Pull esi-support into release branch
[linux-2.6] / net / ipv6 / tcp_ipv6.c
1 /*
2  *      TCP over IPv6
3  *      Linux INET6 implementation 
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>     
7  *
8  *      $Id: tcp_ipv6.c,v 1.144 2002/02/01 22:01:04 davem Exp $
9  *
10  *      Based on: 
11  *      linux/net/ipv4/tcp.c
12  *      linux/net/ipv4/tcp_input.c
13  *      linux/net/ipv4/tcp_output.c
14  *
15  *      Fixes:
16  *      Hideaki YOSHIFUJI       :       sin6_scope_id support
17  *      YOSHIFUJI Hideaki @USAGI and:   Support IPV6_V6ONLY socket option, which
18  *      Alexey Kuznetsov                allow both IPv4 and IPv6 sockets to bind
19  *                                      a single port at the same time.
20  *      YOSHIFUJI Hideaki @USAGI:       convert /proc/net/tcp6 to seq_file.
21  *
22  *      This program is free software; you can redistribute it and/or
23  *      modify it under the terms of the GNU General Public License
24  *      as published by the Free Software Foundation; either version
25  *      2 of the License, or (at your option) any later version.
26  */
27
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/net.h>
34 #include <linux/jiffies.h>
35 #include <linux/in.h>
36 #include <linux/in6.h>
37 #include <linux/netdevice.h>
38 #include <linux/init.h>
39 #include <linux/jhash.h>
40 #include <linux/ipsec.h>
41 #include <linux/times.h>
42
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
46
47 #include <net/tcp.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
51 #include <net/ipv6.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
58 #include <net/xfrm.h>
59 #include <net/addrconf.h>
60 #include <net/snmp.h>
61 #include <net/dsfield.h>
62 #include <net/timewait_sock.h>
63
64 #include <asm/uaccess.h>
65
66 #include <linux/proc_fs.h>
67 #include <linux/seq_file.h>
68
69 /* Socket used for sending RSTs and ACKs */
70 static struct socket *tcp6_socket;
71
72 static void     tcp_v6_send_reset(struct sk_buff *skb);
73 static void     tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req);
74 static void     tcp_v6_send_check(struct sock *sk, int len, 
75                                   struct sk_buff *skb);
76
77 static int      tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
78
79 static struct inet_connection_sock_af_ops ipv6_mapped;
80 static struct inet_connection_sock_af_ops ipv6_specific;
81
82 static int tcp_v6_get_port(struct sock *sk, unsigned short snum)
83 {
84         return inet_csk_get_port(&tcp_hashinfo, sk, snum,
85                                  inet6_csk_bind_conflict);
86 }
87
88 static void tcp_v6_hash(struct sock *sk)
89 {
90         if (sk->sk_state != TCP_CLOSE) {
91                 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
92                         tcp_prot.hash(sk);
93                         return;
94                 }
95                 local_bh_disable();
96                 __inet6_hash(&tcp_hashinfo, sk);
97                 local_bh_enable();
98         }
99 }
100
101 static __inline__ u16 tcp_v6_check(struct tcphdr *th, int len,
102                                    struct in6_addr *saddr, 
103                                    struct in6_addr *daddr, 
104                                    unsigned long base)
105 {
106         return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
107 }
108
109 static __u32 tcp_v6_init_sequence(struct sock *sk, struct sk_buff *skb)
110 {
111         if (skb->protocol == htons(ETH_P_IPV6)) {
112                 return secure_tcpv6_sequence_number(skb->nh.ipv6h->daddr.s6_addr32,
113                                                     skb->nh.ipv6h->saddr.s6_addr32,
114                                                     skb->h.th->dest,
115                                                     skb->h.th->source);
116         } else {
117                 return secure_tcp_sequence_number(skb->nh.iph->daddr,
118                                                   skb->nh.iph->saddr,
119                                                   skb->h.th->dest,
120                                                   skb->h.th->source);
121         }
122 }
123
124 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 
125                           int addr_len)
126 {
127         struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
128         struct inet_sock *inet = inet_sk(sk);
129         struct inet_connection_sock *icsk = inet_csk(sk);
130         struct ipv6_pinfo *np = inet6_sk(sk);
131         struct tcp_sock *tp = tcp_sk(sk);
132         struct in6_addr *saddr = NULL, *final_p = NULL, final;
133         struct flowi fl;
134         struct dst_entry *dst;
135         int addr_type;
136         int err;
137
138         if (addr_len < SIN6_LEN_RFC2133) 
139                 return -EINVAL;
140
141         if (usin->sin6_family != AF_INET6) 
142                 return(-EAFNOSUPPORT);
143
144         memset(&fl, 0, sizeof(fl));
145
146         if (np->sndflow) {
147                 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
148                 IP6_ECN_flow_init(fl.fl6_flowlabel);
149                 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
150                         struct ip6_flowlabel *flowlabel;
151                         flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
152                         if (flowlabel == NULL)
153                                 return -EINVAL;
154                         ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
155                         fl6_sock_release(flowlabel);
156                 }
157         }
158
159         /*
160          *      connect() to INADDR_ANY means loopback (BSD'ism).
161          */
162         
163         if(ipv6_addr_any(&usin->sin6_addr))
164                 usin->sin6_addr.s6_addr[15] = 0x1; 
165
166         addr_type = ipv6_addr_type(&usin->sin6_addr);
167
168         if(addr_type & IPV6_ADDR_MULTICAST)
169                 return -ENETUNREACH;
170
171         if (addr_type&IPV6_ADDR_LINKLOCAL) {
172                 if (addr_len >= sizeof(struct sockaddr_in6) &&
173                     usin->sin6_scope_id) {
174                         /* If interface is set while binding, indices
175                          * must coincide.
176                          */
177                         if (sk->sk_bound_dev_if &&
178                             sk->sk_bound_dev_if != usin->sin6_scope_id)
179                                 return -EINVAL;
180
181                         sk->sk_bound_dev_if = usin->sin6_scope_id;
182                 }
183
184                 /* Connect to link-local address requires an interface */
185                 if (!sk->sk_bound_dev_if)
186                         return -EINVAL;
187         }
188
189         if (tp->rx_opt.ts_recent_stamp &&
190             !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
191                 tp->rx_opt.ts_recent = 0;
192                 tp->rx_opt.ts_recent_stamp = 0;
193                 tp->write_seq = 0;
194         }
195
196         ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
197         np->flow_label = fl.fl6_flowlabel;
198
199         /*
200          *      TCP over IPv4
201          */
202
203         if (addr_type == IPV6_ADDR_MAPPED) {
204                 u32 exthdrlen = icsk->icsk_ext_hdr_len;
205                 struct sockaddr_in sin;
206
207                 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
208
209                 if (__ipv6_only_sock(sk))
210                         return -ENETUNREACH;
211
212                 sin.sin_family = AF_INET;
213                 sin.sin_port = usin->sin6_port;
214                 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
215
216                 icsk->icsk_af_ops = &ipv6_mapped;
217                 sk->sk_backlog_rcv = tcp_v4_do_rcv;
218
219                 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
220
221                 if (err) {
222                         icsk->icsk_ext_hdr_len = exthdrlen;
223                         icsk->icsk_af_ops = &ipv6_specific;
224                         sk->sk_backlog_rcv = tcp_v6_do_rcv;
225                         goto failure;
226                 } else {
227                         ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF),
228                                       inet->saddr);
229                         ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF),
230                                       inet->rcv_saddr);
231                 }
232
233                 return err;
234         }
235
236         if (!ipv6_addr_any(&np->rcv_saddr))
237                 saddr = &np->rcv_saddr;
238
239         fl.proto = IPPROTO_TCP;
240         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
241         ipv6_addr_copy(&fl.fl6_src,
242                        (saddr ? saddr : &np->saddr));
243         fl.oif = sk->sk_bound_dev_if;
244         fl.fl_ip_dport = usin->sin6_port;
245         fl.fl_ip_sport = inet->sport;
246
247         if (np->opt && np->opt->srcrt) {
248                 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
249                 ipv6_addr_copy(&final, &fl.fl6_dst);
250                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
251                 final_p = &final;
252         }
253
254         err = ip6_dst_lookup(sk, &dst, &fl);
255         if (err)
256                 goto failure;
257         if (final_p)
258                 ipv6_addr_copy(&fl.fl6_dst, final_p);
259
260         if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
261                 goto failure;
262
263         if (saddr == NULL) {
264                 saddr = &fl.fl6_src;
265                 ipv6_addr_copy(&np->rcv_saddr, saddr);
266         }
267
268         /* set the source address */
269         ipv6_addr_copy(&np->saddr, saddr);
270         inet->rcv_saddr = LOOPBACK4_IPV6;
271
272         sk->sk_gso_type = SKB_GSO_TCPV6;
273         __ip6_dst_store(sk, dst, NULL);
274
275         icsk->icsk_ext_hdr_len = 0;
276         if (np->opt)
277                 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
278                                           np->opt->opt_nflen);
279
280         tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
281
282         inet->dport = usin->sin6_port;
283
284         tcp_set_state(sk, TCP_SYN_SENT);
285         err = inet6_hash_connect(&tcp_death_row, sk);
286         if (err)
287                 goto late_failure;
288
289         if (!tp->write_seq)
290                 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
291                                                              np->daddr.s6_addr32,
292                                                              inet->sport,
293                                                              inet->dport);
294
295         err = tcp_connect(sk);
296         if (err)
297                 goto late_failure;
298
299         return 0;
300
301 late_failure:
302         tcp_set_state(sk, TCP_CLOSE);
303         __sk_dst_reset(sk);
304 failure:
305         inet->dport = 0;
306         sk->sk_route_caps = 0;
307         return err;
308 }
309
310 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
311                 int type, int code, int offset, __u32 info)
312 {
313         struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
314         const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
315         struct ipv6_pinfo *np;
316         struct sock *sk;
317         int err;
318         struct tcp_sock *tp; 
319         __u32 seq;
320
321         sk = inet6_lookup(&tcp_hashinfo, &hdr->daddr, th->dest, &hdr->saddr,
322                           th->source, skb->dev->ifindex);
323
324         if (sk == NULL) {
325                 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
326                 return;
327         }
328
329         if (sk->sk_state == TCP_TIME_WAIT) {
330                 inet_twsk_put((struct inet_timewait_sock *)sk);
331                 return;
332         }
333
334         bh_lock_sock(sk);
335         if (sock_owned_by_user(sk))
336                 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
337
338         if (sk->sk_state == TCP_CLOSE)
339                 goto out;
340
341         tp = tcp_sk(sk);
342         seq = ntohl(th->seq); 
343         if (sk->sk_state != TCP_LISTEN &&
344             !between(seq, tp->snd_una, tp->snd_nxt)) {
345                 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
346                 goto out;
347         }
348
349         np = inet6_sk(sk);
350
351         if (type == ICMPV6_PKT_TOOBIG) {
352                 struct dst_entry *dst = NULL;
353
354                 if (sock_owned_by_user(sk))
355                         goto out;
356                 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
357                         goto out;
358
359                 /* icmp should have updated the destination cache entry */
360                 dst = __sk_dst_check(sk, np->dst_cookie);
361
362                 if (dst == NULL) {
363                         struct inet_sock *inet = inet_sk(sk);
364                         struct flowi fl;
365
366                         /* BUGGG_FUTURE: Again, it is not clear how
367                            to handle rthdr case. Ignore this complexity
368                            for now.
369                          */
370                         memset(&fl, 0, sizeof(fl));
371                         fl.proto = IPPROTO_TCP;
372                         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
373                         ipv6_addr_copy(&fl.fl6_src, &np->saddr);
374                         fl.oif = sk->sk_bound_dev_if;
375                         fl.fl_ip_dport = inet->dport;
376                         fl.fl_ip_sport = inet->sport;
377
378                         if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
379                                 sk->sk_err_soft = -err;
380                                 goto out;
381                         }
382
383                         if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
384                                 sk->sk_err_soft = -err;
385                                 goto out;
386                         }
387
388                 } else
389                         dst_hold(dst);
390
391                 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
392                         tcp_sync_mss(sk, dst_mtu(dst));
393                         tcp_simple_retransmit(sk);
394                 } /* else let the usual retransmit timer handle it */
395                 dst_release(dst);
396                 goto out;
397         }
398
399         icmpv6_err_convert(type, code, &err);
400
401         /* Might be for an request_sock */
402         switch (sk->sk_state) {
403                 struct request_sock *req, **prev;
404         case TCP_LISTEN:
405                 if (sock_owned_by_user(sk))
406                         goto out;
407
408                 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
409                                            &hdr->saddr, inet6_iif(skb));
410                 if (!req)
411                         goto out;
412
413                 /* ICMPs are not backlogged, hence we cannot get
414                  * an established socket here.
415                  */
416                 BUG_TRAP(req->sk == NULL);
417
418                 if (seq != tcp_rsk(req)->snt_isn) {
419                         NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
420                         goto out;
421                 }
422
423                 inet_csk_reqsk_queue_drop(sk, req, prev);
424                 goto out;
425
426         case TCP_SYN_SENT:
427         case TCP_SYN_RECV:  /* Cannot happen.
428                                It can, it SYNs are crossed. --ANK */ 
429                 if (!sock_owned_by_user(sk)) {
430                         sk->sk_err = err;
431                         sk->sk_error_report(sk);                /* Wake people up to see the error (see connect in sock.c) */
432
433                         tcp_done(sk);
434                 } else
435                         sk->sk_err_soft = err;
436                 goto out;
437         }
438
439         if (!sock_owned_by_user(sk) && np->recverr) {
440                 sk->sk_err = err;
441                 sk->sk_error_report(sk);
442         } else
443                 sk->sk_err_soft = err;
444
445 out:
446         bh_unlock_sock(sk);
447         sock_put(sk);
448 }
449
450
451 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
452                               struct dst_entry *dst)
453 {
454         struct inet6_request_sock *treq = inet6_rsk(req);
455         struct ipv6_pinfo *np = inet6_sk(sk);
456         struct sk_buff * skb;
457         struct ipv6_txoptions *opt = NULL;
458         struct in6_addr * final_p = NULL, final;
459         struct flowi fl;
460         int err = -1;
461
462         memset(&fl, 0, sizeof(fl));
463         fl.proto = IPPROTO_TCP;
464         ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
465         ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
466         fl.fl6_flowlabel = 0;
467         fl.oif = treq->iif;
468         fl.fl_ip_dport = inet_rsk(req)->rmt_port;
469         fl.fl_ip_sport = inet_sk(sk)->sport;
470
471         if (dst == NULL) {
472                 opt = np->opt;
473                 if (opt == NULL &&
474                     np->rxopt.bits.osrcrt == 2 &&
475                     treq->pktopts) {
476                         struct sk_buff *pktopts = treq->pktopts;
477                         struct inet6_skb_parm *rxopt = IP6CB(pktopts);
478                         if (rxopt->srcrt)
479                                 opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr*)(pktopts->nh.raw + rxopt->srcrt));
480                 }
481
482                 if (opt && opt->srcrt) {
483                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
484                         ipv6_addr_copy(&final, &fl.fl6_dst);
485                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
486                         final_p = &final;
487                 }
488
489                 err = ip6_dst_lookup(sk, &dst, &fl);
490                 if (err)
491                         goto done;
492                 if (final_p)
493                         ipv6_addr_copy(&fl.fl6_dst, final_p);
494                 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
495                         goto done;
496         }
497
498         skb = tcp_make_synack(sk, dst, req);
499         if (skb) {
500                 struct tcphdr *th = skb->h.th;
501
502                 th->check = tcp_v6_check(th, skb->len,
503                                          &treq->loc_addr, &treq->rmt_addr,
504                                          csum_partial((char *)th, skb->len, skb->csum));
505
506                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
507                 err = ip6_xmit(sk, skb, &fl, opt, 0);
508                 if (err == NET_XMIT_CN)
509                         err = 0;
510         }
511
512 done:
513         if (opt && opt != np->opt)
514                 sock_kfree_s(sk, opt, opt->tot_len);
515         dst_release(dst);
516         return err;
517 }
518
519 static void tcp_v6_reqsk_destructor(struct request_sock *req)
520 {
521         if (inet6_rsk(req)->pktopts)
522                 kfree_skb(inet6_rsk(req)->pktopts);
523 }
524
525 static struct request_sock_ops tcp6_request_sock_ops = {
526         .family         =       AF_INET6,
527         .obj_size       =       sizeof(struct tcp6_request_sock),
528         .rtx_syn_ack    =       tcp_v6_send_synack,
529         .send_ack       =       tcp_v6_reqsk_send_ack,
530         .destructor     =       tcp_v6_reqsk_destructor,
531         .send_reset     =       tcp_v6_send_reset
532 };
533
534 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
535         .twsk_obj_size  = sizeof(struct tcp6_timewait_sock),
536         .twsk_unique    = tcp_twsk_unique,
537 };
538
539 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb)
540 {
541         struct ipv6_pinfo *np = inet6_sk(sk);
542         struct tcphdr *th = skb->h.th;
543
544         if (skb->ip_summed == CHECKSUM_HW) {
545                 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,  0);
546                 skb->csum = offsetof(struct tcphdr, check);
547         } else {
548                 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP, 
549                                             csum_partial((char *)th, th->doff<<2, 
550                                                          skb->csum));
551         }
552 }
553
554 static int tcp_v6_gso_send_check(struct sk_buff *skb)
555 {
556         struct ipv6hdr *ipv6h;
557         struct tcphdr *th;
558
559         if (!pskb_may_pull(skb, sizeof(*th)))
560                 return -EINVAL;
561
562         ipv6h = skb->nh.ipv6h;
563         th = skb->h.th;
564
565         th->check = 0;
566         th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len,
567                                      IPPROTO_TCP, 0);
568         skb->csum = offsetof(struct tcphdr, check);
569         skb->ip_summed = CHECKSUM_HW;
570         return 0;
571 }
572
573 static void tcp_v6_send_reset(struct sk_buff *skb)
574 {
575         struct tcphdr *th = skb->h.th, *t1; 
576         struct sk_buff *buff;
577         struct flowi fl;
578
579         if (th->rst)
580                 return;
581
582         if (!ipv6_unicast_destination(skb))
583                 return; 
584
585         /*
586          * We need to grab some memory, and put together an RST,
587          * and then put it into the queue to be sent.
588          */
589
590         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + sizeof(struct tcphdr),
591                          GFP_ATOMIC);
592         if (buff == NULL) 
593                 return;
594
595         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + sizeof(struct tcphdr));
596
597         t1 = (struct tcphdr *) skb_push(buff,sizeof(struct tcphdr));
598
599         /* Swap the send and the receive. */
600         memset(t1, 0, sizeof(*t1));
601         t1->dest = th->source;
602         t1->source = th->dest;
603         t1->doff = sizeof(*t1)/4;
604         t1->rst = 1;
605   
606         if(th->ack) {
607                 t1->seq = th->ack_seq;
608         } else {
609                 t1->ack = 1;
610                 t1->ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin
611                                     + skb->len - (th->doff<<2));
612         }
613
614         buff->csum = csum_partial((char *)t1, sizeof(*t1), 0);
615
616         memset(&fl, 0, sizeof(fl));
617         ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
618         ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
619
620         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
621                                     sizeof(*t1), IPPROTO_TCP,
622                                     buff->csum);
623
624         fl.proto = IPPROTO_TCP;
625         fl.oif = inet6_iif(skb);
626         fl.fl_ip_dport = t1->dest;
627         fl.fl_ip_sport = t1->source;
628
629         /* sk = NULL, but it is safe for now. RST socket required. */
630         if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
631
632                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
633                         ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
634                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
635                         TCP_INC_STATS_BH(TCP_MIB_OUTRSTS);
636                         return;
637                 }
638         }
639
640         kfree_skb(buff);
641 }
642
643 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts)
644 {
645         struct tcphdr *th = skb->h.th, *t1;
646         struct sk_buff *buff;
647         struct flowi fl;
648         int tot_len = sizeof(struct tcphdr);
649
650         if (ts)
651                 tot_len += 3*4;
652
653         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
654                          GFP_ATOMIC);
655         if (buff == NULL)
656                 return;
657
658         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
659
660         t1 = (struct tcphdr *) skb_push(buff,tot_len);
661
662         /* Swap the send and the receive. */
663         memset(t1, 0, sizeof(*t1));
664         t1->dest = th->source;
665         t1->source = th->dest;
666         t1->doff = tot_len/4;
667         t1->seq = htonl(seq);
668         t1->ack_seq = htonl(ack);
669         t1->ack = 1;
670         t1->window = htons(win);
671         
672         if (ts) {
673                 u32 *ptr = (u32*)(t1 + 1);
674                 *ptr++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
675                                (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
676                 *ptr++ = htonl(tcp_time_stamp);
677                 *ptr = htonl(ts);
678         }
679
680         buff->csum = csum_partial((char *)t1, tot_len, 0);
681
682         memset(&fl, 0, sizeof(fl));
683         ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
684         ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
685
686         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
687                                     tot_len, IPPROTO_TCP,
688                                     buff->csum);
689
690         fl.proto = IPPROTO_TCP;
691         fl.oif = inet6_iif(skb);
692         fl.fl_ip_dport = t1->dest;
693         fl.fl_ip_sport = t1->source;
694
695         if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
696                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
697                         ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
698                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
699                         return;
700                 }
701         }
702
703         kfree_skb(buff);
704 }
705
706 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
707 {
708         struct inet_timewait_sock *tw = inet_twsk(sk);
709         const struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
710
711         tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
712                         tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
713                         tcptw->tw_ts_recent);
714
715         inet_twsk_put(tw);
716 }
717
718 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req)
719 {
720         tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent);
721 }
722
723
724 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
725 {
726         struct request_sock *req, **prev;
727         const struct tcphdr *th = skb->h.th;
728         struct sock *nsk;
729
730         /* Find possible connection requests. */
731         req = inet6_csk_search_req(sk, &prev, th->source,
732                                    &skb->nh.ipv6h->saddr,
733                                    &skb->nh.ipv6h->daddr, inet6_iif(skb));
734         if (req)
735                 return tcp_check_req(sk, skb, req, prev);
736
737         nsk = __inet6_lookup_established(&tcp_hashinfo, &skb->nh.ipv6h->saddr,
738                                          th->source, &skb->nh.ipv6h->daddr,
739                                          ntohs(th->dest), inet6_iif(skb));
740
741         if (nsk) {
742                 if (nsk->sk_state != TCP_TIME_WAIT) {
743                         bh_lock_sock(nsk);
744                         return nsk;
745                 }
746                 inet_twsk_put((struct inet_timewait_sock *)nsk);
747                 return NULL;
748         }
749
750 #if 0 /*def CONFIG_SYN_COOKIES*/
751         if (!th->rst && !th->syn && th->ack)
752                 sk = cookie_v6_check(sk, skb, &(IPCB(skb)->opt));
753 #endif
754         return sk;
755 }
756
757 /* FIXME: this is substantially similar to the ipv4 code.
758  * Can some kind of merge be done? -- erics
759  */
760 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
761 {
762         struct inet6_request_sock *treq;
763         struct ipv6_pinfo *np = inet6_sk(sk);
764         struct tcp_options_received tmp_opt;
765         struct tcp_sock *tp = tcp_sk(sk);
766         struct request_sock *req = NULL;
767         __u32 isn = TCP_SKB_CB(skb)->when;
768
769         if (skb->protocol == htons(ETH_P_IP))
770                 return tcp_v4_conn_request(sk, skb);
771
772         if (!ipv6_unicast_destination(skb))
773                 goto drop; 
774
775         /*
776          *      There are no SYN attacks on IPv6, yet...        
777          */
778         if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
779                 if (net_ratelimit())
780                         printk(KERN_INFO "TCPv6: dropping request, synflood is possible\n");
781                 goto drop;              
782         }
783
784         if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
785                 goto drop;
786
787         req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
788         if (req == NULL)
789                 goto drop;
790
791         tcp_clear_options(&tmp_opt);
792         tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
793         tmp_opt.user_mss = tp->rx_opt.user_mss;
794
795         tcp_parse_options(skb, &tmp_opt, 0);
796
797         tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
798         tcp_openreq_init(req, &tmp_opt, skb);
799
800         treq = inet6_rsk(req);
801         ipv6_addr_copy(&treq->rmt_addr, &skb->nh.ipv6h->saddr);
802         ipv6_addr_copy(&treq->loc_addr, &skb->nh.ipv6h->daddr);
803         TCP_ECN_create_request(req, skb->h.th);
804         treq->pktopts = NULL;
805         if (ipv6_opt_accepted(sk, skb) ||
806             np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
807             np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
808                 atomic_inc(&skb->users);
809                 treq->pktopts = skb;
810         }
811         treq->iif = sk->sk_bound_dev_if;
812
813         /* So that link locals have meaning */
814         if (!sk->sk_bound_dev_if &&
815             ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
816                 treq->iif = inet6_iif(skb);
817
818         if (isn == 0) 
819                 isn = tcp_v6_init_sequence(sk,skb);
820
821         tcp_rsk(req)->snt_isn = isn;
822
823         if (tcp_v6_send_synack(sk, req, NULL))
824                 goto drop;
825
826         inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
827         return 0;
828
829 drop:
830         if (req)
831                 reqsk_free(req);
832
833         return 0; /* don't send reset */
834 }
835
836 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
837                                           struct request_sock *req,
838                                           struct dst_entry *dst)
839 {
840         struct inet6_request_sock *treq = inet6_rsk(req);
841         struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
842         struct tcp6_sock *newtcp6sk;
843         struct inet_sock *newinet;
844         struct tcp_sock *newtp;
845         struct sock *newsk;
846         struct ipv6_txoptions *opt;
847
848         if (skb->protocol == htons(ETH_P_IP)) {
849                 /*
850                  *      v6 mapped
851                  */
852
853                 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
854
855                 if (newsk == NULL) 
856                         return NULL;
857
858                 newtcp6sk = (struct tcp6_sock *)newsk;
859                 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
860
861                 newinet = inet_sk(newsk);
862                 newnp = inet6_sk(newsk);
863                 newtp = tcp_sk(newsk);
864
865                 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
866
867                 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF),
868                               newinet->daddr);
869
870                 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF),
871                               newinet->saddr);
872
873                 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
874
875                 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
876                 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
877                 newnp->pktoptions  = NULL;
878                 newnp->opt         = NULL;
879                 newnp->mcast_oif   = inet6_iif(skb);
880                 newnp->mcast_hops  = skb->nh.ipv6h->hop_limit;
881
882                 /*
883                  * No need to charge this sock to the relevant IPv6 refcnt debug socks count
884                  * here, tcp_create_openreq_child now does this for us, see the comment in
885                  * that function for the gory details. -acme
886                  */
887
888                 /* It is tricky place. Until this moment IPv4 tcp
889                    worked with IPv6 icsk.icsk_af_ops.
890                    Sync it now.
891                  */
892                 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
893
894                 return newsk;
895         }
896
897         opt = np->opt;
898
899         if (sk_acceptq_is_full(sk))
900                 goto out_overflow;
901
902         if (np->rxopt.bits.osrcrt == 2 &&
903             opt == NULL && treq->pktopts) {
904                 struct inet6_skb_parm *rxopt = IP6CB(treq->pktopts);
905                 if (rxopt->srcrt)
906                         opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr *)(treq->pktopts->nh.raw + rxopt->srcrt));
907         }
908
909         if (dst == NULL) {
910                 struct in6_addr *final_p = NULL, final;
911                 struct flowi fl;
912
913                 memset(&fl, 0, sizeof(fl));
914                 fl.proto = IPPROTO_TCP;
915                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
916                 if (opt && opt->srcrt) {
917                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
918                         ipv6_addr_copy(&final, &fl.fl6_dst);
919                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
920                         final_p = &final;
921                 }
922                 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
923                 fl.oif = sk->sk_bound_dev_if;
924                 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
925                 fl.fl_ip_sport = inet_sk(sk)->sport;
926
927                 if (ip6_dst_lookup(sk, &dst, &fl))
928                         goto out;
929
930                 if (final_p)
931                         ipv6_addr_copy(&fl.fl6_dst, final_p);
932
933                 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
934                         goto out;
935         } 
936
937         newsk = tcp_create_openreq_child(sk, req, skb);
938         if (newsk == NULL)
939                 goto out;
940
941         /*
942          * No need to charge this sock to the relevant IPv6 refcnt debug socks
943          * count here, tcp_create_openreq_child now does this for us, see the
944          * comment in that function for the gory details. -acme
945          */
946
947         newsk->sk_gso_type = SKB_GSO_TCPV6;
948         __ip6_dst_store(newsk, dst, NULL);
949
950         newtcp6sk = (struct tcp6_sock *)newsk;
951         inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
952
953         newtp = tcp_sk(newsk);
954         newinet = inet_sk(newsk);
955         newnp = inet6_sk(newsk);
956
957         memcpy(newnp, np, sizeof(struct ipv6_pinfo));
958
959         ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
960         ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
961         ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
962         newsk->sk_bound_dev_if = treq->iif;
963
964         /* Now IPv6 options... 
965
966            First: no IPv4 options.
967          */
968         newinet->opt = NULL;
969
970         /* Clone RX bits */
971         newnp->rxopt.all = np->rxopt.all;
972
973         /* Clone pktoptions received with SYN */
974         newnp->pktoptions = NULL;
975         if (treq->pktopts != NULL) {
976                 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
977                 kfree_skb(treq->pktopts);
978                 treq->pktopts = NULL;
979                 if (newnp->pktoptions)
980                         skb_set_owner_r(newnp->pktoptions, newsk);
981         }
982         newnp->opt        = NULL;
983         newnp->mcast_oif  = inet6_iif(skb);
984         newnp->mcast_hops = skb->nh.ipv6h->hop_limit;
985
986         /* Clone native IPv6 options from listening socket (if any)
987
988            Yes, keeping reference count would be much more clever,
989            but we make one more one thing there: reattach optmem
990            to newsk.
991          */
992         if (opt) {
993                 newnp->opt = ipv6_dup_options(newsk, opt);
994                 if (opt != np->opt)
995                         sock_kfree_s(sk, opt, opt->tot_len);
996         }
997
998         inet_csk(newsk)->icsk_ext_hdr_len = 0;
999         if (newnp->opt)
1000                 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1001                                                      newnp->opt->opt_flen);
1002
1003         tcp_mtup_init(newsk);
1004         tcp_sync_mss(newsk, dst_mtu(dst));
1005         newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1006         tcp_initialize_rcv_mss(newsk);
1007
1008         newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
1009
1010         __inet6_hash(&tcp_hashinfo, newsk);
1011         inet_inherit_port(&tcp_hashinfo, sk, newsk);
1012
1013         return newsk;
1014
1015 out_overflow:
1016         NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
1017 out:
1018         NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
1019         if (opt && opt != np->opt)
1020                 sock_kfree_s(sk, opt, opt->tot_len);
1021         dst_release(dst);
1022         return NULL;
1023 }
1024
1025 static int tcp_v6_checksum_init(struct sk_buff *skb)
1026 {
1027         if (skb->ip_summed == CHECKSUM_HW) {
1028                 if (!tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1029                                   &skb->nh.ipv6h->daddr,skb->csum)) {
1030                         skb->ip_summed = CHECKSUM_UNNECESSARY;
1031                         return 0;
1032                 }
1033         }
1034
1035         skb->csum = ~tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1036                                   &skb->nh.ipv6h->daddr, 0);
1037
1038         if (skb->len <= 76) {
1039                 return __skb_checksum_complete(skb);
1040         }
1041         return 0;
1042 }
1043
1044 /* The socket must have it's spinlock held when we get
1045  * here.
1046  *
1047  * We have a potential double-lock case here, so even when
1048  * doing backlog processing we use the BH locking scheme.
1049  * This is because we cannot sleep with the original spinlock
1050  * held.
1051  */
1052 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1053 {
1054         struct ipv6_pinfo *np = inet6_sk(sk);
1055         struct tcp_sock *tp;
1056         struct sk_buff *opt_skb = NULL;
1057
1058         /* Imagine: socket is IPv6. IPv4 packet arrives,
1059            goes to IPv4 receive handler and backlogged.
1060            From backlog it always goes here. Kerboom...
1061            Fortunately, tcp_rcv_established and rcv_established
1062            handle them correctly, but it is not case with
1063            tcp_v6_hnd_req and tcp_v6_send_reset().   --ANK
1064          */
1065
1066         if (skb->protocol == htons(ETH_P_IP))
1067                 return tcp_v4_do_rcv(sk, skb);
1068
1069         if (sk_filter(sk, skb, 0))
1070                 goto discard;
1071
1072         /*
1073          *      socket locking is here for SMP purposes as backlog rcv
1074          *      is currently called with bh processing disabled.
1075          */
1076
1077         /* Do Stevens' IPV6_PKTOPTIONS.
1078
1079            Yes, guys, it is the only place in our code, where we
1080            may make it not affecting IPv4.
1081            The rest of code is protocol independent,
1082            and I do not like idea to uglify IPv4.
1083
1084            Actually, all the idea behind IPV6_PKTOPTIONS
1085            looks not very well thought. For now we latch
1086            options, received in the last packet, enqueued
1087            by tcp. Feel free to propose better solution.
1088                                                --ANK (980728)
1089          */
1090         if (np->rxopt.all)
1091                 opt_skb = skb_clone(skb, GFP_ATOMIC);
1092
1093         if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1094                 TCP_CHECK_TIMER(sk);
1095                 if (tcp_rcv_established(sk, skb, skb->h.th, skb->len))
1096                         goto reset;
1097                 TCP_CHECK_TIMER(sk);
1098                 if (opt_skb)
1099                         goto ipv6_pktoptions;
1100                 return 0;
1101         }
1102
1103         if (skb->len < (skb->h.th->doff<<2) || tcp_checksum_complete(skb))
1104                 goto csum_err;
1105
1106         if (sk->sk_state == TCP_LISTEN) { 
1107                 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1108                 if (!nsk)
1109                         goto discard;
1110
1111                 /*
1112                  * Queue it on the new socket if the new socket is active,
1113                  * otherwise we just shortcircuit this and continue with
1114                  * the new socket..
1115                  */
1116                 if(nsk != sk) {
1117                         if (tcp_child_process(sk, nsk, skb))
1118                                 goto reset;
1119                         if (opt_skb)
1120                                 __kfree_skb(opt_skb);
1121                         return 0;
1122                 }
1123         }
1124
1125         TCP_CHECK_TIMER(sk);
1126         if (tcp_rcv_state_process(sk, skb, skb->h.th, skb->len))
1127                 goto reset;
1128         TCP_CHECK_TIMER(sk);
1129         if (opt_skb)
1130                 goto ipv6_pktoptions;
1131         return 0;
1132
1133 reset:
1134         tcp_v6_send_reset(skb);
1135 discard:
1136         if (opt_skb)
1137                 __kfree_skb(opt_skb);
1138         kfree_skb(skb);
1139         return 0;
1140 csum_err:
1141         TCP_INC_STATS_BH(TCP_MIB_INERRS);
1142         goto discard;
1143
1144
1145 ipv6_pktoptions:
1146         /* Do you ask, what is it?
1147
1148            1. skb was enqueued by tcp.
1149            2. skb is added to tail of read queue, rather than out of order.
1150            3. socket is not in passive state.
1151            4. Finally, it really contains options, which user wants to receive.
1152          */
1153         tp = tcp_sk(sk);
1154         if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1155             !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1156                 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1157                         np->mcast_oif = inet6_iif(opt_skb);
1158                 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1159                         np->mcast_hops = opt_skb->nh.ipv6h->hop_limit;
1160                 if (ipv6_opt_accepted(sk, opt_skb)) {
1161                         skb_set_owner_r(opt_skb, sk);
1162                         opt_skb = xchg(&np->pktoptions, opt_skb);
1163                 } else {
1164                         __kfree_skb(opt_skb);
1165                         opt_skb = xchg(&np->pktoptions, NULL);
1166                 }
1167         }
1168
1169         if (opt_skb)
1170                 kfree_skb(opt_skb);
1171         return 0;
1172 }
1173
1174 static int tcp_v6_rcv(struct sk_buff **pskb)
1175 {
1176         struct sk_buff *skb = *pskb;
1177         struct tcphdr *th;      
1178         struct sock *sk;
1179         int ret;
1180
1181         if (skb->pkt_type != PACKET_HOST)
1182                 goto discard_it;
1183
1184         /*
1185          *      Count it even if it's bad.
1186          */
1187         TCP_INC_STATS_BH(TCP_MIB_INSEGS);
1188
1189         if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1190                 goto discard_it;
1191
1192         th = skb->h.th;
1193
1194         if (th->doff < sizeof(struct tcphdr)/4)
1195                 goto bad_packet;
1196         if (!pskb_may_pull(skb, th->doff*4))
1197                 goto discard_it;
1198
1199         if ((skb->ip_summed != CHECKSUM_UNNECESSARY &&
1200              tcp_v6_checksum_init(skb)))
1201                 goto bad_packet;
1202
1203         th = skb->h.th;
1204         TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1205         TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1206                                     skb->len - th->doff*4);
1207         TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1208         TCP_SKB_CB(skb)->when = 0;
1209         TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(skb->nh.ipv6h);
1210         TCP_SKB_CB(skb)->sacked = 0;
1211
1212         sk = __inet6_lookup(&tcp_hashinfo, &skb->nh.ipv6h->saddr, th->source,
1213                             &skb->nh.ipv6h->daddr, ntohs(th->dest),
1214                             inet6_iif(skb));
1215
1216         if (!sk)
1217                 goto no_tcp_socket;
1218
1219 process:
1220         if (sk->sk_state == TCP_TIME_WAIT)
1221                 goto do_time_wait;
1222
1223         if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1224                 goto discard_and_relse;
1225
1226         if (sk_filter(sk, skb, 0))
1227                 goto discard_and_relse;
1228
1229         skb->dev = NULL;
1230
1231         bh_lock_sock(sk);
1232         ret = 0;
1233         if (!sock_owned_by_user(sk)) {
1234 #ifdef CONFIG_NET_DMA
1235                 struct tcp_sock *tp = tcp_sk(sk);
1236                 if (tp->ucopy.dma_chan)
1237                         ret = tcp_v6_do_rcv(sk, skb);
1238                 else
1239 #endif
1240                 {
1241                         if (!tcp_prequeue(sk, skb))
1242                                 ret = tcp_v6_do_rcv(sk, skb);
1243                 }
1244         } else
1245                 sk_add_backlog(sk, skb);
1246         bh_unlock_sock(sk);
1247
1248         sock_put(sk);
1249         return ret ? -1 : 0;
1250
1251 no_tcp_socket:
1252         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1253                 goto discard_it;
1254
1255         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1256 bad_packet:
1257                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1258         } else {
1259                 tcp_v6_send_reset(skb);
1260         }
1261
1262 discard_it:
1263
1264         /*
1265          *      Discard frame
1266          */
1267
1268         kfree_skb(skb);
1269         return 0;
1270
1271 discard_and_relse:
1272         sock_put(sk);
1273         goto discard_it;
1274
1275 do_time_wait:
1276         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1277                 inet_twsk_put((struct inet_timewait_sock *)sk);
1278                 goto discard_it;
1279         }
1280
1281         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1282                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1283                 inet_twsk_put((struct inet_timewait_sock *)sk);
1284                 goto discard_it;
1285         }
1286
1287         switch (tcp_timewait_state_process((struct inet_timewait_sock *)sk,
1288                                            skb, th)) {
1289         case TCP_TW_SYN:
1290         {
1291                 struct sock *sk2;
1292
1293                 sk2 = inet6_lookup_listener(&tcp_hashinfo,
1294                                             &skb->nh.ipv6h->daddr,
1295                                             ntohs(th->dest), inet6_iif(skb));
1296                 if (sk2 != NULL) {
1297                         struct inet_timewait_sock *tw = inet_twsk(sk);
1298                         inet_twsk_deschedule(tw, &tcp_death_row);
1299                         inet_twsk_put(tw);
1300                         sk = sk2;
1301                         goto process;
1302                 }
1303                 /* Fall through to ACK */
1304         }
1305         case TCP_TW_ACK:
1306                 tcp_v6_timewait_ack(sk, skb);
1307                 break;
1308         case TCP_TW_RST:
1309                 goto no_tcp_socket;
1310         case TCP_TW_SUCCESS:;
1311         }
1312         goto discard_it;
1313 }
1314
1315 static int tcp_v6_remember_stamp(struct sock *sk)
1316 {
1317         /* Alas, not yet... */
1318         return 0;
1319 }
1320
1321 static struct inet_connection_sock_af_ops ipv6_specific = {
1322         .queue_xmit        = inet6_csk_xmit,
1323         .send_check        = tcp_v6_send_check,
1324         .rebuild_header    = inet6_sk_rebuild_header,
1325         .conn_request      = tcp_v6_conn_request,
1326         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1327         .remember_stamp    = tcp_v6_remember_stamp,
1328         .net_header_len    = sizeof(struct ipv6hdr),
1329         .setsockopt        = ipv6_setsockopt,
1330         .getsockopt        = ipv6_getsockopt,
1331         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1332         .sockaddr_len      = sizeof(struct sockaddr_in6),
1333 #ifdef CONFIG_COMPAT
1334         .compat_setsockopt = compat_ipv6_setsockopt,
1335         .compat_getsockopt = compat_ipv6_getsockopt,
1336 #endif
1337 };
1338
1339 /*
1340  *      TCP over IPv4 via INET6 API
1341  */
1342
1343 static struct inet_connection_sock_af_ops ipv6_mapped = {
1344         .queue_xmit        = ip_queue_xmit,
1345         .send_check        = tcp_v4_send_check,
1346         .rebuild_header    = inet_sk_rebuild_header,
1347         .conn_request      = tcp_v6_conn_request,
1348         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1349         .remember_stamp    = tcp_v4_remember_stamp,
1350         .net_header_len    = sizeof(struct iphdr),
1351         .setsockopt        = ipv6_setsockopt,
1352         .getsockopt        = ipv6_getsockopt,
1353         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1354         .sockaddr_len      = sizeof(struct sockaddr_in6),
1355 #ifdef CONFIG_COMPAT
1356         .compat_setsockopt = compat_ipv6_setsockopt,
1357         .compat_getsockopt = compat_ipv6_getsockopt,
1358 #endif
1359 };
1360
1361 /* NOTE: A lot of things set to zero explicitly by call to
1362  *       sk_alloc() so need not be done here.
1363  */
1364 static int tcp_v6_init_sock(struct sock *sk)
1365 {
1366         struct inet_connection_sock *icsk = inet_csk(sk);
1367         struct tcp_sock *tp = tcp_sk(sk);
1368
1369         skb_queue_head_init(&tp->out_of_order_queue);
1370         tcp_init_xmit_timers(sk);
1371         tcp_prequeue_init(tp);
1372
1373         icsk->icsk_rto = TCP_TIMEOUT_INIT;
1374         tp->mdev = TCP_TIMEOUT_INIT;
1375
1376         /* So many TCP implementations out there (incorrectly) count the
1377          * initial SYN frame in their delayed-ACK and congestion control
1378          * algorithms that we must have the following bandaid to talk
1379          * efficiently to them.  -DaveM
1380          */
1381         tp->snd_cwnd = 2;
1382
1383         /* See draft-stevens-tcpca-spec-01 for discussion of the
1384          * initialization of these values.
1385          */
1386         tp->snd_ssthresh = 0x7fffffff;
1387         tp->snd_cwnd_clamp = ~0;
1388         tp->mss_cache = 536;
1389
1390         tp->reordering = sysctl_tcp_reordering;
1391
1392         sk->sk_state = TCP_CLOSE;
1393
1394         icsk->icsk_af_ops = &ipv6_specific;
1395         icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1396         icsk->icsk_sync_mss = tcp_sync_mss;
1397         sk->sk_write_space = sk_stream_write_space;
1398         sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1399
1400         sk->sk_sndbuf = sysctl_tcp_wmem[1];
1401         sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1402
1403         atomic_inc(&tcp_sockets_allocated);
1404
1405         return 0;
1406 }
1407
1408 static int tcp_v6_destroy_sock(struct sock *sk)
1409 {
1410         tcp_v4_destroy_sock(sk);
1411         return inet6_destroy_sock(sk);
1412 }
1413
1414 /* Proc filesystem TCPv6 sock list dumping. */
1415 static void get_openreq6(struct seq_file *seq, 
1416                          struct sock *sk, struct request_sock *req, int i, int uid)
1417 {
1418         int ttd = req->expires - jiffies;
1419         struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1420         struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1421
1422         if (ttd < 0)
1423                 ttd = 0;
1424
1425         seq_printf(seq,
1426                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1427                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1428                    i,
1429                    src->s6_addr32[0], src->s6_addr32[1],
1430                    src->s6_addr32[2], src->s6_addr32[3],
1431                    ntohs(inet_sk(sk)->sport),
1432                    dest->s6_addr32[0], dest->s6_addr32[1],
1433                    dest->s6_addr32[2], dest->s6_addr32[3],
1434                    ntohs(inet_rsk(req)->rmt_port),
1435                    TCP_SYN_RECV,
1436                    0,0, /* could print option size, but that is af dependent. */
1437                    1,   /* timers active (only the expire timer) */  
1438                    jiffies_to_clock_t(ttd), 
1439                    req->retrans,
1440                    uid,
1441                    0,  /* non standard timer */  
1442                    0, /* open_requests have no inode */
1443                    0, req);
1444 }
1445
1446 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1447 {
1448         struct in6_addr *dest, *src;
1449         __u16 destp, srcp;
1450         int timer_active;
1451         unsigned long timer_expires;
1452         struct inet_sock *inet = inet_sk(sp);
1453         struct tcp_sock *tp = tcp_sk(sp);
1454         const struct inet_connection_sock *icsk = inet_csk(sp);
1455         struct ipv6_pinfo *np = inet6_sk(sp);
1456
1457         dest  = &np->daddr;
1458         src   = &np->rcv_saddr;
1459         destp = ntohs(inet->dport);
1460         srcp  = ntohs(inet->sport);
1461
1462         if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1463                 timer_active    = 1;
1464                 timer_expires   = icsk->icsk_timeout;
1465         } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1466                 timer_active    = 4;
1467                 timer_expires   = icsk->icsk_timeout;
1468         } else if (timer_pending(&sp->sk_timer)) {
1469                 timer_active    = 2;
1470                 timer_expires   = sp->sk_timer.expires;
1471         } else {
1472                 timer_active    = 0;
1473                 timer_expires = jiffies;
1474         }
1475
1476         seq_printf(seq,
1477                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1478                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %u %u %u %u %d\n",
1479                    i,
1480                    src->s6_addr32[0], src->s6_addr32[1],
1481                    src->s6_addr32[2], src->s6_addr32[3], srcp,
1482                    dest->s6_addr32[0], dest->s6_addr32[1],
1483                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
1484                    sp->sk_state, 
1485                    tp->write_seq-tp->snd_una,
1486                    (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
1487                    timer_active,
1488                    jiffies_to_clock_t(timer_expires - jiffies),
1489                    icsk->icsk_retransmits,
1490                    sock_i_uid(sp),
1491                    icsk->icsk_probes_out,
1492                    sock_i_ino(sp),
1493                    atomic_read(&sp->sk_refcnt), sp,
1494                    icsk->icsk_rto,
1495                    icsk->icsk_ack.ato,
1496                    (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
1497                    tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
1498                    );
1499 }
1500
1501 static void get_timewait6_sock(struct seq_file *seq, 
1502                                struct inet_timewait_sock *tw, int i)
1503 {
1504         struct in6_addr *dest, *src;
1505         __u16 destp, srcp;
1506         struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
1507         int ttd = tw->tw_ttd - jiffies;
1508
1509         if (ttd < 0)
1510                 ttd = 0;
1511
1512         dest = &tw6->tw_v6_daddr;
1513         src  = &tw6->tw_v6_rcv_saddr;
1514         destp = ntohs(tw->tw_dport);
1515         srcp  = ntohs(tw->tw_sport);
1516
1517         seq_printf(seq,
1518                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1519                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1520                    i,
1521                    src->s6_addr32[0], src->s6_addr32[1],
1522                    src->s6_addr32[2], src->s6_addr32[3], srcp,
1523                    dest->s6_addr32[0], dest->s6_addr32[1],
1524                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
1525                    tw->tw_substate, 0, 0,
1526                    3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
1527                    atomic_read(&tw->tw_refcnt), tw);
1528 }
1529
1530 #ifdef CONFIG_PROC_FS
1531 static int tcp6_seq_show(struct seq_file *seq, void *v)
1532 {
1533         struct tcp_iter_state *st;
1534
1535         if (v == SEQ_START_TOKEN) {
1536                 seq_puts(seq,
1537                          "  sl  "
1538                          "local_address                         "
1539                          "remote_address                        "
1540                          "st tx_queue rx_queue tr tm->when retrnsmt"
1541                          "   uid  timeout inode\n");
1542                 goto out;
1543         }
1544         st = seq->private;
1545
1546         switch (st->state) {
1547         case TCP_SEQ_STATE_LISTENING:
1548         case TCP_SEQ_STATE_ESTABLISHED:
1549                 get_tcp6_sock(seq, v, st->num);
1550                 break;
1551         case TCP_SEQ_STATE_OPENREQ:
1552                 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
1553                 break;
1554         case TCP_SEQ_STATE_TIME_WAIT:
1555                 get_timewait6_sock(seq, v, st->num);
1556                 break;
1557         }
1558 out:
1559         return 0;
1560 }
1561
1562 static struct file_operations tcp6_seq_fops;
1563 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1564         .owner          = THIS_MODULE,
1565         .name           = "tcp6",
1566         .family         = AF_INET6,
1567         .seq_show       = tcp6_seq_show,
1568         .seq_fops       = &tcp6_seq_fops,
1569 };
1570
1571 int __init tcp6_proc_init(void)
1572 {
1573         return tcp_proc_register(&tcp6_seq_afinfo);
1574 }
1575
1576 void tcp6_proc_exit(void)
1577 {
1578         tcp_proc_unregister(&tcp6_seq_afinfo);
1579 }
1580 #endif
1581
1582 struct proto tcpv6_prot = {
1583         .name                   = "TCPv6",
1584         .owner                  = THIS_MODULE,
1585         .close                  = tcp_close,
1586         .connect                = tcp_v6_connect,
1587         .disconnect             = tcp_disconnect,
1588         .accept                 = inet_csk_accept,
1589         .ioctl                  = tcp_ioctl,
1590         .init                   = tcp_v6_init_sock,
1591         .destroy                = tcp_v6_destroy_sock,
1592         .shutdown               = tcp_shutdown,
1593         .setsockopt             = tcp_setsockopt,
1594         .getsockopt             = tcp_getsockopt,
1595         .sendmsg                = tcp_sendmsg,
1596         .recvmsg                = tcp_recvmsg,
1597         .backlog_rcv            = tcp_v6_do_rcv,
1598         .hash                   = tcp_v6_hash,
1599         .unhash                 = tcp_unhash,
1600         .get_port               = tcp_v6_get_port,
1601         .enter_memory_pressure  = tcp_enter_memory_pressure,
1602         .sockets_allocated      = &tcp_sockets_allocated,
1603         .memory_allocated       = &tcp_memory_allocated,
1604         .memory_pressure        = &tcp_memory_pressure,
1605         .orphan_count           = &tcp_orphan_count,
1606         .sysctl_mem             = sysctl_tcp_mem,
1607         .sysctl_wmem            = sysctl_tcp_wmem,
1608         .sysctl_rmem            = sysctl_tcp_rmem,
1609         .max_header             = MAX_TCP_HEADER,
1610         .obj_size               = sizeof(struct tcp6_sock),
1611         .twsk_prot              = &tcp6_timewait_sock_ops,
1612         .rsk_prot               = &tcp6_request_sock_ops,
1613 #ifdef CONFIG_COMPAT
1614         .compat_setsockopt      = compat_tcp_setsockopt,
1615         .compat_getsockopt      = compat_tcp_getsockopt,
1616 #endif
1617 };
1618
1619 static struct inet6_protocol tcpv6_protocol = {
1620         .handler        =       tcp_v6_rcv,
1621         .err_handler    =       tcp_v6_err,
1622         .gso_send_check =       tcp_v6_gso_send_check,
1623         .gso_segment    =       tcp_tso_segment,
1624         .flags          =       INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1625 };
1626
1627 static struct inet_protosw tcpv6_protosw = {
1628         .type           =       SOCK_STREAM,
1629         .protocol       =       IPPROTO_TCP,
1630         .prot           =       &tcpv6_prot,
1631         .ops            =       &inet6_stream_ops,
1632         .capability     =       -1,
1633         .no_check       =       0,
1634         .flags          =       INET_PROTOSW_PERMANENT |
1635                                 INET_PROTOSW_ICSK,
1636 };
1637
1638 void __init tcpv6_init(void)
1639 {
1640         /* register inet6 protocol */
1641         if (inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP) < 0)
1642                 printk(KERN_ERR "tcpv6_init: Could not register protocol\n");
1643         inet6_register_protosw(&tcpv6_protosw);
1644
1645         if (inet_csk_ctl_sock_create(&tcp6_socket, PF_INET6, SOCK_RAW,
1646                                      IPPROTO_TCP) < 0)
1647                 panic("Failed to create the TCPv6 control socket.\n");
1648 }