1 /* 2 * IPv6 output functions 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on linux/net/ipv4/ip_output.c 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License 12 * as published by the Free Software Foundation; either version 13 * 2 of the License, or (at your option) any later version. 14 * 15 * Changes: 16 * A.N.Kuznetsov : airthmetics in fragmentation. 17 * extension headers are implemented. 18 * route changes now work. 19 * ip6_forward does not confuse sniffers. 20 * etc. 21 * 22 * H. von Brand : Added missing #include <linux/string.h> 23 * Imran Patel : frag id should be in NBO 24 * Kazunori MIYAZAWA @USAGI 25 * : add ip6_append_data and related functions 26 * for datagram xmit 27 */ 28 29 #include <linux/errno.h> 30 #include <linux/kernel.h> 31 #include <linux/string.h> 32 #include <linux/socket.h> 33 #include <linux/net.h> 34 #include <linux/netdevice.h> 35 #include <linux/if_arp.h> 36 #include <linux/in6.h> 37 #include <linux/tcp.h> 38 #include <linux/route.h> 39 #include <linux/module.h> 40 #include <linux/slab.h> 41 42 #include <linux/netfilter.h> 43 #include <linux/netfilter_ipv6.h> 44 45 #include <net/sock.h> 46 #include <net/snmp.h> 47 48 #include <net/ipv6.h> 49 #include <net/ndisc.h> 50 #include <net/protocol.h> 51 #include <net/ip6_route.h> 52 #include <net/addrconf.h> 53 #include <net/rawv6.h> 54 #include <net/icmp.h> 55 #include <net/xfrm.h> 56 #include <net/checksum.h> 57 #include <linux/mroute6.h> 58 59 int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)); 60 61 int __ip6_local_out(struct sk_buff *skb) 62 { 63 int len; 64 65 len = skb->len - sizeof(struct ipv6hdr); 66 if (len > IPV6_MAXPLEN) 67 len = 0; 68 ipv6_hdr(skb)->payload_len = htons(len); 69 70 return nf_hook(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, 71 skb_dst(skb)->dev, dst_output); 72 } 73 74 int ip6_local_out(struct sk_buff *skb) 75 { 76 int err; 77 78 err = __ip6_local_out(skb); 79 if (likely(err == 1)) 80 err = dst_output(skb); 81 82 return err; 83 } 84 EXPORT_SYMBOL_GPL(ip6_local_out); 85 86 /* dev_loopback_xmit for use with netfilter. */ 87 static int ip6_dev_loopback_xmit(struct sk_buff *newskb) 88 { 89 skb_reset_mac_header(newskb); 90 __skb_pull(newskb, skb_network_offset(newskb)); 91 newskb->pkt_type = PACKET_LOOPBACK; 92 newskb->ip_summed = CHECKSUM_UNNECESSARY; 93 WARN_ON(!skb_dst(newskb)); 94 95 netif_rx_ni(newskb); 96 return 0; 97 } 98 99 static int ip6_finish_output2(struct sk_buff *skb) 100 { 101 struct dst_entry *dst = skb_dst(skb); 102 struct net_device *dev = dst->dev; 103 struct neighbour *neigh; 104 105 skb->protocol = htons(ETH_P_IPV6); 106 skb->dev = dev; 107 108 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) { 109 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb)); 110 111 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(skb->sk) && 112 ((mroute6_socket(dev_net(dev), skb) && 113 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) || 114 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr, 115 &ipv6_hdr(skb)->saddr))) { 116 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); 117 118 /* Do not check for IFF_ALLMULTI; multicast routing 119 is not supported in any case. 120 */ 121 if (newskb) 122 NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING, 123 newskb, NULL, newskb->dev, 124 ip6_dev_loopback_xmit); 125 126 if (ipv6_hdr(skb)->hop_limit == 0) { 127 IP6_INC_STATS(dev_net(dev), idev, 128 IPSTATS_MIB_OUTDISCARDS); 129 kfree_skb(skb); 130 return 0; 131 } 132 } 133 134 IP6_UPD_PO_STATS(dev_net(dev), idev, IPSTATS_MIB_OUTMCAST, 135 skb->len); 136 } 137 138 rcu_read_lock(); 139 neigh = dst_get_neighbour(dst); 140 if (neigh) { 141 int res = neigh_output(neigh, skb); 142 143 rcu_read_unlock(); 144 return res; 145 } 146 rcu_read_unlock(); 147 IP6_INC_STATS_BH(dev_net(dst->dev), 148 ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES); 149 kfree_skb(skb); 150 return -EINVAL; 151 } 152 153 static int ip6_finish_output(struct sk_buff *skb) 154 { 155 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) || 156 dst_allfrag(skb_dst(skb))) 157 return ip6_fragment(skb, ip6_finish_output2); 158 else 159 return ip6_finish_output2(skb); 160 } 161 162 int ip6_output(struct sk_buff *skb) 163 { 164 struct net_device *dev = skb_dst(skb)->dev; 165 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb)); 166 if (unlikely(idev->cnf.disable_ipv6)) { 167 IP6_INC_STATS(dev_net(dev), idev, 168 IPSTATS_MIB_OUTDISCARDS); 169 kfree_skb(skb); 170 return 0; 171 } 172 173 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, NULL, dev, 174 ip6_finish_output, 175 !(IP6CB(skb)->flags & IP6SKB_REROUTED)); 176 } 177 178 /* 179 * xmit an sk_buff (used by TCP, SCTP and DCCP) 180 */ 181 182 int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6, 183 struct ipv6_txoptions *opt) 184 { 185 struct net *net = sock_net(sk); 186 struct ipv6_pinfo *np = inet6_sk(sk); 187 struct in6_addr *first_hop = &fl6->daddr; 188 struct dst_entry *dst = skb_dst(skb); 189 struct ipv6hdr *hdr; 190 u8 proto = fl6->flowi6_proto; 191 int seg_len = skb->len; 192 int hlimit = -1; 193 int tclass = 0; 194 u32 mtu; 195 196 if (opt) { 197 unsigned int head_room; 198 199 /* First: exthdrs may take lots of space (~8K for now) 200 MAX_HEADER is not enough. 201 */ 202 head_room = opt->opt_nflen + opt->opt_flen; 203 seg_len += head_room; 204 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev); 205 206 if (skb_headroom(skb) < head_room) { 207 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room); 208 if (skb2 == NULL) { 209 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 210 IPSTATS_MIB_OUTDISCARDS); 211 kfree_skb(skb); 212 return -ENOBUFS; 213 } 214 kfree_skb(skb); 215 skb = skb2; 216 skb_set_owner_w(skb, sk); 217 } 218 if (opt->opt_flen) 219 ipv6_push_frag_opts(skb, opt, &proto); 220 if (opt->opt_nflen) 221 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop); 222 } 223 224 skb_push(skb, sizeof(struct ipv6hdr)); 225 skb_reset_network_header(skb); 226 hdr = ipv6_hdr(skb); 227 228 /* 229 * Fill in the IPv6 header 230 */ 231 if (np) { 232 tclass = np->tclass; 233 hlimit = np->hop_limit; 234 } 235 if (hlimit < 0) 236 hlimit = ip6_dst_hoplimit(dst); 237 238 *(__be32 *)hdr = htonl(0x60000000 | (tclass << 20)) | fl6->flowlabel; 239 240 hdr->payload_len = htons(seg_len); 241 hdr->nexthdr = proto; 242 hdr->hop_limit = hlimit; 243 244 ipv6_addr_copy(&hdr->saddr, &fl6->saddr); 245 ipv6_addr_copy(&hdr->daddr, first_hop); 246 247 skb->priority = sk->sk_priority; 248 skb->mark = sk->sk_mark; 249 250 mtu = dst_mtu(dst); 251 if ((skb->len <= mtu) || skb->local_df || skb_is_gso(skb)) { 252 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)), 253 IPSTATS_MIB_OUT, skb->len); 254 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, 255 dst->dev, dst_output); 256 } 257 258 if (net_ratelimit()) 259 printk(KERN_DEBUG "IPv6: sending pkt_too_big to self\n"); 260 skb->dev = dst->dev; 261 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); 262 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS); 263 kfree_skb(skb); 264 return -EMSGSIZE; 265 } 266 267 EXPORT_SYMBOL(ip6_xmit); 268 269 /* 270 * To avoid extra problems ND packets are send through this 271 * routine. It's code duplication but I really want to avoid 272 * extra checks since ipv6_build_header is used by TCP (which 273 * is for us performance critical) 274 */ 275 276 int ip6_nd_hdr(struct sock *sk, struct sk_buff *skb, struct net_device *dev, 277 const struct in6_addr *saddr, const struct in6_addr *daddr, 278 int proto, int len) 279 { 280 struct ipv6_pinfo *np = inet6_sk(sk); 281 struct ipv6hdr *hdr; 282 283 skb->protocol = htons(ETH_P_IPV6); 284 skb->dev = dev; 285 286 skb_reset_network_header(skb); 287 skb_put(skb, sizeof(struct ipv6hdr)); 288 hdr = ipv6_hdr(skb); 289 290 *(__be32*)hdr = htonl(0x60000000); 291 292 hdr->payload_len = htons(len); 293 hdr->nexthdr = proto; 294 hdr->hop_limit = np->hop_limit; 295 296 ipv6_addr_copy(&hdr->saddr, saddr); 297 ipv6_addr_copy(&hdr->daddr, daddr); 298 299 return 0; 300 } 301 302 static int ip6_call_ra_chain(struct sk_buff *skb, int sel) 303 { 304 struct ip6_ra_chain *ra; 305 struct sock *last = NULL; 306 307 read_lock(&ip6_ra_lock); 308 for (ra = ip6_ra_chain; ra; ra = ra->next) { 309 struct sock *sk = ra->sk; 310 if (sk && ra->sel == sel && 311 (!sk->sk_bound_dev_if || 312 sk->sk_bound_dev_if == skb->dev->ifindex)) { 313 if (last) { 314 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC); 315 if (skb2) 316 rawv6_rcv(last, skb2); 317 } 318 last = sk; 319 } 320 } 321 322 if (last) { 323 rawv6_rcv(last, skb); 324 read_unlock(&ip6_ra_lock); 325 return 1; 326 } 327 read_unlock(&ip6_ra_lock); 328 return 0; 329 } 330 331 static int ip6_forward_proxy_check(struct sk_buff *skb) 332 { 333 struct ipv6hdr *hdr = ipv6_hdr(skb); 334 u8 nexthdr = hdr->nexthdr; 335 int offset; 336 337 if (ipv6_ext_hdr(nexthdr)) { 338 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr); 339 if (offset < 0) 340 return 0; 341 } else 342 offset = sizeof(struct ipv6hdr); 343 344 if (nexthdr == IPPROTO_ICMPV6) { 345 struct icmp6hdr *icmp6; 346 347 if (!pskb_may_pull(skb, (skb_network_header(skb) + 348 offset + 1 - skb->data))) 349 return 0; 350 351 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset); 352 353 switch (icmp6->icmp6_type) { 354 case NDISC_ROUTER_SOLICITATION: 355 case NDISC_ROUTER_ADVERTISEMENT: 356 case NDISC_NEIGHBOUR_SOLICITATION: 357 case NDISC_NEIGHBOUR_ADVERTISEMENT: 358 case NDISC_REDIRECT: 359 /* For reaction involving unicast neighbor discovery 360 * message destined to the proxied address, pass it to 361 * input function. 362 */ 363 return 1; 364 default: 365 break; 366 } 367 } 368 369 /* 370 * The proxying router can't forward traffic sent to a link-local 371 * address, so signal the sender and discard the packet. This 372 * behavior is clarified by the MIPv6 specification. 373 */ 374 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) { 375 dst_link_failure(skb); 376 return -1; 377 } 378 379 return 0; 380 } 381 382 static inline int ip6_forward_finish(struct sk_buff *skb) 383 { 384 return dst_output(skb); 385 } 386 387 int ip6_forward(struct sk_buff *skb) 388 { 389 struct dst_entry *dst = skb_dst(skb); 390 struct ipv6hdr *hdr = ipv6_hdr(skb); 391 struct inet6_skb_parm *opt = IP6CB(skb); 392 struct net *net = dev_net(dst->dev); 393 struct neighbour *n; 394 u32 mtu; 395 396 if (net->ipv6.devconf_all->forwarding == 0) 397 goto error; 398 399 if (skb_warn_if_lro(skb)) 400 goto drop; 401 402 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) { 403 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS); 404 goto drop; 405 } 406 407 if (skb->pkt_type != PACKET_HOST) 408 goto drop; 409 410 skb_forward_csum(skb); 411 412 /* 413 * We DO NOT make any processing on 414 * RA packets, pushing them to user level AS IS 415 * without ane WARRANTY that application will be able 416 * to interpret them. The reason is that we 417 * cannot make anything clever here. 418 * 419 * We are not end-node, so that if packet contains 420 * AH/ESP, we cannot make anything. 421 * Defragmentation also would be mistake, RA packets 422 * cannot be fragmented, because there is no warranty 423 * that different fragments will go along one path. --ANK 424 */ 425 if (opt->ra) { 426 u8 *ptr = skb_network_header(skb) + opt->ra; 427 if (ip6_call_ra_chain(skb, (ptr[2]<<8) + ptr[3])) 428 return 0; 429 } 430 431 /* 432 * check and decrement ttl 433 */ 434 if (hdr->hop_limit <= 1) { 435 /* Force OUTPUT device used as source address */ 436 skb->dev = dst->dev; 437 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0); 438 IP6_INC_STATS_BH(net, 439 ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS); 440 441 kfree_skb(skb); 442 return -ETIMEDOUT; 443 } 444 445 /* XXX: idev->cnf.proxy_ndp? */ 446 if (net->ipv6.devconf_all->proxy_ndp && 447 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) { 448 int proxied = ip6_forward_proxy_check(skb); 449 if (proxied > 0) 450 return ip6_input(skb); 451 else if (proxied < 0) { 452 IP6_INC_STATS(net, ip6_dst_idev(dst), 453 IPSTATS_MIB_INDISCARDS); 454 goto drop; 455 } 456 } 457 458 if (!xfrm6_route_forward(skb)) { 459 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS); 460 goto drop; 461 } 462 dst = skb_dst(skb); 463 464 /* IPv6 specs say nothing about it, but it is clear that we cannot 465 send redirects to source routed frames. 466 We don't send redirects to frames decapsulated from IPsec. 467 */ 468 n = dst_get_neighbour(dst); 469 if (skb->dev == dst->dev && n && opt->srcrt == 0 && !skb_sec_path(skb)) { 470 struct in6_addr *target = NULL; 471 struct rt6_info *rt; 472 473 /* 474 * incoming and outgoing devices are the same 475 * send a redirect. 476 */ 477 478 rt = (struct rt6_info *) dst; 479 if ((rt->rt6i_flags & RTF_GATEWAY)) 480 target = (struct in6_addr*)&n->primary_key; 481 else 482 target = &hdr->daddr; 483 484 if (!rt->rt6i_peer) 485 rt6_bind_peer(rt, 1); 486 487 /* Limit redirects both by destination (here) 488 and by source (inside ndisc_send_redirect) 489 */ 490 if (inet_peer_xrlim_allow(rt->rt6i_peer, 1*HZ)) 491 ndisc_send_redirect(skb, n, target); 492 } else { 493 int addrtype = ipv6_addr_type(&hdr->saddr); 494 495 /* This check is security critical. */ 496 if (addrtype == IPV6_ADDR_ANY || 497 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK)) 498 goto error; 499 if (addrtype & IPV6_ADDR_LINKLOCAL) { 500 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 501 ICMPV6_NOT_NEIGHBOUR, 0); 502 goto error; 503 } 504 } 505 506 mtu = dst_mtu(dst); 507 if (mtu < IPV6_MIN_MTU) 508 mtu = IPV6_MIN_MTU; 509 510 if (skb->len > mtu && !skb_is_gso(skb)) { 511 /* Again, force OUTPUT device used as source address */ 512 skb->dev = dst->dev; 513 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); 514 IP6_INC_STATS_BH(net, 515 ip6_dst_idev(dst), IPSTATS_MIB_INTOOBIGERRORS); 516 IP6_INC_STATS_BH(net, 517 ip6_dst_idev(dst), IPSTATS_MIB_FRAGFAILS); 518 kfree_skb(skb); 519 return -EMSGSIZE; 520 } 521 522 if (skb_cow(skb, dst->dev->hard_header_len)) { 523 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTDISCARDS); 524 goto drop; 525 } 526 527 hdr = ipv6_hdr(skb); 528 529 /* Mangling hops number delayed to point after skb COW */ 530 531 hdr->hop_limit--; 532 533 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS); 534 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, skb, skb->dev, dst->dev, 535 ip6_forward_finish); 536 537 error: 538 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS); 539 drop: 540 kfree_skb(skb); 541 return -EINVAL; 542 } 543 544 static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from) 545 { 546 to->pkt_type = from->pkt_type; 547 to->priority = from->priority; 548 to->protocol = from->protocol; 549 skb_dst_drop(to); 550 skb_dst_set(to, dst_clone(skb_dst(from))); 551 to->dev = from->dev; 552 to->mark = from->mark; 553 554 #ifdef CONFIG_NET_SCHED 555 to->tc_index = from->tc_index; 556 #endif 557 nf_copy(to, from); 558 #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ 559 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) 560 to->nf_trace = from->nf_trace; 561 #endif 562 skb_copy_secmark(to, from); 563 } 564 565 int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr) 566 { 567 u16 offset = sizeof(struct ipv6hdr); 568 struct ipv6_opt_hdr *exthdr = 569 (struct ipv6_opt_hdr *)(ipv6_hdr(skb) + 1); 570 unsigned int packet_len = skb->tail - skb->network_header; 571 int found_rhdr = 0; 572 *nexthdr = &ipv6_hdr(skb)->nexthdr; 573 574 while (offset + 1 <= packet_len) { 575 576 switch (**nexthdr) { 577 578 case NEXTHDR_HOP: 579 break; 580 case NEXTHDR_ROUTING: 581 found_rhdr = 1; 582 break; 583 case NEXTHDR_DEST: 584 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 585 if (ipv6_find_tlv(skb, offset, IPV6_TLV_HAO) >= 0) 586 break; 587 #endif 588 if (found_rhdr) 589 return offset; 590 break; 591 default : 592 return offset; 593 } 594 595 offset += ipv6_optlen(exthdr); 596 *nexthdr = &exthdr->nexthdr; 597 exthdr = (struct ipv6_opt_hdr *)(skb_network_header(skb) + 598 offset); 599 } 600 601 return offset; 602 } 603 604 void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt) 605 { 606 static atomic_t ipv6_fragmentation_id; 607 int old, new; 608 609 if (rt) { 610 struct inet_peer *peer; 611 612 if (!rt->rt6i_peer) 613 rt6_bind_peer(rt, 1); 614 peer = rt->rt6i_peer; 615 if (peer) { 616 fhdr->identification = htonl(inet_getid(peer, 0)); 617 return; 618 } 619 } 620 do { 621 old = atomic_read(&ipv6_fragmentation_id); 622 new = old + 1; 623 if (!new) 624 new = 1; 625 } while (atomic_cmpxchg(&ipv6_fragmentation_id, old, new) != old); 626 fhdr->identification = htonl(new); 627 } 628 629 int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) 630 { 631 struct sk_buff *frag; 632 struct rt6_info *rt = (struct rt6_info*)skb_dst(skb); 633 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL; 634 struct ipv6hdr *tmp_hdr; 635 struct frag_hdr *fh; 636 unsigned int mtu, hlen, left, len; 637 __be32 frag_id = 0; 638 int ptr, offset = 0, err=0; 639 u8 *prevhdr, nexthdr = 0; 640 struct net *net = dev_net(skb_dst(skb)->dev); 641 642 hlen = ip6_find_1stfragopt(skb, &prevhdr); 643 nexthdr = *prevhdr; 644 645 mtu = ip6_skb_dst_mtu(skb); 646 647 /* We must not fragment if the socket is set to force MTU discovery 648 * or if the skb it not generated by a local socket. 649 */ 650 if (!skb->local_df && skb->len > mtu) { 651 skb->dev = skb_dst(skb)->dev; 652 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); 653 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 654 IPSTATS_MIB_FRAGFAILS); 655 kfree_skb(skb); 656 return -EMSGSIZE; 657 } 658 659 if (np && np->frag_size < mtu) { 660 if (np->frag_size) 661 mtu = np->frag_size; 662 } 663 mtu -= hlen + sizeof(struct frag_hdr); 664 665 if (skb_has_frag_list(skb)) { 666 int first_len = skb_pagelen(skb); 667 struct sk_buff *frag2; 668 669 if (first_len - hlen > mtu || 670 ((first_len - hlen) & 7) || 671 skb_cloned(skb)) 672 goto slow_path; 673 674 skb_walk_frags(skb, frag) { 675 /* Correct geometry. */ 676 if (frag->len > mtu || 677 ((frag->len & 7) && frag->next) || 678 skb_headroom(frag) < hlen) 679 goto slow_path_clean; 680 681 /* Partially cloned skb? */ 682 if (skb_shared(frag)) 683 goto slow_path_clean; 684 685 BUG_ON(frag->sk); 686 if (skb->sk) { 687 frag->sk = skb->sk; 688 frag->destructor = sock_wfree; 689 } 690 skb->truesize -= frag->truesize; 691 } 692 693 err = 0; 694 offset = 0; 695 frag = skb_shinfo(skb)->frag_list; 696 skb_frag_list_init(skb); 697 /* BUILD HEADER */ 698 699 *prevhdr = NEXTHDR_FRAGMENT; 700 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC); 701 if (!tmp_hdr) { 702 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 703 IPSTATS_MIB_FRAGFAILS); 704 return -ENOMEM; 705 } 706 707 __skb_pull(skb, hlen); 708 fh = (struct frag_hdr*)__skb_push(skb, sizeof(struct frag_hdr)); 709 __skb_push(skb, hlen); 710 skb_reset_network_header(skb); 711 memcpy(skb_network_header(skb), tmp_hdr, hlen); 712 713 ipv6_select_ident(fh, rt); 714 fh->nexthdr = nexthdr; 715 fh->reserved = 0; 716 fh->frag_off = htons(IP6_MF); 717 frag_id = fh->identification; 718 719 first_len = skb_pagelen(skb); 720 skb->data_len = first_len - skb_headlen(skb); 721 skb->len = first_len; 722 ipv6_hdr(skb)->payload_len = htons(first_len - 723 sizeof(struct ipv6hdr)); 724 725 dst_hold(&rt->dst); 726 727 for (;;) { 728 /* Prepare header of the next frame, 729 * before previous one went down. */ 730 if (frag) { 731 frag->ip_summed = CHECKSUM_NONE; 732 skb_reset_transport_header(frag); 733 fh = (struct frag_hdr*)__skb_push(frag, sizeof(struct frag_hdr)); 734 __skb_push(frag, hlen); 735 skb_reset_network_header(frag); 736 memcpy(skb_network_header(frag), tmp_hdr, 737 hlen); 738 offset += skb->len - hlen - sizeof(struct frag_hdr); 739 fh->nexthdr = nexthdr; 740 fh->reserved = 0; 741 fh->frag_off = htons(offset); 742 if (frag->next != NULL) 743 fh->frag_off |= htons(IP6_MF); 744 fh->identification = frag_id; 745 ipv6_hdr(frag)->payload_len = 746 htons(frag->len - 747 sizeof(struct ipv6hdr)); 748 ip6_copy_metadata(frag, skb); 749 } 750 751 err = output(skb); 752 if(!err) 753 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst), 754 IPSTATS_MIB_FRAGCREATES); 755 756 if (err || !frag) 757 break; 758 759 skb = frag; 760 frag = skb->next; 761 skb->next = NULL; 762 } 763 764 kfree(tmp_hdr); 765 766 if (err == 0) { 767 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst), 768 IPSTATS_MIB_FRAGOKS); 769 dst_release(&rt->dst); 770 return 0; 771 } 772 773 while (frag) { 774 skb = frag->next; 775 kfree_skb(frag); 776 frag = skb; 777 } 778 779 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst), 780 IPSTATS_MIB_FRAGFAILS); 781 dst_release(&rt->dst); 782 return err; 783 784 slow_path_clean: 785 skb_walk_frags(skb, frag2) { 786 if (frag2 == frag) 787 break; 788 frag2->sk = NULL; 789 frag2->destructor = NULL; 790 skb->truesize += frag2->truesize; 791 } 792 } 793 794 slow_path: 795 left = skb->len - hlen; /* Space per frame */ 796 ptr = hlen; /* Where to start from */ 797 798 /* 799 * Fragment the datagram. 800 */ 801 802 *prevhdr = NEXTHDR_FRAGMENT; 803 804 /* 805 * Keep copying data until we run out. 806 */ 807 while(left > 0) { 808 len = left; 809 /* IF: it doesn't fit, use 'mtu' - the data space left */ 810 if (len > mtu) 811 len = mtu; 812 /* IF: we are not sending up to and including the packet end 813 then align the next start on an eight byte boundary */ 814 if (len < left) { 815 len &= ~7; 816 } 817 /* 818 * Allocate buffer. 819 */ 820 821 if ((frag = alloc_skb(len+hlen+sizeof(struct frag_hdr)+LL_ALLOCATED_SPACE(rt->dst.dev), GFP_ATOMIC)) == NULL) { 822 NETDEBUG(KERN_INFO "IPv6: frag: no memory for new fragment!\n"); 823 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 824 IPSTATS_MIB_FRAGFAILS); 825 err = -ENOMEM; 826 goto fail; 827 } 828 829 /* 830 * Set up data on packet 831 */ 832 833 ip6_copy_metadata(frag, skb); 834 skb_reserve(frag, LL_RESERVED_SPACE(rt->dst.dev)); 835 skb_put(frag, len + hlen + sizeof(struct frag_hdr)); 836 skb_reset_network_header(frag); 837 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen); 838 frag->transport_header = (frag->network_header + hlen + 839 sizeof(struct frag_hdr)); 840 841 /* 842 * Charge the memory for the fragment to any owner 843 * it might possess 844 */ 845 if (skb->sk) 846 skb_set_owner_w(frag, skb->sk); 847 848 /* 849 * Copy the packet header into the new buffer. 850 */ 851 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen); 852 853 /* 854 * Build fragment header. 855 */ 856 fh->nexthdr = nexthdr; 857 fh->reserved = 0; 858 if (!frag_id) { 859 ipv6_select_ident(fh, rt); 860 frag_id = fh->identification; 861 } else 862 fh->identification = frag_id; 863 864 /* 865 * Copy a block of the IP datagram. 866 */ 867 if (skb_copy_bits(skb, ptr, skb_transport_header(frag), len)) 868 BUG(); 869 left -= len; 870 871 fh->frag_off = htons(offset); 872 if (left > 0) 873 fh->frag_off |= htons(IP6_MF); 874 ipv6_hdr(frag)->payload_len = htons(frag->len - 875 sizeof(struct ipv6hdr)); 876 877 ptr += len; 878 offset += len; 879 880 /* 881 * Put this fragment into the sending queue. 882 */ 883 err = output(frag); 884 if (err) 885 goto fail; 886 887 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 888 IPSTATS_MIB_FRAGCREATES); 889 } 890 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 891 IPSTATS_MIB_FRAGOKS); 892 kfree_skb(skb); 893 return err; 894 895 fail: 896 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 897 IPSTATS_MIB_FRAGFAILS); 898 kfree_skb(skb); 899 return err; 900 } 901 902 static inline int ip6_rt_check(const struct rt6key *rt_key, 903 const struct in6_addr *fl_addr, 904 const struct in6_addr *addr_cache) 905 { 906 return (rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) && 907 (addr_cache == NULL || !ipv6_addr_equal(fl_addr, addr_cache)); 908 } 909 910 static struct dst_entry *ip6_sk_dst_check(struct sock *sk, 911 struct dst_entry *dst, 912 const struct flowi6 *fl6) 913 { 914 struct ipv6_pinfo *np = inet6_sk(sk); 915 struct rt6_info *rt = (struct rt6_info *)dst; 916 917 if (!dst) 918 goto out; 919 920 /* Yes, checking route validity in not connected 921 * case is not very simple. Take into account, 922 * that we do not support routing by source, TOS, 923 * and MSG_DONTROUTE --ANK (980726) 924 * 925 * 1. ip6_rt_check(): If route was host route, 926 * check that cached destination is current. 927 * If it is network route, we still may 928 * check its validity using saved pointer 929 * to the last used address: daddr_cache. 930 * We do not want to save whole address now, 931 * (because main consumer of this service 932 * is tcp, which has not this problem), 933 * so that the last trick works only on connected 934 * sockets. 935 * 2. oif also should be the same. 936 */ 937 if (ip6_rt_check(&rt->rt6i_dst, &fl6->daddr, np->daddr_cache) || 938 #ifdef CONFIG_IPV6_SUBTREES 939 ip6_rt_check(&rt->rt6i_src, &fl6->saddr, np->saddr_cache) || 940 #endif 941 (fl6->flowi6_oif && fl6->flowi6_oif != dst->dev->ifindex)) { 942 dst_release(dst); 943 dst = NULL; 944 } 945 946 out: 947 return dst; 948 } 949 950 static int ip6_dst_lookup_tail(struct sock *sk, 951 struct dst_entry **dst, struct flowi6 *fl6) 952 { 953 struct net *net = sock_net(sk); 954 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD 955 struct neighbour *n; 956 #endif 957 int err; 958 959 if (*dst == NULL) 960 *dst = ip6_route_output(net, sk, fl6); 961 962 if ((err = (*dst)->error)) 963 goto out_err_release; 964 965 if (ipv6_addr_any(&fl6->saddr)) { 966 struct rt6_info *rt = (struct rt6_info *) *dst; 967 err = ip6_route_get_saddr(net, rt, &fl6->daddr, 968 sk ? inet6_sk(sk)->srcprefs : 0, 969 &fl6->saddr); 970 if (err) 971 goto out_err_release; 972 } 973 974 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD 975 /* 976 * Here if the dst entry we've looked up 977 * has a neighbour entry that is in the INCOMPLETE 978 * state and the src address from the flow is 979 * marked as OPTIMISTIC, we release the found 980 * dst entry and replace it instead with the 981 * dst entry of the nexthop router 982 */ 983 rcu_read_lock(); 984 n = dst_get_neighbour(*dst); 985 if (n && !(n->nud_state & NUD_VALID)) { 986 struct inet6_ifaddr *ifp; 987 struct flowi6 fl_gw6; 988 int redirect; 989 990 rcu_read_unlock(); 991 ifp = ipv6_get_ifaddr(net, &fl6->saddr, 992 (*dst)->dev, 1); 993 994 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC); 995 if (ifp) 996 in6_ifa_put(ifp); 997 998 if (redirect) { 999 /* 1000 * We need to get the dst entry for the 1001 * default router instead 1002 */ 1003 dst_release(*dst); 1004 memcpy(&fl_gw6, fl6, sizeof(struct flowi6)); 1005 memset(&fl_gw6.daddr, 0, sizeof(struct in6_addr)); 1006 *dst = ip6_route_output(net, sk, &fl_gw6); 1007 if ((err = (*dst)->error)) 1008 goto out_err_release; 1009 } 1010 } else { 1011 rcu_read_unlock(); 1012 } 1013 #endif 1014 1015 return 0; 1016 1017 out_err_release: 1018 if (err == -ENETUNREACH) 1019 IP6_INC_STATS_BH(net, NULL, IPSTATS_MIB_OUTNOROUTES); 1020 dst_release(*dst); 1021 *dst = NULL; 1022 return err; 1023 } 1024 1025 /** 1026 * ip6_dst_lookup - perform route lookup on flow 1027 * @sk: socket which provides route info 1028 * @dst: pointer to dst_entry * for result 1029 * @fl6: flow to lookup 1030 * 1031 * This function performs a route lookup on the given flow. 1032 * 1033 * It returns zero on success, or a standard errno code on error. 1034 */ 1035 int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi6 *fl6) 1036 { 1037 *dst = NULL; 1038 return ip6_dst_lookup_tail(sk, dst, fl6); 1039 } 1040 EXPORT_SYMBOL_GPL(ip6_dst_lookup); 1041 1042 /** 1043 * ip6_dst_lookup_flow - perform route lookup on flow with ipsec 1044 * @sk: socket which provides route info 1045 * @fl6: flow to lookup 1046 * @final_dst: final destination address for ipsec lookup 1047 * @can_sleep: we are in a sleepable context 1048 * 1049 * This function performs a route lookup on the given flow. 1050 * 1051 * It returns a valid dst pointer on success, or a pointer encoded 1052 * error code. 1053 */ 1054 struct dst_entry *ip6_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6, 1055 const struct in6_addr *final_dst, 1056 bool can_sleep) 1057 { 1058 struct dst_entry *dst = NULL; 1059 int err; 1060 1061 err = ip6_dst_lookup_tail(sk, &dst, fl6); 1062 if (err) 1063 return ERR_PTR(err); 1064 if (final_dst) 1065 ipv6_addr_copy(&fl6->daddr, final_dst); 1066 if (can_sleep) 1067 fl6->flowi6_flags |= FLOWI_FLAG_CAN_SLEEP; 1068 1069 return xfrm_lookup(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0); 1070 } 1071 EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow); 1072 1073 /** 1074 * ip6_sk_dst_lookup_flow - perform socket cached route lookup on flow 1075 * @sk: socket which provides the dst cache and route info 1076 * @fl6: flow to lookup 1077 * @final_dst: final destination address for ipsec lookup 1078 * @can_sleep: we are in a sleepable context 1079 * 1080 * This function performs a route lookup on the given flow with the 1081 * possibility of using the cached route in the socket if it is valid. 1082 * It will take the socket dst lock when operating on the dst cache. 1083 * As a result, this function can only be used in process context. 1084 * 1085 * It returns a valid dst pointer on success, or a pointer encoded 1086 * error code. 1087 */ 1088 struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6, 1089 const struct in6_addr *final_dst, 1090 bool can_sleep) 1091 { 1092 struct dst_entry *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie); 1093 int err; 1094 1095 dst = ip6_sk_dst_check(sk, dst, fl6); 1096 1097 err = ip6_dst_lookup_tail(sk, &dst, fl6); 1098 if (err) 1099 return ERR_PTR(err); 1100 if (final_dst) 1101 ipv6_addr_copy(&fl6->daddr, final_dst); 1102 if (can_sleep) 1103 fl6->flowi6_flags |= FLOWI_FLAG_CAN_SLEEP; 1104 1105 return xfrm_lookup(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0); 1106 } 1107 EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow); 1108 1109 static inline int ip6_ufo_append_data(struct sock *sk, 1110 int getfrag(void *from, char *to, int offset, int len, 1111 int odd, struct sk_buff *skb), 1112 void *from, int length, int hh_len, int fragheaderlen, 1113 int transhdrlen, int mtu,unsigned int flags, 1114 struct rt6_info *rt) 1115 1116 { 1117 struct sk_buff *skb; 1118 int err; 1119 1120 /* There is support for UDP large send offload by network 1121 * device, so create one single skb packet containing complete 1122 * udp datagram 1123 */ 1124 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) { 1125 skb = sock_alloc_send_skb(sk, 1126 hh_len + fragheaderlen + transhdrlen + 20, 1127 (flags & MSG_DONTWAIT), &err); 1128 if (skb == NULL) 1129 return -ENOMEM; 1130 1131 /* reserve space for Hardware header */ 1132 skb_reserve(skb, hh_len); 1133 1134 /* create space for UDP/IP header */ 1135 skb_put(skb,fragheaderlen + transhdrlen); 1136 1137 /* initialize network header pointer */ 1138 skb_reset_network_header(skb); 1139 1140 /* initialize protocol header pointer */ 1141 skb->transport_header = skb->network_header + fragheaderlen; 1142 1143 skb->ip_summed = CHECKSUM_PARTIAL; 1144 skb->csum = 0; 1145 } 1146 1147 err = skb_append_datato_frags(sk,skb, getfrag, from, 1148 (length - transhdrlen)); 1149 if (!err) { 1150 struct frag_hdr fhdr; 1151 1152 /* Specify the length of each IPv6 datagram fragment. 1153 * It has to be a multiple of 8. 1154 */ 1155 skb_shinfo(skb)->gso_size = (mtu - fragheaderlen - 1156 sizeof(struct frag_hdr)) & ~7; 1157 skb_shinfo(skb)->gso_type = SKB_GSO_UDP; 1158 ipv6_select_ident(&fhdr, rt); 1159 skb_shinfo(skb)->ip6_frag_id = fhdr.identification; 1160 __skb_queue_tail(&sk->sk_write_queue, skb); 1161 1162 return 0; 1163 } 1164 /* There is not enough support do UPD LSO, 1165 * so follow normal path 1166 */ 1167 kfree_skb(skb); 1168 1169 return err; 1170 } 1171 1172 static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src, 1173 gfp_t gfp) 1174 { 1175 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL; 1176 } 1177 1178 static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src, 1179 gfp_t gfp) 1180 { 1181 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL; 1182 } 1183 1184 int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, 1185 int offset, int len, int odd, struct sk_buff *skb), 1186 void *from, int length, int transhdrlen, 1187 int hlimit, int tclass, struct ipv6_txoptions *opt, struct flowi6 *fl6, 1188 struct rt6_info *rt, unsigned int flags, int dontfrag) 1189 { 1190 struct inet_sock *inet = inet_sk(sk); 1191 struct ipv6_pinfo *np = inet6_sk(sk); 1192 struct inet_cork *cork; 1193 struct sk_buff *skb; 1194 unsigned int maxfraglen, fragheaderlen; 1195 int exthdrlen; 1196 int dst_exthdrlen; 1197 int hh_len; 1198 int mtu; 1199 int copy; 1200 int err; 1201 int offset = 0; 1202 int csummode = CHECKSUM_NONE; 1203 __u8 tx_flags = 0; 1204 1205 if (flags&MSG_PROBE) 1206 return 0; 1207 cork = &inet->cork.base; 1208 if (skb_queue_empty(&sk->sk_write_queue)) { 1209 /* 1210 * setup for corking 1211 */ 1212 if (opt) { 1213 if (WARN_ON(np->cork.opt)) 1214 return -EINVAL; 1215 1216 np->cork.opt = kmalloc(opt->tot_len, sk->sk_allocation); 1217 if (unlikely(np->cork.opt == NULL)) 1218 return -ENOBUFS; 1219 1220 np->cork.opt->tot_len = opt->tot_len; 1221 np->cork.opt->opt_flen = opt->opt_flen; 1222 np->cork.opt->opt_nflen = opt->opt_nflen; 1223 1224 np->cork.opt->dst0opt = ip6_opt_dup(opt->dst0opt, 1225 sk->sk_allocation); 1226 if (opt->dst0opt && !np->cork.opt->dst0opt) 1227 return -ENOBUFS; 1228 1229 np->cork.opt->dst1opt = ip6_opt_dup(opt->dst1opt, 1230 sk->sk_allocation); 1231 if (opt->dst1opt && !np->cork.opt->dst1opt) 1232 return -ENOBUFS; 1233 1234 np->cork.opt->hopopt = ip6_opt_dup(opt->hopopt, 1235 sk->sk_allocation); 1236 if (opt->hopopt && !np->cork.opt->hopopt) 1237 return -ENOBUFS; 1238 1239 np->cork.opt->srcrt = ip6_rthdr_dup(opt->srcrt, 1240 sk->sk_allocation); 1241 if (opt->srcrt && !np->cork.opt->srcrt) 1242 return -ENOBUFS; 1243 1244 /* need source address above miyazawa*/ 1245 } 1246 dst_hold(&rt->dst); 1247 cork->dst = &rt->dst; 1248 inet->cork.fl.u.ip6 = *fl6; 1249 np->cork.hop_limit = hlimit; 1250 np->cork.tclass = tclass; 1251 mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ? 1252 rt->dst.dev->mtu : dst_mtu(&rt->dst); 1253 if (np->frag_size < mtu) { 1254 if (np->frag_size) 1255 mtu = np->frag_size; 1256 } 1257 cork->fragsize = mtu; 1258 if (dst_allfrag(rt->dst.path)) 1259 cork->flags |= IPCORK_ALLFRAG; 1260 cork->length = 0; 1261 sk->sk_sndmsg_page = NULL; 1262 sk->sk_sndmsg_off = 0; 1263 exthdrlen = (opt ? opt->opt_flen : 0) - rt->rt6i_nfheader_len; 1264 length += exthdrlen; 1265 transhdrlen += exthdrlen; 1266 dst_exthdrlen = rt->dst.header_len; 1267 } else { 1268 rt = (struct rt6_info *)cork->dst; 1269 fl6 = &inet->cork.fl.u.ip6; 1270 opt = np->cork.opt; 1271 transhdrlen = 0; 1272 exthdrlen = 0; 1273 dst_exthdrlen = 0; 1274 mtu = cork->fragsize; 1275 } 1276 1277 hh_len = LL_RESERVED_SPACE(rt->dst.dev); 1278 1279 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len + 1280 (opt ? opt->opt_nflen : 0); 1281 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr); 1282 1283 if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) { 1284 if (cork->length + length > sizeof(struct ipv6hdr) + IPV6_MAXPLEN - fragheaderlen) { 1285 ipv6_local_error(sk, EMSGSIZE, fl6, mtu-exthdrlen); 1286 return -EMSGSIZE; 1287 } 1288 } 1289 1290 /* For UDP, check if TX timestamp is enabled */ 1291 if (sk->sk_type == SOCK_DGRAM) { 1292 err = sock_tx_timestamp(sk, &tx_flags); 1293 if (err) 1294 goto error; 1295 } 1296 1297 /* 1298 * Let's try using as much space as possible. 1299 * Use MTU if total length of the message fits into the MTU. 1300 * Otherwise, we need to reserve fragment header and 1301 * fragment alignment (= 8-15 octects, in total). 1302 * 1303 * Note that we may need to "move" the data from the tail of 1304 * of the buffer to the new fragment when we split 1305 * the message. 1306 * 1307 * FIXME: It may be fragmented into multiple chunks 1308 * at once if non-fragmentable extension headers 1309 * are too large. 1310 * --yoshfuji 1311 */ 1312 1313 cork->length += length; 1314 if (length > mtu) { 1315 int proto = sk->sk_protocol; 1316 if (dontfrag && (proto == IPPROTO_UDP || proto == IPPROTO_RAW)){ 1317 ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen); 1318 return -EMSGSIZE; 1319 } 1320 1321 if (proto == IPPROTO_UDP && 1322 (rt->dst.dev->features & NETIF_F_UFO)) { 1323 1324 err = ip6_ufo_append_data(sk, getfrag, from, length, 1325 hh_len, fragheaderlen, 1326 transhdrlen, mtu, flags, rt); 1327 if (err) 1328 goto error; 1329 return 0; 1330 } 1331 } 1332 1333 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) 1334 goto alloc_new_skb; 1335 1336 while (length > 0) { 1337 /* Check if the remaining data fits into current packet. */ 1338 copy = (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len; 1339 if (copy < length) 1340 copy = maxfraglen - skb->len; 1341 1342 if (copy <= 0) { 1343 char *data; 1344 unsigned int datalen; 1345 unsigned int fraglen; 1346 unsigned int fraggap; 1347 unsigned int alloclen; 1348 struct sk_buff *skb_prev; 1349 alloc_new_skb: 1350 skb_prev = skb; 1351 1352 /* There's no room in the current skb */ 1353 if (skb_prev) 1354 fraggap = skb_prev->len - maxfraglen; 1355 else 1356 fraggap = 0; 1357 1358 /* 1359 * If remaining data exceeds the mtu, 1360 * we know we need more fragment(s). 1361 */ 1362 datalen = length + fraggap; 1363 if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen) 1364 datalen = maxfraglen - fragheaderlen; 1365 1366 fraglen = datalen + fragheaderlen; 1367 if ((flags & MSG_MORE) && 1368 !(rt->dst.dev->features&NETIF_F_SG)) 1369 alloclen = mtu; 1370 else 1371 alloclen = datalen + fragheaderlen; 1372 1373 alloclen += dst_exthdrlen; 1374 1375 /* 1376 * The last fragment gets additional space at tail. 1377 * Note: we overallocate on fragments with MSG_MODE 1378 * because we have no idea if we're the last one. 1379 */ 1380 if (datalen == length + fraggap) 1381 alloclen += rt->dst.trailer_len; 1382 1383 /* 1384 * We just reserve space for fragment header. 1385 * Note: this may be overallocation if the message 1386 * (without MSG_MORE) fits into the MTU. 1387 */ 1388 alloclen += sizeof(struct frag_hdr); 1389 1390 if (transhdrlen) { 1391 skb = sock_alloc_send_skb(sk, 1392 alloclen + hh_len, 1393 (flags & MSG_DONTWAIT), &err); 1394 } else { 1395 skb = NULL; 1396 if (atomic_read(&sk->sk_wmem_alloc) <= 1397 2 * sk->sk_sndbuf) 1398 skb = sock_wmalloc(sk, 1399 alloclen + hh_len, 1, 1400 sk->sk_allocation); 1401 if (unlikely(skb == NULL)) 1402 err = -ENOBUFS; 1403 else { 1404 /* Only the initial fragment 1405 * is time stamped. 1406 */ 1407 tx_flags = 0; 1408 } 1409 } 1410 if (skb == NULL) 1411 goto error; 1412 /* 1413 * Fill in the control structures 1414 */ 1415 skb->ip_summed = csummode; 1416 skb->csum = 0; 1417 /* reserve for fragmentation */ 1418 skb_reserve(skb, hh_len+sizeof(struct frag_hdr)); 1419 1420 if (sk->sk_type == SOCK_DGRAM) 1421 skb_shinfo(skb)->tx_flags = tx_flags; 1422 1423 /* 1424 * Find where to start putting bytes 1425 */ 1426 data = skb_put(skb, fraglen + dst_exthdrlen); 1427 skb_set_network_header(skb, exthdrlen + dst_exthdrlen); 1428 data += fragheaderlen + dst_exthdrlen; 1429 skb->transport_header = (skb->network_header + 1430 fragheaderlen); 1431 if (fraggap) { 1432 skb->csum = skb_copy_and_csum_bits( 1433 skb_prev, maxfraglen, 1434 data + transhdrlen, fraggap, 0); 1435 skb_prev->csum = csum_sub(skb_prev->csum, 1436 skb->csum); 1437 data += fraggap; 1438 pskb_trim_unique(skb_prev, maxfraglen); 1439 } 1440 copy = datalen - transhdrlen - fraggap; 1441 1442 if (copy < 0) { 1443 err = -EINVAL; 1444 kfree_skb(skb); 1445 goto error; 1446 } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) { 1447 err = -EFAULT; 1448 kfree_skb(skb); 1449 goto error; 1450 } 1451 1452 offset += copy; 1453 length -= datalen - fraggap; 1454 transhdrlen = 0; 1455 exthdrlen = 0; 1456 dst_exthdrlen = 0; 1457 csummode = CHECKSUM_NONE; 1458 1459 /* 1460 * Put the packet on the pending queue 1461 */ 1462 __skb_queue_tail(&sk->sk_write_queue, skb); 1463 continue; 1464 } 1465 1466 if (copy > length) 1467 copy = length; 1468 1469 if (!(rt->dst.dev->features&NETIF_F_SG)) { 1470 unsigned int off; 1471 1472 off = skb->len; 1473 if (getfrag(from, skb_put(skb, copy), 1474 offset, copy, off, skb) < 0) { 1475 __skb_trim(skb, off); 1476 err = -EFAULT; 1477 goto error; 1478 } 1479 } else { 1480 int i = skb_shinfo(skb)->nr_frags; 1481 skb_frag_t *frag = &skb_shinfo(skb)->frags[i-1]; 1482 struct page *page = sk->sk_sndmsg_page; 1483 int off = sk->sk_sndmsg_off; 1484 unsigned int left; 1485 1486 if (page && (left = PAGE_SIZE - off) > 0) { 1487 if (copy >= left) 1488 copy = left; 1489 if (page != skb_frag_page(frag)) { 1490 if (i == MAX_SKB_FRAGS) { 1491 err = -EMSGSIZE; 1492 goto error; 1493 } 1494 skb_fill_page_desc(skb, i, page, sk->sk_sndmsg_off, 0); 1495 skb_frag_ref(skb, i); 1496 frag = &skb_shinfo(skb)->frags[i]; 1497 } 1498 } else if(i < MAX_SKB_FRAGS) { 1499 if (copy > PAGE_SIZE) 1500 copy = PAGE_SIZE; 1501 page = alloc_pages(sk->sk_allocation, 0); 1502 if (page == NULL) { 1503 err = -ENOMEM; 1504 goto error; 1505 } 1506 sk->sk_sndmsg_page = page; 1507 sk->sk_sndmsg_off = 0; 1508 1509 skb_fill_page_desc(skb, i, page, 0, 0); 1510 frag = &skb_shinfo(skb)->frags[i]; 1511 } else { 1512 err = -EMSGSIZE; 1513 goto error; 1514 } 1515 if (getfrag(from, 1516 skb_frag_address(frag) + skb_frag_size(frag), 1517 offset, copy, skb->len, skb) < 0) { 1518 err = -EFAULT; 1519 goto error; 1520 } 1521 sk->sk_sndmsg_off += copy; 1522 skb_frag_size_add(frag, copy); 1523 skb->len += copy; 1524 skb->data_len += copy; 1525 skb->truesize += copy; 1526 atomic_add(copy, &sk->sk_wmem_alloc); 1527 } 1528 offset += copy; 1529 length -= copy; 1530 } 1531 return 0; 1532 error: 1533 cork->length -= length; 1534 IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS); 1535 return err; 1536 } 1537 1538 static void ip6_cork_release(struct inet_sock *inet, struct ipv6_pinfo *np) 1539 { 1540 if (np->cork.opt) { 1541 kfree(np->cork.opt->dst0opt); 1542 kfree(np->cork.opt->dst1opt); 1543 kfree(np->cork.opt->hopopt); 1544 kfree(np->cork.opt->srcrt); 1545 kfree(np->cork.opt); 1546 np->cork.opt = NULL; 1547 } 1548 1549 if (inet->cork.base.dst) { 1550 dst_release(inet->cork.base.dst); 1551 inet->cork.base.dst = NULL; 1552 inet->cork.base.flags &= ~IPCORK_ALLFRAG; 1553 } 1554 memset(&inet->cork.fl, 0, sizeof(inet->cork.fl)); 1555 } 1556 1557 int ip6_push_pending_frames(struct sock *sk) 1558 { 1559 struct sk_buff *skb, *tmp_skb; 1560 struct sk_buff **tail_skb; 1561 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf; 1562 struct inet_sock *inet = inet_sk(sk); 1563 struct ipv6_pinfo *np = inet6_sk(sk); 1564 struct net *net = sock_net(sk); 1565 struct ipv6hdr *hdr; 1566 struct ipv6_txoptions *opt = np->cork.opt; 1567 struct rt6_info *rt = (struct rt6_info *)inet->cork.base.dst; 1568 struct flowi6 *fl6 = &inet->cork.fl.u.ip6; 1569 unsigned char proto = fl6->flowi6_proto; 1570 int err = 0; 1571 1572 if ((skb = __skb_dequeue(&sk->sk_write_queue)) == NULL) 1573 goto out; 1574 tail_skb = &(skb_shinfo(skb)->frag_list); 1575 1576 /* move skb->data to ip header from ext header */ 1577 if (skb->data < skb_network_header(skb)) 1578 __skb_pull(skb, skb_network_offset(skb)); 1579 while ((tmp_skb = __skb_dequeue(&sk->sk_write_queue)) != NULL) { 1580 __skb_pull(tmp_skb, skb_network_header_len(skb)); 1581 *tail_skb = tmp_skb; 1582 tail_skb = &(tmp_skb->next); 1583 skb->len += tmp_skb->len; 1584 skb->data_len += tmp_skb->len; 1585 skb->truesize += tmp_skb->truesize; 1586 tmp_skb->destructor = NULL; 1587 tmp_skb->sk = NULL; 1588 } 1589 1590 /* Allow local fragmentation. */ 1591 if (np->pmtudisc < IPV6_PMTUDISC_DO) 1592 skb->local_df = 1; 1593 1594 ipv6_addr_copy(final_dst, &fl6->daddr); 1595 __skb_pull(skb, skb_network_header_len(skb)); 1596 if (opt && opt->opt_flen) 1597 ipv6_push_frag_opts(skb, opt, &proto); 1598 if (opt && opt->opt_nflen) 1599 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst); 1600 1601 skb_push(skb, sizeof(struct ipv6hdr)); 1602 skb_reset_network_header(skb); 1603 hdr = ipv6_hdr(skb); 1604 1605 *(__be32*)hdr = fl6->flowlabel | 1606 htonl(0x60000000 | ((int)np->cork.tclass << 20)); 1607 1608 hdr->hop_limit = np->cork.hop_limit; 1609 hdr->nexthdr = proto; 1610 ipv6_addr_copy(&hdr->saddr, &fl6->saddr); 1611 ipv6_addr_copy(&hdr->daddr, final_dst); 1612 1613 skb->priority = sk->sk_priority; 1614 skb->mark = sk->sk_mark; 1615 1616 skb_dst_set(skb, dst_clone(&rt->dst)); 1617 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len); 1618 if (proto == IPPROTO_ICMPV6) { 1619 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb)); 1620 1621 ICMP6MSGOUT_INC_STATS_BH(net, idev, icmp6_hdr(skb)->icmp6_type); 1622 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTMSGS); 1623 } 1624 1625 err = ip6_local_out(skb); 1626 if (err) { 1627 if (err > 0) 1628 err = net_xmit_errno(err); 1629 if (err) 1630 goto error; 1631 } 1632 1633 out: 1634 ip6_cork_release(inet, np); 1635 return err; 1636 error: 1637 IP6_INC_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS); 1638 goto out; 1639 } 1640 1641 void ip6_flush_pending_frames(struct sock *sk) 1642 { 1643 struct sk_buff *skb; 1644 1645 while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) { 1646 if (skb_dst(skb)) 1647 IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb_dst(skb)), 1648 IPSTATS_MIB_OUTDISCARDS); 1649 kfree_skb(skb); 1650 } 1651 1652 ip6_cork_release(inet_sk(sk), inet6_sk(sk)); 1653 } 1654