11da177e4SLinus Torvalds /* 21da177e4SLinus Torvalds * IPv6 output functions 31da177e4SLinus Torvalds * Linux INET6 implementation 41da177e4SLinus Torvalds * 51da177e4SLinus Torvalds * Authors: 61da177e4SLinus Torvalds * Pedro Roque <roque@di.fc.ul.pt> 71da177e4SLinus Torvalds * 81da177e4SLinus Torvalds * $Id: ip6_output.c,v 1.34 2002/02/01 22:01:04 davem Exp $ 91da177e4SLinus Torvalds * 101da177e4SLinus Torvalds * Based on linux/net/ipv4/ip_output.c 111da177e4SLinus Torvalds * 121da177e4SLinus Torvalds * This program is free software; you can redistribute it and/or 131da177e4SLinus Torvalds * modify it under the terms of the GNU General Public License 141da177e4SLinus Torvalds * as published by the Free Software Foundation; either version 151da177e4SLinus Torvalds * 2 of the License, or (at your option) any later version. 161da177e4SLinus Torvalds * 171da177e4SLinus Torvalds * Changes: 181da177e4SLinus Torvalds * A.N.Kuznetsov : airthmetics in fragmentation. 191da177e4SLinus Torvalds * extension headers are implemented. 201da177e4SLinus Torvalds * route changes now work. 211da177e4SLinus Torvalds * ip6_forward does not confuse sniffers. 221da177e4SLinus Torvalds * etc. 231da177e4SLinus Torvalds * 241da177e4SLinus Torvalds * H. von Brand : Added missing #include <linux/string.h> 251da177e4SLinus Torvalds * Imran Patel : frag id should be in NBO 261da177e4SLinus Torvalds * Kazunori MIYAZAWA @USAGI 271da177e4SLinus Torvalds * : add ip6_append_data and related functions 281da177e4SLinus Torvalds * for datagram xmit 291da177e4SLinus Torvalds */ 301da177e4SLinus Torvalds 311da177e4SLinus Torvalds #include <linux/errno.h> 321da177e4SLinus Torvalds #include <linux/types.h> 331da177e4SLinus Torvalds #include <linux/string.h> 341da177e4SLinus Torvalds #include <linux/socket.h> 351da177e4SLinus Torvalds #include <linux/net.h> 361da177e4SLinus Torvalds #include <linux/netdevice.h> 371da177e4SLinus Torvalds #include <linux/if_arp.h> 381da177e4SLinus Torvalds #include <linux/in6.h> 391da177e4SLinus Torvalds #include <linux/tcp.h> 401da177e4SLinus Torvalds #include <linux/route.h> 41b59f45d0SHerbert Xu #include <linux/module.h> 421da177e4SLinus Torvalds 431da177e4SLinus Torvalds #include <linux/netfilter.h> 441da177e4SLinus Torvalds #include <linux/netfilter_ipv6.h> 451da177e4SLinus Torvalds 461da177e4SLinus Torvalds #include <net/sock.h> 471da177e4SLinus Torvalds #include <net/snmp.h> 481da177e4SLinus Torvalds 491da177e4SLinus Torvalds #include <net/ipv6.h> 501da177e4SLinus Torvalds #include <net/ndisc.h> 511da177e4SLinus Torvalds #include <net/protocol.h> 521da177e4SLinus Torvalds #include <net/ip6_route.h> 531da177e4SLinus Torvalds #include <net/addrconf.h> 541da177e4SLinus Torvalds #include <net/rawv6.h> 551da177e4SLinus Torvalds #include <net/icmp.h> 561da177e4SLinus Torvalds #include <net/xfrm.h> 571da177e4SLinus Torvalds #include <net/checksum.h> 581da177e4SLinus Torvalds 591da177e4SLinus Torvalds static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)); 601da177e4SLinus Torvalds 611da177e4SLinus Torvalds static __inline__ void ipv6_select_ident(struct sk_buff *skb, struct frag_hdr *fhdr) 621da177e4SLinus Torvalds { 631da177e4SLinus Torvalds static u32 ipv6_fragmentation_id = 1; 641da177e4SLinus Torvalds static DEFINE_SPINLOCK(ip6_id_lock); 651da177e4SLinus Torvalds 661da177e4SLinus Torvalds spin_lock_bh(&ip6_id_lock); 671da177e4SLinus Torvalds fhdr->identification = htonl(ipv6_fragmentation_id); 681da177e4SLinus Torvalds if (++ipv6_fragmentation_id == 0) 691da177e4SLinus Torvalds ipv6_fragmentation_id = 1; 701da177e4SLinus Torvalds spin_unlock_bh(&ip6_id_lock); 711da177e4SLinus Torvalds } 721da177e4SLinus Torvalds 731da177e4SLinus Torvalds static inline int ip6_output_finish(struct sk_buff *skb) 741da177e4SLinus Torvalds { 751da177e4SLinus Torvalds 761da177e4SLinus Torvalds struct dst_entry *dst = skb->dst; 771da177e4SLinus Torvalds struct hh_cache *hh = dst->hh; 781da177e4SLinus Torvalds 791da177e4SLinus Torvalds if (hh) { 801da177e4SLinus Torvalds int hh_alen; 811da177e4SLinus Torvalds 821da177e4SLinus Torvalds read_lock_bh(&hh->hh_lock); 831da177e4SLinus Torvalds hh_alen = HH_DATA_ALIGN(hh->hh_len); 841da177e4SLinus Torvalds memcpy(skb->data - hh_alen, hh->hh_data, hh_alen); 851da177e4SLinus Torvalds read_unlock_bh(&hh->hh_lock); 861da177e4SLinus Torvalds skb_push(skb, hh->hh_len); 871da177e4SLinus Torvalds return hh->hh_output(skb); 881da177e4SLinus Torvalds } else if (dst->neighbour) 891da177e4SLinus Torvalds return dst->neighbour->output(skb); 901da177e4SLinus Torvalds 911da177e4SLinus Torvalds IP6_INC_STATS_BH(IPSTATS_MIB_OUTNOROUTES); 921da177e4SLinus Torvalds kfree_skb(skb); 931da177e4SLinus Torvalds return -EINVAL; 941da177e4SLinus Torvalds 951da177e4SLinus Torvalds } 961da177e4SLinus Torvalds 971da177e4SLinus Torvalds /* dev_loopback_xmit for use with netfilter. */ 981da177e4SLinus Torvalds static int ip6_dev_loopback_xmit(struct sk_buff *newskb) 991da177e4SLinus Torvalds { 1001da177e4SLinus Torvalds newskb->mac.raw = newskb->data; 1011da177e4SLinus Torvalds __skb_pull(newskb, newskb->nh.raw - newskb->data); 1021da177e4SLinus Torvalds newskb->pkt_type = PACKET_LOOPBACK; 1031da177e4SLinus Torvalds newskb->ip_summed = CHECKSUM_UNNECESSARY; 1041da177e4SLinus Torvalds BUG_TRAP(newskb->dst); 1051da177e4SLinus Torvalds 1061da177e4SLinus Torvalds netif_rx(newskb); 1071da177e4SLinus Torvalds return 0; 1081da177e4SLinus Torvalds } 1091da177e4SLinus Torvalds 1101da177e4SLinus Torvalds 1111da177e4SLinus Torvalds static int ip6_output2(struct sk_buff *skb) 1121da177e4SLinus Torvalds { 1131da177e4SLinus Torvalds struct dst_entry *dst = skb->dst; 1141da177e4SLinus Torvalds struct net_device *dev = dst->dev; 1151da177e4SLinus Torvalds 1161da177e4SLinus Torvalds skb->protocol = htons(ETH_P_IPV6); 1171da177e4SLinus Torvalds skb->dev = dev; 1181da177e4SLinus Torvalds 1191da177e4SLinus Torvalds if (ipv6_addr_is_multicast(&skb->nh.ipv6h->daddr)) { 1201da177e4SLinus Torvalds struct ipv6_pinfo* np = skb->sk ? inet6_sk(skb->sk) : NULL; 1211da177e4SLinus Torvalds 1221da177e4SLinus Torvalds if (!(dev->flags & IFF_LOOPBACK) && (!np || np->mc_loop) && 1231da177e4SLinus Torvalds ipv6_chk_mcast_addr(dev, &skb->nh.ipv6h->daddr, 1241da177e4SLinus Torvalds &skb->nh.ipv6h->saddr)) { 1251da177e4SLinus Torvalds struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); 1261da177e4SLinus Torvalds 1271da177e4SLinus Torvalds /* Do not check for IFF_ALLMULTI; multicast routing 1281da177e4SLinus Torvalds is not supported in any case. 1291da177e4SLinus Torvalds */ 1301da177e4SLinus Torvalds if (newskb) 1311da177e4SLinus Torvalds NF_HOOK(PF_INET6, NF_IP6_POST_ROUTING, newskb, NULL, 1321da177e4SLinus Torvalds newskb->dev, 1331da177e4SLinus Torvalds ip6_dev_loopback_xmit); 1341da177e4SLinus Torvalds 1351da177e4SLinus Torvalds if (skb->nh.ipv6h->hop_limit == 0) { 1361da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTDISCARDS); 1371da177e4SLinus Torvalds kfree_skb(skb); 1381da177e4SLinus Torvalds return 0; 1391da177e4SLinus Torvalds } 1401da177e4SLinus Torvalds } 1411da177e4SLinus Torvalds 1421da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTMCASTPKTS); 1431da177e4SLinus Torvalds } 1441da177e4SLinus Torvalds 1451da177e4SLinus Torvalds return NF_HOOK(PF_INET6, NF_IP6_POST_ROUTING, skb,NULL, skb->dev,ip6_output_finish); 1461da177e4SLinus Torvalds } 1471da177e4SLinus Torvalds 1481da177e4SLinus Torvalds int ip6_output(struct sk_buff *skb) 1491da177e4SLinus Torvalds { 150*89114afdSHerbert Xu if ((skb->len > dst_mtu(skb->dst) && !skb_is_gso(skb)) || 151e89e9cf5SAnanda Raju dst_allfrag(skb->dst)) 1521da177e4SLinus Torvalds return ip6_fragment(skb, ip6_output2); 1531da177e4SLinus Torvalds else 1541da177e4SLinus Torvalds return ip6_output2(skb); 1551da177e4SLinus Torvalds } 1561da177e4SLinus Torvalds 1571da177e4SLinus Torvalds /* 1581da177e4SLinus Torvalds * xmit an sk_buff (used by TCP) 1591da177e4SLinus Torvalds */ 1601da177e4SLinus Torvalds 1611da177e4SLinus Torvalds int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl, 1621da177e4SLinus Torvalds struct ipv6_txoptions *opt, int ipfragok) 1631da177e4SLinus Torvalds { 164b30bd282SPatrick McHardy struct ipv6_pinfo *np = inet6_sk(sk); 1651da177e4SLinus Torvalds struct in6_addr *first_hop = &fl->fl6_dst; 1661da177e4SLinus Torvalds struct dst_entry *dst = skb->dst; 1671da177e4SLinus Torvalds struct ipv6hdr *hdr; 1681da177e4SLinus Torvalds u8 proto = fl->proto; 1691da177e4SLinus Torvalds int seg_len = skb->len; 17041a1f8eaSYOSHIFUJI Hideaki int hlimit, tclass; 1711da177e4SLinus Torvalds u32 mtu; 1721da177e4SLinus Torvalds 1731da177e4SLinus Torvalds if (opt) { 1741da177e4SLinus Torvalds int head_room; 1751da177e4SLinus Torvalds 1761da177e4SLinus Torvalds /* First: exthdrs may take lots of space (~8K for now) 1771da177e4SLinus Torvalds MAX_HEADER is not enough. 1781da177e4SLinus Torvalds */ 1791da177e4SLinus Torvalds head_room = opt->opt_nflen + opt->opt_flen; 1801da177e4SLinus Torvalds seg_len += head_room; 1811da177e4SLinus Torvalds head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev); 1821da177e4SLinus Torvalds 1831da177e4SLinus Torvalds if (skb_headroom(skb) < head_room) { 1841da177e4SLinus Torvalds struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room); 1851da177e4SLinus Torvalds kfree_skb(skb); 1861da177e4SLinus Torvalds skb = skb2; 1871da177e4SLinus Torvalds if (skb == NULL) { 1881da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTDISCARDS); 1891da177e4SLinus Torvalds return -ENOBUFS; 1901da177e4SLinus Torvalds } 1911da177e4SLinus Torvalds if (sk) 1921da177e4SLinus Torvalds skb_set_owner_w(skb, sk); 1931da177e4SLinus Torvalds } 1941da177e4SLinus Torvalds if (opt->opt_flen) 1951da177e4SLinus Torvalds ipv6_push_frag_opts(skb, opt, &proto); 1961da177e4SLinus Torvalds if (opt->opt_nflen) 1971da177e4SLinus Torvalds ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop); 1981da177e4SLinus Torvalds } 1991da177e4SLinus Torvalds 2001da177e4SLinus Torvalds hdr = skb->nh.ipv6h = (struct ipv6hdr*)skb_push(skb, sizeof(struct ipv6hdr)); 2011da177e4SLinus Torvalds 2021da177e4SLinus Torvalds /* 2031da177e4SLinus Torvalds * Fill in the IPv6 header 2041da177e4SLinus Torvalds */ 2051da177e4SLinus Torvalds 2061da177e4SLinus Torvalds hlimit = -1; 2071da177e4SLinus Torvalds if (np) 2081da177e4SLinus Torvalds hlimit = np->hop_limit; 2091da177e4SLinus Torvalds if (hlimit < 0) 2101da177e4SLinus Torvalds hlimit = dst_metric(dst, RTAX_HOPLIMIT); 2111da177e4SLinus Torvalds if (hlimit < 0) 2121da177e4SLinus Torvalds hlimit = ipv6_get_hoplimit(dst->dev); 2131da177e4SLinus Torvalds 21441a1f8eaSYOSHIFUJI Hideaki tclass = -1; 21541a1f8eaSYOSHIFUJI Hideaki if (np) 21641a1f8eaSYOSHIFUJI Hideaki tclass = np->tclass; 21741a1f8eaSYOSHIFUJI Hideaki if (tclass < 0) 21841a1f8eaSYOSHIFUJI Hideaki tclass = 0; 21941a1f8eaSYOSHIFUJI Hideaki 22041a1f8eaSYOSHIFUJI Hideaki *(u32 *)hdr = htonl(0x60000000 | (tclass << 20)) | fl->fl6_flowlabel; 22141a1f8eaSYOSHIFUJI Hideaki 2221da177e4SLinus Torvalds hdr->payload_len = htons(seg_len); 2231da177e4SLinus Torvalds hdr->nexthdr = proto; 2241da177e4SLinus Torvalds hdr->hop_limit = hlimit; 2251da177e4SLinus Torvalds 2261da177e4SLinus Torvalds ipv6_addr_copy(&hdr->saddr, &fl->fl6_src); 2271da177e4SLinus Torvalds ipv6_addr_copy(&hdr->daddr, first_hop); 2281da177e4SLinus Torvalds 229a2c2064fSPatrick McHardy skb->priority = sk->sk_priority; 230a2c2064fSPatrick McHardy 2311da177e4SLinus Torvalds mtu = dst_mtu(dst); 232*89114afdSHerbert Xu if ((skb->len <= mtu) || ipfragok || skb_is_gso(skb)) { 2331da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS); 2346869c4d8SHarald Welte return NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, 2356869c4d8SHarald Welte dst_output); 2361da177e4SLinus Torvalds } 2371da177e4SLinus Torvalds 2381da177e4SLinus Torvalds if (net_ratelimit()) 2391da177e4SLinus Torvalds printk(KERN_DEBUG "IPv6: sending pkt_too_big to self\n"); 2401da177e4SLinus Torvalds skb->dev = dst->dev; 2411da177e4SLinus Torvalds icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, skb->dev); 2421da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGFAILS); 2431da177e4SLinus Torvalds kfree_skb(skb); 2441da177e4SLinus Torvalds return -EMSGSIZE; 2451da177e4SLinus Torvalds } 2461da177e4SLinus Torvalds 2471da177e4SLinus Torvalds /* 2481da177e4SLinus Torvalds * To avoid extra problems ND packets are send through this 2491da177e4SLinus Torvalds * routine. It's code duplication but I really want to avoid 2501da177e4SLinus Torvalds * extra checks since ipv6_build_header is used by TCP (which 2511da177e4SLinus Torvalds * is for us performance critical) 2521da177e4SLinus Torvalds */ 2531da177e4SLinus Torvalds 2541da177e4SLinus Torvalds int ip6_nd_hdr(struct sock *sk, struct sk_buff *skb, struct net_device *dev, 2551da177e4SLinus Torvalds struct in6_addr *saddr, struct in6_addr *daddr, 2561da177e4SLinus Torvalds int proto, int len) 2571da177e4SLinus Torvalds { 2581da177e4SLinus Torvalds struct ipv6_pinfo *np = inet6_sk(sk); 2591da177e4SLinus Torvalds struct ipv6hdr *hdr; 2601da177e4SLinus Torvalds int totlen; 2611da177e4SLinus Torvalds 2621da177e4SLinus Torvalds skb->protocol = htons(ETH_P_IPV6); 2631da177e4SLinus Torvalds skb->dev = dev; 2641da177e4SLinus Torvalds 2651da177e4SLinus Torvalds totlen = len + sizeof(struct ipv6hdr); 2661da177e4SLinus Torvalds 2671da177e4SLinus Torvalds hdr = (struct ipv6hdr *) skb_put(skb, sizeof(struct ipv6hdr)); 2681da177e4SLinus Torvalds skb->nh.ipv6h = hdr; 2691da177e4SLinus Torvalds 2701da177e4SLinus Torvalds *(u32*)hdr = htonl(0x60000000); 2711da177e4SLinus Torvalds 2721da177e4SLinus Torvalds hdr->payload_len = htons(len); 2731da177e4SLinus Torvalds hdr->nexthdr = proto; 2741da177e4SLinus Torvalds hdr->hop_limit = np->hop_limit; 2751da177e4SLinus Torvalds 2761da177e4SLinus Torvalds ipv6_addr_copy(&hdr->saddr, saddr); 2771da177e4SLinus Torvalds ipv6_addr_copy(&hdr->daddr, daddr); 2781da177e4SLinus Torvalds 2791da177e4SLinus Torvalds return 0; 2801da177e4SLinus Torvalds } 2811da177e4SLinus Torvalds 2821da177e4SLinus Torvalds static int ip6_call_ra_chain(struct sk_buff *skb, int sel) 2831da177e4SLinus Torvalds { 2841da177e4SLinus Torvalds struct ip6_ra_chain *ra; 2851da177e4SLinus Torvalds struct sock *last = NULL; 2861da177e4SLinus Torvalds 2871da177e4SLinus Torvalds read_lock(&ip6_ra_lock); 2881da177e4SLinus Torvalds for (ra = ip6_ra_chain; ra; ra = ra->next) { 2891da177e4SLinus Torvalds struct sock *sk = ra->sk; 2900bd1b59bSAndrew McDonald if (sk && ra->sel == sel && 2910bd1b59bSAndrew McDonald (!sk->sk_bound_dev_if || 2920bd1b59bSAndrew McDonald sk->sk_bound_dev_if == skb->dev->ifindex)) { 2931da177e4SLinus Torvalds if (last) { 2941da177e4SLinus Torvalds struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC); 2951da177e4SLinus Torvalds if (skb2) 2961da177e4SLinus Torvalds rawv6_rcv(last, skb2); 2971da177e4SLinus Torvalds } 2981da177e4SLinus Torvalds last = sk; 2991da177e4SLinus Torvalds } 3001da177e4SLinus Torvalds } 3011da177e4SLinus Torvalds 3021da177e4SLinus Torvalds if (last) { 3031da177e4SLinus Torvalds rawv6_rcv(last, skb); 3041da177e4SLinus Torvalds read_unlock(&ip6_ra_lock); 3051da177e4SLinus Torvalds return 1; 3061da177e4SLinus Torvalds } 3071da177e4SLinus Torvalds read_unlock(&ip6_ra_lock); 3081da177e4SLinus Torvalds return 0; 3091da177e4SLinus Torvalds } 3101da177e4SLinus Torvalds 3111da177e4SLinus Torvalds static inline int ip6_forward_finish(struct sk_buff *skb) 3121da177e4SLinus Torvalds { 3131da177e4SLinus Torvalds return dst_output(skb); 3141da177e4SLinus Torvalds } 3151da177e4SLinus Torvalds 3161da177e4SLinus Torvalds int ip6_forward(struct sk_buff *skb) 3171da177e4SLinus Torvalds { 3181da177e4SLinus Torvalds struct dst_entry *dst = skb->dst; 3191da177e4SLinus Torvalds struct ipv6hdr *hdr = skb->nh.ipv6h; 3201da177e4SLinus Torvalds struct inet6_skb_parm *opt = IP6CB(skb); 3211da177e4SLinus Torvalds 3221da177e4SLinus Torvalds if (ipv6_devconf.forwarding == 0) 3231da177e4SLinus Torvalds goto error; 3241da177e4SLinus Torvalds 3251da177e4SLinus Torvalds if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) { 3261da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_INDISCARDS); 3271da177e4SLinus Torvalds goto drop; 3281da177e4SLinus Torvalds } 3291da177e4SLinus Torvalds 3301da177e4SLinus Torvalds skb->ip_summed = CHECKSUM_NONE; 3311da177e4SLinus Torvalds 3321da177e4SLinus Torvalds /* 3331da177e4SLinus Torvalds * We DO NOT make any processing on 3341da177e4SLinus Torvalds * RA packets, pushing them to user level AS IS 3351da177e4SLinus Torvalds * without ane WARRANTY that application will be able 3361da177e4SLinus Torvalds * to interpret them. The reason is that we 3371da177e4SLinus Torvalds * cannot make anything clever here. 3381da177e4SLinus Torvalds * 3391da177e4SLinus Torvalds * We are not end-node, so that if packet contains 3401da177e4SLinus Torvalds * AH/ESP, we cannot make anything. 3411da177e4SLinus Torvalds * Defragmentation also would be mistake, RA packets 3421da177e4SLinus Torvalds * cannot be fragmented, because there is no warranty 3431da177e4SLinus Torvalds * that different fragments will go along one path. --ANK 3441da177e4SLinus Torvalds */ 3451da177e4SLinus Torvalds if (opt->ra) { 3461da177e4SLinus Torvalds u8 *ptr = skb->nh.raw + opt->ra; 3471da177e4SLinus Torvalds if (ip6_call_ra_chain(skb, (ptr[2]<<8) + ptr[3])) 3481da177e4SLinus Torvalds return 0; 3491da177e4SLinus Torvalds } 3501da177e4SLinus Torvalds 3511da177e4SLinus Torvalds /* 3521da177e4SLinus Torvalds * check and decrement ttl 3531da177e4SLinus Torvalds */ 3541da177e4SLinus Torvalds if (hdr->hop_limit <= 1) { 3551da177e4SLinus Torvalds /* Force OUTPUT device used as source address */ 3561da177e4SLinus Torvalds skb->dev = dst->dev; 3571da177e4SLinus Torvalds icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 3581da177e4SLinus Torvalds 0, skb->dev); 3591da177e4SLinus Torvalds 3601da177e4SLinus Torvalds kfree_skb(skb); 3611da177e4SLinus Torvalds return -ETIMEDOUT; 3621da177e4SLinus Torvalds } 3631da177e4SLinus Torvalds 3641da177e4SLinus Torvalds if (!xfrm6_route_forward(skb)) { 3651da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_INDISCARDS); 3661da177e4SLinus Torvalds goto drop; 3671da177e4SLinus Torvalds } 3681da177e4SLinus Torvalds dst = skb->dst; 3691da177e4SLinus Torvalds 3701da177e4SLinus Torvalds /* IPv6 specs say nothing about it, but it is clear that we cannot 3711da177e4SLinus Torvalds send redirects to source routed frames. 3721da177e4SLinus Torvalds */ 3731da177e4SLinus Torvalds if (skb->dev == dst->dev && dst->neighbour && opt->srcrt == 0) { 3741da177e4SLinus Torvalds struct in6_addr *target = NULL; 3751da177e4SLinus Torvalds struct rt6_info *rt; 3761da177e4SLinus Torvalds struct neighbour *n = dst->neighbour; 3771da177e4SLinus Torvalds 3781da177e4SLinus Torvalds /* 3791da177e4SLinus Torvalds * incoming and outgoing devices are the same 3801da177e4SLinus Torvalds * send a redirect. 3811da177e4SLinus Torvalds */ 3821da177e4SLinus Torvalds 3831da177e4SLinus Torvalds rt = (struct rt6_info *) dst; 3841da177e4SLinus Torvalds if ((rt->rt6i_flags & RTF_GATEWAY)) 3851da177e4SLinus Torvalds target = (struct in6_addr*)&n->primary_key; 3861da177e4SLinus Torvalds else 3871da177e4SLinus Torvalds target = &hdr->daddr; 3881da177e4SLinus Torvalds 3891da177e4SLinus Torvalds /* Limit redirects both by destination (here) 3901da177e4SLinus Torvalds and by source (inside ndisc_send_redirect) 3911da177e4SLinus Torvalds */ 3921da177e4SLinus Torvalds if (xrlim_allow(dst, 1*HZ)) 3931da177e4SLinus Torvalds ndisc_send_redirect(skb, n, target); 3941da177e4SLinus Torvalds } else if (ipv6_addr_type(&hdr->saddr)&(IPV6_ADDR_MULTICAST|IPV6_ADDR_LOOPBACK 3951da177e4SLinus Torvalds |IPV6_ADDR_LINKLOCAL)) { 3961da177e4SLinus Torvalds /* This check is security critical. */ 3971da177e4SLinus Torvalds goto error; 3981da177e4SLinus Torvalds } 3991da177e4SLinus Torvalds 4001da177e4SLinus Torvalds if (skb->len > dst_mtu(dst)) { 4011da177e4SLinus Torvalds /* Again, force OUTPUT device used as source address */ 4021da177e4SLinus Torvalds skb->dev = dst->dev; 4031da177e4SLinus Torvalds icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, dst_mtu(dst), skb->dev); 4041da177e4SLinus Torvalds IP6_INC_STATS_BH(IPSTATS_MIB_INTOOBIGERRORS); 4051da177e4SLinus Torvalds IP6_INC_STATS_BH(IPSTATS_MIB_FRAGFAILS); 4061da177e4SLinus Torvalds kfree_skb(skb); 4071da177e4SLinus Torvalds return -EMSGSIZE; 4081da177e4SLinus Torvalds } 4091da177e4SLinus Torvalds 4101da177e4SLinus Torvalds if (skb_cow(skb, dst->dev->hard_header_len)) { 4111da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTDISCARDS); 4121da177e4SLinus Torvalds goto drop; 4131da177e4SLinus Torvalds } 4141da177e4SLinus Torvalds 4151da177e4SLinus Torvalds hdr = skb->nh.ipv6h; 4161da177e4SLinus Torvalds 4171da177e4SLinus Torvalds /* Mangling hops number delayed to point after skb COW */ 4181da177e4SLinus Torvalds 4191da177e4SLinus Torvalds hdr->hop_limit--; 4201da177e4SLinus Torvalds 4211da177e4SLinus Torvalds IP6_INC_STATS_BH(IPSTATS_MIB_OUTFORWDATAGRAMS); 4221da177e4SLinus Torvalds return NF_HOOK(PF_INET6,NF_IP6_FORWARD, skb, skb->dev, dst->dev, ip6_forward_finish); 4231da177e4SLinus Torvalds 4241da177e4SLinus Torvalds error: 4251da177e4SLinus Torvalds IP6_INC_STATS_BH(IPSTATS_MIB_INADDRERRORS); 4261da177e4SLinus Torvalds drop: 4271da177e4SLinus Torvalds kfree_skb(skb); 4281da177e4SLinus Torvalds return -EINVAL; 4291da177e4SLinus Torvalds } 4301da177e4SLinus Torvalds 4311da177e4SLinus Torvalds static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from) 4321da177e4SLinus Torvalds { 4331da177e4SLinus Torvalds to->pkt_type = from->pkt_type; 4341da177e4SLinus Torvalds to->priority = from->priority; 4351da177e4SLinus Torvalds to->protocol = from->protocol; 4361da177e4SLinus Torvalds dst_release(to->dst); 4371da177e4SLinus Torvalds to->dst = dst_clone(from->dst); 4381da177e4SLinus Torvalds to->dev = from->dev; 4391da177e4SLinus Torvalds 4401da177e4SLinus Torvalds #ifdef CONFIG_NET_SCHED 4411da177e4SLinus Torvalds to->tc_index = from->tc_index; 4421da177e4SLinus Torvalds #endif 4431da177e4SLinus Torvalds #ifdef CONFIG_NETFILTER 4441da177e4SLinus Torvalds to->nfmark = from->nfmark; 4451da177e4SLinus Torvalds /* Connection association is same as pre-frag packet */ 4469fb9cbb1SYasuyuki Kozakai nf_conntrack_put(to->nfct); 4471da177e4SLinus Torvalds to->nfct = from->nfct; 4481da177e4SLinus Torvalds nf_conntrack_get(to->nfct); 4491da177e4SLinus Torvalds to->nfctinfo = from->nfctinfo; 4509fb9cbb1SYasuyuki Kozakai #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 4519fb9cbb1SYasuyuki Kozakai nf_conntrack_put_reasm(to->nfct_reasm); 4529fb9cbb1SYasuyuki Kozakai to->nfct_reasm = from->nfct_reasm; 4539fb9cbb1SYasuyuki Kozakai nf_conntrack_get_reasm(to->nfct_reasm); 4549fb9cbb1SYasuyuki Kozakai #endif 4551da177e4SLinus Torvalds #ifdef CONFIG_BRIDGE_NETFILTER 4561da177e4SLinus Torvalds nf_bridge_put(to->nf_bridge); 4571da177e4SLinus Torvalds to->nf_bridge = from->nf_bridge; 4581da177e4SLinus Torvalds nf_bridge_get(to->nf_bridge); 4591da177e4SLinus Torvalds #endif 4601da177e4SLinus Torvalds #endif 461984bc16cSJames Morris skb_copy_secmark(to, from); 4621da177e4SLinus Torvalds } 4631da177e4SLinus Torvalds 4641da177e4SLinus Torvalds int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr) 4651da177e4SLinus Torvalds { 4661da177e4SLinus Torvalds u16 offset = sizeof(struct ipv6hdr); 4671da177e4SLinus Torvalds struct ipv6_opt_hdr *exthdr = (struct ipv6_opt_hdr*)(skb->nh.ipv6h + 1); 4681da177e4SLinus Torvalds unsigned int packet_len = skb->tail - skb->nh.raw; 4691da177e4SLinus Torvalds int found_rhdr = 0; 4701da177e4SLinus Torvalds *nexthdr = &skb->nh.ipv6h->nexthdr; 4711da177e4SLinus Torvalds 4721da177e4SLinus Torvalds while (offset + 1 <= packet_len) { 4731da177e4SLinus Torvalds 4741da177e4SLinus Torvalds switch (**nexthdr) { 4751da177e4SLinus Torvalds 4761da177e4SLinus Torvalds case NEXTHDR_HOP: 4771da177e4SLinus Torvalds case NEXTHDR_ROUTING: 4781da177e4SLinus Torvalds case NEXTHDR_DEST: 4791da177e4SLinus Torvalds if (**nexthdr == NEXTHDR_ROUTING) found_rhdr = 1; 4801da177e4SLinus Torvalds if (**nexthdr == NEXTHDR_DEST && found_rhdr) return offset; 4811da177e4SLinus Torvalds offset += ipv6_optlen(exthdr); 4821da177e4SLinus Torvalds *nexthdr = &exthdr->nexthdr; 4831da177e4SLinus Torvalds exthdr = (struct ipv6_opt_hdr*)(skb->nh.raw + offset); 4841da177e4SLinus Torvalds break; 4851da177e4SLinus Torvalds default : 4861da177e4SLinus Torvalds return offset; 4871da177e4SLinus Torvalds } 4881da177e4SLinus Torvalds } 4891da177e4SLinus Torvalds 4901da177e4SLinus Torvalds return offset; 4911da177e4SLinus Torvalds } 492b59f45d0SHerbert Xu EXPORT_SYMBOL_GPL(ip6_find_1stfragopt); 4931da177e4SLinus Torvalds 4941da177e4SLinus Torvalds static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) 4951da177e4SLinus Torvalds { 4961da177e4SLinus Torvalds struct net_device *dev; 4971da177e4SLinus Torvalds struct sk_buff *frag; 4981da177e4SLinus Torvalds struct rt6_info *rt = (struct rt6_info*)skb->dst; 499d91675f9SYOSHIFUJI Hideaki struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL; 5001da177e4SLinus Torvalds struct ipv6hdr *tmp_hdr; 5011da177e4SLinus Torvalds struct frag_hdr *fh; 5021da177e4SLinus Torvalds unsigned int mtu, hlen, left, len; 5031da177e4SLinus Torvalds u32 frag_id = 0; 5041da177e4SLinus Torvalds int ptr, offset = 0, err=0; 5051da177e4SLinus Torvalds u8 *prevhdr, nexthdr = 0; 5061da177e4SLinus Torvalds 5071da177e4SLinus Torvalds dev = rt->u.dst.dev; 5081da177e4SLinus Torvalds hlen = ip6_find_1stfragopt(skb, &prevhdr); 5091da177e4SLinus Torvalds nexthdr = *prevhdr; 5101da177e4SLinus Torvalds 511d91675f9SYOSHIFUJI Hideaki mtu = dst_mtu(&rt->u.dst); 512d91675f9SYOSHIFUJI Hideaki if (np && np->frag_size < mtu) { 513d91675f9SYOSHIFUJI Hideaki if (np->frag_size) 514d91675f9SYOSHIFUJI Hideaki mtu = np->frag_size; 515d91675f9SYOSHIFUJI Hideaki } 516d91675f9SYOSHIFUJI Hideaki mtu -= hlen + sizeof(struct frag_hdr); 5171da177e4SLinus Torvalds 5181da177e4SLinus Torvalds if (skb_shinfo(skb)->frag_list) { 5191da177e4SLinus Torvalds int first_len = skb_pagelen(skb); 5201da177e4SLinus Torvalds 5211da177e4SLinus Torvalds if (first_len - hlen > mtu || 5221da177e4SLinus Torvalds ((first_len - hlen) & 7) || 5231da177e4SLinus Torvalds skb_cloned(skb)) 5241da177e4SLinus Torvalds goto slow_path; 5251da177e4SLinus Torvalds 5261da177e4SLinus Torvalds for (frag = skb_shinfo(skb)->frag_list; frag; frag = frag->next) { 5271da177e4SLinus Torvalds /* Correct geometry. */ 5281da177e4SLinus Torvalds if (frag->len > mtu || 5291da177e4SLinus Torvalds ((frag->len & 7) && frag->next) || 5301da177e4SLinus Torvalds skb_headroom(frag) < hlen) 5311da177e4SLinus Torvalds goto slow_path; 5321da177e4SLinus Torvalds 5331da177e4SLinus Torvalds /* Partially cloned skb? */ 5341da177e4SLinus Torvalds if (skb_shared(frag)) 5351da177e4SLinus Torvalds goto slow_path; 5362fdba6b0SHerbert Xu 5372fdba6b0SHerbert Xu BUG_ON(frag->sk); 5382fdba6b0SHerbert Xu if (skb->sk) { 5392fdba6b0SHerbert Xu sock_hold(skb->sk); 5402fdba6b0SHerbert Xu frag->sk = skb->sk; 5412fdba6b0SHerbert Xu frag->destructor = sock_wfree; 5422fdba6b0SHerbert Xu skb->truesize -= frag->truesize; 5432fdba6b0SHerbert Xu } 5441da177e4SLinus Torvalds } 5451da177e4SLinus Torvalds 5461da177e4SLinus Torvalds err = 0; 5471da177e4SLinus Torvalds offset = 0; 5481da177e4SLinus Torvalds frag = skb_shinfo(skb)->frag_list; 5491da177e4SLinus Torvalds skb_shinfo(skb)->frag_list = NULL; 5501da177e4SLinus Torvalds /* BUILD HEADER */ 5511da177e4SLinus Torvalds 5521da177e4SLinus Torvalds tmp_hdr = kmalloc(hlen, GFP_ATOMIC); 5531da177e4SLinus Torvalds if (!tmp_hdr) { 5541da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGFAILS); 5551da177e4SLinus Torvalds return -ENOMEM; 5561da177e4SLinus Torvalds } 5571da177e4SLinus Torvalds 5581da177e4SLinus Torvalds *prevhdr = NEXTHDR_FRAGMENT; 5591da177e4SLinus Torvalds memcpy(tmp_hdr, skb->nh.raw, hlen); 5601da177e4SLinus Torvalds __skb_pull(skb, hlen); 5611da177e4SLinus Torvalds fh = (struct frag_hdr*)__skb_push(skb, sizeof(struct frag_hdr)); 5621da177e4SLinus Torvalds skb->nh.raw = __skb_push(skb, hlen); 5631da177e4SLinus Torvalds memcpy(skb->nh.raw, tmp_hdr, hlen); 5641da177e4SLinus Torvalds 5651da177e4SLinus Torvalds ipv6_select_ident(skb, fh); 5661da177e4SLinus Torvalds fh->nexthdr = nexthdr; 5671da177e4SLinus Torvalds fh->reserved = 0; 5681da177e4SLinus Torvalds fh->frag_off = htons(IP6_MF); 5691da177e4SLinus Torvalds frag_id = fh->identification; 5701da177e4SLinus Torvalds 5711da177e4SLinus Torvalds first_len = skb_pagelen(skb); 5721da177e4SLinus Torvalds skb->data_len = first_len - skb_headlen(skb); 5731da177e4SLinus Torvalds skb->len = first_len; 5741da177e4SLinus Torvalds skb->nh.ipv6h->payload_len = htons(first_len - sizeof(struct ipv6hdr)); 5751da177e4SLinus Torvalds 5761da177e4SLinus Torvalds 5771da177e4SLinus Torvalds for (;;) { 5781da177e4SLinus Torvalds /* Prepare header of the next frame, 5791da177e4SLinus Torvalds * before previous one went down. */ 5801da177e4SLinus Torvalds if (frag) { 5811da177e4SLinus Torvalds frag->ip_summed = CHECKSUM_NONE; 5821da177e4SLinus Torvalds frag->h.raw = frag->data; 5831da177e4SLinus Torvalds fh = (struct frag_hdr*)__skb_push(frag, sizeof(struct frag_hdr)); 5841da177e4SLinus Torvalds frag->nh.raw = __skb_push(frag, hlen); 5851da177e4SLinus Torvalds memcpy(frag->nh.raw, tmp_hdr, hlen); 5861da177e4SLinus Torvalds offset += skb->len - hlen - sizeof(struct frag_hdr); 5871da177e4SLinus Torvalds fh->nexthdr = nexthdr; 5881da177e4SLinus Torvalds fh->reserved = 0; 5891da177e4SLinus Torvalds fh->frag_off = htons(offset); 5901da177e4SLinus Torvalds if (frag->next != NULL) 5911da177e4SLinus Torvalds fh->frag_off |= htons(IP6_MF); 5921da177e4SLinus Torvalds fh->identification = frag_id; 5931da177e4SLinus Torvalds frag->nh.ipv6h->payload_len = htons(frag->len - sizeof(struct ipv6hdr)); 5941da177e4SLinus Torvalds ip6_copy_metadata(frag, skb); 5951da177e4SLinus Torvalds } 5961da177e4SLinus Torvalds 5971da177e4SLinus Torvalds err = output(skb); 5981da177e4SLinus Torvalds if (err || !frag) 5991da177e4SLinus Torvalds break; 6001da177e4SLinus Torvalds 6011da177e4SLinus Torvalds skb = frag; 6021da177e4SLinus Torvalds frag = skb->next; 6031da177e4SLinus Torvalds skb->next = NULL; 6041da177e4SLinus Torvalds } 6051da177e4SLinus Torvalds 6061da177e4SLinus Torvalds kfree(tmp_hdr); 6071da177e4SLinus Torvalds 6081da177e4SLinus Torvalds if (err == 0) { 6091da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGOKS); 6101da177e4SLinus Torvalds return 0; 6111da177e4SLinus Torvalds } 6121da177e4SLinus Torvalds 6131da177e4SLinus Torvalds while (frag) { 6141da177e4SLinus Torvalds skb = frag->next; 6151da177e4SLinus Torvalds kfree_skb(frag); 6161da177e4SLinus Torvalds frag = skb; 6171da177e4SLinus Torvalds } 6181da177e4SLinus Torvalds 6191da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGFAILS); 6201da177e4SLinus Torvalds return err; 6211da177e4SLinus Torvalds } 6221da177e4SLinus Torvalds 6231da177e4SLinus Torvalds slow_path: 6241da177e4SLinus Torvalds left = skb->len - hlen; /* Space per frame */ 6251da177e4SLinus Torvalds ptr = hlen; /* Where to start from */ 6261da177e4SLinus Torvalds 6271da177e4SLinus Torvalds /* 6281da177e4SLinus Torvalds * Fragment the datagram. 6291da177e4SLinus Torvalds */ 6301da177e4SLinus Torvalds 6311da177e4SLinus Torvalds *prevhdr = NEXTHDR_FRAGMENT; 6321da177e4SLinus Torvalds 6331da177e4SLinus Torvalds /* 6341da177e4SLinus Torvalds * Keep copying data until we run out. 6351da177e4SLinus Torvalds */ 6361da177e4SLinus Torvalds while(left > 0) { 6371da177e4SLinus Torvalds len = left; 6381da177e4SLinus Torvalds /* IF: it doesn't fit, use 'mtu' - the data space left */ 6391da177e4SLinus Torvalds if (len > mtu) 6401da177e4SLinus Torvalds len = mtu; 6411da177e4SLinus Torvalds /* IF: we are not sending upto and including the packet end 6421da177e4SLinus Torvalds then align the next start on an eight byte boundary */ 6431da177e4SLinus Torvalds if (len < left) { 6441da177e4SLinus Torvalds len &= ~7; 6451da177e4SLinus Torvalds } 6461da177e4SLinus Torvalds /* 6471da177e4SLinus Torvalds * Allocate buffer. 6481da177e4SLinus Torvalds */ 6491da177e4SLinus Torvalds 6501da177e4SLinus Torvalds if ((frag = alloc_skb(len+hlen+sizeof(struct frag_hdr)+LL_RESERVED_SPACE(rt->u.dst.dev), GFP_ATOMIC)) == NULL) { 65164ce2073SPatrick McHardy NETDEBUG(KERN_INFO "IPv6: frag: no memory for new fragment!\n"); 6521da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGFAILS); 6531da177e4SLinus Torvalds err = -ENOMEM; 6541da177e4SLinus Torvalds goto fail; 6551da177e4SLinus Torvalds } 6561da177e4SLinus Torvalds 6571da177e4SLinus Torvalds /* 6581da177e4SLinus Torvalds * Set up data on packet 6591da177e4SLinus Torvalds */ 6601da177e4SLinus Torvalds 6611da177e4SLinus Torvalds ip6_copy_metadata(frag, skb); 6621da177e4SLinus Torvalds skb_reserve(frag, LL_RESERVED_SPACE(rt->u.dst.dev)); 6631da177e4SLinus Torvalds skb_put(frag, len + hlen + sizeof(struct frag_hdr)); 6641da177e4SLinus Torvalds frag->nh.raw = frag->data; 6651da177e4SLinus Torvalds fh = (struct frag_hdr*)(frag->data + hlen); 6661da177e4SLinus Torvalds frag->h.raw = frag->data + hlen + sizeof(struct frag_hdr); 6671da177e4SLinus Torvalds 6681da177e4SLinus Torvalds /* 6691da177e4SLinus Torvalds * Charge the memory for the fragment to any owner 6701da177e4SLinus Torvalds * it might possess 6711da177e4SLinus Torvalds */ 6721da177e4SLinus Torvalds if (skb->sk) 6731da177e4SLinus Torvalds skb_set_owner_w(frag, skb->sk); 6741da177e4SLinus Torvalds 6751da177e4SLinus Torvalds /* 6761da177e4SLinus Torvalds * Copy the packet header into the new buffer. 6771da177e4SLinus Torvalds */ 6781da177e4SLinus Torvalds memcpy(frag->nh.raw, skb->data, hlen); 6791da177e4SLinus Torvalds 6801da177e4SLinus Torvalds /* 6811da177e4SLinus Torvalds * Build fragment header. 6821da177e4SLinus Torvalds */ 6831da177e4SLinus Torvalds fh->nexthdr = nexthdr; 6841da177e4SLinus Torvalds fh->reserved = 0; 685f36d6ab1SYan Zheng if (!frag_id) { 6861da177e4SLinus Torvalds ipv6_select_ident(skb, fh); 6871da177e4SLinus Torvalds frag_id = fh->identification; 6881da177e4SLinus Torvalds } else 6891da177e4SLinus Torvalds fh->identification = frag_id; 6901da177e4SLinus Torvalds 6911da177e4SLinus Torvalds /* 6921da177e4SLinus Torvalds * Copy a block of the IP datagram. 6931da177e4SLinus Torvalds */ 6941da177e4SLinus Torvalds if (skb_copy_bits(skb, ptr, frag->h.raw, len)) 6951da177e4SLinus Torvalds BUG(); 6961da177e4SLinus Torvalds left -= len; 6971da177e4SLinus Torvalds 6981da177e4SLinus Torvalds fh->frag_off = htons(offset); 6991da177e4SLinus Torvalds if (left > 0) 7001da177e4SLinus Torvalds fh->frag_off |= htons(IP6_MF); 7011da177e4SLinus Torvalds frag->nh.ipv6h->payload_len = htons(frag->len - sizeof(struct ipv6hdr)); 7021da177e4SLinus Torvalds 7031da177e4SLinus Torvalds ptr += len; 7041da177e4SLinus Torvalds offset += len; 7051da177e4SLinus Torvalds 7061da177e4SLinus Torvalds /* 7071da177e4SLinus Torvalds * Put this fragment into the sending queue. 7081da177e4SLinus Torvalds */ 7091da177e4SLinus Torvalds 7101da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGCREATES); 7111da177e4SLinus Torvalds 7121da177e4SLinus Torvalds err = output(frag); 7131da177e4SLinus Torvalds if (err) 7141da177e4SLinus Torvalds goto fail; 7151da177e4SLinus Torvalds } 7161da177e4SLinus Torvalds kfree_skb(skb); 7171da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGOKS); 7181da177e4SLinus Torvalds return err; 7191da177e4SLinus Torvalds 7201da177e4SLinus Torvalds fail: 7211da177e4SLinus Torvalds kfree_skb(skb); 7221da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGFAILS); 7231da177e4SLinus Torvalds return err; 7241da177e4SLinus Torvalds } 7251da177e4SLinus Torvalds 7261da177e4SLinus Torvalds int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl) 7271da177e4SLinus Torvalds { 7281da177e4SLinus Torvalds int err = 0; 7291da177e4SLinus Torvalds 7301da177e4SLinus Torvalds *dst = NULL; 7311da177e4SLinus Torvalds if (sk) { 7321da177e4SLinus Torvalds struct ipv6_pinfo *np = inet6_sk(sk); 7331da177e4SLinus Torvalds 7341da177e4SLinus Torvalds *dst = sk_dst_check(sk, np->dst_cookie); 7351da177e4SLinus Torvalds if (*dst) { 7361da177e4SLinus Torvalds struct rt6_info *rt = (struct rt6_info*)*dst; 7371da177e4SLinus Torvalds 7381da177e4SLinus Torvalds /* Yes, checking route validity in not connected 739d76e60a5SDavid S. Miller * case is not very simple. Take into account, 740d76e60a5SDavid S. Miller * that we do not support routing by source, TOS, 741d76e60a5SDavid S. Miller * and MSG_DONTROUTE --ANK (980726) 742d76e60a5SDavid S. Miller * 743d76e60a5SDavid S. Miller * 1. If route was host route, check that 744d76e60a5SDavid S. Miller * cached destination is current. 745d76e60a5SDavid S. Miller * If it is network route, we still may 746d76e60a5SDavid S. Miller * check its validity using saved pointer 747d76e60a5SDavid S. Miller * to the last used address: daddr_cache. 748d76e60a5SDavid S. Miller * We do not want to save whole address now, 749d76e60a5SDavid S. Miller * (because main consumer of this service 750d76e60a5SDavid S. Miller * is tcp, which has not this problem), 751d76e60a5SDavid S. Miller * so that the last trick works only on connected 752d76e60a5SDavid S. Miller * sockets. 753d76e60a5SDavid S. Miller * 2. oif also should be the same. 7541da177e4SLinus Torvalds */ 7551da177e4SLinus Torvalds if (((rt->rt6i_dst.plen != 128 || 756d76e60a5SDavid S. Miller !ipv6_addr_equal(&fl->fl6_dst, 757d76e60a5SDavid S. Miller &rt->rt6i_dst.addr)) 7581da177e4SLinus Torvalds && (np->daddr_cache == NULL || 759d76e60a5SDavid S. Miller !ipv6_addr_equal(&fl->fl6_dst, 760d76e60a5SDavid S. Miller np->daddr_cache))) 7611da177e4SLinus Torvalds || (fl->oif && fl->oif != (*dst)->dev->ifindex)) { 7621da177e4SLinus Torvalds dst_release(*dst); 7631da177e4SLinus Torvalds *dst = NULL; 7641da177e4SLinus Torvalds } 7651da177e4SLinus Torvalds } 7661da177e4SLinus Torvalds } 7671da177e4SLinus Torvalds 7681da177e4SLinus Torvalds if (*dst == NULL) 7691da177e4SLinus Torvalds *dst = ip6_route_output(sk, fl); 7701da177e4SLinus Torvalds 7711da177e4SLinus Torvalds if ((err = (*dst)->error)) 7721da177e4SLinus Torvalds goto out_err_release; 7731da177e4SLinus Torvalds 7741da177e4SLinus Torvalds if (ipv6_addr_any(&fl->fl6_src)) { 7751da177e4SLinus Torvalds err = ipv6_get_saddr(*dst, &fl->fl6_dst, &fl->fl6_src); 7761da177e4SLinus Torvalds 77744456d37SOlaf Hering if (err) 7781da177e4SLinus Torvalds goto out_err_release; 7791da177e4SLinus Torvalds } 7801da177e4SLinus Torvalds 7811da177e4SLinus Torvalds return 0; 7821da177e4SLinus Torvalds 7831da177e4SLinus Torvalds out_err_release: 7841da177e4SLinus Torvalds dst_release(*dst); 7851da177e4SLinus Torvalds *dst = NULL; 7861da177e4SLinus Torvalds return err; 7871da177e4SLinus Torvalds } 78834a0b3cdSAdrian Bunk 7893cf3dc6cSArnaldo Carvalho de Melo EXPORT_SYMBOL_GPL(ip6_dst_lookup); 7903cf3dc6cSArnaldo Carvalho de Melo 79134a0b3cdSAdrian Bunk static inline int ip6_ufo_append_data(struct sock *sk, 792e89e9cf5SAnanda Raju int getfrag(void *from, char *to, int offset, int len, 793e89e9cf5SAnanda Raju int odd, struct sk_buff *skb), 794e89e9cf5SAnanda Raju void *from, int length, int hh_len, int fragheaderlen, 795e89e9cf5SAnanda Raju int transhdrlen, int mtu,unsigned int flags) 796e89e9cf5SAnanda Raju 797e89e9cf5SAnanda Raju { 798e89e9cf5SAnanda Raju struct sk_buff *skb; 799e89e9cf5SAnanda Raju int err; 800e89e9cf5SAnanda Raju 801e89e9cf5SAnanda Raju /* There is support for UDP large send offload by network 802e89e9cf5SAnanda Raju * device, so create one single skb packet containing complete 803e89e9cf5SAnanda Raju * udp datagram 804e89e9cf5SAnanda Raju */ 805e89e9cf5SAnanda Raju if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) { 806e89e9cf5SAnanda Raju skb = sock_alloc_send_skb(sk, 807e89e9cf5SAnanda Raju hh_len + fragheaderlen + transhdrlen + 20, 808e89e9cf5SAnanda Raju (flags & MSG_DONTWAIT), &err); 809e89e9cf5SAnanda Raju if (skb == NULL) 810e89e9cf5SAnanda Raju return -ENOMEM; 811e89e9cf5SAnanda Raju 812e89e9cf5SAnanda Raju /* reserve space for Hardware header */ 813e89e9cf5SAnanda Raju skb_reserve(skb, hh_len); 814e89e9cf5SAnanda Raju 815e89e9cf5SAnanda Raju /* create space for UDP/IP header */ 816e89e9cf5SAnanda Raju skb_put(skb,fragheaderlen + transhdrlen); 817e89e9cf5SAnanda Raju 818e89e9cf5SAnanda Raju /* initialize network header pointer */ 819e89e9cf5SAnanda Raju skb->nh.raw = skb->data; 820e89e9cf5SAnanda Raju 821e89e9cf5SAnanda Raju /* initialize protocol header pointer */ 822e89e9cf5SAnanda Raju skb->h.raw = skb->data + fragheaderlen; 823e89e9cf5SAnanda Raju 824e89e9cf5SAnanda Raju skb->ip_summed = CHECKSUM_HW; 825e89e9cf5SAnanda Raju skb->csum = 0; 826e89e9cf5SAnanda Raju sk->sk_sndmsg_off = 0; 827e89e9cf5SAnanda Raju } 828e89e9cf5SAnanda Raju 829e89e9cf5SAnanda Raju err = skb_append_datato_frags(sk,skb, getfrag, from, 830e89e9cf5SAnanda Raju (length - transhdrlen)); 831e89e9cf5SAnanda Raju if (!err) { 832e89e9cf5SAnanda Raju struct frag_hdr fhdr; 833e89e9cf5SAnanda Raju 834e89e9cf5SAnanda Raju /* specify the length of each IP datagram fragment*/ 8357967168cSHerbert Xu skb_shinfo(skb)->gso_size = mtu - fragheaderlen - 836e89e9cf5SAnanda Raju sizeof(struct frag_hdr); 837f83ef8c0SHerbert Xu skb_shinfo(skb)->gso_type = SKB_GSO_UDP; 838e89e9cf5SAnanda Raju ipv6_select_ident(skb, &fhdr); 839e89e9cf5SAnanda Raju skb_shinfo(skb)->ip6_frag_id = fhdr.identification; 840e89e9cf5SAnanda Raju __skb_queue_tail(&sk->sk_write_queue, skb); 841e89e9cf5SAnanda Raju 842e89e9cf5SAnanda Raju return 0; 843e89e9cf5SAnanda Raju } 844e89e9cf5SAnanda Raju /* There is not enough support do UPD LSO, 845e89e9cf5SAnanda Raju * so follow normal path 846e89e9cf5SAnanda Raju */ 847e89e9cf5SAnanda Raju kfree_skb(skb); 848e89e9cf5SAnanda Raju 849e89e9cf5SAnanda Raju return err; 850e89e9cf5SAnanda Raju } 8511da177e4SLinus Torvalds 85241a1f8eaSYOSHIFUJI Hideaki int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, 85341a1f8eaSYOSHIFUJI Hideaki int offset, int len, int odd, struct sk_buff *skb), 8541da177e4SLinus Torvalds void *from, int length, int transhdrlen, 85541a1f8eaSYOSHIFUJI Hideaki int hlimit, int tclass, struct ipv6_txoptions *opt, struct flowi *fl, 85641a1f8eaSYOSHIFUJI Hideaki struct rt6_info *rt, unsigned int flags) 8571da177e4SLinus Torvalds { 8581da177e4SLinus Torvalds struct inet_sock *inet = inet_sk(sk); 8591da177e4SLinus Torvalds struct ipv6_pinfo *np = inet6_sk(sk); 8601da177e4SLinus Torvalds struct sk_buff *skb; 8611da177e4SLinus Torvalds unsigned int maxfraglen, fragheaderlen; 8621da177e4SLinus Torvalds int exthdrlen; 8631da177e4SLinus Torvalds int hh_len; 8641da177e4SLinus Torvalds int mtu; 8651da177e4SLinus Torvalds int copy; 8661da177e4SLinus Torvalds int err; 8671da177e4SLinus Torvalds int offset = 0; 8681da177e4SLinus Torvalds int csummode = CHECKSUM_NONE; 8691da177e4SLinus Torvalds 8701da177e4SLinus Torvalds if (flags&MSG_PROBE) 8711da177e4SLinus Torvalds return 0; 8721da177e4SLinus Torvalds if (skb_queue_empty(&sk->sk_write_queue)) { 8731da177e4SLinus Torvalds /* 8741da177e4SLinus Torvalds * setup for corking 8751da177e4SLinus Torvalds */ 8761da177e4SLinus Torvalds if (opt) { 8771da177e4SLinus Torvalds if (np->cork.opt == NULL) { 8781da177e4SLinus Torvalds np->cork.opt = kmalloc(opt->tot_len, 8791da177e4SLinus Torvalds sk->sk_allocation); 8801da177e4SLinus Torvalds if (unlikely(np->cork.opt == NULL)) 8811da177e4SLinus Torvalds return -ENOBUFS; 8821da177e4SLinus Torvalds } else if (np->cork.opt->tot_len < opt->tot_len) { 8831da177e4SLinus Torvalds printk(KERN_DEBUG "ip6_append_data: invalid option length\n"); 8841da177e4SLinus Torvalds return -EINVAL; 8851da177e4SLinus Torvalds } 8861da177e4SLinus Torvalds memcpy(np->cork.opt, opt, opt->tot_len); 8871da177e4SLinus Torvalds inet->cork.flags |= IPCORK_OPT; 8881da177e4SLinus Torvalds /* need source address above miyazawa*/ 8891da177e4SLinus Torvalds } 8901da177e4SLinus Torvalds dst_hold(&rt->u.dst); 8911da177e4SLinus Torvalds np->cork.rt = rt; 8921da177e4SLinus Torvalds inet->cork.fl = *fl; 8931da177e4SLinus Torvalds np->cork.hop_limit = hlimit; 89441a1f8eaSYOSHIFUJI Hideaki np->cork.tclass = tclass; 895d91675f9SYOSHIFUJI Hideaki mtu = dst_mtu(rt->u.dst.path); 896c7503609SDave Jones if (np->frag_size < mtu) { 897d91675f9SYOSHIFUJI Hideaki if (np->frag_size) 898d91675f9SYOSHIFUJI Hideaki mtu = np->frag_size; 899d91675f9SYOSHIFUJI Hideaki } 900d91675f9SYOSHIFUJI Hideaki inet->cork.fragsize = mtu; 9011da177e4SLinus Torvalds if (dst_allfrag(rt->u.dst.path)) 9021da177e4SLinus Torvalds inet->cork.flags |= IPCORK_ALLFRAG; 9031da177e4SLinus Torvalds inet->cork.length = 0; 9041da177e4SLinus Torvalds sk->sk_sndmsg_page = NULL; 9051da177e4SLinus Torvalds sk->sk_sndmsg_off = 0; 9061da177e4SLinus Torvalds exthdrlen = rt->u.dst.header_len + (opt ? opt->opt_flen : 0); 9071da177e4SLinus Torvalds length += exthdrlen; 9081da177e4SLinus Torvalds transhdrlen += exthdrlen; 9091da177e4SLinus Torvalds } else { 9101da177e4SLinus Torvalds rt = np->cork.rt; 9111da177e4SLinus Torvalds fl = &inet->cork.fl; 9121da177e4SLinus Torvalds if (inet->cork.flags & IPCORK_OPT) 9131da177e4SLinus Torvalds opt = np->cork.opt; 9141da177e4SLinus Torvalds transhdrlen = 0; 9151da177e4SLinus Torvalds exthdrlen = 0; 9161da177e4SLinus Torvalds mtu = inet->cork.fragsize; 9171da177e4SLinus Torvalds } 9181da177e4SLinus Torvalds 9191da177e4SLinus Torvalds hh_len = LL_RESERVED_SPACE(rt->u.dst.dev); 9201da177e4SLinus Torvalds 9211da177e4SLinus Torvalds fragheaderlen = sizeof(struct ipv6hdr) + (opt ? opt->opt_nflen : 0); 9221da177e4SLinus Torvalds maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr); 9231da177e4SLinus Torvalds 9241da177e4SLinus Torvalds if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) { 9251da177e4SLinus Torvalds if (inet->cork.length + length > sizeof(struct ipv6hdr) + IPV6_MAXPLEN - fragheaderlen) { 9261da177e4SLinus Torvalds ipv6_local_error(sk, EMSGSIZE, fl, mtu-exthdrlen); 9271da177e4SLinus Torvalds return -EMSGSIZE; 9281da177e4SLinus Torvalds } 9291da177e4SLinus Torvalds } 9301da177e4SLinus Torvalds 9311da177e4SLinus Torvalds /* 9321da177e4SLinus Torvalds * Let's try using as much space as possible. 9331da177e4SLinus Torvalds * Use MTU if total length of the message fits into the MTU. 9341da177e4SLinus Torvalds * Otherwise, we need to reserve fragment header and 9351da177e4SLinus Torvalds * fragment alignment (= 8-15 octects, in total). 9361da177e4SLinus Torvalds * 9371da177e4SLinus Torvalds * Note that we may need to "move" the data from the tail of 9381da177e4SLinus Torvalds * of the buffer to the new fragment when we split 9391da177e4SLinus Torvalds * the message. 9401da177e4SLinus Torvalds * 9411da177e4SLinus Torvalds * FIXME: It may be fragmented into multiple chunks 9421da177e4SLinus Torvalds * at once if non-fragmentable extension headers 9431da177e4SLinus Torvalds * are too large. 9441da177e4SLinus Torvalds * --yoshfuji 9451da177e4SLinus Torvalds */ 9461da177e4SLinus Torvalds 9471da177e4SLinus Torvalds inet->cork.length += length; 948e89e9cf5SAnanda Raju if (((length > mtu) && (sk->sk_protocol == IPPROTO_UDP)) && 949e89e9cf5SAnanda Raju (rt->u.dst.dev->features & NETIF_F_UFO)) { 950e89e9cf5SAnanda Raju 951baa829d8SPatrick McHardy err = ip6_ufo_append_data(sk, getfrag, from, length, hh_len, 952baa829d8SPatrick McHardy fragheaderlen, transhdrlen, mtu, 953baa829d8SPatrick McHardy flags); 954baa829d8SPatrick McHardy if (err) 955e89e9cf5SAnanda Raju goto error; 956e89e9cf5SAnanda Raju return 0; 957e89e9cf5SAnanda Raju } 9581da177e4SLinus Torvalds 9591da177e4SLinus Torvalds if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) 9601da177e4SLinus Torvalds goto alloc_new_skb; 9611da177e4SLinus Torvalds 9621da177e4SLinus Torvalds while (length > 0) { 9631da177e4SLinus Torvalds /* Check if the remaining data fits into current packet. */ 9641da177e4SLinus Torvalds copy = (inet->cork.length <= mtu && !(inet->cork.flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len; 9651da177e4SLinus Torvalds if (copy < length) 9661da177e4SLinus Torvalds copy = maxfraglen - skb->len; 9671da177e4SLinus Torvalds 9681da177e4SLinus Torvalds if (copy <= 0) { 9691da177e4SLinus Torvalds char *data; 9701da177e4SLinus Torvalds unsigned int datalen; 9711da177e4SLinus Torvalds unsigned int fraglen; 9721da177e4SLinus Torvalds unsigned int fraggap; 9731da177e4SLinus Torvalds unsigned int alloclen; 9741da177e4SLinus Torvalds struct sk_buff *skb_prev; 9751da177e4SLinus Torvalds alloc_new_skb: 9761da177e4SLinus Torvalds skb_prev = skb; 9771da177e4SLinus Torvalds 9781da177e4SLinus Torvalds /* There's no room in the current skb */ 9791da177e4SLinus Torvalds if (skb_prev) 9801da177e4SLinus Torvalds fraggap = skb_prev->len - maxfraglen; 9811da177e4SLinus Torvalds else 9821da177e4SLinus Torvalds fraggap = 0; 9831da177e4SLinus Torvalds 9841da177e4SLinus Torvalds /* 9851da177e4SLinus Torvalds * If remaining data exceeds the mtu, 9861da177e4SLinus Torvalds * we know we need more fragment(s). 9871da177e4SLinus Torvalds */ 9881da177e4SLinus Torvalds datalen = length + fraggap; 9891da177e4SLinus Torvalds if (datalen > (inet->cork.length <= mtu && !(inet->cork.flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen) 9901da177e4SLinus Torvalds datalen = maxfraglen - fragheaderlen; 9911da177e4SLinus Torvalds 9921da177e4SLinus Torvalds fraglen = datalen + fragheaderlen; 9931da177e4SLinus Torvalds if ((flags & MSG_MORE) && 9941da177e4SLinus Torvalds !(rt->u.dst.dev->features&NETIF_F_SG)) 9951da177e4SLinus Torvalds alloclen = mtu; 9961da177e4SLinus Torvalds else 9971da177e4SLinus Torvalds alloclen = datalen + fragheaderlen; 9981da177e4SLinus Torvalds 9991da177e4SLinus Torvalds /* 10001da177e4SLinus Torvalds * The last fragment gets additional space at tail. 10011da177e4SLinus Torvalds * Note: we overallocate on fragments with MSG_MODE 10021da177e4SLinus Torvalds * because we have no idea if we're the last one. 10031da177e4SLinus Torvalds */ 10041da177e4SLinus Torvalds if (datalen == length + fraggap) 10051da177e4SLinus Torvalds alloclen += rt->u.dst.trailer_len; 10061da177e4SLinus Torvalds 10071da177e4SLinus Torvalds /* 10081da177e4SLinus Torvalds * We just reserve space for fragment header. 10091da177e4SLinus Torvalds * Note: this may be overallocation if the message 10101da177e4SLinus Torvalds * (without MSG_MORE) fits into the MTU. 10111da177e4SLinus Torvalds */ 10121da177e4SLinus Torvalds alloclen += sizeof(struct frag_hdr); 10131da177e4SLinus Torvalds 10141da177e4SLinus Torvalds if (transhdrlen) { 10151da177e4SLinus Torvalds skb = sock_alloc_send_skb(sk, 10161da177e4SLinus Torvalds alloclen + hh_len, 10171da177e4SLinus Torvalds (flags & MSG_DONTWAIT), &err); 10181da177e4SLinus Torvalds } else { 10191da177e4SLinus Torvalds skb = NULL; 10201da177e4SLinus Torvalds if (atomic_read(&sk->sk_wmem_alloc) <= 10211da177e4SLinus Torvalds 2 * sk->sk_sndbuf) 10221da177e4SLinus Torvalds skb = sock_wmalloc(sk, 10231da177e4SLinus Torvalds alloclen + hh_len, 1, 10241da177e4SLinus Torvalds sk->sk_allocation); 10251da177e4SLinus Torvalds if (unlikely(skb == NULL)) 10261da177e4SLinus Torvalds err = -ENOBUFS; 10271da177e4SLinus Torvalds } 10281da177e4SLinus Torvalds if (skb == NULL) 10291da177e4SLinus Torvalds goto error; 10301da177e4SLinus Torvalds /* 10311da177e4SLinus Torvalds * Fill in the control structures 10321da177e4SLinus Torvalds */ 10331da177e4SLinus Torvalds skb->ip_summed = csummode; 10341da177e4SLinus Torvalds skb->csum = 0; 10351da177e4SLinus Torvalds /* reserve for fragmentation */ 10361da177e4SLinus Torvalds skb_reserve(skb, hh_len+sizeof(struct frag_hdr)); 10371da177e4SLinus Torvalds 10381da177e4SLinus Torvalds /* 10391da177e4SLinus Torvalds * Find where to start putting bytes 10401da177e4SLinus Torvalds */ 10411da177e4SLinus Torvalds data = skb_put(skb, fraglen); 10421da177e4SLinus Torvalds skb->nh.raw = data + exthdrlen; 10431da177e4SLinus Torvalds data += fragheaderlen; 10441da177e4SLinus Torvalds skb->h.raw = data + exthdrlen; 10451da177e4SLinus Torvalds 10461da177e4SLinus Torvalds if (fraggap) { 10471da177e4SLinus Torvalds skb->csum = skb_copy_and_csum_bits( 10481da177e4SLinus Torvalds skb_prev, maxfraglen, 10491da177e4SLinus Torvalds data + transhdrlen, fraggap, 0); 10501da177e4SLinus Torvalds skb_prev->csum = csum_sub(skb_prev->csum, 10511da177e4SLinus Torvalds skb->csum); 10521da177e4SLinus Torvalds data += fraggap; 10531da177e4SLinus Torvalds skb_trim(skb_prev, maxfraglen); 10541da177e4SLinus Torvalds } 10551da177e4SLinus Torvalds copy = datalen - transhdrlen - fraggap; 10561da177e4SLinus Torvalds if (copy < 0) { 10571da177e4SLinus Torvalds err = -EINVAL; 10581da177e4SLinus Torvalds kfree_skb(skb); 10591da177e4SLinus Torvalds goto error; 10601da177e4SLinus Torvalds } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) { 10611da177e4SLinus Torvalds err = -EFAULT; 10621da177e4SLinus Torvalds kfree_skb(skb); 10631da177e4SLinus Torvalds goto error; 10641da177e4SLinus Torvalds } 10651da177e4SLinus Torvalds 10661da177e4SLinus Torvalds offset += copy; 10671da177e4SLinus Torvalds length -= datalen - fraggap; 10681da177e4SLinus Torvalds transhdrlen = 0; 10691da177e4SLinus Torvalds exthdrlen = 0; 10701da177e4SLinus Torvalds csummode = CHECKSUM_NONE; 10711da177e4SLinus Torvalds 10721da177e4SLinus Torvalds /* 10731da177e4SLinus Torvalds * Put the packet on the pending queue 10741da177e4SLinus Torvalds */ 10751da177e4SLinus Torvalds __skb_queue_tail(&sk->sk_write_queue, skb); 10761da177e4SLinus Torvalds continue; 10771da177e4SLinus Torvalds } 10781da177e4SLinus Torvalds 10791da177e4SLinus Torvalds if (copy > length) 10801da177e4SLinus Torvalds copy = length; 10811da177e4SLinus Torvalds 10821da177e4SLinus Torvalds if (!(rt->u.dst.dev->features&NETIF_F_SG)) { 10831da177e4SLinus Torvalds unsigned int off; 10841da177e4SLinus Torvalds 10851da177e4SLinus Torvalds off = skb->len; 10861da177e4SLinus Torvalds if (getfrag(from, skb_put(skb, copy), 10871da177e4SLinus Torvalds offset, copy, off, skb) < 0) { 10881da177e4SLinus Torvalds __skb_trim(skb, off); 10891da177e4SLinus Torvalds err = -EFAULT; 10901da177e4SLinus Torvalds goto error; 10911da177e4SLinus Torvalds } 10921da177e4SLinus Torvalds } else { 10931da177e4SLinus Torvalds int i = skb_shinfo(skb)->nr_frags; 10941da177e4SLinus Torvalds skb_frag_t *frag = &skb_shinfo(skb)->frags[i-1]; 10951da177e4SLinus Torvalds struct page *page = sk->sk_sndmsg_page; 10961da177e4SLinus Torvalds int off = sk->sk_sndmsg_off; 10971da177e4SLinus Torvalds unsigned int left; 10981da177e4SLinus Torvalds 10991da177e4SLinus Torvalds if (page && (left = PAGE_SIZE - off) > 0) { 11001da177e4SLinus Torvalds if (copy >= left) 11011da177e4SLinus Torvalds copy = left; 11021da177e4SLinus Torvalds if (page != frag->page) { 11031da177e4SLinus Torvalds if (i == MAX_SKB_FRAGS) { 11041da177e4SLinus Torvalds err = -EMSGSIZE; 11051da177e4SLinus Torvalds goto error; 11061da177e4SLinus Torvalds } 11071da177e4SLinus Torvalds get_page(page); 11081da177e4SLinus Torvalds skb_fill_page_desc(skb, i, page, sk->sk_sndmsg_off, 0); 11091da177e4SLinus Torvalds frag = &skb_shinfo(skb)->frags[i]; 11101da177e4SLinus Torvalds } 11111da177e4SLinus Torvalds } else if(i < MAX_SKB_FRAGS) { 11121da177e4SLinus Torvalds if (copy > PAGE_SIZE) 11131da177e4SLinus Torvalds copy = PAGE_SIZE; 11141da177e4SLinus Torvalds page = alloc_pages(sk->sk_allocation, 0); 11151da177e4SLinus Torvalds if (page == NULL) { 11161da177e4SLinus Torvalds err = -ENOMEM; 11171da177e4SLinus Torvalds goto error; 11181da177e4SLinus Torvalds } 11191da177e4SLinus Torvalds sk->sk_sndmsg_page = page; 11201da177e4SLinus Torvalds sk->sk_sndmsg_off = 0; 11211da177e4SLinus Torvalds 11221da177e4SLinus Torvalds skb_fill_page_desc(skb, i, page, 0, 0); 11231da177e4SLinus Torvalds frag = &skb_shinfo(skb)->frags[i]; 11241da177e4SLinus Torvalds skb->truesize += PAGE_SIZE; 11251da177e4SLinus Torvalds atomic_add(PAGE_SIZE, &sk->sk_wmem_alloc); 11261da177e4SLinus Torvalds } else { 11271da177e4SLinus Torvalds err = -EMSGSIZE; 11281da177e4SLinus Torvalds goto error; 11291da177e4SLinus Torvalds } 11301da177e4SLinus Torvalds if (getfrag(from, page_address(frag->page)+frag->page_offset+frag->size, offset, copy, skb->len, skb) < 0) { 11311da177e4SLinus Torvalds err = -EFAULT; 11321da177e4SLinus Torvalds goto error; 11331da177e4SLinus Torvalds } 11341da177e4SLinus Torvalds sk->sk_sndmsg_off += copy; 11351da177e4SLinus Torvalds frag->size += copy; 11361da177e4SLinus Torvalds skb->len += copy; 11371da177e4SLinus Torvalds skb->data_len += copy; 11381da177e4SLinus Torvalds } 11391da177e4SLinus Torvalds offset += copy; 11401da177e4SLinus Torvalds length -= copy; 11411da177e4SLinus Torvalds } 11421da177e4SLinus Torvalds return 0; 11431da177e4SLinus Torvalds error: 11441da177e4SLinus Torvalds inet->cork.length -= length; 11451da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTDISCARDS); 11461da177e4SLinus Torvalds return err; 11471da177e4SLinus Torvalds } 11481da177e4SLinus Torvalds 11491da177e4SLinus Torvalds int ip6_push_pending_frames(struct sock *sk) 11501da177e4SLinus Torvalds { 11511da177e4SLinus Torvalds struct sk_buff *skb, *tmp_skb; 11521da177e4SLinus Torvalds struct sk_buff **tail_skb; 11531da177e4SLinus Torvalds struct in6_addr final_dst_buf, *final_dst = &final_dst_buf; 11541da177e4SLinus Torvalds struct inet_sock *inet = inet_sk(sk); 11551da177e4SLinus Torvalds struct ipv6_pinfo *np = inet6_sk(sk); 11561da177e4SLinus Torvalds struct ipv6hdr *hdr; 11571da177e4SLinus Torvalds struct ipv6_txoptions *opt = np->cork.opt; 11581da177e4SLinus Torvalds struct rt6_info *rt = np->cork.rt; 11591da177e4SLinus Torvalds struct flowi *fl = &inet->cork.fl; 11601da177e4SLinus Torvalds unsigned char proto = fl->proto; 11611da177e4SLinus Torvalds int err = 0; 11621da177e4SLinus Torvalds 11631da177e4SLinus Torvalds if ((skb = __skb_dequeue(&sk->sk_write_queue)) == NULL) 11641da177e4SLinus Torvalds goto out; 11651da177e4SLinus Torvalds tail_skb = &(skb_shinfo(skb)->frag_list); 11661da177e4SLinus Torvalds 11671da177e4SLinus Torvalds /* move skb->data to ip header from ext header */ 11681da177e4SLinus Torvalds if (skb->data < skb->nh.raw) 11691da177e4SLinus Torvalds __skb_pull(skb, skb->nh.raw - skb->data); 11701da177e4SLinus Torvalds while ((tmp_skb = __skb_dequeue(&sk->sk_write_queue)) != NULL) { 11711da177e4SLinus Torvalds __skb_pull(tmp_skb, skb->h.raw - skb->nh.raw); 11721da177e4SLinus Torvalds *tail_skb = tmp_skb; 11731da177e4SLinus Torvalds tail_skb = &(tmp_skb->next); 11741da177e4SLinus Torvalds skb->len += tmp_skb->len; 11751da177e4SLinus Torvalds skb->data_len += tmp_skb->len; 11761da177e4SLinus Torvalds skb->truesize += tmp_skb->truesize; 11771da177e4SLinus Torvalds __sock_put(tmp_skb->sk); 11781da177e4SLinus Torvalds tmp_skb->destructor = NULL; 11791da177e4SLinus Torvalds tmp_skb->sk = NULL; 11801da177e4SLinus Torvalds } 11811da177e4SLinus Torvalds 11821da177e4SLinus Torvalds ipv6_addr_copy(final_dst, &fl->fl6_dst); 11831da177e4SLinus Torvalds __skb_pull(skb, skb->h.raw - skb->nh.raw); 11841da177e4SLinus Torvalds if (opt && opt->opt_flen) 11851da177e4SLinus Torvalds ipv6_push_frag_opts(skb, opt, &proto); 11861da177e4SLinus Torvalds if (opt && opt->opt_nflen) 11871da177e4SLinus Torvalds ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst); 11881da177e4SLinus Torvalds 11891da177e4SLinus Torvalds skb->nh.ipv6h = hdr = (struct ipv6hdr*) skb_push(skb, sizeof(struct ipv6hdr)); 11901da177e4SLinus Torvalds 119141a1f8eaSYOSHIFUJI Hideaki *(u32*)hdr = fl->fl6_flowlabel | 119241a1f8eaSYOSHIFUJI Hideaki htonl(0x60000000 | ((int)np->cork.tclass << 20)); 11931da177e4SLinus Torvalds 11941da177e4SLinus Torvalds if (skb->len <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) 11951da177e4SLinus Torvalds hdr->payload_len = htons(skb->len - sizeof(struct ipv6hdr)); 11961da177e4SLinus Torvalds else 11971da177e4SLinus Torvalds hdr->payload_len = 0; 11981da177e4SLinus Torvalds hdr->hop_limit = np->cork.hop_limit; 11991da177e4SLinus Torvalds hdr->nexthdr = proto; 12001da177e4SLinus Torvalds ipv6_addr_copy(&hdr->saddr, &fl->fl6_src); 12011da177e4SLinus Torvalds ipv6_addr_copy(&hdr->daddr, final_dst); 12021da177e4SLinus Torvalds 1203a2c2064fSPatrick McHardy skb->priority = sk->sk_priority; 1204a2c2064fSPatrick McHardy 12051da177e4SLinus Torvalds skb->dst = dst_clone(&rt->u.dst); 12061da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS); 12071da177e4SLinus Torvalds err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, skb->dst->dev, dst_output); 12081da177e4SLinus Torvalds if (err) { 12091da177e4SLinus Torvalds if (err > 0) 12103320da89SHerbert Xu err = np->recverr ? net_xmit_errno(err) : 0; 12111da177e4SLinus Torvalds if (err) 12121da177e4SLinus Torvalds goto error; 12131da177e4SLinus Torvalds } 12141da177e4SLinus Torvalds 12151da177e4SLinus Torvalds out: 12161da177e4SLinus Torvalds inet->cork.flags &= ~IPCORK_OPT; 12171da177e4SLinus Torvalds kfree(np->cork.opt); 12181da177e4SLinus Torvalds np->cork.opt = NULL; 12191da177e4SLinus Torvalds if (np->cork.rt) { 12201da177e4SLinus Torvalds dst_release(&np->cork.rt->u.dst); 12211da177e4SLinus Torvalds np->cork.rt = NULL; 12221da177e4SLinus Torvalds inet->cork.flags &= ~IPCORK_ALLFRAG; 12231da177e4SLinus Torvalds } 12241da177e4SLinus Torvalds memset(&inet->cork.fl, 0, sizeof(inet->cork.fl)); 12251da177e4SLinus Torvalds return err; 12261da177e4SLinus Torvalds error: 12271da177e4SLinus Torvalds goto out; 12281da177e4SLinus Torvalds } 12291da177e4SLinus Torvalds 12301da177e4SLinus Torvalds void ip6_flush_pending_frames(struct sock *sk) 12311da177e4SLinus Torvalds { 12321da177e4SLinus Torvalds struct inet_sock *inet = inet_sk(sk); 12331da177e4SLinus Torvalds struct ipv6_pinfo *np = inet6_sk(sk); 12341da177e4SLinus Torvalds struct sk_buff *skb; 12351da177e4SLinus Torvalds 12361da177e4SLinus Torvalds while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) { 12371da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTDISCARDS); 12381da177e4SLinus Torvalds kfree_skb(skb); 12391da177e4SLinus Torvalds } 12401da177e4SLinus Torvalds 12411da177e4SLinus Torvalds inet->cork.flags &= ~IPCORK_OPT; 12421da177e4SLinus Torvalds 12431da177e4SLinus Torvalds kfree(np->cork.opt); 12441da177e4SLinus Torvalds np->cork.opt = NULL; 12451da177e4SLinus Torvalds if (np->cork.rt) { 12461da177e4SLinus Torvalds dst_release(&np->cork.rt->u.dst); 12471da177e4SLinus Torvalds np->cork.rt = NULL; 12481da177e4SLinus Torvalds inet->cork.flags &= ~IPCORK_ALLFRAG; 12491da177e4SLinus Torvalds } 12501da177e4SLinus Torvalds memset(&inet->cork.fl, 0, sizeof(inet->cork.fl)); 12511da177e4SLinus Torvalds } 1252