xref: /openbmc/linux/net/ipv6/tcp_ipv6.c (revision 22246614)
1 /*
2  *	TCP over IPv6
3  *	Linux INET6 implementation
4  *
5  *	Authors:
6  *	Pedro Roque		<roque@di.fc.ul.pt>
7  *
8  *	$Id: tcp_ipv6.c,v 1.144 2002/02/01 22:01:04 davem Exp $
9  *
10  *	Based on:
11  *	linux/net/ipv4/tcp.c
12  *	linux/net/ipv4/tcp_input.c
13  *	linux/net/ipv4/tcp_output.c
14  *
15  *	Fixes:
16  *	Hideaki YOSHIFUJI	:	sin6_scope_id support
17  *	YOSHIFUJI Hideaki @USAGI and:	Support IPV6_V6ONLY socket option, which
18  *	Alexey Kuznetsov		allow both IPv4 and IPv6 sockets to bind
19  *					a single port at the same time.
20  *	YOSHIFUJI Hideaki @USAGI:	convert /proc/net/tcp6 to seq_file.
21  *
22  *	This program is free software; you can redistribute it and/or
23  *      modify it under the terms of the GNU General Public License
24  *      as published by the Free Software Foundation; either version
25  *      2 of the License, or (at your option) any later version.
26  */
27 
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/net.h>
34 #include <linux/jiffies.h>
35 #include <linux/in.h>
36 #include <linux/in6.h>
37 #include <linux/netdevice.h>
38 #include <linux/init.h>
39 #include <linux/jhash.h>
40 #include <linux/ipsec.h>
41 #include <linux/times.h>
42 
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
46 
47 #include <net/tcp.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
51 #include <net/ipv6.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
58 #include <net/xfrm.h>
59 #include <net/snmp.h>
60 #include <net/dsfield.h>
61 #include <net/timewait_sock.h>
62 #include <net/netdma.h>
63 #include <net/inet_common.h>
64 
65 #include <asm/uaccess.h>
66 
67 #include <linux/proc_fs.h>
68 #include <linux/seq_file.h>
69 
70 #include <linux/crypto.h>
71 #include <linux/scatterlist.h>
72 
73 static void	tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
74 static void	tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req);
75 static void	tcp_v6_send_check(struct sock *sk, int len,
76 				  struct sk_buff *skb);
77 
78 static int	tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
79 
80 static struct inet_connection_sock_af_ops ipv6_mapped;
81 static struct inet_connection_sock_af_ops ipv6_specific;
82 #ifdef CONFIG_TCP_MD5SIG
83 static struct tcp_sock_af_ops tcp_sock_ipv6_specific;
84 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
85 #endif
86 
87 static void tcp_v6_hash(struct sock *sk)
88 {
89 	if (sk->sk_state != TCP_CLOSE) {
90 		if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
91 			tcp_prot.hash(sk);
92 			return;
93 		}
94 		local_bh_disable();
95 		__inet6_hash(sk);
96 		local_bh_enable();
97 	}
98 }
99 
100 static __inline__ __sum16 tcp_v6_check(struct tcphdr *th, int len,
101 				   struct in6_addr *saddr,
102 				   struct in6_addr *daddr,
103 				   __wsum base)
104 {
105 	return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
106 }
107 
108 static __u32 tcp_v6_init_sequence(struct sk_buff *skb)
109 {
110 	return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
111 					    ipv6_hdr(skb)->saddr.s6_addr32,
112 					    tcp_hdr(skb)->dest,
113 					    tcp_hdr(skb)->source);
114 }
115 
116 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
117 			  int addr_len)
118 {
119 	struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
120 	struct inet_sock *inet = inet_sk(sk);
121 	struct inet_connection_sock *icsk = inet_csk(sk);
122 	struct ipv6_pinfo *np = inet6_sk(sk);
123 	struct tcp_sock *tp = tcp_sk(sk);
124 	struct in6_addr *saddr = NULL, *final_p = NULL, final;
125 	struct flowi fl;
126 	struct dst_entry *dst;
127 	int addr_type;
128 	int err;
129 
130 	if (addr_len < SIN6_LEN_RFC2133)
131 		return -EINVAL;
132 
133 	if (usin->sin6_family != AF_INET6)
134 		return(-EAFNOSUPPORT);
135 
136 	memset(&fl, 0, sizeof(fl));
137 
138 	if (np->sndflow) {
139 		fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
140 		IP6_ECN_flow_init(fl.fl6_flowlabel);
141 		if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
142 			struct ip6_flowlabel *flowlabel;
143 			flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
144 			if (flowlabel == NULL)
145 				return -EINVAL;
146 			ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
147 			fl6_sock_release(flowlabel);
148 		}
149 	}
150 
151 	/*
152 	 *	connect() to INADDR_ANY means loopback (BSD'ism).
153 	 */
154 
155 	if(ipv6_addr_any(&usin->sin6_addr))
156 		usin->sin6_addr.s6_addr[15] = 0x1;
157 
158 	addr_type = ipv6_addr_type(&usin->sin6_addr);
159 
160 	if(addr_type & IPV6_ADDR_MULTICAST)
161 		return -ENETUNREACH;
162 
163 	if (addr_type&IPV6_ADDR_LINKLOCAL) {
164 		if (addr_len >= sizeof(struct sockaddr_in6) &&
165 		    usin->sin6_scope_id) {
166 			/* If interface is set while binding, indices
167 			 * must coincide.
168 			 */
169 			if (sk->sk_bound_dev_if &&
170 			    sk->sk_bound_dev_if != usin->sin6_scope_id)
171 				return -EINVAL;
172 
173 			sk->sk_bound_dev_if = usin->sin6_scope_id;
174 		}
175 
176 		/* Connect to link-local address requires an interface */
177 		if (!sk->sk_bound_dev_if)
178 			return -EINVAL;
179 	}
180 
181 	if (tp->rx_opt.ts_recent_stamp &&
182 	    !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
183 		tp->rx_opt.ts_recent = 0;
184 		tp->rx_opt.ts_recent_stamp = 0;
185 		tp->write_seq = 0;
186 	}
187 
188 	ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
189 	np->flow_label = fl.fl6_flowlabel;
190 
191 	/*
192 	 *	TCP over IPv4
193 	 */
194 
195 	if (addr_type == IPV6_ADDR_MAPPED) {
196 		u32 exthdrlen = icsk->icsk_ext_hdr_len;
197 		struct sockaddr_in sin;
198 
199 		SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
200 
201 		if (__ipv6_only_sock(sk))
202 			return -ENETUNREACH;
203 
204 		sin.sin_family = AF_INET;
205 		sin.sin_port = usin->sin6_port;
206 		sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
207 
208 		icsk->icsk_af_ops = &ipv6_mapped;
209 		sk->sk_backlog_rcv = tcp_v4_do_rcv;
210 #ifdef CONFIG_TCP_MD5SIG
211 		tp->af_specific = &tcp_sock_ipv6_mapped_specific;
212 #endif
213 
214 		err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
215 
216 		if (err) {
217 			icsk->icsk_ext_hdr_len = exthdrlen;
218 			icsk->icsk_af_ops = &ipv6_specific;
219 			sk->sk_backlog_rcv = tcp_v6_do_rcv;
220 #ifdef CONFIG_TCP_MD5SIG
221 			tp->af_specific = &tcp_sock_ipv6_specific;
222 #endif
223 			goto failure;
224 		} else {
225 			ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF),
226 				      inet->saddr);
227 			ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF),
228 				      inet->rcv_saddr);
229 		}
230 
231 		return err;
232 	}
233 
234 	if (!ipv6_addr_any(&np->rcv_saddr))
235 		saddr = &np->rcv_saddr;
236 
237 	fl.proto = IPPROTO_TCP;
238 	ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
239 	ipv6_addr_copy(&fl.fl6_src,
240 		       (saddr ? saddr : &np->saddr));
241 	fl.oif = sk->sk_bound_dev_if;
242 	fl.fl_ip_dport = usin->sin6_port;
243 	fl.fl_ip_sport = inet->sport;
244 
245 	if (np->opt && np->opt->srcrt) {
246 		struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
247 		ipv6_addr_copy(&final, &fl.fl6_dst);
248 		ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
249 		final_p = &final;
250 	}
251 
252 	security_sk_classify_flow(sk, &fl);
253 
254 	err = ip6_dst_lookup(sk, &dst, &fl);
255 	if (err)
256 		goto failure;
257 	if (final_p)
258 		ipv6_addr_copy(&fl.fl6_dst, final_p);
259 
260 	if ((err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT)) < 0) {
261 		if (err == -EREMOTE)
262 			err = ip6_dst_blackhole(sk, &dst, &fl);
263 		if (err < 0)
264 			goto failure;
265 	}
266 
267 	if (saddr == NULL) {
268 		saddr = &fl.fl6_src;
269 		ipv6_addr_copy(&np->rcv_saddr, saddr);
270 	}
271 
272 	/* set the source address */
273 	ipv6_addr_copy(&np->saddr, saddr);
274 	inet->rcv_saddr = LOOPBACK4_IPV6;
275 
276 	sk->sk_gso_type = SKB_GSO_TCPV6;
277 	__ip6_dst_store(sk, dst, NULL, NULL);
278 
279 	icsk->icsk_ext_hdr_len = 0;
280 	if (np->opt)
281 		icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
282 					  np->opt->opt_nflen);
283 
284 	tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
285 
286 	inet->dport = usin->sin6_port;
287 
288 	tcp_set_state(sk, TCP_SYN_SENT);
289 	err = inet6_hash_connect(&tcp_death_row, sk);
290 	if (err)
291 		goto late_failure;
292 
293 	if (!tp->write_seq)
294 		tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
295 							     np->daddr.s6_addr32,
296 							     inet->sport,
297 							     inet->dport);
298 
299 	err = tcp_connect(sk);
300 	if (err)
301 		goto late_failure;
302 
303 	return 0;
304 
305 late_failure:
306 	tcp_set_state(sk, TCP_CLOSE);
307 	__sk_dst_reset(sk);
308 failure:
309 	inet->dport = 0;
310 	sk->sk_route_caps = 0;
311 	return err;
312 }
313 
314 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
315 		int type, int code, int offset, __be32 info)
316 {
317 	struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
318 	const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
319 	struct ipv6_pinfo *np;
320 	struct sock *sk;
321 	int err;
322 	struct tcp_sock *tp;
323 	__u32 seq;
324 
325 	sk = inet6_lookup(dev_net(skb->dev), &tcp_hashinfo, &hdr->daddr,
326 			th->dest, &hdr->saddr, th->source, skb->dev->ifindex);
327 
328 	if (sk == NULL) {
329 		ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
330 		return;
331 	}
332 
333 	if (sk->sk_state == TCP_TIME_WAIT) {
334 		inet_twsk_put(inet_twsk(sk));
335 		return;
336 	}
337 
338 	bh_lock_sock(sk);
339 	if (sock_owned_by_user(sk))
340 		NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
341 
342 	if (sk->sk_state == TCP_CLOSE)
343 		goto out;
344 
345 	tp = tcp_sk(sk);
346 	seq = ntohl(th->seq);
347 	if (sk->sk_state != TCP_LISTEN &&
348 	    !between(seq, tp->snd_una, tp->snd_nxt)) {
349 		NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
350 		goto out;
351 	}
352 
353 	np = inet6_sk(sk);
354 
355 	if (type == ICMPV6_PKT_TOOBIG) {
356 		struct dst_entry *dst = NULL;
357 
358 		if (sock_owned_by_user(sk))
359 			goto out;
360 		if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
361 			goto out;
362 
363 		/* icmp should have updated the destination cache entry */
364 		dst = __sk_dst_check(sk, np->dst_cookie);
365 
366 		if (dst == NULL) {
367 			struct inet_sock *inet = inet_sk(sk);
368 			struct flowi fl;
369 
370 			/* BUGGG_FUTURE: Again, it is not clear how
371 			   to handle rthdr case. Ignore this complexity
372 			   for now.
373 			 */
374 			memset(&fl, 0, sizeof(fl));
375 			fl.proto = IPPROTO_TCP;
376 			ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
377 			ipv6_addr_copy(&fl.fl6_src, &np->saddr);
378 			fl.oif = sk->sk_bound_dev_if;
379 			fl.fl_ip_dport = inet->dport;
380 			fl.fl_ip_sport = inet->sport;
381 			security_skb_classify_flow(skb, &fl);
382 
383 			if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
384 				sk->sk_err_soft = -err;
385 				goto out;
386 			}
387 
388 			if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
389 				sk->sk_err_soft = -err;
390 				goto out;
391 			}
392 
393 		} else
394 			dst_hold(dst);
395 
396 		if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
397 			tcp_sync_mss(sk, dst_mtu(dst));
398 			tcp_simple_retransmit(sk);
399 		} /* else let the usual retransmit timer handle it */
400 		dst_release(dst);
401 		goto out;
402 	}
403 
404 	icmpv6_err_convert(type, code, &err);
405 
406 	/* Might be for an request_sock */
407 	switch (sk->sk_state) {
408 		struct request_sock *req, **prev;
409 	case TCP_LISTEN:
410 		if (sock_owned_by_user(sk))
411 			goto out;
412 
413 		req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
414 					   &hdr->saddr, inet6_iif(skb));
415 		if (!req)
416 			goto out;
417 
418 		/* ICMPs are not backlogged, hence we cannot get
419 		 * an established socket here.
420 		 */
421 		BUG_TRAP(req->sk == NULL);
422 
423 		if (seq != tcp_rsk(req)->snt_isn) {
424 			NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
425 			goto out;
426 		}
427 
428 		inet_csk_reqsk_queue_drop(sk, req, prev);
429 		goto out;
430 
431 	case TCP_SYN_SENT:
432 	case TCP_SYN_RECV:  /* Cannot happen.
433 			       It can, it SYNs are crossed. --ANK */
434 		if (!sock_owned_by_user(sk)) {
435 			sk->sk_err = err;
436 			sk->sk_error_report(sk);		/* Wake people up to see the error (see connect in sock.c) */
437 
438 			tcp_done(sk);
439 		} else
440 			sk->sk_err_soft = err;
441 		goto out;
442 	}
443 
444 	if (!sock_owned_by_user(sk) && np->recverr) {
445 		sk->sk_err = err;
446 		sk->sk_error_report(sk);
447 	} else
448 		sk->sk_err_soft = err;
449 
450 out:
451 	bh_unlock_sock(sk);
452 	sock_put(sk);
453 }
454 
455 
456 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req)
457 {
458 	struct inet6_request_sock *treq = inet6_rsk(req);
459 	struct ipv6_pinfo *np = inet6_sk(sk);
460 	struct sk_buff * skb;
461 	struct ipv6_txoptions *opt = NULL;
462 	struct in6_addr * final_p = NULL, final;
463 	struct flowi fl;
464 	struct dst_entry *dst;
465 	int err = -1;
466 
467 	memset(&fl, 0, sizeof(fl));
468 	fl.proto = IPPROTO_TCP;
469 	ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
470 	ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
471 	fl.fl6_flowlabel = 0;
472 	fl.oif = treq->iif;
473 	fl.fl_ip_dport = inet_rsk(req)->rmt_port;
474 	fl.fl_ip_sport = inet_sk(sk)->sport;
475 	security_req_classify_flow(req, &fl);
476 
477 	opt = np->opt;
478 	if (opt && opt->srcrt) {
479 		struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
480 		ipv6_addr_copy(&final, &fl.fl6_dst);
481 		ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
482 		final_p = &final;
483 	}
484 
485 	err = ip6_dst_lookup(sk, &dst, &fl);
486 	if (err)
487 		goto done;
488 	if (final_p)
489 		ipv6_addr_copy(&fl.fl6_dst, final_p);
490 	if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
491 		goto done;
492 
493 	skb = tcp_make_synack(sk, dst, req);
494 	if (skb) {
495 		struct tcphdr *th = tcp_hdr(skb);
496 
497 		th->check = tcp_v6_check(th, skb->len,
498 					 &treq->loc_addr, &treq->rmt_addr,
499 					 csum_partial((char *)th, skb->len, skb->csum));
500 
501 		ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
502 		err = ip6_xmit(sk, skb, &fl, opt, 0);
503 		err = net_xmit_eval(err);
504 	}
505 
506 done:
507 	if (opt && opt != np->opt)
508 		sock_kfree_s(sk, opt, opt->tot_len);
509 	dst_release(dst);
510 	return err;
511 }
512 
513 static inline void syn_flood_warning(struct sk_buff *skb)
514 {
515 #ifdef CONFIG_SYN_COOKIES
516 	if (sysctl_tcp_syncookies)
517 		printk(KERN_INFO
518 		       "TCPv6: Possible SYN flooding on port %d. "
519 		       "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest));
520 	else
521 #endif
522 		printk(KERN_INFO
523 		       "TCPv6: Possible SYN flooding on port %d. "
524 		       "Dropping request.\n", ntohs(tcp_hdr(skb)->dest));
525 }
526 
527 static void tcp_v6_reqsk_destructor(struct request_sock *req)
528 {
529 	if (inet6_rsk(req)->pktopts)
530 		kfree_skb(inet6_rsk(req)->pktopts);
531 }
532 
533 #ifdef CONFIG_TCP_MD5SIG
534 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
535 						   struct in6_addr *addr)
536 {
537 	struct tcp_sock *tp = tcp_sk(sk);
538 	int i;
539 
540 	BUG_ON(tp == NULL);
541 
542 	if (!tp->md5sig_info || !tp->md5sig_info->entries6)
543 		return NULL;
544 
545 	for (i = 0; i < tp->md5sig_info->entries6; i++) {
546 		if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr))
547 			return &tp->md5sig_info->keys6[i].base;
548 	}
549 	return NULL;
550 }
551 
552 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
553 						struct sock *addr_sk)
554 {
555 	return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
556 }
557 
558 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
559 						      struct request_sock *req)
560 {
561 	return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
562 }
563 
564 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
565 			     char *newkey, u8 newkeylen)
566 {
567 	/* Add key to the list */
568 	struct tcp_md5sig_key *key;
569 	struct tcp_sock *tp = tcp_sk(sk);
570 	struct tcp6_md5sig_key *keys;
571 
572 	key = tcp_v6_md5_do_lookup(sk, peer);
573 	if (key) {
574 		/* modify existing entry - just update that one */
575 		kfree(key->key);
576 		key->key = newkey;
577 		key->keylen = newkeylen;
578 	} else {
579 		/* reallocate new list if current one is full. */
580 		if (!tp->md5sig_info) {
581 			tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC);
582 			if (!tp->md5sig_info) {
583 				kfree(newkey);
584 				return -ENOMEM;
585 			}
586 			sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
587 		}
588 		if (tcp_alloc_md5sig_pool() == NULL) {
589 			kfree(newkey);
590 			return -ENOMEM;
591 		}
592 		if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) {
593 			keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) *
594 				       (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
595 
596 			if (!keys) {
597 				tcp_free_md5sig_pool();
598 				kfree(newkey);
599 				return -ENOMEM;
600 			}
601 
602 			if (tp->md5sig_info->entries6)
603 				memmove(keys, tp->md5sig_info->keys6,
604 					(sizeof (tp->md5sig_info->keys6[0]) *
605 					 tp->md5sig_info->entries6));
606 
607 			kfree(tp->md5sig_info->keys6);
608 			tp->md5sig_info->keys6 = keys;
609 			tp->md5sig_info->alloced6++;
610 		}
611 
612 		ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
613 			       peer);
614 		tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey;
615 		tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen;
616 
617 		tp->md5sig_info->entries6++;
618 	}
619 	return 0;
620 }
621 
622 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk,
623 			       u8 *newkey, __u8 newkeylen)
624 {
625 	return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr,
626 				 newkey, newkeylen);
627 }
628 
629 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
630 {
631 	struct tcp_sock *tp = tcp_sk(sk);
632 	int i;
633 
634 	for (i = 0; i < tp->md5sig_info->entries6; i++) {
635 		if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) {
636 			/* Free the key */
637 			kfree(tp->md5sig_info->keys6[i].base.key);
638 			tp->md5sig_info->entries6--;
639 
640 			if (tp->md5sig_info->entries6 == 0) {
641 				kfree(tp->md5sig_info->keys6);
642 				tp->md5sig_info->keys6 = NULL;
643 				tp->md5sig_info->alloced6 = 0;
644 			} else {
645 				/* shrink the database */
646 				if (tp->md5sig_info->entries6 != i)
647 					memmove(&tp->md5sig_info->keys6[i],
648 						&tp->md5sig_info->keys6[i+1],
649 						(tp->md5sig_info->entries6 - i)
650 						* sizeof (tp->md5sig_info->keys6[0]));
651 			}
652 			tcp_free_md5sig_pool();
653 			return 0;
654 		}
655 	}
656 	return -ENOENT;
657 }
658 
659 static void tcp_v6_clear_md5_list (struct sock *sk)
660 {
661 	struct tcp_sock *tp = tcp_sk(sk);
662 	int i;
663 
664 	if (tp->md5sig_info->entries6) {
665 		for (i = 0; i < tp->md5sig_info->entries6; i++)
666 			kfree(tp->md5sig_info->keys6[i].base.key);
667 		tp->md5sig_info->entries6 = 0;
668 		tcp_free_md5sig_pool();
669 	}
670 
671 	kfree(tp->md5sig_info->keys6);
672 	tp->md5sig_info->keys6 = NULL;
673 	tp->md5sig_info->alloced6 = 0;
674 
675 	if (tp->md5sig_info->entries4) {
676 		for (i = 0; i < tp->md5sig_info->entries4; i++)
677 			kfree(tp->md5sig_info->keys4[i].base.key);
678 		tp->md5sig_info->entries4 = 0;
679 		tcp_free_md5sig_pool();
680 	}
681 
682 	kfree(tp->md5sig_info->keys4);
683 	tp->md5sig_info->keys4 = NULL;
684 	tp->md5sig_info->alloced4 = 0;
685 }
686 
687 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
688 				  int optlen)
689 {
690 	struct tcp_md5sig cmd;
691 	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
692 	u8 *newkey;
693 
694 	if (optlen < sizeof(cmd))
695 		return -EINVAL;
696 
697 	if (copy_from_user(&cmd, optval, sizeof(cmd)))
698 		return -EFAULT;
699 
700 	if (sin6->sin6_family != AF_INET6)
701 		return -EINVAL;
702 
703 	if (!cmd.tcpm_keylen) {
704 		if (!tcp_sk(sk)->md5sig_info)
705 			return -ENOENT;
706 		if (ipv6_addr_v4mapped(&sin6->sin6_addr))
707 			return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
708 		return tcp_v6_md5_do_del(sk, &sin6->sin6_addr);
709 	}
710 
711 	if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
712 		return -EINVAL;
713 
714 	if (!tcp_sk(sk)->md5sig_info) {
715 		struct tcp_sock *tp = tcp_sk(sk);
716 		struct tcp_md5sig_info *p;
717 
718 		p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL);
719 		if (!p)
720 			return -ENOMEM;
721 
722 		tp->md5sig_info = p;
723 		sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
724 	}
725 
726 	newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
727 	if (!newkey)
728 		return -ENOMEM;
729 	if (ipv6_addr_v4mapped(&sin6->sin6_addr)) {
730 		return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3],
731 					 newkey, cmd.tcpm_keylen);
732 	}
733 	return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
734 }
735 
736 static int tcp_v6_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
737 				   struct in6_addr *saddr,
738 				   struct in6_addr *daddr,
739 				   struct tcphdr *th, int protocol,
740 				   unsigned int tcplen)
741 {
742 	struct scatterlist sg[4];
743 	__u16 data_len;
744 	int block = 0;
745 	__sum16 cksum;
746 	struct tcp_md5sig_pool *hp;
747 	struct tcp6_pseudohdr *bp;
748 	struct hash_desc *desc;
749 	int err;
750 	unsigned int nbytes = 0;
751 
752 	hp = tcp_get_md5sig_pool();
753 	if (!hp) {
754 		printk(KERN_WARNING "%s(): hash pool not found...\n", __func__);
755 		goto clear_hash_noput;
756 	}
757 	bp = &hp->md5_blk.ip6;
758 	desc = &hp->md5_desc;
759 
760 	/* 1. TCP pseudo-header (RFC2460) */
761 	ipv6_addr_copy(&bp->saddr, saddr);
762 	ipv6_addr_copy(&bp->daddr, daddr);
763 	bp->len = htonl(tcplen);
764 	bp->protocol = htonl(protocol);
765 
766 	sg_init_table(sg, 4);
767 
768 	sg_set_buf(&sg[block++], bp, sizeof(*bp));
769 	nbytes += sizeof(*bp);
770 
771 	/* 2. TCP header, excluding options */
772 	cksum = th->check;
773 	th->check = 0;
774 	sg_set_buf(&sg[block++], th, sizeof(*th));
775 	nbytes += sizeof(*th);
776 
777 	/* 3. TCP segment data (if any) */
778 	data_len = tcplen - (th->doff << 2);
779 	if (data_len > 0) {
780 		u8 *data = (u8 *)th + (th->doff << 2);
781 		sg_set_buf(&sg[block++], data, data_len);
782 		nbytes += data_len;
783 	}
784 
785 	/* 4. shared key */
786 	sg_set_buf(&sg[block++], key->key, key->keylen);
787 	nbytes += key->keylen;
788 
789 	sg_mark_end(&sg[block - 1]);
790 
791 	/* Now store the hash into the packet */
792 	err = crypto_hash_init(desc);
793 	if (err) {
794 		printk(KERN_WARNING "%s(): hash_init failed\n", __func__);
795 		goto clear_hash;
796 	}
797 	err = crypto_hash_update(desc, sg, nbytes);
798 	if (err) {
799 		printk(KERN_WARNING "%s(): hash_update failed\n", __func__);
800 		goto clear_hash;
801 	}
802 	err = crypto_hash_final(desc, md5_hash);
803 	if (err) {
804 		printk(KERN_WARNING "%s(): hash_final failed\n", __func__);
805 		goto clear_hash;
806 	}
807 
808 	/* Reset header, and free up the crypto */
809 	tcp_put_md5sig_pool();
810 	th->check = cksum;
811 out:
812 	return 0;
813 clear_hash:
814 	tcp_put_md5sig_pool();
815 clear_hash_noput:
816 	memset(md5_hash, 0, 16);
817 	goto out;
818 }
819 
820 static int tcp_v6_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
821 				struct sock *sk,
822 				struct dst_entry *dst,
823 				struct request_sock *req,
824 				struct tcphdr *th, int protocol,
825 				unsigned int tcplen)
826 {
827 	struct in6_addr *saddr, *daddr;
828 
829 	if (sk) {
830 		saddr = &inet6_sk(sk)->saddr;
831 		daddr = &inet6_sk(sk)->daddr;
832 	} else {
833 		saddr = &inet6_rsk(req)->loc_addr;
834 		daddr = &inet6_rsk(req)->rmt_addr;
835 	}
836 	return tcp_v6_do_calc_md5_hash(md5_hash, key,
837 				       saddr, daddr,
838 				       th, protocol, tcplen);
839 }
840 
841 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
842 {
843 	__u8 *hash_location = NULL;
844 	struct tcp_md5sig_key *hash_expected;
845 	struct ipv6hdr *ip6h = ipv6_hdr(skb);
846 	struct tcphdr *th = tcp_hdr(skb);
847 	int length = (th->doff << 2) - sizeof (*th);
848 	int genhash;
849 	u8 *ptr;
850 	u8 newhash[16];
851 
852 	hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
853 
854 	/* If the TCP option is too short, we can short cut */
855 	if (length < TCPOLEN_MD5SIG)
856 		return hash_expected ? 1 : 0;
857 
858 	/* parse options */
859 	ptr = (u8*)(th + 1);
860 	while (length > 0) {
861 		int opcode = *ptr++;
862 		int opsize;
863 
864 		switch(opcode) {
865 		case TCPOPT_EOL:
866 			goto done_opts;
867 		case TCPOPT_NOP:
868 			length--;
869 			continue;
870 		default:
871 			opsize = *ptr++;
872 			if (opsize < 2 || opsize > length)
873 				goto done_opts;
874 			if (opcode == TCPOPT_MD5SIG) {
875 				hash_location = ptr;
876 				goto done_opts;
877 			}
878 		}
879 		ptr += opsize - 2;
880 		length -= opsize;
881 	}
882 
883 done_opts:
884 	/* do we have a hash as expected? */
885 	if (!hash_expected) {
886 		if (!hash_location)
887 			return 0;
888 		if (net_ratelimit()) {
889 			printk(KERN_INFO "MD5 Hash NOT expected but found "
890 			       "(" NIP6_FMT ", %u)->"
891 			       "(" NIP6_FMT ", %u)\n",
892 			       NIP6(ip6h->saddr), ntohs(th->source),
893 			       NIP6(ip6h->daddr), ntohs(th->dest));
894 		}
895 		return 1;
896 	}
897 
898 	if (!hash_location) {
899 		if (net_ratelimit()) {
900 			printk(KERN_INFO "MD5 Hash expected but NOT found "
901 			       "(" NIP6_FMT ", %u)->"
902 			       "(" NIP6_FMT ", %u)\n",
903 			       NIP6(ip6h->saddr), ntohs(th->source),
904 			       NIP6(ip6h->daddr), ntohs(th->dest));
905 		}
906 		return 1;
907 	}
908 
909 	/* check the signature */
910 	genhash = tcp_v6_do_calc_md5_hash(newhash,
911 					  hash_expected,
912 					  &ip6h->saddr, &ip6h->daddr,
913 					  th, sk->sk_protocol,
914 					  skb->len);
915 	if (genhash || memcmp(hash_location, newhash, 16) != 0) {
916 		if (net_ratelimit()) {
917 			printk(KERN_INFO "MD5 Hash %s for "
918 			       "(" NIP6_FMT ", %u)->"
919 			       "(" NIP6_FMT ", %u)\n",
920 			       genhash ? "failed" : "mismatch",
921 			       NIP6(ip6h->saddr), ntohs(th->source),
922 			       NIP6(ip6h->daddr), ntohs(th->dest));
923 		}
924 		return 1;
925 	}
926 	return 0;
927 }
928 #endif
929 
930 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
931 	.family		=	AF_INET6,
932 	.obj_size	=	sizeof(struct tcp6_request_sock),
933 	.rtx_syn_ack	=	tcp_v6_send_synack,
934 	.send_ack	=	tcp_v6_reqsk_send_ack,
935 	.destructor	=	tcp_v6_reqsk_destructor,
936 	.send_reset	=	tcp_v6_send_reset
937 };
938 
939 #ifdef CONFIG_TCP_MD5SIG
940 static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
941 	.md5_lookup	=	tcp_v6_reqsk_md5_lookup,
942 };
943 #endif
944 
945 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
946 	.twsk_obj_size	= sizeof(struct tcp6_timewait_sock),
947 	.twsk_unique	= tcp_twsk_unique,
948 	.twsk_destructor= tcp_twsk_destructor,
949 };
950 
951 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb)
952 {
953 	struct ipv6_pinfo *np = inet6_sk(sk);
954 	struct tcphdr *th = tcp_hdr(skb);
955 
956 	if (skb->ip_summed == CHECKSUM_PARTIAL) {
957 		th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,  0);
958 		skb->csum_start = skb_transport_header(skb) - skb->head;
959 		skb->csum_offset = offsetof(struct tcphdr, check);
960 	} else {
961 		th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,
962 					    csum_partial((char *)th, th->doff<<2,
963 							 skb->csum));
964 	}
965 }
966 
967 static int tcp_v6_gso_send_check(struct sk_buff *skb)
968 {
969 	struct ipv6hdr *ipv6h;
970 	struct tcphdr *th;
971 
972 	if (!pskb_may_pull(skb, sizeof(*th)))
973 		return -EINVAL;
974 
975 	ipv6h = ipv6_hdr(skb);
976 	th = tcp_hdr(skb);
977 
978 	th->check = 0;
979 	th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len,
980 				     IPPROTO_TCP, 0);
981 	skb->csum_start = skb_transport_header(skb) - skb->head;
982 	skb->csum_offset = offsetof(struct tcphdr, check);
983 	skb->ip_summed = CHECKSUM_PARTIAL;
984 	return 0;
985 }
986 
987 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
988 {
989 	struct tcphdr *th = tcp_hdr(skb), *t1;
990 	struct sk_buff *buff;
991 	struct flowi fl;
992 	struct net *net = dev_net(skb->dst->dev);
993 	struct sock *ctl_sk = net->ipv6.tcp_sk;
994 	unsigned int tot_len = sizeof(*th);
995 #ifdef CONFIG_TCP_MD5SIG
996 	struct tcp_md5sig_key *key;
997 #endif
998 
999 	if (th->rst)
1000 		return;
1001 
1002 	if (!ipv6_unicast_destination(skb))
1003 		return;
1004 
1005 #ifdef CONFIG_TCP_MD5SIG
1006 	if (sk)
1007 		key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr);
1008 	else
1009 		key = NULL;
1010 
1011 	if (key)
1012 		tot_len += TCPOLEN_MD5SIG_ALIGNED;
1013 #endif
1014 
1015 	/*
1016 	 * We need to grab some memory, and put together an RST,
1017 	 * and then put it into the queue to be sent.
1018 	 */
1019 
1020 	buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1021 			 GFP_ATOMIC);
1022 	if (buff == NULL)
1023 		return;
1024 
1025 	skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1026 
1027 	t1 = (struct tcphdr *) skb_push(buff, tot_len);
1028 
1029 	/* Swap the send and the receive. */
1030 	memset(t1, 0, sizeof(*t1));
1031 	t1->dest = th->source;
1032 	t1->source = th->dest;
1033 	t1->doff = tot_len / 4;
1034 	t1->rst = 1;
1035 
1036 	if(th->ack) {
1037 		t1->seq = th->ack_seq;
1038 	} else {
1039 		t1->ack = 1;
1040 		t1->ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin
1041 				    + skb->len - (th->doff<<2));
1042 	}
1043 
1044 #ifdef CONFIG_TCP_MD5SIG
1045 	if (key) {
1046 		__be32 *opt = (__be32*)(t1 + 1);
1047 		opt[0] = htonl((TCPOPT_NOP << 24) |
1048 			       (TCPOPT_NOP << 16) |
1049 			       (TCPOPT_MD5SIG << 8) |
1050 			       TCPOLEN_MD5SIG);
1051 		tcp_v6_do_calc_md5_hash((__u8 *)&opt[1], key,
1052 					&ipv6_hdr(skb)->daddr,
1053 					&ipv6_hdr(skb)->saddr,
1054 					t1, IPPROTO_TCP, tot_len);
1055 	}
1056 #endif
1057 
1058 	buff->csum = csum_partial((char *)t1, sizeof(*t1), 0);
1059 
1060 	memset(&fl, 0, sizeof(fl));
1061 	ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1062 	ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr);
1063 
1064 	t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1065 				    sizeof(*t1), IPPROTO_TCP,
1066 				    buff->csum);
1067 
1068 	fl.proto = IPPROTO_TCP;
1069 	fl.oif = inet6_iif(skb);
1070 	fl.fl_ip_dport = t1->dest;
1071 	fl.fl_ip_sport = t1->source;
1072 	security_skb_classify_flow(skb, &fl);
1073 
1074 	/* Pass a socket to ip6_dst_lookup either it is for RST
1075 	 * Underlying function will use this to retrieve the network
1076 	 * namespace
1077 	 */
1078 	if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) {
1079 
1080 		if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1081 			ip6_xmit(ctl_sk, buff, &fl, NULL, 0);
1082 			TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1083 			TCP_INC_STATS_BH(TCP_MIB_OUTRSTS);
1084 			return;
1085 		}
1086 	}
1087 
1088 	kfree_skb(buff);
1089 }
1090 
1091 static void tcp_v6_send_ack(struct tcp_timewait_sock *tw,
1092 			    struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts)
1093 {
1094 	struct tcphdr *th = tcp_hdr(skb), *t1;
1095 	struct sk_buff *buff;
1096 	struct flowi fl;
1097 	struct net *net = dev_net(skb->dev);
1098 	struct sock *ctl_sk = net->ipv6.tcp_sk;
1099 	unsigned int tot_len = sizeof(struct tcphdr);
1100 	__be32 *topt;
1101 #ifdef CONFIG_TCP_MD5SIG
1102 	struct tcp_md5sig_key *key;
1103 	struct tcp_md5sig_key tw_key;
1104 #endif
1105 
1106 #ifdef CONFIG_TCP_MD5SIG
1107 	if (!tw && skb->sk) {
1108 		key = tcp_v6_md5_do_lookup(skb->sk, &ipv6_hdr(skb)->daddr);
1109 	} else if (tw && tw->tw_md5_keylen) {
1110 		tw_key.key = tw->tw_md5_key;
1111 		tw_key.keylen = tw->tw_md5_keylen;
1112 		key = &tw_key;
1113 	} else {
1114 		key = NULL;
1115 	}
1116 #endif
1117 
1118 	if (ts)
1119 		tot_len += TCPOLEN_TSTAMP_ALIGNED;
1120 #ifdef CONFIG_TCP_MD5SIG
1121 	if (key)
1122 		tot_len += TCPOLEN_MD5SIG_ALIGNED;
1123 #endif
1124 
1125 	buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1126 			 GFP_ATOMIC);
1127 	if (buff == NULL)
1128 		return;
1129 
1130 	skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1131 
1132 	t1 = (struct tcphdr *) skb_push(buff,tot_len);
1133 
1134 	/* Swap the send and the receive. */
1135 	memset(t1, 0, sizeof(*t1));
1136 	t1->dest = th->source;
1137 	t1->source = th->dest;
1138 	t1->doff = tot_len/4;
1139 	t1->seq = htonl(seq);
1140 	t1->ack_seq = htonl(ack);
1141 	t1->ack = 1;
1142 	t1->window = htons(win);
1143 
1144 	topt = (__be32 *)(t1 + 1);
1145 
1146 	if (ts) {
1147 		*topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1148 				(TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
1149 		*topt++ = htonl(tcp_time_stamp);
1150 		*topt = htonl(ts);
1151 	}
1152 
1153 #ifdef CONFIG_TCP_MD5SIG
1154 	if (key) {
1155 		*topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1156 				(TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1157 		tcp_v6_do_calc_md5_hash((__u8 *)topt, key,
1158 					&ipv6_hdr(skb)->daddr,
1159 					&ipv6_hdr(skb)->saddr,
1160 					t1, IPPROTO_TCP, tot_len);
1161 	}
1162 #endif
1163 
1164 	buff->csum = csum_partial((char *)t1, tot_len, 0);
1165 
1166 	memset(&fl, 0, sizeof(fl));
1167 	ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1168 	ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr);
1169 
1170 	t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1171 				    tot_len, IPPROTO_TCP,
1172 				    buff->csum);
1173 
1174 	fl.proto = IPPROTO_TCP;
1175 	fl.oif = inet6_iif(skb);
1176 	fl.fl_ip_dport = t1->dest;
1177 	fl.fl_ip_sport = t1->source;
1178 	security_skb_classify_flow(skb, &fl);
1179 
1180 	if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) {
1181 		if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1182 			ip6_xmit(ctl_sk, buff, &fl, NULL, 0);
1183 			TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1184 			return;
1185 		}
1186 	}
1187 
1188 	kfree_skb(buff);
1189 }
1190 
1191 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1192 {
1193 	struct inet_timewait_sock *tw = inet_twsk(sk);
1194 	struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1195 
1196 	tcp_v6_send_ack(tcptw, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1197 			tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1198 			tcptw->tw_ts_recent);
1199 
1200 	inet_twsk_put(tw);
1201 }
1202 
1203 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req)
1204 {
1205 	tcp_v6_send_ack(NULL, skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent);
1206 }
1207 
1208 
1209 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1210 {
1211 	struct request_sock *req, **prev;
1212 	const struct tcphdr *th = tcp_hdr(skb);
1213 	struct sock *nsk;
1214 
1215 	/* Find possible connection requests. */
1216 	req = inet6_csk_search_req(sk, &prev, th->source,
1217 				   &ipv6_hdr(skb)->saddr,
1218 				   &ipv6_hdr(skb)->daddr, inet6_iif(skb));
1219 	if (req)
1220 		return tcp_check_req(sk, skb, req, prev);
1221 
1222 	nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
1223 			&ipv6_hdr(skb)->saddr, th->source,
1224 			&ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb));
1225 
1226 	if (nsk) {
1227 		if (nsk->sk_state != TCP_TIME_WAIT) {
1228 			bh_lock_sock(nsk);
1229 			return nsk;
1230 		}
1231 		inet_twsk_put(inet_twsk(nsk));
1232 		return NULL;
1233 	}
1234 
1235 #ifdef CONFIG_SYN_COOKIES
1236 	if (!th->rst && !th->syn && th->ack)
1237 		sk = cookie_v6_check(sk, skb);
1238 #endif
1239 	return sk;
1240 }
1241 
1242 /* FIXME: this is substantially similar to the ipv4 code.
1243  * Can some kind of merge be done? -- erics
1244  */
1245 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1246 {
1247 	struct inet6_request_sock *treq;
1248 	struct ipv6_pinfo *np = inet6_sk(sk);
1249 	struct tcp_options_received tmp_opt;
1250 	struct tcp_sock *tp = tcp_sk(sk);
1251 	struct request_sock *req = NULL;
1252 	__u32 isn = TCP_SKB_CB(skb)->when;
1253 #ifdef CONFIG_SYN_COOKIES
1254 	int want_cookie = 0;
1255 #else
1256 #define want_cookie 0
1257 #endif
1258 
1259 	if (skb->protocol == htons(ETH_P_IP))
1260 		return tcp_v4_conn_request(sk, skb);
1261 
1262 	if (!ipv6_unicast_destination(skb))
1263 		goto drop;
1264 
1265 	if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1266 		if (net_ratelimit())
1267 			syn_flood_warning(skb);
1268 #ifdef CONFIG_SYN_COOKIES
1269 		if (sysctl_tcp_syncookies)
1270 			want_cookie = 1;
1271 		else
1272 #endif
1273 		goto drop;
1274 	}
1275 
1276 	if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1277 		goto drop;
1278 
1279 	req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
1280 	if (req == NULL)
1281 		goto drop;
1282 
1283 #ifdef CONFIG_TCP_MD5SIG
1284 	tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
1285 #endif
1286 
1287 	tcp_clear_options(&tmp_opt);
1288 	tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1289 	tmp_opt.user_mss = tp->rx_opt.user_mss;
1290 
1291 	tcp_parse_options(skb, &tmp_opt, 0);
1292 
1293 	if (want_cookie && !tmp_opt.saw_tstamp)
1294 		tcp_clear_options(&tmp_opt);
1295 
1296 	tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1297 	tcp_openreq_init(req, &tmp_opt, skb);
1298 
1299 	treq = inet6_rsk(req);
1300 	ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr);
1301 	ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr);
1302 	treq->pktopts = NULL;
1303 	if (!want_cookie)
1304 		TCP_ECN_create_request(req, tcp_hdr(skb));
1305 
1306 	if (want_cookie) {
1307 		isn = cookie_v6_init_sequence(sk, skb, &req->mss);
1308 		req->cookie_ts = tmp_opt.tstamp_ok;
1309 	} else if (!isn) {
1310 		if (ipv6_opt_accepted(sk, skb) ||
1311 		    np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1312 		    np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1313 			atomic_inc(&skb->users);
1314 			treq->pktopts = skb;
1315 		}
1316 		treq->iif = sk->sk_bound_dev_if;
1317 
1318 		/* So that link locals have meaning */
1319 		if (!sk->sk_bound_dev_if &&
1320 		    ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1321 			treq->iif = inet6_iif(skb);
1322 
1323 		isn = tcp_v6_init_sequence(skb);
1324 	}
1325 
1326 	tcp_rsk(req)->snt_isn = isn;
1327 
1328 	security_inet_conn_request(sk, skb, req);
1329 
1330 	if (tcp_v6_send_synack(sk, req))
1331 		goto drop;
1332 
1333 	if (!want_cookie) {
1334 		inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1335 		return 0;
1336 	}
1337 
1338 drop:
1339 	if (req)
1340 		reqsk_free(req);
1341 
1342 	return 0; /* don't send reset */
1343 }
1344 
1345 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1346 					  struct request_sock *req,
1347 					  struct dst_entry *dst)
1348 {
1349 	struct inet6_request_sock *treq = inet6_rsk(req);
1350 	struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1351 	struct tcp6_sock *newtcp6sk;
1352 	struct inet_sock *newinet;
1353 	struct tcp_sock *newtp;
1354 	struct sock *newsk;
1355 	struct ipv6_txoptions *opt;
1356 #ifdef CONFIG_TCP_MD5SIG
1357 	struct tcp_md5sig_key *key;
1358 #endif
1359 
1360 	if (skb->protocol == htons(ETH_P_IP)) {
1361 		/*
1362 		 *	v6 mapped
1363 		 */
1364 
1365 		newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1366 
1367 		if (newsk == NULL)
1368 			return NULL;
1369 
1370 		newtcp6sk = (struct tcp6_sock *)newsk;
1371 		inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1372 
1373 		newinet = inet_sk(newsk);
1374 		newnp = inet6_sk(newsk);
1375 		newtp = tcp_sk(newsk);
1376 
1377 		memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1378 
1379 		ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF),
1380 			      newinet->daddr);
1381 
1382 		ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF),
1383 			      newinet->saddr);
1384 
1385 		ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1386 
1387 		inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1388 		newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1389 #ifdef CONFIG_TCP_MD5SIG
1390 		newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1391 #endif
1392 
1393 		newnp->pktoptions  = NULL;
1394 		newnp->opt	   = NULL;
1395 		newnp->mcast_oif   = inet6_iif(skb);
1396 		newnp->mcast_hops  = ipv6_hdr(skb)->hop_limit;
1397 
1398 		/*
1399 		 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1400 		 * here, tcp_create_openreq_child now does this for us, see the comment in
1401 		 * that function for the gory details. -acme
1402 		 */
1403 
1404 		/* It is tricky place. Until this moment IPv4 tcp
1405 		   worked with IPv6 icsk.icsk_af_ops.
1406 		   Sync it now.
1407 		 */
1408 		tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1409 
1410 		return newsk;
1411 	}
1412 
1413 	opt = np->opt;
1414 
1415 	if (sk_acceptq_is_full(sk))
1416 		goto out_overflow;
1417 
1418 	if (dst == NULL) {
1419 		struct in6_addr *final_p = NULL, final;
1420 		struct flowi fl;
1421 
1422 		memset(&fl, 0, sizeof(fl));
1423 		fl.proto = IPPROTO_TCP;
1424 		ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
1425 		if (opt && opt->srcrt) {
1426 			struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
1427 			ipv6_addr_copy(&final, &fl.fl6_dst);
1428 			ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1429 			final_p = &final;
1430 		}
1431 		ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
1432 		fl.oif = sk->sk_bound_dev_if;
1433 		fl.fl_ip_dport = inet_rsk(req)->rmt_port;
1434 		fl.fl_ip_sport = inet_sk(sk)->sport;
1435 		security_req_classify_flow(req, &fl);
1436 
1437 		if (ip6_dst_lookup(sk, &dst, &fl))
1438 			goto out;
1439 
1440 		if (final_p)
1441 			ipv6_addr_copy(&fl.fl6_dst, final_p);
1442 
1443 		if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
1444 			goto out;
1445 	}
1446 
1447 	newsk = tcp_create_openreq_child(sk, req, skb);
1448 	if (newsk == NULL)
1449 		goto out;
1450 
1451 	/*
1452 	 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1453 	 * count here, tcp_create_openreq_child now does this for us, see the
1454 	 * comment in that function for the gory details. -acme
1455 	 */
1456 
1457 	newsk->sk_gso_type = SKB_GSO_TCPV6;
1458 	__ip6_dst_store(newsk, dst, NULL, NULL);
1459 
1460 	newtcp6sk = (struct tcp6_sock *)newsk;
1461 	inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1462 
1463 	newtp = tcp_sk(newsk);
1464 	newinet = inet_sk(newsk);
1465 	newnp = inet6_sk(newsk);
1466 
1467 	memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1468 
1469 	ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1470 	ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1471 	ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1472 	newsk->sk_bound_dev_if = treq->iif;
1473 
1474 	/* Now IPv6 options...
1475 
1476 	   First: no IPv4 options.
1477 	 */
1478 	newinet->opt = NULL;
1479 	newnp->ipv6_fl_list = NULL;
1480 
1481 	/* Clone RX bits */
1482 	newnp->rxopt.all = np->rxopt.all;
1483 
1484 	/* Clone pktoptions received with SYN */
1485 	newnp->pktoptions = NULL;
1486 	if (treq->pktopts != NULL) {
1487 		newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1488 		kfree_skb(treq->pktopts);
1489 		treq->pktopts = NULL;
1490 		if (newnp->pktoptions)
1491 			skb_set_owner_r(newnp->pktoptions, newsk);
1492 	}
1493 	newnp->opt	  = NULL;
1494 	newnp->mcast_oif  = inet6_iif(skb);
1495 	newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1496 
1497 	/* Clone native IPv6 options from listening socket (if any)
1498 
1499 	   Yes, keeping reference count would be much more clever,
1500 	   but we make one more one thing there: reattach optmem
1501 	   to newsk.
1502 	 */
1503 	if (opt) {
1504 		newnp->opt = ipv6_dup_options(newsk, opt);
1505 		if (opt != np->opt)
1506 			sock_kfree_s(sk, opt, opt->tot_len);
1507 	}
1508 
1509 	inet_csk(newsk)->icsk_ext_hdr_len = 0;
1510 	if (newnp->opt)
1511 		inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1512 						     newnp->opt->opt_flen);
1513 
1514 	tcp_mtup_init(newsk);
1515 	tcp_sync_mss(newsk, dst_mtu(dst));
1516 	newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1517 	tcp_initialize_rcv_mss(newsk);
1518 
1519 	newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
1520 
1521 #ifdef CONFIG_TCP_MD5SIG
1522 	/* Copy over the MD5 key from the original socket */
1523 	if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
1524 		/* We're using one, so create a matching key
1525 		 * on the newsk structure. If we fail to get
1526 		 * memory, then we end up not copying the key
1527 		 * across. Shucks.
1528 		 */
1529 		char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1530 		if (newkey != NULL)
1531 			tcp_v6_md5_do_add(newsk, &inet6_sk(sk)->daddr,
1532 					  newkey, key->keylen);
1533 	}
1534 #endif
1535 
1536 	__inet6_hash(newsk);
1537 	__inet_inherit_port(sk, newsk);
1538 
1539 	return newsk;
1540 
1541 out_overflow:
1542 	NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
1543 out:
1544 	NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
1545 	if (opt && opt != np->opt)
1546 		sock_kfree_s(sk, opt, opt->tot_len);
1547 	dst_release(dst);
1548 	return NULL;
1549 }
1550 
1551 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1552 {
1553 	if (skb->ip_summed == CHECKSUM_COMPLETE) {
1554 		if (!tcp_v6_check(tcp_hdr(skb), skb->len, &ipv6_hdr(skb)->saddr,
1555 				  &ipv6_hdr(skb)->daddr, skb->csum)) {
1556 			skb->ip_summed = CHECKSUM_UNNECESSARY;
1557 			return 0;
1558 		}
1559 	}
1560 
1561 	skb->csum = ~csum_unfold(tcp_v6_check(tcp_hdr(skb), skb->len,
1562 					      &ipv6_hdr(skb)->saddr,
1563 					      &ipv6_hdr(skb)->daddr, 0));
1564 
1565 	if (skb->len <= 76) {
1566 		return __skb_checksum_complete(skb);
1567 	}
1568 	return 0;
1569 }
1570 
1571 /* The socket must have it's spinlock held when we get
1572  * here.
1573  *
1574  * We have a potential double-lock case here, so even when
1575  * doing backlog processing we use the BH locking scheme.
1576  * This is because we cannot sleep with the original spinlock
1577  * held.
1578  */
1579 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1580 {
1581 	struct ipv6_pinfo *np = inet6_sk(sk);
1582 	struct tcp_sock *tp;
1583 	struct sk_buff *opt_skb = NULL;
1584 
1585 	/* Imagine: socket is IPv6. IPv4 packet arrives,
1586 	   goes to IPv4 receive handler and backlogged.
1587 	   From backlog it always goes here. Kerboom...
1588 	   Fortunately, tcp_rcv_established and rcv_established
1589 	   handle them correctly, but it is not case with
1590 	   tcp_v6_hnd_req and tcp_v6_send_reset().   --ANK
1591 	 */
1592 
1593 	if (skb->protocol == htons(ETH_P_IP))
1594 		return tcp_v4_do_rcv(sk, skb);
1595 
1596 #ifdef CONFIG_TCP_MD5SIG
1597 	if (tcp_v6_inbound_md5_hash (sk, skb))
1598 		goto discard;
1599 #endif
1600 
1601 	if (sk_filter(sk, skb))
1602 		goto discard;
1603 
1604 	/*
1605 	 *	socket locking is here for SMP purposes as backlog rcv
1606 	 *	is currently called with bh processing disabled.
1607 	 */
1608 
1609 	/* Do Stevens' IPV6_PKTOPTIONS.
1610 
1611 	   Yes, guys, it is the only place in our code, where we
1612 	   may make it not affecting IPv4.
1613 	   The rest of code is protocol independent,
1614 	   and I do not like idea to uglify IPv4.
1615 
1616 	   Actually, all the idea behind IPV6_PKTOPTIONS
1617 	   looks not very well thought. For now we latch
1618 	   options, received in the last packet, enqueued
1619 	   by tcp. Feel free to propose better solution.
1620 					       --ANK (980728)
1621 	 */
1622 	if (np->rxopt.all)
1623 		opt_skb = skb_clone(skb, GFP_ATOMIC);
1624 
1625 	if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1626 		TCP_CHECK_TIMER(sk);
1627 		if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len))
1628 			goto reset;
1629 		TCP_CHECK_TIMER(sk);
1630 		if (opt_skb)
1631 			goto ipv6_pktoptions;
1632 		return 0;
1633 	}
1634 
1635 	if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1636 		goto csum_err;
1637 
1638 	if (sk->sk_state == TCP_LISTEN) {
1639 		struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1640 		if (!nsk)
1641 			goto discard;
1642 
1643 		/*
1644 		 * Queue it on the new socket if the new socket is active,
1645 		 * otherwise we just shortcircuit this and continue with
1646 		 * the new socket..
1647 		 */
1648 		if(nsk != sk) {
1649 			if (tcp_child_process(sk, nsk, skb))
1650 				goto reset;
1651 			if (opt_skb)
1652 				__kfree_skb(opt_skb);
1653 			return 0;
1654 		}
1655 	}
1656 
1657 	TCP_CHECK_TIMER(sk);
1658 	if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1659 		goto reset;
1660 	TCP_CHECK_TIMER(sk);
1661 	if (opt_skb)
1662 		goto ipv6_pktoptions;
1663 	return 0;
1664 
1665 reset:
1666 	tcp_v6_send_reset(sk, skb);
1667 discard:
1668 	if (opt_skb)
1669 		__kfree_skb(opt_skb);
1670 	kfree_skb(skb);
1671 	return 0;
1672 csum_err:
1673 	TCP_INC_STATS_BH(TCP_MIB_INERRS);
1674 	goto discard;
1675 
1676 
1677 ipv6_pktoptions:
1678 	/* Do you ask, what is it?
1679 
1680 	   1. skb was enqueued by tcp.
1681 	   2. skb is added to tail of read queue, rather than out of order.
1682 	   3. socket is not in passive state.
1683 	   4. Finally, it really contains options, which user wants to receive.
1684 	 */
1685 	tp = tcp_sk(sk);
1686 	if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1687 	    !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1688 		if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1689 			np->mcast_oif = inet6_iif(opt_skb);
1690 		if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1691 			np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1692 		if (ipv6_opt_accepted(sk, opt_skb)) {
1693 			skb_set_owner_r(opt_skb, sk);
1694 			opt_skb = xchg(&np->pktoptions, opt_skb);
1695 		} else {
1696 			__kfree_skb(opt_skb);
1697 			opt_skb = xchg(&np->pktoptions, NULL);
1698 		}
1699 	}
1700 
1701 	if (opt_skb)
1702 		kfree_skb(opt_skb);
1703 	return 0;
1704 }
1705 
1706 static int tcp_v6_rcv(struct sk_buff *skb)
1707 {
1708 	struct tcphdr *th;
1709 	struct sock *sk;
1710 	int ret;
1711 
1712 	if (skb->pkt_type != PACKET_HOST)
1713 		goto discard_it;
1714 
1715 	/*
1716 	 *	Count it even if it's bad.
1717 	 */
1718 	TCP_INC_STATS_BH(TCP_MIB_INSEGS);
1719 
1720 	if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1721 		goto discard_it;
1722 
1723 	th = tcp_hdr(skb);
1724 
1725 	if (th->doff < sizeof(struct tcphdr)/4)
1726 		goto bad_packet;
1727 	if (!pskb_may_pull(skb, th->doff*4))
1728 		goto discard_it;
1729 
1730 	if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb))
1731 		goto bad_packet;
1732 
1733 	th = tcp_hdr(skb);
1734 	TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1735 	TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1736 				    skb->len - th->doff*4);
1737 	TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1738 	TCP_SKB_CB(skb)->when = 0;
1739 	TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb));
1740 	TCP_SKB_CB(skb)->sacked = 0;
1741 
1742 	sk = __inet6_lookup(dev_net(skb->dev), &tcp_hashinfo,
1743 			&ipv6_hdr(skb)->saddr, th->source,
1744 			&ipv6_hdr(skb)->daddr, ntohs(th->dest),
1745 			inet6_iif(skb));
1746 
1747 	if (!sk)
1748 		goto no_tcp_socket;
1749 
1750 process:
1751 	if (sk->sk_state == TCP_TIME_WAIT)
1752 		goto do_time_wait;
1753 
1754 	if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1755 		goto discard_and_relse;
1756 
1757 	if (sk_filter(sk, skb))
1758 		goto discard_and_relse;
1759 
1760 	skb->dev = NULL;
1761 
1762 	bh_lock_sock_nested(sk);
1763 	ret = 0;
1764 	if (!sock_owned_by_user(sk)) {
1765 #ifdef CONFIG_NET_DMA
1766 		struct tcp_sock *tp = tcp_sk(sk);
1767 		if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1768 			tp->ucopy.dma_chan = get_softnet_dma();
1769 		if (tp->ucopy.dma_chan)
1770 			ret = tcp_v6_do_rcv(sk, skb);
1771 		else
1772 #endif
1773 		{
1774 			if (!tcp_prequeue(sk, skb))
1775 				ret = tcp_v6_do_rcv(sk, skb);
1776 		}
1777 	} else
1778 		sk_add_backlog(sk, skb);
1779 	bh_unlock_sock(sk);
1780 
1781 	sock_put(sk);
1782 	return ret ? -1 : 0;
1783 
1784 no_tcp_socket:
1785 	if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1786 		goto discard_it;
1787 
1788 	if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1789 bad_packet:
1790 		TCP_INC_STATS_BH(TCP_MIB_INERRS);
1791 	} else {
1792 		tcp_v6_send_reset(NULL, skb);
1793 	}
1794 
1795 discard_it:
1796 
1797 	/*
1798 	 *	Discard frame
1799 	 */
1800 
1801 	kfree_skb(skb);
1802 	return 0;
1803 
1804 discard_and_relse:
1805 	sock_put(sk);
1806 	goto discard_it;
1807 
1808 do_time_wait:
1809 	if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1810 		inet_twsk_put(inet_twsk(sk));
1811 		goto discard_it;
1812 	}
1813 
1814 	if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1815 		TCP_INC_STATS_BH(TCP_MIB_INERRS);
1816 		inet_twsk_put(inet_twsk(sk));
1817 		goto discard_it;
1818 	}
1819 
1820 	switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1821 	case TCP_TW_SYN:
1822 	{
1823 		struct sock *sk2;
1824 
1825 		sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1826 					    &ipv6_hdr(skb)->daddr,
1827 					    ntohs(th->dest), inet6_iif(skb));
1828 		if (sk2 != NULL) {
1829 			struct inet_timewait_sock *tw = inet_twsk(sk);
1830 			inet_twsk_deschedule(tw, &tcp_death_row);
1831 			inet_twsk_put(tw);
1832 			sk = sk2;
1833 			goto process;
1834 		}
1835 		/* Fall through to ACK */
1836 	}
1837 	case TCP_TW_ACK:
1838 		tcp_v6_timewait_ack(sk, skb);
1839 		break;
1840 	case TCP_TW_RST:
1841 		goto no_tcp_socket;
1842 	case TCP_TW_SUCCESS:;
1843 	}
1844 	goto discard_it;
1845 }
1846 
1847 static int tcp_v6_remember_stamp(struct sock *sk)
1848 {
1849 	/* Alas, not yet... */
1850 	return 0;
1851 }
1852 
1853 static struct inet_connection_sock_af_ops ipv6_specific = {
1854 	.queue_xmit	   = inet6_csk_xmit,
1855 	.send_check	   = tcp_v6_send_check,
1856 	.rebuild_header	   = inet6_sk_rebuild_header,
1857 	.conn_request	   = tcp_v6_conn_request,
1858 	.syn_recv_sock	   = tcp_v6_syn_recv_sock,
1859 	.remember_stamp	   = tcp_v6_remember_stamp,
1860 	.net_header_len	   = sizeof(struct ipv6hdr),
1861 	.setsockopt	   = ipv6_setsockopt,
1862 	.getsockopt	   = ipv6_getsockopt,
1863 	.addr2sockaddr	   = inet6_csk_addr2sockaddr,
1864 	.sockaddr_len	   = sizeof(struct sockaddr_in6),
1865 	.bind_conflict	   = inet6_csk_bind_conflict,
1866 #ifdef CONFIG_COMPAT
1867 	.compat_setsockopt = compat_ipv6_setsockopt,
1868 	.compat_getsockopt = compat_ipv6_getsockopt,
1869 #endif
1870 };
1871 
1872 #ifdef CONFIG_TCP_MD5SIG
1873 static struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1874 	.md5_lookup	=	tcp_v6_md5_lookup,
1875 	.calc_md5_hash	=	tcp_v6_calc_md5_hash,
1876 	.md5_add	=	tcp_v6_md5_add_func,
1877 	.md5_parse	=	tcp_v6_parse_md5_keys,
1878 };
1879 #endif
1880 
1881 /*
1882  *	TCP over IPv4 via INET6 API
1883  */
1884 
1885 static struct inet_connection_sock_af_ops ipv6_mapped = {
1886 	.queue_xmit	   = ip_queue_xmit,
1887 	.send_check	   = tcp_v4_send_check,
1888 	.rebuild_header	   = inet_sk_rebuild_header,
1889 	.conn_request	   = tcp_v6_conn_request,
1890 	.syn_recv_sock	   = tcp_v6_syn_recv_sock,
1891 	.remember_stamp	   = tcp_v4_remember_stamp,
1892 	.net_header_len	   = sizeof(struct iphdr),
1893 	.setsockopt	   = ipv6_setsockopt,
1894 	.getsockopt	   = ipv6_getsockopt,
1895 	.addr2sockaddr	   = inet6_csk_addr2sockaddr,
1896 	.sockaddr_len	   = sizeof(struct sockaddr_in6),
1897 	.bind_conflict	   = inet6_csk_bind_conflict,
1898 #ifdef CONFIG_COMPAT
1899 	.compat_setsockopt = compat_ipv6_setsockopt,
1900 	.compat_getsockopt = compat_ipv6_getsockopt,
1901 #endif
1902 };
1903 
1904 #ifdef CONFIG_TCP_MD5SIG
1905 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1906 	.md5_lookup	=	tcp_v4_md5_lookup,
1907 	.calc_md5_hash	=	tcp_v4_calc_md5_hash,
1908 	.md5_add	=	tcp_v6_md5_add_func,
1909 	.md5_parse	=	tcp_v6_parse_md5_keys,
1910 };
1911 #endif
1912 
1913 /* NOTE: A lot of things set to zero explicitly by call to
1914  *       sk_alloc() so need not be done here.
1915  */
1916 static int tcp_v6_init_sock(struct sock *sk)
1917 {
1918 	struct inet_connection_sock *icsk = inet_csk(sk);
1919 	struct tcp_sock *tp = tcp_sk(sk);
1920 
1921 	skb_queue_head_init(&tp->out_of_order_queue);
1922 	tcp_init_xmit_timers(sk);
1923 	tcp_prequeue_init(tp);
1924 
1925 	icsk->icsk_rto = TCP_TIMEOUT_INIT;
1926 	tp->mdev = TCP_TIMEOUT_INIT;
1927 
1928 	/* So many TCP implementations out there (incorrectly) count the
1929 	 * initial SYN frame in their delayed-ACK and congestion control
1930 	 * algorithms that we must have the following bandaid to talk
1931 	 * efficiently to them.  -DaveM
1932 	 */
1933 	tp->snd_cwnd = 2;
1934 
1935 	/* See draft-stevens-tcpca-spec-01 for discussion of the
1936 	 * initialization of these values.
1937 	 */
1938 	tp->snd_ssthresh = 0x7fffffff;
1939 	tp->snd_cwnd_clamp = ~0;
1940 	tp->mss_cache = 536;
1941 
1942 	tp->reordering = sysctl_tcp_reordering;
1943 
1944 	sk->sk_state = TCP_CLOSE;
1945 
1946 	icsk->icsk_af_ops = &ipv6_specific;
1947 	icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1948 	icsk->icsk_sync_mss = tcp_sync_mss;
1949 	sk->sk_write_space = sk_stream_write_space;
1950 	sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1951 
1952 #ifdef CONFIG_TCP_MD5SIG
1953 	tp->af_specific = &tcp_sock_ipv6_specific;
1954 #endif
1955 
1956 	sk->sk_sndbuf = sysctl_tcp_wmem[1];
1957 	sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1958 
1959 	atomic_inc(&tcp_sockets_allocated);
1960 
1961 	return 0;
1962 }
1963 
1964 static int tcp_v6_destroy_sock(struct sock *sk)
1965 {
1966 #ifdef CONFIG_TCP_MD5SIG
1967 	/* Clean up the MD5 key list */
1968 	if (tcp_sk(sk)->md5sig_info)
1969 		tcp_v6_clear_md5_list(sk);
1970 #endif
1971 	tcp_v4_destroy_sock(sk);
1972 	return inet6_destroy_sock(sk);
1973 }
1974 
1975 #ifdef CONFIG_PROC_FS
1976 /* Proc filesystem TCPv6 sock list dumping. */
1977 static void get_openreq6(struct seq_file *seq,
1978 			 struct sock *sk, struct request_sock *req, int i, int uid)
1979 {
1980 	int ttd = req->expires - jiffies;
1981 	struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1982 	struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1983 
1984 	if (ttd < 0)
1985 		ttd = 0;
1986 
1987 	seq_printf(seq,
1988 		   "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1989 		   "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1990 		   i,
1991 		   src->s6_addr32[0], src->s6_addr32[1],
1992 		   src->s6_addr32[2], src->s6_addr32[3],
1993 		   ntohs(inet_sk(sk)->sport),
1994 		   dest->s6_addr32[0], dest->s6_addr32[1],
1995 		   dest->s6_addr32[2], dest->s6_addr32[3],
1996 		   ntohs(inet_rsk(req)->rmt_port),
1997 		   TCP_SYN_RECV,
1998 		   0,0, /* could print option size, but that is af dependent. */
1999 		   1,   /* timers active (only the expire timer) */
2000 		   jiffies_to_clock_t(ttd),
2001 		   req->retrans,
2002 		   uid,
2003 		   0,  /* non standard timer */
2004 		   0, /* open_requests have no inode */
2005 		   0, req);
2006 }
2007 
2008 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
2009 {
2010 	struct in6_addr *dest, *src;
2011 	__u16 destp, srcp;
2012 	int timer_active;
2013 	unsigned long timer_expires;
2014 	struct inet_sock *inet = inet_sk(sp);
2015 	struct tcp_sock *tp = tcp_sk(sp);
2016 	const struct inet_connection_sock *icsk = inet_csk(sp);
2017 	struct ipv6_pinfo *np = inet6_sk(sp);
2018 
2019 	dest  = &np->daddr;
2020 	src   = &np->rcv_saddr;
2021 	destp = ntohs(inet->dport);
2022 	srcp  = ntohs(inet->sport);
2023 
2024 	if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
2025 		timer_active	= 1;
2026 		timer_expires	= icsk->icsk_timeout;
2027 	} else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2028 		timer_active	= 4;
2029 		timer_expires	= icsk->icsk_timeout;
2030 	} else if (timer_pending(&sp->sk_timer)) {
2031 		timer_active	= 2;
2032 		timer_expires	= sp->sk_timer.expires;
2033 	} else {
2034 		timer_active	= 0;
2035 		timer_expires = jiffies;
2036 	}
2037 
2038 	seq_printf(seq,
2039 		   "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2040 		   "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %u %u %u %u %d\n",
2041 		   i,
2042 		   src->s6_addr32[0], src->s6_addr32[1],
2043 		   src->s6_addr32[2], src->s6_addr32[3], srcp,
2044 		   dest->s6_addr32[0], dest->s6_addr32[1],
2045 		   dest->s6_addr32[2], dest->s6_addr32[3], destp,
2046 		   sp->sk_state,
2047 		   tp->write_seq-tp->snd_una,
2048 		   (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
2049 		   timer_active,
2050 		   jiffies_to_clock_t(timer_expires - jiffies),
2051 		   icsk->icsk_retransmits,
2052 		   sock_i_uid(sp),
2053 		   icsk->icsk_probes_out,
2054 		   sock_i_ino(sp),
2055 		   atomic_read(&sp->sk_refcnt), sp,
2056 		   icsk->icsk_rto,
2057 		   icsk->icsk_ack.ato,
2058 		   (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
2059 		   tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
2060 		   );
2061 }
2062 
2063 static void get_timewait6_sock(struct seq_file *seq,
2064 			       struct inet_timewait_sock *tw, int i)
2065 {
2066 	struct in6_addr *dest, *src;
2067 	__u16 destp, srcp;
2068 	struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
2069 	int ttd = tw->tw_ttd - jiffies;
2070 
2071 	if (ttd < 0)
2072 		ttd = 0;
2073 
2074 	dest = &tw6->tw_v6_daddr;
2075 	src  = &tw6->tw_v6_rcv_saddr;
2076 	destp = ntohs(tw->tw_dport);
2077 	srcp  = ntohs(tw->tw_sport);
2078 
2079 	seq_printf(seq,
2080 		   "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2081 		   "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
2082 		   i,
2083 		   src->s6_addr32[0], src->s6_addr32[1],
2084 		   src->s6_addr32[2], src->s6_addr32[3], srcp,
2085 		   dest->s6_addr32[0], dest->s6_addr32[1],
2086 		   dest->s6_addr32[2], dest->s6_addr32[3], destp,
2087 		   tw->tw_substate, 0, 0,
2088 		   3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2089 		   atomic_read(&tw->tw_refcnt), tw);
2090 }
2091 
2092 static int tcp6_seq_show(struct seq_file *seq, void *v)
2093 {
2094 	struct tcp_iter_state *st;
2095 
2096 	if (v == SEQ_START_TOKEN) {
2097 		seq_puts(seq,
2098 			 "  sl  "
2099 			 "local_address                         "
2100 			 "remote_address                        "
2101 			 "st tx_queue rx_queue tr tm->when retrnsmt"
2102 			 "   uid  timeout inode\n");
2103 		goto out;
2104 	}
2105 	st = seq->private;
2106 
2107 	switch (st->state) {
2108 	case TCP_SEQ_STATE_LISTENING:
2109 	case TCP_SEQ_STATE_ESTABLISHED:
2110 		get_tcp6_sock(seq, v, st->num);
2111 		break;
2112 	case TCP_SEQ_STATE_OPENREQ:
2113 		get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
2114 		break;
2115 	case TCP_SEQ_STATE_TIME_WAIT:
2116 		get_timewait6_sock(seq, v, st->num);
2117 		break;
2118 	}
2119 out:
2120 	return 0;
2121 }
2122 
2123 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2124 	.name		= "tcp6",
2125 	.family		= AF_INET6,
2126 	.seq_fops	= {
2127 		.owner		= THIS_MODULE,
2128 	},
2129 	.seq_ops	= {
2130 		.show		= tcp6_seq_show,
2131 	},
2132 };
2133 
2134 int tcp6_proc_init(struct net *net)
2135 {
2136 	return tcp_proc_register(net, &tcp6_seq_afinfo);
2137 }
2138 
2139 void tcp6_proc_exit(struct net *net)
2140 {
2141 	tcp_proc_unregister(net, &tcp6_seq_afinfo);
2142 }
2143 #endif
2144 
2145 struct proto tcpv6_prot = {
2146 	.name			= "TCPv6",
2147 	.owner			= THIS_MODULE,
2148 	.close			= tcp_close,
2149 	.connect		= tcp_v6_connect,
2150 	.disconnect		= tcp_disconnect,
2151 	.accept			= inet_csk_accept,
2152 	.ioctl			= tcp_ioctl,
2153 	.init			= tcp_v6_init_sock,
2154 	.destroy		= tcp_v6_destroy_sock,
2155 	.shutdown		= tcp_shutdown,
2156 	.setsockopt		= tcp_setsockopt,
2157 	.getsockopt		= tcp_getsockopt,
2158 	.recvmsg		= tcp_recvmsg,
2159 	.backlog_rcv		= tcp_v6_do_rcv,
2160 	.hash			= tcp_v6_hash,
2161 	.unhash			= inet_unhash,
2162 	.get_port		= inet_csk_get_port,
2163 	.enter_memory_pressure	= tcp_enter_memory_pressure,
2164 	.sockets_allocated	= &tcp_sockets_allocated,
2165 	.memory_allocated	= &tcp_memory_allocated,
2166 	.memory_pressure	= &tcp_memory_pressure,
2167 	.orphan_count		= &tcp_orphan_count,
2168 	.sysctl_mem		= sysctl_tcp_mem,
2169 	.sysctl_wmem		= sysctl_tcp_wmem,
2170 	.sysctl_rmem		= sysctl_tcp_rmem,
2171 	.max_header		= MAX_TCP_HEADER,
2172 	.obj_size		= sizeof(struct tcp6_sock),
2173 	.twsk_prot		= &tcp6_timewait_sock_ops,
2174 	.rsk_prot		= &tcp6_request_sock_ops,
2175 	.h.hashinfo		= &tcp_hashinfo,
2176 #ifdef CONFIG_COMPAT
2177 	.compat_setsockopt	= compat_tcp_setsockopt,
2178 	.compat_getsockopt	= compat_tcp_getsockopt,
2179 #endif
2180 };
2181 
2182 static struct inet6_protocol tcpv6_protocol = {
2183 	.handler	=	tcp_v6_rcv,
2184 	.err_handler	=	tcp_v6_err,
2185 	.gso_send_check	=	tcp_v6_gso_send_check,
2186 	.gso_segment	=	tcp_tso_segment,
2187 	.flags		=	INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2188 };
2189 
2190 static struct inet_protosw tcpv6_protosw = {
2191 	.type		=	SOCK_STREAM,
2192 	.protocol	=	IPPROTO_TCP,
2193 	.prot		=	&tcpv6_prot,
2194 	.ops		=	&inet6_stream_ops,
2195 	.capability	=	-1,
2196 	.no_check	=	0,
2197 	.flags		=	INET_PROTOSW_PERMANENT |
2198 				INET_PROTOSW_ICSK,
2199 };
2200 
2201 static int tcpv6_net_init(struct net *net)
2202 {
2203 	return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2204 				    SOCK_RAW, IPPROTO_TCP, net);
2205 }
2206 
2207 static void tcpv6_net_exit(struct net *net)
2208 {
2209 	inet_ctl_sock_destroy(net->ipv6.tcp_sk);
2210 }
2211 
2212 static struct pernet_operations tcpv6_net_ops = {
2213 	.init = tcpv6_net_init,
2214 	.exit = tcpv6_net_exit,
2215 };
2216 
2217 int __init tcpv6_init(void)
2218 {
2219 	int ret;
2220 
2221 	ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2222 	if (ret)
2223 		goto out;
2224 
2225 	/* register inet6 protocol */
2226 	ret = inet6_register_protosw(&tcpv6_protosw);
2227 	if (ret)
2228 		goto out_tcpv6_protocol;
2229 
2230 	ret = register_pernet_subsys(&tcpv6_net_ops);
2231 	if (ret)
2232 		goto out_tcpv6_protosw;
2233 out:
2234 	return ret;
2235 
2236 out_tcpv6_protocol:
2237 	inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2238 out_tcpv6_protosw:
2239 	inet6_unregister_protosw(&tcpv6_protosw);
2240 	goto out;
2241 }
2242 
2243 void tcpv6_exit(void)
2244 {
2245 	unregister_pernet_subsys(&tcpv6_net_ops);
2246 	inet6_unregister_protosw(&tcpv6_protosw);
2247 	inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2248 }
2249