1 /* 2 * IPv6 output functions 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on linux/net/ipv4/ip_output.c 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License 12 * as published by the Free Software Foundation; either version 13 * 2 of the License, or (at your option) any later version. 14 * 15 * Changes: 16 * A.N.Kuznetsov : airthmetics in fragmentation. 17 * extension headers are implemented. 18 * route changes now work. 19 * ip6_forward does not confuse sniffers. 20 * etc. 21 * 22 * H. von Brand : Added missing #include <linux/string.h> 23 * Imran Patel : frag id should be in NBO 24 * Kazunori MIYAZAWA @USAGI 25 * : add ip6_append_data and related functions 26 * for datagram xmit 27 */ 28 29 #include <linux/errno.h> 30 #include <linux/kernel.h> 31 #include <linux/string.h> 32 #include <linux/socket.h> 33 #include <linux/net.h> 34 #include <linux/netdevice.h> 35 #include <linux/if_arp.h> 36 #include <linux/in6.h> 37 #include <linux/tcp.h> 38 #include <linux/route.h> 39 #include <linux/module.h> 40 #include <linux/slab.h> 41 42 #include <linux/netfilter.h> 43 #include <linux/netfilter_ipv6.h> 44 45 #include <net/sock.h> 46 #include <net/snmp.h> 47 48 #include <net/ipv6.h> 49 #include <net/ndisc.h> 50 #include <net/protocol.h> 51 #include <net/ip6_route.h> 52 #include <net/addrconf.h> 53 #include <net/rawv6.h> 54 #include <net/icmp.h> 55 #include <net/xfrm.h> 56 #include <net/checksum.h> 57 #include <linux/mroute6.h> 58 59 static int ip6_finish_output2(struct sk_buff *skb) 60 { 61 struct dst_entry *dst = skb_dst(skb); 62 struct net_device *dev = dst->dev; 63 struct neighbour *neigh; 64 struct in6_addr *nexthop; 65 int ret; 66 67 skb->protocol = htons(ETH_P_IPV6); 68 skb->dev = dev; 69 70 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) { 71 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb)); 72 73 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(skb->sk) && 74 ((mroute6_socket(dev_net(dev), skb) && 75 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) || 76 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr, 77 &ipv6_hdr(skb)->saddr))) { 78 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); 79 80 /* Do not check for IFF_ALLMULTI; multicast routing 81 is not supported in any case. 82 */ 83 if (newskb) 84 NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING, 85 newskb, NULL, newskb->dev, 86 dev_loopback_xmit); 87 88 if (ipv6_hdr(skb)->hop_limit == 0) { 89 IP6_INC_STATS(dev_net(dev), idev, 90 IPSTATS_MIB_OUTDISCARDS); 91 kfree_skb(skb); 92 return 0; 93 } 94 } 95 96 IP6_UPD_PO_STATS(dev_net(dev), idev, IPSTATS_MIB_OUTMCAST, 97 skb->len); 98 99 if (IPV6_ADDR_MC_SCOPE(&ipv6_hdr(skb)->daddr) <= 100 IPV6_ADDR_SCOPE_NODELOCAL && 101 !(dev->flags & IFF_LOOPBACK)) { 102 kfree_skb(skb); 103 return 0; 104 } 105 } 106 107 rcu_read_lock_bh(); 108 nexthop = rt6_nexthop((struct rt6_info *)dst); 109 neigh = __ipv6_neigh_lookup_noref(dst->dev, nexthop); 110 if (unlikely(!neigh)) 111 neigh = __neigh_create(&nd_tbl, nexthop, dst->dev, false); 112 if (!IS_ERR(neigh)) { 113 ret = dst_neigh_output(dst, neigh, skb); 114 rcu_read_unlock_bh(); 115 return ret; 116 } 117 rcu_read_unlock_bh(); 118 119 IP6_INC_STATS(dev_net(dst->dev), 120 ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES); 121 kfree_skb(skb); 122 return -EINVAL; 123 } 124 125 static int ip6_finish_output(struct sk_buff *skb) 126 { 127 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) || 128 dst_allfrag(skb_dst(skb)) || 129 (IP6CB(skb)->frag_max_size && skb->len > IP6CB(skb)->frag_max_size)) 130 return ip6_fragment(skb, ip6_finish_output2); 131 else 132 return ip6_finish_output2(skb); 133 } 134 135 int ip6_output(struct sock *sk, struct sk_buff *skb) 136 { 137 struct net_device *dev = skb_dst(skb)->dev; 138 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb)); 139 if (unlikely(idev->cnf.disable_ipv6)) { 140 IP6_INC_STATS(dev_net(dev), idev, 141 IPSTATS_MIB_OUTDISCARDS); 142 kfree_skb(skb); 143 return 0; 144 } 145 146 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, NULL, dev, 147 ip6_finish_output, 148 !(IP6CB(skb)->flags & IP6SKB_REROUTED)); 149 } 150 151 /* 152 * xmit an sk_buff (used by TCP, SCTP and DCCP) 153 */ 154 155 int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6, 156 struct ipv6_txoptions *opt, int tclass) 157 { 158 struct net *net = sock_net(sk); 159 struct ipv6_pinfo *np = inet6_sk(sk); 160 struct in6_addr *first_hop = &fl6->daddr; 161 struct dst_entry *dst = skb_dst(skb); 162 struct ipv6hdr *hdr; 163 u8 proto = fl6->flowi6_proto; 164 int seg_len = skb->len; 165 int hlimit = -1; 166 u32 mtu; 167 168 if (opt) { 169 unsigned int head_room; 170 171 /* First: exthdrs may take lots of space (~8K for now) 172 MAX_HEADER is not enough. 173 */ 174 head_room = opt->opt_nflen + opt->opt_flen; 175 seg_len += head_room; 176 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev); 177 178 if (skb_headroom(skb) < head_room) { 179 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room); 180 if (skb2 == NULL) { 181 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 182 IPSTATS_MIB_OUTDISCARDS); 183 kfree_skb(skb); 184 return -ENOBUFS; 185 } 186 consume_skb(skb); 187 skb = skb2; 188 skb_set_owner_w(skb, sk); 189 } 190 if (opt->opt_flen) 191 ipv6_push_frag_opts(skb, opt, &proto); 192 if (opt->opt_nflen) 193 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop); 194 } 195 196 skb_push(skb, sizeof(struct ipv6hdr)); 197 skb_reset_network_header(skb); 198 hdr = ipv6_hdr(skb); 199 200 /* 201 * Fill in the IPv6 header 202 */ 203 if (np) 204 hlimit = np->hop_limit; 205 if (hlimit < 0) 206 hlimit = ip6_dst_hoplimit(dst); 207 208 ip6_flow_hdr(hdr, tclass, ip6_make_flowlabel(net, skb, fl6->flowlabel, 209 np->autoflowlabel)); 210 211 hdr->payload_len = htons(seg_len); 212 hdr->nexthdr = proto; 213 hdr->hop_limit = hlimit; 214 215 hdr->saddr = fl6->saddr; 216 hdr->daddr = *first_hop; 217 218 skb->protocol = htons(ETH_P_IPV6); 219 skb->priority = sk->sk_priority; 220 skb->mark = sk->sk_mark; 221 222 mtu = dst_mtu(dst); 223 if ((skb->len <= mtu) || skb->ignore_df || skb_is_gso(skb)) { 224 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)), 225 IPSTATS_MIB_OUT, skb->len); 226 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, 227 dst->dev, dst_output); 228 } 229 230 skb->dev = dst->dev; 231 ipv6_local_error(sk, EMSGSIZE, fl6, mtu); 232 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS); 233 kfree_skb(skb); 234 return -EMSGSIZE; 235 } 236 237 EXPORT_SYMBOL(ip6_xmit); 238 239 static int ip6_call_ra_chain(struct sk_buff *skb, int sel) 240 { 241 struct ip6_ra_chain *ra; 242 struct sock *last = NULL; 243 244 read_lock(&ip6_ra_lock); 245 for (ra = ip6_ra_chain; ra; ra = ra->next) { 246 struct sock *sk = ra->sk; 247 if (sk && ra->sel == sel && 248 (!sk->sk_bound_dev_if || 249 sk->sk_bound_dev_if == skb->dev->ifindex)) { 250 if (last) { 251 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC); 252 if (skb2) 253 rawv6_rcv(last, skb2); 254 } 255 last = sk; 256 } 257 } 258 259 if (last) { 260 rawv6_rcv(last, skb); 261 read_unlock(&ip6_ra_lock); 262 return 1; 263 } 264 read_unlock(&ip6_ra_lock); 265 return 0; 266 } 267 268 static int ip6_forward_proxy_check(struct sk_buff *skb) 269 { 270 struct ipv6hdr *hdr = ipv6_hdr(skb); 271 u8 nexthdr = hdr->nexthdr; 272 __be16 frag_off; 273 int offset; 274 275 if (ipv6_ext_hdr(nexthdr)) { 276 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr, &frag_off); 277 if (offset < 0) 278 return 0; 279 } else 280 offset = sizeof(struct ipv6hdr); 281 282 if (nexthdr == IPPROTO_ICMPV6) { 283 struct icmp6hdr *icmp6; 284 285 if (!pskb_may_pull(skb, (skb_network_header(skb) + 286 offset + 1 - skb->data))) 287 return 0; 288 289 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset); 290 291 switch (icmp6->icmp6_type) { 292 case NDISC_ROUTER_SOLICITATION: 293 case NDISC_ROUTER_ADVERTISEMENT: 294 case NDISC_NEIGHBOUR_SOLICITATION: 295 case NDISC_NEIGHBOUR_ADVERTISEMENT: 296 case NDISC_REDIRECT: 297 /* For reaction involving unicast neighbor discovery 298 * message destined to the proxied address, pass it to 299 * input function. 300 */ 301 return 1; 302 default: 303 break; 304 } 305 } 306 307 /* 308 * The proxying router can't forward traffic sent to a link-local 309 * address, so signal the sender and discard the packet. This 310 * behavior is clarified by the MIPv6 specification. 311 */ 312 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) { 313 dst_link_failure(skb); 314 return -1; 315 } 316 317 return 0; 318 } 319 320 static inline int ip6_forward_finish(struct sk_buff *skb) 321 { 322 return dst_output(skb); 323 } 324 325 static unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst) 326 { 327 unsigned int mtu; 328 struct inet6_dev *idev; 329 330 if (dst_metric_locked(dst, RTAX_MTU)) { 331 mtu = dst_metric_raw(dst, RTAX_MTU); 332 if (mtu) 333 return mtu; 334 } 335 336 mtu = IPV6_MIN_MTU; 337 rcu_read_lock(); 338 idev = __in6_dev_get(dst->dev); 339 if (idev) 340 mtu = idev->cnf.mtu6; 341 rcu_read_unlock(); 342 343 return mtu; 344 } 345 346 static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu) 347 { 348 if (skb->len <= mtu) 349 return false; 350 351 /* ipv6 conntrack defrag sets max_frag_size + ignore_df */ 352 if (IP6CB(skb)->frag_max_size && IP6CB(skb)->frag_max_size > mtu) 353 return true; 354 355 if (skb->ignore_df) 356 return false; 357 358 if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu) 359 return false; 360 361 return true; 362 } 363 364 int ip6_forward(struct sk_buff *skb) 365 { 366 struct dst_entry *dst = skb_dst(skb); 367 struct ipv6hdr *hdr = ipv6_hdr(skb); 368 struct inet6_skb_parm *opt = IP6CB(skb); 369 struct net *net = dev_net(dst->dev); 370 u32 mtu; 371 372 if (net->ipv6.devconf_all->forwarding == 0) 373 goto error; 374 375 if (skb->pkt_type != PACKET_HOST) 376 goto drop; 377 378 if (skb_warn_if_lro(skb)) 379 goto drop; 380 381 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) { 382 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), 383 IPSTATS_MIB_INDISCARDS); 384 goto drop; 385 } 386 387 skb_forward_csum(skb); 388 389 /* 390 * We DO NOT make any processing on 391 * RA packets, pushing them to user level AS IS 392 * without ane WARRANTY that application will be able 393 * to interpret them. The reason is that we 394 * cannot make anything clever here. 395 * 396 * We are not end-node, so that if packet contains 397 * AH/ESP, we cannot make anything. 398 * Defragmentation also would be mistake, RA packets 399 * cannot be fragmented, because there is no warranty 400 * that different fragments will go along one path. --ANK 401 */ 402 if (unlikely(opt->flags & IP6SKB_ROUTERALERT)) { 403 if (ip6_call_ra_chain(skb, ntohs(opt->ra))) 404 return 0; 405 } 406 407 /* 408 * check and decrement ttl 409 */ 410 if (hdr->hop_limit <= 1) { 411 /* Force OUTPUT device used as source address */ 412 skb->dev = dst->dev; 413 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0); 414 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), 415 IPSTATS_MIB_INHDRERRORS); 416 417 kfree_skb(skb); 418 return -ETIMEDOUT; 419 } 420 421 /* XXX: idev->cnf.proxy_ndp? */ 422 if (net->ipv6.devconf_all->proxy_ndp && 423 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) { 424 int proxied = ip6_forward_proxy_check(skb); 425 if (proxied > 0) 426 return ip6_input(skb); 427 else if (proxied < 0) { 428 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), 429 IPSTATS_MIB_INDISCARDS); 430 goto drop; 431 } 432 } 433 434 if (!xfrm6_route_forward(skb)) { 435 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), 436 IPSTATS_MIB_INDISCARDS); 437 goto drop; 438 } 439 dst = skb_dst(skb); 440 441 /* IPv6 specs say nothing about it, but it is clear that we cannot 442 send redirects to source routed frames. 443 We don't send redirects to frames decapsulated from IPsec. 444 */ 445 if (skb->dev == dst->dev && opt->srcrt == 0 && !skb_sec_path(skb)) { 446 struct in6_addr *target = NULL; 447 struct inet_peer *peer; 448 struct rt6_info *rt; 449 450 /* 451 * incoming and outgoing devices are the same 452 * send a redirect. 453 */ 454 455 rt = (struct rt6_info *) dst; 456 if (rt->rt6i_flags & RTF_GATEWAY) 457 target = &rt->rt6i_gateway; 458 else 459 target = &hdr->daddr; 460 461 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1); 462 463 /* Limit redirects both by destination (here) 464 and by source (inside ndisc_send_redirect) 465 */ 466 if (inet_peer_xrlim_allow(peer, 1*HZ)) 467 ndisc_send_redirect(skb, target); 468 if (peer) 469 inet_putpeer(peer); 470 } else { 471 int addrtype = ipv6_addr_type(&hdr->saddr); 472 473 /* This check is security critical. */ 474 if (addrtype == IPV6_ADDR_ANY || 475 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK)) 476 goto error; 477 if (addrtype & IPV6_ADDR_LINKLOCAL) { 478 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 479 ICMPV6_NOT_NEIGHBOUR, 0); 480 goto error; 481 } 482 } 483 484 mtu = ip6_dst_mtu_forward(dst); 485 if (mtu < IPV6_MIN_MTU) 486 mtu = IPV6_MIN_MTU; 487 488 if (ip6_pkt_too_big(skb, mtu)) { 489 /* Again, force OUTPUT device used as source address */ 490 skb->dev = dst->dev; 491 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); 492 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), 493 IPSTATS_MIB_INTOOBIGERRORS); 494 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), 495 IPSTATS_MIB_FRAGFAILS); 496 kfree_skb(skb); 497 return -EMSGSIZE; 498 } 499 500 if (skb_cow(skb, dst->dev->hard_header_len)) { 501 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), 502 IPSTATS_MIB_OUTDISCARDS); 503 goto drop; 504 } 505 506 hdr = ipv6_hdr(skb); 507 508 /* Mangling hops number delayed to point after skb COW */ 509 510 hdr->hop_limit--; 511 512 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS); 513 IP6_ADD_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len); 514 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, skb, skb->dev, dst->dev, 515 ip6_forward_finish); 516 517 error: 518 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS); 519 drop: 520 kfree_skb(skb); 521 return -EINVAL; 522 } 523 524 static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from) 525 { 526 to->pkt_type = from->pkt_type; 527 to->priority = from->priority; 528 to->protocol = from->protocol; 529 skb_dst_drop(to); 530 skb_dst_set(to, dst_clone(skb_dst(from))); 531 to->dev = from->dev; 532 to->mark = from->mark; 533 534 #ifdef CONFIG_NET_SCHED 535 to->tc_index = from->tc_index; 536 #endif 537 nf_copy(to, from); 538 skb_copy_secmark(to, from); 539 } 540 541 static void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt) 542 { 543 static u32 ip6_idents_hashrnd __read_mostly; 544 u32 hash, id; 545 546 net_get_random_once(&ip6_idents_hashrnd, sizeof(ip6_idents_hashrnd)); 547 548 hash = __ipv6_addr_jhash(&rt->rt6i_dst.addr, ip6_idents_hashrnd); 549 hash = __ipv6_addr_jhash(&rt->rt6i_src.addr, hash); 550 551 id = ip_idents_reserve(hash, 1); 552 fhdr->identification = htonl(id); 553 } 554 555 int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) 556 { 557 struct sk_buff *frag; 558 struct rt6_info *rt = (struct rt6_info*)skb_dst(skb); 559 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL; 560 struct ipv6hdr *tmp_hdr; 561 struct frag_hdr *fh; 562 unsigned int mtu, hlen, left, len; 563 int hroom, troom; 564 __be32 frag_id = 0; 565 int ptr, offset = 0, err=0; 566 u8 *prevhdr, nexthdr = 0; 567 struct net *net = dev_net(skb_dst(skb)->dev); 568 569 hlen = ip6_find_1stfragopt(skb, &prevhdr); 570 nexthdr = *prevhdr; 571 572 mtu = ip6_skb_dst_mtu(skb); 573 574 /* We must not fragment if the socket is set to force MTU discovery 575 * or if the skb it not generated by a local socket. 576 */ 577 if (unlikely(!skb->ignore_df && skb->len > mtu) || 578 (IP6CB(skb)->frag_max_size && 579 IP6CB(skb)->frag_max_size > mtu)) { 580 if (skb->sk && dst_allfrag(skb_dst(skb))) 581 sk_nocaps_add(skb->sk, NETIF_F_GSO_MASK); 582 583 skb->dev = skb_dst(skb)->dev; 584 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); 585 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 586 IPSTATS_MIB_FRAGFAILS); 587 kfree_skb(skb); 588 return -EMSGSIZE; 589 } 590 591 if (np && np->frag_size < mtu) { 592 if (np->frag_size) 593 mtu = np->frag_size; 594 } 595 mtu -= hlen + sizeof(struct frag_hdr); 596 597 if (skb_has_frag_list(skb)) { 598 int first_len = skb_pagelen(skb); 599 struct sk_buff *frag2; 600 601 if (first_len - hlen > mtu || 602 ((first_len - hlen) & 7) || 603 skb_cloned(skb)) 604 goto slow_path; 605 606 skb_walk_frags(skb, frag) { 607 /* Correct geometry. */ 608 if (frag->len > mtu || 609 ((frag->len & 7) && frag->next) || 610 skb_headroom(frag) < hlen) 611 goto slow_path_clean; 612 613 /* Partially cloned skb? */ 614 if (skb_shared(frag)) 615 goto slow_path_clean; 616 617 BUG_ON(frag->sk); 618 if (skb->sk) { 619 frag->sk = skb->sk; 620 frag->destructor = sock_wfree; 621 } 622 skb->truesize -= frag->truesize; 623 } 624 625 err = 0; 626 offset = 0; 627 frag = skb_shinfo(skb)->frag_list; 628 skb_frag_list_init(skb); 629 /* BUILD HEADER */ 630 631 *prevhdr = NEXTHDR_FRAGMENT; 632 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC); 633 if (!tmp_hdr) { 634 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 635 IPSTATS_MIB_FRAGFAILS); 636 return -ENOMEM; 637 } 638 639 __skb_pull(skb, hlen); 640 fh = (struct frag_hdr*)__skb_push(skb, sizeof(struct frag_hdr)); 641 __skb_push(skb, hlen); 642 skb_reset_network_header(skb); 643 memcpy(skb_network_header(skb), tmp_hdr, hlen); 644 645 ipv6_select_ident(fh, rt); 646 fh->nexthdr = nexthdr; 647 fh->reserved = 0; 648 fh->frag_off = htons(IP6_MF); 649 frag_id = fh->identification; 650 651 first_len = skb_pagelen(skb); 652 skb->data_len = first_len - skb_headlen(skb); 653 skb->len = first_len; 654 ipv6_hdr(skb)->payload_len = htons(first_len - 655 sizeof(struct ipv6hdr)); 656 657 dst_hold(&rt->dst); 658 659 for (;;) { 660 /* Prepare header of the next frame, 661 * before previous one went down. */ 662 if (frag) { 663 frag->ip_summed = CHECKSUM_NONE; 664 skb_reset_transport_header(frag); 665 fh = (struct frag_hdr*)__skb_push(frag, sizeof(struct frag_hdr)); 666 __skb_push(frag, hlen); 667 skb_reset_network_header(frag); 668 memcpy(skb_network_header(frag), tmp_hdr, 669 hlen); 670 offset += skb->len - hlen - sizeof(struct frag_hdr); 671 fh->nexthdr = nexthdr; 672 fh->reserved = 0; 673 fh->frag_off = htons(offset); 674 if (frag->next != NULL) 675 fh->frag_off |= htons(IP6_MF); 676 fh->identification = frag_id; 677 ipv6_hdr(frag)->payload_len = 678 htons(frag->len - 679 sizeof(struct ipv6hdr)); 680 ip6_copy_metadata(frag, skb); 681 } 682 683 err = output(skb); 684 if(!err) 685 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst), 686 IPSTATS_MIB_FRAGCREATES); 687 688 if (err || !frag) 689 break; 690 691 skb = frag; 692 frag = skb->next; 693 skb->next = NULL; 694 } 695 696 kfree(tmp_hdr); 697 698 if (err == 0) { 699 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst), 700 IPSTATS_MIB_FRAGOKS); 701 ip6_rt_put(rt); 702 return 0; 703 } 704 705 while (frag) { 706 skb = frag->next; 707 kfree_skb(frag); 708 frag = skb; 709 } 710 711 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst), 712 IPSTATS_MIB_FRAGFAILS); 713 ip6_rt_put(rt); 714 return err; 715 716 slow_path_clean: 717 skb_walk_frags(skb, frag2) { 718 if (frag2 == frag) 719 break; 720 frag2->sk = NULL; 721 frag2->destructor = NULL; 722 skb->truesize += frag2->truesize; 723 } 724 } 725 726 slow_path: 727 if ((skb->ip_summed == CHECKSUM_PARTIAL) && 728 skb_checksum_help(skb)) 729 goto fail; 730 731 left = skb->len - hlen; /* Space per frame */ 732 ptr = hlen; /* Where to start from */ 733 734 /* 735 * Fragment the datagram. 736 */ 737 738 *prevhdr = NEXTHDR_FRAGMENT; 739 hroom = LL_RESERVED_SPACE(rt->dst.dev); 740 troom = rt->dst.dev->needed_tailroom; 741 742 /* 743 * Keep copying data until we run out. 744 */ 745 while(left > 0) { 746 len = left; 747 /* IF: it doesn't fit, use 'mtu' - the data space left */ 748 if (len > mtu) 749 len = mtu; 750 /* IF: we are not sending up to and including the packet end 751 then align the next start on an eight byte boundary */ 752 if (len < left) { 753 len &= ~7; 754 } 755 /* 756 * Allocate buffer. 757 */ 758 759 if ((frag = alloc_skb(len + hlen + sizeof(struct frag_hdr) + 760 hroom + troom, GFP_ATOMIC)) == NULL) { 761 NETDEBUG(KERN_INFO "IPv6: frag: no memory for new fragment!\n"); 762 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 763 IPSTATS_MIB_FRAGFAILS); 764 err = -ENOMEM; 765 goto fail; 766 } 767 768 /* 769 * Set up data on packet 770 */ 771 772 ip6_copy_metadata(frag, skb); 773 skb_reserve(frag, hroom); 774 skb_put(frag, len + hlen + sizeof(struct frag_hdr)); 775 skb_reset_network_header(frag); 776 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen); 777 frag->transport_header = (frag->network_header + hlen + 778 sizeof(struct frag_hdr)); 779 780 /* 781 * Charge the memory for the fragment to any owner 782 * it might possess 783 */ 784 if (skb->sk) 785 skb_set_owner_w(frag, skb->sk); 786 787 /* 788 * Copy the packet header into the new buffer. 789 */ 790 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen); 791 792 /* 793 * Build fragment header. 794 */ 795 fh->nexthdr = nexthdr; 796 fh->reserved = 0; 797 if (!frag_id) { 798 ipv6_select_ident(fh, rt); 799 frag_id = fh->identification; 800 } else 801 fh->identification = frag_id; 802 803 /* 804 * Copy a block of the IP datagram. 805 */ 806 BUG_ON(skb_copy_bits(skb, ptr, skb_transport_header(frag), 807 len)); 808 left -= len; 809 810 fh->frag_off = htons(offset); 811 if (left > 0) 812 fh->frag_off |= htons(IP6_MF); 813 ipv6_hdr(frag)->payload_len = htons(frag->len - 814 sizeof(struct ipv6hdr)); 815 816 ptr += len; 817 offset += len; 818 819 /* 820 * Put this fragment into the sending queue. 821 */ 822 err = output(frag); 823 if (err) 824 goto fail; 825 826 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 827 IPSTATS_MIB_FRAGCREATES); 828 } 829 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 830 IPSTATS_MIB_FRAGOKS); 831 consume_skb(skb); 832 return err; 833 834 fail: 835 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 836 IPSTATS_MIB_FRAGFAILS); 837 kfree_skb(skb); 838 return err; 839 } 840 841 static inline int ip6_rt_check(const struct rt6key *rt_key, 842 const struct in6_addr *fl_addr, 843 const struct in6_addr *addr_cache) 844 { 845 return (rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) && 846 (addr_cache == NULL || !ipv6_addr_equal(fl_addr, addr_cache)); 847 } 848 849 static struct dst_entry *ip6_sk_dst_check(struct sock *sk, 850 struct dst_entry *dst, 851 const struct flowi6 *fl6) 852 { 853 struct ipv6_pinfo *np = inet6_sk(sk); 854 struct rt6_info *rt; 855 856 if (!dst) 857 goto out; 858 859 if (dst->ops->family != AF_INET6) { 860 dst_release(dst); 861 return NULL; 862 } 863 864 rt = (struct rt6_info *)dst; 865 /* Yes, checking route validity in not connected 866 * case is not very simple. Take into account, 867 * that we do not support routing by source, TOS, 868 * and MSG_DONTROUTE --ANK (980726) 869 * 870 * 1. ip6_rt_check(): If route was host route, 871 * check that cached destination is current. 872 * If it is network route, we still may 873 * check its validity using saved pointer 874 * to the last used address: daddr_cache. 875 * We do not want to save whole address now, 876 * (because main consumer of this service 877 * is tcp, which has not this problem), 878 * so that the last trick works only on connected 879 * sockets. 880 * 2. oif also should be the same. 881 */ 882 if (ip6_rt_check(&rt->rt6i_dst, &fl6->daddr, np->daddr_cache) || 883 #ifdef CONFIG_IPV6_SUBTREES 884 ip6_rt_check(&rt->rt6i_src, &fl6->saddr, np->saddr_cache) || 885 #endif 886 (fl6->flowi6_oif && fl6->flowi6_oif != dst->dev->ifindex)) { 887 dst_release(dst); 888 dst = NULL; 889 } 890 891 out: 892 return dst; 893 } 894 895 static int ip6_dst_lookup_tail(struct sock *sk, 896 struct dst_entry **dst, struct flowi6 *fl6) 897 { 898 struct net *net = sock_net(sk); 899 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD 900 struct neighbour *n; 901 struct rt6_info *rt; 902 #endif 903 int err; 904 905 if (*dst == NULL) 906 *dst = ip6_route_output(net, sk, fl6); 907 908 if ((err = (*dst)->error)) 909 goto out_err_release; 910 911 if (ipv6_addr_any(&fl6->saddr)) { 912 struct rt6_info *rt = (struct rt6_info *) *dst; 913 err = ip6_route_get_saddr(net, rt, &fl6->daddr, 914 sk ? inet6_sk(sk)->srcprefs : 0, 915 &fl6->saddr); 916 if (err) 917 goto out_err_release; 918 } 919 920 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD 921 /* 922 * Here if the dst entry we've looked up 923 * has a neighbour entry that is in the INCOMPLETE 924 * state and the src address from the flow is 925 * marked as OPTIMISTIC, we release the found 926 * dst entry and replace it instead with the 927 * dst entry of the nexthop router 928 */ 929 rt = (struct rt6_info *) *dst; 930 rcu_read_lock_bh(); 931 n = __ipv6_neigh_lookup_noref(rt->dst.dev, rt6_nexthop(rt)); 932 err = n && !(n->nud_state & NUD_VALID) ? -EINVAL : 0; 933 rcu_read_unlock_bh(); 934 935 if (err) { 936 struct inet6_ifaddr *ifp; 937 struct flowi6 fl_gw6; 938 int redirect; 939 940 ifp = ipv6_get_ifaddr(net, &fl6->saddr, 941 (*dst)->dev, 1); 942 943 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC); 944 if (ifp) 945 in6_ifa_put(ifp); 946 947 if (redirect) { 948 /* 949 * We need to get the dst entry for the 950 * default router instead 951 */ 952 dst_release(*dst); 953 memcpy(&fl_gw6, fl6, sizeof(struct flowi6)); 954 memset(&fl_gw6.daddr, 0, sizeof(struct in6_addr)); 955 *dst = ip6_route_output(net, sk, &fl_gw6); 956 if ((err = (*dst)->error)) 957 goto out_err_release; 958 } 959 } 960 #endif 961 962 return 0; 963 964 out_err_release: 965 if (err == -ENETUNREACH) 966 IP6_INC_STATS(net, NULL, IPSTATS_MIB_OUTNOROUTES); 967 dst_release(*dst); 968 *dst = NULL; 969 return err; 970 } 971 972 /** 973 * ip6_dst_lookup - perform route lookup on flow 974 * @sk: socket which provides route info 975 * @dst: pointer to dst_entry * for result 976 * @fl6: flow to lookup 977 * 978 * This function performs a route lookup on the given flow. 979 * 980 * It returns zero on success, or a standard errno code on error. 981 */ 982 int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi6 *fl6) 983 { 984 *dst = NULL; 985 return ip6_dst_lookup_tail(sk, dst, fl6); 986 } 987 EXPORT_SYMBOL_GPL(ip6_dst_lookup); 988 989 /** 990 * ip6_dst_lookup_flow - perform route lookup on flow with ipsec 991 * @sk: socket which provides route info 992 * @fl6: flow to lookup 993 * @final_dst: final destination address for ipsec lookup 994 * 995 * This function performs a route lookup on the given flow. 996 * 997 * It returns a valid dst pointer on success, or a pointer encoded 998 * error code. 999 */ 1000 struct dst_entry *ip6_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6, 1001 const struct in6_addr *final_dst) 1002 { 1003 struct dst_entry *dst = NULL; 1004 int err; 1005 1006 err = ip6_dst_lookup_tail(sk, &dst, fl6); 1007 if (err) 1008 return ERR_PTR(err); 1009 if (final_dst) 1010 fl6->daddr = *final_dst; 1011 1012 return xfrm_lookup(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0); 1013 } 1014 EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow); 1015 1016 /** 1017 * ip6_sk_dst_lookup_flow - perform socket cached route lookup on flow 1018 * @sk: socket which provides the dst cache and route info 1019 * @fl6: flow to lookup 1020 * @final_dst: final destination address for ipsec lookup 1021 * 1022 * This function performs a route lookup on the given flow with the 1023 * possibility of using the cached route in the socket if it is valid. 1024 * It will take the socket dst lock when operating on the dst cache. 1025 * As a result, this function can only be used in process context. 1026 * 1027 * It returns a valid dst pointer on success, or a pointer encoded 1028 * error code. 1029 */ 1030 struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6, 1031 const struct in6_addr *final_dst) 1032 { 1033 struct dst_entry *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie); 1034 int err; 1035 1036 dst = ip6_sk_dst_check(sk, dst, fl6); 1037 1038 err = ip6_dst_lookup_tail(sk, &dst, fl6); 1039 if (err) 1040 return ERR_PTR(err); 1041 if (final_dst) 1042 fl6->daddr = *final_dst; 1043 1044 return xfrm_lookup(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0); 1045 } 1046 EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow); 1047 1048 static inline int ip6_ufo_append_data(struct sock *sk, 1049 int getfrag(void *from, char *to, int offset, int len, 1050 int odd, struct sk_buff *skb), 1051 void *from, int length, int hh_len, int fragheaderlen, 1052 int transhdrlen, int mtu,unsigned int flags, 1053 struct rt6_info *rt) 1054 1055 { 1056 struct sk_buff *skb; 1057 struct frag_hdr fhdr; 1058 int err; 1059 1060 /* There is support for UDP large send offload by network 1061 * device, so create one single skb packet containing complete 1062 * udp datagram 1063 */ 1064 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) { 1065 skb = sock_alloc_send_skb(sk, 1066 hh_len + fragheaderlen + transhdrlen + 20, 1067 (flags & MSG_DONTWAIT), &err); 1068 if (skb == NULL) 1069 return err; 1070 1071 /* reserve space for Hardware header */ 1072 skb_reserve(skb, hh_len); 1073 1074 /* create space for UDP/IP header */ 1075 skb_put(skb,fragheaderlen + transhdrlen); 1076 1077 /* initialize network header pointer */ 1078 skb_reset_network_header(skb); 1079 1080 /* initialize protocol header pointer */ 1081 skb->transport_header = skb->network_header + fragheaderlen; 1082 1083 skb->protocol = htons(ETH_P_IPV6); 1084 skb->csum = 0; 1085 1086 __skb_queue_tail(&sk->sk_write_queue, skb); 1087 } else if (skb_is_gso(skb)) { 1088 goto append; 1089 } 1090 1091 skb->ip_summed = CHECKSUM_PARTIAL; 1092 /* Specify the length of each IPv6 datagram fragment. 1093 * It has to be a multiple of 8. 1094 */ 1095 skb_shinfo(skb)->gso_size = (mtu - fragheaderlen - 1096 sizeof(struct frag_hdr)) & ~7; 1097 skb_shinfo(skb)->gso_type = SKB_GSO_UDP; 1098 ipv6_select_ident(&fhdr, rt); 1099 skb_shinfo(skb)->ip6_frag_id = fhdr.identification; 1100 1101 append: 1102 return skb_append_datato_frags(sk, skb, getfrag, from, 1103 (length - transhdrlen)); 1104 } 1105 1106 static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src, 1107 gfp_t gfp) 1108 { 1109 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL; 1110 } 1111 1112 static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src, 1113 gfp_t gfp) 1114 { 1115 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL; 1116 } 1117 1118 static void ip6_append_data_mtu(unsigned int *mtu, 1119 int *maxfraglen, 1120 unsigned int fragheaderlen, 1121 struct sk_buff *skb, 1122 struct rt6_info *rt, 1123 unsigned int orig_mtu) 1124 { 1125 if (!(rt->dst.flags & DST_XFRM_TUNNEL)) { 1126 if (skb == NULL) { 1127 /* first fragment, reserve header_len */ 1128 *mtu = orig_mtu - rt->dst.header_len; 1129 1130 } else { 1131 /* 1132 * this fragment is not first, the headers 1133 * space is regarded as data space. 1134 */ 1135 *mtu = orig_mtu; 1136 } 1137 *maxfraglen = ((*mtu - fragheaderlen) & ~7) 1138 + fragheaderlen - sizeof(struct frag_hdr); 1139 } 1140 } 1141 1142 int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, 1143 int offset, int len, int odd, struct sk_buff *skb), 1144 void *from, int length, int transhdrlen, 1145 int hlimit, int tclass, struct ipv6_txoptions *opt, struct flowi6 *fl6, 1146 struct rt6_info *rt, unsigned int flags, int dontfrag) 1147 { 1148 struct inet_sock *inet = inet_sk(sk); 1149 struct ipv6_pinfo *np = inet6_sk(sk); 1150 struct inet_cork *cork; 1151 struct sk_buff *skb, *skb_prev = NULL; 1152 unsigned int maxfraglen, fragheaderlen, mtu, orig_mtu; 1153 int exthdrlen; 1154 int dst_exthdrlen; 1155 int hh_len; 1156 int copy; 1157 int err; 1158 int offset = 0; 1159 __u8 tx_flags = 0; 1160 u32 tskey = 0; 1161 1162 if (flags&MSG_PROBE) 1163 return 0; 1164 cork = &inet->cork.base; 1165 if (skb_queue_empty(&sk->sk_write_queue)) { 1166 /* 1167 * setup for corking 1168 */ 1169 if (opt) { 1170 if (WARN_ON(np->cork.opt)) 1171 return -EINVAL; 1172 1173 np->cork.opt = kzalloc(opt->tot_len, sk->sk_allocation); 1174 if (unlikely(np->cork.opt == NULL)) 1175 return -ENOBUFS; 1176 1177 np->cork.opt->tot_len = opt->tot_len; 1178 np->cork.opt->opt_flen = opt->opt_flen; 1179 np->cork.opt->opt_nflen = opt->opt_nflen; 1180 1181 np->cork.opt->dst0opt = ip6_opt_dup(opt->dst0opt, 1182 sk->sk_allocation); 1183 if (opt->dst0opt && !np->cork.opt->dst0opt) 1184 return -ENOBUFS; 1185 1186 np->cork.opt->dst1opt = ip6_opt_dup(opt->dst1opt, 1187 sk->sk_allocation); 1188 if (opt->dst1opt && !np->cork.opt->dst1opt) 1189 return -ENOBUFS; 1190 1191 np->cork.opt->hopopt = ip6_opt_dup(opt->hopopt, 1192 sk->sk_allocation); 1193 if (opt->hopopt && !np->cork.opt->hopopt) 1194 return -ENOBUFS; 1195 1196 np->cork.opt->srcrt = ip6_rthdr_dup(opt->srcrt, 1197 sk->sk_allocation); 1198 if (opt->srcrt && !np->cork.opt->srcrt) 1199 return -ENOBUFS; 1200 1201 /* need source address above miyazawa*/ 1202 } 1203 dst_hold(&rt->dst); 1204 cork->dst = &rt->dst; 1205 inet->cork.fl.u.ip6 = *fl6; 1206 np->cork.hop_limit = hlimit; 1207 np->cork.tclass = tclass; 1208 if (rt->dst.flags & DST_XFRM_TUNNEL) 1209 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ? 1210 rt->dst.dev->mtu : dst_mtu(&rt->dst); 1211 else 1212 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ? 1213 rt->dst.dev->mtu : dst_mtu(rt->dst.path); 1214 if (np->frag_size < mtu) { 1215 if (np->frag_size) 1216 mtu = np->frag_size; 1217 } 1218 cork->fragsize = mtu; 1219 if (dst_allfrag(rt->dst.path)) 1220 cork->flags |= IPCORK_ALLFRAG; 1221 cork->length = 0; 1222 exthdrlen = (opt ? opt->opt_flen : 0); 1223 length += exthdrlen; 1224 transhdrlen += exthdrlen; 1225 dst_exthdrlen = rt->dst.header_len - rt->rt6i_nfheader_len; 1226 } else { 1227 rt = (struct rt6_info *)cork->dst; 1228 fl6 = &inet->cork.fl.u.ip6; 1229 opt = np->cork.opt; 1230 transhdrlen = 0; 1231 exthdrlen = 0; 1232 dst_exthdrlen = 0; 1233 mtu = cork->fragsize; 1234 } 1235 orig_mtu = mtu; 1236 1237 hh_len = LL_RESERVED_SPACE(rt->dst.dev); 1238 1239 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len + 1240 (opt ? opt->opt_nflen : 0); 1241 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - 1242 sizeof(struct frag_hdr); 1243 1244 if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) { 1245 unsigned int maxnonfragsize, headersize; 1246 1247 headersize = sizeof(struct ipv6hdr) + 1248 (opt ? opt->opt_flen + opt->opt_nflen : 0) + 1249 (dst_allfrag(&rt->dst) ? 1250 sizeof(struct frag_hdr) : 0) + 1251 rt->rt6i_nfheader_len; 1252 1253 if (ip6_sk_ignore_df(sk)) 1254 maxnonfragsize = sizeof(struct ipv6hdr) + IPV6_MAXPLEN; 1255 else 1256 maxnonfragsize = mtu; 1257 1258 /* dontfrag active */ 1259 if ((cork->length + length > mtu - headersize) && dontfrag && 1260 (sk->sk_protocol == IPPROTO_UDP || 1261 sk->sk_protocol == IPPROTO_RAW)) { 1262 ipv6_local_rxpmtu(sk, fl6, mtu - headersize + 1263 sizeof(struct ipv6hdr)); 1264 goto emsgsize; 1265 } 1266 1267 if (cork->length + length > maxnonfragsize - headersize) { 1268 emsgsize: 1269 ipv6_local_error(sk, EMSGSIZE, fl6, 1270 mtu - headersize + 1271 sizeof(struct ipv6hdr)); 1272 return -EMSGSIZE; 1273 } 1274 } 1275 1276 if (sk->sk_type == SOCK_DGRAM || sk->sk_type == SOCK_RAW) { 1277 sock_tx_timestamp(sk, &tx_flags); 1278 if (tx_flags & SKBTX_ANY_SW_TSTAMP && 1279 sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID) 1280 tskey = sk->sk_tskey++; 1281 } 1282 1283 /* 1284 * Let's try using as much space as possible. 1285 * Use MTU if total length of the message fits into the MTU. 1286 * Otherwise, we need to reserve fragment header and 1287 * fragment alignment (= 8-15 octects, in total). 1288 * 1289 * Note that we may need to "move" the data from the tail of 1290 * of the buffer to the new fragment when we split 1291 * the message. 1292 * 1293 * FIXME: It may be fragmented into multiple chunks 1294 * at once if non-fragmentable extension headers 1295 * are too large. 1296 * --yoshfuji 1297 */ 1298 1299 skb = skb_peek_tail(&sk->sk_write_queue); 1300 cork->length += length; 1301 if (((length > mtu) || 1302 (skb && skb_is_gso(skb))) && 1303 (sk->sk_protocol == IPPROTO_UDP) && 1304 (rt->dst.dev->features & NETIF_F_UFO)) { 1305 err = ip6_ufo_append_data(sk, getfrag, from, length, 1306 hh_len, fragheaderlen, 1307 transhdrlen, mtu, flags, rt); 1308 if (err) 1309 goto error; 1310 return 0; 1311 } 1312 1313 if (!skb) 1314 goto alloc_new_skb; 1315 1316 while (length > 0) { 1317 /* Check if the remaining data fits into current packet. */ 1318 copy = (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len; 1319 if (copy < length) 1320 copy = maxfraglen - skb->len; 1321 1322 if (copy <= 0) { 1323 char *data; 1324 unsigned int datalen; 1325 unsigned int fraglen; 1326 unsigned int fraggap; 1327 unsigned int alloclen; 1328 alloc_new_skb: 1329 /* There's no room in the current skb */ 1330 if (skb) 1331 fraggap = skb->len - maxfraglen; 1332 else 1333 fraggap = 0; 1334 /* update mtu and maxfraglen if necessary */ 1335 if (skb == NULL || skb_prev == NULL) 1336 ip6_append_data_mtu(&mtu, &maxfraglen, 1337 fragheaderlen, skb, rt, 1338 orig_mtu); 1339 1340 skb_prev = skb; 1341 1342 /* 1343 * If remaining data exceeds the mtu, 1344 * we know we need more fragment(s). 1345 */ 1346 datalen = length + fraggap; 1347 1348 if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen) 1349 datalen = maxfraglen - fragheaderlen - rt->dst.trailer_len; 1350 if ((flags & MSG_MORE) && 1351 !(rt->dst.dev->features&NETIF_F_SG)) 1352 alloclen = mtu; 1353 else 1354 alloclen = datalen + fragheaderlen; 1355 1356 alloclen += dst_exthdrlen; 1357 1358 if (datalen != length + fraggap) { 1359 /* 1360 * this is not the last fragment, the trailer 1361 * space is regarded as data space. 1362 */ 1363 datalen += rt->dst.trailer_len; 1364 } 1365 1366 alloclen += rt->dst.trailer_len; 1367 fraglen = datalen + fragheaderlen; 1368 1369 /* 1370 * We just reserve space for fragment header. 1371 * Note: this may be overallocation if the message 1372 * (without MSG_MORE) fits into the MTU. 1373 */ 1374 alloclen += sizeof(struct frag_hdr); 1375 1376 if (transhdrlen) { 1377 skb = sock_alloc_send_skb(sk, 1378 alloclen + hh_len, 1379 (flags & MSG_DONTWAIT), &err); 1380 } else { 1381 skb = NULL; 1382 if (atomic_read(&sk->sk_wmem_alloc) <= 1383 2 * sk->sk_sndbuf) 1384 skb = sock_wmalloc(sk, 1385 alloclen + hh_len, 1, 1386 sk->sk_allocation); 1387 if (unlikely(skb == NULL)) 1388 err = -ENOBUFS; 1389 } 1390 if (skb == NULL) 1391 goto error; 1392 /* 1393 * Fill in the control structures 1394 */ 1395 skb->protocol = htons(ETH_P_IPV6); 1396 skb->ip_summed = CHECKSUM_NONE; 1397 skb->csum = 0; 1398 /* reserve for fragmentation and ipsec header */ 1399 skb_reserve(skb, hh_len + sizeof(struct frag_hdr) + 1400 dst_exthdrlen); 1401 1402 /* Only the initial fragment is time stamped */ 1403 skb_shinfo(skb)->tx_flags = tx_flags; 1404 tx_flags = 0; 1405 skb_shinfo(skb)->tskey = tskey; 1406 tskey = 0; 1407 1408 /* 1409 * Find where to start putting bytes 1410 */ 1411 data = skb_put(skb, fraglen); 1412 skb_set_network_header(skb, exthdrlen); 1413 data += fragheaderlen; 1414 skb->transport_header = (skb->network_header + 1415 fragheaderlen); 1416 if (fraggap) { 1417 skb->csum = skb_copy_and_csum_bits( 1418 skb_prev, maxfraglen, 1419 data + transhdrlen, fraggap, 0); 1420 skb_prev->csum = csum_sub(skb_prev->csum, 1421 skb->csum); 1422 data += fraggap; 1423 pskb_trim_unique(skb_prev, maxfraglen); 1424 } 1425 copy = datalen - transhdrlen - fraggap; 1426 1427 if (copy < 0) { 1428 err = -EINVAL; 1429 kfree_skb(skb); 1430 goto error; 1431 } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) { 1432 err = -EFAULT; 1433 kfree_skb(skb); 1434 goto error; 1435 } 1436 1437 offset += copy; 1438 length -= datalen - fraggap; 1439 transhdrlen = 0; 1440 exthdrlen = 0; 1441 dst_exthdrlen = 0; 1442 1443 /* 1444 * Put the packet on the pending queue 1445 */ 1446 __skb_queue_tail(&sk->sk_write_queue, skb); 1447 continue; 1448 } 1449 1450 if (copy > length) 1451 copy = length; 1452 1453 if (!(rt->dst.dev->features&NETIF_F_SG)) { 1454 unsigned int off; 1455 1456 off = skb->len; 1457 if (getfrag(from, skb_put(skb, copy), 1458 offset, copy, off, skb) < 0) { 1459 __skb_trim(skb, off); 1460 err = -EFAULT; 1461 goto error; 1462 } 1463 } else { 1464 int i = skb_shinfo(skb)->nr_frags; 1465 struct page_frag *pfrag = sk_page_frag(sk); 1466 1467 err = -ENOMEM; 1468 if (!sk_page_frag_refill(sk, pfrag)) 1469 goto error; 1470 1471 if (!skb_can_coalesce(skb, i, pfrag->page, 1472 pfrag->offset)) { 1473 err = -EMSGSIZE; 1474 if (i == MAX_SKB_FRAGS) 1475 goto error; 1476 1477 __skb_fill_page_desc(skb, i, pfrag->page, 1478 pfrag->offset, 0); 1479 skb_shinfo(skb)->nr_frags = ++i; 1480 get_page(pfrag->page); 1481 } 1482 copy = min_t(int, copy, pfrag->size - pfrag->offset); 1483 if (getfrag(from, 1484 page_address(pfrag->page) + pfrag->offset, 1485 offset, copy, skb->len, skb) < 0) 1486 goto error_efault; 1487 1488 pfrag->offset += copy; 1489 skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy); 1490 skb->len += copy; 1491 skb->data_len += copy; 1492 skb->truesize += copy; 1493 atomic_add(copy, &sk->sk_wmem_alloc); 1494 } 1495 offset += copy; 1496 length -= copy; 1497 } 1498 1499 return 0; 1500 1501 error_efault: 1502 err = -EFAULT; 1503 error: 1504 cork->length -= length; 1505 IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS); 1506 return err; 1507 } 1508 EXPORT_SYMBOL_GPL(ip6_append_data); 1509 1510 static void ip6_cork_release(struct inet_sock *inet, struct ipv6_pinfo *np) 1511 { 1512 if (np->cork.opt) { 1513 kfree(np->cork.opt->dst0opt); 1514 kfree(np->cork.opt->dst1opt); 1515 kfree(np->cork.opt->hopopt); 1516 kfree(np->cork.opt->srcrt); 1517 kfree(np->cork.opt); 1518 np->cork.opt = NULL; 1519 } 1520 1521 if (inet->cork.base.dst) { 1522 dst_release(inet->cork.base.dst); 1523 inet->cork.base.dst = NULL; 1524 inet->cork.base.flags &= ~IPCORK_ALLFRAG; 1525 } 1526 memset(&inet->cork.fl, 0, sizeof(inet->cork.fl)); 1527 } 1528 1529 int ip6_push_pending_frames(struct sock *sk) 1530 { 1531 struct sk_buff *skb, *tmp_skb; 1532 struct sk_buff **tail_skb; 1533 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf; 1534 struct inet_sock *inet = inet_sk(sk); 1535 struct ipv6_pinfo *np = inet6_sk(sk); 1536 struct net *net = sock_net(sk); 1537 struct ipv6hdr *hdr; 1538 struct ipv6_txoptions *opt = np->cork.opt; 1539 struct rt6_info *rt = (struct rt6_info *)inet->cork.base.dst; 1540 struct flowi6 *fl6 = &inet->cork.fl.u.ip6; 1541 unsigned char proto = fl6->flowi6_proto; 1542 int err = 0; 1543 1544 if ((skb = __skb_dequeue(&sk->sk_write_queue)) == NULL) 1545 goto out; 1546 tail_skb = &(skb_shinfo(skb)->frag_list); 1547 1548 /* move skb->data to ip header from ext header */ 1549 if (skb->data < skb_network_header(skb)) 1550 __skb_pull(skb, skb_network_offset(skb)); 1551 while ((tmp_skb = __skb_dequeue(&sk->sk_write_queue)) != NULL) { 1552 __skb_pull(tmp_skb, skb_network_header_len(skb)); 1553 *tail_skb = tmp_skb; 1554 tail_skb = &(tmp_skb->next); 1555 skb->len += tmp_skb->len; 1556 skb->data_len += tmp_skb->len; 1557 skb->truesize += tmp_skb->truesize; 1558 tmp_skb->destructor = NULL; 1559 tmp_skb->sk = NULL; 1560 } 1561 1562 /* Allow local fragmentation. */ 1563 skb->ignore_df = ip6_sk_ignore_df(sk); 1564 1565 *final_dst = fl6->daddr; 1566 __skb_pull(skb, skb_network_header_len(skb)); 1567 if (opt && opt->opt_flen) 1568 ipv6_push_frag_opts(skb, opt, &proto); 1569 if (opt && opt->opt_nflen) 1570 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst); 1571 1572 skb_push(skb, sizeof(struct ipv6hdr)); 1573 skb_reset_network_header(skb); 1574 hdr = ipv6_hdr(skb); 1575 1576 ip6_flow_hdr(hdr, np->cork.tclass, 1577 ip6_make_flowlabel(net, skb, fl6->flowlabel, 1578 np->autoflowlabel)); 1579 hdr->hop_limit = np->cork.hop_limit; 1580 hdr->nexthdr = proto; 1581 hdr->saddr = fl6->saddr; 1582 hdr->daddr = *final_dst; 1583 1584 skb->priority = sk->sk_priority; 1585 skb->mark = sk->sk_mark; 1586 1587 skb_dst_set(skb, dst_clone(&rt->dst)); 1588 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len); 1589 if (proto == IPPROTO_ICMPV6) { 1590 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb)); 1591 1592 ICMP6MSGOUT_INC_STATS(net, idev, icmp6_hdr(skb)->icmp6_type); 1593 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 1594 } 1595 1596 err = ip6_local_out(skb); 1597 if (err) { 1598 if (err > 0) 1599 err = net_xmit_errno(err); 1600 if (err) 1601 goto error; 1602 } 1603 1604 out: 1605 ip6_cork_release(inet, np); 1606 return err; 1607 error: 1608 IP6_INC_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS); 1609 goto out; 1610 } 1611 EXPORT_SYMBOL_GPL(ip6_push_pending_frames); 1612 1613 void ip6_flush_pending_frames(struct sock *sk) 1614 { 1615 struct sk_buff *skb; 1616 1617 while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) { 1618 if (skb_dst(skb)) 1619 IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb_dst(skb)), 1620 IPSTATS_MIB_OUTDISCARDS); 1621 kfree_skb(skb); 1622 } 1623 1624 ip6_cork_release(inet_sk(sk), inet6_sk(sk)); 1625 } 1626 EXPORT_SYMBOL_GPL(ip6_flush_pending_frames); 1627