search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
RT-AC66 3.0.0.4.374.130 core
[tomato.git] / release / src-rt-6.x / linux / linux-2.6 / net / ipv6 / tcp_ipv6.c
blobb2b57ad960736a0b5a121f88e8d3b07a33c38ceb
1 /*
2 * TCP over IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * $Id: tcp_ipv6.c,v 1.144 2002/02/01 22:01:04 davem Exp $
9 *
10 * Based on:
11 * linux/net/ipv4/tcp.c
12 * linux/net/ipv4/tcp_input.c
13 * linux/net/ipv4/tcp_output.c
14 *
15 * Fixes:
16 * Hideaki YOSHIFUJI : sin6_scope_id support
17 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
18 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
19 * a single port at the same time.
20 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
21 *
22 * This program is free software; you can redistribute it and/or
23 * modify it under the terms of the GNU General Public License
24 * as published by the Free Software Foundation; either version
25 * 2 of the License, or (at your option) any later version.
26 */
27
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/net.h>
34 #include <linux/jiffies.h>
35 #include <linux/in.h>
36 #include <linux/in6.h>
37 #include <linux/netdevice.h>
38 #include <linux/init.h>
39 #include <linux/jhash.h>
40 #include <linux/ipsec.h>
41 #include <linux/times.h>
42
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
46
47 #include <net/tcp.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
51 #include <net/ipv6.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
58 #include <net/xfrm.h>
59 #include <net/addrconf.h>
60 #include <net/snmp.h>
61 #include <net/dsfield.h>
62 #include <net/timewait_sock.h>
63
64 #include <asm/uaccess.h>
65
66 #include <linux/proc_fs.h>
67 #include <linux/seq_file.h>
68
69 #include <linux/crypto.h>
70 #include <linux/scatterlist.h>
71
72 /* Socket used for sending RSTs and ACKs */
73 static struct socket *tcp6_socket;
74
75 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
76 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req);
77 static void tcp_v6_send_check(struct sock *sk, int len,
78 struct sk_buff *skb);
79
80 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
81
82 static struct inet_connection_sock_af_ops ipv6_mapped;
83 static struct inet_connection_sock_af_ops ipv6_specific;
84 #ifdef CONFIG_TCP_MD5SIG
85 static struct tcp_sock_af_ops tcp_sock_ipv6_specific;
86 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
87 #endif
88
89 static int tcp_v6_get_port(struct sock *sk, unsigned short snum)
90 {
91 return inet_csk_get_port(&tcp_hashinfo, sk, snum,
92 inet6_csk_bind_conflict);
93 }
94
95 static void tcp_v6_hash(struct sock *sk)
96 {
97 if (sk->sk_state != TCP_CLOSE) {
98 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
99 tcp_prot.hash(sk);
100 return;
101 }
102 local_bh_disable();
103 __inet6_hash(&tcp_hashinfo, sk);
104 local_bh_enable();
105 }
106 }
107
108 static __inline__ __sum16 tcp_v6_check(struct tcphdr *th, int len,
109 struct in6_addr *saddr,
110 struct in6_addr *daddr,
111 __wsum base)
112 {
113 return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
114 }
115
116 static __u32 tcp_v6_init_sequence(struct sk_buff *skb)
117 {
118 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
119 ipv6_hdr(skb)->saddr.s6_addr32,
120 tcp_hdr(skb)->dest,
121 tcp_hdr(skb)->source);
122 }
123
124 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
125 int addr_len)
126 {
127 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
128 struct inet_sock *inet = inet_sk(sk);
129 struct inet_connection_sock *icsk = inet_csk(sk);
130 struct ipv6_pinfo *np = inet6_sk(sk);
131 struct tcp_sock *tp = tcp_sk(sk);
132 struct in6_addr *saddr = NULL, *final_p = NULL, final;
133 struct flowi fl;
134 struct dst_entry *dst;
135 int addr_type;
136 int err;
137
138 if (addr_len < SIN6_LEN_RFC2133)
139 return -EINVAL;
140
141 if (usin->sin6_family != AF_INET6)
142 return(-EAFNOSUPPORT);
143
144 memset(&fl, 0, sizeof(fl));
145
146 if (np->sndflow) {
147 fl.fl6_flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
148 IP6_ECN_flow_init(fl.fl6_flowlabel);
149 if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) {
150 struct ip6_flowlabel *flowlabel;
151 flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
152 if (flowlabel == NULL)
153 return -EINVAL;
154 ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
155 fl6_sock_release(flowlabel);
156 }
157 }
158
159 /*
160 * connect() to INADDR_ANY means loopback (BSD'ism).
161 */
162
163 if(ipv6_addr_any(&usin->sin6_addr))
164 usin->sin6_addr.s6_addr[15] = 0x1;
165
166 addr_type = ipv6_addr_type(&usin->sin6_addr);
167
168 if(addr_type & IPV6_ADDR_MULTICAST)
169 return -ENETUNREACH;
170
171 if (addr_type&IPV6_ADDR_LINKLOCAL) {
172 if (addr_len >= sizeof(struct sockaddr_in6) &&
173 usin->sin6_scope_id) {
174 /* If interface is set while binding, indices
175 * must coincide.
176 */
177 if (sk->sk_bound_dev_if &&
178 sk->sk_bound_dev_if != usin->sin6_scope_id)
179 return -EINVAL;
180
181 sk->sk_bound_dev_if = usin->sin6_scope_id;
182 }
183
184 /* Connect to link-local address requires an interface */
185 if (!sk->sk_bound_dev_if)
186 return -EINVAL;
187 }
188
189 if (tp->rx_opt.ts_recent_stamp &&
190 !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
191 tp->rx_opt.ts_recent = 0;
192 tp->rx_opt.ts_recent_stamp = 0;
193 tp->write_seq = 0;
194 }
195
196 ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
197 np->flow_label = fl.fl6_flowlabel;
198
199 /*
200 * TCP over IPv4
201 */
202
203 if (addr_type == IPV6_ADDR_MAPPED) {
204 u32 exthdrlen = icsk->icsk_ext_hdr_len;
205 struct sockaddr_in sin;
206
207 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
208
209 if (__ipv6_only_sock(sk))
210 return -ENETUNREACH;
211
212 sin.sin_family = AF_INET;
213 sin.sin_port = usin->sin6_port;
214 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
215
216 icsk->icsk_af_ops = &ipv6_mapped;
217 sk->sk_backlog_rcv = tcp_v4_do_rcv;
218 #ifdef CONFIG_TCP_MD5SIG
219 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
220 #endif
221
222 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
223
224 if (err) {
225 icsk->icsk_ext_hdr_len = exthdrlen;
226 icsk->icsk_af_ops = &ipv6_specific;
227 sk->sk_backlog_rcv = tcp_v6_do_rcv;
228 #ifdef CONFIG_TCP_MD5SIG
229 tp->af_specific = &tcp_sock_ipv6_specific;
230 #endif
231 goto failure;
232 } else {
233 ipv6_addr_set_v4mapped(inet->saddr, &np->saddr);
234 ipv6_addr_set_v4mapped(inet->rcv_saddr, &np->rcv_saddr);
235 }
236
237 return err;
238 }
239
240 if (!ipv6_addr_any(&np->rcv_saddr))
241 saddr = &np->rcv_saddr;
242
243 fl.proto = IPPROTO_TCP;
244 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
245 ipv6_addr_copy(&fl.fl6_src,
246 (saddr ? saddr : &np->saddr));
247 fl.oif = sk->sk_bound_dev_if;
248 fl.fl_ip_dport = usin->sin6_port;
249 fl.fl_ip_sport = inet->sport;
250
251 if (np->opt && np->opt->srcrt) {
252 struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
253 ipv6_addr_copy(&final, &fl.fl6_dst);
254 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
255 final_p = &final;
256 }
257
258 security_sk_classify_flow(sk, &fl);
259
260 err = ip6_dst_lookup(sk, &dst, &fl);
261 if (err)
262 goto failure;
263 if (final_p)
264 ipv6_addr_copy(&fl.fl6_dst, final_p);
265
266 if ((err = __xfrm_lookup(&dst, &fl, sk, 1)) < 0) {
267 if (err == -EREMOTE)
268 err = ip6_dst_blackhole(sk, &dst, &fl);
269 if (err < 0)
270 goto failure;
271 }
272
273 if (saddr == NULL) {
274 saddr = &fl.fl6_src;
275 ipv6_addr_copy(&np->rcv_saddr, saddr);
276 }
277
278 /* set the source address */
279 ipv6_addr_copy(&np->saddr, saddr);
280 inet->rcv_saddr = LOOPBACK4_IPV6;
281
282 sk->sk_gso_type = SKB_GSO_TCPV6;
283 __ip6_dst_store(sk, dst, NULL, NULL);
284
285 icsk->icsk_ext_hdr_len = 0;
286 if (np->opt)
287 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
288 np->opt->opt_nflen);
289
290 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
291
292 inet->dport = usin->sin6_port;
293
294 tcp_set_state(sk, TCP_SYN_SENT);
295 err = inet6_hash_connect(&tcp_death_row, sk);
296 if (err)
297 goto late_failure;
298
299 if (!tp->write_seq)
300 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
301 np->daddr.s6_addr32,
302 inet->sport,
303 inet->dport);
304
305 err = tcp_connect(sk);
306 if (err)
307 goto late_failure;
308
309 return 0;
310
311 late_failure:
312 tcp_set_state(sk, TCP_CLOSE);
313 __sk_dst_reset(sk);
314 failure:
315 inet->dport = 0;
316 sk->sk_route_caps = 0;
317 return err;
318 }
319
320 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
321 int type, int code, int offset, __be32 info)
322 {
323 struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data;
324 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
325 struct ipv6_pinfo *np;
326 struct sock *sk;
327 int err;
328 struct tcp_sock *tp;
329 __u32 seq;
330
331 sk = inet6_lookup(&tcp_hashinfo, &hdr->daddr, th->dest, &hdr->saddr,
332 th->source, skb->dev->ifindex);
333
334 if (sk == NULL) {
335 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
336 return;
337 }
338
339 if (sk->sk_state == TCP_TIME_WAIT) {
340 inet_twsk_put(inet_twsk(sk));
341 return;
342 }
343
344 bh_lock_sock(sk);
345 if (sock_owned_by_user(sk))
346 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
347
348 if (sk->sk_state == TCP_CLOSE)
349 goto out;
350
351 tp = tcp_sk(sk);
352 seq = ntohl(th->seq);
353 if (sk->sk_state != TCP_LISTEN &&
354 !between(seq, tp->snd_una, tp->snd_nxt)) {
355 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
356 goto out;
357 }
358
359 np = inet6_sk(sk);
360
361 if (type == ICMPV6_PKT_TOOBIG) {
362 struct dst_entry *dst = NULL;
363
364 if (sock_owned_by_user(sk))
365 goto out;
366 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
367 goto out;
368
369 /* icmp should have updated the destination cache entry */
370 dst = __sk_dst_check(sk, np->dst_cookie);
371
372 if (dst == NULL) {
373 struct inet_sock *inet = inet_sk(sk);
374 struct flowi fl;
375
376 /* BUGGG_FUTURE: Again, it is not clear how
377 to handle rthdr case. Ignore this complexity
378 for now.
379 */
380 memset(&fl, 0, sizeof(fl));
381 fl.proto = IPPROTO_TCP;
382 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
383 ipv6_addr_copy(&fl.fl6_src, &np->saddr);
384 fl.oif = sk->sk_bound_dev_if;
385 fl.fl_ip_dport = inet->dport;
386 fl.fl_ip_sport = inet->sport;
387 security_skb_classify_flow(skb, &fl);
388
389 if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
390 sk->sk_err_soft = -err;
391 goto out;
392 }
393
394 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) {
395 sk->sk_err_soft = -err;
396 goto out;
397 }
398
399 } else
400 dst_hold(dst);
401
402 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
403 tcp_sync_mss(sk, dst_mtu(dst));
404 tcp_simple_retransmit(sk);
405 } /* else let the usual retransmit timer handle it */
406 dst_release(dst);
407 goto out;
408 }
409
410 icmpv6_err_convert(type, code, &err);
411
412 /* Might be for an request_sock */
413 switch (sk->sk_state) {
414 struct request_sock *req, **prev;
415 case TCP_LISTEN:
416 if (sock_owned_by_user(sk))
417 goto out;
418
419 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
420 &hdr->saddr, inet6_iif(skb));
421 if (!req)
422 goto out;
423
424 /* ICMPs are not backlogged, hence we cannot get
425 * an established socket here.
426 */
427 BUG_TRAP(req->sk == NULL);
428
429 if (seq != tcp_rsk(req)->snt_isn) {
430 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
431 goto out;
432 }
433
434 inet_csk_reqsk_queue_drop(sk, req, prev);
435 goto out;
436
437 case TCP_SYN_SENT:
438 case TCP_SYN_RECV: /* Cannot happen.
439 It can, it SYNs are crossed. --ANK */
440 if (!sock_owned_by_user(sk)) {
441 sk->sk_err = err;
442 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
443
444 tcp_done(sk);
445 } else
446 sk->sk_err_soft = err;
447 goto out;
448 }
449
450 if (!sock_owned_by_user(sk) && np->recverr) {
451 sk->sk_err = err;
452 sk->sk_error_report(sk);
453 } else
454 sk->sk_err_soft = err;
455
456 out:
457 bh_unlock_sock(sk);
458 sock_put(sk);
459 }
460
461
462 static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
463 struct dst_entry *dst)
464 {
465 struct inet6_request_sock *treq = inet6_rsk(req);
466 struct ipv6_pinfo *np = inet6_sk(sk);
467 struct sk_buff * skb;
468 struct ipv6_txoptions *opt = NULL;
469 struct in6_addr * final_p = NULL, final;
470 struct flowi fl;
471 int err = -1;
472
473 memset(&fl, 0, sizeof(fl));
474 fl.proto = IPPROTO_TCP;
475 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
476 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
477 fl.fl6_flowlabel = 0;
478 fl.oif = treq->iif;
479 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
480 fl.fl_ip_sport = inet_sk(sk)->sport;
481 security_req_classify_flow(req, &fl);
482
483 if (dst == NULL) {
484 opt = np->opt;
485 if (opt == NULL &&
486 np->rxopt.bits.osrcrt == 2 &&
487 treq->pktopts) {
488 struct sk_buff *pktopts = treq->pktopts;
489 struct inet6_skb_parm *rxopt = IP6CB(pktopts);
490 if (rxopt->srcrt)
491 opt = ipv6_invert_rthdr(sk,
492 (struct ipv6_rt_hdr *)(skb_network_header(pktopts) +
493 rxopt->srcrt));
494 }
495
496 if (opt && opt->srcrt) {
497 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
498 ipv6_addr_copy(&final, &fl.fl6_dst);
499 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
500 final_p = &final;
501 }
502
503 err = ip6_dst_lookup(sk, &dst, &fl);
504 if (err)
505 goto done;
506 if (final_p)
507 ipv6_addr_copy(&fl.fl6_dst, final_p);
508 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
509 goto done;
510 }
511
512 skb = tcp_make_synack(sk, dst, req);
513 if (skb) {
514 struct tcphdr *th = tcp_hdr(skb);
515
516 th->check = tcp_v6_check(th, skb->len,
517 &treq->loc_addr, &treq->rmt_addr,
518 csum_partial((char *)th, skb->len, skb->csum));
519
520 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
521 err = ip6_xmit(sk, skb, &fl, opt, 0);
522 err = net_xmit_eval(err);
523 }
524
525 done:
526 if (opt && opt != np->opt)
527 sock_kfree_s(sk, opt, opt->tot_len);
528 dst_release(dst);
529 return err;
530 }
531
532 static void tcp_v6_reqsk_destructor(struct request_sock *req)
533 {
534 if (inet6_rsk(req)->pktopts)
535 kfree_skb(inet6_rsk(req)->pktopts);
536 }
537
538 #ifdef CONFIG_TCP_MD5SIG
539 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
540 struct in6_addr *addr)
541 {
542 struct tcp_sock *tp = tcp_sk(sk);
543 int i;
544
545 BUG_ON(tp == NULL);
546
547 if (!tp->md5sig_info || !tp->md5sig_info->entries6)
548 return NULL;
549
550 for (i = 0; i < tp->md5sig_info->entries6; i++) {
551 if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, addr) == 0)
552 return &tp->md5sig_info->keys6[i].base;
553 }
554 return NULL;
555 }
556
557 static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
558 struct sock *addr_sk)
559 {
560 return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
561 }
562
563 static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
564 struct request_sock *req)
565 {
566 return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
567 }
568
569 static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
570 char *newkey, u8 newkeylen)
571 {
572 /* Add key to the list */
573 struct tcp6_md5sig_key *key;
574 struct tcp_sock *tp = tcp_sk(sk);
575 struct tcp6_md5sig_key *keys;
576
577 key = (struct tcp6_md5sig_key*) tcp_v6_md5_do_lookup(sk, peer);
578 if (key) {
579 /* modify existing entry - just update that one */
580 kfree(key->base.key);
581 key->base.key = newkey;
582 key->base.keylen = newkeylen;
583 } else {
584 /* reallocate new list if current one is full. */
585 if (!tp->md5sig_info) {
586 tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC);
587 if (!tp->md5sig_info) {
588 kfree(newkey);
589 return -ENOMEM;
590 }
591 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
592 }
593 tcp_alloc_md5sig_pool();
594 if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) {
595 keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) *
596 (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
597
598 if (!keys) {
599 tcp_free_md5sig_pool();
600 kfree(newkey);
601 return -ENOMEM;
602 }
603
604 if (tp->md5sig_info->entries6)
605 memmove(keys, tp->md5sig_info->keys6,
606 (sizeof (tp->md5sig_info->keys6[0]) *
607 tp->md5sig_info->entries6));
608
609 kfree(tp->md5sig_info->keys6);
610 tp->md5sig_info->keys6 = keys;
611 tp->md5sig_info->alloced6++;
612 }
613
614 ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
615 peer);
616 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey;
617 tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen;
618
619 tp->md5sig_info->entries6++;
620 }
621 return 0;
622 }
623
624 static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk,
625 u8 *newkey, __u8 newkeylen)
626 {
627 return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr,
628 newkey, newkeylen);
629 }
630
631 static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
632 {
633 struct tcp_sock *tp = tcp_sk(sk);
634 int i;
635
636 for (i = 0; i < tp->md5sig_info->entries6; i++) {
637 if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, peer) == 0) {
638 /* Free the key */
639 kfree(tp->md5sig_info->keys6[i].base.key);
640 tp->md5sig_info->entries6--;
641
642 if (tp->md5sig_info->entries6 == 0) {
643 kfree(tp->md5sig_info->keys6);
644 tp->md5sig_info->keys6 = NULL;
645 tp->md5sig_info->alloced6 = 0;
646
647 tcp_free_md5sig_pool();
648
649 return 0;
650 } else {
651 /* shrink the database */
652 if (tp->md5sig_info->entries6 != i)
653 memmove(&tp->md5sig_info->keys6[i],
654 &tp->md5sig_info->keys6[i+1],
655 (tp->md5sig_info->entries6 - i)
656 * sizeof (tp->md5sig_info->keys6[0]));
657 }
658 }
659 }
660 return -ENOENT;
661 }
662
663 static void tcp_v6_clear_md5_list (struct sock *sk)
664 {
665 struct tcp_sock *tp = tcp_sk(sk);
666 int i;
667
668 if (tp->md5sig_info->entries6) {
669 for (i = 0; i < tp->md5sig_info->entries6; i++)
670 kfree(tp->md5sig_info->keys6[i].base.key);
671 tp->md5sig_info->entries6 = 0;
672 tcp_free_md5sig_pool();
673 }
674
675 kfree(tp->md5sig_info->keys6);
676 tp->md5sig_info->keys6 = NULL;
677 tp->md5sig_info->alloced6 = 0;
678
679 if (tp->md5sig_info->entries4) {
680 for (i = 0; i < tp->md5sig_info->entries4; i++)
681 kfree(tp->md5sig_info->keys4[i].base.key);
682 tp->md5sig_info->entries4 = 0;
683 tcp_free_md5sig_pool();
684 }
685
686 kfree(tp->md5sig_info->keys4);
687 tp->md5sig_info->keys4 = NULL;
688 tp->md5sig_info->alloced4 = 0;
689 }
690
691 static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
692 int optlen)
693 {
694 struct tcp_md5sig cmd;
695 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
696 u8 *newkey;
697
698 if (optlen < sizeof(cmd))
699 return -EINVAL;
700
701 if (copy_from_user(&cmd, optval, sizeof(cmd)))
702 return -EFAULT;
703
704 if (sin6->sin6_family != AF_INET6)
705 return -EINVAL;
706
707 if (!cmd.tcpm_keylen) {
708 if (!tcp_sk(sk)->md5sig_info)
709 return -ENOENT;
710 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
711 return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
712 return tcp_v6_md5_do_del(sk, &sin6->sin6_addr);
713 }
714
715 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
716 return -EINVAL;
717
718 if (!tcp_sk(sk)->md5sig_info) {
719 struct tcp_sock *tp = tcp_sk(sk);
720 struct tcp_md5sig_info *p;
721
722 p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL);
723 if (!p)
724 return -ENOMEM;
725
726 tp->md5sig_info = p;
727 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
728 }
729
730 newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
731 if (!newkey)
732 return -ENOMEM;
733 if (ipv6_addr_v4mapped(&sin6->sin6_addr)) {
734 return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3],
735 newkey, cmd.tcpm_keylen);
736 }
737 return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
738 }
739
740 static int tcp_v6_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
741 struct in6_addr *saddr,
742 struct in6_addr *daddr,
743 struct tcphdr *th, int protocol,
744 int tcplen)
745 {
746 struct scatterlist sg[4];
747 __u16 data_len;
748 int block = 0;
749 __sum16 cksum;
750 struct tcp_md5sig_pool *hp;
751 struct tcp6_pseudohdr *bp;
752 struct hash_desc *desc;
753 int err;
754 unsigned int nbytes = 0;
755
756 hp = tcp_get_md5sig_pool();
757 if (!hp) {
758 printk(KERN_WARNING "%s(): hash pool not found...\n", __FUNCTION__);
759 goto clear_hash_noput;
760 }
761 bp = &hp->md5_blk.ip6;
762 desc = &hp->md5_desc;
763
764 /* 1. TCP pseudo-header (RFC2460) */
765 ipv6_addr_copy(&bp->saddr, saddr);
766 ipv6_addr_copy(&bp->daddr, daddr);
767 bp->len = htonl(tcplen);
768 bp->protocol = htonl(protocol);
769
770 sg_set_buf(&sg[block++], bp, sizeof(*bp));
771 nbytes += sizeof(*bp);
772
773 /* 2. TCP header, excluding options */
774 cksum = th->check;
775 th->check = 0;
776 sg_set_buf(&sg[block++], th, sizeof(*th));
777 nbytes += sizeof(*th);
778
779 /* 3. TCP segment data (if any) */
780 data_len = tcplen - (th->doff << 2);
781 if (data_len > 0) {
782 u8 *data = (u8 *)th + (th->doff << 2);
783 sg_set_buf(&sg[block++], data, data_len);
784 nbytes += data_len;
785 }
786
787 /* 4. shared key */
788 sg_set_buf(&sg[block++], key->key, key->keylen);
789 nbytes += key->keylen;
790
791 /* Now store the hash into the packet */
792 err = crypto_hash_init(desc);
793 if (err) {
794 printk(KERN_WARNING "%s(): hash_init failed\n", __FUNCTION__);
795 goto clear_hash;
796 }
797 err = crypto_hash_update(desc, sg, nbytes);
798 if (err) {
799 printk(KERN_WARNING "%s(): hash_update failed\n", __FUNCTION__);
800 goto clear_hash;
801 }
802 err = crypto_hash_final(desc, md5_hash);
803 if (err) {
804 printk(KERN_WARNING "%s(): hash_final failed\n", __FUNCTION__);
805 goto clear_hash;
806 }
807
808 /* Reset header, and free up the crypto */
809 tcp_put_md5sig_pool();
810 th->check = cksum;
811 out:
812 return 0;
813 clear_hash:
814 tcp_put_md5sig_pool();
815 clear_hash_noput:
816 memset(md5_hash, 0, 16);
817 goto out;
818 }
819
820 static int tcp_v6_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
821 struct sock *sk,
822 struct dst_entry *dst,
823 struct request_sock *req,
824 struct tcphdr *th, int protocol,
825 int tcplen)
826 {
827 struct in6_addr *saddr, *daddr;
828
829 if (sk) {
830 saddr = &inet6_sk(sk)->saddr;
831 daddr = &inet6_sk(sk)->daddr;
832 } else {
833 saddr = &inet6_rsk(req)->loc_addr;
834 daddr = &inet6_rsk(req)->rmt_addr;
835 }
836 return tcp_v6_do_calc_md5_hash(md5_hash, key,
837 saddr, daddr,
838 th, protocol, tcplen);
839 }
840
841 static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
842 {
843 __u8 *hash_location = NULL;
844 struct tcp_md5sig_key *hash_expected;
845 struct ipv6hdr *ip6h = ipv6_hdr(skb);
846 struct tcphdr *th = tcp_hdr(skb);
847 int length = (th->doff << 2) - sizeof (*th);
848 int genhash;
849 u8 *ptr;
850 u8 newhash[16];
851
852 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
853
854 /* If the TCP option is too short, we can short cut */
855 if (length < TCPOLEN_MD5SIG)
856 return hash_expected ? 1 : 0;
857
858 /* parse options */
859 ptr = (u8*)(th + 1);
860 while (length > 0) {
861 int opcode = *ptr++;
862 int opsize;
863
864 switch(opcode) {
865 case TCPOPT_EOL:
866 goto done_opts;
867 case TCPOPT_NOP:
868 length--;
869 continue;
870 default:
871 opsize = *ptr++;
872 if (opsize < 2 || opsize > length)
873 goto done_opts;
874 if (opcode == TCPOPT_MD5SIG) {
875 hash_location = ptr;
876 goto done_opts;
877 }
878 }
879 ptr += opsize - 2;
880 length -= opsize;
881 }
882
883 done_opts:
884 /* do we have a hash as expected? */
885 if (!hash_expected) {
886 if (!hash_location)
887 return 0;
888 if (net_ratelimit()) {
889 printk(KERN_INFO "MD5 Hash NOT expected but found "
890 "(" NIP6_FMT ", %u)->"
891 "(" NIP6_FMT ", %u)\n",
892 NIP6(ip6h->saddr), ntohs(th->source),
893 NIP6(ip6h->daddr), ntohs(th->dest));
894 }
895 return 1;
896 }
897
898 if (!hash_location) {
899 if (net_ratelimit()) {
900 printk(KERN_INFO "MD5 Hash expected but NOT found "
901 "(" NIP6_FMT ", %u)->"
902 "(" NIP6_FMT ", %u)\n",
903 NIP6(ip6h->saddr), ntohs(th->source),
904 NIP6(ip6h->daddr), ntohs(th->dest));
905 }
906 return 1;
907 }
908
909 /* check the signature */
910 genhash = tcp_v6_do_calc_md5_hash(newhash,
911 hash_expected,
912 &ip6h->saddr, &ip6h->daddr,
913 th, sk->sk_protocol,
914 skb->len);
915 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
916 if (net_ratelimit()) {
917 printk(KERN_INFO "MD5 Hash %s for "
918 "(" NIP6_FMT ", %u)->"
919 "(" NIP6_FMT ", %u)\n",
920 genhash ? "failed" : "mismatch",
921 NIP6(ip6h->saddr), ntohs(th->source),
922 NIP6(ip6h->daddr), ntohs(th->dest));
923 }
924 return 1;
925 }
926 return 0;
927 }
928 #endif
929
930 static struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
931 .family = AF_INET6,
932 .obj_size = sizeof(struct tcp6_request_sock),
933 .rtx_syn_ack = tcp_v6_send_synack,
934 .send_ack = tcp_v6_reqsk_send_ack,
935 .destructor = tcp_v6_reqsk_destructor,
936 .send_reset = tcp_v6_send_reset
937 };
938
939 #ifdef CONFIG_TCP_MD5SIG
940 static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
941 .md5_lookup = tcp_v6_reqsk_md5_lookup,
942 };
943 #endif
944
945 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
946 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
947 .twsk_unique = tcp_twsk_unique,
948 .twsk_destructor= tcp_twsk_destructor,
949 };
950
951 static void tcp_v6_send_check(struct sock *sk, int len, struct sk_buff *skb)
952 {
953 struct ipv6_pinfo *np = inet6_sk(sk);
954 struct tcphdr *th = tcp_hdr(skb);
955
956 if (skb->ip_summed == CHECKSUM_PARTIAL) {
957 th->check = ~csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP, 0);
958 skb->csum_start = skb_transport_header(skb) - skb->head;
959 skb->csum_offset = offsetof(struct tcphdr, check);
960 } else {
961 th->check = csum_ipv6_magic(&np->saddr, &np->daddr, len, IPPROTO_TCP,
962 csum_partial((char *)th, th->doff<<2,
963 skb->csum));
964 }
965 }
966
967 static int tcp_v6_gso_send_check(struct sk_buff *skb)
968 {
969 struct ipv6hdr *ipv6h;
970 struct tcphdr *th;
971
972 if (!pskb_may_pull(skb, sizeof(*th)))
973 return -EINVAL;
974
975 ipv6h = ipv6_hdr(skb);
976 th = tcp_hdr(skb);
977
978 th->check = 0;
979 th->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len,
980 IPPROTO_TCP, 0);
981 skb->csum_start = skb_transport_header(skb) - skb->head;
982 skb->csum_offset = offsetof(struct tcphdr, check);
983 skb->ip_summed = CHECKSUM_PARTIAL;
984 return 0;
985 }
986
987 static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
988 {
989 struct tcphdr *th = tcp_hdr(skb), *t1;
990 struct sk_buff *buff;
991 struct flowi fl;
992 int tot_len = sizeof(*th);
993 #ifdef CONFIG_TCP_MD5SIG
994 struct tcp_md5sig_key *key;
995 #endif
996
997 if (th->rst)
998 return;
999
1000 if (!ipv6_unicast_destination(skb))
1001 return;
1002
1003 #ifdef CONFIG_TCP_MD5SIG
1004 if (sk)
1005 key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr);
1006 else
1007 key = NULL;
1008
1009 if (key)
1010 tot_len += TCPOLEN_MD5SIG_ALIGNED;
1011 #endif
1012
1013 /*
1014 * We need to grab some memory, and put together an RST,
1015 * and then put it into the queue to be sent.
1016 */
1017
1018 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1019 GFP_ATOMIC);
1020 if (buff == NULL)
1021 return;
1022
1023 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1024
1025 t1 = (struct tcphdr *) skb_push(buff, tot_len);
1026 skb_reset_transport_header(buff);
1027
1028 /* Swap the send and the receive. */
1029 memset(t1, 0, sizeof(*t1));
1030 t1->dest = th->source;
1031 t1->source = th->dest;
1032 t1->doff = tot_len / 4;
1033 t1->rst = 1;
1034
1035 if(th->ack) {
1036 t1->seq = th->ack_seq;
1037 } else {
1038 t1->ack = 1;
1039 t1->ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin
1040 + skb->len - (th->doff<<2));
1041 }
1042
1043 #ifdef CONFIG_TCP_MD5SIG
1044 if (key) {
1045 __be32 *opt = (__be32*)(t1 + 1);
1046 opt[0] = htonl((TCPOPT_NOP << 24) |
1047 (TCPOPT_NOP << 16) |
1048 (TCPOPT_MD5SIG << 8) |
1049 TCPOLEN_MD5SIG);
1050 tcp_v6_do_calc_md5_hash((__u8 *)&opt[1], key,
1051 &ipv6_hdr(skb)->daddr,
1052 &ipv6_hdr(skb)->saddr,
1053 t1, IPPROTO_TCP, tot_len);
1054 }
1055 #endif
1056
1057 buff->csum = csum_partial((char *)t1, sizeof(*t1), 0);
1058
1059 memset(&fl, 0, sizeof(fl));
1060 ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1061 ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr);
1062
1063 t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1064 sizeof(*t1), IPPROTO_TCP,
1065 buff->csum);
1066
1067 fl.proto = IPPROTO_TCP;
1068 fl.oif = inet6_iif(skb);
1069 fl.fl_ip_dport = t1->dest;
1070 fl.fl_ip_sport = t1->source;
1071 security_skb_classify_flow(skb, &fl);
1072
1073 /* sk = NULL, but it is safe for now. RST socket required. */
1074 if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
1075
1076 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1077 ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
1078 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1079 TCP_INC_STATS_BH(TCP_MIB_OUTRSTS);
1080 return;
1081 }
1082 }
1083
1084 kfree_skb(buff);
1085 }
1086
1087 static void tcp_v6_send_ack(struct tcp_timewait_sock *tw,
1088 struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts)
1089 {
1090 struct tcphdr *th = tcp_hdr(skb), *t1;
1091 struct sk_buff *buff;
1092 struct flowi fl;
1093 int tot_len = sizeof(struct tcphdr);
1094 __be32 *topt;
1095 #ifdef CONFIG_TCP_MD5SIG
1096 struct tcp_md5sig_key *key;
1097 struct tcp_md5sig_key tw_key;
1098 #endif
1099
1100 #ifdef CONFIG_TCP_MD5SIG
1101 if (!tw && skb->sk) {
1102 key = tcp_v6_md5_do_lookup(skb->sk, &ipv6_hdr(skb)->daddr);
1103 } else if (tw && tw->tw_md5_keylen) {
1104 tw_key.key = tw->tw_md5_key;
1105 tw_key.keylen = tw->tw_md5_keylen;
1106 key = &tw_key;
1107 } else {
1108 key = NULL;
1109 }
1110 #endif
1111
1112 if (ts)
1113 tot_len += TCPOLEN_TSTAMP_ALIGNED;
1114 #ifdef CONFIG_TCP_MD5SIG
1115 if (key)
1116 tot_len += TCPOLEN_MD5SIG_ALIGNED;
1117 #endif
1118
1119 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1120 GFP_ATOMIC);
1121 if (buff == NULL)
1122 return;
1123
1124 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1125
1126 t1 = (struct tcphdr *) skb_push(buff,tot_len);
1127
1128 /* Swap the send and the receive. */
1129 memset(t1, 0, sizeof(*t1));
1130 t1->dest = th->source;
1131 t1->source = th->dest;
1132 t1->doff = tot_len/4;
1133 t1->seq = htonl(seq);
1134 t1->ack_seq = htonl(ack);
1135 t1->ack = 1;
1136 t1->window = htons(win);
1137
1138 topt = (__be32 *)(t1 + 1);
1139
1140 if (ts) {
1141 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1142 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
1143 *topt++ = htonl(tcp_time_stamp);
1144 *topt = htonl(ts);
1145 }
1146
1147 #ifdef CONFIG_TCP_MD5SIG
1148 if (key) {
1149 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1150 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1151 tcp_v6_do_calc_md5_hash((__u8 *)topt, key,
1152 &ipv6_hdr(skb)->daddr,
1153 &ipv6_hdr(skb)->saddr,
1154 t1, IPPROTO_TCP, tot_len);
1155 }
1156 #endif
1157
1158 buff->csum = csum_partial((char *)t1, tot_len, 0);
1159
1160 memset(&fl, 0, sizeof(fl));
1161 ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1162 ipv6_addr_copy(&fl.fl6_src, &ipv6_hdr(skb)->daddr);
1163
1164 t1->check = csum_ipv6_magic(&fl.fl6_src, &fl.fl6_dst,
1165 tot_len, IPPROTO_TCP,
1166 buff->csum);
1167
1168 fl.proto = IPPROTO_TCP;
1169 fl.oif = inet6_iif(skb);
1170 fl.fl_ip_dport = t1->dest;
1171 fl.fl_ip_sport = t1->source;
1172 security_skb_classify_flow(skb, &fl);
1173
1174 if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) {
1175 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1176 ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0);
1177 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1178 return;
1179 }
1180 }
1181
1182 kfree_skb(buff);
1183 }
1184
1185 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
1186 {
1187 struct inet_timewait_sock *tw = inet_twsk(sk);
1188 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1189
1190 tcp_v6_send_ack(tcptw, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
1191 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
1192 tcptw->tw_ts_recent);
1193
1194 inet_twsk_put(tw);
1195 }
1196
1197 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req)
1198 {
1199 tcp_v6_send_ack(NULL, skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent);
1200 }
1201
1202
1203 static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1204 {
1205 struct request_sock *req, **prev;
1206 const struct tcphdr *th = tcp_hdr(skb);
1207 struct sock *nsk;
1208
1209 /* Find possible connection requests. */
1210 req = inet6_csk_search_req(sk, &prev, th->source,
1211 &ipv6_hdr(skb)->saddr,
1212 &ipv6_hdr(skb)->daddr, inet6_iif(skb));
1213 if (req)
1214 return tcp_check_req(sk, skb, req, prev);
1215
1216 nsk = __inet6_lookup_established(&tcp_hashinfo, &ipv6_hdr(skb)->saddr,
1217 th->source, &ipv6_hdr(skb)->daddr,
1218 ntohs(th->dest), inet6_iif(skb));
1219
1220 if (nsk) {
1221 if (nsk->sk_state != TCP_TIME_WAIT) {
1222 bh_lock_sock(nsk);
1223 return nsk;
1224 }
1225 inet_twsk_put(inet_twsk(nsk));
1226 return NULL;
1227 }
1228
1229 #if 0 /*def CONFIG_SYN_COOKIES*/
1230 if (!th->rst && !th->syn && th->ack)
1231 sk = cookie_v6_check(sk, skb, &(IPCB(skb)->opt));
1232 #endif
1233 return sk;
1234 }
1235
1236 /* FIXME: this is substantially similar to the ipv4 code.
1237 * Can some kind of merge be done? -- erics
1238 */
1239 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1240 {
1241 struct inet6_request_sock *treq;
1242 struct ipv6_pinfo *np = inet6_sk(sk);
1243 struct tcp_options_received tmp_opt;
1244 struct tcp_sock *tp = tcp_sk(sk);
1245 struct request_sock *req = NULL;
1246 __u32 isn = TCP_SKB_CB(skb)->when;
1247
1248 if (skb->protocol == htons(ETH_P_IP))
1249 return tcp_v4_conn_request(sk, skb);
1250
1251 if (!ipv6_unicast_destination(skb))
1252 goto drop;
1253
1254 /*
1255 * There are no SYN attacks on IPv6, yet...
1256 */
1257 if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1258 if (net_ratelimit())
1259 printk(KERN_INFO "TCPv6: dropping request, synflood is possible\n");
1260 goto drop;
1261 }
1262
1263 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1264 goto drop;
1265
1266 req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
1267 if (req == NULL)
1268 goto drop;
1269
1270 #ifdef CONFIG_TCP_MD5SIG
1271 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
1272 #endif
1273
1274 tcp_clear_options(&tmp_opt);
1275 tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1276 tmp_opt.user_mss = tp->rx_opt.user_mss;
1277
1278 tcp_parse_options(skb, &tmp_opt, 0);
1279
1280 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1281 tcp_openreq_init(req, &tmp_opt, skb);
1282
1283 treq = inet6_rsk(req);
1284 ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr);
1285 ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr);
1286 TCP_ECN_create_request(req, tcp_hdr(skb));
1287 treq->pktopts = NULL;
1288 if (ipv6_opt_accepted(sk, skb) ||
1289 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1290 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1291 atomic_inc(&skb->users);
1292 treq->pktopts = skb;
1293 }
1294 treq->iif = sk->sk_bound_dev_if;
1295
1296 /* So that link locals have meaning */
1297 if (!sk->sk_bound_dev_if &&
1298 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1299 treq->iif = inet6_iif(skb);
1300
1301 if (isn == 0)
1302 isn = tcp_v6_init_sequence(skb);
1303
1304 tcp_rsk(req)->snt_isn = isn;
1305
1306 security_inet_conn_request(sk, skb, req);
1307
1308 if (tcp_v6_send_synack(sk, req, NULL))
1309 goto drop;
1310
1311 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1312 return 0;
1313
1314 drop:
1315 if (req)
1316 reqsk_free(req);
1317
1318 return 0; /* don't send reset */
1319 }
1320
1321 static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1322 struct request_sock *req,
1323 struct dst_entry *dst)
1324 {
1325 struct inet6_request_sock *treq = inet6_rsk(req);
1326 struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1327 struct tcp6_sock *newtcp6sk;
1328 struct inet_sock *newinet;
1329 struct tcp_sock *newtp;
1330 struct sock *newsk;
1331 struct ipv6_txoptions *opt;
1332 #ifdef CONFIG_TCP_MD5SIG
1333 struct tcp_md5sig_key *key;
1334 #endif
1335
1336 if (skb->protocol == htons(ETH_P_IP)) {
1337 /*
1338 * v6 mapped
1339 */
1340
1341 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1342
1343 if (newsk == NULL)
1344 return NULL;
1345
1346 newtcp6sk = (struct tcp6_sock *)newsk;
1347 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1348
1349 newinet = inet_sk(newsk);
1350 newnp = inet6_sk(newsk);
1351 newtp = tcp_sk(newsk);
1352
1353 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1354
1355 ipv6_addr_set_v4mapped(newinet->daddr, &newnp->daddr);
1356
1357 ipv6_addr_set_v4mapped(newinet->saddr, &newnp->saddr);
1358
1359 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
1360
1361 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1362 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1363 #ifdef CONFIG_TCP_MD5SIG
1364 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1365 #endif
1366
1367 newnp->pktoptions = NULL;
1368 newnp->opt = NULL;
1369 newnp->mcast_oif = inet6_iif(skb);
1370 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1371
1372 /*
1373 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1374 * here, tcp_create_openreq_child now does this for us, see the comment in
1375 * that function for the gory details. -acme
1376 */
1377
1378 /* It is tricky place. Until this moment IPv4 tcp
1379 worked with IPv6 icsk.icsk_af_ops.
1380 Sync it now.
1381 */
1382 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1383
1384 return newsk;
1385 }
1386
1387 opt = np->opt;
1388
1389 if (sk_acceptq_is_full(sk))
1390 goto out_overflow;
1391
1392 if (np->rxopt.bits.osrcrt == 2 &&
1393 opt == NULL && treq->pktopts) {
1394 struct inet6_skb_parm *rxopt = IP6CB(treq->pktopts);
1395 if (rxopt->srcrt)
1396 opt = ipv6_invert_rthdr(sk,
1397 (struct ipv6_rt_hdr *)(skb_network_header(treq->pktopts) +
1398 rxopt->srcrt));
1399 }
1400
1401 if (dst == NULL) {
1402 struct in6_addr *final_p = NULL, final;
1403 struct flowi fl;
1404
1405 memset(&fl, 0, sizeof(fl));
1406 fl.proto = IPPROTO_TCP;
1407 ipv6_addr_copy(&fl.fl6_dst, &treq->rmt_addr);
1408 if (opt && opt->srcrt) {
1409 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
1410 ipv6_addr_copy(&final, &fl.fl6_dst);
1411 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
1412 final_p = &final;
1413 }
1414 ipv6_addr_copy(&fl.fl6_src, &treq->loc_addr);
1415 fl.oif = sk->sk_bound_dev_if;
1416 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
1417 fl.fl_ip_sport = inet_sk(sk)->sport;
1418 security_req_classify_flow(req, &fl);
1419
1420 if (ip6_dst_lookup(sk, &dst, &fl))
1421 goto out;
1422
1423 if (final_p)
1424 ipv6_addr_copy(&fl.fl6_dst, final_p);
1425
1426 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
1427 goto out;
1428 }
1429
1430 newsk = tcp_create_openreq_child(sk, req, skb);
1431 if (newsk == NULL)
1432 goto out;
1433
1434 /*
1435 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1436 * count here, tcp_create_openreq_child now does this for us, see the
1437 * comment in that function for the gory details. -acme
1438 */
1439
1440 newsk->sk_gso_type = SKB_GSO_TCPV6;
1441 __ip6_dst_store(newsk, dst, NULL, NULL);
1442
1443 newtcp6sk = (struct tcp6_sock *)newsk;
1444 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1445
1446 newtp = tcp_sk(newsk);
1447 newinet = inet_sk(newsk);
1448 newnp = inet6_sk(newsk);
1449
1450 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1451
1452 ipv6_addr_copy(&newnp->daddr, &treq->rmt_addr);
1453 ipv6_addr_copy(&newnp->saddr, &treq->loc_addr);
1454 ipv6_addr_copy(&newnp->rcv_saddr, &treq->loc_addr);
1455 newsk->sk_bound_dev_if = treq->iif;
1456
1457 /* Now IPv6 options...
1458
1459 First: no IPv4 options.
1460 */
1461 newinet->opt = NULL;
1462 newnp->ipv6_fl_list = NULL;
1463
1464 /* Clone RX bits */
1465 newnp->rxopt.all = np->rxopt.all;
1466
1467 /* Clone pktoptions received with SYN */
1468 newnp->pktoptions = NULL;
1469 if (treq->pktopts != NULL) {
1470 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
1471 kfree_skb(treq->pktopts);
1472 treq->pktopts = NULL;
1473 if (newnp->pktoptions)
1474 skb_set_owner_r(newnp->pktoptions, newsk);
1475 }
1476 newnp->opt = NULL;
1477 newnp->mcast_oif = inet6_iif(skb);
1478 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1479
1480 /* Clone native IPv6 options from listening socket (if any)
1481
1482 Yes, keeping reference count would be much more clever,
1483 but we make one more one thing there: reattach optmem
1484 to newsk.
1485 */
1486 if (opt) {
1487 newnp->opt = ipv6_dup_options(newsk, opt);
1488 if (opt != np->opt)
1489 sock_kfree_s(sk, opt, opt->tot_len);
1490 }
1491
1492 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1493 if (newnp->opt)
1494 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1495 newnp->opt->opt_flen);
1496
1497 tcp_mtup_init(newsk);
1498 tcp_sync_mss(newsk, dst_mtu(dst));
1499 newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
1500 tcp_initialize_rcv_mss(newsk);
1501
1502 newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
1503
1504 #ifdef CONFIG_TCP_MD5SIG
1505 /* Copy over the MD5 key from the original socket */
1506 if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
1507 /* We're using one, so create a matching key
1508 * on the newsk structure. If we fail to get
1509 * memory, then we end up not copying the key
1510 * across. Shucks.
1511 */
1512 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1513 if (newkey != NULL)
1514 tcp_v6_md5_do_add(newsk, &inet6_sk(sk)->daddr,
1515 newkey, key->keylen);
1516 }
1517 #endif
1518
1519 __inet6_hash(&tcp_hashinfo, newsk);
1520 inet_inherit_port(&tcp_hashinfo, sk, newsk);
1521
1522 return newsk;
1523
1524 out_overflow:
1525 NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
1526 out:
1527 NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
1528 if (opt && opt != np->opt)
1529 sock_kfree_s(sk, opt, opt->tot_len);
1530 dst_release(dst);
1531 return NULL;
1532 }
1533
1534 static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1535 {
1536 if (skb->ip_summed == CHECKSUM_COMPLETE) {
1537 if (!tcp_v6_check(tcp_hdr(skb), skb->len, &ipv6_hdr(skb)->saddr,
1538 &ipv6_hdr(skb)->daddr, skb->csum)) {
1539 skb->ip_summed = CHECKSUM_UNNECESSARY;
1540 return 0;
1541 }
1542 }
1543
1544 skb->csum = ~csum_unfold(tcp_v6_check(tcp_hdr(skb), skb->len,
1545 &ipv6_hdr(skb)->saddr,
1546 &ipv6_hdr(skb)->daddr, 0));
1547
1548 if (skb->len <= 76) {
1549 return __skb_checksum_complete(skb);
1550 }
1551 return 0;
1552 }
1553
1554 /* The socket must have it's spinlock held when we get
1555 * here.
1556 *
1557 * We have a potential double-lock case here, so even when
1558 * doing backlog processing we use the BH locking scheme.
1559 * This is because we cannot sleep with the original spinlock
1560 * held.
1561 */
1562 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1563 {
1564 struct ipv6_pinfo *np = inet6_sk(sk);
1565 struct tcp_sock *tp;
1566 struct sk_buff *opt_skb = NULL;
1567
1568 /* Imagine: socket is IPv6. IPv4 packet arrives,
1569 goes to IPv4 receive handler and backlogged.
1570 From backlog it always goes here. Kerboom...
1571 Fortunately, tcp_rcv_established and rcv_established
1572 handle them correctly, but it is not case with
1573 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1574 */
1575
1576 if (skb->protocol == htons(ETH_P_IP))
1577 return tcp_v4_do_rcv(sk, skb);
1578
1579 #ifdef CONFIG_TCP_MD5SIG
1580 if (tcp_v6_inbound_md5_hash (sk, skb))
1581 goto discard;
1582 #endif
1583
1584 if (sk_filter(sk, skb))
1585 goto discard;
1586
1587 /*
1588 * socket locking is here for SMP purposes as backlog rcv
1589 * is currently called with bh processing disabled.
1590 */
1591
1592 /* Do Stevens' IPV6_PKTOPTIONS.
1593
1594 Yes, guys, it is the only place in our code, where we
1595 may make it not affecting IPv4.
1596 The rest of code is protocol independent,
1597 and I do not like idea to uglify IPv4.
1598
1599 Actually, all the idea behind IPV6_PKTOPTIONS
1600 looks not very well thought. For now we latch
1601 options, received in the last packet, enqueued
1602 by tcp. Feel free to propose better solution.
1603 --ANK (980728)
1604 */
1605 if (np->rxopt.all)
1606 opt_skb = skb_clone(skb, GFP_ATOMIC);
1607
1608 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1609 TCP_CHECK_TIMER(sk);
1610 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len))
1611 goto reset;
1612 TCP_CHECK_TIMER(sk);
1613 if (opt_skb)
1614 goto ipv6_pktoptions;
1615 return 0;
1616 }
1617
1618 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1619 goto csum_err;
1620
1621 if (sk->sk_state == TCP_LISTEN) {
1622 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1623 if (!nsk)
1624 goto discard;
1625
1626 /*
1627 * Queue it on the new socket if the new socket is active,
1628 * otherwise we just shortcircuit this and continue with
1629 * the new socket..
1630 */
1631 if(nsk != sk) {
1632 if (tcp_child_process(sk, nsk, skb))
1633 goto reset;
1634 if (opt_skb)
1635 __kfree_skb(opt_skb);
1636 return 0;
1637 }
1638 }
1639
1640 TCP_CHECK_TIMER(sk);
1641 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1642 goto reset;
1643 TCP_CHECK_TIMER(sk);
1644 if (opt_skb)
1645 goto ipv6_pktoptions;
1646 return 0;
1647
1648 reset:
1649 tcp_v6_send_reset(sk, skb);
1650 discard:
1651 if (opt_skb)
1652 __kfree_skb(opt_skb);
1653 kfree_skb(skb);
1654 return 0;
1655 csum_err:
1656 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1657 goto discard;
1658
1659
1660 ipv6_pktoptions:
1661 /* Do you ask, what is it?
1662
1663 1. skb was enqueued by tcp.
1664 2. skb is added to tail of read queue, rather than out of order.
1665 3. socket is not in passive state.
1666 4. Finally, it really contains options, which user wants to receive.
1667 */
1668 tp = tcp_sk(sk);
1669 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1670 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1671 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1672 np->mcast_oif = inet6_iif(opt_skb);
1673 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1674 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1675 if (ipv6_opt_accepted(sk, opt_skb)) {
1676 skb_set_owner_r(opt_skb, sk);
1677 opt_skb = xchg(&np->pktoptions, opt_skb);
1678 } else {
1679 __kfree_skb(opt_skb);
1680 opt_skb = xchg(&np->pktoptions, NULL);
1681 }
1682 }
1683
1684 if (opt_skb)
1685 kfree_skb(opt_skb);
1686 return 0;
1687 }
1688
1689 static int tcp_v6_rcv(struct sk_buff *skb)
1690 {
1691 struct tcphdr *th;
1692 struct sock *sk;
1693 int ret;
1694
1695 if (skb->pkt_type != PACKET_HOST)
1696 goto discard_it;
1697
1698 /*
1699 * Count it even if it's bad.
1700 */
1701 TCP_INC_STATS_BH(TCP_MIB_INSEGS);
1702
1703 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1704 goto discard_it;
1705
1706 th = tcp_hdr(skb);
1707
1708 if (th->doff < sizeof(struct tcphdr)/4)
1709 goto bad_packet;
1710 if (!pskb_may_pull(skb, th->doff*4))
1711 goto discard_it;
1712
1713 if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb))
1714 goto bad_packet;
1715
1716 th = tcp_hdr(skb);
1717 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1718 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1719 skb->len - th->doff*4);
1720 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1721 TCP_SKB_CB(skb)->when = 0;
1722 TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb));
1723 TCP_SKB_CB(skb)->sacked = 0;
1724
1725 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
1726 if (!sk)
1727 goto no_tcp_socket;
1728
1729 process:
1730 if (sk->sk_state == TCP_TIME_WAIT)
1731 goto do_time_wait;
1732
1733 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1734 goto discard_and_relse;
1735
1736 if (sk_filter(sk, skb))
1737 goto discard_and_relse;
1738
1739 skb->dev = NULL;
1740
1741 bh_lock_sock_nested(sk);
1742 ret = 0;
1743 if (!sock_owned_by_user(sk)) {
1744 #ifdef CONFIG_NET_DMA
1745 struct tcp_sock *tp = tcp_sk(sk);
1746 if (tp->ucopy.dma_chan)
1747 ret = tcp_v6_do_rcv(sk, skb);
1748 else
1749 #endif
1750 {
1751 if (!tcp_prequeue(sk, skb))
1752 ret = tcp_v6_do_rcv(sk, skb);
1753 }
1754 } else
1755 sk_add_backlog(sk, skb);
1756 bh_unlock_sock(sk);
1757
1758 sock_put(sk);
1759 return ret ? -1 : 0;
1760
1761 no_tcp_socket:
1762 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1763 goto discard_it;
1764
1765 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1766 bad_packet:
1767 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1768 } else {
1769 tcp_v6_send_reset(NULL, skb);
1770 }
1771
1772 discard_it:
1773
1774 /*
1775 * Discard frame
1776 */
1777
1778 kfree_skb(skb);
1779 return 0;
1780
1781 discard_and_relse:
1782 sock_put(sk);
1783 goto discard_it;
1784
1785 do_time_wait:
1786 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1787 inet_twsk_put(inet_twsk(sk));
1788 goto discard_it;
1789 }
1790
1791 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1792 TCP_INC_STATS_BH(TCP_MIB_INERRS);
1793 inet_twsk_put(inet_twsk(sk));
1794 goto discard_it;
1795 }
1796
1797 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1798 case TCP_TW_SYN:
1799 {
1800 struct sock *sk2;
1801
1802 sk2 = inet6_lookup_listener(&tcp_hashinfo,
1803 &ipv6_hdr(skb)->daddr,
1804 ntohs(th->dest), inet6_iif(skb));
1805 if (sk2 != NULL) {
1806 struct inet_timewait_sock *tw = inet_twsk(sk);
1807 inet_twsk_deschedule(tw, &tcp_death_row);
1808 inet_twsk_put(tw);
1809 sk = sk2;
1810 goto process;
1811 }
1812 /* Fall through to ACK */
1813 }
1814 case TCP_TW_ACK:
1815 tcp_v6_timewait_ack(sk, skb);
1816 break;
1817 case TCP_TW_RST:
1818 goto no_tcp_socket;
1819 case TCP_TW_SUCCESS:;
1820 }
1821 goto discard_it;
1822 }
1823
1824 static int tcp_v6_remember_stamp(struct sock *sk)
1825 {
1826 /* Alas, not yet... */
1827 return 0;
1828 }
1829
1830 static struct inet_connection_sock_af_ops ipv6_specific = {
1831 .queue_xmit = inet6_csk_xmit,
1832 .send_check = tcp_v6_send_check,
1833 .rebuild_header = inet6_sk_rebuild_header,
1834 .conn_request = tcp_v6_conn_request,
1835 .syn_recv_sock = tcp_v6_syn_recv_sock,
1836 .remember_stamp = tcp_v6_remember_stamp,
1837 .net_header_len = sizeof(struct ipv6hdr),
1838 .setsockopt = ipv6_setsockopt,
1839 .getsockopt = ipv6_getsockopt,
1840 .addr2sockaddr = inet6_csk_addr2sockaddr,
1841 .sockaddr_len = sizeof(struct sockaddr_in6),
1842 #ifdef CONFIG_COMPAT
1843 .compat_setsockopt = compat_ipv6_setsockopt,
1844 .compat_getsockopt = compat_ipv6_getsockopt,
1845 #endif
1846 };
1847
1848 #ifdef CONFIG_TCP_MD5SIG
1849 static struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1850 .md5_lookup = tcp_v6_md5_lookup,
1851 .calc_md5_hash = tcp_v6_calc_md5_hash,
1852 .md5_add = tcp_v6_md5_add_func,
1853 .md5_parse = tcp_v6_parse_md5_keys,
1854 };
1855 #endif
1856
1857 /*
1858 * TCP over IPv4 via INET6 API
1859 */
1860
1861 static struct inet_connection_sock_af_ops ipv6_mapped = {
1862 .queue_xmit = ip_queue_xmit,
1863 .send_check = tcp_v4_send_check,
1864 .rebuild_header = inet_sk_rebuild_header,
1865 .conn_request = tcp_v6_conn_request,
1866 .syn_recv_sock = tcp_v6_syn_recv_sock,
1867 .remember_stamp = tcp_v4_remember_stamp,
1868 .net_header_len = sizeof(struct iphdr),
1869 .setsockopt = ipv6_setsockopt,
1870 .getsockopt = ipv6_getsockopt,
1871 .addr2sockaddr = inet6_csk_addr2sockaddr,
1872 .sockaddr_len = sizeof(struct sockaddr_in6),
1873 #ifdef CONFIG_COMPAT
1874 .compat_setsockopt = compat_ipv6_setsockopt,
1875 .compat_getsockopt = compat_ipv6_getsockopt,
1876 #endif
1877 };
1878
1879 #ifdef CONFIG_TCP_MD5SIG
1880 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1881 .md5_lookup = tcp_v4_md5_lookup,
1882 .calc_md5_hash = tcp_v4_calc_md5_hash,
1883 .md5_add = tcp_v6_md5_add_func,
1884 .md5_parse = tcp_v6_parse_md5_keys,
1885 };
1886 #endif
1887
1888 /* NOTE: A lot of things set to zero explicitly by call to
1889 * sk_alloc() so need not be done here.
1890 */
1891 static int tcp_v6_init_sock(struct sock *sk)
1892 {
1893 struct inet_connection_sock *icsk = inet_csk(sk);
1894 struct tcp_sock *tp = tcp_sk(sk);
1895
1896 skb_queue_head_init(&tp->out_of_order_queue);
1897 tcp_init_xmit_timers(sk);
1898 tcp_prequeue_init(tp);
1899
1900 icsk->icsk_rto = TCP_TIMEOUT_INIT;
1901 tp->mdev = TCP_TIMEOUT_INIT;
1902
1903 /* So many TCP implementations out there (incorrectly) count the
1904 * initial SYN frame in their delayed-ACK and congestion control
1905 * algorithms that we must have the following bandaid to talk
1906 * efficiently to them. -DaveM
1907 */
1908 tp->snd_cwnd = 2;
1909
1910 /* See draft-stevens-tcpca-spec-01 for discussion of the
1911 * initialization of these values.
1912 */
1913 tp->snd_ssthresh = 0x7fffffff;
1914 tp->snd_cwnd_clamp = ~0;
1915 tp->mss_cache = 536;
1916
1917 tp->reordering = sysctl_tcp_reordering;
1918
1919 sk->sk_state = TCP_CLOSE;
1920
1921 icsk->icsk_af_ops = &ipv6_specific;
1922 icsk->icsk_ca_ops = &tcp_init_congestion_ops;
1923 icsk->icsk_sync_mss = tcp_sync_mss;
1924 sk->sk_write_space = sk_stream_write_space;
1925 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1926
1927 #ifdef CONFIG_TCP_MD5SIG
1928 tp->af_specific = &tcp_sock_ipv6_specific;
1929 #endif
1930
1931 sk->sk_sndbuf = sysctl_tcp_wmem[1];
1932 sk->sk_rcvbuf = sysctl_tcp_rmem[1];
1933
1934 atomic_inc(&tcp_sockets_allocated);
1935
1936 return 0;
1937 }
1938
1939 static int tcp_v6_destroy_sock(struct sock *sk)
1940 {
1941 #ifdef CONFIG_TCP_MD5SIG
1942 /* Clean up the MD5 key list */
1943 if (tcp_sk(sk)->md5sig_info)
1944 tcp_v6_clear_md5_list(sk);
1945 #endif
1946 tcp_v4_destroy_sock(sk);
1947 return inet6_destroy_sock(sk);
1948 }
1949
1950 #ifdef CONFIG_PROC_FS
1951 /* Proc filesystem TCPv6 sock list dumping. */
1952 static void get_openreq6(struct seq_file *seq,
1953 struct sock *sk, struct request_sock *req, int i, int uid)
1954 {
1955 int ttd = req->expires - jiffies;
1956 struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1957 struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1958
1959 if (ttd < 0)
1960 ttd = 0;
1961
1962 seq_printf(seq,
1963 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1964 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
1965 i,
1966 src->s6_addr32[0], src->s6_addr32[1],
1967 src->s6_addr32[2], src->s6_addr32[3],
1968 ntohs(inet_sk(sk)->sport),
1969 dest->s6_addr32[0], dest->s6_addr32[1],
1970 dest->s6_addr32[2], dest->s6_addr32[3],
1971 ntohs(inet_rsk(req)->rmt_port),
1972 TCP_SYN_RECV,
1973 0,0, /* could print option size, but that is af dependent. */
1974 1, /* timers active (only the expire timer) */
1975 jiffies_to_clock_t(ttd),
1976 req->retrans,
1977 uid,
1978 0, /* non standard timer */
1979 0, /* open_requests have no inode */
1980 0, req);
1981 }
1982
1983 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1984 {
1985 struct in6_addr *dest, *src;
1986 __u16 destp, srcp;
1987 int timer_active;
1988 unsigned long timer_expires;
1989 struct inet_sock *inet = inet_sk(sp);
1990 struct tcp_sock *tp = tcp_sk(sp);
1991 const struct inet_connection_sock *icsk = inet_csk(sp);
1992 struct ipv6_pinfo *np = inet6_sk(sp);
1993
1994 dest = &np->daddr;
1995 src = &np->rcv_saddr;
1996 destp = ntohs(inet->dport);
1997 srcp = ntohs(inet->sport);
1998
1999 if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
2000 timer_active = 1;
2001 timer_expires = icsk->icsk_timeout;
2002 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2003 timer_active = 4;
2004 timer_expires = icsk->icsk_timeout;
2005 } else if (timer_pending(&sp->sk_timer)) {
2006 timer_active = 2;
2007 timer_expires = sp->sk_timer.expires;
2008 } else {
2009 timer_active = 0;
2010 timer_expires = jiffies;
2011 }
2012
2013 seq_printf(seq,
2014 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2015 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %u %u %u %u %d\n",
2016 i,
2017 src->s6_addr32[0], src->s6_addr32[1],
2018 src->s6_addr32[2], src->s6_addr32[3], srcp,
2019 dest->s6_addr32[0], dest->s6_addr32[1],
2020 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2021 sp->sk_state,
2022 tp->write_seq-tp->snd_una,
2023 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
2024 timer_active,
2025 jiffies_to_clock_t(timer_expires - jiffies),
2026 icsk->icsk_retransmits,
2027 sock_i_uid(sp),
2028 icsk->icsk_probes_out,
2029 sock_i_ino(sp),
2030 atomic_read(&sp->sk_refcnt), sp,
2031 icsk->icsk_rto,
2032 icsk->icsk_ack.ato,
2033 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
2034 tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
2035 );
2036 }
2037
2038 static void get_timewait6_sock(struct seq_file *seq,
2039 struct inet_timewait_sock *tw, int i)
2040 {
2041 struct in6_addr *dest, *src;
2042 __u16 destp, srcp;
2043 struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
2044 int ttd = tw->tw_ttd - jiffies;
2045
2046 if (ttd < 0)
2047 ttd = 0;
2048
2049 dest = &tw6->tw_v6_daddr;
2050 src = &tw6->tw_v6_rcv_saddr;
2051 destp = ntohs(tw->tw_dport);
2052 srcp = ntohs(tw->tw_sport);
2053
2054 seq_printf(seq,
2055 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2056 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %p\n",
2057 i,
2058 src->s6_addr32[0], src->s6_addr32[1],
2059 src->s6_addr32[2], src->s6_addr32[3], srcp,
2060 dest->s6_addr32[0], dest->s6_addr32[1],
2061 dest->s6_addr32[2], dest->s6_addr32[3], destp,
2062 tw->tw_substate, 0, 0,
2063 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
2064 atomic_read(&tw->tw_refcnt), tw);
2065 }
2066
2067 static int tcp6_seq_show(struct seq_file *seq, void *v)
2068 {
2069 struct tcp_iter_state *st;
2070
2071 if (v == SEQ_START_TOKEN) {
2072 seq_puts(seq,
2073 " sl "
2074 "local_address "
2075 "remote_address "
2076 "st tx_queue rx_queue tr tm->when retrnsmt"
2077 " uid timeout inode\n");
2078 goto out;
2079 }
2080 st = seq->private;
2081
2082 switch (st->state) {
2083 case TCP_SEQ_STATE_LISTENING:
2084 case TCP_SEQ_STATE_ESTABLISHED:
2085 get_tcp6_sock(seq, v, st->num);
2086 break;
2087 case TCP_SEQ_STATE_OPENREQ:
2088 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
2089 break;
2090 case TCP_SEQ_STATE_TIME_WAIT:
2091 get_timewait6_sock(seq, v, st->num);
2092 break;
2093 }
2094 out:
2095 return 0;
2096 }
2097
2098 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2099 .owner = THIS_MODULE,
2100 .name = "tcp6",
2101 .family = AF_INET6,
2102 .seq_ops = {
2103 .show = tcp6_seq_show,
2104 },
2105 };
2106
2107 int __init tcp6_proc_init(void)
2108 {
2109 return tcp_proc_register(&tcp6_seq_afinfo);
2110 }
2111
2112 void tcp6_proc_exit(void)
2113 {
2114 tcp_proc_unregister(&tcp6_seq_afinfo);
2115 }
2116 #endif
2117
2118 struct proto tcpv6_prot = {
2119 .name = "TCPv6",
2120 .owner = THIS_MODULE,
2121 .close = tcp_close,
2122 .connect = tcp_v6_connect,
2123 .disconnect = tcp_disconnect,
2124 .accept = inet_csk_accept,
2125 .ioctl = tcp_ioctl,
2126 .init = tcp_v6_init_sock,
2127 .destroy = tcp_v6_destroy_sock,
2128 .shutdown = tcp_shutdown,
2129 .setsockopt = tcp_setsockopt,
2130 .getsockopt = tcp_getsockopt,
2131 .recvmsg = tcp_recvmsg,
2132 .backlog_rcv = tcp_v6_do_rcv,
2133 .hash = tcp_v6_hash,
2134 .unhash = tcp_unhash,
2135 .get_port = tcp_v6_get_port,
2136 .enter_memory_pressure = tcp_enter_memory_pressure,
2137 .sockets_allocated = &tcp_sockets_allocated,
2138 .memory_allocated = &tcp_memory_allocated,
2139 .memory_pressure = &tcp_memory_pressure,
2140 .orphan_count = &tcp_orphan_count,
2141 .sysctl_mem = sysctl_tcp_mem,
2142 .sysctl_wmem = sysctl_tcp_wmem,
2143 .sysctl_rmem = sysctl_tcp_rmem,
2144 .max_header = MAX_TCP_HEADER,
2145 .obj_size = sizeof(struct tcp6_sock),
2146 .twsk_prot = &tcp6_timewait_sock_ops,
2147 .rsk_prot = &tcp6_request_sock_ops,
2148 #ifdef CONFIG_COMPAT
2149 .compat_setsockopt = compat_tcp_setsockopt,
2150 .compat_getsockopt = compat_tcp_getsockopt,
2151 #endif
2152 };
2153
2154 static struct inet6_protocol tcpv6_protocol = {
2155 .handler = tcp_v6_rcv,
2156 .err_handler = tcp_v6_err,
2157 .gso_send_check = tcp_v6_gso_send_check,
2158 .gso_segment = tcp_tso_segment,
2159 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2160 };
2161
2162 static struct inet_protosw tcpv6_protosw = {
2163 .type = SOCK_STREAM,
2164 .protocol = IPPROTO_TCP,
2165 .prot = &tcpv6_prot,
2166 .ops = &inet6_stream_ops,
2167 .capability = -1,
2168 .no_check = 0,
2169 .flags = INET_PROTOSW_PERMANENT |
2170 INET_PROTOSW_ICSK,
2171 };
2172
2173 void __init tcpv6_init(void)
2174 {
2175 /* register inet6 protocol */
2176 if (inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP) < 0)
2177 printk(KERN_ERR "tcpv6_init: Could not register protocol\n");
2178 inet6_register_protosw(&tcpv6_protosw);
2179
2180 if (inet_csk_ctl_sock_create(&tcp6_socket, PF_INET6, SOCK_RAW,
2181 IPPROTO_TCP) < 0)
2182 panic("Failed to create the TCPv6 control socket.\n");
2183 }
Tomato firmware and modifications.