1/*
2 *	TCP over IPv6
3 *	Linux INET6 implementation
4 *
5 *	Authors:
6 *	Pedro Roque		<roque@di.fc.ul.pt>
7 *
8 *	Based on:
9 *	linux/net/ipv4/tcp.c
10 *	linux/net/ipv4/tcp_input.c
11 *	linux/net/ipv4/tcp_output.c
12 *
13 *	Fixes:
14 *	Hideaki YOSHIFUJI	:	sin6_scope_id support
15 *	YOSHIFUJI Hideaki @USAGI and:	Support IPV6_V6ONLY socket option, which
16 *	Alexey Kuznetsov		allow both IPv4 and IPv6 sockets to bind
17 *					a single port at the same time.
18 *	YOSHIFUJI Hideaki @USAGI:	convert /proc/net/tcp6 to seq_file.
19 *
20 *	This program is free software; you can redistribute it and/or
21 *      modify it under the terms of the GNU General Public License
22 *      as published by the Free Software Foundation; either version
23 *      2 of the License, or (at your option) any later version.
24 */
25
26#include <linux/bottom_half.h>
27#include <linux/module.h>
28#include <linux/errno.h>
29#include <linux/types.h>
30#include <linux/socket.h>
31#include <linux/sockios.h>
32#include <linux/net.h>
33#include <linux/jiffies.h>
34#include <linux/in.h>
35#include <linux/in6.h>
36#include <linux/netdevice.h>
37#include <linux/init.h>
38#include <linux/jhash.h>
39#include <linux/ipsec.h>
40#include <linux/times.h>
41#include <linux/slab.h>
42#include <linux/uaccess.h>
43#include <linux/ipv6.h>
44#include <linux/icmpv6.h>
45#include <linux/random.h>
46
47#include <net/tcp.h>
48#include <net/ndisc.h>
49#include <net/inet6_hashtables.h>
50#include <net/inet6_connection_sock.h>
51#include <net/ipv6.h>
52#include <net/transp_v6.h>
53#include <net/addrconf.h>
54#include <net/ip6_route.h>
55#include <net/ip6_checksum.h>
56#include <net/inet_ecn.h>
57#include <net/protocol.h>
58#include <net/xfrm.h>
59#include <net/snmp.h>
60#include <net/dsfield.h>
61#include <net/timewait_sock.h>
62#include <net/inet_common.h>
63#include <net/secure_seq.h>
64#include <net/tcp_memcontrol.h>
65#include <net/busy_poll.h>
66
67#include <linux/proc_fs.h>
68#include <linux/seq_file.h>
69
70#include <linux/crypto.h>
71#include <linux/scatterlist.h>
72
73static void	tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
74static void	tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
75				      struct request_sock *req);
76
77static int	tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
78
79static const struct inet_connection_sock_af_ops ipv6_mapped;
80static const struct inet_connection_sock_af_ops ipv6_specific;
81#ifdef CONFIG_TCP_MD5SIG
82static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
83static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
84#else
85static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
86						   const struct in6_addr *addr)
87{
88	return NULL;
89}
90#endif
91
92static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
93{
94	struct dst_entry *dst = skb_dst(skb);
95
96	if (dst && dst_hold_safe(dst)) {
97		const struct rt6_info *rt = (const struct rt6_info *)dst;
98
99		sk->sk_rx_dst = dst;
100		inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
101		if (rt->rt6i_node)
102			inet6_sk(sk)->rx_dst_cookie = rt->rt6i_node->fn_sernum;
103	}
104}
105
106static __u32 tcp_v6_init_sequence(const struct sk_buff *skb)
107{
108	return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
109					    ipv6_hdr(skb)->saddr.s6_addr32,
110					    tcp_hdr(skb)->dest,
111					    tcp_hdr(skb)->source);
112}
113
114static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
115			  int addr_len)
116{
117	struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
118	struct inet_sock *inet = inet_sk(sk);
119	struct inet_connection_sock *icsk = inet_csk(sk);
120	struct ipv6_pinfo *np = inet6_sk(sk);
121	struct tcp_sock *tp = tcp_sk(sk);
122	struct in6_addr *saddr = NULL, *final_p, final;
123	struct ipv6_txoptions *opt;
124	struct rt6_info *rt;
125	struct flowi6 fl6;
126	struct dst_entry *dst;
127	int addr_type;
128	int err;
129
130	if (addr_len < SIN6_LEN_RFC2133)
131		return -EINVAL;
132
133	if (usin->sin6_family != AF_INET6)
134		return -EAFNOSUPPORT;
135
136	memset(&fl6, 0, sizeof(fl6));
137
138	if (np->sndflow) {
139		fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
140		IP6_ECN_flow_init(fl6.flowlabel);
141		if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
142			struct ip6_flowlabel *flowlabel;
143			flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
144			if (!flowlabel)
145				return -EINVAL;
146			fl6_sock_release(flowlabel);
147		}
148	}
149
150	/*
151	 *	connect() to INADDR_ANY means loopback (BSD'ism).
152	 */
153
154	if (ipv6_addr_any(&usin->sin6_addr))
155		usin->sin6_addr.s6_addr[15] = 0x1;
156
157	addr_type = ipv6_addr_type(&usin->sin6_addr);
158
159	if (addr_type & IPV6_ADDR_MULTICAST)
160		return -ENETUNREACH;
161
162	if (addr_type&IPV6_ADDR_LINKLOCAL) {
163		if (addr_len >= sizeof(struct sockaddr_in6) &&
164		    usin->sin6_scope_id) {
165			/* If interface is set while binding, indices
166			 * must coincide.
167			 */
168			if (sk->sk_bound_dev_if &&
169			    sk->sk_bound_dev_if != usin->sin6_scope_id)
170				return -EINVAL;
171
172			sk->sk_bound_dev_if = usin->sin6_scope_id;
173		}
174
175		/* Connect to link-local address requires an interface */
176		if (!sk->sk_bound_dev_if)
177			return -EINVAL;
178	}
179
180	if (tp->rx_opt.ts_recent_stamp &&
181	    !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
182		tp->rx_opt.ts_recent = 0;
183		tp->rx_opt.ts_recent_stamp = 0;
184		tp->write_seq = 0;
185	}
186
187	sk->sk_v6_daddr = usin->sin6_addr;
188	np->flow_label = fl6.flowlabel;
189
190	/*
191	 *	TCP over IPv4
192	 */
193
194	if (addr_type == IPV6_ADDR_MAPPED) {
195		u32 exthdrlen = icsk->icsk_ext_hdr_len;
196		struct sockaddr_in sin;
197
198		SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
199
200		if (__ipv6_only_sock(sk))
201			return -ENETUNREACH;
202
203		sin.sin_family = AF_INET;
204		sin.sin_port = usin->sin6_port;
205		sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
206
207		icsk->icsk_af_ops = &ipv6_mapped;
208		sk->sk_backlog_rcv = tcp_v4_do_rcv;
209#ifdef CONFIG_TCP_MD5SIG
210		tp->af_specific = &tcp_sock_ipv6_mapped_specific;
211#endif
212
213		err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
214
215		if (err) {
216			icsk->icsk_ext_hdr_len = exthdrlen;
217			icsk->icsk_af_ops = &ipv6_specific;
218			sk->sk_backlog_rcv = tcp_v6_do_rcv;
219#ifdef CONFIG_TCP_MD5SIG
220			tp->af_specific = &tcp_sock_ipv6_specific;
221#endif
222			goto failure;
223		}
224		np->saddr = sk->sk_v6_rcv_saddr;
225
226		return err;
227	}
228
229	if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
230		saddr = &sk->sk_v6_rcv_saddr;
231
232	fl6.flowi6_proto = IPPROTO_TCP;
233	fl6.daddr = sk->sk_v6_daddr;
234	fl6.saddr = saddr ? *saddr : np->saddr;
235	fl6.flowi6_oif = sk->sk_bound_dev_if;
236	fl6.flowi6_mark = sk->sk_mark;
237	fl6.fl6_dport = usin->sin6_port;
238	fl6.fl6_sport = inet->inet_sport;
239
240	opt = rcu_dereference_protected(np->opt, sock_owned_by_user(sk));
241	final_p = fl6_update_dst(&fl6, opt, &final);
242
243	security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
244
245	dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
246	if (IS_ERR(dst)) {
247		err = PTR_ERR(dst);
248		goto failure;
249	}
250
251	if (!saddr) {
252		saddr = &fl6.saddr;
253		sk->sk_v6_rcv_saddr = *saddr;
254	}
255
256	/* set the source address */
257	np->saddr = *saddr;
258	inet->inet_rcv_saddr = LOOPBACK4_IPV6;
259
260	sk->sk_gso_type = SKB_GSO_TCPV6;
261	__ip6_dst_store(sk, dst, NULL, NULL);
262
263	rt = (struct rt6_info *) dst;
264	if (tcp_death_row.sysctl_tw_recycle &&
265	    !tp->rx_opt.ts_recent_stamp &&
266	    ipv6_addr_equal(&rt->rt6i_dst.addr, &sk->sk_v6_daddr))
267		tcp_fetch_timewait_stamp(sk, dst);
268
269	icsk->icsk_ext_hdr_len = 0;
270	if (opt)
271		icsk->icsk_ext_hdr_len = opt->opt_flen +
272					 opt->opt_nflen;
273
274	tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
275
276	inet->inet_dport = usin->sin6_port;
277
278	tcp_set_state(sk, TCP_SYN_SENT);
279	err = inet6_hash_connect(&tcp_death_row, sk);
280	if (err)
281		goto late_failure;
282
283	ip6_set_txhash(sk);
284
285	if (!tp->write_seq && likely(!tp->repair))
286		tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
287							     sk->sk_v6_daddr.s6_addr32,
288							     inet->inet_sport,
289							     inet->inet_dport);
290
291	err = tcp_connect(sk);
292	if (err)
293		goto late_failure;
294
295	return 0;
296
297late_failure:
298	tcp_set_state(sk, TCP_CLOSE);
299	__sk_dst_reset(sk);
300failure:
301	inet->inet_dport = 0;
302	sk->sk_route_caps = 0;
303	return err;
304}
305
306static void tcp_v6_mtu_reduced(struct sock *sk)
307{
308	struct dst_entry *dst;
309
310	if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
311		return;
312
313	dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info);
314	if (!dst)
315		return;
316
317	if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
318		tcp_sync_mss(sk, dst_mtu(dst));
319		tcp_simple_retransmit(sk);
320	}
321}
322
323static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
324		u8 type, u8 code, int offset, __be32 info)
325{
326	const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
327	const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
328	struct net *net = dev_net(skb->dev);
329	struct request_sock *fastopen;
330	struct ipv6_pinfo *np;
331	struct tcp_sock *tp;
332	__u32 seq, snd_una;
333	struct sock *sk;
334	int err;
335
336	sk = __inet6_lookup_established(net, &tcp_hashinfo,
337					&hdr->daddr, th->dest,
338					&hdr->saddr, ntohs(th->source),
339					skb->dev->ifindex);
340
341	if (!sk) {
342		ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev),
343				   ICMP6_MIB_INERRORS);
344		return;
345	}
346
347	if (sk->sk_state == TCP_TIME_WAIT) {
348		inet_twsk_put(inet_twsk(sk));
349		return;
350	}
351	seq = ntohl(th->seq);
352	if (sk->sk_state == TCP_NEW_SYN_RECV)
353		return tcp_req_err(sk, seq);
354
355	bh_lock_sock(sk);
356	if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
357		NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
358
359	if (sk->sk_state == TCP_CLOSE)
360		goto out;
361
362	if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) {
363		NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
364		goto out;
365	}
366
367	tp = tcp_sk(sk);
368	/* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
369	fastopen = tp->fastopen_rsk;
370	snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
371	if (sk->sk_state != TCP_LISTEN &&
372	    !between(seq, snd_una, tp->snd_nxt)) {
373		NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
374		goto out;
375	}
376
377	np = inet6_sk(sk);
378
379	if (type == NDISC_REDIRECT) {
380		struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
381
382		if (dst)
383			dst->ops->redirect(dst, sk, skb);
384		goto out;
385	}
386
387	if (type == ICMPV6_PKT_TOOBIG) {
388		/* We are not interested in TCP_LISTEN and open_requests
389		 * (SYN-ACKs send out by Linux are always <576bytes so
390		 * they should go through unfragmented).
391		 */
392		if (sk->sk_state == TCP_LISTEN)
393			goto out;
394
395		if (!ip6_sk_accept_pmtu(sk))
396			goto out;
397
398		tp->mtu_info = ntohl(info);
399		if (!sock_owned_by_user(sk))
400			tcp_v6_mtu_reduced(sk);
401		else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
402					   &tp->tsq_flags))
403			sock_hold(sk);
404		goto out;
405	}
406
407	icmpv6_err_convert(type, code, &err);
408
409	/* Might be for an request_sock */
410	switch (sk->sk_state) {
411	case TCP_SYN_SENT:
412	case TCP_SYN_RECV:
413		/* Only in fast or simultaneous open. If a fast open socket is
414		 * is already accepted it is treated as a connected one below.
415		 */
416		if (fastopen && !fastopen->sk)
417			break;
418
419		if (!sock_owned_by_user(sk)) {
420			sk->sk_err = err;
421			sk->sk_error_report(sk);		/* Wake people up to see the error (see connect in sock.c) */
422
423			tcp_done(sk);
424		} else
425			sk->sk_err_soft = err;
426		goto out;
427	}
428
429	if (!sock_owned_by_user(sk) && np->recverr) {
430		sk->sk_err = err;
431		sk->sk_error_report(sk);
432	} else
433		sk->sk_err_soft = err;
434
435out:
436	bh_unlock_sock(sk);
437	sock_put(sk);
438}
439
440
441static int tcp_v6_send_synack(struct sock *sk, struct dst_entry *dst,
442			      struct flowi *fl,
443			      struct request_sock *req,
444			      u16 queue_mapping,
445			      struct tcp_fastopen_cookie *foc)
446{
447	struct inet_request_sock *ireq = inet_rsk(req);
448	struct ipv6_pinfo *np = inet6_sk(sk);
449	struct flowi6 *fl6 = &fl->u.ip6;
450	struct sk_buff *skb;
451	int err = -ENOMEM;
452
453	/* First, grab a route. */
454	if (!dst && (dst = inet6_csk_route_req(sk, fl6, req)) == NULL)
455		goto done;
456
457	skb = tcp_make_synack(sk, dst, req, foc);
458
459	if (skb) {
460		__tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
461				    &ireq->ir_v6_rmt_addr);
462
463		fl6->daddr = ireq->ir_v6_rmt_addr;
464		if (np->repflow && ireq->pktopts)
465			fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
466
467		skb_set_queue_mapping(skb, queue_mapping);
468		rcu_read_lock();
469		err = ip6_xmit(sk, skb, fl6, rcu_dereference(np->opt),
470			       np->tclass);
471		rcu_read_unlock();
472		err = net_xmit_eval(err);
473	}
474
475done:
476	return err;
477}
478
479
480static void tcp_v6_reqsk_destructor(struct request_sock *req)
481{
482	kfree_skb(inet_rsk(req)->pktopts);
483}
484
485#ifdef CONFIG_TCP_MD5SIG
486static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
487						   const struct in6_addr *addr)
488{
489	return tcp_md5_do_lookup(sk, (union tcp_md5_addr *)addr, AF_INET6);
490}
491
492static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
493						const struct sock *addr_sk)
494{
495	return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr);
496}
497
498static int tcp_v6_parse_md5_keys(struct sock *sk, char __user *optval,
499				 int optlen)
500{
501	struct tcp_md5sig cmd;
502	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
503
504	if (optlen < sizeof(cmd))
505		return -EINVAL;
506
507	if (copy_from_user(&cmd, optval, sizeof(cmd)))
508		return -EFAULT;
509
510	if (sin6->sin6_family != AF_INET6)
511		return -EINVAL;
512
513	if (!cmd.tcpm_keylen) {
514		if (ipv6_addr_v4mapped(&sin6->sin6_addr))
515			return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
516					      AF_INET);
517		return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
518				      AF_INET6);
519	}
520
521	if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
522		return -EINVAL;
523
524	if (ipv6_addr_v4mapped(&sin6->sin6_addr))
525		return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
526				      AF_INET, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
527
528	return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
529			      AF_INET6, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
530}
531
532static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
533					const struct in6_addr *daddr,
534					const struct in6_addr *saddr, int nbytes)
535{
536	struct tcp6_pseudohdr *bp;
537	struct scatterlist sg;
538
539	bp = &hp->md5_blk.ip6;
540	/* 1. TCP pseudo-header (RFC2460) */
541	bp->saddr = *saddr;
542	bp->daddr = *daddr;
543	bp->protocol = cpu_to_be32(IPPROTO_TCP);
544	bp->len = cpu_to_be32(nbytes);
545
546	sg_init_one(&sg, bp, sizeof(*bp));
547	return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
548}
549
550static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
551			       const struct in6_addr *daddr, struct in6_addr *saddr,
552			       const struct tcphdr *th)
553{
554	struct tcp_md5sig_pool *hp;
555	struct hash_desc *desc;
556
557	hp = tcp_get_md5sig_pool();
558	if (!hp)
559		goto clear_hash_noput;
560	desc = &hp->md5_desc;
561
562	if (crypto_hash_init(desc))
563		goto clear_hash;
564	if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
565		goto clear_hash;
566	if (tcp_md5_hash_header(hp, th))
567		goto clear_hash;
568	if (tcp_md5_hash_key(hp, key))
569		goto clear_hash;
570	if (crypto_hash_final(desc, md5_hash))
571		goto clear_hash;
572
573	tcp_put_md5sig_pool();
574	return 0;
575
576clear_hash:
577	tcp_put_md5sig_pool();
578clear_hash_noput:
579	memset(md5_hash, 0, 16);
580	return 1;
581}
582
583static int tcp_v6_md5_hash_skb(char *md5_hash,
584			       const struct tcp_md5sig_key *key,
585			       const struct sock *sk,
586			       const struct sk_buff *skb)
587{
588	const struct in6_addr *saddr, *daddr;
589	struct tcp_md5sig_pool *hp;
590	struct hash_desc *desc;
591	const struct tcphdr *th = tcp_hdr(skb);
592
593	if (sk) { /* valid for establish/request sockets */
594		saddr = &sk->sk_v6_rcv_saddr;
595		daddr = &sk->sk_v6_daddr;
596	} else {
597		const struct ipv6hdr *ip6h = ipv6_hdr(skb);
598		saddr = &ip6h->saddr;
599		daddr = &ip6h->daddr;
600	}
601
602	hp = tcp_get_md5sig_pool();
603	if (!hp)
604		goto clear_hash_noput;
605	desc = &hp->md5_desc;
606
607	if (crypto_hash_init(desc))
608		goto clear_hash;
609
610	if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
611		goto clear_hash;
612	if (tcp_md5_hash_header(hp, th))
613		goto clear_hash;
614	if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
615		goto clear_hash;
616	if (tcp_md5_hash_key(hp, key))
617		goto clear_hash;
618	if (crypto_hash_final(desc, md5_hash))
619		goto clear_hash;
620
621	tcp_put_md5sig_pool();
622	return 0;
623
624clear_hash:
625	tcp_put_md5sig_pool();
626clear_hash_noput:
627	memset(md5_hash, 0, 16);
628	return 1;
629}
630
631static bool tcp_v6_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb)
632{
633	const __u8 *hash_location = NULL;
634	struct tcp_md5sig_key *hash_expected;
635	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
636	const struct tcphdr *th = tcp_hdr(skb);
637	int genhash;
638	u8 newhash[16];
639
640	hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
641	hash_location = tcp_parse_md5sig_option(th);
642
643	/* We've parsed the options - do we have a hash? */
644	if (!hash_expected && !hash_location)
645		return false;
646
647	if (hash_expected && !hash_location) {
648		NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
649		return true;
650	}
651
652	if (!hash_expected && hash_location) {
653		NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
654		return true;
655	}
656
657	/* check the signature */
658	genhash = tcp_v6_md5_hash_skb(newhash,
659				      hash_expected,
660				      NULL, skb);
661
662	if (genhash || memcmp(hash_location, newhash, 16) != 0) {
663		net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
664				     genhash ? "failed" : "mismatch",
665				     &ip6h->saddr, ntohs(th->source),
666				     &ip6h->daddr, ntohs(th->dest));
667		return true;
668	}
669	return false;
670}
671#endif
672
673static void tcp_v6_init_req(struct request_sock *req, struct sock *sk,
674			    struct sk_buff *skb)
675{
676	struct inet_request_sock *ireq = inet_rsk(req);
677	struct ipv6_pinfo *np = inet6_sk(sk);
678
679	ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
680	ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
681
682	/* So that link locals have meaning */
683	if (!sk->sk_bound_dev_if &&
684	    ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
685		ireq->ir_iif = tcp_v6_iif(skb);
686
687	if (!TCP_SKB_CB(skb)->tcp_tw_isn &&
688	    (ipv6_opt_accepted(sk, skb, &TCP_SKB_CB(skb)->header.h6) ||
689	     np->rxopt.bits.rxinfo ||
690	     np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim ||
691	     np->rxopt.bits.rxohlim || np->repflow)) {
692		atomic_inc(&skb->users);
693		ireq->pktopts = skb;
694	}
695}
696
697static struct dst_entry *tcp_v6_route_req(struct sock *sk, struct flowi *fl,
698					  const struct request_sock *req,
699					  bool *strict)
700{
701	if (strict)
702		*strict = true;
703	return inet6_csk_route_req(sk, &fl->u.ip6, req);
704}
705
706struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
707	.family		=	AF_INET6,
708	.obj_size	=	sizeof(struct tcp6_request_sock),
709	.rtx_syn_ack	=	tcp_rtx_synack,
710	.send_ack	=	tcp_v6_reqsk_send_ack,
711	.destructor	=	tcp_v6_reqsk_destructor,
712	.send_reset	=	tcp_v6_send_reset,
713	.syn_ack_timeout =	tcp_syn_ack_timeout,
714};
715
716static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
717	.mss_clamp	=	IPV6_MIN_MTU - sizeof(struct tcphdr) -
718				sizeof(struct ipv6hdr),
719#ifdef CONFIG_TCP_MD5SIG
720	.req_md5_lookup	=	tcp_v6_md5_lookup,
721	.calc_md5_hash	=	tcp_v6_md5_hash_skb,
722#endif
723	.init_req	=	tcp_v6_init_req,
724#ifdef CONFIG_SYN_COOKIES
725	.cookie_init_seq =	cookie_v6_init_sequence,
726#endif
727	.route_req	=	tcp_v6_route_req,
728	.init_seq	=	tcp_v6_init_sequence,
729	.send_synack	=	tcp_v6_send_synack,
730	.queue_hash_add =	inet6_csk_reqsk_queue_hash_add,
731};
732
733static void tcp_v6_send_response(struct sock *sk, struct sk_buff *skb, u32 seq,
734				 u32 ack, u32 win, u32 tsval, u32 tsecr,
735				 int oif, struct tcp_md5sig_key *key, int rst,
736				 u8 tclass, u32 label)
737{
738	const struct tcphdr *th = tcp_hdr(skb);
739	struct tcphdr *t1;
740	struct sk_buff *buff;
741	struct flowi6 fl6;
742	struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
743	struct sock *ctl_sk = net->ipv6.tcp_sk;
744	unsigned int tot_len = sizeof(struct tcphdr);
745	struct dst_entry *dst;
746	__be32 *topt;
747
748	if (tsecr)
749		tot_len += TCPOLEN_TSTAMP_ALIGNED;
750#ifdef CONFIG_TCP_MD5SIG
751	if (key)
752		tot_len += TCPOLEN_MD5SIG_ALIGNED;
753#endif
754
755	buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
756			 GFP_ATOMIC);
757	if (!buff)
758		return;
759
760	skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
761
762	t1 = (struct tcphdr *) skb_push(buff, tot_len);
763	skb_reset_transport_header(buff);
764
765	/* Swap the send and the receive. */
766	memset(t1, 0, sizeof(*t1));
767	t1->dest = th->source;
768	t1->source = th->dest;
769	t1->doff = tot_len / 4;
770	t1->seq = htonl(seq);
771	t1->ack_seq = htonl(ack);
772	t1->ack = !rst || !th->ack;
773	t1->rst = rst;
774	t1->window = htons(win);
775
776	topt = (__be32 *)(t1 + 1);
777
778	if (tsecr) {
779		*topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
780				(TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
781		*topt++ = htonl(tsval);
782		*topt++ = htonl(tsecr);
783	}
784
785#ifdef CONFIG_TCP_MD5SIG
786	if (key) {
787		*topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
788				(TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
789		tcp_v6_md5_hash_hdr((__u8 *)topt, key,
790				    &ipv6_hdr(skb)->saddr,
791				    &ipv6_hdr(skb)->daddr, t1);
792	}
793#endif
794
795	memset(&fl6, 0, sizeof(fl6));
796	fl6.daddr = ipv6_hdr(skb)->saddr;
797	fl6.saddr = ipv6_hdr(skb)->daddr;
798	fl6.flowlabel = label;
799
800	buff->ip_summed = CHECKSUM_PARTIAL;
801	buff->csum = 0;
802
803	__tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
804
805	fl6.flowi6_proto = IPPROTO_TCP;
806	if (rt6_need_strict(&fl6.daddr) && !oif)
807		fl6.flowi6_oif = tcp_v6_iif(skb);
808	else
809		fl6.flowi6_oif = oif;
810	fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark);
811	fl6.fl6_dport = t1->dest;
812	fl6.fl6_sport = t1->source;
813	security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
814
815	/* Pass a socket to ip6_dst_lookup either it is for RST
816	 * Underlying function will use this to retrieve the network
817	 * namespace
818	 */
819	dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
820	if (!IS_ERR(dst)) {
821		skb_dst_set(buff, dst);
822		ip6_xmit(ctl_sk, buff, &fl6, NULL, tclass);
823		TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
824		if (rst)
825			TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
826		return;
827	}
828
829	kfree_skb(buff);
830}
831
832static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
833{
834	const struct tcphdr *th = tcp_hdr(skb);
835	u32 seq = 0, ack_seq = 0;
836	struct tcp_md5sig_key *key = NULL;
837#ifdef CONFIG_TCP_MD5SIG
838	const __u8 *hash_location = NULL;
839	struct ipv6hdr *ipv6h = ipv6_hdr(skb);
840	unsigned char newhash[16];
841	int genhash;
842	struct sock *sk1 = NULL;
843#endif
844	int oif;
845
846	if (th->rst)
847		return;
848
849	/* If sk not NULL, it means we did a successful lookup and incoming
850	 * route had to be correct. prequeue might have dropped our dst.
851	 */
852	if (!sk && !ipv6_unicast_destination(skb))
853		return;
854
855#ifdef CONFIG_TCP_MD5SIG
856	hash_location = tcp_parse_md5sig_option(th);
857	if (!sk && hash_location) {
858		/*
859		 * active side is lost. Try to find listening socket through
860		 * source port, and then find md5 key through listening socket.
861		 * we are not loose security here:
862		 * Incoming packet is checked with md5 hash with finding key,
863		 * no RST generated if md5 hash doesn't match.
864		 */
865		sk1 = inet6_lookup_listener(dev_net(skb_dst(skb)->dev),
866					   &tcp_hashinfo, &ipv6h->saddr,
867					   th->source, &ipv6h->daddr,
868					   ntohs(th->source), tcp_v6_iif(skb));
869		if (!sk1)
870			return;
871
872		rcu_read_lock();
873		key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr);
874		if (!key)
875			goto release_sk1;
876
877		genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, skb);
878		if (genhash || memcmp(hash_location, newhash, 16) != 0)
879			goto release_sk1;
880	} else {
881		key = sk ? tcp_v6_md5_do_lookup(sk, &ipv6h->saddr) : NULL;
882	}
883#endif
884
885	if (th->ack)
886		seq = ntohl(th->ack_seq);
887	else
888		ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
889			  (th->doff << 2);
890
891	oif = sk ? sk->sk_bound_dev_if : 0;
892	tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, key, 1, 0, 0);
893
894#ifdef CONFIG_TCP_MD5SIG
895release_sk1:
896	if (sk1) {
897		rcu_read_unlock();
898		sock_put(sk1);
899	}
900#endif
901}
902
903static void tcp_v6_send_ack(struct sock *sk, struct sk_buff *skb, u32 seq,
904			    u32 ack, u32 win, u32 tsval, u32 tsecr, int oif,
905			    struct tcp_md5sig_key *key, u8 tclass,
906			    u32 label)
907{
908	tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, key, 0,
909			     tclass, label);
910}
911
912static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
913{
914	struct inet_timewait_sock *tw = inet_twsk(sk);
915	struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
916
917	tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
918			tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
919			tcp_time_stamp + tcptw->tw_ts_offset,
920			tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw),
921			tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel));
922
923	inet_twsk_put(tw);
924}
925
926static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
927				  struct request_sock *req)
928{
929	/* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
930	 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
931	 */
932	tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ?
933			tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
934			tcp_rsk(req)->rcv_nxt, req->rcv_wnd,
935			tcp_time_stamp, req->ts_recent, sk->sk_bound_dev_if,
936			tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr),
937			0, 0);
938}
939
940
941static struct sock *tcp_v6_hnd_req(struct sock *sk, struct sk_buff *skb)
942{
943	const struct tcphdr *th = tcp_hdr(skb);
944	struct request_sock *req;
945	struct sock *nsk;
946
947	/* Find possible connection requests. */
948	req = inet6_csk_search_req(sk, th->source,
949				   &ipv6_hdr(skb)->saddr,
950				   &ipv6_hdr(skb)->daddr, tcp_v6_iif(skb));
951	if (req) {
952		nsk = tcp_check_req(sk, skb, req, false);
953		if (!nsk || nsk == sk)
954			reqsk_put(req);
955		return nsk;
956	}
957	nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
958					 &ipv6_hdr(skb)->saddr, th->source,
959					 &ipv6_hdr(skb)->daddr, ntohs(th->dest),
960					 tcp_v6_iif(skb));
961
962	if (nsk) {
963		if (nsk->sk_state != TCP_TIME_WAIT) {
964			bh_lock_sock(nsk);
965			return nsk;
966		}
967		inet_twsk_put(inet_twsk(nsk));
968		return NULL;
969	}
970
971#ifdef CONFIG_SYN_COOKIES
972	if (!th->syn)
973		sk = cookie_v6_check(sk, skb);
974#endif
975	return sk;
976}
977
978static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
979{
980	if (skb->protocol == htons(ETH_P_IP))
981		return tcp_v4_conn_request(sk, skb);
982
983	if (!ipv6_unicast_destination(skb))
984		goto drop;
985
986	return tcp_conn_request(&tcp6_request_sock_ops,
987				&tcp_request_sock_ipv6_ops, sk, skb);
988
989drop:
990	NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
991	return 0; /* don't send reset */
992}
993
994static struct sock *tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
995					 struct request_sock *req,
996					 struct dst_entry *dst)
997{
998	struct inet_request_sock *ireq;
999	struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1000	struct tcp6_sock *newtcp6sk;
1001	struct ipv6_txoptions *opt;
1002	struct inet_sock *newinet;
1003	struct tcp_sock *newtp;
1004	struct sock *newsk;
1005#ifdef CONFIG_TCP_MD5SIG
1006	struct tcp_md5sig_key *key;
1007#endif
1008	struct flowi6 fl6;
1009
1010	if (skb->protocol == htons(ETH_P_IP)) {
1011		/*
1012		 *	v6 mapped
1013		 */
1014
1015		newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1016
1017		if (!newsk)
1018			return NULL;
1019
1020		newtcp6sk = (struct tcp6_sock *)newsk;
1021		inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1022
1023		newinet = inet_sk(newsk);
1024		newnp = inet6_sk(newsk);
1025		newtp = tcp_sk(newsk);
1026
1027		memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1028
1029		newnp->saddr = newsk->sk_v6_rcv_saddr;
1030
1031		inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1032		newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1033#ifdef CONFIG_TCP_MD5SIG
1034		newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1035#endif
1036
1037		newnp->ipv6_ac_list = NULL;
1038		newnp->ipv6_fl_list = NULL;
1039		newnp->pktoptions  = NULL;
1040		newnp->opt	   = NULL;
1041		newnp->mcast_oif   = tcp_v6_iif(skb);
1042		newnp->mcast_hops  = ipv6_hdr(skb)->hop_limit;
1043		newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1044		if (np->repflow)
1045			newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1046
1047		/*
1048		 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1049		 * here, tcp_create_openreq_child now does this for us, see the comment in
1050		 * that function for the gory details. -acme
1051		 */
1052
1053		/* It is tricky place. Until this moment IPv4 tcp
1054		   worked with IPv6 icsk.icsk_af_ops.
1055		   Sync it now.
1056		 */
1057		tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1058
1059		return newsk;
1060	}
1061
1062	ireq = inet_rsk(req);
1063
1064	if (sk_acceptq_is_full(sk))
1065		goto out_overflow;
1066
1067	if (!dst) {
1068		dst = inet6_csk_route_req(sk, &fl6, req);
1069		if (!dst)
1070			goto out;
1071	}
1072
1073	newsk = tcp_create_openreq_child(sk, req, skb);
1074	if (!newsk)
1075		goto out_nonewsk;
1076
1077	/*
1078	 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1079	 * count here, tcp_create_openreq_child now does this for us, see the
1080	 * comment in that function for the gory details. -acme
1081	 */
1082
1083	newsk->sk_gso_type = SKB_GSO_TCPV6;
1084	__ip6_dst_store(newsk, dst, NULL, NULL);
1085	inet6_sk_rx_dst_set(newsk, skb);
1086
1087	newtcp6sk = (struct tcp6_sock *)newsk;
1088	inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1089
1090	newtp = tcp_sk(newsk);
1091	newinet = inet_sk(newsk);
1092	newnp = inet6_sk(newsk);
1093
1094	memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1095
1096	newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
1097	newnp->saddr = ireq->ir_v6_loc_addr;
1098	newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
1099	newsk->sk_bound_dev_if = ireq->ir_iif;
1100
1101	ip6_set_txhash(newsk);
1102
1103	/* Now IPv6 options...
1104
1105	   First: no IPv4 options.
1106	 */
1107	newinet->inet_opt = NULL;
1108	newnp->ipv6_ac_list = NULL;
1109	newnp->ipv6_fl_list = NULL;
1110
1111	/* Clone RX bits */
1112	newnp->rxopt.all = np->rxopt.all;
1113
1114	/* Clone pktoptions received with SYN */
1115	newnp->pktoptions = NULL;
1116	if (ireq->pktopts) {
1117		newnp->pktoptions = skb_clone(ireq->pktopts,
1118					      sk_gfp_atomic(sk, GFP_ATOMIC));
1119		consume_skb(ireq->pktopts);
1120		ireq->pktopts = NULL;
1121		if (newnp->pktoptions)
1122			skb_set_owner_r(newnp->pktoptions, newsk);
1123	}
1124	newnp->opt	  = NULL;
1125	newnp->mcast_oif  = tcp_v6_iif(skb);
1126	newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1127	newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1128	if (np->repflow)
1129		newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1130
1131	/* Clone native IPv6 options from listening socket (if any)
1132
1133	   Yes, keeping reference count would be much more clever,
1134	   but we make one more one thing there: reattach optmem
1135	   to newsk.
1136	 */
1137	opt = rcu_dereference(np->opt);
1138	if (opt) {
1139		opt = ipv6_dup_options(newsk, opt);
1140		RCU_INIT_POINTER(newnp->opt, opt);
1141	}
1142	inet_csk(newsk)->icsk_ext_hdr_len = 0;
1143	if (opt)
1144		inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen +
1145						    opt->opt_flen;
1146
1147	tcp_ca_openreq_child(newsk, dst);
1148
1149	tcp_sync_mss(newsk, dst_mtu(dst));
1150	newtp->advmss = dst_metric_advmss(dst);
1151	if (tcp_sk(sk)->rx_opt.user_mss &&
1152	    tcp_sk(sk)->rx_opt.user_mss < newtp->advmss)
1153		newtp->advmss = tcp_sk(sk)->rx_opt.user_mss;
1154
1155	tcp_initialize_rcv_mss(newsk);
1156
1157	newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1158	newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1159
1160#ifdef CONFIG_TCP_MD5SIG
1161	/* Copy over the MD5 key from the original socket */
1162	key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr);
1163	if (key) {
1164		/* We're using one, so create a matching key
1165		 * on the newsk structure. If we fail to get
1166		 * memory, then we end up not copying the key
1167		 * across. Shucks.
1168		 */
1169		tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr,
1170			       AF_INET6, key->key, key->keylen,
1171			       sk_gfp_atomic(sk, GFP_ATOMIC));
1172	}
1173#endif
1174
1175	if (__inet_inherit_port(sk, newsk) < 0) {
1176		inet_csk_prepare_forced_close(newsk);
1177		tcp_done(newsk);
1178		goto out;
1179	}
1180	__inet_hash(newsk, NULL);
1181
1182	return newsk;
1183
1184out_overflow:
1185	NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1186out_nonewsk:
1187	dst_release(dst);
1188out:
1189	NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1190	return NULL;
1191}
1192
1193/* The socket must have it's spinlock held when we get
1194 * here.
1195 *
1196 * We have a potential double-lock case here, so even when
1197 * doing backlog processing we use the BH locking scheme.
1198 * This is because we cannot sleep with the original spinlock
1199 * held.
1200 */
1201static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1202{
1203	struct ipv6_pinfo *np = inet6_sk(sk);
1204	struct tcp_sock *tp;
1205	struct sk_buff *opt_skb = NULL;
1206
1207	/* Imagine: socket is IPv6. IPv4 packet arrives,
1208	   goes to IPv4 receive handler and backlogged.
1209	   From backlog it always goes here. Kerboom...
1210	   Fortunately, tcp_rcv_established and rcv_established
1211	   handle them correctly, but it is not case with
1212	   tcp_v6_hnd_req and tcp_v6_send_reset().   --ANK
1213	 */
1214
1215	if (skb->protocol == htons(ETH_P_IP))
1216		return tcp_v4_do_rcv(sk, skb);
1217
1218	if (sk_filter(sk, skb))
1219		goto discard;
1220
1221	/*
1222	 *	socket locking is here for SMP purposes as backlog rcv
1223	 *	is currently called with bh processing disabled.
1224	 */
1225
1226	/* Do Stevens' IPV6_PKTOPTIONS.
1227
1228	   Yes, guys, it is the only place in our code, where we
1229	   may make it not affecting IPv4.
1230	   The rest of code is protocol independent,
1231	   and I do not like idea to uglify IPv4.
1232
1233	   Actually, all the idea behind IPV6_PKTOPTIONS
1234	   looks not very well thought. For now we latch
1235	   options, received in the last packet, enqueued
1236	   by tcp. Feel free to propose better solution.
1237					       --ANK (980728)
1238	 */
1239	if (np->rxopt.all)
1240		opt_skb = skb_clone(skb, sk_gfp_atomic(sk, GFP_ATOMIC));
1241
1242	if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1243		struct dst_entry *dst = sk->sk_rx_dst;
1244
1245		sock_rps_save_rxhash(sk, skb);
1246		sk_mark_napi_id(sk, skb);
1247		if (dst) {
1248			if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
1249			    dst->ops->check(dst, np->rx_dst_cookie) == NULL) {
1250				dst_release(dst);
1251				sk->sk_rx_dst = NULL;
1252			}
1253		}
1254
1255		tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len);
1256		if (opt_skb)
1257			goto ipv6_pktoptions;
1258		return 0;
1259	}
1260
1261	if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1262		goto csum_err;
1263
1264	if (sk->sk_state == TCP_LISTEN) {
1265		struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1266		if (!nsk)
1267			goto discard;
1268
1269		/*
1270		 * Queue it on the new socket if the new socket is active,
1271		 * otherwise we just shortcircuit this and continue with
1272		 * the new socket..
1273		 */
1274		if (nsk != sk) {
1275			sock_rps_save_rxhash(nsk, skb);
1276			sk_mark_napi_id(sk, skb);
1277			if (tcp_child_process(sk, nsk, skb))
1278				goto reset;
1279			if (opt_skb)
1280				__kfree_skb(opt_skb);
1281			return 0;
1282		}
1283	} else
1284		sock_rps_save_rxhash(sk, skb);
1285
1286	if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1287		goto reset;
1288	if (opt_skb)
1289		goto ipv6_pktoptions;
1290	return 0;
1291
1292reset:
1293	tcp_v6_send_reset(sk, skb);
1294discard:
1295	if (opt_skb)
1296		__kfree_skb(opt_skb);
1297	kfree_skb(skb);
1298	return 0;
1299csum_err:
1300	TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_CSUMERRORS);
1301	TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1302	goto discard;
1303
1304
1305ipv6_pktoptions:
1306	/* Do you ask, what is it?
1307
1308	   1. skb was enqueued by tcp.
1309	   2. skb is added to tail of read queue, rather than out of order.
1310	   3. socket is not in passive state.
1311	   4. Finally, it really contains options, which user wants to receive.
1312	 */
1313	tp = tcp_sk(sk);
1314	if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1315	    !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1316		if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1317			np->mcast_oif = tcp_v6_iif(opt_skb);
1318		if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1319			np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1320		if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
1321			np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
1322		if (np->repflow)
1323			np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
1324		if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) {
1325			skb_set_owner_r(opt_skb, sk);
1326			opt_skb = xchg(&np->pktoptions, opt_skb);
1327		} else {
1328			__kfree_skb(opt_skb);
1329			opt_skb = xchg(&np->pktoptions, NULL);
1330		}
1331	}
1332
1333	kfree_skb(opt_skb);
1334	return 0;
1335}
1336
1337static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
1338			   const struct tcphdr *th)
1339{
1340	/* This is tricky: we move IP6CB at its correct location into
1341	 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
1342	 * _decode_session6() uses IP6CB().
1343	 * barrier() makes sure compiler won't play aliasing games.
1344	 */
1345	memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
1346		sizeof(struct inet6_skb_parm));
1347	barrier();
1348
1349	TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1350	TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1351				    skb->len - th->doff*4);
1352	TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1353	TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1354	TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1355	TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1356	TCP_SKB_CB(skb)->sacked = 0;
1357}
1358
1359static void tcp_v6_restore_cb(struct sk_buff *skb)
1360{
1361	/* We need to move header back to the beginning if xfrm6_policy_check()
1362	 * and tcp_v6_fill_cb() are going to be called again.
1363	 */
1364	memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
1365		sizeof(struct inet6_skb_parm));
1366}
1367
1368static int tcp_v6_rcv(struct sk_buff *skb)
1369{
1370	const struct tcphdr *th;
1371	const struct ipv6hdr *hdr;
1372	struct sock *sk;
1373	int ret;
1374	struct net *net = dev_net(skb->dev);
1375
1376	if (skb->pkt_type != PACKET_HOST)
1377		goto discard_it;
1378
1379	/*
1380	 *	Count it even if it's bad.
1381	 */
1382	TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1383
1384	if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1385		goto discard_it;
1386
1387	th = tcp_hdr(skb);
1388
1389	if (th->doff < sizeof(struct tcphdr)/4)
1390		goto bad_packet;
1391	if (!pskb_may_pull(skb, th->doff*4))
1392		goto discard_it;
1393
1394	if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo))
1395		goto csum_error;
1396
1397	th = tcp_hdr(skb);
1398	hdr = ipv6_hdr(skb);
1399
1400	sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest,
1401				inet6_iif(skb));
1402	if (!sk)
1403		goto no_tcp_socket;
1404
1405process:
1406	if (sk->sk_state == TCP_TIME_WAIT)
1407		goto do_time_wait;
1408
1409	if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
1410		NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
1411		goto discard_and_relse;
1412	}
1413
1414	if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1415		goto discard_and_relse;
1416
1417	tcp_v6_fill_cb(skb, hdr, th);
1418
1419#ifdef CONFIG_TCP_MD5SIG
1420	if (tcp_v6_inbound_md5_hash(sk, skb))
1421		goto discard_and_relse;
1422#endif
1423
1424	if (sk_filter(sk, skb))
1425		goto discard_and_relse;
1426
1427	sk_incoming_cpu_update(sk);
1428	skb->dev = NULL;
1429
1430	bh_lock_sock_nested(sk);
1431	ret = 0;
1432	if (!sock_owned_by_user(sk)) {
1433		if (!tcp_prequeue(sk, skb))
1434			ret = tcp_v6_do_rcv(sk, skb);
1435	} else if (unlikely(sk_add_backlog(sk, skb,
1436					   sk->sk_rcvbuf + sk->sk_sndbuf))) {
1437		bh_unlock_sock(sk);
1438		NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP);
1439		goto discard_and_relse;
1440	}
1441	bh_unlock_sock(sk);
1442
1443	sock_put(sk);
1444	return ret ? -1 : 0;
1445
1446no_tcp_socket:
1447	if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1448		goto discard_it;
1449
1450	tcp_v6_fill_cb(skb, hdr, th);
1451
1452	if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1453csum_error:
1454		TCP_INC_STATS_BH(net, TCP_MIB_CSUMERRORS);
1455bad_packet:
1456		TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1457	} else {
1458		tcp_v6_send_reset(NULL, skb);
1459	}
1460
1461discard_it:
1462	kfree_skb(skb);
1463	return 0;
1464
1465discard_and_relse:
1466	sock_put(sk);
1467	goto discard_it;
1468
1469do_time_wait:
1470	if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1471		inet_twsk_put(inet_twsk(sk));
1472		goto discard_it;
1473	}
1474
1475	tcp_v6_fill_cb(skb, hdr, th);
1476
1477	if (skb->len < (th->doff<<2)) {
1478		inet_twsk_put(inet_twsk(sk));
1479		goto bad_packet;
1480	}
1481	if (tcp_checksum_complete(skb)) {
1482		inet_twsk_put(inet_twsk(sk));
1483		goto csum_error;
1484	}
1485
1486	switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1487	case TCP_TW_SYN:
1488	{
1489		struct sock *sk2;
1490
1491		sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1492					    &ipv6_hdr(skb)->saddr, th->source,
1493					    &ipv6_hdr(skb)->daddr,
1494					    ntohs(th->dest), tcp_v6_iif(skb));
1495		if (sk2) {
1496			struct inet_timewait_sock *tw = inet_twsk(sk);
1497			inet_twsk_deschedule(tw);
1498			inet_twsk_put(tw);
1499			sk = sk2;
1500			tcp_v6_restore_cb(skb);
1501			goto process;
1502		}
1503		/* Fall through to ACK */
1504	}
1505	case TCP_TW_ACK:
1506		tcp_v6_timewait_ack(sk, skb);
1507		break;
1508	case TCP_TW_RST:
1509		tcp_v6_restore_cb(skb);
1510		goto no_tcp_socket;
1511	case TCP_TW_SUCCESS:
1512		;
1513	}
1514	goto discard_it;
1515}
1516
1517static void tcp_v6_early_demux(struct sk_buff *skb)
1518{
1519	const struct ipv6hdr *hdr;
1520	const struct tcphdr *th;
1521	struct sock *sk;
1522
1523	if (skb->pkt_type != PACKET_HOST)
1524		return;
1525
1526	if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1527		return;
1528
1529	hdr = ipv6_hdr(skb);
1530	th = tcp_hdr(skb);
1531
1532	if (th->doff < sizeof(struct tcphdr) / 4)
1533		return;
1534
1535	/* Note : We use inet6_iif() here, not tcp_v6_iif() */
1536	sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1537					&hdr->saddr, th->source,
1538					&hdr->daddr, ntohs(th->dest),
1539					inet6_iif(skb));
1540	if (sk) {
1541		skb->sk = sk;
1542		skb->destructor = sock_edemux;
1543		if (sk_fullsock(sk)) {
1544			struct dst_entry *dst = READ_ONCE(sk->sk_rx_dst);
1545
1546			if (dst)
1547				dst = dst_check(dst, inet6_sk(sk)->rx_dst_cookie);
1548			if (dst &&
1549			    inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
1550				skb_dst_set_noref(skb, dst);
1551		}
1552	}
1553}
1554
1555static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1556	.twsk_obj_size	= sizeof(struct tcp6_timewait_sock),
1557	.twsk_unique	= tcp_twsk_unique,
1558	.twsk_destructor = tcp_twsk_destructor,
1559};
1560
1561static const struct inet_connection_sock_af_ops ipv6_specific = {
1562	.queue_xmit	   = inet6_csk_xmit,
1563	.send_check	   = tcp_v6_send_check,
1564	.rebuild_header	   = inet6_sk_rebuild_header,
1565	.sk_rx_dst_set	   = inet6_sk_rx_dst_set,
1566	.conn_request	   = tcp_v6_conn_request,
1567	.syn_recv_sock	   = tcp_v6_syn_recv_sock,
1568	.net_header_len	   = sizeof(struct ipv6hdr),
1569	.net_frag_header_len = sizeof(struct frag_hdr),
1570	.setsockopt	   = ipv6_setsockopt,
1571	.getsockopt	   = ipv6_getsockopt,
1572	.addr2sockaddr	   = inet6_csk_addr2sockaddr,
1573	.sockaddr_len	   = sizeof(struct sockaddr_in6),
1574	.bind_conflict	   = inet6_csk_bind_conflict,
1575#ifdef CONFIG_COMPAT
1576	.compat_setsockopt = compat_ipv6_setsockopt,
1577	.compat_getsockopt = compat_ipv6_getsockopt,
1578#endif
1579	.mtu_reduced	   = tcp_v6_mtu_reduced,
1580};
1581
1582#ifdef CONFIG_TCP_MD5SIG
1583static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1584	.md5_lookup	=	tcp_v6_md5_lookup,
1585	.calc_md5_hash	=	tcp_v6_md5_hash_skb,
1586	.md5_parse	=	tcp_v6_parse_md5_keys,
1587};
1588#endif
1589
1590/*
1591 *	TCP over IPv4 via INET6 API
1592 */
1593static const struct inet_connection_sock_af_ops ipv6_mapped = {
1594	.queue_xmit	   = ip_queue_xmit,
1595	.send_check	   = tcp_v4_send_check,
1596	.rebuild_header	   = inet_sk_rebuild_header,
1597	.sk_rx_dst_set	   = inet_sk_rx_dst_set,
1598	.conn_request	   = tcp_v6_conn_request,
1599	.syn_recv_sock	   = tcp_v6_syn_recv_sock,
1600	.net_header_len	   = sizeof(struct iphdr),
1601	.setsockopt	   = ipv6_setsockopt,
1602	.getsockopt	   = ipv6_getsockopt,
1603	.addr2sockaddr	   = inet6_csk_addr2sockaddr,
1604	.sockaddr_len	   = sizeof(struct sockaddr_in6),
1605	.bind_conflict	   = inet6_csk_bind_conflict,
1606#ifdef CONFIG_COMPAT
1607	.compat_setsockopt = compat_ipv6_setsockopt,
1608	.compat_getsockopt = compat_ipv6_getsockopt,
1609#endif
1610	.mtu_reduced	   = tcp_v4_mtu_reduced,
1611};
1612
1613#ifdef CONFIG_TCP_MD5SIG
1614static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1615	.md5_lookup	=	tcp_v4_md5_lookup,
1616	.calc_md5_hash	=	tcp_v4_md5_hash_skb,
1617	.md5_parse	=	tcp_v6_parse_md5_keys,
1618};
1619#endif
1620
1621/* NOTE: A lot of things set to zero explicitly by call to
1622 *       sk_alloc() so need not be done here.
1623 */
1624static int tcp_v6_init_sock(struct sock *sk)
1625{
1626	struct inet_connection_sock *icsk = inet_csk(sk);
1627
1628	tcp_init_sock(sk);
1629
1630	icsk->icsk_af_ops = &ipv6_specific;
1631
1632#ifdef CONFIG_TCP_MD5SIG
1633	tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
1634#endif
1635
1636	return 0;
1637}
1638
1639static void tcp_v6_destroy_sock(struct sock *sk)
1640{
1641	tcp_v4_destroy_sock(sk);
1642	inet6_destroy_sock(sk);
1643}
1644
1645#ifdef CONFIG_PROC_FS
1646/* Proc filesystem TCPv6 sock list dumping. */
1647static void get_openreq6(struct seq_file *seq,
1648			 struct request_sock *req, int i, kuid_t uid)
1649{
1650	long ttd = req->rsk_timer.expires - jiffies;
1651	const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
1652	const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
1653
1654	if (ttd < 0)
1655		ttd = 0;
1656
1657	seq_printf(seq,
1658		   "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1659		   "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
1660		   i,
1661		   src->s6_addr32[0], src->s6_addr32[1],
1662		   src->s6_addr32[2], src->s6_addr32[3],
1663		   inet_rsk(req)->ir_num,
1664		   dest->s6_addr32[0], dest->s6_addr32[1],
1665		   dest->s6_addr32[2], dest->s6_addr32[3],
1666		   ntohs(inet_rsk(req)->ir_rmt_port),
1667		   TCP_SYN_RECV,
1668		   0, 0, /* could print option size, but that is af dependent. */
1669		   1,   /* timers active (only the expire timer) */
1670		   jiffies_to_clock_t(ttd),
1671		   req->num_timeout,
1672		   from_kuid_munged(seq_user_ns(seq), uid),
1673		   0,  /* non standard timer */
1674		   0, /* open_requests have no inode */
1675		   0, req);
1676}
1677
1678static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1679{
1680	const struct in6_addr *dest, *src;
1681	__u16 destp, srcp;
1682	int timer_active;
1683	unsigned long timer_expires;
1684	const struct inet_sock *inet = inet_sk(sp);
1685	const struct tcp_sock *tp = tcp_sk(sp);
1686	const struct inet_connection_sock *icsk = inet_csk(sp);
1687	struct fastopen_queue *fastopenq = icsk->icsk_accept_queue.fastopenq;
1688
1689	dest  = &sp->sk_v6_daddr;
1690	src   = &sp->sk_v6_rcv_saddr;
1691	destp = ntohs(inet->inet_dport);
1692	srcp  = ntohs(inet->inet_sport);
1693
1694	if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1695		timer_active	= 1;
1696		timer_expires	= icsk->icsk_timeout;
1697	} else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1698		timer_active	= 4;
1699		timer_expires	= icsk->icsk_timeout;
1700	} else if (timer_pending(&sp->sk_timer)) {
1701		timer_active	= 2;
1702		timer_expires	= sp->sk_timer.expires;
1703	} else {
1704		timer_active	= 0;
1705		timer_expires = jiffies;
1706	}
1707
1708	seq_printf(seq,
1709		   "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1710		   "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
1711		   i,
1712		   src->s6_addr32[0], src->s6_addr32[1],
1713		   src->s6_addr32[2], src->s6_addr32[3], srcp,
1714		   dest->s6_addr32[0], dest->s6_addr32[1],
1715		   dest->s6_addr32[2], dest->s6_addr32[3], destp,
1716		   sp->sk_state,
1717		   tp->write_seq-tp->snd_una,
1718		   (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
1719		   timer_active,
1720		   jiffies_delta_to_clock_t(timer_expires - jiffies),
1721		   icsk->icsk_retransmits,
1722		   from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
1723		   icsk->icsk_probes_out,
1724		   sock_i_ino(sp),
1725		   atomic_read(&sp->sk_refcnt), sp,
1726		   jiffies_to_clock_t(icsk->icsk_rto),
1727		   jiffies_to_clock_t(icsk->icsk_ack.ato),
1728		   (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
1729		   tp->snd_cwnd,
1730		   sp->sk_state == TCP_LISTEN ?
1731			(fastopenq ? fastopenq->max_qlen : 0) :
1732			(tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
1733		   );
1734}
1735
1736static void get_timewait6_sock(struct seq_file *seq,
1737			       struct inet_timewait_sock *tw, int i)
1738{
1739	long delta = tw->tw_timer.expires - jiffies;
1740	const struct in6_addr *dest, *src;
1741	__u16 destp, srcp;
1742
1743	dest = &tw->tw_v6_daddr;
1744	src  = &tw->tw_v6_rcv_saddr;
1745	destp = ntohs(tw->tw_dport);
1746	srcp  = ntohs(tw->tw_sport);
1747
1748	seq_printf(seq,
1749		   "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1750		   "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1751		   i,
1752		   src->s6_addr32[0], src->s6_addr32[1],
1753		   src->s6_addr32[2], src->s6_addr32[3], srcp,
1754		   dest->s6_addr32[0], dest->s6_addr32[1],
1755		   dest->s6_addr32[2], dest->s6_addr32[3], destp,
1756		   tw->tw_substate, 0, 0,
1757		   3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
1758		   atomic_read(&tw->tw_refcnt), tw);
1759}
1760
1761static int tcp6_seq_show(struct seq_file *seq, void *v)
1762{
1763	struct tcp_iter_state *st;
1764	struct sock *sk = v;
1765
1766	if (v == SEQ_START_TOKEN) {
1767		seq_puts(seq,
1768			 "  sl  "
1769			 "local_address                         "
1770			 "remote_address                        "
1771			 "st tx_queue rx_queue tr tm->when retrnsmt"
1772			 "   uid  timeout inode\n");
1773		goto out;
1774	}
1775	st = seq->private;
1776
1777	switch (st->state) {
1778	case TCP_SEQ_STATE_LISTENING:
1779	case TCP_SEQ_STATE_ESTABLISHED:
1780		if (sk->sk_state == TCP_TIME_WAIT)
1781			get_timewait6_sock(seq, v, st->num);
1782		else
1783			get_tcp6_sock(seq, v, st->num);
1784		break;
1785	case TCP_SEQ_STATE_OPENREQ:
1786		get_openreq6(seq, v, st->num, st->uid);
1787		break;
1788	}
1789out:
1790	return 0;
1791}
1792
1793static const struct file_operations tcp6_afinfo_seq_fops = {
1794	.owner   = THIS_MODULE,
1795	.open    = tcp_seq_open,
1796	.read    = seq_read,
1797	.llseek  = seq_lseek,
1798	.release = seq_release_net
1799};
1800
1801static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1802	.name		= "tcp6",
1803	.family		= AF_INET6,
1804	.seq_fops	= &tcp6_afinfo_seq_fops,
1805	.seq_ops	= {
1806		.show		= tcp6_seq_show,
1807	},
1808};
1809
1810int __net_init tcp6_proc_init(struct net *net)
1811{
1812	return tcp_proc_register(net, &tcp6_seq_afinfo);
1813}
1814
1815void tcp6_proc_exit(struct net *net)
1816{
1817	tcp_proc_unregister(net, &tcp6_seq_afinfo);
1818}
1819#endif
1820
1821static void tcp_v6_clear_sk(struct sock *sk, int size)
1822{
1823	struct inet_sock *inet = inet_sk(sk);
1824
1825	/* we do not want to clear pinet6 field, because of RCU lookups */
1826	sk_prot_clear_nulls(sk, offsetof(struct inet_sock, pinet6));
1827
1828	size -= offsetof(struct inet_sock, pinet6) + sizeof(inet->pinet6);
1829	memset(&inet->pinet6 + 1, 0, size);
1830}
1831
1832struct proto tcpv6_prot = {
1833	.name			= "TCPv6",
1834	.owner			= THIS_MODULE,
1835	.close			= tcp_close,
1836	.connect		= tcp_v6_connect,
1837	.disconnect		= tcp_disconnect,
1838	.accept			= inet_csk_accept,
1839	.ioctl			= tcp_ioctl,
1840	.init			= tcp_v6_init_sock,
1841	.destroy		= tcp_v6_destroy_sock,
1842	.shutdown		= tcp_shutdown,
1843	.setsockopt		= tcp_setsockopt,
1844	.getsockopt		= tcp_getsockopt,
1845	.recvmsg		= tcp_recvmsg,
1846	.sendmsg		= tcp_sendmsg,
1847	.sendpage		= tcp_sendpage,
1848	.backlog_rcv		= tcp_v6_do_rcv,
1849	.release_cb		= tcp_release_cb,
1850	.hash			= inet_hash,
1851	.unhash			= inet_unhash,
1852	.get_port		= inet_csk_get_port,
1853	.enter_memory_pressure	= tcp_enter_memory_pressure,
1854	.stream_memory_free	= tcp_stream_memory_free,
1855	.sockets_allocated	= &tcp_sockets_allocated,
1856	.memory_allocated	= &tcp_memory_allocated,
1857	.memory_pressure	= &tcp_memory_pressure,
1858	.orphan_count		= &tcp_orphan_count,
1859	.sysctl_mem		= sysctl_tcp_mem,
1860	.sysctl_wmem		= sysctl_tcp_wmem,
1861	.sysctl_rmem		= sysctl_tcp_rmem,
1862	.max_header		= MAX_TCP_HEADER,
1863	.obj_size		= sizeof(struct tcp6_sock),
1864	.slab_flags		= SLAB_DESTROY_BY_RCU,
1865	.twsk_prot		= &tcp6_timewait_sock_ops,
1866	.rsk_prot		= &tcp6_request_sock_ops,
1867	.h.hashinfo		= &tcp_hashinfo,
1868	.no_autobind		= true,
1869#ifdef CONFIG_COMPAT
1870	.compat_setsockopt	= compat_tcp_setsockopt,
1871	.compat_getsockopt	= compat_tcp_getsockopt,
1872#endif
1873#ifdef CONFIG_MEMCG_KMEM
1874	.proto_cgroup		= tcp_proto_cgroup,
1875#endif
1876	.clear_sk		= tcp_v6_clear_sk,
1877};
1878
1879static const struct inet6_protocol tcpv6_protocol = {
1880	.early_demux	=	tcp_v6_early_demux,
1881	.handler	=	tcp_v6_rcv,
1882	.err_handler	=	tcp_v6_err,
1883	.flags		=	INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1884};
1885
1886static struct inet_protosw tcpv6_protosw = {
1887	.type		=	SOCK_STREAM,
1888	.protocol	=	IPPROTO_TCP,
1889	.prot		=	&tcpv6_prot,
1890	.ops		=	&inet6_stream_ops,
1891	.flags		=	INET_PROTOSW_PERMANENT |
1892				INET_PROTOSW_ICSK,
1893};
1894
1895static int __net_init tcpv6_net_init(struct net *net)
1896{
1897	return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
1898				    SOCK_RAW, IPPROTO_TCP, net);
1899}
1900
1901static void __net_exit tcpv6_net_exit(struct net *net)
1902{
1903	inet_ctl_sock_destroy(net->ipv6.tcp_sk);
1904}
1905
1906static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
1907{
1908	inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET6);
1909}
1910
1911static struct pernet_operations tcpv6_net_ops = {
1912	.init	    = tcpv6_net_init,
1913	.exit	    = tcpv6_net_exit,
1914	.exit_batch = tcpv6_net_exit_batch,
1915};
1916
1917int __init tcpv6_init(void)
1918{
1919	int ret;
1920
1921	ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
1922	if (ret)
1923		goto out;
1924
1925	/* register inet6 protocol */
1926	ret = inet6_register_protosw(&tcpv6_protosw);
1927	if (ret)
1928		goto out_tcpv6_protocol;
1929
1930	ret = register_pernet_subsys(&tcpv6_net_ops);
1931	if (ret)
1932		goto out_tcpv6_protosw;
1933out:
1934	return ret;
1935
1936out_tcpv6_protosw:
1937	inet6_unregister_protosw(&tcpv6_protosw);
1938out_tcpv6_protocol:
1939	inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
1940	goto out;
1941}
1942
1943void tcpv6_exit(void)
1944{
1945	unregister_pernet_subsys(&tcpv6_net_ops);
1946	inet6_unregister_protosw(&tcpv6_protosw);
1947	inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
1948}
1949