xref: /openbmc/linux/net/ipv6/tcp_ipv6.c (revision c21b37f6)
1 /*
2  *	TCP over IPv6
3  *	Linux INET6 implementation
4  *
5  *	Authors:
6  *	Pedro Roque		<roque@di.fc.ul.pt>
7  *
8  *	$Id: tcp_ipv6.c,v 1.144 2002/02/01 22:01:04 davem Exp $
9  *
10  *	Based on:
11  *	linux/net/ipv4/tcp.c
12  *	linux/net/ipv4/tcp_input.c
13  *	linux/net/ipv4/tcp_output.c
14  *
15  *	Fixes:
16  *	Hideaki YOSHIFUJI	:	sin6_scope_id support
17  *	YOSHIFUJI Hideaki @USAGI and:	Support IPV6_V6ONLY socket option, which
18  *	Alexey Kuznetsov		allow both IPv4 and IPv6 sockets to bind
19  *					a single port at the same time.
20  *	YOSHIFUJI Hideaki @USAGI:	convert /proc/net/tcp6 to seq_file.
21  *
22  *	This program is free software; you can redistribute it and/or
23  *      modify it under the terms of the GNU General Public License
24  *      as published by the Free Software Foundation; either version
25  *      2 of the License, or (at your option) any later version.
26  */
27 
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/net.h>
34 #include <linux/jiffies.h>
35 #include <linux/in.h>
36 #include <linux/in6.h>
37 #include <linux/netdevice.h>
38 #include <linux/init.h>
39 #include <linux/jhash.h>
40 #include <linux/ipsec.h>
41 #include <linux/times.h>
42 
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
46 
47 #include <net/tcp.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
51 #include <net/ipv6.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
58 #include <net/xfrm.h>
59 #include <net/addrconf.h>
60 #include <net/snmp.h>
61 #include <net/dsfield.h>
62 #include <net/timewait_sock.h>
63 
64 #include <asm/uaccess.h>
65 
66 #include <linux/proc_fs.h>
67 #include <linux/seq_file.h>
68 
69 #include <linux/crypto.h>
70 #include <linux/scatterlist.h>
71 
72 /* Socket used for sending RSTs and ACKs */
73 static struct socket *tcp6_socket;
74 
75 static void	tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
76 static void	tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req);
77 static void	tcp_v6_send_check(struct sock *sk, int len,
78 				  struct sk_buff *skb);
79 
80 static int	tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
81 
82 static struct inet_connection_sock_af_ops ipv6_mapped;
83 static struct inet_connection_sock_af_ops ipv6_specific;
84 #ifdef CONFIG_TCP_MD5SIG
85 static struct tcp_sock_af_ops tcp_sock_ipv6_specific;
86 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
87 #endif
88 
89 static int tcp_v6_get_port(struct sock *sk, unsigned short snum)
90 {
91 	return inet_csk_get_port(&tcp_hashinfo, sk, snum,
92 				 inet6_csk_bind_conflict);
93 }
94 
95 static void tcp_v6_hash(struct sock *sk)
96 {
97 	if (sk->sk_state != TCP_CLOSE) {
98 		if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
99 			tcp_prot.hash(sk);
100 			return;
101 		}
102 		local_bh_disable();
103 		__inet6_hash(&tcp_hashinfo, sk);
104 		local_bh_enable();
105 	}
106 }
107 
108 static __inline__ __sum16 tcp_v6_check(struct tcphdr *th, int len,
109 				   struct in6_addr *saddr,
110 				   struct in6_addr *daddr,
111 				   __wsum base)
112 {
113 	return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
114 }
115 
116 static __u32 tcp_v6_init_sequence(struct sk_buff *skb)
117 {
118 	return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
119 					    ipv6_hdr(skb)->saddr.s6_addr32,
120 					    tcp_hdr(skb)->dest,
121 					    tcp_hdr(skb)->source);
122 }
123 
124 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
125 			  int addr_len)
126 {
127 	struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
128 	struct inet_sock *inet = inet_sk(sk);
129 	struct inet_connection_sock *icsk = inet_csk(sk);
130 	struct ipv6_pinfo *np = inet6_sk(sk);
131 	struct tcp_sock *tp = tcp_sk(sk);
132 	struct in6_addr *saddr = NULL, *final_p = NULL, final;
133 	struct flowi fl;
134 	struct dst_entry *dst;
135 	int addr_type;
136 	int err;
137 
138 	if (addr_len < SIN6_LEN_RFC2133)
139 		return -EINVAL;
140 
141 	if (usin->sin6_family != AF_INET6)
142 		return(-EAFNOSUPPORT);
143 
144 	memset(&fl, 0, sizeof(fl));
145 
146 	if (np->sndflow) {
147 		fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
148 		IP6_ECN_flow_init(fl.fl6_flowlabel);
149 		if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
150 			struct ip6_flowlabel *flowlabel;
151 			flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
152 			if (flowlabel == NULL)
153 				return -EINVAL;
154 			ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
155 			fl6_sock_release(flowlabel);
156 		}
157 	}
158 
159 	/*
160 	 *	connect() to INADDR_ANY means loopback (BSD'ism).
161 	 */
162 
163 	if(ipv6_addr_any(&usin->sin6_addr))
164 		usin->sin6_addr.s6_addr[15] = 0x1;
165 
166 	addr_type = ipv6_addr_type(&usin->sin6_addr);
167 
168 	if(addr_type & IPV6_ADDR_MULTICAST)
169 		return -ENETUNREACH;
170 
171 	if (addr_type&IPV6_ADDR_LINKLOCAL) {
172 		if (addr_len >= sizeof(struct sockaddr_in6) &&
173 		    usin->sin6_scope_id) {
174 			/* If interface is set while binding, indices
175 			 * must coincide.
176 			 */
177 			if (sk->sk_bound_dev_if &&
178 			    sk->sk_bound_dev_if != usin->sin6_scope_id)
179 				return -EINVAL;
180 
181 			sk->sk_bound_dev_if = usin->sin6_scope_id;
182 		}
183 
184 		/* Connect to link-local address requires an interface */
185 		if (!sk->sk_bound_dev_if)
186 			return -EINVAL;
187 	}
188 
189 	if (tp->rx_opt.ts_recent_stamp &&
190 	    !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
191 		tp->rx_opt.ts_recent = 0;
192 		tp->rx_opt.ts_recent_stamp = 0;
193 		tp->write_seq = 0;
194 	}
195 
196 	ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
197 	np->flow_label = fl.fl6_flowlabel;
198 
199 	/*
200 	 *	TCP over IPv4
201 	 */
202 
203 	if (addr_type == IPV6_ADDR_MAPPED) {
204 		u32 exthdrlen = icsk->icsk_ext_hdr_len;
205 		struct sockaddr_in sin;
206 
207 		SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
208 
209 		if (__ipv6_only_sock(sk))
210 			return -ENETUNREACH;
211 
212 		sin.sin_family = AF_INET;
213 		sin.sin_port = usin->sin6_port;
214 		sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
215 
216 		icsk->icsk_af_ops = &ipv6_mapped;
217 		sk->sk_backlog_rcv = tcp_v4_do_rcv;
218 #ifdef CONFIG_TCP_MD5SIG
219 		tp->af_specific = &tcp_sock_ipv6_mapped_specific;
220 #endif
221 
222 		err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
223 
224 		if (err) {
225 			icsk->icsk_ext_hdr_len = exthdrlen;
226 			icsk->icsk_af_ops = &ipv6_specific;
227 			sk->sk_backlog_rcv = tcp_v6_do_rcv;
228 #ifdef CONFIG_TCP_MD5SIG
229 			tp->af_specific = &tcp_sock_ipv6_specific;
230 #endif
231 			goto failure;
232 		} else {
233 			ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF),
234 				      inet->saddr);
235 			ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF),
236 				      inet->rcv_saddr);
237 		}
238 
239 		return err;
240 	}
241 
242 	if (!ipv6_addr_any(&np->rcv_saddr))
243 		saddr = &np->rcv_saddr;
244 
245 	fl.proto = IPPROTO_TCP;
246 	ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
247 	ipv6_addr_copy(&fl.fl6_src,
248 		       (saddr ? saddr : &np->saddr));
249 	fl.oif = sk->sk_bound_dev_if;
250 	fl.fl_ip_dport = usin->sin6_port;
251 	fl.fl_ip_sport = inet->sport;
252 
253 	if (np->opt && np->opt->srcrt) {
254 		struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
255 		ipv6_addr_copy(&final, &fl.fl6_dst);
256 		ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
257 		final_p = &final;
258 	}
259 
260 	security_sk_classify_flow(sk, &fl);
261 
262 	err = ip6_dst_lookup(sk, &dst, &fl);
263 	if (err)
264 		goto failure;
265 	if (final_p)
266 		ipv6_addr_copy(&fl.fl6_dst, final_p);
267 
268 	if ((err = __xfrm_lookup(&dst, &fl, sk, 1)) < 0) {
269 		if (err == -EREMOTE)
270 			err = ip6_dst_blackhole(sk, &dst, &fl);
271 		if (err < 0)
272 			goto failure;
273 	}
274 
275 	if (saddr == NULL) {
276 		saddr = &fl.fl6_src;
277 		ipv6_addr_copy(&np->rcv_saddr, saddr);
278 	}
279 
280 	/* set the source address */
281 	ipv6_addr_copy(&np->saddr, saddr);
282 	inet->rcv_saddr = LOOPBACK4_IPV6;
283 
284 	sk->sk_gso_type = SKB_GSO_TCPV6;
285 	__ip6_dst_store(sk, dst, NULL, NULL);
286 
287 	icsk->icsk_ext_hdr_len = 0;
288 	if (np->opt)
289 		icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
290 					  np->opt->opt_nflen);
291 
292 	tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
293 
294 	inet->dport = usin->sin6_port;
295 
296 	tcp_set_state(sk, TCP_SYN_SENT);
297 	err = inet6_hash_connect(&tcp_death_row, sk);
298 	if (err)
299 		goto late_failure;
300 
301 	if (!tp->write_seq)
302 		tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
303 							     np->daddr.s6_addr32,
304 							     inet->sport,
305 							     inet->dport);
306 
307 	err = tcp_connect(sk);
308 	if (err)
309 		goto late_failure;
310 
311 	return 0;
312 
313 late_failure:
314 	tcp_set_state(sk, TCP_CLOSE);
315 	__sk_dst_reset(sk);
316 failure:
317 	inet->dport = 0;
318 	sk->sk_route_caps = 0;
319 	return err;
320 }
321 
322 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
323 		int type, int code, int offset, __be32 info)
324 {
325 	struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
326 	const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
327 	struct ipv6_pinfo *np;
328 	struct sock *sk;
329 	int err;
330 	struct tcp_sock *tp;
331 	__u32 seq;
332 
333 	sk = inet6_lookup(&tcp_hashinfo, &hdr->daddr, th->dest, &hdr->saddr,
334 			  th->source, skb->dev->ifindex);
335 
336 	if (sk == NULL) {
337 		ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
338 		return;
339 	}
340 
341 	if (sk->sk_state == TCP_TIME_WAIT) {
342 		inet_twsk_put(inet_twsk(sk));
343 		return;
344 	}
345 
346 	bh_lock_sock(sk);
347 	if (sock_owned_by_user(sk))
348 		NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
349 
350 	if (sk->sk_state == TCP_CLOSE)
351 		goto out;
352 
353 	tp = tcp_sk(sk);
354 	seq = ntohl(th->seq);
355 	if (sk->sk_state != TCP_LISTEN &&
356 	    !between(seq, tp->snd_una, tp->snd_nxt)) {
357 		NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
358 		goto out;
359 	}
360 
361 	np = inet6_sk(sk);
362 
363 	if (type == ICMPV6_PKT_TOOBIG) {
364 		struct dst_entry *dst = NULL;
365 
366 		if (sock_owned_by_user(sk))
367 			goto out;
368 		if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
369 			goto out;
370 
371 		/* icmp should have updated the destination cache entry */
372 		dst = __sk_dst_check(sk, np->dst_cookie);
373 
374 		if (dst == NULL) {
375 			struct inet_sock *inet = inet_sk(sk);
376 			struct flowi fl;
377 
378 			/* BUGGG_FUTURE: Again, it is not clear how
379 			   to handle rthdr case. Ignore this complexity
380 			   for now.
381 			 */
382 			memset(&fl, 0, sizeof(fl));
383 			fl.proto = IPPROTO_TCP;
384 			ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
385 			ipv6_addr_copy(&fl.fl6_src, &np->saddr);
386 			fl.oif = sk->sk_bound_dev_if;
387 			fl.fl_ip_dport = inet->dport;
388 			fl.fl_ip_sport = inet->sport;
389 			security_skb_classify_flow(skb, &fl);
390 
391 			if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
392 				sk->sk_err_soft = -err;
393 				goto out;
394 			}
395 
396 			if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
397 				sk->sk_err_soft = -err;
398 				goto out;
399 			}
400 
401 		} else
402 			dst_hold(dst);
403 
404 		if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
405 			tcp_sync_mss(sk, dst_mtu(dst));
406 			tcp_simple_retransmit(sk);
407 		} /* else let the usual retransmit timer handle it */
408 		dst_release(dst);
409 		goto out;
410 	}
411 
412 	icmpv6_err_convert(type, code, &err);
413 
414 	/* Might be for an request_sock */
415 	switch (sk->sk_state) {
416 		struct request_sock *req, **prev;
417 	case TCP_LISTEN:
418 		if (sock_owned_by_user(sk))
419 			goto out;
420 
421 		req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
422 					   &hdr->saddr, inet6_iif(skb));
423 		if (!req)
424 			goto out;
425 
426 		/* ICMPs are not backlogged, hence we cannot get
427 		 * an established socket here.
428 		 */
429 		BUG_TRAP(req->sk == NULL);
430 
431 		if (seq != tcp_rsk(req)->snt_isn) {
432 			NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
433 			goto out;
434 		}
435 
436 		inet_csk_reqsk_queue_drop(sk, req, prev);
437 		goto out;
438 
439 	case TCP_SYN_SENT:
440 	case TCP_SYN_RECV:  /* Cannot happen.
441 			       It can, it SYNs are crossed. --ANK */
442 		if (!sock_owned_by_user(sk)) {
443 			sk->sk_err = err;
444 			sk->sk_error_report(sk);		/* Wake people up to see the error (see connect in sock.c) */
445 
446 			tcp_done(sk);
447 		} else
448 			sk->sk_err_soft = err;
449 		goto out;
450 	}
451 
452 	if (!sock_owned_by_user(sk) && np->recverr) {
453 		sk->sk_err = err;
454 		sk->sk_error_report(sk);
455 	} else
456 		sk->sk_err_soft = err;
457 
458 out:
459 	bh_unlock_sock(sk);
460 	sock_put(sk);
461 }
462 
463 
464 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
465 			      struct dst_entry *dst)
466 {
467 	struct inet6_request_sock *treq = inet6_rsk(req);
468 	struct ipv6_pinfo *np = inet6_sk(sk);
469 	struct sk_buff * skb;
470 	struct ipv6_txoptions *opt = NULL;
471 	struct in6_addr * final_p = NULL, final;
472 	struct flowi fl;
473 	int err = -1;
474 
475 	memset(&fl, 0, sizeof(fl));
476 	fl.proto = IPPROTO_TCP;
477 	ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
478 	ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
479 	fl.fl6_flowlabel = 0;
480 	fl.oif = treq->iif;
481 	fl.fl_ip_dport = inet_rsk(req)->rmt_port;
482 	fl.fl_ip_sport = inet_sk(sk)->sport;
483 	security_req_classify_flow(req, &fl);
484 
485 	if (dst == NULL) {
486 		opt = np->opt;
487 		if (opt && opt->srcrt) {
488 			struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
489 			ipv6_addr_copy(&final, &fl.fl6_dst);
490 			ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
491 			final_p = &final;
492 		}
493 
494 		err = ip6_dst_lookup(sk, &dst, &fl);
495 		if (err)
496 			goto done;
497 		if (final_p)
498 			ipv6_addr_copy(&fl.fl6_dst, final_p);
499 		if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
500 			goto done;
501 	}
502 
503 	skb = tcp_make_synack(sk, dst, req);
504 	if (skb) {
505 		struct tcphdr *th = tcp_hdr(skb);
506 
507 		th->check = tcp_v6_check(th, skb->len,
508 					 &treq->loc_addr, &treq->rmt_addr,
509 					 csum_partial((char *)th, skb->len, skb->csum));
510 
511 		ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
512 		err = ip6_xmit(sk, skb, &fl, opt, 0);
513 		err = net_xmit_eval(err);
514 	}
515 
516 done:
517 	if (opt && opt != np->opt)
518 		sock_kfree_s(sk, opt, opt->tot_len);
519 	dst_release(dst);
520 	return err;
521 }
522 
523 static void tcp_v6_reqsk_destructor(struct request_sock *req)
524 {
525 	if (inet6_rsk(req)->pktopts)
526 		kfree_skb(inet6_rsk(req)->pktopts);
527 }
528 
529 #ifdef CONFIG_TCP_MD5SIG
530 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
531 						   struct in6_addr *addr)
532 {
533 	struct tcp_sock *tp = tcp_sk(sk);
534 	int i;
535 
536 	BUG_ON(tp == NULL);
537 
538 	if (!tp->md5sig_info || !tp->md5sig_info->entries6)
539 		return NULL;
540 
541 	for (i = 0; i < tp->md5sig_info->entries6; i++) {
542 		if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, addr) == 0)
543 			return (struct tcp_md5sig_key *)&tp->md5sig_info->keys6[i];
544 	}
545 	return NULL;
546 }
547 
548 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
549 						struct sock *addr_sk)
550 {
551 	return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
552 }
553 
554 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
555 						      struct request_sock *req)
556 {
557 	return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
558 }
559 
560 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
561 			     char *newkey, u8 newkeylen)
562 {
563 	/* Add key to the list */
564 	struct tcp6_md5sig_key *key;
565 	struct tcp_sock *tp = tcp_sk(sk);
566 	struct tcp6_md5sig_key *keys;
567 
568 	key = (struct tcp6_md5sig_key*) tcp_v6_md5_do_lookup(sk, peer);
569 	if (key) {
570 		/* modify existing entry - just update that one */
571 		kfree(key->key);
572 		key->key = newkey;
573 		key->keylen = newkeylen;
574 	} else {
575 		/* reallocate new list if current one is full. */
576 		if (!tp->md5sig_info) {
577 			tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC);
578 			if (!tp->md5sig_info) {
579 				kfree(newkey);
580 				return -ENOMEM;
581 			}
582 			sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
583 		}
584 		tcp_alloc_md5sig_pool();
585 		if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) {
586 			keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) *
587 				       (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
588 
589 			if (!keys) {
590 				tcp_free_md5sig_pool();
591 				kfree(newkey);
592 				return -ENOMEM;
593 			}
594 
595 			if (tp->md5sig_info->entries6)
596 				memmove(keys, tp->md5sig_info->keys6,
597 					(sizeof (tp->md5sig_info->keys6[0]) *
598 					 tp->md5sig_info->entries6));
599 
600 			kfree(tp->md5sig_info->keys6);
601 			tp->md5sig_info->keys6 = keys;
602 			tp->md5sig_info->alloced6++;
603 		}
604 
605 		ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
606 			       peer);
607 		tp->md5sig_info->keys6[tp->md5sig_info->entries6].key = newkey;
608 		tp->md5sig_info->keys6[tp->md5sig_info->entries6].keylen = newkeylen;
609 
610 		tp->md5sig_info->entries6++;
611 	}
612 	return 0;
613 }
614 
615 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk,
616 			       u8 *newkey, __u8 newkeylen)
617 {
618 	return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr,
619 				 newkey, newkeylen);
620 }
621 
622 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
623 {
624 	struct tcp_sock *tp = tcp_sk(sk);
625 	int i;
626 
627 	for (i = 0; i < tp->md5sig_info->entries6; i++) {
628 		if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, peer) == 0) {
629 			/* Free the key */
630 			kfree(tp->md5sig_info->keys6[i].key);
631 			tp->md5sig_info->entries6--;
632 
633 			if (tp->md5sig_info->entries6 == 0) {
634 				kfree(tp->md5sig_info->keys6);
635 				tp->md5sig_info->keys6 = NULL;
636 				tp->md5sig_info->alloced6 = 0;
637 
638 				tcp_free_md5sig_pool();
639 
640 				return 0;
641 			} else {
642 				/* shrink the database */
643 				if (tp->md5sig_info->entries6 != i)
644 					memmove(&tp->md5sig_info->keys6[i],
645 						&tp->md5sig_info->keys6[i+1],
646 						(tp->md5sig_info->entries6 - i)
647 						* sizeof (tp->md5sig_info->keys6[0]));
648 			}
649 		}
650 	}
651 	return -ENOENT;
652 }
653 
654 static void tcp_v6_clear_md5_list (struct sock *sk)
655 {
656 	struct tcp_sock *tp = tcp_sk(sk);
657 	int i;
658 
659 	if (tp->md5sig_info->entries6) {
660 		for (i = 0; i < tp->md5sig_info->entries6; i++)
661 			kfree(tp->md5sig_info->keys6[i].key);
662 		tp->md5sig_info->entries6 = 0;
663 		tcp_free_md5sig_pool();
664 	}
665 
666 	kfree(tp->md5sig_info->keys6);
667 	tp->md5sig_info->keys6 = NULL;
668 	tp->md5sig_info->alloced6 = 0;
669 
670 	if (tp->md5sig_info->entries4) {
671 		for (i = 0; i < tp->md5sig_info->entries4; i++)
672 			kfree(tp->md5sig_info->keys4[i].key);
673 		tp->md5sig_info->entries4 = 0;
674 		tcp_free_md5sig_pool();
675 	}
676 
677 	kfree(tp->md5sig_info->keys4);
678 	tp->md5sig_info->keys4 = NULL;
679 	tp->md5sig_info->alloced4 = 0;
680 }
681 
682 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
683 				  int optlen)
684 {
685 	struct tcp_md5sig cmd;
686 	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
687 	u8 *newkey;
688 
689 	if (optlen < sizeof(cmd))
690 		return -EINVAL;
691 
692 	if (copy_from_user(&cmd, optval, sizeof(cmd)))
693 		return -EFAULT;
694 
695 	if (sin6->sin6_family != AF_INET6)
696 		return -EINVAL;
697 
698 	if (!cmd.tcpm_keylen) {
699 		if (!tcp_sk(sk)->md5sig_info)
700 			return -ENOENT;
701 		if (ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_MAPPED)
702 			return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
703 		return tcp_v6_md5_do_del(sk, &sin6->sin6_addr);
704 	}
705 
706 	if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
707 		return -EINVAL;
708 
709 	if (!tcp_sk(sk)->md5sig_info) {
710 		struct tcp_sock *tp = tcp_sk(sk);
711 		struct tcp_md5sig_info *p;
712 
713 		p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL);
714 		if (!p)
715 			return -ENOMEM;
716 
717 		tp->md5sig_info = p;
718 		sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
719 	}
720 
721 	newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
722 	if (!newkey)
723 		return -ENOMEM;
724 	if (ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_MAPPED) {
725 		return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3],
726 					 newkey, cmd.tcpm_keylen);
727 	}
728 	return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
729 }
730 
731 static int tcp_v6_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
732 				   struct in6_addr *saddr,
733 				   struct in6_addr *daddr,
734 				   struct tcphdr *th, int protocol,
735 				   int tcplen)
736 {
737 	struct scatterlist sg[4];
738 	__u16 data_len;
739 	int block = 0;
740 	__sum16 cksum;
741 	struct tcp_md5sig_pool *hp;
742 	struct tcp6_pseudohdr *bp;
743 	struct hash_desc *desc;
744 	int err;
745 	unsigned int nbytes = 0;
746 
747 	hp = tcp_get_md5sig_pool();
748 	if (!hp) {
749 		printk(KERN_WARNING "%s(): hash pool not found...\n", __FUNCTION__);
750 		goto clear_hash_noput;
751 	}
752 	bp = &hp->md5_blk.ip6;
753 	desc = &hp->md5_desc;
754 
755 	/* 1. TCP pseudo-header (RFC2460) */
756 	ipv6_addr_copy(&bp->saddr, saddr);
757 	ipv6_addr_copy(&bp->daddr, daddr);
758 	bp->len = htonl(tcplen);
759 	bp->protocol = htonl(protocol);
760 
761 	sg_set_buf(&sg[block++], bp, sizeof(*bp));
762 	nbytes += sizeof(*bp);
763 
764 	/* 2. TCP header, excluding options */
765 	cksum = th->check;
766 	th->check = 0;
767 	sg_set_buf(&sg[block++], th, sizeof(*th));
768 	nbytes += sizeof(*th);
769 
770 	/* 3. TCP segment data (if any) */
771 	data_len = tcplen - (th->doff << 2);
772 	if (data_len > 0) {
773 		u8 *data = (u8 *)th + (th->doff << 2);
774 		sg_set_buf(&sg[block++], data, data_len);
775 		nbytes += data_len;
776 	}
777 
778 	/* 4. shared key */
779 	sg_set_buf(&sg[block++], key->key, key->keylen);
780 	nbytes += key->keylen;
781 
782 	/* Now store the hash into the packet */
783 	err = crypto_hash_init(desc);
784 	if (err) {
785 		printk(KERN_WARNING "%s(): hash_init failed\n", __FUNCTION__);
786 		goto clear_hash;
787 	}
788 	err = crypto_hash_update(desc, sg, nbytes);
789 	if (err) {
790 		printk(KERN_WARNING "%s(): hash_update failed\n", __FUNCTION__);
791 		goto clear_hash;
792 	}
793 	err = crypto_hash_final(desc, md5_hash);
794 	if (err) {
795 		printk(KERN_WARNING "%s(): hash_final failed\n", __FUNCTION__);
796 		goto clear_hash;
797 	}
798 
799 	/* Reset header, and free up the crypto */
800 	tcp_put_md5sig_pool();
801 	th->check = cksum;
802 out:
803 	return 0;
804 clear_hash:
805 	tcp_put_md5sig_pool();
806 clear_hash_noput:
807 	memset(md5_hash, 0, 16);
808 	goto out;
809 }
810 
811 static int tcp_v6_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
812 				struct sock *sk,
813 				struct dst_entry *dst,
814 				struct request_sock *req,
815 				struct tcphdr *th, int protocol,
816 				int tcplen)
817 {
818 	struct in6_addr *saddr, *daddr;
819 
820 	if (sk) {
821 		saddr = &inet6_sk(sk)->saddr;
822 		daddr = &inet6_sk(sk)->daddr;
823 	} else {
824 		saddr = &inet6_rsk(req)->loc_addr;
825 		daddr = &inet6_rsk(req)->rmt_addr;
826 	}
827 	return tcp_v6_do_calc_md5_hash(md5_hash, key,
828 				       saddr, daddr,
829 				       th, protocol, tcplen);
830 }
831 
832 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
833 {
834 	__u8 *hash_location = NULL;
835 	struct tcp_md5sig_key *hash_expected;
836 	struct ipv6hdr *ip6h = ipv6_hdr(skb);
837 	struct tcphdr *th = tcp_hdr(skb);
838 	int length = (th->doff << 2) - sizeof (*th);
839 	int genhash;
840 	u8 *ptr;
841 	u8 newhash[16];
842 
843 	hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
844 
845 	/* If the TCP option is too short, we can short cut */
846 	if (length < TCPOLEN_MD5SIG)
847 		return hash_expected ? 1 : 0;
848 
849 	/* parse options */
850 	ptr = (u8*)(th + 1);
851 	while (length > 0) {
852 		int opcode = *ptr++;
853 		int opsize;
854 
855 		switch(opcode) {
856 		case TCPOPT_EOL:
857 			goto done_opts;
858 		case TCPOPT_NOP:
859 			length--;
860 			continue;
861 		default:
862 			opsize = *ptr++;
863 			if (opsize < 2 || opsize > length)
864 				goto done_opts;
865 			if (opcode == TCPOPT_MD5SIG) {
866 				hash_location = ptr;
867 				goto done_opts;
868 			}
869 		}
870 		ptr += opsize - 2;
871 		length -= opsize;
872 	}
873 
874 done_opts:
875 	/* do we have a hash as expected? */
876 	if (!hash_expected) {
877 		if (!hash_location)
878 			return 0;
879 		if (net_ratelimit()) {
880 			printk(KERN_INFO "MD5 Hash NOT expected but found "
881 			       "(" NIP6_FMT ", %u)->"
882 			       "(" NIP6_FMT ", %u)\n",
883 			       NIP6(ip6h->saddr), ntohs(th->source),
884 			       NIP6(ip6h->daddr), ntohs(th->dest));
885 		}
886 		return 1;
887 	}
888 
889 	if (!hash_location) {
890 		if (net_ratelimit()) {
891 			printk(KERN_INFO "MD5 Hash expected but NOT found "
892 			       "(" NIP6_FMT ", %u)->"
893 			       "(" NIP6_FMT ", %u)\n",
894 			       NIP6(ip6h->saddr), ntohs(th->source),
895 			       NIP6(ip6h->daddr), ntohs(th->dest));
896 		}
897 		return 1;
898 	}
899 
900 	/* check the signature */
901 	genhash = tcp_v6_do_calc_md5_hash(newhash,
902 					  hash_expected,
903 					  &ip6h->saddr, &ip6h->daddr,
904 					  th, sk->sk_protocol,
905 					  skb->len);
906 	if (genhash || memcmp(hash_location, newhash, 16) != 0) {
907 		if (net_ratelimit()) {
908 			printk(KERN_INFO "MD5 Hash %s for "
909 			       "(" NIP6_FMT ", %u)->"
910 			       "(" NIP6_FMT ", %u)\n",
911 			       genhash ? "failed" : "mismatch",
912 			       NIP6(ip6h->saddr), ntohs(th->source),
913 			       NIP6(ip6h->daddr), ntohs(th->dest));
914 		}
915 		return 1;
916 	}
917 	return 0;
918 }
919 #endif
920 
921 static struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
922 	.family		=	AF_INET6,
923 	.obj_size	=	sizeof(struct tcp6_request_sock),
924 	.rtx_syn_ack	=	tcp_v6_send_synack,
925 	.send_ack	=	tcp_v6_reqsk_send_ack,
926 	.destructor	=	tcp_v6_reqsk_destructor,
927 	.send_reset	=	tcp_v6_send_reset
928 };
929 
930 #ifdef CONFIG_TCP_MD5SIG
931 static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
932 	.md5_lookup	=	tcp_v6_reqsk_md5_lookup,
933 };
934 #endif
935 
936 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
937 	.twsk_obj_size	= sizeof(struct tcp6_timewait_sock),
938 	.twsk_unique	= tcp_twsk_unique,
939 	.twsk_destructor= tcp_twsk_destructor,
940 };
941 
942 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb)
943 {
944 	struct ipv6_pinfo *np = inet6_sk(sk);
945 	struct tcphdr *th = tcp_hdr(skb);
946 
947 	if (skb->ip_summed == CHECKSUM_PARTIAL) {
948 		th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,  0);
949 		skb->csum_start = skb_transport_header(skb) - skb->head;
950 		skb->csum_offset = offsetof(struct tcphdr, check);
951 	} else {
952 		th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,
953 					    csum_partial((char *)th, th->doff<<2,
954 							 skb->csum));
955 	}
956 }
957 
958 static int tcp_v6_gso_send_check(struct sk_buff *skb)
959 {
960 	struct ipv6hdr *ipv6h;
961 	struct tcphdr *th;
962 
963 	if (!pskb_may_pull(skb, sizeof(*th)))
964 		return -EINVAL;
965 
966 	ipv6h = ipv6_hdr(skb);
967 	th = tcp_hdr(skb);
968 
969 	th->check = 0;
970 	th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len,
971 				     IPPROTO_TCP, 0);
972 	skb->csum_start = skb_transport_header(skb) - skb->head;
973 	skb->csum_offset = offsetof(struct tcphdr, check);
974 	skb->ip_summed = CHECKSUM_PARTIAL;
975 	return 0;
976 }
977 
978 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
979 {
980 	struct tcphdr *th = tcp_hdr(skb), *t1;
981 	struct sk_buff *buff;
982 	struct flowi fl;
983 	int tot_len = sizeof(*th);
984 #ifdef CONFIG_TCP_MD5SIG
985 	struct tcp_md5sig_key *key;
986 #endif
987 
988 	if (th->rst)
989 		return;
990 
991 	if (!ipv6_unicast_destination(skb))
992 		return;
993 
994 #ifdef CONFIG_TCP_MD5SIG
995 	if (sk)
996 		key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr);
997 	else
998 		key = NULL;
999 
1000 	if (key)
1001 		tot_len += TCPOLEN_MD5SIG_ALIGNED;
1002 #endif
1003 
1004 	/*
1005 	 * We need to grab some memory, and put together an RST,
1006 	 * and then put it into the queue to be sent.
1007 	 */
1008 
1009 	buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1010 			 GFP_ATOMIC);
1011 	if (buff == NULL)
1012 		return;
1013 
1014 	skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1015 
1016 	t1 = (struct tcphdr *) skb_push(buff, tot_len);
1017 
1018 	/* Swap the send and the receive. */
1019 	memset(t1, 0, sizeof(*t1));
1020 	t1->dest = th->source;
1021 	t1->source = th->dest;
1022 	t1->doff = tot_len / 4;
1023 	t1->rst = 1;
1024 
1025 	if(th->ack) {
1026 		t1->seq = th->ack_seq;
1027 	} else {
1028 		t1->ack = 1;
1029 		t1->ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin
1030 				    + skb->len - (th->doff<<2));
1031 	}
1032 
1033 #ifdef CONFIG_TCP_MD5SIG
1034 	if (key) {
1035 		__be32 *opt = (__be32*)(t1 + 1);
1036 		opt[0] = htonl((TCPOPT_NOP << 24) |
1037 			       (TCPOPT_NOP << 16) |
1038 			       (TCPOPT_MD5SIG << 8) |
1039 			       TCPOLEN_MD5SIG);
1040 		tcp_v6_do_calc_md5_hash((__u8 *)&opt[1], key,
1041 					&ipv6_hdr(skb)->daddr,
1042 					&ipv6_hdr(skb)->saddr,
1043 					t1, IPPROTO_TCP, tot_len);
1044 	}
1045 #endif
1046 
1047 	buff->csum = csum_partial((char *)t1, sizeof(*t1), 0);
1048 
1049 	memset(&fl, 0, sizeof(fl));
1050 	ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1051 	ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr);
1052 
1053 	t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1054 				    sizeof(*t1), IPPROTO_TCP,
1055 				    buff->csum);
1056 
1057 	fl.proto = IPPROTO_TCP;
1058 	fl.oif = inet6_iif(skb);
1059 	fl.fl_ip_dport = t1->dest;
1060 	fl.fl_ip_sport = t1->source;
1061 	security_skb_classify_flow(skb, &fl);
1062 
1063 	/* sk = NULL, but it is safe for now. RST socket required. */
1064 	if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
1065 
1066 		if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1067 			ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
1068 			TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1069 			TCP_INC_STATS_BH(TCP_MIB_OUTRSTS);
1070 			return;
1071 		}
1072 	}
1073 
1074 	kfree_skb(buff);
1075 }
1076 
1077 static void tcp_v6_send_ack(struct tcp_timewait_sock *tw,
1078 			    struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts)
1079 {
1080 	struct tcphdr *th = tcp_hdr(skb), *t1;
1081 	struct sk_buff *buff;
1082 	struct flowi fl;
1083 	int tot_len = sizeof(struct tcphdr);
1084 	__be32 *topt;
1085 #ifdef CONFIG_TCP_MD5SIG
1086 	struct tcp_md5sig_key *key;
1087 	struct tcp_md5sig_key tw_key;
1088 #endif
1089 
1090 #ifdef CONFIG_TCP_MD5SIG
1091 	if (!tw && skb->sk) {
1092 		key = tcp_v6_md5_do_lookup(skb->sk, &ipv6_hdr(skb)->daddr);
1093 	} else if (tw && tw->tw_md5_keylen) {
1094 		tw_key.key = tw->tw_md5_key;
1095 		tw_key.keylen = tw->tw_md5_keylen;
1096 		key = &tw_key;
1097 	} else {
1098 		key = NULL;
1099 	}
1100 #endif
1101 
1102 	if (ts)
1103 		tot_len += TCPOLEN_TSTAMP_ALIGNED;
1104 #ifdef CONFIG_TCP_MD5SIG
1105 	if (key)
1106 		tot_len += TCPOLEN_MD5SIG_ALIGNED;
1107 #endif
1108 
1109 	buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1110 			 GFP_ATOMIC);
1111 	if (buff == NULL)
1112 		return;
1113 
1114 	skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1115 
1116 	t1 = (struct tcphdr *) skb_push(buff,tot_len);
1117 
1118 	/* Swap the send and the receive. */
1119 	memset(t1, 0, sizeof(*t1));
1120 	t1->dest = th->source;
1121 	t1->source = th->dest;
1122 	t1->doff = tot_len/4;
1123 	t1->seq = htonl(seq);
1124 	t1->ack_seq = htonl(ack);
1125 	t1->ack = 1;
1126 	t1->window = htons(win);
1127 
1128 	topt = (__be32 *)(t1 + 1);
1129 
1130 	if (ts) {
1131 		*topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1132 				(TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
1133 		*topt++ = htonl(tcp_time_stamp);
1134 		*topt = htonl(ts);
1135 	}
1136 
1137 #ifdef CONFIG_TCP_MD5SIG
1138 	if (key) {
1139 		*topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1140 				(TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1141 		tcp_v6_do_calc_md5_hash((__u8 *)topt, key,
1142 					&ipv6_hdr(skb)->daddr,
1143 					&ipv6_hdr(skb)->saddr,
1144 					t1, IPPROTO_TCP, tot_len);
1145 	}
1146 #endif
1147 
1148 	buff->csum = csum_partial((char *)t1, tot_len, 0);
1149 
1150 	memset(&fl, 0, sizeof(fl));
1151 	ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1152 	ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr);
1153 
1154 	t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1155 				    tot_len, IPPROTO_TCP,
1156 				    buff->csum);
1157 
1158 	fl.proto = IPPROTO_TCP;
1159 	fl.oif = inet6_iif(skb);
1160 	fl.fl_ip_dport = t1->dest;
1161 	fl.fl_ip_sport = t1->source;
1162 	security_skb_classify_flow(skb, &fl);
1163 
1164 	if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
1165 		if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1166 			ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
1167 			TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1168 			return;
1169 		}
1170 	}
1171 
1172 	kfree_skb(buff);
1173 }
1174 
1175 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1176 {
1177 	struct inet_timewait_sock *tw = inet_twsk(sk);
1178 	struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1179 
1180 	tcp_v6_send_ack(tcptw, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1181 			tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1182 			tcptw->tw_ts_recent);
1183 
1184 	inet_twsk_put(tw);
1185 }
1186 
1187 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req)
1188 {
1189 	tcp_v6_send_ack(NULL, skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent);
1190 }
1191 
1192 
1193 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1194 {
1195 	struct request_sock *req, **prev;
1196 	const struct tcphdr *th = tcp_hdr(skb);
1197 	struct sock *nsk;
1198 
1199 	/* Find possible connection requests. */
1200 	req = inet6_csk_search_req(sk, &prev, th->source,
1201 				   &ipv6_hdr(skb)->saddr,
1202 				   &ipv6_hdr(skb)->daddr, inet6_iif(skb));
1203 	if (req)
1204 		return tcp_check_req(sk, skb, req, prev);
1205 
1206 	nsk = __inet6_lookup_established(&tcp_hashinfo, &ipv6_hdr(skb)->saddr,
1207 					 th->source, &ipv6_hdr(skb)->daddr,
1208 					 ntohs(th->dest), inet6_iif(skb));
1209 
1210 	if (nsk) {
1211 		if (nsk->sk_state != TCP_TIME_WAIT) {
1212 			bh_lock_sock(nsk);
1213 			return nsk;
1214 		}
1215 		inet_twsk_put(inet_twsk(nsk));
1216 		return NULL;
1217 	}
1218 
1219 #if 0 /*def CONFIG_SYN_COOKIES*/
1220 	if (!th->rst && !th->syn && th->ack)
1221 		sk = cookie_v6_check(sk, skb, &(IPCB(skb)->opt));
1222 #endif
1223 	return sk;
1224 }
1225 
1226 /* FIXME: this is substantially similar to the ipv4 code.
1227  * Can some kind of merge be done? -- erics
1228  */
1229 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1230 {
1231 	struct inet6_request_sock *treq;
1232 	struct ipv6_pinfo *np = inet6_sk(sk);
1233 	struct tcp_options_received tmp_opt;
1234 	struct tcp_sock *tp = tcp_sk(sk);
1235 	struct request_sock *req = NULL;
1236 	__u32 isn = TCP_SKB_CB(skb)->when;
1237 
1238 	if (skb->protocol == htons(ETH_P_IP))
1239 		return tcp_v4_conn_request(sk, skb);
1240 
1241 	if (!ipv6_unicast_destination(skb))
1242 		goto drop;
1243 
1244 	/*
1245 	 *	There are no SYN attacks on IPv6, yet...
1246 	 */
1247 	if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1248 		if (net_ratelimit())
1249 			printk(KERN_INFO "TCPv6: dropping request, synflood is possible\n");
1250 		goto drop;
1251 	}
1252 
1253 	if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1254 		goto drop;
1255 
1256 	req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
1257 	if (req == NULL)
1258 		goto drop;
1259 
1260 #ifdef CONFIG_TCP_MD5SIG
1261 	tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
1262 #endif
1263 
1264 	tcp_clear_options(&tmp_opt);
1265 	tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1266 	tmp_opt.user_mss = tp->rx_opt.user_mss;
1267 
1268 	tcp_parse_options(skb, &tmp_opt, 0);
1269 
1270 	tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1271 	tcp_openreq_init(req, &tmp_opt, skb);
1272 
1273 	treq = inet6_rsk(req);
1274 	ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr);
1275 	ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr);
1276 	TCP_ECN_create_request(req, tcp_hdr(skb));
1277 	treq->pktopts = NULL;
1278 	if (ipv6_opt_accepted(sk, skb) ||
1279 	    np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1280 	    np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1281 		atomic_inc(&skb->users);
1282 		treq->pktopts = skb;
1283 	}
1284 	treq->iif = sk->sk_bound_dev_if;
1285 
1286 	/* So that link locals have meaning */
1287 	if (!sk->sk_bound_dev_if &&
1288 	    ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1289 		treq->iif = inet6_iif(skb);
1290 
1291 	if (isn == 0)
1292 		isn = tcp_v6_init_sequence(skb);
1293 
1294 	tcp_rsk(req)->snt_isn = isn;
1295 
1296 	security_inet_conn_request(sk, skb, req);
1297 
1298 	if (tcp_v6_send_synack(sk, req, NULL))
1299 		goto drop;
1300 
1301 	inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1302 	return 0;
1303 
1304 drop:
1305 	if (req)
1306 		reqsk_free(req);
1307 
1308 	return 0; /* don't send reset */
1309 }
1310 
1311 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1312 					  struct request_sock *req,
1313 					  struct dst_entry *dst)
1314 {
1315 	struct inet6_request_sock *treq = inet6_rsk(req);
1316 	struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1317 	struct tcp6_sock *newtcp6sk;
1318 	struct inet_sock *newinet;
1319 	struct tcp_sock *newtp;
1320 	struct sock *newsk;
1321 	struct ipv6_txoptions *opt;
1322 #ifdef CONFIG_TCP_MD5SIG
1323 	struct tcp_md5sig_key *key;
1324 #endif
1325 
1326 	if (skb->protocol == htons(ETH_P_IP)) {
1327 		/*
1328 		 *	v6 mapped
1329 		 */
1330 
1331 		newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1332 
1333 		if (newsk == NULL)
1334 			return NULL;
1335 
1336 		newtcp6sk = (struct tcp6_sock *)newsk;
1337 		inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1338 
1339 		newinet = inet_sk(newsk);
1340 		newnp = inet6_sk(newsk);
1341 		newtp = tcp_sk(newsk);
1342 
1343 		memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1344 
1345 		ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF),
1346 			      newinet->daddr);
1347 
1348 		ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF),
1349 			      newinet->saddr);
1350 
1351 		ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1352 
1353 		inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1354 		newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1355 #ifdef CONFIG_TCP_MD5SIG
1356 		newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1357 #endif
1358 
1359 		newnp->pktoptions  = NULL;
1360 		newnp->opt	   = NULL;
1361 		newnp->mcast_oif   = inet6_iif(skb);
1362 		newnp->mcast_hops  = ipv6_hdr(skb)->hop_limit;
1363 
1364 		/*
1365 		 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1366 		 * here, tcp_create_openreq_child now does this for us, see the comment in
1367 		 * that function for the gory details. -acme
1368 		 */
1369 
1370 		/* It is tricky place. Until this moment IPv4 tcp
1371 		   worked with IPv6 icsk.icsk_af_ops.
1372 		   Sync it now.
1373 		 */
1374 		tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1375 
1376 		return newsk;
1377 	}
1378 
1379 	opt = np->opt;
1380 
1381 	if (sk_acceptq_is_full(sk))
1382 		goto out_overflow;
1383 
1384 	if (dst == NULL) {
1385 		struct in6_addr *final_p = NULL, final;
1386 		struct flowi fl;
1387 
1388 		memset(&fl, 0, sizeof(fl));
1389 		fl.proto = IPPROTO_TCP;
1390 		ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
1391 		if (opt && opt->srcrt) {
1392 			struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
1393 			ipv6_addr_copy(&final, &fl.fl6_dst);
1394 			ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1395 			final_p = &final;
1396 		}
1397 		ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
1398 		fl.oif = sk->sk_bound_dev_if;
1399 		fl.fl_ip_dport = inet_rsk(req)->rmt_port;
1400 		fl.fl_ip_sport = inet_sk(sk)->sport;
1401 		security_req_classify_flow(req, &fl);
1402 
1403 		if (ip6_dst_lookup(sk, &dst, &fl))
1404 			goto out;
1405 
1406 		if (final_p)
1407 			ipv6_addr_copy(&fl.fl6_dst, final_p);
1408 
1409 		if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
1410 			goto out;
1411 	}
1412 
1413 	newsk = tcp_create_openreq_child(sk, req, skb);
1414 	if (newsk == NULL)
1415 		goto out;
1416 
1417 	/*
1418 	 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1419 	 * count here, tcp_create_openreq_child now does this for us, see the
1420 	 * comment in that function for the gory details. -acme
1421 	 */
1422 
1423 	newsk->sk_gso_type = SKB_GSO_TCPV6;
1424 	__ip6_dst_store(newsk, dst, NULL, NULL);
1425 
1426 	newtcp6sk = (struct tcp6_sock *)newsk;
1427 	inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1428 
1429 	newtp = tcp_sk(newsk);
1430 	newinet = inet_sk(newsk);
1431 	newnp = inet6_sk(newsk);
1432 
1433 	memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1434 
1435 	ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1436 	ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1437 	ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1438 	newsk->sk_bound_dev_if = treq->iif;
1439 
1440 	/* Now IPv6 options...
1441 
1442 	   First: no IPv4 options.
1443 	 */
1444 	newinet->opt = NULL;
1445 	newnp->ipv6_fl_list = NULL;
1446 
1447 	/* Clone RX bits */
1448 	newnp->rxopt.all = np->rxopt.all;
1449 
1450 	/* Clone pktoptions received with SYN */
1451 	newnp->pktoptions = NULL;
1452 	if (treq->pktopts != NULL) {
1453 		newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1454 		kfree_skb(treq->pktopts);
1455 		treq->pktopts = NULL;
1456 		if (newnp->pktoptions)
1457 			skb_set_owner_r(newnp->pktoptions, newsk);
1458 	}
1459 	newnp->opt	  = NULL;
1460 	newnp->mcast_oif  = inet6_iif(skb);
1461 	newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1462 
1463 	/* Clone native IPv6 options from listening socket (if any)
1464 
1465 	   Yes, keeping reference count would be much more clever,
1466 	   but we make one more one thing there: reattach optmem
1467 	   to newsk.
1468 	 */
1469 	if (opt) {
1470 		newnp->opt = ipv6_dup_options(newsk, opt);
1471 		if (opt != np->opt)
1472 			sock_kfree_s(sk, opt, opt->tot_len);
1473 	}
1474 
1475 	inet_csk(newsk)->icsk_ext_hdr_len = 0;
1476 	if (newnp->opt)
1477 		inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1478 						     newnp->opt->opt_flen);
1479 
1480 	tcp_mtup_init(newsk);
1481 	tcp_sync_mss(newsk, dst_mtu(dst));
1482 	newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1483 	tcp_initialize_rcv_mss(newsk);
1484 
1485 	newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
1486 
1487 #ifdef CONFIG_TCP_MD5SIG
1488 	/* Copy over the MD5 key from the original socket */
1489 	if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
1490 		/* We're using one, so create a matching key
1491 		 * on the newsk structure. If we fail to get
1492 		 * memory, then we end up not copying the key
1493 		 * across. Shucks.
1494 		 */
1495 		char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1496 		if (newkey != NULL)
1497 			tcp_v6_md5_do_add(newsk, &inet6_sk(sk)->daddr,
1498 					  newkey, key->keylen);
1499 	}
1500 #endif
1501 
1502 	__inet6_hash(&tcp_hashinfo, newsk);
1503 	inet_inherit_port(&tcp_hashinfo, sk, newsk);
1504 
1505 	return newsk;
1506 
1507 out_overflow:
1508 	NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
1509 out:
1510 	NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
1511 	if (opt && opt != np->opt)
1512 		sock_kfree_s(sk, opt, opt->tot_len);
1513 	dst_release(dst);
1514 	return NULL;
1515 }
1516 
1517 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1518 {
1519 	if (skb->ip_summed == CHECKSUM_COMPLETE) {
1520 		if (!tcp_v6_check(tcp_hdr(skb), skb->len, &ipv6_hdr(skb)->saddr,
1521 				  &ipv6_hdr(skb)->daddr, skb->csum)) {
1522 			skb->ip_summed = CHECKSUM_UNNECESSARY;
1523 			return 0;
1524 		}
1525 	}
1526 
1527 	skb->csum = ~csum_unfold(tcp_v6_check(tcp_hdr(skb), skb->len,
1528 					      &ipv6_hdr(skb)->saddr,
1529 					      &ipv6_hdr(skb)->daddr, 0));
1530 
1531 	if (skb->len <= 76) {
1532 		return __skb_checksum_complete(skb);
1533 	}
1534 	return 0;
1535 }
1536 
1537 /* The socket must have it's spinlock held when we get
1538  * here.
1539  *
1540  * We have a potential double-lock case here, so even when
1541  * doing backlog processing we use the BH locking scheme.
1542  * This is because we cannot sleep with the original spinlock
1543  * held.
1544  */
1545 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1546 {
1547 	struct ipv6_pinfo *np = inet6_sk(sk);
1548 	struct tcp_sock *tp;
1549 	struct sk_buff *opt_skb = NULL;
1550 
1551 	/* Imagine: socket is IPv6. IPv4 packet arrives,
1552 	   goes to IPv4 receive handler and backlogged.
1553 	   From backlog it always goes here. Kerboom...
1554 	   Fortunately, tcp_rcv_established and rcv_established
1555 	   handle them correctly, but it is not case with
1556 	   tcp_v6_hnd_req and tcp_v6_send_reset().   --ANK
1557 	 */
1558 
1559 	if (skb->protocol == htons(ETH_P_IP))
1560 		return tcp_v4_do_rcv(sk, skb);
1561 
1562 #ifdef CONFIG_TCP_MD5SIG
1563 	if (tcp_v6_inbound_md5_hash (sk, skb))
1564 		goto discard;
1565 #endif
1566 
1567 	if (sk_filter(sk, skb))
1568 		goto discard;
1569 
1570 	/*
1571 	 *	socket locking is here for SMP purposes as backlog rcv
1572 	 *	is currently called with bh processing disabled.
1573 	 */
1574 
1575 	/* Do Stevens' IPV6_PKTOPTIONS.
1576 
1577 	   Yes, guys, it is the only place in our code, where we
1578 	   may make it not affecting IPv4.
1579 	   The rest of code is protocol independent,
1580 	   and I do not like idea to uglify IPv4.
1581 
1582 	   Actually, all the idea behind IPV6_PKTOPTIONS
1583 	   looks not very well thought. For now we latch
1584 	   options, received in the last packet, enqueued
1585 	   by tcp. Feel free to propose better solution.
1586 					       --ANK (980728)
1587 	 */
1588 	if (np->rxopt.all)
1589 		opt_skb = skb_clone(skb, GFP_ATOMIC);
1590 
1591 	if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1592 		TCP_CHECK_TIMER(sk);
1593 		if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len))
1594 			goto reset;
1595 		TCP_CHECK_TIMER(sk);
1596 		if (opt_skb)
1597 			goto ipv6_pktoptions;
1598 		return 0;
1599 	}
1600 
1601 	if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1602 		goto csum_err;
1603 
1604 	if (sk->sk_state == TCP_LISTEN) {
1605 		struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1606 		if (!nsk)
1607 			goto discard;
1608 
1609 		/*
1610 		 * Queue it on the new socket if the new socket is active,
1611 		 * otherwise we just shortcircuit this and continue with
1612 		 * the new socket..
1613 		 */
1614 		if(nsk != sk) {
1615 			if (tcp_child_process(sk, nsk, skb))
1616 				goto reset;
1617 			if (opt_skb)
1618 				__kfree_skb(opt_skb);
1619 			return 0;
1620 		}
1621 	}
1622 
1623 	TCP_CHECK_TIMER(sk);
1624 	if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1625 		goto reset;
1626 	TCP_CHECK_TIMER(sk);
1627 	if (opt_skb)
1628 		goto ipv6_pktoptions;
1629 	return 0;
1630 
1631 reset:
1632 	tcp_v6_send_reset(sk, skb);
1633 discard:
1634 	if (opt_skb)
1635 		__kfree_skb(opt_skb);
1636 	kfree_skb(skb);
1637 	return 0;
1638 csum_err:
1639 	TCP_INC_STATS_BH(TCP_MIB_INERRS);
1640 	goto discard;
1641 
1642 
1643 ipv6_pktoptions:
1644 	/* Do you ask, what is it?
1645 
1646 	   1. skb was enqueued by tcp.
1647 	   2. skb is added to tail of read queue, rather than out of order.
1648 	   3. socket is not in passive state.
1649 	   4. Finally, it really contains options, which user wants to receive.
1650 	 */
1651 	tp = tcp_sk(sk);
1652 	if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1653 	    !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1654 		if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1655 			np->mcast_oif = inet6_iif(opt_skb);
1656 		if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1657 			np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1658 		if (ipv6_opt_accepted(sk, opt_skb)) {
1659 			skb_set_owner_r(opt_skb, sk);
1660 			opt_skb = xchg(&np->pktoptions, opt_skb);
1661 		} else {
1662 			__kfree_skb(opt_skb);
1663 			opt_skb = xchg(&np->pktoptions, NULL);
1664 		}
1665 	}
1666 
1667 	if (opt_skb)
1668 		kfree_skb(opt_skb);
1669 	return 0;
1670 }
1671 
1672 static int tcp_v6_rcv(struct sk_buff **pskb)
1673 {
1674 	struct sk_buff *skb = *pskb;
1675 	struct tcphdr *th;
1676 	struct sock *sk;
1677 	int ret;
1678 
1679 	if (skb->pkt_type != PACKET_HOST)
1680 		goto discard_it;
1681 
1682 	/*
1683 	 *	Count it even if it's bad.
1684 	 */
1685 	TCP_INC_STATS_BH(TCP_MIB_INSEGS);
1686 
1687 	if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1688 		goto discard_it;
1689 
1690 	th = tcp_hdr(skb);
1691 
1692 	if (th->doff < sizeof(struct tcphdr)/4)
1693 		goto bad_packet;
1694 	if (!pskb_may_pull(skb, th->doff*4))
1695 		goto discard_it;
1696 
1697 	if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb))
1698 		goto bad_packet;
1699 
1700 	th = tcp_hdr(skb);
1701 	TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1702 	TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1703 				    skb->len - th->doff*4);
1704 	TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1705 	TCP_SKB_CB(skb)->when = 0;
1706 	TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb));
1707 	TCP_SKB_CB(skb)->sacked = 0;
1708 
1709 	sk = __inet6_lookup(&tcp_hashinfo, &ipv6_hdr(skb)->saddr, th->source,
1710 			    &ipv6_hdr(skb)->daddr, ntohs(th->dest),
1711 			    inet6_iif(skb));
1712 
1713 	if (!sk)
1714 		goto no_tcp_socket;
1715 
1716 process:
1717 	if (sk->sk_state == TCP_TIME_WAIT)
1718 		goto do_time_wait;
1719 
1720 	if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1721 		goto discard_and_relse;
1722 
1723 	if (sk_filter(sk, skb))
1724 		goto discard_and_relse;
1725 
1726 	skb->dev = NULL;
1727 
1728 	bh_lock_sock_nested(sk);
1729 	ret = 0;
1730 	if (!sock_owned_by_user(sk)) {
1731 #ifdef CONFIG_NET_DMA
1732 		struct tcp_sock *tp = tcp_sk(sk);
1733 		if (tp->ucopy.dma_chan)
1734 			ret = tcp_v6_do_rcv(sk, skb);
1735 		else
1736 #endif
1737 		{
1738 			if (!tcp_prequeue(sk, skb))
1739 				ret = tcp_v6_do_rcv(sk, skb);
1740 		}
1741 	} else
1742 		sk_add_backlog(sk, skb);
1743 	bh_unlock_sock(sk);
1744 
1745 	sock_put(sk);
1746 	return ret ? -1 : 0;
1747 
1748 no_tcp_socket:
1749 	if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1750 		goto discard_it;
1751 
1752 	if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1753 bad_packet:
1754 		TCP_INC_STATS_BH(TCP_MIB_INERRS);
1755 	} else {
1756 		tcp_v6_send_reset(NULL, skb);
1757 	}
1758 
1759 discard_it:
1760 
1761 	/*
1762 	 *	Discard frame
1763 	 */
1764 
1765 	kfree_skb(skb);
1766 	return 0;
1767 
1768 discard_and_relse:
1769 	sock_put(sk);
1770 	goto discard_it;
1771 
1772 do_time_wait:
1773 	if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1774 		inet_twsk_put(inet_twsk(sk));
1775 		goto discard_it;
1776 	}
1777 
1778 	if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1779 		TCP_INC_STATS_BH(TCP_MIB_INERRS);
1780 		inet_twsk_put(inet_twsk(sk));
1781 		goto discard_it;
1782 	}
1783 
1784 	switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1785 	case TCP_TW_SYN:
1786 	{
1787 		struct sock *sk2;
1788 
1789 		sk2 = inet6_lookup_listener(&tcp_hashinfo,
1790 					    &ipv6_hdr(skb)->daddr,
1791 					    ntohs(th->dest), inet6_iif(skb));
1792 		if (sk2 != NULL) {
1793 			struct inet_timewait_sock *tw = inet_twsk(sk);
1794 			inet_twsk_deschedule(tw, &tcp_death_row);
1795 			inet_twsk_put(tw);
1796 			sk = sk2;
1797 			goto process;
1798 		}
1799 		/* Fall through to ACK */
1800 	}
1801 	case TCP_TW_ACK:
1802 		tcp_v6_timewait_ack(sk, skb);
1803 		break;
1804 	case TCP_TW_RST:
1805 		goto no_tcp_socket;
1806 	case TCP_TW_SUCCESS:;
1807 	}
1808 	goto discard_it;
1809 }
1810 
1811 static int tcp_v6_remember_stamp(struct sock *sk)
1812 {
1813 	/* Alas, not yet... */
1814 	return 0;
1815 }
1816 
1817 static struct inet_connection_sock_af_ops ipv6_specific = {
1818 	.queue_xmit	   = inet6_csk_xmit,
1819 	.send_check	   = tcp_v6_send_check,
1820 	.rebuild_header	   = inet6_sk_rebuild_header,
1821 	.conn_request	   = tcp_v6_conn_request,
1822 	.syn_recv_sock	   = tcp_v6_syn_recv_sock,
1823 	.remember_stamp	   = tcp_v6_remember_stamp,
1824 	.net_header_len	   = sizeof(struct ipv6hdr),
1825 	.setsockopt	   = ipv6_setsockopt,
1826 	.getsockopt	   = ipv6_getsockopt,
1827 	.addr2sockaddr	   = inet6_csk_addr2sockaddr,
1828 	.sockaddr_len	   = sizeof(struct sockaddr_in6),
1829 #ifdef CONFIG_COMPAT
1830 	.compat_setsockopt = compat_ipv6_setsockopt,
1831 	.compat_getsockopt = compat_ipv6_getsockopt,
1832 #endif
1833 };
1834 
1835 #ifdef CONFIG_TCP_MD5SIG
1836 static struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1837 	.md5_lookup	=	tcp_v6_md5_lookup,
1838 	.calc_md5_hash	=	tcp_v6_calc_md5_hash,
1839 	.md5_add	=	tcp_v6_md5_add_func,
1840 	.md5_parse	=	tcp_v6_parse_md5_keys,
1841 };
1842 #endif
1843 
1844 /*
1845  *	TCP over IPv4 via INET6 API
1846  */
1847 
1848 static struct inet_connection_sock_af_ops ipv6_mapped = {
1849 	.queue_xmit	   = ip_queue_xmit,
1850 	.send_check	   = tcp_v4_send_check,
1851 	.rebuild_header	   = inet_sk_rebuild_header,
1852 	.conn_request	   = tcp_v6_conn_request,
1853 	.syn_recv_sock	   = tcp_v6_syn_recv_sock,
1854 	.remember_stamp	   = tcp_v4_remember_stamp,
1855 	.net_header_len	   = sizeof(struct iphdr),
1856 	.setsockopt	   = ipv6_setsockopt,
1857 	.getsockopt	   = ipv6_getsockopt,
1858 	.addr2sockaddr	   = inet6_csk_addr2sockaddr,
1859 	.sockaddr_len	   = sizeof(struct sockaddr_in6),
1860 #ifdef CONFIG_COMPAT
1861 	.compat_setsockopt = compat_ipv6_setsockopt,
1862 	.compat_getsockopt = compat_ipv6_getsockopt,
1863 #endif
1864 };
1865 
1866 #ifdef CONFIG_TCP_MD5SIG
1867 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1868 	.md5_lookup	=	tcp_v4_md5_lookup,
1869 	.calc_md5_hash	=	tcp_v4_calc_md5_hash,
1870 	.md5_add	=	tcp_v6_md5_add_func,
1871 	.md5_parse	=	tcp_v6_parse_md5_keys,
1872 };
1873 #endif
1874 
1875 /* NOTE: A lot of things set to zero explicitly by call to
1876  *       sk_alloc() so need not be done here.
1877  */
1878 static int tcp_v6_init_sock(struct sock *sk)
1879 {
1880 	struct inet_connection_sock *icsk = inet_csk(sk);
1881 	struct tcp_sock *tp = tcp_sk(sk);
1882 
1883 	skb_queue_head_init(&tp->out_of_order_queue);
1884 	tcp_init_xmit_timers(sk);
1885 	tcp_prequeue_init(tp);
1886 
1887 	icsk->icsk_rto = TCP_TIMEOUT_INIT;
1888 	tp->mdev = TCP_TIMEOUT_INIT;
1889 
1890 	/* So many TCP implementations out there (incorrectly) count the
1891 	 * initial SYN frame in their delayed-ACK and congestion control
1892 	 * algorithms that we must have the following bandaid to talk
1893 	 * efficiently to them.  -DaveM
1894 	 */
1895 	tp->snd_cwnd = 2;
1896 
1897 	/* See draft-stevens-tcpca-spec-01 for discussion of the
1898 	 * initialization of these values.
1899 	 */
1900 	tp->snd_ssthresh = 0x7fffffff;
1901 	tp->snd_cwnd_clamp = ~0;
1902 	tp->mss_cache = 536;
1903 
1904 	tp->reordering = sysctl_tcp_reordering;
1905 
1906 	sk->sk_state = TCP_CLOSE;
1907 
1908 	icsk->icsk_af_ops = &ipv6_specific;
1909 	icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1910 	icsk->icsk_sync_mss = tcp_sync_mss;
1911 	sk->sk_write_space = sk_stream_write_space;
1912 	sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1913 
1914 #ifdef CONFIG_TCP_MD5SIG
1915 	tp->af_specific = &tcp_sock_ipv6_specific;
1916 #endif
1917 
1918 	sk->sk_sndbuf = sysctl_tcp_wmem[1];
1919 	sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1920 
1921 	atomic_inc(&tcp_sockets_allocated);
1922 
1923 	return 0;
1924 }
1925 
1926 static int tcp_v6_destroy_sock(struct sock *sk)
1927 {
1928 #ifdef CONFIG_TCP_MD5SIG
1929 	/* Clean up the MD5 key list */
1930 	if (tcp_sk(sk)->md5sig_info)
1931 		tcp_v6_clear_md5_list(sk);
1932 #endif
1933 	tcp_v4_destroy_sock(sk);
1934 	return inet6_destroy_sock(sk);
1935 }
1936 
1937 #ifdef CONFIG_PROC_FS
1938 /* Proc filesystem TCPv6 sock list dumping. */
1939 static void get_openreq6(struct seq_file *seq,
1940 			 struct sock *sk, struct request_sock *req, int i, int uid)
1941 {
1942 	int ttd = req->expires - jiffies;
1943 	struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1944 	struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1945 
1946 	if (ttd < 0)
1947 		ttd = 0;
1948 
1949 	seq_printf(seq,
1950 		   "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1951 		   "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1952 		   i,
1953 		   src->s6_addr32[0], src->s6_addr32[1],
1954 		   src->s6_addr32[2], src->s6_addr32[3],
1955 		   ntohs(inet_sk(sk)->sport),
1956 		   dest->s6_addr32[0], dest->s6_addr32[1],
1957 		   dest->s6_addr32[2], dest->s6_addr32[3],
1958 		   ntohs(inet_rsk(req)->rmt_port),
1959 		   TCP_SYN_RECV,
1960 		   0,0, /* could print option size, but that is af dependent. */
1961 		   1,   /* timers active (only the expire timer) */
1962 		   jiffies_to_clock_t(ttd),
1963 		   req->retrans,
1964 		   uid,
1965 		   0,  /* non standard timer */
1966 		   0, /* open_requests have no inode */
1967 		   0, req);
1968 }
1969 
1970 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1971 {
1972 	struct in6_addr *dest, *src;
1973 	__u16 destp, srcp;
1974 	int timer_active;
1975 	unsigned long timer_expires;
1976 	struct inet_sock *inet = inet_sk(sp);
1977 	struct tcp_sock *tp = tcp_sk(sp);
1978 	const struct inet_connection_sock *icsk = inet_csk(sp);
1979 	struct ipv6_pinfo *np = inet6_sk(sp);
1980 
1981 	dest  = &np->daddr;
1982 	src   = &np->rcv_saddr;
1983 	destp = ntohs(inet->dport);
1984 	srcp  = ntohs(inet->sport);
1985 
1986 	if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1987 		timer_active	= 1;
1988 		timer_expires	= icsk->icsk_timeout;
1989 	} else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1990 		timer_active	= 4;
1991 		timer_expires	= icsk->icsk_timeout;
1992 	} else if (timer_pending(&sp->sk_timer)) {
1993 		timer_active	= 2;
1994 		timer_expires	= sp->sk_timer.expires;
1995 	} else {
1996 		timer_active	= 0;
1997 		timer_expires = jiffies;
1998 	}
1999 
2000 	seq_printf(seq,
2001 		   "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2002 		   "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %u %u %u %u %d\n",
2003 		   i,
2004 		   src->s6_addr32[0], src->s6_addr32[1],
2005 		   src->s6_addr32[2], src->s6_addr32[3], srcp,
2006 		   dest->s6_addr32[0], dest->s6_addr32[1],
2007 		   dest->s6_addr32[2], dest->s6_addr32[3], destp,
2008 		   sp->sk_state,
2009 		   tp->write_seq-tp->snd_una,
2010 		   (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
2011 		   timer_active,
2012 		   jiffies_to_clock_t(timer_expires - jiffies),
2013 		   icsk->icsk_retransmits,
2014 		   sock_i_uid(sp),
2015 		   icsk->icsk_probes_out,
2016 		   sock_i_ino(sp),
2017 		   atomic_read(&sp->sk_refcnt), sp,
2018 		   icsk->icsk_rto,
2019 		   icsk->icsk_ack.ato,
2020 		   (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
2021 		   tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
2022 		   );
2023 }
2024 
2025 static void get_timewait6_sock(struct seq_file *seq,
2026 			       struct inet_timewait_sock *tw, int i)
2027 {
2028 	struct in6_addr *dest, *src;
2029 	__u16 destp, srcp;
2030 	struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
2031 	int ttd = tw->tw_ttd - jiffies;
2032 
2033 	if (ttd < 0)
2034 		ttd = 0;
2035 
2036 	dest = &tw6->tw_v6_daddr;
2037 	src  = &tw6->tw_v6_rcv_saddr;
2038 	destp = ntohs(tw->tw_dport);
2039 	srcp  = ntohs(tw->tw_sport);
2040 
2041 	seq_printf(seq,
2042 		   "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2043 		   "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
2044 		   i,
2045 		   src->s6_addr32[0], src->s6_addr32[1],
2046 		   src->s6_addr32[2], src->s6_addr32[3], srcp,
2047 		   dest->s6_addr32[0], dest->s6_addr32[1],
2048 		   dest->s6_addr32[2], dest->s6_addr32[3], destp,
2049 		   tw->tw_substate, 0, 0,
2050 		   3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2051 		   atomic_read(&tw->tw_refcnt), tw);
2052 }
2053 
2054 static int tcp6_seq_show(struct seq_file *seq, void *v)
2055 {
2056 	struct tcp_iter_state *st;
2057 
2058 	if (v == SEQ_START_TOKEN) {
2059 		seq_puts(seq,
2060 			 "  sl  "
2061 			 "local_address                         "
2062 			 "remote_address                        "
2063 			 "st tx_queue rx_queue tr tm->when retrnsmt"
2064 			 "   uid  timeout inode\n");
2065 		goto out;
2066 	}
2067 	st = seq->private;
2068 
2069 	switch (st->state) {
2070 	case TCP_SEQ_STATE_LISTENING:
2071 	case TCP_SEQ_STATE_ESTABLISHED:
2072 		get_tcp6_sock(seq, v, st->num);
2073 		break;
2074 	case TCP_SEQ_STATE_OPENREQ:
2075 		get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
2076 		break;
2077 	case TCP_SEQ_STATE_TIME_WAIT:
2078 		get_timewait6_sock(seq, v, st->num);
2079 		break;
2080 	}
2081 out:
2082 	return 0;
2083 }
2084 
2085 static struct file_operations tcp6_seq_fops;
2086 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2087 	.owner		= THIS_MODULE,
2088 	.name		= "tcp6",
2089 	.family		= AF_INET6,
2090 	.seq_show	= tcp6_seq_show,
2091 	.seq_fops	= &tcp6_seq_fops,
2092 };
2093 
2094 int __init tcp6_proc_init(void)
2095 {
2096 	return tcp_proc_register(&tcp6_seq_afinfo);
2097 }
2098 
2099 void tcp6_proc_exit(void)
2100 {
2101 	tcp_proc_unregister(&tcp6_seq_afinfo);
2102 }
2103 #endif
2104 
2105 struct proto tcpv6_prot = {
2106 	.name			= "TCPv6",
2107 	.owner			= THIS_MODULE,
2108 	.close			= tcp_close,
2109 	.connect		= tcp_v6_connect,
2110 	.disconnect		= tcp_disconnect,
2111 	.accept			= inet_csk_accept,
2112 	.ioctl			= tcp_ioctl,
2113 	.init			= tcp_v6_init_sock,
2114 	.destroy		= tcp_v6_destroy_sock,
2115 	.shutdown		= tcp_shutdown,
2116 	.setsockopt		= tcp_setsockopt,
2117 	.getsockopt		= tcp_getsockopt,
2118 	.sendmsg		= tcp_sendmsg,
2119 	.recvmsg		= tcp_recvmsg,
2120 	.backlog_rcv		= tcp_v6_do_rcv,
2121 	.hash			= tcp_v6_hash,
2122 	.unhash			= tcp_unhash,
2123 	.get_port		= tcp_v6_get_port,
2124 	.enter_memory_pressure	= tcp_enter_memory_pressure,
2125 	.sockets_allocated	= &tcp_sockets_allocated,
2126 	.memory_allocated	= &tcp_memory_allocated,
2127 	.memory_pressure	= &tcp_memory_pressure,
2128 	.orphan_count		= &tcp_orphan_count,
2129 	.sysctl_mem		= sysctl_tcp_mem,
2130 	.sysctl_wmem		= sysctl_tcp_wmem,
2131 	.sysctl_rmem		= sysctl_tcp_rmem,
2132 	.max_header		= MAX_TCP_HEADER,
2133 	.obj_size		= sizeof(struct tcp6_sock),
2134 	.twsk_prot		= &tcp6_timewait_sock_ops,
2135 	.rsk_prot		= &tcp6_request_sock_ops,
2136 #ifdef CONFIG_COMPAT
2137 	.compat_setsockopt	= compat_tcp_setsockopt,
2138 	.compat_getsockopt	= compat_tcp_getsockopt,
2139 #endif
2140 };
2141 
2142 static struct inet6_protocol tcpv6_protocol = {
2143 	.handler	=	tcp_v6_rcv,
2144 	.err_handler	=	tcp_v6_err,
2145 	.gso_send_check	=	tcp_v6_gso_send_check,
2146 	.gso_segment	=	tcp_tso_segment,
2147 	.flags		=	INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2148 };
2149 
2150 static struct inet_protosw tcpv6_protosw = {
2151 	.type		=	SOCK_STREAM,
2152 	.protocol	=	IPPROTO_TCP,
2153 	.prot		=	&tcpv6_prot,
2154 	.ops		=	&inet6_stream_ops,
2155 	.capability	=	-1,
2156 	.no_check	=	0,
2157 	.flags		=	INET_PROTOSW_PERMANENT |
2158 				INET_PROTOSW_ICSK,
2159 };
2160 
2161 void __init tcpv6_init(void)
2162 {
2163 	/* register inet6 protocol */
2164 	if (inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP) < 0)
2165 		printk(KERN_ERR "tcpv6_init: Could not register protocol\n");
2166 	inet6_register_protosw(&tcpv6_protosw);
2167 
2168 	if (inet_csk_ctl_sock_create(&tcp6_socket, PF_INET6, SOCK_RAW,
2169 				     IPPROTO_TCP) < 0)
2170 		panic("Failed to create the TCPv6 control socket.\n");
2171 }
2172