92f99927d12d668a41b804dda43c20b17ec82b6a
[linux-2.6.git] / net / ipv6 / tcp_ipv6.c
1 /*
2  *      TCP over IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *
8  *      $Id: tcp_ipv6.c,v 1.144 2002/02/01 22:01:04 davem Exp $
9  *
10  *      Based on:
11  *      linux/net/ipv4/tcp.c
12  *      linux/net/ipv4/tcp_input.c
13  *      linux/net/ipv4/tcp_output.c
14  *
15  *      Fixes:
16  *      Hideaki YOSHIFUJI       :       sin6_scope_id support
17  *      YOSHIFUJI Hideaki @USAGI and:   Support IPV6_V6ONLY socket option, which
18  *      Alexey Kuznetsov                allow both IPv4 and IPv6 sockets to bind
19  *                                      a single port at the same time.
20  *      YOSHIFUJI Hideaki @USAGI:       convert /proc/net/tcp6 to seq_file.
21  *
22  *      This program is free software; you can redistribute it and/or
23  *      modify it under the terms of the GNU General Public License
24  *      as published by the Free Software Foundation; either version
25  *      2 of the License, or (at your option) any later version.
26  */
27
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/net.h>
34 #include <linux/jiffies.h>
35 #include <linux/in.h>
36 #include <linux/in6.h>
37 #include <linux/netdevice.h>
38 #include <linux/init.h>
39 #include <linux/jhash.h>
40 #include <linux/ipsec.h>
41 #include <linux/times.h>
42
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
46
47 #include <net/tcp.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
51 #include <net/ipv6.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
58 #include <net/xfrm.h>
59 #include <net/addrconf.h>
60 #include <net/snmp.h>
61 #include <net/dsfield.h>
62 #include <net/timewait_sock.h>
63
64 #include <asm/uaccess.h>
65
66 #include <linux/proc_fs.h>
67 #include <linux/seq_file.h>
68
69 #include <linux/crypto.h>
70 #include <linux/scatterlist.h>
71
72 /* Socket used for sending RSTs and ACKs */
73 static struct socket *tcp6_socket;
74
75 static void     tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
76 static void     tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req);
77 static void     tcp_v6_send_check(struct sock *sk, int len,
78                                   struct sk_buff *skb);
79
80 static int      tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
81
82 static struct inet_connection_sock_af_ops ipv6_mapped;
83 static struct inet_connection_sock_af_ops ipv6_specific;
84 #ifdef CONFIG_TCP_MD5SIG
85 static struct tcp_sock_af_ops tcp_sock_ipv6_specific;
86 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
87 #endif
88
89 static int tcp_v6_get_port(struct sock *sk, unsigned short snum)
90 {
91         return inet_csk_get_port(&tcp_hashinfo, sk, snum,
92                                  inet6_csk_bind_conflict);
93 }
94
95 static void tcp_v6_hash(struct sock *sk)
96 {
97         if (sk->sk_state != TCP_CLOSE) {
98                 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
99                         tcp_prot.hash(sk);
100                         return;
101                 }
102                 local_bh_disable();
103                 __inet6_hash(&tcp_hashinfo, sk);
104                 local_bh_enable();
105         }
106 }
107
108 static __inline__ __sum16 tcp_v6_check(struct tcphdr *th, int len,
109                                    struct in6_addr *saddr,
110                                    struct in6_addr *daddr,
111                                    __wsum base)
112 {
113         return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
114 }
115
116 static __u32 tcp_v6_init_sequence(struct sk_buff *skb)
117 {
118         return secure_tcpv6_sequence_number(skb->nh.ipv6h->daddr.s6_addr32,
119                                             skb->nh.ipv6h->saddr.s6_addr32,
120                                             skb->h.th->dest,
121                                             skb->h.th->source);
122 }
123
124 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
125                           int addr_len)
126 {
127         struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
128         struct inet_sock *inet = inet_sk(sk);
129         struct inet_connection_sock *icsk = inet_csk(sk);
130         struct ipv6_pinfo *np = inet6_sk(sk);
131         struct tcp_sock *tp = tcp_sk(sk);
132         struct in6_addr *saddr = NULL, *final_p = NULL, final;
133         struct flowi fl;
134         struct dst_entry *dst;
135         int addr_type;
136         int err;
137
138         if (addr_len < SIN6_LEN_RFC2133)
139                 return -EINVAL;
140
141         if (usin->sin6_family != AF_INET6)
142                 return(-EAFNOSUPPORT);
143
144         memset(&fl, 0, sizeof(fl));
145
146         if (np->sndflow) {
147                 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
148                 IP6_ECN_flow_init(fl.fl6_flowlabel);
149                 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
150                         struct ip6_flowlabel *flowlabel;
151                         flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
152                         if (flowlabel == NULL)
153                                 return -EINVAL;
154                         ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
155                         fl6_sock_release(flowlabel);
156                 }
157         }
158
159         /*
160          *      connect() to INADDR_ANY means loopback (BSD'ism).
161          */
162
163         if(ipv6_addr_any(&usin->sin6_addr))
164                 usin->sin6_addr.s6_addr[15] = 0x1;
165
166         addr_type = ipv6_addr_type(&usin->sin6_addr);
167
168         if(addr_type & IPV6_ADDR_MULTICAST)
169                 return -ENETUNREACH;
170
171         if (addr_type&IPV6_ADDR_LINKLOCAL) {
172                 if (addr_len >= sizeof(struct sockaddr_in6) &&
173                     usin->sin6_scope_id) {
174                         /* If interface is set while binding, indices
175                          * must coincide.
176                          */
177                         if (sk->sk_bound_dev_if &&
178                             sk->sk_bound_dev_if != usin->sin6_scope_id)
179                                 return -EINVAL;
180
181                         sk->sk_bound_dev_if = usin->sin6_scope_id;
182                 }
183
184                 /* Connect to link-local address requires an interface */
185                 if (!sk->sk_bound_dev_if)
186                         return -EINVAL;
187         }
188
189         if (tp->rx_opt.ts_recent_stamp &&
190             !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
191                 tp->rx_opt.ts_recent = 0;
192                 tp->rx_opt.ts_recent_stamp = 0;
193                 tp->write_seq = 0;
194         }
195
196         ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
197         np->flow_label = fl.fl6_flowlabel;
198
199         /*
200          *      TCP over IPv4
201          */
202
203         if (addr_type == IPV6_ADDR_MAPPED) {
204                 u32 exthdrlen = icsk->icsk_ext_hdr_len;
205                 struct sockaddr_in sin;
206
207                 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
208
209                 if (__ipv6_only_sock(sk))
210                         return -ENETUNREACH;
211
212                 sin.sin_family = AF_INET;
213                 sin.sin_port = usin->sin6_port;
214                 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
215
216                 icsk->icsk_af_ops = &ipv6_mapped;
217                 sk->sk_backlog_rcv = tcp_v4_do_rcv;
218 #ifdef CONFIG_TCP_MD5SIG
219                 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
220 #endif
221
222                 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
223
224                 if (err) {
225                         icsk->icsk_ext_hdr_len = exthdrlen;
226                         icsk->icsk_af_ops = &ipv6_specific;
227                         sk->sk_backlog_rcv = tcp_v6_do_rcv;
228 #ifdef CONFIG_TCP_MD5SIG
229                         tp->af_specific = &tcp_sock_ipv6_specific;
230 #endif
231                         goto failure;
232                 } else {
233                         ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF),
234                                       inet->saddr);
235                         ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF),
236                                       inet->rcv_saddr);
237                 }
238
239                 return err;
240         }
241
242         if (!ipv6_addr_any(&np->rcv_saddr))
243                 saddr = &np->rcv_saddr;
244
245         fl.proto = IPPROTO_TCP;
246         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
247         ipv6_addr_copy(&fl.fl6_src,
248                        (saddr ? saddr : &np->saddr));
249         fl.oif = sk->sk_bound_dev_if;
250         fl.fl_ip_dport = usin->sin6_port;
251         fl.fl_ip_sport = inet->sport;
252
253         if (np->opt && np->opt->srcrt) {
254                 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
255                 ipv6_addr_copy(&final, &fl.fl6_dst);
256                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
257                 final_p = &final;
258         }
259
260         security_sk_classify_flow(sk, &fl);
261
262         err = ip6_dst_lookup(sk, &dst, &fl);
263         if (err)
264                 goto failure;
265         if (final_p)
266                 ipv6_addr_copy(&fl.fl6_dst, final_p);
267
268         if ((err = xfrm_lookup(&dst, &fl, sk, 1)) < 0)
269                 goto failure;
270
271         if (saddr == NULL) {
272                 saddr = &fl.fl6_src;
273                 ipv6_addr_copy(&np->rcv_saddr, saddr);
274         }
275
276         /* set the source address */
277         ipv6_addr_copy(&np->saddr, saddr);
278         inet->rcv_saddr = LOOPBACK4_IPV6;
279
280         sk->sk_gso_type = SKB_GSO_TCPV6;
281         __ip6_dst_store(sk, dst, NULL, NULL);
282
283         icsk->icsk_ext_hdr_len = 0;
284         if (np->opt)
285                 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
286                                           np->opt->opt_nflen);
287
288         tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
289
290         inet->dport = usin->sin6_port;
291
292         tcp_set_state(sk, TCP_SYN_SENT);
293         err = inet6_hash_connect(&tcp_death_row, sk);
294         if (err)
295                 goto late_failure;
296
297         if (!tp->write_seq)
298                 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
299                                                              np->daddr.s6_addr32,
300                                                              inet->sport,
301                                                              inet->dport);
302
303         err = tcp_connect(sk);
304         if (err)
305                 goto late_failure;
306
307         return 0;
308
309 late_failure:
310         tcp_set_state(sk, TCP_CLOSE);
311         __sk_dst_reset(sk);
312 failure:
313         inet->dport = 0;
314         sk->sk_route_caps = 0;
315         return err;
316 }
317
318 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
319                 int type, int code, int offset, __be32 info)
320 {
321         struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
322         const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
323         struct ipv6_pinfo *np;
324         struct sock *sk;
325         int err;
326         struct tcp_sock *tp;
327         __u32 seq;
328
329         sk = inet6_lookup(&tcp_hashinfo, &hdr->daddr, th->dest, &hdr->saddr,
330                           th->source, skb->dev->ifindex);
331
332         if (sk == NULL) {
333                 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
334                 return;
335         }
336
337         if (sk->sk_state == TCP_TIME_WAIT) {
338                 inet_twsk_put(inet_twsk(sk));
339                 return;
340         }
341
342         bh_lock_sock(sk);
343         if (sock_owned_by_user(sk))
344                 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
345
346         if (sk->sk_state == TCP_CLOSE)
347                 goto out;
348
349         tp = tcp_sk(sk);
350         seq = ntohl(th->seq);
351         if (sk->sk_state != TCP_LISTEN &&
352             !between(seq, tp->snd_una, tp->snd_nxt)) {
353                 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
354                 goto out;
355         }
356
357         np = inet6_sk(sk);
358
359         if (type == ICMPV6_PKT_TOOBIG) {
360                 struct dst_entry *dst = NULL;
361
362                 if (sock_owned_by_user(sk))
363                         goto out;
364                 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
365                         goto out;
366
367                 /* icmp should have updated the destination cache entry */
368                 dst = __sk_dst_check(sk, np->dst_cookie);
369
370                 if (dst == NULL) {
371                         struct inet_sock *inet = inet_sk(sk);
372                         struct flowi fl;
373
374                         /* BUGGG_FUTURE: Again, it is not clear how
375                            to handle rthdr case. Ignore this complexity
376                            for now.
377                          */
378                         memset(&fl, 0, sizeof(fl));
379                         fl.proto = IPPROTO_TCP;
380                         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
381                         ipv6_addr_copy(&fl.fl6_src, &np->saddr);
382                         fl.oif = sk->sk_bound_dev_if;
383                         fl.fl_ip_dport = inet->dport;
384                         fl.fl_ip_sport = inet->sport;
385                         security_skb_classify_flow(skb, &fl);
386
387                         if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
388                                 sk->sk_err_soft = -err;
389                                 goto out;
390                         }
391
392                         if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
393                                 sk->sk_err_soft = -err;
394                                 goto out;
395                         }
396
397                 } else
398                         dst_hold(dst);
399
400                 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
401                         tcp_sync_mss(sk, dst_mtu(dst));
402                         tcp_simple_retransmit(sk);
403                 } /* else let the usual retransmit timer handle it */
404                 dst_release(dst);
405                 goto out;
406         }
407
408         icmpv6_err_convert(type, code, &err);
409
410         /* Might be for an request_sock */
411         switch (sk->sk_state) {
412                 struct request_sock *req, **prev;
413         case TCP_LISTEN:
414                 if (sock_owned_by_user(sk))
415                         goto out;
416
417                 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
418                                            &hdr->saddr, inet6_iif(skb));
419                 if (!req)
420                         goto out;
421
422                 /* ICMPs are not backlogged, hence we cannot get
423                  * an established socket here.
424                  */
425                 BUG_TRAP(req->sk == NULL);
426
427                 if (seq != tcp_rsk(req)->snt_isn) {
428                         NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
429                         goto out;
430                 }
431
432                 inet_csk_reqsk_queue_drop(sk, req, prev);
433                 goto out;
434
435         case TCP_SYN_SENT:
436         case TCP_SYN_RECV:  /* Cannot happen.
437                                It can, it SYNs are crossed. --ANK */
438                 if (!sock_owned_by_user(sk)) {
439                         sk->sk_err = err;
440                         sk->sk_error_report(sk);                /* Wake people up to see the error (see connect in sock.c) */
441
442                         tcp_done(sk);
443                 } else
444                         sk->sk_err_soft = err;
445                 goto out;
446         }
447
448         if (!sock_owned_by_user(sk) && np->recverr) {
449                 sk->sk_err = err;
450                 sk->sk_error_report(sk);
451         } else
452                 sk->sk_err_soft = err;
453
454 out:
455         bh_unlock_sock(sk);
456         sock_put(sk);
457 }
458
459
460 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
461                               struct dst_entry *dst)
462 {
463         struct inet6_request_sock *treq = inet6_rsk(req);
464         struct ipv6_pinfo *np = inet6_sk(sk);
465         struct sk_buff * skb;
466         struct ipv6_txoptions *opt = NULL;
467         struct in6_addr * final_p = NULL, final;
468         struct flowi fl;
469         int err = -1;
470
471         memset(&fl, 0, sizeof(fl));
472         fl.proto = IPPROTO_TCP;
473         ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
474         ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
475         fl.fl6_flowlabel = 0;
476         fl.oif = treq->iif;
477         fl.fl_ip_dport = inet_rsk(req)->rmt_port;
478         fl.fl_ip_sport = inet_sk(sk)->sport;
479         security_req_classify_flow(req, &fl);
480
481         if (dst == NULL) {
482                 opt = np->opt;
483                 if (opt == NULL &&
484                     np->rxopt.bits.osrcrt == 2 &&
485                     treq->pktopts) {
486                         struct sk_buff *pktopts = treq->pktopts;
487                         struct inet6_skb_parm *rxopt = IP6CB(pktopts);
488                         if (rxopt->srcrt)
489                                 opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr*)(pktopts->nh.raw + rxopt->srcrt));
490                 }
491
492                 if (opt && opt->srcrt) {
493                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
494                         ipv6_addr_copy(&final, &fl.fl6_dst);
495                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
496                         final_p = &final;
497                 }
498
499                 err = ip6_dst_lookup(sk, &dst, &fl);
500                 if (err)
501                         goto done;
502                 if (final_p)
503                         ipv6_addr_copy(&fl.fl6_dst, final_p);
504                 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
505                         goto done;
506         }
507
508         skb = tcp_make_synack(sk, dst, req);
509         if (skb) {
510                 struct tcphdr *th = skb->h.th;
511
512                 th->check = tcp_v6_check(th, skb->len,
513                                          &treq->loc_addr, &treq->rmt_addr,
514                                          csum_partial((char *)th, skb->len, skb->csum));
515
516                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
517                 err = ip6_xmit(sk, skb, &fl, opt, 0);
518                 err = net_xmit_eval(err);
519         }
520
521 done:
522         if (opt && opt != np->opt)
523                 sock_kfree_s(sk, opt, opt->tot_len);
524         dst_release(dst);
525         return err;
526 }
527
528 static void tcp_v6_reqsk_destructor(struct request_sock *req)
529 {
530         if (inet6_rsk(req)->pktopts)
531                 kfree_skb(inet6_rsk(req)->pktopts);
532 }
533
534 #ifdef CONFIG_TCP_MD5SIG
535 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
536                                                    struct in6_addr *addr)
537 {
538         struct tcp_sock *tp = tcp_sk(sk);
539         int i;
540
541         BUG_ON(tp == NULL);
542
543         if (!tp->md5sig_info || !tp->md5sig_info->entries6)
544                 return NULL;
545
546         for (i = 0; i < tp->md5sig_info->entries6; i++) {
547                 if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, addr) == 0)
548                         return (struct tcp_md5sig_key *)&tp->md5sig_info->keys6[i];
549         }
550         return NULL;
551 }
552
553 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
554                                                 struct sock *addr_sk)
555 {
556         return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
557 }
558
559 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
560                                                       struct request_sock *req)
561 {
562         return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
563 }
564
565 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
566                              char *newkey, u8 newkeylen)
567 {
568         /* Add key to the list */
569         struct tcp6_md5sig_key *key;
570         struct tcp_sock *tp = tcp_sk(sk);
571         struct tcp6_md5sig_key *keys;
572
573         key = (struct tcp6_md5sig_key*) tcp_v6_md5_do_lookup(sk, peer);
574         if (key) {
575                 /* modify existing entry - just update that one */
576                 kfree(key->key);
577                 key->key = newkey;
578                 key->keylen = newkeylen;
579         } else {
580                 /* reallocate new list if current one is full. */
581                 if (!tp->md5sig_info) {
582                         tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC);
583                         if (!tp->md5sig_info) {
584                                 kfree(newkey);
585                                 return -ENOMEM;
586                         }
587                 }
588                 tcp_alloc_md5sig_pool();
589                 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) {
590                         keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) *
591                                        (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
592
593                         if (!keys) {
594                                 tcp_free_md5sig_pool();
595                                 kfree(newkey);
596                                 return -ENOMEM;
597                         }
598
599                         if (tp->md5sig_info->entries6)
600                                 memmove(keys, tp->md5sig_info->keys6,
601                                         (sizeof (tp->md5sig_info->keys6[0]) *
602                                          tp->md5sig_info->entries6));
603
604                         kfree(tp->md5sig_info->keys6);
605                         tp->md5sig_info->keys6 = keys;
606                         tp->md5sig_info->alloced6++;
607                 }
608
609                 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
610                                peer);
611                 tp->md5sig_info->keys6[tp->md5sig_info->entries6].key = newkey;
612                 tp->md5sig_info->keys6[tp->md5sig_info->entries6].keylen = newkeylen;
613
614                 tp->md5sig_info->entries6++;
615         }
616         return 0;
617 }
618
619 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk,
620                                u8 *newkey, __u8 newkeylen)
621 {
622         return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr,
623                                  newkey, newkeylen);
624 }
625
626 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
627 {
628         struct tcp_sock *tp = tcp_sk(sk);
629         int i;
630
631         for (i = 0; i < tp->md5sig_info->entries6; i++) {
632                 if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, peer) == 0) {
633                         /* Free the key */
634                         kfree(tp->md5sig_info->keys6[i].key);
635                         tp->md5sig_info->entries6--;
636
637                         if (tp->md5sig_info->entries6 == 0) {
638                                 kfree(tp->md5sig_info->keys6);
639                                 tp->md5sig_info->keys6 = NULL;
640
641                                 tcp_free_md5sig_pool();
642
643                                 return 0;
644                         } else {
645                                 /* shrink the database */
646                                 if (tp->md5sig_info->entries6 != i)
647                                         memmove(&tp->md5sig_info->keys6[i],
648                                                 &tp->md5sig_info->keys6[i+1],
649                                                 (tp->md5sig_info->entries6 - i)
650                                                 * sizeof (tp->md5sig_info->keys6[0]));
651                         }
652                 }
653         }
654         return -ENOENT;
655 }
656
657 static void tcp_v6_clear_md5_list (struct sock *sk)
658 {
659         struct tcp_sock *tp = tcp_sk(sk);
660         int i;
661
662         if (tp->md5sig_info->entries6) {
663                 for (i = 0; i < tp->md5sig_info->entries6; i++)
664                         kfree(tp->md5sig_info->keys6[i].key);
665                 tp->md5sig_info->entries6 = 0;
666                 tcp_free_md5sig_pool();
667         }
668
669         kfree(tp->md5sig_info->keys6);
670         tp->md5sig_info->keys6 = NULL;
671         tp->md5sig_info->alloced6 = 0;
672
673         if (tp->md5sig_info->entries4) {
674                 for (i = 0; i < tp->md5sig_info->entries4; i++)
675                         kfree(tp->md5sig_info->keys4[i].key);
676                 tp->md5sig_info->entries4 = 0;
677                 tcp_free_md5sig_pool();
678         }
679
680         kfree(tp->md5sig_info->keys4);
681         tp->md5sig_info->keys4 = NULL;
682         tp->md5sig_info->alloced4 = 0;
683 }
684
685 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
686                                   int optlen)
687 {
688         struct tcp_md5sig cmd;
689         struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
690         u8 *newkey;
691
692         if (optlen < sizeof(cmd))
693                 return -EINVAL;
694
695         if (copy_from_user(&cmd, optval, sizeof(cmd)))
696                 return -EFAULT;
697
698         if (sin6->sin6_family != AF_INET6)
699                 return -EINVAL;
700
701         if (!cmd.tcpm_keylen) {
702                 if (!tcp_sk(sk)->md5sig_info)
703                         return -ENOENT;
704                 if (ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_MAPPED)
705                         return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
706                 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr);
707         }
708
709         if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
710                 return -EINVAL;
711
712         if (!tcp_sk(sk)->md5sig_info) {
713                 struct tcp_sock *tp = tcp_sk(sk);
714                 struct tcp_md5sig_info *p;
715
716                 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL);
717                 if (!p)
718                         return -ENOMEM;
719
720                 tp->md5sig_info = p;
721         }
722
723         newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
724         if (!newkey)
725                 return -ENOMEM;
726         if (ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_MAPPED) {
727                 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3],
728                                          newkey, cmd.tcpm_keylen);
729         }
730         return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
731 }
732
733 static int tcp_v6_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
734                                    struct in6_addr *saddr,
735                                    struct in6_addr *daddr,
736                                    struct tcphdr *th, int protocol,
737                                    int tcplen)
738 {
739         struct scatterlist sg[4];
740         __u16 data_len;
741         int block = 0;
742         __sum16 cksum;
743         struct tcp_md5sig_pool *hp;
744         struct tcp6_pseudohdr *bp;
745         struct hash_desc *desc;
746         int err;
747         unsigned int nbytes = 0;
748
749         hp = tcp_get_md5sig_pool();
750         if (!hp) {
751                 printk(KERN_WARNING "%s(): hash pool not found...\n", __FUNCTION__);
752                 goto clear_hash_noput;
753         }
754         bp = &hp->md5_blk.ip6;
755         desc = &hp->md5_desc;
756
757         /* 1. TCP pseudo-header (RFC2460) */
758         ipv6_addr_copy(&bp->saddr, saddr);
759         ipv6_addr_copy(&bp->daddr, daddr);
760         bp->len = htonl(tcplen);
761         bp->protocol = htonl(protocol);
762
763         sg_set_buf(&sg[block++], bp, sizeof(*bp));
764         nbytes += sizeof(*bp);
765
766         /* 2. TCP header, excluding options */
767         cksum = th->check;
768         th->check = 0;
769         sg_set_buf(&sg[block++], th, sizeof(*th));
770         nbytes += sizeof(*th);
771
772         /* 3. TCP segment data (if any) */
773         data_len = tcplen - (th->doff << 2);
774         if (data_len > 0) {
775                 u8 *data = (u8 *)th + (th->doff << 2);
776                 sg_set_buf(&sg[block++], data, data_len);
777                 nbytes += data_len;
778         }
779
780         /* 4. shared key */
781         sg_set_buf(&sg[block++], key->key, key->keylen);
782         nbytes += key->keylen;
783
784         /* Now store the hash into the packet */
785         err = crypto_hash_init(desc);
786         if (err) {
787                 printk(KERN_WARNING "%s(): hash_init failed\n", __FUNCTION__);
788                 goto clear_hash;
789         }
790         err = crypto_hash_update(desc, sg, nbytes);
791         if (err) {
792                 printk(KERN_WARNING "%s(): hash_update failed\n", __FUNCTION__);
793                 goto clear_hash;
794         }
795         err = crypto_hash_final(desc, md5_hash);
796         if (err) {
797                 printk(KERN_WARNING "%s(): hash_final failed\n", __FUNCTION__);
798                 goto clear_hash;
799         }
800
801         /* Reset header, and free up the crypto */
802         tcp_put_md5sig_pool();
803         th->check = cksum;
804 out:
805         return 0;
806 clear_hash:
807         tcp_put_md5sig_pool();
808 clear_hash_noput:
809         memset(md5_hash, 0, 16);
810         goto out;
811 }
812
813 static int tcp_v6_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
814                                 struct sock *sk,
815                                 struct dst_entry *dst,
816                                 struct request_sock *req,
817                                 struct tcphdr *th, int protocol,
818                                 int tcplen)
819 {
820         struct in6_addr *saddr, *daddr;
821
822         if (sk) {
823                 saddr = &inet6_sk(sk)->saddr;
824                 daddr = &inet6_sk(sk)->daddr;
825         } else {
826                 saddr = &inet6_rsk(req)->loc_addr;
827                 daddr = &inet6_rsk(req)->rmt_addr;
828         }
829         return tcp_v6_do_calc_md5_hash(md5_hash, key,
830                                        saddr, daddr,
831                                        th, protocol, tcplen);
832 }
833
834 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
835 {
836         __u8 *hash_location = NULL;
837         struct tcp_md5sig_key *hash_expected;
838         struct ipv6hdr *ip6h = skb->nh.ipv6h;
839         struct tcphdr *th = skb->h.th;
840         int length = (th->doff << 2) - sizeof (*th);
841         int genhash;
842         u8 *ptr;
843         u8 newhash[16];
844
845         hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
846
847         /* If the TCP option is too short, we can short cut */
848         if (length < TCPOLEN_MD5SIG)
849                 return hash_expected ? 1 : 0;
850
851         /* parse options */
852         ptr = (u8*)(th + 1);
853         while (length > 0) {
854                 int opcode = *ptr++;
855                 int opsize;
856
857                 switch(opcode) {
858                 case TCPOPT_EOL:
859                         goto done_opts;
860                 case TCPOPT_NOP:
861                         length--;
862                         continue;
863                 default:
864                         opsize = *ptr++;
865                         if (opsize < 2 || opsize > length)
866                                 goto done_opts;
867                         if (opcode == TCPOPT_MD5SIG) {
868                                 hash_location = ptr;
869                                 goto done_opts;
870                         }
871                 }
872                 ptr += opsize - 2;
873                 length -= opsize;
874         }
875
876 done_opts:
877         /* do we have a hash as expected? */
878         if (!hash_expected) {
879                 if (!hash_location)
880                         return 0;
881                 if (net_ratelimit()) {
882                         printk(KERN_INFO "MD5 Hash NOT expected but found "
883                                "(" NIP6_FMT ", %u)->"
884                                "(" NIP6_FMT ", %u)\n",
885                                NIP6(ip6h->saddr), ntohs(th->source),
886                                NIP6(ip6h->daddr), ntohs(th->dest));
887                 }
888                 return 1;
889         }
890
891         if (!hash_location) {
892                 if (net_ratelimit()) {
893                         printk(KERN_INFO "MD5 Hash expected but NOT found "
894                                "(" NIP6_FMT ", %u)->"
895                                "(" NIP6_FMT ", %u)\n",
896                                NIP6(ip6h->saddr), ntohs(th->source),
897                                NIP6(ip6h->daddr), ntohs(th->dest));
898                 }
899                 return 1;
900         }
901
902         /* check the signature */
903         genhash = tcp_v6_do_calc_md5_hash(newhash,
904                                           hash_expected,
905                                           &ip6h->saddr, &ip6h->daddr,
906                                           th, sk->sk_protocol,
907                                           skb->len);
908         if (genhash || memcmp(hash_location, newhash, 16) != 0) {
909                 if (net_ratelimit()) {
910                         printk(KERN_INFO "MD5 Hash %s for "
911                                "(" NIP6_FMT ", %u)->"
912                                "(" NIP6_FMT ", %u)\n",
913                                genhash ? "failed" : "mismatch",
914                                NIP6(ip6h->saddr), ntohs(th->source),
915                                NIP6(ip6h->daddr), ntohs(th->dest));
916                 }
917                 return 1;
918         }
919         return 0;
920 }
921 #endif
922
923 static struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
924         .family         =       AF_INET6,
925         .obj_size       =       sizeof(struct tcp6_request_sock),
926         .rtx_syn_ack    =       tcp_v6_send_synack,
927         .send_ack       =       tcp_v6_reqsk_send_ack,
928         .destructor     =       tcp_v6_reqsk_destructor,
929         .send_reset     =       tcp_v6_send_reset
930 };
931
932 #ifdef CONFIG_TCP_MD5SIG
933 static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
934         .md5_lookup     =       tcp_v6_reqsk_md5_lookup,
935 };
936 #endif
937
938 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
939         .twsk_obj_size  = sizeof(struct tcp6_timewait_sock),
940         .twsk_unique    = tcp_twsk_unique,
941         .twsk_destructor= tcp_twsk_destructor,
942 };
943
944 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb)
945 {
946         struct ipv6_pinfo *np = inet6_sk(sk);
947         struct tcphdr *th = skb->h.th;
948
949         if (skb->ip_summed == CHECKSUM_PARTIAL) {
950                 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,  0);
951                 skb->csum_offset = offsetof(struct tcphdr, check);
952         } else {
953                 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,
954                                             csum_partial((char *)th, th->doff<<2,
955                                                          skb->csum));
956         }
957 }
958
959 static int tcp_v6_gso_send_check(struct sk_buff *skb)
960 {
961         struct ipv6hdr *ipv6h;
962         struct tcphdr *th;
963
964         if (!pskb_may_pull(skb, sizeof(*th)))
965                 return -EINVAL;
966
967         ipv6h = skb->nh.ipv6h;
968         th = skb->h.th;
969
970         th->check = 0;
971         th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len,
972                                      IPPROTO_TCP, 0);
973         skb->csum_offset = offsetof(struct tcphdr, check);
974         skb->ip_summed = CHECKSUM_PARTIAL;
975         return 0;
976 }
977
978 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
979 {
980         struct tcphdr *th = skb->h.th, *t1;
981         struct sk_buff *buff;
982         struct flowi fl;
983         int tot_len = sizeof(*th);
984 #ifdef CONFIG_TCP_MD5SIG
985         struct tcp_md5sig_key *key;
986 #endif
987
988         if (th->rst)
989                 return;
990
991         if (!ipv6_unicast_destination(skb))
992                 return;
993
994 #ifdef CONFIG_TCP_MD5SIG
995         if (sk)
996                 key = tcp_v6_md5_do_lookup(sk, &skb->nh.ipv6h->daddr);
997         else
998                 key = NULL;
999
1000         if (key)
1001                 tot_len += TCPOLEN_MD5SIG_ALIGNED;
1002 #endif
1003
1004         /*
1005          * We need to grab some memory, and put together an RST,
1006          * and then put it into the queue to be sent.
1007          */
1008
1009         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1010                          GFP_ATOMIC);
1011         if (buff == NULL)
1012                 return;
1013
1014         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1015
1016         t1 = (struct tcphdr *) skb_push(buff, tot_len);
1017
1018         /* Swap the send and the receive. */
1019         memset(t1, 0, sizeof(*t1));
1020         t1->dest = th->source;
1021         t1->source = th->dest;
1022         t1->doff = tot_len / 4;
1023         t1->rst = 1;
1024
1025         if(th->ack) {
1026                 t1->seq = th->ack_seq;
1027         } else {
1028                 t1->ack = 1;
1029                 t1->ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin
1030                                     + skb->len - (th->doff<<2));
1031         }
1032
1033 #ifdef CONFIG_TCP_MD5SIG
1034         if (key) {
1035                 __be32 *opt = (__be32*)(t1 + 1);
1036                 opt[0] = htonl((TCPOPT_NOP << 24) |
1037                                (TCPOPT_NOP << 16) |
1038                                (TCPOPT_MD5SIG << 8) |
1039                                TCPOLEN_MD5SIG);
1040                 tcp_v6_do_calc_md5_hash((__u8*)&opt[1],
1041                                         key,
1042                                         &skb->nh.ipv6h->daddr,
1043                                         &skb->nh.ipv6h->saddr,
1044                                         t1, IPPROTO_TCP,
1045                                         tot_len);
1046         }
1047 #endif
1048
1049         buff->csum = csum_partial((char *)t1, sizeof(*t1), 0);
1050
1051         memset(&fl, 0, sizeof(fl));
1052         ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
1053         ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
1054
1055         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1056                                     sizeof(*t1), IPPROTO_TCP,
1057                                     buff->csum);
1058
1059         fl.proto = IPPROTO_TCP;
1060         fl.oif = inet6_iif(skb);
1061         fl.fl_ip_dport = t1->dest;
1062         fl.fl_ip_sport = t1->source;
1063         security_skb_classify_flow(skb, &fl);
1064
1065         /* sk = NULL, but it is safe for now. RST socket required. */
1066         if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
1067
1068                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1069                         ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
1070                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1071                         TCP_INC_STATS_BH(TCP_MIB_OUTRSTS);
1072                         return;
1073                 }
1074         }
1075
1076         kfree_skb(buff);
1077 }
1078
1079 static void tcp_v6_send_ack(struct tcp_timewait_sock *tw,
1080                             struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts)
1081 {
1082         struct tcphdr *th = skb->h.th, *t1;
1083         struct sk_buff *buff;
1084         struct flowi fl;
1085         int tot_len = sizeof(struct tcphdr);
1086         __be32 *topt;
1087 #ifdef CONFIG_TCP_MD5SIG
1088         struct tcp_md5sig_key *key;
1089         struct tcp_md5sig_key tw_key;
1090 #endif
1091
1092 #ifdef CONFIG_TCP_MD5SIG
1093         if (!tw && skb->sk) {
1094                 key = tcp_v6_md5_do_lookup(skb->sk, &skb->nh.ipv6h->daddr);
1095         } else if (tw && tw->tw_md5_keylen) {
1096                 tw_key.key = tw->tw_md5_key;
1097                 tw_key.keylen = tw->tw_md5_keylen;
1098                 key = &tw_key;
1099         } else {
1100                 key = NULL;
1101         }
1102 #endif
1103
1104         if (ts)
1105                 tot_len += TCPOLEN_TSTAMP_ALIGNED;
1106 #ifdef CONFIG_TCP_MD5SIG
1107         if (key)
1108                 tot_len += TCPOLEN_MD5SIG_ALIGNED;
1109 #endif
1110
1111         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1112                          GFP_ATOMIC);
1113         if (buff == NULL)
1114                 return;
1115
1116         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1117
1118         t1 = (struct tcphdr *) skb_push(buff,tot_len);
1119
1120         /* Swap the send and the receive. */
1121         memset(t1, 0, sizeof(*t1));
1122         t1->dest = th->source;
1123         t1->source = th->dest;
1124         t1->doff = tot_len/4;
1125         t1->seq = htonl(seq);
1126         t1->ack_seq = htonl(ack);
1127         t1->ack = 1;
1128         t1->window = htons(win);
1129
1130         topt = (__be32 *)(t1 + 1);
1131
1132         if (ts) {
1133                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1134                                 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
1135                 *topt++ = htonl(tcp_time_stamp);
1136                 *topt = htonl(ts);
1137         }
1138
1139 #ifdef CONFIG_TCP_MD5SIG
1140         if (key) {
1141                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1142                                 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1143                 tcp_v6_do_calc_md5_hash((__u8 *)topt,
1144                                         key,
1145                                         &skb->nh.ipv6h->daddr,
1146                                         &skb->nh.ipv6h->saddr,
1147                                         t1, IPPROTO_TCP,
1148                                         tot_len);
1149         }
1150 #endif
1151
1152         buff->csum = csum_partial((char *)t1, tot_len, 0);
1153
1154         memset(&fl, 0, sizeof(fl));
1155         ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
1156         ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
1157
1158         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1159                                     tot_len, IPPROTO_TCP,
1160                                     buff->csum);
1161
1162         fl.proto = IPPROTO_TCP;
1163         fl.oif = inet6_iif(skb);
1164         fl.fl_ip_dport = t1->dest;
1165         fl.fl_ip_sport = t1->source;
1166         security_skb_classify_flow(skb, &fl);
1167
1168         if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
1169                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1170                         ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
1171                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1172                         return;
1173                 }
1174         }
1175
1176         kfree_skb(buff);
1177 }
1178
1179 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1180 {
1181         struct inet_timewait_sock *tw = inet_twsk(sk);
1182         struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1183
1184         tcp_v6_send_ack(tcptw, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1185                         tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1186                         tcptw->tw_ts_recent);
1187
1188         inet_twsk_put(tw);
1189 }
1190
1191 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req)
1192 {
1193         tcp_v6_send_ack(NULL, skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent);
1194 }
1195
1196
1197 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1198 {
1199         struct request_sock *req, **prev;
1200         const struct tcphdr *th = skb->h.th;
1201         struct sock *nsk;
1202
1203         /* Find possible connection requests. */
1204         req = inet6_csk_search_req(sk, &prev, th->source,
1205                                    &skb->nh.ipv6h->saddr,
1206                                    &skb->nh.ipv6h->daddr, inet6_iif(skb));
1207         if (req)
1208                 return tcp_check_req(sk, skb, req, prev);
1209
1210         nsk = __inet6_lookup_established(&tcp_hashinfo, &skb->nh.ipv6h->saddr,
1211                                          th->source, &skb->nh.ipv6h->daddr,
1212                                          ntohs(th->dest), inet6_iif(skb));
1213
1214         if (nsk) {
1215                 if (nsk->sk_state != TCP_TIME_WAIT) {
1216                         bh_lock_sock(nsk);
1217                         return nsk;
1218                 }
1219                 inet_twsk_put(inet_twsk(nsk));
1220                 return NULL;
1221         }
1222
1223 #if 0 /*def CONFIG_SYN_COOKIES*/
1224         if (!th->rst && !th->syn && th->ack)
1225                 sk = cookie_v6_check(sk, skb, &(IPCB(skb)->opt));
1226 #endif
1227         return sk;
1228 }
1229
1230 /* FIXME: this is substantially similar to the ipv4 code.
1231  * Can some kind of merge be done? -- erics
1232  */
1233 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1234 {
1235         struct inet6_request_sock *treq;
1236         struct ipv6_pinfo *np = inet6_sk(sk);
1237         struct tcp_options_received tmp_opt;
1238         struct tcp_sock *tp = tcp_sk(sk);
1239         struct request_sock *req = NULL;
1240         __u32 isn = TCP_SKB_CB(skb)->when;
1241
1242         if (skb->protocol == htons(ETH_P_IP))
1243                 return tcp_v4_conn_request(sk, skb);
1244
1245         if (!ipv6_unicast_destination(skb))
1246                 goto drop;
1247
1248         /*
1249          *      There are no SYN attacks on IPv6, yet...
1250          */
1251         if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1252                 if (net_ratelimit())
1253                         printk(KERN_INFO "TCPv6: dropping request, synflood is possible\n");
1254                 goto drop;
1255         }
1256
1257         if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1258                 goto drop;
1259
1260         req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
1261         if (req == NULL)
1262                 goto drop;
1263
1264 #ifdef CONFIG_TCP_MD5SIG
1265         tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
1266 #endif
1267
1268         tcp_clear_options(&tmp_opt);
1269         tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1270         tmp_opt.user_mss = tp->rx_opt.user_mss;
1271
1272         tcp_parse_options(skb, &tmp_opt, 0);
1273
1274         tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1275         tcp_openreq_init(req, &tmp_opt, skb);
1276
1277         treq = inet6_rsk(req);
1278         ipv6_addr_copy(&treq->rmt_addr, &skb->nh.ipv6h->saddr);
1279         ipv6_addr_copy(&treq->loc_addr, &skb->nh.ipv6h->daddr);
1280         TCP_ECN_create_request(req, skb->h.th);
1281         treq->pktopts = NULL;
1282         if (ipv6_opt_accepted(sk, skb) ||
1283             np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1284             np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1285                 atomic_inc(&skb->users);
1286                 treq->pktopts = skb;
1287         }
1288         treq->iif = sk->sk_bound_dev_if;
1289
1290         /* So that link locals have meaning */
1291         if (!sk->sk_bound_dev_if &&
1292             ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1293                 treq->iif = inet6_iif(skb);
1294
1295         if (isn == 0)
1296                 isn = tcp_v6_init_sequence(skb);
1297
1298         tcp_rsk(req)->snt_isn = isn;
1299
1300         security_inet_conn_request(sk, skb, req);
1301
1302         if (tcp_v6_send_synack(sk, req, NULL))
1303                 goto drop;
1304
1305         inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1306         return 0;
1307
1308 drop:
1309         if (req)
1310                 reqsk_free(req);
1311
1312         return 0; /* don't send reset */
1313 }
1314
1315 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1316                                           struct request_sock *req,
1317                                           struct dst_entry *dst)
1318 {
1319         struct inet6_request_sock *treq = inet6_rsk(req);
1320         struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1321         struct tcp6_sock *newtcp6sk;
1322         struct inet_sock *newinet;
1323         struct tcp_sock *newtp;
1324         struct sock *newsk;
1325         struct ipv6_txoptions *opt;
1326 #ifdef CONFIG_TCP_MD5SIG
1327         struct tcp_md5sig_key *key;
1328 #endif
1329
1330         if (skb->protocol == htons(ETH_P_IP)) {
1331                 /*
1332                  *      v6 mapped
1333                  */
1334
1335                 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1336
1337                 if (newsk == NULL)
1338                         return NULL;
1339
1340                 newtcp6sk = (struct tcp6_sock *)newsk;
1341                 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1342
1343                 newinet = inet_sk(newsk);
1344                 newnp = inet6_sk(newsk);
1345                 newtp = tcp_sk(newsk);
1346
1347                 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1348
1349                 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF),
1350                               newinet->daddr);
1351
1352                 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF),
1353                               newinet->saddr);
1354
1355                 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1356
1357                 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1358                 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1359 #ifdef CONFIG_TCP_MD5SIG
1360                 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1361 #endif
1362
1363                 newnp->pktoptions  = NULL;
1364                 newnp->opt         = NULL;
1365                 newnp->mcast_oif   = inet6_iif(skb);
1366                 newnp->mcast_hops  = skb->nh.ipv6h->hop_limit;
1367
1368                 /*
1369                  * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1370                  * here, tcp_create_openreq_child now does this for us, see the comment in
1371                  * that function for the gory details. -acme
1372                  */
1373
1374                 /* It is tricky place. Until this moment IPv4 tcp
1375                    worked with IPv6 icsk.icsk_af_ops.
1376                    Sync it now.
1377                  */
1378                 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1379
1380                 return newsk;
1381         }
1382
1383         opt = np->opt;
1384
1385         if (sk_acceptq_is_full(sk))
1386                 goto out_overflow;
1387
1388         if (np->rxopt.bits.osrcrt == 2 &&
1389             opt == NULL && treq->pktopts) {
1390                 struct inet6_skb_parm *rxopt = IP6CB(treq->pktopts);
1391                 if (rxopt->srcrt)
1392                         opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr *)(treq->pktopts->nh.raw + rxopt->srcrt));
1393         }
1394
1395         if (dst == NULL) {
1396                 struct in6_addr *final_p = NULL, final;
1397                 struct flowi fl;
1398
1399                 memset(&fl, 0, sizeof(fl));
1400                 fl.proto = IPPROTO_TCP;
1401                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
1402                 if (opt && opt->srcrt) {
1403                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
1404                         ipv6_addr_copy(&final, &fl.fl6_dst);
1405                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1406                         final_p = &final;
1407                 }
1408                 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
1409                 fl.oif = sk->sk_bound_dev_if;
1410                 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
1411                 fl.fl_ip_sport = inet_sk(sk)->sport;
1412                 security_req_classify_flow(req, &fl);
1413
1414                 if (ip6_dst_lookup(sk, &dst, &fl))
1415                         goto out;
1416
1417                 if (final_p)
1418                         ipv6_addr_copy(&fl.fl6_dst, final_p);
1419
1420                 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
1421                         goto out;
1422         }
1423
1424         newsk = tcp_create_openreq_child(sk, req, skb);
1425         if (newsk == NULL)
1426                 goto out;
1427
1428         /*
1429          * No need to charge this sock to the relevant IPv6 refcnt debug socks
1430          * count here, tcp_create_openreq_child now does this for us, see the
1431          * comment in that function for the gory details. -acme
1432          */
1433
1434         newsk->sk_gso_type = SKB_GSO_TCPV6;
1435         __ip6_dst_store(newsk, dst, NULL, NULL);
1436
1437         newtcp6sk = (struct tcp6_sock *)newsk;
1438         inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1439
1440         newtp = tcp_sk(newsk);
1441         newinet = inet_sk(newsk);
1442         newnp = inet6_sk(newsk);
1443
1444         memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1445
1446         ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1447         ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1448         ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1449         newsk->sk_bound_dev_if = treq->iif;
1450
1451         /* Now IPv6 options...
1452
1453            First: no IPv4 options.
1454          */
1455         newinet->opt = NULL;
1456         newnp->ipv6_fl_list = NULL;
1457
1458         /* Clone RX bits */
1459         newnp->rxopt.all = np->rxopt.all;
1460
1461         /* Clone pktoptions received with SYN */
1462         newnp->pktoptions = NULL;
1463         if (treq->pktopts != NULL) {
1464                 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1465                 kfree_skb(treq->pktopts);
1466                 treq->pktopts = NULL;
1467                 if (newnp->pktoptions)
1468                         skb_set_owner_r(newnp->pktoptions, newsk);
1469         }
1470         newnp->opt        = NULL;
1471         newnp->mcast_oif  = inet6_iif(skb);
1472         newnp->mcast_hops = skb->nh.ipv6h->hop_limit;
1473
1474         /* Clone native IPv6 options from listening socket (if any)
1475
1476            Yes, keeping reference count would be much more clever,
1477            but we make one more one thing there: reattach optmem
1478            to newsk.
1479          */
1480         if (opt) {
1481                 newnp->opt = ipv6_dup_options(newsk, opt);
1482                 if (opt != np->opt)
1483                         sock_kfree_s(sk, opt, opt->tot_len);
1484         }
1485
1486         inet_csk(newsk)->icsk_ext_hdr_len = 0;
1487         if (newnp->opt)
1488                 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1489                                                      newnp->opt->opt_flen);
1490
1491         tcp_mtup_init(newsk);
1492         tcp_sync_mss(newsk, dst_mtu(dst));
1493         newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1494         tcp_initialize_rcv_mss(newsk);
1495
1496         newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
1497
1498 #ifdef CONFIG_TCP_MD5SIG
1499         /* Copy over the MD5 key from the original socket */
1500         if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
1501                 /* We're using one, so create a matching key
1502                  * on the newsk structure. If we fail to get
1503                  * memory, then we end up not copying the key
1504                  * across. Shucks.
1505                  */
1506                 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1507                 if (newkey != NULL)
1508                         tcp_v6_md5_do_add(newsk, &inet6_sk(sk)->daddr,
1509                                           newkey, key->keylen);
1510         }
1511 #endif
1512
1513         __inet6_hash(&tcp_hashinfo, newsk);
1514         inet_inherit_port(&tcp_hashinfo, sk, newsk);
1515
1516         return newsk;
1517
1518 out_overflow:
1519         NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
1520 out:
1521         NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
1522         if (opt && opt != np->opt)
1523                 sock_kfree_s(sk, opt, opt->tot_len);
1524         dst_release(dst);
1525         return NULL;
1526 }
1527
1528 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1529 {
1530         if (skb->ip_summed == CHECKSUM_COMPLETE) {
1531                 if (!tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1532                                   &skb->nh.ipv6h->daddr,skb->csum)) {
1533                         skb->ip_summed = CHECKSUM_UNNECESSARY;
1534                         return 0;
1535                 }
1536         }
1537
1538         skb->csum = ~csum_unfold(tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1539                                   &skb->nh.ipv6h->daddr, 0));
1540
1541         if (skb->len <= 76) {
1542                 return __skb_checksum_complete(skb);
1543         }
1544         return 0;
1545 }
1546
1547 /* The socket must have it's spinlock held when we get
1548  * here.
1549  *
1550  * We have a potential double-lock case here, so even when
1551  * doing backlog processing we use the BH locking scheme.
1552  * This is because we cannot sleep with the original spinlock
1553  * held.
1554  */
1555 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1556 {
1557         struct ipv6_pinfo *np = inet6_sk(sk);
1558         struct tcp_sock *tp;
1559         struct sk_buff *opt_skb = NULL;
1560
1561         /* Imagine: socket is IPv6. IPv4 packet arrives,
1562            goes to IPv4 receive handler and backlogged.
1563            From backlog it always goes here. Kerboom...
1564            Fortunately, tcp_rcv_established and rcv_established
1565            handle them correctly, but it is not case with
1566            tcp_v6_hnd_req and tcp_v6_send_reset().   --ANK
1567          */
1568
1569         if (skb->protocol == htons(ETH_P_IP))
1570                 return tcp_v4_do_rcv(sk, skb);
1571
1572 #ifdef CONFIG_TCP_MD5SIG
1573         if (tcp_v6_inbound_md5_hash (sk, skb))
1574                 goto discard;
1575 #endif
1576
1577         if (sk_filter(sk, skb))
1578                 goto discard;
1579
1580         /*
1581          *      socket locking is here for SMP purposes as backlog rcv
1582          *      is currently called with bh processing disabled.
1583          */
1584
1585         /* Do Stevens' IPV6_PKTOPTIONS.
1586
1587            Yes, guys, it is the only place in our code, where we
1588            may make it not affecting IPv4.
1589            The rest of code is protocol independent,
1590            and I do not like idea to uglify IPv4.
1591
1592            Actually, all the idea behind IPV6_PKTOPTIONS
1593            looks not very well thought. For now we latch
1594            options, received in the last packet, enqueued
1595            by tcp. Feel free to propose better solution.
1596                                                --ANK (980728)
1597          */
1598         if (np->rxopt.all)
1599                 opt_skb = skb_clone(skb, GFP_ATOMIC);
1600
1601         if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1602                 TCP_CHECK_TIMER(sk);
1603                 if (tcp_rcv_established(sk, skb, skb->h.th, skb->len))
1604                         goto reset;
1605                 TCP_CHECK_TIMER(sk);
1606                 if (opt_skb)
1607                         goto ipv6_pktoptions;
1608                 return 0;
1609         }
1610
1611         if (skb->len < (skb->h.th->doff<<2) || tcp_checksum_complete(skb))
1612                 goto csum_err;
1613
1614         if (sk->sk_state == TCP_LISTEN) {
1615                 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1616                 if (!nsk)
1617                         goto discard;
1618
1619                 /*
1620                  * Queue it on the new socket if the new socket is active,
1621                  * otherwise we just shortcircuit this and continue with
1622                  * the new socket..
1623                  */
1624                 if(nsk != sk) {
1625                         if (tcp_child_process(sk, nsk, skb))
1626                                 goto reset;
1627                         if (opt_skb)
1628                                 __kfree_skb(opt_skb);
1629                         return 0;
1630                 }
1631         }
1632
1633         TCP_CHECK_TIMER(sk);
1634         if (tcp_rcv_state_process(sk, skb, skb->h.th, skb->len))
1635                 goto reset;
1636         TCP_CHECK_TIMER(sk);
1637         if (opt_skb)
1638                 goto ipv6_pktoptions;
1639         return 0;
1640
1641 reset:
1642         tcp_v6_send_reset(sk, skb);
1643 discard:
1644         if (opt_skb)
1645                 __kfree_skb(opt_skb);
1646         kfree_skb(skb);
1647         return 0;
1648 csum_err:
1649         TCP_INC_STATS_BH(TCP_MIB_INERRS);
1650         goto discard;
1651
1652
1653 ipv6_pktoptions:
1654         /* Do you ask, what is it?
1655
1656            1. skb was enqueued by tcp.
1657            2. skb is added to tail of read queue, rather than out of order.
1658            3. socket is not in passive state.
1659            4. Finally, it really contains options, which user wants to receive.
1660          */
1661         tp = tcp_sk(sk);
1662         if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1663             !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1664                 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1665                         np->mcast_oif = inet6_iif(opt_skb);
1666                 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1667                         np->mcast_hops = opt_skb->nh.ipv6h->hop_limit;
1668                 if (ipv6_opt_accepted(sk, opt_skb)) {
1669                         skb_set_owner_r(opt_skb, sk);
1670                         opt_skb = xchg(&np->pktoptions, opt_skb);
1671                 } else {
1672                         __kfree_skb(opt_skb);
1673                         opt_skb = xchg(&np->pktoptions, NULL);
1674                 }
1675         }
1676
1677         if (opt_skb)
1678                 kfree_skb(opt_skb);
1679         return 0;
1680 }
1681
1682 static int tcp_v6_rcv(struct sk_buff **pskb)
1683 {
1684         struct sk_buff *skb = *pskb;
1685         struct tcphdr *th;
1686         struct sock *sk;
1687         int ret;
1688
1689         if (skb->pkt_type != PACKET_HOST)
1690                 goto discard_it;
1691
1692         /*
1693          *      Count it even if it's bad.
1694          */
1695         TCP_INC_STATS_BH(TCP_MIB_INSEGS);
1696
1697         if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1698                 goto discard_it;
1699
1700         th = skb->h.th;
1701
1702         if (th->doff < sizeof(struct tcphdr)/4)
1703                 goto bad_packet;
1704         if (!pskb_may_pull(skb, th->doff*4))
1705                 goto discard_it;
1706
1707         if ((skb->ip_summed != CHECKSUM_UNNECESSARY &&
1708              tcp_v6_checksum_init(skb)))
1709                 goto bad_packet;
1710
1711         th = skb->h.th;
1712         TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1713         TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1714                                     skb->len - th->doff*4);
1715         TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1716         TCP_SKB_CB(skb)->when = 0;
1717         TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(skb->nh.ipv6h);
1718         TCP_SKB_CB(skb)->sacked = 0;
1719
1720         sk = __inet6_lookup(&tcp_hashinfo, &skb->nh.ipv6h->saddr, th->source,
1721                             &skb->nh.ipv6h->daddr, ntohs(th->dest),
1722                             inet6_iif(skb));
1723
1724         if (!sk)
1725                 goto no_tcp_socket;
1726
1727 process:
1728         if (sk->sk_state == TCP_TIME_WAIT)
1729                 goto do_time_wait;
1730
1731         if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1732                 goto discard_and_relse;
1733
1734         if (sk_filter(sk, skb))
1735                 goto discard_and_relse;
1736
1737         skb->dev = NULL;
1738
1739         bh_lock_sock_nested(sk);
1740         ret = 0;
1741         if (!sock_owned_by_user(sk)) {
1742 #ifdef CONFIG_NET_DMA
1743                 struct tcp_sock *tp = tcp_sk(sk);
1744                 if (tp->ucopy.dma_chan)
1745                         ret = tcp_v6_do_rcv(sk, skb);
1746                 else
1747 #endif
1748                 {
1749                         if (!tcp_prequeue(sk, skb))
1750                                 ret = tcp_v6_do_rcv(sk, skb);
1751                 }
1752         } else
1753                 sk_add_backlog(sk, skb);
1754         bh_unlock_sock(sk);
1755
1756         sock_put(sk);
1757         return ret ? -1 : 0;
1758
1759 no_tcp_socket:
1760         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1761                 goto discard_it;
1762
1763         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1764 bad_packet:
1765                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1766         } else {
1767                 tcp_v6_send_reset(NULL, skb);
1768         }
1769
1770 discard_it:
1771
1772         /*
1773          *      Discard frame
1774          */
1775
1776         kfree_skb(skb);
1777         return 0;
1778
1779 discard_and_relse:
1780         sock_put(sk);
1781         goto discard_it;
1782
1783 do_time_wait:
1784         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1785                 inet_twsk_put(inet_twsk(sk));
1786                 goto discard_it;
1787         }
1788
1789         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1790                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1791                 inet_twsk_put(inet_twsk(sk));
1792                 goto discard_it;
1793         }
1794
1795         switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1796         case TCP_TW_SYN:
1797         {
1798                 struct sock *sk2;
1799
1800                 sk2 = inet6_lookup_listener(&tcp_hashinfo,
1801                                             &skb->nh.ipv6h->daddr,
1802                                             ntohs(th->dest), inet6_iif(skb));
1803                 if (sk2 != NULL) {
1804                         struct inet_timewait_sock *tw = inet_twsk(sk);
1805                         inet_twsk_deschedule(tw, &tcp_death_row);
1806                         inet_twsk_put(tw);
1807                         sk = sk2;
1808                         goto process;
1809                 }
1810                 /* Fall through to ACK */
1811         }
1812         case TCP_TW_ACK:
1813                 tcp_v6_timewait_ack(sk, skb);
1814                 break;
1815         case TCP_TW_RST:
1816                 goto no_tcp_socket;
1817         case TCP_TW_SUCCESS:;
1818         }
1819         goto discard_it;
1820 }
1821
1822 static int tcp_v6_remember_stamp(struct sock *sk)
1823 {
1824         /* Alas, not yet... */
1825         return 0;
1826 }
1827
1828 static struct inet_connection_sock_af_ops ipv6_specific = {
1829         .queue_xmit        = inet6_csk_xmit,
1830         .send_check        = tcp_v6_send_check,
1831         .rebuild_header    = inet6_sk_rebuild_header,
1832         .conn_request      = tcp_v6_conn_request,
1833         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1834         .remember_stamp    = tcp_v6_remember_stamp,
1835         .net_header_len    = sizeof(struct ipv6hdr),
1836         .setsockopt        = ipv6_setsockopt,
1837         .getsockopt        = ipv6_getsockopt,
1838         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1839         .sockaddr_len      = sizeof(struct sockaddr_in6),
1840 #ifdef CONFIG_COMPAT
1841         .compat_setsockopt = compat_ipv6_setsockopt,
1842         .compat_getsockopt = compat_ipv6_getsockopt,
1843 #endif
1844 };
1845
1846 #ifdef CONFIG_TCP_MD5SIG
1847 static struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1848         .md5_lookup     =       tcp_v6_md5_lookup,
1849         .calc_md5_hash  =       tcp_v6_calc_md5_hash,
1850         .md5_add        =       tcp_v6_md5_add_func,
1851         .md5_parse      =       tcp_v6_parse_md5_keys,
1852 };
1853 #endif
1854
1855 /*
1856  *      TCP over IPv4 via INET6 API
1857  */
1858
1859 static struct inet_connection_sock_af_ops ipv6_mapped = {
1860         .queue_xmit        = ip_queue_xmit,
1861         .send_check        = tcp_v4_send_check,
1862         .rebuild_header    = inet_sk_rebuild_header,
1863         .conn_request      = tcp_v6_conn_request,
1864         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1865         .remember_stamp    = tcp_v4_remember_stamp,
1866         .net_header_len    = sizeof(struct iphdr),
1867         .setsockopt        = ipv6_setsockopt,
1868         .getsockopt        = ipv6_getsockopt,
1869         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1870         .sockaddr_len      = sizeof(struct sockaddr_in6),
1871 #ifdef CONFIG_COMPAT
1872         .compat_setsockopt = compat_ipv6_setsockopt,
1873         .compat_getsockopt = compat_ipv6_getsockopt,
1874 #endif
1875 };
1876
1877 #ifdef CONFIG_TCP_MD5SIG
1878 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1879         .md5_lookup     =       tcp_v4_md5_lookup,
1880         .calc_md5_hash  =       tcp_v4_calc_md5_hash,
1881         .md5_add        =       tcp_v6_md5_add_func,
1882         .md5_parse      =       tcp_v6_parse_md5_keys,
1883 };
1884 #endif
1885
1886 /* NOTE: A lot of things set to zero explicitly by call to
1887  *       sk_alloc() so need not be done here.
1888  */
1889 static int tcp_v6_init_sock(struct sock *sk)
1890 {
1891         struct inet_connection_sock *icsk = inet_csk(sk);
1892         struct tcp_sock *tp = tcp_sk(sk);
1893
1894         skb_queue_head_init(&tp->out_of_order_queue);
1895         tcp_init_xmit_timers(sk);
1896         tcp_prequeue_init(tp);
1897
1898         icsk->icsk_rto = TCP_TIMEOUT_INIT;
1899         tp->mdev = TCP_TIMEOUT_INIT;
1900
1901         /* So many TCP implementations out there (incorrectly) count the
1902          * initial SYN frame in their delayed-ACK and congestion control
1903          * algorithms that we must have the following bandaid to talk
1904          * efficiently to them.  -DaveM
1905          */
1906         tp->snd_cwnd = 2;
1907
1908         /* See draft-stevens-tcpca-spec-01 for discussion of the
1909          * initialization of these values.
1910          */
1911         tp->snd_ssthresh = 0x7fffffff;
1912         tp->snd_cwnd_clamp = ~0;
1913         tp->mss_cache = 536;
1914
1915         tp->reordering = sysctl_tcp_reordering;
1916
1917         sk->sk_state = TCP_CLOSE;
1918
1919         icsk->icsk_af_ops = &ipv6_specific;
1920         icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1921         icsk->icsk_sync_mss = tcp_sync_mss;
1922         sk->sk_write_space = sk_stream_write_space;
1923         sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1924
1925 #ifdef CONFIG_TCP_MD5SIG
1926         tp->af_specific = &tcp_sock_ipv6_specific;
1927 #endif
1928
1929         sk->sk_sndbuf = sysctl_tcp_wmem[1];
1930         sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1931
1932         atomic_inc(&tcp_sockets_allocated);
1933
1934         return 0;
1935 }
1936
1937 static int tcp_v6_destroy_sock(struct sock *sk)
1938 {
1939 #ifdef CONFIG_TCP_MD5SIG
1940         /* Clean up the MD5 key list */
1941         if (tcp_sk(sk)->md5sig_info)
1942                 tcp_v6_clear_md5_list(sk);
1943 #endif
1944         tcp_v4_destroy_sock(sk);
1945         return inet6_destroy_sock(sk);
1946 }
1947
1948 /* Proc filesystem TCPv6 sock list dumping. */
1949 static void get_openreq6(struct seq_file *seq,
1950                          struct sock *sk, struct request_sock *req, int i, int uid)
1951 {
1952         int ttd = req->expires - jiffies;
1953         struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1954         struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1955
1956         if (ttd < 0)
1957                 ttd = 0;
1958
1959         seq_printf(seq,
1960                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1961                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1962                    i,
1963                    src->s6_addr32[0], src->s6_addr32[1],
1964                    src->s6_addr32[2], src->s6_addr32[3],
1965                    ntohs(inet_sk(sk)->sport),
1966                    dest->s6_addr32[0], dest->s6_addr32[1],
1967                    dest->s6_addr32[2], dest->s6_addr32[3],
1968                    ntohs(inet_rsk(req)->rmt_port),
1969                    TCP_SYN_RECV,
1970                    0,0, /* could print option size, but that is af dependent. */
1971                    1,   /* timers active (only the expire timer) */
1972                    jiffies_to_clock_t(ttd),
1973                    req->retrans,
1974                    uid,
1975                    0,  /* non standard timer */
1976                    0, /* open_requests have no inode */
1977                    0, req);
1978 }
1979
1980 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1981 {
1982         struct in6_addr *dest, *src;
1983         __u16 destp, srcp;
1984         int timer_active;
1985         unsigned long timer_expires;
1986         struct inet_sock *inet = inet_sk(sp);
1987         struct tcp_sock *tp = tcp_sk(sp);
1988         const struct inet_connection_sock *icsk = inet_csk(sp);
1989         struct ipv6_pinfo *np = inet6_sk(sp);
1990
1991         dest  = &np->daddr;
1992         src   = &np->rcv_saddr;
1993         destp = ntohs(inet->dport);
1994         srcp  = ntohs(inet->sport);
1995
1996         if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1997                 timer_active    = 1;
1998                 timer_expires   = icsk->icsk_timeout;
1999         } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2000                 timer_active    = 4;
2001                 timer_expires   = icsk->icsk_timeout;
2002         } else if (timer_pending(&sp->sk_timer)) {
2003                 timer_active    = 2;
2004                 timer_expires   = sp->sk_timer.expires;
2005         } else {
2006                 timer_active    = 0;
2007                 timer_expires = jiffies;
2008         }
2009
2010         seq_printf(seq,
2011                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2012                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %u %u %u %u %d\n",
2013                    i,
2014                    src->s6_addr32[0], src->s6_addr32[1],
2015                    src->s6_addr32[2], src->s6_addr32[3], srcp,
2016                    dest->s6_addr32[0], dest->s6_addr32[1],
2017                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
2018                    sp->sk_state,
2019                    tp->write_seq-tp->snd_una,
2020                    (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
2021                    timer_active,
2022                    jiffies_to_clock_t(timer_expires - jiffies),
2023                    icsk->icsk_retransmits,
2024                    sock_i_uid(sp),
2025                    icsk->icsk_probes_out,
2026                    sock_i_ino(sp),
2027                    atomic_read(&sp->sk_refcnt), sp,
2028                    icsk->icsk_rto,
2029                    icsk->icsk_ack.ato,
2030                    (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
2031                    tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
2032                    );
2033 }
2034
2035 static void get_timewait6_sock(struct seq_file *seq,
2036                                struct inet_timewait_sock *tw, int i)
2037 {
2038         struct in6_addr *dest, *src;
2039         __u16 destp, srcp;
2040         struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
2041         int ttd = tw->tw_ttd - jiffies;
2042
2043         if (ttd < 0)
2044                 ttd = 0;
2045
2046         dest = &tw6->tw_v6_daddr;
2047         src  = &tw6->tw_v6_rcv_saddr;
2048         destp = ntohs(tw->tw_dport);
2049         srcp  = ntohs(tw->tw_sport);
2050
2051         seq_printf(seq,
2052                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2053                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
2054                    i,
2055                    src->s6_addr32[0], src->s6_addr32[1],
2056                    src->s6_addr32[2], src->s6_addr32[3], srcp,
2057                    dest->s6_addr32[0], dest->s6_addr32[1],
2058                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
2059                    tw->tw_substate, 0, 0,
2060                    3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2061                    atomic_read(&tw->tw_refcnt), tw);
2062 }
2063
2064 #ifdef CONFIG_PROC_FS
2065 static int tcp6_seq_show(struct seq_file *seq, void *v)
2066 {
2067         struct tcp_iter_state *st;
2068
2069         if (v == SEQ_START_TOKEN) {
2070                 seq_puts(seq,
2071                          "  sl  "
2072                          "local_address                         "
2073                          "remote_address                        "
2074                          "st tx_queue rx_queue tr tm->when retrnsmt"
2075                          "   uid  timeout inode\n");
2076                 goto out;
2077         }
2078         st = seq->private;
2079
2080         switch (st->state) {
2081         case TCP_SEQ_STATE_LISTENING:
2082         case TCP_SEQ_STATE_ESTABLISHED:
2083                 get_tcp6_sock(seq, v, st->num);
2084                 break;
2085         case TCP_SEQ_STATE_OPENREQ:
2086                 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
2087                 break;
2088         case TCP_SEQ_STATE_TIME_WAIT:
2089                 get_timewait6_sock(seq, v, st->num);
2090                 break;
2091         }
2092 out:
2093         return 0;
2094 }
2095
2096 static struct file_operations tcp6_seq_fops;
2097 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2098         .owner          = THIS_MODULE,
2099         .name           = "tcp6",
2100         .family         = AF_INET6,
2101         .seq_show       = tcp6_seq_show,
2102         .seq_fops       = &tcp6_seq_fops,
2103 };
2104
2105 int __init tcp6_proc_init(void)
2106 {
2107         return tcp_proc_register(&tcp6_seq_afinfo);
2108 }
2109
2110 void tcp6_proc_exit(void)
2111 {
2112         tcp_proc_unregister(&tcp6_seq_afinfo);
2113 }
2114 #endif
2115
2116 struct proto tcpv6_prot = {
2117         .name                   = "TCPv6",
2118         .owner                  = THIS_MODULE,
2119         .close                  = tcp_close,
2120         .connect                = tcp_v6_connect,
2121         .disconnect             = tcp_disconnect,
2122         .accept                 = inet_csk_accept,
2123         .ioctl                  = tcp_ioctl,
2124         .init                   = tcp_v6_init_sock,
2125         .destroy                = tcp_v6_destroy_sock,
2126         .shutdown               = tcp_shutdown,
2127         .setsockopt             = tcp_setsockopt,
2128         .getsockopt             = tcp_getsockopt,
2129         .sendmsg                = tcp_sendmsg,
2130         .recvmsg                = tcp_recvmsg,
2131         .backlog_rcv            = tcp_v6_do_rcv,
2132         .hash                   = tcp_v6_hash,
2133         .unhash                 = tcp_unhash,
2134         .get_port               = tcp_v6_get_port,
2135         .enter_memory_pressure  = tcp_enter_memory_pressure,
2136         .sockets_allocated      = &tcp_sockets_allocated,
2137         .memory_allocated       = &tcp_memory_allocated,
2138         .memory_pressure        = &tcp_memory_pressure,
2139         .orphan_count           = &tcp_orphan_count,
2140         .sysctl_mem             = sysctl_tcp_mem,
2141         .sysctl_wmem            = sysctl_tcp_wmem,
2142         .sysctl_rmem            = sysctl_tcp_rmem,
2143         .max_header             = MAX_TCP_HEADER,
2144         .obj_size               = sizeof(struct tcp6_sock),
2145         .twsk_prot              = &tcp6_timewait_sock_ops,
2146         .rsk_prot               = &tcp6_request_sock_ops,
2147 #ifdef CONFIG_COMPAT
2148         .compat_setsockopt      = compat_tcp_setsockopt,
2149         .compat_getsockopt      = compat_tcp_getsockopt,
2150 #endif
2151 };
2152
2153 static struct inet6_protocol tcpv6_protocol = {
2154         .handler        =       tcp_v6_rcv,
2155         .err_handler    =       tcp_v6_err,
2156         .gso_send_check =       tcp_v6_gso_send_check,
2157         .gso_segment    =       tcp_tso_segment,
2158         .flags          =       INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2159 };
2160
2161 static struct inet_protosw tcpv6_protosw = {
2162         .type           =       SOCK_STREAM,
2163         .protocol       =       IPPROTO_TCP,
2164         .prot           =       &tcpv6_prot,
2165         .ops            =       &inet6_stream_ops,
2166         .capability     =       -1,
2167         .no_check       =       0,
2168         .flags          =       INET_PROTOSW_PERMANENT |
2169                                 INET_PROTOSW_ICSK,
2170 };
2171
2172 void __init tcpv6_init(void)
2173 {
2174         /* register inet6 protocol */
2175         if (inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP) < 0)
2176                 printk(KERN_ERR "tcpv6_init: Could not register protocol\n");
2177         inet6_register_protosw(&tcpv6_protosw);
2178
2179         if (inet_csk_ctl_sock_create(&tcp6_socket, PF_INET6, SOCK_RAW,
2180                                      IPPROTO_TCP) < 0)
2181                 panic("Failed to create the TCPv6 control socket.\n");
2182 }