11da177e4SLinus Torvalds /* 21da177e4SLinus Torvalds * IPv6 output functions 31da177e4SLinus Torvalds * Linux INET6 implementation 41da177e4SLinus Torvalds * 51da177e4SLinus Torvalds * Authors: 61da177e4SLinus Torvalds * Pedro Roque <roque@di.fc.ul.pt> 71da177e4SLinus Torvalds * 81da177e4SLinus Torvalds * $Id: ip6_output.c,v 1.34 2002/02/01 22:01:04 davem Exp $ 91da177e4SLinus Torvalds * 101da177e4SLinus Torvalds * Based on linux/net/ipv4/ip_output.c 111da177e4SLinus Torvalds * 121da177e4SLinus Torvalds * This program is free software; you can redistribute it and/or 131da177e4SLinus Torvalds * modify it under the terms of the GNU General Public License 141da177e4SLinus Torvalds * as published by the Free Software Foundation; either version 151da177e4SLinus Torvalds * 2 of the License, or (at your option) any later version. 161da177e4SLinus Torvalds * 171da177e4SLinus Torvalds * Changes: 181da177e4SLinus Torvalds * A.N.Kuznetsov : airthmetics in fragmentation. 191da177e4SLinus Torvalds * extension headers are implemented. 201da177e4SLinus Torvalds * route changes now work. 211da177e4SLinus Torvalds * ip6_forward does not confuse sniffers. 221da177e4SLinus Torvalds * etc. 231da177e4SLinus Torvalds * 241da177e4SLinus Torvalds * H. von Brand : Added missing #include <linux/string.h> 251da177e4SLinus Torvalds * Imran Patel : frag id should be in NBO 261da177e4SLinus Torvalds * Kazunori MIYAZAWA @USAGI 271da177e4SLinus Torvalds * : add ip6_append_data and related functions 281da177e4SLinus Torvalds * for datagram xmit 291da177e4SLinus Torvalds */ 301da177e4SLinus Torvalds 311da177e4SLinus Torvalds #include <linux/config.h> 321da177e4SLinus Torvalds #include <linux/errno.h> 331da177e4SLinus Torvalds #include <linux/types.h> 341da177e4SLinus Torvalds #include <linux/string.h> 351da177e4SLinus Torvalds #include <linux/socket.h> 361da177e4SLinus Torvalds #include <linux/net.h> 371da177e4SLinus Torvalds #include <linux/netdevice.h> 381da177e4SLinus Torvalds #include <linux/if_arp.h> 391da177e4SLinus Torvalds #include <linux/in6.h> 401da177e4SLinus Torvalds #include <linux/tcp.h> 411da177e4SLinus Torvalds #include <linux/route.h> 421da177e4SLinus Torvalds 431da177e4SLinus Torvalds #include <linux/netfilter.h> 441da177e4SLinus Torvalds #include <linux/netfilter_ipv6.h> 451da177e4SLinus Torvalds 461da177e4SLinus Torvalds #include <net/sock.h> 471da177e4SLinus Torvalds #include <net/snmp.h> 481da177e4SLinus Torvalds 491da177e4SLinus Torvalds #include <net/ipv6.h> 501da177e4SLinus Torvalds #include <net/ndisc.h> 511da177e4SLinus Torvalds #include <net/protocol.h> 521da177e4SLinus Torvalds #include <net/ip6_route.h> 531da177e4SLinus Torvalds #include <net/addrconf.h> 541da177e4SLinus Torvalds #include <net/rawv6.h> 551da177e4SLinus Torvalds #include <net/icmp.h> 561da177e4SLinus Torvalds #include <net/xfrm.h> 571da177e4SLinus Torvalds #include <net/checksum.h> 581da177e4SLinus Torvalds 591da177e4SLinus Torvalds static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)); 601da177e4SLinus Torvalds 611da177e4SLinus Torvalds static __inline__ void ipv6_select_ident(struct sk_buff *skb, struct frag_hdr *fhdr) 621da177e4SLinus Torvalds { 631da177e4SLinus Torvalds static u32 ipv6_fragmentation_id = 1; 641da177e4SLinus Torvalds static DEFINE_SPINLOCK(ip6_id_lock); 651da177e4SLinus Torvalds 661da177e4SLinus Torvalds spin_lock_bh(&ip6_id_lock); 671da177e4SLinus Torvalds fhdr->identification = htonl(ipv6_fragmentation_id); 681da177e4SLinus Torvalds if (++ipv6_fragmentation_id == 0) 691da177e4SLinus Torvalds ipv6_fragmentation_id = 1; 701da177e4SLinus Torvalds spin_unlock_bh(&ip6_id_lock); 711da177e4SLinus Torvalds } 721da177e4SLinus Torvalds 731da177e4SLinus Torvalds static inline int ip6_output_finish(struct sk_buff *skb) 741da177e4SLinus Torvalds { 751da177e4SLinus Torvalds 761da177e4SLinus Torvalds struct dst_entry *dst = skb->dst; 771da177e4SLinus Torvalds struct hh_cache *hh = dst->hh; 781da177e4SLinus Torvalds 791da177e4SLinus Torvalds if (hh) { 801da177e4SLinus Torvalds int hh_alen; 811da177e4SLinus Torvalds 821da177e4SLinus Torvalds read_lock_bh(&hh->hh_lock); 831da177e4SLinus Torvalds hh_alen = HH_DATA_ALIGN(hh->hh_len); 841da177e4SLinus Torvalds memcpy(skb->data - hh_alen, hh->hh_data, hh_alen); 851da177e4SLinus Torvalds read_unlock_bh(&hh->hh_lock); 861da177e4SLinus Torvalds skb_push(skb, hh->hh_len); 871da177e4SLinus Torvalds return hh->hh_output(skb); 881da177e4SLinus Torvalds } else if (dst->neighbour) 891da177e4SLinus Torvalds return dst->neighbour->output(skb); 901da177e4SLinus Torvalds 911da177e4SLinus Torvalds IP6_INC_STATS_BH(IPSTATS_MIB_OUTNOROUTES); 921da177e4SLinus Torvalds kfree_skb(skb); 931da177e4SLinus Torvalds return -EINVAL; 941da177e4SLinus Torvalds 951da177e4SLinus Torvalds } 961da177e4SLinus Torvalds 971da177e4SLinus Torvalds /* dev_loopback_xmit for use with netfilter. */ 981da177e4SLinus Torvalds static int ip6_dev_loopback_xmit(struct sk_buff *newskb) 991da177e4SLinus Torvalds { 1001da177e4SLinus Torvalds newskb->mac.raw = newskb->data; 1011da177e4SLinus Torvalds __skb_pull(newskb, newskb->nh.raw - newskb->data); 1021da177e4SLinus Torvalds newskb->pkt_type = PACKET_LOOPBACK; 1031da177e4SLinus Torvalds newskb->ip_summed = CHECKSUM_UNNECESSARY; 1041da177e4SLinus Torvalds BUG_TRAP(newskb->dst); 1051da177e4SLinus Torvalds 1061da177e4SLinus Torvalds netif_rx(newskb); 1071da177e4SLinus Torvalds return 0; 1081da177e4SLinus Torvalds } 1091da177e4SLinus Torvalds 1101da177e4SLinus Torvalds 1111da177e4SLinus Torvalds static int ip6_output2(struct sk_buff *skb) 1121da177e4SLinus Torvalds { 1131da177e4SLinus Torvalds struct dst_entry *dst = skb->dst; 1141da177e4SLinus Torvalds struct net_device *dev = dst->dev; 1151da177e4SLinus Torvalds 1161da177e4SLinus Torvalds skb->protocol = htons(ETH_P_IPV6); 1171da177e4SLinus Torvalds skb->dev = dev; 1181da177e4SLinus Torvalds 1191da177e4SLinus Torvalds if (ipv6_addr_is_multicast(&skb->nh.ipv6h->daddr)) { 1201da177e4SLinus Torvalds struct ipv6_pinfo* np = skb->sk ? inet6_sk(skb->sk) : NULL; 1211da177e4SLinus Torvalds 1221da177e4SLinus Torvalds if (!(dev->flags & IFF_LOOPBACK) && (!np || np->mc_loop) && 1231da177e4SLinus Torvalds ipv6_chk_mcast_addr(dev, &skb->nh.ipv6h->daddr, 1241da177e4SLinus Torvalds &skb->nh.ipv6h->saddr)) { 1251da177e4SLinus Torvalds struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); 1261da177e4SLinus Torvalds 1271da177e4SLinus Torvalds /* Do not check for IFF_ALLMULTI; multicast routing 1281da177e4SLinus Torvalds is not supported in any case. 1291da177e4SLinus Torvalds */ 1301da177e4SLinus Torvalds if (newskb) 1311da177e4SLinus Torvalds NF_HOOK(PF_INET6, NF_IP6_POST_ROUTING, newskb, NULL, 1321da177e4SLinus Torvalds newskb->dev, 1331da177e4SLinus Torvalds ip6_dev_loopback_xmit); 1341da177e4SLinus Torvalds 1351da177e4SLinus Torvalds if (skb->nh.ipv6h->hop_limit == 0) { 1361da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTDISCARDS); 1371da177e4SLinus Torvalds kfree_skb(skb); 1381da177e4SLinus Torvalds return 0; 1391da177e4SLinus Torvalds } 1401da177e4SLinus Torvalds } 1411da177e4SLinus Torvalds 1421da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTMCASTPKTS); 1431da177e4SLinus Torvalds } 1441da177e4SLinus Torvalds 1451da177e4SLinus Torvalds return NF_HOOK(PF_INET6, NF_IP6_POST_ROUTING, skb,NULL, skb->dev,ip6_output_finish); 1461da177e4SLinus Torvalds } 1471da177e4SLinus Torvalds 1481da177e4SLinus Torvalds int ip6_output(struct sk_buff *skb) 1491da177e4SLinus Torvalds { 150e89e9cf5SAnanda Raju if ((skb->len > dst_mtu(skb->dst) && !skb_shinfo(skb)->ufo_size) || 151e89e9cf5SAnanda Raju dst_allfrag(skb->dst)) 1521da177e4SLinus Torvalds return ip6_fragment(skb, ip6_output2); 1531da177e4SLinus Torvalds else 1541da177e4SLinus Torvalds return ip6_output2(skb); 1551da177e4SLinus Torvalds } 1561da177e4SLinus Torvalds 1571da177e4SLinus Torvalds /* 1581da177e4SLinus Torvalds * xmit an sk_buff (used by TCP) 1591da177e4SLinus Torvalds */ 1601da177e4SLinus Torvalds 1611da177e4SLinus Torvalds int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl, 1621da177e4SLinus Torvalds struct ipv6_txoptions *opt, int ipfragok) 1631da177e4SLinus Torvalds { 1641da177e4SLinus Torvalds struct ipv6_pinfo *np = sk ? inet6_sk(sk) : NULL; 1651da177e4SLinus Torvalds struct in6_addr *first_hop = &fl->fl6_dst; 1661da177e4SLinus Torvalds struct dst_entry *dst = skb->dst; 1671da177e4SLinus Torvalds struct ipv6hdr *hdr; 1681da177e4SLinus Torvalds u8 proto = fl->proto; 1691da177e4SLinus Torvalds int seg_len = skb->len; 17041a1f8eaSYOSHIFUJI Hideaki int hlimit, tclass; 1711da177e4SLinus Torvalds u32 mtu; 1721da177e4SLinus Torvalds 1731da177e4SLinus Torvalds if (opt) { 1741da177e4SLinus Torvalds int head_room; 1751da177e4SLinus Torvalds 1761da177e4SLinus Torvalds /* First: exthdrs may take lots of space (~8K for now) 1771da177e4SLinus Torvalds MAX_HEADER is not enough. 1781da177e4SLinus Torvalds */ 1791da177e4SLinus Torvalds head_room = opt->opt_nflen + opt->opt_flen; 1801da177e4SLinus Torvalds seg_len += head_room; 1811da177e4SLinus Torvalds head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev); 1821da177e4SLinus Torvalds 1831da177e4SLinus Torvalds if (skb_headroom(skb) < head_room) { 1841da177e4SLinus Torvalds struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room); 1851da177e4SLinus Torvalds kfree_skb(skb); 1861da177e4SLinus Torvalds skb = skb2; 1871da177e4SLinus Torvalds if (skb == NULL) { 1881da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTDISCARDS); 1891da177e4SLinus Torvalds return -ENOBUFS; 1901da177e4SLinus Torvalds } 1911da177e4SLinus Torvalds if (sk) 1921da177e4SLinus Torvalds skb_set_owner_w(skb, sk); 1931da177e4SLinus Torvalds } 1941da177e4SLinus Torvalds if (opt->opt_flen) 1951da177e4SLinus Torvalds ipv6_push_frag_opts(skb, opt, &proto); 1961da177e4SLinus Torvalds if (opt->opt_nflen) 1971da177e4SLinus Torvalds ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop); 1981da177e4SLinus Torvalds } 1991da177e4SLinus Torvalds 2001da177e4SLinus Torvalds hdr = skb->nh.ipv6h = (struct ipv6hdr*)skb_push(skb, sizeof(struct ipv6hdr)); 2011da177e4SLinus Torvalds 2021da177e4SLinus Torvalds /* 2031da177e4SLinus Torvalds * Fill in the IPv6 header 2041da177e4SLinus Torvalds */ 2051da177e4SLinus Torvalds 2061da177e4SLinus Torvalds hlimit = -1; 2071da177e4SLinus Torvalds if (np) 2081da177e4SLinus Torvalds hlimit = np->hop_limit; 2091da177e4SLinus Torvalds if (hlimit < 0) 2101da177e4SLinus Torvalds hlimit = dst_metric(dst, RTAX_HOPLIMIT); 2111da177e4SLinus Torvalds if (hlimit < 0) 2121da177e4SLinus Torvalds hlimit = ipv6_get_hoplimit(dst->dev); 2131da177e4SLinus Torvalds 21441a1f8eaSYOSHIFUJI Hideaki tclass = -1; 21541a1f8eaSYOSHIFUJI Hideaki if (np) 21641a1f8eaSYOSHIFUJI Hideaki tclass = np->tclass; 21741a1f8eaSYOSHIFUJI Hideaki if (tclass < 0) 21841a1f8eaSYOSHIFUJI Hideaki tclass = 0; 21941a1f8eaSYOSHIFUJI Hideaki 22041a1f8eaSYOSHIFUJI Hideaki *(u32 *)hdr = htonl(0x60000000 | (tclass << 20)) | fl->fl6_flowlabel; 22141a1f8eaSYOSHIFUJI Hideaki 2221da177e4SLinus Torvalds hdr->payload_len = htons(seg_len); 2231da177e4SLinus Torvalds hdr->nexthdr = proto; 2241da177e4SLinus Torvalds hdr->hop_limit = hlimit; 2251da177e4SLinus Torvalds 2261da177e4SLinus Torvalds ipv6_addr_copy(&hdr->saddr, &fl->fl6_src); 2271da177e4SLinus Torvalds ipv6_addr_copy(&hdr->daddr, first_hop); 2281da177e4SLinus Torvalds 229a2c2064fSPatrick McHardy skb->priority = sk->sk_priority; 230a2c2064fSPatrick McHardy 2311da177e4SLinus Torvalds mtu = dst_mtu(dst); 2321da177e4SLinus Torvalds if ((skb->len <= mtu) || ipfragok) { 2331da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS); 2346869c4d8SHarald Welte return NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, 2356869c4d8SHarald Welte dst_output); 2361da177e4SLinus Torvalds } 2371da177e4SLinus Torvalds 2381da177e4SLinus Torvalds if (net_ratelimit()) 2391da177e4SLinus Torvalds printk(KERN_DEBUG "IPv6: sending pkt_too_big to self\n"); 2401da177e4SLinus Torvalds skb->dev = dst->dev; 2411da177e4SLinus Torvalds icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, skb->dev); 2421da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGFAILS); 2431da177e4SLinus Torvalds kfree_skb(skb); 2441da177e4SLinus Torvalds return -EMSGSIZE; 2451da177e4SLinus Torvalds } 2461da177e4SLinus Torvalds 2471da177e4SLinus Torvalds /* 2481da177e4SLinus Torvalds * To avoid extra problems ND packets are send through this 2491da177e4SLinus Torvalds * routine. It's code duplication but I really want to avoid 2501da177e4SLinus Torvalds * extra checks since ipv6_build_header is used by TCP (which 2511da177e4SLinus Torvalds * is for us performance critical) 2521da177e4SLinus Torvalds */ 2531da177e4SLinus Torvalds 2541da177e4SLinus Torvalds int ip6_nd_hdr(struct sock *sk, struct sk_buff *skb, struct net_device *dev, 2551da177e4SLinus Torvalds struct in6_addr *saddr, struct in6_addr *daddr, 2561da177e4SLinus Torvalds int proto, int len) 2571da177e4SLinus Torvalds { 2581da177e4SLinus Torvalds struct ipv6_pinfo *np = inet6_sk(sk); 2591da177e4SLinus Torvalds struct ipv6hdr *hdr; 2601da177e4SLinus Torvalds int totlen; 2611da177e4SLinus Torvalds 2621da177e4SLinus Torvalds skb->protocol = htons(ETH_P_IPV6); 2631da177e4SLinus Torvalds skb->dev = dev; 2641da177e4SLinus Torvalds 2651da177e4SLinus Torvalds totlen = len + sizeof(struct ipv6hdr); 2661da177e4SLinus Torvalds 2671da177e4SLinus Torvalds hdr = (struct ipv6hdr *) skb_put(skb, sizeof(struct ipv6hdr)); 2681da177e4SLinus Torvalds skb->nh.ipv6h = hdr; 2691da177e4SLinus Torvalds 2701da177e4SLinus Torvalds *(u32*)hdr = htonl(0x60000000); 2711da177e4SLinus Torvalds 2721da177e4SLinus Torvalds hdr->payload_len = htons(len); 2731da177e4SLinus Torvalds hdr->nexthdr = proto; 2741da177e4SLinus Torvalds hdr->hop_limit = np->hop_limit; 2751da177e4SLinus Torvalds 2761da177e4SLinus Torvalds ipv6_addr_copy(&hdr->saddr, saddr); 2771da177e4SLinus Torvalds ipv6_addr_copy(&hdr->daddr, daddr); 2781da177e4SLinus Torvalds 2791da177e4SLinus Torvalds return 0; 2801da177e4SLinus Torvalds } 2811da177e4SLinus Torvalds 2821da177e4SLinus Torvalds static int ip6_call_ra_chain(struct sk_buff *skb, int sel) 2831da177e4SLinus Torvalds { 2841da177e4SLinus Torvalds struct ip6_ra_chain *ra; 2851da177e4SLinus Torvalds struct sock *last = NULL; 2861da177e4SLinus Torvalds 2871da177e4SLinus Torvalds read_lock(&ip6_ra_lock); 2881da177e4SLinus Torvalds for (ra = ip6_ra_chain; ra; ra = ra->next) { 2891da177e4SLinus Torvalds struct sock *sk = ra->sk; 2900bd1b59bSAndrew McDonald if (sk && ra->sel == sel && 2910bd1b59bSAndrew McDonald (!sk->sk_bound_dev_if || 2920bd1b59bSAndrew McDonald sk->sk_bound_dev_if == skb->dev->ifindex)) { 2931da177e4SLinus Torvalds if (last) { 2941da177e4SLinus Torvalds struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC); 2951da177e4SLinus Torvalds if (skb2) 2961da177e4SLinus Torvalds rawv6_rcv(last, skb2); 2971da177e4SLinus Torvalds } 2981da177e4SLinus Torvalds last = sk; 2991da177e4SLinus Torvalds } 3001da177e4SLinus Torvalds } 3011da177e4SLinus Torvalds 3021da177e4SLinus Torvalds if (last) { 3031da177e4SLinus Torvalds rawv6_rcv(last, skb); 3041da177e4SLinus Torvalds read_unlock(&ip6_ra_lock); 3051da177e4SLinus Torvalds return 1; 3061da177e4SLinus Torvalds } 3071da177e4SLinus Torvalds read_unlock(&ip6_ra_lock); 3081da177e4SLinus Torvalds return 0; 3091da177e4SLinus Torvalds } 3101da177e4SLinus Torvalds 3111da177e4SLinus Torvalds static inline int ip6_forward_finish(struct sk_buff *skb) 3121da177e4SLinus Torvalds { 3131da177e4SLinus Torvalds return dst_output(skb); 3141da177e4SLinus Torvalds } 3151da177e4SLinus Torvalds 3161da177e4SLinus Torvalds int ip6_forward(struct sk_buff *skb) 3171da177e4SLinus Torvalds { 3181da177e4SLinus Torvalds struct dst_entry *dst = skb->dst; 3191da177e4SLinus Torvalds struct ipv6hdr *hdr = skb->nh.ipv6h; 3201da177e4SLinus Torvalds struct inet6_skb_parm *opt = IP6CB(skb); 3211da177e4SLinus Torvalds 3221da177e4SLinus Torvalds if (ipv6_devconf.forwarding == 0) 3231da177e4SLinus Torvalds goto error; 3241da177e4SLinus Torvalds 3251da177e4SLinus Torvalds if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) { 3261da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_INDISCARDS); 3271da177e4SLinus Torvalds goto drop; 3281da177e4SLinus Torvalds } 3291da177e4SLinus Torvalds 3301da177e4SLinus Torvalds skb->ip_summed = CHECKSUM_NONE; 3311da177e4SLinus Torvalds 3321da177e4SLinus Torvalds /* 3331da177e4SLinus Torvalds * We DO NOT make any processing on 3341da177e4SLinus Torvalds * RA packets, pushing them to user level AS IS 3351da177e4SLinus Torvalds * without ane WARRANTY that application will be able 3361da177e4SLinus Torvalds * to interpret them. The reason is that we 3371da177e4SLinus Torvalds * cannot make anything clever here. 3381da177e4SLinus Torvalds * 3391da177e4SLinus Torvalds * We are not end-node, so that if packet contains 3401da177e4SLinus Torvalds * AH/ESP, we cannot make anything. 3411da177e4SLinus Torvalds * Defragmentation also would be mistake, RA packets 3421da177e4SLinus Torvalds * cannot be fragmented, because there is no warranty 3431da177e4SLinus Torvalds * that different fragments will go along one path. --ANK 3441da177e4SLinus Torvalds */ 3451da177e4SLinus Torvalds if (opt->ra) { 3461da177e4SLinus Torvalds u8 *ptr = skb->nh.raw + opt->ra; 3471da177e4SLinus Torvalds if (ip6_call_ra_chain(skb, (ptr[2]<<8) + ptr[3])) 3481da177e4SLinus Torvalds return 0; 3491da177e4SLinus Torvalds } 3501da177e4SLinus Torvalds 3511da177e4SLinus Torvalds /* 3521da177e4SLinus Torvalds * check and decrement ttl 3531da177e4SLinus Torvalds */ 3541da177e4SLinus Torvalds if (hdr->hop_limit <= 1) { 3551da177e4SLinus Torvalds /* Force OUTPUT device used as source address */ 3561da177e4SLinus Torvalds skb->dev = dst->dev; 3571da177e4SLinus Torvalds icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 3581da177e4SLinus Torvalds 0, skb->dev); 3591da177e4SLinus Torvalds 3601da177e4SLinus Torvalds kfree_skb(skb); 3611da177e4SLinus Torvalds return -ETIMEDOUT; 3621da177e4SLinus Torvalds } 3631da177e4SLinus Torvalds 3641da177e4SLinus Torvalds if (!xfrm6_route_forward(skb)) { 3651da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_INDISCARDS); 3661da177e4SLinus Torvalds goto drop; 3671da177e4SLinus Torvalds } 3681da177e4SLinus Torvalds dst = skb->dst; 3691da177e4SLinus Torvalds 3701da177e4SLinus Torvalds /* IPv6 specs say nothing about it, but it is clear that we cannot 3711da177e4SLinus Torvalds send redirects to source routed frames. 3721da177e4SLinus Torvalds */ 3731da177e4SLinus Torvalds if (skb->dev == dst->dev && dst->neighbour && opt->srcrt == 0) { 3741da177e4SLinus Torvalds struct in6_addr *target = NULL; 3751da177e4SLinus Torvalds struct rt6_info *rt; 3761da177e4SLinus Torvalds struct neighbour *n = dst->neighbour; 3771da177e4SLinus Torvalds 3781da177e4SLinus Torvalds /* 3791da177e4SLinus Torvalds * incoming and outgoing devices are the same 3801da177e4SLinus Torvalds * send a redirect. 3811da177e4SLinus Torvalds */ 3821da177e4SLinus Torvalds 3831da177e4SLinus Torvalds rt = (struct rt6_info *) dst; 3841da177e4SLinus Torvalds if ((rt->rt6i_flags & RTF_GATEWAY)) 3851da177e4SLinus Torvalds target = (struct in6_addr*)&n->primary_key; 3861da177e4SLinus Torvalds else 3871da177e4SLinus Torvalds target = &hdr->daddr; 3881da177e4SLinus Torvalds 3891da177e4SLinus Torvalds /* Limit redirects both by destination (here) 3901da177e4SLinus Torvalds and by source (inside ndisc_send_redirect) 3911da177e4SLinus Torvalds */ 3921da177e4SLinus Torvalds if (xrlim_allow(dst, 1*HZ)) 3931da177e4SLinus Torvalds ndisc_send_redirect(skb, n, target); 3941da177e4SLinus Torvalds } else if (ipv6_addr_type(&hdr->saddr)&(IPV6_ADDR_MULTICAST|IPV6_ADDR_LOOPBACK 3951da177e4SLinus Torvalds |IPV6_ADDR_LINKLOCAL)) { 3961da177e4SLinus Torvalds /* This check is security critical. */ 3971da177e4SLinus Torvalds goto error; 3981da177e4SLinus Torvalds } 3991da177e4SLinus Torvalds 4001da177e4SLinus Torvalds if (skb->len > dst_mtu(dst)) { 4011da177e4SLinus Torvalds /* Again, force OUTPUT device used as source address */ 4021da177e4SLinus Torvalds skb->dev = dst->dev; 4031da177e4SLinus Torvalds icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, dst_mtu(dst), skb->dev); 4041da177e4SLinus Torvalds IP6_INC_STATS_BH(IPSTATS_MIB_INTOOBIGERRORS); 4051da177e4SLinus Torvalds IP6_INC_STATS_BH(IPSTATS_MIB_FRAGFAILS); 4061da177e4SLinus Torvalds kfree_skb(skb); 4071da177e4SLinus Torvalds return -EMSGSIZE; 4081da177e4SLinus Torvalds } 4091da177e4SLinus Torvalds 4101da177e4SLinus Torvalds if (skb_cow(skb, dst->dev->hard_header_len)) { 4111da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTDISCARDS); 4121da177e4SLinus Torvalds goto drop; 4131da177e4SLinus Torvalds } 4141da177e4SLinus Torvalds 4151da177e4SLinus Torvalds hdr = skb->nh.ipv6h; 4161da177e4SLinus Torvalds 4171da177e4SLinus Torvalds /* Mangling hops number delayed to point after skb COW */ 4181da177e4SLinus Torvalds 4191da177e4SLinus Torvalds hdr->hop_limit--; 4201da177e4SLinus Torvalds 4211da177e4SLinus Torvalds IP6_INC_STATS_BH(IPSTATS_MIB_OUTFORWDATAGRAMS); 4221da177e4SLinus Torvalds return NF_HOOK(PF_INET6,NF_IP6_FORWARD, skb, skb->dev, dst->dev, ip6_forward_finish); 4231da177e4SLinus Torvalds 4241da177e4SLinus Torvalds error: 4251da177e4SLinus Torvalds IP6_INC_STATS_BH(IPSTATS_MIB_INADDRERRORS); 4261da177e4SLinus Torvalds drop: 4271da177e4SLinus Torvalds kfree_skb(skb); 4281da177e4SLinus Torvalds return -EINVAL; 4291da177e4SLinus Torvalds } 4301da177e4SLinus Torvalds 4311da177e4SLinus Torvalds static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from) 4321da177e4SLinus Torvalds { 4331da177e4SLinus Torvalds to->pkt_type = from->pkt_type; 4341da177e4SLinus Torvalds to->priority = from->priority; 4351da177e4SLinus Torvalds to->protocol = from->protocol; 4361da177e4SLinus Torvalds dst_release(to->dst); 4371da177e4SLinus Torvalds to->dst = dst_clone(from->dst); 4381da177e4SLinus Torvalds to->dev = from->dev; 4391da177e4SLinus Torvalds 4401da177e4SLinus Torvalds #ifdef CONFIG_NET_SCHED 4411da177e4SLinus Torvalds to->tc_index = from->tc_index; 4421da177e4SLinus Torvalds #endif 4431da177e4SLinus Torvalds #ifdef CONFIG_NETFILTER 4441da177e4SLinus Torvalds to->nfmark = from->nfmark; 4451da177e4SLinus Torvalds /* Connection association is same as pre-frag packet */ 4469fb9cbb1SYasuyuki Kozakai nf_conntrack_put(to->nfct); 4471da177e4SLinus Torvalds to->nfct = from->nfct; 4481da177e4SLinus Torvalds nf_conntrack_get(to->nfct); 4491da177e4SLinus Torvalds to->nfctinfo = from->nfctinfo; 4509fb9cbb1SYasuyuki Kozakai #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 4519fb9cbb1SYasuyuki Kozakai nf_conntrack_put_reasm(to->nfct_reasm); 4529fb9cbb1SYasuyuki Kozakai to->nfct_reasm = from->nfct_reasm; 4539fb9cbb1SYasuyuki Kozakai nf_conntrack_get_reasm(to->nfct_reasm); 4549fb9cbb1SYasuyuki Kozakai #endif 4551da177e4SLinus Torvalds #ifdef CONFIG_BRIDGE_NETFILTER 4561da177e4SLinus Torvalds nf_bridge_put(to->nf_bridge); 4571da177e4SLinus Torvalds to->nf_bridge = from->nf_bridge; 4581da177e4SLinus Torvalds nf_bridge_get(to->nf_bridge); 4591da177e4SLinus Torvalds #endif 4601da177e4SLinus Torvalds #endif 4611da177e4SLinus Torvalds } 4621da177e4SLinus Torvalds 4631da177e4SLinus Torvalds int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr) 4641da177e4SLinus Torvalds { 4651da177e4SLinus Torvalds u16 offset = sizeof(struct ipv6hdr); 4661da177e4SLinus Torvalds struct ipv6_opt_hdr *exthdr = (struct ipv6_opt_hdr*)(skb->nh.ipv6h + 1); 4671da177e4SLinus Torvalds unsigned int packet_len = skb->tail - skb->nh.raw; 4681da177e4SLinus Torvalds int found_rhdr = 0; 4691da177e4SLinus Torvalds *nexthdr = &skb->nh.ipv6h->nexthdr; 4701da177e4SLinus Torvalds 4711da177e4SLinus Torvalds while (offset + 1 <= packet_len) { 4721da177e4SLinus Torvalds 4731da177e4SLinus Torvalds switch (**nexthdr) { 4741da177e4SLinus Torvalds 4751da177e4SLinus Torvalds case NEXTHDR_HOP: 4761da177e4SLinus Torvalds case NEXTHDR_ROUTING: 4771da177e4SLinus Torvalds case NEXTHDR_DEST: 4781da177e4SLinus Torvalds if (**nexthdr == NEXTHDR_ROUTING) found_rhdr = 1; 4791da177e4SLinus Torvalds if (**nexthdr == NEXTHDR_DEST && found_rhdr) return offset; 4801da177e4SLinus Torvalds offset += ipv6_optlen(exthdr); 4811da177e4SLinus Torvalds *nexthdr = &exthdr->nexthdr; 4821da177e4SLinus Torvalds exthdr = (struct ipv6_opt_hdr*)(skb->nh.raw + offset); 4831da177e4SLinus Torvalds break; 4841da177e4SLinus Torvalds default : 4851da177e4SLinus Torvalds return offset; 4861da177e4SLinus Torvalds } 4871da177e4SLinus Torvalds } 4881da177e4SLinus Torvalds 4891da177e4SLinus Torvalds return offset; 4901da177e4SLinus Torvalds } 4911da177e4SLinus Torvalds 4921da177e4SLinus Torvalds static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) 4931da177e4SLinus Torvalds { 4941da177e4SLinus Torvalds struct net_device *dev; 4951da177e4SLinus Torvalds struct sk_buff *frag; 4961da177e4SLinus Torvalds struct rt6_info *rt = (struct rt6_info*)skb->dst; 497*d91675f9SYOSHIFUJI Hideaki struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL; 4981da177e4SLinus Torvalds struct ipv6hdr *tmp_hdr; 4991da177e4SLinus Torvalds struct frag_hdr *fh; 5001da177e4SLinus Torvalds unsigned int mtu, hlen, left, len; 5011da177e4SLinus Torvalds u32 frag_id = 0; 5021da177e4SLinus Torvalds int ptr, offset = 0, err=0; 5031da177e4SLinus Torvalds u8 *prevhdr, nexthdr = 0; 5041da177e4SLinus Torvalds 5051da177e4SLinus Torvalds dev = rt->u.dst.dev; 5061da177e4SLinus Torvalds hlen = ip6_find_1stfragopt(skb, &prevhdr); 5071da177e4SLinus Torvalds nexthdr = *prevhdr; 5081da177e4SLinus Torvalds 509*d91675f9SYOSHIFUJI Hideaki mtu = dst_mtu(&rt->u.dst); 510*d91675f9SYOSHIFUJI Hideaki if (np && np->frag_size < mtu) { 511*d91675f9SYOSHIFUJI Hideaki if (np->frag_size) 512*d91675f9SYOSHIFUJI Hideaki mtu = np->frag_size; 513*d91675f9SYOSHIFUJI Hideaki } 514*d91675f9SYOSHIFUJI Hideaki mtu -= hlen + sizeof(struct frag_hdr); 5151da177e4SLinus Torvalds 5161da177e4SLinus Torvalds if (skb_shinfo(skb)->frag_list) { 5171da177e4SLinus Torvalds int first_len = skb_pagelen(skb); 5181da177e4SLinus Torvalds 5191da177e4SLinus Torvalds if (first_len - hlen > mtu || 5201da177e4SLinus Torvalds ((first_len - hlen) & 7) || 5211da177e4SLinus Torvalds skb_cloned(skb)) 5221da177e4SLinus Torvalds goto slow_path; 5231da177e4SLinus Torvalds 5241da177e4SLinus Torvalds for (frag = skb_shinfo(skb)->frag_list; frag; frag = frag->next) { 5251da177e4SLinus Torvalds /* Correct geometry. */ 5261da177e4SLinus Torvalds if (frag->len > mtu || 5271da177e4SLinus Torvalds ((frag->len & 7) && frag->next) || 5281da177e4SLinus Torvalds skb_headroom(frag) < hlen) 5291da177e4SLinus Torvalds goto slow_path; 5301da177e4SLinus Torvalds 5311da177e4SLinus Torvalds /* Partially cloned skb? */ 5321da177e4SLinus Torvalds if (skb_shared(frag)) 5331da177e4SLinus Torvalds goto slow_path; 5342fdba6b0SHerbert Xu 5352fdba6b0SHerbert Xu BUG_ON(frag->sk); 5362fdba6b0SHerbert Xu if (skb->sk) { 5372fdba6b0SHerbert Xu sock_hold(skb->sk); 5382fdba6b0SHerbert Xu frag->sk = skb->sk; 5392fdba6b0SHerbert Xu frag->destructor = sock_wfree; 5402fdba6b0SHerbert Xu skb->truesize -= frag->truesize; 5412fdba6b0SHerbert Xu } 5421da177e4SLinus Torvalds } 5431da177e4SLinus Torvalds 5441da177e4SLinus Torvalds err = 0; 5451da177e4SLinus Torvalds offset = 0; 5461da177e4SLinus Torvalds frag = skb_shinfo(skb)->frag_list; 5471da177e4SLinus Torvalds skb_shinfo(skb)->frag_list = NULL; 5481da177e4SLinus Torvalds /* BUILD HEADER */ 5491da177e4SLinus Torvalds 5501da177e4SLinus Torvalds tmp_hdr = kmalloc(hlen, GFP_ATOMIC); 5511da177e4SLinus Torvalds if (!tmp_hdr) { 5521da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGFAILS); 5531da177e4SLinus Torvalds return -ENOMEM; 5541da177e4SLinus Torvalds } 5551da177e4SLinus Torvalds 5561da177e4SLinus Torvalds *prevhdr = NEXTHDR_FRAGMENT; 5571da177e4SLinus Torvalds memcpy(tmp_hdr, skb->nh.raw, hlen); 5581da177e4SLinus Torvalds __skb_pull(skb, hlen); 5591da177e4SLinus Torvalds fh = (struct frag_hdr*)__skb_push(skb, sizeof(struct frag_hdr)); 5601da177e4SLinus Torvalds skb->nh.raw = __skb_push(skb, hlen); 5611da177e4SLinus Torvalds memcpy(skb->nh.raw, tmp_hdr, hlen); 5621da177e4SLinus Torvalds 5631da177e4SLinus Torvalds ipv6_select_ident(skb, fh); 5641da177e4SLinus Torvalds fh->nexthdr = nexthdr; 5651da177e4SLinus Torvalds fh->reserved = 0; 5661da177e4SLinus Torvalds fh->frag_off = htons(IP6_MF); 5671da177e4SLinus Torvalds frag_id = fh->identification; 5681da177e4SLinus Torvalds 5691da177e4SLinus Torvalds first_len = skb_pagelen(skb); 5701da177e4SLinus Torvalds skb->data_len = first_len - skb_headlen(skb); 5711da177e4SLinus Torvalds skb->len = first_len; 5721da177e4SLinus Torvalds skb->nh.ipv6h->payload_len = htons(first_len - sizeof(struct ipv6hdr)); 5731da177e4SLinus Torvalds 5741da177e4SLinus Torvalds 5751da177e4SLinus Torvalds for (;;) { 5761da177e4SLinus Torvalds /* Prepare header of the next frame, 5771da177e4SLinus Torvalds * before previous one went down. */ 5781da177e4SLinus Torvalds if (frag) { 5791da177e4SLinus Torvalds frag->ip_summed = CHECKSUM_NONE; 5801da177e4SLinus Torvalds frag->h.raw = frag->data; 5811da177e4SLinus Torvalds fh = (struct frag_hdr*)__skb_push(frag, sizeof(struct frag_hdr)); 5821da177e4SLinus Torvalds frag->nh.raw = __skb_push(frag, hlen); 5831da177e4SLinus Torvalds memcpy(frag->nh.raw, tmp_hdr, hlen); 5841da177e4SLinus Torvalds offset += skb->len - hlen - sizeof(struct frag_hdr); 5851da177e4SLinus Torvalds fh->nexthdr = nexthdr; 5861da177e4SLinus Torvalds fh->reserved = 0; 5871da177e4SLinus Torvalds fh->frag_off = htons(offset); 5881da177e4SLinus Torvalds if (frag->next != NULL) 5891da177e4SLinus Torvalds fh->frag_off |= htons(IP6_MF); 5901da177e4SLinus Torvalds fh->identification = frag_id; 5911da177e4SLinus Torvalds frag->nh.ipv6h->payload_len = htons(frag->len - sizeof(struct ipv6hdr)); 5921da177e4SLinus Torvalds ip6_copy_metadata(frag, skb); 5931da177e4SLinus Torvalds } 5941da177e4SLinus Torvalds 5951da177e4SLinus Torvalds err = output(skb); 5961da177e4SLinus Torvalds if (err || !frag) 5971da177e4SLinus Torvalds break; 5981da177e4SLinus Torvalds 5991da177e4SLinus Torvalds skb = frag; 6001da177e4SLinus Torvalds frag = skb->next; 6011da177e4SLinus Torvalds skb->next = NULL; 6021da177e4SLinus Torvalds } 6031da177e4SLinus Torvalds 6041da177e4SLinus Torvalds kfree(tmp_hdr); 6051da177e4SLinus Torvalds 6061da177e4SLinus Torvalds if (err == 0) { 6071da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGOKS); 6081da177e4SLinus Torvalds return 0; 6091da177e4SLinus Torvalds } 6101da177e4SLinus Torvalds 6111da177e4SLinus Torvalds while (frag) { 6121da177e4SLinus Torvalds skb = frag->next; 6131da177e4SLinus Torvalds kfree_skb(frag); 6141da177e4SLinus Torvalds frag = skb; 6151da177e4SLinus Torvalds } 6161da177e4SLinus Torvalds 6171da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGFAILS); 6181da177e4SLinus Torvalds return err; 6191da177e4SLinus Torvalds } 6201da177e4SLinus Torvalds 6211da177e4SLinus Torvalds slow_path: 6221da177e4SLinus Torvalds left = skb->len - hlen; /* Space per frame */ 6231da177e4SLinus Torvalds ptr = hlen; /* Where to start from */ 6241da177e4SLinus Torvalds 6251da177e4SLinus Torvalds /* 6261da177e4SLinus Torvalds * Fragment the datagram. 6271da177e4SLinus Torvalds */ 6281da177e4SLinus Torvalds 6291da177e4SLinus Torvalds *prevhdr = NEXTHDR_FRAGMENT; 6301da177e4SLinus Torvalds 6311da177e4SLinus Torvalds /* 6321da177e4SLinus Torvalds * Keep copying data until we run out. 6331da177e4SLinus Torvalds */ 6341da177e4SLinus Torvalds while(left > 0) { 6351da177e4SLinus Torvalds len = left; 6361da177e4SLinus Torvalds /* IF: it doesn't fit, use 'mtu' - the data space left */ 6371da177e4SLinus Torvalds if (len > mtu) 6381da177e4SLinus Torvalds len = mtu; 6391da177e4SLinus Torvalds /* IF: we are not sending upto and including the packet end 6401da177e4SLinus Torvalds then align the next start on an eight byte boundary */ 6411da177e4SLinus Torvalds if (len < left) { 6421da177e4SLinus Torvalds len &= ~7; 6431da177e4SLinus Torvalds } 6441da177e4SLinus Torvalds /* 6451da177e4SLinus Torvalds * Allocate buffer. 6461da177e4SLinus Torvalds */ 6471da177e4SLinus Torvalds 6481da177e4SLinus Torvalds if ((frag = alloc_skb(len+hlen+sizeof(struct frag_hdr)+LL_RESERVED_SPACE(rt->u.dst.dev), GFP_ATOMIC)) == NULL) { 64964ce2073SPatrick McHardy NETDEBUG(KERN_INFO "IPv6: frag: no memory for new fragment!\n"); 6501da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGFAILS); 6511da177e4SLinus Torvalds err = -ENOMEM; 6521da177e4SLinus Torvalds goto fail; 6531da177e4SLinus Torvalds } 6541da177e4SLinus Torvalds 6551da177e4SLinus Torvalds /* 6561da177e4SLinus Torvalds * Set up data on packet 6571da177e4SLinus Torvalds */ 6581da177e4SLinus Torvalds 6591da177e4SLinus Torvalds ip6_copy_metadata(frag, skb); 6601da177e4SLinus Torvalds skb_reserve(frag, LL_RESERVED_SPACE(rt->u.dst.dev)); 6611da177e4SLinus Torvalds skb_put(frag, len + hlen + sizeof(struct frag_hdr)); 6621da177e4SLinus Torvalds frag->nh.raw = frag->data; 6631da177e4SLinus Torvalds fh = (struct frag_hdr*)(frag->data + hlen); 6641da177e4SLinus Torvalds frag->h.raw = frag->data + hlen + sizeof(struct frag_hdr); 6651da177e4SLinus Torvalds 6661da177e4SLinus Torvalds /* 6671da177e4SLinus Torvalds * Charge the memory for the fragment to any owner 6681da177e4SLinus Torvalds * it might possess 6691da177e4SLinus Torvalds */ 6701da177e4SLinus Torvalds if (skb->sk) 6711da177e4SLinus Torvalds skb_set_owner_w(frag, skb->sk); 6721da177e4SLinus Torvalds 6731da177e4SLinus Torvalds /* 6741da177e4SLinus Torvalds * Copy the packet header into the new buffer. 6751da177e4SLinus Torvalds */ 6761da177e4SLinus Torvalds memcpy(frag->nh.raw, skb->data, hlen); 6771da177e4SLinus Torvalds 6781da177e4SLinus Torvalds /* 6791da177e4SLinus Torvalds * Build fragment header. 6801da177e4SLinus Torvalds */ 6811da177e4SLinus Torvalds fh->nexthdr = nexthdr; 6821da177e4SLinus Torvalds fh->reserved = 0; 683f36d6ab1SYan Zheng if (!frag_id) { 6841da177e4SLinus Torvalds ipv6_select_ident(skb, fh); 6851da177e4SLinus Torvalds frag_id = fh->identification; 6861da177e4SLinus Torvalds } else 6871da177e4SLinus Torvalds fh->identification = frag_id; 6881da177e4SLinus Torvalds 6891da177e4SLinus Torvalds /* 6901da177e4SLinus Torvalds * Copy a block of the IP datagram. 6911da177e4SLinus Torvalds */ 6921da177e4SLinus Torvalds if (skb_copy_bits(skb, ptr, frag->h.raw, len)) 6931da177e4SLinus Torvalds BUG(); 6941da177e4SLinus Torvalds left -= len; 6951da177e4SLinus Torvalds 6961da177e4SLinus Torvalds fh->frag_off = htons(offset); 6971da177e4SLinus Torvalds if (left > 0) 6981da177e4SLinus Torvalds fh->frag_off |= htons(IP6_MF); 6991da177e4SLinus Torvalds frag->nh.ipv6h->payload_len = htons(frag->len - sizeof(struct ipv6hdr)); 7001da177e4SLinus Torvalds 7011da177e4SLinus Torvalds ptr += len; 7021da177e4SLinus Torvalds offset += len; 7031da177e4SLinus Torvalds 7041da177e4SLinus Torvalds /* 7051da177e4SLinus Torvalds * Put this fragment into the sending queue. 7061da177e4SLinus Torvalds */ 7071da177e4SLinus Torvalds 7081da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGCREATES); 7091da177e4SLinus Torvalds 7101da177e4SLinus Torvalds err = output(frag); 7111da177e4SLinus Torvalds if (err) 7121da177e4SLinus Torvalds goto fail; 7131da177e4SLinus Torvalds } 7141da177e4SLinus Torvalds kfree_skb(skb); 7151da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGOKS); 7161da177e4SLinus Torvalds return err; 7171da177e4SLinus Torvalds 7181da177e4SLinus Torvalds fail: 7191da177e4SLinus Torvalds kfree_skb(skb); 7201da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_FRAGFAILS); 7211da177e4SLinus Torvalds return err; 7221da177e4SLinus Torvalds } 7231da177e4SLinus Torvalds 7241da177e4SLinus Torvalds int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl) 7251da177e4SLinus Torvalds { 7261da177e4SLinus Torvalds int err = 0; 7271da177e4SLinus Torvalds 7281da177e4SLinus Torvalds *dst = NULL; 7291da177e4SLinus Torvalds if (sk) { 7301da177e4SLinus Torvalds struct ipv6_pinfo *np = inet6_sk(sk); 7311da177e4SLinus Torvalds 7321da177e4SLinus Torvalds *dst = sk_dst_check(sk, np->dst_cookie); 7331da177e4SLinus Torvalds if (*dst) { 7341da177e4SLinus Torvalds struct rt6_info *rt = (struct rt6_info*)*dst; 7351da177e4SLinus Torvalds 7361da177e4SLinus Torvalds /* Yes, checking route validity in not connected 7371da177e4SLinus Torvalds case is not very simple. Take into account, 7381da177e4SLinus Torvalds that we do not support routing by source, TOS, 7391da177e4SLinus Torvalds and MSG_DONTROUTE --ANK (980726) 7401da177e4SLinus Torvalds 7411da177e4SLinus Torvalds 1. If route was host route, check that 7421da177e4SLinus Torvalds cached destination is current. 7431da177e4SLinus Torvalds If it is network route, we still may 7441da177e4SLinus Torvalds check its validity using saved pointer 7451da177e4SLinus Torvalds to the last used address: daddr_cache. 7461da177e4SLinus Torvalds We do not want to save whole address now, 7471da177e4SLinus Torvalds (because main consumer of this service 7481da177e4SLinus Torvalds is tcp, which has not this problem), 7491da177e4SLinus Torvalds so that the last trick works only on connected 7501da177e4SLinus Torvalds sockets. 7511da177e4SLinus Torvalds 2. oif also should be the same. 7521da177e4SLinus Torvalds */ 7531da177e4SLinus Torvalds 7541da177e4SLinus Torvalds if (((rt->rt6i_dst.plen != 128 || 7551da177e4SLinus Torvalds !ipv6_addr_equal(&fl->fl6_dst, &rt->rt6i_dst.addr)) 7561da177e4SLinus Torvalds && (np->daddr_cache == NULL || 7571da177e4SLinus Torvalds !ipv6_addr_equal(&fl->fl6_dst, np->daddr_cache))) 7581da177e4SLinus Torvalds || (fl->oif && fl->oif != (*dst)->dev->ifindex)) { 7591da177e4SLinus Torvalds dst_release(*dst); 7601da177e4SLinus Torvalds *dst = NULL; 7611da177e4SLinus Torvalds } 7621da177e4SLinus Torvalds } 7631da177e4SLinus Torvalds } 7641da177e4SLinus Torvalds 7651da177e4SLinus Torvalds if (*dst == NULL) 7661da177e4SLinus Torvalds *dst = ip6_route_output(sk, fl); 7671da177e4SLinus Torvalds 7681da177e4SLinus Torvalds if ((err = (*dst)->error)) 7691da177e4SLinus Torvalds goto out_err_release; 7701da177e4SLinus Torvalds 7711da177e4SLinus Torvalds if (ipv6_addr_any(&fl->fl6_src)) { 7721da177e4SLinus Torvalds err = ipv6_get_saddr(*dst, &fl->fl6_dst, &fl->fl6_src); 7731da177e4SLinus Torvalds 77444456d37SOlaf Hering if (err) 7751da177e4SLinus Torvalds goto out_err_release; 7761da177e4SLinus Torvalds } 7771da177e4SLinus Torvalds 7781da177e4SLinus Torvalds return 0; 7791da177e4SLinus Torvalds 7801da177e4SLinus Torvalds out_err_release: 7811da177e4SLinus Torvalds dst_release(*dst); 7821da177e4SLinus Torvalds *dst = NULL; 7831da177e4SLinus Torvalds return err; 7841da177e4SLinus Torvalds } 78534a0b3cdSAdrian Bunk 7863cf3dc6cSArnaldo Carvalho de Melo EXPORT_SYMBOL_GPL(ip6_dst_lookup); 7873cf3dc6cSArnaldo Carvalho de Melo 78834a0b3cdSAdrian Bunk static inline int ip6_ufo_append_data(struct sock *sk, 789e89e9cf5SAnanda Raju int getfrag(void *from, char *to, int offset, int len, 790e89e9cf5SAnanda Raju int odd, struct sk_buff *skb), 791e89e9cf5SAnanda Raju void *from, int length, int hh_len, int fragheaderlen, 792e89e9cf5SAnanda Raju int transhdrlen, int mtu,unsigned int flags) 793e89e9cf5SAnanda Raju 794e89e9cf5SAnanda Raju { 795e89e9cf5SAnanda Raju struct sk_buff *skb; 796e89e9cf5SAnanda Raju int err; 797e89e9cf5SAnanda Raju 798e89e9cf5SAnanda Raju /* There is support for UDP large send offload by network 799e89e9cf5SAnanda Raju * device, so create one single skb packet containing complete 800e89e9cf5SAnanda Raju * udp datagram 801e89e9cf5SAnanda Raju */ 802e89e9cf5SAnanda Raju if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) { 803e89e9cf5SAnanda Raju skb = sock_alloc_send_skb(sk, 804e89e9cf5SAnanda Raju hh_len + fragheaderlen + transhdrlen + 20, 805e89e9cf5SAnanda Raju (flags & MSG_DONTWAIT), &err); 806e89e9cf5SAnanda Raju if (skb == NULL) 807e89e9cf5SAnanda Raju return -ENOMEM; 808e89e9cf5SAnanda Raju 809e89e9cf5SAnanda Raju /* reserve space for Hardware header */ 810e89e9cf5SAnanda Raju skb_reserve(skb, hh_len); 811e89e9cf5SAnanda Raju 812e89e9cf5SAnanda Raju /* create space for UDP/IP header */ 813e89e9cf5SAnanda Raju skb_put(skb,fragheaderlen + transhdrlen); 814e89e9cf5SAnanda Raju 815e89e9cf5SAnanda Raju /* initialize network header pointer */ 816e89e9cf5SAnanda Raju skb->nh.raw = skb->data; 817e89e9cf5SAnanda Raju 818e89e9cf5SAnanda Raju /* initialize protocol header pointer */ 819e89e9cf5SAnanda Raju skb->h.raw = skb->data + fragheaderlen; 820e89e9cf5SAnanda Raju 821e89e9cf5SAnanda Raju skb->ip_summed = CHECKSUM_HW; 822e89e9cf5SAnanda Raju skb->csum = 0; 823e89e9cf5SAnanda Raju sk->sk_sndmsg_off = 0; 824e89e9cf5SAnanda Raju } 825e89e9cf5SAnanda Raju 826e89e9cf5SAnanda Raju err = skb_append_datato_frags(sk,skb, getfrag, from, 827e89e9cf5SAnanda Raju (length - transhdrlen)); 828e89e9cf5SAnanda Raju if (!err) { 829e89e9cf5SAnanda Raju struct frag_hdr fhdr; 830e89e9cf5SAnanda Raju 831e89e9cf5SAnanda Raju /* specify the length of each IP datagram fragment*/ 832e89e9cf5SAnanda Raju skb_shinfo(skb)->ufo_size = (mtu - fragheaderlen) - 833e89e9cf5SAnanda Raju sizeof(struct frag_hdr); 834e89e9cf5SAnanda Raju ipv6_select_ident(skb, &fhdr); 835e89e9cf5SAnanda Raju skb_shinfo(skb)->ip6_frag_id = fhdr.identification; 836e89e9cf5SAnanda Raju __skb_queue_tail(&sk->sk_write_queue, skb); 837e89e9cf5SAnanda Raju 838e89e9cf5SAnanda Raju return 0; 839e89e9cf5SAnanda Raju } 840e89e9cf5SAnanda Raju /* There is not enough support do UPD LSO, 841e89e9cf5SAnanda Raju * so follow normal path 842e89e9cf5SAnanda Raju */ 843e89e9cf5SAnanda Raju kfree_skb(skb); 844e89e9cf5SAnanda Raju 845e89e9cf5SAnanda Raju return err; 846e89e9cf5SAnanda Raju } 8471da177e4SLinus Torvalds 84841a1f8eaSYOSHIFUJI Hideaki int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, 84941a1f8eaSYOSHIFUJI Hideaki int offset, int len, int odd, struct sk_buff *skb), 8501da177e4SLinus Torvalds void *from, int length, int transhdrlen, 85141a1f8eaSYOSHIFUJI Hideaki int hlimit, int tclass, struct ipv6_txoptions *opt, struct flowi *fl, 85241a1f8eaSYOSHIFUJI Hideaki struct rt6_info *rt, unsigned int flags) 8531da177e4SLinus Torvalds { 8541da177e4SLinus Torvalds struct inet_sock *inet = inet_sk(sk); 8551da177e4SLinus Torvalds struct ipv6_pinfo *np = inet6_sk(sk); 8561da177e4SLinus Torvalds struct sk_buff *skb; 8571da177e4SLinus Torvalds unsigned int maxfraglen, fragheaderlen; 8581da177e4SLinus Torvalds int exthdrlen; 8591da177e4SLinus Torvalds int hh_len; 8601da177e4SLinus Torvalds int mtu; 8611da177e4SLinus Torvalds int copy; 8621da177e4SLinus Torvalds int err; 8631da177e4SLinus Torvalds int offset = 0; 8641da177e4SLinus Torvalds int csummode = CHECKSUM_NONE; 8651da177e4SLinus Torvalds 8661da177e4SLinus Torvalds if (flags&MSG_PROBE) 8671da177e4SLinus Torvalds return 0; 8681da177e4SLinus Torvalds if (skb_queue_empty(&sk->sk_write_queue)) { 8691da177e4SLinus Torvalds /* 8701da177e4SLinus Torvalds * setup for corking 8711da177e4SLinus Torvalds */ 8721da177e4SLinus Torvalds if (opt) { 8731da177e4SLinus Torvalds if (np->cork.opt == NULL) { 8741da177e4SLinus Torvalds np->cork.opt = kmalloc(opt->tot_len, 8751da177e4SLinus Torvalds sk->sk_allocation); 8761da177e4SLinus Torvalds if (unlikely(np->cork.opt == NULL)) 8771da177e4SLinus Torvalds return -ENOBUFS; 8781da177e4SLinus Torvalds } else if (np->cork.opt->tot_len < opt->tot_len) { 8791da177e4SLinus Torvalds printk(KERN_DEBUG "ip6_append_data: invalid option length\n"); 8801da177e4SLinus Torvalds return -EINVAL; 8811da177e4SLinus Torvalds } 8821da177e4SLinus Torvalds memcpy(np->cork.opt, opt, opt->tot_len); 8831da177e4SLinus Torvalds inet->cork.flags |= IPCORK_OPT; 8841da177e4SLinus Torvalds /* need source address above miyazawa*/ 8851da177e4SLinus Torvalds } 8861da177e4SLinus Torvalds dst_hold(&rt->u.dst); 8871da177e4SLinus Torvalds np->cork.rt = rt; 8881da177e4SLinus Torvalds inet->cork.fl = *fl; 8891da177e4SLinus Torvalds np->cork.hop_limit = hlimit; 89041a1f8eaSYOSHIFUJI Hideaki np->cork.tclass = tclass; 891*d91675f9SYOSHIFUJI Hideaki mtu = dst_mtu(rt->u.dst.path); 892*d91675f9SYOSHIFUJI Hideaki if (np && np->frag_size < mtu) { 893*d91675f9SYOSHIFUJI Hideaki if (np->frag_size) 894*d91675f9SYOSHIFUJI Hideaki mtu = np->frag_size; 895*d91675f9SYOSHIFUJI Hideaki } 896*d91675f9SYOSHIFUJI Hideaki inet->cork.fragsize = mtu; 8971da177e4SLinus Torvalds if (dst_allfrag(rt->u.dst.path)) 8981da177e4SLinus Torvalds inet->cork.flags |= IPCORK_ALLFRAG; 8991da177e4SLinus Torvalds inet->cork.length = 0; 9001da177e4SLinus Torvalds sk->sk_sndmsg_page = NULL; 9011da177e4SLinus Torvalds sk->sk_sndmsg_off = 0; 9021da177e4SLinus Torvalds exthdrlen = rt->u.dst.header_len + (opt ? opt->opt_flen : 0); 9031da177e4SLinus Torvalds length += exthdrlen; 9041da177e4SLinus Torvalds transhdrlen += exthdrlen; 9051da177e4SLinus Torvalds } else { 9061da177e4SLinus Torvalds rt = np->cork.rt; 9071da177e4SLinus Torvalds fl = &inet->cork.fl; 9081da177e4SLinus Torvalds if (inet->cork.flags & IPCORK_OPT) 9091da177e4SLinus Torvalds opt = np->cork.opt; 9101da177e4SLinus Torvalds transhdrlen = 0; 9111da177e4SLinus Torvalds exthdrlen = 0; 9121da177e4SLinus Torvalds mtu = inet->cork.fragsize; 9131da177e4SLinus Torvalds } 9141da177e4SLinus Torvalds 9151da177e4SLinus Torvalds hh_len = LL_RESERVED_SPACE(rt->u.dst.dev); 9161da177e4SLinus Torvalds 9171da177e4SLinus Torvalds fragheaderlen = sizeof(struct ipv6hdr) + (opt ? opt->opt_nflen : 0); 9181da177e4SLinus Torvalds maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr); 9191da177e4SLinus Torvalds 9201da177e4SLinus Torvalds if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) { 9211da177e4SLinus Torvalds if (inet->cork.length + length > sizeof(struct ipv6hdr) + IPV6_MAXPLEN - fragheaderlen) { 9221da177e4SLinus Torvalds ipv6_local_error(sk, EMSGSIZE, fl, mtu-exthdrlen); 9231da177e4SLinus Torvalds return -EMSGSIZE; 9241da177e4SLinus Torvalds } 9251da177e4SLinus Torvalds } 9261da177e4SLinus Torvalds 9271da177e4SLinus Torvalds /* 9281da177e4SLinus Torvalds * Let's try using as much space as possible. 9291da177e4SLinus Torvalds * Use MTU if total length of the message fits into the MTU. 9301da177e4SLinus Torvalds * Otherwise, we need to reserve fragment header and 9311da177e4SLinus Torvalds * fragment alignment (= 8-15 octects, in total). 9321da177e4SLinus Torvalds * 9331da177e4SLinus Torvalds * Note that we may need to "move" the data from the tail of 9341da177e4SLinus Torvalds * of the buffer to the new fragment when we split 9351da177e4SLinus Torvalds * the message. 9361da177e4SLinus Torvalds * 9371da177e4SLinus Torvalds * FIXME: It may be fragmented into multiple chunks 9381da177e4SLinus Torvalds * at once if non-fragmentable extension headers 9391da177e4SLinus Torvalds * are too large. 9401da177e4SLinus Torvalds * --yoshfuji 9411da177e4SLinus Torvalds */ 9421da177e4SLinus Torvalds 9431da177e4SLinus Torvalds inet->cork.length += length; 944e89e9cf5SAnanda Raju if (((length > mtu) && (sk->sk_protocol == IPPROTO_UDP)) && 945e89e9cf5SAnanda Raju (rt->u.dst.dev->features & NETIF_F_UFO)) { 946e89e9cf5SAnanda Raju 947e89e9cf5SAnanda Raju if(ip6_ufo_append_data(sk, getfrag, from, length, hh_len, 948e89e9cf5SAnanda Raju fragheaderlen, transhdrlen, mtu, flags)) 949e89e9cf5SAnanda Raju goto error; 950e89e9cf5SAnanda Raju 951e89e9cf5SAnanda Raju return 0; 952e89e9cf5SAnanda Raju } 9531da177e4SLinus Torvalds 9541da177e4SLinus Torvalds if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) 9551da177e4SLinus Torvalds goto alloc_new_skb; 9561da177e4SLinus Torvalds 9571da177e4SLinus Torvalds while (length > 0) { 9581da177e4SLinus Torvalds /* Check if the remaining data fits into current packet. */ 9591da177e4SLinus Torvalds copy = (inet->cork.length <= mtu && !(inet->cork.flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len; 9601da177e4SLinus Torvalds if (copy < length) 9611da177e4SLinus Torvalds copy = maxfraglen - skb->len; 9621da177e4SLinus Torvalds 9631da177e4SLinus Torvalds if (copy <= 0) { 9641da177e4SLinus Torvalds char *data; 9651da177e4SLinus Torvalds unsigned int datalen; 9661da177e4SLinus Torvalds unsigned int fraglen; 9671da177e4SLinus Torvalds unsigned int fraggap; 9681da177e4SLinus Torvalds unsigned int alloclen; 9691da177e4SLinus Torvalds struct sk_buff *skb_prev; 9701da177e4SLinus Torvalds alloc_new_skb: 9711da177e4SLinus Torvalds skb_prev = skb; 9721da177e4SLinus Torvalds 9731da177e4SLinus Torvalds /* There's no room in the current skb */ 9741da177e4SLinus Torvalds if (skb_prev) 9751da177e4SLinus Torvalds fraggap = skb_prev->len - maxfraglen; 9761da177e4SLinus Torvalds else 9771da177e4SLinus Torvalds fraggap = 0; 9781da177e4SLinus Torvalds 9791da177e4SLinus Torvalds /* 9801da177e4SLinus Torvalds * If remaining data exceeds the mtu, 9811da177e4SLinus Torvalds * we know we need more fragment(s). 9821da177e4SLinus Torvalds */ 9831da177e4SLinus Torvalds datalen = length + fraggap; 9841da177e4SLinus Torvalds if (datalen > (inet->cork.length <= mtu && !(inet->cork.flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen) 9851da177e4SLinus Torvalds datalen = maxfraglen - fragheaderlen; 9861da177e4SLinus Torvalds 9871da177e4SLinus Torvalds fraglen = datalen + fragheaderlen; 9881da177e4SLinus Torvalds if ((flags & MSG_MORE) && 9891da177e4SLinus Torvalds !(rt->u.dst.dev->features&NETIF_F_SG)) 9901da177e4SLinus Torvalds alloclen = mtu; 9911da177e4SLinus Torvalds else 9921da177e4SLinus Torvalds alloclen = datalen + fragheaderlen; 9931da177e4SLinus Torvalds 9941da177e4SLinus Torvalds /* 9951da177e4SLinus Torvalds * The last fragment gets additional space at tail. 9961da177e4SLinus Torvalds * Note: we overallocate on fragments with MSG_MODE 9971da177e4SLinus Torvalds * because we have no idea if we're the last one. 9981da177e4SLinus Torvalds */ 9991da177e4SLinus Torvalds if (datalen == length + fraggap) 10001da177e4SLinus Torvalds alloclen += rt->u.dst.trailer_len; 10011da177e4SLinus Torvalds 10021da177e4SLinus Torvalds /* 10031da177e4SLinus Torvalds * We just reserve space for fragment header. 10041da177e4SLinus Torvalds * Note: this may be overallocation if the message 10051da177e4SLinus Torvalds * (without MSG_MORE) fits into the MTU. 10061da177e4SLinus Torvalds */ 10071da177e4SLinus Torvalds alloclen += sizeof(struct frag_hdr); 10081da177e4SLinus Torvalds 10091da177e4SLinus Torvalds if (transhdrlen) { 10101da177e4SLinus Torvalds skb = sock_alloc_send_skb(sk, 10111da177e4SLinus Torvalds alloclen + hh_len, 10121da177e4SLinus Torvalds (flags & MSG_DONTWAIT), &err); 10131da177e4SLinus Torvalds } else { 10141da177e4SLinus Torvalds skb = NULL; 10151da177e4SLinus Torvalds if (atomic_read(&sk->sk_wmem_alloc) <= 10161da177e4SLinus Torvalds 2 * sk->sk_sndbuf) 10171da177e4SLinus Torvalds skb = sock_wmalloc(sk, 10181da177e4SLinus Torvalds alloclen + hh_len, 1, 10191da177e4SLinus Torvalds sk->sk_allocation); 10201da177e4SLinus Torvalds if (unlikely(skb == NULL)) 10211da177e4SLinus Torvalds err = -ENOBUFS; 10221da177e4SLinus Torvalds } 10231da177e4SLinus Torvalds if (skb == NULL) 10241da177e4SLinus Torvalds goto error; 10251da177e4SLinus Torvalds /* 10261da177e4SLinus Torvalds * Fill in the control structures 10271da177e4SLinus Torvalds */ 10281da177e4SLinus Torvalds skb->ip_summed = csummode; 10291da177e4SLinus Torvalds skb->csum = 0; 10301da177e4SLinus Torvalds /* reserve for fragmentation */ 10311da177e4SLinus Torvalds skb_reserve(skb, hh_len+sizeof(struct frag_hdr)); 10321da177e4SLinus Torvalds 10331da177e4SLinus Torvalds /* 10341da177e4SLinus Torvalds * Find where to start putting bytes 10351da177e4SLinus Torvalds */ 10361da177e4SLinus Torvalds data = skb_put(skb, fraglen); 10371da177e4SLinus Torvalds skb->nh.raw = data + exthdrlen; 10381da177e4SLinus Torvalds data += fragheaderlen; 10391da177e4SLinus Torvalds skb->h.raw = data + exthdrlen; 10401da177e4SLinus Torvalds 10411da177e4SLinus Torvalds if (fraggap) { 10421da177e4SLinus Torvalds skb->csum = skb_copy_and_csum_bits( 10431da177e4SLinus Torvalds skb_prev, maxfraglen, 10441da177e4SLinus Torvalds data + transhdrlen, fraggap, 0); 10451da177e4SLinus Torvalds skb_prev->csum = csum_sub(skb_prev->csum, 10461da177e4SLinus Torvalds skb->csum); 10471da177e4SLinus Torvalds data += fraggap; 10481da177e4SLinus Torvalds skb_trim(skb_prev, maxfraglen); 10491da177e4SLinus Torvalds } 10501da177e4SLinus Torvalds copy = datalen - transhdrlen - fraggap; 10511da177e4SLinus Torvalds if (copy < 0) { 10521da177e4SLinus Torvalds err = -EINVAL; 10531da177e4SLinus Torvalds kfree_skb(skb); 10541da177e4SLinus Torvalds goto error; 10551da177e4SLinus Torvalds } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) { 10561da177e4SLinus Torvalds err = -EFAULT; 10571da177e4SLinus Torvalds kfree_skb(skb); 10581da177e4SLinus Torvalds goto error; 10591da177e4SLinus Torvalds } 10601da177e4SLinus Torvalds 10611da177e4SLinus Torvalds offset += copy; 10621da177e4SLinus Torvalds length -= datalen - fraggap; 10631da177e4SLinus Torvalds transhdrlen = 0; 10641da177e4SLinus Torvalds exthdrlen = 0; 10651da177e4SLinus Torvalds csummode = CHECKSUM_NONE; 10661da177e4SLinus Torvalds 10671da177e4SLinus Torvalds /* 10681da177e4SLinus Torvalds * Put the packet on the pending queue 10691da177e4SLinus Torvalds */ 10701da177e4SLinus Torvalds __skb_queue_tail(&sk->sk_write_queue, skb); 10711da177e4SLinus Torvalds continue; 10721da177e4SLinus Torvalds } 10731da177e4SLinus Torvalds 10741da177e4SLinus Torvalds if (copy > length) 10751da177e4SLinus Torvalds copy = length; 10761da177e4SLinus Torvalds 10771da177e4SLinus Torvalds if (!(rt->u.dst.dev->features&NETIF_F_SG)) { 10781da177e4SLinus Torvalds unsigned int off; 10791da177e4SLinus Torvalds 10801da177e4SLinus Torvalds off = skb->len; 10811da177e4SLinus Torvalds if (getfrag(from, skb_put(skb, copy), 10821da177e4SLinus Torvalds offset, copy, off, skb) < 0) { 10831da177e4SLinus Torvalds __skb_trim(skb, off); 10841da177e4SLinus Torvalds err = -EFAULT; 10851da177e4SLinus Torvalds goto error; 10861da177e4SLinus Torvalds } 10871da177e4SLinus Torvalds } else { 10881da177e4SLinus Torvalds int i = skb_shinfo(skb)->nr_frags; 10891da177e4SLinus Torvalds skb_frag_t *frag = &skb_shinfo(skb)->frags[i-1]; 10901da177e4SLinus Torvalds struct page *page = sk->sk_sndmsg_page; 10911da177e4SLinus Torvalds int off = sk->sk_sndmsg_off; 10921da177e4SLinus Torvalds unsigned int left; 10931da177e4SLinus Torvalds 10941da177e4SLinus Torvalds if (page && (left = PAGE_SIZE - off) > 0) { 10951da177e4SLinus Torvalds if (copy >= left) 10961da177e4SLinus Torvalds copy = left; 10971da177e4SLinus Torvalds if (page != frag->page) { 10981da177e4SLinus Torvalds if (i == MAX_SKB_FRAGS) { 10991da177e4SLinus Torvalds err = -EMSGSIZE; 11001da177e4SLinus Torvalds goto error; 11011da177e4SLinus Torvalds } 11021da177e4SLinus Torvalds get_page(page); 11031da177e4SLinus Torvalds skb_fill_page_desc(skb, i, page, sk->sk_sndmsg_off, 0); 11041da177e4SLinus Torvalds frag = &skb_shinfo(skb)->frags[i]; 11051da177e4SLinus Torvalds } 11061da177e4SLinus Torvalds } else if(i < MAX_SKB_FRAGS) { 11071da177e4SLinus Torvalds if (copy > PAGE_SIZE) 11081da177e4SLinus Torvalds copy = PAGE_SIZE; 11091da177e4SLinus Torvalds page = alloc_pages(sk->sk_allocation, 0); 11101da177e4SLinus Torvalds if (page == NULL) { 11111da177e4SLinus Torvalds err = -ENOMEM; 11121da177e4SLinus Torvalds goto error; 11131da177e4SLinus Torvalds } 11141da177e4SLinus Torvalds sk->sk_sndmsg_page = page; 11151da177e4SLinus Torvalds sk->sk_sndmsg_off = 0; 11161da177e4SLinus Torvalds 11171da177e4SLinus Torvalds skb_fill_page_desc(skb, i, page, 0, 0); 11181da177e4SLinus Torvalds frag = &skb_shinfo(skb)->frags[i]; 11191da177e4SLinus Torvalds skb->truesize += PAGE_SIZE; 11201da177e4SLinus Torvalds atomic_add(PAGE_SIZE, &sk->sk_wmem_alloc); 11211da177e4SLinus Torvalds } else { 11221da177e4SLinus Torvalds err = -EMSGSIZE; 11231da177e4SLinus Torvalds goto error; 11241da177e4SLinus Torvalds } 11251da177e4SLinus Torvalds if (getfrag(from, page_address(frag->page)+frag->page_offset+frag->size, offset, copy, skb->len, skb) < 0) { 11261da177e4SLinus Torvalds err = -EFAULT; 11271da177e4SLinus Torvalds goto error; 11281da177e4SLinus Torvalds } 11291da177e4SLinus Torvalds sk->sk_sndmsg_off += copy; 11301da177e4SLinus Torvalds frag->size += copy; 11311da177e4SLinus Torvalds skb->len += copy; 11321da177e4SLinus Torvalds skb->data_len += copy; 11331da177e4SLinus Torvalds } 11341da177e4SLinus Torvalds offset += copy; 11351da177e4SLinus Torvalds length -= copy; 11361da177e4SLinus Torvalds } 11371da177e4SLinus Torvalds return 0; 11381da177e4SLinus Torvalds error: 11391da177e4SLinus Torvalds inet->cork.length -= length; 11401da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTDISCARDS); 11411da177e4SLinus Torvalds return err; 11421da177e4SLinus Torvalds } 11431da177e4SLinus Torvalds 11441da177e4SLinus Torvalds int ip6_push_pending_frames(struct sock *sk) 11451da177e4SLinus Torvalds { 11461da177e4SLinus Torvalds struct sk_buff *skb, *tmp_skb; 11471da177e4SLinus Torvalds struct sk_buff **tail_skb; 11481da177e4SLinus Torvalds struct in6_addr final_dst_buf, *final_dst = &final_dst_buf; 11491da177e4SLinus Torvalds struct inet_sock *inet = inet_sk(sk); 11501da177e4SLinus Torvalds struct ipv6_pinfo *np = inet6_sk(sk); 11511da177e4SLinus Torvalds struct ipv6hdr *hdr; 11521da177e4SLinus Torvalds struct ipv6_txoptions *opt = np->cork.opt; 11531da177e4SLinus Torvalds struct rt6_info *rt = np->cork.rt; 11541da177e4SLinus Torvalds struct flowi *fl = &inet->cork.fl; 11551da177e4SLinus Torvalds unsigned char proto = fl->proto; 11561da177e4SLinus Torvalds int err = 0; 11571da177e4SLinus Torvalds 11581da177e4SLinus Torvalds if ((skb = __skb_dequeue(&sk->sk_write_queue)) == NULL) 11591da177e4SLinus Torvalds goto out; 11601da177e4SLinus Torvalds tail_skb = &(skb_shinfo(skb)->frag_list); 11611da177e4SLinus Torvalds 11621da177e4SLinus Torvalds /* move skb->data to ip header from ext header */ 11631da177e4SLinus Torvalds if (skb->data < skb->nh.raw) 11641da177e4SLinus Torvalds __skb_pull(skb, skb->nh.raw - skb->data); 11651da177e4SLinus Torvalds while ((tmp_skb = __skb_dequeue(&sk->sk_write_queue)) != NULL) { 11661da177e4SLinus Torvalds __skb_pull(tmp_skb, skb->h.raw - skb->nh.raw); 11671da177e4SLinus Torvalds *tail_skb = tmp_skb; 11681da177e4SLinus Torvalds tail_skb = &(tmp_skb->next); 11691da177e4SLinus Torvalds skb->len += tmp_skb->len; 11701da177e4SLinus Torvalds skb->data_len += tmp_skb->len; 11711da177e4SLinus Torvalds skb->truesize += tmp_skb->truesize; 11721da177e4SLinus Torvalds __sock_put(tmp_skb->sk); 11731da177e4SLinus Torvalds tmp_skb->destructor = NULL; 11741da177e4SLinus Torvalds tmp_skb->sk = NULL; 11751da177e4SLinus Torvalds } 11761da177e4SLinus Torvalds 11771da177e4SLinus Torvalds ipv6_addr_copy(final_dst, &fl->fl6_dst); 11781da177e4SLinus Torvalds __skb_pull(skb, skb->h.raw - skb->nh.raw); 11791da177e4SLinus Torvalds if (opt && opt->opt_flen) 11801da177e4SLinus Torvalds ipv6_push_frag_opts(skb, opt, &proto); 11811da177e4SLinus Torvalds if (opt && opt->opt_nflen) 11821da177e4SLinus Torvalds ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst); 11831da177e4SLinus Torvalds 11841da177e4SLinus Torvalds skb->nh.ipv6h = hdr = (struct ipv6hdr*) skb_push(skb, sizeof(struct ipv6hdr)); 11851da177e4SLinus Torvalds 118641a1f8eaSYOSHIFUJI Hideaki *(u32*)hdr = fl->fl6_flowlabel | 118741a1f8eaSYOSHIFUJI Hideaki htonl(0x60000000 | ((int)np->cork.tclass << 20)); 11881da177e4SLinus Torvalds 11891da177e4SLinus Torvalds if (skb->len <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) 11901da177e4SLinus Torvalds hdr->payload_len = htons(skb->len - sizeof(struct ipv6hdr)); 11911da177e4SLinus Torvalds else 11921da177e4SLinus Torvalds hdr->payload_len = 0; 11931da177e4SLinus Torvalds hdr->hop_limit = np->cork.hop_limit; 11941da177e4SLinus Torvalds hdr->nexthdr = proto; 11951da177e4SLinus Torvalds ipv6_addr_copy(&hdr->saddr, &fl->fl6_src); 11961da177e4SLinus Torvalds ipv6_addr_copy(&hdr->daddr, final_dst); 11971da177e4SLinus Torvalds 1198a2c2064fSPatrick McHardy skb->priority = sk->sk_priority; 1199a2c2064fSPatrick McHardy 12001da177e4SLinus Torvalds skb->dst = dst_clone(&rt->u.dst); 12011da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS); 12021da177e4SLinus Torvalds err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, skb->dst->dev, dst_output); 12031da177e4SLinus Torvalds if (err) { 12041da177e4SLinus Torvalds if (err > 0) 12053320da89SHerbert Xu err = np->recverr ? net_xmit_errno(err) : 0; 12061da177e4SLinus Torvalds if (err) 12071da177e4SLinus Torvalds goto error; 12081da177e4SLinus Torvalds } 12091da177e4SLinus Torvalds 12101da177e4SLinus Torvalds out: 12111da177e4SLinus Torvalds inet->cork.flags &= ~IPCORK_OPT; 12121da177e4SLinus Torvalds kfree(np->cork.opt); 12131da177e4SLinus Torvalds np->cork.opt = NULL; 12141da177e4SLinus Torvalds if (np->cork.rt) { 12151da177e4SLinus Torvalds dst_release(&np->cork.rt->u.dst); 12161da177e4SLinus Torvalds np->cork.rt = NULL; 12171da177e4SLinus Torvalds inet->cork.flags &= ~IPCORK_ALLFRAG; 12181da177e4SLinus Torvalds } 12191da177e4SLinus Torvalds memset(&inet->cork.fl, 0, sizeof(inet->cork.fl)); 12201da177e4SLinus Torvalds return err; 12211da177e4SLinus Torvalds error: 12221da177e4SLinus Torvalds goto out; 12231da177e4SLinus Torvalds } 12241da177e4SLinus Torvalds 12251da177e4SLinus Torvalds void ip6_flush_pending_frames(struct sock *sk) 12261da177e4SLinus Torvalds { 12271da177e4SLinus Torvalds struct inet_sock *inet = inet_sk(sk); 12281da177e4SLinus Torvalds struct ipv6_pinfo *np = inet6_sk(sk); 12291da177e4SLinus Torvalds struct sk_buff *skb; 12301da177e4SLinus Torvalds 12311da177e4SLinus Torvalds while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) { 12321da177e4SLinus Torvalds IP6_INC_STATS(IPSTATS_MIB_OUTDISCARDS); 12331da177e4SLinus Torvalds kfree_skb(skb); 12341da177e4SLinus Torvalds } 12351da177e4SLinus Torvalds 12361da177e4SLinus Torvalds inet->cork.flags &= ~IPCORK_OPT; 12371da177e4SLinus Torvalds 12381da177e4SLinus Torvalds kfree(np->cork.opt); 12391da177e4SLinus Torvalds np->cork.opt = NULL; 12401da177e4SLinus Torvalds if (np->cork.rt) { 12411da177e4SLinus Torvalds dst_release(&np->cork.rt->u.dst); 12421da177e4SLinus Torvalds np->cork.rt = NULL; 12431da177e4SLinus Torvalds inet->cork.flags &= ~IPCORK_ALLFRAG; 12441da177e4SLinus Torvalds } 12451da177e4SLinus Torvalds memset(&inet->cork.fl, 0, sizeof(inet->cork.fl)); 12461da177e4SLinus Torvalds } 1247