11da177e4SLinus Torvalds /* 21da177e4SLinus Torvalds * IPv6 output functions 31da177e4SLinus Torvalds * Linux INET6 implementation 41da177e4SLinus Torvalds * 51da177e4SLinus Torvalds * Authors: 61da177e4SLinus Torvalds * Pedro Roque <roque@di.fc.ul.pt> 71da177e4SLinus Torvalds * 81da177e4SLinus Torvalds * $Id: ip6_output.c,v 1.34 2002/02/01 22:01:04 davem Exp $ 91da177e4SLinus Torvalds * 101da177e4SLinus Torvalds * Based on linux/net/ipv4/ip_output.c 111da177e4SLinus Torvalds * 121da177e4SLinus Torvalds * This program is free software; you can redistribute it and/or 131da177e4SLinus Torvalds * modify it under the terms of the GNU General Public License 141da177e4SLinus Torvalds * as published by the Free Software Foundation; either version 151da177e4SLinus Torvalds * 2 of the License, or (at your option) any later version. 161da177e4SLinus Torvalds * 171da177e4SLinus Torvalds * Changes: 181da177e4SLinus Torvalds * A.N.Kuznetsov : airthmetics in fragmentation. 191da177e4SLinus Torvalds * extension headers are implemented. 201da177e4SLinus Torvalds * route changes now work. 211da177e4SLinus Torvalds * ip6_forward does not confuse sniffers. 221da177e4SLinus Torvalds * etc. 231da177e4SLinus Torvalds * 241da177e4SLinus Torvalds * H. von Brand : Added missing #include <linux/string.h> 251da177e4SLinus Torvalds * Imran Patel : frag id should be in NBO 261da177e4SLinus Torvalds * Kazunori MIYAZAWA @USAGI 271da177e4SLinus Torvalds * : add ip6_append_data and related functions 281da177e4SLinus Torvalds * for datagram xmit 291da177e4SLinus Torvalds */ 301da177e4SLinus Torvalds 311da177e4SLinus Torvalds #include <linux/config.h> 321da177e4SLinus Torvalds #include <linux/errno.h> 331da177e4SLinus Torvalds #include <linux/types.h> 341da177e4SLinus Torvalds #include <linux/string.h> 351da177e4SLinus Torvalds #include <linux/socket.h> 361da177e4SLinus Torvalds #include <linux/net.h> 371da177e4SLinus Torvalds #include <linux/netdevice.h> 381da177e4SLinus Torvalds #include <linux/if_arp.h> 391da177e4SLinus Torvalds #include <linux/in6.h> 401da177e4SLinus Torvalds #include <linux/tcp.h> 411da177e4SLinus Torvalds #include <linux/route.h> 421da177e4SLinus Torvalds 431da177e4SLinus Torvalds #include <linux/netfilter.h> 441da177e4SLinus Torvalds #include <linux/netfilter_ipv6.h> 451da177e4SLinus Torvalds 461da177e4SLinus Torvalds #include <net/sock.h> 471da177e4SLinus Torvalds #include <net/snmp.h> 481da177e4SLinus Torvalds 491da177e4SLinus Torvalds #include <net/ipv6.h> 501da177e4SLinus Torvalds #include <net/ndisc.h> 511da177e4SLinus Torvalds #include <net/protocol.h> 521da177e4SLinus Torvalds #include <net/ip6_route.h> 531da177e4SLinus Torvalds #include <net/addrconf.h> 541da177e4SLinus Torvalds #include <net/rawv6.h> 551da177e4SLinus Torvalds #include <net/icmp.h> 561da177e4SLinus Torvalds #include <net/xfrm.h> 571da177e4SLinus Torvalds #include <net/checksum.h> 581da177e4SLinus Torvalds 591da177e4SLinus Torvalds static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)); 601da177e4SLinus Torvalds 611da177e4SLinus Torvalds static __inline__ void ipv6_select_ident(struct sk_buff *skb, struct frag_hdr *fhdr) 621da177e4SLinus Torvalds { 631da177e4SLinus Torvalds static u32 ipv6_fragmentation_id = 1; 641da177e4SLinus Torvalds static DEFINE_SPINLOCK(ip6_id_lock); 651da177e4SLinus Torvalds 661da177e4SLinus Torvalds spin_lock_bh(&ip6_id_lock); 671da177e4SLinus Torvalds fhdr->identification = htonl(ipv6_fragmentation_id); 681da177e4SLinus Torvalds if (++ipv6_fragmentation_id == 0) 691da177e4SLinus Torvalds ipv6_fragmentation_id = 1; 701da177e4SLinus Torvalds spin_unlock_bh(&ip6_id_lock); 711da177e4SLinus Torvalds } 721da177e4SLinus Torvalds 731da177e4SLinus Torvalds static inline int ip6_output_finish(struct sk_buff *skb) 741da177e4SLinus Torvalds { 751da177e4SLinus Torvalds 761da177e4SLinus Torvalds struct dst_entry *dst = skb->dst; 771da177e4SLinus Torvalds struct hh_cache *hh = dst->hh; 781da177e4SLinus Torvalds 791da177e4SLinus Torvalds if (hh) { 801da177e4SLinus Torvalds int hh_alen; 811da177e4SLinus Torvalds 821da177e4SLinus Torvalds read_lock_bh(&hh->hh_lock); 831da177e4SLinus Torvalds hh_alen = HH_DATA_ALIGN(hh->hh_len); 841da177e4SLinus Torvalds memcpy(skb->data - hh_alen, hh->hh_data, hh_alen); 851da177e4SLinus Torvalds read_unlock_bh(&hh->hh_lock); 861da177e4SLinus Torvalds skb_push(skb, hh->hh_len); 871da177e4SLinus Torvalds return hh->hh_output(skb); 881da177e4SLinus Torvalds } else if (dst->neighbour) 891da177e4SLinus Torvalds return dst->neighbour->output(skb); 901da177e4SLinus Torvalds 911da177e4SLinus Torvalds IP6_INC_STATS_BH(IPSTATS_MIB_OUTNOROUTES); 921da177e4SLinus Torvalds kfree_skb(skb); 931da177e4SLinus Torvalds return -EINVAL; 941da177e4SLinus Torvalds 951da177e4SLinus Torvalds } 961da177e4SLinus Torvalds 971da177e4SLinus Torvalds /* dev_loopback_xmit for use with netfilter. */ 981da177e4SLinus Torvalds static int ip6_dev_loopback_xmit(struct sk_buff *newskb) 991da177e4SLinus Torvalds { 1001da177e4SLinus Torvalds newskb->mac.raw = newskb->data; 1011da177e4SLinus Torvalds __skb_pull(newskb, newskb->nh.raw - newskb->data); 1021da177e4SLinus Torvalds newskb->pkt_type = PACKET_LOOPBACK; 1031da177e4SLinus Torvalds newskb->ip_summed = CHECKSUM_UNNECESSARY; 1041da177e4SLinus Torvalds BUG_TRAP(newskb->dst); 1051da177e4SLinus Torvalds 1061da177e4SLinus Torvalds netif_rx(newskb); 1071da177e4SLinus Torvalds return 0; 1081da177e4SLinus Torvalds } 1091da177e4SLinus Torvalds 1101da177e4SLinus Torvalds 1111da177e4SLinus Torvalds static int ip6_output2(struct sk_buff *skb) 1121da177e4SLinus Torvalds { 1131da177e4SLinus Torvalds struct dst_entry *dst = skb->dst; 1141da177e4SLinus Torvalds struct net_device *dev = dst->dev; 1151da177e4SLinus Torvalds 1161da177e4SLinus Torvalds skb->protocol = htons(ETH_P_IPV6); 1171da177e4SLinus Torvalds skb->dev = dev; 1181da177e4SLinus Torvalds 1191da177e4SLinus Torvalds if (ipv6_addr_is_multicast(&skb->nh.ipv6h->daddr)) { 1201da177e4SLinus Torvalds struct ipv6_pinfo* np = skb->sk ? inet6_sk(skb->sk) : NULL; 1211da177e4SLinus Torvalds 1221da177e4SLinus Torvalds if (!(dev->flags & IFF_LOOPBACK) && (!np || np->mc_loop) && 1231da177e4SLinus Torvalds ipv6_chk_mcast_addr(dev, &skb->nh.ipv6h->daddr, 1241da177e4SLinus Torvalds &skb->nh.ipv6h->saddr)) { 1251da177e4SLinus Torvalds struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); 1261da177e4SLinus Torvalds 1271da177e4SLinus Torvalds /* Do not check for IFF_ALLMULTI; multicast routing 1281da177e4SLinus Torvalds is not supported in any case. 1291da177e4SLinus Torvalds */ 1301da177e4SLinus Torvalds if (newskb) 1311da177e4SLinus Torvalds NF_HOOK(PF_INET6, NF_IP6_POST_ROUTING, newskb, NULL, 1321da177e4SLinus Torvalds newskb->dev, 1331da177e4SLinus Torvalds ip6_dev_loopback_xmit); 1341da177e4SLinus Torvalds 1351da177e4SLinus Torvalds if (skb->nh.ipv6h->hop_limit == 0) { 1361da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTDISCARDS); 1371da177e4SLinus Torvalds kfree_skb(skb); 1381da177e4SLinus Torvalds return 0; 1391da177e4SLinus Torvalds } 1401da177e4SLinus Torvalds } 1411da177e4SLinus Torvalds 1421da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTMCASTPKTS); 1431da177e4SLinus Torvalds } 1441da177e4SLinus Torvalds 1451da177e4SLinus Torvalds return NF_HOOK(PF_INET6, NF_IP6_POST_ROUTING, skb,NULL, skb->dev,ip6_output_finish); 1461da177e4SLinus Torvalds } 1471da177e4SLinus Torvalds 1481da177e4SLinus Torvalds int ip6_output(struct sk_buff *skb) 1491da177e4SLinus Torvalds { 1501da177e4SLinus Torvalds if (skb->len > dst_mtu(skb->dst) || dst_allfrag(skb->dst)) 1511da177e4SLinus Torvalds return ip6_fragment(skb, ip6_output2); 1521da177e4SLinus Torvalds else 1531da177e4SLinus Torvalds return ip6_output2(skb); 1541da177e4SLinus Torvalds } 1551da177e4SLinus Torvalds 1561da177e4SLinus Torvalds #ifdef CONFIG_NETFILTER 1571da177e4SLinus Torvalds int ip6_route_me_harder(struct sk_buff *skb) 1581da177e4SLinus Torvalds { 1591da177e4SLinus Torvalds struct ipv6hdr *iph = skb->nh.ipv6h; 1601da177e4SLinus Torvalds struct dst_entry *dst; 1611da177e4SLinus Torvalds struct flowi fl = { 1621da177e4SLinus Torvalds .oif = skb->sk ? skb->sk->sk_bound_dev_if : 0, 1631da177e4SLinus Torvalds .nl_u = 1641da177e4SLinus Torvalds { .ip6_u = 1651da177e4SLinus Torvalds { .daddr = iph->daddr, 1661da177e4SLinus Torvalds .saddr = iph->saddr, } }, 1671da177e4SLinus Torvalds .proto = iph->nexthdr, 1681da177e4SLinus Torvalds }; 1691da177e4SLinus Torvalds 1701da177e4SLinus Torvalds dst = ip6_route_output(skb->sk, &fl); 1711da177e4SLinus Torvalds 1721da177e4SLinus Torvalds if (dst->error) { 1731da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTNOROUTES); 1741da177e4SLinus Torvalds LIMIT_NETDEBUG( 1751da177e4SLinus Torvalds printk(KERN_DEBUG "ip6_route_me_harder: No more route.\n")); 1761da177e4SLinus Torvalds dst_release(dst); 1771da177e4SLinus Torvalds return -EINVAL; 1781da177e4SLinus Torvalds } 1791da177e4SLinus Torvalds 1801da177e4SLinus Torvalds /* Drop old route. */ 1811da177e4SLinus Torvalds dst_release(skb->dst); 1821da177e4SLinus Torvalds 1831da177e4SLinus Torvalds skb->dst = dst; 1841da177e4SLinus Torvalds return 0; 1851da177e4SLinus Torvalds } 1861da177e4SLinus Torvalds #endif 1871da177e4SLinus Torvalds 1881da177e4SLinus Torvalds static inline int ip6_maybe_reroute(struct sk_buff *skb) 1891da177e4SLinus Torvalds { 1901da177e4SLinus Torvalds #ifdef CONFIG_NETFILTER 1911da177e4SLinus Torvalds if (skb->nfcache & NFC_ALTERED){ 1921da177e4SLinus Torvalds if (ip6_route_me_harder(skb) != 0){ 1931da177e4SLinus Torvalds kfree_skb(skb); 1941da177e4SLinus Torvalds return -EINVAL; 1951da177e4SLinus Torvalds } 1961da177e4SLinus Torvalds } 1971da177e4SLinus Torvalds #endif /* CONFIG_NETFILTER */ 1981da177e4SLinus Torvalds return dst_output(skb); 1991da177e4SLinus Torvalds } 2001da177e4SLinus Torvalds 2011da177e4SLinus Torvalds /* 2021da177e4SLinus Torvalds * xmit an sk_buff (used by TCP) 2031da177e4SLinus Torvalds */ 2041da177e4SLinus Torvalds 2051da177e4SLinus Torvalds int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl, 2061da177e4SLinus Torvalds struct ipv6_txoptions *opt, int ipfragok) 2071da177e4SLinus Torvalds { 2081da177e4SLinus Torvalds struct ipv6_pinfo *np = sk ? inet6_sk(sk) : NULL; 2091da177e4SLinus Torvalds struct in6_addr *first_hop = &fl->fl6_dst; 2101da177e4SLinus Torvalds struct dst_entry *dst = skb->dst; 2111da177e4SLinus Torvalds struct ipv6hdr *hdr; 2121da177e4SLinus Torvalds u8 proto = fl->proto; 2131da177e4SLinus Torvalds int seg_len = skb->len; 2141da177e4SLinus Torvalds int hlimit; 2151da177e4SLinus Torvalds u32 mtu; 2161da177e4SLinus Torvalds 2171da177e4SLinus Torvalds if (opt) { 2181da177e4SLinus Torvalds int head_room; 2191da177e4SLinus Torvalds 2201da177e4SLinus Torvalds /* First: exthdrs may take lots of space (~8K for now) 2211da177e4SLinus Torvalds MAX_HEADER is not enough. 2221da177e4SLinus Torvalds */ 2231da177e4SLinus Torvalds head_room = opt->opt_nflen + opt->opt_flen; 2241da177e4SLinus Torvalds seg_len += head_room; 2251da177e4SLinus Torvalds head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev); 2261da177e4SLinus Torvalds 2271da177e4SLinus Torvalds if (skb_headroom(skb) < head_room) { 2281da177e4SLinus Torvalds struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room); 2291da177e4SLinus Torvalds kfree_skb(skb); 2301da177e4SLinus Torvalds skb = skb2; 2311da177e4SLinus Torvalds if (skb == NULL) { 2321da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTDISCARDS); 2331da177e4SLinus Torvalds return -ENOBUFS; 2341da177e4SLinus Torvalds } 2351da177e4SLinus Torvalds if (sk) 2361da177e4SLinus Torvalds skb_set_owner_w(skb, sk); 2371da177e4SLinus Torvalds } 2381da177e4SLinus Torvalds if (opt->opt_flen) 2391da177e4SLinus Torvalds ipv6_push_frag_opts(skb, opt, &proto); 2401da177e4SLinus Torvalds if (opt->opt_nflen) 2411da177e4SLinus Torvalds ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop); 2421da177e4SLinus Torvalds } 2431da177e4SLinus Torvalds 2441da177e4SLinus Torvalds hdr = skb->nh.ipv6h = (struct ipv6hdr*)skb_push(skb, sizeof(struct ipv6hdr)); 2451da177e4SLinus Torvalds 2461da177e4SLinus Torvalds /* 2471da177e4SLinus Torvalds * Fill in the IPv6 header 2481da177e4SLinus Torvalds */ 2491da177e4SLinus Torvalds 2501da177e4SLinus Torvalds *(u32*)hdr = htonl(0x60000000) | fl->fl6_flowlabel; 2511da177e4SLinus Torvalds hlimit = -1; 2521da177e4SLinus Torvalds if (np) 2531da177e4SLinus Torvalds hlimit = np->hop_limit; 2541da177e4SLinus Torvalds if (hlimit < 0) 2551da177e4SLinus Torvalds hlimit = dst_metric(dst, RTAX_HOPLIMIT); 2561da177e4SLinus Torvalds if (hlimit < 0) 2571da177e4SLinus Torvalds hlimit = ipv6_get_hoplimit(dst->dev); 2581da177e4SLinus Torvalds 2591da177e4SLinus Torvalds hdr->payload_len = htons(seg_len); 2601da177e4SLinus Torvalds hdr->nexthdr = proto; 2611da177e4SLinus Torvalds hdr->hop_limit = hlimit; 2621da177e4SLinus Torvalds 2631da177e4SLinus Torvalds ipv6_addr_copy(&hdr->saddr, &fl->fl6_src); 2641da177e4SLinus Torvalds ipv6_addr_copy(&hdr->daddr, first_hop); 2651da177e4SLinus Torvalds 2661da177e4SLinus Torvalds mtu = dst_mtu(dst); 2671da177e4SLinus Torvalds if ((skb->len <= mtu) || ipfragok) { 2681da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS); 2691da177e4SLinus Torvalds return NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, ip6_maybe_reroute); 2701da177e4SLinus Torvalds } 2711da177e4SLinus Torvalds 2721da177e4SLinus Torvalds if (net_ratelimit()) 2731da177e4SLinus Torvalds printk(KERN_DEBUG "IPv6: sending pkt_too_big to self\n"); 2741da177e4SLinus Torvalds skb->dev = dst->dev; 2751da177e4SLinus Torvalds icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, skb->dev); 2761da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGFAILS); 2771da177e4SLinus Torvalds kfree_skb(skb); 2781da177e4SLinus Torvalds return -EMSGSIZE; 2791da177e4SLinus Torvalds } 2801da177e4SLinus Torvalds 2811da177e4SLinus Torvalds /* 2821da177e4SLinus Torvalds * To avoid extra problems ND packets are send through this 2831da177e4SLinus Torvalds * routine. It's code duplication but I really want to avoid 2841da177e4SLinus Torvalds * extra checks since ipv6_build_header is used by TCP (which 2851da177e4SLinus Torvalds * is for us performance critical) 2861da177e4SLinus Torvalds */ 2871da177e4SLinus Torvalds 2881da177e4SLinus Torvalds int ip6_nd_hdr(struct sock *sk, struct sk_buff *skb, struct net_device *dev, 2891da177e4SLinus Torvalds struct in6_addr *saddr, struct in6_addr *daddr, 2901da177e4SLinus Torvalds int proto, int len) 2911da177e4SLinus Torvalds { 2921da177e4SLinus Torvalds struct ipv6_pinfo *np = inet6_sk(sk); 2931da177e4SLinus Torvalds struct ipv6hdr *hdr; 2941da177e4SLinus Torvalds int totlen; 2951da177e4SLinus Torvalds 2961da177e4SLinus Torvalds skb->protocol = htons(ETH_P_IPV6); 2971da177e4SLinus Torvalds skb->dev = dev; 2981da177e4SLinus Torvalds 2991da177e4SLinus Torvalds totlen = len + sizeof(struct ipv6hdr); 3001da177e4SLinus Torvalds 3011da177e4SLinus Torvalds hdr = (struct ipv6hdr *) skb_put(skb, sizeof(struct ipv6hdr)); 3021da177e4SLinus Torvalds skb->nh.ipv6h = hdr; 3031da177e4SLinus Torvalds 3041da177e4SLinus Torvalds *(u32*)hdr = htonl(0x60000000); 3051da177e4SLinus Torvalds 3061da177e4SLinus Torvalds hdr->payload_len = htons(len); 3071da177e4SLinus Torvalds hdr->nexthdr = proto; 3081da177e4SLinus Torvalds hdr->hop_limit = np->hop_limit; 3091da177e4SLinus Torvalds 3101da177e4SLinus Torvalds ipv6_addr_copy(&hdr->saddr, saddr); 3111da177e4SLinus Torvalds ipv6_addr_copy(&hdr->daddr, daddr); 3121da177e4SLinus Torvalds 3131da177e4SLinus Torvalds return 0; 3141da177e4SLinus Torvalds } 3151da177e4SLinus Torvalds 3161da177e4SLinus Torvalds static int ip6_call_ra_chain(struct sk_buff *skb, int sel) 3171da177e4SLinus Torvalds { 3181da177e4SLinus Torvalds struct ip6_ra_chain *ra; 3191da177e4SLinus Torvalds struct sock *last = NULL; 3201da177e4SLinus Torvalds 3211da177e4SLinus Torvalds read_lock(&ip6_ra_lock); 3221da177e4SLinus Torvalds for (ra = ip6_ra_chain; ra; ra = ra->next) { 3231da177e4SLinus Torvalds struct sock *sk = ra->sk; 3241da177e4SLinus Torvalds if (sk && ra->sel == sel) { 3251da177e4SLinus Torvalds if (last) { 3261da177e4SLinus Torvalds struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC); 3271da177e4SLinus Torvalds if (skb2) 3281da177e4SLinus Torvalds rawv6_rcv(last, skb2); 3291da177e4SLinus Torvalds } 3301da177e4SLinus Torvalds last = sk; 3311da177e4SLinus Torvalds } 3321da177e4SLinus Torvalds } 3331da177e4SLinus Torvalds 3341da177e4SLinus Torvalds if (last) { 3351da177e4SLinus Torvalds rawv6_rcv(last, skb); 3361da177e4SLinus Torvalds read_unlock(&ip6_ra_lock); 3371da177e4SLinus Torvalds return 1; 3381da177e4SLinus Torvalds } 3391da177e4SLinus Torvalds read_unlock(&ip6_ra_lock); 3401da177e4SLinus Torvalds return 0; 3411da177e4SLinus Torvalds } 3421da177e4SLinus Torvalds 3431da177e4SLinus Torvalds static inline int ip6_forward_finish(struct sk_buff *skb) 3441da177e4SLinus Torvalds { 3451da177e4SLinus Torvalds return dst_output(skb); 3461da177e4SLinus Torvalds } 3471da177e4SLinus Torvalds 3481da177e4SLinus Torvalds int ip6_forward(struct sk_buff *skb) 3491da177e4SLinus Torvalds { 3501da177e4SLinus Torvalds struct dst_entry *dst = skb->dst; 3511da177e4SLinus Torvalds struct ipv6hdr *hdr = skb->nh.ipv6h; 3521da177e4SLinus Torvalds struct inet6_skb_parm *opt = IP6CB(skb); 3531da177e4SLinus Torvalds 3541da177e4SLinus Torvalds if (ipv6_devconf.forwarding == 0) 3551da177e4SLinus Torvalds goto error; 3561da177e4SLinus Torvalds 3571da177e4SLinus Torvalds if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) { 3581da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_INDISCARDS); 3591da177e4SLinus Torvalds goto drop; 3601da177e4SLinus Torvalds } 3611da177e4SLinus Torvalds 3621da177e4SLinus Torvalds skb->ip_summed = CHECKSUM_NONE; 3631da177e4SLinus Torvalds 3641da177e4SLinus Torvalds /* 3651da177e4SLinus Torvalds * We DO NOT make any processing on 3661da177e4SLinus Torvalds * RA packets, pushing them to user level AS IS 3671da177e4SLinus Torvalds * without ane WARRANTY that application will be able 3681da177e4SLinus Torvalds * to interpret them. The reason is that we 3691da177e4SLinus Torvalds * cannot make anything clever here. 3701da177e4SLinus Torvalds * 3711da177e4SLinus Torvalds * We are not end-node, so that if packet contains 3721da177e4SLinus Torvalds * AH/ESP, we cannot make anything. 3731da177e4SLinus Torvalds * Defragmentation also would be mistake, RA packets 3741da177e4SLinus Torvalds * cannot be fragmented, because there is no warranty 3751da177e4SLinus Torvalds * that different fragments will go along one path. --ANK 3761da177e4SLinus Torvalds */ 3771da177e4SLinus Torvalds if (opt->ra) { 3781da177e4SLinus Torvalds u8 *ptr = skb->nh.raw + opt->ra; 3791da177e4SLinus Torvalds if (ip6_call_ra_chain(skb, (ptr[2]<<8) + ptr[3])) 3801da177e4SLinus Torvalds return 0; 3811da177e4SLinus Torvalds } 3821da177e4SLinus Torvalds 3831da177e4SLinus Torvalds /* 3841da177e4SLinus Torvalds * check and decrement ttl 3851da177e4SLinus Torvalds */ 3861da177e4SLinus Torvalds if (hdr->hop_limit <= 1) { 3871da177e4SLinus Torvalds /* Force OUTPUT device used as source address */ 3881da177e4SLinus Torvalds skb->dev = dst->dev; 3891da177e4SLinus Torvalds icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 3901da177e4SLinus Torvalds 0, skb->dev); 3911da177e4SLinus Torvalds 3921da177e4SLinus Torvalds kfree_skb(skb); 3931da177e4SLinus Torvalds return -ETIMEDOUT; 3941da177e4SLinus Torvalds } 3951da177e4SLinus Torvalds 3961da177e4SLinus Torvalds if (!xfrm6_route_forward(skb)) { 3971da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_INDISCARDS); 3981da177e4SLinus Torvalds goto drop; 3991da177e4SLinus Torvalds } 4001da177e4SLinus Torvalds dst = skb->dst; 4011da177e4SLinus Torvalds 4021da177e4SLinus Torvalds /* IPv6 specs say nothing about it, but it is clear that we cannot 4031da177e4SLinus Torvalds send redirects to source routed frames. 4041da177e4SLinus Torvalds */ 4051da177e4SLinus Torvalds if (skb->dev == dst->dev && dst->neighbour && opt->srcrt == 0) { 4061da177e4SLinus Torvalds struct in6_addr *target = NULL; 4071da177e4SLinus Torvalds struct rt6_info *rt; 4081da177e4SLinus Torvalds struct neighbour *n = dst->neighbour; 4091da177e4SLinus Torvalds 4101da177e4SLinus Torvalds /* 4111da177e4SLinus Torvalds * incoming and outgoing devices are the same 4121da177e4SLinus Torvalds * send a redirect. 4131da177e4SLinus Torvalds */ 4141da177e4SLinus Torvalds 4151da177e4SLinus Torvalds rt = (struct rt6_info *) dst; 4161da177e4SLinus Torvalds if ((rt->rt6i_flags & RTF_GATEWAY)) 4171da177e4SLinus Torvalds target = (struct in6_addr*)&n->primary_key; 4181da177e4SLinus Torvalds else 4191da177e4SLinus Torvalds target = &hdr->daddr; 4201da177e4SLinus Torvalds 4211da177e4SLinus Torvalds /* Limit redirects both by destination (here) 4221da177e4SLinus Torvalds and by source (inside ndisc_send_redirect) 4231da177e4SLinus Torvalds */ 4241da177e4SLinus Torvalds if (xrlim_allow(dst, 1*HZ)) 4251da177e4SLinus Torvalds ndisc_send_redirect(skb, n, target); 4261da177e4SLinus Torvalds } else if (ipv6_addr_type(&hdr->saddr)&(IPV6_ADDR_MULTICAST|IPV6_ADDR_LOOPBACK 4271da177e4SLinus Torvalds |IPV6_ADDR_LINKLOCAL)) { 4281da177e4SLinus Torvalds /* This check is security critical. */ 4291da177e4SLinus Torvalds goto error; 4301da177e4SLinus Torvalds } 4311da177e4SLinus Torvalds 4321da177e4SLinus Torvalds if (skb->len > dst_mtu(dst)) { 4331da177e4SLinus Torvalds /* Again, force OUTPUT device used as source address */ 4341da177e4SLinus Torvalds skb->dev = dst->dev; 4351da177e4SLinus Torvalds icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, dst_mtu(dst), skb->dev); 4361da177e4SLinus Torvalds IP6_INC_STATS_BH(IPSTATS_MIB_INTOOBIGERRORS); 4371da177e4SLinus Torvalds IP6_INC_STATS_BH(IPSTATS_MIB_FRAGFAILS); 4381da177e4SLinus Torvalds kfree_skb(skb); 4391da177e4SLinus Torvalds return -EMSGSIZE; 4401da177e4SLinus Torvalds } 4411da177e4SLinus Torvalds 4421da177e4SLinus Torvalds if (skb_cow(skb, dst->dev->hard_header_len)) { 4431da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTDISCARDS); 4441da177e4SLinus Torvalds goto drop; 4451da177e4SLinus Torvalds } 4461da177e4SLinus Torvalds 4471da177e4SLinus Torvalds hdr = skb->nh.ipv6h; 4481da177e4SLinus Torvalds 4491da177e4SLinus Torvalds /* Mangling hops number delayed to point after skb COW */ 4501da177e4SLinus Torvalds 4511da177e4SLinus Torvalds hdr->hop_limit--; 4521da177e4SLinus Torvalds 4531da177e4SLinus Torvalds IP6_INC_STATS_BH(IPSTATS_MIB_OUTFORWDATAGRAMS); 4541da177e4SLinus Torvalds return NF_HOOK(PF_INET6,NF_IP6_FORWARD, skb, skb->dev, dst->dev, ip6_forward_finish); 4551da177e4SLinus Torvalds 4561da177e4SLinus Torvalds error: 4571da177e4SLinus Torvalds IP6_INC_STATS_BH(IPSTATS_MIB_INADDRERRORS); 4581da177e4SLinus Torvalds drop: 4591da177e4SLinus Torvalds kfree_skb(skb); 4601da177e4SLinus Torvalds return -EINVAL; 4611da177e4SLinus Torvalds } 4621da177e4SLinus Torvalds 4631da177e4SLinus Torvalds static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from) 4641da177e4SLinus Torvalds { 4651da177e4SLinus Torvalds to->pkt_type = from->pkt_type; 4661da177e4SLinus Torvalds to->priority = from->priority; 4671da177e4SLinus Torvalds to->protocol = from->protocol; 4681da177e4SLinus Torvalds dst_release(to->dst); 4691da177e4SLinus Torvalds to->dst = dst_clone(from->dst); 4701da177e4SLinus Torvalds to->dev = from->dev; 4711da177e4SLinus Torvalds 4721da177e4SLinus Torvalds #ifdef CONFIG_NET_SCHED 4731da177e4SLinus Torvalds to->tc_index = from->tc_index; 4741da177e4SLinus Torvalds #endif 4751da177e4SLinus Torvalds #ifdef CONFIG_NETFILTER 4761da177e4SLinus Torvalds to->nfmark = from->nfmark; 4771da177e4SLinus Torvalds /* Connection association is same as pre-frag packet */ 4781da177e4SLinus Torvalds to->nfct = from->nfct; 4791da177e4SLinus Torvalds nf_conntrack_get(to->nfct); 4801da177e4SLinus Torvalds to->nfctinfo = from->nfctinfo; 4811da177e4SLinus Torvalds #ifdef CONFIG_BRIDGE_NETFILTER 4821da177e4SLinus Torvalds nf_bridge_put(to->nf_bridge); 4831da177e4SLinus Torvalds to->nf_bridge = from->nf_bridge; 4841da177e4SLinus Torvalds nf_bridge_get(to->nf_bridge); 4851da177e4SLinus Torvalds #endif 4861da177e4SLinus Torvalds #endif 4871da177e4SLinus Torvalds } 4881da177e4SLinus Torvalds 4891da177e4SLinus Torvalds int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr) 4901da177e4SLinus Torvalds { 4911da177e4SLinus Torvalds u16 offset = sizeof(struct ipv6hdr); 4921da177e4SLinus Torvalds struct ipv6_opt_hdr *exthdr = (struct ipv6_opt_hdr*)(skb->nh.ipv6h + 1); 4931da177e4SLinus Torvalds unsigned int packet_len = skb->tail - skb->nh.raw; 4941da177e4SLinus Torvalds int found_rhdr = 0; 4951da177e4SLinus Torvalds *nexthdr = &skb->nh.ipv6h->nexthdr; 4961da177e4SLinus Torvalds 4971da177e4SLinus Torvalds while (offset + 1 <= packet_len) { 4981da177e4SLinus Torvalds 4991da177e4SLinus Torvalds switch (**nexthdr) { 5001da177e4SLinus Torvalds 5011da177e4SLinus Torvalds case NEXTHDR_HOP: 5021da177e4SLinus Torvalds case NEXTHDR_ROUTING: 5031da177e4SLinus Torvalds case NEXTHDR_DEST: 5041da177e4SLinus Torvalds if (**nexthdr == NEXTHDR_ROUTING) found_rhdr = 1; 5051da177e4SLinus Torvalds if (**nexthdr == NEXTHDR_DEST && found_rhdr) return offset; 5061da177e4SLinus Torvalds offset += ipv6_optlen(exthdr); 5071da177e4SLinus Torvalds *nexthdr = &exthdr->nexthdr; 5081da177e4SLinus Torvalds exthdr = (struct ipv6_opt_hdr*)(skb->nh.raw + offset); 5091da177e4SLinus Torvalds break; 5101da177e4SLinus Torvalds default : 5111da177e4SLinus Torvalds return offset; 5121da177e4SLinus Torvalds } 5131da177e4SLinus Torvalds } 5141da177e4SLinus Torvalds 5151da177e4SLinus Torvalds return offset; 5161da177e4SLinus Torvalds } 5171da177e4SLinus Torvalds 5181da177e4SLinus Torvalds static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) 5191da177e4SLinus Torvalds { 5201da177e4SLinus Torvalds struct net_device *dev; 5211da177e4SLinus Torvalds struct sk_buff *frag; 5221da177e4SLinus Torvalds struct rt6_info *rt = (struct rt6_info*)skb->dst; 5231da177e4SLinus Torvalds struct ipv6hdr *tmp_hdr; 5241da177e4SLinus Torvalds struct frag_hdr *fh; 5251da177e4SLinus Torvalds unsigned int mtu, hlen, left, len; 5261da177e4SLinus Torvalds u32 frag_id = 0; 5271da177e4SLinus Torvalds int ptr, offset = 0, err=0; 5281da177e4SLinus Torvalds u8 *prevhdr, nexthdr = 0; 5291da177e4SLinus Torvalds 5301da177e4SLinus Torvalds dev = rt->u.dst.dev; 5311da177e4SLinus Torvalds hlen = ip6_find_1stfragopt(skb, &prevhdr); 5321da177e4SLinus Torvalds nexthdr = *prevhdr; 5331da177e4SLinus Torvalds 5341da177e4SLinus Torvalds mtu = dst_mtu(&rt->u.dst) - hlen - sizeof(struct frag_hdr); 5351da177e4SLinus Torvalds 5361da177e4SLinus Torvalds if (skb_shinfo(skb)->frag_list) { 5371da177e4SLinus Torvalds int first_len = skb_pagelen(skb); 5381da177e4SLinus Torvalds 5391da177e4SLinus Torvalds if (first_len - hlen > mtu || 5401da177e4SLinus Torvalds ((first_len - hlen) & 7) || 5411da177e4SLinus Torvalds skb_cloned(skb)) 5421da177e4SLinus Torvalds goto slow_path; 5431da177e4SLinus Torvalds 5441da177e4SLinus Torvalds for (frag = skb_shinfo(skb)->frag_list; frag; frag = frag->next) { 5451da177e4SLinus Torvalds /* Correct geometry. */ 5461da177e4SLinus Torvalds if (frag->len > mtu || 5471da177e4SLinus Torvalds ((frag->len & 7) && frag->next) || 5481da177e4SLinus Torvalds skb_headroom(frag) < hlen) 5491da177e4SLinus Torvalds goto slow_path; 5501da177e4SLinus Torvalds 5511da177e4SLinus Torvalds /* Partially cloned skb? */ 5521da177e4SLinus Torvalds if (skb_shared(frag)) 5531da177e4SLinus Torvalds goto slow_path; 5542fdba6b0SHerbert Xu 5552fdba6b0SHerbert Xu BUG_ON(frag->sk); 5562fdba6b0SHerbert Xu if (skb->sk) { 5572fdba6b0SHerbert Xu sock_hold(skb->sk); 5582fdba6b0SHerbert Xu frag->sk = skb->sk; 5592fdba6b0SHerbert Xu frag->destructor = sock_wfree; 5602fdba6b0SHerbert Xu skb->truesize -= frag->truesize; 5612fdba6b0SHerbert Xu } 5621da177e4SLinus Torvalds } 5631da177e4SLinus Torvalds 5641da177e4SLinus Torvalds err = 0; 5651da177e4SLinus Torvalds offset = 0; 5661da177e4SLinus Torvalds frag = skb_shinfo(skb)->frag_list; 5671da177e4SLinus Torvalds skb_shinfo(skb)->frag_list = NULL; 5681da177e4SLinus Torvalds /* BUILD HEADER */ 5691da177e4SLinus Torvalds 5701da177e4SLinus Torvalds tmp_hdr = kmalloc(hlen, GFP_ATOMIC); 5711da177e4SLinus Torvalds if (!tmp_hdr) { 5721da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGFAILS); 5731da177e4SLinus Torvalds return -ENOMEM; 5741da177e4SLinus Torvalds } 5751da177e4SLinus Torvalds 5761da177e4SLinus Torvalds *prevhdr = NEXTHDR_FRAGMENT; 5771da177e4SLinus Torvalds memcpy(tmp_hdr, skb->nh.raw, hlen); 5781da177e4SLinus Torvalds __skb_pull(skb, hlen); 5791da177e4SLinus Torvalds fh = (struct frag_hdr*)__skb_push(skb, sizeof(struct frag_hdr)); 5801da177e4SLinus Torvalds skb->nh.raw = __skb_push(skb, hlen); 5811da177e4SLinus Torvalds memcpy(skb->nh.raw, tmp_hdr, hlen); 5821da177e4SLinus Torvalds 5831da177e4SLinus Torvalds ipv6_select_ident(skb, fh); 5841da177e4SLinus Torvalds fh->nexthdr = nexthdr; 5851da177e4SLinus Torvalds fh->reserved = 0; 5861da177e4SLinus Torvalds fh->frag_off = htons(IP6_MF); 5871da177e4SLinus Torvalds frag_id = fh->identification; 5881da177e4SLinus Torvalds 5891da177e4SLinus Torvalds first_len = skb_pagelen(skb); 5901da177e4SLinus Torvalds skb->data_len = first_len - skb_headlen(skb); 5911da177e4SLinus Torvalds skb->len = first_len; 5921da177e4SLinus Torvalds skb->nh.ipv6h->payload_len = htons(first_len - sizeof(struct ipv6hdr)); 5931da177e4SLinus Torvalds 5941da177e4SLinus Torvalds 5951da177e4SLinus Torvalds for (;;) { 5961da177e4SLinus Torvalds /* Prepare header of the next frame, 5971da177e4SLinus Torvalds * before previous one went down. */ 5981da177e4SLinus Torvalds if (frag) { 5991da177e4SLinus Torvalds frag->ip_summed = CHECKSUM_NONE; 6001da177e4SLinus Torvalds frag->h.raw = frag->data; 6011da177e4SLinus Torvalds fh = (struct frag_hdr*)__skb_push(frag, sizeof(struct frag_hdr)); 6021da177e4SLinus Torvalds frag->nh.raw = __skb_push(frag, hlen); 6031da177e4SLinus Torvalds memcpy(frag->nh.raw, tmp_hdr, hlen); 6041da177e4SLinus Torvalds offset += skb->len - hlen - sizeof(struct frag_hdr); 6051da177e4SLinus Torvalds fh->nexthdr = nexthdr; 6061da177e4SLinus Torvalds fh->reserved = 0; 6071da177e4SLinus Torvalds fh->frag_off = htons(offset); 6081da177e4SLinus Torvalds if (frag->next != NULL) 6091da177e4SLinus Torvalds fh->frag_off |= htons(IP6_MF); 6101da177e4SLinus Torvalds fh->identification = frag_id; 6111da177e4SLinus Torvalds frag->nh.ipv6h->payload_len = htons(frag->len - sizeof(struct ipv6hdr)); 6121da177e4SLinus Torvalds ip6_copy_metadata(frag, skb); 6131da177e4SLinus Torvalds } 6141da177e4SLinus Torvalds 6151da177e4SLinus Torvalds err = output(skb); 6161da177e4SLinus Torvalds if (err || !frag) 6171da177e4SLinus Torvalds break; 6181da177e4SLinus Torvalds 6191da177e4SLinus Torvalds skb = frag; 6201da177e4SLinus Torvalds frag = skb->next; 6211da177e4SLinus Torvalds skb->next = NULL; 6221da177e4SLinus Torvalds } 6231da177e4SLinus Torvalds 6241da177e4SLinus Torvalds if (tmp_hdr) 6251da177e4SLinus Torvalds kfree(tmp_hdr); 6261da177e4SLinus Torvalds 6271da177e4SLinus Torvalds if (err == 0) { 6281da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGOKS); 6291da177e4SLinus Torvalds return 0; 6301da177e4SLinus Torvalds } 6311da177e4SLinus Torvalds 6321da177e4SLinus Torvalds while (frag) { 6331da177e4SLinus Torvalds skb = frag->next; 6341da177e4SLinus Torvalds kfree_skb(frag); 6351da177e4SLinus Torvalds frag = skb; 6361da177e4SLinus Torvalds } 6371da177e4SLinus Torvalds 6381da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGFAILS); 6391da177e4SLinus Torvalds return err; 6401da177e4SLinus Torvalds } 6411da177e4SLinus Torvalds 6421da177e4SLinus Torvalds slow_path: 6431da177e4SLinus Torvalds left = skb->len - hlen; /* Space per frame */ 6441da177e4SLinus Torvalds ptr = hlen; /* Where to start from */ 6451da177e4SLinus Torvalds 6461da177e4SLinus Torvalds /* 6471da177e4SLinus Torvalds * Fragment the datagram. 6481da177e4SLinus Torvalds */ 6491da177e4SLinus Torvalds 6501da177e4SLinus Torvalds *prevhdr = NEXTHDR_FRAGMENT; 6511da177e4SLinus Torvalds 6521da177e4SLinus Torvalds /* 6531da177e4SLinus Torvalds * Keep copying data until we run out. 6541da177e4SLinus Torvalds */ 6551da177e4SLinus Torvalds while(left > 0) { 6561da177e4SLinus Torvalds len = left; 6571da177e4SLinus Torvalds /* IF: it doesn't fit, use 'mtu' - the data space left */ 6581da177e4SLinus Torvalds if (len > mtu) 6591da177e4SLinus Torvalds len = mtu; 6601da177e4SLinus Torvalds /* IF: we are not sending upto and including the packet end 6611da177e4SLinus Torvalds then align the next start on an eight byte boundary */ 6621da177e4SLinus Torvalds if (len < left) { 6631da177e4SLinus Torvalds len &= ~7; 6641da177e4SLinus Torvalds } 6651da177e4SLinus Torvalds /* 6661da177e4SLinus Torvalds * Allocate buffer. 6671da177e4SLinus Torvalds */ 6681da177e4SLinus Torvalds 6691da177e4SLinus Torvalds if ((frag = alloc_skb(len+hlen+sizeof(struct frag_hdr)+LL_RESERVED_SPACE(rt->u.dst.dev), GFP_ATOMIC)) == NULL) { 6701da177e4SLinus Torvalds NETDEBUG(printk(KERN_INFO "IPv6: frag: no memory for new fragment!\n")); 6711da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGFAILS); 6721da177e4SLinus Torvalds err = -ENOMEM; 6731da177e4SLinus Torvalds goto fail; 6741da177e4SLinus Torvalds } 6751da177e4SLinus Torvalds 6761da177e4SLinus Torvalds /* 6771da177e4SLinus Torvalds * Set up data on packet 6781da177e4SLinus Torvalds */ 6791da177e4SLinus Torvalds 6801da177e4SLinus Torvalds ip6_copy_metadata(frag, skb); 6811da177e4SLinus Torvalds skb_reserve(frag, LL_RESERVED_SPACE(rt->u.dst.dev)); 6821da177e4SLinus Torvalds skb_put(frag, len + hlen + sizeof(struct frag_hdr)); 6831da177e4SLinus Torvalds frag->nh.raw = frag->data; 6841da177e4SLinus Torvalds fh = (struct frag_hdr*)(frag->data + hlen); 6851da177e4SLinus Torvalds frag->h.raw = frag->data + hlen + sizeof(struct frag_hdr); 6861da177e4SLinus Torvalds 6871da177e4SLinus Torvalds /* 6881da177e4SLinus Torvalds * Charge the memory for the fragment to any owner 6891da177e4SLinus Torvalds * it might possess 6901da177e4SLinus Torvalds */ 6911da177e4SLinus Torvalds if (skb->sk) 6921da177e4SLinus Torvalds skb_set_owner_w(frag, skb->sk); 6931da177e4SLinus Torvalds 6941da177e4SLinus Torvalds /* 6951da177e4SLinus Torvalds * Copy the packet header into the new buffer. 6961da177e4SLinus Torvalds */ 6971da177e4SLinus Torvalds memcpy(frag->nh.raw, skb->data, hlen); 6981da177e4SLinus Torvalds 6991da177e4SLinus Torvalds /* 7001da177e4SLinus Torvalds * Build fragment header. 7011da177e4SLinus Torvalds */ 7021da177e4SLinus Torvalds fh->nexthdr = nexthdr; 7031da177e4SLinus Torvalds fh->reserved = 0; 7041da177e4SLinus Torvalds if (frag_id) { 7051da177e4SLinus Torvalds ipv6_select_ident(skb, fh); 7061da177e4SLinus Torvalds frag_id = fh->identification; 7071da177e4SLinus Torvalds } else 7081da177e4SLinus Torvalds fh->identification = frag_id; 7091da177e4SLinus Torvalds 7101da177e4SLinus Torvalds /* 7111da177e4SLinus Torvalds * Copy a block of the IP datagram. 7121da177e4SLinus Torvalds */ 7131da177e4SLinus Torvalds if (skb_copy_bits(skb, ptr, frag->h.raw, len)) 7141da177e4SLinus Torvalds BUG(); 7151da177e4SLinus Torvalds left -= len; 7161da177e4SLinus Torvalds 7171da177e4SLinus Torvalds fh->frag_off = htons(offset); 7181da177e4SLinus Torvalds if (left > 0) 7191da177e4SLinus Torvalds fh->frag_off |= htons(IP6_MF); 7201da177e4SLinus Torvalds frag->nh.ipv6h->payload_len = htons(frag->len - sizeof(struct ipv6hdr)); 7211da177e4SLinus Torvalds 7221da177e4SLinus Torvalds ptr += len; 7231da177e4SLinus Torvalds offset += len; 7241da177e4SLinus Torvalds 7251da177e4SLinus Torvalds /* 7261da177e4SLinus Torvalds * Put this fragment into the sending queue. 7271da177e4SLinus Torvalds */ 7281da177e4SLinus Torvalds 7291da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGCREATES); 7301da177e4SLinus Torvalds 7311da177e4SLinus Torvalds err = output(frag); 7321da177e4SLinus Torvalds if (err) 7331da177e4SLinus Torvalds goto fail; 7341da177e4SLinus Torvalds } 7351da177e4SLinus Torvalds kfree_skb(skb); 7361da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGOKS); 7371da177e4SLinus Torvalds return err; 7381da177e4SLinus Torvalds 7391da177e4SLinus Torvalds fail: 7401da177e4SLinus Torvalds kfree_skb(skb); 7411da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGFAILS); 7421da177e4SLinus Torvalds return err; 7431da177e4SLinus Torvalds } 7441da177e4SLinus Torvalds 7451da177e4SLinus Torvalds int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl) 7461da177e4SLinus Torvalds { 7471da177e4SLinus Torvalds int err = 0; 7481da177e4SLinus Torvalds 7491da177e4SLinus Torvalds *dst = NULL; 7501da177e4SLinus Torvalds if (sk) { 7511da177e4SLinus Torvalds struct ipv6_pinfo *np = inet6_sk(sk); 7521da177e4SLinus Torvalds 7531da177e4SLinus Torvalds *dst = sk_dst_check(sk, np->dst_cookie); 7541da177e4SLinus Torvalds if (*dst) { 7551da177e4SLinus Torvalds struct rt6_info *rt = (struct rt6_info*)*dst; 7561da177e4SLinus Torvalds 7571da177e4SLinus Torvalds /* Yes, checking route validity in not connected 7581da177e4SLinus Torvalds case is not very simple. Take into account, 7591da177e4SLinus Torvalds that we do not support routing by source, TOS, 7601da177e4SLinus Torvalds and MSG_DONTROUTE --ANK (980726) 7611da177e4SLinus Torvalds 7621da177e4SLinus Torvalds 1. If route was host route, check that 7631da177e4SLinus Torvalds cached destination is current. 7641da177e4SLinus Torvalds If it is network route, we still may 7651da177e4SLinus Torvalds check its validity using saved pointer 7661da177e4SLinus Torvalds to the last used address: daddr_cache. 7671da177e4SLinus Torvalds We do not want to save whole address now, 7681da177e4SLinus Torvalds (because main consumer of this service 7691da177e4SLinus Torvalds is tcp, which has not this problem), 7701da177e4SLinus Torvalds so that the last trick works only on connected 7711da177e4SLinus Torvalds sockets. 7721da177e4SLinus Torvalds 2. oif also should be the same. 7731da177e4SLinus Torvalds */ 7741da177e4SLinus Torvalds 7751da177e4SLinus Torvalds if (((rt->rt6i_dst.plen != 128 || 7761da177e4SLinus Torvalds !ipv6_addr_equal(&fl->fl6_dst, &rt->rt6i_dst.addr)) 7771da177e4SLinus Torvalds && (np->daddr_cache == NULL || 7781da177e4SLinus Torvalds !ipv6_addr_equal(&fl->fl6_dst, np->daddr_cache))) 7791da177e4SLinus Torvalds || (fl->oif && fl->oif != (*dst)->dev->ifindex)) { 7801da177e4SLinus Torvalds dst_release(*dst); 7811da177e4SLinus Torvalds *dst = NULL; 7821da177e4SLinus Torvalds } 7831da177e4SLinus Torvalds } 7841da177e4SLinus Torvalds } 7851da177e4SLinus Torvalds 7861da177e4SLinus Torvalds if (*dst == NULL) 7871da177e4SLinus Torvalds *dst = ip6_route_output(sk, fl); 7881da177e4SLinus Torvalds 7891da177e4SLinus Torvalds if ((err = (*dst)->error)) 7901da177e4SLinus Torvalds goto out_err_release; 7911da177e4SLinus Torvalds 7921da177e4SLinus Torvalds if (ipv6_addr_any(&fl->fl6_src)) { 7931da177e4SLinus Torvalds err = ipv6_get_saddr(*dst, &fl->fl6_dst, &fl->fl6_src); 7941da177e4SLinus Torvalds 795*44456d37SOlaf Hering if (err) 7961da177e4SLinus Torvalds goto out_err_release; 7971da177e4SLinus Torvalds } 7981da177e4SLinus Torvalds 7991da177e4SLinus Torvalds return 0; 8001da177e4SLinus Torvalds 8011da177e4SLinus Torvalds out_err_release: 8021da177e4SLinus Torvalds dst_release(*dst); 8031da177e4SLinus Torvalds *dst = NULL; 8041da177e4SLinus Torvalds return err; 8051da177e4SLinus Torvalds } 8061da177e4SLinus Torvalds 8071da177e4SLinus Torvalds int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb), 8081da177e4SLinus Torvalds void *from, int length, int transhdrlen, 8091da177e4SLinus Torvalds int hlimit, struct ipv6_txoptions *opt, struct flowi *fl, struct rt6_info *rt, 8101da177e4SLinus Torvalds unsigned int flags) 8111da177e4SLinus Torvalds { 8121da177e4SLinus Torvalds struct inet_sock *inet = inet_sk(sk); 8131da177e4SLinus Torvalds struct ipv6_pinfo *np = inet6_sk(sk); 8141da177e4SLinus Torvalds struct sk_buff *skb; 8151da177e4SLinus Torvalds unsigned int maxfraglen, fragheaderlen; 8161da177e4SLinus Torvalds int exthdrlen; 8171da177e4SLinus Torvalds int hh_len; 8181da177e4SLinus Torvalds int mtu; 8191da177e4SLinus Torvalds int copy; 8201da177e4SLinus Torvalds int err; 8211da177e4SLinus Torvalds int offset = 0; 8221da177e4SLinus Torvalds int csummode = CHECKSUM_NONE; 8231da177e4SLinus Torvalds 8241da177e4SLinus Torvalds if (flags&MSG_PROBE) 8251da177e4SLinus Torvalds return 0; 8261da177e4SLinus Torvalds if (skb_queue_empty(&sk->sk_write_queue)) { 8271da177e4SLinus Torvalds /* 8281da177e4SLinus Torvalds * setup for corking 8291da177e4SLinus Torvalds */ 8301da177e4SLinus Torvalds if (opt) { 8311da177e4SLinus Torvalds if (np->cork.opt == NULL) { 8321da177e4SLinus Torvalds np->cork.opt = kmalloc(opt->tot_len, 8331da177e4SLinus Torvalds sk->sk_allocation); 8341da177e4SLinus Torvalds if (unlikely(np->cork.opt == NULL)) 8351da177e4SLinus Torvalds return -ENOBUFS; 8361da177e4SLinus Torvalds } else if (np->cork.opt->tot_len < opt->tot_len) { 8371da177e4SLinus Torvalds printk(KERN_DEBUG "ip6_append_data: invalid option length\n"); 8381da177e4SLinus Torvalds return -EINVAL; 8391da177e4SLinus Torvalds } 8401da177e4SLinus Torvalds memcpy(np->cork.opt, opt, opt->tot_len); 8411da177e4SLinus Torvalds inet->cork.flags |= IPCORK_OPT; 8421da177e4SLinus Torvalds /* need source address above miyazawa*/ 8431da177e4SLinus Torvalds } 8441da177e4SLinus Torvalds dst_hold(&rt->u.dst); 8451da177e4SLinus Torvalds np->cork.rt = rt; 8461da177e4SLinus Torvalds inet->cork.fl = *fl; 8471da177e4SLinus Torvalds np->cork.hop_limit = hlimit; 8481da177e4SLinus Torvalds inet->cork.fragsize = mtu = dst_mtu(rt->u.dst.path); 8491da177e4SLinus Torvalds if (dst_allfrag(rt->u.dst.path)) 8501da177e4SLinus Torvalds inet->cork.flags |= IPCORK_ALLFRAG; 8511da177e4SLinus Torvalds inet->cork.length = 0; 8521da177e4SLinus Torvalds sk->sk_sndmsg_page = NULL; 8531da177e4SLinus Torvalds sk->sk_sndmsg_off = 0; 8541da177e4SLinus Torvalds exthdrlen = rt->u.dst.header_len + (opt ? opt->opt_flen : 0); 8551da177e4SLinus Torvalds length += exthdrlen; 8561da177e4SLinus Torvalds transhdrlen += exthdrlen; 8571da177e4SLinus Torvalds } else { 8581da177e4SLinus Torvalds rt = np->cork.rt; 8591da177e4SLinus Torvalds fl = &inet->cork.fl; 8601da177e4SLinus Torvalds if (inet->cork.flags & IPCORK_OPT) 8611da177e4SLinus Torvalds opt = np->cork.opt; 8621da177e4SLinus Torvalds transhdrlen = 0; 8631da177e4SLinus Torvalds exthdrlen = 0; 8641da177e4SLinus Torvalds mtu = inet->cork.fragsize; 8651da177e4SLinus Torvalds } 8661da177e4SLinus Torvalds 8671da177e4SLinus Torvalds hh_len = LL_RESERVED_SPACE(rt->u.dst.dev); 8681da177e4SLinus Torvalds 8691da177e4SLinus Torvalds fragheaderlen = sizeof(struct ipv6hdr) + (opt ? opt->opt_nflen : 0); 8701da177e4SLinus Torvalds maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr); 8711da177e4SLinus Torvalds 8721da177e4SLinus Torvalds if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) { 8731da177e4SLinus Torvalds if (inet->cork.length + length > sizeof(struct ipv6hdr) + IPV6_MAXPLEN - fragheaderlen) { 8741da177e4SLinus Torvalds ipv6_local_error(sk, EMSGSIZE, fl, mtu-exthdrlen); 8751da177e4SLinus Torvalds return -EMSGSIZE; 8761da177e4SLinus Torvalds } 8771da177e4SLinus Torvalds } 8781da177e4SLinus Torvalds 8791da177e4SLinus Torvalds /* 8801da177e4SLinus Torvalds * Let's try using as much space as possible. 8811da177e4SLinus Torvalds * Use MTU if total length of the message fits into the MTU. 8821da177e4SLinus Torvalds * Otherwise, we need to reserve fragment header and 8831da177e4SLinus Torvalds * fragment alignment (= 8-15 octects, in total). 8841da177e4SLinus Torvalds * 8851da177e4SLinus Torvalds * Note that we may need to "move" the data from the tail of 8861da177e4SLinus Torvalds * of the buffer to the new fragment when we split 8871da177e4SLinus Torvalds * the message. 8881da177e4SLinus Torvalds * 8891da177e4SLinus Torvalds * FIXME: It may be fragmented into multiple chunks 8901da177e4SLinus Torvalds * at once if non-fragmentable extension headers 8911da177e4SLinus Torvalds * are too large. 8921da177e4SLinus Torvalds * --yoshfuji 8931da177e4SLinus Torvalds */ 8941da177e4SLinus Torvalds 8951da177e4SLinus Torvalds inet->cork.length += length; 8961da177e4SLinus Torvalds 8971da177e4SLinus Torvalds if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) 8981da177e4SLinus Torvalds goto alloc_new_skb; 8991da177e4SLinus Torvalds 9001da177e4SLinus Torvalds while (length > 0) { 9011da177e4SLinus Torvalds /* Check if the remaining data fits into current packet. */ 9021da177e4SLinus Torvalds copy = (inet->cork.length <= mtu && !(inet->cork.flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len; 9031da177e4SLinus Torvalds if (copy < length) 9041da177e4SLinus Torvalds copy = maxfraglen - skb->len; 9051da177e4SLinus Torvalds 9061da177e4SLinus Torvalds if (copy <= 0) { 9071da177e4SLinus Torvalds char *data; 9081da177e4SLinus Torvalds unsigned int datalen; 9091da177e4SLinus Torvalds unsigned int fraglen; 9101da177e4SLinus Torvalds unsigned int fraggap; 9111da177e4SLinus Torvalds unsigned int alloclen; 9121da177e4SLinus Torvalds struct sk_buff *skb_prev; 9131da177e4SLinus Torvalds alloc_new_skb: 9141da177e4SLinus Torvalds skb_prev = skb; 9151da177e4SLinus Torvalds 9161da177e4SLinus Torvalds /* There's no room in the current skb */ 9171da177e4SLinus Torvalds if (skb_prev) 9181da177e4SLinus Torvalds fraggap = skb_prev->len - maxfraglen; 9191da177e4SLinus Torvalds else 9201da177e4SLinus Torvalds fraggap = 0; 9211da177e4SLinus Torvalds 9221da177e4SLinus Torvalds /* 9231da177e4SLinus Torvalds * If remaining data exceeds the mtu, 9241da177e4SLinus Torvalds * we know we need more fragment(s). 9251da177e4SLinus Torvalds */ 9261da177e4SLinus Torvalds datalen = length + fraggap; 9271da177e4SLinus Torvalds if (datalen > (inet->cork.length <= mtu && !(inet->cork.flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen) 9281da177e4SLinus Torvalds datalen = maxfraglen - fragheaderlen; 9291da177e4SLinus Torvalds 9301da177e4SLinus Torvalds fraglen = datalen + fragheaderlen; 9311da177e4SLinus Torvalds if ((flags & MSG_MORE) && 9321da177e4SLinus Torvalds !(rt->u.dst.dev->features&NETIF_F_SG)) 9331da177e4SLinus Torvalds alloclen = mtu; 9341da177e4SLinus Torvalds else 9351da177e4SLinus Torvalds alloclen = datalen + fragheaderlen; 9361da177e4SLinus Torvalds 9371da177e4SLinus Torvalds /* 9381da177e4SLinus Torvalds * The last fragment gets additional space at tail. 9391da177e4SLinus Torvalds * Note: we overallocate on fragments with MSG_MODE 9401da177e4SLinus Torvalds * because we have no idea if we're the last one. 9411da177e4SLinus Torvalds */ 9421da177e4SLinus Torvalds if (datalen == length + fraggap) 9431da177e4SLinus Torvalds alloclen += rt->u.dst.trailer_len; 9441da177e4SLinus Torvalds 9451da177e4SLinus Torvalds /* 9461da177e4SLinus Torvalds * We just reserve space for fragment header. 9471da177e4SLinus Torvalds * Note: this may be overallocation if the message 9481da177e4SLinus Torvalds * (without MSG_MORE) fits into the MTU. 9491da177e4SLinus Torvalds */ 9501da177e4SLinus Torvalds alloclen += sizeof(struct frag_hdr); 9511da177e4SLinus Torvalds 9521da177e4SLinus Torvalds if (transhdrlen) { 9531da177e4SLinus Torvalds skb = sock_alloc_send_skb(sk, 9541da177e4SLinus Torvalds alloclen + hh_len, 9551da177e4SLinus Torvalds (flags & MSG_DONTWAIT), &err); 9561da177e4SLinus Torvalds } else { 9571da177e4SLinus Torvalds skb = NULL; 9581da177e4SLinus Torvalds if (atomic_read(&sk->sk_wmem_alloc) <= 9591da177e4SLinus Torvalds 2 * sk->sk_sndbuf) 9601da177e4SLinus Torvalds skb = sock_wmalloc(sk, 9611da177e4SLinus Torvalds alloclen + hh_len, 1, 9621da177e4SLinus Torvalds sk->sk_allocation); 9631da177e4SLinus Torvalds if (unlikely(skb == NULL)) 9641da177e4SLinus Torvalds err = -ENOBUFS; 9651da177e4SLinus Torvalds } 9661da177e4SLinus Torvalds if (skb == NULL) 9671da177e4SLinus Torvalds goto error; 9681da177e4SLinus Torvalds /* 9691da177e4SLinus Torvalds * Fill in the control structures 9701da177e4SLinus Torvalds */ 9711da177e4SLinus Torvalds skb->ip_summed = csummode; 9721da177e4SLinus Torvalds skb->csum = 0; 9731da177e4SLinus Torvalds /* reserve for fragmentation */ 9741da177e4SLinus Torvalds skb_reserve(skb, hh_len+sizeof(struct frag_hdr)); 9751da177e4SLinus Torvalds 9761da177e4SLinus Torvalds /* 9771da177e4SLinus Torvalds * Find where to start putting bytes 9781da177e4SLinus Torvalds */ 9791da177e4SLinus Torvalds data = skb_put(skb, fraglen); 9801da177e4SLinus Torvalds skb->nh.raw = data + exthdrlen; 9811da177e4SLinus Torvalds data += fragheaderlen; 9821da177e4SLinus Torvalds skb->h.raw = data + exthdrlen; 9831da177e4SLinus Torvalds 9841da177e4SLinus Torvalds if (fraggap) { 9851da177e4SLinus Torvalds skb->csum = skb_copy_and_csum_bits( 9861da177e4SLinus Torvalds skb_prev, maxfraglen, 9871da177e4SLinus Torvalds data + transhdrlen, fraggap, 0); 9881da177e4SLinus Torvalds skb_prev->csum = csum_sub(skb_prev->csum, 9891da177e4SLinus Torvalds skb->csum); 9901da177e4SLinus Torvalds data += fraggap; 9911da177e4SLinus Torvalds skb_trim(skb_prev, maxfraglen); 9921da177e4SLinus Torvalds } 9931da177e4SLinus Torvalds copy = datalen - transhdrlen - fraggap; 9941da177e4SLinus Torvalds if (copy < 0) { 9951da177e4SLinus Torvalds err = -EINVAL; 9961da177e4SLinus Torvalds kfree_skb(skb); 9971da177e4SLinus Torvalds goto error; 9981da177e4SLinus Torvalds } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) { 9991da177e4SLinus Torvalds err = -EFAULT; 10001da177e4SLinus Torvalds kfree_skb(skb); 10011da177e4SLinus Torvalds goto error; 10021da177e4SLinus Torvalds } 10031da177e4SLinus Torvalds 10041da177e4SLinus Torvalds offset += copy; 10051da177e4SLinus Torvalds length -= datalen - fraggap; 10061da177e4SLinus Torvalds transhdrlen = 0; 10071da177e4SLinus Torvalds exthdrlen = 0; 10081da177e4SLinus Torvalds csummode = CHECKSUM_NONE; 10091da177e4SLinus Torvalds 10101da177e4SLinus Torvalds /* 10111da177e4SLinus Torvalds * Put the packet on the pending queue 10121da177e4SLinus Torvalds */ 10131da177e4SLinus Torvalds __skb_queue_tail(&sk->sk_write_queue, skb); 10141da177e4SLinus Torvalds continue; 10151da177e4SLinus Torvalds } 10161da177e4SLinus Torvalds 10171da177e4SLinus Torvalds if (copy > length) 10181da177e4SLinus Torvalds copy = length; 10191da177e4SLinus Torvalds 10201da177e4SLinus Torvalds if (!(rt->u.dst.dev->features&NETIF_F_SG)) { 10211da177e4SLinus Torvalds unsigned int off; 10221da177e4SLinus Torvalds 10231da177e4SLinus Torvalds off = skb->len; 10241da177e4SLinus Torvalds if (getfrag(from, skb_put(skb, copy), 10251da177e4SLinus Torvalds offset, copy, off, skb) < 0) { 10261da177e4SLinus Torvalds __skb_trim(skb, off); 10271da177e4SLinus Torvalds err = -EFAULT; 10281da177e4SLinus Torvalds goto error; 10291da177e4SLinus Torvalds } 10301da177e4SLinus Torvalds } else { 10311da177e4SLinus Torvalds int i = skb_shinfo(skb)->nr_frags; 10321da177e4SLinus Torvalds skb_frag_t *frag = &skb_shinfo(skb)->frags[i-1]; 10331da177e4SLinus Torvalds struct page *page = sk->sk_sndmsg_page; 10341da177e4SLinus Torvalds int off = sk->sk_sndmsg_off; 10351da177e4SLinus Torvalds unsigned int left; 10361da177e4SLinus Torvalds 10371da177e4SLinus Torvalds if (page && (left = PAGE_SIZE - off) > 0) { 10381da177e4SLinus Torvalds if (copy >= left) 10391da177e4SLinus Torvalds copy = left; 10401da177e4SLinus Torvalds if (page != frag->page) { 10411da177e4SLinus Torvalds if (i == MAX_SKB_FRAGS) { 10421da177e4SLinus Torvalds err = -EMSGSIZE; 10431da177e4SLinus Torvalds goto error; 10441da177e4SLinus Torvalds } 10451da177e4SLinus Torvalds get_page(page); 10461da177e4SLinus Torvalds skb_fill_page_desc(skb, i, page, sk->sk_sndmsg_off, 0); 10471da177e4SLinus Torvalds frag = &skb_shinfo(skb)->frags[i]; 10481da177e4SLinus Torvalds } 10491da177e4SLinus Torvalds } else if(i < MAX_SKB_FRAGS) { 10501da177e4SLinus Torvalds if (copy > PAGE_SIZE) 10511da177e4SLinus Torvalds copy = PAGE_SIZE; 10521da177e4SLinus Torvalds page = alloc_pages(sk->sk_allocation, 0); 10531da177e4SLinus Torvalds if (page == NULL) { 10541da177e4SLinus Torvalds err = -ENOMEM; 10551da177e4SLinus Torvalds goto error; 10561da177e4SLinus Torvalds } 10571da177e4SLinus Torvalds sk->sk_sndmsg_page = page; 10581da177e4SLinus Torvalds sk->sk_sndmsg_off = 0; 10591da177e4SLinus Torvalds 10601da177e4SLinus Torvalds skb_fill_page_desc(skb, i, page, 0, 0); 10611da177e4SLinus Torvalds frag = &skb_shinfo(skb)->frags[i]; 10621da177e4SLinus Torvalds skb->truesize += PAGE_SIZE; 10631da177e4SLinus Torvalds atomic_add(PAGE_SIZE, &sk->sk_wmem_alloc); 10641da177e4SLinus Torvalds } else { 10651da177e4SLinus Torvalds err = -EMSGSIZE; 10661da177e4SLinus Torvalds goto error; 10671da177e4SLinus Torvalds } 10681da177e4SLinus Torvalds if (getfrag(from, page_address(frag->page)+frag->page_offset+frag->size, offset, copy, skb->len, skb) < 0) { 10691da177e4SLinus Torvalds err = -EFAULT; 10701da177e4SLinus Torvalds goto error; 10711da177e4SLinus Torvalds } 10721da177e4SLinus Torvalds sk->sk_sndmsg_off += copy; 10731da177e4SLinus Torvalds frag->size += copy; 10741da177e4SLinus Torvalds skb->len += copy; 10751da177e4SLinus Torvalds skb->data_len += copy; 10761da177e4SLinus Torvalds } 10771da177e4SLinus Torvalds offset += copy; 10781da177e4SLinus Torvalds length -= copy; 10791da177e4SLinus Torvalds } 10801da177e4SLinus Torvalds return 0; 10811da177e4SLinus Torvalds error: 10821da177e4SLinus Torvalds inet->cork.length -= length; 10831da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTDISCARDS); 10841da177e4SLinus Torvalds return err; 10851da177e4SLinus Torvalds } 10861da177e4SLinus Torvalds 10871da177e4SLinus Torvalds int ip6_push_pending_frames(struct sock *sk) 10881da177e4SLinus Torvalds { 10891da177e4SLinus Torvalds struct sk_buff *skb, *tmp_skb; 10901da177e4SLinus Torvalds struct sk_buff **tail_skb; 10911da177e4SLinus Torvalds struct in6_addr final_dst_buf, *final_dst = &final_dst_buf; 10921da177e4SLinus Torvalds struct inet_sock *inet = inet_sk(sk); 10931da177e4SLinus Torvalds struct ipv6_pinfo *np = inet6_sk(sk); 10941da177e4SLinus Torvalds struct ipv6hdr *hdr; 10951da177e4SLinus Torvalds struct ipv6_txoptions *opt = np->cork.opt; 10961da177e4SLinus Torvalds struct rt6_info *rt = np->cork.rt; 10971da177e4SLinus Torvalds struct flowi *fl = &inet->cork.fl; 10981da177e4SLinus Torvalds unsigned char proto = fl->proto; 10991da177e4SLinus Torvalds int err = 0; 11001da177e4SLinus Torvalds 11011da177e4SLinus Torvalds if ((skb = __skb_dequeue(&sk->sk_write_queue)) == NULL) 11021da177e4SLinus Torvalds goto out; 11031da177e4SLinus Torvalds tail_skb = &(skb_shinfo(skb)->frag_list); 11041da177e4SLinus Torvalds 11051da177e4SLinus Torvalds /* move skb->data to ip header from ext header */ 11061da177e4SLinus Torvalds if (skb->data < skb->nh.raw) 11071da177e4SLinus Torvalds __skb_pull(skb, skb->nh.raw - skb->data); 11081da177e4SLinus Torvalds while ((tmp_skb = __skb_dequeue(&sk->sk_write_queue)) != NULL) { 11091da177e4SLinus Torvalds __skb_pull(tmp_skb, skb->h.raw - skb->nh.raw); 11101da177e4SLinus Torvalds *tail_skb = tmp_skb; 11111da177e4SLinus Torvalds tail_skb = &(tmp_skb->next); 11121da177e4SLinus Torvalds skb->len += tmp_skb->len; 11131da177e4SLinus Torvalds skb->data_len += tmp_skb->len; 11141da177e4SLinus Torvalds skb->truesize += tmp_skb->truesize; 11151da177e4SLinus Torvalds __sock_put(tmp_skb->sk); 11161da177e4SLinus Torvalds tmp_skb->destructor = NULL; 11171da177e4SLinus Torvalds tmp_skb->sk = NULL; 11181da177e4SLinus Torvalds } 11191da177e4SLinus Torvalds 11201da177e4SLinus Torvalds ipv6_addr_copy(final_dst, &fl->fl6_dst); 11211da177e4SLinus Torvalds __skb_pull(skb, skb->h.raw - skb->nh.raw); 11221da177e4SLinus Torvalds if (opt && opt->opt_flen) 11231da177e4SLinus Torvalds ipv6_push_frag_opts(skb, opt, &proto); 11241da177e4SLinus Torvalds if (opt && opt->opt_nflen) 11251da177e4SLinus Torvalds ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst); 11261da177e4SLinus Torvalds 11271da177e4SLinus Torvalds skb->nh.ipv6h = hdr = (struct ipv6hdr*) skb_push(skb, sizeof(struct ipv6hdr)); 11281da177e4SLinus Torvalds 11291da177e4SLinus Torvalds *(u32*)hdr = fl->fl6_flowlabel | htonl(0x60000000); 11301da177e4SLinus Torvalds 11311da177e4SLinus Torvalds if (skb->len <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) 11321da177e4SLinus Torvalds hdr->payload_len = htons(skb->len - sizeof(struct ipv6hdr)); 11331da177e4SLinus Torvalds else 11341da177e4SLinus Torvalds hdr->payload_len = 0; 11351da177e4SLinus Torvalds hdr->hop_limit = np->cork.hop_limit; 11361da177e4SLinus Torvalds hdr->nexthdr = proto; 11371da177e4SLinus Torvalds ipv6_addr_copy(&hdr->saddr, &fl->fl6_src); 11381da177e4SLinus Torvalds ipv6_addr_copy(&hdr->daddr, final_dst); 11391da177e4SLinus Torvalds 11401da177e4SLinus Torvalds skb->dst = dst_clone(&rt->u.dst); 11411da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS); 11421da177e4SLinus Torvalds err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, skb->dst->dev, dst_output); 11431da177e4SLinus Torvalds if (err) { 11441da177e4SLinus Torvalds if (err > 0) 11453320da89SHerbert Xu err = np->recverr ? net_xmit_errno(err) : 0; 11461da177e4SLinus Torvalds if (err) 11471da177e4SLinus Torvalds goto error; 11481da177e4SLinus Torvalds } 11491da177e4SLinus Torvalds 11501da177e4SLinus Torvalds out: 11511da177e4SLinus Torvalds inet->cork.flags &= ~IPCORK_OPT; 11521da177e4SLinus Torvalds if (np->cork.opt) { 11531da177e4SLinus Torvalds kfree(np->cork.opt); 11541da177e4SLinus Torvalds np->cork.opt = NULL; 11551da177e4SLinus Torvalds } 11561da177e4SLinus Torvalds if (np->cork.rt) { 11571da177e4SLinus Torvalds dst_release(&np->cork.rt->u.dst); 11581da177e4SLinus Torvalds np->cork.rt = NULL; 11591da177e4SLinus Torvalds inet->cork.flags &= ~IPCORK_ALLFRAG; 11601da177e4SLinus Torvalds } 11611da177e4SLinus Torvalds memset(&inet->cork.fl, 0, sizeof(inet->cork.fl)); 11621da177e4SLinus Torvalds return err; 11631da177e4SLinus Torvalds error: 11641da177e4SLinus Torvalds goto out; 11651da177e4SLinus Torvalds } 11661da177e4SLinus Torvalds 11671da177e4SLinus Torvalds void ip6_flush_pending_frames(struct sock *sk) 11681da177e4SLinus Torvalds { 11691da177e4SLinus Torvalds struct inet_sock *inet = inet_sk(sk); 11701da177e4SLinus Torvalds struct ipv6_pinfo *np = inet6_sk(sk); 11711da177e4SLinus Torvalds struct sk_buff *skb; 11721da177e4SLinus Torvalds 11731da177e4SLinus Torvalds while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) { 11741da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTDISCARDS); 11751da177e4SLinus Torvalds kfree_skb(skb); 11761da177e4SLinus Torvalds } 11771da177e4SLinus Torvalds 11781da177e4SLinus Torvalds inet->cork.flags &= ~IPCORK_OPT; 11791da177e4SLinus Torvalds 11801da177e4SLinus Torvalds if (np->cork.opt) { 11811da177e4SLinus Torvalds kfree(np->cork.opt); 11821da177e4SLinus Torvalds np->cork.opt = NULL; 11831da177e4SLinus Torvalds } 11841da177e4SLinus Torvalds if (np->cork.rt) { 11851da177e4SLinus Torvalds dst_release(&np->cork.rt->u.dst); 11861da177e4SLinus Torvalds np->cork.rt = NULL; 11871da177e4SLinus Torvalds inet->cork.flags &= ~IPCORK_ALLFRAG; 11881da177e4SLinus Torvalds } 11891da177e4SLinus Torvalds memset(&inet->cork.fl, 0, sizeof(inet->cork.fl)); 11901da177e4SLinus Torvalds } 1191