Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee13...
[linux-2.6] / net / ipv6 / tcp_ipv6.c
1 /*
2  *      TCP over IPv6
3  *      Linux INET6 implementation 
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>     
7  *
8  *      $Id: tcp_ipv6.c,v 1.144 2002/02/01 22:01:04 davem Exp $
9  *
10  *      Based on: 
11  *      linux/net/ipv4/tcp.c
12  *      linux/net/ipv4/tcp_input.c
13  *      linux/net/ipv4/tcp_output.c
14  *
15  *      Fixes:
16  *      Hideaki YOSHIFUJI       :       sin6_scope_id support
17  *      YOSHIFUJI Hideaki @USAGI and:   Support IPV6_V6ONLY socket option, which
18  *      Alexey Kuznetsov                allow both IPv4 and IPv6 sockets to bind
19  *                                      a single port at the same time.
20  *      YOSHIFUJI Hideaki @USAGI:       convert /proc/net/tcp6 to seq_file.
21  *
22  *      This program is free software; you can redistribute it and/or
23  *      modify it under the terms of the GNU General Public License
24  *      as published by the Free Software Foundation; either version
25  *      2 of the License, or (at your option) any later version.
26  */
27
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/net.h>
34 #include <linux/jiffies.h>
35 #include <linux/in.h>
36 #include <linux/in6.h>
37 #include <linux/netdevice.h>
38 #include <linux/init.h>
39 #include <linux/jhash.h>
40 #include <linux/ipsec.h>
41 #include <linux/times.h>
42
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
46
47 #include <net/tcp.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
51 #include <net/ipv6.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
58 #include <net/xfrm.h>
59 #include <net/addrconf.h>
60 #include <net/snmp.h>
61 #include <net/dsfield.h>
62 #include <net/timewait_sock.h>
63
64 #include <asm/uaccess.h>
65
66 #include <linux/proc_fs.h>
67 #include <linux/seq_file.h>
68
69 /* Socket used for sending RSTs and ACKs */
70 static struct socket *tcp6_socket;
71
72 static void     tcp_v6_send_reset(struct sk_buff *skb);
73 static void     tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req);
74 static void     tcp_v6_send_check(struct sock *sk, int len, 
75                                   struct sk_buff *skb);
76
77 static int      tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
78
79 static struct inet_connection_sock_af_ops ipv6_mapped;
80 static struct inet_connection_sock_af_ops ipv6_specific;
81
82 static int tcp_v6_get_port(struct sock *sk, unsigned short snum)
83 {
84         return inet_csk_get_port(&tcp_hashinfo, sk, snum,
85                                  inet6_csk_bind_conflict);
86 }
87
88 static void tcp_v6_hash(struct sock *sk)
89 {
90         if (sk->sk_state != TCP_CLOSE) {
91                 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
92                         tcp_prot.hash(sk);
93                         return;
94                 }
95                 local_bh_disable();
96                 __inet6_hash(&tcp_hashinfo, sk);
97                 local_bh_enable();
98         }
99 }
100
101 static __inline__ u16 tcp_v6_check(struct tcphdr *th, int len,
102                                    struct in6_addr *saddr, 
103                                    struct in6_addr *daddr, 
104                                    unsigned long base)
105 {
106         return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
107 }
108
109 static __u32 tcp_v6_init_sequence(struct sock *sk, struct sk_buff *skb)
110 {
111         if (skb->protocol == htons(ETH_P_IPV6)) {
112                 return secure_tcpv6_sequence_number(skb->nh.ipv6h->daddr.s6_addr32,
113                                                     skb->nh.ipv6h->saddr.s6_addr32,
114                                                     skb->h.th->dest,
115                                                     skb->h.th->source);
116         } else {
117                 return secure_tcp_sequence_number(skb->nh.iph->daddr,
118                                                   skb->nh.iph->saddr,
119                                                   skb->h.th->dest,
120                                                   skb->h.th->source);
121         }
122 }
123
124 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 
125                           int addr_len)
126 {
127         struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
128         struct inet_sock *inet = inet_sk(sk);
129         struct inet_connection_sock *icsk = inet_csk(sk);
130         struct ipv6_pinfo *np = inet6_sk(sk);
131         struct tcp_sock *tp = tcp_sk(sk);
132         struct in6_addr *saddr = NULL, *final_p = NULL, final;
133         struct flowi fl;
134         struct dst_entry *dst;
135         int addr_type;
136         int err;
137
138         if (addr_len < SIN6_LEN_RFC2133) 
139                 return -EINVAL;
140
141         if (usin->sin6_family != AF_INET6) 
142                 return(-EAFNOSUPPORT);
143
144         memset(&fl, 0, sizeof(fl));
145
146         if (np->sndflow) {
147                 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
148                 IP6_ECN_flow_init(fl.fl6_flowlabel);
149                 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
150                         struct ip6_flowlabel *flowlabel;
151                         flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
152                         if (flowlabel == NULL)
153                                 return -EINVAL;
154                         ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
155                         fl6_sock_release(flowlabel);
156                 }
157         }
158
159         /*
160          *      connect() to INADDR_ANY means loopback (BSD'ism).
161          */
162         
163         if(ipv6_addr_any(&usin->sin6_addr))
164                 usin->sin6_addr.s6_addr[15] = 0x1; 
165
166         addr_type = ipv6_addr_type(&usin->sin6_addr);
167
168         if(addr_type & IPV6_ADDR_MULTICAST)
169                 return -ENETUNREACH;
170
171         if (addr_type&IPV6_ADDR_LINKLOCAL) {
172                 if (addr_len >= sizeof(struct sockaddr_in6) &&
173                     usin->sin6_scope_id) {
174                         /* If interface is set while binding, indices
175                          * must coincide.
176                          */
177                         if (sk->sk_bound_dev_if &&
178                             sk->sk_bound_dev_if != usin->sin6_scope_id)
179                                 return -EINVAL;
180
181                         sk->sk_bound_dev_if = usin->sin6_scope_id;
182                 }
183
184                 /* Connect to link-local address requires an interface */
185                 if (!sk->sk_bound_dev_if)
186                         return -EINVAL;
187         }
188
189         if (tp->rx_opt.ts_recent_stamp &&
190             !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
191                 tp->rx_opt.ts_recent = 0;
192                 tp->rx_opt.ts_recent_stamp = 0;
193                 tp->write_seq = 0;
194         }
195
196         ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
197         np->flow_label = fl.fl6_flowlabel;
198
199         /*
200          *      TCP over IPv4
201          */
202
203         if (addr_type == IPV6_ADDR_MAPPED) {
204                 u32 exthdrlen = icsk->icsk_ext_hdr_len;
205                 struct sockaddr_in sin;
206
207                 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
208
209                 if (__ipv6_only_sock(sk))
210                         return -ENETUNREACH;
211
212                 sin.sin_family = AF_INET;
213                 sin.sin_port = usin->sin6_port;
214                 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
215
216                 icsk->icsk_af_ops = &ipv6_mapped;
217                 sk->sk_backlog_rcv = tcp_v4_do_rcv;
218
219                 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
220
221                 if (err) {
222                         icsk->icsk_ext_hdr_len = exthdrlen;
223                         icsk->icsk_af_ops = &ipv6_specific;
224                         sk->sk_backlog_rcv = tcp_v6_do_rcv;
225                         goto failure;
226                 } else {
227                         ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF),
228                                       inet->saddr);
229                         ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF),
230                                       inet->rcv_saddr);
231                 }
232
233                 return err;
234         }
235
236         if (!ipv6_addr_any(&np->rcv_saddr))
237                 saddr = &np->rcv_saddr;
238
239         fl.proto = IPPROTO_TCP;
240         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
241         ipv6_addr_copy(&fl.fl6_src,
242                        (saddr ? saddr : &np->saddr));
243         fl.oif = sk->sk_bound_dev_if;
244         fl.fl_ip_dport = usin->sin6_port;
245         fl.fl_ip_sport = inet->sport;
246
247         if (np->opt && np->opt->srcrt) {
248                 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
249                 ipv6_addr_copy(&final, &fl.fl6_dst);
250                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
251                 final_p = &final;
252         }
253
254         security_sk_classify_flow(sk, &fl);
255
256         err = ip6_dst_lookup(sk, &dst, &fl);
257         if (err)
258                 goto failure;
259         if (final_p)
260                 ipv6_addr_copy(&fl.fl6_dst, final_p);
261
262         if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
263                 goto failure;
264
265         if (saddr == NULL) {
266                 saddr = &fl.fl6_src;
267                 ipv6_addr_copy(&np->rcv_saddr, saddr);
268         }
269
270         /* set the source address */
271         ipv6_addr_copy(&np->saddr, saddr);
272         inet->rcv_saddr = LOOPBACK4_IPV6;
273
274         sk->sk_gso_type = SKB_GSO_TCPV6;
275         __ip6_dst_store(sk, dst, NULL, NULL);
276
277         icsk->icsk_ext_hdr_len = 0;
278         if (np->opt)
279                 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
280                                           np->opt->opt_nflen);
281
282         tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
283
284         inet->dport = usin->sin6_port;
285
286         tcp_set_state(sk, TCP_SYN_SENT);
287         err = inet6_hash_connect(&tcp_death_row, sk);
288         if (err)
289                 goto late_failure;
290
291         if (!tp->write_seq)
292                 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
293                                                              np->daddr.s6_addr32,
294                                                              inet->sport,
295                                                              inet->dport);
296
297         err = tcp_connect(sk);
298         if (err)
299                 goto late_failure;
300
301         return 0;
302
303 late_failure:
304         tcp_set_state(sk, TCP_CLOSE);
305         __sk_dst_reset(sk);
306 failure:
307         inet->dport = 0;
308         sk->sk_route_caps = 0;
309         return err;
310 }
311
312 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
313                 int type, int code, int offset, __u32 info)
314 {
315         struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
316         const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
317         struct ipv6_pinfo *np;
318         struct sock *sk;
319         int err;
320         struct tcp_sock *tp; 
321         __u32 seq;
322
323         sk = inet6_lookup(&tcp_hashinfo, &hdr->daddr, th->dest, &hdr->saddr,
324                           th->source, skb->dev->ifindex);
325
326         if (sk == NULL) {
327                 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
328                 return;
329         }
330
331         if (sk->sk_state == TCP_TIME_WAIT) {
332                 inet_twsk_put((struct inet_timewait_sock *)sk);
333                 return;
334         }
335
336         bh_lock_sock(sk);
337         if (sock_owned_by_user(sk))
338                 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
339
340         if (sk->sk_state == TCP_CLOSE)
341                 goto out;
342
343         tp = tcp_sk(sk);
344         seq = ntohl(th->seq); 
345         if (sk->sk_state != TCP_LISTEN &&
346             !between(seq, tp->snd_una, tp->snd_nxt)) {
347                 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
348                 goto out;
349         }
350
351         np = inet6_sk(sk);
352
353         if (type == ICMPV6_PKT_TOOBIG) {
354                 struct dst_entry *dst = NULL;
355
356                 if (sock_owned_by_user(sk))
357                         goto out;
358                 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
359                         goto out;
360
361                 /* icmp should have updated the destination cache entry */
362                 dst = __sk_dst_check(sk, np->dst_cookie);
363
364                 if (dst == NULL) {
365                         struct inet_sock *inet = inet_sk(sk);
366                         struct flowi fl;
367
368                         /* BUGGG_FUTURE: Again, it is not clear how
369                            to handle rthdr case. Ignore this complexity
370                            for now.
371                          */
372                         memset(&fl, 0, sizeof(fl));
373                         fl.proto = IPPROTO_TCP;
374                         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
375                         ipv6_addr_copy(&fl.fl6_src, &np->saddr);
376                         fl.oif = sk->sk_bound_dev_if;
377                         fl.fl_ip_dport = inet->dport;
378                         fl.fl_ip_sport = inet->sport;
379                         security_skb_classify_flow(skb, &fl);
380
381                         if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
382                                 sk->sk_err_soft = -err;
383                                 goto out;
384                         }
385
386                         if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
387                                 sk->sk_err_soft = -err;
388                                 goto out;
389                         }
390
391                 } else
392                         dst_hold(dst);
393
394                 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
395                         tcp_sync_mss(sk, dst_mtu(dst));
396                         tcp_simple_retransmit(sk);
397                 } /* else let the usual retransmit timer handle it */
398                 dst_release(dst);
399                 goto out;
400         }
401
402         icmpv6_err_convert(type, code, &err);
403
404         /* Might be for an request_sock */
405         switch (sk->sk_state) {
406                 struct request_sock *req, **prev;
407         case TCP_LISTEN:
408                 if (sock_owned_by_user(sk))
409                         goto out;
410
411                 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
412                                            &hdr->saddr, inet6_iif(skb));
413                 if (!req)
414                         goto out;
415
416                 /* ICMPs are not backlogged, hence we cannot get
417                  * an established socket here.
418                  */
419                 BUG_TRAP(req->sk == NULL);
420
421                 if (seq != tcp_rsk(req)->snt_isn) {
422                         NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
423                         goto out;
424                 }
425
426                 inet_csk_reqsk_queue_drop(sk, req, prev);
427                 goto out;
428
429         case TCP_SYN_SENT:
430         case TCP_SYN_RECV:  /* Cannot happen.
431                                It can, it SYNs are crossed. --ANK */ 
432                 if (!sock_owned_by_user(sk)) {
433                         sk->sk_err = err;
434                         sk->sk_error_report(sk);                /* Wake people up to see the error (see connect in sock.c) */
435
436                         tcp_done(sk);
437                 } else
438                         sk->sk_err_soft = err;
439                 goto out;
440         }
441
442         if (!sock_owned_by_user(sk) && np->recverr) {
443                 sk->sk_err = err;
444                 sk->sk_error_report(sk);
445         } else
446                 sk->sk_err_soft = err;
447
448 out:
449         bh_unlock_sock(sk);
450         sock_put(sk);
451 }
452
453
454 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
455                               struct dst_entry *dst)
456 {
457         struct inet6_request_sock *treq = inet6_rsk(req);
458         struct ipv6_pinfo *np = inet6_sk(sk);
459         struct sk_buff * skb;
460         struct ipv6_txoptions *opt = NULL;
461         struct in6_addr * final_p = NULL, final;
462         struct flowi fl;
463         int err = -1;
464
465         memset(&fl, 0, sizeof(fl));
466         fl.proto = IPPROTO_TCP;
467         ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
468         ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
469         fl.fl6_flowlabel = 0;
470         fl.oif = treq->iif;
471         fl.fl_ip_dport = inet_rsk(req)->rmt_port;
472         fl.fl_ip_sport = inet_sk(sk)->sport;
473         security_req_classify_flow(req, &fl);
474
475         if (dst == NULL) {
476                 opt = np->opt;
477                 if (opt == NULL &&
478                     np->rxopt.bits.osrcrt == 2 &&
479                     treq->pktopts) {
480                         struct sk_buff *pktopts = treq->pktopts;
481                         struct inet6_skb_parm *rxopt = IP6CB(pktopts);
482                         if (rxopt->srcrt)
483                                 opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr*)(pktopts->nh.raw + rxopt->srcrt));
484                 }
485
486                 if (opt && opt->srcrt) {
487                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
488                         ipv6_addr_copy(&final, &fl.fl6_dst);
489                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
490                         final_p = &final;
491                 }
492
493                 err = ip6_dst_lookup(sk, &dst, &fl);
494                 if (err)
495                         goto done;
496                 if (final_p)
497                         ipv6_addr_copy(&fl.fl6_dst, final_p);
498                 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
499                         goto done;
500         }
501
502         skb = tcp_make_synack(sk, dst, req);
503         if (skb) {
504                 struct tcphdr *th = skb->h.th;
505
506                 th->check = tcp_v6_check(th, skb->len,
507                                          &treq->loc_addr, &treq->rmt_addr,
508                                          csum_partial((char *)th, skb->len, skb->csum));
509
510                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
511                 err = ip6_xmit(sk, skb, &fl, opt, 0);
512                 if (err == NET_XMIT_CN)
513                         err = 0;
514         }
515
516 done:
517         if (opt && opt != np->opt)
518                 sock_kfree_s(sk, opt, opt->tot_len);
519         dst_release(dst);
520         return err;
521 }
522
523 static void tcp_v6_reqsk_destructor(struct request_sock *req)
524 {
525         if (inet6_rsk(req)->pktopts)
526                 kfree_skb(inet6_rsk(req)->pktopts);
527 }
528
529 static struct request_sock_ops tcp6_request_sock_ops = {
530         .family         =       AF_INET6,
531         .obj_size       =       sizeof(struct tcp6_request_sock),
532         .rtx_syn_ack    =       tcp_v6_send_synack,
533         .send_ack       =       tcp_v6_reqsk_send_ack,
534         .destructor     =       tcp_v6_reqsk_destructor,
535         .send_reset     =       tcp_v6_send_reset
536 };
537
538 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
539         .twsk_obj_size  = sizeof(struct tcp6_timewait_sock),
540         .twsk_unique    = tcp_twsk_unique,
541 };
542
543 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb)
544 {
545         struct ipv6_pinfo *np = inet6_sk(sk);
546         struct tcphdr *th = skb->h.th;
547
548         if (skb->ip_summed == CHECKSUM_PARTIAL) {
549                 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,  0);
550                 skb->csum = offsetof(struct tcphdr, check);
551         } else {
552                 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP, 
553                                             csum_partial((char *)th, th->doff<<2, 
554                                                          skb->csum));
555         }
556 }
557
558 static int tcp_v6_gso_send_check(struct sk_buff *skb)
559 {
560         struct ipv6hdr *ipv6h;
561         struct tcphdr *th;
562
563         if (!pskb_may_pull(skb, sizeof(*th)))
564                 return -EINVAL;
565
566         ipv6h = skb->nh.ipv6h;
567         th = skb->h.th;
568
569         th->check = 0;
570         th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len,
571                                      IPPROTO_TCP, 0);
572         skb->csum = offsetof(struct tcphdr, check);
573         skb->ip_summed = CHECKSUM_PARTIAL;
574         return 0;
575 }
576
577 static void tcp_v6_send_reset(struct sk_buff *skb)
578 {
579         struct tcphdr *th = skb->h.th, *t1; 
580         struct sk_buff *buff;
581         struct flowi fl;
582
583         if (th->rst)
584                 return;
585
586         if (!ipv6_unicast_destination(skb))
587                 return; 
588
589         /*
590          * We need to grab some memory, and put together an RST,
591          * and then put it into the queue to be sent.
592          */
593
594         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + sizeof(struct tcphdr),
595                          GFP_ATOMIC);
596         if (buff == NULL) 
597                 return;
598
599         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + sizeof(struct tcphdr));
600
601         t1 = (struct tcphdr *) skb_push(buff,sizeof(struct tcphdr));
602
603         /* Swap the send and the receive. */
604         memset(t1, 0, sizeof(*t1));
605         t1->dest = th->source;
606         t1->source = th->dest;
607         t1->doff = sizeof(*t1)/4;
608         t1->rst = 1;
609   
610         if(th->ack) {
611                 t1->seq = th->ack_seq;
612         } else {
613                 t1->ack = 1;
614                 t1->ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin
615                                     + skb->len - (th->doff<<2));
616         }
617
618         buff->csum = csum_partial((char *)t1, sizeof(*t1), 0);
619
620         memset(&fl, 0, sizeof(fl));
621         ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
622         ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
623
624         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
625                                     sizeof(*t1), IPPROTO_TCP,
626                                     buff->csum);
627
628         fl.proto = IPPROTO_TCP;
629         fl.oif = inet6_iif(skb);
630         fl.fl_ip_dport = t1->dest;
631         fl.fl_ip_sport = t1->source;
632         security_skb_classify_flow(skb, &fl);
633
634         /* sk = NULL, but it is safe for now. RST socket required. */
635         if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
636
637                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
638                         ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
639                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
640                         TCP_INC_STATS_BH(TCP_MIB_OUTRSTS);
641                         return;
642                 }
643         }
644
645         kfree_skb(buff);
646 }
647
648 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts)
649 {
650         struct tcphdr *th = skb->h.th, *t1;
651         struct sk_buff *buff;
652         struct flowi fl;
653         int tot_len = sizeof(struct tcphdr);
654
655         if (ts)
656                 tot_len += 3*4;
657
658         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
659                          GFP_ATOMIC);
660         if (buff == NULL)
661                 return;
662
663         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
664
665         t1 = (struct tcphdr *) skb_push(buff,tot_len);
666
667         /* Swap the send and the receive. */
668         memset(t1, 0, sizeof(*t1));
669         t1->dest = th->source;
670         t1->source = th->dest;
671         t1->doff = tot_len/4;
672         t1->seq = htonl(seq);
673         t1->ack_seq = htonl(ack);
674         t1->ack = 1;
675         t1->window = htons(win);
676         
677         if (ts) {
678                 u32 *ptr = (u32*)(t1 + 1);
679                 *ptr++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
680                                (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
681                 *ptr++ = htonl(tcp_time_stamp);
682                 *ptr = htonl(ts);
683         }
684
685         buff->csum = csum_partial((char *)t1, tot_len, 0);
686
687         memset(&fl, 0, sizeof(fl));
688         ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
689         ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
690
691         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
692                                     tot_len, IPPROTO_TCP,
693                                     buff->csum);
694
695         fl.proto = IPPROTO_TCP;
696         fl.oif = inet6_iif(skb);
697         fl.fl_ip_dport = t1->dest;
698         fl.fl_ip_sport = t1->source;
699         security_skb_classify_flow(skb, &fl);
700
701         if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
702                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
703                         ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
704                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
705                         return;
706                 }
707         }
708
709         kfree_skb(buff);
710 }
711
712 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
713 {
714         struct inet_timewait_sock *tw = inet_twsk(sk);
715         const struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
716
717         tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
718                         tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
719                         tcptw->tw_ts_recent);
720
721         inet_twsk_put(tw);
722 }
723
724 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req)
725 {
726         tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent);
727 }
728
729
730 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
731 {
732         struct request_sock *req, **prev;
733         const struct tcphdr *th = skb->h.th;
734         struct sock *nsk;
735
736         /* Find possible connection requests. */
737         req = inet6_csk_search_req(sk, &prev, th->source,
738                                    &skb->nh.ipv6h->saddr,
739                                    &skb->nh.ipv6h->daddr, inet6_iif(skb));
740         if (req)
741                 return tcp_check_req(sk, skb, req, prev);
742
743         nsk = __inet6_lookup_established(&tcp_hashinfo, &skb->nh.ipv6h->saddr,
744                                          th->source, &skb->nh.ipv6h->daddr,
745                                          ntohs(th->dest), inet6_iif(skb));
746
747         if (nsk) {
748                 if (nsk->sk_state != TCP_TIME_WAIT) {
749                         bh_lock_sock(nsk);
750                         return nsk;
751                 }
752                 inet_twsk_put((struct inet_timewait_sock *)nsk);
753                 return NULL;
754         }
755
756 #if 0 /*def CONFIG_SYN_COOKIES*/
757         if (!th->rst && !th->syn && th->ack)
758                 sk = cookie_v6_check(sk, skb, &(IPCB(skb)->opt));
759 #endif
760         return sk;
761 }
762
763 /* FIXME: this is substantially similar to the ipv4 code.
764  * Can some kind of merge be done? -- erics
765  */
766 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
767 {
768         struct inet6_request_sock *treq;
769         struct ipv6_pinfo *np = inet6_sk(sk);
770         struct tcp_options_received tmp_opt;
771         struct tcp_sock *tp = tcp_sk(sk);
772         struct request_sock *req = NULL;
773         __u32 isn = TCP_SKB_CB(skb)->when;
774
775         if (skb->protocol == htons(ETH_P_IP))
776                 return tcp_v4_conn_request(sk, skb);
777
778         if (!ipv6_unicast_destination(skb))
779                 goto drop; 
780
781         /*
782          *      There are no SYN attacks on IPv6, yet...        
783          */
784         if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
785                 if (net_ratelimit())
786                         printk(KERN_INFO "TCPv6: dropping request, synflood is possible\n");
787                 goto drop;              
788         }
789
790         if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
791                 goto drop;
792
793         req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
794         if (req == NULL)
795                 goto drop;
796
797         tcp_clear_options(&tmp_opt);
798         tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
799         tmp_opt.user_mss = tp->rx_opt.user_mss;
800
801         tcp_parse_options(skb, &tmp_opt, 0);
802
803         tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
804         tcp_openreq_init(req, &tmp_opt, skb);
805
806         treq = inet6_rsk(req);
807         ipv6_addr_copy(&treq->rmt_addr, &skb->nh.ipv6h->saddr);
808         ipv6_addr_copy(&treq->loc_addr, &skb->nh.ipv6h->daddr);
809         TCP_ECN_create_request(req, skb->h.th);
810         treq->pktopts = NULL;
811         if (ipv6_opt_accepted(sk, skb) ||
812             np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
813             np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
814                 atomic_inc(&skb->users);
815                 treq->pktopts = skb;
816         }
817         treq->iif = sk->sk_bound_dev_if;
818
819         /* So that link locals have meaning */
820         if (!sk->sk_bound_dev_if &&
821             ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
822                 treq->iif = inet6_iif(skb);
823
824         if (isn == 0) 
825                 isn = tcp_v6_init_sequence(sk,skb);
826
827         tcp_rsk(req)->snt_isn = isn;
828
829         security_inet_conn_request(sk, skb, req);
830
831         if (tcp_v6_send_synack(sk, req, NULL))
832                 goto drop;
833
834         inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
835         return 0;
836
837 drop:
838         if (req)
839                 reqsk_free(req);
840
841         return 0; /* don't send reset */
842 }
843
844 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
845                                           struct request_sock *req,
846                                           struct dst_entry *dst)
847 {
848         struct inet6_request_sock *treq = inet6_rsk(req);
849         struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
850         struct tcp6_sock *newtcp6sk;
851         struct inet_sock *newinet;
852         struct tcp_sock *newtp;
853         struct sock *newsk;
854         struct ipv6_txoptions *opt;
855
856         if (skb->protocol == htons(ETH_P_IP)) {
857                 /*
858                  *      v6 mapped
859                  */
860
861                 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
862
863                 if (newsk == NULL) 
864                         return NULL;
865
866                 newtcp6sk = (struct tcp6_sock *)newsk;
867                 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
868
869                 newinet = inet_sk(newsk);
870                 newnp = inet6_sk(newsk);
871                 newtp = tcp_sk(newsk);
872
873                 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
874
875                 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF),
876                               newinet->daddr);
877
878                 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF),
879                               newinet->saddr);
880
881                 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
882
883                 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
884                 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
885                 newnp->pktoptions  = NULL;
886                 newnp->opt         = NULL;
887                 newnp->mcast_oif   = inet6_iif(skb);
888                 newnp->mcast_hops  = skb->nh.ipv6h->hop_limit;
889
890                 /*
891                  * No need to charge this sock to the relevant IPv6 refcnt debug socks count
892                  * here, tcp_create_openreq_child now does this for us, see the comment in
893                  * that function for the gory details. -acme
894                  */
895
896                 /* It is tricky place. Until this moment IPv4 tcp
897                    worked with IPv6 icsk.icsk_af_ops.
898                    Sync it now.
899                  */
900                 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
901
902                 return newsk;
903         }
904
905         opt = np->opt;
906
907         if (sk_acceptq_is_full(sk))
908                 goto out_overflow;
909
910         if (np->rxopt.bits.osrcrt == 2 &&
911             opt == NULL && treq->pktopts) {
912                 struct inet6_skb_parm *rxopt = IP6CB(treq->pktopts);
913                 if (rxopt->srcrt)
914                         opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr *)(treq->pktopts->nh.raw + rxopt->srcrt));
915         }
916
917         if (dst == NULL) {
918                 struct in6_addr *final_p = NULL, final;
919                 struct flowi fl;
920
921                 memset(&fl, 0, sizeof(fl));
922                 fl.proto = IPPROTO_TCP;
923                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
924                 if (opt && opt->srcrt) {
925                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
926                         ipv6_addr_copy(&final, &fl.fl6_dst);
927                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
928                         final_p = &final;
929                 }
930                 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
931                 fl.oif = sk->sk_bound_dev_if;
932                 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
933                 fl.fl_ip_sport = inet_sk(sk)->sport;
934                 security_req_classify_flow(req, &fl);
935
936                 if (ip6_dst_lookup(sk, &dst, &fl))
937                         goto out;
938
939                 if (final_p)
940                         ipv6_addr_copy(&fl.fl6_dst, final_p);
941
942                 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
943                         goto out;
944         } 
945
946         newsk = tcp_create_openreq_child(sk, req, skb);
947         if (newsk == NULL)
948                 goto out;
949
950         /*
951          * No need to charge this sock to the relevant IPv6 refcnt debug socks
952          * count here, tcp_create_openreq_child now does this for us, see the
953          * comment in that function for the gory details. -acme
954          */
955
956         newsk->sk_gso_type = SKB_GSO_TCPV6;
957         __ip6_dst_store(newsk, dst, NULL, NULL);
958
959         newtcp6sk = (struct tcp6_sock *)newsk;
960         inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
961
962         newtp = tcp_sk(newsk);
963         newinet = inet_sk(newsk);
964         newnp = inet6_sk(newsk);
965
966         memcpy(newnp, np, sizeof(struct ipv6_pinfo));
967
968         ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
969         ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
970         ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
971         newsk->sk_bound_dev_if = treq->iif;
972
973         /* Now IPv6 options... 
974
975            First: no IPv4 options.
976          */
977         newinet->opt = NULL;
978
979         /* Clone RX bits */
980         newnp->rxopt.all = np->rxopt.all;
981
982         /* Clone pktoptions received with SYN */
983         newnp->pktoptions = NULL;
984         if (treq->pktopts != NULL) {
985                 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
986                 kfree_skb(treq->pktopts);
987                 treq->pktopts = NULL;
988                 if (newnp->pktoptions)
989                         skb_set_owner_r(newnp->pktoptions, newsk);
990         }
991         newnp->opt        = NULL;
992         newnp->mcast_oif  = inet6_iif(skb);
993         newnp->mcast_hops = skb->nh.ipv6h->hop_limit;
994
995         /* Clone native IPv6 options from listening socket (if any)
996
997            Yes, keeping reference count would be much more clever,
998            but we make one more one thing there: reattach optmem
999            to newsk.
1000          */
1001         if (opt) {
1002                 newnp->opt = ipv6_dup_options(newsk, opt);
1003                 if (opt != np->opt)
1004                         sock_kfree_s(sk, opt, opt->tot_len);
1005         }
1006
1007         inet_csk(newsk)->icsk_ext_hdr_len = 0;
1008         if (newnp->opt)
1009                 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1010                                                      newnp->opt->opt_flen);
1011
1012         tcp_mtup_init(newsk);
1013         tcp_sync_mss(newsk, dst_mtu(dst));
1014         newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1015         tcp_initialize_rcv_mss(newsk);
1016
1017         newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
1018
1019         __inet6_hash(&tcp_hashinfo, newsk);
1020         inet_inherit_port(&tcp_hashinfo, sk, newsk);
1021
1022         return newsk;
1023
1024 out_overflow:
1025         NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
1026 out:
1027         NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
1028         if (opt && opt != np->opt)
1029                 sock_kfree_s(sk, opt, opt->tot_len);
1030         dst_release(dst);
1031         return NULL;
1032 }
1033
1034 static int tcp_v6_checksum_init(struct sk_buff *skb)
1035 {
1036         if (skb->ip_summed == CHECKSUM_COMPLETE) {
1037                 if (!tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1038                                   &skb->nh.ipv6h->daddr,skb->csum)) {
1039                         skb->ip_summed = CHECKSUM_UNNECESSARY;
1040                         return 0;
1041                 }
1042         }
1043
1044         skb->csum = ~tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1045                                   &skb->nh.ipv6h->daddr, 0);
1046
1047         if (skb->len <= 76) {
1048                 return __skb_checksum_complete(skb);
1049         }
1050         return 0;
1051 }
1052
1053 /* The socket must have it's spinlock held when we get
1054  * here.
1055  *
1056  * We have a potential double-lock case here, so even when
1057  * doing backlog processing we use the BH locking scheme.
1058  * This is because we cannot sleep with the original spinlock
1059  * held.
1060  */
1061 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1062 {
1063         struct ipv6_pinfo *np = inet6_sk(sk);
1064         struct tcp_sock *tp;
1065         struct sk_buff *opt_skb = NULL;
1066
1067         /* Imagine: socket is IPv6. IPv4 packet arrives,
1068            goes to IPv4 receive handler and backlogged.
1069            From backlog it always goes here. Kerboom...
1070            Fortunately, tcp_rcv_established and rcv_established
1071            handle them correctly, but it is not case with
1072            tcp_v6_hnd_req and tcp_v6_send_reset().   --ANK
1073          */
1074
1075         if (skb->protocol == htons(ETH_P_IP))
1076                 return tcp_v4_do_rcv(sk, skb);
1077
1078         if (sk_filter(sk, skb))
1079                 goto discard;
1080
1081         /*
1082          *      socket locking is here for SMP purposes as backlog rcv
1083          *      is currently called with bh processing disabled.
1084          */
1085
1086         /* Do Stevens' IPV6_PKTOPTIONS.
1087
1088            Yes, guys, it is the only place in our code, where we
1089            may make it not affecting IPv4.
1090            The rest of code is protocol independent,
1091            and I do not like idea to uglify IPv4.
1092
1093            Actually, all the idea behind IPV6_PKTOPTIONS
1094            looks not very well thought. For now we latch
1095            options, received in the last packet, enqueued
1096            by tcp. Feel free to propose better solution.
1097                                                --ANK (980728)
1098          */
1099         if (np->rxopt.all)
1100                 opt_skb = skb_clone(skb, GFP_ATOMIC);
1101
1102         if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1103                 TCP_CHECK_TIMER(sk);
1104                 if (tcp_rcv_established(sk, skb, skb->h.th, skb->len))
1105                         goto reset;
1106                 TCP_CHECK_TIMER(sk);
1107                 if (opt_skb)
1108                         goto ipv6_pktoptions;
1109                 return 0;
1110         }
1111
1112         if (skb->len < (skb->h.th->doff<<2) || tcp_checksum_complete(skb))
1113                 goto csum_err;
1114
1115         if (sk->sk_state == TCP_LISTEN) { 
1116                 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1117                 if (!nsk)
1118                         goto discard;
1119
1120                 /*
1121                  * Queue it on the new socket if the new socket is active,
1122                  * otherwise we just shortcircuit this and continue with
1123                  * the new socket..
1124                  */
1125                 if(nsk != sk) {
1126                         if (tcp_child_process(sk, nsk, skb))
1127                                 goto reset;
1128                         if (opt_skb)
1129                                 __kfree_skb(opt_skb);
1130                         return 0;
1131                 }
1132         }
1133
1134         TCP_CHECK_TIMER(sk);
1135         if (tcp_rcv_state_process(sk, skb, skb->h.th, skb->len))
1136                 goto reset;
1137         TCP_CHECK_TIMER(sk);
1138         if (opt_skb)
1139                 goto ipv6_pktoptions;
1140         return 0;
1141
1142 reset:
1143         tcp_v6_send_reset(skb);
1144 discard:
1145         if (opt_skb)
1146                 __kfree_skb(opt_skb);
1147         kfree_skb(skb);
1148         return 0;
1149 csum_err:
1150         TCP_INC_STATS_BH(TCP_MIB_INERRS);
1151         goto discard;
1152
1153
1154 ipv6_pktoptions:
1155         /* Do you ask, what is it?
1156
1157            1. skb was enqueued by tcp.
1158            2. skb is added to tail of read queue, rather than out of order.
1159            3. socket is not in passive state.
1160            4. Finally, it really contains options, which user wants to receive.
1161          */
1162         tp = tcp_sk(sk);
1163         if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1164             !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1165                 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1166                         np->mcast_oif = inet6_iif(opt_skb);
1167                 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1168                         np->mcast_hops = opt_skb->nh.ipv6h->hop_limit;
1169                 if (ipv6_opt_accepted(sk, opt_skb)) {
1170                         skb_set_owner_r(opt_skb, sk);
1171                         opt_skb = xchg(&np->pktoptions, opt_skb);
1172                 } else {
1173                         __kfree_skb(opt_skb);
1174                         opt_skb = xchg(&np->pktoptions, NULL);
1175                 }
1176         }
1177
1178         if (opt_skb)
1179                 kfree_skb(opt_skb);
1180         return 0;
1181 }
1182
1183 static int tcp_v6_rcv(struct sk_buff **pskb)
1184 {
1185         struct sk_buff *skb = *pskb;
1186         struct tcphdr *th;      
1187         struct sock *sk;
1188         int ret;
1189
1190         if (skb->pkt_type != PACKET_HOST)
1191                 goto discard_it;
1192
1193         /*
1194          *      Count it even if it's bad.
1195          */
1196         TCP_INC_STATS_BH(TCP_MIB_INSEGS);
1197
1198         if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1199                 goto discard_it;
1200
1201         th = skb->h.th;
1202
1203         if (th->doff < sizeof(struct tcphdr)/4)
1204                 goto bad_packet;
1205         if (!pskb_may_pull(skb, th->doff*4))
1206                 goto discard_it;
1207
1208         if ((skb->ip_summed != CHECKSUM_UNNECESSARY &&
1209              tcp_v6_checksum_init(skb)))
1210                 goto bad_packet;
1211
1212         th = skb->h.th;
1213         TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1214         TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1215                                     skb->len - th->doff*4);
1216         TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1217         TCP_SKB_CB(skb)->when = 0;
1218         TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(skb->nh.ipv6h);
1219         TCP_SKB_CB(skb)->sacked = 0;
1220
1221         sk = __inet6_lookup(&tcp_hashinfo, &skb->nh.ipv6h->saddr, th->source,
1222                             &skb->nh.ipv6h->daddr, ntohs(th->dest),
1223                             inet6_iif(skb));
1224
1225         if (!sk)
1226                 goto no_tcp_socket;
1227
1228 process:
1229         if (sk->sk_state == TCP_TIME_WAIT)
1230                 goto do_time_wait;
1231
1232         if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1233                 goto discard_and_relse;
1234
1235         if (sk_filter(sk, skb))
1236                 goto discard_and_relse;
1237
1238         skb->dev = NULL;
1239
1240         bh_lock_sock_nested(sk);
1241         ret = 0;
1242         if (!sock_owned_by_user(sk)) {
1243 #ifdef CONFIG_NET_DMA
1244                 struct tcp_sock *tp = tcp_sk(sk);
1245                 if (tp->ucopy.dma_chan)
1246                         ret = tcp_v6_do_rcv(sk, skb);
1247                 else
1248 #endif
1249                 {
1250                         if (!tcp_prequeue(sk, skb))
1251                                 ret = tcp_v6_do_rcv(sk, skb);
1252                 }
1253         } else
1254                 sk_add_backlog(sk, skb);
1255         bh_unlock_sock(sk);
1256
1257         sock_put(sk);
1258         return ret ? -1 : 0;
1259
1260 no_tcp_socket:
1261         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1262                 goto discard_it;
1263
1264         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1265 bad_packet:
1266                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1267         } else {
1268                 tcp_v6_send_reset(skb);
1269         }
1270
1271 discard_it:
1272
1273         /*
1274          *      Discard frame
1275          */
1276
1277         kfree_skb(skb);
1278         return 0;
1279
1280 discard_and_relse:
1281         sock_put(sk);
1282         goto discard_it;
1283
1284 do_time_wait:
1285         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1286                 inet_twsk_put((struct inet_timewait_sock *)sk);
1287                 goto discard_it;
1288         }
1289
1290         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1291                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1292                 inet_twsk_put((struct inet_timewait_sock *)sk);
1293                 goto discard_it;
1294         }
1295
1296         switch (tcp_timewait_state_process((struct inet_timewait_sock *)sk,
1297                                            skb, th)) {
1298         case TCP_TW_SYN:
1299         {
1300                 struct sock *sk2;
1301
1302                 sk2 = inet6_lookup_listener(&tcp_hashinfo,
1303                                             &skb->nh.ipv6h->daddr,
1304                                             ntohs(th->dest), inet6_iif(skb));
1305                 if (sk2 != NULL) {
1306                         struct inet_timewait_sock *tw = inet_twsk(sk);
1307                         inet_twsk_deschedule(tw, &tcp_death_row);
1308                         inet_twsk_put(tw);
1309                         sk = sk2;
1310                         goto process;
1311                 }
1312                 /* Fall through to ACK */
1313         }
1314         case TCP_TW_ACK:
1315                 tcp_v6_timewait_ack(sk, skb);
1316                 break;
1317         case TCP_TW_RST:
1318                 goto no_tcp_socket;
1319         case TCP_TW_SUCCESS:;
1320         }
1321         goto discard_it;
1322 }
1323
1324 static int tcp_v6_remember_stamp(struct sock *sk)
1325 {
1326         /* Alas, not yet... */
1327         return 0;
1328 }
1329
1330 static struct inet_connection_sock_af_ops ipv6_specific = {
1331         .queue_xmit        = inet6_csk_xmit,
1332         .send_check        = tcp_v6_send_check,
1333         .rebuild_header    = inet6_sk_rebuild_header,
1334         .conn_request      = tcp_v6_conn_request,
1335         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1336         .remember_stamp    = tcp_v6_remember_stamp,
1337         .net_header_len    = sizeof(struct ipv6hdr),
1338         .setsockopt        = ipv6_setsockopt,
1339         .getsockopt        = ipv6_getsockopt,
1340         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1341         .sockaddr_len      = sizeof(struct sockaddr_in6),
1342 #ifdef CONFIG_COMPAT
1343         .compat_setsockopt = compat_ipv6_setsockopt,
1344         .compat_getsockopt = compat_ipv6_getsockopt,
1345 #endif
1346 };
1347
1348 /*
1349  *      TCP over IPv4 via INET6 API
1350  */
1351
1352 static struct inet_connection_sock_af_ops ipv6_mapped = {
1353         .queue_xmit        = ip_queue_xmit,
1354         .send_check        = tcp_v4_send_check,
1355         .rebuild_header    = inet_sk_rebuild_header,
1356         .conn_request      = tcp_v6_conn_request,
1357         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1358         .remember_stamp    = tcp_v4_remember_stamp,
1359         .net_header_len    = sizeof(struct iphdr),
1360         .setsockopt        = ipv6_setsockopt,
1361         .getsockopt        = ipv6_getsockopt,
1362         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1363         .sockaddr_len      = sizeof(struct sockaddr_in6),
1364 #ifdef CONFIG_COMPAT
1365         .compat_setsockopt = compat_ipv6_setsockopt,
1366         .compat_getsockopt = compat_ipv6_getsockopt,
1367 #endif
1368 };
1369
1370 /* NOTE: A lot of things set to zero explicitly by call to
1371  *       sk_alloc() so need not be done here.
1372  */
1373 static int tcp_v6_init_sock(struct sock *sk)
1374 {
1375         struct inet_connection_sock *icsk = inet_csk(sk);
1376         struct tcp_sock *tp = tcp_sk(sk);
1377
1378         skb_queue_head_init(&tp->out_of_order_queue);
1379         tcp_init_xmit_timers(sk);
1380         tcp_prequeue_init(tp);
1381
1382         icsk->icsk_rto = TCP_TIMEOUT_INIT;
1383         tp->mdev = TCP_TIMEOUT_INIT;
1384
1385         /* So many TCP implementations out there (incorrectly) count the
1386          * initial SYN frame in their delayed-ACK and congestion control
1387          * algorithms that we must have the following bandaid to talk
1388          * efficiently to them.  -DaveM
1389          */
1390         tp->snd_cwnd = 2;
1391
1392         /* See draft-stevens-tcpca-spec-01 for discussion of the
1393          * initialization of these values.
1394          */
1395         tp->snd_ssthresh = 0x7fffffff;
1396         tp->snd_cwnd_clamp = ~0;
1397         tp->mss_cache = 536;
1398
1399         tp->reordering = sysctl_tcp_reordering;
1400
1401         sk->sk_state = TCP_CLOSE;
1402
1403         icsk->icsk_af_ops = &ipv6_specific;
1404         icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1405         icsk->icsk_sync_mss = tcp_sync_mss;
1406         sk->sk_write_space = sk_stream_write_space;
1407         sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1408
1409         sk->sk_sndbuf = sysctl_tcp_wmem[1];
1410         sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1411
1412         atomic_inc(&tcp_sockets_allocated);
1413
1414         return 0;
1415 }
1416
1417 static int tcp_v6_destroy_sock(struct sock *sk)
1418 {
1419         tcp_v4_destroy_sock(sk);
1420         return inet6_destroy_sock(sk);
1421 }
1422
1423 /* Proc filesystem TCPv6 sock list dumping. */
1424 static void get_openreq6(struct seq_file *seq, 
1425                          struct sock *sk, struct request_sock *req, int i, int uid)
1426 {
1427         int ttd = req->expires - jiffies;
1428         struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1429         struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1430
1431         if (ttd < 0)
1432                 ttd = 0;
1433
1434         seq_printf(seq,
1435                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1436                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1437                    i,
1438                    src->s6_addr32[0], src->s6_addr32[1],
1439                    src->s6_addr32[2], src->s6_addr32[3],
1440                    ntohs(inet_sk(sk)->sport),
1441                    dest->s6_addr32[0], dest->s6_addr32[1],
1442                    dest->s6_addr32[2], dest->s6_addr32[3],
1443                    ntohs(inet_rsk(req)->rmt_port),
1444                    TCP_SYN_RECV,
1445                    0,0, /* could print option size, but that is af dependent. */
1446                    1,   /* timers active (only the expire timer) */  
1447                    jiffies_to_clock_t(ttd), 
1448                    req->retrans,
1449                    uid,
1450                    0,  /* non standard timer */  
1451                    0, /* open_requests have no inode */
1452                    0, req);
1453 }
1454
1455 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1456 {
1457         struct in6_addr *dest, *src;
1458         __u16 destp, srcp;
1459         int timer_active;
1460         unsigned long timer_expires;
1461         struct inet_sock *inet = inet_sk(sp);
1462         struct tcp_sock *tp = tcp_sk(sp);
1463         const struct inet_connection_sock *icsk = inet_csk(sp);
1464         struct ipv6_pinfo *np = inet6_sk(sp);
1465
1466         dest  = &np->daddr;
1467         src   = &np->rcv_saddr;
1468         destp = ntohs(inet->dport);
1469         srcp  = ntohs(inet->sport);
1470
1471         if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1472                 timer_active    = 1;
1473                 timer_expires   = icsk->icsk_timeout;
1474         } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1475                 timer_active    = 4;
1476                 timer_expires   = icsk->icsk_timeout;
1477         } else if (timer_pending(&sp->sk_timer)) {
1478                 timer_active    = 2;
1479                 timer_expires   = sp->sk_timer.expires;
1480         } else {
1481                 timer_active    = 0;
1482                 timer_expires = jiffies;
1483         }
1484
1485         seq_printf(seq,
1486                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1487                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %u %u %u %u %d\n",
1488                    i,
1489                    src->s6_addr32[0], src->s6_addr32[1],
1490                    src->s6_addr32[2], src->s6_addr32[3], srcp,
1491                    dest->s6_addr32[0], dest->s6_addr32[1],
1492                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
1493                    sp->sk_state, 
1494                    tp->write_seq-tp->snd_una,
1495                    (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
1496                    timer_active,
1497                    jiffies_to_clock_t(timer_expires - jiffies),
1498                    icsk->icsk_retransmits,
1499                    sock_i_uid(sp),
1500                    icsk->icsk_probes_out,
1501                    sock_i_ino(sp),
1502                    atomic_read(&sp->sk_refcnt), sp,
1503                    icsk->icsk_rto,
1504                    icsk->icsk_ack.ato,
1505                    (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
1506                    tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
1507                    );
1508 }
1509
1510 static void get_timewait6_sock(struct seq_file *seq, 
1511                                struct inet_timewait_sock *tw, int i)
1512 {
1513         struct in6_addr *dest, *src;
1514         __u16 destp, srcp;
1515         struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
1516         int ttd = tw->tw_ttd - jiffies;
1517
1518         if (ttd < 0)
1519                 ttd = 0;
1520
1521         dest = &tw6->tw_v6_daddr;
1522         src  = &tw6->tw_v6_rcv_saddr;
1523         destp = ntohs(tw->tw_dport);
1524         srcp  = ntohs(tw->tw_sport);
1525
1526         seq_printf(seq,
1527                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1528                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1529                    i,
1530                    src->s6_addr32[0], src->s6_addr32[1],
1531                    src->s6_addr32[2], src->s6_addr32[3], srcp,
1532                    dest->s6_addr32[0], dest->s6_addr32[1],
1533                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
1534                    tw->tw_substate, 0, 0,
1535                    3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
1536                    atomic_read(&tw->tw_refcnt), tw);
1537 }
1538
1539 #ifdef CONFIG_PROC_FS
1540 static int tcp6_seq_show(struct seq_file *seq, void *v)
1541 {
1542         struct tcp_iter_state *st;
1543
1544         if (v == SEQ_START_TOKEN) {
1545                 seq_puts(seq,
1546                          "  sl  "
1547                          "local_address                         "
1548                          "remote_address                        "
1549                          "st tx_queue rx_queue tr tm->when retrnsmt"
1550                          "   uid  timeout inode\n");
1551                 goto out;
1552         }
1553         st = seq->private;
1554
1555         switch (st->state) {
1556         case TCP_SEQ_STATE_LISTENING:
1557         case TCP_SEQ_STATE_ESTABLISHED:
1558                 get_tcp6_sock(seq, v, st->num);
1559                 break;
1560         case TCP_SEQ_STATE_OPENREQ:
1561                 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
1562                 break;
1563         case TCP_SEQ_STATE_TIME_WAIT:
1564                 get_timewait6_sock(seq, v, st->num);
1565                 break;
1566         }
1567 out:
1568         return 0;
1569 }
1570
1571 static struct file_operations tcp6_seq_fops;
1572 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1573         .owner          = THIS_MODULE,
1574         .name           = "tcp6",
1575         .family         = AF_INET6,
1576         .seq_show       = tcp6_seq_show,
1577         .seq_fops       = &tcp6_seq_fops,
1578 };
1579
1580 int __init tcp6_proc_init(void)
1581 {
1582         return tcp_proc_register(&tcp6_seq_afinfo);
1583 }
1584
1585 void tcp6_proc_exit(void)
1586 {
1587         tcp_proc_unregister(&tcp6_seq_afinfo);
1588 }
1589 #endif
1590
1591 struct proto tcpv6_prot = {
1592         .name                   = "TCPv6",
1593         .owner                  = THIS_MODULE,
1594         .close                  = tcp_close,
1595         .connect                = tcp_v6_connect,
1596         .disconnect             = tcp_disconnect,
1597         .accept                 = inet_csk_accept,
1598         .ioctl                  = tcp_ioctl,
1599         .init                   = tcp_v6_init_sock,
1600         .destroy                = tcp_v6_destroy_sock,
1601         .shutdown               = tcp_shutdown,
1602         .setsockopt             = tcp_setsockopt,
1603         .getsockopt             = tcp_getsockopt,
1604         .sendmsg                = tcp_sendmsg,
1605         .recvmsg                = tcp_recvmsg,
1606         .backlog_rcv            = tcp_v6_do_rcv,
1607         .hash                   = tcp_v6_hash,
1608         .unhash                 = tcp_unhash,
1609         .get_port               = tcp_v6_get_port,
1610         .enter_memory_pressure  = tcp_enter_memory_pressure,
1611         .sockets_allocated      = &tcp_sockets_allocated,
1612         .memory_allocated       = &tcp_memory_allocated,
1613         .memory_pressure        = &tcp_memory_pressure,
1614         .orphan_count           = &tcp_orphan_count,
1615         .sysctl_mem             = sysctl_tcp_mem,
1616         .sysctl_wmem            = sysctl_tcp_wmem,
1617         .sysctl_rmem            = sysctl_tcp_rmem,
1618         .max_header             = MAX_TCP_HEADER,
1619         .obj_size               = sizeof(struct tcp6_sock),
1620         .twsk_prot              = &tcp6_timewait_sock_ops,
1621         .rsk_prot               = &tcp6_request_sock_ops,
1622 #ifdef CONFIG_COMPAT
1623         .compat_setsockopt      = compat_tcp_setsockopt,
1624         .compat_getsockopt      = compat_tcp_getsockopt,
1625 #endif
1626 };
1627
1628 static struct inet6_protocol tcpv6_protocol = {
1629         .handler        =       tcp_v6_rcv,
1630         .err_handler    =       tcp_v6_err,
1631         .gso_send_check =       tcp_v6_gso_send_check,
1632         .gso_segment    =       tcp_tso_segment,
1633         .flags          =       INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1634 };
1635
1636 static struct inet_protosw tcpv6_protosw = {
1637         .type           =       SOCK_STREAM,
1638         .protocol       =       IPPROTO_TCP,
1639         .prot           =       &tcpv6_prot,
1640         .ops            =       &inet6_stream_ops,
1641         .capability     =       -1,
1642         .no_check       =       0,
1643         .flags          =       INET_PROTOSW_PERMANENT |
1644                                 INET_PROTOSW_ICSK,
1645 };
1646
1647 void __init tcpv6_init(void)
1648 {
1649         /* register inet6 protocol */
1650         if (inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP) < 0)
1651                 printk(KERN_ERR "tcpv6_init: Could not register protocol\n");
1652         inet6_register_protosw(&tcpv6_protosw);
1653
1654         if (inet_csk_ctl_sock_create(&tcp6_socket, PF_INET6, SOCK_RAW,
1655                                      IPPROTO_TCP) < 0)
1656                 panic("Failed to create the TCPv6 control socket.\n");
1657 }