2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * Implementation of the Transmission Control Protocol(TCP).
8 * IPv4 specific functions
13 * linux/ipv4/tcp_input.c
14 * linux/ipv4/tcp_output.c
16 * See tcp.c for author information
18 * This program is free software; you can redistribute it and/or
19 * modify it under the terms of the GNU General Public License
20 * as published by the Free Software Foundation; either version
21 * 2 of the License, or (at your option) any later version.
26 * David S. Miller : New socket lookup architecture.
27 * This code is dedicated to John Dyson.
28 * David S. Miller : Change semantics of established hash,
29 * half is devoted to TIME_WAIT sockets
30 * and the rest go in the other half.
31 * Andi Kleen : Add support for syncookies and fixed
32 * some bugs: ip options weren't passed to
33 * the TCP layer, missed a check for an
35 * Andi Kleen : Implemented fast path mtu discovery.
36 * Fixed many serious bugs in the
37 * request_sock handling and moved
38 * most of it into the af independent code.
39 * Added tail drop and some other bugfixes.
40 * Added new listen semantics.
41 * Mike McLagan : Routing by source
42 * Juan Jose Ciarlante: ip_dynaddr bits
43 * Andi Kleen: various fixes.
44 * Vitaly E. Lavrov : Transparent proxy revived after year
46 * Andi Kleen : Fix new listen.
47 * Andi Kleen : Fix accept error reporting.
48 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
49 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
50 * a single port at the same time.
54 #include <linux/types.h>
55 #include <linux/fcntl.h>
56 #include <linux/module.h>
57 #include <linux/random.h>
58 #include <linux/cache.h>
59 #include <linux/jhash.h>
60 #include <linux/init.h>
61 #include <linux/times.h>
63 #include <net/net_namespace.h>
65 #include <net/inet_hashtables.h>
67 #include <net/transp_v6.h>
69 #include <net/inet_common.h>
70 #include <net/timewait_sock.h>
72 #include <net/netdma.h>
74 #include <linux/inet.h>
75 #include <linux/ipv6.h>
76 #include <linux/stddef.h>
77 #include <linux/proc_fs.h>
78 #include <linux/seq_file.h>
80 #include <linux/crypto.h>
81 #include <linux/scatterlist.h>
83 int sysctl_tcp_tw_reuse __read_mostly;
84 int sysctl_tcp_low_latency __read_mostly;
87 #ifdef CONFIG_TCP_MD5SIG
88 static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk,
90 static int tcp_v4_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
91 __be32 daddr, __be32 saddr, struct tcphdr *th);
94 struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk, __be32 addr)
100 struct inet_hashinfo __cacheline_aligned tcp_hashinfo = {
101 .lhash_lock = __RW_LOCK_UNLOCKED(tcp_hashinfo.lhash_lock),
102 .lhash_users = ATOMIC_INIT(0),
103 .lhash_wait = __WAIT_QUEUE_HEAD_INITIALIZER(tcp_hashinfo.lhash_wait),
106 static inline __u32 tcp_v4_init_sequence(struct sk_buff *skb)
108 return secure_tcp_sequence_number(ip_hdr(skb)->daddr,
111 tcp_hdr(skb)->source);
114 int tcp_twsk_unique(struct sock *sk, struct sock *sktw, void *twp)
116 const struct tcp_timewait_sock *tcptw = tcp_twsk(sktw);
117 struct tcp_sock *tp = tcp_sk(sk);
119 /* With PAWS, it is safe from the viewpoint
120 of data integrity. Even without PAWS it is safe provided sequence
121 spaces do not overlap i.e. at data rates <= 80Mbit/sec.
123 Actually, the idea is close to VJ's one, only timestamp cache is
124 held not per host, but per port pair and TW bucket is used as state
127 If TW bucket has been already destroyed we fall back to VJ's scheme
128 and use initial timestamp retrieved from peer table.
130 if (tcptw->tw_ts_recent_stamp &&
131 (twp == NULL || (sysctl_tcp_tw_reuse &&
132 get_seconds() - tcptw->tw_ts_recent_stamp > 1))) {
133 tp->write_seq = tcptw->tw_snd_nxt + 65535 + 2;
134 if (tp->write_seq == 0)
136 tp->rx_opt.ts_recent = tcptw->tw_ts_recent;
137 tp->rx_opt.ts_recent_stamp = tcptw->tw_ts_recent_stamp;
145 EXPORT_SYMBOL_GPL(tcp_twsk_unique);
147 /* This will initiate an outgoing connection. */
148 int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
150 struct inet_sock *inet = inet_sk(sk);
151 struct tcp_sock *tp = tcp_sk(sk);
152 struct sockaddr_in *usin = (struct sockaddr_in *)uaddr;
154 __be32 daddr, nexthop;
158 if (addr_len < sizeof(struct sockaddr_in))
161 if (usin->sin_family != AF_INET)
162 return -EAFNOSUPPORT;
164 nexthop = daddr = usin->sin_addr.s_addr;
165 if (inet->opt && inet->opt->srr) {
168 nexthop = inet->opt->faddr;
171 tmp = ip_route_connect(&rt, nexthop, inet->saddr,
172 RT_CONN_FLAGS(sk), sk->sk_bound_dev_if,
174 inet->sport, usin->sin_port, sk, 1);
176 if (tmp == -ENETUNREACH)
177 IP_INC_STATS_BH(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
181 if (rt->rt_flags & (RTCF_MULTICAST | RTCF_BROADCAST)) {
186 if (!inet->opt || !inet->opt->srr)
190 inet->saddr = rt->rt_src;
191 inet->rcv_saddr = inet->saddr;
193 if (tp->rx_opt.ts_recent_stamp && inet->daddr != daddr) {
194 /* Reset inherited state */
195 tp->rx_opt.ts_recent = 0;
196 tp->rx_opt.ts_recent_stamp = 0;
200 if (tcp_death_row.sysctl_tw_recycle &&
201 !tp->rx_opt.ts_recent_stamp && rt->rt_dst == daddr) {
202 struct inet_peer *peer = rt_get_peer(rt);
204 * VJ's idea. We save last timestamp seen from
205 * the destination in peer table, when entering state
206 * TIME-WAIT * and initialize rx_opt.ts_recent from it,
207 * when trying new connection.
210 peer->tcp_ts_stamp + TCP_PAWS_MSL >= get_seconds()) {
211 tp->rx_opt.ts_recent_stamp = peer->tcp_ts_stamp;
212 tp->rx_opt.ts_recent = peer->tcp_ts;
216 inet->dport = usin->sin_port;
219 inet_csk(sk)->icsk_ext_hdr_len = 0;
221 inet_csk(sk)->icsk_ext_hdr_len = inet->opt->optlen;
223 tp->rx_opt.mss_clamp = 536;
225 /* Socket identity is still unknown (sport may be zero).
226 * However we set state to SYN-SENT and not releasing socket
227 * lock select source port, enter ourselves into the hash tables and
228 * complete initialization after this.
230 tcp_set_state(sk, TCP_SYN_SENT);
231 err = inet_hash_connect(&tcp_death_row, sk);
235 err = ip_route_newports(&rt, IPPROTO_TCP,
236 inet->sport, inet->dport, sk);
240 /* OK, now commit destination to socket. */
241 sk->sk_gso_type = SKB_GSO_TCPV4;
242 sk_setup_caps(sk, &rt->u.dst);
245 tp->write_seq = secure_tcp_sequence_number(inet->saddr,
250 inet->id = tp->write_seq ^ jiffies;
252 err = tcp_connect(sk);
261 * This unhashes the socket and releases the local port,
264 tcp_set_state(sk, TCP_CLOSE);
266 sk->sk_route_caps = 0;
272 * This routine does path mtu discovery as defined in RFC1191.
274 static void do_pmtu_discovery(struct sock *sk, struct iphdr *iph, u32 mtu)
276 struct dst_entry *dst;
277 struct inet_sock *inet = inet_sk(sk);
279 /* We are not interested in TCP_LISTEN and open_requests (SYN-ACKs
280 * send out by Linux are always <576bytes so they should go through
283 if (sk->sk_state == TCP_LISTEN)
286 /* We don't check in the destentry if pmtu discovery is forbidden
287 * on this route. We just assume that no packet_to_big packets
288 * are send back when pmtu discovery is not active.
289 * There is a small race when the user changes this flag in the
290 * route, but I think that's acceptable.
292 if ((dst = __sk_dst_check(sk, 0)) == NULL)
295 dst->ops->update_pmtu(dst, mtu);
297 /* Something is about to be wrong... Remember soft error
298 * for the case, if this connection will not able to recover.
300 if (mtu < dst_mtu(dst) && ip_dont_fragment(sk, dst))
301 sk->sk_err_soft = EMSGSIZE;
305 if (inet->pmtudisc != IP_PMTUDISC_DONT &&
306 inet_csk(sk)->icsk_pmtu_cookie > mtu) {
307 tcp_sync_mss(sk, mtu);
309 /* Resend the TCP packet because it's
310 * clear that the old packet has been
311 * dropped. This is the new "fast" path mtu
314 tcp_simple_retransmit(sk);
315 } /* else let the usual retransmit timer handle it */
319 * This routine is called by the ICMP module when it gets some
320 * sort of error condition. If err < 0 then the socket should
321 * be closed and the error returned to the user. If err > 0
322 * it's just the icmp type << 8 | icmp code. After adjustment
323 * header points to the first 8 bytes of the tcp header. We need
324 * to find the appropriate port.
326 * The locking strategy used here is very "optimistic". When
327 * someone else accesses the socket the ICMP is just dropped
328 * and for some paths there is no check at all.
329 * A more general error queue to queue errors for later handling
330 * is probably better.
334 void tcp_v4_err(struct sk_buff *skb, u32 info)
336 struct iphdr *iph = (struct iphdr *)skb->data;
337 struct tcphdr *th = (struct tcphdr *)(skb->data + (iph->ihl << 2));
339 struct inet_sock *inet;
340 const int type = icmp_hdr(skb)->type;
341 const int code = icmp_hdr(skb)->code;
345 struct net *net = dev_net(skb->dev);
347 if (skb->len < (iph->ihl << 2) + 8) {
348 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
352 sk = inet_lookup(net, &tcp_hashinfo, iph->daddr, th->dest,
353 iph->saddr, th->source, inet_iif(skb));
355 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
358 if (sk->sk_state == TCP_TIME_WAIT) {
359 inet_twsk_put(inet_twsk(sk));
364 /* If too many ICMPs get dropped on busy
365 * servers this needs to be solved differently.
367 if (sock_owned_by_user(sk))
368 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
370 if (sk->sk_state == TCP_CLOSE)
374 seq = ntohl(th->seq);
375 if (sk->sk_state != TCP_LISTEN &&
376 !between(seq, tp->snd_una, tp->snd_nxt)) {
377 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
382 case ICMP_SOURCE_QUENCH:
383 /* Just silently ignore these. */
385 case ICMP_PARAMETERPROB:
388 case ICMP_DEST_UNREACH:
389 if (code > NR_ICMP_UNREACH)
392 if (code == ICMP_FRAG_NEEDED) { /* PMTU discovery (RFC1191) */
393 if (!sock_owned_by_user(sk))
394 do_pmtu_discovery(sk, iph, info);
398 err = icmp_err_convert[code].errno;
400 case ICMP_TIME_EXCEEDED:
407 switch (sk->sk_state) {
408 struct request_sock *req, **prev;
410 if (sock_owned_by_user(sk))
413 req = inet_csk_search_req(sk, &prev, th->dest,
414 iph->daddr, iph->saddr);
418 /* ICMPs are not backlogged, hence we cannot get
419 an established socket here.
423 if (seq != tcp_rsk(req)->snt_isn) {
424 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
429 * Still in SYN_RECV, just remove it silently.
430 * There is no good way to pass the error to the newly
431 * created socket, and POSIX does not want network
432 * errors returned from accept().
434 inet_csk_reqsk_queue_drop(sk, req, prev);
438 case TCP_SYN_RECV: /* Cannot happen.
439 It can f.e. if SYNs crossed.
441 if (!sock_owned_by_user(sk)) {
444 sk->sk_error_report(sk);
448 sk->sk_err_soft = err;
453 /* If we've already connected we will keep trying
454 * until we time out, or the user gives up.
456 * rfc1122 4.2.3.9 allows to consider as hard errors
457 * only PROTO_UNREACH and PORT_UNREACH (well, FRAG_FAILED too,
458 * but it is obsoleted by pmtu discovery).
460 * Note, that in modern internet, where routing is unreliable
461 * and in each dark corner broken firewalls sit, sending random
462 * errors ordered by their masters even this two messages finally lose
463 * their original sense (even Linux sends invalid PORT_UNREACHs)
465 * Now we are in compliance with RFCs.
470 if (!sock_owned_by_user(sk) && inet->recverr) {
472 sk->sk_error_report(sk);
473 } else { /* Only an error on timeout */
474 sk->sk_err_soft = err;
482 /* This routine computes an IPv4 TCP checksum. */
483 void tcp_v4_send_check(struct sock *sk, int len, struct sk_buff *skb)
485 struct inet_sock *inet = inet_sk(sk);
486 struct tcphdr *th = tcp_hdr(skb);
488 if (skb->ip_summed == CHECKSUM_PARTIAL) {
489 th->check = ~tcp_v4_check(len, inet->saddr,
491 skb->csum_start = skb_transport_header(skb) - skb->head;
492 skb->csum_offset = offsetof(struct tcphdr, check);
494 th->check = tcp_v4_check(len, inet->saddr, inet->daddr,
495 csum_partial((char *)th,
501 int tcp_v4_gso_send_check(struct sk_buff *skb)
503 const struct iphdr *iph;
506 if (!pskb_may_pull(skb, sizeof(*th)))
513 th->check = ~tcp_v4_check(skb->len, iph->saddr, iph->daddr, 0);
514 skb->csum_start = skb_transport_header(skb) - skb->head;
515 skb->csum_offset = offsetof(struct tcphdr, check);
516 skb->ip_summed = CHECKSUM_PARTIAL;
521 * This routine will send an RST to the other tcp.
523 * Someone asks: why I NEVER use socket parameters (TOS, TTL etc.)
525 * Answer: if a packet caused RST, it is not for a socket
526 * existing in our system, if it is matched to a socket,
527 * it is just duplicate segment or bug in other side's TCP.
528 * So that we build reply only basing on parameters
529 * arrived with segment.
530 * Exception: precedence violation. We do not implement it in any case.
533 static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
535 struct tcphdr *th = tcp_hdr(skb);
538 #ifdef CONFIG_TCP_MD5SIG
539 __be32 opt[(TCPOLEN_MD5SIG_ALIGNED >> 2)];
542 struct ip_reply_arg arg;
543 #ifdef CONFIG_TCP_MD5SIG
544 struct tcp_md5sig_key *key;
548 /* Never send a reset in response to a reset. */
552 if (skb->rtable->rt_type != RTN_LOCAL)
555 /* Swap the send and the receive. */
556 memset(&rep, 0, sizeof(rep));
557 rep.th.dest = th->source;
558 rep.th.source = th->dest;
559 rep.th.doff = sizeof(struct tcphdr) / 4;
563 rep.th.seq = th->ack_seq;
566 rep.th.ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin +
567 skb->len - (th->doff << 2));
570 memset(&arg, 0, sizeof(arg));
571 arg.iov[0].iov_base = (unsigned char *)&rep;
572 arg.iov[0].iov_len = sizeof(rep.th);
574 #ifdef CONFIG_TCP_MD5SIG
575 key = sk ? tcp_v4_md5_do_lookup(sk, ip_hdr(skb)->daddr) : NULL;
577 rep.opt[0] = htonl((TCPOPT_NOP << 24) |
579 (TCPOPT_MD5SIG << 8) |
581 /* Update length and the length the header thinks exists */
582 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
583 rep.th.doff = arg.iov[0].iov_len / 4;
585 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[1],
586 key, ip_hdr(skb)->daddr,
587 ip_hdr(skb)->saddr, &rep.th);
590 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
591 ip_hdr(skb)->saddr, /* XXX */
592 sizeof(struct tcphdr), IPPROTO_TCP, 0);
593 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
595 net = dev_net(skb->dst->dev);
596 ip_send_reply(net->ipv4.tcp_sock, skb,
597 &arg, arg.iov[0].iov_len);
599 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
600 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
603 /* The code following below sending ACKs in SYN-RECV and TIME-WAIT states
604 outside socket context is ugly, certainly. What can I do?
607 static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, u32 ack,
608 u32 win, u32 ts, int oif,
609 struct tcp_md5sig_key *key)
611 struct tcphdr *th = tcp_hdr(skb);
614 __be32 opt[(TCPOLEN_TSTAMP_ALIGNED >> 2)
615 #ifdef CONFIG_TCP_MD5SIG
616 + (TCPOLEN_MD5SIG_ALIGNED >> 2)
620 struct ip_reply_arg arg;
621 struct net *net = dev_net(skb->dev);
623 memset(&rep.th, 0, sizeof(struct tcphdr));
624 memset(&arg, 0, sizeof(arg));
626 arg.iov[0].iov_base = (unsigned char *)&rep;
627 arg.iov[0].iov_len = sizeof(rep.th);
629 rep.opt[0] = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
630 (TCPOPT_TIMESTAMP << 8) |
632 rep.opt[1] = htonl(tcp_time_stamp);
633 rep.opt[2] = htonl(ts);
634 arg.iov[0].iov_len += TCPOLEN_TSTAMP_ALIGNED;
637 /* Swap the send and the receive. */
638 rep.th.dest = th->source;
639 rep.th.source = th->dest;
640 rep.th.doff = arg.iov[0].iov_len / 4;
641 rep.th.seq = htonl(seq);
642 rep.th.ack_seq = htonl(ack);
644 rep.th.window = htons(win);
646 #ifdef CONFIG_TCP_MD5SIG
648 int offset = (ts) ? 3 : 0;
650 rep.opt[offset++] = htonl((TCPOPT_NOP << 24) |
652 (TCPOPT_MD5SIG << 8) |
654 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
655 rep.th.doff = arg.iov[0].iov_len/4;
657 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[offset],
658 key, ip_hdr(skb)->daddr,
659 ip_hdr(skb)->saddr, &rep.th);
662 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
663 ip_hdr(skb)->saddr, /* XXX */
664 arg.iov[0].iov_len, IPPROTO_TCP, 0);
665 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
667 arg.bound_dev_if = oif;
669 ip_send_reply(net->ipv4.tcp_sock, skb,
670 &arg, arg.iov[0].iov_len);
672 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
675 static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb)
677 struct inet_timewait_sock *tw = inet_twsk(sk);
678 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
680 tcp_v4_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
681 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
684 tcp_twsk_md5_key(tcptw)
690 static void tcp_v4_reqsk_send_ack(struct sk_buff *skb,
691 struct request_sock *req)
693 tcp_v4_send_ack(skb, tcp_rsk(req)->snt_isn + 1,
694 tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd,
697 tcp_v4_md5_do_lookup(skb->sk, ip_hdr(skb)->daddr));
701 * Send a SYN-ACK after having received a SYN.
702 * This still operates on a request_sock only, not on a big
705 static int __tcp_v4_send_synack(struct sock *sk, struct request_sock *req,
706 struct dst_entry *dst)
708 const struct inet_request_sock *ireq = inet_rsk(req);
710 struct sk_buff * skb;
712 /* First, grab a route. */
713 if (!dst && (dst = inet_csk_route_req(sk, req)) == NULL)
716 skb = tcp_make_synack(sk, dst, req);
719 struct tcphdr *th = tcp_hdr(skb);
721 th->check = tcp_v4_check(skb->len,
724 csum_partial((char *)th, skb->len,
727 err = ip_build_and_send_pkt(skb, sk, ireq->loc_addr,
730 err = net_xmit_eval(err);
737 static int tcp_v4_send_synack(struct sock *sk, struct request_sock *req)
739 return __tcp_v4_send_synack(sk, req, NULL);
743 * IPv4 request_sock destructor.
745 static void tcp_v4_reqsk_destructor(struct request_sock *req)
747 kfree(inet_rsk(req)->opt);
750 #ifdef CONFIG_SYN_COOKIES
751 static void syn_flood_warning(struct sk_buff *skb)
753 static unsigned long warntime;
755 if (time_after(jiffies, (warntime + HZ * 60))) {
758 "possible SYN flooding on port %d. Sending cookies.\n",
759 ntohs(tcp_hdr(skb)->dest));
765 * Save and compile IPv4 options into the request_sock if needed.
767 static struct ip_options *tcp_v4_save_options(struct sock *sk,
770 struct ip_options *opt = &(IPCB(skb)->opt);
771 struct ip_options *dopt = NULL;
773 if (opt && opt->optlen) {
774 int opt_size = optlength(opt);
775 dopt = kmalloc(opt_size, GFP_ATOMIC);
777 if (ip_options_echo(dopt, skb)) {
786 #ifdef CONFIG_TCP_MD5SIG
788 * RFC2385 MD5 checksumming requires a mapping of
789 * IP address->MD5 Key.
790 * We need to maintain these in the sk structure.
793 /* Find the Key structure for an address. */
794 static struct tcp_md5sig_key *
795 tcp_v4_md5_do_lookup(struct sock *sk, __be32 addr)
797 struct tcp_sock *tp = tcp_sk(sk);
800 if (!tp->md5sig_info || !tp->md5sig_info->entries4)
802 for (i = 0; i < tp->md5sig_info->entries4; i++) {
803 if (tp->md5sig_info->keys4[i].addr == addr)
804 return &tp->md5sig_info->keys4[i].base;
809 struct tcp_md5sig_key *tcp_v4_md5_lookup(struct sock *sk,
810 struct sock *addr_sk)
812 return tcp_v4_md5_do_lookup(sk, inet_sk(addr_sk)->daddr);
815 EXPORT_SYMBOL(tcp_v4_md5_lookup);
817 static struct tcp_md5sig_key *tcp_v4_reqsk_md5_lookup(struct sock *sk,
818 struct request_sock *req)
820 return tcp_v4_md5_do_lookup(sk, inet_rsk(req)->rmt_addr);
823 /* This can be called on a newly created socket, from other files */
824 int tcp_v4_md5_do_add(struct sock *sk, __be32 addr,
825 u8 *newkey, u8 newkeylen)
827 /* Add Key to the list */
828 struct tcp_md5sig_key *key;
829 struct tcp_sock *tp = tcp_sk(sk);
830 struct tcp4_md5sig_key *keys;
832 key = tcp_v4_md5_do_lookup(sk, addr);
834 /* Pre-existing entry - just update that one. */
837 key->keylen = newkeylen;
839 struct tcp_md5sig_info *md5sig;
841 if (!tp->md5sig_info) {
842 tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info),
844 if (!tp->md5sig_info) {
848 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
850 if (tcp_alloc_md5sig_pool() == NULL) {
854 md5sig = tp->md5sig_info;
856 if (md5sig->alloced4 == md5sig->entries4) {
857 keys = kmalloc((sizeof(*keys) *
858 (md5sig->entries4 + 1)), GFP_ATOMIC);
861 tcp_free_md5sig_pool();
865 if (md5sig->entries4)
866 memcpy(keys, md5sig->keys4,
867 sizeof(*keys) * md5sig->entries4);
869 /* Free old key list, and reference new one */
870 kfree(md5sig->keys4);
871 md5sig->keys4 = keys;
875 md5sig->keys4[md5sig->entries4 - 1].addr = addr;
876 md5sig->keys4[md5sig->entries4 - 1].base.key = newkey;
877 md5sig->keys4[md5sig->entries4 - 1].base.keylen = newkeylen;
882 EXPORT_SYMBOL(tcp_v4_md5_do_add);
884 static int tcp_v4_md5_add_func(struct sock *sk, struct sock *addr_sk,
885 u8 *newkey, u8 newkeylen)
887 return tcp_v4_md5_do_add(sk, inet_sk(addr_sk)->daddr,
891 int tcp_v4_md5_do_del(struct sock *sk, __be32 addr)
893 struct tcp_sock *tp = tcp_sk(sk);
896 for (i = 0; i < tp->md5sig_info->entries4; i++) {
897 if (tp->md5sig_info->keys4[i].addr == addr) {
899 kfree(tp->md5sig_info->keys4[i].base.key);
900 tp->md5sig_info->entries4--;
902 if (tp->md5sig_info->entries4 == 0) {
903 kfree(tp->md5sig_info->keys4);
904 tp->md5sig_info->keys4 = NULL;
905 tp->md5sig_info->alloced4 = 0;
906 } else if (tp->md5sig_info->entries4 != i) {
907 /* Need to do some manipulation */
908 memmove(&tp->md5sig_info->keys4[i],
909 &tp->md5sig_info->keys4[i+1],
910 (tp->md5sig_info->entries4 - i) *
911 sizeof(struct tcp4_md5sig_key));
913 tcp_free_md5sig_pool();
920 EXPORT_SYMBOL(tcp_v4_md5_do_del);
922 static void tcp_v4_clear_md5_list(struct sock *sk)
924 struct tcp_sock *tp = tcp_sk(sk);
926 /* Free each key, then the set of key keys,
927 * the crypto element, and then decrement our
928 * hold on the last resort crypto.
930 if (tp->md5sig_info->entries4) {
932 for (i = 0; i < tp->md5sig_info->entries4; i++)
933 kfree(tp->md5sig_info->keys4[i].base.key);
934 tp->md5sig_info->entries4 = 0;
935 tcp_free_md5sig_pool();
937 if (tp->md5sig_info->keys4) {
938 kfree(tp->md5sig_info->keys4);
939 tp->md5sig_info->keys4 = NULL;
940 tp->md5sig_info->alloced4 = 0;
944 static int tcp_v4_parse_md5_keys(struct sock *sk, char __user *optval,
947 struct tcp_md5sig cmd;
948 struct sockaddr_in *sin = (struct sockaddr_in *)&cmd.tcpm_addr;
951 if (optlen < sizeof(cmd))
954 if (copy_from_user(&cmd, optval, sizeof(cmd)))
957 if (sin->sin_family != AF_INET)
960 if (!cmd.tcpm_key || !cmd.tcpm_keylen) {
961 if (!tcp_sk(sk)->md5sig_info)
963 return tcp_v4_md5_do_del(sk, sin->sin_addr.s_addr);
966 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
969 if (!tcp_sk(sk)->md5sig_info) {
970 struct tcp_sock *tp = tcp_sk(sk);
971 struct tcp_md5sig_info *p = kzalloc(sizeof(*p), GFP_KERNEL);
977 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
980 newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
983 return tcp_v4_md5_do_add(sk, sin->sin_addr.s_addr,
984 newkey, cmd.tcpm_keylen);
987 static int tcp_v4_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
988 __be32 daddr, __be32 saddr, int nbytes)
990 struct tcp4_pseudohdr *bp;
991 struct scatterlist sg;
993 bp = &hp->md5_blk.ip4;
996 * 1. the TCP pseudo-header (in the order: source IP address,
997 * destination IP address, zero-padded protocol number, and
1003 bp->protocol = IPPROTO_TCP;
1004 bp->len = cpu_to_be16(nbytes);
1006 sg_init_one(&sg, bp, sizeof(*bp));
1007 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
1010 static int tcp_v4_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
1011 __be32 daddr, __be32 saddr, struct tcphdr *th)
1013 struct tcp_md5sig_pool *hp;
1014 struct hash_desc *desc;
1016 hp = tcp_get_md5sig_pool();
1018 goto clear_hash_noput;
1019 desc = &hp->md5_desc;
1021 if (crypto_hash_init(desc))
1023 if (tcp_v4_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
1025 if (tcp_md5_hash_header(hp, th))
1027 if (tcp_md5_hash_key(hp, key))
1029 if (crypto_hash_final(desc, md5_hash))
1032 tcp_put_md5sig_pool();
1036 tcp_put_md5sig_pool();
1038 memset(md5_hash, 0, 16);
1042 int tcp_v4_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
1043 struct sock *sk, struct request_sock *req,
1044 struct sk_buff *skb)
1046 struct tcp_md5sig_pool *hp;
1047 struct hash_desc *desc;
1048 struct tcphdr *th = tcp_hdr(skb);
1049 __be32 saddr, daddr;
1052 saddr = inet_sk(sk)->saddr;
1053 daddr = inet_sk(sk)->daddr;
1055 saddr = inet_rsk(req)->loc_addr;
1056 daddr = inet_rsk(req)->rmt_addr;
1058 const struct iphdr *iph = ip_hdr(skb);
1063 hp = tcp_get_md5sig_pool();
1065 goto clear_hash_noput;
1066 desc = &hp->md5_desc;
1068 if (crypto_hash_init(desc))
1071 if (tcp_v4_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
1073 if (tcp_md5_hash_header(hp, th))
1075 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
1077 if (tcp_md5_hash_key(hp, key))
1079 if (crypto_hash_final(desc, md5_hash))
1082 tcp_put_md5sig_pool();
1086 tcp_put_md5sig_pool();
1088 memset(md5_hash, 0, 16);
1092 EXPORT_SYMBOL(tcp_v4_md5_hash_skb);
1094 static int tcp_v4_inbound_md5_hash(struct sock *sk, struct sk_buff *skb)
1097 * This gets called for each TCP segment that arrives
1098 * so we want to be efficient.
1099 * We have 3 drop cases:
1100 * o No MD5 hash and one expected.
1101 * o MD5 hash and we're not expecting one.
1102 * o MD5 hash and its wrong.
1104 __u8 *hash_location = NULL;
1105 struct tcp_md5sig_key *hash_expected;
1106 const struct iphdr *iph = ip_hdr(skb);
1107 struct tcphdr *th = tcp_hdr(skb);
1109 unsigned char newhash[16];
1111 hash_expected = tcp_v4_md5_do_lookup(sk, iph->saddr);
1112 hash_location = tcp_parse_md5sig_option(th);
1114 /* We've parsed the options - do we have a hash? */
1115 if (!hash_expected && !hash_location)
1118 if (hash_expected && !hash_location) {
1119 LIMIT_NETDEBUG(KERN_INFO "MD5 Hash expected but NOT found "
1120 "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n",
1121 NIPQUAD(iph->saddr), ntohs(th->source),
1122 NIPQUAD(iph->daddr), ntohs(th->dest));
1126 if (!hash_expected && hash_location) {
1127 LIMIT_NETDEBUG(KERN_INFO "MD5 Hash NOT expected but found "
1128 "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n",
1129 NIPQUAD(iph->saddr), ntohs(th->source),
1130 NIPQUAD(iph->daddr), ntohs(th->dest));
1134 /* Okay, so this is hash_expected and hash_location -
1135 * so we need to calculate the checksum.
1137 genhash = tcp_v4_md5_hash_skb(newhash,
1141 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
1142 if (net_ratelimit()) {
1143 printk(KERN_INFO "MD5 Hash failed for "
1144 "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)%s\n",
1145 NIPQUAD(iph->saddr), ntohs(th->source),
1146 NIPQUAD(iph->daddr), ntohs(th->dest),
1147 genhash ? " tcp_v4_calc_md5_hash failed" : "");
1156 struct request_sock_ops tcp_request_sock_ops __read_mostly = {
1158 .obj_size = sizeof(struct tcp_request_sock),
1159 .rtx_syn_ack = tcp_v4_send_synack,
1160 .send_ack = tcp_v4_reqsk_send_ack,
1161 .destructor = tcp_v4_reqsk_destructor,
1162 .send_reset = tcp_v4_send_reset,
1165 #ifdef CONFIG_TCP_MD5SIG
1166 static struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = {
1167 .md5_lookup = tcp_v4_reqsk_md5_lookup,
1171 static struct timewait_sock_ops tcp_timewait_sock_ops = {
1172 .twsk_obj_size = sizeof(struct tcp_timewait_sock),
1173 .twsk_unique = tcp_twsk_unique,
1174 .twsk_destructor= tcp_twsk_destructor,
1177 int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1179 struct inet_request_sock *ireq;
1180 struct tcp_options_received tmp_opt;
1181 struct request_sock *req;
1182 __be32 saddr = ip_hdr(skb)->saddr;
1183 __be32 daddr = ip_hdr(skb)->daddr;
1184 __u32 isn = TCP_SKB_CB(skb)->when;
1185 struct dst_entry *dst = NULL;
1186 #ifdef CONFIG_SYN_COOKIES
1187 int want_cookie = 0;
1189 #define want_cookie 0 /* Argh, why doesn't gcc optimize this :( */
1192 /* Never answer to SYNs send to broadcast or multicast */
1193 if (skb->rtable->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))
1196 /* TW buckets are converted to open requests without
1197 * limitations, they conserve resources and peer is
1198 * evidently real one.
1200 if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1201 #ifdef CONFIG_SYN_COOKIES
1202 if (sysctl_tcp_syncookies) {
1209 /* Accept backlog is full. If we have already queued enough
1210 * of warm entries in syn queue, drop request. It is better than
1211 * clogging syn queue with openreqs with exponentially increasing
1214 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1217 req = inet_reqsk_alloc(&tcp_request_sock_ops);
1221 #ifdef CONFIG_TCP_MD5SIG
1222 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv4_ops;
1225 tcp_clear_options(&tmp_opt);
1226 tmp_opt.mss_clamp = 536;
1227 tmp_opt.user_mss = tcp_sk(sk)->rx_opt.user_mss;
1229 tcp_parse_options(skb, &tmp_opt, 0);
1231 if (want_cookie && !tmp_opt.saw_tstamp)
1232 tcp_clear_options(&tmp_opt);
1234 if (tmp_opt.saw_tstamp && !tmp_opt.rcv_tsval) {
1235 /* Some OSes (unknown ones, but I see them on web server, which
1236 * contains information interesting only for windows'
1237 * users) do not send their stamp in SYN. It is easy case.
1238 * We simply do not advertise TS support.
1240 tmp_opt.saw_tstamp = 0;
1241 tmp_opt.tstamp_ok = 0;
1243 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1245 tcp_openreq_init(req, &tmp_opt, skb);
1247 if (security_inet_conn_request(sk, skb, req))
1250 ireq = inet_rsk(req);
1251 ireq->loc_addr = daddr;
1252 ireq->rmt_addr = saddr;
1253 ireq->opt = tcp_v4_save_options(sk, skb);
1255 TCP_ECN_create_request(req, tcp_hdr(skb));
1258 #ifdef CONFIG_SYN_COOKIES
1259 syn_flood_warning(skb);
1260 req->cookie_ts = tmp_opt.tstamp_ok;
1262 isn = cookie_v4_init_sequence(sk, skb, &req->mss);
1264 struct inet_peer *peer = NULL;
1266 /* VJ's idea. We save last timestamp seen
1267 * from the destination in peer table, when entering
1268 * state TIME-WAIT, and check against it before
1269 * accepting new connection request.
1271 * If "isn" is not zero, this request hit alive
1272 * timewait bucket, so that all the necessary checks
1273 * are made in the function processing timewait state.
1275 if (tmp_opt.saw_tstamp &&
1276 tcp_death_row.sysctl_tw_recycle &&
1277 (dst = inet_csk_route_req(sk, req)) != NULL &&
1278 (peer = rt_get_peer((struct rtable *)dst)) != NULL &&
1279 peer->v4daddr == saddr) {
1280 if (get_seconds() < peer->tcp_ts_stamp + TCP_PAWS_MSL &&
1281 (s32)(peer->tcp_ts - req->ts_recent) >
1283 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSPASSIVEREJECTED);
1284 goto drop_and_release;
1287 /* Kill the following clause, if you dislike this way. */
1288 else if (!sysctl_tcp_syncookies &&
1289 (sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) <
1290 (sysctl_max_syn_backlog >> 2)) &&
1291 (!peer || !peer->tcp_ts_stamp) &&
1292 (!dst || !dst_metric(dst, RTAX_RTT))) {
1293 /* Without syncookies last quarter of
1294 * backlog is filled with destinations,
1295 * proven to be alive.
1296 * It means that we continue to communicate
1297 * to destinations, already remembered
1298 * to the moment of synflood.
1300 LIMIT_NETDEBUG(KERN_DEBUG "TCP: drop open "
1301 "request from " NIPQUAD_FMT "/%u\n",
1303 ntohs(tcp_hdr(skb)->source));
1304 goto drop_and_release;
1307 isn = tcp_v4_init_sequence(skb);
1309 tcp_rsk(req)->snt_isn = isn;
1311 if (__tcp_v4_send_synack(sk, req, dst) || want_cookie)
1314 inet_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1327 * The three way handshake has completed - we got a valid synack -
1328 * now create the new socket.
1330 struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1331 struct request_sock *req,
1332 struct dst_entry *dst)
1334 struct inet_request_sock *ireq;
1335 struct inet_sock *newinet;
1336 struct tcp_sock *newtp;
1338 #ifdef CONFIG_TCP_MD5SIG
1339 struct tcp_md5sig_key *key;
1342 if (sk_acceptq_is_full(sk))
1345 if (!dst && (dst = inet_csk_route_req(sk, req)) == NULL)
1348 newsk = tcp_create_openreq_child(sk, req, skb);
1352 newsk->sk_gso_type = SKB_GSO_TCPV4;
1353 sk_setup_caps(newsk, dst);
1355 newtp = tcp_sk(newsk);
1356 newinet = inet_sk(newsk);
1357 ireq = inet_rsk(req);
1358 newinet->daddr = ireq->rmt_addr;
1359 newinet->rcv_saddr = ireq->loc_addr;
1360 newinet->saddr = ireq->loc_addr;
1361 newinet->opt = ireq->opt;
1363 newinet->mc_index = inet_iif(skb);
1364 newinet->mc_ttl = ip_hdr(skb)->ttl;
1365 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1367 inet_csk(newsk)->icsk_ext_hdr_len = newinet->opt->optlen;
1368 newinet->id = newtp->write_seq ^ jiffies;
1370 tcp_mtup_init(newsk);
1371 tcp_sync_mss(newsk, dst_mtu(dst));
1372 newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1373 tcp_initialize_rcv_mss(newsk);
1375 #ifdef CONFIG_TCP_MD5SIG
1376 /* Copy over the MD5 key from the original socket */
1377 if ((key = tcp_v4_md5_do_lookup(sk, newinet->daddr)) != NULL) {
1379 * We're using one, so create a matching key
1380 * on the newsk structure. If we fail to get
1381 * memory, then we end up not copying the key
1384 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1386 tcp_v4_md5_do_add(newsk, inet_sk(sk)->daddr,
1387 newkey, key->keylen);
1388 newsk->sk_route_caps &= ~NETIF_F_GSO_MASK;
1392 __inet_hash_nolisten(newsk);
1393 __inet_inherit_port(sk, newsk);
1398 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1400 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1405 static struct sock *tcp_v4_hnd_req(struct sock *sk, struct sk_buff *skb)
1407 struct tcphdr *th = tcp_hdr(skb);
1408 const struct iphdr *iph = ip_hdr(skb);
1410 struct request_sock **prev;
1411 /* Find possible connection requests. */
1412 struct request_sock *req = inet_csk_search_req(sk, &prev, th->source,
1413 iph->saddr, iph->daddr);
1415 return tcp_check_req(sk, skb, req, prev);
1417 nsk = inet_lookup_established(sock_net(sk), &tcp_hashinfo, iph->saddr,
1418 th->source, iph->daddr, th->dest, inet_iif(skb));
1421 if (nsk->sk_state != TCP_TIME_WAIT) {
1425 inet_twsk_put(inet_twsk(nsk));
1429 #ifdef CONFIG_SYN_COOKIES
1430 if (!th->rst && !th->syn && th->ack)
1431 sk = cookie_v4_check(sk, skb, &(IPCB(skb)->opt));
1436 static __sum16 tcp_v4_checksum_init(struct sk_buff *skb)
1438 const struct iphdr *iph = ip_hdr(skb);
1440 if (skb->ip_summed == CHECKSUM_COMPLETE) {
1441 if (!tcp_v4_check(skb->len, iph->saddr,
1442 iph->daddr, skb->csum)) {
1443 skb->ip_summed = CHECKSUM_UNNECESSARY;
1448 skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr,
1449 skb->len, IPPROTO_TCP, 0);
1451 if (skb->len <= 76) {
1452 return __skb_checksum_complete(skb);
1458 /* The socket must have it's spinlock held when we get
1461 * We have a potential double-lock case here, so even when
1462 * doing backlog processing we use the BH locking scheme.
1463 * This is because we cannot sleep with the original spinlock
1466 int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
1469 #ifdef CONFIG_TCP_MD5SIG
1471 * We really want to reject the packet as early as possible
1473 * o We're expecting an MD5'd packet and this is no MD5 tcp option
1474 * o There is an MD5 option and we're not expecting one
1476 if (tcp_v4_inbound_md5_hash(sk, skb))
1480 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1481 TCP_CHECK_TIMER(sk);
1482 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) {
1486 TCP_CHECK_TIMER(sk);
1490 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1493 if (sk->sk_state == TCP_LISTEN) {
1494 struct sock *nsk = tcp_v4_hnd_req(sk, skb);
1499 if (tcp_child_process(sk, nsk, skb)) {
1507 TCP_CHECK_TIMER(sk);
1508 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) {
1512 TCP_CHECK_TIMER(sk);
1516 tcp_v4_send_reset(rsk, skb);
1519 /* Be careful here. If this function gets more complicated and
1520 * gcc suffers from register pressure on the x86, sk (in %ebx)
1521 * might be destroyed here. This current version compiles correctly,
1522 * but you have been warned.
1527 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1535 int tcp_v4_rcv(struct sk_buff *skb)
1537 const struct iphdr *iph;
1541 struct net *net = dev_net(skb->dev);
1543 if (skb->pkt_type != PACKET_HOST)
1546 /* Count it even if it's bad */
1547 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1549 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1554 if (th->doff < sizeof(struct tcphdr) / 4)
1556 if (!pskb_may_pull(skb, th->doff * 4))
1559 /* An explanation is required here, I think.
1560 * Packet length and doff are validated by header prediction,
1561 * provided case of th->doff==0 is eliminated.
1562 * So, we defer the checks. */
1563 if (!skb_csum_unnecessary(skb) && tcp_v4_checksum_init(skb))
1568 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1569 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1570 skb->len - th->doff * 4);
1571 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1572 TCP_SKB_CB(skb)->when = 0;
1573 TCP_SKB_CB(skb)->flags = iph->tos;
1574 TCP_SKB_CB(skb)->sacked = 0;
1576 sk = __inet_lookup(net, &tcp_hashinfo, iph->saddr,
1577 th->source, iph->daddr, th->dest, inet_iif(skb));
1582 if (sk->sk_state == TCP_TIME_WAIT)
1585 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
1586 goto discard_and_relse;
1589 if (sk_filter(sk, skb))
1590 goto discard_and_relse;
1594 bh_lock_sock_nested(sk);
1596 if (!sock_owned_by_user(sk)) {
1597 #ifdef CONFIG_NET_DMA
1598 struct tcp_sock *tp = tcp_sk(sk);
1599 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1600 tp->ucopy.dma_chan = get_softnet_dma();
1601 if (tp->ucopy.dma_chan)
1602 ret = tcp_v4_do_rcv(sk, skb);
1606 if (!tcp_prequeue(sk, skb))
1607 ret = tcp_v4_do_rcv(sk, skb);
1610 sk_add_backlog(sk, skb);
1618 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
1621 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) {
1623 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1625 tcp_v4_send_reset(NULL, skb);
1629 /* Discard frame. */
1638 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1639 inet_twsk_put(inet_twsk(sk));
1643 if (skb->len < (th->doff << 2) || tcp_checksum_complete(skb)) {
1644 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1645 inet_twsk_put(inet_twsk(sk));
1648 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1650 struct sock *sk2 = inet_lookup_listener(dev_net(skb->dev),
1652 iph->daddr, th->dest,
1655 inet_twsk_deschedule(inet_twsk(sk), &tcp_death_row);
1656 inet_twsk_put(inet_twsk(sk));
1660 /* Fall through to ACK */
1663 tcp_v4_timewait_ack(sk, skb);
1667 case TCP_TW_SUCCESS:;
1672 /* VJ's idea. Save last timestamp seen from this destination
1673 * and hold it at least for normal timewait interval to use for duplicate
1674 * segment detection in subsequent connections, before they enter synchronized
1678 int tcp_v4_remember_stamp(struct sock *sk)
1680 struct inet_sock *inet = inet_sk(sk);
1681 struct tcp_sock *tp = tcp_sk(sk);
1682 struct rtable *rt = (struct rtable *)__sk_dst_get(sk);
1683 struct inet_peer *peer = NULL;
1686 if (!rt || rt->rt_dst != inet->daddr) {
1687 peer = inet_getpeer(inet->daddr, 1);
1691 rt_bind_peer(rt, 1);
1696 if ((s32)(peer->tcp_ts - tp->rx_opt.ts_recent) <= 0 ||
1697 (peer->tcp_ts_stamp + TCP_PAWS_MSL < get_seconds() &&
1698 peer->tcp_ts_stamp <= tp->rx_opt.ts_recent_stamp)) {
1699 peer->tcp_ts_stamp = tp->rx_opt.ts_recent_stamp;
1700 peer->tcp_ts = tp->rx_opt.ts_recent;
1710 int tcp_v4_tw_remember_stamp(struct inet_timewait_sock *tw)
1712 struct inet_peer *peer = inet_getpeer(tw->tw_daddr, 1);
1715 const struct tcp_timewait_sock *tcptw = tcp_twsk((struct sock *)tw);
1717 if ((s32)(peer->tcp_ts - tcptw->tw_ts_recent) <= 0 ||
1718 (peer->tcp_ts_stamp + TCP_PAWS_MSL < get_seconds() &&
1719 peer->tcp_ts_stamp <= tcptw->tw_ts_recent_stamp)) {
1720 peer->tcp_ts_stamp = tcptw->tw_ts_recent_stamp;
1721 peer->tcp_ts = tcptw->tw_ts_recent;
1730 struct inet_connection_sock_af_ops ipv4_specific = {
1731 .queue_xmit = ip_queue_xmit,
1732 .send_check = tcp_v4_send_check,
1733 .rebuild_header = inet_sk_rebuild_header,
1734 .conn_request = tcp_v4_conn_request,
1735 .syn_recv_sock = tcp_v4_syn_recv_sock,
1736 .remember_stamp = tcp_v4_remember_stamp,
1737 .net_header_len = sizeof(struct iphdr),
1738 .setsockopt = ip_setsockopt,
1739 .getsockopt = ip_getsockopt,
1740 .addr2sockaddr = inet_csk_addr2sockaddr,
1741 .sockaddr_len = sizeof(struct sockaddr_in),
1742 .bind_conflict = inet_csk_bind_conflict,
1743 #ifdef CONFIG_COMPAT
1744 .compat_setsockopt = compat_ip_setsockopt,
1745 .compat_getsockopt = compat_ip_getsockopt,
1749 #ifdef CONFIG_TCP_MD5SIG
1750 static struct tcp_sock_af_ops tcp_sock_ipv4_specific = {
1751 .md5_lookup = tcp_v4_md5_lookup,
1752 .calc_md5_hash = tcp_v4_md5_hash_skb,
1753 .md5_add = tcp_v4_md5_add_func,
1754 .md5_parse = tcp_v4_parse_md5_keys,
1758 /* NOTE: A lot of things set to zero explicitly by call to
1759 * sk_alloc() so need not be done here.
1761 static int tcp_v4_init_sock(struct sock *sk)
1763 struct inet_connection_sock *icsk = inet_csk(sk);
1764 struct tcp_sock *tp = tcp_sk(sk);
1766 skb_queue_head_init(&tp->out_of_order_queue);
1767 tcp_init_xmit_timers(sk);
1768 tcp_prequeue_init(tp);
1770 icsk->icsk_rto = TCP_TIMEOUT_INIT;
1771 tp->mdev = TCP_TIMEOUT_INIT;
1773 /* So many TCP implementations out there (incorrectly) count the
1774 * initial SYN frame in their delayed-ACK and congestion control
1775 * algorithms that we must have the following bandaid to talk
1776 * efficiently to them. -DaveM
1780 /* See draft-stevens-tcpca-spec-01 for discussion of the
1781 * initialization of these values.
1783 tp->snd_ssthresh = 0x7fffffff; /* Infinity */
1784 tp->snd_cwnd_clamp = ~0;
1785 tp->mss_cache = 536;
1787 tp->reordering = sysctl_tcp_reordering;
1788 icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1790 sk->sk_state = TCP_CLOSE;
1792 sk->sk_write_space = sk_stream_write_space;
1793 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1795 icsk->icsk_af_ops = &ipv4_specific;
1796 icsk->icsk_sync_mss = tcp_sync_mss;
1797 #ifdef CONFIG_TCP_MD5SIG
1798 tp->af_specific = &tcp_sock_ipv4_specific;
1801 sk->sk_sndbuf = sysctl_tcp_wmem[1];
1802 sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1804 atomic_inc(&tcp_sockets_allocated);
1809 void tcp_v4_destroy_sock(struct sock *sk)
1811 struct tcp_sock *tp = tcp_sk(sk);
1813 tcp_clear_xmit_timers(sk);
1815 tcp_cleanup_congestion_control(sk);
1817 /* Cleanup up the write buffer. */
1818 tcp_write_queue_purge(sk);
1820 /* Cleans up our, hopefully empty, out_of_order_queue. */
1821 __skb_queue_purge(&tp->out_of_order_queue);
1823 #ifdef CONFIG_TCP_MD5SIG
1824 /* Clean up the MD5 key list, if any */
1825 if (tp->md5sig_info) {
1826 tcp_v4_clear_md5_list(sk);
1827 kfree(tp->md5sig_info);
1828 tp->md5sig_info = NULL;
1832 #ifdef CONFIG_NET_DMA
1833 /* Cleans up our sk_async_wait_queue */
1834 __skb_queue_purge(&sk->sk_async_wait_queue);
1837 /* Clean prequeue, it must be empty really */
1838 __skb_queue_purge(&tp->ucopy.prequeue);
1840 /* Clean up a referenced TCP bind bucket. */
1841 if (inet_csk(sk)->icsk_bind_hash)
1845 * If sendmsg cached page exists, toss it.
1847 if (sk->sk_sndmsg_page) {
1848 __free_page(sk->sk_sndmsg_page);
1849 sk->sk_sndmsg_page = NULL;
1852 atomic_dec(&tcp_sockets_allocated);
1855 EXPORT_SYMBOL(tcp_v4_destroy_sock);
1857 #ifdef CONFIG_PROC_FS
1858 /* Proc filesystem TCP sock list dumping. */
1860 static inline struct inet_timewait_sock *tw_head(struct hlist_head *head)
1862 return hlist_empty(head) ? NULL :
1863 list_entry(head->first, struct inet_timewait_sock, tw_node);
1866 static inline struct inet_timewait_sock *tw_next(struct inet_timewait_sock *tw)
1868 return tw->tw_node.next ?
1869 hlist_entry(tw->tw_node.next, typeof(*tw), tw_node) : NULL;
1872 static void *listening_get_next(struct seq_file *seq, void *cur)
1874 struct inet_connection_sock *icsk;
1875 struct hlist_node *node;
1876 struct sock *sk = cur;
1877 struct tcp_iter_state* st = seq->private;
1878 struct net *net = seq_file_net(seq);
1882 sk = sk_head(&tcp_hashinfo.listening_hash[0]);
1888 if (st->state == TCP_SEQ_STATE_OPENREQ) {
1889 struct request_sock *req = cur;
1891 icsk = inet_csk(st->syn_wait_sk);
1895 if (req->rsk_ops->family == st->family) {
1901 if (++st->sbucket >= icsk->icsk_accept_queue.listen_opt->nr_table_entries)
1904 req = icsk->icsk_accept_queue.listen_opt->syn_table[st->sbucket];
1906 sk = sk_next(st->syn_wait_sk);
1907 st->state = TCP_SEQ_STATE_LISTENING;
1908 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
1910 icsk = inet_csk(sk);
1911 read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
1912 if (reqsk_queue_len(&icsk->icsk_accept_queue))
1914 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
1918 sk_for_each_from(sk, node) {
1919 if (sk->sk_family == st->family && net_eq(sock_net(sk), net)) {
1923 icsk = inet_csk(sk);
1924 read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
1925 if (reqsk_queue_len(&icsk->icsk_accept_queue)) {
1927 st->uid = sock_i_uid(sk);
1928 st->syn_wait_sk = sk;
1929 st->state = TCP_SEQ_STATE_OPENREQ;
1933 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
1935 if (++st->bucket < INET_LHTABLE_SIZE) {
1936 sk = sk_head(&tcp_hashinfo.listening_hash[st->bucket]);
1944 static void *listening_get_idx(struct seq_file *seq, loff_t *pos)
1946 void *rc = listening_get_next(seq, NULL);
1948 while (rc && *pos) {
1949 rc = listening_get_next(seq, rc);
1955 static void *established_get_first(struct seq_file *seq)
1957 struct tcp_iter_state* st = seq->private;
1958 struct net *net = seq_file_net(seq);
1961 for (st->bucket = 0; st->bucket < tcp_hashinfo.ehash_size; ++st->bucket) {
1963 struct hlist_node *node;
1964 struct inet_timewait_sock *tw;
1965 rwlock_t *lock = inet_ehash_lockp(&tcp_hashinfo, st->bucket);
1968 sk_for_each(sk, node, &tcp_hashinfo.ehash[st->bucket].chain) {
1969 if (sk->sk_family != st->family ||
1970 !net_eq(sock_net(sk), net)) {
1976 st->state = TCP_SEQ_STATE_TIME_WAIT;
1977 inet_twsk_for_each(tw, node,
1978 &tcp_hashinfo.ehash[st->bucket].twchain) {
1979 if (tw->tw_family != st->family ||
1980 !net_eq(twsk_net(tw), net)) {
1986 read_unlock_bh(lock);
1987 st->state = TCP_SEQ_STATE_ESTABLISHED;
1993 static void *established_get_next(struct seq_file *seq, void *cur)
1995 struct sock *sk = cur;
1996 struct inet_timewait_sock *tw;
1997 struct hlist_node *node;
1998 struct tcp_iter_state* st = seq->private;
1999 struct net *net = seq_file_net(seq);
2003 if (st->state == TCP_SEQ_STATE_TIME_WAIT) {
2007 while (tw && (tw->tw_family != st->family || !net_eq(twsk_net(tw), net))) {
2014 read_unlock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2015 st->state = TCP_SEQ_STATE_ESTABLISHED;
2017 if (++st->bucket < tcp_hashinfo.ehash_size) {
2018 read_lock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2019 sk = sk_head(&tcp_hashinfo.ehash[st->bucket].chain);
2027 sk_for_each_from(sk, node) {
2028 if (sk->sk_family == st->family && net_eq(sock_net(sk), net))
2032 st->state = TCP_SEQ_STATE_TIME_WAIT;
2033 tw = tw_head(&tcp_hashinfo.ehash[st->bucket].twchain);
2041 static void *established_get_idx(struct seq_file *seq, loff_t pos)
2043 void *rc = established_get_first(seq);
2046 rc = established_get_next(seq, rc);
2052 static void *tcp_get_idx(struct seq_file *seq, loff_t pos)
2055 struct tcp_iter_state* st = seq->private;
2057 inet_listen_lock(&tcp_hashinfo);
2058 st->state = TCP_SEQ_STATE_LISTENING;
2059 rc = listening_get_idx(seq, &pos);
2062 inet_listen_unlock(&tcp_hashinfo);
2063 st->state = TCP_SEQ_STATE_ESTABLISHED;
2064 rc = established_get_idx(seq, pos);
2070 static void *tcp_seq_start(struct seq_file *seq, loff_t *pos)
2072 struct tcp_iter_state* st = seq->private;
2073 st->state = TCP_SEQ_STATE_LISTENING;
2075 return *pos ? tcp_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2078 static void *tcp_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2081 struct tcp_iter_state* st;
2083 if (v == SEQ_START_TOKEN) {
2084 rc = tcp_get_idx(seq, 0);
2089 switch (st->state) {
2090 case TCP_SEQ_STATE_OPENREQ:
2091 case TCP_SEQ_STATE_LISTENING:
2092 rc = listening_get_next(seq, v);
2094 inet_listen_unlock(&tcp_hashinfo);
2095 st->state = TCP_SEQ_STATE_ESTABLISHED;
2096 rc = established_get_first(seq);
2099 case TCP_SEQ_STATE_ESTABLISHED:
2100 case TCP_SEQ_STATE_TIME_WAIT:
2101 rc = established_get_next(seq, v);
2109 static void tcp_seq_stop(struct seq_file *seq, void *v)
2111 struct tcp_iter_state* st = seq->private;
2113 switch (st->state) {
2114 case TCP_SEQ_STATE_OPENREQ:
2116 struct inet_connection_sock *icsk = inet_csk(st->syn_wait_sk);
2117 read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
2119 case TCP_SEQ_STATE_LISTENING:
2120 if (v != SEQ_START_TOKEN)
2121 inet_listen_unlock(&tcp_hashinfo);
2123 case TCP_SEQ_STATE_TIME_WAIT:
2124 case TCP_SEQ_STATE_ESTABLISHED:
2126 read_unlock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2131 static int tcp_seq_open(struct inode *inode, struct file *file)
2133 struct tcp_seq_afinfo *afinfo = PDE(inode)->data;
2134 struct tcp_iter_state *s;
2137 err = seq_open_net(inode, file, &afinfo->seq_ops,
2138 sizeof(struct tcp_iter_state));
2142 s = ((struct seq_file *)file->private_data)->private;
2143 s->family = afinfo->family;
2147 int tcp_proc_register(struct net *net, struct tcp_seq_afinfo *afinfo)
2150 struct proc_dir_entry *p;
2152 afinfo->seq_fops.open = tcp_seq_open;
2153 afinfo->seq_fops.read = seq_read;
2154 afinfo->seq_fops.llseek = seq_lseek;
2155 afinfo->seq_fops.release = seq_release_net;
2157 afinfo->seq_ops.start = tcp_seq_start;
2158 afinfo->seq_ops.next = tcp_seq_next;
2159 afinfo->seq_ops.stop = tcp_seq_stop;
2161 p = proc_create_data(afinfo->name, S_IRUGO, net->proc_net,
2162 &afinfo->seq_fops, afinfo);
2168 void tcp_proc_unregister(struct net *net, struct tcp_seq_afinfo *afinfo)
2170 proc_net_remove(net, afinfo->name);
2173 static void get_openreq4(struct sock *sk, struct request_sock *req,
2174 struct seq_file *f, int i, int uid, int *len)
2176 const struct inet_request_sock *ireq = inet_rsk(req);
2177 int ttd = req->expires - jiffies;
2179 seq_printf(f, "%4d: %08X:%04X %08X:%04X"
2180 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %u %d %p%n",
2183 ntohs(inet_sk(sk)->sport),
2185 ntohs(ireq->rmt_port),
2187 0, 0, /* could print option size, but that is af dependent. */
2188 1, /* timers active (only the expire timer) */
2189 jiffies_to_clock_t(ttd),
2192 0, /* non standard timer */
2193 0, /* open_requests have no inode */
2194 atomic_read(&sk->sk_refcnt),
2199 static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
2202 unsigned long timer_expires;
2203 struct tcp_sock *tp = tcp_sk(sk);
2204 const struct inet_connection_sock *icsk = inet_csk(sk);
2205 struct inet_sock *inet = inet_sk(sk);
2206 __be32 dest = inet->daddr;
2207 __be32 src = inet->rcv_saddr;
2208 __u16 destp = ntohs(inet->dport);
2209 __u16 srcp = ntohs(inet->sport);
2211 if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
2213 timer_expires = icsk->icsk_timeout;
2214 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2216 timer_expires = icsk->icsk_timeout;
2217 } else if (timer_pending(&sk->sk_timer)) {
2219 timer_expires = sk->sk_timer.expires;
2222 timer_expires = jiffies;
2225 seq_printf(f, "%4d: %08X:%04X %08X:%04X %02X %08X:%08X %02X:%08lX "
2226 "%08X %5d %8d %lu %d %p %lu %lu %u %u %d%n",
2227 i, src, srcp, dest, destp, sk->sk_state,
2228 tp->write_seq - tp->snd_una,
2229 sk->sk_state == TCP_LISTEN ? sk->sk_ack_backlog :
2230 (tp->rcv_nxt - tp->copied_seq),
2232 jiffies_to_clock_t(timer_expires - jiffies),
2233 icsk->icsk_retransmits,
2235 icsk->icsk_probes_out,
2237 atomic_read(&sk->sk_refcnt), sk,
2238 jiffies_to_clock_t(icsk->icsk_rto),
2239 jiffies_to_clock_t(icsk->icsk_ack.ato),
2240 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
2242 tp->snd_ssthresh >= 0xFFFF ? -1 : tp->snd_ssthresh,
2246 static void get_timewait4_sock(struct inet_timewait_sock *tw,
2247 struct seq_file *f, int i, int *len)
2251 int ttd = tw->tw_ttd - jiffies;
2256 dest = tw->tw_daddr;
2257 src = tw->tw_rcv_saddr;
2258 destp = ntohs(tw->tw_dport);
2259 srcp = ntohs(tw->tw_sport);
2261 seq_printf(f, "%4d: %08X:%04X %08X:%04X"
2262 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p%n",
2263 i, src, srcp, dest, destp, tw->tw_substate, 0, 0,
2264 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2265 atomic_read(&tw->tw_refcnt), tw, len);
2270 static int tcp4_seq_show(struct seq_file *seq, void *v)
2272 struct tcp_iter_state* st;
2275 if (v == SEQ_START_TOKEN) {
2276 seq_printf(seq, "%-*s\n", TMPSZ - 1,
2277 " sl local_address rem_address st tx_queue "
2278 "rx_queue tr tm->when retrnsmt uid timeout "
2284 switch (st->state) {
2285 case TCP_SEQ_STATE_LISTENING:
2286 case TCP_SEQ_STATE_ESTABLISHED:
2287 get_tcp4_sock(v, seq, st->num, &len);
2289 case TCP_SEQ_STATE_OPENREQ:
2290 get_openreq4(st->syn_wait_sk, v, seq, st->num, st->uid, &len);
2292 case TCP_SEQ_STATE_TIME_WAIT:
2293 get_timewait4_sock(v, seq, st->num, &len);
2296 seq_printf(seq, "%*s\n", TMPSZ - 1 - len, "");
2301 static struct tcp_seq_afinfo tcp4_seq_afinfo = {
2305 .owner = THIS_MODULE,
2308 .show = tcp4_seq_show,
2312 static int tcp4_proc_init_net(struct net *net)
2314 return tcp_proc_register(net, &tcp4_seq_afinfo);
2317 static void tcp4_proc_exit_net(struct net *net)
2319 tcp_proc_unregister(net, &tcp4_seq_afinfo);
2322 static struct pernet_operations tcp4_net_ops = {
2323 .init = tcp4_proc_init_net,
2324 .exit = tcp4_proc_exit_net,
2327 int __init tcp4_proc_init(void)
2329 return register_pernet_subsys(&tcp4_net_ops);
2332 void tcp4_proc_exit(void)
2334 unregister_pernet_subsys(&tcp4_net_ops);
2336 #endif /* CONFIG_PROC_FS */
2338 struct proto tcp_prot = {
2340 .owner = THIS_MODULE,
2342 .connect = tcp_v4_connect,
2343 .disconnect = tcp_disconnect,
2344 .accept = inet_csk_accept,
2346 .init = tcp_v4_init_sock,
2347 .destroy = tcp_v4_destroy_sock,
2348 .shutdown = tcp_shutdown,
2349 .setsockopt = tcp_setsockopt,
2350 .getsockopt = tcp_getsockopt,
2351 .recvmsg = tcp_recvmsg,
2352 .backlog_rcv = tcp_v4_do_rcv,
2354 .unhash = inet_unhash,
2355 .get_port = inet_csk_get_port,
2356 .enter_memory_pressure = tcp_enter_memory_pressure,
2357 .sockets_allocated = &tcp_sockets_allocated,
2358 .orphan_count = &tcp_orphan_count,
2359 .memory_allocated = &tcp_memory_allocated,
2360 .memory_pressure = &tcp_memory_pressure,
2361 .sysctl_mem = sysctl_tcp_mem,
2362 .sysctl_wmem = sysctl_tcp_wmem,
2363 .sysctl_rmem = sysctl_tcp_rmem,
2364 .max_header = MAX_TCP_HEADER,
2365 .obj_size = sizeof(struct tcp_sock),
2366 .twsk_prot = &tcp_timewait_sock_ops,
2367 .rsk_prot = &tcp_request_sock_ops,
2368 .h.hashinfo = &tcp_hashinfo,
2369 #ifdef CONFIG_COMPAT
2370 .compat_setsockopt = compat_tcp_setsockopt,
2371 .compat_getsockopt = compat_tcp_getsockopt,
2376 static int __net_init tcp_sk_init(struct net *net)
2378 return inet_ctl_sock_create(&net->ipv4.tcp_sock,
2379 PF_INET, SOCK_RAW, IPPROTO_TCP, net);
2382 static void __net_exit tcp_sk_exit(struct net *net)
2384 inet_ctl_sock_destroy(net->ipv4.tcp_sock);
2387 static struct pernet_operations __net_initdata tcp_sk_ops = {
2388 .init = tcp_sk_init,
2389 .exit = tcp_sk_exit,
2392 void __init tcp_v4_init(void)
2394 if (register_pernet_device(&tcp_sk_ops))
2395 panic("Failed to create the TCP control socket.\n");
2398 EXPORT_SYMBOL(ipv4_specific);
2399 EXPORT_SYMBOL(tcp_hashinfo);
2400 EXPORT_SYMBOL(tcp_prot);
2401 EXPORT_SYMBOL(tcp_v4_conn_request);
2402 EXPORT_SYMBOL(tcp_v4_connect);
2403 EXPORT_SYMBOL(tcp_v4_do_rcv);
2404 EXPORT_SYMBOL(tcp_v4_remember_stamp);
2405 EXPORT_SYMBOL(tcp_v4_send_check);
2406 EXPORT_SYMBOL(tcp_v4_syn_recv_sock);
2408 #ifdef CONFIG_PROC_FS
2409 EXPORT_SYMBOL(tcp_proc_register);
2410 EXPORT_SYMBOL(tcp_proc_unregister);
2412 EXPORT_SYMBOL(sysctl_tcp_low_latency);
projects / linux-2.6 / blob