[IPSEC]: make sit use the xfrm4_tunnel_register
[linux-2.6] / net / ipv6 / tcp_ipv6.c
1 /*
2  *      TCP over IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *
8  *      $Id: tcp_ipv6.c,v 1.144 2002/02/01 22:01:04 davem Exp $
9  *
10  *      Based on:
11  *      linux/net/ipv4/tcp.c
12  *      linux/net/ipv4/tcp_input.c
13  *      linux/net/ipv4/tcp_output.c
14  *
15  *      Fixes:
16  *      Hideaki YOSHIFUJI       :       sin6_scope_id support
17  *      YOSHIFUJI Hideaki @USAGI and:   Support IPV6_V6ONLY socket option, which
18  *      Alexey Kuznetsov                allow both IPv4 and IPv6 sockets to bind
19  *                                      a single port at the same time.
20  *      YOSHIFUJI Hideaki @USAGI:       convert /proc/net/tcp6 to seq_file.
21  *
22  *      This program is free software; you can redistribute it and/or
23  *      modify it under the terms of the GNU General Public License
24  *      as published by the Free Software Foundation; either version
25  *      2 of the License, or (at your option) any later version.
26  */
27
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/net.h>
34 #include <linux/jiffies.h>
35 #include <linux/in.h>
36 #include <linux/in6.h>
37 #include <linux/netdevice.h>
38 #include <linux/init.h>
39 #include <linux/jhash.h>
40 #include <linux/ipsec.h>
41 #include <linux/times.h>
42
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
46
47 #include <net/tcp.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
51 #include <net/ipv6.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
58 #include <net/xfrm.h>
59 #include <net/addrconf.h>
60 #include <net/snmp.h>
61 #include <net/dsfield.h>
62 #include <net/timewait_sock.h>
63
64 #include <asm/uaccess.h>
65
66 #include <linux/proc_fs.h>
67 #include <linux/seq_file.h>
68
69 #include <linux/crypto.h>
70 #include <linux/scatterlist.h>
71
72 /* Socket used for sending RSTs and ACKs */
73 static struct socket *tcp6_socket;
74
75 static void     tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
76 static void     tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req);
77 static void     tcp_v6_send_check(struct sock *sk, int len,
78                                   struct sk_buff *skb);
79
80 static int      tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
81
82 static struct inet_connection_sock_af_ops ipv6_mapped;
83 static struct inet_connection_sock_af_ops ipv6_specific;
84 #ifdef CONFIG_TCP_MD5SIG
85 static struct tcp_sock_af_ops tcp_sock_ipv6_specific;
86 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
87 #endif
88
89 static int tcp_v6_get_port(struct sock *sk, unsigned short snum)
90 {
91         return inet_csk_get_port(&tcp_hashinfo, sk, snum,
92                                  inet6_csk_bind_conflict);
93 }
94
95 static void tcp_v6_hash(struct sock *sk)
96 {
97         if (sk->sk_state != TCP_CLOSE) {
98                 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
99                         tcp_prot.hash(sk);
100                         return;
101                 }
102                 local_bh_disable();
103                 __inet6_hash(&tcp_hashinfo, sk);
104                 local_bh_enable();
105         }
106 }
107
108 static __inline__ __sum16 tcp_v6_check(struct tcphdr *th, int len,
109                                    struct in6_addr *saddr,
110                                    struct in6_addr *daddr,
111                                    __wsum base)
112 {
113         return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
114 }
115
116 static __u32 tcp_v6_init_sequence(struct sk_buff *skb)
117 {
118         return secure_tcpv6_sequence_number(skb->nh.ipv6h->daddr.s6_addr32,
119                                             skb->nh.ipv6h->saddr.s6_addr32,
120                                             skb->h.th->dest,
121                                             skb->h.th->source);
122 }
123
124 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
125                           int addr_len)
126 {
127         struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
128         struct inet_sock *inet = inet_sk(sk);
129         struct inet_connection_sock *icsk = inet_csk(sk);
130         struct ipv6_pinfo *np = inet6_sk(sk);
131         struct tcp_sock *tp = tcp_sk(sk);
132         struct in6_addr *saddr = NULL, *final_p = NULL, final;
133         struct flowi fl;
134         struct dst_entry *dst;
135         int addr_type;
136         int err;
137
138         if (addr_len < SIN6_LEN_RFC2133)
139                 return -EINVAL;
140
141         if (usin->sin6_family != AF_INET6)
142                 return(-EAFNOSUPPORT);
143
144         memset(&fl, 0, sizeof(fl));
145
146         if (np->sndflow) {
147                 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
148                 IP6_ECN_flow_init(fl.fl6_flowlabel);
149                 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
150                         struct ip6_flowlabel *flowlabel;
151                         flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
152                         if (flowlabel == NULL)
153                                 return -EINVAL;
154                         ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
155                         fl6_sock_release(flowlabel);
156                 }
157         }
158
159         /*
160          *      connect() to INADDR_ANY means loopback (BSD'ism).
161          */
162
163         if(ipv6_addr_any(&usin->sin6_addr))
164                 usin->sin6_addr.s6_addr[15] = 0x1;
165
166         addr_type = ipv6_addr_type(&usin->sin6_addr);
167
168         if(addr_type & IPV6_ADDR_MULTICAST)
169                 return -ENETUNREACH;
170
171         if (addr_type&IPV6_ADDR_LINKLOCAL) {
172                 if (addr_len >= sizeof(struct sockaddr_in6) &&
173                     usin->sin6_scope_id) {
174                         /* If interface is set while binding, indices
175                          * must coincide.
176                          */
177                         if (sk->sk_bound_dev_if &&
178                             sk->sk_bound_dev_if != usin->sin6_scope_id)
179                                 return -EINVAL;
180
181                         sk->sk_bound_dev_if = usin->sin6_scope_id;
182                 }
183
184                 /* Connect to link-local address requires an interface */
185                 if (!sk->sk_bound_dev_if)
186                         return -EINVAL;
187         }
188
189         if (tp->rx_opt.ts_recent_stamp &&
190             !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
191                 tp->rx_opt.ts_recent = 0;
192                 tp->rx_opt.ts_recent_stamp = 0;
193                 tp->write_seq = 0;
194         }
195
196         ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
197         np->flow_label = fl.fl6_flowlabel;
198
199         /*
200          *      TCP over IPv4
201          */
202
203         if (addr_type == IPV6_ADDR_MAPPED) {
204                 u32 exthdrlen = icsk->icsk_ext_hdr_len;
205                 struct sockaddr_in sin;
206
207                 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
208
209                 if (__ipv6_only_sock(sk))
210                         return -ENETUNREACH;
211
212                 sin.sin_family = AF_INET;
213                 sin.sin_port = usin->sin6_port;
214                 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
215
216                 icsk->icsk_af_ops = &ipv6_mapped;
217                 sk->sk_backlog_rcv = tcp_v4_do_rcv;
218 #ifdef CONFIG_TCP_MD5SIG
219                 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
220 #endif
221
222                 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
223
224                 if (err) {
225                         icsk->icsk_ext_hdr_len = exthdrlen;
226                         icsk->icsk_af_ops = &ipv6_specific;
227                         sk->sk_backlog_rcv = tcp_v6_do_rcv;
228 #ifdef CONFIG_TCP_MD5SIG
229                         tp->af_specific = &tcp_sock_ipv6_specific;
230 #endif
231                         goto failure;
232                 } else {
233                         ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF),
234                                       inet->saddr);
235                         ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF),
236                                       inet->rcv_saddr);
237                 }
238
239                 return err;
240         }
241
242         if (!ipv6_addr_any(&np->rcv_saddr))
243                 saddr = &np->rcv_saddr;
244
245         fl.proto = IPPROTO_TCP;
246         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
247         ipv6_addr_copy(&fl.fl6_src,
248                        (saddr ? saddr : &np->saddr));
249         fl.oif = sk->sk_bound_dev_if;
250         fl.fl_ip_dport = usin->sin6_port;
251         fl.fl_ip_sport = inet->sport;
252
253         if (np->opt && np->opt->srcrt) {
254                 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
255                 ipv6_addr_copy(&final, &fl.fl6_dst);
256                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
257                 final_p = &final;
258         }
259
260         security_sk_classify_flow(sk, &fl);
261
262         err = ip6_dst_lookup(sk, &dst, &fl);
263         if (err)
264                 goto failure;
265         if (final_p)
266                 ipv6_addr_copy(&fl.fl6_dst, final_p);
267
268         if ((err = xfrm_lookup(&dst, &fl, sk, 1)) < 0)
269                 goto failure;
270
271         if (saddr == NULL) {
272                 saddr = &fl.fl6_src;
273                 ipv6_addr_copy(&np->rcv_saddr, saddr);
274         }
275
276         /* set the source address */
277         ipv6_addr_copy(&np->saddr, saddr);
278         inet->rcv_saddr = LOOPBACK4_IPV6;
279
280         sk->sk_gso_type = SKB_GSO_TCPV6;
281         __ip6_dst_store(sk, dst, NULL, NULL);
282
283         icsk->icsk_ext_hdr_len = 0;
284         if (np->opt)
285                 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
286                                           np->opt->opt_nflen);
287
288         tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
289
290         inet->dport = usin->sin6_port;
291
292         tcp_set_state(sk, TCP_SYN_SENT);
293         err = inet6_hash_connect(&tcp_death_row, sk);
294         if (err)
295                 goto late_failure;
296
297         if (!tp->write_seq)
298                 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
299                                                              np->daddr.s6_addr32,
300                                                              inet->sport,
301                                                              inet->dport);
302
303         err = tcp_connect(sk);
304         if (err)
305                 goto late_failure;
306
307         return 0;
308
309 late_failure:
310         tcp_set_state(sk, TCP_CLOSE);
311         __sk_dst_reset(sk);
312 failure:
313         inet->dport = 0;
314         sk->sk_route_caps = 0;
315         return err;
316 }
317
318 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
319                 int type, int code, int offset, __be32 info)
320 {
321         struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
322         const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
323         struct ipv6_pinfo *np;
324         struct sock *sk;
325         int err;
326         struct tcp_sock *tp;
327         __u32 seq;
328
329         sk = inet6_lookup(&tcp_hashinfo, &hdr->daddr, th->dest, &hdr->saddr,
330                           th->source, skb->dev->ifindex);
331
332         if (sk == NULL) {
333                 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
334                 return;
335         }
336
337         if (sk->sk_state == TCP_TIME_WAIT) {
338                 inet_twsk_put(inet_twsk(sk));
339                 return;
340         }
341
342         bh_lock_sock(sk);
343         if (sock_owned_by_user(sk))
344                 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
345
346         if (sk->sk_state == TCP_CLOSE)
347                 goto out;
348
349         tp = tcp_sk(sk);
350         seq = ntohl(th->seq);
351         if (sk->sk_state != TCP_LISTEN &&
352             !between(seq, tp->snd_una, tp->snd_nxt)) {
353                 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
354                 goto out;
355         }
356
357         np = inet6_sk(sk);
358
359         if (type == ICMPV6_PKT_TOOBIG) {
360                 struct dst_entry *dst = NULL;
361
362                 if (sock_owned_by_user(sk))
363                         goto out;
364                 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
365                         goto out;
366
367                 /* icmp should have updated the destination cache entry */
368                 dst = __sk_dst_check(sk, np->dst_cookie);
369
370                 if (dst == NULL) {
371                         struct inet_sock *inet = inet_sk(sk);
372                         struct flowi fl;
373
374                         /* BUGGG_FUTURE: Again, it is not clear how
375                            to handle rthdr case. Ignore this complexity
376                            for now.
377                          */
378                         memset(&fl, 0, sizeof(fl));
379                         fl.proto = IPPROTO_TCP;
380                         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
381                         ipv6_addr_copy(&fl.fl6_src, &np->saddr);
382                         fl.oif = sk->sk_bound_dev_if;
383                         fl.fl_ip_dport = inet->dport;
384                         fl.fl_ip_sport = inet->sport;
385                         security_skb_classify_flow(skb, &fl);
386
387                         if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
388                                 sk->sk_err_soft = -err;
389                                 goto out;
390                         }
391
392                         if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
393                                 sk->sk_err_soft = -err;
394                                 goto out;
395                         }
396
397                 } else
398                         dst_hold(dst);
399
400                 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
401                         tcp_sync_mss(sk, dst_mtu(dst));
402                         tcp_simple_retransmit(sk);
403                 } /* else let the usual retransmit timer handle it */
404                 dst_release(dst);
405                 goto out;
406         }
407
408         icmpv6_err_convert(type, code, &err);
409
410         /* Might be for an request_sock */
411         switch (sk->sk_state) {
412                 struct request_sock *req, **prev;
413         case TCP_LISTEN:
414                 if (sock_owned_by_user(sk))
415                         goto out;
416
417                 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
418                                            &hdr->saddr, inet6_iif(skb));
419                 if (!req)
420                         goto out;
421
422                 /* ICMPs are not backlogged, hence we cannot get
423                  * an established socket here.
424                  */
425                 BUG_TRAP(req->sk == NULL);
426
427                 if (seq != tcp_rsk(req)->snt_isn) {
428                         NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
429                         goto out;
430                 }
431
432                 inet_csk_reqsk_queue_drop(sk, req, prev);
433                 goto out;
434
435         case TCP_SYN_SENT:
436         case TCP_SYN_RECV:  /* Cannot happen.
437                                It can, it SYNs are crossed. --ANK */
438                 if (!sock_owned_by_user(sk)) {
439                         sk->sk_err = err;
440                         sk->sk_error_report(sk);                /* Wake people up to see the error (see connect in sock.c) */
441
442                         tcp_done(sk);
443                 } else
444                         sk->sk_err_soft = err;
445                 goto out;
446         }
447
448         if (!sock_owned_by_user(sk) && np->recverr) {
449                 sk->sk_err = err;
450                 sk->sk_error_report(sk);
451         } else
452                 sk->sk_err_soft = err;
453
454 out:
455         bh_unlock_sock(sk);
456         sock_put(sk);
457 }
458
459
460 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
461                               struct dst_entry *dst)
462 {
463         struct inet6_request_sock *treq = inet6_rsk(req);
464         struct ipv6_pinfo *np = inet6_sk(sk);
465         struct sk_buff * skb;
466         struct ipv6_txoptions *opt = NULL;
467         struct in6_addr * final_p = NULL, final;
468         struct flowi fl;
469         int err = -1;
470
471         memset(&fl, 0, sizeof(fl));
472         fl.proto = IPPROTO_TCP;
473         ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
474         ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
475         fl.fl6_flowlabel = 0;
476         fl.oif = treq->iif;
477         fl.fl_ip_dport = inet_rsk(req)->rmt_port;
478         fl.fl_ip_sport = inet_sk(sk)->sport;
479         security_req_classify_flow(req, &fl);
480
481         if (dst == NULL) {
482                 opt = np->opt;
483                 if (opt == NULL &&
484                     np->rxopt.bits.osrcrt == 2 &&
485                     treq->pktopts) {
486                         struct sk_buff *pktopts = treq->pktopts;
487                         struct inet6_skb_parm *rxopt = IP6CB(pktopts);
488                         if (rxopt->srcrt)
489                                 opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr*)(pktopts->nh.raw + rxopt->srcrt));
490                 }
491
492                 if (opt && opt->srcrt) {
493                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
494                         ipv6_addr_copy(&final, &fl.fl6_dst);
495                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
496                         final_p = &final;
497                 }
498
499                 err = ip6_dst_lookup(sk, &dst, &fl);
500                 if (err)
501                         goto done;
502                 if (final_p)
503                         ipv6_addr_copy(&fl.fl6_dst, final_p);
504                 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
505                         goto done;
506         }
507
508         skb = tcp_make_synack(sk, dst, req);
509         if (skb) {
510                 struct tcphdr *th = skb->h.th;
511
512                 th->check = tcp_v6_check(th, skb->len,
513                                          &treq->loc_addr, &treq->rmt_addr,
514                                          csum_partial((char *)th, skb->len, skb->csum));
515
516                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
517                 err = ip6_xmit(sk, skb, &fl, opt, 0);
518                 err = net_xmit_eval(err);
519         }
520
521 done:
522         if (opt && opt != np->opt)
523                 sock_kfree_s(sk, opt, opt->tot_len);
524         dst_release(dst);
525         return err;
526 }
527
528 static void tcp_v6_reqsk_destructor(struct request_sock *req)
529 {
530         if (inet6_rsk(req)->pktopts)
531                 kfree_skb(inet6_rsk(req)->pktopts);
532 }
533
534 #ifdef CONFIG_TCP_MD5SIG
535 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
536                                                    struct in6_addr *addr)
537 {
538         struct tcp_sock *tp = tcp_sk(sk);
539         int i;
540
541         BUG_ON(tp == NULL);
542
543         if (!tp->md5sig_info || !tp->md5sig_info->entries6)
544                 return NULL;
545
546         for (i = 0; i < tp->md5sig_info->entries6; i++) {
547                 if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, addr) == 0)
548                         return (struct tcp_md5sig_key *)&tp->md5sig_info->keys6[i];
549         }
550         return NULL;
551 }
552
553 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
554                                                 struct sock *addr_sk)
555 {
556         return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
557 }
558
559 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
560                                                       struct request_sock *req)
561 {
562         return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
563 }
564
565 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
566                              char *newkey, u8 newkeylen)
567 {
568         /* Add key to the list */
569         struct tcp6_md5sig_key *key;
570         struct tcp_sock *tp = tcp_sk(sk);
571         struct tcp6_md5sig_key *keys;
572
573         key = (struct tcp6_md5sig_key*) tcp_v6_md5_do_lookup(sk, peer);
574         if (key) {
575                 /* modify existing entry - just update that one */
576                 kfree(key->key);
577                 key->key = newkey;
578                 key->keylen = newkeylen;
579         } else {
580                 /* reallocate new list if current one is full. */
581                 if (!tp->md5sig_info) {
582                         tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC);
583                         if (!tp->md5sig_info) {
584                                 kfree(newkey);
585                                 return -ENOMEM;
586                         }
587                 }
588                 tcp_alloc_md5sig_pool();
589                 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) {
590                         keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) *
591                                        (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
592
593                         if (!keys) {
594                                 tcp_free_md5sig_pool();
595                                 kfree(newkey);
596                                 return -ENOMEM;
597                         }
598
599                         if (tp->md5sig_info->entries6)
600                                 memmove(keys, tp->md5sig_info->keys6,
601                                         (sizeof (tp->md5sig_info->keys6[0]) *
602                                          tp->md5sig_info->entries6));
603
604                         kfree(tp->md5sig_info->keys6);
605                         tp->md5sig_info->keys6 = keys;
606                         tp->md5sig_info->alloced6++;
607                 }
608
609                 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
610                                peer);
611                 tp->md5sig_info->keys6[tp->md5sig_info->entries6].key = newkey;
612                 tp->md5sig_info->keys6[tp->md5sig_info->entries6].keylen = newkeylen;
613
614                 tp->md5sig_info->entries6++;
615         }
616         return 0;
617 }
618
619 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk,
620                                u8 *newkey, __u8 newkeylen)
621 {
622         return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr,
623                                  newkey, newkeylen);
624 }
625
626 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
627 {
628         struct tcp_sock *tp = tcp_sk(sk);
629         int i;
630
631         for (i = 0; i < tp->md5sig_info->entries6; i++) {
632                 if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, peer) == 0) {
633                         /* Free the key */
634                         kfree(tp->md5sig_info->keys6[i].key);
635                         tp->md5sig_info->entries6--;
636
637                         if (tp->md5sig_info->entries6 == 0) {
638                                 kfree(tp->md5sig_info->keys6);
639                                 tp->md5sig_info->keys6 = NULL;
640
641                                 tcp_free_md5sig_pool();
642
643                                 return 0;
644                         } else {
645                                 /* shrink the database */
646                                 if (tp->md5sig_info->entries6 != i)
647                                         memmove(&tp->md5sig_info->keys6[i],
648                                                 &tp->md5sig_info->keys6[i+1],
649                                                 (tp->md5sig_info->entries6 - i)
650                                                 * sizeof (tp->md5sig_info->keys6[0]));
651                         }
652                 }
653         }
654         return -ENOENT;
655 }
656
657 static void tcp_v6_clear_md5_list (struct sock *sk)
658 {
659         struct tcp_sock *tp = tcp_sk(sk);
660         int i;
661
662         if (tp->md5sig_info->entries6) {
663                 for (i = 0; i < tp->md5sig_info->entries6; i++)
664                         kfree(tp->md5sig_info->keys6[i].key);
665                 tp->md5sig_info->entries6 = 0;
666                 tcp_free_md5sig_pool();
667         }
668
669         kfree(tp->md5sig_info->keys6);
670         tp->md5sig_info->keys6 = NULL;
671         tp->md5sig_info->alloced6 = 0;
672
673         if (tp->md5sig_info->entries4) {
674                 for (i = 0; i < tp->md5sig_info->entries4; i++)
675                         kfree(tp->md5sig_info->keys4[i].key);
676                 tp->md5sig_info->entries4 = 0;
677                 tcp_free_md5sig_pool();
678         }
679
680         kfree(tp->md5sig_info->keys4);
681         tp->md5sig_info->keys4 = NULL;
682         tp->md5sig_info->alloced4 = 0;
683 }
684
685 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
686                                   int optlen)
687 {
688         struct tcp_md5sig cmd;
689         struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
690         u8 *newkey;
691
692         if (optlen < sizeof(cmd))
693                 return -EINVAL;
694
695         if (copy_from_user(&cmd, optval, sizeof(cmd)))
696                 return -EFAULT;
697
698         if (sin6->sin6_family != AF_INET6)
699                 return -EINVAL;
700
701         if (!cmd.tcpm_keylen) {
702                 if (!tcp_sk(sk)->md5sig_info)
703                         return -ENOENT;
704                 if (ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_MAPPED)
705                         return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
706                 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr);
707         }
708
709         if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
710                 return -EINVAL;
711
712         if (!tcp_sk(sk)->md5sig_info) {
713                 struct tcp_sock *tp = tcp_sk(sk);
714                 struct tcp_md5sig_info *p;
715
716                 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL);
717                 if (!p)
718                         return -ENOMEM;
719
720                 tp->md5sig_info = p;
721         }
722
723         newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
724         if (!newkey)
725                 return -ENOMEM;
726         if (ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_MAPPED) {
727                 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3],
728                                          newkey, cmd.tcpm_keylen);
729         }
730         return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
731 }
732
733 static int tcp_v6_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
734                                    struct in6_addr *saddr,
735                                    struct in6_addr *daddr,
736                                    struct tcphdr *th, int protocol,
737                                    int tcplen)
738 {
739         struct scatterlist sg[4];
740         __u16 data_len;
741         int block = 0;
742         __sum16 cksum;
743         struct tcp_md5sig_pool *hp;
744         struct tcp6_pseudohdr *bp;
745         struct hash_desc *desc;
746         int err;
747         unsigned int nbytes = 0;
748
749         hp = tcp_get_md5sig_pool();
750         if (!hp) {
751                 printk(KERN_WARNING "%s(): hash pool not found...\n", __FUNCTION__);
752                 goto clear_hash_noput;
753         }
754         bp = &hp->md5_blk.ip6;
755         desc = &hp->md5_desc;
756
757         /* 1. TCP pseudo-header (RFC2460) */
758         ipv6_addr_copy(&bp->saddr, saddr);
759         ipv6_addr_copy(&bp->daddr, daddr);
760         bp->len = htonl(tcplen);
761         bp->protocol = htonl(protocol);
762
763         sg_set_buf(&sg[block++], bp, sizeof(*bp));
764         nbytes += sizeof(*bp);
765
766         /* 2. TCP header, excluding options */
767         cksum = th->check;
768         th->check = 0;
769         sg_set_buf(&sg[block++], th, sizeof(*th));
770         nbytes += sizeof(*th);
771
772         /* 3. TCP segment data (if any) */
773         data_len = tcplen - (th->doff << 2);
774         if (data_len > 0) {
775                 u8 *data = (u8 *)th + (th->doff << 2);
776                 sg_set_buf(&sg[block++], data, data_len);
777                 nbytes += data_len;
778         }
779
780         /* 4. shared key */
781         sg_set_buf(&sg[block++], key->key, key->keylen);
782         nbytes += key->keylen;
783
784         /* Now store the hash into the packet */
785         err = crypto_hash_init(desc);
786         if (err) {
787                 printk(KERN_WARNING "%s(): hash_init failed\n", __FUNCTION__);
788                 goto clear_hash;
789         }
790         err = crypto_hash_update(desc, sg, nbytes);
791         if (err) {
792                 printk(KERN_WARNING "%s(): hash_update failed\n", __FUNCTION__);
793                 goto clear_hash;
794         }
795         err = crypto_hash_final(desc, md5_hash);
796         if (err) {
797                 printk(KERN_WARNING "%s(): hash_final failed\n", __FUNCTION__);
798                 goto clear_hash;
799         }
800
801         /* Reset header, and free up the crypto */
802         tcp_put_md5sig_pool();
803         th->check = cksum;
804 out:
805         return 0;
806 clear_hash:
807         tcp_put_md5sig_pool();
808 clear_hash_noput:
809         memset(md5_hash, 0, 16);
810         goto out;
811 }
812
813 static int tcp_v6_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
814                                 struct sock *sk,
815                                 struct dst_entry *dst,
816                                 struct request_sock *req,
817                                 struct tcphdr *th, int protocol,
818                                 int tcplen)
819 {
820         struct in6_addr *saddr, *daddr;
821
822         if (sk) {
823                 saddr = &inet6_sk(sk)->saddr;
824                 daddr = &inet6_sk(sk)->daddr;
825         } else {
826                 saddr = &inet6_rsk(req)->loc_addr;
827                 daddr = &inet6_rsk(req)->rmt_addr;
828         }
829         return tcp_v6_do_calc_md5_hash(md5_hash, key,
830                                        saddr, daddr,
831                                        th, protocol, tcplen);
832 }
833
834 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
835 {
836         __u8 *hash_location = NULL;
837         struct tcp_md5sig_key *hash_expected;
838         struct ipv6hdr *ip6h = skb->nh.ipv6h;
839         struct tcphdr *th = skb->h.th;
840         int length = (th->doff << 2) - sizeof (*th);
841         int genhash;
842         u8 *ptr;
843         u8 newhash[16];
844
845         hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
846
847         /* If the TCP option is too short, we can short cut */
848         if (length < TCPOLEN_MD5SIG)
849                 return hash_expected ? 1 : 0;
850
851         /* parse options */
852         ptr = (u8*)(th + 1);
853         while (length > 0) {
854                 int opcode = *ptr++;
855                 int opsize;
856
857                 switch(opcode) {
858                 case TCPOPT_EOL:
859                         goto done_opts;
860                 case TCPOPT_NOP:
861                         length--;
862                         continue;
863                 default:
864                         opsize = *ptr++;
865                         if (opsize < 2 || opsize > length)
866                                 goto done_opts;
867                         if (opcode == TCPOPT_MD5SIG) {
868                                 hash_location = ptr;
869                                 goto done_opts;
870                         }
871                 }
872                 ptr += opsize - 2;
873                 length -= opsize;
874         }
875
876 done_opts:
877         /* do we have a hash as expected? */
878         if (!hash_expected) {
879                 if (!hash_location)
880                         return 0;
881                 if (net_ratelimit()) {
882                         printk(KERN_INFO "MD5 Hash NOT expected but found "
883                                "(" NIP6_FMT ", %u)->"
884                                "(" NIP6_FMT ", %u)\n",
885                                NIP6(ip6h->saddr), ntohs(th->source),
886                                NIP6(ip6h->daddr), ntohs(th->dest));
887                 }
888                 return 1;
889         }
890
891         if (!hash_location) {
892                 if (net_ratelimit()) {
893                         printk(KERN_INFO "MD5 Hash expected but NOT found "
894                                "(" NIP6_FMT ", %u)->"
895                                "(" NIP6_FMT ", %u)\n",
896                                NIP6(ip6h->saddr), ntohs(th->source),
897                                NIP6(ip6h->daddr), ntohs(th->dest));
898                 }
899                 return 1;
900         }
901
902         /* check the signature */
903         genhash = tcp_v6_do_calc_md5_hash(newhash,
904                                           hash_expected,
905                                           &ip6h->saddr, &ip6h->daddr,
906                                           th, sk->sk_protocol,
907                                           skb->len);
908         if (genhash || memcmp(hash_location, newhash, 16) != 0) {
909                 if (net_ratelimit()) {
910                         printk(KERN_INFO "MD5 Hash %s for "
911                                "(" NIP6_FMT ", %u)->"
912                                "(" NIP6_FMT ", %u)\n",
913                                genhash ? "failed" : "mismatch",
914                                NIP6(ip6h->saddr), ntohs(th->source),
915                                NIP6(ip6h->daddr), ntohs(th->dest));
916                 }
917                 return 1;
918         }
919         return 0;
920 }
921 #endif
922
923 static struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
924         .family         =       AF_INET6,
925         .obj_size       =       sizeof(struct tcp6_request_sock),
926         .rtx_syn_ack    =       tcp_v6_send_synack,
927         .send_ack       =       tcp_v6_reqsk_send_ack,
928         .destructor     =       tcp_v6_reqsk_destructor,
929         .send_reset     =       tcp_v6_send_reset
930 };
931
932 #ifdef CONFIG_TCP_MD5SIG
933 static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
934         .md5_lookup     =       tcp_v6_reqsk_md5_lookup,
935 };
936 #endif
937
938 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
939         .twsk_obj_size  = sizeof(struct tcp6_timewait_sock),
940         .twsk_unique    = tcp_twsk_unique,
941         .twsk_destructor= tcp_twsk_destructor,
942 };
943
944 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb)
945 {
946         struct ipv6_pinfo *np = inet6_sk(sk);
947         struct tcphdr *th = skb->h.th;
948
949         if (skb->ip_summed == CHECKSUM_PARTIAL) {
950                 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,  0);
951                 skb->csum_offset = offsetof(struct tcphdr, check);
952         } else {
953                 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,
954                                             csum_partial((char *)th, th->doff<<2,
955                                                          skb->csum));
956         }
957 }
958
959 static int tcp_v6_gso_send_check(struct sk_buff *skb)
960 {
961         struct ipv6hdr *ipv6h;
962         struct tcphdr *th;
963
964         if (!pskb_may_pull(skb, sizeof(*th)))
965                 return -EINVAL;
966
967         ipv6h = skb->nh.ipv6h;
968         th = skb->h.th;
969
970         th->check = 0;
971         th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len,
972                                      IPPROTO_TCP, 0);
973         skb->csum_offset = offsetof(struct tcphdr, check);
974         skb->ip_summed = CHECKSUM_PARTIAL;
975         return 0;
976 }
977
978 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
979 {
980         struct tcphdr *th = skb->h.th, *t1;
981         struct sk_buff *buff;
982         struct flowi fl;
983         int tot_len = sizeof(*th);
984 #ifdef CONFIG_TCP_MD5SIG
985         struct tcp_md5sig_key *key;
986 #endif
987
988         if (th->rst)
989                 return;
990
991         if (!ipv6_unicast_destination(skb))
992                 return;
993
994 #ifdef CONFIG_TCP_MD5SIG
995         if (sk)
996                 key = tcp_v6_md5_do_lookup(sk, &skb->nh.ipv6h->daddr);
997         else
998                 key = NULL;
999
1000         if (key)
1001                 tot_len += TCPOLEN_MD5SIG_ALIGNED;
1002 #endif
1003
1004         /*
1005          * We need to grab some memory, and put together an RST,
1006          * and then put it into the queue to be sent.
1007          */
1008
1009         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1010                          GFP_ATOMIC);
1011         if (buff == NULL)
1012                 return;
1013
1014         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1015
1016         t1 = (struct tcphdr *) skb_push(buff, tot_len);
1017
1018         /* Swap the send and the receive. */
1019         memset(t1, 0, sizeof(*t1));
1020         t1->dest = th->source;
1021         t1->source = th->dest;
1022         t1->doff = tot_len / 4;
1023         t1->rst = 1;
1024
1025         if(th->ack) {
1026                 t1->seq = th->ack_seq;
1027         } else {
1028                 t1->ack = 1;
1029                 t1->ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin
1030                                     + skb->len - (th->doff<<2));
1031         }
1032
1033 #ifdef CONFIG_TCP_MD5SIG
1034         if (key) {
1035                 __be32 *opt = (__be32*)(t1 + 1);
1036                 opt[0] = htonl((TCPOPT_NOP << 24) |
1037                                (TCPOPT_NOP << 16) |
1038                                (TCPOPT_MD5SIG << 8) |
1039                                TCPOLEN_MD5SIG);
1040                 tcp_v6_do_calc_md5_hash((__u8*)&opt[1],
1041                                         key,
1042                                         &skb->nh.ipv6h->daddr,
1043                                         &skb->nh.ipv6h->saddr,
1044                                         t1, IPPROTO_TCP,
1045                                         tot_len);
1046         }
1047 #endif
1048
1049         buff->csum = csum_partial((char *)t1, sizeof(*t1), 0);
1050
1051         memset(&fl, 0, sizeof(fl));
1052         ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
1053         ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
1054
1055         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1056                                     sizeof(*t1), IPPROTO_TCP,
1057                                     buff->csum);
1058
1059         fl.proto = IPPROTO_TCP;
1060         fl.oif = inet6_iif(skb);
1061         fl.fl_ip_dport = t1->dest;
1062         fl.fl_ip_sport = t1->source;
1063         security_skb_classify_flow(skb, &fl);
1064
1065         /* sk = NULL, but it is safe for now. RST socket required. */
1066         if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
1067
1068                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1069                         ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
1070                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1071                         TCP_INC_STATS_BH(TCP_MIB_OUTRSTS);
1072                         return;
1073                 }
1074         }
1075
1076         kfree_skb(buff);
1077 }
1078
1079 static void tcp_v6_send_ack(struct tcp_timewait_sock *tw,
1080                             struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts)
1081 {
1082         struct tcphdr *th = skb->h.th, *t1;
1083         struct sk_buff *buff;
1084         struct flowi fl;
1085         int tot_len = sizeof(struct tcphdr);
1086         __be32 *topt;
1087 #ifdef CONFIG_TCP_MD5SIG
1088         struct tcp_md5sig_key *key;
1089         struct tcp_md5sig_key tw_key;
1090 #endif
1091
1092 #ifdef CONFIG_TCP_MD5SIG
1093         if (!tw && skb->sk) {
1094                 key = tcp_v6_md5_do_lookup(skb->sk, &skb->nh.ipv6h->daddr);
1095         } else if (tw && tw->tw_md5_keylen) {
1096                 tw_key.key = tw->tw_md5_key;
1097                 tw_key.keylen = tw->tw_md5_keylen;
1098                 key = &tw_key;
1099         } else {
1100                 key = NULL;
1101         }
1102 #endif
1103
1104         if (ts)
1105                 tot_len += TCPOLEN_TSTAMP_ALIGNED;
1106 #ifdef CONFIG_TCP_MD5SIG
1107         if (key)
1108                 tot_len += TCPOLEN_MD5SIG_ALIGNED;
1109 #endif
1110
1111         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1112                          GFP_ATOMIC);
1113         if (buff == NULL)
1114                 return;
1115
1116         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1117
1118         t1 = (struct tcphdr *) skb_push(buff,tot_len);
1119
1120         /* Swap the send and the receive. */
1121         memset(t1, 0, sizeof(*t1));
1122         t1->dest = th->source;
1123         t1->source = th->dest;
1124         t1->doff = tot_len/4;
1125         t1->seq = htonl(seq);
1126         t1->ack_seq = htonl(ack);
1127         t1->ack = 1;
1128         t1->window = htons(win);
1129
1130         topt = (__be32 *)(t1 + 1);
1131
1132         if (ts) {
1133                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1134                                 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
1135                 *topt++ = htonl(tcp_time_stamp);
1136                 *topt = htonl(ts);
1137         }
1138
1139 #ifdef CONFIG_TCP_MD5SIG
1140         if (key) {
1141                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1142                                 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1143                 tcp_v6_do_calc_md5_hash((__u8 *)topt,
1144                                         key,
1145                                         &skb->nh.ipv6h->daddr,
1146                                         &skb->nh.ipv6h->saddr,
1147                                         t1, IPPROTO_TCP,
1148                                         tot_len);
1149         }
1150 #endif
1151
1152         buff->csum = csum_partial((char *)t1, tot_len, 0);
1153
1154         memset(&fl, 0, sizeof(fl));
1155         ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
1156         ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
1157
1158         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1159                                     tot_len, IPPROTO_TCP,
1160                                     buff->csum);
1161
1162         fl.proto = IPPROTO_TCP;
1163         fl.oif = inet6_iif(skb);
1164         fl.fl_ip_dport = t1->dest;
1165         fl.fl_ip_sport = t1->source;
1166         security_skb_classify_flow(skb, &fl);
1167
1168         if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
1169                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1170                         ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
1171                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1172                         return;
1173                 }
1174         }
1175
1176         kfree_skb(buff);
1177 }
1178
1179 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1180 {
1181         struct inet_timewait_sock *tw = inet_twsk(sk);
1182         struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1183
1184         tcp_v6_send_ack(tcptw, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1185                         tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1186                         tcptw->tw_ts_recent);
1187
1188         inet_twsk_put(tw);
1189 }
1190
1191 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req)
1192 {
1193         tcp_v6_send_ack(NULL, skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent);
1194 }
1195
1196
1197 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1198 {
1199         struct request_sock *req, **prev;
1200         const struct tcphdr *th = skb->h.th;
1201         struct sock *nsk;
1202
1203         /* Find possible connection requests. */
1204         req = inet6_csk_search_req(sk, &prev, th->source,
1205                                    &skb->nh.ipv6h->saddr,
1206                                    &skb->nh.ipv6h->daddr, inet6_iif(skb));
1207         if (req)
1208                 return tcp_check_req(sk, skb, req, prev);
1209
1210         nsk = __inet6_lookup_established(&tcp_hashinfo, &skb->nh.ipv6h->saddr,
1211                                          th->source, &skb->nh.ipv6h->daddr,
1212                                          ntohs(th->dest), inet6_iif(skb));
1213
1214         if (nsk) {
1215                 if (nsk->sk_state != TCP_TIME_WAIT) {
1216                         bh_lock_sock(nsk);
1217                         return nsk;
1218                 }
1219                 inet_twsk_put(inet_twsk(nsk));
1220                 return NULL;
1221         }
1222
1223 #if 0 /*def CONFIG_SYN_COOKIES*/
1224         if (!th->rst && !th->syn && th->ack)
1225                 sk = cookie_v6_check(sk, skb, &(IPCB(skb)->opt));
1226 #endif
1227         return sk;
1228 }
1229
1230 /* FIXME: this is substantially similar to the ipv4 code.
1231  * Can some kind of merge be done? -- erics
1232  */
1233 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1234 {
1235         struct inet6_request_sock *treq;
1236         struct ipv6_pinfo *np = inet6_sk(sk);
1237         struct tcp_options_received tmp_opt;
1238         struct tcp_sock *tp = tcp_sk(sk);
1239         struct request_sock *req = NULL;
1240         __u32 isn = TCP_SKB_CB(skb)->when;
1241
1242         if (skb->protocol == htons(ETH_P_IP))
1243                 return tcp_v4_conn_request(sk, skb);
1244
1245         if (!ipv6_unicast_destination(skb))
1246                 goto drop;
1247
1248         /*
1249          *      There are no SYN attacks on IPv6, yet...
1250          */
1251         if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1252                 if (net_ratelimit())
1253                         printk(KERN_INFO "TCPv6: dropping request, synflood is possible\n");
1254                 goto drop;
1255         }
1256
1257         if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1258                 goto drop;
1259
1260         req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
1261         if (req == NULL)
1262                 goto drop;
1263
1264 #ifdef CONFIG_TCP_MD5SIG
1265         tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
1266 #endif
1267
1268         tcp_clear_options(&tmp_opt);
1269         tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1270         tmp_opt.user_mss = tp->rx_opt.user_mss;
1271
1272         tcp_parse_options(skb, &tmp_opt, 0);
1273
1274         tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1275         tcp_openreq_init(req, &tmp_opt, skb);
1276
1277         treq = inet6_rsk(req);
1278         ipv6_addr_copy(&treq->rmt_addr, &skb->nh.ipv6h->saddr);
1279         ipv6_addr_copy(&treq->loc_addr, &skb->nh.ipv6h->daddr);
1280         TCP_ECN_create_request(req, skb->h.th);
1281         treq->pktopts = NULL;
1282         if (ipv6_opt_accepted(sk, skb) ||
1283             np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1284             np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1285                 atomic_inc(&skb->users);
1286                 treq->pktopts = skb;
1287         }
1288         treq->iif = sk->sk_bound_dev_if;
1289
1290         /* So that link locals have meaning */
1291         if (!sk->sk_bound_dev_if &&
1292             ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1293                 treq->iif = inet6_iif(skb);
1294
1295         if (isn == 0)
1296                 isn = tcp_v6_init_sequence(skb);
1297
1298         tcp_rsk(req)->snt_isn = isn;
1299
1300         security_inet_conn_request(sk, skb, req);
1301
1302         if (tcp_v6_send_synack(sk, req, NULL))
1303                 goto drop;
1304
1305         inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1306         return 0;
1307
1308 drop:
1309         if (req)
1310                 reqsk_free(req);
1311
1312         return 0; /* don't send reset */
1313 }
1314
1315 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1316                                           struct request_sock *req,
1317                                           struct dst_entry *dst)
1318 {
1319         struct inet6_request_sock *treq = inet6_rsk(req);
1320         struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1321         struct tcp6_sock *newtcp6sk;
1322         struct inet_sock *newinet;
1323         struct tcp_sock *newtp;
1324         struct sock *newsk;
1325         struct ipv6_txoptions *opt;
1326 #ifdef CONFIG_TCP_MD5SIG
1327         struct tcp_md5sig_key *key;
1328 #endif
1329
1330         if (skb->protocol == htons(ETH_P_IP)) {
1331                 /*
1332                  *      v6 mapped
1333                  */
1334
1335                 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1336
1337                 if (newsk == NULL)
1338                         return NULL;
1339
1340                 newtcp6sk = (struct tcp6_sock *)newsk;
1341                 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1342
1343                 newinet = inet_sk(newsk);
1344                 newnp = inet6_sk(newsk);
1345                 newtp = tcp_sk(newsk);
1346
1347                 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1348
1349                 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF),
1350                               newinet->daddr);
1351
1352                 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF),
1353                               newinet->saddr);
1354
1355                 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1356
1357                 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1358                 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1359 #ifdef CONFIG_TCP_MD5SIG
1360                 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1361 #endif
1362
1363                 newnp->pktoptions  = NULL;
1364                 newnp->opt         = NULL;
1365                 newnp->mcast_oif   = inet6_iif(skb);
1366                 newnp->mcast_hops  = skb->nh.ipv6h->hop_limit;
1367
1368                 /*
1369                  * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1370                  * here, tcp_create_openreq_child now does this for us, see the comment in
1371                  * that function for the gory details. -acme
1372                  */
1373
1374                 /* It is tricky place. Until this moment IPv4 tcp
1375                    worked with IPv6 icsk.icsk_af_ops.
1376                    Sync it now.
1377                  */
1378                 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1379
1380                 return newsk;
1381         }
1382
1383         opt = np->opt;
1384
1385         if (sk_acceptq_is_full(sk))
1386                 goto out_overflow;
1387
1388         if (np->rxopt.bits.osrcrt == 2 &&
1389             opt == NULL && treq->pktopts) {
1390                 struct inet6_skb_parm *rxopt = IP6CB(treq->pktopts);
1391                 if (rxopt->srcrt)
1392                         opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr *)(treq->pktopts->nh.raw + rxopt->srcrt));
1393         }
1394
1395         if (dst == NULL) {
1396                 struct in6_addr *final_p = NULL, final;
1397                 struct flowi fl;
1398
1399                 memset(&fl, 0, sizeof(fl));
1400                 fl.proto = IPPROTO_TCP;
1401                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
1402                 if (opt && opt->srcrt) {
1403                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
1404                         ipv6_addr_copy(&final, &fl.fl6_dst);
1405                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1406                         final_p = &final;
1407                 }
1408                 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
1409                 fl.oif = sk->sk_bound_dev_if;
1410                 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
1411                 fl.fl_ip_sport = inet_sk(sk)->sport;
1412                 security_req_classify_flow(req, &fl);
1413
1414                 if (ip6_dst_lookup(sk, &dst, &fl))
1415                         goto out;
1416
1417                 if (final_p)
1418                         ipv6_addr_copy(&fl.fl6_dst, final_p);
1419
1420                 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
1421                         goto out;
1422         }
1423
1424         newsk = tcp_create_openreq_child(sk, req, skb);
1425         if (newsk == NULL)
1426                 goto out;
1427
1428         /*
1429          * No need to charge this sock to the relevant IPv6 refcnt debug socks
1430          * count here, tcp_create_openreq_child now does this for us, see the
1431          * comment in that function for the gory details. -acme
1432          */
1433
1434         newsk->sk_gso_type = SKB_GSO_TCPV6;
1435         __ip6_dst_store(newsk, dst, NULL, NULL);
1436
1437         newtcp6sk = (struct tcp6_sock *)newsk;
1438         inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1439
1440         newtp = tcp_sk(newsk);
1441         newinet = inet_sk(newsk);
1442         newnp = inet6_sk(newsk);
1443
1444         memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1445
1446         ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1447         ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1448         ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1449         newsk->sk_bound_dev_if = treq->iif;
1450
1451         /* Now IPv6 options...
1452
1453            First: no IPv4 options.
1454          */
1455         newinet->opt = NULL;
1456
1457         /* Clone RX bits */
1458         newnp->rxopt.all = np->rxopt.all;
1459
1460         /* Clone pktoptions received with SYN */
1461         newnp->pktoptions = NULL;
1462         if (treq->pktopts != NULL) {
1463                 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1464                 kfree_skb(treq->pktopts);
1465                 treq->pktopts = NULL;
1466                 if (newnp->pktoptions)
1467                         skb_set_owner_r(newnp->pktoptions, newsk);
1468         }
1469         newnp->opt        = NULL;
1470         newnp->mcast_oif  = inet6_iif(skb);
1471         newnp->mcast_hops = skb->nh.ipv6h->hop_limit;
1472
1473         /* Clone native IPv6 options from listening socket (if any)
1474
1475            Yes, keeping reference count would be much more clever,
1476            but we make one more one thing there: reattach optmem
1477            to newsk.
1478          */
1479         if (opt) {
1480                 newnp->opt = ipv6_dup_options(newsk, opt);
1481                 if (opt != np->opt)
1482                         sock_kfree_s(sk, opt, opt->tot_len);
1483         }
1484
1485         inet_csk(newsk)->icsk_ext_hdr_len = 0;
1486         if (newnp->opt)
1487                 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1488                                                      newnp->opt->opt_flen);
1489
1490         tcp_mtup_init(newsk);
1491         tcp_sync_mss(newsk, dst_mtu(dst));
1492         newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1493         tcp_initialize_rcv_mss(newsk);
1494
1495         newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
1496
1497 #ifdef CONFIG_TCP_MD5SIG
1498         /* Copy over the MD5 key from the original socket */
1499         if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
1500                 /* We're using one, so create a matching key
1501                  * on the newsk structure. If we fail to get
1502                  * memory, then we end up not copying the key
1503                  * across. Shucks.
1504                  */
1505                 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1506                 if (newkey != NULL)
1507                         tcp_v6_md5_do_add(newsk, &inet6_sk(sk)->daddr,
1508                                           newkey, key->keylen);
1509         }
1510 #endif
1511
1512         __inet6_hash(&tcp_hashinfo, newsk);
1513         inet_inherit_port(&tcp_hashinfo, sk, newsk);
1514
1515         return newsk;
1516
1517 out_overflow:
1518         NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
1519 out:
1520         NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
1521         if (opt && opt != np->opt)
1522                 sock_kfree_s(sk, opt, opt->tot_len);
1523         dst_release(dst);
1524         return NULL;
1525 }
1526
1527 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1528 {
1529         if (skb->ip_summed == CHECKSUM_COMPLETE) {
1530                 if (!tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1531                                   &skb->nh.ipv6h->daddr,skb->csum)) {
1532                         skb->ip_summed = CHECKSUM_UNNECESSARY;
1533                         return 0;
1534                 }
1535         }
1536
1537         skb->csum = ~csum_unfold(tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1538                                   &skb->nh.ipv6h->daddr, 0));
1539
1540         if (skb->len <= 76) {
1541                 return __skb_checksum_complete(skb);
1542         }
1543         return 0;
1544 }
1545
1546 /* The socket must have it's spinlock held when we get
1547  * here.
1548  *
1549  * We have a potential double-lock case here, so even when
1550  * doing backlog processing we use the BH locking scheme.
1551  * This is because we cannot sleep with the original spinlock
1552  * held.
1553  */
1554 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1555 {
1556         struct ipv6_pinfo *np = inet6_sk(sk);
1557         struct tcp_sock *tp;
1558         struct sk_buff *opt_skb = NULL;
1559
1560         /* Imagine: socket is IPv6. IPv4 packet arrives,
1561            goes to IPv4 receive handler and backlogged.
1562            From backlog it always goes here. Kerboom...
1563            Fortunately, tcp_rcv_established and rcv_established
1564            handle them correctly, but it is not case with
1565            tcp_v6_hnd_req and tcp_v6_send_reset().   --ANK
1566          */
1567
1568         if (skb->protocol == htons(ETH_P_IP))
1569                 return tcp_v4_do_rcv(sk, skb);
1570
1571 #ifdef CONFIG_TCP_MD5SIG
1572         if (tcp_v6_inbound_md5_hash (sk, skb))
1573                 goto discard;
1574 #endif
1575
1576         if (sk_filter(sk, skb))
1577                 goto discard;
1578
1579         /*
1580          *      socket locking is here for SMP purposes as backlog rcv
1581          *      is currently called with bh processing disabled.
1582          */
1583
1584         /* Do Stevens' IPV6_PKTOPTIONS.
1585
1586            Yes, guys, it is the only place in our code, where we
1587            may make it not affecting IPv4.
1588            The rest of code is protocol independent,
1589            and I do not like idea to uglify IPv4.
1590
1591            Actually, all the idea behind IPV6_PKTOPTIONS
1592            looks not very well thought. For now we latch
1593            options, received in the last packet, enqueued
1594            by tcp. Feel free to propose better solution.
1595                                                --ANK (980728)
1596          */
1597         if (np->rxopt.all)
1598                 opt_skb = skb_clone(skb, GFP_ATOMIC);
1599
1600         if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1601                 TCP_CHECK_TIMER(sk);
1602                 if (tcp_rcv_established(sk, skb, skb->h.th, skb->len))
1603                         goto reset;
1604                 TCP_CHECK_TIMER(sk);
1605                 if (opt_skb)
1606                         goto ipv6_pktoptions;
1607                 return 0;
1608         }
1609
1610         if (skb->len < (skb->h.th->doff<<2) || tcp_checksum_complete(skb))
1611                 goto csum_err;
1612
1613         if (sk->sk_state == TCP_LISTEN) {
1614                 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1615                 if (!nsk)
1616                         goto discard;
1617
1618                 /*
1619                  * Queue it on the new socket if the new socket is active,
1620                  * otherwise we just shortcircuit this and continue with
1621                  * the new socket..
1622                  */
1623                 if(nsk != sk) {
1624                         if (tcp_child_process(sk, nsk, skb))
1625                                 goto reset;
1626                         if (opt_skb)
1627                                 __kfree_skb(opt_skb);
1628                         return 0;
1629                 }
1630         }
1631
1632         TCP_CHECK_TIMER(sk);
1633         if (tcp_rcv_state_process(sk, skb, skb->h.th, skb->len))
1634                 goto reset;
1635         TCP_CHECK_TIMER(sk);
1636         if (opt_skb)
1637                 goto ipv6_pktoptions;
1638         return 0;
1639
1640 reset:
1641         tcp_v6_send_reset(sk, skb);
1642 discard:
1643         if (opt_skb)
1644                 __kfree_skb(opt_skb);
1645         kfree_skb(skb);
1646         return 0;
1647 csum_err:
1648         TCP_INC_STATS_BH(TCP_MIB_INERRS);
1649         goto discard;
1650
1651
1652 ipv6_pktoptions:
1653         /* Do you ask, what is it?
1654
1655            1. skb was enqueued by tcp.
1656            2. skb is added to tail of read queue, rather than out of order.
1657            3. socket is not in passive state.
1658            4. Finally, it really contains options, which user wants to receive.
1659          */
1660         tp = tcp_sk(sk);
1661         if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1662             !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1663                 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1664                         np->mcast_oif = inet6_iif(opt_skb);
1665                 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1666                         np->mcast_hops = opt_skb->nh.ipv6h->hop_limit;
1667                 if (ipv6_opt_accepted(sk, opt_skb)) {
1668                         skb_set_owner_r(opt_skb, sk);
1669                         opt_skb = xchg(&np->pktoptions, opt_skb);
1670                 } else {
1671                         __kfree_skb(opt_skb);
1672                         opt_skb = xchg(&np->pktoptions, NULL);
1673                 }
1674         }
1675
1676         if (opt_skb)
1677                 kfree_skb(opt_skb);
1678         return 0;
1679 }
1680
1681 static int tcp_v6_rcv(struct sk_buff **pskb)
1682 {
1683         struct sk_buff *skb = *pskb;
1684         struct tcphdr *th;
1685         struct sock *sk;
1686         int ret;
1687
1688         if (skb->pkt_type != PACKET_HOST)
1689                 goto discard_it;
1690
1691         /*
1692          *      Count it even if it's bad.
1693          */
1694         TCP_INC_STATS_BH(TCP_MIB_INSEGS);
1695
1696         if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1697                 goto discard_it;
1698
1699         th = skb->h.th;
1700
1701         if (th->doff < sizeof(struct tcphdr)/4)
1702                 goto bad_packet;
1703         if (!pskb_may_pull(skb, th->doff*4))
1704                 goto discard_it;
1705
1706         if ((skb->ip_summed != CHECKSUM_UNNECESSARY &&
1707              tcp_v6_checksum_init(skb)))
1708                 goto bad_packet;
1709
1710         th = skb->h.th;
1711         TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1712         TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1713                                     skb->len - th->doff*4);
1714         TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1715         TCP_SKB_CB(skb)->when = 0;
1716         TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(skb->nh.ipv6h);
1717         TCP_SKB_CB(skb)->sacked = 0;
1718
1719         sk = __inet6_lookup(&tcp_hashinfo, &skb->nh.ipv6h->saddr, th->source,
1720                             &skb->nh.ipv6h->daddr, ntohs(th->dest),
1721                             inet6_iif(skb));
1722
1723         if (!sk)
1724                 goto no_tcp_socket;
1725
1726 process:
1727         if (sk->sk_state == TCP_TIME_WAIT)
1728                 goto do_time_wait;
1729
1730         if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1731                 goto discard_and_relse;
1732
1733         if (sk_filter(sk, skb))
1734                 goto discard_and_relse;
1735
1736         skb->dev = NULL;
1737
1738         bh_lock_sock_nested(sk);
1739         ret = 0;
1740         if (!sock_owned_by_user(sk)) {
1741 #ifdef CONFIG_NET_DMA
1742                 struct tcp_sock *tp = tcp_sk(sk);
1743                 if (tp->ucopy.dma_chan)
1744                         ret = tcp_v6_do_rcv(sk, skb);
1745                 else
1746 #endif
1747                 {
1748                         if (!tcp_prequeue(sk, skb))
1749                                 ret = tcp_v6_do_rcv(sk, skb);
1750                 }
1751         } else
1752                 sk_add_backlog(sk, skb);
1753         bh_unlock_sock(sk);
1754
1755         sock_put(sk);
1756         return ret ? -1 : 0;
1757
1758 no_tcp_socket:
1759         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1760                 goto discard_it;
1761
1762         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1763 bad_packet:
1764                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1765         } else {
1766                 tcp_v6_send_reset(NULL, skb);
1767         }
1768
1769 discard_it:
1770
1771         /*
1772          *      Discard frame
1773          */
1774
1775         kfree_skb(skb);
1776         return 0;
1777
1778 discard_and_relse:
1779         sock_put(sk);
1780         goto discard_it;
1781
1782 do_time_wait:
1783         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1784                 inet_twsk_put(inet_twsk(sk));
1785                 goto discard_it;
1786         }
1787
1788         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1789                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1790                 inet_twsk_put(inet_twsk(sk));
1791                 goto discard_it;
1792         }
1793
1794         switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1795         case TCP_TW_SYN:
1796         {
1797                 struct sock *sk2;
1798
1799                 sk2 = inet6_lookup_listener(&tcp_hashinfo,
1800                                             &skb->nh.ipv6h->daddr,
1801                                             ntohs(th->dest), inet6_iif(skb));
1802                 if (sk2 != NULL) {
1803                         struct inet_timewait_sock *tw = inet_twsk(sk);
1804                         inet_twsk_deschedule(tw, &tcp_death_row);
1805                         inet_twsk_put(tw);
1806                         sk = sk2;
1807                         goto process;
1808                 }
1809                 /* Fall through to ACK */
1810         }
1811         case TCP_TW_ACK:
1812                 tcp_v6_timewait_ack(sk, skb);
1813                 break;
1814         case TCP_TW_RST:
1815                 goto no_tcp_socket;
1816         case TCP_TW_SUCCESS:;
1817         }
1818         goto discard_it;
1819 }
1820
1821 static int tcp_v6_remember_stamp(struct sock *sk)
1822 {
1823         /* Alas, not yet... */
1824         return 0;
1825 }
1826
1827 static struct inet_connection_sock_af_ops ipv6_specific = {
1828         .queue_xmit        = inet6_csk_xmit,
1829         .send_check        = tcp_v6_send_check,
1830         .rebuild_header    = inet6_sk_rebuild_header,
1831         .conn_request      = tcp_v6_conn_request,
1832         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1833         .remember_stamp    = tcp_v6_remember_stamp,
1834         .net_header_len    = sizeof(struct ipv6hdr),
1835         .setsockopt        = ipv6_setsockopt,
1836         .getsockopt        = ipv6_getsockopt,
1837         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1838         .sockaddr_len      = sizeof(struct sockaddr_in6),
1839 #ifdef CONFIG_COMPAT
1840         .compat_setsockopt = compat_ipv6_setsockopt,
1841         .compat_getsockopt = compat_ipv6_getsockopt,
1842 #endif
1843 };
1844
1845 #ifdef CONFIG_TCP_MD5SIG
1846 static struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1847         .md5_lookup     =       tcp_v6_md5_lookup,
1848         .calc_md5_hash  =       tcp_v6_calc_md5_hash,
1849         .md5_add        =       tcp_v6_md5_add_func,
1850         .md5_parse      =       tcp_v6_parse_md5_keys,
1851 };
1852 #endif
1853
1854 /*
1855  *      TCP over IPv4 via INET6 API
1856  */
1857
1858 static struct inet_connection_sock_af_ops ipv6_mapped = {
1859         .queue_xmit        = ip_queue_xmit,
1860         .send_check        = tcp_v4_send_check,
1861         .rebuild_header    = inet_sk_rebuild_header,
1862         .conn_request      = tcp_v6_conn_request,
1863         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1864         .remember_stamp    = tcp_v4_remember_stamp,
1865         .net_header_len    = sizeof(struct iphdr),
1866         .setsockopt        = ipv6_setsockopt,
1867         .getsockopt        = ipv6_getsockopt,
1868         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1869         .sockaddr_len      = sizeof(struct sockaddr_in6),
1870 #ifdef CONFIG_COMPAT
1871         .compat_setsockopt = compat_ipv6_setsockopt,
1872         .compat_getsockopt = compat_ipv6_getsockopt,
1873 #endif
1874 };
1875
1876 #ifdef CONFIG_TCP_MD5SIG
1877 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1878         .md5_lookup     =       tcp_v4_md5_lookup,
1879         .calc_md5_hash  =       tcp_v4_calc_md5_hash,
1880         .md5_add        =       tcp_v6_md5_add_func,
1881         .md5_parse      =       tcp_v6_parse_md5_keys,
1882 };
1883 #endif
1884
1885 /* NOTE: A lot of things set to zero explicitly by call to
1886  *       sk_alloc() so need not be done here.
1887  */
1888 static int tcp_v6_init_sock(struct sock *sk)
1889 {
1890         struct inet_connection_sock *icsk = inet_csk(sk);
1891         struct tcp_sock *tp = tcp_sk(sk);
1892
1893         skb_queue_head_init(&tp->out_of_order_queue);
1894         tcp_init_xmit_timers(sk);
1895         tcp_prequeue_init(tp);
1896
1897         icsk->icsk_rto = TCP_TIMEOUT_INIT;
1898         tp->mdev = TCP_TIMEOUT_INIT;
1899
1900         /* So many TCP implementations out there (incorrectly) count the
1901          * initial SYN frame in their delayed-ACK and congestion control
1902          * algorithms that we must have the following bandaid to talk
1903          * efficiently to them.  -DaveM
1904          */
1905         tp->snd_cwnd = 2;
1906
1907         /* See draft-stevens-tcpca-spec-01 for discussion of the
1908          * initialization of these values.
1909          */
1910         tp->snd_ssthresh = 0x7fffffff;
1911         tp->snd_cwnd_clamp = ~0;
1912         tp->mss_cache = 536;
1913
1914         tp->reordering = sysctl_tcp_reordering;
1915
1916         sk->sk_state = TCP_CLOSE;
1917
1918         icsk->icsk_af_ops = &ipv6_specific;
1919         icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1920         icsk->icsk_sync_mss = tcp_sync_mss;
1921         sk->sk_write_space = sk_stream_write_space;
1922         sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1923
1924 #ifdef CONFIG_TCP_MD5SIG
1925         tp->af_specific = &tcp_sock_ipv6_specific;
1926 #endif
1927
1928         sk->sk_sndbuf = sysctl_tcp_wmem[1];
1929         sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1930
1931         atomic_inc(&tcp_sockets_allocated);
1932
1933         return 0;
1934 }
1935
1936 static int tcp_v6_destroy_sock(struct sock *sk)
1937 {
1938 #ifdef CONFIG_TCP_MD5SIG
1939         /* Clean up the MD5 key list */
1940         if (tcp_sk(sk)->md5sig_info)
1941                 tcp_v6_clear_md5_list(sk);
1942 #endif
1943         tcp_v4_destroy_sock(sk);
1944         return inet6_destroy_sock(sk);
1945 }
1946
1947 /* Proc filesystem TCPv6 sock list dumping. */
1948 static void get_openreq6(struct seq_file *seq,
1949                          struct sock *sk, struct request_sock *req, int i, int uid)
1950 {
1951         int ttd = req->expires - jiffies;
1952         struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1953         struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1954
1955         if (ttd < 0)
1956                 ttd = 0;
1957
1958         seq_printf(seq,
1959                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1960                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1961                    i,
1962                    src->s6_addr32[0], src->s6_addr32[1],
1963                    src->s6_addr32[2], src->s6_addr32[3],
1964                    ntohs(inet_sk(sk)->sport),
1965                    dest->s6_addr32[0], dest->s6_addr32[1],
1966                    dest->s6_addr32[2], dest->s6_addr32[3],
1967                    ntohs(inet_rsk(req)->rmt_port),
1968                    TCP_SYN_RECV,
1969                    0,0, /* could print option size, but that is af dependent. */
1970                    1,   /* timers active (only the expire timer) */
1971                    jiffies_to_clock_t(ttd),
1972                    req->retrans,
1973                    uid,
1974                    0,  /* non standard timer */
1975                    0, /* open_requests have no inode */
1976                    0, req);
1977 }
1978
1979 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1980 {
1981         struct in6_addr *dest, *src;
1982         __u16 destp, srcp;
1983         int timer_active;
1984         unsigned long timer_expires;
1985         struct inet_sock *inet = inet_sk(sp);
1986         struct tcp_sock *tp = tcp_sk(sp);
1987         const struct inet_connection_sock *icsk = inet_csk(sp);
1988         struct ipv6_pinfo *np = inet6_sk(sp);
1989
1990         dest  = &np->daddr;
1991         src   = &np->rcv_saddr;
1992         destp = ntohs(inet->dport);
1993         srcp  = ntohs(inet->sport);
1994
1995         if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1996                 timer_active    = 1;
1997                 timer_expires   = icsk->icsk_timeout;
1998         } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1999                 timer_active    = 4;
2000                 timer_expires   = icsk->icsk_timeout;
2001         } else if (timer_pending(&sp->sk_timer)) {
2002                 timer_active    = 2;
2003                 timer_expires   = sp->sk_timer.expires;
2004         } else {
2005                 timer_active    = 0;
2006                 timer_expires = jiffies;
2007         }
2008
2009         seq_printf(seq,
2010                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2011                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %u %u %u %u %d\n",
2012                    i,
2013                    src->s6_addr32[0], src->s6_addr32[1],
2014                    src->s6_addr32[2], src->s6_addr32[3], srcp,
2015                    dest->s6_addr32[0], dest->s6_addr32[1],
2016                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
2017                    sp->sk_state,
2018                    tp->write_seq-tp->snd_una,
2019                    (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
2020                    timer_active,
2021                    jiffies_to_clock_t(timer_expires - jiffies),
2022                    icsk->icsk_retransmits,
2023                    sock_i_uid(sp),
2024                    icsk->icsk_probes_out,
2025                    sock_i_ino(sp),
2026                    atomic_read(&sp->sk_refcnt), sp,
2027                    icsk->icsk_rto,
2028                    icsk->icsk_ack.ato,
2029                    (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
2030                    tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
2031                    );
2032 }
2033
2034 static void get_timewait6_sock(struct seq_file *seq,
2035                                struct inet_timewait_sock *tw, int i)
2036 {
2037         struct in6_addr *dest, *src;
2038         __u16 destp, srcp;
2039         struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
2040         int ttd = tw->tw_ttd - jiffies;
2041
2042         if (ttd < 0)
2043                 ttd = 0;
2044
2045         dest = &tw6->tw_v6_daddr;
2046         src  = &tw6->tw_v6_rcv_saddr;
2047         destp = ntohs(tw->tw_dport);
2048         srcp  = ntohs(tw->tw_sport);
2049
2050         seq_printf(seq,
2051                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2052                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
2053                    i,
2054                    src->s6_addr32[0], src->s6_addr32[1],
2055                    src->s6_addr32[2], src->s6_addr32[3], srcp,
2056                    dest->s6_addr32[0], dest->s6_addr32[1],
2057                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
2058                    tw->tw_substate, 0, 0,
2059                    3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2060                    atomic_read(&tw->tw_refcnt), tw);
2061 }
2062
2063 #ifdef CONFIG_PROC_FS
2064 static int tcp6_seq_show(struct seq_file *seq, void *v)
2065 {
2066         struct tcp_iter_state *st;
2067
2068         if (v == SEQ_START_TOKEN) {
2069                 seq_puts(seq,
2070                          "  sl  "
2071                          "local_address                         "
2072                          "remote_address                        "
2073                          "st tx_queue rx_queue tr tm->when retrnsmt"
2074                          "   uid  timeout inode\n");
2075                 goto out;
2076         }
2077         st = seq->private;
2078
2079         switch (st->state) {
2080         case TCP_SEQ_STATE_LISTENING:
2081         case TCP_SEQ_STATE_ESTABLISHED:
2082                 get_tcp6_sock(seq, v, st->num);
2083                 break;
2084         case TCP_SEQ_STATE_OPENREQ:
2085                 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
2086                 break;
2087         case TCP_SEQ_STATE_TIME_WAIT:
2088                 get_timewait6_sock(seq, v, st->num);
2089                 break;
2090         }
2091 out:
2092         return 0;
2093 }
2094
2095 static struct file_operations tcp6_seq_fops;
2096 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2097         .owner          = THIS_MODULE,
2098         .name           = "tcp6",
2099         .family         = AF_INET6,
2100         .seq_show       = tcp6_seq_show,
2101         .seq_fops       = &tcp6_seq_fops,
2102 };
2103
2104 int __init tcp6_proc_init(void)
2105 {
2106         return tcp_proc_register(&tcp6_seq_afinfo);
2107 }
2108
2109 void tcp6_proc_exit(void)
2110 {
2111         tcp_proc_unregister(&tcp6_seq_afinfo);
2112 }
2113 #endif
2114
2115 struct proto tcpv6_prot = {
2116         .name                   = "TCPv6",
2117         .owner                  = THIS_MODULE,
2118         .close                  = tcp_close,
2119         .connect                = tcp_v6_connect,
2120         .disconnect             = tcp_disconnect,
2121         .accept                 = inet_csk_accept,
2122         .ioctl                  = tcp_ioctl,
2123         .init                   = tcp_v6_init_sock,
2124         .destroy                = tcp_v6_destroy_sock,
2125         .shutdown               = tcp_shutdown,
2126         .setsockopt             = tcp_setsockopt,
2127         .getsockopt             = tcp_getsockopt,
2128         .sendmsg                = tcp_sendmsg,
2129         .recvmsg                = tcp_recvmsg,
2130         .backlog_rcv            = tcp_v6_do_rcv,
2131         .hash                   = tcp_v6_hash,
2132         .unhash                 = tcp_unhash,
2133         .get_port               = tcp_v6_get_port,
2134         .enter_memory_pressure  = tcp_enter_memory_pressure,
2135         .sockets_allocated      = &tcp_sockets_allocated,
2136         .memory_allocated       = &tcp_memory_allocated,
2137         .memory_pressure        = &tcp_memory_pressure,
2138         .orphan_count           = &tcp_orphan_count,
2139         .sysctl_mem             = sysctl_tcp_mem,
2140         .sysctl_wmem            = sysctl_tcp_wmem,
2141         .sysctl_rmem            = sysctl_tcp_rmem,
2142         .max_header             = MAX_TCP_HEADER,
2143         .obj_size               = sizeof(struct tcp6_sock),
2144         .twsk_prot              = &tcp6_timewait_sock_ops,
2145         .rsk_prot               = &tcp6_request_sock_ops,
2146 #ifdef CONFIG_COMPAT
2147         .compat_setsockopt      = compat_tcp_setsockopt,
2148         .compat_getsockopt      = compat_tcp_getsockopt,
2149 #endif
2150 };
2151
2152 static struct inet6_protocol tcpv6_protocol = {
2153         .handler        =       tcp_v6_rcv,
2154         .err_handler    =       tcp_v6_err,
2155         .gso_send_check =       tcp_v6_gso_send_check,
2156         .gso_segment    =       tcp_tso_segment,
2157         .flags          =       INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2158 };
2159
2160 static struct inet_protosw tcpv6_protosw = {
2161         .type           =       SOCK_STREAM,
2162         .protocol       =       IPPROTO_TCP,
2163         .prot           =       &tcpv6_prot,
2164         .ops            =       &inet6_stream_ops,
2165         .capability     =       -1,
2166         .no_check       =       0,
2167         .flags          =       INET_PROTOSW_PERMANENT |
2168                                 INET_PROTOSW_ICSK,
2169 };
2170
2171 void __init tcpv6_init(void)
2172 {
2173         /* register inet6 protocol */
2174         if (inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP) < 0)
2175                 printk(KERN_ERR "tcpv6_init: Could not register protocol\n");
2176         inet6_register_protosw(&tcpv6_protosw);
2177
2178         if (inet_csk_ctl_sock_create(&tcp6_socket, PF_INET6, SOCK_RAW,
2179                                      IPPROTO_TCP) < 0)
2180                 panic("Failed to create the TCPv6 control socket.\n");
2181 }