1 /* 2 * IPv6 output functions 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on linux/net/ipv4/ip_output.c 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License 12 * as published by the Free Software Foundation; either version 13 * 2 of the License, or (at your option) any later version. 14 * 15 * Changes: 16 * A.N.Kuznetsov : airthmetics in fragmentation. 17 * extension headers are implemented. 18 * route changes now work. 19 * ip6_forward does not confuse sniffers. 20 * etc. 21 * 22 * H. von Brand : Added missing #include <linux/string.h> 23 * Imran Patel : frag id should be in NBO 24 * Kazunori MIYAZAWA @USAGI 25 * : add ip6_append_data and related functions 26 * for datagram xmit 27 */ 28 29 #include <linux/errno.h> 30 #include <linux/kernel.h> 31 #include <linux/string.h> 32 #include <linux/socket.h> 33 #include <linux/net.h> 34 #include <linux/netdevice.h> 35 #include <linux/if_arp.h> 36 #include <linux/in6.h> 37 #include <linux/tcp.h> 38 #include <linux/route.h> 39 #include <linux/module.h> 40 #include <linux/slab.h> 41 42 #include <linux/netfilter.h> 43 #include <linux/netfilter_ipv6.h> 44 45 #include <net/sock.h> 46 #include <net/snmp.h> 47 48 #include <net/ipv6.h> 49 #include <net/ndisc.h> 50 #include <net/protocol.h> 51 #include <net/ip6_route.h> 52 #include <net/addrconf.h> 53 #include <net/rawv6.h> 54 #include <net/icmp.h> 55 #include <net/xfrm.h> 56 #include <net/checksum.h> 57 #include <linux/mroute6.h> 58 59 int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)); 60 61 int __ip6_local_out(struct sk_buff *skb) 62 { 63 int len; 64 65 len = skb->len - sizeof(struct ipv6hdr); 66 if (len > IPV6_MAXPLEN) 67 len = 0; 68 ipv6_hdr(skb)->payload_len = htons(len); 69 70 return nf_hook(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, 71 skb_dst(skb)->dev, dst_output); 72 } 73 74 int ip6_local_out(struct sk_buff *skb) 75 { 76 int err; 77 78 err = __ip6_local_out(skb); 79 if (likely(err == 1)) 80 err = dst_output(skb); 81 82 return err; 83 } 84 EXPORT_SYMBOL_GPL(ip6_local_out); 85 86 /* dev_loopback_xmit for use with netfilter. */ 87 static int ip6_dev_loopback_xmit(struct sk_buff *newskb) 88 { 89 skb_reset_mac_header(newskb); 90 __skb_pull(newskb, skb_network_offset(newskb)); 91 newskb->pkt_type = PACKET_LOOPBACK; 92 newskb->ip_summed = CHECKSUM_UNNECESSARY; 93 WARN_ON(!skb_dst(newskb)); 94 95 netif_rx_ni(newskb); 96 return 0; 97 } 98 99 static int ip6_finish_output2(struct sk_buff *skb) 100 { 101 struct dst_entry *dst = skb_dst(skb); 102 struct net_device *dev = dst->dev; 103 104 skb->protocol = htons(ETH_P_IPV6); 105 skb->dev = dev; 106 107 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) { 108 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb)); 109 110 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(skb->sk) && 111 ((mroute6_socket(dev_net(dev), skb) && 112 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) || 113 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr, 114 &ipv6_hdr(skb)->saddr))) { 115 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); 116 117 /* Do not check for IFF_ALLMULTI; multicast routing 118 is not supported in any case. 119 */ 120 if (newskb) 121 NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING, 122 newskb, NULL, newskb->dev, 123 ip6_dev_loopback_xmit); 124 125 if (ipv6_hdr(skb)->hop_limit == 0) { 126 IP6_INC_STATS(dev_net(dev), idev, 127 IPSTATS_MIB_OUTDISCARDS); 128 kfree_skb(skb); 129 return 0; 130 } 131 } 132 133 IP6_UPD_PO_STATS(dev_net(dev), idev, IPSTATS_MIB_OUTMCAST, 134 skb->len); 135 } 136 137 if (dst->hh) 138 return neigh_hh_output(dst->hh, skb); 139 else if (dst->neighbour) 140 return dst->neighbour->output(skb); 141 142 IP6_INC_STATS_BH(dev_net(dst->dev), 143 ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES); 144 kfree_skb(skb); 145 return -EINVAL; 146 } 147 148 static int ip6_finish_output(struct sk_buff *skb) 149 { 150 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) || 151 dst_allfrag(skb_dst(skb))) 152 return ip6_fragment(skb, ip6_finish_output2); 153 else 154 return ip6_finish_output2(skb); 155 } 156 157 int ip6_output(struct sk_buff *skb) 158 { 159 struct net_device *dev = skb_dst(skb)->dev; 160 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb)); 161 if (unlikely(idev->cnf.disable_ipv6)) { 162 IP6_INC_STATS(dev_net(dev), idev, 163 IPSTATS_MIB_OUTDISCARDS); 164 kfree_skb(skb); 165 return 0; 166 } 167 168 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, NULL, dev, 169 ip6_finish_output, 170 !(IP6CB(skb)->flags & IP6SKB_REROUTED)); 171 } 172 173 /* 174 * xmit an sk_buff (used by TCP, SCTP and DCCP) 175 */ 176 177 int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6, 178 struct ipv6_txoptions *opt) 179 { 180 struct net *net = sock_net(sk); 181 struct ipv6_pinfo *np = inet6_sk(sk); 182 struct in6_addr *first_hop = &fl6->daddr; 183 struct dst_entry *dst = skb_dst(skb); 184 struct ipv6hdr *hdr; 185 u8 proto = fl6->flowi6_proto; 186 int seg_len = skb->len; 187 int hlimit = -1; 188 int tclass = 0; 189 u32 mtu; 190 191 if (opt) { 192 unsigned int head_room; 193 194 /* First: exthdrs may take lots of space (~8K for now) 195 MAX_HEADER is not enough. 196 */ 197 head_room = opt->opt_nflen + opt->opt_flen; 198 seg_len += head_room; 199 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev); 200 201 if (skb_headroom(skb) < head_room) { 202 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room); 203 if (skb2 == NULL) { 204 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 205 IPSTATS_MIB_OUTDISCARDS); 206 kfree_skb(skb); 207 return -ENOBUFS; 208 } 209 kfree_skb(skb); 210 skb = skb2; 211 skb_set_owner_w(skb, sk); 212 } 213 if (opt->opt_flen) 214 ipv6_push_frag_opts(skb, opt, &proto); 215 if (opt->opt_nflen) 216 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop); 217 } 218 219 skb_push(skb, sizeof(struct ipv6hdr)); 220 skb_reset_network_header(skb); 221 hdr = ipv6_hdr(skb); 222 223 /* 224 * Fill in the IPv6 header 225 */ 226 if (np) { 227 tclass = np->tclass; 228 hlimit = np->hop_limit; 229 } 230 if (hlimit < 0) 231 hlimit = ip6_dst_hoplimit(dst); 232 233 *(__be32 *)hdr = htonl(0x60000000 | (tclass << 20)) | fl6->flowlabel; 234 235 hdr->payload_len = htons(seg_len); 236 hdr->nexthdr = proto; 237 hdr->hop_limit = hlimit; 238 239 ipv6_addr_copy(&hdr->saddr, &fl6->saddr); 240 ipv6_addr_copy(&hdr->daddr, first_hop); 241 242 skb->priority = sk->sk_priority; 243 skb->mark = sk->sk_mark; 244 245 mtu = dst_mtu(dst); 246 if ((skb->len <= mtu) || skb->local_df || skb_is_gso(skb)) { 247 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)), 248 IPSTATS_MIB_OUT, skb->len); 249 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, 250 dst->dev, dst_output); 251 } 252 253 if (net_ratelimit()) 254 printk(KERN_DEBUG "IPv6: sending pkt_too_big to self\n"); 255 skb->dev = dst->dev; 256 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); 257 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS); 258 kfree_skb(skb); 259 return -EMSGSIZE; 260 } 261 262 EXPORT_SYMBOL(ip6_xmit); 263 264 /* 265 * To avoid extra problems ND packets are send through this 266 * routine. It's code duplication but I really want to avoid 267 * extra checks since ipv6_build_header is used by TCP (which 268 * is for us performance critical) 269 */ 270 271 int ip6_nd_hdr(struct sock *sk, struct sk_buff *skb, struct net_device *dev, 272 const struct in6_addr *saddr, const struct in6_addr *daddr, 273 int proto, int len) 274 { 275 struct ipv6_pinfo *np = inet6_sk(sk); 276 struct ipv6hdr *hdr; 277 278 skb->protocol = htons(ETH_P_IPV6); 279 skb->dev = dev; 280 281 skb_reset_network_header(skb); 282 skb_put(skb, sizeof(struct ipv6hdr)); 283 hdr = ipv6_hdr(skb); 284 285 *(__be32*)hdr = htonl(0x60000000); 286 287 hdr->payload_len = htons(len); 288 hdr->nexthdr = proto; 289 hdr->hop_limit = np->hop_limit; 290 291 ipv6_addr_copy(&hdr->saddr, saddr); 292 ipv6_addr_copy(&hdr->daddr, daddr); 293 294 return 0; 295 } 296 297 static int ip6_call_ra_chain(struct sk_buff *skb, int sel) 298 { 299 struct ip6_ra_chain *ra; 300 struct sock *last = NULL; 301 302 read_lock(&ip6_ra_lock); 303 for (ra = ip6_ra_chain; ra; ra = ra->next) { 304 struct sock *sk = ra->sk; 305 if (sk && ra->sel == sel && 306 (!sk->sk_bound_dev_if || 307 sk->sk_bound_dev_if == skb->dev->ifindex)) { 308 if (last) { 309 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC); 310 if (skb2) 311 rawv6_rcv(last, skb2); 312 } 313 last = sk; 314 } 315 } 316 317 if (last) { 318 rawv6_rcv(last, skb); 319 read_unlock(&ip6_ra_lock); 320 return 1; 321 } 322 read_unlock(&ip6_ra_lock); 323 return 0; 324 } 325 326 static int ip6_forward_proxy_check(struct sk_buff *skb) 327 { 328 struct ipv6hdr *hdr = ipv6_hdr(skb); 329 u8 nexthdr = hdr->nexthdr; 330 int offset; 331 332 if (ipv6_ext_hdr(nexthdr)) { 333 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr); 334 if (offset < 0) 335 return 0; 336 } else 337 offset = sizeof(struct ipv6hdr); 338 339 if (nexthdr == IPPROTO_ICMPV6) { 340 struct icmp6hdr *icmp6; 341 342 if (!pskb_may_pull(skb, (skb_network_header(skb) + 343 offset + 1 - skb->data))) 344 return 0; 345 346 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset); 347 348 switch (icmp6->icmp6_type) { 349 case NDISC_ROUTER_SOLICITATION: 350 case NDISC_ROUTER_ADVERTISEMENT: 351 case NDISC_NEIGHBOUR_SOLICITATION: 352 case NDISC_NEIGHBOUR_ADVERTISEMENT: 353 case NDISC_REDIRECT: 354 /* For reaction involving unicast neighbor discovery 355 * message destined to the proxied address, pass it to 356 * input function. 357 */ 358 return 1; 359 default: 360 break; 361 } 362 } 363 364 /* 365 * The proxying router can't forward traffic sent to a link-local 366 * address, so signal the sender and discard the packet. This 367 * behavior is clarified by the MIPv6 specification. 368 */ 369 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) { 370 dst_link_failure(skb); 371 return -1; 372 } 373 374 return 0; 375 } 376 377 static inline int ip6_forward_finish(struct sk_buff *skb) 378 { 379 return dst_output(skb); 380 } 381 382 int ip6_forward(struct sk_buff *skb) 383 { 384 struct dst_entry *dst = skb_dst(skb); 385 struct ipv6hdr *hdr = ipv6_hdr(skb); 386 struct inet6_skb_parm *opt = IP6CB(skb); 387 struct net *net = dev_net(dst->dev); 388 u32 mtu; 389 390 if (net->ipv6.devconf_all->forwarding == 0) 391 goto error; 392 393 if (skb_warn_if_lro(skb)) 394 goto drop; 395 396 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) { 397 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS); 398 goto drop; 399 } 400 401 if (skb->pkt_type != PACKET_HOST) 402 goto drop; 403 404 skb_forward_csum(skb); 405 406 /* 407 * We DO NOT make any processing on 408 * RA packets, pushing them to user level AS IS 409 * without ane WARRANTY that application will be able 410 * to interpret them. The reason is that we 411 * cannot make anything clever here. 412 * 413 * We are not end-node, so that if packet contains 414 * AH/ESP, we cannot make anything. 415 * Defragmentation also would be mistake, RA packets 416 * cannot be fragmented, because there is no warranty 417 * that different fragments will go along one path. --ANK 418 */ 419 if (opt->ra) { 420 u8 *ptr = skb_network_header(skb) + opt->ra; 421 if (ip6_call_ra_chain(skb, (ptr[2]<<8) + ptr[3])) 422 return 0; 423 } 424 425 /* 426 * check and decrement ttl 427 */ 428 if (hdr->hop_limit <= 1) { 429 /* Force OUTPUT device used as source address */ 430 skb->dev = dst->dev; 431 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0); 432 IP6_INC_STATS_BH(net, 433 ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS); 434 435 kfree_skb(skb); 436 return -ETIMEDOUT; 437 } 438 439 /* XXX: idev->cnf.proxy_ndp? */ 440 if (net->ipv6.devconf_all->proxy_ndp && 441 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) { 442 int proxied = ip6_forward_proxy_check(skb); 443 if (proxied > 0) 444 return ip6_input(skb); 445 else if (proxied < 0) { 446 IP6_INC_STATS(net, ip6_dst_idev(dst), 447 IPSTATS_MIB_INDISCARDS); 448 goto drop; 449 } 450 } 451 452 if (!xfrm6_route_forward(skb)) { 453 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS); 454 goto drop; 455 } 456 dst = skb_dst(skb); 457 458 /* IPv6 specs say nothing about it, but it is clear that we cannot 459 send redirects to source routed frames. 460 We don't send redirects to frames decapsulated from IPsec. 461 */ 462 if (skb->dev == dst->dev && dst->neighbour && opt->srcrt == 0 && 463 !skb_sec_path(skb)) { 464 struct in6_addr *target = NULL; 465 struct rt6_info *rt; 466 struct neighbour *n = dst->neighbour; 467 468 /* 469 * incoming and outgoing devices are the same 470 * send a redirect. 471 */ 472 473 rt = (struct rt6_info *) dst; 474 if ((rt->rt6i_flags & RTF_GATEWAY)) 475 target = (struct in6_addr*)&n->primary_key; 476 else 477 target = &hdr->daddr; 478 479 if (!rt->rt6i_peer) 480 rt6_bind_peer(rt, 1); 481 482 /* Limit redirects both by destination (here) 483 and by source (inside ndisc_send_redirect) 484 */ 485 if (inet_peer_xrlim_allow(rt->rt6i_peer, 1*HZ)) 486 ndisc_send_redirect(skb, n, target); 487 } else { 488 int addrtype = ipv6_addr_type(&hdr->saddr); 489 490 /* This check is security critical. */ 491 if (addrtype == IPV6_ADDR_ANY || 492 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK)) 493 goto error; 494 if (addrtype & IPV6_ADDR_LINKLOCAL) { 495 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 496 ICMPV6_NOT_NEIGHBOUR, 0); 497 goto error; 498 } 499 } 500 501 mtu = dst_mtu(dst); 502 if (mtu < IPV6_MIN_MTU) 503 mtu = IPV6_MIN_MTU; 504 505 if (skb->len > mtu && !skb_is_gso(skb)) { 506 /* Again, force OUTPUT device used as source address */ 507 skb->dev = dst->dev; 508 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); 509 IP6_INC_STATS_BH(net, 510 ip6_dst_idev(dst), IPSTATS_MIB_INTOOBIGERRORS); 511 IP6_INC_STATS_BH(net, 512 ip6_dst_idev(dst), IPSTATS_MIB_FRAGFAILS); 513 kfree_skb(skb); 514 return -EMSGSIZE; 515 } 516 517 if (skb_cow(skb, dst->dev->hard_header_len)) { 518 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTDISCARDS); 519 goto drop; 520 } 521 522 hdr = ipv6_hdr(skb); 523 524 /* Mangling hops number delayed to point after skb COW */ 525 526 hdr->hop_limit--; 527 528 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS); 529 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, skb, skb->dev, dst->dev, 530 ip6_forward_finish); 531 532 error: 533 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS); 534 drop: 535 kfree_skb(skb); 536 return -EINVAL; 537 } 538 539 static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from) 540 { 541 to->pkt_type = from->pkt_type; 542 to->priority = from->priority; 543 to->protocol = from->protocol; 544 skb_dst_drop(to); 545 skb_dst_set(to, dst_clone(skb_dst(from))); 546 to->dev = from->dev; 547 to->mark = from->mark; 548 549 #ifdef CONFIG_NET_SCHED 550 to->tc_index = from->tc_index; 551 #endif 552 nf_copy(to, from); 553 #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ 554 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) 555 to->nf_trace = from->nf_trace; 556 #endif 557 skb_copy_secmark(to, from); 558 } 559 560 int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr) 561 { 562 u16 offset = sizeof(struct ipv6hdr); 563 struct ipv6_opt_hdr *exthdr = 564 (struct ipv6_opt_hdr *)(ipv6_hdr(skb) + 1); 565 unsigned int packet_len = skb->tail - skb->network_header; 566 int found_rhdr = 0; 567 *nexthdr = &ipv6_hdr(skb)->nexthdr; 568 569 while (offset + 1 <= packet_len) { 570 571 switch (**nexthdr) { 572 573 case NEXTHDR_HOP: 574 break; 575 case NEXTHDR_ROUTING: 576 found_rhdr = 1; 577 break; 578 case NEXTHDR_DEST: 579 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 580 if (ipv6_find_tlv(skb, offset, IPV6_TLV_HAO) >= 0) 581 break; 582 #endif 583 if (found_rhdr) 584 return offset; 585 break; 586 default : 587 return offset; 588 } 589 590 offset += ipv6_optlen(exthdr); 591 *nexthdr = &exthdr->nexthdr; 592 exthdr = (struct ipv6_opt_hdr *)(skb_network_header(skb) + 593 offset); 594 } 595 596 return offset; 597 } 598 599 int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) 600 { 601 struct sk_buff *frag; 602 struct rt6_info *rt = (struct rt6_info*)skb_dst(skb); 603 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL; 604 struct ipv6hdr *tmp_hdr; 605 struct frag_hdr *fh; 606 unsigned int mtu, hlen, left, len; 607 __be32 frag_id = 0; 608 int ptr, offset = 0, err=0; 609 u8 *prevhdr, nexthdr = 0; 610 struct net *net = dev_net(skb_dst(skb)->dev); 611 612 hlen = ip6_find_1stfragopt(skb, &prevhdr); 613 nexthdr = *prevhdr; 614 615 mtu = ip6_skb_dst_mtu(skb); 616 617 /* We must not fragment if the socket is set to force MTU discovery 618 * or if the skb it not generated by a local socket. 619 */ 620 if (!skb->local_df && skb->len > mtu) { 621 skb->dev = skb_dst(skb)->dev; 622 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); 623 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 624 IPSTATS_MIB_FRAGFAILS); 625 kfree_skb(skb); 626 return -EMSGSIZE; 627 } 628 629 if (np && np->frag_size < mtu) { 630 if (np->frag_size) 631 mtu = np->frag_size; 632 } 633 mtu -= hlen + sizeof(struct frag_hdr); 634 635 if (skb_has_frag_list(skb)) { 636 int first_len = skb_pagelen(skb); 637 struct sk_buff *frag2; 638 639 if (first_len - hlen > mtu || 640 ((first_len - hlen) & 7) || 641 skb_cloned(skb)) 642 goto slow_path; 643 644 skb_walk_frags(skb, frag) { 645 /* Correct geometry. */ 646 if (frag->len > mtu || 647 ((frag->len & 7) && frag->next) || 648 skb_headroom(frag) < hlen) 649 goto slow_path_clean; 650 651 /* Partially cloned skb? */ 652 if (skb_shared(frag)) 653 goto slow_path_clean; 654 655 BUG_ON(frag->sk); 656 if (skb->sk) { 657 frag->sk = skb->sk; 658 frag->destructor = sock_wfree; 659 } 660 skb->truesize -= frag->truesize; 661 } 662 663 err = 0; 664 offset = 0; 665 frag = skb_shinfo(skb)->frag_list; 666 skb_frag_list_init(skb); 667 /* BUILD HEADER */ 668 669 *prevhdr = NEXTHDR_FRAGMENT; 670 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC); 671 if (!tmp_hdr) { 672 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 673 IPSTATS_MIB_FRAGFAILS); 674 return -ENOMEM; 675 } 676 677 __skb_pull(skb, hlen); 678 fh = (struct frag_hdr*)__skb_push(skb, sizeof(struct frag_hdr)); 679 __skb_push(skb, hlen); 680 skb_reset_network_header(skb); 681 memcpy(skb_network_header(skb), tmp_hdr, hlen); 682 683 ipv6_select_ident(fh); 684 fh->nexthdr = nexthdr; 685 fh->reserved = 0; 686 fh->frag_off = htons(IP6_MF); 687 frag_id = fh->identification; 688 689 first_len = skb_pagelen(skb); 690 skb->data_len = first_len - skb_headlen(skb); 691 skb->len = first_len; 692 ipv6_hdr(skb)->payload_len = htons(first_len - 693 sizeof(struct ipv6hdr)); 694 695 dst_hold(&rt->dst); 696 697 for (;;) { 698 /* Prepare header of the next frame, 699 * before previous one went down. */ 700 if (frag) { 701 frag->ip_summed = CHECKSUM_NONE; 702 skb_reset_transport_header(frag); 703 fh = (struct frag_hdr*)__skb_push(frag, sizeof(struct frag_hdr)); 704 __skb_push(frag, hlen); 705 skb_reset_network_header(frag); 706 memcpy(skb_network_header(frag), tmp_hdr, 707 hlen); 708 offset += skb->len - hlen - sizeof(struct frag_hdr); 709 fh->nexthdr = nexthdr; 710 fh->reserved = 0; 711 fh->frag_off = htons(offset); 712 if (frag->next != NULL) 713 fh->frag_off |= htons(IP6_MF); 714 fh->identification = frag_id; 715 ipv6_hdr(frag)->payload_len = 716 htons(frag->len - 717 sizeof(struct ipv6hdr)); 718 ip6_copy_metadata(frag, skb); 719 } 720 721 err = output(skb); 722 if(!err) 723 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst), 724 IPSTATS_MIB_FRAGCREATES); 725 726 if (err || !frag) 727 break; 728 729 skb = frag; 730 frag = skb->next; 731 skb->next = NULL; 732 } 733 734 kfree(tmp_hdr); 735 736 if (err == 0) { 737 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst), 738 IPSTATS_MIB_FRAGOKS); 739 dst_release(&rt->dst); 740 return 0; 741 } 742 743 while (frag) { 744 skb = frag->next; 745 kfree_skb(frag); 746 frag = skb; 747 } 748 749 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst), 750 IPSTATS_MIB_FRAGFAILS); 751 dst_release(&rt->dst); 752 return err; 753 754 slow_path_clean: 755 skb_walk_frags(skb, frag2) { 756 if (frag2 == frag) 757 break; 758 frag2->sk = NULL; 759 frag2->destructor = NULL; 760 skb->truesize += frag2->truesize; 761 } 762 } 763 764 slow_path: 765 left = skb->len - hlen; /* Space per frame */ 766 ptr = hlen; /* Where to start from */ 767 768 /* 769 * Fragment the datagram. 770 */ 771 772 *prevhdr = NEXTHDR_FRAGMENT; 773 774 /* 775 * Keep copying data until we run out. 776 */ 777 while(left > 0) { 778 len = left; 779 /* IF: it doesn't fit, use 'mtu' - the data space left */ 780 if (len > mtu) 781 len = mtu; 782 /* IF: we are not sending up to and including the packet end 783 then align the next start on an eight byte boundary */ 784 if (len < left) { 785 len &= ~7; 786 } 787 /* 788 * Allocate buffer. 789 */ 790 791 if ((frag = alloc_skb(len+hlen+sizeof(struct frag_hdr)+LL_ALLOCATED_SPACE(rt->dst.dev), GFP_ATOMIC)) == NULL) { 792 NETDEBUG(KERN_INFO "IPv6: frag: no memory for new fragment!\n"); 793 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 794 IPSTATS_MIB_FRAGFAILS); 795 err = -ENOMEM; 796 goto fail; 797 } 798 799 /* 800 * Set up data on packet 801 */ 802 803 ip6_copy_metadata(frag, skb); 804 skb_reserve(frag, LL_RESERVED_SPACE(rt->dst.dev)); 805 skb_put(frag, len + hlen + sizeof(struct frag_hdr)); 806 skb_reset_network_header(frag); 807 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen); 808 frag->transport_header = (frag->network_header + hlen + 809 sizeof(struct frag_hdr)); 810 811 /* 812 * Charge the memory for the fragment to any owner 813 * it might possess 814 */ 815 if (skb->sk) 816 skb_set_owner_w(frag, skb->sk); 817 818 /* 819 * Copy the packet header into the new buffer. 820 */ 821 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen); 822 823 /* 824 * Build fragment header. 825 */ 826 fh->nexthdr = nexthdr; 827 fh->reserved = 0; 828 if (!frag_id) { 829 ipv6_select_ident(fh); 830 frag_id = fh->identification; 831 } else 832 fh->identification = frag_id; 833 834 /* 835 * Copy a block of the IP datagram. 836 */ 837 if (skb_copy_bits(skb, ptr, skb_transport_header(frag), len)) 838 BUG(); 839 left -= len; 840 841 fh->frag_off = htons(offset); 842 if (left > 0) 843 fh->frag_off |= htons(IP6_MF); 844 ipv6_hdr(frag)->payload_len = htons(frag->len - 845 sizeof(struct ipv6hdr)); 846 847 ptr += len; 848 offset += len; 849 850 /* 851 * Put this fragment into the sending queue. 852 */ 853 err = output(frag); 854 if (err) 855 goto fail; 856 857 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 858 IPSTATS_MIB_FRAGCREATES); 859 } 860 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 861 IPSTATS_MIB_FRAGOKS); 862 kfree_skb(skb); 863 return err; 864 865 fail: 866 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 867 IPSTATS_MIB_FRAGFAILS); 868 kfree_skb(skb); 869 return err; 870 } 871 872 static inline int ip6_rt_check(const struct rt6key *rt_key, 873 const struct in6_addr *fl_addr, 874 const struct in6_addr *addr_cache) 875 { 876 return (rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) && 877 (addr_cache == NULL || !ipv6_addr_equal(fl_addr, addr_cache)); 878 } 879 880 static struct dst_entry *ip6_sk_dst_check(struct sock *sk, 881 struct dst_entry *dst, 882 const struct flowi6 *fl6) 883 { 884 struct ipv6_pinfo *np = inet6_sk(sk); 885 struct rt6_info *rt = (struct rt6_info *)dst; 886 887 if (!dst) 888 goto out; 889 890 /* Yes, checking route validity in not connected 891 * case is not very simple. Take into account, 892 * that we do not support routing by source, TOS, 893 * and MSG_DONTROUTE --ANK (980726) 894 * 895 * 1. ip6_rt_check(): If route was host route, 896 * check that cached destination is current. 897 * If it is network route, we still may 898 * check its validity using saved pointer 899 * to the last used address: daddr_cache. 900 * We do not want to save whole address now, 901 * (because main consumer of this service 902 * is tcp, which has not this problem), 903 * so that the last trick works only on connected 904 * sockets. 905 * 2. oif also should be the same. 906 */ 907 if (ip6_rt_check(&rt->rt6i_dst, &fl6->daddr, np->daddr_cache) || 908 #ifdef CONFIG_IPV6_SUBTREES 909 ip6_rt_check(&rt->rt6i_src, &fl6->saddr, np->saddr_cache) || 910 #endif 911 (fl6->flowi6_oif && fl6->flowi6_oif != dst->dev->ifindex)) { 912 dst_release(dst); 913 dst = NULL; 914 } 915 916 out: 917 return dst; 918 } 919 920 static int ip6_dst_lookup_tail(struct sock *sk, 921 struct dst_entry **dst, struct flowi6 *fl6) 922 { 923 int err; 924 struct net *net = sock_net(sk); 925 926 if (*dst == NULL) 927 *dst = ip6_route_output(net, sk, fl6); 928 929 if ((err = (*dst)->error)) 930 goto out_err_release; 931 932 if (ipv6_addr_any(&fl6->saddr)) { 933 struct rt6_info *rt = (struct rt6_info *) *dst; 934 err = ip6_route_get_saddr(net, rt, &fl6->daddr, 935 sk ? inet6_sk(sk)->srcprefs : 0, 936 &fl6->saddr); 937 if (err) 938 goto out_err_release; 939 } 940 941 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD 942 /* 943 * Here if the dst entry we've looked up 944 * has a neighbour entry that is in the INCOMPLETE 945 * state and the src address from the flow is 946 * marked as OPTIMISTIC, we release the found 947 * dst entry and replace it instead with the 948 * dst entry of the nexthop router 949 */ 950 if ((*dst)->neighbour && !((*dst)->neighbour->nud_state & NUD_VALID)) { 951 struct inet6_ifaddr *ifp; 952 struct flowi6 fl_gw6; 953 int redirect; 954 955 ifp = ipv6_get_ifaddr(net, &fl6->saddr, 956 (*dst)->dev, 1); 957 958 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC); 959 if (ifp) 960 in6_ifa_put(ifp); 961 962 if (redirect) { 963 /* 964 * We need to get the dst entry for the 965 * default router instead 966 */ 967 dst_release(*dst); 968 memcpy(&fl_gw6, fl6, sizeof(struct flowi6)); 969 memset(&fl_gw6.daddr, 0, sizeof(struct in6_addr)); 970 *dst = ip6_route_output(net, sk, &fl_gw6); 971 if ((err = (*dst)->error)) 972 goto out_err_release; 973 } 974 } 975 #endif 976 977 return 0; 978 979 out_err_release: 980 if (err == -ENETUNREACH) 981 IP6_INC_STATS_BH(net, NULL, IPSTATS_MIB_OUTNOROUTES); 982 dst_release(*dst); 983 *dst = NULL; 984 return err; 985 } 986 987 /** 988 * ip6_dst_lookup - perform route lookup on flow 989 * @sk: socket which provides route info 990 * @dst: pointer to dst_entry * for result 991 * @fl6: flow to lookup 992 * 993 * This function performs a route lookup on the given flow. 994 * 995 * It returns zero on success, or a standard errno code on error. 996 */ 997 int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi6 *fl6) 998 { 999 *dst = NULL; 1000 return ip6_dst_lookup_tail(sk, dst, fl6); 1001 } 1002 EXPORT_SYMBOL_GPL(ip6_dst_lookup); 1003 1004 /** 1005 * ip6_dst_lookup_flow - perform route lookup on flow with ipsec 1006 * @sk: socket which provides route info 1007 * @fl6: flow to lookup 1008 * @final_dst: final destination address for ipsec lookup 1009 * @can_sleep: we are in a sleepable context 1010 * 1011 * This function performs a route lookup on the given flow. 1012 * 1013 * It returns a valid dst pointer on success, or a pointer encoded 1014 * error code. 1015 */ 1016 struct dst_entry *ip6_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6, 1017 const struct in6_addr *final_dst, 1018 bool can_sleep) 1019 { 1020 struct dst_entry *dst = NULL; 1021 int err; 1022 1023 err = ip6_dst_lookup_tail(sk, &dst, fl6); 1024 if (err) 1025 return ERR_PTR(err); 1026 if (final_dst) 1027 ipv6_addr_copy(&fl6->daddr, final_dst); 1028 if (can_sleep) 1029 fl6->flowi6_flags |= FLOWI_FLAG_CAN_SLEEP; 1030 1031 return xfrm_lookup(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0); 1032 } 1033 EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow); 1034 1035 /** 1036 * ip6_sk_dst_lookup_flow - perform socket cached route lookup on flow 1037 * @sk: socket which provides the dst cache and route info 1038 * @fl6: flow to lookup 1039 * @final_dst: final destination address for ipsec lookup 1040 * @can_sleep: we are in a sleepable context 1041 * 1042 * This function performs a route lookup on the given flow with the 1043 * possibility of using the cached route in the socket if it is valid. 1044 * It will take the socket dst lock when operating on the dst cache. 1045 * As a result, this function can only be used in process context. 1046 * 1047 * It returns a valid dst pointer on success, or a pointer encoded 1048 * error code. 1049 */ 1050 struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6, 1051 const struct in6_addr *final_dst, 1052 bool can_sleep) 1053 { 1054 struct dst_entry *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie); 1055 int err; 1056 1057 dst = ip6_sk_dst_check(sk, dst, fl6); 1058 1059 err = ip6_dst_lookup_tail(sk, &dst, fl6); 1060 if (err) 1061 return ERR_PTR(err); 1062 if (final_dst) 1063 ipv6_addr_copy(&fl6->daddr, final_dst); 1064 if (can_sleep) 1065 fl6->flowi6_flags |= FLOWI_FLAG_CAN_SLEEP; 1066 1067 return xfrm_lookup(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0); 1068 } 1069 EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow); 1070 1071 static inline int ip6_ufo_append_data(struct sock *sk, 1072 int getfrag(void *from, char *to, int offset, int len, 1073 int odd, struct sk_buff *skb), 1074 void *from, int length, int hh_len, int fragheaderlen, 1075 int transhdrlen, int mtu,unsigned int flags) 1076 1077 { 1078 struct sk_buff *skb; 1079 int err; 1080 1081 /* There is support for UDP large send offload by network 1082 * device, so create one single skb packet containing complete 1083 * udp datagram 1084 */ 1085 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) { 1086 skb = sock_alloc_send_skb(sk, 1087 hh_len + fragheaderlen + transhdrlen + 20, 1088 (flags & MSG_DONTWAIT), &err); 1089 if (skb == NULL) 1090 return -ENOMEM; 1091 1092 /* reserve space for Hardware header */ 1093 skb_reserve(skb, hh_len); 1094 1095 /* create space for UDP/IP header */ 1096 skb_put(skb,fragheaderlen + transhdrlen); 1097 1098 /* initialize network header pointer */ 1099 skb_reset_network_header(skb); 1100 1101 /* initialize protocol header pointer */ 1102 skb->transport_header = skb->network_header + fragheaderlen; 1103 1104 skb->ip_summed = CHECKSUM_PARTIAL; 1105 skb->csum = 0; 1106 } 1107 1108 err = skb_append_datato_frags(sk,skb, getfrag, from, 1109 (length - transhdrlen)); 1110 if (!err) { 1111 struct frag_hdr fhdr; 1112 1113 /* Specify the length of each IPv6 datagram fragment. 1114 * It has to be a multiple of 8. 1115 */ 1116 skb_shinfo(skb)->gso_size = (mtu - fragheaderlen - 1117 sizeof(struct frag_hdr)) & ~7; 1118 skb_shinfo(skb)->gso_type = SKB_GSO_UDP; 1119 ipv6_select_ident(&fhdr); 1120 skb_shinfo(skb)->ip6_frag_id = fhdr.identification; 1121 __skb_queue_tail(&sk->sk_write_queue, skb); 1122 1123 return 0; 1124 } 1125 /* There is not enough support do UPD LSO, 1126 * so follow normal path 1127 */ 1128 kfree_skb(skb); 1129 1130 return err; 1131 } 1132 1133 static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src, 1134 gfp_t gfp) 1135 { 1136 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL; 1137 } 1138 1139 static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src, 1140 gfp_t gfp) 1141 { 1142 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL; 1143 } 1144 1145 int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, 1146 int offset, int len, int odd, struct sk_buff *skb), 1147 void *from, int length, int transhdrlen, 1148 int hlimit, int tclass, struct ipv6_txoptions *opt, struct flowi6 *fl6, 1149 struct rt6_info *rt, unsigned int flags, int dontfrag) 1150 { 1151 struct inet_sock *inet = inet_sk(sk); 1152 struct ipv6_pinfo *np = inet6_sk(sk); 1153 struct inet_cork *cork; 1154 struct sk_buff *skb; 1155 unsigned int maxfraglen, fragheaderlen; 1156 int exthdrlen; 1157 int hh_len; 1158 int mtu; 1159 int copy; 1160 int err; 1161 int offset = 0; 1162 int csummode = CHECKSUM_NONE; 1163 __u8 tx_flags = 0; 1164 1165 if (flags&MSG_PROBE) 1166 return 0; 1167 cork = &inet->cork.base; 1168 if (skb_queue_empty(&sk->sk_write_queue)) { 1169 /* 1170 * setup for corking 1171 */ 1172 if (opt) { 1173 if (WARN_ON(np->cork.opt)) 1174 return -EINVAL; 1175 1176 np->cork.opt = kmalloc(opt->tot_len, sk->sk_allocation); 1177 if (unlikely(np->cork.opt == NULL)) 1178 return -ENOBUFS; 1179 1180 np->cork.opt->tot_len = opt->tot_len; 1181 np->cork.opt->opt_flen = opt->opt_flen; 1182 np->cork.opt->opt_nflen = opt->opt_nflen; 1183 1184 np->cork.opt->dst0opt = ip6_opt_dup(opt->dst0opt, 1185 sk->sk_allocation); 1186 if (opt->dst0opt && !np->cork.opt->dst0opt) 1187 return -ENOBUFS; 1188 1189 np->cork.opt->dst1opt = ip6_opt_dup(opt->dst1opt, 1190 sk->sk_allocation); 1191 if (opt->dst1opt && !np->cork.opt->dst1opt) 1192 return -ENOBUFS; 1193 1194 np->cork.opt->hopopt = ip6_opt_dup(opt->hopopt, 1195 sk->sk_allocation); 1196 if (opt->hopopt && !np->cork.opt->hopopt) 1197 return -ENOBUFS; 1198 1199 np->cork.opt->srcrt = ip6_rthdr_dup(opt->srcrt, 1200 sk->sk_allocation); 1201 if (opt->srcrt && !np->cork.opt->srcrt) 1202 return -ENOBUFS; 1203 1204 /* need source address above miyazawa*/ 1205 } 1206 dst_hold(&rt->dst); 1207 cork->dst = &rt->dst; 1208 inet->cork.fl.u.ip6 = *fl6; 1209 np->cork.hop_limit = hlimit; 1210 np->cork.tclass = tclass; 1211 mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ? 1212 rt->dst.dev->mtu : dst_mtu(rt->dst.path); 1213 if (np->frag_size < mtu) { 1214 if (np->frag_size) 1215 mtu = np->frag_size; 1216 } 1217 cork->fragsize = mtu; 1218 if (dst_allfrag(rt->dst.path)) 1219 cork->flags |= IPCORK_ALLFRAG; 1220 cork->length = 0; 1221 sk->sk_sndmsg_page = NULL; 1222 sk->sk_sndmsg_off = 0; 1223 exthdrlen = rt->dst.header_len + (opt ? opt->opt_flen : 0) - 1224 rt->rt6i_nfheader_len; 1225 length += exthdrlen; 1226 transhdrlen += exthdrlen; 1227 } else { 1228 rt = (struct rt6_info *)cork->dst; 1229 fl6 = &inet->cork.fl.u.ip6; 1230 opt = np->cork.opt; 1231 transhdrlen = 0; 1232 exthdrlen = 0; 1233 mtu = cork->fragsize; 1234 } 1235 1236 hh_len = LL_RESERVED_SPACE(rt->dst.dev); 1237 1238 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len + 1239 (opt ? opt->opt_nflen : 0); 1240 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr); 1241 1242 if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) { 1243 if (cork->length + length > sizeof(struct ipv6hdr) + IPV6_MAXPLEN - fragheaderlen) { 1244 ipv6_local_error(sk, EMSGSIZE, fl6, mtu-exthdrlen); 1245 return -EMSGSIZE; 1246 } 1247 } 1248 1249 /* For UDP, check if TX timestamp is enabled */ 1250 if (sk->sk_type == SOCK_DGRAM) { 1251 err = sock_tx_timestamp(sk, &tx_flags); 1252 if (err) 1253 goto error; 1254 } 1255 1256 /* 1257 * Let's try using as much space as possible. 1258 * Use MTU if total length of the message fits into the MTU. 1259 * Otherwise, we need to reserve fragment header and 1260 * fragment alignment (= 8-15 octects, in total). 1261 * 1262 * Note that we may need to "move" the data from the tail of 1263 * of the buffer to the new fragment when we split 1264 * the message. 1265 * 1266 * FIXME: It may be fragmented into multiple chunks 1267 * at once if non-fragmentable extension headers 1268 * are too large. 1269 * --yoshfuji 1270 */ 1271 1272 cork->length += length; 1273 if (length > mtu) { 1274 int proto = sk->sk_protocol; 1275 if (dontfrag && (proto == IPPROTO_UDP || proto == IPPROTO_RAW)){ 1276 ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen); 1277 return -EMSGSIZE; 1278 } 1279 1280 if (proto == IPPROTO_UDP && 1281 (rt->dst.dev->features & NETIF_F_UFO)) { 1282 1283 err = ip6_ufo_append_data(sk, getfrag, from, length, 1284 hh_len, fragheaderlen, 1285 transhdrlen, mtu, flags); 1286 if (err) 1287 goto error; 1288 return 0; 1289 } 1290 } 1291 1292 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) 1293 goto alloc_new_skb; 1294 1295 while (length > 0) { 1296 /* Check if the remaining data fits into current packet. */ 1297 copy = (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len; 1298 if (copy < length) 1299 copy = maxfraglen - skb->len; 1300 1301 if (copy <= 0) { 1302 char *data; 1303 unsigned int datalen; 1304 unsigned int fraglen; 1305 unsigned int fraggap; 1306 unsigned int alloclen; 1307 struct sk_buff *skb_prev; 1308 alloc_new_skb: 1309 skb_prev = skb; 1310 1311 /* There's no room in the current skb */ 1312 if (skb_prev) 1313 fraggap = skb_prev->len - maxfraglen; 1314 else 1315 fraggap = 0; 1316 1317 /* 1318 * If remaining data exceeds the mtu, 1319 * we know we need more fragment(s). 1320 */ 1321 datalen = length + fraggap; 1322 if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen) 1323 datalen = maxfraglen - fragheaderlen; 1324 1325 fraglen = datalen + fragheaderlen; 1326 if ((flags & MSG_MORE) && 1327 !(rt->dst.dev->features&NETIF_F_SG)) 1328 alloclen = mtu; 1329 else 1330 alloclen = datalen + fragheaderlen; 1331 1332 /* 1333 * The last fragment gets additional space at tail. 1334 * Note: we overallocate on fragments with MSG_MODE 1335 * because we have no idea if we're the last one. 1336 */ 1337 if (datalen == length + fraggap) 1338 alloclen += rt->dst.trailer_len; 1339 1340 /* 1341 * We just reserve space for fragment header. 1342 * Note: this may be overallocation if the message 1343 * (without MSG_MORE) fits into the MTU. 1344 */ 1345 alloclen += sizeof(struct frag_hdr); 1346 1347 if (transhdrlen) { 1348 skb = sock_alloc_send_skb(sk, 1349 alloclen + hh_len, 1350 (flags & MSG_DONTWAIT), &err); 1351 } else { 1352 skb = NULL; 1353 if (atomic_read(&sk->sk_wmem_alloc) <= 1354 2 * sk->sk_sndbuf) 1355 skb = sock_wmalloc(sk, 1356 alloclen + hh_len, 1, 1357 sk->sk_allocation); 1358 if (unlikely(skb == NULL)) 1359 err = -ENOBUFS; 1360 else { 1361 /* Only the initial fragment 1362 * is time stamped. 1363 */ 1364 tx_flags = 0; 1365 } 1366 } 1367 if (skb == NULL) 1368 goto error; 1369 /* 1370 * Fill in the control structures 1371 */ 1372 skb->ip_summed = csummode; 1373 skb->csum = 0; 1374 /* reserve for fragmentation */ 1375 skb_reserve(skb, hh_len+sizeof(struct frag_hdr)); 1376 1377 if (sk->sk_type == SOCK_DGRAM) 1378 skb_shinfo(skb)->tx_flags = tx_flags; 1379 1380 /* 1381 * Find where to start putting bytes 1382 */ 1383 data = skb_put(skb, fraglen); 1384 skb_set_network_header(skb, exthdrlen); 1385 data += fragheaderlen; 1386 skb->transport_header = (skb->network_header + 1387 fragheaderlen); 1388 if (fraggap) { 1389 skb->csum = skb_copy_and_csum_bits( 1390 skb_prev, maxfraglen, 1391 data + transhdrlen, fraggap, 0); 1392 skb_prev->csum = csum_sub(skb_prev->csum, 1393 skb->csum); 1394 data += fraggap; 1395 pskb_trim_unique(skb_prev, maxfraglen); 1396 } 1397 copy = datalen - transhdrlen - fraggap; 1398 if (copy < 0) { 1399 err = -EINVAL; 1400 kfree_skb(skb); 1401 goto error; 1402 } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) { 1403 err = -EFAULT; 1404 kfree_skb(skb); 1405 goto error; 1406 } 1407 1408 offset += copy; 1409 length -= datalen - fraggap; 1410 transhdrlen = 0; 1411 exthdrlen = 0; 1412 csummode = CHECKSUM_NONE; 1413 1414 /* 1415 * Put the packet on the pending queue 1416 */ 1417 __skb_queue_tail(&sk->sk_write_queue, skb); 1418 continue; 1419 } 1420 1421 if (copy > length) 1422 copy = length; 1423 1424 if (!(rt->dst.dev->features&NETIF_F_SG)) { 1425 unsigned int off; 1426 1427 off = skb->len; 1428 if (getfrag(from, skb_put(skb, copy), 1429 offset, copy, off, skb) < 0) { 1430 __skb_trim(skb, off); 1431 err = -EFAULT; 1432 goto error; 1433 } 1434 } else { 1435 int i = skb_shinfo(skb)->nr_frags; 1436 skb_frag_t *frag = &skb_shinfo(skb)->frags[i-1]; 1437 struct page *page = sk->sk_sndmsg_page; 1438 int off = sk->sk_sndmsg_off; 1439 unsigned int left; 1440 1441 if (page && (left = PAGE_SIZE - off) > 0) { 1442 if (copy >= left) 1443 copy = left; 1444 if (page != frag->page) { 1445 if (i == MAX_SKB_FRAGS) { 1446 err = -EMSGSIZE; 1447 goto error; 1448 } 1449 get_page(page); 1450 skb_fill_page_desc(skb, i, page, sk->sk_sndmsg_off, 0); 1451 frag = &skb_shinfo(skb)->frags[i]; 1452 } 1453 } else if(i < MAX_SKB_FRAGS) { 1454 if (copy > PAGE_SIZE) 1455 copy = PAGE_SIZE; 1456 page = alloc_pages(sk->sk_allocation, 0); 1457 if (page == NULL) { 1458 err = -ENOMEM; 1459 goto error; 1460 } 1461 sk->sk_sndmsg_page = page; 1462 sk->sk_sndmsg_off = 0; 1463 1464 skb_fill_page_desc(skb, i, page, 0, 0); 1465 frag = &skb_shinfo(skb)->frags[i]; 1466 } else { 1467 err = -EMSGSIZE; 1468 goto error; 1469 } 1470 if (getfrag(from, page_address(frag->page)+frag->page_offset+frag->size, offset, copy, skb->len, skb) < 0) { 1471 err = -EFAULT; 1472 goto error; 1473 } 1474 sk->sk_sndmsg_off += copy; 1475 frag->size += copy; 1476 skb->len += copy; 1477 skb->data_len += copy; 1478 skb->truesize += copy; 1479 atomic_add(copy, &sk->sk_wmem_alloc); 1480 } 1481 offset += copy; 1482 length -= copy; 1483 } 1484 return 0; 1485 error: 1486 cork->length -= length; 1487 IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS); 1488 return err; 1489 } 1490 1491 static void ip6_cork_release(struct inet_sock *inet, struct ipv6_pinfo *np) 1492 { 1493 if (np->cork.opt) { 1494 kfree(np->cork.opt->dst0opt); 1495 kfree(np->cork.opt->dst1opt); 1496 kfree(np->cork.opt->hopopt); 1497 kfree(np->cork.opt->srcrt); 1498 kfree(np->cork.opt); 1499 np->cork.opt = NULL; 1500 } 1501 1502 if (inet->cork.base.dst) { 1503 dst_release(inet->cork.base.dst); 1504 inet->cork.base.dst = NULL; 1505 inet->cork.base.flags &= ~IPCORK_ALLFRAG; 1506 } 1507 memset(&inet->cork.fl, 0, sizeof(inet->cork.fl)); 1508 } 1509 1510 int ip6_push_pending_frames(struct sock *sk) 1511 { 1512 struct sk_buff *skb, *tmp_skb; 1513 struct sk_buff **tail_skb; 1514 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf; 1515 struct inet_sock *inet = inet_sk(sk); 1516 struct ipv6_pinfo *np = inet6_sk(sk); 1517 struct net *net = sock_net(sk); 1518 struct ipv6hdr *hdr; 1519 struct ipv6_txoptions *opt = np->cork.opt; 1520 struct rt6_info *rt = (struct rt6_info *)inet->cork.base.dst; 1521 struct flowi6 *fl6 = &inet->cork.fl.u.ip6; 1522 unsigned char proto = fl6->flowi6_proto; 1523 int err = 0; 1524 1525 if ((skb = __skb_dequeue(&sk->sk_write_queue)) == NULL) 1526 goto out; 1527 tail_skb = &(skb_shinfo(skb)->frag_list); 1528 1529 /* move skb->data to ip header from ext header */ 1530 if (skb->data < skb_network_header(skb)) 1531 __skb_pull(skb, skb_network_offset(skb)); 1532 while ((tmp_skb = __skb_dequeue(&sk->sk_write_queue)) != NULL) { 1533 __skb_pull(tmp_skb, skb_network_header_len(skb)); 1534 *tail_skb = tmp_skb; 1535 tail_skb = &(tmp_skb->next); 1536 skb->len += tmp_skb->len; 1537 skb->data_len += tmp_skb->len; 1538 skb->truesize += tmp_skb->truesize; 1539 tmp_skb->destructor = NULL; 1540 tmp_skb->sk = NULL; 1541 } 1542 1543 /* Allow local fragmentation. */ 1544 if (np->pmtudisc < IPV6_PMTUDISC_DO) 1545 skb->local_df = 1; 1546 1547 ipv6_addr_copy(final_dst, &fl6->daddr); 1548 __skb_pull(skb, skb_network_header_len(skb)); 1549 if (opt && opt->opt_flen) 1550 ipv6_push_frag_opts(skb, opt, &proto); 1551 if (opt && opt->opt_nflen) 1552 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst); 1553 1554 skb_push(skb, sizeof(struct ipv6hdr)); 1555 skb_reset_network_header(skb); 1556 hdr = ipv6_hdr(skb); 1557 1558 *(__be32*)hdr = fl6->flowlabel | 1559 htonl(0x60000000 | ((int)np->cork.tclass << 20)); 1560 1561 hdr->hop_limit = np->cork.hop_limit; 1562 hdr->nexthdr = proto; 1563 ipv6_addr_copy(&hdr->saddr, &fl6->saddr); 1564 ipv6_addr_copy(&hdr->daddr, final_dst); 1565 1566 skb->priority = sk->sk_priority; 1567 skb->mark = sk->sk_mark; 1568 1569 skb_dst_set(skb, dst_clone(&rt->dst)); 1570 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len); 1571 if (proto == IPPROTO_ICMPV6) { 1572 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb)); 1573 1574 ICMP6MSGOUT_INC_STATS_BH(net, idev, icmp6_hdr(skb)->icmp6_type); 1575 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTMSGS); 1576 } 1577 1578 err = ip6_local_out(skb); 1579 if (err) { 1580 if (err > 0) 1581 err = net_xmit_errno(err); 1582 if (err) 1583 goto error; 1584 } 1585 1586 out: 1587 ip6_cork_release(inet, np); 1588 return err; 1589 error: 1590 IP6_INC_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS); 1591 goto out; 1592 } 1593 1594 void ip6_flush_pending_frames(struct sock *sk) 1595 { 1596 struct sk_buff *skb; 1597 1598 while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) { 1599 if (skb_dst(skb)) 1600 IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb_dst(skb)), 1601 IPSTATS_MIB_OUTDISCARDS); 1602 kfree_skb(skb); 1603 } 1604 1605 ip6_cork_release(inet_sk(sk), inet6_sk(sk)); 1606 } 1607