projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
net: lwtunnel: Handle fragmentation
[deliverable/linux.git] / net / ipv6 / ip6_output.c
1 /*
2 * IPv6 output functions
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * Based on linux/net/ipv4/ip_output.c
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
14 *
15 * Changes:
16 * A.N.Kuznetsov : airthmetics in fragmentation.
17 * extension headers are implemented.
18 * route changes now work.
19 * ip6_forward does not confuse sniffers.
20 * etc.
21 *
22 * H. von Brand : Added missing #include <linux/string.h>
23 * Imran Patel : frag id should be in NBO
24 * Kazunori MIYAZAWA @USAGI
25 * : add ip6_append_data and related functions
26 * for datagram xmit
27 */
28
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/string.h>
32 #include <linux/socket.h>
33 #include <linux/net.h>
34 #include <linux/netdevice.h>
35 #include <linux/if_arp.h>
36 #include <linux/in6.h>
37 #include <linux/tcp.h>
38 #include <linux/route.h>
39 #include <linux/module.h>
40 #include <linux/slab.h>
41
42 #include <linux/netfilter.h>
43 #include <linux/netfilter_ipv6.h>
44
45 #include <net/sock.h>
46 #include <net/snmp.h>
47
48 #include <net/ipv6.h>
49 #include <net/ndisc.h>
50 #include <net/protocol.h>
51 #include <net/ip6_route.h>
52 #include <net/addrconf.h>
53 #include <net/rawv6.h>
54 #include <net/icmp.h>
55 #include <net/xfrm.h>
56 #include <net/checksum.h>
57 #include <linux/mroute6.h>
58 #include <net/l3mdev.h>
59 #include <net/lwtunnel.h>
60
61 static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff *skb)
62 {
63 struct dst_entry *dst = skb_dst(skb);
64 struct net_device *dev = dst->dev;
65 struct neighbour *neigh;
66 struct in6_addr *nexthop;
67 int ret;
68
69 skb->protocol = htons(ETH_P_IPV6);
70 skb->dev = dev;
71
72 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
73 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
74
75 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(sk) &&
76 ((mroute6_socket(net, skb) &&
77 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
78 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
79 &ipv6_hdr(skb)->saddr))) {
80 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
81
82 /* Do not check for IFF_ALLMULTI; multicast routing
83 is not supported in any case.
84 */
85 if (newskb)
86 NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING,
87 net, sk, newskb, NULL, newskb->dev,
88 dev_loopback_xmit);
89
90 if (ipv6_hdr(skb)->hop_limit == 0) {
91 IP6_INC_STATS(net, idev,
92 IPSTATS_MIB_OUTDISCARDS);
93 kfree_skb(skb);
94 return 0;
95 }
96 }
97
98 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUTMCAST, skb->len);
99
100 if (IPV6_ADDR_MC_SCOPE(&ipv6_hdr(skb)->daddr) <=
101 IPV6_ADDR_SCOPE_NODELOCAL &&
102 !(dev->flags & IFF_LOOPBACK)) {
103 kfree_skb(skb);
104 return 0;
105 }
106 }
107
108 if (lwtunnel_xmit_redirect(dst->lwtstate)) {
109 int res = lwtunnel_xmit(skb);
110
111 if (res < 0 || res == LWTUNNEL_XMIT_DONE)
112 return res;
113 }
114
115 rcu_read_lock_bh();
116 nexthop = rt6_nexthop((struct rt6_info *)dst, &ipv6_hdr(skb)->daddr);
117 neigh = __ipv6_neigh_lookup_noref(dst->dev, nexthop);
118 if (unlikely(!neigh))
119 neigh = __neigh_create(&nd_tbl, nexthop, dst->dev, false);
120 if (!IS_ERR(neigh)) {
121 ret = dst_neigh_output(dst, neigh, skb);
122 rcu_read_unlock_bh();
123 return ret;
124 }
125 rcu_read_unlock_bh();
126
127 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
128 kfree_skb(skb);
129 return -EINVAL;
130 }
131
132 static int ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb)
133 {
134 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
135 dst_allfrag(skb_dst(skb)) ||
136 (IP6CB(skb)->frag_max_size && skb->len > IP6CB(skb)->frag_max_size))
137 return ip6_fragment(net, sk, skb, ip6_finish_output2);
138 else
139 return ip6_finish_output2(net, sk, skb);
140 }
141
142 int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb)
143 {
144 struct net_device *dev = skb_dst(skb)->dev;
145 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
146
147 if (unlikely(idev->cnf.disable_ipv6)) {
148 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS);
149 kfree_skb(skb);
150 return 0;
151 }
152
153 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING,
154 net, sk, skb, NULL, dev,
155 ip6_finish_output,
156 !(IP6CB(skb)->flags & IP6SKB_REROUTED));
157 }
158
159 /*
160 * xmit an sk_buff (used by TCP, SCTP and DCCP)
161 * Note : socket lock is not held for SYNACK packets, but might be modified
162 * by calls to skb_set_owner_w() and ipv6_local_error(),
163 * which are using proper atomic operations or spinlocks.
164 */
165 int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
166 struct ipv6_txoptions *opt, int tclass)
167 {
168 struct net *net = sock_net(sk);
169 const struct ipv6_pinfo *np = inet6_sk(sk);
170 struct in6_addr *first_hop = &fl6->daddr;
171 struct dst_entry *dst = skb_dst(skb);
172 struct ipv6hdr *hdr;
173 u8 proto = fl6->flowi6_proto;
174 int seg_len = skb->len;
175 int hlimit = -1;
176 u32 mtu;
177
178 if (opt) {
179 unsigned int head_room;
180
181 /* First: exthdrs may take lots of space (~8K for now)
182 MAX_HEADER is not enough.
183 */
184 head_room = opt->opt_nflen + opt->opt_flen;
185 seg_len += head_room;
186 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev);
187
188 if (skb_headroom(skb) < head_room) {
189 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room);
190 if (!skb2) {
191 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
192 IPSTATS_MIB_OUTDISCARDS);
193 kfree_skb(skb);
194 return -ENOBUFS;
195 }
196 consume_skb(skb);
197 skb = skb2;
198 /* skb_set_owner_w() changes sk->sk_wmem_alloc atomically,
199 * it is safe to call in our context (socket lock not held)
200 */
201 skb_set_owner_w(skb, (struct sock *)sk);
202 }
203 if (opt->opt_flen)
204 ipv6_push_frag_opts(skb, opt, &proto);
205 if (opt->opt_nflen)
206 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop);
207 }
208
209 skb_push(skb, sizeof(struct ipv6hdr));
210 skb_reset_network_header(skb);
211 hdr = ipv6_hdr(skb);
212
213 /*
214 * Fill in the IPv6 header
215 */
216 if (np)
217 hlimit = np->hop_limit;
218 if (hlimit < 0)
219 hlimit = ip6_dst_hoplimit(dst);
220
221 ip6_flow_hdr(hdr, tclass, ip6_make_flowlabel(net, skb, fl6->flowlabel,
222 np->autoflowlabel, fl6));
223
224 hdr->payload_len = htons(seg_len);
225 hdr->nexthdr = proto;
226 hdr->hop_limit = hlimit;
227
228 hdr->saddr = fl6->saddr;
229 hdr->daddr = *first_hop;
230
231 skb->protocol = htons(ETH_P_IPV6);
232 skb->priority = sk->sk_priority;
233 skb->mark = sk->sk_mark;
234
235 mtu = dst_mtu(dst);
236 if ((skb->len <= mtu) || skb->ignore_df || skb_is_gso(skb)) {
237 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)),
238 IPSTATS_MIB_OUT, skb->len);
239 /* hooks should never assume socket lock is held.
240 * we promote our socket to non const
241 */
242 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
243 net, (struct sock *)sk, skb, NULL, dst->dev,
244 dst_output);
245 }
246
247 skb->dev = dst->dev;
248 /* ipv6_local_error() does not require socket lock,
249 * we promote our socket to non const
250 */
251 ipv6_local_error((struct sock *)sk, EMSGSIZE, fl6, mtu);
252
253 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS);
254 kfree_skb(skb);
255 return -EMSGSIZE;
256 }
257 EXPORT_SYMBOL(ip6_xmit);
258
259 static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
260 {
261 struct ip6_ra_chain *ra;
262 struct sock *last = NULL;
263
264 read_lock(&ip6_ra_lock);
265 for (ra = ip6_ra_chain; ra; ra = ra->next) {
266 struct sock *sk = ra->sk;
267 if (sk && ra->sel == sel &&
268 (!sk->sk_bound_dev_if ||
269 sk->sk_bound_dev_if == skb->dev->ifindex)) {
270 if (last) {
271 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
272 if (skb2)
273 rawv6_rcv(last, skb2);
274 }
275 last = sk;
276 }
277 }
278
279 if (last) {
280 rawv6_rcv(last, skb);
281 read_unlock(&ip6_ra_lock);
282 return 1;
283 }
284 read_unlock(&ip6_ra_lock);
285 return 0;
286 }
287
288 static int ip6_forward_proxy_check(struct sk_buff *skb)
289 {
290 struct ipv6hdr *hdr = ipv6_hdr(skb);
291 u8 nexthdr = hdr->nexthdr;
292 __be16 frag_off;
293 int offset;
294
295 if (ipv6_ext_hdr(nexthdr)) {
296 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr, &frag_off);
297 if (offset < 0)
298 return 0;
299 } else
300 offset = sizeof(struct ipv6hdr);
301
302 if (nexthdr == IPPROTO_ICMPV6) {
303 struct icmp6hdr *icmp6;
304
305 if (!pskb_may_pull(skb, (skb_network_header(skb) +
306 offset + 1 - skb->data)))
307 return 0;
308
309 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset);
310
311 switch (icmp6->icmp6_type) {
312 case NDISC_ROUTER_SOLICITATION:
313 case NDISC_ROUTER_ADVERTISEMENT:
314 case NDISC_NEIGHBOUR_SOLICITATION:
315 case NDISC_NEIGHBOUR_ADVERTISEMENT:
316 case NDISC_REDIRECT:
317 /* For reaction involving unicast neighbor discovery
318 * message destined to the proxied address, pass it to
319 * input function.
320 */
321 return 1;
322 default:
323 break;
324 }
325 }
326
327 /*
328 * The proxying router can't forward traffic sent to a link-local
329 * address, so signal the sender and discard the packet. This
330 * behavior is clarified by the MIPv6 specification.
331 */
332 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) {
333 dst_link_failure(skb);
334 return -1;
335 }
336
337 return 0;
338 }
339
340 static inline int ip6_forward_finish(struct net *net, struct sock *sk,
341 struct sk_buff *skb)
342 {
343 return dst_output(net, sk, skb);
344 }
345
346 static unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst)
347 {
348 unsigned int mtu;
349 struct inet6_dev *idev;
350
351 if (dst_metric_locked(dst, RTAX_MTU)) {
352 mtu = dst_metric_raw(dst, RTAX_MTU);
353 if (mtu)
354 return mtu;
355 }
356
357 mtu = IPV6_MIN_MTU;
358 rcu_read_lock();
359 idev = __in6_dev_get(dst->dev);
360 if (idev)
361 mtu = idev->cnf.mtu6;
362 rcu_read_unlock();
363
364 return mtu;
365 }
366
367 static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu)
368 {
369 if (skb->len <= mtu)
370 return false;
371
372 /* ipv6 conntrack defrag sets max_frag_size + ignore_df */
373 if (IP6CB(skb)->frag_max_size && IP6CB(skb)->frag_max_size > mtu)
374 return true;
375
376 if (skb->ignore_df)
377 return false;
378
379 if (skb_is_gso(skb) && skb_gso_validate_mtu(skb, mtu))
380 return false;
381
382 return true;
383 }
384
385 int ip6_forward(struct sk_buff *skb)
386 {
387 struct dst_entry *dst = skb_dst(skb);
388 struct ipv6hdr *hdr = ipv6_hdr(skb);
389 struct inet6_skb_parm *opt = IP6CB(skb);
390 struct net *net = dev_net(dst->dev);
391 u32 mtu;
392
393 if (net->ipv6.devconf_all->forwarding == 0)
394 goto error;
395
396 if (skb->pkt_type != PACKET_HOST)
397 goto drop;
398
399 if (unlikely(skb->sk))
400 goto drop;
401
402 if (skb_warn_if_lro(skb))
403 goto drop;
404
405 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
406 __IP6_INC_STATS(net, ip6_dst_idev(dst),
407 IPSTATS_MIB_INDISCARDS);
408 goto drop;
409 }
410
411 skb_forward_csum(skb);
412
413 /*
414 * We DO NOT make any processing on
415 * RA packets, pushing them to user level AS IS
416 * without ane WARRANTY that application will be able
417 * to interpret them. The reason is that we
418 * cannot make anything clever here.
419 *
420 * We are not end-node, so that if packet contains
421 * AH/ESP, we cannot make anything.
422 * Defragmentation also would be mistake, RA packets
423 * cannot be fragmented, because there is no warranty
424 * that different fragments will go along one path. --ANK
425 */
426 if (unlikely(opt->flags & IP6SKB_ROUTERALERT)) {
427 if (ip6_call_ra_chain(skb, ntohs(opt->ra)))
428 return 0;
429 }
430
431 /*
432 * check and decrement ttl
433 */
434 if (hdr->hop_limit <= 1) {
435 /* Force OUTPUT device used as source address */
436 skb->dev = dst->dev;
437 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0);
438 __IP6_INC_STATS(net, ip6_dst_idev(dst),
439 IPSTATS_MIB_INHDRERRORS);
440
441 kfree_skb(skb);
442 return -ETIMEDOUT;
443 }
444
445 /* XXX: idev->cnf.proxy_ndp? */
446 if (net->ipv6.devconf_all->proxy_ndp &&
447 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
448 int proxied = ip6_forward_proxy_check(skb);
449 if (proxied > 0)
450 return ip6_input(skb);
451 else if (proxied < 0) {
452 __IP6_INC_STATS(net, ip6_dst_idev(dst),
453 IPSTATS_MIB_INDISCARDS);
454 goto drop;
455 }
456 }
457
458 if (!xfrm6_route_forward(skb)) {
459 __IP6_INC_STATS(net, ip6_dst_idev(dst),
460 IPSTATS_MIB_INDISCARDS);
461 goto drop;
462 }
463 dst = skb_dst(skb);
464
465 /* IPv6 specs say nothing about it, but it is clear that we cannot
466 send redirects to source routed frames.
467 We don't send redirects to frames decapsulated from IPsec.
468 */
469 if (skb->dev == dst->dev && opt->srcrt == 0 && !skb_sec_path(skb)) {
470 struct in6_addr *target = NULL;
471 struct inet_peer *peer;
472 struct rt6_info *rt;
473
474 /*
475 * incoming and outgoing devices are the same
476 * send a redirect.
477 */
478
479 rt = (struct rt6_info *) dst;
480 if (rt->rt6i_flags & RTF_GATEWAY)
481 target = &rt->rt6i_gateway;
482 else
483 target = &hdr->daddr;
484
485 peer = inet_getpeer_v6(net->ipv6.peers, &hdr->daddr, 1);
486
487 /* Limit redirects both by destination (here)
488 and by source (inside ndisc_send_redirect)
489 */
490 if (inet_peer_xrlim_allow(peer, 1*HZ))
491 ndisc_send_redirect(skb, target);
492 if (peer)
493 inet_putpeer(peer);
494 } else {
495 int addrtype = ipv6_addr_type(&hdr->saddr);
496
497 /* This check is security critical. */
498 if (addrtype == IPV6_ADDR_ANY ||
499 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
500 goto error;
501 if (addrtype & IPV6_ADDR_LINKLOCAL) {
502 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
503 ICMPV6_NOT_NEIGHBOUR, 0);
504 goto error;
505 }
506 }
507
508 mtu = ip6_dst_mtu_forward(dst);
509 if (mtu < IPV6_MIN_MTU)
510 mtu = IPV6_MIN_MTU;
511
512 if (ip6_pkt_too_big(skb, mtu)) {
513 /* Again, force OUTPUT device used as source address */
514 skb->dev = dst->dev;
515 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
516 __IP6_INC_STATS(net, ip6_dst_idev(dst),
517 IPSTATS_MIB_INTOOBIGERRORS);
518 __IP6_INC_STATS(net, ip6_dst_idev(dst),
519 IPSTATS_MIB_FRAGFAILS);
520 kfree_skb(skb);
521 return -EMSGSIZE;
522 }
523
524 if (skb_cow(skb, dst->dev->hard_header_len)) {
525 __IP6_INC_STATS(net, ip6_dst_idev(dst),
526 IPSTATS_MIB_OUTDISCARDS);
527 goto drop;
528 }
529
530 hdr = ipv6_hdr(skb);
531
532 /* Mangling hops number delayed to point after skb COW */
533
534 hdr->hop_limit--;
535
536 __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
537 __IP6_ADD_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len);
538 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD,
539 net, NULL, skb, skb->dev, dst->dev,
540 ip6_forward_finish);
541
542 error:
543 __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS);
544 drop:
545 kfree_skb(skb);
546 return -EINVAL;
547 }
548
549 static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
550 {
551 to->pkt_type = from->pkt_type;
552 to->priority = from->priority;
553 to->protocol = from->protocol;
554 skb_dst_drop(to);
555 skb_dst_set(to, dst_clone(skb_dst(from)));
556 to->dev = from->dev;
557 to->mark = from->mark;
558
559 #ifdef CONFIG_NET_SCHED
560 to->tc_index = from->tc_index;
561 #endif
562 nf_copy(to, from);
563 skb_copy_secmark(to, from);
564 }
565
566 int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,
567 int (*output)(struct net *, struct sock *, struct sk_buff *))
568 {
569 struct sk_buff *frag;
570 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
571 struct ipv6_pinfo *np = skb->sk && !dev_recursion_level() ?
572 inet6_sk(skb->sk) : NULL;
573 struct ipv6hdr *tmp_hdr;
574 struct frag_hdr *fh;
575 unsigned int mtu, hlen, left, len;
576 int hroom, troom;
577 __be32 frag_id;
578 int ptr, offset = 0, err = 0;
579 u8 *prevhdr, nexthdr = 0;
580
581 hlen = ip6_find_1stfragopt(skb, &prevhdr);
582 nexthdr = *prevhdr;
583
584 mtu = ip6_skb_dst_mtu(skb);
585
586 /* We must not fragment if the socket is set to force MTU discovery
587 * or if the skb it not generated by a local socket.
588 */
589 if (unlikely(!skb->ignore_df && skb->len > mtu))
590 goto fail_toobig;
591
592 if (IP6CB(skb)->frag_max_size) {
593 if (IP6CB(skb)->frag_max_size > mtu)
594 goto fail_toobig;
595
596 /* don't send fragments larger than what we received */
597 mtu = IP6CB(skb)->frag_max_size;
598 if (mtu < IPV6_MIN_MTU)
599 mtu = IPV6_MIN_MTU;
600 }
601
602 if (np && np->frag_size < mtu) {
603 if (np->frag_size)
604 mtu = np->frag_size;
605 }
606 if (mtu < hlen + sizeof(struct frag_hdr) + 8)
607 goto fail_toobig;
608 mtu -= hlen + sizeof(struct frag_hdr);
609
610 frag_id = ipv6_select_ident(net, &ipv6_hdr(skb)->daddr,
611 &ipv6_hdr(skb)->saddr);
612
613 if (skb->ip_summed == CHECKSUM_PARTIAL &&
614 (err = skb_checksum_help(skb)))
615 goto fail;
616
617 hroom = LL_RESERVED_SPACE(rt->dst.dev);
618 if (skb_has_frag_list(skb)) {
619 int first_len = skb_pagelen(skb);
620 struct sk_buff *frag2;
621
622 if (first_len - hlen > mtu ||
623 ((first_len - hlen) & 7) ||
624 skb_cloned(skb) ||
625 skb_headroom(skb) < (hroom + sizeof(struct frag_hdr)))
626 goto slow_path;
627
628 skb_walk_frags(skb, frag) {
629 /* Correct geometry. */
630 if (frag->len > mtu ||
631 ((frag->len & 7) && frag->next) ||
632 skb_headroom(frag) < (hlen + hroom + sizeof(struct frag_hdr)))
633 goto slow_path_clean;
634
635 /* Partially cloned skb? */
636 if (skb_shared(frag))
637 goto slow_path_clean;
638
639 BUG_ON(frag->sk);
640 if (skb->sk) {
641 frag->sk = skb->sk;
642 frag->destructor = sock_wfree;
643 }
644 skb->truesize -= frag->truesize;
645 }
646
647 err = 0;
648 offset = 0;
649 /* BUILD HEADER */
650
651 *prevhdr = NEXTHDR_FRAGMENT;
652 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
653 if (!tmp_hdr) {
654 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
655 IPSTATS_MIB_FRAGFAILS);
656 err = -ENOMEM;
657 goto fail;
658 }
659 frag = skb_shinfo(skb)->frag_list;
660 skb_frag_list_init(skb);
661
662 __skb_pull(skb, hlen);
663 fh = (struct frag_hdr *)__skb_push(skb, sizeof(struct frag_hdr));
664 __skb_push(skb, hlen);
665 skb_reset_network_header(skb);
666 memcpy(skb_network_header(skb), tmp_hdr, hlen);
667
668 fh->nexthdr = nexthdr;
669 fh->reserved = 0;
670 fh->frag_off = htons(IP6_MF);
671 fh->identification = frag_id;
672
673 first_len = skb_pagelen(skb);
674 skb->data_len = first_len - skb_headlen(skb);
675 skb->len = first_len;
676 ipv6_hdr(skb)->payload_len = htons(first_len -
677 sizeof(struct ipv6hdr));
678
679 dst_hold(&rt->dst);
680
681 for (;;) {
682 /* Prepare header of the next frame,
683 * before previous one went down. */
684 if (frag) {
685 frag->ip_summed = CHECKSUM_NONE;
686 skb_reset_transport_header(frag);
687 fh = (struct frag_hdr *)__skb_push(frag, sizeof(struct frag_hdr));
688 __skb_push(frag, hlen);
689 skb_reset_network_header(frag);
690 memcpy(skb_network_header(frag), tmp_hdr,
691 hlen);
692 offset += skb->len - hlen - sizeof(struct frag_hdr);
693 fh->nexthdr = nexthdr;
694 fh->reserved = 0;
695 fh->frag_off = htons(offset);
696 if (frag->next)
697 fh->frag_off |= htons(IP6_MF);
698 fh->identification = frag_id;
699 ipv6_hdr(frag)->payload_len =
700 htons(frag->len -
701 sizeof(struct ipv6hdr));
702 ip6_copy_metadata(frag, skb);
703 }
704
705 err = output(net, sk, skb);
706 if (!err)
707 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
708 IPSTATS_MIB_FRAGCREATES);
709
710 if (err || !frag)
711 break;
712
713 skb = frag;
714 frag = skb->next;
715 skb->next = NULL;
716 }
717
718 kfree(tmp_hdr);
719
720 if (err == 0) {
721 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
722 IPSTATS_MIB_FRAGOKS);
723 ip6_rt_put(rt);
724 return 0;
725 }
726
727 kfree_skb_list(frag);
728
729 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
730 IPSTATS_MIB_FRAGFAILS);
731 ip6_rt_put(rt);
732 return err;
733
734 slow_path_clean:
735 skb_walk_frags(skb, frag2) {
736 if (frag2 == frag)
737 break;
738 frag2->sk = NULL;
739 frag2->destructor = NULL;
740 skb->truesize += frag2->truesize;
741 }
742 }
743
744 slow_path:
745 left = skb->len - hlen; /* Space per frame */
746 ptr = hlen; /* Where to start from */
747
748 /*
749 * Fragment the datagram.
750 */
751
752 *prevhdr = NEXTHDR_FRAGMENT;
753 troom = rt->dst.dev->needed_tailroom;
754
755 /*
756 * Keep copying data until we run out.
757 */
758 while (left > 0) {
759 len = left;
760 /* IF: it doesn't fit, use 'mtu' - the data space left */
761 if (len > mtu)
762 len = mtu;
763 /* IF: we are not sending up to and including the packet end
764 then align the next start on an eight byte boundary */
765 if (len < left) {
766 len &= ~7;
767 }
768
769 /* Allocate buffer */
770 frag = alloc_skb(len + hlen + sizeof(struct frag_hdr) +
771 hroom + troom, GFP_ATOMIC);
772 if (!frag) {
773 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
774 IPSTATS_MIB_FRAGFAILS);
775 err = -ENOMEM;
776 goto fail;
777 }
778
779 /*
780 * Set up data on packet
781 */
782
783 ip6_copy_metadata(frag, skb);
784 skb_reserve(frag, hroom);
785 skb_put(frag, len + hlen + sizeof(struct frag_hdr));
786 skb_reset_network_header(frag);
787 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen);
788 frag->transport_header = (frag->network_header + hlen +
789 sizeof(struct frag_hdr));
790
791 /*
792 * Charge the memory for the fragment to any owner
793 * it might possess
794 */
795 if (skb->sk)
796 skb_set_owner_w(frag, skb->sk);
797
798 /*
799 * Copy the packet header into the new buffer.
800 */
801 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen);
802
803 /*
804 * Build fragment header.
805 */
806 fh->nexthdr = nexthdr;
807 fh->reserved = 0;
808 fh->identification = frag_id;
809
810 /*
811 * Copy a block of the IP datagram.
812 */
813 BUG_ON(skb_copy_bits(skb, ptr, skb_transport_header(frag),
814 len));
815 left -= len;
816
817 fh->frag_off = htons(offset);
818 if (left > 0)
819 fh->frag_off |= htons(IP6_MF);
820 ipv6_hdr(frag)->payload_len = htons(frag->len -
821 sizeof(struct ipv6hdr));
822
823 ptr += len;
824 offset += len;
825
826 /*
827 * Put this fragment into the sending queue.
828 */
829 err = output(net, sk, frag);
830 if (err)
831 goto fail;
832
833 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
834 IPSTATS_MIB_FRAGCREATES);
835 }
836 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
837 IPSTATS_MIB_FRAGOKS);
838 consume_skb(skb);
839 return err;
840
841 fail_toobig:
842 if (skb->sk && dst_allfrag(skb_dst(skb)))
843 sk_nocaps_add(skb->sk, NETIF_F_GSO_MASK);
844
845 skb->dev = skb_dst(skb)->dev;
846 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
847 err = -EMSGSIZE;
848
849 fail:
850 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
851 IPSTATS_MIB_FRAGFAILS);
852 kfree_skb(skb);
853 return err;
854 }
855
856 static inline int ip6_rt_check(const struct rt6key *rt_key,
857 const struct in6_addr *fl_addr,
858 const struct in6_addr *addr_cache)
859 {
860 return (rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) &&
861 (!addr_cache || !ipv6_addr_equal(fl_addr, addr_cache));
862 }
863
864 static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
865 struct dst_entry *dst,
866 const struct flowi6 *fl6)
867 {
868 struct ipv6_pinfo *np = inet6_sk(sk);
869 struct rt6_info *rt;
870
871 if (!dst)
872 goto out;
873
874 if (dst->ops->family != AF_INET6) {
875 dst_release(dst);
876 return NULL;
877 }
878
879 rt = (struct rt6_info *)dst;
880 /* Yes, checking route validity in not connected
881 * case is not very simple. Take into account,
882 * that we do not support routing by source, TOS,
883 * and MSG_DONTROUTE --ANK (980726)
884 *
885 * 1. ip6_rt_check(): If route was host route,
886 * check that cached destination is current.
887 * If it is network route, we still may
888 * check its validity using saved pointer
889 * to the last used address: daddr_cache.
890 * We do not want to save whole address now,
891 * (because main consumer of this service
892 * is tcp, which has not this problem),
893 * so that the last trick works only on connected
894 * sockets.
895 * 2. oif also should be the same.
896 */
897 if (ip6_rt_check(&rt->rt6i_dst, &fl6->daddr, np->daddr_cache) ||
898 #ifdef CONFIG_IPV6_SUBTREES
899 ip6_rt_check(&rt->rt6i_src, &fl6->saddr, np->saddr_cache) ||
900 #endif
901 (!(fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF) &&
902 (fl6->flowi6_oif && fl6->flowi6_oif != dst->dev->ifindex))) {
903 dst_release(dst);
904 dst = NULL;
905 }
906
907 out:
908 return dst;
909 }
910
911 static int ip6_dst_lookup_tail(struct net *net, const struct sock *sk,
912 struct dst_entry **dst, struct flowi6 *fl6)
913 {
914 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
915 struct neighbour *n;
916 struct rt6_info *rt;
917 #endif
918 int err;
919 int flags = 0;
920
921 if (ipv6_addr_any(&fl6->saddr) && fl6->flowi6_oif &&
922 (!*dst || !(*dst)->error)) {
923 err = l3mdev_get_saddr6(net, sk, fl6);
924 if (err)
925 goto out_err;
926 }
927
928 /* The correct way to handle this would be to do
929 * ip6_route_get_saddr, and then ip6_route_output; however,
930 * the route-specific preferred source forces the
931 * ip6_route_output call _before_ ip6_route_get_saddr.
932 *
933 * In source specific routing (no src=any default route),
934 * ip6_route_output will fail given src=any saddr, though, so
935 * that's why we try it again later.
936 */
937 if (ipv6_addr_any(&fl6->saddr) && (!*dst || !(*dst)->error)) {
938 struct rt6_info *rt;
939 bool had_dst = *dst != NULL;
940
941 if (!had_dst)
942 *dst = ip6_route_output(net, sk, fl6);
943 rt = (*dst)->error ? NULL : (struct rt6_info *)*dst;
944 err = ip6_route_get_saddr(net, rt, &fl6->daddr,
945 sk ? inet6_sk(sk)->srcprefs : 0,
946 &fl6->saddr);
947 if (err)
948 goto out_err_release;
949
950 /* If we had an erroneous initial result, pretend it
951 * never existed and let the SA-enabled version take
952 * over.
953 */
954 if (!had_dst && (*dst)->error) {
955 dst_release(*dst);
956 *dst = NULL;
957 }
958
959 if (fl6->flowi6_oif)
960 flags |= RT6_LOOKUP_F_IFACE;
961 }
962
963 if (!*dst)
964 *dst = ip6_route_output_flags(net, sk, fl6, flags);
965
966 err = (*dst)->error;
967 if (err)
968 goto out_err_release;
969
970 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
971 /*
972 * Here if the dst entry we've looked up
973 * has a neighbour entry that is in the INCOMPLETE
974 * state and the src address from the flow is
975 * marked as OPTIMISTIC, we release the found
976 * dst entry and replace it instead with the
977 * dst entry of the nexthop router
978 */
979 rt = (struct rt6_info *) *dst;
980 rcu_read_lock_bh();
981 n = __ipv6_neigh_lookup_noref(rt->dst.dev,
982 rt6_nexthop(rt, &fl6->daddr));
983 err = n && !(n->nud_state & NUD_VALID) ? -EINVAL : 0;
984 rcu_read_unlock_bh();
985
986 if (err) {
987 struct inet6_ifaddr *ifp;
988 struct flowi6 fl_gw6;
989 int redirect;
990
991 ifp = ipv6_get_ifaddr(net, &fl6->saddr,
992 (*dst)->dev, 1);
993
994 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
995 if (ifp)
996 in6_ifa_put(ifp);
997
998 if (redirect) {
999 /*
1000 * We need to get the dst entry for the
1001 * default router instead
1002 */
1003 dst_release(*dst);
1004 memcpy(&fl_gw6, fl6, sizeof(struct flowi6));
1005 memset(&fl_gw6.daddr, 0, sizeof(struct in6_addr));
1006 *dst = ip6_route_output(net, sk, &fl_gw6);
1007 err = (*dst)->error;
1008 if (err)
1009 goto out_err_release;
1010 }
1011 }
1012 #endif
1013
1014 return 0;
1015
1016 out_err_release:
1017 dst_release(*dst);
1018 *dst = NULL;
1019 out_err:
1020 if (err == -ENETUNREACH)
1021 IP6_INC_STATS(net, NULL, IPSTATS_MIB_OUTNOROUTES);
1022 return err;
1023 }
1024
1025 /**
1026 * ip6_dst_lookup - perform route lookup on flow
1027 * @sk: socket which provides route info
1028 * @dst: pointer to dst_entry * for result
1029 * @fl6: flow to lookup
1030 *
1031 * This function performs a route lookup on the given flow.
1032 *
1033 * It returns zero on success, or a standard errno code on error.
1034 */
1035 int ip6_dst_lookup(struct net *net, struct sock *sk, struct dst_entry **dst,
1036 struct flowi6 *fl6)
1037 {
1038 *dst = NULL;
1039 return ip6_dst_lookup_tail(net, sk, dst, fl6);
1040 }
1041 EXPORT_SYMBOL_GPL(ip6_dst_lookup);
1042
1043 /**
1044 * ip6_dst_lookup_flow - perform route lookup on flow with ipsec
1045 * @sk: socket which provides route info
1046 * @fl6: flow to lookup
1047 * @final_dst: final destination address for ipsec lookup
1048 *
1049 * This function performs a route lookup on the given flow.
1050 *
1051 * It returns a valid dst pointer on success, or a pointer encoded
1052 * error code.
1053 */
1054 struct dst_entry *ip6_dst_lookup_flow(const struct sock *sk, struct flowi6 *fl6,
1055 const struct in6_addr *final_dst)
1056 {
1057 struct dst_entry *dst = NULL;
1058 int err;
1059
1060 err = ip6_dst_lookup_tail(sock_net(sk), sk, &dst, fl6);
1061 if (err)
1062 return ERR_PTR(err);
1063 if (final_dst)
1064 fl6->daddr = *final_dst;
1065 if (!fl6->flowi6_oif)
1066 fl6->flowi6_oif = l3mdev_fib_oif(dst->dev);
1067
1068 return xfrm_lookup_route(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
1069 }
1070 EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow);
1071
1072 /**
1073 * ip6_sk_dst_lookup_flow - perform socket cached route lookup on flow
1074 * @sk: socket which provides the dst cache and route info
1075 * @fl6: flow to lookup
1076 * @final_dst: final destination address for ipsec lookup
1077 *
1078 * This function performs a route lookup on the given flow with the
1079 * possibility of using the cached route in the socket if it is valid.
1080 * It will take the socket dst lock when operating on the dst cache.
1081 * As a result, this function can only be used in process context.
1082 *
1083 * It returns a valid dst pointer on success, or a pointer encoded
1084 * error code.
1085 */
1086 struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
1087 const struct in6_addr *final_dst)
1088 {
1089 struct dst_entry *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
1090
1091 dst = ip6_sk_dst_check(sk, dst, fl6);
1092 if (!dst)
1093 dst = ip6_dst_lookup_flow(sk, fl6, final_dst);
1094
1095 return dst;
1096 }
1097 EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow);
1098
1099 static inline int ip6_ufo_append_data(struct sock *sk,
1100 struct sk_buff_head *queue,
1101 int getfrag(void *from, char *to, int offset, int len,
1102 int odd, struct sk_buff *skb),
1103 void *from, int length, int hh_len, int fragheaderlen,
1104 int exthdrlen, int transhdrlen, int mtu,
1105 unsigned int flags, const struct flowi6 *fl6)
1106
1107 {
1108 struct sk_buff *skb;
1109 int err;
1110
1111 /* There is support for UDP large send offload by network
1112 * device, so create one single skb packet containing complete
1113 * udp datagram
1114 */
1115 skb = skb_peek_tail(queue);
1116 if (!skb) {
1117 skb = sock_alloc_send_skb(sk,
1118 hh_len + fragheaderlen + transhdrlen + 20,
1119 (flags & MSG_DONTWAIT), &err);
1120 if (!skb)
1121 return err;
1122
1123 /* reserve space for Hardware header */
1124 skb_reserve(skb, hh_len);
1125
1126 /* create space for UDP/IP header */
1127 skb_put(skb, fragheaderlen + transhdrlen);
1128
1129 /* initialize network header pointer */
1130 skb_set_network_header(skb, exthdrlen);
1131
1132 /* initialize protocol header pointer */
1133 skb->transport_header = skb->network_header + fragheaderlen;
1134
1135 skb->protocol = htons(ETH_P_IPV6);
1136 skb->csum = 0;
1137
1138 __skb_queue_tail(queue, skb);
1139 } else if (skb_is_gso(skb)) {
1140 goto append;
1141 }
1142
1143 skb->ip_summed = CHECKSUM_PARTIAL;
1144 /* Specify the length of each IPv6 datagram fragment.
1145 * It has to be a multiple of 8.
1146 */
1147 skb_shinfo(skb)->gso_size = (mtu - fragheaderlen -
1148 sizeof(struct frag_hdr)) & ~7;
1149 skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
1150 skb_shinfo(skb)->ip6_frag_id = ipv6_select_ident(sock_net(sk),
1151 &fl6->daddr,
1152 &fl6->saddr);
1153
1154 append:
1155 return skb_append_datato_frags(sk, skb, getfrag, from,
1156 (length - transhdrlen));
1157 }
1158
1159 static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src,
1160 gfp_t gfp)
1161 {
1162 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1163 }
1164
1165 static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src,
1166 gfp_t gfp)
1167 {
1168 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1169 }
1170
1171 static void ip6_append_data_mtu(unsigned int *mtu,
1172 int *maxfraglen,
1173 unsigned int fragheaderlen,
1174 struct sk_buff *skb,
1175 struct rt6_info *rt,
1176 unsigned int orig_mtu)
1177 {
1178 if (!(rt->dst.flags & DST_XFRM_TUNNEL)) {
1179 if (!skb) {
1180 /* first fragment, reserve header_len */
1181 *mtu = orig_mtu - rt->dst.header_len;
1182
1183 } else {
1184 /*
1185 * this fragment is not first, the headers
1186 * space is regarded as data space.
1187 */
1188 *mtu = orig_mtu;
1189 }
1190 *maxfraglen = ((*mtu - fragheaderlen) & ~7)
1191 + fragheaderlen - sizeof(struct frag_hdr);
1192 }
1193 }
1194
1195 static int ip6_setup_cork(struct sock *sk, struct inet_cork_full *cork,
1196 struct inet6_cork *v6_cork, struct ipcm6_cookie *ipc6,
1197 struct rt6_info *rt, struct flowi6 *fl6)
1198 {
1199 struct ipv6_pinfo *np = inet6_sk(sk);
1200 unsigned int mtu;
1201 struct ipv6_txoptions *opt = ipc6->opt;
1202
1203 /*
1204 * setup for corking
1205 */
1206 if (opt) {
1207 if (WARN_ON(v6_cork->opt))
1208 return -EINVAL;
1209
1210 v6_cork->opt = kzalloc(opt->tot_len, sk->sk_allocation);
1211 if (unlikely(!v6_cork->opt))
1212 return -ENOBUFS;
1213
1214 v6_cork->opt->tot_len = opt->tot_len;
1215 v6_cork->opt->opt_flen = opt->opt_flen;
1216 v6_cork->opt->opt_nflen = opt->opt_nflen;
1217
1218 v6_cork->opt->dst0opt = ip6_opt_dup(opt->dst0opt,
1219 sk->sk_allocation);
1220 if (opt->dst0opt && !v6_cork->opt->dst0opt)
1221 return -ENOBUFS;
1222
1223 v6_cork->opt->dst1opt = ip6_opt_dup(opt->dst1opt,
1224 sk->sk_allocation);
1225 if (opt->dst1opt && !v6_cork->opt->dst1opt)
1226 return -ENOBUFS;
1227
1228 v6_cork->opt->hopopt = ip6_opt_dup(opt->hopopt,
1229 sk->sk_allocation);
1230 if (opt->hopopt && !v6_cork->opt->hopopt)
1231 return -ENOBUFS;
1232
1233 v6_cork->opt->srcrt = ip6_rthdr_dup(opt->srcrt,
1234 sk->sk_allocation);
1235 if (opt->srcrt && !v6_cork->opt->srcrt)
1236 return -ENOBUFS;
1237
1238 /* need source address above miyazawa*/
1239 }
1240 dst_hold(&rt->dst);
1241 cork->base.dst = &rt->dst;
1242 cork->fl.u.ip6 = *fl6;
1243 v6_cork->hop_limit = ipc6->hlimit;
1244 v6_cork->tclass = ipc6->tclass;
1245 if (rt->dst.flags & DST_XFRM_TUNNEL)
1246 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ?
1247 rt->dst.dev->mtu : dst_mtu(&rt->dst);
1248 else
1249 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ?
1250 rt->dst.dev->mtu : dst_mtu(rt->dst.path);
1251 if (np->frag_size < mtu) {
1252 if (np->frag_size)
1253 mtu = np->frag_size;
1254 }
1255 cork->base.fragsize = mtu;
1256 if (dst_allfrag(rt->dst.path))
1257 cork->base.flags |= IPCORK_ALLFRAG;
1258 cork->base.length = 0;
1259
1260 return 0;
1261 }
1262
1263 static int __ip6_append_data(struct sock *sk,
1264 struct flowi6 *fl6,
1265 struct sk_buff_head *queue,
1266 struct inet_cork *cork,
1267 struct inet6_cork *v6_cork,
1268 struct page_frag *pfrag,
1269 int getfrag(void *from, char *to, int offset,
1270 int len, int odd, struct sk_buff *skb),
1271 void *from, int length, int transhdrlen,
1272 unsigned int flags, struct ipcm6_cookie *ipc6,
1273 const struct sockcm_cookie *sockc)
1274 {
1275 struct sk_buff *skb, *skb_prev = NULL;
1276 unsigned int maxfraglen, fragheaderlen, mtu, orig_mtu;
1277 int exthdrlen = 0;
1278 int dst_exthdrlen = 0;
1279 int hh_len;
1280 int copy;
1281 int err;
1282 int offset = 0;
1283 __u8 tx_flags = 0;
1284 u32 tskey = 0;
1285 struct rt6_info *rt = (struct rt6_info *)cork->dst;
1286 struct ipv6_txoptions *opt = v6_cork->opt;
1287 int csummode = CHECKSUM_NONE;
1288 unsigned int maxnonfragsize, headersize;
1289
1290 skb = skb_peek_tail(queue);
1291 if (!skb) {
1292 exthdrlen = opt ? opt->opt_flen : 0;
1293 dst_exthdrlen = rt->dst.header_len - rt->rt6i_nfheader_len;
1294 }
1295
1296 mtu = cork->fragsize;
1297 orig_mtu = mtu;
1298
1299 hh_len = LL_RESERVED_SPACE(rt->dst.dev);
1300
1301 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len +
1302 (opt ? opt->opt_nflen : 0);
1303 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen -
1304 sizeof(struct frag_hdr);
1305
1306 headersize = sizeof(struct ipv6hdr) +
1307 (opt ? opt->opt_flen + opt->opt_nflen : 0) +
1308 (dst_allfrag(&rt->dst) ?
1309 sizeof(struct frag_hdr) : 0) +
1310 rt->rt6i_nfheader_len;
1311
1312 if (cork->length + length > mtu - headersize && ipc6->dontfrag &&
1313 (sk->sk_protocol == IPPROTO_UDP ||
1314 sk->sk_protocol == IPPROTO_RAW)) {
1315 ipv6_local_rxpmtu(sk, fl6, mtu - headersize +
1316 sizeof(struct ipv6hdr));
1317 goto emsgsize;
1318 }
1319
1320 if (ip6_sk_ignore_df(sk))
1321 maxnonfragsize = sizeof(struct ipv6hdr) + IPV6_MAXPLEN;
1322 else
1323 maxnonfragsize = mtu;
1324
1325 if (cork->length + length > maxnonfragsize - headersize) {
1326 emsgsize:
1327 ipv6_local_error(sk, EMSGSIZE, fl6,
1328 mtu - headersize +
1329 sizeof(struct ipv6hdr));
1330 return -EMSGSIZE;
1331 }
1332
1333 /* CHECKSUM_PARTIAL only with no extension headers and when
1334 * we are not going to fragment
1335 */
1336 if (transhdrlen && sk->sk_protocol == IPPROTO_UDP &&
1337 headersize == sizeof(struct ipv6hdr) &&
1338 length < mtu - headersize &&
1339 !(flags & MSG_MORE) &&
1340 rt->dst.dev->features & (NETIF_F_IPV6_CSUM | NETIF_F_HW_CSUM))
1341 csummode = CHECKSUM_PARTIAL;
1342
1343 if (sk->sk_type == SOCK_DGRAM || sk->sk_type == SOCK_RAW) {
1344 sock_tx_timestamp(sk, sockc->tsflags, &tx_flags);
1345 if (tx_flags & SKBTX_ANY_SW_TSTAMP &&
1346 sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID)
1347 tskey = sk->sk_tskey++;
1348 }
1349
1350 /*
1351 * Let's try using as much space as possible.
1352 * Use MTU if total length of the message fits into the MTU.
1353 * Otherwise, we need to reserve fragment header and
1354 * fragment alignment (= 8-15 octects, in total).
1355 *
1356 * Note that we may need to "move" the data from the tail of
1357 * of the buffer to the new fragment when we split
1358 * the message.
1359 *
1360 * FIXME: It may be fragmented into multiple chunks
1361 * at once if non-fragmentable extension headers
1362 * are too large.
1363 * --yoshfuji
1364 */
1365
1366 cork->length += length;
1367 if (((length > mtu) ||
1368 (skb && skb_is_gso(skb))) &&
1369 (sk->sk_protocol == IPPROTO_UDP) &&
1370 (rt->dst.dev->features & NETIF_F_UFO) &&
1371 (sk->sk_type == SOCK_DGRAM) && !udp_get_no_check6_tx(sk)) {
1372 err = ip6_ufo_append_data(sk, queue, getfrag, from, length,
1373 hh_len, fragheaderlen, exthdrlen,
1374 transhdrlen, mtu, flags, fl6);
1375 if (err)
1376 goto error;
1377 return 0;
1378 }
1379
1380 if (!skb)
1381 goto alloc_new_skb;
1382
1383 while (length > 0) {
1384 /* Check if the remaining data fits into current packet. */
1385 copy = (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len;
1386 if (copy < length)
1387 copy = maxfraglen - skb->len;
1388
1389 if (copy <= 0) {
1390 char *data;
1391 unsigned int datalen;
1392 unsigned int fraglen;
1393 unsigned int fraggap;
1394 unsigned int alloclen;
1395 alloc_new_skb:
1396 /* There's no room in the current skb */
1397 if (skb)
1398 fraggap = skb->len - maxfraglen;
1399 else
1400 fraggap = 0;
1401 /* update mtu and maxfraglen if necessary */
1402 if (!skb || !skb_prev)
1403 ip6_append_data_mtu(&mtu, &maxfraglen,
1404 fragheaderlen, skb, rt,
1405 orig_mtu);
1406
1407 skb_prev = skb;
1408
1409 /*
1410 * If remaining data exceeds the mtu,
1411 * we know we need more fragment(s).
1412 */
1413 datalen = length + fraggap;
1414
1415 if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)
1416 datalen = maxfraglen - fragheaderlen - rt->dst.trailer_len;
1417 if ((flags & MSG_MORE) &&
1418 !(rt->dst.dev->features&NETIF_F_SG))
1419 alloclen = mtu;
1420 else
1421 alloclen = datalen + fragheaderlen;
1422
1423 alloclen += dst_exthdrlen;
1424
1425 if (datalen != length + fraggap) {
1426 /*
1427 * this is not the last fragment, the trailer
1428 * space is regarded as data space.
1429 */
1430 datalen += rt->dst.trailer_len;
1431 }
1432
1433 alloclen += rt->dst.trailer_len;
1434 fraglen = datalen + fragheaderlen;
1435
1436 /*
1437 * We just reserve space for fragment header.
1438 * Note: this may be overallocation if the message
1439 * (without MSG_MORE) fits into the MTU.
1440 */
1441 alloclen += sizeof(struct frag_hdr);
1442
1443 if (transhdrlen) {
1444 skb = sock_alloc_send_skb(sk,
1445 alloclen + hh_len,
1446 (flags & MSG_DONTWAIT), &err);
1447 } else {
1448 skb = NULL;
1449 if (atomic_read(&sk->sk_wmem_alloc) <=
1450 2 * sk->sk_sndbuf)
1451 skb = sock_wmalloc(sk,
1452 alloclen + hh_len, 1,
1453 sk->sk_allocation);
1454 if (unlikely(!skb))
1455 err = -ENOBUFS;
1456 }
1457 if (!skb)
1458 goto error;
1459 /*
1460 * Fill in the control structures
1461 */
1462 skb->protocol = htons(ETH_P_IPV6);
1463 skb->ip_summed = csummode;
1464 skb->csum = 0;
1465 /* reserve for fragmentation and ipsec header */
1466 skb_reserve(skb, hh_len + sizeof(struct frag_hdr) +
1467 dst_exthdrlen);
1468
1469 /* Only the initial fragment is time stamped */
1470 skb_shinfo(skb)->tx_flags = tx_flags;
1471 tx_flags = 0;
1472 skb_shinfo(skb)->tskey = tskey;
1473 tskey = 0;
1474
1475 /*
1476 * Find where to start putting bytes
1477 */
1478 data = skb_put(skb, fraglen);
1479 skb_set_network_header(skb, exthdrlen);
1480 data += fragheaderlen;
1481 skb->transport_header = (skb->network_header +
1482 fragheaderlen);
1483 if (fraggap) {
1484 skb->csum = skb_copy_and_csum_bits(
1485 skb_prev, maxfraglen,
1486 data + transhdrlen, fraggap, 0);
1487 skb_prev->csum = csum_sub(skb_prev->csum,
1488 skb->csum);
1489 data += fraggap;
1490 pskb_trim_unique(skb_prev, maxfraglen);
1491 }
1492 copy = datalen - transhdrlen - fraggap;
1493
1494 if (copy < 0) {
1495 err = -EINVAL;
1496 kfree_skb(skb);
1497 goto error;
1498 } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) {
1499 err = -EFAULT;
1500 kfree_skb(skb);
1501 goto error;
1502 }
1503
1504 offset += copy;
1505 length -= datalen - fraggap;
1506 transhdrlen = 0;
1507 exthdrlen = 0;
1508 dst_exthdrlen = 0;
1509
1510 /*
1511 * Put the packet on the pending queue
1512 */
1513 __skb_queue_tail(queue, skb);
1514 continue;
1515 }
1516
1517 if (copy > length)
1518 copy = length;
1519
1520 if (!(rt->dst.dev->features&NETIF_F_SG)) {
1521 unsigned int off;
1522
1523 off = skb->len;
1524 if (getfrag(from, skb_put(skb, copy),
1525 offset, copy, off, skb) < 0) {
1526 __skb_trim(skb, off);
1527 err = -EFAULT;
1528 goto error;
1529 }
1530 } else {
1531 int i = skb_shinfo(skb)->nr_frags;
1532
1533 err = -ENOMEM;
1534 if (!sk_page_frag_refill(sk, pfrag))
1535 goto error;
1536
1537 if (!skb_can_coalesce(skb, i, pfrag->page,
1538 pfrag->offset)) {
1539 err = -EMSGSIZE;
1540 if (i == MAX_SKB_FRAGS)
1541 goto error;
1542
1543 __skb_fill_page_desc(skb, i, pfrag->page,
1544 pfrag->offset, 0);
1545 skb_shinfo(skb)->nr_frags = ++i;
1546 get_page(pfrag->page);
1547 }
1548 copy = min_t(int, copy, pfrag->size - pfrag->offset);
1549 if (getfrag(from,
1550 page_address(pfrag->page) + pfrag->offset,
1551 offset, copy, skb->len, skb) < 0)
1552 goto error_efault;
1553
1554 pfrag->offset += copy;
1555 skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
1556 skb->len += copy;
1557 skb->data_len += copy;
1558 skb->truesize += copy;
1559 atomic_add(copy, &sk->sk_wmem_alloc);
1560 }
1561 offset += copy;
1562 length -= copy;
1563 }
1564
1565 return 0;
1566
1567 error_efault:
1568 err = -EFAULT;
1569 error:
1570 cork->length -= length;
1571 IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1572 return err;
1573 }
1574
1575 int ip6_append_data(struct sock *sk,
1576 int getfrag(void *from, char *to, int offset, int len,
1577 int odd, struct sk_buff *skb),
1578 void *from, int length, int transhdrlen,
1579 struct ipcm6_cookie *ipc6, struct flowi6 *fl6,
1580 struct rt6_info *rt, unsigned int flags,
1581 const struct sockcm_cookie *sockc)
1582 {
1583 struct inet_sock *inet = inet_sk(sk);
1584 struct ipv6_pinfo *np = inet6_sk(sk);
1585 int exthdrlen;
1586 int err;
1587
1588 if (flags&MSG_PROBE)
1589 return 0;
1590 if (skb_queue_empty(&sk->sk_write_queue)) {
1591 /*
1592 * setup for corking
1593 */
1594 err = ip6_setup_cork(sk, &inet->cork, &np->cork,
1595 ipc6, rt, fl6);
1596 if (err)
1597 return err;
1598
1599 exthdrlen = (ipc6->opt ? ipc6->opt->opt_flen : 0);
1600 length += exthdrlen;
1601 transhdrlen += exthdrlen;
1602 } else {
1603 fl6 = &inet->cork.fl.u.ip6;
1604 transhdrlen = 0;
1605 }
1606
1607 return __ip6_append_data(sk, fl6, &sk->sk_write_queue, &inet->cork.base,
1608 &np->cork, sk_page_frag(sk), getfrag,
1609 from, length, transhdrlen, flags, ipc6, sockc);
1610 }
1611 EXPORT_SYMBOL_GPL(ip6_append_data);
1612
1613 static void ip6_cork_release(struct inet_cork_full *cork,
1614 struct inet6_cork *v6_cork)
1615 {
1616 if (v6_cork->opt) {
1617 kfree(v6_cork->opt->dst0opt);
1618 kfree(v6_cork->opt->dst1opt);
1619 kfree(v6_cork->opt->hopopt);
1620 kfree(v6_cork->opt->srcrt);
1621 kfree(v6_cork->opt);
1622 v6_cork->opt = NULL;
1623 }
1624
1625 if (cork->base.dst) {
1626 dst_release(cork->base.dst);
1627 cork->base.dst = NULL;
1628 cork->base.flags &= ~IPCORK_ALLFRAG;
1629 }
1630 memset(&cork->fl, 0, sizeof(cork->fl));
1631 }
1632
1633 struct sk_buff *__ip6_make_skb(struct sock *sk,
1634 struct sk_buff_head *queue,
1635 struct inet_cork_full *cork,
1636 struct inet6_cork *v6_cork)
1637 {
1638 struct sk_buff *skb, *tmp_skb;
1639 struct sk_buff **tail_skb;
1640 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf;
1641 struct ipv6_pinfo *np = inet6_sk(sk);
1642 struct net *net = sock_net(sk);
1643 struct ipv6hdr *hdr;
1644 struct ipv6_txoptions *opt = v6_cork->opt;
1645 struct rt6_info *rt = (struct rt6_info *)cork->base.dst;
1646 struct flowi6 *fl6 = &cork->fl.u.ip6;
1647 unsigned char proto = fl6->flowi6_proto;
1648
1649 skb = __skb_dequeue(queue);
1650 if (!skb)
1651 goto out;
1652 tail_skb = &(skb_shinfo(skb)->frag_list);
1653
1654 /* move skb->data to ip header from ext header */
1655 if (skb->data < skb_network_header(skb))
1656 __skb_pull(skb, skb_network_offset(skb));
1657 while ((tmp_skb = __skb_dequeue(queue)) != NULL) {
1658 __skb_pull(tmp_skb, skb_network_header_len(skb));
1659 *tail_skb = tmp_skb;
1660 tail_skb = &(tmp_skb->next);
1661 skb->len += tmp_skb->len;
1662 skb->data_len += tmp_skb->len;
1663 skb->truesize += tmp_skb->truesize;
1664 tmp_skb->destructor = NULL;
1665 tmp_skb->sk = NULL;
1666 }
1667
1668 /* Allow local fragmentation. */
1669 skb->ignore_df = ip6_sk_ignore_df(sk);
1670
1671 *final_dst = fl6->daddr;
1672 __skb_pull(skb, skb_network_header_len(skb));
1673 if (opt && opt->opt_flen)
1674 ipv6_push_frag_opts(skb, opt, &proto);
1675 if (opt && opt->opt_nflen)
1676 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst);
1677
1678 skb_push(skb, sizeof(struct ipv6hdr));
1679 skb_reset_network_header(skb);
1680 hdr = ipv6_hdr(skb);
1681
1682 ip6_flow_hdr(hdr, v6_cork->tclass,
1683 ip6_make_flowlabel(net, skb, fl6->flowlabel,
1684 np->autoflowlabel, fl6));
1685 hdr->hop_limit = v6_cork->hop_limit;
1686 hdr->nexthdr = proto;
1687 hdr->saddr = fl6->saddr;
1688 hdr->daddr = *final_dst;
1689
1690 skb->priority = sk->sk_priority;
1691 skb->mark = sk->sk_mark;
1692
1693 skb_dst_set(skb, dst_clone(&rt->dst));
1694 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
1695 if (proto == IPPROTO_ICMPV6) {
1696 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
1697
1698 ICMP6MSGOUT_INC_STATS(net, idev, icmp6_hdr(skb)->icmp6_type);
1699 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1700 }
1701
1702 ip6_cork_release(cork, v6_cork);
1703 out:
1704 return skb;
1705 }
1706
1707 int ip6_send_skb(struct sk_buff *skb)
1708 {
1709 struct net *net = sock_net(skb->sk);
1710 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
1711 int err;
1712
1713 err = ip6_local_out(net, skb->sk, skb);
1714 if (err) {
1715 if (err > 0)
1716 err = net_xmit_errno(err);
1717 if (err)
1718 IP6_INC_STATS(net, rt->rt6i_idev,
1719 IPSTATS_MIB_OUTDISCARDS);
1720 }
1721
1722 return err;
1723 }
1724
1725 int ip6_push_pending_frames(struct sock *sk)
1726 {
1727 struct sk_buff *skb;
1728
1729 skb = ip6_finish_skb(sk);
1730 if (!skb)
1731 return 0;
1732
1733 return ip6_send_skb(skb);
1734 }
1735 EXPORT_SYMBOL_GPL(ip6_push_pending_frames);
1736
1737 static void __ip6_flush_pending_frames(struct sock *sk,
1738 struct sk_buff_head *queue,
1739 struct inet_cork_full *cork,
1740 struct inet6_cork *v6_cork)
1741 {
1742 struct sk_buff *skb;
1743
1744 while ((skb = __skb_dequeue_tail(queue)) != NULL) {
1745 if (skb_dst(skb))
1746 IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb_dst(skb)),
1747 IPSTATS_MIB_OUTDISCARDS);
1748 kfree_skb(skb);
1749 }
1750
1751 ip6_cork_release(cork, v6_cork);
1752 }
1753
1754 void ip6_flush_pending_frames(struct sock *sk)
1755 {
1756 __ip6_flush_pending_frames(sk, &sk->sk_write_queue,
1757 &inet_sk(sk)->cork, &inet6_sk(sk)->cork);
1758 }
1759 EXPORT_SYMBOL_GPL(ip6_flush_pending_frames);
1760
1761 struct sk_buff *ip6_make_skb(struct sock *sk,
1762 int getfrag(void *from, char *to, int offset,
1763 int len, int odd, struct sk_buff *skb),
1764 void *from, int length, int transhdrlen,
1765 struct ipcm6_cookie *ipc6, struct flowi6 *fl6,
1766 struct rt6_info *rt, unsigned int flags,
1767 const struct sockcm_cookie *sockc)
1768 {
1769 struct inet_cork_full cork;
1770 struct inet6_cork v6_cork;
1771 struct sk_buff_head queue;
1772 int exthdrlen = (ipc6->opt ? ipc6->opt->opt_flen : 0);
1773 int err;
1774
1775 if (flags & MSG_PROBE)
1776 return NULL;
1777
1778 __skb_queue_head_init(&queue);
1779
1780 cork.base.flags = 0;
1781 cork.base.addr = 0;
1782 cork.base.opt = NULL;
1783 v6_cork.opt = NULL;
1784 err = ip6_setup_cork(sk, &cork, &v6_cork, ipc6, rt, fl6);
1785 if (err)
1786 return ERR_PTR(err);
1787
1788 if (ipc6->dontfrag < 0)
1789 ipc6->dontfrag = inet6_sk(sk)->dontfrag;
1790
1791 err = __ip6_append_data(sk, fl6, &queue, &cork.base, &v6_cork,
1792 &current->task_frag, getfrag, from,
1793 length + exthdrlen, transhdrlen + exthdrlen,
1794 flags, ipc6, sockc);
1795 if (err) {
1796 __ip6_flush_pending_frames(sk, &queue, &cork, &v6_cork);
1797 return ERR_PTR(err);
1798 }
1799
1800 return __ip6_make_skb(sk, &queue, &cork, &v6_cork);
1801 }
Linux kernel - Deliverables
This page took 0.145629 seconds and 5 git commands to generate.