Merge branch 'master'
[linux-2.6] / net / ipv6 / tcp_ipv6.c
1 /*
2  *      TCP over IPv6
3  *      Linux INET6 implementation 
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>     
7  *
8  *      $Id: tcp_ipv6.c,v 1.144 2002/02/01 22:01:04 davem Exp $
9  *
10  *      Based on: 
11  *      linux/net/ipv4/tcp.c
12  *      linux/net/ipv4/tcp_input.c
13  *      linux/net/ipv4/tcp_output.c
14  *
15  *      Fixes:
16  *      Hideaki YOSHIFUJI       :       sin6_scope_id support
17  *      YOSHIFUJI Hideaki @USAGI and:   Support IPV6_V6ONLY socket option, which
18  *      Alexey Kuznetsov                allow both IPv4 and IPv6 sockets to bind
19  *                                      a single port at the same time.
20  *      YOSHIFUJI Hideaki @USAGI:       convert /proc/net/tcp6 to seq_file.
21  *
22  *      This program is free software; you can redistribute it and/or
23  *      modify it under the terms of the GNU General Public License
24  *      as published by the Free Software Foundation; either version
25  *      2 of the License, or (at your option) any later version.
26  */
27
28 #include <linux/module.h>
29 #include <linux/config.h>
30 #include <linux/errno.h>
31 #include <linux/types.h>
32 #include <linux/socket.h>
33 #include <linux/sockios.h>
34 #include <linux/net.h>
35 #include <linux/jiffies.h>
36 #include <linux/in.h>
37 #include <linux/in6.h>
38 #include <linux/netdevice.h>
39 #include <linux/init.h>
40 #include <linux/jhash.h>
41 #include <linux/ipsec.h>
42 #include <linux/times.h>
43
44 #include <linux/ipv6.h>
45 #include <linux/icmpv6.h>
46 #include <linux/random.h>
47
48 #include <net/tcp.h>
49 #include <net/ndisc.h>
50 #include <net/inet6_hashtables.h>
51 #include <net/inet6_connection_sock.h>
52 #include <net/ipv6.h>
53 #include <net/transp_v6.h>
54 #include <net/addrconf.h>
55 #include <net/ip6_route.h>
56 #include <net/ip6_checksum.h>
57 #include <net/inet_ecn.h>
58 #include <net/protocol.h>
59 #include <net/xfrm.h>
60 #include <net/addrconf.h>
61 #include <net/snmp.h>
62 #include <net/dsfield.h>
63 #include <net/timewait_sock.h>
64
65 #include <asm/uaccess.h>
66
67 #include <linux/proc_fs.h>
68 #include <linux/seq_file.h>
69
70 /* Socket used for sending RSTs and ACKs */
71 static struct socket *tcp6_socket;
72
73 static void     tcp_v6_send_reset(struct sk_buff *skb);
74 static void     tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req);
75 static void     tcp_v6_send_check(struct sock *sk, int len, 
76                                   struct sk_buff *skb);
77
78 static int      tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
79
80 static struct inet_connection_sock_af_ops ipv6_mapped;
81 static struct inet_connection_sock_af_ops ipv6_specific;
82
83 static int tcp_v6_get_port(struct sock *sk, unsigned short snum)
84 {
85         return inet_csk_get_port(&tcp_hashinfo, sk, snum,
86                                  inet6_csk_bind_conflict);
87 }
88
89 static void tcp_v6_hash(struct sock *sk)
90 {
91         if (sk->sk_state != TCP_CLOSE) {
92                 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
93                         tcp_prot.hash(sk);
94                         return;
95                 }
96                 local_bh_disable();
97                 __inet6_hash(&tcp_hashinfo, sk);
98                 local_bh_enable();
99         }
100 }
101
102 static __inline__ u16 tcp_v6_check(struct tcphdr *th, int len,
103                                    struct in6_addr *saddr, 
104                                    struct in6_addr *daddr, 
105                                    unsigned long base)
106 {
107         return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
108 }
109
110 static __u32 tcp_v6_init_sequence(struct sock *sk, struct sk_buff *skb)
111 {
112         if (skb->protocol == htons(ETH_P_IPV6)) {
113                 return secure_tcpv6_sequence_number(skb->nh.ipv6h->daddr.s6_addr32,
114                                                     skb->nh.ipv6h->saddr.s6_addr32,
115                                                     skb->h.th->dest,
116                                                     skb->h.th->source);
117         } else {
118                 return secure_tcp_sequence_number(skb->nh.iph->daddr,
119                                                   skb->nh.iph->saddr,
120                                                   skb->h.th->dest,
121                                                   skb->h.th->source);
122         }
123 }
124
125 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 
126                           int addr_len)
127 {
128         struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
129         struct inet_sock *inet = inet_sk(sk);
130         struct inet_connection_sock *icsk = inet_csk(sk);
131         struct ipv6_pinfo *np = inet6_sk(sk);
132         struct tcp_sock *tp = tcp_sk(sk);
133         struct in6_addr *saddr = NULL, *final_p = NULL, final;
134         struct flowi fl;
135         struct dst_entry *dst;
136         int addr_type;
137         int err;
138
139         if (addr_len < SIN6_LEN_RFC2133) 
140                 return -EINVAL;
141
142         if (usin->sin6_family != AF_INET6) 
143                 return(-EAFNOSUPPORT);
144
145         memset(&fl, 0, sizeof(fl));
146
147         if (np->sndflow) {
148                 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
149                 IP6_ECN_flow_init(fl.fl6_flowlabel);
150                 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
151                         struct ip6_flowlabel *flowlabel;
152                         flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
153                         if (flowlabel == NULL)
154                                 return -EINVAL;
155                         ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
156                         fl6_sock_release(flowlabel);
157                 }
158         }
159
160         /*
161          *      connect() to INADDR_ANY means loopback (BSD'ism).
162          */
163         
164         if(ipv6_addr_any(&usin->sin6_addr))
165                 usin->sin6_addr.s6_addr[15] = 0x1; 
166
167         addr_type = ipv6_addr_type(&usin->sin6_addr);
168
169         if(addr_type & IPV6_ADDR_MULTICAST)
170                 return -ENETUNREACH;
171
172         if (addr_type&IPV6_ADDR_LINKLOCAL) {
173                 if (addr_len >= sizeof(struct sockaddr_in6) &&
174                     usin->sin6_scope_id) {
175                         /* If interface is set while binding, indices
176                          * must coincide.
177                          */
178                         if (sk->sk_bound_dev_if &&
179                             sk->sk_bound_dev_if != usin->sin6_scope_id)
180                                 return -EINVAL;
181
182                         sk->sk_bound_dev_if = usin->sin6_scope_id;
183                 }
184
185                 /* Connect to link-local address requires an interface */
186                 if (!sk->sk_bound_dev_if)
187                         return -EINVAL;
188         }
189
190         if (tp->rx_opt.ts_recent_stamp &&
191             !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
192                 tp->rx_opt.ts_recent = 0;
193                 tp->rx_opt.ts_recent_stamp = 0;
194                 tp->write_seq = 0;
195         }
196
197         ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
198         np->flow_label = fl.fl6_flowlabel;
199
200         /*
201          *      TCP over IPv4
202          */
203
204         if (addr_type == IPV6_ADDR_MAPPED) {
205                 u32 exthdrlen = icsk->icsk_ext_hdr_len;
206                 struct sockaddr_in sin;
207
208                 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
209
210                 if (__ipv6_only_sock(sk))
211                         return -ENETUNREACH;
212
213                 sin.sin_family = AF_INET;
214                 sin.sin_port = usin->sin6_port;
215                 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
216
217                 icsk->icsk_af_ops = &ipv6_mapped;
218                 sk->sk_backlog_rcv = tcp_v4_do_rcv;
219
220                 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
221
222                 if (err) {
223                         icsk->icsk_ext_hdr_len = exthdrlen;
224                         icsk->icsk_af_ops = &ipv6_specific;
225                         sk->sk_backlog_rcv = tcp_v6_do_rcv;
226                         goto failure;
227                 } else {
228                         ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF),
229                                       inet->saddr);
230                         ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF),
231                                       inet->rcv_saddr);
232                 }
233
234                 return err;
235         }
236
237         if (!ipv6_addr_any(&np->rcv_saddr))
238                 saddr = &np->rcv_saddr;
239
240         fl.proto = IPPROTO_TCP;
241         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
242         ipv6_addr_copy(&fl.fl6_src,
243                        (saddr ? saddr : &np->saddr));
244         fl.oif = sk->sk_bound_dev_if;
245         fl.fl_ip_dport = usin->sin6_port;
246         fl.fl_ip_sport = inet->sport;
247
248         if (np->opt && np->opt->srcrt) {
249                 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
250                 ipv6_addr_copy(&final, &fl.fl6_dst);
251                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
252                 final_p = &final;
253         }
254
255         err = ip6_dst_lookup(sk, &dst, &fl);
256         if (err)
257                 goto failure;
258         if (final_p)
259                 ipv6_addr_copy(&fl.fl6_dst, final_p);
260
261         if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
262                 goto failure;
263
264         if (saddr == NULL) {
265                 saddr = &fl.fl6_src;
266                 ipv6_addr_copy(&np->rcv_saddr, saddr);
267         }
268
269         /* set the source address */
270         ipv6_addr_copy(&np->saddr, saddr);
271         inet->rcv_saddr = LOOPBACK4_IPV6;
272
273         ip6_dst_store(sk, dst, NULL);
274         sk->sk_route_caps = dst->dev->features &
275                 ~(NETIF_F_IP_CSUM | NETIF_F_TSO);
276
277         icsk->icsk_ext_hdr_len = 0;
278         if (np->opt)
279                 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
280                                           np->opt->opt_nflen);
281
282         tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
283
284         inet->dport = usin->sin6_port;
285
286         tcp_set_state(sk, TCP_SYN_SENT);
287         err = inet6_hash_connect(&tcp_death_row, sk);
288         if (err)
289                 goto late_failure;
290
291         if (!tp->write_seq)
292                 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
293                                                              np->daddr.s6_addr32,
294                                                              inet->sport,
295                                                              inet->dport);
296
297         err = tcp_connect(sk);
298         if (err)
299                 goto late_failure;
300
301         return 0;
302
303 late_failure:
304         tcp_set_state(sk, TCP_CLOSE);
305         __sk_dst_reset(sk);
306 failure:
307         inet->dport = 0;
308         sk->sk_route_caps = 0;
309         return err;
310 }
311
312 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
313                 int type, int code, int offset, __u32 info)
314 {
315         struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
316         const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
317         struct ipv6_pinfo *np;
318         struct sock *sk;
319         int err;
320         struct tcp_sock *tp; 
321         __u32 seq;
322
323         sk = inet6_lookup(&tcp_hashinfo, &hdr->daddr, th->dest, &hdr->saddr,
324                           th->source, skb->dev->ifindex);
325
326         if (sk == NULL) {
327                 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
328                 return;
329         }
330
331         if (sk->sk_state == TCP_TIME_WAIT) {
332                 inet_twsk_put((struct inet_timewait_sock *)sk);
333                 return;
334         }
335
336         bh_lock_sock(sk);
337         if (sock_owned_by_user(sk))
338                 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
339
340         if (sk->sk_state == TCP_CLOSE)
341                 goto out;
342
343         tp = tcp_sk(sk);
344         seq = ntohl(th->seq); 
345         if (sk->sk_state != TCP_LISTEN &&
346             !between(seq, tp->snd_una, tp->snd_nxt)) {
347                 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
348                 goto out;
349         }
350
351         np = inet6_sk(sk);
352
353         if (type == ICMPV6_PKT_TOOBIG) {
354                 struct dst_entry *dst = NULL;
355
356                 if (sock_owned_by_user(sk))
357                         goto out;
358                 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
359                         goto out;
360
361                 /* icmp should have updated the destination cache entry */
362                 dst = __sk_dst_check(sk, np->dst_cookie);
363
364                 if (dst == NULL) {
365                         struct inet_sock *inet = inet_sk(sk);
366                         struct flowi fl;
367
368                         /* BUGGG_FUTURE: Again, it is not clear how
369                            to handle rthdr case. Ignore this complexity
370                            for now.
371                          */
372                         memset(&fl, 0, sizeof(fl));
373                         fl.proto = IPPROTO_TCP;
374                         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
375                         ipv6_addr_copy(&fl.fl6_src, &np->saddr);
376                         fl.oif = sk->sk_bound_dev_if;
377                         fl.fl_ip_dport = inet->dport;
378                         fl.fl_ip_sport = inet->sport;
379
380                         if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
381                                 sk->sk_err_soft = -err;
382                                 goto out;
383                         }
384
385                         if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
386                                 sk->sk_err_soft = -err;
387                                 goto out;
388                         }
389
390                 } else
391                         dst_hold(dst);
392
393                 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
394                         tcp_sync_mss(sk, dst_mtu(dst));
395                         tcp_simple_retransmit(sk);
396                 } /* else let the usual retransmit timer handle it */
397                 dst_release(dst);
398                 goto out;
399         }
400
401         icmpv6_err_convert(type, code, &err);
402
403         /* Might be for an request_sock */
404         switch (sk->sk_state) {
405                 struct request_sock *req, **prev;
406         case TCP_LISTEN:
407                 if (sock_owned_by_user(sk))
408                         goto out;
409
410                 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
411                                            &hdr->saddr, inet6_iif(skb));
412                 if (!req)
413                         goto out;
414
415                 /* ICMPs are not backlogged, hence we cannot get
416                  * an established socket here.
417                  */
418                 BUG_TRAP(req->sk == NULL);
419
420                 if (seq != tcp_rsk(req)->snt_isn) {
421                         NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
422                         goto out;
423                 }
424
425                 inet_csk_reqsk_queue_drop(sk, req, prev);
426                 goto out;
427
428         case TCP_SYN_SENT:
429         case TCP_SYN_RECV:  /* Cannot happen.
430                                It can, it SYNs are crossed. --ANK */ 
431                 if (!sock_owned_by_user(sk)) {
432                         TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
433                         sk->sk_err = err;
434                         sk->sk_error_report(sk);                /* Wake people up to see the error (see connect in sock.c) */
435
436                         tcp_done(sk);
437                 } else
438                         sk->sk_err_soft = err;
439                 goto out;
440         }
441
442         if (!sock_owned_by_user(sk) && np->recverr) {
443                 sk->sk_err = err;
444                 sk->sk_error_report(sk);
445         } else
446                 sk->sk_err_soft = err;
447
448 out:
449         bh_unlock_sock(sk);
450         sock_put(sk);
451 }
452
453
454 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
455                               struct dst_entry *dst)
456 {
457         struct inet6_request_sock *treq = inet6_rsk(req);
458         struct ipv6_pinfo *np = inet6_sk(sk);
459         struct sk_buff * skb;
460         struct ipv6_txoptions *opt = NULL;
461         struct in6_addr * final_p = NULL, final;
462         struct flowi fl;
463         int err = -1;
464
465         memset(&fl, 0, sizeof(fl));
466         fl.proto = IPPROTO_TCP;
467         ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
468         ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
469         fl.fl6_flowlabel = 0;
470         fl.oif = treq->iif;
471         fl.fl_ip_dport = inet_rsk(req)->rmt_port;
472         fl.fl_ip_sport = inet_sk(sk)->sport;
473
474         if (dst == NULL) {
475                 opt = np->opt;
476                 if (opt == NULL &&
477                     np->rxopt.bits.osrcrt == 2 &&
478                     treq->pktopts) {
479                         struct sk_buff *pktopts = treq->pktopts;
480                         struct inet6_skb_parm *rxopt = IP6CB(pktopts);
481                         if (rxopt->srcrt)
482                                 opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr*)(pktopts->nh.raw + rxopt->srcrt));
483                 }
484
485                 if (opt && opt->srcrt) {
486                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
487                         ipv6_addr_copy(&final, &fl.fl6_dst);
488                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
489                         final_p = &final;
490                 }
491
492                 err = ip6_dst_lookup(sk, &dst, &fl);
493                 if (err)
494                         goto done;
495                 if (final_p)
496                         ipv6_addr_copy(&fl.fl6_dst, final_p);
497                 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
498                         goto done;
499         }
500
501         skb = tcp_make_synack(sk, dst, req);
502         if (skb) {
503                 struct tcphdr *th = skb->h.th;
504
505                 th->check = tcp_v6_check(th, skb->len,
506                                          &treq->loc_addr, &treq->rmt_addr,
507                                          csum_partial((char *)th, skb->len, skb->csum));
508
509                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
510                 err = ip6_xmit(sk, skb, &fl, opt, 0);
511                 if (err == NET_XMIT_CN)
512                         err = 0;
513         }
514
515 done:
516         if (opt && opt != np->opt)
517                 sock_kfree_s(sk, opt, opt->tot_len);
518         dst_release(dst);
519         return err;
520 }
521
522 static void tcp_v6_reqsk_destructor(struct request_sock *req)
523 {
524         if (inet6_rsk(req)->pktopts)
525                 kfree_skb(inet6_rsk(req)->pktopts);
526 }
527
528 static struct request_sock_ops tcp6_request_sock_ops = {
529         .family         =       AF_INET6,
530         .obj_size       =       sizeof(struct tcp6_request_sock),
531         .rtx_syn_ack    =       tcp_v6_send_synack,
532         .send_ack       =       tcp_v6_reqsk_send_ack,
533         .destructor     =       tcp_v6_reqsk_destructor,
534         .send_reset     =       tcp_v6_send_reset
535 };
536
537 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
538         .twsk_obj_size  = sizeof(struct tcp6_timewait_sock),
539         .twsk_unique    = tcp_twsk_unique,
540 };
541
542 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb)
543 {
544         struct ipv6_pinfo *np = inet6_sk(sk);
545         struct tcphdr *th = skb->h.th;
546
547         if (skb->ip_summed == CHECKSUM_HW) {
548                 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,  0);
549                 skb->csum = offsetof(struct tcphdr, check);
550         } else {
551                 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP, 
552                                             csum_partial((char *)th, th->doff<<2, 
553                                                          skb->csum));
554         }
555 }
556
557
558 static void tcp_v6_send_reset(struct sk_buff *skb)
559 {
560         struct tcphdr *th = skb->h.th, *t1; 
561         struct sk_buff *buff;
562         struct flowi fl;
563
564         if (th->rst)
565                 return;
566
567         if (!ipv6_unicast_destination(skb))
568                 return; 
569
570         /*
571          * We need to grab some memory, and put together an RST,
572          * and then put it into the queue to be sent.
573          */
574
575         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + sizeof(struct tcphdr),
576                          GFP_ATOMIC);
577         if (buff == NULL) 
578                 return;
579
580         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + sizeof(struct tcphdr));
581
582         t1 = (struct tcphdr *) skb_push(buff,sizeof(struct tcphdr));
583
584         /* Swap the send and the receive. */
585         memset(t1, 0, sizeof(*t1));
586         t1->dest = th->source;
587         t1->source = th->dest;
588         t1->doff = sizeof(*t1)/4;
589         t1->rst = 1;
590   
591         if(th->ack) {
592                 t1->seq = th->ack_seq;
593         } else {
594                 t1->ack = 1;
595                 t1->ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin
596                                     + skb->len - (th->doff<<2));
597         }
598
599         buff->csum = csum_partial((char *)t1, sizeof(*t1), 0);
600
601         memset(&fl, 0, sizeof(fl));
602         ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
603         ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
604
605         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
606                                     sizeof(*t1), IPPROTO_TCP,
607                                     buff->csum);
608
609         fl.proto = IPPROTO_TCP;
610         fl.oif = inet6_iif(skb);
611         fl.fl_ip_dport = t1->dest;
612         fl.fl_ip_sport = t1->source;
613
614         /* sk = NULL, but it is safe for now. RST socket required. */
615         if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
616
617                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
618                         ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
619                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
620                         TCP_INC_STATS_BH(TCP_MIB_OUTRSTS);
621                         return;
622                 }
623         }
624
625         kfree_skb(buff);
626 }
627
628 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts)
629 {
630         struct tcphdr *th = skb->h.th, *t1;
631         struct sk_buff *buff;
632         struct flowi fl;
633         int tot_len = sizeof(struct tcphdr);
634
635         if (ts)
636                 tot_len += 3*4;
637
638         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
639                          GFP_ATOMIC);
640         if (buff == NULL)
641                 return;
642
643         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
644
645         t1 = (struct tcphdr *) skb_push(buff,tot_len);
646
647         /* Swap the send and the receive. */
648         memset(t1, 0, sizeof(*t1));
649         t1->dest = th->source;
650         t1->source = th->dest;
651         t1->doff = tot_len/4;
652         t1->seq = htonl(seq);
653         t1->ack_seq = htonl(ack);
654         t1->ack = 1;
655         t1->window = htons(win);
656         
657         if (ts) {
658                 u32 *ptr = (u32*)(t1 + 1);
659                 *ptr++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
660                                (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
661                 *ptr++ = htonl(tcp_time_stamp);
662                 *ptr = htonl(ts);
663         }
664
665         buff->csum = csum_partial((char *)t1, tot_len, 0);
666
667         memset(&fl, 0, sizeof(fl));
668         ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
669         ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
670
671         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
672                                     tot_len, IPPROTO_TCP,
673                                     buff->csum);
674
675         fl.proto = IPPROTO_TCP;
676         fl.oif = inet6_iif(skb);
677         fl.fl_ip_dport = t1->dest;
678         fl.fl_ip_sport = t1->source;
679
680         if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
681                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
682                         ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
683                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
684                         return;
685                 }
686         }
687
688         kfree_skb(buff);
689 }
690
691 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
692 {
693         struct inet_timewait_sock *tw = inet_twsk(sk);
694         const struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
695
696         tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
697                         tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
698                         tcptw->tw_ts_recent);
699
700         inet_twsk_put(tw);
701 }
702
703 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req)
704 {
705         tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent);
706 }
707
708
709 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
710 {
711         struct request_sock *req, **prev;
712         const struct tcphdr *th = skb->h.th;
713         struct sock *nsk;
714
715         /* Find possible connection requests. */
716         req = inet6_csk_search_req(sk, &prev, th->source,
717                                    &skb->nh.ipv6h->saddr,
718                                    &skb->nh.ipv6h->daddr, inet6_iif(skb));
719         if (req)
720                 return tcp_check_req(sk, skb, req, prev);
721
722         nsk = __inet6_lookup_established(&tcp_hashinfo, &skb->nh.ipv6h->saddr,
723                                          th->source, &skb->nh.ipv6h->daddr,
724                                          ntohs(th->dest), inet6_iif(skb));
725
726         if (nsk) {
727                 if (nsk->sk_state != TCP_TIME_WAIT) {
728                         bh_lock_sock(nsk);
729                         return nsk;
730                 }
731                 inet_twsk_put((struct inet_timewait_sock *)nsk);
732                 return NULL;
733         }
734
735 #if 0 /*def CONFIG_SYN_COOKIES*/
736         if (!th->rst && !th->syn && th->ack)
737                 sk = cookie_v6_check(sk, skb, &(IPCB(skb)->opt));
738 #endif
739         return sk;
740 }
741
742 /* FIXME: this is substantially similar to the ipv4 code.
743  * Can some kind of merge be done? -- erics
744  */
745 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
746 {
747         struct inet6_request_sock *treq;
748         struct ipv6_pinfo *np = inet6_sk(sk);
749         struct tcp_options_received tmp_opt;
750         struct tcp_sock *tp = tcp_sk(sk);
751         struct request_sock *req = NULL;
752         __u32 isn = TCP_SKB_CB(skb)->when;
753
754         if (skb->protocol == htons(ETH_P_IP))
755                 return tcp_v4_conn_request(sk, skb);
756
757         if (!ipv6_unicast_destination(skb))
758                 goto drop; 
759
760         /*
761          *      There are no SYN attacks on IPv6, yet...        
762          */
763         if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
764                 if (net_ratelimit())
765                         printk(KERN_INFO "TCPv6: dropping request, synflood is possible\n");
766                 goto drop;              
767         }
768
769         if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
770                 goto drop;
771
772         req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
773         if (req == NULL)
774                 goto drop;
775
776         tcp_clear_options(&tmp_opt);
777         tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
778         tmp_opt.user_mss = tp->rx_opt.user_mss;
779
780         tcp_parse_options(skb, &tmp_opt, 0);
781
782         tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
783         tcp_openreq_init(req, &tmp_opt, skb);
784
785         treq = inet6_rsk(req);
786         ipv6_addr_copy(&treq->rmt_addr, &skb->nh.ipv6h->saddr);
787         ipv6_addr_copy(&treq->loc_addr, &skb->nh.ipv6h->daddr);
788         TCP_ECN_create_request(req, skb->h.th);
789         treq->pktopts = NULL;
790         if (ipv6_opt_accepted(sk, skb) ||
791             np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
792             np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
793                 atomic_inc(&skb->users);
794                 treq->pktopts = skb;
795         }
796         treq->iif = sk->sk_bound_dev_if;
797
798         /* So that link locals have meaning */
799         if (!sk->sk_bound_dev_if &&
800             ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
801                 treq->iif = inet6_iif(skb);
802
803         if (isn == 0) 
804                 isn = tcp_v6_init_sequence(sk,skb);
805
806         tcp_rsk(req)->snt_isn = isn;
807
808         if (tcp_v6_send_synack(sk, req, NULL))
809                 goto drop;
810
811         inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
812         return 0;
813
814 drop:
815         if (req)
816                 reqsk_free(req);
817
818         TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
819         return 0; /* don't send reset */
820 }
821
822 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
823                                           struct request_sock *req,
824                                           struct dst_entry *dst)
825 {
826         struct inet6_request_sock *treq = inet6_rsk(req);
827         struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
828         struct tcp6_sock *newtcp6sk;
829         struct inet_sock *newinet;
830         struct tcp_sock *newtp;
831         struct sock *newsk;
832         struct ipv6_txoptions *opt;
833
834         if (skb->protocol == htons(ETH_P_IP)) {
835                 /*
836                  *      v6 mapped
837                  */
838
839                 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
840
841                 if (newsk == NULL) 
842                         return NULL;
843
844                 newtcp6sk = (struct tcp6_sock *)newsk;
845                 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
846
847                 newinet = inet_sk(newsk);
848                 newnp = inet6_sk(newsk);
849                 newtp = tcp_sk(newsk);
850
851                 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
852
853                 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF),
854                               newinet->daddr);
855
856                 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF),
857                               newinet->saddr);
858
859                 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
860
861                 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
862                 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
863                 newnp->pktoptions  = NULL;
864                 newnp->opt         = NULL;
865                 newnp->mcast_oif   = inet6_iif(skb);
866                 newnp->mcast_hops  = skb->nh.ipv6h->hop_limit;
867
868                 /*
869                  * No need to charge this sock to the relevant IPv6 refcnt debug socks count
870                  * here, tcp_create_openreq_child now does this for us, see the comment in
871                  * that function for the gory details. -acme
872                  */
873
874                 /* It is tricky place. Until this moment IPv4 tcp
875                    worked with IPv6 icsk.icsk_af_ops.
876                    Sync it now.
877                  */
878                 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
879
880                 return newsk;
881         }
882
883         opt = np->opt;
884
885         if (sk_acceptq_is_full(sk))
886                 goto out_overflow;
887
888         if (np->rxopt.bits.osrcrt == 2 &&
889             opt == NULL && treq->pktopts) {
890                 struct inet6_skb_parm *rxopt = IP6CB(treq->pktopts);
891                 if (rxopt->srcrt)
892                         opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr *)(treq->pktopts->nh.raw + rxopt->srcrt));
893         }
894
895         if (dst == NULL) {
896                 struct in6_addr *final_p = NULL, final;
897                 struct flowi fl;
898
899                 memset(&fl, 0, sizeof(fl));
900                 fl.proto = IPPROTO_TCP;
901                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
902                 if (opt && opt->srcrt) {
903                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
904                         ipv6_addr_copy(&final, &fl.fl6_dst);
905                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
906                         final_p = &final;
907                 }
908                 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
909                 fl.oif = sk->sk_bound_dev_if;
910                 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
911                 fl.fl_ip_sport = inet_sk(sk)->sport;
912
913                 if (ip6_dst_lookup(sk, &dst, &fl))
914                         goto out;
915
916                 if (final_p)
917                         ipv6_addr_copy(&fl.fl6_dst, final_p);
918
919                 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
920                         goto out;
921         } 
922
923         newsk = tcp_create_openreq_child(sk, req, skb);
924         if (newsk == NULL)
925                 goto out;
926
927         /*
928          * No need to charge this sock to the relevant IPv6 refcnt debug socks
929          * count here, tcp_create_openreq_child now does this for us, see the
930          * comment in that function for the gory details. -acme
931          */
932
933         ip6_dst_store(newsk, dst, NULL);
934         newsk->sk_route_caps = dst->dev->features &
935                 ~(NETIF_F_IP_CSUM | NETIF_F_TSO);
936
937         newtcp6sk = (struct tcp6_sock *)newsk;
938         inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
939
940         newtp = tcp_sk(newsk);
941         newinet = inet_sk(newsk);
942         newnp = inet6_sk(newsk);
943
944         memcpy(newnp, np, sizeof(struct ipv6_pinfo));
945
946         ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
947         ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
948         ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
949         newsk->sk_bound_dev_if = treq->iif;
950
951         /* Now IPv6 options... 
952
953            First: no IPv4 options.
954          */
955         newinet->opt = NULL;
956
957         /* Clone RX bits */
958         newnp->rxopt.all = np->rxopt.all;
959
960         /* Clone pktoptions received with SYN */
961         newnp->pktoptions = NULL;
962         if (treq->pktopts != NULL) {
963                 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
964                 kfree_skb(treq->pktopts);
965                 treq->pktopts = NULL;
966                 if (newnp->pktoptions)
967                         skb_set_owner_r(newnp->pktoptions, newsk);
968         }
969         newnp->opt        = NULL;
970         newnp->mcast_oif  = inet6_iif(skb);
971         newnp->mcast_hops = skb->nh.ipv6h->hop_limit;
972
973         /* Clone native IPv6 options from listening socket (if any)
974
975            Yes, keeping reference count would be much more clever,
976            but we make one more one thing there: reattach optmem
977            to newsk.
978          */
979         if (opt) {
980                 newnp->opt = ipv6_dup_options(newsk, opt);
981                 if (opt != np->opt)
982                         sock_kfree_s(sk, opt, opt->tot_len);
983         }
984
985         inet_csk(newsk)->icsk_ext_hdr_len = 0;
986         if (newnp->opt)
987                 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
988                                                      newnp->opt->opt_flen);
989
990         tcp_sync_mss(newsk, dst_mtu(dst));
991         newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
992         tcp_initialize_rcv_mss(newsk);
993
994         newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
995
996         __inet6_hash(&tcp_hashinfo, newsk);
997         inet_inherit_port(&tcp_hashinfo, sk, newsk);
998
999         return newsk;
1000
1001 out_overflow:
1002         NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
1003 out:
1004         NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
1005         if (opt && opt != np->opt)
1006                 sock_kfree_s(sk, opt, opt->tot_len);
1007         dst_release(dst);
1008         return NULL;
1009 }
1010
1011 static int tcp_v6_checksum_init(struct sk_buff *skb)
1012 {
1013         if (skb->ip_summed == CHECKSUM_HW) {
1014                 if (!tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1015                                   &skb->nh.ipv6h->daddr,skb->csum)) {
1016                         skb->ip_summed = CHECKSUM_UNNECESSARY;
1017                         return 0;
1018                 }
1019         }
1020
1021         skb->csum = ~tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1022                                   &skb->nh.ipv6h->daddr, 0);
1023
1024         if (skb->len <= 76) {
1025                 return __skb_checksum_complete(skb);
1026         }
1027         return 0;
1028 }
1029
1030 /* The socket must have it's spinlock held when we get
1031  * here.
1032  *
1033  * We have a potential double-lock case here, so even when
1034  * doing backlog processing we use the BH locking scheme.
1035  * This is because we cannot sleep with the original spinlock
1036  * held.
1037  */
1038 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1039 {
1040         struct ipv6_pinfo *np = inet6_sk(sk);
1041         struct tcp_sock *tp;
1042         struct sk_buff *opt_skb = NULL;
1043
1044         /* Imagine: socket is IPv6. IPv4 packet arrives,
1045            goes to IPv4 receive handler and backlogged.
1046            From backlog it always goes here. Kerboom...
1047            Fortunately, tcp_rcv_established and rcv_established
1048            handle them correctly, but it is not case with
1049            tcp_v6_hnd_req and tcp_v6_send_reset().   --ANK
1050          */
1051
1052         if (skb->protocol == htons(ETH_P_IP))
1053                 return tcp_v4_do_rcv(sk, skb);
1054
1055         if (sk_filter(sk, skb, 0))
1056                 goto discard;
1057
1058         /*
1059          *      socket locking is here for SMP purposes as backlog rcv
1060          *      is currently called with bh processing disabled.
1061          */
1062
1063         /* Do Stevens' IPV6_PKTOPTIONS.
1064
1065            Yes, guys, it is the only place in our code, where we
1066            may make it not affecting IPv4.
1067            The rest of code is protocol independent,
1068            and I do not like idea to uglify IPv4.
1069
1070            Actually, all the idea behind IPV6_PKTOPTIONS
1071            looks not very well thought. For now we latch
1072            options, received in the last packet, enqueued
1073            by tcp. Feel free to propose better solution.
1074                                                --ANK (980728)
1075          */
1076         if (np->rxopt.all)
1077                 opt_skb = skb_clone(skb, GFP_ATOMIC);
1078
1079         if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1080                 TCP_CHECK_TIMER(sk);
1081                 if (tcp_rcv_established(sk, skb, skb->h.th, skb->len))
1082                         goto reset;
1083                 TCP_CHECK_TIMER(sk);
1084                 if (opt_skb)
1085                         goto ipv6_pktoptions;
1086                 return 0;
1087         }
1088
1089         if (skb->len < (skb->h.th->doff<<2) || tcp_checksum_complete(skb))
1090                 goto csum_err;
1091
1092         if (sk->sk_state == TCP_LISTEN) { 
1093                 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1094                 if (!nsk)
1095                         goto discard;
1096
1097                 /*
1098                  * Queue it on the new socket if the new socket is active,
1099                  * otherwise we just shortcircuit this and continue with
1100                  * the new socket..
1101                  */
1102                 if(nsk != sk) {
1103                         if (tcp_child_process(sk, nsk, skb))
1104                                 goto reset;
1105                         if (opt_skb)
1106                                 __kfree_skb(opt_skb);
1107                         return 0;
1108                 }
1109         }
1110
1111         TCP_CHECK_TIMER(sk);
1112         if (tcp_rcv_state_process(sk, skb, skb->h.th, skb->len))
1113                 goto reset;
1114         TCP_CHECK_TIMER(sk);
1115         if (opt_skb)
1116                 goto ipv6_pktoptions;
1117         return 0;
1118
1119 reset:
1120         tcp_v6_send_reset(skb);
1121 discard:
1122         if (opt_skb)
1123                 __kfree_skb(opt_skb);
1124         kfree_skb(skb);
1125         return 0;
1126 csum_err:
1127         TCP_INC_STATS_BH(TCP_MIB_INERRS);
1128         goto discard;
1129
1130
1131 ipv6_pktoptions:
1132         /* Do you ask, what is it?
1133
1134            1. skb was enqueued by tcp.
1135            2. skb is added to tail of read queue, rather than out of order.
1136            3. socket is not in passive state.
1137            4. Finally, it really contains options, which user wants to receive.
1138          */
1139         tp = tcp_sk(sk);
1140         if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1141             !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1142                 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1143                         np->mcast_oif = inet6_iif(opt_skb);
1144                 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1145                         np->mcast_hops = opt_skb->nh.ipv6h->hop_limit;
1146                 if (ipv6_opt_accepted(sk, opt_skb)) {
1147                         skb_set_owner_r(opt_skb, sk);
1148                         opt_skb = xchg(&np->pktoptions, opt_skb);
1149                 } else {
1150                         __kfree_skb(opt_skb);
1151                         opt_skb = xchg(&np->pktoptions, NULL);
1152                 }
1153         }
1154
1155         if (opt_skb)
1156                 kfree_skb(opt_skb);
1157         return 0;
1158 }
1159
1160 static int tcp_v6_rcv(struct sk_buff **pskb)
1161 {
1162         struct sk_buff *skb = *pskb;
1163         struct tcphdr *th;      
1164         struct sock *sk;
1165         int ret;
1166
1167         if (skb->pkt_type != PACKET_HOST)
1168                 goto discard_it;
1169
1170         /*
1171          *      Count it even if it's bad.
1172          */
1173         TCP_INC_STATS_BH(TCP_MIB_INSEGS);
1174
1175         if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1176                 goto discard_it;
1177
1178         th = skb->h.th;
1179
1180         if (th->doff < sizeof(struct tcphdr)/4)
1181                 goto bad_packet;
1182         if (!pskb_may_pull(skb, th->doff*4))
1183                 goto discard_it;
1184
1185         if ((skb->ip_summed != CHECKSUM_UNNECESSARY &&
1186              tcp_v6_checksum_init(skb)))
1187                 goto bad_packet;
1188
1189         th = skb->h.th;
1190         TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1191         TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1192                                     skb->len - th->doff*4);
1193         TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1194         TCP_SKB_CB(skb)->when = 0;
1195         TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(skb->nh.ipv6h);
1196         TCP_SKB_CB(skb)->sacked = 0;
1197
1198         sk = __inet6_lookup(&tcp_hashinfo, &skb->nh.ipv6h->saddr, th->source,
1199                             &skb->nh.ipv6h->daddr, ntohs(th->dest),
1200                             inet6_iif(skb));
1201
1202         if (!sk)
1203                 goto no_tcp_socket;
1204
1205 process:
1206         if (sk->sk_state == TCP_TIME_WAIT)
1207                 goto do_time_wait;
1208
1209         if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1210                 goto discard_and_relse;
1211
1212         if (sk_filter(sk, skb, 0))
1213                 goto discard_and_relse;
1214
1215         skb->dev = NULL;
1216
1217         bh_lock_sock(sk);
1218         ret = 0;
1219         if (!sock_owned_by_user(sk)) {
1220                 if (!tcp_prequeue(sk, skb))
1221                         ret = tcp_v6_do_rcv(sk, skb);
1222         } else
1223                 sk_add_backlog(sk, skb);
1224         bh_unlock_sock(sk);
1225
1226         sock_put(sk);
1227         return ret ? -1 : 0;
1228
1229 no_tcp_socket:
1230         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1231                 goto discard_it;
1232
1233         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1234 bad_packet:
1235                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1236         } else {
1237                 tcp_v6_send_reset(skb);
1238         }
1239
1240 discard_it:
1241
1242         /*
1243          *      Discard frame
1244          */
1245
1246         kfree_skb(skb);
1247         return 0;
1248
1249 discard_and_relse:
1250         sock_put(sk);
1251         goto discard_it;
1252
1253 do_time_wait:
1254         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1255                 inet_twsk_put((struct inet_timewait_sock *)sk);
1256                 goto discard_it;
1257         }
1258
1259         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1260                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1261                 inet_twsk_put((struct inet_timewait_sock *)sk);
1262                 goto discard_it;
1263         }
1264
1265         switch (tcp_timewait_state_process((struct inet_timewait_sock *)sk,
1266                                            skb, th)) {
1267         case TCP_TW_SYN:
1268         {
1269                 struct sock *sk2;
1270
1271                 sk2 = inet6_lookup_listener(&tcp_hashinfo,
1272                                             &skb->nh.ipv6h->daddr,
1273                                             ntohs(th->dest), inet6_iif(skb));
1274                 if (sk2 != NULL) {
1275                         struct inet_timewait_sock *tw = inet_twsk(sk);
1276                         inet_twsk_deschedule(tw, &tcp_death_row);
1277                         inet_twsk_put(tw);
1278                         sk = sk2;
1279                         goto process;
1280                 }
1281                 /* Fall through to ACK */
1282         }
1283         case TCP_TW_ACK:
1284                 tcp_v6_timewait_ack(sk, skb);
1285                 break;
1286         case TCP_TW_RST:
1287                 goto no_tcp_socket;
1288         case TCP_TW_SUCCESS:;
1289         }
1290         goto discard_it;
1291 }
1292
1293 static int tcp_v6_remember_stamp(struct sock *sk)
1294 {
1295         /* Alas, not yet... */
1296         return 0;
1297 }
1298
1299 static struct inet_connection_sock_af_ops ipv6_specific = {
1300         .queue_xmit     =       inet6_csk_xmit,
1301         .send_check     =       tcp_v6_send_check,
1302         .rebuild_header =       inet6_sk_rebuild_header,
1303         .conn_request   =       tcp_v6_conn_request,
1304         .syn_recv_sock  =       tcp_v6_syn_recv_sock,
1305         .remember_stamp =       tcp_v6_remember_stamp,
1306         .net_header_len =       sizeof(struct ipv6hdr),
1307
1308         .setsockopt     =       ipv6_setsockopt,
1309         .getsockopt     =       ipv6_getsockopt,
1310         .addr2sockaddr  =       inet6_csk_addr2sockaddr,
1311         .sockaddr_len   =       sizeof(struct sockaddr_in6)
1312 };
1313
1314 /*
1315  *      TCP over IPv4 via INET6 API
1316  */
1317
1318 static struct inet_connection_sock_af_ops ipv6_mapped = {
1319         .queue_xmit     =       ip_queue_xmit,
1320         .send_check     =       tcp_v4_send_check,
1321         .rebuild_header =       inet_sk_rebuild_header,
1322         .conn_request   =       tcp_v6_conn_request,
1323         .syn_recv_sock  =       tcp_v6_syn_recv_sock,
1324         .remember_stamp =       tcp_v4_remember_stamp,
1325         .net_header_len =       sizeof(struct iphdr),
1326
1327         .setsockopt     =       ipv6_setsockopt,
1328         .getsockopt     =       ipv6_getsockopt,
1329         .addr2sockaddr  =       inet6_csk_addr2sockaddr,
1330         .sockaddr_len   =       sizeof(struct sockaddr_in6)
1331 };
1332
1333
1334
1335 /* NOTE: A lot of things set to zero explicitly by call to
1336  *       sk_alloc() so need not be done here.
1337  */
1338 static int tcp_v6_init_sock(struct sock *sk)
1339 {
1340         struct inet_connection_sock *icsk = inet_csk(sk);
1341         struct tcp_sock *tp = tcp_sk(sk);
1342
1343         skb_queue_head_init(&tp->out_of_order_queue);
1344         tcp_init_xmit_timers(sk);
1345         tcp_prequeue_init(tp);
1346
1347         icsk->icsk_rto = TCP_TIMEOUT_INIT;
1348         tp->mdev = TCP_TIMEOUT_INIT;
1349
1350         /* So many TCP implementations out there (incorrectly) count the
1351          * initial SYN frame in their delayed-ACK and congestion control
1352          * algorithms that we must have the following bandaid to talk
1353          * efficiently to them.  -DaveM
1354          */
1355         tp->snd_cwnd = 2;
1356
1357         /* See draft-stevens-tcpca-spec-01 for discussion of the
1358          * initialization of these values.
1359          */
1360         tp->snd_ssthresh = 0x7fffffff;
1361         tp->snd_cwnd_clamp = ~0;
1362         tp->mss_cache = 536;
1363
1364         tp->reordering = sysctl_tcp_reordering;
1365
1366         sk->sk_state = TCP_CLOSE;
1367
1368         icsk->icsk_af_ops = &ipv6_specific;
1369         icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1370         icsk->icsk_sync_mss = tcp_sync_mss;
1371         sk->sk_write_space = sk_stream_write_space;
1372         sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1373
1374         sk->sk_sndbuf = sysctl_tcp_wmem[1];
1375         sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1376
1377         atomic_inc(&tcp_sockets_allocated);
1378
1379         return 0;
1380 }
1381
1382 static int tcp_v6_destroy_sock(struct sock *sk)
1383 {
1384         tcp_v4_destroy_sock(sk);
1385         return inet6_destroy_sock(sk);
1386 }
1387
1388 /* Proc filesystem TCPv6 sock list dumping. */
1389 static void get_openreq6(struct seq_file *seq, 
1390                          struct sock *sk, struct request_sock *req, int i, int uid)
1391 {
1392         int ttd = req->expires - jiffies;
1393         struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1394         struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1395
1396         if (ttd < 0)
1397                 ttd = 0;
1398
1399         seq_printf(seq,
1400                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1401                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1402                    i,
1403                    src->s6_addr32[0], src->s6_addr32[1],
1404                    src->s6_addr32[2], src->s6_addr32[3],
1405                    ntohs(inet_sk(sk)->sport),
1406                    dest->s6_addr32[0], dest->s6_addr32[1],
1407                    dest->s6_addr32[2], dest->s6_addr32[3],
1408                    ntohs(inet_rsk(req)->rmt_port),
1409                    TCP_SYN_RECV,
1410                    0,0, /* could print option size, but that is af dependent. */
1411                    1,   /* timers active (only the expire timer) */  
1412                    jiffies_to_clock_t(ttd), 
1413                    req->retrans,
1414                    uid,
1415                    0,  /* non standard timer */  
1416                    0, /* open_requests have no inode */
1417                    0, req);
1418 }
1419
1420 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1421 {
1422         struct in6_addr *dest, *src;
1423         __u16 destp, srcp;
1424         int timer_active;
1425         unsigned long timer_expires;
1426         struct inet_sock *inet = inet_sk(sp);
1427         struct tcp_sock *tp = tcp_sk(sp);
1428         const struct inet_connection_sock *icsk = inet_csk(sp);
1429         struct ipv6_pinfo *np = inet6_sk(sp);
1430
1431         dest  = &np->daddr;
1432         src   = &np->rcv_saddr;
1433         destp = ntohs(inet->dport);
1434         srcp  = ntohs(inet->sport);
1435
1436         if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1437                 timer_active    = 1;
1438                 timer_expires   = icsk->icsk_timeout;
1439         } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1440                 timer_active    = 4;
1441                 timer_expires   = icsk->icsk_timeout;
1442         } else if (timer_pending(&sp->sk_timer)) {
1443                 timer_active    = 2;
1444                 timer_expires   = sp->sk_timer.expires;
1445         } else {
1446                 timer_active    = 0;
1447                 timer_expires = jiffies;
1448         }
1449
1450         seq_printf(seq,
1451                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1452                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %u %u %u %u %d\n",
1453                    i,
1454                    src->s6_addr32[0], src->s6_addr32[1],
1455                    src->s6_addr32[2], src->s6_addr32[3], srcp,
1456                    dest->s6_addr32[0], dest->s6_addr32[1],
1457                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
1458                    sp->sk_state, 
1459                    tp->write_seq-tp->snd_una, tp->rcv_nxt-tp->copied_seq,
1460                    timer_active,
1461                    jiffies_to_clock_t(timer_expires - jiffies),
1462                    icsk->icsk_retransmits,
1463                    sock_i_uid(sp),
1464                    icsk->icsk_probes_out,
1465                    sock_i_ino(sp),
1466                    atomic_read(&sp->sk_refcnt), sp,
1467                    icsk->icsk_rto,
1468                    icsk->icsk_ack.ato,
1469                    (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
1470                    tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
1471                    );
1472 }
1473
1474 static void get_timewait6_sock(struct seq_file *seq, 
1475                                struct inet_timewait_sock *tw, int i)
1476 {
1477         struct in6_addr *dest, *src;
1478         __u16 destp, srcp;
1479         struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
1480         int ttd = tw->tw_ttd - jiffies;
1481
1482         if (ttd < 0)
1483                 ttd = 0;
1484
1485         dest = &tw6->tw_v6_daddr;
1486         src  = &tw6->tw_v6_rcv_saddr;
1487         destp = ntohs(tw->tw_dport);
1488         srcp  = ntohs(tw->tw_sport);
1489
1490         seq_printf(seq,
1491                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1492                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1493                    i,
1494                    src->s6_addr32[0], src->s6_addr32[1],
1495                    src->s6_addr32[2], src->s6_addr32[3], srcp,
1496                    dest->s6_addr32[0], dest->s6_addr32[1],
1497                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
1498                    tw->tw_substate, 0, 0,
1499                    3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
1500                    atomic_read(&tw->tw_refcnt), tw);
1501 }
1502
1503 #ifdef CONFIG_PROC_FS
1504 static int tcp6_seq_show(struct seq_file *seq, void *v)
1505 {
1506         struct tcp_iter_state *st;
1507
1508         if (v == SEQ_START_TOKEN) {
1509                 seq_puts(seq,
1510                          "  sl  "
1511                          "local_address                         "
1512                          "remote_address                        "
1513                          "st tx_queue rx_queue tr tm->when retrnsmt"
1514                          "   uid  timeout inode\n");
1515                 goto out;
1516         }
1517         st = seq->private;
1518
1519         switch (st->state) {
1520         case TCP_SEQ_STATE_LISTENING:
1521         case TCP_SEQ_STATE_ESTABLISHED:
1522                 get_tcp6_sock(seq, v, st->num);
1523                 break;
1524         case TCP_SEQ_STATE_OPENREQ:
1525                 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
1526                 break;
1527         case TCP_SEQ_STATE_TIME_WAIT:
1528                 get_timewait6_sock(seq, v, st->num);
1529                 break;
1530         }
1531 out:
1532         return 0;
1533 }
1534
1535 static struct file_operations tcp6_seq_fops;
1536 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1537         .owner          = THIS_MODULE,
1538         .name           = "tcp6",
1539         .family         = AF_INET6,
1540         .seq_show       = tcp6_seq_show,
1541         .seq_fops       = &tcp6_seq_fops,
1542 };
1543
1544 int __init tcp6_proc_init(void)
1545 {
1546         return tcp_proc_register(&tcp6_seq_afinfo);
1547 }
1548
1549 void tcp6_proc_exit(void)
1550 {
1551         tcp_proc_unregister(&tcp6_seq_afinfo);
1552 }
1553 #endif
1554
1555 struct proto tcpv6_prot = {
1556         .name                   = "TCPv6",
1557         .owner                  = THIS_MODULE,
1558         .close                  = tcp_close,
1559         .connect                = tcp_v6_connect,
1560         .disconnect             = tcp_disconnect,
1561         .accept                 = inet_csk_accept,
1562         .ioctl                  = tcp_ioctl,
1563         .init                   = tcp_v6_init_sock,
1564         .destroy                = tcp_v6_destroy_sock,
1565         .shutdown               = tcp_shutdown,
1566         .setsockopt             = tcp_setsockopt,
1567         .getsockopt             = tcp_getsockopt,
1568         .sendmsg                = tcp_sendmsg,
1569         .recvmsg                = tcp_recvmsg,
1570         .backlog_rcv            = tcp_v6_do_rcv,
1571         .hash                   = tcp_v6_hash,
1572         .unhash                 = tcp_unhash,
1573         .get_port               = tcp_v6_get_port,
1574         .enter_memory_pressure  = tcp_enter_memory_pressure,
1575         .sockets_allocated      = &tcp_sockets_allocated,
1576         .memory_allocated       = &tcp_memory_allocated,
1577         .memory_pressure        = &tcp_memory_pressure,
1578         .orphan_count           = &tcp_orphan_count,
1579         .sysctl_mem             = sysctl_tcp_mem,
1580         .sysctl_wmem            = sysctl_tcp_wmem,
1581         .sysctl_rmem            = sysctl_tcp_rmem,
1582         .max_header             = MAX_TCP_HEADER,
1583         .obj_size               = sizeof(struct tcp6_sock),
1584         .twsk_prot              = &tcp6_timewait_sock_ops,
1585         .rsk_prot               = &tcp6_request_sock_ops,
1586 };
1587
1588 static struct inet6_protocol tcpv6_protocol = {
1589         .handler        =       tcp_v6_rcv,
1590         .err_handler    =       tcp_v6_err,
1591         .flags          =       INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1592 };
1593
1594 static struct inet_protosw tcpv6_protosw = {
1595         .type           =       SOCK_STREAM,
1596         .protocol       =       IPPROTO_TCP,
1597         .prot           =       &tcpv6_prot,
1598         .ops            =       &inet6_stream_ops,
1599         .capability     =       -1,
1600         .no_check       =       0,
1601         .flags          =       INET_PROTOSW_PERMANENT |
1602                                 INET_PROTOSW_ICSK,
1603 };
1604
1605 void __init tcpv6_init(void)
1606 {
1607         int err;
1608
1609         /* register inet6 protocol */
1610         if (inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP) < 0)
1611                 printk(KERN_ERR "tcpv6_init: Could not register protocol\n");
1612         inet6_register_protosw(&tcpv6_protosw);
1613
1614         err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_TCP, &tcp6_socket);
1615         if (err < 0)
1616                 panic("Failed to create the TCPv6 control socket.\n");
1617         tcp6_socket->sk->sk_allocation = GFP_ATOMIC;
1618
1619         /* Unhash it so that IP input processing does not even
1620          * see it, we do not wish this socket to see incoming
1621          * packets.
1622          */
1623         tcp6_socket->sk->sk_prot->unhash(tcp6_socket->sk);
1624 }