3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
8 * $Id: tcp_ipv6.c,v 1.144 2002/02/01 22:01:04 davem Exp $
11 * linux/net/ipv4/tcp.c
12 * linux/net/ipv4/tcp_input.c
13 * linux/net/ipv4/tcp_output.c
16 * Hideaki YOSHIFUJI : sin6_scope_id support
17 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
18 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
19 * a single port at the same time.
20 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
22 * This program is free software; you can redistribute it and/or
23 * modify it under the terms of the GNU General Public License
24 * as published by the Free Software Foundation; either version
25 * 2 of the License, or (at your option) any later version.
28 #include <linux/module.h>
29 #include <linux/config.h>
30 #include <linux/errno.h>
31 #include <linux/types.h>
32 #include <linux/socket.h>
33 #include <linux/sockios.h>
34 #include <linux/net.h>
35 #include <linux/jiffies.h>
37 #include <linux/in6.h>
38 #include <linux/netdevice.h>
39 #include <linux/init.h>
40 #include <linux/jhash.h>
41 #include <linux/ipsec.h>
42 #include <linux/times.h>
44 #include <linux/ipv6.h>
45 #include <linux/icmpv6.h>
46 #include <linux/random.h>
49 #include <net/ndisc.h>
50 #include <net/inet6_hashtables.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
59 #include <net/addrconf.h>
61 #include <net/dsfield.h>
63 #include <asm/uaccess.h>
65 #include <linux/proc_fs.h>
66 #include <linux/seq_file.h>
68 static void tcp_v6_send_reset(struct sk_buff *skb);
69 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req);
70 static void tcp_v6_send_check(struct sock *sk, struct tcphdr *th, int len,
73 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
74 static int tcp_v6_xmit(struct sk_buff *skb, int ipfragok);
76 static struct tcp_func ipv6_mapped;
77 static struct tcp_func ipv6_specific;
79 static inline int tcp_v6_bind_conflict(const struct sock *sk,
80 const struct inet_bind_bucket *tb)
82 const struct sock *sk2;
83 const struct hlist_node *node;
85 /* We must walk the whole port owner list in this case. -DaveM */
86 sk_for_each_bound(sk2, node, &tb->owners) {
88 (!sk->sk_bound_dev_if ||
89 !sk2->sk_bound_dev_if ||
90 sk->sk_bound_dev_if == sk2->sk_bound_dev_if) &&
91 (!sk->sk_reuse || !sk2->sk_reuse ||
92 sk2->sk_state == TCP_LISTEN) &&
93 ipv6_rcv_saddr_equal(sk, sk2))
100 /* Grrr, addr_type already calculated by caller, but I don't want
101 * to add some silly "cookie" argument to this method just for that.
102 * But it doesn't matter, the recalculation is in the rarest path
103 * this function ever takes.
105 static int tcp_v6_get_port(struct sock *sk, unsigned short snum)
107 struct inet_bind_hashbucket *head;
108 struct inet_bind_bucket *tb;
109 struct hlist_node *node;
114 int low = sysctl_local_port_range[0];
115 int high = sysctl_local_port_range[1];
116 int remaining = (high - low) + 1;
117 int rover = net_random() % (high - low) + low;
120 head = &tcp_hashinfo.bhash[inet_bhashfn(rover, tcp_hashinfo.bhash_size)];
121 spin_lock(&head->lock);
122 inet_bind_bucket_for_each(tb, node, &head->chain)
123 if (tb->port == rover)
127 spin_unlock(&head->lock);
130 } while (--remaining > 0);
132 /* Exhausted local port range during search? It is not
133 * possible for us to be holding one of the bind hash
134 * locks if this test triggers, because if 'remaining'
135 * drops to zero, we broke out of the do/while loop at
136 * the top level, not from the 'break;' statement.
139 if (unlikely(remaining <= 0))
142 /* OK, here is the one we will use. */
145 head = &tcp_hashinfo.bhash[inet_bhashfn(snum, tcp_hashinfo.bhash_size)];
146 spin_lock(&head->lock);
147 inet_bind_bucket_for_each(tb, node, &head->chain)
148 if (tb->port == snum)
154 if (tb && !hlist_empty(&tb->owners)) {
155 if (tb->fastreuse > 0 && sk->sk_reuse &&
156 sk->sk_state != TCP_LISTEN) {
160 if (tcp_v6_bind_conflict(sk, tb))
167 tb = inet_bind_bucket_create(tcp_hashinfo.bind_bucket_cachep, head, snum);
171 if (hlist_empty(&tb->owners)) {
172 if (sk->sk_reuse && sk->sk_state != TCP_LISTEN)
176 } else if (tb->fastreuse &&
177 (!sk->sk_reuse || sk->sk_state == TCP_LISTEN))
181 if (!inet_csk(sk)->icsk_bind_hash)
182 inet_bind_hash(sk, tb, snum);
183 BUG_TRAP(inet_csk(sk)->icsk_bind_hash == tb);
187 spin_unlock(&head->lock);
193 static __inline__ void __tcp_v6_hash(struct sock *sk)
195 struct hlist_head *list;
198 BUG_TRAP(sk_unhashed(sk));
200 if (sk->sk_state == TCP_LISTEN) {
201 list = &tcp_hashinfo.listening_hash[inet_sk_listen_hashfn(sk)];
202 lock = &tcp_hashinfo.lhash_lock;
203 inet_listen_wlock(&tcp_hashinfo);
206 sk->sk_hash = hash = inet6_sk_ehashfn(sk);
207 hash &= (tcp_hashinfo.ehash_size - 1);
208 list = &tcp_hashinfo.ehash[hash].chain;
209 lock = &tcp_hashinfo.ehash[hash].lock;
213 __sk_add_node(sk, list);
214 sock_prot_inc_use(sk->sk_prot);
219 static void tcp_v6_hash(struct sock *sk)
221 if (sk->sk_state != TCP_CLOSE) {
222 struct tcp_sock *tp = tcp_sk(sk);
224 if (tp->af_specific == &ipv6_mapped) {
235 * Open request hash tables.
238 static u32 tcp_v6_synq_hash(const struct in6_addr *raddr, const u16 rport, const u32 rnd)
242 a = raddr->s6_addr32[0];
243 b = raddr->s6_addr32[1];
244 c = raddr->s6_addr32[2];
246 a += JHASH_GOLDEN_RATIO;
247 b += JHASH_GOLDEN_RATIO;
249 __jhash_mix(a, b, c);
251 a += raddr->s6_addr32[3];
253 __jhash_mix(a, b, c);
255 return c & (TCP_SYNQ_HSIZE - 1);
258 static struct request_sock *tcp_v6_search_req(const struct sock *sk,
259 struct request_sock ***prevp,
261 struct in6_addr *raddr,
262 struct in6_addr *laddr,
265 const struct inet_connection_sock *icsk = inet_csk(sk);
266 struct listen_sock *lopt = icsk->icsk_accept_queue.listen_opt;
267 struct request_sock *req, **prev;
269 for (prev = &lopt->syn_table[tcp_v6_synq_hash(raddr, rport, lopt->hash_rnd)];
270 (req = *prev) != NULL;
271 prev = &req->dl_next) {
272 const struct tcp6_request_sock *treq = tcp6_rsk(req);
274 if (inet_rsk(req)->rmt_port == rport &&
275 req->rsk_ops->family == AF_INET6 &&
276 ipv6_addr_equal(&treq->rmt_addr, raddr) &&
277 ipv6_addr_equal(&treq->loc_addr, laddr) &&
278 (!treq->iif || treq->iif == iif)) {
279 BUG_TRAP(req->sk == NULL);
288 static __inline__ u16 tcp_v6_check(struct tcphdr *th, int len,
289 struct in6_addr *saddr,
290 struct in6_addr *daddr,
293 return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
296 static __u32 tcp_v6_init_sequence(struct sock *sk, struct sk_buff *skb)
298 if (skb->protocol == htons(ETH_P_IPV6)) {
299 return secure_tcpv6_sequence_number(skb->nh.ipv6h->daddr.s6_addr32,
300 skb->nh.ipv6h->saddr.s6_addr32,
304 return secure_tcp_sequence_number(skb->nh.iph->daddr,
311 static int __tcp_v6_check_established(struct sock *sk, const __u16 lport,
312 struct inet_timewait_sock **twp)
314 struct inet_sock *inet = inet_sk(sk);
315 const struct ipv6_pinfo *np = inet6_sk(sk);
316 const struct in6_addr *daddr = &np->rcv_saddr;
317 const struct in6_addr *saddr = &np->daddr;
318 const int dif = sk->sk_bound_dev_if;
319 const u32 ports = INET_COMBINED_PORTS(inet->dport, lport);
320 unsigned int hash = inet6_ehashfn(daddr, inet->num, saddr, inet->dport);
321 struct inet_ehash_bucket *head = inet_ehash_bucket(&tcp_hashinfo, hash);
323 const struct hlist_node *node;
324 struct inet_timewait_sock *tw;
326 prefetch(head->chain.first);
327 write_lock(&head->lock);
329 /* Check TIME-WAIT sockets first. */
330 sk_for_each(sk2, node, &(head + tcp_hashinfo.ehash_size)->chain) {
331 const struct tcp6_timewait_sock *tcp6tw = tcp6_twsk(sk2);
335 if(*((__u32 *)&(tw->tw_dport)) == ports &&
336 sk2->sk_family == PF_INET6 &&
337 ipv6_addr_equal(&tcp6tw->tw_v6_daddr, saddr) &&
338 ipv6_addr_equal(&tcp6tw->tw_v6_rcv_saddr, daddr) &&
339 sk2->sk_bound_dev_if == sk->sk_bound_dev_if) {
340 const struct tcp_timewait_sock *tcptw = tcp_twsk(sk2);
341 struct tcp_sock *tp = tcp_sk(sk);
343 if (tcptw->tw_ts_recent_stamp &&
345 (sysctl_tcp_tw_reuse &&
346 xtime.tv_sec - tcptw->tw_ts_recent_stamp > 1))) {
347 /* See comment in tcp_ipv4.c */
348 tp->write_seq = tcptw->tw_snd_nxt + 65535 + 2;
351 tp->rx_opt.ts_recent = tcptw->tw_ts_recent;
352 tp->rx_opt.ts_recent_stamp = tcptw->tw_ts_recent_stamp;
361 /* And established part... */
362 sk_for_each(sk2, node, &head->chain) {
363 if (INET6_MATCH(sk2, hash, saddr, daddr, ports, dif))
368 BUG_TRAP(sk_unhashed(sk));
369 __sk_add_node(sk, &head->chain);
371 sock_prot_inc_use(sk->sk_prot);
372 write_unlock(&head->lock);
376 NET_INC_STATS_BH(LINUX_MIB_TIMEWAITRECYCLED);
378 /* Silly. Should hash-dance instead... */
379 inet_twsk_deschedule(tw, &tcp_death_row);
380 NET_INC_STATS_BH(LINUX_MIB_TIMEWAITRECYCLED);
387 write_unlock(&head->lock);
388 return -EADDRNOTAVAIL;
391 static inline u32 tcpv6_port_offset(const struct sock *sk)
393 const struct inet_sock *inet = inet_sk(sk);
394 const struct ipv6_pinfo *np = inet6_sk(sk);
396 return secure_tcpv6_port_ephemeral(np->rcv_saddr.s6_addr32,
401 static int tcp_v6_hash_connect(struct sock *sk)
403 unsigned short snum = inet_sk(sk)->num;
404 struct inet_bind_hashbucket *head;
405 struct inet_bind_bucket *tb;
409 int low = sysctl_local_port_range[0];
410 int high = sysctl_local_port_range[1];
411 int range = high - low;
415 u32 offset = hint + tcpv6_port_offset(sk);
416 struct hlist_node *node;
417 struct inet_timewait_sock *tw = NULL;
420 for (i = 1; i <= range; i++) {
421 port = low + (i + offset) % range;
422 head = &tcp_hashinfo.bhash[inet_bhashfn(port, tcp_hashinfo.bhash_size)];
423 spin_lock(&head->lock);
425 /* Does not bother with rcv_saddr checks,
426 * because the established check is already
429 inet_bind_bucket_for_each(tb, node, &head->chain) {
430 if (tb->port == port) {
431 BUG_TRAP(!hlist_empty(&tb->owners));
432 if (tb->fastreuse >= 0)
434 if (!__tcp_v6_check_established(sk,
442 tb = inet_bind_bucket_create(tcp_hashinfo.bind_bucket_cachep, head, port);
444 spin_unlock(&head->lock);
451 spin_unlock(&head->lock);
455 return -EADDRNOTAVAIL;
460 /* Head lock still held and bh's disabled */
461 inet_bind_hash(sk, tb, port);
462 if (sk_unhashed(sk)) {
463 inet_sk(sk)->sport = htons(port);
466 spin_unlock(&head->lock);
469 inet_twsk_deschedule(tw, &tcp_death_row);
477 head = &tcp_hashinfo.bhash[inet_bhashfn(snum, tcp_hashinfo.bhash_size)];
478 tb = inet_csk(sk)->icsk_bind_hash;
479 spin_lock_bh(&head->lock);
481 if (sk_head(&tb->owners) == sk && !sk->sk_bind_node.next) {
483 spin_unlock_bh(&head->lock);
486 spin_unlock(&head->lock);
487 /* No definite answer... Walk to established hash table */
488 ret = __tcp_v6_check_established(sk, snum, NULL);
495 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
498 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
499 struct inet_sock *inet = inet_sk(sk);
500 struct ipv6_pinfo *np = inet6_sk(sk);
501 struct tcp_sock *tp = tcp_sk(sk);
502 struct in6_addr *saddr = NULL, *final_p = NULL, final;
504 struct dst_entry *dst;
508 if (addr_len < SIN6_LEN_RFC2133)
511 if (usin->sin6_family != AF_INET6)
512 return(-EAFNOSUPPORT);
514 memset(&fl, 0, sizeof(fl));
517 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
518 IP6_ECN_flow_init(fl.fl6_flowlabel);
519 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
520 struct ip6_flowlabel *flowlabel;
521 flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
522 if (flowlabel == NULL)
524 ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
525 fl6_sock_release(flowlabel);
530 * connect() to INADDR_ANY means loopback (BSD'ism).
533 if(ipv6_addr_any(&usin->sin6_addr))
534 usin->sin6_addr.s6_addr[15] = 0x1;
536 addr_type = ipv6_addr_type(&usin->sin6_addr);
538 if(addr_type & IPV6_ADDR_MULTICAST)
541 if (addr_type&IPV6_ADDR_LINKLOCAL) {
542 if (addr_len >= sizeof(struct sockaddr_in6) &&
543 usin->sin6_scope_id) {
544 /* If interface is set while binding, indices
547 if (sk->sk_bound_dev_if &&
548 sk->sk_bound_dev_if != usin->sin6_scope_id)
551 sk->sk_bound_dev_if = usin->sin6_scope_id;
554 /* Connect to link-local address requires an interface */
555 if (!sk->sk_bound_dev_if)
559 if (tp->rx_opt.ts_recent_stamp &&
560 !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
561 tp->rx_opt.ts_recent = 0;
562 tp->rx_opt.ts_recent_stamp = 0;
566 ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
567 np->flow_label = fl.fl6_flowlabel;
573 if (addr_type == IPV6_ADDR_MAPPED) {
574 u32 exthdrlen = tp->ext_header_len;
575 struct sockaddr_in sin;
577 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
579 if (__ipv6_only_sock(sk))
582 sin.sin_family = AF_INET;
583 sin.sin_port = usin->sin6_port;
584 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
586 tp->af_specific = &ipv6_mapped;
587 sk->sk_backlog_rcv = tcp_v4_do_rcv;
589 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
592 tp->ext_header_len = exthdrlen;
593 tp->af_specific = &ipv6_specific;
594 sk->sk_backlog_rcv = tcp_v6_do_rcv;
597 ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF),
599 ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF),
606 if (!ipv6_addr_any(&np->rcv_saddr))
607 saddr = &np->rcv_saddr;
609 fl.proto = IPPROTO_TCP;
610 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
611 ipv6_addr_copy(&fl.fl6_src,
612 (saddr ? saddr : &np->saddr));
613 fl.oif = sk->sk_bound_dev_if;
614 fl.fl_ip_dport = usin->sin6_port;
615 fl.fl_ip_sport = inet->sport;
617 if (np->opt && np->opt->srcrt) {
618 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
619 ipv6_addr_copy(&final, &fl.fl6_dst);
620 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
624 err = ip6_dst_lookup(sk, &dst, &fl);
628 ipv6_addr_copy(&fl.fl6_dst, final_p);
630 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
635 ipv6_addr_copy(&np->rcv_saddr, saddr);
638 /* set the source address */
639 ipv6_addr_copy(&np->saddr, saddr);
640 inet->rcv_saddr = LOOPBACK4_IPV6;
642 ip6_dst_store(sk, dst, NULL);
643 sk->sk_route_caps = dst->dev->features &
644 ~(NETIF_F_IP_CSUM | NETIF_F_TSO);
646 tp->ext_header_len = 0;
648 tp->ext_header_len = np->opt->opt_flen + np->opt->opt_nflen;
650 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
652 inet->dport = usin->sin6_port;
654 tcp_set_state(sk, TCP_SYN_SENT);
655 err = tcp_v6_hash_connect(sk);
660 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
665 err = tcp_connect(sk);
672 tcp_set_state(sk, TCP_CLOSE);
676 sk->sk_route_caps = 0;
680 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
681 int type, int code, int offset, __u32 info)
683 struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
684 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
685 struct ipv6_pinfo *np;
691 sk = inet6_lookup(&tcp_hashinfo, &hdr->daddr, th->dest, &hdr->saddr,
692 th->source, skb->dev->ifindex);
695 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
699 if (sk->sk_state == TCP_TIME_WAIT) {
700 inet_twsk_put((struct inet_timewait_sock *)sk);
705 if (sock_owned_by_user(sk))
706 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
708 if (sk->sk_state == TCP_CLOSE)
712 seq = ntohl(th->seq);
713 if (sk->sk_state != TCP_LISTEN &&
714 !between(seq, tp->snd_una, tp->snd_nxt)) {
715 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
721 if (type == ICMPV6_PKT_TOOBIG) {
722 struct dst_entry *dst = NULL;
724 if (sock_owned_by_user(sk))
726 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
729 /* icmp should have updated the destination cache entry */
730 dst = __sk_dst_check(sk, np->dst_cookie);
733 struct inet_sock *inet = inet_sk(sk);
736 /* BUGGG_FUTURE: Again, it is not clear how
737 to handle rthdr case. Ignore this complexity
740 memset(&fl, 0, sizeof(fl));
741 fl.proto = IPPROTO_TCP;
742 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
743 ipv6_addr_copy(&fl.fl6_src, &np->saddr);
744 fl.oif = sk->sk_bound_dev_if;
745 fl.fl_ip_dport = inet->dport;
746 fl.fl_ip_sport = inet->sport;
748 if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
749 sk->sk_err_soft = -err;
753 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
754 sk->sk_err_soft = -err;
761 if (tp->pmtu_cookie > dst_mtu(dst)) {
762 tcp_sync_mss(sk, dst_mtu(dst));
763 tcp_simple_retransmit(sk);
764 } /* else let the usual retransmit timer handle it */
769 icmpv6_err_convert(type, code, &err);
771 /* Might be for an request_sock */
772 switch (sk->sk_state) {
773 struct request_sock *req, **prev;
775 if (sock_owned_by_user(sk))
778 req = tcp_v6_search_req(sk, &prev, th->dest, &hdr->daddr,
779 &hdr->saddr, inet6_iif(skb));
783 /* ICMPs are not backlogged, hence we cannot get
784 * an established socket here.
786 BUG_TRAP(req->sk == NULL);
788 if (seq != tcp_rsk(req)->snt_isn) {
789 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
793 inet_csk_reqsk_queue_drop(sk, req, prev);
797 case TCP_SYN_RECV: /* Cannot happen.
798 It can, it SYNs are crossed. --ANK */
799 if (!sock_owned_by_user(sk)) {
800 TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
802 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
806 sk->sk_err_soft = err;
810 if (!sock_owned_by_user(sk) && np->recverr) {
812 sk->sk_error_report(sk);
814 sk->sk_err_soft = err;
822 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
823 struct dst_entry *dst)
825 struct tcp6_request_sock *treq = tcp6_rsk(req);
826 struct ipv6_pinfo *np = inet6_sk(sk);
827 struct sk_buff * skb;
828 struct ipv6_txoptions *opt = NULL;
829 struct in6_addr * final_p = NULL, final;
833 memset(&fl, 0, sizeof(fl));
834 fl.proto = IPPROTO_TCP;
835 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
836 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
837 fl.fl6_flowlabel = 0;
839 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
840 fl.fl_ip_sport = inet_sk(sk)->sport;
845 np->rxopt.bits.osrcrt == 2 &&
847 struct sk_buff *pktopts = treq->pktopts;
848 struct inet6_skb_parm *rxopt = IP6CB(pktopts);
850 opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr*)(pktopts->nh.raw + rxopt->srcrt));
853 if (opt && opt->srcrt) {
854 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
855 ipv6_addr_copy(&final, &fl.fl6_dst);
856 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
860 err = ip6_dst_lookup(sk, &dst, &fl);
864 ipv6_addr_copy(&fl.fl6_dst, final_p);
865 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
869 skb = tcp_make_synack(sk, dst, req);
871 struct tcphdr *th = skb->h.th;
873 th->check = tcp_v6_check(th, skb->len,
874 &treq->loc_addr, &treq->rmt_addr,
875 csum_partial((char *)th, skb->len, skb->csum));
877 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
878 err = ip6_xmit(sk, skb, &fl, opt, 0);
879 if (err == NET_XMIT_CN)
884 if (opt && opt != np->opt)
885 sock_kfree_s(sk, opt, opt->tot_len);
889 static void tcp_v6_reqsk_destructor(struct request_sock *req)
891 if (tcp6_rsk(req)->pktopts)
892 kfree_skb(tcp6_rsk(req)->pktopts);
895 static struct request_sock_ops tcp6_request_sock_ops = {
897 .obj_size = sizeof(struct tcp6_request_sock),
898 .rtx_syn_ack = tcp_v6_send_synack,
899 .send_ack = tcp_v6_reqsk_send_ack,
900 .destructor = tcp_v6_reqsk_destructor,
901 .send_reset = tcp_v6_send_reset
904 static int ipv6_opt_accepted(struct sock *sk, struct sk_buff *skb)
906 struct ipv6_pinfo *np = inet6_sk(sk);
907 struct inet6_skb_parm *opt = IP6CB(skb);
910 if ((opt->hop && (np->rxopt.bits.hopopts || np->rxopt.bits.ohopopts)) ||
911 ((IPV6_FLOWINFO_MASK & *(u32*)skb->nh.raw) && np->rxopt.bits.rxflow) ||
912 (opt->srcrt && (np->rxopt.bits.srcrt || np->rxopt.bits.osrcrt)) ||
913 ((opt->dst1 || opt->dst0) && (np->rxopt.bits.dstopts || np->rxopt.bits.odstopts)))
920 static void tcp_v6_send_check(struct sock *sk, struct tcphdr *th, int len,
923 struct ipv6_pinfo *np = inet6_sk(sk);
925 if (skb->ip_summed == CHECKSUM_HW) {
926 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP, 0);
927 skb->csum = offsetof(struct tcphdr, check);
929 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,
930 csum_partial((char *)th, th->doff<<2,
936 static void tcp_v6_send_reset(struct sk_buff *skb)
938 struct tcphdr *th = skb->h.th, *t1;
939 struct sk_buff *buff;
945 if (!ipv6_unicast_destination(skb))
949 * We need to grab some memory, and put together an RST,
950 * and then put it into the queue to be sent.
953 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + sizeof(struct tcphdr),
958 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + sizeof(struct tcphdr));
960 t1 = (struct tcphdr *) skb_push(buff,sizeof(struct tcphdr));
962 /* Swap the send and the receive. */
963 memset(t1, 0, sizeof(*t1));
964 t1->dest = th->source;
965 t1->source = th->dest;
966 t1->doff = sizeof(*t1)/4;
970 t1->seq = th->ack_seq;
973 t1->ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin
974 + skb->len - (th->doff<<2));
977 buff->csum = csum_partial((char *)t1, sizeof(*t1), 0);
979 memset(&fl, 0, sizeof(fl));
980 ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
981 ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
983 t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
984 sizeof(*t1), IPPROTO_TCP,
987 fl.proto = IPPROTO_TCP;
988 fl.oif = inet6_iif(skb);
989 fl.fl_ip_dport = t1->dest;
990 fl.fl_ip_sport = t1->source;
992 /* sk = NULL, but it is safe for now. RST socket required. */
993 if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
995 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
996 ip6_xmit(NULL, buff, &fl, NULL, 0);
997 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
998 TCP_INC_STATS_BH(TCP_MIB_OUTRSTS);
1006 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts)
1008 struct tcphdr *th = skb->h.th, *t1;
1009 struct sk_buff *buff;
1011 int tot_len = sizeof(struct tcphdr);
1016 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1021 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1023 t1 = (struct tcphdr *) skb_push(buff,tot_len);
1025 /* Swap the send and the receive. */
1026 memset(t1, 0, sizeof(*t1));
1027 t1->dest = th->source;
1028 t1->source = th->dest;
1029 t1->doff = tot_len/4;
1030 t1->seq = htonl(seq);
1031 t1->ack_seq = htonl(ack);
1033 t1->window = htons(win);
1036 u32 *ptr = (u32*)(t1 + 1);
1037 *ptr++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1038 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
1039 *ptr++ = htonl(tcp_time_stamp);
1043 buff->csum = csum_partial((char *)t1, tot_len, 0);
1045 memset(&fl, 0, sizeof(fl));
1046 ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
1047 ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
1049 t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1050 tot_len, IPPROTO_TCP,
1053 fl.proto = IPPROTO_TCP;
1054 fl.oif = inet6_iif(skb);
1055 fl.fl_ip_dport = t1->dest;
1056 fl.fl_ip_sport = t1->source;
1058 if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
1059 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1060 ip6_xmit(NULL, buff, &fl, NULL, 0);
1061 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1069 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1071 struct inet_timewait_sock *tw = inet_twsk(sk);
1072 const struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1074 tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1075 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1076 tcptw->tw_ts_recent);
1081 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req)
1083 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent);
1087 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1089 struct request_sock *req, **prev;
1090 const struct tcphdr *th = skb->h.th;
1093 /* Find possible connection requests. */
1094 req = tcp_v6_search_req(sk, &prev, th->source, &skb->nh.ipv6h->saddr,
1095 &skb->nh.ipv6h->daddr, inet6_iif(skb));
1097 return tcp_check_req(sk, skb, req, prev);
1099 nsk = __inet6_lookup_established(&tcp_hashinfo, &skb->nh.ipv6h->saddr,
1100 th->source, &skb->nh.ipv6h->daddr,
1101 ntohs(th->dest), inet6_iif(skb));
1104 if (nsk->sk_state != TCP_TIME_WAIT) {
1108 inet_twsk_put((struct inet_timewait_sock *)nsk);
1112 #if 0 /*def CONFIG_SYN_COOKIES*/
1113 if (!th->rst && !th->syn && th->ack)
1114 sk = cookie_v6_check(sk, skb, &(IPCB(skb)->opt));
1119 static void tcp_v6_synq_add(struct sock *sk, struct request_sock *req)
1121 struct inet_connection_sock *icsk = inet_csk(sk);
1122 struct listen_sock *lopt = icsk->icsk_accept_queue.listen_opt;
1123 const u32 h = tcp_v6_synq_hash(&tcp6_rsk(req)->rmt_addr, inet_rsk(req)->rmt_port, lopt->hash_rnd);
1125 reqsk_queue_hash_req(&icsk->icsk_accept_queue, h, req, TCP_TIMEOUT_INIT);
1126 inet_csk_reqsk_queue_added(sk, TCP_TIMEOUT_INIT);
1130 /* FIXME: this is substantially similar to the ipv4 code.
1131 * Can some kind of merge be done? -- erics
1133 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1135 struct tcp6_request_sock *treq;
1136 struct ipv6_pinfo *np = inet6_sk(sk);
1137 struct tcp_options_received tmp_opt;
1138 struct tcp_sock *tp = tcp_sk(sk);
1139 struct request_sock *req = NULL;
1140 __u32 isn = TCP_SKB_CB(skb)->when;
1142 if (skb->protocol == htons(ETH_P_IP))
1143 return tcp_v4_conn_request(sk, skb);
1145 if (!ipv6_unicast_destination(skb))
1149 * There are no SYN attacks on IPv6, yet...
1151 if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1152 if (net_ratelimit())
1153 printk(KERN_INFO "TCPv6: dropping request, synflood is possible\n");
1157 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1160 req = reqsk_alloc(&tcp6_request_sock_ops);
1164 tcp_clear_options(&tmp_opt);
1165 tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1166 tmp_opt.user_mss = tp->rx_opt.user_mss;
1168 tcp_parse_options(skb, &tmp_opt, 0);
1170 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1171 tcp_openreq_init(req, &tmp_opt, skb);
1173 treq = tcp6_rsk(req);
1174 ipv6_addr_copy(&treq->rmt_addr, &skb->nh.ipv6h->saddr);
1175 ipv6_addr_copy(&treq->loc_addr, &skb->nh.ipv6h->daddr);
1176 TCP_ECN_create_request(req, skb->h.th);
1177 treq->pktopts = NULL;
1178 if (ipv6_opt_accepted(sk, skb) ||
1179 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1180 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1181 atomic_inc(&skb->users);
1182 treq->pktopts = skb;
1184 treq->iif = sk->sk_bound_dev_if;
1186 /* So that link locals have meaning */
1187 if (!sk->sk_bound_dev_if &&
1188 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1189 treq->iif = inet6_iif(skb);
1192 isn = tcp_v6_init_sequence(sk,skb);
1194 tcp_rsk(req)->snt_isn = isn;
1196 if (tcp_v6_send_synack(sk, req, NULL))
1199 tcp_v6_synq_add(sk, req);
1207 TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
1208 return 0; /* don't send reset */
1211 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1212 struct request_sock *req,
1213 struct dst_entry *dst)
1215 struct tcp6_request_sock *treq = tcp6_rsk(req);
1216 struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1217 struct tcp6_sock *newtcp6sk;
1218 struct inet_sock *newinet;
1219 struct tcp_sock *newtp;
1221 struct ipv6_txoptions *opt;
1223 if (skb->protocol == htons(ETH_P_IP)) {
1228 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1233 newtcp6sk = (struct tcp6_sock *)newsk;
1234 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1236 newinet = inet_sk(newsk);
1237 newnp = inet6_sk(newsk);
1238 newtp = tcp_sk(newsk);
1240 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1242 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF),
1245 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF),
1248 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1250 newtp->af_specific = &ipv6_mapped;
1251 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1252 newnp->pktoptions = NULL;
1254 newnp->mcast_oif = inet6_iif(skb);
1255 newnp->mcast_hops = skb->nh.ipv6h->hop_limit;
1258 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1259 * here, tcp_create_openreq_child now does this for us, see the comment in
1260 * that function for the gory details. -acme
1263 /* It is tricky place. Until this moment IPv4 tcp
1264 worked with IPv6 af_tcp.af_specific.
1267 tcp_sync_mss(newsk, newtp->pmtu_cookie);
1274 if (sk_acceptq_is_full(sk))
1277 if (np->rxopt.bits.osrcrt == 2 &&
1278 opt == NULL && treq->pktopts) {
1279 struct inet6_skb_parm *rxopt = IP6CB(treq->pktopts);
1281 opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr *)(treq->pktopts->nh.raw + rxopt->srcrt));
1285 struct in6_addr *final_p = NULL, final;
1288 memset(&fl, 0, sizeof(fl));
1289 fl.proto = IPPROTO_TCP;
1290 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
1291 if (opt && opt->srcrt) {
1292 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
1293 ipv6_addr_copy(&final, &fl.fl6_dst);
1294 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1297 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
1298 fl.oif = sk->sk_bound_dev_if;
1299 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
1300 fl.fl_ip_sport = inet_sk(sk)->sport;
1302 if (ip6_dst_lookup(sk, &dst, &fl))
1306 ipv6_addr_copy(&fl.fl6_dst, final_p);
1308 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
1312 newsk = tcp_create_openreq_child(sk, req, skb);
1317 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1318 * count here, tcp_create_openreq_child now does this for us, see the
1319 * comment in that function for the gory details. -acme
1322 ip6_dst_store(newsk, dst, NULL);
1323 newsk->sk_route_caps = dst->dev->features &
1324 ~(NETIF_F_IP_CSUM | NETIF_F_TSO);
1326 newtcp6sk = (struct tcp6_sock *)newsk;
1327 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1329 newtp = tcp_sk(newsk);
1330 newinet = inet_sk(newsk);
1331 newnp = inet6_sk(newsk);
1333 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1335 ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1336 ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1337 ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1338 newsk->sk_bound_dev_if = treq->iif;
1340 /* Now IPv6 options...
1342 First: no IPv4 options.
1344 newinet->opt = NULL;
1347 newnp->rxopt.all = np->rxopt.all;
1349 /* Clone pktoptions received with SYN */
1350 newnp->pktoptions = NULL;
1351 if (treq->pktopts != NULL) {
1352 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1353 kfree_skb(treq->pktopts);
1354 treq->pktopts = NULL;
1355 if (newnp->pktoptions)
1356 skb_set_owner_r(newnp->pktoptions, newsk);
1359 newnp->mcast_oif = inet6_iif(skb);
1360 newnp->mcast_hops = skb->nh.ipv6h->hop_limit;
1362 /* Clone native IPv6 options from listening socket (if any)
1364 Yes, keeping reference count would be much more clever,
1365 but we make one more one thing there: reattach optmem
1369 newnp->opt = ipv6_dup_options(newsk, opt);
1371 sock_kfree_s(sk, opt, opt->tot_len);
1374 newtp->ext_header_len = 0;
1376 newtp->ext_header_len = newnp->opt->opt_nflen +
1377 newnp->opt->opt_flen;
1379 tcp_sync_mss(newsk, dst_mtu(dst));
1380 newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1381 tcp_initialize_rcv_mss(newsk);
1383 newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
1385 __tcp_v6_hash(newsk);
1386 inet_inherit_port(&tcp_hashinfo, sk, newsk);
1391 NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
1393 NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
1394 if (opt && opt != np->opt)
1395 sock_kfree_s(sk, opt, opt->tot_len);
1400 static int tcp_v6_checksum_init(struct sk_buff *skb)
1402 if (skb->ip_summed == CHECKSUM_HW) {
1403 if (!tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1404 &skb->nh.ipv6h->daddr,skb->csum)) {
1405 skb->ip_summed = CHECKSUM_UNNECESSARY;
1410 skb->csum = ~tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1411 &skb->nh.ipv6h->daddr, 0);
1413 if (skb->len <= 76) {
1414 return __skb_checksum_complete(skb);
1419 /* The socket must have it's spinlock held when we get
1422 * We have a potential double-lock case here, so even when
1423 * doing backlog processing we use the BH locking scheme.
1424 * This is because we cannot sleep with the original spinlock
1427 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1429 struct ipv6_pinfo *np = inet6_sk(sk);
1430 struct tcp_sock *tp;
1431 struct sk_buff *opt_skb = NULL;
1433 /* Imagine: socket is IPv6. IPv4 packet arrives,
1434 goes to IPv4 receive handler and backlogged.
1435 From backlog it always goes here. Kerboom...
1436 Fortunately, tcp_rcv_established and rcv_established
1437 handle them correctly, but it is not case with
1438 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1441 if (skb->protocol == htons(ETH_P_IP))
1442 return tcp_v4_do_rcv(sk, skb);
1444 if (sk_filter(sk, skb, 0))
1448 * socket locking is here for SMP purposes as backlog rcv
1449 * is currently called with bh processing disabled.
1452 /* Do Stevens' IPV6_PKTOPTIONS.
1454 Yes, guys, it is the only place in our code, where we
1455 may make it not affecting IPv4.
1456 The rest of code is protocol independent,
1457 and I do not like idea to uglify IPv4.
1459 Actually, all the idea behind IPV6_PKTOPTIONS
1460 looks not very well thought. For now we latch
1461 options, received in the last packet, enqueued
1462 by tcp. Feel free to propose better solution.
1466 opt_skb = skb_clone(skb, GFP_ATOMIC);
1468 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1469 TCP_CHECK_TIMER(sk);
1470 if (tcp_rcv_established(sk, skb, skb->h.th, skb->len))
1472 TCP_CHECK_TIMER(sk);
1474 goto ipv6_pktoptions;
1478 if (skb->len < (skb->h.th->doff<<2) || tcp_checksum_complete(skb))
1481 if (sk->sk_state == TCP_LISTEN) {
1482 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1487 * Queue it on the new socket if the new socket is active,
1488 * otherwise we just shortcircuit this and continue with
1492 if (tcp_child_process(sk, nsk, skb))
1495 __kfree_skb(opt_skb);
1500 TCP_CHECK_TIMER(sk);
1501 if (tcp_rcv_state_process(sk, skb, skb->h.th, skb->len))
1503 TCP_CHECK_TIMER(sk);
1505 goto ipv6_pktoptions;
1509 tcp_v6_send_reset(skb);
1512 __kfree_skb(opt_skb);
1516 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1521 /* Do you ask, what is it?
1523 1. skb was enqueued by tcp.
1524 2. skb is added to tail of read queue, rather than out of order.
1525 3. socket is not in passive state.
1526 4. Finally, it really contains options, which user wants to receive.
1529 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1530 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1531 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1532 np->mcast_oif = inet6_iif(opt_skb);
1533 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1534 np->mcast_hops = opt_skb->nh.ipv6h->hop_limit;
1535 if (ipv6_opt_accepted(sk, opt_skb)) {
1536 skb_set_owner_r(opt_skb, sk);
1537 opt_skb = xchg(&np->pktoptions, opt_skb);
1539 __kfree_skb(opt_skb);
1540 opt_skb = xchg(&np->pktoptions, NULL);
1549 static int tcp_v6_rcv(struct sk_buff **pskb, unsigned int *nhoffp)
1551 struct sk_buff *skb = *pskb;
1556 if (skb->pkt_type != PACKET_HOST)
1560 * Count it even if it's bad.
1562 TCP_INC_STATS_BH(TCP_MIB_INSEGS);
1564 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1569 if (th->doff < sizeof(struct tcphdr)/4)
1571 if (!pskb_may_pull(skb, th->doff*4))
1574 if ((skb->ip_summed != CHECKSUM_UNNECESSARY &&
1575 tcp_v6_checksum_init(skb)))
1579 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1580 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1581 skb->len - th->doff*4);
1582 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1583 TCP_SKB_CB(skb)->when = 0;
1584 TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(skb->nh.ipv6h);
1585 TCP_SKB_CB(skb)->sacked = 0;
1587 sk = __inet6_lookup(&tcp_hashinfo, &skb->nh.ipv6h->saddr, th->source,
1588 &skb->nh.ipv6h->daddr, ntohs(th->dest),
1595 if (sk->sk_state == TCP_TIME_WAIT)
1598 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1599 goto discard_and_relse;
1601 if (sk_filter(sk, skb, 0))
1602 goto discard_and_relse;
1608 if (!sock_owned_by_user(sk)) {
1609 if (!tcp_prequeue(sk, skb))
1610 ret = tcp_v6_do_rcv(sk, skb);
1612 sk_add_backlog(sk, skb);
1616 return ret ? -1 : 0;
1619 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1622 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1624 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1626 tcp_v6_send_reset(skb);
1643 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1644 inet_twsk_put((struct inet_timewait_sock *)sk);
1648 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1649 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1650 inet_twsk_put((struct inet_timewait_sock *)sk);
1654 switch (tcp_timewait_state_process((struct inet_timewait_sock *)sk,
1660 sk2 = inet6_lookup_listener(&tcp_hashinfo,
1661 &skb->nh.ipv6h->daddr,
1662 ntohs(th->dest), inet6_iif(skb));
1664 struct inet_timewait_sock *tw = inet_twsk(sk);
1665 inet_twsk_deschedule(tw, &tcp_death_row);
1670 /* Fall through to ACK */
1673 tcp_v6_timewait_ack(sk, skb);
1677 case TCP_TW_SUCCESS:;
1682 static int tcp_v6_rebuild_header(struct sock *sk)
1685 struct dst_entry *dst;
1686 struct ipv6_pinfo *np = inet6_sk(sk);
1688 dst = __sk_dst_check(sk, np->dst_cookie);
1691 struct inet_sock *inet = inet_sk(sk);
1692 struct in6_addr *final_p = NULL, final;
1695 memset(&fl, 0, sizeof(fl));
1696 fl.proto = IPPROTO_TCP;
1697 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
1698 ipv6_addr_copy(&fl.fl6_src, &np->saddr);
1699 fl.fl6_flowlabel = np->flow_label;
1700 fl.oif = sk->sk_bound_dev_if;
1701 fl.fl_ip_dport = inet->dport;
1702 fl.fl_ip_sport = inet->sport;
1704 if (np->opt && np->opt->srcrt) {
1705 struct rt0_hdr *rt0 = (struct rt0_hdr *) np->opt->srcrt;
1706 ipv6_addr_copy(&final, &fl.fl6_dst);
1707 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1711 err = ip6_dst_lookup(sk, &dst, &fl);
1713 sk->sk_route_caps = 0;
1717 ipv6_addr_copy(&fl.fl6_dst, final_p);
1719 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
1720 sk->sk_err_soft = -err;
1724 ip6_dst_store(sk, dst, NULL);
1725 sk->sk_route_caps = dst->dev->features &
1726 ~(NETIF_F_IP_CSUM | NETIF_F_TSO);
1732 static int tcp_v6_xmit(struct sk_buff *skb, int ipfragok)
1734 struct sock *sk = skb->sk;
1735 struct inet_sock *inet = inet_sk(sk);
1736 struct ipv6_pinfo *np = inet6_sk(sk);
1738 struct dst_entry *dst;
1739 struct in6_addr *final_p = NULL, final;
1741 memset(&fl, 0, sizeof(fl));
1742 fl.proto = IPPROTO_TCP;
1743 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
1744 ipv6_addr_copy(&fl.fl6_src, &np->saddr);
1745 fl.fl6_flowlabel = np->flow_label;
1746 IP6_ECN_flow_xmit(sk, fl.fl6_flowlabel);
1747 fl.oif = sk->sk_bound_dev_if;
1748 fl.fl_ip_sport = inet->sport;
1749 fl.fl_ip_dport = inet->dport;
1751 if (np->opt && np->opt->srcrt) {
1752 struct rt0_hdr *rt0 = (struct rt0_hdr *) np->opt->srcrt;
1753 ipv6_addr_copy(&final, &fl.fl6_dst);
1754 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1758 dst = __sk_dst_check(sk, np->dst_cookie);
1761 int err = ip6_dst_lookup(sk, &dst, &fl);
1764 sk->sk_err_soft = -err;
1769 ipv6_addr_copy(&fl.fl6_dst, final_p);
1771 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
1772 sk->sk_route_caps = 0;
1776 ip6_dst_store(sk, dst, NULL);
1777 sk->sk_route_caps = dst->dev->features &
1778 ~(NETIF_F_IP_CSUM | NETIF_F_TSO);
1781 skb->dst = dst_clone(dst);
1783 /* Restore final destination back after routing done */
1784 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
1786 return ip6_xmit(sk, skb, &fl, np->opt, 0);
1789 static void v6_addr2sockaddr(struct sock *sk, struct sockaddr * uaddr)
1791 struct ipv6_pinfo *np = inet6_sk(sk);
1792 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) uaddr;
1794 sin6->sin6_family = AF_INET6;
1795 ipv6_addr_copy(&sin6->sin6_addr, &np->daddr);
1796 sin6->sin6_port = inet_sk(sk)->dport;
1797 /* We do not store received flowlabel for TCP */
1798 sin6->sin6_flowinfo = 0;
1799 sin6->sin6_scope_id = 0;
1800 if (sk->sk_bound_dev_if &&
1801 ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_LINKLOCAL)
1802 sin6->sin6_scope_id = sk->sk_bound_dev_if;
1805 static int tcp_v6_remember_stamp(struct sock *sk)
1807 /* Alas, not yet... */
1811 static struct tcp_func ipv6_specific = {
1812 .queue_xmit = tcp_v6_xmit,
1813 .send_check = tcp_v6_send_check,
1814 .rebuild_header = tcp_v6_rebuild_header,
1815 .conn_request = tcp_v6_conn_request,
1816 .syn_recv_sock = tcp_v6_syn_recv_sock,
1817 .remember_stamp = tcp_v6_remember_stamp,
1818 .net_header_len = sizeof(struct ipv6hdr),
1820 .setsockopt = ipv6_setsockopt,
1821 .getsockopt = ipv6_getsockopt,
1822 .addr2sockaddr = v6_addr2sockaddr,
1823 .sockaddr_len = sizeof(struct sockaddr_in6)
1827 * TCP over IPv4 via INET6 API
1830 static struct tcp_func ipv6_mapped = {
1831 .queue_xmit = ip_queue_xmit,
1832 .send_check = tcp_v4_send_check,
1833 .rebuild_header = inet_sk_rebuild_header,
1834 .conn_request = tcp_v6_conn_request,
1835 .syn_recv_sock = tcp_v6_syn_recv_sock,
1836 .remember_stamp = tcp_v4_remember_stamp,
1837 .net_header_len = sizeof(struct iphdr),
1839 .setsockopt = ipv6_setsockopt,
1840 .getsockopt = ipv6_getsockopt,
1841 .addr2sockaddr = v6_addr2sockaddr,
1842 .sockaddr_len = sizeof(struct sockaddr_in6)
1847 /* NOTE: A lot of things set to zero explicitly by call to
1848 * sk_alloc() so need not be done here.
1850 static int tcp_v6_init_sock(struct sock *sk)
1852 struct inet_connection_sock *icsk = inet_csk(sk);
1853 struct tcp_sock *tp = tcp_sk(sk);
1855 skb_queue_head_init(&tp->out_of_order_queue);
1856 tcp_init_xmit_timers(sk);
1857 tcp_prequeue_init(tp);
1859 icsk->icsk_rto = TCP_TIMEOUT_INIT;
1860 tp->mdev = TCP_TIMEOUT_INIT;
1862 /* So many TCP implementations out there (incorrectly) count the
1863 * initial SYN frame in their delayed-ACK and congestion control
1864 * algorithms that we must have the following bandaid to talk
1865 * efficiently to them. -DaveM
1869 /* See draft-stevens-tcpca-spec-01 for discussion of the
1870 * initialization of these values.
1872 tp->snd_ssthresh = 0x7fffffff;
1873 tp->snd_cwnd_clamp = ~0;
1874 tp->mss_cache = 536;
1876 tp->reordering = sysctl_tcp_reordering;
1878 sk->sk_state = TCP_CLOSE;
1880 tp->af_specific = &ipv6_specific;
1881 icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1882 sk->sk_write_space = sk_stream_write_space;
1883 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1885 sk->sk_sndbuf = sysctl_tcp_wmem[1];
1886 sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1888 atomic_inc(&tcp_sockets_allocated);
1893 static int tcp_v6_destroy_sock(struct sock *sk)
1895 tcp_v4_destroy_sock(sk);
1896 return inet6_destroy_sock(sk);
1899 /* Proc filesystem TCPv6 sock list dumping. */
1900 static void get_openreq6(struct seq_file *seq,
1901 struct sock *sk, struct request_sock *req, int i, int uid)
1903 struct in6_addr *dest, *src;
1904 int ttd = req->expires - jiffies;
1909 src = &tcp6_rsk(req)->loc_addr;
1910 dest = &tcp6_rsk(req)->rmt_addr;
1912 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1913 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1915 src->s6_addr32[0], src->s6_addr32[1],
1916 src->s6_addr32[2], src->s6_addr32[3],
1917 ntohs(inet_sk(sk)->sport),
1918 dest->s6_addr32[0], dest->s6_addr32[1],
1919 dest->s6_addr32[2], dest->s6_addr32[3],
1920 ntohs(inet_rsk(req)->rmt_port),
1922 0,0, /* could print option size, but that is af dependent. */
1923 1, /* timers active (only the expire timer) */
1924 jiffies_to_clock_t(ttd),
1927 0, /* non standard timer */
1928 0, /* open_requests have no inode */
1932 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1934 struct in6_addr *dest, *src;
1937 unsigned long timer_expires;
1938 struct inet_sock *inet = inet_sk(sp);
1939 struct tcp_sock *tp = tcp_sk(sp);
1940 const struct inet_connection_sock *icsk = inet_csk(sp);
1941 struct ipv6_pinfo *np = inet6_sk(sp);
1944 src = &np->rcv_saddr;
1945 destp = ntohs(inet->dport);
1946 srcp = ntohs(inet->sport);
1948 if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1950 timer_expires = icsk->icsk_timeout;
1951 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1953 timer_expires = icsk->icsk_timeout;
1954 } else if (timer_pending(&sp->sk_timer)) {
1956 timer_expires = sp->sk_timer.expires;
1959 timer_expires = jiffies;
1963 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1964 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %u %u %u %u %d\n",
1966 src->s6_addr32[0], src->s6_addr32[1],
1967 src->s6_addr32[2], src->s6_addr32[3], srcp,
1968 dest->s6_addr32[0], dest->s6_addr32[1],
1969 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1971 tp->write_seq-tp->snd_una, tp->rcv_nxt-tp->copied_seq,
1973 jiffies_to_clock_t(timer_expires - jiffies),
1974 icsk->icsk_retransmits,
1976 icsk->icsk_probes_out,
1978 atomic_read(&sp->sk_refcnt), sp,
1981 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
1982 tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
1986 static void get_timewait6_sock(struct seq_file *seq,
1987 struct inet_timewait_sock *tw, int i)
1989 struct in6_addr *dest, *src;
1991 struct tcp6_timewait_sock *tcp6tw = tcp6_twsk((struct sock *)tw);
1992 int ttd = tw->tw_ttd - jiffies;
1997 dest = &tcp6tw->tw_v6_daddr;
1998 src = &tcp6tw->tw_v6_rcv_saddr;
1999 destp = ntohs(tw->tw_dport);
2000 srcp = ntohs(tw->tw_sport);
2003 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2004 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
2006 src->s6_addr32[0], src->s6_addr32[1],
2007 src->s6_addr32[2], src->s6_addr32[3], srcp,
2008 dest->s6_addr32[0], dest->s6_addr32[1],
2009 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2010 tw->tw_substate, 0, 0,
2011 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2012 atomic_read(&tw->tw_refcnt), tw);
2015 #ifdef CONFIG_PROC_FS
2016 static int tcp6_seq_show(struct seq_file *seq, void *v)
2018 struct tcp_iter_state *st;
2020 if (v == SEQ_START_TOKEN) {
2025 "st tx_queue rx_queue tr tm->when retrnsmt"
2026 " uid timeout inode\n");
2031 switch (st->state) {
2032 case TCP_SEQ_STATE_LISTENING:
2033 case TCP_SEQ_STATE_ESTABLISHED:
2034 get_tcp6_sock(seq, v, st->num);
2036 case TCP_SEQ_STATE_OPENREQ:
2037 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
2039 case TCP_SEQ_STATE_TIME_WAIT:
2040 get_timewait6_sock(seq, v, st->num);
2047 static struct file_operations tcp6_seq_fops;
2048 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2049 .owner = THIS_MODULE,
2052 .seq_show = tcp6_seq_show,
2053 .seq_fops = &tcp6_seq_fops,
2056 int __init tcp6_proc_init(void)
2058 return tcp_proc_register(&tcp6_seq_afinfo);
2061 void tcp6_proc_exit(void)
2063 tcp_proc_unregister(&tcp6_seq_afinfo);
2067 struct proto tcpv6_prot = {
2069 .owner = THIS_MODULE,
2071 .connect = tcp_v6_connect,
2072 .disconnect = tcp_disconnect,
2073 .accept = inet_csk_accept,
2075 .init = tcp_v6_init_sock,
2076 .destroy = tcp_v6_destroy_sock,
2077 .shutdown = tcp_shutdown,
2078 .setsockopt = tcp_setsockopt,
2079 .getsockopt = tcp_getsockopt,
2080 .sendmsg = tcp_sendmsg,
2081 .recvmsg = tcp_recvmsg,
2082 .backlog_rcv = tcp_v6_do_rcv,
2083 .hash = tcp_v6_hash,
2084 .unhash = tcp_unhash,
2085 .get_port = tcp_v6_get_port,
2086 .enter_memory_pressure = tcp_enter_memory_pressure,
2087 .sockets_allocated = &tcp_sockets_allocated,
2088 .memory_allocated = &tcp_memory_allocated,
2089 .memory_pressure = &tcp_memory_pressure,
2090 .orphan_count = &tcp_orphan_count,
2091 .sysctl_mem = sysctl_tcp_mem,
2092 .sysctl_wmem = sysctl_tcp_wmem,
2093 .sysctl_rmem = sysctl_tcp_rmem,
2094 .max_header = MAX_TCP_HEADER,
2095 .obj_size = sizeof(struct tcp6_sock),
2096 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
2097 .rsk_prot = &tcp6_request_sock_ops,
2100 static struct inet6_protocol tcpv6_protocol = {
2101 .handler = tcp_v6_rcv,
2102 .err_handler = tcp_v6_err,
2103 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2106 static struct inet_protosw tcpv6_protosw = {
2107 .type = SOCK_STREAM,
2108 .protocol = IPPROTO_TCP,
2109 .prot = &tcpv6_prot,
2110 .ops = &inet6_stream_ops,
2113 .flags = INET_PROTOSW_PERMANENT,
2116 void __init tcpv6_init(void)
2118 /* register inet6 protocol */
2119 if (inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP) < 0)
2120 printk(KERN_ERR "tcpv6_init: Could not register protocol\n");
2121 inet6_register_protosw(&tcpv6_protosw);