2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * Implementation of the Transmission Control Protocol(TCP).
8 * IPv4 specific functions
13 * linux/ipv4/tcp_input.c
14 * linux/ipv4/tcp_output.c
16 * See tcp.c for author information
18 * This program is free software; you can redistribute it and/or
19 * modify it under the terms of the GNU General Public License
20 * as published by the Free Software Foundation; either version
21 * 2 of the License, or (at your option) any later version.
26 * David S. Miller : New socket lookup architecture.
27 * This code is dedicated to John Dyson.
28 * David S. Miller : Change semantics of established hash,
29 * half is devoted to TIME_WAIT sockets
30 * and the rest go in the other half.
31 * Andi Kleen : Add support for syncookies and fixed
32 * some bugs: ip options weren't passed to
33 * the TCP layer, missed a check for an
35 * Andi Kleen : Implemented fast path mtu discovery.
36 * Fixed many serious bugs in the
37 * request_sock handling and moved
38 * most of it into the af independent code.
39 * Added tail drop and some other bugfixes.
40 * Added new listen semantics.
41 * Mike McLagan : Routing by source
42 * Juan Jose Ciarlante: ip_dynaddr bits
43 * Andi Kleen: various fixes.
44 * Vitaly E. Lavrov : Transparent proxy revived after year
46 * Andi Kleen : Fix new listen.
47 * Andi Kleen : Fix accept error reporting.
48 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
49 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
50 * a single port at the same time.
53 #define pr_fmt(fmt) "TCP: " fmt
55 #include <linux/bottom_half.h>
56 #include <linux/types.h>
57 #include <linux/fcntl.h>
58 #include <linux/module.h>
59 #include <linux/random.h>
60 #include <linux/cache.h>
61 #include <linux/jhash.h>
62 #include <linux/init.h>
63 #include <linux/times.h>
64 #include <linux/slab.h>
66 #include <net/net_namespace.h>
68 #include <net/inet_hashtables.h>
70 #include <net/transp_v6.h>
72 #include <net/inet_common.h>
73 #include <net/timewait_sock.h>
75 #include <net/secure_seq.h>
76 #include <net/busy_poll.h>
78 #include <linux/inet.h>
79 #include <linux/ipv6.h>
80 #include <linux/stddef.h>
81 #include <linux/proc_fs.h>
82 #include <linux/seq_file.h>
84 #include <crypto/hash.h>
85 #include <linux/scatterlist.h>
87 int sysctl_tcp_tw_reuse __read_mostly;
88 int sysctl_tcp_low_latency __read_mostly;
89 EXPORT_SYMBOL(sysctl_tcp_low_latency);
91 #ifdef CONFIG_TCP_MD5SIG
92 static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
93 __be32 daddr, __be32 saddr, const struct tcphdr *th);
96 struct inet_hashinfo tcp_hashinfo;
97 EXPORT_SYMBOL(tcp_hashinfo);
99 static __u32 tcp_v4_init_sequence(const struct sk_buff *skb)
101 return secure_tcp_sequence_number(ip_hdr(skb)->daddr,
104 tcp_hdr(skb)->source);
107 int tcp_twsk_unique(struct sock *sk, struct sock *sktw, void *twp)
109 const struct tcp_timewait_sock *tcptw = tcp_twsk(sktw);
110 struct tcp_sock *tp = tcp_sk(sk);
112 /* With PAWS, it is safe from the viewpoint
113 of data integrity. Even without PAWS it is safe provided sequence
114 spaces do not overlap i.e. at data rates <= 80Mbit/sec.
116 Actually, the idea is close to VJ's one, only timestamp cache is
117 held not per host, but per port pair and TW bucket is used as state
120 If TW bucket has been already destroyed we fall back to VJ's scheme
121 and use initial timestamp retrieved from peer table.
123 if (tcptw->tw_ts_recent_stamp &&
124 (!twp || (sysctl_tcp_tw_reuse &&
125 get_seconds() - tcptw->tw_ts_recent_stamp > 1))) {
126 tp->write_seq = tcptw->tw_snd_nxt + 65535 + 2;
127 if (tp->write_seq == 0)
129 tp->rx_opt.ts_recent = tcptw->tw_ts_recent;
130 tp->rx_opt.ts_recent_stamp = tcptw->tw_ts_recent_stamp;
137 EXPORT_SYMBOL_GPL(tcp_twsk_unique);
139 /* This will initiate an outgoing connection. */
140 int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
142 struct sockaddr_in *usin = (struct sockaddr_in *)uaddr;
143 struct inet_sock *inet = inet_sk(sk);
144 struct tcp_sock *tp = tcp_sk(sk);
145 __be16 orig_sport, orig_dport;
146 __be32 daddr, nexthop;
150 struct ip_options_rcu *inet_opt;
152 if (addr_len < sizeof(struct sockaddr_in))
155 if (usin->sin_family != AF_INET)
156 return -EAFNOSUPPORT;
158 nexthop = daddr = usin->sin_addr.s_addr;
159 inet_opt = rcu_dereference_protected(inet->inet_opt,
160 lockdep_sock_is_held(sk));
161 if (inet_opt && inet_opt->opt.srr) {
164 nexthop = inet_opt->opt.faddr;
167 orig_sport = inet->inet_sport;
168 orig_dport = usin->sin_port;
169 fl4 = &inet->cork.fl.u.ip4;
170 rt = ip_route_connect(fl4, nexthop, inet->inet_saddr,
171 RT_CONN_FLAGS(sk), sk->sk_bound_dev_if,
173 orig_sport, orig_dport, sk);
176 if (err == -ENETUNREACH)
177 IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
181 if (rt->rt_flags & (RTCF_MULTICAST | RTCF_BROADCAST)) {
186 if (!inet_opt || !inet_opt->opt.srr)
189 if (!inet->inet_saddr)
190 inet->inet_saddr = fl4->saddr;
191 sk_rcv_saddr_set(sk, inet->inet_saddr);
193 if (tp->rx_opt.ts_recent_stamp && inet->inet_daddr != daddr) {
194 /* Reset inherited state */
195 tp->rx_opt.ts_recent = 0;
196 tp->rx_opt.ts_recent_stamp = 0;
197 if (likely(!tp->repair))
201 if (tcp_death_row.sysctl_tw_recycle &&
202 !tp->rx_opt.ts_recent_stamp && fl4->daddr == daddr)
203 tcp_fetch_timewait_stamp(sk, &rt->dst);
205 inet->inet_dport = usin->sin_port;
206 sk_daddr_set(sk, daddr);
208 inet_csk(sk)->icsk_ext_hdr_len = 0;
210 inet_csk(sk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
212 tp->rx_opt.mss_clamp = TCP_MSS_DEFAULT;
214 /* Socket identity is still unknown (sport may be zero).
215 * However we set state to SYN-SENT and not releasing socket
216 * lock select source port, enter ourselves into the hash tables and
217 * complete initialization after this.
219 tcp_set_state(sk, TCP_SYN_SENT);
220 err = inet_hash_connect(&tcp_death_row, sk);
226 rt = ip_route_newports(fl4, rt, orig_sport, orig_dport,
227 inet->inet_sport, inet->inet_dport, sk);
233 /* OK, now commit destination to socket. */
234 sk->sk_gso_type = SKB_GSO_TCPV4;
235 sk_setup_caps(sk, &rt->dst);
237 if (!tp->write_seq && likely(!tp->repair))
238 tp->write_seq = secure_tcp_sequence_number(inet->inet_saddr,
243 inet->inet_id = tp->write_seq ^ jiffies;
245 err = tcp_connect(sk);
255 * This unhashes the socket and releases the local port,
258 tcp_set_state(sk, TCP_CLOSE);
260 sk->sk_route_caps = 0;
261 inet->inet_dport = 0;
264 EXPORT_SYMBOL(tcp_v4_connect);
267 * This routine reacts to ICMP_FRAG_NEEDED mtu indications as defined in RFC1191.
268 * It can be called through tcp_release_cb() if socket was owned by user
269 * at the time tcp_v4_err() was called to handle ICMP message.
271 void tcp_v4_mtu_reduced(struct sock *sk)
273 struct dst_entry *dst;
274 struct inet_sock *inet = inet_sk(sk);
275 u32 mtu = tcp_sk(sk)->mtu_info;
277 dst = inet_csk_update_pmtu(sk, mtu);
281 /* Something is about to be wrong... Remember soft error
282 * for the case, if this connection will not able to recover.
284 if (mtu < dst_mtu(dst) && ip_dont_fragment(sk, dst))
285 sk->sk_err_soft = EMSGSIZE;
289 if (inet->pmtudisc != IP_PMTUDISC_DONT &&
290 ip_sk_accept_pmtu(sk) &&
291 inet_csk(sk)->icsk_pmtu_cookie > mtu) {
292 tcp_sync_mss(sk, mtu);
294 /* Resend the TCP packet because it's
295 * clear that the old packet has been
296 * dropped. This is the new "fast" path mtu
299 tcp_simple_retransmit(sk);
300 } /* else let the usual retransmit timer handle it */
302 EXPORT_SYMBOL(tcp_v4_mtu_reduced);
304 static void do_redirect(struct sk_buff *skb, struct sock *sk)
306 struct dst_entry *dst = __sk_dst_check(sk, 0);
309 dst->ops->redirect(dst, sk, skb);
313 /* handle ICMP messages on TCP_NEW_SYN_RECV request sockets */
314 void tcp_req_err(struct sock *sk, u32 seq, bool abort)
316 struct request_sock *req = inet_reqsk(sk);
317 struct net *net = sock_net(sk);
319 /* ICMPs are not backlogged, hence we cannot get
320 * an established socket here.
322 if (seq != tcp_rsk(req)->snt_isn) {
323 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
326 * Still in SYN_RECV, just remove it silently.
327 * There is no good way to pass the error to the newly
328 * created socket, and POSIX does not want network
329 * errors returned from accept().
331 inet_csk_reqsk_queue_drop(req->rsk_listener, req);
332 tcp_listendrop(req->rsk_listener);
336 EXPORT_SYMBOL(tcp_req_err);
339 * This routine is called by the ICMP module when it gets some
340 * sort of error condition. If err < 0 then the socket should
341 * be closed and the error returned to the user. If err > 0
342 * it's just the icmp type << 8 | icmp code. After adjustment
343 * header points to the first 8 bytes of the tcp header. We need
344 * to find the appropriate port.
346 * The locking strategy used here is very "optimistic". When
347 * someone else accesses the socket the ICMP is just dropped
348 * and for some paths there is no check at all.
349 * A more general error queue to queue errors for later handling
350 * is probably better.
354 void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
356 const struct iphdr *iph = (const struct iphdr *)icmp_skb->data;
357 struct tcphdr *th = (struct tcphdr *)(icmp_skb->data + (iph->ihl << 2));
358 struct inet_connection_sock *icsk;
360 struct inet_sock *inet;
361 const int type = icmp_hdr(icmp_skb)->type;
362 const int code = icmp_hdr(icmp_skb)->code;
365 struct request_sock *fastopen;
369 struct net *net = dev_net(icmp_skb->dev);
371 sk = __inet_lookup_established(net, &tcp_hashinfo, iph->daddr,
372 th->dest, iph->saddr, ntohs(th->source),
375 __ICMP_INC_STATS(net, ICMP_MIB_INERRORS);
378 if (sk->sk_state == TCP_TIME_WAIT) {
379 inet_twsk_put(inet_twsk(sk));
382 seq = ntohl(th->seq);
383 if (sk->sk_state == TCP_NEW_SYN_RECV)
384 return tcp_req_err(sk, seq,
385 type == ICMP_PARAMETERPROB ||
386 type == ICMP_TIME_EXCEEDED ||
387 (type == ICMP_DEST_UNREACH &&
388 (code == ICMP_NET_UNREACH ||
389 code == ICMP_HOST_UNREACH)));
392 /* If too many ICMPs get dropped on busy
393 * servers this needs to be solved differently.
394 * We do take care of PMTU discovery (RFC1191) special case :
395 * we can receive locally generated ICMP messages while socket is held.
397 if (sock_owned_by_user(sk)) {
398 if (!(type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED))
399 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS);
401 if (sk->sk_state == TCP_CLOSE)
404 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
405 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
411 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
412 fastopen = tp->fastopen_rsk;
413 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
414 if (sk->sk_state != TCP_LISTEN &&
415 !between(seq, snd_una, tp->snd_nxt)) {
416 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
422 do_redirect(icmp_skb, sk);
424 case ICMP_SOURCE_QUENCH:
425 /* Just silently ignore these. */
427 case ICMP_PARAMETERPROB:
430 case ICMP_DEST_UNREACH:
431 if (code > NR_ICMP_UNREACH)
434 if (code == ICMP_FRAG_NEEDED) { /* PMTU discovery (RFC1191) */
435 /* We are not interested in TCP_LISTEN and open_requests
436 * (SYN-ACKs send out by Linux are always <576bytes so
437 * they should go through unfragmented).
439 if (sk->sk_state == TCP_LISTEN)
443 if (!sock_owned_by_user(sk)) {
444 tcp_v4_mtu_reduced(sk);
446 if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED, &tp->tsq_flags))
452 err = icmp_err_convert[code].errno;
453 /* check if icmp_skb allows revert of backoff
454 * (see draft-zimmermann-tcp-lcd) */
455 if (code != ICMP_NET_UNREACH && code != ICMP_HOST_UNREACH)
457 if (seq != tp->snd_una || !icsk->icsk_retransmits ||
458 !icsk->icsk_backoff || fastopen)
461 if (sock_owned_by_user(sk))
464 icsk->icsk_backoff--;
465 icsk->icsk_rto = tp->srtt_us ? __tcp_set_rto(tp) :
467 icsk->icsk_rto = inet_csk_rto_backoff(icsk, TCP_RTO_MAX);
469 skb = tcp_write_queue_head(sk);
472 remaining = icsk->icsk_rto -
474 tcp_time_stamp - tcp_skb_timestamp(skb));
477 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
478 remaining, TCP_RTO_MAX);
480 /* RTO revert clocked out retransmission.
481 * Will retransmit now */
482 tcp_retransmit_timer(sk);
486 case ICMP_TIME_EXCEEDED:
493 switch (sk->sk_state) {
496 /* Only in fast or simultaneous open. If a fast open socket is
497 * is already accepted it is treated as a connected one below.
499 if (fastopen && !fastopen->sk)
502 if (!sock_owned_by_user(sk)) {
505 sk->sk_error_report(sk);
509 sk->sk_err_soft = err;
514 /* If we've already connected we will keep trying
515 * until we time out, or the user gives up.
517 * rfc1122 4.2.3.9 allows to consider as hard errors
518 * only PROTO_UNREACH and PORT_UNREACH (well, FRAG_FAILED too,
519 * but it is obsoleted by pmtu discovery).
521 * Note, that in modern internet, where routing is unreliable
522 * and in each dark corner broken firewalls sit, sending random
523 * errors ordered by their masters even this two messages finally lose
524 * their original sense (even Linux sends invalid PORT_UNREACHs)
526 * Now we are in compliance with RFCs.
531 if (!sock_owned_by_user(sk) && inet->recverr) {
533 sk->sk_error_report(sk);
534 } else { /* Only an error on timeout */
535 sk->sk_err_soft = err;
543 void __tcp_v4_send_check(struct sk_buff *skb, __be32 saddr, __be32 daddr)
545 struct tcphdr *th = tcp_hdr(skb);
547 if (skb->ip_summed == CHECKSUM_PARTIAL) {
548 th->check = ~tcp_v4_check(skb->len, saddr, daddr, 0);
549 skb->csum_start = skb_transport_header(skb) - skb->head;
550 skb->csum_offset = offsetof(struct tcphdr, check);
552 th->check = tcp_v4_check(skb->len, saddr, daddr,
559 /* This routine computes an IPv4 TCP checksum. */
560 void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb)
562 const struct inet_sock *inet = inet_sk(sk);
564 __tcp_v4_send_check(skb, inet->inet_saddr, inet->inet_daddr);
566 EXPORT_SYMBOL(tcp_v4_send_check);
569 * This routine will send an RST to the other tcp.
571 * Someone asks: why I NEVER use socket parameters (TOS, TTL etc.)
573 * Answer: if a packet caused RST, it is not for a socket
574 * existing in our system, if it is matched to a socket,
575 * it is just duplicate segment or bug in other side's TCP.
576 * So that we build reply only basing on parameters
577 * arrived with segment.
578 * Exception: precedence violation. We do not implement it in any case.
581 static void tcp_v4_send_reset(const struct sock *sk, struct sk_buff *skb)
583 const struct tcphdr *th = tcp_hdr(skb);
586 #ifdef CONFIG_TCP_MD5SIG
587 __be32 opt[(TCPOLEN_MD5SIG_ALIGNED >> 2)];
590 struct ip_reply_arg arg;
591 #ifdef CONFIG_TCP_MD5SIG
592 struct tcp_md5sig_key *key = NULL;
593 const __u8 *hash_location = NULL;
594 unsigned char newhash[16];
596 struct sock *sk1 = NULL;
600 /* Never send a reset in response to a reset. */
604 /* If sk not NULL, it means we did a successful lookup and incoming
605 * route had to be correct. prequeue might have dropped our dst.
607 if (!sk && skb_rtable(skb)->rt_type != RTN_LOCAL)
610 /* Swap the send and the receive. */
611 memset(&rep, 0, sizeof(rep));
612 rep.th.dest = th->source;
613 rep.th.source = th->dest;
614 rep.th.doff = sizeof(struct tcphdr) / 4;
618 rep.th.seq = th->ack_seq;
621 rep.th.ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin +
622 skb->len - (th->doff << 2));
625 memset(&arg, 0, sizeof(arg));
626 arg.iov[0].iov_base = (unsigned char *)&rep;
627 arg.iov[0].iov_len = sizeof(rep.th);
629 net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
630 #ifdef CONFIG_TCP_MD5SIG
632 hash_location = tcp_parse_md5sig_option(th);
633 if (sk && sk_fullsock(sk)) {
634 key = tcp_md5_do_lookup(sk, (union tcp_md5_addr *)
635 &ip_hdr(skb)->saddr, AF_INET);
636 } else if (hash_location) {
638 * active side is lost. Try to find listening socket through
639 * source port, and then find md5 key through listening socket.
640 * we are not loose security here:
641 * Incoming packet is checked with md5 hash with finding key,
642 * no RST generated if md5 hash doesn't match.
644 sk1 = __inet_lookup_listener(net, &tcp_hashinfo, NULL, 0,
646 th->source, ip_hdr(skb)->daddr,
647 ntohs(th->source), inet_iif(skb));
648 /* don't send rst if it can't find key */
652 key = tcp_md5_do_lookup(sk1, (union tcp_md5_addr *)
653 &ip_hdr(skb)->saddr, AF_INET);
658 genhash = tcp_v4_md5_hash_skb(newhash, key, NULL, skb);
659 if (genhash || memcmp(hash_location, newhash, 16) != 0)
665 rep.opt[0] = htonl((TCPOPT_NOP << 24) |
667 (TCPOPT_MD5SIG << 8) |
669 /* Update length and the length the header thinks exists */
670 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
671 rep.th.doff = arg.iov[0].iov_len / 4;
673 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[1],
674 key, ip_hdr(skb)->saddr,
675 ip_hdr(skb)->daddr, &rep.th);
678 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
679 ip_hdr(skb)->saddr, /* XXX */
680 arg.iov[0].iov_len, IPPROTO_TCP, 0);
681 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
682 arg.flags = (sk && inet_sk_transparent(sk)) ? IP_REPLY_ARG_NOSRCCHECK : 0;
684 /* When socket is gone, all binding information is lost.
685 * routing might fail in this case. No choice here, if we choose to force
686 * input interface, we will misroute in case of asymmetric route.
689 arg.bound_dev_if = sk->sk_bound_dev_if;
691 BUILD_BUG_ON(offsetof(struct sock, sk_bound_dev_if) !=
692 offsetof(struct inet_timewait_sock, tw_bound_dev_if));
694 arg.tos = ip_hdr(skb)->tos;
696 ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
697 skb, &TCP_SKB_CB(skb)->header.h4.opt,
698 ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
699 &arg, arg.iov[0].iov_len);
701 __TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
702 __TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
705 #ifdef CONFIG_TCP_MD5SIG
711 /* The code following below sending ACKs in SYN-RECV and TIME-WAIT states
712 outside socket context is ugly, certainly. What can I do?
715 static void tcp_v4_send_ack(struct net *net,
716 struct sk_buff *skb, u32 seq, u32 ack,
717 u32 win, u32 tsval, u32 tsecr, int oif,
718 struct tcp_md5sig_key *key,
719 int reply_flags, u8 tos)
721 const struct tcphdr *th = tcp_hdr(skb);
724 __be32 opt[(TCPOLEN_TSTAMP_ALIGNED >> 2)
725 #ifdef CONFIG_TCP_MD5SIG
726 + (TCPOLEN_MD5SIG_ALIGNED >> 2)
730 struct ip_reply_arg arg;
732 memset(&rep.th, 0, sizeof(struct tcphdr));
733 memset(&arg, 0, sizeof(arg));
735 arg.iov[0].iov_base = (unsigned char *)&rep;
736 arg.iov[0].iov_len = sizeof(rep.th);
738 rep.opt[0] = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
739 (TCPOPT_TIMESTAMP << 8) |
741 rep.opt[1] = htonl(tsval);
742 rep.opt[2] = htonl(tsecr);
743 arg.iov[0].iov_len += TCPOLEN_TSTAMP_ALIGNED;
746 /* Swap the send and the receive. */
747 rep.th.dest = th->source;
748 rep.th.source = th->dest;
749 rep.th.doff = arg.iov[0].iov_len / 4;
750 rep.th.seq = htonl(seq);
751 rep.th.ack_seq = htonl(ack);
753 rep.th.window = htons(win);
755 #ifdef CONFIG_TCP_MD5SIG
757 int offset = (tsecr) ? 3 : 0;
759 rep.opt[offset++] = htonl((TCPOPT_NOP << 24) |
761 (TCPOPT_MD5SIG << 8) |
763 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
764 rep.th.doff = arg.iov[0].iov_len/4;
766 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[offset],
767 key, ip_hdr(skb)->saddr,
768 ip_hdr(skb)->daddr, &rep.th);
771 arg.flags = reply_flags;
772 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
773 ip_hdr(skb)->saddr, /* XXX */
774 arg.iov[0].iov_len, IPPROTO_TCP, 0);
775 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
777 arg.bound_dev_if = oif;
780 ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
781 skb, &TCP_SKB_CB(skb)->header.h4.opt,
782 ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
783 &arg, arg.iov[0].iov_len);
785 __TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
789 static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb)
791 struct inet_timewait_sock *tw = inet_twsk(sk);
792 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
794 tcp_v4_send_ack(sock_net(sk), skb,
795 tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
796 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
797 tcp_time_stamp + tcptw->tw_ts_offset,
800 tcp_twsk_md5_key(tcptw),
801 tw->tw_transparent ? IP_REPLY_ARG_NOSRCCHECK : 0,
808 static void tcp_v4_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
809 struct request_sock *req)
811 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
812 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
814 u32 seq = (sk->sk_state == TCP_LISTEN) ? tcp_rsk(req)->snt_isn + 1 :
818 * The window field (SEG.WND) of every outgoing segment, with the
819 * exception of <SYN> segments, MUST be right-shifted by
820 * Rcv.Wind.Shift bits:
822 tcp_v4_send_ack(sock_net(sk), skb, seq,
823 tcp_rsk(req)->rcv_nxt,
824 req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale,
828 tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&ip_hdr(skb)->daddr,
830 inet_rsk(req)->no_srccheck ? IP_REPLY_ARG_NOSRCCHECK : 0,
835 * Send a SYN-ACK after having received a SYN.
836 * This still operates on a request_sock only, not on a big
839 static int tcp_v4_send_synack(const struct sock *sk, struct dst_entry *dst,
841 struct request_sock *req,
842 struct tcp_fastopen_cookie *foc,
843 enum tcp_synack_type synack_type)
845 const struct inet_request_sock *ireq = inet_rsk(req);
850 /* First, grab a route. */
851 if (!dst && (dst = inet_csk_route_req(sk, &fl4, req)) == NULL)
854 skb = tcp_make_synack(sk, dst, req, foc, synack_type);
857 __tcp_v4_send_check(skb, ireq->ir_loc_addr, ireq->ir_rmt_addr);
859 err = ip_build_and_send_pkt(skb, sk, ireq->ir_loc_addr,
862 err = net_xmit_eval(err);
869 * IPv4 request_sock destructor.
871 static void tcp_v4_reqsk_destructor(struct request_sock *req)
873 kfree(inet_rsk(req)->opt);
876 #ifdef CONFIG_TCP_MD5SIG
878 * RFC2385 MD5 checksumming requires a mapping of
879 * IP address->MD5 Key.
880 * We need to maintain these in the sk structure.
883 /* Find the Key structure for an address. */
884 struct tcp_md5sig_key *tcp_md5_do_lookup(const struct sock *sk,
885 const union tcp_md5_addr *addr,
888 const struct tcp_sock *tp = tcp_sk(sk);
889 struct tcp_md5sig_key *key;
890 unsigned int size = sizeof(struct in_addr);
891 const struct tcp_md5sig_info *md5sig;
893 /* caller either holds rcu_read_lock() or socket lock */
894 md5sig = rcu_dereference_check(tp->md5sig_info,
895 lockdep_sock_is_held(sk));
898 #if IS_ENABLED(CONFIG_IPV6)
899 if (family == AF_INET6)
900 size = sizeof(struct in6_addr);
902 hlist_for_each_entry_rcu(key, &md5sig->head, node) {
903 if (key->family != family)
905 if (!memcmp(&key->addr, addr, size))
910 EXPORT_SYMBOL(tcp_md5_do_lookup);
912 struct tcp_md5sig_key *tcp_v4_md5_lookup(const struct sock *sk,
913 const struct sock *addr_sk)
915 const union tcp_md5_addr *addr;
917 addr = (const union tcp_md5_addr *)&addr_sk->sk_daddr;
918 return tcp_md5_do_lookup(sk, addr, AF_INET);
920 EXPORT_SYMBOL(tcp_v4_md5_lookup);
922 /* This can be called on a newly created socket, from other files */
923 int tcp_md5_do_add(struct sock *sk, const union tcp_md5_addr *addr,
924 int family, const u8 *newkey, u8 newkeylen, gfp_t gfp)
926 /* Add Key to the list */
927 struct tcp_md5sig_key *key;
928 struct tcp_sock *tp = tcp_sk(sk);
929 struct tcp_md5sig_info *md5sig;
931 key = tcp_md5_do_lookup(sk, addr, family);
933 /* Pre-existing entry - just update that one. */
934 memcpy(key->key, newkey, newkeylen);
935 key->keylen = newkeylen;
939 md5sig = rcu_dereference_protected(tp->md5sig_info,
940 lockdep_sock_is_held(sk));
942 md5sig = kmalloc(sizeof(*md5sig), gfp);
946 sk_nocaps_add(sk, NETIF_F_GSO_MASK);
947 INIT_HLIST_HEAD(&md5sig->head);
948 rcu_assign_pointer(tp->md5sig_info, md5sig);
951 key = sock_kmalloc(sk, sizeof(*key), gfp);
954 if (!tcp_alloc_md5sig_pool()) {
955 sock_kfree_s(sk, key, sizeof(*key));
959 memcpy(key->key, newkey, newkeylen);
960 key->keylen = newkeylen;
961 key->family = family;
962 memcpy(&key->addr, addr,
963 (family == AF_INET6) ? sizeof(struct in6_addr) :
964 sizeof(struct in_addr));
965 hlist_add_head_rcu(&key->node, &md5sig->head);
968 EXPORT_SYMBOL(tcp_md5_do_add);
970 int tcp_md5_do_del(struct sock *sk, const union tcp_md5_addr *addr, int family)
972 struct tcp_md5sig_key *key;
974 key = tcp_md5_do_lookup(sk, addr, family);
977 hlist_del_rcu(&key->node);
978 atomic_sub(sizeof(*key), &sk->sk_omem_alloc);
982 EXPORT_SYMBOL(tcp_md5_do_del);
984 static void tcp_clear_md5_list(struct sock *sk)
986 struct tcp_sock *tp = tcp_sk(sk);
987 struct tcp_md5sig_key *key;
988 struct hlist_node *n;
989 struct tcp_md5sig_info *md5sig;
991 md5sig = rcu_dereference_protected(tp->md5sig_info, 1);
993 hlist_for_each_entry_safe(key, n, &md5sig->head, node) {
994 hlist_del_rcu(&key->node);
995 atomic_sub(sizeof(*key), &sk->sk_omem_alloc);
1000 static int tcp_v4_parse_md5_keys(struct sock *sk, char __user *optval,
1003 struct tcp_md5sig cmd;
1004 struct sockaddr_in *sin = (struct sockaddr_in *)&cmd.tcpm_addr;
1006 if (optlen < sizeof(cmd))
1009 if (copy_from_user(&cmd, optval, sizeof(cmd)))
1012 if (sin->sin_family != AF_INET)
1015 if (!cmd.tcpm_keylen)
1016 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin->sin_addr.s_addr,
1019 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
1022 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin->sin_addr.s_addr,
1023 AF_INET, cmd.tcpm_key, cmd.tcpm_keylen,
1027 static int tcp_v4_md5_hash_headers(struct tcp_md5sig_pool *hp,
1028 __be32 daddr, __be32 saddr,
1029 const struct tcphdr *th, int nbytes)
1031 struct tcp4_pseudohdr *bp;
1032 struct scatterlist sg;
1039 bp->protocol = IPPROTO_TCP;
1040 bp->len = cpu_to_be16(nbytes);
1042 _th = (struct tcphdr *)(bp + 1);
1043 memcpy(_th, th, sizeof(*th));
1046 sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th));
1047 ahash_request_set_crypt(hp->md5_req, &sg, NULL,
1048 sizeof(*bp) + sizeof(*th));
1049 return crypto_ahash_update(hp->md5_req);
1052 static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
1053 __be32 daddr, __be32 saddr, const struct tcphdr *th)
1055 struct tcp_md5sig_pool *hp;
1056 struct ahash_request *req;
1058 hp = tcp_get_md5sig_pool();
1060 goto clear_hash_noput;
1063 if (crypto_ahash_init(req))
1065 if (tcp_v4_md5_hash_headers(hp, daddr, saddr, th, th->doff << 2))
1067 if (tcp_md5_hash_key(hp, key))
1069 ahash_request_set_crypt(req, NULL, md5_hash, 0);
1070 if (crypto_ahash_final(req))
1073 tcp_put_md5sig_pool();
1077 tcp_put_md5sig_pool();
1079 memset(md5_hash, 0, 16);
1083 int tcp_v4_md5_hash_skb(char *md5_hash, const struct tcp_md5sig_key *key,
1084 const struct sock *sk,
1085 const struct sk_buff *skb)
1087 struct tcp_md5sig_pool *hp;
1088 struct ahash_request *req;
1089 const struct tcphdr *th = tcp_hdr(skb);
1090 __be32 saddr, daddr;
1092 if (sk) { /* valid for establish/request sockets */
1093 saddr = sk->sk_rcv_saddr;
1094 daddr = sk->sk_daddr;
1096 const struct iphdr *iph = ip_hdr(skb);
1101 hp = tcp_get_md5sig_pool();
1103 goto clear_hash_noput;
1106 if (crypto_ahash_init(req))
1109 if (tcp_v4_md5_hash_headers(hp, daddr, saddr, th, skb->len))
1111 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
1113 if (tcp_md5_hash_key(hp, key))
1115 ahash_request_set_crypt(req, NULL, md5_hash, 0);
1116 if (crypto_ahash_final(req))
1119 tcp_put_md5sig_pool();
1123 tcp_put_md5sig_pool();
1125 memset(md5_hash, 0, 16);
1128 EXPORT_SYMBOL(tcp_v4_md5_hash_skb);
1132 /* Called with rcu_read_lock() */
1133 static bool tcp_v4_inbound_md5_hash(const struct sock *sk,
1134 const struct sk_buff *skb)
1136 #ifdef CONFIG_TCP_MD5SIG
1138 * This gets called for each TCP segment that arrives
1139 * so we want to be efficient.
1140 * We have 3 drop cases:
1141 * o No MD5 hash and one expected.
1142 * o MD5 hash and we're not expecting one.
1143 * o MD5 hash and its wrong.
1145 const __u8 *hash_location = NULL;
1146 struct tcp_md5sig_key *hash_expected;
1147 const struct iphdr *iph = ip_hdr(skb);
1148 const struct tcphdr *th = tcp_hdr(skb);
1150 unsigned char newhash[16];
1152 hash_expected = tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&iph->saddr,
1154 hash_location = tcp_parse_md5sig_option(th);
1156 /* We've parsed the options - do we have a hash? */
1157 if (!hash_expected && !hash_location)
1160 if (hash_expected && !hash_location) {
1161 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
1165 if (!hash_expected && hash_location) {
1166 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
1170 /* Okay, so this is hash_expected and hash_location -
1171 * so we need to calculate the checksum.
1173 genhash = tcp_v4_md5_hash_skb(newhash,
1177 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
1178 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5FAILURE);
1179 net_info_ratelimited("MD5 Hash failed for (%pI4, %d)->(%pI4, %d)%s\n",
1180 &iph->saddr, ntohs(th->source),
1181 &iph->daddr, ntohs(th->dest),
1182 genhash ? " tcp_v4_calc_md5_hash failed"
1191 static void tcp_v4_init_req(struct request_sock *req,
1192 const struct sock *sk_listener,
1193 struct sk_buff *skb)
1195 struct inet_request_sock *ireq = inet_rsk(req);
1197 sk_rcv_saddr_set(req_to_sk(req), ip_hdr(skb)->daddr);
1198 sk_daddr_set(req_to_sk(req), ip_hdr(skb)->saddr);
1199 ireq->no_srccheck = inet_sk(sk_listener)->transparent;
1200 ireq->opt = tcp_v4_save_options(skb);
1203 static struct dst_entry *tcp_v4_route_req(const struct sock *sk,
1205 const struct request_sock *req,
1208 struct dst_entry *dst = inet_csk_route_req(sk, &fl->u.ip4, req);
1211 if (fl->u.ip4.daddr == inet_rsk(req)->ir_rmt_addr)
1220 struct request_sock_ops tcp_request_sock_ops __read_mostly = {
1222 .obj_size = sizeof(struct tcp_request_sock),
1223 .rtx_syn_ack = tcp_rtx_synack,
1224 .send_ack = tcp_v4_reqsk_send_ack,
1225 .destructor = tcp_v4_reqsk_destructor,
1226 .send_reset = tcp_v4_send_reset,
1227 .syn_ack_timeout = tcp_syn_ack_timeout,
1230 static const struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = {
1231 .mss_clamp = TCP_MSS_DEFAULT,
1232 #ifdef CONFIG_TCP_MD5SIG
1233 .req_md5_lookup = tcp_v4_md5_lookup,
1234 .calc_md5_hash = tcp_v4_md5_hash_skb,
1236 .init_req = tcp_v4_init_req,
1237 #ifdef CONFIG_SYN_COOKIES
1238 .cookie_init_seq = cookie_v4_init_sequence,
1240 .route_req = tcp_v4_route_req,
1241 .init_seq = tcp_v4_init_sequence,
1242 .send_synack = tcp_v4_send_synack,
1245 int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1247 /* Never answer to SYNs send to broadcast or multicast */
1248 if (skb_rtable(skb)->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))
1251 return tcp_conn_request(&tcp_request_sock_ops,
1252 &tcp_request_sock_ipv4_ops, sk, skb);
1258 EXPORT_SYMBOL(tcp_v4_conn_request);
1262 * The three way handshake has completed - we got a valid synack -
1263 * now create the new socket.
1265 struct sock *tcp_v4_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
1266 struct request_sock *req,
1267 struct dst_entry *dst,
1268 struct request_sock *req_unhash,
1271 struct inet_request_sock *ireq;
1272 struct inet_sock *newinet;
1273 struct tcp_sock *newtp;
1275 #ifdef CONFIG_TCP_MD5SIG
1276 struct tcp_md5sig_key *key;
1278 struct ip_options_rcu *inet_opt;
1280 if (sk_acceptq_is_full(sk))
1283 newsk = tcp_create_openreq_child(sk, req, skb);
1287 newsk->sk_gso_type = SKB_GSO_TCPV4;
1288 inet_sk_rx_dst_set(newsk, skb);
1290 newtp = tcp_sk(newsk);
1291 newinet = inet_sk(newsk);
1292 ireq = inet_rsk(req);
1293 sk_daddr_set(newsk, ireq->ir_rmt_addr);
1294 sk_rcv_saddr_set(newsk, ireq->ir_loc_addr);
1295 newsk->sk_bound_dev_if = ireq->ir_iif;
1296 newinet->inet_saddr = ireq->ir_loc_addr;
1297 inet_opt = ireq->opt;
1298 rcu_assign_pointer(newinet->inet_opt, inet_opt);
1300 newinet->mc_index = inet_iif(skb);
1301 newinet->mc_ttl = ip_hdr(skb)->ttl;
1302 newinet->rcv_tos = ip_hdr(skb)->tos;
1303 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1305 inet_csk(newsk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
1306 newinet->inet_id = newtp->write_seq ^ jiffies;
1309 dst = inet_csk_route_child_sock(sk, newsk, req);
1313 /* syncookie case : see end of cookie_v4_check() */
1315 sk_setup_caps(newsk, dst);
1317 tcp_ca_openreq_child(newsk, dst);
1319 tcp_sync_mss(newsk, dst_mtu(dst));
1320 newtp->advmss = dst_metric_advmss(dst);
1321 if (tcp_sk(sk)->rx_opt.user_mss &&
1322 tcp_sk(sk)->rx_opt.user_mss < newtp->advmss)
1323 newtp->advmss = tcp_sk(sk)->rx_opt.user_mss;
1325 tcp_initialize_rcv_mss(newsk);
1327 #ifdef CONFIG_TCP_MD5SIG
1328 /* Copy over the MD5 key from the original socket */
1329 key = tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&newinet->inet_daddr,
1333 * We're using one, so create a matching key
1334 * on the newsk structure. If we fail to get
1335 * memory, then we end up not copying the key
1338 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newinet->inet_daddr,
1339 AF_INET, key->key, key->keylen, GFP_ATOMIC);
1340 sk_nocaps_add(newsk, NETIF_F_GSO_MASK);
1344 if (__inet_inherit_port(sk, newsk) < 0)
1346 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash));
1348 tcp_move_syn(newtp, req);
1353 NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1360 inet_csk_prepare_forced_close(newsk);
1364 EXPORT_SYMBOL(tcp_v4_syn_recv_sock);
1366 static struct sock *tcp_v4_cookie_check(struct sock *sk, struct sk_buff *skb)
1368 #ifdef CONFIG_SYN_COOKIES
1369 const struct tcphdr *th = tcp_hdr(skb);
1372 sk = cookie_v4_check(sk, skb);
1377 /* The socket must have it's spinlock held when we get
1378 * here, unless it is a TCP_LISTEN socket.
1380 * We have a potential double-lock case here, so even when
1381 * doing backlog processing we use the BH locking scheme.
1382 * This is because we cannot sleep with the original spinlock
1385 int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
1389 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1390 struct dst_entry *dst = sk->sk_rx_dst;
1392 sock_rps_save_rxhash(sk, skb);
1393 sk_mark_napi_id(sk, skb);
1395 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
1396 !dst->ops->check(dst, 0)) {
1398 sk->sk_rx_dst = NULL;
1401 tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len);
1405 if (tcp_checksum_complete(skb))
1408 if (sk->sk_state == TCP_LISTEN) {
1409 struct sock *nsk = tcp_v4_cookie_check(sk, skb);
1414 sock_rps_save_rxhash(nsk, skb);
1415 sk_mark_napi_id(nsk, skb);
1416 if (tcp_child_process(sk, nsk, skb)) {
1423 sock_rps_save_rxhash(sk, skb);
1425 if (tcp_rcv_state_process(sk, skb)) {
1432 tcp_v4_send_reset(rsk, skb);
1435 /* Be careful here. If this function gets more complicated and
1436 * gcc suffers from register pressure on the x86, sk (in %ebx)
1437 * might be destroyed here. This current version compiles correctly,
1438 * but you have been warned.
1443 TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS);
1444 TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS);
1447 EXPORT_SYMBOL(tcp_v4_do_rcv);
1449 void tcp_v4_early_demux(struct sk_buff *skb)
1451 const struct iphdr *iph;
1452 const struct tcphdr *th;
1455 if (skb->pkt_type != PACKET_HOST)
1458 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1464 if (th->doff < sizeof(struct tcphdr) / 4)
1467 sk = __inet_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1468 iph->saddr, th->source,
1469 iph->daddr, ntohs(th->dest),
1473 skb->destructor = sock_edemux;
1474 if (sk_fullsock(sk)) {
1475 struct dst_entry *dst = READ_ONCE(sk->sk_rx_dst);
1478 dst = dst_check(dst, 0);
1480 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
1481 skb_dst_set_noref(skb, dst);
1486 /* Packet is added to VJ-style prequeue for processing in process
1487 * context, if a reader task is waiting. Apparently, this exciting
1488 * idea (VJ's mail "Re: query about TCP header on tcp-ip" of 07 Sep 93)
1489 * failed somewhere. Latency? Burstiness? Well, at least now we will
1490 * see, why it failed. 8)8) --ANK
1493 bool tcp_prequeue(struct sock *sk, struct sk_buff *skb)
1495 struct tcp_sock *tp = tcp_sk(sk);
1497 if (sysctl_tcp_low_latency || !tp->ucopy.task)
1500 if (skb->len <= tcp_hdrlen(skb) &&
1501 skb_queue_len(&tp->ucopy.prequeue) == 0)
1504 /* Before escaping RCU protected region, we need to take care of skb
1505 * dst. Prequeue is only enabled for established sockets.
1506 * For such sockets, we might need the skb dst only to set sk->sk_rx_dst
1507 * Instead of doing full sk_rx_dst validity here, let's perform
1508 * an optimistic check.
1510 if (likely(sk->sk_rx_dst))
1513 skb_dst_force_safe(skb);
1515 __skb_queue_tail(&tp->ucopy.prequeue, skb);
1516 tp->ucopy.memory += skb->truesize;
1517 if (skb_queue_len(&tp->ucopy.prequeue) >= 32 ||
1518 tp->ucopy.memory + atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf) {
1519 struct sk_buff *skb1;
1521 BUG_ON(sock_owned_by_user(sk));
1522 __NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPPREQUEUEDROPPED,
1523 skb_queue_len(&tp->ucopy.prequeue));
1525 while ((skb1 = __skb_dequeue(&tp->ucopy.prequeue)) != NULL)
1526 sk_backlog_rcv(sk, skb1);
1528 tp->ucopy.memory = 0;
1529 } else if (skb_queue_len(&tp->ucopy.prequeue) == 1) {
1530 wake_up_interruptible_sync_poll(sk_sleep(sk),
1531 POLLIN | POLLRDNORM | POLLRDBAND);
1532 if (!inet_csk_ack_scheduled(sk))
1533 inet_csk_reset_xmit_timer(sk, ICSK_TIME_DACK,
1534 (3 * tcp_rto_min(sk)) / 4,
1539 EXPORT_SYMBOL(tcp_prequeue);
1541 bool tcp_add_backlog(struct sock *sk, struct sk_buff *skb)
1543 u32 limit = sk->sk_rcvbuf + sk->sk_sndbuf;
1545 /* Only socket owner can try to collapse/prune rx queues
1546 * to reduce memory overhead, so add a little headroom here.
1547 * Few sockets backlog are possibly concurrently non empty.
1551 /* In case all data was pulled from skb frags (in __pskb_pull_tail()),
1552 * we can fix skb->truesize to its real value to avoid future drops.
1553 * This is valid because skb is not yet charged to the socket.
1554 * It has been noticed pure SACK packets were sometimes dropped
1555 * (if cooked by drivers without copybreak feature).
1558 skb->truesize = SKB_TRUESIZE(skb_end_offset(skb));
1560 if (unlikely(sk_add_backlog(sk, skb, limit))) {
1562 __NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPBACKLOGDROP);
1567 EXPORT_SYMBOL(tcp_add_backlog);
1573 int tcp_v4_rcv(struct sk_buff *skb)
1575 struct net *net = dev_net(skb->dev);
1576 const struct iphdr *iph;
1577 const struct tcphdr *th;
1582 if (skb->pkt_type != PACKET_HOST)
1585 /* Count it even if it's bad */
1586 __TCP_INC_STATS(net, TCP_MIB_INSEGS);
1588 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1591 th = (const struct tcphdr *)skb->data;
1593 if (unlikely(th->doff < sizeof(struct tcphdr) / 4))
1595 if (!pskb_may_pull(skb, th->doff * 4))
1598 /* An explanation is required here, I think.
1599 * Packet length and doff are validated by header prediction,
1600 * provided case of th->doff==0 is eliminated.
1601 * So, we defer the checks. */
1603 if (skb_checksum_init(skb, IPPROTO_TCP, inet_compute_pseudo))
1606 th = (const struct tcphdr *)skb->data;
1608 /* This is tricky : We move IPCB at its correct location into TCP_SKB_CB()
1609 * barrier() makes sure compiler wont play fool^Waliasing games.
1611 memmove(&TCP_SKB_CB(skb)->header.h4, IPCB(skb),
1612 sizeof(struct inet_skb_parm));
1615 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1616 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1617 skb->len - th->doff * 4);
1618 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1619 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1620 TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1621 TCP_SKB_CB(skb)->ip_dsfield = ipv4_get_dsfield(iph);
1622 TCP_SKB_CB(skb)->sacked = 0;
1625 sk = __inet_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th), th->source,
1626 th->dest, &refcounted);
1631 if (sk->sk_state == TCP_TIME_WAIT)
1634 if (sk->sk_state == TCP_NEW_SYN_RECV) {
1635 struct request_sock *req = inet_reqsk(sk);
1638 sk = req->rsk_listener;
1639 if (unlikely(tcp_v4_inbound_md5_hash(sk, skb))) {
1640 sk_drops_add(sk, skb);
1644 if (unlikely(sk->sk_state != TCP_LISTEN)) {
1645 inet_csk_reqsk_queue_drop_and_put(sk, req);
1648 /* We own a reference on the listener, increase it again
1649 * as we might lose it too soon.
1653 nsk = tcp_check_req(sk, skb, req, false);
1656 goto discard_and_relse;
1660 } else if (tcp_child_process(sk, nsk, skb)) {
1661 tcp_v4_send_reset(nsk, skb);
1662 goto discard_and_relse;
1668 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
1669 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
1670 goto discard_and_relse;
1673 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
1674 goto discard_and_relse;
1676 if (tcp_v4_inbound_md5_hash(sk, skb))
1677 goto discard_and_relse;
1681 if (sk_filter(sk, skb))
1682 goto discard_and_relse;
1686 if (sk->sk_state == TCP_LISTEN) {
1687 ret = tcp_v4_do_rcv(sk, skb);
1688 goto put_and_return;
1691 sk_incoming_cpu_update(sk);
1693 bh_lock_sock_nested(sk);
1694 tcp_segs_in(tcp_sk(sk), skb);
1696 if (!sock_owned_by_user(sk)) {
1697 if (!tcp_prequeue(sk, skb))
1698 ret = tcp_v4_do_rcv(sk, skb);
1699 } else if (tcp_add_backlog(sk, skb)) {
1700 goto discard_and_relse;
1711 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
1714 if (tcp_checksum_complete(skb)) {
1716 __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS);
1718 __TCP_INC_STATS(net, TCP_MIB_INERRS);
1720 tcp_v4_send_reset(NULL, skb);
1724 /* Discard frame. */
1729 sk_drops_add(sk, skb);
1735 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1736 inet_twsk_put(inet_twsk(sk));
1740 if (tcp_checksum_complete(skb)) {
1741 inet_twsk_put(inet_twsk(sk));
1744 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1746 struct sock *sk2 = inet_lookup_listener(dev_net(skb->dev),
1749 iph->saddr, th->source,
1750 iph->daddr, th->dest,
1753 inet_twsk_deschedule_put(inet_twsk(sk));
1758 /* Fall through to ACK */
1761 tcp_v4_timewait_ack(sk, skb);
1764 tcp_v4_send_reset(sk, skb);
1765 inet_twsk_deschedule_put(inet_twsk(sk));
1767 case TCP_TW_SUCCESS:;
1772 static struct timewait_sock_ops tcp_timewait_sock_ops = {
1773 .twsk_obj_size = sizeof(struct tcp_timewait_sock),
1774 .twsk_unique = tcp_twsk_unique,
1775 .twsk_destructor= tcp_twsk_destructor,
1778 void inet_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
1780 struct dst_entry *dst = skb_dst(skb);
1782 if (dst && dst_hold_safe(dst)) {
1783 sk->sk_rx_dst = dst;
1784 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
1787 EXPORT_SYMBOL(inet_sk_rx_dst_set);
1789 const struct inet_connection_sock_af_ops ipv4_specific = {
1790 .queue_xmit = ip_queue_xmit,
1791 .send_check = tcp_v4_send_check,
1792 .rebuild_header = inet_sk_rebuild_header,
1793 .sk_rx_dst_set = inet_sk_rx_dst_set,
1794 .conn_request = tcp_v4_conn_request,
1795 .syn_recv_sock = tcp_v4_syn_recv_sock,
1796 .net_header_len = sizeof(struct iphdr),
1797 .setsockopt = ip_setsockopt,
1798 .getsockopt = ip_getsockopt,
1799 .addr2sockaddr = inet_csk_addr2sockaddr,
1800 .sockaddr_len = sizeof(struct sockaddr_in),
1801 .bind_conflict = inet_csk_bind_conflict,
1802 #ifdef CONFIG_COMPAT
1803 .compat_setsockopt = compat_ip_setsockopt,
1804 .compat_getsockopt = compat_ip_getsockopt,
1806 .mtu_reduced = tcp_v4_mtu_reduced,
1808 EXPORT_SYMBOL(ipv4_specific);
1810 #ifdef CONFIG_TCP_MD5SIG
1811 static const struct tcp_sock_af_ops tcp_sock_ipv4_specific = {
1812 .md5_lookup = tcp_v4_md5_lookup,
1813 .calc_md5_hash = tcp_v4_md5_hash_skb,
1814 .md5_parse = tcp_v4_parse_md5_keys,
1818 /* NOTE: A lot of things set to zero explicitly by call to
1819 * sk_alloc() so need not be done here.
1821 static int tcp_v4_init_sock(struct sock *sk)
1823 struct inet_connection_sock *icsk = inet_csk(sk);
1827 icsk->icsk_af_ops = &ipv4_specific;
1829 #ifdef CONFIG_TCP_MD5SIG
1830 tcp_sk(sk)->af_specific = &tcp_sock_ipv4_specific;
1836 void tcp_v4_destroy_sock(struct sock *sk)
1838 struct tcp_sock *tp = tcp_sk(sk);
1840 tcp_clear_xmit_timers(sk);
1842 tcp_cleanup_congestion_control(sk);
1844 /* Cleanup up the write buffer. */
1845 tcp_write_queue_purge(sk);
1847 /* Cleans up our, hopefully empty, out_of_order_queue. */
1848 __skb_queue_purge(&tp->out_of_order_queue);
1850 #ifdef CONFIG_TCP_MD5SIG
1851 /* Clean up the MD5 key list, if any */
1852 if (tp->md5sig_info) {
1853 tcp_clear_md5_list(sk);
1854 kfree_rcu(tp->md5sig_info, rcu);
1855 tp->md5sig_info = NULL;
1859 /* Clean prequeue, it must be empty really */
1860 __skb_queue_purge(&tp->ucopy.prequeue);
1862 /* Clean up a referenced TCP bind bucket. */
1863 if (inet_csk(sk)->icsk_bind_hash)
1866 BUG_ON(tp->fastopen_rsk);
1868 /* If socket is aborted during connect operation */
1869 tcp_free_fastopen_req(tp);
1870 tcp_saved_syn_free(tp);
1873 sk_sockets_allocated_dec(sk);
1876 if (mem_cgroup_sockets_enabled && sk->sk_memcg)
1877 sock_release_memcg(sk);
1879 EXPORT_SYMBOL(tcp_v4_destroy_sock);
1881 #ifdef CONFIG_PROC_FS
1882 /* Proc filesystem TCP sock list dumping. */
1885 * Get next listener socket follow cur. If cur is NULL, get first socket
1886 * starting from bucket given in st->bucket; when st->bucket is zero the
1887 * very first socket in the hash table is returned.
1889 static void *listening_get_next(struct seq_file *seq, void *cur)
1891 struct tcp_iter_state *st = seq->private;
1892 struct net *net = seq_file_net(seq);
1893 struct inet_listen_hashbucket *ilb;
1894 struct inet_connection_sock *icsk;
1895 struct sock *sk = cur;
1899 ilb = &tcp_hashinfo.listening_hash[st->bucket];
1900 spin_lock_bh(&ilb->lock);
1901 sk = sk_head(&ilb->head);
1905 ilb = &tcp_hashinfo.listening_hash[st->bucket];
1911 sk_for_each_from(sk) {
1912 if (!net_eq(sock_net(sk), net))
1914 if (sk->sk_family == st->family)
1916 icsk = inet_csk(sk);
1918 spin_unlock_bh(&ilb->lock);
1920 if (++st->bucket < INET_LHTABLE_SIZE)
1925 static void *listening_get_idx(struct seq_file *seq, loff_t *pos)
1927 struct tcp_iter_state *st = seq->private;
1932 rc = listening_get_next(seq, NULL);
1934 while (rc && *pos) {
1935 rc = listening_get_next(seq, rc);
1941 static inline bool empty_bucket(const struct tcp_iter_state *st)
1943 return hlist_nulls_empty(&tcp_hashinfo.ehash[st->bucket].chain);
1947 * Get first established socket starting from bucket given in st->bucket.
1948 * If st->bucket is zero, the very first socket in the hash is returned.
1950 static void *established_get_first(struct seq_file *seq)
1952 struct tcp_iter_state *st = seq->private;
1953 struct net *net = seq_file_net(seq);
1957 for (; st->bucket <= tcp_hashinfo.ehash_mask; ++st->bucket) {
1959 struct hlist_nulls_node *node;
1960 spinlock_t *lock = inet_ehash_lockp(&tcp_hashinfo, st->bucket);
1962 /* Lockless fast path for the common case of empty buckets */
1963 if (empty_bucket(st))
1967 sk_nulls_for_each(sk, node, &tcp_hashinfo.ehash[st->bucket].chain) {
1968 if (sk->sk_family != st->family ||
1969 !net_eq(sock_net(sk), net)) {
1975 spin_unlock_bh(lock);
1981 static void *established_get_next(struct seq_file *seq, void *cur)
1983 struct sock *sk = cur;
1984 struct hlist_nulls_node *node;
1985 struct tcp_iter_state *st = seq->private;
1986 struct net *net = seq_file_net(seq);
1991 sk = sk_nulls_next(sk);
1993 sk_nulls_for_each_from(sk, node) {
1994 if (sk->sk_family == st->family && net_eq(sock_net(sk), net))
1998 spin_unlock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2000 return established_get_first(seq);
2003 static void *established_get_idx(struct seq_file *seq, loff_t pos)
2005 struct tcp_iter_state *st = seq->private;
2009 rc = established_get_first(seq);
2012 rc = established_get_next(seq, rc);
2018 static void *tcp_get_idx(struct seq_file *seq, loff_t pos)
2021 struct tcp_iter_state *st = seq->private;
2023 st->state = TCP_SEQ_STATE_LISTENING;
2024 rc = listening_get_idx(seq, &pos);
2027 st->state = TCP_SEQ_STATE_ESTABLISHED;
2028 rc = established_get_idx(seq, pos);
2034 static void *tcp_seek_last_pos(struct seq_file *seq)
2036 struct tcp_iter_state *st = seq->private;
2037 int offset = st->offset;
2038 int orig_num = st->num;
2041 switch (st->state) {
2042 case TCP_SEQ_STATE_LISTENING:
2043 if (st->bucket >= INET_LHTABLE_SIZE)
2045 st->state = TCP_SEQ_STATE_LISTENING;
2046 rc = listening_get_next(seq, NULL);
2047 while (offset-- && rc)
2048 rc = listening_get_next(seq, rc);
2052 st->state = TCP_SEQ_STATE_ESTABLISHED;
2054 case TCP_SEQ_STATE_ESTABLISHED:
2055 if (st->bucket > tcp_hashinfo.ehash_mask)
2057 rc = established_get_first(seq);
2058 while (offset-- && rc)
2059 rc = established_get_next(seq, rc);
2067 static void *tcp_seq_start(struct seq_file *seq, loff_t *pos)
2069 struct tcp_iter_state *st = seq->private;
2072 if (*pos && *pos == st->last_pos) {
2073 rc = tcp_seek_last_pos(seq);
2078 st->state = TCP_SEQ_STATE_LISTENING;
2082 rc = *pos ? tcp_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2085 st->last_pos = *pos;
2089 static void *tcp_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2091 struct tcp_iter_state *st = seq->private;
2094 if (v == SEQ_START_TOKEN) {
2095 rc = tcp_get_idx(seq, 0);
2099 switch (st->state) {
2100 case TCP_SEQ_STATE_LISTENING:
2101 rc = listening_get_next(seq, v);
2103 st->state = TCP_SEQ_STATE_ESTABLISHED;
2106 rc = established_get_first(seq);
2109 case TCP_SEQ_STATE_ESTABLISHED:
2110 rc = established_get_next(seq, v);
2115 st->last_pos = *pos;
2119 static void tcp_seq_stop(struct seq_file *seq, void *v)
2121 struct tcp_iter_state *st = seq->private;
2123 switch (st->state) {
2124 case TCP_SEQ_STATE_LISTENING:
2125 if (v != SEQ_START_TOKEN)
2126 spin_unlock_bh(&tcp_hashinfo.listening_hash[st->bucket].lock);
2128 case TCP_SEQ_STATE_ESTABLISHED:
2130 spin_unlock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2135 int tcp_seq_open(struct inode *inode, struct file *file)
2137 struct tcp_seq_afinfo *afinfo = PDE_DATA(inode);
2138 struct tcp_iter_state *s;
2141 err = seq_open_net(inode, file, &afinfo->seq_ops,
2142 sizeof(struct tcp_iter_state));
2146 s = ((struct seq_file *)file->private_data)->private;
2147 s->family = afinfo->family;
2151 EXPORT_SYMBOL(tcp_seq_open);
2153 int tcp_proc_register(struct net *net, struct tcp_seq_afinfo *afinfo)
2156 struct proc_dir_entry *p;
2158 afinfo->seq_ops.start = tcp_seq_start;
2159 afinfo->seq_ops.next = tcp_seq_next;
2160 afinfo->seq_ops.stop = tcp_seq_stop;
2162 p = proc_create_data(afinfo->name, S_IRUGO, net->proc_net,
2163 afinfo->seq_fops, afinfo);
2168 EXPORT_SYMBOL(tcp_proc_register);
2170 void tcp_proc_unregister(struct net *net, struct tcp_seq_afinfo *afinfo)
2172 remove_proc_entry(afinfo->name, net->proc_net);
2174 EXPORT_SYMBOL(tcp_proc_unregister);
2176 static void get_openreq4(const struct request_sock *req,
2177 struct seq_file *f, int i)
2179 const struct inet_request_sock *ireq = inet_rsk(req);
2180 long delta = req->rsk_timer.expires - jiffies;
2182 seq_printf(f, "%4d: %08X:%04X %08X:%04X"
2183 " %02X %08X:%08X %02X:%08lX %08X %5u %8d %u %d %pK",
2188 ntohs(ireq->ir_rmt_port),
2190 0, 0, /* could print option size, but that is af dependent. */
2191 1, /* timers active (only the expire timer) */
2192 jiffies_delta_to_clock_t(delta),
2194 from_kuid_munged(seq_user_ns(f),
2195 sock_i_uid(req->rsk_listener)),
2196 0, /* non standard timer */
2197 0, /* open_requests have no inode */
2202 static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i)
2205 unsigned long timer_expires;
2206 const struct tcp_sock *tp = tcp_sk(sk);
2207 const struct inet_connection_sock *icsk = inet_csk(sk);
2208 const struct inet_sock *inet = inet_sk(sk);
2209 const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq;
2210 __be32 dest = inet->inet_daddr;
2211 __be32 src = inet->inet_rcv_saddr;
2212 __u16 destp = ntohs(inet->inet_dport);
2213 __u16 srcp = ntohs(inet->inet_sport);
2217 if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
2218 icsk->icsk_pending == ICSK_TIME_EARLY_RETRANS ||
2219 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
2221 timer_expires = icsk->icsk_timeout;
2222 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2224 timer_expires = icsk->icsk_timeout;
2225 } else if (timer_pending(&sk->sk_timer)) {
2227 timer_expires = sk->sk_timer.expires;
2230 timer_expires = jiffies;
2233 state = sk_state_load(sk);
2234 if (state == TCP_LISTEN)
2235 rx_queue = sk->sk_ack_backlog;
2237 /* Because we don't lock the socket,
2238 * we might find a transient negative value.
2240 rx_queue = max_t(int, tp->rcv_nxt - tp->copied_seq, 0);
2242 seq_printf(f, "%4d: %08X:%04X %08X:%04X %02X %08X:%08X %02X:%08lX "
2243 "%08X %5u %8d %lu %d %pK %lu %lu %u %u %d",
2244 i, src, srcp, dest, destp, state,
2245 tp->write_seq - tp->snd_una,
2248 jiffies_delta_to_clock_t(timer_expires - jiffies),
2249 icsk->icsk_retransmits,
2250 from_kuid_munged(seq_user_ns(f), sock_i_uid(sk)),
2251 icsk->icsk_probes_out,
2253 atomic_read(&sk->sk_refcnt), sk,
2254 jiffies_to_clock_t(icsk->icsk_rto),
2255 jiffies_to_clock_t(icsk->icsk_ack.ato),
2256 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
2258 state == TCP_LISTEN ?
2259 fastopenq->max_qlen :
2260 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh));
2263 static void get_timewait4_sock(const struct inet_timewait_sock *tw,
2264 struct seq_file *f, int i)
2266 long delta = tw->tw_timer.expires - jiffies;
2270 dest = tw->tw_daddr;
2271 src = tw->tw_rcv_saddr;
2272 destp = ntohs(tw->tw_dport);
2273 srcp = ntohs(tw->tw_sport);
2275 seq_printf(f, "%4d: %08X:%04X %08X:%04X"
2276 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK",
2277 i, src, srcp, dest, destp, tw->tw_substate, 0, 0,
2278 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
2279 atomic_read(&tw->tw_refcnt), tw);
2284 static int tcp4_seq_show(struct seq_file *seq, void *v)
2286 struct tcp_iter_state *st;
2287 struct sock *sk = v;
2289 seq_setwidth(seq, TMPSZ - 1);
2290 if (v == SEQ_START_TOKEN) {
2291 seq_puts(seq, " sl local_address rem_address st tx_queue "
2292 "rx_queue tr tm->when retrnsmt uid timeout "
2298 if (sk->sk_state == TCP_TIME_WAIT)
2299 get_timewait4_sock(v, seq, st->num);
2300 else if (sk->sk_state == TCP_NEW_SYN_RECV)
2301 get_openreq4(v, seq, st->num);
2303 get_tcp4_sock(v, seq, st->num);
2309 static const struct file_operations tcp_afinfo_seq_fops = {
2310 .owner = THIS_MODULE,
2311 .open = tcp_seq_open,
2313 .llseek = seq_lseek,
2314 .release = seq_release_net
2317 static struct tcp_seq_afinfo tcp4_seq_afinfo = {
2320 .seq_fops = &tcp_afinfo_seq_fops,
2322 .show = tcp4_seq_show,
2326 static int __net_init tcp4_proc_init_net(struct net *net)
2328 return tcp_proc_register(net, &tcp4_seq_afinfo);
2331 static void __net_exit tcp4_proc_exit_net(struct net *net)
2333 tcp_proc_unregister(net, &tcp4_seq_afinfo);
2336 static struct pernet_operations tcp4_net_ops = {
2337 .init = tcp4_proc_init_net,
2338 .exit = tcp4_proc_exit_net,
2341 int __init tcp4_proc_init(void)
2343 return register_pernet_subsys(&tcp4_net_ops);
2346 void tcp4_proc_exit(void)
2348 unregister_pernet_subsys(&tcp4_net_ops);
2350 #endif /* CONFIG_PROC_FS */
2352 struct proto tcp_prot = {
2354 .owner = THIS_MODULE,
2356 .connect = tcp_v4_connect,
2357 .disconnect = tcp_disconnect,
2358 .accept = inet_csk_accept,
2360 .init = tcp_v4_init_sock,
2361 .destroy = tcp_v4_destroy_sock,
2362 .shutdown = tcp_shutdown,
2363 .setsockopt = tcp_setsockopt,
2364 .getsockopt = tcp_getsockopt,
2365 .recvmsg = tcp_recvmsg,
2366 .sendmsg = tcp_sendmsg,
2367 .sendpage = tcp_sendpage,
2368 .backlog_rcv = tcp_v4_do_rcv,
2369 .release_cb = tcp_release_cb,
2371 .unhash = inet_unhash,
2372 .get_port = inet_csk_get_port,
2373 .enter_memory_pressure = tcp_enter_memory_pressure,
2374 .stream_memory_free = tcp_stream_memory_free,
2375 .sockets_allocated = &tcp_sockets_allocated,
2376 .orphan_count = &tcp_orphan_count,
2377 .memory_allocated = &tcp_memory_allocated,
2378 .memory_pressure = &tcp_memory_pressure,
2379 .sysctl_mem = sysctl_tcp_mem,
2380 .sysctl_wmem = sysctl_tcp_wmem,
2381 .sysctl_rmem = sysctl_tcp_rmem,
2382 .max_header = MAX_TCP_HEADER,
2383 .obj_size = sizeof(struct tcp_sock),
2384 .slab_flags = SLAB_DESTROY_BY_RCU,
2385 .twsk_prot = &tcp_timewait_sock_ops,
2386 .rsk_prot = &tcp_request_sock_ops,
2387 .h.hashinfo = &tcp_hashinfo,
2388 .no_autobind = true,
2389 #ifdef CONFIG_COMPAT
2390 .compat_setsockopt = compat_tcp_setsockopt,
2391 .compat_getsockopt = compat_tcp_getsockopt,
2393 .diag_destroy = tcp_abort,
2395 EXPORT_SYMBOL(tcp_prot);
2397 static void __net_exit tcp_sk_exit(struct net *net)
2401 for_each_possible_cpu(cpu)
2402 inet_ctl_sock_destroy(*per_cpu_ptr(net->ipv4.tcp_sk, cpu));
2403 free_percpu(net->ipv4.tcp_sk);
2406 static int __net_init tcp_sk_init(struct net *net)
2410 net->ipv4.tcp_sk = alloc_percpu(struct sock *);
2411 if (!net->ipv4.tcp_sk)
2414 for_each_possible_cpu(cpu) {
2417 res = inet_ctl_sock_create(&sk, PF_INET, SOCK_RAW,
2421 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
2422 *per_cpu_ptr(net->ipv4.tcp_sk, cpu) = sk;
2425 net->ipv4.sysctl_tcp_ecn = 2;
2426 net->ipv4.sysctl_tcp_ecn_fallback = 1;
2428 net->ipv4.sysctl_tcp_base_mss = TCP_BASE_MSS;
2429 net->ipv4.sysctl_tcp_probe_threshold = TCP_PROBE_THRESHOLD;
2430 net->ipv4.sysctl_tcp_probe_interval = TCP_PROBE_INTERVAL;
2432 net->ipv4.sysctl_tcp_keepalive_time = TCP_KEEPALIVE_TIME;
2433 net->ipv4.sysctl_tcp_keepalive_probes = TCP_KEEPALIVE_PROBES;
2434 net->ipv4.sysctl_tcp_keepalive_intvl = TCP_KEEPALIVE_INTVL;
2436 net->ipv4.sysctl_tcp_syn_retries = TCP_SYN_RETRIES;
2437 net->ipv4.sysctl_tcp_synack_retries = TCP_SYNACK_RETRIES;
2438 net->ipv4.sysctl_tcp_syncookies = 1;
2439 net->ipv4.sysctl_tcp_reordering = TCP_FASTRETRANS_THRESH;
2440 net->ipv4.sysctl_tcp_retries1 = TCP_RETR1;
2441 net->ipv4.sysctl_tcp_retries2 = TCP_RETR2;
2442 net->ipv4.sysctl_tcp_orphan_retries = 0;
2443 net->ipv4.sysctl_tcp_fin_timeout = TCP_FIN_TIMEOUT;
2444 net->ipv4.sysctl_tcp_notsent_lowat = UINT_MAX;
2453 static void __net_exit tcp_sk_exit_batch(struct list_head *net_exit_list)
2455 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET);
2458 static struct pernet_operations __net_initdata tcp_sk_ops = {
2459 .init = tcp_sk_init,
2460 .exit = tcp_sk_exit,
2461 .exit_batch = tcp_sk_exit_batch,
2464 void __init tcp_v4_init(void)
2466 inet_hashinfo_init(&tcp_hashinfo);
2467 if (register_pernet_subsys(&tcp_sk_ops))
2468 panic("Failed to create the TCP control socket.\n");
projects / cascardo / linux.git / blob