1 /* 2 * net/tipc/msg.c: TIPC message header routines 3 * 4 * Copyright (c) 2000-2006, 2014-2015, Ericsson AB 5 * Copyright (c) 2005, 2010-2011, Wind River Systems 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the names of the copyright holders nor the names of its 17 * contributors may be used to endorse or promote products derived from 18 * this software without specific prior written permission. 19 * 20 * Alternatively, this software may be distributed under the terms of the 21 * GNU General Public License ("GPL") version 2 as published by the Free 22 * Software Foundation. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 25 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 34 * POSSIBILITY OF SUCH DAMAGE. 35 */ 36 37 #include <net/sock.h> 38 #include "core.h" 39 #include "msg.h" 40 #include "addr.h" 41 #include "name_table.h" 42 #include "crypto.h" 43 44 #define MAX_FORWARD_SIZE 1024 45 #ifdef CONFIG_TIPC_CRYPTO 46 #define BUF_HEADROOM ALIGN(((LL_MAX_HEADER + 48) + EHDR_MAX_SIZE), 16) 47 #define BUF_TAILROOM (TIPC_AES_GCM_TAG_SIZE) 48 #else 49 #define BUF_HEADROOM (LL_MAX_HEADER + 48) 50 #define BUF_TAILROOM 16 51 #endif 52 53 static unsigned int align(unsigned int i) 54 { 55 return (i + 3) & ~3u; 56 } 57 58 /** 59 * tipc_buf_acquire - creates a TIPC message buffer 60 * @size: message size (including TIPC header) 61 * 62 * Returns a new buffer with data pointers set to the specified size. 63 * 64 * NOTE: Headroom is reserved to allow prepending of a data link header. 65 * There may also be unrequested tailroom present at the buffer's end. 66 */ 67 struct sk_buff *tipc_buf_acquire(u32 size, gfp_t gfp) 68 { 69 struct sk_buff *skb; 70 #ifdef CONFIG_TIPC_CRYPTO 71 unsigned int buf_size = (BUF_HEADROOM + size + BUF_TAILROOM + 3) & ~3u; 72 #else 73 unsigned int buf_size = (BUF_HEADROOM + size + 3) & ~3u; 74 #endif 75 76 skb = alloc_skb_fclone(buf_size, gfp); 77 if (skb) { 78 skb_reserve(skb, BUF_HEADROOM); 79 skb_put(skb, size); 80 skb->next = NULL; 81 } 82 return skb; 83 } 84 85 void tipc_msg_init(u32 own_node, struct tipc_msg *m, u32 user, u32 type, 86 u32 hsize, u32 dnode) 87 { 88 memset(m, 0, hsize); 89 msg_set_version(m); 90 msg_set_user(m, user); 91 msg_set_hdr_sz(m, hsize); 92 msg_set_size(m, hsize); 93 msg_set_prevnode(m, own_node); 94 msg_set_type(m, type); 95 if (hsize > SHORT_H_SIZE) { 96 msg_set_orignode(m, own_node); 97 msg_set_destnode(m, dnode); 98 } 99 } 100 101 struct sk_buff *tipc_msg_create(uint user, uint type, 102 uint hdr_sz, uint data_sz, u32 dnode, 103 u32 onode, u32 dport, u32 oport, int errcode) 104 { 105 struct tipc_msg *msg; 106 struct sk_buff *buf; 107 108 buf = tipc_buf_acquire(hdr_sz + data_sz, GFP_ATOMIC); 109 if (unlikely(!buf)) 110 return NULL; 111 112 msg = buf_msg(buf); 113 tipc_msg_init(onode, msg, user, type, hdr_sz, dnode); 114 msg_set_size(msg, hdr_sz + data_sz); 115 msg_set_origport(msg, oport); 116 msg_set_destport(msg, dport); 117 msg_set_errcode(msg, errcode); 118 if (hdr_sz > SHORT_H_SIZE) { 119 msg_set_orignode(msg, onode); 120 msg_set_destnode(msg, dnode); 121 } 122 return buf; 123 } 124 125 /* tipc_buf_append(): Append a buffer to the fragment list of another buffer 126 * @*headbuf: in: NULL for first frag, otherwise value returned from prev call 127 * out: set when successful non-complete reassembly, otherwise NULL 128 * @*buf: in: the buffer to append. Always defined 129 * out: head buf after successful complete reassembly, otherwise NULL 130 * Returns 1 when reassembly complete, otherwise 0 131 */ 132 int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf) 133 { 134 struct sk_buff *head = *headbuf; 135 struct sk_buff *frag = *buf; 136 struct sk_buff *tail = NULL; 137 struct tipc_msg *msg; 138 u32 fragid; 139 int delta; 140 bool headstolen; 141 142 if (!frag) 143 goto err; 144 145 msg = buf_msg(frag); 146 fragid = msg_type(msg); 147 frag->next = NULL; 148 skb_pull(frag, msg_hdr_sz(msg)); 149 150 if (fragid == FIRST_FRAGMENT) { 151 if (unlikely(head)) 152 goto err; 153 if (unlikely(skb_unclone(frag, GFP_ATOMIC))) 154 goto err; 155 head = *headbuf = frag; 156 *buf = NULL; 157 TIPC_SKB_CB(head)->tail = NULL; 158 if (skb_is_nonlinear(head)) { 159 skb_walk_frags(head, tail) { 160 TIPC_SKB_CB(head)->tail = tail; 161 } 162 } else { 163 skb_frag_list_init(head); 164 } 165 return 0; 166 } 167 168 if (!head) 169 goto err; 170 171 if (skb_try_coalesce(head, frag, &headstolen, &delta)) { 172 kfree_skb_partial(frag, headstolen); 173 } else { 174 tail = TIPC_SKB_CB(head)->tail; 175 if (!skb_has_frag_list(head)) 176 skb_shinfo(head)->frag_list = frag; 177 else 178 tail->next = frag; 179 head->truesize += frag->truesize; 180 head->data_len += frag->len; 181 head->len += frag->len; 182 TIPC_SKB_CB(head)->tail = frag; 183 } 184 185 if (fragid == LAST_FRAGMENT) { 186 TIPC_SKB_CB(head)->validated = 0; 187 if (unlikely(!tipc_msg_validate(&head))) 188 goto err; 189 *buf = head; 190 TIPC_SKB_CB(head)->tail = NULL; 191 *headbuf = NULL; 192 return 1; 193 } 194 *buf = NULL; 195 return 0; 196 err: 197 kfree_skb(*buf); 198 kfree_skb(*headbuf); 199 *buf = *headbuf = NULL; 200 return 0; 201 } 202 203 /** 204 * tipc_msg_append(): Append data to tail of an existing buffer queue 205 * @hdr: header to be used 206 * @m: the data to be appended 207 * @mss: max allowable size of buffer 208 * @dlen: size of data to be appended 209 * @txq: queue to appand to 210 * Returns the number og 1k blocks appended or errno value 211 */ 212 int tipc_msg_append(struct tipc_msg *_hdr, struct msghdr *m, int dlen, 213 int mss, struct sk_buff_head *txq) 214 { 215 struct sk_buff *skb, *prev; 216 int accounted, total, curr; 217 int mlen, cpy, rem = dlen; 218 struct tipc_msg *hdr; 219 220 skb = skb_peek_tail(txq); 221 accounted = skb ? msg_blocks(buf_msg(skb)) : 0; 222 total = accounted; 223 224 while (rem) { 225 if (!skb || skb->len >= mss) { 226 prev = skb; 227 skb = tipc_buf_acquire(mss, GFP_KERNEL); 228 if (unlikely(!skb)) 229 return -ENOMEM; 230 skb_orphan(skb); 231 skb_trim(skb, MIN_H_SIZE); 232 hdr = buf_msg(skb); 233 skb_copy_to_linear_data(skb, _hdr, MIN_H_SIZE); 234 msg_set_hdr_sz(hdr, MIN_H_SIZE); 235 msg_set_size(hdr, MIN_H_SIZE); 236 __skb_queue_tail(txq, skb); 237 total += 1; 238 if (prev) 239 msg_set_ack_required(buf_msg(prev), 0); 240 msg_set_ack_required(hdr, 1); 241 } 242 hdr = buf_msg(skb); 243 curr = msg_blocks(hdr); 244 mlen = msg_size(hdr); 245 cpy = min_t(int, rem, mss - mlen); 246 if (cpy != copy_from_iter(skb->data + mlen, cpy, &m->msg_iter)) 247 return -EFAULT; 248 msg_set_size(hdr, mlen + cpy); 249 skb_put(skb, cpy); 250 rem -= cpy; 251 total += msg_blocks(hdr) - curr; 252 } 253 return total - accounted; 254 } 255 256 /* tipc_msg_validate - validate basic format of received message 257 * 258 * This routine ensures a TIPC message has an acceptable header, and at least 259 * as much data as the header indicates it should. The routine also ensures 260 * that the entire message header is stored in the main fragment of the message 261 * buffer, to simplify future access to message header fields. 262 * 263 * Note: Having extra info present in the message header or data areas is OK. 264 * TIPC will ignore the excess, under the assumption that it is optional info 265 * introduced by a later release of the protocol. 266 */ 267 bool tipc_msg_validate(struct sk_buff **_skb) 268 { 269 struct sk_buff *skb = *_skb; 270 struct tipc_msg *hdr; 271 int msz, hsz; 272 273 /* Ensure that flow control ratio condition is satisfied */ 274 if (unlikely(skb->truesize / buf_roundup_len(skb) >= 4)) { 275 skb = skb_copy_expand(skb, BUF_HEADROOM, 0, GFP_ATOMIC); 276 if (!skb) 277 return false; 278 kfree_skb(*_skb); 279 *_skb = skb; 280 } 281 282 if (unlikely(TIPC_SKB_CB(skb)->validated)) 283 return true; 284 285 if (unlikely(!pskb_may_pull(skb, MIN_H_SIZE))) 286 return false; 287 288 hsz = msg_hdr_sz(buf_msg(skb)); 289 if (unlikely(hsz < MIN_H_SIZE) || (hsz > MAX_H_SIZE)) 290 return false; 291 if (unlikely(!pskb_may_pull(skb, hsz))) 292 return false; 293 294 hdr = buf_msg(skb); 295 if (unlikely(msg_version(hdr) != TIPC_VERSION)) 296 return false; 297 298 msz = msg_size(hdr); 299 if (unlikely(msz < hsz)) 300 return false; 301 if (unlikely((msz - hsz) > TIPC_MAX_USER_MSG_SIZE)) 302 return false; 303 if (unlikely(skb->len < msz)) 304 return false; 305 306 TIPC_SKB_CB(skb)->validated = 1; 307 return true; 308 } 309 310 /** 311 * tipc_msg_fragment - build a fragment skb list for TIPC message 312 * 313 * @skb: TIPC message skb 314 * @hdr: internal msg header to be put on the top of the fragments 315 * @pktmax: max size of a fragment incl. the header 316 * @frags: returned fragment skb list 317 * 318 * Returns 0 if the fragmentation is successful, otherwise: -EINVAL 319 * or -ENOMEM 320 */ 321 int tipc_msg_fragment(struct sk_buff *skb, const struct tipc_msg *hdr, 322 int pktmax, struct sk_buff_head *frags) 323 { 324 int pktno, nof_fragms, dsz, dmax, eat; 325 struct tipc_msg *_hdr; 326 struct sk_buff *_skb; 327 u8 *data; 328 329 /* Non-linear buffer? */ 330 if (skb_linearize(skb)) 331 return -ENOMEM; 332 333 data = (u8 *)skb->data; 334 dsz = msg_size(buf_msg(skb)); 335 dmax = pktmax - INT_H_SIZE; 336 if (dsz <= dmax || !dmax) 337 return -EINVAL; 338 339 nof_fragms = dsz / dmax + 1; 340 for (pktno = 1; pktno <= nof_fragms; pktno++) { 341 if (pktno < nof_fragms) 342 eat = dmax; 343 else 344 eat = dsz % dmax; 345 /* Allocate a new fragment */ 346 _skb = tipc_buf_acquire(INT_H_SIZE + eat, GFP_ATOMIC); 347 if (!_skb) 348 goto error; 349 skb_orphan(_skb); 350 __skb_queue_tail(frags, _skb); 351 /* Copy header & data to the fragment */ 352 skb_copy_to_linear_data(_skb, hdr, INT_H_SIZE); 353 skb_copy_to_linear_data_offset(_skb, INT_H_SIZE, data, eat); 354 data += eat; 355 /* Update the fragment's header */ 356 _hdr = buf_msg(_skb); 357 msg_set_fragm_no(_hdr, pktno); 358 msg_set_nof_fragms(_hdr, nof_fragms); 359 msg_set_size(_hdr, INT_H_SIZE + eat); 360 } 361 return 0; 362 363 error: 364 __skb_queue_purge(frags); 365 __skb_queue_head_init(frags); 366 return -ENOMEM; 367 } 368 369 /** 370 * tipc_msg_build - create buffer chain containing specified header and data 371 * @mhdr: Message header, to be prepended to data 372 * @m: User message 373 * @dsz: Total length of user data 374 * @pktmax: Max packet size that can be used 375 * @list: Buffer or chain of buffers to be returned to caller 376 * 377 * Note that the recursive call we are making here is safe, since it can 378 * logically go only one further level down. 379 * 380 * Returns message data size or errno: -ENOMEM, -EFAULT 381 */ 382 int tipc_msg_build(struct tipc_msg *mhdr, struct msghdr *m, int offset, 383 int dsz, int pktmax, struct sk_buff_head *list) 384 { 385 int mhsz = msg_hdr_sz(mhdr); 386 struct tipc_msg pkthdr; 387 int msz = mhsz + dsz; 388 int pktrem = pktmax; 389 struct sk_buff *skb; 390 int drem = dsz; 391 int pktno = 1; 392 char *pktpos; 393 int pktsz; 394 int rc; 395 396 msg_set_size(mhdr, msz); 397 398 /* No fragmentation needed? */ 399 if (likely(msz <= pktmax)) { 400 skb = tipc_buf_acquire(msz, GFP_KERNEL); 401 402 /* Fall back to smaller MTU if node local message */ 403 if (unlikely(!skb)) { 404 if (pktmax != MAX_MSG_SIZE) 405 return -ENOMEM; 406 rc = tipc_msg_build(mhdr, m, offset, dsz, FB_MTU, list); 407 if (rc != dsz) 408 return rc; 409 if (tipc_msg_assemble(list)) 410 return dsz; 411 return -ENOMEM; 412 } 413 skb_orphan(skb); 414 __skb_queue_tail(list, skb); 415 skb_copy_to_linear_data(skb, mhdr, mhsz); 416 pktpos = skb->data + mhsz; 417 if (copy_from_iter_full(pktpos, dsz, &m->msg_iter)) 418 return dsz; 419 rc = -EFAULT; 420 goto error; 421 } 422 423 /* Prepare reusable fragment header */ 424 tipc_msg_init(msg_prevnode(mhdr), &pkthdr, MSG_FRAGMENTER, 425 FIRST_FRAGMENT, INT_H_SIZE, msg_destnode(mhdr)); 426 msg_set_size(&pkthdr, pktmax); 427 msg_set_fragm_no(&pkthdr, pktno); 428 msg_set_importance(&pkthdr, msg_importance(mhdr)); 429 430 /* Prepare first fragment */ 431 skb = tipc_buf_acquire(pktmax, GFP_KERNEL); 432 if (!skb) 433 return -ENOMEM; 434 skb_orphan(skb); 435 __skb_queue_tail(list, skb); 436 pktpos = skb->data; 437 skb_copy_to_linear_data(skb, &pkthdr, INT_H_SIZE); 438 pktpos += INT_H_SIZE; 439 pktrem -= INT_H_SIZE; 440 skb_copy_to_linear_data_offset(skb, INT_H_SIZE, mhdr, mhsz); 441 pktpos += mhsz; 442 pktrem -= mhsz; 443 444 do { 445 if (drem < pktrem) 446 pktrem = drem; 447 448 if (!copy_from_iter_full(pktpos, pktrem, &m->msg_iter)) { 449 rc = -EFAULT; 450 goto error; 451 } 452 drem -= pktrem; 453 454 if (!drem) 455 break; 456 457 /* Prepare new fragment: */ 458 if (drem < (pktmax - INT_H_SIZE)) 459 pktsz = drem + INT_H_SIZE; 460 else 461 pktsz = pktmax; 462 skb = tipc_buf_acquire(pktsz, GFP_KERNEL); 463 if (!skb) { 464 rc = -ENOMEM; 465 goto error; 466 } 467 skb_orphan(skb); 468 __skb_queue_tail(list, skb); 469 msg_set_type(&pkthdr, FRAGMENT); 470 msg_set_size(&pkthdr, pktsz); 471 msg_set_fragm_no(&pkthdr, ++pktno); 472 skb_copy_to_linear_data(skb, &pkthdr, INT_H_SIZE); 473 pktpos = skb->data + INT_H_SIZE; 474 pktrem = pktsz - INT_H_SIZE; 475 476 } while (1); 477 msg_set_type(buf_msg(skb), LAST_FRAGMENT); 478 return dsz; 479 error: 480 __skb_queue_purge(list); 481 __skb_queue_head_init(list); 482 return rc; 483 } 484 485 /** 486 * tipc_msg_bundle - Append contents of a buffer to tail of an existing one 487 * @bskb: the bundle buffer to append to 488 * @msg: message to be appended 489 * @max: max allowable size for the bundle buffer 490 * 491 * Returns "true" if bundling has been performed, otherwise "false" 492 */ 493 static bool tipc_msg_bundle(struct sk_buff *bskb, struct tipc_msg *msg, 494 u32 max) 495 { 496 struct tipc_msg *bmsg = buf_msg(bskb); 497 u32 msz, bsz, offset, pad; 498 499 msz = msg_size(msg); 500 bsz = msg_size(bmsg); 501 offset = align(bsz); 502 pad = offset - bsz; 503 504 if (unlikely(skb_tailroom(bskb) < (pad + msz))) 505 return false; 506 if (unlikely(max < (offset + msz))) 507 return false; 508 509 skb_put(bskb, pad + msz); 510 skb_copy_to_linear_data_offset(bskb, offset, msg, msz); 511 msg_set_size(bmsg, offset + msz); 512 msg_set_msgcnt(bmsg, msg_msgcnt(bmsg) + 1); 513 return true; 514 } 515 516 /** 517 * tipc_msg_try_bundle - Try to bundle a new message to the last one 518 * @tskb: the last/target message to which the new one will be appended 519 * @skb: the new message skb pointer 520 * @mss: max message size (header inclusive) 521 * @dnode: destination node for the message 522 * @new_bundle: if this call made a new bundle or not 523 * 524 * Return: "true" if the new message skb is potential for bundling this time or 525 * later, in the case a bundling has been done this time, the skb is consumed 526 * (the skb pointer = NULL). 527 * Otherwise, "false" if the skb cannot be bundled at all. 528 */ 529 bool tipc_msg_try_bundle(struct sk_buff *tskb, struct sk_buff **skb, u32 mss, 530 u32 dnode, bool *new_bundle) 531 { 532 struct tipc_msg *msg, *inner, *outer; 533 u32 tsz; 534 535 /* First, check if the new buffer is suitable for bundling */ 536 msg = buf_msg(*skb); 537 if (msg_user(msg) == MSG_FRAGMENTER) 538 return false; 539 if (msg_user(msg) == TUNNEL_PROTOCOL) 540 return false; 541 if (msg_user(msg) == BCAST_PROTOCOL) 542 return false; 543 if (mss <= INT_H_SIZE + msg_size(msg)) 544 return false; 545 546 /* Ok, but the last/target buffer can be empty? */ 547 if (unlikely(!tskb)) 548 return true; 549 550 /* Is it a bundle already? Try to bundle the new message to it */ 551 if (msg_user(buf_msg(tskb)) == MSG_BUNDLER) { 552 *new_bundle = false; 553 goto bundle; 554 } 555 556 /* Make a new bundle of the two messages if possible */ 557 tsz = msg_size(buf_msg(tskb)); 558 if (unlikely(mss < align(INT_H_SIZE + tsz) + msg_size(msg))) 559 return true; 560 if (unlikely(pskb_expand_head(tskb, INT_H_SIZE, mss - tsz - INT_H_SIZE, 561 GFP_ATOMIC))) 562 return true; 563 inner = buf_msg(tskb); 564 skb_push(tskb, INT_H_SIZE); 565 outer = buf_msg(tskb); 566 tipc_msg_init(msg_prevnode(inner), outer, MSG_BUNDLER, 0, INT_H_SIZE, 567 dnode); 568 msg_set_importance(outer, msg_importance(inner)); 569 msg_set_size(outer, INT_H_SIZE + tsz); 570 msg_set_msgcnt(outer, 1); 571 *new_bundle = true; 572 573 bundle: 574 if (likely(tipc_msg_bundle(tskb, msg, mss))) { 575 consume_skb(*skb); 576 *skb = NULL; 577 } 578 return true; 579 } 580 581 /** 582 * tipc_msg_extract(): extract bundled inner packet from buffer 583 * @skb: buffer to be extracted from. 584 * @iskb: extracted inner buffer, to be returned 585 * @pos: position in outer message of msg to be extracted. 586 * Returns position of next msg 587 * Consumes outer buffer when last packet extracted 588 * Returns true when when there is an extracted buffer, otherwise false 589 */ 590 bool tipc_msg_extract(struct sk_buff *skb, struct sk_buff **iskb, int *pos) 591 { 592 struct tipc_msg *hdr, *ihdr; 593 int imsz; 594 595 *iskb = NULL; 596 if (unlikely(skb_linearize(skb))) 597 goto none; 598 599 hdr = buf_msg(skb); 600 if (unlikely(*pos > (msg_data_sz(hdr) - MIN_H_SIZE))) 601 goto none; 602 603 ihdr = (struct tipc_msg *)(msg_data(hdr) + *pos); 604 imsz = msg_size(ihdr); 605 606 if ((*pos + imsz) > msg_data_sz(hdr)) 607 goto none; 608 609 *iskb = tipc_buf_acquire(imsz, GFP_ATOMIC); 610 if (!*iskb) 611 goto none; 612 613 skb_copy_to_linear_data(*iskb, ihdr, imsz); 614 if (unlikely(!tipc_msg_validate(iskb))) 615 goto none; 616 617 *pos += align(imsz); 618 return true; 619 none: 620 kfree_skb(skb); 621 kfree_skb(*iskb); 622 *iskb = NULL; 623 return false; 624 } 625 626 /** 627 * tipc_msg_reverse(): swap source and destination addresses and add error code 628 * @own_node: originating node id for reversed message 629 * @skb: buffer containing message to be reversed; will be consumed 630 * @err: error code to be set in message, if any 631 * Replaces consumed buffer with new one when successful 632 * Returns true if success, otherwise false 633 */ 634 bool tipc_msg_reverse(u32 own_node, struct sk_buff **skb, int err) 635 { 636 struct sk_buff *_skb = *skb; 637 struct tipc_msg *_hdr, *hdr; 638 int hlen, dlen; 639 640 if (skb_linearize(_skb)) 641 goto exit; 642 _hdr = buf_msg(_skb); 643 dlen = min_t(uint, msg_data_sz(_hdr), MAX_FORWARD_SIZE); 644 hlen = msg_hdr_sz(_hdr); 645 646 if (msg_dest_droppable(_hdr)) 647 goto exit; 648 if (msg_errcode(_hdr)) 649 goto exit; 650 651 /* Never return SHORT header */ 652 if (hlen == SHORT_H_SIZE) 653 hlen = BASIC_H_SIZE; 654 655 /* Don't return data along with SYN+, - sender has a clone */ 656 if (msg_is_syn(_hdr) && err == TIPC_ERR_OVERLOAD) 657 dlen = 0; 658 659 /* Allocate new buffer to return */ 660 *skb = tipc_buf_acquire(hlen + dlen, GFP_ATOMIC); 661 if (!*skb) 662 goto exit; 663 memcpy((*skb)->data, _skb->data, msg_hdr_sz(_hdr)); 664 memcpy((*skb)->data + hlen, msg_data(_hdr), dlen); 665 666 /* Build reverse header in new buffer */ 667 hdr = buf_msg(*skb); 668 msg_set_hdr_sz(hdr, hlen); 669 msg_set_errcode(hdr, err); 670 msg_set_non_seq(hdr, 0); 671 msg_set_origport(hdr, msg_destport(_hdr)); 672 msg_set_destport(hdr, msg_origport(_hdr)); 673 msg_set_destnode(hdr, msg_prevnode(_hdr)); 674 msg_set_prevnode(hdr, own_node); 675 msg_set_orignode(hdr, own_node); 676 msg_set_size(hdr, hlen + dlen); 677 skb_orphan(_skb); 678 kfree_skb(_skb); 679 return true; 680 exit: 681 kfree_skb(_skb); 682 *skb = NULL; 683 return false; 684 } 685 686 bool tipc_msg_skb_clone(struct sk_buff_head *msg, struct sk_buff_head *cpy) 687 { 688 struct sk_buff *skb, *_skb; 689 690 skb_queue_walk(msg, skb) { 691 _skb = skb_clone(skb, GFP_ATOMIC); 692 if (!_skb) { 693 __skb_queue_purge(cpy); 694 pr_err_ratelimited("Failed to clone buffer chain\n"); 695 return false; 696 } 697 __skb_queue_tail(cpy, _skb); 698 } 699 return true; 700 } 701 702 /** 703 * tipc_msg_lookup_dest(): try to find new destination for named message 704 * @skb: the buffer containing the message. 705 * @err: error code to be used by caller if lookup fails 706 * Does not consume buffer 707 * Returns true if a destination is found, false otherwise 708 */ 709 bool tipc_msg_lookup_dest(struct net *net, struct sk_buff *skb, int *err) 710 { 711 struct tipc_msg *msg = buf_msg(skb); 712 u32 dport, dnode; 713 u32 onode = tipc_own_addr(net); 714 715 if (!msg_isdata(msg)) 716 return false; 717 if (!msg_named(msg)) 718 return false; 719 if (msg_errcode(msg)) 720 return false; 721 *err = TIPC_ERR_NO_NAME; 722 if (skb_linearize(skb)) 723 return false; 724 msg = buf_msg(skb); 725 if (msg_reroute_cnt(msg)) 726 return false; 727 dnode = tipc_scope2node(net, msg_lookup_scope(msg)); 728 dport = tipc_nametbl_translate(net, msg_nametype(msg), 729 msg_nameinst(msg), &dnode); 730 if (!dport) 731 return false; 732 msg_incr_reroute_cnt(msg); 733 if (dnode != onode) 734 msg_set_prevnode(msg, onode); 735 msg_set_destnode(msg, dnode); 736 msg_set_destport(msg, dport); 737 *err = TIPC_OK; 738 739 return true; 740 } 741 742 /* tipc_msg_assemble() - assemble chain of fragments into one message 743 */ 744 bool tipc_msg_assemble(struct sk_buff_head *list) 745 { 746 struct sk_buff *skb, *tmp = NULL; 747 748 if (skb_queue_len(list) == 1) 749 return true; 750 751 while ((skb = __skb_dequeue(list))) { 752 skb->next = NULL; 753 if (tipc_buf_append(&tmp, &skb)) { 754 __skb_queue_tail(list, skb); 755 return true; 756 } 757 if (!tmp) 758 break; 759 } 760 __skb_queue_purge(list); 761 __skb_queue_head_init(list); 762 pr_warn("Failed do assemble buffer\n"); 763 return false; 764 } 765 766 /* tipc_msg_reassemble() - clone a buffer chain of fragments and 767 * reassemble the clones into one message 768 */ 769 bool tipc_msg_reassemble(struct sk_buff_head *list, struct sk_buff_head *rcvq) 770 { 771 struct sk_buff *skb, *_skb; 772 struct sk_buff *frag = NULL; 773 struct sk_buff *head = NULL; 774 int hdr_len; 775 776 /* Copy header if single buffer */ 777 if (skb_queue_len(list) == 1) { 778 skb = skb_peek(list); 779 hdr_len = skb_headroom(skb) + msg_hdr_sz(buf_msg(skb)); 780 _skb = __pskb_copy(skb, hdr_len, GFP_ATOMIC); 781 if (!_skb) 782 return false; 783 __skb_queue_tail(rcvq, _skb); 784 return true; 785 } 786 787 /* Clone all fragments and reassemble */ 788 skb_queue_walk(list, skb) { 789 frag = skb_clone(skb, GFP_ATOMIC); 790 if (!frag) 791 goto error; 792 frag->next = NULL; 793 if (tipc_buf_append(&head, &frag)) 794 break; 795 if (!head) 796 goto error; 797 } 798 __skb_queue_tail(rcvq, frag); 799 return true; 800 error: 801 pr_warn("Failed do clone local mcast rcv buffer\n"); 802 kfree_skb(head); 803 return false; 804 } 805 806 bool tipc_msg_pskb_copy(u32 dst, struct sk_buff_head *msg, 807 struct sk_buff_head *cpy) 808 { 809 struct sk_buff *skb, *_skb; 810 811 skb_queue_walk(msg, skb) { 812 _skb = pskb_copy(skb, GFP_ATOMIC); 813 if (!_skb) { 814 __skb_queue_purge(cpy); 815 return false; 816 } 817 msg_set_destnode(buf_msg(_skb), dst); 818 __skb_queue_tail(cpy, _skb); 819 } 820 return true; 821 } 822 823 /* tipc_skb_queue_sorted(); sort pkt into list according to sequence number 824 * @list: list to be appended to 825 * @seqno: sequence number of buffer to add 826 * @skb: buffer to add 827 */ 828 void __tipc_skb_queue_sorted(struct sk_buff_head *list, u16 seqno, 829 struct sk_buff *skb) 830 { 831 struct sk_buff *_skb, *tmp; 832 833 if (skb_queue_empty(list) || less(seqno, buf_seqno(skb_peek(list)))) { 834 __skb_queue_head(list, skb); 835 return; 836 } 837 838 if (more(seqno, buf_seqno(skb_peek_tail(list)))) { 839 __skb_queue_tail(list, skb); 840 return; 841 } 842 843 skb_queue_walk_safe(list, _skb, tmp) { 844 if (more(seqno, buf_seqno(_skb))) 845 continue; 846 if (seqno == buf_seqno(_skb)) 847 break; 848 __skb_queue_before(list, _skb, skb); 849 return; 850 } 851 kfree_skb(skb); 852 } 853 854 void tipc_skb_reject(struct net *net, int err, struct sk_buff *skb, 855 struct sk_buff_head *xmitq) 856 { 857 if (tipc_msg_reverse(tipc_own_addr(net), &skb, err)) 858 __skb_queue_tail(xmitq, skb); 859 } 860