aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4/tcp_ipv4.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv4/tcp_ipv4.c')
-rw-r--r--net/ipv4/tcp_ipv4.c232
1 files changed, 162 insertions, 70 deletions
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 7cda24b53f61..3c23e70885f4 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -60,6 +60,7 @@
60#include <linux/jhash.h> 60#include <linux/jhash.h>
61#include <linux/init.h> 61#include <linux/init.h>
62#include <linux/times.h> 62#include <linux/times.h>
63#include <linux/slab.h>
63 64
64#include <net/net_namespace.h> 65#include <net/net_namespace.h>
65#include <net/icmp.h> 66#include <net/icmp.h>
@@ -165,10 +166,10 @@ int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
165 nexthop = inet->opt->faddr; 166 nexthop = inet->opt->faddr;
166 } 167 }
167 168
168 tmp = ip_route_connect(&rt, nexthop, inet->saddr, 169 tmp = ip_route_connect(&rt, nexthop, inet->inet_saddr,
169 RT_CONN_FLAGS(sk), sk->sk_bound_dev_if, 170 RT_CONN_FLAGS(sk), sk->sk_bound_dev_if,
170 IPPROTO_TCP, 171 IPPROTO_TCP,
171 inet->sport, usin->sin_port, sk, 1); 172 inet->inet_sport, usin->sin_port, sk, 1);
172 if (tmp < 0) { 173 if (tmp < 0) {
173 if (tmp == -ENETUNREACH) 174 if (tmp == -ENETUNREACH)
174 IP_INC_STATS_BH(sock_net(sk), IPSTATS_MIB_OUTNOROUTES); 175 IP_INC_STATS_BH(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
@@ -183,11 +184,11 @@ int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
183 if (!inet->opt || !inet->opt->srr) 184 if (!inet->opt || !inet->opt->srr)
184 daddr = rt->rt_dst; 185 daddr = rt->rt_dst;
185 186
186 if (!inet->saddr) 187 if (!inet->inet_saddr)
187 inet->saddr = rt->rt_src; 188 inet->inet_saddr = rt->rt_src;
188 inet->rcv_saddr = inet->saddr; 189 inet->inet_rcv_saddr = inet->inet_saddr;
189 190
190 if (tp->rx_opt.ts_recent_stamp && inet->daddr != daddr) { 191 if (tp->rx_opt.ts_recent_stamp && inet->inet_daddr != daddr) {
191 /* Reset inherited state */ 192 /* Reset inherited state */
192 tp->rx_opt.ts_recent = 0; 193 tp->rx_opt.ts_recent = 0;
193 tp->rx_opt.ts_recent_stamp = 0; 194 tp->rx_opt.ts_recent_stamp = 0;
@@ -204,20 +205,20 @@ int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
204 * when trying new connection. 205 * when trying new connection.
205 */ 206 */
206 if (peer != NULL && 207 if (peer != NULL &&
207 peer->tcp_ts_stamp + TCP_PAWS_MSL >= get_seconds()) { 208 (u32)get_seconds() - peer->tcp_ts_stamp <= TCP_PAWS_MSL) {
208 tp->rx_opt.ts_recent_stamp = peer->tcp_ts_stamp; 209 tp->rx_opt.ts_recent_stamp = peer->tcp_ts_stamp;
209 tp->rx_opt.ts_recent = peer->tcp_ts; 210 tp->rx_opt.ts_recent = peer->tcp_ts;
210 } 211 }
211 } 212 }
212 213
213 inet->dport = usin->sin_port; 214 inet->inet_dport = usin->sin_port;
214 inet->daddr = daddr; 215 inet->inet_daddr = daddr;
215 216
216 inet_csk(sk)->icsk_ext_hdr_len = 0; 217 inet_csk(sk)->icsk_ext_hdr_len = 0;
217 if (inet->opt) 218 if (inet->opt)
218 inet_csk(sk)->icsk_ext_hdr_len = inet->opt->optlen; 219 inet_csk(sk)->icsk_ext_hdr_len = inet->opt->optlen;
219 220
220 tp->rx_opt.mss_clamp = 536; 221 tp->rx_opt.mss_clamp = TCP_MSS_DEFAULT;
221 222
222 /* Socket identity is still unknown (sport may be zero). 223 /* Socket identity is still unknown (sport may be zero).
223 * However we set state to SYN-SENT and not releasing socket 224 * However we set state to SYN-SENT and not releasing socket
@@ -230,7 +231,7 @@ int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
230 goto failure; 231 goto failure;
231 232
232 err = ip_route_newports(&rt, IPPROTO_TCP, 233 err = ip_route_newports(&rt, IPPROTO_TCP,
233 inet->sport, inet->dport, sk); 234 inet->inet_sport, inet->inet_dport, sk);
234 if (err) 235 if (err)
235 goto failure; 236 goto failure;
236 237
@@ -239,12 +240,12 @@ int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
239 sk_setup_caps(sk, &rt->u.dst); 240 sk_setup_caps(sk, &rt->u.dst);
240 241
241 if (!tp->write_seq) 242 if (!tp->write_seq)
242 tp->write_seq = secure_tcp_sequence_number(inet->saddr, 243 tp->write_seq = secure_tcp_sequence_number(inet->inet_saddr,
243 inet->daddr, 244 inet->inet_daddr,
244 inet->sport, 245 inet->inet_sport,
245 usin->sin_port); 246 usin->sin_port);
246 247
247 inet->id = tp->write_seq ^ jiffies; 248 inet->inet_id = tp->write_seq ^ jiffies;
248 249
249 err = tcp_connect(sk); 250 err = tcp_connect(sk);
250 rt = NULL; 251 rt = NULL;
@@ -261,7 +262,7 @@ failure:
261 tcp_set_state(sk, TCP_CLOSE); 262 tcp_set_state(sk, TCP_CLOSE);
262 ip_rt_put(rt); 263 ip_rt_put(rt);
263 sk->sk_route_caps = 0; 264 sk->sk_route_caps = 0;
264 inet->dport = 0; 265 inet->inet_dport = 0;
265 return err; 266 return err;
266} 267}
267 268
@@ -370,6 +371,11 @@ void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
370 if (sk->sk_state == TCP_CLOSE) 371 if (sk->sk_state == TCP_CLOSE)
371 goto out; 372 goto out;
372 373
374 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
375 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
376 goto out;
377 }
378
373 icsk = inet_csk(sk); 379 icsk = inet_csk(sk);
374 tp = tcp_sk(sk); 380 tp = tcp_sk(sk);
375 seq = ntohl(th->seq); 381 seq = ntohl(th->seq);
@@ -520,12 +526,13 @@ void tcp_v4_send_check(struct sock *sk, int len, struct sk_buff *skb)
520 struct tcphdr *th = tcp_hdr(skb); 526 struct tcphdr *th = tcp_hdr(skb);
521 527
522 if (skb->ip_summed == CHECKSUM_PARTIAL) { 528 if (skb->ip_summed == CHECKSUM_PARTIAL) {
523 th->check = ~tcp_v4_check(len, inet->saddr, 529 th->check = ~tcp_v4_check(len, inet->inet_saddr,
524 inet->daddr, 0); 530 inet->inet_daddr, 0);
525 skb->csum_start = skb_transport_header(skb) - skb->head; 531 skb->csum_start = skb_transport_header(skb) - skb->head;
526 skb->csum_offset = offsetof(struct tcphdr, check); 532 skb->csum_offset = offsetof(struct tcphdr, check);
527 } else { 533 } else {
528 th->check = tcp_v4_check(len, inet->saddr, inet->daddr, 534 th->check = tcp_v4_check(len, inet->inet_saddr,
535 inet->inet_daddr,
529 csum_partial(th, 536 csum_partial(th,
530 th->doff << 2, 537 th->doff << 2,
531 skb->csum)); 538 skb->csum));
@@ -741,8 +748,9 @@ static void tcp_v4_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
741 * This still operates on a request_sock only, not on a big 748 * This still operates on a request_sock only, not on a big
742 * socket. 749 * socket.
743 */ 750 */
744static int __tcp_v4_send_synack(struct sock *sk, struct request_sock *req, 751static int tcp_v4_send_synack(struct sock *sk, struct dst_entry *dst,
745 struct dst_entry *dst) 752 struct request_sock *req,
753 struct request_values *rvp)
746{ 754{
747 const struct inet_request_sock *ireq = inet_rsk(req); 755 const struct inet_request_sock *ireq = inet_rsk(req);
748 int err = -1; 756 int err = -1;
@@ -752,7 +760,7 @@ static int __tcp_v4_send_synack(struct sock *sk, struct request_sock *req,
752 if (!dst && (dst = inet_csk_route_req(sk, req)) == NULL) 760 if (!dst && (dst = inet_csk_route_req(sk, req)) == NULL)
753 return -1; 761 return -1;
754 762
755 skb = tcp_make_synack(sk, dst, req); 763 skb = tcp_make_synack(sk, dst, req, rvp);
756 764
757 if (skb) { 765 if (skb) {
758 struct tcphdr *th = tcp_hdr(skb); 766 struct tcphdr *th = tcp_hdr(skb);
@@ -773,9 +781,11 @@ static int __tcp_v4_send_synack(struct sock *sk, struct request_sock *req,
773 return err; 781 return err;
774} 782}
775 783
776static int tcp_v4_send_synack(struct sock *sk, struct request_sock *req) 784static int tcp_v4_rtx_synack(struct sock *sk, struct request_sock *req,
785 struct request_values *rvp)
777{ 786{
778 return __tcp_v4_send_synack(sk, req, NULL); 787 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_RETRANSSEGS);
788 return tcp_v4_send_synack(sk, NULL, req, rvp);
779} 789}
780 790
781/* 791/*
@@ -848,7 +858,7 @@ static struct tcp_md5sig_key *
848struct tcp_md5sig_key *tcp_v4_md5_lookup(struct sock *sk, 858struct tcp_md5sig_key *tcp_v4_md5_lookup(struct sock *sk,
849 struct sock *addr_sk) 859 struct sock *addr_sk)
850{ 860{
851 return tcp_v4_md5_do_lookup(sk, inet_sk(addr_sk)->daddr); 861 return tcp_v4_md5_do_lookup(sk, inet_sk(addr_sk)->inet_daddr);
852} 862}
853 863
854EXPORT_SYMBOL(tcp_v4_md5_lookup); 864EXPORT_SYMBOL(tcp_v4_md5_lookup);
@@ -923,7 +933,7 @@ EXPORT_SYMBOL(tcp_v4_md5_do_add);
923static int tcp_v4_md5_add_func(struct sock *sk, struct sock *addr_sk, 933static int tcp_v4_md5_add_func(struct sock *sk, struct sock *addr_sk,
924 u8 *newkey, u8 newkeylen) 934 u8 *newkey, u8 newkeylen)
925{ 935{
926 return tcp_v4_md5_do_add(sk, inet_sk(addr_sk)->daddr, 936 return tcp_v4_md5_do_add(sk, inet_sk(addr_sk)->inet_daddr,
927 newkey, newkeylen); 937 newkey, newkeylen);
928} 938}
929 939
@@ -1089,8 +1099,8 @@ int tcp_v4_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
1089 __be32 saddr, daddr; 1099 __be32 saddr, daddr;
1090 1100
1091 if (sk) { 1101 if (sk) {
1092 saddr = inet_sk(sk)->saddr; 1102 saddr = inet_sk(sk)->inet_saddr;
1093 daddr = inet_sk(sk)->daddr; 1103 daddr = inet_sk(sk)->inet_daddr;
1094 } else if (req) { 1104 } else if (req) {
1095 saddr = inet_rsk(req)->loc_addr; 1105 saddr = inet_rsk(req)->loc_addr;
1096 daddr = inet_rsk(req)->rmt_addr; 1106 daddr = inet_rsk(req)->rmt_addr;
@@ -1189,10 +1199,11 @@ static int tcp_v4_inbound_md5_hash(struct sock *sk, struct sk_buff *skb)
1189struct request_sock_ops tcp_request_sock_ops __read_mostly = { 1199struct request_sock_ops tcp_request_sock_ops __read_mostly = {
1190 .family = PF_INET, 1200 .family = PF_INET,
1191 .obj_size = sizeof(struct tcp_request_sock), 1201 .obj_size = sizeof(struct tcp_request_sock),
1192 .rtx_syn_ack = tcp_v4_send_synack, 1202 .rtx_syn_ack = tcp_v4_rtx_synack,
1193 .send_ack = tcp_v4_reqsk_send_ack, 1203 .send_ack = tcp_v4_reqsk_send_ack,
1194 .destructor = tcp_v4_reqsk_destructor, 1204 .destructor = tcp_v4_reqsk_destructor,
1195 .send_reset = tcp_v4_send_reset, 1205 .send_reset = tcp_v4_send_reset,
1206 .syn_ack_timeout = tcp_syn_ack_timeout,
1196}; 1207};
1197 1208
1198#ifdef CONFIG_TCP_MD5SIG 1209#ifdef CONFIG_TCP_MD5SIG
@@ -1210,13 +1221,16 @@ static struct timewait_sock_ops tcp_timewait_sock_ops = {
1210 1221
1211int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb) 1222int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1212{ 1223{
1213 struct inet_request_sock *ireq; 1224 struct tcp_extend_values tmp_ext;
1214 struct tcp_options_received tmp_opt; 1225 struct tcp_options_received tmp_opt;
1226 u8 *hash_location;
1215 struct request_sock *req; 1227 struct request_sock *req;
1228 struct inet_request_sock *ireq;
1229 struct tcp_sock *tp = tcp_sk(sk);
1230 struct dst_entry *dst = NULL;
1216 __be32 saddr = ip_hdr(skb)->saddr; 1231 __be32 saddr = ip_hdr(skb)->saddr;
1217 __be32 daddr = ip_hdr(skb)->daddr; 1232 __be32 daddr = ip_hdr(skb)->daddr;
1218 __u32 isn = TCP_SKB_CB(skb)->when; 1233 __u32 isn = TCP_SKB_CB(skb)->when;
1219 struct dst_entry *dst = NULL;
1220#ifdef CONFIG_SYN_COOKIES 1234#ifdef CONFIG_SYN_COOKIES
1221 int want_cookie = 0; 1235 int want_cookie = 0;
1222#else 1236#else
@@ -1257,16 +1271,50 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1257#endif 1271#endif
1258 1272
1259 tcp_clear_options(&tmp_opt); 1273 tcp_clear_options(&tmp_opt);
1260 tmp_opt.mss_clamp = 536; 1274 tmp_opt.mss_clamp = TCP_MSS_DEFAULT;
1261 tmp_opt.user_mss = tcp_sk(sk)->rx_opt.user_mss; 1275 tmp_opt.user_mss = tp->rx_opt.user_mss;
1276 tcp_parse_options(skb, &tmp_opt, &hash_location, 0);
1277
1278 if (tmp_opt.cookie_plus > 0 &&
1279 tmp_opt.saw_tstamp &&
1280 !tp->rx_opt.cookie_out_never &&
1281 (sysctl_tcp_cookie_size > 0 ||
1282 (tp->cookie_values != NULL &&
1283 tp->cookie_values->cookie_desired > 0))) {
1284 u8 *c;
1285 u32 *mess = &tmp_ext.cookie_bakery[COOKIE_DIGEST_WORDS];
1286 int l = tmp_opt.cookie_plus - TCPOLEN_COOKIE_BASE;
1287
1288 if (tcp_cookie_generator(&tmp_ext.cookie_bakery[0]) != 0)
1289 goto drop_and_release;
1290
1291 /* Secret recipe starts with IP addresses */
1292 *mess++ ^= daddr;
1293 *mess++ ^= saddr;
1262 1294
1263 tcp_parse_options(skb, &tmp_opt, 0); 1295 /* plus variable length Initiator Cookie */
1296 c = (u8 *)mess;
1297 while (l-- > 0)
1298 *c++ ^= *hash_location++;
1299
1300#ifdef CONFIG_SYN_COOKIES
1301 want_cookie = 0; /* not our kind of cookie */
1302#endif
1303 tmp_ext.cookie_out_never = 0; /* false */
1304 tmp_ext.cookie_plus = tmp_opt.cookie_plus;
1305 } else if (!tp->rx_opt.cookie_in_always) {
1306 /* redundant indications, but ensure initialization. */
1307 tmp_ext.cookie_out_never = 1; /* true */
1308 tmp_ext.cookie_plus = 0;
1309 } else {
1310 goto drop_and_release;
1311 }
1312 tmp_ext.cookie_in_always = tp->rx_opt.cookie_in_always;
1264 1313
1265 if (want_cookie && !tmp_opt.saw_tstamp) 1314 if (want_cookie && !tmp_opt.saw_tstamp)
1266 tcp_clear_options(&tmp_opt); 1315 tcp_clear_options(&tmp_opt);
1267 1316
1268 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp; 1317 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1269
1270 tcp_openreq_init(req, &tmp_opt, skb); 1318 tcp_openreq_init(req, &tmp_opt, skb);
1271 1319
1272 ireq = inet_rsk(req); 1320 ireq = inet_rsk(req);
@@ -1304,7 +1352,7 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1304 (dst = inet_csk_route_req(sk, req)) != NULL && 1352 (dst = inet_csk_route_req(sk, req)) != NULL &&
1305 (peer = rt_get_peer((struct rtable *)dst)) != NULL && 1353 (peer = rt_get_peer((struct rtable *)dst)) != NULL &&
1306 peer->v4daddr == saddr) { 1354 peer->v4daddr == saddr) {
1307 if (get_seconds() < peer->tcp_ts_stamp + TCP_PAWS_MSL && 1355 if ((u32)get_seconds() - peer->tcp_ts_stamp < TCP_PAWS_MSL &&
1308 (s32)(peer->tcp_ts - req->ts_recent) > 1356 (s32)(peer->tcp_ts - req->ts_recent) >
1309 TCP_PAWS_WINDOW) { 1357 TCP_PAWS_WINDOW) {
1310 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSPASSIVEREJECTED); 1358 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSPASSIVEREJECTED);
@@ -1333,7 +1381,9 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1333 } 1381 }
1334 tcp_rsk(req)->snt_isn = isn; 1382 tcp_rsk(req)->snt_isn = isn;
1335 1383
1336 if (__tcp_v4_send_synack(sk, req, dst) || want_cookie) 1384 if (tcp_v4_send_synack(sk, dst, req,
1385 (struct request_values *)&tmp_ext) ||
1386 want_cookie)
1337 goto drop_and_free; 1387 goto drop_and_free;
1338 1388
1339 inet_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT); 1389 inet_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
@@ -1380,9 +1430,9 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1380 newtp = tcp_sk(newsk); 1430 newtp = tcp_sk(newsk);
1381 newinet = inet_sk(newsk); 1431 newinet = inet_sk(newsk);
1382 ireq = inet_rsk(req); 1432 ireq = inet_rsk(req);
1383 newinet->daddr = ireq->rmt_addr; 1433 newinet->inet_daddr = ireq->rmt_addr;
1384 newinet->rcv_saddr = ireq->loc_addr; 1434 newinet->inet_rcv_saddr = ireq->loc_addr;
1385 newinet->saddr = ireq->loc_addr; 1435 newinet->inet_saddr = ireq->loc_addr;
1386 newinet->opt = ireq->opt; 1436 newinet->opt = ireq->opt;
1387 ireq->opt = NULL; 1437 ireq->opt = NULL;
1388 newinet->mc_index = inet_iif(skb); 1438 newinet->mc_index = inet_iif(skb);
@@ -1390,7 +1440,7 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1390 inet_csk(newsk)->icsk_ext_hdr_len = 0; 1440 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1391 if (newinet->opt) 1441 if (newinet->opt)
1392 inet_csk(newsk)->icsk_ext_hdr_len = newinet->opt->optlen; 1442 inet_csk(newsk)->icsk_ext_hdr_len = newinet->opt->optlen;
1393 newinet->id = newtp->write_seq ^ jiffies; 1443 newinet->inet_id = newtp->write_seq ^ jiffies;
1394 1444
1395 tcp_mtup_init(newsk); 1445 tcp_mtup_init(newsk);
1396 tcp_sync_mss(newsk, dst_mtu(dst)); 1446 tcp_sync_mss(newsk, dst_mtu(dst));
@@ -1403,7 +1453,8 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1403 1453
1404#ifdef CONFIG_TCP_MD5SIG 1454#ifdef CONFIG_TCP_MD5SIG
1405 /* Copy over the MD5 key from the original socket */ 1455 /* Copy over the MD5 key from the original socket */
1406 if ((key = tcp_v4_md5_do_lookup(sk, newinet->daddr)) != NULL) { 1456 key = tcp_v4_md5_do_lookup(sk, newinet->inet_daddr);
1457 if (key != NULL) {
1407 /* 1458 /*
1408 * We're using one, so create a matching key 1459 * We're using one, so create a matching key
1409 * on the newsk structure. If we fail to get 1460 * on the newsk structure. If we fail to get
@@ -1412,13 +1463,13 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1412 */ 1463 */
1413 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC); 1464 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1414 if (newkey != NULL) 1465 if (newkey != NULL)
1415 tcp_v4_md5_do_add(newsk, newinet->daddr, 1466 tcp_v4_md5_do_add(newsk, newinet->inet_daddr,
1416 newkey, key->keylen); 1467 newkey, key->keylen);
1417 newsk->sk_route_caps &= ~NETIF_F_GSO_MASK; 1468 newsk->sk_route_caps &= ~NETIF_F_GSO_MASK;
1418 } 1469 }
1419#endif 1470#endif
1420 1471
1421 __inet_hash_nolisten(newsk); 1472 __inet_hash_nolisten(newsk, NULL);
1422 __inet_inherit_port(sk, newsk); 1473 __inet_inherit_port(sk, newsk);
1423 1474
1424 return newsk; 1475 return newsk;
@@ -1610,6 +1661,11 @@ process:
1610 if (sk->sk_state == TCP_TIME_WAIT) 1661 if (sk->sk_state == TCP_TIME_WAIT)
1611 goto do_time_wait; 1662 goto do_time_wait;
1612 1663
1664 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
1665 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
1666 goto discard_and_relse;
1667 }
1668
1613 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) 1669 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
1614 goto discard_and_relse; 1670 goto discard_and_relse;
1615 nf_reset(skb); 1671 nf_reset(skb);
@@ -1634,8 +1690,11 @@ process:
1634 if (!tcp_prequeue(sk, skb)) 1690 if (!tcp_prequeue(sk, skb))
1635 ret = tcp_v4_do_rcv(sk, skb); 1691 ret = tcp_v4_do_rcv(sk, skb);
1636 } 1692 }
1637 } else 1693 } else if (unlikely(sk_add_backlog(sk, skb))) {
1638 sk_add_backlog(sk, skb); 1694 bh_unlock_sock(sk);
1695 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP);
1696 goto discard_and_relse;
1697 }
1639 bh_unlock_sock(sk); 1698 bh_unlock_sock(sk);
1640 1699
1641 sock_put(sk); 1700 sock_put(sk);
@@ -1711,8 +1770,8 @@ int tcp_v4_remember_stamp(struct sock *sk)
1711 struct inet_peer *peer = NULL; 1770 struct inet_peer *peer = NULL;
1712 int release_it = 0; 1771 int release_it = 0;
1713 1772
1714 if (!rt || rt->rt_dst != inet->daddr) { 1773 if (!rt || rt->rt_dst != inet->inet_daddr) {
1715 peer = inet_getpeer(inet->daddr, 1); 1774 peer = inet_getpeer(inet->inet_daddr, 1);
1716 release_it = 1; 1775 release_it = 1;
1717 } else { 1776 } else {
1718 if (!rt->peer) 1777 if (!rt->peer)
@@ -1722,9 +1781,9 @@ int tcp_v4_remember_stamp(struct sock *sk)
1722 1781
1723 if (peer) { 1782 if (peer) {
1724 if ((s32)(peer->tcp_ts - tp->rx_opt.ts_recent) <= 0 || 1783 if ((s32)(peer->tcp_ts - tp->rx_opt.ts_recent) <= 0 ||
1725 (peer->tcp_ts_stamp + TCP_PAWS_MSL < get_seconds() && 1784 ((u32)get_seconds() - peer->tcp_ts_stamp > TCP_PAWS_MSL &&
1726 peer->tcp_ts_stamp <= tp->rx_opt.ts_recent_stamp)) { 1785 peer->tcp_ts_stamp <= (u32)tp->rx_opt.ts_recent_stamp)) {
1727 peer->tcp_ts_stamp = tp->rx_opt.ts_recent_stamp; 1786 peer->tcp_ts_stamp = (u32)tp->rx_opt.ts_recent_stamp;
1728 peer->tcp_ts = tp->rx_opt.ts_recent; 1787 peer->tcp_ts = tp->rx_opt.ts_recent;
1729 } 1788 }
1730 if (release_it) 1789 if (release_it)
@@ -1743,9 +1802,9 @@ int tcp_v4_tw_remember_stamp(struct inet_timewait_sock *tw)
1743 const struct tcp_timewait_sock *tcptw = tcp_twsk((struct sock *)tw); 1802 const struct tcp_timewait_sock *tcptw = tcp_twsk((struct sock *)tw);
1744 1803
1745 if ((s32)(peer->tcp_ts - tcptw->tw_ts_recent) <= 0 || 1804 if ((s32)(peer->tcp_ts - tcptw->tw_ts_recent) <= 0 ||
1746 (peer->tcp_ts_stamp + TCP_PAWS_MSL < get_seconds() && 1805 ((u32)get_seconds() - peer->tcp_ts_stamp > TCP_PAWS_MSL &&
1747 peer->tcp_ts_stamp <= tcptw->tw_ts_recent_stamp)) { 1806 peer->tcp_ts_stamp <= (u32)tcptw->tw_ts_recent_stamp)) {
1748 peer->tcp_ts_stamp = tcptw->tw_ts_recent_stamp; 1807 peer->tcp_ts_stamp = (u32)tcptw->tw_ts_recent_stamp;
1749 peer->tcp_ts = tcptw->tw_ts_recent; 1808 peer->tcp_ts = tcptw->tw_ts_recent;
1750 } 1809 }
1751 inet_putpeer(peer); 1810 inet_putpeer(peer);
@@ -1810,7 +1869,7 @@ static int tcp_v4_init_sock(struct sock *sk)
1810 */ 1869 */
1811 tp->snd_ssthresh = TCP_INFINITE_SSTHRESH; 1870 tp->snd_ssthresh = TCP_INFINITE_SSTHRESH;
1812 tp->snd_cwnd_clamp = ~0; 1871 tp->snd_cwnd_clamp = ~0;
1813 tp->mss_cache = 536; 1872 tp->mss_cache = TCP_MSS_DEFAULT;
1814 1873
1815 tp->reordering = sysctl_tcp_reordering; 1874 tp->reordering = sysctl_tcp_reordering;
1816 icsk->icsk_ca_ops = &tcp_init_congestion_ops; 1875 icsk->icsk_ca_ops = &tcp_init_congestion_ops;
@@ -1826,6 +1885,19 @@ static int tcp_v4_init_sock(struct sock *sk)
1826 tp->af_specific = &tcp_sock_ipv4_specific; 1885 tp->af_specific = &tcp_sock_ipv4_specific;
1827#endif 1886#endif
1828 1887
1888 /* TCP Cookie Transactions */
1889 if (sysctl_tcp_cookie_size > 0) {
1890 /* Default, cookies without s_data_payload. */
1891 tp->cookie_values =
1892 kzalloc(sizeof(*tp->cookie_values),
1893 sk->sk_allocation);
1894 if (tp->cookie_values != NULL)
1895 kref_init(&tp->cookie_values->kref);
1896 }
1897 /* Presumed zeroed, in order of appearance:
1898 * cookie_in_always, cookie_out_never,
1899 * s_data_constant, s_data_in, s_data_out
1900 */
1829 sk->sk_sndbuf = sysctl_tcp_wmem[1]; 1901 sk->sk_sndbuf = sysctl_tcp_wmem[1];
1830 sk->sk_rcvbuf = sysctl_tcp_rmem[1]; 1902 sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1831 1903
@@ -1879,6 +1951,13 @@ void tcp_v4_destroy_sock(struct sock *sk)
1879 sk->sk_sndmsg_page = NULL; 1951 sk->sk_sndmsg_page = NULL;
1880 } 1952 }
1881 1953
1954 /* TCP Cookie Transactions */
1955 if (tp->cookie_values != NULL) {
1956 kref_put(&tp->cookie_values->kref,
1957 tcp_cookie_values_release);
1958 tp->cookie_values = NULL;
1959 }
1960
1882 percpu_counter_dec(&tcp_sockets_allocated); 1961 percpu_counter_dec(&tcp_sockets_allocated);
1883} 1962}
1884 1963
@@ -2000,7 +2079,7 @@ static void *established_get_first(struct seq_file *seq)
2000 struct net *net = seq_file_net(seq); 2079 struct net *net = seq_file_net(seq);
2001 void *rc = NULL; 2080 void *rc = NULL;
2002 2081
2003 for (st->bucket = 0; st->bucket < tcp_hashinfo.ehash_size; ++st->bucket) { 2082 for (st->bucket = 0; st->bucket <= tcp_hashinfo.ehash_mask; ++st->bucket) {
2004 struct sock *sk; 2083 struct sock *sk;
2005 struct hlist_nulls_node *node; 2084 struct hlist_nulls_node *node;
2006 struct inet_timewait_sock *tw; 2085 struct inet_timewait_sock *tw;
@@ -2061,10 +2140,10 @@ get_tw:
2061 st->state = TCP_SEQ_STATE_ESTABLISHED; 2140 st->state = TCP_SEQ_STATE_ESTABLISHED;
2062 2141
2063 /* Look for next non empty bucket */ 2142 /* Look for next non empty bucket */
2064 while (++st->bucket < tcp_hashinfo.ehash_size && 2143 while (++st->bucket <= tcp_hashinfo.ehash_mask &&
2065 empty_bucket(st)) 2144 empty_bucket(st))
2066 ; 2145 ;
2067 if (st->bucket >= tcp_hashinfo.ehash_size) 2146 if (st->bucket > tcp_hashinfo.ehash_mask)
2068 return NULL; 2147 return NULL;
2069 2148
2070 spin_lock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket)); 2149 spin_lock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
@@ -2225,7 +2304,7 @@ static void get_openreq4(struct sock *sk, struct request_sock *req,
2225 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %u %d %p%n", 2304 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %u %d %p%n",
2226 i, 2305 i,
2227 ireq->loc_addr, 2306 ireq->loc_addr,
2228 ntohs(inet_sk(sk)->sport), 2307 ntohs(inet_sk(sk)->inet_sport),
2229 ireq->rmt_addr, 2308 ireq->rmt_addr,
2230 ntohs(ireq->rmt_port), 2309 ntohs(ireq->rmt_port),
2231 TCP_SYN_RECV, 2310 TCP_SYN_RECV,
@@ -2248,10 +2327,11 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
2248 struct tcp_sock *tp = tcp_sk(sk); 2327 struct tcp_sock *tp = tcp_sk(sk);
2249 const struct inet_connection_sock *icsk = inet_csk(sk); 2328 const struct inet_connection_sock *icsk = inet_csk(sk);
2250 struct inet_sock *inet = inet_sk(sk); 2329 struct inet_sock *inet = inet_sk(sk);
2251 __be32 dest = inet->daddr; 2330 __be32 dest = inet->inet_daddr;
2252 __be32 src = inet->rcv_saddr; 2331 __be32 src = inet->inet_rcv_saddr;
2253 __u16 destp = ntohs(inet->dport); 2332 __u16 destp = ntohs(inet->inet_dport);
2254 __u16 srcp = ntohs(inet->sport); 2333 __u16 srcp = ntohs(inet->inet_sport);
2334 int rx_queue;
2255 2335
2256 if (icsk->icsk_pending == ICSK_TIME_RETRANS) { 2336 if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
2257 timer_active = 1; 2337 timer_active = 1;
@@ -2267,12 +2347,19 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
2267 timer_expires = jiffies; 2347 timer_expires = jiffies;
2268 } 2348 }
2269 2349
2350 if (sk->sk_state == TCP_LISTEN)
2351 rx_queue = sk->sk_ack_backlog;
2352 else
2353 /*
2354 * because we dont lock socket, we might find a transient negative value
2355 */
2356 rx_queue = max_t(int, tp->rcv_nxt - tp->copied_seq, 0);
2357
2270 seq_printf(f, "%4d: %08X:%04X %08X:%04X %02X %08X:%08X %02X:%08lX " 2358 seq_printf(f, "%4d: %08X:%04X %08X:%04X %02X %08X:%08X %02X:%08lX "
2271 "%08X %5d %8d %lu %d %p %lu %lu %u %u %d%n", 2359 "%08X %5d %8d %lu %d %p %lu %lu %u %u %d%n",
2272 i, src, srcp, dest, destp, sk->sk_state, 2360 i, src, srcp, dest, destp, sk->sk_state,
2273 tp->write_seq - tp->snd_una, 2361 tp->write_seq - tp->snd_una,
2274 sk->sk_state == TCP_LISTEN ? sk->sk_ack_backlog : 2362 rx_queue,
2275 (tp->rcv_nxt - tp->copied_seq),
2276 timer_active, 2363 timer_active,
2277 jiffies_to_clock_t(timer_expires - jiffies), 2364 jiffies_to_clock_t(timer_expires - jiffies),
2278 icsk->icsk_retransmits, 2365 icsk->icsk_retransmits,
@@ -2354,12 +2441,12 @@ static struct tcp_seq_afinfo tcp4_seq_afinfo = {
2354 }, 2441 },
2355}; 2442};
2356 2443
2357static int tcp4_proc_init_net(struct net *net) 2444static int __net_init tcp4_proc_init_net(struct net *net)
2358{ 2445{
2359 return tcp_proc_register(net, &tcp4_seq_afinfo); 2446 return tcp_proc_register(net, &tcp4_seq_afinfo);
2360} 2447}
2361 2448
2362static void tcp4_proc_exit_net(struct net *net) 2449static void __net_exit tcp4_proc_exit_net(struct net *net)
2363{ 2450{
2364 tcp_proc_unregister(net, &tcp4_seq_afinfo); 2451 tcp_proc_unregister(net, &tcp4_seq_afinfo);
2365} 2452}
@@ -2463,12 +2550,17 @@ static int __net_init tcp_sk_init(struct net *net)
2463static void __net_exit tcp_sk_exit(struct net *net) 2550static void __net_exit tcp_sk_exit(struct net *net)
2464{ 2551{
2465 inet_ctl_sock_destroy(net->ipv4.tcp_sock); 2552 inet_ctl_sock_destroy(net->ipv4.tcp_sock);
2466 inet_twsk_purge(net, &tcp_hashinfo, &tcp_death_row, AF_INET); 2553}
2554
2555static void __net_exit tcp_sk_exit_batch(struct list_head *net_exit_list)
2556{
2557 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET);
2467} 2558}
2468 2559
2469static struct pernet_operations __net_initdata tcp_sk_ops = { 2560static struct pernet_operations __net_initdata tcp_sk_ops = {
2470 .init = tcp_sk_init, 2561 .init = tcp_sk_init,
2471 .exit = tcp_sk_exit, 2562 .exit = tcp_sk_exit,
2563 .exit_batch = tcp_sk_exit_batch,
2472}; 2564};
2473 2565
2474void __init tcp_v4_init(void) 2566void __init tcp_v4_init(void)
generated by cgit v1.2.2 (git 2.25.0) at 2025-04-04 04:16:47 -0400