Merge branches 'ns9x' and 'machtypes' into devel
[linux-2.6] / net / ipv6 / tcp_ipv6.c
1 /*
2  *      TCP over IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *
8  *      $Id: tcp_ipv6.c,v 1.144 2002/02/01 22:01:04 davem Exp $
9  *
10  *      Based on:
11  *      linux/net/ipv4/tcp.c
12  *      linux/net/ipv4/tcp_input.c
13  *      linux/net/ipv4/tcp_output.c
14  *
15  *      Fixes:
16  *      Hideaki YOSHIFUJI       :       sin6_scope_id support
17  *      YOSHIFUJI Hideaki @USAGI and:   Support IPV6_V6ONLY socket option, which
18  *      Alexey Kuznetsov                allow both IPv4 and IPv6 sockets to bind
19  *                                      a single port at the same time.
20  *      YOSHIFUJI Hideaki @USAGI:       convert /proc/net/tcp6 to seq_file.
21  *
22  *      This program is free software; you can redistribute it and/or
23  *      modify it under the terms of the GNU General Public License
24  *      as published by the Free Software Foundation; either version
25  *      2 of the License, or (at your option) any later version.
26  */
27
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/net.h>
34 #include <linux/jiffies.h>
35 #include <linux/in.h>
36 #include <linux/in6.h>
37 #include <linux/netdevice.h>
38 #include <linux/init.h>
39 #include <linux/jhash.h>
40 #include <linux/ipsec.h>
41 #include <linux/times.h>
42
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
46
47 #include <net/tcp.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
51 #include <net/ipv6.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
58 #include <net/xfrm.h>
59 #include <net/snmp.h>
60 #include <net/dsfield.h>
61 #include <net/timewait_sock.h>
62 #include <net/netdma.h>
63 #include <net/inet_common.h>
64
65 #include <asm/uaccess.h>
66
67 #include <linux/proc_fs.h>
68 #include <linux/seq_file.h>
69
70 #include <linux/crypto.h>
71 #include <linux/scatterlist.h>
72
73 static void     tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
74 static void     tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req);
75 static void     tcp_v6_send_check(struct sock *sk, int len,
76                                   struct sk_buff *skb);
77
78 static int      tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
79
80 static struct inet_connection_sock_af_ops ipv6_mapped;
81 static struct inet_connection_sock_af_ops ipv6_specific;
82 #ifdef CONFIG_TCP_MD5SIG
83 static struct tcp_sock_af_ops tcp_sock_ipv6_specific;
84 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
85 #endif
86
87 static void tcp_v6_hash(struct sock *sk)
88 {
89         if (sk->sk_state != TCP_CLOSE) {
90                 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
91                         tcp_prot.hash(sk);
92                         return;
93                 }
94                 local_bh_disable();
95                 __inet6_hash(sk);
96                 local_bh_enable();
97         }
98 }
99
100 static __inline__ __sum16 tcp_v6_check(struct tcphdr *th, int len,
101                                    struct in6_addr *saddr,
102                                    struct in6_addr *daddr,
103                                    __wsum base)
104 {
105         return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
106 }
107
108 static __u32 tcp_v6_init_sequence(struct sk_buff *skb)
109 {
110         return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
111                                             ipv6_hdr(skb)->saddr.s6_addr32,
112                                             tcp_hdr(skb)->dest,
113                                             tcp_hdr(skb)->source);
114 }
115
116 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
117                           int addr_len)
118 {
119         struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
120         struct inet_sock *inet = inet_sk(sk);
121         struct inet_connection_sock *icsk = inet_csk(sk);
122         struct ipv6_pinfo *np = inet6_sk(sk);
123         struct tcp_sock *tp = tcp_sk(sk);
124         struct in6_addr *saddr = NULL, *final_p = NULL, final;
125         struct flowi fl;
126         struct dst_entry *dst;
127         int addr_type;
128         int err;
129
130         if (addr_len < SIN6_LEN_RFC2133)
131                 return -EINVAL;
132
133         if (usin->sin6_family != AF_INET6)
134                 return(-EAFNOSUPPORT);
135
136         memset(&fl, 0, sizeof(fl));
137
138         if (np->sndflow) {
139                 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
140                 IP6_ECN_flow_init(fl.fl6_flowlabel);
141                 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
142                         struct ip6_flowlabel *flowlabel;
143                         flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
144                         if (flowlabel == NULL)
145                                 return -EINVAL;
146                         ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
147                         fl6_sock_release(flowlabel);
148                 }
149         }
150
151         /*
152          *      connect() to INADDR_ANY means loopback (BSD'ism).
153          */
154
155         if(ipv6_addr_any(&usin->sin6_addr))
156                 usin->sin6_addr.s6_addr[15] = 0x1;
157
158         addr_type = ipv6_addr_type(&usin->sin6_addr);
159
160         if(addr_type & IPV6_ADDR_MULTICAST)
161                 return -ENETUNREACH;
162
163         if (addr_type&IPV6_ADDR_LINKLOCAL) {
164                 if (addr_len >= sizeof(struct sockaddr_in6) &&
165                     usin->sin6_scope_id) {
166                         /* If interface is set while binding, indices
167                          * must coincide.
168                          */
169                         if (sk->sk_bound_dev_if &&
170                             sk->sk_bound_dev_if != usin->sin6_scope_id)
171                                 return -EINVAL;
172
173                         sk->sk_bound_dev_if = usin->sin6_scope_id;
174                 }
175
176                 /* Connect to link-local address requires an interface */
177                 if (!sk->sk_bound_dev_if)
178                         return -EINVAL;
179         }
180
181         if (tp->rx_opt.ts_recent_stamp &&
182             !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
183                 tp->rx_opt.ts_recent = 0;
184                 tp->rx_opt.ts_recent_stamp = 0;
185                 tp->write_seq = 0;
186         }
187
188         ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
189         np->flow_label = fl.fl6_flowlabel;
190
191         /*
192          *      TCP over IPv4
193          */
194
195         if (addr_type == IPV6_ADDR_MAPPED) {
196                 u32 exthdrlen = icsk->icsk_ext_hdr_len;
197                 struct sockaddr_in sin;
198
199                 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
200
201                 if (__ipv6_only_sock(sk))
202                         return -ENETUNREACH;
203
204                 sin.sin_family = AF_INET;
205                 sin.sin_port = usin->sin6_port;
206                 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
207
208                 icsk->icsk_af_ops = &ipv6_mapped;
209                 sk->sk_backlog_rcv = tcp_v4_do_rcv;
210 #ifdef CONFIG_TCP_MD5SIG
211                 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
212 #endif
213
214                 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
215
216                 if (err) {
217                         icsk->icsk_ext_hdr_len = exthdrlen;
218                         icsk->icsk_af_ops = &ipv6_specific;
219                         sk->sk_backlog_rcv = tcp_v6_do_rcv;
220 #ifdef CONFIG_TCP_MD5SIG
221                         tp->af_specific = &tcp_sock_ipv6_specific;
222 #endif
223                         goto failure;
224                 } else {
225                         ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF),
226                                       inet->saddr);
227                         ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF),
228                                       inet->rcv_saddr);
229                 }
230
231                 return err;
232         }
233
234         if (!ipv6_addr_any(&np->rcv_saddr))
235                 saddr = &np->rcv_saddr;
236
237         fl.proto = IPPROTO_TCP;
238         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
239         ipv6_addr_copy(&fl.fl6_src,
240                        (saddr ? saddr : &np->saddr));
241         fl.oif = sk->sk_bound_dev_if;
242         fl.fl_ip_dport = usin->sin6_port;
243         fl.fl_ip_sport = inet->sport;
244
245         if (np->opt && np->opt->srcrt) {
246                 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
247                 ipv6_addr_copy(&final, &fl.fl6_dst);
248                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
249                 final_p = &final;
250         }
251
252         security_sk_classify_flow(sk, &fl);
253
254         err = ip6_dst_lookup(sk, &dst, &fl);
255         if (err)
256                 goto failure;
257         if (final_p)
258                 ipv6_addr_copy(&fl.fl6_dst, final_p);
259
260         if ((err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT)) < 0) {
261                 if (err == -EREMOTE)
262                         err = ip6_dst_blackhole(sk, &dst, &fl);
263                 if (err < 0)
264                         goto failure;
265         }
266
267         if (saddr == NULL) {
268                 saddr = &fl.fl6_src;
269                 ipv6_addr_copy(&np->rcv_saddr, saddr);
270         }
271
272         /* set the source address */
273         ipv6_addr_copy(&np->saddr, saddr);
274         inet->rcv_saddr = LOOPBACK4_IPV6;
275
276         sk->sk_gso_type = SKB_GSO_TCPV6;
277         __ip6_dst_store(sk, dst, NULL, NULL);
278
279         icsk->icsk_ext_hdr_len = 0;
280         if (np->opt)
281                 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
282                                           np->opt->opt_nflen);
283
284         tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
285
286         inet->dport = usin->sin6_port;
287
288         tcp_set_state(sk, TCP_SYN_SENT);
289         err = inet6_hash_connect(&tcp_death_row, sk);
290         if (err)
291                 goto late_failure;
292
293         if (!tp->write_seq)
294                 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
295                                                              np->daddr.s6_addr32,
296                                                              inet->sport,
297                                                              inet->dport);
298
299         err = tcp_connect(sk);
300         if (err)
301                 goto late_failure;
302
303         return 0;
304
305 late_failure:
306         tcp_set_state(sk, TCP_CLOSE);
307         __sk_dst_reset(sk);
308 failure:
309         inet->dport = 0;
310         sk->sk_route_caps = 0;
311         return err;
312 }
313
314 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
315                 int type, int code, int offset, __be32 info)
316 {
317         struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
318         const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
319         struct ipv6_pinfo *np;
320         struct sock *sk;
321         int err;
322         struct tcp_sock *tp;
323         __u32 seq;
324
325         sk = inet6_lookup(dev_net(skb->dev), &tcp_hashinfo, &hdr->daddr,
326                         th->dest, &hdr->saddr, th->source, skb->dev->ifindex);
327
328         if (sk == NULL) {
329                 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
330                 return;
331         }
332
333         if (sk->sk_state == TCP_TIME_WAIT) {
334                 inet_twsk_put(inet_twsk(sk));
335                 return;
336         }
337
338         bh_lock_sock(sk);
339         if (sock_owned_by_user(sk))
340                 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
341
342         if (sk->sk_state == TCP_CLOSE)
343                 goto out;
344
345         tp = tcp_sk(sk);
346         seq = ntohl(th->seq);
347         if (sk->sk_state != TCP_LISTEN &&
348             !between(seq, tp->snd_una, tp->snd_nxt)) {
349                 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
350                 goto out;
351         }
352
353         np = inet6_sk(sk);
354
355         if (type == ICMPV6_PKT_TOOBIG) {
356                 struct dst_entry *dst = NULL;
357
358                 if (sock_owned_by_user(sk))
359                         goto out;
360                 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
361                         goto out;
362
363                 /* icmp should have updated the destination cache entry */
364                 dst = __sk_dst_check(sk, np->dst_cookie);
365
366                 if (dst == NULL) {
367                         struct inet_sock *inet = inet_sk(sk);
368                         struct flowi fl;
369
370                         /* BUGGG_FUTURE: Again, it is not clear how
371                            to handle rthdr case. Ignore this complexity
372                            for now.
373                          */
374                         memset(&fl, 0, sizeof(fl));
375                         fl.proto = IPPROTO_TCP;
376                         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
377                         ipv6_addr_copy(&fl.fl6_src, &np->saddr);
378                         fl.oif = sk->sk_bound_dev_if;
379                         fl.fl_ip_dport = inet->dport;
380                         fl.fl_ip_sport = inet->sport;
381                         security_skb_classify_flow(skb, &fl);
382
383                         if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
384                                 sk->sk_err_soft = -err;
385                                 goto out;
386                         }
387
388                         if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
389                                 sk->sk_err_soft = -err;
390                                 goto out;
391                         }
392
393                 } else
394                         dst_hold(dst);
395
396                 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
397                         tcp_sync_mss(sk, dst_mtu(dst));
398                         tcp_simple_retransmit(sk);
399                 } /* else let the usual retransmit timer handle it */
400                 dst_release(dst);
401                 goto out;
402         }
403
404         icmpv6_err_convert(type, code, &err);
405
406         /* Might be for an request_sock */
407         switch (sk->sk_state) {
408                 struct request_sock *req, **prev;
409         case TCP_LISTEN:
410                 if (sock_owned_by_user(sk))
411                         goto out;
412
413                 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
414                                            &hdr->saddr, inet6_iif(skb));
415                 if (!req)
416                         goto out;
417
418                 /* ICMPs are not backlogged, hence we cannot get
419                  * an established socket here.
420                  */
421                 BUG_TRAP(req->sk == NULL);
422
423                 if (seq != tcp_rsk(req)->snt_isn) {
424                         NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
425                         goto out;
426                 }
427
428                 inet_csk_reqsk_queue_drop(sk, req, prev);
429                 goto out;
430
431         case TCP_SYN_SENT:
432         case TCP_SYN_RECV:  /* Cannot happen.
433                                It can, it SYNs are crossed. --ANK */
434                 if (!sock_owned_by_user(sk)) {
435                         sk->sk_err = err;
436                         sk->sk_error_report(sk);                /* Wake people up to see the error (see connect in sock.c) */
437
438                         tcp_done(sk);
439                 } else
440                         sk->sk_err_soft = err;
441                 goto out;
442         }
443
444         if (!sock_owned_by_user(sk) && np->recverr) {
445                 sk->sk_err = err;
446                 sk->sk_error_report(sk);
447         } else
448                 sk->sk_err_soft = err;
449
450 out:
451         bh_unlock_sock(sk);
452         sock_put(sk);
453 }
454
455
456 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req)
457 {
458         struct inet6_request_sock *treq = inet6_rsk(req);
459         struct ipv6_pinfo *np = inet6_sk(sk);
460         struct sk_buff * skb;
461         struct ipv6_txoptions *opt = NULL;
462         struct in6_addr * final_p = NULL, final;
463         struct flowi fl;
464         struct dst_entry *dst;
465         int err = -1;
466
467         memset(&fl, 0, sizeof(fl));
468         fl.proto = IPPROTO_TCP;
469         ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
470         ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
471         fl.fl6_flowlabel = 0;
472         fl.oif = treq->iif;
473         fl.fl_ip_dport = inet_rsk(req)->rmt_port;
474         fl.fl_ip_sport = inet_sk(sk)->sport;
475         security_req_classify_flow(req, &fl);
476
477         opt = np->opt;
478         if (opt && opt->srcrt) {
479                 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
480                 ipv6_addr_copy(&final, &fl.fl6_dst);
481                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
482                 final_p = &final;
483         }
484
485         err = ip6_dst_lookup(sk, &dst, &fl);
486         if (err)
487                 goto done;
488         if (final_p)
489                 ipv6_addr_copy(&fl.fl6_dst, final_p);
490         if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
491                 goto done;
492
493         skb = tcp_make_synack(sk, dst, req);
494         if (skb) {
495                 struct tcphdr *th = tcp_hdr(skb);
496
497                 th->check = tcp_v6_check(th, skb->len,
498                                          &treq->loc_addr, &treq->rmt_addr,
499                                          csum_partial((char *)th, skb->len, skb->csum));
500
501                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
502                 err = ip6_xmit(sk, skb, &fl, opt, 0);
503                 err = net_xmit_eval(err);
504         }
505
506 done:
507         if (opt && opt != np->opt)
508                 sock_kfree_s(sk, opt, opt->tot_len);
509         dst_release(dst);
510         return err;
511 }
512
513 static inline void syn_flood_warning(struct sk_buff *skb)
514 {
515 #ifdef CONFIG_SYN_COOKIES
516         if (sysctl_tcp_syncookies)
517                 printk(KERN_INFO
518                        "TCPv6: Possible SYN flooding on port %d. "
519                        "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest));
520         else
521 #endif
522                 printk(KERN_INFO
523                        "TCPv6: Possible SYN flooding on port %d. "
524                        "Dropping request.\n", ntohs(tcp_hdr(skb)->dest));
525 }
526
527 static void tcp_v6_reqsk_destructor(struct request_sock *req)
528 {
529         if (inet6_rsk(req)->pktopts)
530                 kfree_skb(inet6_rsk(req)->pktopts);
531 }
532
533 #ifdef CONFIG_TCP_MD5SIG
534 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
535                                                    struct in6_addr *addr)
536 {
537         struct tcp_sock *tp = tcp_sk(sk);
538         int i;
539
540         BUG_ON(tp == NULL);
541
542         if (!tp->md5sig_info || !tp->md5sig_info->entries6)
543                 return NULL;
544
545         for (i = 0; i < tp->md5sig_info->entries6; i++) {
546                 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr))
547                         return &tp->md5sig_info->keys6[i].base;
548         }
549         return NULL;
550 }
551
552 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
553                                                 struct sock *addr_sk)
554 {
555         return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
556 }
557
558 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
559                                                       struct request_sock *req)
560 {
561         return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
562 }
563
564 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
565                              char *newkey, u8 newkeylen)
566 {
567         /* Add key to the list */
568         struct tcp_md5sig_key *key;
569         struct tcp_sock *tp = tcp_sk(sk);
570         struct tcp6_md5sig_key *keys;
571
572         key = tcp_v6_md5_do_lookup(sk, peer);
573         if (key) {
574                 /* modify existing entry - just update that one */
575                 kfree(key->key);
576                 key->key = newkey;
577                 key->keylen = newkeylen;
578         } else {
579                 /* reallocate new list if current one is full. */
580                 if (!tp->md5sig_info) {
581                         tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC);
582                         if (!tp->md5sig_info) {
583                                 kfree(newkey);
584                                 return -ENOMEM;
585                         }
586                         sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
587                 }
588                 if (tcp_alloc_md5sig_pool() == NULL) {
589                         kfree(newkey);
590                         return -ENOMEM;
591                 }
592                 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) {
593                         keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) *
594                                        (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
595
596                         if (!keys) {
597                                 tcp_free_md5sig_pool();
598                                 kfree(newkey);
599                                 return -ENOMEM;
600                         }
601
602                         if (tp->md5sig_info->entries6)
603                                 memmove(keys, tp->md5sig_info->keys6,
604                                         (sizeof (tp->md5sig_info->keys6[0]) *
605                                          tp->md5sig_info->entries6));
606
607                         kfree(tp->md5sig_info->keys6);
608                         tp->md5sig_info->keys6 = keys;
609                         tp->md5sig_info->alloced6++;
610                 }
611
612                 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
613                                peer);
614                 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey;
615                 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen;
616
617                 tp->md5sig_info->entries6++;
618         }
619         return 0;
620 }
621
622 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk,
623                                u8 *newkey, __u8 newkeylen)
624 {
625         return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr,
626                                  newkey, newkeylen);
627 }
628
629 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
630 {
631         struct tcp_sock *tp = tcp_sk(sk);
632         int i;
633
634         for (i = 0; i < tp->md5sig_info->entries6; i++) {
635                 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) {
636                         /* Free the key */
637                         kfree(tp->md5sig_info->keys6[i].base.key);
638                         tp->md5sig_info->entries6--;
639
640                         if (tp->md5sig_info->entries6 == 0) {
641                                 kfree(tp->md5sig_info->keys6);
642                                 tp->md5sig_info->keys6 = NULL;
643                                 tp->md5sig_info->alloced6 = 0;
644                         } else {
645                                 /* shrink the database */
646                                 if (tp->md5sig_info->entries6 != i)
647                                         memmove(&tp->md5sig_info->keys6[i],
648                                                 &tp->md5sig_info->keys6[i+1],
649                                                 (tp->md5sig_info->entries6 - i)
650                                                 * sizeof (tp->md5sig_info->keys6[0]));
651                         }
652                         tcp_free_md5sig_pool();
653                         return 0;
654                 }
655         }
656         return -ENOENT;
657 }
658
659 static void tcp_v6_clear_md5_list (struct sock *sk)
660 {
661         struct tcp_sock *tp = tcp_sk(sk);
662         int i;
663
664         if (tp->md5sig_info->entries6) {
665                 for (i = 0; i < tp->md5sig_info->entries6; i++)
666                         kfree(tp->md5sig_info->keys6[i].base.key);
667                 tp->md5sig_info->entries6 = 0;
668                 tcp_free_md5sig_pool();
669         }
670
671         kfree(tp->md5sig_info->keys6);
672         tp->md5sig_info->keys6 = NULL;
673         tp->md5sig_info->alloced6 = 0;
674
675         if (tp->md5sig_info->entries4) {
676                 for (i = 0; i < tp->md5sig_info->entries4; i++)
677                         kfree(tp->md5sig_info->keys4[i].base.key);
678                 tp->md5sig_info->entries4 = 0;
679                 tcp_free_md5sig_pool();
680         }
681
682         kfree(tp->md5sig_info->keys4);
683         tp->md5sig_info->keys4 = NULL;
684         tp->md5sig_info->alloced4 = 0;
685 }
686
687 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
688                                   int optlen)
689 {
690         struct tcp_md5sig cmd;
691         struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
692         u8 *newkey;
693
694         if (optlen < sizeof(cmd))
695                 return -EINVAL;
696
697         if (copy_from_user(&cmd, optval, sizeof(cmd)))
698                 return -EFAULT;
699
700         if (sin6->sin6_family != AF_INET6)
701                 return -EINVAL;
702
703         if (!cmd.tcpm_keylen) {
704                 if (!tcp_sk(sk)->md5sig_info)
705                         return -ENOENT;
706                 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
707                         return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
708                 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr);
709         }
710
711         if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
712                 return -EINVAL;
713
714         if (!tcp_sk(sk)->md5sig_info) {
715                 struct tcp_sock *tp = tcp_sk(sk);
716                 struct tcp_md5sig_info *p;
717
718                 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL);
719                 if (!p)
720                         return -ENOMEM;
721
722                 tp->md5sig_info = p;
723                 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
724         }
725
726         newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
727         if (!newkey)
728                 return -ENOMEM;
729         if (ipv6_addr_v4mapped(&sin6->sin6_addr)) {
730                 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3],
731                                          newkey, cmd.tcpm_keylen);
732         }
733         return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
734 }
735
736 static int tcp_v6_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
737                                    struct in6_addr *saddr,
738                                    struct in6_addr *daddr,
739                                    struct tcphdr *th, int protocol,
740                                    unsigned int tcplen)
741 {
742         struct scatterlist sg[4];
743         __u16 data_len;
744         int block = 0;
745         __sum16 cksum;
746         struct tcp_md5sig_pool *hp;
747         struct tcp6_pseudohdr *bp;
748         struct hash_desc *desc;
749         int err;
750         unsigned int nbytes = 0;
751
752         hp = tcp_get_md5sig_pool();
753         if (!hp) {
754                 printk(KERN_WARNING "%s(): hash pool not found...\n", __func__);
755                 goto clear_hash_noput;
756         }
757         bp = &hp->md5_blk.ip6;
758         desc = &hp->md5_desc;
759
760         /* 1. TCP pseudo-header (RFC2460) */
761         ipv6_addr_copy(&bp->saddr, saddr);
762         ipv6_addr_copy(&bp->daddr, daddr);
763         bp->len = htonl(tcplen);
764         bp->protocol = htonl(protocol);
765
766         sg_init_table(sg, 4);
767
768         sg_set_buf(&sg[block++], bp, sizeof(*bp));
769         nbytes += sizeof(*bp);
770
771         /* 2. TCP header, excluding options */
772         cksum = th->check;
773         th->check = 0;
774         sg_set_buf(&sg[block++], th, sizeof(*th));
775         nbytes += sizeof(*th);
776
777         /* 3. TCP segment data (if any) */
778         data_len = tcplen - (th->doff << 2);
779         if (data_len > 0) {
780                 u8 *data = (u8 *)th + (th->doff << 2);
781                 sg_set_buf(&sg[block++], data, data_len);
782                 nbytes += data_len;
783         }
784
785         /* 4. shared key */
786         sg_set_buf(&sg[block++], key->key, key->keylen);
787         nbytes += key->keylen;
788
789         sg_mark_end(&sg[block - 1]);
790
791         /* Now store the hash into the packet */
792         err = crypto_hash_init(desc);
793         if (err) {
794                 printk(KERN_WARNING "%s(): hash_init failed\n", __func__);
795                 goto clear_hash;
796         }
797         err = crypto_hash_update(desc, sg, nbytes);
798         if (err) {
799                 printk(KERN_WARNING "%s(): hash_update failed\n", __func__);
800                 goto clear_hash;
801         }
802         err = crypto_hash_final(desc, md5_hash);
803         if (err) {
804                 printk(KERN_WARNING "%s(): hash_final failed\n", __func__);
805                 goto clear_hash;
806         }
807
808         /* Reset header, and free up the crypto */
809         tcp_put_md5sig_pool();
810         th->check = cksum;
811 out:
812         return 0;
813 clear_hash:
814         tcp_put_md5sig_pool();
815 clear_hash_noput:
816         memset(md5_hash, 0, 16);
817         goto out;
818 }
819
820 static int tcp_v6_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
821                                 struct sock *sk,
822                                 struct dst_entry *dst,
823                                 struct request_sock *req,
824                                 struct tcphdr *th, int protocol,
825                                 unsigned int tcplen)
826 {
827         struct in6_addr *saddr, *daddr;
828
829         if (sk) {
830                 saddr = &inet6_sk(sk)->saddr;
831                 daddr = &inet6_sk(sk)->daddr;
832         } else {
833                 saddr = &inet6_rsk(req)->loc_addr;
834                 daddr = &inet6_rsk(req)->rmt_addr;
835         }
836         return tcp_v6_do_calc_md5_hash(md5_hash, key,
837                                        saddr, daddr,
838                                        th, protocol, tcplen);
839 }
840
841 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
842 {
843         __u8 *hash_location = NULL;
844         struct tcp_md5sig_key *hash_expected;
845         struct ipv6hdr *ip6h = ipv6_hdr(skb);
846         struct tcphdr *th = tcp_hdr(skb);
847         int length = (th->doff << 2) - sizeof (*th);
848         int genhash;
849         u8 *ptr;
850         u8 newhash[16];
851
852         hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
853
854         /* If the TCP option is too short, we can short cut */
855         if (length < TCPOLEN_MD5SIG)
856                 return hash_expected ? 1 : 0;
857
858         /* parse options */
859         ptr = (u8*)(th + 1);
860         while (length > 0) {
861                 int opcode = *ptr++;
862                 int opsize;
863
864                 switch(opcode) {
865                 case TCPOPT_EOL:
866                         goto done_opts;
867                 case TCPOPT_NOP:
868                         length--;
869                         continue;
870                 default:
871                         opsize = *ptr++;
872                         if (opsize < 2 || opsize > length)
873                                 goto done_opts;
874                         if (opcode == TCPOPT_MD5SIG) {
875                                 hash_location = ptr;
876                                 goto done_opts;
877                         }
878                 }
879                 ptr += opsize - 2;
880                 length -= opsize;
881         }
882
883 done_opts:
884         /* do we have a hash as expected? */
885         if (!hash_expected) {
886                 if (!hash_location)
887                         return 0;
888                 if (net_ratelimit()) {
889                         printk(KERN_INFO "MD5 Hash NOT expected but found "
890                                "(" NIP6_FMT ", %u)->"
891                                "(" NIP6_FMT ", %u)\n",
892                                NIP6(ip6h->saddr), ntohs(th->source),
893                                NIP6(ip6h->daddr), ntohs(th->dest));
894                 }
895                 return 1;
896         }
897
898         if (!hash_location) {
899                 if (net_ratelimit()) {
900                         printk(KERN_INFO "MD5 Hash expected but NOT found "
901                                "(" NIP6_FMT ", %u)->"
902                                "(" NIP6_FMT ", %u)\n",
903                                NIP6(ip6h->saddr), ntohs(th->source),
904                                NIP6(ip6h->daddr), ntohs(th->dest));
905                 }
906                 return 1;
907         }
908
909         /* check the signature */
910         genhash = tcp_v6_do_calc_md5_hash(newhash,
911                                           hash_expected,
912                                           &ip6h->saddr, &ip6h->daddr,
913                                           th, sk->sk_protocol,
914                                           skb->len);
915         if (genhash || memcmp(hash_location, newhash, 16) != 0) {
916                 if (net_ratelimit()) {
917                         printk(KERN_INFO "MD5 Hash %s for "
918                                "(" NIP6_FMT ", %u)->"
919                                "(" NIP6_FMT ", %u)\n",
920                                genhash ? "failed" : "mismatch",
921                                NIP6(ip6h->saddr), ntohs(th->source),
922                                NIP6(ip6h->daddr), ntohs(th->dest));
923                 }
924                 return 1;
925         }
926         return 0;
927 }
928 #endif
929
930 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
931         .family         =       AF_INET6,
932         .obj_size       =       sizeof(struct tcp6_request_sock),
933         .rtx_syn_ack    =       tcp_v6_send_synack,
934         .send_ack       =       tcp_v6_reqsk_send_ack,
935         .destructor     =       tcp_v6_reqsk_destructor,
936         .send_reset     =       tcp_v6_send_reset
937 };
938
939 #ifdef CONFIG_TCP_MD5SIG
940 static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
941         .md5_lookup     =       tcp_v6_reqsk_md5_lookup,
942 };
943 #endif
944
945 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
946         .twsk_obj_size  = sizeof(struct tcp6_timewait_sock),
947         .twsk_unique    = tcp_twsk_unique,
948         .twsk_destructor= tcp_twsk_destructor,
949 };
950
951 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb)
952 {
953         struct ipv6_pinfo *np = inet6_sk(sk);
954         struct tcphdr *th = tcp_hdr(skb);
955
956         if (skb->ip_summed == CHECKSUM_PARTIAL) {
957                 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,  0);
958                 skb->csum_start = skb_transport_header(skb) - skb->head;
959                 skb->csum_offset = offsetof(struct tcphdr, check);
960         } else {
961                 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,
962                                             csum_partial((char *)th, th->doff<<2,
963                                                          skb->csum));
964         }
965 }
966
967 static int tcp_v6_gso_send_check(struct sk_buff *skb)
968 {
969         struct ipv6hdr *ipv6h;
970         struct tcphdr *th;
971
972         if (!pskb_may_pull(skb, sizeof(*th)))
973                 return -EINVAL;
974
975         ipv6h = ipv6_hdr(skb);
976         th = tcp_hdr(skb);
977
978         th->check = 0;
979         th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len,
980                                      IPPROTO_TCP, 0);
981         skb->csum_start = skb_transport_header(skb) - skb->head;
982         skb->csum_offset = offsetof(struct tcphdr, check);
983         skb->ip_summed = CHECKSUM_PARTIAL;
984         return 0;
985 }
986
987 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
988 {
989         struct tcphdr *th = tcp_hdr(skb), *t1;
990         struct sk_buff *buff;
991         struct flowi fl;
992         struct net *net = dev_net(skb->dst->dev);
993         struct sock *ctl_sk = net->ipv6.tcp_sk;
994         unsigned int tot_len = sizeof(*th);
995 #ifdef CONFIG_TCP_MD5SIG
996         struct tcp_md5sig_key *key;
997 #endif
998
999         if (th->rst)
1000                 return;
1001
1002         if (!ipv6_unicast_destination(skb))
1003                 return;
1004
1005 #ifdef CONFIG_TCP_MD5SIG
1006         if (sk)
1007                 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr);
1008         else
1009                 key = NULL;
1010
1011         if (key)
1012                 tot_len += TCPOLEN_MD5SIG_ALIGNED;
1013 #endif
1014
1015         /*
1016          * We need to grab some memory, and put together an RST,
1017          * and then put it into the queue to be sent.
1018          */
1019
1020         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1021                          GFP_ATOMIC);
1022         if (buff == NULL)
1023                 return;
1024
1025         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1026
1027         t1 = (struct tcphdr *) skb_push(buff, tot_len);
1028
1029         /* Swap the send and the receive. */
1030         memset(t1, 0, sizeof(*t1));
1031         t1->dest = th->source;
1032         t1->source = th->dest;
1033         t1->doff = tot_len / 4;
1034         t1->rst = 1;
1035
1036         if(th->ack) {
1037                 t1->seq = th->ack_seq;
1038         } else {
1039                 t1->ack = 1;
1040                 t1->ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin
1041                                     + skb->len - (th->doff<<2));
1042         }
1043
1044 #ifdef CONFIG_TCP_MD5SIG
1045         if (key) {
1046                 __be32 *opt = (__be32*)(t1 + 1);
1047                 opt[0] = htonl((TCPOPT_NOP << 24) |
1048                                (TCPOPT_NOP << 16) |
1049                                (TCPOPT_MD5SIG << 8) |
1050                                TCPOLEN_MD5SIG);
1051                 tcp_v6_do_calc_md5_hash((__u8 *)&opt[1], key,
1052                                         &ipv6_hdr(skb)->daddr,
1053                                         &ipv6_hdr(skb)->saddr,
1054                                         t1, IPPROTO_TCP, tot_len);
1055         }
1056 #endif
1057
1058         buff->csum = csum_partial((char *)t1, sizeof(*t1), 0);
1059
1060         memset(&fl, 0, sizeof(fl));
1061         ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1062         ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr);
1063
1064         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1065                                     sizeof(*t1), IPPROTO_TCP,
1066                                     buff->csum);
1067
1068         fl.proto = IPPROTO_TCP;
1069         fl.oif = inet6_iif(skb);
1070         fl.fl_ip_dport = t1->dest;
1071         fl.fl_ip_sport = t1->source;
1072         security_skb_classify_flow(skb, &fl);
1073
1074         /* Pass a socket to ip6_dst_lookup either it is for RST
1075          * Underlying function will use this to retrieve the network
1076          * namespace
1077          */
1078         if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) {
1079
1080                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1081                         ip6_xmit(ctl_sk, buff, &fl, NULL, 0);
1082                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1083                         TCP_INC_STATS_BH(TCP_MIB_OUTRSTS);
1084                         return;
1085                 }
1086         }
1087
1088         kfree_skb(buff);
1089 }
1090
1091 static void tcp_v6_send_ack(struct tcp_timewait_sock *tw,
1092                             struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts)
1093 {
1094         struct tcphdr *th = tcp_hdr(skb), *t1;
1095         struct sk_buff *buff;
1096         struct flowi fl;
1097         struct net *net = dev_net(skb->dev);
1098         struct sock *ctl_sk = net->ipv6.tcp_sk;
1099         unsigned int tot_len = sizeof(struct tcphdr);
1100         __be32 *topt;
1101 #ifdef CONFIG_TCP_MD5SIG
1102         struct tcp_md5sig_key *key;
1103         struct tcp_md5sig_key tw_key;
1104 #endif
1105
1106 #ifdef CONFIG_TCP_MD5SIG
1107         if (!tw && skb->sk) {
1108                 key = tcp_v6_md5_do_lookup(skb->sk, &ipv6_hdr(skb)->daddr);
1109         } else if (tw && tw->tw_md5_keylen) {
1110                 tw_key.key = tw->tw_md5_key;
1111                 tw_key.keylen = tw->tw_md5_keylen;
1112                 key = &tw_key;
1113         } else {
1114                 key = NULL;
1115         }
1116 #endif
1117
1118         if (ts)
1119                 tot_len += TCPOLEN_TSTAMP_ALIGNED;
1120 #ifdef CONFIG_TCP_MD5SIG
1121         if (key)
1122                 tot_len += TCPOLEN_MD5SIG_ALIGNED;
1123 #endif
1124
1125         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1126                          GFP_ATOMIC);
1127         if (buff == NULL)
1128                 return;
1129
1130         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1131
1132         t1 = (struct tcphdr *) skb_push(buff,tot_len);
1133
1134         /* Swap the send and the receive. */
1135         memset(t1, 0, sizeof(*t1));
1136         t1->dest = th->source;
1137         t1->source = th->dest;
1138         t1->doff = tot_len/4;
1139         t1->seq = htonl(seq);
1140         t1->ack_seq = htonl(ack);
1141         t1->ack = 1;
1142         t1->window = htons(win);
1143
1144         topt = (__be32 *)(t1 + 1);
1145
1146         if (ts) {
1147                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1148                                 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
1149                 *topt++ = htonl(tcp_time_stamp);
1150                 *topt = htonl(ts);
1151         }
1152
1153 #ifdef CONFIG_TCP_MD5SIG
1154         if (key) {
1155                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1156                                 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1157                 tcp_v6_do_calc_md5_hash((__u8 *)topt, key,
1158                                         &ipv6_hdr(skb)->daddr,
1159                                         &ipv6_hdr(skb)->saddr,
1160                                         t1, IPPROTO_TCP, tot_len);
1161         }
1162 #endif
1163
1164         buff->csum = csum_partial((char *)t1, tot_len, 0);
1165
1166         memset(&fl, 0, sizeof(fl));
1167         ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1168         ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr);
1169
1170         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1171                                     tot_len, IPPROTO_TCP,
1172                                     buff->csum);
1173
1174         fl.proto = IPPROTO_TCP;
1175         fl.oif = inet6_iif(skb);
1176         fl.fl_ip_dport = t1->dest;
1177         fl.fl_ip_sport = t1->source;
1178         security_skb_classify_flow(skb, &fl);
1179
1180         if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) {
1181                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1182                         ip6_xmit(ctl_sk, buff, &fl, NULL, 0);
1183                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1184                         return;
1185                 }
1186         }
1187
1188         kfree_skb(buff);
1189 }
1190
1191 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1192 {
1193         struct inet_timewait_sock *tw = inet_twsk(sk);
1194         struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1195
1196         tcp_v6_send_ack(tcptw, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1197                         tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1198                         tcptw->tw_ts_recent);
1199
1200         inet_twsk_put(tw);
1201 }
1202
1203 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req)
1204 {
1205         tcp_v6_send_ack(NULL, skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent);
1206 }
1207
1208
1209 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1210 {
1211         struct request_sock *req, **prev;
1212         const struct tcphdr *th = tcp_hdr(skb);
1213         struct sock *nsk;
1214
1215         /* Find possible connection requests. */
1216         req = inet6_csk_search_req(sk, &prev, th->source,
1217                                    &ipv6_hdr(skb)->saddr,
1218                                    &ipv6_hdr(skb)->daddr, inet6_iif(skb));
1219         if (req)
1220                 return tcp_check_req(sk, skb, req, prev);
1221
1222         nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
1223                         &ipv6_hdr(skb)->saddr, th->source,
1224                         &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb));
1225
1226         if (nsk) {
1227                 if (nsk->sk_state != TCP_TIME_WAIT) {
1228                         bh_lock_sock(nsk);
1229                         return nsk;
1230                 }
1231                 inet_twsk_put(inet_twsk(nsk));
1232                 return NULL;
1233         }
1234
1235 #ifdef CONFIG_SYN_COOKIES
1236         if (!th->rst && !th->syn && th->ack)
1237                 sk = cookie_v6_check(sk, skb);
1238 #endif
1239         return sk;
1240 }
1241
1242 /* FIXME: this is substantially similar to the ipv4 code.
1243  * Can some kind of merge be done? -- erics
1244  */
1245 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1246 {
1247         struct inet6_request_sock *treq;
1248         struct ipv6_pinfo *np = inet6_sk(sk);
1249         struct tcp_options_received tmp_opt;
1250         struct tcp_sock *tp = tcp_sk(sk);
1251         struct request_sock *req = NULL;
1252         __u32 isn = TCP_SKB_CB(skb)->when;
1253 #ifdef CONFIG_SYN_COOKIES
1254         int want_cookie = 0;
1255 #else
1256 #define want_cookie 0
1257 #endif
1258
1259         if (skb->protocol == htons(ETH_P_IP))
1260                 return tcp_v4_conn_request(sk, skb);
1261
1262         if (!ipv6_unicast_destination(skb))
1263                 goto drop;
1264
1265         if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1266                 if (net_ratelimit())
1267                         syn_flood_warning(skb);
1268 #ifdef CONFIG_SYN_COOKIES
1269                 if (sysctl_tcp_syncookies)
1270                         want_cookie = 1;
1271                 else
1272 #endif
1273                 goto drop;
1274         }
1275
1276         if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1277                 goto drop;
1278
1279         req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
1280         if (req == NULL)
1281                 goto drop;
1282
1283 #ifdef CONFIG_TCP_MD5SIG
1284         tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
1285 #endif
1286
1287         tcp_clear_options(&tmp_opt);
1288         tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1289         tmp_opt.user_mss = tp->rx_opt.user_mss;
1290
1291         tcp_parse_options(skb, &tmp_opt, 0);
1292
1293         if (want_cookie && !tmp_opt.saw_tstamp)
1294                 tcp_clear_options(&tmp_opt);
1295
1296         tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1297         tcp_openreq_init(req, &tmp_opt, skb);
1298
1299         treq = inet6_rsk(req);
1300         ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr);
1301         ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr);
1302         if (!want_cookie)
1303                 TCP_ECN_create_request(req, tcp_hdr(skb));
1304
1305         if (want_cookie) {
1306                 isn = cookie_v6_init_sequence(sk, skb, &req->mss);
1307                 req->cookie_ts = tmp_opt.tstamp_ok;
1308         } else if (!isn) {
1309                 if (ipv6_opt_accepted(sk, skb) ||
1310                     np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1311                     np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1312                         atomic_inc(&skb->users);
1313                         treq->pktopts = skb;
1314                 }
1315                 treq->iif = sk->sk_bound_dev_if;
1316
1317                 /* So that link locals have meaning */
1318                 if (!sk->sk_bound_dev_if &&
1319                     ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1320                         treq->iif = inet6_iif(skb);
1321
1322                 isn = tcp_v6_init_sequence(skb);
1323         }
1324
1325         tcp_rsk(req)->snt_isn = isn;
1326
1327         security_inet_conn_request(sk, skb, req);
1328
1329         if (tcp_v6_send_synack(sk, req))
1330                 goto drop;
1331
1332         if (!want_cookie) {
1333                 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1334                 return 0;
1335         }
1336
1337 drop:
1338         if (req)
1339                 reqsk_free(req);
1340
1341         return 0; /* don't send reset */
1342 }
1343
1344 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1345                                           struct request_sock *req,
1346                                           struct dst_entry *dst)
1347 {
1348         struct inet6_request_sock *treq = inet6_rsk(req);
1349         struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1350         struct tcp6_sock *newtcp6sk;
1351         struct inet_sock *newinet;
1352         struct tcp_sock *newtp;
1353         struct sock *newsk;
1354         struct ipv6_txoptions *opt;
1355 #ifdef CONFIG_TCP_MD5SIG
1356         struct tcp_md5sig_key *key;
1357 #endif
1358
1359         if (skb->protocol == htons(ETH_P_IP)) {
1360                 /*
1361                  *      v6 mapped
1362                  */
1363
1364                 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1365
1366                 if (newsk == NULL)
1367                         return NULL;
1368
1369                 newtcp6sk = (struct tcp6_sock *)newsk;
1370                 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1371
1372                 newinet = inet_sk(newsk);
1373                 newnp = inet6_sk(newsk);
1374                 newtp = tcp_sk(newsk);
1375
1376                 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1377
1378                 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF),
1379                               newinet->daddr);
1380
1381                 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF),
1382                               newinet->saddr);
1383
1384                 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1385
1386                 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1387                 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1388 #ifdef CONFIG_TCP_MD5SIG
1389                 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1390 #endif
1391
1392                 newnp->pktoptions  = NULL;
1393                 newnp->opt         = NULL;
1394                 newnp->mcast_oif   = inet6_iif(skb);
1395                 newnp->mcast_hops  = ipv6_hdr(skb)->hop_limit;
1396
1397                 /*
1398                  * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1399                  * here, tcp_create_openreq_child now does this for us, see the comment in
1400                  * that function for the gory details. -acme
1401                  */
1402
1403                 /* It is tricky place. Until this moment IPv4 tcp
1404                    worked with IPv6 icsk.icsk_af_ops.
1405                    Sync it now.
1406                  */
1407                 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1408
1409                 return newsk;
1410         }
1411
1412         opt = np->opt;
1413
1414         if (sk_acceptq_is_full(sk))
1415                 goto out_overflow;
1416
1417         if (dst == NULL) {
1418                 struct in6_addr *final_p = NULL, final;
1419                 struct flowi fl;
1420
1421                 memset(&fl, 0, sizeof(fl));
1422                 fl.proto = IPPROTO_TCP;
1423                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
1424                 if (opt && opt->srcrt) {
1425                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
1426                         ipv6_addr_copy(&final, &fl.fl6_dst);
1427                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1428                         final_p = &final;
1429                 }
1430                 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
1431                 fl.oif = sk->sk_bound_dev_if;
1432                 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
1433                 fl.fl_ip_sport = inet_sk(sk)->sport;
1434                 security_req_classify_flow(req, &fl);
1435
1436                 if (ip6_dst_lookup(sk, &dst, &fl))
1437                         goto out;
1438
1439                 if (final_p)
1440                         ipv6_addr_copy(&fl.fl6_dst, final_p);
1441
1442                 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
1443                         goto out;
1444         }
1445
1446         newsk = tcp_create_openreq_child(sk, req, skb);
1447         if (newsk == NULL)
1448                 goto out;
1449
1450         /*
1451          * No need to charge this sock to the relevant IPv6 refcnt debug socks
1452          * count here, tcp_create_openreq_child now does this for us, see the
1453          * comment in that function for the gory details. -acme
1454          */
1455
1456         newsk->sk_gso_type = SKB_GSO_TCPV6;
1457         __ip6_dst_store(newsk, dst, NULL, NULL);
1458
1459         newtcp6sk = (struct tcp6_sock *)newsk;
1460         inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1461
1462         newtp = tcp_sk(newsk);
1463         newinet = inet_sk(newsk);
1464         newnp = inet6_sk(newsk);
1465
1466         memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1467
1468         ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1469         ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1470         ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1471         newsk->sk_bound_dev_if = treq->iif;
1472
1473         /* Now IPv6 options...
1474
1475            First: no IPv4 options.
1476          */
1477         newinet->opt = NULL;
1478         newnp->ipv6_fl_list = NULL;
1479
1480         /* Clone RX bits */
1481         newnp->rxopt.all = np->rxopt.all;
1482
1483         /* Clone pktoptions received with SYN */
1484         newnp->pktoptions = NULL;
1485         if (treq->pktopts != NULL) {
1486                 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1487                 kfree_skb(treq->pktopts);
1488                 treq->pktopts = NULL;
1489                 if (newnp->pktoptions)
1490                         skb_set_owner_r(newnp->pktoptions, newsk);
1491         }
1492         newnp->opt        = NULL;
1493         newnp->mcast_oif  = inet6_iif(skb);
1494         newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1495
1496         /* Clone native IPv6 options from listening socket (if any)
1497
1498            Yes, keeping reference count would be much more clever,
1499            but we make one more one thing there: reattach optmem
1500            to newsk.
1501          */
1502         if (opt) {
1503                 newnp->opt = ipv6_dup_options(newsk, opt);
1504                 if (opt != np->opt)
1505                         sock_kfree_s(sk, opt, opt->tot_len);
1506         }
1507
1508         inet_csk(newsk)->icsk_ext_hdr_len = 0;
1509         if (newnp->opt)
1510                 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1511                                                      newnp->opt->opt_flen);
1512
1513         tcp_mtup_init(newsk);
1514         tcp_sync_mss(newsk, dst_mtu(dst));
1515         newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1516         tcp_initialize_rcv_mss(newsk);
1517
1518         newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
1519
1520 #ifdef CONFIG_TCP_MD5SIG
1521         /* Copy over the MD5 key from the original socket */
1522         if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
1523                 /* We're using one, so create a matching key
1524                  * on the newsk structure. If we fail to get
1525                  * memory, then we end up not copying the key
1526                  * across. Shucks.
1527                  */
1528                 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1529                 if (newkey != NULL)
1530                         tcp_v6_md5_do_add(newsk, &inet6_sk(sk)->daddr,
1531                                           newkey, key->keylen);
1532         }
1533 #endif
1534
1535         __inet6_hash(newsk);
1536         __inet_inherit_port(sk, newsk);
1537
1538         return newsk;
1539
1540 out_overflow:
1541         NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
1542 out:
1543         NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
1544         if (opt && opt != np->opt)
1545                 sock_kfree_s(sk, opt, opt->tot_len);
1546         dst_release(dst);
1547         return NULL;
1548 }
1549
1550 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1551 {
1552         if (skb->ip_summed == CHECKSUM_COMPLETE) {
1553                 if (!tcp_v6_check(tcp_hdr(skb), skb->len, &ipv6_hdr(skb)->saddr,
1554                                   &ipv6_hdr(skb)->daddr, skb->csum)) {
1555                         skb->ip_summed = CHECKSUM_UNNECESSARY;
1556                         return 0;
1557                 }
1558         }
1559
1560         skb->csum = ~csum_unfold(tcp_v6_check(tcp_hdr(skb), skb->len,
1561                                               &ipv6_hdr(skb)->saddr,
1562                                               &ipv6_hdr(skb)->daddr, 0));
1563
1564         if (skb->len <= 76) {
1565                 return __skb_checksum_complete(skb);
1566         }
1567         return 0;
1568 }
1569
1570 /* The socket must have it's spinlock held when we get
1571  * here.
1572  *
1573  * We have a potential double-lock case here, so even when
1574  * doing backlog processing we use the BH locking scheme.
1575  * This is because we cannot sleep with the original spinlock
1576  * held.
1577  */
1578 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1579 {
1580         struct ipv6_pinfo *np = inet6_sk(sk);
1581         struct tcp_sock *tp;
1582         struct sk_buff *opt_skb = NULL;
1583
1584         /* Imagine: socket is IPv6. IPv4 packet arrives,
1585            goes to IPv4 receive handler and backlogged.
1586            From backlog it always goes here. Kerboom...
1587            Fortunately, tcp_rcv_established and rcv_established
1588            handle them correctly, but it is not case with
1589            tcp_v6_hnd_req and tcp_v6_send_reset().   --ANK
1590          */
1591
1592         if (skb->protocol == htons(ETH_P_IP))
1593                 return tcp_v4_do_rcv(sk, skb);
1594
1595 #ifdef CONFIG_TCP_MD5SIG
1596         if (tcp_v6_inbound_md5_hash (sk, skb))
1597                 goto discard;
1598 #endif
1599
1600         if (sk_filter(sk, skb))
1601                 goto discard;
1602
1603         /*
1604          *      socket locking is here for SMP purposes as backlog rcv
1605          *      is currently called with bh processing disabled.
1606          */
1607
1608         /* Do Stevens' IPV6_PKTOPTIONS.
1609
1610            Yes, guys, it is the only place in our code, where we
1611            may make it not affecting IPv4.
1612            The rest of code is protocol independent,
1613            and I do not like idea to uglify IPv4.
1614
1615            Actually, all the idea behind IPV6_PKTOPTIONS
1616            looks not very well thought. For now we latch
1617            options, received in the last packet, enqueued
1618            by tcp. Feel free to propose better solution.
1619                                                --ANK (980728)
1620          */
1621         if (np->rxopt.all)
1622                 opt_skb = skb_clone(skb, GFP_ATOMIC);
1623
1624         if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1625                 TCP_CHECK_TIMER(sk);
1626                 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len))
1627                         goto reset;
1628                 TCP_CHECK_TIMER(sk);
1629                 if (opt_skb)
1630                         goto ipv6_pktoptions;
1631                 return 0;
1632         }
1633
1634         if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1635                 goto csum_err;
1636
1637         if (sk->sk_state == TCP_LISTEN) {
1638                 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1639                 if (!nsk)
1640                         goto discard;
1641
1642                 /*
1643                  * Queue it on the new socket if the new socket is active,
1644                  * otherwise we just shortcircuit this and continue with
1645                  * the new socket..
1646                  */
1647                 if(nsk != sk) {
1648                         if (tcp_child_process(sk, nsk, skb))
1649                                 goto reset;
1650                         if (opt_skb)
1651                                 __kfree_skb(opt_skb);
1652                         return 0;
1653                 }
1654         }
1655
1656         TCP_CHECK_TIMER(sk);
1657         if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1658                 goto reset;
1659         TCP_CHECK_TIMER(sk);
1660         if (opt_skb)
1661                 goto ipv6_pktoptions;
1662         return 0;
1663
1664 reset:
1665         tcp_v6_send_reset(sk, skb);
1666 discard:
1667         if (opt_skb)
1668                 __kfree_skb(opt_skb);
1669         kfree_skb(skb);
1670         return 0;
1671 csum_err:
1672         TCP_INC_STATS_BH(TCP_MIB_INERRS);
1673         goto discard;
1674
1675
1676 ipv6_pktoptions:
1677         /* Do you ask, what is it?
1678
1679            1. skb was enqueued by tcp.
1680            2. skb is added to tail of read queue, rather than out of order.
1681            3. socket is not in passive state.
1682            4. Finally, it really contains options, which user wants to receive.
1683          */
1684         tp = tcp_sk(sk);
1685         if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1686             !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1687                 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1688                         np->mcast_oif = inet6_iif(opt_skb);
1689                 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1690                         np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1691                 if (ipv6_opt_accepted(sk, opt_skb)) {
1692                         skb_set_owner_r(opt_skb, sk);
1693                         opt_skb = xchg(&np->pktoptions, opt_skb);
1694                 } else {
1695                         __kfree_skb(opt_skb);
1696                         opt_skb = xchg(&np->pktoptions, NULL);
1697                 }
1698         }
1699
1700         if (opt_skb)
1701                 kfree_skb(opt_skb);
1702         return 0;
1703 }
1704
1705 static int tcp_v6_rcv(struct sk_buff *skb)
1706 {
1707         struct tcphdr *th;
1708         struct sock *sk;
1709         int ret;
1710
1711         if (skb->pkt_type != PACKET_HOST)
1712                 goto discard_it;
1713
1714         /*
1715          *      Count it even if it's bad.
1716          */
1717         TCP_INC_STATS_BH(TCP_MIB_INSEGS);
1718
1719         if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1720                 goto discard_it;
1721
1722         th = tcp_hdr(skb);
1723
1724         if (th->doff < sizeof(struct tcphdr)/4)
1725                 goto bad_packet;
1726         if (!pskb_may_pull(skb, th->doff*4))
1727                 goto discard_it;
1728
1729         if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb))
1730                 goto bad_packet;
1731
1732         th = tcp_hdr(skb);
1733         TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1734         TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1735                                     skb->len - th->doff*4);
1736         TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1737         TCP_SKB_CB(skb)->when = 0;
1738         TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb));
1739         TCP_SKB_CB(skb)->sacked = 0;
1740
1741         sk = __inet6_lookup(dev_net(skb->dev), &tcp_hashinfo,
1742                         &ipv6_hdr(skb)->saddr, th->source,
1743                         &ipv6_hdr(skb)->daddr, ntohs(th->dest),
1744                         inet6_iif(skb));
1745
1746         if (!sk)
1747                 goto no_tcp_socket;
1748
1749 process:
1750         if (sk->sk_state == TCP_TIME_WAIT)
1751                 goto do_time_wait;
1752
1753         if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1754                 goto discard_and_relse;
1755
1756         if (sk_filter(sk, skb))
1757                 goto discard_and_relse;
1758
1759         skb->dev = NULL;
1760
1761         bh_lock_sock_nested(sk);
1762         ret = 0;
1763         if (!sock_owned_by_user(sk)) {
1764 #ifdef CONFIG_NET_DMA
1765                 struct tcp_sock *tp = tcp_sk(sk);
1766                 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1767                         tp->ucopy.dma_chan = get_softnet_dma();
1768                 if (tp->ucopy.dma_chan)
1769                         ret = tcp_v6_do_rcv(sk, skb);
1770                 else
1771 #endif
1772                 {
1773                         if (!tcp_prequeue(sk, skb))
1774                                 ret = tcp_v6_do_rcv(sk, skb);
1775                 }
1776         } else
1777                 sk_add_backlog(sk, skb);
1778         bh_unlock_sock(sk);
1779
1780         sock_put(sk);
1781         return ret ? -1 : 0;
1782
1783 no_tcp_socket:
1784         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1785                 goto discard_it;
1786
1787         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1788 bad_packet:
1789                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1790         } else {
1791                 tcp_v6_send_reset(NULL, skb);
1792         }
1793
1794 discard_it:
1795
1796         /*
1797          *      Discard frame
1798          */
1799
1800         kfree_skb(skb);
1801         return 0;
1802
1803 discard_and_relse:
1804         sock_put(sk);
1805         goto discard_it;
1806
1807 do_time_wait:
1808         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1809                 inet_twsk_put(inet_twsk(sk));
1810                 goto discard_it;
1811         }
1812
1813         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1814                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1815                 inet_twsk_put(inet_twsk(sk));
1816                 goto discard_it;
1817         }
1818
1819         switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1820         case TCP_TW_SYN:
1821         {
1822                 struct sock *sk2;
1823
1824                 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1825                                             &ipv6_hdr(skb)->daddr,
1826                                             ntohs(th->dest), inet6_iif(skb));
1827                 if (sk2 != NULL) {
1828                         struct inet_timewait_sock *tw = inet_twsk(sk);
1829                         inet_twsk_deschedule(tw, &tcp_death_row);
1830                         inet_twsk_put(tw);
1831                         sk = sk2;
1832                         goto process;
1833                 }
1834                 /* Fall through to ACK */
1835         }
1836         case TCP_TW_ACK:
1837                 tcp_v6_timewait_ack(sk, skb);
1838                 break;
1839         case TCP_TW_RST:
1840                 goto no_tcp_socket;
1841         case TCP_TW_SUCCESS:;
1842         }
1843         goto discard_it;
1844 }
1845
1846 static int tcp_v6_remember_stamp(struct sock *sk)
1847 {
1848         /* Alas, not yet... */
1849         return 0;
1850 }
1851
1852 static struct inet_connection_sock_af_ops ipv6_specific = {
1853         .queue_xmit        = inet6_csk_xmit,
1854         .send_check        = tcp_v6_send_check,
1855         .rebuild_header    = inet6_sk_rebuild_header,
1856         .conn_request      = tcp_v6_conn_request,
1857         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1858         .remember_stamp    = tcp_v6_remember_stamp,
1859         .net_header_len    = sizeof(struct ipv6hdr),
1860         .setsockopt        = ipv6_setsockopt,
1861         .getsockopt        = ipv6_getsockopt,
1862         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1863         .sockaddr_len      = sizeof(struct sockaddr_in6),
1864         .bind_conflict     = inet6_csk_bind_conflict,
1865 #ifdef CONFIG_COMPAT
1866         .compat_setsockopt = compat_ipv6_setsockopt,
1867         .compat_getsockopt = compat_ipv6_getsockopt,
1868 #endif
1869 };
1870
1871 #ifdef CONFIG_TCP_MD5SIG
1872 static struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1873         .md5_lookup     =       tcp_v6_md5_lookup,
1874         .calc_md5_hash  =       tcp_v6_calc_md5_hash,
1875         .md5_add        =       tcp_v6_md5_add_func,
1876         .md5_parse      =       tcp_v6_parse_md5_keys,
1877 };
1878 #endif
1879
1880 /*
1881  *      TCP over IPv4 via INET6 API
1882  */
1883
1884 static struct inet_connection_sock_af_ops ipv6_mapped = {
1885         .queue_xmit        = ip_queue_xmit,
1886         .send_check        = tcp_v4_send_check,
1887         .rebuild_header    = inet_sk_rebuild_header,
1888         .conn_request      = tcp_v6_conn_request,
1889         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1890         .remember_stamp    = tcp_v4_remember_stamp,
1891         .net_header_len    = sizeof(struct iphdr),
1892         .setsockopt        = ipv6_setsockopt,
1893         .getsockopt        = ipv6_getsockopt,
1894         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1895         .sockaddr_len      = sizeof(struct sockaddr_in6),
1896         .bind_conflict     = inet6_csk_bind_conflict,
1897 #ifdef CONFIG_COMPAT
1898         .compat_setsockopt = compat_ipv6_setsockopt,
1899         .compat_getsockopt = compat_ipv6_getsockopt,
1900 #endif
1901 };
1902
1903 #ifdef CONFIG_TCP_MD5SIG
1904 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1905         .md5_lookup     =       tcp_v4_md5_lookup,
1906         .calc_md5_hash  =       tcp_v4_calc_md5_hash,
1907         .md5_add        =       tcp_v6_md5_add_func,
1908         .md5_parse      =       tcp_v6_parse_md5_keys,
1909 };
1910 #endif
1911
1912 /* NOTE: A lot of things set to zero explicitly by call to
1913  *       sk_alloc() so need not be done here.
1914  */
1915 static int tcp_v6_init_sock(struct sock *sk)
1916 {
1917         struct inet_connection_sock *icsk = inet_csk(sk);
1918         struct tcp_sock *tp = tcp_sk(sk);
1919
1920         skb_queue_head_init(&tp->out_of_order_queue);
1921         tcp_init_xmit_timers(sk);
1922         tcp_prequeue_init(tp);
1923
1924         icsk->icsk_rto = TCP_TIMEOUT_INIT;
1925         tp->mdev = TCP_TIMEOUT_INIT;
1926
1927         /* So many TCP implementations out there (incorrectly) count the
1928          * initial SYN frame in their delayed-ACK and congestion control
1929          * algorithms that we must have the following bandaid to talk
1930          * efficiently to them.  -DaveM
1931          */
1932         tp->snd_cwnd = 2;
1933
1934         /* See draft-stevens-tcpca-spec-01 for discussion of the
1935          * initialization of these values.
1936          */
1937         tp->snd_ssthresh = 0x7fffffff;
1938         tp->snd_cwnd_clamp = ~0;
1939         tp->mss_cache = 536;
1940
1941         tp->reordering = sysctl_tcp_reordering;
1942
1943         sk->sk_state = TCP_CLOSE;
1944
1945         icsk->icsk_af_ops = &ipv6_specific;
1946         icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1947         icsk->icsk_sync_mss = tcp_sync_mss;
1948         sk->sk_write_space = sk_stream_write_space;
1949         sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1950
1951 #ifdef CONFIG_TCP_MD5SIG
1952         tp->af_specific = &tcp_sock_ipv6_specific;
1953 #endif
1954
1955         sk->sk_sndbuf = sysctl_tcp_wmem[1];
1956         sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1957
1958         atomic_inc(&tcp_sockets_allocated);
1959
1960         return 0;
1961 }
1962
1963 static int tcp_v6_destroy_sock(struct sock *sk)
1964 {
1965 #ifdef CONFIG_TCP_MD5SIG
1966         /* Clean up the MD5 key list */
1967         if (tcp_sk(sk)->md5sig_info)
1968                 tcp_v6_clear_md5_list(sk);
1969 #endif
1970         tcp_v4_destroy_sock(sk);
1971         return inet6_destroy_sock(sk);
1972 }
1973
1974 #ifdef CONFIG_PROC_FS
1975 /* Proc filesystem TCPv6 sock list dumping. */
1976 static void get_openreq6(struct seq_file *seq,
1977                          struct sock *sk, struct request_sock *req, int i, int uid)
1978 {
1979         int ttd = req->expires - jiffies;
1980         struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1981         struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1982
1983         if (ttd < 0)
1984                 ttd = 0;
1985
1986         seq_printf(seq,
1987                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1988                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1989                    i,
1990                    src->s6_addr32[0], src->s6_addr32[1],
1991                    src->s6_addr32[2], src->s6_addr32[3],
1992                    ntohs(inet_sk(sk)->sport),
1993                    dest->s6_addr32[0], dest->s6_addr32[1],
1994                    dest->s6_addr32[2], dest->s6_addr32[3],
1995                    ntohs(inet_rsk(req)->rmt_port),
1996                    TCP_SYN_RECV,
1997                    0,0, /* could print option size, but that is af dependent. */
1998                    1,   /* timers active (only the expire timer) */
1999                    jiffies_to_clock_t(ttd),
2000                    req->retrans,
2001                    uid,
2002                    0,  /* non standard timer */
2003                    0, /* open_requests have no inode */
2004                    0, req);
2005 }
2006
2007 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
2008 {
2009         struct in6_addr *dest, *src;
2010         __u16 destp, srcp;
2011         int timer_active;
2012         unsigned long timer_expires;
2013         struct inet_sock *inet = inet_sk(sp);
2014         struct tcp_sock *tp = tcp_sk(sp);
2015         const struct inet_connection_sock *icsk = inet_csk(sp);
2016         struct ipv6_pinfo *np = inet6_sk(sp);
2017
2018         dest  = &np->daddr;
2019         src   = &np->rcv_saddr;
2020         destp = ntohs(inet->dport);
2021         srcp  = ntohs(inet->sport);
2022
2023         if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
2024                 timer_active    = 1;
2025                 timer_expires   = icsk->icsk_timeout;
2026         } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2027                 timer_active    = 4;
2028                 timer_expires   = icsk->icsk_timeout;
2029         } else if (timer_pending(&sp->sk_timer)) {
2030                 timer_active    = 2;
2031                 timer_expires   = sp->sk_timer.expires;
2032         } else {
2033                 timer_active    = 0;
2034                 timer_expires = jiffies;
2035         }
2036
2037         seq_printf(seq,
2038                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2039                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %u %u %u %u %d\n",
2040                    i,
2041                    src->s6_addr32[0], src->s6_addr32[1],
2042                    src->s6_addr32[2], src->s6_addr32[3], srcp,
2043                    dest->s6_addr32[0], dest->s6_addr32[1],
2044                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
2045                    sp->sk_state,
2046                    tp->write_seq-tp->snd_una,
2047                    (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
2048                    timer_active,
2049                    jiffies_to_clock_t(timer_expires - jiffies),
2050                    icsk->icsk_retransmits,
2051                    sock_i_uid(sp),
2052                    icsk->icsk_probes_out,
2053                    sock_i_ino(sp),
2054                    atomic_read(&sp->sk_refcnt), sp,
2055                    icsk->icsk_rto,
2056                    icsk->icsk_ack.ato,
2057                    (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
2058                    tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
2059                    );
2060 }
2061
2062 static void get_timewait6_sock(struct seq_file *seq,
2063                                struct inet_timewait_sock *tw, int i)
2064 {
2065         struct in6_addr *dest, *src;
2066         __u16 destp, srcp;
2067         struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
2068         int ttd = tw->tw_ttd - jiffies;
2069
2070         if (ttd < 0)
2071                 ttd = 0;
2072
2073         dest = &tw6->tw_v6_daddr;
2074         src  = &tw6->tw_v6_rcv_saddr;
2075         destp = ntohs(tw->tw_dport);
2076         srcp  = ntohs(tw->tw_sport);
2077
2078         seq_printf(seq,
2079                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2080                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
2081                    i,
2082                    src->s6_addr32[0], src->s6_addr32[1],
2083                    src->s6_addr32[2], src->s6_addr32[3], srcp,
2084                    dest->s6_addr32[0], dest->s6_addr32[1],
2085                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
2086                    tw->tw_substate, 0, 0,
2087                    3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2088                    atomic_read(&tw->tw_refcnt), tw);
2089 }
2090
2091 static int tcp6_seq_show(struct seq_file *seq, void *v)
2092 {
2093         struct tcp_iter_state *st;
2094
2095         if (v == SEQ_START_TOKEN) {
2096                 seq_puts(seq,
2097                          "  sl  "
2098                          "local_address                         "
2099                          "remote_address                        "
2100                          "st tx_queue rx_queue tr tm->when retrnsmt"
2101                          "   uid  timeout inode\n");
2102                 goto out;
2103         }
2104         st = seq->private;
2105
2106         switch (st->state) {
2107         case TCP_SEQ_STATE_LISTENING:
2108         case TCP_SEQ_STATE_ESTABLISHED:
2109                 get_tcp6_sock(seq, v, st->num);
2110                 break;
2111         case TCP_SEQ_STATE_OPENREQ:
2112                 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
2113                 break;
2114         case TCP_SEQ_STATE_TIME_WAIT:
2115                 get_timewait6_sock(seq, v, st->num);
2116                 break;
2117         }
2118 out:
2119         return 0;
2120 }
2121
2122 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2123         .name           = "tcp6",
2124         .family         = AF_INET6,
2125         .seq_fops       = {
2126                 .owner          = THIS_MODULE,
2127         },
2128         .seq_ops        = {
2129                 .show           = tcp6_seq_show,
2130         },
2131 };
2132
2133 int tcp6_proc_init(struct net *net)
2134 {
2135         return tcp_proc_register(net, &tcp6_seq_afinfo);
2136 }
2137
2138 void tcp6_proc_exit(struct net *net)
2139 {
2140         tcp_proc_unregister(net, &tcp6_seq_afinfo);
2141 }
2142 #endif
2143
2144 struct proto tcpv6_prot = {
2145         .name                   = "TCPv6",
2146         .owner                  = THIS_MODULE,
2147         .close                  = tcp_close,
2148         .connect                = tcp_v6_connect,
2149         .disconnect             = tcp_disconnect,
2150         .accept                 = inet_csk_accept,
2151         .ioctl                  = tcp_ioctl,
2152         .init                   = tcp_v6_init_sock,
2153         .destroy                = tcp_v6_destroy_sock,
2154         .shutdown               = tcp_shutdown,
2155         .setsockopt             = tcp_setsockopt,
2156         .getsockopt             = tcp_getsockopt,
2157         .recvmsg                = tcp_recvmsg,
2158         .backlog_rcv            = tcp_v6_do_rcv,
2159         .hash                   = tcp_v6_hash,
2160         .unhash                 = inet_unhash,
2161         .get_port               = inet_csk_get_port,
2162         .enter_memory_pressure  = tcp_enter_memory_pressure,
2163         .sockets_allocated      = &tcp_sockets_allocated,
2164         .memory_allocated       = &tcp_memory_allocated,
2165         .memory_pressure        = &tcp_memory_pressure,
2166         .orphan_count           = &tcp_orphan_count,
2167         .sysctl_mem             = sysctl_tcp_mem,
2168         .sysctl_wmem            = sysctl_tcp_wmem,
2169         .sysctl_rmem            = sysctl_tcp_rmem,
2170         .max_header             = MAX_TCP_HEADER,
2171         .obj_size               = sizeof(struct tcp6_sock),
2172         .twsk_prot              = &tcp6_timewait_sock_ops,
2173         .rsk_prot               = &tcp6_request_sock_ops,
2174         .h.hashinfo             = &tcp_hashinfo,
2175 #ifdef CONFIG_COMPAT
2176         .compat_setsockopt      = compat_tcp_setsockopt,
2177         .compat_getsockopt      = compat_tcp_getsockopt,
2178 #endif
2179 };
2180
2181 static struct inet6_protocol tcpv6_protocol = {
2182         .handler        =       tcp_v6_rcv,
2183         .err_handler    =       tcp_v6_err,
2184         .gso_send_check =       tcp_v6_gso_send_check,
2185         .gso_segment    =       tcp_tso_segment,
2186         .flags          =       INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2187 };
2188
2189 static struct inet_protosw tcpv6_protosw = {
2190         .type           =       SOCK_STREAM,
2191         .protocol       =       IPPROTO_TCP,
2192         .prot           =       &tcpv6_prot,
2193         .ops            =       &inet6_stream_ops,
2194         .capability     =       -1,
2195         .no_check       =       0,
2196         .flags          =       INET_PROTOSW_PERMANENT |
2197                                 INET_PROTOSW_ICSK,
2198 };
2199
2200 static int tcpv6_net_init(struct net *net)
2201 {
2202         return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2203                                     SOCK_RAW, IPPROTO_TCP, net);
2204 }
2205
2206 static void tcpv6_net_exit(struct net *net)
2207 {
2208         inet_ctl_sock_destroy(net->ipv6.tcp_sk);
2209 }
2210
2211 static struct pernet_operations tcpv6_net_ops = {
2212         .init = tcpv6_net_init,
2213         .exit = tcpv6_net_exit,
2214 };
2215
2216 int __init tcpv6_init(void)
2217 {
2218         int ret;
2219
2220         ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2221         if (ret)
2222                 goto out;
2223
2224         /* register inet6 protocol */
2225         ret = inet6_register_protosw(&tcpv6_protosw);
2226         if (ret)
2227                 goto out_tcpv6_protocol;
2228
2229         ret = register_pernet_subsys(&tcpv6_net_ops);
2230         if (ret)
2231                 goto out_tcpv6_protosw;
2232 out:
2233         return ret;
2234
2235 out_tcpv6_protocol:
2236         inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2237 out_tcpv6_protosw:
2238         inet6_unregister_protosw(&tcpv6_protosw);
2239         goto out;
2240 }
2241
2242 void tcpv6_exit(void)
2243 {
2244         unregister_pernet_subsys(&tcpv6_net_ops);
2245         inet6_unregister_protosw(&tcpv6_protosw);
2246         inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2247 }