ipv6: Fix sporadic sendmsg -EINVAL when sending to multicast groups.
[linux-2.6] / net / ipv6 / tcp_ipv6.c
1 /*
2  *      TCP over IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *
8  *      Based on:
9  *      linux/net/ipv4/tcp.c
10  *      linux/net/ipv4/tcp_input.c
11  *      linux/net/ipv4/tcp_output.c
12  *
13  *      Fixes:
14  *      Hideaki YOSHIFUJI       :       sin6_scope_id support
15  *      YOSHIFUJI Hideaki @USAGI and:   Support IPV6_V6ONLY socket option, which
16  *      Alexey Kuznetsov                allow both IPv4 and IPv6 sockets to bind
17  *                                      a single port at the same time.
18  *      YOSHIFUJI Hideaki @USAGI:       convert /proc/net/tcp6 to seq_file.
19  *
20  *      This program is free software; you can redistribute it and/or
21  *      modify it under the terms of the GNU General Public License
22  *      as published by the Free Software Foundation; either version
23  *      2 of the License, or (at your option) any later version.
24  */
25
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
34 #include <linux/in.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
41
42 #include <linux/ipv6.h>
43 #include <linux/icmpv6.h>
44 #include <linux/random.h>
45
46 #include <net/tcp.h>
47 #include <net/ndisc.h>
48 #include <net/inet6_hashtables.h>
49 #include <net/inet6_connection_sock.h>
50 #include <net/ipv6.h>
51 #include <net/transp_v6.h>
52 #include <net/addrconf.h>
53 #include <net/ip6_route.h>
54 #include <net/ip6_checksum.h>
55 #include <net/inet_ecn.h>
56 #include <net/protocol.h>
57 #include <net/xfrm.h>
58 #include <net/snmp.h>
59 #include <net/dsfield.h>
60 #include <net/timewait_sock.h>
61 #include <net/netdma.h>
62 #include <net/inet_common.h>
63
64 #include <asm/uaccess.h>
65
66 #include <linux/proc_fs.h>
67 #include <linux/seq_file.h>
68
69 #include <linux/crypto.h>
70 #include <linux/scatterlist.h>
71
72 static void     tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
73 static void     tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
74                                       struct request_sock *req);
75
76 static int      tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
77
78 static struct inet_connection_sock_af_ops ipv6_mapped;
79 static struct inet_connection_sock_af_ops ipv6_specific;
80 #ifdef CONFIG_TCP_MD5SIG
81 static struct tcp_sock_af_ops tcp_sock_ipv6_specific;
82 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
83 #else
84 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
85                                                    struct in6_addr *addr)
86 {
87         return NULL;
88 }
89 #endif
90
91 static void tcp_v6_hash(struct sock *sk)
92 {
93         if (sk->sk_state != TCP_CLOSE) {
94                 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
95                         tcp_prot.hash(sk);
96                         return;
97                 }
98                 local_bh_disable();
99                 __inet6_hash(sk);
100                 local_bh_enable();
101         }
102 }
103
104 static __inline__ __sum16 tcp_v6_check(struct tcphdr *th, int len,
105                                    struct in6_addr *saddr,
106                                    struct in6_addr *daddr,
107                                    __wsum base)
108 {
109         return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
110 }
111
112 static __u32 tcp_v6_init_sequence(struct sk_buff *skb)
113 {
114         return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
115                                             ipv6_hdr(skb)->saddr.s6_addr32,
116                                             tcp_hdr(skb)->dest,
117                                             tcp_hdr(skb)->source);
118 }
119
120 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
121                           int addr_len)
122 {
123         struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
124         struct inet_sock *inet = inet_sk(sk);
125         struct inet_connection_sock *icsk = inet_csk(sk);
126         struct ipv6_pinfo *np = inet6_sk(sk);
127         struct tcp_sock *tp = tcp_sk(sk);
128         struct in6_addr *saddr = NULL, *final_p = NULL, final;
129         struct flowi fl;
130         struct dst_entry *dst;
131         int addr_type;
132         int err;
133
134         if (addr_len < SIN6_LEN_RFC2133)
135                 return -EINVAL;
136
137         if (usin->sin6_family != AF_INET6)
138                 return(-EAFNOSUPPORT);
139
140         memset(&fl, 0, sizeof(fl));
141
142         if (np->sndflow) {
143                 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
144                 IP6_ECN_flow_init(fl.fl6_flowlabel);
145                 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
146                         struct ip6_flowlabel *flowlabel;
147                         flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
148                         if (flowlabel == NULL)
149                                 return -EINVAL;
150                         ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
151                         fl6_sock_release(flowlabel);
152                 }
153         }
154
155         /*
156          *      connect() to INADDR_ANY means loopback (BSD'ism).
157          */
158
159         if(ipv6_addr_any(&usin->sin6_addr))
160                 usin->sin6_addr.s6_addr[15] = 0x1;
161
162         addr_type = ipv6_addr_type(&usin->sin6_addr);
163
164         if(addr_type & IPV6_ADDR_MULTICAST)
165                 return -ENETUNREACH;
166
167         if (addr_type&IPV6_ADDR_LINKLOCAL) {
168                 if (addr_len >= sizeof(struct sockaddr_in6) &&
169                     usin->sin6_scope_id) {
170                         /* If interface is set while binding, indices
171                          * must coincide.
172                          */
173                         if (sk->sk_bound_dev_if &&
174                             sk->sk_bound_dev_if != usin->sin6_scope_id)
175                                 return -EINVAL;
176
177                         sk->sk_bound_dev_if = usin->sin6_scope_id;
178                 }
179
180                 /* Connect to link-local address requires an interface */
181                 if (!sk->sk_bound_dev_if)
182                         return -EINVAL;
183         }
184
185         if (tp->rx_opt.ts_recent_stamp &&
186             !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
187                 tp->rx_opt.ts_recent = 0;
188                 tp->rx_opt.ts_recent_stamp = 0;
189                 tp->write_seq = 0;
190         }
191
192         ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
193         np->flow_label = fl.fl6_flowlabel;
194
195         /*
196          *      TCP over IPv4
197          */
198
199         if (addr_type == IPV6_ADDR_MAPPED) {
200                 u32 exthdrlen = icsk->icsk_ext_hdr_len;
201                 struct sockaddr_in sin;
202
203                 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
204
205                 if (__ipv6_only_sock(sk))
206                         return -ENETUNREACH;
207
208                 sin.sin_family = AF_INET;
209                 sin.sin_port = usin->sin6_port;
210                 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
211
212                 icsk->icsk_af_ops = &ipv6_mapped;
213                 sk->sk_backlog_rcv = tcp_v4_do_rcv;
214 #ifdef CONFIG_TCP_MD5SIG
215                 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
216 #endif
217
218                 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
219
220                 if (err) {
221                         icsk->icsk_ext_hdr_len = exthdrlen;
222                         icsk->icsk_af_ops = &ipv6_specific;
223                         sk->sk_backlog_rcv = tcp_v6_do_rcv;
224 #ifdef CONFIG_TCP_MD5SIG
225                         tp->af_specific = &tcp_sock_ipv6_specific;
226 #endif
227                         goto failure;
228                 } else {
229                         ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF),
230                                       inet->saddr);
231                         ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF),
232                                       inet->rcv_saddr);
233                 }
234
235                 return err;
236         }
237
238         if (!ipv6_addr_any(&np->rcv_saddr))
239                 saddr = &np->rcv_saddr;
240
241         fl.proto = IPPROTO_TCP;
242         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
243         ipv6_addr_copy(&fl.fl6_src,
244                        (saddr ? saddr : &np->saddr));
245         fl.oif = sk->sk_bound_dev_if;
246         fl.fl_ip_dport = usin->sin6_port;
247         fl.fl_ip_sport = inet->sport;
248
249         if (np->opt && np->opt->srcrt) {
250                 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
251                 ipv6_addr_copy(&final, &fl.fl6_dst);
252                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
253                 final_p = &final;
254         }
255
256         security_sk_classify_flow(sk, &fl);
257
258         err = ip6_dst_lookup(sk, &dst, &fl);
259         if (err)
260                 goto failure;
261         if (final_p)
262                 ipv6_addr_copy(&fl.fl6_dst, final_p);
263
264         err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
265         if (err < 0) {
266                 if (err == -EREMOTE)
267                         err = ip6_dst_blackhole(sk, &dst, &fl);
268                 if (err < 0)
269                         goto failure;
270         }
271
272         if (saddr == NULL) {
273                 saddr = &fl.fl6_src;
274                 ipv6_addr_copy(&np->rcv_saddr, saddr);
275         }
276
277         /* set the source address */
278         ipv6_addr_copy(&np->saddr, saddr);
279         inet->rcv_saddr = LOOPBACK4_IPV6;
280
281         sk->sk_gso_type = SKB_GSO_TCPV6;
282         __ip6_dst_store(sk, dst, NULL, NULL);
283
284         icsk->icsk_ext_hdr_len = 0;
285         if (np->opt)
286                 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
287                                           np->opt->opt_nflen);
288
289         tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
290
291         inet->dport = usin->sin6_port;
292
293         tcp_set_state(sk, TCP_SYN_SENT);
294         err = inet6_hash_connect(&tcp_death_row, sk);
295         if (err)
296                 goto late_failure;
297
298         if (!tp->write_seq)
299                 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
300                                                              np->daddr.s6_addr32,
301                                                              inet->sport,
302                                                              inet->dport);
303
304         err = tcp_connect(sk);
305         if (err)
306                 goto late_failure;
307
308         return 0;
309
310 late_failure:
311         tcp_set_state(sk, TCP_CLOSE);
312         __sk_dst_reset(sk);
313 failure:
314         inet->dport = 0;
315         sk->sk_route_caps = 0;
316         return err;
317 }
318
319 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
320                 int type, int code, int offset, __be32 info)
321 {
322         struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
323         const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
324         struct ipv6_pinfo *np;
325         struct sock *sk;
326         int err;
327         struct tcp_sock *tp;
328         __u32 seq;
329         struct net *net = dev_net(skb->dev);
330
331         sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr,
332                         th->dest, &hdr->saddr, th->source, skb->dev->ifindex);
333
334         if (sk == NULL) {
335                 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev),
336                                    ICMP6_MIB_INERRORS);
337                 return;
338         }
339
340         if (sk->sk_state == TCP_TIME_WAIT) {
341                 inet_twsk_put(inet_twsk(sk));
342                 return;
343         }
344
345         bh_lock_sock(sk);
346         if (sock_owned_by_user(sk))
347                 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
348
349         if (sk->sk_state == TCP_CLOSE)
350                 goto out;
351
352         tp = tcp_sk(sk);
353         seq = ntohl(th->seq);
354         if (sk->sk_state != TCP_LISTEN &&
355             !between(seq, tp->snd_una, tp->snd_nxt)) {
356                 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
357                 goto out;
358         }
359
360         np = inet6_sk(sk);
361
362         if (type == ICMPV6_PKT_TOOBIG) {
363                 struct dst_entry *dst = NULL;
364
365                 if (sock_owned_by_user(sk))
366                         goto out;
367                 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
368                         goto out;
369
370                 /* icmp should have updated the destination cache entry */
371                 dst = __sk_dst_check(sk, np->dst_cookie);
372
373                 if (dst == NULL) {
374                         struct inet_sock *inet = inet_sk(sk);
375                         struct flowi fl;
376
377                         /* BUGGG_FUTURE: Again, it is not clear how
378                            to handle rthdr case. Ignore this complexity
379                            for now.
380                          */
381                         memset(&fl, 0, sizeof(fl));
382                         fl.proto = IPPROTO_TCP;
383                         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
384                         ipv6_addr_copy(&fl.fl6_src, &np->saddr);
385                         fl.oif = sk->sk_bound_dev_if;
386                         fl.fl_ip_dport = inet->dport;
387                         fl.fl_ip_sport = inet->sport;
388                         security_skb_classify_flow(skb, &fl);
389
390                         if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
391                                 sk->sk_err_soft = -err;
392                                 goto out;
393                         }
394
395                         if ((err = xfrm_lookup(net, &dst, &fl, sk, 0)) < 0) {
396                                 sk->sk_err_soft = -err;
397                                 goto out;
398                         }
399
400                 } else
401                         dst_hold(dst);
402
403                 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
404                         tcp_sync_mss(sk, dst_mtu(dst));
405                         tcp_simple_retransmit(sk);
406                 } /* else let the usual retransmit timer handle it */
407                 dst_release(dst);
408                 goto out;
409         }
410
411         icmpv6_err_convert(type, code, &err);
412
413         /* Might be for an request_sock */
414         switch (sk->sk_state) {
415                 struct request_sock *req, **prev;
416         case TCP_LISTEN:
417                 if (sock_owned_by_user(sk))
418                         goto out;
419
420                 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
421                                            &hdr->saddr, inet6_iif(skb));
422                 if (!req)
423                         goto out;
424
425                 /* ICMPs are not backlogged, hence we cannot get
426                  * an established socket here.
427                  */
428                 WARN_ON(req->sk != NULL);
429
430                 if (seq != tcp_rsk(req)->snt_isn) {
431                         NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
432                         goto out;
433                 }
434
435                 inet_csk_reqsk_queue_drop(sk, req, prev);
436                 goto out;
437
438         case TCP_SYN_SENT:
439         case TCP_SYN_RECV:  /* Cannot happen.
440                                It can, it SYNs are crossed. --ANK */
441                 if (!sock_owned_by_user(sk)) {
442                         sk->sk_err = err;
443                         sk->sk_error_report(sk);                /* Wake people up to see the error (see connect in sock.c) */
444
445                         tcp_done(sk);
446                 } else
447                         sk->sk_err_soft = err;
448                 goto out;
449         }
450
451         if (!sock_owned_by_user(sk) && np->recverr) {
452                 sk->sk_err = err;
453                 sk->sk_error_report(sk);
454         } else
455                 sk->sk_err_soft = err;
456
457 out:
458         bh_unlock_sock(sk);
459         sock_put(sk);
460 }
461
462
463 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req)
464 {
465         struct inet6_request_sock *treq = inet6_rsk(req);
466         struct ipv6_pinfo *np = inet6_sk(sk);
467         struct sk_buff * skb;
468         struct ipv6_txoptions *opt = NULL;
469         struct in6_addr * final_p = NULL, final;
470         struct flowi fl;
471         struct dst_entry *dst;
472         int err = -1;
473
474         memset(&fl, 0, sizeof(fl));
475         fl.proto = IPPROTO_TCP;
476         ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
477         ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
478         fl.fl6_flowlabel = 0;
479         fl.oif = treq->iif;
480         fl.fl_ip_dport = inet_rsk(req)->rmt_port;
481         fl.fl_ip_sport = inet_rsk(req)->loc_port;
482         security_req_classify_flow(req, &fl);
483
484         opt = np->opt;
485         if (opt && opt->srcrt) {
486                 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
487                 ipv6_addr_copy(&final, &fl.fl6_dst);
488                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
489                 final_p = &final;
490         }
491
492         err = ip6_dst_lookup(sk, &dst, &fl);
493         if (err)
494                 goto done;
495         if (final_p)
496                 ipv6_addr_copy(&fl.fl6_dst, final_p);
497         if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
498                 goto done;
499
500         skb = tcp_make_synack(sk, dst, req);
501         if (skb) {
502                 struct tcphdr *th = tcp_hdr(skb);
503
504                 th->check = tcp_v6_check(th, skb->len,
505                                          &treq->loc_addr, &treq->rmt_addr,
506                                          csum_partial(th, skb->len, skb->csum));
507
508                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
509                 err = ip6_xmit(sk, skb, &fl, opt, 0);
510                 err = net_xmit_eval(err);
511         }
512
513 done:
514         if (opt && opt != np->opt)
515                 sock_kfree_s(sk, opt, opt->tot_len);
516         dst_release(dst);
517         return err;
518 }
519
520 static inline void syn_flood_warning(struct sk_buff *skb)
521 {
522 #ifdef CONFIG_SYN_COOKIES
523         if (sysctl_tcp_syncookies)
524                 printk(KERN_INFO
525                        "TCPv6: Possible SYN flooding on port %d. "
526                        "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest));
527         else
528 #endif
529                 printk(KERN_INFO
530                        "TCPv6: Possible SYN flooding on port %d. "
531                        "Dropping request.\n", ntohs(tcp_hdr(skb)->dest));
532 }
533
534 static void tcp_v6_reqsk_destructor(struct request_sock *req)
535 {
536         if (inet6_rsk(req)->pktopts)
537                 kfree_skb(inet6_rsk(req)->pktopts);
538 }
539
540 #ifdef CONFIG_TCP_MD5SIG
541 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
542                                                    struct in6_addr *addr)
543 {
544         struct tcp_sock *tp = tcp_sk(sk);
545         int i;
546
547         BUG_ON(tp == NULL);
548
549         if (!tp->md5sig_info || !tp->md5sig_info->entries6)
550                 return NULL;
551
552         for (i = 0; i < tp->md5sig_info->entries6; i++) {
553                 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr))
554                         return &tp->md5sig_info->keys6[i].base;
555         }
556         return NULL;
557 }
558
559 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
560                                                 struct sock *addr_sk)
561 {
562         return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
563 }
564
565 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
566                                                       struct request_sock *req)
567 {
568         return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
569 }
570
571 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
572                              char *newkey, u8 newkeylen)
573 {
574         /* Add key to the list */
575         struct tcp_md5sig_key *key;
576         struct tcp_sock *tp = tcp_sk(sk);
577         struct tcp6_md5sig_key *keys;
578
579         key = tcp_v6_md5_do_lookup(sk, peer);
580         if (key) {
581                 /* modify existing entry - just update that one */
582                 kfree(key->key);
583                 key->key = newkey;
584                 key->keylen = newkeylen;
585         } else {
586                 /* reallocate new list if current one is full. */
587                 if (!tp->md5sig_info) {
588                         tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC);
589                         if (!tp->md5sig_info) {
590                                 kfree(newkey);
591                                 return -ENOMEM;
592                         }
593                         sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
594                 }
595                 if (tcp_alloc_md5sig_pool() == NULL) {
596                         kfree(newkey);
597                         return -ENOMEM;
598                 }
599                 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) {
600                         keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) *
601                                        (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
602
603                         if (!keys) {
604                                 tcp_free_md5sig_pool();
605                                 kfree(newkey);
606                                 return -ENOMEM;
607                         }
608
609                         if (tp->md5sig_info->entries6)
610                                 memmove(keys, tp->md5sig_info->keys6,
611                                         (sizeof (tp->md5sig_info->keys6[0]) *
612                                          tp->md5sig_info->entries6));
613
614                         kfree(tp->md5sig_info->keys6);
615                         tp->md5sig_info->keys6 = keys;
616                         tp->md5sig_info->alloced6++;
617                 }
618
619                 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
620                                peer);
621                 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey;
622                 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen;
623
624                 tp->md5sig_info->entries6++;
625         }
626         return 0;
627 }
628
629 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk,
630                                u8 *newkey, __u8 newkeylen)
631 {
632         return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr,
633                                  newkey, newkeylen);
634 }
635
636 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
637 {
638         struct tcp_sock *tp = tcp_sk(sk);
639         int i;
640
641         for (i = 0; i < tp->md5sig_info->entries6; i++) {
642                 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) {
643                         /* Free the key */
644                         kfree(tp->md5sig_info->keys6[i].base.key);
645                         tp->md5sig_info->entries6--;
646
647                         if (tp->md5sig_info->entries6 == 0) {
648                                 kfree(tp->md5sig_info->keys6);
649                                 tp->md5sig_info->keys6 = NULL;
650                                 tp->md5sig_info->alloced6 = 0;
651                         } else {
652                                 /* shrink the database */
653                                 if (tp->md5sig_info->entries6 != i)
654                                         memmove(&tp->md5sig_info->keys6[i],
655                                                 &tp->md5sig_info->keys6[i+1],
656                                                 (tp->md5sig_info->entries6 - i)
657                                                 * sizeof (tp->md5sig_info->keys6[0]));
658                         }
659                         tcp_free_md5sig_pool();
660                         return 0;
661                 }
662         }
663         return -ENOENT;
664 }
665
666 static void tcp_v6_clear_md5_list (struct sock *sk)
667 {
668         struct tcp_sock *tp = tcp_sk(sk);
669         int i;
670
671         if (tp->md5sig_info->entries6) {
672                 for (i = 0; i < tp->md5sig_info->entries6; i++)
673                         kfree(tp->md5sig_info->keys6[i].base.key);
674                 tp->md5sig_info->entries6 = 0;
675                 tcp_free_md5sig_pool();
676         }
677
678         kfree(tp->md5sig_info->keys6);
679         tp->md5sig_info->keys6 = NULL;
680         tp->md5sig_info->alloced6 = 0;
681
682         if (tp->md5sig_info->entries4) {
683                 for (i = 0; i < tp->md5sig_info->entries4; i++)
684                         kfree(tp->md5sig_info->keys4[i].base.key);
685                 tp->md5sig_info->entries4 = 0;
686                 tcp_free_md5sig_pool();
687         }
688
689         kfree(tp->md5sig_info->keys4);
690         tp->md5sig_info->keys4 = NULL;
691         tp->md5sig_info->alloced4 = 0;
692 }
693
694 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
695                                   int optlen)
696 {
697         struct tcp_md5sig cmd;
698         struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
699         u8 *newkey;
700
701         if (optlen < sizeof(cmd))
702                 return -EINVAL;
703
704         if (copy_from_user(&cmd, optval, sizeof(cmd)))
705                 return -EFAULT;
706
707         if (sin6->sin6_family != AF_INET6)
708                 return -EINVAL;
709
710         if (!cmd.tcpm_keylen) {
711                 if (!tcp_sk(sk)->md5sig_info)
712                         return -ENOENT;
713                 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
714                         return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
715                 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr);
716         }
717
718         if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
719                 return -EINVAL;
720
721         if (!tcp_sk(sk)->md5sig_info) {
722                 struct tcp_sock *tp = tcp_sk(sk);
723                 struct tcp_md5sig_info *p;
724
725                 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL);
726                 if (!p)
727                         return -ENOMEM;
728
729                 tp->md5sig_info = p;
730                 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
731         }
732
733         newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
734         if (!newkey)
735                 return -ENOMEM;
736         if (ipv6_addr_v4mapped(&sin6->sin6_addr)) {
737                 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3],
738                                          newkey, cmd.tcpm_keylen);
739         }
740         return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
741 }
742
743 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
744                                         struct in6_addr *daddr,
745                                         struct in6_addr *saddr, int nbytes)
746 {
747         struct tcp6_pseudohdr *bp;
748         struct scatterlist sg;
749
750         bp = &hp->md5_blk.ip6;
751         /* 1. TCP pseudo-header (RFC2460) */
752         ipv6_addr_copy(&bp->saddr, saddr);
753         ipv6_addr_copy(&bp->daddr, daddr);
754         bp->protocol = cpu_to_be32(IPPROTO_TCP);
755         bp->len = cpu_to_be32(nbytes);
756
757         sg_init_one(&sg, bp, sizeof(*bp));
758         return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
759 }
760
761 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
762                                struct in6_addr *daddr, struct in6_addr *saddr,
763                                struct tcphdr *th)
764 {
765         struct tcp_md5sig_pool *hp;
766         struct hash_desc *desc;
767
768         hp = tcp_get_md5sig_pool();
769         if (!hp)
770                 goto clear_hash_noput;
771         desc = &hp->md5_desc;
772
773         if (crypto_hash_init(desc))
774                 goto clear_hash;
775         if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
776                 goto clear_hash;
777         if (tcp_md5_hash_header(hp, th))
778                 goto clear_hash;
779         if (tcp_md5_hash_key(hp, key))
780                 goto clear_hash;
781         if (crypto_hash_final(desc, md5_hash))
782                 goto clear_hash;
783
784         tcp_put_md5sig_pool();
785         return 0;
786
787 clear_hash:
788         tcp_put_md5sig_pool();
789 clear_hash_noput:
790         memset(md5_hash, 0, 16);
791         return 1;
792 }
793
794 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
795                                struct sock *sk, struct request_sock *req,
796                                struct sk_buff *skb)
797 {
798         struct in6_addr *saddr, *daddr;
799         struct tcp_md5sig_pool *hp;
800         struct hash_desc *desc;
801         struct tcphdr *th = tcp_hdr(skb);
802
803         if (sk) {
804                 saddr = &inet6_sk(sk)->saddr;
805                 daddr = &inet6_sk(sk)->daddr;
806         } else if (req) {
807                 saddr = &inet6_rsk(req)->loc_addr;
808                 daddr = &inet6_rsk(req)->rmt_addr;
809         } else {
810                 struct ipv6hdr *ip6h = ipv6_hdr(skb);
811                 saddr = &ip6h->saddr;
812                 daddr = &ip6h->daddr;
813         }
814
815         hp = tcp_get_md5sig_pool();
816         if (!hp)
817                 goto clear_hash_noput;
818         desc = &hp->md5_desc;
819
820         if (crypto_hash_init(desc))
821                 goto clear_hash;
822
823         if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
824                 goto clear_hash;
825         if (tcp_md5_hash_header(hp, th))
826                 goto clear_hash;
827         if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
828                 goto clear_hash;
829         if (tcp_md5_hash_key(hp, key))
830                 goto clear_hash;
831         if (crypto_hash_final(desc, md5_hash))
832                 goto clear_hash;
833
834         tcp_put_md5sig_pool();
835         return 0;
836
837 clear_hash:
838         tcp_put_md5sig_pool();
839 clear_hash_noput:
840         memset(md5_hash, 0, 16);
841         return 1;
842 }
843
844 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
845 {
846         __u8 *hash_location = NULL;
847         struct tcp_md5sig_key *hash_expected;
848         struct ipv6hdr *ip6h = ipv6_hdr(skb);
849         struct tcphdr *th = tcp_hdr(skb);
850         int genhash;
851         u8 newhash[16];
852
853         hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
854         hash_location = tcp_parse_md5sig_option(th);
855
856         /* We've parsed the options - do we have a hash? */
857         if (!hash_expected && !hash_location)
858                 return 0;
859
860         if (hash_expected && !hash_location) {
861                 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
862                 return 1;
863         }
864
865         if (!hash_expected && hash_location) {
866                 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
867                 return 1;
868         }
869
870         /* check the signature */
871         genhash = tcp_v6_md5_hash_skb(newhash,
872                                       hash_expected,
873                                       NULL, NULL, skb);
874
875         if (genhash || memcmp(hash_location, newhash, 16) != 0) {
876                 if (net_ratelimit()) {
877                         printk(KERN_INFO "MD5 Hash %s for (%pI6, %u)->(%pI6, %u)\n",
878                                genhash ? "failed" : "mismatch",
879                                &ip6h->saddr, ntohs(th->source),
880                                &ip6h->daddr, ntohs(th->dest));
881                 }
882                 return 1;
883         }
884         return 0;
885 }
886 #endif
887
888 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
889         .family         =       AF_INET6,
890         .obj_size       =       sizeof(struct tcp6_request_sock),
891         .rtx_syn_ack    =       tcp_v6_send_synack,
892         .send_ack       =       tcp_v6_reqsk_send_ack,
893         .destructor     =       tcp_v6_reqsk_destructor,
894         .send_reset     =       tcp_v6_send_reset
895 };
896
897 #ifdef CONFIG_TCP_MD5SIG
898 static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
899         .md5_lookup     =       tcp_v6_reqsk_md5_lookup,
900 };
901 #endif
902
903 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
904         .twsk_obj_size  = sizeof(struct tcp6_timewait_sock),
905         .twsk_unique    = tcp_twsk_unique,
906         .twsk_destructor= tcp_twsk_destructor,
907 };
908
909 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb)
910 {
911         struct ipv6_pinfo *np = inet6_sk(sk);
912         struct tcphdr *th = tcp_hdr(skb);
913
914         if (skb->ip_summed == CHECKSUM_PARTIAL) {
915                 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,  0);
916                 skb->csum_start = skb_transport_header(skb) - skb->head;
917                 skb->csum_offset = offsetof(struct tcphdr, check);
918         } else {
919                 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,
920                                             csum_partial(th, th->doff<<2,
921                                                          skb->csum));
922         }
923 }
924
925 static int tcp_v6_gso_send_check(struct sk_buff *skb)
926 {
927         struct ipv6hdr *ipv6h;
928         struct tcphdr *th;
929
930         if (!pskb_may_pull(skb, sizeof(*th)))
931                 return -EINVAL;
932
933         ipv6h = ipv6_hdr(skb);
934         th = tcp_hdr(skb);
935
936         th->check = 0;
937         th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len,
938                                      IPPROTO_TCP, 0);
939         skb->csum_start = skb_transport_header(skb) - skb->head;
940         skb->csum_offset = offsetof(struct tcphdr, check);
941         skb->ip_summed = CHECKSUM_PARTIAL;
942         return 0;
943 }
944
945 static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
946                                  u32 ts, struct tcp_md5sig_key *key, int rst)
947 {
948         struct tcphdr *th = tcp_hdr(skb), *t1;
949         struct sk_buff *buff;
950         struct flowi fl;
951         struct net *net = dev_net(skb->dst->dev);
952         struct sock *ctl_sk = net->ipv6.tcp_sk;
953         unsigned int tot_len = sizeof(struct tcphdr);
954         __be32 *topt;
955
956         if (ts)
957                 tot_len += TCPOLEN_TSTAMP_ALIGNED;
958 #ifdef CONFIG_TCP_MD5SIG
959         if (key)
960                 tot_len += TCPOLEN_MD5SIG_ALIGNED;
961 #endif
962
963         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
964                          GFP_ATOMIC);
965         if (buff == NULL)
966                 return;
967
968         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
969
970         t1 = (struct tcphdr *) skb_push(buff, tot_len);
971
972         /* Swap the send and the receive. */
973         memset(t1, 0, sizeof(*t1));
974         t1->dest = th->source;
975         t1->source = th->dest;
976         t1->doff = tot_len / 4;
977         t1->seq = htonl(seq);
978         t1->ack_seq = htonl(ack);
979         t1->ack = !rst || !th->ack;
980         t1->rst = rst;
981         t1->window = htons(win);
982
983         topt = (__be32 *)(t1 + 1);
984
985         if (ts) {
986                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
987                                 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
988                 *topt++ = htonl(tcp_time_stamp);
989                 *topt++ = htonl(ts);
990         }
991
992 #ifdef CONFIG_TCP_MD5SIG
993         if (key) {
994                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
995                                 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
996                 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
997                                     &ipv6_hdr(skb)->saddr,
998                                     &ipv6_hdr(skb)->daddr, t1);
999         }
1000 #endif
1001
1002         buff->csum = csum_partial(t1, tot_len, 0);
1003
1004         memset(&fl, 0, sizeof(fl));
1005         ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1006         ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr);
1007
1008         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1009                                     tot_len, IPPROTO_TCP,
1010                                     buff->csum);
1011
1012         fl.proto = IPPROTO_TCP;
1013         fl.oif = inet6_iif(skb);
1014         fl.fl_ip_dport = t1->dest;
1015         fl.fl_ip_sport = t1->source;
1016         security_skb_classify_flow(skb, &fl);
1017
1018         /* Pass a socket to ip6_dst_lookup either it is for RST
1019          * Underlying function will use this to retrieve the network
1020          * namespace
1021          */
1022         if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) {
1023                 if (xfrm_lookup(net, &buff->dst, &fl, NULL, 0) >= 0) {
1024                         ip6_xmit(ctl_sk, buff, &fl, NULL, 0);
1025                         TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
1026                         if (rst)
1027                                 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
1028                         return;
1029                 }
1030         }
1031
1032         kfree_skb(buff);
1033 }
1034
1035 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
1036 {
1037         struct tcphdr *th = tcp_hdr(skb);
1038         u32 seq = 0, ack_seq = 0;
1039         struct tcp_md5sig_key *key = NULL;
1040
1041         if (th->rst)
1042                 return;
1043
1044         if (!ipv6_unicast_destination(skb))
1045                 return;
1046
1047 #ifdef CONFIG_TCP_MD5SIG
1048         if (sk)
1049                 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr);
1050 #endif
1051
1052         if (th->ack)
1053                 seq = ntohl(th->ack_seq);
1054         else
1055                 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
1056                           (th->doff << 2);
1057
1058         tcp_v6_send_response(skb, seq, ack_seq, 0, 0, key, 1);
1059 }
1060
1061 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts,
1062                             struct tcp_md5sig_key *key)
1063 {
1064         tcp_v6_send_response(skb, seq, ack, win, ts, key, 0);
1065 }
1066
1067 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1068 {
1069         struct inet_timewait_sock *tw = inet_twsk(sk);
1070         struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1071
1072         tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1073                         tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1074                         tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw));
1075
1076         inet_twsk_put(tw);
1077 }
1078
1079 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
1080                                   struct request_sock *req)
1081 {
1082         tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent,
1083                         tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr));
1084 }
1085
1086
1087 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1088 {
1089         struct request_sock *req, **prev;
1090         const struct tcphdr *th = tcp_hdr(skb);
1091         struct sock *nsk;
1092
1093         /* Find possible connection requests. */
1094         req = inet6_csk_search_req(sk, &prev, th->source,
1095                                    &ipv6_hdr(skb)->saddr,
1096                                    &ipv6_hdr(skb)->daddr, inet6_iif(skb));
1097         if (req)
1098                 return tcp_check_req(sk, skb, req, prev);
1099
1100         nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
1101                         &ipv6_hdr(skb)->saddr, th->source,
1102                         &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb));
1103
1104         if (nsk) {
1105                 if (nsk->sk_state != TCP_TIME_WAIT) {
1106                         bh_lock_sock(nsk);
1107                         return nsk;
1108                 }
1109                 inet_twsk_put(inet_twsk(nsk));
1110                 return NULL;
1111         }
1112
1113 #ifdef CONFIG_SYN_COOKIES
1114         if (!th->rst && !th->syn && th->ack)
1115                 sk = cookie_v6_check(sk, skb);
1116 #endif
1117         return sk;
1118 }
1119
1120 /* FIXME: this is substantially similar to the ipv4 code.
1121  * Can some kind of merge be done? -- erics
1122  */
1123 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1124 {
1125         struct inet6_request_sock *treq;
1126         struct ipv6_pinfo *np = inet6_sk(sk);
1127         struct tcp_options_received tmp_opt;
1128         struct tcp_sock *tp = tcp_sk(sk);
1129         struct request_sock *req = NULL;
1130         __u32 isn = TCP_SKB_CB(skb)->when;
1131 #ifdef CONFIG_SYN_COOKIES
1132         int want_cookie = 0;
1133 #else
1134 #define want_cookie 0
1135 #endif
1136
1137         if (skb->protocol == htons(ETH_P_IP))
1138                 return tcp_v4_conn_request(sk, skb);
1139
1140         if (!ipv6_unicast_destination(skb))
1141                 goto drop;
1142
1143         if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1144                 if (net_ratelimit())
1145                         syn_flood_warning(skb);
1146 #ifdef CONFIG_SYN_COOKIES
1147                 if (sysctl_tcp_syncookies)
1148                         want_cookie = 1;
1149                 else
1150 #endif
1151                 goto drop;
1152         }
1153
1154         if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1155                 goto drop;
1156
1157         req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
1158         if (req == NULL)
1159                 goto drop;
1160
1161 #ifdef CONFIG_TCP_MD5SIG
1162         tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
1163 #endif
1164
1165         tcp_clear_options(&tmp_opt);
1166         tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1167         tmp_opt.user_mss = tp->rx_opt.user_mss;
1168
1169         tcp_parse_options(skb, &tmp_opt, 0);
1170
1171         if (want_cookie && !tmp_opt.saw_tstamp)
1172                 tcp_clear_options(&tmp_opt);
1173
1174         tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1175         tcp_openreq_init(req, &tmp_opt, skb);
1176
1177         treq = inet6_rsk(req);
1178         ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr);
1179         ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr);
1180         if (!want_cookie)
1181                 TCP_ECN_create_request(req, tcp_hdr(skb));
1182
1183         if (want_cookie) {
1184                 isn = cookie_v6_init_sequence(sk, skb, &req->mss);
1185                 req->cookie_ts = tmp_opt.tstamp_ok;
1186         } else if (!isn) {
1187                 if (ipv6_opt_accepted(sk, skb) ||
1188                     np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1189                     np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1190                         atomic_inc(&skb->users);
1191                         treq->pktopts = skb;
1192                 }
1193                 treq->iif = sk->sk_bound_dev_if;
1194
1195                 /* So that link locals have meaning */
1196                 if (!sk->sk_bound_dev_if &&
1197                     ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1198                         treq->iif = inet6_iif(skb);
1199
1200                 isn = tcp_v6_init_sequence(skb);
1201         }
1202
1203         tcp_rsk(req)->snt_isn = isn;
1204
1205         security_inet_conn_request(sk, skb, req);
1206
1207         if (tcp_v6_send_synack(sk, req))
1208                 goto drop;
1209
1210         if (!want_cookie) {
1211                 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1212                 return 0;
1213         }
1214
1215 drop:
1216         if (req)
1217                 reqsk_free(req);
1218
1219         return 0; /* don't send reset */
1220 }
1221
1222 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1223                                           struct request_sock *req,
1224                                           struct dst_entry *dst)
1225 {
1226         struct inet6_request_sock *treq;
1227         struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1228         struct tcp6_sock *newtcp6sk;
1229         struct inet_sock *newinet;
1230         struct tcp_sock *newtp;
1231         struct sock *newsk;
1232         struct ipv6_txoptions *opt;
1233 #ifdef CONFIG_TCP_MD5SIG
1234         struct tcp_md5sig_key *key;
1235 #endif
1236
1237         if (skb->protocol == htons(ETH_P_IP)) {
1238                 /*
1239                  *      v6 mapped
1240                  */
1241
1242                 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1243
1244                 if (newsk == NULL)
1245                         return NULL;
1246
1247                 newtcp6sk = (struct tcp6_sock *)newsk;
1248                 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1249
1250                 newinet = inet_sk(newsk);
1251                 newnp = inet6_sk(newsk);
1252                 newtp = tcp_sk(newsk);
1253
1254                 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1255
1256                 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF),
1257                               newinet->daddr);
1258
1259                 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF),
1260                               newinet->saddr);
1261
1262                 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1263
1264                 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1265                 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1266 #ifdef CONFIG_TCP_MD5SIG
1267                 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1268 #endif
1269
1270                 newnp->pktoptions  = NULL;
1271                 newnp->opt         = NULL;
1272                 newnp->mcast_oif   = inet6_iif(skb);
1273                 newnp->mcast_hops  = ipv6_hdr(skb)->hop_limit;
1274
1275                 /*
1276                  * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1277                  * here, tcp_create_openreq_child now does this for us, see the comment in
1278                  * that function for the gory details. -acme
1279                  */
1280
1281                 /* It is tricky place. Until this moment IPv4 tcp
1282                    worked with IPv6 icsk.icsk_af_ops.
1283                    Sync it now.
1284                  */
1285                 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1286
1287                 return newsk;
1288         }
1289
1290         treq = inet6_rsk(req);
1291         opt = np->opt;
1292
1293         if (sk_acceptq_is_full(sk))
1294                 goto out_overflow;
1295
1296         if (dst == NULL) {
1297                 struct in6_addr *final_p = NULL, final;
1298                 struct flowi fl;
1299
1300                 memset(&fl, 0, sizeof(fl));
1301                 fl.proto = IPPROTO_TCP;
1302                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
1303                 if (opt && opt->srcrt) {
1304                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
1305                         ipv6_addr_copy(&final, &fl.fl6_dst);
1306                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1307                         final_p = &final;
1308                 }
1309                 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
1310                 fl.oif = sk->sk_bound_dev_if;
1311                 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
1312                 fl.fl_ip_sport = inet_rsk(req)->loc_port;
1313                 security_req_classify_flow(req, &fl);
1314
1315                 if (ip6_dst_lookup(sk, &dst, &fl))
1316                         goto out;
1317
1318                 if (final_p)
1319                         ipv6_addr_copy(&fl.fl6_dst, final_p);
1320
1321                 if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
1322                         goto out;
1323         }
1324
1325         newsk = tcp_create_openreq_child(sk, req, skb);
1326         if (newsk == NULL)
1327                 goto out;
1328
1329         /*
1330          * No need to charge this sock to the relevant IPv6 refcnt debug socks
1331          * count here, tcp_create_openreq_child now does this for us, see the
1332          * comment in that function for the gory details. -acme
1333          */
1334
1335         newsk->sk_gso_type = SKB_GSO_TCPV6;
1336         __ip6_dst_store(newsk, dst, NULL, NULL);
1337
1338         newtcp6sk = (struct tcp6_sock *)newsk;
1339         inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1340
1341         newtp = tcp_sk(newsk);
1342         newinet = inet_sk(newsk);
1343         newnp = inet6_sk(newsk);
1344
1345         memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1346
1347         ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1348         ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1349         ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1350         newsk->sk_bound_dev_if = treq->iif;
1351
1352         /* Now IPv6 options...
1353
1354            First: no IPv4 options.
1355          */
1356         newinet->opt = NULL;
1357         newnp->ipv6_fl_list = NULL;
1358
1359         /* Clone RX bits */
1360         newnp->rxopt.all = np->rxopt.all;
1361
1362         /* Clone pktoptions received with SYN */
1363         newnp->pktoptions = NULL;
1364         if (treq->pktopts != NULL) {
1365                 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1366                 kfree_skb(treq->pktopts);
1367                 treq->pktopts = NULL;
1368                 if (newnp->pktoptions)
1369                         skb_set_owner_r(newnp->pktoptions, newsk);
1370         }
1371         newnp->opt        = NULL;
1372         newnp->mcast_oif  = inet6_iif(skb);
1373         newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1374
1375         /* Clone native IPv6 options from listening socket (if any)
1376
1377            Yes, keeping reference count would be much more clever,
1378            but we make one more one thing there: reattach optmem
1379            to newsk.
1380          */
1381         if (opt) {
1382                 newnp->opt = ipv6_dup_options(newsk, opt);
1383                 if (opt != np->opt)
1384                         sock_kfree_s(sk, opt, opt->tot_len);
1385         }
1386
1387         inet_csk(newsk)->icsk_ext_hdr_len = 0;
1388         if (newnp->opt)
1389                 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1390                                                      newnp->opt->opt_flen);
1391
1392         tcp_mtup_init(newsk);
1393         tcp_sync_mss(newsk, dst_mtu(dst));
1394         newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1395         tcp_initialize_rcv_mss(newsk);
1396
1397         newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
1398
1399 #ifdef CONFIG_TCP_MD5SIG
1400         /* Copy over the MD5 key from the original socket */
1401         if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
1402                 /* We're using one, so create a matching key
1403                  * on the newsk structure. If we fail to get
1404                  * memory, then we end up not copying the key
1405                  * across. Shucks.
1406                  */
1407                 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1408                 if (newkey != NULL)
1409                         tcp_v6_md5_do_add(newsk, &inet6_sk(sk)->daddr,
1410                                           newkey, key->keylen);
1411         }
1412 #endif
1413
1414         __inet6_hash(newsk);
1415         __inet_inherit_port(sk, newsk);
1416
1417         return newsk;
1418
1419 out_overflow:
1420         NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1421 out:
1422         NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1423         if (opt && opt != np->opt)
1424                 sock_kfree_s(sk, opt, opt->tot_len);
1425         dst_release(dst);
1426         return NULL;
1427 }
1428
1429 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1430 {
1431         if (skb->ip_summed == CHECKSUM_COMPLETE) {
1432                 if (!tcp_v6_check(tcp_hdr(skb), skb->len, &ipv6_hdr(skb)->saddr,
1433                                   &ipv6_hdr(skb)->daddr, skb->csum)) {
1434                         skb->ip_summed = CHECKSUM_UNNECESSARY;
1435                         return 0;
1436                 }
1437         }
1438
1439         skb->csum = ~csum_unfold(tcp_v6_check(tcp_hdr(skb), skb->len,
1440                                               &ipv6_hdr(skb)->saddr,
1441                                               &ipv6_hdr(skb)->daddr, 0));
1442
1443         if (skb->len <= 76) {
1444                 return __skb_checksum_complete(skb);
1445         }
1446         return 0;
1447 }
1448
1449 /* The socket must have it's spinlock held when we get
1450  * here.
1451  *
1452  * We have a potential double-lock case here, so even when
1453  * doing backlog processing we use the BH locking scheme.
1454  * This is because we cannot sleep with the original spinlock
1455  * held.
1456  */
1457 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1458 {
1459         struct ipv6_pinfo *np = inet6_sk(sk);
1460         struct tcp_sock *tp;
1461         struct sk_buff *opt_skb = NULL;
1462
1463         /* Imagine: socket is IPv6. IPv4 packet arrives,
1464            goes to IPv4 receive handler and backlogged.
1465            From backlog it always goes here. Kerboom...
1466            Fortunately, tcp_rcv_established and rcv_established
1467            handle them correctly, but it is not case with
1468            tcp_v6_hnd_req and tcp_v6_send_reset().   --ANK
1469          */
1470
1471         if (skb->protocol == htons(ETH_P_IP))
1472                 return tcp_v4_do_rcv(sk, skb);
1473
1474 #ifdef CONFIG_TCP_MD5SIG
1475         if (tcp_v6_inbound_md5_hash (sk, skb))
1476                 goto discard;
1477 #endif
1478
1479         if (sk_filter(sk, skb))
1480                 goto discard;
1481
1482         /*
1483          *      socket locking is here for SMP purposes as backlog rcv
1484          *      is currently called with bh processing disabled.
1485          */
1486
1487         /* Do Stevens' IPV6_PKTOPTIONS.
1488
1489            Yes, guys, it is the only place in our code, where we
1490            may make it not affecting IPv4.
1491            The rest of code is protocol independent,
1492            and I do not like idea to uglify IPv4.
1493
1494            Actually, all the idea behind IPV6_PKTOPTIONS
1495            looks not very well thought. For now we latch
1496            options, received in the last packet, enqueued
1497            by tcp. Feel free to propose better solution.
1498                                                --ANK (980728)
1499          */
1500         if (np->rxopt.all)
1501                 opt_skb = skb_clone(skb, GFP_ATOMIC);
1502
1503         if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1504                 TCP_CHECK_TIMER(sk);
1505                 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len))
1506                         goto reset;
1507                 TCP_CHECK_TIMER(sk);
1508                 if (opt_skb)
1509                         goto ipv6_pktoptions;
1510                 return 0;
1511         }
1512
1513         if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1514                 goto csum_err;
1515
1516         if (sk->sk_state == TCP_LISTEN) {
1517                 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1518                 if (!nsk)
1519                         goto discard;
1520
1521                 /*
1522                  * Queue it on the new socket if the new socket is active,
1523                  * otherwise we just shortcircuit this and continue with
1524                  * the new socket..
1525                  */
1526                 if(nsk != sk) {
1527                         if (tcp_child_process(sk, nsk, skb))
1528                                 goto reset;
1529                         if (opt_skb)
1530                                 __kfree_skb(opt_skb);
1531                         return 0;
1532                 }
1533         }
1534
1535         TCP_CHECK_TIMER(sk);
1536         if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1537                 goto reset;
1538         TCP_CHECK_TIMER(sk);
1539         if (opt_skb)
1540                 goto ipv6_pktoptions;
1541         return 0;
1542
1543 reset:
1544         tcp_v6_send_reset(sk, skb);
1545 discard:
1546         if (opt_skb)
1547                 __kfree_skb(opt_skb);
1548         kfree_skb(skb);
1549         return 0;
1550 csum_err:
1551         TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1552         goto discard;
1553
1554
1555 ipv6_pktoptions:
1556         /* Do you ask, what is it?
1557
1558            1. skb was enqueued by tcp.
1559            2. skb is added to tail of read queue, rather than out of order.
1560            3. socket is not in passive state.
1561            4. Finally, it really contains options, which user wants to receive.
1562          */
1563         tp = tcp_sk(sk);
1564         if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1565             !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1566                 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1567                         np->mcast_oif = inet6_iif(opt_skb);
1568                 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1569                         np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1570                 if (ipv6_opt_accepted(sk, opt_skb)) {
1571                         skb_set_owner_r(opt_skb, sk);
1572                         opt_skb = xchg(&np->pktoptions, opt_skb);
1573                 } else {
1574                         __kfree_skb(opt_skb);
1575                         opt_skb = xchg(&np->pktoptions, NULL);
1576                 }
1577         }
1578
1579         if (opt_skb)
1580                 kfree_skb(opt_skb);
1581         return 0;
1582 }
1583
1584 static int tcp_v6_rcv(struct sk_buff *skb)
1585 {
1586         struct tcphdr *th;
1587         struct sock *sk;
1588         int ret;
1589         struct net *net = dev_net(skb->dev);
1590
1591         if (skb->pkt_type != PACKET_HOST)
1592                 goto discard_it;
1593
1594         /*
1595          *      Count it even if it's bad.
1596          */
1597         TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1598
1599         if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1600                 goto discard_it;
1601
1602         th = tcp_hdr(skb);
1603
1604         if (th->doff < sizeof(struct tcphdr)/4)
1605                 goto bad_packet;
1606         if (!pskb_may_pull(skb, th->doff*4))
1607                 goto discard_it;
1608
1609         if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb))
1610                 goto bad_packet;
1611
1612         th = tcp_hdr(skb);
1613         TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1614         TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1615                                     skb->len - th->doff*4);
1616         TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1617         TCP_SKB_CB(skb)->when = 0;
1618         TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb));
1619         TCP_SKB_CB(skb)->sacked = 0;
1620
1621         sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
1622         if (!sk)
1623                 goto no_tcp_socket;
1624
1625 process:
1626         if (sk->sk_state == TCP_TIME_WAIT)
1627                 goto do_time_wait;
1628
1629         if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1630                 goto discard_and_relse;
1631
1632         if (sk_filter(sk, skb))
1633                 goto discard_and_relse;
1634
1635         skb->dev = NULL;
1636
1637         bh_lock_sock_nested(sk);
1638         ret = 0;
1639         if (!sock_owned_by_user(sk)) {
1640 #ifdef CONFIG_NET_DMA
1641                 struct tcp_sock *tp = tcp_sk(sk);
1642                 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1643                         tp->ucopy.dma_chan = get_softnet_dma();
1644                 if (tp->ucopy.dma_chan)
1645                         ret = tcp_v6_do_rcv(sk, skb);
1646                 else
1647 #endif
1648                 {
1649                         if (!tcp_prequeue(sk, skb))
1650                                 ret = tcp_v6_do_rcv(sk, skb);
1651                 }
1652         } else
1653                 sk_add_backlog(sk, skb);
1654         bh_unlock_sock(sk);
1655
1656         sock_put(sk);
1657         return ret ? -1 : 0;
1658
1659 no_tcp_socket:
1660         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1661                 goto discard_it;
1662
1663         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1664 bad_packet:
1665                 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1666         } else {
1667                 tcp_v6_send_reset(NULL, skb);
1668         }
1669
1670 discard_it:
1671
1672         /*
1673          *      Discard frame
1674          */
1675
1676         kfree_skb(skb);
1677         return 0;
1678
1679 discard_and_relse:
1680         sock_put(sk);
1681         goto discard_it;
1682
1683 do_time_wait:
1684         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1685                 inet_twsk_put(inet_twsk(sk));
1686                 goto discard_it;
1687         }
1688
1689         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1690                 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1691                 inet_twsk_put(inet_twsk(sk));
1692                 goto discard_it;
1693         }
1694
1695         switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1696         case TCP_TW_SYN:
1697         {
1698                 struct sock *sk2;
1699
1700                 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1701                                             &ipv6_hdr(skb)->daddr,
1702                                             ntohs(th->dest), inet6_iif(skb));
1703                 if (sk2 != NULL) {
1704                         struct inet_timewait_sock *tw = inet_twsk(sk);
1705                         inet_twsk_deschedule(tw, &tcp_death_row);
1706                         inet_twsk_put(tw);
1707                         sk = sk2;
1708                         goto process;
1709                 }
1710                 /* Fall through to ACK */
1711         }
1712         case TCP_TW_ACK:
1713                 tcp_v6_timewait_ack(sk, skb);
1714                 break;
1715         case TCP_TW_RST:
1716                 goto no_tcp_socket;
1717         case TCP_TW_SUCCESS:;
1718         }
1719         goto discard_it;
1720 }
1721
1722 static int tcp_v6_remember_stamp(struct sock *sk)
1723 {
1724         /* Alas, not yet... */
1725         return 0;
1726 }
1727
1728 static struct inet_connection_sock_af_ops ipv6_specific = {
1729         .queue_xmit        = inet6_csk_xmit,
1730         .send_check        = tcp_v6_send_check,
1731         .rebuild_header    = inet6_sk_rebuild_header,
1732         .conn_request      = tcp_v6_conn_request,
1733         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1734         .remember_stamp    = tcp_v6_remember_stamp,
1735         .net_header_len    = sizeof(struct ipv6hdr),
1736         .setsockopt        = ipv6_setsockopt,
1737         .getsockopt        = ipv6_getsockopt,
1738         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1739         .sockaddr_len      = sizeof(struct sockaddr_in6),
1740         .bind_conflict     = inet6_csk_bind_conflict,
1741 #ifdef CONFIG_COMPAT
1742         .compat_setsockopt = compat_ipv6_setsockopt,
1743         .compat_getsockopt = compat_ipv6_getsockopt,
1744 #endif
1745 };
1746
1747 #ifdef CONFIG_TCP_MD5SIG
1748 static struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1749         .md5_lookup     =       tcp_v6_md5_lookup,
1750         .calc_md5_hash  =       tcp_v6_md5_hash_skb,
1751         .md5_add        =       tcp_v6_md5_add_func,
1752         .md5_parse      =       tcp_v6_parse_md5_keys,
1753 };
1754 #endif
1755
1756 /*
1757  *      TCP over IPv4 via INET6 API
1758  */
1759
1760 static struct inet_connection_sock_af_ops ipv6_mapped = {
1761         .queue_xmit        = ip_queue_xmit,
1762         .send_check        = tcp_v4_send_check,
1763         .rebuild_header    = inet_sk_rebuild_header,
1764         .conn_request      = tcp_v6_conn_request,
1765         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1766         .remember_stamp    = tcp_v4_remember_stamp,
1767         .net_header_len    = sizeof(struct iphdr),
1768         .setsockopt        = ipv6_setsockopt,
1769         .getsockopt        = ipv6_getsockopt,
1770         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1771         .sockaddr_len      = sizeof(struct sockaddr_in6),
1772         .bind_conflict     = inet6_csk_bind_conflict,
1773 #ifdef CONFIG_COMPAT
1774         .compat_setsockopt = compat_ipv6_setsockopt,
1775         .compat_getsockopt = compat_ipv6_getsockopt,
1776 #endif
1777 };
1778
1779 #ifdef CONFIG_TCP_MD5SIG
1780 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1781         .md5_lookup     =       tcp_v4_md5_lookup,
1782         .calc_md5_hash  =       tcp_v4_md5_hash_skb,
1783         .md5_add        =       tcp_v6_md5_add_func,
1784         .md5_parse      =       tcp_v6_parse_md5_keys,
1785 };
1786 #endif
1787
1788 /* NOTE: A lot of things set to zero explicitly by call to
1789  *       sk_alloc() so need not be done here.
1790  */
1791 static int tcp_v6_init_sock(struct sock *sk)
1792 {
1793         struct inet_connection_sock *icsk = inet_csk(sk);
1794         struct tcp_sock *tp = tcp_sk(sk);
1795
1796         skb_queue_head_init(&tp->out_of_order_queue);
1797         tcp_init_xmit_timers(sk);
1798         tcp_prequeue_init(tp);
1799
1800         icsk->icsk_rto = TCP_TIMEOUT_INIT;
1801         tp->mdev = TCP_TIMEOUT_INIT;
1802
1803         /* So many TCP implementations out there (incorrectly) count the
1804          * initial SYN frame in their delayed-ACK and congestion control
1805          * algorithms that we must have the following bandaid to talk
1806          * efficiently to them.  -DaveM
1807          */
1808         tp->snd_cwnd = 2;
1809
1810         /* See draft-stevens-tcpca-spec-01 for discussion of the
1811          * initialization of these values.
1812          */
1813         tp->snd_ssthresh = 0x7fffffff;
1814         tp->snd_cwnd_clamp = ~0;
1815         tp->mss_cache = 536;
1816
1817         tp->reordering = sysctl_tcp_reordering;
1818
1819         sk->sk_state = TCP_CLOSE;
1820
1821         icsk->icsk_af_ops = &ipv6_specific;
1822         icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1823         icsk->icsk_sync_mss = tcp_sync_mss;
1824         sk->sk_write_space = sk_stream_write_space;
1825         sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1826
1827 #ifdef CONFIG_TCP_MD5SIG
1828         tp->af_specific = &tcp_sock_ipv6_specific;
1829 #endif
1830
1831         sk->sk_sndbuf = sysctl_tcp_wmem[1];
1832         sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1833
1834         local_bh_disable();
1835         percpu_counter_inc(&tcp_sockets_allocated);
1836         local_bh_enable();
1837
1838         return 0;
1839 }
1840
1841 static void tcp_v6_destroy_sock(struct sock *sk)
1842 {
1843 #ifdef CONFIG_TCP_MD5SIG
1844         /* Clean up the MD5 key list */
1845         if (tcp_sk(sk)->md5sig_info)
1846                 tcp_v6_clear_md5_list(sk);
1847 #endif
1848         tcp_v4_destroy_sock(sk);
1849         inet6_destroy_sock(sk);
1850 }
1851
1852 #ifdef CONFIG_PROC_FS
1853 /* Proc filesystem TCPv6 sock list dumping. */
1854 static void get_openreq6(struct seq_file *seq,
1855                          struct sock *sk, struct request_sock *req, int i, int uid)
1856 {
1857         int ttd = req->expires - jiffies;
1858         struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1859         struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1860
1861         if (ttd < 0)
1862                 ttd = 0;
1863
1864         seq_printf(seq,
1865                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1866                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1867                    i,
1868                    src->s6_addr32[0], src->s6_addr32[1],
1869                    src->s6_addr32[2], src->s6_addr32[3],
1870                    ntohs(inet_rsk(req)->loc_port),
1871                    dest->s6_addr32[0], dest->s6_addr32[1],
1872                    dest->s6_addr32[2], dest->s6_addr32[3],
1873                    ntohs(inet_rsk(req)->rmt_port),
1874                    TCP_SYN_RECV,
1875                    0,0, /* could print option size, but that is af dependent. */
1876                    1,   /* timers active (only the expire timer) */
1877                    jiffies_to_clock_t(ttd),
1878                    req->retrans,
1879                    uid,
1880                    0,  /* non standard timer */
1881                    0, /* open_requests have no inode */
1882                    0, req);
1883 }
1884
1885 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1886 {
1887         struct in6_addr *dest, *src;
1888         __u16 destp, srcp;
1889         int timer_active;
1890         unsigned long timer_expires;
1891         struct inet_sock *inet = inet_sk(sp);
1892         struct tcp_sock *tp = tcp_sk(sp);
1893         const struct inet_connection_sock *icsk = inet_csk(sp);
1894         struct ipv6_pinfo *np = inet6_sk(sp);
1895
1896         dest  = &np->daddr;
1897         src   = &np->rcv_saddr;
1898         destp = ntohs(inet->dport);
1899         srcp  = ntohs(inet->sport);
1900
1901         if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1902                 timer_active    = 1;
1903                 timer_expires   = icsk->icsk_timeout;
1904         } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1905                 timer_active    = 4;
1906                 timer_expires   = icsk->icsk_timeout;
1907         } else if (timer_pending(&sp->sk_timer)) {
1908                 timer_active    = 2;
1909                 timer_expires   = sp->sk_timer.expires;
1910         } else {
1911                 timer_active    = 0;
1912                 timer_expires = jiffies;
1913         }
1914
1915         seq_printf(seq,
1916                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1917                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %lu %lu %u %u %d\n",
1918                    i,
1919                    src->s6_addr32[0], src->s6_addr32[1],
1920                    src->s6_addr32[2], src->s6_addr32[3], srcp,
1921                    dest->s6_addr32[0], dest->s6_addr32[1],
1922                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
1923                    sp->sk_state,
1924                    tp->write_seq-tp->snd_una,
1925                    (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
1926                    timer_active,
1927                    jiffies_to_clock_t(timer_expires - jiffies),
1928                    icsk->icsk_retransmits,
1929                    sock_i_uid(sp),
1930                    icsk->icsk_probes_out,
1931                    sock_i_ino(sp),
1932                    atomic_read(&sp->sk_refcnt), sp,
1933                    jiffies_to_clock_t(icsk->icsk_rto),
1934                    jiffies_to_clock_t(icsk->icsk_ack.ato),
1935                    (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
1936                    tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
1937                    );
1938 }
1939
1940 static void get_timewait6_sock(struct seq_file *seq,
1941                                struct inet_timewait_sock *tw, int i)
1942 {
1943         struct in6_addr *dest, *src;
1944         __u16 destp, srcp;
1945         struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
1946         int ttd = tw->tw_ttd - jiffies;
1947
1948         if (ttd < 0)
1949                 ttd = 0;
1950
1951         dest = &tw6->tw_v6_daddr;
1952         src  = &tw6->tw_v6_rcv_saddr;
1953         destp = ntohs(tw->tw_dport);
1954         srcp  = ntohs(tw->tw_sport);
1955
1956         seq_printf(seq,
1957                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1958                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1959                    i,
1960                    src->s6_addr32[0], src->s6_addr32[1],
1961                    src->s6_addr32[2], src->s6_addr32[3], srcp,
1962                    dest->s6_addr32[0], dest->s6_addr32[1],
1963                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
1964                    tw->tw_substate, 0, 0,
1965                    3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
1966                    atomic_read(&tw->tw_refcnt), tw);
1967 }
1968
1969 static int tcp6_seq_show(struct seq_file *seq, void *v)
1970 {
1971         struct tcp_iter_state *st;
1972
1973         if (v == SEQ_START_TOKEN) {
1974                 seq_puts(seq,
1975                          "  sl  "
1976                          "local_address                         "
1977                          "remote_address                        "
1978                          "st tx_queue rx_queue tr tm->when retrnsmt"
1979                          "   uid  timeout inode\n");
1980                 goto out;
1981         }
1982         st = seq->private;
1983
1984         switch (st->state) {
1985         case TCP_SEQ_STATE_LISTENING:
1986         case TCP_SEQ_STATE_ESTABLISHED:
1987                 get_tcp6_sock(seq, v, st->num);
1988                 break;
1989         case TCP_SEQ_STATE_OPENREQ:
1990                 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
1991                 break;
1992         case TCP_SEQ_STATE_TIME_WAIT:
1993                 get_timewait6_sock(seq, v, st->num);
1994                 break;
1995         }
1996 out:
1997         return 0;
1998 }
1999
2000 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2001         .name           = "tcp6",
2002         .family         = AF_INET6,
2003         .seq_fops       = {
2004                 .owner          = THIS_MODULE,
2005         },
2006         .seq_ops        = {
2007                 .show           = tcp6_seq_show,
2008         },
2009 };
2010
2011 int tcp6_proc_init(struct net *net)
2012 {
2013         return tcp_proc_register(net, &tcp6_seq_afinfo);
2014 }
2015
2016 void tcp6_proc_exit(struct net *net)
2017 {
2018         tcp_proc_unregister(net, &tcp6_seq_afinfo);
2019 }
2020 #endif
2021
2022 struct proto tcpv6_prot = {
2023         .name                   = "TCPv6",
2024         .owner                  = THIS_MODULE,
2025         .close                  = tcp_close,
2026         .connect                = tcp_v6_connect,
2027         .disconnect             = tcp_disconnect,
2028         .accept                 = inet_csk_accept,
2029         .ioctl                  = tcp_ioctl,
2030         .init                   = tcp_v6_init_sock,
2031         .destroy                = tcp_v6_destroy_sock,
2032         .shutdown               = tcp_shutdown,
2033         .setsockopt             = tcp_setsockopt,
2034         .getsockopt             = tcp_getsockopt,
2035         .recvmsg                = tcp_recvmsg,
2036         .backlog_rcv            = tcp_v6_do_rcv,
2037         .hash                   = tcp_v6_hash,
2038         .unhash                 = inet_unhash,
2039         .get_port               = inet_csk_get_port,
2040         .enter_memory_pressure  = tcp_enter_memory_pressure,
2041         .sockets_allocated      = &tcp_sockets_allocated,
2042         .memory_allocated       = &tcp_memory_allocated,
2043         .memory_pressure        = &tcp_memory_pressure,
2044         .orphan_count           = &tcp_orphan_count,
2045         .sysctl_mem             = sysctl_tcp_mem,
2046         .sysctl_wmem            = sysctl_tcp_wmem,
2047         .sysctl_rmem            = sysctl_tcp_rmem,
2048         .max_header             = MAX_TCP_HEADER,
2049         .obj_size               = sizeof(struct tcp6_sock),
2050         .slab_flags             = SLAB_DESTROY_BY_RCU,
2051         .twsk_prot              = &tcp6_timewait_sock_ops,
2052         .rsk_prot               = &tcp6_request_sock_ops,
2053         .h.hashinfo             = &tcp_hashinfo,
2054 #ifdef CONFIG_COMPAT
2055         .compat_setsockopt      = compat_tcp_setsockopt,
2056         .compat_getsockopt      = compat_tcp_getsockopt,
2057 #endif
2058 };
2059
2060 static struct inet6_protocol tcpv6_protocol = {
2061         .handler        =       tcp_v6_rcv,
2062         .err_handler    =       tcp_v6_err,
2063         .gso_send_check =       tcp_v6_gso_send_check,
2064         .gso_segment    =       tcp_tso_segment,
2065         .flags          =       INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2066 };
2067
2068 static struct inet_protosw tcpv6_protosw = {
2069         .type           =       SOCK_STREAM,
2070         .protocol       =       IPPROTO_TCP,
2071         .prot           =       &tcpv6_prot,
2072         .ops            =       &inet6_stream_ops,
2073         .capability     =       -1,
2074         .no_check       =       0,
2075         .flags          =       INET_PROTOSW_PERMANENT |
2076                                 INET_PROTOSW_ICSK,
2077 };
2078
2079 static int tcpv6_net_init(struct net *net)
2080 {
2081         return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2082                                     SOCK_RAW, IPPROTO_TCP, net);
2083 }
2084
2085 static void tcpv6_net_exit(struct net *net)
2086 {
2087         inet_ctl_sock_destroy(net->ipv6.tcp_sk);
2088         inet_twsk_purge(net, &tcp_hashinfo, &tcp_death_row, AF_INET6);
2089 }
2090
2091 static struct pernet_operations tcpv6_net_ops = {
2092         .init = tcpv6_net_init,
2093         .exit = tcpv6_net_exit,
2094 };
2095
2096 int __init tcpv6_init(void)
2097 {
2098         int ret;
2099
2100         ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2101         if (ret)
2102                 goto out;
2103
2104         /* register inet6 protocol */
2105         ret = inet6_register_protosw(&tcpv6_protosw);
2106         if (ret)
2107                 goto out_tcpv6_protocol;
2108
2109         ret = register_pernet_subsys(&tcpv6_net_ops);
2110         if (ret)
2111                 goto out_tcpv6_protosw;
2112 out:
2113         return ret;
2114
2115 out_tcpv6_protocol:
2116         inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2117 out_tcpv6_protosw:
2118         inet6_unregister_protosw(&tcpv6_protosw);
2119         goto out;
2120 }
2121
2122 void tcpv6_exit(void)
2123 {
2124         unregister_pernet_subsys(&tcpv6_net_ops);
2125         inet6_unregister_protosw(&tcpv6_protosw);
2126         inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2127 }