]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - net/ipv6/ip6_output.c
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
[mirror_ubuntu-bionic-kernel.git] / net / ipv6 / ip6_output.c
CommitLineData
1da177e4
LT		 1/*
2 * IPv6 output functions
1ab1457c 3 * Linux INET6 implementation
1da177e4
LT		 4 *
5 * Authors:
1ab1457c 6 * Pedro Roque <roque@di.fc.ul.pt>
1da177e4 7 *
1da177e4
LT		 8 * Based on linux/net/ipv4/ip_output.c
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
14 *
15 * Changes:
16 * A.N.Kuznetsov : airthmetics in fragmentation.
17 * extension headers are implemented.
18 * route changes now work.
19 * ip6_forward does not confuse sniffers.
20 * etc.
21 *
22 * H. von Brand : Added missing #include <linux/string.h>
67ba4152 23 * Imran Patel : frag id should be in NBO
1da177e4
LT		 24 * Kazunori MIYAZAWA @USAGI
25 * : add ip6_append_data and related functions
26 * for datagram xmit
27 */
28
1da177e4 29#include <linux/errno.h>
ef76bc23 30#include <linux/kernel.h>
1da177e4
LT		 31#include <linux/string.h>
32#include <linux/socket.h>
33#include <linux/net.h>
34#include <linux/netdevice.h>
35#include <linux/if_arp.h>
36#include <linux/in6.h>
37#include <linux/tcp.h>
38#include <linux/route.h>
b59f45d0 39#include <linux/module.h>
5a0e3ad6 40#include <linux/slab.h>
1da177e4 41
33b48679 42#include <linux/bpf-cgroup.h>
1da177e4
LT		 43#include <linux/netfilter.h>
44#include <linux/netfilter_ipv6.h>
45
46#include <net/sock.h>
47#include <net/snmp.h>
48
49#include <net/ipv6.h>
50#include <net/ndisc.h>
51#include <net/protocol.h>
52#include <net/ip6_route.h>
53#include <net/addrconf.h>
54#include <net/rawv6.h>
55#include <net/icmp.h>
56#include <net/xfrm.h>
57#include <net/checksum.h>
7bc570c8 58#include <linux/mroute6.h>
ca254490 59#include <net/l3mdev.h>
14972cbd 60#include <net/lwtunnel.h>
1da177e4 61
7d8c6e39 62static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff *skb)
1da177e4 63{
adf30907 64 struct dst_entry *dst = skb_dst(skb);
1da177e4 65 struct net_device *dev = dst->dev;
f6b72b62 66 struct neighbour *neigh;
6fd6ce20
YH		 67 struct in6_addr *nexthop;
68 int ret;
1da177e4 69
0660e03f 70 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
adf30907 71 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
1da177e4 72
7026b1dd 73 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(sk) &&
78126c41 74 ((mroute6_socket(net, skb) &&
bd91b8bf 75 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
7bc570c8
YH		 76 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
77 &ipv6_hdr(skb)->saddr))) {
1da177e4
LT		 78 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
79
80 /* Do not check for IFF_ALLMULTI; multicast routing
81 is not supported in any case.
82 */
83 if (newskb)
b2e0b385 84 NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING,
29a26a56 85 net, sk, newskb, NULL, newskb->dev,
95603e22 86 dev_loopback_xmit);
1da177e4 87
0660e03f 88 if (ipv6_hdr(skb)->hop_limit == 0) {
78126c41 89 IP6_INC_STATS(net, idev,
3bd653c8 90 IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 91 kfree_skb(skb);
92 return 0;
93 }
94 }
95
78126c41 96 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUTMCAST, skb->len);
dd408515
HFS		 97
98 if (IPV6_ADDR_MC_SCOPE(&ipv6_hdr(skb)->daddr) <=
99 IPV6_ADDR_SCOPE_NODELOCAL &&
100 !(dev->flags & IFF_LOOPBACK)) {
101 kfree_skb(skb);
102 return 0;
103 }
1da177e4
LT		 104 }
105
14972cbd
RP		 106 if (lwtunnel_xmit_redirect(dst->lwtstate)) {
107 int res = lwtunnel_xmit(skb);
108
109 if (res < 0 || res == LWTUNNEL_XMIT_DONE)
110 return res;
111 }
112
6fd6ce20 113 rcu_read_lock_bh();
2647a9b0 114 nexthop = rt6_nexthop((struct rt6_info *)dst, &ipv6_hdr(skb)->daddr);
6fd6ce20
YH		 115 neigh = __ipv6_neigh_lookup_noref(dst->dev, nexthop);
116 if (unlikely(!neigh))
117 neigh = __neigh_create(&nd_tbl, nexthop, dst->dev, false);
118 if (!IS_ERR(neigh)) {
4ff06203 119 sock_confirm_neigh(skb, neigh);
c16ec185 120 ret = neigh_output(neigh, skb);
6fd6ce20
YH		 121 rcu_read_unlock_bh();
122 return ret;
123 }
124 rcu_read_unlock_bh();
05e3aa09 125
78126c41 126 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
9e508490
JE		 127 kfree_skb(skb);
128 return -EINVAL;
1da177e4
LT		 129}
130
0c4b51f0 131static int ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb)
9e508490 132{
33b48679
DM		 133 int ret;
134
135 ret = BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb);
136 if (ret) {
137 kfree_skb(skb);
138 return ret;
139 }
140
9e508490 141 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
9037c357
JP		 142 dst_allfrag(skb_dst(skb)) ||
143 (IP6CB(skb)->frag_max_size && skb->len > IP6CB(skb)->frag_max_size))
7d8c6e39 144 return ip6_fragment(net, sk, skb, ip6_finish_output2);
9e508490 145 else
7d8c6e39 146 return ip6_finish_output2(net, sk, skb);
9e508490
JE		 147}
148
ede2059d 149int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb)
1da177e4 150{
9e508490 151 struct net_device *dev = skb_dst(skb)->dev;
adf30907 152 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
be10de0a 153
97a7a37a
CF		 154 skb->protocol = htons(ETH_P_IPV6);
155 skb->dev = dev;
156
778d80be 157 if (unlikely(idev->cnf.disable_ipv6)) {
19a0644c 158 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS);
778d80be
YH		 159 kfree_skb(skb);
160 return 0;
161 }
162
29a26a56
EB		 163 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING,
164 net, sk, skb, NULL, dev,
9c6eb28a
JE		 165 ip6_finish_output,
166 !(IP6CB(skb)->flags & IP6SKB_REROUTED));
1da177e4
LT		 167}
168
513674b5
SL		 169static bool ip6_autoflowlabel(struct net *net, const struct ipv6_pinfo *np)
170{
171 if (!np->autoflowlabel_set)
172 return ip6_default_np_autolabel(net);
173 else
174 return np->autoflowlabel;
175}
176
1da177e4 177/*
1c1e9d2b
ED		 178 * xmit an sk_buff (used by TCP, SCTP and DCCP)
179 * Note : socket lock is not held for SYNACK packets, but might be modified
180 * by calls to skb_set_owner_w() and ipv6_local_error(),
181 * which are using proper atomic operations or spinlocks.
1da177e4 182 */
1c1e9d2b 183int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
92e55f41 184 __u32 mark, struct ipv6_txoptions *opt, int tclass)
1da177e4 185{
3bd653c8 186 struct net *net = sock_net(sk);
1c1e9d2b 187 const struct ipv6_pinfo *np = inet6_sk(sk);
4c9483b2 188 struct in6_addr *first_hop = &fl6->daddr;
adf30907 189 struct dst_entry *dst = skb_dst(skb);
1da177e4 190 struct ipv6hdr *hdr;
4c9483b2 191 u8 proto = fl6->flowi6_proto;
1da177e4 192 int seg_len = skb->len;
e651f03a 193 int hlimit = -1;
1da177e4
LT		 194 u32 mtu;
195
196 if (opt) {
c2636b4d 197 unsigned int head_room;
1da177e4
LT		 198
199 /* First: exthdrs may take lots of space (~8K for now)
200 MAX_HEADER is not enough.
201 */
202 head_room = opt->opt_nflen + opt->opt_flen;
203 seg_len += head_room;
204 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev);
205
206 if (skb_headroom(skb) < head_room) {
207 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room);
63159f29 208 if (!skb2) {
adf30907 209 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
a11d206d
YH		 210 IPSTATS_MIB_OUTDISCARDS);
211 kfree_skb(skb);
1da177e4
LT		 212 return -ENOBUFS;
213 }
808db80a 214 consume_skb(skb);
a11d206d 215 skb = skb2;
1c1e9d2b
ED		 216 /* skb_set_owner_w() changes sk->sk_wmem_alloc atomically,
217 * it is safe to call in our context (socket lock not held)
218 */
219 skb_set_owner_w(skb, (struct sock *)sk);
1da177e4
LT		 220 }
221 if (opt->opt_flen)
222 ipv6_push_frag_opts(skb, opt, &proto);
223 if (opt->opt_nflen)
613fa3ca
DL		 224 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop,
225 &fl6->saddr);
1da177e4
LT		 226 }
227
e2d1bca7
ACM		 228 skb_push(skb, sizeof(struct ipv6hdr));
229 skb_reset_network_header(skb);
0660e03f 230 hdr = ipv6_hdr(skb);
1da177e4
LT		 231
232 /*
233 * Fill in the IPv6 header
234 */
b903d324 235 if (np)
1da177e4
LT		 236 hlimit = np->hop_limit;
237 if (hlimit < 0)
6b75d090 238 hlimit = ip6_dst_hoplimit(dst);
1da177e4 239
cb1ce2ef 240 ip6_flow_hdr(hdr, tclass, ip6_make_flowlabel(net, skb, fl6->flowlabel,
513674b5 241 ip6_autoflowlabel(net, np), fl6));
41a1f8ea 242
1da177e4
LT		 243 hdr->payload_len = htons(seg_len);
244 hdr->nexthdr = proto;
245 hdr->hop_limit = hlimit;
246
4e3fd7a0
AD		 247 hdr->saddr = fl6->saddr;
248 hdr->daddr = *first_hop;
1da177e4 249
9c9c9ad5 250 skb->protocol = htons(ETH_P_IPV6);
a2c2064f 251 skb->priority = sk->sk_priority;
92e55f41 252 skb->mark = mark;
a2c2064f 253
1da177e4 254 mtu = dst_mtu(dst);
60ff7467 255 if ((skb->len <= mtu) || skb->ignore_df || skb_is_gso(skb)) {
adf30907 256 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)),
edf391ff 257 IPSTATS_MIB_OUT, skb->len);
a8e3e1a9
DA		 258
259 /* if egress device is enslaved to an L3 master device pass the
260 * skb to its handler for processing
261 */
262 skb = l3mdev_ip6_out((struct sock *)sk, skb);
263 if (unlikely(!skb))
264 return 0;
265
1c1e9d2b
ED		 266 /* hooks should never assume socket lock is held.
267 * we promote our socket to non const
268 */
29a26a56 269 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
1c1e9d2b 270 net, (struct sock *)sk, skb, NULL, dst->dev,
13206b6b 271 dst_output);
1da177e4
LT		 272 }
273
1da177e4 274 skb->dev = dst->dev;
1c1e9d2b
ED		 275 /* ipv6_local_error() does not require socket lock,
276 * we promote our socket to non const
277 */
278 ipv6_local_error((struct sock *)sk, EMSGSIZE, fl6, mtu);
279
adf30907 280 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS);
1da177e4
LT		 281 kfree_skb(skb);
282 return -EMSGSIZE;
283}
7159039a
YH		 284EXPORT_SYMBOL(ip6_xmit);
285
1da177e4
LT		 286static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
287{
288 struct ip6_ra_chain *ra;
289 struct sock *last = NULL;
290
291 read_lock(&ip6_ra_lock);
292 for (ra = ip6_ra_chain; ra; ra = ra->next) {
293 struct sock *sk = ra->sk;
0bd1b59b
AM		 294 if (sk && ra->sel == sel &&
295 (!sk->sk_bound_dev_if ||
296 sk->sk_bound_dev_if == skb->dev->ifindex)) {
1da177e4
LT		 297 if (last) {
298 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
299 if (skb2)
300 rawv6_rcv(last, skb2);
301 }
302 last = sk;
303 }
304 }
305
306 if (last) {
307 rawv6_rcv(last, skb);
308 read_unlock(&ip6_ra_lock);
309 return 1;
310 }
311 read_unlock(&ip6_ra_lock);
312 return 0;
313}
314
e21e0b5f
VN		 315static int ip6_forward_proxy_check(struct sk_buff *skb)
316{
0660e03f 317 struct ipv6hdr *hdr = ipv6_hdr(skb);
e21e0b5f 318 u8 nexthdr = hdr->nexthdr;
75f2811c 319 __be16 frag_off;
e21e0b5f
VN		 320 int offset;
321
322 if (ipv6_ext_hdr(nexthdr)) {
75f2811c 323 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr, &frag_off);
e21e0b5f
VN		 324 if (offset < 0)
325 return 0;
326 } else
327 offset = sizeof(struct ipv6hdr);
328
329 if (nexthdr == IPPROTO_ICMPV6) {
330 struct icmp6hdr *icmp6;
331
d56f90a7
ACM		 332 if (!pskb_may_pull(skb, (skb_network_header(skb) +
333 offset + 1 - skb->data)))
e21e0b5f
VN		 334 return 0;
335
d56f90a7 336 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset);
e21e0b5f
VN		 337
338 switch (icmp6->icmp6_type) {
339 case NDISC_ROUTER_SOLICITATION:
340 case NDISC_ROUTER_ADVERTISEMENT:
341 case NDISC_NEIGHBOUR_SOLICITATION:
342 case NDISC_NEIGHBOUR_ADVERTISEMENT:
343 case NDISC_REDIRECT:
344 /* For reaction involving unicast neighbor discovery
345 * message destined to the proxied address, pass it to
346 * input function.
347 */
348 return 1;
349 default:
350 break;
351 }
352 }
353
74553b09
VN		 354 /*
355 * The proxying router can't forward traffic sent to a link-local
356 * address, so signal the sender and discard the packet. This
357 * behavior is clarified by the MIPv6 specification.
358 */
359 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) {
360 dst_link_failure(skb);
361 return -1;
362 }
363
e21e0b5f
VN		 364 return 0;
365}
366
0c4b51f0
EB		 367static inline int ip6_forward_finish(struct net *net, struct sock *sk,
368 struct sk_buff *skb)
1da177e4 369{
13206b6b 370 return dst_output(net, sk, skb);
1da177e4
LT		 371}
372
0954cf9c
HFS		 373static unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst)
374{
375 unsigned int mtu;
376 struct inet6_dev *idev;
377
378 if (dst_metric_locked(dst, RTAX_MTU)) {
379 mtu = dst_metric_raw(dst, RTAX_MTU);
380 if (mtu)
381 return mtu;
382 }
383
384 mtu = IPV6_MIN_MTU;
385 rcu_read_lock();
386 idev = __in6_dev_get(dst->dev);
387 if (idev)
388 mtu = idev->cnf.mtu6;
389 rcu_read_unlock();
390
391 return mtu;
392}
393
fe6cc55f
FW		 394static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu)
395{
418a3156 396 if (skb->len <= mtu)
fe6cc55f
FW		 397 return false;
398
60ff7467 399 /* ipv6 conntrack defrag sets max_frag_size + ignore_df */
fe6cc55f
FW		 400 if (IP6CB(skb)->frag_max_size && IP6CB(skb)->frag_max_size > mtu)
401 return true;
402
60ff7467 403 if (skb->ignore_df)
418a3156
FW		 404 return false;
405
ae7ef81e 406 if (skb_is_gso(skb) && skb_gso_validate_mtu(skb, mtu))
fe6cc55f
FW		 407 return false;
408
409 return true;
410}
411
1da177e4
LT		 412int ip6_forward(struct sk_buff *skb)
413{
adf30907 414 struct dst_entry *dst = skb_dst(skb);
0660e03f 415 struct ipv6hdr *hdr = ipv6_hdr(skb);
1da177e4 416 struct inet6_skb_parm *opt = IP6CB(skb);
c346dca1 417 struct net *net = dev_net(dst->dev);
14f3ad6f 418 u32 mtu;
1ab1457c 419
53b7997f 420 if (net->ipv6.devconf_all->forwarding == 0)
1da177e4
LT		 421 goto error;
422
090f1166
LR		 423 if (skb->pkt_type != PACKET_HOST)
424 goto drop;
425
9ef2e965
HFS		 426 if (unlikely(skb->sk))
427 goto drop;
428
4497b076
BH		 429 if (skb_warn_if_lro(skb))
430 goto drop;
431
1da177e4 432 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
1d015503
ED		 433 __IP6_INC_STATS(net, ip6_dst_idev(dst),
434 IPSTATS_MIB_INDISCARDS);
1da177e4
LT		 435 goto drop;
436 }
437
35fc92a9 438 skb_forward_csum(skb);
1da177e4
LT		 439
440 /*
441 * We DO NOT make any processing on
442 * RA packets, pushing them to user level AS IS
443 * without ane WARRANTY that application will be able
444 * to interpret them. The reason is that we
445 * cannot make anything clever here.
446 *
447 * We are not end-node, so that if packet contains
448 * AH/ESP, we cannot make anything.
449 * Defragmentation also would be mistake, RA packets
450 * cannot be fragmented, because there is no warranty
451 * that different fragments will go along one path. --ANK
452 */
ab4eb353
YH		 453 if (unlikely(opt->flags & IP6SKB_ROUTERALERT)) {
454 if (ip6_call_ra_chain(skb, ntohs(opt->ra)))
1da177e4
LT		 455 return 0;
456 }
457
458 /*
459 * check and decrement ttl
460 */
461 if (hdr->hop_limit <= 1) {
462 /* Force OUTPUT device used as source address */
463 skb->dev = dst->dev;
3ffe533c 464 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0);
1d015503
ED		 465 __IP6_INC_STATS(net, ip6_dst_idev(dst),
466 IPSTATS_MIB_INHDRERRORS);
1da177e4
LT		 467
468 kfree_skb(skb);
469 return -ETIMEDOUT;
470 }
471
fbea49e1 472 /* XXX: idev->cnf.proxy_ndp? */
53b7997f 473 if (net->ipv6.devconf_all->proxy_ndp &&
8a3edd80 474 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
74553b09
VN		 475 int proxied = ip6_forward_proxy_check(skb);
476 if (proxied > 0)
e21e0b5f 477 return ip6_input(skb);
74553b09 478 else if (proxied < 0) {
1d015503
ED		 479 __IP6_INC_STATS(net, ip6_dst_idev(dst),
480 IPSTATS_MIB_INDISCARDS);
74553b09
VN		 481 goto drop;
482 }
e21e0b5f
VN		 483 }
484
1da177e4 485 if (!xfrm6_route_forward(skb)) {
1d015503
ED		 486 __IP6_INC_STATS(net, ip6_dst_idev(dst),
487 IPSTATS_MIB_INDISCARDS);
1da177e4
LT		 488 goto drop;
489 }
adf30907 490 dst = skb_dst(skb);
1da177e4
LT		 491
492 /* IPv6 specs say nothing about it, but it is clear that we cannot
493 send redirects to source routed frames.
1e5dc146 494 We don't send redirects to frames decapsulated from IPsec.
1da177e4 495 */
c45a3dfb 496 if (skb->dev == dst->dev && opt->srcrt == 0 && !skb_sec_path(skb)) {
1da177e4 497 struct in6_addr *target = NULL;
fbfe95a4 498 struct inet_peer *peer;
1da177e4 499 struct rt6_info *rt;
1da177e4
LT		 500
501 /*
502 * incoming and outgoing devices are the same
503 * send a redirect.
504 */
505
506 rt = (struct rt6_info *) dst;
c45a3dfb
DM		 507 if (rt->rt6i_flags & RTF_GATEWAY)
508 target = &rt->rt6i_gateway;
1da177e4
LT		 509 else
510 target = &hdr->daddr;
511
fd0273d7 512 peer = inet_getpeer_v6(net->ipv6.peers, &hdr->daddr, 1);
92d86829 513
1da177e4
LT		 514 /* Limit redirects both by destination (here)
515 and by source (inside ndisc_send_redirect)
516 */
fbfe95a4 517 if (inet_peer_xrlim_allow(peer, 1*HZ))
4991969a 518 ndisc_send_redirect(skb, target);
1d861aa4
DM		 519 if (peer)
520 inet_putpeer(peer);
5bb1ab09
DS		 521 } else {
522 int addrtype = ipv6_addr_type(&hdr->saddr);
523
1da177e4 524 /* This check is security critical. */
f81b2e7d
YH		 525 if (addrtype == IPV6_ADDR_ANY ||
526 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
5bb1ab09
DS		 527 goto error;
528 if (addrtype & IPV6_ADDR_LINKLOCAL) {
529 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
3ffe533c 530 ICMPV6_NOT_NEIGHBOUR, 0);
5bb1ab09
DS		 531 goto error;
532 }
1da177e4
LT		 533 }
534
0954cf9c 535 mtu = ip6_dst_mtu_forward(dst);
14f3ad6f
UW		 536 if (mtu < IPV6_MIN_MTU)
537 mtu = IPV6_MIN_MTU;
538
fe6cc55f 539 if (ip6_pkt_too_big(skb, mtu)) {
1da177e4
LT		 540 /* Again, force OUTPUT device used as source address */
541 skb->dev = dst->dev;
14f3ad6f 542 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
1d015503
ED		 543 __IP6_INC_STATS(net, ip6_dst_idev(dst),
544 IPSTATS_MIB_INTOOBIGERRORS);
545 __IP6_INC_STATS(net, ip6_dst_idev(dst),
546 IPSTATS_MIB_FRAGFAILS);
1da177e4
LT		 547 kfree_skb(skb);
548 return -EMSGSIZE;
549 }
550
551 if (skb_cow(skb, dst->dev->hard_header_len)) {
1d015503
ED		 552 __IP6_INC_STATS(net, ip6_dst_idev(dst),
553 IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 554 goto drop;
555 }
556
0660e03f 557 hdr = ipv6_hdr(skb);
1da177e4
LT		 558
559 /* Mangling hops number delayed to point after skb COW */
1ab1457c 560
1da177e4
LT		 561 hdr->hop_limit--;
562
1d015503
ED		 563 __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
564 __IP6_ADD_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len);
29a26a56
EB		 565 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD,
566 net, NULL, skb, skb->dev, dst->dev,
6e23ae2a 567 ip6_forward_finish);
1da177e4
LT		 568
569error:
1d015503 570 __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS);
1da177e4
LT		 571drop:
572 kfree_skb(skb);
573 return -EINVAL;
574}
575
576static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
577{
578 to->pkt_type = from->pkt_type;
579 to->priority = from->priority;
580 to->protocol = from->protocol;
adf30907
ED		 581 skb_dst_drop(to);
582 skb_dst_set(to, dst_clone(skb_dst(from)));
1da177e4 583 to->dev = from->dev;
82e91ffe 584 to->mark = from->mark;
1da177e4
LT		 585
586#ifdef CONFIG_NET_SCHED
587 to->tc_index = from->tc_index;
588#endif
e7ac05f3 589 nf_copy(to, from);
984bc16c 590 skb_copy_secmark(to, from);
1da177e4
LT		 591}
592
7d8c6e39
EB		 593int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,
594 int (*output)(struct net *, struct sock *, struct sk_buff *))
1da177e4 595{
1da177e4 596 struct sk_buff *frag;
67ba4152 597 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
f60e5990 598 struct ipv6_pinfo *np = skb->sk && !dev_recursion_level() ?
599 inet6_sk(skb->sk) : NULL;
1da177e4
LT		 600 struct ipv6hdr *tmp_hdr;
601 struct frag_hdr *fh;
602 unsigned int mtu, hlen, left, len;
a7ae1992 603 int hroom, troom;
286c2349 604 __be32 frag_id;
67ba4152 605 int ptr, offset = 0, err = 0;
1da177e4
LT		 606 u8 *prevhdr, nexthdr = 0;
607
7dd7eb95
DM		 608 err = ip6_find_1stfragopt(skb, &prevhdr);
609 if (err < 0)
2423496a 610 goto fail;
7dd7eb95 611 hlen = err;
1da177e4
LT		 612 nexthdr = *prevhdr;
613
628a5c56 614 mtu = ip6_skb_dst_mtu(skb);
b881ef76
JH		 615
616 /* We must not fragment if the socket is set to force MTU discovery
14f3ad6f 617 * or if the skb it not generated by a local socket.
b881ef76 618 */
485fca66
FW		 619 if (unlikely(!skb->ignore_df && skb->len > mtu))
620 goto fail_toobig;
a34a101e 621
485fca66
FW		 622 if (IP6CB(skb)->frag_max_size) {
623 if (IP6CB(skb)->frag_max_size > mtu)
624 goto fail_toobig;
625
626 /* don't send fragments larger than what we received */
627 mtu = IP6CB(skb)->frag_max_size;
628 if (mtu < IPV6_MIN_MTU)
629 mtu = IPV6_MIN_MTU;
b881ef76
JH		 630 }
631
d91675f9
YH		 632 if (np && np->frag_size < mtu) {
633 if (np->frag_size)
634 mtu = np->frag_size;
635 }
89bc7848 636 if (mtu < hlen + sizeof(struct frag_hdr) + 8)
b72a2b01 637 goto fail_toobig;
1e0d69a9 638 mtu -= hlen + sizeof(struct frag_hdr);
1da177e4 639
fd0273d7
MKL		 640 frag_id = ipv6_select_ident(net, &ipv6_hdr(skb)->daddr,
641 &ipv6_hdr(skb)->saddr);
286c2349 642
405c92f7
HFS		 643 if (skb->ip_summed == CHECKSUM_PARTIAL &&
644 (err = skb_checksum_help(skb)))
645 goto fail;
646
1d325d21 647 hroom = LL_RESERVED_SPACE(rt->dst.dev);
21dc3301 648 if (skb_has_frag_list(skb)) {
c72d8cda 649 unsigned int first_len = skb_pagelen(skb);
3d13008e 650 struct sk_buff *frag2;
1da177e4
LT		 651
652 if (first_len - hlen > mtu ||
653 ((first_len - hlen) & 7) ||
1d325d21
FW		 654 skb_cloned(skb) ||
655 skb_headroom(skb) < (hroom + sizeof(struct frag_hdr)))
1da177e4
LT		 656 goto slow_path;
657
4d9092bb 658 skb_walk_frags(skb, frag) {
1da177e4
LT		 659 /* Correct geometry. */
660 if (frag->len > mtu ||
661 ((frag->len & 7) && frag->next) ||
1d325d21 662 skb_headroom(frag) < (hlen + hroom + sizeof(struct frag_hdr)))
3d13008e 663 goto slow_path_clean;
1da177e4 664
1da177e4
LT		 665 /* Partially cloned skb? */
666 if (skb_shared(frag))
3d13008e 667 goto slow_path_clean;
2fdba6b0
HX		 668
669 BUG_ON(frag->sk);
670 if (skb->sk) {
2fdba6b0
HX		 671 frag->sk = skb->sk;
672 frag->destructor = sock_wfree;
2fdba6b0 673 }
3d13008e 674 skb->truesize -= frag->truesize;
1da177e4
LT		 675 }
676
677 err = 0;
678 offset = 0;
1da177e4
LT		 679 /* BUILD HEADER */
680
9a217a1c 681 *prevhdr = NEXTHDR_FRAGMENT;
d56f90a7 682 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
1da177e4 683 if (!tmp_hdr) {
1d325d21
FW		 684 err = -ENOMEM;
685 goto fail;
1da177e4 686 }
1d325d21
FW		 687 frag = skb_shinfo(skb)->frag_list;
688 skb_frag_list_init(skb);
1da177e4 689
1da177e4 690 __skb_pull(skb, hlen);
d58ff351 691 fh = __skb_push(skb, sizeof(struct frag_hdr));
e2d1bca7
ACM		 692 __skb_push(skb, hlen);
693 skb_reset_network_header(skb);
d56f90a7 694 memcpy(skb_network_header(skb), tmp_hdr, hlen);
1da177e4 695
1da177e4
LT		 696 fh->nexthdr = nexthdr;
697 fh->reserved = 0;
698 fh->frag_off = htons(IP6_MF);
286c2349 699 fh->identification = frag_id;
1da177e4
LT		 700
701 first_len = skb_pagelen(skb);
702 skb->data_len = first_len - skb_headlen(skb);
703 skb->len = first_len;
0660e03f
ACM		 704 ipv6_hdr(skb)->payload_len = htons(first_len -
705 sizeof(struct ipv6hdr));
a11d206d 706
1da177e4
LT		 707 for (;;) {
708 /* Prepare header of the next frame,
709 * before previous one went down. */
710 if (frag) {
711 frag->ip_summed = CHECKSUM_NONE;
badff6d0 712 skb_reset_transport_header(frag);
d58ff351 713 fh = __skb_push(frag, sizeof(struct frag_hdr));
e2d1bca7
ACM		 714 __skb_push(frag, hlen);
715 skb_reset_network_header(frag);
d56f90a7
ACM		 716 memcpy(skb_network_header(frag), tmp_hdr,
717 hlen);
1da177e4
LT		 718 offset += skb->len - hlen - sizeof(struct frag_hdr);
719 fh->nexthdr = nexthdr;
720 fh->reserved = 0;
721 fh->frag_off = htons(offset);
53b24b8f 722 if (frag->next)
1da177e4
LT		 723 fh->frag_off |= htons(IP6_MF);
724 fh->identification = frag_id;
0660e03f
ACM		 725 ipv6_hdr(frag)->payload_len =
726 htons(frag->len -
727 sizeof(struct ipv6hdr));
1da177e4
LT		 728 ip6_copy_metadata(frag, skb);
729 }
1ab1457c 730
7d8c6e39 731 err = output(net, sk, skb);
67ba4152 732 if (!err)
d8d1f30b 733 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
3bd653c8 734 IPSTATS_MIB_FRAGCREATES);
dafee490 735
1da177e4
LT		 736 if (err || !frag)
737 break;
738
739 skb = frag;
740 frag = skb->next;
741 skb->next = NULL;
742 }
743
a51482bd 744 kfree(tmp_hdr);
1da177e4
LT		 745
746 if (err == 0) {
d8d1f30b 747 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
3bd653c8 748 IPSTATS_MIB_FRAGOKS);
1da177e4
LT		 749 return 0;
750 }
751
46cfd725 752 kfree_skb_list(frag);
1da177e4 753
d8d1f30b 754 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
3bd653c8 755 IPSTATS_MIB_FRAGFAILS);
1da177e4 756 return err;
3d13008e
ED		 757
758slow_path_clean:
759 skb_walk_frags(skb, frag2) {
760 if (frag2 == frag)
761 break;
762 frag2->sk = NULL;
763 frag2->destructor = NULL;
764 skb->truesize += frag2->truesize;
765 }
1da177e4
LT		 766 }
767
768slow_path:
769 left = skb->len - hlen; /* Space per frame */
770 ptr = hlen; /* Where to start from */
771
772 /*
773 * Fragment the datagram.
774 */
775
a7ae1992 776 troom = rt->dst.dev->needed_tailroom;
1da177e4
LT		 777
778 /*
779 * Keep copying data until we run out.
780 */
67ba4152 781 while (left > 0) {
79e49503
FW		 782 u8 *fragnexthdr_offset;
783
1da177e4
LT		 784 len = left;
785 /* IF: it doesn't fit, use 'mtu' - the data space left */
786 if (len > mtu)
787 len = mtu;
25985edc 788 /* IF: we are not sending up to and including the packet end
1da177e4
LT		 789 then align the next start on an eight byte boundary */
790 if (len < left) {
791 len &= ~7;
792 }
1da177e4 793
cbffccc9
JP		 794 /* Allocate buffer */
795 frag = alloc_skb(len + hlen + sizeof(struct frag_hdr) +
796 hroom + troom, GFP_ATOMIC);
797 if (!frag) {
1da177e4
LT		 798 err = -ENOMEM;
799 goto fail;
800 }
801
802 /*
803 * Set up data on packet
804 */
805
806 ip6_copy_metadata(frag, skb);
a7ae1992 807 skb_reserve(frag, hroom);
1da177e4 808 skb_put(frag, len + hlen + sizeof(struct frag_hdr));
c1d2bbe1 809 skb_reset_network_header(frag);
badff6d0 810 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen);
b0e380b1
ACM		 811 frag->transport_header = (frag->network_header + hlen +
812 sizeof(struct frag_hdr));
1da177e4
LT		 813
814 /*
815 * Charge the memory for the fragment to any owner
816 * it might possess
817 */
818 if (skb->sk)
819 skb_set_owner_w(frag, skb->sk);
820
821 /*
822 * Copy the packet header into the new buffer.
823 */
d626f62b 824 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen);
1da177e4 825
79e49503
FW		 826 fragnexthdr_offset = skb_network_header(frag);
827 fragnexthdr_offset += prevhdr - skb_network_header(skb);
828 *fragnexthdr_offset = NEXTHDR_FRAGMENT;
829
1da177e4
LT		 830 /*
831 * Build fragment header.
832 */
833 fh->nexthdr = nexthdr;
834 fh->reserved = 0;
286c2349 835 fh->identification = frag_id;
1da177e4
LT		 836
837 /*
838 * Copy a block of the IP datagram.
839 */
e3f0b86b
HS		 840 BUG_ON(skb_copy_bits(skb, ptr, skb_transport_header(frag),
841 len));
1da177e4
LT		 842 left -= len;
843
844 fh->frag_off = htons(offset);
845 if (left > 0)
846 fh->frag_off |= htons(IP6_MF);
0660e03f
ACM		 847 ipv6_hdr(frag)->payload_len = htons(frag->len -
848 sizeof(struct ipv6hdr));
1da177e4
LT		 849
850 ptr += len;
851 offset += len;
852
853 /*
854 * Put this fragment into the sending queue.
855 */
7d8c6e39 856 err = output(net, sk, frag);
1da177e4
LT		 857 if (err)
858 goto fail;
dafee490 859
adf30907 860 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
3bd653c8 861 IPSTATS_MIB_FRAGCREATES);
1da177e4 862 }
adf30907 863 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
a11d206d 864 IPSTATS_MIB_FRAGOKS);
808db80a 865 consume_skb(skb);
1da177e4
LT		 866 return err;
867
485fca66
FW		 868fail_toobig:
869 if (skb->sk && dst_allfrag(skb_dst(skb)))
870 sk_nocaps_add(skb->sk, NETIF_F_GSO_MASK);
871
485fca66
FW		 872 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
873 err = -EMSGSIZE;
874
1da177e4 875fail:
adf30907 876 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
a11d206d 877 IPSTATS_MIB_FRAGFAILS);
1ab1457c 878 kfree_skb(skb);
1da177e4
LT		 879 return err;
880}
881
b71d1d42
ED		 882static inline int ip6_rt_check(const struct rt6key *rt_key,
883 const struct in6_addr *fl_addr,
884 const struct in6_addr *addr_cache)
cf6b1982 885{
a02cec21 886 return (rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) &&
63159f29 887 (!addr_cache || !ipv6_addr_equal(fl_addr, addr_cache));
cf6b1982
YH		 888}
889
497c615a
HX		 890static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
891 struct dst_entry *dst,
b71d1d42 892 const struct flowi6 *fl6)
1da177e4 893{
497c615a 894 struct ipv6_pinfo *np = inet6_sk(sk);
a963a37d 895 struct rt6_info *rt;
1da177e4 896
497c615a
HX		 897 if (!dst)
898 goto out;
899
a963a37d
ED		 900 if (dst->ops->family != AF_INET6) {
901 dst_release(dst);
902 return NULL;
903 }
904
905 rt = (struct rt6_info *)dst;
497c615a
HX		 906 /* Yes, checking route validity in not connected
907 * case is not very simple. Take into account,
908 * that we do not support routing by source, TOS,
67ba4152 909 * and MSG_DONTROUTE --ANK (980726)
497c615a 910 *
cf6b1982
YH		 911 * 1. ip6_rt_check(): If route was host route,
912 * check that cached destination is current.
497c615a
HX		 913 * If it is network route, we still may
914 * check its validity using saved pointer
915 * to the last used address: daddr_cache.
916 * We do not want to save whole address now,
917 * (because main consumer of this service
918 * is tcp, which has not this problem),
919 * so that the last trick works only on connected
920 * sockets.
921 * 2. oif also should be the same.
922 */
4c9483b2 923 if (ip6_rt_check(&rt->rt6i_dst, &fl6->daddr, np->daddr_cache) ||
8e1ef0a9 924#ifdef CONFIG_IPV6_SUBTREES
4c9483b2 925 ip6_rt_check(&rt->rt6i_src, &fl6->saddr, np->saddr_cache) ||
8e1ef0a9 926#endif
ca254490
DA		 927 (!(fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF) &&
928 (fl6->flowi6_oif && fl6->flowi6_oif != dst->dev->ifindex))) {
497c615a
HX		 929 dst_release(dst);
930 dst = NULL;
1da177e4
LT		 931 }
932
497c615a
HX		 933out:
934 return dst;
935}
936
3aef934f 937static int ip6_dst_lookup_tail(struct net *net, const struct sock *sk,
4c9483b2 938 struct dst_entry **dst, struct flowi6 *fl6)
497c615a 939{
69cce1d1
DM		 940#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
941 struct neighbour *n;
97cac082 942 struct rt6_info *rt;
69cce1d1
DM		 943#endif
944 int err;
6f21c96a 945 int flags = 0;
497c615a 946
e16e888b
MS		 947 /* The correct way to handle this would be to do
948 * ip6_route_get_saddr, and then ip6_route_output; however,
949 * the route-specific preferred source forces the
950 * ip6_route_output call _before_ ip6_route_get_saddr.
951 *
952 * In source specific routing (no src=any default route),
953 * ip6_route_output will fail given src=any saddr, though, so
954 * that's why we try it again later.
955 */
956 if (ipv6_addr_any(&fl6->saddr) && (!*dst || !(*dst)->error)) {
957 struct rt6_info *rt;
958 bool had_dst = *dst != NULL;
1da177e4 959
e16e888b
MS		 960 if (!had_dst)
961 *dst = ip6_route_output(net, sk, fl6);
962 rt = (*dst)->error ? NULL : (struct rt6_info *)*dst;
c3968a85
DW		 963 err = ip6_route_get_saddr(net, rt, &fl6->daddr,
964 sk ? inet6_sk(sk)->srcprefs : 0,
965 &fl6->saddr);
44456d37 966 if (err)
1da177e4 967 goto out_err_release;
e16e888b
MS		 968
969 /* If we had an erroneous initial result, pretend it
970 * never existed and let the SA-enabled version take
971 * over.
972 */
973 if (!had_dst && (*dst)->error) {
974 dst_release(*dst);
975 *dst = NULL;
976 }
6f21c96a
PA		 977
978 if (fl6->flowi6_oif)
979 flags |= RT6_LOOKUP_F_IFACE;
1da177e4
LT		 980 }
981
e16e888b 982 if (!*dst)
6f21c96a 983 *dst = ip6_route_output_flags(net, sk, fl6, flags);
e16e888b
MS		 984
985 err = (*dst)->error;
986 if (err)
987 goto out_err_release;
988
95c385b4 989#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
e550dfb0
NH		 990 /*
991 * Here if the dst entry we've looked up
992 * has a neighbour entry that is in the INCOMPLETE
993 * state and the src address from the flow is
994 * marked as OPTIMISTIC, we release the found
995 * dst entry and replace it instead with the
996 * dst entry of the nexthop router
997 */
c56bf6fe 998 rt = (struct rt6_info *) *dst;
707be1ff 999 rcu_read_lock_bh();
2647a9b0
MKL		 1000 n = __ipv6_neigh_lookup_noref(rt->dst.dev,
1001 rt6_nexthop(rt, &fl6->daddr));
707be1ff
YH		 1002 err = n && !(n->nud_state & NUD_VALID) ? -EINVAL : 0;
1003 rcu_read_unlock_bh();
1004
1005 if (err) {
e550dfb0 1006 struct inet6_ifaddr *ifp;
4c9483b2 1007 struct flowi6 fl_gw6;
e550dfb0
NH		 1008 int redirect;
1009
4c9483b2 1010 ifp = ipv6_get_ifaddr(net, &fl6->saddr,
e550dfb0
NH		 1011 (*dst)->dev, 1);
1012
1013 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
1014 if (ifp)
1015 in6_ifa_put(ifp);
1016
1017 if (redirect) {
1018 /*
1019 * We need to get the dst entry for the
1020 * default router instead
1021 */
1022 dst_release(*dst);
4c9483b2
DM		 1023 memcpy(&fl_gw6, fl6, sizeof(struct flowi6));
1024 memset(&fl_gw6.daddr, 0, sizeof(struct in6_addr));
1025 *dst = ip6_route_output(net, sk, &fl_gw6);
e5d08d71
IM		 1026 err = (*dst)->error;
1027 if (err)
e550dfb0 1028 goto out_err_release;
95c385b4 1029 }
e550dfb0 1030 }
95c385b4 1031#endif
ec5e3b0a 1032 if (ipv6_addr_v4mapped(&fl6->saddr) &&
00ea1cee
WB		 1033 !(ipv6_addr_v4mapped(&fl6->daddr) || ipv6_addr_any(&fl6->daddr))) {
1034 err = -EAFNOSUPPORT;
1035 goto out_err_release;
1036 }
95c385b4 1037
1da177e4
LT		 1038 return 0;
1039
1040out_err_release:
1041 dst_release(*dst);
1042 *dst = NULL;
8a966fc0 1043
0d240e78
DA		 1044 if (err == -ENETUNREACH)
1045 IP6_INC_STATS(net, NULL, IPSTATS_MIB_OUTNOROUTES);
1da177e4
LT		 1046 return err;
1047}
34a0b3cd 1048
497c615a
HX		 1049/**
1050 * ip6_dst_lookup - perform route lookup on flow
1051 * @sk: socket which provides route info
1052 * @dst: pointer to dst_entry * for result
4c9483b2 1053 * @fl6: flow to lookup
497c615a
HX		 1054 *
1055 * This function performs a route lookup on the given flow.
1056 *
1057 * It returns zero on success, or a standard errno code on error.
1058 */
343d60aa
RP		 1059int ip6_dst_lookup(struct net *net, struct sock *sk, struct dst_entry **dst,
1060 struct flowi6 *fl6)
497c615a
HX		 1061{
1062 *dst = NULL;
343d60aa 1063 return ip6_dst_lookup_tail(net, sk, dst, fl6);
497c615a 1064}
3cf3dc6c
ACM		 1065EXPORT_SYMBOL_GPL(ip6_dst_lookup);
1066
497c615a 1067/**
68d0c6d3
DM		 1068 * ip6_dst_lookup_flow - perform route lookup on flow with ipsec
1069 * @sk: socket which provides route info
4c9483b2 1070 * @fl6: flow to lookup
68d0c6d3 1071 * @final_dst: final destination address for ipsec lookup
68d0c6d3
DM		 1072 *
1073 * This function performs a route lookup on the given flow.
1074 *
1075 * It returns a valid dst pointer on success, or a pointer encoded
1076 * error code.
1077 */
3aef934f 1078struct dst_entry *ip6_dst_lookup_flow(const struct sock *sk, struct flowi6 *fl6,
0e0d44ab 1079 const struct in6_addr *final_dst)
68d0c6d3
DM		 1080{
1081 struct dst_entry *dst = NULL;
1082 int err;
1083
343d60aa 1084 err = ip6_dst_lookup_tail(sock_net(sk), sk, &dst, fl6);
68d0c6d3
DM		 1085 if (err)
1086 return ERR_PTR(err);
1087 if (final_dst)
4e3fd7a0 1088 fl6->daddr = *final_dst;
2774c131 1089
f92ee619 1090 return xfrm_lookup_route(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
68d0c6d3
DM		 1091}
1092EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow);
1093
1094/**
1095 * ip6_sk_dst_lookup_flow - perform socket cached route lookup on flow
497c615a 1096 * @sk: socket which provides the dst cache and route info
4c9483b2 1097 * @fl6: flow to lookup
68d0c6d3 1098 * @final_dst: final destination address for ipsec lookup
497c615a
HX		 1099 *
1100 * This function performs a route lookup on the given flow with the
1101 * possibility of using the cached route in the socket if it is valid.
1102 * It will take the socket dst lock when operating on the dst cache.
1103 * As a result, this function can only be used in process context.
1104 *
68d0c6d3
DM		 1105 * It returns a valid dst pointer on success, or a pointer encoded
1106 * error code.
497c615a 1107 */
4c9483b2 1108struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
0e0d44ab 1109 const struct in6_addr *final_dst)
497c615a 1110{
68d0c6d3 1111 struct dst_entry *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
497c615a 1112
4c9483b2 1113 dst = ip6_sk_dst_check(sk, dst, fl6);
00bc0ef5
JS		 1114 if (!dst)
1115 dst = ip6_dst_lookup_flow(sk, fl6, final_dst);
68d0c6d3 1116
00bc0ef5 1117 return dst;
497c615a 1118}
68d0c6d3 1119EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow);
497c615a 1120
0178b695
HX		 1121static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src,
1122 gfp_t gfp)
1123{
1124 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1125}
1126
1127static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src,
1128 gfp_t gfp)
1129{
1130 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1131}
1132
75a493e6 1133static void ip6_append_data_mtu(unsigned int *mtu,
0c183379
G		 1134 int *maxfraglen,
1135 unsigned int fragheaderlen,
1136 struct sk_buff *skb,
75a493e6 1137 struct rt6_info *rt,
e367c2d0 1138 unsigned int orig_mtu)
0c183379
G		 1139{
1140 if (!(rt->dst.flags & DST_XFRM_TUNNEL)) {
63159f29 1141 if (!skb) {
0c183379 1142 /* first fragment, reserve header_len */
e367c2d0 1143 *mtu = orig_mtu - rt->dst.header_len;
0c183379
G		 1144
1145 } else {
1146 /*
1147 * this fragment is not first, the headers
1148 * space is regarded as data space.
1149 */
e367c2d0 1150 *mtu = orig_mtu;
0c183379
G		 1151 }
1152 *maxfraglen = ((*mtu - fragheaderlen) & ~7)
1153 + fragheaderlen - sizeof(struct frag_hdr);
1154 }
1155}
1156
366e41d9 1157static int ip6_setup_cork(struct sock *sk, struct inet_cork_full *cork,
26879da5 1158 struct inet6_cork *v6_cork, struct ipcm6_cookie *ipc6,
366e41d9
VY		 1159 struct rt6_info *rt, struct flowi6 *fl6)
1160{
1161 struct ipv6_pinfo *np = inet6_sk(sk);
1162 unsigned int mtu;
26879da5 1163 struct ipv6_txoptions *opt = ipc6->opt;
366e41d9
VY		 1164
1165 /*
1166 * setup for corking
1167 */
1168 if (opt) {
1169 if (WARN_ON(v6_cork->opt))
1170 return -EINVAL;
1171
864e2a1f 1172 v6_cork->opt = kzalloc(sizeof(*opt), sk->sk_allocation);
63159f29 1173 if (unlikely(!v6_cork->opt))
366e41d9
VY		 1174 return -ENOBUFS;
1175
864e2a1f 1176 v6_cork->opt->tot_len = sizeof(*opt);
366e41d9
VY		 1177 v6_cork->opt->opt_flen = opt->opt_flen;
1178 v6_cork->opt->opt_nflen = opt->opt_nflen;
1179
1180 v6_cork->opt->dst0opt = ip6_opt_dup(opt->dst0opt,
1181 sk->sk_allocation);
1182 if (opt->dst0opt && !v6_cork->opt->dst0opt)
1183 return -ENOBUFS;
1184
1185 v6_cork->opt->dst1opt = ip6_opt_dup(opt->dst1opt,
1186 sk->sk_allocation);
1187 if (opt->dst1opt && !v6_cork->opt->dst1opt)
1188 return -ENOBUFS;
1189
1190 v6_cork->opt->hopopt = ip6_opt_dup(opt->hopopt,
1191 sk->sk_allocation);
1192 if (opt->hopopt && !v6_cork->opt->hopopt)
1193 return -ENOBUFS;
1194
1195 v6_cork->opt->srcrt = ip6_rthdr_dup(opt->srcrt,
1196 sk->sk_allocation);
1197 if (opt->srcrt && !v6_cork->opt->srcrt)
1198 return -ENOBUFS;
1199
1200 /* need source address above miyazawa*/
1201 }
1202 dst_hold(&rt->dst);
1203 cork->base.dst = &rt->dst;
1204 cork->fl.u.ip6 = *fl6;
26879da5
WW		 1205 v6_cork->hop_limit = ipc6->hlimit;
1206 v6_cork->tclass = ipc6->tclass;
366e41d9
VY		 1207 if (rt->dst.flags & DST_XFRM_TUNNEL)
1208 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ?
1209 rt->dst.dev->mtu : dst_mtu(&rt->dst);
1210 else
1211 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ?
1212 rt->dst.dev->mtu : dst_mtu(rt->dst.path);
1213 if (np->frag_size < mtu) {
1214 if (np->frag_size)
1215 mtu = np->frag_size;
1216 }
1217 cork->base.fragsize = mtu;
1218 if (dst_allfrag(rt->dst.path))
1219 cork->base.flags |= IPCORK_ALLFRAG;
1220 cork->base.length = 0;
1221
1222 return 0;
1223}
1224
0bbe84a6
VY		 1225static int __ip6_append_data(struct sock *sk,
1226 struct flowi6 *fl6,
1227 struct sk_buff_head *queue,
1228 struct inet_cork *cork,
1229 struct inet6_cork *v6_cork,
1230 struct page_frag *pfrag,
1231 int getfrag(void *from, char *to, int offset,
1232 int len, int odd, struct sk_buff *skb),
1233 void *from, int length, int transhdrlen,
26879da5 1234 unsigned int flags, struct ipcm6_cookie *ipc6,
c14ac945 1235 const struct sockcm_cookie *sockc)
1da177e4 1236{
0c183379 1237 struct sk_buff *skb, *skb_prev = NULL;
e367c2d0 1238 unsigned int maxfraglen, fragheaderlen, mtu, orig_mtu;
0bbe84a6
VY		 1239 int exthdrlen = 0;
1240 int dst_exthdrlen = 0;
1da177e4 1241 int hh_len;
1da177e4
LT		 1242 int copy;
1243 int err;
1244 int offset = 0;
a693e698 1245 __u8 tx_flags = 0;
09c2d251 1246 u32 tskey = 0;
0bbe84a6
VY		 1247 struct rt6_info *rt = (struct rt6_info *)cork->dst;
1248 struct ipv6_txoptions *opt = v6_cork->opt;
32dce968 1249 int csummode = CHECKSUM_NONE;
682b1a9d 1250 unsigned int maxnonfragsize, headersize;
1da177e4 1251
0bbe84a6
VY		 1252 skb = skb_peek_tail(queue);
1253 if (!skb) {
1254 exthdrlen = opt ? opt->opt_flen : 0;
7efdba5b 1255 dst_exthdrlen = rt->dst.header_len - rt->rt6i_nfheader_len;
1da177e4 1256 }
0bbe84a6 1257
366e41d9 1258 mtu = cork->fragsize;
e367c2d0 1259 orig_mtu = mtu;
1da177e4 1260
d8d1f30b 1261 hh_len = LL_RESERVED_SPACE(rt->dst.dev);
1da177e4 1262
a1b05140 1263 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len +
b4ce9277 1264 (opt ? opt->opt_nflen : 0);
4df98e76
HFS		 1265 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen -
1266 sizeof(struct frag_hdr);
1da177e4 1267
682b1a9d
HFS		 1268 headersize = sizeof(struct ipv6hdr) +
1269 (opt ? opt->opt_flen + opt->opt_nflen : 0) +
1270 (dst_allfrag(&rt->dst) ?
1271 sizeof(struct frag_hdr) : 0) +
1272 rt->rt6i_nfheader_len;
1273
26879da5 1274 if (cork->length + length > mtu - headersize && ipc6->dontfrag &&
682b1a9d
HFS		 1275 (sk->sk_protocol == IPPROTO_UDP ||
1276 sk->sk_protocol == IPPROTO_RAW)) {
1277 ipv6_local_rxpmtu(sk, fl6, mtu - headersize +
1278 sizeof(struct ipv6hdr));
1279 goto emsgsize;
1280 }
4df98e76 1281
682b1a9d
HFS		 1282 if (ip6_sk_ignore_df(sk))
1283 maxnonfragsize = sizeof(struct ipv6hdr) + IPV6_MAXPLEN;
1284 else
1285 maxnonfragsize = mtu;
4df98e76 1286
682b1a9d 1287 if (cork->length + length > maxnonfragsize - headersize) {
4df98e76 1288emsgsize:
682b1a9d
HFS		 1289 ipv6_local_error(sk, EMSGSIZE, fl6,
1290 mtu - headersize +
1291 sizeof(struct ipv6hdr));
1292 return -EMSGSIZE;
1da177e4
LT		 1293 }
1294
682b1a9d
HFS		 1295 /* CHECKSUM_PARTIAL only with no extension headers and when
1296 * we are not going to fragment
1297 */
1298 if (transhdrlen && sk->sk_protocol == IPPROTO_UDP &&
1299 headersize == sizeof(struct ipv6hdr) &&
2b89ed65 1300 length <= mtu - headersize &&
682b1a9d 1301 !(flags & MSG_MORE) &&
c8cd0989 1302 rt->dst.dev->features & (NETIF_F_IPV6_CSUM | NETIF_F_HW_CSUM))
682b1a9d
HFS		 1303 csummode = CHECKSUM_PARTIAL;
1304
09c2d251 1305 if (sk->sk_type == SOCK_DGRAM || sk->sk_type == SOCK_RAW) {
c14ac945 1306 sock_tx_timestamp(sk, sockc->tsflags, &tx_flags);
09c2d251
WB		 1307 if (tx_flags & SKBTX_ANY_SW_TSTAMP &&
1308 sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID)
1309 tskey = sk->sk_tskey++;
1310 }
a693e698 1311
1da177e4
LT		 1312 /*
1313 * Let's try using as much space as possible.
1314 * Use MTU if total length of the message fits into the MTU.
1315 * Otherwise, we need to reserve fragment header and
1316 * fragment alignment (= 8-15 octects, in total).
1317 *
1318 * Note that we may need to "move" the data from the tail of
1ab1457c 1319 * of the buffer to the new fragment when we split
1da177e4
LT		 1320 * the message.
1321 *
1ab1457c 1322 * FIXME: It may be fragmented into multiple chunks
1da177e4
LT		 1323 * at once if non-fragmentable extension headers
1324 * are too large.
1ab1457c 1325 * --yoshfuji
1da177e4
LT		 1326 */
1327
2811ebac 1328 cork->length += length;
2811ebac 1329 if (!skb)
1da177e4
LT		 1330 goto alloc_new_skb;
1331
1332 while (length > 0) {
1333 /* Check if the remaining data fits into current packet. */
bdc712b4 1334 copy = (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len;
1da177e4
LT		 1335 if (copy < length)
1336 copy = maxfraglen - skb->len;
1337
1338 if (copy <= 0) {
1339 char *data;
1340 unsigned int datalen;
1341 unsigned int fraglen;
1342 unsigned int fraggap;
1343 unsigned int alloclen;
1da177e4 1344alloc_new_skb:
1da177e4 1345 /* There's no room in the current skb */
0c183379
G		 1346 if (skb)
1347 fraggap = skb->len - maxfraglen;
1da177e4
LT		 1348 else
1349 fraggap = 0;
0c183379 1350 /* update mtu and maxfraglen if necessary */
63159f29 1351 if (!skb || !skb_prev)
0c183379 1352 ip6_append_data_mtu(&mtu, &maxfraglen,
75a493e6 1353 fragheaderlen, skb, rt,
e367c2d0 1354 orig_mtu);
0c183379
G		 1355
1356 skb_prev = skb;
1da177e4
LT		 1357
1358 /*
1359 * If remaining data exceeds the mtu,
1360 * we know we need more fragment(s).
1361 */
1362 datalen = length + fraggap;
1da177e4 1363
0c183379
G		 1364 if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)
1365 datalen = maxfraglen - fragheaderlen - rt->dst.trailer_len;
1da177e4 1366 if ((flags & MSG_MORE) &&
d8d1f30b 1367 !(rt->dst.dev->features&NETIF_F_SG))
1da177e4
LT		 1368 alloclen = mtu;
1369 else
1370 alloclen = datalen + fragheaderlen;
1371
299b0767
SK		 1372 alloclen += dst_exthdrlen;
1373
0c183379
G		 1374 if (datalen != length + fraggap) {
1375 /*
1376 * this is not the last fragment, the trailer
1377 * space is regarded as data space.
1378 */
1379 datalen += rt->dst.trailer_len;
1380 }
1381
1382 alloclen += rt->dst.trailer_len;
1383 fraglen = datalen + fragheaderlen;
1da177e4
LT		 1384
1385 /*
1386 * We just reserve space for fragment header.
1ab1457c 1387 * Note: this may be overallocation if the message
1da177e4
LT		 1388 * (without MSG_MORE) fits into the MTU.
1389 */
1390 alloclen += sizeof(struct frag_hdr);
1391
232cd35d
ED		 1392 copy = datalen - transhdrlen - fraggap;
1393 if (copy < 0) {
1394 err = -EINVAL;
1395 goto error;
1396 }
1da177e4
LT		 1397 if (transhdrlen) {
1398 skb = sock_alloc_send_skb(sk,
1399 alloclen + hh_len,
1400 (flags & MSG_DONTWAIT), &err);
1401 } else {
1402 skb = NULL;
14afee4b 1403 if (refcount_read(&sk->sk_wmem_alloc) <=
1da177e4
LT		 1404 2 * sk->sk_sndbuf)
1405 skb = sock_wmalloc(sk,
1406 alloclen + hh_len, 1,
1407 sk->sk_allocation);
63159f29 1408 if (unlikely(!skb))
1da177e4
LT		 1409 err = -ENOBUFS;
1410 }
63159f29 1411 if (!skb)
1da177e4
LT		 1412 goto error;
1413 /*
1414 * Fill in the control structures
1415 */
9c9c9ad5 1416 skb->protocol = htons(ETH_P_IPV6);
32dce968 1417 skb->ip_summed = csummode;
1da177e4 1418 skb->csum = 0;
1f85851e
G		 1419 /* reserve for fragmentation and ipsec header */
1420 skb_reserve(skb, hh_len + sizeof(struct frag_hdr) +
1421 dst_exthdrlen);
1da177e4 1422
11878b40
WB		 1423 /* Only the initial fragment is time stamped */
1424 skb_shinfo(skb)->tx_flags = tx_flags;
1425 tx_flags = 0;
09c2d251
WB		 1426 skb_shinfo(skb)->tskey = tskey;
1427 tskey = 0;
a693e698 1428
1da177e4
LT		 1429 /*
1430 * Find where to start putting bytes
1431 */
1f85851e
G		 1432 data = skb_put(skb, fraglen);
1433 skb_set_network_header(skb, exthdrlen);
1434 data += fragheaderlen;
b0e380b1
ACM		 1435 skb->transport_header = (skb->network_header +
1436 fragheaderlen);
1da177e4
LT		 1437 if (fraggap) {
1438 skb->csum = skb_copy_and_csum_bits(
1439 skb_prev, maxfraglen,
1440 data + transhdrlen, fraggap, 0);
1441 skb_prev->csum = csum_sub(skb_prev->csum,
1442 skb->csum);
1443 data += fraggap;
e9fa4f7b 1444 pskb_trim_unique(skb_prev, maxfraglen);
1da177e4 1445 }
232cd35d
ED		 1446 if (copy > 0 &&
1447 getfrag(from, data + transhdrlen, offset,
1448 copy, fraggap, skb) < 0) {
1da177e4
LT		 1449 err = -EFAULT;
1450 kfree_skb(skb);
1451 goto error;
1452 }
1453
1454 offset += copy;
1455 length -= datalen - fraggap;
1456 transhdrlen = 0;
1457 exthdrlen = 0;
299b0767 1458 dst_exthdrlen = 0;
1da177e4 1459
0dec879f
JA		 1460 if ((flags & MSG_CONFIRM) && !skb_prev)
1461 skb_set_dst_pending_confirm(skb, 1);
1462
1da177e4
LT		 1463 /*
1464 * Put the packet on the pending queue
1465 */
0bbe84a6 1466 __skb_queue_tail(queue, skb);
1da177e4
LT		 1467 continue;
1468 }
1469
1470 if (copy > length)
1471 copy = length;
1472
d8d1f30b 1473 if (!(rt->dst.dev->features&NETIF_F_SG)) {
1da177e4
LT		 1474 unsigned int off;
1475
1476 off = skb->len;
1477 if (getfrag(from, skb_put(skb, copy),
1478 offset, copy, off, skb) < 0) {
1479 __skb_trim(skb, off);
1480 err = -EFAULT;
1481 goto error;
1482 }
1483 } else {
1484 int i = skb_shinfo(skb)->nr_frags;
1da177e4 1485
5640f768
ED		 1486 err = -ENOMEM;
1487 if (!sk_page_frag_refill(sk, pfrag))
1da177e4 1488 goto error;
5640f768
ED		 1489
1490 if (!skb_can_coalesce(skb, i, pfrag->page,
1491 pfrag->offset)) {
1492 err = -EMSGSIZE;
1493 if (i == MAX_SKB_FRAGS)
1494 goto error;
1495
1496 __skb_fill_page_desc(skb, i, pfrag->page,
1497 pfrag->offset, 0);
1498 skb_shinfo(skb)->nr_frags = ++i;
1499 get_page(pfrag->page);
1da177e4 1500 }
5640f768 1501 copy = min_t(int, copy, pfrag->size - pfrag->offset);
9e903e08 1502 if (getfrag(from,
5640f768
ED		 1503 page_address(pfrag->page) + pfrag->offset,
1504 offset, copy, skb->len, skb) < 0)
1505 goto error_efault;
1506
1507 pfrag->offset += copy;
1508 skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
1da177e4
LT		 1509 skb->len += copy;
1510 skb->data_len += copy;
f945fa7a 1511 skb->truesize += copy;
14afee4b 1512 refcount_add(copy, &sk->sk_wmem_alloc);
1da177e4
LT		 1513 }
1514 offset += copy;
1515 length -= copy;
1516 }
5640f768 1517
1da177e4 1518 return 0;
5640f768
ED		 1519
1520error_efault:
1521 err = -EFAULT;
1da177e4 1522error:
bdc712b4 1523 cork->length -= length;
3bd653c8 1524 IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 1525 return err;
1526}
0bbe84a6
VY		 1527
1528int ip6_append_data(struct sock *sk,
1529 int getfrag(void *from, char *to, int offset, int len,
1530 int odd, struct sk_buff *skb),
26879da5
WW		 1531 void *from, int length, int transhdrlen,
1532 struct ipcm6_cookie *ipc6, struct flowi6 *fl6,
1533 struct rt6_info *rt, unsigned int flags,
c14ac945 1534 const struct sockcm_cookie *sockc)
0bbe84a6
VY		 1535{
1536 struct inet_sock *inet = inet_sk(sk);
1537 struct ipv6_pinfo *np = inet6_sk(sk);
1538 int exthdrlen;
1539 int err;
1540
1541 if (flags&MSG_PROBE)
1542 return 0;
1543 if (skb_queue_empty(&sk->sk_write_queue)) {
1544 /*
1545 * setup for corking
1546 */
26879da5
WW		 1547 err = ip6_setup_cork(sk, &inet->cork, &np->cork,
1548 ipc6, rt, fl6);
0bbe84a6
VY		 1549 if (err)
1550 return err;
1551
26879da5 1552 exthdrlen = (ipc6->opt ? ipc6->opt->opt_flen : 0);
0bbe84a6
VY		 1553 length += exthdrlen;
1554 transhdrlen += exthdrlen;
1555 } else {
1556 fl6 = &inet->cork.fl.u.ip6;
1557 transhdrlen = 0;
1558 }
1559
1560 return __ip6_append_data(sk, fl6, &sk->sk_write_queue, &inet->cork.base,
1561 &np->cork, sk_page_frag(sk), getfrag,
26879da5 1562 from, length, transhdrlen, flags, ipc6, sockc);
0bbe84a6 1563}
a495f836 1564EXPORT_SYMBOL_GPL(ip6_append_data);
1da177e4 1565
366e41d9
VY		 1566static void ip6_cork_release(struct inet_cork_full *cork,
1567 struct inet6_cork *v6_cork)
bf138862 1568{
366e41d9
VY		 1569 if (v6_cork->opt) {
1570 kfree(v6_cork->opt->dst0opt);
1571 kfree(v6_cork->opt->dst1opt);
1572 kfree(v6_cork->opt->hopopt);
1573 kfree(v6_cork->opt->srcrt);
1574 kfree(v6_cork->opt);
1575 v6_cork->opt = NULL;
0178b695
HX		 1576 }
1577
366e41d9
VY		 1578 if (cork->base.dst) {
1579 dst_release(cork->base.dst);
1580 cork->base.dst = NULL;
1581 cork->base.flags &= ~IPCORK_ALLFRAG;
bf138862 1582 }
366e41d9 1583 memset(&cork->fl, 0, sizeof(cork->fl));
bf138862
PE		 1584}
1585
6422398c
VY		 1586struct sk_buff *__ip6_make_skb(struct sock *sk,
1587 struct sk_buff_head *queue,
1588 struct inet_cork_full *cork,
1589 struct inet6_cork *v6_cork)
1da177e4
LT		 1590{
1591 struct sk_buff *skb, *tmp_skb;
1592 struct sk_buff **tail_skb;
1593 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf;
1da177e4 1594 struct ipv6_pinfo *np = inet6_sk(sk);
3bd653c8 1595 struct net *net = sock_net(sk);
1da177e4 1596 struct ipv6hdr *hdr;
6422398c
VY		 1597 struct ipv6_txoptions *opt = v6_cork->opt;
1598 struct rt6_info *rt = (struct rt6_info *)cork->base.dst;
1599 struct flowi6 *fl6 = &cork->fl.u.ip6;
4c9483b2 1600 unsigned char proto = fl6->flowi6_proto;
1da177e4 1601
6422398c 1602 skb = __skb_dequeue(queue);
63159f29 1603 if (!skb)
1da177e4
LT		 1604 goto out;
1605 tail_skb = &(skb_shinfo(skb)->frag_list);
1606
1607 /* move skb->data to ip header from ext header */
d56f90a7 1608 if (skb->data < skb_network_header(skb))
bbe735e4 1609 __skb_pull(skb, skb_network_offset(skb));
6422398c 1610 while ((tmp_skb = __skb_dequeue(queue)) != NULL) {
cfe1fc77 1611 __skb_pull(tmp_skb, skb_network_header_len(skb));
1da177e4
LT		 1612 *tail_skb = tmp_skb;
1613 tail_skb = &(tmp_skb->next);
1614 skb->len += tmp_skb->len;
1615 skb->data_len += tmp_skb->len;
1da177e4 1616 skb->truesize += tmp_skb->truesize;
1da177e4
LT		 1617 tmp_skb->destructor = NULL;
1618 tmp_skb->sk = NULL;
1da177e4
LT		 1619 }
1620
28a89453 1621 /* Allow local fragmentation. */
60ff7467 1622 skb->ignore_df = ip6_sk_ignore_df(sk);
28a89453 1623
4e3fd7a0 1624 *final_dst = fl6->daddr;
cfe1fc77 1625 __skb_pull(skb, skb_network_header_len(skb));
1da177e4
LT		 1626 if (opt && opt->opt_flen)
1627 ipv6_push_frag_opts(skb, opt, &proto);
1628 if (opt && opt->opt_nflen)
613fa3ca 1629 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst, &fl6->saddr);
1da177e4 1630
e2d1bca7
ACM		 1631 skb_push(skb, sizeof(struct ipv6hdr));
1632 skb_reset_network_header(skb);
0660e03f 1633 hdr = ipv6_hdr(skb);
1ab1457c 1634
6422398c 1635 ip6_flow_hdr(hdr, v6_cork->tclass,
cb1ce2ef 1636 ip6_make_flowlabel(net, skb, fl6->flowlabel,
513674b5 1637 ip6_autoflowlabel(net, np), fl6));
6422398c 1638 hdr->hop_limit = v6_cork->hop_limit;
1da177e4 1639 hdr->nexthdr = proto;
4e3fd7a0
AD		 1640 hdr->saddr = fl6->saddr;
1641 hdr->daddr = *final_dst;
1da177e4 1642
a2c2064f 1643 skb->priority = sk->sk_priority;
4a19ec58 1644 skb->mark = sk->sk_mark;
a2c2064f 1645
d8d1f30b 1646 skb_dst_set(skb, dst_clone(&rt->dst));
edf391ff 1647 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
14878f75 1648 if (proto == IPPROTO_ICMPV6) {
adf30907 1649 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
14878f75 1650
43a43b60
HFS		 1651 ICMP6MSGOUT_INC_STATS(net, idev, icmp6_hdr(skb)->icmp6_type);
1652 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
14878f75
DS		 1653 }
1654
6422398c
VY		 1655 ip6_cork_release(cork, v6_cork);
1656out:
1657 return skb;
1658}
1659
1660int ip6_send_skb(struct sk_buff *skb)
1661{
1662 struct net *net = sock_net(skb->sk);
1663 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
1664 int err;
1665
33224b16 1666 err = ip6_local_out(net, skb->sk, skb);
1da177e4
LT		 1667 if (err) {
1668 if (err > 0)
6ce9e7b5 1669 err = net_xmit_errno(err);
1da177e4 1670 if (err)
6422398c
VY		 1671 IP6_INC_STATS(net, rt->rt6i_idev,
1672 IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 1673 }
1674
1da177e4 1675 return err;
6422398c
VY		 1676}
1677
1678int ip6_push_pending_frames(struct sock *sk)
1679{
1680 struct sk_buff *skb;
1681
1682 skb = ip6_finish_skb(sk);
1683 if (!skb)
1684 return 0;
1685
1686 return ip6_send_skb(skb);
1da177e4 1687}
a495f836 1688EXPORT_SYMBOL_GPL(ip6_push_pending_frames);
1da177e4 1689
0bbe84a6 1690static void __ip6_flush_pending_frames(struct sock *sk,
6422398c
VY		 1691 struct sk_buff_head *queue,
1692 struct inet_cork_full *cork,
1693 struct inet6_cork *v6_cork)
1da177e4 1694{
1da177e4
LT		 1695 struct sk_buff *skb;
1696
0bbe84a6 1697 while ((skb = __skb_dequeue_tail(queue)) != NULL) {
adf30907
ED		 1698 if (skb_dst(skb))
1699 IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb_dst(skb)),
e1f52208 1700 IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 1701 kfree_skb(skb);
1702 }
1703
6422398c 1704 ip6_cork_release(cork, v6_cork);
1da177e4 1705}
0bbe84a6
VY		 1706
1707void ip6_flush_pending_frames(struct sock *sk)
1708{
6422398c
VY		 1709 __ip6_flush_pending_frames(sk, &sk->sk_write_queue,
1710 &inet_sk(sk)->cork, &inet6_sk(sk)->cork);
0bbe84a6 1711}
a495f836 1712EXPORT_SYMBOL_GPL(ip6_flush_pending_frames);
6422398c
VY		 1713
1714struct sk_buff *ip6_make_skb(struct sock *sk,
1715 int getfrag(void *from, char *to, int offset,
1716 int len, int odd, struct sk_buff *skb),
1717 void *from, int length, int transhdrlen,
26879da5 1718 struct ipcm6_cookie *ipc6, struct flowi6 *fl6,
6422398c 1719 struct rt6_info *rt, unsigned int flags,
26879da5 1720 const struct sockcm_cookie *sockc)
6422398c
VY		 1721{
1722 struct inet_cork_full cork;
1723 struct inet6_cork v6_cork;
1724 struct sk_buff_head queue;
26879da5 1725 int exthdrlen = (ipc6->opt ? ipc6->opt->opt_flen : 0);
6422398c
VY		 1726 int err;
1727
1728 if (flags & MSG_PROBE)
1729 return NULL;
1730
1731 __skb_queue_head_init(&queue);
1732
1733 cork.base.flags = 0;
1734 cork.base.addr = 0;
1735 cork.base.opt = NULL;
1736 v6_cork.opt = NULL;
26879da5 1737 err = ip6_setup_cork(sk, &cork, &v6_cork, ipc6, rt, fl6);
6422398c
VY		 1738 if (err)
1739 return ERR_PTR(err);
1740
26879da5
WW		 1741 if (ipc6->dontfrag < 0)
1742 ipc6->dontfrag = inet6_sk(sk)->dontfrag;
6422398c
VY		 1743
1744 err = __ip6_append_data(sk, fl6, &queue, &cork.base, &v6_cork,
1745 &current->task_frag, getfrag, from,
1746 length + exthdrlen, transhdrlen + exthdrlen,
26879da5 1747 flags, ipc6, sockc);
6422398c
VY		 1748 if (err) {
1749 __ip6_flush_pending_frames(sk, &queue, &cork, &v6_cork);
1750 return ERR_PTR(err);
1751 }
1752
1753 return __ip6_make_skb(sk, &queue, &cork, &v6_cork);
1754}
ubuntu-bionic-kernel mirror