1 /* 2 * IPv6 output functions 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on linux/net/ipv4/ip_output.c 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License 12 * as published by the Free Software Foundation; either version 13 * 2 of the License, or (at your option) any later version. 14 * 15 * Changes: 16 * A.N.Kuznetsov : airthmetics in fragmentation. 17 * extension headers are implemented. 18 * route changes now work. 19 * ip6_forward does not confuse sniffers. 20 * etc. 21 * 22 * H. von Brand : Added missing #include <linux/string.h> 23 * Imran Patel : frag id should be in NBO 24 * Kazunori MIYAZAWA @USAGI 25 * : add ip6_append_data and related functions 26 * for datagram xmit 27 */ 28 29 #include <linux/errno.h> 30 #include <linux/kernel.h> 31 #include <linux/string.h> 32 #include <linux/socket.h> 33 #include <linux/net.h> 34 #include <linux/netdevice.h> 35 #include <linux/if_arp.h> 36 #include <linux/in6.h> 37 #include <linux/tcp.h> 38 #include <linux/route.h> 39 #include <linux/module.h> 40 41 #include <linux/netfilter.h> 42 #include <linux/netfilter_ipv6.h> 43 44 #include <net/sock.h> 45 #include <net/snmp.h> 46 47 #include <net/ipv6.h> 48 #include <net/ndisc.h> 49 #include <net/protocol.h> 50 #include <net/ip6_route.h> 51 #include <net/addrconf.h> 52 #include <net/rawv6.h> 53 #include <net/icmp.h> 54 #include <net/xfrm.h> 55 #include <net/checksum.h> 56 #include <linux/mroute6.h> 57 58 static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)); 59 60 static __inline__ void ipv6_select_ident(struct sk_buff *skb, struct frag_hdr *fhdr) 61 { 62 static u32 ipv6_fragmentation_id = 1; 63 static DEFINE_SPINLOCK(ip6_id_lock); 64 65 spin_lock_bh(&ip6_id_lock); 66 fhdr->identification = htonl(ipv6_fragmentation_id); 67 if (++ipv6_fragmentation_id == 0) 68 ipv6_fragmentation_id = 1; 69 spin_unlock_bh(&ip6_id_lock); 70 } 71 72 int __ip6_local_out(struct sk_buff *skb) 73 { 74 int len; 75 76 len = skb->len - sizeof(struct ipv6hdr); 77 if (len > IPV6_MAXPLEN) 78 len = 0; 79 ipv6_hdr(skb)->payload_len = htons(len); 80 81 return nf_hook(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, skb->dst->dev, 82 dst_output); 83 } 84 85 int ip6_local_out(struct sk_buff *skb) 86 { 87 int err; 88 89 err = __ip6_local_out(skb); 90 if (likely(err == 1)) 91 err = dst_output(skb); 92 93 return err; 94 } 95 EXPORT_SYMBOL_GPL(ip6_local_out); 96 97 static int ip6_output_finish(struct sk_buff *skb) 98 { 99 struct dst_entry *dst = skb->dst; 100 101 if (dst->hh) 102 return neigh_hh_output(dst->hh, skb); 103 else if (dst->neighbour) 104 return dst->neighbour->output(skb); 105 106 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES); 107 kfree_skb(skb); 108 return -EINVAL; 109 110 } 111 112 /* dev_loopback_xmit for use with netfilter. */ 113 static int ip6_dev_loopback_xmit(struct sk_buff *newskb) 114 { 115 skb_reset_mac_header(newskb); 116 __skb_pull(newskb, skb_network_offset(newskb)); 117 newskb->pkt_type = PACKET_LOOPBACK; 118 newskb->ip_summed = CHECKSUM_UNNECESSARY; 119 WARN_ON(!newskb->dst); 120 121 netif_rx(newskb); 122 return 0; 123 } 124 125 126 static int ip6_output2(struct sk_buff *skb) 127 { 128 struct dst_entry *dst = skb->dst; 129 struct net_device *dev = dst->dev; 130 131 skb->protocol = htons(ETH_P_IPV6); 132 skb->dev = dev; 133 134 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) { 135 struct ipv6_pinfo* np = skb->sk ? inet6_sk(skb->sk) : NULL; 136 struct inet6_dev *idev = ip6_dst_idev(skb->dst); 137 138 if (!(dev->flags & IFF_LOOPBACK) && (!np || np->mc_loop) && 139 ((mroute6_socket && !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) || 140 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr, 141 &ipv6_hdr(skb)->saddr))) { 142 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); 143 144 /* Do not check for IFF_ALLMULTI; multicast routing 145 is not supported in any case. 146 */ 147 if (newskb) 148 NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, newskb, 149 NULL, newskb->dev, 150 ip6_dev_loopback_xmit); 151 152 if (ipv6_hdr(skb)->hop_limit == 0) { 153 IP6_INC_STATS(idev, IPSTATS_MIB_OUTDISCARDS); 154 kfree_skb(skb); 155 return 0; 156 } 157 } 158 159 IP6_INC_STATS(idev, IPSTATS_MIB_OUTMCASTPKTS); 160 } 161 162 return NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, skb, NULL, skb->dev, 163 ip6_output_finish); 164 } 165 166 static inline int ip6_skb_dst_mtu(struct sk_buff *skb) 167 { 168 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL; 169 170 return (np && np->pmtudisc == IPV6_PMTUDISC_PROBE) ? 171 skb->dst->dev->mtu : dst_mtu(skb->dst); 172 } 173 174 int ip6_output(struct sk_buff *skb) 175 { 176 struct inet6_dev *idev = ip6_dst_idev(skb->dst); 177 if (unlikely(idev->cnf.disable_ipv6)) { 178 IP6_INC_STATS(idev, IPSTATS_MIB_OUTDISCARDS); 179 kfree_skb(skb); 180 return 0; 181 } 182 183 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) || 184 dst_allfrag(skb->dst)) 185 return ip6_fragment(skb, ip6_output2); 186 else 187 return ip6_output2(skb); 188 } 189 190 /* 191 * xmit an sk_buff (used by TCP) 192 */ 193 194 int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl, 195 struct ipv6_txoptions *opt, int ipfragok) 196 { 197 struct ipv6_pinfo *np = inet6_sk(sk); 198 struct in6_addr *first_hop = &fl->fl6_dst; 199 struct dst_entry *dst = skb->dst; 200 struct ipv6hdr *hdr; 201 u8 proto = fl->proto; 202 int seg_len = skb->len; 203 int hlimit, tclass; 204 u32 mtu; 205 206 if (opt) { 207 unsigned int head_room; 208 209 /* First: exthdrs may take lots of space (~8K for now) 210 MAX_HEADER is not enough. 211 */ 212 head_room = opt->opt_nflen + opt->opt_flen; 213 seg_len += head_room; 214 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev); 215 216 if (skb_headroom(skb) < head_room) { 217 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room); 218 if (skb2 == NULL) { 219 IP6_INC_STATS(ip6_dst_idev(skb->dst), 220 IPSTATS_MIB_OUTDISCARDS); 221 kfree_skb(skb); 222 return -ENOBUFS; 223 } 224 kfree_skb(skb); 225 skb = skb2; 226 if (sk) 227 skb_set_owner_w(skb, sk); 228 } 229 if (opt->opt_flen) 230 ipv6_push_frag_opts(skb, opt, &proto); 231 if (opt->opt_nflen) 232 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop); 233 } 234 235 skb_push(skb, sizeof(struct ipv6hdr)); 236 skb_reset_network_header(skb); 237 hdr = ipv6_hdr(skb); 238 239 /* Allow local fragmentation. */ 240 if (ipfragok) 241 skb->local_df = 1; 242 243 /* 244 * Fill in the IPv6 header 245 */ 246 247 hlimit = -1; 248 if (np) 249 hlimit = np->hop_limit; 250 if (hlimit < 0) 251 hlimit = ip6_dst_hoplimit(dst); 252 253 tclass = -1; 254 if (np) 255 tclass = np->tclass; 256 if (tclass < 0) 257 tclass = 0; 258 259 *(__be32 *)hdr = htonl(0x60000000 | (tclass << 20)) | fl->fl6_flowlabel; 260 261 hdr->payload_len = htons(seg_len); 262 hdr->nexthdr = proto; 263 hdr->hop_limit = hlimit; 264 265 ipv6_addr_copy(&hdr->saddr, &fl->fl6_src); 266 ipv6_addr_copy(&hdr->daddr, first_hop); 267 268 skb->priority = sk->sk_priority; 269 skb->mark = sk->sk_mark; 270 271 mtu = dst_mtu(dst); 272 if ((skb->len <= mtu) || skb->local_df || skb_is_gso(skb)) { 273 IP6_INC_STATS(ip6_dst_idev(skb->dst), 274 IPSTATS_MIB_OUTREQUESTS); 275 return NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 276 dst_output); 277 } 278 279 if (net_ratelimit()) 280 printk(KERN_DEBUG "IPv6: sending pkt_too_big to self\n"); 281 skb->dev = dst->dev; 282 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, skb->dev); 283 IP6_INC_STATS(ip6_dst_idev(skb->dst), IPSTATS_MIB_FRAGFAILS); 284 kfree_skb(skb); 285 return -EMSGSIZE; 286 } 287 288 EXPORT_SYMBOL(ip6_xmit); 289 290 /* 291 * To avoid extra problems ND packets are send through this 292 * routine. It's code duplication but I really want to avoid 293 * extra checks since ipv6_build_header is used by TCP (which 294 * is for us performance critical) 295 */ 296 297 int ip6_nd_hdr(struct sock *sk, struct sk_buff *skb, struct net_device *dev, 298 const struct in6_addr *saddr, const struct in6_addr *daddr, 299 int proto, int len) 300 { 301 struct ipv6_pinfo *np = inet6_sk(sk); 302 struct ipv6hdr *hdr; 303 int totlen; 304 305 skb->protocol = htons(ETH_P_IPV6); 306 skb->dev = dev; 307 308 totlen = len + sizeof(struct ipv6hdr); 309 310 skb_reset_network_header(skb); 311 skb_put(skb, sizeof(struct ipv6hdr)); 312 hdr = ipv6_hdr(skb); 313 314 *(__be32*)hdr = htonl(0x60000000); 315 316 hdr->payload_len = htons(len); 317 hdr->nexthdr = proto; 318 hdr->hop_limit = np->hop_limit; 319 320 ipv6_addr_copy(&hdr->saddr, saddr); 321 ipv6_addr_copy(&hdr->daddr, daddr); 322 323 return 0; 324 } 325 326 static int ip6_call_ra_chain(struct sk_buff *skb, int sel) 327 { 328 struct ip6_ra_chain *ra; 329 struct sock *last = NULL; 330 331 read_lock(&ip6_ra_lock); 332 for (ra = ip6_ra_chain; ra; ra = ra->next) { 333 struct sock *sk = ra->sk; 334 if (sk && ra->sel == sel && 335 (!sk->sk_bound_dev_if || 336 sk->sk_bound_dev_if == skb->dev->ifindex)) { 337 if (last) { 338 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC); 339 if (skb2) 340 rawv6_rcv(last, skb2); 341 } 342 last = sk; 343 } 344 } 345 346 if (last) { 347 rawv6_rcv(last, skb); 348 read_unlock(&ip6_ra_lock); 349 return 1; 350 } 351 read_unlock(&ip6_ra_lock); 352 return 0; 353 } 354 355 static int ip6_forward_proxy_check(struct sk_buff *skb) 356 { 357 struct ipv6hdr *hdr = ipv6_hdr(skb); 358 u8 nexthdr = hdr->nexthdr; 359 int offset; 360 361 if (ipv6_ext_hdr(nexthdr)) { 362 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr); 363 if (offset < 0) 364 return 0; 365 } else 366 offset = sizeof(struct ipv6hdr); 367 368 if (nexthdr == IPPROTO_ICMPV6) { 369 struct icmp6hdr *icmp6; 370 371 if (!pskb_may_pull(skb, (skb_network_header(skb) + 372 offset + 1 - skb->data))) 373 return 0; 374 375 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset); 376 377 switch (icmp6->icmp6_type) { 378 case NDISC_ROUTER_SOLICITATION: 379 case NDISC_ROUTER_ADVERTISEMENT: 380 case NDISC_NEIGHBOUR_SOLICITATION: 381 case NDISC_NEIGHBOUR_ADVERTISEMENT: 382 case NDISC_REDIRECT: 383 /* For reaction involving unicast neighbor discovery 384 * message destined to the proxied address, pass it to 385 * input function. 386 */ 387 return 1; 388 default: 389 break; 390 } 391 } 392 393 /* 394 * The proxying router can't forward traffic sent to a link-local 395 * address, so signal the sender and discard the packet. This 396 * behavior is clarified by the MIPv6 specification. 397 */ 398 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) { 399 dst_link_failure(skb); 400 return -1; 401 } 402 403 return 0; 404 } 405 406 static inline int ip6_forward_finish(struct sk_buff *skb) 407 { 408 return dst_output(skb); 409 } 410 411 int ip6_forward(struct sk_buff *skb) 412 { 413 struct dst_entry *dst = skb->dst; 414 struct ipv6hdr *hdr = ipv6_hdr(skb); 415 struct inet6_skb_parm *opt = IP6CB(skb); 416 struct net *net = dev_net(dst->dev); 417 418 if (net->ipv6.devconf_all->forwarding == 0) 419 goto error; 420 421 if (skb_warn_if_lro(skb)) 422 goto drop; 423 424 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) { 425 IP6_INC_STATS(ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS); 426 goto drop; 427 } 428 429 skb_forward_csum(skb); 430 431 /* 432 * We DO NOT make any processing on 433 * RA packets, pushing them to user level AS IS 434 * without ane WARRANTY that application will be able 435 * to interpret them. The reason is that we 436 * cannot make anything clever here. 437 * 438 * We are not end-node, so that if packet contains 439 * AH/ESP, we cannot make anything. 440 * Defragmentation also would be mistake, RA packets 441 * cannot be fragmented, because there is no warranty 442 * that different fragments will go along one path. --ANK 443 */ 444 if (opt->ra) { 445 u8 *ptr = skb_network_header(skb) + opt->ra; 446 if (ip6_call_ra_chain(skb, (ptr[2]<<8) + ptr[3])) 447 return 0; 448 } 449 450 /* 451 * check and decrement ttl 452 */ 453 if (hdr->hop_limit <= 1) { 454 /* Force OUTPUT device used as source address */ 455 skb->dev = dst->dev; 456 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 457 0, skb->dev); 458 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS); 459 460 kfree_skb(skb); 461 return -ETIMEDOUT; 462 } 463 464 /* XXX: idev->cnf.proxy_ndp? */ 465 if (net->ipv6.devconf_all->proxy_ndp && 466 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) { 467 int proxied = ip6_forward_proxy_check(skb); 468 if (proxied > 0) 469 return ip6_input(skb); 470 else if (proxied < 0) { 471 IP6_INC_STATS(ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS); 472 goto drop; 473 } 474 } 475 476 if (!xfrm6_route_forward(skb)) { 477 IP6_INC_STATS(ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS); 478 goto drop; 479 } 480 dst = skb->dst; 481 482 /* IPv6 specs say nothing about it, but it is clear that we cannot 483 send redirects to source routed frames. 484 We don't send redirects to frames decapsulated from IPsec. 485 */ 486 if (skb->dev == dst->dev && dst->neighbour && opt->srcrt == 0 && 487 !skb->sp) { 488 struct in6_addr *target = NULL; 489 struct rt6_info *rt; 490 struct neighbour *n = dst->neighbour; 491 492 /* 493 * incoming and outgoing devices are the same 494 * send a redirect. 495 */ 496 497 rt = (struct rt6_info *) dst; 498 if ((rt->rt6i_flags & RTF_GATEWAY)) 499 target = (struct in6_addr*)&n->primary_key; 500 else 501 target = &hdr->daddr; 502 503 /* Limit redirects both by destination (here) 504 and by source (inside ndisc_send_redirect) 505 */ 506 if (xrlim_allow(dst, 1*HZ)) 507 ndisc_send_redirect(skb, n, target); 508 } else { 509 int addrtype = ipv6_addr_type(&hdr->saddr); 510 511 /* This check is security critical. */ 512 if (addrtype == IPV6_ADDR_ANY || 513 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK)) 514 goto error; 515 if (addrtype & IPV6_ADDR_LINKLOCAL) { 516 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 517 ICMPV6_NOT_NEIGHBOUR, 0, skb->dev); 518 goto error; 519 } 520 } 521 522 if (skb->len > dst_mtu(dst)) { 523 /* Again, force OUTPUT device used as source address */ 524 skb->dev = dst->dev; 525 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, dst_mtu(dst), skb->dev); 526 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_INTOOBIGERRORS); 527 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_FRAGFAILS); 528 kfree_skb(skb); 529 return -EMSGSIZE; 530 } 531 532 if (skb_cow(skb, dst->dev->hard_header_len)) { 533 IP6_INC_STATS(ip6_dst_idev(dst), IPSTATS_MIB_OUTDISCARDS); 534 goto drop; 535 } 536 537 hdr = ipv6_hdr(skb); 538 539 /* Mangling hops number delayed to point after skb COW */ 540 541 hdr->hop_limit--; 542 543 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS); 544 return NF_HOOK(PF_INET6, NF_INET_FORWARD, skb, skb->dev, dst->dev, 545 ip6_forward_finish); 546 547 error: 548 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS); 549 drop: 550 kfree_skb(skb); 551 return -EINVAL; 552 } 553 554 static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from) 555 { 556 to->pkt_type = from->pkt_type; 557 to->priority = from->priority; 558 to->protocol = from->protocol; 559 dst_release(to->dst); 560 to->dst = dst_clone(from->dst); 561 to->dev = from->dev; 562 to->mark = from->mark; 563 564 #ifdef CONFIG_NET_SCHED 565 to->tc_index = from->tc_index; 566 #endif 567 nf_copy(to, from); 568 #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ 569 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) 570 to->nf_trace = from->nf_trace; 571 #endif 572 skb_copy_secmark(to, from); 573 } 574 575 int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr) 576 { 577 u16 offset = sizeof(struct ipv6hdr); 578 struct ipv6_opt_hdr *exthdr = 579 (struct ipv6_opt_hdr *)(ipv6_hdr(skb) + 1); 580 unsigned int packet_len = skb->tail - skb->network_header; 581 int found_rhdr = 0; 582 *nexthdr = &ipv6_hdr(skb)->nexthdr; 583 584 while (offset + 1 <= packet_len) { 585 586 switch (**nexthdr) { 587 588 case NEXTHDR_HOP: 589 break; 590 case NEXTHDR_ROUTING: 591 found_rhdr = 1; 592 break; 593 case NEXTHDR_DEST: 594 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 595 if (ipv6_find_tlv(skb, offset, IPV6_TLV_HAO) >= 0) 596 break; 597 #endif 598 if (found_rhdr) 599 return offset; 600 break; 601 default : 602 return offset; 603 } 604 605 offset += ipv6_optlen(exthdr); 606 *nexthdr = &exthdr->nexthdr; 607 exthdr = (struct ipv6_opt_hdr *)(skb_network_header(skb) + 608 offset); 609 } 610 611 return offset; 612 } 613 614 static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) 615 { 616 struct net_device *dev; 617 struct sk_buff *frag; 618 struct rt6_info *rt = (struct rt6_info*)skb->dst; 619 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL; 620 struct ipv6hdr *tmp_hdr; 621 struct frag_hdr *fh; 622 unsigned int mtu, hlen, left, len; 623 __be32 frag_id = 0; 624 int ptr, offset = 0, err=0; 625 u8 *prevhdr, nexthdr = 0; 626 627 dev = rt->u.dst.dev; 628 hlen = ip6_find_1stfragopt(skb, &prevhdr); 629 nexthdr = *prevhdr; 630 631 mtu = ip6_skb_dst_mtu(skb); 632 633 /* We must not fragment if the socket is set to force MTU discovery 634 * or if the skb it not generated by a local socket. (This last 635 * check should be redundant, but it's free.) 636 */ 637 if (!skb->local_df) { 638 skb->dev = skb->dst->dev; 639 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, skb->dev); 640 IP6_INC_STATS(ip6_dst_idev(skb->dst), IPSTATS_MIB_FRAGFAILS); 641 kfree_skb(skb); 642 return -EMSGSIZE; 643 } 644 645 if (np && np->frag_size < mtu) { 646 if (np->frag_size) 647 mtu = np->frag_size; 648 } 649 mtu -= hlen + sizeof(struct frag_hdr); 650 651 if (skb_shinfo(skb)->frag_list) { 652 int first_len = skb_pagelen(skb); 653 int truesizes = 0; 654 655 if (first_len - hlen > mtu || 656 ((first_len - hlen) & 7) || 657 skb_cloned(skb)) 658 goto slow_path; 659 660 for (frag = skb_shinfo(skb)->frag_list; frag; frag = frag->next) { 661 /* Correct geometry. */ 662 if (frag->len > mtu || 663 ((frag->len & 7) && frag->next) || 664 skb_headroom(frag) < hlen) 665 goto slow_path; 666 667 /* Partially cloned skb? */ 668 if (skb_shared(frag)) 669 goto slow_path; 670 671 BUG_ON(frag->sk); 672 if (skb->sk) { 673 sock_hold(skb->sk); 674 frag->sk = skb->sk; 675 frag->destructor = sock_wfree; 676 truesizes += frag->truesize; 677 } 678 } 679 680 err = 0; 681 offset = 0; 682 frag = skb_shinfo(skb)->frag_list; 683 skb_shinfo(skb)->frag_list = NULL; 684 /* BUILD HEADER */ 685 686 *prevhdr = NEXTHDR_FRAGMENT; 687 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC); 688 if (!tmp_hdr) { 689 IP6_INC_STATS(ip6_dst_idev(skb->dst), IPSTATS_MIB_FRAGFAILS); 690 return -ENOMEM; 691 } 692 693 __skb_pull(skb, hlen); 694 fh = (struct frag_hdr*)__skb_push(skb, sizeof(struct frag_hdr)); 695 __skb_push(skb, hlen); 696 skb_reset_network_header(skb); 697 memcpy(skb_network_header(skb), tmp_hdr, hlen); 698 699 ipv6_select_ident(skb, fh); 700 fh->nexthdr = nexthdr; 701 fh->reserved = 0; 702 fh->frag_off = htons(IP6_MF); 703 frag_id = fh->identification; 704 705 first_len = skb_pagelen(skb); 706 skb->data_len = first_len - skb_headlen(skb); 707 skb->truesize -= truesizes; 708 skb->len = first_len; 709 ipv6_hdr(skb)->payload_len = htons(first_len - 710 sizeof(struct ipv6hdr)); 711 712 dst_hold(&rt->u.dst); 713 714 for (;;) { 715 /* Prepare header of the next frame, 716 * before previous one went down. */ 717 if (frag) { 718 frag->ip_summed = CHECKSUM_NONE; 719 skb_reset_transport_header(frag); 720 fh = (struct frag_hdr*)__skb_push(frag, sizeof(struct frag_hdr)); 721 __skb_push(frag, hlen); 722 skb_reset_network_header(frag); 723 memcpy(skb_network_header(frag), tmp_hdr, 724 hlen); 725 offset += skb->len - hlen - sizeof(struct frag_hdr); 726 fh->nexthdr = nexthdr; 727 fh->reserved = 0; 728 fh->frag_off = htons(offset); 729 if (frag->next != NULL) 730 fh->frag_off |= htons(IP6_MF); 731 fh->identification = frag_id; 732 ipv6_hdr(frag)->payload_len = 733 htons(frag->len - 734 sizeof(struct ipv6hdr)); 735 ip6_copy_metadata(frag, skb); 736 } 737 738 err = output(skb); 739 if(!err) 740 IP6_INC_STATS(ip6_dst_idev(&rt->u.dst), IPSTATS_MIB_FRAGCREATES); 741 742 if (err || !frag) 743 break; 744 745 skb = frag; 746 frag = skb->next; 747 skb->next = NULL; 748 } 749 750 kfree(tmp_hdr); 751 752 if (err == 0) { 753 IP6_INC_STATS(ip6_dst_idev(&rt->u.dst), IPSTATS_MIB_FRAGOKS); 754 dst_release(&rt->u.dst); 755 return 0; 756 } 757 758 while (frag) { 759 skb = frag->next; 760 kfree_skb(frag); 761 frag = skb; 762 } 763 764 IP6_INC_STATS(ip6_dst_idev(&rt->u.dst), IPSTATS_MIB_FRAGFAILS); 765 dst_release(&rt->u.dst); 766 return err; 767 } 768 769 slow_path: 770 left = skb->len - hlen; /* Space per frame */ 771 ptr = hlen; /* Where to start from */ 772 773 /* 774 * Fragment the datagram. 775 */ 776 777 *prevhdr = NEXTHDR_FRAGMENT; 778 779 /* 780 * Keep copying data until we run out. 781 */ 782 while(left > 0) { 783 len = left; 784 /* IF: it doesn't fit, use 'mtu' - the data space left */ 785 if (len > mtu) 786 len = mtu; 787 /* IF: we are not sending upto and including the packet end 788 then align the next start on an eight byte boundary */ 789 if (len < left) { 790 len &= ~7; 791 } 792 /* 793 * Allocate buffer. 794 */ 795 796 if ((frag = alloc_skb(len+hlen+sizeof(struct frag_hdr)+LL_ALLOCATED_SPACE(rt->u.dst.dev), GFP_ATOMIC)) == NULL) { 797 NETDEBUG(KERN_INFO "IPv6: frag: no memory for new fragment!\n"); 798 IP6_INC_STATS(ip6_dst_idev(skb->dst), 799 IPSTATS_MIB_FRAGFAILS); 800 err = -ENOMEM; 801 goto fail; 802 } 803 804 /* 805 * Set up data on packet 806 */ 807 808 ip6_copy_metadata(frag, skb); 809 skb_reserve(frag, LL_RESERVED_SPACE(rt->u.dst.dev)); 810 skb_put(frag, len + hlen + sizeof(struct frag_hdr)); 811 skb_reset_network_header(frag); 812 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen); 813 frag->transport_header = (frag->network_header + hlen + 814 sizeof(struct frag_hdr)); 815 816 /* 817 * Charge the memory for the fragment to any owner 818 * it might possess 819 */ 820 if (skb->sk) 821 skb_set_owner_w(frag, skb->sk); 822 823 /* 824 * Copy the packet header into the new buffer. 825 */ 826 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen); 827 828 /* 829 * Build fragment header. 830 */ 831 fh->nexthdr = nexthdr; 832 fh->reserved = 0; 833 if (!frag_id) { 834 ipv6_select_ident(skb, fh); 835 frag_id = fh->identification; 836 } else 837 fh->identification = frag_id; 838 839 /* 840 * Copy a block of the IP datagram. 841 */ 842 if (skb_copy_bits(skb, ptr, skb_transport_header(frag), len)) 843 BUG(); 844 left -= len; 845 846 fh->frag_off = htons(offset); 847 if (left > 0) 848 fh->frag_off |= htons(IP6_MF); 849 ipv6_hdr(frag)->payload_len = htons(frag->len - 850 sizeof(struct ipv6hdr)); 851 852 ptr += len; 853 offset += len; 854 855 /* 856 * Put this fragment into the sending queue. 857 */ 858 err = output(frag); 859 if (err) 860 goto fail; 861 862 IP6_INC_STATS(ip6_dst_idev(skb->dst), IPSTATS_MIB_FRAGCREATES); 863 } 864 IP6_INC_STATS(ip6_dst_idev(skb->dst), 865 IPSTATS_MIB_FRAGOKS); 866 kfree_skb(skb); 867 return err; 868 869 fail: 870 IP6_INC_STATS(ip6_dst_idev(skb->dst), 871 IPSTATS_MIB_FRAGFAILS); 872 kfree_skb(skb); 873 return err; 874 } 875 876 static inline int ip6_rt_check(struct rt6key *rt_key, 877 struct in6_addr *fl_addr, 878 struct in6_addr *addr_cache) 879 { 880 return ((rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) && 881 (addr_cache == NULL || !ipv6_addr_equal(fl_addr, addr_cache))); 882 } 883 884 static struct dst_entry *ip6_sk_dst_check(struct sock *sk, 885 struct dst_entry *dst, 886 struct flowi *fl) 887 { 888 struct ipv6_pinfo *np = inet6_sk(sk); 889 struct rt6_info *rt = (struct rt6_info *)dst; 890 891 if (!dst) 892 goto out; 893 894 /* Yes, checking route validity in not connected 895 * case is not very simple. Take into account, 896 * that we do not support routing by source, TOS, 897 * and MSG_DONTROUTE --ANK (980726) 898 * 899 * 1. ip6_rt_check(): If route was host route, 900 * check that cached destination is current. 901 * If it is network route, we still may 902 * check its validity using saved pointer 903 * to the last used address: daddr_cache. 904 * We do not want to save whole address now, 905 * (because main consumer of this service 906 * is tcp, which has not this problem), 907 * so that the last trick works only on connected 908 * sockets. 909 * 2. oif also should be the same. 910 */ 911 if (ip6_rt_check(&rt->rt6i_dst, &fl->fl6_dst, np->daddr_cache) || 912 #ifdef CONFIG_IPV6_SUBTREES 913 ip6_rt_check(&rt->rt6i_src, &fl->fl6_src, np->saddr_cache) || 914 #endif 915 (fl->oif && fl->oif != dst->dev->ifindex)) { 916 dst_release(dst); 917 dst = NULL; 918 } 919 920 out: 921 return dst; 922 } 923 924 static int ip6_dst_lookup_tail(struct sock *sk, 925 struct dst_entry **dst, struct flowi *fl) 926 { 927 int err; 928 struct net *net = sock_net(sk); 929 930 if (*dst == NULL) 931 *dst = ip6_route_output(net, sk, fl); 932 933 if ((err = (*dst)->error)) 934 goto out_err_release; 935 936 if (ipv6_addr_any(&fl->fl6_src)) { 937 err = ipv6_dev_get_saddr(net, ip6_dst_idev(*dst)->dev, 938 &fl->fl6_dst, 939 sk ? inet6_sk(sk)->srcprefs : 0, 940 &fl->fl6_src); 941 if (err) 942 goto out_err_release; 943 } 944 945 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD 946 /* 947 * Here if the dst entry we've looked up 948 * has a neighbour entry that is in the INCOMPLETE 949 * state and the src address from the flow is 950 * marked as OPTIMISTIC, we release the found 951 * dst entry and replace it instead with the 952 * dst entry of the nexthop router 953 */ 954 if (!((*dst)->neighbour->nud_state & NUD_VALID)) { 955 struct inet6_ifaddr *ifp; 956 struct flowi fl_gw; 957 int redirect; 958 959 ifp = ipv6_get_ifaddr(net, &fl->fl6_src, 960 (*dst)->dev, 1); 961 962 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC); 963 if (ifp) 964 in6_ifa_put(ifp); 965 966 if (redirect) { 967 /* 968 * We need to get the dst entry for the 969 * default router instead 970 */ 971 dst_release(*dst); 972 memcpy(&fl_gw, fl, sizeof(struct flowi)); 973 memset(&fl_gw.fl6_dst, 0, sizeof(struct in6_addr)); 974 *dst = ip6_route_output(net, sk, &fl_gw); 975 if ((err = (*dst)->error)) 976 goto out_err_release; 977 } 978 } 979 #endif 980 981 return 0; 982 983 out_err_release: 984 if (err == -ENETUNREACH) 985 IP6_INC_STATS_BH(NULL, IPSTATS_MIB_OUTNOROUTES); 986 dst_release(*dst); 987 *dst = NULL; 988 return err; 989 } 990 991 /** 992 * ip6_dst_lookup - perform route lookup on flow 993 * @sk: socket which provides route info 994 * @dst: pointer to dst_entry * for result 995 * @fl: flow to lookup 996 * 997 * This function performs a route lookup on the given flow. 998 * 999 * It returns zero on success, or a standard errno code on error. 1000 */ 1001 int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl) 1002 { 1003 *dst = NULL; 1004 return ip6_dst_lookup_tail(sk, dst, fl); 1005 } 1006 EXPORT_SYMBOL_GPL(ip6_dst_lookup); 1007 1008 /** 1009 * ip6_sk_dst_lookup - perform socket cached route lookup on flow 1010 * @sk: socket which provides the dst cache and route info 1011 * @dst: pointer to dst_entry * for result 1012 * @fl: flow to lookup 1013 * 1014 * This function performs a route lookup on the given flow with the 1015 * possibility of using the cached route in the socket if it is valid. 1016 * It will take the socket dst lock when operating on the dst cache. 1017 * As a result, this function can only be used in process context. 1018 * 1019 * It returns zero on success, or a standard errno code on error. 1020 */ 1021 int ip6_sk_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl) 1022 { 1023 *dst = NULL; 1024 if (sk) { 1025 *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie); 1026 *dst = ip6_sk_dst_check(sk, *dst, fl); 1027 } 1028 1029 return ip6_dst_lookup_tail(sk, dst, fl); 1030 } 1031 EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup); 1032 1033 static inline int ip6_ufo_append_data(struct sock *sk, 1034 int getfrag(void *from, char *to, int offset, int len, 1035 int odd, struct sk_buff *skb), 1036 void *from, int length, int hh_len, int fragheaderlen, 1037 int transhdrlen, int mtu,unsigned int flags) 1038 1039 { 1040 struct sk_buff *skb; 1041 int err; 1042 1043 /* There is support for UDP large send offload by network 1044 * device, so create one single skb packet containing complete 1045 * udp datagram 1046 */ 1047 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) { 1048 skb = sock_alloc_send_skb(sk, 1049 hh_len + fragheaderlen + transhdrlen + 20, 1050 (flags & MSG_DONTWAIT), &err); 1051 if (skb == NULL) 1052 return -ENOMEM; 1053 1054 /* reserve space for Hardware header */ 1055 skb_reserve(skb, hh_len); 1056 1057 /* create space for UDP/IP header */ 1058 skb_put(skb,fragheaderlen + transhdrlen); 1059 1060 /* initialize network header pointer */ 1061 skb_reset_network_header(skb); 1062 1063 /* initialize protocol header pointer */ 1064 skb->transport_header = skb->network_header + fragheaderlen; 1065 1066 skb->ip_summed = CHECKSUM_PARTIAL; 1067 skb->csum = 0; 1068 sk->sk_sndmsg_off = 0; 1069 } 1070 1071 err = skb_append_datato_frags(sk,skb, getfrag, from, 1072 (length - transhdrlen)); 1073 if (!err) { 1074 struct frag_hdr fhdr; 1075 1076 /* specify the length of each IP datagram fragment*/ 1077 skb_shinfo(skb)->gso_size = mtu - fragheaderlen - 1078 sizeof(struct frag_hdr); 1079 skb_shinfo(skb)->gso_type = SKB_GSO_UDP; 1080 ipv6_select_ident(skb, &fhdr); 1081 skb_shinfo(skb)->ip6_frag_id = fhdr.identification; 1082 __skb_queue_tail(&sk->sk_write_queue, skb); 1083 1084 return 0; 1085 } 1086 /* There is not enough support do UPD LSO, 1087 * so follow normal path 1088 */ 1089 kfree_skb(skb); 1090 1091 return err; 1092 } 1093 1094 int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, 1095 int offset, int len, int odd, struct sk_buff *skb), 1096 void *from, int length, int transhdrlen, 1097 int hlimit, int tclass, struct ipv6_txoptions *opt, struct flowi *fl, 1098 struct rt6_info *rt, unsigned int flags) 1099 { 1100 struct inet_sock *inet = inet_sk(sk); 1101 struct ipv6_pinfo *np = inet6_sk(sk); 1102 struct sk_buff *skb; 1103 unsigned int maxfraglen, fragheaderlen; 1104 int exthdrlen; 1105 int hh_len; 1106 int mtu; 1107 int copy; 1108 int err; 1109 int offset = 0; 1110 int csummode = CHECKSUM_NONE; 1111 1112 if (flags&MSG_PROBE) 1113 return 0; 1114 if (skb_queue_empty(&sk->sk_write_queue)) { 1115 /* 1116 * setup for corking 1117 */ 1118 if (opt) { 1119 if (np->cork.opt == NULL) { 1120 np->cork.opt = kmalloc(opt->tot_len, 1121 sk->sk_allocation); 1122 if (unlikely(np->cork.opt == NULL)) 1123 return -ENOBUFS; 1124 } else if (np->cork.opt->tot_len < opt->tot_len) { 1125 printk(KERN_DEBUG "ip6_append_data: invalid option length\n"); 1126 return -EINVAL; 1127 } 1128 memcpy(np->cork.opt, opt, opt->tot_len); 1129 inet->cork.flags |= IPCORK_OPT; 1130 /* need source address above miyazawa*/ 1131 } 1132 dst_hold(&rt->u.dst); 1133 inet->cork.dst = &rt->u.dst; 1134 inet->cork.fl = *fl; 1135 np->cork.hop_limit = hlimit; 1136 np->cork.tclass = tclass; 1137 mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ? 1138 rt->u.dst.dev->mtu : dst_mtu(rt->u.dst.path); 1139 if (np->frag_size < mtu) { 1140 if (np->frag_size) 1141 mtu = np->frag_size; 1142 } 1143 inet->cork.fragsize = mtu; 1144 if (dst_allfrag(rt->u.dst.path)) 1145 inet->cork.flags |= IPCORK_ALLFRAG; 1146 inet->cork.length = 0; 1147 sk->sk_sndmsg_page = NULL; 1148 sk->sk_sndmsg_off = 0; 1149 exthdrlen = rt->u.dst.header_len + (opt ? opt->opt_flen : 0) - 1150 rt->rt6i_nfheader_len; 1151 length += exthdrlen; 1152 transhdrlen += exthdrlen; 1153 } else { 1154 rt = (struct rt6_info *)inet->cork.dst; 1155 fl = &inet->cork.fl; 1156 if (inet->cork.flags & IPCORK_OPT) 1157 opt = np->cork.opt; 1158 transhdrlen = 0; 1159 exthdrlen = 0; 1160 mtu = inet->cork.fragsize; 1161 } 1162 1163 hh_len = LL_RESERVED_SPACE(rt->u.dst.dev); 1164 1165 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len + 1166 (opt ? opt->opt_nflen : 0); 1167 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr); 1168 1169 if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) { 1170 if (inet->cork.length + length > sizeof(struct ipv6hdr) + IPV6_MAXPLEN - fragheaderlen) { 1171 ipv6_local_error(sk, EMSGSIZE, fl, mtu-exthdrlen); 1172 return -EMSGSIZE; 1173 } 1174 } 1175 1176 /* 1177 * Let's try using as much space as possible. 1178 * Use MTU if total length of the message fits into the MTU. 1179 * Otherwise, we need to reserve fragment header and 1180 * fragment alignment (= 8-15 octects, in total). 1181 * 1182 * Note that we may need to "move" the data from the tail of 1183 * of the buffer to the new fragment when we split 1184 * the message. 1185 * 1186 * FIXME: It may be fragmented into multiple chunks 1187 * at once if non-fragmentable extension headers 1188 * are too large. 1189 * --yoshfuji 1190 */ 1191 1192 inet->cork.length += length; 1193 if (((length > mtu) && (sk->sk_protocol == IPPROTO_UDP)) && 1194 (rt->u.dst.dev->features & NETIF_F_UFO)) { 1195 1196 err = ip6_ufo_append_data(sk, getfrag, from, length, hh_len, 1197 fragheaderlen, transhdrlen, mtu, 1198 flags); 1199 if (err) 1200 goto error; 1201 return 0; 1202 } 1203 1204 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) 1205 goto alloc_new_skb; 1206 1207 while (length > 0) { 1208 /* Check if the remaining data fits into current packet. */ 1209 copy = (inet->cork.length <= mtu && !(inet->cork.flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len; 1210 if (copy < length) 1211 copy = maxfraglen - skb->len; 1212 1213 if (copy <= 0) { 1214 char *data; 1215 unsigned int datalen; 1216 unsigned int fraglen; 1217 unsigned int fraggap; 1218 unsigned int alloclen; 1219 struct sk_buff *skb_prev; 1220 alloc_new_skb: 1221 skb_prev = skb; 1222 1223 /* There's no room in the current skb */ 1224 if (skb_prev) 1225 fraggap = skb_prev->len - maxfraglen; 1226 else 1227 fraggap = 0; 1228 1229 /* 1230 * If remaining data exceeds the mtu, 1231 * we know we need more fragment(s). 1232 */ 1233 datalen = length + fraggap; 1234 if (datalen > (inet->cork.length <= mtu && !(inet->cork.flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen) 1235 datalen = maxfraglen - fragheaderlen; 1236 1237 fraglen = datalen + fragheaderlen; 1238 if ((flags & MSG_MORE) && 1239 !(rt->u.dst.dev->features&NETIF_F_SG)) 1240 alloclen = mtu; 1241 else 1242 alloclen = datalen + fragheaderlen; 1243 1244 /* 1245 * The last fragment gets additional space at tail. 1246 * Note: we overallocate on fragments with MSG_MODE 1247 * because we have no idea if we're the last one. 1248 */ 1249 if (datalen == length + fraggap) 1250 alloclen += rt->u.dst.trailer_len; 1251 1252 /* 1253 * We just reserve space for fragment header. 1254 * Note: this may be overallocation if the message 1255 * (without MSG_MORE) fits into the MTU. 1256 */ 1257 alloclen += sizeof(struct frag_hdr); 1258 1259 if (transhdrlen) { 1260 skb = sock_alloc_send_skb(sk, 1261 alloclen + hh_len, 1262 (flags & MSG_DONTWAIT), &err); 1263 } else { 1264 skb = NULL; 1265 if (atomic_read(&sk->sk_wmem_alloc) <= 1266 2 * sk->sk_sndbuf) 1267 skb = sock_wmalloc(sk, 1268 alloclen + hh_len, 1, 1269 sk->sk_allocation); 1270 if (unlikely(skb == NULL)) 1271 err = -ENOBUFS; 1272 } 1273 if (skb == NULL) 1274 goto error; 1275 /* 1276 * Fill in the control structures 1277 */ 1278 skb->ip_summed = csummode; 1279 skb->csum = 0; 1280 /* reserve for fragmentation */ 1281 skb_reserve(skb, hh_len+sizeof(struct frag_hdr)); 1282 1283 /* 1284 * Find where to start putting bytes 1285 */ 1286 data = skb_put(skb, fraglen); 1287 skb_set_network_header(skb, exthdrlen); 1288 data += fragheaderlen; 1289 skb->transport_header = (skb->network_header + 1290 fragheaderlen); 1291 if (fraggap) { 1292 skb->csum = skb_copy_and_csum_bits( 1293 skb_prev, maxfraglen, 1294 data + transhdrlen, fraggap, 0); 1295 skb_prev->csum = csum_sub(skb_prev->csum, 1296 skb->csum); 1297 data += fraggap; 1298 pskb_trim_unique(skb_prev, maxfraglen); 1299 } 1300 copy = datalen - transhdrlen - fraggap; 1301 if (copy < 0) { 1302 err = -EINVAL; 1303 kfree_skb(skb); 1304 goto error; 1305 } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) { 1306 err = -EFAULT; 1307 kfree_skb(skb); 1308 goto error; 1309 } 1310 1311 offset += copy; 1312 length -= datalen - fraggap; 1313 transhdrlen = 0; 1314 exthdrlen = 0; 1315 csummode = CHECKSUM_NONE; 1316 1317 /* 1318 * Put the packet on the pending queue 1319 */ 1320 __skb_queue_tail(&sk->sk_write_queue, skb); 1321 continue; 1322 } 1323 1324 if (copy > length) 1325 copy = length; 1326 1327 if (!(rt->u.dst.dev->features&NETIF_F_SG)) { 1328 unsigned int off; 1329 1330 off = skb->len; 1331 if (getfrag(from, skb_put(skb, copy), 1332 offset, copy, off, skb) < 0) { 1333 __skb_trim(skb, off); 1334 err = -EFAULT; 1335 goto error; 1336 } 1337 } else { 1338 int i = skb_shinfo(skb)->nr_frags; 1339 skb_frag_t *frag = &skb_shinfo(skb)->frags[i-1]; 1340 struct page *page = sk->sk_sndmsg_page; 1341 int off = sk->sk_sndmsg_off; 1342 unsigned int left; 1343 1344 if (page && (left = PAGE_SIZE - off) > 0) { 1345 if (copy >= left) 1346 copy = left; 1347 if (page != frag->page) { 1348 if (i == MAX_SKB_FRAGS) { 1349 err = -EMSGSIZE; 1350 goto error; 1351 } 1352 get_page(page); 1353 skb_fill_page_desc(skb, i, page, sk->sk_sndmsg_off, 0); 1354 frag = &skb_shinfo(skb)->frags[i]; 1355 } 1356 } else if(i < MAX_SKB_FRAGS) { 1357 if (copy > PAGE_SIZE) 1358 copy = PAGE_SIZE; 1359 page = alloc_pages(sk->sk_allocation, 0); 1360 if (page == NULL) { 1361 err = -ENOMEM; 1362 goto error; 1363 } 1364 sk->sk_sndmsg_page = page; 1365 sk->sk_sndmsg_off = 0; 1366 1367 skb_fill_page_desc(skb, i, page, 0, 0); 1368 frag = &skb_shinfo(skb)->frags[i]; 1369 } else { 1370 err = -EMSGSIZE; 1371 goto error; 1372 } 1373 if (getfrag(from, page_address(frag->page)+frag->page_offset+frag->size, offset, copy, skb->len, skb) < 0) { 1374 err = -EFAULT; 1375 goto error; 1376 } 1377 sk->sk_sndmsg_off += copy; 1378 frag->size += copy; 1379 skb->len += copy; 1380 skb->data_len += copy; 1381 skb->truesize += copy; 1382 atomic_add(copy, &sk->sk_wmem_alloc); 1383 } 1384 offset += copy; 1385 length -= copy; 1386 } 1387 return 0; 1388 error: 1389 inet->cork.length -= length; 1390 IP6_INC_STATS(rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS); 1391 return err; 1392 } 1393 1394 static void ip6_cork_release(struct inet_sock *inet, struct ipv6_pinfo *np) 1395 { 1396 inet->cork.flags &= ~IPCORK_OPT; 1397 kfree(np->cork.opt); 1398 np->cork.opt = NULL; 1399 if (inet->cork.dst) { 1400 dst_release(inet->cork.dst); 1401 inet->cork.dst = NULL; 1402 inet->cork.flags &= ~IPCORK_ALLFRAG; 1403 } 1404 memset(&inet->cork.fl, 0, sizeof(inet->cork.fl)); 1405 } 1406 1407 int ip6_push_pending_frames(struct sock *sk) 1408 { 1409 struct sk_buff *skb, *tmp_skb; 1410 struct sk_buff **tail_skb; 1411 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf; 1412 struct inet_sock *inet = inet_sk(sk); 1413 struct ipv6_pinfo *np = inet6_sk(sk); 1414 struct ipv6hdr *hdr; 1415 struct ipv6_txoptions *opt = np->cork.opt; 1416 struct rt6_info *rt = (struct rt6_info *)inet->cork.dst; 1417 struct flowi *fl = &inet->cork.fl; 1418 unsigned char proto = fl->proto; 1419 int err = 0; 1420 1421 if ((skb = __skb_dequeue(&sk->sk_write_queue)) == NULL) 1422 goto out; 1423 tail_skb = &(skb_shinfo(skb)->frag_list); 1424 1425 /* move skb->data to ip header from ext header */ 1426 if (skb->data < skb_network_header(skb)) 1427 __skb_pull(skb, skb_network_offset(skb)); 1428 while ((tmp_skb = __skb_dequeue(&sk->sk_write_queue)) != NULL) { 1429 __skb_pull(tmp_skb, skb_network_header_len(skb)); 1430 *tail_skb = tmp_skb; 1431 tail_skb = &(tmp_skb->next); 1432 skb->len += tmp_skb->len; 1433 skb->data_len += tmp_skb->len; 1434 skb->truesize += tmp_skb->truesize; 1435 __sock_put(tmp_skb->sk); 1436 tmp_skb->destructor = NULL; 1437 tmp_skb->sk = NULL; 1438 } 1439 1440 /* Allow local fragmentation. */ 1441 if (np->pmtudisc < IPV6_PMTUDISC_DO) 1442 skb->local_df = 1; 1443 1444 ipv6_addr_copy(final_dst, &fl->fl6_dst); 1445 __skb_pull(skb, skb_network_header_len(skb)); 1446 if (opt && opt->opt_flen) 1447 ipv6_push_frag_opts(skb, opt, &proto); 1448 if (opt && opt->opt_nflen) 1449 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst); 1450 1451 skb_push(skb, sizeof(struct ipv6hdr)); 1452 skb_reset_network_header(skb); 1453 hdr = ipv6_hdr(skb); 1454 1455 *(__be32*)hdr = fl->fl6_flowlabel | 1456 htonl(0x60000000 | ((int)np->cork.tclass << 20)); 1457 1458 hdr->hop_limit = np->cork.hop_limit; 1459 hdr->nexthdr = proto; 1460 ipv6_addr_copy(&hdr->saddr, &fl->fl6_src); 1461 ipv6_addr_copy(&hdr->daddr, final_dst); 1462 1463 skb->priority = sk->sk_priority; 1464 skb->mark = sk->sk_mark; 1465 1466 skb->dst = dst_clone(&rt->u.dst); 1467 IP6_INC_STATS(rt->rt6i_idev, IPSTATS_MIB_OUTREQUESTS); 1468 if (proto == IPPROTO_ICMPV6) { 1469 struct inet6_dev *idev = ip6_dst_idev(skb->dst); 1470 1471 ICMP6MSGOUT_INC_STATS_BH(idev, icmp6_hdr(skb)->icmp6_type); 1472 ICMP6_INC_STATS_BH(idev, ICMP6_MIB_OUTMSGS); 1473 } 1474 1475 err = ip6_local_out(skb); 1476 if (err) { 1477 if (err > 0) 1478 err = np->recverr ? net_xmit_errno(err) : 0; 1479 if (err) 1480 goto error; 1481 } 1482 1483 out: 1484 ip6_cork_release(inet, np); 1485 return err; 1486 error: 1487 goto out; 1488 } 1489 1490 void ip6_flush_pending_frames(struct sock *sk) 1491 { 1492 struct sk_buff *skb; 1493 1494 while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) { 1495 if (skb->dst) 1496 IP6_INC_STATS(ip6_dst_idev(skb->dst), 1497 IPSTATS_MIB_OUTDISCARDS); 1498 kfree_skb(skb); 1499 } 1500 1501 ip6_cork_release(inet_sk(sk), inet6_sk(sk)); 1502 } 1503