inet: rename some inet_sock fields
[linux-2.6.git] / net / ipv6 / tcp_ipv6.c
1 /*
2  *      TCP over IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *
8  *      Based on:
9  *      linux/net/ipv4/tcp.c
10  *      linux/net/ipv4/tcp_input.c
11  *      linux/net/ipv4/tcp_output.c
12  *
13  *      Fixes:
14  *      Hideaki YOSHIFUJI       :       sin6_scope_id support
15  *      YOSHIFUJI Hideaki @USAGI and:   Support IPV6_V6ONLY socket option, which
16  *      Alexey Kuznetsov                allow both IPv4 and IPv6 sockets to bind
17  *                                      a single port at the same time.
18  *      YOSHIFUJI Hideaki @USAGI:       convert /proc/net/tcp6 to seq_file.
19  *
20  *      This program is free software; you can redistribute it and/or
21  *      modify it under the terms of the GNU General Public License
22  *      as published by the Free Software Foundation; either version
23  *      2 of the License, or (at your option) any later version.
24  */
25
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
34 #include <linux/in.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
41
42 #include <linux/ipv6.h>
43 #include <linux/icmpv6.h>
44 #include <linux/random.h>
45
46 #include <net/tcp.h>
47 #include <net/ndisc.h>
48 #include <net/inet6_hashtables.h>
49 #include <net/inet6_connection_sock.h>
50 #include <net/ipv6.h>
51 #include <net/transp_v6.h>
52 #include <net/addrconf.h>
53 #include <net/ip6_route.h>
54 #include <net/ip6_checksum.h>
55 #include <net/inet_ecn.h>
56 #include <net/protocol.h>
57 #include <net/xfrm.h>
58 #include <net/snmp.h>
59 #include <net/dsfield.h>
60 #include <net/timewait_sock.h>
61 #include <net/netdma.h>
62 #include <net/inet_common.h>
63
64 #include <asm/uaccess.h>
65
66 #include <linux/proc_fs.h>
67 #include <linux/seq_file.h>
68
69 #include <linux/crypto.h>
70 #include <linux/scatterlist.h>
71
72 static void     tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
73 static void     tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
74                                       struct request_sock *req);
75
76 static int      tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
77
78 static const struct inet_connection_sock_af_ops ipv6_mapped;
79 static const struct inet_connection_sock_af_ops ipv6_specific;
80 #ifdef CONFIG_TCP_MD5SIG
81 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
82 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
83 #else
84 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
85                                                    struct in6_addr *addr)
86 {
87         return NULL;
88 }
89 #endif
90
91 static void tcp_v6_hash(struct sock *sk)
92 {
93         if (sk->sk_state != TCP_CLOSE) {
94                 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
95                         tcp_prot.hash(sk);
96                         return;
97                 }
98                 local_bh_disable();
99                 __inet6_hash(sk);
100                 local_bh_enable();
101         }
102 }
103
104 static __inline__ __sum16 tcp_v6_check(int len,
105                                    struct in6_addr *saddr,
106                                    struct in6_addr *daddr,
107                                    __wsum base)
108 {
109         return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
110 }
111
112 static __u32 tcp_v6_init_sequence(struct sk_buff *skb)
113 {
114         return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
115                                             ipv6_hdr(skb)->saddr.s6_addr32,
116                                             tcp_hdr(skb)->dest,
117                                             tcp_hdr(skb)->source);
118 }
119
120 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
121                           int addr_len)
122 {
123         struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
124         struct inet_sock *inet = inet_sk(sk);
125         struct inet_connection_sock *icsk = inet_csk(sk);
126         struct ipv6_pinfo *np = inet6_sk(sk);
127         struct tcp_sock *tp = tcp_sk(sk);
128         struct in6_addr *saddr = NULL, *final_p = NULL, final;
129         struct flowi fl;
130         struct dst_entry *dst;
131         int addr_type;
132         int err;
133
134         if (addr_len < SIN6_LEN_RFC2133)
135                 return -EINVAL;
136
137         if (usin->sin6_family != AF_INET6)
138                 return(-EAFNOSUPPORT);
139
140         memset(&fl, 0, sizeof(fl));
141
142         if (np->sndflow) {
143                 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
144                 IP6_ECN_flow_init(fl.fl6_flowlabel);
145                 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
146                         struct ip6_flowlabel *flowlabel;
147                         flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
148                         if (flowlabel == NULL)
149                                 return -EINVAL;
150                         ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
151                         fl6_sock_release(flowlabel);
152                 }
153         }
154
155         /*
156          *      connect() to INADDR_ANY means loopback (BSD'ism).
157          */
158
159         if(ipv6_addr_any(&usin->sin6_addr))
160                 usin->sin6_addr.s6_addr[15] = 0x1;
161
162         addr_type = ipv6_addr_type(&usin->sin6_addr);
163
164         if(addr_type & IPV6_ADDR_MULTICAST)
165                 return -ENETUNREACH;
166
167         if (addr_type&IPV6_ADDR_LINKLOCAL) {
168                 if (addr_len >= sizeof(struct sockaddr_in6) &&
169                     usin->sin6_scope_id) {
170                         /* If interface is set while binding, indices
171                          * must coincide.
172                          */
173                         if (sk->sk_bound_dev_if &&
174                             sk->sk_bound_dev_if != usin->sin6_scope_id)
175                                 return -EINVAL;
176
177                         sk->sk_bound_dev_if = usin->sin6_scope_id;
178                 }
179
180                 /* Connect to link-local address requires an interface */
181                 if (!sk->sk_bound_dev_if)
182                         return -EINVAL;
183         }
184
185         if (tp->rx_opt.ts_recent_stamp &&
186             !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
187                 tp->rx_opt.ts_recent = 0;
188                 tp->rx_opt.ts_recent_stamp = 0;
189                 tp->write_seq = 0;
190         }
191
192         ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
193         np->flow_label = fl.fl6_flowlabel;
194
195         /*
196          *      TCP over IPv4
197          */
198
199         if (addr_type == IPV6_ADDR_MAPPED) {
200                 u32 exthdrlen = icsk->icsk_ext_hdr_len;
201                 struct sockaddr_in sin;
202
203                 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
204
205                 if (__ipv6_only_sock(sk))
206                         return -ENETUNREACH;
207
208                 sin.sin_family = AF_INET;
209                 sin.sin_port = usin->sin6_port;
210                 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
211
212                 icsk->icsk_af_ops = &ipv6_mapped;
213                 sk->sk_backlog_rcv = tcp_v4_do_rcv;
214 #ifdef CONFIG_TCP_MD5SIG
215                 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
216 #endif
217
218                 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
219
220                 if (err) {
221                         icsk->icsk_ext_hdr_len = exthdrlen;
222                         icsk->icsk_af_ops = &ipv6_specific;
223                         sk->sk_backlog_rcv = tcp_v6_do_rcv;
224 #ifdef CONFIG_TCP_MD5SIG
225                         tp->af_specific = &tcp_sock_ipv6_specific;
226 #endif
227                         goto failure;
228                 } else {
229                         ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr);
230                         ipv6_addr_set_v4mapped(inet->inet_rcv_saddr,
231                                                &np->rcv_saddr);
232                 }
233
234                 return err;
235         }
236
237         if (!ipv6_addr_any(&np->rcv_saddr))
238                 saddr = &np->rcv_saddr;
239
240         fl.proto = IPPROTO_TCP;
241         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
242         ipv6_addr_copy(&fl.fl6_src,
243                        (saddr ? saddr : &np->saddr));
244         fl.oif = sk->sk_bound_dev_if;
245         fl.mark = sk->sk_mark;
246         fl.fl_ip_dport = usin->sin6_port;
247         fl.fl_ip_sport = inet->inet_sport;
248
249         if (np->opt && np->opt->srcrt) {
250                 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
251                 ipv6_addr_copy(&final, &fl.fl6_dst);
252                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
253                 final_p = &final;
254         }
255
256         security_sk_classify_flow(sk, &fl);
257
258         err = ip6_dst_lookup(sk, &dst, &fl);
259         if (err)
260                 goto failure;
261         if (final_p)
262                 ipv6_addr_copy(&fl.fl6_dst, final_p);
263
264         err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
265         if (err < 0) {
266                 if (err == -EREMOTE)
267                         err = ip6_dst_blackhole(sk, &dst, &fl);
268                 if (err < 0)
269                         goto failure;
270         }
271
272         if (saddr == NULL) {
273                 saddr = &fl.fl6_src;
274                 ipv6_addr_copy(&np->rcv_saddr, saddr);
275         }
276
277         /* set the source address */
278         ipv6_addr_copy(&np->saddr, saddr);
279         inet->inet_rcv_saddr = LOOPBACK4_IPV6;
280
281         sk->sk_gso_type = SKB_GSO_TCPV6;
282         __ip6_dst_store(sk, dst, NULL, NULL);
283
284         icsk->icsk_ext_hdr_len = 0;
285         if (np->opt)
286                 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
287                                           np->opt->opt_nflen);
288
289         tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
290
291         inet->inet_dport = usin->sin6_port;
292
293         tcp_set_state(sk, TCP_SYN_SENT);
294         err = inet6_hash_connect(&tcp_death_row, sk);
295         if (err)
296                 goto late_failure;
297
298         if (!tp->write_seq)
299                 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
300                                                              np->daddr.s6_addr32,
301                                                              inet->inet_sport,
302                                                              inet->inet_dport);
303
304         err = tcp_connect(sk);
305         if (err)
306                 goto late_failure;
307
308         return 0;
309
310 late_failure:
311         tcp_set_state(sk, TCP_CLOSE);
312         __sk_dst_reset(sk);
313 failure:
314         inet->inet_dport = 0;
315         sk->sk_route_caps = 0;
316         return err;
317 }
318
319 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
320                 u8 type, u8 code, int offset, __be32 info)
321 {
322         struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
323         const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
324         struct ipv6_pinfo *np;
325         struct sock *sk;
326         int err;
327         struct tcp_sock *tp;
328         __u32 seq;
329         struct net *net = dev_net(skb->dev);
330
331         sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr,
332                         th->dest, &hdr->saddr, th->source, skb->dev->ifindex);
333
334         if (sk == NULL) {
335                 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev),
336                                    ICMP6_MIB_INERRORS);
337                 return;
338         }
339
340         if (sk->sk_state == TCP_TIME_WAIT) {
341                 inet_twsk_put(inet_twsk(sk));
342                 return;
343         }
344
345         bh_lock_sock(sk);
346         if (sock_owned_by_user(sk))
347                 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
348
349         if (sk->sk_state == TCP_CLOSE)
350                 goto out;
351
352         tp = tcp_sk(sk);
353         seq = ntohl(th->seq);
354         if (sk->sk_state != TCP_LISTEN &&
355             !between(seq, tp->snd_una, tp->snd_nxt)) {
356                 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
357                 goto out;
358         }
359
360         np = inet6_sk(sk);
361
362         if (type == ICMPV6_PKT_TOOBIG) {
363                 struct dst_entry *dst = NULL;
364
365                 if (sock_owned_by_user(sk))
366                         goto out;
367                 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
368                         goto out;
369
370                 /* icmp should have updated the destination cache entry */
371                 dst = __sk_dst_check(sk, np->dst_cookie);
372
373                 if (dst == NULL) {
374                         struct inet_sock *inet = inet_sk(sk);
375                         struct flowi fl;
376
377                         /* BUGGG_FUTURE: Again, it is not clear how
378                            to handle rthdr case. Ignore this complexity
379                            for now.
380                          */
381                         memset(&fl, 0, sizeof(fl));
382                         fl.proto = IPPROTO_TCP;
383                         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
384                         ipv6_addr_copy(&fl.fl6_src, &np->saddr);
385                         fl.oif = sk->sk_bound_dev_if;
386                         fl.mark = sk->sk_mark;
387                         fl.fl_ip_dport = inet->inet_dport;
388                         fl.fl_ip_sport = inet->inet_sport;
389                         security_skb_classify_flow(skb, &fl);
390
391                         if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
392                                 sk->sk_err_soft = -err;
393                                 goto out;
394                         }
395
396                         if ((err = xfrm_lookup(net, &dst, &fl, sk, 0)) < 0) {
397                                 sk->sk_err_soft = -err;
398                                 goto out;
399                         }
400
401                 } else
402                         dst_hold(dst);
403
404                 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
405                         tcp_sync_mss(sk, dst_mtu(dst));
406                         tcp_simple_retransmit(sk);
407                 } /* else let the usual retransmit timer handle it */
408                 dst_release(dst);
409                 goto out;
410         }
411
412         icmpv6_err_convert(type, code, &err);
413
414         /* Might be for an request_sock */
415         switch (sk->sk_state) {
416                 struct request_sock *req, **prev;
417         case TCP_LISTEN:
418                 if (sock_owned_by_user(sk))
419                         goto out;
420
421                 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
422                                            &hdr->saddr, inet6_iif(skb));
423                 if (!req)
424                         goto out;
425
426                 /* ICMPs are not backlogged, hence we cannot get
427                  * an established socket here.
428                  */
429                 WARN_ON(req->sk != NULL);
430
431                 if (seq != tcp_rsk(req)->snt_isn) {
432                         NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
433                         goto out;
434                 }
435
436                 inet_csk_reqsk_queue_drop(sk, req, prev);
437                 goto out;
438
439         case TCP_SYN_SENT:
440         case TCP_SYN_RECV:  /* Cannot happen.
441                                It can, it SYNs are crossed. --ANK */
442                 if (!sock_owned_by_user(sk)) {
443                         sk->sk_err = err;
444                         sk->sk_error_report(sk);                /* Wake people up to see the error (see connect in sock.c) */
445
446                         tcp_done(sk);
447                 } else
448                         sk->sk_err_soft = err;
449                 goto out;
450         }
451
452         if (!sock_owned_by_user(sk) && np->recverr) {
453                 sk->sk_err = err;
454                 sk->sk_error_report(sk);
455         } else
456                 sk->sk_err_soft = err;
457
458 out:
459         bh_unlock_sock(sk);
460         sock_put(sk);
461 }
462
463
464 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req)
465 {
466         struct inet6_request_sock *treq = inet6_rsk(req);
467         struct ipv6_pinfo *np = inet6_sk(sk);
468         struct sk_buff * skb;
469         struct ipv6_txoptions *opt = NULL;
470         struct in6_addr * final_p = NULL, final;
471         struct flowi fl;
472         struct dst_entry *dst;
473         int err = -1;
474
475         memset(&fl, 0, sizeof(fl));
476         fl.proto = IPPROTO_TCP;
477         ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
478         ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
479         fl.fl6_flowlabel = 0;
480         fl.oif = treq->iif;
481         fl.mark = sk->sk_mark;
482         fl.fl_ip_dport = inet_rsk(req)->rmt_port;
483         fl.fl_ip_sport = inet_rsk(req)->loc_port;
484         security_req_classify_flow(req, &fl);
485
486         opt = np->opt;
487         if (opt && opt->srcrt) {
488                 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
489                 ipv6_addr_copy(&final, &fl.fl6_dst);
490                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
491                 final_p = &final;
492         }
493
494         err = ip6_dst_lookup(sk, &dst, &fl);
495         if (err)
496                 goto done;
497         if (final_p)
498                 ipv6_addr_copy(&fl.fl6_dst, final_p);
499         if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
500                 goto done;
501
502         skb = tcp_make_synack(sk, dst, req);
503         if (skb) {
504                 struct tcphdr *th = tcp_hdr(skb);
505
506                 th->check = tcp_v6_check(skb->len,
507                                          &treq->loc_addr, &treq->rmt_addr,
508                                          csum_partial(th, skb->len, skb->csum));
509
510                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
511                 err = ip6_xmit(sk, skb, &fl, opt, 0);
512                 err = net_xmit_eval(err);
513         }
514
515 done:
516         if (opt && opt != np->opt)
517                 sock_kfree_s(sk, opt, opt->tot_len);
518         dst_release(dst);
519         return err;
520 }
521
522 static inline void syn_flood_warning(struct sk_buff *skb)
523 {
524 #ifdef CONFIG_SYN_COOKIES
525         if (sysctl_tcp_syncookies)
526                 printk(KERN_INFO
527                        "TCPv6: Possible SYN flooding on port %d. "
528                        "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest));
529         else
530 #endif
531                 printk(KERN_INFO
532                        "TCPv6: Possible SYN flooding on port %d. "
533                        "Dropping request.\n", ntohs(tcp_hdr(skb)->dest));
534 }
535
536 static void tcp_v6_reqsk_destructor(struct request_sock *req)
537 {
538         kfree_skb(inet6_rsk(req)->pktopts);
539 }
540
541 #ifdef CONFIG_TCP_MD5SIG
542 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
543                                                    struct in6_addr *addr)
544 {
545         struct tcp_sock *tp = tcp_sk(sk);
546         int i;
547
548         BUG_ON(tp == NULL);
549
550         if (!tp->md5sig_info || !tp->md5sig_info->entries6)
551                 return NULL;
552
553         for (i = 0; i < tp->md5sig_info->entries6; i++) {
554                 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr))
555                         return &tp->md5sig_info->keys6[i].base;
556         }
557         return NULL;
558 }
559
560 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
561                                                 struct sock *addr_sk)
562 {
563         return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
564 }
565
566 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
567                                                       struct request_sock *req)
568 {
569         return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
570 }
571
572 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
573                              char *newkey, u8 newkeylen)
574 {
575         /* Add key to the list */
576         struct tcp_md5sig_key *key;
577         struct tcp_sock *tp = tcp_sk(sk);
578         struct tcp6_md5sig_key *keys;
579
580         key = tcp_v6_md5_do_lookup(sk, peer);
581         if (key) {
582                 /* modify existing entry - just update that one */
583                 kfree(key->key);
584                 key->key = newkey;
585                 key->keylen = newkeylen;
586         } else {
587                 /* reallocate new list if current one is full. */
588                 if (!tp->md5sig_info) {
589                         tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC);
590                         if (!tp->md5sig_info) {
591                                 kfree(newkey);
592                                 return -ENOMEM;
593                         }
594                         sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
595                 }
596                 if (tcp_alloc_md5sig_pool(sk) == NULL) {
597                         kfree(newkey);
598                         return -ENOMEM;
599                 }
600                 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) {
601                         keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) *
602                                        (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
603
604                         if (!keys) {
605                                 tcp_free_md5sig_pool();
606                                 kfree(newkey);
607                                 return -ENOMEM;
608                         }
609
610                         if (tp->md5sig_info->entries6)
611                                 memmove(keys, tp->md5sig_info->keys6,
612                                         (sizeof (tp->md5sig_info->keys6[0]) *
613                                          tp->md5sig_info->entries6));
614
615                         kfree(tp->md5sig_info->keys6);
616                         tp->md5sig_info->keys6 = keys;
617                         tp->md5sig_info->alloced6++;
618                 }
619
620                 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
621                                peer);
622                 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey;
623                 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen;
624
625                 tp->md5sig_info->entries6++;
626         }
627         return 0;
628 }
629
630 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk,
631                                u8 *newkey, __u8 newkeylen)
632 {
633         return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr,
634                                  newkey, newkeylen);
635 }
636
637 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
638 {
639         struct tcp_sock *tp = tcp_sk(sk);
640         int i;
641
642         for (i = 0; i < tp->md5sig_info->entries6; i++) {
643                 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) {
644                         /* Free the key */
645                         kfree(tp->md5sig_info->keys6[i].base.key);
646                         tp->md5sig_info->entries6--;
647
648                         if (tp->md5sig_info->entries6 == 0) {
649                                 kfree(tp->md5sig_info->keys6);
650                                 tp->md5sig_info->keys6 = NULL;
651                                 tp->md5sig_info->alloced6 = 0;
652                         } else {
653                                 /* shrink the database */
654                                 if (tp->md5sig_info->entries6 != i)
655                                         memmove(&tp->md5sig_info->keys6[i],
656                                                 &tp->md5sig_info->keys6[i+1],
657                                                 (tp->md5sig_info->entries6 - i)
658                                                 * sizeof (tp->md5sig_info->keys6[0]));
659                         }
660                         tcp_free_md5sig_pool();
661                         return 0;
662                 }
663         }
664         return -ENOENT;
665 }
666
667 static void tcp_v6_clear_md5_list (struct sock *sk)
668 {
669         struct tcp_sock *tp = tcp_sk(sk);
670         int i;
671
672         if (tp->md5sig_info->entries6) {
673                 for (i = 0; i < tp->md5sig_info->entries6; i++)
674                         kfree(tp->md5sig_info->keys6[i].base.key);
675                 tp->md5sig_info->entries6 = 0;
676                 tcp_free_md5sig_pool();
677         }
678
679         kfree(tp->md5sig_info->keys6);
680         tp->md5sig_info->keys6 = NULL;
681         tp->md5sig_info->alloced6 = 0;
682
683         if (tp->md5sig_info->entries4) {
684                 for (i = 0; i < tp->md5sig_info->entries4; i++)
685                         kfree(tp->md5sig_info->keys4[i].base.key);
686                 tp->md5sig_info->entries4 = 0;
687                 tcp_free_md5sig_pool();
688         }
689
690         kfree(tp->md5sig_info->keys4);
691         tp->md5sig_info->keys4 = NULL;
692         tp->md5sig_info->alloced4 = 0;
693 }
694
695 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
696                                   int optlen)
697 {
698         struct tcp_md5sig cmd;
699         struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
700         u8 *newkey;
701
702         if (optlen < sizeof(cmd))
703                 return -EINVAL;
704
705         if (copy_from_user(&cmd, optval, sizeof(cmd)))
706                 return -EFAULT;
707
708         if (sin6->sin6_family != AF_INET6)
709                 return -EINVAL;
710
711         if (!cmd.tcpm_keylen) {
712                 if (!tcp_sk(sk)->md5sig_info)
713                         return -ENOENT;
714                 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
715                         return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
716                 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr);
717         }
718
719         if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
720                 return -EINVAL;
721
722         if (!tcp_sk(sk)->md5sig_info) {
723                 struct tcp_sock *tp = tcp_sk(sk);
724                 struct tcp_md5sig_info *p;
725
726                 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL);
727                 if (!p)
728                         return -ENOMEM;
729
730                 tp->md5sig_info = p;
731                 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
732         }
733
734         newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
735         if (!newkey)
736                 return -ENOMEM;
737         if (ipv6_addr_v4mapped(&sin6->sin6_addr)) {
738                 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3],
739                                          newkey, cmd.tcpm_keylen);
740         }
741         return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
742 }
743
744 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
745                                         struct in6_addr *daddr,
746                                         struct in6_addr *saddr, int nbytes)
747 {
748         struct tcp6_pseudohdr *bp;
749         struct scatterlist sg;
750
751         bp = &hp->md5_blk.ip6;
752         /* 1. TCP pseudo-header (RFC2460) */
753         ipv6_addr_copy(&bp->saddr, saddr);
754         ipv6_addr_copy(&bp->daddr, daddr);
755         bp->protocol = cpu_to_be32(IPPROTO_TCP);
756         bp->len = cpu_to_be32(nbytes);
757
758         sg_init_one(&sg, bp, sizeof(*bp));
759         return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
760 }
761
762 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
763                                struct in6_addr *daddr, struct in6_addr *saddr,
764                                struct tcphdr *th)
765 {
766         struct tcp_md5sig_pool *hp;
767         struct hash_desc *desc;
768
769         hp = tcp_get_md5sig_pool();
770         if (!hp)
771                 goto clear_hash_noput;
772         desc = &hp->md5_desc;
773
774         if (crypto_hash_init(desc))
775                 goto clear_hash;
776         if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
777                 goto clear_hash;
778         if (tcp_md5_hash_header(hp, th))
779                 goto clear_hash;
780         if (tcp_md5_hash_key(hp, key))
781                 goto clear_hash;
782         if (crypto_hash_final(desc, md5_hash))
783                 goto clear_hash;
784
785         tcp_put_md5sig_pool();
786         return 0;
787
788 clear_hash:
789         tcp_put_md5sig_pool();
790 clear_hash_noput:
791         memset(md5_hash, 0, 16);
792         return 1;
793 }
794
795 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
796                                struct sock *sk, struct request_sock *req,
797                                struct sk_buff *skb)
798 {
799         struct in6_addr *saddr, *daddr;
800         struct tcp_md5sig_pool *hp;
801         struct hash_desc *desc;
802         struct tcphdr *th = tcp_hdr(skb);
803
804         if (sk) {
805                 saddr = &inet6_sk(sk)->saddr;
806                 daddr = &inet6_sk(sk)->daddr;
807         } else if (req) {
808                 saddr = &inet6_rsk(req)->loc_addr;
809                 daddr = &inet6_rsk(req)->rmt_addr;
810         } else {
811                 struct ipv6hdr *ip6h = ipv6_hdr(skb);
812                 saddr = &ip6h->saddr;
813                 daddr = &ip6h->daddr;
814         }
815
816         hp = tcp_get_md5sig_pool();
817         if (!hp)
818                 goto clear_hash_noput;
819         desc = &hp->md5_desc;
820
821         if (crypto_hash_init(desc))
822                 goto clear_hash;
823
824         if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
825                 goto clear_hash;
826         if (tcp_md5_hash_header(hp, th))
827                 goto clear_hash;
828         if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
829                 goto clear_hash;
830         if (tcp_md5_hash_key(hp, key))
831                 goto clear_hash;
832         if (crypto_hash_final(desc, md5_hash))
833                 goto clear_hash;
834
835         tcp_put_md5sig_pool();
836         return 0;
837
838 clear_hash:
839         tcp_put_md5sig_pool();
840 clear_hash_noput:
841         memset(md5_hash, 0, 16);
842         return 1;
843 }
844
845 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
846 {
847         __u8 *hash_location = NULL;
848         struct tcp_md5sig_key *hash_expected;
849         struct ipv6hdr *ip6h = ipv6_hdr(skb);
850         struct tcphdr *th = tcp_hdr(skb);
851         int genhash;
852         u8 newhash[16];
853
854         hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
855         hash_location = tcp_parse_md5sig_option(th);
856
857         /* We've parsed the options - do we have a hash? */
858         if (!hash_expected && !hash_location)
859                 return 0;
860
861         if (hash_expected && !hash_location) {
862                 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
863                 return 1;
864         }
865
866         if (!hash_expected && hash_location) {
867                 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
868                 return 1;
869         }
870
871         /* check the signature */
872         genhash = tcp_v6_md5_hash_skb(newhash,
873                                       hash_expected,
874                                       NULL, NULL, skb);
875
876         if (genhash || memcmp(hash_location, newhash, 16) != 0) {
877                 if (net_ratelimit()) {
878                         printk(KERN_INFO "MD5 Hash %s for (%pI6, %u)->(%pI6, %u)\n",
879                                genhash ? "failed" : "mismatch",
880                                &ip6h->saddr, ntohs(th->source),
881                                &ip6h->daddr, ntohs(th->dest));
882                 }
883                 return 1;
884         }
885         return 0;
886 }
887 #endif
888
889 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
890         .family         =       AF_INET6,
891         .obj_size       =       sizeof(struct tcp6_request_sock),
892         .rtx_syn_ack    =       tcp_v6_send_synack,
893         .send_ack       =       tcp_v6_reqsk_send_ack,
894         .destructor     =       tcp_v6_reqsk_destructor,
895         .send_reset     =       tcp_v6_send_reset
896 };
897
898 #ifdef CONFIG_TCP_MD5SIG
899 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
900         .md5_lookup     =       tcp_v6_reqsk_md5_lookup,
901         .calc_md5_hash  =       tcp_v6_md5_hash_skb,
902 };
903 #endif
904
905 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
906         .twsk_obj_size  = sizeof(struct tcp6_timewait_sock),
907         .twsk_unique    = tcp_twsk_unique,
908         .twsk_destructor= tcp_twsk_destructor,
909 };
910
911 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb)
912 {
913         struct ipv6_pinfo *np = inet6_sk(sk);
914         struct tcphdr *th = tcp_hdr(skb);
915
916         if (skb->ip_summed == CHECKSUM_PARTIAL) {
917                 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,  0);
918                 skb->csum_start = skb_transport_header(skb) - skb->head;
919                 skb->csum_offset = offsetof(struct tcphdr, check);
920         } else {
921                 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,
922                                             csum_partial(th, th->doff<<2,
923                                                          skb->csum));
924         }
925 }
926
927 static int tcp_v6_gso_send_check(struct sk_buff *skb)
928 {
929         struct ipv6hdr *ipv6h;
930         struct tcphdr *th;
931
932         if (!pskb_may_pull(skb, sizeof(*th)))
933                 return -EINVAL;
934
935         ipv6h = ipv6_hdr(skb);
936         th = tcp_hdr(skb);
937
938         th->check = 0;
939         th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len,
940                                      IPPROTO_TCP, 0);
941         skb->csum_start = skb_transport_header(skb) - skb->head;
942         skb->csum_offset = offsetof(struct tcphdr, check);
943         skb->ip_summed = CHECKSUM_PARTIAL;
944         return 0;
945 }
946
947 static struct sk_buff **tcp6_gro_receive(struct sk_buff **head,
948                                          struct sk_buff *skb)
949 {
950         struct ipv6hdr *iph = skb_gro_network_header(skb);
951
952         switch (skb->ip_summed) {
953         case CHECKSUM_COMPLETE:
954                 if (!tcp_v6_check(skb_gro_len(skb), &iph->saddr, &iph->daddr,
955                                   skb->csum)) {
956                         skb->ip_summed = CHECKSUM_UNNECESSARY;
957                         break;
958                 }
959
960                 /* fall through */
961         case CHECKSUM_NONE:
962                 NAPI_GRO_CB(skb)->flush = 1;
963                 return NULL;
964         }
965
966         return tcp_gro_receive(head, skb);
967 }
968
969 static int tcp6_gro_complete(struct sk_buff *skb)
970 {
971         struct ipv6hdr *iph = ipv6_hdr(skb);
972         struct tcphdr *th = tcp_hdr(skb);
973
974         th->check = ~tcp_v6_check(skb->len - skb_transport_offset(skb),
975                                   &iph->saddr, &iph->daddr, 0);
976         skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6;
977
978         return tcp_gro_complete(skb);
979 }
980
981 static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
982                                  u32 ts, struct tcp_md5sig_key *key, int rst)
983 {
984         struct tcphdr *th = tcp_hdr(skb), *t1;
985         struct sk_buff *buff;
986         struct flowi fl;
987         struct net *net = dev_net(skb_dst(skb)->dev);
988         struct sock *ctl_sk = net->ipv6.tcp_sk;
989         unsigned int tot_len = sizeof(struct tcphdr);
990         struct dst_entry *dst;
991         __be32 *topt;
992
993         if (ts)
994                 tot_len += TCPOLEN_TSTAMP_ALIGNED;
995 #ifdef CONFIG_TCP_MD5SIG
996         if (key)
997                 tot_len += TCPOLEN_MD5SIG_ALIGNED;
998 #endif
999
1000         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1001                          GFP_ATOMIC);
1002         if (buff == NULL)
1003                 return;
1004
1005         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1006
1007         t1 = (struct tcphdr *) skb_push(buff, tot_len);
1008         skb_reset_transport_header(skb);
1009
1010         /* Swap the send and the receive. */
1011         memset(t1, 0, sizeof(*t1));
1012         t1->dest = th->source;
1013         t1->source = th->dest;
1014         t1->doff = tot_len / 4;
1015         t1->seq = htonl(seq);
1016         t1->ack_seq = htonl(ack);
1017         t1->ack = !rst || !th->ack;
1018         t1->rst = rst;
1019         t1->window = htons(win);
1020
1021         topt = (__be32 *)(t1 + 1);
1022
1023         if (ts) {
1024                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1025                                 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
1026                 *topt++ = htonl(tcp_time_stamp);
1027                 *topt++ = htonl(ts);
1028         }
1029
1030 #ifdef CONFIG_TCP_MD5SIG
1031         if (key) {
1032                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1033                                 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1034                 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
1035                                     &ipv6_hdr(skb)->saddr,
1036                                     &ipv6_hdr(skb)->daddr, t1);
1037         }
1038 #endif
1039
1040         buff->csum = csum_partial(t1, tot_len, 0);
1041
1042         memset(&fl, 0, sizeof(fl));
1043         ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1044         ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr);
1045
1046         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1047                                     tot_len, IPPROTO_TCP,
1048                                     buff->csum);
1049
1050         fl.proto = IPPROTO_TCP;
1051         fl.oif = inet6_iif(skb);
1052         fl.fl_ip_dport = t1->dest;
1053         fl.fl_ip_sport = t1->source;
1054         security_skb_classify_flow(skb, &fl);
1055
1056         /* Pass a socket to ip6_dst_lookup either it is for RST
1057          * Underlying function will use this to retrieve the network
1058          * namespace
1059          */
1060         if (!ip6_dst_lookup(ctl_sk, &dst, &fl)) {
1061                 if (xfrm_lookup(net, &dst, &fl, NULL, 0) >= 0) {
1062                         skb_dst_set(buff, dst);
1063                         ip6_xmit(ctl_sk, buff, &fl, NULL, 0);
1064                         TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
1065                         if (rst)
1066                                 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
1067                         return;
1068                 }
1069         }
1070
1071         kfree_skb(buff);
1072 }
1073
1074 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
1075 {
1076         struct tcphdr *th = tcp_hdr(skb);
1077         u32 seq = 0, ack_seq = 0;
1078         struct tcp_md5sig_key *key = NULL;
1079
1080         if (th->rst)
1081                 return;
1082
1083         if (!ipv6_unicast_destination(skb))
1084                 return;
1085
1086 #ifdef CONFIG_TCP_MD5SIG
1087         if (sk)
1088                 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr);
1089 #endif
1090
1091         if (th->ack)
1092                 seq = ntohl(th->ack_seq);
1093         else
1094                 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
1095                           (th->doff << 2);
1096
1097         tcp_v6_send_response(skb, seq, ack_seq, 0, 0, key, 1);
1098 }
1099
1100 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts,
1101                             struct tcp_md5sig_key *key)
1102 {
1103         tcp_v6_send_response(skb, seq, ack, win, ts, key, 0);
1104 }
1105
1106 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1107 {
1108         struct inet_timewait_sock *tw = inet_twsk(sk);
1109         struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1110
1111         tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1112                         tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1113                         tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw));
1114
1115         inet_twsk_put(tw);
1116 }
1117
1118 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
1119                                   struct request_sock *req)
1120 {
1121         tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent,
1122                         tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr));
1123 }
1124
1125
1126 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1127 {
1128         struct request_sock *req, **prev;
1129         const struct tcphdr *th = tcp_hdr(skb);
1130         struct sock *nsk;
1131
1132         /* Find possible connection requests. */
1133         req = inet6_csk_search_req(sk, &prev, th->source,
1134                                    &ipv6_hdr(skb)->saddr,
1135                                    &ipv6_hdr(skb)->daddr, inet6_iif(skb));
1136         if (req)
1137                 return tcp_check_req(sk, skb, req, prev);
1138
1139         nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
1140                         &ipv6_hdr(skb)->saddr, th->source,
1141                         &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb));
1142
1143         if (nsk) {
1144                 if (nsk->sk_state != TCP_TIME_WAIT) {
1145                         bh_lock_sock(nsk);
1146                         return nsk;
1147                 }
1148                 inet_twsk_put(inet_twsk(nsk));
1149                 return NULL;
1150         }
1151
1152 #ifdef CONFIG_SYN_COOKIES
1153         if (!th->rst && !th->syn && th->ack)
1154                 sk = cookie_v6_check(sk, skb);
1155 #endif
1156         return sk;
1157 }
1158
1159 /* FIXME: this is substantially similar to the ipv4 code.
1160  * Can some kind of merge be done? -- erics
1161  */
1162 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1163 {
1164         struct inet6_request_sock *treq;
1165         struct ipv6_pinfo *np = inet6_sk(sk);
1166         struct tcp_options_received tmp_opt;
1167         struct tcp_sock *tp = tcp_sk(sk);
1168         struct request_sock *req = NULL;
1169         __u32 isn = TCP_SKB_CB(skb)->when;
1170 #ifdef CONFIG_SYN_COOKIES
1171         int want_cookie = 0;
1172 #else
1173 #define want_cookie 0
1174 #endif
1175
1176         if (skb->protocol == htons(ETH_P_IP))
1177                 return tcp_v4_conn_request(sk, skb);
1178
1179         if (!ipv6_unicast_destination(skb))
1180                 goto drop;
1181
1182         if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1183                 if (net_ratelimit())
1184                         syn_flood_warning(skb);
1185 #ifdef CONFIG_SYN_COOKIES
1186                 if (sysctl_tcp_syncookies)
1187                         want_cookie = 1;
1188                 else
1189 #endif
1190                 goto drop;
1191         }
1192
1193         if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1194                 goto drop;
1195
1196         req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
1197         if (req == NULL)
1198                 goto drop;
1199
1200 #ifdef CONFIG_TCP_MD5SIG
1201         tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
1202 #endif
1203
1204         tcp_clear_options(&tmp_opt);
1205         tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1206         tmp_opt.user_mss = tp->rx_opt.user_mss;
1207
1208         tcp_parse_options(skb, &tmp_opt, 0);
1209
1210         if (want_cookie && !tmp_opt.saw_tstamp)
1211                 tcp_clear_options(&tmp_opt);
1212
1213         tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1214         tcp_openreq_init(req, &tmp_opt, skb);
1215
1216         treq = inet6_rsk(req);
1217         ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr);
1218         ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr);
1219         if (!want_cookie)
1220                 TCP_ECN_create_request(req, tcp_hdr(skb));
1221
1222         if (want_cookie) {
1223                 isn = cookie_v6_init_sequence(sk, skb, &req->mss);
1224                 req->cookie_ts = tmp_opt.tstamp_ok;
1225         } else if (!isn) {
1226                 if (ipv6_opt_accepted(sk, skb) ||
1227                     np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1228                     np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1229                         atomic_inc(&skb->users);
1230                         treq->pktopts = skb;
1231                 }
1232                 treq->iif = sk->sk_bound_dev_if;
1233
1234                 /* So that link locals have meaning */
1235                 if (!sk->sk_bound_dev_if &&
1236                     ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1237                         treq->iif = inet6_iif(skb);
1238
1239                 isn = tcp_v6_init_sequence(skb);
1240         }
1241
1242         tcp_rsk(req)->snt_isn = isn;
1243
1244         security_inet_conn_request(sk, skb, req);
1245
1246         if (tcp_v6_send_synack(sk, req))
1247                 goto drop;
1248
1249         if (!want_cookie) {
1250                 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1251                 return 0;
1252         }
1253
1254 drop:
1255         if (req)
1256                 reqsk_free(req);
1257
1258         return 0; /* don't send reset */
1259 }
1260
1261 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1262                                           struct request_sock *req,
1263                                           struct dst_entry *dst)
1264 {
1265         struct inet6_request_sock *treq;
1266         struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1267         struct tcp6_sock *newtcp6sk;
1268         struct inet_sock *newinet;
1269         struct tcp_sock *newtp;
1270         struct sock *newsk;
1271         struct ipv6_txoptions *opt;
1272 #ifdef CONFIG_TCP_MD5SIG
1273         struct tcp_md5sig_key *key;
1274 #endif
1275
1276         if (skb->protocol == htons(ETH_P_IP)) {
1277                 /*
1278                  *      v6 mapped
1279                  */
1280
1281                 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1282
1283                 if (newsk == NULL)
1284                         return NULL;
1285
1286                 newtcp6sk = (struct tcp6_sock *)newsk;
1287                 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1288
1289                 newinet = inet_sk(newsk);
1290                 newnp = inet6_sk(newsk);
1291                 newtp = tcp_sk(newsk);
1292
1293                 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1294
1295                 ipv6_addr_set_v4mapped(newinet->inet_daddr, &newnp->daddr);
1296
1297                 ipv6_addr_set_v4mapped(newinet->inet_saddr, &newnp->saddr);
1298
1299                 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1300
1301                 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1302                 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1303 #ifdef CONFIG_TCP_MD5SIG
1304                 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1305 #endif
1306
1307                 newnp->pktoptions  = NULL;
1308                 newnp->opt         = NULL;
1309                 newnp->mcast_oif   = inet6_iif(skb);
1310                 newnp->mcast_hops  = ipv6_hdr(skb)->hop_limit;
1311
1312                 /*
1313                  * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1314                  * here, tcp_create_openreq_child now does this for us, see the comment in
1315                  * that function for the gory details. -acme
1316                  */
1317
1318                 /* It is tricky place. Until this moment IPv4 tcp
1319                    worked with IPv6 icsk.icsk_af_ops.
1320                    Sync it now.
1321                  */
1322                 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1323
1324                 return newsk;
1325         }
1326
1327         treq = inet6_rsk(req);
1328         opt = np->opt;
1329
1330         if (sk_acceptq_is_full(sk))
1331                 goto out_overflow;
1332
1333         if (dst == NULL) {
1334                 struct in6_addr *final_p = NULL, final;
1335                 struct flowi fl;
1336
1337                 memset(&fl, 0, sizeof(fl));
1338                 fl.proto = IPPROTO_TCP;
1339                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
1340                 if (opt && opt->srcrt) {
1341                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
1342                         ipv6_addr_copy(&final, &fl.fl6_dst);
1343                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1344                         final_p = &final;
1345                 }
1346                 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
1347                 fl.oif = sk->sk_bound_dev_if;
1348                 fl.mark = sk->sk_mark;
1349                 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
1350                 fl.fl_ip_sport = inet_rsk(req)->loc_port;
1351                 security_req_classify_flow(req, &fl);
1352
1353                 if (ip6_dst_lookup(sk, &dst, &fl))
1354                         goto out;
1355
1356                 if (final_p)
1357                         ipv6_addr_copy(&fl.fl6_dst, final_p);
1358
1359                 if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
1360                         goto out;
1361         }
1362
1363         newsk = tcp_create_openreq_child(sk, req, skb);
1364         if (newsk == NULL)
1365                 goto out;
1366
1367         /*
1368          * No need to charge this sock to the relevant IPv6 refcnt debug socks
1369          * count here, tcp_create_openreq_child now does this for us, see the
1370          * comment in that function for the gory details. -acme
1371          */
1372
1373         newsk->sk_gso_type = SKB_GSO_TCPV6;
1374         __ip6_dst_store(newsk, dst, NULL, NULL);
1375
1376         newtcp6sk = (struct tcp6_sock *)newsk;
1377         inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1378
1379         newtp = tcp_sk(newsk);
1380         newinet = inet_sk(newsk);
1381         newnp = inet6_sk(newsk);
1382
1383         memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1384
1385         ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1386         ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1387         ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1388         newsk->sk_bound_dev_if = treq->iif;
1389
1390         /* Now IPv6 options...
1391
1392            First: no IPv4 options.
1393          */
1394         newinet->opt = NULL;
1395         newnp->ipv6_fl_list = NULL;
1396
1397         /* Clone RX bits */
1398         newnp->rxopt.all = np->rxopt.all;
1399
1400         /* Clone pktoptions received with SYN */
1401         newnp->pktoptions = NULL;
1402         if (treq->pktopts != NULL) {
1403                 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1404                 kfree_skb(treq->pktopts);
1405                 treq->pktopts = NULL;
1406                 if (newnp->pktoptions)
1407                         skb_set_owner_r(newnp->pktoptions, newsk);
1408         }
1409         newnp->opt        = NULL;
1410         newnp->mcast_oif  = inet6_iif(skb);
1411         newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1412
1413         /* Clone native IPv6 options from listening socket (if any)
1414
1415            Yes, keeping reference count would be much more clever,
1416            but we make one more one thing there: reattach optmem
1417            to newsk.
1418          */
1419         if (opt) {
1420                 newnp->opt = ipv6_dup_options(newsk, opt);
1421                 if (opt != np->opt)
1422                         sock_kfree_s(sk, opt, opt->tot_len);
1423         }
1424
1425         inet_csk(newsk)->icsk_ext_hdr_len = 0;
1426         if (newnp->opt)
1427                 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1428                                                      newnp->opt->opt_flen);
1429
1430         tcp_mtup_init(newsk);
1431         tcp_sync_mss(newsk, dst_mtu(dst));
1432         newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1433         tcp_initialize_rcv_mss(newsk);
1434
1435         newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1436         newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1437
1438 #ifdef CONFIG_TCP_MD5SIG
1439         /* Copy over the MD5 key from the original socket */
1440         if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
1441                 /* We're using one, so create a matching key
1442                  * on the newsk structure. If we fail to get
1443                  * memory, then we end up not copying the key
1444                  * across. Shucks.
1445                  */
1446                 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1447                 if (newkey != NULL)
1448                         tcp_v6_md5_do_add(newsk, &newnp->daddr,
1449                                           newkey, key->keylen);
1450         }
1451 #endif
1452
1453         __inet6_hash(newsk);
1454         __inet_inherit_port(sk, newsk);
1455
1456         return newsk;
1457
1458 out_overflow:
1459         NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1460 out:
1461         NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1462         if (opt && opt != np->opt)
1463                 sock_kfree_s(sk, opt, opt->tot_len);
1464         dst_release(dst);
1465         return NULL;
1466 }
1467
1468 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1469 {
1470         if (skb->ip_summed == CHECKSUM_COMPLETE) {
1471                 if (!tcp_v6_check(skb->len, &ipv6_hdr(skb)->saddr,
1472                                   &ipv6_hdr(skb)->daddr, skb->csum)) {
1473                         skb->ip_summed = CHECKSUM_UNNECESSARY;
1474                         return 0;
1475                 }
1476         }
1477
1478         skb->csum = ~csum_unfold(tcp_v6_check(skb->len,
1479                                               &ipv6_hdr(skb)->saddr,
1480                                               &ipv6_hdr(skb)->daddr, 0));
1481
1482         if (skb->len <= 76) {
1483                 return __skb_checksum_complete(skb);
1484         }
1485         return 0;
1486 }
1487
1488 /* The socket must have it's spinlock held when we get
1489  * here.
1490  *
1491  * We have a potential double-lock case here, so even when
1492  * doing backlog processing we use the BH locking scheme.
1493  * This is because we cannot sleep with the original spinlock
1494  * held.
1495  */
1496 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1497 {
1498         struct ipv6_pinfo *np = inet6_sk(sk);
1499         struct tcp_sock *tp;
1500         struct sk_buff *opt_skb = NULL;
1501
1502         /* Imagine: socket is IPv6. IPv4 packet arrives,
1503            goes to IPv4 receive handler and backlogged.
1504            From backlog it always goes here. Kerboom...
1505            Fortunately, tcp_rcv_established and rcv_established
1506            handle them correctly, but it is not case with
1507            tcp_v6_hnd_req and tcp_v6_send_reset().   --ANK
1508          */
1509
1510         if (skb->protocol == htons(ETH_P_IP))
1511                 return tcp_v4_do_rcv(sk, skb);
1512
1513 #ifdef CONFIG_TCP_MD5SIG
1514         if (tcp_v6_inbound_md5_hash (sk, skb))
1515                 goto discard;
1516 #endif
1517
1518         if (sk_filter(sk, skb))
1519                 goto discard;
1520
1521         /*
1522          *      socket locking is here for SMP purposes as backlog rcv
1523          *      is currently called with bh processing disabled.
1524          */
1525
1526         /* Do Stevens' IPV6_PKTOPTIONS.
1527
1528            Yes, guys, it is the only place in our code, where we
1529            may make it not affecting IPv4.
1530            The rest of code is protocol independent,
1531            and I do not like idea to uglify IPv4.
1532
1533            Actually, all the idea behind IPV6_PKTOPTIONS
1534            looks not very well thought. For now we latch
1535            options, received in the last packet, enqueued
1536            by tcp. Feel free to propose better solution.
1537                                                --ANK (980728)
1538          */
1539         if (np->rxopt.all)
1540                 opt_skb = skb_clone(skb, GFP_ATOMIC);
1541
1542         if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1543                 TCP_CHECK_TIMER(sk);
1544                 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len))
1545                         goto reset;
1546                 TCP_CHECK_TIMER(sk);
1547                 if (opt_skb)
1548                         goto ipv6_pktoptions;
1549                 return 0;
1550         }
1551
1552         if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1553                 goto csum_err;
1554
1555         if (sk->sk_state == TCP_LISTEN) {
1556                 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1557                 if (!nsk)
1558                         goto discard;
1559
1560                 /*
1561                  * Queue it on the new socket if the new socket is active,
1562                  * otherwise we just shortcircuit this and continue with
1563                  * the new socket..
1564                  */
1565                 if(nsk != sk) {
1566                         if (tcp_child_process(sk, nsk, skb))
1567                                 goto reset;
1568                         if (opt_skb)
1569                                 __kfree_skb(opt_skb);
1570                         return 0;
1571                 }
1572         }
1573
1574         TCP_CHECK_TIMER(sk);
1575         if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1576                 goto reset;
1577         TCP_CHECK_TIMER(sk);
1578         if (opt_skb)
1579                 goto ipv6_pktoptions;
1580         return 0;
1581
1582 reset:
1583         tcp_v6_send_reset(sk, skb);
1584 discard:
1585         if (opt_skb)
1586                 __kfree_skb(opt_skb);
1587         kfree_skb(skb);
1588         return 0;
1589 csum_err:
1590         TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1591         goto discard;
1592
1593
1594 ipv6_pktoptions:
1595         /* Do you ask, what is it?
1596
1597            1. skb was enqueued by tcp.
1598            2. skb is added to tail of read queue, rather than out of order.
1599            3. socket is not in passive state.
1600            4. Finally, it really contains options, which user wants to receive.
1601          */
1602         tp = tcp_sk(sk);
1603         if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1604             !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1605                 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1606                         np->mcast_oif = inet6_iif(opt_skb);
1607                 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1608                         np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1609                 if (ipv6_opt_accepted(sk, opt_skb)) {
1610                         skb_set_owner_r(opt_skb, sk);
1611                         opt_skb = xchg(&np->pktoptions, opt_skb);
1612                 } else {
1613                         __kfree_skb(opt_skb);
1614                         opt_skb = xchg(&np->pktoptions, NULL);
1615                 }
1616         }
1617
1618         kfree_skb(opt_skb);
1619         return 0;
1620 }
1621
1622 static int tcp_v6_rcv(struct sk_buff *skb)
1623 {
1624         struct tcphdr *th;
1625         struct sock *sk;
1626         int ret;
1627         struct net *net = dev_net(skb->dev);
1628
1629         if (skb->pkt_type != PACKET_HOST)
1630                 goto discard_it;
1631
1632         /*
1633          *      Count it even if it's bad.
1634          */
1635         TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1636
1637         if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1638                 goto discard_it;
1639
1640         th = tcp_hdr(skb);
1641
1642         if (th->doff < sizeof(struct tcphdr)/4)
1643                 goto bad_packet;
1644         if (!pskb_may_pull(skb, th->doff*4))
1645                 goto discard_it;
1646
1647         if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb))
1648                 goto bad_packet;
1649
1650         th = tcp_hdr(skb);
1651         TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1652         TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1653                                     skb->len - th->doff*4);
1654         TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1655         TCP_SKB_CB(skb)->when = 0;
1656         TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb));
1657         TCP_SKB_CB(skb)->sacked = 0;
1658
1659         sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
1660         if (!sk)
1661                 goto no_tcp_socket;
1662
1663 process:
1664         if (sk->sk_state == TCP_TIME_WAIT)
1665                 goto do_time_wait;
1666
1667         if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1668                 goto discard_and_relse;
1669
1670         if (sk_filter(sk, skb))
1671                 goto discard_and_relse;
1672
1673         skb->dev = NULL;
1674
1675         bh_lock_sock_nested(sk);
1676         ret = 0;
1677         if (!sock_owned_by_user(sk)) {
1678 #ifdef CONFIG_NET_DMA
1679                 struct tcp_sock *tp = tcp_sk(sk);
1680                 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1681                         tp->ucopy.dma_chan = dma_find_channel(DMA_MEMCPY);
1682                 if (tp->ucopy.dma_chan)
1683                         ret = tcp_v6_do_rcv(sk, skb);
1684                 else
1685 #endif
1686                 {
1687                         if (!tcp_prequeue(sk, skb))
1688                                 ret = tcp_v6_do_rcv(sk, skb);
1689                 }
1690         } else
1691                 sk_add_backlog(sk, skb);
1692         bh_unlock_sock(sk);
1693
1694         sock_put(sk);
1695         return ret ? -1 : 0;
1696
1697 no_tcp_socket:
1698         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1699                 goto discard_it;
1700
1701         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1702 bad_packet:
1703                 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1704         } else {
1705                 tcp_v6_send_reset(NULL, skb);
1706         }
1707
1708 discard_it:
1709
1710         /*
1711          *      Discard frame
1712          */
1713
1714         kfree_skb(skb);
1715         return 0;
1716
1717 discard_and_relse:
1718         sock_put(sk);
1719         goto discard_it;
1720
1721 do_time_wait:
1722         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1723                 inet_twsk_put(inet_twsk(sk));
1724                 goto discard_it;
1725         }
1726
1727         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1728                 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1729                 inet_twsk_put(inet_twsk(sk));
1730                 goto discard_it;
1731         }
1732
1733         switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1734         case TCP_TW_SYN:
1735         {
1736                 struct sock *sk2;
1737
1738                 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1739                                             &ipv6_hdr(skb)->daddr,
1740                                             ntohs(th->dest), inet6_iif(skb));
1741                 if (sk2 != NULL) {
1742                         struct inet_timewait_sock *tw = inet_twsk(sk);
1743                         inet_twsk_deschedule(tw, &tcp_death_row);
1744                         inet_twsk_put(tw);
1745                         sk = sk2;
1746                         goto process;
1747                 }
1748                 /* Fall through to ACK */
1749         }
1750         case TCP_TW_ACK:
1751                 tcp_v6_timewait_ack(sk, skb);
1752                 break;
1753         case TCP_TW_RST:
1754                 goto no_tcp_socket;
1755         case TCP_TW_SUCCESS:;
1756         }
1757         goto discard_it;
1758 }
1759
1760 static int tcp_v6_remember_stamp(struct sock *sk)
1761 {
1762         /* Alas, not yet... */
1763         return 0;
1764 }
1765
1766 static const struct inet_connection_sock_af_ops ipv6_specific = {
1767         .queue_xmit        = inet6_csk_xmit,
1768         .send_check        = tcp_v6_send_check,
1769         .rebuild_header    = inet6_sk_rebuild_header,
1770         .conn_request      = tcp_v6_conn_request,
1771         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1772         .remember_stamp    = tcp_v6_remember_stamp,
1773         .net_header_len    = sizeof(struct ipv6hdr),
1774         .setsockopt        = ipv6_setsockopt,
1775         .getsockopt        = ipv6_getsockopt,
1776         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1777         .sockaddr_len      = sizeof(struct sockaddr_in6),
1778         .bind_conflict     = inet6_csk_bind_conflict,
1779 #ifdef CONFIG_COMPAT
1780         .compat_setsockopt = compat_ipv6_setsockopt,
1781         .compat_getsockopt = compat_ipv6_getsockopt,
1782 #endif
1783 };
1784
1785 #ifdef CONFIG_TCP_MD5SIG
1786 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1787         .md5_lookup     =       tcp_v6_md5_lookup,
1788         .calc_md5_hash  =       tcp_v6_md5_hash_skb,
1789         .md5_add        =       tcp_v6_md5_add_func,
1790         .md5_parse      =       tcp_v6_parse_md5_keys,
1791 };
1792 #endif
1793
1794 /*
1795  *      TCP over IPv4 via INET6 API
1796  */
1797
1798 static const struct inet_connection_sock_af_ops ipv6_mapped = {
1799         .queue_xmit        = ip_queue_xmit,
1800         .send_check        = tcp_v4_send_check,
1801         .rebuild_header    = inet_sk_rebuild_header,
1802         .conn_request      = tcp_v6_conn_request,
1803         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1804         .remember_stamp    = tcp_v4_remember_stamp,
1805         .net_header_len    = sizeof(struct iphdr),
1806         .setsockopt        = ipv6_setsockopt,
1807         .getsockopt        = ipv6_getsockopt,
1808         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1809         .sockaddr_len      = sizeof(struct sockaddr_in6),
1810         .bind_conflict     = inet6_csk_bind_conflict,
1811 #ifdef CONFIG_COMPAT
1812         .compat_setsockopt = compat_ipv6_setsockopt,
1813         .compat_getsockopt = compat_ipv6_getsockopt,
1814 #endif
1815 };
1816
1817 #ifdef CONFIG_TCP_MD5SIG
1818 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1819         .md5_lookup     =       tcp_v4_md5_lookup,
1820         .calc_md5_hash  =       tcp_v4_md5_hash_skb,
1821         .md5_add        =       tcp_v6_md5_add_func,
1822         .md5_parse      =       tcp_v6_parse_md5_keys,
1823 };
1824 #endif
1825
1826 /* NOTE: A lot of things set to zero explicitly by call to
1827  *       sk_alloc() so need not be done here.
1828  */
1829 static int tcp_v6_init_sock(struct sock *sk)
1830 {
1831         struct inet_connection_sock *icsk = inet_csk(sk);
1832         struct tcp_sock *tp = tcp_sk(sk);
1833
1834         skb_queue_head_init(&tp->out_of_order_queue);
1835         tcp_init_xmit_timers(sk);
1836         tcp_prequeue_init(tp);
1837
1838         icsk->icsk_rto = TCP_TIMEOUT_INIT;
1839         tp->mdev = TCP_TIMEOUT_INIT;
1840
1841         /* So many TCP implementations out there (incorrectly) count the
1842          * initial SYN frame in their delayed-ACK and congestion control
1843          * algorithms that we must have the following bandaid to talk
1844          * efficiently to them.  -DaveM
1845          */
1846         tp->snd_cwnd = 2;
1847
1848         /* See draft-stevens-tcpca-spec-01 for discussion of the
1849          * initialization of these values.
1850          */
1851         tp->snd_ssthresh = TCP_INFINITE_SSTHRESH;
1852         tp->snd_cwnd_clamp = ~0;
1853         tp->mss_cache = 536;
1854
1855         tp->reordering = sysctl_tcp_reordering;
1856
1857         sk->sk_state = TCP_CLOSE;
1858
1859         icsk->icsk_af_ops = &ipv6_specific;
1860         icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1861         icsk->icsk_sync_mss = tcp_sync_mss;
1862         sk->sk_write_space = sk_stream_write_space;
1863         sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1864
1865 #ifdef CONFIG_TCP_MD5SIG
1866         tp->af_specific = &tcp_sock_ipv6_specific;
1867 #endif
1868
1869         sk->sk_sndbuf = sysctl_tcp_wmem[1];
1870         sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1871
1872         local_bh_disable();
1873         percpu_counter_inc(&tcp_sockets_allocated);
1874         local_bh_enable();
1875
1876         return 0;
1877 }
1878
1879 static void tcp_v6_destroy_sock(struct sock *sk)
1880 {
1881 #ifdef CONFIG_TCP_MD5SIG
1882         /* Clean up the MD5 key list */
1883         if (tcp_sk(sk)->md5sig_info)
1884                 tcp_v6_clear_md5_list(sk);
1885 #endif
1886         tcp_v4_destroy_sock(sk);
1887         inet6_destroy_sock(sk);
1888 }
1889
1890 #ifdef CONFIG_PROC_FS
1891 /* Proc filesystem TCPv6 sock list dumping. */
1892 static void get_openreq6(struct seq_file *seq,
1893                          struct sock *sk, struct request_sock *req, int i, int uid)
1894 {
1895         int ttd = req->expires - jiffies;
1896         struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1897         struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1898
1899         if (ttd < 0)
1900                 ttd = 0;
1901
1902         seq_printf(seq,
1903                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1904                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1905                    i,
1906                    src->s6_addr32[0], src->s6_addr32[1],
1907                    src->s6_addr32[2], src->s6_addr32[3],
1908                    ntohs(inet_rsk(req)->loc_port),
1909                    dest->s6_addr32[0], dest->s6_addr32[1],
1910                    dest->s6_addr32[2], dest->s6_addr32[3],
1911                    ntohs(inet_rsk(req)->rmt_port),
1912                    TCP_SYN_RECV,
1913                    0,0, /* could print option size, but that is af dependent. */
1914                    1,   /* timers active (only the expire timer) */
1915                    jiffies_to_clock_t(ttd),
1916                    req->retrans,
1917                    uid,
1918                    0,  /* non standard timer */
1919                    0, /* open_requests have no inode */
1920                    0, req);
1921 }
1922
1923 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1924 {
1925         struct in6_addr *dest, *src;
1926         __u16 destp, srcp;
1927         int timer_active;
1928         unsigned long timer_expires;
1929         struct inet_sock *inet = inet_sk(sp);
1930         struct tcp_sock *tp = tcp_sk(sp);
1931         const struct inet_connection_sock *icsk = inet_csk(sp);
1932         struct ipv6_pinfo *np = inet6_sk(sp);
1933
1934         dest  = &np->daddr;
1935         src   = &np->rcv_saddr;
1936         destp = ntohs(inet->inet_dport);
1937         srcp  = ntohs(inet->inet_sport);
1938
1939         if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1940                 timer_active    = 1;
1941                 timer_expires   = icsk->icsk_timeout;
1942         } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1943                 timer_active    = 4;
1944                 timer_expires   = icsk->icsk_timeout;
1945         } else if (timer_pending(&sp->sk_timer)) {
1946                 timer_active    = 2;
1947                 timer_expires   = sp->sk_timer.expires;
1948         } else {
1949                 timer_active    = 0;
1950                 timer_expires = jiffies;
1951         }
1952
1953         seq_printf(seq,
1954                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1955                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %lu %lu %u %u %d\n",
1956                    i,
1957                    src->s6_addr32[0], src->s6_addr32[1],
1958                    src->s6_addr32[2], src->s6_addr32[3], srcp,
1959                    dest->s6_addr32[0], dest->s6_addr32[1],
1960                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
1961                    sp->sk_state,
1962                    tp->write_seq-tp->snd_una,
1963                    (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
1964                    timer_active,
1965                    jiffies_to_clock_t(timer_expires - jiffies),
1966                    icsk->icsk_retransmits,
1967                    sock_i_uid(sp),
1968                    icsk->icsk_probes_out,
1969                    sock_i_ino(sp),
1970                    atomic_read(&sp->sk_refcnt), sp,
1971                    jiffies_to_clock_t(icsk->icsk_rto),
1972                    jiffies_to_clock_t(icsk->icsk_ack.ato),
1973                    (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
1974                    tp->snd_cwnd,
1975                    tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh
1976                    );
1977 }
1978
1979 static void get_timewait6_sock(struct seq_file *seq,
1980                                struct inet_timewait_sock *tw, int i)
1981 {
1982         struct in6_addr *dest, *src;
1983         __u16 destp, srcp;
1984         struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
1985         int ttd = tw->tw_ttd - jiffies;
1986
1987         if (ttd < 0)
1988                 ttd = 0;
1989
1990         dest = &tw6->tw_v6_daddr;
1991         src  = &tw6->tw_v6_rcv_saddr;
1992         destp = ntohs(tw->tw_dport);
1993         srcp  = ntohs(tw->tw_sport);
1994
1995         seq_printf(seq,
1996                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1997                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1998                    i,
1999                    src->s6_addr32[0], src->s6_addr32[1],
2000                    src->s6_addr32[2], src->s6_addr32[3], srcp,
2001                    dest->s6_addr32[0], dest->s6_addr32[1],
2002                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
2003                    tw->tw_substate, 0, 0,
2004                    3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2005                    atomic_read(&tw->tw_refcnt), tw);
2006 }
2007
2008 static int tcp6_seq_show(struct seq_file *seq, void *v)
2009 {
2010         struct tcp_iter_state *st;
2011
2012         if (v == SEQ_START_TOKEN) {
2013                 seq_puts(seq,
2014                          "  sl  "
2015                          "local_address                         "
2016                          "remote_address                        "
2017                          "st tx_queue rx_queue tr tm->when retrnsmt"
2018                          "   uid  timeout inode\n");
2019                 goto out;
2020         }
2021         st = seq->private;
2022
2023         switch (st->state) {
2024         case TCP_SEQ_STATE_LISTENING:
2025         case TCP_SEQ_STATE_ESTABLISHED:
2026                 get_tcp6_sock(seq, v, st->num);
2027                 break;
2028         case TCP_SEQ_STATE_OPENREQ:
2029                 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
2030                 break;
2031         case TCP_SEQ_STATE_TIME_WAIT:
2032                 get_timewait6_sock(seq, v, st->num);
2033                 break;
2034         }
2035 out:
2036         return 0;
2037 }
2038
2039 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2040         .name           = "tcp6",
2041         .family         = AF_INET6,
2042         .seq_fops       = {
2043                 .owner          = THIS_MODULE,
2044         },
2045         .seq_ops        = {
2046                 .show           = tcp6_seq_show,
2047         },
2048 };
2049
2050 int tcp6_proc_init(struct net *net)
2051 {
2052         return tcp_proc_register(net, &tcp6_seq_afinfo);
2053 }
2054
2055 void tcp6_proc_exit(struct net *net)
2056 {
2057         tcp_proc_unregister(net, &tcp6_seq_afinfo);
2058 }
2059 #endif
2060
2061 struct proto tcpv6_prot = {
2062         .name                   = "TCPv6",
2063         .owner                  = THIS_MODULE,
2064         .close                  = tcp_close,
2065         .connect                = tcp_v6_connect,
2066         .disconnect             = tcp_disconnect,
2067         .accept                 = inet_csk_accept,
2068         .ioctl                  = tcp_ioctl,
2069         .init                   = tcp_v6_init_sock,
2070         .destroy                = tcp_v6_destroy_sock,
2071         .shutdown               = tcp_shutdown,
2072         .setsockopt             = tcp_setsockopt,
2073         .getsockopt             = tcp_getsockopt,
2074         .recvmsg                = tcp_recvmsg,
2075         .backlog_rcv            = tcp_v6_do_rcv,
2076         .hash                   = tcp_v6_hash,
2077         .unhash                 = inet_unhash,
2078         .get_port               = inet_csk_get_port,
2079         .enter_memory_pressure  = tcp_enter_memory_pressure,
2080         .sockets_allocated      = &tcp_sockets_allocated,
2081         .memory_allocated       = &tcp_memory_allocated,
2082         .memory_pressure        = &tcp_memory_pressure,
2083         .orphan_count           = &tcp_orphan_count,
2084         .sysctl_mem             = sysctl_tcp_mem,
2085         .sysctl_wmem            = sysctl_tcp_wmem,
2086         .sysctl_rmem            = sysctl_tcp_rmem,
2087         .max_header             = MAX_TCP_HEADER,
2088         .obj_size               = sizeof(struct tcp6_sock),
2089         .slab_flags             = SLAB_DESTROY_BY_RCU,
2090         .twsk_prot              = &tcp6_timewait_sock_ops,
2091         .rsk_prot               = &tcp6_request_sock_ops,
2092         .h.hashinfo             = &tcp_hashinfo,
2093 #ifdef CONFIG_COMPAT
2094         .compat_setsockopt      = compat_tcp_setsockopt,
2095         .compat_getsockopt      = compat_tcp_getsockopt,
2096 #endif
2097 };
2098
2099 static const struct inet6_protocol tcpv6_protocol = {
2100         .handler        =       tcp_v6_rcv,
2101         .err_handler    =       tcp_v6_err,
2102         .gso_send_check =       tcp_v6_gso_send_check,
2103         .gso_segment    =       tcp_tso_segment,
2104         .gro_receive    =       tcp6_gro_receive,
2105         .gro_complete   =       tcp6_gro_complete,
2106         .flags          =       INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2107 };
2108
2109 static struct inet_protosw tcpv6_protosw = {
2110         .type           =       SOCK_STREAM,
2111         .protocol       =       IPPROTO_TCP,
2112         .prot           =       &tcpv6_prot,
2113         .ops            =       &inet6_stream_ops,
2114         .capability     =       -1,
2115         .no_check       =       0,
2116         .flags          =       INET_PROTOSW_PERMANENT |
2117                                 INET_PROTOSW_ICSK,
2118 };
2119
2120 static int tcpv6_net_init(struct net *net)
2121 {
2122         return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2123                                     SOCK_RAW, IPPROTO_TCP, net);
2124 }
2125
2126 static void tcpv6_net_exit(struct net *net)
2127 {
2128         inet_ctl_sock_destroy(net->ipv6.tcp_sk);
2129         inet_twsk_purge(net, &tcp_hashinfo, &tcp_death_row, AF_INET6);
2130 }
2131
2132 static struct pernet_operations tcpv6_net_ops = {
2133         .init = tcpv6_net_init,
2134         .exit = tcpv6_net_exit,
2135 };
2136
2137 int __init tcpv6_init(void)
2138 {
2139         int ret;
2140
2141         ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2142         if (ret)
2143                 goto out;
2144
2145         /* register inet6 protocol */
2146         ret = inet6_register_protosw(&tcpv6_protosw);
2147         if (ret)
2148                 goto out_tcpv6_protocol;
2149
2150         ret = register_pernet_subsys(&tcpv6_net_ops);
2151         if (ret)
2152                 goto out_tcpv6_protosw;
2153 out:
2154         return ret;
2155
2156 out_tcpv6_protocol:
2157         inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2158 out_tcpv6_protosw:
2159         inet6_unregister_protosw(&tcpv6_protosw);
2160         goto out;
2161 }
2162
2163 void tcpv6_exit(void)
2164 {
2165         unregister_pernet_subsys(&tcpv6_net_ops);
2166         inet6_unregister_protosw(&tcpv6_protosw);
2167         inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2168 }