1 /* 2 * INET An implementation of the TCP/IP protocol suite for the LINUX 3 * operating system. INET is implemented using the BSD Socket 4 * interface as the means of communication with the user level. 5 * 6 * The IP fragmentation functionality. 7 * 8 * Version: $Id: ip_fragment.c,v 1.59 2002/01/12 07:54:56 davem Exp $ 9 * 10 * Authors: Fred N. van Kempen <waltje@uWalt.NL.Mugnet.ORG> 11 * Alan Cox <Alan.Cox@linux.org> 12 * 13 * Fixes: 14 * Alan Cox : Split from ip.c , see ip_input.c for history. 15 * David S. Miller : Begin massive cleanup... 16 * Andi Kleen : Add sysctls. 17 * xxxx : Overlapfrag bug. 18 * Ultima : ip_expire() kernel panic. 19 * Bill Hawes : Frag accounting and evictor fixes. 20 * John McDonald : 0 length frag bug. 21 * Alexey Kuznetsov: SMP races, threading, cleanup. 22 * Patrick McHardy : LRU queue of frag heads for evictor. 23 */ 24 25 #include <linux/compiler.h> 26 #include <linux/config.h> 27 #include <linux/module.h> 28 #include <linux/types.h> 29 #include <linux/mm.h> 30 #include <linux/jiffies.h> 31 #include <linux/skbuff.h> 32 #include <linux/list.h> 33 #include <linux/ip.h> 34 #include <linux/icmp.h> 35 #include <linux/netdevice.h> 36 #include <linux/jhash.h> 37 #include <linux/random.h> 38 #include <net/sock.h> 39 #include <net/ip.h> 40 #include <net/icmp.h> 41 #include <net/checksum.h> 42 #include <net/inetpeer.h> 43 #include <linux/tcp.h> 44 #include <linux/udp.h> 45 #include <linux/inet.h> 46 #include <linux/netfilter_ipv4.h> 47 48 /* NOTE. Logic of IP defragmentation is parallel to corresponding IPv6 49 * code now. If you change something here, _PLEASE_ update ipv6/reassembly.c 50 * as well. Or notify me, at least. --ANK 51 */ 52 53 /* Fragment cache limits. We will commit 256K at one time. Should we 54 * cross that limit we will prune down to 192K. This should cope with 55 * even the most extreme cases without allowing an attacker to measurably 56 * harm machine performance. 57 */ 58 int sysctl_ipfrag_high_thresh = 256*1024; 59 int sysctl_ipfrag_low_thresh = 192*1024; 60 61 int sysctl_ipfrag_max_dist = 64; 62 63 /* Important NOTE! Fragment queue must be destroyed before MSL expires. 64 * RFC791 is wrong proposing to prolongate timer each fragment arrival by TTL. 65 */ 66 int sysctl_ipfrag_time = IP_FRAG_TIME; 67 68 struct ipfrag_skb_cb 69 { 70 struct inet_skb_parm h; 71 int offset; 72 }; 73 74 #define FRAG_CB(skb) ((struct ipfrag_skb_cb*)((skb)->cb)) 75 76 /* Describe an entry in the "incomplete datagrams" queue. */ 77 struct ipq { 78 struct hlist_node list; 79 struct list_head lru_list; /* lru list member */ 80 u32 user; 81 u32 saddr; 82 u32 daddr; 83 u16 id; 84 u8 protocol; 85 u8 last_in; 86 #define COMPLETE 4 87 #define FIRST_IN 2 88 #define LAST_IN 1 89 90 struct sk_buff *fragments; /* linked list of received fragments */ 91 int len; /* total length of original datagram */ 92 int meat; 93 spinlock_t lock; 94 atomic_t refcnt; 95 struct timer_list timer; /* when will this queue expire? */ 96 struct timeval stamp; 97 int iif; 98 unsigned int rid; 99 struct inet_peer *peer; 100 }; 101 102 /* Hash table. */ 103 104 #define IPQ_HASHSZ 64 105 106 /* Per-bucket lock is easy to add now. */ 107 static struct hlist_head ipq_hash[IPQ_HASHSZ]; 108 static DEFINE_RWLOCK(ipfrag_lock); 109 static u32 ipfrag_hash_rnd; 110 static LIST_HEAD(ipq_lru_list); 111 int ip_frag_nqueues = 0; 112 113 static __inline__ void __ipq_unlink(struct ipq *qp) 114 { 115 hlist_del(&qp->list); 116 list_del(&qp->lru_list); 117 ip_frag_nqueues--; 118 } 119 120 static __inline__ void ipq_unlink(struct ipq *ipq) 121 { 122 write_lock(&ipfrag_lock); 123 __ipq_unlink(ipq); 124 write_unlock(&ipfrag_lock); 125 } 126 127 static unsigned int ipqhashfn(u16 id, u32 saddr, u32 daddr, u8 prot) 128 { 129 return jhash_3words((u32)id << 16 | prot, saddr, daddr, 130 ipfrag_hash_rnd) & (IPQ_HASHSZ - 1); 131 } 132 133 static struct timer_list ipfrag_secret_timer; 134 int sysctl_ipfrag_secret_interval = 10 * 60 * HZ; 135 136 static void ipfrag_secret_rebuild(unsigned long dummy) 137 { 138 unsigned long now = jiffies; 139 int i; 140 141 write_lock(&ipfrag_lock); 142 get_random_bytes(&ipfrag_hash_rnd, sizeof(u32)); 143 for (i = 0; i < IPQ_HASHSZ; i++) { 144 struct ipq *q; 145 struct hlist_node *p, *n; 146 147 hlist_for_each_entry_safe(q, p, n, &ipq_hash[i], list) { 148 unsigned int hval = ipqhashfn(q->id, q->saddr, 149 q->daddr, q->protocol); 150 151 if (hval != i) { 152 hlist_del(&q->list); 153 154 /* Relink to new hash chain. */ 155 hlist_add_head(&q->list, &ipq_hash[hval]); 156 } 157 } 158 } 159 write_unlock(&ipfrag_lock); 160 161 mod_timer(&ipfrag_secret_timer, now + sysctl_ipfrag_secret_interval); 162 } 163 164 atomic_t ip_frag_mem = ATOMIC_INIT(0); /* Memory used for fragments */ 165 166 /* Memory Tracking Functions. */ 167 static __inline__ void frag_kfree_skb(struct sk_buff *skb, int *work) 168 { 169 if (work) 170 *work -= skb->truesize; 171 atomic_sub(skb->truesize, &ip_frag_mem); 172 kfree_skb(skb); 173 } 174 175 static __inline__ void frag_free_queue(struct ipq *qp, int *work) 176 { 177 if (work) 178 *work -= sizeof(struct ipq); 179 atomic_sub(sizeof(struct ipq), &ip_frag_mem); 180 kfree(qp); 181 } 182 183 static __inline__ struct ipq *frag_alloc_queue(void) 184 { 185 struct ipq *qp = kmalloc(sizeof(struct ipq), GFP_ATOMIC); 186 187 if(!qp) 188 return NULL; 189 atomic_add(sizeof(struct ipq), &ip_frag_mem); 190 return qp; 191 } 192 193 194 /* Destruction primitives. */ 195 196 /* Complete destruction of ipq. */ 197 static void ip_frag_destroy(struct ipq *qp, int *work) 198 { 199 struct sk_buff *fp; 200 201 BUG_TRAP(qp->last_in&COMPLETE); 202 BUG_TRAP(del_timer(&qp->timer) == 0); 203 204 if (qp->peer) 205 inet_putpeer(qp->peer); 206 207 /* Release all fragment data. */ 208 fp = qp->fragments; 209 while (fp) { 210 struct sk_buff *xp = fp->next; 211 212 frag_kfree_skb(fp, work); 213 fp = xp; 214 } 215 216 /* Finally, release the queue descriptor itself. */ 217 frag_free_queue(qp, work); 218 } 219 220 static __inline__ void ipq_put(struct ipq *ipq, int *work) 221 { 222 if (atomic_dec_and_test(&ipq->refcnt)) 223 ip_frag_destroy(ipq, work); 224 } 225 226 /* Kill ipq entry. It is not destroyed immediately, 227 * because caller (and someone more) holds reference count. 228 */ 229 static void ipq_kill(struct ipq *ipq) 230 { 231 if (del_timer(&ipq->timer)) 232 atomic_dec(&ipq->refcnt); 233 234 if (!(ipq->last_in & COMPLETE)) { 235 ipq_unlink(ipq); 236 atomic_dec(&ipq->refcnt); 237 ipq->last_in |= COMPLETE; 238 } 239 } 240 241 /* Memory limiting on fragments. Evictor trashes the oldest 242 * fragment queue until we are back under the threshold. 243 */ 244 static void ip_evictor(void) 245 { 246 struct ipq *qp; 247 struct list_head *tmp; 248 int work; 249 250 work = atomic_read(&ip_frag_mem) - sysctl_ipfrag_low_thresh; 251 if (work <= 0) 252 return; 253 254 while (work > 0) { 255 read_lock(&ipfrag_lock); 256 if (list_empty(&ipq_lru_list)) { 257 read_unlock(&ipfrag_lock); 258 return; 259 } 260 tmp = ipq_lru_list.next; 261 qp = list_entry(tmp, struct ipq, lru_list); 262 atomic_inc(&qp->refcnt); 263 read_unlock(&ipfrag_lock); 264 265 spin_lock(&qp->lock); 266 if (!(qp->last_in&COMPLETE)) 267 ipq_kill(qp); 268 spin_unlock(&qp->lock); 269 270 ipq_put(qp, &work); 271 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); 272 } 273 } 274 275 /* 276 * Oops, a fragment queue timed out. Kill it and send an ICMP reply. 277 */ 278 static void ip_expire(unsigned long arg) 279 { 280 struct ipq *qp = (struct ipq *) arg; 281 282 spin_lock(&qp->lock); 283 284 if (qp->last_in & COMPLETE) 285 goto out; 286 287 ipq_kill(qp); 288 289 IP_INC_STATS_BH(IPSTATS_MIB_REASMTIMEOUT); 290 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); 291 292 if ((qp->last_in&FIRST_IN) && qp->fragments != NULL) { 293 struct sk_buff *head = qp->fragments; 294 /* Send an ICMP "Fragment Reassembly Timeout" message. */ 295 if ((head->dev = dev_get_by_index(qp->iif)) != NULL) { 296 icmp_send(head, ICMP_TIME_EXCEEDED, ICMP_EXC_FRAGTIME, 0); 297 dev_put(head->dev); 298 } 299 } 300 out: 301 spin_unlock(&qp->lock); 302 ipq_put(qp, NULL); 303 } 304 305 /* Creation primitives. */ 306 307 static struct ipq *ip_frag_intern(unsigned int hash, struct ipq *qp_in) 308 { 309 struct ipq *qp; 310 #ifdef CONFIG_SMP 311 struct hlist_node *n; 312 #endif 313 write_lock(&ipfrag_lock); 314 #ifdef CONFIG_SMP 315 /* With SMP race we have to recheck hash table, because 316 * such entry could be created on other cpu, while we 317 * promoted read lock to write lock. 318 */ 319 hlist_for_each_entry(qp, n, &ipq_hash[hash], list) { 320 if(qp->id == qp_in->id && 321 qp->saddr == qp_in->saddr && 322 qp->daddr == qp_in->daddr && 323 qp->protocol == qp_in->protocol && 324 qp->user == qp_in->user) { 325 atomic_inc(&qp->refcnt); 326 write_unlock(&ipfrag_lock); 327 qp_in->last_in |= COMPLETE; 328 ipq_put(qp_in, NULL); 329 return qp; 330 } 331 } 332 #endif 333 qp = qp_in; 334 335 if (!mod_timer(&qp->timer, jiffies + sysctl_ipfrag_time)) 336 atomic_inc(&qp->refcnt); 337 338 atomic_inc(&qp->refcnt); 339 hlist_add_head(&qp->list, &ipq_hash[hash]); 340 INIT_LIST_HEAD(&qp->lru_list); 341 list_add_tail(&qp->lru_list, &ipq_lru_list); 342 ip_frag_nqueues++; 343 write_unlock(&ipfrag_lock); 344 return qp; 345 } 346 347 /* Add an entry to the 'ipq' queue for a newly received IP datagram. */ 348 static struct ipq *ip_frag_create(unsigned hash, struct iphdr *iph, u32 user) 349 { 350 struct ipq *qp; 351 352 if ((qp = frag_alloc_queue()) == NULL) 353 goto out_nomem; 354 355 qp->protocol = iph->protocol; 356 qp->last_in = 0; 357 qp->id = iph->id; 358 qp->saddr = iph->saddr; 359 qp->daddr = iph->daddr; 360 qp->user = user; 361 qp->len = 0; 362 qp->meat = 0; 363 qp->fragments = NULL; 364 qp->iif = 0; 365 qp->peer = sysctl_ipfrag_max_dist ? inet_getpeer(iph->saddr, 1) : NULL; 366 367 /* Initialize a timer for this entry. */ 368 init_timer(&qp->timer); 369 qp->timer.data = (unsigned long) qp; /* pointer to queue */ 370 qp->timer.function = ip_expire; /* expire function */ 371 spin_lock_init(&qp->lock); 372 atomic_set(&qp->refcnt, 1); 373 374 return ip_frag_intern(hash, qp); 375 376 out_nomem: 377 LIMIT_NETDEBUG(KERN_ERR "ip_frag_create: no memory left !\n"); 378 return NULL; 379 } 380 381 /* Find the correct entry in the "incomplete datagrams" queue for 382 * this IP datagram, and create new one, if nothing is found. 383 */ 384 static inline struct ipq *ip_find(struct iphdr *iph, u32 user) 385 { 386 __be16 id = iph->id; 387 __u32 saddr = iph->saddr; 388 __u32 daddr = iph->daddr; 389 __u8 protocol = iph->protocol; 390 unsigned int hash = ipqhashfn(id, saddr, daddr, protocol); 391 struct ipq *qp; 392 struct hlist_node *n; 393 394 read_lock(&ipfrag_lock); 395 hlist_for_each_entry(qp, n, &ipq_hash[hash], list) { 396 if(qp->id == id && 397 qp->saddr == saddr && 398 qp->daddr == daddr && 399 qp->protocol == protocol && 400 qp->user == user) { 401 atomic_inc(&qp->refcnt); 402 read_unlock(&ipfrag_lock); 403 return qp; 404 } 405 } 406 read_unlock(&ipfrag_lock); 407 408 return ip_frag_create(hash, iph, user); 409 } 410 411 /* Is the fragment too far ahead to be part of ipq? */ 412 static inline int ip_frag_too_far(struct ipq *qp) 413 { 414 struct inet_peer *peer = qp->peer; 415 unsigned int max = sysctl_ipfrag_max_dist; 416 unsigned int start, end; 417 418 int rc; 419 420 if (!peer || !max) 421 return 0; 422 423 start = qp->rid; 424 end = atomic_inc_return(&peer->rid); 425 qp->rid = end; 426 427 rc = qp->fragments && (end - start) > max; 428 429 if (rc) { 430 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); 431 } 432 433 return rc; 434 } 435 436 static int ip_frag_reinit(struct ipq *qp) 437 { 438 struct sk_buff *fp; 439 440 if (!mod_timer(&qp->timer, jiffies + sysctl_ipfrag_time)) { 441 atomic_inc(&qp->refcnt); 442 return -ETIMEDOUT; 443 } 444 445 fp = qp->fragments; 446 do { 447 struct sk_buff *xp = fp->next; 448 frag_kfree_skb(fp, NULL); 449 fp = xp; 450 } while (fp); 451 452 qp->last_in = 0; 453 qp->len = 0; 454 qp->meat = 0; 455 qp->fragments = NULL; 456 qp->iif = 0; 457 458 return 0; 459 } 460 461 /* Add new segment to existing queue. */ 462 static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb) 463 { 464 struct sk_buff *prev, *next; 465 int flags, offset; 466 int ihl, end; 467 468 if (qp->last_in & COMPLETE) 469 goto err; 470 471 if (!(IPCB(skb)->flags & IPSKB_FRAG_COMPLETE) && 472 unlikely(ip_frag_too_far(qp)) && unlikely(ip_frag_reinit(qp))) { 473 ipq_kill(qp); 474 goto err; 475 } 476 477 offset = ntohs(skb->nh.iph->frag_off); 478 flags = offset & ~IP_OFFSET; 479 offset &= IP_OFFSET; 480 offset <<= 3; /* offset is in 8-byte chunks */ 481 ihl = skb->nh.iph->ihl * 4; 482 483 /* Determine the position of this fragment. */ 484 end = offset + skb->len - ihl; 485 486 /* Is this the final fragment? */ 487 if ((flags & IP_MF) == 0) { 488 /* If we already have some bits beyond end 489 * or have different end, the segment is corrrupted. 490 */ 491 if (end < qp->len || 492 ((qp->last_in & LAST_IN) && end != qp->len)) 493 goto err; 494 qp->last_in |= LAST_IN; 495 qp->len = end; 496 } else { 497 if (end&7) { 498 end &= ~7; 499 if (skb->ip_summed != CHECKSUM_UNNECESSARY) 500 skb->ip_summed = CHECKSUM_NONE; 501 } 502 if (end > qp->len) { 503 /* Some bits beyond end -> corruption. */ 504 if (qp->last_in & LAST_IN) 505 goto err; 506 qp->len = end; 507 } 508 } 509 if (end == offset) 510 goto err; 511 512 if (pskb_pull(skb, ihl) == NULL) 513 goto err; 514 if (pskb_trim_rcsum(skb, end-offset)) 515 goto err; 516 517 /* Find out which fragments are in front and at the back of us 518 * in the chain of fragments so far. We must know where to put 519 * this fragment, right? 520 */ 521 prev = NULL; 522 for(next = qp->fragments; next != NULL; next = next->next) { 523 if (FRAG_CB(next)->offset >= offset) 524 break; /* bingo! */ 525 prev = next; 526 } 527 528 /* We found where to put this one. Check for overlap with 529 * preceding fragment, and, if needed, align things so that 530 * any overlaps are eliminated. 531 */ 532 if (prev) { 533 int i = (FRAG_CB(prev)->offset + prev->len) - offset; 534 535 if (i > 0) { 536 offset += i; 537 if (end <= offset) 538 goto err; 539 if (!pskb_pull(skb, i)) 540 goto err; 541 if (skb->ip_summed != CHECKSUM_UNNECESSARY) 542 skb->ip_summed = CHECKSUM_NONE; 543 } 544 } 545 546 while (next && FRAG_CB(next)->offset < end) { 547 int i = end - FRAG_CB(next)->offset; /* overlap is 'i' bytes */ 548 549 if (i < next->len) { 550 /* Eat head of the next overlapped fragment 551 * and leave the loop. The next ones cannot overlap. 552 */ 553 if (!pskb_pull(next, i)) 554 goto err; 555 FRAG_CB(next)->offset += i; 556 qp->meat -= i; 557 if (next->ip_summed != CHECKSUM_UNNECESSARY) 558 next->ip_summed = CHECKSUM_NONE; 559 break; 560 } else { 561 struct sk_buff *free_it = next; 562 563 /* Old fragmnet is completely overridden with 564 * new one drop it. 565 */ 566 next = next->next; 567 568 if (prev) 569 prev->next = next; 570 else 571 qp->fragments = next; 572 573 qp->meat -= free_it->len; 574 frag_kfree_skb(free_it, NULL); 575 } 576 } 577 578 FRAG_CB(skb)->offset = offset; 579 580 /* Insert this fragment in the chain of fragments. */ 581 skb->next = next; 582 if (prev) 583 prev->next = skb; 584 else 585 qp->fragments = skb; 586 587 if (skb->dev) 588 qp->iif = skb->dev->ifindex; 589 skb->dev = NULL; 590 skb_get_timestamp(skb, &qp->stamp); 591 qp->meat += skb->len; 592 atomic_add(skb->truesize, &ip_frag_mem); 593 if (offset == 0) 594 qp->last_in |= FIRST_IN; 595 596 write_lock(&ipfrag_lock); 597 list_move_tail(&qp->lru_list, &ipq_lru_list); 598 write_unlock(&ipfrag_lock); 599 600 return; 601 602 err: 603 kfree_skb(skb); 604 } 605 606 607 /* Build a new IP datagram from all its fragments. */ 608 609 static struct sk_buff *ip_frag_reasm(struct ipq *qp, struct net_device *dev) 610 { 611 struct iphdr *iph; 612 struct sk_buff *fp, *head = qp->fragments; 613 int len; 614 int ihlen; 615 616 ipq_kill(qp); 617 618 BUG_TRAP(head != NULL); 619 BUG_TRAP(FRAG_CB(head)->offset == 0); 620 621 /* Allocate a new buffer for the datagram. */ 622 ihlen = head->nh.iph->ihl*4; 623 len = ihlen + qp->len; 624 625 if(len > 65535) 626 goto out_oversize; 627 628 /* Head of list must not be cloned. */ 629 if (skb_cloned(head) && pskb_expand_head(head, 0, 0, GFP_ATOMIC)) 630 goto out_nomem; 631 632 /* If the first fragment is fragmented itself, we split 633 * it to two chunks: the first with data and paged part 634 * and the second, holding only fragments. */ 635 if (skb_shinfo(head)->frag_list) { 636 struct sk_buff *clone; 637 int i, plen = 0; 638 639 if ((clone = alloc_skb(0, GFP_ATOMIC)) == NULL) 640 goto out_nomem; 641 clone->next = head->next; 642 head->next = clone; 643 skb_shinfo(clone)->frag_list = skb_shinfo(head)->frag_list; 644 skb_shinfo(head)->frag_list = NULL; 645 for (i=0; i<skb_shinfo(head)->nr_frags; i++) 646 plen += skb_shinfo(head)->frags[i].size; 647 clone->len = clone->data_len = head->data_len - plen; 648 head->data_len -= clone->len; 649 head->len -= clone->len; 650 clone->csum = 0; 651 clone->ip_summed = head->ip_summed; 652 atomic_add(clone->truesize, &ip_frag_mem); 653 } 654 655 skb_shinfo(head)->frag_list = head->next; 656 skb_push(head, head->data - head->nh.raw); 657 atomic_sub(head->truesize, &ip_frag_mem); 658 659 for (fp=head->next; fp; fp = fp->next) { 660 head->data_len += fp->len; 661 head->len += fp->len; 662 if (head->ip_summed != fp->ip_summed) 663 head->ip_summed = CHECKSUM_NONE; 664 else if (head->ip_summed == CHECKSUM_HW) 665 head->csum = csum_add(head->csum, fp->csum); 666 head->truesize += fp->truesize; 667 atomic_sub(fp->truesize, &ip_frag_mem); 668 } 669 670 head->next = NULL; 671 head->dev = dev; 672 skb_set_timestamp(head, &qp->stamp); 673 674 iph = head->nh.iph; 675 iph->frag_off = 0; 676 iph->tot_len = htons(len); 677 IP_INC_STATS_BH(IPSTATS_MIB_REASMOKS); 678 qp->fragments = NULL; 679 return head; 680 681 out_nomem: 682 LIMIT_NETDEBUG(KERN_ERR "IP: queue_glue: no memory for gluing " 683 "queue %p\n", qp); 684 goto out_fail; 685 out_oversize: 686 if (net_ratelimit()) 687 printk(KERN_INFO 688 "Oversized IP packet from %d.%d.%d.%d.\n", 689 NIPQUAD(qp->saddr)); 690 out_fail: 691 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); 692 return NULL; 693 } 694 695 /* Process an incoming IP datagram fragment. */ 696 struct sk_buff *ip_defrag(struct sk_buff *skb, u32 user) 697 { 698 struct iphdr *iph = skb->nh.iph; 699 struct ipq *qp; 700 struct net_device *dev; 701 702 IP_INC_STATS_BH(IPSTATS_MIB_REASMREQDS); 703 704 /* Start by cleaning up the memory. */ 705 if (atomic_read(&ip_frag_mem) > sysctl_ipfrag_high_thresh) 706 ip_evictor(); 707 708 dev = skb->dev; 709 710 /* Lookup (or create) queue header */ 711 if ((qp = ip_find(iph, user)) != NULL) { 712 struct sk_buff *ret = NULL; 713 714 spin_lock(&qp->lock); 715 716 ip_frag_queue(qp, skb); 717 718 if (qp->last_in == (FIRST_IN|LAST_IN) && 719 qp->meat == qp->len) 720 ret = ip_frag_reasm(qp, dev); 721 722 spin_unlock(&qp->lock); 723 ipq_put(qp, NULL); 724 return ret; 725 } 726 727 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); 728 kfree_skb(skb); 729 return NULL; 730 } 731 732 void ipfrag_init(void) 733 { 734 ipfrag_hash_rnd = (u32) ((num_physpages ^ (num_physpages>>7)) ^ 735 (jiffies ^ (jiffies >> 6))); 736 737 init_timer(&ipfrag_secret_timer); 738 ipfrag_secret_timer.function = ipfrag_secret_rebuild; 739 ipfrag_secret_timer.expires = jiffies + sysctl_ipfrag_secret_interval; 740 add_timer(&ipfrag_secret_timer); 741 } 742 743 EXPORT_SYMBOL(ip_defrag); 744