Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
[linux-2.6] / net / ipv6 / tcp_ipv6.c
1 /*
2  *      TCP over IPv6
3  *      Linux INET6 implementation 
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>     
7  *
8  *      $Id: tcp_ipv6.c,v 1.144 2002/02/01 22:01:04 davem Exp $
9  *
10  *      Based on: 
11  *      linux/net/ipv4/tcp.c
12  *      linux/net/ipv4/tcp_input.c
13  *      linux/net/ipv4/tcp_output.c
14  *
15  *      Fixes:
16  *      Hideaki YOSHIFUJI       :       sin6_scope_id support
17  *      YOSHIFUJI Hideaki @USAGI and:   Support IPV6_V6ONLY socket option, which
18  *      Alexey Kuznetsov                allow both IPv4 and IPv6 sockets to bind
19  *                                      a single port at the same time.
20  *      YOSHIFUJI Hideaki @USAGI:       convert /proc/net/tcp6 to seq_file.
21  *
22  *      This program is free software; you can redistribute it and/or
23  *      modify it under the terms of the GNU General Public License
24  *      as published by the Free Software Foundation; either version
25  *      2 of the License, or (at your option) any later version.
26  */
27
28 #include <linux/module.h>
29 #include <linux/config.h>
30 #include <linux/errno.h>
31 #include <linux/types.h>
32 #include <linux/socket.h>
33 #include <linux/sockios.h>
34 #include <linux/net.h>
35 #include <linux/jiffies.h>
36 #include <linux/in.h>
37 #include <linux/in6.h>
38 #include <linux/netdevice.h>
39 #include <linux/init.h>
40 #include <linux/jhash.h>
41 #include <linux/ipsec.h>
42 #include <linux/times.h>
43
44 #include <linux/ipv6.h>
45 #include <linux/icmpv6.h>
46 #include <linux/random.h>
47
48 #include <net/tcp.h>
49 #include <net/ndisc.h>
50 #include <net/inet6_hashtables.h>
51 #include <net/inet6_connection_sock.h>
52 #include <net/ipv6.h>
53 #include <net/transp_v6.h>
54 #include <net/addrconf.h>
55 #include <net/ip6_route.h>
56 #include <net/ip6_checksum.h>
57 #include <net/inet_ecn.h>
58 #include <net/protocol.h>
59 #include <net/xfrm.h>
60 #include <net/addrconf.h>
61 #include <net/snmp.h>
62 #include <net/dsfield.h>
63 #include <net/timewait_sock.h>
64
65 #include <asm/uaccess.h>
66
67 #include <linux/proc_fs.h>
68 #include <linux/seq_file.h>
69
70 /* Socket used for sending RSTs and ACKs */
71 static struct socket *tcp6_socket;
72
73 static void     tcp_v6_send_reset(struct sk_buff *skb);
74 static void     tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req);
75 static void     tcp_v6_send_check(struct sock *sk, int len, 
76                                   struct sk_buff *skb);
77
78 static int      tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
79
80 static struct inet_connection_sock_af_ops ipv6_mapped;
81 static struct inet_connection_sock_af_ops ipv6_specific;
82
83 static int tcp_v6_get_port(struct sock *sk, unsigned short snum)
84 {
85         return inet_csk_get_port(&tcp_hashinfo, sk, snum,
86                                  inet6_csk_bind_conflict);
87 }
88
89 static void tcp_v6_hash(struct sock *sk)
90 {
91         if (sk->sk_state != TCP_CLOSE) {
92                 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
93                         tcp_prot.hash(sk);
94                         return;
95                 }
96                 local_bh_disable();
97                 __inet6_hash(&tcp_hashinfo, sk);
98                 local_bh_enable();
99         }
100 }
101
102 static __inline__ u16 tcp_v6_check(struct tcphdr *th, int len,
103                                    struct in6_addr *saddr, 
104                                    struct in6_addr *daddr, 
105                                    unsigned long base)
106 {
107         return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
108 }
109
110 static __u32 tcp_v6_init_sequence(struct sock *sk, struct sk_buff *skb)
111 {
112         if (skb->protocol == htons(ETH_P_IPV6)) {
113                 return secure_tcpv6_sequence_number(skb->nh.ipv6h->daddr.s6_addr32,
114                                                     skb->nh.ipv6h->saddr.s6_addr32,
115                                                     skb->h.th->dest,
116                                                     skb->h.th->source);
117         } else {
118                 return secure_tcp_sequence_number(skb->nh.iph->daddr,
119                                                   skb->nh.iph->saddr,
120                                                   skb->h.th->dest,
121                                                   skb->h.th->source);
122         }
123 }
124
125 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 
126                           int addr_len)
127 {
128         struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
129         struct inet_sock *inet = inet_sk(sk);
130         struct inet_connection_sock *icsk = inet_csk(sk);
131         struct ipv6_pinfo *np = inet6_sk(sk);
132         struct tcp_sock *tp = tcp_sk(sk);
133         struct in6_addr *saddr = NULL, *final_p = NULL, final;
134         struct flowi fl;
135         struct dst_entry *dst;
136         int addr_type;
137         int err;
138
139         if (addr_len < SIN6_LEN_RFC2133) 
140                 return -EINVAL;
141
142         if (usin->sin6_family != AF_INET6) 
143                 return(-EAFNOSUPPORT);
144
145         memset(&fl, 0, sizeof(fl));
146
147         if (np->sndflow) {
148                 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
149                 IP6_ECN_flow_init(fl.fl6_flowlabel);
150                 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
151                         struct ip6_flowlabel *flowlabel;
152                         flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
153                         if (flowlabel == NULL)
154                                 return -EINVAL;
155                         ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
156                         fl6_sock_release(flowlabel);
157                 }
158         }
159
160         /*
161          *      connect() to INADDR_ANY means loopback (BSD'ism).
162          */
163         
164         if(ipv6_addr_any(&usin->sin6_addr))
165                 usin->sin6_addr.s6_addr[15] = 0x1; 
166
167         addr_type = ipv6_addr_type(&usin->sin6_addr);
168
169         if(addr_type & IPV6_ADDR_MULTICAST)
170                 return -ENETUNREACH;
171
172         if (addr_type&IPV6_ADDR_LINKLOCAL) {
173                 if (addr_len >= sizeof(struct sockaddr_in6) &&
174                     usin->sin6_scope_id) {
175                         /* If interface is set while binding, indices
176                          * must coincide.
177                          */
178                         if (sk->sk_bound_dev_if &&
179                             sk->sk_bound_dev_if != usin->sin6_scope_id)
180                                 return -EINVAL;
181
182                         sk->sk_bound_dev_if = usin->sin6_scope_id;
183                 }
184
185                 /* Connect to link-local address requires an interface */
186                 if (!sk->sk_bound_dev_if)
187                         return -EINVAL;
188         }
189
190         if (tp->rx_opt.ts_recent_stamp &&
191             !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
192                 tp->rx_opt.ts_recent = 0;
193                 tp->rx_opt.ts_recent_stamp = 0;
194                 tp->write_seq = 0;
195         }
196
197         ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
198         np->flow_label = fl.fl6_flowlabel;
199
200         /*
201          *      TCP over IPv4
202          */
203
204         if (addr_type == IPV6_ADDR_MAPPED) {
205                 u32 exthdrlen = icsk->icsk_ext_hdr_len;
206                 struct sockaddr_in sin;
207
208                 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
209
210                 if (__ipv6_only_sock(sk))
211                         return -ENETUNREACH;
212
213                 sin.sin_family = AF_INET;
214                 sin.sin_port = usin->sin6_port;
215                 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
216
217                 icsk->icsk_af_ops = &ipv6_mapped;
218                 sk->sk_backlog_rcv = tcp_v4_do_rcv;
219
220                 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
221
222                 if (err) {
223                         icsk->icsk_ext_hdr_len = exthdrlen;
224                         icsk->icsk_af_ops = &ipv6_specific;
225                         sk->sk_backlog_rcv = tcp_v6_do_rcv;
226                         goto failure;
227                 } else {
228                         ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF),
229                                       inet->saddr);
230                         ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF),
231                                       inet->rcv_saddr);
232                 }
233
234                 return err;
235         }
236
237         if (!ipv6_addr_any(&np->rcv_saddr))
238                 saddr = &np->rcv_saddr;
239
240         fl.proto = IPPROTO_TCP;
241         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
242         ipv6_addr_copy(&fl.fl6_src,
243                        (saddr ? saddr : &np->saddr));
244         fl.oif = sk->sk_bound_dev_if;
245         fl.fl_ip_dport = usin->sin6_port;
246         fl.fl_ip_sport = inet->sport;
247
248         if (np->opt && np->opt->srcrt) {
249                 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
250                 ipv6_addr_copy(&final, &fl.fl6_dst);
251                 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
252                 final_p = &final;
253         }
254
255         err = ip6_dst_lookup(sk, &dst, &fl);
256         if (err)
257                 goto failure;
258         if (final_p)
259                 ipv6_addr_copy(&fl.fl6_dst, final_p);
260
261         if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
262                 goto failure;
263
264         if (saddr == NULL) {
265                 saddr = &fl.fl6_src;
266                 ipv6_addr_copy(&np->rcv_saddr, saddr);
267         }
268
269         /* set the source address */
270         ipv6_addr_copy(&np->saddr, saddr);
271         inet->rcv_saddr = LOOPBACK4_IPV6;
272
273         ip6_dst_store(sk, dst, NULL);
274         sk->sk_route_caps = dst->dev->features &
275                 ~(NETIF_F_IP_CSUM | NETIF_F_TSO);
276
277         icsk->icsk_ext_hdr_len = 0;
278         if (np->opt)
279                 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
280                                           np->opt->opt_nflen);
281
282         tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
283
284         inet->dport = usin->sin6_port;
285
286         tcp_set_state(sk, TCP_SYN_SENT);
287         err = inet6_hash_connect(&tcp_death_row, sk);
288         if (err)
289                 goto late_failure;
290
291         if (!tp->write_seq)
292                 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
293                                                              np->daddr.s6_addr32,
294                                                              inet->sport,
295                                                              inet->dport);
296
297         err = tcp_connect(sk);
298         if (err)
299                 goto late_failure;
300
301         return 0;
302
303 late_failure:
304         tcp_set_state(sk, TCP_CLOSE);
305         __sk_dst_reset(sk);
306 failure:
307         inet->dport = 0;
308         sk->sk_route_caps = 0;
309         return err;
310 }
311
312 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
313                 int type, int code, int offset, __u32 info)
314 {
315         struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
316         const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
317         struct ipv6_pinfo *np;
318         struct sock *sk;
319         int err;
320         struct tcp_sock *tp; 
321         __u32 seq;
322
323         sk = inet6_lookup(&tcp_hashinfo, &hdr->daddr, th->dest, &hdr->saddr,
324                           th->source, skb->dev->ifindex);
325
326         if (sk == NULL) {
327                 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
328                 return;
329         }
330
331         if (sk->sk_state == TCP_TIME_WAIT) {
332                 inet_twsk_put((struct inet_timewait_sock *)sk);
333                 return;
334         }
335
336         bh_lock_sock(sk);
337         if (sock_owned_by_user(sk))
338                 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
339
340         if (sk->sk_state == TCP_CLOSE)
341                 goto out;
342
343         tp = tcp_sk(sk);
344         seq = ntohl(th->seq); 
345         if (sk->sk_state != TCP_LISTEN &&
346             !between(seq, tp->snd_una, tp->snd_nxt)) {
347                 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
348                 goto out;
349         }
350
351         np = inet6_sk(sk);
352
353         if (type == ICMPV6_PKT_TOOBIG) {
354                 struct dst_entry *dst = NULL;
355
356                 if (sock_owned_by_user(sk))
357                         goto out;
358                 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
359                         goto out;
360
361                 /* icmp should have updated the destination cache entry */
362                 dst = __sk_dst_check(sk, np->dst_cookie);
363
364                 if (dst == NULL) {
365                         struct inet_sock *inet = inet_sk(sk);
366                         struct flowi fl;
367
368                         /* BUGGG_FUTURE: Again, it is not clear how
369                            to handle rthdr case. Ignore this complexity
370                            for now.
371                          */
372                         memset(&fl, 0, sizeof(fl));
373                         fl.proto = IPPROTO_TCP;
374                         ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
375                         ipv6_addr_copy(&fl.fl6_src, &np->saddr);
376                         fl.oif = sk->sk_bound_dev_if;
377                         fl.fl_ip_dport = inet->dport;
378                         fl.fl_ip_sport = inet->sport;
379
380                         if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
381                                 sk->sk_err_soft = -err;
382                                 goto out;
383                         }
384
385                         if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
386                                 sk->sk_err_soft = -err;
387                                 goto out;
388                         }
389
390                 } else
391                         dst_hold(dst);
392
393                 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
394                         tcp_sync_mss(sk, dst_mtu(dst));
395                         tcp_simple_retransmit(sk);
396                 } /* else let the usual retransmit timer handle it */
397                 dst_release(dst);
398                 goto out;
399         }
400
401         icmpv6_err_convert(type, code, &err);
402
403         /* Might be for an request_sock */
404         switch (sk->sk_state) {
405                 struct request_sock *req, **prev;
406         case TCP_LISTEN:
407                 if (sock_owned_by_user(sk))
408                         goto out;
409
410                 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
411                                            &hdr->saddr, inet6_iif(skb));
412                 if (!req)
413                         goto out;
414
415                 /* ICMPs are not backlogged, hence we cannot get
416                  * an established socket here.
417                  */
418                 BUG_TRAP(req->sk == NULL);
419
420                 if (seq != tcp_rsk(req)->snt_isn) {
421                         NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
422                         goto out;
423                 }
424
425                 inet_csk_reqsk_queue_drop(sk, req, prev);
426                 goto out;
427
428         case TCP_SYN_SENT:
429         case TCP_SYN_RECV:  /* Cannot happen.
430                                It can, it SYNs are crossed. --ANK */ 
431                 if (!sock_owned_by_user(sk)) {
432                         TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
433                         sk->sk_err = err;
434                         sk->sk_error_report(sk);                /* Wake people up to see the error (see connect in sock.c) */
435
436                         tcp_done(sk);
437                 } else
438                         sk->sk_err_soft = err;
439                 goto out;
440         }
441
442         if (!sock_owned_by_user(sk) && np->recverr) {
443                 sk->sk_err = err;
444                 sk->sk_error_report(sk);
445         } else
446                 sk->sk_err_soft = err;
447
448 out:
449         bh_unlock_sock(sk);
450         sock_put(sk);
451 }
452
453
454 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
455                               struct dst_entry *dst)
456 {
457         struct inet6_request_sock *treq = inet6_rsk(req);
458         struct ipv6_pinfo *np = inet6_sk(sk);
459         struct sk_buff * skb;
460         struct ipv6_txoptions *opt = NULL;
461         struct in6_addr * final_p = NULL, final;
462         struct flowi fl;
463         int err = -1;
464
465         memset(&fl, 0, sizeof(fl));
466         fl.proto = IPPROTO_TCP;
467         ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
468         ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
469         fl.fl6_flowlabel = 0;
470         fl.oif = treq->iif;
471         fl.fl_ip_dport = inet_rsk(req)->rmt_port;
472         fl.fl_ip_sport = inet_sk(sk)->sport;
473
474         if (dst == NULL) {
475                 opt = np->opt;
476                 if (opt == NULL &&
477                     np->rxopt.bits.osrcrt == 2 &&
478                     treq->pktopts) {
479                         struct sk_buff *pktopts = treq->pktopts;
480                         struct inet6_skb_parm *rxopt = IP6CB(pktopts);
481                         if (rxopt->srcrt)
482                                 opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr*)(pktopts->nh.raw + rxopt->srcrt));
483                 }
484
485                 if (opt && opt->srcrt) {
486                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
487                         ipv6_addr_copy(&final, &fl.fl6_dst);
488                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
489                         final_p = &final;
490                 }
491
492                 err = ip6_dst_lookup(sk, &dst, &fl);
493                 if (err)
494                         goto done;
495                 if (final_p)
496                         ipv6_addr_copy(&fl.fl6_dst, final_p);
497                 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
498                         goto done;
499         }
500
501         skb = tcp_make_synack(sk, dst, req);
502         if (skb) {
503                 struct tcphdr *th = skb->h.th;
504
505                 th->check = tcp_v6_check(th, skb->len,
506                                          &treq->loc_addr, &treq->rmt_addr,
507                                          csum_partial((char *)th, skb->len, skb->csum));
508
509                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
510                 err = ip6_xmit(sk, skb, &fl, opt, 0);
511                 if (err == NET_XMIT_CN)
512                         err = 0;
513         }
514
515 done:
516         if (opt && opt != np->opt)
517                 sock_kfree_s(sk, opt, opt->tot_len);
518         dst_release(dst);
519         return err;
520 }
521
522 static void tcp_v6_reqsk_destructor(struct request_sock *req)
523 {
524         if (inet6_rsk(req)->pktopts)
525                 kfree_skb(inet6_rsk(req)->pktopts);
526 }
527
528 static struct request_sock_ops tcp6_request_sock_ops = {
529         .family         =       AF_INET6,
530         .obj_size       =       sizeof(struct tcp6_request_sock),
531         .rtx_syn_ack    =       tcp_v6_send_synack,
532         .send_ack       =       tcp_v6_reqsk_send_ack,
533         .destructor     =       tcp_v6_reqsk_destructor,
534         .send_reset     =       tcp_v6_send_reset
535 };
536
537 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
538         .twsk_obj_size  = sizeof(struct tcp6_timewait_sock),
539         .twsk_unique    = tcp_twsk_unique,
540 };
541
542 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb)
543 {
544         struct ipv6_pinfo *np = inet6_sk(sk);
545         struct tcphdr *th = skb->h.th;
546
547         if (skb->ip_summed == CHECKSUM_HW) {
548                 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,  0);
549                 skb->csum = offsetof(struct tcphdr, check);
550         } else {
551                 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP, 
552                                             csum_partial((char *)th, th->doff<<2, 
553                                                          skb->csum));
554         }
555 }
556
557
558 static void tcp_v6_send_reset(struct sk_buff *skb)
559 {
560         struct tcphdr *th = skb->h.th, *t1; 
561         struct sk_buff *buff;
562         struct flowi fl;
563
564         if (th->rst)
565                 return;
566
567         if (!ipv6_unicast_destination(skb))
568                 return; 
569
570         /*
571          * We need to grab some memory, and put together an RST,
572          * and then put it into the queue to be sent.
573          */
574
575         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + sizeof(struct tcphdr),
576                          GFP_ATOMIC);
577         if (buff == NULL) 
578                 return;
579
580         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + sizeof(struct tcphdr));
581
582         t1 = (struct tcphdr *) skb_push(buff,sizeof(struct tcphdr));
583
584         /* Swap the send and the receive. */
585         memset(t1, 0, sizeof(*t1));
586         t1->dest = th->source;
587         t1->source = th->dest;
588         t1->doff = sizeof(*t1)/4;
589         t1->rst = 1;
590   
591         if(th->ack) {
592                 t1->seq = th->ack_seq;
593         } else {
594                 t1->ack = 1;
595                 t1->ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin
596                                     + skb->len - (th->doff<<2));
597         }
598
599         buff->csum = csum_partial((char *)t1, sizeof(*t1), 0);
600
601         memset(&fl, 0, sizeof(fl));
602         ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
603         ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
604
605         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
606                                     sizeof(*t1), IPPROTO_TCP,
607                                     buff->csum);
608
609         fl.proto = IPPROTO_TCP;
610         fl.oif = inet6_iif(skb);
611         fl.fl_ip_dport = t1->dest;
612         fl.fl_ip_sport = t1->source;
613
614         /* sk = NULL, but it is safe for now. RST socket required. */
615         if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
616
617                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
618                         ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
619                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
620                         TCP_INC_STATS_BH(TCP_MIB_OUTRSTS);
621                         return;
622                 }
623         }
624
625         kfree_skb(buff);
626 }
627
628 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts)
629 {
630         struct tcphdr *th = skb->h.th, *t1;
631         struct sk_buff *buff;
632         struct flowi fl;
633         int tot_len = sizeof(struct tcphdr);
634
635         if (ts)
636                 tot_len += 3*4;
637
638         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
639                          GFP_ATOMIC);
640         if (buff == NULL)
641                 return;
642
643         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
644
645         t1 = (struct tcphdr *) skb_push(buff,tot_len);
646
647         /* Swap the send and the receive. */
648         memset(t1, 0, sizeof(*t1));
649         t1->dest = th->source;
650         t1->source = th->dest;
651         t1->doff = tot_len/4;
652         t1->seq = htonl(seq);
653         t1->ack_seq = htonl(ack);
654         t1->ack = 1;
655         t1->window = htons(win);
656         
657         if (ts) {
658                 u32 *ptr = (u32*)(t1 + 1);
659                 *ptr++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
660                                (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
661                 *ptr++ = htonl(tcp_time_stamp);
662                 *ptr = htonl(ts);
663         }
664
665         buff->csum = csum_partial((char *)t1, tot_len, 0);
666
667         memset(&fl, 0, sizeof(fl));
668         ipv6_addr_copy(&fl.fl6_dst, &skb->nh.ipv6h->saddr);
669         ipv6_addr_copy(&fl.fl6_src, &skb->nh.ipv6h->daddr);
670
671         t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
672                                     tot_len, IPPROTO_TCP,
673                                     buff->csum);
674
675         fl.proto = IPPROTO_TCP;
676         fl.oif = inet6_iif(skb);
677         fl.fl_ip_dport = t1->dest;
678         fl.fl_ip_sport = t1->source;
679
680         if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
681                 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
682                         ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
683                         TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
684                         return;
685                 }
686         }
687
688         kfree_skb(buff);
689 }
690
691 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
692 {
693         struct inet_timewait_sock *tw = inet_twsk(sk);
694         const struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
695
696         tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
697                         tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
698                         tcptw->tw_ts_recent);
699
700         inet_twsk_put(tw);
701 }
702
703 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req)
704 {
705         tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent);
706 }
707
708
709 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
710 {
711         struct request_sock *req, **prev;
712         const struct tcphdr *th = skb->h.th;
713         struct sock *nsk;
714
715         /* Find possible connection requests. */
716         req = inet6_csk_search_req(sk, &prev, th->source,
717                                    &skb->nh.ipv6h->saddr,
718                                    &skb->nh.ipv6h->daddr, inet6_iif(skb));
719         if (req)
720                 return tcp_check_req(sk, skb, req, prev);
721
722         nsk = __inet6_lookup_established(&tcp_hashinfo, &skb->nh.ipv6h->saddr,
723                                          th->source, &skb->nh.ipv6h->daddr,
724                                          ntohs(th->dest), inet6_iif(skb));
725
726         if (nsk) {
727                 if (nsk->sk_state != TCP_TIME_WAIT) {
728                         bh_lock_sock(nsk);
729                         return nsk;
730                 }
731                 inet_twsk_put((struct inet_timewait_sock *)nsk);
732                 return NULL;
733         }
734
735 #if 0 /*def CONFIG_SYN_COOKIES*/
736         if (!th->rst && !th->syn && th->ack)
737                 sk = cookie_v6_check(sk, skb, &(IPCB(skb)->opt));
738 #endif
739         return sk;
740 }
741
742 /* FIXME: this is substantially similar to the ipv4 code.
743  * Can some kind of merge be done? -- erics
744  */
745 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
746 {
747         struct inet6_request_sock *treq;
748         struct ipv6_pinfo *np = inet6_sk(sk);
749         struct tcp_options_received tmp_opt;
750         struct tcp_sock *tp = tcp_sk(sk);
751         struct request_sock *req = NULL;
752         __u32 isn = TCP_SKB_CB(skb)->when;
753
754         if (skb->protocol == htons(ETH_P_IP))
755                 return tcp_v4_conn_request(sk, skb);
756
757         if (!ipv6_unicast_destination(skb))
758                 goto drop; 
759
760         /*
761          *      There are no SYN attacks on IPv6, yet...        
762          */
763         if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
764                 if (net_ratelimit())
765                         printk(KERN_INFO "TCPv6: dropping request, synflood is possible\n");
766                 goto drop;              
767         }
768
769         if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
770                 goto drop;
771
772         req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
773         if (req == NULL)
774                 goto drop;
775
776         tcp_clear_options(&tmp_opt);
777         tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
778         tmp_opt.user_mss = tp->rx_opt.user_mss;
779
780         tcp_parse_options(skb, &tmp_opt, 0);
781
782         tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
783         tcp_openreq_init(req, &tmp_opt, skb);
784
785         treq = inet6_rsk(req);
786         ipv6_addr_copy(&treq->rmt_addr, &skb->nh.ipv6h->saddr);
787         ipv6_addr_copy(&treq->loc_addr, &skb->nh.ipv6h->daddr);
788         TCP_ECN_create_request(req, skb->h.th);
789         treq->pktopts = NULL;
790         if (ipv6_opt_accepted(sk, skb) ||
791             np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
792             np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
793                 atomic_inc(&skb->users);
794                 treq->pktopts = skb;
795         }
796         treq->iif = sk->sk_bound_dev_if;
797
798         /* So that link locals have meaning */
799         if (!sk->sk_bound_dev_if &&
800             ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
801                 treq->iif = inet6_iif(skb);
802
803         if (isn == 0) 
804                 isn = tcp_v6_init_sequence(sk,skb);
805
806         tcp_rsk(req)->snt_isn = isn;
807
808         if (tcp_v6_send_synack(sk, req, NULL))
809                 goto drop;
810
811         inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
812         return 0;
813
814 drop:
815         if (req)
816                 reqsk_free(req);
817
818         TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
819         return 0; /* don't send reset */
820 }
821
822 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
823                                           struct request_sock *req,
824                                           struct dst_entry *dst)
825 {
826         struct inet6_request_sock *treq = inet6_rsk(req);
827         struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
828         struct tcp6_sock *newtcp6sk;
829         struct inet_sock *newinet;
830         struct tcp_sock *newtp;
831         struct sock *newsk;
832         struct ipv6_txoptions *opt;
833
834         if (skb->protocol == htons(ETH_P_IP)) {
835                 /*
836                  *      v6 mapped
837                  */
838
839                 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
840
841                 if (newsk == NULL) 
842                         return NULL;
843
844                 newtcp6sk = (struct tcp6_sock *)newsk;
845                 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
846
847                 newinet = inet_sk(newsk);
848                 newnp = inet6_sk(newsk);
849                 newtp = tcp_sk(newsk);
850
851                 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
852
853                 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF),
854                               newinet->daddr);
855
856                 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF),
857                               newinet->saddr);
858
859                 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
860
861                 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
862                 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
863                 newnp->pktoptions  = NULL;
864                 newnp->opt         = NULL;
865                 newnp->mcast_oif   = inet6_iif(skb);
866                 newnp->mcast_hops  = skb->nh.ipv6h->hop_limit;
867
868                 /*
869                  * No need to charge this sock to the relevant IPv6 refcnt debug socks count
870                  * here, tcp_create_openreq_child now does this for us, see the comment in
871                  * that function for the gory details. -acme
872                  */
873
874                 /* It is tricky place. Until this moment IPv4 tcp
875                    worked with IPv6 icsk.icsk_af_ops.
876                    Sync it now.
877                  */
878                 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
879
880                 return newsk;
881         }
882
883         opt = np->opt;
884
885         if (sk_acceptq_is_full(sk))
886                 goto out_overflow;
887
888         if (np->rxopt.bits.osrcrt == 2 &&
889             opt == NULL && treq->pktopts) {
890                 struct inet6_skb_parm *rxopt = IP6CB(treq->pktopts);
891                 if (rxopt->srcrt)
892                         opt = ipv6_invert_rthdr(sk, (struct ipv6_rt_hdr *)(treq->pktopts->nh.raw + rxopt->srcrt));
893         }
894
895         if (dst == NULL) {
896                 struct in6_addr *final_p = NULL, final;
897                 struct flowi fl;
898
899                 memset(&fl, 0, sizeof(fl));
900                 fl.proto = IPPROTO_TCP;
901                 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
902                 if (opt && opt->srcrt) {
903                         struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
904                         ipv6_addr_copy(&final, &fl.fl6_dst);
905                         ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
906                         final_p = &final;
907                 }
908                 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
909                 fl.oif = sk->sk_bound_dev_if;
910                 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
911                 fl.fl_ip_sport = inet_sk(sk)->sport;
912
913                 if (ip6_dst_lookup(sk, &dst, &fl))
914                         goto out;
915
916                 if (final_p)
917                         ipv6_addr_copy(&fl.fl6_dst, final_p);
918
919                 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
920                         goto out;
921         } 
922
923         newsk = tcp_create_openreq_child(sk, req, skb);
924         if (newsk == NULL)
925                 goto out;
926
927         /*
928          * No need to charge this sock to the relevant IPv6 refcnt debug socks
929          * count here, tcp_create_openreq_child now does this for us, see the
930          * comment in that function for the gory details. -acme
931          */
932
933         ip6_dst_store(newsk, dst, NULL);
934         newsk->sk_route_caps = dst->dev->features &
935                 ~(NETIF_F_IP_CSUM | NETIF_F_TSO);
936
937         newtcp6sk = (struct tcp6_sock *)newsk;
938         inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
939
940         newtp = tcp_sk(newsk);
941         newinet = inet_sk(newsk);
942         newnp = inet6_sk(newsk);
943
944         memcpy(newnp, np, sizeof(struct ipv6_pinfo));
945
946         ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
947         ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
948         ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
949         newsk->sk_bound_dev_if = treq->iif;
950
951         /* Now IPv6 options... 
952
953            First: no IPv4 options.
954          */
955         newinet->opt = NULL;
956
957         /* Clone RX bits */
958         newnp->rxopt.all = np->rxopt.all;
959
960         /* Clone pktoptions received with SYN */
961         newnp->pktoptions = NULL;
962         if (treq->pktopts != NULL) {
963                 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
964                 kfree_skb(treq->pktopts);
965                 treq->pktopts = NULL;
966                 if (newnp->pktoptions)
967                         skb_set_owner_r(newnp->pktoptions, newsk);
968         }
969         newnp->opt        = NULL;
970         newnp->mcast_oif  = inet6_iif(skb);
971         newnp->mcast_hops = skb->nh.ipv6h->hop_limit;
972
973         /* Clone native IPv6 options from listening socket (if any)
974
975            Yes, keeping reference count would be much more clever,
976            but we make one more one thing there: reattach optmem
977            to newsk.
978          */
979         if (opt) {
980                 newnp->opt = ipv6_dup_options(newsk, opt);
981                 if (opt != np->opt)
982                         sock_kfree_s(sk, opt, opt->tot_len);
983         }
984
985         inet_csk(newsk)->icsk_ext_hdr_len = 0;
986         if (newnp->opt)
987                 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
988                                                      newnp->opt->opt_flen);
989
990         tcp_mtup_init(newsk);
991         tcp_sync_mss(newsk, dst_mtu(dst));
992         newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
993         tcp_initialize_rcv_mss(newsk);
994
995         newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
996
997         __inet6_hash(&tcp_hashinfo, newsk);
998         inet_inherit_port(&tcp_hashinfo, sk, newsk);
999
1000         return newsk;
1001
1002 out_overflow:
1003         NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
1004 out:
1005         NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
1006         if (opt && opt != np->opt)
1007                 sock_kfree_s(sk, opt, opt->tot_len);
1008         dst_release(dst);
1009         return NULL;
1010 }
1011
1012 static int tcp_v6_checksum_init(struct sk_buff *skb)
1013 {
1014         if (skb->ip_summed == CHECKSUM_HW) {
1015                 if (!tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1016                                   &skb->nh.ipv6h->daddr,skb->csum)) {
1017                         skb->ip_summed = CHECKSUM_UNNECESSARY;
1018                         return 0;
1019                 }
1020         }
1021
1022         skb->csum = ~tcp_v6_check(skb->h.th,skb->len,&skb->nh.ipv6h->saddr,
1023                                   &skb->nh.ipv6h->daddr, 0);
1024
1025         if (skb->len <= 76) {
1026                 return __skb_checksum_complete(skb);
1027         }
1028         return 0;
1029 }
1030
1031 /* The socket must have it's spinlock held when we get
1032  * here.
1033  *
1034  * We have a potential double-lock case here, so even when
1035  * doing backlog processing we use the BH locking scheme.
1036  * This is because we cannot sleep with the original spinlock
1037  * held.
1038  */
1039 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1040 {
1041         struct ipv6_pinfo *np = inet6_sk(sk);
1042         struct tcp_sock *tp;
1043         struct sk_buff *opt_skb = NULL;
1044
1045         /* Imagine: socket is IPv6. IPv4 packet arrives,
1046            goes to IPv4 receive handler and backlogged.
1047            From backlog it always goes here. Kerboom...
1048            Fortunately, tcp_rcv_established and rcv_established
1049            handle them correctly, but it is not case with
1050            tcp_v6_hnd_req and tcp_v6_send_reset().   --ANK
1051          */
1052
1053         if (skb->protocol == htons(ETH_P_IP))
1054                 return tcp_v4_do_rcv(sk, skb);
1055
1056         if (sk_filter(sk, skb, 0))
1057                 goto discard;
1058
1059         /*
1060          *      socket locking is here for SMP purposes as backlog rcv
1061          *      is currently called with bh processing disabled.
1062          */
1063
1064         /* Do Stevens' IPV6_PKTOPTIONS.
1065
1066            Yes, guys, it is the only place in our code, where we
1067            may make it not affecting IPv4.
1068            The rest of code is protocol independent,
1069            and I do not like idea to uglify IPv4.
1070
1071            Actually, all the idea behind IPV6_PKTOPTIONS
1072            looks not very well thought. For now we latch
1073            options, received in the last packet, enqueued
1074            by tcp. Feel free to propose better solution.
1075                                                --ANK (980728)
1076          */
1077         if (np->rxopt.all)
1078                 opt_skb = skb_clone(skb, GFP_ATOMIC);
1079
1080         if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1081                 TCP_CHECK_TIMER(sk);
1082                 if (tcp_rcv_established(sk, skb, skb->h.th, skb->len))
1083                         goto reset;
1084                 TCP_CHECK_TIMER(sk);
1085                 if (opt_skb)
1086                         goto ipv6_pktoptions;
1087                 return 0;
1088         }
1089
1090         if (skb->len < (skb->h.th->doff<<2) || tcp_checksum_complete(skb))
1091                 goto csum_err;
1092
1093         if (sk->sk_state == TCP_LISTEN) { 
1094                 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1095                 if (!nsk)
1096                         goto discard;
1097
1098                 /*
1099                  * Queue it on the new socket if the new socket is active,
1100                  * otherwise we just shortcircuit this and continue with
1101                  * the new socket..
1102                  */
1103                 if(nsk != sk) {
1104                         if (tcp_child_process(sk, nsk, skb))
1105                                 goto reset;
1106                         if (opt_skb)
1107                                 __kfree_skb(opt_skb);
1108                         return 0;
1109                 }
1110         }
1111
1112         TCP_CHECK_TIMER(sk);
1113         if (tcp_rcv_state_process(sk, skb, skb->h.th, skb->len))
1114                 goto reset;
1115         TCP_CHECK_TIMER(sk);
1116         if (opt_skb)
1117                 goto ipv6_pktoptions;
1118         return 0;
1119
1120 reset:
1121         tcp_v6_send_reset(skb);
1122 discard:
1123         if (opt_skb)
1124                 __kfree_skb(opt_skb);
1125         kfree_skb(skb);
1126         return 0;
1127 csum_err:
1128         TCP_INC_STATS_BH(TCP_MIB_INERRS);
1129         goto discard;
1130
1131
1132 ipv6_pktoptions:
1133         /* Do you ask, what is it?
1134
1135            1. skb was enqueued by tcp.
1136            2. skb is added to tail of read queue, rather than out of order.
1137            3. socket is not in passive state.
1138            4. Finally, it really contains options, which user wants to receive.
1139          */
1140         tp = tcp_sk(sk);
1141         if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1142             !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1143                 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1144                         np->mcast_oif = inet6_iif(opt_skb);
1145                 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1146                         np->mcast_hops = opt_skb->nh.ipv6h->hop_limit;
1147                 if (ipv6_opt_accepted(sk, opt_skb)) {
1148                         skb_set_owner_r(opt_skb, sk);
1149                         opt_skb = xchg(&np->pktoptions, opt_skb);
1150                 } else {
1151                         __kfree_skb(opt_skb);
1152                         opt_skb = xchg(&np->pktoptions, NULL);
1153                 }
1154         }
1155
1156         if (opt_skb)
1157                 kfree_skb(opt_skb);
1158         return 0;
1159 }
1160
1161 static int tcp_v6_rcv(struct sk_buff **pskb)
1162 {
1163         struct sk_buff *skb = *pskb;
1164         struct tcphdr *th;      
1165         struct sock *sk;
1166         int ret;
1167
1168         if (skb->pkt_type != PACKET_HOST)
1169                 goto discard_it;
1170
1171         /*
1172          *      Count it even if it's bad.
1173          */
1174         TCP_INC_STATS_BH(TCP_MIB_INSEGS);
1175
1176         if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1177                 goto discard_it;
1178
1179         th = skb->h.th;
1180
1181         if (th->doff < sizeof(struct tcphdr)/4)
1182                 goto bad_packet;
1183         if (!pskb_may_pull(skb, th->doff*4))
1184                 goto discard_it;
1185
1186         if ((skb->ip_summed != CHECKSUM_UNNECESSARY &&
1187              tcp_v6_checksum_init(skb)))
1188                 goto bad_packet;
1189
1190         th = skb->h.th;
1191         TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1192         TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1193                                     skb->len - th->doff*4);
1194         TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1195         TCP_SKB_CB(skb)->when = 0;
1196         TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(skb->nh.ipv6h);
1197         TCP_SKB_CB(skb)->sacked = 0;
1198
1199         sk = __inet6_lookup(&tcp_hashinfo, &skb->nh.ipv6h->saddr, th->source,
1200                             &skb->nh.ipv6h->daddr, ntohs(th->dest),
1201                             inet6_iif(skb));
1202
1203         if (!sk)
1204                 goto no_tcp_socket;
1205
1206 process:
1207         if (sk->sk_state == TCP_TIME_WAIT)
1208                 goto do_time_wait;
1209
1210         if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1211                 goto discard_and_relse;
1212
1213         if (sk_filter(sk, skb, 0))
1214                 goto discard_and_relse;
1215
1216         skb->dev = NULL;
1217
1218         bh_lock_sock(sk);
1219         ret = 0;
1220         if (!sock_owned_by_user(sk)) {
1221                 if (!tcp_prequeue(sk, skb))
1222                         ret = tcp_v6_do_rcv(sk, skb);
1223         } else
1224                 sk_add_backlog(sk, skb);
1225         bh_unlock_sock(sk);
1226
1227         sock_put(sk);
1228         return ret ? -1 : 0;
1229
1230 no_tcp_socket:
1231         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1232                 goto discard_it;
1233
1234         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1235 bad_packet:
1236                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1237         } else {
1238                 tcp_v6_send_reset(skb);
1239         }
1240
1241 discard_it:
1242
1243         /*
1244          *      Discard frame
1245          */
1246
1247         kfree_skb(skb);
1248         return 0;
1249
1250 discard_and_relse:
1251         sock_put(sk);
1252         goto discard_it;
1253
1254 do_time_wait:
1255         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1256                 inet_twsk_put((struct inet_timewait_sock *)sk);
1257                 goto discard_it;
1258         }
1259
1260         if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1261                 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1262                 inet_twsk_put((struct inet_timewait_sock *)sk);
1263                 goto discard_it;
1264         }
1265
1266         switch (tcp_timewait_state_process((struct inet_timewait_sock *)sk,
1267                                            skb, th)) {
1268         case TCP_TW_SYN:
1269         {
1270                 struct sock *sk2;
1271
1272                 sk2 = inet6_lookup_listener(&tcp_hashinfo,
1273                                             &skb->nh.ipv6h->daddr,
1274                                             ntohs(th->dest), inet6_iif(skb));
1275                 if (sk2 != NULL) {
1276                         struct inet_timewait_sock *tw = inet_twsk(sk);
1277                         inet_twsk_deschedule(tw, &tcp_death_row);
1278                         inet_twsk_put(tw);
1279                         sk = sk2;
1280                         goto process;
1281                 }
1282                 /* Fall through to ACK */
1283         }
1284         case TCP_TW_ACK:
1285                 tcp_v6_timewait_ack(sk, skb);
1286                 break;
1287         case TCP_TW_RST:
1288                 goto no_tcp_socket;
1289         case TCP_TW_SUCCESS:;
1290         }
1291         goto discard_it;
1292 }
1293
1294 static int tcp_v6_remember_stamp(struct sock *sk)
1295 {
1296         /* Alas, not yet... */
1297         return 0;
1298 }
1299
1300 static struct inet_connection_sock_af_ops ipv6_specific = {
1301         .queue_xmit        = inet6_csk_xmit,
1302         .send_check        = tcp_v6_send_check,
1303         .rebuild_header    = inet6_sk_rebuild_header,
1304         .conn_request      = tcp_v6_conn_request,
1305         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1306         .remember_stamp    = tcp_v6_remember_stamp,
1307         .net_header_len    = sizeof(struct ipv6hdr),
1308         .setsockopt        = ipv6_setsockopt,
1309         .getsockopt        = ipv6_getsockopt,
1310         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1311         .sockaddr_len      = sizeof(struct sockaddr_in6),
1312 #ifdef CONFIG_COMPAT
1313         .compat_setsockopt = compat_ipv6_setsockopt,
1314         .compat_getsockopt = compat_ipv6_getsockopt,
1315 #endif
1316 };
1317
1318 /*
1319  *      TCP over IPv4 via INET6 API
1320  */
1321
1322 static struct inet_connection_sock_af_ops ipv6_mapped = {
1323         .queue_xmit        = ip_queue_xmit,
1324         .send_check        = tcp_v4_send_check,
1325         .rebuild_header    = inet_sk_rebuild_header,
1326         .conn_request      = tcp_v6_conn_request,
1327         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1328         .remember_stamp    = tcp_v4_remember_stamp,
1329         .net_header_len    = sizeof(struct iphdr),
1330         .setsockopt        = ipv6_setsockopt,
1331         .getsockopt        = ipv6_getsockopt,
1332         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1333         .sockaddr_len      = sizeof(struct sockaddr_in6),
1334 #ifdef CONFIG_COMPAT
1335         .compat_setsockopt = compat_ipv6_setsockopt,
1336         .compat_getsockopt = compat_ipv6_getsockopt,
1337 #endif
1338 };
1339
1340 /* NOTE: A lot of things set to zero explicitly by call to
1341  *       sk_alloc() so need not be done here.
1342  */
1343 static int tcp_v6_init_sock(struct sock *sk)
1344 {
1345         struct inet_connection_sock *icsk = inet_csk(sk);
1346         struct tcp_sock *tp = tcp_sk(sk);
1347
1348         skb_queue_head_init(&tp->out_of_order_queue);
1349         tcp_init_xmit_timers(sk);
1350         tcp_prequeue_init(tp);
1351
1352         icsk->icsk_rto = TCP_TIMEOUT_INIT;
1353         tp->mdev = TCP_TIMEOUT_INIT;
1354
1355         /* So many TCP implementations out there (incorrectly) count the
1356          * initial SYN frame in their delayed-ACK and congestion control
1357          * algorithms that we must have the following bandaid to talk
1358          * efficiently to them.  -DaveM
1359          */
1360         tp->snd_cwnd = 2;
1361
1362         /* See draft-stevens-tcpca-spec-01 for discussion of the
1363          * initialization of these values.
1364          */
1365         tp->snd_ssthresh = 0x7fffffff;
1366         tp->snd_cwnd_clamp = ~0;
1367         tp->mss_cache = 536;
1368
1369         tp->reordering = sysctl_tcp_reordering;
1370
1371         sk->sk_state = TCP_CLOSE;
1372
1373         icsk->icsk_af_ops = &ipv6_specific;
1374         icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1375         icsk->icsk_sync_mss = tcp_sync_mss;
1376         sk->sk_write_space = sk_stream_write_space;
1377         sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1378
1379         sk->sk_sndbuf = sysctl_tcp_wmem[1];
1380         sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1381
1382         atomic_inc(&tcp_sockets_allocated);
1383
1384         return 0;
1385 }
1386
1387 static int tcp_v6_destroy_sock(struct sock *sk)
1388 {
1389         tcp_v4_destroy_sock(sk);
1390         return inet6_destroy_sock(sk);
1391 }
1392
1393 /* Proc filesystem TCPv6 sock list dumping. */
1394 static void get_openreq6(struct seq_file *seq, 
1395                          struct sock *sk, struct request_sock *req, int i, int uid)
1396 {
1397         int ttd = req->expires - jiffies;
1398         struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1399         struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1400
1401         if (ttd < 0)
1402                 ttd = 0;
1403
1404         seq_printf(seq,
1405                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1406                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1407                    i,
1408                    src->s6_addr32[0], src->s6_addr32[1],
1409                    src->s6_addr32[2], src->s6_addr32[3],
1410                    ntohs(inet_sk(sk)->sport),
1411                    dest->s6_addr32[0], dest->s6_addr32[1],
1412                    dest->s6_addr32[2], dest->s6_addr32[3],
1413                    ntohs(inet_rsk(req)->rmt_port),
1414                    TCP_SYN_RECV,
1415                    0,0, /* could print option size, but that is af dependent. */
1416                    1,   /* timers active (only the expire timer) */  
1417                    jiffies_to_clock_t(ttd), 
1418                    req->retrans,
1419                    uid,
1420                    0,  /* non standard timer */  
1421                    0, /* open_requests have no inode */
1422                    0, req);
1423 }
1424
1425 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1426 {
1427         struct in6_addr *dest, *src;
1428         __u16 destp, srcp;
1429         int timer_active;
1430         unsigned long timer_expires;
1431         struct inet_sock *inet = inet_sk(sp);
1432         struct tcp_sock *tp = tcp_sk(sp);
1433         const struct inet_connection_sock *icsk = inet_csk(sp);
1434         struct ipv6_pinfo *np = inet6_sk(sp);
1435
1436         dest  = &np->daddr;
1437         src   = &np->rcv_saddr;
1438         destp = ntohs(inet->dport);
1439         srcp  = ntohs(inet->sport);
1440
1441         if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1442                 timer_active    = 1;
1443                 timer_expires   = icsk->icsk_timeout;
1444         } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1445                 timer_active    = 4;
1446                 timer_expires   = icsk->icsk_timeout;
1447         } else if (timer_pending(&sp->sk_timer)) {
1448                 timer_active    = 2;
1449                 timer_expires   = sp->sk_timer.expires;
1450         } else {
1451                 timer_active    = 0;
1452                 timer_expires = jiffies;
1453         }
1454
1455         seq_printf(seq,
1456                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1457                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %u %u %u %u %d\n",
1458                    i,
1459                    src->s6_addr32[0], src->s6_addr32[1],
1460                    src->s6_addr32[2], src->s6_addr32[3], srcp,
1461                    dest->s6_addr32[0], dest->s6_addr32[1],
1462                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
1463                    sp->sk_state, 
1464                    tp->write_seq-tp->snd_una, tp->rcv_nxt-tp->copied_seq,
1465                    timer_active,
1466                    jiffies_to_clock_t(timer_expires - jiffies),
1467                    icsk->icsk_retransmits,
1468                    sock_i_uid(sp),
1469                    icsk->icsk_probes_out,
1470                    sock_i_ino(sp),
1471                    atomic_read(&sp->sk_refcnt), sp,
1472                    icsk->icsk_rto,
1473                    icsk->icsk_ack.ato,
1474                    (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
1475                    tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
1476                    );
1477 }
1478
1479 static void get_timewait6_sock(struct seq_file *seq, 
1480                                struct inet_timewait_sock *tw, int i)
1481 {
1482         struct in6_addr *dest, *src;
1483         __u16 destp, srcp;
1484         struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
1485         int ttd = tw->tw_ttd - jiffies;
1486
1487         if (ttd < 0)
1488                 ttd = 0;
1489
1490         dest = &tw6->tw_v6_daddr;
1491         src  = &tw6->tw_v6_rcv_saddr;
1492         destp = ntohs(tw->tw_dport);
1493         srcp  = ntohs(tw->tw_sport);
1494
1495         seq_printf(seq,
1496                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1497                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1498                    i,
1499                    src->s6_addr32[0], src->s6_addr32[1],
1500                    src->s6_addr32[2], src->s6_addr32[3], srcp,
1501                    dest->s6_addr32[0], dest->s6_addr32[1],
1502                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
1503                    tw->tw_substate, 0, 0,
1504                    3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
1505                    atomic_read(&tw->tw_refcnt), tw);
1506 }
1507
1508 #ifdef CONFIG_PROC_FS
1509 static int tcp6_seq_show(struct seq_file *seq, void *v)
1510 {
1511         struct tcp_iter_state *st;
1512
1513         if (v == SEQ_START_TOKEN) {
1514                 seq_puts(seq,
1515                          "  sl  "
1516                          "local_address                         "
1517                          "remote_address                        "
1518                          "st tx_queue rx_queue tr tm->when retrnsmt"
1519                          "   uid  timeout inode\n");
1520                 goto out;
1521         }
1522         st = seq->private;
1523
1524         switch (st->state) {
1525         case TCP_SEQ_STATE_LISTENING:
1526         case TCP_SEQ_STATE_ESTABLISHED:
1527                 get_tcp6_sock(seq, v, st->num);
1528                 break;
1529         case TCP_SEQ_STATE_OPENREQ:
1530                 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
1531                 break;
1532         case TCP_SEQ_STATE_TIME_WAIT:
1533                 get_timewait6_sock(seq, v, st->num);
1534                 break;
1535         }
1536 out:
1537         return 0;
1538 }
1539
1540 static struct file_operations tcp6_seq_fops;
1541 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1542         .owner          = THIS_MODULE,
1543         .name           = "tcp6",
1544         .family         = AF_INET6,
1545         .seq_show       = tcp6_seq_show,
1546         .seq_fops       = &tcp6_seq_fops,
1547 };
1548
1549 int __init tcp6_proc_init(void)
1550 {
1551         return tcp_proc_register(&tcp6_seq_afinfo);
1552 }
1553
1554 void tcp6_proc_exit(void)
1555 {
1556         tcp_proc_unregister(&tcp6_seq_afinfo);
1557 }
1558 #endif
1559
1560 struct proto tcpv6_prot = {
1561         .name                   = "TCPv6",
1562         .owner                  = THIS_MODULE,
1563         .close                  = tcp_close,
1564         .connect                = tcp_v6_connect,
1565         .disconnect             = tcp_disconnect,
1566         .accept                 = inet_csk_accept,
1567         .ioctl                  = tcp_ioctl,
1568         .init                   = tcp_v6_init_sock,
1569         .destroy                = tcp_v6_destroy_sock,
1570         .shutdown               = tcp_shutdown,
1571         .setsockopt             = tcp_setsockopt,
1572         .getsockopt             = tcp_getsockopt,
1573         .sendmsg                = tcp_sendmsg,
1574         .recvmsg                = tcp_recvmsg,
1575         .backlog_rcv            = tcp_v6_do_rcv,
1576         .hash                   = tcp_v6_hash,
1577         .unhash                 = tcp_unhash,
1578         .get_port               = tcp_v6_get_port,
1579         .enter_memory_pressure  = tcp_enter_memory_pressure,
1580         .sockets_allocated      = &tcp_sockets_allocated,
1581         .memory_allocated       = &tcp_memory_allocated,
1582         .memory_pressure        = &tcp_memory_pressure,
1583         .orphan_count           = &tcp_orphan_count,
1584         .sysctl_mem             = sysctl_tcp_mem,
1585         .sysctl_wmem            = sysctl_tcp_wmem,
1586         .sysctl_rmem            = sysctl_tcp_rmem,
1587         .max_header             = MAX_TCP_HEADER,
1588         .obj_size               = sizeof(struct tcp6_sock),
1589         .twsk_prot              = &tcp6_timewait_sock_ops,
1590         .rsk_prot               = &tcp6_request_sock_ops,
1591 #ifdef CONFIG_COMPAT
1592         .compat_setsockopt      = compat_tcp_setsockopt,
1593         .compat_getsockopt      = compat_tcp_getsockopt,
1594 #endif
1595 };
1596
1597 static struct inet6_protocol tcpv6_protocol = {
1598         .handler        =       tcp_v6_rcv,
1599         .err_handler    =       tcp_v6_err,
1600         .flags          =       INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1601 };
1602
1603 static struct inet_protosw tcpv6_protosw = {
1604         .type           =       SOCK_STREAM,
1605         .protocol       =       IPPROTO_TCP,
1606         .prot           =       &tcpv6_prot,
1607         .ops            =       &inet6_stream_ops,
1608         .capability     =       -1,
1609         .no_check       =       0,
1610         .flags          =       INET_PROTOSW_PERMANENT |
1611                                 INET_PROTOSW_ICSK,
1612 };
1613
1614 void __init tcpv6_init(void)
1615 {
1616         /* register inet6 protocol */
1617         if (inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP) < 0)
1618                 printk(KERN_ERR "tcpv6_init: Could not register protocol\n");
1619         inet6_register_protosw(&tcpv6_protosw);
1620
1621         if (inet_csk_ctl_sock_create(&tcp6_socket, PF_INET6, SOCK_RAW,
1622                                      IPPROTO_TCP) < 0)
1623                 panic("Failed to create the TCPv6 control socket.\n");
1624 }