]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/ipv6/ip6_output.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ipv6: Introduce rt6_nexthop() to select nexthop address.
[mirror_ubuntu-zesty-kernel.git] / net / ipv6 / ip6_output.c
CommitLineData
1da177e4
LT		 1/*
2 * IPv6 output functions
1ab1457c 3 * Linux INET6 implementation
1da177e4
LT		 4 *
5 * Authors:
1ab1457c 6 * Pedro Roque <roque@di.fc.ul.pt>
1da177e4 7 *
1da177e4
LT		 8 * Based on linux/net/ipv4/ip_output.c
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
14 *
15 * Changes:
16 * A.N.Kuznetsov : airthmetics in fragmentation.
17 * extension headers are implemented.
18 * route changes now work.
19 * ip6_forward does not confuse sniffers.
20 * etc.
21 *
22 * H. von Brand : Added missing #include <linux/string.h>
23 * Imran Patel : frag id should be in NBO
24 * Kazunori MIYAZAWA @USAGI
25 * : add ip6_append_data and related functions
26 * for datagram xmit
27 */
28
1da177e4 29#include <linux/errno.h>
ef76bc23 30#include <linux/kernel.h>
1da177e4
LT		 31#include <linux/string.h>
32#include <linux/socket.h>
33#include <linux/net.h>
34#include <linux/netdevice.h>
35#include <linux/if_arp.h>
36#include <linux/in6.h>
37#include <linux/tcp.h>
38#include <linux/route.h>
b59f45d0 39#include <linux/module.h>
5a0e3ad6 40#include <linux/slab.h>
1da177e4
LT		 41
42#include <linux/netfilter.h>
43#include <linux/netfilter_ipv6.h>
44
45#include <net/sock.h>
46#include <net/snmp.h>
47
48#include <net/ipv6.h>
49#include <net/ndisc.h>
50#include <net/protocol.h>
51#include <net/ip6_route.h>
52#include <net/addrconf.h>
53#include <net/rawv6.h>
54#include <net/icmp.h>
55#include <net/xfrm.h>
56#include <net/checksum.h>
7bc570c8 57#include <linux/mroute6.h>
1da177e4 58
ad0081e4 59int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *));
1da177e4 60
ef76bc23
HX		 61int __ip6_local_out(struct sk_buff *skb)
62{
63 int len;
64
65 len = skb->len - sizeof(struct ipv6hdr);
66 if (len > IPV6_MAXPLEN)
67 len = 0;
68 ipv6_hdr(skb)->payload_len = htons(len);
69
b2e0b385
JE		 70 return nf_hook(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL,
71 skb_dst(skb)->dev, dst_output);
ef76bc23
HX		 72}
73
74int ip6_local_out(struct sk_buff *skb)
75{
76 int err;
77
78 err = __ip6_local_out(skb);
79 if (likely(err == 1))
80 err = dst_output(skb);
81
82 return err;
83}
84EXPORT_SYMBOL_GPL(ip6_local_out);
85
9e508490 86static int ip6_finish_output2(struct sk_buff *skb)
1da177e4 87{
adf30907 88 struct dst_entry *dst = skb_dst(skb);
1da177e4 89 struct net_device *dev = dst->dev;
f6b72b62 90 struct neighbour *neigh;
97cac082 91 struct rt6_info *rt;
1da177e4
LT		 92
93 skb->protocol = htons(ETH_P_IPV6);
94 skb->dev = dev;
95
0660e03f 96 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
adf30907 97 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
1da177e4 98
7ad6848c 99 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(skb->sk) &&
d1db275d 100 ((mroute6_socket(dev_net(dev), skb) &&
bd91b8bf 101 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
7bc570c8
YH		 102 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
103 &ipv6_hdr(skb)->saddr))) {
1da177e4
LT		 104 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
105
106 /* Do not check for IFF_ALLMULTI; multicast routing
107 is not supported in any case.
108 */
109 if (newskb)
b2e0b385
JE		 110 NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING,
111 newskb, NULL, newskb->dev,
95603e22 112 dev_loopback_xmit);
1da177e4 113
0660e03f 114 if (ipv6_hdr(skb)->hop_limit == 0) {
3bd653c8
DL		 115 IP6_INC_STATS(dev_net(dev), idev,
116 IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 117 kfree_skb(skb);
118 return 0;
119 }
120 }
121
edf391ff
NH		 122 IP6_UPD_PO_STATS(dev_net(dev), idev, IPSTATS_MIB_OUTMCAST,
123 skb->len);
1da177e4
LT		 124 }
125
97cac082
DM		 126 rt = (struct rt6_info *) dst;
127 neigh = rt->n;
fdd6681d
AW		 128 if (neigh)
129 return dst_neigh_output(dst, neigh, skb);
05e3aa09 130
9e508490
JE		 131 IP6_INC_STATS_BH(dev_net(dst->dev),
132 ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
133 kfree_skb(skb);
134 return -EINVAL;
1da177e4
LT		 135}
136
9e508490
JE		 137static int ip6_finish_output(struct sk_buff *skb)
138{
139 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
140 dst_allfrag(skb_dst(skb)))
141 return ip6_fragment(skb, ip6_finish_output2);
142 else
143 return ip6_finish_output2(skb);
144}
145
1da177e4
LT		 146int ip6_output(struct sk_buff *skb)
147{
9e508490 148 struct net_device *dev = skb_dst(skb)->dev;
adf30907 149 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
778d80be 150 if (unlikely(idev->cnf.disable_ipv6)) {
9e508490 151 IP6_INC_STATS(dev_net(dev), idev,
3bd653c8 152 IPSTATS_MIB_OUTDISCARDS);
778d80be
YH		 153 kfree_skb(skb);
154 return 0;
155 }
156
9c6eb28a
JE		 157 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, NULL, dev,
158 ip6_finish_output,
159 !(IP6CB(skb)->flags & IP6SKB_REROUTED));
1da177e4
LT		 160}
161
1da177e4 162/*
b5d43998 163 * xmit an sk_buff (used by TCP, SCTP and DCCP)
1da177e4
LT		 164 */
165
4c9483b2 166int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
b903d324 167 struct ipv6_txoptions *opt, int tclass)
1da177e4 168{
3bd653c8 169 struct net *net = sock_net(sk);
b30bd282 170 struct ipv6_pinfo *np = inet6_sk(sk);
4c9483b2 171 struct in6_addr *first_hop = &fl6->daddr;
adf30907 172 struct dst_entry *dst = skb_dst(skb);
1da177e4 173 struct ipv6hdr *hdr;
4c9483b2 174 u8 proto = fl6->flowi6_proto;
1da177e4 175 int seg_len = skb->len;
e651f03a 176 int hlimit = -1;
1da177e4
LT		 177 u32 mtu;
178
179 if (opt) {
c2636b4d 180 unsigned int head_room;
1da177e4
LT		 181
182 /* First: exthdrs may take lots of space (~8K for now)
183 MAX_HEADER is not enough.
184 */
185 head_room = opt->opt_nflen + opt->opt_flen;
186 seg_len += head_room;
187 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev);
188
189 if (skb_headroom(skb) < head_room) {
190 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room);
a11d206d 191 if (skb2 == NULL) {
adf30907 192 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
a11d206d
YH		 193 IPSTATS_MIB_OUTDISCARDS);
194 kfree_skb(skb);
1da177e4
LT		 195 return -ENOBUFS;
196 }
808db80a 197 consume_skb(skb);
a11d206d 198 skb = skb2;
83d7eb29 199 skb_set_owner_w(skb, sk);
1da177e4
LT		 200 }
201 if (opt->opt_flen)
202 ipv6_push_frag_opts(skb, opt, &proto);
203 if (opt->opt_nflen)
204 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop);
205 }
206
e2d1bca7
ACM		 207 skb_push(skb, sizeof(struct ipv6hdr));
208 skb_reset_network_header(skb);
0660e03f 209 hdr = ipv6_hdr(skb);
1da177e4
LT		 210
211 /*
212 * Fill in the IPv6 header
213 */
b903d324 214 if (np)
1da177e4
LT		 215 hlimit = np->hop_limit;
216 if (hlimit < 0)
6b75d090 217 hlimit = ip6_dst_hoplimit(dst);
1da177e4 218
3e4e4c1f 219 ip6_flow_hdr(hdr, tclass, fl6->flowlabel);
41a1f8ea 220
1da177e4
LT		 221 hdr->payload_len = htons(seg_len);
222 hdr->nexthdr = proto;
223 hdr->hop_limit = hlimit;
224
4e3fd7a0
AD		 225 hdr->saddr = fl6->saddr;
226 hdr->daddr = *first_hop;
1da177e4 227
a2c2064f 228 skb->priority = sk->sk_priority;
4a19ec58 229 skb->mark = sk->sk_mark;
a2c2064f 230
1da177e4 231 mtu = dst_mtu(dst);
283d07ac 232 if ((skb->len <= mtu) || skb->local_df || skb_is_gso(skb)) {
adf30907 233 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)),
edf391ff 234 IPSTATS_MIB_OUT, skb->len);
b2e0b385
JE		 235 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL,
236 dst->dev, dst_output);
1da177e4
LT		 237 }
238
e87cc472 239 net_dbg_ratelimited("IPv6: sending pkt_too_big to self\n");
1da177e4 240 skb->dev = dst->dev;
3ffe533c 241 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
adf30907 242 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS);
1da177e4
LT		 243 kfree_skb(skb);
244 return -EMSGSIZE;
245}
246
7159039a
YH		 247EXPORT_SYMBOL(ip6_xmit);
248
1da177e4
LT		 249/*
250 * To avoid extra problems ND packets are send through this
251 * routine. It's code duplication but I really want to avoid
252 * extra checks since ipv6_build_header is used by TCP (which
253 * is for us performance critical)
254 */
255
256int ip6_nd_hdr(struct sock *sk, struct sk_buff *skb, struct net_device *dev,
9acd9f3a 257 const struct in6_addr *saddr, const struct in6_addr *daddr,
1da177e4
LT		 258 int proto, int len)
259{
260 struct ipv6_pinfo *np = inet6_sk(sk);
261 struct ipv6hdr *hdr;
1da177e4
LT		 262
263 skb->protocol = htons(ETH_P_IPV6);
264 skb->dev = dev;
265
55f79cc0
ACM		 266 skb_reset_network_header(skb);
267 skb_put(skb, sizeof(struct ipv6hdr));
0660e03f 268 hdr = ipv6_hdr(skb);
1da177e4 269
3e4e4c1f 270 ip6_flow_hdr(hdr, 0, 0);
1da177e4
LT		 271
272 hdr->payload_len = htons(len);
273 hdr->nexthdr = proto;
274 hdr->hop_limit = np->hop_limit;
275
4e3fd7a0
AD		 276 hdr->saddr = *saddr;
277 hdr->daddr = *daddr;
1da177e4
LT		 278
279 return 0;
280}
281
282static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
283{
284 struct ip6_ra_chain *ra;
285 struct sock *last = NULL;
286
287 read_lock(&ip6_ra_lock);
288 for (ra = ip6_ra_chain; ra; ra = ra->next) {
289 struct sock *sk = ra->sk;
0bd1b59b
AM		 290 if (sk && ra->sel == sel &&
291 (!sk->sk_bound_dev_if ||
292 sk->sk_bound_dev_if == skb->dev->ifindex)) {
1da177e4
LT		 293 if (last) {
294 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
295 if (skb2)
296 rawv6_rcv(last, skb2);
297 }
298 last = sk;
299 }
300 }
301
302 if (last) {
303 rawv6_rcv(last, skb);
304 read_unlock(&ip6_ra_lock);
305 return 1;
306 }
307 read_unlock(&ip6_ra_lock);
308 return 0;
309}
310
e21e0b5f
VN		 311static int ip6_forward_proxy_check(struct sk_buff *skb)
312{
0660e03f 313 struct ipv6hdr *hdr = ipv6_hdr(skb);
e21e0b5f 314 u8 nexthdr = hdr->nexthdr;
75f2811c 315 __be16 frag_off;
e21e0b5f
VN		 316 int offset;
317
318 if (ipv6_ext_hdr(nexthdr)) {
75f2811c 319 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr, &frag_off);
e21e0b5f
VN		 320 if (offset < 0)
321 return 0;
322 } else
323 offset = sizeof(struct ipv6hdr);
324
325 if (nexthdr == IPPROTO_ICMPV6) {
326 struct icmp6hdr *icmp6;
327
d56f90a7
ACM		 328 if (!pskb_may_pull(skb, (skb_network_header(skb) +
329 offset + 1 - skb->data)))
e21e0b5f
VN		 330 return 0;
331
d56f90a7 332 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset);
e21e0b5f
VN		 333
334 switch (icmp6->icmp6_type) {
335 case NDISC_ROUTER_SOLICITATION:
336 case NDISC_ROUTER_ADVERTISEMENT:
337 case NDISC_NEIGHBOUR_SOLICITATION:
338 case NDISC_NEIGHBOUR_ADVERTISEMENT:
339 case NDISC_REDIRECT:
340 /* For reaction involving unicast neighbor discovery
341 * message destined to the proxied address, pass it to
342 * input function.
343 */
344 return 1;
345 default:
346 break;
347 }
348 }
349
74553b09
VN		 350 /*
351 * The proxying router can't forward traffic sent to a link-local
352 * address, so signal the sender and discard the packet. This
353 * behavior is clarified by the MIPv6 specification.
354 */
355 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) {
356 dst_link_failure(skb);
357 return -1;
358 }
359
e21e0b5f
VN		 360 return 0;
361}
362
1da177e4
LT		 363static inline int ip6_forward_finish(struct sk_buff *skb)
364{
365 return dst_output(skb);
366}
367
368int ip6_forward(struct sk_buff *skb)
369{
adf30907 370 struct dst_entry *dst = skb_dst(skb);
0660e03f 371 struct ipv6hdr *hdr = ipv6_hdr(skb);
1da177e4 372 struct inet6_skb_parm *opt = IP6CB(skb);
c346dca1 373 struct net *net = dev_net(dst->dev);
14f3ad6f 374 u32 mtu;
1ab1457c 375
53b7997f 376 if (net->ipv6.devconf_all->forwarding == 0)
1da177e4
LT		 377 goto error;
378
4497b076
BH		 379 if (skb_warn_if_lro(skb))
380 goto drop;
381
1da177e4 382 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
3bd653c8 383 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
1da177e4
LT		 384 goto drop;
385 }
386
72b43d08
AK		 387 if (skb->pkt_type != PACKET_HOST)
388 goto drop;
389
35fc92a9 390 skb_forward_csum(skb);
1da177e4
LT		 391
392 /*
393 * We DO NOT make any processing on
394 * RA packets, pushing them to user level AS IS
395 * without ane WARRANTY that application will be able
396 * to interpret them. The reason is that we
397 * cannot make anything clever here.
398 *
399 * We are not end-node, so that if packet contains
400 * AH/ESP, we cannot make anything.
401 * Defragmentation also would be mistake, RA packets
402 * cannot be fragmented, because there is no warranty
403 * that different fragments will go along one path. --ANK
404 */
405 if (opt->ra) {
d56f90a7 406 u8 *ptr = skb_network_header(skb) + opt->ra;
1da177e4
LT		 407 if (ip6_call_ra_chain(skb, (ptr[2]<<8) + ptr[3]))
408 return 0;
409 }
410
411 /*
412 * check and decrement ttl
413 */
414 if (hdr->hop_limit <= 1) {
415 /* Force OUTPUT device used as source address */
416 skb->dev = dst->dev;
3ffe533c 417 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0);
483a47d2
DL		 418 IP6_INC_STATS_BH(net,
419 ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS);
1da177e4
LT		 420
421 kfree_skb(skb);
422 return -ETIMEDOUT;
423 }
424
fbea49e1 425 /* XXX: idev->cnf.proxy_ndp? */
53b7997f 426 if (net->ipv6.devconf_all->proxy_ndp &&
8a3edd80 427 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
74553b09
VN		 428 int proxied = ip6_forward_proxy_check(skb);
429 if (proxied > 0)
e21e0b5f 430 return ip6_input(skb);
74553b09 431 else if (proxied < 0) {
3bd653c8
DL		 432 IP6_INC_STATS(net, ip6_dst_idev(dst),
433 IPSTATS_MIB_INDISCARDS);
74553b09
VN		 434 goto drop;
435 }
e21e0b5f
VN		 436 }
437
1da177e4 438 if (!xfrm6_route_forward(skb)) {
3bd653c8 439 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
1da177e4
LT		 440 goto drop;
441 }
adf30907 442 dst = skb_dst(skb);
1da177e4
LT		 443
444 /* IPv6 specs say nothing about it, but it is clear that we cannot
445 send redirects to source routed frames.
1e5dc146 446 We don't send redirects to frames decapsulated from IPsec.
1da177e4 447 */
c45a3dfb 448 if (skb->dev == dst->dev && opt->srcrt == 0 && !skb_sec_path(skb)) {
1da177e4 449 struct in6_addr *target = NULL;
fbfe95a4 450 struct inet_peer *peer;
1da177e4 451 struct rt6_info *rt;
1da177e4
LT		 452
453 /*
454 * incoming and outgoing devices are the same
455 * send a redirect.
456 */
457
458 rt = (struct rt6_info *) dst;
c45a3dfb
DM		 459 if (rt->rt6i_flags & RTF_GATEWAY)
460 target = &rt->rt6i_gateway;
1da177e4
LT		 461 else
462 target = &hdr->daddr;
463
1d861aa4 464 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
92d86829 465
1da177e4
LT		 466 /* Limit redirects both by destination (here)
467 and by source (inside ndisc_send_redirect)
468 */
fbfe95a4 469 if (inet_peer_xrlim_allow(peer, 1*HZ))
4991969a 470 ndisc_send_redirect(skb, target);
1d861aa4
DM		 471 if (peer)
472 inet_putpeer(peer);
5bb1ab09
DS		 473 } else {
474 int addrtype = ipv6_addr_type(&hdr->saddr);
475
1da177e4 476 /* This check is security critical. */
f81b2e7d
YH		 477 if (addrtype == IPV6_ADDR_ANY ||
478 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
5bb1ab09
DS		 479 goto error;
480 if (addrtype & IPV6_ADDR_LINKLOCAL) {
481 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
3ffe533c 482 ICMPV6_NOT_NEIGHBOUR, 0);
5bb1ab09
DS		 483 goto error;
484 }
1da177e4
LT		 485 }
486
14f3ad6f
UW		 487 mtu = dst_mtu(dst);
488 if (mtu < IPV6_MIN_MTU)
489 mtu = IPV6_MIN_MTU;
490
4cdd3408
PM		 491 if ((!skb->local_df && skb->len > mtu && !skb_is_gso(skb)) ||
492 (IP6CB(skb)->frag_max_size && IP6CB(skb)->frag_max_size > mtu)) {
1da177e4
LT		 493 /* Again, force OUTPUT device used as source address */
494 skb->dev = dst->dev;
14f3ad6f 495 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
483a47d2
DL		 496 IP6_INC_STATS_BH(net,
497 ip6_dst_idev(dst), IPSTATS_MIB_INTOOBIGERRORS);
498 IP6_INC_STATS_BH(net,
499 ip6_dst_idev(dst), IPSTATS_MIB_FRAGFAILS);
1da177e4
LT		 500 kfree_skb(skb);
501 return -EMSGSIZE;
502 }
503
504 if (skb_cow(skb, dst->dev->hard_header_len)) {
3bd653c8 505 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 506 goto drop;
507 }
508
0660e03f 509 hdr = ipv6_hdr(skb);
1da177e4
LT		 510
511 /* Mangling hops number delayed to point after skb COW */
1ab1457c 512
1da177e4
LT		 513 hdr->hop_limit--;
514
483a47d2 515 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
2d8dbb04 516 IP6_ADD_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len);
b2e0b385 517 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, skb, skb->dev, dst->dev,
6e23ae2a 518 ip6_forward_finish);
1da177e4
LT		 519
520error:
483a47d2 521 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS);
1da177e4
LT		 522drop:
523 kfree_skb(skb);
524 return -EINVAL;
525}
526
527static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
528{
529 to->pkt_type = from->pkt_type;
530 to->priority = from->priority;
531 to->protocol = from->protocol;
adf30907
ED		 532 skb_dst_drop(to);
533 skb_dst_set(to, dst_clone(skb_dst(from)));
1da177e4 534 to->dev = from->dev;
82e91ffe 535 to->mark = from->mark;
1da177e4
LT		 536
537#ifdef CONFIG_NET_SCHED
538 to->tc_index = from->tc_index;
539#endif
e7ac05f3 540 nf_copy(to, from);
07a93626 541#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
ba9dda3a
JK		 542 to->nf_trace = from->nf_trace;
543#endif
984bc16c 544 skb_copy_secmark(to, from);
1da177e4
LT		 545}
546
ad0081e4 547int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
1da177e4 548{
1da177e4 549 struct sk_buff *frag;
adf30907 550 struct rt6_info *rt = (struct rt6_info*)skb_dst(skb);
d91675f9 551 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
1da177e4
LT		 552 struct ipv6hdr *tmp_hdr;
553 struct frag_hdr *fh;
554 unsigned int mtu, hlen, left, len;
a7ae1992 555 int hroom, troom;
ae08e1f0 556 __be32 frag_id = 0;
1da177e4
LT		 557 int ptr, offset = 0, err=0;
558 u8 *prevhdr, nexthdr = 0;
adf30907 559 struct net *net = dev_net(skb_dst(skb)->dev);
1da177e4 560
1da177e4
LT		 561 hlen = ip6_find_1stfragopt(skb, &prevhdr);
562 nexthdr = *prevhdr;
563
628a5c56 564 mtu = ip6_skb_dst_mtu(skb);
b881ef76
JH		 565
566 /* We must not fragment if the socket is set to force MTU discovery
14f3ad6f 567 * or if the skb it not generated by a local socket.
b881ef76 568 */
4cdd3408
PM		 569 if (unlikely(!skb->local_df && skb->len > mtu) ||
570 (IP6CB(skb)->frag_max_size &&
571 IP6CB(skb)->frag_max_size > mtu)) {
a34a101e
ED		 572 if (skb->sk && dst_allfrag(skb_dst(skb)))
573 sk_nocaps_add(skb->sk, NETIF_F_GSO_MASK);
574
adf30907 575 skb->dev = skb_dst(skb)->dev;
3ffe533c 576 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
adf30907 577 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
3bd653c8 578 IPSTATS_MIB_FRAGFAILS);
b881ef76
JH		 579 kfree_skb(skb);
580 return -EMSGSIZE;
581 }
582
d91675f9
YH		 583 if (np && np->frag_size < mtu) {
584 if (np->frag_size)
585 mtu = np->frag_size;
586 }
587 mtu -= hlen + sizeof(struct frag_hdr);
1da177e4 588
21dc3301 589 if (skb_has_frag_list(skb)) {
1da177e4 590 int first_len = skb_pagelen(skb);
3d13008e 591 struct sk_buff *frag2;
1da177e4
LT		 592
593 if (first_len - hlen > mtu ||
594 ((first_len - hlen) & 7) ||
595 skb_cloned(skb))
596 goto slow_path;
597
4d9092bb 598 skb_walk_frags(skb, frag) {
1da177e4
LT		 599 /* Correct geometry. */
600 if (frag->len > mtu ||
601 ((frag->len & 7) && frag->next) ||
602 skb_headroom(frag) < hlen)
3d13008e 603 goto slow_path_clean;
1da177e4 604
1da177e4
LT		 605 /* Partially cloned skb? */
606 if (skb_shared(frag))
3d13008e 607 goto slow_path_clean;
2fdba6b0
HX		 608
609 BUG_ON(frag->sk);
610 if (skb->sk) {
2fdba6b0
HX		 611 frag->sk = skb->sk;
612 frag->destructor = sock_wfree;
2fdba6b0 613 }
3d13008e 614 skb->truesize -= frag->truesize;
1da177e4
LT		 615 }
616
617 err = 0;
618 offset = 0;
619 frag = skb_shinfo(skb)->frag_list;
4d9092bb 620 skb_frag_list_init(skb);
1da177e4
LT		 621 /* BUILD HEADER */
622
9a217a1c 623 *prevhdr = NEXTHDR_FRAGMENT;
d56f90a7 624 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
1da177e4 625 if (!tmp_hdr) {
adf30907 626 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
3bd653c8 627 IPSTATS_MIB_FRAGFAILS);
1da177e4
LT		 628 return -ENOMEM;
629 }
630
1da177e4
LT		 631 __skb_pull(skb, hlen);
632 fh = (struct frag_hdr*)__skb_push(skb, sizeof(struct frag_hdr));
e2d1bca7
ACM		 633 __skb_push(skb, hlen);
634 skb_reset_network_header(skb);
d56f90a7 635 memcpy(skb_network_header(skb), tmp_hdr, hlen);
1da177e4 636
87c48fa3 637 ipv6_select_ident(fh, rt);
1da177e4
LT		 638 fh->nexthdr = nexthdr;
639 fh->reserved = 0;
640 fh->frag_off = htons(IP6_MF);
641 frag_id = fh->identification;
642
643 first_len = skb_pagelen(skb);
644 skb->data_len = first_len - skb_headlen(skb);
645 skb->len = first_len;
0660e03f
ACM		 646 ipv6_hdr(skb)->payload_len = htons(first_len -
647 sizeof(struct ipv6hdr));
a11d206d 648
d8d1f30b 649 dst_hold(&rt->dst);
1da177e4
LT		 650
651 for (;;) {
652 /* Prepare header of the next frame,
653 * before previous one went down. */
654 if (frag) {
655 frag->ip_summed = CHECKSUM_NONE;
badff6d0 656 skb_reset_transport_header(frag);
1da177e4 657 fh = (struct frag_hdr*)__skb_push(frag, sizeof(struct frag_hdr));
e2d1bca7
ACM		 658 __skb_push(frag, hlen);
659 skb_reset_network_header(frag);
d56f90a7
ACM		 660 memcpy(skb_network_header(frag), tmp_hdr,
661 hlen);
1da177e4
LT		 662 offset += skb->len - hlen - sizeof(struct frag_hdr);
663 fh->nexthdr = nexthdr;
664 fh->reserved = 0;
665 fh->frag_off = htons(offset);
666 if (frag->next != NULL)
667 fh->frag_off |= htons(IP6_MF);
668 fh->identification = frag_id;
0660e03f
ACM		 669 ipv6_hdr(frag)->payload_len =
670 htons(frag->len -
671 sizeof(struct ipv6hdr));
1da177e4
LT		 672 ip6_copy_metadata(frag, skb);
673 }
1ab1457c 674
1da177e4 675 err = output(skb);
dafee490 676 if(!err)
d8d1f30b 677 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
3bd653c8 678 IPSTATS_MIB_FRAGCREATES);
dafee490 679
1da177e4
LT		 680 if (err || !frag)
681 break;
682
683 skb = frag;
684 frag = skb->next;
685 skb->next = NULL;
686 }
687
a51482bd 688 kfree(tmp_hdr);
1da177e4
LT		 689
690 if (err == 0) {
d8d1f30b 691 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
3bd653c8 692 IPSTATS_MIB_FRAGOKS);
94e187c0 693 ip6_rt_put(rt);
1da177e4
LT		 694 return 0;
695 }
696
697 while (frag) {
698 skb = frag->next;
699 kfree_skb(frag);
700 frag = skb;
701 }
702
d8d1f30b 703 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
3bd653c8 704 IPSTATS_MIB_FRAGFAILS);
94e187c0 705 ip6_rt_put(rt);
1da177e4 706 return err;
3d13008e
ED		 707
708slow_path_clean:
709 skb_walk_frags(skb, frag2) {
710 if (frag2 == frag)
711 break;
712 frag2->sk = NULL;
713 frag2->destructor = NULL;
714 skb->truesize += frag2->truesize;
715 }
1da177e4
LT		 716 }
717
718slow_path:
72e843bb
ED		 719 if ((skb->ip_summed == CHECKSUM_PARTIAL) &&
720 skb_checksum_help(skb))
721 goto fail;
722
1da177e4
LT		 723 left = skb->len - hlen; /* Space per frame */
724 ptr = hlen; /* Where to start from */
725
726 /*
727 * Fragment the datagram.
728 */
729
730 *prevhdr = NEXTHDR_FRAGMENT;
a7ae1992
HX		 731 hroom = LL_RESERVED_SPACE(rt->dst.dev);
732 troom = rt->dst.dev->needed_tailroom;
1da177e4
LT		 733
734 /*
735 * Keep copying data until we run out.
736 */
737 while(left > 0) {
738 len = left;
739 /* IF: it doesn't fit, use 'mtu' - the data space left */
740 if (len > mtu)
741 len = mtu;
25985edc 742 /* IF: we are not sending up to and including the packet end
1da177e4
LT		 743 then align the next start on an eight byte boundary */
744 if (len < left) {
745 len &= ~7;
746 }
747 /*
748 * Allocate buffer.
749 */
750
a7ae1992
HX		 751 if ((frag = alloc_skb(len + hlen + sizeof(struct frag_hdr) +
752 hroom + troom, GFP_ATOMIC)) == NULL) {
64ce2073 753 NETDEBUG(KERN_INFO "IPv6: frag: no memory for new fragment!\n");
adf30907 754 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
a11d206d 755 IPSTATS_MIB_FRAGFAILS);
1da177e4
LT		 756 err = -ENOMEM;
757 goto fail;
758 }
759
760 /*
761 * Set up data on packet
762 */
763
764 ip6_copy_metadata(frag, skb);
a7ae1992 765 skb_reserve(frag, hroom);
1da177e4 766 skb_put(frag, len + hlen + sizeof(struct frag_hdr));
c1d2bbe1 767 skb_reset_network_header(frag);
badff6d0 768 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen);
b0e380b1
ACM		 769 frag->transport_header = (frag->network_header + hlen +
770 sizeof(struct frag_hdr));
1da177e4
LT		 771
772 /*
773 * Charge the memory for the fragment to any owner
774 * it might possess
775 */
776 if (skb->sk)
777 skb_set_owner_w(frag, skb->sk);
778
779 /*
780 * Copy the packet header into the new buffer.
781 */
d626f62b 782 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen);
1da177e4
LT		 783
784 /*
785 * Build fragment header.
786 */
787 fh->nexthdr = nexthdr;
788 fh->reserved = 0;
f36d6ab1 789 if (!frag_id) {
87c48fa3 790 ipv6_select_ident(fh, rt);
1da177e4
LT		 791 frag_id = fh->identification;
792 } else
793 fh->identification = frag_id;
794
795 /*
796 * Copy a block of the IP datagram.
797 */
8984e41d 798 if (skb_copy_bits(skb, ptr, skb_transport_header(frag), len))
1da177e4
LT		 799 BUG();
800 left -= len;
801
802 fh->frag_off = htons(offset);
803 if (left > 0)
804 fh->frag_off |= htons(IP6_MF);
0660e03f
ACM		 805 ipv6_hdr(frag)->payload_len = htons(frag->len -
806 sizeof(struct ipv6hdr));
1da177e4
LT		 807
808 ptr += len;
809 offset += len;
810
811 /*
812 * Put this fragment into the sending queue.
813 */
1da177e4
LT		 814 err = output(frag);
815 if (err)
816 goto fail;
dafee490 817
adf30907 818 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
3bd653c8 819 IPSTATS_MIB_FRAGCREATES);
1da177e4 820 }
adf30907 821 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
a11d206d 822 IPSTATS_MIB_FRAGOKS);
808db80a 823 consume_skb(skb);
1da177e4
LT		 824 return err;
825
826fail:
adf30907 827 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
a11d206d 828 IPSTATS_MIB_FRAGFAILS);
1ab1457c 829 kfree_skb(skb);
1da177e4
LT		 830 return err;
831}
832
b71d1d42
ED		 833static inline int ip6_rt_check(const struct rt6key *rt_key,
834 const struct in6_addr *fl_addr,
835 const struct in6_addr *addr_cache)
cf6b1982 836{
a02cec21
ED		 837 return (rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) &&
838 (addr_cache == NULL || !ipv6_addr_equal(fl_addr, addr_cache));
cf6b1982
YH		 839}
840
497c615a
HX		 841static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
842 struct dst_entry *dst,
b71d1d42 843 const struct flowi6 *fl6)
1da177e4 844{
497c615a
HX		 845 struct ipv6_pinfo *np = inet6_sk(sk);
846 struct rt6_info *rt = (struct rt6_info *)dst;
1da177e4 847
497c615a
HX		 848 if (!dst)
849 goto out;
850
851 /* Yes, checking route validity in not connected
852 * case is not very simple. Take into account,
853 * that we do not support routing by source, TOS,
854 * and MSG_DONTROUTE --ANK (980726)
855 *
cf6b1982
YH		 856 * 1. ip6_rt_check(): If route was host route,
857 * check that cached destination is current.
497c615a
HX		 858 * If it is network route, we still may
859 * check its validity using saved pointer
860 * to the last used address: daddr_cache.
861 * We do not want to save whole address now,
862 * (because main consumer of this service
863 * is tcp, which has not this problem),
864 * so that the last trick works only on connected
865 * sockets.
866 * 2. oif also should be the same.
867 */
4c9483b2 868 if (ip6_rt_check(&rt->rt6i_dst, &fl6->daddr, np->daddr_cache) ||
8e1ef0a9 869#ifdef CONFIG_IPV6_SUBTREES
4c9483b2 870 ip6_rt_check(&rt->rt6i_src, &fl6->saddr, np->saddr_cache) ||
8e1ef0a9 871#endif
4c9483b2 872 (fl6->flowi6_oif && fl6->flowi6_oif != dst->dev->ifindex)) {
497c615a
HX		 873 dst_release(dst);
874 dst = NULL;
1da177e4
LT		 875 }
876
497c615a
HX		 877out:
878 return dst;
879}
880
881static int ip6_dst_lookup_tail(struct sock *sk,
4c9483b2 882 struct dst_entry **dst, struct flowi6 *fl6)
497c615a 883{
3b1e0a65 884 struct net *net = sock_net(sk);
69cce1d1
DM		 885#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
886 struct neighbour *n;
97cac082 887 struct rt6_info *rt;
69cce1d1
DM		 888#endif
889 int err;
497c615a 890
1da177e4 891 if (*dst == NULL)
4c9483b2 892 *dst = ip6_route_output(net, sk, fl6);
1da177e4
LT		 893
894 if ((err = (*dst)->error))
895 goto out_err_release;
896
4c9483b2 897 if (ipv6_addr_any(&fl6->saddr)) {
c3968a85
DW		 898 struct rt6_info *rt = (struct rt6_info *) *dst;
899 err = ip6_route_get_saddr(net, rt, &fl6->daddr,
900 sk ? inet6_sk(sk)->srcprefs : 0,
901 &fl6->saddr);
44456d37 902 if (err)
1da177e4 903 goto out_err_release;
1da177e4
LT		 904 }
905
95c385b4 906#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
e550dfb0
NH		 907 /*
908 * Here if the dst entry we've looked up
909 * has a neighbour entry that is in the INCOMPLETE
910 * state and the src address from the flow is
911 * marked as OPTIMISTIC, we release the found
912 * dst entry and replace it instead with the
913 * dst entry of the nexthop router
914 */
c56bf6fe 915 rt = (struct rt6_info *) *dst;
97cac082 916 n = rt->n;
69cce1d1 917 if (n && !(n->nud_state & NUD_VALID)) {
e550dfb0 918 struct inet6_ifaddr *ifp;
4c9483b2 919 struct flowi6 fl_gw6;
e550dfb0
NH		 920 int redirect;
921
4c9483b2 922 ifp = ipv6_get_ifaddr(net, &fl6->saddr,
e550dfb0
NH		 923 (*dst)->dev, 1);
924
925 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
926 if (ifp)
927 in6_ifa_put(ifp);
928
929 if (redirect) {
930 /*
931 * We need to get the dst entry for the
932 * default router instead
933 */
934 dst_release(*dst);
4c9483b2
DM		 935 memcpy(&fl_gw6, fl6, sizeof(struct flowi6));
936 memset(&fl_gw6.daddr, 0, sizeof(struct in6_addr));
937 *dst = ip6_route_output(net, sk, &fl_gw6);
e550dfb0
NH		 938 if ((err = (*dst)->error))
939 goto out_err_release;
95c385b4 940 }
e550dfb0 941 }
95c385b4
NH		 942#endif
943
1da177e4
LT		 944 return 0;
945
946out_err_release:
ca46f9c8 947 if (err == -ENETUNREACH)
483a47d2 948 IP6_INC_STATS_BH(net, NULL, IPSTATS_MIB_OUTNOROUTES);
1da177e4
LT		 949 dst_release(*dst);
950 *dst = NULL;
951 return err;
952}
34a0b3cd 953
497c615a
HX		 954/**
955 * ip6_dst_lookup - perform route lookup on flow
956 * @sk: socket which provides route info
957 * @dst: pointer to dst_entry * for result
4c9483b2 958 * @fl6: flow to lookup
497c615a
HX		 959 *
960 * This function performs a route lookup on the given flow.
961 *
962 * It returns zero on success, or a standard errno code on error.
963 */
4c9483b2 964int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi6 *fl6)
497c615a
HX		 965{
966 *dst = NULL;
4c9483b2 967 return ip6_dst_lookup_tail(sk, dst, fl6);
497c615a 968}
3cf3dc6c
ACM		 969EXPORT_SYMBOL_GPL(ip6_dst_lookup);
970
497c615a 971/**
68d0c6d3
DM		 972 * ip6_dst_lookup_flow - perform route lookup on flow with ipsec
973 * @sk: socket which provides route info
4c9483b2 974 * @fl6: flow to lookup
68d0c6d3 975 * @final_dst: final destination address for ipsec lookup
a1414715 976 * @can_sleep: we are in a sleepable context
68d0c6d3
DM		 977 *
978 * This function performs a route lookup on the given flow.
979 *
980 * It returns a valid dst pointer on success, or a pointer encoded
981 * error code.
982 */
4c9483b2 983struct dst_entry *ip6_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
68d0c6d3 984 const struct in6_addr *final_dst,
a1414715 985 bool can_sleep)
68d0c6d3
DM		 986{
987 struct dst_entry *dst = NULL;
988 int err;
989
4c9483b2 990 err = ip6_dst_lookup_tail(sk, &dst, fl6);
68d0c6d3
DM		 991 if (err)
992 return ERR_PTR(err);
993 if (final_dst)
4e3fd7a0 994 fl6->daddr = *final_dst;
2774c131 995 if (can_sleep)
4c9483b2 996 fl6->flowi6_flags |= FLOWI_FLAG_CAN_SLEEP;
2774c131 997
4c9483b2 998 return xfrm_lookup(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
68d0c6d3
DM		 999}
1000EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow);
1001
1002/**
1003 * ip6_sk_dst_lookup_flow - perform socket cached route lookup on flow
497c615a 1004 * @sk: socket which provides the dst cache and route info
4c9483b2 1005 * @fl6: flow to lookup
68d0c6d3 1006 * @final_dst: final destination address for ipsec lookup
a1414715 1007 * @can_sleep: we are in a sleepable context
497c615a
HX		 1008 *
1009 * This function performs a route lookup on the given flow with the
1010 * possibility of using the cached route in the socket if it is valid.
1011 * It will take the socket dst lock when operating on the dst cache.
1012 * As a result, this function can only be used in process context.
1013 *
68d0c6d3
DM		 1014 * It returns a valid dst pointer on success, or a pointer encoded
1015 * error code.
497c615a 1016 */
4c9483b2 1017struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
68d0c6d3 1018 const struct in6_addr *final_dst,
a1414715 1019 bool can_sleep)
497c615a 1020{
68d0c6d3
DM		 1021 struct dst_entry *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
1022 int err;
497c615a 1023
4c9483b2 1024 dst = ip6_sk_dst_check(sk, dst, fl6);
68d0c6d3 1025
4c9483b2 1026 err = ip6_dst_lookup_tail(sk, &dst, fl6);
68d0c6d3
DM		 1027 if (err)
1028 return ERR_PTR(err);
1029 if (final_dst)
4e3fd7a0 1030 fl6->daddr = *final_dst;
2774c131 1031 if (can_sleep)
4c9483b2 1032 fl6->flowi6_flags |= FLOWI_FLAG_CAN_SLEEP;
2774c131 1033
4c9483b2 1034 return xfrm_lookup(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
497c615a 1035}
68d0c6d3 1036EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow);
497c615a 1037
34a0b3cd 1038static inline int ip6_ufo_append_data(struct sock *sk,
e89e9cf5
AR		 1039 int getfrag(void *from, char *to, int offset, int len,
1040 int odd, struct sk_buff *skb),
1041 void *from, int length, int hh_len, int fragheaderlen,
87c48fa3
ED		 1042 int transhdrlen, int mtu,unsigned int flags,
1043 struct rt6_info *rt)
e89e9cf5
AR		 1044
1045{
1046 struct sk_buff *skb;
1047 int err;
1048
1049 /* There is support for UDP large send offload by network
1050 * device, so create one single skb packet containing complete
1051 * udp datagram
1052 */
1053 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) {
1054 skb = sock_alloc_send_skb(sk,
1055 hh_len + fragheaderlen + transhdrlen + 20,
1056 (flags & MSG_DONTWAIT), &err);
1057 if (skb == NULL)
504744e4 1058 return err;
e89e9cf5
AR		 1059
1060 /* reserve space for Hardware header */
1061 skb_reserve(skb, hh_len);
1062
1063 /* create space for UDP/IP header */
1064 skb_put(skb,fragheaderlen + transhdrlen);
1065
1066 /* initialize network header pointer */
c1d2bbe1 1067 skb_reset_network_header(skb);
e89e9cf5
AR		 1068
1069 /* initialize protocol header pointer */
b0e380b1 1070 skb->transport_header = skb->network_header + fragheaderlen;
e89e9cf5 1071
84fa7933 1072 skb->ip_summed = CHECKSUM_PARTIAL;
e89e9cf5 1073 skb->csum = 0;
e89e9cf5
AR		 1074 }
1075
1076 err = skb_append_datato_frags(sk,skb, getfrag, from,
1077 (length - transhdrlen));
1078 if (!err) {
1079 struct frag_hdr fhdr;
1080
c31d5326
SS		 1081 /* Specify the length of each IPv6 datagram fragment.
1082 * It has to be a multiple of 8.
1083 */
1084 skb_shinfo(skb)->gso_size = (mtu - fragheaderlen -
1085 sizeof(struct frag_hdr)) & ~7;
f83ef8c0 1086 skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
87c48fa3 1087 ipv6_select_ident(&fhdr, rt);
e89e9cf5
AR		 1088 skb_shinfo(skb)->ip6_frag_id = fhdr.identification;
1089 __skb_queue_tail(&sk->sk_write_queue, skb);
1090
1091 return 0;
1092 }
1093 /* There is not enough support do UPD LSO,
1094 * so follow normal path
1095 */
1096 kfree_skb(skb);
1097
1098 return err;
1099}
1da177e4 1100
0178b695
HX		 1101static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src,
1102 gfp_t gfp)
1103{
1104 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1105}
1106
1107static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src,
1108 gfp_t gfp)
1109{
1110 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1111}
1112
0c183379
G		 1113static void ip6_append_data_mtu(int *mtu,
1114 int *maxfraglen,
1115 unsigned int fragheaderlen,
1116 struct sk_buff *skb,
1117 struct rt6_info *rt)
1118{
1119 if (!(rt->dst.flags & DST_XFRM_TUNNEL)) {
1120 if (skb == NULL) {
1121 /* first fragment, reserve header_len */
1122 *mtu = *mtu - rt->dst.header_len;
1123
1124 } else {
1125 /*
1126 * this fragment is not first, the headers
1127 * space is regarded as data space.
1128 */
1129 *mtu = dst_mtu(rt->dst.path);
1130 }
1131 *maxfraglen = ((*mtu - fragheaderlen) & ~7)
1132 + fragheaderlen - sizeof(struct frag_hdr);
1133 }
1134}
1135
41a1f8ea
YH		 1136int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
1137 int offset, int len, int odd, struct sk_buff *skb),
1138 void *from, int length, int transhdrlen,
4c9483b2 1139 int hlimit, int tclass, struct ipv6_txoptions *opt, struct flowi6 *fl6,
13b52cd4 1140 struct rt6_info *rt, unsigned int flags, int dontfrag)
1da177e4
LT		 1141{
1142 struct inet_sock *inet = inet_sk(sk);
1143 struct ipv6_pinfo *np = inet6_sk(sk);
bdc712b4 1144 struct inet_cork *cork;
0c183379 1145 struct sk_buff *skb, *skb_prev = NULL;
1da177e4
LT		 1146 unsigned int maxfraglen, fragheaderlen;
1147 int exthdrlen;
299b0767 1148 int dst_exthdrlen;
1da177e4
LT		 1149 int hh_len;
1150 int mtu;
1151 int copy;
1152 int err;
1153 int offset = 0;
a693e698 1154 __u8 tx_flags = 0;
1da177e4
LT		 1155
1156 if (flags&MSG_PROBE)
1157 return 0;
bdc712b4 1158 cork = &inet->cork.base;
1da177e4
LT		 1159 if (skb_queue_empty(&sk->sk_write_queue)) {
1160 /*
1161 * setup for corking
1162 */
1163 if (opt) {
0178b695 1164 if (WARN_ON(np->cork.opt))
1da177e4 1165 return -EINVAL;
0178b695
HX		 1166
1167 np->cork.opt = kmalloc(opt->tot_len, sk->sk_allocation);
1168 if (unlikely(np->cork.opt == NULL))
1169 return -ENOBUFS;
1170
1171 np->cork.opt->tot_len = opt->tot_len;
1172 np->cork.opt->opt_flen = opt->opt_flen;
1173 np->cork.opt->opt_nflen = opt->opt_nflen;
1174
1175 np->cork.opt->dst0opt = ip6_opt_dup(opt->dst0opt,
1176 sk->sk_allocation);
1177 if (opt->dst0opt && !np->cork.opt->dst0opt)
1178 return -ENOBUFS;
1179
1180 np->cork.opt->dst1opt = ip6_opt_dup(opt->dst1opt,
1181 sk->sk_allocation);
1182 if (opt->dst1opt && !np->cork.opt->dst1opt)
1183 return -ENOBUFS;
1184
1185 np->cork.opt->hopopt = ip6_opt_dup(opt->hopopt,
1186 sk->sk_allocation);
1187 if (opt->hopopt && !np->cork.opt->hopopt)
1188 return -ENOBUFS;
1189
1190 np->cork.opt->srcrt = ip6_rthdr_dup(opt->srcrt,
1191 sk->sk_allocation);
1192 if (opt->srcrt && !np->cork.opt->srcrt)
1193 return -ENOBUFS;
1194
1da177e4
LT		 1195 /* need source address above miyazawa*/
1196 }
d8d1f30b 1197 dst_hold(&rt->dst);
bdc712b4 1198 cork->dst = &rt->dst;
4c9483b2 1199 inet->cork.fl.u.ip6 = *fl6;
1da177e4 1200 np->cork.hop_limit = hlimit;
41a1f8ea 1201 np->cork.tclass = tclass;
0c183379
G		 1202 if (rt->dst.flags & DST_XFRM_TUNNEL)
1203 mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ?
1204 rt->dst.dev->mtu : dst_mtu(&rt->dst);
1205 else
1206 mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ?
1207 rt->dst.dev->mtu : dst_mtu(rt->dst.path);
c7503609 1208 if (np->frag_size < mtu) {
d91675f9
YH		 1209 if (np->frag_size)
1210 mtu = np->frag_size;
1211 }
bdc712b4 1212 cork->fragsize = mtu;
d8d1f30b 1213 if (dst_allfrag(rt->dst.path))
bdc712b4
DM		 1214 cork->flags |= IPCORK_ALLFRAG;
1215 cork->length = 0;
299b0767 1216 exthdrlen = (opt ? opt->opt_flen : 0) - rt->rt6i_nfheader_len;
1da177e4
LT		 1217 length += exthdrlen;
1218 transhdrlen += exthdrlen;
299b0767 1219 dst_exthdrlen = rt->dst.header_len;
1da177e4 1220 } else {
bdc712b4 1221 rt = (struct rt6_info *)cork->dst;
4c9483b2 1222 fl6 = &inet->cork.fl.u.ip6;
0178b695 1223 opt = np->cork.opt;
1da177e4
LT		 1224 transhdrlen = 0;
1225 exthdrlen = 0;
299b0767 1226 dst_exthdrlen = 0;
bdc712b4 1227 mtu = cork->fragsize;
1da177e4
LT		 1228 }
1229
d8d1f30b 1230 hh_len = LL_RESERVED_SPACE(rt->dst.dev);
1da177e4 1231
a1b05140 1232 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len +
b4ce9277 1233 (opt ? opt->opt_nflen : 0);
1da177e4
LT		 1234 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr);
1235
1236 if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) {
bdc712b4 1237 if (cork->length + length > sizeof(struct ipv6hdr) + IPV6_MAXPLEN - fragheaderlen) {
4c9483b2 1238 ipv6_local_error(sk, EMSGSIZE, fl6, mtu-exthdrlen);
1da177e4
LT		 1239 return -EMSGSIZE;
1240 }
1241 }
1242
a693e698
AB		 1243 /* For UDP, check if TX timestamp is enabled */
1244 if (sk->sk_type == SOCK_DGRAM) {
1245 err = sock_tx_timestamp(sk, &tx_flags);
1246 if (err)
1247 goto error;
1248 }
1249
1da177e4
LT		 1250 /*
1251 * Let's try using as much space as possible.
1252 * Use MTU if total length of the message fits into the MTU.
1253 * Otherwise, we need to reserve fragment header and
1254 * fragment alignment (= 8-15 octects, in total).
1255 *
1256 * Note that we may need to "move" the data from the tail of
1ab1457c 1257 * of the buffer to the new fragment when we split
1da177e4
LT		 1258 * the message.
1259 *
1ab1457c 1260 * FIXME: It may be fragmented into multiple chunks
1da177e4
LT		 1261 * at once if non-fragmentable extension headers
1262 * are too large.
1ab1457c 1263 * --yoshfuji
1da177e4
LT		 1264 */
1265
bdc712b4 1266 cork->length += length;
4b340ae2
BH		 1267 if (length > mtu) {
1268 int proto = sk->sk_protocol;
1269 if (dontfrag && (proto == IPPROTO_UDP || proto == IPPROTO_RAW)){
4c9483b2 1270 ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen);
4b340ae2
BH		 1271 return -EMSGSIZE;
1272 }
e89e9cf5 1273
4b340ae2 1274 if (proto == IPPROTO_UDP &&
d8d1f30b 1275 (rt->dst.dev->features & NETIF_F_UFO)) {
4b340ae2
BH		 1276
1277 err = ip6_ufo_append_data(sk, getfrag, from, length,
1278 hh_len, fragheaderlen,
87c48fa3 1279 transhdrlen, mtu, flags, rt);
4b340ae2
BH		 1280 if (err)
1281 goto error;
1282 return 0;
1283 }
e89e9cf5 1284 }
1da177e4
LT		 1285
1286 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL)
1287 goto alloc_new_skb;
1288
1289 while (length > 0) {
1290 /* Check if the remaining data fits into current packet. */
bdc712b4 1291 copy = (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len;
1da177e4
LT		 1292 if (copy < length)
1293 copy = maxfraglen - skb->len;
1294
1295 if (copy <= 0) {
1296 char *data;
1297 unsigned int datalen;
1298 unsigned int fraglen;
1299 unsigned int fraggap;
1300 unsigned int alloclen;
1da177e4 1301alloc_new_skb:
1da177e4 1302 /* There's no room in the current skb */
0c183379
G		 1303 if (skb)
1304 fraggap = skb->len - maxfraglen;
1da177e4
LT		 1305 else
1306 fraggap = 0;
0c183379
G		 1307 /* update mtu and maxfraglen if necessary */
1308 if (skb == NULL || skb_prev == NULL)
1309 ip6_append_data_mtu(&mtu, &maxfraglen,
1310 fragheaderlen, skb, rt);
1311
1312 skb_prev = skb;
1da177e4
LT		 1313
1314 /*
1315 * If remaining data exceeds the mtu,
1316 * we know we need more fragment(s).
1317 */
1318 datalen = length + fraggap;
1da177e4 1319
0c183379
G		 1320 if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)
1321 datalen = maxfraglen - fragheaderlen - rt->dst.trailer_len;
1da177e4 1322 if ((flags & MSG_MORE) &&
d8d1f30b 1323 !(rt->dst.dev->features&NETIF_F_SG))
1da177e4
LT		 1324 alloclen = mtu;
1325 else
1326 alloclen = datalen + fragheaderlen;
1327
299b0767
SK		 1328 alloclen += dst_exthdrlen;
1329
0c183379
G		 1330 if (datalen != length + fraggap) {
1331 /*
1332 * this is not the last fragment, the trailer
1333 * space is regarded as data space.
1334 */
1335 datalen += rt->dst.trailer_len;
1336 }
1337
1338 alloclen += rt->dst.trailer_len;
1339 fraglen = datalen + fragheaderlen;
1da177e4
LT		 1340
1341 /*
1342 * We just reserve space for fragment header.
1ab1457c 1343 * Note: this may be overallocation if the message
1da177e4
LT		 1344 * (without MSG_MORE) fits into the MTU.
1345 */
1346 alloclen += sizeof(struct frag_hdr);
1347
1348 if (transhdrlen) {
1349 skb = sock_alloc_send_skb(sk,
1350 alloclen + hh_len,
1351 (flags & MSG_DONTWAIT), &err);
1352 } else {
1353 skb = NULL;
1354 if (atomic_read(&sk->sk_wmem_alloc) <=
1355 2 * sk->sk_sndbuf)
1356 skb = sock_wmalloc(sk,
1357 alloclen + hh_len, 1,
1358 sk->sk_allocation);
1359 if (unlikely(skb == NULL))
1360 err = -ENOBUFS;
a693e698
AB		 1361 else {
1362 /* Only the initial fragment
1363 * is time stamped.
1364 */
1365 tx_flags = 0;
1366 }
1da177e4
LT		 1367 }
1368 if (skb == NULL)
1369 goto error;
1370 /*
1371 * Fill in the control structures
1372 */
d7f7c0ac 1373 skb->ip_summed = CHECKSUM_NONE;
1da177e4 1374 skb->csum = 0;
1f85851e
G		 1375 /* reserve for fragmentation and ipsec header */
1376 skb_reserve(skb, hh_len + sizeof(struct frag_hdr) +
1377 dst_exthdrlen);
1da177e4 1378
a693e698
AB		 1379 if (sk->sk_type == SOCK_DGRAM)
1380 skb_shinfo(skb)->tx_flags = tx_flags;
1381
1da177e4
LT		 1382 /*
1383 * Find where to start putting bytes
1384 */
1f85851e
G		 1385 data = skb_put(skb, fraglen);
1386 skb_set_network_header(skb, exthdrlen);
1387 data += fragheaderlen;
b0e380b1
ACM		 1388 skb->transport_header = (skb->network_header +
1389 fragheaderlen);
1da177e4
LT		 1390 if (fraggap) {
1391 skb->csum = skb_copy_and_csum_bits(
1392 skb_prev, maxfraglen,
1393 data + transhdrlen, fraggap, 0);
1394 skb_prev->csum = csum_sub(skb_prev->csum,
1395 skb->csum);
1396 data += fraggap;
e9fa4f7b 1397 pskb_trim_unique(skb_prev, maxfraglen);
1da177e4
LT		 1398 }
1399 copy = datalen - transhdrlen - fraggap;
299b0767 1400
1da177e4
LT		 1401 if (copy < 0) {
1402 err = -EINVAL;
1403 kfree_skb(skb);
1404 goto error;
1405 } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) {
1406 err = -EFAULT;
1407 kfree_skb(skb);
1408 goto error;
1409 }
1410
1411 offset += copy;
1412 length -= datalen - fraggap;
1413 transhdrlen = 0;
1414 exthdrlen = 0;
299b0767 1415 dst_exthdrlen = 0;
1da177e4
LT		 1416
1417 /*
1418 * Put the packet on the pending queue
1419 */
1420 __skb_queue_tail(&sk->sk_write_queue, skb);
1421 continue;
1422 }
1423
1424 if (copy > length)
1425 copy = length;
1426
d8d1f30b 1427 if (!(rt->dst.dev->features&NETIF_F_SG)) {
1da177e4
LT		 1428 unsigned int off;
1429
1430 off = skb->len;
1431 if (getfrag(from, skb_put(skb, copy),
1432 offset, copy, off, skb) < 0) {
1433 __skb_trim(skb, off);
1434 err = -EFAULT;
1435 goto error;
1436 }
1437 } else {
1438 int i = skb_shinfo(skb)->nr_frags;
5640f768 1439 struct page_frag *pfrag = sk_page_frag(sk);
1da177e4 1440
5640f768
ED		 1441 err = -ENOMEM;
1442 if (!sk_page_frag_refill(sk, pfrag))
1da177e4 1443 goto error;
5640f768
ED		 1444
1445 if (!skb_can_coalesce(skb, i, pfrag->page,
1446 pfrag->offset)) {
1447 err = -EMSGSIZE;
1448 if (i == MAX_SKB_FRAGS)
1449 goto error;
1450
1451 __skb_fill_page_desc(skb, i, pfrag->page,
1452 pfrag->offset, 0);
1453 skb_shinfo(skb)->nr_frags = ++i;
1454 get_page(pfrag->page);
1da177e4 1455 }
5640f768 1456 copy = min_t(int, copy, pfrag->size - pfrag->offset);
9e903e08 1457 if (getfrag(from,
5640f768
ED		 1458 page_address(pfrag->page) + pfrag->offset,
1459 offset, copy, skb->len, skb) < 0)
1460 goto error_efault;
1461
1462 pfrag->offset += copy;
1463 skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
1da177e4
LT		 1464 skb->len += copy;
1465 skb->data_len += copy;
f945fa7a
HX		 1466 skb->truesize += copy;
1467 atomic_add(copy, &sk->sk_wmem_alloc);
1da177e4
LT		 1468 }
1469 offset += copy;
1470 length -= copy;
1471 }
5640f768 1472
1da177e4 1473 return 0;
5640f768
ED		 1474
1475error_efault:
1476 err = -EFAULT;
1da177e4 1477error:
bdc712b4 1478 cork->length -= length;
3bd653c8 1479 IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 1480 return err;
1481}
a495f836 1482EXPORT_SYMBOL_GPL(ip6_append_data);
1da177e4 1483
bf138862
PE		 1484static void ip6_cork_release(struct inet_sock *inet, struct ipv6_pinfo *np)
1485{
0178b695
HX		 1486 if (np->cork.opt) {
1487 kfree(np->cork.opt->dst0opt);
1488 kfree(np->cork.opt->dst1opt);
1489 kfree(np->cork.opt->hopopt);
1490 kfree(np->cork.opt->srcrt);
1491 kfree(np->cork.opt);
1492 np->cork.opt = NULL;
1493 }
1494
bdc712b4
DM		 1495 if (inet->cork.base.dst) {
1496 dst_release(inet->cork.base.dst);
1497 inet->cork.base.dst = NULL;
1498 inet->cork.base.flags &= ~IPCORK_ALLFRAG;
bf138862
PE		 1499 }
1500 memset(&inet->cork.fl, 0, sizeof(inet->cork.fl));
1501}
1502
1da177e4
LT		 1503int ip6_push_pending_frames(struct sock *sk)
1504{
1505 struct sk_buff *skb, *tmp_skb;
1506 struct sk_buff **tail_skb;
1507 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf;
1508 struct inet_sock *inet = inet_sk(sk);
1509 struct ipv6_pinfo *np = inet6_sk(sk);
3bd653c8 1510 struct net *net = sock_net(sk);
1da177e4
LT		 1511 struct ipv6hdr *hdr;
1512 struct ipv6_txoptions *opt = np->cork.opt;
bdc712b4 1513 struct rt6_info *rt = (struct rt6_info *)inet->cork.base.dst;
4c9483b2
DM		 1514 struct flowi6 *fl6 = &inet->cork.fl.u.ip6;
1515 unsigned char proto = fl6->flowi6_proto;
1da177e4
LT		 1516 int err = 0;
1517
1518 if ((skb = __skb_dequeue(&sk->sk_write_queue)) == NULL)
1519 goto out;
1520 tail_skb = &(skb_shinfo(skb)->frag_list);
1521
1522 /* move skb->data to ip header from ext header */
d56f90a7 1523 if (skb->data < skb_network_header(skb))
bbe735e4 1524 __skb_pull(skb, skb_network_offset(skb));
1da177e4 1525 while ((tmp_skb = __skb_dequeue(&sk->sk_write_queue)) != NULL) {
cfe1fc77 1526 __skb_pull(tmp_skb, skb_network_header_len(skb));
1da177e4
LT		 1527 *tail_skb = tmp_skb;
1528 tail_skb = &(tmp_skb->next);
1529 skb->len += tmp_skb->len;
1530 skb->data_len += tmp_skb->len;
1da177e4 1531 skb->truesize += tmp_skb->truesize;
1da177e4
LT		 1532 tmp_skb->destructor = NULL;
1533 tmp_skb->sk = NULL;
1da177e4
LT		 1534 }
1535
28a89453 1536 /* Allow local fragmentation. */
b5c15fc0 1537 if (np->pmtudisc < IPV6_PMTUDISC_DO)
28a89453
HX		 1538 skb->local_df = 1;
1539
4e3fd7a0 1540 *final_dst = fl6->daddr;
cfe1fc77 1541 __skb_pull(skb, skb_network_header_len(skb));
1da177e4
LT		 1542 if (opt && opt->opt_flen)
1543 ipv6_push_frag_opts(skb, opt, &proto);
1544 if (opt && opt->opt_nflen)
1545 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst);
1546
e2d1bca7
ACM		 1547 skb_push(skb, sizeof(struct ipv6hdr));
1548 skb_reset_network_header(skb);
0660e03f 1549 hdr = ipv6_hdr(skb);
1ab1457c 1550
3e4e4c1f 1551 ip6_flow_hdr(hdr, np->cork.tclass, fl6->flowlabel);
1da177e4
LT		 1552 hdr->hop_limit = np->cork.hop_limit;
1553 hdr->nexthdr = proto;
4e3fd7a0
AD		 1554 hdr->saddr = fl6->saddr;
1555 hdr->daddr = *final_dst;
1da177e4 1556
a2c2064f 1557 skb->priority = sk->sk_priority;
4a19ec58 1558 skb->mark = sk->sk_mark;
a2c2064f 1559
d8d1f30b 1560 skb_dst_set(skb, dst_clone(&rt->dst));
edf391ff 1561 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
14878f75 1562 if (proto == IPPROTO_ICMPV6) {
adf30907 1563 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
14878f75 1564
5a57d4c7 1565 ICMP6MSGOUT_INC_STATS_BH(net, idev, icmp6_hdr(skb)->icmp6_type);
e41b5368 1566 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTMSGS);
14878f75
DS		 1567 }
1568
ef76bc23 1569 err = ip6_local_out(skb);
1da177e4
LT		 1570 if (err) {
1571 if (err > 0)
6ce9e7b5 1572 err = net_xmit_errno(err);
1da177e4
LT		 1573 if (err)
1574 goto error;
1575 }
1576
1577out:
bf138862 1578 ip6_cork_release(inet, np);
1da177e4
LT		 1579 return err;
1580error:
06254914 1581 IP6_INC_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 1582 goto out;
1583}
a495f836 1584EXPORT_SYMBOL_GPL(ip6_push_pending_frames);
1da177e4
LT		 1585
1586void ip6_flush_pending_frames(struct sock *sk)
1587{
1da177e4
LT		 1588 struct sk_buff *skb;
1589
1590 while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) {
adf30907
ED		 1591 if (skb_dst(skb))
1592 IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb_dst(skb)),
e1f52208 1593 IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 1594 kfree_skb(skb);
1595 }
1596
bf138862 1597 ip6_cork_release(inet_sk(sk), inet6_sk(sk));
1da177e4 1598}
a495f836 1599EXPORT_SYMBOL_GPL(ip6_flush_pending_frames);
ubuntu-zesty-kernel mirror