1 /* 2 * IPv6 output functions 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on linux/net/ipv4/ip_output.c 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License 12 * as published by the Free Software Foundation; either version 13 * 2 of the License, or (at your option) any later version. 14 * 15 * Changes: 16 * A.N.Kuznetsov : airthmetics in fragmentation. 17 * extension headers are implemented. 18 * route changes now work. 19 * ip6_forward does not confuse sniffers. 20 * etc. 21 * 22 * H. von Brand : Added missing #include <linux/string.h> 23 * Imran Patel : frag id should be in NBO 24 * Kazunori MIYAZAWA @USAGI 25 * : add ip6_append_data and related functions 26 * for datagram xmit 27 */ 28 29 #include <linux/errno.h> 30 #include <linux/kernel.h> 31 #include <linux/string.h> 32 #include <linux/socket.h> 33 #include <linux/net.h> 34 #include <linux/netdevice.h> 35 #include <linux/if_arp.h> 36 #include <linux/in6.h> 37 #include <linux/tcp.h> 38 #include <linux/route.h> 39 #include <linux/module.h> 40 41 #include <linux/netfilter.h> 42 #include <linux/netfilter_ipv6.h> 43 44 #include <net/sock.h> 45 #include <net/snmp.h> 46 47 #include <net/ipv6.h> 48 #include <net/ndisc.h> 49 #include <net/protocol.h> 50 #include <net/ip6_route.h> 51 #include <net/addrconf.h> 52 #include <net/rawv6.h> 53 #include <net/icmp.h> 54 #include <net/xfrm.h> 55 #include <net/checksum.h> 56 #include <linux/mroute6.h> 57 58 static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)); 59 60 static __inline__ void ipv6_select_ident(struct sk_buff *skb, struct frag_hdr *fhdr) 61 { 62 static u32 ipv6_fragmentation_id = 1; 63 static DEFINE_SPINLOCK(ip6_id_lock); 64 65 spin_lock_bh(&ip6_id_lock); 66 fhdr->identification = htonl(ipv6_fragmentation_id); 67 if (++ipv6_fragmentation_id == 0) 68 ipv6_fragmentation_id = 1; 69 spin_unlock_bh(&ip6_id_lock); 70 } 71 72 int __ip6_local_out(struct sk_buff *skb) 73 { 74 int len; 75 76 len = skb->len - sizeof(struct ipv6hdr); 77 if (len > IPV6_MAXPLEN) 78 len = 0; 79 ipv6_hdr(skb)->payload_len = htons(len); 80 81 return nf_hook(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, skb->dst->dev, 82 dst_output); 83 } 84 85 int ip6_local_out(struct sk_buff *skb) 86 { 87 int err; 88 89 err = __ip6_local_out(skb); 90 if (likely(err == 1)) 91 err = dst_output(skb); 92 93 return err; 94 } 95 EXPORT_SYMBOL_GPL(ip6_local_out); 96 97 static int ip6_output_finish(struct sk_buff *skb) 98 { 99 struct dst_entry *dst = skb->dst; 100 101 if (dst->hh) 102 return neigh_hh_output(dst->hh, skb); 103 else if (dst->neighbour) 104 return dst->neighbour->output(skb); 105 106 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES); 107 kfree_skb(skb); 108 return -EINVAL; 109 110 } 111 112 /* dev_loopback_xmit for use with netfilter. */ 113 static int ip6_dev_loopback_xmit(struct sk_buff *newskb) 114 { 115 skb_reset_mac_header(newskb); 116 __skb_pull(newskb, skb_network_offset(newskb)); 117 newskb->pkt_type = PACKET_LOOPBACK; 118 newskb->ip_summed = CHECKSUM_UNNECESSARY; 119 WARN_ON(!newskb->dst); 120 121 netif_rx(newskb); 122 return 0; 123 } 124 125 126 static int ip6_output2(struct sk_buff *skb) 127 { 128 struct dst_entry *dst = skb->dst; 129 struct net_device *dev = dst->dev; 130 131 skb->protocol = htons(ETH_P_IPV6); 132 skb->dev = dev; 133 134 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) { 135 struct ipv6_pinfo* np = skb->sk ? inet6_sk(skb->sk) : NULL; 136 struct inet6_dev *idev = ip6_dst_idev(skb->dst); 137 138 if (!(dev->flags & IFF_LOOPBACK) && (!np || np->mc_loop) && 139 ((mroute6_socket && !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) || 140 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr, 141 &ipv6_hdr(skb)->saddr))) { 142 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); 143 144 /* Do not check for IFF_ALLMULTI; multicast routing 145 is not supported in any case. 146 */ 147 if (newskb) 148 NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, newskb, 149 NULL, newskb->dev, 150 ip6_dev_loopback_xmit); 151 152 if (ipv6_hdr(skb)->hop_limit == 0) { 153 IP6_INC_STATS(idev, IPSTATS_MIB_OUTDISCARDS); 154 kfree_skb(skb); 155 return 0; 156 } 157 } 158 159 IP6_INC_STATS(idev, IPSTATS_MIB_OUTMCASTPKTS); 160 } 161 162 return NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, skb, NULL, skb->dev, 163 ip6_output_finish); 164 } 165 166 static inline int ip6_skb_dst_mtu(struct sk_buff *skb) 167 { 168 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL; 169 170 return (np && np->pmtudisc == IPV6_PMTUDISC_PROBE) ? 171 skb->dst->dev->mtu : dst_mtu(skb->dst); 172 } 173 174 int ip6_output(struct sk_buff *skb) 175 { 176 struct inet6_dev *idev = ip6_dst_idev(skb->dst); 177 if (unlikely(idev->cnf.disable_ipv6)) { 178 IP6_INC_STATS(idev, IPSTATS_MIB_OUTDISCARDS); 179 kfree_skb(skb); 180 return 0; 181 } 182 183 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) || 184 dst_allfrag(skb->dst)) 185 return ip6_fragment(skb, ip6_output2); 186 else 187 return ip6_output2(skb); 188 } 189 190 /* 191 * xmit an sk_buff (used by TCP) 192 */ 193 194 int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl, 195 struct ipv6_txoptions *opt, int ipfragok) 196 { 197 struct ipv6_pinfo *np = inet6_sk(sk); 198 struct in6_addr *first_hop = &fl->fl6_dst; 199 struct dst_entry *dst = skb->dst; 200 struct ipv6hdr *hdr; 201 u8 proto = fl->proto; 202 int seg_len = skb->len; 203 int hlimit, tclass; 204 u32 mtu; 205 206 if (opt) { 207 unsigned int head_room; 208 209 /* First: exthdrs may take lots of space (~8K for now) 210 MAX_HEADER is not enough. 211 */ 212 head_room = opt->opt_nflen + opt->opt_flen; 213 seg_len += head_room; 214 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev); 215 216 if (skb_headroom(skb) < head_room) { 217 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room); 218 if (skb2 == NULL) { 219 IP6_INC_STATS(ip6_dst_idev(skb->dst), 220 IPSTATS_MIB_OUTDISCARDS); 221 kfree_skb(skb); 222 return -ENOBUFS; 223 } 224 kfree_skb(skb); 225 skb = skb2; 226 if (sk) 227 skb_set_owner_w(skb, sk); 228 } 229 if (opt->opt_flen) 230 ipv6_push_frag_opts(skb, opt, &proto); 231 if (opt->opt_nflen) 232 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop); 233 } 234 235 skb_push(skb, sizeof(struct ipv6hdr)); 236 skb_reset_network_header(skb); 237 hdr = ipv6_hdr(skb); 238 239 /* 240 * Fill in the IPv6 header 241 */ 242 243 hlimit = -1; 244 if (np) 245 hlimit = np->hop_limit; 246 if (hlimit < 0) 247 hlimit = ip6_dst_hoplimit(dst); 248 249 tclass = -1; 250 if (np) 251 tclass = np->tclass; 252 if (tclass < 0) 253 tclass = 0; 254 255 *(__be32 *)hdr = htonl(0x60000000 | (tclass << 20)) | fl->fl6_flowlabel; 256 257 hdr->payload_len = htons(seg_len); 258 hdr->nexthdr = proto; 259 hdr->hop_limit = hlimit; 260 261 ipv6_addr_copy(&hdr->saddr, &fl->fl6_src); 262 ipv6_addr_copy(&hdr->daddr, first_hop); 263 264 skb->priority = sk->sk_priority; 265 skb->mark = sk->sk_mark; 266 267 mtu = dst_mtu(dst); 268 if ((skb->len <= mtu) || ipfragok || skb_is_gso(skb)) { 269 IP6_INC_STATS(ip6_dst_idev(skb->dst), 270 IPSTATS_MIB_OUTREQUESTS); 271 return NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 272 dst_output); 273 } 274 275 if (net_ratelimit()) 276 printk(KERN_DEBUG "IPv6: sending pkt_too_big to self\n"); 277 skb->dev = dst->dev; 278 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, skb->dev); 279 IP6_INC_STATS(ip6_dst_idev(skb->dst), IPSTATS_MIB_FRAGFAILS); 280 kfree_skb(skb); 281 return -EMSGSIZE; 282 } 283 284 EXPORT_SYMBOL(ip6_xmit); 285 286 /* 287 * To avoid extra problems ND packets are send through this 288 * routine. It's code duplication but I really want to avoid 289 * extra checks since ipv6_build_header is used by TCP (which 290 * is for us performance critical) 291 */ 292 293 int ip6_nd_hdr(struct sock *sk, struct sk_buff *skb, struct net_device *dev, 294 const struct in6_addr *saddr, const struct in6_addr *daddr, 295 int proto, int len) 296 { 297 struct ipv6_pinfo *np = inet6_sk(sk); 298 struct ipv6hdr *hdr; 299 int totlen; 300 301 skb->protocol = htons(ETH_P_IPV6); 302 skb->dev = dev; 303 304 totlen = len + sizeof(struct ipv6hdr); 305 306 skb_reset_network_header(skb); 307 skb_put(skb, sizeof(struct ipv6hdr)); 308 hdr = ipv6_hdr(skb); 309 310 *(__be32*)hdr = htonl(0x60000000); 311 312 hdr->payload_len = htons(len); 313 hdr->nexthdr = proto; 314 hdr->hop_limit = np->hop_limit; 315 316 ipv6_addr_copy(&hdr->saddr, saddr); 317 ipv6_addr_copy(&hdr->daddr, daddr); 318 319 return 0; 320 } 321 322 static int ip6_call_ra_chain(struct sk_buff *skb, int sel) 323 { 324 struct ip6_ra_chain *ra; 325 struct sock *last = NULL; 326 327 read_lock(&ip6_ra_lock); 328 for (ra = ip6_ra_chain; ra; ra = ra->next) { 329 struct sock *sk = ra->sk; 330 if (sk && ra->sel == sel && 331 (!sk->sk_bound_dev_if || 332 sk->sk_bound_dev_if == skb->dev->ifindex)) { 333 if (last) { 334 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC); 335 if (skb2) 336 rawv6_rcv(last, skb2); 337 } 338 last = sk; 339 } 340 } 341 342 if (last) { 343 rawv6_rcv(last, skb); 344 read_unlock(&ip6_ra_lock); 345 return 1; 346 } 347 read_unlock(&ip6_ra_lock); 348 return 0; 349 } 350 351 static int ip6_forward_proxy_check(struct sk_buff *skb) 352 { 353 struct ipv6hdr *hdr = ipv6_hdr(skb); 354 u8 nexthdr = hdr->nexthdr; 355 int offset; 356 357 if (ipv6_ext_hdr(nexthdr)) { 358 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr); 359 if (offset < 0) 360 return 0; 361 } else 362 offset = sizeof(struct ipv6hdr); 363 364 if (nexthdr == IPPROTO_ICMPV6) { 365 struct icmp6hdr *icmp6; 366 367 if (!pskb_may_pull(skb, (skb_network_header(skb) + 368 offset + 1 - skb->data))) 369 return 0; 370 371 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset); 372 373 switch (icmp6->icmp6_type) { 374 case NDISC_ROUTER_SOLICITATION: 375 case NDISC_ROUTER_ADVERTISEMENT: 376 case NDISC_NEIGHBOUR_SOLICITATION: 377 case NDISC_NEIGHBOUR_ADVERTISEMENT: 378 case NDISC_REDIRECT: 379 /* For reaction involving unicast neighbor discovery 380 * message destined to the proxied address, pass it to 381 * input function. 382 */ 383 return 1; 384 default: 385 break; 386 } 387 } 388 389 /* 390 * The proxying router can't forward traffic sent to a link-local 391 * address, so signal the sender and discard the packet. This 392 * behavior is clarified by the MIPv6 specification. 393 */ 394 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) { 395 dst_link_failure(skb); 396 return -1; 397 } 398 399 return 0; 400 } 401 402 static inline int ip6_forward_finish(struct sk_buff *skb) 403 { 404 return dst_output(skb); 405 } 406 407 int ip6_forward(struct sk_buff *skb) 408 { 409 struct dst_entry *dst = skb->dst; 410 struct ipv6hdr *hdr = ipv6_hdr(skb); 411 struct inet6_skb_parm *opt = IP6CB(skb); 412 struct net *net = dev_net(dst->dev); 413 414 if (net->ipv6.devconf_all->forwarding == 0) 415 goto error; 416 417 if (skb_warn_if_lro(skb)) 418 goto drop; 419 420 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) { 421 IP6_INC_STATS(ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS); 422 goto drop; 423 } 424 425 skb_forward_csum(skb); 426 427 /* 428 * We DO NOT make any processing on 429 * RA packets, pushing them to user level AS IS 430 * without ane WARRANTY that application will be able 431 * to interpret them. The reason is that we 432 * cannot make anything clever here. 433 * 434 * We are not end-node, so that if packet contains 435 * AH/ESP, we cannot make anything. 436 * Defragmentation also would be mistake, RA packets 437 * cannot be fragmented, because there is no warranty 438 * that different fragments will go along one path. --ANK 439 */ 440 if (opt->ra) { 441 u8 *ptr = skb_network_header(skb) + opt->ra; 442 if (ip6_call_ra_chain(skb, (ptr[2]<<8) + ptr[3])) 443 return 0; 444 } 445 446 /* 447 * check and decrement ttl 448 */ 449 if (hdr->hop_limit <= 1) { 450 /* Force OUTPUT device used as source address */ 451 skb->dev = dst->dev; 452 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 453 0, skb->dev); 454 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS); 455 456 kfree_skb(skb); 457 return -ETIMEDOUT; 458 } 459 460 /* XXX: idev->cnf.proxy_ndp? */ 461 if (net->ipv6.devconf_all->proxy_ndp && 462 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) { 463 int proxied = ip6_forward_proxy_check(skb); 464 if (proxied > 0) 465 return ip6_input(skb); 466 else if (proxied < 0) { 467 IP6_INC_STATS(ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS); 468 goto drop; 469 } 470 } 471 472 if (!xfrm6_route_forward(skb)) { 473 IP6_INC_STATS(ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS); 474 goto drop; 475 } 476 dst = skb->dst; 477 478 /* IPv6 specs say nothing about it, but it is clear that we cannot 479 send redirects to source routed frames. 480 We don't send redirects to frames decapsulated from IPsec. 481 */ 482 if (skb->dev == dst->dev && dst->neighbour && opt->srcrt == 0 && 483 !skb->sp) { 484 struct in6_addr *target = NULL; 485 struct rt6_info *rt; 486 struct neighbour *n = dst->neighbour; 487 488 /* 489 * incoming and outgoing devices are the same 490 * send a redirect. 491 */ 492 493 rt = (struct rt6_info *) dst; 494 if ((rt->rt6i_flags & RTF_GATEWAY)) 495 target = (struct in6_addr*)&n->primary_key; 496 else 497 target = &hdr->daddr; 498 499 /* Limit redirects both by destination (here) 500 and by source (inside ndisc_send_redirect) 501 */ 502 if (xrlim_allow(dst, 1*HZ)) 503 ndisc_send_redirect(skb, n, target); 504 } else { 505 int addrtype = ipv6_addr_type(&hdr->saddr); 506 507 /* This check is security critical. */ 508 if (addrtype == IPV6_ADDR_ANY || 509 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK)) 510 goto error; 511 if (addrtype & IPV6_ADDR_LINKLOCAL) { 512 icmpv6_send(skb, ICMPV6_DEST_UNREACH, 513 ICMPV6_NOT_NEIGHBOUR, 0, skb->dev); 514 goto error; 515 } 516 } 517 518 if (skb->len > dst_mtu(dst)) { 519 /* Again, force OUTPUT device used as source address */ 520 skb->dev = dst->dev; 521 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, dst_mtu(dst), skb->dev); 522 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_INTOOBIGERRORS); 523 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_FRAGFAILS); 524 kfree_skb(skb); 525 return -EMSGSIZE; 526 } 527 528 if (skb_cow(skb, dst->dev->hard_header_len)) { 529 IP6_INC_STATS(ip6_dst_idev(dst), IPSTATS_MIB_OUTDISCARDS); 530 goto drop; 531 } 532 533 hdr = ipv6_hdr(skb); 534 535 /* Mangling hops number delayed to point after skb COW */ 536 537 hdr->hop_limit--; 538 539 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS); 540 return NF_HOOK(PF_INET6, NF_INET_FORWARD, skb, skb->dev, dst->dev, 541 ip6_forward_finish); 542 543 error: 544 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS); 545 drop: 546 kfree_skb(skb); 547 return -EINVAL; 548 } 549 550 static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from) 551 { 552 to->pkt_type = from->pkt_type; 553 to->priority = from->priority; 554 to->protocol = from->protocol; 555 dst_release(to->dst); 556 to->dst = dst_clone(from->dst); 557 to->dev = from->dev; 558 to->mark = from->mark; 559 560 #ifdef CONFIG_NET_SCHED 561 to->tc_index = from->tc_index; 562 #endif 563 nf_copy(to, from); 564 #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ 565 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) 566 to->nf_trace = from->nf_trace; 567 #endif 568 skb_copy_secmark(to, from); 569 } 570 571 int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr) 572 { 573 u16 offset = sizeof(struct ipv6hdr); 574 struct ipv6_opt_hdr *exthdr = 575 (struct ipv6_opt_hdr *)(ipv6_hdr(skb) + 1); 576 unsigned int packet_len = skb->tail - skb->network_header; 577 int found_rhdr = 0; 578 *nexthdr = &ipv6_hdr(skb)->nexthdr; 579 580 while (offset + 1 <= packet_len) { 581 582 switch (**nexthdr) { 583 584 case NEXTHDR_HOP: 585 break; 586 case NEXTHDR_ROUTING: 587 found_rhdr = 1; 588 break; 589 case NEXTHDR_DEST: 590 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 591 if (ipv6_find_tlv(skb, offset, IPV6_TLV_HAO) >= 0) 592 break; 593 #endif 594 if (found_rhdr) 595 return offset; 596 break; 597 default : 598 return offset; 599 } 600 601 offset += ipv6_optlen(exthdr); 602 *nexthdr = &exthdr->nexthdr; 603 exthdr = (struct ipv6_opt_hdr *)(skb_network_header(skb) + 604 offset); 605 } 606 607 return offset; 608 } 609 610 static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) 611 { 612 struct net_device *dev; 613 struct sk_buff *frag; 614 struct rt6_info *rt = (struct rt6_info*)skb->dst; 615 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL; 616 struct ipv6hdr *tmp_hdr; 617 struct frag_hdr *fh; 618 unsigned int mtu, hlen, left, len; 619 __be32 frag_id = 0; 620 int ptr, offset = 0, err=0; 621 u8 *prevhdr, nexthdr = 0; 622 623 dev = rt->u.dst.dev; 624 hlen = ip6_find_1stfragopt(skb, &prevhdr); 625 nexthdr = *prevhdr; 626 627 mtu = ip6_skb_dst_mtu(skb); 628 629 /* We must not fragment if the socket is set to force MTU discovery 630 * or if the skb it not generated by a local socket. (This last 631 * check should be redundant, but it's free.) 632 */ 633 if (!skb->local_df) { 634 skb->dev = skb->dst->dev; 635 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, skb->dev); 636 IP6_INC_STATS(ip6_dst_idev(skb->dst), IPSTATS_MIB_FRAGFAILS); 637 kfree_skb(skb); 638 return -EMSGSIZE; 639 } 640 641 if (np && np->frag_size < mtu) { 642 if (np->frag_size) 643 mtu = np->frag_size; 644 } 645 mtu -= hlen + sizeof(struct frag_hdr); 646 647 if (skb_shinfo(skb)->frag_list) { 648 int first_len = skb_pagelen(skb); 649 int truesizes = 0; 650 651 if (first_len - hlen > mtu || 652 ((first_len - hlen) & 7) || 653 skb_cloned(skb)) 654 goto slow_path; 655 656 for (frag = skb_shinfo(skb)->frag_list; frag; frag = frag->next) { 657 /* Correct geometry. */ 658 if (frag->len > mtu || 659 ((frag->len & 7) && frag->next) || 660 skb_headroom(frag) < hlen) 661 goto slow_path; 662 663 /* Partially cloned skb? */ 664 if (skb_shared(frag)) 665 goto slow_path; 666 667 BUG_ON(frag->sk); 668 if (skb->sk) { 669 sock_hold(skb->sk); 670 frag->sk = skb->sk; 671 frag->destructor = sock_wfree; 672 truesizes += frag->truesize; 673 } 674 } 675 676 err = 0; 677 offset = 0; 678 frag = skb_shinfo(skb)->frag_list; 679 skb_shinfo(skb)->frag_list = NULL; 680 /* BUILD HEADER */ 681 682 *prevhdr = NEXTHDR_FRAGMENT; 683 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC); 684 if (!tmp_hdr) { 685 IP6_INC_STATS(ip6_dst_idev(skb->dst), IPSTATS_MIB_FRAGFAILS); 686 return -ENOMEM; 687 } 688 689 __skb_pull(skb, hlen); 690 fh = (struct frag_hdr*)__skb_push(skb, sizeof(struct frag_hdr)); 691 __skb_push(skb, hlen); 692 skb_reset_network_header(skb); 693 memcpy(skb_network_header(skb), tmp_hdr, hlen); 694 695 ipv6_select_ident(skb, fh); 696 fh->nexthdr = nexthdr; 697 fh->reserved = 0; 698 fh->frag_off = htons(IP6_MF); 699 frag_id = fh->identification; 700 701 first_len = skb_pagelen(skb); 702 skb->data_len = first_len - skb_headlen(skb); 703 skb->truesize -= truesizes; 704 skb->len = first_len; 705 ipv6_hdr(skb)->payload_len = htons(first_len - 706 sizeof(struct ipv6hdr)); 707 708 dst_hold(&rt->u.dst); 709 710 for (;;) { 711 /* Prepare header of the next frame, 712 * before previous one went down. */ 713 if (frag) { 714 frag->ip_summed = CHECKSUM_NONE; 715 skb_reset_transport_header(frag); 716 fh = (struct frag_hdr*)__skb_push(frag, sizeof(struct frag_hdr)); 717 __skb_push(frag, hlen); 718 skb_reset_network_header(frag); 719 memcpy(skb_network_header(frag), tmp_hdr, 720 hlen); 721 offset += skb->len - hlen - sizeof(struct frag_hdr); 722 fh->nexthdr = nexthdr; 723 fh->reserved = 0; 724 fh->frag_off = htons(offset); 725 if (frag->next != NULL) 726 fh->frag_off |= htons(IP6_MF); 727 fh->identification = frag_id; 728 ipv6_hdr(frag)->payload_len = 729 htons(frag->len - 730 sizeof(struct ipv6hdr)); 731 ip6_copy_metadata(frag, skb); 732 } 733 734 err = output(skb); 735 if(!err) 736 IP6_INC_STATS(ip6_dst_idev(&rt->u.dst), IPSTATS_MIB_FRAGCREATES); 737 738 if (err || !frag) 739 break; 740 741 skb = frag; 742 frag = skb->next; 743 skb->next = NULL; 744 } 745 746 kfree(tmp_hdr); 747 748 if (err == 0) { 749 IP6_INC_STATS(ip6_dst_idev(&rt->u.dst), IPSTATS_MIB_FRAGOKS); 750 dst_release(&rt->u.dst); 751 return 0; 752 } 753 754 while (frag) { 755 skb = frag->next; 756 kfree_skb(frag); 757 frag = skb; 758 } 759 760 IP6_INC_STATS(ip6_dst_idev(&rt->u.dst), IPSTATS_MIB_FRAGFAILS); 761 dst_release(&rt->u.dst); 762 return err; 763 } 764 765 slow_path: 766 left = skb->len - hlen; /* Space per frame */ 767 ptr = hlen; /* Where to start from */ 768 769 /* 770 * Fragment the datagram. 771 */ 772 773 *prevhdr = NEXTHDR_FRAGMENT; 774 775 /* 776 * Keep copying data until we run out. 777 */ 778 while(left > 0) { 779 len = left; 780 /* IF: it doesn't fit, use 'mtu' - the data space left */ 781 if (len > mtu) 782 len = mtu; 783 /* IF: we are not sending upto and including the packet end 784 then align the next start on an eight byte boundary */ 785 if (len < left) { 786 len &= ~7; 787 } 788 /* 789 * Allocate buffer. 790 */ 791 792 if ((frag = alloc_skb(len+hlen+sizeof(struct frag_hdr)+LL_ALLOCATED_SPACE(rt->u.dst.dev), GFP_ATOMIC)) == NULL) { 793 NETDEBUG(KERN_INFO "IPv6: frag: no memory for new fragment!\n"); 794 IP6_INC_STATS(ip6_dst_idev(skb->dst), 795 IPSTATS_MIB_FRAGFAILS); 796 err = -ENOMEM; 797 goto fail; 798 } 799 800 /* 801 * Set up data on packet 802 */ 803 804 ip6_copy_metadata(frag, skb); 805 skb_reserve(frag, LL_RESERVED_SPACE(rt->u.dst.dev)); 806 skb_put(frag, len + hlen + sizeof(struct frag_hdr)); 807 skb_reset_network_header(frag); 808 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen); 809 frag->transport_header = (frag->network_header + hlen + 810 sizeof(struct frag_hdr)); 811 812 /* 813 * Charge the memory for the fragment to any owner 814 * it might possess 815 */ 816 if (skb->sk) 817 skb_set_owner_w(frag, skb->sk); 818 819 /* 820 * Copy the packet header into the new buffer. 821 */ 822 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen); 823 824 /* 825 * Build fragment header. 826 */ 827 fh->nexthdr = nexthdr; 828 fh->reserved = 0; 829 if (!frag_id) { 830 ipv6_select_ident(skb, fh); 831 frag_id = fh->identification; 832 } else 833 fh->identification = frag_id; 834 835 /* 836 * Copy a block of the IP datagram. 837 */ 838 if (skb_copy_bits(skb, ptr, skb_transport_header(frag), len)) 839 BUG(); 840 left -= len; 841 842 fh->frag_off = htons(offset); 843 if (left > 0) 844 fh->frag_off |= htons(IP6_MF); 845 ipv6_hdr(frag)->payload_len = htons(frag->len - 846 sizeof(struct ipv6hdr)); 847 848 ptr += len; 849 offset += len; 850 851 /* 852 * Put this fragment into the sending queue. 853 */ 854 err = output(frag); 855 if (err) 856 goto fail; 857 858 IP6_INC_STATS(ip6_dst_idev(skb->dst), IPSTATS_MIB_FRAGCREATES); 859 } 860 IP6_INC_STATS(ip6_dst_idev(skb->dst), 861 IPSTATS_MIB_FRAGOKS); 862 kfree_skb(skb); 863 return err; 864 865 fail: 866 IP6_INC_STATS(ip6_dst_idev(skb->dst), 867 IPSTATS_MIB_FRAGFAILS); 868 kfree_skb(skb); 869 return err; 870 } 871 872 static inline int ip6_rt_check(struct rt6key *rt_key, 873 struct in6_addr *fl_addr, 874 struct in6_addr *addr_cache) 875 { 876 return ((rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) && 877 (addr_cache == NULL || !ipv6_addr_equal(fl_addr, addr_cache))); 878 } 879 880 static struct dst_entry *ip6_sk_dst_check(struct sock *sk, 881 struct dst_entry *dst, 882 struct flowi *fl) 883 { 884 struct ipv6_pinfo *np = inet6_sk(sk); 885 struct rt6_info *rt = (struct rt6_info *)dst; 886 887 if (!dst) 888 goto out; 889 890 /* Yes, checking route validity in not connected 891 * case is not very simple. Take into account, 892 * that we do not support routing by source, TOS, 893 * and MSG_DONTROUTE --ANK (980726) 894 * 895 * 1. ip6_rt_check(): If route was host route, 896 * check that cached destination is current. 897 * If it is network route, we still may 898 * check its validity using saved pointer 899 * to the last used address: daddr_cache. 900 * We do not want to save whole address now, 901 * (because main consumer of this service 902 * is tcp, which has not this problem), 903 * so that the last trick works only on connected 904 * sockets. 905 * 2. oif also should be the same. 906 */ 907 if (ip6_rt_check(&rt->rt6i_dst, &fl->fl6_dst, np->daddr_cache) || 908 #ifdef CONFIG_IPV6_SUBTREES 909 ip6_rt_check(&rt->rt6i_src, &fl->fl6_src, np->saddr_cache) || 910 #endif 911 (fl->oif && fl->oif != dst->dev->ifindex)) { 912 dst_release(dst); 913 dst = NULL; 914 } 915 916 out: 917 return dst; 918 } 919 920 static int ip6_dst_lookup_tail(struct sock *sk, 921 struct dst_entry **dst, struct flowi *fl) 922 { 923 int err; 924 struct net *net = sock_net(sk); 925 926 if (*dst == NULL) 927 *dst = ip6_route_output(net, sk, fl); 928 929 if ((err = (*dst)->error)) 930 goto out_err_release; 931 932 if (ipv6_addr_any(&fl->fl6_src)) { 933 err = ipv6_dev_get_saddr(ip6_dst_idev(*dst)->dev, 934 &fl->fl6_dst, 935 sk ? inet6_sk(sk)->srcprefs : 0, 936 &fl->fl6_src); 937 if (err) 938 goto out_err_release; 939 } 940 941 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD 942 /* 943 * Here if the dst entry we've looked up 944 * has a neighbour entry that is in the INCOMPLETE 945 * state and the src address from the flow is 946 * marked as OPTIMISTIC, we release the found 947 * dst entry and replace it instead with the 948 * dst entry of the nexthop router 949 */ 950 if (!((*dst)->neighbour->nud_state & NUD_VALID)) { 951 struct inet6_ifaddr *ifp; 952 struct flowi fl_gw; 953 int redirect; 954 955 ifp = ipv6_get_ifaddr(net, &fl->fl6_src, 956 (*dst)->dev, 1); 957 958 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC); 959 if (ifp) 960 in6_ifa_put(ifp); 961 962 if (redirect) { 963 /* 964 * We need to get the dst entry for the 965 * default router instead 966 */ 967 dst_release(*dst); 968 memcpy(&fl_gw, fl, sizeof(struct flowi)); 969 memset(&fl_gw.fl6_dst, 0, sizeof(struct in6_addr)); 970 *dst = ip6_route_output(net, sk, &fl_gw); 971 if ((err = (*dst)->error)) 972 goto out_err_release; 973 } 974 } 975 #endif 976 977 return 0; 978 979 out_err_release: 980 if (err == -ENETUNREACH) 981 IP6_INC_STATS_BH(NULL, IPSTATS_MIB_OUTNOROUTES); 982 dst_release(*dst); 983 *dst = NULL; 984 return err; 985 } 986 987 /** 988 * ip6_dst_lookup - perform route lookup on flow 989 * @sk: socket which provides route info 990 * @dst: pointer to dst_entry * for result 991 * @fl: flow to lookup 992 * 993 * This function performs a route lookup on the given flow. 994 * 995 * It returns zero on success, or a standard errno code on error. 996 */ 997 int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl) 998 { 999 *dst = NULL; 1000 return ip6_dst_lookup_tail(sk, dst, fl); 1001 } 1002 EXPORT_SYMBOL_GPL(ip6_dst_lookup); 1003 1004 /** 1005 * ip6_sk_dst_lookup - perform socket cached route lookup on flow 1006 * @sk: socket which provides the dst cache and route info 1007 * @dst: pointer to dst_entry * for result 1008 * @fl: flow to lookup 1009 * 1010 * This function performs a route lookup on the given flow with the 1011 * possibility of using the cached route in the socket if it is valid. 1012 * It will take the socket dst lock when operating on the dst cache. 1013 * As a result, this function can only be used in process context. 1014 * 1015 * It returns zero on success, or a standard errno code on error. 1016 */ 1017 int ip6_sk_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl) 1018 { 1019 *dst = NULL; 1020 if (sk) { 1021 *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie); 1022 *dst = ip6_sk_dst_check(sk, *dst, fl); 1023 } 1024 1025 return ip6_dst_lookup_tail(sk, dst, fl); 1026 } 1027 EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup); 1028 1029 static inline int ip6_ufo_append_data(struct sock *sk, 1030 int getfrag(void *from, char *to, int offset, int len, 1031 int odd, struct sk_buff *skb), 1032 void *from, int length, int hh_len, int fragheaderlen, 1033 int transhdrlen, int mtu,unsigned int flags) 1034 1035 { 1036 struct sk_buff *skb; 1037 int err; 1038 1039 /* There is support for UDP large send offload by network 1040 * device, so create one single skb packet containing complete 1041 * udp datagram 1042 */ 1043 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) { 1044 skb = sock_alloc_send_skb(sk, 1045 hh_len + fragheaderlen + transhdrlen + 20, 1046 (flags & MSG_DONTWAIT), &err); 1047 if (skb == NULL) 1048 return -ENOMEM; 1049 1050 /* reserve space for Hardware header */ 1051 skb_reserve(skb, hh_len); 1052 1053 /* create space for UDP/IP header */ 1054 skb_put(skb,fragheaderlen + transhdrlen); 1055 1056 /* initialize network header pointer */ 1057 skb_reset_network_header(skb); 1058 1059 /* initialize protocol header pointer */ 1060 skb->transport_header = skb->network_header + fragheaderlen; 1061 1062 skb->ip_summed = CHECKSUM_PARTIAL; 1063 skb->csum = 0; 1064 sk->sk_sndmsg_off = 0; 1065 } 1066 1067 err = skb_append_datato_frags(sk,skb, getfrag, from, 1068 (length - transhdrlen)); 1069 if (!err) { 1070 struct frag_hdr fhdr; 1071 1072 /* specify the length of each IP datagram fragment*/ 1073 skb_shinfo(skb)->gso_size = mtu - fragheaderlen - 1074 sizeof(struct frag_hdr); 1075 skb_shinfo(skb)->gso_type = SKB_GSO_UDP; 1076 ipv6_select_ident(skb, &fhdr); 1077 skb_shinfo(skb)->ip6_frag_id = fhdr.identification; 1078 __skb_queue_tail(&sk->sk_write_queue, skb); 1079 1080 return 0; 1081 } 1082 /* There is not enough support do UPD LSO, 1083 * so follow normal path 1084 */ 1085 kfree_skb(skb); 1086 1087 return err; 1088 } 1089 1090 int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, 1091 int offset, int len, int odd, struct sk_buff *skb), 1092 void *from, int length, int transhdrlen, 1093 int hlimit, int tclass, struct ipv6_txoptions *opt, struct flowi *fl, 1094 struct rt6_info *rt, unsigned int flags) 1095 { 1096 struct inet_sock *inet = inet_sk(sk); 1097 struct ipv6_pinfo *np = inet6_sk(sk); 1098 struct sk_buff *skb; 1099 unsigned int maxfraglen, fragheaderlen; 1100 int exthdrlen; 1101 int hh_len; 1102 int mtu; 1103 int copy; 1104 int err; 1105 int offset = 0; 1106 int csummode = CHECKSUM_NONE; 1107 1108 if (flags&MSG_PROBE) 1109 return 0; 1110 if (skb_queue_empty(&sk->sk_write_queue)) { 1111 /* 1112 * setup for corking 1113 */ 1114 if (opt) { 1115 if (np->cork.opt == NULL) { 1116 np->cork.opt = kmalloc(opt->tot_len, 1117 sk->sk_allocation); 1118 if (unlikely(np->cork.opt == NULL)) 1119 return -ENOBUFS; 1120 } else if (np->cork.opt->tot_len < opt->tot_len) { 1121 printk(KERN_DEBUG "ip6_append_data: invalid option length\n"); 1122 return -EINVAL; 1123 } 1124 memcpy(np->cork.opt, opt, opt->tot_len); 1125 inet->cork.flags |= IPCORK_OPT; 1126 /* need source address above miyazawa*/ 1127 } 1128 dst_hold(&rt->u.dst); 1129 inet->cork.dst = &rt->u.dst; 1130 inet->cork.fl = *fl; 1131 np->cork.hop_limit = hlimit; 1132 np->cork.tclass = tclass; 1133 mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ? 1134 rt->u.dst.dev->mtu : dst_mtu(rt->u.dst.path); 1135 if (np->frag_size < mtu) { 1136 if (np->frag_size) 1137 mtu = np->frag_size; 1138 } 1139 inet->cork.fragsize = mtu; 1140 if (dst_allfrag(rt->u.dst.path)) 1141 inet->cork.flags |= IPCORK_ALLFRAG; 1142 inet->cork.length = 0; 1143 sk->sk_sndmsg_page = NULL; 1144 sk->sk_sndmsg_off = 0; 1145 exthdrlen = rt->u.dst.header_len + (opt ? opt->opt_flen : 0) - 1146 rt->rt6i_nfheader_len; 1147 length += exthdrlen; 1148 transhdrlen += exthdrlen; 1149 } else { 1150 rt = (struct rt6_info *)inet->cork.dst; 1151 fl = &inet->cork.fl; 1152 if (inet->cork.flags & IPCORK_OPT) 1153 opt = np->cork.opt; 1154 transhdrlen = 0; 1155 exthdrlen = 0; 1156 mtu = inet->cork.fragsize; 1157 } 1158 1159 hh_len = LL_RESERVED_SPACE(rt->u.dst.dev); 1160 1161 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len + 1162 (opt ? opt->opt_nflen : 0); 1163 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr); 1164 1165 if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) { 1166 if (inet->cork.length + length > sizeof(struct ipv6hdr) + IPV6_MAXPLEN - fragheaderlen) { 1167 ipv6_local_error(sk, EMSGSIZE, fl, mtu-exthdrlen); 1168 return -EMSGSIZE; 1169 } 1170 } 1171 1172 /* 1173 * Let's try using as much space as possible. 1174 * Use MTU if total length of the message fits into the MTU. 1175 * Otherwise, we need to reserve fragment header and 1176 * fragment alignment (= 8-15 octects, in total). 1177 * 1178 * Note that we may need to "move" the data from the tail of 1179 * of the buffer to the new fragment when we split 1180 * the message. 1181 * 1182 * FIXME: It may be fragmented into multiple chunks 1183 * at once if non-fragmentable extension headers 1184 * are too large. 1185 * --yoshfuji 1186 */ 1187 1188 inet->cork.length += length; 1189 if (((length > mtu) && (sk->sk_protocol == IPPROTO_UDP)) && 1190 (rt->u.dst.dev->features & NETIF_F_UFO)) { 1191 1192 err = ip6_ufo_append_data(sk, getfrag, from, length, hh_len, 1193 fragheaderlen, transhdrlen, mtu, 1194 flags); 1195 if (err) 1196 goto error; 1197 return 0; 1198 } 1199 1200 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) 1201 goto alloc_new_skb; 1202 1203 while (length > 0) { 1204 /* Check if the remaining data fits into current packet. */ 1205 copy = (inet->cork.length <= mtu && !(inet->cork.flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len; 1206 if (copy < length) 1207 copy = maxfraglen - skb->len; 1208 1209 if (copy <= 0) { 1210 char *data; 1211 unsigned int datalen; 1212 unsigned int fraglen; 1213 unsigned int fraggap; 1214 unsigned int alloclen; 1215 struct sk_buff *skb_prev; 1216 alloc_new_skb: 1217 skb_prev = skb; 1218 1219 /* There's no room in the current skb */ 1220 if (skb_prev) 1221 fraggap = skb_prev->len - maxfraglen; 1222 else 1223 fraggap = 0; 1224 1225 /* 1226 * If remaining data exceeds the mtu, 1227 * we know we need more fragment(s). 1228 */ 1229 datalen = length + fraggap; 1230 if (datalen > (inet->cork.length <= mtu && !(inet->cork.flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen) 1231 datalen = maxfraglen - fragheaderlen; 1232 1233 fraglen = datalen + fragheaderlen; 1234 if ((flags & MSG_MORE) && 1235 !(rt->u.dst.dev->features&NETIF_F_SG)) 1236 alloclen = mtu; 1237 else 1238 alloclen = datalen + fragheaderlen; 1239 1240 /* 1241 * The last fragment gets additional space at tail. 1242 * Note: we overallocate on fragments with MSG_MODE 1243 * because we have no idea if we're the last one. 1244 */ 1245 if (datalen == length + fraggap) 1246 alloclen += rt->u.dst.trailer_len; 1247 1248 /* 1249 * We just reserve space for fragment header. 1250 * Note: this may be overallocation if the message 1251 * (without MSG_MORE) fits into the MTU. 1252 */ 1253 alloclen += sizeof(struct frag_hdr); 1254 1255 if (transhdrlen) { 1256 skb = sock_alloc_send_skb(sk, 1257 alloclen + hh_len, 1258 (flags & MSG_DONTWAIT), &err); 1259 } else { 1260 skb = NULL; 1261 if (atomic_read(&sk->sk_wmem_alloc) <= 1262 2 * sk->sk_sndbuf) 1263 skb = sock_wmalloc(sk, 1264 alloclen + hh_len, 1, 1265 sk->sk_allocation); 1266 if (unlikely(skb == NULL)) 1267 err = -ENOBUFS; 1268 } 1269 if (skb == NULL) 1270 goto error; 1271 /* 1272 * Fill in the control structures 1273 */ 1274 skb->ip_summed = csummode; 1275 skb->csum = 0; 1276 /* reserve for fragmentation */ 1277 skb_reserve(skb, hh_len+sizeof(struct frag_hdr)); 1278 1279 /* 1280 * Find where to start putting bytes 1281 */ 1282 data = skb_put(skb, fraglen); 1283 skb_set_network_header(skb, exthdrlen); 1284 data += fragheaderlen; 1285 skb->transport_header = (skb->network_header + 1286 fragheaderlen); 1287 if (fraggap) { 1288 skb->csum = skb_copy_and_csum_bits( 1289 skb_prev, maxfraglen, 1290 data + transhdrlen, fraggap, 0); 1291 skb_prev->csum = csum_sub(skb_prev->csum, 1292 skb->csum); 1293 data += fraggap; 1294 pskb_trim_unique(skb_prev, maxfraglen); 1295 } 1296 copy = datalen - transhdrlen - fraggap; 1297 if (copy < 0) { 1298 err = -EINVAL; 1299 kfree_skb(skb); 1300 goto error; 1301 } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) { 1302 err = -EFAULT; 1303 kfree_skb(skb); 1304 goto error; 1305 } 1306 1307 offset += copy; 1308 length -= datalen - fraggap; 1309 transhdrlen = 0; 1310 exthdrlen = 0; 1311 csummode = CHECKSUM_NONE; 1312 1313 /* 1314 * Put the packet on the pending queue 1315 */ 1316 __skb_queue_tail(&sk->sk_write_queue, skb); 1317 continue; 1318 } 1319 1320 if (copy > length) 1321 copy = length; 1322 1323 if (!(rt->u.dst.dev->features&NETIF_F_SG)) { 1324 unsigned int off; 1325 1326 off = skb->len; 1327 if (getfrag(from, skb_put(skb, copy), 1328 offset, copy, off, skb) < 0) { 1329 __skb_trim(skb, off); 1330 err = -EFAULT; 1331 goto error; 1332 } 1333 } else { 1334 int i = skb_shinfo(skb)->nr_frags; 1335 skb_frag_t *frag = &skb_shinfo(skb)->frags[i-1]; 1336 struct page *page = sk->sk_sndmsg_page; 1337 int off = sk->sk_sndmsg_off; 1338 unsigned int left; 1339 1340 if (page && (left = PAGE_SIZE - off) > 0) { 1341 if (copy >= left) 1342 copy = left; 1343 if (page != frag->page) { 1344 if (i == MAX_SKB_FRAGS) { 1345 err = -EMSGSIZE; 1346 goto error; 1347 } 1348 get_page(page); 1349 skb_fill_page_desc(skb, i, page, sk->sk_sndmsg_off, 0); 1350 frag = &skb_shinfo(skb)->frags[i]; 1351 } 1352 } else if(i < MAX_SKB_FRAGS) { 1353 if (copy > PAGE_SIZE) 1354 copy = PAGE_SIZE; 1355 page = alloc_pages(sk->sk_allocation, 0); 1356 if (page == NULL) { 1357 err = -ENOMEM; 1358 goto error; 1359 } 1360 sk->sk_sndmsg_page = page; 1361 sk->sk_sndmsg_off = 0; 1362 1363 skb_fill_page_desc(skb, i, page, 0, 0); 1364 frag = &skb_shinfo(skb)->frags[i]; 1365 } else { 1366 err = -EMSGSIZE; 1367 goto error; 1368 } 1369 if (getfrag(from, page_address(frag->page)+frag->page_offset+frag->size, offset, copy, skb->len, skb) < 0) { 1370 err = -EFAULT; 1371 goto error; 1372 } 1373 sk->sk_sndmsg_off += copy; 1374 frag->size += copy; 1375 skb->len += copy; 1376 skb->data_len += copy; 1377 skb->truesize += copy; 1378 atomic_add(copy, &sk->sk_wmem_alloc); 1379 } 1380 offset += copy; 1381 length -= copy; 1382 } 1383 return 0; 1384 error: 1385 inet->cork.length -= length; 1386 IP6_INC_STATS(rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS); 1387 return err; 1388 } 1389 1390 static void ip6_cork_release(struct inet_sock *inet, struct ipv6_pinfo *np) 1391 { 1392 inet->cork.flags &= ~IPCORK_OPT; 1393 kfree(np->cork.opt); 1394 np->cork.opt = NULL; 1395 if (inet->cork.dst) { 1396 dst_release(inet->cork.dst); 1397 inet->cork.dst = NULL; 1398 inet->cork.flags &= ~IPCORK_ALLFRAG; 1399 } 1400 memset(&inet->cork.fl, 0, sizeof(inet->cork.fl)); 1401 } 1402 1403 int ip6_push_pending_frames(struct sock *sk) 1404 { 1405 struct sk_buff *skb, *tmp_skb; 1406 struct sk_buff **tail_skb; 1407 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf; 1408 struct inet_sock *inet = inet_sk(sk); 1409 struct ipv6_pinfo *np = inet6_sk(sk); 1410 struct ipv6hdr *hdr; 1411 struct ipv6_txoptions *opt = np->cork.opt; 1412 struct rt6_info *rt = (struct rt6_info *)inet->cork.dst; 1413 struct flowi *fl = &inet->cork.fl; 1414 unsigned char proto = fl->proto; 1415 int err = 0; 1416 1417 if ((skb = __skb_dequeue(&sk->sk_write_queue)) == NULL) 1418 goto out; 1419 tail_skb = &(skb_shinfo(skb)->frag_list); 1420 1421 /* move skb->data to ip header from ext header */ 1422 if (skb->data < skb_network_header(skb)) 1423 __skb_pull(skb, skb_network_offset(skb)); 1424 while ((tmp_skb = __skb_dequeue(&sk->sk_write_queue)) != NULL) { 1425 __skb_pull(tmp_skb, skb_network_header_len(skb)); 1426 *tail_skb = tmp_skb; 1427 tail_skb = &(tmp_skb->next); 1428 skb->len += tmp_skb->len; 1429 skb->data_len += tmp_skb->len; 1430 skb->truesize += tmp_skb->truesize; 1431 __sock_put(tmp_skb->sk); 1432 tmp_skb->destructor = NULL; 1433 tmp_skb->sk = NULL; 1434 } 1435 1436 /* Allow local fragmentation. */ 1437 if (np->pmtudisc < IPV6_PMTUDISC_DO) 1438 skb->local_df = 1; 1439 1440 ipv6_addr_copy(final_dst, &fl->fl6_dst); 1441 __skb_pull(skb, skb_network_header_len(skb)); 1442 if (opt && opt->opt_flen) 1443 ipv6_push_frag_opts(skb, opt, &proto); 1444 if (opt && opt->opt_nflen) 1445 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst); 1446 1447 skb_push(skb, sizeof(struct ipv6hdr)); 1448 skb_reset_network_header(skb); 1449 hdr = ipv6_hdr(skb); 1450 1451 *(__be32*)hdr = fl->fl6_flowlabel | 1452 htonl(0x60000000 | ((int)np->cork.tclass << 20)); 1453 1454 hdr->hop_limit = np->cork.hop_limit; 1455 hdr->nexthdr = proto; 1456 ipv6_addr_copy(&hdr->saddr, &fl->fl6_src); 1457 ipv6_addr_copy(&hdr->daddr, final_dst); 1458 1459 skb->priority = sk->sk_priority; 1460 skb->mark = sk->sk_mark; 1461 1462 skb->dst = dst_clone(&rt->u.dst); 1463 IP6_INC_STATS(rt->rt6i_idev, IPSTATS_MIB_OUTREQUESTS); 1464 if (proto == IPPROTO_ICMPV6) { 1465 struct inet6_dev *idev = ip6_dst_idev(skb->dst); 1466 1467 ICMP6MSGOUT_INC_STATS_BH(idev, icmp6_hdr(skb)->icmp6_type); 1468 ICMP6_INC_STATS_BH(idev, ICMP6_MIB_OUTMSGS); 1469 } 1470 1471 err = ip6_local_out(skb); 1472 if (err) { 1473 if (err > 0) 1474 err = np->recverr ? net_xmit_errno(err) : 0; 1475 if (err) 1476 goto error; 1477 } 1478 1479 out: 1480 ip6_cork_release(inet, np); 1481 return err; 1482 error: 1483 goto out; 1484 } 1485 1486 void ip6_flush_pending_frames(struct sock *sk) 1487 { 1488 struct sk_buff *skb; 1489 1490 while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) { 1491 if (skb->dst) 1492 IP6_INC_STATS(ip6_dst_idev(skb->dst), 1493 IPSTATS_MIB_OUTDISCARDS); 1494 kfree_skb(skb); 1495 } 1496 1497 ip6_cork_release(inet_sk(sk), inet6_sk(sk)); 1498 } 1499