xref: /openbmc/linux/net/ipv6/tcp_ipv6.c (revision 8a10bc9d)
1 /*
2  *	TCP over IPv6
3  *	Linux INET6 implementation
4  *
5  *	Authors:
6  *	Pedro Roque		<roque@di.fc.ul.pt>
7  *
8  *	Based on:
9  *	linux/net/ipv4/tcp.c
10  *	linux/net/ipv4/tcp_input.c
11  *	linux/net/ipv4/tcp_output.c
12  *
13  *	Fixes:
14  *	Hideaki YOSHIFUJI	:	sin6_scope_id support
15  *	YOSHIFUJI Hideaki @USAGI and:	Support IPV6_V6ONLY socket option, which
16  *	Alexey Kuznetsov		allow both IPv4 and IPv6 sockets to bind
17  *					a single port at the same time.
18  *	YOSHIFUJI Hideaki @USAGI:	convert /proc/net/tcp6 to seq_file.
19  *
20  *	This program is free software; you can redistribute it and/or
21  *      modify it under the terms of the GNU General Public License
22  *      as published by the Free Software Foundation; either version
23  *      2 of the License, or (at your option) any later version.
24  */
25 
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
34 #include <linux/in.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
41 #include <linux/slab.h>
42 
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
46 
47 #include <net/tcp.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
51 #include <net/ipv6.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
58 #include <net/xfrm.h>
59 #include <net/snmp.h>
60 #include <net/dsfield.h>
61 #include <net/timewait_sock.h>
62 #include <net/netdma.h>
63 #include <net/inet_common.h>
64 #include <net/secure_seq.h>
65 #include <net/tcp_memcontrol.h>
66 #include <net/busy_poll.h>
67 
68 #include <asm/uaccess.h>
69 
70 #include <linux/proc_fs.h>
71 #include <linux/seq_file.h>
72 
73 #include <linux/crypto.h>
74 #include <linux/scatterlist.h>
75 
76 static void	tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
77 static void	tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
78 				      struct request_sock *req);
79 
80 static int	tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
81 
82 static const struct inet_connection_sock_af_ops ipv6_mapped;
83 static const struct inet_connection_sock_af_ops ipv6_specific;
84 #ifdef CONFIG_TCP_MD5SIG
85 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
86 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
87 #else
88 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
89 						   const struct in6_addr *addr)
90 {
91 	return NULL;
92 }
93 #endif
94 
95 static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
96 {
97 	struct dst_entry *dst = skb_dst(skb);
98 	const struct rt6_info *rt = (const struct rt6_info *)dst;
99 
100 	dst_hold(dst);
101 	sk->sk_rx_dst = dst;
102 	inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
103 	if (rt->rt6i_node)
104 		inet6_sk(sk)->rx_dst_cookie = rt->rt6i_node->fn_sernum;
105 }
106 
107 static void tcp_v6_hash(struct sock *sk)
108 {
109 	if (sk->sk_state != TCP_CLOSE) {
110 		if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
111 			tcp_prot.hash(sk);
112 			return;
113 		}
114 		local_bh_disable();
115 		__inet6_hash(sk, NULL);
116 		local_bh_enable();
117 	}
118 }
119 
120 static __u32 tcp_v6_init_sequence(const struct sk_buff *skb)
121 {
122 	return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
123 					    ipv6_hdr(skb)->saddr.s6_addr32,
124 					    tcp_hdr(skb)->dest,
125 					    tcp_hdr(skb)->source);
126 }
127 
128 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
129 			  int addr_len)
130 {
131 	struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
132 	struct inet_sock *inet = inet_sk(sk);
133 	struct inet_connection_sock *icsk = inet_csk(sk);
134 	struct ipv6_pinfo *np = inet6_sk(sk);
135 	struct tcp_sock *tp = tcp_sk(sk);
136 	struct in6_addr *saddr = NULL, *final_p, final;
137 	struct rt6_info *rt;
138 	struct flowi6 fl6;
139 	struct dst_entry *dst;
140 	int addr_type;
141 	int err;
142 
143 	if (addr_len < SIN6_LEN_RFC2133)
144 		return -EINVAL;
145 
146 	if (usin->sin6_family != AF_INET6)
147 		return -EAFNOSUPPORT;
148 
149 	memset(&fl6, 0, sizeof(fl6));
150 
151 	if (np->sndflow) {
152 		fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
153 		IP6_ECN_flow_init(fl6.flowlabel);
154 		if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
155 			struct ip6_flowlabel *flowlabel;
156 			flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
157 			if (flowlabel == NULL)
158 				return -EINVAL;
159 			fl6_sock_release(flowlabel);
160 		}
161 	}
162 
163 	/*
164 	 *	connect() to INADDR_ANY means loopback (BSD'ism).
165 	 */
166 
167 	if (ipv6_addr_any(&usin->sin6_addr))
168 		usin->sin6_addr.s6_addr[15] = 0x1;
169 
170 	addr_type = ipv6_addr_type(&usin->sin6_addr);
171 
172 	if (addr_type & IPV6_ADDR_MULTICAST)
173 		return -ENETUNREACH;
174 
175 	if (addr_type&IPV6_ADDR_LINKLOCAL) {
176 		if (addr_len >= sizeof(struct sockaddr_in6) &&
177 		    usin->sin6_scope_id) {
178 			/* If interface is set while binding, indices
179 			 * must coincide.
180 			 */
181 			if (sk->sk_bound_dev_if &&
182 			    sk->sk_bound_dev_if != usin->sin6_scope_id)
183 				return -EINVAL;
184 
185 			sk->sk_bound_dev_if = usin->sin6_scope_id;
186 		}
187 
188 		/* Connect to link-local address requires an interface */
189 		if (!sk->sk_bound_dev_if)
190 			return -EINVAL;
191 	}
192 
193 	if (tp->rx_opt.ts_recent_stamp &&
194 	    !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
195 		tp->rx_opt.ts_recent = 0;
196 		tp->rx_opt.ts_recent_stamp = 0;
197 		tp->write_seq = 0;
198 	}
199 
200 	sk->sk_v6_daddr = usin->sin6_addr;
201 	np->flow_label = fl6.flowlabel;
202 
203 	/*
204 	 *	TCP over IPv4
205 	 */
206 
207 	if (addr_type == IPV6_ADDR_MAPPED) {
208 		u32 exthdrlen = icsk->icsk_ext_hdr_len;
209 		struct sockaddr_in sin;
210 
211 		SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
212 
213 		if (__ipv6_only_sock(sk))
214 			return -ENETUNREACH;
215 
216 		sin.sin_family = AF_INET;
217 		sin.sin_port = usin->sin6_port;
218 		sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
219 
220 		icsk->icsk_af_ops = &ipv6_mapped;
221 		sk->sk_backlog_rcv = tcp_v4_do_rcv;
222 #ifdef CONFIG_TCP_MD5SIG
223 		tp->af_specific = &tcp_sock_ipv6_mapped_specific;
224 #endif
225 
226 		err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
227 
228 		if (err) {
229 			icsk->icsk_ext_hdr_len = exthdrlen;
230 			icsk->icsk_af_ops = &ipv6_specific;
231 			sk->sk_backlog_rcv = tcp_v6_do_rcv;
232 #ifdef CONFIG_TCP_MD5SIG
233 			tp->af_specific = &tcp_sock_ipv6_specific;
234 #endif
235 			goto failure;
236 		} else {
237 			ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr);
238 			ipv6_addr_set_v4mapped(inet->inet_rcv_saddr,
239 					       &sk->sk_v6_rcv_saddr);
240 		}
241 
242 		return err;
243 	}
244 
245 	if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
246 		saddr = &sk->sk_v6_rcv_saddr;
247 
248 	fl6.flowi6_proto = IPPROTO_TCP;
249 	fl6.daddr = sk->sk_v6_daddr;
250 	fl6.saddr = saddr ? *saddr : np->saddr;
251 	fl6.flowi6_oif = sk->sk_bound_dev_if;
252 	fl6.flowi6_mark = sk->sk_mark;
253 	fl6.fl6_dport = usin->sin6_port;
254 	fl6.fl6_sport = inet->inet_sport;
255 
256 	final_p = fl6_update_dst(&fl6, np->opt, &final);
257 
258 	security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
259 
260 	dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
261 	if (IS_ERR(dst)) {
262 		err = PTR_ERR(dst);
263 		goto failure;
264 	}
265 
266 	if (saddr == NULL) {
267 		saddr = &fl6.saddr;
268 		sk->sk_v6_rcv_saddr = *saddr;
269 	}
270 
271 	/* set the source address */
272 	np->saddr = *saddr;
273 	inet->inet_rcv_saddr = LOOPBACK4_IPV6;
274 
275 	sk->sk_gso_type = SKB_GSO_TCPV6;
276 	__ip6_dst_store(sk, dst, NULL, NULL);
277 
278 	rt = (struct rt6_info *) dst;
279 	if (tcp_death_row.sysctl_tw_recycle &&
280 	    !tp->rx_opt.ts_recent_stamp &&
281 	    ipv6_addr_equal(&rt->rt6i_dst.addr, &sk->sk_v6_daddr))
282 		tcp_fetch_timewait_stamp(sk, dst);
283 
284 	icsk->icsk_ext_hdr_len = 0;
285 	if (np->opt)
286 		icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
287 					  np->opt->opt_nflen);
288 
289 	tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
290 
291 	inet->inet_dport = usin->sin6_port;
292 
293 	tcp_set_state(sk, TCP_SYN_SENT);
294 	err = inet6_hash_connect(&tcp_death_row, sk);
295 	if (err)
296 		goto late_failure;
297 
298 	if (!tp->write_seq && likely(!tp->repair))
299 		tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
300 							     sk->sk_v6_daddr.s6_addr32,
301 							     inet->inet_sport,
302 							     inet->inet_dport);
303 
304 	err = tcp_connect(sk);
305 	if (err)
306 		goto late_failure;
307 
308 	return 0;
309 
310 late_failure:
311 	tcp_set_state(sk, TCP_CLOSE);
312 	__sk_dst_reset(sk);
313 failure:
314 	inet->inet_dport = 0;
315 	sk->sk_route_caps = 0;
316 	return err;
317 }
318 
319 static void tcp_v6_mtu_reduced(struct sock *sk)
320 {
321 	struct dst_entry *dst;
322 
323 	if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
324 		return;
325 
326 	dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info);
327 	if (!dst)
328 		return;
329 
330 	if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
331 		tcp_sync_mss(sk, dst_mtu(dst));
332 		tcp_simple_retransmit(sk);
333 	}
334 }
335 
336 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
337 		u8 type, u8 code, int offset, __be32 info)
338 {
339 	const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
340 	const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
341 	struct ipv6_pinfo *np;
342 	struct sock *sk;
343 	int err;
344 	struct tcp_sock *tp;
345 	__u32 seq;
346 	struct net *net = dev_net(skb->dev);
347 
348 	sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr,
349 			th->dest, &hdr->saddr, th->source, skb->dev->ifindex);
350 
351 	if (sk == NULL) {
352 		ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev),
353 				   ICMP6_MIB_INERRORS);
354 		return;
355 	}
356 
357 	if (sk->sk_state == TCP_TIME_WAIT) {
358 		inet_twsk_put(inet_twsk(sk));
359 		return;
360 	}
361 
362 	bh_lock_sock(sk);
363 	if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
364 		NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
365 
366 	if (sk->sk_state == TCP_CLOSE)
367 		goto out;
368 
369 	if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) {
370 		NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
371 		goto out;
372 	}
373 
374 	tp = tcp_sk(sk);
375 	seq = ntohl(th->seq);
376 	if (sk->sk_state != TCP_LISTEN &&
377 	    !between(seq, tp->snd_una, tp->snd_nxt)) {
378 		NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
379 		goto out;
380 	}
381 
382 	np = inet6_sk(sk);
383 
384 	if (type == NDISC_REDIRECT) {
385 		struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
386 
387 		if (dst)
388 			dst->ops->redirect(dst, sk, skb);
389 		goto out;
390 	}
391 
392 	if (type == ICMPV6_PKT_TOOBIG) {
393 		/* We are not interested in TCP_LISTEN and open_requests
394 		 * (SYN-ACKs send out by Linux are always <576bytes so
395 		 * they should go through unfragmented).
396 		 */
397 		if (sk->sk_state == TCP_LISTEN)
398 			goto out;
399 
400 		if (!ip6_sk_accept_pmtu(sk))
401 			goto out;
402 
403 		tp->mtu_info = ntohl(info);
404 		if (!sock_owned_by_user(sk))
405 			tcp_v6_mtu_reduced(sk);
406 		else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
407 					   &tp->tsq_flags))
408 			sock_hold(sk);
409 		goto out;
410 	}
411 
412 	icmpv6_err_convert(type, code, &err);
413 
414 	/* Might be for an request_sock */
415 	switch (sk->sk_state) {
416 		struct request_sock *req, **prev;
417 	case TCP_LISTEN:
418 		if (sock_owned_by_user(sk))
419 			goto out;
420 
421 		req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
422 					   &hdr->saddr, inet6_iif(skb));
423 		if (!req)
424 			goto out;
425 
426 		/* ICMPs are not backlogged, hence we cannot get
427 		 * an established socket here.
428 		 */
429 		WARN_ON(req->sk != NULL);
430 
431 		if (seq != tcp_rsk(req)->snt_isn) {
432 			NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
433 			goto out;
434 		}
435 
436 		inet_csk_reqsk_queue_drop(sk, req, prev);
437 		NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
438 		goto out;
439 
440 	case TCP_SYN_SENT:
441 	case TCP_SYN_RECV:  /* Cannot happen.
442 			       It can, it SYNs are crossed. --ANK */
443 		if (!sock_owned_by_user(sk)) {
444 			sk->sk_err = err;
445 			sk->sk_error_report(sk);		/* Wake people up to see the error (see connect in sock.c) */
446 
447 			tcp_done(sk);
448 		} else
449 			sk->sk_err_soft = err;
450 		goto out;
451 	}
452 
453 	if (!sock_owned_by_user(sk) && np->recverr) {
454 		sk->sk_err = err;
455 		sk->sk_error_report(sk);
456 	} else
457 		sk->sk_err_soft = err;
458 
459 out:
460 	bh_unlock_sock(sk);
461 	sock_put(sk);
462 }
463 
464 
465 static int tcp_v6_send_synack(struct sock *sk, struct dst_entry *dst,
466 			      struct flowi6 *fl6,
467 			      struct request_sock *req,
468 			      u16 queue_mapping)
469 {
470 	struct inet_request_sock *ireq = inet_rsk(req);
471 	struct ipv6_pinfo *np = inet6_sk(sk);
472 	struct sk_buff *skb;
473 	int err = -ENOMEM;
474 
475 	/* First, grab a route. */
476 	if (!dst && (dst = inet6_csk_route_req(sk, fl6, req)) == NULL)
477 		goto done;
478 
479 	skb = tcp_make_synack(sk, dst, req, NULL);
480 
481 	if (skb) {
482 		__tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
483 				    &ireq->ir_v6_rmt_addr);
484 
485 		fl6->daddr = ireq->ir_v6_rmt_addr;
486 		if (np->repflow && (ireq->pktopts != NULL))
487 			fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
488 
489 		skb_set_queue_mapping(skb, queue_mapping);
490 		err = ip6_xmit(sk, skb, fl6, np->opt, np->tclass);
491 		err = net_xmit_eval(err);
492 	}
493 
494 done:
495 	return err;
496 }
497 
498 static int tcp_v6_rtx_synack(struct sock *sk, struct request_sock *req)
499 {
500 	struct flowi6 fl6;
501 	int res;
502 
503 	res = tcp_v6_send_synack(sk, NULL, &fl6, req, 0);
504 	if (!res)
505 		TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_RETRANSSEGS);
506 	return res;
507 }
508 
509 static void tcp_v6_reqsk_destructor(struct request_sock *req)
510 {
511 	kfree_skb(inet_rsk(req)->pktopts);
512 }
513 
514 #ifdef CONFIG_TCP_MD5SIG
515 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
516 						   const struct in6_addr *addr)
517 {
518 	return tcp_md5_do_lookup(sk, (union tcp_md5_addr *)addr, AF_INET6);
519 }
520 
521 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
522 						struct sock *addr_sk)
523 {
524 	return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr);
525 }
526 
527 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
528 						      struct request_sock *req)
529 {
530 	return tcp_v6_md5_do_lookup(sk, &inet_rsk(req)->ir_v6_rmt_addr);
531 }
532 
533 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
534 				  int optlen)
535 {
536 	struct tcp_md5sig cmd;
537 	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
538 
539 	if (optlen < sizeof(cmd))
540 		return -EINVAL;
541 
542 	if (copy_from_user(&cmd, optval, sizeof(cmd)))
543 		return -EFAULT;
544 
545 	if (sin6->sin6_family != AF_INET6)
546 		return -EINVAL;
547 
548 	if (!cmd.tcpm_keylen) {
549 		if (ipv6_addr_v4mapped(&sin6->sin6_addr))
550 			return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
551 					      AF_INET);
552 		return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
553 				      AF_INET6);
554 	}
555 
556 	if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
557 		return -EINVAL;
558 
559 	if (ipv6_addr_v4mapped(&sin6->sin6_addr))
560 		return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
561 				      AF_INET, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
562 
563 	return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
564 			      AF_INET6, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
565 }
566 
567 static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
568 					const struct in6_addr *daddr,
569 					const struct in6_addr *saddr, int nbytes)
570 {
571 	struct tcp6_pseudohdr *bp;
572 	struct scatterlist sg;
573 
574 	bp = &hp->md5_blk.ip6;
575 	/* 1. TCP pseudo-header (RFC2460) */
576 	bp->saddr = *saddr;
577 	bp->daddr = *daddr;
578 	bp->protocol = cpu_to_be32(IPPROTO_TCP);
579 	bp->len = cpu_to_be32(nbytes);
580 
581 	sg_init_one(&sg, bp, sizeof(*bp));
582 	return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
583 }
584 
585 static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
586 			       const struct in6_addr *daddr, struct in6_addr *saddr,
587 			       const struct tcphdr *th)
588 {
589 	struct tcp_md5sig_pool *hp;
590 	struct hash_desc *desc;
591 
592 	hp = tcp_get_md5sig_pool();
593 	if (!hp)
594 		goto clear_hash_noput;
595 	desc = &hp->md5_desc;
596 
597 	if (crypto_hash_init(desc))
598 		goto clear_hash;
599 	if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
600 		goto clear_hash;
601 	if (tcp_md5_hash_header(hp, th))
602 		goto clear_hash;
603 	if (tcp_md5_hash_key(hp, key))
604 		goto clear_hash;
605 	if (crypto_hash_final(desc, md5_hash))
606 		goto clear_hash;
607 
608 	tcp_put_md5sig_pool();
609 	return 0;
610 
611 clear_hash:
612 	tcp_put_md5sig_pool();
613 clear_hash_noput:
614 	memset(md5_hash, 0, 16);
615 	return 1;
616 }
617 
618 static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
619 			       const struct sock *sk,
620 			       const struct request_sock *req,
621 			       const struct sk_buff *skb)
622 {
623 	const struct in6_addr *saddr, *daddr;
624 	struct tcp_md5sig_pool *hp;
625 	struct hash_desc *desc;
626 	const struct tcphdr *th = tcp_hdr(skb);
627 
628 	if (sk) {
629 		saddr = &inet6_sk(sk)->saddr;
630 		daddr = &sk->sk_v6_daddr;
631 	} else if (req) {
632 		saddr = &inet_rsk(req)->ir_v6_loc_addr;
633 		daddr = &inet_rsk(req)->ir_v6_rmt_addr;
634 	} else {
635 		const struct ipv6hdr *ip6h = ipv6_hdr(skb);
636 		saddr = &ip6h->saddr;
637 		daddr = &ip6h->daddr;
638 	}
639 
640 	hp = tcp_get_md5sig_pool();
641 	if (!hp)
642 		goto clear_hash_noput;
643 	desc = &hp->md5_desc;
644 
645 	if (crypto_hash_init(desc))
646 		goto clear_hash;
647 
648 	if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
649 		goto clear_hash;
650 	if (tcp_md5_hash_header(hp, th))
651 		goto clear_hash;
652 	if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
653 		goto clear_hash;
654 	if (tcp_md5_hash_key(hp, key))
655 		goto clear_hash;
656 	if (crypto_hash_final(desc, md5_hash))
657 		goto clear_hash;
658 
659 	tcp_put_md5sig_pool();
660 	return 0;
661 
662 clear_hash:
663 	tcp_put_md5sig_pool();
664 clear_hash_noput:
665 	memset(md5_hash, 0, 16);
666 	return 1;
667 }
668 
669 static int tcp_v6_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb)
670 {
671 	const __u8 *hash_location = NULL;
672 	struct tcp_md5sig_key *hash_expected;
673 	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
674 	const struct tcphdr *th = tcp_hdr(skb);
675 	int genhash;
676 	u8 newhash[16];
677 
678 	hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
679 	hash_location = tcp_parse_md5sig_option(th);
680 
681 	/* We've parsed the options - do we have a hash? */
682 	if (!hash_expected && !hash_location)
683 		return 0;
684 
685 	if (hash_expected && !hash_location) {
686 		NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
687 		return 1;
688 	}
689 
690 	if (!hash_expected && hash_location) {
691 		NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
692 		return 1;
693 	}
694 
695 	/* check the signature */
696 	genhash = tcp_v6_md5_hash_skb(newhash,
697 				      hash_expected,
698 				      NULL, NULL, skb);
699 
700 	if (genhash || memcmp(hash_location, newhash, 16) != 0) {
701 		net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
702 				     genhash ? "failed" : "mismatch",
703 				     &ip6h->saddr, ntohs(th->source),
704 				     &ip6h->daddr, ntohs(th->dest));
705 		return 1;
706 	}
707 	return 0;
708 }
709 #endif
710 
711 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
712 	.family		=	AF_INET6,
713 	.obj_size	=	sizeof(struct tcp6_request_sock),
714 	.rtx_syn_ack	=	tcp_v6_rtx_synack,
715 	.send_ack	=	tcp_v6_reqsk_send_ack,
716 	.destructor	=	tcp_v6_reqsk_destructor,
717 	.send_reset	=	tcp_v6_send_reset,
718 	.syn_ack_timeout = 	tcp_syn_ack_timeout,
719 };
720 
721 #ifdef CONFIG_TCP_MD5SIG
722 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
723 	.md5_lookup	=	tcp_v6_reqsk_md5_lookup,
724 	.calc_md5_hash	=	tcp_v6_md5_hash_skb,
725 };
726 #endif
727 
728 static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
729 				 u32 tsval, u32 tsecr,
730 				 struct tcp_md5sig_key *key, int rst, u8 tclass,
731 				 u32 label)
732 {
733 	const struct tcphdr *th = tcp_hdr(skb);
734 	struct tcphdr *t1;
735 	struct sk_buff *buff;
736 	struct flowi6 fl6;
737 	struct net *net = dev_net(skb_dst(skb)->dev);
738 	struct sock *ctl_sk = net->ipv6.tcp_sk;
739 	unsigned int tot_len = sizeof(struct tcphdr);
740 	struct dst_entry *dst;
741 	__be32 *topt;
742 
743 	if (tsecr)
744 		tot_len += TCPOLEN_TSTAMP_ALIGNED;
745 #ifdef CONFIG_TCP_MD5SIG
746 	if (key)
747 		tot_len += TCPOLEN_MD5SIG_ALIGNED;
748 #endif
749 
750 	buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
751 			 GFP_ATOMIC);
752 	if (buff == NULL)
753 		return;
754 
755 	skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
756 
757 	t1 = (struct tcphdr *) skb_push(buff, tot_len);
758 	skb_reset_transport_header(buff);
759 
760 	/* Swap the send and the receive. */
761 	memset(t1, 0, sizeof(*t1));
762 	t1->dest = th->source;
763 	t1->source = th->dest;
764 	t1->doff = tot_len / 4;
765 	t1->seq = htonl(seq);
766 	t1->ack_seq = htonl(ack);
767 	t1->ack = !rst || !th->ack;
768 	t1->rst = rst;
769 	t1->window = htons(win);
770 
771 	topt = (__be32 *)(t1 + 1);
772 
773 	if (tsecr) {
774 		*topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
775 				(TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
776 		*topt++ = htonl(tsval);
777 		*topt++ = htonl(tsecr);
778 	}
779 
780 #ifdef CONFIG_TCP_MD5SIG
781 	if (key) {
782 		*topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
783 				(TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
784 		tcp_v6_md5_hash_hdr((__u8 *)topt, key,
785 				    &ipv6_hdr(skb)->saddr,
786 				    &ipv6_hdr(skb)->daddr, t1);
787 	}
788 #endif
789 
790 	memset(&fl6, 0, sizeof(fl6));
791 	fl6.daddr = ipv6_hdr(skb)->saddr;
792 	fl6.saddr = ipv6_hdr(skb)->daddr;
793 	fl6.flowlabel = label;
794 
795 	buff->ip_summed = CHECKSUM_PARTIAL;
796 	buff->csum = 0;
797 
798 	__tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
799 
800 	fl6.flowi6_proto = IPPROTO_TCP;
801 	if (ipv6_addr_type(&fl6.daddr) & IPV6_ADDR_LINKLOCAL)
802 		fl6.flowi6_oif = inet6_iif(skb);
803 	fl6.fl6_dport = t1->dest;
804 	fl6.fl6_sport = t1->source;
805 	security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
806 
807 	/* Pass a socket to ip6_dst_lookup either it is for RST
808 	 * Underlying function will use this to retrieve the network
809 	 * namespace
810 	 */
811 	dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
812 	if (!IS_ERR(dst)) {
813 		skb_dst_set(buff, dst);
814 		ip6_xmit(ctl_sk, buff, &fl6, NULL, tclass);
815 		TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
816 		if (rst)
817 			TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
818 		return;
819 	}
820 
821 	kfree_skb(buff);
822 }
823 
824 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
825 {
826 	const struct tcphdr *th = tcp_hdr(skb);
827 	u32 seq = 0, ack_seq = 0;
828 	struct tcp_md5sig_key *key = NULL;
829 #ifdef CONFIG_TCP_MD5SIG
830 	const __u8 *hash_location = NULL;
831 	struct ipv6hdr *ipv6h = ipv6_hdr(skb);
832 	unsigned char newhash[16];
833 	int genhash;
834 	struct sock *sk1 = NULL;
835 #endif
836 
837 	if (th->rst)
838 		return;
839 
840 	if (!ipv6_unicast_destination(skb))
841 		return;
842 
843 #ifdef CONFIG_TCP_MD5SIG
844 	hash_location = tcp_parse_md5sig_option(th);
845 	if (!sk && hash_location) {
846 		/*
847 		 * active side is lost. Try to find listening socket through
848 		 * source port, and then find md5 key through listening socket.
849 		 * we are not loose security here:
850 		 * Incoming packet is checked with md5 hash with finding key,
851 		 * no RST generated if md5 hash doesn't match.
852 		 */
853 		sk1 = inet6_lookup_listener(dev_net(skb_dst(skb)->dev),
854 					   &tcp_hashinfo, &ipv6h->saddr,
855 					   th->source, &ipv6h->daddr,
856 					   ntohs(th->source), inet6_iif(skb));
857 		if (!sk1)
858 			return;
859 
860 		rcu_read_lock();
861 		key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr);
862 		if (!key)
863 			goto release_sk1;
864 
865 		genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, NULL, skb);
866 		if (genhash || memcmp(hash_location, newhash, 16) != 0)
867 			goto release_sk1;
868 	} else {
869 		key = sk ? tcp_v6_md5_do_lookup(sk, &ipv6h->saddr) : NULL;
870 	}
871 #endif
872 
873 	if (th->ack)
874 		seq = ntohl(th->ack_seq);
875 	else
876 		ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
877 			  (th->doff << 2);
878 
879 	tcp_v6_send_response(skb, seq, ack_seq, 0, 0, 0, key, 1, 0, 0);
880 
881 #ifdef CONFIG_TCP_MD5SIG
882 release_sk1:
883 	if (sk1) {
884 		rcu_read_unlock();
885 		sock_put(sk1);
886 	}
887 #endif
888 }
889 
890 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack,
891 			    u32 win, u32 tsval, u32 tsecr,
892 			    struct tcp_md5sig_key *key, u8 tclass,
893 			    u32 label)
894 {
895 	tcp_v6_send_response(skb, seq, ack, win, tsval, tsecr, key, 0, tclass,
896 			     label);
897 }
898 
899 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
900 {
901 	struct inet_timewait_sock *tw = inet_twsk(sk);
902 	struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
903 
904 	tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
905 			tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
906 			tcp_time_stamp + tcptw->tw_ts_offset,
907 			tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw),
908 			tw->tw_tclass, (tw->tw_flowlabel << 12));
909 
910 	inet_twsk_put(tw);
911 }
912 
913 static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
914 				  struct request_sock *req)
915 {
916 	tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1,
917 			req->rcv_wnd, tcp_time_stamp, req->ts_recent,
918 			tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr),
919 			0, 0);
920 }
921 
922 
923 static struct sock *tcp_v6_hnd_req(struct sock *sk, struct sk_buff *skb)
924 {
925 	struct request_sock *req, **prev;
926 	const struct tcphdr *th = tcp_hdr(skb);
927 	struct sock *nsk;
928 
929 	/* Find possible connection requests. */
930 	req = inet6_csk_search_req(sk, &prev, th->source,
931 				   &ipv6_hdr(skb)->saddr,
932 				   &ipv6_hdr(skb)->daddr, inet6_iif(skb));
933 	if (req)
934 		return tcp_check_req(sk, skb, req, prev, false);
935 
936 	nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
937 			&ipv6_hdr(skb)->saddr, th->source,
938 			&ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb));
939 
940 	if (nsk) {
941 		if (nsk->sk_state != TCP_TIME_WAIT) {
942 			bh_lock_sock(nsk);
943 			return nsk;
944 		}
945 		inet_twsk_put(inet_twsk(nsk));
946 		return NULL;
947 	}
948 
949 #ifdef CONFIG_SYN_COOKIES
950 	if (!th->syn)
951 		sk = cookie_v6_check(sk, skb);
952 #endif
953 	return sk;
954 }
955 
956 /* FIXME: this is substantially similar to the ipv4 code.
957  * Can some kind of merge be done? -- erics
958  */
959 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
960 {
961 	struct tcp_options_received tmp_opt;
962 	struct request_sock *req;
963 	struct inet_request_sock *ireq;
964 	struct ipv6_pinfo *np = inet6_sk(sk);
965 	struct tcp_sock *tp = tcp_sk(sk);
966 	__u32 isn = TCP_SKB_CB(skb)->when;
967 	struct dst_entry *dst = NULL;
968 	struct flowi6 fl6;
969 	bool want_cookie = false;
970 
971 	if (skb->protocol == htons(ETH_P_IP))
972 		return tcp_v4_conn_request(sk, skb);
973 
974 	if (!ipv6_unicast_destination(skb))
975 		goto drop;
976 
977 	if ((sysctl_tcp_syncookies == 2 ||
978 	     inet_csk_reqsk_queue_is_full(sk)) && !isn) {
979 		want_cookie = tcp_syn_flood_action(sk, skb, "TCPv6");
980 		if (!want_cookie)
981 			goto drop;
982 	}
983 
984 	if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) {
985 		NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
986 		goto drop;
987 	}
988 
989 	req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
990 	if (req == NULL)
991 		goto drop;
992 
993 #ifdef CONFIG_TCP_MD5SIG
994 	tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
995 #endif
996 
997 	tcp_clear_options(&tmp_opt);
998 	tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
999 	tmp_opt.user_mss = tp->rx_opt.user_mss;
1000 	tcp_parse_options(skb, &tmp_opt, 0, NULL);
1001 
1002 	if (want_cookie && !tmp_opt.saw_tstamp)
1003 		tcp_clear_options(&tmp_opt);
1004 
1005 	tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1006 	tcp_openreq_init(req, &tmp_opt, skb);
1007 
1008 	ireq = inet_rsk(req);
1009 	ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
1010 	ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
1011 	if (!want_cookie || tmp_opt.tstamp_ok)
1012 		TCP_ECN_create_request(req, skb, sock_net(sk));
1013 
1014 	ireq->ir_iif = sk->sk_bound_dev_if;
1015 
1016 	/* So that link locals have meaning */
1017 	if (!sk->sk_bound_dev_if &&
1018 	    ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
1019 		ireq->ir_iif = inet6_iif(skb);
1020 
1021 	if (!isn) {
1022 		if (ipv6_opt_accepted(sk, skb) ||
1023 		    np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1024 		    np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim ||
1025 		    np->repflow) {
1026 			atomic_inc(&skb->users);
1027 			ireq->pktopts = skb;
1028 		}
1029 
1030 		if (want_cookie) {
1031 			isn = cookie_v6_init_sequence(sk, skb, &req->mss);
1032 			req->cookie_ts = tmp_opt.tstamp_ok;
1033 			goto have_isn;
1034 		}
1035 
1036 		/* VJ's idea. We save last timestamp seen
1037 		 * from the destination in peer table, when entering
1038 		 * state TIME-WAIT, and check against it before
1039 		 * accepting new connection request.
1040 		 *
1041 		 * If "isn" is not zero, this request hit alive
1042 		 * timewait bucket, so that all the necessary checks
1043 		 * are made in the function processing timewait state.
1044 		 */
1045 		if (tmp_opt.saw_tstamp &&
1046 		    tcp_death_row.sysctl_tw_recycle &&
1047 		    (dst = inet6_csk_route_req(sk, &fl6, req)) != NULL) {
1048 			if (!tcp_peer_is_proven(req, dst, true)) {
1049 				NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSPASSIVEREJECTED);
1050 				goto drop_and_release;
1051 			}
1052 		}
1053 		/* Kill the following clause, if you dislike this way. */
1054 		else if (!sysctl_tcp_syncookies &&
1055 			 (sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) <
1056 			  (sysctl_max_syn_backlog >> 2)) &&
1057 			 !tcp_peer_is_proven(req, dst, false)) {
1058 			/* Without syncookies last quarter of
1059 			 * backlog is filled with destinations,
1060 			 * proven to be alive.
1061 			 * It means that we continue to communicate
1062 			 * to destinations, already remembered
1063 			 * to the moment of synflood.
1064 			 */
1065 			LIMIT_NETDEBUG(KERN_DEBUG "TCP: drop open request from %pI6/%u\n",
1066 				       &ireq->ir_v6_rmt_addr, ntohs(tcp_hdr(skb)->source));
1067 			goto drop_and_release;
1068 		}
1069 
1070 		isn = tcp_v6_init_sequence(skb);
1071 	}
1072 have_isn:
1073 	tcp_rsk(req)->snt_isn = isn;
1074 
1075 	if (security_inet_conn_request(sk, skb, req))
1076 		goto drop_and_release;
1077 
1078 	if (tcp_v6_send_synack(sk, dst, &fl6, req,
1079 			       skb_get_queue_mapping(skb)) ||
1080 	    want_cookie)
1081 		goto drop_and_free;
1082 
1083 	tcp_rsk(req)->snt_synack = tcp_time_stamp;
1084 	tcp_rsk(req)->listener = NULL;
1085 	inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1086 	return 0;
1087 
1088 drop_and_release:
1089 	dst_release(dst);
1090 drop_and_free:
1091 	reqsk_free(req);
1092 drop:
1093 	NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1094 	return 0; /* don't send reset */
1095 }
1096 
1097 static struct sock *tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1098 					 struct request_sock *req,
1099 					 struct dst_entry *dst)
1100 {
1101 	struct inet_request_sock *ireq;
1102 	struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1103 	struct tcp6_sock *newtcp6sk;
1104 	struct inet_sock *newinet;
1105 	struct tcp_sock *newtp;
1106 	struct sock *newsk;
1107 #ifdef CONFIG_TCP_MD5SIG
1108 	struct tcp_md5sig_key *key;
1109 #endif
1110 	struct flowi6 fl6;
1111 
1112 	if (skb->protocol == htons(ETH_P_IP)) {
1113 		/*
1114 		 *	v6 mapped
1115 		 */
1116 
1117 		newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1118 
1119 		if (newsk == NULL)
1120 			return NULL;
1121 
1122 		newtcp6sk = (struct tcp6_sock *)newsk;
1123 		inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1124 
1125 		newinet = inet_sk(newsk);
1126 		newnp = inet6_sk(newsk);
1127 		newtp = tcp_sk(newsk);
1128 
1129 		memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1130 
1131 		ipv6_addr_set_v4mapped(newinet->inet_daddr, &newsk->sk_v6_daddr);
1132 
1133 		ipv6_addr_set_v4mapped(newinet->inet_saddr, &newnp->saddr);
1134 
1135 		newsk->sk_v6_rcv_saddr = newnp->saddr;
1136 
1137 		inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1138 		newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1139 #ifdef CONFIG_TCP_MD5SIG
1140 		newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1141 #endif
1142 
1143 		newnp->ipv6_ac_list = NULL;
1144 		newnp->ipv6_fl_list = NULL;
1145 		newnp->pktoptions  = NULL;
1146 		newnp->opt	   = NULL;
1147 		newnp->mcast_oif   = inet6_iif(skb);
1148 		newnp->mcast_hops  = ipv6_hdr(skb)->hop_limit;
1149 		newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1150 		if (np->repflow)
1151 			newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1152 
1153 		/*
1154 		 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1155 		 * here, tcp_create_openreq_child now does this for us, see the comment in
1156 		 * that function for the gory details. -acme
1157 		 */
1158 
1159 		/* It is tricky place. Until this moment IPv4 tcp
1160 		   worked with IPv6 icsk.icsk_af_ops.
1161 		   Sync it now.
1162 		 */
1163 		tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1164 
1165 		return newsk;
1166 	}
1167 
1168 	ireq = inet_rsk(req);
1169 
1170 	if (sk_acceptq_is_full(sk))
1171 		goto out_overflow;
1172 
1173 	if (!dst) {
1174 		dst = inet6_csk_route_req(sk, &fl6, req);
1175 		if (!dst)
1176 			goto out;
1177 	}
1178 
1179 	newsk = tcp_create_openreq_child(sk, req, skb);
1180 	if (newsk == NULL)
1181 		goto out_nonewsk;
1182 
1183 	/*
1184 	 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1185 	 * count here, tcp_create_openreq_child now does this for us, see the
1186 	 * comment in that function for the gory details. -acme
1187 	 */
1188 
1189 	newsk->sk_gso_type = SKB_GSO_TCPV6;
1190 	__ip6_dst_store(newsk, dst, NULL, NULL);
1191 	inet6_sk_rx_dst_set(newsk, skb);
1192 
1193 	newtcp6sk = (struct tcp6_sock *)newsk;
1194 	inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1195 
1196 	newtp = tcp_sk(newsk);
1197 	newinet = inet_sk(newsk);
1198 	newnp = inet6_sk(newsk);
1199 
1200 	memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1201 
1202 	newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
1203 	newnp->saddr = ireq->ir_v6_loc_addr;
1204 	newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
1205 	newsk->sk_bound_dev_if = ireq->ir_iif;
1206 
1207 	/* Now IPv6 options...
1208 
1209 	   First: no IPv4 options.
1210 	 */
1211 	newinet->inet_opt = NULL;
1212 	newnp->ipv6_ac_list = NULL;
1213 	newnp->ipv6_fl_list = NULL;
1214 
1215 	/* Clone RX bits */
1216 	newnp->rxopt.all = np->rxopt.all;
1217 
1218 	/* Clone pktoptions received with SYN */
1219 	newnp->pktoptions = NULL;
1220 	if (ireq->pktopts != NULL) {
1221 		newnp->pktoptions = skb_clone(ireq->pktopts,
1222 					      sk_gfp_atomic(sk, GFP_ATOMIC));
1223 		consume_skb(ireq->pktopts);
1224 		ireq->pktopts = NULL;
1225 		if (newnp->pktoptions)
1226 			skb_set_owner_r(newnp->pktoptions, newsk);
1227 	}
1228 	newnp->opt	  = NULL;
1229 	newnp->mcast_oif  = inet6_iif(skb);
1230 	newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1231 	newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1232 	if (np->repflow)
1233 		newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1234 
1235 	/* Clone native IPv6 options from listening socket (if any)
1236 
1237 	   Yes, keeping reference count would be much more clever,
1238 	   but we make one more one thing there: reattach optmem
1239 	   to newsk.
1240 	 */
1241 	if (np->opt)
1242 		newnp->opt = ipv6_dup_options(newsk, np->opt);
1243 
1244 	inet_csk(newsk)->icsk_ext_hdr_len = 0;
1245 	if (newnp->opt)
1246 		inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1247 						     newnp->opt->opt_flen);
1248 
1249 	tcp_sync_mss(newsk, dst_mtu(dst));
1250 	newtp->advmss = dst_metric_advmss(dst);
1251 	if (tcp_sk(sk)->rx_opt.user_mss &&
1252 	    tcp_sk(sk)->rx_opt.user_mss < newtp->advmss)
1253 		newtp->advmss = tcp_sk(sk)->rx_opt.user_mss;
1254 
1255 	tcp_initialize_rcv_mss(newsk);
1256 
1257 	newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1258 	newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1259 
1260 #ifdef CONFIG_TCP_MD5SIG
1261 	/* Copy over the MD5 key from the original socket */
1262 	if ((key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr)) != NULL) {
1263 		/* We're using one, so create a matching key
1264 		 * on the newsk structure. If we fail to get
1265 		 * memory, then we end up not copying the key
1266 		 * across. Shucks.
1267 		 */
1268 		tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr,
1269 			       AF_INET6, key->key, key->keylen,
1270 			       sk_gfp_atomic(sk, GFP_ATOMIC));
1271 	}
1272 #endif
1273 
1274 	if (__inet_inherit_port(sk, newsk) < 0) {
1275 		inet_csk_prepare_forced_close(newsk);
1276 		tcp_done(newsk);
1277 		goto out;
1278 	}
1279 	__inet6_hash(newsk, NULL);
1280 
1281 	return newsk;
1282 
1283 out_overflow:
1284 	NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1285 out_nonewsk:
1286 	dst_release(dst);
1287 out:
1288 	NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1289 	return NULL;
1290 }
1291 
1292 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1293 {
1294 	if (skb->ip_summed == CHECKSUM_COMPLETE) {
1295 		if (!tcp_v6_check(skb->len, &ipv6_hdr(skb)->saddr,
1296 				  &ipv6_hdr(skb)->daddr, skb->csum)) {
1297 			skb->ip_summed = CHECKSUM_UNNECESSARY;
1298 			return 0;
1299 		}
1300 	}
1301 
1302 	skb->csum = ~csum_unfold(tcp_v6_check(skb->len,
1303 					      &ipv6_hdr(skb)->saddr,
1304 					      &ipv6_hdr(skb)->daddr, 0));
1305 
1306 	if (skb->len <= 76) {
1307 		return __skb_checksum_complete(skb);
1308 	}
1309 	return 0;
1310 }
1311 
1312 /* The socket must have it's spinlock held when we get
1313  * here.
1314  *
1315  * We have a potential double-lock case here, so even when
1316  * doing backlog processing we use the BH locking scheme.
1317  * This is because we cannot sleep with the original spinlock
1318  * held.
1319  */
1320 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1321 {
1322 	struct ipv6_pinfo *np = inet6_sk(sk);
1323 	struct tcp_sock *tp;
1324 	struct sk_buff *opt_skb = NULL;
1325 
1326 	/* Imagine: socket is IPv6. IPv4 packet arrives,
1327 	   goes to IPv4 receive handler and backlogged.
1328 	   From backlog it always goes here. Kerboom...
1329 	   Fortunately, tcp_rcv_established and rcv_established
1330 	   handle them correctly, but it is not case with
1331 	   tcp_v6_hnd_req and tcp_v6_send_reset().   --ANK
1332 	 */
1333 
1334 	if (skb->protocol == htons(ETH_P_IP))
1335 		return tcp_v4_do_rcv(sk, skb);
1336 
1337 #ifdef CONFIG_TCP_MD5SIG
1338 	if (tcp_v6_inbound_md5_hash (sk, skb))
1339 		goto discard;
1340 #endif
1341 
1342 	if (sk_filter(sk, skb))
1343 		goto discard;
1344 
1345 	/*
1346 	 *	socket locking is here for SMP purposes as backlog rcv
1347 	 *	is currently called with bh processing disabled.
1348 	 */
1349 
1350 	/* Do Stevens' IPV6_PKTOPTIONS.
1351 
1352 	   Yes, guys, it is the only place in our code, where we
1353 	   may make it not affecting IPv4.
1354 	   The rest of code is protocol independent,
1355 	   and I do not like idea to uglify IPv4.
1356 
1357 	   Actually, all the idea behind IPV6_PKTOPTIONS
1358 	   looks not very well thought. For now we latch
1359 	   options, received in the last packet, enqueued
1360 	   by tcp. Feel free to propose better solution.
1361 					       --ANK (980728)
1362 	 */
1363 	if (np->rxopt.all)
1364 		opt_skb = skb_clone(skb, sk_gfp_atomic(sk, GFP_ATOMIC));
1365 
1366 	if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1367 		struct dst_entry *dst = sk->sk_rx_dst;
1368 
1369 		sock_rps_save_rxhash(sk, skb);
1370 		if (dst) {
1371 			if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
1372 			    dst->ops->check(dst, np->rx_dst_cookie) == NULL) {
1373 				dst_release(dst);
1374 				sk->sk_rx_dst = NULL;
1375 			}
1376 		}
1377 
1378 		tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len);
1379 		if (opt_skb)
1380 			goto ipv6_pktoptions;
1381 		return 0;
1382 	}
1383 
1384 	if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1385 		goto csum_err;
1386 
1387 	if (sk->sk_state == TCP_LISTEN) {
1388 		struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1389 		if (!nsk)
1390 			goto discard;
1391 
1392 		/*
1393 		 * Queue it on the new socket if the new socket is active,
1394 		 * otherwise we just shortcircuit this and continue with
1395 		 * the new socket..
1396 		 */
1397 		if (nsk != sk) {
1398 			sock_rps_save_rxhash(nsk, skb);
1399 			if (tcp_child_process(sk, nsk, skb))
1400 				goto reset;
1401 			if (opt_skb)
1402 				__kfree_skb(opt_skb);
1403 			return 0;
1404 		}
1405 	} else
1406 		sock_rps_save_rxhash(sk, skb);
1407 
1408 	if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1409 		goto reset;
1410 	if (opt_skb)
1411 		goto ipv6_pktoptions;
1412 	return 0;
1413 
1414 reset:
1415 	tcp_v6_send_reset(sk, skb);
1416 discard:
1417 	if (opt_skb)
1418 		__kfree_skb(opt_skb);
1419 	kfree_skb(skb);
1420 	return 0;
1421 csum_err:
1422 	TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_CSUMERRORS);
1423 	TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1424 	goto discard;
1425 
1426 
1427 ipv6_pktoptions:
1428 	/* Do you ask, what is it?
1429 
1430 	   1. skb was enqueued by tcp.
1431 	   2. skb is added to tail of read queue, rather than out of order.
1432 	   3. socket is not in passive state.
1433 	   4. Finally, it really contains options, which user wants to receive.
1434 	 */
1435 	tp = tcp_sk(sk);
1436 	if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1437 	    !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1438 		if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1439 			np->mcast_oif = inet6_iif(opt_skb);
1440 		if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1441 			np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1442 		if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
1443 			np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
1444 		if (np->repflow)
1445 			np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
1446 		if (ipv6_opt_accepted(sk, opt_skb)) {
1447 			skb_set_owner_r(opt_skb, sk);
1448 			opt_skb = xchg(&np->pktoptions, opt_skb);
1449 		} else {
1450 			__kfree_skb(opt_skb);
1451 			opt_skb = xchg(&np->pktoptions, NULL);
1452 		}
1453 	}
1454 
1455 	kfree_skb(opt_skb);
1456 	return 0;
1457 }
1458 
1459 static int tcp_v6_rcv(struct sk_buff *skb)
1460 {
1461 	const struct tcphdr *th;
1462 	const struct ipv6hdr *hdr;
1463 	struct sock *sk;
1464 	int ret;
1465 	struct net *net = dev_net(skb->dev);
1466 
1467 	if (skb->pkt_type != PACKET_HOST)
1468 		goto discard_it;
1469 
1470 	/*
1471 	 *	Count it even if it's bad.
1472 	 */
1473 	TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1474 
1475 	if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1476 		goto discard_it;
1477 
1478 	th = tcp_hdr(skb);
1479 
1480 	if (th->doff < sizeof(struct tcphdr)/4)
1481 		goto bad_packet;
1482 	if (!pskb_may_pull(skb, th->doff*4))
1483 		goto discard_it;
1484 
1485 	if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb))
1486 		goto csum_error;
1487 
1488 	th = tcp_hdr(skb);
1489 	hdr = ipv6_hdr(skb);
1490 	TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1491 	TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1492 				    skb->len - th->doff*4);
1493 	TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1494 	TCP_SKB_CB(skb)->when = 0;
1495 	TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1496 	TCP_SKB_CB(skb)->sacked = 0;
1497 
1498 	sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
1499 	if (!sk)
1500 		goto no_tcp_socket;
1501 
1502 process:
1503 	if (sk->sk_state == TCP_TIME_WAIT)
1504 		goto do_time_wait;
1505 
1506 	if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
1507 		NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
1508 		goto discard_and_relse;
1509 	}
1510 
1511 	if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1512 		goto discard_and_relse;
1513 
1514 	if (sk_filter(sk, skb))
1515 		goto discard_and_relse;
1516 
1517 	sk_mark_napi_id(sk, skb);
1518 	skb->dev = NULL;
1519 
1520 	bh_lock_sock_nested(sk);
1521 	ret = 0;
1522 	if (!sock_owned_by_user(sk)) {
1523 #ifdef CONFIG_NET_DMA
1524 		struct tcp_sock *tp = tcp_sk(sk);
1525 		if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1526 			tp->ucopy.dma_chan = net_dma_find_channel();
1527 		if (tp->ucopy.dma_chan)
1528 			ret = tcp_v6_do_rcv(sk, skb);
1529 		else
1530 #endif
1531 		{
1532 			if (!tcp_prequeue(sk, skb))
1533 				ret = tcp_v6_do_rcv(sk, skb);
1534 		}
1535 	} else if (unlikely(sk_add_backlog(sk, skb,
1536 					   sk->sk_rcvbuf + sk->sk_sndbuf))) {
1537 		bh_unlock_sock(sk);
1538 		NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP);
1539 		goto discard_and_relse;
1540 	}
1541 	bh_unlock_sock(sk);
1542 
1543 	sock_put(sk);
1544 	return ret ? -1 : 0;
1545 
1546 no_tcp_socket:
1547 	if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1548 		goto discard_it;
1549 
1550 	if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1551 csum_error:
1552 		TCP_INC_STATS_BH(net, TCP_MIB_CSUMERRORS);
1553 bad_packet:
1554 		TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1555 	} else {
1556 		tcp_v6_send_reset(NULL, skb);
1557 	}
1558 
1559 discard_it:
1560 	kfree_skb(skb);
1561 	return 0;
1562 
1563 discard_and_relse:
1564 	sock_put(sk);
1565 	goto discard_it;
1566 
1567 do_time_wait:
1568 	if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1569 		inet_twsk_put(inet_twsk(sk));
1570 		goto discard_it;
1571 	}
1572 
1573 	if (skb->len < (th->doff<<2)) {
1574 		inet_twsk_put(inet_twsk(sk));
1575 		goto bad_packet;
1576 	}
1577 	if (tcp_checksum_complete(skb)) {
1578 		inet_twsk_put(inet_twsk(sk));
1579 		goto csum_error;
1580 	}
1581 
1582 	switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1583 	case TCP_TW_SYN:
1584 	{
1585 		struct sock *sk2;
1586 
1587 		sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1588 					    &ipv6_hdr(skb)->saddr, th->source,
1589 					    &ipv6_hdr(skb)->daddr,
1590 					    ntohs(th->dest), inet6_iif(skb));
1591 		if (sk2 != NULL) {
1592 			struct inet_timewait_sock *tw = inet_twsk(sk);
1593 			inet_twsk_deschedule(tw, &tcp_death_row);
1594 			inet_twsk_put(tw);
1595 			sk = sk2;
1596 			goto process;
1597 		}
1598 		/* Fall through to ACK */
1599 	}
1600 	case TCP_TW_ACK:
1601 		tcp_v6_timewait_ack(sk, skb);
1602 		break;
1603 	case TCP_TW_RST:
1604 		goto no_tcp_socket;
1605 	case TCP_TW_SUCCESS:;
1606 	}
1607 	goto discard_it;
1608 }
1609 
1610 static void tcp_v6_early_demux(struct sk_buff *skb)
1611 {
1612 	const struct ipv6hdr *hdr;
1613 	const struct tcphdr *th;
1614 	struct sock *sk;
1615 
1616 	if (skb->pkt_type != PACKET_HOST)
1617 		return;
1618 
1619 	if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1620 		return;
1621 
1622 	hdr = ipv6_hdr(skb);
1623 	th = tcp_hdr(skb);
1624 
1625 	if (th->doff < sizeof(struct tcphdr) / 4)
1626 		return;
1627 
1628 	sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1629 					&hdr->saddr, th->source,
1630 					&hdr->daddr, ntohs(th->dest),
1631 					inet6_iif(skb));
1632 	if (sk) {
1633 		skb->sk = sk;
1634 		skb->destructor = sock_edemux;
1635 		if (sk->sk_state != TCP_TIME_WAIT) {
1636 			struct dst_entry *dst = sk->sk_rx_dst;
1637 
1638 			if (dst)
1639 				dst = dst_check(dst, inet6_sk(sk)->rx_dst_cookie);
1640 			if (dst &&
1641 			    inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
1642 				skb_dst_set_noref(skb, dst);
1643 		}
1644 	}
1645 }
1646 
1647 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1648 	.twsk_obj_size	= sizeof(struct tcp6_timewait_sock),
1649 	.twsk_unique	= tcp_twsk_unique,
1650 	.twsk_destructor= tcp_twsk_destructor,
1651 };
1652 
1653 static const struct inet_connection_sock_af_ops ipv6_specific = {
1654 	.queue_xmit	   = inet6_csk_xmit,
1655 	.send_check	   = tcp_v6_send_check,
1656 	.rebuild_header	   = inet6_sk_rebuild_header,
1657 	.sk_rx_dst_set	   = inet6_sk_rx_dst_set,
1658 	.conn_request	   = tcp_v6_conn_request,
1659 	.syn_recv_sock	   = tcp_v6_syn_recv_sock,
1660 	.net_header_len	   = sizeof(struct ipv6hdr),
1661 	.net_frag_header_len = sizeof(struct frag_hdr),
1662 	.setsockopt	   = ipv6_setsockopt,
1663 	.getsockopt	   = ipv6_getsockopt,
1664 	.addr2sockaddr	   = inet6_csk_addr2sockaddr,
1665 	.sockaddr_len	   = sizeof(struct sockaddr_in6),
1666 	.bind_conflict	   = inet6_csk_bind_conflict,
1667 #ifdef CONFIG_COMPAT
1668 	.compat_setsockopt = compat_ipv6_setsockopt,
1669 	.compat_getsockopt = compat_ipv6_getsockopt,
1670 #endif
1671 };
1672 
1673 #ifdef CONFIG_TCP_MD5SIG
1674 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1675 	.md5_lookup	=	tcp_v6_md5_lookup,
1676 	.calc_md5_hash	=	tcp_v6_md5_hash_skb,
1677 	.md5_parse	=	tcp_v6_parse_md5_keys,
1678 };
1679 #endif
1680 
1681 /*
1682  *	TCP over IPv4 via INET6 API
1683  */
1684 
1685 static const struct inet_connection_sock_af_ops ipv6_mapped = {
1686 	.queue_xmit	   = ip_queue_xmit,
1687 	.send_check	   = tcp_v4_send_check,
1688 	.rebuild_header	   = inet_sk_rebuild_header,
1689 	.sk_rx_dst_set	   = inet_sk_rx_dst_set,
1690 	.conn_request	   = tcp_v6_conn_request,
1691 	.syn_recv_sock	   = tcp_v6_syn_recv_sock,
1692 	.net_header_len	   = sizeof(struct iphdr),
1693 	.setsockopt	   = ipv6_setsockopt,
1694 	.getsockopt	   = ipv6_getsockopt,
1695 	.addr2sockaddr	   = inet6_csk_addr2sockaddr,
1696 	.sockaddr_len	   = sizeof(struct sockaddr_in6),
1697 	.bind_conflict	   = inet6_csk_bind_conflict,
1698 #ifdef CONFIG_COMPAT
1699 	.compat_setsockopt = compat_ipv6_setsockopt,
1700 	.compat_getsockopt = compat_ipv6_getsockopt,
1701 #endif
1702 };
1703 
1704 #ifdef CONFIG_TCP_MD5SIG
1705 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1706 	.md5_lookup	=	tcp_v4_md5_lookup,
1707 	.calc_md5_hash	=	tcp_v4_md5_hash_skb,
1708 	.md5_parse	=	tcp_v6_parse_md5_keys,
1709 };
1710 #endif
1711 
1712 /* NOTE: A lot of things set to zero explicitly by call to
1713  *       sk_alloc() so need not be done here.
1714  */
1715 static int tcp_v6_init_sock(struct sock *sk)
1716 {
1717 	struct inet_connection_sock *icsk = inet_csk(sk);
1718 
1719 	tcp_init_sock(sk);
1720 
1721 	icsk->icsk_af_ops = &ipv6_specific;
1722 
1723 #ifdef CONFIG_TCP_MD5SIG
1724 	tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
1725 #endif
1726 
1727 	return 0;
1728 }
1729 
1730 static void tcp_v6_destroy_sock(struct sock *sk)
1731 {
1732 	tcp_v4_destroy_sock(sk);
1733 	inet6_destroy_sock(sk);
1734 }
1735 
1736 #ifdef CONFIG_PROC_FS
1737 /* Proc filesystem TCPv6 sock list dumping. */
1738 static void get_openreq6(struct seq_file *seq,
1739 			 const struct sock *sk, struct request_sock *req, int i, kuid_t uid)
1740 {
1741 	int ttd = req->expires - jiffies;
1742 	const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
1743 	const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
1744 
1745 	if (ttd < 0)
1746 		ttd = 0;
1747 
1748 	seq_printf(seq,
1749 		   "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1750 		   "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
1751 		   i,
1752 		   src->s6_addr32[0], src->s6_addr32[1],
1753 		   src->s6_addr32[2], src->s6_addr32[3],
1754 		   inet_rsk(req)->ir_num,
1755 		   dest->s6_addr32[0], dest->s6_addr32[1],
1756 		   dest->s6_addr32[2], dest->s6_addr32[3],
1757 		   ntohs(inet_rsk(req)->ir_rmt_port),
1758 		   TCP_SYN_RECV,
1759 		   0, 0, /* could print option size, but that is af dependent. */
1760 		   1,   /* timers active (only the expire timer) */
1761 		   jiffies_to_clock_t(ttd),
1762 		   req->num_timeout,
1763 		   from_kuid_munged(seq_user_ns(seq), uid),
1764 		   0,  /* non standard timer */
1765 		   0, /* open_requests have no inode */
1766 		   0, req);
1767 }
1768 
1769 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1770 {
1771 	const struct in6_addr *dest, *src;
1772 	__u16 destp, srcp;
1773 	int timer_active;
1774 	unsigned long timer_expires;
1775 	const struct inet_sock *inet = inet_sk(sp);
1776 	const struct tcp_sock *tp = tcp_sk(sp);
1777 	const struct inet_connection_sock *icsk = inet_csk(sp);
1778 
1779 	dest  = &sp->sk_v6_daddr;
1780 	src   = &sp->sk_v6_rcv_saddr;
1781 	destp = ntohs(inet->inet_dport);
1782 	srcp  = ntohs(inet->inet_sport);
1783 
1784 	if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1785 		timer_active	= 1;
1786 		timer_expires	= icsk->icsk_timeout;
1787 	} else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1788 		timer_active	= 4;
1789 		timer_expires	= icsk->icsk_timeout;
1790 	} else if (timer_pending(&sp->sk_timer)) {
1791 		timer_active	= 2;
1792 		timer_expires	= sp->sk_timer.expires;
1793 	} else {
1794 		timer_active	= 0;
1795 		timer_expires = jiffies;
1796 	}
1797 
1798 	seq_printf(seq,
1799 		   "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1800 		   "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
1801 		   i,
1802 		   src->s6_addr32[0], src->s6_addr32[1],
1803 		   src->s6_addr32[2], src->s6_addr32[3], srcp,
1804 		   dest->s6_addr32[0], dest->s6_addr32[1],
1805 		   dest->s6_addr32[2], dest->s6_addr32[3], destp,
1806 		   sp->sk_state,
1807 		   tp->write_seq-tp->snd_una,
1808 		   (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
1809 		   timer_active,
1810 		   jiffies_delta_to_clock_t(timer_expires - jiffies),
1811 		   icsk->icsk_retransmits,
1812 		   from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
1813 		   icsk->icsk_probes_out,
1814 		   sock_i_ino(sp),
1815 		   atomic_read(&sp->sk_refcnt), sp,
1816 		   jiffies_to_clock_t(icsk->icsk_rto),
1817 		   jiffies_to_clock_t(icsk->icsk_ack.ato),
1818 		   (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
1819 		   tp->snd_cwnd,
1820 		   tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh
1821 		   );
1822 }
1823 
1824 static void get_timewait6_sock(struct seq_file *seq,
1825 			       struct inet_timewait_sock *tw, int i)
1826 {
1827 	const struct in6_addr *dest, *src;
1828 	__u16 destp, srcp;
1829 	s32 delta = tw->tw_ttd - inet_tw_time_stamp();
1830 
1831 	dest = &tw->tw_v6_daddr;
1832 	src  = &tw->tw_v6_rcv_saddr;
1833 	destp = ntohs(tw->tw_dport);
1834 	srcp  = ntohs(tw->tw_sport);
1835 
1836 	seq_printf(seq,
1837 		   "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1838 		   "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1839 		   i,
1840 		   src->s6_addr32[0], src->s6_addr32[1],
1841 		   src->s6_addr32[2], src->s6_addr32[3], srcp,
1842 		   dest->s6_addr32[0], dest->s6_addr32[1],
1843 		   dest->s6_addr32[2], dest->s6_addr32[3], destp,
1844 		   tw->tw_substate, 0, 0,
1845 		   3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
1846 		   atomic_read(&tw->tw_refcnt), tw);
1847 }
1848 
1849 static int tcp6_seq_show(struct seq_file *seq, void *v)
1850 {
1851 	struct tcp_iter_state *st;
1852 	struct sock *sk = v;
1853 
1854 	if (v == SEQ_START_TOKEN) {
1855 		seq_puts(seq,
1856 			 "  sl  "
1857 			 "local_address                         "
1858 			 "remote_address                        "
1859 			 "st tx_queue rx_queue tr tm->when retrnsmt"
1860 			 "   uid  timeout inode\n");
1861 		goto out;
1862 	}
1863 	st = seq->private;
1864 
1865 	switch (st->state) {
1866 	case TCP_SEQ_STATE_LISTENING:
1867 	case TCP_SEQ_STATE_ESTABLISHED:
1868 		if (sk->sk_state == TCP_TIME_WAIT)
1869 			get_timewait6_sock(seq, v, st->num);
1870 		else
1871 			get_tcp6_sock(seq, v, st->num);
1872 		break;
1873 	case TCP_SEQ_STATE_OPENREQ:
1874 		get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
1875 		break;
1876 	}
1877 out:
1878 	return 0;
1879 }
1880 
1881 static const struct file_operations tcp6_afinfo_seq_fops = {
1882 	.owner   = THIS_MODULE,
1883 	.open    = tcp_seq_open,
1884 	.read    = seq_read,
1885 	.llseek  = seq_lseek,
1886 	.release = seq_release_net
1887 };
1888 
1889 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1890 	.name		= "tcp6",
1891 	.family		= AF_INET6,
1892 	.seq_fops	= &tcp6_afinfo_seq_fops,
1893 	.seq_ops	= {
1894 		.show		= tcp6_seq_show,
1895 	},
1896 };
1897 
1898 int __net_init tcp6_proc_init(struct net *net)
1899 {
1900 	return tcp_proc_register(net, &tcp6_seq_afinfo);
1901 }
1902 
1903 void tcp6_proc_exit(struct net *net)
1904 {
1905 	tcp_proc_unregister(net, &tcp6_seq_afinfo);
1906 }
1907 #endif
1908 
1909 static void tcp_v6_clear_sk(struct sock *sk, int size)
1910 {
1911 	struct inet_sock *inet = inet_sk(sk);
1912 
1913 	/* we do not want to clear pinet6 field, because of RCU lookups */
1914 	sk_prot_clear_nulls(sk, offsetof(struct inet_sock, pinet6));
1915 
1916 	size -= offsetof(struct inet_sock, pinet6) + sizeof(inet->pinet6);
1917 	memset(&inet->pinet6 + 1, 0, size);
1918 }
1919 
1920 struct proto tcpv6_prot = {
1921 	.name			= "TCPv6",
1922 	.owner			= THIS_MODULE,
1923 	.close			= tcp_close,
1924 	.connect		= tcp_v6_connect,
1925 	.disconnect		= tcp_disconnect,
1926 	.accept			= inet_csk_accept,
1927 	.ioctl			= tcp_ioctl,
1928 	.init			= tcp_v6_init_sock,
1929 	.destroy		= tcp_v6_destroy_sock,
1930 	.shutdown		= tcp_shutdown,
1931 	.setsockopt		= tcp_setsockopt,
1932 	.getsockopt		= tcp_getsockopt,
1933 	.recvmsg		= tcp_recvmsg,
1934 	.sendmsg		= tcp_sendmsg,
1935 	.sendpage		= tcp_sendpage,
1936 	.backlog_rcv		= tcp_v6_do_rcv,
1937 	.release_cb		= tcp_release_cb,
1938 	.mtu_reduced		= tcp_v6_mtu_reduced,
1939 	.hash			= tcp_v6_hash,
1940 	.unhash			= inet_unhash,
1941 	.get_port		= inet_csk_get_port,
1942 	.enter_memory_pressure	= tcp_enter_memory_pressure,
1943 	.stream_memory_free	= tcp_stream_memory_free,
1944 	.sockets_allocated	= &tcp_sockets_allocated,
1945 	.memory_allocated	= &tcp_memory_allocated,
1946 	.memory_pressure	= &tcp_memory_pressure,
1947 	.orphan_count		= &tcp_orphan_count,
1948 	.sysctl_mem		= sysctl_tcp_mem,
1949 	.sysctl_wmem		= sysctl_tcp_wmem,
1950 	.sysctl_rmem		= sysctl_tcp_rmem,
1951 	.max_header		= MAX_TCP_HEADER,
1952 	.obj_size		= sizeof(struct tcp6_sock),
1953 	.slab_flags		= SLAB_DESTROY_BY_RCU,
1954 	.twsk_prot		= &tcp6_timewait_sock_ops,
1955 	.rsk_prot		= &tcp6_request_sock_ops,
1956 	.h.hashinfo		= &tcp_hashinfo,
1957 	.no_autobind		= true,
1958 #ifdef CONFIG_COMPAT
1959 	.compat_setsockopt	= compat_tcp_setsockopt,
1960 	.compat_getsockopt	= compat_tcp_getsockopt,
1961 #endif
1962 #ifdef CONFIG_MEMCG_KMEM
1963 	.proto_cgroup		= tcp_proto_cgroup,
1964 #endif
1965 	.clear_sk		= tcp_v6_clear_sk,
1966 };
1967 
1968 static const struct inet6_protocol tcpv6_protocol = {
1969 	.early_demux	=	tcp_v6_early_demux,
1970 	.handler	=	tcp_v6_rcv,
1971 	.err_handler	=	tcp_v6_err,
1972 	.flags		=	INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1973 };
1974 
1975 static struct inet_protosw tcpv6_protosw = {
1976 	.type		=	SOCK_STREAM,
1977 	.protocol	=	IPPROTO_TCP,
1978 	.prot		=	&tcpv6_prot,
1979 	.ops		=	&inet6_stream_ops,
1980 	.no_check	=	0,
1981 	.flags		=	INET_PROTOSW_PERMANENT |
1982 				INET_PROTOSW_ICSK,
1983 };
1984 
1985 static int __net_init tcpv6_net_init(struct net *net)
1986 {
1987 	return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
1988 				    SOCK_RAW, IPPROTO_TCP, net);
1989 }
1990 
1991 static void __net_exit tcpv6_net_exit(struct net *net)
1992 {
1993 	inet_ctl_sock_destroy(net->ipv6.tcp_sk);
1994 }
1995 
1996 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
1997 {
1998 	inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET6);
1999 }
2000 
2001 static struct pernet_operations tcpv6_net_ops = {
2002 	.init	    = tcpv6_net_init,
2003 	.exit	    = tcpv6_net_exit,
2004 	.exit_batch = tcpv6_net_exit_batch,
2005 };
2006 
2007 int __init tcpv6_init(void)
2008 {
2009 	int ret;
2010 
2011 	ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2012 	if (ret)
2013 		goto out;
2014 
2015 	/* register inet6 protocol */
2016 	ret = inet6_register_protosw(&tcpv6_protosw);
2017 	if (ret)
2018 		goto out_tcpv6_protocol;
2019 
2020 	ret = register_pernet_subsys(&tcpv6_net_ops);
2021 	if (ret)
2022 		goto out_tcpv6_protosw;
2023 out:
2024 	return ret;
2025 
2026 out_tcpv6_protosw:
2027 	inet6_unregister_protosw(&tcpv6_protosw);
2028 out_tcpv6_protocol:
2029 	inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2030 	goto out;
2031 }
2032 
2033 void tcpv6_exit(void)
2034 {
2035 	unregister_pernet_subsys(&tcpv6_net_ops);
2036 	inet6_unregister_protosw(&tcpv6_protosw);
2037 	inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2038 }
2039