Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/net/ipv4/syncookies.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  *  Syncookies implementation for the Linux kernel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  *  Copyright (C) 1997 Andi Kleen
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  *  Based on ideas by D.J.Bernstein and Eric Schenk.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9) #include <linux/tcp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) #include <linux/random.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) #include <linux/siphash.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) #include <linux/kernel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) #include <linux/export.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) #include <net/secure_seq.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) #include <net/tcp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) #include <net/route.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) static siphash_key_t syncookie_secret[2] __read_mostly;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) #define COOKIEBITS 24	/* Upper bits store count */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) #define COOKIEMASK (((__u32)1 << COOKIEBITS) - 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) /* TCP Timestamp: 6 lowest bits of timestamp sent in the cookie SYN-ACK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25)  * stores TCP options:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27)  * MSB                               LSB
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28)  * | 31 ...   6 |  5  |  4   | 3 2 1 0 |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29)  * |  Timestamp | ECN | SACK | WScale  |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31)  * When we receive a valid cookie-ACK, we look at the echoed tsval (if
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32)  * any) to figure out which TCP options we should use for the rebuilt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33)  * connection.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35)  * A WScale setting of '0xf' (which is an invalid scaling value)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36)  * means that original syn did not include the TCP window scaling option.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) #define TS_OPT_WSCALE_MASK	0xf
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) #define TS_OPT_SACK		BIT(4)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) #define TS_OPT_ECN		BIT(5)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) /* There is no TS_OPT_TIMESTAMP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42)  * if ACK contains timestamp option, we already know it was
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43)  * requested/supported by the syn/synack exchange.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) #define TSBITS	6
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) #define TSMASK	(((__u32)1 << TSBITS) - 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) static u32 cookie_hash(__be32 saddr, __be32 daddr, __be16 sport, __be16 dport,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) 		       u32 count, int c)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) 	net_get_random_once(syncookie_secret, sizeof(syncookie_secret));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) 	return siphash_4u32((__force u32)saddr, (__force u32)daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) 			    (__force u32)sport << 16 | (__force u32)dport,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) 			    count, &syncookie_secret[c]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59)  * when syncookies are in effect and tcp timestamps are enabled we encode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60)  * tcp options in the lower bits of the timestamp value that will be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61)  * sent in the syn-ack.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62)  * Since subsequent timestamps use the normal tcp_time_stamp value, we
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63)  * must make sure that the resulting initial timestamp is <= tcp_time_stamp.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) u64 cookie_init_timestamp(struct request_sock *req, u64 now)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) 	struct inet_request_sock *ireq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) 	u32 ts, ts_now = tcp_ns_to_ts(now);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) 	u32 options = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) 	ireq = inet_rsk(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) 	options = ireq->wscale_ok ? ireq->snd_wscale : TS_OPT_WSCALE_MASK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 	if (ireq->sack_ok)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) 		options |= TS_OPT_SACK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 	if (ireq->ecn_ok)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 		options |= TS_OPT_ECN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 	ts = ts_now & ~TSMASK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) 	ts |= options;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) 	if (ts > ts_now) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) 		ts >>= TSBITS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) 		ts--;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 		ts <<= TSBITS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 		ts |= options;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 	return (u64)ts * (NSEC_PER_SEC / TCP_TS_HZ);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) static __u32 secure_tcp_syn_cookie(__be32 saddr, __be32 daddr, __be16 sport,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 				   __be16 dport, __u32 sseq, __u32 data)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 	 * Compute the secure sequence number.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 	 * The output should be:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 	 *   HASH(sec1,saddr,sport,daddr,dport,sec1) + sseq + (count * 2^24)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 	 *      + (HASH(sec2,saddr,sport,daddr,dport,count,sec2) % 2^24).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 	 * Where sseq is their sequence number and count increases every
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 	 * minute by 1.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 	 * As an extra hack, we add a small "data" value that encodes the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 	 * MSS into the second hash value.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 	u32 count = tcp_cookie_time();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) 	return (cookie_hash(saddr, daddr, sport, dport, 0, 0) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 		sseq + (count << COOKIEBITS) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) 		((cookie_hash(saddr, daddr, sport, dport, count, 1) + data)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 		 & COOKIEMASK));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112)  * This retrieves the small "data" value from the syncookie.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113)  * If the syncookie is bad, the data returned will be out of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114)  * range.  This must be checked by the caller.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116)  * The count value used to generate the cookie must be less than
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117)  * MAX_SYNCOOKIE_AGE minutes in the past.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118)  * The return value (__u32)-1 if this test fails.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) static __u32 check_tcp_syn_cookie(__u32 cookie, __be32 saddr, __be32 daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 				  __be16 sport, __be16 dport, __u32 sseq)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) 	u32 diff, count = tcp_cookie_time();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) 	/* Strip away the layers from the cookie */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) 	cookie -= cookie_hash(saddr, daddr, sport, dport, 0, 0) + sseq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) 	/* Cookie is now reduced to (count * 2^24) ^ (hash % 2^24) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) 	diff = (count - (cookie >> COOKIEBITS)) & ((__u32) -1 >> COOKIEBITS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) 	if (diff >= MAX_SYNCOOKIE_AGE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 		return (__u32)-1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) 	return (cookie -
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 		cookie_hash(saddr, daddr, sport, dport, count - diff, 1))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 		& COOKIEMASK;	/* Leaving the data behind */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139)  * MSS Values are chosen based on the 2011 paper
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140)  * 'An Analysis of TCP Maximum Segement Sizes' by S. Alcock and R. Nelson.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141)  * Values ..
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142)  *  .. lower than 536 are rare (< 0.2%)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143)  *  .. between 537 and 1299 account for less than < 1.5% of observed values
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144)  *  .. in the 1300-1349 range account for about 15 to 20% of observed mss values
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145)  *  .. exceeding 1460 are very rare (< 0.04%)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147)  *  1460 is the single most frequently announced mss value (30 to 46% depending
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148)  *  on monitor location).  Table must be sorted.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) static __u16 const msstab[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 	536,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) 	1300,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 	1440,	/* 1440, 1452: PPPoE */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) 	1460,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158)  * Generate a syncookie.  mssp points to the mss, which is returned
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159)  * rounded down to the value encoded in the cookie.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) u32 __cookie_v4_init_sequence(const struct iphdr *iph, const struct tcphdr *th,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 			      u16 *mssp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 	int mssind;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) 	const __u16 mss = *mssp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) 	for (mssind = ARRAY_SIZE(msstab) - 1; mssind ; mssind--)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) 		if (mss >= msstab[mssind])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) 	*mssp = msstab[mssind];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) 	return secure_tcp_syn_cookie(iph->saddr, iph->daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) 				     th->source, th->dest, ntohl(th->seq),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) 				     mssind);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) EXPORT_SYMBOL_GPL(__cookie_v4_init_sequence);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) __u32 cookie_v4_init_sequence(const struct sk_buff *skb, __u16 *mssp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) 	const struct iphdr *iph = ip_hdr(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) 	const struct tcphdr *th = tcp_hdr(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) 	return __cookie_v4_init_sequence(iph, th, mssp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187)  * Check if a ack sequence number is a valid syncookie.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188)  * Return the decoded mss if it is, or 0 if not.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) int __cookie_v4_check(const struct iphdr *iph, const struct tcphdr *th,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) 		      u32 cookie)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) 	__u32 seq = ntohl(th->seq) - 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) 	__u32 mssind = check_tcp_syn_cookie(cookie, iph->saddr, iph->daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) 					    th->source, th->dest, seq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) 	return mssind < ARRAY_SIZE(msstab) ? msstab[mssind] : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) EXPORT_SYMBOL_GPL(__cookie_v4_check);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) struct sock *tcp_get_cookie_sock(struct sock *sk, struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) 				 struct request_sock *req,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) 				 struct dst_entry *dst, u32 tsoff)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) 	struct inet_connection_sock *icsk = inet_csk(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) 	struct sock *child;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) 	bool own_req;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) 	child = icsk->icsk_af_ops->syn_recv_sock(sk, skb, req, dst,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) 						 NULL, &own_req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) 	if (child) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) 		refcount_set(&req->rsk_refcnt, 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) 		tcp_sk(child)->tsoffset = tsoff;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) 		sock_rps_save_rxhash(child, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) 		if (rsk_drop_req(req)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) 			reqsk_put(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) 			return child;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) 		if (inet_csk_reqsk_queue_add(sk, req, child))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) 			return child;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) 		bh_unlock_sock(child);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) 		sock_put(child);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) 	__reqsk_free(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) 	return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) EXPORT_SYMBOL(tcp_get_cookie_sock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234)  * when syncookies are in effect and tcp timestamps are enabled we stored
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235)  * additional tcp options in the timestamp.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236)  * This extracts these options from the timestamp echo.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238)  * return false if we decode a tcp option that is disabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239)  * on the host.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) bool cookie_timestamp_decode(const struct net *net,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) 			     struct tcp_options_received *tcp_opt)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) 	/* echoed timestamp, lowest bits contain options */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) 	u32 options = tcp_opt->rcv_tsecr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) 	if (!tcp_opt->saw_tstamp)  {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) 		tcp_clear_options(tcp_opt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) 		return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) 	if (!net->ipv4.sysctl_tcp_timestamps)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) 		return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) 	tcp_opt->sack_ok = (options & TS_OPT_SACK) ? TCP_SACK_SEEN : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) 	if (tcp_opt->sack_ok && !net->ipv4.sysctl_tcp_sack)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) 		return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) 	if ((options & TS_OPT_WSCALE_MASK) == TS_OPT_WSCALE_MASK)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) 		return true; /* no window scaling */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) 	tcp_opt->wscale_ok = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) 	tcp_opt->snd_wscale = options & TS_OPT_WSCALE_MASK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) 	return net->ipv4.sysctl_tcp_window_scaling != 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) EXPORT_SYMBOL(cookie_timestamp_decode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) bool cookie_ecn_ok(const struct tcp_options_received *tcp_opt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) 		   const struct net *net, const struct dst_entry *dst)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) 	bool ecn_ok = tcp_opt->rcv_tsecr & TS_OPT_ECN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) 	if (!ecn_ok)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) 		return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) 	if (net->ipv4.sysctl_tcp_ecn)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) 		return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) 	return dst_feature(dst, RTAX_FEATURE_ECN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) EXPORT_SYMBOL(cookie_ecn_ok);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) struct request_sock *cookie_tcp_reqsk_alloc(const struct request_sock_ops *ops,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) 					    struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) 					    struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) 	struct tcp_request_sock *treq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) 	struct request_sock *req;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) #ifdef CONFIG_MPTCP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) 	if (sk_is_mptcp(sk))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) 		ops = &mptcp_subflow_request_sock_ops;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) 	req = inet_reqsk_alloc(ops, sk, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) 	if (!req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) 		return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) 	treq = tcp_rsk(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) 	treq->syn_tos = TCP_SKB_CB(skb)->ip_dsfield;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) #if IS_ENABLED(CONFIG_MPTCP)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) 	treq->is_mptcp = sk_is_mptcp(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) 	if (treq->is_mptcp) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) 		int err = mptcp_subflow_init_cookie_req(req, sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) 		if (err) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) 			reqsk_free(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) 			return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) 	return req;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) EXPORT_SYMBOL_GPL(cookie_tcp_reqsk_alloc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) /* On input, sk is a listener.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320)  * Output is listener if incoming packet would not create a child
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321)  *           NULL if memory could not be allocated.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) 	struct ip_options *opt = &TCP_SKB_CB(skb)->header.h4.opt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) 	struct tcp_options_received tcp_opt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) 	struct inet_request_sock *ireq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) 	struct tcp_request_sock *treq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) 	struct tcp_sock *tp = tcp_sk(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) 	const struct tcphdr *th = tcp_hdr(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) 	__u32 cookie = ntohl(th->ack_seq) - 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) 	struct sock *ret = sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) 	struct request_sock *req;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) 	int full_space, mss;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) 	struct rtable *rt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) 	__u8 rcv_wscale;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) 	struct flowi4 fl4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) 	u32 tsoff = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) 	if (!sock_net(sk)->ipv4.sysctl_tcp_syncookies || !th->ack || th->rst)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) 	if (tcp_synq_no_recent_overflow(sk))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) 	mss = __cookie_v4_check(ip_hdr(skb), th, cookie);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) 	if (mss == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) 		__NET_INC_STATS(sock_net(sk), LINUX_MIB_SYNCOOKIESFAILED);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) 	__NET_INC_STATS(sock_net(sk), LINUX_MIB_SYNCOOKIESRECV);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) 	/* check for timestamp cookie support */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) 	memset(&tcp_opt, 0, sizeof(tcp_opt));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) 	tcp_parse_options(sock_net(sk), skb, &tcp_opt, 0, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) 	if (tcp_opt.saw_tstamp && tcp_opt.rcv_tsecr) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) 		tsoff = secure_tcp_ts_off(sock_net(sk),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) 					  ip_hdr(skb)->daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) 					  ip_hdr(skb)->saddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) 		tcp_opt.rcv_tsecr -= tsoff;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) 	if (!cookie_timestamp_decode(sock_net(sk), &tcp_opt))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) 	ret = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) 	req = cookie_tcp_reqsk_alloc(&tcp_request_sock_ops, sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) 	if (!req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) 	ireq = inet_rsk(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) 	treq = tcp_rsk(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) 	treq->rcv_isn		= ntohl(th->seq) - 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) 	treq->snt_isn		= cookie;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) 	treq->ts_off		= 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) 	treq->txhash		= net_tx_rndhash();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) 	req->mss		= mss;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) 	ireq->ir_num		= ntohs(th->dest);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) 	ireq->ir_rmt_port	= th->source;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) 	sk_rcv_saddr_set(req_to_sk(req), ip_hdr(skb)->daddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) 	sk_daddr_set(req_to_sk(req), ip_hdr(skb)->saddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) 	ireq->ir_mark		= inet_request_mark(sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) 	ireq->snd_wscale	= tcp_opt.snd_wscale;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) 	ireq->sack_ok		= tcp_opt.sack_ok;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) 	ireq->wscale_ok		= tcp_opt.wscale_ok;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) 	ireq->tstamp_ok		= tcp_opt.saw_tstamp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) 	req->ts_recent		= tcp_opt.saw_tstamp ? tcp_opt.rcv_tsval : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) 	treq->snt_synack	= 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) 	treq->tfo_listener	= false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) 	if (IS_ENABLED(CONFIG_SMC))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) 		ireq->smc_ok = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) 	ireq->ir_iif = inet_request_bound_dev_if(sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) 	/* We throwed the options of the initial SYN away, so we hope
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) 	 * the ACK carries the same options again (see RFC1122 4.2.3.8)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) 	RCU_INIT_POINTER(ireq->ireq_opt, tcp_v4_save_options(sock_net(sk), skb));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403) 	if (security_inet_conn_request(sk, skb, req)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) 		reqsk_free(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) 	req->num_retrans = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) 	 * We need to lookup the route here to get at the correct
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) 	 * window size. We should better make sure that the window size
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) 	 * hasn't changed since we received the original syn, but I see
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) 	 * no easy way to do this.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) 	flowi4_init_output(&fl4, ireq->ir_iif, ireq->ir_mark,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) 			   RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, IPPROTO_TCP,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) 			   inet_sk_flowi_flags(sk),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) 			   opt->srr ? opt->faddr : ireq->ir_rmt_addr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) 			   ireq->ir_loc_addr, th->source, th->dest, sk->sk_uid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) 	security_req_classify_flow(req, flowi4_to_flowi(&fl4));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422) 	rt = ip_route_output_key(sock_net(sk), &fl4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) 	if (IS_ERR(rt)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) 		reqsk_free(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) 	/* Try to redo what tcp_v4_send_synack did. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) 	req->rsk_window_clamp = tp->window_clamp ? :dst_metric(&rt->dst, RTAX_WINDOW);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) 	/* limit the window selection if the user enforce a smaller rx buffer */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) 	full_space = tcp_full_space(sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) 	if (sk->sk_userlocks & SOCK_RCVBUF_LOCK &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) 	    (req->rsk_window_clamp > full_space || req->rsk_window_clamp == 0))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) 		req->rsk_window_clamp = full_space;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) 	tcp_select_initial_window(sk, full_space, req->mss,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) 				  &req->rsk_rcv_wnd, &req->rsk_window_clamp,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) 				  ireq->wscale_ok, &rcv_wscale,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439) 				  dst_metric(&rt->dst, RTAX_INITRWND));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) 	ireq->rcv_wscale  = rcv_wscale;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) 	ireq->ecn_ok = cookie_ecn_ok(&tcp_opt, sock_net(sk), &rt->dst);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) 	ret = tcp_get_cookie_sock(sk, skb, req, &rt->dst, tsoff);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) 	/* ip_queue_xmit() depends on our flow being setup
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446) 	 * Normal sockets get it right from inet_csk_route_child_sock()
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) 	if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) 		inet_sk(ret)->cork.fl.u.ip4 = fl4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) out:	return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) }
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.