Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
[linux-2.6] / net / ipv6 / tcp_ipv6.c
1 /*
2  *      TCP over IPv6
3  *      Linux INET6 implementation 
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>     
7  *
8  *      $Id: tcp_ipv6.c,v 1.144 2002/02/01 22:01:04 davem Exp $
9  *
10  *      Based on: 
11  *      linux/net/ipv4/tcp.c
12  *      linux/net/ipv4/tcp_input.c
13  *      linux/net/ipv4/tcp_output.c
14  *
15  *      Fixes:
16  *      Hideaki YOSHIFUJI       :       sin6_scope_id support
17  *      YOSHIFUJI Hideaki @USAGI and:   Support IPV6_V6ONLY socket option, which
18  *      Alexey Kuznetsov                allow both IPv4 and IPv6 sockets to bind
19  *                                      a single port at the same time.
20  *      YOSHIFUJI Hideaki @USAGI:       convert /proc/net/tcp6 to seq_file.
21  *
22  *      This program is free software; you can redistribute it and/or
23  *      modify it under the terms of the GNU General Public License
24  *      as published by the Free Software Foundation; either version
25  *      2 of the License, or (at your option) any later version.
26  */
27
28 #include <linux/module.h>
29 #include <linux/config.h>
30 #include <linux/errno.h>
31 #include <linux/types.h>
32 #include <linux/socket.h>
33 #include <linux/sockios.h>
34 #include <linux/net.h>
35 #include <linux/jiffies.h>
36 #include <linux/in.h>
37 #include <linux/in6.h>
38 #include <linux/netdevice.h>
39 #include <linux/init.h>
40 #include <linux/jhash.h>
41 #include <linux/ipsec.h>
42 #include <linux/times.h>
43
44 #include <linux/ipv6.h>
45 #include <linux/icmpv6.h>
46 #include <linux/random.h>
47
48 #include <net/tcp.h>
49 #include <net/ndisc.h>
50 #include <net/inet6_hashtables.h>
51 #include <net/ipv6.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
58 #include <net/xfrm.h>
59 #include <net/addrconf.h>
60 #include <net/snmp.h>
61 #include <net/dsfield.h>
62
63 #include <asm/uaccess.h>
64
65 #include <linux/proc_fs.h>
66 #include <linux/seq_file.h>
67
68 static void     tcp_v6_send_reset(struct sk_buff *skb);
69 static void     tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req);
70 static void     tcp_v6_send_check(struct sock *sk, struct tcphdr *th, int len, 
71                                   struct sk_buff *skb);
72
73 static int      tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
74 static int      tcp_v6_xmit(struct sk_buff *skb, int ipfragok);
75
76 static struct tcp_func ipv6_mapped;
77 static struct tcp_func ipv6_specific;
78
79 static inline int tcp_v6_bind_conflict(const struct sock *sk,
80                                        const struct inet_bind_bucket *tb)
81 {
82         const struct sock *sk2;
83         const struct hlist_node *node;
84
85         /* We must walk the whole port owner list in this case. -DaveM */
86         sk_for_each_bound(sk2, node, &tb->owners) {
87                 if (sk != sk2 &&
88                     (!sk->sk_bound_dev_if ||
89                      !sk2->sk_bound_dev_if ||
90                      sk->sk_bound_dev_if == sk2->sk_bound_dev_if) &&
91                     (!sk->sk_reuse || !sk2->sk_reuse ||
92                      sk2->sk_state == TCP_LISTEN) &&
93                      ipv6_rcv_saddr_equal(sk, sk2))
94                         break;
95         }
96
97         return node != NULL;
98 }
99
100 /* Grrr, addr_type already calculated by caller, but I don't want
101  * to add some silly "cookie" argument to this method just for that.
102  * But it doesn't matter, the recalculation is in the rarest path
103  * this function ever takes.
104  */
105 static int tcp_v6_get_port(struct sock *sk, unsigned short snum)
106 {
107         struct inet_bind_hashbucket *head;
108         struct inet_bind_bucket *tb;
109         struct hlist_node *node;
110         int ret;
111
112         local_bh_disable();
113         if (snum == 0) {
114                 int low = sysctl_local_port_range[0];
115                 int high = sysctl_local_port_range[1];
116                 int remaining = (high - low) + 1;
117                 int rover = net_random() % (high - low) + low;
118
119                 do {
120                         head = &tcp_hashinfo.bhash[inet_bhashfn(rover, tcp_hashinfo.bhash_size)];
121                         spin_lock(&head->lock);
122                         inet_bind_bucket_for_each(tb, node, &head->chain)
123                                 if (tb->port == rover)
124                                         goto next;
125                         break;
126                 next:
127                         spin_unlock(&head->lock);
128                         if (++rover > high)
129                                 rover = low;
130                 } while (--remaining > 0);
131
132                 /* Exhausted local port range during search?  It is not
133                  * possible for us to be holding one of the bind hash
134                  * locks if this test triggers, because if 'remaining'
135                  * drops to zero, we broke out of the do/while loop at
136                  * the top level, not from the 'break;' statement.
137                  */
138                 ret = 1;
139                 if (unlikely(remaining <= 0))
140                         goto fail;
141
142                 /* OK, here is the one we will use. */
143                 snum = rover;
144         } else {
145                 head = &tcp_hashinfo.bhash[inet_bhashfn(snum, tcp_hashinfo.bhash_size)];
146                 spin_lock(&head->lock);
147                 inet_bind_bucket_for_each(tb, node, &head->chain)
148                         if (tb->port == snum)
149                                 goto tb_found;
150         }
151         tb = NULL;
152         goto tb_not_found;
153 tb_found:
154         if (tb && !hlist_empty(&tb->owners)) {
155                 if (tb->fastreuse > 0 && sk->sk_reuse &&
156                     sk->sk_state != TCP_LISTEN) {
157                         goto success;
158                 } else {
159                         ret = 1;
160                         if (tcp_v6_bind_conflict(sk, tb))
161                                 goto fail_unlock;
162                 }
163         }
164 tb_not_found:
165         ret = 1;
166         if (tb == NULL) {
167                 tb = inet_bind_bucket_create(tcp_hashinfo.bind_bucket_cachep, head, snum);
168                 if (tb == NULL)
169                         goto fail_unlock;
170         }
171         if (hlist_empty(&tb->owners)) {
172                 if (sk->sk_reuse && sk->sk_state != TCP_LISTEN)
173                         tb->fastreuse = 1;
174                 else
175                         tb->fastreuse = 0;
176         } else if (tb->fastreuse &&
177                    (!sk->sk_reuse || sk->sk_state == TCP_LISTEN))
178                 tb->fastreuse = 0;
179
180 success:
181         if (!inet_csk(sk)->icsk_bind_hash)
182                 inet_bind_hash(sk, tb, snum);
183         BUG_TRAP(inet_csk(sk)->icsk_bind_hash == tb);
184         ret = 0;
185
186 fail_unlock:
187         spin_unlock(&head->lock);
188 fail:
189         local_bh_enable();
190         return ret;
191 }
192
193 static __inline__ void __tcp_v6_hash(struct sock *sk)
194 {
195         struct hlist_head *list;
196         rwlock_t *lock;
197
198         BUG_TRAP(sk_unhashed(sk));
199
200         if (sk->sk_state == TCP_LISTEN) {
201                 list = &tcp_hashinfo.listening_hash[inet_sk_listen_hashfn(sk)];
202                 lock = &tcp_hashinfo.lhash_lock;
203                 inet_listen_wlock(&tcp_hashinfo);
204         } else {
205                 unsigned int hash;
206                 sk->sk_hash = hash = inet6_sk_ehashfn(sk);
207                 hash &= (tcp_hashinfo.ehash_size - 1);
208                 list = &tcp_hashinfo.ehash[hash].chain;
209                 lock = &tcp_hashinfo.ehash[hash].lock;
210                 write_lock(lock);
211         }
212
213         __sk_add_node(sk, list);
214         sock_prot_inc_use(sk->sk_prot);
215         write_unlock(lock);
216 }
217
218
219 static void tcp_v6_hash(struct sock *sk)
220 {
221         if (sk->sk_state != TCP_CLOSE) {
222                 struct tcp_sock *tp = tcp_sk(sk);
223
224                 if (tp->af_specific == &ipv6_mapped) {
225                         tcp_prot.hash(sk);
226                         return;
227                 }
228                 local_bh_disable();
229                 __tcp_v6_hash(sk);
230                 local_bh_enable();
231         }
232 }
233
234 /*
235  * Open request hash tables.
236  */
237
238 static u32 tcp_v6_synq_hash(const struct in6_addr *raddr, const u16 rport, const u32 rnd)
239 {
240         u32 a, b, c;
241
242         a = raddr->s6_addr32[0];
243         b = raddr->s6_addr32[1];
244         c = raddr->s6_addr32[2];
245
246         a += JHASH_GOLDEN_RATIO;
247         b += JHASH_GOLDEN_RATIO;
248         c += rnd;
249         __jhash_mix(a, b, c);
250
251         a += raddr->s6_addr32[3];
252         b += (u32) rport;
253         __jhash_mix(a, b, c);
254
255         return c & (TCP_SYNQ_HSIZE - 1);
256 }
257
258 static struct request_sock *tcp_v6_search_req(const struct sock *sk,
259                                               struct request_sock ***prevp,
260                                               __u16 rport,
261                                               struct in6_addr *raddr,
262                                               struct in6_addr *laddr,
263                                               int iif)
264 {
265         const struct inet_connection_sock *icsk = inet_csk(sk);
266         struct listen_sock *lopt = icsk->icsk_accept_queue.listen_opt;
267         struct request_sock *req, **prev;  
268
269         for (prev = &lopt->syn_table[tcp_v6_synq_hash(raddr, rport, lopt->hash_rnd)];
270              (req = *prev) != NULL;
271              prev = &req->dl_next) {
272                 const struct tcp6_request_sock *treq = tcp6_rsk(req);
273
274                 if (inet_rsk(req)->rmt_port == rport &&
275                     req->rsk_ops->family == AF_INET6 &&
276                     ipv6_addr_equal(&treq->rmt_addr, raddr) &&
277                     ipv6_addr_equal(&treq->loc_addr, laddr) &&
278                     (!treq->iif || treq->iif == iif)) {
279                         BUG_TRAP(req->sk == NULL);
280                         *prevp = prev;
281                         return req;
282                 }
283         }
284
285         return NULL;
286 }
287
288 static __inline__ u16 tcp_v6_check(struct tcphdr *th, int len,
289                                    struct in6_addr *saddr, 
290                                    struct in6_addr *daddr, 
291                                    unsigned long base)
292 {
293         return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
294 }
295
296 static __u32 tcp_v6_init_sequence(struct sock *sk, struct sk_buff *skb)
297 {
298         if (skb->protocol == htons(ETH_P_IPV6)) {
299                 return secure_tcpv6_sequence_number(skb->nh.ipv6h->daddr.s6_addr32,
300                                                     skb->nh.ipv6h->saddr.s6_addr32,
301                                                     skb->h.th->dest,
302                                                     skb->h.th->source);
303         } else {
304                 return secure_tcp_sequence_number(skb->nh.iph->daddr,
305                                                   skb->nh.iph->saddr,
306                                                   skb->h.th->dest,
307                                                   skb->h.th->source);
308         }
309 }
310
311 static int __tcp_v6_check_established(struct sock *sk, const __u16 lport,
312                                       struct inet_timewait_sock **twp)
313 {
314         struct inet_sock *inet = inet_sk(sk);
315         const struct ipv6_pinfo *np = inet6_sk(sk);
316         const struct in6_addr *daddr = &np->rcv_saddr;
317         const struct in6_addr *saddr = &np->daddr;
318         const int dif = sk->sk_bound_dev_if;
319         const u32 ports = INET_COMBINED_PORTS(inet->dport, lport);
320         unsigned int hash = inet6_ehashfn(daddr, inet->num, saddr, inet->dport);
321         struct inet_ehash_bucket *head = inet_ehash_bucket(&tcp_hashinfo, hash);
322         struct sock *sk2;
323         const struct hlist_node *node;
324         struct inet_timewait_sock *tw;
325
326         prefetch(head->chain.first);
327         write_lock(&head->lock);
328
329         /* Check TIME-WAIT sockets first. */
330         sk_for_each(sk2, node, &(head + tcp_hashinfo.ehash_size)->chain) {
331                 const struct tcp6_timewait_sock *tcp6tw = tcp6_twsk(sk2);
332
333                 tw = inet_twsk(sk2);
334
335                 if(*((__u32 *)&(tw->tw_dport))  == ports        &&
336                    sk2->sk_family               == PF_INET6     &&
337                    ipv6_addr_equal(&tcp6tw->tw_v6_daddr, saddr) &&
338                    ipv6_addr_equal(&tcp6tw->tw_v6_rcv_saddr, daddr)     &&
339                    sk2->sk_bound_dev_if == sk->sk_bound_dev_if) {
340                         const struct tcp_timewait_sock *tcptw = tcp_twsk(sk2);
341                         struct tcp_sock *tp = tcp_sk(sk);
342
343                         if (tcptw->tw_ts_recent_stamp &&
344                             (!twp ||
345                              (sysctl_tcp_tw_reuse &&
346                               xtime.tv_sec - tcptw->tw_ts_recent_stamp > 1))) {
347                                 /* See comment in tcp_ipv4.c */
348                                 tp->write_seq = tcptw->tw_snd_nxt + 65535 + 2;
349                                 if (!tp->write_seq)
350                                         tp->write_seq = 1;
351                                 tp->rx_opt.ts_recent       = tcptw->tw_ts_recent;
352                                 tp->rx_opt.ts_recent_stamp = tcptw->tw_ts_recent_stamp;
353                                 sock_hold(sk2);
354                                 goto unique;
355                         } else
356                                 goto not_unique;
357                 }
358         }
359         tw = NULL;
360
361         /* And established part... */
362         sk_for_each(sk2, node, &head->chain) {
363                 if (INET6_MATCH(sk2, hash, saddr, daddr, ports, dif))
364                         goto not_unique;
365         }
366
367 unique:
368         BUG_TRAP(sk_unhashed(sk));
369         __sk_add_node(sk, &head->chain);
370         sk->sk_hash = hash;
371         sock_prot_inc_use(sk->sk_prot);
372         write_unlock(&head->lock);
373
374         if (twp) {
375                 *twp = tw;
376                 NET_INC_STATS_BH(LINUX_MIB_TIMEWAITRECYCLED);
377         } else if (tw) {
378                 /* Silly. Should hash-dance instead... */
379                 inet_twsk_deschedule(tw, &tcp_death_row);
380                 NET_INC_STATS_BH(LINUX_MIB_TIMEWAITRECYCLED);
381
382                 inet_twsk_put(tw);
383         }
384         return 0;
385
386 not_unique:
387         write_unlock(&head->lock);
388         return -EADDRNOTAVAIL;
389 }
390
391 static inline u32 tcpv6_port_offset(const struct sock *sk)
392 {
393         const struct inet_sock *inet = inet_sk(sk);
394         const struct ipv6_pinfo *np = inet6_sk(sk);
395
396         return secure_tcpv6_port_ephemeral(np->rcv_saddr.s6_addr32,
397                                            np->daddr.s6_addr32,
398                                            inet->dport);
399 }
400
401 static int tcp_v6_hash_connect(struct sock *sk)
402 {
403         unsigned short snum = inet_sk(sk)->num;
404         struct inet_bind_hashbucket *head;
405         struct inet_bind_bucket *tb;
406         int ret;
407
408         if (!snum) {
409                 int low = sysctl_local_port_range[0];
410                 int high = sysctl_local_port_range[1];
411                 int range = high - low;
412                 int i;
413                 int port;
414                 static u32 hint;
415                 u32 offset = hint + tcpv6_port_offset(sk);
416                 struct hlist_node *node;
417                 struct inet_timewait_sock *tw = NULL;
418
419                 local_bh_disable();
420                 for (i = 1; i <= range; i++) {
421                         port = low + (i + offset) % range;
422                         head = &tcp_hashinfo.bhash[inet_bhashfn(port, tcp_hashinfo.bhash_size)];
423                         spin_lock(&head->lock);
424
425                         /* Does not bother with rcv_saddr checks,
426                          * because the established check is already
427                          * unique enough.
428                          */
429                         inet_bind_bucket_for_each(tb, node, &head->chain) {
430                                 if (tb->port == port) {
431                                         BUG_TRAP(!hlist_empty(&tb->owners));
432                                         if (tb->fastreuse >= 0)
433                                                 goto next_port;
434                                         if (!__tcp_v6_check_established(sk,
435                                                                         port,
436                                                                         &tw))
437                                                 goto ok;
438                                         goto next_port;
439                                 }
440                         }
441
442                         tb = inet_bind_bucket_create(tcp_hashinfo.bind_bucket_cachep, head, port);
443                         if (!tb) {
444                                 spin_unlock(&head->lock);
445                                 break;
446                         }
447                         tb->fastreuse = -1;
448                         goto ok;
449
450                 next_port:
451                         spin_unlock(&head->lock);
452                 }
453                 local_bh_enable();
454
455                 return -EADDRNOTAVAIL;
456
457 ok:
458                 hint += i;
459
460                 /* Head lock still held and bh's disabled */
461                 inet_bind_hash(sk, tb, port);
462                 if (sk_unhashed(sk)) {
463                         inet_sk(sk)->sport = htons(port);
464                         __tcp_v6_hash(sk);
465                 }
466                 spin_unlock(&head->lock);
467
468                 if (tw) {
469                         inet_twsk_deschedule(tw, &tcp_death_row);
470                         inet_twsk_put(tw);
471                 }
472
473                 ret = 0;
474                 goto out;
475         }
476
477         head = &tcp_hashinfo.bhash[inet_bhashfn(snum, tcp_hashinfo.bhash_size)];
478         tb   = inet_csk(sk)->icsk_bind_hash;
479         spin_lock_bh(&head->lock);
480
481         if (sk_head(&tb->owners) == sk && !sk->sk_bind_node.next) {
482                 __tcp_v6_hash(sk);
483                 spin_unlock_bh(&head->lock);
484                 return 0;
485         } else {
486                 spin_unlock(&head->lock);
487                 /* No definite answer... Walk to established hash table */
488                 ret = __tcp_v6_check_established(sk, snum, NULL);
489 out:
490                 local_bh_enable();
491                 return ret;
492         }
493 }
494
495 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 
496                           int addr_len)
497 {
498         struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
499         struct inet_sock *inet = inet_sk(sk);
500         struct ipv6_pinfo *np = inet6_sk(sk);
501         struct tcp_sock *tp = tcp_sk(sk);
502         struct in6_addr *saddr = NULL, *final_p = NULL, final;
503         struct flowi fl;
504         struct dst_entry *dst;
505         int addr_type;
506         int err;
507
508         if (addr_len < SIN6_LEN_RFC2133) 
509                 return -EINVAL;
510
511         if (usin->sin6_family != AF_INET6) 
512                 return(-EAFNOSUPPORT);
513
514         memset(&fl, 0, sizeof(fl));
515
516         if (np->sndflow) {
517                 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
518                 IP6_ECN_flow_init(fl.fl6_flowlabel);
519                 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
520                         struct ip6_flowlabel *flowlabel;
521                         flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
522                         if (flowlabel == NULL)
523                                 return -EINVAL;
524                         ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
525                         fl6_sock_release(flowlabel);
526                 }
527         }
528
529         /*
530          *      connect() to INADDR_ANY means loopback (BSD'ism).
531          */
532         
533         if(ipv6_addr_any(&usin->sin6_addr))
534                 usin->sin6_addr.s6_addr[15] = 0x1; 
535
536         addr_type = ipv6_addr_type(&usin->sin6_addr);
537
538         if(addr_type & IPV6_ADDR_MULTICAST)
539                 return -ENETUNREACH;
540
541         if (addr_type&IPV6_ADDR_LINKLOCAL) {
542                 if (addr_len >= sizeof(struct sockaddr_in6) &&
543                     usin->sin6_scope_id) {
544                         /* If interface is set while binding, indices
545                          * must coincide.
546                          */
547                         if (sk->sk_bound_dev_if &&
548                             sk->sk_bound_dev_if != usin->sin6_scope_id)
549                                 return -EINVAL;
550
551                         sk->sk_bound_dev_if = usin->sin6_scope_id;
552                 }
553
554                 /* Connect to link-local address requires an interface */
555                 if (!sk->sk_bound_dev_if)
556                         return -EINVAL;
557         }
558
559         if (tp->rx_opt.ts_recent_stamp &&
560             !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
561                 tp->rx_opt.ts_recent = 0;
562                 tp->rx_opt.ts_recent_stamp = 0;
563                 tp->write_seq = 0;
564         }
565
566         ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
567         np->flow_label = fl.fl6_flowlabel;
568
569         /*
570          *      TCP over IPv4
571          */
572
573         if (addr_type == IPV6_ADDR_MAPPED) {
574                 u32 exthdrlen = tp->ext_header_len;
575                 struct sockaddr_in sin;
576
577                 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
578
579                 if (__ipv6_only_sock(sk))
580                         return -ENETUNREACH;
581
582                 sin.sin_family = AF_INET;
583                 sin.sin_port = usin->sin6_port;
584                 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
585
586                 tp->af_specific = &ipv6_mapped;
587                 sk->sk_backlog_rcv = tcp_v4_do_rcv;
588
589                 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
590
591                 if (err) {
592                         tp->ext_header_len = exthdrlen;
593                         tp->af_specific = &ipv6_specific;
594                         sk->sk_backlog_rcv = tcp_v6_do_rcv;
595                         goto failure;
596                 } else {
597                         ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF),
598                                       inet->saddr);
599                         ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF),
600                                       inet->rcv_saddr);
601                 }
602
603                 return err;
604         }
605
606         if (!ipv6_addr_any(&np->rcv_saddr))
607                 saddr = &np->rcv_saddr;
608
609         fl.proto = IPPROTO_TCP;
610         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
611         ipv6_addr_copy(&fl.fl6_src,
612                        (saddr ? saddr : &np->saddr));
613         fl.oif = sk->sk_bound_dev_if;
614         fl.fl_ip_dport = usin->sin6_port;
615         fl.fl_ip_sport = inet->sport;
616
617         if (np->opt && np->opt->srcrt) {
618                 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
619                 ipv6_addr_copy(&final, &fl.fl6_dst);
620                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
621                 final_p = &final;
622         }
623
624         err = ip6_dst_lookup(sk, &dst, &fl);
625         if (err)
626                 goto failure;
627         if (final_p)
628                 ipv6_addr_copy(&fl.fl6_dst, final_p);
629
630         if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
631                 goto failure;
632
633         if (saddr == NULL) {
634                 saddr = &fl.fl6_src;
635                 ipv6_addr_copy(&np->rcv_saddr, saddr);
636         }
637
638         /* set the source address */
639         ipv6_addr_copy(&np->saddr, saddr);
640         inet->rcv_saddr = LOOPBACK4_IPV6;
641
642         ip6_dst_store(sk, dst, NULL);
643         sk->sk_route_caps = dst->dev->features &
644                 ~(NETIF_F_IP_CSUM | NETIF_F_TSO);
645
646         tp->ext_header_len = 0;
647         if (np->opt)
648                 tp->ext_header_len = np->opt->opt_flen + np->opt->opt_nflen;
649
650         tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
651
652         inet->dport = usin->sin6_port;
653
654         tcp_set_state(sk, TCP_SYN_SENT);
655         err = tcp_v6_hash_connect(sk);
656         if (err)
657                 goto late_failure;
658
659         if (!tp->write_seq)
660                 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
661                                                              np->daddr.s6_addr32,
662                                                              inet->sport,
663                                                              inet->dport);
664
665         err = tcp_connect(sk);
666         if (err)
667                 goto late_failure;
668
669         return 0;
670
671 late_failure:
672         tcp_set_state(sk, TCP_CLOSE);
673         __sk_dst_reset(sk);
674 failure:
675         inet->dport = 0;
676         sk->sk_route_caps = 0;
677         return err;
678 }
679
680 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
681                 int type, int code, int offset, __u32 info)
682 {
683         struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
684         const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
685         struct ipv6_pinfo *np;
686         struct sock *sk;
687         int err;
688         struct tcp_sock *tp; 
689         __u32 seq;
690
691         sk = inet6_lookup(&tcp_hashinfo, &hdr->daddr, th->dest, &hdr->saddr,
692                           th->source, skb->dev->ifindex);
693
694         if (sk == NULL) {
695                 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
696                 return;
697         }
698
699         if (sk->sk_state == TCP_TIME_WAIT) {
700                 inet_twsk_put((struct inet_timewait_sock *)sk);
701                 return;
702         }
703
704         bh_lock_sock(sk);
705         if (sock_owned_by_user(sk))
706                 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
707
708         if (sk->sk_state == TCP_CLOSE)
709                 goto out;
710
711         tp = tcp_sk(sk);
712         seq = ntohl(th->seq); 
713         if (sk->sk_state != TCP_LISTEN &&
714             !between(seq, tp->snd_una, tp->snd_nxt)) {
715                 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
716                 goto out;
717         }
718
719         np = inet6_sk(sk);
720
721         if (type == ICMPV6_PKT_TOOBIG) {
722                 struct dst_entry *dst = NULL;
723
724                 if (sock_owned_by_user(sk))
725                         goto out;
726                 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
727                         goto out;
728
729                 /* icmp should have updated the destination cache entry */
730                 dst = __sk_dst_check(sk, np->dst_cookie);
731
732                 if (dst == NULL) {
733                         struct inet_sock *inet = inet_sk(sk);
734                         struct flowi fl;
735
736                         /* BUGGG_FUTURE: Again, it is not clear how
737                            to handle rthdr case. Ignore this complexity
738                            for now.
739                          */
740                         memset(&fl, 0, sizeof(fl));
741                         fl.proto = IPPROTO_TCP;
742                         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
743                         ipv6_addr_copy(&fl.fl6_src, &np->saddr);
744                         fl.oif = sk->sk_bound_dev_if;
745                         fl.fl_ip_dport = inet->dport;
746                         fl.fl_ip_sport = inet->sport;
747
748                         if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
749                                 sk->sk_err_soft = -err;
750                                 goto out;
751                         }
752
753                         if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
754                                 sk->sk_err_soft = -err;
755                                 goto out;
756                         }
757
758                 } else
759                         dst_hold(dst);
760
761                 if (tp->pmtu_cookie > dst_mtu(dst)) {
762                         tcp_sync_mss(sk, dst_mtu(dst));
763                         tcp_simple_retransmit(sk);
764                 } /* else let the usual retransmit timer handle it */
765                 dst_release(dst);
766                 goto out;
767         }
768
769         icmpv6_err_convert(type, code, &err);
770
771         /* Might be for an request_sock */
772         switch (sk->sk_state) {
773                 struct request_sock *req, **prev;
774         case TCP_LISTEN:
775                 if (sock_owned_by_user(sk))
776                         goto out;
777
778                 req = tcp_v6_search_req(sk, &prev, th->dest, &hdr->daddr,
779                                         &hdr->saddr, inet6_iif(skb));
780                 if (!req)
781                         goto out;
782
783                 /* ICMPs are not backlogged, hence we cannot get
784                  * an established socket here.
785                  */
786                 BUG_TRAP(req->sk == NULL);
787
788                 if (seq != tcp_rsk(req)->snt_isn) {
789                         NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
790                         goto out;
791                 }
792
793                 inet_csk_reqsk_queue_drop(sk, req, prev);
794                 goto out;
795
796         case TCP_SYN_SENT:
797         case TCP_SYN_RECV:  /* Cannot happen.
798                                It can, it SYNs are crossed. --ANK */ 
799                 if (!sock_owned_by_user(sk)) {
800                         TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
801                         sk->sk_err = err;
802                         sk->sk_error_report(sk);                /* Wake people up to see the error (see connect in sock.c) */
803
804                         tcp_done(sk);
805                 } else
806                         sk->sk_err_soft = err;
807                 goto out;
808         }
809
810         if (!sock_owned_by_user(sk) && np->recverr) {
811                 sk->sk_err = err;
812                 sk->sk_error_report(sk);
813         } else
814                 sk->sk_err_soft = err;
815
816 out:
817         bh_unlock_sock(sk);
818         sock_put(sk);
819 }
820
821
822 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
823                               struct dst_entry *dst)
824 {
825         struct tcp6_request_sock *treq = tcp6_rsk(req);
826         struct ipv6_pinfo *np = inet6_sk(sk);
827         struct sk_buff * skb;
828         struct ipv6_txoptions *opt = NULL;
829         struct in6_addr * final_p = NULL, final;
830         struct flowi fl;
831         int err = -1;
832
833         memset(&fl, 0, sizeof(fl));
834         fl.proto = IPPROTO_TCP;
835         ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
836         ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
837         fl.fl6_flowlabel = 0;
838         fl.oif = treq->iif;
839         fl.fl_ip_dport = inet_rsk(req)->rmt_port;
840         fl.fl_ip_sport = inet_sk(sk)->sport;
841
842         if (dst == NULL) {
843                 opt = np->opt;
844                 if (opt == NULL &&
845                     np->rxopt.bits.osrcrt == 2 &&
846                     treq->pktopts) {
847                         struct sk_buff *pktopts = treq->pktopts;
848                         struct inet6_skb_parm *rxopt = IP6CB(pktopts);
849                         if (rxopt->srcrt)
850                                 opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr*)(pktopts->nh.raw + rxopt->srcrt));
851                 }
852
853                 if (opt && opt->srcrt) {
854                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
855                         ipv6_addr_copy(&final, &fl.fl6_dst);
856                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
857                         final_p = &final;
858                 }
859
860                 err = ip6_dst_lookup(sk, &dst, &fl);
861                 if (err)
862                         goto done;
863                 if (final_p)
864                         ipv6_addr_copy(&fl.fl6_dst, final_p);
865                 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
866                         goto done;
867         }
868
869         skb = tcp_make_synack(sk, dst, req);
870         if (skb) {
871                 struct tcphdr *th = skb->h.th;
872
873                 th->check = tcp_v6_check(th, skb->len,
874                                          &treq->loc_addr, &treq->rmt_addr,
875                                          csum_partial((char *)th, skb->len, skb->csum));
876
877                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
878                 err = ip6_xmit(sk, skb, &fl, opt, 0);
879                 if (err == NET_XMIT_CN)
880                         err = 0;
881         }
882
883 done:
884         if (opt && opt != np->opt)
885                 sock_kfree_s(sk, opt, opt->tot_len);
886         return err;
887 }
888
889 static void tcp_v6_reqsk_destructor(struct request_sock *req)
890 {
891         if (tcp6_rsk(req)->pktopts)
892                 kfree_skb(tcp6_rsk(req)->pktopts);
893 }
894
895 static struct request_sock_ops tcp6_request_sock_ops = {
896         .family         =       AF_INET6,
897         .obj_size       =       sizeof(struct tcp6_request_sock),
898         .rtx_syn_ack    =       tcp_v6_send_synack,
899         .send_ack       =       tcp_v6_reqsk_send_ack,
900         .destructor     =       tcp_v6_reqsk_destructor,
901         .send_reset     =       tcp_v6_send_reset
902 };
903
904 static int ipv6_opt_accepted(struct sock *sk, struct sk_buff *skb)
905 {
906         struct ipv6_pinfo *np = inet6_sk(sk);
907         struct inet6_skb_parm *opt = IP6CB(skb);
908
909         if (np->rxopt.all) {
910                 if ((opt->hop && (np->rxopt.bits.hopopts || np->rxopt.bits.ohopopts)) ||
911                     ((IPV6_FLOWINFO_MASK & *(u32*)skb->nh.raw) && np->rxopt.bits.rxflow) ||
912                     (opt->srcrt && (np->rxopt.bits.srcrt || np->rxopt.bits.osrcrt)) ||
913                     ((opt->dst1 || opt->dst0) && (np->rxopt.bits.dstopts || np->rxopt.bits.odstopts)))
914                         return 1;
915         }
916         return 0;
917 }
918
919
920 static void tcp_v6_send_check(struct sock *sk, struct tcphdr *th, int len, 
921                               struct sk_buff *skb)
922 {
923         struct ipv6_pinfo *np = inet6_sk(sk);
924
925         if (skb->ip_summed == CHECKSUM_HW) {
926                 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,  0);
927                 skb->csum = offsetof(struct tcphdr, check);
928         } else {
929                 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP, 
930                                             csum_partial((char *)th, th->doff<<2, 
931                                                          skb->csum));
932         }
933 }
934
935
936 static void tcp_v6_send_reset(struct sk_buff *skb)
937 {
938         struct tcphdr *th = skb->h.th, *t1; 
939         struct sk_buff *buff;
940         struct flowi fl;
941
942         if (th->rst)
943                 return;
944
945         if (!ipv6_unicast_destination(skb))
946                 return; 
947
948         /*
949          * We need to grab some memory, and put together an RST,
950          * and then put it into the queue to be sent.
951          */
952
953         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + sizeof(struct tcphdr),
954                          GFP_ATOMIC);
955         if (buff == NULL) 
956                 return;
957
958         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + sizeof(struct tcphdr));
959
960         t1 = (struct tcphdr *) skb_push(buff,sizeof(struct tcphdr));
961
962         /* Swap the send and the receive. */
963         memset(t1, 0, sizeof(*t1));
964         t1->dest = th->source;
965         t1->source = th->dest;
966         t1->doff = sizeof(*t1)/4;
967         t1->rst = 1;
968   
969         if(th->ack) {
970                 t1->seq = th->ack_seq;
971         } else {
972                 t1->ack = 1;
973                 t1->ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin
974                                     + skb->len - (th->doff<<2));
975         }
976
977         buff->csum = csum_partial((char *)t1, sizeof(*t1), 0);
978
979         memset(&fl, 0, sizeof(fl));
980         ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
981         ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
982
983         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
984                                     sizeof(*t1), IPPROTO_TCP,
985                                     buff->csum);
986
987         fl.proto = IPPROTO_TCP;
988         fl.oif = inet6_iif(skb);
989         fl.fl_ip_dport = t1->dest;
990         fl.fl_ip_sport = t1->source;
991
992         /* sk = NULL, but it is safe for now. RST socket required. */
993         if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
994
995                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
996                         ip6_xmit(NULL, buff, &fl, NULL, 0);
997                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
998                         TCP_INC_STATS_BH(TCP_MIB_OUTRSTS);
999                         return;
1000                 }
1001         }
1002
1003         kfree_skb(buff);
1004 }
1005
1006 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts)
1007 {
1008         struct tcphdr *th = skb->h.th, *t1;
1009         struct sk_buff *buff;
1010         struct flowi fl;
1011         int tot_len = sizeof(struct tcphdr);
1012
1013         if (ts)
1014                 tot_len += 3*4;
1015
1016         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1017                          GFP_ATOMIC);
1018         if (buff == NULL)
1019                 return;
1020
1021         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1022
1023         t1 = (struct tcphdr *) skb_push(buff,tot_len);
1024
1025         /* Swap the send and the receive. */
1026         memset(t1, 0, sizeof(*t1));
1027         t1->dest = th->source;
1028         t1->source = th->dest;
1029         t1->doff = tot_len/4;
1030         t1->seq = htonl(seq);
1031         t1->ack_seq = htonl(ack);
1032         t1->ack = 1;
1033         t1->window = htons(win);
1034         
1035         if (ts) {
1036                 u32 *ptr = (u32*)(t1 + 1);
1037                 *ptr++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1038                                (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
1039                 *ptr++ = htonl(tcp_time_stamp);
1040                 *ptr = htonl(ts);
1041         }
1042
1043         buff->csum = csum_partial((char *)t1, tot_len, 0);
1044
1045         memset(&fl, 0, sizeof(fl));
1046         ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
1047         ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
1048
1049         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1050                                     tot_len, IPPROTO_TCP,
1051                                     buff->csum);
1052
1053         fl.proto = IPPROTO_TCP;
1054         fl.oif = inet6_iif(skb);
1055         fl.fl_ip_dport = t1->dest;
1056         fl.fl_ip_sport = t1->source;
1057
1058         if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
1059                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1060                         ip6_xmit(NULL, buff, &fl, NULL, 0);
1061                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1062                         return;
1063                 }
1064         }
1065
1066         kfree_skb(buff);
1067 }
1068
1069 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1070 {
1071         struct inet_timewait_sock *tw = inet_twsk(sk);
1072         const struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1073
1074         tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1075                         tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1076                         tcptw->tw_ts_recent);
1077
1078         inet_twsk_put(tw);
1079 }
1080
1081 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req)
1082 {
1083         tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent);
1084 }
1085
1086
1087 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1088 {
1089         struct request_sock *req, **prev;
1090         const struct tcphdr *th = skb->h.th;
1091         struct sock *nsk;
1092
1093         /* Find possible connection requests. */
1094         req = tcp_v6_search_req(sk, &prev, th->source, &skb->nh.ipv6h->saddr,
1095                                 &skb->nh.ipv6h->daddr, inet6_iif(skb));
1096         if (req)
1097                 return tcp_check_req(sk, skb, req, prev);
1098
1099         nsk = __inet6_lookup_established(&tcp_hashinfo, &skb->nh.ipv6h->saddr,
1100                                          th->source, &skb->nh.ipv6h->daddr,
1101                                          ntohs(th->dest), inet6_iif(skb));
1102
1103         if (nsk) {
1104                 if (nsk->sk_state != TCP_TIME_WAIT) {
1105                         bh_lock_sock(nsk);
1106                         return nsk;
1107                 }
1108                 inet_twsk_put((struct inet_timewait_sock *)nsk);
1109                 return NULL;
1110         }
1111
1112 #if 0 /*def CONFIG_SYN_COOKIES*/
1113         if (!th->rst && !th->syn && th->ack)
1114                 sk = cookie_v6_check(sk, skb, &(IPCB(skb)->opt));
1115 #endif
1116         return sk;
1117 }
1118
1119 static void tcp_v6_synq_add(struct sock *sk, struct request_sock *req)
1120 {
1121         struct inet_connection_sock *icsk = inet_csk(sk);
1122         struct listen_sock *lopt = icsk->icsk_accept_queue.listen_opt;
1123         const u32 h = tcp_v6_synq_hash(&tcp6_rsk(req)->rmt_addr, inet_rsk(req)->rmt_port, lopt->hash_rnd);
1124
1125         reqsk_queue_hash_req(&icsk->icsk_accept_queue, h, req, TCP_TIMEOUT_INIT);
1126         inet_csk_reqsk_queue_added(sk, TCP_TIMEOUT_INIT);
1127 }
1128
1129
1130 /* FIXME: this is substantially similar to the ipv4 code.
1131  * Can some kind of merge be done? -- erics
1132  */
1133 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1134 {
1135         struct tcp6_request_sock *treq;
1136         struct ipv6_pinfo *np = inet6_sk(sk);
1137         struct tcp_options_received tmp_opt;
1138         struct tcp_sock *tp = tcp_sk(sk);
1139         struct request_sock *req = NULL;
1140         __u32 isn = TCP_SKB_CB(skb)->when;
1141
1142         if (skb->protocol == htons(ETH_P_IP))
1143                 return tcp_v4_conn_request(sk, skb);
1144
1145         if (!ipv6_unicast_destination(skb))
1146                 goto drop; 
1147
1148         /*
1149          *      There are no SYN attacks on IPv6, yet...        
1150          */
1151         if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1152                 if (net_ratelimit())
1153                         printk(KERN_INFO "TCPv6: dropping request, synflood is possible\n");
1154                 goto drop;              
1155         }
1156
1157         if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1158                 goto drop;
1159
1160         req = reqsk_alloc(&tcp6_request_sock_ops);
1161         if (req == NULL)
1162                 goto drop;
1163
1164         tcp_clear_options(&tmp_opt);
1165         tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1166         tmp_opt.user_mss = tp->rx_opt.user_mss;
1167
1168         tcp_parse_options(skb, &tmp_opt, 0);
1169
1170         tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1171         tcp_openreq_init(req, &tmp_opt, skb);
1172
1173         treq = tcp6_rsk(req);
1174         ipv6_addr_copy(&treq->rmt_addr, &skb->nh.ipv6h->saddr);
1175         ipv6_addr_copy(&treq->loc_addr, &skb->nh.ipv6h->daddr);
1176         TCP_ECN_create_request(req, skb->h.th);
1177         treq->pktopts = NULL;
1178         if (ipv6_opt_accepted(sk, skb) ||
1179             np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1180             np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1181                 atomic_inc(&skb->users);
1182                 treq->pktopts = skb;
1183         }
1184         treq->iif = sk->sk_bound_dev_if;
1185
1186         /* So that link locals have meaning */
1187         if (!sk->sk_bound_dev_if &&
1188             ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1189                 treq->iif = inet6_iif(skb);
1190
1191         if (isn == 0) 
1192                 isn = tcp_v6_init_sequence(sk,skb);
1193
1194         tcp_rsk(req)->snt_isn = isn;
1195
1196         if (tcp_v6_send_synack(sk, req, NULL))
1197                 goto drop;
1198
1199         tcp_v6_synq_add(sk, req);
1200
1201         return 0;
1202
1203 drop:
1204         if (req)
1205                 reqsk_free(req);
1206
1207         TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
1208         return 0; /* don't send reset */
1209 }
1210
1211 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1212                                           struct request_sock *req,
1213                                           struct dst_entry *dst)
1214 {
1215         struct tcp6_request_sock *treq = tcp6_rsk(req);
1216         struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1217         struct tcp6_sock *newtcp6sk;
1218         struct inet_sock *newinet;
1219         struct tcp_sock *newtp;
1220         struct sock *newsk;
1221         struct ipv6_txoptions *opt;
1222
1223         if (skb->protocol == htons(ETH_P_IP)) {
1224                 /*
1225                  *      v6 mapped
1226                  */
1227
1228                 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1229
1230                 if (newsk == NULL) 
1231                         return NULL;
1232
1233                 newtcp6sk = (struct tcp6_sock *)newsk;
1234                 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1235
1236                 newinet = inet_sk(newsk);
1237                 newnp = inet6_sk(newsk);
1238                 newtp = tcp_sk(newsk);
1239
1240                 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1241
1242                 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF),
1243                               newinet->daddr);
1244
1245                 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF),
1246                               newinet->saddr);
1247
1248                 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1249
1250                 newtp->af_specific = &ipv6_mapped;
1251                 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1252                 newnp->pktoptions  = NULL;
1253                 newnp->opt         = NULL;
1254                 newnp->mcast_oif   = inet6_iif(skb);
1255                 newnp->mcast_hops  = skb->nh.ipv6h->hop_limit;
1256
1257                 /*
1258                  * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1259                  * here, tcp_create_openreq_child now does this for us, see the comment in
1260                  * that function for the gory details. -acme
1261                  */
1262
1263                 /* It is tricky place. Until this moment IPv4 tcp
1264                    worked with IPv6 af_tcp.af_specific.
1265                    Sync it now.
1266                  */
1267                 tcp_sync_mss(newsk, newtp->pmtu_cookie);
1268
1269                 return newsk;
1270         }
1271
1272         opt = np->opt;
1273
1274         if (sk_acceptq_is_full(sk))
1275                 goto out_overflow;
1276
1277         if (np->rxopt.bits.osrcrt == 2 &&
1278             opt == NULL && treq->pktopts) {
1279                 struct inet6_skb_parm *rxopt = IP6CB(treq->pktopts);
1280                 if (rxopt->srcrt)
1281                         opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr *)(treq->pktopts->nh.raw + rxopt->srcrt));
1282         }
1283
1284         if (dst == NULL) {
1285                 struct in6_addr *final_p = NULL, final;
1286                 struct flowi fl;
1287
1288                 memset(&fl, 0, sizeof(fl));
1289                 fl.proto = IPPROTO_TCP;
1290                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
1291                 if (opt && opt->srcrt) {
1292                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
1293                         ipv6_addr_copy(&final, &fl.fl6_dst);
1294                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1295                         final_p = &final;
1296                 }
1297                 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
1298                 fl.oif = sk->sk_bound_dev_if;
1299                 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
1300                 fl.fl_ip_sport = inet_sk(sk)->sport;
1301
1302                 if (ip6_dst_lookup(sk, &dst, &fl))
1303                         goto out;
1304
1305                 if (final_p)
1306                         ipv6_addr_copy(&fl.fl6_dst, final_p);
1307
1308                 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
1309                         goto out;
1310         } 
1311
1312         newsk = tcp_create_openreq_child(sk, req, skb);
1313         if (newsk == NULL)
1314                 goto out;
1315
1316         /*
1317          * No need to charge this sock to the relevant IPv6 refcnt debug socks
1318          * count here, tcp_create_openreq_child now does this for us, see the
1319          * comment in that function for the gory details. -acme
1320          */
1321
1322         ip6_dst_store(newsk, dst, NULL);
1323         newsk->sk_route_caps = dst->dev->features &
1324                 ~(NETIF_F_IP_CSUM | NETIF_F_TSO);
1325
1326         newtcp6sk = (struct tcp6_sock *)newsk;
1327         inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1328
1329         newtp = tcp_sk(newsk);
1330         newinet = inet_sk(newsk);
1331         newnp = inet6_sk(newsk);
1332
1333         memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1334
1335         ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1336         ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1337         ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1338         newsk->sk_bound_dev_if = treq->iif;
1339
1340         /* Now IPv6 options... 
1341
1342            First: no IPv4 options.
1343          */
1344         newinet->opt = NULL;
1345
1346         /* Clone RX bits */
1347         newnp->rxopt.all = np->rxopt.all;
1348
1349         /* Clone pktoptions received with SYN */
1350         newnp->pktoptions = NULL;
1351         if (treq->pktopts != NULL) {
1352                 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1353                 kfree_skb(treq->pktopts);
1354                 treq->pktopts = NULL;
1355                 if (newnp->pktoptions)
1356                         skb_set_owner_r(newnp->pktoptions, newsk);
1357         }
1358         newnp->opt        = NULL;
1359         newnp->mcast_oif  = inet6_iif(skb);
1360         newnp->mcast_hops = skb->nh.ipv6h->hop_limit;
1361
1362         /* Clone native IPv6 options from listening socket (if any)
1363
1364            Yes, keeping reference count would be much more clever,
1365            but we make one more one thing there: reattach optmem
1366            to newsk.
1367          */
1368         if (opt) {
1369                 newnp->opt = ipv6_dup_options(newsk, opt);
1370                 if (opt != np->opt)
1371                         sock_kfree_s(sk, opt, opt->tot_len);
1372         }
1373
1374         newtp->ext_header_len = 0;
1375         if (newnp->opt)
1376                 newtp->ext_header_len = newnp->opt->opt_nflen +
1377                                         newnp->opt->opt_flen;
1378
1379         tcp_sync_mss(newsk, dst_mtu(dst));
1380         newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1381         tcp_initialize_rcv_mss(newsk);
1382
1383         newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
1384
1385         __tcp_v6_hash(newsk);
1386         inet_inherit_port(&tcp_hashinfo, sk, newsk);
1387
1388         return newsk;
1389
1390 out_overflow:
1391         NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
1392 out:
1393         NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
1394         if (opt && opt != np->opt)
1395                 sock_kfree_s(sk, opt, opt->tot_len);
1396         dst_release(dst);
1397         return NULL;
1398 }
1399
1400 static int tcp_v6_checksum_init(struct sk_buff *skb)
1401 {
1402         if (skb->ip_summed == CHECKSUM_HW) {
1403                 if (!tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1404                                   &skb->nh.ipv6h->daddr,skb->csum)) {
1405                         skb->ip_summed = CHECKSUM_UNNECESSARY;
1406                         return 0;
1407                 }
1408         }
1409
1410         skb->csum = ~tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1411                                   &skb->nh.ipv6h->daddr, 0);
1412
1413         if (skb->len <= 76) {
1414                 return __skb_checksum_complete(skb);
1415         }
1416         return 0;
1417 }
1418
1419 /* The socket must have it's spinlock held when we get
1420  * here.
1421  *
1422  * We have a potential double-lock case here, so even when
1423  * doing backlog processing we use the BH locking scheme.
1424  * This is because we cannot sleep with the original spinlock
1425  * held.
1426  */
1427 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1428 {
1429         struct ipv6_pinfo *np = inet6_sk(sk);
1430         struct tcp_sock *tp;
1431         struct sk_buff *opt_skb = NULL;
1432
1433         /* Imagine: socket is IPv6. IPv4 packet arrives,
1434            goes to IPv4 receive handler and backlogged.
1435            From backlog it always goes here. Kerboom...
1436            Fortunately, tcp_rcv_established and rcv_established
1437            handle them correctly, but it is not case with
1438            tcp_v6_hnd_req and tcp_v6_send_reset().   --ANK
1439          */
1440
1441         if (skb->protocol == htons(ETH_P_IP))
1442                 return tcp_v4_do_rcv(sk, skb);
1443
1444         if (sk_filter(sk, skb, 0))
1445                 goto discard;
1446
1447         /*
1448          *      socket locking is here for SMP purposes as backlog rcv
1449          *      is currently called with bh processing disabled.
1450          */
1451
1452         /* Do Stevens' IPV6_PKTOPTIONS.
1453
1454            Yes, guys, it is the only place in our code, where we
1455            may make it not affecting IPv4.
1456            The rest of code is protocol independent,
1457            and I do not like idea to uglify IPv4.
1458
1459            Actually, all the idea behind IPV6_PKTOPTIONS
1460            looks not very well thought. For now we latch
1461            options, received in the last packet, enqueued
1462            by tcp. Feel free to propose better solution.
1463                                                --ANK (980728)
1464          */
1465         if (np->rxopt.all)
1466                 opt_skb = skb_clone(skb, GFP_ATOMIC);
1467
1468         if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1469                 TCP_CHECK_TIMER(sk);
1470                 if (tcp_rcv_established(sk, skb, skb->h.th, skb->len))
1471                         goto reset;
1472                 TCP_CHECK_TIMER(sk);
1473                 if (opt_skb)
1474                         goto ipv6_pktoptions;
1475                 return 0;
1476         }
1477
1478         if (skb->len < (skb->h.th->doff<<2) || tcp_checksum_complete(skb))
1479                 goto csum_err;
1480
1481         if (sk->sk_state == TCP_LISTEN) { 
1482                 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1483                 if (!nsk)
1484                         goto discard;
1485
1486                 /*
1487                  * Queue it on the new socket if the new socket is active,
1488                  * otherwise we just shortcircuit this and continue with
1489                  * the new socket..
1490                  */
1491                 if(nsk != sk) {
1492                         if (tcp_child_process(sk, nsk, skb))
1493                                 goto reset;
1494                         if (opt_skb)
1495                                 __kfree_skb(opt_skb);
1496                         return 0;
1497                 }
1498         }
1499
1500         TCP_CHECK_TIMER(sk);
1501         if (tcp_rcv_state_process(sk, skb, skb->h.th, skb->len))
1502                 goto reset;
1503         TCP_CHECK_TIMER(sk);
1504         if (opt_skb)
1505                 goto ipv6_pktoptions;
1506         return 0;
1507
1508 reset:
1509         tcp_v6_send_reset(skb);
1510 discard:
1511         if (opt_skb)
1512                 __kfree_skb(opt_skb);
1513         kfree_skb(skb);
1514         return 0;
1515 csum_err:
1516         TCP_INC_STATS_BH(TCP_MIB_INERRS);
1517         goto discard;
1518
1519
1520 ipv6_pktoptions:
1521         /* Do you ask, what is it?
1522
1523            1. skb was enqueued by tcp.
1524            2. skb is added to tail of read queue, rather than out of order.
1525            3. socket is not in passive state.
1526            4. Finally, it really contains options, which user wants to receive.
1527          */
1528         tp = tcp_sk(sk);
1529         if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1530             !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1531                 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1532                         np->mcast_oif = inet6_iif(opt_skb);
1533                 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1534                         np->mcast_hops = opt_skb->nh.ipv6h->hop_limit;
1535                 if (ipv6_opt_accepted(sk, opt_skb)) {
1536                         skb_set_owner_r(opt_skb, sk);
1537                         opt_skb = xchg(&np->pktoptions, opt_skb);
1538                 } else {
1539                         __kfree_skb(opt_skb);
1540                         opt_skb = xchg(&np->pktoptions, NULL);
1541                 }
1542         }
1543
1544         if (opt_skb)
1545                 kfree_skb(opt_skb);
1546         return 0;
1547 }
1548
1549 static int tcp_v6_rcv(struct sk_buff **pskb, unsigned int *nhoffp)
1550 {
1551         struct sk_buff *skb = *pskb;
1552         struct tcphdr *th;      
1553         struct sock *sk;
1554         int ret;
1555
1556         if (skb->pkt_type != PACKET_HOST)
1557                 goto discard_it;
1558
1559         /*
1560          *      Count it even if it's bad.
1561          */
1562         TCP_INC_STATS_BH(TCP_MIB_INSEGS);
1563
1564         if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1565                 goto discard_it;
1566
1567         th = skb->h.th;
1568
1569         if (th->doff < sizeof(struct tcphdr)/4)
1570                 goto bad_packet;
1571         if (!pskb_may_pull(skb, th->doff*4))
1572                 goto discard_it;
1573
1574         if ((skb->ip_summed != CHECKSUM_UNNECESSARY &&
1575              tcp_v6_checksum_init(skb)))
1576                 goto bad_packet;
1577
1578         th = skb->h.th;
1579         TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1580         TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1581                                     skb->len - th->doff*4);
1582         TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1583         TCP_SKB_CB(skb)->when = 0;
1584         TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(skb->nh.ipv6h);
1585         TCP_SKB_CB(skb)->sacked = 0;
1586
1587         sk = __inet6_lookup(&tcp_hashinfo, &skb->nh.ipv6h->saddr, th->source,
1588                             &skb->nh.ipv6h->daddr, ntohs(th->dest),
1589                             inet6_iif(skb));
1590
1591         if (!sk)
1592                 goto no_tcp_socket;
1593
1594 process:
1595         if (sk->sk_state == TCP_TIME_WAIT)
1596                 goto do_time_wait;
1597
1598         if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1599                 goto discard_and_relse;
1600
1601         if (sk_filter(sk, skb, 0))
1602                 goto discard_and_relse;
1603
1604         skb->dev = NULL;
1605
1606         bh_lock_sock(sk);
1607         ret = 0;
1608         if (!sock_owned_by_user(sk)) {
1609                 if (!tcp_prequeue(sk, skb))
1610                         ret = tcp_v6_do_rcv(sk, skb);
1611         } else
1612                 sk_add_backlog(sk, skb);
1613         bh_unlock_sock(sk);
1614
1615         sock_put(sk);
1616         return ret ? -1 : 0;
1617
1618 no_tcp_socket:
1619         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1620                 goto discard_it;
1621
1622         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1623 bad_packet:
1624                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1625         } else {
1626                 tcp_v6_send_reset(skb);
1627         }
1628
1629 discard_it:
1630
1631         /*
1632          *      Discard frame
1633          */
1634
1635         kfree_skb(skb);
1636         return 0;
1637
1638 discard_and_relse:
1639         sock_put(sk);
1640         goto discard_it;
1641
1642 do_time_wait:
1643         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1644                 inet_twsk_put((struct inet_timewait_sock *)sk);
1645                 goto discard_it;
1646         }
1647
1648         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1649                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1650                 inet_twsk_put((struct inet_timewait_sock *)sk);
1651                 goto discard_it;
1652         }
1653
1654         switch (tcp_timewait_state_process((struct inet_timewait_sock *)sk,
1655                                            skb, th)) {
1656         case TCP_TW_SYN:
1657         {
1658                 struct sock *sk2;
1659
1660                 sk2 = inet6_lookup_listener(&tcp_hashinfo,
1661                                             &skb->nh.ipv6h->daddr,
1662                                             ntohs(th->dest), inet6_iif(skb));
1663                 if (sk2 != NULL) {
1664                         struct inet_timewait_sock *tw = inet_twsk(sk);
1665                         inet_twsk_deschedule(tw, &tcp_death_row);
1666                         inet_twsk_put(tw);
1667                         sk = sk2;
1668                         goto process;
1669                 }
1670                 /* Fall through to ACK */
1671         }
1672         case TCP_TW_ACK:
1673                 tcp_v6_timewait_ack(sk, skb);
1674                 break;
1675         case TCP_TW_RST:
1676                 goto no_tcp_socket;
1677         case TCP_TW_SUCCESS:;
1678         }
1679         goto discard_it;
1680 }
1681
1682 static int tcp_v6_rebuild_header(struct sock *sk)
1683 {
1684         int err;
1685         struct dst_entry *dst;
1686         struct ipv6_pinfo *np = inet6_sk(sk);
1687
1688         dst = __sk_dst_check(sk, np->dst_cookie);
1689
1690         if (dst == NULL) {
1691                 struct inet_sock *inet = inet_sk(sk);
1692                 struct in6_addr *final_p = NULL, final;
1693                 struct flowi fl;
1694
1695                 memset(&fl, 0, sizeof(fl));
1696                 fl.proto = IPPROTO_TCP;
1697                 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
1698                 ipv6_addr_copy(&fl.fl6_src, &np->saddr);
1699                 fl.fl6_flowlabel = np->flow_label;
1700                 fl.oif = sk->sk_bound_dev_if;
1701                 fl.fl_ip_dport = inet->dport;
1702                 fl.fl_ip_sport = inet->sport;
1703
1704                 if (np->opt && np->opt->srcrt) {
1705                         struct rt0_hdr *rt0 = (struct rt0_hdr *) np->opt->srcrt;
1706                         ipv6_addr_copy(&final, &fl.fl6_dst);
1707                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1708                         final_p = &final;
1709                 }
1710
1711                 err = ip6_dst_lookup(sk, &dst, &fl);
1712                 if (err) {
1713                         sk->sk_route_caps = 0;
1714                         return err;
1715                 }
1716                 if (final_p)
1717                         ipv6_addr_copy(&fl.fl6_dst, final_p);
1718
1719                 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
1720                         sk->sk_err_soft = -err;
1721                         return err;
1722                 }
1723
1724                 ip6_dst_store(sk, dst, NULL);
1725                 sk->sk_route_caps = dst->dev->features &
1726                         ~(NETIF_F_IP_CSUM | NETIF_F_TSO);
1727         }
1728
1729         return 0;
1730 }
1731
1732 static int tcp_v6_xmit(struct sk_buff *skb, int ipfragok)
1733 {
1734         struct sock *sk = skb->sk;
1735         struct inet_sock *inet = inet_sk(sk);
1736         struct ipv6_pinfo *np = inet6_sk(sk);
1737         struct flowi fl;
1738         struct dst_entry *dst;
1739         struct in6_addr *final_p = NULL, final;
1740
1741         memset(&fl, 0, sizeof(fl));
1742         fl.proto = IPPROTO_TCP;
1743         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
1744         ipv6_addr_copy(&fl.fl6_src, &np->saddr);
1745         fl.fl6_flowlabel = np->flow_label;
1746         IP6_ECN_flow_xmit(sk, fl.fl6_flowlabel);
1747         fl.oif = sk->sk_bound_dev_if;
1748         fl.fl_ip_sport = inet->sport;
1749         fl.fl_ip_dport = inet->dport;
1750
1751         if (np->opt && np->opt->srcrt) {
1752                 struct rt0_hdr *rt0 = (struct rt0_hdr *) np->opt->srcrt;
1753                 ipv6_addr_copy(&final, &fl.fl6_dst);
1754                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1755                 final_p = &final;
1756         }
1757
1758         dst = __sk_dst_check(sk, np->dst_cookie);
1759
1760         if (dst == NULL) {
1761                 int err = ip6_dst_lookup(sk, &dst, &fl);
1762
1763                 if (err) {
1764                         sk->sk_err_soft = -err;
1765                         return err;
1766                 }
1767
1768                 if (final_p)
1769                         ipv6_addr_copy(&fl.fl6_dst, final_p);
1770
1771                 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
1772                         sk->sk_route_caps = 0;
1773                         return err;
1774                 }
1775
1776                 ip6_dst_store(sk, dst, NULL);
1777                 sk->sk_route_caps = dst->dev->features &
1778                         ~(NETIF_F_IP_CSUM | NETIF_F_TSO);
1779         }
1780
1781         skb->dst = dst_clone(dst);
1782
1783         /* Restore final destination back after routing done */
1784         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
1785
1786         return ip6_xmit(sk, skb, &fl, np->opt, 0);
1787 }
1788
1789 static void v6_addr2sockaddr(struct sock *sk, struct sockaddr * uaddr)
1790 {
1791         struct ipv6_pinfo *np = inet6_sk(sk);
1792         struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) uaddr;
1793
1794         sin6->sin6_family = AF_INET6;
1795         ipv6_addr_copy(&sin6->sin6_addr, &np->daddr);
1796         sin6->sin6_port = inet_sk(sk)->dport;
1797         /* We do not store received flowlabel for TCP */
1798         sin6->sin6_flowinfo = 0;
1799         sin6->sin6_scope_id = 0;
1800         if (sk->sk_bound_dev_if &&
1801             ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_LINKLOCAL)
1802                 sin6->sin6_scope_id = sk->sk_bound_dev_if;
1803 }
1804
1805 static int tcp_v6_remember_stamp(struct sock *sk)
1806 {
1807         /* Alas, not yet... */
1808         return 0;
1809 }
1810
1811 static struct tcp_func ipv6_specific = {
1812         .queue_xmit     =       tcp_v6_xmit,
1813         .send_check     =       tcp_v6_send_check,
1814         .rebuild_header =       tcp_v6_rebuild_header,
1815         .conn_request   =       tcp_v6_conn_request,
1816         .syn_recv_sock  =       tcp_v6_syn_recv_sock,
1817         .remember_stamp =       tcp_v6_remember_stamp,
1818         .net_header_len =       sizeof(struct ipv6hdr),
1819
1820         .setsockopt     =       ipv6_setsockopt,
1821         .getsockopt     =       ipv6_getsockopt,
1822         .addr2sockaddr  =       v6_addr2sockaddr,
1823         .sockaddr_len   =       sizeof(struct sockaddr_in6)
1824 };
1825
1826 /*
1827  *      TCP over IPv4 via INET6 API
1828  */
1829
1830 static struct tcp_func ipv6_mapped = {
1831         .queue_xmit     =       ip_queue_xmit,
1832         .send_check     =       tcp_v4_send_check,
1833         .rebuild_header =       inet_sk_rebuild_header,
1834         .conn_request   =       tcp_v6_conn_request,
1835         .syn_recv_sock  =       tcp_v6_syn_recv_sock,
1836         .remember_stamp =       tcp_v4_remember_stamp,
1837         .net_header_len =       sizeof(struct iphdr),
1838
1839         .setsockopt     =       ipv6_setsockopt,
1840         .getsockopt     =       ipv6_getsockopt,
1841         .addr2sockaddr  =       v6_addr2sockaddr,
1842         .sockaddr_len   =       sizeof(struct sockaddr_in6)
1843 };
1844
1845
1846
1847 /* NOTE: A lot of things set to zero explicitly by call to
1848  *       sk_alloc() so need not be done here.
1849  */
1850 static int tcp_v6_init_sock(struct sock *sk)
1851 {
1852         struct inet_connection_sock *icsk = inet_csk(sk);
1853         struct tcp_sock *tp = tcp_sk(sk);
1854
1855         skb_queue_head_init(&tp->out_of_order_queue);
1856         tcp_init_xmit_timers(sk);
1857         tcp_prequeue_init(tp);
1858
1859         icsk->icsk_rto = TCP_TIMEOUT_INIT;
1860         tp->mdev = TCP_TIMEOUT_INIT;
1861
1862         /* So many TCP implementations out there (incorrectly) count the
1863          * initial SYN frame in their delayed-ACK and congestion control
1864          * algorithms that we must have the following bandaid to talk
1865          * efficiently to them.  -DaveM
1866          */
1867         tp->snd_cwnd = 2;
1868
1869         /* See draft-stevens-tcpca-spec-01 for discussion of the
1870          * initialization of these values.
1871          */
1872         tp->snd_ssthresh = 0x7fffffff;
1873         tp->snd_cwnd_clamp = ~0;
1874         tp->mss_cache = 536;
1875
1876         tp->reordering = sysctl_tcp_reordering;
1877
1878         sk->sk_state = TCP_CLOSE;
1879
1880         tp->af_specific = &ipv6_specific;
1881         icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1882         sk->sk_write_space = sk_stream_write_space;
1883         sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1884
1885         sk->sk_sndbuf = sysctl_tcp_wmem[1];
1886         sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1887
1888         atomic_inc(&tcp_sockets_allocated);
1889
1890         return 0;
1891 }
1892
1893 static int tcp_v6_destroy_sock(struct sock *sk)
1894 {
1895         tcp_v4_destroy_sock(sk);
1896         return inet6_destroy_sock(sk);
1897 }
1898
1899 /* Proc filesystem TCPv6 sock list dumping. */
1900 static void get_openreq6(struct seq_file *seq, 
1901                          struct sock *sk, struct request_sock *req, int i, int uid)
1902 {
1903         struct in6_addr *dest, *src;
1904         int ttd = req->expires - jiffies;
1905
1906         if (ttd < 0)
1907                 ttd = 0;
1908
1909         src = &tcp6_rsk(req)->loc_addr;
1910         dest = &tcp6_rsk(req)->rmt_addr;
1911         seq_printf(seq,
1912                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1913                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1914                    i,
1915                    src->s6_addr32[0], src->s6_addr32[1],
1916                    src->s6_addr32[2], src->s6_addr32[3],
1917                    ntohs(inet_sk(sk)->sport),
1918                    dest->s6_addr32[0], dest->s6_addr32[1],
1919                    dest->s6_addr32[2], dest->s6_addr32[3],
1920                    ntohs(inet_rsk(req)->rmt_port),
1921                    TCP_SYN_RECV,
1922                    0,0, /* could print option size, but that is af dependent. */
1923                    1,   /* timers active (only the expire timer) */  
1924                    jiffies_to_clock_t(ttd), 
1925                    req->retrans,
1926                    uid,
1927                    0,  /* non standard timer */  
1928                    0, /* open_requests have no inode */
1929                    0, req);
1930 }
1931
1932 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1933 {
1934         struct in6_addr *dest, *src;
1935         __u16 destp, srcp;
1936         int timer_active;
1937         unsigned long timer_expires;
1938         struct inet_sock *inet = inet_sk(sp);
1939         struct tcp_sock *tp = tcp_sk(sp);
1940         const struct inet_connection_sock *icsk = inet_csk(sp);
1941         struct ipv6_pinfo *np = inet6_sk(sp);
1942
1943         dest  = &np->daddr;
1944         src   = &np->rcv_saddr;
1945         destp = ntohs(inet->dport);
1946         srcp  = ntohs(inet->sport);
1947
1948         if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1949                 timer_active    = 1;
1950                 timer_expires   = icsk->icsk_timeout;
1951         } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1952                 timer_active    = 4;
1953                 timer_expires   = icsk->icsk_timeout;
1954         } else if (timer_pending(&sp->sk_timer)) {
1955                 timer_active    = 2;
1956                 timer_expires   = sp->sk_timer.expires;
1957         } else {
1958                 timer_active    = 0;
1959                 timer_expires = jiffies;
1960         }
1961
1962         seq_printf(seq,
1963                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1964                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %u %u %u %u %d\n",
1965                    i,
1966                    src->s6_addr32[0], src->s6_addr32[1],
1967                    src->s6_addr32[2], src->s6_addr32[3], srcp,
1968                    dest->s6_addr32[0], dest->s6_addr32[1],
1969                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
1970                    sp->sk_state, 
1971                    tp->write_seq-tp->snd_una, tp->rcv_nxt-tp->copied_seq,
1972                    timer_active,
1973                    jiffies_to_clock_t(timer_expires - jiffies),
1974                    icsk->icsk_retransmits,
1975                    sock_i_uid(sp),
1976                    icsk->icsk_probes_out,
1977                    sock_i_ino(sp),
1978                    atomic_read(&sp->sk_refcnt), sp,
1979                    icsk->icsk_rto,
1980                    icsk->icsk_ack.ato,
1981                    (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
1982                    tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
1983                    );
1984 }
1985
1986 static void get_timewait6_sock(struct seq_file *seq, 
1987                                struct inet_timewait_sock *tw, int i)
1988 {
1989         struct in6_addr *dest, *src;
1990         __u16 destp, srcp;
1991         struct tcp6_timewait_sock *tcp6tw = tcp6_twsk((struct sock *)tw);
1992         int ttd = tw->tw_ttd - jiffies;
1993
1994         if (ttd < 0)
1995                 ttd = 0;
1996
1997         dest = &tcp6tw->tw_v6_daddr;
1998         src  = &tcp6tw->tw_v6_rcv_saddr;
1999         destp = ntohs(tw->tw_dport);
2000         srcp  = ntohs(tw->tw_sport);
2001
2002         seq_printf(seq,
2003                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2004                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
2005                    i,
2006                    src->s6_addr32[0], src->s6_addr32[1],
2007                    src->s6_addr32[2], src->s6_addr32[3], srcp,
2008                    dest->s6_addr32[0], dest->s6_addr32[1],
2009                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
2010                    tw->tw_substate, 0, 0,
2011                    3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2012                    atomic_read(&tw->tw_refcnt), tw);
2013 }
2014
2015 #ifdef CONFIG_PROC_FS
2016 static int tcp6_seq_show(struct seq_file *seq, void *v)
2017 {
2018         struct tcp_iter_state *st;
2019
2020         if (v == SEQ_START_TOKEN) {
2021                 seq_puts(seq,
2022                          "  sl  "
2023                          "local_address                         "
2024                          "remote_address                        "
2025                          "st tx_queue rx_queue tr tm->when retrnsmt"
2026                          "   uid  timeout inode\n");
2027                 goto out;
2028         }
2029         st = seq->private;
2030
2031         switch (st->state) {
2032         case TCP_SEQ_STATE_LISTENING:
2033         case TCP_SEQ_STATE_ESTABLISHED:
2034                 get_tcp6_sock(seq, v, st->num);
2035                 break;
2036         case TCP_SEQ_STATE_OPENREQ:
2037                 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
2038                 break;
2039         case TCP_SEQ_STATE_TIME_WAIT:
2040                 get_timewait6_sock(seq, v, st->num);
2041                 break;
2042         }
2043 out:
2044         return 0;
2045 }
2046
2047 static struct file_operations tcp6_seq_fops;
2048 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2049         .owner          = THIS_MODULE,
2050         .name           = "tcp6",
2051         .family         = AF_INET6,
2052         .seq_show       = tcp6_seq_show,
2053         .seq_fops       = &tcp6_seq_fops,
2054 };
2055
2056 int __init tcp6_proc_init(void)
2057 {
2058         return tcp_proc_register(&tcp6_seq_afinfo);
2059 }
2060
2061 void tcp6_proc_exit(void)
2062 {
2063         tcp_proc_unregister(&tcp6_seq_afinfo);
2064 }
2065 #endif
2066
2067 struct proto tcpv6_prot = {
2068         .name                   = "TCPv6",
2069         .owner                  = THIS_MODULE,
2070         .close                  = tcp_close,
2071         .connect                = tcp_v6_connect,
2072         .disconnect             = tcp_disconnect,
2073         .accept                 = inet_csk_accept,
2074         .ioctl                  = tcp_ioctl,
2075         .init                   = tcp_v6_init_sock,
2076         .destroy                = tcp_v6_destroy_sock,
2077         .shutdown               = tcp_shutdown,
2078         .setsockopt             = tcp_setsockopt,
2079         .getsockopt             = tcp_getsockopt,
2080         .sendmsg                = tcp_sendmsg,
2081         .recvmsg                = tcp_recvmsg,
2082         .backlog_rcv            = tcp_v6_do_rcv,
2083         .hash                   = tcp_v6_hash,
2084         .unhash                 = tcp_unhash,
2085         .get_port               = tcp_v6_get_port,
2086         .enter_memory_pressure  = tcp_enter_memory_pressure,
2087         .sockets_allocated      = &tcp_sockets_allocated,
2088         .memory_allocated       = &tcp_memory_allocated,
2089         .memory_pressure        = &tcp_memory_pressure,
2090         .orphan_count           = &tcp_orphan_count,
2091         .sysctl_mem             = sysctl_tcp_mem,
2092         .sysctl_wmem            = sysctl_tcp_wmem,
2093         .sysctl_rmem            = sysctl_tcp_rmem,
2094         .max_header             = MAX_TCP_HEADER,
2095         .obj_size               = sizeof(struct tcp6_sock),
2096         .twsk_obj_size          = sizeof(struct tcp6_timewait_sock),
2097         .rsk_prot               = &tcp6_request_sock_ops,
2098 };
2099
2100 static struct inet6_protocol tcpv6_protocol = {
2101         .handler        =       tcp_v6_rcv,
2102         .err_handler    =       tcp_v6_err,
2103         .flags          =       INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2104 };
2105
2106 static struct inet_protosw tcpv6_protosw = {
2107         .type           =       SOCK_STREAM,
2108         .protocol       =       IPPROTO_TCP,
2109         .prot           =       &tcpv6_prot,
2110         .ops            =       &inet6_stream_ops,
2111         .capability     =       -1,
2112         .no_check       =       0,
2113         .flags          =       INET_PROTOSW_PERMANENT,
2114 };
2115
2116 void __init tcpv6_init(void)
2117 {
2118         /* register inet6 protocol */
2119         if (inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP) < 0)
2120                 printk(KERN_ERR "tcpv6_init: Could not register protocol\n");
2121         inet6_register_protosw(&tcpv6_protosw);
2122 }