| ip_fragment.c (776c729e8d91b2740583a2169678f2d3f383458b) | ip_fragment.c (5ab11c98d3a950faf6922b6166e5f8fc874590e7) |
|---|---|
| 1/* 2 * INET An implementation of the TCP/IP protocol suite for the LINUX 3 * operating system. INET is implemented using the BSD Socket 4 * interface as the means of communication with the user level. 5 * 6 * The IP fragmentation functionality. 7 * 8 * Version: $Id: ip_fragment.c,v 1.59 2002/01/12 07:54:56 davem Exp $ --- 25 unchanged lines hidden (view full) --- 34#include <linux/netdevice.h> 35#include <linux/jhash.h> 36#include <linux/random.h> 37#include <net/sock.h> 38#include <net/ip.h> 39#include <net/icmp.h> 40#include <net/checksum.h> 41#include <net/inetpeer.h> | 1/* 2 * INET An implementation of the TCP/IP protocol suite for the LINUX 3 * operating system. INET is implemented using the BSD Socket 4 * interface as the means of communication with the user level. 5 * 6 * The IP fragmentation functionality. 7 * 8 * Version: $Id: ip_fragment.c,v 1.59 2002/01/12 07:54:56 davem Exp $ --- 25 unchanged lines hidden (view full) --- 34#include <linux/netdevice.h> 35#include <linux/jhash.h> 36#include <linux/random.h> 37#include <net/sock.h> 38#include <net/ip.h> 39#include <net/icmp.h> 40#include <net/checksum.h> 41#include <net/inetpeer.h> |
| 42#include <net/inet_frag.h> |
|
| 42#include <linux/tcp.h> 43#include <linux/udp.h> 44#include <linux/inet.h> 45#include <linux/netfilter_ipv4.h> 46 47/* NOTE. Logic of IP defragmentation is parallel to corresponding IPv6 48 * code now. If you change something here, _PLEASE_ update ipv6/reassembly.c 49 * as well. Or notify me, at least. --ANK --- 19 unchanged lines hidden (view full) --- 69 struct inet_skb_parm h; 70 int offset; 71}; 72 73#define FRAG_CB(skb) ((struct ipfrag_skb_cb*)((skb)->cb)) 74 75/* Describe an entry in the "incomplete datagrams" queue. */ 76struct ipq { | 43#include <linux/tcp.h> 44#include <linux/udp.h> 45#include <linux/inet.h> 46#include <linux/netfilter_ipv4.h> 47 48/* NOTE. Logic of IP defragmentation is parallel to corresponding IPv6 49 * code now. If you change something here, _PLEASE_ update ipv6/reassembly.c 50 * as well. Or notify me, at least. --ANK --- 19 unchanged lines hidden (view full) --- 70 struct inet_skb_parm h; 71 int offset; 72}; 73 74#define FRAG_CB(skb) ((struct ipfrag_skb_cb*)((skb)->cb)) 75 76/* Describe an entry in the "incomplete datagrams" queue. */ 77struct ipq { |
| 77 struct hlist_node list; 78 struct list_head lru_list; /* lru list member */ | 78 struct inet_frag_queue q; 79 |
| 79 u32 user; 80 __be32 saddr; 81 __be32 daddr; 82 __be16 id; 83 u8 protocol; | 80 u32 user; 81 __be32 saddr; 82 __be32 daddr; 83 __be16 id; 84 u8 protocol; |
| 84 u8 last_in; 85#define COMPLETE 4 86#define FIRST_IN 2 87#define LAST_IN 1 88 89 struct sk_buff *fragments; /* linked list of received fragments */ 90 int len; /* total length of original datagram */ 91 int meat; 92 spinlock_t lock; 93 atomic_t refcnt; 94 struct timer_list timer; /* when will this queue expire? */ 95 ktime_t stamp; | |
| 96 int iif; 97 unsigned int rid; 98 struct inet_peer *peer; 99}; 100 101/* Hash table. */ 102 103#define IPQ_HASHSZ 64 --- 5 unchanged lines hidden (view full) --- 109static LIST_HEAD(ipq_lru_list); 110int ip_frag_nqueues = 0; 111 112static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev, 113 struct net_device *dev); 114 115static __inline__ void __ipq_unlink(struct ipq *qp) 116{ | 85 int iif; 86 unsigned int rid; 87 struct inet_peer *peer; 88}; 89 90/* Hash table. */ 91 92#define IPQ_HASHSZ 64 --- 5 unchanged lines hidden (view full) --- 98static LIST_HEAD(ipq_lru_list); 99int ip_frag_nqueues = 0; 100 101static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev, 102 struct net_device *dev); 103 104static __inline__ void __ipq_unlink(struct ipq *qp) 105{ |
| 117 hlist_del(&qp->list); 118 list_del(&qp->lru_list); | 106 hlist_del(&qp->q.list); 107 list_del(&qp->q.lru_list); |
| 119 ip_frag_nqueues--; 120} 121 122static __inline__ void ipq_unlink(struct ipq *ipq) 123{ 124 write_lock(&ipfrag_lock); 125 __ipq_unlink(ipq); 126 write_unlock(&ipfrag_lock); --- 15 unchanged lines hidden (view full) --- 142 int i; 143 144 write_lock(&ipfrag_lock); 145 get_random_bytes(&ipfrag_hash_rnd, sizeof(u32)); 146 for (i = 0; i < IPQ_HASHSZ; i++) { 147 struct ipq *q; 148 struct hlist_node *p, *n; 149 | 108 ip_frag_nqueues--; 109} 110 111static __inline__ void ipq_unlink(struct ipq *ipq) 112{ 113 write_lock(&ipfrag_lock); 114 __ipq_unlink(ipq); 115 write_unlock(&ipfrag_lock); --- 15 unchanged lines hidden (view full) --- 131 int i; 132 133 write_lock(&ipfrag_lock); 134 get_random_bytes(&ipfrag_hash_rnd, sizeof(u32)); 135 for (i = 0; i < IPQ_HASHSZ; i++) { 136 struct ipq *q; 137 struct hlist_node *p, *n; 138 |
| 150 hlist_for_each_entry_safe(q, p, n, &ipq_hash[i], list) { | 139 hlist_for_each_entry_safe(q, p, n, &ipq_hash[i], q.list) { |
| 151 unsigned int hval = ipqhashfn(q->id, q->saddr, 152 q->daddr, q->protocol); 153 154 if (hval != i) { | 140 unsigned int hval = ipqhashfn(q->id, q->saddr, 141 q->daddr, q->protocol); 142 143 if (hval != i) { |
| 155 hlist_del(&q->list); | 144 hlist_del(&q->q.list); |
| 156 157 /* Relink to new hash chain. */ | 145 146 /* Relink to new hash chain. */ |
| 158 hlist_add_head(&q->list, &ipq_hash[hval]); | 147 hlist_add_head(&q->q.list, &ipq_hash[hval]); |
| 159 } 160 } 161 } 162 write_unlock(&ipfrag_lock); 163 164 mod_timer(&ipfrag_secret_timer, now + sysctl_ipfrag_secret_interval); 165} 166 --- 29 unchanged lines hidden (view full) --- 196 197/* Destruction primitives. */ 198 199/* Complete destruction of ipq. */ 200static void ip_frag_destroy(struct ipq *qp, int *work) 201{ 202 struct sk_buff *fp; 203 | 148 } 149 } 150 } 151 write_unlock(&ipfrag_lock); 152 153 mod_timer(&ipfrag_secret_timer, now + sysctl_ipfrag_secret_interval); 154} 155 --- 29 unchanged lines hidden (view full) --- 185 186/* Destruction primitives. */ 187 188/* Complete destruction of ipq. */ 189static void ip_frag_destroy(struct ipq *qp, int *work) 190{ 191 struct sk_buff *fp; 192 |
| 204 BUG_TRAP(qp->last_in&COMPLETE); 205 BUG_TRAP(del_timer(&qp->timer) == 0); | 193 BUG_TRAP(qp->q.last_in&COMPLETE); 194 BUG_TRAP(del_timer(&qp->q.timer) == 0); |
| 206 207 if (qp->peer) 208 inet_putpeer(qp->peer); 209 210 /* Release all fragment data. */ | 195 196 if (qp->peer) 197 inet_putpeer(qp->peer); 198 199 /* Release all fragment data. */ |
| 211 fp = qp->fragments; | 200 fp = qp->q.fragments; |
| 212 while (fp) { 213 struct sk_buff *xp = fp->next; 214 215 frag_kfree_skb(fp, work); 216 fp = xp; 217 } 218 219 /* Finally, release the queue descriptor itself. */ 220 frag_free_queue(qp, work); 221} 222 223static __inline__ void ipq_put(struct ipq *ipq, int *work) 224{ | 201 while (fp) { 202 struct sk_buff *xp = fp->next; 203 204 frag_kfree_skb(fp, work); 205 fp = xp; 206 } 207 208 /* Finally, release the queue descriptor itself. */ 209 frag_free_queue(qp, work); 210} 211 212static __inline__ void ipq_put(struct ipq *ipq, int *work) 213{ |
| 225 if (atomic_dec_and_test(&ipq->refcnt)) | 214 if (atomic_dec_and_test(&ipq->q.refcnt)) |
| 226 ip_frag_destroy(ipq, work); 227} 228 229/* Kill ipq entry. It is not destroyed immediately, 230 * because caller (and someone more) holds reference count. 231 */ 232static void ipq_kill(struct ipq *ipq) 233{ | 215 ip_frag_destroy(ipq, work); 216} 217 218/* Kill ipq entry. It is not destroyed immediately, 219 * because caller (and someone more) holds reference count. 220 */ 221static void ipq_kill(struct ipq *ipq) 222{ |
| 234 if (del_timer(&ipq->timer)) 235 atomic_dec(&ipq->refcnt); | 223 if (del_timer(&ipq->q.timer)) 224 atomic_dec(&ipq->q.refcnt); |
| 236 | 225 |
| 237 if (!(ipq->last_in & COMPLETE)) { | 226 if (!(ipq->q.last_in & COMPLETE)) { |
| 238 ipq_unlink(ipq); | 227 ipq_unlink(ipq); |
| 239 atomic_dec(&ipq->refcnt); 240 ipq->last_in |= COMPLETE; | 228 atomic_dec(&ipq->q.refcnt); 229 ipq->q.last_in |= COMPLETE; |
| 241 } 242} 243 244/* Memory limiting on fragments. Evictor trashes the oldest 245 * fragment queue until we are back under the threshold. 246 */ 247static void ip_evictor(void) 248{ --- 7 unchanged lines hidden (view full) --- 256 257 while (work > 0) { 258 read_lock(&ipfrag_lock); 259 if (list_empty(&ipq_lru_list)) { 260 read_unlock(&ipfrag_lock); 261 return; 262 } 263 tmp = ipq_lru_list.next; | 230 } 231} 232 233/* Memory limiting on fragments. Evictor trashes the oldest 234 * fragment queue until we are back under the threshold. 235 */ 236static void ip_evictor(void) 237{ --- 7 unchanged lines hidden (view full) --- 245 246 while (work > 0) { 247 read_lock(&ipfrag_lock); 248 if (list_empty(&ipq_lru_list)) { 249 read_unlock(&ipfrag_lock); 250 return; 251 } 252 tmp = ipq_lru_list.next; |
| 264 qp = list_entry(tmp, struct ipq, lru_list); 265 atomic_inc(&qp->refcnt); | 253 qp = list_entry(tmp, struct ipq, q.lru_list); 254 atomic_inc(&qp->q.refcnt); |
| 266 read_unlock(&ipfrag_lock); 267 | 255 read_unlock(&ipfrag_lock); 256 |
| 268 spin_lock(&qp->lock); 269 if (!(qp->last_in&COMPLETE)) | 257 spin_lock(&qp->q.lock); 258 if (!(qp->q.last_in&COMPLETE)) |
| 270 ipq_kill(qp); | 259 ipq_kill(qp); |
| 271 spin_unlock(&qp->lock); | 260 spin_unlock(&qp->q.lock); |
| 272 273 ipq_put(qp, &work); 274 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); 275 } 276} 277 278/* 279 * Oops, a fragment queue timed out. Kill it and send an ICMP reply. 280 */ 281static void ip_expire(unsigned long arg) 282{ 283 struct ipq *qp = (struct ipq *) arg; 284 | 261 262 ipq_put(qp, &work); 263 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); 264 } 265} 266 267/* 268 * Oops, a fragment queue timed out. Kill it and send an ICMP reply. 269 */ 270static void ip_expire(unsigned long arg) 271{ 272 struct ipq *qp = (struct ipq *) arg; 273 |
| 285 spin_lock(&qp->lock); | 274 spin_lock(&qp->q.lock); |
| 286 | 275 |
| 287 if (qp->last_in & COMPLETE) | 276 if (qp->q.last_in & COMPLETE) |
| 288 goto out; 289 290 ipq_kill(qp); 291 292 IP_INC_STATS_BH(IPSTATS_MIB_REASMTIMEOUT); 293 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); 294 | 277 goto out; 278 279 ipq_kill(qp); 280 281 IP_INC_STATS_BH(IPSTATS_MIB_REASMTIMEOUT); 282 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); 283 |
| 295 if ((qp->last_in&FIRST_IN) && qp->fragments != NULL) { 296 struct sk_buff *head = qp->fragments; | 284 if ((qp->q.last_in&FIRST_IN) && qp->q.fragments != NULL) { 285 struct sk_buff *head = qp->q.fragments; |
| 297 /* Send an ICMP "Fragment Reassembly Timeout" message. */ 298 if ((head->dev = dev_get_by_index(&init_net, qp->iif)) != NULL) { 299 icmp_send(head, ICMP_TIME_EXCEEDED, ICMP_EXC_FRAGTIME, 0); 300 dev_put(head->dev); 301 } 302 } 303out: | 286 /* Send an ICMP "Fragment Reassembly Timeout" message. */ 287 if ((head->dev = dev_get_by_index(&init_net, qp->iif)) != NULL) { 288 icmp_send(head, ICMP_TIME_EXCEEDED, ICMP_EXC_FRAGTIME, 0); 289 dev_put(head->dev); 290 } 291 } 292out: |
| 304 spin_unlock(&qp->lock); | 293 spin_unlock(&qp->q.lock); |
| 305 ipq_put(qp, NULL); 306} 307 308/* Creation primitives. */ 309 310static struct ipq *ip_frag_intern(struct ipq *qp_in) 311{ 312 struct ipq *qp; --- 5 unchanged lines hidden (view full) --- 318 write_lock(&ipfrag_lock); 319 hash = ipqhashfn(qp_in->id, qp_in->saddr, qp_in->daddr, 320 qp_in->protocol); 321#ifdef CONFIG_SMP 322 /* With SMP race we have to recheck hash table, because 323 * such entry could be created on other cpu, while we 324 * promoted read lock to write lock. 325 */ | 294 ipq_put(qp, NULL); 295} 296 297/* Creation primitives. */ 298 299static struct ipq *ip_frag_intern(struct ipq *qp_in) 300{ 301 struct ipq *qp; --- 5 unchanged lines hidden (view full) --- 307 write_lock(&ipfrag_lock); 308 hash = ipqhashfn(qp_in->id, qp_in->saddr, qp_in->daddr, 309 qp_in->protocol); 310#ifdef CONFIG_SMP 311 /* With SMP race we have to recheck hash table, because 312 * such entry could be created on other cpu, while we 313 * promoted read lock to write lock. 314 */ |
| 326 hlist_for_each_entry(qp, n, &ipq_hash[hash], list) { | 315 hlist_for_each_entry(qp, n, &ipq_hash[hash], q.list) { |
| 327 if (qp->id == qp_in->id && 328 qp->saddr == qp_in->saddr && 329 qp->daddr == qp_in->daddr && 330 qp->protocol == qp_in->protocol && 331 qp->user == qp_in->user) { | 316 if (qp->id == qp_in->id && 317 qp->saddr == qp_in->saddr && 318 qp->daddr == qp_in->daddr && 319 qp->protocol == qp_in->protocol && 320 qp->user == qp_in->user) { |
| 332 atomic_inc(&qp->refcnt); | 321 atomic_inc(&qp->q.refcnt); |
| 333 write_unlock(&ipfrag_lock); | 322 write_unlock(&ipfrag_lock); |
| 334 qp_in->last_in |= COMPLETE; | 323 qp_in->q.last_in |= COMPLETE; |
| 335 ipq_put(qp_in, NULL); 336 return qp; 337 } 338 } 339#endif 340 qp = qp_in; 341 | 324 ipq_put(qp_in, NULL); 325 return qp; 326 } 327 } 328#endif 329 qp = qp_in; 330 |
| 342 if (!mod_timer(&qp->timer, jiffies + sysctl_ipfrag_time)) 343 atomic_inc(&qp->refcnt); | 331 if (!mod_timer(&qp->q.timer, jiffies + sysctl_ipfrag_time)) 332 atomic_inc(&qp->q.refcnt); |
| 344 | 333 |
| 345 atomic_inc(&qp->refcnt); 346 hlist_add_head(&qp->list, &ipq_hash[hash]); 347 INIT_LIST_HEAD(&qp->lru_list); 348 list_add_tail(&qp->lru_list, &ipq_lru_list); | 334 atomic_inc(&qp->q.refcnt); 335 hlist_add_head(&qp->q.list, &ipq_hash[hash]); 336 INIT_LIST_HEAD(&qp->q.lru_list); 337 list_add_tail(&qp->q.lru_list, &ipq_lru_list); |
| 349 ip_frag_nqueues++; 350 write_unlock(&ipfrag_lock); 351 return qp; 352} 353 354/* Add an entry to the 'ipq' queue for a newly received IP datagram. */ 355static struct ipq *ip_frag_create(struct iphdr *iph, u32 user) 356{ 357 struct ipq *qp; 358 359 if ((qp = frag_alloc_queue()) == NULL) 360 goto out_nomem; 361 362 qp->protocol = iph->protocol; | 338 ip_frag_nqueues++; 339 write_unlock(&ipfrag_lock); 340 return qp; 341} 342 343/* Add an entry to the 'ipq' queue for a newly received IP datagram. */ 344static struct ipq *ip_frag_create(struct iphdr *iph, u32 user) 345{ 346 struct ipq *qp; 347 348 if ((qp = frag_alloc_queue()) == NULL) 349 goto out_nomem; 350 351 qp->protocol = iph->protocol; |
| 363 qp->last_in = 0; | 352 qp->q.last_in = 0; |
| 364 qp->id = iph->id; 365 qp->saddr = iph->saddr; 366 qp->daddr = iph->daddr; 367 qp->user = user; | 353 qp->id = iph->id; 354 qp->saddr = iph->saddr; 355 qp->daddr = iph->daddr; 356 qp->user = user; |
| 368 qp->len = 0; 369 qp->meat = 0; 370 qp->fragments = NULL; | 357 qp->q.len = 0; 358 qp->q.meat = 0; 359 qp->q.fragments = NULL; |
| 371 qp->iif = 0; 372 qp->peer = sysctl_ipfrag_max_dist ? inet_getpeer(iph->saddr, 1) : NULL; 373 374 /* Initialize a timer for this entry. */ | 360 qp->iif = 0; 361 qp->peer = sysctl_ipfrag_max_dist ? inet_getpeer(iph->saddr, 1) : NULL; 362 363 /* Initialize a timer for this entry. */ |
| 375 init_timer(&qp->timer); 376 qp->timer.data = (unsigned long) qp; /* pointer to queue */ 377 qp->timer.function = ip_expire; /* expire function */ 378 spin_lock_init(&qp->lock); 379 atomic_set(&qp->refcnt, 1); | 364 init_timer(&qp->q.timer); 365 qp->q.timer.data = (unsigned long) qp; /* pointer to queue */ 366 qp->q.timer.function = ip_expire; /* expire function */ 367 spin_lock_init(&qp->q.lock); 368 atomic_set(&qp->q.refcnt, 1); |
| 380 381 return ip_frag_intern(qp); 382 383out_nomem: 384 LIMIT_NETDEBUG(KERN_ERR "ip_frag_create: no memory left !\n"); 385 return NULL; 386} 387 --- 7 unchanged lines hidden (view full) --- 395 __be32 daddr = iph->daddr; 396 __u8 protocol = iph->protocol; 397 unsigned int hash; 398 struct ipq *qp; 399 struct hlist_node *n; 400 401 read_lock(&ipfrag_lock); 402 hash = ipqhashfn(id, saddr, daddr, protocol); | 369 370 return ip_frag_intern(qp); 371 372out_nomem: 373 LIMIT_NETDEBUG(KERN_ERR "ip_frag_create: no memory left !\n"); 374 return NULL; 375} 376 --- 7 unchanged lines hidden (view full) --- 384 __be32 daddr = iph->daddr; 385 __u8 protocol = iph->protocol; 386 unsigned int hash; 387 struct ipq *qp; 388 struct hlist_node *n; 389 390 read_lock(&ipfrag_lock); 391 hash = ipqhashfn(id, saddr, daddr, protocol); |
| 403 hlist_for_each_entry(qp, n, &ipq_hash[hash], list) { | 392 hlist_for_each_entry(qp, n, &ipq_hash[hash], q.list) { |
| 404 if (qp->id == id && 405 qp->saddr == saddr && 406 qp->daddr == daddr && 407 qp->protocol == protocol && 408 qp->user == user) { | 393 if (qp->id == id && 394 qp->saddr == saddr && 395 qp->daddr == daddr && 396 qp->protocol == protocol && 397 qp->user == user) { |
| 409 atomic_inc(&qp->refcnt); | 398 atomic_inc(&qp->q.refcnt); |
| 410 read_unlock(&ipfrag_lock); 411 return qp; 412 } 413 } 414 read_unlock(&ipfrag_lock); 415 416 return ip_frag_create(iph, user); 417} --- 9 unchanged lines hidden (view full) --- 427 428 if (!peer || !max) 429 return 0; 430 431 start = qp->rid; 432 end = atomic_inc_return(&peer->rid); 433 qp->rid = end; 434 | 399 read_unlock(&ipfrag_lock); 400 return qp; 401 } 402 } 403 read_unlock(&ipfrag_lock); 404 405 return ip_frag_create(iph, user); 406} --- 9 unchanged lines hidden (view full) --- 416 417 if (!peer || !max) 418 return 0; 419 420 start = qp->rid; 421 end = atomic_inc_return(&peer->rid); 422 qp->rid = end; 423 |
| 435 rc = qp->fragments && (end - start) > max; | 424 rc = qp->q.fragments && (end - start) > max; |
| 436 437 if (rc) { 438 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); 439 } 440 441 return rc; 442} 443 444static int ip_frag_reinit(struct ipq *qp) 445{ 446 struct sk_buff *fp; 447 | 425 426 if (rc) { 427 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); 428 } 429 430 return rc; 431} 432 433static int ip_frag_reinit(struct ipq *qp) 434{ 435 struct sk_buff *fp; 436 |
| 448 if (!mod_timer(&qp->timer, jiffies + sysctl_ipfrag_time)) { 449 atomic_inc(&qp->refcnt); | 437 if (!mod_timer(&qp->q.timer, jiffies + sysctl_ipfrag_time)) { 438 atomic_inc(&qp->q.refcnt); |
| 450 return -ETIMEDOUT; 451 } 452 | 439 return -ETIMEDOUT; 440 } 441 |
| 453 fp = qp->fragments; | 442 fp = qp->q.fragments; |
| 454 do { 455 struct sk_buff *xp = fp->next; 456 frag_kfree_skb(fp, NULL); 457 fp = xp; 458 } while (fp); 459 | 443 do { 444 struct sk_buff *xp = fp->next; 445 frag_kfree_skb(fp, NULL); 446 fp = xp; 447 } while (fp); 448 |
| 460 qp->last_in = 0; 461 qp->len = 0; 462 qp->meat = 0; 463 qp->fragments = NULL; | 449 qp->q.last_in = 0; 450 qp->q.len = 0; 451 qp->q.meat = 0; 452 qp->q.fragments = NULL; |
| 464 qp->iif = 0; 465 466 return 0; 467} 468 469/* Add new segment to existing queue. */ 470static int ip_frag_queue(struct ipq *qp, struct sk_buff *skb) 471{ 472 struct sk_buff *prev, *next; 473 struct net_device *dev; 474 int flags, offset; 475 int ihl, end; 476 int err = -ENOENT; 477 | 453 qp->iif = 0; 454 455 return 0; 456} 457 458/* Add new segment to existing queue. */ 459static int ip_frag_queue(struct ipq *qp, struct sk_buff *skb) 460{ 461 struct sk_buff *prev, *next; 462 struct net_device *dev; 463 int flags, offset; 464 int ihl, end; 465 int err = -ENOENT; 466 |
| 478 if (qp->last_in & COMPLETE) | 467 if (qp->q.last_in & COMPLETE) |
| 479 goto err; 480 481 if (!(IPCB(skb)->flags & IPSKB_FRAG_COMPLETE) && 482 unlikely(ip_frag_too_far(qp)) && 483 unlikely(err = ip_frag_reinit(qp))) { 484 ipq_kill(qp); 485 goto err; 486 } --- 8 unchanged lines hidden (view full) --- 495 end = offset + skb->len - ihl; 496 err = -EINVAL; 497 498 /* Is this the final fragment? */ 499 if ((flags & IP_MF) == 0) { 500 /* If we already have some bits beyond end 501 * or have different end, the segment is corrrupted. 502 */ | 468 goto err; 469 470 if (!(IPCB(skb)->flags & IPSKB_FRAG_COMPLETE) && 471 unlikely(ip_frag_too_far(qp)) && 472 unlikely(err = ip_frag_reinit(qp))) { 473 ipq_kill(qp); 474 goto err; 475 } --- 8 unchanged lines hidden (view full) --- 484 end = offset + skb->len - ihl; 485 err = -EINVAL; 486 487 /* Is this the final fragment? */ 488 if ((flags & IP_MF) == 0) { 489 /* If we already have some bits beyond end 490 * or have different end, the segment is corrrupted. 491 */ |
| 503 if (end < qp->len || 504 ((qp->last_in & LAST_IN) && end != qp->len)) | 492 if (end < qp->q.len || 493 ((qp->q.last_in & LAST_IN) && end != qp->q.len)) |
| 505 goto err; | 494 goto err; |
| 506 qp->last_in |= LAST_IN; 507 qp->len = end; | 495 qp->q.last_in |= LAST_IN; 496 qp->q.len = end; |
| 508 } else { 509 if (end&7) { 510 end &= ~7; 511 if (skb->ip_summed != CHECKSUM_UNNECESSARY) 512 skb->ip_summed = CHECKSUM_NONE; 513 } | 497 } else { 498 if (end&7) { 499 end &= ~7; 500 if (skb->ip_summed != CHECKSUM_UNNECESSARY) 501 skb->ip_summed = CHECKSUM_NONE; 502 } |
| 514 if (end > qp->len) { | 503 if (end > qp->q.len) { |
| 515 /* Some bits beyond end -> corruption. */ | 504 /* Some bits beyond end -> corruption. */ |
| 516 if (qp->last_in & LAST_IN) | 505 if (qp->q.last_in & LAST_IN) |
| 517 goto err; | 506 goto err; |
| 518 qp->len = end; | 507 qp->q.len = end; |
| 519 } 520 } 521 if (end == offset) 522 goto err; 523 524 err = -ENOMEM; 525 if (pskb_pull(skb, ihl) == NULL) 526 goto err; 527 528 err = pskb_trim_rcsum(skb, end - offset); 529 if (err) 530 goto err; 531 532 /* Find out which fragments are in front and at the back of us 533 * in the chain of fragments so far. We must know where to put 534 * this fragment, right? 535 */ 536 prev = NULL; | 508 } 509 } 510 if (end == offset) 511 goto err; 512 513 err = -ENOMEM; 514 if (pskb_pull(skb, ihl) == NULL) 515 goto err; 516 517 err = pskb_trim_rcsum(skb, end - offset); 518 if (err) 519 goto err; 520 521 /* Find out which fragments are in front and at the back of us 522 * in the chain of fragments so far. We must know where to put 523 * this fragment, right? 524 */ 525 prev = NULL; |
| 537 for (next = qp->fragments; next != NULL; next = next->next) { | 526 for (next = qp->q.fragments; next != NULL; next = next->next) { |
| 538 if (FRAG_CB(next)->offset >= offset) 539 break; /* bingo! */ 540 prev = next; 541 } 542 543 /* We found where to put this one. Check for overlap with 544 * preceding fragment, and, if needed, align things so that 545 * any overlaps are eliminated. --- 21 unchanged lines hidden (view full) --- 567 568 if (i < next->len) { 569 /* Eat head of the next overlapped fragment 570 * and leave the loop. The next ones cannot overlap. 571 */ 572 if (!pskb_pull(next, i)) 573 goto err; 574 FRAG_CB(next)->offset += i; | 527 if (FRAG_CB(next)->offset >= offset) 528 break; /* bingo! */ 529 prev = next; 530 } 531 532 /* We found where to put this one. Check for overlap with 533 * preceding fragment, and, if needed, align things so that 534 * any overlaps are eliminated. --- 21 unchanged lines hidden (view full) --- 556 557 if (i < next->len) { 558 /* Eat head of the next overlapped fragment 559 * and leave the loop. The next ones cannot overlap. 560 */ 561 if (!pskb_pull(next, i)) 562 goto err; 563 FRAG_CB(next)->offset += i; |
| 575 qp->meat -= i; | 564 qp->q.meat -= i; |
| 576 if (next->ip_summed != CHECKSUM_UNNECESSARY) 577 next->ip_summed = CHECKSUM_NONE; 578 break; 579 } else { 580 struct sk_buff *free_it = next; 581 582 /* Old fragment is completely overridden with 583 * new one drop it. 584 */ 585 next = next->next; 586 587 if (prev) 588 prev->next = next; 589 else | 565 if (next->ip_summed != CHECKSUM_UNNECESSARY) 566 next->ip_summed = CHECKSUM_NONE; 567 break; 568 } else { 569 struct sk_buff *free_it = next; 570 571 /* Old fragment is completely overridden with 572 * new one drop it. 573 */ 574 next = next->next; 575 576 if (prev) 577 prev->next = next; 578 else |
| 590 qp->fragments = next; | 579 qp->q.fragments = next; |
| 591 | 580 |
| 592 qp->meat -= free_it->len; | 581 qp->q.meat -= free_it->len; |
| 593 frag_kfree_skb(free_it, NULL); 594 } 595 } 596 597 FRAG_CB(skb)->offset = offset; 598 599 /* Insert this fragment in the chain of fragments. */ 600 skb->next = next; 601 if (prev) 602 prev->next = skb; 603 else | 582 frag_kfree_skb(free_it, NULL); 583 } 584 } 585 586 FRAG_CB(skb)->offset = offset; 587 588 /* Insert this fragment in the chain of fragments. */ 589 skb->next = next; 590 if (prev) 591 prev->next = skb; 592 else |
| 604 qp->fragments = skb; | 593 qp->q.fragments = skb; |
| 605 606 dev = skb->dev; 607 if (dev) { 608 qp->iif = dev->ifindex; 609 skb->dev = NULL; 610 } | 594 595 dev = skb->dev; 596 if (dev) { 597 qp->iif = dev->ifindex; 598 skb->dev = NULL; 599 } |
| 611 qp->stamp = skb->tstamp; 612 qp->meat += skb->len; | 600 qp->q.stamp = skb->tstamp; 601 qp->q.meat += skb->len; |
| 613 atomic_add(skb->truesize, &ip_frag_mem); 614 if (offset == 0) | 602 atomic_add(skb->truesize, &ip_frag_mem); 603 if (offset == 0) |
| 615 qp->last_in |= FIRST_IN; | 604 qp->q.last_in |= FIRST_IN; |
| 616 | 605 |
| 617 if (qp->last_in == (FIRST_IN | LAST_IN) && qp->meat == qp->len) | 606 if (qp->q.last_in == (FIRST_IN | LAST_IN) && qp->q.meat == qp->q.len) |
| 618 return ip_frag_reasm(qp, prev, dev); 619 620 write_lock(&ipfrag_lock); | 607 return ip_frag_reasm(qp, prev, dev); 608 609 write_lock(&ipfrag_lock); |
| 621 list_move_tail(&qp->lru_list, &ipq_lru_list); | 610 list_move_tail(&qp->q.lru_list, &ipq_lru_list); |
| 622 write_unlock(&ipfrag_lock); 623 return -EINPROGRESS; 624 625err: 626 kfree_skb(skb); 627 return err; 628} 629 630 631/* Build a new IP datagram from all its fragments. */ 632 633static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev, 634 struct net_device *dev) 635{ 636 struct iphdr *iph; | 611 write_unlock(&ipfrag_lock); 612 return -EINPROGRESS; 613 614err: 615 kfree_skb(skb); 616 return err; 617} 618 619 620/* Build a new IP datagram from all its fragments. */ 621 622static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev, 623 struct net_device *dev) 624{ 625 struct iphdr *iph; |
| 637 struct sk_buff *fp, *head = qp->fragments; | 626 struct sk_buff *fp, *head = qp->q.fragments; |
| 638 int len; 639 int ihlen; 640 int err; 641 642 ipq_kill(qp); 643 644 /* Make the one we just received the head. */ 645 if (prev) { 646 head = prev->next; 647 fp = skb_clone(head, GFP_ATOMIC); 648 649 if (!fp) 650 goto out_nomem; 651 652 fp->next = head->next; 653 prev->next = fp; 654 | 627 int len; 628 int ihlen; 629 int err; 630 631 ipq_kill(qp); 632 633 /* Make the one we just received the head. */ 634 if (prev) { 635 head = prev->next; 636 fp = skb_clone(head, GFP_ATOMIC); 637 638 if (!fp) 639 goto out_nomem; 640 641 fp->next = head->next; 642 prev->next = fp; 643 |
| 655 skb_morph(head, qp->fragments); 656 head->next = qp->fragments->next; | 644 skb_morph(head, qp->q.fragments); 645 head->next = qp->q.fragments->next; |
| 657 | 646 |
| 658 kfree_skb(qp->fragments); 659 qp->fragments = head; | 647 kfree_skb(qp->q.fragments); 648 qp->q.fragments = head; |
| 660 } 661 662 BUG_TRAP(head != NULL); 663 BUG_TRAP(FRAG_CB(head)->offset == 0); 664 665 /* Allocate a new buffer for the datagram. */ 666 ihlen = ip_hdrlen(head); | 649 } 650 651 BUG_TRAP(head != NULL); 652 BUG_TRAP(FRAG_CB(head)->offset == 0); 653 654 /* Allocate a new buffer for the datagram. */ 655 ihlen = ip_hdrlen(head); |
| 667 len = ihlen + qp->len; | 656 len = ihlen + qp->q.len; |
| 668 669 err = -E2BIG; 670 if (len > 65535) 671 goto out_oversize; 672 673 /* Head of list must not be cloned. */ 674 err = -ENOMEM; 675 if (skb_cloned(head) && pskb_expand_head(head, 0, 0, GFP_ATOMIC)) --- 34 unchanged lines hidden (view full) --- 710 else if (head->ip_summed == CHECKSUM_COMPLETE) 711 head->csum = csum_add(head->csum, fp->csum); 712 head->truesize += fp->truesize; 713 atomic_sub(fp->truesize, &ip_frag_mem); 714 } 715 716 head->next = NULL; 717 head->dev = dev; | 657 658 err = -E2BIG; 659 if (len > 65535) 660 goto out_oversize; 661 662 /* Head of list must not be cloned. */ 663 err = -ENOMEM; 664 if (skb_cloned(head) && pskb_expand_head(head, 0, 0, GFP_ATOMIC)) --- 34 unchanged lines hidden (view full) --- 699 else if (head->ip_summed == CHECKSUM_COMPLETE) 700 head->csum = csum_add(head->csum, fp->csum); 701 head->truesize += fp->truesize; 702 atomic_sub(fp->truesize, &ip_frag_mem); 703 } 704 705 head->next = NULL; 706 head->dev = dev; |
| 718 head->tstamp = qp->stamp; | 707 head->tstamp = qp->q.stamp; |
| 719 720 iph = ip_hdr(head); 721 iph->frag_off = 0; 722 iph->tot_len = htons(len); 723 IP_INC_STATS_BH(IPSTATS_MIB_REASMOKS); | 708 709 iph = ip_hdr(head); 710 iph->frag_off = 0; 711 iph->tot_len = htons(len); 712 IP_INC_STATS_BH(IPSTATS_MIB_REASMOKS); |
| 724 qp->fragments = NULL; | 713 qp->q.fragments = NULL; |
| 725 return 0; 726 727out_nomem: 728 LIMIT_NETDEBUG(KERN_ERR "IP: queue_glue: no memory for gluing " 729 "queue %p\n", qp); 730 goto out_fail; 731out_oversize: 732 if (net_ratelimit()) --- 15 unchanged lines hidden (view full) --- 748 /* Start by cleaning up the memory. */ 749 if (atomic_read(&ip_frag_mem) > sysctl_ipfrag_high_thresh) 750 ip_evictor(); 751 752 /* Lookup (or create) queue header */ 753 if ((qp = ip_find(ip_hdr(skb), user)) != NULL) { 754 int ret; 755 | 714 return 0; 715 716out_nomem: 717 LIMIT_NETDEBUG(KERN_ERR "IP: queue_glue: no memory for gluing " 718 "queue %p\n", qp); 719 goto out_fail; 720out_oversize: 721 if (net_ratelimit()) --- 15 unchanged lines hidden (view full) --- 737 /* Start by cleaning up the memory. */ 738 if (atomic_read(&ip_frag_mem) > sysctl_ipfrag_high_thresh) 739 ip_evictor(); 740 741 /* Lookup (or create) queue header */ 742 if ((qp = ip_find(ip_hdr(skb), user)) != NULL) { 743 int ret; 744 |
| 756 spin_lock(&qp->lock); | 745 spin_lock(&qp->q.lock); |
| 757 758 ret = ip_frag_queue(qp, skb); 759 | 746 747 ret = ip_frag_queue(qp, skb); 748 |
| 760 spin_unlock(&qp->lock); | 749 spin_unlock(&qp->q.lock); |
| 761 ipq_put(qp, NULL); 762 return ret; 763 } 764 765 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); 766 kfree_skb(skb); 767 return -ENOMEM; 768} --- 13 unchanged lines hidden --- | 750 ipq_put(qp, NULL); 751 return ret; 752 } 753 754 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); 755 kfree_skb(skb); 756 return -ENOMEM; 757} --- 13 unchanged lines hidden --- |