34925f089e0767e987d5644a8a320d49bfab9eee
[linux-2.6.git] / net / ipv6 / tcp_ipv6.c
1 /*
2  *      TCP over IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *
8  *      Based on:
9  *      linux/net/ipv4/tcp.c
10  *      linux/net/ipv4/tcp_input.c
11  *      linux/net/ipv4/tcp_output.c
12  *
13  *      Fixes:
14  *      Hideaki YOSHIFUJI       :       sin6_scope_id support
15  *      YOSHIFUJI Hideaki @USAGI and:   Support IPV6_V6ONLY socket option, which
16  *      Alexey Kuznetsov                allow both IPv4 and IPv6 sockets to bind
17  *                                      a single port at the same time.
18  *      YOSHIFUJI Hideaki @USAGI:       convert /proc/net/tcp6 to seq_file.
19  *
20  *      This program is free software; you can redistribute it and/or
21  *      modify it under the terms of the GNU General Public License
22  *      as published by the Free Software Foundation; either version
23  *      2 of the License, or (at your option) any later version.
24  */
25
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
34 #include <linux/in.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
41
42 #include <linux/ipv6.h>
43 #include <linux/icmpv6.h>
44 #include <linux/random.h>
45
46 #include <net/tcp.h>
47 #include <net/ndisc.h>
48 #include <net/inet6_hashtables.h>
49 #include <net/inet6_connection_sock.h>
50 #include <net/ipv6.h>
51 #include <net/transp_v6.h>
52 #include <net/addrconf.h>
53 #include <net/ip6_route.h>
54 #include <net/ip6_checksum.h>
55 #include <net/inet_ecn.h>
56 #include <net/protocol.h>
57 #include <net/xfrm.h>
58 #include <net/snmp.h>
59 #include <net/dsfield.h>
60 #include <net/timewait_sock.h>
61 #include <net/netdma.h>
62 #include <net/inet_common.h>
63
64 #include <asm/uaccess.h>
65
66 #include <linux/proc_fs.h>
67 #include <linux/seq_file.h>
68
69 #include <linux/crypto.h>
70 #include <linux/scatterlist.h>
71
72 static void     tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
73 static void     tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
74                                       struct request_sock *req);
75
76 static int      tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
77
78 static const struct inet_connection_sock_af_ops ipv6_mapped;
79 static const struct inet_connection_sock_af_ops ipv6_specific;
80 #ifdef CONFIG_TCP_MD5SIG
81 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
82 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
83 #else
84 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
85                                                    struct in6_addr *addr)
86 {
87         return NULL;
88 }
89 #endif
90
91 static void tcp_v6_hash(struct sock *sk)
92 {
93         if (sk->sk_state != TCP_CLOSE) {
94                 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
95                         tcp_prot.hash(sk);
96                         return;
97                 }
98                 local_bh_disable();
99                 __inet6_hash(sk);
100                 local_bh_enable();
101         }
102 }
103
104 static __inline__ __sum16 tcp_v6_check(int len,
105                                    struct in6_addr *saddr,
106                                    struct in6_addr *daddr,
107                                    __wsum base)
108 {
109         return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
110 }
111
112 static __u32 tcp_v6_init_sequence(struct sk_buff *skb)
113 {
114         return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
115                                             ipv6_hdr(skb)->saddr.s6_addr32,
116                                             tcp_hdr(skb)->dest,
117                                             tcp_hdr(skb)->source);
118 }
119
120 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
121                           int addr_len)
122 {
123         struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
124         struct inet_sock *inet = inet_sk(sk);
125         struct inet_connection_sock *icsk = inet_csk(sk);
126         struct ipv6_pinfo *np = inet6_sk(sk);
127         struct tcp_sock *tp = tcp_sk(sk);
128         struct in6_addr *saddr = NULL, *final_p = NULL, final;
129         struct flowi fl;
130         struct dst_entry *dst;
131         int addr_type;
132         int err;
133
134         if (addr_len < SIN6_LEN_RFC2133)
135                 return -EINVAL;
136
137         if (usin->sin6_family != AF_INET6)
138                 return(-EAFNOSUPPORT);
139
140         memset(&fl, 0, sizeof(fl));
141
142         if (np->sndflow) {
143                 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
144                 IP6_ECN_flow_init(fl.fl6_flowlabel);
145                 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
146                         struct ip6_flowlabel *flowlabel;
147                         flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
148                         if (flowlabel == NULL)
149                                 return -EINVAL;
150                         ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
151                         fl6_sock_release(flowlabel);
152                 }
153         }
154
155         /*
156          *      connect() to INADDR_ANY means loopback (BSD'ism).
157          */
158
159         if(ipv6_addr_any(&usin->sin6_addr))
160                 usin->sin6_addr.s6_addr[15] = 0x1;
161
162         addr_type = ipv6_addr_type(&usin->sin6_addr);
163
164         if(addr_type & IPV6_ADDR_MULTICAST)
165                 return -ENETUNREACH;
166
167         if (addr_type&IPV6_ADDR_LINKLOCAL) {
168                 if (addr_len >= sizeof(struct sockaddr_in6) &&
169                     usin->sin6_scope_id) {
170                         /* If interface is set while binding, indices
171                          * must coincide.
172                          */
173                         if (sk->sk_bound_dev_if &&
174                             sk->sk_bound_dev_if != usin->sin6_scope_id)
175                                 return -EINVAL;
176
177                         sk->sk_bound_dev_if = usin->sin6_scope_id;
178                 }
179
180                 /* Connect to link-local address requires an interface */
181                 if (!sk->sk_bound_dev_if)
182                         return -EINVAL;
183         }
184
185         if (tp->rx_opt.ts_recent_stamp &&
186             !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
187                 tp->rx_opt.ts_recent = 0;
188                 tp->rx_opt.ts_recent_stamp = 0;
189                 tp->write_seq = 0;
190         }
191
192         ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
193         np->flow_label = fl.fl6_flowlabel;
194
195         /*
196          *      TCP over IPv4
197          */
198
199         if (addr_type == IPV6_ADDR_MAPPED) {
200                 u32 exthdrlen = icsk->icsk_ext_hdr_len;
201                 struct sockaddr_in sin;
202
203                 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
204
205                 if (__ipv6_only_sock(sk))
206                         return -ENETUNREACH;
207
208                 sin.sin_family = AF_INET;
209                 sin.sin_port = usin->sin6_port;
210                 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
211
212                 icsk->icsk_af_ops = &ipv6_mapped;
213                 sk->sk_backlog_rcv = tcp_v4_do_rcv;
214 #ifdef CONFIG_TCP_MD5SIG
215                 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
216 #endif
217
218                 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
219
220                 if (err) {
221                         icsk->icsk_ext_hdr_len = exthdrlen;
222                         icsk->icsk_af_ops = &ipv6_specific;
223                         sk->sk_backlog_rcv = tcp_v6_do_rcv;
224 #ifdef CONFIG_TCP_MD5SIG
225                         tp->af_specific = &tcp_sock_ipv6_specific;
226 #endif
227                         goto failure;
228                 } else {
229                         ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr);
230                         ipv6_addr_set_v4mapped(inet->inet_rcv_saddr,
231                                                &np->rcv_saddr);
232                 }
233
234                 return err;
235         }
236
237         if (!ipv6_addr_any(&np->rcv_saddr))
238                 saddr = &np->rcv_saddr;
239
240         fl.proto = IPPROTO_TCP;
241         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
242         ipv6_addr_copy(&fl.fl6_src,
243                        (saddr ? saddr : &np->saddr));
244         fl.oif = sk->sk_bound_dev_if;
245         fl.mark = sk->sk_mark;
246         fl.fl_ip_dport = usin->sin6_port;
247         fl.fl_ip_sport = inet->inet_sport;
248
249         if (np->opt && np->opt->srcrt) {
250                 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
251                 ipv6_addr_copy(&final, &fl.fl6_dst);
252                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
253                 final_p = &final;
254         }
255
256         security_sk_classify_flow(sk, &fl);
257
258         err = ip6_dst_lookup(sk, &dst, &fl);
259         if (err)
260                 goto failure;
261         if (final_p)
262                 ipv6_addr_copy(&fl.fl6_dst, final_p);
263
264         err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
265         if (err < 0) {
266                 if (err == -EREMOTE)
267                         err = ip6_dst_blackhole(sk, &dst, &fl);
268                 if (err < 0)
269                         goto failure;
270         }
271
272         if (saddr == NULL) {
273                 saddr = &fl.fl6_src;
274                 ipv6_addr_copy(&np->rcv_saddr, saddr);
275         }
276
277         /* set the source address */
278         ipv6_addr_copy(&np->saddr, saddr);
279         inet->inet_rcv_saddr = LOOPBACK4_IPV6;
280
281         sk->sk_gso_type = SKB_GSO_TCPV6;
282         __ip6_dst_store(sk, dst, NULL, NULL);
283
284         icsk->icsk_ext_hdr_len = 0;
285         if (np->opt)
286                 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
287                                           np->opt->opt_nflen);
288
289         tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
290
291         inet->inet_dport = usin->sin6_port;
292
293         tcp_set_state(sk, TCP_SYN_SENT);
294         err = inet6_hash_connect(&tcp_death_row, sk);
295         if (err)
296                 goto late_failure;
297
298         if (!tp->write_seq)
299                 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
300                                                              np->daddr.s6_addr32,
301                                                              inet->inet_sport,
302                                                              inet->inet_dport);
303
304         err = tcp_connect(sk);
305         if (err)
306                 goto late_failure;
307
308         return 0;
309
310 late_failure:
311         tcp_set_state(sk, TCP_CLOSE);
312         __sk_dst_reset(sk);
313 failure:
314         inet->inet_dport = 0;
315         sk->sk_route_caps = 0;
316         return err;
317 }
318
319 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
320                 u8 type, u8 code, int offset, __be32 info)
321 {
322         struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
323         const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
324         struct ipv6_pinfo *np;
325         struct sock *sk;
326         int err;
327         struct tcp_sock *tp;
328         __u32 seq;
329         struct net *net = dev_net(skb->dev);
330
331         sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr,
332                         th->dest, &hdr->saddr, th->source, skb->dev->ifindex);
333
334         if (sk == NULL) {
335                 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev),
336                                    ICMP6_MIB_INERRORS);
337                 return;
338         }
339
340         if (sk->sk_state == TCP_TIME_WAIT) {
341                 inet_twsk_put(inet_twsk(sk));
342                 return;
343         }
344
345         bh_lock_sock(sk);
346         if (sock_owned_by_user(sk))
347                 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
348
349         if (sk->sk_state == TCP_CLOSE)
350                 goto out;
351
352         tp = tcp_sk(sk);
353         seq = ntohl(th->seq);
354         if (sk->sk_state != TCP_LISTEN &&
355             !between(seq, tp->snd_una, tp->snd_nxt)) {
356                 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
357                 goto out;
358         }
359
360         np = inet6_sk(sk);
361
362         if (type == ICMPV6_PKT_TOOBIG) {
363                 struct dst_entry *dst = NULL;
364
365                 if (sock_owned_by_user(sk))
366                         goto out;
367                 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
368                         goto out;
369
370                 /* icmp should have updated the destination cache entry */
371                 dst = __sk_dst_check(sk, np->dst_cookie);
372
373                 if (dst == NULL) {
374                         struct inet_sock *inet = inet_sk(sk);
375                         struct flowi fl;
376
377                         /* BUGGG_FUTURE: Again, it is not clear how
378                            to handle rthdr case. Ignore this complexity
379                            for now.
380                          */
381                         memset(&fl, 0, sizeof(fl));
382                         fl.proto = IPPROTO_TCP;
383                         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
384                         ipv6_addr_copy(&fl.fl6_src, &np->saddr);
385                         fl.oif = sk->sk_bound_dev_if;
386                         fl.mark = sk->sk_mark;
387                         fl.fl_ip_dport = inet->inet_dport;
388                         fl.fl_ip_sport = inet->inet_sport;
389                         security_skb_classify_flow(skb, &fl);
390
391                         if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
392                                 sk->sk_err_soft = -err;
393                                 goto out;
394                         }
395
396                         if ((err = xfrm_lookup(net, &dst, &fl, sk, 0)) < 0) {
397                                 sk->sk_err_soft = -err;
398                                 goto out;
399                         }
400
401                 } else
402                         dst_hold(dst);
403
404                 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
405                         tcp_sync_mss(sk, dst_mtu(dst));
406                         tcp_simple_retransmit(sk);
407                 } /* else let the usual retransmit timer handle it */
408                 dst_release(dst);
409                 goto out;
410         }
411
412         icmpv6_err_convert(type, code, &err);
413
414         /* Might be for an request_sock */
415         switch (sk->sk_state) {
416                 struct request_sock *req, **prev;
417         case TCP_LISTEN:
418                 if (sock_owned_by_user(sk))
419                         goto out;
420
421                 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
422                                            &hdr->saddr, inet6_iif(skb));
423                 if (!req)
424                         goto out;
425
426                 /* ICMPs are not backlogged, hence we cannot get
427                  * an established socket here.
428                  */
429                 WARN_ON(req->sk != NULL);
430
431                 if (seq != tcp_rsk(req)->snt_isn) {
432                         NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
433                         goto out;
434                 }
435
436                 inet_csk_reqsk_queue_drop(sk, req, prev);
437                 goto out;
438
439         case TCP_SYN_SENT:
440         case TCP_SYN_RECV:  /* Cannot happen.
441                                It can, it SYNs are crossed. --ANK */
442                 if (!sock_owned_by_user(sk)) {
443                         sk->sk_err = err;
444                         sk->sk_error_report(sk);                /* Wake people up to see the error (see connect in sock.c) */
445
446                         tcp_done(sk);
447                 } else
448                         sk->sk_err_soft = err;
449                 goto out;
450         }
451
452         if (!sock_owned_by_user(sk) && np->recverr) {
453                 sk->sk_err = err;
454                 sk->sk_error_report(sk);
455         } else
456                 sk->sk_err_soft = err;
457
458 out:
459         bh_unlock_sock(sk);
460         sock_put(sk);
461 }
462
463
464 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req)
465 {
466         struct inet6_request_sock *treq = inet6_rsk(req);
467         struct ipv6_pinfo *np = inet6_sk(sk);
468         struct sk_buff * skb;
469         struct ipv6_txoptions *opt = NULL;
470         struct in6_addr * final_p = NULL, final;
471         struct flowi fl;
472         struct dst_entry *dst;
473         int err = -1;
474
475         memset(&fl, 0, sizeof(fl));
476         fl.proto = IPPROTO_TCP;
477         ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
478         ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
479         fl.fl6_flowlabel = 0;
480         fl.oif = treq->iif;
481         fl.mark = sk->sk_mark;
482         fl.fl_ip_dport = inet_rsk(req)->rmt_port;
483         fl.fl_ip_sport = inet_rsk(req)->loc_port;
484         security_req_classify_flow(req, &fl);
485
486         opt = np->opt;
487         if (opt && opt->srcrt) {
488                 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
489                 ipv6_addr_copy(&final, &fl.fl6_dst);
490                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
491                 final_p = &final;
492         }
493
494         err = ip6_dst_lookup(sk, &dst, &fl);
495         if (err)
496                 goto done;
497         if (final_p)
498                 ipv6_addr_copy(&fl.fl6_dst, final_p);
499         if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
500                 goto done;
501
502         skb = tcp_make_synack(sk, dst, req);
503         if (skb) {
504                 struct tcphdr *th = tcp_hdr(skb);
505
506                 th->check = tcp_v6_check(skb->len,
507                                          &treq->loc_addr, &treq->rmt_addr,
508                                          csum_partial(th, skb->len, skb->csum));
509
510                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
511                 err = ip6_xmit(sk, skb, &fl, opt, 0);
512                 err = net_xmit_eval(err);
513         }
514
515 done:
516         if (opt && opt != np->opt)
517                 sock_kfree_s(sk, opt, opt->tot_len);
518         dst_release(dst);
519         return err;
520 }
521
522 static inline void syn_flood_warning(struct sk_buff *skb)
523 {
524 #ifdef CONFIG_SYN_COOKIES
525         if (sysctl_tcp_syncookies)
526                 printk(KERN_INFO
527                        "TCPv6: Possible SYN flooding on port %d. "
528                        "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest));
529         else
530 #endif
531                 printk(KERN_INFO
532                        "TCPv6: Possible SYN flooding on port %d. "
533                        "Dropping request.\n", ntohs(tcp_hdr(skb)->dest));
534 }
535
536 static void tcp_v6_reqsk_destructor(struct request_sock *req)
537 {
538         kfree_skb(inet6_rsk(req)->pktopts);
539 }
540
541 #ifdef CONFIG_TCP_MD5SIG
542 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
543                                                    struct in6_addr *addr)
544 {
545         struct tcp_sock *tp = tcp_sk(sk);
546         int i;
547
548         BUG_ON(tp == NULL);
549
550         if (!tp->md5sig_info || !tp->md5sig_info->entries6)
551                 return NULL;
552
553         for (i = 0; i < tp->md5sig_info->entries6; i++) {
554                 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr))
555                         return &tp->md5sig_info->keys6[i].base;
556         }
557         return NULL;
558 }
559
560 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
561                                                 struct sock *addr_sk)
562 {
563         return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
564 }
565
566 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
567                                                       struct request_sock *req)
568 {
569         return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
570 }
571
572 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
573                              char *newkey, u8 newkeylen)
574 {
575         /* Add key to the list */
576         struct tcp_md5sig_key *key;
577         struct tcp_sock *tp = tcp_sk(sk);
578         struct tcp6_md5sig_key *keys;
579
580         key = tcp_v6_md5_do_lookup(sk, peer);
581         if (key) {
582                 /* modify existing entry - just update that one */
583                 kfree(key->key);
584                 key->key = newkey;
585                 key->keylen = newkeylen;
586         } else {
587                 /* reallocate new list if current one is full. */
588                 if (!tp->md5sig_info) {
589                         tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC);
590                         if (!tp->md5sig_info) {
591                                 kfree(newkey);
592                                 return -ENOMEM;
593                         }
594                         sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
595                 }
596                 if (tcp_alloc_md5sig_pool(sk) == NULL) {
597                         kfree(newkey);
598                         return -ENOMEM;
599                 }
600                 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) {
601                         keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) *
602                                        (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
603
604                         if (!keys) {
605                                 tcp_free_md5sig_pool();
606                                 kfree(newkey);
607                                 return -ENOMEM;
608                         }
609
610                         if (tp->md5sig_info->entries6)
611                                 memmove(keys, tp->md5sig_info->keys6,
612                                         (sizeof (tp->md5sig_info->keys6[0]) *
613                                          tp->md5sig_info->entries6));
614
615                         kfree(tp->md5sig_info->keys6);
616                         tp->md5sig_info->keys6 = keys;
617                         tp->md5sig_info->alloced6++;
618                 }
619
620                 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
621                                peer);
622                 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey;
623                 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen;
624
625                 tp->md5sig_info->entries6++;
626         }
627         return 0;
628 }
629
630 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk,
631                                u8 *newkey, __u8 newkeylen)
632 {
633         return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr,
634                                  newkey, newkeylen);
635 }
636
637 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
638 {
639         struct tcp_sock *tp = tcp_sk(sk);
640         int i;
641
642         for (i = 0; i < tp->md5sig_info->entries6; i++) {
643                 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) {
644                         /* Free the key */
645                         kfree(tp->md5sig_info->keys6[i].base.key);
646                         tp->md5sig_info->entries6--;
647
648                         if (tp->md5sig_info->entries6 == 0) {
649                                 kfree(tp->md5sig_info->keys6);
650                                 tp->md5sig_info->keys6 = NULL;
651                                 tp->md5sig_info->alloced6 = 0;
652                         } else {
653                                 /* shrink the database */
654                                 if (tp->md5sig_info->entries6 != i)
655                                         memmove(&tp->md5sig_info->keys6[i],
656                                                 &tp->md5sig_info->keys6[i+1],
657                                                 (tp->md5sig_info->entries6 - i)
658                                                 * sizeof (tp->md5sig_info->keys6[0]));
659                         }
660                         tcp_free_md5sig_pool();
661                         return 0;
662                 }
663         }
664         return -ENOENT;
665 }
666
667 static void tcp_v6_clear_md5_list (struct sock *sk)
668 {
669         struct tcp_sock *tp = tcp_sk(sk);
670         int i;
671
672         if (tp->md5sig_info->entries6) {
673                 for (i = 0; i < tp->md5sig_info->entries6; i++)
674                         kfree(tp->md5sig_info->keys6[i].base.key);
675                 tp->md5sig_info->entries6 = 0;
676                 tcp_free_md5sig_pool();
677         }
678
679         kfree(tp->md5sig_info->keys6);
680         tp->md5sig_info->keys6 = NULL;
681         tp->md5sig_info->alloced6 = 0;
682
683         if (tp->md5sig_info->entries4) {
684                 for (i = 0; i < tp->md5sig_info->entries4; i++)
685                         kfree(tp->md5sig_info->keys4[i].base.key);
686                 tp->md5sig_info->entries4 = 0;
687                 tcp_free_md5sig_pool();
688         }
689
690         kfree(tp->md5sig_info->keys4);
691         tp->md5sig_info->keys4 = NULL;
692         tp->md5sig_info->alloced4 = 0;
693 }
694
695 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
696                                   int optlen)
697 {
698         struct tcp_md5sig cmd;
699         struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
700         u8 *newkey;
701
702         if (optlen < sizeof(cmd))
703                 return -EINVAL;
704
705         if (copy_from_user(&cmd, optval, sizeof(cmd)))
706                 return -EFAULT;
707
708         if (sin6->sin6_family != AF_INET6)
709                 return -EINVAL;
710
711         if (!cmd.tcpm_keylen) {
712                 if (!tcp_sk(sk)->md5sig_info)
713                         return -ENOENT;
714                 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
715                         return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
716                 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr);
717         }
718
719         if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
720                 return -EINVAL;
721
722         if (!tcp_sk(sk)->md5sig_info) {
723                 struct tcp_sock *tp = tcp_sk(sk);
724                 struct tcp_md5sig_info *p;
725
726                 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL);
727                 if (!p)
728                         return -ENOMEM;
729
730                 tp->md5sig_info = p;
731                 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
732         }
733
734         newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
735         if (!newkey)
736                 return -ENOMEM;
737         if (ipv6_addr_v4mapped(&sin6->sin6_addr)) {
738                 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3],
739                                          newkey, cmd.tcpm_keylen);
740         }
741         return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
742 }
743
744 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
745                                         struct in6_addr *daddr,
746                                         struct in6_addr *saddr, int nbytes)
747 {
748         struct tcp6_pseudohdr *bp;
749         struct scatterlist sg;
750
751         bp = &hp->md5_blk.ip6;
752         /* 1. TCP pseudo-header (RFC2460) */
753         ipv6_addr_copy(&bp->saddr, saddr);
754         ipv6_addr_copy(&bp->daddr, daddr);
755         bp->protocol = cpu_to_be32(IPPROTO_TCP);
756         bp->len = cpu_to_be32(nbytes);
757
758         sg_init_one(&sg, bp, sizeof(*bp));
759         return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
760 }
761
762 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
763                                struct in6_addr *daddr, struct in6_addr *saddr,
764                                struct tcphdr *th)
765 {
766         struct tcp_md5sig_pool *hp;
767         struct hash_desc *desc;
768
769         hp = tcp_get_md5sig_pool();
770         if (!hp)
771                 goto clear_hash_noput;
772         desc = &hp->md5_desc;
773
774         if (crypto_hash_init(desc))
775                 goto clear_hash;
776         if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
777                 goto clear_hash;
778         if (tcp_md5_hash_header(hp, th))
779                 goto clear_hash;
780         if (tcp_md5_hash_key(hp, key))
781                 goto clear_hash;
782         if (crypto_hash_final(desc, md5_hash))
783                 goto clear_hash;
784
785         tcp_put_md5sig_pool();
786         return 0;
787
788 clear_hash:
789         tcp_put_md5sig_pool();
790 clear_hash_noput:
791         memset(md5_hash, 0, 16);
792         return 1;
793 }
794
795 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
796                                struct sock *sk, struct request_sock *req,
797                                struct sk_buff *skb)
798 {
799         struct in6_addr *saddr, *daddr;
800         struct tcp_md5sig_pool *hp;
801         struct hash_desc *desc;
802         struct tcphdr *th = tcp_hdr(skb);
803
804         if (sk) {
805                 saddr = &inet6_sk(sk)->saddr;
806                 daddr = &inet6_sk(sk)->daddr;
807         } else if (req) {
808                 saddr = &inet6_rsk(req)->loc_addr;
809                 daddr = &inet6_rsk(req)->rmt_addr;
810         } else {
811                 struct ipv6hdr *ip6h = ipv6_hdr(skb);
812                 saddr = &ip6h->saddr;
813                 daddr = &ip6h->daddr;
814         }
815
816         hp = tcp_get_md5sig_pool();
817         if (!hp)
818                 goto clear_hash_noput;
819         desc = &hp->md5_desc;
820
821         if (crypto_hash_init(desc))
822                 goto clear_hash;
823
824         if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
825                 goto clear_hash;
826         if (tcp_md5_hash_header(hp, th))
827                 goto clear_hash;
828         if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
829                 goto clear_hash;
830         if (tcp_md5_hash_key(hp, key))
831                 goto clear_hash;
832         if (crypto_hash_final(desc, md5_hash))
833                 goto clear_hash;
834
835         tcp_put_md5sig_pool();
836         return 0;
837
838 clear_hash:
839         tcp_put_md5sig_pool();
840 clear_hash_noput:
841         memset(md5_hash, 0, 16);
842         return 1;
843 }
844
845 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
846 {
847         __u8 *hash_location = NULL;
848         struct tcp_md5sig_key *hash_expected;
849         struct ipv6hdr *ip6h = ipv6_hdr(skb);
850         struct tcphdr *th = tcp_hdr(skb);
851         int genhash;
852         u8 newhash[16];
853
854         hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
855         hash_location = tcp_parse_md5sig_option(th);
856
857         /* We've parsed the options - do we have a hash? */
858         if (!hash_expected && !hash_location)
859                 return 0;
860
861         if (hash_expected && !hash_location) {
862                 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
863                 return 1;
864         }
865
866         if (!hash_expected && hash_location) {
867                 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
868                 return 1;
869         }
870
871         /* check the signature */
872         genhash = tcp_v6_md5_hash_skb(newhash,
873                                       hash_expected,
874                                       NULL, NULL, skb);
875
876         if (genhash || memcmp(hash_location, newhash, 16) != 0) {
877                 if (net_ratelimit()) {
878                         printk(KERN_INFO "MD5 Hash %s for (%pI6, %u)->(%pI6, %u)\n",
879                                genhash ? "failed" : "mismatch",
880                                &ip6h->saddr, ntohs(th->source),
881                                &ip6h->daddr, ntohs(th->dest));
882                 }
883                 return 1;
884         }
885         return 0;
886 }
887 #endif
888
889 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
890         .family         =       AF_INET6,
891         .obj_size       =       sizeof(struct tcp6_request_sock),
892         .rtx_syn_ack    =       tcp_v6_send_synack,
893         .send_ack       =       tcp_v6_reqsk_send_ack,
894         .destructor     =       tcp_v6_reqsk_destructor,
895         .send_reset     =       tcp_v6_send_reset
896 };
897
898 #ifdef CONFIG_TCP_MD5SIG
899 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
900         .md5_lookup     =       tcp_v6_reqsk_md5_lookup,
901         .calc_md5_hash  =       tcp_v6_md5_hash_skb,
902 };
903 #endif
904
905 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
906         .twsk_obj_size  = sizeof(struct tcp6_timewait_sock),
907         .twsk_unique    = tcp_twsk_unique,
908         .twsk_destructor= tcp_twsk_destructor,
909 };
910
911 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb)
912 {
913         struct ipv6_pinfo *np = inet6_sk(sk);
914         struct tcphdr *th = tcp_hdr(skb);
915
916         if (skb->ip_summed == CHECKSUM_PARTIAL) {
917                 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,  0);
918                 skb->csum_start = skb_transport_header(skb) - skb->head;
919                 skb->csum_offset = offsetof(struct tcphdr, check);
920         } else {
921                 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,
922                                             csum_partial(th, th->doff<<2,
923                                                          skb->csum));
924         }
925 }
926
927 static int tcp_v6_gso_send_check(struct sk_buff *skb)
928 {
929         struct ipv6hdr *ipv6h;
930         struct tcphdr *th;
931
932         if (!pskb_may_pull(skb, sizeof(*th)))
933                 return -EINVAL;
934
935         ipv6h = ipv6_hdr(skb);
936         th = tcp_hdr(skb);
937
938         th->check = 0;
939         th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len,
940                                      IPPROTO_TCP, 0);
941         skb->csum_start = skb_transport_header(skb) - skb->head;
942         skb->csum_offset = offsetof(struct tcphdr, check);
943         skb->ip_summed = CHECKSUM_PARTIAL;
944         return 0;
945 }
946
947 static struct sk_buff **tcp6_gro_receive(struct sk_buff **head,
948                                          struct sk_buff *skb)
949 {
950         struct ipv6hdr *iph = skb_gro_network_header(skb);
951
952         switch (skb->ip_summed) {
953         case CHECKSUM_COMPLETE:
954                 if (!tcp_v6_check(skb_gro_len(skb), &iph->saddr, &iph->daddr,
955                                   skb->csum)) {
956                         skb->ip_summed = CHECKSUM_UNNECESSARY;
957                         break;
958                 }
959
960                 /* fall through */
961         case CHECKSUM_NONE:
962                 NAPI_GRO_CB(skb)->flush = 1;
963                 return NULL;
964         }
965
966         return tcp_gro_receive(head, skb);
967 }
968
969 static int tcp6_gro_complete(struct sk_buff *skb)
970 {
971         struct ipv6hdr *iph = ipv6_hdr(skb);
972         struct tcphdr *th = tcp_hdr(skb);
973
974         th->check = ~tcp_v6_check(skb->len - skb_transport_offset(skb),
975                                   &iph->saddr, &iph->daddr, 0);
976         skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6;
977
978         return tcp_gro_complete(skb);
979 }
980
981 static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
982                                  u32 ts, struct tcp_md5sig_key *key, int rst)
983 {
984         struct tcphdr *th = tcp_hdr(skb), *t1;
985         struct sk_buff *buff;
986         struct flowi fl;
987         struct net *net = dev_net(skb_dst(skb)->dev);
988         struct sock *ctl_sk = net->ipv6.tcp_sk;
989         unsigned int tot_len = sizeof(struct tcphdr);
990         struct dst_entry *dst;
991         __be32 *topt;
992
993         if (ts)
994                 tot_len += TCPOLEN_TSTAMP_ALIGNED;
995 #ifdef CONFIG_TCP_MD5SIG
996         if (key)
997                 tot_len += TCPOLEN_MD5SIG_ALIGNED;
998 #endif
999
1000         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1001                          GFP_ATOMIC);
1002         if (buff == NULL)
1003                 return;
1004
1005         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1006
1007         t1 = (struct tcphdr *) skb_push(buff, tot_len);
1008         skb_reset_transport_header(skb);
1009
1010         /* Swap the send and the receive. */
1011         memset(t1, 0, sizeof(*t1));
1012         t1->dest = th->source;
1013         t1->source = th->dest;
1014         t1->doff = tot_len / 4;
1015         t1->seq = htonl(seq);
1016         t1->ack_seq = htonl(ack);
1017         t1->ack = !rst || !th->ack;
1018         t1->rst = rst;
1019         t1->window = htons(win);
1020
1021         topt = (__be32 *)(t1 + 1);
1022
1023         if (ts) {
1024                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1025                                 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
1026                 *topt++ = htonl(tcp_time_stamp);
1027                 *topt++ = htonl(ts);
1028         }
1029
1030 #ifdef CONFIG_TCP_MD5SIG
1031         if (key) {
1032                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1033                                 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1034                 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
1035                                     &ipv6_hdr(skb)->saddr,
1036                                     &ipv6_hdr(skb)->daddr, t1);
1037         }
1038 #endif
1039
1040         buff->csum = csum_partial(t1, tot_len, 0);
1041
1042         memset(&fl, 0, sizeof(fl));
1043         ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1044         ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr);
1045
1046         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1047                                     tot_len, IPPROTO_TCP,
1048                                     buff->csum);
1049
1050         fl.proto = IPPROTO_TCP;
1051         fl.oif = inet6_iif(skb);
1052         fl.fl_ip_dport = t1->dest;
1053         fl.fl_ip_sport = t1->source;
1054         security_skb_classify_flow(skb, &fl);
1055
1056         /* Pass a socket to ip6_dst_lookup either it is for RST
1057          * Underlying function will use this to retrieve the network
1058          * namespace
1059          */
1060         if (!ip6_dst_lookup(ctl_sk, &dst, &fl)) {
1061                 if (xfrm_lookup(net, &dst, &fl, NULL, 0) >= 0) {
1062                         skb_dst_set(buff, dst);
1063                         ip6_xmit(ctl_sk, buff, &fl, NULL, 0);
1064                         TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
1065                         if (rst)
1066                                 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
1067                         return;
1068                 }
1069         }
1070
1071         kfree_skb(buff);
1072 }
1073
1074 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
1075 {
1076         struct tcphdr *th = tcp_hdr(skb);
1077         u32 seq = 0, ack_seq = 0;
1078         struct tcp_md5sig_key *key = NULL;
1079
1080         if (th->rst)
1081                 return;
1082
1083         if (!ipv6_unicast_destination(skb))
1084                 return;
1085
1086 #ifdef CONFIG_TCP_MD5SIG
1087         if (sk)
1088                 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr);
1089 #endif
1090
1091         if (th->ack)
1092                 seq = ntohl(th->ack_seq);
1093         else
1094                 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
1095                           (th->doff << 2);
1096
1097         tcp_v6_send_response(skb, seq, ack_seq, 0, 0, key, 1);
1098 }
1099
1100 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts,
1101                             struct tcp_md5sig_key *key)
1102 {
1103         tcp_v6_send_response(skb, seq, ack, win, ts, key, 0);
1104 }
1105
1106 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1107 {
1108         struct inet_timewait_sock *tw = inet_twsk(sk);
1109         struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1110
1111         tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1112                         tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1113                         tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw));
1114
1115         inet_twsk_put(tw);
1116 }
1117
1118 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
1119                                   struct request_sock *req)
1120 {
1121         tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent,
1122                         tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr));
1123 }
1124
1125
1126 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1127 {
1128         struct request_sock *req, **prev;
1129         const struct tcphdr *th = tcp_hdr(skb);
1130         struct sock *nsk;
1131
1132         /* Find possible connection requests. */
1133         req = inet6_csk_search_req(sk, &prev, th->source,
1134                                    &ipv6_hdr(skb)->saddr,
1135                                    &ipv6_hdr(skb)->daddr, inet6_iif(skb));
1136         if (req)
1137                 return tcp_check_req(sk, skb, req, prev);
1138
1139         nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
1140                         &ipv6_hdr(skb)->saddr, th->source,
1141                         &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb));
1142
1143         if (nsk) {
1144                 if (nsk->sk_state != TCP_TIME_WAIT) {
1145                         bh_lock_sock(nsk);
1146                         return nsk;
1147                 }
1148                 inet_twsk_put(inet_twsk(nsk));
1149                 return NULL;
1150         }
1151
1152 #ifdef CONFIG_SYN_COOKIES
1153         if (!th->rst && !th->syn && th->ack)
1154                 sk = cookie_v6_check(sk, skb);
1155 #endif
1156         return sk;
1157 }
1158
1159 /* FIXME: this is substantially similar to the ipv4 code.
1160  * Can some kind of merge be done? -- erics
1161  */
1162 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1163 {
1164         struct inet6_request_sock *treq;
1165         struct ipv6_pinfo *np = inet6_sk(sk);
1166         struct tcp_options_received tmp_opt;
1167         struct tcp_sock *tp = tcp_sk(sk);
1168         struct request_sock *req = NULL;
1169         __u32 isn = TCP_SKB_CB(skb)->when;
1170         struct dst_entry *dst = __sk_dst_get(sk);
1171 #ifdef CONFIG_SYN_COOKIES
1172         int want_cookie = 0;
1173 #else
1174 #define want_cookie 0
1175 #endif
1176
1177         if (skb->protocol == htons(ETH_P_IP))
1178                 return tcp_v4_conn_request(sk, skb);
1179
1180         if (!ipv6_unicast_destination(skb))
1181                 goto drop;
1182
1183         if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1184                 if (net_ratelimit())
1185                         syn_flood_warning(skb);
1186 #ifdef CONFIG_SYN_COOKIES
1187                 if (sysctl_tcp_syncookies)
1188                         want_cookie = 1;
1189                 else
1190 #endif
1191                 goto drop;
1192         }
1193
1194         if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1195                 goto drop;
1196
1197         req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
1198         if (req == NULL)
1199                 goto drop;
1200
1201 #ifdef CONFIG_TCP_MD5SIG
1202         tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
1203 #endif
1204
1205         tcp_clear_options(&tmp_opt);
1206         tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1207         tmp_opt.user_mss = tp->rx_opt.user_mss;
1208
1209         tcp_parse_options(skb, &tmp_opt, 0, dst);
1210
1211         if (want_cookie && !tmp_opt.saw_tstamp)
1212                 tcp_clear_options(&tmp_opt);
1213
1214         tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1215         tcp_openreq_init(req, &tmp_opt, skb);
1216
1217         treq = inet6_rsk(req);
1218         ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr);
1219         ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr);
1220         if (!want_cookie)
1221                 TCP_ECN_create_request(req, tcp_hdr(skb));
1222
1223         if (want_cookie) {
1224                 isn = cookie_v6_init_sequence(sk, skb, &req->mss);
1225                 req->cookie_ts = tmp_opt.tstamp_ok;
1226         } else if (!isn) {
1227                 if (ipv6_opt_accepted(sk, skb) ||
1228                     np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1229                     np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1230                         atomic_inc(&skb->users);
1231                         treq->pktopts = skb;
1232                 }
1233                 treq->iif = sk->sk_bound_dev_if;
1234
1235                 /* So that link locals have meaning */
1236                 if (!sk->sk_bound_dev_if &&
1237                     ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1238                         treq->iif = inet6_iif(skb);
1239
1240                 isn = tcp_v6_init_sequence(skb);
1241         }
1242
1243         tcp_rsk(req)->snt_isn = isn;
1244
1245         security_inet_conn_request(sk, skb, req);
1246
1247         if (tcp_v6_send_synack(sk, req))
1248                 goto drop;
1249
1250         if (!want_cookie) {
1251                 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1252                 return 0;
1253         }
1254
1255 drop:
1256         if (req)
1257                 reqsk_free(req);
1258
1259         return 0; /* don't send reset */
1260 }
1261
1262 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1263                                           struct request_sock *req,
1264                                           struct dst_entry *dst)
1265 {
1266         struct inet6_request_sock *treq;
1267         struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1268         struct tcp6_sock *newtcp6sk;
1269         struct inet_sock *newinet;
1270         struct tcp_sock *newtp;
1271         struct sock *newsk;
1272         struct ipv6_txoptions *opt;
1273 #ifdef CONFIG_TCP_MD5SIG
1274         struct tcp_md5sig_key *key;
1275 #endif
1276
1277         if (skb->protocol == htons(ETH_P_IP)) {
1278                 /*
1279                  *      v6 mapped
1280                  */
1281
1282                 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1283
1284                 if (newsk == NULL)
1285                         return NULL;
1286
1287                 newtcp6sk = (struct tcp6_sock *)newsk;
1288                 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1289
1290                 newinet = inet_sk(newsk);
1291                 newnp = inet6_sk(newsk);
1292                 newtp = tcp_sk(newsk);
1293
1294                 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1295
1296                 ipv6_addr_set_v4mapped(newinet->inet_daddr, &newnp->daddr);
1297
1298                 ipv6_addr_set_v4mapped(newinet->inet_saddr, &newnp->saddr);
1299
1300                 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1301
1302                 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1303                 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1304 #ifdef CONFIG_TCP_MD5SIG
1305                 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1306 #endif
1307
1308                 newnp->pktoptions  = NULL;
1309                 newnp->opt         = NULL;
1310                 newnp->mcast_oif   = inet6_iif(skb);
1311                 newnp->mcast_hops  = ipv6_hdr(skb)->hop_limit;
1312
1313                 /*
1314                  * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1315                  * here, tcp_create_openreq_child now does this for us, see the comment in
1316                  * that function for the gory details. -acme
1317                  */
1318
1319                 /* It is tricky place. Until this moment IPv4 tcp
1320                    worked with IPv6 icsk.icsk_af_ops.
1321                    Sync it now.
1322                  */
1323                 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1324
1325                 return newsk;
1326         }
1327
1328         treq = inet6_rsk(req);
1329         opt = np->opt;
1330
1331         if (sk_acceptq_is_full(sk))
1332                 goto out_overflow;
1333
1334         if (dst == NULL) {
1335                 struct in6_addr *final_p = NULL, final;
1336                 struct flowi fl;
1337
1338                 memset(&fl, 0, sizeof(fl));
1339                 fl.proto = IPPROTO_TCP;
1340                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
1341                 if (opt && opt->srcrt) {
1342                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
1343                         ipv6_addr_copy(&final, &fl.fl6_dst);
1344                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1345                         final_p = &final;
1346                 }
1347                 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
1348                 fl.oif = sk->sk_bound_dev_if;
1349                 fl.mark = sk->sk_mark;
1350                 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
1351                 fl.fl_ip_sport = inet_rsk(req)->loc_port;
1352                 security_req_classify_flow(req, &fl);
1353
1354                 if (ip6_dst_lookup(sk, &dst, &fl))
1355                         goto out;
1356
1357                 if (final_p)
1358                         ipv6_addr_copy(&fl.fl6_dst, final_p);
1359
1360                 if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
1361                         goto out;
1362         }
1363
1364         newsk = tcp_create_openreq_child(sk, req, skb);
1365         if (newsk == NULL)
1366                 goto out;
1367
1368         /*
1369          * No need to charge this sock to the relevant IPv6 refcnt debug socks
1370          * count here, tcp_create_openreq_child now does this for us, see the
1371          * comment in that function for the gory details. -acme
1372          */
1373
1374         newsk->sk_gso_type = SKB_GSO_TCPV6;
1375         __ip6_dst_store(newsk, dst, NULL, NULL);
1376
1377         newtcp6sk = (struct tcp6_sock *)newsk;
1378         inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1379
1380         newtp = tcp_sk(newsk);
1381         newinet = inet_sk(newsk);
1382         newnp = inet6_sk(newsk);
1383
1384         memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1385
1386         ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1387         ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1388         ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1389         newsk->sk_bound_dev_if = treq->iif;
1390
1391         /* Now IPv6 options...
1392
1393            First: no IPv4 options.
1394          */
1395         newinet->opt = NULL;
1396         newnp->ipv6_fl_list = NULL;
1397
1398         /* Clone RX bits */
1399         newnp->rxopt.all = np->rxopt.all;
1400
1401         /* Clone pktoptions received with SYN */
1402         newnp->pktoptions = NULL;
1403         if (treq->pktopts != NULL) {
1404                 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1405                 kfree_skb(treq->pktopts);
1406                 treq->pktopts = NULL;
1407                 if (newnp->pktoptions)
1408                         skb_set_owner_r(newnp->pktoptions, newsk);
1409         }
1410         newnp->opt        = NULL;
1411         newnp->mcast_oif  = inet6_iif(skb);
1412         newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1413
1414         /* Clone native IPv6 options from listening socket (if any)
1415
1416            Yes, keeping reference count would be much more clever,
1417            but we make one more one thing there: reattach optmem
1418            to newsk.
1419          */
1420         if (opt) {
1421                 newnp->opt = ipv6_dup_options(newsk, opt);
1422                 if (opt != np->opt)
1423                         sock_kfree_s(sk, opt, opt->tot_len);
1424         }
1425
1426         inet_csk(newsk)->icsk_ext_hdr_len = 0;
1427         if (newnp->opt)
1428                 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1429                                                      newnp->opt->opt_flen);
1430
1431         tcp_mtup_init(newsk);
1432         tcp_sync_mss(newsk, dst_mtu(dst));
1433         newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1434         tcp_initialize_rcv_mss(newsk);
1435
1436         newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1437         newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1438
1439 #ifdef CONFIG_TCP_MD5SIG
1440         /* Copy over the MD5 key from the original socket */
1441         if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
1442                 /* We're using one, so create a matching key
1443                  * on the newsk structure. If we fail to get
1444                  * memory, then we end up not copying the key
1445                  * across. Shucks.
1446                  */
1447                 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1448                 if (newkey != NULL)
1449                         tcp_v6_md5_do_add(newsk, &newnp->daddr,
1450                                           newkey, key->keylen);
1451         }
1452 #endif
1453
1454         __inet6_hash(newsk);
1455         __inet_inherit_port(sk, newsk);
1456
1457         return newsk;
1458
1459 out_overflow:
1460         NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1461 out:
1462         NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1463         if (opt && opt != np->opt)
1464                 sock_kfree_s(sk, opt, opt->tot_len);
1465         dst_release(dst);
1466         return NULL;
1467 }
1468
1469 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1470 {
1471         if (skb->ip_summed == CHECKSUM_COMPLETE) {
1472                 if (!tcp_v6_check(skb->len, &ipv6_hdr(skb)->saddr,
1473                                   &ipv6_hdr(skb)->daddr, skb->csum)) {
1474                         skb->ip_summed = CHECKSUM_UNNECESSARY;
1475                         return 0;
1476                 }
1477         }
1478
1479         skb->csum = ~csum_unfold(tcp_v6_check(skb->len,
1480                                               &ipv6_hdr(skb)->saddr,
1481                                               &ipv6_hdr(skb)->daddr, 0));
1482
1483         if (skb->len <= 76) {
1484                 return __skb_checksum_complete(skb);
1485         }
1486         return 0;
1487 }
1488
1489 /* The socket must have it's spinlock held when we get
1490  * here.
1491  *
1492  * We have a potential double-lock case here, so even when
1493  * doing backlog processing we use the BH locking scheme.
1494  * This is because we cannot sleep with the original spinlock
1495  * held.
1496  */
1497 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1498 {
1499         struct ipv6_pinfo *np = inet6_sk(sk);
1500         struct tcp_sock *tp;
1501         struct sk_buff *opt_skb = NULL;
1502
1503         /* Imagine: socket is IPv6. IPv4 packet arrives,
1504            goes to IPv4 receive handler and backlogged.
1505            From backlog it always goes here. Kerboom...
1506            Fortunately, tcp_rcv_established and rcv_established
1507            handle them correctly, but it is not case with
1508            tcp_v6_hnd_req and tcp_v6_send_reset().   --ANK
1509          */
1510
1511         if (skb->protocol == htons(ETH_P_IP))
1512                 return tcp_v4_do_rcv(sk, skb);
1513
1514 #ifdef CONFIG_TCP_MD5SIG
1515         if (tcp_v6_inbound_md5_hash (sk, skb))
1516                 goto discard;
1517 #endif
1518
1519         if (sk_filter(sk, skb))
1520                 goto discard;
1521
1522         /*
1523          *      socket locking is here for SMP purposes as backlog rcv
1524          *      is currently called with bh processing disabled.
1525          */
1526
1527         /* Do Stevens' IPV6_PKTOPTIONS.
1528
1529            Yes, guys, it is the only place in our code, where we
1530            may make it not affecting IPv4.
1531            The rest of code is protocol independent,
1532            and I do not like idea to uglify IPv4.
1533
1534            Actually, all the idea behind IPV6_PKTOPTIONS
1535            looks not very well thought. For now we latch
1536            options, received in the last packet, enqueued
1537            by tcp. Feel free to propose better solution.
1538                                                --ANK (980728)
1539          */
1540         if (np->rxopt.all)
1541                 opt_skb = skb_clone(skb, GFP_ATOMIC);
1542
1543         if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1544                 TCP_CHECK_TIMER(sk);
1545                 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len))
1546                         goto reset;
1547                 TCP_CHECK_TIMER(sk);
1548                 if (opt_skb)
1549                         goto ipv6_pktoptions;
1550                 return 0;
1551         }
1552
1553         if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1554                 goto csum_err;
1555
1556         if (sk->sk_state == TCP_LISTEN) {
1557                 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1558                 if (!nsk)
1559                         goto discard;
1560
1561                 /*
1562                  * Queue it on the new socket if the new socket is active,
1563                  * otherwise we just shortcircuit this and continue with
1564                  * the new socket..
1565                  */
1566                 if(nsk != sk) {
1567                         if (tcp_child_process(sk, nsk, skb))
1568                                 goto reset;
1569                         if (opt_skb)
1570                                 __kfree_skb(opt_skb);
1571                         return 0;
1572                 }
1573         }
1574
1575         TCP_CHECK_TIMER(sk);
1576         if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1577                 goto reset;
1578         TCP_CHECK_TIMER(sk);
1579         if (opt_skb)
1580                 goto ipv6_pktoptions;
1581         return 0;
1582
1583 reset:
1584         tcp_v6_send_reset(sk, skb);
1585 discard:
1586         if (opt_skb)
1587                 __kfree_skb(opt_skb);
1588         kfree_skb(skb);
1589         return 0;
1590 csum_err:
1591         TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1592         goto discard;
1593
1594
1595 ipv6_pktoptions:
1596         /* Do you ask, what is it?
1597
1598            1. skb was enqueued by tcp.
1599            2. skb is added to tail of read queue, rather than out of order.
1600            3. socket is not in passive state.
1601            4. Finally, it really contains options, which user wants to receive.
1602          */
1603         tp = tcp_sk(sk);
1604         if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1605             !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1606                 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1607                         np->mcast_oif = inet6_iif(opt_skb);
1608                 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1609                         np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1610                 if (ipv6_opt_accepted(sk, opt_skb)) {
1611                         skb_set_owner_r(opt_skb, sk);
1612                         opt_skb = xchg(&np->pktoptions, opt_skb);
1613                 } else {
1614                         __kfree_skb(opt_skb);
1615                         opt_skb = xchg(&np->pktoptions, NULL);
1616                 }
1617         }
1618
1619         kfree_skb(opt_skb);
1620         return 0;
1621 }
1622
1623 static int tcp_v6_rcv(struct sk_buff *skb)
1624 {
1625         struct tcphdr *th;
1626         struct sock *sk;
1627         int ret;
1628         struct net *net = dev_net(skb->dev);
1629
1630         if (skb->pkt_type != PACKET_HOST)
1631                 goto discard_it;
1632
1633         /*
1634          *      Count it even if it's bad.
1635          */
1636         TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1637
1638         if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1639                 goto discard_it;
1640
1641         th = tcp_hdr(skb);
1642
1643         if (th->doff < sizeof(struct tcphdr)/4)
1644                 goto bad_packet;
1645         if (!pskb_may_pull(skb, th->doff*4))
1646                 goto discard_it;
1647
1648         if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb))
1649                 goto bad_packet;
1650
1651         th = tcp_hdr(skb);
1652         TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1653         TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1654                                     skb->len - th->doff*4);
1655         TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1656         TCP_SKB_CB(skb)->when = 0;
1657         TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb));
1658         TCP_SKB_CB(skb)->sacked = 0;
1659
1660         sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
1661         if (!sk)
1662                 goto no_tcp_socket;
1663
1664 process:
1665         if (sk->sk_state == TCP_TIME_WAIT)
1666                 goto do_time_wait;
1667
1668         if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1669                 goto discard_and_relse;
1670
1671         if (sk_filter(sk, skb))
1672                 goto discard_and_relse;
1673
1674         skb->dev = NULL;
1675
1676         bh_lock_sock_nested(sk);
1677         ret = 0;
1678         if (!sock_owned_by_user(sk)) {
1679 #ifdef CONFIG_NET_DMA
1680                 struct tcp_sock *tp = tcp_sk(sk);
1681                 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1682                         tp->ucopy.dma_chan = dma_find_channel(DMA_MEMCPY);
1683                 if (tp->ucopy.dma_chan)
1684                         ret = tcp_v6_do_rcv(sk, skb);
1685                 else
1686 #endif
1687                 {
1688                         if (!tcp_prequeue(sk, skb))
1689                                 ret = tcp_v6_do_rcv(sk, skb);
1690                 }
1691         } else
1692                 sk_add_backlog(sk, skb);
1693         bh_unlock_sock(sk);
1694
1695         sock_put(sk);
1696         return ret ? -1 : 0;
1697
1698 no_tcp_socket:
1699         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1700                 goto discard_it;
1701
1702         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1703 bad_packet:
1704                 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1705         } else {
1706                 tcp_v6_send_reset(NULL, skb);
1707         }
1708
1709 discard_it:
1710
1711         /*
1712          *      Discard frame
1713          */
1714
1715         kfree_skb(skb);
1716         return 0;
1717
1718 discard_and_relse:
1719         sock_put(sk);
1720         goto discard_it;
1721
1722 do_time_wait:
1723         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1724                 inet_twsk_put(inet_twsk(sk));
1725                 goto discard_it;
1726         }
1727
1728         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1729                 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1730                 inet_twsk_put(inet_twsk(sk));
1731                 goto discard_it;
1732         }
1733
1734         switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1735         case TCP_TW_SYN:
1736         {
1737                 struct sock *sk2;
1738
1739                 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1740                                             &ipv6_hdr(skb)->daddr,
1741                                             ntohs(th->dest), inet6_iif(skb));
1742                 if (sk2 != NULL) {
1743                         struct inet_timewait_sock *tw = inet_twsk(sk);
1744                         inet_twsk_deschedule(tw, &tcp_death_row);
1745                         inet_twsk_put(tw);
1746                         sk = sk2;
1747                         goto process;
1748                 }
1749                 /* Fall through to ACK */
1750         }
1751         case TCP_TW_ACK:
1752                 tcp_v6_timewait_ack(sk, skb);
1753                 break;
1754         case TCP_TW_RST:
1755                 goto no_tcp_socket;
1756         case TCP_TW_SUCCESS:;
1757         }
1758         goto discard_it;
1759 }
1760
1761 static int tcp_v6_remember_stamp(struct sock *sk)
1762 {
1763         /* Alas, not yet... */
1764         return 0;
1765 }
1766
1767 static const struct inet_connection_sock_af_ops ipv6_specific = {
1768         .queue_xmit        = inet6_csk_xmit,
1769         .send_check        = tcp_v6_send_check,
1770         .rebuild_header    = inet6_sk_rebuild_header,
1771         .conn_request      = tcp_v6_conn_request,
1772         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1773         .remember_stamp    = tcp_v6_remember_stamp,
1774         .net_header_len    = sizeof(struct ipv6hdr),
1775         .setsockopt        = ipv6_setsockopt,
1776         .getsockopt        = ipv6_getsockopt,
1777         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1778         .sockaddr_len      = sizeof(struct sockaddr_in6),
1779         .bind_conflict     = inet6_csk_bind_conflict,
1780 #ifdef CONFIG_COMPAT
1781         .compat_setsockopt = compat_ipv6_setsockopt,
1782         .compat_getsockopt = compat_ipv6_getsockopt,
1783 #endif
1784 };
1785
1786 #ifdef CONFIG_TCP_MD5SIG
1787 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1788         .md5_lookup     =       tcp_v6_md5_lookup,
1789         .calc_md5_hash  =       tcp_v6_md5_hash_skb,
1790         .md5_add        =       tcp_v6_md5_add_func,
1791         .md5_parse      =       tcp_v6_parse_md5_keys,
1792 };
1793 #endif
1794
1795 /*
1796  *      TCP over IPv4 via INET6 API
1797  */
1798
1799 static const struct inet_connection_sock_af_ops ipv6_mapped = {
1800         .queue_xmit        = ip_queue_xmit,
1801         .send_check        = tcp_v4_send_check,
1802         .rebuild_header    = inet_sk_rebuild_header,
1803         .conn_request      = tcp_v6_conn_request,
1804         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1805         .remember_stamp    = tcp_v4_remember_stamp,
1806         .net_header_len    = sizeof(struct iphdr),
1807         .setsockopt        = ipv6_setsockopt,
1808         .getsockopt        = ipv6_getsockopt,
1809         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1810         .sockaddr_len      = sizeof(struct sockaddr_in6),
1811         .bind_conflict     = inet6_csk_bind_conflict,
1812 #ifdef CONFIG_COMPAT
1813         .compat_setsockopt = compat_ipv6_setsockopt,
1814         .compat_getsockopt = compat_ipv6_getsockopt,
1815 #endif
1816 };
1817
1818 #ifdef CONFIG_TCP_MD5SIG
1819 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1820         .md5_lookup     =       tcp_v4_md5_lookup,
1821         .calc_md5_hash  =       tcp_v4_md5_hash_skb,
1822         .md5_add        =       tcp_v6_md5_add_func,
1823         .md5_parse      =       tcp_v6_parse_md5_keys,
1824 };
1825 #endif
1826
1827 /* NOTE: A lot of things set to zero explicitly by call to
1828  *       sk_alloc() so need not be done here.
1829  */
1830 static int tcp_v6_init_sock(struct sock *sk)
1831 {
1832         struct inet_connection_sock *icsk = inet_csk(sk);
1833         struct tcp_sock *tp = tcp_sk(sk);
1834
1835         skb_queue_head_init(&tp->out_of_order_queue);
1836         tcp_init_xmit_timers(sk);
1837         tcp_prequeue_init(tp);
1838
1839         icsk->icsk_rto = TCP_TIMEOUT_INIT;
1840         tp->mdev = TCP_TIMEOUT_INIT;
1841
1842         /* So many TCP implementations out there (incorrectly) count the
1843          * initial SYN frame in their delayed-ACK and congestion control
1844          * algorithms that we must have the following bandaid to talk
1845          * efficiently to them.  -DaveM
1846          */
1847         tp->snd_cwnd = 2;
1848
1849         /* See draft-stevens-tcpca-spec-01 for discussion of the
1850          * initialization of these values.
1851          */
1852         tp->snd_ssthresh = TCP_INFINITE_SSTHRESH;
1853         tp->snd_cwnd_clamp = ~0;
1854         tp->mss_cache = 536;
1855
1856         tp->reordering = sysctl_tcp_reordering;
1857
1858         sk->sk_state = TCP_CLOSE;
1859
1860         icsk->icsk_af_ops = &ipv6_specific;
1861         icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1862         icsk->icsk_sync_mss = tcp_sync_mss;
1863         sk->sk_write_space = sk_stream_write_space;
1864         sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1865
1866 #ifdef CONFIG_TCP_MD5SIG
1867         tp->af_specific = &tcp_sock_ipv6_specific;
1868 #endif
1869
1870         sk->sk_sndbuf = sysctl_tcp_wmem[1];
1871         sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1872
1873         local_bh_disable();
1874         percpu_counter_inc(&tcp_sockets_allocated);
1875         local_bh_enable();
1876
1877         return 0;
1878 }
1879
1880 static void tcp_v6_destroy_sock(struct sock *sk)
1881 {
1882 #ifdef CONFIG_TCP_MD5SIG
1883         /* Clean up the MD5 key list */
1884         if (tcp_sk(sk)->md5sig_info)
1885                 tcp_v6_clear_md5_list(sk);
1886 #endif
1887         tcp_v4_destroy_sock(sk);
1888         inet6_destroy_sock(sk);
1889 }
1890
1891 #ifdef CONFIG_PROC_FS
1892 /* Proc filesystem TCPv6 sock list dumping. */
1893 static void get_openreq6(struct seq_file *seq,
1894                          struct sock *sk, struct request_sock *req, int i, int uid)
1895 {
1896         int ttd = req->expires - jiffies;
1897         struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1898         struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1899
1900         if (ttd < 0)
1901                 ttd = 0;
1902
1903         seq_printf(seq,
1904                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1905                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1906                    i,
1907                    src->s6_addr32[0], src->s6_addr32[1],
1908                    src->s6_addr32[2], src->s6_addr32[3],
1909                    ntohs(inet_rsk(req)->loc_port),
1910                    dest->s6_addr32[0], dest->s6_addr32[1],
1911                    dest->s6_addr32[2], dest->s6_addr32[3],
1912                    ntohs(inet_rsk(req)->rmt_port),
1913                    TCP_SYN_RECV,
1914                    0,0, /* could print option size, but that is af dependent. */
1915                    1,   /* timers active (only the expire timer) */
1916                    jiffies_to_clock_t(ttd),
1917                    req->retrans,
1918                    uid,
1919                    0,  /* non standard timer */
1920                    0, /* open_requests have no inode */
1921                    0, req);
1922 }
1923
1924 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1925 {
1926         struct in6_addr *dest, *src;
1927         __u16 destp, srcp;
1928         int timer_active;
1929         unsigned long timer_expires;
1930         struct inet_sock *inet = inet_sk(sp);
1931         struct tcp_sock *tp = tcp_sk(sp);
1932         const struct inet_connection_sock *icsk = inet_csk(sp);
1933         struct ipv6_pinfo *np = inet6_sk(sp);
1934
1935         dest  = &np->daddr;
1936         src   = &np->rcv_saddr;
1937         destp = ntohs(inet->inet_dport);
1938         srcp  = ntohs(inet->inet_sport);
1939
1940         if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1941                 timer_active    = 1;
1942                 timer_expires   = icsk->icsk_timeout;
1943         } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1944                 timer_active    = 4;
1945                 timer_expires   = icsk->icsk_timeout;
1946         } else if (timer_pending(&sp->sk_timer)) {
1947                 timer_active    = 2;
1948                 timer_expires   = sp->sk_timer.expires;
1949         } else {
1950                 timer_active    = 0;
1951                 timer_expires = jiffies;
1952         }
1953
1954         seq_printf(seq,
1955                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1956                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %lu %lu %u %u %d\n",
1957                    i,
1958                    src->s6_addr32[0], src->s6_addr32[1],
1959                    src->s6_addr32[2], src->s6_addr32[3], srcp,
1960                    dest->s6_addr32[0], dest->s6_addr32[1],
1961                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
1962                    sp->sk_state,
1963                    tp->write_seq-tp->snd_una,
1964                    (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
1965                    timer_active,
1966                    jiffies_to_clock_t(timer_expires - jiffies),
1967                    icsk->icsk_retransmits,
1968                    sock_i_uid(sp),
1969                    icsk->icsk_probes_out,
1970                    sock_i_ino(sp),
1971                    atomic_read(&sp->sk_refcnt), sp,
1972                    jiffies_to_clock_t(icsk->icsk_rto),
1973                    jiffies_to_clock_t(icsk->icsk_ack.ato),
1974                    (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
1975                    tp->snd_cwnd,
1976                    tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh
1977                    );
1978 }
1979
1980 static void get_timewait6_sock(struct seq_file *seq,
1981                                struct inet_timewait_sock *tw, int i)
1982 {
1983         struct in6_addr *dest, *src;
1984         __u16 destp, srcp;
1985         struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
1986         int ttd = tw->tw_ttd - jiffies;
1987
1988         if (ttd < 0)
1989                 ttd = 0;
1990
1991         dest = &tw6->tw_v6_daddr;
1992         src  = &tw6->tw_v6_rcv_saddr;
1993         destp = ntohs(tw->tw_dport);
1994         srcp  = ntohs(tw->tw_sport);
1995
1996         seq_printf(seq,
1997                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1998                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1999                    i,
2000                    src->s6_addr32[0], src->s6_addr32[1],
2001                    src->s6_addr32[2], src->s6_addr32[3], srcp,
2002                    dest->s6_addr32[0], dest->s6_addr32[1],
2003                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
2004                    tw->tw_substate, 0, 0,
2005                    3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2006                    atomic_read(&tw->tw_refcnt), tw);
2007 }
2008
2009 static int tcp6_seq_show(struct seq_file *seq, void *v)
2010 {
2011         struct tcp_iter_state *st;
2012
2013         if (v == SEQ_START_TOKEN) {
2014                 seq_puts(seq,
2015                          "  sl  "
2016                          "local_address                         "
2017                          "remote_address                        "
2018                          "st tx_queue rx_queue tr tm->when retrnsmt"
2019                          "   uid  timeout inode\n");
2020                 goto out;
2021         }
2022         st = seq->private;
2023
2024         switch (st->state) {
2025         case TCP_SEQ_STATE_LISTENING:
2026         case TCP_SEQ_STATE_ESTABLISHED:
2027                 get_tcp6_sock(seq, v, st->num);
2028                 break;
2029         case TCP_SEQ_STATE_OPENREQ:
2030                 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
2031                 break;
2032         case TCP_SEQ_STATE_TIME_WAIT:
2033                 get_timewait6_sock(seq, v, st->num);
2034                 break;
2035         }
2036 out:
2037         return 0;
2038 }
2039
2040 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2041         .name           = "tcp6",
2042         .family         = AF_INET6,
2043         .seq_fops       = {
2044                 .owner          = THIS_MODULE,
2045         },
2046         .seq_ops        = {
2047                 .show           = tcp6_seq_show,
2048         },
2049 };
2050
2051 int tcp6_proc_init(struct net *net)
2052 {
2053         return tcp_proc_register(net, &tcp6_seq_afinfo);
2054 }
2055
2056 void tcp6_proc_exit(struct net *net)
2057 {
2058         tcp_proc_unregister(net, &tcp6_seq_afinfo);
2059 }
2060 #endif
2061
2062 struct proto tcpv6_prot = {
2063         .name                   = "TCPv6",
2064         .owner                  = THIS_MODULE,
2065         .close                  = tcp_close,
2066         .connect                = tcp_v6_connect,
2067         .disconnect             = tcp_disconnect,
2068         .accept                 = inet_csk_accept,
2069         .ioctl                  = tcp_ioctl,
2070         .init                   = tcp_v6_init_sock,
2071         .destroy                = tcp_v6_destroy_sock,
2072         .shutdown               = tcp_shutdown,
2073         .setsockopt             = tcp_setsockopt,
2074         .getsockopt             = tcp_getsockopt,
2075         .recvmsg                = tcp_recvmsg,
2076         .backlog_rcv            = tcp_v6_do_rcv,
2077         .hash                   = tcp_v6_hash,
2078         .unhash                 = inet_unhash,
2079         .get_port               = inet_csk_get_port,
2080         .enter_memory_pressure  = tcp_enter_memory_pressure,
2081         .sockets_allocated      = &tcp_sockets_allocated,
2082         .memory_allocated       = &tcp_memory_allocated,
2083         .memory_pressure        = &tcp_memory_pressure,
2084         .orphan_count           = &tcp_orphan_count,
2085         .sysctl_mem             = sysctl_tcp_mem,
2086         .sysctl_wmem            = sysctl_tcp_wmem,
2087         .sysctl_rmem            = sysctl_tcp_rmem,
2088         .max_header             = MAX_TCP_HEADER,
2089         .obj_size               = sizeof(struct tcp6_sock),
2090         .slab_flags             = SLAB_DESTROY_BY_RCU,
2091         .twsk_prot              = &tcp6_timewait_sock_ops,
2092         .rsk_prot               = &tcp6_request_sock_ops,
2093         .h.hashinfo             = &tcp_hashinfo,
2094 #ifdef CONFIG_COMPAT
2095         .compat_setsockopt      = compat_tcp_setsockopt,
2096         .compat_getsockopt      = compat_tcp_getsockopt,
2097 #endif
2098 };
2099
2100 static const struct inet6_protocol tcpv6_protocol = {
2101         .handler        =       tcp_v6_rcv,
2102         .err_handler    =       tcp_v6_err,
2103         .gso_send_check =       tcp_v6_gso_send_check,
2104         .gso_segment    =       tcp_tso_segment,
2105         .gro_receive    =       tcp6_gro_receive,
2106         .gro_complete   =       tcp6_gro_complete,
2107         .flags          =       INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2108 };
2109
2110 static struct inet_protosw tcpv6_protosw = {
2111         .type           =       SOCK_STREAM,
2112         .protocol       =       IPPROTO_TCP,
2113         .prot           =       &tcpv6_prot,
2114         .ops            =       &inet6_stream_ops,
2115         .capability     =       -1,
2116         .no_check       =       0,
2117         .flags          =       INET_PROTOSW_PERMANENT |
2118                                 INET_PROTOSW_ICSK,
2119 };
2120
2121 static int tcpv6_net_init(struct net *net)
2122 {
2123         return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2124                                     SOCK_RAW, IPPROTO_TCP, net);
2125 }
2126
2127 static void tcpv6_net_exit(struct net *net)
2128 {
2129         inet_ctl_sock_destroy(net->ipv6.tcp_sk);
2130         inet_twsk_purge(net, &tcp_hashinfo, &tcp_death_row, AF_INET6);
2131 }
2132
2133 static struct pernet_operations tcpv6_net_ops = {
2134         .init = tcpv6_net_init,
2135         .exit = tcpv6_net_exit,
2136 };
2137
2138 int __init tcpv6_init(void)
2139 {
2140         int ret;
2141
2142         ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2143         if (ret)
2144                 goto out;
2145
2146         /* register inet6 protocol */
2147         ret = inet6_register_protosw(&tcpv6_protosw);
2148         if (ret)
2149                 goto out_tcpv6_protocol;
2150
2151         ret = register_pernet_subsys(&tcpv6_net_ops);
2152         if (ret)
2153                 goto out_tcpv6_protosw;
2154 out:
2155         return ret;
2156
2157 out_tcpv6_protocol:
2158         inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2159 out_tcpv6_protosw:
2160         inet6_unregister_protosw(&tcpv6_protosw);
2161         goto out;
2162 }
2163
2164 void tcpv6_exit(void)
2165 {
2166         unregister_pernet_subsys(&tcpv6_net_ops);
2167         inet6_unregister_protosw(&tcpv6_protosw);
2168         inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2169 }