Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
[linux-2.6] / net / ipv6 / tcp_ipv6.c
1 /*
2  *      TCP over IPv6
3  *      Linux INET6 implementation 
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>     
7  *
8  *      $Id: tcp_ipv6.c,v 1.144 2002/02/01 22:01:04 davem Exp $
9  *
10  *      Based on: 
11  *      linux/net/ipv4/tcp.c
12  *      linux/net/ipv4/tcp_input.c
13  *      linux/net/ipv4/tcp_output.c
14  *
15  *      Fixes:
16  *      Hideaki YOSHIFUJI       :       sin6_scope_id support
17  *      YOSHIFUJI Hideaki @USAGI and:   Support IPV6_V6ONLY socket option, which
18  *      Alexey Kuznetsov                allow both IPv4 and IPv6 sockets to bind
19  *                                      a single port at the same time.
20  *      YOSHIFUJI Hideaki @USAGI:       convert /proc/net/tcp6 to seq_file.
21  *
22  *      This program is free software; you can redistribute it and/or
23  *      modify it under the terms of the GNU General Public License
24  *      as published by the Free Software Foundation; either version
25  *      2 of the License, or (at your option) any later version.
26  */
27
28 #include <linux/module.h>
29 #include <linux/config.h>
30 #include <linux/errno.h>
31 #include <linux/types.h>
32 #include <linux/socket.h>
33 #include <linux/sockios.h>
34 #include <linux/net.h>
35 #include <linux/jiffies.h>
36 #include <linux/in.h>
37 #include <linux/in6.h>
38 #include <linux/netdevice.h>
39 #include <linux/init.h>
40 #include <linux/jhash.h>
41 #include <linux/ipsec.h>
42 #include <linux/times.h>
43
44 #include <linux/ipv6.h>
45 #include <linux/icmpv6.h>
46 #include <linux/random.h>
47
48 #include <net/tcp.h>
49 #include <net/ndisc.h>
50 #include <net/inet6_hashtables.h>
51 #include <net/inet6_connection_sock.h>
52 #include <net/ipv6.h>
53 #include <net/transp_v6.h>
54 #include <net/addrconf.h>
55 #include <net/ip6_route.h>
56 #include <net/ip6_checksum.h>
57 #include <net/inet_ecn.h>
58 #include <net/protocol.h>
59 #include <net/xfrm.h>
60 #include <net/addrconf.h>
61 #include <net/snmp.h>
62 #include <net/dsfield.h>
63 #include <net/timewait_sock.h>
64
65 #include <asm/uaccess.h>
66
67 #include <linux/proc_fs.h>
68 #include <linux/seq_file.h>
69
70 static void     tcp_v6_send_reset(struct sk_buff *skb);
71 static void     tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req);
72 static void     tcp_v6_send_check(struct sock *sk, int len, 
73                                   struct sk_buff *skb);
74
75 static int      tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
76
77 static struct inet_connection_sock_af_ops ipv6_mapped;
78 static struct inet_connection_sock_af_ops ipv6_specific;
79
80 static int tcp_v6_get_port(struct sock *sk, unsigned short snum)
81 {
82         return inet_csk_get_port(&tcp_hashinfo, sk, snum,
83                                  inet6_csk_bind_conflict);
84 }
85
86 static void tcp_v6_hash(struct sock *sk)
87 {
88         if (sk->sk_state != TCP_CLOSE) {
89                 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
90                         tcp_prot.hash(sk);
91                         return;
92                 }
93                 local_bh_disable();
94                 __inet6_hash(&tcp_hashinfo, sk);
95                 local_bh_enable();
96         }
97 }
98
99 static __inline__ u16 tcp_v6_check(struct tcphdr *th, int len,
100                                    struct in6_addr *saddr, 
101                                    struct in6_addr *daddr, 
102                                    unsigned long base)
103 {
104         return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
105 }
106
107 static __u32 tcp_v6_init_sequence(struct sock *sk, struct sk_buff *skb)
108 {
109         if (skb->protocol == htons(ETH_P_IPV6)) {
110                 return secure_tcpv6_sequence_number(skb->nh.ipv6h->daddr.s6_addr32,
111                                                     skb->nh.ipv6h->saddr.s6_addr32,
112                                                     skb->h.th->dest,
113                                                     skb->h.th->source);
114         } else {
115                 return secure_tcp_sequence_number(skb->nh.iph->daddr,
116                                                   skb->nh.iph->saddr,
117                                                   skb->h.th->dest,
118                                                   skb->h.th->source);
119         }
120 }
121
122 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 
123                           int addr_len)
124 {
125         struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
126         struct inet_sock *inet = inet_sk(sk);
127         struct inet_connection_sock *icsk = inet_csk(sk);
128         struct ipv6_pinfo *np = inet6_sk(sk);
129         struct tcp_sock *tp = tcp_sk(sk);
130         struct in6_addr *saddr = NULL, *final_p = NULL, final;
131         struct flowi fl;
132         struct dst_entry *dst;
133         int addr_type;
134         int err;
135
136         if (addr_len < SIN6_LEN_RFC2133) 
137                 return -EINVAL;
138
139         if (usin->sin6_family != AF_INET6) 
140                 return(-EAFNOSUPPORT);
141
142         memset(&fl, 0, sizeof(fl));
143
144         if (np->sndflow) {
145                 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
146                 IP6_ECN_flow_init(fl.fl6_flowlabel);
147                 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
148                         struct ip6_flowlabel *flowlabel;
149                         flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
150                         if (flowlabel == NULL)
151                                 return -EINVAL;
152                         ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
153                         fl6_sock_release(flowlabel);
154                 }
155         }
156
157         /*
158          *      connect() to INADDR_ANY means loopback (BSD'ism).
159          */
160         
161         if(ipv6_addr_any(&usin->sin6_addr))
162                 usin->sin6_addr.s6_addr[15] = 0x1; 
163
164         addr_type = ipv6_addr_type(&usin->sin6_addr);
165
166         if(addr_type & IPV6_ADDR_MULTICAST)
167                 return -ENETUNREACH;
168
169         if (addr_type&IPV6_ADDR_LINKLOCAL) {
170                 if (addr_len >= sizeof(struct sockaddr_in6) &&
171                     usin->sin6_scope_id) {
172                         /* If interface is set while binding, indices
173                          * must coincide.
174                          */
175                         if (sk->sk_bound_dev_if &&
176                             sk->sk_bound_dev_if != usin->sin6_scope_id)
177                                 return -EINVAL;
178
179                         sk->sk_bound_dev_if = usin->sin6_scope_id;
180                 }
181
182                 /* Connect to link-local address requires an interface */
183                 if (!sk->sk_bound_dev_if)
184                         return -EINVAL;
185         }
186
187         if (tp->rx_opt.ts_recent_stamp &&
188             !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
189                 tp->rx_opt.ts_recent = 0;
190                 tp->rx_opt.ts_recent_stamp = 0;
191                 tp->write_seq = 0;
192         }
193
194         ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
195         np->flow_label = fl.fl6_flowlabel;
196
197         /*
198          *      TCP over IPv4
199          */
200
201         if (addr_type == IPV6_ADDR_MAPPED) {
202                 u32 exthdrlen = icsk->icsk_ext_hdr_len;
203                 struct sockaddr_in sin;
204
205                 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
206
207                 if (__ipv6_only_sock(sk))
208                         return -ENETUNREACH;
209
210                 sin.sin_family = AF_INET;
211                 sin.sin_port = usin->sin6_port;
212                 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
213
214                 icsk->icsk_af_ops = &ipv6_mapped;
215                 sk->sk_backlog_rcv = tcp_v4_do_rcv;
216
217                 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
218
219                 if (err) {
220                         icsk->icsk_ext_hdr_len = exthdrlen;
221                         icsk->icsk_af_ops = &ipv6_specific;
222                         sk->sk_backlog_rcv = tcp_v6_do_rcv;
223                         goto failure;
224                 } else {
225                         ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF),
226                                       inet->saddr);
227                         ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF),
228                                       inet->rcv_saddr);
229                 }
230
231                 return err;
232         }
233
234         if (!ipv6_addr_any(&np->rcv_saddr))
235                 saddr = &np->rcv_saddr;
236
237         fl.proto = IPPROTO_TCP;
238         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
239         ipv6_addr_copy(&fl.fl6_src,
240                        (saddr ? saddr : &np->saddr));
241         fl.oif = sk->sk_bound_dev_if;
242         fl.fl_ip_dport = usin->sin6_port;
243         fl.fl_ip_sport = inet->sport;
244
245         if (np->opt && np->opt->srcrt) {
246                 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
247                 ipv6_addr_copy(&final, &fl.fl6_dst);
248                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
249                 final_p = &final;
250         }
251
252         err = ip6_dst_lookup(sk, &dst, &fl);
253         if (err)
254                 goto failure;
255         if (final_p)
256                 ipv6_addr_copy(&fl.fl6_dst, final_p);
257
258         if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
259                 goto failure;
260
261         if (saddr == NULL) {
262                 saddr = &fl.fl6_src;
263                 ipv6_addr_copy(&np->rcv_saddr, saddr);
264         }
265
266         /* set the source address */
267         ipv6_addr_copy(&np->saddr, saddr);
268         inet->rcv_saddr = LOOPBACK4_IPV6;
269
270         ip6_dst_store(sk, dst, NULL);
271         sk->sk_route_caps = dst->dev->features &
272                 ~(NETIF_F_IP_CSUM | NETIF_F_TSO);
273
274         icsk->icsk_ext_hdr_len = 0;
275         if (np->opt)
276                 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
277                                           np->opt->opt_nflen);
278
279         tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
280
281         inet->dport = usin->sin6_port;
282
283         tcp_set_state(sk, TCP_SYN_SENT);
284         err = inet6_hash_connect(&tcp_death_row, sk);
285         if (err)
286                 goto late_failure;
287
288         if (!tp->write_seq)
289                 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
290                                                              np->daddr.s6_addr32,
291                                                              inet->sport,
292                                                              inet->dport);
293
294         err = tcp_connect(sk);
295         if (err)
296                 goto late_failure;
297
298         return 0;
299
300 late_failure:
301         tcp_set_state(sk, TCP_CLOSE);
302         __sk_dst_reset(sk);
303 failure:
304         inet->dport = 0;
305         sk->sk_route_caps = 0;
306         return err;
307 }
308
309 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
310                 int type, int code, int offset, __u32 info)
311 {
312         struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
313         const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
314         struct ipv6_pinfo *np;
315         struct sock *sk;
316         int err;
317         struct tcp_sock *tp; 
318         __u32 seq;
319
320         sk = inet6_lookup(&tcp_hashinfo, &hdr->daddr, th->dest, &hdr->saddr,
321                           th->source, skb->dev->ifindex);
322
323         if (sk == NULL) {
324                 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
325                 return;
326         }
327
328         if (sk->sk_state == TCP_TIME_WAIT) {
329                 inet_twsk_put((struct inet_timewait_sock *)sk);
330                 return;
331         }
332
333         bh_lock_sock(sk);
334         if (sock_owned_by_user(sk))
335                 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
336
337         if (sk->sk_state == TCP_CLOSE)
338                 goto out;
339
340         tp = tcp_sk(sk);
341         seq = ntohl(th->seq); 
342         if (sk->sk_state != TCP_LISTEN &&
343             !between(seq, tp->snd_una, tp->snd_nxt)) {
344                 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
345                 goto out;
346         }
347
348         np = inet6_sk(sk);
349
350         if (type == ICMPV6_PKT_TOOBIG) {
351                 struct dst_entry *dst = NULL;
352
353                 if (sock_owned_by_user(sk))
354                         goto out;
355                 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
356                         goto out;
357
358                 /* icmp should have updated the destination cache entry */
359                 dst = __sk_dst_check(sk, np->dst_cookie);
360
361                 if (dst == NULL) {
362                         struct inet_sock *inet = inet_sk(sk);
363                         struct flowi fl;
364
365                         /* BUGGG_FUTURE: Again, it is not clear how
366                            to handle rthdr case. Ignore this complexity
367                            for now.
368                          */
369                         memset(&fl, 0, sizeof(fl));
370                         fl.proto = IPPROTO_TCP;
371                         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
372                         ipv6_addr_copy(&fl.fl6_src, &np->saddr);
373                         fl.oif = sk->sk_bound_dev_if;
374                         fl.fl_ip_dport = inet->dport;
375                         fl.fl_ip_sport = inet->sport;
376
377                         if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
378                                 sk->sk_err_soft = -err;
379                                 goto out;
380                         }
381
382                         if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
383                                 sk->sk_err_soft = -err;
384                                 goto out;
385                         }
386
387                 } else
388                         dst_hold(dst);
389
390                 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
391                         tcp_sync_mss(sk, dst_mtu(dst));
392                         tcp_simple_retransmit(sk);
393                 } /* else let the usual retransmit timer handle it */
394                 dst_release(dst);
395                 goto out;
396         }
397
398         icmpv6_err_convert(type, code, &err);
399
400         /* Might be for an request_sock */
401         switch (sk->sk_state) {
402                 struct request_sock *req, **prev;
403         case TCP_LISTEN:
404                 if (sock_owned_by_user(sk))
405                         goto out;
406
407                 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
408                                            &hdr->saddr, inet6_iif(skb));
409                 if (!req)
410                         goto out;
411
412                 /* ICMPs are not backlogged, hence we cannot get
413                  * an established socket here.
414                  */
415                 BUG_TRAP(req->sk == NULL);
416
417                 if (seq != tcp_rsk(req)->snt_isn) {
418                         NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
419                         goto out;
420                 }
421
422                 inet_csk_reqsk_queue_drop(sk, req, prev);
423                 goto out;
424
425         case TCP_SYN_SENT:
426         case TCP_SYN_RECV:  /* Cannot happen.
427                                It can, it SYNs are crossed. --ANK */ 
428                 if (!sock_owned_by_user(sk)) {
429                         TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
430                         sk->sk_err = err;
431                         sk->sk_error_report(sk);                /* Wake people up to see the error (see connect in sock.c) */
432
433                         tcp_done(sk);
434                 } else
435                         sk->sk_err_soft = err;
436                 goto out;
437         }
438
439         if (!sock_owned_by_user(sk) && np->recverr) {
440                 sk->sk_err = err;
441                 sk->sk_error_report(sk);
442         } else
443                 sk->sk_err_soft = err;
444
445 out:
446         bh_unlock_sock(sk);
447         sock_put(sk);
448 }
449
450
451 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
452                               struct dst_entry *dst)
453 {
454         struct inet6_request_sock *treq = inet6_rsk(req);
455         struct ipv6_pinfo *np = inet6_sk(sk);
456         struct sk_buff * skb;
457         struct ipv6_txoptions *opt = NULL;
458         struct in6_addr * final_p = NULL, final;
459         struct flowi fl;
460         int err = -1;
461
462         memset(&fl, 0, sizeof(fl));
463         fl.proto = IPPROTO_TCP;
464         ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
465         ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
466         fl.fl6_flowlabel = 0;
467         fl.oif = treq->iif;
468         fl.fl_ip_dport = inet_rsk(req)->rmt_port;
469         fl.fl_ip_sport = inet_sk(sk)->sport;
470
471         if (dst == NULL) {
472                 opt = np->opt;
473                 if (opt == NULL &&
474                     np->rxopt.bits.osrcrt == 2 &&
475                     treq->pktopts) {
476                         struct sk_buff *pktopts = treq->pktopts;
477                         struct inet6_skb_parm *rxopt = IP6CB(pktopts);
478                         if (rxopt->srcrt)
479                                 opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr*)(pktopts->nh.raw + rxopt->srcrt));
480                 }
481
482                 if (opt && opt->srcrt) {
483                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
484                         ipv6_addr_copy(&final, &fl.fl6_dst);
485                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
486                         final_p = &final;
487                 }
488
489                 err = ip6_dst_lookup(sk, &dst, &fl);
490                 if (err)
491                         goto done;
492                 if (final_p)
493                         ipv6_addr_copy(&fl.fl6_dst, final_p);
494                 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
495                         goto done;
496         }
497
498         skb = tcp_make_synack(sk, dst, req);
499         if (skb) {
500                 struct tcphdr *th = skb->h.th;
501
502                 th->check = tcp_v6_check(th, skb->len,
503                                          &treq->loc_addr, &treq->rmt_addr,
504                                          csum_partial((char *)th, skb->len, skb->csum));
505
506                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
507                 err = ip6_xmit(sk, skb, &fl, opt, 0);
508                 if (err == NET_XMIT_CN)
509                         err = 0;
510         }
511
512 done:
513         if (opt && opt != np->opt)
514                 sock_kfree_s(sk, opt, opt->tot_len);
515         return err;
516 }
517
518 static void tcp_v6_reqsk_destructor(struct request_sock *req)
519 {
520         if (inet6_rsk(req)->pktopts)
521                 kfree_skb(inet6_rsk(req)->pktopts);
522 }
523
524 static struct request_sock_ops tcp6_request_sock_ops = {
525         .family         =       AF_INET6,
526         .obj_size       =       sizeof(struct tcp6_request_sock),
527         .rtx_syn_ack    =       tcp_v6_send_synack,
528         .send_ack       =       tcp_v6_reqsk_send_ack,
529         .destructor     =       tcp_v6_reqsk_destructor,
530         .send_reset     =       tcp_v6_send_reset
531 };
532
533 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
534         .twsk_obj_size  = sizeof(struct tcp6_timewait_sock),
535         .twsk_unique    = tcp_twsk_unique,
536 };
537
538 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb)
539 {
540         struct ipv6_pinfo *np = inet6_sk(sk);
541         struct tcphdr *th = skb->h.th;
542
543         if (skb->ip_summed == CHECKSUM_HW) {
544                 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,  0);
545                 skb->csum = offsetof(struct tcphdr, check);
546         } else {
547                 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP, 
548                                             csum_partial((char *)th, th->doff<<2, 
549                                                          skb->csum));
550         }
551 }
552
553
554 static void tcp_v6_send_reset(struct sk_buff *skb)
555 {
556         struct tcphdr *th = skb->h.th, *t1; 
557         struct sk_buff *buff;
558         struct flowi fl;
559
560         if (th->rst)
561                 return;
562
563         if (!ipv6_unicast_destination(skb))
564                 return; 
565
566         /*
567          * We need to grab some memory, and put together an RST,
568          * and then put it into the queue to be sent.
569          */
570
571         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + sizeof(struct tcphdr),
572                          GFP_ATOMIC);
573         if (buff == NULL) 
574                 return;
575
576         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + sizeof(struct tcphdr));
577
578         t1 = (struct tcphdr *) skb_push(buff,sizeof(struct tcphdr));
579
580         /* Swap the send and the receive. */
581         memset(t1, 0, sizeof(*t1));
582         t1->dest = th->source;
583         t1->source = th->dest;
584         t1->doff = sizeof(*t1)/4;
585         t1->rst = 1;
586   
587         if(th->ack) {
588                 t1->seq = th->ack_seq;
589         } else {
590                 t1->ack = 1;
591                 t1->ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin
592                                     + skb->len - (th->doff<<2));
593         }
594
595         buff->csum = csum_partial((char *)t1, sizeof(*t1), 0);
596
597         memset(&fl, 0, sizeof(fl));
598         ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
599         ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
600
601         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
602                                     sizeof(*t1), IPPROTO_TCP,
603                                     buff->csum);
604
605         fl.proto = IPPROTO_TCP;
606         fl.oif = inet6_iif(skb);
607         fl.fl_ip_dport = t1->dest;
608         fl.fl_ip_sport = t1->source;
609
610         /* sk = NULL, but it is safe for now. RST socket required. */
611         if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
612
613                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
614                         ip6_xmit(NULL, buff, &fl, NULL, 0);
615                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
616                         TCP_INC_STATS_BH(TCP_MIB_OUTRSTS);
617                         return;
618                 }
619         }
620
621         kfree_skb(buff);
622 }
623
624 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts)
625 {
626         struct tcphdr *th = skb->h.th, *t1;
627         struct sk_buff *buff;
628         struct flowi fl;
629         int tot_len = sizeof(struct tcphdr);
630
631         if (ts)
632                 tot_len += 3*4;
633
634         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
635                          GFP_ATOMIC);
636         if (buff == NULL)
637                 return;
638
639         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
640
641         t1 = (struct tcphdr *) skb_push(buff,tot_len);
642
643         /* Swap the send and the receive. */
644         memset(t1, 0, sizeof(*t1));
645         t1->dest = th->source;
646         t1->source = th->dest;
647         t1->doff = tot_len/4;
648         t1->seq = htonl(seq);
649         t1->ack_seq = htonl(ack);
650         t1->ack = 1;
651         t1->window = htons(win);
652         
653         if (ts) {
654                 u32 *ptr = (u32*)(t1 + 1);
655                 *ptr++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
656                                (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
657                 *ptr++ = htonl(tcp_time_stamp);
658                 *ptr = htonl(ts);
659         }
660
661         buff->csum = csum_partial((char *)t1, tot_len, 0);
662
663         memset(&fl, 0, sizeof(fl));
664         ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
665         ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
666
667         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
668                                     tot_len, IPPROTO_TCP,
669                                     buff->csum);
670
671         fl.proto = IPPROTO_TCP;
672         fl.oif = inet6_iif(skb);
673         fl.fl_ip_dport = t1->dest;
674         fl.fl_ip_sport = t1->source;
675
676         if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
677                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
678                         ip6_xmit(NULL, buff, &fl, NULL, 0);
679                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
680                         return;
681                 }
682         }
683
684         kfree_skb(buff);
685 }
686
687 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
688 {
689         struct inet_timewait_sock *tw = inet_twsk(sk);
690         const struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
691
692         tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
693                         tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
694                         tcptw->tw_ts_recent);
695
696         inet_twsk_put(tw);
697 }
698
699 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req)
700 {
701         tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent);
702 }
703
704
705 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
706 {
707         struct request_sock *req, **prev;
708         const struct tcphdr *th = skb->h.th;
709         struct sock *nsk;
710
711         /* Find possible connection requests. */
712         req = inet6_csk_search_req(sk, &prev, th->source,
713                                    &skb->nh.ipv6h->saddr,
714                                    &skb->nh.ipv6h->daddr, inet6_iif(skb));
715         if (req)
716                 return tcp_check_req(sk, skb, req, prev);
717
718         nsk = __inet6_lookup_established(&tcp_hashinfo, &skb->nh.ipv6h->saddr,
719                                          th->source, &skb->nh.ipv6h->daddr,
720                                          ntohs(th->dest), inet6_iif(skb));
721
722         if (nsk) {
723                 if (nsk->sk_state != TCP_TIME_WAIT) {
724                         bh_lock_sock(nsk);
725                         return nsk;
726                 }
727                 inet_twsk_put((struct inet_timewait_sock *)nsk);
728                 return NULL;
729         }
730
731 #if 0 /*def CONFIG_SYN_COOKIES*/
732         if (!th->rst && !th->syn && th->ack)
733                 sk = cookie_v6_check(sk, skb, &(IPCB(skb)->opt));
734 #endif
735         return sk;
736 }
737
738 /* FIXME: this is substantially similar to the ipv4 code.
739  * Can some kind of merge be done? -- erics
740  */
741 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
742 {
743         struct inet6_request_sock *treq;
744         struct ipv6_pinfo *np = inet6_sk(sk);
745         struct tcp_options_received tmp_opt;
746         struct tcp_sock *tp = tcp_sk(sk);
747         struct request_sock *req = NULL;
748         __u32 isn = TCP_SKB_CB(skb)->when;
749
750         if (skb->protocol == htons(ETH_P_IP))
751                 return tcp_v4_conn_request(sk, skb);
752
753         if (!ipv6_unicast_destination(skb))
754                 goto drop; 
755
756         /*
757          *      There are no SYN attacks on IPv6, yet...        
758          */
759         if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
760                 if (net_ratelimit())
761                         printk(KERN_INFO "TCPv6: dropping request, synflood is possible\n");
762                 goto drop;              
763         }
764
765         if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
766                 goto drop;
767
768         req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
769         if (req == NULL)
770                 goto drop;
771
772         tcp_clear_options(&tmp_opt);
773         tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
774         tmp_opt.user_mss = tp->rx_opt.user_mss;
775
776         tcp_parse_options(skb, &tmp_opt, 0);
777
778         tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
779         tcp_openreq_init(req, &tmp_opt, skb);
780
781         treq = inet6_rsk(req);
782         ipv6_addr_copy(&treq->rmt_addr, &skb->nh.ipv6h->saddr);
783         ipv6_addr_copy(&treq->loc_addr, &skb->nh.ipv6h->daddr);
784         TCP_ECN_create_request(req, skb->h.th);
785         treq->pktopts = NULL;
786         if (ipv6_opt_accepted(sk, skb) ||
787             np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
788             np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
789                 atomic_inc(&skb->users);
790                 treq->pktopts = skb;
791         }
792         treq->iif = sk->sk_bound_dev_if;
793
794         /* So that link locals have meaning */
795         if (!sk->sk_bound_dev_if &&
796             ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
797                 treq->iif = inet6_iif(skb);
798
799         if (isn == 0) 
800                 isn = tcp_v6_init_sequence(sk,skb);
801
802         tcp_rsk(req)->snt_isn = isn;
803
804         if (tcp_v6_send_synack(sk, req, NULL))
805                 goto drop;
806
807         inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
808         return 0;
809
810 drop:
811         if (req)
812                 reqsk_free(req);
813
814         TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
815         return 0; /* don't send reset */
816 }
817
818 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
819                                           struct request_sock *req,
820                                           struct dst_entry *dst)
821 {
822         struct inet6_request_sock *treq = inet6_rsk(req);
823         struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
824         struct tcp6_sock *newtcp6sk;
825         struct inet_sock *newinet;
826         struct tcp_sock *newtp;
827         struct sock *newsk;
828         struct ipv6_txoptions *opt;
829
830         if (skb->protocol == htons(ETH_P_IP)) {
831                 /*
832                  *      v6 mapped
833                  */
834
835                 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
836
837                 if (newsk == NULL) 
838                         return NULL;
839
840                 newtcp6sk = (struct tcp6_sock *)newsk;
841                 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
842
843                 newinet = inet_sk(newsk);
844                 newnp = inet6_sk(newsk);
845                 newtp = tcp_sk(newsk);
846
847                 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
848
849                 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF),
850                               newinet->daddr);
851
852                 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF),
853                               newinet->saddr);
854
855                 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
856
857                 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
858                 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
859                 newnp->pktoptions  = NULL;
860                 newnp->opt         = NULL;
861                 newnp->mcast_oif   = inet6_iif(skb);
862                 newnp->mcast_hops  = skb->nh.ipv6h->hop_limit;
863
864                 /*
865                  * No need to charge this sock to the relevant IPv6 refcnt debug socks count
866                  * here, tcp_create_openreq_child now does this for us, see the comment in
867                  * that function for the gory details. -acme
868                  */
869
870                 /* It is tricky place. Until this moment IPv4 tcp
871                    worked with IPv6 icsk.icsk_af_ops.
872                    Sync it now.
873                  */
874                 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
875
876                 return newsk;
877         }
878
879         opt = np->opt;
880
881         if (sk_acceptq_is_full(sk))
882                 goto out_overflow;
883
884         if (np->rxopt.bits.osrcrt == 2 &&
885             opt == NULL && treq->pktopts) {
886                 struct inet6_skb_parm *rxopt = IP6CB(treq->pktopts);
887                 if (rxopt->srcrt)
888                         opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr *)(treq->pktopts->nh.raw + rxopt->srcrt));
889         }
890
891         if (dst == NULL) {
892                 struct in6_addr *final_p = NULL, final;
893                 struct flowi fl;
894
895                 memset(&fl, 0, sizeof(fl));
896                 fl.proto = IPPROTO_TCP;
897                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
898                 if (opt && opt->srcrt) {
899                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
900                         ipv6_addr_copy(&final, &fl.fl6_dst);
901                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
902                         final_p = &final;
903                 }
904                 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
905                 fl.oif = sk->sk_bound_dev_if;
906                 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
907                 fl.fl_ip_sport = inet_sk(sk)->sport;
908
909                 if (ip6_dst_lookup(sk, &dst, &fl))
910                         goto out;
911
912                 if (final_p)
913                         ipv6_addr_copy(&fl.fl6_dst, final_p);
914
915                 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
916                         goto out;
917         } 
918
919         newsk = tcp_create_openreq_child(sk, req, skb);
920         if (newsk == NULL)
921                 goto out;
922
923         /*
924          * No need to charge this sock to the relevant IPv6 refcnt debug socks
925          * count here, tcp_create_openreq_child now does this for us, see the
926          * comment in that function for the gory details. -acme
927          */
928
929         ip6_dst_store(newsk, dst, NULL);
930         newsk->sk_route_caps = dst->dev->features &
931                 ~(NETIF_F_IP_CSUM | NETIF_F_TSO);
932
933         newtcp6sk = (struct tcp6_sock *)newsk;
934         inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
935
936         newtp = tcp_sk(newsk);
937         newinet = inet_sk(newsk);
938         newnp = inet6_sk(newsk);
939
940         memcpy(newnp, np, sizeof(struct ipv6_pinfo));
941
942         ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
943         ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
944         ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
945         newsk->sk_bound_dev_if = treq->iif;
946
947         /* Now IPv6 options... 
948
949            First: no IPv4 options.
950          */
951         newinet->opt = NULL;
952
953         /* Clone RX bits */
954         newnp->rxopt.all = np->rxopt.all;
955
956         /* Clone pktoptions received with SYN */
957         newnp->pktoptions = NULL;
958         if (treq->pktopts != NULL) {
959                 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
960                 kfree_skb(treq->pktopts);
961                 treq->pktopts = NULL;
962                 if (newnp->pktoptions)
963                         skb_set_owner_r(newnp->pktoptions, newsk);
964         }
965         newnp->opt        = NULL;
966         newnp->mcast_oif  = inet6_iif(skb);
967         newnp->mcast_hops = skb->nh.ipv6h->hop_limit;
968
969         /* Clone native IPv6 options from listening socket (if any)
970
971            Yes, keeping reference count would be much more clever,
972            but we make one more one thing there: reattach optmem
973            to newsk.
974          */
975         if (opt) {
976                 newnp->opt = ipv6_dup_options(newsk, opt);
977                 if (opt != np->opt)
978                         sock_kfree_s(sk, opt, opt->tot_len);
979         }
980
981         inet_csk(newsk)->icsk_ext_hdr_len = 0;
982         if (newnp->opt)
983                 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
984                                                      newnp->opt->opt_flen);
985
986         tcp_sync_mss(newsk, dst_mtu(dst));
987         newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
988         tcp_initialize_rcv_mss(newsk);
989
990         newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
991
992         __inet6_hash(&tcp_hashinfo, newsk);
993         inet_inherit_port(&tcp_hashinfo, sk, newsk);
994
995         return newsk;
996
997 out_overflow:
998         NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
999 out:
1000         NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
1001         if (opt && opt != np->opt)
1002                 sock_kfree_s(sk, opt, opt->tot_len);
1003         dst_release(dst);
1004         return NULL;
1005 }
1006
1007 static int tcp_v6_checksum_init(struct sk_buff *skb)
1008 {
1009         if (skb->ip_summed == CHECKSUM_HW) {
1010                 if (!tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1011                                   &skb->nh.ipv6h->daddr,skb->csum)) {
1012                         skb->ip_summed = CHECKSUM_UNNECESSARY;
1013                         return 0;
1014                 }
1015         }
1016
1017         skb->csum = ~tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1018                                   &skb->nh.ipv6h->daddr, 0);
1019
1020         if (skb->len <= 76) {
1021                 return __skb_checksum_complete(skb);
1022         }
1023         return 0;
1024 }
1025
1026 /* The socket must have it's spinlock held when we get
1027  * here.
1028  *
1029  * We have a potential double-lock case here, so even when
1030  * doing backlog processing we use the BH locking scheme.
1031  * This is because we cannot sleep with the original spinlock
1032  * held.
1033  */
1034 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1035 {
1036         struct ipv6_pinfo *np = inet6_sk(sk);
1037         struct tcp_sock *tp;
1038         struct sk_buff *opt_skb = NULL;
1039
1040         /* Imagine: socket is IPv6. IPv4 packet arrives,
1041            goes to IPv4 receive handler and backlogged.
1042            From backlog it always goes here. Kerboom...
1043            Fortunately, tcp_rcv_established and rcv_established
1044            handle them correctly, but it is not case with
1045            tcp_v6_hnd_req and tcp_v6_send_reset().   --ANK
1046          */
1047
1048         if (skb->protocol == htons(ETH_P_IP))
1049                 return tcp_v4_do_rcv(sk, skb);
1050
1051         if (sk_filter(sk, skb, 0))
1052                 goto discard;
1053
1054         /*
1055          *      socket locking is here for SMP purposes as backlog rcv
1056          *      is currently called with bh processing disabled.
1057          */
1058
1059         /* Do Stevens' IPV6_PKTOPTIONS.
1060
1061            Yes, guys, it is the only place in our code, where we
1062            may make it not affecting IPv4.
1063            The rest of code is protocol independent,
1064            and I do not like idea to uglify IPv4.
1065
1066            Actually, all the idea behind IPV6_PKTOPTIONS
1067            looks not very well thought. For now we latch
1068            options, received in the last packet, enqueued
1069            by tcp. Feel free to propose better solution.
1070                                                --ANK (980728)
1071          */
1072         if (np->rxopt.all)
1073                 opt_skb = skb_clone(skb, GFP_ATOMIC);
1074
1075         if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1076                 TCP_CHECK_TIMER(sk);
1077                 if (tcp_rcv_established(sk, skb, skb->h.th, skb->len))
1078                         goto reset;
1079                 TCP_CHECK_TIMER(sk);
1080                 if (opt_skb)
1081                         goto ipv6_pktoptions;
1082                 return 0;
1083         }
1084
1085         if (skb->len < (skb->h.th->doff<<2) || tcp_checksum_complete(skb))
1086                 goto csum_err;
1087
1088         if (sk->sk_state == TCP_LISTEN) { 
1089                 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1090                 if (!nsk)
1091                         goto discard;
1092
1093                 /*
1094                  * Queue it on the new socket if the new socket is active,
1095                  * otherwise we just shortcircuit this and continue with
1096                  * the new socket..
1097                  */
1098                 if(nsk != sk) {
1099                         if (tcp_child_process(sk, nsk, skb))
1100                                 goto reset;
1101                         if (opt_skb)
1102                                 __kfree_skb(opt_skb);
1103                         return 0;
1104                 }
1105         }
1106
1107         TCP_CHECK_TIMER(sk);
1108         if (tcp_rcv_state_process(sk, skb, skb->h.th, skb->len))
1109                 goto reset;
1110         TCP_CHECK_TIMER(sk);
1111         if (opt_skb)
1112                 goto ipv6_pktoptions;
1113         return 0;
1114
1115 reset:
1116         tcp_v6_send_reset(skb);
1117 discard:
1118         if (opt_skb)
1119                 __kfree_skb(opt_skb);
1120         kfree_skb(skb);
1121         return 0;
1122 csum_err:
1123         TCP_INC_STATS_BH(TCP_MIB_INERRS);
1124         goto discard;
1125
1126
1127 ipv6_pktoptions:
1128         /* Do you ask, what is it?
1129
1130            1. skb was enqueued by tcp.
1131            2. skb is added to tail of read queue, rather than out of order.
1132            3. socket is not in passive state.
1133            4. Finally, it really contains options, which user wants to receive.
1134          */
1135         tp = tcp_sk(sk);
1136         if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1137             !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1138                 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1139                         np->mcast_oif = inet6_iif(opt_skb);
1140                 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1141                         np->mcast_hops = opt_skb->nh.ipv6h->hop_limit;
1142                 if (ipv6_opt_accepted(sk, opt_skb)) {
1143                         skb_set_owner_r(opt_skb, sk);
1144                         opt_skb = xchg(&np->pktoptions, opt_skb);
1145                 } else {
1146                         __kfree_skb(opt_skb);
1147                         opt_skb = xchg(&np->pktoptions, NULL);
1148                 }
1149         }
1150
1151         if (opt_skb)
1152                 kfree_skb(opt_skb);
1153         return 0;
1154 }
1155
1156 static int tcp_v6_rcv(struct sk_buff **pskb, unsigned int *nhoffp)
1157 {
1158         struct sk_buff *skb = *pskb;
1159         struct tcphdr *th;      
1160         struct sock *sk;
1161         int ret;
1162
1163         if (skb->pkt_type != PACKET_HOST)
1164                 goto discard_it;
1165
1166         /*
1167          *      Count it even if it's bad.
1168          */
1169         TCP_INC_STATS_BH(TCP_MIB_INSEGS);
1170
1171         if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1172                 goto discard_it;
1173
1174         th = skb->h.th;
1175
1176         if (th->doff < sizeof(struct tcphdr)/4)
1177                 goto bad_packet;
1178         if (!pskb_may_pull(skb, th->doff*4))
1179                 goto discard_it;
1180
1181         if ((skb->ip_summed != CHECKSUM_UNNECESSARY &&
1182              tcp_v6_checksum_init(skb)))
1183                 goto bad_packet;
1184
1185         th = skb->h.th;
1186         TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1187         TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1188                                     skb->len - th->doff*4);
1189         TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1190         TCP_SKB_CB(skb)->when = 0;
1191         TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(skb->nh.ipv6h);
1192         TCP_SKB_CB(skb)->sacked = 0;
1193
1194         sk = __inet6_lookup(&tcp_hashinfo, &skb->nh.ipv6h->saddr, th->source,
1195                             &skb->nh.ipv6h->daddr, ntohs(th->dest),
1196                             inet6_iif(skb));
1197
1198         if (!sk)
1199                 goto no_tcp_socket;
1200
1201 process:
1202         if (sk->sk_state == TCP_TIME_WAIT)
1203                 goto do_time_wait;
1204
1205         if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1206                 goto discard_and_relse;
1207
1208         if (sk_filter(sk, skb, 0))
1209                 goto discard_and_relse;
1210
1211         skb->dev = NULL;
1212
1213         bh_lock_sock(sk);
1214         ret = 0;
1215         if (!sock_owned_by_user(sk)) {
1216                 if (!tcp_prequeue(sk, skb))
1217                         ret = tcp_v6_do_rcv(sk, skb);
1218         } else
1219                 sk_add_backlog(sk, skb);
1220         bh_unlock_sock(sk);
1221
1222         sock_put(sk);
1223         return ret ? -1 : 0;
1224
1225 no_tcp_socket:
1226         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1227                 goto discard_it;
1228
1229         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1230 bad_packet:
1231                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1232         } else {
1233                 tcp_v6_send_reset(skb);
1234         }
1235
1236 discard_it:
1237
1238         /*
1239          *      Discard frame
1240          */
1241
1242         kfree_skb(skb);
1243         return 0;
1244
1245 discard_and_relse:
1246         sock_put(sk);
1247         goto discard_it;
1248
1249 do_time_wait:
1250         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1251                 inet_twsk_put((struct inet_timewait_sock *)sk);
1252                 goto discard_it;
1253         }
1254
1255         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1256                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1257                 inet_twsk_put((struct inet_timewait_sock *)sk);
1258                 goto discard_it;
1259         }
1260
1261         switch (tcp_timewait_state_process((struct inet_timewait_sock *)sk,
1262                                            skb, th)) {
1263         case TCP_TW_SYN:
1264         {
1265                 struct sock *sk2;
1266
1267                 sk2 = inet6_lookup_listener(&tcp_hashinfo,
1268                                             &skb->nh.ipv6h->daddr,
1269                                             ntohs(th->dest), inet6_iif(skb));
1270                 if (sk2 != NULL) {
1271                         struct inet_timewait_sock *tw = inet_twsk(sk);
1272                         inet_twsk_deschedule(tw, &tcp_death_row);
1273                         inet_twsk_put(tw);
1274                         sk = sk2;
1275                         goto process;
1276                 }
1277                 /* Fall through to ACK */
1278         }
1279         case TCP_TW_ACK:
1280                 tcp_v6_timewait_ack(sk, skb);
1281                 break;
1282         case TCP_TW_RST:
1283                 goto no_tcp_socket;
1284         case TCP_TW_SUCCESS:;
1285         }
1286         goto discard_it;
1287 }
1288
1289 static int tcp_v6_remember_stamp(struct sock *sk)
1290 {
1291         /* Alas, not yet... */
1292         return 0;
1293 }
1294
1295 static struct inet_connection_sock_af_ops ipv6_specific = {
1296         .queue_xmit     =       inet6_csk_xmit,
1297         .send_check     =       tcp_v6_send_check,
1298         .rebuild_header =       inet6_sk_rebuild_header,
1299         .conn_request   =       tcp_v6_conn_request,
1300         .syn_recv_sock  =       tcp_v6_syn_recv_sock,
1301         .remember_stamp =       tcp_v6_remember_stamp,
1302         .net_header_len =       sizeof(struct ipv6hdr),
1303
1304         .setsockopt     =       ipv6_setsockopt,
1305         .getsockopt     =       ipv6_getsockopt,
1306         .addr2sockaddr  =       inet6_csk_addr2sockaddr,
1307         .sockaddr_len   =       sizeof(struct sockaddr_in6)
1308 };
1309
1310 /*
1311  *      TCP over IPv4 via INET6 API
1312  */
1313
1314 static struct inet_connection_sock_af_ops ipv6_mapped = {
1315         .queue_xmit     =       ip_queue_xmit,
1316         .send_check     =       tcp_v4_send_check,
1317         .rebuild_header =       inet_sk_rebuild_header,
1318         .conn_request   =       tcp_v6_conn_request,
1319         .syn_recv_sock  =       tcp_v6_syn_recv_sock,
1320         .remember_stamp =       tcp_v4_remember_stamp,
1321         .net_header_len =       sizeof(struct iphdr),
1322
1323         .setsockopt     =       ipv6_setsockopt,
1324         .getsockopt     =       ipv6_getsockopt,
1325         .addr2sockaddr  =       inet6_csk_addr2sockaddr,
1326         .sockaddr_len   =       sizeof(struct sockaddr_in6)
1327 };
1328
1329
1330
1331 /* NOTE: A lot of things set to zero explicitly by call to
1332  *       sk_alloc() so need not be done here.
1333  */
1334 static int tcp_v6_init_sock(struct sock *sk)
1335 {
1336         struct inet_connection_sock *icsk = inet_csk(sk);
1337         struct tcp_sock *tp = tcp_sk(sk);
1338
1339         skb_queue_head_init(&tp->out_of_order_queue);
1340         tcp_init_xmit_timers(sk);
1341         tcp_prequeue_init(tp);
1342
1343         icsk->icsk_rto = TCP_TIMEOUT_INIT;
1344         tp->mdev = TCP_TIMEOUT_INIT;
1345
1346         /* So many TCP implementations out there (incorrectly) count the
1347          * initial SYN frame in their delayed-ACK and congestion control
1348          * algorithms that we must have the following bandaid to talk
1349          * efficiently to them.  -DaveM
1350          */
1351         tp->snd_cwnd = 2;
1352
1353         /* See draft-stevens-tcpca-spec-01 for discussion of the
1354          * initialization of these values.
1355          */
1356         tp->snd_ssthresh = 0x7fffffff;
1357         tp->snd_cwnd_clamp = ~0;
1358         tp->mss_cache = 536;
1359
1360         tp->reordering = sysctl_tcp_reordering;
1361
1362         sk->sk_state = TCP_CLOSE;
1363
1364         icsk->icsk_af_ops = &ipv6_specific;
1365         icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1366         icsk->icsk_sync_mss = tcp_sync_mss;
1367         sk->sk_write_space = sk_stream_write_space;
1368         sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1369
1370         sk->sk_sndbuf = sysctl_tcp_wmem[1];
1371         sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1372
1373         atomic_inc(&tcp_sockets_allocated);
1374
1375         return 0;
1376 }
1377
1378 static int tcp_v6_destroy_sock(struct sock *sk)
1379 {
1380         tcp_v4_destroy_sock(sk);
1381         return inet6_destroy_sock(sk);
1382 }
1383
1384 /* Proc filesystem TCPv6 sock list dumping. */
1385 static void get_openreq6(struct seq_file *seq, 
1386                          struct sock *sk, struct request_sock *req, int i, int uid)
1387 {
1388         int ttd = req->expires - jiffies;
1389         struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1390         struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1391
1392         if (ttd < 0)
1393                 ttd = 0;
1394
1395         seq_printf(seq,
1396                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1397                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1398                    i,
1399                    src->s6_addr32[0], src->s6_addr32[1],
1400                    src->s6_addr32[2], src->s6_addr32[3],
1401                    ntohs(inet_sk(sk)->sport),
1402                    dest->s6_addr32[0], dest->s6_addr32[1],
1403                    dest->s6_addr32[2], dest->s6_addr32[3],
1404                    ntohs(inet_rsk(req)->rmt_port),
1405                    TCP_SYN_RECV,
1406                    0,0, /* could print option size, but that is af dependent. */
1407                    1,   /* timers active (only the expire timer) */  
1408                    jiffies_to_clock_t(ttd), 
1409                    req->retrans,
1410                    uid,
1411                    0,  /* non standard timer */  
1412                    0, /* open_requests have no inode */
1413                    0, req);
1414 }
1415
1416 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1417 {
1418         struct in6_addr *dest, *src;
1419         __u16 destp, srcp;
1420         int timer_active;
1421         unsigned long timer_expires;
1422         struct inet_sock *inet = inet_sk(sp);
1423         struct tcp_sock *tp = tcp_sk(sp);
1424         const struct inet_connection_sock *icsk = inet_csk(sp);
1425         struct ipv6_pinfo *np = inet6_sk(sp);
1426
1427         dest  = &np->daddr;
1428         src   = &np->rcv_saddr;
1429         destp = ntohs(inet->dport);
1430         srcp  = ntohs(inet->sport);
1431
1432         if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1433                 timer_active    = 1;
1434                 timer_expires   = icsk->icsk_timeout;
1435         } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1436                 timer_active    = 4;
1437                 timer_expires   = icsk->icsk_timeout;
1438         } else if (timer_pending(&sp->sk_timer)) {
1439                 timer_active    = 2;
1440                 timer_expires   = sp->sk_timer.expires;
1441         } else {
1442                 timer_active    = 0;
1443                 timer_expires = jiffies;
1444         }
1445
1446         seq_printf(seq,
1447                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1448                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %u %u %u %u %d\n",
1449                    i,
1450                    src->s6_addr32[0], src->s6_addr32[1],
1451                    src->s6_addr32[2], src->s6_addr32[3], srcp,
1452                    dest->s6_addr32[0], dest->s6_addr32[1],
1453                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
1454                    sp->sk_state, 
1455                    tp->write_seq-tp->snd_una, tp->rcv_nxt-tp->copied_seq,
1456                    timer_active,
1457                    jiffies_to_clock_t(timer_expires - jiffies),
1458                    icsk->icsk_retransmits,
1459                    sock_i_uid(sp),
1460                    icsk->icsk_probes_out,
1461                    sock_i_ino(sp),
1462                    atomic_read(&sp->sk_refcnt), sp,
1463                    icsk->icsk_rto,
1464                    icsk->icsk_ack.ato,
1465                    (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
1466                    tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
1467                    );
1468 }
1469
1470 static void get_timewait6_sock(struct seq_file *seq, 
1471                                struct inet_timewait_sock *tw, int i)
1472 {
1473         struct in6_addr *dest, *src;
1474         __u16 destp, srcp;
1475         struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
1476         int ttd = tw->tw_ttd - jiffies;
1477
1478         if (ttd < 0)
1479                 ttd = 0;
1480
1481         dest = &tw6->tw_v6_daddr;
1482         src  = &tw6->tw_v6_rcv_saddr;
1483         destp = ntohs(tw->tw_dport);
1484         srcp  = ntohs(tw->tw_sport);
1485
1486         seq_printf(seq,
1487                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1488                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1489                    i,
1490                    src->s6_addr32[0], src->s6_addr32[1],
1491                    src->s6_addr32[2], src->s6_addr32[3], srcp,
1492                    dest->s6_addr32[0], dest->s6_addr32[1],
1493                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
1494                    tw->tw_substate, 0, 0,
1495                    3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
1496                    atomic_read(&tw->tw_refcnt), tw);
1497 }
1498
1499 #ifdef CONFIG_PROC_FS
1500 static int tcp6_seq_show(struct seq_file *seq, void *v)
1501 {
1502         struct tcp_iter_state *st;
1503
1504         if (v == SEQ_START_TOKEN) {
1505                 seq_puts(seq,
1506                          "  sl  "
1507                          "local_address                         "
1508                          "remote_address                        "
1509                          "st tx_queue rx_queue tr tm->when retrnsmt"
1510                          "   uid  timeout inode\n");
1511                 goto out;
1512         }
1513         st = seq->private;
1514
1515         switch (st->state) {
1516         case TCP_SEQ_STATE_LISTENING:
1517         case TCP_SEQ_STATE_ESTABLISHED:
1518                 get_tcp6_sock(seq, v, st->num);
1519                 break;
1520         case TCP_SEQ_STATE_OPENREQ:
1521                 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
1522                 break;
1523         case TCP_SEQ_STATE_TIME_WAIT:
1524                 get_timewait6_sock(seq, v, st->num);
1525                 break;
1526         }
1527 out:
1528         return 0;
1529 }
1530
1531 static struct file_operations tcp6_seq_fops;
1532 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1533         .owner          = THIS_MODULE,
1534         .name           = "tcp6",
1535         .family         = AF_INET6,
1536         .seq_show       = tcp6_seq_show,
1537         .seq_fops       = &tcp6_seq_fops,
1538 };
1539
1540 int __init tcp6_proc_init(void)
1541 {
1542         return tcp_proc_register(&tcp6_seq_afinfo);
1543 }
1544
1545 void tcp6_proc_exit(void)
1546 {
1547         tcp_proc_unregister(&tcp6_seq_afinfo);
1548 }
1549 #endif
1550
1551 struct proto tcpv6_prot = {
1552         .name                   = "TCPv6",
1553         .owner                  = THIS_MODULE,
1554         .close                  = tcp_close,
1555         .connect                = tcp_v6_connect,
1556         .disconnect             = tcp_disconnect,
1557         .accept                 = inet_csk_accept,
1558         .ioctl                  = tcp_ioctl,
1559         .init                   = tcp_v6_init_sock,
1560         .destroy                = tcp_v6_destroy_sock,
1561         .shutdown               = tcp_shutdown,
1562         .setsockopt             = tcp_setsockopt,
1563         .getsockopt             = tcp_getsockopt,
1564         .sendmsg                = tcp_sendmsg,
1565         .recvmsg                = tcp_recvmsg,
1566         .backlog_rcv            = tcp_v6_do_rcv,
1567         .hash                   = tcp_v6_hash,
1568         .unhash                 = tcp_unhash,
1569         .get_port               = tcp_v6_get_port,
1570         .enter_memory_pressure  = tcp_enter_memory_pressure,
1571         .sockets_allocated      = &tcp_sockets_allocated,
1572         .memory_allocated       = &tcp_memory_allocated,
1573         .memory_pressure        = &tcp_memory_pressure,
1574         .orphan_count           = &tcp_orphan_count,
1575         .sysctl_mem             = sysctl_tcp_mem,
1576         .sysctl_wmem            = sysctl_tcp_wmem,
1577         .sysctl_rmem            = sysctl_tcp_rmem,
1578         .max_header             = MAX_TCP_HEADER,
1579         .obj_size               = sizeof(struct tcp6_sock),
1580         .twsk_prot              = &tcp6_timewait_sock_ops,
1581         .rsk_prot               = &tcp6_request_sock_ops,
1582 };
1583
1584 static struct inet6_protocol tcpv6_protocol = {
1585         .handler        =       tcp_v6_rcv,
1586         .err_handler    =       tcp_v6_err,
1587         .flags          =       INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1588 };
1589
1590 static struct inet_protosw tcpv6_protosw = {
1591         .type           =       SOCK_STREAM,
1592         .protocol       =       IPPROTO_TCP,
1593         .prot           =       &tcpv6_prot,
1594         .ops            =       &inet6_stream_ops,
1595         .capability     =       -1,
1596         .no_check       =       0,
1597         .flags          =       INET_PROTOSW_PERMANENT |
1598                                 INET_PROTOSW_ICSK,
1599 };
1600
1601 void __init tcpv6_init(void)
1602 {
1603         /* register inet6 protocol */
1604         if (inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP) < 0)
1605                 printk(KERN_ERR "tcpv6_init: Could not register protocol\n");
1606         inet6_register_protosw(&tcpv6_protosw);
1607 }