Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mfashe...
[linux-2.6] / net / ipv6 / tcp_ipv6.c
1 /*
2  *      TCP over IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *
8  *      $Id: tcp_ipv6.c,v 1.144 2002/02/01 22:01:04 davem Exp $
9  *
10  *      Based on:
11  *      linux/net/ipv4/tcp.c
12  *      linux/net/ipv4/tcp_input.c
13  *      linux/net/ipv4/tcp_output.c
14  *
15  *      Fixes:
16  *      Hideaki YOSHIFUJI       :       sin6_scope_id support
17  *      YOSHIFUJI Hideaki @USAGI and:   Support IPV6_V6ONLY socket option, which
18  *      Alexey Kuznetsov                allow both IPv4 and IPv6 sockets to bind
19  *                                      a single port at the same time.
20  *      YOSHIFUJI Hideaki @USAGI:       convert /proc/net/tcp6 to seq_file.
21  *
22  *      This program is free software; you can redistribute it and/or
23  *      modify it under the terms of the GNU General Public License
24  *      as published by the Free Software Foundation; either version
25  *      2 of the License, or (at your option) any later version.
26  */
27
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/net.h>
34 #include <linux/jiffies.h>
35 #include <linux/in.h>
36 #include <linux/in6.h>
37 #include <linux/netdevice.h>
38 #include <linux/init.h>
39 #include <linux/jhash.h>
40 #include <linux/ipsec.h>
41 #include <linux/times.h>
42
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
46
47 #include <net/tcp.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
51 #include <net/ipv6.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
58 #include <net/xfrm.h>
59 #include <net/snmp.h>
60 #include <net/dsfield.h>
61 #include <net/timewait_sock.h>
62 #include <net/netdma.h>
63 #include <net/inet_common.h>
64
65 #include <asm/uaccess.h>
66
67 #include <linux/proc_fs.h>
68 #include <linux/seq_file.h>
69
70 #include <linux/crypto.h>
71 #include <linux/scatterlist.h>
72
73 static void     tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
74 static void     tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req);
75 static void     tcp_v6_send_check(struct sock *sk, int len,
76                                   struct sk_buff *skb);
77
78 static int      tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
79
80 static struct inet_connection_sock_af_ops ipv6_mapped;
81 static struct inet_connection_sock_af_ops ipv6_specific;
82 #ifdef CONFIG_TCP_MD5SIG
83 static struct tcp_sock_af_ops tcp_sock_ipv6_specific;
84 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
85 #endif
86
87 static void tcp_v6_hash(struct sock *sk)
88 {
89         if (sk->sk_state != TCP_CLOSE) {
90                 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
91                         tcp_prot.hash(sk);
92                         return;
93                 }
94                 local_bh_disable();
95                 __inet6_hash(sk);
96                 local_bh_enable();
97         }
98 }
99
100 static __inline__ __sum16 tcp_v6_check(struct tcphdr *th, int len,
101                                    struct in6_addr *saddr,
102                                    struct in6_addr *daddr,
103                                    __wsum base)
104 {
105         return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
106 }
107
108 static __u32 tcp_v6_init_sequence(struct sk_buff *skb)
109 {
110         return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
111                                             ipv6_hdr(skb)->saddr.s6_addr32,
112                                             tcp_hdr(skb)->dest,
113                                             tcp_hdr(skb)->source);
114 }
115
116 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
117                           int addr_len)
118 {
119         struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
120         struct inet_sock *inet = inet_sk(sk);
121         struct inet_connection_sock *icsk = inet_csk(sk);
122         struct ipv6_pinfo *np = inet6_sk(sk);
123         struct tcp_sock *tp = tcp_sk(sk);
124         struct in6_addr *saddr = NULL, *final_p = NULL, final;
125         struct flowi fl;
126         struct dst_entry *dst;
127         int addr_type;
128         int err;
129
130         if (addr_len < SIN6_LEN_RFC2133)
131                 return -EINVAL;
132
133         if (usin->sin6_family != AF_INET6)
134                 return(-EAFNOSUPPORT);
135
136         memset(&fl, 0, sizeof(fl));
137
138         if (np->sndflow) {
139                 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
140                 IP6_ECN_flow_init(fl.fl6_flowlabel);
141                 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
142                         struct ip6_flowlabel *flowlabel;
143                         flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
144                         if (flowlabel == NULL)
145                                 return -EINVAL;
146                         ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
147                         fl6_sock_release(flowlabel);
148                 }
149         }
150
151         /*
152          *      connect() to INADDR_ANY means loopback (BSD'ism).
153          */
154
155         if(ipv6_addr_any(&usin->sin6_addr))
156                 usin->sin6_addr.s6_addr[15] = 0x1;
157
158         addr_type = ipv6_addr_type(&usin->sin6_addr);
159
160         if(addr_type & IPV6_ADDR_MULTICAST)
161                 return -ENETUNREACH;
162
163         if (addr_type&IPV6_ADDR_LINKLOCAL) {
164                 if (addr_len >= sizeof(struct sockaddr_in6) &&
165                     usin->sin6_scope_id) {
166                         /* If interface is set while binding, indices
167                          * must coincide.
168                          */
169                         if (sk->sk_bound_dev_if &&
170                             sk->sk_bound_dev_if != usin->sin6_scope_id)
171                                 return -EINVAL;
172
173                         sk->sk_bound_dev_if = usin->sin6_scope_id;
174                 }
175
176                 /* Connect to link-local address requires an interface */
177                 if (!sk->sk_bound_dev_if)
178                         return -EINVAL;
179         }
180
181         if (tp->rx_opt.ts_recent_stamp &&
182             !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
183                 tp->rx_opt.ts_recent = 0;
184                 tp->rx_opt.ts_recent_stamp = 0;
185                 tp->write_seq = 0;
186         }
187
188         ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
189         np->flow_label = fl.fl6_flowlabel;
190
191         /*
192          *      TCP over IPv4
193          */
194
195         if (addr_type == IPV6_ADDR_MAPPED) {
196                 u32 exthdrlen = icsk->icsk_ext_hdr_len;
197                 struct sockaddr_in sin;
198
199                 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
200
201                 if (__ipv6_only_sock(sk))
202                         return -ENETUNREACH;
203
204                 sin.sin_family = AF_INET;
205                 sin.sin_port = usin->sin6_port;
206                 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
207
208                 icsk->icsk_af_ops = &ipv6_mapped;
209                 sk->sk_backlog_rcv = tcp_v4_do_rcv;
210 #ifdef CONFIG_TCP_MD5SIG
211                 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
212 #endif
213
214                 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
215
216                 if (err) {
217                         icsk->icsk_ext_hdr_len = exthdrlen;
218                         icsk->icsk_af_ops = &ipv6_specific;
219                         sk->sk_backlog_rcv = tcp_v6_do_rcv;
220 #ifdef CONFIG_TCP_MD5SIG
221                         tp->af_specific = &tcp_sock_ipv6_specific;
222 #endif
223                         goto failure;
224                 } else {
225                         ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF),
226                                       inet->saddr);
227                         ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF),
228                                       inet->rcv_saddr);
229                 }
230
231                 return err;
232         }
233
234         if (!ipv6_addr_any(&np->rcv_saddr))
235                 saddr = &np->rcv_saddr;
236
237         fl.proto = IPPROTO_TCP;
238         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
239         ipv6_addr_copy(&fl.fl6_src,
240                        (saddr ? saddr : &np->saddr));
241         fl.oif = sk->sk_bound_dev_if;
242         fl.fl_ip_dport = usin->sin6_port;
243         fl.fl_ip_sport = inet->sport;
244
245         if (np->opt && np->opt->srcrt) {
246                 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
247                 ipv6_addr_copy(&final, &fl.fl6_dst);
248                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
249                 final_p = &final;
250         }
251
252         security_sk_classify_flow(sk, &fl);
253
254         err = ip6_dst_lookup(sk, &dst, &fl);
255         if (err)
256                 goto failure;
257         if (final_p)
258                 ipv6_addr_copy(&fl.fl6_dst, final_p);
259
260         if ((err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT)) < 0) {
261                 if (err == -EREMOTE)
262                         err = ip6_dst_blackhole(sk, &dst, &fl);
263                 if (err < 0)
264                         goto failure;
265         }
266
267         if (saddr == NULL) {
268                 saddr = &fl.fl6_src;
269                 ipv6_addr_copy(&np->rcv_saddr, saddr);
270         }
271
272         /* set the source address */
273         ipv6_addr_copy(&np->saddr, saddr);
274         inet->rcv_saddr = LOOPBACK4_IPV6;
275
276         sk->sk_gso_type = SKB_GSO_TCPV6;
277         __ip6_dst_store(sk, dst, NULL, NULL);
278
279         icsk->icsk_ext_hdr_len = 0;
280         if (np->opt)
281                 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
282                                           np->opt->opt_nflen);
283
284         tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
285
286         inet->dport = usin->sin6_port;
287
288         tcp_set_state(sk, TCP_SYN_SENT);
289         err = inet6_hash_connect(&tcp_death_row, sk);
290         if (err)
291                 goto late_failure;
292
293         if (!tp->write_seq)
294                 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
295                                                              np->daddr.s6_addr32,
296                                                              inet->sport,
297                                                              inet->dport);
298
299         err = tcp_connect(sk);
300         if (err)
301                 goto late_failure;
302
303         return 0;
304
305 late_failure:
306         tcp_set_state(sk, TCP_CLOSE);
307         __sk_dst_reset(sk);
308 failure:
309         inet->dport = 0;
310         sk->sk_route_caps = 0;
311         return err;
312 }
313
314 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
315                 int type, int code, int offset, __be32 info)
316 {
317         struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
318         const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
319         struct ipv6_pinfo *np;
320         struct sock *sk;
321         int err;
322         struct tcp_sock *tp;
323         __u32 seq;
324
325         sk = inet6_lookup(dev_net(skb->dev), &tcp_hashinfo, &hdr->daddr,
326                         th->dest, &hdr->saddr, th->source, skb->dev->ifindex);
327
328         if (sk == NULL) {
329                 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
330                 return;
331         }
332
333         if (sk->sk_state == TCP_TIME_WAIT) {
334                 inet_twsk_put(inet_twsk(sk));
335                 return;
336         }
337
338         bh_lock_sock(sk);
339         if (sock_owned_by_user(sk))
340                 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
341
342         if (sk->sk_state == TCP_CLOSE)
343                 goto out;
344
345         tp = tcp_sk(sk);
346         seq = ntohl(th->seq);
347         if (sk->sk_state != TCP_LISTEN &&
348             !between(seq, tp->snd_una, tp->snd_nxt)) {
349                 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
350                 goto out;
351         }
352
353         np = inet6_sk(sk);
354
355         if (type == ICMPV6_PKT_TOOBIG) {
356                 struct dst_entry *dst = NULL;
357
358                 if (sock_owned_by_user(sk))
359                         goto out;
360                 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
361                         goto out;
362
363                 /* icmp should have updated the destination cache entry */
364                 dst = __sk_dst_check(sk, np->dst_cookie);
365
366                 if (dst == NULL) {
367                         struct inet_sock *inet = inet_sk(sk);
368                         struct flowi fl;
369
370                         /* BUGGG_FUTURE: Again, it is not clear how
371                            to handle rthdr case. Ignore this complexity
372                            for now.
373                          */
374                         memset(&fl, 0, sizeof(fl));
375                         fl.proto = IPPROTO_TCP;
376                         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
377                         ipv6_addr_copy(&fl.fl6_src, &np->saddr);
378                         fl.oif = sk->sk_bound_dev_if;
379                         fl.fl_ip_dport = inet->dport;
380                         fl.fl_ip_sport = inet->sport;
381                         security_skb_classify_flow(skb, &fl);
382
383                         if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
384                                 sk->sk_err_soft = -err;
385                                 goto out;
386                         }
387
388                         if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
389                                 sk->sk_err_soft = -err;
390                                 goto out;
391                         }
392
393                 } else
394                         dst_hold(dst);
395
396                 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
397                         tcp_sync_mss(sk, dst_mtu(dst));
398                         tcp_simple_retransmit(sk);
399                 } /* else let the usual retransmit timer handle it */
400                 dst_release(dst);
401                 goto out;
402         }
403
404         icmpv6_err_convert(type, code, &err);
405
406         /* Might be for an request_sock */
407         switch (sk->sk_state) {
408                 struct request_sock *req, **prev;
409         case TCP_LISTEN:
410                 if (sock_owned_by_user(sk))
411                         goto out;
412
413                 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
414                                            &hdr->saddr, inet6_iif(skb));
415                 if (!req)
416                         goto out;
417
418                 /* ICMPs are not backlogged, hence we cannot get
419                  * an established socket here.
420                  */
421                 BUG_TRAP(req->sk == NULL);
422
423                 if (seq != tcp_rsk(req)->snt_isn) {
424                         NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
425                         goto out;
426                 }
427
428                 inet_csk_reqsk_queue_drop(sk, req, prev);
429                 goto out;
430
431         case TCP_SYN_SENT:
432         case TCP_SYN_RECV:  /* Cannot happen.
433                                It can, it SYNs are crossed. --ANK */
434                 if (!sock_owned_by_user(sk)) {
435                         sk->sk_err = err;
436                         sk->sk_error_report(sk);                /* Wake people up to see the error (see connect in sock.c) */
437
438                         tcp_done(sk);
439                 } else
440                         sk->sk_err_soft = err;
441                 goto out;
442         }
443
444         if (!sock_owned_by_user(sk) && np->recverr) {
445                 sk->sk_err = err;
446                 sk->sk_error_report(sk);
447         } else
448                 sk->sk_err_soft = err;
449
450 out:
451         bh_unlock_sock(sk);
452         sock_put(sk);
453 }
454
455
456 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req)
457 {
458         struct inet6_request_sock *treq = inet6_rsk(req);
459         struct ipv6_pinfo *np = inet6_sk(sk);
460         struct sk_buff * skb;
461         struct ipv6_txoptions *opt = NULL;
462         struct in6_addr * final_p = NULL, final;
463         struct flowi fl;
464         struct dst_entry *dst;
465         int err = -1;
466
467         memset(&fl, 0, sizeof(fl));
468         fl.proto = IPPROTO_TCP;
469         ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
470         ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
471         fl.fl6_flowlabel = 0;
472         fl.oif = treq->iif;
473         fl.fl_ip_dport = inet_rsk(req)->rmt_port;
474         fl.fl_ip_sport = inet_sk(sk)->sport;
475         security_req_classify_flow(req, &fl);
476
477         opt = np->opt;
478         if (opt && opt->srcrt) {
479                 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
480                 ipv6_addr_copy(&final, &fl.fl6_dst);
481                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
482                 final_p = &final;
483         }
484
485         err = ip6_dst_lookup(sk, &dst, &fl);
486         if (err)
487                 goto done;
488         if (final_p)
489                 ipv6_addr_copy(&fl.fl6_dst, final_p);
490         if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
491                 goto done;
492
493         skb = tcp_make_synack(sk, dst, req);
494         if (skb) {
495                 struct tcphdr *th = tcp_hdr(skb);
496
497                 th->check = tcp_v6_check(th, skb->len,
498                                          &treq->loc_addr, &treq->rmt_addr,
499                                          csum_partial((char *)th, skb->len, skb->csum));
500
501                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
502                 err = ip6_xmit(sk, skb, &fl, opt, 0);
503                 err = net_xmit_eval(err);
504         }
505
506 done:
507         if (opt && opt != np->opt)
508                 sock_kfree_s(sk, opt, opt->tot_len);
509         dst_release(dst);
510         return err;
511 }
512
513 static inline void syn_flood_warning(struct sk_buff *skb)
514 {
515 #ifdef CONFIG_SYN_COOKIES
516         if (sysctl_tcp_syncookies)
517                 printk(KERN_INFO
518                        "TCPv6: Possible SYN flooding on port %d. "
519                        "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest));
520         else
521 #endif
522                 printk(KERN_INFO
523                        "TCPv6: Possible SYN flooding on port %d. "
524                        "Dropping request.\n", ntohs(tcp_hdr(skb)->dest));
525 }
526
527 static void tcp_v6_reqsk_destructor(struct request_sock *req)
528 {
529         if (inet6_rsk(req)->pktopts)
530                 kfree_skb(inet6_rsk(req)->pktopts);
531 }
532
533 #ifdef CONFIG_TCP_MD5SIG
534 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
535                                                    struct in6_addr *addr)
536 {
537         struct tcp_sock *tp = tcp_sk(sk);
538         int i;
539
540         BUG_ON(tp == NULL);
541
542         if (!tp->md5sig_info || !tp->md5sig_info->entries6)
543                 return NULL;
544
545         for (i = 0; i < tp->md5sig_info->entries6; i++) {
546                 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr))
547                         return &tp->md5sig_info->keys6[i].base;
548         }
549         return NULL;
550 }
551
552 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
553                                                 struct sock *addr_sk)
554 {
555         return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
556 }
557
558 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
559                                                       struct request_sock *req)
560 {
561         return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
562 }
563
564 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
565                              char *newkey, u8 newkeylen)
566 {
567         /* Add key to the list */
568         struct tcp_md5sig_key *key;
569         struct tcp_sock *tp = tcp_sk(sk);
570         struct tcp6_md5sig_key *keys;
571
572         key = tcp_v6_md5_do_lookup(sk, peer);
573         if (key) {
574                 /* modify existing entry - just update that one */
575                 kfree(key->key);
576                 key->key = newkey;
577                 key->keylen = newkeylen;
578         } else {
579                 /* reallocate new list if current one is full. */
580                 if (!tp->md5sig_info) {
581                         tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC);
582                         if (!tp->md5sig_info) {
583                                 kfree(newkey);
584                                 return -ENOMEM;
585                         }
586                         sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
587                 }
588                 if (tcp_alloc_md5sig_pool() == NULL) {
589                         kfree(newkey);
590                         return -ENOMEM;
591                 }
592                 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) {
593                         keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) *
594                                        (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
595
596                         if (!keys) {
597                                 tcp_free_md5sig_pool();
598                                 kfree(newkey);
599                                 return -ENOMEM;
600                         }
601
602                         if (tp->md5sig_info->entries6)
603                                 memmove(keys, tp->md5sig_info->keys6,
604                                         (sizeof (tp->md5sig_info->keys6[0]) *
605                                          tp->md5sig_info->entries6));
606
607                         kfree(tp->md5sig_info->keys6);
608                         tp->md5sig_info->keys6 = keys;
609                         tp->md5sig_info->alloced6++;
610                 }
611
612                 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
613                                peer);
614                 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey;
615                 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen;
616
617                 tp->md5sig_info->entries6++;
618         }
619         return 0;
620 }
621
622 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk,
623                                u8 *newkey, __u8 newkeylen)
624 {
625         return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr,
626                                  newkey, newkeylen);
627 }
628
629 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
630 {
631         struct tcp_sock *tp = tcp_sk(sk);
632         int i;
633
634         for (i = 0; i < tp->md5sig_info->entries6; i++) {
635                 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) {
636                         /* Free the key */
637                         kfree(tp->md5sig_info->keys6[i].base.key);
638                         tp->md5sig_info->entries6--;
639
640                         if (tp->md5sig_info->entries6 == 0) {
641                                 kfree(tp->md5sig_info->keys6);
642                                 tp->md5sig_info->keys6 = NULL;
643                                 tp->md5sig_info->alloced6 = 0;
644                         } else {
645                                 /* shrink the database */
646                                 if (tp->md5sig_info->entries6 != i)
647                                         memmove(&tp->md5sig_info->keys6[i],
648                                                 &tp->md5sig_info->keys6[i+1],
649                                                 (tp->md5sig_info->entries6 - i)
650                                                 * sizeof (tp->md5sig_info->keys6[0]));
651                         }
652                         tcp_free_md5sig_pool();
653                         return 0;
654                 }
655         }
656         return -ENOENT;
657 }
658
659 static void tcp_v6_clear_md5_list (struct sock *sk)
660 {
661         struct tcp_sock *tp = tcp_sk(sk);
662         int i;
663
664         if (tp->md5sig_info->entries6) {
665                 for (i = 0; i < tp->md5sig_info->entries6; i++)
666                         kfree(tp->md5sig_info->keys6[i].base.key);
667                 tp->md5sig_info->entries6 = 0;
668                 tcp_free_md5sig_pool();
669         }
670
671         kfree(tp->md5sig_info->keys6);
672         tp->md5sig_info->keys6 = NULL;
673         tp->md5sig_info->alloced6 = 0;
674
675         if (tp->md5sig_info->entries4) {
676                 for (i = 0; i < tp->md5sig_info->entries4; i++)
677                         kfree(tp->md5sig_info->keys4[i].base.key);
678                 tp->md5sig_info->entries4 = 0;
679                 tcp_free_md5sig_pool();
680         }
681
682         kfree(tp->md5sig_info->keys4);
683         tp->md5sig_info->keys4 = NULL;
684         tp->md5sig_info->alloced4 = 0;
685 }
686
687 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
688                                   int optlen)
689 {
690         struct tcp_md5sig cmd;
691         struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
692         u8 *newkey;
693
694         if (optlen < sizeof(cmd))
695                 return -EINVAL;
696
697         if (copy_from_user(&cmd, optval, sizeof(cmd)))
698                 return -EFAULT;
699
700         if (sin6->sin6_family != AF_INET6)
701                 return -EINVAL;
702
703         if (!cmd.tcpm_keylen) {
704                 if (!tcp_sk(sk)->md5sig_info)
705                         return -ENOENT;
706                 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
707                         return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
708                 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr);
709         }
710
711         if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
712                 return -EINVAL;
713
714         if (!tcp_sk(sk)->md5sig_info) {
715                 struct tcp_sock *tp = tcp_sk(sk);
716                 struct tcp_md5sig_info *p;
717
718                 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL);
719                 if (!p)
720                         return -ENOMEM;
721
722                 tp->md5sig_info = p;
723                 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
724         }
725
726         newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
727         if (!newkey)
728                 return -ENOMEM;
729         if (ipv6_addr_v4mapped(&sin6->sin6_addr)) {
730                 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3],
731                                          newkey, cmd.tcpm_keylen);
732         }
733         return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
734 }
735
736 static int tcp_v6_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
737                                    struct in6_addr *saddr,
738                                    struct in6_addr *daddr,
739                                    struct tcphdr *th, int protocol,
740                                    unsigned int tcplen)
741 {
742         struct scatterlist sg[4];
743         __u16 data_len;
744         int block = 0;
745         __sum16 cksum;
746         struct tcp_md5sig_pool *hp;
747         struct tcp6_pseudohdr *bp;
748         struct hash_desc *desc;
749         int err;
750         unsigned int nbytes = 0;
751
752         hp = tcp_get_md5sig_pool();
753         if (!hp) {
754                 printk(KERN_WARNING "%s(): hash pool not found...\n", __func__);
755                 goto clear_hash_noput;
756         }
757         bp = &hp->md5_blk.ip6;
758         desc = &hp->md5_desc;
759
760         /* 1. TCP pseudo-header (RFC2460) */
761         ipv6_addr_copy(&bp->saddr, saddr);
762         ipv6_addr_copy(&bp->daddr, daddr);
763         bp->len = htonl(tcplen);
764         bp->protocol = htonl(protocol);
765
766         sg_init_table(sg, 4);
767
768         sg_set_buf(&sg[block++], bp, sizeof(*bp));
769         nbytes += sizeof(*bp);
770
771         /* 2. TCP header, excluding options */
772         cksum = th->check;
773         th->check = 0;
774         sg_set_buf(&sg[block++], th, sizeof(*th));
775         nbytes += sizeof(*th);
776
777         /* 3. TCP segment data (if any) */
778         data_len = tcplen - (th->doff << 2);
779         if (data_len > 0) {
780                 u8 *data = (u8 *)th + (th->doff << 2);
781                 sg_set_buf(&sg[block++], data, data_len);
782                 nbytes += data_len;
783         }
784
785         /* 4. shared key */
786         sg_set_buf(&sg[block++], key->key, key->keylen);
787         nbytes += key->keylen;
788
789         sg_mark_end(&sg[block - 1]);
790
791         /* Now store the hash into the packet */
792         err = crypto_hash_init(desc);
793         if (err) {
794                 printk(KERN_WARNING "%s(): hash_init failed\n", __func__);
795                 goto clear_hash;
796         }
797         err = crypto_hash_update(desc, sg, nbytes);
798         if (err) {
799                 printk(KERN_WARNING "%s(): hash_update failed\n", __func__);
800                 goto clear_hash;
801         }
802         err = crypto_hash_final(desc, md5_hash);
803         if (err) {
804                 printk(KERN_WARNING "%s(): hash_final failed\n", __func__);
805                 goto clear_hash;
806         }
807
808         /* Reset header, and free up the crypto */
809         tcp_put_md5sig_pool();
810         th->check = cksum;
811 out:
812         return 0;
813 clear_hash:
814         tcp_put_md5sig_pool();
815 clear_hash_noput:
816         memset(md5_hash, 0, 16);
817         goto out;
818 }
819
820 static int tcp_v6_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
821                                 struct sock *sk,
822                                 struct dst_entry *dst,
823                                 struct request_sock *req,
824                                 struct tcphdr *th, int protocol,
825                                 unsigned int tcplen)
826 {
827         struct in6_addr *saddr, *daddr;
828
829         if (sk) {
830                 saddr = &inet6_sk(sk)->saddr;
831                 daddr = &inet6_sk(sk)->daddr;
832         } else {
833                 saddr = &inet6_rsk(req)->loc_addr;
834                 daddr = &inet6_rsk(req)->rmt_addr;
835         }
836         return tcp_v6_do_calc_md5_hash(md5_hash, key,
837                                        saddr, daddr,
838                                        th, protocol, tcplen);
839 }
840
841 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
842 {
843         __u8 *hash_location = NULL;
844         struct tcp_md5sig_key *hash_expected;
845         struct ipv6hdr *ip6h = ipv6_hdr(skb);
846         struct tcphdr *th = tcp_hdr(skb);
847         int length = (th->doff << 2) - sizeof (*th);
848         int genhash;
849         u8 *ptr;
850         u8 newhash[16];
851
852         hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
853
854         /* If the TCP option is too short, we can short cut */
855         if (length < TCPOLEN_MD5SIG)
856                 return hash_expected ? 1 : 0;
857
858         /* parse options */
859         ptr = (u8*)(th + 1);
860         while (length > 0) {
861                 int opcode = *ptr++;
862                 int opsize;
863
864                 switch(opcode) {
865                 case TCPOPT_EOL:
866                         goto done_opts;
867                 case TCPOPT_NOP:
868                         length--;
869                         continue;
870                 default:
871                         opsize = *ptr++;
872                         if (opsize < 2 || opsize > length)
873                                 goto done_opts;
874                         if (opcode == TCPOPT_MD5SIG) {
875                                 hash_location = ptr;
876                                 goto done_opts;
877                         }
878                 }
879                 ptr += opsize - 2;
880                 length -= opsize;
881         }
882
883 done_opts:
884         /* do we have a hash as expected? */
885         if (!hash_expected) {
886                 if (!hash_location)
887                         return 0;
888                 if (net_ratelimit()) {
889                         printk(KERN_INFO "MD5 Hash NOT expected but found "
890                                "(" NIP6_FMT ", %u)->"
891                                "(" NIP6_FMT ", %u)\n",
892                                NIP6(ip6h->saddr), ntohs(th->source),
893                                NIP6(ip6h->daddr), ntohs(th->dest));
894                 }
895                 return 1;
896         }
897
898         if (!hash_location) {
899                 if (net_ratelimit()) {
900                         printk(KERN_INFO "MD5 Hash expected but NOT found "
901                                "(" NIP6_FMT ", %u)->"
902                                "(" NIP6_FMT ", %u)\n",
903                                NIP6(ip6h->saddr), ntohs(th->source),
904                                NIP6(ip6h->daddr), ntohs(th->dest));
905                 }
906                 return 1;
907         }
908
909         /* check the signature */
910         genhash = tcp_v6_do_calc_md5_hash(newhash,
911                                           hash_expected,
912                                           &ip6h->saddr, &ip6h->daddr,
913                                           th, sk->sk_protocol,
914                                           skb->len);
915         if (genhash || memcmp(hash_location, newhash, 16) != 0) {
916                 if (net_ratelimit()) {
917                         printk(KERN_INFO "MD5 Hash %s for "
918                                "(" NIP6_FMT ", %u)->"
919                                "(" NIP6_FMT ", %u)\n",
920                                genhash ? "failed" : "mismatch",
921                                NIP6(ip6h->saddr), ntohs(th->source),
922                                NIP6(ip6h->daddr), ntohs(th->dest));
923                 }
924                 return 1;
925         }
926         return 0;
927 }
928 #endif
929
930 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
931         .family         =       AF_INET6,
932         .obj_size       =       sizeof(struct tcp6_request_sock),
933         .rtx_syn_ack    =       tcp_v6_send_synack,
934         .send_ack       =       tcp_v6_reqsk_send_ack,
935         .destructor     =       tcp_v6_reqsk_destructor,
936         .send_reset     =       tcp_v6_send_reset
937 };
938
939 #ifdef CONFIG_TCP_MD5SIG
940 static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
941         .md5_lookup     =       tcp_v6_reqsk_md5_lookup,
942 };
943 #endif
944
945 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
946         .twsk_obj_size  = sizeof(struct tcp6_timewait_sock),
947         .twsk_unique    = tcp_twsk_unique,
948         .twsk_destructor= tcp_twsk_destructor,
949 };
950
951 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb)
952 {
953         struct ipv6_pinfo *np = inet6_sk(sk);
954         struct tcphdr *th = tcp_hdr(skb);
955
956         if (skb->ip_summed == CHECKSUM_PARTIAL) {
957                 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,  0);
958                 skb->csum_start = skb_transport_header(skb) - skb->head;
959                 skb->csum_offset = offsetof(struct tcphdr, check);
960         } else {
961                 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,
962                                             csum_partial((char *)th, th->doff<<2,
963                                                          skb->csum));
964         }
965 }
966
967 static int tcp_v6_gso_send_check(struct sk_buff *skb)
968 {
969         struct ipv6hdr *ipv6h;
970         struct tcphdr *th;
971
972         if (!pskb_may_pull(skb, sizeof(*th)))
973                 return -EINVAL;
974
975         ipv6h = ipv6_hdr(skb);
976         th = tcp_hdr(skb);
977
978         th->check = 0;
979         th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len,
980                                      IPPROTO_TCP, 0);
981         skb->csum_start = skb_transport_header(skb) - skb->head;
982         skb->csum_offset = offsetof(struct tcphdr, check);
983         skb->ip_summed = CHECKSUM_PARTIAL;
984         return 0;
985 }
986
987 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
988 {
989         struct tcphdr *th = tcp_hdr(skb), *t1;
990         struct sk_buff *buff;
991         struct flowi fl;
992         struct net *net = dev_net(skb->dst->dev);
993         struct sock *ctl_sk = net->ipv6.tcp_sk;
994         unsigned int tot_len = sizeof(*th);
995 #ifdef CONFIG_TCP_MD5SIG
996         struct tcp_md5sig_key *key;
997 #endif
998
999         if (th->rst)
1000                 return;
1001
1002         if (!ipv6_unicast_destination(skb))
1003                 return;
1004
1005 #ifdef CONFIG_TCP_MD5SIG
1006         if (sk)
1007                 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr);
1008         else
1009                 key = NULL;
1010
1011         if (key)
1012                 tot_len += TCPOLEN_MD5SIG_ALIGNED;
1013 #endif
1014
1015         /*
1016          * We need to grab some memory, and put together an RST,
1017          * and then put it into the queue to be sent.
1018          */
1019
1020         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1021                          GFP_ATOMIC);
1022         if (buff == NULL)
1023                 return;
1024
1025         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1026
1027         t1 = (struct tcphdr *) skb_push(buff, tot_len);
1028
1029         /* Swap the send and the receive. */
1030         memset(t1, 0, sizeof(*t1));
1031         t1->dest = th->source;
1032         t1->source = th->dest;
1033         t1->doff = tot_len / 4;
1034         t1->rst = 1;
1035
1036         if(th->ack) {
1037                 t1->seq = th->ack_seq;
1038         } else {
1039                 t1->ack = 1;
1040                 t1->ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin
1041                                     + skb->len - (th->doff<<2));
1042         }
1043
1044 #ifdef CONFIG_TCP_MD5SIG
1045         if (key) {
1046                 __be32 *opt = (__be32*)(t1 + 1);
1047                 opt[0] = htonl((TCPOPT_NOP << 24) |
1048                                (TCPOPT_NOP << 16) |
1049                                (TCPOPT_MD5SIG << 8) |
1050                                TCPOLEN_MD5SIG);
1051                 tcp_v6_do_calc_md5_hash((__u8 *)&opt[1], key,
1052                                         &ipv6_hdr(skb)->daddr,
1053                                         &ipv6_hdr(skb)->saddr,
1054                                         t1, IPPROTO_TCP, tot_len);
1055         }
1056 #endif
1057
1058         buff->csum = csum_partial((char *)t1, sizeof(*t1), 0);
1059
1060         memset(&fl, 0, sizeof(fl));
1061         ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1062         ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr);
1063
1064         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1065                                     sizeof(*t1), IPPROTO_TCP,
1066                                     buff->csum);
1067
1068         fl.proto = IPPROTO_TCP;
1069         fl.oif = inet6_iif(skb);
1070         fl.fl_ip_dport = t1->dest;
1071         fl.fl_ip_sport = t1->source;
1072         security_skb_classify_flow(skb, &fl);
1073
1074         /* Pass a socket to ip6_dst_lookup either it is for RST
1075          * Underlying function will use this to retrieve the network
1076          * namespace
1077          */
1078         if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) {
1079
1080                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1081                         ip6_xmit(ctl_sk, buff, &fl, NULL, 0);
1082                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1083                         TCP_INC_STATS_BH(TCP_MIB_OUTRSTS);
1084                         return;
1085                 }
1086         }
1087
1088         kfree_skb(buff);
1089 }
1090
1091 static void tcp_v6_send_ack(struct tcp_timewait_sock *tw,
1092                             struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts)
1093 {
1094         struct tcphdr *th = tcp_hdr(skb), *t1;
1095         struct sk_buff *buff;
1096         struct flowi fl;
1097         struct net *net = dev_net(skb->dev);
1098         struct sock *ctl_sk = net->ipv6.tcp_sk;
1099         unsigned int tot_len = sizeof(struct tcphdr);
1100         __be32 *topt;
1101 #ifdef CONFIG_TCP_MD5SIG
1102         struct tcp_md5sig_key *key;
1103         struct tcp_md5sig_key tw_key;
1104 #endif
1105
1106 #ifdef CONFIG_TCP_MD5SIG
1107         if (!tw && skb->sk) {
1108                 key = tcp_v6_md5_do_lookup(skb->sk, &ipv6_hdr(skb)->daddr);
1109         } else if (tw && tw->tw_md5_keylen) {
1110                 tw_key.key = tw->tw_md5_key;
1111                 tw_key.keylen = tw->tw_md5_keylen;
1112                 key = &tw_key;
1113         } else {
1114                 key = NULL;
1115         }
1116 #endif
1117
1118         if (ts)
1119                 tot_len += TCPOLEN_TSTAMP_ALIGNED;
1120 #ifdef CONFIG_TCP_MD5SIG
1121         if (key)
1122                 tot_len += TCPOLEN_MD5SIG_ALIGNED;
1123 #endif
1124
1125         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1126                          GFP_ATOMIC);
1127         if (buff == NULL)
1128                 return;
1129
1130         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1131
1132         t1 = (struct tcphdr *) skb_push(buff,tot_len);
1133
1134         /* Swap the send and the receive. */
1135         memset(t1, 0, sizeof(*t1));
1136         t1->dest = th->source;
1137         t1->source = th->dest;
1138         t1->doff = tot_len/4;
1139         t1->seq = htonl(seq);
1140         t1->ack_seq = htonl(ack);
1141         t1->ack = 1;
1142         t1->window = htons(win);
1143
1144         topt = (__be32 *)(t1 + 1);
1145
1146         if (ts) {
1147                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1148                                 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
1149                 *topt++ = htonl(tcp_time_stamp);
1150                 *topt = htonl(ts);
1151         }
1152
1153 #ifdef CONFIG_TCP_MD5SIG
1154         if (key) {
1155                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1156                                 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1157                 tcp_v6_do_calc_md5_hash((__u8 *)topt, key,
1158                                         &ipv6_hdr(skb)->daddr,
1159                                         &ipv6_hdr(skb)->saddr,
1160                                         t1, IPPROTO_TCP, tot_len);
1161         }
1162 #endif
1163
1164         buff->csum = csum_partial((char *)t1, tot_len, 0);
1165
1166         memset(&fl, 0, sizeof(fl));
1167         ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1168         ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr);
1169
1170         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1171                                     tot_len, IPPROTO_TCP,
1172                                     buff->csum);
1173
1174         fl.proto = IPPROTO_TCP;
1175         fl.oif = inet6_iif(skb);
1176         fl.fl_ip_dport = t1->dest;
1177         fl.fl_ip_sport = t1->source;
1178         security_skb_classify_flow(skb, &fl);
1179
1180         if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) {
1181                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1182                         ip6_xmit(ctl_sk, buff, &fl, NULL, 0);
1183                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1184                         return;
1185                 }
1186         }
1187
1188         kfree_skb(buff);
1189 }
1190
1191 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1192 {
1193         struct inet_timewait_sock *tw = inet_twsk(sk);
1194         struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1195
1196         tcp_v6_send_ack(tcptw, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1197                         tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1198                         tcptw->tw_ts_recent);
1199
1200         inet_twsk_put(tw);
1201 }
1202
1203 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req)
1204 {
1205         tcp_v6_send_ack(NULL, skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent);
1206 }
1207
1208
1209 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1210 {
1211         struct request_sock *req, **prev;
1212         const struct tcphdr *th = tcp_hdr(skb);
1213         struct sock *nsk;
1214
1215         /* Find possible connection requests. */
1216         req = inet6_csk_search_req(sk, &prev, th->source,
1217                                    &ipv6_hdr(skb)->saddr,
1218                                    &ipv6_hdr(skb)->daddr, inet6_iif(skb));
1219         if (req)
1220                 return tcp_check_req(sk, skb, req, prev);
1221
1222         nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
1223                         &ipv6_hdr(skb)->saddr, th->source,
1224                         &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb));
1225
1226         if (nsk) {
1227                 if (nsk->sk_state != TCP_TIME_WAIT) {
1228                         bh_lock_sock(nsk);
1229                         return nsk;
1230                 }
1231                 inet_twsk_put(inet_twsk(nsk));
1232                 return NULL;
1233         }
1234
1235 #ifdef CONFIG_SYN_COOKIES
1236         if (!th->rst && !th->syn && th->ack)
1237                 sk = cookie_v6_check(sk, skb);
1238 #endif
1239         return sk;
1240 }
1241
1242 /* FIXME: this is substantially similar to the ipv4 code.
1243  * Can some kind of merge be done? -- erics
1244  */
1245 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1246 {
1247         struct inet6_request_sock *treq;
1248         struct ipv6_pinfo *np = inet6_sk(sk);
1249         struct tcp_options_received tmp_opt;
1250         struct tcp_sock *tp = tcp_sk(sk);
1251         struct request_sock *req = NULL;
1252         __u32 isn = TCP_SKB_CB(skb)->when;
1253 #ifdef CONFIG_SYN_COOKIES
1254         int want_cookie = 0;
1255 #else
1256 #define want_cookie 0
1257 #endif
1258
1259         if (skb->protocol == htons(ETH_P_IP))
1260                 return tcp_v4_conn_request(sk, skb);
1261
1262         if (!ipv6_unicast_destination(skb))
1263                 goto drop;
1264
1265         if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1266                 if (net_ratelimit())
1267                         syn_flood_warning(skb);
1268 #ifdef CONFIG_SYN_COOKIES
1269                 if (sysctl_tcp_syncookies)
1270                         want_cookie = 1;
1271                 else
1272 #endif
1273                 goto drop;
1274         }
1275
1276         if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1277                 goto drop;
1278
1279         req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
1280         if (req == NULL)
1281                 goto drop;
1282
1283 #ifdef CONFIG_TCP_MD5SIG
1284         tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
1285 #endif
1286
1287         tcp_clear_options(&tmp_opt);
1288         tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1289         tmp_opt.user_mss = tp->rx_opt.user_mss;
1290
1291         tcp_parse_options(skb, &tmp_opt, 0);
1292
1293         if (want_cookie && !tmp_opt.saw_tstamp)
1294                 tcp_clear_options(&tmp_opt);
1295
1296         tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1297         tcp_openreq_init(req, &tmp_opt, skb);
1298
1299         treq = inet6_rsk(req);
1300         ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr);
1301         ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr);
1302         treq->pktopts = NULL;
1303         if (!want_cookie)
1304                 TCP_ECN_create_request(req, tcp_hdr(skb));
1305
1306         if (want_cookie) {
1307                 isn = cookie_v6_init_sequence(sk, skb, &req->mss);
1308                 req->cookie_ts = tmp_opt.tstamp_ok;
1309         } else if (!isn) {
1310                 if (ipv6_opt_accepted(sk, skb) ||
1311                     np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1312                     np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1313                         atomic_inc(&skb->users);
1314                         treq->pktopts = skb;
1315                 }
1316                 treq->iif = sk->sk_bound_dev_if;
1317
1318                 /* So that link locals have meaning */
1319                 if (!sk->sk_bound_dev_if &&
1320                     ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1321                         treq->iif = inet6_iif(skb);
1322
1323                 isn = tcp_v6_init_sequence(skb);
1324         }
1325
1326         tcp_rsk(req)->snt_isn = isn;
1327
1328         security_inet_conn_request(sk, skb, req);
1329
1330         if (tcp_v6_send_synack(sk, req))
1331                 goto drop;
1332
1333         if (!want_cookie) {
1334                 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1335                 return 0;
1336         }
1337
1338 drop:
1339         if (req)
1340                 reqsk_free(req);
1341
1342         return 0; /* don't send reset */
1343 }
1344
1345 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1346                                           struct request_sock *req,
1347                                           struct dst_entry *dst)
1348 {
1349         struct inet6_request_sock *treq = inet6_rsk(req);
1350         struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1351         struct tcp6_sock *newtcp6sk;
1352         struct inet_sock *newinet;
1353         struct tcp_sock *newtp;
1354         struct sock *newsk;
1355         struct ipv6_txoptions *opt;
1356 #ifdef CONFIG_TCP_MD5SIG
1357         struct tcp_md5sig_key *key;
1358 #endif
1359
1360         if (skb->protocol == htons(ETH_P_IP)) {
1361                 /*
1362                  *      v6 mapped
1363                  */
1364
1365                 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1366
1367                 if (newsk == NULL)
1368                         return NULL;
1369
1370                 newtcp6sk = (struct tcp6_sock *)newsk;
1371                 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1372
1373                 newinet = inet_sk(newsk);
1374                 newnp = inet6_sk(newsk);
1375                 newtp = tcp_sk(newsk);
1376
1377                 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1378
1379                 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF),
1380                               newinet->daddr);
1381
1382                 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF),
1383                               newinet->saddr);
1384
1385                 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1386
1387                 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1388                 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1389 #ifdef CONFIG_TCP_MD5SIG
1390                 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1391 #endif
1392
1393                 newnp->pktoptions  = NULL;
1394                 newnp->opt         = NULL;
1395                 newnp->mcast_oif   = inet6_iif(skb);
1396                 newnp->mcast_hops  = ipv6_hdr(skb)->hop_limit;
1397
1398                 /*
1399                  * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1400                  * here, tcp_create_openreq_child now does this for us, see the comment in
1401                  * that function for the gory details. -acme
1402                  */
1403
1404                 /* It is tricky place. Until this moment IPv4 tcp
1405                    worked with IPv6 icsk.icsk_af_ops.
1406                    Sync it now.
1407                  */
1408                 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1409
1410                 return newsk;
1411         }
1412
1413         opt = np->opt;
1414
1415         if (sk_acceptq_is_full(sk))
1416                 goto out_overflow;
1417
1418         if (dst == NULL) {
1419                 struct in6_addr *final_p = NULL, final;
1420                 struct flowi fl;
1421
1422                 memset(&fl, 0, sizeof(fl));
1423                 fl.proto = IPPROTO_TCP;
1424                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
1425                 if (opt && opt->srcrt) {
1426                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
1427                         ipv6_addr_copy(&final, &fl.fl6_dst);
1428                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1429                         final_p = &final;
1430                 }
1431                 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
1432                 fl.oif = sk->sk_bound_dev_if;
1433                 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
1434                 fl.fl_ip_sport = inet_sk(sk)->sport;
1435                 security_req_classify_flow(req, &fl);
1436
1437                 if (ip6_dst_lookup(sk, &dst, &fl))
1438                         goto out;
1439
1440                 if (final_p)
1441                         ipv6_addr_copy(&fl.fl6_dst, final_p);
1442
1443                 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
1444                         goto out;
1445         }
1446
1447         newsk = tcp_create_openreq_child(sk, req, skb);
1448         if (newsk == NULL)
1449                 goto out;
1450
1451         /*
1452          * No need to charge this sock to the relevant IPv6 refcnt debug socks
1453          * count here, tcp_create_openreq_child now does this for us, see the
1454          * comment in that function for the gory details. -acme
1455          */
1456
1457         newsk->sk_gso_type = SKB_GSO_TCPV6;
1458         __ip6_dst_store(newsk, dst, NULL, NULL);
1459
1460         newtcp6sk = (struct tcp6_sock *)newsk;
1461         inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1462
1463         newtp = tcp_sk(newsk);
1464         newinet = inet_sk(newsk);
1465         newnp = inet6_sk(newsk);
1466
1467         memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1468
1469         ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1470         ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1471         ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1472         newsk->sk_bound_dev_if = treq->iif;
1473
1474         /* Now IPv6 options...
1475
1476            First: no IPv4 options.
1477          */
1478         newinet->opt = NULL;
1479         newnp->ipv6_fl_list = NULL;
1480
1481         /* Clone RX bits */
1482         newnp->rxopt.all = np->rxopt.all;
1483
1484         /* Clone pktoptions received with SYN */
1485         newnp->pktoptions = NULL;
1486         if (treq->pktopts != NULL) {
1487                 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1488                 kfree_skb(treq->pktopts);
1489                 treq->pktopts = NULL;
1490                 if (newnp->pktoptions)
1491                         skb_set_owner_r(newnp->pktoptions, newsk);
1492         }
1493         newnp->opt        = NULL;
1494         newnp->mcast_oif  = inet6_iif(skb);
1495         newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1496
1497         /* Clone native IPv6 options from listening socket (if any)
1498
1499            Yes, keeping reference count would be much more clever,
1500            but we make one more one thing there: reattach optmem
1501            to newsk.
1502          */
1503         if (opt) {
1504                 newnp->opt = ipv6_dup_options(newsk, opt);
1505                 if (opt != np->opt)
1506                         sock_kfree_s(sk, opt, opt->tot_len);
1507         }
1508
1509         inet_csk(newsk)->icsk_ext_hdr_len = 0;
1510         if (newnp->opt)
1511                 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1512                                                      newnp->opt->opt_flen);
1513
1514         tcp_mtup_init(newsk);
1515         tcp_sync_mss(newsk, dst_mtu(dst));
1516         newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1517         tcp_initialize_rcv_mss(newsk);
1518
1519         newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
1520
1521 #ifdef CONFIG_TCP_MD5SIG
1522         /* Copy over the MD5 key from the original socket */
1523         if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
1524                 /* We're using one, so create a matching key
1525                  * on the newsk structure. If we fail to get
1526                  * memory, then we end up not copying the key
1527                  * across. Shucks.
1528                  */
1529                 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1530                 if (newkey != NULL)
1531                         tcp_v6_md5_do_add(newsk, &inet6_sk(sk)->daddr,
1532                                           newkey, key->keylen);
1533         }
1534 #endif
1535
1536         __inet6_hash(newsk);
1537         __inet_inherit_port(sk, newsk);
1538
1539         return newsk;
1540
1541 out_overflow:
1542         NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
1543 out:
1544         NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
1545         if (opt && opt != np->opt)
1546                 sock_kfree_s(sk, opt, opt->tot_len);
1547         dst_release(dst);
1548         return NULL;
1549 }
1550
1551 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1552 {
1553         if (skb->ip_summed == CHECKSUM_COMPLETE) {
1554                 if (!tcp_v6_check(tcp_hdr(skb), skb->len, &ipv6_hdr(skb)->saddr,
1555                                   &ipv6_hdr(skb)->daddr, skb->csum)) {
1556                         skb->ip_summed = CHECKSUM_UNNECESSARY;
1557                         return 0;
1558                 }
1559         }
1560
1561         skb->csum = ~csum_unfold(tcp_v6_check(tcp_hdr(skb), skb->len,
1562                                               &ipv6_hdr(skb)->saddr,
1563                                               &ipv6_hdr(skb)->daddr, 0));
1564
1565         if (skb->len <= 76) {
1566                 return __skb_checksum_complete(skb);
1567         }
1568         return 0;
1569 }
1570
1571 /* The socket must have it's spinlock held when we get
1572  * here.
1573  *
1574  * We have a potential double-lock case here, so even when
1575  * doing backlog processing we use the BH locking scheme.
1576  * This is because we cannot sleep with the original spinlock
1577  * held.
1578  */
1579 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1580 {
1581         struct ipv6_pinfo *np = inet6_sk(sk);
1582         struct tcp_sock *tp;
1583         struct sk_buff *opt_skb = NULL;
1584
1585         /* Imagine: socket is IPv6. IPv4 packet arrives,
1586            goes to IPv4 receive handler and backlogged.
1587            From backlog it always goes here. Kerboom...
1588            Fortunately, tcp_rcv_established and rcv_established
1589            handle them correctly, but it is not case with
1590            tcp_v6_hnd_req and tcp_v6_send_reset().   --ANK
1591          */
1592
1593         if (skb->protocol == htons(ETH_P_IP))
1594                 return tcp_v4_do_rcv(sk, skb);
1595
1596 #ifdef CONFIG_TCP_MD5SIG
1597         if (tcp_v6_inbound_md5_hash (sk, skb))
1598                 goto discard;
1599 #endif
1600
1601         if (sk_filter(sk, skb))
1602                 goto discard;
1603
1604         /*
1605          *      socket locking is here for SMP purposes as backlog rcv
1606          *      is currently called with bh processing disabled.
1607          */
1608
1609         /* Do Stevens' IPV6_PKTOPTIONS.
1610
1611            Yes, guys, it is the only place in our code, where we
1612            may make it not affecting IPv4.
1613            The rest of code is protocol independent,
1614            and I do not like idea to uglify IPv4.
1615
1616            Actually, all the idea behind IPV6_PKTOPTIONS
1617            looks not very well thought. For now we latch
1618            options, received in the last packet, enqueued
1619            by tcp. Feel free to propose better solution.
1620                                                --ANK (980728)
1621          */
1622         if (np->rxopt.all)
1623                 opt_skb = skb_clone(skb, GFP_ATOMIC);
1624
1625         if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1626                 TCP_CHECK_TIMER(sk);
1627                 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len))
1628                         goto reset;
1629                 TCP_CHECK_TIMER(sk);
1630                 if (opt_skb)
1631                         goto ipv6_pktoptions;
1632                 return 0;
1633         }
1634
1635         if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1636                 goto csum_err;
1637
1638         if (sk->sk_state == TCP_LISTEN) {
1639                 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1640                 if (!nsk)
1641                         goto discard;
1642
1643                 /*
1644                  * Queue it on the new socket if the new socket is active,
1645                  * otherwise we just shortcircuit this and continue with
1646                  * the new socket..
1647                  */
1648                 if(nsk != sk) {
1649                         if (tcp_child_process(sk, nsk, skb))
1650                                 goto reset;
1651                         if (opt_skb)
1652                                 __kfree_skb(opt_skb);
1653                         return 0;
1654                 }
1655         }
1656
1657         TCP_CHECK_TIMER(sk);
1658         if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1659                 goto reset;
1660         TCP_CHECK_TIMER(sk);
1661         if (opt_skb)
1662                 goto ipv6_pktoptions;
1663         return 0;
1664
1665 reset:
1666         tcp_v6_send_reset(sk, skb);
1667 discard:
1668         if (opt_skb)
1669                 __kfree_skb(opt_skb);
1670         kfree_skb(skb);
1671         return 0;
1672 csum_err:
1673         TCP_INC_STATS_BH(TCP_MIB_INERRS);
1674         goto discard;
1675
1676
1677 ipv6_pktoptions:
1678         /* Do you ask, what is it?
1679
1680            1. skb was enqueued by tcp.
1681            2. skb is added to tail of read queue, rather than out of order.
1682            3. socket is not in passive state.
1683            4. Finally, it really contains options, which user wants to receive.
1684          */
1685         tp = tcp_sk(sk);
1686         if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1687             !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1688                 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1689                         np->mcast_oif = inet6_iif(opt_skb);
1690                 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1691                         np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1692                 if (ipv6_opt_accepted(sk, opt_skb)) {
1693                         skb_set_owner_r(opt_skb, sk);
1694                         opt_skb = xchg(&np->pktoptions, opt_skb);
1695                 } else {
1696                         __kfree_skb(opt_skb);
1697                         opt_skb = xchg(&np->pktoptions, NULL);
1698                 }
1699         }
1700
1701         if (opt_skb)
1702                 kfree_skb(opt_skb);
1703         return 0;
1704 }
1705
1706 static int tcp_v6_rcv(struct sk_buff *skb)
1707 {
1708         struct tcphdr *th;
1709         struct sock *sk;
1710         int ret;
1711
1712         if (skb->pkt_type != PACKET_HOST)
1713                 goto discard_it;
1714
1715         /*
1716          *      Count it even if it's bad.
1717          */
1718         TCP_INC_STATS_BH(TCP_MIB_INSEGS);
1719
1720         if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1721                 goto discard_it;
1722
1723         th = tcp_hdr(skb);
1724
1725         if (th->doff < sizeof(struct tcphdr)/4)
1726                 goto bad_packet;
1727         if (!pskb_may_pull(skb, th->doff*4))
1728                 goto discard_it;
1729
1730         if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb))
1731                 goto bad_packet;
1732
1733         th = tcp_hdr(skb);
1734         TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1735         TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1736                                     skb->len - th->doff*4);
1737         TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1738         TCP_SKB_CB(skb)->when = 0;
1739         TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb));
1740         TCP_SKB_CB(skb)->sacked = 0;
1741
1742         sk = __inet6_lookup(dev_net(skb->dev), &tcp_hashinfo,
1743                         &ipv6_hdr(skb)->saddr, th->source,
1744                         &ipv6_hdr(skb)->daddr, ntohs(th->dest),
1745                         inet6_iif(skb));
1746
1747         if (!sk)
1748                 goto no_tcp_socket;
1749
1750 process:
1751         if (sk->sk_state == TCP_TIME_WAIT)
1752                 goto do_time_wait;
1753
1754         if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1755                 goto discard_and_relse;
1756
1757         if (sk_filter(sk, skb))
1758                 goto discard_and_relse;
1759
1760         skb->dev = NULL;
1761
1762         bh_lock_sock_nested(sk);
1763         ret = 0;
1764         if (!sock_owned_by_user(sk)) {
1765 #ifdef CONFIG_NET_DMA
1766                 struct tcp_sock *tp = tcp_sk(sk);
1767                 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1768                         tp->ucopy.dma_chan = get_softnet_dma();
1769                 if (tp->ucopy.dma_chan)
1770                         ret = tcp_v6_do_rcv(sk, skb);
1771                 else
1772 #endif
1773                 {
1774                         if (!tcp_prequeue(sk, skb))
1775                                 ret = tcp_v6_do_rcv(sk, skb);
1776                 }
1777         } else
1778                 sk_add_backlog(sk, skb);
1779         bh_unlock_sock(sk);
1780
1781         sock_put(sk);
1782         return ret ? -1 : 0;
1783
1784 no_tcp_socket:
1785         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1786                 goto discard_it;
1787
1788         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1789 bad_packet:
1790                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1791         } else {
1792                 tcp_v6_send_reset(NULL, skb);
1793         }
1794
1795 discard_it:
1796
1797         /*
1798          *      Discard frame
1799          */
1800
1801         kfree_skb(skb);
1802         return 0;
1803
1804 discard_and_relse:
1805         sock_put(sk);
1806         goto discard_it;
1807
1808 do_time_wait:
1809         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1810                 inet_twsk_put(inet_twsk(sk));
1811                 goto discard_it;
1812         }
1813
1814         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1815                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1816                 inet_twsk_put(inet_twsk(sk));
1817                 goto discard_it;
1818         }
1819
1820         switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1821         case TCP_TW_SYN:
1822         {
1823                 struct sock *sk2;
1824
1825                 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1826                                             &ipv6_hdr(skb)->daddr,
1827                                             ntohs(th->dest), inet6_iif(skb));
1828                 if (sk2 != NULL) {
1829                         struct inet_timewait_sock *tw = inet_twsk(sk);
1830                         inet_twsk_deschedule(tw, &tcp_death_row);
1831                         inet_twsk_put(tw);
1832                         sk = sk2;
1833                         goto process;
1834                 }
1835                 /* Fall through to ACK */
1836         }
1837         case TCP_TW_ACK:
1838                 tcp_v6_timewait_ack(sk, skb);
1839                 break;
1840         case TCP_TW_RST:
1841                 goto no_tcp_socket;
1842         case TCP_TW_SUCCESS:;
1843         }
1844         goto discard_it;
1845 }
1846
1847 static int tcp_v6_remember_stamp(struct sock *sk)
1848 {
1849         /* Alas, not yet... */
1850         return 0;
1851 }
1852
1853 static struct inet_connection_sock_af_ops ipv6_specific = {
1854         .queue_xmit        = inet6_csk_xmit,
1855         .send_check        = tcp_v6_send_check,
1856         .rebuild_header    = inet6_sk_rebuild_header,
1857         .conn_request      = tcp_v6_conn_request,
1858         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1859         .remember_stamp    = tcp_v6_remember_stamp,
1860         .net_header_len    = sizeof(struct ipv6hdr),
1861         .setsockopt        = ipv6_setsockopt,
1862         .getsockopt        = ipv6_getsockopt,
1863         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1864         .sockaddr_len      = sizeof(struct sockaddr_in6),
1865         .bind_conflict     = inet6_csk_bind_conflict,
1866 #ifdef CONFIG_COMPAT
1867         .compat_setsockopt = compat_ipv6_setsockopt,
1868         .compat_getsockopt = compat_ipv6_getsockopt,
1869 #endif
1870 };
1871
1872 #ifdef CONFIG_TCP_MD5SIG
1873 static struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1874         .md5_lookup     =       tcp_v6_md5_lookup,
1875         .calc_md5_hash  =       tcp_v6_calc_md5_hash,
1876         .md5_add        =       tcp_v6_md5_add_func,
1877         .md5_parse      =       tcp_v6_parse_md5_keys,
1878 };
1879 #endif
1880
1881 /*
1882  *      TCP over IPv4 via INET6 API
1883  */
1884
1885 static struct inet_connection_sock_af_ops ipv6_mapped = {
1886         .queue_xmit        = ip_queue_xmit,
1887         .send_check        = tcp_v4_send_check,
1888         .rebuild_header    = inet_sk_rebuild_header,
1889         .conn_request      = tcp_v6_conn_request,
1890         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1891         .remember_stamp    = tcp_v4_remember_stamp,
1892         .net_header_len    = sizeof(struct iphdr),
1893         .setsockopt        = ipv6_setsockopt,
1894         .getsockopt        = ipv6_getsockopt,
1895         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1896         .sockaddr_len      = sizeof(struct sockaddr_in6),
1897         .bind_conflict     = inet6_csk_bind_conflict,
1898 #ifdef CONFIG_COMPAT
1899         .compat_setsockopt = compat_ipv6_setsockopt,
1900         .compat_getsockopt = compat_ipv6_getsockopt,
1901 #endif
1902 };
1903
1904 #ifdef CONFIG_TCP_MD5SIG
1905 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1906         .md5_lookup     =       tcp_v4_md5_lookup,
1907         .calc_md5_hash  =       tcp_v4_calc_md5_hash,
1908         .md5_add        =       tcp_v6_md5_add_func,
1909         .md5_parse      =       tcp_v6_parse_md5_keys,
1910 };
1911 #endif
1912
1913 /* NOTE: A lot of things set to zero explicitly by call to
1914  *       sk_alloc() so need not be done here.
1915  */
1916 static int tcp_v6_init_sock(struct sock *sk)
1917 {
1918         struct inet_connection_sock *icsk = inet_csk(sk);
1919         struct tcp_sock *tp = tcp_sk(sk);
1920
1921         skb_queue_head_init(&tp->out_of_order_queue);
1922         tcp_init_xmit_timers(sk);
1923         tcp_prequeue_init(tp);
1924
1925         icsk->icsk_rto = TCP_TIMEOUT_INIT;
1926         tp->mdev = TCP_TIMEOUT_INIT;
1927
1928         /* So many TCP implementations out there (incorrectly) count the
1929          * initial SYN frame in their delayed-ACK and congestion control
1930          * algorithms that we must have the following bandaid to talk
1931          * efficiently to them.  -DaveM
1932          */
1933         tp->snd_cwnd = 2;
1934
1935         /* See draft-stevens-tcpca-spec-01 for discussion of the
1936          * initialization of these values.
1937          */
1938         tp->snd_ssthresh = 0x7fffffff;
1939         tp->snd_cwnd_clamp = ~0;
1940         tp->mss_cache = 536;
1941
1942         tp->reordering = sysctl_tcp_reordering;
1943
1944         sk->sk_state = TCP_CLOSE;
1945
1946         icsk->icsk_af_ops = &ipv6_specific;
1947         icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1948         icsk->icsk_sync_mss = tcp_sync_mss;
1949         sk->sk_write_space = sk_stream_write_space;
1950         sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1951
1952 #ifdef CONFIG_TCP_MD5SIG
1953         tp->af_specific = &tcp_sock_ipv6_specific;
1954 #endif
1955
1956         sk->sk_sndbuf = sysctl_tcp_wmem[1];
1957         sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1958
1959         atomic_inc(&tcp_sockets_allocated);
1960
1961         return 0;
1962 }
1963
1964 static int tcp_v6_destroy_sock(struct sock *sk)
1965 {
1966 #ifdef CONFIG_TCP_MD5SIG
1967         /* Clean up the MD5 key list */
1968         if (tcp_sk(sk)->md5sig_info)
1969                 tcp_v6_clear_md5_list(sk);
1970 #endif
1971         tcp_v4_destroy_sock(sk);
1972         return inet6_destroy_sock(sk);
1973 }
1974
1975 #ifdef CONFIG_PROC_FS
1976 /* Proc filesystem TCPv6 sock list dumping. */
1977 static void get_openreq6(struct seq_file *seq,
1978                          struct sock *sk, struct request_sock *req, int i, int uid)
1979 {
1980         int ttd = req->expires - jiffies;
1981         struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1982         struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1983
1984         if (ttd < 0)
1985                 ttd = 0;
1986
1987         seq_printf(seq,
1988                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1989                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1990                    i,
1991                    src->s6_addr32[0], src->s6_addr32[1],
1992                    src->s6_addr32[2], src->s6_addr32[3],
1993                    ntohs(inet_sk(sk)->sport),
1994                    dest->s6_addr32[0], dest->s6_addr32[1],
1995                    dest->s6_addr32[2], dest->s6_addr32[3],
1996                    ntohs(inet_rsk(req)->rmt_port),
1997                    TCP_SYN_RECV,
1998                    0,0, /* could print option size, but that is af dependent. */
1999                    1,   /* timers active (only the expire timer) */
2000                    jiffies_to_clock_t(ttd),
2001                    req->retrans,
2002                    uid,
2003                    0,  /* non standard timer */
2004                    0, /* open_requests have no inode */
2005                    0, req);
2006 }
2007
2008 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
2009 {
2010         struct in6_addr *dest, *src;
2011         __u16 destp, srcp;
2012         int timer_active;
2013         unsigned long timer_expires;
2014         struct inet_sock *inet = inet_sk(sp);
2015         struct tcp_sock *tp = tcp_sk(sp);
2016         const struct inet_connection_sock *icsk = inet_csk(sp);
2017         struct ipv6_pinfo *np = inet6_sk(sp);
2018
2019         dest  = &np->daddr;
2020         src   = &np->rcv_saddr;
2021         destp = ntohs(inet->dport);
2022         srcp  = ntohs(inet->sport);
2023
2024         if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
2025                 timer_active    = 1;
2026                 timer_expires   = icsk->icsk_timeout;
2027         } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2028                 timer_active    = 4;
2029                 timer_expires   = icsk->icsk_timeout;
2030         } else if (timer_pending(&sp->sk_timer)) {
2031                 timer_active    = 2;
2032                 timer_expires   = sp->sk_timer.expires;
2033         } else {
2034                 timer_active    = 0;
2035                 timer_expires = jiffies;
2036         }
2037
2038         seq_printf(seq,
2039                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2040                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %u %u %u %u %d\n",
2041                    i,
2042                    src->s6_addr32[0], src->s6_addr32[1],
2043                    src->s6_addr32[2], src->s6_addr32[3], srcp,
2044                    dest->s6_addr32[0], dest->s6_addr32[1],
2045                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
2046                    sp->sk_state,
2047                    tp->write_seq-tp->snd_una,
2048                    (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
2049                    timer_active,
2050                    jiffies_to_clock_t(timer_expires - jiffies),
2051                    icsk->icsk_retransmits,
2052                    sock_i_uid(sp),
2053                    icsk->icsk_probes_out,
2054                    sock_i_ino(sp),
2055                    atomic_read(&sp->sk_refcnt), sp,
2056                    icsk->icsk_rto,
2057                    icsk->icsk_ack.ato,
2058                    (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
2059                    tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
2060                    );
2061 }
2062
2063 static void get_timewait6_sock(struct seq_file *seq,
2064                                struct inet_timewait_sock *tw, int i)
2065 {
2066         struct in6_addr *dest, *src;
2067         __u16 destp, srcp;
2068         struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
2069         int ttd = tw->tw_ttd - jiffies;
2070
2071         if (ttd < 0)
2072                 ttd = 0;
2073
2074         dest = &tw6->tw_v6_daddr;
2075         src  = &tw6->tw_v6_rcv_saddr;
2076         destp = ntohs(tw->tw_dport);
2077         srcp  = ntohs(tw->tw_sport);
2078
2079         seq_printf(seq,
2080                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2081                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
2082                    i,
2083                    src->s6_addr32[0], src->s6_addr32[1],
2084                    src->s6_addr32[2], src->s6_addr32[3], srcp,
2085                    dest->s6_addr32[0], dest->s6_addr32[1],
2086                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
2087                    tw->tw_substate, 0, 0,
2088                    3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2089                    atomic_read(&tw->tw_refcnt), tw);
2090 }
2091
2092 static int tcp6_seq_show(struct seq_file *seq, void *v)
2093 {
2094         struct tcp_iter_state *st;
2095
2096         if (v == SEQ_START_TOKEN) {
2097                 seq_puts(seq,
2098                          "  sl  "
2099                          "local_address                         "
2100                          "remote_address                        "
2101                          "st tx_queue rx_queue tr tm->when retrnsmt"
2102                          "   uid  timeout inode\n");
2103                 goto out;
2104         }
2105         st = seq->private;
2106
2107         switch (st->state) {
2108         case TCP_SEQ_STATE_LISTENING:
2109         case TCP_SEQ_STATE_ESTABLISHED:
2110                 get_tcp6_sock(seq, v, st->num);
2111                 break;
2112         case TCP_SEQ_STATE_OPENREQ:
2113                 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
2114                 break;
2115         case TCP_SEQ_STATE_TIME_WAIT:
2116                 get_timewait6_sock(seq, v, st->num);
2117                 break;
2118         }
2119 out:
2120         return 0;
2121 }
2122
2123 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2124         .name           = "tcp6",
2125         .family         = AF_INET6,
2126         .seq_fops       = {
2127                 .owner          = THIS_MODULE,
2128         },
2129         .seq_ops        = {
2130                 .show           = tcp6_seq_show,
2131         },
2132 };
2133
2134 int tcp6_proc_init(struct net *net)
2135 {
2136         return tcp_proc_register(net, &tcp6_seq_afinfo);
2137 }
2138
2139 void tcp6_proc_exit(struct net *net)
2140 {
2141         tcp_proc_unregister(net, &tcp6_seq_afinfo);
2142 }
2143 #endif
2144
2145 struct proto tcpv6_prot = {
2146         .name                   = "TCPv6",
2147         .owner                  = THIS_MODULE,
2148         .close                  = tcp_close,
2149         .connect                = tcp_v6_connect,
2150         .disconnect             = tcp_disconnect,
2151         .accept                 = inet_csk_accept,
2152         .ioctl                  = tcp_ioctl,
2153         .init                   = tcp_v6_init_sock,
2154         .destroy                = tcp_v6_destroy_sock,
2155         .shutdown               = tcp_shutdown,
2156         .setsockopt             = tcp_setsockopt,
2157         .getsockopt             = tcp_getsockopt,
2158         .recvmsg                = tcp_recvmsg,
2159         .backlog_rcv            = tcp_v6_do_rcv,
2160         .hash                   = tcp_v6_hash,
2161         .unhash                 = inet_unhash,
2162         .get_port               = inet_csk_get_port,
2163         .enter_memory_pressure  = tcp_enter_memory_pressure,
2164         .sockets_allocated      = &tcp_sockets_allocated,
2165         .memory_allocated       = &tcp_memory_allocated,
2166         .memory_pressure        = &tcp_memory_pressure,
2167         .orphan_count           = &tcp_orphan_count,
2168         .sysctl_mem             = sysctl_tcp_mem,
2169         .sysctl_wmem            = sysctl_tcp_wmem,
2170         .sysctl_rmem            = sysctl_tcp_rmem,
2171         .max_header             = MAX_TCP_HEADER,
2172         .obj_size               = sizeof(struct tcp6_sock),
2173         .twsk_prot              = &tcp6_timewait_sock_ops,
2174         .rsk_prot               = &tcp6_request_sock_ops,
2175         .h.hashinfo             = &tcp_hashinfo,
2176 #ifdef CONFIG_COMPAT
2177         .compat_setsockopt      = compat_tcp_setsockopt,
2178         .compat_getsockopt      = compat_tcp_getsockopt,
2179 #endif
2180 };
2181
2182 static struct inet6_protocol tcpv6_protocol = {
2183         .handler        =       tcp_v6_rcv,
2184         .err_handler    =       tcp_v6_err,
2185         .gso_send_check =       tcp_v6_gso_send_check,
2186         .gso_segment    =       tcp_tso_segment,
2187         .flags          =       INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2188 };
2189
2190 static struct inet_protosw tcpv6_protosw = {
2191         .type           =       SOCK_STREAM,
2192         .protocol       =       IPPROTO_TCP,
2193         .prot           =       &tcpv6_prot,
2194         .ops            =       &inet6_stream_ops,
2195         .capability     =       -1,
2196         .no_check       =       0,
2197         .flags          =       INET_PROTOSW_PERMANENT |
2198                                 INET_PROTOSW_ICSK,
2199 };
2200
2201 static int tcpv6_net_init(struct net *net)
2202 {
2203         return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2204                                     SOCK_RAW, IPPROTO_TCP, net);
2205 }
2206
2207 static void tcpv6_net_exit(struct net *net)
2208 {
2209         inet_ctl_sock_destroy(net->ipv6.tcp_sk);
2210 }
2211
2212 static struct pernet_operations tcpv6_net_ops = {
2213         .init = tcpv6_net_init,
2214         .exit = tcpv6_net_exit,
2215 };
2216
2217 int __init tcpv6_init(void)
2218 {
2219         int ret;
2220
2221         ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2222         if (ret)
2223                 goto out;
2224
2225         /* register inet6 protocol */
2226         ret = inet6_register_protosw(&tcpv6_protosw);
2227         if (ret)
2228                 goto out_tcpv6_protocol;
2229
2230         ret = register_pernet_subsys(&tcpv6_net_ops);
2231         if (ret)
2232                 goto out_tcpv6_protosw;
2233 out:
2234         return ret;
2235
2236 out_tcpv6_protocol:
2237         inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2238 out_tcpv6_protosw:
2239         inet6_unregister_protosw(&tcpv6_protosw);
2240         goto out;
2241 }
2242
2243 void tcpv6_exit(void)
2244 {
2245         unregister_pernet_subsys(&tcpv6_net_ops);
2246         inet6_unregister_protosw(&tcpv6_protosw);
2247         inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2248 }