projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ipv6: make fragment identifications less predictable
[deliverable/linux.git] / net / ipv6 / ip6_output.c
1 /*
2 * IPv6 output functions
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * Based on linux/net/ipv4/ip_output.c
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
14 *
15 * Changes:
16 * A.N.Kuznetsov : airthmetics in fragmentation.
17 * extension headers are implemented.
18 * route changes now work.
19 * ip6_forward does not confuse sniffers.
20 * etc.
21 *
22 * H. von Brand : Added missing #include <linux/string.h>
23 * Imran Patel : frag id should be in NBO
24 * Kazunori MIYAZAWA @USAGI
25 * : add ip6_append_data and related functions
26 * for datagram xmit
27 */
28
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/string.h>
32 #include <linux/socket.h>
33 #include <linux/net.h>
34 #include <linux/netdevice.h>
35 #include <linux/if_arp.h>
36 #include <linux/in6.h>
37 #include <linux/tcp.h>
38 #include <linux/route.h>
39 #include <linux/module.h>
40 #include <linux/slab.h>
41
42 #include <linux/netfilter.h>
43 #include <linux/netfilter_ipv6.h>
44
45 #include <net/sock.h>
46 #include <net/snmp.h>
47
48 #include <net/ipv6.h>
49 #include <net/ndisc.h>
50 #include <net/protocol.h>
51 #include <net/ip6_route.h>
52 #include <net/addrconf.h>
53 #include <net/rawv6.h>
54 #include <net/icmp.h>
55 #include <net/xfrm.h>
56 #include <net/checksum.h>
57 #include <linux/mroute6.h>
58
59 int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *));
60
61 int __ip6_local_out(struct sk_buff *skb)
62 {
63 int len;
64
65 len = skb->len - sizeof(struct ipv6hdr);
66 if (len > IPV6_MAXPLEN)
67 len = 0;
68 ipv6_hdr(skb)->payload_len = htons(len);
69
70 return nf_hook(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL,
71 skb_dst(skb)->dev, dst_output);
72 }
73
74 int ip6_local_out(struct sk_buff *skb)
75 {
76 int err;
77
78 err = __ip6_local_out(skb);
79 if (likely(err == 1))
80 err = dst_output(skb);
81
82 return err;
83 }
84 EXPORT_SYMBOL_GPL(ip6_local_out);
85
86 /* dev_loopback_xmit for use with netfilter. */
87 static int ip6_dev_loopback_xmit(struct sk_buff *newskb)
88 {
89 skb_reset_mac_header(newskb);
90 __skb_pull(newskb, skb_network_offset(newskb));
91 newskb->pkt_type = PACKET_LOOPBACK;
92 newskb->ip_summed = CHECKSUM_UNNECESSARY;
93 WARN_ON(!skb_dst(newskb));
94
95 netif_rx_ni(newskb);
96 return 0;
97 }
98
99 static int ip6_finish_output2(struct sk_buff *skb)
100 {
101 struct dst_entry *dst = skb_dst(skb);
102 struct net_device *dev = dst->dev;
103 struct neighbour *neigh;
104
105 skb->protocol = htons(ETH_P_IPV6);
106 skb->dev = dev;
107
108 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
109 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
110
111 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(skb->sk) &&
112 ((mroute6_socket(dev_net(dev), skb) &&
113 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
114 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
115 &ipv6_hdr(skb)->saddr))) {
116 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
117
118 /* Do not check for IFF_ALLMULTI; multicast routing
119 is not supported in any case.
120 */
121 if (newskb)
122 NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING,
123 newskb, NULL, newskb->dev,
124 ip6_dev_loopback_xmit);
125
126 if (ipv6_hdr(skb)->hop_limit == 0) {
127 IP6_INC_STATS(dev_net(dev), idev,
128 IPSTATS_MIB_OUTDISCARDS);
129 kfree_skb(skb);
130 return 0;
131 }
132 }
133
134 IP6_UPD_PO_STATS(dev_net(dev), idev, IPSTATS_MIB_OUTMCAST,
135 skb->len);
136 }
137
138 neigh = dst_get_neighbour(dst);
139 if (neigh)
140 return neigh_output(neigh, skb);
141
142 IP6_INC_STATS_BH(dev_net(dst->dev),
143 ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
144 kfree_skb(skb);
145 return -EINVAL;
146 }
147
148 static int ip6_finish_output(struct sk_buff *skb)
149 {
150 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
151 dst_allfrag(skb_dst(skb)))
152 return ip6_fragment(skb, ip6_finish_output2);
153 else
154 return ip6_finish_output2(skb);
155 }
156
157 int ip6_output(struct sk_buff *skb)
158 {
159 struct net_device *dev = skb_dst(skb)->dev;
160 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
161 if (unlikely(idev->cnf.disable_ipv6)) {
162 IP6_INC_STATS(dev_net(dev), idev,
163 IPSTATS_MIB_OUTDISCARDS);
164 kfree_skb(skb);
165 return 0;
166 }
167
168 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, NULL, dev,
169 ip6_finish_output,
170 !(IP6CB(skb)->flags & IP6SKB_REROUTED));
171 }
172
173 /*
174 * xmit an sk_buff (used by TCP, SCTP and DCCP)
175 */
176
177 int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
178 struct ipv6_txoptions *opt)
179 {
180 struct net *net = sock_net(sk);
181 struct ipv6_pinfo *np = inet6_sk(sk);
182 struct in6_addr *first_hop = &fl6->daddr;
183 struct dst_entry *dst = skb_dst(skb);
184 struct ipv6hdr *hdr;
185 u8 proto = fl6->flowi6_proto;
186 int seg_len = skb->len;
187 int hlimit = -1;
188 int tclass = 0;
189 u32 mtu;
190
191 if (opt) {
192 unsigned int head_room;
193
194 /* First: exthdrs may take lots of space (~8K for now)
195 MAX_HEADER is not enough.
196 */
197 head_room = opt->opt_nflen + opt->opt_flen;
198 seg_len += head_room;
199 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev);
200
201 if (skb_headroom(skb) < head_room) {
202 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room);
203 if (skb2 == NULL) {
204 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
205 IPSTATS_MIB_OUTDISCARDS);
206 kfree_skb(skb);
207 return -ENOBUFS;
208 }
209 kfree_skb(skb);
210 skb = skb2;
211 skb_set_owner_w(skb, sk);
212 }
213 if (opt->opt_flen)
214 ipv6_push_frag_opts(skb, opt, &proto);
215 if (opt->opt_nflen)
216 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop);
217 }
218
219 skb_push(skb, sizeof(struct ipv6hdr));
220 skb_reset_network_header(skb);
221 hdr = ipv6_hdr(skb);
222
223 /*
224 * Fill in the IPv6 header
225 */
226 if (np) {
227 tclass = np->tclass;
228 hlimit = np->hop_limit;
229 }
230 if (hlimit < 0)
231 hlimit = ip6_dst_hoplimit(dst);
232
233 *(__be32 *)hdr = htonl(0x60000000 | (tclass << 20)) | fl6->flowlabel;
234
235 hdr->payload_len = htons(seg_len);
236 hdr->nexthdr = proto;
237 hdr->hop_limit = hlimit;
238
239 ipv6_addr_copy(&hdr->saddr, &fl6->saddr);
240 ipv6_addr_copy(&hdr->daddr, first_hop);
241
242 skb->priority = sk->sk_priority;
243 skb->mark = sk->sk_mark;
244
245 mtu = dst_mtu(dst);
246 if ((skb->len <= mtu) || skb->local_df || skb_is_gso(skb)) {
247 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)),
248 IPSTATS_MIB_OUT, skb->len);
249 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL,
250 dst->dev, dst_output);
251 }
252
253 if (net_ratelimit())
254 printk(KERN_DEBUG "IPv6: sending pkt_too_big to self\n");
255 skb->dev = dst->dev;
256 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
257 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS);
258 kfree_skb(skb);
259 return -EMSGSIZE;
260 }
261
262 EXPORT_SYMBOL(ip6_xmit);
263
264 /*
265 * To avoid extra problems ND packets are send through this
266 * routine. It's code duplication but I really want to avoid
267 * extra checks since ipv6_build_header is used by TCP (which
268 * is for us performance critical)
269 */
270
271 int ip6_nd_hdr(struct sock *sk, struct sk_buff *skb, struct net_device *dev,
272 const struct in6_addr *saddr, const struct in6_addr *daddr,
273 int proto, int len)
274 {
275 struct ipv6_pinfo *np = inet6_sk(sk);
276 struct ipv6hdr *hdr;
277
278 skb->protocol = htons(ETH_P_IPV6);
279 skb->dev = dev;
280
281 skb_reset_network_header(skb);
282 skb_put(skb, sizeof(struct ipv6hdr));
283 hdr = ipv6_hdr(skb);
284
285 *(__be32*)hdr = htonl(0x60000000);
286
287 hdr->payload_len = htons(len);
288 hdr->nexthdr = proto;
289 hdr->hop_limit = np->hop_limit;
290
291 ipv6_addr_copy(&hdr->saddr, saddr);
292 ipv6_addr_copy(&hdr->daddr, daddr);
293
294 return 0;
295 }
296
297 static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
298 {
299 struct ip6_ra_chain *ra;
300 struct sock *last = NULL;
301
302 read_lock(&ip6_ra_lock);
303 for (ra = ip6_ra_chain; ra; ra = ra->next) {
304 struct sock *sk = ra->sk;
305 if (sk && ra->sel == sel &&
306 (!sk->sk_bound_dev_if ||
307 sk->sk_bound_dev_if == skb->dev->ifindex)) {
308 if (last) {
309 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
310 if (skb2)
311 rawv6_rcv(last, skb2);
312 }
313 last = sk;
314 }
315 }
316
317 if (last) {
318 rawv6_rcv(last, skb);
319 read_unlock(&ip6_ra_lock);
320 return 1;
321 }
322 read_unlock(&ip6_ra_lock);
323 return 0;
324 }
325
326 static int ip6_forward_proxy_check(struct sk_buff *skb)
327 {
328 struct ipv6hdr *hdr = ipv6_hdr(skb);
329 u8 nexthdr = hdr->nexthdr;
330 int offset;
331
332 if (ipv6_ext_hdr(nexthdr)) {
333 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr);
334 if (offset < 0)
335 return 0;
336 } else
337 offset = sizeof(struct ipv6hdr);
338
339 if (nexthdr == IPPROTO_ICMPV6) {
340 struct icmp6hdr *icmp6;
341
342 if (!pskb_may_pull(skb, (skb_network_header(skb) +
343 offset + 1 - skb->data)))
344 return 0;
345
346 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset);
347
348 switch (icmp6->icmp6_type) {
349 case NDISC_ROUTER_SOLICITATION:
350 case NDISC_ROUTER_ADVERTISEMENT:
351 case NDISC_NEIGHBOUR_SOLICITATION:
352 case NDISC_NEIGHBOUR_ADVERTISEMENT:
353 case NDISC_REDIRECT:
354 /* For reaction involving unicast neighbor discovery
355 * message destined to the proxied address, pass it to
356 * input function.
357 */
358 return 1;
359 default:
360 break;
361 }
362 }
363
364 /*
365 * The proxying router can't forward traffic sent to a link-local
366 * address, so signal the sender and discard the packet. This
367 * behavior is clarified by the MIPv6 specification.
368 */
369 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) {
370 dst_link_failure(skb);
371 return -1;
372 }
373
374 return 0;
375 }
376
377 static inline int ip6_forward_finish(struct sk_buff *skb)
378 {
379 return dst_output(skb);
380 }
381
382 int ip6_forward(struct sk_buff *skb)
383 {
384 struct dst_entry *dst = skb_dst(skb);
385 struct ipv6hdr *hdr = ipv6_hdr(skb);
386 struct inet6_skb_parm *opt = IP6CB(skb);
387 struct net *net = dev_net(dst->dev);
388 struct neighbour *n;
389 u32 mtu;
390
391 if (net->ipv6.devconf_all->forwarding == 0)
392 goto error;
393
394 if (skb_warn_if_lro(skb))
395 goto drop;
396
397 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
398 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
399 goto drop;
400 }
401
402 if (skb->pkt_type != PACKET_HOST)
403 goto drop;
404
405 skb_forward_csum(skb);
406
407 /*
408 * We DO NOT make any processing on
409 * RA packets, pushing them to user level AS IS
410 * without ane WARRANTY that application will be able
411 * to interpret them. The reason is that we
412 * cannot make anything clever here.
413 *
414 * We are not end-node, so that if packet contains
415 * AH/ESP, we cannot make anything.
416 * Defragmentation also would be mistake, RA packets
417 * cannot be fragmented, because there is no warranty
418 * that different fragments will go along one path. --ANK
419 */
420 if (opt->ra) {
421 u8 *ptr = skb_network_header(skb) + opt->ra;
422 if (ip6_call_ra_chain(skb, (ptr[2]<<8) + ptr[3]))
423 return 0;
424 }
425
426 /*
427 * check and decrement ttl
428 */
429 if (hdr->hop_limit <= 1) {
430 /* Force OUTPUT device used as source address */
431 skb->dev = dst->dev;
432 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0);
433 IP6_INC_STATS_BH(net,
434 ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS);
435
436 kfree_skb(skb);
437 return -ETIMEDOUT;
438 }
439
440 /* XXX: idev->cnf.proxy_ndp? */
441 if (net->ipv6.devconf_all->proxy_ndp &&
442 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
443 int proxied = ip6_forward_proxy_check(skb);
444 if (proxied > 0)
445 return ip6_input(skb);
446 else if (proxied < 0) {
447 IP6_INC_STATS(net, ip6_dst_idev(dst),
448 IPSTATS_MIB_INDISCARDS);
449 goto drop;
450 }
451 }
452
453 if (!xfrm6_route_forward(skb)) {
454 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
455 goto drop;
456 }
457 dst = skb_dst(skb);
458
459 /* IPv6 specs say nothing about it, but it is clear that we cannot
460 send redirects to source routed frames.
461 We don't send redirects to frames decapsulated from IPsec.
462 */
463 n = dst_get_neighbour(dst);
464 if (skb->dev == dst->dev && n && opt->srcrt == 0 && !skb_sec_path(skb)) {
465 struct in6_addr *target = NULL;
466 struct rt6_info *rt;
467
468 /*
469 * incoming and outgoing devices are the same
470 * send a redirect.
471 */
472
473 rt = (struct rt6_info *) dst;
474 if ((rt->rt6i_flags & RTF_GATEWAY))
475 target = (struct in6_addr*)&n->primary_key;
476 else
477 target = &hdr->daddr;
478
479 if (!rt->rt6i_peer)
480 rt6_bind_peer(rt, 1);
481
482 /* Limit redirects both by destination (here)
483 and by source (inside ndisc_send_redirect)
484 */
485 if (inet_peer_xrlim_allow(rt->rt6i_peer, 1*HZ))
486 ndisc_send_redirect(skb, n, target);
487 } else {
488 int addrtype = ipv6_addr_type(&hdr->saddr);
489
490 /* This check is security critical. */
491 if (addrtype == IPV6_ADDR_ANY ||
492 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
493 goto error;
494 if (addrtype & IPV6_ADDR_LINKLOCAL) {
495 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
496 ICMPV6_NOT_NEIGHBOUR, 0);
497 goto error;
498 }
499 }
500
501 mtu = dst_mtu(dst);
502 if (mtu < IPV6_MIN_MTU)
503 mtu = IPV6_MIN_MTU;
504
505 if (skb->len > mtu && !skb_is_gso(skb)) {
506 /* Again, force OUTPUT device used as source address */
507 skb->dev = dst->dev;
508 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
509 IP6_INC_STATS_BH(net,
510 ip6_dst_idev(dst), IPSTATS_MIB_INTOOBIGERRORS);
511 IP6_INC_STATS_BH(net,
512 ip6_dst_idev(dst), IPSTATS_MIB_FRAGFAILS);
513 kfree_skb(skb);
514 return -EMSGSIZE;
515 }
516
517 if (skb_cow(skb, dst->dev->hard_header_len)) {
518 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTDISCARDS);
519 goto drop;
520 }
521
522 hdr = ipv6_hdr(skb);
523
524 /* Mangling hops number delayed to point after skb COW */
525
526 hdr->hop_limit--;
527
528 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
529 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, skb, skb->dev, dst->dev,
530 ip6_forward_finish);
531
532 error:
533 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS);
534 drop:
535 kfree_skb(skb);
536 return -EINVAL;
537 }
538
539 static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
540 {
541 to->pkt_type = from->pkt_type;
542 to->priority = from->priority;
543 to->protocol = from->protocol;
544 skb_dst_drop(to);
545 skb_dst_set(to, dst_clone(skb_dst(from)));
546 to->dev = from->dev;
547 to->mark = from->mark;
548
549 #ifdef CONFIG_NET_SCHED
550 to->tc_index = from->tc_index;
551 #endif
552 nf_copy(to, from);
553 #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
554 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
555 to->nf_trace = from->nf_trace;
556 #endif
557 skb_copy_secmark(to, from);
558 }
559
560 int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
561 {
562 u16 offset = sizeof(struct ipv6hdr);
563 struct ipv6_opt_hdr *exthdr =
564 (struct ipv6_opt_hdr *)(ipv6_hdr(skb) + 1);
565 unsigned int packet_len = skb->tail - skb->network_header;
566 int found_rhdr = 0;
567 *nexthdr = &ipv6_hdr(skb)->nexthdr;
568
569 while (offset + 1 <= packet_len) {
570
571 switch (**nexthdr) {
572
573 case NEXTHDR_HOP:
574 break;
575 case NEXTHDR_ROUTING:
576 found_rhdr = 1;
577 break;
578 case NEXTHDR_DEST:
579 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
580 if (ipv6_find_tlv(skb, offset, IPV6_TLV_HAO) >= 0)
581 break;
582 #endif
583 if (found_rhdr)
584 return offset;
585 break;
586 default :
587 return offset;
588 }
589
590 offset += ipv6_optlen(exthdr);
591 *nexthdr = &exthdr->nexthdr;
592 exthdr = (struct ipv6_opt_hdr *)(skb_network_header(skb) +
593 offset);
594 }
595
596 return offset;
597 }
598
599 void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
600 {
601 static atomic_t ipv6_fragmentation_id;
602 int old, new;
603
604 if (rt) {
605 struct inet_peer *peer;
606
607 if (!rt->rt6i_peer)
608 rt6_bind_peer(rt, 1);
609 peer = rt->rt6i_peer;
610 if (peer) {
611 fhdr->identification = htonl(inet_getid(peer, 0));
612 return;
613 }
614 }
615 do {
616 old = atomic_read(&ipv6_fragmentation_id);
617 new = old + 1;
618 if (!new)
619 new = 1;
620 } while (atomic_cmpxchg(&ipv6_fragmentation_id, old, new) != old);
621 fhdr->identification = htonl(new);
622 }
623
624 int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
625 {
626 struct sk_buff *frag;
627 struct rt6_info *rt = (struct rt6_info*)skb_dst(skb);
628 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
629 struct ipv6hdr *tmp_hdr;
630 struct frag_hdr *fh;
631 unsigned int mtu, hlen, left, len;
632 __be32 frag_id = 0;
633 int ptr, offset = 0, err=0;
634 u8 *prevhdr, nexthdr = 0;
635 struct net *net = dev_net(skb_dst(skb)->dev);
636
637 hlen = ip6_find_1stfragopt(skb, &prevhdr);
638 nexthdr = *prevhdr;
639
640 mtu = ip6_skb_dst_mtu(skb);
641
642 /* We must not fragment if the socket is set to force MTU discovery
643 * or if the skb it not generated by a local socket.
644 */
645 if (!skb->local_df && skb->len > mtu) {
646 skb->dev = skb_dst(skb)->dev;
647 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
648 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
649 IPSTATS_MIB_FRAGFAILS);
650 kfree_skb(skb);
651 return -EMSGSIZE;
652 }
653
654 if (np && np->frag_size < mtu) {
655 if (np->frag_size)
656 mtu = np->frag_size;
657 }
658 mtu -= hlen + sizeof(struct frag_hdr);
659
660 if (skb_has_frag_list(skb)) {
661 int first_len = skb_pagelen(skb);
662 struct sk_buff *frag2;
663
664 if (first_len - hlen > mtu ||
665 ((first_len - hlen) & 7) ||
666 skb_cloned(skb))
667 goto slow_path;
668
669 skb_walk_frags(skb, frag) {
670 /* Correct geometry. */
671 if (frag->len > mtu ||
672 ((frag->len & 7) && frag->next) ||
673 skb_headroom(frag) < hlen)
674 goto slow_path_clean;
675
676 /* Partially cloned skb? */
677 if (skb_shared(frag))
678 goto slow_path_clean;
679
680 BUG_ON(frag->sk);
681 if (skb->sk) {
682 frag->sk = skb->sk;
683 frag->destructor = sock_wfree;
684 }
685 skb->truesize -= frag->truesize;
686 }
687
688 err = 0;
689 offset = 0;
690 frag = skb_shinfo(skb)->frag_list;
691 skb_frag_list_init(skb);
692 /* BUILD HEADER */
693
694 *prevhdr = NEXTHDR_FRAGMENT;
695 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
696 if (!tmp_hdr) {
697 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
698 IPSTATS_MIB_FRAGFAILS);
699 return -ENOMEM;
700 }
701
702 __skb_pull(skb, hlen);
703 fh = (struct frag_hdr*)__skb_push(skb, sizeof(struct frag_hdr));
704 __skb_push(skb, hlen);
705 skb_reset_network_header(skb);
706 memcpy(skb_network_header(skb), tmp_hdr, hlen);
707
708 ipv6_select_ident(fh, rt);
709 fh->nexthdr = nexthdr;
710 fh->reserved = 0;
711 fh->frag_off = htons(IP6_MF);
712 frag_id = fh->identification;
713
714 first_len = skb_pagelen(skb);
715 skb->data_len = first_len - skb_headlen(skb);
716 skb->len = first_len;
717 ipv6_hdr(skb)->payload_len = htons(first_len -
718 sizeof(struct ipv6hdr));
719
720 dst_hold(&rt->dst);
721
722 for (;;) {
723 /* Prepare header of the next frame,
724 * before previous one went down. */
725 if (frag) {
726 frag->ip_summed = CHECKSUM_NONE;
727 skb_reset_transport_header(frag);
728 fh = (struct frag_hdr*)__skb_push(frag, sizeof(struct frag_hdr));
729 __skb_push(frag, hlen);
730 skb_reset_network_header(frag);
731 memcpy(skb_network_header(frag), tmp_hdr,
732 hlen);
733 offset += skb->len - hlen - sizeof(struct frag_hdr);
734 fh->nexthdr = nexthdr;
735 fh->reserved = 0;
736 fh->frag_off = htons(offset);
737 if (frag->next != NULL)
738 fh->frag_off |= htons(IP6_MF);
739 fh->identification = frag_id;
740 ipv6_hdr(frag)->payload_len =
741 htons(frag->len -
742 sizeof(struct ipv6hdr));
743 ip6_copy_metadata(frag, skb);
744 }
745
746 err = output(skb);
747 if(!err)
748 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
749 IPSTATS_MIB_FRAGCREATES);
750
751 if (err || !frag)
752 break;
753
754 skb = frag;
755 frag = skb->next;
756 skb->next = NULL;
757 }
758
759 kfree(tmp_hdr);
760
761 if (err == 0) {
762 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
763 IPSTATS_MIB_FRAGOKS);
764 dst_release(&rt->dst);
765 return 0;
766 }
767
768 while (frag) {
769 skb = frag->next;
770 kfree_skb(frag);
771 frag = skb;
772 }
773
774 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
775 IPSTATS_MIB_FRAGFAILS);
776 dst_release(&rt->dst);
777 return err;
778
779 slow_path_clean:
780 skb_walk_frags(skb, frag2) {
781 if (frag2 == frag)
782 break;
783 frag2->sk = NULL;
784 frag2->destructor = NULL;
785 skb->truesize += frag2->truesize;
786 }
787 }
788
789 slow_path:
790 left = skb->len - hlen; /* Space per frame */
791 ptr = hlen; /* Where to start from */
792
793 /*
794 * Fragment the datagram.
795 */
796
797 *prevhdr = NEXTHDR_FRAGMENT;
798
799 /*
800 * Keep copying data until we run out.
801 */
802 while(left > 0) {
803 len = left;
804 /* IF: it doesn't fit, use 'mtu' - the data space left */
805 if (len > mtu)
806 len = mtu;
807 /* IF: we are not sending up to and including the packet end
808 then align the next start on an eight byte boundary */
809 if (len < left) {
810 len &= ~7;
811 }
812 /*
813 * Allocate buffer.
814 */
815
816 if ((frag = alloc_skb(len+hlen+sizeof(struct frag_hdr)+LL_ALLOCATED_SPACE(rt->dst.dev), GFP_ATOMIC)) == NULL) {
817 NETDEBUG(KERN_INFO "IPv6: frag: no memory for new fragment!\n");
818 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
819 IPSTATS_MIB_FRAGFAILS);
820 err = -ENOMEM;
821 goto fail;
822 }
823
824 /*
825 * Set up data on packet
826 */
827
828 ip6_copy_metadata(frag, skb);
829 skb_reserve(frag, LL_RESERVED_SPACE(rt->dst.dev));
830 skb_put(frag, len + hlen + sizeof(struct frag_hdr));
831 skb_reset_network_header(frag);
832 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen);
833 frag->transport_header = (frag->network_header + hlen +
834 sizeof(struct frag_hdr));
835
836 /*
837 * Charge the memory for the fragment to any owner
838 * it might possess
839 */
840 if (skb->sk)
841 skb_set_owner_w(frag, skb->sk);
842
843 /*
844 * Copy the packet header into the new buffer.
845 */
846 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen);
847
848 /*
849 * Build fragment header.
850 */
851 fh->nexthdr = nexthdr;
852 fh->reserved = 0;
853 if (!frag_id) {
854 ipv6_select_ident(fh, rt);
855 frag_id = fh->identification;
856 } else
857 fh->identification = frag_id;
858
859 /*
860 * Copy a block of the IP datagram.
861 */
862 if (skb_copy_bits(skb, ptr, skb_transport_header(frag), len))
863 BUG();
864 left -= len;
865
866 fh->frag_off = htons(offset);
867 if (left > 0)
868 fh->frag_off |= htons(IP6_MF);
869 ipv6_hdr(frag)->payload_len = htons(frag->len -
870 sizeof(struct ipv6hdr));
871
872 ptr += len;
873 offset += len;
874
875 /*
876 * Put this fragment into the sending queue.
877 */
878 err = output(frag);
879 if (err)
880 goto fail;
881
882 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
883 IPSTATS_MIB_FRAGCREATES);
884 }
885 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
886 IPSTATS_MIB_FRAGOKS);
887 kfree_skb(skb);
888 return err;
889
890 fail:
891 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
892 IPSTATS_MIB_FRAGFAILS);
893 kfree_skb(skb);
894 return err;
895 }
896
897 static inline int ip6_rt_check(const struct rt6key *rt_key,
898 const struct in6_addr *fl_addr,
899 const struct in6_addr *addr_cache)
900 {
901 return (rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) &&
902 (addr_cache == NULL || !ipv6_addr_equal(fl_addr, addr_cache));
903 }
904
905 static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
906 struct dst_entry *dst,
907 const struct flowi6 *fl6)
908 {
909 struct ipv6_pinfo *np = inet6_sk(sk);
910 struct rt6_info *rt = (struct rt6_info *)dst;
911
912 if (!dst)
913 goto out;
914
915 /* Yes, checking route validity in not connected
916 * case is not very simple. Take into account,
917 * that we do not support routing by source, TOS,
918 * and MSG_DONTROUTE --ANK (980726)
919 *
920 * 1. ip6_rt_check(): If route was host route,
921 * check that cached destination is current.
922 * If it is network route, we still may
923 * check its validity using saved pointer
924 * to the last used address: daddr_cache.
925 * We do not want to save whole address now,
926 * (because main consumer of this service
927 * is tcp, which has not this problem),
928 * so that the last trick works only on connected
929 * sockets.
930 * 2. oif also should be the same.
931 */
932 if (ip6_rt_check(&rt->rt6i_dst, &fl6->daddr, np->daddr_cache) ||
933 #ifdef CONFIG_IPV6_SUBTREES
934 ip6_rt_check(&rt->rt6i_src, &fl6->saddr, np->saddr_cache) ||
935 #endif
936 (fl6->flowi6_oif && fl6->flowi6_oif != dst->dev->ifindex)) {
937 dst_release(dst);
938 dst = NULL;
939 }
940
941 out:
942 return dst;
943 }
944
945 static int ip6_dst_lookup_tail(struct sock *sk,
946 struct dst_entry **dst, struct flowi6 *fl6)
947 {
948 struct net *net = sock_net(sk);
949 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
950 struct neighbour *n;
951 #endif
952 int err;
953
954 if (*dst == NULL)
955 *dst = ip6_route_output(net, sk, fl6);
956
957 if ((err = (*dst)->error))
958 goto out_err_release;
959
960 if (ipv6_addr_any(&fl6->saddr)) {
961 struct rt6_info *rt = (struct rt6_info *) *dst;
962 err = ip6_route_get_saddr(net, rt, &fl6->daddr,
963 sk ? inet6_sk(sk)->srcprefs : 0,
964 &fl6->saddr);
965 if (err)
966 goto out_err_release;
967 }
968
969 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
970 /*
971 * Here if the dst entry we've looked up
972 * has a neighbour entry that is in the INCOMPLETE
973 * state and the src address from the flow is
974 * marked as OPTIMISTIC, we release the found
975 * dst entry and replace it instead with the
976 * dst entry of the nexthop router
977 */
978 n = dst_get_neighbour(*dst);
979 if (n && !(n->nud_state & NUD_VALID)) {
980 struct inet6_ifaddr *ifp;
981 struct flowi6 fl_gw6;
982 int redirect;
983
984 ifp = ipv6_get_ifaddr(net, &fl6->saddr,
985 (*dst)->dev, 1);
986
987 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
988 if (ifp)
989 in6_ifa_put(ifp);
990
991 if (redirect) {
992 /*
993 * We need to get the dst entry for the
994 * default router instead
995 */
996 dst_release(*dst);
997 memcpy(&fl_gw6, fl6, sizeof(struct flowi6));
998 memset(&fl_gw6.daddr, 0, sizeof(struct in6_addr));
999 *dst = ip6_route_output(net, sk, &fl_gw6);
1000 if ((err = (*dst)->error))
1001 goto out_err_release;
1002 }
1003 }
1004 #endif
1005
1006 return 0;
1007
1008 out_err_release:
1009 if (err == -ENETUNREACH)
1010 IP6_INC_STATS_BH(net, NULL, IPSTATS_MIB_OUTNOROUTES);
1011 dst_release(*dst);
1012 *dst = NULL;
1013 return err;
1014 }
1015
1016 /**
1017 * ip6_dst_lookup - perform route lookup on flow
1018 * @sk: socket which provides route info
1019 * @dst: pointer to dst_entry * for result
1020 * @fl6: flow to lookup
1021 *
1022 * This function performs a route lookup on the given flow.
1023 *
1024 * It returns zero on success, or a standard errno code on error.
1025 */
1026 int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi6 *fl6)
1027 {
1028 *dst = NULL;
1029 return ip6_dst_lookup_tail(sk, dst, fl6);
1030 }
1031 EXPORT_SYMBOL_GPL(ip6_dst_lookup);
1032
1033 /**
1034 * ip6_dst_lookup_flow - perform route lookup on flow with ipsec
1035 * @sk: socket which provides route info
1036 * @fl6: flow to lookup
1037 * @final_dst: final destination address for ipsec lookup
1038 * @can_sleep: we are in a sleepable context
1039 *
1040 * This function performs a route lookup on the given flow.
1041 *
1042 * It returns a valid dst pointer on success, or a pointer encoded
1043 * error code.
1044 */
1045 struct dst_entry *ip6_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
1046 const struct in6_addr *final_dst,
1047 bool can_sleep)
1048 {
1049 struct dst_entry *dst = NULL;
1050 int err;
1051
1052 err = ip6_dst_lookup_tail(sk, &dst, fl6);
1053 if (err)
1054 return ERR_PTR(err);
1055 if (final_dst)
1056 ipv6_addr_copy(&fl6->daddr, final_dst);
1057 if (can_sleep)
1058 fl6->flowi6_flags |= FLOWI_FLAG_CAN_SLEEP;
1059
1060 return xfrm_lookup(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
1061 }
1062 EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow);
1063
1064 /**
1065 * ip6_sk_dst_lookup_flow - perform socket cached route lookup on flow
1066 * @sk: socket which provides the dst cache and route info
1067 * @fl6: flow to lookup
1068 * @final_dst: final destination address for ipsec lookup
1069 * @can_sleep: we are in a sleepable context
1070 *
1071 * This function performs a route lookup on the given flow with the
1072 * possibility of using the cached route in the socket if it is valid.
1073 * It will take the socket dst lock when operating on the dst cache.
1074 * As a result, this function can only be used in process context.
1075 *
1076 * It returns a valid dst pointer on success, or a pointer encoded
1077 * error code.
1078 */
1079 struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
1080 const struct in6_addr *final_dst,
1081 bool can_sleep)
1082 {
1083 struct dst_entry *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
1084 int err;
1085
1086 dst = ip6_sk_dst_check(sk, dst, fl6);
1087
1088 err = ip6_dst_lookup_tail(sk, &dst, fl6);
1089 if (err)
1090 return ERR_PTR(err);
1091 if (final_dst)
1092 ipv6_addr_copy(&fl6->daddr, final_dst);
1093 if (can_sleep)
1094 fl6->flowi6_flags |= FLOWI_FLAG_CAN_SLEEP;
1095
1096 return xfrm_lookup(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
1097 }
1098 EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow);
1099
1100 static inline int ip6_ufo_append_data(struct sock *sk,
1101 int getfrag(void *from, char *to, int offset, int len,
1102 int odd, struct sk_buff *skb),
1103 void *from, int length, int hh_len, int fragheaderlen,
1104 int transhdrlen, int mtu,unsigned int flags,
1105 struct rt6_info *rt)
1106
1107 {
1108 struct sk_buff *skb;
1109 int err;
1110
1111 /* There is support for UDP large send offload by network
1112 * device, so create one single skb packet containing complete
1113 * udp datagram
1114 */
1115 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) {
1116 skb = sock_alloc_send_skb(sk,
1117 hh_len + fragheaderlen + transhdrlen + 20,
1118 (flags & MSG_DONTWAIT), &err);
1119 if (skb == NULL)
1120 return -ENOMEM;
1121
1122 /* reserve space for Hardware header */
1123 skb_reserve(skb, hh_len);
1124
1125 /* create space for UDP/IP header */
1126 skb_put(skb,fragheaderlen + transhdrlen);
1127
1128 /* initialize network header pointer */
1129 skb_reset_network_header(skb);
1130
1131 /* initialize protocol header pointer */
1132 skb->transport_header = skb->network_header + fragheaderlen;
1133
1134 skb->ip_summed = CHECKSUM_PARTIAL;
1135 skb->csum = 0;
1136 }
1137
1138 err = skb_append_datato_frags(sk,skb, getfrag, from,
1139 (length - transhdrlen));
1140 if (!err) {
1141 struct frag_hdr fhdr;
1142
1143 /* Specify the length of each IPv6 datagram fragment.
1144 * It has to be a multiple of 8.
1145 */
1146 skb_shinfo(skb)->gso_size = (mtu - fragheaderlen -
1147 sizeof(struct frag_hdr)) & ~7;
1148 skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
1149 ipv6_select_ident(&fhdr, rt);
1150 skb_shinfo(skb)->ip6_frag_id = fhdr.identification;
1151 __skb_queue_tail(&sk->sk_write_queue, skb);
1152
1153 return 0;
1154 }
1155 /* There is not enough support do UPD LSO,
1156 * so follow normal path
1157 */
1158 kfree_skb(skb);
1159
1160 return err;
1161 }
1162
1163 static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src,
1164 gfp_t gfp)
1165 {
1166 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1167 }
1168
1169 static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src,
1170 gfp_t gfp)
1171 {
1172 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1173 }
1174
1175 int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
1176 int offset, int len, int odd, struct sk_buff *skb),
1177 void *from, int length, int transhdrlen,
1178 int hlimit, int tclass, struct ipv6_txoptions *opt, struct flowi6 *fl6,
1179 struct rt6_info *rt, unsigned int flags, int dontfrag)
1180 {
1181 struct inet_sock *inet = inet_sk(sk);
1182 struct ipv6_pinfo *np = inet6_sk(sk);
1183 struct inet_cork *cork;
1184 struct sk_buff *skb;
1185 unsigned int maxfraglen, fragheaderlen;
1186 int exthdrlen;
1187 int hh_len;
1188 int mtu;
1189 int copy;
1190 int err;
1191 int offset = 0;
1192 int csummode = CHECKSUM_NONE;
1193 __u8 tx_flags = 0;
1194
1195 if (flags&MSG_PROBE)
1196 return 0;
1197 cork = &inet->cork.base;
1198 if (skb_queue_empty(&sk->sk_write_queue)) {
1199 /*
1200 * setup for corking
1201 */
1202 if (opt) {
1203 if (WARN_ON(np->cork.opt))
1204 return -EINVAL;
1205
1206 np->cork.opt = kmalloc(opt->tot_len, sk->sk_allocation);
1207 if (unlikely(np->cork.opt == NULL))
1208 return -ENOBUFS;
1209
1210 np->cork.opt->tot_len = opt->tot_len;
1211 np->cork.opt->opt_flen = opt->opt_flen;
1212 np->cork.opt->opt_nflen = opt->opt_nflen;
1213
1214 np->cork.opt->dst0opt = ip6_opt_dup(opt->dst0opt,
1215 sk->sk_allocation);
1216 if (opt->dst0opt && !np->cork.opt->dst0opt)
1217 return -ENOBUFS;
1218
1219 np->cork.opt->dst1opt = ip6_opt_dup(opt->dst1opt,
1220 sk->sk_allocation);
1221 if (opt->dst1opt && !np->cork.opt->dst1opt)
1222 return -ENOBUFS;
1223
1224 np->cork.opt->hopopt = ip6_opt_dup(opt->hopopt,
1225 sk->sk_allocation);
1226 if (opt->hopopt && !np->cork.opt->hopopt)
1227 return -ENOBUFS;
1228
1229 np->cork.opt->srcrt = ip6_rthdr_dup(opt->srcrt,
1230 sk->sk_allocation);
1231 if (opt->srcrt && !np->cork.opt->srcrt)
1232 return -ENOBUFS;
1233
1234 /* need source address above miyazawa*/
1235 }
1236 dst_hold(&rt->dst);
1237 cork->dst = &rt->dst;
1238 inet->cork.fl.u.ip6 = *fl6;
1239 np->cork.hop_limit = hlimit;
1240 np->cork.tclass = tclass;
1241 mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ?
1242 rt->dst.dev->mtu : dst_mtu(rt->dst.path);
1243 if (np->frag_size < mtu) {
1244 if (np->frag_size)
1245 mtu = np->frag_size;
1246 }
1247 cork->fragsize = mtu;
1248 if (dst_allfrag(rt->dst.path))
1249 cork->flags |= IPCORK_ALLFRAG;
1250 cork->length = 0;
1251 sk->sk_sndmsg_page = NULL;
1252 sk->sk_sndmsg_off = 0;
1253 exthdrlen = rt->dst.header_len + (opt ? opt->opt_flen : 0) -
1254 rt->rt6i_nfheader_len;
1255 length += exthdrlen;
1256 transhdrlen += exthdrlen;
1257 } else {
1258 rt = (struct rt6_info *)cork->dst;
1259 fl6 = &inet->cork.fl.u.ip6;
1260 opt = np->cork.opt;
1261 transhdrlen = 0;
1262 exthdrlen = 0;
1263 mtu = cork->fragsize;
1264 }
1265
1266 hh_len = LL_RESERVED_SPACE(rt->dst.dev);
1267
1268 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len +
1269 (opt ? opt->opt_nflen : 0);
1270 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr);
1271
1272 if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) {
1273 if (cork->length + length > sizeof(struct ipv6hdr) + IPV6_MAXPLEN - fragheaderlen) {
1274 ipv6_local_error(sk, EMSGSIZE, fl6, mtu-exthdrlen);
1275 return -EMSGSIZE;
1276 }
1277 }
1278
1279 /* For UDP, check if TX timestamp is enabled */
1280 if (sk->sk_type == SOCK_DGRAM) {
1281 err = sock_tx_timestamp(sk, &tx_flags);
1282 if (err)
1283 goto error;
1284 }
1285
1286 /*
1287 * Let's try using as much space as possible.
1288 * Use MTU if total length of the message fits into the MTU.
1289 * Otherwise, we need to reserve fragment header and
1290 * fragment alignment (= 8-15 octects, in total).
1291 *
1292 * Note that we may need to "move" the data from the tail of
1293 * of the buffer to the new fragment when we split
1294 * the message.
1295 *
1296 * FIXME: It may be fragmented into multiple chunks
1297 * at once if non-fragmentable extension headers
1298 * are too large.
1299 * --yoshfuji
1300 */
1301
1302 cork->length += length;
1303 if (length > mtu) {
1304 int proto = sk->sk_protocol;
1305 if (dontfrag && (proto == IPPROTO_UDP || proto == IPPROTO_RAW)){
1306 ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen);
1307 return -EMSGSIZE;
1308 }
1309
1310 if (proto == IPPROTO_UDP &&
1311 (rt->dst.dev->features & NETIF_F_UFO)) {
1312
1313 err = ip6_ufo_append_data(sk, getfrag, from, length,
1314 hh_len, fragheaderlen,
1315 transhdrlen, mtu, flags, rt);
1316 if (err)
1317 goto error;
1318 return 0;
1319 }
1320 }
1321
1322 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL)
1323 goto alloc_new_skb;
1324
1325 while (length > 0) {
1326 /* Check if the remaining data fits into current packet. */
1327 copy = (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len;
1328 if (copy < length)
1329 copy = maxfraglen - skb->len;
1330
1331 if (copy <= 0) {
1332 char *data;
1333 unsigned int datalen;
1334 unsigned int fraglen;
1335 unsigned int fraggap;
1336 unsigned int alloclen;
1337 struct sk_buff *skb_prev;
1338 alloc_new_skb:
1339 skb_prev = skb;
1340
1341 /* There's no room in the current skb */
1342 if (skb_prev)
1343 fraggap = skb_prev->len - maxfraglen;
1344 else
1345 fraggap = 0;
1346
1347 /*
1348 * If remaining data exceeds the mtu,
1349 * we know we need more fragment(s).
1350 */
1351 datalen = length + fraggap;
1352 if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)
1353 datalen = maxfraglen - fragheaderlen;
1354
1355 fraglen = datalen + fragheaderlen;
1356 if ((flags & MSG_MORE) &&
1357 !(rt->dst.dev->features&NETIF_F_SG))
1358 alloclen = mtu;
1359 else
1360 alloclen = datalen + fragheaderlen;
1361
1362 /*
1363 * The last fragment gets additional space at tail.
1364 * Note: we overallocate on fragments with MSG_MODE
1365 * because we have no idea if we're the last one.
1366 */
1367 if (datalen == length + fraggap)
1368 alloclen += rt->dst.trailer_len;
1369
1370 /*
1371 * We just reserve space for fragment header.
1372 * Note: this may be overallocation if the message
1373 * (without MSG_MORE) fits into the MTU.
1374 */
1375 alloclen += sizeof(struct frag_hdr);
1376
1377 if (transhdrlen) {
1378 skb = sock_alloc_send_skb(sk,
1379 alloclen + hh_len,
1380 (flags & MSG_DONTWAIT), &err);
1381 } else {
1382 skb = NULL;
1383 if (atomic_read(&sk->sk_wmem_alloc) <=
1384 2 * sk->sk_sndbuf)
1385 skb = sock_wmalloc(sk,
1386 alloclen + hh_len, 1,
1387 sk->sk_allocation);
1388 if (unlikely(skb == NULL))
1389 err = -ENOBUFS;
1390 else {
1391 /* Only the initial fragment
1392 * is time stamped.
1393 */
1394 tx_flags = 0;
1395 }
1396 }
1397 if (skb == NULL)
1398 goto error;
1399 /*
1400 * Fill in the control structures
1401 */
1402 skb->ip_summed = csummode;
1403 skb->csum = 0;
1404 /* reserve for fragmentation */
1405 skb_reserve(skb, hh_len+sizeof(struct frag_hdr));
1406
1407 if (sk->sk_type == SOCK_DGRAM)
1408 skb_shinfo(skb)->tx_flags = tx_flags;
1409
1410 /*
1411 * Find where to start putting bytes
1412 */
1413 data = skb_put(skb, fraglen);
1414 skb_set_network_header(skb, exthdrlen);
1415 data += fragheaderlen;
1416 skb->transport_header = (skb->network_header +
1417 fragheaderlen);
1418 if (fraggap) {
1419 skb->csum = skb_copy_and_csum_bits(
1420 skb_prev, maxfraglen,
1421 data + transhdrlen, fraggap, 0);
1422 skb_prev->csum = csum_sub(skb_prev->csum,
1423 skb->csum);
1424 data += fraggap;
1425 pskb_trim_unique(skb_prev, maxfraglen);
1426 }
1427 copy = datalen - transhdrlen - fraggap;
1428 if (copy < 0) {
1429 err = -EINVAL;
1430 kfree_skb(skb);
1431 goto error;
1432 } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) {
1433 err = -EFAULT;
1434 kfree_skb(skb);
1435 goto error;
1436 }
1437
1438 offset += copy;
1439 length -= datalen - fraggap;
1440 transhdrlen = 0;
1441 exthdrlen = 0;
1442 csummode = CHECKSUM_NONE;
1443
1444 /*
1445 * Put the packet on the pending queue
1446 */
1447 __skb_queue_tail(&sk->sk_write_queue, skb);
1448 continue;
1449 }
1450
1451 if (copy > length)
1452 copy = length;
1453
1454 if (!(rt->dst.dev->features&NETIF_F_SG)) {
1455 unsigned int off;
1456
1457 off = skb->len;
1458 if (getfrag(from, skb_put(skb, copy),
1459 offset, copy, off, skb) < 0) {
1460 __skb_trim(skb, off);
1461 err = -EFAULT;
1462 goto error;
1463 }
1464 } else {
1465 int i = skb_shinfo(skb)->nr_frags;
1466 skb_frag_t *frag = &skb_shinfo(skb)->frags[i-1];
1467 struct page *page = sk->sk_sndmsg_page;
1468 int off = sk->sk_sndmsg_off;
1469 unsigned int left;
1470
1471 if (page && (left = PAGE_SIZE - off) > 0) {
1472 if (copy >= left)
1473 copy = left;
1474 if (page != frag->page) {
1475 if (i == MAX_SKB_FRAGS) {
1476 err = -EMSGSIZE;
1477 goto error;
1478 }
1479 get_page(page);
1480 skb_fill_page_desc(skb, i, page, sk->sk_sndmsg_off, 0);
1481 frag = &skb_shinfo(skb)->frags[i];
1482 }
1483 } else if(i < MAX_SKB_FRAGS) {
1484 if (copy > PAGE_SIZE)
1485 copy = PAGE_SIZE;
1486 page = alloc_pages(sk->sk_allocation, 0);
1487 if (page == NULL) {
1488 err = -ENOMEM;
1489 goto error;
1490 }
1491 sk->sk_sndmsg_page = page;
1492 sk->sk_sndmsg_off = 0;
1493
1494 skb_fill_page_desc(skb, i, page, 0, 0);
1495 frag = &skb_shinfo(skb)->frags[i];
1496 } else {
1497 err = -EMSGSIZE;
1498 goto error;
1499 }
1500 if (getfrag(from, page_address(frag->page)+frag->page_offset+frag->size, offset, copy, skb->len, skb) < 0) {
1501 err = -EFAULT;
1502 goto error;
1503 }
1504 sk->sk_sndmsg_off += copy;
1505 frag->size += copy;
1506 skb->len += copy;
1507 skb->data_len += copy;
1508 skb->truesize += copy;
1509 atomic_add(copy, &sk->sk_wmem_alloc);
1510 }
1511 offset += copy;
1512 length -= copy;
1513 }
1514 return 0;
1515 error:
1516 cork->length -= length;
1517 IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1518 return err;
1519 }
1520
1521 static void ip6_cork_release(struct inet_sock *inet, struct ipv6_pinfo *np)
1522 {
1523 if (np->cork.opt) {
1524 kfree(np->cork.opt->dst0opt);
1525 kfree(np->cork.opt->dst1opt);
1526 kfree(np->cork.opt->hopopt);
1527 kfree(np->cork.opt->srcrt);
1528 kfree(np->cork.opt);
1529 np->cork.opt = NULL;
1530 }
1531
1532 if (inet->cork.base.dst) {
1533 dst_release(inet->cork.base.dst);
1534 inet->cork.base.dst = NULL;
1535 inet->cork.base.flags &= ~IPCORK_ALLFRAG;
1536 }
1537 memset(&inet->cork.fl, 0, sizeof(inet->cork.fl));
1538 }
1539
1540 int ip6_push_pending_frames(struct sock *sk)
1541 {
1542 struct sk_buff *skb, *tmp_skb;
1543 struct sk_buff **tail_skb;
1544 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf;
1545 struct inet_sock *inet = inet_sk(sk);
1546 struct ipv6_pinfo *np = inet6_sk(sk);
1547 struct net *net = sock_net(sk);
1548 struct ipv6hdr *hdr;
1549 struct ipv6_txoptions *opt = np->cork.opt;
1550 struct rt6_info *rt = (struct rt6_info *)inet->cork.base.dst;
1551 struct flowi6 *fl6 = &inet->cork.fl.u.ip6;
1552 unsigned char proto = fl6->flowi6_proto;
1553 int err = 0;
1554
1555 if ((skb = __skb_dequeue(&sk->sk_write_queue)) == NULL)
1556 goto out;
1557 tail_skb = &(skb_shinfo(skb)->frag_list);
1558
1559 /* move skb->data to ip header from ext header */
1560 if (skb->data < skb_network_header(skb))
1561 __skb_pull(skb, skb_network_offset(skb));
1562 while ((tmp_skb = __skb_dequeue(&sk->sk_write_queue)) != NULL) {
1563 __skb_pull(tmp_skb, skb_network_header_len(skb));
1564 *tail_skb = tmp_skb;
1565 tail_skb = &(tmp_skb->next);
1566 skb->len += tmp_skb->len;
1567 skb->data_len += tmp_skb->len;
1568 skb->truesize += tmp_skb->truesize;
1569 tmp_skb->destructor = NULL;
1570 tmp_skb->sk = NULL;
1571 }
1572
1573 /* Allow local fragmentation. */
1574 if (np->pmtudisc < IPV6_PMTUDISC_DO)
1575 skb->local_df = 1;
1576
1577 ipv6_addr_copy(final_dst, &fl6->daddr);
1578 __skb_pull(skb, skb_network_header_len(skb));
1579 if (opt && opt->opt_flen)
1580 ipv6_push_frag_opts(skb, opt, &proto);
1581 if (opt && opt->opt_nflen)
1582 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst);
1583
1584 skb_push(skb, sizeof(struct ipv6hdr));
1585 skb_reset_network_header(skb);
1586 hdr = ipv6_hdr(skb);
1587
1588 *(__be32*)hdr = fl6->flowlabel |
1589 htonl(0x60000000 | ((int)np->cork.tclass << 20));
1590
1591 hdr->hop_limit = np->cork.hop_limit;
1592 hdr->nexthdr = proto;
1593 ipv6_addr_copy(&hdr->saddr, &fl6->saddr);
1594 ipv6_addr_copy(&hdr->daddr, final_dst);
1595
1596 skb->priority = sk->sk_priority;
1597 skb->mark = sk->sk_mark;
1598
1599 skb_dst_set(skb, dst_clone(&rt->dst));
1600 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
1601 if (proto == IPPROTO_ICMPV6) {
1602 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
1603
1604 ICMP6MSGOUT_INC_STATS_BH(net, idev, icmp6_hdr(skb)->icmp6_type);
1605 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTMSGS);
1606 }
1607
1608 err = ip6_local_out(skb);
1609 if (err) {
1610 if (err > 0)
1611 err = net_xmit_errno(err);
1612 if (err)
1613 goto error;
1614 }
1615
1616 out:
1617 ip6_cork_release(inet, np);
1618 return err;
1619 error:
1620 IP6_INC_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1621 goto out;
1622 }
1623
1624 void ip6_flush_pending_frames(struct sock *sk)
1625 {
1626 struct sk_buff *skb;
1627
1628 while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) {
1629 if (skb_dst(skb))
1630 IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb_dst(skb)),
1631 IPSTATS_MIB_OUTDISCARDS);
1632 kfree_skb(skb);
1633 }
1634
1635 ip6_cork_release(inet_sk(sk), inet6_sk(sk));
1636 }
Linux kernel - Deliverables
This page took 0.072832 seconds and 5 git commands to generate.