[mirror_ubuntu-zesty-kernel.git] / net / batman-adv / fragmentation.c

/* Copyright (C) 2013-2016  B.A.T.M.A.N. contributors:
 *
 * Martin Hundebøll <martin@hundeboll.net>
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of version 2 of the GNU General Public
 * License as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, see <http://www.gnu.org/licenses/>.
 */

#include "fragmentation.h"
#include "main.h"

#include <linux/atomic.h>
#include <linux/byteorder/generic.h>
#include <linux/errno.h>
#include <linux/etherdevice.h>
#include <linux/fs.h>
#include <linux/if_ether.h>
#include <linux/jiffies.h>
#include <linux/kernel.h>
#include <linux/lockdep.h>
#include <linux/netdevice.h>
#include <linux/skbuff.h>
#include <linux/slab.h>
#include <linux/spinlock.h>
#include <linux/string.h>

#include "hard-interface.h"
#include "originator.h"
#include "packet.h"
#include "routing.h"
#include "send.h"
#include "soft-interface.h"

/**
 * batadv_frag_clear_chain - delete entries in the fragment buffer chain
 * @head: head of chain with entries.
 * @dropped: whether the chain is cleared because all fragments are dropped
 *
 * Free fragments in the passed hlist. Should be called with appropriate lock.
 */
static void batadv_frag_clear_chain(struct hlist_head *head, bool dropped)
{
	struct batadv_frag_list_entry *entry;
	struct hlist_node *node;

	hlist_for_each_entry_safe(entry, node, head, list) {
		hlist_del(&entry->list);

		if (dropped)
			kfree_skb(entry->skb);
		else
			consume_skb(entry->skb);

		kfree(entry);
	}
}

/**
 * batadv_frag_purge_orig - free fragments associated to an orig
 * @orig_node: originator to free fragments from
 * @check_cb: optional function to tell if an entry should be purged
 */
void batadv_frag_purge_orig(struct batadv_orig_node *orig_node,
			    bool (*check_cb)(struct batadv_frag_table_entry *))
{
	struct batadv_frag_table_entry *chain;
	u8 i;

	for (i = 0; i < BATADV_FRAG_BUFFER_COUNT; i++) {
		chain = &orig_node->fragments[i];
		spin_lock_bh(&chain->lock);

		if (!check_cb || check_cb(chain)) {
			batadv_frag_clear_chain(&chain->fragment_list, true);
			chain->size = 0;
		}

		spin_unlock_bh(&chain->lock);
	}
}

/**
 * batadv_frag_size_limit - maximum possible size of packet to be fragmented
 *
 * Return: the maximum size of payload that can be fragmented.
 */
static int batadv_frag_size_limit(void)
{
	int limit = BATADV_FRAG_MAX_FRAG_SIZE;

	limit -= sizeof(struct batadv_frag_packet);
	limit *= BATADV_FRAG_MAX_FRAGMENTS;

	return limit;
}

/**
 * batadv_frag_init_chain - check and prepare fragment chain for new fragment
 * @chain: chain in fragments table to init
 * @seqno: sequence number of the received fragment
 *
 * Make chain ready for a fragment with sequence number "seqno". Delete existing
 * entries if they have an "old" sequence number.
 *
 * Caller must hold chain->lock.
 *
 * Return: true if chain is empty and caller can just insert the new fragment
 * without searching for the right position.
 */
static bool batadv_frag_init_chain(struct batadv_frag_table_entry *chain,
				   u16 seqno)
{
	lockdep_assert_held(&chain->lock);

	if (chain->seqno == seqno)
		return false;

	if (!hlist_empty(&chain->fragment_list))
		batadv_frag_clear_chain(&chain->fragment_list, true);

	chain->size = 0;
	chain->seqno = seqno;

	return true;
}

/**
 * batadv_frag_insert_packet - insert a fragment into a fragment chain
 * @orig_node: originator that the fragment was received from
 * @skb: skb to insert
 * @chain_out: list head to attach complete chains of fragments to
 *
 * Insert a new fragment into the reverse ordered chain in the right table
 * entry. The hash table entry is cleared if "old" fragments exist in it.
 *
 * Return: true if skb is buffered, false on error. If the chain has all the
 * fragments needed to merge the packet, the chain is moved to the passed head
 * to avoid locking the chain in the table.
 */
static bool batadv_frag_insert_packet(struct batadv_orig_node *orig_node,
				      struct sk_buff *skb,
				      struct hlist_head *chain_out)
{
	struct batadv_frag_table_entry *chain;
	struct batadv_frag_list_entry *frag_entry_new = NULL, *frag_entry_curr;
	struct batadv_frag_list_entry *frag_entry_last = NULL;
	struct batadv_frag_packet *frag_packet;
	u8 bucket;
	u16 seqno, hdr_size = sizeof(struct batadv_frag_packet);
	bool ret = false;

	/* Linearize packet to avoid linearizing 16 packets in a row when doing
	 * the later merge. Non-linear merge should be added to remove this
	 * linearization.
	 */
	if (skb_linearize(skb) < 0)
		goto err;

	frag_packet = (struct batadv_frag_packet *)skb->data;
	seqno = ntohs(frag_packet->seqno);
	bucket = seqno % BATADV_FRAG_BUFFER_COUNT;

	frag_entry_new = kmalloc(sizeof(*frag_entry_new), GFP_ATOMIC);
	if (!frag_entry_new)
		goto err;

	frag_entry_new->skb = skb;
	frag_entry_new->no = frag_packet->no;

	/* Select entry in the "chain table" and delete any prior fragments
	 * with another sequence number. batadv_frag_init_chain() returns true,
	 * if the list is empty at return.
	 */
	chain = &orig_node->fragments[bucket];
	spin_lock_bh(&chain->lock);
	if (batadv_frag_init_chain(chain, seqno)) {
		hlist_add_head(&frag_entry_new->list, &chain->fragment_list);
		chain->size = skb->len - hdr_size;
		chain->timestamp = jiffies;
		chain->total_size = ntohs(frag_packet->total_size);
		ret = true;
		goto out;
	}

	/* Find the position for the new fragment. */
	hlist_for_each_entry(frag_entry_curr, &chain->fragment_list, list) {
		/* Drop packet if fragment already exists. */
		if (frag_entry_curr->no == frag_entry_new->no)
			goto err_unlock;

		/* Order fragments from highest to lowest. */
		if (frag_entry_curr->no < frag_entry_new->no) {
			hlist_add_before(&frag_entry_new->list,
					 &frag_entry_curr->list);
			chain->size += skb->len - hdr_size;
			chain->timestamp = jiffies;
			ret = true;
			goto out;
		}

		/* store current entry because it could be the last in list */
		frag_entry_last = frag_entry_curr;
	}

	/* Reached the end of the list, so insert after 'frag_entry_last'. */
	if (likely(frag_entry_last)) {
		hlist_add_behind(&frag_entry_new->list, &frag_entry_last->list);
		chain->size += skb->len - hdr_size;
		chain->timestamp = jiffies;
		ret = true;
	}

out:
	if (chain->size > batadv_frag_size_limit() ||
	    chain->total_size != ntohs(frag_packet->total_size) ||
	    chain->total_size > batadv_frag_size_limit()) {
		/* Clear chain if total size of either the list or the packet
		 * exceeds the maximum size of one merged packet. Don't allow
		 * packets to have different total_size.
		 */
		batadv_frag_clear_chain(&chain->fragment_list, true);
		chain->size = 0;
	} else if (ntohs(frag_packet->total_size) == chain->size) {
		/* All fragments received. Hand over chain to caller. */
		hlist_move_list(&chain->fragment_list, chain_out);
		chain->size = 0;
	}

err_unlock:
	spin_unlock_bh(&chain->lock);

err:
	if (!ret)
		kfree(frag_entry_new);

	return ret;
}

/**
 * batadv_frag_merge_packets - merge a chain of fragments
 * @chain: head of chain with fragments
 *
 * Expand the first skb in the chain and copy the content of the remaining
 * skb's into the expanded one. After doing so, clear the chain.
 *
 * Return: the merged skb or NULL on error.
 */
static struct sk_buff *
batadv_frag_merge_packets(struct hlist_head *chain)
{
	struct batadv_frag_packet *packet;
	struct batadv_frag_list_entry *entry;
	struct sk_buff *skb_out;
	int size, hdr_size = sizeof(struct batadv_frag_packet);
	bool dropped = false;

	/* Remove first entry, as this is the destination for the rest of the
	 * fragments.
	 */
	entry = hlist_entry(chain->first, struct batadv_frag_list_entry, list);
	hlist_del(&entry->list);
	skb_out = entry->skb;
	kfree(entry);

	packet = (struct batadv_frag_packet *)skb_out->data;
	size = ntohs(packet->total_size);

	/* Make room for the rest of the fragments. */
	if (pskb_expand_head(skb_out, 0, size - skb_out->len, GFP_ATOMIC) < 0) {
		kfree_skb(skb_out);
		skb_out = NULL;
		dropped = true;
		goto free;
	}

	/* Move the existing MAC header to just before the payload. (Override
	 * the fragment header.)
	 */
	skb_pull_rcsum(skb_out, hdr_size);
	memmove(skb_out->data - ETH_HLEN, skb_mac_header(skb_out), ETH_HLEN);
	skb_set_mac_header(skb_out, -ETH_HLEN);
	skb_reset_network_header(skb_out);
	skb_reset_transport_header(skb_out);

	/* Copy the payload of the each fragment into the last skb */
	hlist_for_each_entry(entry, chain, list) {
		size = entry->skb->len - hdr_size;
		memcpy(skb_put(skb_out, size), entry->skb->data + hdr_size,
		       size);
	}

free:
	/* Locking is not needed, because 'chain' is not part of any orig. */
	batadv_frag_clear_chain(chain, dropped);
	return skb_out;
}

/**
 * batadv_frag_skb_buffer - buffer fragment for later merge
 * @skb: skb to buffer
 * @orig_node_src: originator that the skb is received from
 *
 * Add fragment to buffer and merge fragments if possible.
 *
 * There are three possible outcomes: 1) Packet is merged: Return true and
 * set *skb to merged packet; 2) Packet is buffered: Return true and set *skb
 * to NULL; 3) Error: Return false and leave skb as is.
 *
 * Return: true when packet is merged or buffered, false when skb is not not
 * used.
 */
bool batadv_frag_skb_buffer(struct sk_buff **skb,
			    struct batadv_orig_node *orig_node_src)
{
	struct sk_buff *skb_out = NULL;
	struct hlist_head head = HLIST_HEAD_INIT;
	bool ret = false;

	/* Add packet to buffer and table entry if merge is possible. */
	if (!batadv_frag_insert_packet(orig_node_src, *skb, &head))
		goto out_err;

	/* Leave if more fragments are needed to merge. */
	if (hlist_empty(&head))
		goto out;

	skb_out = batadv_frag_merge_packets(&head);
	if (!skb_out)
		goto out_err;

out:
	*skb = skb_out;
	ret = true;
out_err:
	return ret;
}

/**
 * batadv_frag_skb_fwd - forward fragments that would exceed MTU when merged
 * @skb: skb to forward
 * @recv_if: interface that the skb is received on
 * @orig_node_src: originator that the skb is received from
 *
 * Look up the next-hop of the fragments payload and check if the merged packet
 * will exceed the MTU towards the next-hop. If so, the fragment is forwarded
 * without merging it.
 *
 * Return: true if the fragment is consumed/forwarded, false otherwise.
 */
bool batadv_frag_skb_fwd(struct sk_buff *skb,
			 struct batadv_hard_iface *recv_if,
			 struct batadv_orig_node *orig_node_src)
{
	struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
	struct batadv_orig_node *orig_node_dst;
	struct batadv_neigh_node *neigh_node = NULL;
	struct batadv_frag_packet *packet;
	u16 total_size;
	bool ret = false;

	packet = (struct batadv_frag_packet *)skb->data;
	orig_node_dst = batadv_orig_hash_find(bat_priv, packet->dest);
	if (!orig_node_dst)
		goto out;

	neigh_node = batadv_find_router(bat_priv, orig_node_dst, recv_if);
	if (!neigh_node)
		goto out;

	/* Forward the fragment, if the merged packet would be too big to
	 * be assembled.
	 */
	total_size = ntohs(packet->total_size);
	if (total_size > neigh_node->if_incoming->net_dev->mtu) {
		batadv_inc_counter(bat_priv, BATADV_CNT_FRAG_FWD);
		batadv_add_counter(bat_priv, BATADV_CNT_FRAG_FWD_BYTES,
				   skb->len + ETH_HLEN);

		packet->ttl--;
		batadv_send_unicast_skb(skb, neigh_node);
		ret = true;
	}

out:
	if (orig_node_dst)
		batadv_orig_node_put(orig_node_dst);
	if (neigh_node)
		batadv_neigh_node_put(neigh_node);
	return ret;
}

/**
 * batadv_frag_create - create a fragment from skb
 * @skb: skb to create fragment from
 * @frag_head: header to use in new fragment
 * @mtu: size of new fragment
 *
 * Split the passed skb into two fragments: A new one with size matching the
 * passed mtu and the old one with the rest. The new skb contains data from the
 * tail of the old skb.
 *
 * Return: the new fragment, NULL on error.
 */
static struct sk_buff *batadv_frag_create(struct sk_buff *skb,
					  struct batadv_frag_packet *frag_head,
					  unsigned int mtu)
{
	struct sk_buff *skb_fragment;
	unsigned int header_size = sizeof(*frag_head);
	unsigned int fragment_size = mtu - header_size;

	skb_fragment = netdev_alloc_skb(NULL, mtu + ETH_HLEN);
	if (!skb_fragment)
		goto err;

	skb_fragment->priority = skb->priority;

	/* Eat the last mtu-bytes of the skb */
	skb_reserve(skb_fragment, header_size + ETH_HLEN);
	skb_split(skb, skb_fragment, skb->len - fragment_size);

	/* Add the header */
	skb_push(skb_fragment, header_size);
	memcpy(skb_fragment->data, frag_head, header_size);

err:
	return skb_fragment;
}

/**
 * batadv_frag_send_packet - create up to 16 fragments from the passed skb
 * @skb: skb to create fragments from
 * @orig_node: final destination of the created fragments
 * @neigh_node: next-hop of the created fragments
 *
 * Return: the netdev tx status or a negative errno code on a failure
 */
int batadv_frag_send_packet(struct sk_buff *skb,
			    struct batadv_orig_node *orig_node,
			    struct batadv_neigh_node *neigh_node)
{
	struct batadv_priv *bat_priv;
	struct batadv_hard_iface *primary_if = NULL;
	struct batadv_frag_packet frag_header;
	struct sk_buff *skb_fragment;
	unsigned int mtu = neigh_node->if_incoming->net_dev->mtu;
	unsigned int header_size = sizeof(frag_header);
	unsigned int max_fragment_size, max_packet_size;
	int ret;

	/* To avoid merge and refragmentation at next-hops we never send
	 * fragments larger than BATADV_FRAG_MAX_FRAG_SIZE
	 */
	mtu = min_t(unsigned int, mtu, BATADV_FRAG_MAX_FRAG_SIZE);
	max_fragment_size = mtu - header_size;
	max_packet_size = max_fragment_size * BATADV_FRAG_MAX_FRAGMENTS;

	/* Don't even try to fragment, if we need more than 16 fragments */
	if (skb->len > max_packet_size) {
		ret = -EAGAIN;
		goto free_skb;
	}

	bat_priv = orig_node->bat_priv;
	primary_if = batadv_primary_if_get_selected(bat_priv);
	if (!primary_if) {
		ret = -EINVAL;
		goto free_skb;
	}

	/* Create one header to be copied to all fragments */
	frag_header.packet_type = BATADV_UNICAST_FRAG;
	frag_header.version = BATADV_COMPAT_VERSION;
	frag_header.ttl = BATADV_TTL;
	frag_header.seqno = htons(atomic_inc_return(&bat_priv->frag_seqno));
	frag_header.reserved = 0;
	frag_header.no = 0;
	frag_header.total_size = htons(skb->len);

	/* skb->priority values from 256->263 are magic values to
	 * directly indicate a specific 802.1d priority.  This is used
	 * to allow 802.1d priority to be passed directly in from VLAN
	 * tags, etc.
	 */
	if (skb->priority >= 256 && skb->priority <= 263)
		frag_header.priority = skb->priority - 256;

	ether_addr_copy(frag_header.orig, primary_if->net_dev->dev_addr);
	ether_addr_copy(frag_header.dest, orig_node->orig);

	/* Eat and send fragments from the tail of skb */
	while (skb->len > max_fragment_size) {
		skb_fragment = batadv_frag_create(skb, &frag_header, mtu);
		if (!skb_fragment) {
			ret = -ENOMEM;
			goto put_primary_if;
		}

		batadv_inc_counter(bat_priv, BATADV_CNT_FRAG_TX);
		batadv_add_counter(bat_priv, BATADV_CNT_FRAG_TX_BYTES,
				   skb_fragment->len + ETH_HLEN);
		ret = batadv_send_unicast_skb(skb_fragment, neigh_node);
		if (ret != NET_XMIT_SUCCESS) {
			ret = NET_XMIT_DROP;
			goto put_primary_if;
		}

		frag_header.no++;

		/* The initial check in this function should cover this case */
		if (frag_header.no == BATADV_FRAG_MAX_FRAGMENTS - 1) {
			ret = -EINVAL;
			goto put_primary_if;
		}
	}

	/* Make room for the fragment header. */
	if (batadv_skb_head_push(skb, header_size) < 0 ||
	    pskb_expand_head(skb, header_size + ETH_HLEN, 0, GFP_ATOMIC) < 0) {
		ret = -ENOMEM;
		goto put_primary_if;
	}

	memcpy(skb->data, &frag_header, header_size);

	/* Send the last fragment */
	batadv_inc_counter(bat_priv, BATADV_CNT_FRAG_TX);
	batadv_add_counter(bat_priv, BATADV_CNT_FRAG_TX_BYTES,
			   skb->len + ETH_HLEN);
	ret = batadv_send_unicast_skb(skb, neigh_node);
	/* skb was consumed */
	skb = NULL;

put_primary_if:
	batadv_hardif_put(primary_if);
free_skb:
	kfree_skb(skb);

	return ret;
}
Commit	Line	Data
0046b040	1	/* Copyright (C) 2013-2016 B.A.T.M.A.N. contributors:
610bfc6b MH	2	*
	3	* Martin Hundebøll <martin@hundeboll.net>
	4	*
	5	* This program is free software; you can redistribute it and/or
	6	* modify it under the terms of version 2 of the GNU General Public
	7	* License as published by the Free Software Foundation.
	8	*
	9	* This program is distributed in the hope that it will be useful, but
	10	* WITHOUT ANY WARRANTY; without even the implied warranty of
	11	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	12	* General Public License for more details.
	13	*
	14	* You should have received a copy of the GNU General Public License
ebf38fb7	15	* along with this program; if not, see <http://www.gnu.org/licenses/>.
610bfc6b MH	16	*/
610bfc6b MH	17
610bfc6b	18	#include "fragmentation.h"
1e2c2a4f SE	19	#include "main.h"
	20
	21	#include <linux/atomic.h>
	22	#include <linux/byteorder/generic.h>
8def0be8	23	#include <linux/errno.h>
1e2c2a4f SE	24	#include <linux/etherdevice.h>
	25	#include <linux/fs.h>
	26	#include <linux/if_ether.h>
	27	#include <linux/jiffies.h>
	28	#include <linux/kernel.h>
5274cd68	29	#include <linux/lockdep.h>
1e2c2a4f	30	#include <linux/netdevice.h>
1e2c2a4f SE	31	#include <linux/skbuff.h>
	32	#include <linux/slab.h>
	33	#include <linux/spinlock.h>
	34	#include <linux/string.h>
	35
	36	#include "hard-interface.h"
610bfc6b	37	#include "originator.h"
1e2c2a4f	38	#include "packet.h"
610bfc6b	39	#include "routing.h"
1e2c2a4f	40	#include "send.h"
610bfc6b MH	41	#include "soft-interface.h"
610bfc6b MH	42
610bfc6b MH	43	/**
	44	* batadv_frag_clear_chain - delete entries in the fragment buffer chain
	45	* @head: head of chain with entries.
bd687fe4	46	* @dropped: whether the chain is cleared because all fragments are dropped
610bfc6b MH	47	*
	48	* Free fragments in the passed hlist. Should be called with appropriate lock.
	49	*/
bd687fe4	50	static void batadv_frag_clear_chain(struct hlist_head *head, bool dropped)
610bfc6b MH	51	{
	52	struct batadv_frag_list_entry *entry;
	53	struct hlist_node *node;
	54
	55	hlist_for_each_entry_safe(entry, node, head, list) {
	56	hlist_del(&entry->list);
bd687fe4 SE	57
	58	if (dropped)
	59	kfree_skb(entry->skb);
	60	else
	61	consume_skb(entry->skb);
	62
610bfc6b MH	63	kfree(entry);
	64	}
	65	}
	66
	67	/**
	68	* batadv_frag_purge_orig - free fragments associated to an orig
	69	* @orig_node: originator to free fragments from
	70	* @check_cb: optional function to tell if an entry should be purged
	71	*/
	72	void batadv_frag_purge_orig(struct batadv_orig_node *orig_node,
	73	bool (check_cb)(struct batadv_frag_table_entry ))
	74	{
	75	struct batadv_frag_table_entry *chain;
6b5e971a	76	u8 i;
610bfc6b MH	77
	78	for (i = 0; i < BATADV_FRAG_BUFFER_COUNT; i++) {
	79	chain = &orig_node->fragments[i];
01f6b5c7	80	spin_lock_bh(&chain->lock);
610bfc6b MH	81
610bfc6b MH	82	if (!check_cb \|\| check_cb(chain)) {
bd687fe4	83	batadv_frag_clear_chain(&chain->fragment_list, true);
01f6b5c7	84	chain->size = 0;
610bfc6b MH	85	}
610bfc6b MH	86
01f6b5c7	87	spin_unlock_bh(&chain->lock);
610bfc6b MH	88	}
	89	}
	90
	91	/**
	92	* batadv_frag_size_limit - maximum possible size of packet to be fragmented
	93	*
62fe710f	94	* Return: the maximum size of payload that can be fragmented.
610bfc6b MH	95	*/
	96	static int batadv_frag_size_limit(void)
	97	{
	98	int limit = BATADV_FRAG_MAX_FRAG_SIZE;
	99
	100	limit -= sizeof(struct batadv_frag_packet);
	101	limit *= BATADV_FRAG_MAX_FRAGMENTS;
	102
	103	return limit;
	104	}
	105
	106	/**
	107	* batadv_frag_init_chain - check and prepare fragment chain for new fragment
	108	* @chain: chain in fragments table to init
	109	* @seqno: sequence number of the received fragment
	110	*
	111	* Make chain ready for a fragment with sequence number "seqno". Delete existing
	112	* entries if they have an "old" sequence number.
	113	*
	114	* Caller must hold chain->lock.
	115	*
62fe710f	116	* Return: true if chain is empty and caller can just insert the new fragment
610bfc6b MH	117	* without searching for the right position.
	118	*/
	119	static bool batadv_frag_init_chain(struct batadv_frag_table_entry *chain,
6b5e971a	120	u16 seqno)
610bfc6b	121	{
5274cd68 SE	122	lockdep_assert_held(&chain->lock);
5274cd68 SE	123
610bfc6b MH	124	if (chain->seqno == seqno)
	125	return false;
	126
176e5b77	127	if (!hlist_empty(&chain->fragment_list))
bd687fe4	128	batadv_frag_clear_chain(&chain->fragment_list, true);
610bfc6b MH	129
	130	chain->size = 0;
	131	chain->seqno = seqno;
	132
	133	return true;
	134	}
	135
	136	/**
	137	* batadv_frag_insert_packet - insert a fragment into a fragment chain
	138	* @orig_node: originator that the fragment was received from
	139	* @skb: skb to insert
	140	* @chain_out: list head to attach complete chains of fragments to
	141	*
	142	* Insert a new fragment into the reverse ordered chain in the right table
	143	* entry. The hash table entry is cleared if "old" fragments exist in it.
	144	*
62fe710f	145	* Return: true if skb is buffered, false on error. If the chain has all the
610bfc6b MH	146	* fragments needed to merge the packet, the chain is moved to the passed head
	147	* to avoid locking the chain in the table.
	148	*/
	149	static bool batadv_frag_insert_packet(struct batadv_orig_node *orig_node,
	150	struct sk_buff *skb,
	151	struct hlist_head *chain_out)
	152	{
	153	struct batadv_frag_table_entry *chain;
	154	struct batadv_frag_list_entry frag_entry_new = NULL, frag_entry_curr;
d9124268	155	struct batadv_frag_list_entry *frag_entry_last = NULL;
610bfc6b	156	struct batadv_frag_packet *frag_packet;
6b5e971a SE	157	u8 bucket;
6b5e971a SE	158	u16 seqno, hdr_size = sizeof(struct batadv_frag_packet);
610bfc6b MH	159	bool ret = false;
	160
	161	/* Linearize packet to avoid linearizing 16 packets in a row when doing
	162	* the later merge. Non-linear merge should be added to remove this
	163	* linearization.
	164	*/
	165	if (skb_linearize(skb) < 0)
	166	goto err;
	167
	168	frag_packet = (struct batadv_frag_packet *)skb->data;
	169	seqno = ntohs(frag_packet->seqno);
	170	bucket = seqno % BATADV_FRAG_BUFFER_COUNT;
	171
	172	frag_entry_new = kmalloc(sizeof(*frag_entry_new), GFP_ATOMIC);
	173	if (!frag_entry_new)
	174	goto err;
	175
	176	frag_entry_new->skb = skb;
	177	frag_entry_new->no = frag_packet->no;
	178
	179	/* Select entry in the "chain table" and delete any prior fragments
	180	* with another sequence number. batadv_frag_init_chain() returns true,
	181	* if the list is empty at return.
	182	*/
	183	chain = &orig_node->fragments[bucket];
	184	spin_lock_bh(&chain->lock);
	185	if (batadv_frag_init_chain(chain, seqno)) {
176e5b77	186	hlist_add_head(&frag_entry_new->list, &chain->fragment_list);
610bfc6b MH	187	chain->size = skb->len - hdr_size;
610bfc6b MH	188	chain->timestamp = jiffies;
53e77145	189	chain->total_size = ntohs(frag_packet->total_size);
610bfc6b MH	190	ret = true;
	191	goto out;
	192	}
	193
	194	/* Find the position for the new fragment. */
176e5b77	195	hlist_for_each_entry(frag_entry_curr, &chain->fragment_list, list) {
610bfc6b MH	196	/* Drop packet if fragment already exists. */
	197	if (frag_entry_curr->no == frag_entry_new->no)
	198	goto err_unlock;
	199
	200	/* Order fragments from highest to lowest. */
	201	if (frag_entry_curr->no < frag_entry_new->no) {
	202	hlist_add_before(&frag_entry_new->list,
	203	&frag_entry_curr->list);
	204	chain->size += skb->len - hdr_size;
	205	chain->timestamp = jiffies;
	206	ret = true;
	207	goto out;
	208	}
d9124268 SE	209
	210	/* store current entry because it could be the last in list */
	211	frag_entry_last = frag_entry_curr;
610bfc6b MH	212	}
610bfc6b MH	213
d9124268 SE	214	/* Reached the end of the list, so insert after 'frag_entry_last'. */
d9124268 SE	215	if (likely(frag_entry_last)) {
e050dbeb	216	hlist_add_behind(&frag_entry_new->list, &frag_entry_last->list);
610bfc6b MH	217	chain->size += skb->len - hdr_size;
	218	chain->timestamp = jiffies;
	219	ret = true;
	220	}
	221
	222	out:
	223	if (chain->size > batadv_frag_size_limit() \|\|
53e77145 SE	224	chain->total_size != ntohs(frag_packet->total_size) \|\|
53e77145 SE	225	chain->total_size > batadv_frag_size_limit()) {
610bfc6b	226	/* Clear chain if total size of either the list or the packet
53e77145 SE	227	* exceeds the maximum size of one merged packet. Don't allow
53e77145 SE	228	* packets to have different total_size.
610bfc6b	229	*/
bd687fe4	230	batadv_frag_clear_chain(&chain->fragment_list, true);
610bfc6b MH	231	chain->size = 0;
	232	} else if (ntohs(frag_packet->total_size) == chain->size) {
	233	/* All fragments received. Hand over chain to caller. */
176e5b77	234	hlist_move_list(&chain->fragment_list, chain_out);
610bfc6b MH	235	chain->size = 0;
	236	}
	237
	238	err_unlock:
	239	spin_unlock_bh(&chain->lock);
	240
	241	err:
	242	if (!ret)
	243	kfree(frag_entry_new);
	244
	245	return ret;
	246	}
	247
	248	/**
	249	* batadv_frag_merge_packets - merge a chain of fragments
	250	* @chain: head of chain with fragments
610bfc6b MH	251	*
	252	* Expand the first skb in the chain and copy the content of the remaining
	253	* skb's into the expanded one. After doing so, clear the chain.
	254	*
62fe710f	255	* Return: the merged skb or NULL on error.
610bfc6b MH	256	*/
610bfc6b MH	257	static struct sk_buff *
83e8b877	258	batadv_frag_merge_packets(struct hlist_head *chain)
610bfc6b MH	259	{
	260	struct batadv_frag_packet *packet;
	261	struct batadv_frag_list_entry *entry;
422d2f77	262	struct sk_buff *skb_out;
610bfc6b	263	int size, hdr_size = sizeof(struct batadv_frag_packet);
bd687fe4	264	bool dropped = false;
610bfc6b	265
610bfc6b MH	266	/* Remove first entry, as this is the destination for the rest of the
	267	* fragments.
	268	*/
	269	entry = hlist_entry(chain->first, struct batadv_frag_list_entry, list);
	270	hlist_del(&entry->list);
	271	skb_out = entry->skb;
	272	kfree(entry);
	273
83e8b877 SE	274	packet = (struct batadv_frag_packet *)skb_out->data;
	275	size = ntohs(packet->total_size);
	276
610bfc6b	277	/* Make room for the rest of the fragments. */
5b6698b0	278	if (pskb_expand_head(skb_out, 0, size - skb_out->len, GFP_ATOMIC) < 0) {
610bfc6b MH	279	kfree_skb(skb_out);
610bfc6b MH	280	skb_out = NULL;
bd687fe4	281	dropped = true;
610bfc6b MH	282	goto free;
	283	}
	284
	285	/* Move the existing MAC header to just before the payload. (Override
	286	* the fragment header.)
	287	*/
	288	skb_pull_rcsum(skb_out, hdr_size);
	289	memmove(skb_out->data - ETH_HLEN, skb_mac_header(skb_out), ETH_HLEN);
	290	skb_set_mac_header(skb_out, -ETH_HLEN);
	291	skb_reset_network_header(skb_out);
	292	skb_reset_transport_header(skb_out);
	293
	294	/* Copy the payload of the each fragment into the last skb */
	295	hlist_for_each_entry(entry, chain, list) {
	296	size = entry->skb->len - hdr_size;
	297	memcpy(skb_put(skb_out, size), entry->skb->data + hdr_size,
	298	size);
	299	}
	300
	301	free:
	302	/* Locking is not needed, because 'chain' is not part of any orig. */
bd687fe4	303	batadv_frag_clear_chain(chain, dropped);
610bfc6b MH	304	return skb_out;
	305	}
	306
	307	/**
	308	* batadv_frag_skb_buffer - buffer fragment for later merge
	309	* @skb: skb to buffer
	310	* @orig_node_src: originator that the skb is received from
	311	*
	312	* Add fragment to buffer and merge fragments if possible.
	313	*
	314	* There are three possible outcomes: 1) Packet is merged: Return true and
	315	* set skb to merged packet; 2) Packet is buffered: Return true and set skb
	316	* to NULL; 3) Error: Return false and leave skb as is.
62fe710f SE	317	*
	318	* Return: true when packet is merged or buffered, false when skb is not not
	319	* used.
610bfc6b MH	320	*/
	321	bool batadv_frag_skb_buffer(struct sk_buff **skb,
	322	struct batadv_orig_node *orig_node_src)
	323	{
	324	struct sk_buff *skb_out = NULL;
	325	struct hlist_head head = HLIST_HEAD_INIT;
	326	bool ret = false;
	327
	328	/* Add packet to buffer and table entry if merge is possible. */
	329	if (!batadv_frag_insert_packet(orig_node_src, *skb, &head))
	330	goto out_err;
	331
	332	/* Leave if more fragments are needed to merge. */
	333	if (hlist_empty(&head))
	334	goto out;
	335
83e8b877	336	skb_out = batadv_frag_merge_packets(&head);
610bfc6b MH	337	if (!skb_out)
	338	goto out_err;
	339
	340	out:
	341	*skb = skb_out;
	342	ret = true;
	343	out_err:
	344	return ret;
	345	}
	346
	347	/**
	348	* batadv_frag_skb_fwd - forward fragments that would exceed MTU when merged
	349	* @skb: skb to forward
	350	* @recv_if: interface that the skb is received on
	351	* @orig_node_src: originator that the skb is received from
	352	*
	353	* Look up the next-hop of the fragments payload and check if the merged packet
	354	* will exceed the MTU towards the next-hop. If so, the fragment is forwarded
	355	* without merging it.
	356	*
62fe710f	357	* Return: true if the fragment is consumed/forwarded, false otherwise.
610bfc6b MH	358	*/
	359	bool batadv_frag_skb_fwd(struct sk_buff *skb,
	360	struct batadv_hard_iface *recv_if,
	361	struct batadv_orig_node *orig_node_src)
	362	{
	363	struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
422d2f77	364	struct batadv_orig_node *orig_node_dst;
610bfc6b MH	365	struct batadv_neigh_node *neigh_node = NULL;
610bfc6b MH	366	struct batadv_frag_packet *packet;
6b5e971a	367	u16 total_size;
610bfc6b MH	368	bool ret = false;
	369
	370	packet = (struct batadv_frag_packet *)skb->data;
	371	orig_node_dst = batadv_orig_hash_find(bat_priv, packet->dest);
	372	if (!orig_node_dst)
	373	goto out;
	374
	375	neigh_node = batadv_find_router(bat_priv, orig_node_dst, recv_if);
	376	if (!neigh_node)
	377	goto out;
	378
	379	/* Forward the fragment, if the merged packet would be too big to
	380	* be assembled.
	381	*/
	382	total_size = ntohs(packet->total_size);
	383	if (total_size > neigh_node->if_incoming->net_dev->mtu) {
	384	batadv_inc_counter(bat_priv, BATADV_CNT_FRAG_FWD);
	385	batadv_add_counter(bat_priv, BATADV_CNT_FRAG_FWD_BYTES,
	386	skb->len + ETH_HLEN);
	387
a40d9b07	388	packet->ttl--;
95d39278	389	batadv_send_unicast_skb(skb, neigh_node);
610bfc6b MH	390	ret = true;
	391	}
	392
	393	out:
	394	if (orig_node_dst)
5d967310	395	batadv_orig_node_put(orig_node_dst);
610bfc6b	396	if (neigh_node)
25bb2509	397	batadv_neigh_node_put(neigh_node);
610bfc6b MH	398	return ret;
610bfc6b MH	399	}
ee75ed88 MH	400
	401	/**
	402	* batadv_frag_create - create a fragment from skb
	403	* @skb: skb to create fragment from
	404	* @frag_head: header to use in new fragment
	405	* @mtu: size of new fragment
	406	*
	407	* Split the passed skb into two fragments: A new one with size matching the
	408	* passed mtu and the old one with the rest. The new skb contains data from the
	409	* tail of the old skb.
	410	*
62fe710f	411	* Return: the new fragment, NULL on error.
ee75ed88 MH	412	*/
	413	static struct sk_buff batadv_frag_create(struct sk_buff skb,
	414	struct batadv_frag_packet *frag_head,
	415	unsigned int mtu)
	416	{
	417	struct sk_buff *skb_fragment;
d3abce78 SE	418	unsigned int header_size = sizeof(*frag_head);
d3abce78 SE	419	unsigned int fragment_size = mtu - header_size;
ee75ed88 MH	420
	421	skb_fragment = netdev_alloc_skb(NULL, mtu + ETH_HLEN);
	422	if (!skb_fragment)
	423	goto err;
	424
1914848e	425	skb_fragment->priority = skb->priority;
ee75ed88 MH	426
	427	/* Eat the last mtu-bytes of the skb */
	428	skb_reserve(skb_fragment, header_size + ETH_HLEN);
	429	skb_split(skb, skb_fragment, skb->len - fragment_size);
	430
	431	/* Add the header */
	432	skb_push(skb_fragment, header_size);
	433	memcpy(skb_fragment->data, frag_head, header_size);
	434
	435	err:
	436	return skb_fragment;
	437	}
	438
	439	/**
	440	* batadv_frag_send_packet - create up to 16 fragments from the passed skb
	441	* @skb: skb to create fragments from
	442	* @orig_node: final destination of the created fragments
	443	* @neigh_node: next-hop of the created fragments
	444	*
8def0be8	445	* Return: the netdev tx status or a negative errno code on a failure
ee75ed88	446	*/
f50ca95a AQ	447	int batadv_frag_send_packet(struct sk_buff *skb,
	448	struct batadv_orig_node *orig_node,
	449	struct batadv_neigh_node *neigh_node)
ee75ed88 MH	450	{
ee75ed88 MH	451	struct batadv_priv *bat_priv;
be181015	452	struct batadv_hard_iface *primary_if = NULL;
ee75ed88 MH	453	struct batadv_frag_packet frag_header;
ee75ed88 MH	454	struct sk_buff *skb_fragment;
d3abce78 SE	455	unsigned int mtu = neigh_node->if_incoming->net_dev->mtu;
	456	unsigned int header_size = sizeof(frag_header);
	457	unsigned int max_fragment_size, max_packet_size;
8def0be8	458	int ret;
ee75ed88 MH	459
	460	/* To avoid merge and refragmentation at next-hops we never send
	461	* fragments larger than BATADV_FRAG_MAX_FRAG_SIZE
	462	*/
d3abce78	463	mtu = min_t(unsigned int, mtu, BATADV_FRAG_MAX_FRAG_SIZE);
0402e444	464	max_fragment_size = mtu - header_size;
ee75ed88 MH	465	max_packet_size = max_fragment_size * BATADV_FRAG_MAX_FRAGMENTS;
	466
	467	/* Don't even try to fragment, if we need more than 16 fragments */
8def0be8 SE	468	if (skb->len > max_packet_size) {
	469	ret = -EAGAIN;
	470	goto free_skb;
	471	}
ee75ed88 MH	472
	473	bat_priv = orig_node->bat_priv;
	474	primary_if = batadv_primary_if_get_selected(bat_priv);
8def0be8 SE	475	if (!primary_if) {
8def0be8 SE	476	ret = -EINVAL;
4ea33ef0	477	goto free_skb;
8def0be8	478	}
ee75ed88 MH	479
ee75ed88 MH	480	/* Create one header to be copied to all fragments */
a40d9b07 SW	481	frag_header.packet_type = BATADV_UNICAST_FRAG;
	482	frag_header.version = BATADV_COMPAT_VERSION;
	483	frag_header.ttl = BATADV_TTL;
ee75ed88 MH	484	frag_header.seqno = htons(atomic_inc_return(&bat_priv->frag_seqno));
	485	frag_header.reserved = 0;
	486	frag_header.no = 0;
	487	frag_header.total_size = htons(skb->len);
c0f25c80 AL	488
	489	/* skb->priority values from 256->263 are magic values to
	490	* directly indicate a specific 802.1d priority. This is used
	491	* to allow 802.1d priority to be passed directly in from VLAN
	492	* tags, etc.
	493	*/
	494	if (skb->priority >= 256 && skb->priority <= 263)
	495	frag_header.priority = skb->priority - 256;
	496
8fdd0153 AQ	497	ether_addr_copy(frag_header.orig, primary_if->net_dev->dev_addr);
8fdd0153 AQ	498	ether_addr_copy(frag_header.dest, orig_node->orig);
ee75ed88 MH	499
	500	/* Eat and send fragments from the tail of skb */
	501	while (skb->len > max_fragment_size) {
	502	skb_fragment = batadv_frag_create(skb, &frag_header, mtu);
8def0be8 SE	503	if (!skb_fragment) {
8def0be8 SE	504	ret = -ENOMEM;
4ea33ef0	505	goto put_primary_if;
8def0be8	506	}
ee75ed88 MH	507
	508	batadv_inc_counter(bat_priv, BATADV_CNT_FRAG_TX);
	509	batadv_add_counter(bat_priv, BATADV_CNT_FRAG_TX_BYTES,
	510	skb_fragment->len + ETH_HLEN);
f50ca95a AQ	511	ret = batadv_send_unicast_skb(skb_fragment, neigh_node);
f50ca95a AQ	512	if (ret != NET_XMIT_SUCCESS) {
8def0be8	513	ret = NET_XMIT_DROP;
4ea33ef0	514	goto put_primary_if;
f50ca95a AQ	515	}
f50ca95a AQ	516
ee75ed88 MH	517	frag_header.no++;
	518
	519	/* The initial check in this function should cover this case */
f50ca95a	520	if (frag_header.no == BATADV_FRAG_MAX_FRAGMENTS - 1) {
8def0be8	521	ret = -EINVAL;
4ea33ef0	522	goto put_primary_if;
f50ca95a	523	}
ee75ed88 MH	524	}
	525
	526	/* Make room for the fragment header. */
	527	if (batadv_skb_head_push(skb, header_size) < 0 \|\|
8def0be8 SE	528	pskb_expand_head(skb, header_size + ETH_HLEN, 0, GFP_ATOMIC) < 0) {
8def0be8 SE	529	ret = -ENOMEM;
4ea33ef0	530	goto put_primary_if;
8def0be8	531	}
ee75ed88 MH	532
	533	memcpy(skb->data, &frag_header, header_size);
	534
	535	/* Send the last fragment */
	536	batadv_inc_counter(bat_priv, BATADV_CNT_FRAG_TX);
	537	batadv_add_counter(bat_priv, BATADV_CNT_FRAG_TX_BYTES,
	538	skb->len + ETH_HLEN);
f50ca95a	539	ret = batadv_send_unicast_skb(skb, neigh_node);
8def0be8 SE	540	/* skb was consumed */
8def0be8 SE	541	skb = NULL;
ee75ed88	542
8def0be8 SE	543	put_primary_if:
	544	batadv_hardif_put(primary_if);
	545	free_skb:
	546	kfree_skb(skb);
be181015 AQ	547
be181015 AQ	548	return ret;
ee75ed88	549	}