]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/ipv6/ip6_output.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
qlge: call ql_core_dump() only if dump memory was allocated.
[mirror_ubuntu-zesty-kernel.git] / net / ipv6 / ip6_output.c
CommitLineData
1da177e4
LT		 1/*
2 * IPv6 output functions
1ab1457c 3 * Linux INET6 implementation
1da177e4
LT		 4 *
5 * Authors:
1ab1457c 6 * Pedro Roque <roque@di.fc.ul.pt>
1da177e4 7 *
1da177e4
LT		 8 * Based on linux/net/ipv4/ip_output.c
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
14 *
15 * Changes:
16 * A.N.Kuznetsov : airthmetics in fragmentation.
17 * extension headers are implemented.
18 * route changes now work.
19 * ip6_forward does not confuse sniffers.
20 * etc.
21 *
22 * H. von Brand : Added missing #include <linux/string.h>
23 * Imran Patel : frag id should be in NBO
24 * Kazunori MIYAZAWA @USAGI
25 * : add ip6_append_data and related functions
26 * for datagram xmit
27 */
28
1da177e4 29#include <linux/errno.h>
ef76bc23 30#include <linux/kernel.h>
1da177e4
LT		 31#include <linux/string.h>
32#include <linux/socket.h>
33#include <linux/net.h>
34#include <linux/netdevice.h>
35#include <linux/if_arp.h>
36#include <linux/in6.h>
37#include <linux/tcp.h>
38#include <linux/route.h>
b59f45d0 39#include <linux/module.h>
5a0e3ad6 40#include <linux/slab.h>
1da177e4
LT		 41
42#include <linux/netfilter.h>
43#include <linux/netfilter_ipv6.h>
44
45#include <net/sock.h>
46#include <net/snmp.h>
47
48#include <net/ipv6.h>
49#include <net/ndisc.h>
50#include <net/protocol.h>
51#include <net/ip6_route.h>
52#include <net/addrconf.h>
53#include <net/rawv6.h>
54#include <net/icmp.h>
55#include <net/xfrm.h>
56#include <net/checksum.h>
7bc570c8 57#include <linux/mroute6.h>
1da177e4 58
9e508490 59static int ip6_finish_output2(struct sk_buff *skb)
1da177e4 60{
adf30907 61 struct dst_entry *dst = skb_dst(skb);
1da177e4 62 struct net_device *dev = dst->dev;
f6b72b62 63 struct neighbour *neigh;
6fd6ce20
YH		 64 struct in6_addr *nexthop;
65 int ret;
1da177e4
LT		 66
67 skb->protocol = htons(ETH_P_IPV6);
68 skb->dev = dev;
69
0660e03f 70 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
adf30907 71 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
1da177e4 72
7ad6848c 73 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(skb->sk) &&
d1db275d 74 ((mroute6_socket(dev_net(dev), skb) &&
bd91b8bf 75 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
7bc570c8
YH		 76 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
77 &ipv6_hdr(skb)->saddr))) {
1da177e4
LT		 78 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
79
80 /* Do not check for IFF_ALLMULTI; multicast routing
81 is not supported in any case.
82 */
83 if (newskb)
b2e0b385
JE		 84 NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING,
85 newskb, NULL, newskb->dev,
95603e22 86 dev_loopback_xmit);
1da177e4 87
0660e03f 88 if (ipv6_hdr(skb)->hop_limit == 0) {
3bd653c8
DL		 89 IP6_INC_STATS(dev_net(dev), idev,
90 IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 91 kfree_skb(skb);
92 return 0;
93 }
94 }
95
edf391ff
NH		 96 IP6_UPD_PO_STATS(dev_net(dev), idev, IPSTATS_MIB_OUTMCAST,
97 skb->len);
dd408515
HFS		 98
99 if (IPV6_ADDR_MC_SCOPE(&ipv6_hdr(skb)->daddr) <=
100 IPV6_ADDR_SCOPE_NODELOCAL &&
101 !(dev->flags & IFF_LOOPBACK)) {
102 kfree_skb(skb);
103 return 0;
104 }
1da177e4
LT		 105 }
106
6fd6ce20
YH		 107 rcu_read_lock_bh();
108 nexthop = rt6_nexthop((struct rt6_info *)dst, &ipv6_hdr(skb)->daddr);
109 neigh = __ipv6_neigh_lookup_noref(dst->dev, nexthop);
110 if (unlikely(!neigh))
111 neigh = __neigh_create(&nd_tbl, nexthop, dst->dev, false);
112 if (!IS_ERR(neigh)) {
113 ret = dst_neigh_output(dst, neigh, skb);
114 rcu_read_unlock_bh();
115 return ret;
116 }
117 rcu_read_unlock_bh();
05e3aa09 118
9e508490
JE		 119 IP6_INC_STATS_BH(dev_net(dst->dev),
120 ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
121 kfree_skb(skb);
122 return -EINVAL;
1da177e4
LT		 123}
124
9e508490
JE		 125static int ip6_finish_output(struct sk_buff *skb)
126{
127 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
128 dst_allfrag(skb_dst(skb)))
129 return ip6_fragment(skb, ip6_finish_output2);
130 else
131 return ip6_finish_output2(skb);
132}
133
1da177e4
LT		 134int ip6_output(struct sk_buff *skb)
135{
9e508490 136 struct net_device *dev = skb_dst(skb)->dev;
adf30907 137 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
778d80be 138 if (unlikely(idev->cnf.disable_ipv6)) {
9e508490 139 IP6_INC_STATS(dev_net(dev), idev,
3bd653c8 140 IPSTATS_MIB_OUTDISCARDS);
778d80be
YH		 141 kfree_skb(skb);
142 return 0;
143 }
144
9c6eb28a
JE		 145 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, NULL, dev,
146 ip6_finish_output,
147 !(IP6CB(skb)->flags & IP6SKB_REROUTED));
1da177e4
LT		 148}
149
1da177e4 150/*
b5d43998 151 * xmit an sk_buff (used by TCP, SCTP and DCCP)
1da177e4
LT		 152 */
153
4c9483b2 154int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
b903d324 155 struct ipv6_txoptions *opt, int tclass)
1da177e4 156{
3bd653c8 157 struct net *net = sock_net(sk);
b30bd282 158 struct ipv6_pinfo *np = inet6_sk(sk);
4c9483b2 159 struct in6_addr *first_hop = &fl6->daddr;
adf30907 160 struct dst_entry *dst = skb_dst(skb);
1da177e4 161 struct ipv6hdr *hdr;
4c9483b2 162 u8 proto = fl6->flowi6_proto;
1da177e4 163 int seg_len = skb->len;
e651f03a 164 int hlimit = -1;
1da177e4
LT		 165 u32 mtu;
166
167 if (opt) {
c2636b4d 168 unsigned int head_room;
1da177e4
LT		 169
170 /* First: exthdrs may take lots of space (~8K for now)
171 MAX_HEADER is not enough.
172 */
173 head_room = opt->opt_nflen + opt->opt_flen;
174 seg_len += head_room;
175 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev);
176
177 if (skb_headroom(skb) < head_room) {
178 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room);
a11d206d 179 if (skb2 == NULL) {
adf30907 180 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
a11d206d
YH		 181 IPSTATS_MIB_OUTDISCARDS);
182 kfree_skb(skb);
1da177e4
LT		 183 return -ENOBUFS;
184 }
808db80a 185 consume_skb(skb);
a11d206d 186 skb = skb2;
83d7eb29 187 skb_set_owner_w(skb, sk);
1da177e4
LT		 188 }
189 if (opt->opt_flen)
190 ipv6_push_frag_opts(skb, opt, &proto);
191 if (opt->opt_nflen)
192 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop);
193 }
194
e2d1bca7
ACM		 195 skb_push(skb, sizeof(struct ipv6hdr));
196 skb_reset_network_header(skb);
0660e03f 197 hdr = ipv6_hdr(skb);
1da177e4
LT		 198
199 /*
200 * Fill in the IPv6 header
201 */
b903d324 202 if (np)
1da177e4
LT		 203 hlimit = np->hop_limit;
204 if (hlimit < 0)
6b75d090 205 hlimit = ip6_dst_hoplimit(dst);
1da177e4 206
3e4e4c1f 207 ip6_flow_hdr(hdr, tclass, fl6->flowlabel);
41a1f8ea 208
1da177e4
LT		 209 hdr->payload_len = htons(seg_len);
210 hdr->nexthdr = proto;
211 hdr->hop_limit = hlimit;
212
4e3fd7a0
AD		 213 hdr->saddr = fl6->saddr;
214 hdr->daddr = *first_hop;
1da177e4 215
9c9c9ad5 216 skb->protocol = htons(ETH_P_IPV6);
a2c2064f 217 skb->priority = sk->sk_priority;
4a19ec58 218 skb->mark = sk->sk_mark;
a2c2064f 219
1da177e4 220 mtu = dst_mtu(dst);
283d07ac 221 if ((skb->len <= mtu) || skb->local_df || skb_is_gso(skb)) {
adf30907 222 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)),
edf391ff 223 IPSTATS_MIB_OUT, skb->len);
b2e0b385
JE		 224 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL,
225 dst->dev, dst_output);
1da177e4
LT		 226 }
227
1da177e4 228 skb->dev = dst->dev;
f4e53e29 229 ipv6_local_error(sk, EMSGSIZE, fl6, mtu);
adf30907 230 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS);
1da177e4
LT		 231 kfree_skb(skb);
232 return -EMSGSIZE;
233}
234
7159039a
YH		 235EXPORT_SYMBOL(ip6_xmit);
236
1da177e4
LT		 237static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
238{
239 struct ip6_ra_chain *ra;
240 struct sock *last = NULL;
241
242 read_lock(&ip6_ra_lock);
243 for (ra = ip6_ra_chain; ra; ra = ra->next) {
244 struct sock *sk = ra->sk;
0bd1b59b
AM		 245 if (sk && ra->sel == sel &&
246 (!sk->sk_bound_dev_if ||
247 sk->sk_bound_dev_if == skb->dev->ifindex)) {
1da177e4
LT		 248 if (last) {
249 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
250 if (skb2)
251 rawv6_rcv(last, skb2);
252 }
253 last = sk;
254 }
255 }
256
257 if (last) {
258 rawv6_rcv(last, skb);
259 read_unlock(&ip6_ra_lock);
260 return 1;
261 }
262 read_unlock(&ip6_ra_lock);
263 return 0;
264}
265
e21e0b5f
VN		 266static int ip6_forward_proxy_check(struct sk_buff *skb)
267{
0660e03f 268 struct ipv6hdr *hdr = ipv6_hdr(skb);
e21e0b5f 269 u8 nexthdr = hdr->nexthdr;
75f2811c 270 __be16 frag_off;
e21e0b5f
VN		 271 int offset;
272
273 if (ipv6_ext_hdr(nexthdr)) {
75f2811c 274 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr, &frag_off);
e21e0b5f
VN		 275 if (offset < 0)
276 return 0;
277 } else
278 offset = sizeof(struct ipv6hdr);
279
280 if (nexthdr == IPPROTO_ICMPV6) {
281 struct icmp6hdr *icmp6;
282
d56f90a7
ACM		 283 if (!pskb_may_pull(skb, (skb_network_header(skb) +
284 offset + 1 - skb->data)))
e21e0b5f
VN		 285 return 0;
286
d56f90a7 287 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset);
e21e0b5f
VN		 288
289 switch (icmp6->icmp6_type) {
290 case NDISC_ROUTER_SOLICITATION:
291 case NDISC_ROUTER_ADVERTISEMENT:
292 case NDISC_NEIGHBOUR_SOLICITATION:
293 case NDISC_NEIGHBOUR_ADVERTISEMENT:
294 case NDISC_REDIRECT:
295 /* For reaction involving unicast neighbor discovery
296 * message destined to the proxied address, pass it to
297 * input function.
298 */
299 return 1;
300 default:
301 break;
302 }
303 }
304
74553b09
VN		 305 /*
306 * The proxying router can't forward traffic sent to a link-local
307 * address, so signal the sender and discard the packet. This
308 * behavior is clarified by the MIPv6 specification.
309 */
310 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) {
311 dst_link_failure(skb);
312 return -1;
313 }
314
e21e0b5f
VN		 315 return 0;
316}
317
1da177e4
LT		 318static inline int ip6_forward_finish(struct sk_buff *skb)
319{
320 return dst_output(skb);
321}
322
323int ip6_forward(struct sk_buff *skb)
324{
adf30907 325 struct dst_entry *dst = skb_dst(skb);
0660e03f 326 struct ipv6hdr *hdr = ipv6_hdr(skb);
1da177e4 327 struct inet6_skb_parm *opt = IP6CB(skb);
c346dca1 328 struct net *net = dev_net(dst->dev);
14f3ad6f 329 u32 mtu;
1ab1457c 330
53b7997f 331 if (net->ipv6.devconf_all->forwarding == 0)
1da177e4
LT		 332 goto error;
333
4497b076
BH		 334 if (skb_warn_if_lro(skb))
335 goto drop;
336
1da177e4 337 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
3bd653c8 338 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
1da177e4
LT		 339 goto drop;
340 }
341
72b43d08
AK		 342 if (skb->pkt_type != PACKET_HOST)
343 goto drop;
344
35fc92a9 345 skb_forward_csum(skb);
1da177e4
LT		 346
347 /*
348 * We DO NOT make any processing on
349 * RA packets, pushing them to user level AS IS
350 * without ane WARRANTY that application will be able
351 * to interpret them. The reason is that we
352 * cannot make anything clever here.
353 *
354 * We are not end-node, so that if packet contains
355 * AH/ESP, we cannot make anything.
356 * Defragmentation also would be mistake, RA packets
357 * cannot be fragmented, because there is no warranty
358 * that different fragments will go along one path. --ANK
359 */
ab4eb353
YH		 360 if (unlikely(opt->flags & IP6SKB_ROUTERALERT)) {
361 if (ip6_call_ra_chain(skb, ntohs(opt->ra)))
1da177e4
LT		 362 return 0;
363 }
364
365 /*
366 * check and decrement ttl
367 */
368 if (hdr->hop_limit <= 1) {
369 /* Force OUTPUT device used as source address */
370 skb->dev = dst->dev;
3ffe533c 371 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0);
483a47d2
DL		 372 IP6_INC_STATS_BH(net,
373 ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS);
1da177e4
LT		 374
375 kfree_skb(skb);
376 return -ETIMEDOUT;
377 }
378
fbea49e1 379 /* XXX: idev->cnf.proxy_ndp? */
53b7997f 380 if (net->ipv6.devconf_all->proxy_ndp &&
8a3edd80 381 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
74553b09
VN		 382 int proxied = ip6_forward_proxy_check(skb);
383 if (proxied > 0)
e21e0b5f 384 return ip6_input(skb);
74553b09 385 else if (proxied < 0) {
3bd653c8
DL		 386 IP6_INC_STATS(net, ip6_dst_idev(dst),
387 IPSTATS_MIB_INDISCARDS);
74553b09
VN		 388 goto drop;
389 }
e21e0b5f
VN		 390 }
391
1da177e4 392 if (!xfrm6_route_forward(skb)) {
3bd653c8 393 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
1da177e4
LT		 394 goto drop;
395 }
adf30907 396 dst = skb_dst(skb);
1da177e4
LT		 397
398 /* IPv6 specs say nothing about it, but it is clear that we cannot
399 send redirects to source routed frames.
1e5dc146 400 We don't send redirects to frames decapsulated from IPsec.
1da177e4 401 */
c45a3dfb 402 if (skb->dev == dst->dev && opt->srcrt == 0 && !skb_sec_path(skb)) {
1da177e4 403 struct in6_addr *target = NULL;
fbfe95a4 404 struct inet_peer *peer;
1da177e4 405 struct rt6_info *rt;
1da177e4
LT		 406
407 /*
408 * incoming and outgoing devices are the same
409 * send a redirect.
410 */
411
412 rt = (struct rt6_info *) dst;
c45a3dfb
DM		 413 if (rt->rt6i_flags & RTF_GATEWAY)
414 target = &rt->rt6i_gateway;
1da177e4
LT		 415 else
416 target = &hdr->daddr;
417
1d861aa4 418 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
92d86829 419
1da177e4
LT		 420 /* Limit redirects both by destination (here)
421 and by source (inside ndisc_send_redirect)
422 */
fbfe95a4 423 if (inet_peer_xrlim_allow(peer, 1*HZ))
4991969a 424 ndisc_send_redirect(skb, target);
1d861aa4
DM		 425 if (peer)
426 inet_putpeer(peer);
5bb1ab09
DS		 427 } else {
428 int addrtype = ipv6_addr_type(&hdr->saddr);
429
1da177e4 430 /* This check is security critical. */
f81b2e7d
YH		 431 if (addrtype == IPV6_ADDR_ANY ||
432 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
5bb1ab09
DS		 433 goto error;
434 if (addrtype & IPV6_ADDR_LINKLOCAL) {
435 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
3ffe533c 436 ICMPV6_NOT_NEIGHBOUR, 0);
5bb1ab09
DS		 437 goto error;
438 }
1da177e4
LT		 439 }
440
14f3ad6f
UW		 441 mtu = dst_mtu(dst);
442 if (mtu < IPV6_MIN_MTU)
443 mtu = IPV6_MIN_MTU;
444
4cdd3408
PM		 445 if ((!skb->local_df && skb->len > mtu && !skb_is_gso(skb)) ||
446 (IP6CB(skb)->frag_max_size && IP6CB(skb)->frag_max_size > mtu)) {
1da177e4
LT		 447 /* Again, force OUTPUT device used as source address */
448 skb->dev = dst->dev;
14f3ad6f 449 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
483a47d2
DL		 450 IP6_INC_STATS_BH(net,
451 ip6_dst_idev(dst), IPSTATS_MIB_INTOOBIGERRORS);
452 IP6_INC_STATS_BH(net,
453 ip6_dst_idev(dst), IPSTATS_MIB_FRAGFAILS);
1da177e4
LT		 454 kfree_skb(skb);
455 return -EMSGSIZE;
456 }
457
458 if (skb_cow(skb, dst->dev->hard_header_len)) {
3bd653c8 459 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 460 goto drop;
461 }
462
0660e03f 463 hdr = ipv6_hdr(skb);
1da177e4
LT		 464
465 /* Mangling hops number delayed to point after skb COW */
1ab1457c 466
1da177e4
LT		 467 hdr->hop_limit--;
468
483a47d2 469 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
2d8dbb04 470 IP6_ADD_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len);
b2e0b385 471 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, skb, skb->dev, dst->dev,
6e23ae2a 472 ip6_forward_finish);
1da177e4
LT		 473
474error:
483a47d2 475 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS);
1da177e4
LT		 476drop:
477 kfree_skb(skb);
478 return -EINVAL;
479}
480
481static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
482{
483 to->pkt_type = from->pkt_type;
484 to->priority = from->priority;
485 to->protocol = from->protocol;
adf30907
ED		 486 skb_dst_drop(to);
487 skb_dst_set(to, dst_clone(skb_dst(from)));
1da177e4 488 to->dev = from->dev;
82e91ffe 489 to->mark = from->mark;
1da177e4
LT		 490
491#ifdef CONFIG_NET_SCHED
492 to->tc_index = from->tc_index;
493#endif
e7ac05f3 494 nf_copy(to, from);
07a93626 495#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
ba9dda3a
JK		 496 to->nf_trace = from->nf_trace;
497#endif
984bc16c 498 skb_copy_secmark(to, from);
1da177e4
LT		 499}
500
ad0081e4 501int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
1da177e4 502{
1da177e4 503 struct sk_buff *frag;
adf30907 504 struct rt6_info *rt = (struct rt6_info*)skb_dst(skb);
d91675f9 505 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
1da177e4
LT		 506 struct ipv6hdr *tmp_hdr;
507 struct frag_hdr *fh;
508 unsigned int mtu, hlen, left, len;
a7ae1992 509 int hroom, troom;
ae08e1f0 510 __be32 frag_id = 0;
1da177e4
LT		 511 int ptr, offset = 0, err=0;
512 u8 *prevhdr, nexthdr = 0;
adf30907 513 struct net *net = dev_net(skb_dst(skb)->dev);
1da177e4 514
1da177e4
LT		 515 hlen = ip6_find_1stfragopt(skb, &prevhdr);
516 nexthdr = *prevhdr;
517
628a5c56 518 mtu = ip6_skb_dst_mtu(skb);
b881ef76
JH		 519
520 /* We must not fragment if the socket is set to force MTU discovery
14f3ad6f 521 * or if the skb it not generated by a local socket.
b881ef76 522 */
4cdd3408
PM		 523 if (unlikely(!skb->local_df && skb->len > mtu) ||
524 (IP6CB(skb)->frag_max_size &&
525 IP6CB(skb)->frag_max_size > mtu)) {
a34a101e
ED		 526 if (skb->sk && dst_allfrag(skb_dst(skb)))
527 sk_nocaps_add(skb->sk, NETIF_F_GSO_MASK);
528
adf30907 529 skb->dev = skb_dst(skb)->dev;
3ffe533c 530 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
adf30907 531 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
3bd653c8 532 IPSTATS_MIB_FRAGFAILS);
b881ef76
JH		 533 kfree_skb(skb);
534 return -EMSGSIZE;
535 }
536
d91675f9
YH		 537 if (np && np->frag_size < mtu) {
538 if (np->frag_size)
539 mtu = np->frag_size;
540 }
541 mtu -= hlen + sizeof(struct frag_hdr);
1da177e4 542
21dc3301 543 if (skb_has_frag_list(skb)) {
1da177e4 544 int first_len = skb_pagelen(skb);
3d13008e 545 struct sk_buff *frag2;
1da177e4
LT		 546
547 if (first_len - hlen > mtu ||
548 ((first_len - hlen) & 7) ||
549 skb_cloned(skb))
550 goto slow_path;
551
4d9092bb 552 skb_walk_frags(skb, frag) {
1da177e4
LT		 553 /* Correct geometry. */
554 if (frag->len > mtu ||
555 ((frag->len & 7) && frag->next) ||
556 skb_headroom(frag) < hlen)
3d13008e 557 goto slow_path_clean;
1da177e4 558
1da177e4
LT		 559 /* Partially cloned skb? */
560 if (skb_shared(frag))
3d13008e 561 goto slow_path_clean;
2fdba6b0
HX		 562
563 BUG_ON(frag->sk);
564 if (skb->sk) {
2fdba6b0
HX		 565 frag->sk = skb->sk;
566 frag->destructor = sock_wfree;
2fdba6b0 567 }
3d13008e 568 skb->truesize -= frag->truesize;
1da177e4
LT		 569 }
570
571 err = 0;
572 offset = 0;
573 frag = skb_shinfo(skb)->frag_list;
4d9092bb 574 skb_frag_list_init(skb);
1da177e4
LT		 575 /* BUILD HEADER */
576
9a217a1c 577 *prevhdr = NEXTHDR_FRAGMENT;
d56f90a7 578 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
1da177e4 579 if (!tmp_hdr) {
adf30907 580 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
3bd653c8 581 IPSTATS_MIB_FRAGFAILS);
1da177e4
LT		 582 return -ENOMEM;
583 }
584
1da177e4
LT		 585 __skb_pull(skb, hlen);
586 fh = (struct frag_hdr*)__skb_push(skb, sizeof(struct frag_hdr));
e2d1bca7
ACM		 587 __skb_push(skb, hlen);
588 skb_reset_network_header(skb);
d56f90a7 589 memcpy(skb_network_header(skb), tmp_hdr, hlen);
1da177e4 590
87c48fa3 591 ipv6_select_ident(fh, rt);
1da177e4
LT		 592 fh->nexthdr = nexthdr;
593 fh->reserved = 0;
594 fh->frag_off = htons(IP6_MF);
595 frag_id = fh->identification;
596
597 first_len = skb_pagelen(skb);
598 skb->data_len = first_len - skb_headlen(skb);
599 skb->len = first_len;
0660e03f
ACM		 600 ipv6_hdr(skb)->payload_len = htons(first_len -
601 sizeof(struct ipv6hdr));
a11d206d 602
d8d1f30b 603 dst_hold(&rt->dst);
1da177e4
LT		 604
605 for (;;) {
606 /* Prepare header of the next frame,
607 * before previous one went down. */
608 if (frag) {
609 frag->ip_summed = CHECKSUM_NONE;
badff6d0 610 skb_reset_transport_header(frag);
1da177e4 611 fh = (struct frag_hdr*)__skb_push(frag, sizeof(struct frag_hdr));
e2d1bca7
ACM		 612 __skb_push(frag, hlen);
613 skb_reset_network_header(frag);
d56f90a7
ACM		 614 memcpy(skb_network_header(frag), tmp_hdr,
615 hlen);
1da177e4
LT		 616 offset += skb->len - hlen - sizeof(struct frag_hdr);
617 fh->nexthdr = nexthdr;
618 fh->reserved = 0;
619 fh->frag_off = htons(offset);
620 if (frag->next != NULL)
621 fh->frag_off |= htons(IP6_MF);
622 fh->identification = frag_id;
0660e03f
ACM		 623 ipv6_hdr(frag)->payload_len =
624 htons(frag->len -
625 sizeof(struct ipv6hdr));
1da177e4
LT		 626 ip6_copy_metadata(frag, skb);
627 }
1ab1457c 628
1da177e4 629 err = output(skb);
dafee490 630 if(!err)
d8d1f30b 631 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
3bd653c8 632 IPSTATS_MIB_FRAGCREATES);
dafee490 633
1da177e4
LT		 634 if (err || !frag)
635 break;
636
637 skb = frag;
638 frag = skb->next;
639 skb->next = NULL;
640 }
641
a51482bd 642 kfree(tmp_hdr);
1da177e4
LT		 643
644 if (err == 0) {
d8d1f30b 645 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
3bd653c8 646 IPSTATS_MIB_FRAGOKS);
94e187c0 647 ip6_rt_put(rt);
1da177e4
LT		 648 return 0;
649 }
650
651 while (frag) {
652 skb = frag->next;
653 kfree_skb(frag);
654 frag = skb;
655 }
656
d8d1f30b 657 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
3bd653c8 658 IPSTATS_MIB_FRAGFAILS);
94e187c0 659 ip6_rt_put(rt);
1da177e4 660 return err;
3d13008e
ED		 661
662slow_path_clean:
663 skb_walk_frags(skb, frag2) {
664 if (frag2 == frag)
665 break;
666 frag2->sk = NULL;
667 frag2->destructor = NULL;
668 skb->truesize += frag2->truesize;
669 }
1da177e4
LT		 670 }
671
672slow_path:
72e843bb
ED		 673 if ((skb->ip_summed == CHECKSUM_PARTIAL) &&
674 skb_checksum_help(skb))
675 goto fail;
676
1da177e4
LT		 677 left = skb->len - hlen; /* Space per frame */
678 ptr = hlen; /* Where to start from */
679
680 /*
681 * Fragment the datagram.
682 */
683
684 *prevhdr = NEXTHDR_FRAGMENT;
a7ae1992
HX		 685 hroom = LL_RESERVED_SPACE(rt->dst.dev);
686 troom = rt->dst.dev->needed_tailroom;
1da177e4
LT		 687
688 /*
689 * Keep copying data until we run out.
690 */
691 while(left > 0) {
692 len = left;
693 /* IF: it doesn't fit, use 'mtu' - the data space left */
694 if (len > mtu)
695 len = mtu;
25985edc 696 /* IF: we are not sending up to and including the packet end
1da177e4
LT		 697 then align the next start on an eight byte boundary */
698 if (len < left) {
699 len &= ~7;
700 }
701 /*
702 * Allocate buffer.
703 */
704
a7ae1992
HX		 705 if ((frag = alloc_skb(len + hlen + sizeof(struct frag_hdr) +
706 hroom + troom, GFP_ATOMIC)) == NULL) {
64ce2073 707 NETDEBUG(KERN_INFO "IPv6: frag: no memory for new fragment!\n");
adf30907 708 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
a11d206d 709 IPSTATS_MIB_FRAGFAILS);
1da177e4
LT		 710 err = -ENOMEM;
711 goto fail;
712 }
713
714 /*
715 * Set up data on packet
716 */
717
718 ip6_copy_metadata(frag, skb);
a7ae1992 719 skb_reserve(frag, hroom);
1da177e4 720 skb_put(frag, len + hlen + sizeof(struct frag_hdr));
c1d2bbe1 721 skb_reset_network_header(frag);
badff6d0 722 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen);
b0e380b1
ACM		 723 frag->transport_header = (frag->network_header + hlen +
724 sizeof(struct frag_hdr));
1da177e4
LT		 725
726 /*
727 * Charge the memory for the fragment to any owner
728 * it might possess
729 */
730 if (skb->sk)
731 skb_set_owner_w(frag, skb->sk);
732
733 /*
734 * Copy the packet header into the new buffer.
735 */
d626f62b 736 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen);
1da177e4
LT		 737
738 /*
739 * Build fragment header.
740 */
741 fh->nexthdr = nexthdr;
742 fh->reserved = 0;
f36d6ab1 743 if (!frag_id) {
87c48fa3 744 ipv6_select_ident(fh, rt);
1da177e4
LT		 745 frag_id = fh->identification;
746 } else
747 fh->identification = frag_id;
748
749 /*
750 * Copy a block of the IP datagram.
751 */
8984e41d 752 if (skb_copy_bits(skb, ptr, skb_transport_header(frag), len))
1da177e4
LT		 753 BUG();
754 left -= len;
755
756 fh->frag_off = htons(offset);
757 if (left > 0)
758 fh->frag_off |= htons(IP6_MF);
0660e03f
ACM		 759 ipv6_hdr(frag)->payload_len = htons(frag->len -
760 sizeof(struct ipv6hdr));
1da177e4
LT		 761
762 ptr += len;
763 offset += len;
764
765 /*
766 * Put this fragment into the sending queue.
767 */
1da177e4
LT		 768 err = output(frag);
769 if (err)
770 goto fail;
dafee490 771
adf30907 772 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
3bd653c8 773 IPSTATS_MIB_FRAGCREATES);
1da177e4 774 }
adf30907 775 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
a11d206d 776 IPSTATS_MIB_FRAGOKS);
808db80a 777 consume_skb(skb);
1da177e4
LT		 778 return err;
779
780fail:
adf30907 781 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
a11d206d 782 IPSTATS_MIB_FRAGFAILS);
1ab1457c 783 kfree_skb(skb);
1da177e4
LT		 784 return err;
785}
786
b71d1d42
ED		 787static inline int ip6_rt_check(const struct rt6key *rt_key,
788 const struct in6_addr *fl_addr,
789 const struct in6_addr *addr_cache)
cf6b1982 790{
a02cec21
ED		 791 return (rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) &&
792 (addr_cache == NULL || !ipv6_addr_equal(fl_addr, addr_cache));
cf6b1982
YH		 793}
794
497c615a
HX		 795static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
796 struct dst_entry *dst,
b71d1d42 797 const struct flowi6 *fl6)
1da177e4 798{
497c615a 799 struct ipv6_pinfo *np = inet6_sk(sk);
a963a37d 800 struct rt6_info *rt;
1da177e4 801
497c615a
HX		 802 if (!dst)
803 goto out;
804
a963a37d
ED		 805 if (dst->ops->family != AF_INET6) {
806 dst_release(dst);
807 return NULL;
808 }
809
810 rt = (struct rt6_info *)dst;
497c615a
HX		 811 /* Yes, checking route validity in not connected
812 * case is not very simple. Take into account,
813 * that we do not support routing by source, TOS,
814 * and MSG_DONTROUTE --ANK (980726)
815 *
cf6b1982
YH		 816 * 1. ip6_rt_check(): If route was host route,
817 * check that cached destination is current.
497c615a
HX		 818 * If it is network route, we still may
819 * check its validity using saved pointer
820 * to the last used address: daddr_cache.
821 * We do not want to save whole address now,
822 * (because main consumer of this service
823 * is tcp, which has not this problem),
824 * so that the last trick works only on connected
825 * sockets.
826 * 2. oif also should be the same.
827 */
4c9483b2 828 if (ip6_rt_check(&rt->rt6i_dst, &fl6->daddr, np->daddr_cache) ||
8e1ef0a9 829#ifdef CONFIG_IPV6_SUBTREES
4c9483b2 830 ip6_rt_check(&rt->rt6i_src, &fl6->saddr, np->saddr_cache) ||
8e1ef0a9 831#endif
4c9483b2 832 (fl6->flowi6_oif && fl6->flowi6_oif != dst->dev->ifindex)) {
497c615a
HX		 833 dst_release(dst);
834 dst = NULL;
1da177e4
LT		 835 }
836
497c615a
HX		 837out:
838 return dst;
839}
840
841static int ip6_dst_lookup_tail(struct sock *sk,
4c9483b2 842 struct dst_entry **dst, struct flowi6 *fl6)
497c615a 843{
3b1e0a65 844 struct net *net = sock_net(sk);
69cce1d1
DM		 845#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
846 struct neighbour *n;
97cac082 847 struct rt6_info *rt;
69cce1d1
DM		 848#endif
849 int err;
497c615a 850
1da177e4 851 if (*dst == NULL)
4c9483b2 852 *dst = ip6_route_output(net, sk, fl6);
1da177e4
LT		 853
854 if ((err = (*dst)->error))
855 goto out_err_release;
856
4c9483b2 857 if (ipv6_addr_any(&fl6->saddr)) {
c3968a85
DW		 858 struct rt6_info *rt = (struct rt6_info *) *dst;
859 err = ip6_route_get_saddr(net, rt, &fl6->daddr,
860 sk ? inet6_sk(sk)->srcprefs : 0,
861 &fl6->saddr);
44456d37 862 if (err)
1da177e4 863 goto out_err_release;
1da177e4
LT		 864 }
865
95c385b4 866#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
e550dfb0
NH		 867 /*
868 * Here if the dst entry we've looked up
869 * has a neighbour entry that is in the INCOMPLETE
870 * state and the src address from the flow is
871 * marked as OPTIMISTIC, we release the found
872 * dst entry and replace it instead with the
873 * dst entry of the nexthop router
874 */
c56bf6fe 875 rt = (struct rt6_info *) *dst;
707be1ff
YH		 876 rcu_read_lock_bh();
877 n = __ipv6_neigh_lookup_noref(rt->dst.dev, rt6_nexthop(rt, &fl6->daddr));
878 err = n && !(n->nud_state & NUD_VALID) ? -EINVAL : 0;
879 rcu_read_unlock_bh();
880
881 if (err) {
e550dfb0 882 struct inet6_ifaddr *ifp;
4c9483b2 883 struct flowi6 fl_gw6;
e550dfb0
NH		 884 int redirect;
885
4c9483b2 886 ifp = ipv6_get_ifaddr(net, &fl6->saddr,
e550dfb0
NH		 887 (*dst)->dev, 1);
888
889 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
890 if (ifp)
891 in6_ifa_put(ifp);
892
893 if (redirect) {
894 /*
895 * We need to get the dst entry for the
896 * default router instead
897 */
898 dst_release(*dst);
4c9483b2
DM		 899 memcpy(&fl_gw6, fl6, sizeof(struct flowi6));
900 memset(&fl_gw6.daddr, 0, sizeof(struct in6_addr));
901 *dst = ip6_route_output(net, sk, &fl_gw6);
e550dfb0
NH		 902 if ((err = (*dst)->error))
903 goto out_err_release;
95c385b4 904 }
e550dfb0 905 }
95c385b4
NH		 906#endif
907
1da177e4
LT		 908 return 0;
909
910out_err_release:
ca46f9c8 911 if (err == -ENETUNREACH)
483a47d2 912 IP6_INC_STATS_BH(net, NULL, IPSTATS_MIB_OUTNOROUTES);
1da177e4
LT		 913 dst_release(*dst);
914 *dst = NULL;
915 return err;
916}
34a0b3cd 917
497c615a
HX		 918/**
919 * ip6_dst_lookup - perform route lookup on flow
920 * @sk: socket which provides route info
921 * @dst: pointer to dst_entry * for result
4c9483b2 922 * @fl6: flow to lookup
497c615a
HX		 923 *
924 * This function performs a route lookup on the given flow.
925 *
926 * It returns zero on success, or a standard errno code on error.
927 */
4c9483b2 928int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi6 *fl6)
497c615a
HX		 929{
930 *dst = NULL;
4c9483b2 931 return ip6_dst_lookup_tail(sk, dst, fl6);
497c615a 932}
3cf3dc6c
ACM		 933EXPORT_SYMBOL_GPL(ip6_dst_lookup);
934
497c615a 935/**
68d0c6d3
DM		 936 * ip6_dst_lookup_flow - perform route lookup on flow with ipsec
937 * @sk: socket which provides route info
4c9483b2 938 * @fl6: flow to lookup
68d0c6d3 939 * @final_dst: final destination address for ipsec lookup
a1414715 940 * @can_sleep: we are in a sleepable context
68d0c6d3
DM		 941 *
942 * This function performs a route lookup on the given flow.
943 *
944 * It returns a valid dst pointer on success, or a pointer encoded
945 * error code.
946 */
4c9483b2 947struct dst_entry *ip6_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
68d0c6d3 948 const struct in6_addr *final_dst,
a1414715 949 bool can_sleep)
68d0c6d3
DM		 950{
951 struct dst_entry *dst = NULL;
952 int err;
953
4c9483b2 954 err = ip6_dst_lookup_tail(sk, &dst, fl6);
68d0c6d3
DM		 955 if (err)
956 return ERR_PTR(err);
957 if (final_dst)
4e3fd7a0 958 fl6->daddr = *final_dst;
2774c131 959 if (can_sleep)
4c9483b2 960 fl6->flowi6_flags |= FLOWI_FLAG_CAN_SLEEP;
2774c131 961
4c9483b2 962 return xfrm_lookup(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
68d0c6d3
DM		 963}
964EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow);
965
966/**
967 * ip6_sk_dst_lookup_flow - perform socket cached route lookup on flow
497c615a 968 * @sk: socket which provides the dst cache and route info
4c9483b2 969 * @fl6: flow to lookup
68d0c6d3 970 * @final_dst: final destination address for ipsec lookup
a1414715 971 * @can_sleep: we are in a sleepable context
497c615a
HX		 972 *
973 * This function performs a route lookup on the given flow with the
974 * possibility of using the cached route in the socket if it is valid.
975 * It will take the socket dst lock when operating on the dst cache.
976 * As a result, this function can only be used in process context.
977 *
68d0c6d3
DM		 978 * It returns a valid dst pointer on success, or a pointer encoded
979 * error code.
497c615a 980 */
4c9483b2 981struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
68d0c6d3 982 const struct in6_addr *final_dst,
a1414715 983 bool can_sleep)
497c615a 984{
68d0c6d3
DM		 985 struct dst_entry *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
986 int err;
497c615a 987
4c9483b2 988 dst = ip6_sk_dst_check(sk, dst, fl6);
68d0c6d3 989
4c9483b2 990 err = ip6_dst_lookup_tail(sk, &dst, fl6);
68d0c6d3
DM		 991 if (err)
992 return ERR_PTR(err);
993 if (final_dst)
4e3fd7a0 994 fl6->daddr = *final_dst;
2774c131 995 if (can_sleep)
4c9483b2 996 fl6->flowi6_flags |= FLOWI_FLAG_CAN_SLEEP;
2774c131 997
4c9483b2 998 return xfrm_lookup(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
497c615a 999}
68d0c6d3 1000EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow);
497c615a 1001
34a0b3cd 1002static inline int ip6_ufo_append_data(struct sock *sk,
e89e9cf5
AR		 1003 int getfrag(void *from, char *to, int offset, int len,
1004 int odd, struct sk_buff *skb),
1005 void *from, int length, int hh_len, int fragheaderlen,
87c48fa3
ED		 1006 int transhdrlen, int mtu,unsigned int flags,
1007 struct rt6_info *rt)
e89e9cf5
AR		 1008
1009{
1010 struct sk_buff *skb;
1011 int err;
1012
1013 /* There is support for UDP large send offload by network
1014 * device, so create one single skb packet containing complete
1015 * udp datagram
1016 */
1017 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) {
1018 skb = sock_alloc_send_skb(sk,
1019 hh_len + fragheaderlen + transhdrlen + 20,
1020 (flags & MSG_DONTWAIT), &err);
1021 if (skb == NULL)
504744e4 1022 return err;
e89e9cf5
AR		 1023
1024 /* reserve space for Hardware header */
1025 skb_reserve(skb, hh_len);
1026
1027 /* create space for UDP/IP header */
1028 skb_put(skb,fragheaderlen + transhdrlen);
1029
1030 /* initialize network header pointer */
c1d2bbe1 1031 skb_reset_network_header(skb);
e89e9cf5
AR		 1032
1033 /* initialize protocol header pointer */
b0e380b1 1034 skb->transport_header = skb->network_header + fragheaderlen;
e89e9cf5 1035
9c9c9ad5 1036 skb->protocol = htons(ETH_P_IPV6);
84fa7933 1037 skb->ip_summed = CHECKSUM_PARTIAL;
e89e9cf5 1038 skb->csum = 0;
e89e9cf5
AR		 1039 }
1040
1041 err = skb_append_datato_frags(sk,skb, getfrag, from,
1042 (length - transhdrlen));
1043 if (!err) {
1044 struct frag_hdr fhdr;
1045
c31d5326
SS		 1046 /* Specify the length of each IPv6 datagram fragment.
1047 * It has to be a multiple of 8.
1048 */
1049 skb_shinfo(skb)->gso_size = (mtu - fragheaderlen -
1050 sizeof(struct frag_hdr)) & ~7;
f83ef8c0 1051 skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
87c48fa3 1052 ipv6_select_ident(&fhdr, rt);
e89e9cf5
AR		 1053 skb_shinfo(skb)->ip6_frag_id = fhdr.identification;
1054 __skb_queue_tail(&sk->sk_write_queue, skb);
1055
1056 return 0;
1057 }
1058 /* There is not enough support do UPD LSO,
1059 * so follow normal path
1060 */
1061 kfree_skb(skb);
1062
1063 return err;
1064}
1da177e4 1065
0178b695
HX		 1066static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src,
1067 gfp_t gfp)
1068{
1069 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1070}
1071
1072static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src,
1073 gfp_t gfp)
1074{
1075 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1076}
1077
75a493e6 1078static void ip6_append_data_mtu(unsigned int *mtu,
0c183379
G		 1079 int *maxfraglen,
1080 unsigned int fragheaderlen,
1081 struct sk_buff *skb,
75a493e6
HFS		 1082 struct rt6_info *rt,
1083 bool pmtuprobe)
0c183379
G		 1084{
1085 if (!(rt->dst.flags & DST_XFRM_TUNNEL)) {
1086 if (skb == NULL) {
1087 /* first fragment, reserve header_len */
1088 *mtu = *mtu - rt->dst.header_len;
1089
1090 } else {
1091 /*
1092 * this fragment is not first, the headers
1093 * space is regarded as data space.
1094 */
75a493e6
HFS		 1095 *mtu = min(*mtu, pmtuprobe ?
1096 rt->dst.dev->mtu :
1097 dst_mtu(rt->dst.path));
0c183379
G		 1098 }
1099 *maxfraglen = ((*mtu - fragheaderlen) & ~7)
1100 + fragheaderlen - sizeof(struct frag_hdr);
1101 }
1102}
1103
41a1f8ea
YH		 1104int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
1105 int offset, int len, int odd, struct sk_buff *skb),
1106 void *from, int length, int transhdrlen,
4c9483b2 1107 int hlimit, int tclass, struct ipv6_txoptions *opt, struct flowi6 *fl6,
13b52cd4 1108 struct rt6_info *rt, unsigned int flags, int dontfrag)
1da177e4
LT		 1109{
1110 struct inet_sock *inet = inet_sk(sk);
1111 struct ipv6_pinfo *np = inet6_sk(sk);
bdc712b4 1112 struct inet_cork *cork;
0c183379 1113 struct sk_buff *skb, *skb_prev = NULL;
75a493e6 1114 unsigned int maxfraglen, fragheaderlen, mtu;
1da177e4 1115 int exthdrlen;
299b0767 1116 int dst_exthdrlen;
1da177e4 1117 int hh_len;
1da177e4
LT		 1118 int copy;
1119 int err;
1120 int offset = 0;
a693e698 1121 __u8 tx_flags = 0;
1da177e4
LT		 1122
1123 if (flags&MSG_PROBE)
1124 return 0;
bdc712b4 1125 cork = &inet->cork.base;
1da177e4
LT		 1126 if (skb_queue_empty(&sk->sk_write_queue)) {
1127 /*
1128 * setup for corking
1129 */
1130 if (opt) {
0178b695 1131 if (WARN_ON(np->cork.opt))
1da177e4 1132 return -EINVAL;
0178b695 1133
284041ef 1134 np->cork.opt = kzalloc(opt->tot_len, sk->sk_allocation);
0178b695
HX		 1135 if (unlikely(np->cork.opt == NULL))
1136 return -ENOBUFS;
1137
1138 np->cork.opt->tot_len = opt->tot_len;
1139 np->cork.opt->opt_flen = opt->opt_flen;
1140 np->cork.opt->opt_nflen = opt->opt_nflen;
1141
1142 np->cork.opt->dst0opt = ip6_opt_dup(opt->dst0opt,
1143 sk->sk_allocation);
1144 if (opt->dst0opt && !np->cork.opt->dst0opt)
1145 return -ENOBUFS;
1146
1147 np->cork.opt->dst1opt = ip6_opt_dup(opt->dst1opt,
1148 sk->sk_allocation);
1149 if (opt->dst1opt && !np->cork.opt->dst1opt)
1150 return -ENOBUFS;
1151
1152 np->cork.opt->hopopt = ip6_opt_dup(opt->hopopt,
1153 sk->sk_allocation);
1154 if (opt->hopopt && !np->cork.opt->hopopt)
1155 return -ENOBUFS;
1156
1157 np->cork.opt->srcrt = ip6_rthdr_dup(opt->srcrt,
1158 sk->sk_allocation);
1159 if (opt->srcrt && !np->cork.opt->srcrt)
1160 return -ENOBUFS;
1161
1da177e4
LT		 1162 /* need source address above miyazawa*/
1163 }
d8d1f30b 1164 dst_hold(&rt->dst);
bdc712b4 1165 cork->dst = &rt->dst;
4c9483b2 1166 inet->cork.fl.u.ip6 = *fl6;
1da177e4 1167 np->cork.hop_limit = hlimit;
41a1f8ea 1168 np->cork.tclass = tclass;
0c183379
G		 1169 if (rt->dst.flags & DST_XFRM_TUNNEL)
1170 mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ?
1171 rt->dst.dev->mtu : dst_mtu(&rt->dst);
1172 else
1173 mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ?
1174 rt->dst.dev->mtu : dst_mtu(rt->dst.path);
c7503609 1175 if (np->frag_size < mtu) {
d91675f9
YH		 1176 if (np->frag_size)
1177 mtu = np->frag_size;
1178 }
bdc712b4 1179 cork->fragsize = mtu;
d8d1f30b 1180 if (dst_allfrag(rt->dst.path))
bdc712b4
DM		 1181 cork->flags |= IPCORK_ALLFRAG;
1182 cork->length = 0;
7efdba5b 1183 exthdrlen = (opt ? opt->opt_flen : 0);
1da177e4
LT		 1184 length += exthdrlen;
1185 transhdrlen += exthdrlen;
7efdba5b 1186 dst_exthdrlen = rt->dst.header_len - rt->rt6i_nfheader_len;
1da177e4 1187 } else {
bdc712b4 1188 rt = (struct rt6_info *)cork->dst;
4c9483b2 1189 fl6 = &inet->cork.fl.u.ip6;
0178b695 1190 opt = np->cork.opt;
1da177e4
LT		 1191 transhdrlen = 0;
1192 exthdrlen = 0;
299b0767 1193 dst_exthdrlen = 0;
bdc712b4 1194 mtu = cork->fragsize;
1da177e4
LT		 1195 }
1196
d8d1f30b 1197 hh_len = LL_RESERVED_SPACE(rt->dst.dev);
1da177e4 1198
a1b05140 1199 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len +
b4ce9277 1200 (opt ? opt->opt_nflen : 0);
1da177e4
LT		 1201 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr);
1202
1203 if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) {
bdc712b4 1204 if (cork->length + length > sizeof(struct ipv6hdr) + IPV6_MAXPLEN - fragheaderlen) {
4c9483b2 1205 ipv6_local_error(sk, EMSGSIZE, fl6, mtu-exthdrlen);
1da177e4
LT		 1206 return -EMSGSIZE;
1207 }
1208 }
1209
a693e698 1210 /* For UDP, check if TX timestamp is enabled */
bf84a010
DB		 1211 if (sk->sk_type == SOCK_DGRAM)
1212 sock_tx_timestamp(sk, &tx_flags);
a693e698 1213
1da177e4
LT		 1214 /*
1215 * Let's try using as much space as possible.
1216 * Use MTU if total length of the message fits into the MTU.
1217 * Otherwise, we need to reserve fragment header and
1218 * fragment alignment (= 8-15 octects, in total).
1219 *
1220 * Note that we may need to "move" the data from the tail of
1ab1457c 1221 * of the buffer to the new fragment when we split
1da177e4
LT		 1222 * the message.
1223 *
1ab1457c 1224 * FIXME: It may be fragmented into multiple chunks
1da177e4
LT		 1225 * at once if non-fragmentable extension headers
1226 * are too large.
1ab1457c 1227 * --yoshfuji
1da177e4
LT		 1228 */
1229
bdc712b4 1230 cork->length += length;
4b340ae2
BH		 1231 if (length > mtu) {
1232 int proto = sk->sk_protocol;
1233 if (dontfrag && (proto == IPPROTO_UDP || proto == IPPROTO_RAW)){
4c9483b2 1234 ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen);
4b340ae2
BH		 1235 return -EMSGSIZE;
1236 }
e89e9cf5 1237
4b340ae2 1238 if (proto == IPPROTO_UDP &&
d8d1f30b 1239 (rt->dst.dev->features & NETIF_F_UFO)) {
4b340ae2
BH		 1240
1241 err = ip6_ufo_append_data(sk, getfrag, from, length,
1242 hh_len, fragheaderlen,
87c48fa3 1243 transhdrlen, mtu, flags, rt);
4b340ae2
BH		 1244 if (err)
1245 goto error;
1246 return 0;
1247 }
e89e9cf5 1248 }
1da177e4
LT		 1249
1250 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL)
1251 goto alloc_new_skb;
1252
1253 while (length > 0) {
1254 /* Check if the remaining data fits into current packet. */
bdc712b4 1255 copy = (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len;
1da177e4
LT		 1256 if (copy < length)
1257 copy = maxfraglen - skb->len;
1258
1259 if (copy <= 0) {
1260 char *data;
1261 unsigned int datalen;
1262 unsigned int fraglen;
1263 unsigned int fraggap;
1264 unsigned int alloclen;
1da177e4 1265alloc_new_skb:
1da177e4 1266 /* There's no room in the current skb */
0c183379
G		 1267 if (skb)
1268 fraggap = skb->len - maxfraglen;
1da177e4
LT		 1269 else
1270 fraggap = 0;
0c183379
G		 1271 /* update mtu and maxfraglen if necessary */
1272 if (skb == NULL || skb_prev == NULL)
1273 ip6_append_data_mtu(&mtu, &maxfraglen,
75a493e6
HFS		 1274 fragheaderlen, skb, rt,
1275 np->pmtudisc ==
1276 IPV6_PMTUDISC_PROBE);
0c183379
G		 1277
1278 skb_prev = skb;
1da177e4
LT		 1279
1280 /*
1281 * If remaining data exceeds the mtu,
1282 * we know we need more fragment(s).
1283 */
1284 datalen = length + fraggap;
1da177e4 1285
0c183379
G		 1286 if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)
1287 datalen = maxfraglen - fragheaderlen - rt->dst.trailer_len;
1da177e4 1288 if ((flags & MSG_MORE) &&
d8d1f30b 1289 !(rt->dst.dev->features&NETIF_F_SG))
1da177e4
LT		 1290 alloclen = mtu;
1291 else
1292 alloclen = datalen + fragheaderlen;
1293
299b0767
SK		 1294 alloclen += dst_exthdrlen;
1295
0c183379
G		 1296 if (datalen != length + fraggap) {
1297 /*
1298 * this is not the last fragment, the trailer
1299 * space is regarded as data space.
1300 */
1301 datalen += rt->dst.trailer_len;
1302 }
1303
1304 alloclen += rt->dst.trailer_len;
1305 fraglen = datalen + fragheaderlen;
1da177e4
LT		 1306
1307 /*
1308 * We just reserve space for fragment header.
1ab1457c 1309 * Note: this may be overallocation if the message
1da177e4
LT		 1310 * (without MSG_MORE) fits into the MTU.
1311 */
1312 alloclen += sizeof(struct frag_hdr);
1313
1314 if (transhdrlen) {
1315 skb = sock_alloc_send_skb(sk,
1316 alloclen + hh_len,
1317 (flags & MSG_DONTWAIT), &err);
1318 } else {
1319 skb = NULL;
1320 if (atomic_read(&sk->sk_wmem_alloc) <=
1321 2 * sk->sk_sndbuf)
1322 skb = sock_wmalloc(sk,
1323 alloclen + hh_len, 1,
1324 sk->sk_allocation);
1325 if (unlikely(skb == NULL))
1326 err = -ENOBUFS;
a693e698
AB		 1327 else {
1328 /* Only the initial fragment
1329 * is time stamped.
1330 */
1331 tx_flags = 0;
1332 }
1da177e4
LT		 1333 }
1334 if (skb == NULL)
1335 goto error;
1336 /*
1337 * Fill in the control structures
1338 */
9c9c9ad5 1339 skb->protocol = htons(ETH_P_IPV6);
d7f7c0ac 1340 skb->ip_summed = CHECKSUM_NONE;
1da177e4 1341 skb->csum = 0;
1f85851e
G		 1342 /* reserve for fragmentation and ipsec header */
1343 skb_reserve(skb, hh_len + sizeof(struct frag_hdr) +
1344 dst_exthdrlen);
1da177e4 1345
a693e698
AB		 1346 if (sk->sk_type == SOCK_DGRAM)
1347 skb_shinfo(skb)->tx_flags = tx_flags;
1348
1da177e4
LT		 1349 /*
1350 * Find where to start putting bytes
1351 */
1f85851e
G		 1352 data = skb_put(skb, fraglen);
1353 skb_set_network_header(skb, exthdrlen);
1354 data += fragheaderlen;
b0e380b1
ACM		 1355 skb->transport_header = (skb->network_header +
1356 fragheaderlen);
1da177e4
LT		 1357 if (fraggap) {
1358 skb->csum = skb_copy_and_csum_bits(
1359 skb_prev, maxfraglen,
1360 data + transhdrlen, fraggap, 0);
1361 skb_prev->csum = csum_sub(skb_prev->csum,
1362 skb->csum);
1363 data += fraggap;
e9fa4f7b 1364 pskb_trim_unique(skb_prev, maxfraglen);
1da177e4
LT		 1365 }
1366 copy = datalen - transhdrlen - fraggap;
299b0767 1367
1da177e4
LT		 1368 if (copy < 0) {
1369 err = -EINVAL;
1370 kfree_skb(skb);
1371 goto error;
1372 } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) {
1373 err = -EFAULT;
1374 kfree_skb(skb);
1375 goto error;
1376 }
1377
1378 offset += copy;
1379 length -= datalen - fraggap;
1380 transhdrlen = 0;
1381 exthdrlen = 0;
299b0767 1382 dst_exthdrlen = 0;
1da177e4
LT		 1383
1384 /*
1385 * Put the packet on the pending queue
1386 */
1387 __skb_queue_tail(&sk->sk_write_queue, skb);
1388 continue;
1389 }
1390
1391 if (copy > length)
1392 copy = length;
1393
d8d1f30b 1394 if (!(rt->dst.dev->features&NETIF_F_SG)) {
1da177e4
LT		 1395 unsigned int off;
1396
1397 off = skb->len;
1398 if (getfrag(from, skb_put(skb, copy),
1399 offset, copy, off, skb) < 0) {
1400 __skb_trim(skb, off);
1401 err = -EFAULT;
1402 goto error;
1403 }
1404 } else {
1405 int i = skb_shinfo(skb)->nr_frags;
5640f768 1406 struct page_frag *pfrag = sk_page_frag(sk);
1da177e4 1407
5640f768
ED		 1408 err = -ENOMEM;
1409 if (!sk_page_frag_refill(sk, pfrag))
1da177e4 1410 goto error;
5640f768
ED		 1411
1412 if (!skb_can_coalesce(skb, i, pfrag->page,
1413 pfrag->offset)) {
1414 err = -EMSGSIZE;
1415 if (i == MAX_SKB_FRAGS)
1416 goto error;
1417
1418 __skb_fill_page_desc(skb, i, pfrag->page,
1419 pfrag->offset, 0);
1420 skb_shinfo(skb)->nr_frags = ++i;
1421 get_page(pfrag->page);
1da177e4 1422 }
5640f768 1423 copy = min_t(int, copy, pfrag->size - pfrag->offset);
9e903e08 1424 if (getfrag(from,
5640f768
ED		 1425 page_address(pfrag->page) + pfrag->offset,
1426 offset, copy, skb->len, skb) < 0)
1427 goto error_efault;
1428
1429 pfrag->offset += copy;
1430 skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
1da177e4
LT		 1431 skb->len += copy;
1432 skb->data_len += copy;
f945fa7a
HX		 1433 skb->truesize += copy;
1434 atomic_add(copy, &sk->sk_wmem_alloc);
1da177e4
LT		 1435 }
1436 offset += copy;
1437 length -= copy;
1438 }
5640f768 1439
1da177e4 1440 return 0;
5640f768
ED		 1441
1442error_efault:
1443 err = -EFAULT;
1da177e4 1444error:
bdc712b4 1445 cork->length -= length;
3bd653c8 1446 IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 1447 return err;
1448}
a495f836 1449EXPORT_SYMBOL_GPL(ip6_append_data);
1da177e4 1450
bf138862
PE		 1451static void ip6_cork_release(struct inet_sock *inet, struct ipv6_pinfo *np)
1452{
0178b695
HX		 1453 if (np->cork.opt) {
1454 kfree(np->cork.opt->dst0opt);
1455 kfree(np->cork.opt->dst1opt);
1456 kfree(np->cork.opt->hopopt);
1457 kfree(np->cork.opt->srcrt);
1458 kfree(np->cork.opt);
1459 np->cork.opt = NULL;
1460 }
1461
bdc712b4
DM		 1462 if (inet->cork.base.dst) {
1463 dst_release(inet->cork.base.dst);
1464 inet->cork.base.dst = NULL;
1465 inet->cork.base.flags &= ~IPCORK_ALLFRAG;
bf138862
PE		 1466 }
1467 memset(&inet->cork.fl, 0, sizeof(inet->cork.fl));
1468}
1469
1da177e4
LT		 1470int ip6_push_pending_frames(struct sock *sk)
1471{
1472 struct sk_buff *skb, *tmp_skb;
1473 struct sk_buff **tail_skb;
1474 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf;
1475 struct inet_sock *inet = inet_sk(sk);
1476 struct ipv6_pinfo *np = inet6_sk(sk);
3bd653c8 1477 struct net *net = sock_net(sk);
1da177e4
LT		 1478 struct ipv6hdr *hdr;
1479 struct ipv6_txoptions *opt = np->cork.opt;
bdc712b4 1480 struct rt6_info *rt = (struct rt6_info *)inet->cork.base.dst;
4c9483b2
DM		 1481 struct flowi6 *fl6 = &inet->cork.fl.u.ip6;
1482 unsigned char proto = fl6->flowi6_proto;
1da177e4
LT		 1483 int err = 0;
1484
1485 if ((skb = __skb_dequeue(&sk->sk_write_queue)) == NULL)
1486 goto out;
1487 tail_skb = &(skb_shinfo(skb)->frag_list);
1488
1489 /* move skb->data to ip header from ext header */
d56f90a7 1490 if (skb->data < skb_network_header(skb))
bbe735e4 1491 __skb_pull(skb, skb_network_offset(skb));
1da177e4 1492 while ((tmp_skb = __skb_dequeue(&sk->sk_write_queue)) != NULL) {
cfe1fc77 1493 __skb_pull(tmp_skb, skb_network_header_len(skb));
1da177e4
LT		 1494 *tail_skb = tmp_skb;
1495 tail_skb = &(tmp_skb->next);
1496 skb->len += tmp_skb->len;
1497 skb->data_len += tmp_skb->len;
1da177e4 1498 skb->truesize += tmp_skb->truesize;
1da177e4
LT		 1499 tmp_skb->destructor = NULL;
1500 tmp_skb->sk = NULL;
1da177e4
LT		 1501 }
1502
28a89453 1503 /* Allow local fragmentation. */
b5c15fc0 1504 if (np->pmtudisc < IPV6_PMTUDISC_DO)
28a89453
HX		 1505 skb->local_df = 1;
1506
4e3fd7a0 1507 *final_dst = fl6->daddr;
cfe1fc77 1508 __skb_pull(skb, skb_network_header_len(skb));
1da177e4
LT		 1509 if (opt && opt->opt_flen)
1510 ipv6_push_frag_opts(skb, opt, &proto);
1511 if (opt && opt->opt_nflen)
1512 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst);
1513
e2d1bca7
ACM		 1514 skb_push(skb, sizeof(struct ipv6hdr));
1515 skb_reset_network_header(skb);
0660e03f 1516 hdr = ipv6_hdr(skb);
1ab1457c 1517
3e4e4c1f 1518 ip6_flow_hdr(hdr, np->cork.tclass, fl6->flowlabel);
1da177e4
LT		 1519 hdr->hop_limit = np->cork.hop_limit;
1520 hdr->nexthdr = proto;
4e3fd7a0
AD		 1521 hdr->saddr = fl6->saddr;
1522 hdr->daddr = *final_dst;
1da177e4 1523
a2c2064f 1524 skb->priority = sk->sk_priority;
4a19ec58 1525 skb->mark = sk->sk_mark;
a2c2064f 1526
d8d1f30b 1527 skb_dst_set(skb, dst_clone(&rt->dst));
edf391ff 1528 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
14878f75 1529 if (proto == IPPROTO_ICMPV6) {
adf30907 1530 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
14878f75 1531
5a57d4c7 1532 ICMP6MSGOUT_INC_STATS_BH(net, idev, icmp6_hdr(skb)->icmp6_type);
e41b5368 1533 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTMSGS);
14878f75
DS		 1534 }
1535
ef76bc23 1536 err = ip6_local_out(skb);
1da177e4
LT		 1537 if (err) {
1538 if (err > 0)
6ce9e7b5 1539 err = net_xmit_errno(err);
1da177e4
LT		 1540 if (err)
1541 goto error;
1542 }
1543
1544out:
bf138862 1545 ip6_cork_release(inet, np);
1da177e4
LT		 1546 return err;
1547error:
06254914 1548 IP6_INC_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 1549 goto out;
1550}
a495f836 1551EXPORT_SYMBOL_GPL(ip6_push_pending_frames);
1da177e4
LT		 1552
1553void ip6_flush_pending_frames(struct sock *sk)
1554{
1da177e4
LT		 1555 struct sk_buff *skb;
1556
1557 while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) {
adf30907
ED		 1558 if (skb_dst(skb))
1559 IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb_dst(skb)),
e1f52208 1560 IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 1561 kfree_skb(skb);
1562 }
1563
bf138862 1564 ip6_cork_release(inet_sk(sk), inet6_sk(sk));
1da177e4 1565}
a495f836 1566EXPORT_SYMBOL_GPL(ip6_flush_pending_frames);
ubuntu-zesty-kernel mirror