Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * ip_vs_xmit.c: various packet transmitters for IPVS | |
3 | * | |
1da177e4 LT |
4 | * Authors: Wensong Zhang <wensong@linuxvirtualserver.org> |
5 | * Julian Anastasov <ja@ssi.bg> | |
6 | * | |
7 | * This program is free software; you can redistribute it and/or | |
8 | * modify it under the terms of the GNU General Public License | |
9 | * as published by the Free Software Foundation; either version | |
10 | * 2 of the License, or (at your option) any later version. | |
11 | * | |
12 | * Changes: | |
13 | * | |
14 | */ | |
15 | ||
16 | #include <linux/kernel.h> | |
1da177e4 | 17 | #include <linux/tcp.h> /* for tcphdr */ |
c439cb2e | 18 | #include <net/ip.h> |
1da177e4 LT |
19 | #include <net/tcp.h> /* for csum_tcpudp_magic */ |
20 | #include <net/udp.h> | |
21 | #include <net/icmp.h> /* for icmp_send */ | |
22 | #include <net/route.h> /* for ip_route_output */ | |
23 | #include <linux/netfilter.h> | |
24 | #include <linux/netfilter_ipv4.h> | |
25 | ||
26 | #include <net/ip_vs.h> | |
27 | ||
28 | ||
29 | /* | |
30 | * Destination cache to speed up outgoing route lookup | |
31 | */ | |
32 | static inline void | |
33 | __ip_vs_dst_set(struct ip_vs_dest *dest, u32 rtos, struct dst_entry *dst) | |
34 | { | |
35 | struct dst_entry *old_dst; | |
36 | ||
37 | old_dst = dest->dst_cache; | |
38 | dest->dst_cache = dst; | |
39 | dest->dst_rtos = rtos; | |
40 | dst_release(old_dst); | |
41 | } | |
42 | ||
43 | static inline struct dst_entry * | |
44 | __ip_vs_dst_check(struct ip_vs_dest *dest, u32 rtos, u32 cookie) | |
45 | { | |
46 | struct dst_entry *dst = dest->dst_cache; | |
47 | ||
48 | if (!dst) | |
49 | return NULL; | |
50 | if ((dst->obsolete || rtos != dest->dst_rtos) && | |
51 | dst->ops->check(dst, cookie) == NULL) { | |
52 | dest->dst_cache = NULL; | |
53 | dst_release(dst); | |
54 | return NULL; | |
55 | } | |
56 | dst_hold(dst); | |
57 | return dst; | |
58 | } | |
59 | ||
ad1b30b1 | 60 | static struct rtable * |
1da177e4 LT |
61 | __ip_vs_get_out_rt(struct ip_vs_conn *cp, u32 rtos) |
62 | { | |
63 | struct rtable *rt; /* Route to the other host */ | |
64 | struct ip_vs_dest *dest = cp->dest; | |
65 | ||
66 | if (dest) { | |
67 | spin_lock(&dest->dst_lock); | |
68 | if (!(rt = (struct rtable *) | |
69 | __ip_vs_dst_check(dest, rtos, 0))) { | |
70 | struct flowi fl = { | |
71 | .oif = 0, | |
72 | .nl_u = { | |
73 | .ip4_u = { | |
74 | .daddr = dest->addr, | |
75 | .saddr = 0, | |
76 | .tos = rtos, } }, | |
77 | }; | |
78 | ||
f206351a | 79 | if (ip_route_output_key(&init_net, &rt, &fl)) { |
1da177e4 LT |
80 | spin_unlock(&dest->dst_lock); |
81 | IP_VS_DBG_RL("ip_route_output error, " | |
82 | "dest: %u.%u.%u.%u\n", | |
83 | NIPQUAD(dest->addr)); | |
84 | return NULL; | |
85 | } | |
86 | __ip_vs_dst_set(dest, rtos, dst_clone(&rt->u.dst)); | |
87 | IP_VS_DBG(10, "new dst %u.%u.%u.%u, refcnt=%d, rtos=%X\n", | |
88 | NIPQUAD(dest->addr), | |
89 | atomic_read(&rt->u.dst.__refcnt), rtos); | |
90 | } | |
91 | spin_unlock(&dest->dst_lock); | |
92 | } else { | |
93 | struct flowi fl = { | |
94 | .oif = 0, | |
95 | .nl_u = { | |
96 | .ip4_u = { | |
97 | .daddr = cp->daddr, | |
98 | .saddr = 0, | |
99 | .tos = rtos, } }, | |
100 | }; | |
101 | ||
f206351a | 102 | if (ip_route_output_key(&init_net, &rt, &fl)) { |
1da177e4 LT |
103 | IP_VS_DBG_RL("ip_route_output error, dest: " |
104 | "%u.%u.%u.%u\n", NIPQUAD(cp->daddr)); | |
105 | return NULL; | |
106 | } | |
107 | } | |
108 | ||
109 | return rt; | |
110 | } | |
111 | ||
112 | ||
113 | /* | |
114 | * Release dest->dst_cache before a dest is removed | |
115 | */ | |
116 | void | |
117 | ip_vs_dst_reset(struct ip_vs_dest *dest) | |
118 | { | |
119 | struct dst_entry *old_dst; | |
120 | ||
121 | old_dst = dest->dst_cache; | |
122 | dest->dst_cache = NULL; | |
123 | dst_release(old_dst); | |
124 | } | |
125 | ||
126 | #define IP_VS_XMIT(skb, rt) \ | |
127 | do { \ | |
6869c4d8 | 128 | (skb)->ipvs_property = 1; \ |
ccc7911f | 129 | skb_forward_csum(skb); \ |
6e23ae2a | 130 | NF_HOOK(PF_INET, NF_INET_LOCAL_OUT, (skb), NULL, \ |
1da177e4 LT |
131 | (rt)->u.dst.dev, dst_output); \ |
132 | } while (0) | |
133 | ||
134 | ||
135 | /* | |
136 | * NULL transmitter (do nothing except return NF_ACCEPT) | |
137 | */ | |
138 | int | |
139 | ip_vs_null_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |
140 | struct ip_vs_protocol *pp) | |
141 | { | |
142 | /* we do not touch skb and do not need pskb ptr */ | |
143 | return NF_ACCEPT; | |
144 | } | |
145 | ||
146 | ||
147 | /* | |
148 | * Bypass transmitter | |
149 | * Let packets bypass the destination when the destination is not | |
150 | * available, it may be only used in transparent cache cluster. | |
151 | */ | |
152 | int | |
153 | ip_vs_bypass_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |
154 | struct ip_vs_protocol *pp) | |
155 | { | |
156 | struct rtable *rt; /* Route to the other host */ | |
eddc9ec5 | 157 | struct iphdr *iph = ip_hdr(skb); |
1da177e4 LT |
158 | u8 tos = iph->tos; |
159 | int mtu; | |
160 | struct flowi fl = { | |
161 | .oif = 0, | |
162 | .nl_u = { | |
163 | .ip4_u = { | |
164 | .daddr = iph->daddr, | |
165 | .saddr = 0, | |
166 | .tos = RT_TOS(tos), } }, | |
167 | }; | |
168 | ||
169 | EnterFunction(10); | |
170 | ||
f206351a | 171 | if (ip_route_output_key(&init_net, &rt, &fl)) { |
1da177e4 LT |
172 | IP_VS_DBG_RL("ip_vs_bypass_xmit(): ip_route_output error, " |
173 | "dest: %u.%u.%u.%u\n", NIPQUAD(iph->daddr)); | |
174 | goto tx_error_icmp; | |
175 | } | |
176 | ||
177 | /* MTU checking */ | |
178 | mtu = dst_mtu(&rt->u.dst); | |
4412ec49 | 179 | if ((skb->len > mtu) && (iph->frag_off & htons(IP_DF))) { |
1da177e4 LT |
180 | ip_rt_put(rt); |
181 | icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu)); | |
182 | IP_VS_DBG_RL("ip_vs_bypass_xmit(): frag needed\n"); | |
183 | goto tx_error; | |
184 | } | |
185 | ||
186 | /* | |
187 | * Call ip_send_check because we are not sure it is called | |
188 | * after ip_defrag. Is copy-on-write needed? | |
189 | */ | |
190 | if (unlikely((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)) { | |
191 | ip_rt_put(rt); | |
192 | return NF_STOLEN; | |
193 | } | |
eddc9ec5 | 194 | ip_send_check(ip_hdr(skb)); |
1da177e4 LT |
195 | |
196 | /* drop old route */ | |
197 | dst_release(skb->dst); | |
198 | skb->dst = &rt->u.dst; | |
199 | ||
200 | /* Another hack: avoid icmp_send in ip_fragment */ | |
201 | skb->local_df = 1; | |
202 | ||
203 | IP_VS_XMIT(skb, rt); | |
204 | ||
205 | LeaveFunction(10); | |
206 | return NF_STOLEN; | |
207 | ||
208 | tx_error_icmp: | |
209 | dst_link_failure(skb); | |
210 | tx_error: | |
211 | kfree_skb(skb); | |
212 | LeaveFunction(10); | |
213 | return NF_STOLEN; | |
214 | } | |
215 | ||
216 | ||
217 | /* | |
218 | * NAT transmitter (only for outside-to-inside nat forwarding) | |
219 | * Not used for related ICMP | |
220 | */ | |
221 | int | |
222 | ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |
223 | struct ip_vs_protocol *pp) | |
224 | { | |
225 | struct rtable *rt; /* Route to the other host */ | |
226 | int mtu; | |
eddc9ec5 | 227 | struct iphdr *iph = ip_hdr(skb); |
1da177e4 LT |
228 | |
229 | EnterFunction(10); | |
230 | ||
231 | /* check if it is a connection of no-client-port */ | |
232 | if (unlikely(cp->flags & IP_VS_CONN_F_NO_CPORT)) { | |
014d730d | 233 | __be16 _pt, *p; |
1da177e4 LT |
234 | p = skb_header_pointer(skb, iph->ihl*4, sizeof(_pt), &_pt); |
235 | if (p == NULL) | |
236 | goto tx_error; | |
237 | ip_vs_conn_fill_cport(cp, *p); | |
238 | IP_VS_DBG(10, "filled cport=%d\n", ntohs(*p)); | |
239 | } | |
240 | ||
241 | if (!(rt = __ip_vs_get_out_rt(cp, RT_TOS(iph->tos)))) | |
242 | goto tx_error_icmp; | |
243 | ||
244 | /* MTU checking */ | |
245 | mtu = dst_mtu(&rt->u.dst); | |
4412ec49 | 246 | if ((skb->len > mtu) && (iph->frag_off & htons(IP_DF))) { |
1da177e4 LT |
247 | ip_rt_put(rt); |
248 | icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu)); | |
249 | IP_VS_DBG_RL_PKT(0, pp, skb, 0, "ip_vs_nat_xmit(): frag needed for"); | |
250 | goto tx_error; | |
251 | } | |
252 | ||
253 | /* copy-on-write the packet before mangling it */ | |
af1e1cf0 | 254 | if (!skb_make_writable(skb, sizeof(struct iphdr))) |
1da177e4 LT |
255 | goto tx_error_put; |
256 | ||
257 | if (skb_cow(skb, rt->u.dst.dev->hard_header_len)) | |
258 | goto tx_error_put; | |
259 | ||
260 | /* drop old route */ | |
261 | dst_release(skb->dst); | |
262 | skb->dst = &rt->u.dst; | |
263 | ||
264 | /* mangle the packet */ | |
3db05fea | 265 | if (pp->dnat_handler && !pp->dnat_handler(skb, pp, cp)) |
1da177e4 | 266 | goto tx_error; |
eddc9ec5 ACM |
267 | ip_hdr(skb)->daddr = cp->daddr; |
268 | ip_send_check(ip_hdr(skb)); | |
1da177e4 LT |
269 | |
270 | IP_VS_DBG_PKT(10, pp, skb, 0, "After DNAT"); | |
271 | ||
272 | /* FIXME: when application helper enlarges the packet and the length | |
273 | is larger than the MTU of outgoing device, there will be still | |
274 | MTU problem. */ | |
275 | ||
276 | /* Another hack: avoid icmp_send in ip_fragment */ | |
277 | skb->local_df = 1; | |
278 | ||
279 | IP_VS_XMIT(skb, rt); | |
280 | ||
281 | LeaveFunction(10); | |
282 | return NF_STOLEN; | |
283 | ||
284 | tx_error_icmp: | |
285 | dst_link_failure(skb); | |
286 | tx_error: | |
287 | LeaveFunction(10); | |
288 | kfree_skb(skb); | |
289 | return NF_STOLEN; | |
290 | tx_error_put: | |
291 | ip_rt_put(rt); | |
292 | goto tx_error; | |
293 | } | |
294 | ||
295 | ||
296 | /* | |
297 | * IP Tunneling transmitter | |
298 | * | |
299 | * This function encapsulates the packet in a new IP packet, its | |
300 | * destination will be set to cp->daddr. Most code of this function | |
301 | * is taken from ipip.c. | |
302 | * | |
303 | * It is used in VS/TUN cluster. The load balancer selects a real | |
304 | * server from a cluster based on a scheduling algorithm, | |
305 | * encapsulates the request packet and forwards it to the selected | |
306 | * server. For example, all real servers are configured with | |
307 | * "ifconfig tunl0 <Virtual IP Address> up". When the server receives | |
308 | * the encapsulated packet, it will decapsulate the packet, processe | |
309 | * the request and return the response packets directly to the client | |
310 | * without passing the load balancer. This can greatly increase the | |
311 | * scalability of virtual server. | |
312 | * | |
313 | * Used for ANY protocol | |
314 | */ | |
315 | int | |
316 | ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |
317 | struct ip_vs_protocol *pp) | |
318 | { | |
319 | struct rtable *rt; /* Route to the other host */ | |
320 | struct net_device *tdev; /* Device to other host */ | |
eddc9ec5 | 321 | struct iphdr *old_iph = ip_hdr(skb); |
1da177e4 | 322 | u8 tos = old_iph->tos; |
76ab608d | 323 | __be16 df = old_iph->frag_off; |
2e07fa9c | 324 | sk_buff_data_t old_transport_header = skb->transport_header; |
1da177e4 | 325 | struct iphdr *iph; /* Our new IP header */ |
c2636b4d | 326 | unsigned int max_headroom; /* The extra header space needed */ |
1da177e4 LT |
327 | int mtu; |
328 | ||
329 | EnterFunction(10); | |
330 | ||
4412ec49 | 331 | if (skb->protocol != htons(ETH_P_IP)) { |
1da177e4 LT |
332 | IP_VS_DBG_RL("ip_vs_tunnel_xmit(): protocol error, " |
333 | "ETH_P_IP: %d, skb protocol: %d\n", | |
4412ec49 | 334 | htons(ETH_P_IP), skb->protocol); |
1da177e4 LT |
335 | goto tx_error; |
336 | } | |
337 | ||
338 | if (!(rt = __ip_vs_get_out_rt(cp, RT_TOS(tos)))) | |
339 | goto tx_error_icmp; | |
340 | ||
341 | tdev = rt->u.dst.dev; | |
342 | ||
343 | mtu = dst_mtu(&rt->u.dst) - sizeof(struct iphdr); | |
344 | if (mtu < 68) { | |
345 | ip_rt_put(rt); | |
346 | IP_VS_DBG_RL("ip_vs_tunnel_xmit(): mtu less than 68\n"); | |
347 | goto tx_error; | |
348 | } | |
349 | if (skb->dst) | |
350 | skb->dst->ops->update_pmtu(skb->dst, mtu); | |
351 | ||
4412ec49 | 352 | df |= (old_iph->frag_off & htons(IP_DF)); |
1da177e4 | 353 | |
4412ec49 | 354 | if ((old_iph->frag_off & htons(IP_DF)) |
1da177e4 LT |
355 | && mtu < ntohs(old_iph->tot_len)) { |
356 | icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu)); | |
357 | ip_rt_put(rt); | |
358 | IP_VS_DBG_RL("ip_vs_tunnel_xmit(): frag needed\n"); | |
359 | goto tx_error; | |
360 | } | |
361 | ||
362 | /* | |
363 | * Okay, now see if we can stuff it in the buffer as-is. | |
364 | */ | |
365 | max_headroom = LL_RESERVED_SPACE(tdev) + sizeof(struct iphdr); | |
366 | ||
367 | if (skb_headroom(skb) < max_headroom | |
368 | || skb_cloned(skb) || skb_shared(skb)) { | |
369 | struct sk_buff *new_skb = | |
370 | skb_realloc_headroom(skb, max_headroom); | |
371 | if (!new_skb) { | |
372 | ip_rt_put(rt); | |
373 | kfree_skb(skb); | |
374 | IP_VS_ERR_RL("ip_vs_tunnel_xmit(): no memory\n"); | |
375 | return NF_STOLEN; | |
376 | } | |
377 | kfree_skb(skb); | |
378 | skb = new_skb; | |
eddc9ec5 | 379 | old_iph = ip_hdr(skb); |
1da177e4 LT |
380 | } |
381 | ||
b0e380b1 | 382 | skb->transport_header = old_transport_header; |
1da177e4 LT |
383 | |
384 | /* fix old IP header checksum */ | |
385 | ip_send_check(old_iph); | |
386 | ||
e2d1bca7 ACM |
387 | skb_push(skb, sizeof(struct iphdr)); |
388 | skb_reset_network_header(skb); | |
1da177e4 LT |
389 | memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); |
390 | ||
391 | /* drop old route */ | |
392 | dst_release(skb->dst); | |
393 | skb->dst = &rt->u.dst; | |
394 | ||
395 | /* | |
396 | * Push down and install the IPIP header. | |
397 | */ | |
eddc9ec5 | 398 | iph = ip_hdr(skb); |
1da177e4 LT |
399 | iph->version = 4; |
400 | iph->ihl = sizeof(struct iphdr)>>2; | |
401 | iph->frag_off = df; | |
402 | iph->protocol = IPPROTO_IPIP; | |
403 | iph->tos = tos; | |
404 | iph->daddr = rt->rt_dst; | |
405 | iph->saddr = rt->rt_src; | |
406 | iph->ttl = old_iph->ttl; | |
1da177e4 | 407 | ip_select_ident(iph, &rt->u.dst, NULL); |
1da177e4 LT |
408 | |
409 | /* Another hack: avoid icmp_send in ip_fragment */ | |
410 | skb->local_df = 1; | |
411 | ||
c439cb2e | 412 | ip_local_out(skb); |
1da177e4 LT |
413 | |
414 | LeaveFunction(10); | |
415 | ||
416 | return NF_STOLEN; | |
417 | ||
418 | tx_error_icmp: | |
419 | dst_link_failure(skb); | |
420 | tx_error: | |
421 | kfree_skb(skb); | |
422 | LeaveFunction(10); | |
423 | return NF_STOLEN; | |
424 | } | |
425 | ||
426 | ||
427 | /* | |
428 | * Direct Routing transmitter | |
429 | * Used for ANY protocol | |
430 | */ | |
431 | int | |
432 | ip_vs_dr_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |
433 | struct ip_vs_protocol *pp) | |
434 | { | |
435 | struct rtable *rt; /* Route to the other host */ | |
eddc9ec5 | 436 | struct iphdr *iph = ip_hdr(skb); |
1da177e4 LT |
437 | int mtu; |
438 | ||
439 | EnterFunction(10); | |
440 | ||
441 | if (!(rt = __ip_vs_get_out_rt(cp, RT_TOS(iph->tos)))) | |
442 | goto tx_error_icmp; | |
443 | ||
444 | /* MTU checking */ | |
445 | mtu = dst_mtu(&rt->u.dst); | |
4412ec49 | 446 | if ((iph->frag_off & htons(IP_DF)) && skb->len > mtu) { |
1da177e4 LT |
447 | icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu)); |
448 | ip_rt_put(rt); | |
449 | IP_VS_DBG_RL("ip_vs_dr_xmit(): frag needed\n"); | |
450 | goto tx_error; | |
451 | } | |
452 | ||
453 | /* | |
454 | * Call ip_send_check because we are not sure it is called | |
455 | * after ip_defrag. Is copy-on-write needed? | |
456 | */ | |
457 | if (unlikely((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)) { | |
458 | ip_rt_put(rt); | |
459 | return NF_STOLEN; | |
460 | } | |
eddc9ec5 | 461 | ip_send_check(ip_hdr(skb)); |
1da177e4 LT |
462 | |
463 | /* drop old route */ | |
464 | dst_release(skb->dst); | |
465 | skb->dst = &rt->u.dst; | |
466 | ||
467 | /* Another hack: avoid icmp_send in ip_fragment */ | |
468 | skb->local_df = 1; | |
469 | ||
470 | IP_VS_XMIT(skb, rt); | |
471 | ||
472 | LeaveFunction(10); | |
473 | return NF_STOLEN; | |
474 | ||
475 | tx_error_icmp: | |
476 | dst_link_failure(skb); | |
477 | tx_error: | |
478 | kfree_skb(skb); | |
479 | LeaveFunction(10); | |
480 | return NF_STOLEN; | |
481 | } | |
482 | ||
483 | ||
484 | /* | |
485 | * ICMP packet transmitter | |
486 | * called by the ip_vs_in_icmp | |
487 | */ | |
488 | int | |
489 | ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |
490 | struct ip_vs_protocol *pp, int offset) | |
491 | { | |
492 | struct rtable *rt; /* Route to the other host */ | |
493 | int mtu; | |
494 | int rc; | |
495 | ||
496 | EnterFunction(10); | |
497 | ||
498 | /* The ICMP packet for VS/TUN, VS/DR and LOCALNODE will be | |
499 | forwarded directly here, because there is no need to | |
500 | translate address/port back */ | |
501 | if (IP_VS_FWD_METHOD(cp) != IP_VS_CONN_F_MASQ) { | |
502 | if (cp->packet_xmit) | |
503 | rc = cp->packet_xmit(skb, cp, pp); | |
504 | else | |
505 | rc = NF_ACCEPT; | |
506 | /* do not touch skb anymore */ | |
507 | atomic_inc(&cp->in_pkts); | |
1da177e4 LT |
508 | goto out; |
509 | } | |
510 | ||
511 | /* | |
512 | * mangle and send the packet here (only for VS/NAT) | |
513 | */ | |
514 | ||
eddc9ec5 | 515 | if (!(rt = __ip_vs_get_out_rt(cp, RT_TOS(ip_hdr(skb)->tos)))) |
1da177e4 LT |
516 | goto tx_error_icmp; |
517 | ||
518 | /* MTU checking */ | |
519 | mtu = dst_mtu(&rt->u.dst); | |
eddc9ec5 | 520 | if ((skb->len > mtu) && (ip_hdr(skb)->frag_off & htons(IP_DF))) { |
1da177e4 LT |
521 | ip_rt_put(rt); |
522 | icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu)); | |
523 | IP_VS_DBG_RL("ip_vs_in_icmp(): frag needed\n"); | |
524 | goto tx_error; | |
525 | } | |
526 | ||
527 | /* copy-on-write the packet before mangling it */ | |
af1e1cf0 | 528 | if (!skb_make_writable(skb, offset)) |
1da177e4 LT |
529 | goto tx_error_put; |
530 | ||
531 | if (skb_cow(skb, rt->u.dst.dev->hard_header_len)) | |
532 | goto tx_error_put; | |
533 | ||
534 | /* drop the old route when skb is not shared */ | |
535 | dst_release(skb->dst); | |
536 | skb->dst = &rt->u.dst; | |
537 | ||
538 | ip_vs_nat_icmp(skb, pp, cp, 0); | |
539 | ||
540 | /* Another hack: avoid icmp_send in ip_fragment */ | |
541 | skb->local_df = 1; | |
542 | ||
543 | IP_VS_XMIT(skb, rt); | |
544 | ||
545 | rc = NF_STOLEN; | |
546 | goto out; | |
547 | ||
548 | tx_error_icmp: | |
549 | dst_link_failure(skb); | |
550 | tx_error: | |
551 | dev_kfree_skb(skb); | |
552 | rc = NF_STOLEN; | |
553 | out: | |
554 | LeaveFunction(10); | |
555 | return rc; | |
556 | tx_error_put: | |
557 | ip_rt_put(rt); | |
558 | goto tx_error; | |
559 | } |