Merge branch 'for-2.6.23' into merge
[linux-2.6] / net / ipv6 / tcp_ipv6.c
1 /*
2  *      TCP over IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *
8  *      $Id: tcp_ipv6.c,v 1.144 2002/02/01 22:01:04 davem Exp $
9  *
10  *      Based on:
11  *      linux/net/ipv4/tcp.c
12  *      linux/net/ipv4/tcp_input.c
13  *      linux/net/ipv4/tcp_output.c
14  *
15  *      Fixes:
16  *      Hideaki YOSHIFUJI       :       sin6_scope_id support
17  *      YOSHIFUJI Hideaki @USAGI and:   Support IPV6_V6ONLY socket option, which
18  *      Alexey Kuznetsov                allow both IPv4 and IPv6 sockets to bind
19  *                                      a single port at the same time.
20  *      YOSHIFUJI Hideaki @USAGI:       convert /proc/net/tcp6 to seq_file.
21  *
22  *      This program is free software; you can redistribute it and/or
23  *      modify it under the terms of the GNU General Public License
24  *      as published by the Free Software Foundation; either version
25  *      2 of the License, or (at your option) any later version.
26  */
27
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/net.h>
34 #include <linux/jiffies.h>
35 #include <linux/in.h>
36 #include <linux/in6.h>
37 #include <linux/netdevice.h>
38 #include <linux/init.h>
39 #include <linux/jhash.h>
40 #include <linux/ipsec.h>
41 #include <linux/times.h>
42
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
46
47 #include <net/tcp.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
51 #include <net/ipv6.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
58 #include <net/xfrm.h>
59 #include <net/addrconf.h>
60 #include <net/snmp.h>
61 #include <net/dsfield.h>
62 #include <net/timewait_sock.h>
63
64 #include <asm/uaccess.h>
65
66 #include <linux/proc_fs.h>
67 #include <linux/seq_file.h>
68
69 #include <linux/crypto.h>
70 #include <linux/scatterlist.h>
71
72 /* Socket used for sending RSTs and ACKs */
73 static struct socket *tcp6_socket;
74
75 static void     tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
76 static void     tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req);
77 static void     tcp_v6_send_check(struct sock *sk, int len,
78                                   struct sk_buff *skb);
79
80 static int      tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
81
82 static struct inet_connection_sock_af_ops ipv6_mapped;
83 static struct inet_connection_sock_af_ops ipv6_specific;
84 #ifdef CONFIG_TCP_MD5SIG
85 static struct tcp_sock_af_ops tcp_sock_ipv6_specific;
86 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
87 #endif
88
89 static int tcp_v6_get_port(struct sock *sk, unsigned short snum)
90 {
91         return inet_csk_get_port(&tcp_hashinfo, sk, snum,
92                                  inet6_csk_bind_conflict);
93 }
94
95 static void tcp_v6_hash(struct sock *sk)
96 {
97         if (sk->sk_state != TCP_CLOSE) {
98                 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
99                         tcp_prot.hash(sk);
100                         return;
101                 }
102                 local_bh_disable();
103                 __inet6_hash(&tcp_hashinfo, sk);
104                 local_bh_enable();
105         }
106 }
107
108 static __inline__ __sum16 tcp_v6_check(struct tcphdr *th, int len,
109                                    struct in6_addr *saddr,
110                                    struct in6_addr *daddr,
111                                    __wsum base)
112 {
113         return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
114 }
115
116 static __u32 tcp_v6_init_sequence(struct sk_buff *skb)
117 {
118         return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
119                                             ipv6_hdr(skb)->saddr.s6_addr32,
120                                             tcp_hdr(skb)->dest,
121                                             tcp_hdr(skb)->source);
122 }
123
124 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
125                           int addr_len)
126 {
127         struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
128         struct inet_sock *inet = inet_sk(sk);
129         struct inet_connection_sock *icsk = inet_csk(sk);
130         struct ipv6_pinfo *np = inet6_sk(sk);
131         struct tcp_sock *tp = tcp_sk(sk);
132         struct in6_addr *saddr = NULL, *final_p = NULL, final;
133         struct flowi fl;
134         struct dst_entry *dst;
135         int addr_type;
136         int err;
137
138         if (addr_len < SIN6_LEN_RFC2133)
139                 return -EINVAL;
140
141         if (usin->sin6_family != AF_INET6)
142                 return(-EAFNOSUPPORT);
143
144         memset(&fl, 0, sizeof(fl));
145
146         if (np->sndflow) {
147                 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
148                 IP6_ECN_flow_init(fl.fl6_flowlabel);
149                 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
150                         struct ip6_flowlabel *flowlabel;
151                         flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
152                         if (flowlabel == NULL)
153                                 return -EINVAL;
154                         ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
155                         fl6_sock_release(flowlabel);
156                 }
157         }
158
159         /*
160          *      connect() to INADDR_ANY means loopback (BSD'ism).
161          */
162
163         if(ipv6_addr_any(&usin->sin6_addr))
164                 usin->sin6_addr.s6_addr[15] = 0x1;
165
166         addr_type = ipv6_addr_type(&usin->sin6_addr);
167
168         if(addr_type & IPV6_ADDR_MULTICAST)
169                 return -ENETUNREACH;
170
171         if (addr_type&IPV6_ADDR_LINKLOCAL) {
172                 if (addr_len >= sizeof(struct sockaddr_in6) &&
173                     usin->sin6_scope_id) {
174                         /* If interface is set while binding, indices
175                          * must coincide.
176                          */
177                         if (sk->sk_bound_dev_if &&
178                             sk->sk_bound_dev_if != usin->sin6_scope_id)
179                                 return -EINVAL;
180
181                         sk->sk_bound_dev_if = usin->sin6_scope_id;
182                 }
183
184                 /* Connect to link-local address requires an interface */
185                 if (!sk->sk_bound_dev_if)
186                         return -EINVAL;
187         }
188
189         if (tp->rx_opt.ts_recent_stamp &&
190             !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
191                 tp->rx_opt.ts_recent = 0;
192                 tp->rx_opt.ts_recent_stamp = 0;
193                 tp->write_seq = 0;
194         }
195
196         ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
197         np->flow_label = fl.fl6_flowlabel;
198
199         /*
200          *      TCP over IPv4
201          */
202
203         if (addr_type == IPV6_ADDR_MAPPED) {
204                 u32 exthdrlen = icsk->icsk_ext_hdr_len;
205                 struct sockaddr_in sin;
206
207                 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
208
209                 if (__ipv6_only_sock(sk))
210                         return -ENETUNREACH;
211
212                 sin.sin_family = AF_INET;
213                 sin.sin_port = usin->sin6_port;
214                 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
215
216                 icsk->icsk_af_ops = &ipv6_mapped;
217                 sk->sk_backlog_rcv = tcp_v4_do_rcv;
218 #ifdef CONFIG_TCP_MD5SIG
219                 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
220 #endif
221
222                 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
223
224                 if (err) {
225                         icsk->icsk_ext_hdr_len = exthdrlen;
226                         icsk->icsk_af_ops = &ipv6_specific;
227                         sk->sk_backlog_rcv = tcp_v6_do_rcv;
228 #ifdef CONFIG_TCP_MD5SIG
229                         tp->af_specific = &tcp_sock_ipv6_specific;
230 #endif
231                         goto failure;
232                 } else {
233                         ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF),
234                                       inet->saddr);
235                         ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF),
236                                       inet->rcv_saddr);
237                 }
238
239                 return err;
240         }
241
242         if (!ipv6_addr_any(&np->rcv_saddr))
243                 saddr = &np->rcv_saddr;
244
245         fl.proto = IPPROTO_TCP;
246         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
247         ipv6_addr_copy(&fl.fl6_src,
248                        (saddr ? saddr : &np->saddr));
249         fl.oif = sk->sk_bound_dev_if;
250         fl.fl_ip_dport = usin->sin6_port;
251         fl.fl_ip_sport = inet->sport;
252
253         if (np->opt && np->opt->srcrt) {
254                 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
255                 ipv6_addr_copy(&final, &fl.fl6_dst);
256                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
257                 final_p = &final;
258         }
259
260         security_sk_classify_flow(sk, &fl);
261
262         err = ip6_dst_lookup(sk, &dst, &fl);
263         if (err)
264                 goto failure;
265         if (final_p)
266                 ipv6_addr_copy(&fl.fl6_dst, final_p);
267
268         if ((err = __xfrm_lookup(&dst, &fl, sk, 1)) < 0) {
269                 if (err == -EREMOTE)
270                         err = ip6_dst_blackhole(sk, &dst, &fl);
271                 if (err < 0)
272                         goto failure;
273         }
274
275         if (saddr == NULL) {
276                 saddr = &fl.fl6_src;
277                 ipv6_addr_copy(&np->rcv_saddr, saddr);
278         }
279
280         /* set the source address */
281         ipv6_addr_copy(&np->saddr, saddr);
282         inet->rcv_saddr = LOOPBACK4_IPV6;
283
284         sk->sk_gso_type = SKB_GSO_TCPV6;
285         __ip6_dst_store(sk, dst, NULL, NULL);
286
287         icsk->icsk_ext_hdr_len = 0;
288         if (np->opt)
289                 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
290                                           np->opt->opt_nflen);
291
292         tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
293
294         inet->dport = usin->sin6_port;
295
296         tcp_set_state(sk, TCP_SYN_SENT);
297         err = inet6_hash_connect(&tcp_death_row, sk);
298         if (err)
299                 goto late_failure;
300
301         if (!tp->write_seq)
302                 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
303                                                              np->daddr.s6_addr32,
304                                                              inet->sport,
305                                                              inet->dport);
306
307         err = tcp_connect(sk);
308         if (err)
309                 goto late_failure;
310
311         return 0;
312
313 late_failure:
314         tcp_set_state(sk, TCP_CLOSE);
315         __sk_dst_reset(sk);
316 failure:
317         inet->dport = 0;
318         sk->sk_route_caps = 0;
319         return err;
320 }
321
322 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
323                 int type, int code, int offset, __be32 info)
324 {
325         struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
326         const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
327         struct ipv6_pinfo *np;
328         struct sock *sk;
329         int err;
330         struct tcp_sock *tp;
331         __u32 seq;
332
333         sk = inet6_lookup(&tcp_hashinfo, &hdr->daddr, th->dest, &hdr->saddr,
334                           th->source, skb->dev->ifindex);
335
336         if (sk == NULL) {
337                 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
338                 return;
339         }
340
341         if (sk->sk_state == TCP_TIME_WAIT) {
342                 inet_twsk_put(inet_twsk(sk));
343                 return;
344         }
345
346         bh_lock_sock(sk);
347         if (sock_owned_by_user(sk))
348                 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
349
350         if (sk->sk_state == TCP_CLOSE)
351                 goto out;
352
353         tp = tcp_sk(sk);
354         seq = ntohl(th->seq);
355         if (sk->sk_state != TCP_LISTEN &&
356             !between(seq, tp->snd_una, tp->snd_nxt)) {
357                 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
358                 goto out;
359         }
360
361         np = inet6_sk(sk);
362
363         if (type == ICMPV6_PKT_TOOBIG) {
364                 struct dst_entry *dst = NULL;
365
366                 if (sock_owned_by_user(sk))
367                         goto out;
368                 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
369                         goto out;
370
371                 /* icmp should have updated the destination cache entry */
372                 dst = __sk_dst_check(sk, np->dst_cookie);
373
374                 if (dst == NULL) {
375                         struct inet_sock *inet = inet_sk(sk);
376                         struct flowi fl;
377
378                         /* BUGGG_FUTURE: Again, it is not clear how
379                            to handle rthdr case. Ignore this complexity
380                            for now.
381                          */
382                         memset(&fl, 0, sizeof(fl));
383                         fl.proto = IPPROTO_TCP;
384                         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
385                         ipv6_addr_copy(&fl.fl6_src, &np->saddr);
386                         fl.oif = sk->sk_bound_dev_if;
387                         fl.fl_ip_dport = inet->dport;
388                         fl.fl_ip_sport = inet->sport;
389                         security_skb_classify_flow(skb, &fl);
390
391                         if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
392                                 sk->sk_err_soft = -err;
393                                 goto out;
394                         }
395
396                         if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
397                                 sk->sk_err_soft = -err;
398                                 goto out;
399                         }
400
401                 } else
402                         dst_hold(dst);
403
404                 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
405                         tcp_sync_mss(sk, dst_mtu(dst));
406                         tcp_simple_retransmit(sk);
407                 } /* else let the usual retransmit timer handle it */
408                 dst_release(dst);
409                 goto out;
410         }
411
412         icmpv6_err_convert(type, code, &err);
413
414         /* Might be for an request_sock */
415         switch (sk->sk_state) {
416                 struct request_sock *req, **prev;
417         case TCP_LISTEN:
418                 if (sock_owned_by_user(sk))
419                         goto out;
420
421                 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
422                                            &hdr->saddr, inet6_iif(skb));
423                 if (!req)
424                         goto out;
425
426                 /* ICMPs are not backlogged, hence we cannot get
427                  * an established socket here.
428                  */
429                 BUG_TRAP(req->sk == NULL);
430
431                 if (seq != tcp_rsk(req)->snt_isn) {
432                         NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
433                         goto out;
434                 }
435
436                 inet_csk_reqsk_queue_drop(sk, req, prev);
437                 goto out;
438
439         case TCP_SYN_SENT:
440         case TCP_SYN_RECV:  /* Cannot happen.
441                                It can, it SYNs are crossed. --ANK */
442                 if (!sock_owned_by_user(sk)) {
443                         sk->sk_err = err;
444                         sk->sk_error_report(sk);                /* Wake people up to see the error (see connect in sock.c) */
445
446                         tcp_done(sk);
447                 } else
448                         sk->sk_err_soft = err;
449                 goto out;
450         }
451
452         if (!sock_owned_by_user(sk) && np->recverr) {
453                 sk->sk_err = err;
454                 sk->sk_error_report(sk);
455         } else
456                 sk->sk_err_soft = err;
457
458 out:
459         bh_unlock_sock(sk);
460         sock_put(sk);
461 }
462
463
464 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
465                               struct dst_entry *dst)
466 {
467         struct inet6_request_sock *treq = inet6_rsk(req);
468         struct ipv6_pinfo *np = inet6_sk(sk);
469         struct sk_buff * skb;
470         struct ipv6_txoptions *opt = NULL;
471         struct in6_addr * final_p = NULL, final;
472         struct flowi fl;
473         int err = -1;
474
475         memset(&fl, 0, sizeof(fl));
476         fl.proto = IPPROTO_TCP;
477         ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
478         ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
479         fl.fl6_flowlabel = 0;
480         fl.oif = treq->iif;
481         fl.fl_ip_dport = inet_rsk(req)->rmt_port;
482         fl.fl_ip_sport = inet_sk(sk)->sport;
483         security_req_classify_flow(req, &fl);
484
485         if (dst == NULL) {
486                 opt = np->opt;
487                 if (opt == NULL &&
488                     np->rxopt.bits.osrcrt == 2 &&
489                     treq->pktopts) {
490                         struct sk_buff *pktopts = treq->pktopts;
491                         struct inet6_skb_parm *rxopt = IP6CB(pktopts);
492                         if (rxopt->srcrt)
493                                 opt = ipv6_invert_rthdr(sk,
494                           (struct ipv6_rt_hdr *)(skb_network_header(pktopts) +
495                                                  rxopt->srcrt));
496                 }
497
498                 if (opt && opt->srcrt) {
499                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
500                         ipv6_addr_copy(&final, &fl.fl6_dst);
501                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
502                         final_p = &final;
503                 }
504
505                 err = ip6_dst_lookup(sk, &dst, &fl);
506                 if (err)
507                         goto done;
508                 if (final_p)
509                         ipv6_addr_copy(&fl.fl6_dst, final_p);
510                 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
511                         goto done;
512         }
513
514         skb = tcp_make_synack(sk, dst, req);
515         if (skb) {
516                 struct tcphdr *th = tcp_hdr(skb);
517
518                 th->check = tcp_v6_check(th, skb->len,
519                                          &treq->loc_addr, &treq->rmt_addr,
520                                          csum_partial((char *)th, skb->len, skb->csum));
521
522                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
523                 err = ip6_xmit(sk, skb, &fl, opt, 0);
524                 err = net_xmit_eval(err);
525         }
526
527 done:
528         if (opt && opt != np->opt)
529                 sock_kfree_s(sk, opt, opt->tot_len);
530         dst_release(dst);
531         return err;
532 }
533
534 static void tcp_v6_reqsk_destructor(struct request_sock *req)
535 {
536         if (inet6_rsk(req)->pktopts)
537                 kfree_skb(inet6_rsk(req)->pktopts);
538 }
539
540 #ifdef CONFIG_TCP_MD5SIG
541 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
542                                                    struct in6_addr *addr)
543 {
544         struct tcp_sock *tp = tcp_sk(sk);
545         int i;
546
547         BUG_ON(tp == NULL);
548
549         if (!tp->md5sig_info || !tp->md5sig_info->entries6)
550                 return NULL;
551
552         for (i = 0; i < tp->md5sig_info->entries6; i++) {
553                 if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, addr) == 0)
554                         return (struct tcp_md5sig_key *)&tp->md5sig_info->keys6[i];
555         }
556         return NULL;
557 }
558
559 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
560                                                 struct sock *addr_sk)
561 {
562         return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
563 }
564
565 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
566                                                       struct request_sock *req)
567 {
568         return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
569 }
570
571 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
572                              char *newkey, u8 newkeylen)
573 {
574         /* Add key to the list */
575         struct tcp6_md5sig_key *key;
576         struct tcp_sock *tp = tcp_sk(sk);
577         struct tcp6_md5sig_key *keys;
578
579         key = (struct tcp6_md5sig_key*) tcp_v6_md5_do_lookup(sk, peer);
580         if (key) {
581                 /* modify existing entry - just update that one */
582                 kfree(key->key);
583                 key->key = newkey;
584                 key->keylen = newkeylen;
585         } else {
586                 /* reallocate new list if current one is full. */
587                 if (!tp->md5sig_info) {
588                         tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC);
589                         if (!tp->md5sig_info) {
590                                 kfree(newkey);
591                                 return -ENOMEM;
592                         }
593                         sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
594                 }
595                 tcp_alloc_md5sig_pool();
596                 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) {
597                         keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) *
598                                        (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
599
600                         if (!keys) {
601                                 tcp_free_md5sig_pool();
602                                 kfree(newkey);
603                                 return -ENOMEM;
604                         }
605
606                         if (tp->md5sig_info->entries6)
607                                 memmove(keys, tp->md5sig_info->keys6,
608                                         (sizeof (tp->md5sig_info->keys6[0]) *
609                                          tp->md5sig_info->entries6));
610
611                         kfree(tp->md5sig_info->keys6);
612                         tp->md5sig_info->keys6 = keys;
613                         tp->md5sig_info->alloced6++;
614                 }
615
616                 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
617                                peer);
618                 tp->md5sig_info->keys6[tp->md5sig_info->entries6].key = newkey;
619                 tp->md5sig_info->keys6[tp->md5sig_info->entries6].keylen = newkeylen;
620
621                 tp->md5sig_info->entries6++;
622         }
623         return 0;
624 }
625
626 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk,
627                                u8 *newkey, __u8 newkeylen)
628 {
629         return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr,
630                                  newkey, newkeylen);
631 }
632
633 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
634 {
635         struct tcp_sock *tp = tcp_sk(sk);
636         int i;
637
638         for (i = 0; i < tp->md5sig_info->entries6; i++) {
639                 if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, peer) == 0) {
640                         /* Free the key */
641                         kfree(tp->md5sig_info->keys6[i].key);
642                         tp->md5sig_info->entries6--;
643
644                         if (tp->md5sig_info->entries6 == 0) {
645                                 kfree(tp->md5sig_info->keys6);
646                                 tp->md5sig_info->keys6 = NULL;
647
648                                 tcp_free_md5sig_pool();
649
650                                 return 0;
651                         } else {
652                                 /* shrink the database */
653                                 if (tp->md5sig_info->entries6 != i)
654                                         memmove(&tp->md5sig_info->keys6[i],
655                                                 &tp->md5sig_info->keys6[i+1],
656                                                 (tp->md5sig_info->entries6 - i)
657                                                 * sizeof (tp->md5sig_info->keys6[0]));
658                         }
659                 }
660         }
661         return -ENOENT;
662 }
663
664 static void tcp_v6_clear_md5_list (struct sock *sk)
665 {
666         struct tcp_sock *tp = tcp_sk(sk);
667         int i;
668
669         if (tp->md5sig_info->entries6) {
670                 for (i = 0; i < tp->md5sig_info->entries6; i++)
671                         kfree(tp->md5sig_info->keys6[i].key);
672                 tp->md5sig_info->entries6 = 0;
673                 tcp_free_md5sig_pool();
674         }
675
676         kfree(tp->md5sig_info->keys6);
677         tp->md5sig_info->keys6 = NULL;
678         tp->md5sig_info->alloced6 = 0;
679
680         if (tp->md5sig_info->entries4) {
681                 for (i = 0; i < tp->md5sig_info->entries4; i++)
682                         kfree(tp->md5sig_info->keys4[i].key);
683                 tp->md5sig_info->entries4 = 0;
684                 tcp_free_md5sig_pool();
685         }
686
687         kfree(tp->md5sig_info->keys4);
688         tp->md5sig_info->keys4 = NULL;
689         tp->md5sig_info->alloced4 = 0;
690 }
691
692 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
693                                   int optlen)
694 {
695         struct tcp_md5sig cmd;
696         struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
697         u8 *newkey;
698
699         if (optlen < sizeof(cmd))
700                 return -EINVAL;
701
702         if (copy_from_user(&cmd, optval, sizeof(cmd)))
703                 return -EFAULT;
704
705         if (sin6->sin6_family != AF_INET6)
706                 return -EINVAL;
707
708         if (!cmd.tcpm_keylen) {
709                 if (!tcp_sk(sk)->md5sig_info)
710                         return -ENOENT;
711                 if (ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_MAPPED)
712                         return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
713                 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr);
714         }
715
716         if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
717                 return -EINVAL;
718
719         if (!tcp_sk(sk)->md5sig_info) {
720                 struct tcp_sock *tp = tcp_sk(sk);
721                 struct tcp_md5sig_info *p;
722
723                 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL);
724                 if (!p)
725                         return -ENOMEM;
726
727                 tp->md5sig_info = p;
728                 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
729         }
730
731         newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
732         if (!newkey)
733                 return -ENOMEM;
734         if (ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_MAPPED) {
735                 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3],
736                                          newkey, cmd.tcpm_keylen);
737         }
738         return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
739 }
740
741 static int tcp_v6_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
742                                    struct in6_addr *saddr,
743                                    struct in6_addr *daddr,
744                                    struct tcphdr *th, int protocol,
745                                    int tcplen)
746 {
747         struct scatterlist sg[4];
748         __u16 data_len;
749         int block = 0;
750         __sum16 cksum;
751         struct tcp_md5sig_pool *hp;
752         struct tcp6_pseudohdr *bp;
753         struct hash_desc *desc;
754         int err;
755         unsigned int nbytes = 0;
756
757         hp = tcp_get_md5sig_pool();
758         if (!hp) {
759                 printk(KERN_WARNING "%s(): hash pool not found...\n", __FUNCTION__);
760                 goto clear_hash_noput;
761         }
762         bp = &hp->md5_blk.ip6;
763         desc = &hp->md5_desc;
764
765         /* 1. TCP pseudo-header (RFC2460) */
766         ipv6_addr_copy(&bp->saddr, saddr);
767         ipv6_addr_copy(&bp->daddr, daddr);
768         bp->len = htonl(tcplen);
769         bp->protocol = htonl(protocol);
770
771         sg_set_buf(&sg[block++], bp, sizeof(*bp));
772         nbytes += sizeof(*bp);
773
774         /* 2. TCP header, excluding options */
775         cksum = th->check;
776         th->check = 0;
777         sg_set_buf(&sg[block++], th, sizeof(*th));
778         nbytes += sizeof(*th);
779
780         /* 3. TCP segment data (if any) */
781         data_len = tcplen - (th->doff << 2);
782         if (data_len > 0) {
783                 u8 *data = (u8 *)th + (th->doff << 2);
784                 sg_set_buf(&sg[block++], data, data_len);
785                 nbytes += data_len;
786         }
787
788         /* 4. shared key */
789         sg_set_buf(&sg[block++], key->key, key->keylen);
790         nbytes += key->keylen;
791
792         /* Now store the hash into the packet */
793         err = crypto_hash_init(desc);
794         if (err) {
795                 printk(KERN_WARNING "%s(): hash_init failed\n", __FUNCTION__);
796                 goto clear_hash;
797         }
798         err = crypto_hash_update(desc, sg, nbytes);
799         if (err) {
800                 printk(KERN_WARNING "%s(): hash_update failed\n", __FUNCTION__);
801                 goto clear_hash;
802         }
803         err = crypto_hash_final(desc, md5_hash);
804         if (err) {
805                 printk(KERN_WARNING "%s(): hash_final failed\n", __FUNCTION__);
806                 goto clear_hash;
807         }
808
809         /* Reset header, and free up the crypto */
810         tcp_put_md5sig_pool();
811         th->check = cksum;
812 out:
813         return 0;
814 clear_hash:
815         tcp_put_md5sig_pool();
816 clear_hash_noput:
817         memset(md5_hash, 0, 16);
818         goto out;
819 }
820
821 static int tcp_v6_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
822                                 struct sock *sk,
823                                 struct dst_entry *dst,
824                                 struct request_sock *req,
825                                 struct tcphdr *th, int protocol,
826                                 int tcplen)
827 {
828         struct in6_addr *saddr, *daddr;
829
830         if (sk) {
831                 saddr = &inet6_sk(sk)->saddr;
832                 daddr = &inet6_sk(sk)->daddr;
833         } else {
834                 saddr = &inet6_rsk(req)->loc_addr;
835                 daddr = &inet6_rsk(req)->rmt_addr;
836         }
837         return tcp_v6_do_calc_md5_hash(md5_hash, key,
838                                        saddr, daddr,
839                                        th, protocol, tcplen);
840 }
841
842 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
843 {
844         __u8 *hash_location = NULL;
845         struct tcp_md5sig_key *hash_expected;
846         struct ipv6hdr *ip6h = ipv6_hdr(skb);
847         struct tcphdr *th = tcp_hdr(skb);
848         int length = (th->doff << 2) - sizeof (*th);
849         int genhash;
850         u8 *ptr;
851         u8 newhash[16];
852
853         hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
854
855         /* If the TCP option is too short, we can short cut */
856         if (length < TCPOLEN_MD5SIG)
857                 return hash_expected ? 1 : 0;
858
859         /* parse options */
860         ptr = (u8*)(th + 1);
861         while (length > 0) {
862                 int opcode = *ptr++;
863                 int opsize;
864
865                 switch(opcode) {
866                 case TCPOPT_EOL:
867                         goto done_opts;
868                 case TCPOPT_NOP:
869                         length--;
870                         continue;
871                 default:
872                         opsize = *ptr++;
873                         if (opsize < 2 || opsize > length)
874                                 goto done_opts;
875                         if (opcode == TCPOPT_MD5SIG) {
876                                 hash_location = ptr;
877                                 goto done_opts;
878                         }
879                 }
880                 ptr += opsize - 2;
881                 length -= opsize;
882         }
883
884 done_opts:
885         /* do we have a hash as expected? */
886         if (!hash_expected) {
887                 if (!hash_location)
888                         return 0;
889                 if (net_ratelimit()) {
890                         printk(KERN_INFO "MD5 Hash NOT expected but found "
891                                "(" NIP6_FMT ", %u)->"
892                                "(" NIP6_FMT ", %u)\n",
893                                NIP6(ip6h->saddr), ntohs(th->source),
894                                NIP6(ip6h->daddr), ntohs(th->dest));
895                 }
896                 return 1;
897         }
898
899         if (!hash_location) {
900                 if (net_ratelimit()) {
901                         printk(KERN_INFO "MD5 Hash expected but NOT found "
902                                "(" NIP6_FMT ", %u)->"
903                                "(" NIP6_FMT ", %u)\n",
904                                NIP6(ip6h->saddr), ntohs(th->source),
905                                NIP6(ip6h->daddr), ntohs(th->dest));
906                 }
907                 return 1;
908         }
909
910         /* check the signature */
911         genhash = tcp_v6_do_calc_md5_hash(newhash,
912                                           hash_expected,
913                                           &ip6h->saddr, &ip6h->daddr,
914                                           th, sk->sk_protocol,
915                                           skb->len);
916         if (genhash || memcmp(hash_location, newhash, 16) != 0) {
917                 if (net_ratelimit()) {
918                         printk(KERN_INFO "MD5 Hash %s for "
919                                "(" NIP6_FMT ", %u)->"
920                                "(" NIP6_FMT ", %u)\n",
921                                genhash ? "failed" : "mismatch",
922                                NIP6(ip6h->saddr), ntohs(th->source),
923                                NIP6(ip6h->daddr), ntohs(th->dest));
924                 }
925                 return 1;
926         }
927         return 0;
928 }
929 #endif
930
931 static struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
932         .family         =       AF_INET6,
933         .obj_size       =       sizeof(struct tcp6_request_sock),
934         .rtx_syn_ack    =       tcp_v6_send_synack,
935         .send_ack       =       tcp_v6_reqsk_send_ack,
936         .destructor     =       tcp_v6_reqsk_destructor,
937         .send_reset     =       tcp_v6_send_reset
938 };
939
940 #ifdef CONFIG_TCP_MD5SIG
941 static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
942         .md5_lookup     =       tcp_v6_reqsk_md5_lookup,
943 };
944 #endif
945
946 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
947         .twsk_obj_size  = sizeof(struct tcp6_timewait_sock),
948         .twsk_unique    = tcp_twsk_unique,
949         .twsk_destructor= tcp_twsk_destructor,
950 };
951
952 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb)
953 {
954         struct ipv6_pinfo *np = inet6_sk(sk);
955         struct tcphdr *th = tcp_hdr(skb);
956
957         if (skb->ip_summed == CHECKSUM_PARTIAL) {
958                 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,  0);
959                 skb->csum_start = skb_transport_header(skb) - skb->head;
960                 skb->csum_offset = offsetof(struct tcphdr, check);
961         } else {
962                 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,
963                                             csum_partial((char *)th, th->doff<<2,
964                                                          skb->csum));
965         }
966 }
967
968 static int tcp_v6_gso_send_check(struct sk_buff *skb)
969 {
970         struct ipv6hdr *ipv6h;
971         struct tcphdr *th;
972
973         if (!pskb_may_pull(skb, sizeof(*th)))
974                 return -EINVAL;
975
976         ipv6h = ipv6_hdr(skb);
977         th = tcp_hdr(skb);
978
979         th->check = 0;
980         th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len,
981                                      IPPROTO_TCP, 0);
982         skb->csum_start = skb_transport_header(skb) - skb->head;
983         skb->csum_offset = offsetof(struct tcphdr, check);
984         skb->ip_summed = CHECKSUM_PARTIAL;
985         return 0;
986 }
987
988 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
989 {
990         struct tcphdr *th = tcp_hdr(skb), *t1;
991         struct sk_buff *buff;
992         struct flowi fl;
993         int tot_len = sizeof(*th);
994 #ifdef CONFIG_TCP_MD5SIG
995         struct tcp_md5sig_key *key;
996 #endif
997
998         if (th->rst)
999                 return;
1000
1001         if (!ipv6_unicast_destination(skb))
1002                 return;
1003
1004 #ifdef CONFIG_TCP_MD5SIG
1005         if (sk)
1006                 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr);
1007         else
1008                 key = NULL;
1009
1010         if (key)
1011                 tot_len += TCPOLEN_MD5SIG_ALIGNED;
1012 #endif
1013
1014         /*
1015          * We need to grab some memory, and put together an RST,
1016          * and then put it into the queue to be sent.
1017          */
1018
1019         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1020                          GFP_ATOMIC);
1021         if (buff == NULL)
1022                 return;
1023
1024         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1025
1026         t1 = (struct tcphdr *) skb_push(buff, tot_len);
1027
1028         /* Swap the send and the receive. */
1029         memset(t1, 0, sizeof(*t1));
1030         t1->dest = th->source;
1031         t1->source = th->dest;
1032         t1->doff = tot_len / 4;
1033         t1->rst = 1;
1034
1035         if(th->ack) {
1036                 t1->seq = th->ack_seq;
1037         } else {
1038                 t1->ack = 1;
1039                 t1->ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin
1040                                     + skb->len - (th->doff<<2));
1041         }
1042
1043 #ifdef CONFIG_TCP_MD5SIG
1044         if (key) {
1045                 __be32 *opt = (__be32*)(t1 + 1);
1046                 opt[0] = htonl((TCPOPT_NOP << 24) |
1047                                (TCPOPT_NOP << 16) |
1048                                (TCPOPT_MD5SIG << 8) |
1049                                TCPOLEN_MD5SIG);
1050                 tcp_v6_do_calc_md5_hash((__u8 *)&opt[1], key,
1051                                         &ipv6_hdr(skb)->daddr,
1052                                         &ipv6_hdr(skb)->saddr,
1053                                         t1, IPPROTO_TCP, tot_len);
1054         }
1055 #endif
1056
1057         buff->csum = csum_partial((char *)t1, sizeof(*t1), 0);
1058
1059         memset(&fl, 0, sizeof(fl));
1060         ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1061         ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr);
1062
1063         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1064                                     sizeof(*t1), IPPROTO_TCP,
1065                                     buff->csum);
1066
1067         fl.proto = IPPROTO_TCP;
1068         fl.oif = inet6_iif(skb);
1069         fl.fl_ip_dport = t1->dest;
1070         fl.fl_ip_sport = t1->source;
1071         security_skb_classify_flow(skb, &fl);
1072
1073         /* sk = NULL, but it is safe for now. RST socket required. */
1074         if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
1075
1076                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1077                         ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
1078                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1079                         TCP_INC_STATS_BH(TCP_MIB_OUTRSTS);
1080                         return;
1081                 }
1082         }
1083
1084         kfree_skb(buff);
1085 }
1086
1087 static void tcp_v6_send_ack(struct tcp_timewait_sock *tw,
1088                             struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts)
1089 {
1090         struct tcphdr *th = tcp_hdr(skb), *t1;
1091         struct sk_buff *buff;
1092         struct flowi fl;
1093         int tot_len = sizeof(struct tcphdr);
1094         __be32 *topt;
1095 #ifdef CONFIG_TCP_MD5SIG
1096         struct tcp_md5sig_key *key;
1097         struct tcp_md5sig_key tw_key;
1098 #endif
1099
1100 #ifdef CONFIG_TCP_MD5SIG
1101         if (!tw && skb->sk) {
1102                 key = tcp_v6_md5_do_lookup(skb->sk, &ipv6_hdr(skb)->daddr);
1103         } else if (tw && tw->tw_md5_keylen) {
1104                 tw_key.key = tw->tw_md5_key;
1105                 tw_key.keylen = tw->tw_md5_keylen;
1106                 key = &tw_key;
1107         } else {
1108                 key = NULL;
1109         }
1110 #endif
1111
1112         if (ts)
1113                 tot_len += TCPOLEN_TSTAMP_ALIGNED;
1114 #ifdef CONFIG_TCP_MD5SIG
1115         if (key)
1116                 tot_len += TCPOLEN_MD5SIG_ALIGNED;
1117 #endif
1118
1119         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1120                          GFP_ATOMIC);
1121         if (buff == NULL)
1122                 return;
1123
1124         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1125
1126         t1 = (struct tcphdr *) skb_push(buff,tot_len);
1127
1128         /* Swap the send and the receive. */
1129         memset(t1, 0, sizeof(*t1));
1130         t1->dest = th->source;
1131         t1->source = th->dest;
1132         t1->doff = tot_len/4;
1133         t1->seq = htonl(seq);
1134         t1->ack_seq = htonl(ack);
1135         t1->ack = 1;
1136         t1->window = htons(win);
1137
1138         topt = (__be32 *)(t1 + 1);
1139
1140         if (ts) {
1141                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1142                                 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
1143                 *topt++ = htonl(tcp_time_stamp);
1144                 *topt = htonl(ts);
1145         }
1146
1147 #ifdef CONFIG_TCP_MD5SIG
1148         if (key) {
1149                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1150                                 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1151                 tcp_v6_do_calc_md5_hash((__u8 *)topt, key,
1152                                         &ipv6_hdr(skb)->daddr,
1153                                         &ipv6_hdr(skb)->saddr,
1154                                         t1, IPPROTO_TCP, tot_len);
1155         }
1156 #endif
1157
1158         buff->csum = csum_partial((char *)t1, tot_len, 0);
1159
1160         memset(&fl, 0, sizeof(fl));
1161         ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1162         ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr);
1163
1164         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1165                                     tot_len, IPPROTO_TCP,
1166                                     buff->csum);
1167
1168         fl.proto = IPPROTO_TCP;
1169         fl.oif = inet6_iif(skb);
1170         fl.fl_ip_dport = t1->dest;
1171         fl.fl_ip_sport = t1->source;
1172         security_skb_classify_flow(skb, &fl);
1173
1174         if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
1175                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1176                         ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
1177                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1178                         return;
1179                 }
1180         }
1181
1182         kfree_skb(buff);
1183 }
1184
1185 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1186 {
1187         struct inet_timewait_sock *tw = inet_twsk(sk);
1188         struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1189
1190         tcp_v6_send_ack(tcptw, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1191                         tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1192                         tcptw->tw_ts_recent);
1193
1194         inet_twsk_put(tw);
1195 }
1196
1197 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req)
1198 {
1199         tcp_v6_send_ack(NULL, skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent);
1200 }
1201
1202
1203 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1204 {
1205         struct request_sock *req, **prev;
1206         const struct tcphdr *th = tcp_hdr(skb);
1207         struct sock *nsk;
1208
1209         /* Find possible connection requests. */
1210         req = inet6_csk_search_req(sk, &prev, th->source,
1211                                    &ipv6_hdr(skb)->saddr,
1212                                    &ipv6_hdr(skb)->daddr, inet6_iif(skb));
1213         if (req)
1214                 return tcp_check_req(sk, skb, req, prev);
1215
1216         nsk = __inet6_lookup_established(&tcp_hashinfo, &ipv6_hdr(skb)->saddr,
1217                                          th->source, &ipv6_hdr(skb)->daddr,
1218                                          ntohs(th->dest), inet6_iif(skb));
1219
1220         if (nsk) {
1221                 if (nsk->sk_state != TCP_TIME_WAIT) {
1222                         bh_lock_sock(nsk);
1223                         return nsk;
1224                 }
1225                 inet_twsk_put(inet_twsk(nsk));
1226                 return NULL;
1227         }
1228
1229 #if 0 /*def CONFIG_SYN_COOKIES*/
1230         if (!th->rst && !th->syn && th->ack)
1231                 sk = cookie_v6_check(sk, skb, &(IPCB(skb)->opt));
1232 #endif
1233         return sk;
1234 }
1235
1236 /* FIXME: this is substantially similar to the ipv4 code.
1237  * Can some kind of merge be done? -- erics
1238  */
1239 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1240 {
1241         struct inet6_request_sock *treq;
1242         struct ipv6_pinfo *np = inet6_sk(sk);
1243         struct tcp_options_received tmp_opt;
1244         struct tcp_sock *tp = tcp_sk(sk);
1245         struct request_sock *req = NULL;
1246         __u32 isn = TCP_SKB_CB(skb)->when;
1247
1248         if (skb->protocol == htons(ETH_P_IP))
1249                 return tcp_v4_conn_request(sk, skb);
1250
1251         if (!ipv6_unicast_destination(skb))
1252                 goto drop;
1253
1254         /*
1255          *      There are no SYN attacks on IPv6, yet...
1256          */
1257         if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1258                 if (net_ratelimit())
1259                         printk(KERN_INFO "TCPv6: dropping request, synflood is possible\n");
1260                 goto drop;
1261         }
1262
1263         if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1264                 goto drop;
1265
1266         req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
1267         if (req == NULL)
1268                 goto drop;
1269
1270 #ifdef CONFIG_TCP_MD5SIG
1271         tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
1272 #endif
1273
1274         tcp_clear_options(&tmp_opt);
1275         tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1276         tmp_opt.user_mss = tp->rx_opt.user_mss;
1277
1278         tcp_parse_options(skb, &tmp_opt, 0);
1279
1280         tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1281         tcp_openreq_init(req, &tmp_opt, skb);
1282
1283         treq = inet6_rsk(req);
1284         ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr);
1285         ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr);
1286         TCP_ECN_create_request(req, tcp_hdr(skb));
1287         treq->pktopts = NULL;
1288         if (ipv6_opt_accepted(sk, skb) ||
1289             np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1290             np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1291                 atomic_inc(&skb->users);
1292                 treq->pktopts = skb;
1293         }
1294         treq->iif = sk->sk_bound_dev_if;
1295
1296         /* So that link locals have meaning */
1297         if (!sk->sk_bound_dev_if &&
1298             ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1299                 treq->iif = inet6_iif(skb);
1300
1301         if (isn == 0)
1302                 isn = tcp_v6_init_sequence(skb);
1303
1304         tcp_rsk(req)->snt_isn = isn;
1305
1306         security_inet_conn_request(sk, skb, req);
1307
1308         if (tcp_v6_send_synack(sk, req, NULL))
1309                 goto drop;
1310
1311         inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1312         return 0;
1313
1314 drop:
1315         if (req)
1316                 reqsk_free(req);
1317
1318         return 0; /* don't send reset */
1319 }
1320
1321 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1322                                           struct request_sock *req,
1323                                           struct dst_entry *dst)
1324 {
1325         struct inet6_request_sock *treq = inet6_rsk(req);
1326         struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1327         struct tcp6_sock *newtcp6sk;
1328         struct inet_sock *newinet;
1329         struct tcp_sock *newtp;
1330         struct sock *newsk;
1331         struct ipv6_txoptions *opt;
1332 #ifdef CONFIG_TCP_MD5SIG
1333         struct tcp_md5sig_key *key;
1334 #endif
1335
1336         if (skb->protocol == htons(ETH_P_IP)) {
1337                 /*
1338                  *      v6 mapped
1339                  */
1340
1341                 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1342
1343                 if (newsk == NULL)
1344                         return NULL;
1345
1346                 newtcp6sk = (struct tcp6_sock *)newsk;
1347                 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1348
1349                 newinet = inet_sk(newsk);
1350                 newnp = inet6_sk(newsk);
1351                 newtp = tcp_sk(newsk);
1352
1353                 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1354
1355                 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF),
1356                               newinet->daddr);
1357
1358                 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF),
1359                               newinet->saddr);
1360
1361                 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1362
1363                 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1364                 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1365 #ifdef CONFIG_TCP_MD5SIG
1366                 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1367 #endif
1368
1369                 newnp->pktoptions  = NULL;
1370                 newnp->opt         = NULL;
1371                 newnp->mcast_oif   = inet6_iif(skb);
1372                 newnp->mcast_hops  = ipv6_hdr(skb)->hop_limit;
1373
1374                 /*
1375                  * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1376                  * here, tcp_create_openreq_child now does this for us, see the comment in
1377                  * that function for the gory details. -acme
1378                  */
1379
1380                 /* It is tricky place. Until this moment IPv4 tcp
1381                    worked with IPv6 icsk.icsk_af_ops.
1382                    Sync it now.
1383                  */
1384                 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1385
1386                 return newsk;
1387         }
1388
1389         opt = np->opt;
1390
1391         if (sk_acceptq_is_full(sk))
1392                 goto out_overflow;
1393
1394         if (np->rxopt.bits.osrcrt == 2 &&
1395             opt == NULL && treq->pktopts) {
1396                 struct inet6_skb_parm *rxopt = IP6CB(treq->pktopts);
1397                 if (rxopt->srcrt)
1398                         opt = ipv6_invert_rthdr(sk,
1399                    (struct ipv6_rt_hdr *)(skb_network_header(treq->pktopts) +
1400                                           rxopt->srcrt));
1401         }
1402
1403         if (dst == NULL) {
1404                 struct in6_addr *final_p = NULL, final;
1405                 struct flowi fl;
1406
1407                 memset(&fl, 0, sizeof(fl));
1408                 fl.proto = IPPROTO_TCP;
1409                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
1410                 if (opt && opt->srcrt) {
1411                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
1412                         ipv6_addr_copy(&final, &fl.fl6_dst);
1413                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1414                         final_p = &final;
1415                 }
1416                 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
1417                 fl.oif = sk->sk_bound_dev_if;
1418                 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
1419                 fl.fl_ip_sport = inet_sk(sk)->sport;
1420                 security_req_classify_flow(req, &fl);
1421
1422                 if (ip6_dst_lookup(sk, &dst, &fl))
1423                         goto out;
1424
1425                 if (final_p)
1426                         ipv6_addr_copy(&fl.fl6_dst, final_p);
1427
1428                 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
1429                         goto out;
1430         }
1431
1432         newsk = tcp_create_openreq_child(sk, req, skb);
1433         if (newsk == NULL)
1434                 goto out;
1435
1436         /*
1437          * No need to charge this sock to the relevant IPv6 refcnt debug socks
1438          * count here, tcp_create_openreq_child now does this for us, see the
1439          * comment in that function for the gory details. -acme
1440          */
1441
1442         newsk->sk_gso_type = SKB_GSO_TCPV6;
1443         __ip6_dst_store(newsk, dst, NULL, NULL);
1444
1445         newtcp6sk = (struct tcp6_sock *)newsk;
1446         inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1447
1448         newtp = tcp_sk(newsk);
1449         newinet = inet_sk(newsk);
1450         newnp = inet6_sk(newsk);
1451
1452         memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1453
1454         ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1455         ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1456         ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1457         newsk->sk_bound_dev_if = treq->iif;
1458
1459         /* Now IPv6 options...
1460
1461            First: no IPv4 options.
1462          */
1463         newinet->opt = NULL;
1464         newnp->ipv6_fl_list = NULL;
1465
1466         /* Clone RX bits */
1467         newnp->rxopt.all = np->rxopt.all;
1468
1469         /* Clone pktoptions received with SYN */
1470         newnp->pktoptions = NULL;
1471         if (treq->pktopts != NULL) {
1472                 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1473                 kfree_skb(treq->pktopts);
1474                 treq->pktopts = NULL;
1475                 if (newnp->pktoptions)
1476                         skb_set_owner_r(newnp->pktoptions, newsk);
1477         }
1478         newnp->opt        = NULL;
1479         newnp->mcast_oif  = inet6_iif(skb);
1480         newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1481
1482         /* Clone native IPv6 options from listening socket (if any)
1483
1484            Yes, keeping reference count would be much more clever,
1485            but we make one more one thing there: reattach optmem
1486            to newsk.
1487          */
1488         if (opt) {
1489                 newnp->opt = ipv6_dup_options(newsk, opt);
1490                 if (opt != np->opt)
1491                         sock_kfree_s(sk, opt, opt->tot_len);
1492         }
1493
1494         inet_csk(newsk)->icsk_ext_hdr_len = 0;
1495         if (newnp->opt)
1496                 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1497                                                      newnp->opt->opt_flen);
1498
1499         tcp_mtup_init(newsk);
1500         tcp_sync_mss(newsk, dst_mtu(dst));
1501         newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1502         tcp_initialize_rcv_mss(newsk);
1503
1504         newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
1505
1506 #ifdef CONFIG_TCP_MD5SIG
1507         /* Copy over the MD5 key from the original socket */
1508         if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
1509                 /* We're using one, so create a matching key
1510                  * on the newsk structure. If we fail to get
1511                  * memory, then we end up not copying the key
1512                  * across. Shucks.
1513                  */
1514                 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1515                 if (newkey != NULL)
1516                         tcp_v6_md5_do_add(newsk, &inet6_sk(sk)->daddr,
1517                                           newkey, key->keylen);
1518         }
1519 #endif
1520
1521         __inet6_hash(&tcp_hashinfo, newsk);
1522         inet_inherit_port(&tcp_hashinfo, sk, newsk);
1523
1524         return newsk;
1525
1526 out_overflow:
1527         NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
1528 out:
1529         NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
1530         if (opt && opt != np->opt)
1531                 sock_kfree_s(sk, opt, opt->tot_len);
1532         dst_release(dst);
1533         return NULL;
1534 }
1535
1536 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1537 {
1538         if (skb->ip_summed == CHECKSUM_COMPLETE) {
1539                 if (!tcp_v6_check(tcp_hdr(skb), skb->len, &ipv6_hdr(skb)->saddr,
1540                                   &ipv6_hdr(skb)->daddr, skb->csum)) {
1541                         skb->ip_summed = CHECKSUM_UNNECESSARY;
1542                         return 0;
1543                 }
1544         }
1545
1546         skb->csum = ~csum_unfold(tcp_v6_check(tcp_hdr(skb), skb->len,
1547                                               &ipv6_hdr(skb)->saddr,
1548                                               &ipv6_hdr(skb)->daddr, 0));
1549
1550         if (skb->len <= 76) {
1551                 return __skb_checksum_complete(skb);
1552         }
1553         return 0;
1554 }
1555
1556 /* The socket must have it's spinlock held when we get
1557  * here.
1558  *
1559  * We have a potential double-lock case here, so even when
1560  * doing backlog processing we use the BH locking scheme.
1561  * This is because we cannot sleep with the original spinlock
1562  * held.
1563  */
1564 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1565 {
1566         struct ipv6_pinfo *np = inet6_sk(sk);
1567         struct tcp_sock *tp;
1568         struct sk_buff *opt_skb = NULL;
1569
1570         /* Imagine: socket is IPv6. IPv4 packet arrives,
1571            goes to IPv4 receive handler and backlogged.
1572            From backlog it always goes here. Kerboom...
1573            Fortunately, tcp_rcv_established and rcv_established
1574            handle them correctly, but it is not case with
1575            tcp_v6_hnd_req and tcp_v6_send_reset().   --ANK
1576          */
1577
1578         if (skb->protocol == htons(ETH_P_IP))
1579                 return tcp_v4_do_rcv(sk, skb);
1580
1581 #ifdef CONFIG_TCP_MD5SIG
1582         if (tcp_v6_inbound_md5_hash (sk, skb))
1583                 goto discard;
1584 #endif
1585
1586         if (sk_filter(sk, skb))
1587                 goto discard;
1588
1589         /*
1590          *      socket locking is here for SMP purposes as backlog rcv
1591          *      is currently called with bh processing disabled.
1592          */
1593
1594         /* Do Stevens' IPV6_PKTOPTIONS.
1595
1596            Yes, guys, it is the only place in our code, where we
1597            may make it not affecting IPv4.
1598            The rest of code is protocol independent,
1599            and I do not like idea to uglify IPv4.
1600
1601            Actually, all the idea behind IPV6_PKTOPTIONS
1602            looks not very well thought. For now we latch
1603            options, received in the last packet, enqueued
1604            by tcp. Feel free to propose better solution.
1605                                                --ANK (980728)
1606          */
1607         if (np->rxopt.all)
1608                 opt_skb = skb_clone(skb, GFP_ATOMIC);
1609
1610         if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1611                 TCP_CHECK_TIMER(sk);
1612                 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len))
1613                         goto reset;
1614                 TCP_CHECK_TIMER(sk);
1615                 if (opt_skb)
1616                         goto ipv6_pktoptions;
1617                 return 0;
1618         }
1619
1620         if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1621                 goto csum_err;
1622
1623         if (sk->sk_state == TCP_LISTEN) {
1624                 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1625                 if (!nsk)
1626                         goto discard;
1627
1628                 /*
1629                  * Queue it on the new socket if the new socket is active,
1630                  * otherwise we just shortcircuit this and continue with
1631                  * the new socket..
1632                  */
1633                 if(nsk != sk) {
1634                         if (tcp_child_process(sk, nsk, skb))
1635                                 goto reset;
1636                         if (opt_skb)
1637                                 __kfree_skb(opt_skb);
1638                         return 0;
1639                 }
1640         }
1641
1642         TCP_CHECK_TIMER(sk);
1643         if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1644                 goto reset;
1645         TCP_CHECK_TIMER(sk);
1646         if (opt_skb)
1647                 goto ipv6_pktoptions;
1648         return 0;
1649
1650 reset:
1651         tcp_v6_send_reset(sk, skb);
1652 discard:
1653         if (opt_skb)
1654                 __kfree_skb(opt_skb);
1655         kfree_skb(skb);
1656         return 0;
1657 csum_err:
1658         TCP_INC_STATS_BH(TCP_MIB_INERRS);
1659         goto discard;
1660
1661
1662 ipv6_pktoptions:
1663         /* Do you ask, what is it?
1664
1665            1. skb was enqueued by tcp.
1666            2. skb is added to tail of read queue, rather than out of order.
1667            3. socket is not in passive state.
1668            4. Finally, it really contains options, which user wants to receive.
1669          */
1670         tp = tcp_sk(sk);
1671         if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1672             !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1673                 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1674                         np->mcast_oif = inet6_iif(opt_skb);
1675                 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1676                         np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1677                 if (ipv6_opt_accepted(sk, opt_skb)) {
1678                         skb_set_owner_r(opt_skb, sk);
1679                         opt_skb = xchg(&np->pktoptions, opt_skb);
1680                 } else {
1681                         __kfree_skb(opt_skb);
1682                         opt_skb = xchg(&np->pktoptions, NULL);
1683                 }
1684         }
1685
1686         if (opt_skb)
1687                 kfree_skb(opt_skb);
1688         return 0;
1689 }
1690
1691 static int tcp_v6_rcv(struct sk_buff **pskb)
1692 {
1693         struct sk_buff *skb = *pskb;
1694         struct tcphdr *th;
1695         struct sock *sk;
1696         int ret;
1697
1698         if (skb->pkt_type != PACKET_HOST)
1699                 goto discard_it;
1700
1701         /*
1702          *      Count it even if it's bad.
1703          */
1704         TCP_INC_STATS_BH(TCP_MIB_INSEGS);
1705
1706         if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1707                 goto discard_it;
1708
1709         th = tcp_hdr(skb);
1710
1711         if (th->doff < sizeof(struct tcphdr)/4)
1712                 goto bad_packet;
1713         if (!pskb_may_pull(skb, th->doff*4))
1714                 goto discard_it;
1715
1716         if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb))
1717                 goto bad_packet;
1718
1719         th = tcp_hdr(skb);
1720         TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1721         TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1722                                     skb->len - th->doff*4);
1723         TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1724         TCP_SKB_CB(skb)->when = 0;
1725         TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb));
1726         TCP_SKB_CB(skb)->sacked = 0;
1727
1728         sk = __inet6_lookup(&tcp_hashinfo, &ipv6_hdr(skb)->saddr, th->source,
1729                             &ipv6_hdr(skb)->daddr, ntohs(th->dest),
1730                             inet6_iif(skb));
1731
1732         if (!sk)
1733                 goto no_tcp_socket;
1734
1735 process:
1736         if (sk->sk_state == TCP_TIME_WAIT)
1737                 goto do_time_wait;
1738
1739         if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1740                 goto discard_and_relse;
1741
1742         if (sk_filter(sk, skb))
1743                 goto discard_and_relse;
1744
1745         skb->dev = NULL;
1746
1747         bh_lock_sock_nested(sk);
1748         ret = 0;
1749         if (!sock_owned_by_user(sk)) {
1750 #ifdef CONFIG_NET_DMA
1751                 struct tcp_sock *tp = tcp_sk(sk);
1752                 if (tp->ucopy.dma_chan)
1753                         ret = tcp_v6_do_rcv(sk, skb);
1754                 else
1755 #endif
1756                 {
1757                         if (!tcp_prequeue(sk, skb))
1758                                 ret = tcp_v6_do_rcv(sk, skb);
1759                 }
1760         } else
1761                 sk_add_backlog(sk, skb);
1762         bh_unlock_sock(sk);
1763
1764         sock_put(sk);
1765         return ret ? -1 : 0;
1766
1767 no_tcp_socket:
1768         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1769                 goto discard_it;
1770
1771         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1772 bad_packet:
1773                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1774         } else {
1775                 tcp_v6_send_reset(NULL, skb);
1776         }
1777
1778 discard_it:
1779
1780         /*
1781          *      Discard frame
1782          */
1783
1784         kfree_skb(skb);
1785         return 0;
1786
1787 discard_and_relse:
1788         sock_put(sk);
1789         goto discard_it;
1790
1791 do_time_wait:
1792         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1793                 inet_twsk_put(inet_twsk(sk));
1794                 goto discard_it;
1795         }
1796
1797         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1798                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1799                 inet_twsk_put(inet_twsk(sk));
1800                 goto discard_it;
1801         }
1802
1803         switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1804         case TCP_TW_SYN:
1805         {
1806                 struct sock *sk2;
1807
1808                 sk2 = inet6_lookup_listener(&tcp_hashinfo,
1809                                             &ipv6_hdr(skb)->daddr,
1810                                             ntohs(th->dest), inet6_iif(skb));
1811                 if (sk2 != NULL) {
1812                         struct inet_timewait_sock *tw = inet_twsk(sk);
1813                         inet_twsk_deschedule(tw, &tcp_death_row);
1814                         inet_twsk_put(tw);
1815                         sk = sk2;
1816                         goto process;
1817                 }
1818                 /* Fall through to ACK */
1819         }
1820         case TCP_TW_ACK:
1821                 tcp_v6_timewait_ack(sk, skb);
1822                 break;
1823         case TCP_TW_RST:
1824                 goto no_tcp_socket;
1825         case TCP_TW_SUCCESS:;
1826         }
1827         goto discard_it;
1828 }
1829
1830 static int tcp_v6_remember_stamp(struct sock *sk)
1831 {
1832         /* Alas, not yet... */
1833         return 0;
1834 }
1835
1836 static struct inet_connection_sock_af_ops ipv6_specific = {
1837         .queue_xmit        = inet6_csk_xmit,
1838         .send_check        = tcp_v6_send_check,
1839         .rebuild_header    = inet6_sk_rebuild_header,
1840         .conn_request      = tcp_v6_conn_request,
1841         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1842         .remember_stamp    = tcp_v6_remember_stamp,
1843         .net_header_len    = sizeof(struct ipv6hdr),
1844         .setsockopt        = ipv6_setsockopt,
1845         .getsockopt        = ipv6_getsockopt,
1846         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1847         .sockaddr_len      = sizeof(struct sockaddr_in6),
1848 #ifdef CONFIG_COMPAT
1849         .compat_setsockopt = compat_ipv6_setsockopt,
1850         .compat_getsockopt = compat_ipv6_getsockopt,
1851 #endif
1852 };
1853
1854 #ifdef CONFIG_TCP_MD5SIG
1855 static struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1856         .md5_lookup     =       tcp_v6_md5_lookup,
1857         .calc_md5_hash  =       tcp_v6_calc_md5_hash,
1858         .md5_add        =       tcp_v6_md5_add_func,
1859         .md5_parse      =       tcp_v6_parse_md5_keys,
1860 };
1861 #endif
1862
1863 /*
1864  *      TCP over IPv4 via INET6 API
1865  */
1866
1867 static struct inet_connection_sock_af_ops ipv6_mapped = {
1868         .queue_xmit        = ip_queue_xmit,
1869         .send_check        = tcp_v4_send_check,
1870         .rebuild_header    = inet_sk_rebuild_header,
1871         .conn_request      = tcp_v6_conn_request,
1872         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1873         .remember_stamp    = tcp_v4_remember_stamp,
1874         .net_header_len    = sizeof(struct iphdr),
1875         .setsockopt        = ipv6_setsockopt,
1876         .getsockopt        = ipv6_getsockopt,
1877         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1878         .sockaddr_len      = sizeof(struct sockaddr_in6),
1879 #ifdef CONFIG_COMPAT
1880         .compat_setsockopt = compat_ipv6_setsockopt,
1881         .compat_getsockopt = compat_ipv6_getsockopt,
1882 #endif
1883 };
1884
1885 #ifdef CONFIG_TCP_MD5SIG
1886 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1887         .md5_lookup     =       tcp_v4_md5_lookup,
1888         .calc_md5_hash  =       tcp_v4_calc_md5_hash,
1889         .md5_add        =       tcp_v6_md5_add_func,
1890         .md5_parse      =       tcp_v6_parse_md5_keys,
1891 };
1892 #endif
1893
1894 /* NOTE: A lot of things set to zero explicitly by call to
1895  *       sk_alloc() so need not be done here.
1896  */
1897 static int tcp_v6_init_sock(struct sock *sk)
1898 {
1899         struct inet_connection_sock *icsk = inet_csk(sk);
1900         struct tcp_sock *tp = tcp_sk(sk);
1901
1902         skb_queue_head_init(&tp->out_of_order_queue);
1903         tcp_init_xmit_timers(sk);
1904         tcp_prequeue_init(tp);
1905
1906         icsk->icsk_rto = TCP_TIMEOUT_INIT;
1907         tp->mdev = TCP_TIMEOUT_INIT;
1908
1909         /* So many TCP implementations out there (incorrectly) count the
1910          * initial SYN frame in their delayed-ACK and congestion control
1911          * algorithms that we must have the following bandaid to talk
1912          * efficiently to them.  -DaveM
1913          */
1914         tp->snd_cwnd = 2;
1915
1916         /* See draft-stevens-tcpca-spec-01 for discussion of the
1917          * initialization of these values.
1918          */
1919         tp->snd_ssthresh = 0x7fffffff;
1920         tp->snd_cwnd_clamp = ~0;
1921         tp->mss_cache = 536;
1922
1923         tp->reordering = sysctl_tcp_reordering;
1924
1925         sk->sk_state = TCP_CLOSE;
1926
1927         icsk->icsk_af_ops = &ipv6_specific;
1928         icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1929         icsk->icsk_sync_mss = tcp_sync_mss;
1930         sk->sk_write_space = sk_stream_write_space;
1931         sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1932
1933 #ifdef CONFIG_TCP_MD5SIG
1934         tp->af_specific = &tcp_sock_ipv6_specific;
1935 #endif
1936
1937         sk->sk_sndbuf = sysctl_tcp_wmem[1];
1938         sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1939
1940         atomic_inc(&tcp_sockets_allocated);
1941
1942         return 0;
1943 }
1944
1945 static int tcp_v6_destroy_sock(struct sock *sk)
1946 {
1947 #ifdef CONFIG_TCP_MD5SIG
1948         /* Clean up the MD5 key list */
1949         if (tcp_sk(sk)->md5sig_info)
1950                 tcp_v6_clear_md5_list(sk);
1951 #endif
1952         tcp_v4_destroy_sock(sk);
1953         return inet6_destroy_sock(sk);
1954 }
1955
1956 #ifdef CONFIG_PROC_FS
1957 /* Proc filesystem TCPv6 sock list dumping. */
1958 static void get_openreq6(struct seq_file *seq,
1959                          struct sock *sk, struct request_sock *req, int i, int uid)
1960 {
1961         int ttd = req->expires - jiffies;
1962         struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1963         struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1964
1965         if (ttd < 0)
1966                 ttd = 0;
1967
1968         seq_printf(seq,
1969                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1970                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1971                    i,
1972                    src->s6_addr32[0], src->s6_addr32[1],
1973                    src->s6_addr32[2], src->s6_addr32[3],
1974                    ntohs(inet_sk(sk)->sport),
1975                    dest->s6_addr32[0], dest->s6_addr32[1],
1976                    dest->s6_addr32[2], dest->s6_addr32[3],
1977                    ntohs(inet_rsk(req)->rmt_port),
1978                    TCP_SYN_RECV,
1979                    0,0, /* could print option size, but that is af dependent. */
1980                    1,   /* timers active (only the expire timer) */
1981                    jiffies_to_clock_t(ttd),
1982                    req->retrans,
1983                    uid,
1984                    0,  /* non standard timer */
1985                    0, /* open_requests have no inode */
1986                    0, req);
1987 }
1988
1989 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1990 {
1991         struct in6_addr *dest, *src;
1992         __u16 destp, srcp;
1993         int timer_active;
1994         unsigned long timer_expires;
1995         struct inet_sock *inet = inet_sk(sp);
1996         struct tcp_sock *tp = tcp_sk(sp);
1997         const struct inet_connection_sock *icsk = inet_csk(sp);
1998         struct ipv6_pinfo *np = inet6_sk(sp);
1999
2000         dest  = &np->daddr;
2001         src   = &np->rcv_saddr;
2002         destp = ntohs(inet->dport);
2003         srcp  = ntohs(inet->sport);
2004
2005         if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
2006                 timer_active    = 1;
2007                 timer_expires   = icsk->icsk_timeout;
2008         } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2009                 timer_active    = 4;
2010                 timer_expires   = icsk->icsk_timeout;
2011         } else if (timer_pending(&sp->sk_timer)) {
2012                 timer_active    = 2;
2013                 timer_expires   = sp->sk_timer.expires;
2014         } else {
2015                 timer_active    = 0;
2016                 timer_expires = jiffies;
2017         }
2018
2019         seq_printf(seq,
2020                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2021                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %u %u %u %u %d\n",
2022                    i,
2023                    src->s6_addr32[0], src->s6_addr32[1],
2024                    src->s6_addr32[2], src->s6_addr32[3], srcp,
2025                    dest->s6_addr32[0], dest->s6_addr32[1],
2026                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
2027                    sp->sk_state,
2028                    tp->write_seq-tp->snd_una,
2029                    (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
2030                    timer_active,
2031                    jiffies_to_clock_t(timer_expires - jiffies),
2032                    icsk->icsk_retransmits,
2033                    sock_i_uid(sp),
2034                    icsk->icsk_probes_out,
2035                    sock_i_ino(sp),
2036                    atomic_read(&sp->sk_refcnt), sp,
2037                    icsk->icsk_rto,
2038                    icsk->icsk_ack.ato,
2039                    (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
2040                    tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
2041                    );
2042 }
2043
2044 static void get_timewait6_sock(struct seq_file *seq,
2045                                struct inet_timewait_sock *tw, int i)
2046 {
2047         struct in6_addr *dest, *src;
2048         __u16 destp, srcp;
2049         struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
2050         int ttd = tw->tw_ttd - jiffies;
2051
2052         if (ttd < 0)
2053                 ttd = 0;
2054
2055         dest = &tw6->tw_v6_daddr;
2056         src  = &tw6->tw_v6_rcv_saddr;
2057         destp = ntohs(tw->tw_dport);
2058         srcp  = ntohs(tw->tw_sport);
2059
2060         seq_printf(seq,
2061                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2062                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
2063                    i,
2064                    src->s6_addr32[0], src->s6_addr32[1],
2065                    src->s6_addr32[2], src->s6_addr32[3], srcp,
2066                    dest->s6_addr32[0], dest->s6_addr32[1],
2067                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
2068                    tw->tw_substate, 0, 0,
2069                    3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2070                    atomic_read(&tw->tw_refcnt), tw);
2071 }
2072
2073 static int tcp6_seq_show(struct seq_file *seq, void *v)
2074 {
2075         struct tcp_iter_state *st;
2076
2077         if (v == SEQ_START_TOKEN) {
2078                 seq_puts(seq,
2079                          "  sl  "
2080                          "local_address                         "
2081                          "remote_address                        "
2082                          "st tx_queue rx_queue tr tm->when retrnsmt"
2083                          "   uid  timeout inode\n");
2084                 goto out;
2085         }
2086         st = seq->private;
2087
2088         switch (st->state) {
2089         case TCP_SEQ_STATE_LISTENING:
2090         case TCP_SEQ_STATE_ESTABLISHED:
2091                 get_tcp6_sock(seq, v, st->num);
2092                 break;
2093         case TCP_SEQ_STATE_OPENREQ:
2094                 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
2095                 break;
2096         case TCP_SEQ_STATE_TIME_WAIT:
2097                 get_timewait6_sock(seq, v, st->num);
2098                 break;
2099         }
2100 out:
2101         return 0;
2102 }
2103
2104 static struct file_operations tcp6_seq_fops;
2105 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2106         .owner          = THIS_MODULE,
2107         .name           = "tcp6",
2108         .family         = AF_INET6,
2109         .seq_show       = tcp6_seq_show,
2110         .seq_fops       = &tcp6_seq_fops,
2111 };
2112
2113 int __init tcp6_proc_init(void)
2114 {
2115         return tcp_proc_register(&tcp6_seq_afinfo);
2116 }
2117
2118 void tcp6_proc_exit(void)
2119 {
2120         tcp_proc_unregister(&tcp6_seq_afinfo);
2121 }
2122 #endif
2123
2124 struct proto tcpv6_prot = {
2125         .name                   = "TCPv6",
2126         .owner                  = THIS_MODULE,
2127         .close                  = tcp_close,
2128         .connect                = tcp_v6_connect,
2129         .disconnect             = tcp_disconnect,
2130         .accept                 = inet_csk_accept,
2131         .ioctl                  = tcp_ioctl,
2132         .init                   = tcp_v6_init_sock,
2133         .destroy                = tcp_v6_destroy_sock,
2134         .shutdown               = tcp_shutdown,
2135         .setsockopt             = tcp_setsockopt,
2136         .getsockopt             = tcp_getsockopt,
2137         .sendmsg                = tcp_sendmsg,
2138         .recvmsg                = tcp_recvmsg,
2139         .backlog_rcv            = tcp_v6_do_rcv,
2140         .hash                   = tcp_v6_hash,
2141         .unhash                 = tcp_unhash,
2142         .get_port               = tcp_v6_get_port,
2143         .enter_memory_pressure  = tcp_enter_memory_pressure,
2144         .sockets_allocated      = &tcp_sockets_allocated,
2145         .memory_allocated       = &tcp_memory_allocated,
2146         .memory_pressure        = &tcp_memory_pressure,
2147         .orphan_count           = &tcp_orphan_count,
2148         .sysctl_mem             = sysctl_tcp_mem,
2149         .sysctl_wmem            = sysctl_tcp_wmem,
2150         .sysctl_rmem            = sysctl_tcp_rmem,
2151         .max_header             = MAX_TCP_HEADER,
2152         .obj_size               = sizeof(struct tcp6_sock),
2153         .twsk_prot              = &tcp6_timewait_sock_ops,
2154         .rsk_prot               = &tcp6_request_sock_ops,
2155 #ifdef CONFIG_COMPAT
2156         .compat_setsockopt      = compat_tcp_setsockopt,
2157         .compat_getsockopt      = compat_tcp_getsockopt,
2158 #endif
2159 };
2160
2161 static struct inet6_protocol tcpv6_protocol = {
2162         .handler        =       tcp_v6_rcv,
2163         .err_handler    =       tcp_v6_err,
2164         .gso_send_check =       tcp_v6_gso_send_check,
2165         .gso_segment    =       tcp_tso_segment,
2166         .flags          =       INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2167 };
2168
2169 static struct inet_protosw tcpv6_protosw = {
2170         .type           =       SOCK_STREAM,
2171         .protocol       =       IPPROTO_TCP,
2172         .prot           =       &tcpv6_prot,
2173         .ops            =       &inet6_stream_ops,
2174         .capability     =       -1,
2175         .no_check       =       0,
2176         .flags          =       INET_PROTOSW_PERMANENT |
2177                                 INET_PROTOSW_ICSK,
2178 };
2179
2180 void __init tcpv6_init(void)
2181 {
2182         /* register inet6 protocol */
2183         if (inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP) < 0)
2184                 printk(KERN_ERR "tcpv6_init: Could not register protocol\n");
2185         inet6_register_protosw(&tcpv6_protosw);
2186
2187         if (inet_csk_ctl_sock_create(&tcp6_socket, PF_INET6, SOCK_RAW,
2188                                      IPPROTO_TCP) < 0)
2189                 panic("Failed to create the TCPv6 control socket.\n");
2190 }