projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tcp: Fix out of bounds access to tcpm_vals
[linux-2.6-block.git] / net / ipv6 / tcp_ipv6.c
CommitLineData
1da177e4
LT		 1/*
2 * TCP over IPv6
1ab1457c 3 * Linux INET6 implementation
1da177e4
LT		 4 *
5 * Authors:
1ab1457c 6 * Pedro Roque <roque@di.fc.ul.pt>
1da177e4 7 *
1ab1457c 8 * Based on:
1da177e4
LT		 9 * linux/net/ipv4/tcp.c
10 * linux/net/ipv4/tcp_input.c
11 * linux/net/ipv4/tcp_output.c
12 *
13 * Fixes:
14 * Hideaki YOSHIFUJI : sin6_scope_id support
15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
17 * a single port at the same time.
18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
19 *
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
24 */
25
eb4dea58 26#include <linux/bottom_half.h>
1da177e4 27#include <linux/module.h>
1da177e4
LT		 28#include <linux/errno.h>
29#include <linux/types.h>
30#include <linux/socket.h>
31#include <linux/sockios.h>
32#include <linux/net.h>
33#include <linux/jiffies.h>
34#include <linux/in.h>
35#include <linux/in6.h>
36#include <linux/netdevice.h>
37#include <linux/init.h>
38#include <linux/jhash.h>
39#include <linux/ipsec.h>
40#include <linux/times.h>
5a0e3ad6 41#include <linux/slab.h>
1da177e4
LT		 42
43#include <linux/ipv6.h>
44#include <linux/icmpv6.h>
45#include <linux/random.h>
46
47#include <net/tcp.h>
48#include <net/ndisc.h>
5324a040 49#include <net/inet6_hashtables.h>
8129765a 50#include <net/inet6_connection_sock.h>
1da177e4
LT		 51#include <net/ipv6.h>
52#include <net/transp_v6.h>
53#include <net/addrconf.h>
54#include <net/ip6_route.h>
55#include <net/ip6_checksum.h>
56#include <net/inet_ecn.h>
57#include <net/protocol.h>
58#include <net/xfrm.h>
1da177e4
LT		 59#include <net/snmp.h>
60#include <net/dsfield.h>
6d6ee43e 61#include <net/timewait_sock.h>
18134bed 62#include <net/netdma.h>
3d58b5fa 63#include <net/inet_common.h>
6e5714ea 64#include <net/secure_seq.h>
d1a4c0b3 65#include <net/tcp_memcontrol.h>
1da177e4
LT		 66
67#include <asm/uaccess.h>
68
69#include <linux/proc_fs.h>
70#include <linux/seq_file.h>
71
cfb6eeb4
YH		 72#include <linux/crypto.h>
73#include <linux/scatterlist.h>
74
cfb6eeb4 75static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
6edafaaf
GJ		 76static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
77 struct request_sock *req);
1da177e4
LT		 78
79static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
8ad50d96 80static void __tcp_v6_send_check(struct sk_buff *skb,
b71d1d42
ED		 81 const struct in6_addr *saddr,
82 const struct in6_addr *daddr);
1da177e4 83
3b401a81
SH		 84static const struct inet_connection_sock_af_ops ipv6_mapped;
85static const struct inet_connection_sock_af_ops ipv6_specific;
a928630a 86#ifdef CONFIG_TCP_MD5SIG
b2e4b3de
SH		 87static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
88static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
9501f972
YH		 89#else
90static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
b71d1d42 91 const struct in6_addr *addr)
9501f972
YH		 92{
93 return NULL;
94}
a928630a 95#endif
1da177e4 96
1da177e4
LT		 97static void tcp_v6_hash(struct sock *sk)
98{
99 if (sk->sk_state != TCP_CLOSE) {
8292a17a 100 if (inet_csk(sk)->icsk_af_ops == &ipv6_mapped) {
1da177e4
LT		 101 tcp_prot.hash(sk);
102 return;
103 }
104 local_bh_disable();
9327f705 105 __inet6_hash(sk, NULL);
1da177e4
LT		 106 local_bh_enable();
107 }
108}
109
684f2176 110static __inline__ __sum16 tcp_v6_check(int len,
b71d1d42
ED		 111 const struct in6_addr *saddr,
112 const struct in6_addr *daddr,
868c86bc 113 __wsum base)
1da177e4
LT		 114{
115 return csum_ipv6_magic(saddr, daddr, len, IPPROTO_TCP, base);
116}
117
cf533ea5 118static __u32 tcp_v6_init_sequence(const struct sk_buff *skb)
1da177e4 119{
0660e03f
ACM		 120 return secure_tcpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
121 ipv6_hdr(skb)->saddr.s6_addr32,
aa8223c7
ACM		 122 tcp_hdr(skb)->dest,
123 tcp_hdr(skb)->source);
1da177e4
LT		 124}
125
1ab1457c 126static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
1da177e4
LT		 127 int addr_len)
128{
129 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
1ab1457c 130 struct inet_sock *inet = inet_sk(sk);
d83d8461 131 struct inet_connection_sock *icsk = inet_csk(sk);
1da177e4
LT		 132 struct ipv6_pinfo *np = inet6_sk(sk);
133 struct tcp_sock *tp = tcp_sk(sk);
20c59de2 134 struct in6_addr *saddr = NULL, *final_p, final;
493f377d 135 struct rt6_info *rt;
4c9483b2 136 struct flowi6 fl6;
1da177e4
LT		 137 struct dst_entry *dst;
138 int addr_type;
139 int err;
140
1ab1457c 141 if (addr_len < SIN6_LEN_RFC2133)
1da177e4
LT		 142 return -EINVAL;
143
1ab1457c 144 if (usin->sin6_family != AF_INET6)
a02cec21 145 return -EAFNOSUPPORT;
1da177e4 146
4c9483b2 147 memset(&fl6, 0, sizeof(fl6));
1da177e4
LT		 148
149 if (np->sndflow) {
4c9483b2
DM		 150 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
151 IP6_ECN_flow_init(fl6.flowlabel);
152 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
1da177e4 153 struct ip6_flowlabel *flowlabel;
4c9483b2 154 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
1da177e4
LT		 155 if (flowlabel == NULL)
156 return -EINVAL;
4e3fd7a0 157 usin->sin6_addr = flowlabel->dst;
1da177e4
LT		 158 fl6_sock_release(flowlabel);
159 }
160 }
161
162 /*
1ab1457c
YH		 163 * connect() to INADDR_ANY means loopback (BSD'ism).
164 */
165
166 if(ipv6_addr_any(&usin->sin6_addr))
167 usin->sin6_addr.s6_addr[15] = 0x1;
1da177e4
LT		 168
169 addr_type = ipv6_addr_type(&usin->sin6_addr);
170
171 if(addr_type & IPV6_ADDR_MULTICAST)
172 return -ENETUNREACH;
173
174 if (addr_type&IPV6_ADDR_LINKLOCAL) {
175 if (addr_len >= sizeof(struct sockaddr_in6) &&
176 usin->sin6_scope_id) {
177 /* If interface is set while binding, indices
178 * must coincide.
179 */
180 if (sk->sk_bound_dev_if &&
181 sk->sk_bound_dev_if != usin->sin6_scope_id)
182 return -EINVAL;
183
184 sk->sk_bound_dev_if = usin->sin6_scope_id;
185 }
186
187 /* Connect to link-local address requires an interface */
188 if (!sk->sk_bound_dev_if)
189 return -EINVAL;
190 }
191
192 if (tp->rx_opt.ts_recent_stamp &&
193 !ipv6_addr_equal(&np->daddr, &usin->sin6_addr)) {
194 tp->rx_opt.ts_recent = 0;
195 tp->rx_opt.ts_recent_stamp = 0;
196 tp->write_seq = 0;
197 }
198
4e3fd7a0 199 np->daddr = usin->sin6_addr;
4c9483b2 200 np->flow_label = fl6.flowlabel;
1da177e4
LT		 201
202 /*
203 * TCP over IPv4
204 */
205
206 if (addr_type == IPV6_ADDR_MAPPED) {
d83d8461 207 u32 exthdrlen = icsk->icsk_ext_hdr_len;
1da177e4
LT		 208 struct sockaddr_in sin;
209
210 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
211
212 if (__ipv6_only_sock(sk))
213 return -ENETUNREACH;
214
215 sin.sin_family = AF_INET;
216 sin.sin_port = usin->sin6_port;
217 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
218
d83d8461 219 icsk->icsk_af_ops = &ipv6_mapped;
1da177e4 220 sk->sk_backlog_rcv = tcp_v4_do_rcv;
cfb6eeb4
YH		 221#ifdef CONFIG_TCP_MD5SIG
222 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
223#endif
1da177e4
LT		 224
225 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
226
227 if (err) {
d83d8461
ACM		 228 icsk->icsk_ext_hdr_len = exthdrlen;
229 icsk->icsk_af_ops = &ipv6_specific;
1da177e4 230 sk->sk_backlog_rcv = tcp_v6_do_rcv;
cfb6eeb4
YH		 231#ifdef CONFIG_TCP_MD5SIG
232 tp->af_specific = &tcp_sock_ipv6_specific;
233#endif
1da177e4
LT		 234 goto failure;
235 } else {
c720c7e8
ED		 236 ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr);
237 ipv6_addr_set_v4mapped(inet->inet_rcv_saddr,
238 &np->rcv_saddr);
1da177e4
LT		 239 }
240
241 return err;
242 }
243
244 if (!ipv6_addr_any(&np->rcv_saddr))
245 saddr = &np->rcv_saddr;
246
4c9483b2 247 fl6.flowi6_proto = IPPROTO_TCP;
4e3fd7a0
AD		 248 fl6.daddr = np->daddr;
249 fl6.saddr = saddr ? *saddr : np->saddr;
4c9483b2
DM		 250 fl6.flowi6_oif = sk->sk_bound_dev_if;
251 fl6.flowi6_mark = sk->sk_mark;
1958b856
DM		 252 fl6.fl6_dport = usin->sin6_port;
253 fl6.fl6_sport = inet->inet_sport;
1da177e4 254
4c9483b2 255 final_p = fl6_update_dst(&fl6, np->opt, &final);
1da177e4 256
4c9483b2 257 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
beb8d13b 258
4c9483b2 259 dst = ip6_dst_lookup_flow(sk, &fl6, final_p, true);
68d0c6d3
DM		 260 if (IS_ERR(dst)) {
261 err = PTR_ERR(dst);
1da177e4 262 goto failure;
14e50e57 263 }
1da177e4
LT		 264
265 if (saddr == NULL) {
4c9483b2 266 saddr = &fl6.saddr;
4e3fd7a0 267 np->rcv_saddr = *saddr;
1da177e4
LT		 268 }
269
270 /* set the source address */
4e3fd7a0 271 np->saddr = *saddr;
c720c7e8 272 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
1da177e4 273
f83ef8c0 274 sk->sk_gso_type = SKB_GSO_TCPV6;
8e1ef0a9 275 __ip6_dst_store(sk, dst, NULL, NULL);
1da177e4 276
493f377d
DM		 277 rt = (struct rt6_info *) dst;
278 if (tcp_death_row.sysctl_tw_recycle &&
279 !tp->rx_opt.ts_recent_stamp &&
81166dd6
DM		 280 ipv6_addr_equal(&rt->rt6i_dst.addr, &np->daddr))
281 tcp_fetch_timewait_stamp(sk, dst);
493f377d 282
d83d8461 283 icsk->icsk_ext_hdr_len = 0;
1da177e4 284 if (np->opt)
d83d8461
ACM		 285 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
286 np->opt->opt_nflen);
1da177e4
LT		 287
288 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
289
c720c7e8 290 inet->inet_dport = usin->sin6_port;
1da177e4
LT		 291
292 tcp_set_state(sk, TCP_SYN_SENT);
d8313f5c 293 err = inet6_hash_connect(&tcp_death_row, sk);
1da177e4
LT		 294 if (err)
295 goto late_failure;
296
297 if (!tp->write_seq)
298 tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32,
299 np->daddr.s6_addr32,
c720c7e8
ED		 300 inet->inet_sport,
301 inet->inet_dport);
1da177e4
LT		 302
303 err = tcp_connect(sk);
304 if (err)
305 goto late_failure;
306
307 return 0;
308
309late_failure:
310 tcp_set_state(sk, TCP_CLOSE);
311 __sk_dst_reset(sk);
312failure:
c720c7e8 313 inet->inet_dport = 0;
1da177e4
LT		 314 sk->sk_route_caps = 0;
315 return err;
316}
317
318static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
d5fdd6ba 319 u8 type, u8 code, int offset, __be32 info)
1da177e4 320{
b71d1d42 321 const struct ipv6hdr *hdr = (const struct ipv6hdr*)skb->data;
505cbfc5 322 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
1da177e4
LT		 323 struct ipv6_pinfo *np;
324 struct sock *sk;
325 int err;
1ab1457c 326 struct tcp_sock *tp;
1da177e4 327 __u32 seq;
ca12a1a4 328 struct net *net = dev_net(skb->dev);
1da177e4 329
ca12a1a4 330 sk = inet6_lookup(net, &tcp_hashinfo, &hdr->daddr,
d86e0dac 331 th->dest, &hdr->saddr, th->source, skb->dev->ifindex);
1da177e4
LT		 332
333 if (sk == NULL) {
e41b5368
DL		 334 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev),
335 ICMP6_MIB_INERRORS);
1da177e4
LT		 336 return;
337 }
338
339 if (sk->sk_state == TCP_TIME_WAIT) {
9469c7b4 340 inet_twsk_put(inet_twsk(sk));
1da177e4
LT		 341 return;
342 }
343
344 bh_lock_sock(sk);
345 if (sock_owned_by_user(sk))
de0744af 346 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
1da177e4
LT		 347
348 if (sk->sk_state == TCP_CLOSE)
349 goto out;
350
e802af9c
SH		 351 if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) {
352 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
353 goto out;
354 }
355
1da177e4 356 tp = tcp_sk(sk);
1ab1457c 357 seq = ntohl(th->seq);
1da177e4
LT		 358 if (sk->sk_state != TCP_LISTEN &&
359 !between(seq, tp->snd_una, tp->snd_nxt)) {
de0744af 360 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
1da177e4
LT		 361 goto out;
362 }
363
364 np = inet6_sk(sk);
365
366 if (type == ICMPV6_PKT_TOOBIG) {
68d0c6d3 367 struct dst_entry *dst;
1da177e4
LT		 368
369 if (sock_owned_by_user(sk))
370 goto out;
371 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
372 goto out;
373
374 /* icmp should have updated the destination cache entry */
375 dst = __sk_dst_check(sk, np->dst_cookie);
376
377 if (dst == NULL) {
378 struct inet_sock *inet = inet_sk(sk);
4c9483b2 379 struct flowi6 fl6;
1da177e4
LT		 380
381 /* BUGGG_FUTURE: Again, it is not clear how
382 to handle rthdr case. Ignore this complexity
383 for now.
384 */
4c9483b2
DM		 385 memset(&fl6, 0, sizeof(fl6));
386 fl6.flowi6_proto = IPPROTO_TCP;
4e3fd7a0
AD		 387 fl6.daddr = np->daddr;
388 fl6.saddr = np->saddr;
4c9483b2
DM		 389 fl6.flowi6_oif = sk->sk_bound_dev_if;
390 fl6.flowi6_mark = sk->sk_mark;
1958b856
DM		 391 fl6.fl6_dport = inet->inet_dport;
392 fl6.fl6_sport = inet->inet_sport;
4c9483b2
DM		 393 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
394
395 dst = ip6_dst_lookup_flow(sk, &fl6, NULL, false);
68d0c6d3
DM		 396 if (IS_ERR(dst)) {
397 sk->sk_err_soft = -PTR_ERR(dst);
1da177e4
LT		 398 goto out;
399 }
400
401 } else
402 dst_hold(dst);
403
81aded24
DM		 404 dst->ops->update_pmtu(dst, ntohl(info));
405
d83d8461 406 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
1da177e4
LT		 407 tcp_sync_mss(sk, dst_mtu(dst));
408 tcp_simple_retransmit(sk);
409 } /* else let the usual retransmit timer handle it */
410 dst_release(dst);
411 goto out;
412 }
413
414 icmpv6_err_convert(type, code, &err);
415
60236fdd 416 /* Might be for an request_sock */
1da177e4 417 switch (sk->sk_state) {
60236fdd 418 struct request_sock *req, **prev;
1da177e4
LT		 419 case TCP_LISTEN:
420 if (sock_owned_by_user(sk))
421 goto out;
422
8129765a
ACM		 423 req = inet6_csk_search_req(sk, &prev, th->dest, &hdr->daddr,
424 &hdr->saddr, inet6_iif(skb));
1da177e4
LT		 425 if (!req)
426 goto out;
427
428 /* ICMPs are not backlogged, hence we cannot get
429 * an established socket here.
430 */
547b792c 431 WARN_ON(req->sk != NULL);
1da177e4 432
2e6599cb 433 if (seq != tcp_rsk(req)->snt_isn) {
de0744af 434 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
1da177e4
LT		 435 goto out;
436 }
437
463c84b9 438 inet_csk_reqsk_queue_drop(sk, req, prev);
1da177e4
LT		 439 goto out;
440
441 case TCP_SYN_SENT:
442 case TCP_SYN_RECV: /* Cannot happen.
1ab1457c 443 It can, it SYNs are crossed. --ANK */
1da177e4 444 if (!sock_owned_by_user(sk)) {
1da177e4
LT		 445 sk->sk_err = err;
446 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
447
448 tcp_done(sk);
449 } else
450 sk->sk_err_soft = err;
451 goto out;
452 }
453
454 if (!sock_owned_by_user(sk) && np->recverr) {
455 sk->sk_err = err;
456 sk->sk_error_report(sk);
457 } else
458 sk->sk_err_soft = err;
459
460out:
461 bh_unlock_sock(sk);
462 sock_put(sk);
463}
464
465
9f10d3f6
NC		 466static int tcp_v6_send_synack(struct sock *sk, struct dst_entry *dst,
467 struct flowi6 *fl6,
3840a06e 468 struct request_sock *req,
fff32699
ED		 469 struct request_values *rvp,
470 u16 queue_mapping)
1da177e4 471{
ca304b61 472 struct inet6_request_sock *treq = inet6_rsk(req);
1da177e4
LT		 473 struct ipv6_pinfo *np = inet6_sk(sk);
474 struct sk_buff * skb;
9494218f 475 int err = -ENOMEM;
1da177e4 476
9f10d3f6
NC		 477 /* First, grab a route. */
478 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req)) == NULL)
fd80eb94 479 goto done;
9494218f 480
e6b4d113 481 skb = tcp_make_synack(sk, dst, req, rvp);
9494218f 482
1da177e4 483 if (skb) {
8ad50d96 484 __tcp_v6_send_check(skb, &treq->loc_addr, &treq->rmt_addr);
1da177e4 485
9f10d3f6 486 fl6->daddr = treq->rmt_addr;
fff32699 487 skb_set_queue_mapping(skb, queue_mapping);
43264e0b 488 err = ip6_xmit(sk, skb, fl6, np->opt, np->tclass);
b9df3cb8 489 err = net_xmit_eval(err);
1da177e4
LT		 490 }
491
492done:
1da177e4
LT		 493 return err;
494}
495
72659ecc
OP		 496static int tcp_v6_rtx_synack(struct sock *sk, struct request_sock *req,
497 struct request_values *rvp)
498{
9f10d3f6
NC		 499 struct flowi6 fl6;
500
72659ecc 501 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_RETRANSSEGS);
9f10d3f6 502 return tcp_v6_send_synack(sk, NULL, &fl6, req, rvp, 0);
72659ecc
OP		 503}
504
60236fdd 505static void tcp_v6_reqsk_destructor(struct request_sock *req)
1da177e4 506{
800d55f1 507 kfree_skb(inet6_rsk(req)->pktopts);
1da177e4
LT		 508}
509
cfb6eeb4
YH		 510#ifdef CONFIG_TCP_MD5SIG
511static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
b71d1d42 512 const struct in6_addr *addr)
cfb6eeb4 513{
a915da9b 514 return tcp_md5_do_lookup(sk, (union tcp_md5_addr *)addr, AF_INET6);
cfb6eeb4
YH		 515}
516
517static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
518 struct sock *addr_sk)
519{
520 return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
521}
522
523static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
524 struct request_sock *req)
525{
526 return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
527}
528
cfb6eeb4
YH		 529static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
530 int optlen)
531{
532 struct tcp_md5sig cmd;
533 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
cfb6eeb4
YH		 534
535 if (optlen < sizeof(cmd))
536 return -EINVAL;
537
538 if (copy_from_user(&cmd, optval, sizeof(cmd)))
539 return -EFAULT;
540
541 if (sin6->sin6_family != AF_INET6)
542 return -EINVAL;
543
544 if (!cmd.tcpm_keylen) {
e773e4fa 545 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
a915da9b
ED		 546 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
547 AF_INET);
548 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
549 AF_INET6);
cfb6eeb4
YH		 550 }
551
552 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
553 return -EINVAL;
554
a915da9b
ED		 555 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
556 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
557 AF_INET, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
cfb6eeb4 558
a915da9b
ED		 559 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
560 AF_INET6, cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
cfb6eeb4
YH		 561}
562
49a72dfb 563static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
b71d1d42
ED		 564 const struct in6_addr *daddr,
565 const struct in6_addr *saddr, int nbytes)
cfb6eeb4 566{
cfb6eeb4 567 struct tcp6_pseudohdr *bp;
49a72dfb 568 struct scatterlist sg;
8d26d76d 569
cfb6eeb4 570 bp = &hp->md5_blk.ip6;
cfb6eeb4 571 /* 1. TCP pseudo-header (RFC2460) */
4e3fd7a0
AD		 572 bp->saddr = *saddr;
573 bp->daddr = *daddr;
49a72dfb 574 bp->protocol = cpu_to_be32(IPPROTO_TCP);
00b1304c 575 bp->len = cpu_to_be32(nbytes);
cfb6eeb4 576
49a72dfb
AL		 577 sg_init_one(&sg, bp, sizeof(*bp));
578 return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
579}
c7da57a1 580
49a72dfb 581static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
b71d1d42 582 const struct in6_addr *daddr, struct in6_addr *saddr,
318cf7aa 583 const struct tcphdr *th)
49a72dfb
AL		 584{
585 struct tcp_md5sig_pool *hp;
586 struct hash_desc *desc;
587
588 hp = tcp_get_md5sig_pool();
589 if (!hp)
590 goto clear_hash_noput;
591 desc = &hp->md5_desc;
592
593 if (crypto_hash_init(desc))
594 goto clear_hash;
595 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
596 goto clear_hash;
597 if (tcp_md5_hash_header(hp, th))
598 goto clear_hash;
599 if (tcp_md5_hash_key(hp, key))
600 goto clear_hash;
601 if (crypto_hash_final(desc, md5_hash))
cfb6eeb4 602 goto clear_hash;
cfb6eeb4 603
cfb6eeb4 604 tcp_put_md5sig_pool();
cfb6eeb4 605 return 0;
49a72dfb 606
cfb6eeb4
YH		 607clear_hash:
608 tcp_put_md5sig_pool();
609clear_hash_noput:
610 memset(md5_hash, 0, 16);
49a72dfb 611 return 1;
cfb6eeb4
YH		 612}
613
49a72dfb 614static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
318cf7aa
ED		 615 const struct sock *sk,
616 const struct request_sock *req,
617 const struct sk_buff *skb)
cfb6eeb4 618{
b71d1d42 619 const struct in6_addr *saddr, *daddr;
49a72dfb
AL		 620 struct tcp_md5sig_pool *hp;
621 struct hash_desc *desc;
318cf7aa 622 const struct tcphdr *th = tcp_hdr(skb);
cfb6eeb4
YH		 623
624 if (sk) {
625 saddr = &inet6_sk(sk)->saddr;
626 daddr = &inet6_sk(sk)->daddr;
49a72dfb 627 } else if (req) {
cfb6eeb4
YH		 628 saddr = &inet6_rsk(req)->loc_addr;
629 daddr = &inet6_rsk(req)->rmt_addr;
49a72dfb 630 } else {
b71d1d42 631 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
49a72dfb
AL		 632 saddr = &ip6h->saddr;
633 daddr = &ip6h->daddr;
cfb6eeb4 634 }
49a72dfb
AL		 635
636 hp = tcp_get_md5sig_pool();
637 if (!hp)
638 goto clear_hash_noput;
639 desc = &hp->md5_desc;
640
641 if (crypto_hash_init(desc))
642 goto clear_hash;
643
644 if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
645 goto clear_hash;
646 if (tcp_md5_hash_header(hp, th))
647 goto clear_hash;
648 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
649 goto clear_hash;
650 if (tcp_md5_hash_key(hp, key))
651 goto clear_hash;
652 if (crypto_hash_final(desc, md5_hash))
653 goto clear_hash;
654
655 tcp_put_md5sig_pool();
656 return 0;
657
658clear_hash:
659 tcp_put_md5sig_pool();
660clear_hash_noput:
661 memset(md5_hash, 0, 16);
662 return 1;
cfb6eeb4
YH		 663}
664
318cf7aa 665static int tcp_v6_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb)
cfb6eeb4 666{
cf533ea5 667 const __u8 *hash_location = NULL;
cfb6eeb4 668 struct tcp_md5sig_key *hash_expected;
b71d1d42 669 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
318cf7aa 670 const struct tcphdr *th = tcp_hdr(skb);
cfb6eeb4 671 int genhash;
cfb6eeb4
YH		 672 u8 newhash[16];
673
674 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
7d5d5525 675 hash_location = tcp_parse_md5sig_option(th);
cfb6eeb4 676
785957d3
DM		 677 /* We've parsed the options - do we have a hash? */
678 if (!hash_expected && !hash_location)
679 return 0;
680
681 if (hash_expected && !hash_location) {
682 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
cfb6eeb4
YH		 683 return 1;
684 }
685
785957d3
DM		 686 if (!hash_expected && hash_location) {
687 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
cfb6eeb4
YH		 688 return 1;
689 }
690
691 /* check the signature */
49a72dfb
AL		 692 genhash = tcp_v6_md5_hash_skb(newhash,
693 hash_expected,
694 NULL, NULL, skb);
695
cfb6eeb4 696 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
e87cc472
JP		 697 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
698 genhash ? "failed" : "mismatch",
699 &ip6h->saddr, ntohs(th->source),
700 &ip6h->daddr, ntohs(th->dest));
cfb6eeb4
YH		 701 return 1;
702 }
703 return 0;
704}
705#endif
706
c6aefafb 707struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
1da177e4 708 .family = AF_INET6,
2e6599cb 709 .obj_size = sizeof(struct tcp6_request_sock),
72659ecc 710 .rtx_syn_ack = tcp_v6_rtx_synack,
60236fdd
ACM		 711 .send_ack = tcp_v6_reqsk_send_ack,
712 .destructor = tcp_v6_reqsk_destructor,
72659ecc
OP		 713 .send_reset = tcp_v6_send_reset,
714 .syn_ack_timeout = tcp_syn_ack_timeout,
1da177e4
LT		 715};
716
cfb6eeb4 717#ifdef CONFIG_TCP_MD5SIG
b2e4b3de 718static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
cfb6eeb4 719 .md5_lookup = tcp_v6_reqsk_md5_lookup,
e3afe7b7 720 .calc_md5_hash = tcp_v6_md5_hash_skb,
cfb6eeb4 721};
b6332e6c 722#endif
cfb6eeb4 723
8ad50d96 724static void __tcp_v6_send_check(struct sk_buff *skb,
b71d1d42 725 const struct in6_addr *saddr, const struct in6_addr *daddr)
1da177e4 726{
aa8223c7 727 struct tcphdr *th = tcp_hdr(skb);
1da177e4 728
84fa7933 729 if (skb->ip_summed == CHECKSUM_PARTIAL) {
8ad50d96 730 th->check = ~tcp_v6_check(skb->len, saddr, daddr, 0);
663ead3b 731 skb->csum_start = skb_transport_header(skb) - skb->head;
ff1dcadb 732 skb->csum_offset = offsetof(struct tcphdr, check);
1da177e4 733 } else {
8ad50d96
HX		 734 th->check = tcp_v6_check(skb->len, saddr, daddr,
735 csum_partial(th, th->doff << 2,
736 skb->csum));
1da177e4
LT		 737 }
738}
739
bb296246 740static void tcp_v6_send_check(struct sock *sk, struct sk_buff *skb)
8ad50d96
HX		 741{
742 struct ipv6_pinfo *np = inet6_sk(sk);
743
744 __tcp_v6_send_check(skb, &np->saddr, &np->daddr);
745}
746
a430a43d
HX		 747static int tcp_v6_gso_send_check(struct sk_buff *skb)
748{
b71d1d42 749 const struct ipv6hdr *ipv6h;
a430a43d
HX		 750 struct tcphdr *th;
751
752 if (!pskb_may_pull(skb, sizeof(*th)))
753 return -EINVAL;
754
0660e03f 755 ipv6h = ipv6_hdr(skb);
aa8223c7 756 th = tcp_hdr(skb);
a430a43d
HX		 757
758 th->check = 0;
84fa7933 759 skb->ip_summed = CHECKSUM_PARTIAL;
8ad50d96 760 __tcp_v6_send_check(skb, &ipv6h->saddr, &ipv6h->daddr);
a430a43d
HX		 761 return 0;
762}
1da177e4 763
36990673
HX		 764static struct sk_buff **tcp6_gro_receive(struct sk_buff **head,
765 struct sk_buff *skb)
684f2176 766{
b71d1d42 767 const struct ipv6hdr *iph = skb_gro_network_header(skb);
684f2176
HX		 768
769 switch (skb->ip_summed) {
770 case CHECKSUM_COMPLETE:
86911732 771 if (!tcp_v6_check(skb_gro_len(skb), &iph->saddr, &iph->daddr,
684f2176
HX		 772 skb->csum)) {
773 skb->ip_summed = CHECKSUM_UNNECESSARY;
774 break;
775 }
776
777 /* fall through */
778 case CHECKSUM_NONE:
779 NAPI_GRO_CB(skb)->flush = 1;
780 return NULL;
781 }
782
783 return tcp_gro_receive(head, skb);
784}
684f2176 785
36990673 786static int tcp6_gro_complete(struct sk_buff *skb)
684f2176 787{
b71d1d42 788 const struct ipv6hdr *iph = ipv6_hdr(skb);
684f2176
HX		 789 struct tcphdr *th = tcp_hdr(skb);
790
791 th->check = ~tcp_v6_check(skb->len - skb_transport_offset(skb),
792 &iph->saddr, &iph->daddr, 0);
793 skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6;
794
795 return tcp_gro_complete(skb);
796}
684f2176 797
626e264d 798static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
b903d324 799 u32 ts, struct tcp_md5sig_key *key, int rst, u8 tclass)
1da177e4 800{
cf533ea5
ED		 801 const struct tcphdr *th = tcp_hdr(skb);
802 struct tcphdr *t1;
1da177e4 803 struct sk_buff *buff;
4c9483b2 804 struct flowi6 fl6;
adf30907 805 struct net *net = dev_net(skb_dst(skb)->dev);
e5047992 806 struct sock *ctl_sk = net->ipv6.tcp_sk;
77c676da 807 unsigned int tot_len = sizeof(struct tcphdr);
adf30907 808 struct dst_entry *dst;
81ada62d 809 __be32 *topt;
1da177e4 810
626e264d
IJ		 811 if (ts)
812 tot_len += TCPOLEN_TSTAMP_ALIGNED;
cfb6eeb4 813#ifdef CONFIG_TCP_MD5SIG
cfb6eeb4
YH		 814 if (key)
815 tot_len += TCPOLEN_MD5SIG_ALIGNED;
816#endif
817
cfb6eeb4 818 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
1da177e4 819 GFP_ATOMIC);
1ab1457c
YH		 820 if (buff == NULL)
821 return;
1da177e4 822
cfb6eeb4 823 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
1da177e4 824
cfb6eeb4 825 t1 = (struct tcphdr *) skb_push(buff, tot_len);
6651ffc8 826 skb_reset_transport_header(buff);
1da177e4
LT		 827
828 /* Swap the send and the receive. */
829 memset(t1, 0, sizeof(*t1));
830 t1->dest = th->source;
831 t1->source = th->dest;
cfb6eeb4 832 t1->doff = tot_len / 4;
626e264d
IJ		 833 t1->seq = htonl(seq);
834 t1->ack_seq = htonl(ack);
835 t1->ack = !rst || !th->ack;
836 t1->rst = rst;
837 t1->window = htons(win);
1da177e4 838
81ada62d
IJ		 839 topt = (__be32 *)(t1 + 1);
840
626e264d
IJ		 841 if (ts) {
842 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
843 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
844 *topt++ = htonl(tcp_time_stamp);
845 *topt++ = htonl(ts);
846 }
847
cfb6eeb4
YH		 848#ifdef CONFIG_TCP_MD5SIG
849 if (key) {
81ada62d
IJ		 850 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
851 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
852 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
78e645cb
IJ		 853 &ipv6_hdr(skb)->saddr,
854 &ipv6_hdr(skb)->daddr, t1);
cfb6eeb4
YH		 855 }
856#endif
857
4c9483b2 858 memset(&fl6, 0, sizeof(fl6));
4e3fd7a0
AD		 859 fl6.daddr = ipv6_hdr(skb)->saddr;
860 fl6.saddr = ipv6_hdr(skb)->daddr;
1da177e4 861
e5700aff
DM		 862 buff->ip_summed = CHECKSUM_PARTIAL;
863 buff->csum = 0;
864
4c9483b2 865 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
1da177e4 866
4c9483b2
DM		 867 fl6.flowi6_proto = IPPROTO_TCP;
868 fl6.flowi6_oif = inet6_iif(skb);
1958b856
DM		 869 fl6.fl6_dport = t1->dest;
870 fl6.fl6_sport = t1->source;
4c9483b2 871 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
1da177e4 872
c20121ae
DL		 873 /* Pass a socket to ip6_dst_lookup either it is for RST
874 * Underlying function will use this to retrieve the network
875 * namespace
876 */
4c9483b2 877 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL, false);
68d0c6d3
DM		 878 if (!IS_ERR(dst)) {
879 skb_dst_set(buff, dst);
b903d324 880 ip6_xmit(ctl_sk, buff, &fl6, NULL, tclass);
68d0c6d3
DM		 881 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
882 if (rst)
883 TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
884 return;
1da177e4
LT		 885 }
886
887 kfree_skb(buff);
888}
889
626e264d 890static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
1da177e4 891{
cf533ea5 892 const struct tcphdr *th = tcp_hdr(skb);
626e264d 893 u32 seq = 0, ack_seq = 0;
fa3e5b4e 894 struct tcp_md5sig_key *key = NULL;
658ddaaf
SL		 895#ifdef CONFIG_TCP_MD5SIG
896 const __u8 *hash_location = NULL;
897 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
898 unsigned char newhash[16];
899 int genhash;
900 struct sock *sk1 = NULL;
901#endif
1da177e4 902
626e264d 903 if (th->rst)
1da177e4
LT		 904 return;
905
626e264d
IJ		 906 if (!ipv6_unicast_destination(skb))
907 return;
1da177e4 908
cfb6eeb4 909#ifdef CONFIG_TCP_MD5SIG
658ddaaf
SL		 910 hash_location = tcp_parse_md5sig_option(th);
911 if (!sk && hash_location) {
912 /*
913 * active side is lost. Try to find listening socket through
914 * source port, and then find md5 key through listening socket.
915 * we are not loose security here:
916 * Incoming packet is checked with md5 hash with finding key,
917 * no RST generated if md5 hash doesn't match.
918 */
919 sk1 = inet6_lookup_listener(dev_net(skb_dst(skb)->dev),
920 &tcp_hashinfo, &ipv6h->daddr,
921 ntohs(th->source), inet6_iif(skb));
922 if (!sk1)
923 return;
924
925 rcu_read_lock();
926 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr);
927 if (!key)
928 goto release_sk1;
929
930 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, NULL, skb);
931 if (genhash || memcmp(hash_location, newhash, 16) != 0)
932 goto release_sk1;
933 } else {
934 key = sk ? tcp_v6_md5_do_lookup(sk, &ipv6h->saddr) : NULL;
935 }
cfb6eeb4
YH		 936#endif
937
626e264d
IJ		 938 if (th->ack)
939 seq = ntohl(th->ack_seq);
940 else
941 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
942 (th->doff << 2);
1da177e4 943
b903d324 944 tcp_v6_send_response(skb, seq, ack_seq, 0, 0, key, 1, 0);
658ddaaf
SL		 945
946#ifdef CONFIG_TCP_MD5SIG
947release_sk1:
948 if (sk1) {
949 rcu_read_unlock();
950 sock_put(sk1);
951 }
952#endif
626e264d 953}
1da177e4 954
626e264d 955static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts,
b903d324 956 struct tcp_md5sig_key *key, u8 tclass)
626e264d 957{
b903d324 958 tcp_v6_send_response(skb, seq, ack, win, ts, key, 0, tclass);
1da177e4
LT		 959}
960
961static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
962{
8feaf0c0 963 struct inet_timewait_sock *tw = inet_twsk(sk);
cfb6eeb4 964 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
1da177e4 965
9501f972 966 tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
8feaf0c0 967 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
b903d324
ED		 968 tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw),
969 tw->tw_tclass);
1da177e4 970
8feaf0c0 971 inet_twsk_put(tw);
1da177e4
LT		 972}
973
6edafaaf
GJ		 974static void tcp_v6_reqsk_send_ack(struct sock *sk, struct sk_buff *skb,
975 struct request_sock *req)
1da177e4 976{
9501f972 977 tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent,
b903d324 978 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr), 0);
1da177e4
LT		 979}
980
981
982static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
983{
60236fdd 984 struct request_sock *req, **prev;
aa8223c7 985 const struct tcphdr *th = tcp_hdr(skb);
1da177e4
LT		 986 struct sock *nsk;
987
988 /* Find possible connection requests. */
8129765a 989 req = inet6_csk_search_req(sk, &prev, th->source,
0660e03f
ACM		 990 &ipv6_hdr(skb)->saddr,
991 &ipv6_hdr(skb)->daddr, inet6_iif(skb));
1da177e4
LT		 992 if (req)
993 return tcp_check_req(sk, skb, req, prev);
994
3b1e0a65 995 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
d86e0dac
PE		 996 &ipv6_hdr(skb)->saddr, th->source,
997 &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb));
1da177e4
LT		 998
999 if (nsk) {
1000 if (nsk->sk_state != TCP_TIME_WAIT) {
1001 bh_lock_sock(nsk);
1002 return nsk;
1003 }
9469c7b4 1004 inet_twsk_put(inet_twsk(nsk));
1da177e4
LT		 1005 return NULL;
1006 }
1007
c6aefafb 1008#ifdef CONFIG_SYN_COOKIES
af9b4738 1009 if (!th->syn)
c6aefafb 1010 sk = cookie_v6_check(sk, skb);
1da177e4
LT		 1011#endif
1012 return sk;
1013}
1014
1da177e4
LT		 1015/* FIXME: this is substantially similar to the ipv4 code.
1016 * Can some kind of merge be done? -- erics
1017 */
1018static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1019{
4957faad 1020 struct tcp_extend_values tmp_ext;
e6b4d113 1021 struct tcp_options_received tmp_opt;
cf533ea5 1022 const u8 *hash_location;
e6b4d113 1023 struct request_sock *req;
ca304b61 1024 struct inet6_request_sock *treq;
1da177e4 1025 struct ipv6_pinfo *np = inet6_sk(sk);
1da177e4 1026 struct tcp_sock *tp = tcp_sk(sk);
e6b4d113 1027 __u32 isn = TCP_SKB_CB(skb)->when;
493f377d 1028 struct dst_entry *dst = NULL;
3840a06e 1029 struct flowi6 fl6;
a2a385d6 1030 bool want_cookie = false;
1da177e4
LT		 1031
1032 if (skb->protocol == htons(ETH_P_IP))
1033 return tcp_v4_conn_request(sk, skb);
1034
1035 if (!ipv6_unicast_destination(skb))
1ab1457c 1036 goto drop;
1da177e4 1037
463c84b9 1038 if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
946cedcc
ED		 1039 want_cookie = tcp_syn_flood_action(sk, skb, "TCPv6");
1040 if (!want_cookie)
1041 goto drop;
1da177e4
LT		 1042 }
1043
463c84b9 1044 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1da177e4
LT		 1045 goto drop;
1046
ca304b61 1047 req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
1da177e4
LT		 1048 if (req == NULL)
1049 goto drop;
1050
cfb6eeb4
YH		 1051#ifdef CONFIG_TCP_MD5SIG
1052 tcp_rsk(req)->af_specific = &tcp_request_sock_ipv6_ops;
1053#endif
1054
1da177e4
LT		 1055 tcp_clear_options(&tmp_opt);
1056 tmp_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
1057 tmp_opt.user_mss = tp->rx_opt.user_mss;
bb5b7c11 1058 tcp_parse_options(skb, &tmp_opt, &hash_location, 0);
4957faad
WAS		 1059
1060 if (tmp_opt.cookie_plus > 0 &&
1061 tmp_opt.saw_tstamp &&
1062 !tp->rx_opt.cookie_out_never &&
1063 (sysctl_tcp_cookie_size > 0 ||
1064 (tp->cookie_values != NULL &&
1065 tp->cookie_values->cookie_desired > 0))) {
1066 u8 *c;
1067 u32 *d;
1068 u32 *mess = &tmp_ext.cookie_bakery[COOKIE_DIGEST_WORDS];
1069 int l = tmp_opt.cookie_plus - TCPOLEN_COOKIE_BASE;
1070
1071 if (tcp_cookie_generator(&tmp_ext.cookie_bakery[0]) != 0)
1072 goto drop_and_free;
1073
1074 /* Secret recipe starts with IP addresses */
0eae88f3 1075 d = (__force u32 *)&ipv6_hdr(skb)->daddr.s6_addr32[0];
4957faad
WAS		 1076 *mess++ ^= *d++;
1077 *mess++ ^= *d++;
1078 *mess++ ^= *d++;
1079 *mess++ ^= *d++;
0eae88f3 1080 d = (__force u32 *)&ipv6_hdr(skb)->saddr.s6_addr32[0];
4957faad
WAS		 1081 *mess++ ^= *d++;
1082 *mess++ ^= *d++;
1083 *mess++ ^= *d++;
1084 *mess++ ^= *d++;
1085
1086 /* plus variable length Initiator Cookie */
1087 c = (u8 *)mess;
1088 while (l-- > 0)
1089 *c++ ^= *hash_location++;
1da177e4 1090
a2a385d6 1091 want_cookie = false; /* not our kind of cookie */
4957faad
WAS		 1092 tmp_ext.cookie_out_never = 0; /* false */
1093 tmp_ext.cookie_plus = tmp_opt.cookie_plus;
1094 } else if (!tp->rx_opt.cookie_in_always) {
1095 /* redundant indications, but ensure initialization. */
1096 tmp_ext.cookie_out_never = 1; /* true */
1097 tmp_ext.cookie_plus = 0;
1098 } else {
1099 goto drop_and_free;
1100 }
1101 tmp_ext.cookie_in_always = tp->rx_opt.cookie_in_always;
1da177e4 1102
4dfc2817 1103 if (want_cookie && !tmp_opt.saw_tstamp)
c6aefafb 1104 tcp_clear_options(&tmp_opt);
c6aefafb 1105
1da177e4
LT		 1106 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1107 tcp_openreq_init(req, &tmp_opt, skb);
1108
ca304b61 1109 treq = inet6_rsk(req);
4e3fd7a0
AD		 1110 treq->rmt_addr = ipv6_hdr(skb)->saddr;
1111 treq->loc_addr = ipv6_hdr(skb)->daddr;
172d69e6 1112 if (!want_cookie || tmp_opt.tstamp_ok)
bd14b1b2 1113 TCP_ECN_create_request(req, skb);
c6aefafb 1114
4d0fe50c
ED		 1115 treq->iif = sk->sk_bound_dev_if;
1116
1117 /* So that link locals have meaning */
1118 if (!sk->sk_bound_dev_if &&
1119 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1120 treq->iif = inet6_iif(skb);
1121
2bbdf389 1122 if (!isn) {
c6aefafb
GG		 1123 if (ipv6_opt_accepted(sk, skb) ||
1124 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1125 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1126 atomic_inc(&skb->users);
1127 treq->pktopts = skb;
1128 }
493f377d
DM		 1129
1130 if (want_cookie) {
2bbdf389
FW		 1131 isn = cookie_v6_init_sequence(sk, skb, &req->mss);
1132 req->cookie_ts = tmp_opt.tstamp_ok;
493f377d
DM		 1133 goto have_isn;
1134 }
1135
1136 /* VJ's idea. We save last timestamp seen
1137 * from the destination in peer table, when entering
1138 * state TIME-WAIT, and check against it before
1139 * accepting new connection request.
1140 *
1141 * If "isn" is not zero, this request hit alive
1142 * timewait bucket, so that all the necessary checks
1143 * are made in the function processing timewait state.
1144 */
1145 if (tmp_opt.saw_tstamp &&
1146 tcp_death_row.sysctl_tw_recycle &&
81166dd6
DM		 1147 (dst = inet6_csk_route_req(sk, &fl6, req)) != NULL) {
1148 if (!tcp_peer_is_proven(req, dst, true)) {
493f377d
DM		 1149 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSPASSIVEREJECTED);
1150 goto drop_and_release;
1151 }
1152 }
1153 /* Kill the following clause, if you dislike this way. */
1154 else if (!sysctl_tcp_syncookies &&
1155 (sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) <
1156 (sysctl_max_syn_backlog >> 2)) &&
81166dd6 1157 !tcp_peer_is_proven(req, dst, false)) {
493f377d
DM		 1158 /* Without syncookies last quarter of
1159 * backlog is filled with destinations,
1160 * proven to be alive.
1161 * It means that we continue to communicate
1162 * to destinations, already remembered
1163 * to the moment of synflood.
1164 */
1165 LIMIT_NETDEBUG(KERN_DEBUG "TCP: drop open request from %pI6/%u\n",
1166 &treq->rmt_addr, ntohs(tcp_hdr(skb)->source));
1167 goto drop_and_release;
2bbdf389 1168 }
493f377d
DM		 1169
1170 isn = tcp_v6_init_sequence(skb);
c6aefafb 1171 }
493f377d 1172have_isn:
2e6599cb 1173 tcp_rsk(req)->snt_isn = isn;
9ad7c049 1174 tcp_rsk(req)->snt_synack = tcp_time_stamp;
1da177e4 1175
437c5b53
NC		 1176 if (security_inet_conn_request(sk, skb, req))
1177 goto drop_and_release;
4237c75c 1178
9f10d3f6 1179 if (tcp_v6_send_synack(sk, dst, &fl6, req,
fff32699
ED		 1180 (struct request_values *)&tmp_ext,
1181 skb_get_queue_mapping(skb)) ||
4957faad 1182 want_cookie)
e6b4d113 1183 goto drop_and_free;
1da177e4 1184
e6b4d113
WAS		 1185 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1186 return 0;
1da177e4 1187
493f377d
DM		 1188drop_and_release:
1189 dst_release(dst);
e6b4d113
WAS		 1190drop_and_free:
1191 reqsk_free(req);
1da177e4 1192drop:
1da177e4
LT		 1193 return 0; /* don't send reset */
1194}
1195
1196static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
60236fdd 1197 struct request_sock *req,
1da177e4
LT		 1198 struct dst_entry *dst)
1199{
78d15e82 1200 struct inet6_request_sock *treq;
1da177e4
LT		 1201 struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
1202 struct tcp6_sock *newtcp6sk;
1203 struct inet_sock *newinet;
1204 struct tcp_sock *newtp;
1205 struct sock *newsk;
cfb6eeb4
YH		 1206#ifdef CONFIG_TCP_MD5SIG
1207 struct tcp_md5sig_key *key;
1208#endif
3840a06e 1209 struct flowi6 fl6;
1da177e4
LT		 1210
1211 if (skb->protocol == htons(ETH_P_IP)) {
1212 /*
1213 * v6 mapped
1214 */
1215
1216 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst);
1217
1ab1457c 1218 if (newsk == NULL)
1da177e4
LT		 1219 return NULL;
1220
1221 newtcp6sk = (struct tcp6_sock *)newsk;
1222 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1223
1224 newinet = inet_sk(newsk);
1225 newnp = inet6_sk(newsk);
1226 newtp = tcp_sk(newsk);
1227
1228 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1229
c720c7e8 1230 ipv6_addr_set_v4mapped(newinet->inet_daddr, &newnp->daddr);
1da177e4 1231
c720c7e8 1232 ipv6_addr_set_v4mapped(newinet->inet_saddr, &newnp->saddr);
1da177e4 1233
4e3fd7a0 1234 newnp->rcv_saddr = newnp->saddr;
1da177e4 1235
8292a17a 1236 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1da177e4 1237 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
cfb6eeb4
YH		 1238#ifdef CONFIG_TCP_MD5SIG
1239 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1240#endif
1241
676a1184
YZ		 1242 newnp->ipv6_ac_list = NULL;
1243 newnp->ipv6_fl_list = NULL;
1da177e4
LT		 1244 newnp->pktoptions = NULL;
1245 newnp->opt = NULL;
505cbfc5 1246 newnp->mcast_oif = inet6_iif(skb);
0660e03f 1247 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
4c507d28 1248 newnp->rcv_tclass = ipv6_tclass(ipv6_hdr(skb));
1da177e4 1249
e6848976
ACM		 1250 /*
1251 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1252 * here, tcp_create_openreq_child now does this for us, see the comment in
1253 * that function for the gory details. -acme
1da177e4 1254 */
1da177e4
LT		 1255
1256 /* It is tricky place. Until this moment IPv4 tcp
8292a17a 1257 worked with IPv6 icsk.icsk_af_ops.
1da177e4
LT		 1258 Sync it now.
1259 */
d83d8461 1260 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1da177e4
LT		 1261
1262 return newsk;
1263 }
1264
78d15e82 1265 treq = inet6_rsk(req);
1da177e4
LT		 1266
1267 if (sk_acceptq_is_full(sk))
1268 goto out_overflow;
1269
493f377d 1270 if (!dst) {
3840a06e 1271 dst = inet6_csk_route_req(sk, &fl6, req);
493f377d 1272 if (!dst)
1da177e4 1273 goto out;
1ab1457c 1274 }
1da177e4
LT		 1275
1276 newsk = tcp_create_openreq_child(sk, req, skb);
1277 if (newsk == NULL)
093d2823 1278 goto out_nonewsk;
1da177e4 1279
e6848976
ACM		 1280 /*
1281 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1282 * count here, tcp_create_openreq_child now does this for us, see the
1283 * comment in that function for the gory details. -acme
1284 */
1da177e4 1285
59eed279 1286 newsk->sk_gso_type = SKB_GSO_TCPV6;
8e1ef0a9 1287 __ip6_dst_store(newsk, dst, NULL, NULL);
1da177e4
LT		 1288
1289 newtcp6sk = (struct tcp6_sock *)newsk;
1290 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1291
1292 newtp = tcp_sk(newsk);
1293 newinet = inet_sk(newsk);
1294 newnp = inet6_sk(newsk);
1295
1296 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1297
4e3fd7a0
AD		 1298 newnp->daddr = treq->rmt_addr;
1299 newnp->saddr = treq->loc_addr;
1300 newnp->rcv_saddr = treq->loc_addr;
2e6599cb 1301 newsk->sk_bound_dev_if = treq->iif;
1da177e4 1302
1ab1457c 1303 /* Now IPv6 options...
1da177e4
LT		 1304
1305 First: no IPv4 options.
1306 */
f6d8bd05 1307 newinet->inet_opt = NULL;
676a1184 1308 newnp->ipv6_ac_list = NULL;
d35690be 1309 newnp->ipv6_fl_list = NULL;
1da177e4
LT		 1310
1311 /* Clone RX bits */
1312 newnp->rxopt.all = np->rxopt.all;
1313
1314 /* Clone pktoptions received with SYN */
1315 newnp->pktoptions = NULL;
2e6599cb
ACM		 1316 if (treq->pktopts != NULL) {
1317 newnp->pktoptions = skb_clone(treq->pktopts, GFP_ATOMIC);
ab185d7b 1318 consume_skb(treq->pktopts);
2e6599cb 1319 treq->pktopts = NULL;
1da177e4
LT		 1320 if (newnp->pktoptions)
1321 skb_set_owner_r(newnp->pktoptions, newsk);
1322 }
1323 newnp->opt = NULL;
505cbfc5 1324 newnp->mcast_oif = inet6_iif(skb);
0660e03f 1325 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
4c507d28 1326 newnp->rcv_tclass = ipv6_tclass(ipv6_hdr(skb));
1da177e4
LT		 1327
1328 /* Clone native IPv6 options from listening socket (if any)
1329
1330 Yes, keeping reference count would be much more clever,
1331 but we make one more one thing there: reattach optmem
1332 to newsk.
1333 */
43264e0b
RL		 1334 if (np->opt)
1335 newnp->opt = ipv6_dup_options(newsk, np->opt);
1da177e4 1336
d83d8461 1337 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1da177e4 1338 if (newnp->opt)
d83d8461
ACM		 1339 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
1340 newnp->opt->opt_flen);
1da177e4 1341
5d424d5a 1342 tcp_mtup_init(newsk);
1da177e4 1343 tcp_sync_mss(newsk, dst_mtu(dst));
0dbaee3b 1344 newtp->advmss = dst_metric_advmss(dst);
d135c522
NC		 1345 if (tcp_sk(sk)->rx_opt.user_mss &&
1346 tcp_sk(sk)->rx_opt.user_mss < newtp->advmss)
1347 newtp->advmss = tcp_sk(sk)->rx_opt.user_mss;
1348
1da177e4 1349 tcp_initialize_rcv_mss(newsk);
9ad7c049
JC		 1350 if (tcp_rsk(req)->snt_synack)
1351 tcp_valid_rtt_meas(newsk,
1352 tcp_time_stamp - tcp_rsk(req)->snt_synack);
1353 newtp->total_retrans = req->retrans;
1da177e4 1354
c720c7e8
ED		 1355 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1356 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1da177e4 1357
cfb6eeb4
YH		 1358#ifdef CONFIG_TCP_MD5SIG
1359 /* Copy over the MD5 key from the original socket */
1360 if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
1361 /* We're using one, so create a matching key
1362 * on the newsk structure. If we fail to get
1363 * memory, then we end up not copying the key
1364 * across. Shucks.
1365 */
a915da9b
ED		 1366 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newnp->daddr,
1367 AF_INET6, key->key, key->keylen, GFP_ATOMIC);
cfb6eeb4
YH		 1368 }
1369#endif
1370
093d2823
BS		 1371 if (__inet_inherit_port(sk, newsk) < 0) {
1372 sock_put(newsk);
1373 goto out;
1374 }
9327f705 1375 __inet6_hash(newsk, NULL);
1da177e4
LT		 1376
1377 return newsk;
1378
1379out_overflow:
de0744af 1380 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
093d2823 1381out_nonewsk:
1da177e4 1382 dst_release(dst);
093d2823
BS		 1383out:
1384 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
1da177e4
LT		 1385 return NULL;
1386}
1387
b51655b9 1388static __sum16 tcp_v6_checksum_init(struct sk_buff *skb)
1da177e4 1389{
84fa7933 1390 if (skb->ip_summed == CHECKSUM_COMPLETE) {
684f2176 1391 if (!tcp_v6_check(skb->len, &ipv6_hdr(skb)->saddr,
0660e03f 1392 &ipv6_hdr(skb)->daddr, skb->csum)) {
fb286bb2 1393 skb->ip_summed = CHECKSUM_UNNECESSARY;
1da177e4 1394 return 0;
fb286bb2 1395 }
1da177e4 1396 }
fb286bb2 1397
684f2176 1398 skb->csum = ~csum_unfold(tcp_v6_check(skb->len,
0660e03f
ACM		 1399 &ipv6_hdr(skb)->saddr,
1400 &ipv6_hdr(skb)->daddr, 0));
fb286bb2 1401
1da177e4 1402 if (skb->len <= 76) {
fb286bb2 1403 return __skb_checksum_complete(skb);
1da177e4
LT		 1404 }
1405 return 0;
1406}
1407
1408/* The socket must have it's spinlock held when we get
1409 * here.
1410 *
1411 * We have a potential double-lock case here, so even when
1412 * doing backlog processing we use the BH locking scheme.
1413 * This is because we cannot sleep with the original spinlock
1414 * held.
1415 */
1416static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1417{
1418 struct ipv6_pinfo *np = inet6_sk(sk);
1419 struct tcp_sock *tp;
1420 struct sk_buff *opt_skb = NULL;
1421
1422 /* Imagine: socket is IPv6. IPv4 packet arrives,
1423 goes to IPv4 receive handler and backlogged.
1424 From backlog it always goes here. Kerboom...
1425 Fortunately, tcp_rcv_established and rcv_established
1426 handle them correctly, but it is not case with
1427 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1428 */
1429
1430 if (skb->protocol == htons(ETH_P_IP))
1431 return tcp_v4_do_rcv(sk, skb);
1432
cfb6eeb4
YH		 1433#ifdef CONFIG_TCP_MD5SIG
1434 if (tcp_v6_inbound_md5_hash (sk, skb))
1435 goto discard;
1436#endif
1437
fda9ef5d 1438 if (sk_filter(sk, skb))
1da177e4
LT		 1439 goto discard;
1440
1441 /*
1442 * socket locking is here for SMP purposes as backlog rcv
1443 * is currently called with bh processing disabled.
1444 */
1445
1446 /* Do Stevens' IPV6_PKTOPTIONS.
1447
1448 Yes, guys, it is the only place in our code, where we
1449 may make it not affecting IPv4.
1450 The rest of code is protocol independent,
1451 and I do not like idea to uglify IPv4.
1452
1453 Actually, all the idea behind IPV6_PKTOPTIONS
1454 looks not very well thought. For now we latch
1455 options, received in the last packet, enqueued
1456 by tcp. Feel free to propose better solution.
1ab1457c 1457 --ANK (980728)
1da177e4
LT		 1458 */
1459 if (np->rxopt.all)
1460 opt_skb = skb_clone(skb, GFP_ATOMIC);
1461
1462 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
bdeab991 1463 sock_rps_save_rxhash(sk, skb);
aa8223c7 1464 if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len))
1da177e4 1465 goto reset;
1da177e4
LT		 1466 if (opt_skb)
1467 goto ipv6_pktoptions;
1468 return 0;
1469 }
1470
ab6a5bb6 1471 if (skb->len < tcp_hdrlen(skb) || tcp_checksum_complete(skb))
1da177e4
LT		 1472 goto csum_err;
1473
1ab1457c 1474 if (sk->sk_state == TCP_LISTEN) {
1da177e4
LT		 1475 struct sock *nsk = tcp_v6_hnd_req(sk, skb);
1476 if (!nsk)
1477 goto discard;
1478
1479 /*
1480 * Queue it on the new socket if the new socket is active,
1481 * otherwise we just shortcircuit this and continue with
1482 * the new socket..
1483 */
1ab1457c 1484 if(nsk != sk) {
bdeab991 1485 sock_rps_save_rxhash(nsk, skb);
1da177e4
LT		 1486 if (tcp_child_process(sk, nsk, skb))
1487 goto reset;
1488 if (opt_skb)
1489 __kfree_skb(opt_skb);
1490 return 0;
1491 }
47482f13 1492 } else
bdeab991 1493 sock_rps_save_rxhash(sk, skb);
1da177e4 1494
aa8223c7 1495 if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len))
1da177e4 1496 goto reset;
1da177e4
LT		 1497 if (opt_skb)
1498 goto ipv6_pktoptions;
1499 return 0;
1500
1501reset:
cfb6eeb4 1502 tcp_v6_send_reset(sk, skb);
1da177e4
LT		 1503discard:
1504 if (opt_skb)
1505 __kfree_skb(opt_skb);
1506 kfree_skb(skb);
1507 return 0;
1508csum_err:
63231bdd 1509 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS);
1da177e4
LT		 1510 goto discard;
1511
1512
1513ipv6_pktoptions:
1514 /* Do you ask, what is it?
1515
1516 1. skb was enqueued by tcp.
1517 2. skb is added to tail of read queue, rather than out of order.
1518 3. socket is not in passive state.
1519 4. Finally, it really contains options, which user wants to receive.
1520 */
1521 tp = tcp_sk(sk);
1522 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1523 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
333fad53 1524 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
505cbfc5 1525 np->mcast_oif = inet6_iif(opt_skb);
333fad53 1526 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
0660e03f 1527 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
4c507d28
JB		 1528 if (np->rxopt.bits.rxtclass)
1529 np->rcv_tclass = ipv6_tclass(ipv6_hdr(skb));
1da177e4
LT		 1530 if (ipv6_opt_accepted(sk, opt_skb)) {
1531 skb_set_owner_r(opt_skb, sk);
1532 opt_skb = xchg(&np->pktoptions, opt_skb);
1533 } else {
1534 __kfree_skb(opt_skb);
1535 opt_skb = xchg(&np->pktoptions, NULL);
1536 }
1537 }
1538
800d55f1 1539 kfree_skb(opt_skb);
1da177e4
LT		 1540 return 0;
1541}
1542
e5bbef20 1543static int tcp_v6_rcv(struct sk_buff *skb)
1da177e4 1544{
cf533ea5 1545 const struct tcphdr *th;
b71d1d42 1546 const struct ipv6hdr *hdr;
1da177e4
LT		 1547 struct sock *sk;
1548 int ret;
a86b1e30 1549 struct net *net = dev_net(skb->dev);
1da177e4
LT		 1550
1551 if (skb->pkt_type != PACKET_HOST)
1552 goto discard_it;
1553
1554 /*
1555 * Count it even if it's bad.
1556 */
63231bdd 1557 TCP_INC_STATS_BH(net, TCP_MIB_INSEGS);
1da177e4
LT		 1558
1559 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1560 goto discard_it;
1561
aa8223c7 1562 th = tcp_hdr(skb);
1da177e4
LT		 1563
1564 if (th->doff < sizeof(struct tcphdr)/4)
1565 goto bad_packet;
1566 if (!pskb_may_pull(skb, th->doff*4))
1567 goto discard_it;
1568
60476372 1569 if (!skb_csum_unnecessary(skb) && tcp_v6_checksum_init(skb))
1da177e4
LT		 1570 goto bad_packet;
1571
aa8223c7 1572 th = tcp_hdr(skb);
e802af9c 1573 hdr = ipv6_hdr(skb);
1da177e4
LT		 1574 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1575 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1576 skb->len - th->doff*4);
1577 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1578 TCP_SKB_CB(skb)->when = 0;
b82d1bb4 1579 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1da177e4
LT		 1580 TCP_SKB_CB(skb)->sacked = 0;
1581
9a1f27c4 1582 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
1da177e4
LT		 1583 if (!sk)
1584 goto no_tcp_socket;
1585
1586process:
1587 if (sk->sk_state == TCP_TIME_WAIT)
1588 goto do_time_wait;
1589
e802af9c
SH		 1590 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
1591 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
1592 goto discard_and_relse;
1593 }
1594
1da177e4
LT		 1595 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1596 goto discard_and_relse;
1597
fda9ef5d 1598 if (sk_filter(sk, skb))
1da177e4
LT		 1599 goto discard_and_relse;
1600
1601 skb->dev = NULL;
1602
293b9c42 1603 bh_lock_sock_nested(sk);
1da177e4
LT		 1604 ret = 0;
1605 if (!sock_owned_by_user(sk)) {
1a2449a8 1606#ifdef CONFIG_NET_DMA
1ab1457c 1607 struct tcp_sock *tp = tcp_sk(sk);
b4caea8a 1608 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
a2bd1140 1609 tp->ucopy.dma_chan = net_dma_find_channel();
1ab1457c
YH		 1610 if (tp->ucopy.dma_chan)
1611 ret = tcp_v6_do_rcv(sk, skb);
1612 else
1a2449a8
CL		 1613#endif
1614 {
1615 if (!tcp_prequeue(sk, skb))
1616 ret = tcp_v6_do_rcv(sk, skb);
1617 }
da882c1f
ED		 1618 } else if (unlikely(sk_add_backlog(sk, skb,
1619 sk->sk_rcvbuf + sk->sk_sndbuf))) {
6b03a53a 1620 bh_unlock_sock(sk);
6cce09f8 1621 NET_INC_STATS_BH(net, LINUX_MIB_TCPBACKLOGDROP);
6b03a53a
ZY		 1622 goto discard_and_relse;
1623 }
1da177e4
LT		 1624 bh_unlock_sock(sk);
1625
1626 sock_put(sk);
1627 return ret ? -1 : 0;
1628
1629no_tcp_socket:
1630 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1631 goto discard_it;
1632
1633 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
1634bad_packet:
63231bdd 1635 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
1da177e4 1636 } else {
cfb6eeb4 1637 tcp_v6_send_reset(NULL, skb);
1da177e4
LT		 1638 }
1639
1640discard_it:
1641
1642 /*
1643 * Discard frame
1644 */
1645
1646 kfree_skb(skb);
1647 return 0;
1648
1649discard_and_relse:
1650 sock_put(sk);
1651 goto discard_it;
1652
1653do_time_wait:
1654 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
9469c7b4 1655 inet_twsk_put(inet_twsk(sk));
1da177e4
LT		 1656 goto discard_it;
1657 }
1658
1659 if (skb->len < (th->doff<<2) || tcp_checksum_complete(skb)) {
63231bdd 1660 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
9469c7b4 1661 inet_twsk_put(inet_twsk(sk));
1da177e4
LT		 1662 goto discard_it;
1663 }
1664
9469c7b4 1665 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1da177e4
LT		 1666 case TCP_TW_SYN:
1667 {
1668 struct sock *sk2;
1669
c346dca1 1670 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
0660e03f 1671 &ipv6_hdr(skb)->daddr,
505cbfc5 1672 ntohs(th->dest), inet6_iif(skb));
1da177e4 1673 if (sk2 != NULL) {
295ff7ed
ACM		 1674 struct inet_timewait_sock *tw = inet_twsk(sk);
1675 inet_twsk_deschedule(tw, &tcp_death_row);
1676 inet_twsk_put(tw);
1da177e4
LT		 1677 sk = sk2;
1678 goto process;
1679 }
1680 /* Fall through to ACK */
1681 }
1682 case TCP_TW_ACK:
1683 tcp_v6_timewait_ack(sk, skb);
1684 break;
1685 case TCP_TW_RST:
1686 goto no_tcp_socket;
1687 case TCP_TW_SUCCESS:;
1688 }
1689 goto discard_it;
1690}
1691
ccb7c410
DM		 1692static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1693 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
1694 .twsk_unique = tcp_twsk_unique,
1695 .twsk_destructor= tcp_twsk_destructor,
ccb7c410
DM		 1696};
1697
3b401a81 1698static const struct inet_connection_sock_af_ops ipv6_specific = {
543d9cfe
ACM		 1699 .queue_xmit = inet6_csk_xmit,
1700 .send_check = tcp_v6_send_check,
1701 .rebuild_header = inet6_sk_rebuild_header,
1702 .conn_request = tcp_v6_conn_request,
1703 .syn_recv_sock = tcp_v6_syn_recv_sock,
543d9cfe 1704 .net_header_len = sizeof(struct ipv6hdr),
67469601 1705 .net_frag_header_len = sizeof(struct frag_hdr),
543d9cfe
ACM		 1706 .setsockopt = ipv6_setsockopt,
1707 .getsockopt = ipv6_getsockopt,
1708 .addr2sockaddr = inet6_csk_addr2sockaddr,
1709 .sockaddr_len = sizeof(struct sockaddr_in6),
ab1e0a13 1710 .bind_conflict = inet6_csk_bind_conflict,
3fdadf7d 1711#ifdef CONFIG_COMPAT
543d9cfe
ACM		 1712 .compat_setsockopt = compat_ipv6_setsockopt,
1713 .compat_getsockopt = compat_ipv6_getsockopt,
3fdadf7d 1714#endif
1da177e4
LT		 1715};
1716
cfb6eeb4 1717#ifdef CONFIG_TCP_MD5SIG
b2e4b3de 1718static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
cfb6eeb4 1719 .md5_lookup = tcp_v6_md5_lookup,
49a72dfb 1720 .calc_md5_hash = tcp_v6_md5_hash_skb,
cfb6eeb4 1721 .md5_parse = tcp_v6_parse_md5_keys,
cfb6eeb4 1722};
a928630a 1723#endif
cfb6eeb4 1724
1da177e4
LT		 1725/*
1726 * TCP over IPv4 via INET6 API
1727 */
1728
3b401a81 1729static const struct inet_connection_sock_af_ops ipv6_mapped = {
543d9cfe
ACM		 1730 .queue_xmit = ip_queue_xmit,
1731 .send_check = tcp_v4_send_check,
1732 .rebuild_header = inet_sk_rebuild_header,
1733 .conn_request = tcp_v6_conn_request,
1734 .syn_recv_sock = tcp_v6_syn_recv_sock,
543d9cfe
ACM		 1735 .net_header_len = sizeof(struct iphdr),
1736 .setsockopt = ipv6_setsockopt,
1737 .getsockopt = ipv6_getsockopt,
1738 .addr2sockaddr = inet6_csk_addr2sockaddr,
1739 .sockaddr_len = sizeof(struct sockaddr_in6),
ab1e0a13 1740 .bind_conflict = inet6_csk_bind_conflict,
3fdadf7d 1741#ifdef CONFIG_COMPAT
543d9cfe
ACM		 1742 .compat_setsockopt = compat_ipv6_setsockopt,
1743 .compat_getsockopt = compat_ipv6_getsockopt,
3fdadf7d 1744#endif
1da177e4
LT		 1745};
1746
cfb6eeb4 1747#ifdef CONFIG_TCP_MD5SIG
b2e4b3de 1748static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
cfb6eeb4 1749 .md5_lookup = tcp_v4_md5_lookup,
49a72dfb 1750 .calc_md5_hash = tcp_v4_md5_hash_skb,
cfb6eeb4 1751 .md5_parse = tcp_v6_parse_md5_keys,
cfb6eeb4 1752};
a928630a 1753#endif
cfb6eeb4 1754
1da177e4
LT		 1755/* NOTE: A lot of things set to zero explicitly by call to
1756 * sk_alloc() so need not be done here.
1757 */
1758static int tcp_v6_init_sock(struct sock *sk)
1759{
6687e988 1760 struct inet_connection_sock *icsk = inet_csk(sk);
1da177e4 1761
900f65d3 1762 tcp_init_sock(sk);
1da177e4 1763
8292a17a 1764 icsk->icsk_af_ops = &ipv6_specific;
1da177e4 1765
cfb6eeb4 1766#ifdef CONFIG_TCP_MD5SIG
ac807fa8 1767 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
cfb6eeb4
YH		 1768#endif
1769
1da177e4
LT		 1770 return 0;
1771}
1772
7d06b2e0 1773static void tcp_v6_destroy_sock(struct sock *sk)
1da177e4 1774{
1da177e4 1775 tcp_v4_destroy_sock(sk);
7d06b2e0 1776 inet6_destroy_sock(sk);
1da177e4
LT		 1777}
1778
952a10be 1779#ifdef CONFIG_PROC_FS
1da177e4 1780/* Proc filesystem TCPv6 sock list dumping. */
1ab1457c 1781static void get_openreq6(struct seq_file *seq,
cf533ea5 1782 const struct sock *sk, struct request_sock *req, int i, int uid)
1da177e4 1783{
1da177e4 1784 int ttd = req->expires - jiffies;
b71d1d42
ED		 1785 const struct in6_addr *src = &inet6_rsk(req)->loc_addr;
1786 const struct in6_addr *dest = &inet6_rsk(req)->rmt_addr;
1da177e4
LT		 1787
1788 if (ttd < 0)
1789 ttd = 0;
1790
1da177e4
LT		 1791 seq_printf(seq,
1792 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
71338aa7 1793 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1da177e4
LT		 1794 i,
1795 src->s6_addr32[0], src->s6_addr32[1],
1796 src->s6_addr32[2], src->s6_addr32[3],
fd507037 1797 ntohs(inet_rsk(req)->loc_port),
1da177e4
LT		 1798 dest->s6_addr32[0], dest->s6_addr32[1],
1799 dest->s6_addr32[2], dest->s6_addr32[3],
2e6599cb 1800 ntohs(inet_rsk(req)->rmt_port),
1da177e4
LT		 1801 TCP_SYN_RECV,
1802 0,0, /* could print option size, but that is af dependent. */
1ab1457c
YH		 1803 1, /* timers active (only the expire timer) */
1804 jiffies_to_clock_t(ttd),
1da177e4
LT		 1805 req->retrans,
1806 uid,
1ab1457c 1807 0, /* non standard timer */
1da177e4
LT		 1808 0, /* open_requests have no inode */
1809 0, req);
1810}
1811
1812static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1813{
b71d1d42 1814 const struct in6_addr *dest, *src;
1da177e4
LT		 1815 __u16 destp, srcp;
1816 int timer_active;
1817 unsigned long timer_expires;
cf533ea5
ED		 1818 const struct inet_sock *inet = inet_sk(sp);
1819 const struct tcp_sock *tp = tcp_sk(sp);
463c84b9 1820 const struct inet_connection_sock *icsk = inet_csk(sp);
cf533ea5 1821 const struct ipv6_pinfo *np = inet6_sk(sp);
1da177e4
LT		 1822
1823 dest = &np->daddr;
1824 src = &np->rcv_saddr;
c720c7e8
ED		 1825 destp = ntohs(inet->inet_dport);
1826 srcp = ntohs(inet->inet_sport);
463c84b9
ACM		 1827
1828 if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
1da177e4 1829 timer_active = 1;
463c84b9
ACM		 1830 timer_expires = icsk->icsk_timeout;
1831 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1da177e4 1832 timer_active = 4;
463c84b9 1833 timer_expires = icsk->icsk_timeout;
1da177e4
LT		 1834 } else if (timer_pending(&sp->sk_timer)) {
1835 timer_active = 2;
1836 timer_expires = sp->sk_timer.expires;
1837 } else {
1838 timer_active = 0;
1839 timer_expires = jiffies;
1840 }
1841
1842 seq_printf(seq,
1843 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
71338aa7 1844 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %pK %lu %lu %u %u %d\n",
1da177e4
LT		 1845 i,
1846 src->s6_addr32[0], src->s6_addr32[1],
1847 src->s6_addr32[2], src->s6_addr32[3], srcp,
1848 dest->s6_addr32[0], dest->s6_addr32[1],
1849 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1ab1457c 1850 sp->sk_state,
47da8ee6
SS		 1851 tp->write_seq-tp->snd_una,
1852 (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq),
1da177e4
LT		 1853 timer_active,
1854 jiffies_to_clock_t(timer_expires - jiffies),
463c84b9 1855 icsk->icsk_retransmits,
1da177e4 1856 sock_i_uid(sp),
6687e988 1857 icsk->icsk_probes_out,
1da177e4
LT		 1858 sock_i_ino(sp),
1859 atomic_read(&sp->sk_refcnt), sp,
7be87351
SH		 1860 jiffies_to_clock_t(icsk->icsk_rto),
1861 jiffies_to_clock_t(icsk->icsk_ack.ato),
463c84b9 1862 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
0b6a05c1
IJ		 1863 tp->snd_cwnd,
1864 tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh
1da177e4
LT		 1865 );
1866}
1867
1ab1457c 1868static void get_timewait6_sock(struct seq_file *seq,
8feaf0c0 1869 struct inet_timewait_sock *tw, int i)
1da177e4 1870{
b71d1d42 1871 const struct in6_addr *dest, *src;
1da177e4 1872 __u16 destp, srcp;
cf533ea5 1873 const struct inet6_timewait_sock *tw6 = inet6_twsk((struct sock *)tw);
1da177e4
LT		 1874 int ttd = tw->tw_ttd - jiffies;
1875
1876 if (ttd < 0)
1877 ttd = 0;
1878
0fa1a53e
ACM		 1879 dest = &tw6->tw_v6_daddr;
1880 src = &tw6->tw_v6_rcv_saddr;
1da177e4
LT		 1881 destp = ntohs(tw->tw_dport);
1882 srcp = ntohs(tw->tw_sport);
1883
1884 seq_printf(seq,
1885 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
71338aa7 1886 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1da177e4
LT		 1887 i,
1888 src->s6_addr32[0], src->s6_addr32[1],
1889 src->s6_addr32[2], src->s6_addr32[3], srcp,
1890 dest->s6_addr32[0], dest->s6_addr32[1],
1891 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1892 tw->tw_substate, 0, 0,
1893 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
1894 atomic_read(&tw->tw_refcnt), tw);
1895}
1896
1da177e4
LT		 1897static int tcp6_seq_show(struct seq_file *seq, void *v)
1898{
1899 struct tcp_iter_state *st;
1900
1901 if (v == SEQ_START_TOKEN) {
1902 seq_puts(seq,
1903 " sl "
1904 "local_address "
1905 "remote_address "
1906 "st tx_queue rx_queue tr tm->when retrnsmt"
1907 " uid timeout inode\n");
1908 goto out;
1909 }
1910 st = seq->private;
1911
1912 switch (st->state) {
1913 case TCP_SEQ_STATE_LISTENING:
1914 case TCP_SEQ_STATE_ESTABLISHED:
1915 get_tcp6_sock(seq, v, st->num);
1916 break;
1917 case TCP_SEQ_STATE_OPENREQ:
1918 get_openreq6(seq, st->syn_wait_sk, v, st->num, st->uid);
1919 break;
1920 case TCP_SEQ_STATE_TIME_WAIT:
1921 get_timewait6_sock(seq, v, st->num);
1922 break;
1923 }
1924out:
1925 return 0;
1926}
1927
73cb88ec
AV		 1928static const struct file_operations tcp6_afinfo_seq_fops = {
1929 .owner = THIS_MODULE,
1930 .open = tcp_seq_open,
1931 .read = seq_read,
1932 .llseek = seq_lseek,
1933 .release = seq_release_net
1934};
1935
1da177e4 1936static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1da177e4
LT		 1937 .name = "tcp6",
1938 .family = AF_INET6,
73cb88ec 1939 .seq_fops = &tcp6_afinfo_seq_fops,
9427c4b3
DL		 1940 .seq_ops = {
1941 .show = tcp6_seq_show,
1942 },
1da177e4
LT		 1943};
1944
2c8c1e72 1945int __net_init tcp6_proc_init(struct net *net)
1da177e4 1946{
6f8b13bc 1947 return tcp_proc_register(net, &tcp6_seq_afinfo);
1da177e4
LT		 1948}
1949
6f8b13bc 1950void tcp6_proc_exit(struct net *net)
1da177e4 1951{
6f8b13bc 1952 tcp_proc_unregister(net, &tcp6_seq_afinfo);
1da177e4
LT		 1953}
1954#endif
1955
1956struct proto tcpv6_prot = {
1957 .name = "TCPv6",
1958 .owner = THIS_MODULE,
1959 .close = tcp_close,
1960 .connect = tcp_v6_connect,
1961 .disconnect = tcp_disconnect,
463c84b9 1962 .accept = inet_csk_accept,
1da177e4
LT		 1963 .ioctl = tcp_ioctl,
1964 .init = tcp_v6_init_sock,
1965 .destroy = tcp_v6_destroy_sock,
1966 .shutdown = tcp_shutdown,
1967 .setsockopt = tcp_setsockopt,
1968 .getsockopt = tcp_getsockopt,
1da177e4 1969 .recvmsg = tcp_recvmsg,
7ba42910
CG		 1970 .sendmsg = tcp_sendmsg,
1971 .sendpage = tcp_sendpage,
1da177e4
LT		 1972 .backlog_rcv = tcp_v6_do_rcv,
1973 .hash = tcp_v6_hash,
ab1e0a13
ACM		 1974 .unhash = inet_unhash,
1975 .get_port = inet_csk_get_port,
1da177e4
LT		 1976 .enter_memory_pressure = tcp_enter_memory_pressure,
1977 .sockets_allocated = &tcp_sockets_allocated,
1978 .memory_allocated = &tcp_memory_allocated,
1979 .memory_pressure = &tcp_memory_pressure,
0a5578cf 1980 .orphan_count = &tcp_orphan_count,
1da177e4
LT		 1981 .sysctl_wmem = sysctl_tcp_wmem,
1982 .sysctl_rmem = sysctl_tcp_rmem,
1983 .max_header = MAX_TCP_HEADER,
1984 .obj_size = sizeof(struct tcp6_sock),
3ab5aee7 1985 .slab_flags = SLAB_DESTROY_BY_RCU,
6d6ee43e 1986 .twsk_prot = &tcp6_timewait_sock_ops,
60236fdd 1987 .rsk_prot = &tcp6_request_sock_ops,
39d8cda7 1988 .h.hashinfo = &tcp_hashinfo,
7ba42910 1989 .no_autobind = true,
543d9cfe
ACM		 1990#ifdef CONFIG_COMPAT
1991 .compat_setsockopt = compat_tcp_setsockopt,
1992 .compat_getsockopt = compat_tcp_getsockopt,
1993#endif
d1a4c0b3
GC		 1994#ifdef CONFIG_CGROUP_MEM_RES_CTLR_KMEM
1995 .proto_cgroup = tcp_proto_cgroup,
1996#endif
1da177e4
LT		 1997};
1998
41135cc8 1999static const struct inet6_protocol tcpv6_protocol = {
1da177e4
LT		 2000 .handler = tcp_v6_rcv,
2001 .err_handler = tcp_v6_err,
a430a43d 2002 .gso_send_check = tcp_v6_gso_send_check,
adcfc7d0 2003 .gso_segment = tcp_tso_segment,
684f2176
HX		 2004 .gro_receive = tcp6_gro_receive,
2005 .gro_complete = tcp6_gro_complete,
1da177e4
LT		 2006 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2007};
2008
1da177e4
LT		 2009static struct inet_protosw tcpv6_protosw = {
2010 .type = SOCK_STREAM,
2011 .protocol = IPPROTO_TCP,
2012 .prot = &tcpv6_prot,
2013 .ops = &inet6_stream_ops,
1da177e4 2014 .no_check = 0,
d83d8461
ACM		 2015 .flags = INET_PROTOSW_PERMANENT |
2016 INET_PROTOSW_ICSK,
1da177e4
LT		 2017};
2018
2c8c1e72 2019static int __net_init tcpv6_net_init(struct net *net)
93ec926b 2020{
5677242f
DL		 2021 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2022 SOCK_RAW, IPPROTO_TCP, net);
93ec926b
DL		 2023}
2024
2c8c1e72 2025static void __net_exit tcpv6_net_exit(struct net *net)
93ec926b 2026{
5677242f 2027 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
b099ce26
EB		 2028}
2029
2c8c1e72 2030static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
b099ce26
EB		 2031{
2032 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET6);
93ec926b
DL		 2033}
2034
2035static struct pernet_operations tcpv6_net_ops = {
b099ce26
EB		 2036 .init = tcpv6_net_init,
2037 .exit = tcpv6_net_exit,
2038 .exit_batch = tcpv6_net_exit_batch,
93ec926b
DL		 2039};
2040
7f4e4868 2041int __init tcpv6_init(void)
1da177e4 2042{
7f4e4868
DL		 2043 int ret;
2044
2045 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2046 if (ret)
2047 goto out;
2048
1da177e4 2049 /* register inet6 protocol */
7f4e4868
DL		 2050 ret = inet6_register_protosw(&tcpv6_protosw);
2051 if (ret)
2052 goto out_tcpv6_protocol;
2053
93ec926b 2054 ret = register_pernet_subsys(&tcpv6_net_ops);
7f4e4868
DL		 2055 if (ret)
2056 goto out_tcpv6_protosw;
2057out:
2058 return ret;
ae0f7d5f 2059
7f4e4868
DL		 2060out_tcpv6_protocol:
2061 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2062out_tcpv6_protosw:
2063 inet6_unregister_protosw(&tcpv6_protosw);
2064 goto out;
2065}
2066
09f7709f 2067void tcpv6_exit(void)
7f4e4868 2068{
93ec926b 2069 unregister_pernet_subsys(&tcpv6_net_ops);
7f4e4868
DL		 2070 inet6_unregister_protosw(&tcpv6_protosw);
2071 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
1da177e4 2072}
Linux 6.x block layer and io_uring tree(s)