[NET]: Annotate __skb_checksum_complete() and friends.
[linux-2.6] / net / ipv6 / tcp_ipv6.c
1 /*
2  *      TCP over IPv6
3  *      Linux INET6 implementation 
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>     
7  *
8  *      $Id: tcp_ipv6.c,v 1.144 2002/02/01 22:01:04 davem Exp $
9  *
10  *      Based on: 
11  *      linux/net/ipv4/tcp.c
12  *      linux/net/ipv4/tcp_input.c
13  *      linux/net/ipv4/tcp_output.c
14  *
15  *      Fixes:
16  *      Hideaki YOSHIFUJI       :       sin6_scope_id support
17  *      YOSHIFUJI Hideaki @USAGI and:   Support IPV6_V6ONLY socket option, which
18  *      Alexey Kuznetsov                allow both IPv4 and IPv6 sockets to bind
19  *                                      a single port at the same time.
20  *      YOSHIFUJI Hideaki @USAGI:       convert /proc/net/tcp6 to seq_file.
21  *
22  *      This program is free software; you can redistribute it and/or
23  *      modify it under the terms of the GNU General Public License
24  *      as published by the Free Software Foundation; either version
25  *      2 of the License, or (at your option) any later version.
26  */
27
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/net.h>
34 #include <linux/jiffies.h>
35 #include <linux/in.h>
36 #include <linux/in6.h>
37 #include <linux/netdevice.h>
38 #include <linux/init.h>
39 #include <linux/jhash.h>
40 #include <linux/ipsec.h>
41 #include <linux/times.h>
42
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
46
47 #include <net/tcp.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
51 #include <net/ipv6.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
58 #include <net/xfrm.h>
59 #include <net/addrconf.h>
60 #include <net/snmp.h>
61 #include <net/dsfield.h>
62 #include <net/timewait_sock.h>
63
64 #include <asm/uaccess.h>
65
66 #include <linux/proc_fs.h>
67 #include <linux/seq_file.h>
68
69 #include <linux/crypto.h>
70 #include <linux/scatterlist.h>
71
72 /* Socket used for sending RSTs and ACKs */
73 static struct socket *tcp6_socket;
74
75 static void     tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
76 static void     tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req);
77 static void     tcp_v6_send_check(struct sock *sk, int len, 
78                                   struct sk_buff *skb);
79
80 static int      tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
81
82 static struct inet_connection_sock_af_ops ipv6_mapped;
83 static struct inet_connection_sock_af_ops ipv6_specific;
84 #ifdef CONFIG_TCP_MD5SIG
85 static struct tcp_sock_af_ops tcp_sock_ipv6_specific;
86 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
87 #endif
88
89 static int tcp_v6_get_port(struct sock *sk, unsigned short snum)
90 {
91         return inet_csk_get_port(&tcp_hashinfo, sk, snum,
92                                  inet6_csk_bind_conflict);
93 }
94
95 static void tcp_v6_hash(struct sock *sk)
96 {
97         if (sk->sk_state != TCP_CLOSE) {
98                 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
99                         tcp_prot.hash(sk);
100                         return;
101                 }
102                 local_bh_disable();
103                 __inet6_hash(&tcp_hashinfo, sk);
104                 local_bh_enable();
105         }
106 }
107
108 static __inline__ __sum16 tcp_v6_check(struct tcphdr *th, int len,
109                                    struct in6_addr *saddr, 
110                                    struct in6_addr *daddr, 
111                                    __wsum base)
112 {
113         return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
114 }
115
116 static __u32 tcp_v6_init_sequence(struct sk_buff *skb)
117 {
118         return secure_tcpv6_sequence_number(skb->nh.ipv6h->daddr.s6_addr32,
119                                             skb->nh.ipv6h->saddr.s6_addr32,
120                                             skb->h.th->dest,
121                                             skb->h.th->source);
122 }
123
124 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 
125                           int addr_len)
126 {
127         struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
128         struct inet_sock *inet = inet_sk(sk);
129         struct inet_connection_sock *icsk = inet_csk(sk);
130         struct ipv6_pinfo *np = inet6_sk(sk);
131         struct tcp_sock *tp = tcp_sk(sk);
132         struct in6_addr *saddr = NULL, *final_p = NULL, final;
133         struct flowi fl;
134         struct dst_entry *dst;
135         int addr_type;
136         int err;
137
138         if (addr_len < SIN6_LEN_RFC2133) 
139                 return -EINVAL;
140
141         if (usin->sin6_family != AF_INET6) 
142                 return(-EAFNOSUPPORT);
143
144         memset(&fl, 0, sizeof(fl));
145
146         if (np->sndflow) {
147                 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
148                 IP6_ECN_flow_init(fl.fl6_flowlabel);
149                 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
150                         struct ip6_flowlabel *flowlabel;
151                         flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
152                         if (flowlabel == NULL)
153                                 return -EINVAL;
154                         ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
155                         fl6_sock_release(flowlabel);
156                 }
157         }
158
159         /*
160          *      connect() to INADDR_ANY means loopback (BSD'ism).
161          */
162         
163         if(ipv6_addr_any(&usin->sin6_addr))
164                 usin->sin6_addr.s6_addr[15] = 0x1; 
165
166         addr_type = ipv6_addr_type(&usin->sin6_addr);
167
168         if(addr_type & IPV6_ADDR_MULTICAST)
169                 return -ENETUNREACH;
170
171         if (addr_type&IPV6_ADDR_LINKLOCAL) {
172                 if (addr_len >= sizeof(struct sockaddr_in6) &&
173                     usin->sin6_scope_id) {
174                         /* If interface is set while binding, indices
175                          * must coincide.
176                          */
177                         if (sk->sk_bound_dev_if &&
178                             sk->sk_bound_dev_if != usin->sin6_scope_id)
179                                 return -EINVAL;
180
181                         sk->sk_bound_dev_if = usin->sin6_scope_id;
182                 }
183
184                 /* Connect to link-local address requires an interface */
185                 if (!sk->sk_bound_dev_if)
186                         return -EINVAL;
187         }
188
189         if (tp->rx_opt.ts_recent_stamp &&
190             !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
191                 tp->rx_opt.ts_recent = 0;
192                 tp->rx_opt.ts_recent_stamp = 0;
193                 tp->write_seq = 0;
194         }
195
196         ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
197         np->flow_label = fl.fl6_flowlabel;
198
199         /*
200          *      TCP over IPv4
201          */
202
203         if (addr_type == IPV6_ADDR_MAPPED) {
204                 u32 exthdrlen = icsk->icsk_ext_hdr_len;
205                 struct sockaddr_in sin;
206
207                 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
208
209                 if (__ipv6_only_sock(sk))
210                         return -ENETUNREACH;
211
212                 sin.sin_family = AF_INET;
213                 sin.sin_port = usin->sin6_port;
214                 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
215
216                 icsk->icsk_af_ops = &ipv6_mapped;
217                 sk->sk_backlog_rcv = tcp_v4_do_rcv;
218 #ifdef CONFIG_TCP_MD5SIG
219                 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
220 #endif
221
222                 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
223
224                 if (err) {
225                         icsk->icsk_ext_hdr_len = exthdrlen;
226                         icsk->icsk_af_ops = &ipv6_specific;
227                         sk->sk_backlog_rcv = tcp_v6_do_rcv;
228 #ifdef CONFIG_TCP_MD5SIG
229                         tp->af_specific = &tcp_sock_ipv6_specific;
230 #endif
231                         goto failure;
232                 } else {
233                         ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF),
234                                       inet->saddr);
235                         ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF),
236                                       inet->rcv_saddr);
237                 }
238
239                 return err;
240         }
241
242         if (!ipv6_addr_any(&np->rcv_saddr))
243                 saddr = &np->rcv_saddr;
244
245         fl.proto = IPPROTO_TCP;
246         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
247         ipv6_addr_copy(&fl.fl6_src,
248                        (saddr ? saddr : &np->saddr));
249         fl.oif = sk->sk_bound_dev_if;
250         fl.fl_ip_dport = usin->sin6_port;
251         fl.fl_ip_sport = inet->sport;
252
253         if (np->opt && np->opt->srcrt) {
254                 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
255                 ipv6_addr_copy(&final, &fl.fl6_dst);
256                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
257                 final_p = &final;
258         }
259
260         security_sk_classify_flow(sk, &fl);
261
262         err = ip6_dst_lookup(sk, &dst, &fl);
263         if (err)
264                 goto failure;
265         if (final_p)
266                 ipv6_addr_copy(&fl.fl6_dst, final_p);
267
268         if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
269                 goto failure;
270
271         if (saddr == NULL) {
272                 saddr = &fl.fl6_src;
273                 ipv6_addr_copy(&np->rcv_saddr, saddr);
274         }
275
276         /* set the source address */
277         ipv6_addr_copy(&np->saddr, saddr);
278         inet->rcv_saddr = LOOPBACK4_IPV6;
279
280         sk->sk_gso_type = SKB_GSO_TCPV6;
281         __ip6_dst_store(sk, dst, NULL, NULL);
282
283         icsk->icsk_ext_hdr_len = 0;
284         if (np->opt)
285                 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
286                                           np->opt->opt_nflen);
287
288         tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
289
290         inet->dport = usin->sin6_port;
291
292         tcp_set_state(sk, TCP_SYN_SENT);
293         err = inet6_hash_connect(&tcp_death_row, sk);
294         if (err)
295                 goto late_failure;
296
297         if (!tp->write_seq)
298                 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
299                                                              np->daddr.s6_addr32,
300                                                              inet->sport,
301                                                              inet->dport);
302
303         err = tcp_connect(sk);
304         if (err)
305                 goto late_failure;
306
307         return 0;
308
309 late_failure:
310         tcp_set_state(sk, TCP_CLOSE);
311         __sk_dst_reset(sk);
312 failure:
313         inet->dport = 0;
314         sk->sk_route_caps = 0;
315         return err;
316 }
317
318 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
319                 int type, int code, int offset, __be32 info)
320 {
321         struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
322         const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
323         struct ipv6_pinfo *np;
324         struct sock *sk;
325         int err;
326         struct tcp_sock *tp; 
327         __u32 seq;
328
329         sk = inet6_lookup(&tcp_hashinfo, &hdr->daddr, th->dest, &hdr->saddr,
330                           th->source, skb->dev->ifindex);
331
332         if (sk == NULL) {
333                 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
334                 return;
335         }
336
337         if (sk->sk_state == TCP_TIME_WAIT) {
338                 inet_twsk_put(inet_twsk(sk));
339                 return;
340         }
341
342         bh_lock_sock(sk);
343         if (sock_owned_by_user(sk))
344                 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
345
346         if (sk->sk_state == TCP_CLOSE)
347                 goto out;
348
349         tp = tcp_sk(sk);
350         seq = ntohl(th->seq); 
351         if (sk->sk_state != TCP_LISTEN &&
352             !between(seq, tp->snd_una, tp->snd_nxt)) {
353                 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
354                 goto out;
355         }
356
357         np = inet6_sk(sk);
358
359         if (type == ICMPV6_PKT_TOOBIG) {
360                 struct dst_entry *dst = NULL;
361
362                 if (sock_owned_by_user(sk))
363                         goto out;
364                 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
365                         goto out;
366
367                 /* icmp should have updated the destination cache entry */
368                 dst = __sk_dst_check(sk, np->dst_cookie);
369
370                 if (dst == NULL) {
371                         struct inet_sock *inet = inet_sk(sk);
372                         struct flowi fl;
373
374                         /* BUGGG_FUTURE: Again, it is not clear how
375                            to handle rthdr case. Ignore this complexity
376                            for now.
377                          */
378                         memset(&fl, 0, sizeof(fl));
379                         fl.proto = IPPROTO_TCP;
380                         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
381                         ipv6_addr_copy(&fl.fl6_src, &np->saddr);
382                         fl.oif = sk->sk_bound_dev_if;
383                         fl.fl_ip_dport = inet->dport;
384                         fl.fl_ip_sport = inet->sport;
385                         security_skb_classify_flow(skb, &fl);
386
387                         if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
388                                 sk->sk_err_soft = -err;
389                                 goto out;
390                         }
391
392                         if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
393                                 sk->sk_err_soft = -err;
394                                 goto out;
395                         }
396
397                 } else
398                         dst_hold(dst);
399
400                 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
401                         tcp_sync_mss(sk, dst_mtu(dst));
402                         tcp_simple_retransmit(sk);
403                 } /* else let the usual retransmit timer handle it */
404                 dst_release(dst);
405                 goto out;
406         }
407
408         icmpv6_err_convert(type, code, &err);
409
410         /* Might be for an request_sock */
411         switch (sk->sk_state) {
412                 struct request_sock *req, **prev;
413         case TCP_LISTEN:
414                 if (sock_owned_by_user(sk))
415                         goto out;
416
417                 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
418                                            &hdr->saddr, inet6_iif(skb));
419                 if (!req)
420                         goto out;
421
422                 /* ICMPs are not backlogged, hence we cannot get
423                  * an established socket here.
424                  */
425                 BUG_TRAP(req->sk == NULL);
426
427                 if (seq != tcp_rsk(req)->snt_isn) {
428                         NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
429                         goto out;
430                 }
431
432                 inet_csk_reqsk_queue_drop(sk, req, prev);
433                 goto out;
434
435         case TCP_SYN_SENT:
436         case TCP_SYN_RECV:  /* Cannot happen.
437                                It can, it SYNs are crossed. --ANK */ 
438                 if (!sock_owned_by_user(sk)) {
439                         sk->sk_err = err;
440                         sk->sk_error_report(sk);                /* Wake people up to see the error (see connect in sock.c) */
441
442                         tcp_done(sk);
443                 } else
444                         sk->sk_err_soft = err;
445                 goto out;
446         }
447
448         if (!sock_owned_by_user(sk) && np->recverr) {
449                 sk->sk_err = err;
450                 sk->sk_error_report(sk);
451         } else
452                 sk->sk_err_soft = err;
453
454 out:
455         bh_unlock_sock(sk);
456         sock_put(sk);
457 }
458
459
460 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
461                               struct dst_entry *dst)
462 {
463         struct inet6_request_sock *treq = inet6_rsk(req);
464         struct ipv6_pinfo *np = inet6_sk(sk);
465         struct sk_buff * skb;
466         struct ipv6_txoptions *opt = NULL;
467         struct in6_addr * final_p = NULL, final;
468         struct flowi fl;
469         int err = -1;
470
471         memset(&fl, 0, sizeof(fl));
472         fl.proto = IPPROTO_TCP;
473         ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
474         ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
475         fl.fl6_flowlabel = 0;
476         fl.oif = treq->iif;
477         fl.fl_ip_dport = inet_rsk(req)->rmt_port;
478         fl.fl_ip_sport = inet_sk(sk)->sport;
479         security_req_classify_flow(req, &fl);
480
481         if (dst == NULL) {
482                 opt = np->opt;
483                 if (opt == NULL &&
484                     np->rxopt.bits.osrcrt == 2 &&
485                     treq->pktopts) {
486                         struct sk_buff *pktopts = treq->pktopts;
487                         struct inet6_skb_parm *rxopt = IP6CB(pktopts);
488                         if (rxopt->srcrt)
489                                 opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr*)(pktopts->nh.raw + rxopt->srcrt));
490                 }
491
492                 if (opt && opt->srcrt) {
493                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
494                         ipv6_addr_copy(&final, &fl.fl6_dst);
495                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
496                         final_p = &final;
497                 }
498
499                 err = ip6_dst_lookup(sk, &dst, &fl);
500                 if (err)
501                         goto done;
502                 if (final_p)
503                         ipv6_addr_copy(&fl.fl6_dst, final_p);
504                 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
505                         goto done;
506         }
507
508         skb = tcp_make_synack(sk, dst, req);
509         if (skb) {
510                 struct tcphdr *th = skb->h.th;
511
512                 th->check = tcp_v6_check(th, skb->len,
513                                          &treq->loc_addr, &treq->rmt_addr,
514                                          csum_partial((char *)th, skb->len, skb->csum));
515
516                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
517                 err = ip6_xmit(sk, skb, &fl, opt, 0);
518                 err = net_xmit_eval(err);
519         }
520
521 done:
522         if (opt && opt != np->opt)
523                 sock_kfree_s(sk, opt, opt->tot_len);
524         dst_release(dst);
525         return err;
526 }
527
528 static void tcp_v6_reqsk_destructor(struct request_sock *req)
529 {
530         if (inet6_rsk(req)->pktopts)
531                 kfree_skb(inet6_rsk(req)->pktopts);
532 }
533
534 #ifdef CONFIG_TCP_MD5SIG
535 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
536                                                    struct in6_addr *addr)
537 {
538         struct tcp_sock *tp = tcp_sk(sk);
539         int i;
540
541         BUG_ON(tp == NULL);
542
543         if (!tp->md5sig_info || !tp->md5sig_info->entries6)
544                 return NULL;
545
546         for (i = 0; i < tp->md5sig_info->entries6; i++) {
547                 if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, addr) == 0)
548                         return (struct tcp_md5sig_key *)&tp->md5sig_info->keys6[i];
549         }
550         return NULL;
551 }
552
553 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
554                                                 struct sock *addr_sk)
555 {
556         return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
557 }
558
559 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
560                                                       struct request_sock *req)
561 {
562         return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
563 }
564
565 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
566                              char *newkey, u8 newkeylen)
567 {
568         /* Add key to the list */
569         struct tcp6_md5sig_key *key;
570         struct tcp_sock *tp = tcp_sk(sk);
571         struct tcp6_md5sig_key *keys;
572
573         key = (struct tcp6_md5sig_key*) tcp_v6_md5_do_lookup(sk, peer);
574         if (key) {
575                 /* modify existing entry - just update that one */
576                 kfree(key->key);
577                 key->key = newkey;
578                 key->keylen = newkeylen;
579         } else {
580                 /* reallocate new list if current one is full. */
581                 if (!tp->md5sig_info) {
582                         tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC);
583                         if (!tp->md5sig_info) {
584                                 kfree(newkey);
585                                 return -ENOMEM;
586                         }
587                 }
588                 tcp_alloc_md5sig_pool();
589                 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) {
590                         keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) *
591                                        (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
592
593                         if (!keys) {
594                                 tcp_free_md5sig_pool();
595                                 kfree(newkey);
596                                 return -ENOMEM;
597                         }
598
599                         if (tp->md5sig_info->entries6)
600                                 memmove(keys, tp->md5sig_info->keys6,
601                                         (sizeof (tp->md5sig_info->keys6[0]) *
602                                          tp->md5sig_info->entries6));
603
604                         kfree(tp->md5sig_info->keys6);
605                         tp->md5sig_info->keys6 = keys;
606                         tp->md5sig_info->alloced6++;
607                 }
608
609                 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
610                                peer);
611                 tp->md5sig_info->keys6[tp->md5sig_info->entries6].key = newkey;
612                 tp->md5sig_info->keys6[tp->md5sig_info->entries6].keylen = newkeylen;
613
614                 tp->md5sig_info->entries6++;
615         }
616         return 0;
617 }
618
619 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk,
620                                u8 *newkey, __u8 newkeylen)
621 {
622         return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr,
623                                  newkey, newkeylen);
624 }
625
626 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
627 {
628         struct tcp_sock *tp = tcp_sk(sk);
629         int i;
630
631         for (i = 0; i < tp->md5sig_info->entries6; i++) {
632                 if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, peer) == 0) {
633                         /* Free the key */
634                         kfree(tp->md5sig_info->keys6[i].key);
635                         tp->md5sig_info->entries6--;
636
637                         if (tp->md5sig_info->entries6 == 0) {
638                                 kfree(tp->md5sig_info->keys6);
639                                 tp->md5sig_info->keys6 = NULL;
640
641                                 tcp_free_md5sig_pool();
642
643                                 return 0;
644                         } else {
645                                 /* shrink the database */
646                                 if (tp->md5sig_info->entries6 != i)
647                                         memmove(&tp->md5sig_info->keys6[i],
648                                                 &tp->md5sig_info->keys6[i+1],
649                                                 (tp->md5sig_info->entries6 - i)
650                                                 * sizeof (tp->md5sig_info->keys6[0]));
651                         }
652                 }
653         }
654         return -ENOENT;
655 }
656
657 static void tcp_v6_clear_md5_list (struct sock *sk)
658 {
659         struct tcp_sock *tp = tcp_sk(sk);
660         int i;
661
662         if (tp->md5sig_info->entries6) {
663                 for (i = 0; i < tp->md5sig_info->entries6; i++)
664                         kfree(tp->md5sig_info->keys6[i].key);
665                 tp->md5sig_info->entries6 = 0;
666                 tcp_free_md5sig_pool();
667         }
668
669         kfree(tp->md5sig_info->keys6);
670         tp->md5sig_info->keys6 = NULL;
671         tp->md5sig_info->alloced6 = 0;
672
673         if (tp->md5sig_info->entries4) {
674                 for (i = 0; i < tp->md5sig_info->entries4; i++)
675                         kfree(tp->md5sig_info->keys4[i].key);
676                 tp->md5sig_info->entries4 = 0;
677                 tcp_free_md5sig_pool();
678         }
679
680         kfree(tp->md5sig_info->keys4);
681         tp->md5sig_info->keys4 = NULL;
682         tp->md5sig_info->alloced4 = 0;
683 }
684
685 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
686                                   int optlen)
687 {
688         struct tcp_md5sig cmd;
689         struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
690         u8 *newkey;
691
692         if (optlen < sizeof(cmd))
693                 return -EINVAL;
694
695         if (copy_from_user(&cmd, optval, sizeof(cmd)))
696                 return -EFAULT;
697
698         if (sin6->sin6_family != AF_INET6)
699                 return -EINVAL;
700
701         if (!cmd.tcpm_keylen) {
702                 if (!tcp_sk(sk)->md5sig_info)
703                         return -ENOENT;
704                 if (ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_MAPPED)
705                         return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
706                 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr);
707         }
708
709         if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
710                 return -EINVAL;
711
712         if (!tcp_sk(sk)->md5sig_info) {
713                 struct tcp_sock *tp = tcp_sk(sk);
714                 struct tcp_md5sig_info *p;
715
716                 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL);
717                 if (!p)
718                         return -ENOMEM;
719
720                 tp->md5sig_info = p;
721         }
722
723         newkey = kmalloc(cmd.tcpm_keylen, GFP_KERNEL);
724         if (!newkey)
725                 return -ENOMEM;
726         memcpy(newkey, cmd.tcpm_key, cmd.tcpm_keylen);
727         if (ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_MAPPED) {
728                 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3],
729                                          newkey, cmd.tcpm_keylen);
730         }
731         return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
732 }
733
734 static int tcp_v6_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
735                                    struct in6_addr *saddr,
736                                    struct in6_addr *daddr,
737                                    struct tcphdr *th, int protocol,
738                                    int tcplen)
739 {
740         struct scatterlist sg[4];
741         __u16 data_len;
742         int block = 0;
743         __u16 cksum;
744         struct tcp_md5sig_pool *hp;
745         struct tcp6_pseudohdr *bp;
746         struct hash_desc *desc;
747         int err;
748         unsigned int nbytes = 0;
749
750         hp = tcp_get_md5sig_pool();
751         if (!hp) {
752                 printk(KERN_WARNING "%s(): hash pool not found...\n", __FUNCTION__);
753                 goto clear_hash_noput;
754         }
755         bp = &hp->md5_blk.ip6;
756         desc = &hp->md5_desc;
757
758         /* 1. TCP pseudo-header (RFC2460) */
759         ipv6_addr_copy(&bp->saddr, saddr);
760         ipv6_addr_copy(&bp->daddr, daddr);
761         bp->len = htonl(tcplen);
762         bp->protocol = htonl(protocol);
763
764         sg_set_buf(&sg[block++], bp, sizeof(*bp));
765         nbytes += sizeof(*bp);
766
767         /* 2. TCP header, excluding options */
768         cksum = th->check;
769         th->check = 0;
770         sg_set_buf(&sg[block++], th, sizeof(*th));
771         nbytes += sizeof(*th);
772
773         /* 3. TCP segment data (if any) */
774         data_len = tcplen - (th->doff << 2);
775         if (data_len > 0) {
776                 u8 *data = (u8 *)th + (th->doff << 2);
777                 sg_set_buf(&sg[block++], data, data_len);
778                 nbytes += data_len;
779         }
780
781         /* 4. shared key */
782         sg_set_buf(&sg[block++], key->key, key->keylen);
783         nbytes += key->keylen;
784
785         /* Now store the hash into the packet */
786         err = crypto_hash_init(desc);
787         if (err) {
788                 printk(KERN_WARNING "%s(): hash_init failed\n", __FUNCTION__);
789                 goto clear_hash;
790         }
791         err = crypto_hash_update(desc, sg, nbytes);
792         if (err) {
793                 printk(KERN_WARNING "%s(): hash_update failed\n", __FUNCTION__);
794                 goto clear_hash;
795         }
796         err = crypto_hash_final(desc, md5_hash);
797         if (err) {
798                 printk(KERN_WARNING "%s(): hash_final failed\n", __FUNCTION__);
799                 goto clear_hash;
800         }
801
802         /* Reset header, and free up the crypto */
803         tcp_put_md5sig_pool();
804         th->check = cksum;
805 out:
806         return 0;
807 clear_hash:
808         tcp_put_md5sig_pool();
809 clear_hash_noput:
810         memset(md5_hash, 0, 16);
811         goto out;
812 }
813
814 static int tcp_v6_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
815                                 struct sock *sk,
816                                 struct dst_entry *dst,
817                                 struct request_sock *req,
818                                 struct tcphdr *th, int protocol,
819                                 int tcplen)
820 {
821         struct in6_addr *saddr, *daddr;
822
823         if (sk) {
824                 saddr = &inet6_sk(sk)->saddr;
825                 daddr = &inet6_sk(sk)->daddr;
826         } else {
827                 saddr = &inet6_rsk(req)->loc_addr;
828                 daddr = &inet6_rsk(req)->rmt_addr;
829         }
830         return tcp_v6_do_calc_md5_hash(md5_hash, key,
831                                        saddr, daddr,
832                                        th, protocol, tcplen);
833 }
834
835 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
836 {
837         __u8 *hash_location = NULL;
838         struct tcp_md5sig_key *hash_expected;
839         struct ipv6hdr *ip6h = skb->nh.ipv6h;
840         struct tcphdr *th = skb->h.th;
841         int length = (th->doff << 2) - sizeof (*th);
842         int genhash;
843         u8 *ptr;
844         u8 newhash[16];
845
846         hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
847
848         /* If the TCP option is too short, we can short cut */
849         if (length < TCPOLEN_MD5SIG)
850                 return hash_expected ? 1 : 0;
851
852         /* parse options */
853         ptr = (u8*)(th + 1);
854         while (length > 0) {
855                 int opcode = *ptr++;
856                 int opsize;
857
858                 switch(opcode) {
859                 case TCPOPT_EOL:
860                         goto done_opts;
861                 case TCPOPT_NOP:
862                         length--;
863                         continue;
864                 default:
865                         opsize = *ptr++;
866                         if (opsize < 2 || opsize > length)
867                                 goto done_opts;
868                         if (opcode == TCPOPT_MD5SIG) {
869                                 hash_location = ptr;
870                                 goto done_opts;
871                         }
872                 }
873                 ptr += opsize - 2;
874                 length -= opsize;
875         }
876
877 done_opts:
878         /* do we have a hash as expected? */
879         if (!hash_expected) {
880                 if (!hash_location)
881                         return 0;
882                 if (net_ratelimit()) {
883                         printk(KERN_INFO "MD5 Hash NOT expected but found "
884                                "(" NIP6_FMT ", %u)->"
885                                "(" NIP6_FMT ", %u)\n",
886                                NIP6(ip6h->saddr), ntohs(th->source),
887                                NIP6(ip6h->daddr), ntohs(th->dest));
888                 }
889                 return 1;
890         }
891
892         if (!hash_location) {
893                 if (net_ratelimit()) {
894                         printk(KERN_INFO "MD5 Hash expected but NOT found "
895                                "(" NIP6_FMT ", %u)->"
896                                "(" NIP6_FMT ", %u)\n",
897                                NIP6(ip6h->saddr), ntohs(th->source),
898                                NIP6(ip6h->daddr), ntohs(th->dest));
899                 }
900                 return 1;
901         }
902
903         /* check the signature */
904         genhash = tcp_v6_do_calc_md5_hash(newhash,
905                                           hash_expected,
906                                           &ip6h->saddr, &ip6h->daddr,
907                                           th, sk->sk_protocol,
908                                           skb->len);
909         if (genhash || memcmp(hash_location, newhash, 16) != 0) {
910                 if (net_ratelimit()) {
911                         printk(KERN_INFO "MD5 Hash %s for "
912                                "(" NIP6_FMT ", %u)->"
913                                "(" NIP6_FMT ", %u)\n",
914                                genhash ? "failed" : "mismatch",
915                                NIP6(ip6h->saddr), ntohs(th->source),
916                                NIP6(ip6h->daddr), ntohs(th->dest));
917                 }
918                 return 1;
919         }
920         return 0;
921 }
922 #endif
923
924 static struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
925         .family         =       AF_INET6,
926         .obj_size       =       sizeof(struct tcp6_request_sock),
927         .rtx_syn_ack    =       tcp_v6_send_synack,
928         .send_ack       =       tcp_v6_reqsk_send_ack,
929         .destructor     =       tcp_v6_reqsk_destructor,
930         .send_reset     =       tcp_v6_send_reset
931 };
932
933 struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
934 #ifdef CONFIG_TCP_MD5SIG
935         .md5_lookup     =       tcp_v6_reqsk_md5_lookup,
936 #endif
937 };
938
939 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
940         .twsk_obj_size  = sizeof(struct tcp6_timewait_sock),
941         .twsk_unique    = tcp_twsk_unique,
942         .twsk_destructor= tcp_twsk_destructor,
943 };
944
945 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb)
946 {
947         struct ipv6_pinfo *np = inet6_sk(sk);
948         struct tcphdr *th = skb->h.th;
949
950         if (skb->ip_summed == CHECKSUM_PARTIAL) {
951                 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,  0);
952                 skb->csum = offsetof(struct tcphdr, check);
953         } else {
954                 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP, 
955                                             csum_partial((char *)th, th->doff<<2, 
956                                                          skb->csum));
957         }
958 }
959
960 static int tcp_v6_gso_send_check(struct sk_buff *skb)
961 {
962         struct ipv6hdr *ipv6h;
963         struct tcphdr *th;
964
965         if (!pskb_may_pull(skb, sizeof(*th)))
966                 return -EINVAL;
967
968         ipv6h = skb->nh.ipv6h;
969         th = skb->h.th;
970
971         th->check = 0;
972         th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len,
973                                      IPPROTO_TCP, 0);
974         skb->csum = offsetof(struct tcphdr, check);
975         skb->ip_summed = CHECKSUM_PARTIAL;
976         return 0;
977 }
978
979 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
980 {
981         struct tcphdr *th = skb->h.th, *t1; 
982         struct sk_buff *buff;
983         struct flowi fl;
984         int tot_len = sizeof(*th);
985 #ifdef CONFIG_TCP_MD5SIG
986         struct tcp_md5sig_key *key;
987 #endif
988
989         if (th->rst)
990                 return;
991
992         if (!ipv6_unicast_destination(skb))
993                 return; 
994
995 #ifdef CONFIG_TCP_MD5SIG
996         if (sk)
997                 key = tcp_v6_md5_do_lookup(sk, &skb->nh.ipv6h->daddr);
998         else
999                 key = NULL;
1000
1001         if (key)
1002                 tot_len += TCPOLEN_MD5SIG_ALIGNED;
1003 #endif
1004
1005         /*
1006          * We need to grab some memory, and put together an RST,
1007          * and then put it into the queue to be sent.
1008          */
1009
1010         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1011                          GFP_ATOMIC);
1012         if (buff == NULL) 
1013                 return;
1014
1015         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1016
1017         t1 = (struct tcphdr *) skb_push(buff, tot_len);
1018
1019         /* Swap the send and the receive. */
1020         memset(t1, 0, sizeof(*t1));
1021         t1->dest = th->source;
1022         t1->source = th->dest;
1023         t1->doff = tot_len / 4;
1024         t1->rst = 1;
1025   
1026         if(th->ack) {
1027                 t1->seq = th->ack_seq;
1028         } else {
1029                 t1->ack = 1;
1030                 t1->ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin
1031                                     + skb->len - (th->doff<<2));
1032         }
1033
1034 #ifdef CONFIG_TCP_MD5SIG
1035         if (key) {
1036                 u32 *opt = (u32*)(t1 + 1);
1037                 opt[0] = htonl((TCPOPT_NOP << 24) |
1038                                (TCPOPT_NOP << 16) |
1039                                (TCPOPT_MD5SIG << 8) |
1040                                TCPOLEN_MD5SIG);
1041                 tcp_v6_do_calc_md5_hash((__u8*)&opt[1],
1042                                         key,
1043                                         &skb->nh.ipv6h->daddr,
1044                                         &skb->nh.ipv6h->saddr,
1045                                         t1, IPPROTO_TCP,
1046                                         tot_len);
1047         }
1048 #endif
1049
1050         buff->csum = csum_partial((char *)t1, sizeof(*t1), 0);
1051
1052         memset(&fl, 0, sizeof(fl));
1053         ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
1054         ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
1055
1056         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1057                                     sizeof(*t1), IPPROTO_TCP,
1058                                     buff->csum);
1059
1060         fl.proto = IPPROTO_TCP;
1061         fl.oif = inet6_iif(skb);
1062         fl.fl_ip_dport = t1->dest;
1063         fl.fl_ip_sport = t1->source;
1064         security_skb_classify_flow(skb, &fl);
1065
1066         /* sk = NULL, but it is safe for now. RST socket required. */
1067         if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
1068
1069                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1070                         ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
1071                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1072                         TCP_INC_STATS_BH(TCP_MIB_OUTRSTS);
1073                         return;
1074                 }
1075         }
1076
1077         kfree_skb(buff);
1078 }
1079
1080 static void tcp_v6_send_ack(struct tcp_timewait_sock *tw,
1081                             struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts)
1082 {
1083         struct tcphdr *th = skb->h.th, *t1;
1084         struct sk_buff *buff;
1085         struct flowi fl;
1086         int tot_len = sizeof(struct tcphdr);
1087         __be32 *topt;
1088 #ifdef CONFIG_TCP_MD5SIG
1089         struct tcp_md5sig_key *key;
1090         struct tcp_md5sig_key tw_key;
1091 #endif
1092
1093 #ifdef CONFIG_TCP_MD5SIG
1094         if (!tw && skb->sk) {
1095                 key = tcp_v6_md5_do_lookup(skb->sk, &skb->nh.ipv6h->daddr);
1096         } else if (tw && tw->tw_md5_keylen) {
1097                 tw_key.key = tw->tw_md5_key;
1098                 tw_key.keylen = tw->tw_md5_keylen;
1099                 key = &tw_key;
1100         } else {
1101                 key = NULL;
1102         }
1103 #endif
1104
1105         if (ts)
1106                 tot_len += TCPOLEN_TSTAMP_ALIGNED;
1107 #ifdef CONFIG_TCP_MD5SIG
1108         if (key)
1109                 tot_len += TCPOLEN_MD5SIG_ALIGNED;
1110 #endif
1111
1112         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1113                          GFP_ATOMIC);
1114         if (buff == NULL)
1115                 return;
1116
1117         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1118
1119         t1 = (struct tcphdr *) skb_push(buff,tot_len);
1120
1121         /* Swap the send and the receive. */
1122         memset(t1, 0, sizeof(*t1));
1123         t1->dest = th->source;
1124         t1->source = th->dest;
1125         t1->doff = tot_len/4;
1126         t1->seq = htonl(seq);
1127         t1->ack_seq = htonl(ack);
1128         t1->ack = 1;
1129         t1->window = htons(win);
1130
1131         topt = (__be32 *)(t1 + 1);
1132         
1133         if (ts) {
1134                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1135                                 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
1136                 *topt++ = htonl(tcp_time_stamp);
1137                 *topt = htonl(ts);
1138         }
1139
1140 #ifdef CONFIG_TCP_MD5SIG
1141         if (key) {
1142                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1143                                 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1144                 tcp_v6_do_calc_md5_hash((__u8 *)topt,
1145                                         key,
1146                                         &skb->nh.ipv6h->daddr,
1147                                         &skb->nh.ipv6h->saddr,
1148                                         t1, IPPROTO_TCP,
1149                                         tot_len);
1150         }
1151 #endif
1152
1153         buff->csum = csum_partial((char *)t1, tot_len, 0);
1154
1155         memset(&fl, 0, sizeof(fl));
1156         ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
1157         ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
1158
1159         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1160                                     tot_len, IPPROTO_TCP,
1161                                     buff->csum);
1162
1163         fl.proto = IPPROTO_TCP;
1164         fl.oif = inet6_iif(skb);
1165         fl.fl_ip_dport = t1->dest;
1166         fl.fl_ip_sport = t1->source;
1167         security_skb_classify_flow(skb, &fl);
1168
1169         if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
1170                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1171                         ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
1172                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1173                         return;
1174                 }
1175         }
1176
1177         kfree_skb(buff);
1178 }
1179
1180 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1181 {
1182         struct inet_timewait_sock *tw = inet_twsk(sk);
1183         struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1184
1185         tcp_v6_send_ack(tcptw, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1186                         tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1187                         tcptw->tw_ts_recent);
1188
1189         inet_twsk_put(tw);
1190 }
1191
1192 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req)
1193 {
1194         tcp_v6_send_ack(NULL, skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent);
1195 }
1196
1197
1198 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1199 {
1200         struct request_sock *req, **prev;
1201         const struct tcphdr *th = skb->h.th;
1202         struct sock *nsk;
1203
1204         /* Find possible connection requests. */
1205         req = inet6_csk_search_req(sk, &prev, th->source,
1206                                    &skb->nh.ipv6h->saddr,
1207                                    &skb->nh.ipv6h->daddr, inet6_iif(skb));
1208         if (req)
1209                 return tcp_check_req(sk, skb, req, prev);
1210
1211         nsk = __inet6_lookup_established(&tcp_hashinfo, &skb->nh.ipv6h->saddr,
1212                                          th->source, &skb->nh.ipv6h->daddr,
1213                                          ntohs(th->dest), inet6_iif(skb));
1214
1215         if (nsk) {
1216                 if (nsk->sk_state != TCP_TIME_WAIT) {
1217                         bh_lock_sock(nsk);
1218                         return nsk;
1219                 }
1220                 inet_twsk_put(inet_twsk(nsk));
1221                 return NULL;
1222         }
1223
1224 #if 0 /*def CONFIG_SYN_COOKIES*/
1225         if (!th->rst && !th->syn && th->ack)
1226                 sk = cookie_v6_check(sk, skb, &(IPCB(skb)->opt));
1227 #endif
1228         return sk;
1229 }
1230
1231 /* FIXME: this is substantially similar to the ipv4 code.
1232  * Can some kind of merge be done? -- erics
1233  */
1234 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1235 {
1236         struct inet6_request_sock *treq;
1237         struct ipv6_pinfo *np = inet6_sk(sk);
1238         struct tcp_options_received tmp_opt;
1239         struct tcp_sock *tp = tcp_sk(sk);
1240         struct request_sock *req = NULL;
1241         __u32 isn = TCP_SKB_CB(skb)->when;
1242
1243         if (skb->protocol == htons(ETH_P_IP))
1244                 return tcp_v4_conn_request(sk, skb);
1245
1246         if (!ipv6_unicast_destination(skb))
1247                 goto drop; 
1248
1249         /*
1250          *      There are no SYN attacks on IPv6, yet...        
1251          */
1252         if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1253                 if (net_ratelimit())
1254                         printk(KERN_INFO "TCPv6: dropping request, synflood is possible\n");
1255                 goto drop;              
1256         }
1257
1258         if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1259                 goto drop;
1260
1261         req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
1262         if (req == NULL)
1263                 goto drop;
1264
1265 #ifdef CONFIG_TCP_MD5SIG
1266         tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
1267 #endif
1268
1269         tcp_clear_options(&tmp_opt);
1270         tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1271         tmp_opt.user_mss = tp->rx_opt.user_mss;
1272
1273         tcp_parse_options(skb, &tmp_opt, 0);
1274
1275         tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1276         tcp_openreq_init(req, &tmp_opt, skb);
1277
1278         treq = inet6_rsk(req);
1279         ipv6_addr_copy(&treq->rmt_addr, &skb->nh.ipv6h->saddr);
1280         ipv6_addr_copy(&treq->loc_addr, &skb->nh.ipv6h->daddr);
1281         TCP_ECN_create_request(req, skb->h.th);
1282         treq->pktopts = NULL;
1283         if (ipv6_opt_accepted(sk, skb) ||
1284             np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1285             np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1286                 atomic_inc(&skb->users);
1287                 treq->pktopts = skb;
1288         }
1289         treq->iif = sk->sk_bound_dev_if;
1290
1291         /* So that link locals have meaning */
1292         if (!sk->sk_bound_dev_if &&
1293             ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1294                 treq->iif = inet6_iif(skb);
1295
1296         if (isn == 0) 
1297                 isn = tcp_v6_init_sequence(skb);
1298
1299         tcp_rsk(req)->snt_isn = isn;
1300
1301         security_inet_conn_request(sk, skb, req);
1302
1303         if (tcp_v6_send_synack(sk, req, NULL))
1304                 goto drop;
1305
1306         inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1307         return 0;
1308
1309 drop:
1310         if (req)
1311                 reqsk_free(req);
1312
1313         return 0; /* don't send reset */
1314 }
1315
1316 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1317                                           struct request_sock *req,
1318                                           struct dst_entry *dst)
1319 {
1320         struct inet6_request_sock *treq = inet6_rsk(req);
1321         struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1322         struct tcp6_sock *newtcp6sk;
1323         struct inet_sock *newinet;
1324         struct tcp_sock *newtp;
1325         struct sock *newsk;
1326         struct ipv6_txoptions *opt;
1327 #ifdef CONFIG_TCP_MD5SIG
1328         struct tcp_md5sig_key *key;
1329 #endif
1330
1331         if (skb->protocol == htons(ETH_P_IP)) {
1332                 /*
1333                  *      v6 mapped
1334                  */
1335
1336                 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1337
1338                 if (newsk == NULL) 
1339                         return NULL;
1340
1341                 newtcp6sk = (struct tcp6_sock *)newsk;
1342                 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1343
1344                 newinet = inet_sk(newsk);
1345                 newnp = inet6_sk(newsk);
1346                 newtp = tcp_sk(newsk);
1347
1348                 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1349
1350                 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF),
1351                               newinet->daddr);
1352
1353                 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF),
1354                               newinet->saddr);
1355
1356                 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1357
1358                 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1359                 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1360 #ifdef CONFIG_TCP_MD5SIG
1361                 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1362 #endif
1363
1364                 newnp->pktoptions  = NULL;
1365                 newnp->opt         = NULL;
1366                 newnp->mcast_oif   = inet6_iif(skb);
1367                 newnp->mcast_hops  = skb->nh.ipv6h->hop_limit;
1368
1369                 /*
1370                  * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1371                  * here, tcp_create_openreq_child now does this for us, see the comment in
1372                  * that function for the gory details. -acme
1373                  */
1374
1375                 /* It is tricky place. Until this moment IPv4 tcp
1376                    worked with IPv6 icsk.icsk_af_ops.
1377                    Sync it now.
1378                  */
1379                 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1380
1381                 return newsk;
1382         }
1383
1384         opt = np->opt;
1385
1386         if (sk_acceptq_is_full(sk))
1387                 goto out_overflow;
1388
1389         if (np->rxopt.bits.osrcrt == 2 &&
1390             opt == NULL && treq->pktopts) {
1391                 struct inet6_skb_parm *rxopt = IP6CB(treq->pktopts);
1392                 if (rxopt->srcrt)
1393                         opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr *)(treq->pktopts->nh.raw + rxopt->srcrt));
1394         }
1395
1396         if (dst == NULL) {
1397                 struct in6_addr *final_p = NULL, final;
1398                 struct flowi fl;
1399
1400                 memset(&fl, 0, sizeof(fl));
1401                 fl.proto = IPPROTO_TCP;
1402                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
1403                 if (opt && opt->srcrt) {
1404                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
1405                         ipv6_addr_copy(&final, &fl.fl6_dst);
1406                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1407                         final_p = &final;
1408                 }
1409                 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
1410                 fl.oif = sk->sk_bound_dev_if;
1411                 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
1412                 fl.fl_ip_sport = inet_sk(sk)->sport;
1413                 security_req_classify_flow(req, &fl);
1414
1415                 if (ip6_dst_lookup(sk, &dst, &fl))
1416                         goto out;
1417
1418                 if (final_p)
1419                         ipv6_addr_copy(&fl.fl6_dst, final_p);
1420
1421                 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
1422                         goto out;
1423         } 
1424
1425         newsk = tcp_create_openreq_child(sk, req, skb);
1426         if (newsk == NULL)
1427                 goto out;
1428
1429         /*
1430          * No need to charge this sock to the relevant IPv6 refcnt debug socks
1431          * count here, tcp_create_openreq_child now does this for us, see the
1432          * comment in that function for the gory details. -acme
1433          */
1434
1435         newsk->sk_gso_type = SKB_GSO_TCPV6;
1436         __ip6_dst_store(newsk, dst, NULL, NULL);
1437
1438         newtcp6sk = (struct tcp6_sock *)newsk;
1439         inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1440
1441         newtp = tcp_sk(newsk);
1442         newinet = inet_sk(newsk);
1443         newnp = inet6_sk(newsk);
1444
1445         memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1446
1447         ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1448         ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1449         ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1450         newsk->sk_bound_dev_if = treq->iif;
1451
1452         /* Now IPv6 options... 
1453
1454            First: no IPv4 options.
1455          */
1456         newinet->opt = NULL;
1457
1458         /* Clone RX bits */
1459         newnp->rxopt.all = np->rxopt.all;
1460
1461         /* Clone pktoptions received with SYN */
1462         newnp->pktoptions = NULL;
1463         if (treq->pktopts != NULL) {
1464                 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1465                 kfree_skb(treq->pktopts);
1466                 treq->pktopts = NULL;
1467                 if (newnp->pktoptions)
1468                         skb_set_owner_r(newnp->pktoptions, newsk);
1469         }
1470         newnp->opt        = NULL;
1471         newnp->mcast_oif  = inet6_iif(skb);
1472         newnp->mcast_hops = skb->nh.ipv6h->hop_limit;
1473
1474         /* Clone native IPv6 options from listening socket (if any)
1475
1476            Yes, keeping reference count would be much more clever,
1477            but we make one more one thing there: reattach optmem
1478            to newsk.
1479          */
1480         if (opt) {
1481                 newnp->opt = ipv6_dup_options(newsk, opt);
1482                 if (opt != np->opt)
1483                         sock_kfree_s(sk, opt, opt->tot_len);
1484         }
1485
1486         inet_csk(newsk)->icsk_ext_hdr_len = 0;
1487         if (newnp->opt)
1488                 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1489                                                      newnp->opt->opt_flen);
1490
1491         tcp_mtup_init(newsk);
1492         tcp_sync_mss(newsk, dst_mtu(dst));
1493         newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1494         tcp_initialize_rcv_mss(newsk);
1495
1496         newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
1497
1498 #ifdef CONFIG_TCP_MD5SIG
1499         /* Copy over the MD5 key from the original socket */
1500         if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
1501                 /* We're using one, so create a matching key
1502                  * on the newsk structure. If we fail to get
1503                  * memory, then we end up not copying the key
1504                  * across. Shucks.
1505                  */
1506                 char *newkey = kmalloc(key->keylen, GFP_ATOMIC);
1507                 if (newkey) {
1508                         memcpy(newkey, key->key, key->keylen);
1509                         tcp_v6_md5_do_add(newsk, &inet6_sk(sk)->daddr,
1510                                           newkey, key->keylen);
1511                 }
1512         }
1513 #endif
1514
1515         __inet6_hash(&tcp_hashinfo, newsk);
1516         inet_inherit_port(&tcp_hashinfo, sk, newsk);
1517
1518         return newsk;
1519
1520 out_overflow:
1521         NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
1522 out:
1523         NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
1524         if (opt && opt != np->opt)
1525                 sock_kfree_s(sk, opt, opt->tot_len);
1526         dst_release(dst);
1527         return NULL;
1528 }
1529
1530 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1531 {
1532         if (skb->ip_summed == CHECKSUM_COMPLETE) {
1533                 if (!tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1534                                   &skb->nh.ipv6h->daddr,skb->csum)) {
1535                         skb->ip_summed = CHECKSUM_UNNECESSARY;
1536                         return 0;
1537                 }
1538         }
1539
1540         skb->csum = ~csum_unfold(tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1541                                   &skb->nh.ipv6h->daddr, 0));
1542
1543         if (skb->len <= 76) {
1544                 return __skb_checksum_complete(skb);
1545         }
1546         return 0;
1547 }
1548
1549 /* The socket must have it's spinlock held when we get
1550  * here.
1551  *
1552  * We have a potential double-lock case here, so even when
1553  * doing backlog processing we use the BH locking scheme.
1554  * This is because we cannot sleep with the original spinlock
1555  * held.
1556  */
1557 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1558 {
1559         struct ipv6_pinfo *np = inet6_sk(sk);
1560         struct tcp_sock *tp;
1561         struct sk_buff *opt_skb = NULL;
1562
1563         /* Imagine: socket is IPv6. IPv4 packet arrives,
1564            goes to IPv4 receive handler and backlogged.
1565            From backlog it always goes here. Kerboom...
1566            Fortunately, tcp_rcv_established and rcv_established
1567            handle them correctly, but it is not case with
1568            tcp_v6_hnd_req and tcp_v6_send_reset().   --ANK
1569          */
1570
1571         if (skb->protocol == htons(ETH_P_IP))
1572                 return tcp_v4_do_rcv(sk, skb);
1573
1574 #ifdef CONFIG_TCP_MD5SIG
1575         if (tcp_v6_inbound_md5_hash (sk, skb))
1576                 goto discard;
1577 #endif
1578
1579         if (sk_filter(sk, skb))
1580                 goto discard;
1581
1582         /*
1583          *      socket locking is here for SMP purposes as backlog rcv
1584          *      is currently called with bh processing disabled.
1585          */
1586
1587         /* Do Stevens' IPV6_PKTOPTIONS.
1588
1589            Yes, guys, it is the only place in our code, where we
1590            may make it not affecting IPv4.
1591            The rest of code is protocol independent,
1592            and I do not like idea to uglify IPv4.
1593
1594            Actually, all the idea behind IPV6_PKTOPTIONS
1595            looks not very well thought. For now we latch
1596            options, received in the last packet, enqueued
1597            by tcp. Feel free to propose better solution.
1598                                                --ANK (980728)
1599          */
1600         if (np->rxopt.all)
1601                 opt_skb = skb_clone(skb, GFP_ATOMIC);
1602
1603         if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1604                 TCP_CHECK_TIMER(sk);
1605                 if (tcp_rcv_established(sk, skb, skb->h.th, skb->len))
1606                         goto reset;
1607                 TCP_CHECK_TIMER(sk);
1608                 if (opt_skb)
1609                         goto ipv6_pktoptions;
1610                 return 0;
1611         }
1612
1613         if (skb->len < (skb->h.th->doff<<2) || tcp_checksum_complete(skb))
1614                 goto csum_err;
1615
1616         if (sk->sk_state == TCP_LISTEN) { 
1617                 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1618                 if (!nsk)
1619                         goto discard;
1620
1621                 /*
1622                  * Queue it on the new socket if the new socket is active,
1623                  * otherwise we just shortcircuit this and continue with
1624                  * the new socket..
1625                  */
1626                 if(nsk != sk) {
1627                         if (tcp_child_process(sk, nsk, skb))
1628                                 goto reset;
1629                         if (opt_skb)
1630                                 __kfree_skb(opt_skb);
1631                         return 0;
1632                 }
1633         }
1634
1635         TCP_CHECK_TIMER(sk);
1636         if (tcp_rcv_state_process(sk, skb, skb->h.th, skb->len))
1637                 goto reset;
1638         TCP_CHECK_TIMER(sk);
1639         if (opt_skb)
1640                 goto ipv6_pktoptions;
1641         return 0;
1642
1643 reset:
1644         tcp_v6_send_reset(sk, skb);
1645 discard:
1646         if (opt_skb)
1647                 __kfree_skb(opt_skb);
1648         kfree_skb(skb);
1649         return 0;
1650 csum_err:
1651         TCP_INC_STATS_BH(TCP_MIB_INERRS);
1652         goto discard;
1653
1654
1655 ipv6_pktoptions:
1656         /* Do you ask, what is it?
1657
1658            1. skb was enqueued by tcp.
1659            2. skb is added to tail of read queue, rather than out of order.
1660            3. socket is not in passive state.
1661            4. Finally, it really contains options, which user wants to receive.
1662          */
1663         tp = tcp_sk(sk);
1664         if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1665             !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1666                 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1667                         np->mcast_oif = inet6_iif(opt_skb);
1668                 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1669                         np->mcast_hops = opt_skb->nh.ipv6h->hop_limit;
1670                 if (ipv6_opt_accepted(sk, opt_skb)) {
1671                         skb_set_owner_r(opt_skb, sk);
1672                         opt_skb = xchg(&np->pktoptions, opt_skb);
1673                 } else {
1674                         __kfree_skb(opt_skb);
1675                         opt_skb = xchg(&np->pktoptions, NULL);
1676                 }
1677         }
1678
1679         if (opt_skb)
1680                 kfree_skb(opt_skb);
1681         return 0;
1682 }
1683
1684 static int tcp_v6_rcv(struct sk_buff **pskb)
1685 {
1686         struct sk_buff *skb = *pskb;
1687         struct tcphdr *th;      
1688         struct sock *sk;
1689         int ret;
1690
1691         if (skb->pkt_type != PACKET_HOST)
1692                 goto discard_it;
1693
1694         /*
1695          *      Count it even if it's bad.
1696          */
1697         TCP_INC_STATS_BH(TCP_MIB_INSEGS);
1698
1699         if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1700                 goto discard_it;
1701
1702         th = skb->h.th;
1703
1704         if (th->doff < sizeof(struct tcphdr)/4)
1705                 goto bad_packet;
1706         if (!pskb_may_pull(skb, th->doff*4))
1707                 goto discard_it;
1708
1709         if ((skb->ip_summed != CHECKSUM_UNNECESSARY &&
1710              tcp_v6_checksum_init(skb)))
1711                 goto bad_packet;
1712
1713         th = skb->h.th;
1714         TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1715         TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1716                                     skb->len - th->doff*4);
1717         TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1718         TCP_SKB_CB(skb)->when = 0;
1719         TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(skb->nh.ipv6h);
1720         TCP_SKB_CB(skb)->sacked = 0;
1721
1722         sk = __inet6_lookup(&tcp_hashinfo, &skb->nh.ipv6h->saddr, th->source,
1723                             &skb->nh.ipv6h->daddr, ntohs(th->dest),
1724                             inet6_iif(skb));
1725
1726         if (!sk)
1727                 goto no_tcp_socket;
1728
1729 process:
1730         if (sk->sk_state == TCP_TIME_WAIT)
1731                 goto do_time_wait;
1732
1733         if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1734                 goto discard_and_relse;
1735
1736         if (sk_filter(sk, skb))
1737                 goto discard_and_relse;
1738
1739         skb->dev = NULL;
1740
1741         bh_lock_sock_nested(sk);
1742         ret = 0;
1743         if (!sock_owned_by_user(sk)) {
1744 #ifdef CONFIG_NET_DMA
1745                 struct tcp_sock *tp = tcp_sk(sk);
1746                 if (tp->ucopy.dma_chan)
1747                         ret = tcp_v6_do_rcv(sk, skb);
1748                 else
1749 #endif
1750                 {
1751                         if (!tcp_prequeue(sk, skb))
1752                                 ret = tcp_v6_do_rcv(sk, skb);
1753                 }
1754         } else
1755                 sk_add_backlog(sk, skb);
1756         bh_unlock_sock(sk);
1757
1758         sock_put(sk);
1759         return ret ? -1 : 0;
1760
1761 no_tcp_socket:
1762         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1763                 goto discard_it;
1764
1765         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1766 bad_packet:
1767                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1768         } else {
1769                 tcp_v6_send_reset(NULL, skb);
1770         }
1771
1772 discard_it:
1773
1774         /*
1775          *      Discard frame
1776          */
1777
1778         kfree_skb(skb);
1779         return 0;
1780
1781 discard_and_relse:
1782         sock_put(sk);
1783         goto discard_it;
1784
1785 do_time_wait:
1786         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1787                 inet_twsk_put(inet_twsk(sk));
1788                 goto discard_it;
1789         }
1790
1791         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1792                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1793                 inet_twsk_put(inet_twsk(sk));
1794                 goto discard_it;
1795         }
1796
1797         switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1798         case TCP_TW_SYN:
1799         {
1800                 struct sock *sk2;
1801
1802                 sk2 = inet6_lookup_listener(&tcp_hashinfo,
1803                                             &skb->nh.ipv6h->daddr,
1804                                             ntohs(th->dest), inet6_iif(skb));
1805                 if (sk2 != NULL) {
1806                         struct inet_timewait_sock *tw = inet_twsk(sk);
1807                         inet_twsk_deschedule(tw, &tcp_death_row);
1808                         inet_twsk_put(tw);
1809                         sk = sk2;
1810                         goto process;
1811                 }
1812                 /* Fall through to ACK */
1813         }
1814         case TCP_TW_ACK:
1815                 tcp_v6_timewait_ack(sk, skb);
1816                 break;
1817         case TCP_TW_RST:
1818                 goto no_tcp_socket;
1819         case TCP_TW_SUCCESS:;
1820         }
1821         goto discard_it;
1822 }
1823
1824 static int tcp_v6_remember_stamp(struct sock *sk)
1825 {
1826         /* Alas, not yet... */
1827         return 0;
1828 }
1829
1830 static struct inet_connection_sock_af_ops ipv6_specific = {
1831         .queue_xmit        = inet6_csk_xmit,
1832         .send_check        = tcp_v6_send_check,
1833         .rebuild_header    = inet6_sk_rebuild_header,
1834         .conn_request      = tcp_v6_conn_request,
1835         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1836         .remember_stamp    = tcp_v6_remember_stamp,
1837         .net_header_len    = sizeof(struct ipv6hdr),
1838         .setsockopt        = ipv6_setsockopt,
1839         .getsockopt        = ipv6_getsockopt,
1840         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1841         .sockaddr_len      = sizeof(struct sockaddr_in6),
1842 #ifdef CONFIG_COMPAT
1843         .compat_setsockopt = compat_ipv6_setsockopt,
1844         .compat_getsockopt = compat_ipv6_getsockopt,
1845 #endif
1846 };
1847
1848 #ifdef CONFIG_TCP_MD5SIG
1849 static struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1850         .md5_lookup     =       tcp_v6_md5_lookup,
1851         .calc_md5_hash  =       tcp_v6_calc_md5_hash,
1852         .md5_add        =       tcp_v6_md5_add_func,
1853         .md5_parse      =       tcp_v6_parse_md5_keys,
1854 };
1855 #endif
1856
1857 /*
1858  *      TCP over IPv4 via INET6 API
1859  */
1860
1861 static struct inet_connection_sock_af_ops ipv6_mapped = {
1862         .queue_xmit        = ip_queue_xmit,
1863         .send_check        = tcp_v4_send_check,
1864         .rebuild_header    = inet_sk_rebuild_header,
1865         .conn_request      = tcp_v6_conn_request,
1866         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1867         .remember_stamp    = tcp_v4_remember_stamp,
1868         .net_header_len    = sizeof(struct iphdr),
1869         .setsockopt        = ipv6_setsockopt,
1870         .getsockopt        = ipv6_getsockopt,
1871         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1872         .sockaddr_len      = sizeof(struct sockaddr_in6),
1873 #ifdef CONFIG_COMPAT
1874         .compat_setsockopt = compat_ipv6_setsockopt,
1875         .compat_getsockopt = compat_ipv6_getsockopt,
1876 #endif
1877 };
1878
1879 #ifdef CONFIG_TCP_MD5SIG
1880 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1881         .md5_lookup     =       tcp_v4_md5_lookup,
1882         .calc_md5_hash  =       tcp_v4_calc_md5_hash,
1883         .md5_add        =       tcp_v6_md5_add_func,
1884         .md5_parse      =       tcp_v6_parse_md5_keys,
1885 };
1886 #endif
1887
1888 /* NOTE: A lot of things set to zero explicitly by call to
1889  *       sk_alloc() so need not be done here.
1890  */
1891 static int tcp_v6_init_sock(struct sock *sk)
1892 {
1893         struct inet_connection_sock *icsk = inet_csk(sk);
1894         struct tcp_sock *tp = tcp_sk(sk);
1895
1896         skb_queue_head_init(&tp->out_of_order_queue);
1897         tcp_init_xmit_timers(sk);
1898         tcp_prequeue_init(tp);
1899
1900         icsk->icsk_rto = TCP_TIMEOUT_INIT;
1901         tp->mdev = TCP_TIMEOUT_INIT;
1902
1903         /* So many TCP implementations out there (incorrectly) count the
1904          * initial SYN frame in their delayed-ACK and congestion control
1905          * algorithms that we must have the following bandaid to talk
1906          * efficiently to them.  -DaveM
1907          */
1908         tp->snd_cwnd = 2;
1909
1910         /* See draft-stevens-tcpca-spec-01 for discussion of the
1911          * initialization of these values.
1912          */
1913         tp->snd_ssthresh = 0x7fffffff;
1914         tp->snd_cwnd_clamp = ~0;
1915         tp->mss_cache = 536;
1916
1917         tp->reordering = sysctl_tcp_reordering;
1918
1919         sk->sk_state = TCP_CLOSE;
1920
1921         icsk->icsk_af_ops = &ipv6_specific;
1922         icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1923         icsk->icsk_sync_mss = tcp_sync_mss;
1924         sk->sk_write_space = sk_stream_write_space;
1925         sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1926
1927 #ifdef CONFIG_TCP_MD5SIG
1928         tp->af_specific = &tcp_sock_ipv6_specific;
1929 #endif
1930
1931         sk->sk_sndbuf = sysctl_tcp_wmem[1];
1932         sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1933
1934         atomic_inc(&tcp_sockets_allocated);
1935
1936         return 0;
1937 }
1938
1939 static int tcp_v6_destroy_sock(struct sock *sk)
1940 {
1941 #ifdef CONFIG_TCP_MD5SIG
1942         /* Clean up the MD5 key list */
1943         if (tcp_sk(sk)->md5sig_info)
1944                 tcp_v6_clear_md5_list(sk);
1945 #endif
1946         tcp_v4_destroy_sock(sk);
1947         return inet6_destroy_sock(sk);
1948 }
1949
1950 /* Proc filesystem TCPv6 sock list dumping. */
1951 static void get_openreq6(struct seq_file *seq, 
1952                          struct sock *sk, struct request_sock *req, int i, int uid)
1953 {
1954         int ttd = req->expires - jiffies;
1955         struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1956         struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1957
1958         if (ttd < 0)
1959                 ttd = 0;
1960
1961         seq_printf(seq,
1962                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1963                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1964                    i,
1965                    src->s6_addr32[0], src->s6_addr32[1],
1966                    src->s6_addr32[2], src->s6_addr32[3],
1967                    ntohs(inet_sk(sk)->sport),
1968                    dest->s6_addr32[0], dest->s6_addr32[1],
1969                    dest->s6_addr32[2], dest->s6_addr32[3],
1970                    ntohs(inet_rsk(req)->rmt_port),
1971                    TCP_SYN_RECV,
1972                    0,0, /* could print option size, but that is af dependent. */
1973                    1,   /* timers active (only the expire timer) */  
1974                    jiffies_to_clock_t(ttd), 
1975                    req->retrans,
1976                    uid,
1977                    0,  /* non standard timer */  
1978                    0, /* open_requests have no inode */
1979                    0, req);
1980 }
1981
1982 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1983 {
1984         struct in6_addr *dest, *src;
1985         __u16 destp, srcp;
1986         int timer_active;
1987         unsigned long timer_expires;
1988         struct inet_sock *inet = inet_sk(sp);
1989         struct tcp_sock *tp = tcp_sk(sp);
1990         const struct inet_connection_sock *icsk = inet_csk(sp);
1991         struct ipv6_pinfo *np = inet6_sk(sp);
1992
1993         dest  = &np->daddr;
1994         src   = &np->rcv_saddr;
1995         destp = ntohs(inet->dport);
1996         srcp  = ntohs(inet->sport);
1997
1998         if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1999                 timer_active    = 1;
2000                 timer_expires   = icsk->icsk_timeout;
2001         } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2002                 timer_active    = 4;
2003                 timer_expires   = icsk->icsk_timeout;
2004         } else if (timer_pending(&sp->sk_timer)) {
2005                 timer_active    = 2;
2006                 timer_expires   = sp->sk_timer.expires;
2007         } else {
2008                 timer_active    = 0;
2009                 timer_expires = jiffies;
2010         }
2011
2012         seq_printf(seq,
2013                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2014                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %u %u %u %u %d\n",
2015                    i,
2016                    src->s6_addr32[0], src->s6_addr32[1],
2017                    src->s6_addr32[2], src->s6_addr32[3], srcp,
2018                    dest->s6_addr32[0], dest->s6_addr32[1],
2019                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
2020                    sp->sk_state, 
2021                    tp->write_seq-tp->snd_una,
2022                    (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
2023                    timer_active,
2024                    jiffies_to_clock_t(timer_expires - jiffies),
2025                    icsk->icsk_retransmits,
2026                    sock_i_uid(sp),
2027                    icsk->icsk_probes_out,
2028                    sock_i_ino(sp),
2029                    atomic_read(&sp->sk_refcnt), sp,
2030                    icsk->icsk_rto,
2031                    icsk->icsk_ack.ato,
2032                    (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
2033                    tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
2034                    );
2035 }
2036
2037 static void get_timewait6_sock(struct seq_file *seq, 
2038                                struct inet_timewait_sock *tw, int i)
2039 {
2040         struct in6_addr *dest, *src;
2041         __u16 destp, srcp;
2042         struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
2043         int ttd = tw->tw_ttd - jiffies;
2044
2045         if (ttd < 0)
2046                 ttd = 0;
2047
2048         dest = &tw6->tw_v6_daddr;
2049         src  = &tw6->tw_v6_rcv_saddr;
2050         destp = ntohs(tw->tw_dport);
2051         srcp  = ntohs(tw->tw_sport);
2052
2053         seq_printf(seq,
2054                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2055                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
2056                    i,
2057                    src->s6_addr32[0], src->s6_addr32[1],
2058                    src->s6_addr32[2], src->s6_addr32[3], srcp,
2059                    dest->s6_addr32[0], dest->s6_addr32[1],
2060                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
2061                    tw->tw_substate, 0, 0,
2062                    3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2063                    atomic_read(&tw->tw_refcnt), tw);
2064 }
2065
2066 #ifdef CONFIG_PROC_FS
2067 static int tcp6_seq_show(struct seq_file *seq, void *v)
2068 {
2069         struct tcp_iter_state *st;
2070
2071         if (v == SEQ_START_TOKEN) {
2072                 seq_puts(seq,
2073                          "  sl  "
2074                          "local_address                         "
2075                          "remote_address                        "
2076                          "st tx_queue rx_queue tr tm->when retrnsmt"
2077                          "   uid  timeout inode\n");
2078                 goto out;
2079         }
2080         st = seq->private;
2081
2082         switch (st->state) {
2083         case TCP_SEQ_STATE_LISTENING:
2084         case TCP_SEQ_STATE_ESTABLISHED:
2085                 get_tcp6_sock(seq, v, st->num);
2086                 break;
2087         case TCP_SEQ_STATE_OPENREQ:
2088                 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
2089                 break;
2090         case TCP_SEQ_STATE_TIME_WAIT:
2091                 get_timewait6_sock(seq, v, st->num);
2092                 break;
2093         }
2094 out:
2095         return 0;
2096 }
2097
2098 static struct file_operations tcp6_seq_fops;
2099 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2100         .owner          = THIS_MODULE,
2101         .name           = "tcp6",
2102         .family         = AF_INET6,
2103         .seq_show       = tcp6_seq_show,
2104         .seq_fops       = &tcp6_seq_fops,
2105 };
2106
2107 int __init tcp6_proc_init(void)
2108 {
2109         return tcp_proc_register(&tcp6_seq_afinfo);
2110 }
2111
2112 void tcp6_proc_exit(void)
2113 {
2114         tcp_proc_unregister(&tcp6_seq_afinfo);
2115 }
2116 #endif
2117
2118 struct proto tcpv6_prot = {
2119         .name                   = "TCPv6",
2120         .owner                  = THIS_MODULE,
2121         .close                  = tcp_close,
2122         .connect                = tcp_v6_connect,
2123         .disconnect             = tcp_disconnect,
2124         .accept                 = inet_csk_accept,
2125         .ioctl                  = tcp_ioctl,
2126         .init                   = tcp_v6_init_sock,
2127         .destroy                = tcp_v6_destroy_sock,
2128         .shutdown               = tcp_shutdown,
2129         .setsockopt             = tcp_setsockopt,
2130         .getsockopt             = tcp_getsockopt,
2131         .sendmsg                = tcp_sendmsg,
2132         .recvmsg                = tcp_recvmsg,
2133         .backlog_rcv            = tcp_v6_do_rcv,
2134         .hash                   = tcp_v6_hash,
2135         .unhash                 = tcp_unhash,
2136         .get_port               = tcp_v6_get_port,
2137         .enter_memory_pressure  = tcp_enter_memory_pressure,
2138         .sockets_allocated      = &tcp_sockets_allocated,
2139         .memory_allocated       = &tcp_memory_allocated,
2140         .memory_pressure        = &tcp_memory_pressure,
2141         .orphan_count           = &tcp_orphan_count,
2142         .sysctl_mem             = sysctl_tcp_mem,
2143         .sysctl_wmem            = sysctl_tcp_wmem,
2144         .sysctl_rmem            = sysctl_tcp_rmem,
2145         .max_header             = MAX_TCP_HEADER,
2146         .obj_size               = sizeof(struct tcp6_sock),
2147         .twsk_prot              = &tcp6_timewait_sock_ops,
2148         .rsk_prot               = &tcp6_request_sock_ops,
2149 #ifdef CONFIG_COMPAT
2150         .compat_setsockopt      = compat_tcp_setsockopt,
2151         .compat_getsockopt      = compat_tcp_getsockopt,
2152 #endif
2153 };
2154
2155 static struct inet6_protocol tcpv6_protocol = {
2156         .handler        =       tcp_v6_rcv,
2157         .err_handler    =       tcp_v6_err,
2158         .gso_send_check =       tcp_v6_gso_send_check,
2159         .gso_segment    =       tcp_tso_segment,
2160         .flags          =       INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2161 };
2162
2163 static struct inet_protosw tcpv6_protosw = {
2164         .type           =       SOCK_STREAM,
2165         .protocol       =       IPPROTO_TCP,
2166         .prot           =       &tcpv6_prot,
2167         .ops            =       &inet6_stream_ops,
2168         .capability     =       -1,
2169         .no_check       =       0,
2170         .flags          =       INET_PROTOSW_PERMANENT |
2171                                 INET_PROTOSW_ICSK,
2172 };
2173
2174 void __init tcpv6_init(void)
2175 {
2176         /* register inet6 protocol */
2177         if (inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP) < 0)
2178                 printk(KERN_ERR "tcpv6_init: Could not register protocol\n");
2179         inet6_register_protosw(&tcpv6_protosw);
2180
2181         if (inet_csk_ctl_sock_create(&tcp6_socket, PF_INET6, SOCK_RAW,
2182                                      IPPROTO_TCP) < 0)
2183                 panic("Failed to create the TCPv6 control socket.\n");
2184 }