b620d9b72e595ba4390b3e02ff8a0bbafa49eebe
[muen/linux.git] / net / ipv6 / tcp_ipv6.c
1 /*
2  *      TCP over IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *
8  *      Based on:
9  *      linux/net/ipv4/tcp.c
10  *      linux/net/ipv4/tcp_input.c
11  *      linux/net/ipv4/tcp_output.c
12  *
13  *      Fixes:
14  *      Hideaki YOSHIFUJI       :       sin6_scope_id support
15  *      YOSHIFUJI Hideaki @USAGI and:   Support IPV6_V6ONLY socket option, which
16  *      Alexey Kuznetsov                allow both IPv4 and IPv6 sockets to bind
17  *                                      a single port at the same time.
18  *      YOSHIFUJI Hideaki @USAGI:       convert /proc/net/tcp6 to seq_file.
19  *
20  *      This program is free software; you can redistribute it and/or
21  *      modify it under the terms of the GNU General Public License
22  *      as published by the Free Software Foundation; either version
23  *      2 of the License, or (at your option) any later version.
24  */
25
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
34 #include <linux/in.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
41 #include <linux/slab.h>
42 #include <linux/uaccess.h>
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
46
47 #include <net/tcp.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
51 #include <net/ipv6.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
58 #include <net/xfrm.h>
59 #include <net/snmp.h>
60 #include <net/dsfield.h>
61 #include <net/timewait_sock.h>
62 #include <net/inet_common.h>
63 #include <net/secure_seq.h>
64 #include <net/busy_poll.h>
65
66 #include <linux/proc_fs.h>
67 #include <linux/seq_file.h>
68
69 #include <crypto/hash.h>
70 #include <linux/scatterlist.h>
71
72 #include <trace/events/tcp.h>
73
74 static void     tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb);
75 static void     tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
76                                       struct request_sock *req);
77
78 static int      tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
79
80 static const struct inet_connection_sock_af_ops ipv6_mapped;
81 static const struct inet_connection_sock_af_ops ipv6_specific;
82 #ifdef CONFIG_TCP_MD5SIG
83 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
84 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
85 #else
86 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
87                                                    const struct in6_addr *addr)
88 {
89         return NULL;
90 }
91 #endif
92
93 static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
94 {
95         struct dst_entry *dst = skb_dst(skb);
96
97         if (dst && dst_hold_safe(dst)) {
98                 const struct rt6_info *rt = (const struct rt6_info *)dst;
99
100                 sk->sk_rx_dst = dst;
101                 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
102                 inet6_sk(sk)->rx_dst_cookie = rt6_get_cookie(rt);
103         }
104 }
105
106 static u32 tcp_v6_init_seq(const struct sk_buff *skb)
107 {
108         return secure_tcpv6_seq(ipv6_hdr(skb)->daddr.s6_addr32,
109                                 ipv6_hdr(skb)->saddr.s6_addr32,
110                                 tcp_hdr(skb)->dest,
111                                 tcp_hdr(skb)->source);
112 }
113
114 static u32 tcp_v6_init_ts_off(const struct net *net, const struct sk_buff *skb)
115 {
116         return secure_tcpv6_ts_off(net, ipv6_hdr(skb)->daddr.s6_addr32,
117                                    ipv6_hdr(skb)->saddr.s6_addr32);
118 }
119
120 static int tcp_v6_pre_connect(struct sock *sk, struct sockaddr *uaddr,
121                               int addr_len)
122 {
123         /* This check is replicated from tcp_v6_connect() and intended to
124          * prevent BPF program called below from accessing bytes that are out
125          * of the bound specified by user in addr_len.
126          */
127         if (addr_len < SIN6_LEN_RFC2133)
128                 return -EINVAL;
129
130         sock_owned_by_me(sk);
131
132         return BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr);
133 }
134
135 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
136                           int addr_len)
137 {
138         struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
139         struct inet_sock *inet = inet_sk(sk);
140         struct inet_connection_sock *icsk = inet_csk(sk);
141         struct ipv6_pinfo *np = inet6_sk(sk);
142         struct tcp_sock *tp = tcp_sk(sk);
143         struct in6_addr *saddr = NULL, *final_p, final;
144         struct ipv6_txoptions *opt;
145         struct flowi6 fl6;
146         struct dst_entry *dst;
147         int addr_type;
148         int err;
149         struct inet_timewait_death_row *tcp_death_row = &sock_net(sk)->ipv4.tcp_death_row;
150
151         if (addr_len < SIN6_LEN_RFC2133)
152                 return -EINVAL;
153
154         if (usin->sin6_family != AF_INET6)
155                 return -EAFNOSUPPORT;
156
157         memset(&fl6, 0, sizeof(fl6));
158
159         if (np->sndflow) {
160                 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
161                 IP6_ECN_flow_init(fl6.flowlabel);
162                 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
163                         struct ip6_flowlabel *flowlabel;
164                         flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
165                         if (!flowlabel)
166                                 return -EINVAL;
167                         fl6_sock_release(flowlabel);
168                 }
169         }
170
171         /*
172          *      connect() to INADDR_ANY means loopback (BSD'ism).
173          */
174
175         if (ipv6_addr_any(&usin->sin6_addr)) {
176                 if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr))
177                         ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK),
178                                                &usin->sin6_addr);
179                 else
180                         usin->sin6_addr = in6addr_loopback;
181         }
182
183         addr_type = ipv6_addr_type(&usin->sin6_addr);
184
185         if (addr_type & IPV6_ADDR_MULTICAST)
186                 return -ENETUNREACH;
187
188         if (addr_type&IPV6_ADDR_LINKLOCAL) {
189                 if (addr_len >= sizeof(struct sockaddr_in6) &&
190                     usin->sin6_scope_id) {
191                         /* If interface is set while binding, indices
192                          * must coincide.
193                          */
194                         if (!sk_dev_equal_l3scope(sk, usin->sin6_scope_id))
195                                 return -EINVAL;
196
197                         sk->sk_bound_dev_if = usin->sin6_scope_id;
198                 }
199
200                 /* Connect to link-local address requires an interface */
201                 if (!sk->sk_bound_dev_if)
202                         return -EINVAL;
203         }
204
205         if (tp->rx_opt.ts_recent_stamp &&
206             !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
207                 tp->rx_opt.ts_recent = 0;
208                 tp->rx_opt.ts_recent_stamp = 0;
209                 tp->write_seq = 0;
210         }
211
212         sk->sk_v6_daddr = usin->sin6_addr;
213         np->flow_label = fl6.flowlabel;
214
215         /*
216          *      TCP over IPv4
217          */
218
219         if (addr_type & IPV6_ADDR_MAPPED) {
220                 u32 exthdrlen = icsk->icsk_ext_hdr_len;
221                 struct sockaddr_in sin;
222
223                 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
224
225                 if (__ipv6_only_sock(sk))
226                         return -ENETUNREACH;
227
228                 sin.sin_family = AF_INET;
229                 sin.sin_port = usin->sin6_port;
230                 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
231
232                 icsk->icsk_af_ops = &ipv6_mapped;
233                 sk->sk_backlog_rcv = tcp_v4_do_rcv;
234 #ifdef CONFIG_TCP_MD5SIG
235                 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
236 #endif
237
238                 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
239
240                 if (err) {
241                         icsk->icsk_ext_hdr_len = exthdrlen;
242                         icsk->icsk_af_ops = &ipv6_specific;
243                         sk->sk_backlog_rcv = tcp_v6_do_rcv;
244 #ifdef CONFIG_TCP_MD5SIG
245                         tp->af_specific = &tcp_sock_ipv6_specific;
246 #endif
247                         goto failure;
248                 }
249                 np->saddr = sk->sk_v6_rcv_saddr;
250
251                 return err;
252         }
253
254         if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
255                 saddr = &sk->sk_v6_rcv_saddr;
256
257         fl6.flowi6_proto = IPPROTO_TCP;
258         fl6.daddr = sk->sk_v6_daddr;
259         fl6.saddr = saddr ? *saddr : np->saddr;
260         fl6.flowi6_oif = sk->sk_bound_dev_if;
261         fl6.flowi6_mark = sk->sk_mark;
262         fl6.fl6_dport = usin->sin6_port;
263         fl6.fl6_sport = inet->inet_sport;
264         fl6.flowi6_uid = sk->sk_uid;
265
266         opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
267         final_p = fl6_update_dst(&fl6, opt, &final);
268
269         security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
270
271         dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
272         if (IS_ERR(dst)) {
273                 err = PTR_ERR(dst);
274                 goto failure;
275         }
276
277         if (!saddr) {
278                 saddr = &fl6.saddr;
279                 sk->sk_v6_rcv_saddr = *saddr;
280         }
281
282         /* set the source address */
283         np->saddr = *saddr;
284         inet->inet_rcv_saddr = LOOPBACK4_IPV6;
285
286         sk->sk_gso_type = SKB_GSO_TCPV6;
287         ip6_dst_store(sk, dst, NULL, NULL);
288
289         icsk->icsk_ext_hdr_len = 0;
290         if (opt)
291                 icsk->icsk_ext_hdr_len = opt->opt_flen +
292                                          opt->opt_nflen;
293
294         tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
295
296         inet->inet_dport = usin->sin6_port;
297
298         tcp_set_state(sk, TCP_SYN_SENT);
299         err = inet6_hash_connect(tcp_death_row, sk);
300         if (err)
301                 goto late_failure;
302
303         sk_set_txhash(sk);
304
305         if (likely(!tp->repair)) {
306                 if (!tp->write_seq)
307                         tp->write_seq = secure_tcpv6_seq(np->saddr.s6_addr32,
308                                                          sk->sk_v6_daddr.s6_addr32,
309                                                          inet->inet_sport,
310                                                          inet->inet_dport);
311                 tp->tsoffset = secure_tcpv6_ts_off(sock_net(sk),
312                                                    np->saddr.s6_addr32,
313                                                    sk->sk_v6_daddr.s6_addr32);
314         }
315
316         if (tcp_fastopen_defer_connect(sk, &err))
317                 return err;
318         if (err)
319                 goto late_failure;
320
321         err = tcp_connect(sk);
322         if (err)
323                 goto late_failure;
324
325         return 0;
326
327 late_failure:
328         tcp_set_state(sk, TCP_CLOSE);
329 failure:
330         inet->inet_dport = 0;
331         sk->sk_route_caps = 0;
332         return err;
333 }
334
335 static void tcp_v6_mtu_reduced(struct sock *sk)
336 {
337         struct dst_entry *dst;
338
339         if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
340                 return;
341
342         dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info);
343         if (!dst)
344                 return;
345
346         if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
347                 tcp_sync_mss(sk, dst_mtu(dst));
348                 tcp_simple_retransmit(sk);
349         }
350 }
351
352 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
353                 u8 type, u8 code, int offset, __be32 info)
354 {
355         const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
356         const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
357         struct net *net = dev_net(skb->dev);
358         struct request_sock *fastopen;
359         struct ipv6_pinfo *np;
360         struct tcp_sock *tp;
361         __u32 seq, snd_una;
362         struct sock *sk;
363         bool fatal;
364         int err;
365
366         sk = __inet6_lookup_established(net, &tcp_hashinfo,
367                                         &hdr->daddr, th->dest,
368                                         &hdr->saddr, ntohs(th->source),
369                                         skb->dev->ifindex, inet6_sdif(skb));
370
371         if (!sk) {
372                 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev),
373                                   ICMP6_MIB_INERRORS);
374                 return;
375         }
376
377         if (sk->sk_state == TCP_TIME_WAIT) {
378                 inet_twsk_put(inet_twsk(sk));
379                 return;
380         }
381         seq = ntohl(th->seq);
382         fatal = icmpv6_err_convert(type, code, &err);
383         if (sk->sk_state == TCP_NEW_SYN_RECV)
384                 return tcp_req_err(sk, seq, fatal);
385
386         bh_lock_sock(sk);
387         if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
388                 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS);
389
390         if (sk->sk_state == TCP_CLOSE)
391                 goto out;
392
393         if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) {
394                 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
395                 goto out;
396         }
397
398         tp = tcp_sk(sk);
399         /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
400         fastopen = tp->fastopen_rsk;
401         snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
402         if (sk->sk_state != TCP_LISTEN &&
403             !between(seq, snd_una, tp->snd_nxt)) {
404                 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
405                 goto out;
406         }
407
408         np = inet6_sk(sk);
409
410         if (type == NDISC_REDIRECT) {
411                 if (!sock_owned_by_user(sk)) {
412                         struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
413
414                         if (dst)
415                                 dst->ops->redirect(dst, sk, skb);
416                 }
417                 goto out;
418         }
419
420         if (type == ICMPV6_PKT_TOOBIG) {
421                 /* We are not interested in TCP_LISTEN and open_requests
422                  * (SYN-ACKs send out by Linux are always <576bytes so
423                  * they should go through unfragmented).
424                  */
425                 if (sk->sk_state == TCP_LISTEN)
426                         goto out;
427
428                 if (!ip6_sk_accept_pmtu(sk))
429                         goto out;
430
431                 tp->mtu_info = ntohl(info);
432                 if (!sock_owned_by_user(sk))
433                         tcp_v6_mtu_reduced(sk);
434                 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
435                                            &sk->sk_tsq_flags))
436                         sock_hold(sk);
437                 goto out;
438         }
439
440
441         /* Might be for an request_sock */
442         switch (sk->sk_state) {
443         case TCP_SYN_SENT:
444         case TCP_SYN_RECV:
445                 /* Only in fast or simultaneous open. If a fast open socket is
446                  * is already accepted it is treated as a connected one below.
447                  */
448                 if (fastopen && !fastopen->sk)
449                         break;
450
451                 if (!sock_owned_by_user(sk)) {
452                         sk->sk_err = err;
453                         sk->sk_error_report(sk);                /* Wake people up to see the error (see connect in sock.c) */
454
455                         tcp_done(sk);
456                 } else
457                         sk->sk_err_soft = err;
458                 goto out;
459         }
460
461         if (!sock_owned_by_user(sk) && np->recverr) {
462                 sk->sk_err = err;
463                 sk->sk_error_report(sk);
464         } else
465                 sk->sk_err_soft = err;
466
467 out:
468         bh_unlock_sock(sk);
469         sock_put(sk);
470 }
471
472
473 static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst,
474                               struct flowi *fl,
475                               struct request_sock *req,
476                               struct tcp_fastopen_cookie *foc,
477                               enum tcp_synack_type synack_type)
478 {
479         struct inet_request_sock *ireq = inet_rsk(req);
480         struct ipv6_pinfo *np = inet6_sk(sk);
481         struct ipv6_txoptions *opt;
482         struct flowi6 *fl6 = &fl->u.ip6;
483         struct sk_buff *skb;
484         int err = -ENOMEM;
485
486         /* First, grab a route. */
487         if (!dst && (dst = inet6_csk_route_req(sk, fl6, req,
488                                                IPPROTO_TCP)) == NULL)
489                 goto done;
490
491         skb = tcp_make_synack(sk, dst, req, foc, synack_type);
492
493         if (skb) {
494                 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
495                                     &ireq->ir_v6_rmt_addr);
496
497                 fl6->daddr = ireq->ir_v6_rmt_addr;
498                 if (np->repflow && ireq->pktopts)
499                         fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
500
501                 rcu_read_lock();
502                 opt = ireq->ipv6_opt;
503                 if (!opt)
504                         opt = rcu_dereference(np->opt);
505                 err = ip6_xmit(sk, skb, fl6, sk->sk_mark, opt, np->tclass);
506                 rcu_read_unlock();
507                 err = net_xmit_eval(err);
508         }
509
510 done:
511         return err;
512 }
513
514
515 static void tcp_v6_reqsk_destructor(struct request_sock *req)
516 {
517         kfree(inet_rsk(req)->ipv6_opt);
518         kfree_skb(inet_rsk(req)->pktopts);
519 }
520
521 #ifdef CONFIG_TCP_MD5SIG
522 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
523                                                    const struct in6_addr *addr)
524 {
525         return tcp_md5_do_lookup(sk, (union tcp_md5_addr *)addr, AF_INET6);
526 }
527
528 static struct tcp_md5sig_key *tcp_v6_md5_lookup(const struct sock *sk,
529                                                 const struct sock *addr_sk)
530 {
531         return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr);
532 }
533
534 static int tcp_v6_parse_md5_keys(struct sock *sk, int optname,
535                                  char __user *optval, int optlen)
536 {
537         struct tcp_md5sig cmd;
538         struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
539         u8 prefixlen;
540
541         if (optlen < sizeof(cmd))
542                 return -EINVAL;
543
544         if (copy_from_user(&cmd, optval, sizeof(cmd)))
545                 return -EFAULT;
546
547         if (sin6->sin6_family != AF_INET6)
548                 return -EINVAL;
549
550         if (optname == TCP_MD5SIG_EXT &&
551             cmd.tcpm_flags & TCP_MD5SIG_FLAG_PREFIX) {
552                 prefixlen = cmd.tcpm_prefixlen;
553                 if (prefixlen > 128 || (ipv6_addr_v4mapped(&sin6->sin6_addr) &&
554                                         prefixlen > 32))
555                         return -EINVAL;
556         } else {
557                 prefixlen = ipv6_addr_v4mapped(&sin6->sin6_addr) ? 32 : 128;
558         }
559
560         if (!cmd.tcpm_keylen) {
561                 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
562                         return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
563                                               AF_INET, prefixlen);
564                 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
565                                       AF_INET6, prefixlen);
566         }
567
568         if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
569                 return -EINVAL;
570
571         if (ipv6_addr_v4mapped(&sin6->sin6_addr))
572                 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
573                                       AF_INET, prefixlen, cmd.tcpm_key,
574                                       cmd.tcpm_keylen, GFP_KERNEL);
575
576         return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
577                               AF_INET6, prefixlen, cmd.tcpm_key,
578                               cmd.tcpm_keylen, GFP_KERNEL);
579 }
580
581 static int tcp_v6_md5_hash_headers(struct tcp_md5sig_pool *hp,
582                                    const struct in6_addr *daddr,
583                                    const struct in6_addr *saddr,
584                                    const struct tcphdr *th, int nbytes)
585 {
586         struct tcp6_pseudohdr *bp;
587         struct scatterlist sg;
588         struct tcphdr *_th;
589
590         bp = hp->scratch;
591         /* 1. TCP pseudo-header (RFC2460) */
592         bp->saddr = *saddr;
593         bp->daddr = *daddr;
594         bp->protocol = cpu_to_be32(IPPROTO_TCP);
595         bp->len = cpu_to_be32(nbytes);
596
597         _th = (struct tcphdr *)(bp + 1);
598         memcpy(_th, th, sizeof(*th));
599         _th->check = 0;
600
601         sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th));
602         ahash_request_set_crypt(hp->md5_req, &sg, NULL,
603                                 sizeof(*bp) + sizeof(*th));
604         return crypto_ahash_update(hp->md5_req);
605 }
606
607 static int tcp_v6_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
608                                const struct in6_addr *daddr, struct in6_addr *saddr,
609                                const struct tcphdr *th)
610 {
611         struct tcp_md5sig_pool *hp;
612         struct ahash_request *req;
613
614         hp = tcp_get_md5sig_pool();
615         if (!hp)
616                 goto clear_hash_noput;
617         req = hp->md5_req;
618
619         if (crypto_ahash_init(req))
620                 goto clear_hash;
621         if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, th->doff << 2))
622                 goto clear_hash;
623         if (tcp_md5_hash_key(hp, key))
624                 goto clear_hash;
625         ahash_request_set_crypt(req, NULL, md5_hash, 0);
626         if (crypto_ahash_final(req))
627                 goto clear_hash;
628
629         tcp_put_md5sig_pool();
630         return 0;
631
632 clear_hash:
633         tcp_put_md5sig_pool();
634 clear_hash_noput:
635         memset(md5_hash, 0, 16);
636         return 1;
637 }
638
639 static int tcp_v6_md5_hash_skb(char *md5_hash,
640                                const struct tcp_md5sig_key *key,
641                                const struct sock *sk,
642                                const struct sk_buff *skb)
643 {
644         const struct in6_addr *saddr, *daddr;
645         struct tcp_md5sig_pool *hp;
646         struct ahash_request *req;
647         const struct tcphdr *th = tcp_hdr(skb);
648
649         if (sk) { /* valid for establish/request sockets */
650                 saddr = &sk->sk_v6_rcv_saddr;
651                 daddr = &sk->sk_v6_daddr;
652         } else {
653                 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
654                 saddr = &ip6h->saddr;
655                 daddr = &ip6h->daddr;
656         }
657
658         hp = tcp_get_md5sig_pool();
659         if (!hp)
660                 goto clear_hash_noput;
661         req = hp->md5_req;
662
663         if (crypto_ahash_init(req))
664                 goto clear_hash;
665
666         if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, skb->len))
667                 goto clear_hash;
668         if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
669                 goto clear_hash;
670         if (tcp_md5_hash_key(hp, key))
671                 goto clear_hash;
672         ahash_request_set_crypt(req, NULL, md5_hash, 0);
673         if (crypto_ahash_final(req))
674                 goto clear_hash;
675
676         tcp_put_md5sig_pool();
677         return 0;
678
679 clear_hash:
680         tcp_put_md5sig_pool();
681 clear_hash_noput:
682         memset(md5_hash, 0, 16);
683         return 1;
684 }
685
686 #endif
687
688 static bool tcp_v6_inbound_md5_hash(const struct sock *sk,
689                                     const struct sk_buff *skb)
690 {
691 #ifdef CONFIG_TCP_MD5SIG
692         const __u8 *hash_location = NULL;
693         struct tcp_md5sig_key *hash_expected;
694         const struct ipv6hdr *ip6h = ipv6_hdr(skb);
695         const struct tcphdr *th = tcp_hdr(skb);
696         int genhash;
697         u8 newhash[16];
698
699         hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
700         hash_location = tcp_parse_md5sig_option(th);
701
702         /* We've parsed the options - do we have a hash? */
703         if (!hash_expected && !hash_location)
704                 return false;
705
706         if (hash_expected && !hash_location) {
707                 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
708                 return true;
709         }
710
711         if (!hash_expected && hash_location) {
712                 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
713                 return true;
714         }
715
716         /* check the signature */
717         genhash = tcp_v6_md5_hash_skb(newhash,
718                                       hash_expected,
719                                       NULL, skb);
720
721         if (genhash || memcmp(hash_location, newhash, 16) != 0) {
722                 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5FAILURE);
723                 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
724                                      genhash ? "failed" : "mismatch",
725                                      &ip6h->saddr, ntohs(th->source),
726                                      &ip6h->daddr, ntohs(th->dest));
727                 return true;
728         }
729 #endif
730         return false;
731 }
732
733 static void tcp_v6_init_req(struct request_sock *req,
734                             const struct sock *sk_listener,
735                             struct sk_buff *skb)
736 {
737         struct inet_request_sock *ireq = inet_rsk(req);
738         const struct ipv6_pinfo *np = inet6_sk(sk_listener);
739
740         ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
741         ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
742
743         /* So that link locals have meaning */
744         if (!sk_listener->sk_bound_dev_if &&
745             ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
746                 ireq->ir_iif = tcp_v6_iif(skb);
747
748         if (!TCP_SKB_CB(skb)->tcp_tw_isn &&
749             (ipv6_opt_accepted(sk_listener, skb, &TCP_SKB_CB(skb)->header.h6) ||
750              np->rxopt.bits.rxinfo ||
751              np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim ||
752              np->rxopt.bits.rxohlim || np->repflow)) {
753                 refcount_inc(&skb->users);
754                 ireq->pktopts = skb;
755         }
756 }
757
758 static struct dst_entry *tcp_v6_route_req(const struct sock *sk,
759                                           struct flowi *fl,
760                                           const struct request_sock *req)
761 {
762         return inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP);
763 }
764
765 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
766         .family         =       AF_INET6,
767         .obj_size       =       sizeof(struct tcp6_request_sock),
768         .rtx_syn_ack    =       tcp_rtx_synack,
769         .send_ack       =       tcp_v6_reqsk_send_ack,
770         .destructor     =       tcp_v6_reqsk_destructor,
771         .send_reset     =       tcp_v6_send_reset,
772         .syn_ack_timeout =      tcp_syn_ack_timeout,
773 };
774
775 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
776         .mss_clamp      =       IPV6_MIN_MTU - sizeof(struct tcphdr) -
777                                 sizeof(struct ipv6hdr),
778 #ifdef CONFIG_TCP_MD5SIG
779         .req_md5_lookup =       tcp_v6_md5_lookup,
780         .calc_md5_hash  =       tcp_v6_md5_hash_skb,
781 #endif
782         .init_req       =       tcp_v6_init_req,
783 #ifdef CONFIG_SYN_COOKIES
784         .cookie_init_seq =      cookie_v6_init_sequence,
785 #endif
786         .route_req      =       tcp_v6_route_req,
787         .init_seq       =       tcp_v6_init_seq,
788         .init_ts_off    =       tcp_v6_init_ts_off,
789         .send_synack    =       tcp_v6_send_synack,
790 };
791
792 static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 seq,
793                                  u32 ack, u32 win, u32 tsval, u32 tsecr,
794                                  int oif, struct tcp_md5sig_key *key, int rst,
795                                  u8 tclass, __be32 label)
796 {
797         const struct tcphdr *th = tcp_hdr(skb);
798         struct tcphdr *t1;
799         struct sk_buff *buff;
800         struct flowi6 fl6;
801         struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
802         struct sock *ctl_sk = net->ipv6.tcp_sk;
803         unsigned int tot_len = sizeof(struct tcphdr);
804         struct dst_entry *dst;
805         __be32 *topt;
806         __u32 mark = 0;
807
808         if (tsecr)
809                 tot_len += TCPOLEN_TSTAMP_ALIGNED;
810 #ifdef CONFIG_TCP_MD5SIG
811         if (key)
812                 tot_len += TCPOLEN_MD5SIG_ALIGNED;
813 #endif
814
815         buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
816                          GFP_ATOMIC);
817         if (!buff)
818                 return;
819
820         skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
821
822         t1 = skb_push(buff, tot_len);
823         skb_reset_transport_header(buff);
824
825         /* Swap the send and the receive. */
826         memset(t1, 0, sizeof(*t1));
827         t1->dest = th->source;
828         t1->source = th->dest;
829         t1->doff = tot_len / 4;
830         t1->seq = htonl(seq);
831         t1->ack_seq = htonl(ack);
832         t1->ack = !rst || !th->ack;
833         t1->rst = rst;
834         t1->window = htons(win);
835
836         topt = (__be32 *)(t1 + 1);
837
838         if (tsecr) {
839                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
840                                 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
841                 *topt++ = htonl(tsval);
842                 *topt++ = htonl(tsecr);
843         }
844
845 #ifdef CONFIG_TCP_MD5SIG
846         if (key) {
847                 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
848                                 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
849                 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
850                                     &ipv6_hdr(skb)->saddr,
851                                     &ipv6_hdr(skb)->daddr, t1);
852         }
853 #endif
854
855         memset(&fl6, 0, sizeof(fl6));
856         fl6.daddr = ipv6_hdr(skb)->saddr;
857         fl6.saddr = ipv6_hdr(skb)->daddr;
858         fl6.flowlabel = label;
859
860         buff->ip_summed = CHECKSUM_PARTIAL;
861         buff->csum = 0;
862
863         __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
864
865         fl6.flowi6_proto = IPPROTO_TCP;
866         if (rt6_need_strict(&fl6.daddr) && !oif)
867                 fl6.flowi6_oif = tcp_v6_iif(skb);
868         else {
869                 if (!oif && netif_index_is_l3_master(net, skb->skb_iif))
870                         oif = skb->skb_iif;
871
872                 fl6.flowi6_oif = oif;
873         }
874
875         if (sk)
876                 mark = (sk->sk_state == TCP_TIME_WAIT) ?
877                         inet_twsk(sk)->tw_mark : sk->sk_mark;
878         fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark) ?: mark;
879         fl6.fl6_dport = t1->dest;
880         fl6.fl6_sport = t1->source;
881         fl6.flowi6_uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL);
882         security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
883
884         /* Pass a socket to ip6_dst_lookup either it is for RST
885          * Underlying function will use this to retrieve the network
886          * namespace
887          */
888         dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
889         if (!IS_ERR(dst)) {
890                 skb_dst_set(buff, dst);
891                 ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL, tclass);
892                 TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
893                 if (rst)
894                         TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
895                 return;
896         }
897
898         kfree_skb(buff);
899 }
900
901 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb)
902 {
903         const struct tcphdr *th = tcp_hdr(skb);
904         u32 seq = 0, ack_seq = 0;
905         struct tcp_md5sig_key *key = NULL;
906 #ifdef CONFIG_TCP_MD5SIG
907         const __u8 *hash_location = NULL;
908         struct ipv6hdr *ipv6h = ipv6_hdr(skb);
909         unsigned char newhash[16];
910         int genhash;
911         struct sock *sk1 = NULL;
912 #endif
913         int oif = 0;
914
915         if (th->rst)
916                 return;
917
918         /* If sk not NULL, it means we did a successful lookup and incoming
919          * route had to be correct. prequeue might have dropped our dst.
920          */
921         if (!sk && !ipv6_unicast_destination(skb))
922                 return;
923
924 #ifdef CONFIG_TCP_MD5SIG
925         rcu_read_lock();
926         hash_location = tcp_parse_md5sig_option(th);
927         if (sk && sk_fullsock(sk)) {
928                 key = tcp_v6_md5_do_lookup(sk, &ipv6h->saddr);
929         } else if (hash_location) {
930                 /*
931                  * active side is lost. Try to find listening socket through
932                  * source port, and then find md5 key through listening socket.
933                  * we are not loose security here:
934                  * Incoming packet is checked with md5 hash with finding key,
935                  * no RST generated if md5 hash doesn't match.
936                  */
937                 sk1 = inet6_lookup_listener(dev_net(skb_dst(skb)->dev),
938                                            &tcp_hashinfo, NULL, 0,
939                                            &ipv6h->saddr,
940                                            th->source, &ipv6h->daddr,
941                                            ntohs(th->source), tcp_v6_iif(skb),
942                                            tcp_v6_sdif(skb));
943                 if (!sk1)
944                         goto out;
945
946                 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr);
947                 if (!key)
948                         goto out;
949
950                 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, skb);
951                 if (genhash || memcmp(hash_location, newhash, 16) != 0)
952                         goto out;
953         }
954 #endif
955
956         if (th->ack)
957                 seq = ntohl(th->ack_seq);
958         else
959                 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
960                           (th->doff << 2);
961
962         if (sk) {
963                 oif = sk->sk_bound_dev_if;
964                 if (sk_fullsock(sk))
965                         trace_tcp_send_reset(sk, skb);
966         }
967
968         tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, key, 1, 0, 0);
969
970 #ifdef CONFIG_TCP_MD5SIG
971 out:
972         rcu_read_unlock();
973 #endif
974 }
975
976 static void tcp_v6_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq,
977                             u32 ack, u32 win, u32 tsval, u32 tsecr, int oif,
978                             struct tcp_md5sig_key *key, u8 tclass,
979                             __be32 label)
980 {
981         tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, key, 0,
982                              tclass, label);
983 }
984
985 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
986 {
987         struct inet_timewait_sock *tw = inet_twsk(sk);
988         struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
989
990         tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
991                         tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
992                         tcp_time_stamp_raw() + tcptw->tw_ts_offset,
993                         tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw),
994                         tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel));
995
996         inet_twsk_put(tw);
997 }
998
999 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
1000                                   struct request_sock *req)
1001 {
1002         /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
1003          * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
1004          */
1005         /* RFC 7323 2.3
1006          * The window field (SEG.WND) of every outgoing segment, with the
1007          * exception of <SYN> segments, MUST be right-shifted by
1008          * Rcv.Wind.Shift bits:
1009          */
1010         tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ?
1011                         tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
1012                         tcp_rsk(req)->rcv_nxt,
1013                         req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale,
1014                         tcp_time_stamp_raw() + tcp_rsk(req)->ts_off,
1015                         req->ts_recent, sk->sk_bound_dev_if,
1016                         tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->saddr),
1017                         0, 0);
1018 }
1019
1020
1021 static struct sock *tcp_v6_cookie_check(struct sock *sk, struct sk_buff *skb)
1022 {
1023 #ifdef CONFIG_SYN_COOKIES
1024         const struct tcphdr *th = tcp_hdr(skb);
1025
1026         if (!th->syn)
1027                 sk = cookie_v6_check(sk, skb);
1028 #endif
1029         return sk;
1030 }
1031
1032 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1033 {
1034         if (skb->protocol == htons(ETH_P_IP))
1035                 return tcp_v4_conn_request(sk, skb);
1036
1037         if (!ipv6_unicast_destination(skb))
1038                 goto drop;
1039
1040         return tcp_conn_request(&tcp6_request_sock_ops,
1041                                 &tcp_request_sock_ipv6_ops, sk, skb);
1042
1043 drop:
1044         tcp_listendrop(sk);
1045         return 0; /* don't send reset */
1046 }
1047
1048 static void tcp_v6_restore_cb(struct sk_buff *skb)
1049 {
1050         /* We need to move header back to the beginning if xfrm6_policy_check()
1051          * and tcp_v6_fill_cb() are going to be called again.
1052          * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there.
1053          */
1054         memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
1055                 sizeof(struct inet6_skb_parm));
1056 }
1057
1058 static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
1059                                          struct request_sock *req,
1060                                          struct dst_entry *dst,
1061                                          struct request_sock *req_unhash,
1062                                          bool *own_req)
1063 {
1064         struct inet_request_sock *ireq;
1065         struct ipv6_pinfo *newnp;
1066         const struct ipv6_pinfo *np = inet6_sk(sk);
1067         struct ipv6_txoptions *opt;
1068         struct tcp6_sock *newtcp6sk;
1069         struct inet_sock *newinet;
1070         struct tcp_sock *newtp;
1071         struct sock *newsk;
1072 #ifdef CONFIG_TCP_MD5SIG
1073         struct tcp_md5sig_key *key;
1074 #endif
1075         struct flowi6 fl6;
1076
1077         if (skb->protocol == htons(ETH_P_IP)) {
1078                 /*
1079                  *      v6 mapped
1080                  */
1081
1082                 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst,
1083                                              req_unhash, own_req);
1084
1085                 if (!newsk)
1086                         return NULL;
1087
1088                 newtcp6sk = (struct tcp6_sock *)newsk;
1089                 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1090
1091                 newinet = inet_sk(newsk);
1092                 newnp = inet6_sk(newsk);
1093                 newtp = tcp_sk(newsk);
1094
1095                 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1096
1097                 newnp->saddr = newsk->sk_v6_rcv_saddr;
1098
1099                 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1100                 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1101 #ifdef CONFIG_TCP_MD5SIG
1102                 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1103 #endif
1104
1105                 newnp->ipv6_mc_list = NULL;
1106                 newnp->ipv6_ac_list = NULL;
1107                 newnp->ipv6_fl_list = NULL;
1108                 newnp->pktoptions  = NULL;
1109                 newnp->opt         = NULL;
1110                 newnp->mcast_oif   = tcp_v6_iif(skb);
1111                 newnp->mcast_hops  = ipv6_hdr(skb)->hop_limit;
1112                 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1113                 if (np->repflow)
1114                         newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1115
1116                 /*
1117                  * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1118                  * here, tcp_create_openreq_child now does this for us, see the comment in
1119                  * that function for the gory details. -acme
1120                  */
1121
1122                 /* It is tricky place. Until this moment IPv4 tcp
1123                    worked with IPv6 icsk.icsk_af_ops.
1124                    Sync it now.
1125                  */
1126                 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1127
1128                 return newsk;
1129         }
1130
1131         ireq = inet_rsk(req);
1132
1133         if (sk_acceptq_is_full(sk))
1134                 goto out_overflow;
1135
1136         if (!dst) {
1137                 dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_TCP);
1138                 if (!dst)
1139                         goto out;
1140         }
1141
1142         newsk = tcp_create_openreq_child(sk, req, skb);
1143         if (!newsk)
1144                 goto out_nonewsk;
1145
1146         /*
1147          * No need to charge this sock to the relevant IPv6 refcnt debug socks
1148          * count here, tcp_create_openreq_child now does this for us, see the
1149          * comment in that function for the gory details. -acme
1150          */
1151
1152         newsk->sk_gso_type = SKB_GSO_TCPV6;
1153         ip6_dst_store(newsk, dst, NULL, NULL);
1154         inet6_sk_rx_dst_set(newsk, skb);
1155
1156         newtcp6sk = (struct tcp6_sock *)newsk;
1157         inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1158
1159         newtp = tcp_sk(newsk);
1160         newinet = inet_sk(newsk);
1161         newnp = inet6_sk(newsk);
1162
1163         memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1164
1165         newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
1166         newnp->saddr = ireq->ir_v6_loc_addr;
1167         newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
1168         newsk->sk_bound_dev_if = ireq->ir_iif;
1169
1170         /* Now IPv6 options...
1171
1172            First: no IPv4 options.
1173          */
1174         newinet->inet_opt = NULL;
1175         newnp->ipv6_mc_list = NULL;
1176         newnp->ipv6_ac_list = NULL;
1177         newnp->ipv6_fl_list = NULL;
1178
1179         /* Clone RX bits */
1180         newnp->rxopt.all = np->rxopt.all;
1181
1182         newnp->pktoptions = NULL;
1183         newnp->opt        = NULL;
1184         newnp->mcast_oif  = tcp_v6_iif(skb);
1185         newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1186         newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1187         if (np->repflow)
1188                 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1189
1190         /* Clone native IPv6 options from listening socket (if any)
1191
1192            Yes, keeping reference count would be much more clever,
1193            but we make one more one thing there: reattach optmem
1194            to newsk.
1195          */
1196         opt = ireq->ipv6_opt;
1197         if (!opt)
1198                 opt = rcu_dereference(np->opt);
1199         if (opt) {
1200                 opt = ipv6_dup_options(newsk, opt);
1201                 RCU_INIT_POINTER(newnp->opt, opt);
1202         }
1203         inet_csk(newsk)->icsk_ext_hdr_len = 0;
1204         if (opt)
1205                 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen +
1206                                                     opt->opt_flen;
1207
1208         tcp_ca_openreq_child(newsk, dst);
1209
1210         tcp_sync_mss(newsk, dst_mtu(dst));
1211         newtp->advmss = tcp_mss_clamp(tcp_sk(sk), dst_metric_advmss(dst));
1212
1213         tcp_initialize_rcv_mss(newsk);
1214
1215         newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1216         newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1217
1218 #ifdef CONFIG_TCP_MD5SIG
1219         /* Copy over the MD5 key from the original socket */
1220         key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr);
1221         if (key) {
1222                 /* We're using one, so create a matching key
1223                  * on the newsk structure. If we fail to get
1224                  * memory, then we end up not copying the key
1225                  * across. Shucks.
1226                  */
1227                 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr,
1228                                AF_INET6, 128, key->key, key->keylen,
1229                                sk_gfp_mask(sk, GFP_ATOMIC));
1230         }
1231 #endif
1232
1233         if (__inet_inherit_port(sk, newsk) < 0) {
1234                 inet_csk_prepare_forced_close(newsk);
1235                 tcp_done(newsk);
1236                 goto out;
1237         }
1238         *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash));
1239         if (*own_req) {
1240                 tcp_move_syn(newtp, req);
1241
1242                 /* Clone pktoptions received with SYN, if we own the req */
1243                 if (ireq->pktopts) {
1244                         newnp->pktoptions = skb_clone(ireq->pktopts,
1245                                                       sk_gfp_mask(sk, GFP_ATOMIC));
1246                         consume_skb(ireq->pktopts);
1247                         ireq->pktopts = NULL;
1248                         if (newnp->pktoptions) {
1249                                 tcp_v6_restore_cb(newnp->pktoptions);
1250                                 skb_set_owner_r(newnp->pktoptions, newsk);
1251                         }
1252                 }
1253         }
1254
1255         return newsk;
1256
1257 out_overflow:
1258         __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1259 out_nonewsk:
1260         dst_release(dst);
1261 out:
1262         tcp_listendrop(sk);
1263         return NULL;
1264 }
1265
1266 /* The socket must have it's spinlock held when we get
1267  * here, unless it is a TCP_LISTEN socket.
1268  *
1269  * We have a potential double-lock case here, so even when
1270  * doing backlog processing we use the BH locking scheme.
1271  * This is because we cannot sleep with the original spinlock
1272  * held.
1273  */
1274 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1275 {
1276         struct ipv6_pinfo *np = inet6_sk(sk);
1277         struct tcp_sock *tp;
1278         struct sk_buff *opt_skb = NULL;
1279
1280         /* Imagine: socket is IPv6. IPv4 packet arrives,
1281            goes to IPv4 receive handler and backlogged.
1282            From backlog it always goes here. Kerboom...
1283            Fortunately, tcp_rcv_established and rcv_established
1284            handle them correctly, but it is not case with
1285            tcp_v6_hnd_req and tcp_v6_send_reset().   --ANK
1286          */
1287
1288         if (skb->protocol == htons(ETH_P_IP))
1289                 return tcp_v4_do_rcv(sk, skb);
1290
1291         /*
1292          *      socket locking is here for SMP purposes as backlog rcv
1293          *      is currently called with bh processing disabled.
1294          */
1295
1296         /* Do Stevens' IPV6_PKTOPTIONS.
1297
1298            Yes, guys, it is the only place in our code, where we
1299            may make it not affecting IPv4.
1300            The rest of code is protocol independent,
1301            and I do not like idea to uglify IPv4.
1302
1303            Actually, all the idea behind IPV6_PKTOPTIONS
1304            looks not very well thought. For now we latch
1305            options, received in the last packet, enqueued
1306            by tcp. Feel free to propose better solution.
1307                                                --ANK (980728)
1308          */
1309         if (np->rxopt.all)
1310                 opt_skb = skb_clone(skb, sk_gfp_mask(sk, GFP_ATOMIC));
1311
1312         if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1313                 struct dst_entry *dst = sk->sk_rx_dst;
1314
1315                 sock_rps_save_rxhash(sk, skb);
1316                 sk_mark_napi_id(sk, skb);
1317                 if (dst) {
1318                         if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
1319                             dst->ops->check(dst, np->rx_dst_cookie) == NULL) {
1320                                 dst_release(dst);
1321                                 sk->sk_rx_dst = NULL;
1322                         }
1323                 }
1324
1325                 tcp_rcv_established(sk, skb);
1326                 if (opt_skb)
1327                         goto ipv6_pktoptions;
1328                 return 0;
1329         }
1330
1331         if (tcp_checksum_complete(skb))
1332                 goto csum_err;
1333
1334         if (sk->sk_state == TCP_LISTEN) {
1335                 struct sock *nsk = tcp_v6_cookie_check(sk, skb);
1336
1337                 if (!nsk)
1338                         goto discard;
1339
1340                 if (nsk != sk) {
1341                         if (tcp_child_process(sk, nsk, skb))
1342                                 goto reset;
1343                         if (opt_skb)
1344                                 __kfree_skb(opt_skb);
1345                         return 0;
1346                 }
1347         } else
1348                 sock_rps_save_rxhash(sk, skb);
1349
1350         if (tcp_rcv_state_process(sk, skb))
1351                 goto reset;
1352         if (opt_skb)
1353                 goto ipv6_pktoptions;
1354         return 0;
1355
1356 reset:
1357         tcp_v6_send_reset(sk, skb);
1358 discard:
1359         if (opt_skb)
1360                 __kfree_skb(opt_skb);
1361         kfree_skb(skb);
1362         return 0;
1363 csum_err:
1364         TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS);
1365         TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS);
1366         goto discard;
1367
1368
1369 ipv6_pktoptions:
1370         /* Do you ask, what is it?
1371
1372            1. skb was enqueued by tcp.
1373            2. skb is added to tail of read queue, rather than out of order.
1374            3. socket is not in passive state.
1375            4. Finally, it really contains options, which user wants to receive.
1376          */
1377         tp = tcp_sk(sk);
1378         if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1379             !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1380                 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1381                         np->mcast_oif = tcp_v6_iif(opt_skb);
1382                 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1383                         np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1384                 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
1385                         np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
1386                 if (np->repflow)
1387                         np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
1388                 if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) {
1389                         skb_set_owner_r(opt_skb, sk);
1390                         tcp_v6_restore_cb(opt_skb);
1391                         opt_skb = xchg(&np->pktoptions, opt_skb);
1392                 } else {
1393                         __kfree_skb(opt_skb);
1394                         opt_skb = xchg(&np->pktoptions, NULL);
1395                 }
1396         }
1397
1398         kfree_skb(opt_skb);
1399         return 0;
1400 }
1401
1402 static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
1403                            const struct tcphdr *th)
1404 {
1405         /* This is tricky: we move IP6CB at its correct location into
1406          * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
1407          * _decode_session6() uses IP6CB().
1408          * barrier() makes sure compiler won't play aliasing games.
1409          */
1410         memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
1411                 sizeof(struct inet6_skb_parm));
1412         barrier();
1413
1414         TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1415         TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1416                                     skb->len - th->doff*4);
1417         TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1418         TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1419         TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1420         TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1421         TCP_SKB_CB(skb)->sacked = 0;
1422         TCP_SKB_CB(skb)->has_rxtstamp =
1423                         skb->tstamp || skb_hwtstamps(skb)->hwtstamp;
1424 }
1425
1426 static int tcp_v6_rcv(struct sk_buff *skb)
1427 {
1428         int sdif = inet6_sdif(skb);
1429         const struct tcphdr *th;
1430         const struct ipv6hdr *hdr;
1431         bool refcounted;
1432         struct sock *sk;
1433         int ret;
1434         struct net *net = dev_net(skb->dev);
1435
1436         if (skb->pkt_type != PACKET_HOST)
1437                 goto discard_it;
1438
1439         /*
1440          *      Count it even if it's bad.
1441          */
1442         __TCP_INC_STATS(net, TCP_MIB_INSEGS);
1443
1444         if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1445                 goto discard_it;
1446
1447         th = (const struct tcphdr *)skb->data;
1448
1449         if (unlikely(th->doff < sizeof(struct tcphdr)/4))
1450                 goto bad_packet;
1451         if (!pskb_may_pull(skb, th->doff*4))
1452                 goto discard_it;
1453
1454         if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo))
1455                 goto csum_error;
1456
1457         th = (const struct tcphdr *)skb->data;
1458         hdr = ipv6_hdr(skb);
1459
1460 lookup:
1461         sk = __inet6_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th),
1462                                 th->source, th->dest, inet6_iif(skb), sdif,
1463                                 &refcounted);
1464         if (!sk)
1465                 goto no_tcp_socket;
1466
1467 process:
1468         if (sk->sk_state == TCP_TIME_WAIT)
1469                 goto do_time_wait;
1470
1471         if (sk->sk_state == TCP_NEW_SYN_RECV) {
1472                 struct request_sock *req = inet_reqsk(sk);
1473                 bool req_stolen = false;
1474                 struct sock *nsk;
1475
1476                 sk = req->rsk_listener;
1477                 if (tcp_v6_inbound_md5_hash(sk, skb)) {
1478                         sk_drops_add(sk, skb);
1479                         reqsk_put(req);
1480                         goto discard_it;
1481                 }
1482                 if (unlikely(sk->sk_state != TCP_LISTEN)) {
1483                         inet_csk_reqsk_queue_drop_and_put(sk, req);
1484                         goto lookup;
1485                 }
1486                 sock_hold(sk);
1487                 refcounted = true;
1488                 nsk = NULL;
1489                 if (!tcp_filter(sk, skb)) {
1490                         th = (const struct tcphdr *)skb->data;
1491                         hdr = ipv6_hdr(skb);
1492                         tcp_v6_fill_cb(skb, hdr, th);
1493                         nsk = tcp_check_req(sk, skb, req, false, &req_stolen);
1494                 }
1495                 if (!nsk) {
1496                         reqsk_put(req);
1497                         if (req_stolen) {
1498                                 /* Another cpu got exclusive access to req
1499                                  * and created a full blown socket.
1500                                  * Try to feed this packet to this socket
1501                                  * instead of discarding it.
1502                                  */
1503                                 tcp_v6_restore_cb(skb);
1504                                 sock_put(sk);
1505                                 goto lookup;
1506                         }
1507                         goto discard_and_relse;
1508                 }
1509                 if (nsk == sk) {
1510                         reqsk_put(req);
1511                         tcp_v6_restore_cb(skb);
1512                 } else if (tcp_child_process(sk, nsk, skb)) {
1513                         tcp_v6_send_reset(nsk, skb);
1514                         goto discard_and_relse;
1515                 } else {
1516                         sock_put(sk);
1517                         return 0;
1518                 }
1519         }
1520         if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
1521                 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
1522                 goto discard_and_relse;
1523         }
1524
1525         if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1526                 goto discard_and_relse;
1527
1528         if (tcp_v6_inbound_md5_hash(sk, skb))
1529                 goto discard_and_relse;
1530
1531         if (tcp_filter(sk, skb))
1532                 goto discard_and_relse;
1533         th = (const struct tcphdr *)skb->data;
1534         hdr = ipv6_hdr(skb);
1535         tcp_v6_fill_cb(skb, hdr, th);
1536
1537         skb->dev = NULL;
1538
1539         if (sk->sk_state == TCP_LISTEN) {
1540                 ret = tcp_v6_do_rcv(sk, skb);
1541                 goto put_and_return;
1542         }
1543
1544         sk_incoming_cpu_update(sk);
1545
1546         bh_lock_sock_nested(sk);
1547         tcp_segs_in(tcp_sk(sk), skb);
1548         ret = 0;
1549         if (!sock_owned_by_user(sk)) {
1550                 ret = tcp_v6_do_rcv(sk, skb);
1551         } else if (tcp_add_backlog(sk, skb)) {
1552                 goto discard_and_relse;
1553         }
1554         bh_unlock_sock(sk);
1555
1556 put_and_return:
1557         if (refcounted)
1558                 sock_put(sk);
1559         return ret ? -1 : 0;
1560
1561 no_tcp_socket:
1562         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1563                 goto discard_it;
1564
1565         tcp_v6_fill_cb(skb, hdr, th);
1566
1567         if (tcp_checksum_complete(skb)) {
1568 csum_error:
1569                 __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS);
1570 bad_packet:
1571                 __TCP_INC_STATS(net, TCP_MIB_INERRS);
1572         } else {
1573                 tcp_v6_send_reset(NULL, skb);
1574         }
1575
1576 discard_it:
1577         kfree_skb(skb);
1578         return 0;
1579
1580 discard_and_relse:
1581         sk_drops_add(sk, skb);
1582         if (refcounted)
1583                 sock_put(sk);
1584         goto discard_it;
1585
1586 do_time_wait:
1587         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1588                 inet_twsk_put(inet_twsk(sk));
1589                 goto discard_it;
1590         }
1591
1592         tcp_v6_fill_cb(skb, hdr, th);
1593
1594         if (tcp_checksum_complete(skb)) {
1595                 inet_twsk_put(inet_twsk(sk));
1596                 goto csum_error;
1597         }
1598
1599         switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1600         case TCP_TW_SYN:
1601         {
1602                 struct sock *sk2;
1603
1604                 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1605                                             skb, __tcp_hdrlen(th),
1606                                             &ipv6_hdr(skb)->saddr, th->source,
1607                                             &ipv6_hdr(skb)->daddr,
1608                                             ntohs(th->dest), tcp_v6_iif(skb),
1609                                             sdif);
1610                 if (sk2) {
1611                         struct inet_timewait_sock *tw = inet_twsk(sk);
1612                         inet_twsk_deschedule_put(tw);
1613                         sk = sk2;
1614                         tcp_v6_restore_cb(skb);
1615                         refcounted = false;
1616                         goto process;
1617                 }
1618         }
1619                 /* to ACK */
1620                 /* fall through */
1621         case TCP_TW_ACK:
1622                 tcp_v6_timewait_ack(sk, skb);
1623                 break;
1624         case TCP_TW_RST:
1625                 tcp_v6_send_reset(sk, skb);
1626                 inet_twsk_deschedule_put(inet_twsk(sk));
1627                 goto discard_it;
1628         case TCP_TW_SUCCESS:
1629                 ;
1630         }
1631         goto discard_it;
1632 }
1633
1634 static void tcp_v6_early_demux(struct sk_buff *skb)
1635 {
1636         const struct ipv6hdr *hdr;
1637         const struct tcphdr *th;
1638         struct sock *sk;
1639
1640         if (skb->pkt_type != PACKET_HOST)
1641                 return;
1642
1643         if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1644                 return;
1645
1646         hdr = ipv6_hdr(skb);
1647         th = tcp_hdr(skb);
1648
1649         if (th->doff < sizeof(struct tcphdr) / 4)
1650                 return;
1651
1652         /* Note : We use inet6_iif() here, not tcp_v6_iif() */
1653         sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1654                                         &hdr->saddr, th->source,
1655                                         &hdr->daddr, ntohs(th->dest),
1656                                         inet6_iif(skb), inet6_sdif(skb));
1657         if (sk) {
1658                 skb->sk = sk;
1659                 skb->destructor = sock_edemux;
1660                 if (sk_fullsock(sk)) {
1661                         struct dst_entry *dst = READ_ONCE(sk->sk_rx_dst);
1662
1663                         if (dst)
1664                                 dst = dst_check(dst, inet6_sk(sk)->rx_dst_cookie);
1665                         if (dst &&
1666                             inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
1667                                 skb_dst_set_noref(skb, dst);
1668                 }
1669         }
1670 }
1671
1672 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1673         .twsk_obj_size  = sizeof(struct tcp6_timewait_sock),
1674         .twsk_unique    = tcp_twsk_unique,
1675         .twsk_destructor = tcp_twsk_destructor,
1676 };
1677
1678 static const struct inet_connection_sock_af_ops ipv6_specific = {
1679         .queue_xmit        = inet6_csk_xmit,
1680         .send_check        = tcp_v6_send_check,
1681         .rebuild_header    = inet6_sk_rebuild_header,
1682         .sk_rx_dst_set     = inet6_sk_rx_dst_set,
1683         .conn_request      = tcp_v6_conn_request,
1684         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1685         .net_header_len    = sizeof(struct ipv6hdr),
1686         .net_frag_header_len = sizeof(struct frag_hdr),
1687         .setsockopt        = ipv6_setsockopt,
1688         .getsockopt        = ipv6_getsockopt,
1689         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1690         .sockaddr_len      = sizeof(struct sockaddr_in6),
1691 #ifdef CONFIG_COMPAT
1692         .compat_setsockopt = compat_ipv6_setsockopt,
1693         .compat_getsockopt = compat_ipv6_getsockopt,
1694 #endif
1695         .mtu_reduced       = tcp_v6_mtu_reduced,
1696 };
1697
1698 #ifdef CONFIG_TCP_MD5SIG
1699 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1700         .md5_lookup     =       tcp_v6_md5_lookup,
1701         .calc_md5_hash  =       tcp_v6_md5_hash_skb,
1702         .md5_parse      =       tcp_v6_parse_md5_keys,
1703 };
1704 #endif
1705
1706 /*
1707  *      TCP over IPv4 via INET6 API
1708  */
1709 static const struct inet_connection_sock_af_ops ipv6_mapped = {
1710         .queue_xmit        = ip_queue_xmit,
1711         .send_check        = tcp_v4_send_check,
1712         .rebuild_header    = inet_sk_rebuild_header,
1713         .sk_rx_dst_set     = inet_sk_rx_dst_set,
1714         .conn_request      = tcp_v6_conn_request,
1715         .syn_recv_sock     = tcp_v6_syn_recv_sock,
1716         .net_header_len    = sizeof(struct iphdr),
1717         .setsockopt        = ipv6_setsockopt,
1718         .getsockopt        = ipv6_getsockopt,
1719         .addr2sockaddr     = inet6_csk_addr2sockaddr,
1720         .sockaddr_len      = sizeof(struct sockaddr_in6),
1721 #ifdef CONFIG_COMPAT
1722         .compat_setsockopt = compat_ipv6_setsockopt,
1723         .compat_getsockopt = compat_ipv6_getsockopt,
1724 #endif
1725         .mtu_reduced       = tcp_v4_mtu_reduced,
1726 };
1727
1728 #ifdef CONFIG_TCP_MD5SIG
1729 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1730         .md5_lookup     =       tcp_v4_md5_lookup,
1731         .calc_md5_hash  =       tcp_v4_md5_hash_skb,
1732         .md5_parse      =       tcp_v6_parse_md5_keys,
1733 };
1734 #endif
1735
1736 /* NOTE: A lot of things set to zero explicitly by call to
1737  *       sk_alloc() so need not be done here.
1738  */
1739 static int tcp_v6_init_sock(struct sock *sk)
1740 {
1741         struct inet_connection_sock *icsk = inet_csk(sk);
1742
1743         tcp_init_sock(sk);
1744
1745         icsk->icsk_af_ops = &ipv6_specific;
1746
1747 #ifdef CONFIG_TCP_MD5SIG
1748         tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
1749 #endif
1750
1751         return 0;
1752 }
1753
1754 static void tcp_v6_destroy_sock(struct sock *sk)
1755 {
1756         tcp_v4_destroy_sock(sk);
1757         inet6_destroy_sock(sk);
1758 }
1759
1760 #ifdef CONFIG_PROC_FS
1761 /* Proc filesystem TCPv6 sock list dumping. */
1762 static void get_openreq6(struct seq_file *seq,
1763                          const struct request_sock *req, int i)
1764 {
1765         long ttd = req->rsk_timer.expires - jiffies;
1766         const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
1767         const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
1768
1769         if (ttd < 0)
1770                 ttd = 0;
1771
1772         seq_printf(seq,
1773                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1774                    "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
1775                    i,
1776                    src->s6_addr32[0], src->s6_addr32[1],
1777                    src->s6_addr32[2], src->s6_addr32[3],
1778                    inet_rsk(req)->ir_num,
1779                    dest->s6_addr32[0], dest->s6_addr32[1],
1780                    dest->s6_addr32[2], dest->s6_addr32[3],
1781                    ntohs(inet_rsk(req)->ir_rmt_port),
1782                    TCP_SYN_RECV,
1783                    0, 0, /* could print option size, but that is af dependent. */
1784                    1,   /* timers active (only the expire timer) */
1785                    jiffies_to_clock_t(ttd),
1786                    req->num_timeout,
1787                    from_kuid_munged(seq_user_ns(seq),
1788                                     sock_i_uid(req->rsk_listener)),
1789                    0,  /* non standard timer */
1790                    0, /* open_requests have no inode */
1791                    0, req);
1792 }
1793
1794 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1795 {
1796         const struct in6_addr *dest, *src;
1797         __u16 destp, srcp;
1798         int timer_active;
1799         unsigned long timer_expires;
1800         const struct inet_sock *inet = inet_sk(sp);
1801         const struct tcp_sock *tp = tcp_sk(sp);
1802         const struct inet_connection_sock *icsk = inet_csk(sp);
1803         const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq;
1804         int rx_queue;
1805         int state;
1806
1807         dest  = &sp->sk_v6_daddr;
1808         src   = &sp->sk_v6_rcv_saddr;
1809         destp = ntohs(inet->inet_dport);
1810         srcp  = ntohs(inet->inet_sport);
1811
1812         if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
1813             icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT ||
1814             icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
1815                 timer_active    = 1;
1816                 timer_expires   = icsk->icsk_timeout;
1817         } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1818                 timer_active    = 4;
1819                 timer_expires   = icsk->icsk_timeout;
1820         } else if (timer_pending(&sp->sk_timer)) {
1821                 timer_active    = 2;
1822                 timer_expires   = sp->sk_timer.expires;
1823         } else {
1824                 timer_active    = 0;
1825                 timer_expires = jiffies;
1826         }
1827
1828         state = inet_sk_state_load(sp);
1829         if (state == TCP_LISTEN)
1830                 rx_queue = sp->sk_ack_backlog;
1831         else
1832                 /* Because we don't lock the socket,
1833                  * we might find a transient negative value.
1834                  */
1835                 rx_queue = max_t(int, tp->rcv_nxt - tp->copied_seq, 0);
1836
1837         seq_printf(seq,
1838                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1839                    "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
1840                    i,
1841                    src->s6_addr32[0], src->s6_addr32[1],
1842                    src->s6_addr32[2], src->s6_addr32[3], srcp,
1843                    dest->s6_addr32[0], dest->s6_addr32[1],
1844                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
1845                    state,
1846                    tp->write_seq - tp->snd_una,
1847                    rx_queue,
1848                    timer_active,
1849                    jiffies_delta_to_clock_t(timer_expires - jiffies),
1850                    icsk->icsk_retransmits,
1851                    from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
1852                    icsk->icsk_probes_out,
1853                    sock_i_ino(sp),
1854                    refcount_read(&sp->sk_refcnt), sp,
1855                    jiffies_to_clock_t(icsk->icsk_rto),
1856                    jiffies_to_clock_t(icsk->icsk_ack.ato),
1857                    (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
1858                    tp->snd_cwnd,
1859                    state == TCP_LISTEN ?
1860                         fastopenq->max_qlen :
1861                         (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
1862                    );
1863 }
1864
1865 static void get_timewait6_sock(struct seq_file *seq,
1866                                struct inet_timewait_sock *tw, int i)
1867 {
1868         long delta = tw->tw_timer.expires - jiffies;
1869         const struct in6_addr *dest, *src;
1870         __u16 destp, srcp;
1871
1872         dest = &tw->tw_v6_daddr;
1873         src  = &tw->tw_v6_rcv_saddr;
1874         destp = ntohs(tw->tw_dport);
1875         srcp  = ntohs(tw->tw_sport);
1876
1877         seq_printf(seq,
1878                    "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1879                    "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1880                    i,
1881                    src->s6_addr32[0], src->s6_addr32[1],
1882                    src->s6_addr32[2], src->s6_addr32[3], srcp,
1883                    dest->s6_addr32[0], dest->s6_addr32[1],
1884                    dest->s6_addr32[2], dest->s6_addr32[3], destp,
1885                    tw->tw_substate, 0, 0,
1886                    3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
1887                    refcount_read(&tw->tw_refcnt), tw);
1888 }
1889
1890 static int tcp6_seq_show(struct seq_file *seq, void *v)
1891 {
1892         struct tcp_iter_state *st;
1893         struct sock *sk = v;
1894
1895         if (v == SEQ_START_TOKEN) {
1896                 seq_puts(seq,
1897                          "  sl  "
1898                          "local_address                         "
1899                          "remote_address                        "
1900                          "st tx_queue rx_queue tr tm->when retrnsmt"
1901                          "   uid  timeout inode\n");
1902                 goto out;
1903         }
1904         st = seq->private;
1905
1906         if (sk->sk_state == TCP_TIME_WAIT)
1907                 get_timewait6_sock(seq, v, st->num);
1908         else if (sk->sk_state == TCP_NEW_SYN_RECV)
1909                 get_openreq6(seq, v, st->num);
1910         else
1911                 get_tcp6_sock(seq, v, st->num);
1912 out:
1913         return 0;
1914 }
1915
1916 static const struct seq_operations tcp6_seq_ops = {
1917         .show           = tcp6_seq_show,
1918         .start          = tcp_seq_start,
1919         .next           = tcp_seq_next,
1920         .stop           = tcp_seq_stop,
1921 };
1922
1923 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1924         .family         = AF_INET6,
1925 };
1926
1927 int __net_init tcp6_proc_init(struct net *net)
1928 {
1929         if (!proc_create_net_data("tcp6", 0444, net->proc_net, &tcp6_seq_ops,
1930                         sizeof(struct tcp_iter_state), &tcp6_seq_afinfo))
1931                 return -ENOMEM;
1932         return 0;
1933 }
1934
1935 void tcp6_proc_exit(struct net *net)
1936 {
1937         remove_proc_entry("tcp6", net->proc_net);
1938 }
1939 #endif
1940
1941 struct proto tcpv6_prot = {
1942         .name                   = "TCPv6",
1943         .owner                  = THIS_MODULE,
1944         .close                  = tcp_close,
1945         .pre_connect            = tcp_v6_pre_connect,
1946         .connect                = tcp_v6_connect,
1947         .disconnect             = tcp_disconnect,
1948         .accept                 = inet_csk_accept,
1949         .ioctl                  = tcp_ioctl,
1950         .init                   = tcp_v6_init_sock,
1951         .destroy                = tcp_v6_destroy_sock,
1952         .shutdown               = tcp_shutdown,
1953         .setsockopt             = tcp_setsockopt,
1954         .getsockopt             = tcp_getsockopt,
1955         .keepalive              = tcp_set_keepalive,
1956         .recvmsg                = tcp_recvmsg,
1957         .sendmsg                = tcp_sendmsg,
1958         .sendpage               = tcp_sendpage,
1959         .backlog_rcv            = tcp_v6_do_rcv,
1960         .release_cb             = tcp_release_cb,
1961         .hash                   = inet6_hash,
1962         .unhash                 = inet_unhash,
1963         .get_port               = inet_csk_get_port,
1964         .enter_memory_pressure  = tcp_enter_memory_pressure,
1965         .leave_memory_pressure  = tcp_leave_memory_pressure,
1966         .stream_memory_free     = tcp_stream_memory_free,
1967         .sockets_allocated      = &tcp_sockets_allocated,
1968         .memory_allocated       = &tcp_memory_allocated,
1969         .memory_pressure        = &tcp_memory_pressure,
1970         .orphan_count           = &tcp_orphan_count,
1971         .sysctl_mem             = sysctl_tcp_mem,
1972         .sysctl_wmem_offset     = offsetof(struct net, ipv4.sysctl_tcp_wmem),
1973         .sysctl_rmem_offset     = offsetof(struct net, ipv4.sysctl_tcp_rmem),
1974         .max_header             = MAX_TCP_HEADER,
1975         .obj_size               = sizeof(struct tcp6_sock),
1976         .slab_flags             = SLAB_TYPESAFE_BY_RCU,
1977         .twsk_prot              = &tcp6_timewait_sock_ops,
1978         .rsk_prot               = &tcp6_request_sock_ops,
1979         .h.hashinfo             = &tcp_hashinfo,
1980         .no_autobind            = true,
1981 #ifdef CONFIG_COMPAT
1982         .compat_setsockopt      = compat_tcp_setsockopt,
1983         .compat_getsockopt      = compat_tcp_getsockopt,
1984 #endif
1985         .diag_destroy           = tcp_abort,
1986 };
1987
1988 /* thinking of making this const? Don't.
1989  * early_demux can change based on sysctl.
1990  */
1991 static struct inet6_protocol tcpv6_protocol = {
1992         .early_demux    =       tcp_v6_early_demux,
1993         .early_demux_handler =  tcp_v6_early_demux,
1994         .handler        =       tcp_v6_rcv,
1995         .err_handler    =       tcp_v6_err,
1996         .flags          =       INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1997 };
1998
1999 static struct inet_protosw tcpv6_protosw = {
2000         .type           =       SOCK_STREAM,
2001         .protocol       =       IPPROTO_TCP,
2002         .prot           =       &tcpv6_prot,
2003         .ops            =       &inet6_stream_ops,
2004         .flags          =       INET_PROTOSW_PERMANENT |
2005                                 INET_PROTOSW_ICSK,
2006 };
2007
2008 static int __net_init tcpv6_net_init(struct net *net)
2009 {
2010         return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2011                                     SOCK_RAW, IPPROTO_TCP, net);
2012 }
2013
2014 static void __net_exit tcpv6_net_exit(struct net *net)
2015 {
2016         inet_ctl_sock_destroy(net->ipv6.tcp_sk);
2017 }
2018
2019 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
2020 {
2021         inet_twsk_purge(&tcp_hashinfo, AF_INET6);
2022 }
2023
2024 static struct pernet_operations tcpv6_net_ops = {
2025         .init       = tcpv6_net_init,
2026         .exit       = tcpv6_net_exit,
2027         .exit_batch = tcpv6_net_exit_batch,
2028 };
2029
2030 int __init tcpv6_init(void)
2031 {
2032         int ret;
2033
2034         ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2035         if (ret)
2036                 goto out;
2037
2038         /* register inet6 protocol */
2039         ret = inet6_register_protosw(&tcpv6_protosw);
2040         if (ret)
2041                 goto out_tcpv6_protocol;
2042
2043         ret = register_pernet_subsys(&tcpv6_net_ops);
2044         if (ret)
2045                 goto out_tcpv6_protosw;
2046 out:
2047         return ret;
2048
2049 out_tcpv6_protosw:
2050         inet6_unregister_protosw(&tcpv6_protosw);
2051 out_tcpv6_protocol:
2052         inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2053         goto out;
2054 }
2055
2056 void tcpv6_exit(void)
2057 {
2058         unregister_pernet_subsys(&tcpv6_net_ops);
2059         inet6_unregister_protosw(&tcpv6_protosw);
2060         inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2061 }