net: convert BUG_TRAP to generic WARN_ON
[linux-2.6.git] / net / ipv6 / tcp_ipv6.c
1 /*
2  *      TCP over IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *
8  *      Based on:
9  *      linux/net/ipv4/tcp.c
10  *      linux/net/ipv4/tcp_input.c
11  *      linux/net/ipv4/tcp_output.c
12  *
13  *      Fixes:
14  *      Hideaki YOSHIFUJI       :       sin6_scope_id support
15  *      YOSHIFUJI Hideaki @USAGI and:   Support IPV6_V6ONLY socket option, which
16  *      Alexey Kuznetsov                allow both IPv4 and IPv6 sockets to bind
17  *                                      a single port at the same time.
18  *      YOSHIFUJI Hideaki @USAGI:       convert /proc/net/tcp6 to seq_file.
19  *
20  *      This program is free software; you can redistribute it and/or
21  *      modify it under the terms of the GNU General Public License
22  *      as published by the Free Software Foundation; either version
23  *      2 of the License, or (at your option) any later version.
24  */
25
26 #include <linux/module.h>
27 #include <linux/errno.h>
28 #include <linux/types.h>
29 #include <linux/socket.h>
30 #include <linux/sockios.h>
31 #include <linux/net.h>
32 #include <linux/jiffies.h>
33 #include <linux/in.h>
34 #include <linux/in6.h>
35 #include <linux/netdevice.h>
36 #include <linux/init.h>
37 #include <linux/jhash.h>
38 #include <linux/ipsec.h>
39 #include <linux/times.h>
40
41 #include <linux/ipv6.h>
42 #include <linux/icmpv6.h>
43 #include <linux/random.h>
44
45 #include <net/tcp.h>
46 #include <net/ndisc.h>
47 #include <net/inet6_hashtables.h>
48 #include <net/inet6_connection_sock.h>
49 #include <net/ipv6.h>
50 #include <net/transp_v6.h>
51 #include <net/addrconf.h>
52 #include <net/ip6_route.h>
53 #include <net/ip6_checksum.h>
54 #include <net/inet_ecn.h>
55 #include <net/protocol.h>
56 #include <net/xfrm.h>
57 #include <net/snmp.h>
58 #include <net/dsfield.h>
59 #include <net/timewait_sock.h>
60 #include <net/netdma.h>
61 #include <net/inet_common.h>
62
63 #include <asm/uaccess.h>
64
65 #include <linux/proc_fs.h>
66 #include <linux/seq_file.h>
67
68 #include <linux/crypto.h>
69 #include <linux/scatterlist.h>
70
71 static void     tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
72 static void     tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req);
73
74 static int      tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
75
76 static struct inet_connection_sock_af_ops ipv6_mapped;
77 static struct inet_connection_sock_af_ops ipv6_specific;
78 #ifdef CONFIG_TCP_MD5SIG
79 static struct tcp_sock_af_ops tcp_sock_ipv6_specific;
80 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
81 #else
82 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
83                                                    struct in6_addr *addr)
84 {
85         return NULL;
86 }
87 #endif
88
89 static void tcp_v6_hash(struct sock *sk)
90 {
91         if (sk->sk_state != TCP_CLOSE) {
92                 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
93                         tcp_prot.hash(sk);
94                         return;
95                 }
96                 local_bh_disable();
97                 __inet6_hash(sk);
98                 local_bh_enable();
99         }
100 }
101
102 static __inline__ __sum16 tcp_v6_check(struct tcphdr *th, int len,
103                                    struct in6_addr *saddr,
104                                    struct in6_addr *daddr,
105                                    __wsum base)
106 {
107         return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
108 }
109
110 static __u32 tcp_v6_init_sequence(struct sk_buff *skb)
111 {
112         return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
113                                             ipv6_hdr(skb)->saddr.s6_addr32,
114                                             tcp_hdr(skb)->dest,
115                                             tcp_hdr(skb)->source);
116 }
117
118 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
119                           int addr_len)
120 {
121         struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
122         struct inet_sock *inet = inet_sk(sk);
123         struct inet_connection_sock *icsk = inet_csk(sk);
124         struct ipv6_pinfo *np = inet6_sk(sk);
125         struct tcp_sock *tp = tcp_sk(sk);
126         struct in6_addr *saddr = NULL, *final_p = NULL, final;
127         struct flowi fl;
128         struct dst_entry *dst;
129         int addr_type;
130         int err;
131
132         if (addr_len < SIN6_LEN_RFC2133)
133                 return -EINVAL;
134
135         if (usin->sin6_family != AF_INET6)
136                 return(-EAFNOSUPPORT);
137
138         memset(&fl, 0, sizeof(fl));
139
140         if (np->sndflow) {
141                 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
142                 IP6_ECN_flow_init(fl.fl6_flowlabel);
143                 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
144                         struct ip6_flowlabel *flowlabel;
145                         flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
146                         if (flowlabel == NULL)
147                                 return -EINVAL;
148                         ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
149                         fl6_sock_release(flowlabel);
150                 }
151         }
152
153         /*
154          *      connect() to INADDR_ANY means loopback (BSD'ism).
155          */
156
157         if(ipv6_addr_any(&usin->sin6_addr))
158                 usin->sin6_addr.s6_addr[15] = 0x1;
159
160         addr_type = ipv6_addr_type(&usin->sin6_addr);
161
162         if(addr_type & IPV6_ADDR_MULTICAST)
163                 return -ENETUNREACH;
164
165         if (addr_type&IPV6_ADDR_LINKLOCAL) {
166                 if (addr_len >= sizeof(struct sockaddr_in6) &&
167                     usin->sin6_scope_id) {
168                         /* If interface is set while binding, indices
169                          * must coincide.
170                          */
171                         if (sk->sk_bound_dev_if &&
172                             sk->sk_bound_dev_if != usin->sin6_scope_id)
173                                 return -EINVAL;
174
175                         sk->sk_bound_dev_if = usin->sin6_scope_id;
176                 }
177
178                 /* Connect to link-local address requires an interface */
179                 if (!sk->sk_bound_dev_if)
180                         return -EINVAL;
181         }
182
183         if (tp->rx_opt.ts_recent_stamp &&
184             !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
185                 tp->rx_opt.ts_recent = 0;
186                 tp->rx_opt.ts_recent_stamp = 0;
187                 tp->write_seq = 0;
188         }
189
190         ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
191         np->flow_label = fl.fl6_flowlabel;
192
193         /*
194          *      TCP over IPv4
195          */
196
197         if (addr_type == IPV6_ADDR_MAPPED) {
198                 u32 exthdrlen = icsk->icsk_ext_hdr_len;
199                 struct sockaddr_in sin;
200
201                 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
202
203                 if (__ipv6_only_sock(sk))
204                         return -ENETUNREACH;
205
206                 sin.sin_family = AF_INET;
207                 sin.sin_port = usin->sin6_port;
208                 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
209
210                 icsk->icsk_af_ops = &ipv6_mapped;
211                 sk->sk_backlog_rcv = tcp_v4_do_rcv;
212 #ifdef CONFIG_TCP_MD5SIG
213                 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
214 #endif
215
216                 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
217
218                 if (err) {
219                         icsk->icsk_ext_hdr_len = exthdrlen;
220                         icsk->icsk_af_ops = &ipv6_specific;
221                         sk->sk_backlog_rcv = tcp_v6_do_rcv;
222 #ifdef CONFIG_TCP_MD5SIG
223                         tp->af_specific = &tcp_sock_ipv6_specific;
224 #endif
225                         goto failure;
226                 } else {
227                         ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF),
228                                       inet->saddr);
229                         ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF),
230                                       inet->rcv_saddr);
231                 }
232
233                 return err;
234         }
235
236         if (!ipv6_addr_any(&np->rcv_saddr))
237                 saddr = &np->rcv_saddr;
238
239         fl.proto = IPPROTO_TCP;
240         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
241         ipv6_addr_copy(&fl.fl6_src,
242                        (saddr ? saddr : &np->saddr));
243         fl.oif = sk->sk_bound_dev_if;
244         fl.fl_ip_dport = usin->sin6_port;
245         fl.fl_ip_sport = inet->sport;
246
247         if (np->opt && np->opt->srcrt) {
248                 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
249                 ipv6_addr_copy(&final, &fl.fl6_dst);
250                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
251                 final_p = &final;
252         }
253
254         security_sk_classify_flow(sk, &fl);
255
256         err = ip6_dst_lookup(sk, &dst, &fl);
257         if (err)
258                 goto failure;
259         if (final_p)
260                 ipv6_addr_copy(&fl.fl6_dst, final_p);
261
262         if ((err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT)) < 0) {
263                 if (err == -EREMOTE)
264                         err = ip6_dst_blackhole(sk, &dst, &fl);
265                 if (err < 0)
266                         goto failure;
267         }
268
269         if (saddr == NULL) {
270                 saddr = &fl.fl6_src;
271                 ipv6_addr_copy(&np->rcv_saddr, saddr);
272         }
273
274         /* set the source address */
275         ipv6_addr_copy(&np->saddr, saddr);
276         inet->rcv_saddr = LOOPBACK4_IPV6;
277
278         sk->sk_gso_type = SKB_GSO_TCPV6;
279         __ip6_dst_store(sk, dst, NULL, NULL);
280
281         icsk->icsk_ext_hdr_len = 0;
282         if (np->opt)
283                 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
284                                           np->opt->opt_nflen);
285
286         tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
287
288         inet->dport = usin->sin6_port;
289
290         tcp_set_state(sk, TCP_SYN_SENT);
291         err = inet6_hash_connect(&tcp_death_row, sk);
292         if (err)
293                 goto late_failure;
294
295         if (!tp->write_seq)
296                 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
297                                                              np->daddr.s6_addr32,
298                                                              inet->sport,
299                                                              inet->dport);
300
301         err = tcp_connect(sk);
302         if (err)
303                 goto late_failure;
304
305         return 0;
306
307 late_failure:
308         tcp_set_state(sk, TCP_CLOSE);
309         __sk_dst_reset(sk);
310 failure:
311         inet->dport = 0;
312         sk->sk_route_caps = 0;
313         return err;
314 }
315
316 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
317                 int type, int code, int offset, __be32 info)
318 {
319         struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
320         const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
321         struct ipv6_pinfo *np;
322         struct sock *sk;
323         int err;
324         struct tcp_sock *tp;
325         __u32 seq;
326         struct net *net = dev_net(skb->dev);
327
328         sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr,
329                         th->dest, &hdr->saddr, th->source, skb->dev->ifindex);
330
331         if (sk == NULL) {
332                 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
333                 return;
334         }
335
336         if (sk->sk_state == TCP_TIME_WAIT) {
337                 inet_twsk_put(inet_twsk(sk));
338                 return;
339         }
340
341         bh_lock_sock(sk);
342         if (sock_owned_by_user(sk))
343                 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
344
345         if (sk->sk_state == TCP_CLOSE)
346                 goto out;
347
348         tp = tcp_sk(sk);
349         seq = ntohl(th->seq);
350         if (sk->sk_state != TCP_LISTEN &&
351             !between(seq, tp->snd_una, tp->snd_nxt)) {
352                 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
353                 goto out;
354         }
355
356         np = inet6_sk(sk);
357
358         if (type == ICMPV6_PKT_TOOBIG) {
359                 struct dst_entry *dst = NULL;
360
361                 if (sock_owned_by_user(sk))
362                         goto out;
363                 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
364                         goto out;
365
366                 /* icmp should have updated the destination cache entry */
367                 dst = __sk_dst_check(sk, np->dst_cookie);
368
369                 if (dst == NULL) {
370                         struct inet_sock *inet = inet_sk(sk);
371                         struct flowi fl;
372
373                         /* BUGGG_FUTURE: Again, it is not clear how
374                            to handle rthdr case. Ignore this complexity
375                            for now.
376                          */
377                         memset(&fl, 0, sizeof(fl));
378                         fl.proto = IPPROTO_TCP;
379                         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
380                         ipv6_addr_copy(&fl.fl6_src, &np->saddr);
381                         fl.oif = sk->sk_bound_dev_if;
382                         fl.fl_ip_dport = inet->dport;
383                         fl.fl_ip_sport = inet->sport;
384                         security_skb_classify_flow(skb, &fl);
385
386                         if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
387                                 sk->sk_err_soft = -err;
388                                 goto out;
389                         }
390
391                         if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
392                                 sk->sk_err_soft = -err;
393                                 goto out;
394                         }
395
396                 } else
397                         dst_hold(dst);
398
399                 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
400                         tcp_sync_mss(sk, dst_mtu(dst));
401                         tcp_simple_retransmit(sk);
402                 } /* else let the usual retransmit timer handle it */
403                 dst_release(dst);
404                 goto out;
405         }
406
407         icmpv6_err_convert(type, code, &err);
408
409         /* Might be for an request_sock */
410         switch (sk->sk_state) {
411                 struct request_sock *req, **prev;
412         case TCP_LISTEN:
413                 if (sock_owned_by_user(sk))
414                         goto out;
415
416                 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
417                                            &hdr->saddr, inet6_iif(skb));
418                 if (!req)
419                         goto out;
420
421                 /* ICMPs are not backlogged, hence we cannot get
422                  * an established socket here.
423                  */
424                 WARN_ON(req->sk != NULL);
425
426                 if (seq != tcp_rsk(req)->snt_isn) {
427                         NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
428                         goto out;
429                 }
430
431                 inet_csk_reqsk_queue_drop(sk, req, prev);
432                 goto out;
433
434         case TCP_SYN_SENT:
435         case TCP_SYN_RECV:  /* Cannot happen.
436                                It can, it SYNs are crossed. --ANK */
437                 if (!sock_owned_by_user(sk)) {
438                         sk->sk_err = err;
439                         sk->sk_error_report(sk);                /* Wake people up to see the error (see connect in sock.c) */
440
441                         tcp_done(sk);
442                 } else
443                         sk->sk_err_soft = err;
444                 goto out;
445         }
446
447         if (!sock_owned_by_user(sk) && np->recverr) {
448                 sk->sk_err = err;
449                 sk->sk_error_report(sk);
450         } else
451                 sk->sk_err_soft = err;
452
453 out:
454         bh_unlock_sock(sk);
455         sock_put(sk);
456 }
457
458
459 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req)
460 {
461         struct inet6_request_sock *treq = inet6_rsk(req);
462         struct ipv6_pinfo *np = inet6_sk(sk);
463         struct sk_buff * skb;
464         struct ipv6_txoptions *opt = NULL;
465         struct in6_addr * final_p = NULL, final;
466         struct flowi fl;
467         struct dst_entry *dst;
468         int err = -1;
469
470         memset(&fl, 0, sizeof(fl));
471         fl.proto = IPPROTO_TCP;
472         ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
473         ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
474         fl.fl6_flowlabel = 0;
475         fl.oif = treq->iif;
476         fl.fl_ip_dport = inet_rsk(req)->rmt_port;
477         fl.fl_ip_sport = inet_sk(sk)->sport;
478         security_req_classify_flow(req, &fl);
479
480         opt = np->opt;
481         if (opt && opt->srcrt) {
482                 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
483                 ipv6_addr_copy(&final, &fl.fl6_dst);
484                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
485                 final_p = &final;
486         }
487
488         err = ip6_dst_lookup(sk, &dst, &fl);
489         if (err)
490                 goto done;
491         if (final_p)
492                 ipv6_addr_copy(&fl.fl6_dst, final_p);
493         if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
494                 goto done;
495
496         skb = tcp_make_synack(sk, dst, req);
497         if (skb) {
498                 struct tcphdr *th = tcp_hdr(skb);
499
500                 th->check = tcp_v6_check(th, skb->len,
501                                          &treq->loc_addr, &treq->rmt_addr,
502                                          csum_partial((char *)th, skb->len, skb->csum));
503
504                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
505                 err = ip6_xmit(sk, skb, &fl, opt, 0);
506                 err = net_xmit_eval(err);
507         }
508
509 done:
510         if (opt && opt != np->opt)
511                 sock_kfree_s(sk, opt, opt->tot_len);
512         dst_release(dst);
513         return err;
514 }
515
516 static inline void syn_flood_warning(struct sk_buff *skb)
517 {
518 #ifdef CONFIG_SYN_COOKIES
519         if (sysctl_tcp_syncookies)
520                 printk(KERN_INFO
521                        "TCPv6: Possible SYN flooding on port %d. "
522                        "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest));
523         else
524 #endif
525                 printk(KERN_INFO
526                        "TCPv6: Possible SYN flooding on port %d. "
527                        "Dropping request.\n", ntohs(tcp_hdr(skb)->dest));
528 }
529
530 static void tcp_v6_reqsk_destructor(struct request_sock *req)
531 {
532         if (inet6_rsk(req)->pktopts)
533                 kfree_skb(inet6_rsk(req)->pktopts);
534 }
535
536 #ifdef CONFIG_TCP_MD5SIG
537 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
538                                                    struct in6_addr *addr)
539 {
540         struct tcp_sock *tp = tcp_sk(sk);
541         int i;
542
543         BUG_ON(tp == NULL);
544
545         if (!tp->md5sig_info || !tp->md5sig_info->entries6)
546                 return NULL;
547
548         for (i = 0; i < tp->md5sig_info->entries6; i++) {
549                 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr))
550                         return &tp->md5sig_info->keys6[i].base;
551         }
552         return NULL;
553 }
554
555 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
556                                                 struct sock *addr_sk)
557 {
558         return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
559 }
560
561 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
562                                                       struct request_sock *req)
563 {
564         return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
565 }
566
567 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
568                              char *newkey, u8 newkeylen)
569 {
570         /* Add key to the list */
571         struct tcp_md5sig_key *key;
572         struct tcp_sock *tp = tcp_sk(sk);
573         struct tcp6_md5sig_key *keys;
574
575         key = tcp_v6_md5_do_lookup(sk, peer);
576         if (key) {
577                 /* modify existing entry - just update that one */
578                 kfree(key->key);
579                 key->key = newkey;
580                 key->keylen = newkeylen;
581         } else {
582                 /* reallocate new list if current one is full. */
583                 if (!tp->md5sig_info) {
584                         tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC);
585                         if (!tp->md5sig_info) {
586                                 kfree(newkey);
587                                 return -ENOMEM;
588                         }
589                         sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
590                 }
591                 if (tcp_alloc_md5sig_pool() == NULL) {
592                         kfree(newkey);
593                         return -ENOMEM;
594                 }
595                 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) {
596                         keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) *
597                                        (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
598
599                         if (!keys) {
600                                 tcp_free_md5sig_pool();
601                                 kfree(newkey);
602                                 return -ENOMEM;
603                         }
604
605                         if (tp->md5sig_info->entries6)
606                                 memmove(keys, tp->md5sig_info->keys6,
607                                         (sizeof (tp->md5sig_info->keys6[0]) *
608                                          tp->md5sig_info->entries6));
609
610                         kfree(tp->md5sig_info->keys6);
611                         tp->md5sig_info->keys6 = keys;
612                         tp->md5sig_info->alloced6++;
613                 }
614
615                 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
616                                peer);
617                 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey;
618                 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen;
619
620                 tp->md5sig_info->entries6++;
621         }
622         return 0;
623 }
624
625 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk,
626                                u8 *newkey, __u8 newkeylen)
627 {
628         return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr,
629                                  newkey, newkeylen);
630 }
631
632 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
633 {
634         struct tcp_sock *tp = tcp_sk(sk);
635         int i;
636
637         for (i = 0; i < tp->md5sig_info->entries6; i++) {
638                 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) {
639                         /* Free the key */
640                         kfree(tp->md5sig_info->keys6[i].base.key);
641                         tp->md5sig_info->entries6--;
642
643                         if (tp->md5sig_info->entries6 == 0) {
644                                 kfree(tp->md5sig_info->keys6);
645                                 tp->md5sig_info->keys6 = NULL;
646                                 tp->md5sig_info->alloced6 = 0;
647                         } else {
648                                 /* shrink the database */
649                                 if (tp->md5sig_info->entries6 != i)
650                                         memmove(&tp->md5sig_info->keys6[i],
651                                                 &tp->md5sig_info->keys6[i+1],
652                                                 (tp->md5sig_info->entries6 - i)
653                                                 * sizeof (tp->md5sig_info->keys6[0]));
654                         }
655                         tcp_free_md5sig_pool();
656                         return 0;
657                 }
658         }
659         return -ENOENT;
660 }
661
662 static void tcp_v6_clear_md5_list (struct sock *sk)
663 {
664         struct tcp_sock *tp = tcp_sk(sk);
665         int i;
666
667         if (tp->md5sig_info->entries6) {
668                 for (i = 0; i < tp->md5sig_info->entries6; i++)
669                         kfree(tp->md5sig_info->keys6[i].base.key);
670                 tp->md5sig_info->entries6 = 0;
671                 tcp_free_md5sig_pool();
672         }
673
674         kfree(tp->md5sig_info->keys6);
675         tp->md5sig_info->keys6 = NULL;
676         tp->md5sig_info->alloced6 = 0;
677
678         if (tp->md5sig_info->entries4) {
679                 for (i = 0; i < tp->md5sig_info->entries4; i++)
680                         kfree(tp->md5sig_info->keys4[i].base.key);
681                 tp->md5sig_info->entries4 = 0;
682                 tcp_free_md5sig_pool();
683         }
684
685         kfree(tp->md5sig_info->keys4);
686         tp->md5sig_info->keys4 = NULL;
687         tp->md5sig_info->alloced4 = 0;
688 }
689
690 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
691                                   int optlen)
692 {
693         struct tcp_md5sig cmd;
694         struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
695         u8 *newkey;
696
697         if (optlen < sizeof(cmd))
698                 return -EINVAL;
699
700         if (copy_from_user(&cmd, optval, sizeof(cmd)))
701                 return -EFAULT;
702
703         if (sin6->sin6_family != AF_INET6)
704                 return -EINVAL;
705
706         if (!cmd.tcpm_keylen) {
707                 if (!tcp_sk(sk)->md5sig_info)
708                         return -ENOENT;
709                 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
710                         return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
711                 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr);
712         }
713
714         if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
715                 return -EINVAL;
716
717         if (!tcp_sk(sk)->md5sig_info) {
718                 struct tcp_sock *tp = tcp_sk(sk);
719                 struct tcp_md5sig_info *p;
720
721                 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL);
722                 if (!p)
723                         return -ENOMEM;
724
725                 tp->md5sig_info = p;
726                 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
727         }
728
729         newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
730         if (!newkey)
731                 return -ENOMEM;
732         if (ipv6_addr_v4mapped(&sin6->sin6_addr)) {
733                 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3],
734                                          newkey, cmd.tcpm_keylen);
735         }
736         return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
737 }
738
739 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
740                                         struct in6_addr *daddr,
741                                         struct in6_addr *saddr, int nbytes)
742 {
743         struct tcp6_pseudohdr *bp;
744         struct scatterlist sg;
745
746         bp = &hp->md5_blk.ip6;
747         /* 1. TCP pseudo-header (RFC2460) */
748         ipv6_addr_copy(&bp->saddr, saddr);
749         ipv6_addr_copy(&bp->daddr, daddr);
750         bp->protocol = cpu_to_be32(IPPROTO_TCP);
751         bp->len = cpu_to_be16(nbytes);
752
753         sg_init_one(&sg, bp, sizeof(*bp));
754         return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
755 }
756
757 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
758                                struct in6_addr *daddr, struct in6_addr *saddr,
759                                struct tcphdr *th)
760 {
761         struct tcp_md5sig_pool *hp;
762         struct hash_desc *desc;
763
764         hp = tcp_get_md5sig_pool();
765         if (!hp)
766                 goto clear_hash_noput;
767         desc = &hp->md5_desc;
768
769         if (crypto_hash_init(desc))
770                 goto clear_hash;
771         if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
772                 goto clear_hash;
773         if (tcp_md5_hash_header(hp, th))
774                 goto clear_hash;
775         if (tcp_md5_hash_key(hp, key))
776                 goto clear_hash;
777         if (crypto_hash_final(desc, md5_hash))
778                 goto clear_hash;
779
780         tcp_put_md5sig_pool();
781         return 0;
782
783 clear_hash:
784         tcp_put_md5sig_pool();
785 clear_hash_noput:
786         memset(md5_hash, 0, 16);
787         return 1;
788 }
789
790 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
791                                struct sock *sk, struct request_sock *req,
792                                struct sk_buff *skb)
793 {
794         struct in6_addr *saddr, *daddr;
795         struct tcp_md5sig_pool *hp;
796         struct hash_desc *desc;
797         struct tcphdr *th = tcp_hdr(skb);
798
799         if (sk) {
800                 saddr = &inet6_sk(sk)->saddr;
801                 daddr = &inet6_sk(sk)->daddr;
802         } else if (req) {
803                 saddr = &inet6_rsk(req)->loc_addr;
804                 daddr = &inet6_rsk(req)->rmt_addr;
805         } else {
806                 struct ipv6hdr *ip6h = ipv6_hdr(skb);
807                 saddr = &ip6h->saddr;
808                 daddr = &ip6h->daddr;
809         }
810
811         hp = tcp_get_md5sig_pool();
812         if (!hp)
813                 goto clear_hash_noput;
814         desc = &hp->md5_desc;
815
816         if (crypto_hash_init(desc))
817                 goto clear_hash;
818
819         if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
820                 goto clear_hash;
821         if (tcp_md5_hash_header(hp, th))
822                 goto clear_hash;
823         if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
824                 goto clear_hash;
825         if (tcp_md5_hash_key(hp, key))
826                 goto clear_hash;
827         if (crypto_hash_final(desc, md5_hash))
828                 goto clear_hash;
829
830         tcp_put_md5sig_pool();
831         return 0;
832
833 clear_hash:
834         tcp_put_md5sig_pool();
835 clear_hash_noput:
836         memset(md5_hash, 0, 16);
837         return 1;
838 }
839
840 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
841 {
842         __u8 *hash_location = NULL;
843         struct tcp_md5sig_key *hash_expected;
844         struct ipv6hdr *ip6h = ipv6_hdr(skb);
845         struct tcphdr *th = tcp_hdr(skb);
846         int genhash;
847         u8 newhash[16];
848
849         hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
850         hash_location = tcp_parse_md5sig_option(th);
851
852         /* do we have a hash as expected? */
853         if (!hash_expected) {
854                 if (!hash_location)
855                         return 0;
856                 if (net_ratelimit()) {
857                         printk(KERN_INFO "MD5 Hash NOT expected but found "
858                                "(" NIP6_FMT ", %u)->"
859                                "(" NIP6_FMT ", %u)\n",
860                                NIP6(ip6h->saddr), ntohs(th->source),
861                                NIP6(ip6h->daddr), ntohs(th->dest));
862                 }
863                 return 1;
864         }
865
866         if (!hash_location) {
867                 if (net_ratelimit()) {
868                         printk(KERN_INFO "MD5 Hash expected but NOT found "
869                                "(" NIP6_FMT ", %u)->"
870                                "(" NIP6_FMT ", %u)\n",
871                                NIP6(ip6h->saddr), ntohs(th->source),
872                                NIP6(ip6h->daddr), ntohs(th->dest));
873                 }
874                 return 1;
875         }
876
877         /* check the signature */
878         genhash = tcp_v6_md5_hash_skb(newhash,
879                                       hash_expected,
880                                       NULL, NULL, skb);
881
882         if (genhash || memcmp(hash_location, newhash, 16) != 0) {
883                 if (net_ratelimit()) {
884                         printk(KERN_INFO "MD5 Hash %s for "
885                                "(" NIP6_FMT ", %u)->"
886                                "(" NIP6_FMT ", %u)\n",
887                                genhash ? "failed" : "mismatch",
888                                NIP6(ip6h->saddr), ntohs(th->source),
889                                NIP6(ip6h->daddr), ntohs(th->dest));
890                 }
891                 return 1;
892         }
893         return 0;
894 }
895 #endif
896
897 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
898         .family         =       AF_INET6,
899         .obj_size       =       sizeof(struct tcp6_request_sock),
900         .rtx_syn_ack    =       tcp_v6_send_synack,
901         .send_ack       =       tcp_v6_reqsk_send_ack,
902         .destructor     =       tcp_v6_reqsk_destructor,
903         .send_reset     =       tcp_v6_send_reset
904 };
905
906 #ifdef CONFIG_TCP_MD5SIG
907 static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
908         .md5_lookup     =       tcp_v6_reqsk_md5_lookup,
909 };
910 #endif
911
912 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
913         .twsk_obj_size  = sizeof(struct tcp6_timewait_sock),
914         .twsk_unique    = tcp_twsk_unique,
915         .twsk_destructor= tcp_twsk_destructor,
916 };
917
918 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb)
919 {
920         struct ipv6_pinfo *np = inet6_sk(sk);
921         struct tcphdr *th = tcp_hdr(skb);
922
923         if (skb->ip_summed == CHECKSUM_PARTIAL) {
924                 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,  0);
925                 skb->csum_start = skb_transport_header(skb) - skb->head;
926                 skb->csum_offset = offsetof(struct tcphdr, check);
927         } else {
928                 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,
929                                             csum_partial((char *)th, th->doff<<2,
930                                                          skb->csum));
931         }
932 }
933
934 static int tcp_v6_gso_send_check(struct sk_buff *skb)
935 {
936         struct ipv6hdr *ipv6h;
937         struct tcphdr *th;
938
939         if (!pskb_may_pull(skb, sizeof(*th)))
940                 return -EINVAL;
941
942         ipv6h = ipv6_hdr(skb);
943         th = tcp_hdr(skb);
944
945         th->check = 0;
946         th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len,
947                                      IPPROTO_TCP, 0);
948         skb->csum_start = skb_transport_header(skb) - skb->head;
949         skb->csum_offset = offsetof(struct tcphdr, check);
950         skb->ip_summed = CHECKSUM_PARTIAL;
951         return 0;
952 }
953
954 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
955 {
956         struct tcphdr *th = tcp_hdr(skb), *t1;
957         struct sk_buff *buff;
958         struct flowi fl;
959         struct net *net = dev_net(skb->dst->dev);
960         struct sock *ctl_sk = net->ipv6.tcp_sk;
961         unsigned int tot_len = sizeof(*th);
962 #ifdef CONFIG_TCP_MD5SIG
963         struct tcp_md5sig_key *key;
964 #endif
965
966         if (th->rst)
967                 return;
968
969         if (!ipv6_unicast_destination(skb))
970                 return;
971
972 #ifdef CONFIG_TCP_MD5SIG
973         if (sk)
974                 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr);
975         else
976                 key = NULL;
977
978         if (key)
979                 tot_len += TCPOLEN_MD5SIG_ALIGNED;
980 #endif
981
982         /*
983          * We need to grab some memory, and put together an RST,
984          * and then put it into the queue to be sent.
985          */
986
987         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
988                          GFP_ATOMIC);
989         if (buff == NULL)
990                 return;
991
992         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
993
994         t1 = (struct tcphdr *) skb_push(buff, tot_len);
995
996         /* Swap the send and the receive. */
997         memset(t1, 0, sizeof(*t1));
998         t1->dest = th->source;
999         t1->source = th->dest;
1000         t1->doff = tot_len / 4;
1001         t1->rst = 1;
1002
1003         if(th->ack) {
1004                 t1->seq = th->ack_seq;
1005         } else {
1006                 t1->ack = 1;
1007                 t1->ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin
1008                                     + skb->len - (th->doff<<2));
1009         }
1010
1011 #ifdef CONFIG_TCP_MD5SIG
1012         if (key) {
1013                 __be32 *opt = (__be32*)(t1 + 1);
1014                 opt[0] = htonl((TCPOPT_NOP << 24) |
1015                                (TCPOPT_NOP << 16) |
1016                                (TCPOPT_MD5SIG << 8) |
1017                                TCPOLEN_MD5SIG);
1018                 tcp_v6_md5_hash_hdr((__u8 *)&opt[1], key,
1019                                     &ipv6_hdr(skb)->daddr,
1020                                     &ipv6_hdr(skb)->saddr, t1);
1021         }
1022 #endif
1023
1024         buff->csum = csum_partial((char *)t1, sizeof(*t1), 0);
1025
1026         memset(&fl, 0, sizeof(fl));
1027         ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1028         ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr);
1029
1030         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1031                                     sizeof(*t1), IPPROTO_TCP,
1032                                     buff->csum);
1033
1034         fl.proto = IPPROTO_TCP;
1035         fl.oif = inet6_iif(skb);
1036         fl.fl_ip_dport = t1->dest;
1037         fl.fl_ip_sport = t1->source;
1038         security_skb_classify_flow(skb, &fl);
1039
1040         /* Pass a socket to ip6_dst_lookup either it is for RST
1041          * Underlying function will use this to retrieve the network
1042          * namespace
1043          */
1044         if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) {
1045
1046                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1047                         ip6_xmit(ctl_sk, buff, &fl, NULL, 0);
1048                         TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
1049                         TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
1050                         return;
1051                 }
1052         }
1053
1054         kfree_skb(buff);
1055 }
1056
1057 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts,
1058                             struct tcp_md5sig_key *key)
1059 {
1060         struct tcphdr *th = tcp_hdr(skb), *t1;
1061         struct sk_buff *buff;
1062         struct flowi fl;
1063         struct net *net = dev_net(skb->dev);
1064         struct sock *ctl_sk = net->ipv6.tcp_sk;
1065         unsigned int tot_len = sizeof(struct tcphdr);
1066         __be32 *topt;
1067
1068         if (ts)
1069                 tot_len += TCPOLEN_TSTAMP_ALIGNED;
1070 #ifdef CONFIG_TCP_MD5SIG
1071         if (key)
1072                 tot_len += TCPOLEN_MD5SIG_ALIGNED;
1073 #endif
1074
1075         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1076                          GFP_ATOMIC);
1077         if (buff == NULL)
1078                 return;
1079
1080         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1081
1082         t1 = (struct tcphdr *) skb_push(buff,tot_len);
1083
1084         /* Swap the send and the receive. */
1085         memset(t1, 0, sizeof(*t1));
1086         t1->dest = th->source;
1087         t1->source = th->dest;
1088         t1->doff = tot_len/4;
1089         t1->seq = htonl(seq);
1090         t1->ack_seq = htonl(ack);
1091         t1->ack = 1;
1092         t1->window = htons(win);
1093
1094         topt = (__be32 *)(t1 + 1);
1095
1096         if (ts) {
1097                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1098                                 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
1099                 *topt++ = htonl(tcp_time_stamp);
1100                 *topt = htonl(ts);
1101         }
1102
1103 #ifdef CONFIG_TCP_MD5SIG
1104         if (key) {
1105                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1106                                 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1107                 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
1108                                     &ipv6_hdr(skb)->daddr,
1109                                     &ipv6_hdr(skb)->saddr, t1);
1110         }
1111 #endif
1112
1113         buff->csum = csum_partial((char *)t1, tot_len, 0);
1114
1115         memset(&fl, 0, sizeof(fl));
1116         ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1117         ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr);
1118
1119         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1120                                     tot_len, IPPROTO_TCP,
1121                                     buff->csum);
1122
1123         fl.proto = IPPROTO_TCP;
1124         fl.oif = inet6_iif(skb);
1125         fl.fl_ip_dport = t1->dest;
1126         fl.fl_ip_sport = t1->source;
1127         security_skb_classify_flow(skb, &fl);
1128
1129         if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) {
1130                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1131                         ip6_xmit(ctl_sk, buff, &fl, NULL, 0);
1132                         TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
1133                         return;
1134                 }
1135         }
1136
1137         kfree_skb(buff);
1138 }
1139
1140 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1141 {
1142         struct inet_timewait_sock *tw = inet_twsk(sk);
1143         struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1144
1145         tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1146                         tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1147                         tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw));
1148
1149         inet_twsk_put(tw);
1150 }
1151
1152 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req)
1153 {
1154         tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent,
1155                         tcp_v6_md5_do_lookup(skb->sk, &ipv6_hdr(skb)->daddr));
1156 }
1157
1158
1159 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1160 {
1161         struct request_sock *req, **prev;
1162         const struct tcphdr *th = tcp_hdr(skb);
1163         struct sock *nsk;
1164
1165         /* Find possible connection requests. */
1166         req = inet6_csk_search_req(sk, &prev, th->source,
1167                                    &ipv6_hdr(skb)->saddr,
1168                                    &ipv6_hdr(skb)->daddr, inet6_iif(skb));
1169         if (req)
1170                 return tcp_check_req(sk, skb, req, prev);
1171
1172         nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
1173                         &ipv6_hdr(skb)->saddr, th->source,
1174                         &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb));
1175
1176         if (nsk) {
1177                 if (nsk->sk_state != TCP_TIME_WAIT) {
1178                         bh_lock_sock(nsk);
1179                         return nsk;
1180                 }
1181                 inet_twsk_put(inet_twsk(nsk));
1182                 return NULL;
1183         }
1184
1185 #ifdef CONFIG_SYN_COOKIES
1186         if (!th->rst && !th->syn && th->ack)
1187                 sk = cookie_v6_check(sk, skb);
1188 #endif
1189         return sk;
1190 }
1191
1192 /* FIXME: this is substantially similar to the ipv4 code.
1193  * Can some kind of merge be done? -- erics
1194  */
1195 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1196 {
1197         struct inet6_request_sock *treq;
1198         struct ipv6_pinfo *np = inet6_sk(sk);
1199         struct tcp_options_received tmp_opt;
1200         struct tcp_sock *tp = tcp_sk(sk);
1201         struct request_sock *req = NULL;
1202         __u32 isn = TCP_SKB_CB(skb)->when;
1203 #ifdef CONFIG_SYN_COOKIES
1204         int want_cookie = 0;
1205 #else
1206 #define want_cookie 0
1207 #endif
1208
1209         if (skb->protocol == htons(ETH_P_IP))
1210                 return tcp_v4_conn_request(sk, skb);
1211
1212         if (!ipv6_unicast_destination(skb))
1213                 goto drop;
1214
1215         if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1216                 if (net_ratelimit())
1217                         syn_flood_warning(skb);
1218 #ifdef CONFIG_SYN_COOKIES
1219                 if (sysctl_tcp_syncookies)
1220                         want_cookie = 1;
1221                 else
1222 #endif
1223                 goto drop;
1224         }
1225
1226         if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1227                 goto drop;
1228
1229         req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
1230         if (req == NULL)
1231                 goto drop;
1232
1233 #ifdef CONFIG_TCP_MD5SIG
1234         tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
1235 #endif
1236
1237         tcp_clear_options(&tmp_opt);
1238         tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1239         tmp_opt.user_mss = tp->rx_opt.user_mss;
1240
1241         tcp_parse_options(skb, &tmp_opt, 0);
1242
1243         if (want_cookie && !tmp_opt.saw_tstamp)
1244                 tcp_clear_options(&tmp_opt);
1245
1246         tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1247         tcp_openreq_init(req, &tmp_opt, skb);
1248
1249         treq = inet6_rsk(req);
1250         ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr);
1251         ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr);
1252         if (!want_cookie)
1253                 TCP_ECN_create_request(req, tcp_hdr(skb));
1254
1255         if (want_cookie) {
1256                 isn = cookie_v6_init_sequence(sk, skb, &req->mss);
1257                 req->cookie_ts = tmp_opt.tstamp_ok;
1258         } else if (!isn) {
1259                 if (ipv6_opt_accepted(sk, skb) ||
1260                     np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1261                     np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1262                         atomic_inc(&skb->users);
1263                         treq->pktopts = skb;
1264                 }
1265                 treq->iif = sk->sk_bound_dev_if;
1266
1267                 /* So that link locals have meaning */
1268                 if (!sk->sk_bound_dev_if &&
1269                     ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1270                         treq->iif = inet6_iif(skb);
1271
1272                 isn = tcp_v6_init_sequence(skb);
1273         }
1274
1275         tcp_rsk(req)->snt_isn = isn;
1276
1277         security_inet_conn_request(sk, skb, req);
1278
1279         if (tcp_v6_send_synack(sk, req))
1280                 goto drop;
1281
1282         if (!want_cookie) {
1283                 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1284                 return 0;
1285         }
1286
1287 drop:
1288         if (req)
1289                 reqsk_free(req);
1290
1291         return 0; /* don't send reset */
1292 }
1293
1294 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1295                                           struct request_sock *req,
1296                                           struct dst_entry *dst)
1297 {
1298         struct inet6_request_sock *treq = inet6_rsk(req);
1299         struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1300         struct tcp6_sock *newtcp6sk;
1301         struct inet_sock *newinet;
1302         struct tcp_sock *newtp;
1303         struct sock *newsk;
1304         struct ipv6_txoptions *opt;
1305 #ifdef CONFIG_TCP_MD5SIG
1306         struct tcp_md5sig_key *key;
1307 #endif
1308
1309         if (skb->protocol == htons(ETH_P_IP)) {
1310                 /*
1311                  *      v6 mapped
1312                  */
1313
1314                 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1315
1316                 if (newsk == NULL)
1317                         return NULL;
1318
1319                 newtcp6sk = (struct tcp6_sock *)newsk;
1320                 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1321
1322                 newinet = inet_sk(newsk);
1323                 newnp = inet6_sk(newsk);
1324                 newtp = tcp_sk(newsk);
1325
1326                 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1327
1328                 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF),
1329                               newinet->daddr);
1330
1331                 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF),
1332                               newinet->saddr);
1333
1334                 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1335
1336                 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1337                 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1338 #ifdef CONFIG_TCP_MD5SIG
1339                 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1340 #endif
1341
1342                 newnp->pktoptions  = NULL;
1343                 newnp->opt         = NULL;
1344                 newnp->mcast_oif   = inet6_iif(skb);
1345                 newnp->mcast_hops  = ipv6_hdr(skb)->hop_limit;
1346
1347                 /*
1348                  * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1349                  * here, tcp_create_openreq_child now does this for us, see the comment in
1350                  * that function for the gory details. -acme
1351                  */
1352
1353                 /* It is tricky place. Until this moment IPv4 tcp
1354                    worked with IPv6 icsk.icsk_af_ops.
1355                    Sync it now.
1356                  */
1357                 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1358
1359                 return newsk;
1360         }
1361
1362         opt = np->opt;
1363
1364         if (sk_acceptq_is_full(sk))
1365                 goto out_overflow;
1366
1367         if (dst == NULL) {
1368                 struct in6_addr *final_p = NULL, final;
1369                 struct flowi fl;
1370
1371                 memset(&fl, 0, sizeof(fl));
1372                 fl.proto = IPPROTO_TCP;
1373                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
1374                 if (opt && opt->srcrt) {
1375                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
1376                         ipv6_addr_copy(&final, &fl.fl6_dst);
1377                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1378                         final_p = &final;
1379                 }
1380                 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
1381                 fl.oif = sk->sk_bound_dev_if;
1382                 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
1383                 fl.fl_ip_sport = inet_sk(sk)->sport;
1384                 security_req_classify_flow(req, &fl);
1385
1386                 if (ip6_dst_lookup(sk, &dst, &fl))
1387                         goto out;
1388
1389                 if (final_p)
1390                         ipv6_addr_copy(&fl.fl6_dst, final_p);
1391
1392                 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
1393                         goto out;
1394         }
1395
1396         newsk = tcp_create_openreq_child(sk, req, skb);
1397         if (newsk == NULL)
1398                 goto out;
1399
1400         /*
1401          * No need to charge this sock to the relevant IPv6 refcnt debug socks
1402          * count here, tcp_create_openreq_child now does this for us, see the
1403          * comment in that function for the gory details. -acme
1404          */
1405
1406         newsk->sk_gso_type = SKB_GSO_TCPV6;
1407         __ip6_dst_store(newsk, dst, NULL, NULL);
1408
1409         newtcp6sk = (struct tcp6_sock *)newsk;
1410         inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1411
1412         newtp = tcp_sk(newsk);
1413         newinet = inet_sk(newsk);
1414         newnp = inet6_sk(newsk);
1415
1416         memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1417
1418         ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1419         ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1420         ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1421         newsk->sk_bound_dev_if = treq->iif;
1422
1423         /* Now IPv6 options...
1424
1425            First: no IPv4 options.
1426          */
1427         newinet->opt = NULL;
1428         newnp->ipv6_fl_list = NULL;
1429
1430         /* Clone RX bits */
1431         newnp->rxopt.all = np->rxopt.all;
1432
1433         /* Clone pktoptions received with SYN */
1434         newnp->pktoptions = NULL;
1435         if (treq->pktopts != NULL) {
1436                 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1437                 kfree_skb(treq->pktopts);
1438                 treq->pktopts = NULL;
1439                 if (newnp->pktoptions)
1440                         skb_set_owner_r(newnp->pktoptions, newsk);
1441         }
1442         newnp->opt        = NULL;
1443         newnp->mcast_oif  = inet6_iif(skb);
1444         newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1445
1446         /* Clone native IPv6 options from listening socket (if any)
1447
1448            Yes, keeping reference count would be much more clever,
1449            but we make one more one thing there: reattach optmem
1450            to newsk.
1451          */
1452         if (opt) {
1453                 newnp->opt = ipv6_dup_options(newsk, opt);
1454                 if (opt != np->opt)
1455                         sock_kfree_s(sk, opt, opt->tot_len);
1456         }
1457
1458         inet_csk(newsk)->icsk_ext_hdr_len = 0;
1459         if (newnp->opt)
1460                 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1461                                                      newnp->opt->opt_flen);
1462
1463         tcp_mtup_init(newsk);
1464         tcp_sync_mss(newsk, dst_mtu(dst));
1465         newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1466         tcp_initialize_rcv_mss(newsk);
1467
1468         newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
1469
1470 #ifdef CONFIG_TCP_MD5SIG
1471         /* Copy over the MD5 key from the original socket */
1472         if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
1473                 /* We're using one, so create a matching key
1474                  * on the newsk structure. If we fail to get
1475                  * memory, then we end up not copying the key
1476                  * across. Shucks.
1477                  */
1478                 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1479                 if (newkey != NULL)
1480                         tcp_v6_md5_do_add(newsk, &inet6_sk(sk)->daddr,
1481                                           newkey, key->keylen);
1482         }
1483 #endif
1484
1485         __inet6_hash(newsk);
1486         __inet_inherit_port(sk, newsk);
1487
1488         return newsk;
1489
1490 out_overflow:
1491         NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1492 out:
1493         NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1494         if (opt && opt != np->opt)
1495                 sock_kfree_s(sk, opt, opt->tot_len);
1496         dst_release(dst);
1497         return NULL;
1498 }
1499
1500 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1501 {
1502         if (skb->ip_summed == CHECKSUM_COMPLETE) {
1503                 if (!tcp_v6_check(tcp_hdr(skb), skb->len, &ipv6_hdr(skb)->saddr,
1504                                   &ipv6_hdr(skb)->daddr, skb->csum)) {
1505                         skb->ip_summed = CHECKSUM_UNNECESSARY;
1506                         return 0;
1507                 }
1508         }
1509
1510         skb->csum = ~csum_unfold(tcp_v6_check(tcp_hdr(skb), skb->len,
1511                                               &ipv6_hdr(skb)->saddr,
1512                                               &ipv6_hdr(skb)->daddr, 0));
1513
1514         if (skb->len <= 76) {
1515                 return __skb_checksum_complete(skb);
1516         }
1517         return 0;
1518 }
1519
1520 /* The socket must have it's spinlock held when we get
1521  * here.
1522  *
1523  * We have a potential double-lock case here, so even when
1524  * doing backlog processing we use the BH locking scheme.
1525  * This is because we cannot sleep with the original spinlock
1526  * held.
1527  */
1528 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1529 {
1530         struct ipv6_pinfo *np = inet6_sk(sk);
1531         struct tcp_sock *tp;
1532         struct sk_buff *opt_skb = NULL;
1533
1534         /* Imagine: socket is IPv6. IPv4 packet arrives,
1535            goes to IPv4 receive handler and backlogged.
1536            From backlog it always goes here. Kerboom...
1537            Fortunately, tcp_rcv_established and rcv_established
1538            handle them correctly, but it is not case with
1539            tcp_v6_hnd_req and tcp_v6_send_reset().   --ANK
1540          */
1541
1542         if (skb->protocol == htons(ETH_P_IP))
1543                 return tcp_v4_do_rcv(sk, skb);
1544
1545 #ifdef CONFIG_TCP_MD5SIG
1546         if (tcp_v6_inbound_md5_hash (sk, skb))
1547                 goto discard;
1548 #endif
1549
1550         if (sk_filter(sk, skb))
1551                 goto discard;
1552
1553         /*
1554          *      socket locking is here for SMP purposes as backlog rcv
1555          *      is currently called with bh processing disabled.
1556          */
1557
1558         /* Do Stevens' IPV6_PKTOPTIONS.
1559
1560            Yes, guys, it is the only place in our code, where we
1561            may make it not affecting IPv4.
1562            The rest of code is protocol independent,
1563            and I do not like idea to uglify IPv4.
1564
1565            Actually, all the idea behind IPV6_PKTOPTIONS
1566            looks not very well thought. For now we latch
1567            options, received in the last packet, enqueued
1568            by tcp. Feel free to propose better solution.
1569                                                --ANK (980728)
1570          */
1571         if (np->rxopt.all)
1572                 opt_skb = skb_clone(skb, GFP_ATOMIC);
1573
1574         if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1575                 TCP_CHECK_TIMER(sk);
1576                 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len))
1577                         goto reset;
1578                 TCP_CHECK_TIMER(sk);
1579                 if (opt_skb)
1580                         goto ipv6_pktoptions;
1581                 return 0;
1582         }
1583
1584         if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1585                 goto csum_err;
1586
1587         if (sk->sk_state == TCP_LISTEN) {
1588                 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1589                 if (!nsk)
1590                         goto discard;
1591
1592                 /*
1593                  * Queue it on the new socket if the new socket is active,
1594                  * otherwise we just shortcircuit this and continue with
1595                  * the new socket..
1596                  */
1597                 if(nsk != sk) {
1598                         if (tcp_child_process(sk, nsk, skb))
1599                                 goto reset;
1600                         if (opt_skb)
1601                                 __kfree_skb(opt_skb);
1602                         return 0;
1603                 }
1604         }
1605
1606         TCP_CHECK_TIMER(sk);
1607         if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1608                 goto reset;
1609         TCP_CHECK_TIMER(sk);
1610         if (opt_skb)
1611                 goto ipv6_pktoptions;
1612         return 0;
1613
1614 reset:
1615         tcp_v6_send_reset(sk, skb);
1616 discard:
1617         if (opt_skb)
1618                 __kfree_skb(opt_skb);
1619         kfree_skb(skb);
1620         return 0;
1621 csum_err:
1622         TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1623         goto discard;
1624
1625
1626 ipv6_pktoptions:
1627         /* Do you ask, what is it?
1628
1629            1. skb was enqueued by tcp.
1630            2. skb is added to tail of read queue, rather than out of order.
1631            3. socket is not in passive state.
1632            4. Finally, it really contains options, which user wants to receive.
1633          */
1634         tp = tcp_sk(sk);
1635         if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1636             !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1637                 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1638                         np->mcast_oif = inet6_iif(opt_skb);
1639                 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1640                         np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1641                 if (ipv6_opt_accepted(sk, opt_skb)) {
1642                         skb_set_owner_r(opt_skb, sk);
1643                         opt_skb = xchg(&np->pktoptions, opt_skb);
1644                 } else {
1645                         __kfree_skb(opt_skb);
1646                         opt_skb = xchg(&np->pktoptions, NULL);
1647                 }
1648         }
1649
1650         if (opt_skb)
1651                 kfree_skb(opt_skb);
1652         return 0;
1653 }
1654
1655 static int tcp_v6_rcv(struct sk_buff *skb)
1656 {
1657         struct tcphdr *th;
1658         struct sock *sk;
1659         int ret;
1660         struct net *net = dev_net(skb->dev);
1661
1662         if (skb->pkt_type != PACKET_HOST)
1663                 goto discard_it;
1664
1665         /*
1666          *      Count it even if it's bad.
1667          */
1668         TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1669
1670         if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1671                 goto discard_it;
1672
1673         th = tcp_hdr(skb);
1674
1675         if (th->doff < sizeof(struct tcphdr)/4)
1676                 goto bad_packet;
1677         if (!pskb_may_pull(skb, th->doff*4))
1678                 goto discard_it;
1679
1680         if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb))
1681                 goto bad_packet;
1682
1683         th = tcp_hdr(skb);
1684         TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1685         TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1686                                     skb->len - th->doff*4);
1687         TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1688         TCP_SKB_CB(skb)->when = 0;
1689         TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb));
1690         TCP_SKB_CB(skb)->sacked = 0;
1691
1692         sk = __inet6_lookup(net, &tcp_hashinfo,
1693                         &ipv6_hdr(skb)->saddr, th->source,
1694                         &ipv6_hdr(skb)->daddr, ntohs(th->dest),
1695                         inet6_iif(skb));
1696
1697         if (!sk)
1698                 goto no_tcp_socket;
1699
1700 process:
1701         if (sk->sk_state == TCP_TIME_WAIT)
1702                 goto do_time_wait;
1703
1704         if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1705                 goto discard_and_relse;
1706
1707         if (sk_filter(sk, skb))
1708                 goto discard_and_relse;
1709
1710         skb->dev = NULL;
1711
1712         bh_lock_sock_nested(sk);
1713         ret = 0;
1714         if (!sock_owned_by_user(sk)) {
1715 #ifdef CONFIG_NET_DMA
1716                 struct tcp_sock *tp = tcp_sk(sk);
1717                 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1718                         tp->ucopy.dma_chan = get_softnet_dma();
1719                 if (tp->ucopy.dma_chan)
1720                         ret = tcp_v6_do_rcv(sk, skb);
1721                 else
1722 #endif
1723                 {
1724                         if (!tcp_prequeue(sk, skb))
1725                                 ret = tcp_v6_do_rcv(sk, skb);
1726                 }
1727         } else
1728                 sk_add_backlog(sk, skb);
1729         bh_unlock_sock(sk);
1730
1731         sock_put(sk);
1732         return ret ? -1 : 0;
1733
1734 no_tcp_socket:
1735         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1736                 goto discard_it;
1737
1738         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1739 bad_packet:
1740                 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1741         } else {
1742                 tcp_v6_send_reset(NULL, skb);
1743         }
1744
1745 discard_it:
1746
1747         /*
1748          *      Discard frame
1749          */
1750
1751         kfree_skb(skb);
1752         return 0;
1753
1754 discard_and_relse:
1755         sock_put(sk);
1756         goto discard_it;
1757
1758 do_time_wait:
1759         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1760                 inet_twsk_put(inet_twsk(sk));
1761                 goto discard_it;
1762         }
1763
1764         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1765                 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1766                 inet_twsk_put(inet_twsk(sk));
1767                 goto discard_it;
1768         }
1769
1770         switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1771         case TCP_TW_SYN:
1772         {
1773                 struct sock *sk2;
1774
1775                 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1776                                             &ipv6_hdr(skb)->daddr,
1777                                             ntohs(th->dest), inet6_iif(skb));
1778                 if (sk2 != NULL) {
1779                         struct inet_timewait_sock *tw = inet_twsk(sk);
1780                         inet_twsk_deschedule(tw, &tcp_death_row);
1781                         inet_twsk_put(tw);
1782                         sk = sk2;
1783                         goto process;
1784                 }
1785                 /* Fall through to ACK */
1786         }
1787         case TCP_TW_ACK:
1788                 tcp_v6_timewait_ack(sk, skb);
1789                 break;
1790         case TCP_TW_RST:
1791                 goto no_tcp_socket;
1792         case TCP_TW_SUCCESS:;
1793         }
1794         goto discard_it;
1795 }
1796
1797 static int tcp_v6_remember_stamp(struct sock *sk)
1798 {
1799         /* Alas, not yet... */
1800         return 0;
1801 }
1802
1803 static struct inet_connection_sock_af_ops ipv6_specific = {
1804         .queue_xmit        = inet6_csk_xmit,
1805         .send_check        = tcp_v6_send_check,
1806         .rebuild_header    = inet6_sk_rebuild_header,
1807         .conn_request      = tcp_v6_conn_request,
1808         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1809         .remember_stamp    = tcp_v6_remember_stamp,
1810         .net_header_len    = sizeof(struct ipv6hdr),
1811         .setsockopt        = ipv6_setsockopt,
1812         .getsockopt        = ipv6_getsockopt,
1813         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1814         .sockaddr_len      = sizeof(struct sockaddr_in6),
1815         .bind_conflict     = inet6_csk_bind_conflict,
1816 #ifdef CONFIG_COMPAT
1817         .compat_setsockopt = compat_ipv6_setsockopt,
1818         .compat_getsockopt = compat_ipv6_getsockopt,
1819 #endif
1820 };
1821
1822 #ifdef CONFIG_TCP_MD5SIG
1823 static struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1824         .md5_lookup     =       tcp_v6_md5_lookup,
1825         .calc_md5_hash  =       tcp_v6_md5_hash_skb,
1826         .md5_add        =       tcp_v6_md5_add_func,
1827         .md5_parse      =       tcp_v6_parse_md5_keys,
1828 };
1829 #endif
1830
1831 /*
1832  *      TCP over IPv4 via INET6 API
1833  */
1834
1835 static struct inet_connection_sock_af_ops ipv6_mapped = {
1836         .queue_xmit        = ip_queue_xmit,
1837         .send_check        = tcp_v4_send_check,
1838         .rebuild_header    = inet_sk_rebuild_header,
1839         .conn_request      = tcp_v6_conn_request,
1840         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1841         .remember_stamp    = tcp_v4_remember_stamp,
1842         .net_header_len    = sizeof(struct iphdr),
1843         .setsockopt        = ipv6_setsockopt,
1844         .getsockopt        = ipv6_getsockopt,
1845         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1846         .sockaddr_len      = sizeof(struct sockaddr_in6),
1847         .bind_conflict     = inet6_csk_bind_conflict,
1848 #ifdef CONFIG_COMPAT
1849         .compat_setsockopt = compat_ipv6_setsockopt,
1850         .compat_getsockopt = compat_ipv6_getsockopt,
1851 #endif
1852 };
1853
1854 #ifdef CONFIG_TCP_MD5SIG
1855 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1856         .md5_lookup     =       tcp_v4_md5_lookup,
1857         .calc_md5_hash  =       tcp_v4_md5_hash_skb,
1858         .md5_add        =       tcp_v6_md5_add_func,
1859         .md5_parse      =       tcp_v6_parse_md5_keys,
1860 };
1861 #endif
1862
1863 /* NOTE: A lot of things set to zero explicitly by call to
1864  *       sk_alloc() so need not be done here.
1865  */
1866 static int tcp_v6_init_sock(struct sock *sk)
1867 {
1868         struct inet_connection_sock *icsk = inet_csk(sk);
1869         struct tcp_sock *tp = tcp_sk(sk);
1870
1871         skb_queue_head_init(&tp->out_of_order_queue);
1872         tcp_init_xmit_timers(sk);
1873         tcp_prequeue_init(tp);
1874
1875         icsk->icsk_rto = TCP_TIMEOUT_INIT;
1876         tp->mdev = TCP_TIMEOUT_INIT;
1877
1878         /* So many TCP implementations out there (incorrectly) count the
1879          * initial SYN frame in their delayed-ACK and congestion control
1880          * algorithms that we must have the following bandaid to talk
1881          * efficiently to them.  -DaveM
1882          */
1883         tp->snd_cwnd = 2;
1884
1885         /* See draft-stevens-tcpca-spec-01 for discussion of the
1886          * initialization of these values.
1887          */
1888         tp->snd_ssthresh = 0x7fffffff;
1889         tp->snd_cwnd_clamp = ~0;
1890         tp->mss_cache = 536;
1891
1892         tp->reordering = sysctl_tcp_reordering;
1893
1894         sk->sk_state = TCP_CLOSE;
1895
1896         icsk->icsk_af_ops = &ipv6_specific;
1897         icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1898         icsk->icsk_sync_mss = tcp_sync_mss;
1899         sk->sk_write_space = sk_stream_write_space;
1900         sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1901
1902 #ifdef CONFIG_TCP_MD5SIG
1903         tp->af_specific = &tcp_sock_ipv6_specific;
1904 #endif
1905
1906         sk->sk_sndbuf = sysctl_tcp_wmem[1];
1907         sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1908
1909         atomic_inc(&tcp_sockets_allocated);
1910
1911         return 0;
1912 }
1913
1914 static void tcp_v6_destroy_sock(struct sock *sk)
1915 {
1916 #ifdef CONFIG_TCP_MD5SIG
1917         /* Clean up the MD5 key list */
1918         if (tcp_sk(sk)->md5sig_info)
1919                 tcp_v6_clear_md5_list(sk);
1920 #endif
1921         tcp_v4_destroy_sock(sk);
1922         inet6_destroy_sock(sk);
1923 }
1924
1925 #ifdef CONFIG_PROC_FS
1926 /* Proc filesystem TCPv6 sock list dumping. */
1927 static void get_openreq6(struct seq_file *seq,
1928                          struct sock *sk, struct request_sock *req, int i, int uid)
1929 {
1930         int ttd = req->expires - jiffies;
1931         struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1932         struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1933
1934         if (ttd < 0)
1935                 ttd = 0;
1936
1937         seq_printf(seq,
1938                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1939                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1940                    i,
1941                    src->s6_addr32[0], src->s6_addr32[1],
1942                    src->s6_addr32[2], src->s6_addr32[3],
1943                    ntohs(inet_sk(sk)->sport),
1944                    dest->s6_addr32[0], dest->s6_addr32[1],
1945                    dest->s6_addr32[2], dest->s6_addr32[3],
1946                    ntohs(inet_rsk(req)->rmt_port),
1947                    TCP_SYN_RECV,
1948                    0,0, /* could print option size, but that is af dependent. */
1949                    1,   /* timers active (only the expire timer) */
1950                    jiffies_to_clock_t(ttd),
1951                    req->retrans,
1952                    uid,
1953                    0,  /* non standard timer */
1954                    0, /* open_requests have no inode */
1955                    0, req);
1956 }
1957
1958 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1959 {
1960         struct in6_addr *dest, *src;
1961         __u16 destp, srcp;
1962         int timer_active;
1963         unsigned long timer_expires;
1964         struct inet_sock *inet = inet_sk(sp);
1965         struct tcp_sock *tp = tcp_sk(sp);
1966         const struct inet_connection_sock *icsk = inet_csk(sp);
1967         struct ipv6_pinfo *np = inet6_sk(sp);
1968
1969         dest  = &np->daddr;
1970         src   = &np->rcv_saddr;
1971         destp = ntohs(inet->dport);
1972         srcp  = ntohs(inet->sport);
1973
1974         if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1975                 timer_active    = 1;
1976                 timer_expires   = icsk->icsk_timeout;
1977         } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1978                 timer_active    = 4;
1979                 timer_expires   = icsk->icsk_timeout;
1980         } else if (timer_pending(&sp->sk_timer)) {
1981                 timer_active    = 2;
1982                 timer_expires   = sp->sk_timer.expires;
1983         } else {
1984                 timer_active    = 0;
1985                 timer_expires = jiffies;
1986         }
1987
1988         seq_printf(seq,
1989                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1990                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %lu %lu %u %u %d\n",
1991                    i,
1992                    src->s6_addr32[0], src->s6_addr32[1],
1993                    src->s6_addr32[2], src->s6_addr32[3], srcp,
1994                    dest->s6_addr32[0], dest->s6_addr32[1],
1995                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
1996                    sp->sk_state,
1997                    tp->write_seq-tp->snd_una,
1998                    (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
1999                    timer_active,
2000                    jiffies_to_clock_t(timer_expires - jiffies),
2001                    icsk->icsk_retransmits,
2002                    sock_i_uid(sp),
2003                    icsk->icsk_probes_out,
2004                    sock_i_ino(sp),
2005                    atomic_read(&sp->sk_refcnt), sp,
2006                    jiffies_to_clock_t(icsk->icsk_rto),
2007                    jiffies_to_clock_t(icsk->icsk_ack.ato),
2008                    (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
2009                    tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
2010                    );
2011 }
2012
2013 static void get_timewait6_sock(struct seq_file *seq,
2014                                struct inet_timewait_sock *tw, int i)
2015 {
2016         struct in6_addr *dest, *src;
2017         __u16 destp, srcp;
2018         struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
2019         int ttd = tw->tw_ttd - jiffies;
2020
2021         if (ttd < 0)
2022                 ttd = 0;
2023
2024         dest = &tw6->tw_v6_daddr;
2025         src  = &tw6->tw_v6_rcv_saddr;
2026         destp = ntohs(tw->tw_dport);
2027         srcp  = ntohs(tw->tw_sport);
2028
2029         seq_printf(seq,
2030                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2031                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
2032                    i,
2033                    src->s6_addr32[0], src->s6_addr32[1],
2034                    src->s6_addr32[2], src->s6_addr32[3], srcp,
2035                    dest->s6_addr32[0], dest->s6_addr32[1],
2036                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
2037                    tw->tw_substate, 0, 0,
2038                    3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2039                    atomic_read(&tw->tw_refcnt), tw);
2040 }
2041
2042 static int tcp6_seq_show(struct seq_file *seq, void *v)
2043 {
2044         struct tcp_iter_state *st;
2045
2046         if (v == SEQ_START_TOKEN) {
2047                 seq_puts(seq,
2048                          "  sl  "
2049                          "local_address                         "
2050                          "remote_address                        "
2051                          "st tx_queue rx_queue tr tm->when retrnsmt"
2052                          "   uid  timeout inode\n");
2053                 goto out;
2054         }
2055         st = seq->private;
2056
2057         switch (st->state) {
2058         case TCP_SEQ_STATE_LISTENING:
2059         case TCP_SEQ_STATE_ESTABLISHED:
2060                 get_tcp6_sock(seq, v, st->num);
2061                 break;
2062         case TCP_SEQ_STATE_OPENREQ:
2063                 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
2064                 break;
2065         case TCP_SEQ_STATE_TIME_WAIT:
2066                 get_timewait6_sock(seq, v, st->num);
2067                 break;
2068         }
2069 out:
2070         return 0;
2071 }
2072
2073 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2074         .name           = "tcp6",
2075         .family         = AF_INET6,
2076         .seq_fops       = {
2077                 .owner          = THIS_MODULE,
2078         },
2079         .seq_ops        = {
2080                 .show           = tcp6_seq_show,
2081         },
2082 };
2083
2084 int tcp6_proc_init(struct net *net)
2085 {
2086         return tcp_proc_register(net, &tcp6_seq_afinfo);
2087 }
2088
2089 void tcp6_proc_exit(struct net *net)
2090 {
2091         tcp_proc_unregister(net, &tcp6_seq_afinfo);
2092 }
2093 #endif
2094
2095 struct proto tcpv6_prot = {
2096         .name                   = "TCPv6",
2097         .owner                  = THIS_MODULE,
2098         .close                  = tcp_close,
2099         .connect                = tcp_v6_connect,
2100         .disconnect             = tcp_disconnect,
2101         .accept                 = inet_csk_accept,
2102         .ioctl                  = tcp_ioctl,
2103         .init                   = tcp_v6_init_sock,
2104         .destroy                = tcp_v6_destroy_sock,
2105         .shutdown               = tcp_shutdown,
2106         .setsockopt             = tcp_setsockopt,
2107         .getsockopt             = tcp_getsockopt,
2108         .recvmsg                = tcp_recvmsg,
2109         .backlog_rcv            = tcp_v6_do_rcv,
2110         .hash                   = tcp_v6_hash,
2111         .unhash                 = inet_unhash,
2112         .get_port               = inet_csk_get_port,
2113         .enter_memory_pressure  = tcp_enter_memory_pressure,
2114         .sockets_allocated      = &tcp_sockets_allocated,
2115         .memory_allocated       = &tcp_memory_allocated,
2116         .memory_pressure        = &tcp_memory_pressure,
2117         .orphan_count           = &tcp_orphan_count,
2118         .sysctl_mem             = sysctl_tcp_mem,
2119         .sysctl_wmem            = sysctl_tcp_wmem,
2120         .sysctl_rmem            = sysctl_tcp_rmem,
2121         .max_header             = MAX_TCP_HEADER,
2122         .obj_size               = sizeof(struct tcp6_sock),
2123         .twsk_prot              = &tcp6_timewait_sock_ops,
2124         .rsk_prot               = &tcp6_request_sock_ops,
2125         .h.hashinfo             = &tcp_hashinfo,
2126 #ifdef CONFIG_COMPAT
2127         .compat_setsockopt      = compat_tcp_setsockopt,
2128         .compat_getsockopt      = compat_tcp_getsockopt,
2129 #endif
2130 };
2131
2132 static struct inet6_protocol tcpv6_protocol = {
2133         .handler        =       tcp_v6_rcv,
2134         .err_handler    =       tcp_v6_err,
2135         .gso_send_check =       tcp_v6_gso_send_check,
2136         .gso_segment    =       tcp_tso_segment,
2137         .flags          =       INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2138 };
2139
2140 static struct inet_protosw tcpv6_protosw = {
2141         .type           =       SOCK_STREAM,
2142         .protocol       =       IPPROTO_TCP,
2143         .prot           =       &tcpv6_prot,
2144         .ops            =       &inet6_stream_ops,
2145         .capability     =       -1,
2146         .no_check       =       0,
2147         .flags          =       INET_PROTOSW_PERMANENT |
2148                                 INET_PROTOSW_ICSK,
2149 };
2150
2151 static int tcpv6_net_init(struct net *net)
2152 {
2153         return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2154                                     SOCK_RAW, IPPROTO_TCP, net);
2155 }
2156
2157 static void tcpv6_net_exit(struct net *net)
2158 {
2159         inet_ctl_sock_destroy(net->ipv6.tcp_sk);
2160 }
2161
2162 static struct pernet_operations tcpv6_net_ops = {
2163         .init = tcpv6_net_init,
2164         .exit = tcpv6_net_exit,
2165 };
2166
2167 int __init tcpv6_init(void)
2168 {
2169         int ret;
2170
2171         ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2172         if (ret)
2173                 goto out;
2174
2175         /* register inet6 protocol */
2176         ret = inet6_register_protosw(&tcpv6_protosw);
2177         if (ret)
2178                 goto out_tcpv6_protocol;
2179
2180         ret = register_pernet_subsys(&tcpv6_net_ops);
2181         if (ret)
2182                 goto out_tcpv6_protosw;
2183 out:
2184         return ret;
2185
2186 out_tcpv6_protocol:
2187         inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2188 out_tcpv6_protosw:
2189         inet6_unregister_protosw(&tcpv6_protosw);
2190         goto out;
2191 }
2192
2193 void tcpv6_exit(void)
2194 {
2195         unregister_pernet_subsys(&tcpv6_net_ops);
2196         inet6_unregister_protosw(&tcpv6_protosw);
2197         inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2198 }