1 /* 2 * IPv6 output functions 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on linux/net/ipv4/ip_output.c 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License 12 * as published by the Free Software Foundation; either version 13 * 2 of the License, or (at your option) any later version. 14 * 15 * Changes: 16 * A.N.Kuznetsov : airthmetics in fragmentation. 17 * extension headers are implemented. 18 * route changes now work. 19 * ip6_forward does not confuse sniffers. 20 * etc. 21 * 22 * H. von Brand : Added missing #include <linux/string.h> 23 * Imran Patel : frag id should be in NBO 24 * Kazunori MIYAZAWA @USAGI 25 * : add ip6_append_data and related functions 26 * for datagram xmit 27 */ 28 29 #include <linux/errno.h> 30 #include <linux/kernel.h> 31 #include <linux/string.h> 32 #include <linux/socket.h> 33 #include <linux/net.h> 34 #include <linux/netdevice.h> 35 #include <linux/if_arp.h> 36 #include <linux/in6.h> 37 #include <linux/tcp.h> 38 #include <linux/route.h> 39 #include <linux/module.h> 40 #include <linux/slab.h> 41 42 #include <linux/netfilter.h> 43 #include <linux/netfilter_ipv6.h> 44 45 #include <net/sock.h> 46 #include <net/snmp.h> 47 48 #include <net/ipv6.h> 49 #include <net/ndisc.h> 50 #include <net/protocol.h> 51 #include <net/ip6_route.h> 52 #include <net/addrconf.h> 53 #include <net/rawv6.h> 54 #include <net/icmp.h> 55 #include <net/xfrm.h> 56 #include <net/checksum.h> 57 #include <linux/mroute6.h> 58 #include <net/l3mdev.h> 59 #include <net/lwtunnel.h> 60 61 static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff *skb) 62 { 63 struct dst_entry *dst = skb_dst(skb); 64 struct net_device *dev = dst->dev; 65 struct neighbour *neigh; 66 struct in6_addr *nexthop; 67 int ret; 68 69 skb->protocol = htons(ETH_P_IPV6); 70 skb->dev = dev; 71 72 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) { 73 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb)); 74 75 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(sk) && 76 ((mroute6_socket(net, skb) && 77 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) || 78 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr, 79 &ipv6_hdr(skb)->saddr))) { 80 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); 81 82 /* Do not check for IFF_ALLMULTI; multicast routing 83 is not supported in any case. 84 */ 85 if (newskb) 86 NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING, 87 net, sk, newskb, NULL, newskb->dev, 88 dev_loopback_xmit); 89 90 if (ipv6_hdr(skb)->hop_limit == 0) { 91 IP6_INC_STATS(net, idev, 92 IPSTATS_MIB_OUTDISCARDS); 93 kfree_skb(skb); 94 return 0; 95 } 96 } 97 98 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUTMCAST, skb->len); 99 100 if (IPV6_ADDR_MC_SCOPE(&ipv6_hdr(skb)->daddr) <= 101 IPV6_ADDR_SCOPE_NODELOCAL && 102 !(dev->flags & IFF_LOOPBACK)) { 103 kfree_skb(skb); 104 return 0; 105 } 106 } 107 108 if (lwtunnel_xmit_redirect(dst->lwtstate)) { 109 int res = lwtunnel_xmit(skb); 110 111 if (res < 0 || res == LWTUNNEL_XMIT_DONE) 112 return res; 113 } 114 115 rcu_read_lock_bh(); 116 nexthop = rt6_nexthop((struct rt6_info *)dst, &ipv6_hdr(skb)->daddr); 117 neigh = __ipv6_neigh_lookup_noref(dst->dev, nexthop); 118 if (unlikely(!neigh)) 119 neigh = __neigh_create(&nd_tbl, nexthop, dst->dev, false); 120 if (!IS_ERR(neigh)) { 121 ret = dst_neigh_output(dst, neigh, skb); 122 rcu_read_unlock_bh(); 123 return ret; 124 } 125 rcu_read_unlock_bh(); 126 127 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES); 128 kfree_skb(skb); 129 return -EINVAL; 130 } 131 132 static int ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb) 133 { 134 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) || 135 dst_allfrag(skb_dst(skb)) || 136 (IP6CB(skb)->frag_max_size && skb->len > IP6CB(skb)->frag_max_size)) 137 return ip6_fragment(net, sk, skb, ip6_finish_output2); 138 else 139 return ip6_finish_output2(net, sk, skb); 140 } 141 142 int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb) 143 { 144 struct net_device *dev = skb_dst(skb)->dev; 145 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb)); 146 147 if (unlikely(idev->cnf.disable_ipv6)) { 148 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS); 149 kfree_skb(skb); 150 return 0; 151 } 152 153 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, 154 net, sk, skb, NULL, dev, 155 ip6_finish_output, 156 !(IP6CB(skb)->flags & IP6SKB_REROUTED)); 157 } 158 159 /* 160 * xmit an sk_buff (used by TCP, SCTP and DCCP) 161 * Note : socket lock is not held for SYNACK packets, but might be modified 162 * by calls to skb_set_owner_w() and ipv6_local_error(), 163 * which are using proper atomic operations or spinlocks. 164 */ 165 int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6, 166 struct ipv6_txoptions *opt, int tclass) 167 { 168 struct net *net = sock_net(sk); 169 const struct ipv6_pinfo *np = inet6_sk(sk); 170 struct in6_addr *first_hop = &fl6->daddr; 171 struct dst_entry *dst = skb_dst(skb); 172 struct ipv6hdr *hdr; 173 u8 proto = fl6->flowi6_proto; 174 int seg_len = skb->len; 175 int hlimit = -1; 176 u32 mtu; 177 178 if (opt) { 179 unsigned int head_room; 180 181 /* First: exthdrs may take lots of space (~8K for now) 182 MAX_HEADER is not enough. 183 */ 184 head_room = opt->opt_nflen + opt->opt_flen; 185 seg_len += head_room; 186 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev); 187 188 if (skb_headroom(skb) < head_room) { 189 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room); 190 if (!skb2) { 191 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 192 IPSTATS_MIB_OUTDISCARDS); 193 kfree_skb(skb); 194 return -ENOBUFS; 195 } 196 consume_skb(skb); 197 skb = skb2; 198 /* skb_set_owner_w() changes sk->sk_wmem_alloc atomically, 199 * it is safe to call in our context (socket lock not held) 200 */ 201 skb_set_owner_w(skb, (struct sock *)sk); 202 } 203 if (opt->opt_flen) 204 ipv6_push_frag_opts(skb, opt, &proto); 205 if (opt->opt_nflen) 206 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop); 207 } 208 209 skb_push(skb, sizeof(struct ipv6hdr)); 210 skb_reset_network_header(skb); 211 hdr = ipv6_hdr(skb); 212 213 /* 214 * Fill in the IPv6 header 215 */ 216 if (np) 217 hlimit = np->hop_limit; 218 if (hlimit < 0) 219 hlimit = ip6_dst_hoplimit(dst); 220 221 ip6_flow_hdr(hdr, tclass, ip6_make_flowlabel(net, skb, fl6->flowlabel, 222 np->autoflowlabel, fl6)); 223 224 hdr->payload_len = htons(seg_len); 225 hdr->nexthdr = proto; 226 hdr->hop_limit = hlimit; 227 228 hdr->saddr = fl6->saddr; 229 hdr->daddr = *first_hop; 230 231 skb->protocol = htons(ETH_P_IPV6); 232 skb->priority = sk->sk_priority; 233 skb->mark = sk->sk_mark; 234 235 mtu = dst_mtu(dst); 236 if ((skb->len <= mtu) || skb->ignore_df || skb_is_gso(skb)) { 237 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)), 238 IPSTATS_MIB_OUT, skb->len); 239 240 /* if egress device is enslaved to an L3 master device pass the 241 * skb to its handler for processing 242 */ 243 skb = l3mdev_ip6_out((struct sock *)sk, skb); 244 if (unlikely(!skb)) 245 return 0; 246 247 /* hooks should never assume socket lock is held. 248 * we promote our socket to non const 249 */ 250 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, 251 net, (struct sock *)sk, skb, NULL, dst->dev, 252 dst_output); 253 } 254 255 skb->dev = dst->dev; 256 /* ipv6_local_error() does not require socket lock, 257 * we promote our socket to non const 258 */ 259 ipv6_local_error((struct sock *)sk, EMSGSIZE, fl6, mtu); 260 261 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS); 262 kfree_skb(skb); 263 return -EMSGSIZE; 264 } 265 EXPORT_SYMBOL(ip6_xmit); 266 267 static int ip6_call_ra_chain(struct sk_buff *skb, int sel) 268 { 269 struct ip6_ra_chain *ra; 270 struct sock *last = NULL; 271 272 read_lock(&ip6_ra_lock); 273 for (ra = ip6_ra_chain; ra; ra = ra->next) { 274 struct sock *sk = ra->sk; 275 if (sk && ra->sel == sel && 276 (!sk->sk_bound_dev_if || 277 sk->sk_bound_dev_if == skb->dev->ifindex)) { 278 if (last) { 279 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC); 280 if (skb2) 281 rawv6_rcv(last, skb2); 282 } 283 last = sk; 284 } 285 } 286 287 if (last) { 288 rawv6_rcv(last, skb); 289 read_unlock(&ip6_ra_lock); 290 return 1; 291 } 292 read_unlock(&ip6_ra_lock); 293 return 0; 294 } 295 296 static int ip6_forward_proxy_check(struct sk_buff *skb) 297 { 298 struct ipv6hdr *hdr = ipv6_hdr(skb); 299 u8 nexthdr = hdr->nexthdr; 300 __be16 frag_off; 301 int offset; 302 303 if (ipv6_ext_hdr(nexthdr)) { 304 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr, &frag_off); 305 if (offset < 0) 306 return 0; 307 } else 308 offset = sizeof(struct ipv6hdr); 309 310 if (nexthdr == IPPROTO_ICMPV6) { 311 struct icmp6hdr *icmp6; 312 313 if (!pskb_may_pull(skb, (skb_network_header(skb) + 314 offset + 1 - skb->data))) 315 return 0; 316 317 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset); 318 319 switch (icmp6->icmp6_type) { 320 case NDISC_ROUTER_SOLICITATION: 321 case NDISC_ROUTER_ADVERTISEMENT: 322 case NDISC_NEIGHBOUR_SOLICITATION: 323 case NDISC_NEIGHBOUR_ADVERTISEMENT: 324 case NDISC_REDIRECT: 325 /* For reaction involving unicast neighbor discovery 326 * message destined to the proxied address, pass it to 327 * input function. 328 */ 329 return 1; 330 default: 331 break; 332 } 333 } 334 335 /* 336 * The proxying router can't forward traffic sent to a link-local 337 * address, so signal the sender and discard the packet. This 338 * behavior is clarified by the MIPv6 specification. 339 */ 340 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) { 341 dst_link_failure(skb); 342 return -1; 343 } 344 345 return 0; 346 } 347 348 static inline int ip6_forward_finish(struct net *net, struct sock *sk, 349 struct sk_buff *skb) 350 { 351 return dst_output(net, sk, skb); 352 } 353 354 static unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst) 355 { 356 unsigned int mtu; 357 struct inet6_dev *idev; 358 359 if (dst_metric_locked(dst, RTAX_MTU)) { 360 mtu = dst_metric_raw(dst, RTAX_MTU); 361 if (mtu) 362 return mtu; 363 } 364 365 mtu = IPV6_MIN_MTU; 366 rcu_read_lock(); 367 idev = __in6_dev_get(dst->dev); 368 if (idev) 369 mtu = idev->cnf.mtu6; 370 rcu_read_unlock(); 371 372 return mtu; 373 } 374 375 static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu) 376 { 377 if (skb->len <= mtu) 378 return false; 379 380 /* ipv6 conntrack defrag sets max_frag_size + ignore_df */ 381 if (IP6CB(skb)->frag_max_size && IP6CB(skb)->frag_max_size > mtu) 382 return true; 383 384 if (skb->ignore_df) 385 return false; 386 387 if (skb_is_gso(skb) && skb_gso_validate_mtu(skb, mtu)) 388 return false; 389 390 return true; 391 } 392 393 int ip6_forward(struct sk_buff *skb) 394 { 395 struct dst_entry *dst = skb_dst(skb); 396 struct ipv6hdr *hdr = ipv6_hdr(skb); 397 struct inet6_skb_parm *opt = IP6CB(skb); 398 struct net *net = dev_net(dst->dev); 399 u32 mtu; 400 401 if (net->ipv6.devconf_all->forwarding == 0) 402 goto error; 403 404 if (skb->pkt_type != PACKET_HOST) 405 goto drop; 406 407 if (unlikely(skb->sk)) 408 goto drop; 409 410 if (skb_warn_if_lro(skb)) 411 goto drop; 412 413 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) { 414 __IP6_INC_STATS(net, ip6_dst_idev(dst), 415 IPSTATS_MIB_INDISCARDS); 416 goto drop; 417 } 418 419 skb_forward_csum(skb); 420 421 /* 422 * We DO NOT make any processing on 423 * RA packets, pushing them to user level AS IS 424 * without ane WARRANTY that application will be able 425 * to interpret them. The reason is that we 426 * cannot make anything clever here. 427 * 428 * We are not end-node, so that if packet contains 429 * AH/ESP, we cannot make anything. 430 * Defragmentation also would be mistake, RA packets 431 * cannot be fragmented, because there is no warranty 432 * that different fragments will go along one path. --ANK 433 */ 434 if (unlikely(opt->flags & IP6SKB_ROUTERALERT)) { 435 if (ip6_call_ra_chain(skb, ntohs(opt->ra))) 436 return 0; 437 } 438 439 /* 440 * check and decrement ttl 441 */ 442 if (hdr->hop_limit <= 1) { 443 /* Force OUTPUT device used as source address */ 444 skb->dev = dst->dev; 445 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0); 446 __IP6_INC_STATS(net, ip6_dst_idev(dst), 447 IPSTATS_MIB_INHDRERRORS); 448 449 kfree_skb(skb); 450 return -ETIMEDOUT; 451 } 452 453 /* XXX: idev->cnf.proxy_ndp? */ 454 if (net->ipv6.devconf_all->proxy_ndp && 455 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) { 456 int proxied = ip6_forward_proxy_check(skb); 457 if (proxied > 0) 458 return ip6_input(skb); 459 else if (proxied < 0) { 460 __IP6_INC_STATS(net, ip6_dst_idev(dst), 461 IPSTATS_MIB_INDISCARDS); 462 goto drop; 463 } 464 } 465 466 if (!xfrm6_route_forward(skb)) { 467 __IP6_INC_STATS(net, ip6_dst_idev(dst), 468 IPSTATS_MIB_INDISCARDS); 469 goto drop; 470 } 471 dst = skb_dst(skb); 472 473 /* IPv6 specs say nothing about it, but it is clear that we cannot 474 send redirects to source routed frames. 475 We don't send redirects to frames decapsulated from IPsec. 476 */ 477 if (skb->dev == dst->dev && opt->srcrt == 0 && !skb_sec_path(skb)) { 478 struct in6_addr *target = NULL; 479 struct inet_peer *peer; 480 struct rt6_info *rt; 481 482 /* 483 * incoming and outgoing devices are the same 484 * send a redirect. 485 */ 486 487 rt = (struct rt6_info *) dst; 488 if (rt->rt6i_flags & RTF_GATEWAY) 489 target = &rt->rt6i_gateway; 490 else 491 target = &hdr->daddr; 492 493 peer = inet_getpeer_v6(net->ipv6.peers, &hdr->daddr, 1); 494 495 /* Limit redirects both by destination (here) 496 and by source (inside ndisc_send_redirect) 497 */ 498 if (inet_peer_xrlim_allow(peer, 1*HZ)) 499 ndisc_send_redirect(skb, target); 500 if (peer) 501 inet_putpeer(peer); 502 } else { 503 int addrtype = ipv6_addr_type(&hdr->saddr); 504 505 /* This check is security critical. */ 506 if (addrtype == IPV6_ADDR_ANY || 507 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK)) 508 goto error; 509 if (addrtype & IPV6_ADDR_LINKLOCAL) { 510 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 511 ICMPV6_NOT_NEIGHBOUR, 0); 512 goto error; 513 } 514 } 515 516 mtu = ip6_dst_mtu_forward(dst); 517 if (mtu < IPV6_MIN_MTU) 518 mtu = IPV6_MIN_MTU; 519 520 if (ip6_pkt_too_big(skb, mtu)) { 521 /* Again, force OUTPUT device used as source address */ 522 skb->dev = dst->dev; 523 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); 524 __IP6_INC_STATS(net, ip6_dst_idev(dst), 525 IPSTATS_MIB_INTOOBIGERRORS); 526 __IP6_INC_STATS(net, ip6_dst_idev(dst), 527 IPSTATS_MIB_FRAGFAILS); 528 kfree_skb(skb); 529 return -EMSGSIZE; 530 } 531 532 if (skb_cow(skb, dst->dev->hard_header_len)) { 533 __IP6_INC_STATS(net, ip6_dst_idev(dst), 534 IPSTATS_MIB_OUTDISCARDS); 535 goto drop; 536 } 537 538 hdr = ipv6_hdr(skb); 539 540 /* Mangling hops number delayed to point after skb COW */ 541 542 hdr->hop_limit--; 543 544 __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS); 545 __IP6_ADD_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len); 546 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, 547 net, NULL, skb, skb->dev, dst->dev, 548 ip6_forward_finish); 549 550 error: 551 __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS); 552 drop: 553 kfree_skb(skb); 554 return -EINVAL; 555 } 556 557 static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from) 558 { 559 to->pkt_type = from->pkt_type; 560 to->priority = from->priority; 561 to->protocol = from->protocol; 562 skb_dst_drop(to); 563 skb_dst_set(to, dst_clone(skb_dst(from))); 564 to->dev = from->dev; 565 to->mark = from->mark; 566 567 #ifdef CONFIG_NET_SCHED 568 to->tc_index = from->tc_index; 569 #endif 570 nf_copy(to, from); 571 skb_copy_secmark(to, from); 572 } 573 574 int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb, 575 int (*output)(struct net *, struct sock *, struct sk_buff *)) 576 { 577 struct sk_buff *frag; 578 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb); 579 struct ipv6_pinfo *np = skb->sk && !dev_recursion_level() ? 580 inet6_sk(skb->sk) : NULL; 581 struct ipv6hdr *tmp_hdr; 582 struct frag_hdr *fh; 583 unsigned int mtu, hlen, left, len; 584 int hroom, troom; 585 __be32 frag_id; 586 int ptr, offset = 0, err = 0; 587 u8 *prevhdr, nexthdr = 0; 588 589 hlen = ip6_find_1stfragopt(skb, &prevhdr); 590 nexthdr = *prevhdr; 591 592 mtu = ip6_skb_dst_mtu(skb); 593 594 /* We must not fragment if the socket is set to force MTU discovery 595 * or if the skb it not generated by a local socket. 596 */ 597 if (unlikely(!skb->ignore_df && skb->len > mtu)) 598 goto fail_toobig; 599 600 if (IP6CB(skb)->frag_max_size) { 601 if (IP6CB(skb)->frag_max_size > mtu) 602 goto fail_toobig; 603 604 /* don't send fragments larger than what we received */ 605 mtu = IP6CB(skb)->frag_max_size; 606 if (mtu < IPV6_MIN_MTU) 607 mtu = IPV6_MIN_MTU; 608 } 609 610 if (np && np->frag_size < mtu) { 611 if (np->frag_size) 612 mtu = np->frag_size; 613 } 614 if (mtu < hlen + sizeof(struct frag_hdr) + 8) 615 goto fail_toobig; 616 mtu -= hlen + sizeof(struct frag_hdr); 617 618 frag_id = ipv6_select_ident(net, &ipv6_hdr(skb)->daddr, 619 &ipv6_hdr(skb)->saddr); 620 621 if (skb->ip_summed == CHECKSUM_PARTIAL && 622 (err = skb_checksum_help(skb))) 623 goto fail; 624 625 hroom = LL_RESERVED_SPACE(rt->dst.dev); 626 if (skb_has_frag_list(skb)) { 627 int first_len = skb_pagelen(skb); 628 struct sk_buff *frag2; 629 630 if (first_len - hlen > mtu || 631 ((first_len - hlen) & 7) || 632 skb_cloned(skb) || 633 skb_headroom(skb) < (hroom + sizeof(struct frag_hdr))) 634 goto slow_path; 635 636 skb_walk_frags(skb, frag) { 637 /* Correct geometry. */ 638 if (frag->len > mtu || 639 ((frag->len & 7) && frag->next) || 640 skb_headroom(frag) < (hlen + hroom + sizeof(struct frag_hdr))) 641 goto slow_path_clean; 642 643 /* Partially cloned skb? */ 644 if (skb_shared(frag)) 645 goto slow_path_clean; 646 647 BUG_ON(frag->sk); 648 if (skb->sk) { 649 frag->sk = skb->sk; 650 frag->destructor = sock_wfree; 651 } 652 skb->truesize -= frag->truesize; 653 } 654 655 err = 0; 656 offset = 0; 657 /* BUILD HEADER */ 658 659 *prevhdr = NEXTHDR_FRAGMENT; 660 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC); 661 if (!tmp_hdr) { 662 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 663 IPSTATS_MIB_FRAGFAILS); 664 err = -ENOMEM; 665 goto fail; 666 } 667 frag = skb_shinfo(skb)->frag_list; 668 skb_frag_list_init(skb); 669 670 __skb_pull(skb, hlen); 671 fh = (struct frag_hdr *)__skb_push(skb, sizeof(struct frag_hdr)); 672 __skb_push(skb, hlen); 673 skb_reset_network_header(skb); 674 memcpy(skb_network_header(skb), tmp_hdr, hlen); 675 676 fh->nexthdr = nexthdr; 677 fh->reserved = 0; 678 fh->frag_off = htons(IP6_MF); 679 fh->identification = frag_id; 680 681 first_len = skb_pagelen(skb); 682 skb->data_len = first_len - skb_headlen(skb); 683 skb->len = first_len; 684 ipv6_hdr(skb)->payload_len = htons(first_len - 685 sizeof(struct ipv6hdr)); 686 687 dst_hold(&rt->dst); 688 689 for (;;) { 690 /* Prepare header of the next frame, 691 * before previous one went down. */ 692 if (frag) { 693 frag->ip_summed = CHECKSUM_NONE; 694 skb_reset_transport_header(frag); 695 fh = (struct frag_hdr *)__skb_push(frag, sizeof(struct frag_hdr)); 696 __skb_push(frag, hlen); 697 skb_reset_network_header(frag); 698 memcpy(skb_network_header(frag), tmp_hdr, 699 hlen); 700 offset += skb->len - hlen - sizeof(struct frag_hdr); 701 fh->nexthdr = nexthdr; 702 fh->reserved = 0; 703 fh->frag_off = htons(offset); 704 if (frag->next) 705 fh->frag_off |= htons(IP6_MF); 706 fh->identification = frag_id; 707 ipv6_hdr(frag)->payload_len = 708 htons(frag->len - 709 sizeof(struct ipv6hdr)); 710 ip6_copy_metadata(frag, skb); 711 } 712 713 err = output(net, sk, skb); 714 if (!err) 715 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst), 716 IPSTATS_MIB_FRAGCREATES); 717 718 if (err || !frag) 719 break; 720 721 skb = frag; 722 frag = skb->next; 723 skb->next = NULL; 724 } 725 726 kfree(tmp_hdr); 727 728 if (err == 0) { 729 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst), 730 IPSTATS_MIB_FRAGOKS); 731 ip6_rt_put(rt); 732 return 0; 733 } 734 735 kfree_skb_list(frag); 736 737 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst), 738 IPSTATS_MIB_FRAGFAILS); 739 ip6_rt_put(rt); 740 return err; 741 742 slow_path_clean: 743 skb_walk_frags(skb, frag2) { 744 if (frag2 == frag) 745 break; 746 frag2->sk = NULL; 747 frag2->destructor = NULL; 748 skb->truesize += frag2->truesize; 749 } 750 } 751 752 slow_path: 753 left = skb->len - hlen; /* Space per frame */ 754 ptr = hlen; /* Where to start from */ 755 756 /* 757 * Fragment the datagram. 758 */ 759 760 *prevhdr = NEXTHDR_FRAGMENT; 761 troom = rt->dst.dev->needed_tailroom; 762 763 /* 764 * Keep copying data until we run out. 765 */ 766 while (left > 0) { 767 len = left; 768 /* IF: it doesn't fit, use 'mtu' - the data space left */ 769 if (len > mtu) 770 len = mtu; 771 /* IF: we are not sending up to and including the packet end 772 then align the next start on an eight byte boundary */ 773 if (len < left) { 774 len &= ~7; 775 } 776 777 /* Allocate buffer */ 778 frag = alloc_skb(len + hlen + sizeof(struct frag_hdr) + 779 hroom + troom, GFP_ATOMIC); 780 if (!frag) { 781 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 782 IPSTATS_MIB_FRAGFAILS); 783 err = -ENOMEM; 784 goto fail; 785 } 786 787 /* 788 * Set up data on packet 789 */ 790 791 ip6_copy_metadata(frag, skb); 792 skb_reserve(frag, hroom); 793 skb_put(frag, len + hlen + sizeof(struct frag_hdr)); 794 skb_reset_network_header(frag); 795 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen); 796 frag->transport_header = (frag->network_header + hlen + 797 sizeof(struct frag_hdr)); 798 799 /* 800 * Charge the memory for the fragment to any owner 801 * it might possess 802 */ 803 if (skb->sk) 804 skb_set_owner_w(frag, skb->sk); 805 806 /* 807 * Copy the packet header into the new buffer. 808 */ 809 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen); 810 811 /* 812 * Build fragment header. 813 */ 814 fh->nexthdr = nexthdr; 815 fh->reserved = 0; 816 fh->identification = frag_id; 817 818 /* 819 * Copy a block of the IP datagram. 820 */ 821 BUG_ON(skb_copy_bits(skb, ptr, skb_transport_header(frag), 822 len)); 823 left -= len; 824 825 fh->frag_off = htons(offset); 826 if (left > 0) 827 fh->frag_off |= htons(IP6_MF); 828 ipv6_hdr(frag)->payload_len = htons(frag->len - 829 sizeof(struct ipv6hdr)); 830 831 ptr += len; 832 offset += len; 833 834 /* 835 * Put this fragment into the sending queue. 836 */ 837 err = output(net, sk, frag); 838 if (err) 839 goto fail; 840 841 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 842 IPSTATS_MIB_FRAGCREATES); 843 } 844 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 845 IPSTATS_MIB_FRAGOKS); 846 consume_skb(skb); 847 return err; 848 849 fail_toobig: 850 if (skb->sk && dst_allfrag(skb_dst(skb))) 851 sk_nocaps_add(skb->sk, NETIF_F_GSO_MASK); 852 853 skb->dev = skb_dst(skb)->dev; 854 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); 855 err = -EMSGSIZE; 856 857 fail: 858 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 859 IPSTATS_MIB_FRAGFAILS); 860 kfree_skb(skb); 861 return err; 862 } 863 864 static inline int ip6_rt_check(const struct rt6key *rt_key, 865 const struct in6_addr *fl_addr, 866 const struct in6_addr *addr_cache) 867 { 868 return (rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) && 869 (!addr_cache || !ipv6_addr_equal(fl_addr, addr_cache)); 870 } 871 872 static struct dst_entry *ip6_sk_dst_check(struct sock *sk, 873 struct dst_entry *dst, 874 const struct flowi6 *fl6) 875 { 876 struct ipv6_pinfo *np = inet6_sk(sk); 877 struct rt6_info *rt; 878 879 if (!dst) 880 goto out; 881 882 if (dst->ops->family != AF_INET6) { 883 dst_release(dst); 884 return NULL; 885 } 886 887 rt = (struct rt6_info *)dst; 888 /* Yes, checking route validity in not connected 889 * case is not very simple. Take into account, 890 * that we do not support routing by source, TOS, 891 * and MSG_DONTROUTE --ANK (980726) 892 * 893 * 1. ip6_rt_check(): If route was host route, 894 * check that cached destination is current. 895 * If it is network route, we still may 896 * check its validity using saved pointer 897 * to the last used address: daddr_cache. 898 * We do not want to save whole address now, 899 * (because main consumer of this service 900 * is tcp, which has not this problem), 901 * so that the last trick works only on connected 902 * sockets. 903 * 2. oif also should be the same. 904 */ 905 if (ip6_rt_check(&rt->rt6i_dst, &fl6->daddr, np->daddr_cache) || 906 #ifdef CONFIG_IPV6_SUBTREES 907 ip6_rt_check(&rt->rt6i_src, &fl6->saddr, np->saddr_cache) || 908 #endif 909 (!(fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF) && 910 (fl6->flowi6_oif && fl6->flowi6_oif != dst->dev->ifindex))) { 911 dst_release(dst); 912 dst = NULL; 913 } 914 915 out: 916 return dst; 917 } 918 919 static int ip6_dst_lookup_tail(struct net *net, const struct sock *sk, 920 struct dst_entry **dst, struct flowi6 *fl6) 921 { 922 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD 923 struct neighbour *n; 924 struct rt6_info *rt; 925 #endif 926 int err; 927 int flags = 0; 928 929 /* The correct way to handle this would be to do 930 * ip6_route_get_saddr, and then ip6_route_output; however, 931 * the route-specific preferred source forces the 932 * ip6_route_output call _before_ ip6_route_get_saddr. 933 * 934 * In source specific routing (no src=any default route), 935 * ip6_route_output will fail given src=any saddr, though, so 936 * that's why we try it again later. 937 */ 938 if (ipv6_addr_any(&fl6->saddr) && (!*dst || !(*dst)->error)) { 939 struct rt6_info *rt; 940 bool had_dst = *dst != NULL; 941 942 if (!had_dst) 943 *dst = ip6_route_output(net, sk, fl6); 944 rt = (*dst)->error ? NULL : (struct rt6_info *)*dst; 945 err = ip6_route_get_saddr(net, rt, &fl6->daddr, 946 sk ? inet6_sk(sk)->srcprefs : 0, 947 &fl6->saddr); 948 if (err) 949 goto out_err_release; 950 951 /* If we had an erroneous initial result, pretend it 952 * never existed and let the SA-enabled version take 953 * over. 954 */ 955 if (!had_dst && (*dst)->error) { 956 dst_release(*dst); 957 *dst = NULL; 958 } 959 960 if (fl6->flowi6_oif) 961 flags |= RT6_LOOKUP_F_IFACE; 962 } 963 964 if (!*dst) 965 *dst = ip6_route_output_flags(net, sk, fl6, flags); 966 967 err = (*dst)->error; 968 if (err) 969 goto out_err_release; 970 971 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD 972 /* 973 * Here if the dst entry we've looked up 974 * has a neighbour entry that is in the INCOMPLETE 975 * state and the src address from the flow is 976 * marked as OPTIMISTIC, we release the found 977 * dst entry and replace it instead with the 978 * dst entry of the nexthop router 979 */ 980 rt = (struct rt6_info *) *dst; 981 rcu_read_lock_bh(); 982 n = __ipv6_neigh_lookup_noref(rt->dst.dev, 983 rt6_nexthop(rt, &fl6->daddr)); 984 err = n && !(n->nud_state & NUD_VALID) ? -EINVAL : 0; 985 rcu_read_unlock_bh(); 986 987 if (err) { 988 struct inet6_ifaddr *ifp; 989 struct flowi6 fl_gw6; 990 int redirect; 991 992 ifp = ipv6_get_ifaddr(net, &fl6->saddr, 993 (*dst)->dev, 1); 994 995 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC); 996 if (ifp) 997 in6_ifa_put(ifp); 998 999 if (redirect) { 1000 /* 1001 * We need to get the dst entry for the 1002 * default router instead 1003 */ 1004 dst_release(*dst); 1005 memcpy(&fl_gw6, fl6, sizeof(struct flowi6)); 1006 memset(&fl_gw6.daddr, 0, sizeof(struct in6_addr)); 1007 *dst = ip6_route_output(net, sk, &fl_gw6); 1008 err = (*dst)->error; 1009 if (err) 1010 goto out_err_release; 1011 } 1012 } 1013 #endif 1014 1015 return 0; 1016 1017 out_err_release: 1018 dst_release(*dst); 1019 *dst = NULL; 1020 1021 if (err == -ENETUNREACH) 1022 IP6_INC_STATS(net, NULL, IPSTATS_MIB_OUTNOROUTES); 1023 return err; 1024 } 1025 1026 /** 1027 * ip6_dst_lookup - perform route lookup on flow 1028 * @sk: socket which provides route info 1029 * @dst: pointer to dst_entry * for result 1030 * @fl6: flow to lookup 1031 * 1032 * This function performs a route lookup on the given flow. 1033 * 1034 * It returns zero on success, or a standard errno code on error. 1035 */ 1036 int ip6_dst_lookup(struct net *net, struct sock *sk, struct dst_entry **dst, 1037 struct flowi6 *fl6) 1038 { 1039 *dst = NULL; 1040 return ip6_dst_lookup_tail(net, sk, dst, fl6); 1041 } 1042 EXPORT_SYMBOL_GPL(ip6_dst_lookup); 1043 1044 /** 1045 * ip6_dst_lookup_flow - perform route lookup on flow with ipsec 1046 * @sk: socket which provides route info 1047 * @fl6: flow to lookup 1048 * @final_dst: final destination address for ipsec lookup 1049 * 1050 * This function performs a route lookup on the given flow. 1051 * 1052 * It returns a valid dst pointer on success, or a pointer encoded 1053 * error code. 1054 */ 1055 struct dst_entry *ip6_dst_lookup_flow(const struct sock *sk, struct flowi6 *fl6, 1056 const struct in6_addr *final_dst) 1057 { 1058 struct dst_entry *dst = NULL; 1059 int err; 1060 1061 err = ip6_dst_lookup_tail(sock_net(sk), sk, &dst, fl6); 1062 if (err) 1063 return ERR_PTR(err); 1064 if (final_dst) 1065 fl6->daddr = *final_dst; 1066 1067 return xfrm_lookup_route(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0); 1068 } 1069 EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow); 1070 1071 /** 1072 * ip6_sk_dst_lookup_flow - perform socket cached route lookup on flow 1073 * @sk: socket which provides the dst cache and route info 1074 * @fl6: flow to lookup 1075 * @final_dst: final destination address for ipsec lookup 1076 * 1077 * This function performs a route lookup on the given flow with the 1078 * possibility of using the cached route in the socket if it is valid. 1079 * It will take the socket dst lock when operating on the dst cache. 1080 * As a result, this function can only be used in process context. 1081 * 1082 * It returns a valid dst pointer on success, or a pointer encoded 1083 * error code. 1084 */ 1085 struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6, 1086 const struct in6_addr *final_dst) 1087 { 1088 struct dst_entry *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie); 1089 1090 dst = ip6_sk_dst_check(sk, dst, fl6); 1091 if (!dst) 1092 dst = ip6_dst_lookup_flow(sk, fl6, final_dst); 1093 1094 return dst; 1095 } 1096 EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow); 1097 1098 static inline int ip6_ufo_append_data(struct sock *sk, 1099 struct sk_buff_head *queue, 1100 int getfrag(void *from, char *to, int offset, int len, 1101 int odd, struct sk_buff *skb), 1102 void *from, int length, int hh_len, int fragheaderlen, 1103 int exthdrlen, int transhdrlen, int mtu, 1104 unsigned int flags, const struct flowi6 *fl6) 1105 1106 { 1107 struct sk_buff *skb; 1108 int err; 1109 1110 /* There is support for UDP large send offload by network 1111 * device, so create one single skb packet containing complete 1112 * udp datagram 1113 */ 1114 skb = skb_peek_tail(queue); 1115 if (!skb) { 1116 skb = sock_alloc_send_skb(sk, 1117 hh_len + fragheaderlen + transhdrlen + 20, 1118 (flags & MSG_DONTWAIT), &err); 1119 if (!skb) 1120 return err; 1121 1122 /* reserve space for Hardware header */ 1123 skb_reserve(skb, hh_len); 1124 1125 /* create space for UDP/IP header */ 1126 skb_put(skb, fragheaderlen + transhdrlen); 1127 1128 /* initialize network header pointer */ 1129 skb_set_network_header(skb, exthdrlen); 1130 1131 /* initialize protocol header pointer */ 1132 skb->transport_header = skb->network_header + fragheaderlen; 1133 1134 skb->protocol = htons(ETH_P_IPV6); 1135 skb->csum = 0; 1136 1137 __skb_queue_tail(queue, skb); 1138 } else if (skb_is_gso(skb)) { 1139 goto append; 1140 } 1141 1142 skb->ip_summed = CHECKSUM_PARTIAL; 1143 /* Specify the length of each IPv6 datagram fragment. 1144 * It has to be a multiple of 8. 1145 */ 1146 skb_shinfo(skb)->gso_size = (mtu - fragheaderlen - 1147 sizeof(struct frag_hdr)) & ~7; 1148 skb_shinfo(skb)->gso_type = SKB_GSO_UDP; 1149 skb_shinfo(skb)->ip6_frag_id = ipv6_select_ident(sock_net(sk), 1150 &fl6->daddr, 1151 &fl6->saddr); 1152 1153 append: 1154 return skb_append_datato_frags(sk, skb, getfrag, from, 1155 (length - transhdrlen)); 1156 } 1157 1158 static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src, 1159 gfp_t gfp) 1160 { 1161 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL; 1162 } 1163 1164 static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src, 1165 gfp_t gfp) 1166 { 1167 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL; 1168 } 1169 1170 static void ip6_append_data_mtu(unsigned int *mtu, 1171 int *maxfraglen, 1172 unsigned int fragheaderlen, 1173 struct sk_buff *skb, 1174 struct rt6_info *rt, 1175 unsigned int orig_mtu) 1176 { 1177 if (!(rt->dst.flags & DST_XFRM_TUNNEL)) { 1178 if (!skb) { 1179 /* first fragment, reserve header_len */ 1180 *mtu = orig_mtu - rt->dst.header_len; 1181 1182 } else { 1183 /* 1184 * this fragment is not first, the headers 1185 * space is regarded as data space. 1186 */ 1187 *mtu = orig_mtu; 1188 } 1189 *maxfraglen = ((*mtu - fragheaderlen) & ~7) 1190 + fragheaderlen - sizeof(struct frag_hdr); 1191 } 1192 } 1193 1194 static int ip6_setup_cork(struct sock *sk, struct inet_cork_full *cork, 1195 struct inet6_cork *v6_cork, struct ipcm6_cookie *ipc6, 1196 struct rt6_info *rt, struct flowi6 *fl6) 1197 { 1198 struct ipv6_pinfo *np = inet6_sk(sk); 1199 unsigned int mtu; 1200 struct ipv6_txoptions *opt = ipc6->opt; 1201 1202 /* 1203 * setup for corking 1204 */ 1205 if (opt) { 1206 if (WARN_ON(v6_cork->opt)) 1207 return -EINVAL; 1208 1209 v6_cork->opt = kzalloc(opt->tot_len, sk->sk_allocation); 1210 if (unlikely(!v6_cork->opt)) 1211 return -ENOBUFS; 1212 1213 v6_cork->opt->tot_len = opt->tot_len; 1214 v6_cork->opt->opt_flen = opt->opt_flen; 1215 v6_cork->opt->opt_nflen = opt->opt_nflen; 1216 1217 v6_cork->opt->dst0opt = ip6_opt_dup(opt->dst0opt, 1218 sk->sk_allocation); 1219 if (opt->dst0opt && !v6_cork->opt->dst0opt) 1220 return -ENOBUFS; 1221 1222 v6_cork->opt->dst1opt = ip6_opt_dup(opt->dst1opt, 1223 sk->sk_allocation); 1224 if (opt->dst1opt && !v6_cork->opt->dst1opt) 1225 return -ENOBUFS; 1226 1227 v6_cork->opt->hopopt = ip6_opt_dup(opt->hopopt, 1228 sk->sk_allocation); 1229 if (opt->hopopt && !v6_cork->opt->hopopt) 1230 return -ENOBUFS; 1231 1232 v6_cork->opt->srcrt = ip6_rthdr_dup(opt->srcrt, 1233 sk->sk_allocation); 1234 if (opt->srcrt && !v6_cork->opt->srcrt) 1235 return -ENOBUFS; 1236 1237 /* need source address above miyazawa*/ 1238 } 1239 dst_hold(&rt->dst); 1240 cork->base.dst = &rt->dst; 1241 cork->fl.u.ip6 = *fl6; 1242 v6_cork->hop_limit = ipc6->hlimit; 1243 v6_cork->tclass = ipc6->tclass; 1244 if (rt->dst.flags & DST_XFRM_TUNNEL) 1245 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ? 1246 rt->dst.dev->mtu : dst_mtu(&rt->dst); 1247 else 1248 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ? 1249 rt->dst.dev->mtu : dst_mtu(rt->dst.path); 1250 if (np->frag_size < mtu) { 1251 if (np->frag_size) 1252 mtu = np->frag_size; 1253 } 1254 cork->base.fragsize = mtu; 1255 if (dst_allfrag(rt->dst.path)) 1256 cork->base.flags |= IPCORK_ALLFRAG; 1257 cork->base.length = 0; 1258 1259 return 0; 1260 } 1261 1262 static int __ip6_append_data(struct sock *sk, 1263 struct flowi6 *fl6, 1264 struct sk_buff_head *queue, 1265 struct inet_cork *cork, 1266 struct inet6_cork *v6_cork, 1267 struct page_frag *pfrag, 1268 int getfrag(void *from, char *to, int offset, 1269 int len, int odd, struct sk_buff *skb), 1270 void *from, int length, int transhdrlen, 1271 unsigned int flags, struct ipcm6_cookie *ipc6, 1272 const struct sockcm_cookie *sockc) 1273 { 1274 struct sk_buff *skb, *skb_prev = NULL; 1275 unsigned int maxfraglen, fragheaderlen, mtu, orig_mtu; 1276 int exthdrlen = 0; 1277 int dst_exthdrlen = 0; 1278 int hh_len; 1279 int copy; 1280 int err; 1281 int offset = 0; 1282 __u8 tx_flags = 0; 1283 u32 tskey = 0; 1284 struct rt6_info *rt = (struct rt6_info *)cork->dst; 1285 struct ipv6_txoptions *opt = v6_cork->opt; 1286 int csummode = CHECKSUM_NONE; 1287 unsigned int maxnonfragsize, headersize; 1288 1289 skb = skb_peek_tail(queue); 1290 if (!skb) { 1291 exthdrlen = opt ? opt->opt_flen : 0; 1292 dst_exthdrlen = rt->dst.header_len - rt->rt6i_nfheader_len; 1293 } 1294 1295 mtu = cork->fragsize; 1296 orig_mtu = mtu; 1297 1298 hh_len = LL_RESERVED_SPACE(rt->dst.dev); 1299 1300 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len + 1301 (opt ? opt->opt_nflen : 0); 1302 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - 1303 sizeof(struct frag_hdr); 1304 1305 headersize = sizeof(struct ipv6hdr) + 1306 (opt ? opt->opt_flen + opt->opt_nflen : 0) + 1307 (dst_allfrag(&rt->dst) ? 1308 sizeof(struct frag_hdr) : 0) + 1309 rt->rt6i_nfheader_len; 1310 1311 if (cork->length + length > mtu - headersize && ipc6->dontfrag && 1312 (sk->sk_protocol == IPPROTO_UDP || 1313 sk->sk_protocol == IPPROTO_RAW)) { 1314 ipv6_local_rxpmtu(sk, fl6, mtu - headersize + 1315 sizeof(struct ipv6hdr)); 1316 goto emsgsize; 1317 } 1318 1319 if (ip6_sk_ignore_df(sk)) 1320 maxnonfragsize = sizeof(struct ipv6hdr) + IPV6_MAXPLEN; 1321 else 1322 maxnonfragsize = mtu; 1323 1324 if (cork->length + length > maxnonfragsize - headersize) { 1325 emsgsize: 1326 ipv6_local_error(sk, EMSGSIZE, fl6, 1327 mtu - headersize + 1328 sizeof(struct ipv6hdr)); 1329 return -EMSGSIZE; 1330 } 1331 1332 /* CHECKSUM_PARTIAL only with no extension headers and when 1333 * we are not going to fragment 1334 */ 1335 if (transhdrlen && sk->sk_protocol == IPPROTO_UDP && 1336 headersize == sizeof(struct ipv6hdr) && 1337 length < mtu - headersize && 1338 !(flags & MSG_MORE) && 1339 rt->dst.dev->features & (NETIF_F_IPV6_CSUM | NETIF_F_HW_CSUM)) 1340 csummode = CHECKSUM_PARTIAL; 1341 1342 if (sk->sk_type == SOCK_DGRAM || sk->sk_type == SOCK_RAW) { 1343 sock_tx_timestamp(sk, sockc->tsflags, &tx_flags); 1344 if (tx_flags & SKBTX_ANY_SW_TSTAMP && 1345 sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID) 1346 tskey = sk->sk_tskey++; 1347 } 1348 1349 /* 1350 * Let's try using as much space as possible. 1351 * Use MTU if total length of the message fits into the MTU. 1352 * Otherwise, we need to reserve fragment header and 1353 * fragment alignment (= 8-15 octects, in total). 1354 * 1355 * Note that we may need to "move" the data from the tail of 1356 * of the buffer to the new fragment when we split 1357 * the message. 1358 * 1359 * FIXME: It may be fragmented into multiple chunks 1360 * at once if non-fragmentable extension headers 1361 * are too large. 1362 * --yoshfuji 1363 */ 1364 1365 cork->length += length; 1366 if (((length > mtu) || 1367 (skb && skb_is_gso(skb))) && 1368 (sk->sk_protocol == IPPROTO_UDP) && 1369 (rt->dst.dev->features & NETIF_F_UFO) && 1370 (sk->sk_type == SOCK_DGRAM) && !udp_get_no_check6_tx(sk)) { 1371 err = ip6_ufo_append_data(sk, queue, getfrag, from, length, 1372 hh_len, fragheaderlen, exthdrlen, 1373 transhdrlen, mtu, flags, fl6); 1374 if (err) 1375 goto error; 1376 return 0; 1377 } 1378 1379 if (!skb) 1380 goto alloc_new_skb; 1381 1382 while (length > 0) { 1383 /* Check if the remaining data fits into current packet. */ 1384 copy = (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len; 1385 if (copy < length) 1386 copy = maxfraglen - skb->len; 1387 1388 if (copy <= 0) { 1389 char *data; 1390 unsigned int datalen; 1391 unsigned int fraglen; 1392 unsigned int fraggap; 1393 unsigned int alloclen; 1394 alloc_new_skb: 1395 /* There's no room in the current skb */ 1396 if (skb) 1397 fraggap = skb->len - maxfraglen; 1398 else 1399 fraggap = 0; 1400 /* update mtu and maxfraglen if necessary */ 1401 if (!skb || !skb_prev) 1402 ip6_append_data_mtu(&mtu, &maxfraglen, 1403 fragheaderlen, skb, rt, 1404 orig_mtu); 1405 1406 skb_prev = skb; 1407 1408 /* 1409 * If remaining data exceeds the mtu, 1410 * we know we need more fragment(s). 1411 */ 1412 datalen = length + fraggap; 1413 1414 if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen) 1415 datalen = maxfraglen - fragheaderlen - rt->dst.trailer_len; 1416 if ((flags & MSG_MORE) && 1417 !(rt->dst.dev->features&NETIF_F_SG)) 1418 alloclen = mtu; 1419 else 1420 alloclen = datalen + fragheaderlen; 1421 1422 alloclen += dst_exthdrlen; 1423 1424 if (datalen != length + fraggap) { 1425 /* 1426 * this is not the last fragment, the trailer 1427 * space is regarded as data space. 1428 */ 1429 datalen += rt->dst.trailer_len; 1430 } 1431 1432 alloclen += rt->dst.trailer_len; 1433 fraglen = datalen + fragheaderlen; 1434 1435 /* 1436 * We just reserve space for fragment header. 1437 * Note: this may be overallocation if the message 1438 * (without MSG_MORE) fits into the MTU. 1439 */ 1440 alloclen += sizeof(struct frag_hdr); 1441 1442 if (transhdrlen) { 1443 skb = sock_alloc_send_skb(sk, 1444 alloclen + hh_len, 1445 (flags & MSG_DONTWAIT), &err); 1446 } else { 1447 skb = NULL; 1448 if (atomic_read(&sk->sk_wmem_alloc) <= 1449 2 * sk->sk_sndbuf) 1450 skb = sock_wmalloc(sk, 1451 alloclen + hh_len, 1, 1452 sk->sk_allocation); 1453 if (unlikely(!skb)) 1454 err = -ENOBUFS; 1455 } 1456 if (!skb) 1457 goto error; 1458 /* 1459 * Fill in the control structures 1460 */ 1461 skb->protocol = htons(ETH_P_IPV6); 1462 skb->ip_summed = csummode; 1463 skb->csum = 0; 1464 /* reserve for fragmentation and ipsec header */ 1465 skb_reserve(skb, hh_len + sizeof(struct frag_hdr) + 1466 dst_exthdrlen); 1467 1468 /* Only the initial fragment is time stamped */ 1469 skb_shinfo(skb)->tx_flags = tx_flags; 1470 tx_flags = 0; 1471 skb_shinfo(skb)->tskey = tskey; 1472 tskey = 0; 1473 1474 /* 1475 * Find where to start putting bytes 1476 */ 1477 data = skb_put(skb, fraglen); 1478 skb_set_network_header(skb, exthdrlen); 1479 data += fragheaderlen; 1480 skb->transport_header = (skb->network_header + 1481 fragheaderlen); 1482 if (fraggap) { 1483 skb->csum = skb_copy_and_csum_bits( 1484 skb_prev, maxfraglen, 1485 data + transhdrlen, fraggap, 0); 1486 skb_prev->csum = csum_sub(skb_prev->csum, 1487 skb->csum); 1488 data += fraggap; 1489 pskb_trim_unique(skb_prev, maxfraglen); 1490 } 1491 copy = datalen - transhdrlen - fraggap; 1492 1493 if (copy < 0) { 1494 err = -EINVAL; 1495 kfree_skb(skb); 1496 goto error; 1497 } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) { 1498 err = -EFAULT; 1499 kfree_skb(skb); 1500 goto error; 1501 } 1502 1503 offset += copy; 1504 length -= datalen - fraggap; 1505 transhdrlen = 0; 1506 exthdrlen = 0; 1507 dst_exthdrlen = 0; 1508 1509 /* 1510 * Put the packet on the pending queue 1511 */ 1512 __skb_queue_tail(queue, skb); 1513 continue; 1514 } 1515 1516 if (copy > length) 1517 copy = length; 1518 1519 if (!(rt->dst.dev->features&NETIF_F_SG)) { 1520 unsigned int off; 1521 1522 off = skb->len; 1523 if (getfrag(from, skb_put(skb, copy), 1524 offset, copy, off, skb) < 0) { 1525 __skb_trim(skb, off); 1526 err = -EFAULT; 1527 goto error; 1528 } 1529 } else { 1530 int i = skb_shinfo(skb)->nr_frags; 1531 1532 err = -ENOMEM; 1533 if (!sk_page_frag_refill(sk, pfrag)) 1534 goto error; 1535 1536 if (!skb_can_coalesce(skb, i, pfrag->page, 1537 pfrag->offset)) { 1538 err = -EMSGSIZE; 1539 if (i == MAX_SKB_FRAGS) 1540 goto error; 1541 1542 __skb_fill_page_desc(skb, i, pfrag->page, 1543 pfrag->offset, 0); 1544 skb_shinfo(skb)->nr_frags = ++i; 1545 get_page(pfrag->page); 1546 } 1547 copy = min_t(int, copy, pfrag->size - pfrag->offset); 1548 if (getfrag(from, 1549 page_address(pfrag->page) + pfrag->offset, 1550 offset, copy, skb->len, skb) < 0) 1551 goto error_efault; 1552 1553 pfrag->offset += copy; 1554 skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy); 1555 skb->len += copy; 1556 skb->data_len += copy; 1557 skb->truesize += copy; 1558 atomic_add(copy, &sk->sk_wmem_alloc); 1559 } 1560 offset += copy; 1561 length -= copy; 1562 } 1563 1564 return 0; 1565 1566 error_efault: 1567 err = -EFAULT; 1568 error: 1569 cork->length -= length; 1570 IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS); 1571 return err; 1572 } 1573 1574 int ip6_append_data(struct sock *sk, 1575 int getfrag(void *from, char *to, int offset, int len, 1576 int odd, struct sk_buff *skb), 1577 void *from, int length, int transhdrlen, 1578 struct ipcm6_cookie *ipc6, struct flowi6 *fl6, 1579 struct rt6_info *rt, unsigned int flags, 1580 const struct sockcm_cookie *sockc) 1581 { 1582 struct inet_sock *inet = inet_sk(sk); 1583 struct ipv6_pinfo *np = inet6_sk(sk); 1584 int exthdrlen; 1585 int err; 1586 1587 if (flags&MSG_PROBE) 1588 return 0; 1589 if (skb_queue_empty(&sk->sk_write_queue)) { 1590 /* 1591 * setup for corking 1592 */ 1593 err = ip6_setup_cork(sk, &inet->cork, &np->cork, 1594 ipc6, rt, fl6); 1595 if (err) 1596 return err; 1597 1598 exthdrlen = (ipc6->opt ? ipc6->opt->opt_flen : 0); 1599 length += exthdrlen; 1600 transhdrlen += exthdrlen; 1601 } else { 1602 fl6 = &inet->cork.fl.u.ip6; 1603 transhdrlen = 0; 1604 } 1605 1606 return __ip6_append_data(sk, fl6, &sk->sk_write_queue, &inet->cork.base, 1607 &np->cork, sk_page_frag(sk), getfrag, 1608 from, length, transhdrlen, flags, ipc6, sockc); 1609 } 1610 EXPORT_SYMBOL_GPL(ip6_append_data); 1611 1612 static void ip6_cork_release(struct inet_cork_full *cork, 1613 struct inet6_cork *v6_cork) 1614 { 1615 if (v6_cork->opt) { 1616 kfree(v6_cork->opt->dst0opt); 1617 kfree(v6_cork->opt->dst1opt); 1618 kfree(v6_cork->opt->hopopt); 1619 kfree(v6_cork->opt->srcrt); 1620 kfree(v6_cork->opt); 1621 v6_cork->opt = NULL; 1622 } 1623 1624 if (cork->base.dst) { 1625 dst_release(cork->base.dst); 1626 cork->base.dst = NULL; 1627 cork->base.flags &= ~IPCORK_ALLFRAG; 1628 } 1629 memset(&cork->fl, 0, sizeof(cork->fl)); 1630 } 1631 1632 struct sk_buff *__ip6_make_skb(struct sock *sk, 1633 struct sk_buff_head *queue, 1634 struct inet_cork_full *cork, 1635 struct inet6_cork *v6_cork) 1636 { 1637 struct sk_buff *skb, *tmp_skb; 1638 struct sk_buff **tail_skb; 1639 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf; 1640 struct ipv6_pinfo *np = inet6_sk(sk); 1641 struct net *net = sock_net(sk); 1642 struct ipv6hdr *hdr; 1643 struct ipv6_txoptions *opt = v6_cork->opt; 1644 struct rt6_info *rt = (struct rt6_info *)cork->base.dst; 1645 struct flowi6 *fl6 = &cork->fl.u.ip6; 1646 unsigned char proto = fl6->flowi6_proto; 1647 1648 skb = __skb_dequeue(queue); 1649 if (!skb) 1650 goto out; 1651 tail_skb = &(skb_shinfo(skb)->frag_list); 1652 1653 /* move skb->data to ip header from ext header */ 1654 if (skb->data < skb_network_header(skb)) 1655 __skb_pull(skb, skb_network_offset(skb)); 1656 while ((tmp_skb = __skb_dequeue(queue)) != NULL) { 1657 __skb_pull(tmp_skb, skb_network_header_len(skb)); 1658 *tail_skb = tmp_skb; 1659 tail_skb = &(tmp_skb->next); 1660 skb->len += tmp_skb->len; 1661 skb->data_len += tmp_skb->len; 1662 skb->truesize += tmp_skb->truesize; 1663 tmp_skb->destructor = NULL; 1664 tmp_skb->sk = NULL; 1665 } 1666 1667 /* Allow local fragmentation. */ 1668 skb->ignore_df = ip6_sk_ignore_df(sk); 1669 1670 *final_dst = fl6->daddr; 1671 __skb_pull(skb, skb_network_header_len(skb)); 1672 if (opt && opt->opt_flen) 1673 ipv6_push_frag_opts(skb, opt, &proto); 1674 if (opt && opt->opt_nflen) 1675 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst); 1676 1677 skb_push(skb, sizeof(struct ipv6hdr)); 1678 skb_reset_network_header(skb); 1679 hdr = ipv6_hdr(skb); 1680 1681 ip6_flow_hdr(hdr, v6_cork->tclass, 1682 ip6_make_flowlabel(net, skb, fl6->flowlabel, 1683 np->autoflowlabel, fl6)); 1684 hdr->hop_limit = v6_cork->hop_limit; 1685 hdr->nexthdr = proto; 1686 hdr->saddr = fl6->saddr; 1687 hdr->daddr = *final_dst; 1688 1689 skb->priority = sk->sk_priority; 1690 skb->mark = sk->sk_mark; 1691 1692 skb_dst_set(skb, dst_clone(&rt->dst)); 1693 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len); 1694 if (proto == IPPROTO_ICMPV6) { 1695 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb)); 1696 1697 ICMP6MSGOUT_INC_STATS(net, idev, icmp6_hdr(skb)->icmp6_type); 1698 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 1699 } 1700 1701 ip6_cork_release(cork, v6_cork); 1702 out: 1703 return skb; 1704 } 1705 1706 int ip6_send_skb(struct sk_buff *skb) 1707 { 1708 struct net *net = sock_net(skb->sk); 1709 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb); 1710 int err; 1711 1712 err = ip6_local_out(net, skb->sk, skb); 1713 if (err) { 1714 if (err > 0) 1715 err = net_xmit_errno(err); 1716 if (err) 1717 IP6_INC_STATS(net, rt->rt6i_idev, 1718 IPSTATS_MIB_OUTDISCARDS); 1719 } 1720 1721 return err; 1722 } 1723 1724 int ip6_push_pending_frames(struct sock *sk) 1725 { 1726 struct sk_buff *skb; 1727 1728 skb = ip6_finish_skb(sk); 1729 if (!skb) 1730 return 0; 1731 1732 return ip6_send_skb(skb); 1733 } 1734 EXPORT_SYMBOL_GPL(ip6_push_pending_frames); 1735 1736 static void __ip6_flush_pending_frames(struct sock *sk, 1737 struct sk_buff_head *queue, 1738 struct inet_cork_full *cork, 1739 struct inet6_cork *v6_cork) 1740 { 1741 struct sk_buff *skb; 1742 1743 while ((skb = __skb_dequeue_tail(queue)) != NULL) { 1744 if (skb_dst(skb)) 1745 IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb_dst(skb)), 1746 IPSTATS_MIB_OUTDISCARDS); 1747 kfree_skb(skb); 1748 } 1749 1750 ip6_cork_release(cork, v6_cork); 1751 } 1752 1753 void ip6_flush_pending_frames(struct sock *sk) 1754 { 1755 __ip6_flush_pending_frames(sk, &sk->sk_write_queue, 1756 &inet_sk(sk)->cork, &inet6_sk(sk)->cork); 1757 } 1758 EXPORT_SYMBOL_GPL(ip6_flush_pending_frames); 1759 1760 struct sk_buff *ip6_make_skb(struct sock *sk, 1761 int getfrag(void *from, char *to, int offset, 1762 int len, int odd, struct sk_buff *skb), 1763 void *from, int length, int transhdrlen, 1764 struct ipcm6_cookie *ipc6, struct flowi6 *fl6, 1765 struct rt6_info *rt, unsigned int flags, 1766 const struct sockcm_cookie *sockc) 1767 { 1768 struct inet_cork_full cork; 1769 struct inet6_cork v6_cork; 1770 struct sk_buff_head queue; 1771 int exthdrlen = (ipc6->opt ? ipc6->opt->opt_flen : 0); 1772 int err; 1773 1774 if (flags & MSG_PROBE) 1775 return NULL; 1776 1777 __skb_queue_head_init(&queue); 1778 1779 cork.base.flags = 0; 1780 cork.base.addr = 0; 1781 cork.base.opt = NULL; 1782 v6_cork.opt = NULL; 1783 err = ip6_setup_cork(sk, &cork, &v6_cork, ipc6, rt, fl6); 1784 if (err) 1785 return ERR_PTR(err); 1786 1787 if (ipc6->dontfrag < 0) 1788 ipc6->dontfrag = inet6_sk(sk)->dontfrag; 1789 1790 err = __ip6_append_data(sk, fl6, &queue, &cork.base, &v6_cork, 1791 ¤t->task_frag, getfrag, from, 1792 length + exthdrlen, transhdrlen + exthdrlen, 1793 flags, ipc6, sockc); 1794 if (err) { 1795 __ip6_flush_pending_frames(sk, &queue, &cork, &v6_cork); 1796 return ERR_PTR(err); 1797 } 1798 1799 return __ip6_make_skb(sk, &queue, &cork, &v6_cork); 1800 } 1801