d73617e9708ea751b630bbb34b2dd93a0e69cd44
[linux-2.6.git] / net / ipv6 / tcp_ipv6.c
1 /*
2  *      TCP over IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *
8  *      Based on:
9  *      linux/net/ipv4/tcp.c
10  *      linux/net/ipv4/tcp_input.c
11  *      linux/net/ipv4/tcp_output.c
12  *
13  *      Fixes:
14  *      Hideaki YOSHIFUJI       :       sin6_scope_id support
15  *      YOSHIFUJI Hideaki @USAGI and:   Support IPV6_V6ONLY socket option, which
16  *      Alexey Kuznetsov                allow both IPv4 and IPv6 sockets to bind
17  *                                      a single port at the same time.
18  *      YOSHIFUJI Hideaki @USAGI:       convert /proc/net/tcp6 to seq_file.
19  *
20  *      This program is free software; you can redistribute it and/or
21  *      modify it under the terms of the GNU General Public License
22  *      as published by the Free Software Foundation; either version
23  *      2 of the License, or (at your option) any later version.
24  */
25
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
34 #include <linux/in.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
41
42 #include <linux/ipv6.h>
43 #include <linux/icmpv6.h>
44 #include <linux/random.h>
45
46 #include <net/tcp.h>
47 #include <net/ndisc.h>
48 #include <net/inet6_hashtables.h>
49 #include <net/inet6_connection_sock.h>
50 #include <net/ipv6.h>
51 #include <net/transp_v6.h>
52 #include <net/addrconf.h>
53 #include <net/ip6_route.h>
54 #include <net/ip6_checksum.h>
55 #include <net/inet_ecn.h>
56 #include <net/protocol.h>
57 #include <net/xfrm.h>
58 #include <net/snmp.h>
59 #include <net/dsfield.h>
60 #include <net/timewait_sock.h>
61 #include <net/netdma.h>
62 #include <net/inet_common.h>
63
64 #include <asm/uaccess.h>
65
66 #include <linux/proc_fs.h>
67 #include <linux/seq_file.h>
68
69 #include <linux/crypto.h>
70 #include <linux/scatterlist.h>
71
72 static void     tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
73 static void     tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
74                                       struct request_sock *req);
75
76 static int      tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
77
78 static const struct inet_connection_sock_af_ops ipv6_mapped;
79 static const struct inet_connection_sock_af_ops ipv6_specific;
80 #ifdef CONFIG_TCP_MD5SIG
81 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
82 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
83 #else
84 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
85                                                    struct in6_addr *addr)
86 {
87         return NULL;
88 }
89 #endif
90
91 static void tcp_v6_hash(struct sock *sk)
92 {
93         if (sk->sk_state != TCP_CLOSE) {
94                 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
95                         tcp_prot.hash(sk);
96                         return;
97                 }
98                 local_bh_disable();
99                 __inet6_hash(sk);
100                 local_bh_enable();
101         }
102 }
103
104 static __inline__ __sum16 tcp_v6_check(int len,
105                                    struct in6_addr *saddr,
106                                    struct in6_addr *daddr,
107                                    __wsum base)
108 {
109         return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
110 }
111
112 static __u32 tcp_v6_init_sequence(struct sk_buff *skb)
113 {
114         return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
115                                             ipv6_hdr(skb)->saddr.s6_addr32,
116                                             tcp_hdr(skb)->dest,
117                                             tcp_hdr(skb)->source);
118 }
119
120 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
121                           int addr_len)
122 {
123         struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
124         struct inet_sock *inet = inet_sk(sk);
125         struct inet_connection_sock *icsk = inet_csk(sk);
126         struct ipv6_pinfo *np = inet6_sk(sk);
127         struct tcp_sock *tp = tcp_sk(sk);
128         struct in6_addr *saddr = NULL, *final_p = NULL, final;
129         struct flowi fl;
130         struct dst_entry *dst;
131         int addr_type;
132         int err;
133
134         if (addr_len < SIN6_LEN_RFC2133)
135                 return -EINVAL;
136
137         if (usin->sin6_family != AF_INET6)
138                 return(-EAFNOSUPPORT);
139
140         memset(&fl, 0, sizeof(fl));
141
142         if (np->sndflow) {
143                 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
144                 IP6_ECN_flow_init(fl.fl6_flowlabel);
145                 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
146                         struct ip6_flowlabel *flowlabel;
147                         flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
148                         if (flowlabel == NULL)
149                                 return -EINVAL;
150                         ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
151                         fl6_sock_release(flowlabel);
152                 }
153         }
154
155         /*
156          *      connect() to INADDR_ANY means loopback (BSD'ism).
157          */
158
159         if(ipv6_addr_any(&usin->sin6_addr))
160                 usin->sin6_addr.s6_addr[15] = 0x1;
161
162         addr_type = ipv6_addr_type(&usin->sin6_addr);
163
164         if(addr_type & IPV6_ADDR_MULTICAST)
165                 return -ENETUNREACH;
166
167         if (addr_type&IPV6_ADDR_LINKLOCAL) {
168                 if (addr_len >= sizeof(struct sockaddr_in6) &&
169                     usin->sin6_scope_id) {
170                         /* If interface is set while binding, indices
171                          * must coincide.
172                          */
173                         if (sk->sk_bound_dev_if &&
174                             sk->sk_bound_dev_if != usin->sin6_scope_id)
175                                 return -EINVAL;
176
177                         sk->sk_bound_dev_if = usin->sin6_scope_id;
178                 }
179
180                 /* Connect to link-local address requires an interface */
181                 if (!sk->sk_bound_dev_if)
182                         return -EINVAL;
183         }
184
185         if (tp->rx_opt.ts_recent_stamp &&
186             !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
187                 tp->rx_opt.ts_recent = 0;
188                 tp->rx_opt.ts_recent_stamp = 0;
189                 tp->write_seq = 0;
190         }
191
192         ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
193         np->flow_label = fl.fl6_flowlabel;
194
195         /*
196          *      TCP over IPv4
197          */
198
199         if (addr_type == IPV6_ADDR_MAPPED) {
200                 u32 exthdrlen = icsk->icsk_ext_hdr_len;
201                 struct sockaddr_in sin;
202
203                 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
204
205                 if (__ipv6_only_sock(sk))
206                         return -ENETUNREACH;
207
208                 sin.sin_family = AF_INET;
209                 sin.sin_port = usin->sin6_port;
210                 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
211
212                 icsk->icsk_af_ops = &ipv6_mapped;
213                 sk->sk_backlog_rcv = tcp_v4_do_rcv;
214 #ifdef CONFIG_TCP_MD5SIG
215                 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
216 #endif
217
218                 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
219
220                 if (err) {
221                         icsk->icsk_ext_hdr_len = exthdrlen;
222                         icsk->icsk_af_ops = &ipv6_specific;
223                         sk->sk_backlog_rcv = tcp_v6_do_rcv;
224 #ifdef CONFIG_TCP_MD5SIG
225                         tp->af_specific = &tcp_sock_ipv6_specific;
226 #endif
227                         goto failure;
228                 } else {
229                         ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF),
230                                       inet->saddr);
231                         ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF),
232                                       inet->rcv_saddr);
233                 }
234
235                 return err;
236         }
237
238         if (!ipv6_addr_any(&np->rcv_saddr))
239                 saddr = &np->rcv_saddr;
240
241         fl.proto = IPPROTO_TCP;
242         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
243         ipv6_addr_copy(&fl.fl6_src,
244                        (saddr ? saddr : &np->saddr));
245         fl.oif = sk->sk_bound_dev_if;
246         fl.fl_ip_dport = usin->sin6_port;
247         fl.fl_ip_sport = inet->sport;
248
249         if (np->opt && np->opt->srcrt) {
250                 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
251                 ipv6_addr_copy(&final, &fl.fl6_dst);
252                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
253                 final_p = &final;
254         }
255
256         security_sk_classify_flow(sk, &fl);
257
258         err = ip6_dst_lookup(sk, &dst, &fl);
259         if (err)
260                 goto failure;
261         if (final_p)
262                 ipv6_addr_copy(&fl.fl6_dst, final_p);
263
264         err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
265         if (err < 0) {
266                 if (err == -EREMOTE)
267                         err = ip6_dst_blackhole(sk, &dst, &fl);
268                 if (err < 0)
269                         goto failure;
270         }
271
272         if (saddr == NULL) {
273                 saddr = &fl.fl6_src;
274                 ipv6_addr_copy(&np->rcv_saddr, saddr);
275         }
276
277         /* set the source address */
278         ipv6_addr_copy(&np->saddr, saddr);
279         inet->rcv_saddr = LOOPBACK4_IPV6;
280
281         sk->sk_gso_type = SKB_GSO_TCPV6;
282         __ip6_dst_store(sk, dst, NULL, NULL);
283
284         icsk->icsk_ext_hdr_len = 0;
285         if (np->opt)
286                 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
287                                           np->opt->opt_nflen);
288
289         tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
290
291         inet->dport = usin->sin6_port;
292
293         tcp_set_state(sk, TCP_SYN_SENT);
294         err = inet6_hash_connect(&tcp_death_row, sk);
295         if (err)
296                 goto late_failure;
297
298         if (!tp->write_seq)
299                 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
300                                                              np->daddr.s6_addr32,
301                                                              inet->sport,
302                                                              inet->dport);
303
304         err = tcp_connect(sk);
305         if (err)
306                 goto late_failure;
307
308         return 0;
309
310 late_failure:
311         tcp_set_state(sk, TCP_CLOSE);
312         __sk_dst_reset(sk);
313 failure:
314         inet->dport = 0;
315         sk->sk_route_caps = 0;
316         return err;
317 }
318
319 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
320                 u8 type, u8 code, int offset, __be32 info)
321 {
322         struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
323         const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
324         struct ipv6_pinfo *np;
325         struct sock *sk;
326         int err;
327         struct tcp_sock *tp;
328         __u32 seq;
329         struct net *net = dev_net(skb->dev);
330
331         sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr,
332                         th->dest, &hdr->saddr, th->source, skb->dev->ifindex);
333
334         if (sk == NULL) {
335                 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev),
336                                    ICMP6_MIB_INERRORS);
337                 return;
338         }
339
340         if (sk->sk_state == TCP_TIME_WAIT) {
341                 inet_twsk_put(inet_twsk(sk));
342                 return;
343         }
344
345         bh_lock_sock(sk);
346         if (sock_owned_by_user(sk))
347                 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
348
349         if (sk->sk_state == TCP_CLOSE)
350                 goto out;
351
352         tp = tcp_sk(sk);
353         seq = ntohl(th->seq);
354         if (sk->sk_state != TCP_LISTEN &&
355             !between(seq, tp->snd_una, tp->snd_nxt)) {
356                 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
357                 goto out;
358         }
359
360         np = inet6_sk(sk);
361
362         if (type == ICMPV6_PKT_TOOBIG) {
363                 struct dst_entry *dst = NULL;
364
365                 if (sock_owned_by_user(sk))
366                         goto out;
367                 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
368                         goto out;
369
370                 /* icmp should have updated the destination cache entry */
371                 dst = __sk_dst_check(sk, np->dst_cookie);
372
373                 if (dst == NULL) {
374                         struct inet_sock *inet = inet_sk(sk);
375                         struct flowi fl;
376
377                         /* BUGGG_FUTURE: Again, it is not clear how
378                            to handle rthdr case. Ignore this complexity
379                            for now.
380                          */
381                         memset(&fl, 0, sizeof(fl));
382                         fl.proto = IPPROTO_TCP;
383                         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
384                         ipv6_addr_copy(&fl.fl6_src, &np->saddr);
385                         fl.oif = sk->sk_bound_dev_if;
386                         fl.fl_ip_dport = inet->dport;
387                         fl.fl_ip_sport = inet->sport;
388                         security_skb_classify_flow(skb, &fl);
389
390                         if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
391                                 sk->sk_err_soft = -err;
392                                 goto out;
393                         }
394
395                         if ((err = xfrm_lookup(net, &dst, &fl, sk, 0)) < 0) {
396                                 sk->sk_err_soft = -err;
397                                 goto out;
398                         }
399
400                 } else
401                         dst_hold(dst);
402
403                 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
404                         tcp_sync_mss(sk, dst_mtu(dst));
405                         tcp_simple_retransmit(sk);
406                 } /* else let the usual retransmit timer handle it */
407                 dst_release(dst);
408                 goto out;
409         }
410
411         icmpv6_err_convert(type, code, &err);
412
413         /* Might be for an request_sock */
414         switch (sk->sk_state) {
415                 struct request_sock *req, **prev;
416         case TCP_LISTEN:
417                 if (sock_owned_by_user(sk))
418                         goto out;
419
420                 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
421                                            &hdr->saddr, inet6_iif(skb));
422                 if (!req)
423                         goto out;
424
425                 /* ICMPs are not backlogged, hence we cannot get
426                  * an established socket here.
427                  */
428                 WARN_ON(req->sk != NULL);
429
430                 if (seq != tcp_rsk(req)->snt_isn) {
431                         NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
432                         goto out;
433                 }
434
435                 inet_csk_reqsk_queue_drop(sk, req, prev);
436                 goto out;
437
438         case TCP_SYN_SENT:
439         case TCP_SYN_RECV:  /* Cannot happen.
440                                It can, it SYNs are crossed. --ANK */
441                 if (!sock_owned_by_user(sk)) {
442                         sk->sk_err = err;
443                         sk->sk_error_report(sk);                /* Wake people up to see the error (see connect in sock.c) */
444
445                         tcp_done(sk);
446                 } else
447                         sk->sk_err_soft = err;
448                 goto out;
449         }
450
451         if (!sock_owned_by_user(sk) && np->recverr) {
452                 sk->sk_err = err;
453                 sk->sk_error_report(sk);
454         } else
455                 sk->sk_err_soft = err;
456
457 out:
458         bh_unlock_sock(sk);
459         sock_put(sk);
460 }
461
462
463 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req)
464 {
465         struct inet6_request_sock *treq = inet6_rsk(req);
466         struct ipv6_pinfo *np = inet6_sk(sk);
467         struct sk_buff * skb;
468         struct ipv6_txoptions *opt = NULL;
469         struct in6_addr * final_p = NULL, final;
470         struct flowi fl;
471         struct dst_entry *dst;
472         int err = -1;
473
474         memset(&fl, 0, sizeof(fl));
475         fl.proto = IPPROTO_TCP;
476         ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
477         ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
478         fl.fl6_flowlabel = 0;
479         fl.oif = treq->iif;
480         fl.fl_ip_dport = inet_rsk(req)->rmt_port;
481         fl.fl_ip_sport = inet_rsk(req)->loc_port;
482         security_req_classify_flow(req, &fl);
483
484         opt = np->opt;
485         if (opt && opt->srcrt) {
486                 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
487                 ipv6_addr_copy(&final, &fl.fl6_dst);
488                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
489                 final_p = &final;
490         }
491
492         err = ip6_dst_lookup(sk, &dst, &fl);
493         if (err)
494                 goto done;
495         if (final_p)
496                 ipv6_addr_copy(&fl.fl6_dst, final_p);
497         if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
498                 goto done;
499
500         skb = tcp_make_synack(sk, dst, req);
501         if (skb) {
502                 struct tcphdr *th = tcp_hdr(skb);
503
504                 th->check = tcp_v6_check(skb->len,
505                                          &treq->loc_addr, &treq->rmt_addr,
506                                          csum_partial(th, skb->len, skb->csum));
507
508                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
509                 err = ip6_xmit(sk, skb, &fl, opt, 0);
510                 err = net_xmit_eval(err);
511         }
512
513 done:
514         if (opt && opt != np->opt)
515                 sock_kfree_s(sk, opt, opt->tot_len);
516         dst_release(dst);
517         return err;
518 }
519
520 static inline void syn_flood_warning(struct sk_buff *skb)
521 {
522 #ifdef CONFIG_SYN_COOKIES
523         if (sysctl_tcp_syncookies)
524                 printk(KERN_INFO
525                        "TCPv6: Possible SYN flooding on port %d. "
526                        "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest));
527         else
528 #endif
529                 printk(KERN_INFO
530                        "TCPv6: Possible SYN flooding on port %d. "
531                        "Dropping request.\n", ntohs(tcp_hdr(skb)->dest));
532 }
533
534 static void tcp_v6_reqsk_destructor(struct request_sock *req)
535 {
536         kfree_skb(inet6_rsk(req)->pktopts);
537 }
538
539 #ifdef CONFIG_TCP_MD5SIG
540 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
541                                                    struct in6_addr *addr)
542 {
543         struct tcp_sock *tp = tcp_sk(sk);
544         int i;
545
546         BUG_ON(tp == NULL);
547
548         if (!tp->md5sig_info || !tp->md5sig_info->entries6)
549                 return NULL;
550
551         for (i = 0; i < tp->md5sig_info->entries6; i++) {
552                 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr))
553                         return &tp->md5sig_info->keys6[i].base;
554         }
555         return NULL;
556 }
557
558 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
559                                                 struct sock *addr_sk)
560 {
561         return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
562 }
563
564 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
565                                                       struct request_sock *req)
566 {
567         return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
568 }
569
570 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
571                              char *newkey, u8 newkeylen)
572 {
573         /* Add key to the list */
574         struct tcp_md5sig_key *key;
575         struct tcp_sock *tp = tcp_sk(sk);
576         struct tcp6_md5sig_key *keys;
577
578         key = tcp_v6_md5_do_lookup(sk, peer);
579         if (key) {
580                 /* modify existing entry - just update that one */
581                 kfree(key->key);
582                 key->key = newkey;
583                 key->keylen = newkeylen;
584         } else {
585                 /* reallocate new list if current one is full. */
586                 if (!tp->md5sig_info) {
587                         tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC);
588                         if (!tp->md5sig_info) {
589                                 kfree(newkey);
590                                 return -ENOMEM;
591                         }
592                         sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
593                 }
594                 if (tcp_alloc_md5sig_pool() == NULL) {
595                         kfree(newkey);
596                         return -ENOMEM;
597                 }
598                 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) {
599                         keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) *
600                                        (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
601
602                         if (!keys) {
603                                 tcp_free_md5sig_pool();
604                                 kfree(newkey);
605                                 return -ENOMEM;
606                         }
607
608                         if (tp->md5sig_info->entries6)
609                                 memmove(keys, tp->md5sig_info->keys6,
610                                         (sizeof (tp->md5sig_info->keys6[0]) *
611                                          tp->md5sig_info->entries6));
612
613                         kfree(tp->md5sig_info->keys6);
614                         tp->md5sig_info->keys6 = keys;
615                         tp->md5sig_info->alloced6++;
616                 }
617
618                 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
619                                peer);
620                 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey;
621                 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen;
622
623                 tp->md5sig_info->entries6++;
624         }
625         return 0;
626 }
627
628 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk,
629                                u8 *newkey, __u8 newkeylen)
630 {
631         return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr,
632                                  newkey, newkeylen);
633 }
634
635 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
636 {
637         struct tcp_sock *tp = tcp_sk(sk);
638         int i;
639
640         for (i = 0; i < tp->md5sig_info->entries6; i++) {
641                 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) {
642                         /* Free the key */
643                         kfree(tp->md5sig_info->keys6[i].base.key);
644                         tp->md5sig_info->entries6--;
645
646                         if (tp->md5sig_info->entries6 == 0) {
647                                 kfree(tp->md5sig_info->keys6);
648                                 tp->md5sig_info->keys6 = NULL;
649                                 tp->md5sig_info->alloced6 = 0;
650                         } else {
651                                 /* shrink the database */
652                                 if (tp->md5sig_info->entries6 != i)
653                                         memmove(&tp->md5sig_info->keys6[i],
654                                                 &tp->md5sig_info->keys6[i+1],
655                                                 (tp->md5sig_info->entries6 - i)
656                                                 * sizeof (tp->md5sig_info->keys6[0]));
657                         }
658                         tcp_free_md5sig_pool();
659                         return 0;
660                 }
661         }
662         return -ENOENT;
663 }
664
665 static void tcp_v6_clear_md5_list (struct sock *sk)
666 {
667         struct tcp_sock *tp = tcp_sk(sk);
668         int i;
669
670         if (tp->md5sig_info->entries6) {
671                 for (i = 0; i < tp->md5sig_info->entries6; i++)
672                         kfree(tp->md5sig_info->keys6[i].base.key);
673                 tp->md5sig_info->entries6 = 0;
674                 tcp_free_md5sig_pool();
675         }
676
677         kfree(tp->md5sig_info->keys6);
678         tp->md5sig_info->keys6 = NULL;
679         tp->md5sig_info->alloced6 = 0;
680
681         if (tp->md5sig_info->entries4) {
682                 for (i = 0; i < tp->md5sig_info->entries4; i++)
683                         kfree(tp->md5sig_info->keys4[i].base.key);
684                 tp->md5sig_info->entries4 = 0;
685                 tcp_free_md5sig_pool();
686         }
687
688         kfree(tp->md5sig_info->keys4);
689         tp->md5sig_info->keys4 = NULL;
690         tp->md5sig_info->alloced4 = 0;
691 }
692
693 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
694                                   int optlen)
695 {
696         struct tcp_md5sig cmd;
697         struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
698         u8 *newkey;
699
700         if (optlen < sizeof(cmd))
701                 return -EINVAL;
702
703         if (copy_from_user(&cmd, optval, sizeof(cmd)))
704                 return -EFAULT;
705
706         if (sin6->sin6_family != AF_INET6)
707                 return -EINVAL;
708
709         if (!cmd.tcpm_keylen) {
710                 if (!tcp_sk(sk)->md5sig_info)
711                         return -ENOENT;
712                 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
713                         return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
714                 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr);
715         }
716
717         if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
718                 return -EINVAL;
719
720         if (!tcp_sk(sk)->md5sig_info) {
721                 struct tcp_sock *tp = tcp_sk(sk);
722                 struct tcp_md5sig_info *p;
723
724                 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL);
725                 if (!p)
726                         return -ENOMEM;
727
728                 tp->md5sig_info = p;
729                 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
730         }
731
732         newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
733         if (!newkey)
734                 return -ENOMEM;
735         if (ipv6_addr_v4mapped(&sin6->sin6_addr)) {
736                 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3],
737                                          newkey, cmd.tcpm_keylen);
738         }
739         return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
740 }
741
742 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
743                                         struct in6_addr *daddr,
744                                         struct in6_addr *saddr, int nbytes)
745 {
746         struct tcp6_pseudohdr *bp;
747         struct scatterlist sg;
748
749         bp = &hp->md5_blk.ip6;
750         /* 1. TCP pseudo-header (RFC2460) */
751         ipv6_addr_copy(&bp->saddr, saddr);
752         ipv6_addr_copy(&bp->daddr, daddr);
753         bp->protocol = cpu_to_be32(IPPROTO_TCP);
754         bp->len = cpu_to_be32(nbytes);
755
756         sg_init_one(&sg, bp, sizeof(*bp));
757         return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
758 }
759
760 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
761                                struct in6_addr *daddr, struct in6_addr *saddr,
762                                struct tcphdr *th)
763 {
764         struct tcp_md5sig_pool *hp;
765         struct hash_desc *desc;
766
767         hp = tcp_get_md5sig_pool();
768         if (!hp)
769                 goto clear_hash_noput;
770         desc = &hp->md5_desc;
771
772         if (crypto_hash_init(desc))
773                 goto clear_hash;
774         if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
775                 goto clear_hash;
776         if (tcp_md5_hash_header(hp, th))
777                 goto clear_hash;
778         if (tcp_md5_hash_key(hp, key))
779                 goto clear_hash;
780         if (crypto_hash_final(desc, md5_hash))
781                 goto clear_hash;
782
783         tcp_put_md5sig_pool();
784         return 0;
785
786 clear_hash:
787         tcp_put_md5sig_pool();
788 clear_hash_noput:
789         memset(md5_hash, 0, 16);
790         return 1;
791 }
792
793 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
794                                struct sock *sk, struct request_sock *req,
795                                struct sk_buff *skb)
796 {
797         struct in6_addr *saddr, *daddr;
798         struct tcp_md5sig_pool *hp;
799         struct hash_desc *desc;
800         struct tcphdr *th = tcp_hdr(skb);
801
802         if (sk) {
803                 saddr = &inet6_sk(sk)->saddr;
804                 daddr = &inet6_sk(sk)->daddr;
805         } else if (req) {
806                 saddr = &inet6_rsk(req)->loc_addr;
807                 daddr = &inet6_rsk(req)->rmt_addr;
808         } else {
809                 struct ipv6hdr *ip6h = ipv6_hdr(skb);
810                 saddr = &ip6h->saddr;
811                 daddr = &ip6h->daddr;
812         }
813
814         hp = tcp_get_md5sig_pool();
815         if (!hp)
816                 goto clear_hash_noput;
817         desc = &hp->md5_desc;
818
819         if (crypto_hash_init(desc))
820                 goto clear_hash;
821
822         if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
823                 goto clear_hash;
824         if (tcp_md5_hash_header(hp, th))
825                 goto clear_hash;
826         if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
827                 goto clear_hash;
828         if (tcp_md5_hash_key(hp, key))
829                 goto clear_hash;
830         if (crypto_hash_final(desc, md5_hash))
831                 goto clear_hash;
832
833         tcp_put_md5sig_pool();
834         return 0;
835
836 clear_hash:
837         tcp_put_md5sig_pool();
838 clear_hash_noput:
839         memset(md5_hash, 0, 16);
840         return 1;
841 }
842
843 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
844 {
845         __u8 *hash_location = NULL;
846         struct tcp_md5sig_key *hash_expected;
847         struct ipv6hdr *ip6h = ipv6_hdr(skb);
848         struct tcphdr *th = tcp_hdr(skb);
849         int genhash;
850         u8 newhash[16];
851
852         hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
853         hash_location = tcp_parse_md5sig_option(th);
854
855         /* We've parsed the options - do we have a hash? */
856         if (!hash_expected && !hash_location)
857                 return 0;
858
859         if (hash_expected && !hash_location) {
860                 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
861                 return 1;
862         }
863
864         if (!hash_expected && hash_location) {
865                 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
866                 return 1;
867         }
868
869         /* check the signature */
870         genhash = tcp_v6_md5_hash_skb(newhash,
871                                       hash_expected,
872                                       NULL, NULL, skb);
873
874         if (genhash || memcmp(hash_location, newhash, 16) != 0) {
875                 if (net_ratelimit()) {
876                         printk(KERN_INFO "MD5 Hash %s for (%pI6, %u)->(%pI6, %u)\n",
877                                genhash ? "failed" : "mismatch",
878                                &ip6h->saddr, ntohs(th->source),
879                                &ip6h->daddr, ntohs(th->dest));
880                 }
881                 return 1;
882         }
883         return 0;
884 }
885 #endif
886
887 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
888         .family         =       AF_INET6,
889         .obj_size       =       sizeof(struct tcp6_request_sock),
890         .rtx_syn_ack    =       tcp_v6_send_synack,
891         .send_ack       =       tcp_v6_reqsk_send_ack,
892         .destructor     =       tcp_v6_reqsk_destructor,
893         .send_reset     =       tcp_v6_send_reset
894 };
895
896 #ifdef CONFIG_TCP_MD5SIG
897 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
898         .md5_lookup     =       tcp_v6_reqsk_md5_lookup,
899         .calc_md5_hash  =       tcp_v6_md5_hash_skb,
900 };
901 #endif
902
903 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
904         .twsk_obj_size  = sizeof(struct tcp6_timewait_sock),
905         .twsk_unique    = tcp_twsk_unique,
906         .twsk_destructor= tcp_twsk_destructor,
907 };
908
909 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb)
910 {
911         struct ipv6_pinfo *np = inet6_sk(sk);
912         struct tcphdr *th = tcp_hdr(skb);
913
914         if (skb->ip_summed == CHECKSUM_PARTIAL) {
915                 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,  0);
916                 skb->csum_start = skb_transport_header(skb) - skb->head;
917                 skb->csum_offset = offsetof(struct tcphdr, check);
918         } else {
919                 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,
920                                             csum_partial(th, th->doff<<2,
921                                                          skb->csum));
922         }
923 }
924
925 static int tcp_v6_gso_send_check(struct sk_buff *skb)
926 {
927         struct ipv6hdr *ipv6h;
928         struct tcphdr *th;
929
930         if (!pskb_may_pull(skb, sizeof(*th)))
931                 return -EINVAL;
932
933         ipv6h = ipv6_hdr(skb);
934         th = tcp_hdr(skb);
935
936         th->check = 0;
937         th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len,
938                                      IPPROTO_TCP, 0);
939         skb->csum_start = skb_transport_header(skb) - skb->head;
940         skb->csum_offset = offsetof(struct tcphdr, check);
941         skb->ip_summed = CHECKSUM_PARTIAL;
942         return 0;
943 }
944
945 static struct sk_buff **tcp6_gro_receive(struct sk_buff **head,
946                                          struct sk_buff *skb)
947 {
948         struct ipv6hdr *iph = skb_gro_network_header(skb);
949
950         switch (skb->ip_summed) {
951         case CHECKSUM_COMPLETE:
952                 if (!tcp_v6_check(skb_gro_len(skb), &iph->saddr, &iph->daddr,
953                                   skb->csum)) {
954                         skb->ip_summed = CHECKSUM_UNNECESSARY;
955                         break;
956                 }
957
958                 /* fall through */
959         case CHECKSUM_NONE:
960                 NAPI_GRO_CB(skb)->flush = 1;
961                 return NULL;
962         }
963
964         return tcp_gro_receive(head, skb);
965 }
966
967 static int tcp6_gro_complete(struct sk_buff *skb)
968 {
969         struct ipv6hdr *iph = ipv6_hdr(skb);
970         struct tcphdr *th = tcp_hdr(skb);
971
972         th->check = ~tcp_v6_check(skb->len - skb_transport_offset(skb),
973                                   &iph->saddr, &iph->daddr, 0);
974         skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6;
975
976         return tcp_gro_complete(skb);
977 }
978
979 static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
980                                  u32 ts, struct tcp_md5sig_key *key, int rst)
981 {
982         struct tcphdr *th = tcp_hdr(skb), *t1;
983         struct sk_buff *buff;
984         struct flowi fl;
985         struct net *net = dev_net(skb_dst(skb)->dev);
986         struct sock *ctl_sk = net->ipv6.tcp_sk;
987         unsigned int tot_len = sizeof(struct tcphdr);
988         struct dst_entry *dst;
989         __be32 *topt;
990
991         if (ts)
992                 tot_len += TCPOLEN_TSTAMP_ALIGNED;
993 #ifdef CONFIG_TCP_MD5SIG
994         if (key)
995                 tot_len += TCPOLEN_MD5SIG_ALIGNED;
996 #endif
997
998         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
999                          GFP_ATOMIC);
1000         if (buff == NULL)
1001                 return;
1002
1003         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1004
1005         t1 = (struct tcphdr *) skb_push(buff, tot_len);
1006
1007         /* Swap the send and the receive. */
1008         memset(t1, 0, sizeof(*t1));
1009         t1->dest = th->source;
1010         t1->source = th->dest;
1011         t1->doff = tot_len / 4;
1012         t1->seq = htonl(seq);
1013         t1->ack_seq = htonl(ack);
1014         t1->ack = !rst || !th->ack;
1015         t1->rst = rst;
1016         t1->window = htons(win);
1017
1018         topt = (__be32 *)(t1 + 1);
1019
1020         if (ts) {
1021                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1022                                 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
1023                 *topt++ = htonl(tcp_time_stamp);
1024                 *topt++ = htonl(ts);
1025         }
1026
1027 #ifdef CONFIG_TCP_MD5SIG
1028         if (key) {
1029                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1030                                 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1031                 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
1032                                     &ipv6_hdr(skb)->saddr,
1033                                     &ipv6_hdr(skb)->daddr, t1);
1034         }
1035 #endif
1036
1037         buff->csum = csum_partial(t1, tot_len, 0);
1038
1039         memset(&fl, 0, sizeof(fl));
1040         ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1041         ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr);
1042
1043         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1044                                     tot_len, IPPROTO_TCP,
1045                                     buff->csum);
1046
1047         fl.proto = IPPROTO_TCP;
1048         fl.oif = inet6_iif(skb);
1049         fl.fl_ip_dport = t1->dest;
1050         fl.fl_ip_sport = t1->source;
1051         security_skb_classify_flow(skb, &fl);
1052
1053         /* Pass a socket to ip6_dst_lookup either it is for RST
1054          * Underlying function will use this to retrieve the network
1055          * namespace
1056          */
1057         if (!ip6_dst_lookup(ctl_sk, &dst, &fl)) {
1058                 if (xfrm_lookup(net, &dst, &fl, NULL, 0) >= 0) {
1059                         skb_dst_set(buff, dst);
1060                         ip6_xmit(ctl_sk, buff, &fl, NULL, 0);
1061                         TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
1062                         if (rst)
1063                                 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
1064                         return;
1065                 }
1066         }
1067
1068         kfree_skb(buff);
1069 }
1070
1071 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
1072 {
1073         struct tcphdr *th = tcp_hdr(skb);
1074         u32 seq = 0, ack_seq = 0;
1075         struct tcp_md5sig_key *key = NULL;
1076
1077         if (th->rst)
1078                 return;
1079
1080         if (!ipv6_unicast_destination(skb))
1081                 return;
1082
1083 #ifdef CONFIG_TCP_MD5SIG
1084         if (sk)
1085                 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr);
1086 #endif
1087
1088         if (th->ack)
1089                 seq = ntohl(th->ack_seq);
1090         else
1091                 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
1092                           (th->doff << 2);
1093
1094         tcp_v6_send_response(skb, seq, ack_seq, 0, 0, key, 1);
1095 }
1096
1097 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts,
1098                             struct tcp_md5sig_key *key)
1099 {
1100         tcp_v6_send_response(skb, seq, ack, win, ts, key, 0);
1101 }
1102
1103 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1104 {
1105         struct inet_timewait_sock *tw = inet_twsk(sk);
1106         struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1107
1108         tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1109                         tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1110                         tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw));
1111
1112         inet_twsk_put(tw);
1113 }
1114
1115 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
1116                                   struct request_sock *req)
1117 {
1118         tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent,
1119                         tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr));
1120 }
1121
1122
1123 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1124 {
1125         struct request_sock *req, **prev;
1126         const struct tcphdr *th = tcp_hdr(skb);
1127         struct sock *nsk;
1128
1129         /* Find possible connection requests. */
1130         req = inet6_csk_search_req(sk, &prev, th->source,
1131                                    &ipv6_hdr(skb)->saddr,
1132                                    &ipv6_hdr(skb)->daddr, inet6_iif(skb));
1133         if (req)
1134                 return tcp_check_req(sk, skb, req, prev);
1135
1136         nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
1137                         &ipv6_hdr(skb)->saddr, th->source,
1138                         &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb));
1139
1140         if (nsk) {
1141                 if (nsk->sk_state != TCP_TIME_WAIT) {
1142                         bh_lock_sock(nsk);
1143                         return nsk;
1144                 }
1145                 inet_twsk_put(inet_twsk(nsk));
1146                 return NULL;
1147         }
1148
1149 #ifdef CONFIG_SYN_COOKIES
1150         if (!th->rst && !th->syn && th->ack)
1151                 sk = cookie_v6_check(sk, skb);
1152 #endif
1153         return sk;
1154 }
1155
1156 /* FIXME: this is substantially similar to the ipv4 code.
1157  * Can some kind of merge be done? -- erics
1158  */
1159 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1160 {
1161         struct inet6_request_sock *treq;
1162         struct ipv6_pinfo *np = inet6_sk(sk);
1163         struct tcp_options_received tmp_opt;
1164         struct tcp_sock *tp = tcp_sk(sk);
1165         struct request_sock *req = NULL;
1166         __u32 isn = TCP_SKB_CB(skb)->when;
1167 #ifdef CONFIG_SYN_COOKIES
1168         int want_cookie = 0;
1169 #else
1170 #define want_cookie 0
1171 #endif
1172
1173         if (skb->protocol == htons(ETH_P_IP))
1174                 return tcp_v4_conn_request(sk, skb);
1175
1176         if (!ipv6_unicast_destination(skb))
1177                 goto drop;
1178
1179         if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1180                 if (net_ratelimit())
1181                         syn_flood_warning(skb);
1182 #ifdef CONFIG_SYN_COOKIES
1183                 if (sysctl_tcp_syncookies)
1184                         want_cookie = 1;
1185                 else
1186 #endif
1187                 goto drop;
1188         }
1189
1190         if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1191                 goto drop;
1192
1193         req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
1194         if (req == NULL)
1195                 goto drop;
1196
1197 #ifdef CONFIG_TCP_MD5SIG
1198         tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
1199 #endif
1200
1201         tcp_clear_options(&tmp_opt);
1202         tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1203         tmp_opt.user_mss = tp->rx_opt.user_mss;
1204
1205         tcp_parse_options(skb, &tmp_opt, 0);
1206
1207         if (want_cookie && !tmp_opt.saw_tstamp)
1208                 tcp_clear_options(&tmp_opt);
1209
1210         tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1211         tcp_openreq_init(req, &tmp_opt, skb);
1212
1213         treq = inet6_rsk(req);
1214         ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr);
1215         ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr);
1216         if (!want_cookie)
1217                 TCP_ECN_create_request(req, tcp_hdr(skb));
1218
1219         if (want_cookie) {
1220                 isn = cookie_v6_init_sequence(sk, skb, &req->mss);
1221                 req->cookie_ts = tmp_opt.tstamp_ok;
1222         } else if (!isn) {
1223                 if (ipv6_opt_accepted(sk, skb) ||
1224                     np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1225                     np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1226                         atomic_inc(&skb->users);
1227                         treq->pktopts = skb;
1228                 }
1229                 treq->iif = sk->sk_bound_dev_if;
1230
1231                 /* So that link locals have meaning */
1232                 if (!sk->sk_bound_dev_if &&
1233                     ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1234                         treq->iif = inet6_iif(skb);
1235
1236                 isn = tcp_v6_init_sequence(skb);
1237         }
1238
1239         tcp_rsk(req)->snt_isn = isn;
1240
1241         security_inet_conn_request(sk, skb, req);
1242
1243         if (tcp_v6_send_synack(sk, req))
1244                 goto drop;
1245
1246         if (!want_cookie) {
1247                 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1248                 return 0;
1249         }
1250
1251 drop:
1252         if (req)
1253                 reqsk_free(req);
1254
1255         return 0; /* don't send reset */
1256 }
1257
1258 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1259                                           struct request_sock *req,
1260                                           struct dst_entry *dst)
1261 {
1262         struct inet6_request_sock *treq;
1263         struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1264         struct tcp6_sock *newtcp6sk;
1265         struct inet_sock *newinet;
1266         struct tcp_sock *newtp;
1267         struct sock *newsk;
1268         struct ipv6_txoptions *opt;
1269 #ifdef CONFIG_TCP_MD5SIG
1270         struct tcp_md5sig_key *key;
1271 #endif
1272
1273         if (skb->protocol == htons(ETH_P_IP)) {
1274                 /*
1275                  *      v6 mapped
1276                  */
1277
1278                 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1279
1280                 if (newsk == NULL)
1281                         return NULL;
1282
1283                 newtcp6sk = (struct tcp6_sock *)newsk;
1284                 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1285
1286                 newinet = inet_sk(newsk);
1287                 newnp = inet6_sk(newsk);
1288                 newtp = tcp_sk(newsk);
1289
1290                 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1291
1292                 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF),
1293                               newinet->daddr);
1294
1295                 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF),
1296                               newinet->saddr);
1297
1298                 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1299
1300                 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1301                 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1302 #ifdef CONFIG_TCP_MD5SIG
1303                 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1304 #endif
1305
1306                 newnp->pktoptions  = NULL;
1307                 newnp->opt         = NULL;
1308                 newnp->mcast_oif   = inet6_iif(skb);
1309                 newnp->mcast_hops  = ipv6_hdr(skb)->hop_limit;
1310
1311                 /*
1312                  * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1313                  * here, tcp_create_openreq_child now does this for us, see the comment in
1314                  * that function for the gory details. -acme
1315                  */
1316
1317                 /* It is tricky place. Until this moment IPv4 tcp
1318                    worked with IPv6 icsk.icsk_af_ops.
1319                    Sync it now.
1320                  */
1321                 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1322
1323                 return newsk;
1324         }
1325
1326         treq = inet6_rsk(req);
1327         opt = np->opt;
1328
1329         if (sk_acceptq_is_full(sk))
1330                 goto out_overflow;
1331
1332         if (dst == NULL) {
1333                 struct in6_addr *final_p = NULL, final;
1334                 struct flowi fl;
1335
1336                 memset(&fl, 0, sizeof(fl));
1337                 fl.proto = IPPROTO_TCP;
1338                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
1339                 if (opt && opt->srcrt) {
1340                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
1341                         ipv6_addr_copy(&final, &fl.fl6_dst);
1342                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1343                         final_p = &final;
1344                 }
1345                 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
1346                 fl.oif = sk->sk_bound_dev_if;
1347                 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
1348                 fl.fl_ip_sport = inet_rsk(req)->loc_port;
1349                 security_req_classify_flow(req, &fl);
1350
1351                 if (ip6_dst_lookup(sk, &dst, &fl))
1352                         goto out;
1353
1354                 if (final_p)
1355                         ipv6_addr_copy(&fl.fl6_dst, final_p);
1356
1357                 if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
1358                         goto out;
1359         }
1360
1361         newsk = tcp_create_openreq_child(sk, req, skb);
1362         if (newsk == NULL)
1363                 goto out;
1364
1365         /*
1366          * No need to charge this sock to the relevant IPv6 refcnt debug socks
1367          * count here, tcp_create_openreq_child now does this for us, see the
1368          * comment in that function for the gory details. -acme
1369          */
1370
1371         newsk->sk_gso_type = SKB_GSO_TCPV6;
1372         __ip6_dst_store(newsk, dst, NULL, NULL);
1373
1374         newtcp6sk = (struct tcp6_sock *)newsk;
1375         inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1376
1377         newtp = tcp_sk(newsk);
1378         newinet = inet_sk(newsk);
1379         newnp = inet6_sk(newsk);
1380
1381         memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1382
1383         ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1384         ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1385         ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1386         newsk->sk_bound_dev_if = treq->iif;
1387
1388         /* Now IPv6 options...
1389
1390            First: no IPv4 options.
1391          */
1392         newinet->opt = NULL;
1393         newnp->ipv6_fl_list = NULL;
1394
1395         /* Clone RX bits */
1396         newnp->rxopt.all = np->rxopt.all;
1397
1398         /* Clone pktoptions received with SYN */
1399         newnp->pktoptions = NULL;
1400         if (treq->pktopts != NULL) {
1401                 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1402                 kfree_skb(treq->pktopts);
1403                 treq->pktopts = NULL;
1404                 if (newnp->pktoptions)
1405                         skb_set_owner_r(newnp->pktoptions, newsk);
1406         }
1407         newnp->opt        = NULL;
1408         newnp->mcast_oif  = inet6_iif(skb);
1409         newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1410
1411         /* Clone native IPv6 options from listening socket (if any)
1412
1413            Yes, keeping reference count would be much more clever,
1414            but we make one more one thing there: reattach optmem
1415            to newsk.
1416          */
1417         if (opt) {
1418                 newnp->opt = ipv6_dup_options(newsk, opt);
1419                 if (opt != np->opt)
1420                         sock_kfree_s(sk, opt, opt->tot_len);
1421         }
1422
1423         inet_csk(newsk)->icsk_ext_hdr_len = 0;
1424         if (newnp->opt)
1425                 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1426                                                      newnp->opt->opt_flen);
1427
1428         tcp_mtup_init(newsk);
1429         tcp_sync_mss(newsk, dst_mtu(dst));
1430         newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1431         tcp_initialize_rcv_mss(newsk);
1432
1433         newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
1434
1435 #ifdef CONFIG_TCP_MD5SIG
1436         /* Copy over the MD5 key from the original socket */
1437         if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
1438                 /* We're using one, so create a matching key
1439                  * on the newsk structure. If we fail to get
1440                  * memory, then we end up not copying the key
1441                  * across. Shucks.
1442                  */
1443                 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1444                 if (newkey != NULL)
1445                         tcp_v6_md5_do_add(newsk, &newnp->daddr,
1446                                           newkey, key->keylen);
1447         }
1448 #endif
1449
1450         __inet6_hash(newsk);
1451         __inet_inherit_port(sk, newsk);
1452
1453         return newsk;
1454
1455 out_overflow:
1456         NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1457 out:
1458         NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1459         if (opt && opt != np->opt)
1460                 sock_kfree_s(sk, opt, opt->tot_len);
1461         dst_release(dst);
1462         return NULL;
1463 }
1464
1465 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1466 {
1467         if (skb->ip_summed == CHECKSUM_COMPLETE) {
1468                 if (!tcp_v6_check(skb->len, &ipv6_hdr(skb)->saddr,
1469                                   &ipv6_hdr(skb)->daddr, skb->csum)) {
1470                         skb->ip_summed = CHECKSUM_UNNECESSARY;
1471                         return 0;
1472                 }
1473         }
1474
1475         skb->csum = ~csum_unfold(tcp_v6_check(skb->len,
1476                                               &ipv6_hdr(skb)->saddr,
1477                                               &ipv6_hdr(skb)->daddr, 0));
1478
1479         if (skb->len <= 76) {
1480                 return __skb_checksum_complete(skb);
1481         }
1482         return 0;
1483 }
1484
1485 /* The socket must have it's spinlock held when we get
1486  * here.
1487  *
1488  * We have a potential double-lock case here, so even when
1489  * doing backlog processing we use the BH locking scheme.
1490  * This is because we cannot sleep with the original spinlock
1491  * held.
1492  */
1493 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1494 {
1495         struct ipv6_pinfo *np = inet6_sk(sk);
1496         struct tcp_sock *tp;
1497         struct sk_buff *opt_skb = NULL;
1498
1499         /* Imagine: socket is IPv6. IPv4 packet arrives,
1500            goes to IPv4 receive handler and backlogged.
1501            From backlog it always goes here. Kerboom...
1502            Fortunately, tcp_rcv_established and rcv_established
1503            handle them correctly, but it is not case with
1504            tcp_v6_hnd_req and tcp_v6_send_reset().   --ANK
1505          */
1506
1507         if (skb->protocol == htons(ETH_P_IP))
1508                 return tcp_v4_do_rcv(sk, skb);
1509
1510 #ifdef CONFIG_TCP_MD5SIG
1511         if (tcp_v6_inbound_md5_hash (sk, skb))
1512                 goto discard;
1513 #endif
1514
1515         if (sk_filter(sk, skb))
1516                 goto discard;
1517
1518         /*
1519          *      socket locking is here for SMP purposes as backlog rcv
1520          *      is currently called with bh processing disabled.
1521          */
1522
1523         /* Do Stevens' IPV6_PKTOPTIONS.
1524
1525            Yes, guys, it is the only place in our code, where we
1526            may make it not affecting IPv4.
1527            The rest of code is protocol independent,
1528            and I do not like idea to uglify IPv4.
1529
1530            Actually, all the idea behind IPV6_PKTOPTIONS
1531            looks not very well thought. For now we latch
1532            options, received in the last packet, enqueued
1533            by tcp. Feel free to propose better solution.
1534                                                --ANK (980728)
1535          */
1536         if (np->rxopt.all)
1537                 opt_skb = skb_clone(skb, GFP_ATOMIC);
1538
1539         if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1540                 TCP_CHECK_TIMER(sk);
1541                 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len))
1542                         goto reset;
1543                 TCP_CHECK_TIMER(sk);
1544                 if (opt_skb)
1545                         goto ipv6_pktoptions;
1546                 return 0;
1547         }
1548
1549         if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1550                 goto csum_err;
1551
1552         if (sk->sk_state == TCP_LISTEN) {
1553                 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1554                 if (!nsk)
1555                         goto discard;
1556
1557                 /*
1558                  * Queue it on the new socket if the new socket is active,
1559                  * otherwise we just shortcircuit this and continue with
1560                  * the new socket..
1561                  */
1562                 if(nsk != sk) {
1563                         if (tcp_child_process(sk, nsk, skb))
1564                                 goto reset;
1565                         if (opt_skb)
1566                                 __kfree_skb(opt_skb);
1567                         return 0;
1568                 }
1569         }
1570
1571         TCP_CHECK_TIMER(sk);
1572         if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1573                 goto reset;
1574         TCP_CHECK_TIMER(sk);
1575         if (opt_skb)
1576                 goto ipv6_pktoptions;
1577         return 0;
1578
1579 reset:
1580         tcp_v6_send_reset(sk, skb);
1581 discard:
1582         if (opt_skb)
1583                 __kfree_skb(opt_skb);
1584         kfree_skb(skb);
1585         return 0;
1586 csum_err:
1587         TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1588         goto discard;
1589
1590
1591 ipv6_pktoptions:
1592         /* Do you ask, what is it?
1593
1594            1. skb was enqueued by tcp.
1595            2. skb is added to tail of read queue, rather than out of order.
1596            3. socket is not in passive state.
1597            4. Finally, it really contains options, which user wants to receive.
1598          */
1599         tp = tcp_sk(sk);
1600         if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1601             !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1602                 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1603                         np->mcast_oif = inet6_iif(opt_skb);
1604                 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1605                         np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1606                 if (ipv6_opt_accepted(sk, opt_skb)) {
1607                         skb_set_owner_r(opt_skb, sk);
1608                         opt_skb = xchg(&np->pktoptions, opt_skb);
1609                 } else {
1610                         __kfree_skb(opt_skb);
1611                         opt_skb = xchg(&np->pktoptions, NULL);
1612                 }
1613         }
1614
1615         kfree_skb(opt_skb);
1616         return 0;
1617 }
1618
1619 static int tcp_v6_rcv(struct sk_buff *skb)
1620 {
1621         struct tcphdr *th;
1622         struct sock *sk;
1623         int ret;
1624         struct net *net = dev_net(skb->dev);
1625
1626         if (skb->pkt_type != PACKET_HOST)
1627                 goto discard_it;
1628
1629         /*
1630          *      Count it even if it's bad.
1631          */
1632         TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1633
1634         if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1635                 goto discard_it;
1636
1637         th = tcp_hdr(skb);
1638
1639         if (th->doff < sizeof(struct tcphdr)/4)
1640                 goto bad_packet;
1641         if (!pskb_may_pull(skb, th->doff*4))
1642                 goto discard_it;
1643
1644         if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb))
1645                 goto bad_packet;
1646
1647         th = tcp_hdr(skb);
1648         TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1649         TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1650                                     skb->len - th->doff*4);
1651         TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1652         TCP_SKB_CB(skb)->when = 0;
1653         TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb));
1654         TCP_SKB_CB(skb)->sacked = 0;
1655
1656         sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
1657         if (!sk)
1658                 goto no_tcp_socket;
1659
1660 process:
1661         if (sk->sk_state == TCP_TIME_WAIT)
1662                 goto do_time_wait;
1663
1664         if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1665                 goto discard_and_relse;
1666
1667         if (sk_filter(sk, skb))
1668                 goto discard_and_relse;
1669
1670         skb->dev = NULL;
1671
1672         bh_lock_sock_nested(sk);
1673         ret = 0;
1674         if (!sock_owned_by_user(sk)) {
1675 #ifdef CONFIG_NET_DMA
1676                 struct tcp_sock *tp = tcp_sk(sk);
1677                 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1678                         tp->ucopy.dma_chan = dma_find_channel(DMA_MEMCPY);
1679                 if (tp->ucopy.dma_chan)
1680                         ret = tcp_v6_do_rcv(sk, skb);
1681                 else
1682 #endif
1683                 {
1684                         if (!tcp_prequeue(sk, skb))
1685                                 ret = tcp_v6_do_rcv(sk, skb);
1686                 }
1687         } else
1688                 sk_add_backlog(sk, skb);
1689         bh_unlock_sock(sk);
1690
1691         sock_put(sk);
1692         return ret ? -1 : 0;
1693
1694 no_tcp_socket:
1695         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1696                 goto discard_it;
1697
1698         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1699 bad_packet:
1700                 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1701         } else {
1702                 tcp_v6_send_reset(NULL, skb);
1703         }
1704
1705 discard_it:
1706
1707         /*
1708          *      Discard frame
1709          */
1710
1711         kfree_skb(skb);
1712         return 0;
1713
1714 discard_and_relse:
1715         sock_put(sk);
1716         goto discard_it;
1717
1718 do_time_wait:
1719         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1720                 inet_twsk_put(inet_twsk(sk));
1721                 goto discard_it;
1722         }
1723
1724         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1725                 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1726                 inet_twsk_put(inet_twsk(sk));
1727                 goto discard_it;
1728         }
1729
1730         switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1731         case TCP_TW_SYN:
1732         {
1733                 struct sock *sk2;
1734
1735                 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1736                                             &ipv6_hdr(skb)->daddr,
1737                                             ntohs(th->dest), inet6_iif(skb));
1738                 if (sk2 != NULL) {
1739                         struct inet_timewait_sock *tw = inet_twsk(sk);
1740                         inet_twsk_deschedule(tw, &tcp_death_row);
1741                         inet_twsk_put(tw);
1742                         sk = sk2;
1743                         goto process;
1744                 }
1745                 /* Fall through to ACK */
1746         }
1747         case TCP_TW_ACK:
1748                 tcp_v6_timewait_ack(sk, skb);
1749                 break;
1750         case TCP_TW_RST:
1751                 goto no_tcp_socket;
1752         case TCP_TW_SUCCESS:;
1753         }
1754         goto discard_it;
1755 }
1756
1757 static int tcp_v6_remember_stamp(struct sock *sk)
1758 {
1759         /* Alas, not yet... */
1760         return 0;
1761 }
1762
1763 static const struct inet_connection_sock_af_ops ipv6_specific = {
1764         .queue_xmit        = inet6_csk_xmit,
1765         .send_check        = tcp_v6_send_check,
1766         .rebuild_header    = inet6_sk_rebuild_header,
1767         .conn_request      = tcp_v6_conn_request,
1768         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1769         .remember_stamp    = tcp_v6_remember_stamp,
1770         .net_header_len    = sizeof(struct ipv6hdr),
1771         .setsockopt        = ipv6_setsockopt,
1772         .getsockopt        = ipv6_getsockopt,
1773         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1774         .sockaddr_len      = sizeof(struct sockaddr_in6),
1775         .bind_conflict     = inet6_csk_bind_conflict,
1776 #ifdef CONFIG_COMPAT
1777         .compat_setsockopt = compat_ipv6_setsockopt,
1778         .compat_getsockopt = compat_ipv6_getsockopt,
1779 #endif
1780 };
1781
1782 #ifdef CONFIG_TCP_MD5SIG
1783 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1784         .md5_lookup     =       tcp_v6_md5_lookup,
1785         .calc_md5_hash  =       tcp_v6_md5_hash_skb,
1786         .md5_add        =       tcp_v6_md5_add_func,
1787         .md5_parse      =       tcp_v6_parse_md5_keys,
1788 };
1789 #endif
1790
1791 /*
1792  *      TCP over IPv4 via INET6 API
1793  */
1794
1795 static const struct inet_connection_sock_af_ops ipv6_mapped = {
1796         .queue_xmit        = ip_queue_xmit,
1797         .send_check        = tcp_v4_send_check,
1798         .rebuild_header    = inet_sk_rebuild_header,
1799         .conn_request      = tcp_v6_conn_request,
1800         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1801         .remember_stamp    = tcp_v4_remember_stamp,
1802         .net_header_len    = sizeof(struct iphdr),
1803         .setsockopt        = ipv6_setsockopt,
1804         .getsockopt        = ipv6_getsockopt,
1805         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1806         .sockaddr_len      = sizeof(struct sockaddr_in6),
1807         .bind_conflict     = inet6_csk_bind_conflict,
1808 #ifdef CONFIG_COMPAT
1809         .compat_setsockopt = compat_ipv6_setsockopt,
1810         .compat_getsockopt = compat_ipv6_getsockopt,
1811 #endif
1812 };
1813
1814 #ifdef CONFIG_TCP_MD5SIG
1815 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1816         .md5_lookup     =       tcp_v4_md5_lookup,
1817         .calc_md5_hash  =       tcp_v4_md5_hash_skb,
1818         .md5_add        =       tcp_v6_md5_add_func,
1819         .md5_parse      =       tcp_v6_parse_md5_keys,
1820 };
1821 #endif
1822
1823 /* NOTE: A lot of things set to zero explicitly by call to
1824  *       sk_alloc() so need not be done here.
1825  */
1826 static int tcp_v6_init_sock(struct sock *sk)
1827 {
1828         struct inet_connection_sock *icsk = inet_csk(sk);
1829         struct tcp_sock *tp = tcp_sk(sk);
1830
1831         skb_queue_head_init(&tp->out_of_order_queue);
1832         tcp_init_xmit_timers(sk);
1833         tcp_prequeue_init(tp);
1834
1835         icsk->icsk_rto = TCP_TIMEOUT_INIT;
1836         tp->mdev = TCP_TIMEOUT_INIT;
1837
1838         /* So many TCP implementations out there (incorrectly) count the
1839          * initial SYN frame in their delayed-ACK and congestion control
1840          * algorithms that we must have the following bandaid to talk
1841          * efficiently to them.  -DaveM
1842          */
1843         tp->snd_cwnd = 2;
1844
1845         /* See draft-stevens-tcpca-spec-01 for discussion of the
1846          * initialization of these values.
1847          */
1848         tp->snd_ssthresh = 0x7fffffff;
1849         tp->snd_cwnd_clamp = ~0;
1850         tp->mss_cache = 536;
1851
1852         tp->reordering = sysctl_tcp_reordering;
1853
1854         sk->sk_state = TCP_CLOSE;
1855
1856         icsk->icsk_af_ops = &ipv6_specific;
1857         icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1858         icsk->icsk_sync_mss = tcp_sync_mss;
1859         sk->sk_write_space = sk_stream_write_space;
1860         sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1861
1862 #ifdef CONFIG_TCP_MD5SIG
1863         tp->af_specific = &tcp_sock_ipv6_specific;
1864 #endif
1865
1866         sk->sk_sndbuf = sysctl_tcp_wmem[1];
1867         sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1868
1869         local_bh_disable();
1870         percpu_counter_inc(&tcp_sockets_allocated);
1871         local_bh_enable();
1872
1873         return 0;
1874 }
1875
1876 static void tcp_v6_destroy_sock(struct sock *sk)
1877 {
1878 #ifdef CONFIG_TCP_MD5SIG
1879         /* Clean up the MD5 key list */
1880         if (tcp_sk(sk)->md5sig_info)
1881                 tcp_v6_clear_md5_list(sk);
1882 #endif
1883         tcp_v4_destroy_sock(sk);
1884         inet6_destroy_sock(sk);
1885 }
1886
1887 #ifdef CONFIG_PROC_FS
1888 /* Proc filesystem TCPv6 sock list dumping. */
1889 static void get_openreq6(struct seq_file *seq,
1890                          struct sock *sk, struct request_sock *req, int i, int uid)
1891 {
1892         int ttd = req->expires - jiffies;
1893         struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1894         struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1895
1896         if (ttd < 0)
1897                 ttd = 0;
1898
1899         seq_printf(seq,
1900                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1901                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1902                    i,
1903                    src->s6_addr32[0], src->s6_addr32[1],
1904                    src->s6_addr32[2], src->s6_addr32[3],
1905                    ntohs(inet_rsk(req)->loc_port),
1906                    dest->s6_addr32[0], dest->s6_addr32[1],
1907                    dest->s6_addr32[2], dest->s6_addr32[3],
1908                    ntohs(inet_rsk(req)->rmt_port),
1909                    TCP_SYN_RECV,
1910                    0,0, /* could print option size, but that is af dependent. */
1911                    1,   /* timers active (only the expire timer) */
1912                    jiffies_to_clock_t(ttd),
1913                    req->retrans,
1914                    uid,
1915                    0,  /* non standard timer */
1916                    0, /* open_requests have no inode */
1917                    0, req);
1918 }
1919
1920 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1921 {
1922         struct in6_addr *dest, *src;
1923         __u16 destp, srcp;
1924         int timer_active;
1925         unsigned long timer_expires;
1926         struct inet_sock *inet = inet_sk(sp);
1927         struct tcp_sock *tp = tcp_sk(sp);
1928         const struct inet_connection_sock *icsk = inet_csk(sp);
1929         struct ipv6_pinfo *np = inet6_sk(sp);
1930
1931         dest  = &np->daddr;
1932         src   = &np->rcv_saddr;
1933         destp = ntohs(inet->dport);
1934         srcp  = ntohs(inet->sport);
1935
1936         if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1937                 timer_active    = 1;
1938                 timer_expires   = icsk->icsk_timeout;
1939         } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1940                 timer_active    = 4;
1941                 timer_expires   = icsk->icsk_timeout;
1942         } else if (timer_pending(&sp->sk_timer)) {
1943                 timer_active    = 2;
1944                 timer_expires   = sp->sk_timer.expires;
1945         } else {
1946                 timer_active    = 0;
1947                 timer_expires = jiffies;
1948         }
1949
1950         seq_printf(seq,
1951                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1952                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %lu %lu %u %u %d\n",
1953                    i,
1954                    src->s6_addr32[0], src->s6_addr32[1],
1955                    src->s6_addr32[2], src->s6_addr32[3], srcp,
1956                    dest->s6_addr32[0], dest->s6_addr32[1],
1957                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
1958                    sp->sk_state,
1959                    tp->write_seq-tp->snd_una,
1960                    (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
1961                    timer_active,
1962                    jiffies_to_clock_t(timer_expires - jiffies),
1963                    icsk->icsk_retransmits,
1964                    sock_i_uid(sp),
1965                    icsk->icsk_probes_out,
1966                    sock_i_ino(sp),
1967                    atomic_read(&sp->sk_refcnt), sp,
1968                    jiffies_to_clock_t(icsk->icsk_rto),
1969                    jiffies_to_clock_t(icsk->icsk_ack.ato),
1970                    (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
1971                    tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
1972                    );
1973 }
1974
1975 static void get_timewait6_sock(struct seq_file *seq,
1976                                struct inet_timewait_sock *tw, int i)
1977 {
1978         struct in6_addr *dest, *src;
1979         __u16 destp, srcp;
1980         struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
1981         int ttd = tw->tw_ttd - jiffies;
1982
1983         if (ttd < 0)
1984                 ttd = 0;
1985
1986         dest = &tw6->tw_v6_daddr;
1987         src  = &tw6->tw_v6_rcv_saddr;
1988         destp = ntohs(tw->tw_dport);
1989         srcp  = ntohs(tw->tw_sport);
1990
1991         seq_printf(seq,
1992                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1993                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1994                    i,
1995                    src->s6_addr32[0], src->s6_addr32[1],
1996                    src->s6_addr32[2], src->s6_addr32[3], srcp,
1997                    dest->s6_addr32[0], dest->s6_addr32[1],
1998                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
1999                    tw->tw_substate, 0, 0,
2000                    3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2001                    atomic_read(&tw->tw_refcnt), tw);
2002 }
2003
2004 static int tcp6_seq_show(struct seq_file *seq, void *v)
2005 {
2006         struct tcp_iter_state *st;
2007
2008         if (v == SEQ_START_TOKEN) {
2009                 seq_puts(seq,
2010                          "  sl  "
2011                          "local_address                         "
2012                          "remote_address                        "
2013                          "st tx_queue rx_queue tr tm->when retrnsmt"
2014                          "   uid  timeout inode\n");
2015                 goto out;
2016         }
2017         st = seq->private;
2018
2019         switch (st->state) {
2020         case TCP_SEQ_STATE_LISTENING:
2021         case TCP_SEQ_STATE_ESTABLISHED:
2022                 get_tcp6_sock(seq, v, st->num);
2023                 break;
2024         case TCP_SEQ_STATE_OPENREQ:
2025                 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
2026                 break;
2027         case TCP_SEQ_STATE_TIME_WAIT:
2028                 get_timewait6_sock(seq, v, st->num);
2029                 break;
2030         }
2031 out:
2032         return 0;
2033 }
2034
2035 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2036         .name           = "tcp6",
2037         .family         = AF_INET6,
2038         .seq_fops       = {
2039                 .owner          = THIS_MODULE,
2040         },
2041         .seq_ops        = {
2042                 .show           = tcp6_seq_show,
2043         },
2044 };
2045
2046 int tcp6_proc_init(struct net *net)
2047 {
2048         return tcp_proc_register(net, &tcp6_seq_afinfo);
2049 }
2050
2051 void tcp6_proc_exit(struct net *net)
2052 {
2053         tcp_proc_unregister(net, &tcp6_seq_afinfo);
2054 }
2055 #endif
2056
2057 struct proto tcpv6_prot = {
2058         .name                   = "TCPv6",
2059         .owner                  = THIS_MODULE,
2060         .close                  = tcp_close,
2061         .connect                = tcp_v6_connect,
2062         .disconnect             = tcp_disconnect,
2063         .accept                 = inet_csk_accept,
2064         .ioctl                  = tcp_ioctl,
2065         .init                   = tcp_v6_init_sock,
2066         .destroy                = tcp_v6_destroy_sock,
2067         .shutdown               = tcp_shutdown,
2068         .setsockopt             = tcp_setsockopt,
2069         .getsockopt             = tcp_getsockopt,
2070         .recvmsg                = tcp_recvmsg,
2071         .backlog_rcv            = tcp_v6_do_rcv,
2072         .hash                   = tcp_v6_hash,
2073         .unhash                 = inet_unhash,
2074         .get_port               = inet_csk_get_port,
2075         .enter_memory_pressure  = tcp_enter_memory_pressure,
2076         .sockets_allocated      = &tcp_sockets_allocated,
2077         .memory_allocated       = &tcp_memory_allocated,
2078         .memory_pressure        = &tcp_memory_pressure,
2079         .orphan_count           = &tcp_orphan_count,
2080         .sysctl_mem             = sysctl_tcp_mem,
2081         .sysctl_wmem            = sysctl_tcp_wmem,
2082         .sysctl_rmem            = sysctl_tcp_rmem,
2083         .max_header             = MAX_TCP_HEADER,
2084         .obj_size               = sizeof(struct tcp6_sock),
2085         .slab_flags             = SLAB_DESTROY_BY_RCU,
2086         .twsk_prot              = &tcp6_timewait_sock_ops,
2087         .rsk_prot               = &tcp6_request_sock_ops,
2088         .h.hashinfo             = &tcp_hashinfo,
2089 #ifdef CONFIG_COMPAT
2090         .compat_setsockopt      = compat_tcp_setsockopt,
2091         .compat_getsockopt      = compat_tcp_getsockopt,
2092 #endif
2093 };
2094
2095 static struct inet6_protocol tcpv6_protocol = {
2096         .handler        =       tcp_v6_rcv,
2097         .err_handler    =       tcp_v6_err,
2098         .gso_send_check =       tcp_v6_gso_send_check,
2099         .gso_segment    =       tcp_tso_segment,
2100         .gro_receive    =       tcp6_gro_receive,
2101         .gro_complete   =       tcp6_gro_complete,
2102         .flags          =       INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2103 };
2104
2105 static struct inet_protosw tcpv6_protosw = {
2106         .type           =       SOCK_STREAM,
2107         .protocol       =       IPPROTO_TCP,
2108         .prot           =       &tcpv6_prot,
2109         .ops            =       &inet6_stream_ops,
2110         .capability     =       -1,
2111         .no_check       =       0,
2112         .flags          =       INET_PROTOSW_PERMANENT |
2113                                 INET_PROTOSW_ICSK,
2114 };
2115
2116 static int tcpv6_net_init(struct net *net)
2117 {
2118         return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2119                                     SOCK_RAW, IPPROTO_TCP, net);
2120 }
2121
2122 static void tcpv6_net_exit(struct net *net)
2123 {
2124         inet_ctl_sock_destroy(net->ipv6.tcp_sk);
2125         inet_twsk_purge(net, &tcp_hashinfo, &tcp_death_row, AF_INET6);
2126 }
2127
2128 static struct pernet_operations tcpv6_net_ops = {
2129         .init = tcpv6_net_init,
2130         .exit = tcpv6_net_exit,
2131 };
2132
2133 int __init tcpv6_init(void)
2134 {
2135         int ret;
2136
2137         ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2138         if (ret)
2139                 goto out;
2140
2141         /* register inet6 protocol */
2142         ret = inet6_register_protosw(&tcpv6_protosw);
2143         if (ret)
2144                 goto out_tcpv6_protocol;
2145
2146         ret = register_pernet_subsys(&tcpv6_net_ops);
2147         if (ret)
2148                 goto out_tcpv6_protosw;
2149 out:
2150         return ret;
2151
2152 out_tcpv6_protocol:
2153         inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2154 out_tcpv6_protosw:
2155         inet6_unregister_protosw(&tcpv6_protosw);
2156         goto out;
2157 }
2158
2159 void tcpv6_exit(void)
2160 {
2161         unregister_pernet_subsys(&tcpv6_net_ops);
2162         inet6_unregister_protosw(&tcpv6_protosw);
2163         inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2164 }