)
1410 struct tcphdr *th = tcp_hdr(skb);
1411 const struct iphdr *iph = ip_hdr(skb);
1413 struct request_sock **prev;
1414 /* Find possible connection requests. */
1415 struct request_sock *req = inet_csk_search_req(sk, &prev, th->source,
1416 iph->saddr, iph->daddr);
1418 return tcp_check_req(sk, skb, req, prev, false);
1420 nsk = inet_lookup_established(sock_net(sk), &tcp_hashinfo, iph->saddr,
1421 th->source, iph->daddr, th->dest, inet_iif(skb));
1424 if (nsk->sk_state != TCP_TIME_WAIT) {
1428 inet_twsk_put(inet_twsk(nsk));
1432 #ifdef CONFIG_SYN_COOKIES
1434 sk = cookie_v4_check(sk, skb, &(IPCB(skb)->opt));
1439 /* The socket must have it's spinlock held when we get
1442 * We have a potential double-lock case here, so even when
1443 * doing backlog processing we use the BH locking scheme.
1444 * This is because we cannot sleep with the original spinlock
1447 int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
1451 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1452 struct dst_entry *dst = sk->sk_rx_dst;
1454 sock_rps_save_rxhash(sk, skb);
1456 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
1457 dst->ops->check(dst, 0) == NULL) {
1459 sk->sk_rx_dst = NULL;
1462 tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len);
1466 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1469 if (sk->sk_state == TCP_LISTEN) {
1470 struct sock *nsk = tcp_v4_hnd_req(sk, skb);
1475 sock_rps_save_rxhash(nsk, skb);
1476 if (tcp_child_process(sk, nsk, skb)) {
1483 sock_rps_save_rxhash(sk, skb);
1485 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) {
1492 tcp_v4_send_reset(rsk, skb);
1495 /* Be careful here. If this function gets more complicated and
1496 * gcc suffers from register pressure on the x86, sk (in %ebx)
1497 * might be destroyed here. This current version compiles correctly,
1498 * but you have been warned.
1503 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_CSUMERRORS);
1504 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1507 EXPORT_SYMBOL(tcp_v4_do_rcv);
1509 void tcp_v4_early_demux(struct sk_buff *skb)
1511 const struct iphdr *iph;
1512 const struct tcphdr *th;
1515 if (skb->pkt_type != PACKET_HOST)
1518 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1524 if (th->doff < sizeof(struct tcphdr) / 4)
1527 sk = __inet_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1528 iph->saddr, th->source,
1529 iph->daddr, ntohs(th->dest),
1533 skb->destructor = sock_edemux;
1534 if (sk->sk_state != TCP_TIME_WAIT) {
1535 struct dst_entry *dst = sk->sk_rx_dst;
1538 dst = dst_check(dst, 0);
1540 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
1541 skb_dst_set_noref(skb, dst);
1546 /* Packet is added to VJ-style prequeue for processing in process
1547 * context, if a reader task is waiting. Apparently, this exciting
1548 * idea (VJ's mail "Re: query about TCP header on tcp-ip" of 07 Sep 93)
1549 * failed somewhere. Latency? Burstiness? Well, at least now we will
1550 * see, why it failed. 8)8) --ANK
1553 bool tcp_prequeue(struct sock *sk, struct sk_buff *skb)
1555 struct tcp_sock *tp = tcp_sk(sk);
1557 if (sysctl_tcp_low_latency || !tp->ucopy.task)
1560 if (skb->len <= tcp_hdrlen(skb) &&
1561 skb_queue_len(&tp->ucopy.prequeue) == 0)
1564 /* Before escaping RCU protected region, we need to take care of skb
1565 * dst. Prequeue is only enabled for established sockets.
1566 * For such sockets, we might need the skb dst only to set sk->sk_rx_dst
1567 * Instead of doing full sk_rx_dst validity here, let's perform
1568 * an optimistic check.
1570 if (likely(sk->sk_rx_dst))
1575 __skb_queue_tail(&tp->ucopy.prequeue, skb);
1576 tp->ucopy.memory += skb->truesize;
1577 if (tp->ucopy.memory > sk->sk_rcvbuf) {
1578 struct sk_buff *skb1;
1580 BUG_ON(sock_owned_by_user(sk));
1582 while ((skb1 = __skb_dequeue(&tp->ucopy.prequeue)) != NULL) {
1583 sk_backlog_rcv(sk, skb1);
1584 NET_INC_STATS_BH(sock_net(sk),
1585 LINUX_MIB_TCPPREQUEUEDROPPED);
1588 tp->ucopy.memory = 0;
1589 } else if (skb_queue_len(&tp->ucopy.prequeue) == 1) {
1590 wake_up_interruptible_sync_poll(sk_sleep(sk),
1591 POLLIN | POLLRDNORM | POLLRDBAND);
1592 if (!inet_csk_ack_scheduled(sk))
1593 inet_csk_reset_xmit_timer(sk, ICSK_TIME_DACK,
1594 (3 * tcp_rto_min(sk)) / 4,
1599 EXPORT_SYMBOL(tcp_prequeue);
1605 int tcp_v4_rcv(struct sk_buff *skb)
1607 const struct iphdr *iph;
1608 const struct tcphdr *th;
1611 struct net *net = dev_net(skb->dev);
1613 if (skb->pkt_type != PACKET_HOST)
1616 /* Count it even if it's bad */
1617 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1619 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1624 if (th->doff < sizeof(struct tcphdr) / 4)
1626 if (!pskb_may_pull(skb, th->doff * 4))
1629 /* An explanation is required here, I think.
1630 * Packet length and doff are validated by header prediction,
1631 * provided case of th->doff==0 is eliminated.
1632 * So, we defer the checks. */
1634 if (skb_checksum_init(skb, IPPROTO_TCP, inet_compute_pseudo))
1639 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1640 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1641 skb->len - th->doff * 4);
1642 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1643 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1644 TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1645 TCP_SKB_CB(skb)->ip_dsfield = ipv4_get_dsfield(iph);
1646 TCP_SKB_CB(skb)->sacked = 0;
1648 sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
1653 if (sk->sk_state == TCP_TIME_WAIT)
1656 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
1657 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
1658 goto discard_and_relse;
1661 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
1662 goto discard_and_relse;
1664 #ifdef CONFIG_TCP_MD5SIG
1666 * We really want to reject the packet as early as possible
1668 * o We're expecting an MD5'd packet and this is no MD5 tcp option
1669 * o There is an MD5 option and we're not expecting one
1671 if (tcp_v4_inbound_md5_hash(sk, skb))
1672 goto discard_and_relse;
1677 if (sk_filter(sk, skb))
1678 goto discard_and_relse;
1680 sk_mark_napi_id(sk, skb);
1683 bh_lock_sock_nested(sk);
1685 if (!sock_owned_by_user(sk)) {
1686 #ifdef CONFIG_NET_DMA
1687 struct tcp_sock *tp = tcp_sk(sk);
1688 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1689 tp->ucopy.dma_chan = net_dma_find_channel();
1690 if (tp->ucopy.dma_chan)
1691 ret = tcp_v4_do_rcv(sk, skb);
1695 if (!tcp_prequeue(sk, skb))
1696 ret = tcp_v4_do_rcv(sk, skb);
1698 } else if (unlikely(sk_add_backlog(sk, skb,
1699 sk->sk_rcvbuf + sk->sk_sndbuf))) {
1701 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP);
1702 goto discard_and_relse;
1711 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
1714 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) {
1716 TCP_INC_STATS_BH(net, TCP_MIB_CSUMERRORS);
1718 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1720 tcp_v4_send_reset(NULL, skb);
1724 /* Discard frame. */
1733 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1734 inet_twsk_put(inet_twsk(sk));
1738 if (skb->len < (th->doff << 2)) {
1739 inet_twsk_put(inet_twsk(sk));
1742 if (tcp_checksum_complete(skb)) {
1743 inet_twsk_put(inet_twsk(sk));
1746 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1748 struct sock *sk2 = inet_lookup_listener(dev_net(skb->dev),
1750 iph->saddr, th->source,
1751 iph->daddr, th->dest,
1754 inet_twsk_deschedule(inet_twsk(sk), &tcp_death_row);
1755 inet_twsk_put(inet_twsk(sk));
1759 /* Fall through to ACK */
1762 tcp_v4_timewait_ack(sk, skb);
1766 case TCP_TW_SUCCESS:;
1771 static struct timewait_sock_ops tcp_timewait_sock_ops = {
1772 .twsk_obj_size = sizeof(struct tcp_timewait_sock),
1773 .twsk_unique = tcp_twsk_unique,
1774 .twsk_destructor= tcp_twsk_destructor,
1777 void inet_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
1779 struct dst_entry *dst = skb_dst(skb);
1783 sk->sk_rx_dst = dst;
1784 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
1787 EXPORT_SYMBOL(inet_sk_rx_dst_set);
1789 const struct inet_connection_sock_af_ops ipv4_specific = {
1790 .queue_xmit = ip_queue_xmit,
1791 .send_check = tcp_v4_send_check,
1792 .rebuild_header = inet_sk_rebuild_header,
1793 .sk_rx_dst_set = inet_sk_rx_dst_set,
1794 .conn_request = tcp_v4_conn_request,
1795 .syn_recv_sock = tcp_v4_syn_recv_sock,
1796 .net_header_len = sizeof(struct iphdr),
1797 .setsockopt = ip_setsockopt,
1798 .getsockopt = ip_getsockopt,
1799 .addr2sockaddr = inet_csk_addr2sockaddr,
1800 .sockaddr_len = sizeof(struct sockaddr_in),
1801 .bind_conflict = inet_csk_bind_conflict,
1802 #ifdef CONFIG_COMPAT
1803 .compat_setsockopt = compat_ip_setsockopt,
1804 .compat_getsockopt = compat_ip_getsockopt,
1806 .mtu_reduced = tcp_v4_mtu_reduced,
1808 EXPORT_SYMBOL(ipv4_specific);
1810 #ifdef CONFIG_TCP_MD5SIG
1811 static const struct tcp_sock_af_ops tcp_sock_ipv4_specific = {
1812 .md5_lookup = tcp_v4_md5_lookup,
1813 .calc_md5_hash = tcp_v4_md5_hash_skb,
1814 .md5_parse = tcp_v4_parse_md5_keys,
1818 /* NOTE: A lot of things set to zero explicitly by call to
1819 * sk_alloc() so need not be done here.
1821 static int tcp_v4_init_sock(struct sock *sk)
1823 struct inet_connection_sock *icsk = inet_csk(sk);
1827 icsk->icsk_af_ops = &ipv4_specific;
1829 #ifdef CONFIG_TCP_MD5SIG
1830 tcp_sk(sk)->af_specific = &tcp_sock_ipv4_specific;
1836 void tcp_v4_destroy_sock(struct sock *sk)
1838 struct tcp_sock *tp = tcp_sk(sk);
1840 tcp_clear_xmit_timers(sk);
1842 tcp_cleanup_congestion_control(sk);
1844 /* Cleanup up the write buffer. */
1845 tcp_write_queue_purge(sk);
1847 /* Cleans up our, hopefully empty, out_of_order_queue. */
1848 __skb_queue_purge(&tp->out_of_order_queue);
1850 #ifdef CONFIG_TCP_MD5SIG
1851 /* Clean up the MD5 key list, if any */
1852 if (tp->md5sig_info) {
1853 tcp_clear_md5_list(sk);
1854 kfree_rcu(tp->md5sig_info, rcu);
1855 tp->md5sig_info = NULL;
1859 #ifdef CONFIG_NET_DMA
1860 /* Cleans up our sk_async_wait_queue */
1861 __skb_queue_purge(&sk->sk_async_wait_queue);
1864 /* Clean prequeue, it must be empty really */
1865 __skb_queue_purge(&tp->ucopy.prequeue);
1867 /* Clean up a referenced TCP bind bucket. */
1868 if (inet_csk(sk)->icsk_bind_hash)
1871 BUG_ON(tp->fastopen_rsk != NULL);
1873 /* If socket is aborted during connect operation */
1874 tcp_free_fastopen_req(tp);
1876 sk_sockets_allocated_dec(sk);
1877 sock_release_memcg(sk);
1879 EXPORT_SYMBOL(tcp_v4_destroy_sock);
1881 #ifdef CONFIG_PROC_FS
1882 /* Proc filesystem TCP sock list dumping. */
1885 * Get next listener socket follow cur. If cur is NULL, get first socket
1886 * starting from bucket given in st->bucket; when st->bucket is zero the
1887 * very first socket in the hash table is returned.
1889 static void *listening_get_next(struct seq_file *seq, void *cur)
1891 struct inet_connection_sock *icsk;
1892 struct hlist_nulls_node *node;
1893 struct sock *sk = cur;
1894 struct inet_listen_hashbucket *ilb;
1895 struct tcp_iter_state *st = seq->private;
1896 struct net *net = seq_file_net(seq);
1899 ilb = &tcp_hashinfo.listening_hash[st->bucket];
1900 spin_lock_bh(&ilb->lock);
1901 sk = sk_nulls_head(&ilb->head);
1905 ilb = &tcp_hashinfo.listening_hash[st->bucket];
1909 if (st->state == TCP_SEQ_STATE_OPENREQ) {
1910 struct request_sock *req = cur;
1912 icsk = inet_csk(st->syn_wait_sk);
1916 if (req->rsk_ops->family == st->family) {
1922 if (++st->sbucket >= icsk->icsk_accept_queue.listen_opt->nr_table_entries)
1925 req = icsk->icsk_accept_queue.listen_opt->syn_table[st->sbucket];
1927 sk = sk_nulls_next(st->syn_wait_sk);
1928 st->state = TCP_SEQ_STATE_LISTENING;
1929 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
1931 icsk = inet_csk(sk);
1932 read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
1933 if (reqsk_queue_len(&icsk->icsk_accept_queue))
1935 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
1936 sk = sk_nulls_next(sk);
1939 sk_nulls_for_each_from(sk, node) {
1940 if (!net_eq(sock_net(sk), net))
1942 if (sk->sk_family == st->family) {
1946 icsk = inet_csk(sk);
1947 read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
1948 if (reqsk_queue_len(&icsk->icsk_accept_queue)) {
1950 st->uid = sock_i_uid(sk);
1951 st->syn_wait_sk = sk;
1952 st->state = TCP_SEQ_STATE_OPENREQ;
1956 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
1958 spin_unlock_bh(&ilb->lock);
1960 if (++st->bucket < INET_LHTABLE_SIZE) {
1961 ilb = &tcp_hashinfo.listening_hash[st->bucket];
1962 spin_lock_bh(&ilb->lock);
1963 sk = sk_nulls_head(&ilb->head);
1971 static void *listening_get_idx(struct seq_file *seq, loff_t *pos)
1973 struct tcp_iter_state *st = seq->private;
1978 rc = listening_get_next(seq, NULL);
1980 while (rc && *pos) {
1981 rc = listening_get_next(seq, rc);
1987 static inline bool empty_bucket(const struct tcp_iter_state *st)
1989 return hlist_nulls_empty(&tcp_hashinfo.ehash[st->bucket].chain);
1993 * Get first established socket starting from bucket given in st->bucket.
1994 * If st->bucket is zero, the very first socket in the hash is returned.
1996 static void *established_get_first(struct seq_file *seq)
1998 struct tcp_iter_state *st = seq->private;
1999 struct net *net = seq_file_net(seq);
2003 for (; st->bucket <= tcp_hashinfo.ehash_mask; ++st->bucket) {
2005 struct hlist_nulls_node *node;
2006 spinlock_t *lock = inet_ehash_lockp(&tcp_hashinfo, st->bucket);
2008 /* Lockless fast path for the common case of empty buckets */
2009 if (empty_bucket(st))
2013 sk_nulls_for_each(sk, node, &tcp_hashinfo.ehash[st->bucket].chain) {
2014 if (sk->sk_family != st->family ||
2015 !net_eq(sock_net(sk), net)) {
2021 spin_unlock_bh(lock);
2027 static void *established_get_next(struct seq_file *seq, void *cur)
2029 struct sock *sk = cur;
2030 struct hlist_nulls_node *node;
2031 struct tcp_iter_state *st = seq->private;
2032 struct net *net = seq_file_net(seq);
2037 sk = sk_nulls_next(sk);
2039 sk_nulls_for_each_from(sk, node) {
2040 if (sk->sk_family == st->family && net_eq(sock_net(sk), net))
2044 spin_unlock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2046 return established_get_first(seq);
2049 static void *established_get_idx(struct seq_file *seq, loff_t pos)
2051 struct tcp_iter_state *st = seq->private;
2055 rc = established_get_first(seq);
2058 rc = established_get_next(seq, rc);
2064 static void *tcp_get_idx(struct seq_file *seq, loff_t pos)
2067 struct tcp_iter_state *st = seq->private;
2069 st->state = TCP_SEQ_STATE_LISTENING;
2070 rc = listening_get_idx(seq, &pos);
2073 st->state = TCP_SEQ_STATE_ESTABLISHED;
2074 rc = established_get_idx(seq, pos);
2080 static void *tcp_seek_last_pos(struct seq_file *seq)
2082 struct tcp_iter_state *st = seq->private;
2083 int offset = st->offset;
2084 int orig_num = st->num;
2087 switch (st->state) {
2088 case TCP_SEQ_STATE_OPENREQ:
2089 case TCP_SEQ_STATE_LISTENING:
2090 if (st->bucket >= INET_LHTABLE_SIZE)
2092 st->state = TCP_SEQ_STATE_LISTENING;
2093 rc = listening_get_next(seq, NULL);
2094 while (offset-- && rc)
2095 rc = listening_get_next(seq, rc);
2099 st->state = TCP_SEQ_STATE_ESTABLISHED;
2101 case TCP_SEQ_STATE_ESTABLISHED:
2102 if (st->bucket > tcp_hashinfo.ehash_mask)
2104 rc = established_get_first(seq);
2105 while (offset-- && rc)
2106 rc = established_get_next(seq, rc);
2114 static void *tcp_seq_start(struct seq_file *seq, loff_t *pos)
2116 struct tcp_iter_state *st = seq->private;
2119 if (*pos && *pos == st->last_pos) {
2120 rc = tcp_seek_last_pos(seq);
2125 st->state = TCP_SEQ_STATE_LISTENING;
2129 rc = *pos ? tcp_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2132 st->last_pos = *pos;
2136 static void *tcp_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2138 struct tcp_iter_state *st = seq->private;
2141 if (v == SEQ_START_TOKEN) {
2142 rc = tcp_get_idx(seq, 0);
2146 switch (st->state) {
2147 case TCP_SEQ_STATE_OPENREQ:
2148 case TCP_SEQ_STATE_LISTENING:
2149 rc = listening_get_next(seq, v);
2151 st->state = TCP_SEQ_STATE_ESTABLISHED;
2154 rc = established_get_first(seq);
2157 case TCP_SEQ_STATE_ESTABLISHED:
2158 rc = established_get_next(seq, v);
2163 st->last_pos = *pos;
2167 static void tcp_seq_stop(struct seq_file *seq, void *v)
2169 struct tcp_iter_state *st = seq->private;
2171 switch (st->state) {
2172 case TCP_SEQ_STATE_OPENREQ:
2174 struct inet_connection_sock *icsk = inet_csk(st->syn_wait_sk);
2175 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2177 case TCP_SEQ_STATE_LISTENING:
2178 if (v != SEQ_START_TOKEN)
2179 spin_unlock_bh(&tcp_hashinfo.listening_hash[st->bucket].lock);
2181 case TCP_SEQ_STATE_ESTABLISHED:
2183 spin_unlock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2188 int tcp_seq_open(struct inode *inode, struct file *file)
2190 struct tcp_seq_afinfo *afinfo = PDE_DATA(inode);
2191 struct tcp_iter_state *s;
2194 err = seq_open_net(inode, file, &afinfo->seq_ops,
2195 sizeof(struct tcp_iter_state));
2199 s = ((struct seq_file *)file->private_data)->private;
2200 s->family = afinfo->family;
2204 EXPORT_SYMBOL(tcp_seq_open);
2206 int tcp_proc_register(struct net *net, struct tcp_seq_afinfo *afinfo)
2209 struct proc_dir_entry *p;
2211 afinfo->seq_ops.start = tcp_seq_start;
2212 afinfo->seq_ops.next = tcp_seq_next;
2213 afinfo->seq_ops.stop = tcp_seq_stop;
2215 p = proc_create_data(afinfo->name, S_IRUGO, net->proc_net,
2216 afinfo->seq_fops, afinfo);
2221 EXPORT_SYMBOL(tcp_proc_register);
2223 void tcp_proc_unregister(struct net *net, struct tcp_seq_afinfo *afinfo)
2225 remove_proc_entry(afinfo->name, net->proc_net);
2227 EXPORT_SYMBOL(tcp_proc_unregister);
2229 static void get_openreq4(const struct sock *sk, const struct request_sock *req,
2230 struct seq_file *f, int i, kuid_t uid)
2232 const struct inet_request_sock *ireq = inet_rsk(req);
2233 long delta = req->expires - jiffies;
2235 seq_printf(f, "%4d: %08X:%04X %08X:%04X"
2236 " %02X %08X:%08X %02X:%08lX %08X %5u %8d %u %d %pK",
2239 ntohs(inet_sk(sk)->inet_sport),
2241 ntohs(ireq->ir_rmt_port),
2243 0, 0, /* could print option size, but that is af dependent. */
2244 1, /* timers active (only the expire timer) */
2245 jiffies_delta_to_clock_t(delta),
2247 from_kuid_munged(seq_user_ns(f), uid),
2248 0, /* non standard timer */
2249 0, /* open_requests have no inode */
2250 atomic_read(&sk->sk_refcnt),
2254 static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i)
2257 unsigned long timer_expires;
2258 const struct tcp_sock *tp = tcp_sk(sk);
2259 const struct inet_connection_sock *icsk = inet_csk(sk);
2260 const struct inet_sock *inet = inet_sk(sk);
2261 struct fastopen_queue *fastopenq = icsk->icsk_accept_queue.fastopenq;
2262 __be32 dest = inet->inet_daddr;
2263 __be32 src = inet->inet_rcv_saddr;
2264 __u16 destp = ntohs(inet->inet_dport);
2265 __u16 srcp = ntohs(inet->inet_sport);
2268 if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
2269 icsk->icsk_pending == ICSK_TIME_EARLY_RETRANS ||
2270 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
2272 timer_expires = icsk->icsk_timeout;
2273 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2275 timer_expires = icsk->icsk_timeout;
2276 } else if (timer_pending(&sk->sk_timer)) {
2278 timer_expires = sk->sk_timer.expires;
2281 timer_expires = jiffies;
2284 if (sk->sk_state == TCP_LISTEN)
2285 rx_queue = sk->sk_ack_backlog;
2288 * because we dont lock socket, we might find a transient negative value
2290 rx_queue = max_t(int, tp->rcv_nxt - tp->copied_seq, 0);
2292 seq_printf(f, "%4d: %08X:%04X %08X:%04X %02X %08X:%08X %02X:%08lX "
2293 "%08X %5u %8d %lu %d %pK %lu %lu %u %u %d",
2294 i, src, srcp, dest, destp, sk->sk_state,
2295 tp->write_seq - tp->snd_una,
2298 jiffies_delta_to_clock_t(timer_expires - jiffies),
2299 icsk->icsk_retransmits,
2300 from_kuid_munged(seq_user_ns(f), sock_i_uid(sk)),
2301 icsk->icsk_probes_out,
2303 atomic_read(&sk->sk_refcnt), sk,
2304 jiffies_to_clock_t(icsk->icsk_rto),
2305 jiffies_to_clock_t(icsk->icsk_ack.ato),
2306 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
2308 sk->sk_state == TCP_LISTEN ?
2309 (fastopenq ? fastopenq->max_qlen : 0) :
2310 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh));
2313 static void get_timewait4_sock(const struct inet_timewait_sock *tw,
2314 struct seq_file *f, int i)
2318 s32 delta = tw->tw_ttd - inet_tw_time_stamp();
2320 dest = tw->tw_daddr;
2321 src = tw->tw_rcv_saddr;
2322 destp = ntohs(tw->tw_dport);
2323 srcp = ntohs(tw->tw_sport);
2325 seq_printf(f, "%4d: %08X:%04X %08X:%04X"
2326 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK",
2327 i, src, srcp, dest, destp, tw->tw_substate, 0, 0,
2328 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
2329 atomic_read(&tw->tw_refcnt), tw);
2334 static int tcp4_seq_show(struct seq_file *seq, void *v)
2336 struct tcp_iter_state *st;
2337 struct sock *sk = v;
2339 seq_setwidth(seq, TMPSZ - 1);
2340 if (v == SEQ_START_TOKEN) {
2341 seq_puts(seq, " sl local_address rem_address st tx_queue "
2342 "rx_queue tr tm->when retrnsmt uid timeout "
2348 switch (st->state) {
2349 case TCP_SEQ_STATE_LISTENING:
2350 case TCP_SEQ_STATE_ESTABLISHED:
2351 if (sk->sk_state == TCP_TIME_WAIT)
2352 get_timewait4_sock(v, seq, st->num);
2354 get_tcp4_sock(v, seq, st->num);
2356 case TCP_SEQ_STATE_OPENREQ:
2357 get_openreq4(st->syn_wait_sk, v, seq, st->num, st->uid);
2365 static const struct file_operations tcp_afinfo_seq_fops = {
2366 .owner = THIS_MODULE,
2367 .open = tcp_seq_open,
2369 .llseek = seq_lseek,
2370 .release = seq_release_net
2373 static struct tcp_seq_afinfo tcp4_seq_afinfo = {
2376 .seq_fops = &tcp_afinfo_seq_fops,
2378 .show = tcp4_seq_show,
2382 static int __net_init tcp4_proc_init_net(struct net *net)
2384 return tcp_proc_register(net, &tcp4_seq_afinfo);
2387 static void __net_exit tcp4_proc_exit_net(struct net *net)
2389 tcp_proc_unregister(net, &tcp4_seq_afinfo);
2392 static struct pernet_operations tcp4_net_ops = {
2393 .init = tcp4_proc_init_net,
2394 .exit = tcp4_proc_exit_net,
2397 int __init tcp4_proc_init(void)
2399 return register_pernet_subsys(&tcp4_net_ops);
2402 void tcp4_proc_exit(void)
2404 unregister_pernet_subsys(&tcp4_net_ops);
2406 #endif /* CONFIG_PROC_FS */
2408 struct proto tcp_prot = {
2410 .owner = THIS_MODULE,
2412 .connect = tcp_v4_connect,
2413 .disconnect = tcp_disconnect,
2414 .accept = inet_csk_accept,
2416 .init = tcp_v4_init_sock,
2417 .destroy = tcp_v4_destroy_sock,
2418 .shutdown = tcp_shutdown,
2419 .setsockopt = tcp_setsockopt,
2420 .getsockopt = tcp_getsockopt,
2421 .recvmsg = tcp_recvmsg,
2422 .sendmsg = tcp_sendmsg,
2423 .sendpage = tcp_sendpage,
2424 .backlog_rcv = tcp_v4_do_rcv,
2425 .release_cb = tcp_release_cb,
2427 .unhash = inet_unhash,
2428 .get_port = inet_csk_get_port,
2429 .enter_memory_pressure = tcp_enter_memory_pressure,
2430 .stream_memory_free = tcp_stream_memory_free,
2431 .sockets_allocated = &tcp_sockets_allocated,
2432 .orphan_count = &tcp_orphan_count,
2433 .memory_allocated = &tcp_memory_allocated,
2434 .memory_pressure = &tcp_memory_pressure,
2435 .sysctl_mem = sysctl_tcp_mem,
2436 .sysctl_wmem = sysctl_tcp_wmem,
2437 .sysctl_rmem = sysctl_tcp_rmem,
2438 .max_header = MAX_TCP_HEADER,
2439 .obj_size = sizeof(struct tcp_sock),
2440 .slab_flags = SLAB_DESTROY_BY_RCU,
2441 .twsk_prot = &tcp_timewait_sock_ops,
2442 .rsk_prot = &tcp_request_sock_ops,
2443 .h.hashinfo = &tcp_hashinfo,
2444 .no_autobind = true,
2445 #ifdef CONFIG_COMPAT
2446 .compat_setsockopt = compat_tcp_setsockopt,
2447 .compat_getsockopt = compat_tcp_getsockopt,
2449 #ifdef CONFIG_MEMCG_KMEM
2450 .init_cgroup = tcp_init_cgroup,
2451 .destroy_cgroup = tcp_destroy_cgroup,
2452 .proto_cgroup = tcp_proto_cgroup,
2455 EXPORT_SYMBOL(tcp_prot);
2457 static int __net_init tcp_sk_init(struct net *net)
2459 net->ipv4.sysctl_tcp_ecn = 2;
2463 static void __net_exit tcp_sk_exit(struct net *net)
2467 static void __net_exit tcp_sk_exit_batch(struct list_head *net_exit_list)
2469 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET);
2472 static struct pernet_operations __net_initdata tcp_sk_ops = {
2473 .init = tcp_sk_init,
2474 .exit = tcp_sk_exit,
2475 .exit_batch = tcp_sk_exit_batch,
2478 void __init tcp_v4_init(void)
2480 inet_hashinfo_init(&tcp_hashinfo);
2481 if (register_pernet_subsys(&tcp_sk_ops))
2482 panic("Failed to create the TCP control socket.\n");