search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ARM: 7409/1: Do not call flush_cache_user_range with mmap_sem held
[linux/fpc-iii.git] / net / ipv6 / ip6_output.c
blob9cbf17686a1b81c54ece58214e36263d519f222c
1 /*
2 * IPv6 output functions
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * Based on linux/net/ipv4/ip_output.c
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
14 *
15 * Changes:
16 * A.N.Kuznetsov : airthmetics in fragmentation.
17 * extension headers are implemented.
18 * route changes now work.
19 * ip6_forward does not confuse sniffers.
20 * etc.
21 *
22 * H. von Brand : Added missing #include <linux/string.h>
23 * Imran Patel : frag id should be in NBO
24 * Kazunori MIYAZAWA @USAGI
25 * : add ip6_append_data and related functions
26 * for datagram xmit
27 */
28
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/string.h>
32 #include <linux/socket.h>
33 #include <linux/net.h>
34 #include <linux/netdevice.h>
35 #include <linux/if_arp.h>
36 #include <linux/in6.h>
37 #include <linux/tcp.h>
38 #include <linux/route.h>
39 #include <linux/module.h>
40 #include <linux/slab.h>
41
42 #include <linux/netfilter.h>
43 #include <linux/netfilter_ipv6.h>
44
45 #include <net/sock.h>
46 #include <net/snmp.h>
47
48 #include <net/ipv6.h>
49 #include <net/ndisc.h>
50 #include <net/protocol.h>
51 #include <net/ip6_route.h>
52 #include <net/addrconf.h>
53 #include <net/rawv6.h>
54 #include <net/icmp.h>
55 #include <net/xfrm.h>
56 #include <net/checksum.h>
57 #include <linux/mroute6.h>
58
59 int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *));
60
61 int __ip6_local_out(struct sk_buff *skb)
62 {
63 int len;
64
65 len = skb->len - sizeof(struct ipv6hdr);
66 if (len > IPV6_MAXPLEN)
67 len = 0;
68 ipv6_hdr(skb)->payload_len = htons(len);
69
70 return nf_hook(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL,
71 skb_dst(skb)->dev, dst_output);
72 }
73
74 int ip6_local_out(struct sk_buff *skb)
75 {
76 int err;
77
78 err = __ip6_local_out(skb);
79 if (likely(err == 1))
80 err = dst_output(skb);
81
82 return err;
83 }
84 EXPORT_SYMBOL_GPL(ip6_local_out);
85
86 /* dev_loopback_xmit for use with netfilter. */
87 static int ip6_dev_loopback_xmit(struct sk_buff *newskb)
88 {
89 skb_reset_mac_header(newskb);
90 __skb_pull(newskb, skb_network_offset(newskb));
91 newskb->pkt_type = PACKET_LOOPBACK;
92 newskb->ip_summed = CHECKSUM_UNNECESSARY;
93 WARN_ON(!skb_dst(newskb));
94
95 netif_rx_ni(newskb);
96 return 0;
97 }
98
99 static int ip6_finish_output2(struct sk_buff *skb)
100 {
101 struct dst_entry *dst = skb_dst(skb);
102 struct net_device *dev = dst->dev;
103 struct neighbour *neigh;
104 int res;
105
106 skb->protocol = htons(ETH_P_IPV6);
107 skb->dev = dev;
108
109 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
110 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
111
112 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(skb->sk) &&
113 ((mroute6_socket(dev_net(dev), skb) &&
114 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
115 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
116 &ipv6_hdr(skb)->saddr))) {
117 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
118
119 /* Do not check for IFF_ALLMULTI; multicast routing
120 is not supported in any case.
121 */
122 if (newskb)
123 NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING,
124 newskb, NULL, newskb->dev,
125 ip6_dev_loopback_xmit);
126
127 if (ipv6_hdr(skb)->hop_limit == 0) {
128 IP6_INC_STATS(dev_net(dev), idev,
129 IPSTATS_MIB_OUTDISCARDS);
130 kfree_skb(skb);
131 return 0;
132 }
133 }
134
135 IP6_UPD_PO_STATS(dev_net(dev), idev, IPSTATS_MIB_OUTMCAST,
136 skb->len);
137 }
138
139 rcu_read_lock();
140 if (dst->hh) {
141 res = neigh_hh_output(dst->hh, skb);
142
143 rcu_read_unlock();
144 return res;
145 } else {
146 neigh = dst_get_neighbour(dst);
147 if (neigh) {
148 res = neigh->output(skb);
149
150 rcu_read_unlock();
151 return res;
152 }
153 rcu_read_unlock();
154 }
155
156 IP6_INC_STATS_BH(dev_net(dst->dev),
157 ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
158 kfree_skb(skb);
159 return -EINVAL;
160 }
161
162 static int ip6_finish_output(struct sk_buff *skb)
163 {
164 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
165 dst_allfrag(skb_dst(skb)))
166 return ip6_fragment(skb, ip6_finish_output2);
167 else
168 return ip6_finish_output2(skb);
169 }
170
171 int ip6_output(struct sk_buff *skb)
172 {
173 struct net_device *dev = skb_dst(skb)->dev;
174 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
175 if (unlikely(idev->cnf.disable_ipv6)) {
176 IP6_INC_STATS(dev_net(dev), idev,
177 IPSTATS_MIB_OUTDISCARDS);
178 kfree_skb(skb);
179 return 0;
180 }
181
182 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, NULL, dev,
183 ip6_finish_output,
184 !(IP6CB(skb)->flags & IP6SKB_REROUTED));
185 }
186
187 /*
188 * xmit an sk_buff (used by TCP, SCTP and DCCP)
189 */
190
191 int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
192 struct ipv6_txoptions *opt)
193 {
194 struct net *net = sock_net(sk);
195 struct ipv6_pinfo *np = inet6_sk(sk);
196 struct in6_addr *first_hop = &fl6->daddr;
197 struct dst_entry *dst = skb_dst(skb);
198 struct ipv6hdr *hdr;
199 u8 proto = fl6->flowi6_proto;
200 int seg_len = skb->len;
201 int hlimit = -1;
202 int tclass = 0;
203 u32 mtu;
204
205 if (opt) {
206 unsigned int head_room;
207
208 /* First: exthdrs may take lots of space (~8K for now)
209 MAX_HEADER is not enough.
210 */
211 head_room = opt->opt_nflen + opt->opt_flen;
212 seg_len += head_room;
213 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev);
214
215 if (skb_headroom(skb) < head_room) {
216 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room);
217 if (skb2 == NULL) {
218 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
219 IPSTATS_MIB_OUTDISCARDS);
220 kfree_skb(skb);
221 return -ENOBUFS;
222 }
223 kfree_skb(skb);
224 skb = skb2;
225 skb_set_owner_w(skb, sk);
226 }
227 if (opt->opt_flen)
228 ipv6_push_frag_opts(skb, opt, &proto);
229 if (opt->opt_nflen)
230 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop);
231 }
232
233 skb_push(skb, sizeof(struct ipv6hdr));
234 skb_reset_network_header(skb);
235 hdr = ipv6_hdr(skb);
236
237 /*
238 * Fill in the IPv6 header
239 */
240 if (np) {
241 tclass = np->tclass;
242 hlimit = np->hop_limit;
243 }
244 if (hlimit < 0)
245 hlimit = ip6_dst_hoplimit(dst);
246
247 *(__be32 *)hdr = htonl(0x60000000 | (tclass << 20)) | fl6->flowlabel;
248
249 hdr->payload_len = htons(seg_len);
250 hdr->nexthdr = proto;
251 hdr->hop_limit = hlimit;
252
253 ipv6_addr_copy(&hdr->saddr, &fl6->saddr);
254 ipv6_addr_copy(&hdr->daddr, first_hop);
255
256 skb->priority = sk->sk_priority;
257 skb->mark = sk->sk_mark;
258
259 mtu = dst_mtu(dst);
260 if ((skb->len <= mtu) || skb->local_df || skb_is_gso(skb)) {
261 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)),
262 IPSTATS_MIB_OUT, skb->len);
263 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL,
264 dst->dev, dst_output);
265 }
266
267 if (net_ratelimit())
268 printk(KERN_DEBUG "IPv6: sending pkt_too_big to self\n");
269 skb->dev = dst->dev;
270 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
271 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS);
272 kfree_skb(skb);
273 return -EMSGSIZE;
274 }
275
276 EXPORT_SYMBOL(ip6_xmit);
277
278 /*
279 * To avoid extra problems ND packets are send through this
280 * routine. It's code duplication but I really want to avoid
281 * extra checks since ipv6_build_header is used by TCP (which
282 * is for us performance critical)
283 */
284
285 int ip6_nd_hdr(struct sock *sk, struct sk_buff *skb, struct net_device *dev,
286 const struct in6_addr *saddr, const struct in6_addr *daddr,
287 int proto, int len)
288 {
289 struct ipv6_pinfo *np = inet6_sk(sk);
290 struct ipv6hdr *hdr;
291
292 skb->protocol = htons(ETH_P_IPV6);
293 skb->dev = dev;
294
295 skb_reset_network_header(skb);
296 skb_put(skb, sizeof(struct ipv6hdr));
297 hdr = ipv6_hdr(skb);
298
299 *(__be32*)hdr = htonl(0x60000000);
300
301 hdr->payload_len = htons(len);
302 hdr->nexthdr = proto;
303 hdr->hop_limit = np->hop_limit;
304
305 ipv6_addr_copy(&hdr->saddr, saddr);
306 ipv6_addr_copy(&hdr->daddr, daddr);
307
308 return 0;
309 }
310
311 static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
312 {
313 struct ip6_ra_chain *ra;
314 struct sock *last = NULL;
315
316 read_lock(&ip6_ra_lock);
317 for (ra = ip6_ra_chain; ra; ra = ra->next) {
318 struct sock *sk = ra->sk;
319 if (sk && ra->sel == sel &&
320 (!sk->sk_bound_dev_if ||
321 sk->sk_bound_dev_if == skb->dev->ifindex)) {
322 if (last) {
323 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
324 if (skb2)
325 rawv6_rcv(last, skb2);
326 }
327 last = sk;
328 }
329 }
330
331 if (last) {
332 rawv6_rcv(last, skb);
333 read_unlock(&ip6_ra_lock);
334 return 1;
335 }
336 read_unlock(&ip6_ra_lock);
337 return 0;
338 }
339
340 static int ip6_forward_proxy_check(struct sk_buff *skb)
341 {
342 struct ipv6hdr *hdr = ipv6_hdr(skb);
343 u8 nexthdr = hdr->nexthdr;
344 int offset;
345
346 if (ipv6_ext_hdr(nexthdr)) {
347 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr);
348 if (offset < 0)
349 return 0;
350 } else
351 offset = sizeof(struct ipv6hdr);
352
353 if (nexthdr == IPPROTO_ICMPV6) {
354 struct icmp6hdr *icmp6;
355
356 if (!pskb_may_pull(skb, (skb_network_header(skb) +
357 offset + 1 - skb->data)))
358 return 0;
359
360 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset);
361
362 switch (icmp6->icmp6_type) {
363 case NDISC_ROUTER_SOLICITATION:
364 case NDISC_ROUTER_ADVERTISEMENT:
365 case NDISC_NEIGHBOUR_SOLICITATION:
366 case NDISC_NEIGHBOUR_ADVERTISEMENT:
367 case NDISC_REDIRECT:
368 /* For reaction involving unicast neighbor discovery
369 * message destined to the proxied address, pass it to
370 * input function.
371 */
372 return 1;
373 default:
374 break;
375 }
376 }
377
378 /*
379 * The proxying router can't forward traffic sent to a link-local
380 * address, so signal the sender and discard the packet. This
381 * behavior is clarified by the MIPv6 specification.
382 */
383 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) {
384 dst_link_failure(skb);
385 return -1;
386 }
387
388 return 0;
389 }
390
391 static inline int ip6_forward_finish(struct sk_buff *skb)
392 {
393 return dst_output(skb);
394 }
395
396 int ip6_forward(struct sk_buff *skb)
397 {
398 struct dst_entry *dst = skb_dst(skb);
399 struct ipv6hdr *hdr = ipv6_hdr(skb);
400 struct inet6_skb_parm *opt = IP6CB(skb);
401 struct net *net = dev_net(dst->dev);
402 struct neighbour *n;
403 u32 mtu;
404
405 if (net->ipv6.devconf_all->forwarding == 0)
406 goto error;
407
408 if (skb_warn_if_lro(skb))
409 goto drop;
410
411 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
412 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
413 goto drop;
414 }
415
416 if (skb->pkt_type != PACKET_HOST)
417 goto drop;
418
419 skb_forward_csum(skb);
420
421 /*
422 * We DO NOT make any processing on
423 * RA packets, pushing them to user level AS IS
424 * without ane WARRANTY that application will be able
425 * to interpret them. The reason is that we
426 * cannot make anything clever here.
427 *
428 * We are not end-node, so that if packet contains
429 * AH/ESP, we cannot make anything.
430 * Defragmentation also would be mistake, RA packets
431 * cannot be fragmented, because there is no warranty
432 * that different fragments will go along one path. --ANK
433 */
434 if (opt->ra) {
435 u8 *ptr = skb_network_header(skb) + opt->ra;
436 if (ip6_call_ra_chain(skb, (ptr[2]<<8) + ptr[3]))
437 return 0;
438 }
439
440 /*
441 * check and decrement ttl
442 */
443 if (hdr->hop_limit <= 1) {
444 /* Force OUTPUT device used as source address */
445 skb->dev = dst->dev;
446 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0);
447 IP6_INC_STATS_BH(net,
448 ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS);
449
450 kfree_skb(skb);
451 return -ETIMEDOUT;
452 }
453
454 /* XXX: idev->cnf.proxy_ndp? */
455 if (net->ipv6.devconf_all->proxy_ndp &&
456 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
457 int proxied = ip6_forward_proxy_check(skb);
458 if (proxied > 0)
459 return ip6_input(skb);
460 else if (proxied < 0) {
461 IP6_INC_STATS(net, ip6_dst_idev(dst),
462 IPSTATS_MIB_INDISCARDS);
463 goto drop;
464 }
465 }
466
467 if (!xfrm6_route_forward(skb)) {
468 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
469 goto drop;
470 }
471 dst = skb_dst(skb);
472
473 /* IPv6 specs say nothing about it, but it is clear that we cannot
474 send redirects to source routed frames.
475 We don't send redirects to frames decapsulated from IPsec.
476 */
477 n = dst_get_neighbour(dst);
478 if (skb->dev == dst->dev && n && opt->srcrt == 0 && !skb_sec_path(skb)) {
479 struct in6_addr *target = NULL;
480 struct rt6_info *rt;
481
482 /*
483 * incoming and outgoing devices are the same
484 * send a redirect.
485 */
486
487 rt = (struct rt6_info *) dst;
488 if ((rt->rt6i_flags & RTF_GATEWAY))
489 target = (struct in6_addr*)&n->primary_key;
490 else
491 target = &hdr->daddr;
492
493 if (!rt->rt6i_peer)
494 rt6_bind_peer(rt, 1);
495
496 /* Limit redirects both by destination (here)
497 and by source (inside ndisc_send_redirect)
498 */
499 if (inet_peer_xrlim_allow(rt->rt6i_peer, 1*HZ))
500 ndisc_send_redirect(skb, n, target);
501 } else {
502 int addrtype = ipv6_addr_type(&hdr->saddr);
503
504 /* This check is security critical. */
505 if (addrtype == IPV6_ADDR_ANY ||
506 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
507 goto error;
508 if (addrtype & IPV6_ADDR_LINKLOCAL) {
509 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
510 ICMPV6_NOT_NEIGHBOUR, 0);
511 goto error;
512 }
513 }
514
515 mtu = dst_mtu(dst);
516 if (mtu < IPV6_MIN_MTU)
517 mtu = IPV6_MIN_MTU;
518
519 if (skb->len > mtu && !skb_is_gso(skb)) {
520 /* Again, force OUTPUT device used as source address */
521 skb->dev = dst->dev;
522 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
523 IP6_INC_STATS_BH(net,
524 ip6_dst_idev(dst), IPSTATS_MIB_INTOOBIGERRORS);
525 IP6_INC_STATS_BH(net,
526 ip6_dst_idev(dst), IPSTATS_MIB_FRAGFAILS);
527 kfree_skb(skb);
528 return -EMSGSIZE;
529 }
530
531 if (skb_cow(skb, dst->dev->hard_header_len)) {
532 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTDISCARDS);
533 goto drop;
534 }
535
536 hdr = ipv6_hdr(skb);
537
538 /* Mangling hops number delayed to point after skb COW */
539
540 hdr->hop_limit--;
541
542 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
543 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, skb, skb->dev, dst->dev,
544 ip6_forward_finish);
545
546 error:
547 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS);
548 drop:
549 kfree_skb(skb);
550 return -EINVAL;
551 }
552
553 static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
554 {
555 to->pkt_type = from->pkt_type;
556 to->priority = from->priority;
557 to->protocol = from->protocol;
558 skb_dst_drop(to);
559 skb_dst_set(to, dst_clone(skb_dst(from)));
560 to->dev = from->dev;
561 to->mark = from->mark;
562
563 #ifdef CONFIG_NET_SCHED
564 to->tc_index = from->tc_index;
565 #endif
566 nf_copy(to, from);
567 #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
568 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
569 to->nf_trace = from->nf_trace;
570 #endif
571 skb_copy_secmark(to, from);
572 }
573
574 int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
575 {
576 u16 offset = sizeof(struct ipv6hdr);
577 struct ipv6_opt_hdr *exthdr =
578 (struct ipv6_opt_hdr *)(ipv6_hdr(skb) + 1);
579 unsigned int packet_len = skb->tail - skb->network_header;
580 int found_rhdr = 0;
581 *nexthdr = &ipv6_hdr(skb)->nexthdr;
582
583 while (offset + 1 <= packet_len) {
584
585 switch (**nexthdr) {
586
587 case NEXTHDR_HOP:
588 break;
589 case NEXTHDR_ROUTING:
590 found_rhdr = 1;
591 break;
592 case NEXTHDR_DEST:
593 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
594 if (ipv6_find_tlv(skb, offset, IPV6_TLV_HAO) >= 0)
595 break;
596 #endif
597 if (found_rhdr)
598 return offset;
599 break;
600 default :
601 return offset;
602 }
603
604 offset += ipv6_optlen(exthdr);
605 *nexthdr = &exthdr->nexthdr;
606 exthdr = (struct ipv6_opt_hdr *)(skb_network_header(skb) +
607 offset);
608 }
609
610 return offset;
611 }
612
613 static u32 hashidentrnd __read_mostly;
614 #define FID_HASH_SZ 16
615 static u32 ipv6_fragmentation_id[FID_HASH_SZ];
616
617 void __init initialize_hashidentrnd(void)
618 {
619 get_random_bytes(&hashidentrnd, sizeof(hashidentrnd));
620 }
621
622 static u32 __ipv6_select_ident(const struct in6_addr *addr)
623 {
624 u32 newid, oldid, hash = jhash2((u32 *)addr, 4, hashidentrnd);
625 u32 *pid = &ipv6_fragmentation_id[hash % FID_HASH_SZ];
626
627 do {
628 oldid = *pid;
629 newid = oldid + 1;
630 if (!(hash + newid))
631 newid++;
632 } while (cmpxchg(pid, oldid, newid) != oldid);
633
634 return hash + newid;
635 }
636
637 void ipv6_select_ident(struct frag_hdr *fhdr, struct in6_addr *addr)
638 {
639 fhdr->identification = htonl(__ipv6_select_ident(addr));
640 }
641
642 int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
643 {
644 struct sk_buff *frag;
645 struct rt6_info *rt = (struct rt6_info*)skb_dst(skb);
646 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
647 struct ipv6hdr *tmp_hdr;
648 struct frag_hdr *fh;
649 unsigned int mtu, hlen, left, len;
650 __be32 frag_id = 0;
651 int ptr, offset = 0, err=0;
652 u8 *prevhdr, nexthdr = 0;
653 struct net *net = dev_net(skb_dst(skb)->dev);
654
655 hlen = ip6_find_1stfragopt(skb, &prevhdr);
656 nexthdr = *prevhdr;
657
658 mtu = ip6_skb_dst_mtu(skb);
659
660 /* We must not fragment if the socket is set to force MTU discovery
661 * or if the skb it not generated by a local socket.
662 */
663 if (!skb->local_df && skb->len > mtu) {
664 skb->dev = skb_dst(skb)->dev;
665 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
666 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
667 IPSTATS_MIB_FRAGFAILS);
668 kfree_skb(skb);
669 return -EMSGSIZE;
670 }
671
672 if (np && np->frag_size < mtu) {
673 if (np->frag_size)
674 mtu = np->frag_size;
675 }
676 mtu -= hlen + sizeof(struct frag_hdr);
677
678 if (skb_has_frag_list(skb)) {
679 int first_len = skb_pagelen(skb);
680 struct sk_buff *frag2;
681
682 if (first_len - hlen > mtu ||
683 ((first_len - hlen) & 7) ||
684 skb_cloned(skb))
685 goto slow_path;
686
687 skb_walk_frags(skb, frag) {
688 /* Correct geometry. */
689 if (frag->len > mtu ||
690 ((frag->len & 7) && frag->next) ||
691 skb_headroom(frag) < hlen)
692 goto slow_path_clean;
693
694 /* Partially cloned skb? */
695 if (skb_shared(frag))
696 goto slow_path_clean;
697
698 BUG_ON(frag->sk);
699 if (skb->sk) {
700 frag->sk = skb->sk;
701 frag->destructor = sock_wfree;
702 }
703 skb->truesize -= frag->truesize;
704 }
705
706 err = 0;
707 offset = 0;
708 frag = skb_shinfo(skb)->frag_list;
709 skb_frag_list_init(skb);
710 /* BUILD HEADER */
711
712 *prevhdr = NEXTHDR_FRAGMENT;
713 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
714 if (!tmp_hdr) {
715 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
716 IPSTATS_MIB_FRAGFAILS);
717 return -ENOMEM;
718 }
719
720 __skb_pull(skb, hlen);
721 fh = (struct frag_hdr*)__skb_push(skb, sizeof(struct frag_hdr));
722 __skb_push(skb, hlen);
723 skb_reset_network_header(skb);
724 memcpy(skb_network_header(skb), tmp_hdr, hlen);
725
726 ipv6_select_ident(fh, &rt->rt6i_dst.addr);
727 fh->nexthdr = nexthdr;
728 fh->reserved = 0;
729 fh->frag_off = htons(IP6_MF);
730 frag_id = fh->identification;
731
732 first_len = skb_pagelen(skb);
733 skb->data_len = first_len - skb_headlen(skb);
734 skb->len = first_len;
735 ipv6_hdr(skb)->payload_len = htons(first_len -
736 sizeof(struct ipv6hdr));
737
738 dst_hold(&rt->dst);
739
740 for (;;) {
741 /* Prepare header of the next frame,
742 * before previous one went down. */
743 if (frag) {
744 frag->ip_summed = CHECKSUM_NONE;
745 skb_reset_transport_header(frag);
746 fh = (struct frag_hdr*)__skb_push(frag, sizeof(struct frag_hdr));
747 __skb_push(frag, hlen);
748 skb_reset_network_header(frag);
749 memcpy(skb_network_header(frag), tmp_hdr,
750 hlen);
751 offset += skb->len - hlen - sizeof(struct frag_hdr);
752 fh->nexthdr = nexthdr;
753 fh->reserved = 0;
754 fh->frag_off = htons(offset);
755 if (frag->next != NULL)
756 fh->frag_off |= htons(IP6_MF);
757 fh->identification = frag_id;
758 ipv6_hdr(frag)->payload_len =
759 htons(frag->len -
760 sizeof(struct ipv6hdr));
761 ip6_copy_metadata(frag, skb);
762 }
763
764 err = output(skb);
765 if(!err)
766 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
767 IPSTATS_MIB_FRAGCREATES);
768
769 if (err || !frag)
770 break;
771
772 skb = frag;
773 frag = skb->next;
774 skb->next = NULL;
775 }
776
777 kfree(tmp_hdr);
778
779 if (err == 0) {
780 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
781 IPSTATS_MIB_FRAGOKS);
782 dst_release(&rt->dst);
783 return 0;
784 }
785
786 while (frag) {
787 skb = frag->next;
788 kfree_skb(frag);
789 frag = skb;
790 }
791
792 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
793 IPSTATS_MIB_FRAGFAILS);
794 dst_release(&rt->dst);
795 return err;
796
797 slow_path_clean:
798 skb_walk_frags(skb, frag2) {
799 if (frag2 == frag)
800 break;
801 frag2->sk = NULL;
802 frag2->destructor = NULL;
803 skb->truesize += frag2->truesize;
804 }
805 }
806
807 slow_path:
808 left = skb->len - hlen; /* Space per frame */
809 ptr = hlen; /* Where to start from */
810
811 /*
812 * Fragment the datagram.
813 */
814
815 *prevhdr = NEXTHDR_FRAGMENT;
816
817 /*
818 * Keep copying data until we run out.
819 */
820 while(left > 0) {
821 len = left;
822 /* IF: it doesn't fit, use 'mtu' - the data space left */
823 if (len > mtu)
824 len = mtu;
825 /* IF: we are not sending up to and including the packet end
826 then align the next start on an eight byte boundary */
827 if (len < left) {
828 len &= ~7;
829 }
830 /*
831 * Allocate buffer.
832 */
833
834 if ((frag = alloc_skb(len+hlen+sizeof(struct frag_hdr)+LL_ALLOCATED_SPACE(rt->dst.dev), GFP_ATOMIC)) == NULL) {
835 NETDEBUG(KERN_INFO "IPv6: frag: no memory for new fragment!\n");
836 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
837 IPSTATS_MIB_FRAGFAILS);
838 err = -ENOMEM;
839 goto fail;
840 }
841
842 /*
843 * Set up data on packet
844 */
845
846 ip6_copy_metadata(frag, skb);
847 skb_reserve(frag, LL_RESERVED_SPACE(rt->dst.dev));
848 skb_put(frag, len + hlen + sizeof(struct frag_hdr));
849 skb_reset_network_header(frag);
850 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen);
851 frag->transport_header = (frag->network_header + hlen +
852 sizeof(struct frag_hdr));
853
854 /*
855 * Charge the memory for the fragment to any owner
856 * it might possess
857 */
858 if (skb->sk)
859 skb_set_owner_w(frag, skb->sk);
860
861 /*
862 * Copy the packet header into the new buffer.
863 */
864 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen);
865
866 /*
867 * Build fragment header.
868 */
869 fh->nexthdr = nexthdr;
870 fh->reserved = 0;
871 if (!frag_id) {
872 ipv6_select_ident(fh, &rt->rt6i_dst.addr);
873 frag_id = fh->identification;
874 } else
875 fh->identification = frag_id;
876
877 /*
878 * Copy a block of the IP datagram.
879 */
880 if (skb_copy_bits(skb, ptr, skb_transport_header(frag), len))
881 BUG();
882 left -= len;
883
884 fh->frag_off = htons(offset);
885 if (left > 0)
886 fh->frag_off |= htons(IP6_MF);
887 ipv6_hdr(frag)->payload_len = htons(frag->len -
888 sizeof(struct ipv6hdr));
889
890 ptr += len;
891 offset += len;
892
893 /*
894 * Put this fragment into the sending queue.
895 */
896 err = output(frag);
897 if (err)
898 goto fail;
899
900 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
901 IPSTATS_MIB_FRAGCREATES);
902 }
903 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
904 IPSTATS_MIB_FRAGOKS);
905 kfree_skb(skb);
906 return err;
907
908 fail:
909 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
910 IPSTATS_MIB_FRAGFAILS);
911 kfree_skb(skb);
912 return err;
913 }
914
915 static inline int ip6_rt_check(const struct rt6key *rt_key,
916 const struct in6_addr *fl_addr,
917 const struct in6_addr *addr_cache)
918 {
919 return (rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) &&
920 (addr_cache == NULL || !ipv6_addr_equal(fl_addr, addr_cache));
921 }
922
923 static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
924 struct dst_entry *dst,
925 const struct flowi6 *fl6)
926 {
927 struct ipv6_pinfo *np = inet6_sk(sk);
928 struct rt6_info *rt = (struct rt6_info *)dst;
929
930 if (!dst)
931 goto out;
932
933 /* Yes, checking route validity in not connected
934 * case is not very simple. Take into account,
935 * that we do not support routing by source, TOS,
936 * and MSG_DONTROUTE --ANK (980726)
937 *
938 * 1. ip6_rt_check(): If route was host route,
939 * check that cached destination is current.
940 * If it is network route, we still may
941 * check its validity using saved pointer
942 * to the last used address: daddr_cache.
943 * We do not want to save whole address now,
944 * (because main consumer of this service
945 * is tcp, which has not this problem),
946 * so that the last trick works only on connected
947 * sockets.
948 * 2. oif also should be the same.
949 */
950 if (ip6_rt_check(&rt->rt6i_dst, &fl6->daddr, np->daddr_cache) ||
951 #ifdef CONFIG_IPV6_SUBTREES
952 ip6_rt_check(&rt->rt6i_src, &fl6->saddr, np->saddr_cache) ||
953 #endif
954 (fl6->flowi6_oif && fl6->flowi6_oif != dst->dev->ifindex)) {
955 dst_release(dst);
956 dst = NULL;
957 }
958
959 out:
960 return dst;
961 }
962
963 static int ip6_dst_lookup_tail(struct sock *sk,
964 struct dst_entry **dst, struct flowi6 *fl6)
965 {
966 struct net *net = sock_net(sk);
967 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
968 struct neighbour *n;
969 #endif
970 int err;
971
972 if (*dst == NULL)
973 *dst = ip6_route_output(net, sk, fl6);
974
975 if ((err = (*dst)->error))
976 goto out_err_release;
977
978 if (ipv6_addr_any(&fl6->saddr)) {
979 struct rt6_info *rt = (struct rt6_info *) *dst;
980 err = ip6_route_get_saddr(net, rt, &fl6->daddr,
981 sk ? inet6_sk(sk)->srcprefs : 0,
982 &fl6->saddr);
983 if (err)
984 goto out_err_release;
985 }
986
987 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
988 /*
989 * Here if the dst entry we've looked up
990 * has a neighbour entry that is in the INCOMPLETE
991 * state and the src address from the flow is
992 * marked as OPTIMISTIC, we release the found
993 * dst entry and replace it instead with the
994 * dst entry of the nexthop router
995 */
996 rcu_read_lock();
997 n = dst_get_neighbour(*dst);
998 if (n && !(n->nud_state & NUD_VALID)) {
999 struct inet6_ifaddr *ifp;
1000 struct flowi6 fl_gw6;
1001 int redirect;
1002
1003 rcu_read_unlock();
1004 ifp = ipv6_get_ifaddr(net, &fl6->saddr,
1005 (*dst)->dev, 1);
1006
1007 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
1008 if (ifp)
1009 in6_ifa_put(ifp);
1010
1011 if (redirect) {
1012 /*
1013 * We need to get the dst entry for the
1014 * default router instead
1015 */
1016 dst_release(*dst);
1017 memcpy(&fl_gw6, fl6, sizeof(struct flowi6));
1018 memset(&fl_gw6.daddr, 0, sizeof(struct in6_addr));
1019 *dst = ip6_route_output(net, sk, &fl_gw6);
1020 if ((err = (*dst)->error))
1021 goto out_err_release;
1022 }
1023 } else {
1024 rcu_read_unlock();
1025 }
1026 #endif
1027
1028 return 0;
1029
1030 out_err_release:
1031 if (err == -ENETUNREACH)
1032 IP6_INC_STATS_BH(net, NULL, IPSTATS_MIB_OUTNOROUTES);
1033 dst_release(*dst);
1034 *dst = NULL;
1035 return err;
1036 }
1037
1038 /**
1039 * ip6_dst_lookup - perform route lookup on flow
1040 * @sk: socket which provides route info
1041 * @dst: pointer to dst_entry * for result
1042 * @fl6: flow to lookup
1043 *
1044 * This function performs a route lookup on the given flow.
1045 *
1046 * It returns zero on success, or a standard errno code on error.
1047 */
1048 int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi6 *fl6)
1049 {
1050 *dst = NULL;
1051 return ip6_dst_lookup_tail(sk, dst, fl6);
1052 }
1053 EXPORT_SYMBOL_GPL(ip6_dst_lookup);
1054
1055 /**
1056 * ip6_dst_lookup_flow - perform route lookup on flow with ipsec
1057 * @sk: socket which provides route info
1058 * @fl6: flow to lookup
1059 * @final_dst: final destination address for ipsec lookup
1060 * @can_sleep: we are in a sleepable context
1061 *
1062 * This function performs a route lookup on the given flow.
1063 *
1064 * It returns a valid dst pointer on success, or a pointer encoded
1065 * error code.
1066 */
1067 struct dst_entry *ip6_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
1068 const struct in6_addr *final_dst,
1069 bool can_sleep)
1070 {
1071 struct dst_entry *dst = NULL;
1072 int err;
1073
1074 err = ip6_dst_lookup_tail(sk, &dst, fl6);
1075 if (err)
1076 return ERR_PTR(err);
1077 if (final_dst)
1078 ipv6_addr_copy(&fl6->daddr, final_dst);
1079 if (can_sleep)
1080 fl6->flowi6_flags |= FLOWI_FLAG_CAN_SLEEP;
1081
1082 return xfrm_lookup(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
1083 }
1084 EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow);
1085
1086 /**
1087 * ip6_sk_dst_lookup_flow - perform socket cached route lookup on flow
1088 * @sk: socket which provides the dst cache and route info
1089 * @fl6: flow to lookup
1090 * @final_dst: final destination address for ipsec lookup
1091 * @can_sleep: we are in a sleepable context
1092 *
1093 * This function performs a route lookup on the given flow with the
1094 * possibility of using the cached route in the socket if it is valid.
1095 * It will take the socket dst lock when operating on the dst cache.
1096 * As a result, this function can only be used in process context.
1097 *
1098 * It returns a valid dst pointer on success, or a pointer encoded
1099 * error code.
1100 */
1101 struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
1102 const struct in6_addr *final_dst,
1103 bool can_sleep)
1104 {
1105 struct dst_entry *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
1106 int err;
1107
1108 dst = ip6_sk_dst_check(sk, dst, fl6);
1109
1110 err = ip6_dst_lookup_tail(sk, &dst, fl6);
1111 if (err)
1112 return ERR_PTR(err);
1113 if (final_dst)
1114 ipv6_addr_copy(&fl6->daddr, final_dst);
1115 if (can_sleep)
1116 fl6->flowi6_flags |= FLOWI_FLAG_CAN_SLEEP;
1117
1118 return xfrm_lookup(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
1119 }
1120 EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow);
1121
1122 static inline int ip6_ufo_append_data(struct sock *sk,
1123 int getfrag(void *from, char *to, int offset, int len,
1124 int odd, struct sk_buff *skb),
1125 void *from, int length, int hh_len, int fragheaderlen,
1126 int transhdrlen, int mtu,unsigned int flags,
1127 struct rt6_info *rt)
1128
1129 {
1130 struct sk_buff *skb;
1131 int err;
1132
1133 /* There is support for UDP large send offload by network
1134 * device, so create one single skb packet containing complete
1135 * udp datagram
1136 */
1137 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) {
1138 skb = sock_alloc_send_skb(sk,
1139 hh_len + fragheaderlen + transhdrlen + 20,
1140 (flags & MSG_DONTWAIT), &err);
1141 if (skb == NULL)
1142 return -ENOMEM;
1143
1144 /* reserve space for Hardware header */
1145 skb_reserve(skb, hh_len);
1146
1147 /* create space for UDP/IP header */
1148 skb_put(skb,fragheaderlen + transhdrlen);
1149
1150 /* initialize network header pointer */
1151 skb_reset_network_header(skb);
1152
1153 /* initialize protocol header pointer */
1154 skb->transport_header = skb->network_header + fragheaderlen;
1155
1156 skb->ip_summed = CHECKSUM_PARTIAL;
1157 skb->csum = 0;
1158 }
1159
1160 err = skb_append_datato_frags(sk,skb, getfrag, from,
1161 (length - transhdrlen));
1162 if (!err) {
1163 struct frag_hdr fhdr;
1164
1165 /* Specify the length of each IPv6 datagram fragment.
1166 * It has to be a multiple of 8.
1167 */
1168 skb_shinfo(skb)->gso_size = (mtu - fragheaderlen -
1169 sizeof(struct frag_hdr)) & ~7;
1170 skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
1171 ipv6_select_ident(&fhdr, &rt->rt6i_dst.addr);
1172 skb_shinfo(skb)->ip6_frag_id = fhdr.identification;
1173 __skb_queue_tail(&sk->sk_write_queue, skb);
1174
1175 return 0;
1176 }
1177 /* There is not enough support do UPD LSO,
1178 * so follow normal path
1179 */
1180 kfree_skb(skb);
1181
1182 return err;
1183 }
1184
1185 static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src,
1186 gfp_t gfp)
1187 {
1188 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1189 }
1190
1191 static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src,
1192 gfp_t gfp)
1193 {
1194 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1195 }
1196
1197 int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
1198 int offset, int len, int odd, struct sk_buff *skb),
1199 void *from, int length, int transhdrlen,
1200 int hlimit, int tclass, struct ipv6_txoptions *opt, struct flowi6 *fl6,
1201 struct rt6_info *rt, unsigned int flags, int dontfrag)
1202 {
1203 struct inet_sock *inet = inet_sk(sk);
1204 struct ipv6_pinfo *np = inet6_sk(sk);
1205 struct inet_cork *cork;
1206 struct sk_buff *skb;
1207 unsigned int maxfraglen, fragheaderlen;
1208 int exthdrlen;
1209 int hh_len;
1210 int mtu;
1211 int copy;
1212 int err;
1213 int offset = 0;
1214 int csummode = CHECKSUM_NONE;
1215 __u8 tx_flags = 0;
1216
1217 if (flags&MSG_PROBE)
1218 return 0;
1219 cork = &inet->cork.base;
1220 if (skb_queue_empty(&sk->sk_write_queue)) {
1221 /*
1222 * setup for corking
1223 */
1224 if (opt) {
1225 if (WARN_ON(np->cork.opt))
1226 return -EINVAL;
1227
1228 np->cork.opt = kmalloc(opt->tot_len, sk->sk_allocation);
1229 if (unlikely(np->cork.opt == NULL))
1230 return -ENOBUFS;
1231
1232 np->cork.opt->tot_len = opt->tot_len;
1233 np->cork.opt->opt_flen = opt->opt_flen;
1234 np->cork.opt->opt_nflen = opt->opt_nflen;
1235
1236 np->cork.opt->dst0opt = ip6_opt_dup(opt->dst0opt,
1237 sk->sk_allocation);
1238 if (opt->dst0opt && !np->cork.opt->dst0opt)
1239 return -ENOBUFS;
1240
1241 np->cork.opt->dst1opt = ip6_opt_dup(opt->dst1opt,
1242 sk->sk_allocation);
1243 if (opt->dst1opt && !np->cork.opt->dst1opt)
1244 return -ENOBUFS;
1245
1246 np->cork.opt->hopopt = ip6_opt_dup(opt->hopopt,
1247 sk->sk_allocation);
1248 if (opt->hopopt && !np->cork.opt->hopopt)
1249 return -ENOBUFS;
1250
1251 np->cork.opt->srcrt = ip6_rthdr_dup(opt->srcrt,
1252 sk->sk_allocation);
1253 if (opt->srcrt && !np->cork.opt->srcrt)
1254 return -ENOBUFS;
1255
1256 /* need source address above miyazawa*/
1257 }
1258 dst_hold(&rt->dst);
1259 cork->dst = &rt->dst;
1260 inet->cork.fl.u.ip6 = *fl6;
1261 np->cork.hop_limit = hlimit;
1262 np->cork.tclass = tclass;
1263 mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ?
1264 rt->dst.dev->mtu : dst_mtu(rt->dst.path);
1265 if (np->frag_size < mtu) {
1266 if (np->frag_size)
1267 mtu = np->frag_size;
1268 }
1269 cork->fragsize = mtu;
1270 if (dst_allfrag(rt->dst.path))
1271 cork->flags |= IPCORK_ALLFRAG;
1272 cork->length = 0;
1273 sk->sk_sndmsg_page = NULL;
1274 sk->sk_sndmsg_off = 0;
1275 exthdrlen = rt->dst.header_len + (opt ? opt->opt_flen : 0) -
1276 rt->rt6i_nfheader_len;
1277 length += exthdrlen;
1278 transhdrlen += exthdrlen;
1279 } else {
1280 rt = (struct rt6_info *)cork->dst;
1281 fl6 = &inet->cork.fl.u.ip6;
1282 opt = np->cork.opt;
1283 transhdrlen = 0;
1284 exthdrlen = 0;
1285 mtu = cork->fragsize;
1286 }
1287
1288 hh_len = LL_RESERVED_SPACE(rt->dst.dev);
1289
1290 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len +
1291 (opt ? opt->opt_nflen : 0);
1292 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr);
1293
1294 if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) {
1295 if (cork->length + length > sizeof(struct ipv6hdr) + IPV6_MAXPLEN - fragheaderlen) {
1296 ipv6_local_error(sk, EMSGSIZE, fl6, mtu-exthdrlen);
1297 return -EMSGSIZE;
1298 }
1299 }
1300
1301 /* For UDP, check if TX timestamp is enabled */
1302 if (sk->sk_type == SOCK_DGRAM) {
1303 err = sock_tx_timestamp(sk, &tx_flags);
1304 if (err)
1305 goto error;
1306 }
1307
1308 /*
1309 * Let's try using as much space as possible.
1310 * Use MTU if total length of the message fits into the MTU.
1311 * Otherwise, we need to reserve fragment header and
1312 * fragment alignment (= 8-15 octects, in total).
1313 *
1314 * Note that we may need to "move" the data from the tail of
1315 * of the buffer to the new fragment when we split
1316 * the message.
1317 *
1318 * FIXME: It may be fragmented into multiple chunks
1319 * at once if non-fragmentable extension headers
1320 * are too large.
1321 * --yoshfuji
1322 */
1323
1324 cork->length += length;
1325 if (length > mtu) {
1326 int proto = sk->sk_protocol;
1327 if (dontfrag && (proto == IPPROTO_UDP || proto == IPPROTO_RAW)){
1328 ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen);
1329 return -EMSGSIZE;
1330 }
1331
1332 if (proto == IPPROTO_UDP &&
1333 (rt->dst.dev->features & NETIF_F_UFO)) {
1334
1335 err = ip6_ufo_append_data(sk, getfrag, from, length,
1336 hh_len, fragheaderlen,
1337 transhdrlen, mtu, flags, rt);
1338 if (err)
1339 goto error;
1340 return 0;
1341 }
1342 }
1343
1344 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL)
1345 goto alloc_new_skb;
1346
1347 while (length > 0) {
1348 /* Check if the remaining data fits into current packet. */
1349 copy = (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len;
1350 if (copy < length)
1351 copy = maxfraglen - skb->len;
1352
1353 if (copy <= 0) {
1354 char *data;
1355 unsigned int datalen;
1356 unsigned int fraglen;
1357 unsigned int fraggap;
1358 unsigned int alloclen;
1359 struct sk_buff *skb_prev;
1360 alloc_new_skb:
1361 skb_prev = skb;
1362
1363 /* There's no room in the current skb */
1364 if (skb_prev)
1365 fraggap = skb_prev->len - maxfraglen;
1366 else
1367 fraggap = 0;
1368
1369 /*
1370 * If remaining data exceeds the mtu,
1371 * we know we need more fragment(s).
1372 */
1373 datalen = length + fraggap;
1374 if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)
1375 datalen = maxfraglen - fragheaderlen;
1376
1377 fraglen = datalen + fragheaderlen;
1378 if ((flags & MSG_MORE) &&
1379 !(rt->dst.dev->features&NETIF_F_SG))
1380 alloclen = mtu;
1381 else
1382 alloclen = datalen + fragheaderlen;
1383
1384 /*
1385 * The last fragment gets additional space at tail.
1386 * Note: we overallocate on fragments with MSG_MODE
1387 * because we have no idea if we're the last one.
1388 */
1389 if (datalen == length + fraggap)
1390 alloclen += rt->dst.trailer_len;
1391
1392 /*
1393 * We just reserve space for fragment header.
1394 * Note: this may be overallocation if the message
1395 * (without MSG_MORE) fits into the MTU.
1396 */
1397 alloclen += sizeof(struct frag_hdr);
1398
1399 if (transhdrlen) {
1400 skb = sock_alloc_send_skb(sk,
1401 alloclen + hh_len,
1402 (flags & MSG_DONTWAIT), &err);
1403 } else {
1404 skb = NULL;
1405 if (atomic_read(&sk->sk_wmem_alloc) <=
1406 2 * sk->sk_sndbuf)
1407 skb = sock_wmalloc(sk,
1408 alloclen + hh_len, 1,
1409 sk->sk_allocation);
1410 if (unlikely(skb == NULL))
1411 err = -ENOBUFS;
1412 else {
1413 /* Only the initial fragment
1414 * is time stamped.
1415 */
1416 tx_flags = 0;
1417 }
1418 }
1419 if (skb == NULL)
1420 goto error;
1421 /*
1422 * Fill in the control structures
1423 */
1424 skb->ip_summed = csummode;
1425 skb->csum = 0;
1426 /* reserve for fragmentation */
1427 skb_reserve(skb, hh_len+sizeof(struct frag_hdr));
1428
1429 if (sk->sk_type == SOCK_DGRAM)
1430 skb_shinfo(skb)->tx_flags = tx_flags;
1431
1432 /*
1433 * Find where to start putting bytes
1434 */
1435 data = skb_put(skb, fraglen);
1436 skb_set_network_header(skb, exthdrlen);
1437 data += fragheaderlen;
1438 skb->transport_header = (skb->network_header +
1439 fragheaderlen);
1440 if (fraggap) {
1441 skb->csum = skb_copy_and_csum_bits(
1442 skb_prev, maxfraglen,
1443 data + transhdrlen, fraggap, 0);
1444 skb_prev->csum = csum_sub(skb_prev->csum,
1445 skb->csum);
1446 data += fraggap;
1447 pskb_trim_unique(skb_prev, maxfraglen);
1448 }
1449 copy = datalen - transhdrlen - fraggap;
1450 if (copy < 0) {
1451 err = -EINVAL;
1452 kfree_skb(skb);
1453 goto error;
1454 } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) {
1455 err = -EFAULT;
1456 kfree_skb(skb);
1457 goto error;
1458 }
1459
1460 offset += copy;
1461 length -= datalen - fraggap;
1462 transhdrlen = 0;
1463 exthdrlen = 0;
1464 csummode = CHECKSUM_NONE;
1465
1466 /*
1467 * Put the packet on the pending queue
1468 */
1469 __skb_queue_tail(&sk->sk_write_queue, skb);
1470 continue;
1471 }
1472
1473 if (copy > length)
1474 copy = length;
1475
1476 if (!(rt->dst.dev->features&NETIF_F_SG)) {
1477 unsigned int off;
1478
1479 off = skb->len;
1480 if (getfrag(from, skb_put(skb, copy),
1481 offset, copy, off, skb) < 0) {
1482 __skb_trim(skb, off);
1483 err = -EFAULT;
1484 goto error;
1485 }
1486 } else {
1487 int i = skb_shinfo(skb)->nr_frags;
1488 skb_frag_t *frag = &skb_shinfo(skb)->frags[i-1];
1489 struct page *page = sk->sk_sndmsg_page;
1490 int off = sk->sk_sndmsg_off;
1491 unsigned int left;
1492
1493 if (page && (left = PAGE_SIZE - off) > 0) {
1494 if (copy >= left)
1495 copy = left;
1496 if (page != frag->page) {
1497 if (i == MAX_SKB_FRAGS) {
1498 err = -EMSGSIZE;
1499 goto error;
1500 }
1501 get_page(page);
1502 skb_fill_page_desc(skb, i, page, sk->sk_sndmsg_off, 0);
1503 frag = &skb_shinfo(skb)->frags[i];
1504 }
1505 } else if(i < MAX_SKB_FRAGS) {
1506 if (copy > PAGE_SIZE)
1507 copy = PAGE_SIZE;
1508 page = alloc_pages(sk->sk_allocation, 0);
1509 if (page == NULL) {
1510 err = -ENOMEM;
1511 goto error;
1512 }
1513 sk->sk_sndmsg_page = page;
1514 sk->sk_sndmsg_off = 0;
1515
1516 skb_fill_page_desc(skb, i, page, 0, 0);
1517 frag = &skb_shinfo(skb)->frags[i];
1518 } else {
1519 err = -EMSGSIZE;
1520 goto error;
1521 }
1522 if (getfrag(from, page_address(frag->page)+frag->page_offset+frag->size, offset, copy, skb->len, skb) < 0) {
1523 err = -EFAULT;
1524 goto error;
1525 }
1526 sk->sk_sndmsg_off += copy;
1527 frag->size += copy;
1528 skb->len += copy;
1529 skb->data_len += copy;
1530 skb->truesize += copy;
1531 atomic_add(copy, &sk->sk_wmem_alloc);
1532 }
1533 offset += copy;
1534 length -= copy;
1535 }
1536 return 0;
1537 error:
1538 cork->length -= length;
1539 IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1540 return err;
1541 }
1542
1543 static void ip6_cork_release(struct inet_sock *inet, struct ipv6_pinfo *np)
1544 {
1545 if (np->cork.opt) {
1546 kfree(np->cork.opt->dst0opt);
1547 kfree(np->cork.opt->dst1opt);
1548 kfree(np->cork.opt->hopopt);
1549 kfree(np->cork.opt->srcrt);
1550 kfree(np->cork.opt);
1551 np->cork.opt = NULL;
1552 }
1553
1554 if (inet->cork.base.dst) {
1555 dst_release(inet->cork.base.dst);
1556 inet->cork.base.dst = NULL;
1557 inet->cork.base.flags &= ~IPCORK_ALLFRAG;
1558 }
1559 memset(&inet->cork.fl, 0, sizeof(inet->cork.fl));
1560 }
1561
1562 int ip6_push_pending_frames(struct sock *sk)
1563 {
1564 struct sk_buff *skb, *tmp_skb;
1565 struct sk_buff **tail_skb;
1566 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf;
1567 struct inet_sock *inet = inet_sk(sk);
1568 struct ipv6_pinfo *np = inet6_sk(sk);
1569 struct net *net = sock_net(sk);
1570 struct ipv6hdr *hdr;
1571 struct ipv6_txoptions *opt = np->cork.opt;
1572 struct rt6_info *rt = (struct rt6_info *)inet->cork.base.dst;
1573 struct flowi6 *fl6 = &inet->cork.fl.u.ip6;
1574 unsigned char proto = fl6->flowi6_proto;
1575 int err = 0;
1576
1577 if ((skb = __skb_dequeue(&sk->sk_write_queue)) == NULL)
1578 goto out;
1579 tail_skb = &(skb_shinfo(skb)->frag_list);
1580
1581 /* move skb->data to ip header from ext header */
1582 if (skb->data < skb_network_header(skb))
1583 __skb_pull(skb, skb_network_offset(skb));
1584 while ((tmp_skb = __skb_dequeue(&sk->sk_write_queue)) != NULL) {
1585 __skb_pull(tmp_skb, skb_network_header_len(skb));
1586 *tail_skb = tmp_skb;
1587 tail_skb = &(tmp_skb->next);
1588 skb->len += tmp_skb->len;
1589 skb->data_len += tmp_skb->len;
1590 skb->truesize += tmp_skb->truesize;
1591 tmp_skb->destructor = NULL;
1592 tmp_skb->sk = NULL;
1593 }
1594
1595 /* Allow local fragmentation. */
1596 if (np->pmtudisc < IPV6_PMTUDISC_DO)
1597 skb->local_df = 1;
1598
1599 ipv6_addr_copy(final_dst, &fl6->daddr);
1600 __skb_pull(skb, skb_network_header_len(skb));
1601 if (opt && opt->opt_flen)
1602 ipv6_push_frag_opts(skb, opt, &proto);
1603 if (opt && opt->opt_nflen)
1604 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst);
1605
1606 skb_push(skb, sizeof(struct ipv6hdr));
1607 skb_reset_network_header(skb);
1608 hdr = ipv6_hdr(skb);
1609
1610 *(__be32*)hdr = fl6->flowlabel |
1611 htonl(0x60000000 | ((int)np->cork.tclass << 20));
1612
1613 hdr->hop_limit = np->cork.hop_limit;
1614 hdr->nexthdr = proto;
1615 ipv6_addr_copy(&hdr->saddr, &fl6->saddr);
1616 ipv6_addr_copy(&hdr->daddr, final_dst);
1617
1618 skb->priority = sk->sk_priority;
1619 skb->mark = sk->sk_mark;
1620
1621 skb_dst_set(skb, dst_clone(&rt->dst));
1622 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
1623 if (proto == IPPROTO_ICMPV6) {
1624 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
1625
1626 ICMP6MSGOUT_INC_STATS_BH(net, idev, icmp6_hdr(skb)->icmp6_type);
1627 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTMSGS);
1628 }
1629
1630 err = ip6_local_out(skb);
1631 if (err) {
1632 if (err > 0)
1633 err = net_xmit_errno(err);
1634 if (err)
1635 goto error;
1636 }
1637
1638 out:
1639 ip6_cork_release(inet, np);
1640 return err;
1641 error:
1642 IP6_INC_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1643 goto out;
1644 }
1645
1646 void ip6_flush_pending_frames(struct sock *sk)
1647 {
1648 struct sk_buff *skb;
1649
1650 while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) {
1651 if (skb_dst(skb))
1652 IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb_dst(skb)),
1653 IPSTATS_MIB_OUTDISCARDS);
1654 kfree_skb(skb);
1655 }
1656
1657 ip6_cork_release(inet_sk(sk), inet6_sk(sk));
1658 }
Linux with added FPC-III support