]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame_incremental - net/ipv6/ip6_output.c
projects / mirror_ubuntu-zesty-kernel.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Merge tag 'sound-3.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
[mirror_ubuntu-zesty-kernel.git] / net / ipv6 / ip6_output.c
... / ...
CommitLineData
1/*
2 * IPv6 output functions
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * Based on linux/net/ipv4/ip_output.c
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
14 *
15 * Changes:
16 * A.N.Kuznetsov : airthmetics in fragmentation.
17 * extension headers are implemented.
18 * route changes now work.
19 * ip6_forward does not confuse sniffers.
20 * etc.
21 *
22 * H. von Brand : Added missing #include <linux/string.h>
23 * Imran Patel : frag id should be in NBO
24 * Kazunori MIYAZAWA @USAGI
25 * : add ip6_append_data and related functions
26 * for datagram xmit
27 */
28
29#include <linux/errno.h>
30#include <linux/kernel.h>
31#include <linux/string.h>
32#include <linux/socket.h>
33#include <linux/net.h>
34#include <linux/netdevice.h>
35#include <linux/if_arp.h>
36#include <linux/in6.h>
37#include <linux/tcp.h>
38#include <linux/route.h>
39#include <linux/module.h>
40#include <linux/slab.h>
41
42#include <linux/netfilter.h>
43#include <linux/netfilter_ipv6.h>
44
45#include <net/sock.h>
46#include <net/snmp.h>
47
48#include <net/ipv6.h>
49#include <net/ndisc.h>
50#include <net/protocol.h>
51#include <net/ip6_route.h>
52#include <net/addrconf.h>
53#include <net/rawv6.h>
54#include <net/icmp.h>
55#include <net/xfrm.h>
56#include <net/checksum.h>
57#include <linux/mroute6.h>
58
59static int ip6_finish_output2(struct sk_buff *skb)
60{
61 struct dst_entry *dst = skb_dst(skb);
62 struct net_device *dev = dst->dev;
63 struct neighbour *neigh;
64 struct in6_addr *nexthop;
65 int ret;
66
67 skb->protocol = htons(ETH_P_IPV6);
68 skb->dev = dev;
69
70 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
71 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
72
73 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(skb->sk) &&
74 ((mroute6_socket(dev_net(dev), skb) &&
75 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
76 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
77 &ipv6_hdr(skb)->saddr))) {
78 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
79
80 /* Do not check for IFF_ALLMULTI; multicast routing
81 is not supported in any case.
82 */
83 if (newskb)
84 NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING,
85 newskb, NULL, newskb->dev,
86 dev_loopback_xmit);
87
88 if (ipv6_hdr(skb)->hop_limit == 0) {
89 IP6_INC_STATS(dev_net(dev), idev,
90 IPSTATS_MIB_OUTDISCARDS);
91 kfree_skb(skb);
92 return 0;
93 }
94 }
95
96 IP6_UPD_PO_STATS(dev_net(dev), idev, IPSTATS_MIB_OUTMCAST,
97 skb->len);
98
99 if (IPV6_ADDR_MC_SCOPE(&ipv6_hdr(skb)->daddr) <=
100 IPV6_ADDR_SCOPE_NODELOCAL &&
101 !(dev->flags & IFF_LOOPBACK)) {
102 kfree_skb(skb);
103 return 0;
104 }
105 }
106
107 rcu_read_lock_bh();
108 nexthop = rt6_nexthop((struct rt6_info *)dst, &ipv6_hdr(skb)->daddr);
109 neigh = __ipv6_neigh_lookup_noref(dst->dev, nexthop);
110 if (unlikely(!neigh))
111 neigh = __neigh_create(&nd_tbl, nexthop, dst->dev, false);
112 if (!IS_ERR(neigh)) {
113 ret = dst_neigh_output(dst, neigh, skb);
114 rcu_read_unlock_bh();
115 return ret;
116 }
117 rcu_read_unlock_bh();
118
119 IP6_INC_STATS_BH(dev_net(dst->dev),
120 ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
121 kfree_skb(skb);
122 return -EINVAL;
123}
124
125static int ip6_finish_output(struct sk_buff *skb)
126{
127 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
128 dst_allfrag(skb_dst(skb)))
129 return ip6_fragment(skb, ip6_finish_output2);
130 else
131 return ip6_finish_output2(skb);
132}
133
134int ip6_output(struct sk_buff *skb)
135{
136 struct net_device *dev = skb_dst(skb)->dev;
137 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
138 if (unlikely(idev->cnf.disable_ipv6)) {
139 IP6_INC_STATS(dev_net(dev), idev,
140 IPSTATS_MIB_OUTDISCARDS);
141 kfree_skb(skb);
142 return 0;
143 }
144
145 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, NULL, dev,
146 ip6_finish_output,
147 !(IP6CB(skb)->flags & IP6SKB_REROUTED));
148}
149
150/*
151 * xmit an sk_buff (used by TCP, SCTP and DCCP)
152 */
153
154int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
155 struct ipv6_txoptions *opt, int tclass)
156{
157 struct net *net = sock_net(sk);
158 struct ipv6_pinfo *np = inet6_sk(sk);
159 struct in6_addr *first_hop = &fl6->daddr;
160 struct dst_entry *dst = skb_dst(skb);
161 struct ipv6hdr *hdr;
162 u8 proto = fl6->flowi6_proto;
163 int seg_len = skb->len;
164 int hlimit = -1;
165 u32 mtu;
166
167 if (opt) {
168 unsigned int head_room;
169
170 /* First: exthdrs may take lots of space (~8K for now)
171 MAX_HEADER is not enough.
172 */
173 head_room = opt->opt_nflen + opt->opt_flen;
174 seg_len += head_room;
175 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev);
176
177 if (skb_headroom(skb) < head_room) {
178 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room);
179 if (skb2 == NULL) {
180 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
181 IPSTATS_MIB_OUTDISCARDS);
182 kfree_skb(skb);
183 return -ENOBUFS;
184 }
185 consume_skb(skb);
186 skb = skb2;
187 skb_set_owner_w(skb, sk);
188 }
189 if (opt->opt_flen)
190 ipv6_push_frag_opts(skb, opt, &proto);
191 if (opt->opt_nflen)
192 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop);
193 }
194
195 skb_push(skb, sizeof(struct ipv6hdr));
196 skb_reset_network_header(skb);
197 hdr = ipv6_hdr(skb);
198
199 /*
200 * Fill in the IPv6 header
201 */
202 if (np)
203 hlimit = np->hop_limit;
204 if (hlimit < 0)
205 hlimit = ip6_dst_hoplimit(dst);
206
207 ip6_flow_hdr(hdr, tclass, fl6->flowlabel);
208
209 hdr->payload_len = htons(seg_len);
210 hdr->nexthdr = proto;
211 hdr->hop_limit = hlimit;
212
213 hdr->saddr = fl6->saddr;
214 hdr->daddr = *first_hop;
215
216 skb->protocol = htons(ETH_P_IPV6);
217 skb->priority = sk->sk_priority;
218 skb->mark = sk->sk_mark;
219
220 mtu = dst_mtu(dst);
221 if ((skb->len <= mtu) || skb->local_df || skb_is_gso(skb)) {
222 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)),
223 IPSTATS_MIB_OUT, skb->len);
224 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL,
225 dst->dev, dst_output);
226 }
227
228 skb->dev = dst->dev;
229 ipv6_local_error(sk, EMSGSIZE, fl6, mtu);
230 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS);
231 kfree_skb(skb);
232 return -EMSGSIZE;
233}
234
235EXPORT_SYMBOL(ip6_xmit);
236
237static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
238{
239 struct ip6_ra_chain *ra;
240 struct sock *last = NULL;
241
242 read_lock(&ip6_ra_lock);
243 for (ra = ip6_ra_chain; ra; ra = ra->next) {
244 struct sock *sk = ra->sk;
245 if (sk && ra->sel == sel &&
246 (!sk->sk_bound_dev_if ||
247 sk->sk_bound_dev_if == skb->dev->ifindex)) {
248 if (last) {
249 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
250 if (skb2)
251 rawv6_rcv(last, skb2);
252 }
253 last = sk;
254 }
255 }
256
257 if (last) {
258 rawv6_rcv(last, skb);
259 read_unlock(&ip6_ra_lock);
260 return 1;
261 }
262 read_unlock(&ip6_ra_lock);
263 return 0;
264}
265
266static int ip6_forward_proxy_check(struct sk_buff *skb)
267{
268 struct ipv6hdr *hdr = ipv6_hdr(skb);
269 u8 nexthdr = hdr->nexthdr;
270 __be16 frag_off;
271 int offset;
272
273 if (ipv6_ext_hdr(nexthdr)) {
274 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr, &frag_off);
275 if (offset < 0)
276 return 0;
277 } else
278 offset = sizeof(struct ipv6hdr);
279
280 if (nexthdr == IPPROTO_ICMPV6) {
281 struct icmp6hdr *icmp6;
282
283 if (!pskb_may_pull(skb, (skb_network_header(skb) +
284 offset + 1 - skb->data)))
285 return 0;
286
287 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset);
288
289 switch (icmp6->icmp6_type) {
290 case NDISC_ROUTER_SOLICITATION:
291 case NDISC_ROUTER_ADVERTISEMENT:
292 case NDISC_NEIGHBOUR_SOLICITATION:
293 case NDISC_NEIGHBOUR_ADVERTISEMENT:
294 case NDISC_REDIRECT:
295 /* For reaction involving unicast neighbor discovery
296 * message destined to the proxied address, pass it to
297 * input function.
298 */
299 return 1;
300 default:
301 break;
302 }
303 }
304
305 /*
306 * The proxying router can't forward traffic sent to a link-local
307 * address, so signal the sender and discard the packet. This
308 * behavior is clarified by the MIPv6 specification.
309 */
310 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) {
311 dst_link_failure(skb);
312 return -1;
313 }
314
315 return 0;
316}
317
318static inline int ip6_forward_finish(struct sk_buff *skb)
319{
320 return dst_output(skb);
321}
322
323int ip6_forward(struct sk_buff *skb)
324{
325 struct dst_entry *dst = skb_dst(skb);
326 struct ipv6hdr *hdr = ipv6_hdr(skb);
327 struct inet6_skb_parm *opt = IP6CB(skb);
328 struct net *net = dev_net(dst->dev);
329 u32 mtu;
330
331 if (net->ipv6.devconf_all->forwarding == 0)
332 goto error;
333
334 if (skb_warn_if_lro(skb))
335 goto drop;
336
337 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
338 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
339 goto drop;
340 }
341
342 if (skb->pkt_type != PACKET_HOST)
343 goto drop;
344
345 skb_forward_csum(skb);
346
347 /*
348 * We DO NOT make any processing on
349 * RA packets, pushing them to user level AS IS
350 * without ane WARRANTY that application will be able
351 * to interpret them. The reason is that we
352 * cannot make anything clever here.
353 *
354 * We are not end-node, so that if packet contains
355 * AH/ESP, we cannot make anything.
356 * Defragmentation also would be mistake, RA packets
357 * cannot be fragmented, because there is no warranty
358 * that different fragments will go along one path. --ANK
359 */
360 if (unlikely(opt->flags & IP6SKB_ROUTERALERT)) {
361 if (ip6_call_ra_chain(skb, ntohs(opt->ra)))
362 return 0;
363 }
364
365 /*
366 * check and decrement ttl
367 */
368 if (hdr->hop_limit <= 1) {
369 /* Force OUTPUT device used as source address */
370 skb->dev = dst->dev;
371 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0);
372 IP6_INC_STATS_BH(net,
373 ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS);
374
375 kfree_skb(skb);
376 return -ETIMEDOUT;
377 }
378
379 /* XXX: idev->cnf.proxy_ndp? */
380 if (net->ipv6.devconf_all->proxy_ndp &&
381 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
382 int proxied = ip6_forward_proxy_check(skb);
383 if (proxied > 0)
384 return ip6_input(skb);
385 else if (proxied < 0) {
386 IP6_INC_STATS(net, ip6_dst_idev(dst),
387 IPSTATS_MIB_INDISCARDS);
388 goto drop;
389 }
390 }
391
392 if (!xfrm6_route_forward(skb)) {
393 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
394 goto drop;
395 }
396 dst = skb_dst(skb);
397
398 /* IPv6 specs say nothing about it, but it is clear that we cannot
399 send redirects to source routed frames.
400 We don't send redirects to frames decapsulated from IPsec.
401 */
402 if (skb->dev == dst->dev && opt->srcrt == 0 && !skb_sec_path(skb)) {
403 struct in6_addr *target = NULL;
404 struct inet_peer *peer;
405 struct rt6_info *rt;
406
407 /*
408 * incoming and outgoing devices are the same
409 * send a redirect.
410 */
411
412 rt = (struct rt6_info *) dst;
413 if (rt->rt6i_flags & RTF_GATEWAY)
414 target = &rt->rt6i_gateway;
415 else
416 target = &hdr->daddr;
417
418 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
419
420 /* Limit redirects both by destination (here)
421 and by source (inside ndisc_send_redirect)
422 */
423 if (inet_peer_xrlim_allow(peer, 1*HZ))
424 ndisc_send_redirect(skb, target);
425 if (peer)
426 inet_putpeer(peer);
427 } else {
428 int addrtype = ipv6_addr_type(&hdr->saddr);
429
430 /* This check is security critical. */
431 if (addrtype == IPV6_ADDR_ANY ||
432 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
433 goto error;
434 if (addrtype & IPV6_ADDR_LINKLOCAL) {
435 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
436 ICMPV6_NOT_NEIGHBOUR, 0);
437 goto error;
438 }
439 }
440
441 mtu = dst_mtu(dst);
442 if (mtu < IPV6_MIN_MTU)
443 mtu = IPV6_MIN_MTU;
444
445 if ((!skb->local_df && skb->len > mtu && !skb_is_gso(skb)) ||
446 (IP6CB(skb)->frag_max_size && IP6CB(skb)->frag_max_size > mtu)) {
447 /* Again, force OUTPUT device used as source address */
448 skb->dev = dst->dev;
449 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
450 IP6_INC_STATS_BH(net,
451 ip6_dst_idev(dst), IPSTATS_MIB_INTOOBIGERRORS);
452 IP6_INC_STATS_BH(net,
453 ip6_dst_idev(dst), IPSTATS_MIB_FRAGFAILS);
454 kfree_skb(skb);
455 return -EMSGSIZE;
456 }
457
458 if (skb_cow(skb, dst->dev->hard_header_len)) {
459 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTDISCARDS);
460 goto drop;
461 }
462
463 hdr = ipv6_hdr(skb);
464
465 /* Mangling hops number delayed to point after skb COW */
466
467 hdr->hop_limit--;
468
469 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
470 IP6_ADD_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len);
471 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, skb, skb->dev, dst->dev,
472 ip6_forward_finish);
473
474error:
475 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS);
476drop:
477 kfree_skb(skb);
478 return -EINVAL;
479}
480
481static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
482{
483 to->pkt_type = from->pkt_type;
484 to->priority = from->priority;
485 to->protocol = from->protocol;
486 skb_dst_drop(to);
487 skb_dst_set(to, dst_clone(skb_dst(from)));
488 to->dev = from->dev;
489 to->mark = from->mark;
490
491#ifdef CONFIG_NET_SCHED
492 to->tc_index = from->tc_index;
493#endif
494 nf_copy(to, from);
495#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
496 to->nf_trace = from->nf_trace;
497#endif
498 skb_copy_secmark(to, from);
499}
500
501int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
502{
503 struct sk_buff *frag;
504 struct rt6_info *rt = (struct rt6_info*)skb_dst(skb);
505 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
506 struct ipv6hdr *tmp_hdr;
507 struct frag_hdr *fh;
508 unsigned int mtu, hlen, left, len;
509 int hroom, troom;
510 __be32 frag_id = 0;
511 int ptr, offset = 0, err=0;
512 u8 *prevhdr, nexthdr = 0;
513 struct net *net = dev_net(skb_dst(skb)->dev);
514
515 hlen = ip6_find_1stfragopt(skb, &prevhdr);
516 nexthdr = *prevhdr;
517
518 mtu = ip6_skb_dst_mtu(skb);
519
520 /* We must not fragment if the socket is set to force MTU discovery
521 * or if the skb it not generated by a local socket.
522 */
523 if (unlikely(!skb->local_df && skb->len > mtu) ||
524 (IP6CB(skb)->frag_max_size &&
525 IP6CB(skb)->frag_max_size > mtu)) {
526 if (skb->sk && dst_allfrag(skb_dst(skb)))
527 sk_nocaps_add(skb->sk, NETIF_F_GSO_MASK);
528
529 skb->dev = skb_dst(skb)->dev;
530 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
531 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
532 IPSTATS_MIB_FRAGFAILS);
533 kfree_skb(skb);
534 return -EMSGSIZE;
535 }
536
537 if (np && np->frag_size < mtu) {
538 if (np->frag_size)
539 mtu = np->frag_size;
540 }
541 mtu -= hlen + sizeof(struct frag_hdr);
542
543 if (skb_has_frag_list(skb)) {
544 int first_len = skb_pagelen(skb);
545 struct sk_buff *frag2;
546
547 if (first_len - hlen > mtu ||
548 ((first_len - hlen) & 7) ||
549 skb_cloned(skb))
550 goto slow_path;
551
552 skb_walk_frags(skb, frag) {
553 /* Correct geometry. */
554 if (frag->len > mtu ||
555 ((frag->len & 7) && frag->next) ||
556 skb_headroom(frag) < hlen)
557 goto slow_path_clean;
558
559 /* Partially cloned skb? */
560 if (skb_shared(frag))
561 goto slow_path_clean;
562
563 BUG_ON(frag->sk);
564 if (skb->sk) {
565 frag->sk = skb->sk;
566 frag->destructor = sock_wfree;
567 }
568 skb->truesize -= frag->truesize;
569 }
570
571 err = 0;
572 offset = 0;
573 frag = skb_shinfo(skb)->frag_list;
574 skb_frag_list_init(skb);
575 /* BUILD HEADER */
576
577 *prevhdr = NEXTHDR_FRAGMENT;
578 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
579 if (!tmp_hdr) {
580 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
581 IPSTATS_MIB_FRAGFAILS);
582 return -ENOMEM;
583 }
584
585 __skb_pull(skb, hlen);
586 fh = (struct frag_hdr*)__skb_push(skb, sizeof(struct frag_hdr));
587 __skb_push(skb, hlen);
588 skb_reset_network_header(skb);
589 memcpy(skb_network_header(skb), tmp_hdr, hlen);
590
591 ipv6_select_ident(fh, rt);
592 fh->nexthdr = nexthdr;
593 fh->reserved = 0;
594 fh->frag_off = htons(IP6_MF);
595 frag_id = fh->identification;
596
597 first_len = skb_pagelen(skb);
598 skb->data_len = first_len - skb_headlen(skb);
599 skb->len = first_len;
600 ipv6_hdr(skb)->payload_len = htons(first_len -
601 sizeof(struct ipv6hdr));
602
603 dst_hold(&rt->dst);
604
605 for (;;) {
606 /* Prepare header of the next frame,
607 * before previous one went down. */
608 if (frag) {
609 frag->ip_summed = CHECKSUM_NONE;
610 skb_reset_transport_header(frag);
611 fh = (struct frag_hdr*)__skb_push(frag, sizeof(struct frag_hdr));
612 __skb_push(frag, hlen);
613 skb_reset_network_header(frag);
614 memcpy(skb_network_header(frag), tmp_hdr,
615 hlen);
616 offset += skb->len - hlen - sizeof(struct frag_hdr);
617 fh->nexthdr = nexthdr;
618 fh->reserved = 0;
619 fh->frag_off = htons(offset);
620 if (frag->next != NULL)
621 fh->frag_off |= htons(IP6_MF);
622 fh->identification = frag_id;
623 ipv6_hdr(frag)->payload_len =
624 htons(frag->len -
625 sizeof(struct ipv6hdr));
626 ip6_copy_metadata(frag, skb);
627 }
628
629 err = output(skb);
630 if(!err)
631 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
632 IPSTATS_MIB_FRAGCREATES);
633
634 if (err || !frag)
635 break;
636
637 skb = frag;
638 frag = skb->next;
639 skb->next = NULL;
640 }
641
642 kfree(tmp_hdr);
643
644 if (err == 0) {
645 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
646 IPSTATS_MIB_FRAGOKS);
647 ip6_rt_put(rt);
648 return 0;
649 }
650
651 while (frag) {
652 skb = frag->next;
653 kfree_skb(frag);
654 frag = skb;
655 }
656
657 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
658 IPSTATS_MIB_FRAGFAILS);
659 ip6_rt_put(rt);
660 return err;
661
662slow_path_clean:
663 skb_walk_frags(skb, frag2) {
664 if (frag2 == frag)
665 break;
666 frag2->sk = NULL;
667 frag2->destructor = NULL;
668 skb->truesize += frag2->truesize;
669 }
670 }
671
672slow_path:
673 if ((skb->ip_summed == CHECKSUM_PARTIAL) &&
674 skb_checksum_help(skb))
675 goto fail;
676
677 left = skb->len - hlen; /* Space per frame */
678 ptr = hlen; /* Where to start from */
679
680 /*
681 * Fragment the datagram.
682 */
683
684 *prevhdr = NEXTHDR_FRAGMENT;
685 hroom = LL_RESERVED_SPACE(rt->dst.dev);
686 troom = rt->dst.dev->needed_tailroom;
687
688 /*
689 * Keep copying data until we run out.
690 */
691 while(left > 0) {
692 len = left;
693 /* IF: it doesn't fit, use 'mtu' - the data space left */
694 if (len > mtu)
695 len = mtu;
696 /* IF: we are not sending up to and including the packet end
697 then align the next start on an eight byte boundary */
698 if (len < left) {
699 len &= ~7;
700 }
701 /*
702 * Allocate buffer.
703 */
704
705 if ((frag = alloc_skb(len + hlen + sizeof(struct frag_hdr) +
706 hroom + troom, GFP_ATOMIC)) == NULL) {
707 NETDEBUG(KERN_INFO "IPv6: frag: no memory for new fragment!\n");
708 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
709 IPSTATS_MIB_FRAGFAILS);
710 err = -ENOMEM;
711 goto fail;
712 }
713
714 /*
715 * Set up data on packet
716 */
717
718 ip6_copy_metadata(frag, skb);
719 skb_reserve(frag, hroom);
720 skb_put(frag, len + hlen + sizeof(struct frag_hdr));
721 skb_reset_network_header(frag);
722 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen);
723 frag->transport_header = (frag->network_header + hlen +
724 sizeof(struct frag_hdr));
725
726 /*
727 * Charge the memory for the fragment to any owner
728 * it might possess
729 */
730 if (skb->sk)
731 skb_set_owner_w(frag, skb->sk);
732
733 /*
734 * Copy the packet header into the new buffer.
735 */
736 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen);
737
738 /*
739 * Build fragment header.
740 */
741 fh->nexthdr = nexthdr;
742 fh->reserved = 0;
743 if (!frag_id) {
744 ipv6_select_ident(fh, rt);
745 frag_id = fh->identification;
746 } else
747 fh->identification = frag_id;
748
749 /*
750 * Copy a block of the IP datagram.
751 */
752 if (skb_copy_bits(skb, ptr, skb_transport_header(frag), len))
753 BUG();
754 left -= len;
755
756 fh->frag_off = htons(offset);
757 if (left > 0)
758 fh->frag_off |= htons(IP6_MF);
759 ipv6_hdr(frag)->payload_len = htons(frag->len -
760 sizeof(struct ipv6hdr));
761
762 ptr += len;
763 offset += len;
764
765 /*
766 * Put this fragment into the sending queue.
767 */
768 err = output(frag);
769 if (err)
770 goto fail;
771
772 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
773 IPSTATS_MIB_FRAGCREATES);
774 }
775 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
776 IPSTATS_MIB_FRAGOKS);
777 consume_skb(skb);
778 return err;
779
780fail:
781 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
782 IPSTATS_MIB_FRAGFAILS);
783 kfree_skb(skb);
784 return err;
785}
786
787static inline int ip6_rt_check(const struct rt6key *rt_key,
788 const struct in6_addr *fl_addr,
789 const struct in6_addr *addr_cache)
790{
791 return (rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) &&
792 (addr_cache == NULL || !ipv6_addr_equal(fl_addr, addr_cache));
793}
794
795static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
796 struct dst_entry *dst,
797 const struct flowi6 *fl6)
798{
799 struct ipv6_pinfo *np = inet6_sk(sk);
800 struct rt6_info *rt;
801
802 if (!dst)
803 goto out;
804
805 if (dst->ops->family != AF_INET6) {
806 dst_release(dst);
807 return NULL;
808 }
809
810 rt = (struct rt6_info *)dst;
811 /* Yes, checking route validity in not connected
812 * case is not very simple. Take into account,
813 * that we do not support routing by source, TOS,
814 * and MSG_DONTROUTE --ANK (980726)
815 *
816 * 1. ip6_rt_check(): If route was host route,
817 * check that cached destination is current.
818 * If it is network route, we still may
819 * check its validity using saved pointer
820 * to the last used address: daddr_cache.
821 * We do not want to save whole address now,
822 * (because main consumer of this service
823 * is tcp, which has not this problem),
824 * so that the last trick works only on connected
825 * sockets.
826 * 2. oif also should be the same.
827 */
828 if (ip6_rt_check(&rt->rt6i_dst, &fl6->daddr, np->daddr_cache) ||
829#ifdef CONFIG_IPV6_SUBTREES
830 ip6_rt_check(&rt->rt6i_src, &fl6->saddr, np->saddr_cache) ||
831#endif
832 (fl6->flowi6_oif && fl6->flowi6_oif != dst->dev->ifindex)) {
833 dst_release(dst);
834 dst = NULL;
835 }
836
837out:
838 return dst;
839}
840
841static int ip6_dst_lookup_tail(struct sock *sk,
842 struct dst_entry **dst, struct flowi6 *fl6)
843{
844 struct net *net = sock_net(sk);
845#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
846 struct neighbour *n;
847 struct rt6_info *rt;
848#endif
849 int err;
850
851 if (*dst == NULL)
852 *dst = ip6_route_output(net, sk, fl6);
853
854 if ((err = (*dst)->error))
855 goto out_err_release;
856
857 if (ipv6_addr_any(&fl6->saddr)) {
858 struct rt6_info *rt = (struct rt6_info *) *dst;
859 err = ip6_route_get_saddr(net, rt, &fl6->daddr,
860 sk ? inet6_sk(sk)->srcprefs : 0,
861 &fl6->saddr);
862 if (err)
863 goto out_err_release;
864 }
865
866#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
867 /*
868 * Here if the dst entry we've looked up
869 * has a neighbour entry that is in the INCOMPLETE
870 * state and the src address from the flow is
871 * marked as OPTIMISTIC, we release the found
872 * dst entry and replace it instead with the
873 * dst entry of the nexthop router
874 */
875 rt = (struct rt6_info *) *dst;
876 rcu_read_lock_bh();
877 n = __ipv6_neigh_lookup_noref(rt->dst.dev, rt6_nexthop(rt, &fl6->daddr));
878 err = n && !(n->nud_state & NUD_VALID) ? -EINVAL : 0;
879 rcu_read_unlock_bh();
880
881 if (err) {
882 struct inet6_ifaddr *ifp;
883 struct flowi6 fl_gw6;
884 int redirect;
885
886 ifp = ipv6_get_ifaddr(net, &fl6->saddr,
887 (*dst)->dev, 1);
888
889 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
890 if (ifp)
891 in6_ifa_put(ifp);
892
893 if (redirect) {
894 /*
895 * We need to get the dst entry for the
896 * default router instead
897 */
898 dst_release(*dst);
899 memcpy(&fl_gw6, fl6, sizeof(struct flowi6));
900 memset(&fl_gw6.daddr, 0, sizeof(struct in6_addr));
901 *dst = ip6_route_output(net, sk, &fl_gw6);
902 if ((err = (*dst)->error))
903 goto out_err_release;
904 }
905 }
906#endif
907
908 return 0;
909
910out_err_release:
911 if (err == -ENETUNREACH)
912 IP6_INC_STATS_BH(net, NULL, IPSTATS_MIB_OUTNOROUTES);
913 dst_release(*dst);
914 *dst = NULL;
915 return err;
916}
917
918/**
919 * ip6_dst_lookup - perform route lookup on flow
920 * @sk: socket which provides route info
921 * @dst: pointer to dst_entry * for result
922 * @fl6: flow to lookup
923 *
924 * This function performs a route lookup on the given flow.
925 *
926 * It returns zero on success, or a standard errno code on error.
927 */
928int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi6 *fl6)
929{
930 *dst = NULL;
931 return ip6_dst_lookup_tail(sk, dst, fl6);
932}
933EXPORT_SYMBOL_GPL(ip6_dst_lookup);
934
935/**
936 * ip6_dst_lookup_flow - perform route lookup on flow with ipsec
937 * @sk: socket which provides route info
938 * @fl6: flow to lookup
939 * @final_dst: final destination address for ipsec lookup
940 * @can_sleep: we are in a sleepable context
941 *
942 * This function performs a route lookup on the given flow.
943 *
944 * It returns a valid dst pointer on success, or a pointer encoded
945 * error code.
946 */
947struct dst_entry *ip6_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
948 const struct in6_addr *final_dst,
949 bool can_sleep)
950{
951 struct dst_entry *dst = NULL;
952 int err;
953
954 err = ip6_dst_lookup_tail(sk, &dst, fl6);
955 if (err)
956 return ERR_PTR(err);
957 if (final_dst)
958 fl6->daddr = *final_dst;
959 if (can_sleep)
960 fl6->flowi6_flags |= FLOWI_FLAG_CAN_SLEEP;
961
962 return xfrm_lookup(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
963}
964EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow);
965
966/**
967 * ip6_sk_dst_lookup_flow - perform socket cached route lookup on flow
968 * @sk: socket which provides the dst cache and route info
969 * @fl6: flow to lookup
970 * @final_dst: final destination address for ipsec lookup
971 * @can_sleep: we are in a sleepable context
972 *
973 * This function performs a route lookup on the given flow with the
974 * possibility of using the cached route in the socket if it is valid.
975 * It will take the socket dst lock when operating on the dst cache.
976 * As a result, this function can only be used in process context.
977 *
978 * It returns a valid dst pointer on success, or a pointer encoded
979 * error code.
980 */
981struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
982 const struct in6_addr *final_dst,
983 bool can_sleep)
984{
985 struct dst_entry *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
986 int err;
987
988 dst = ip6_sk_dst_check(sk, dst, fl6);
989
990 err = ip6_dst_lookup_tail(sk, &dst, fl6);
991 if (err)
992 return ERR_PTR(err);
993 if (final_dst)
994 fl6->daddr = *final_dst;
995 if (can_sleep)
996 fl6->flowi6_flags |= FLOWI_FLAG_CAN_SLEEP;
997
998 return xfrm_lookup(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
999}
1000EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow);
1001
1002static inline int ip6_ufo_append_data(struct sock *sk,
1003 int getfrag(void *from, char *to, int offset, int len,
1004 int odd, struct sk_buff *skb),
1005 void *from, int length, int hh_len, int fragheaderlen,
1006 int transhdrlen, int mtu,unsigned int flags,
1007 struct rt6_info *rt)
1008
1009{
1010 struct sk_buff *skb;
1011 int err;
1012
1013 /* There is support for UDP large send offload by network
1014 * device, so create one single skb packet containing complete
1015 * udp datagram
1016 */
1017 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) {
1018 skb = sock_alloc_send_skb(sk,
1019 hh_len + fragheaderlen + transhdrlen + 20,
1020 (flags & MSG_DONTWAIT), &err);
1021 if (skb == NULL)
1022 return err;
1023
1024 /* reserve space for Hardware header */
1025 skb_reserve(skb, hh_len);
1026
1027 /* create space for UDP/IP header */
1028 skb_put(skb,fragheaderlen + transhdrlen);
1029
1030 /* initialize network header pointer */
1031 skb_reset_network_header(skb);
1032
1033 /* initialize protocol header pointer */
1034 skb->transport_header = skb->network_header + fragheaderlen;
1035
1036 skb->protocol = htons(ETH_P_IPV6);
1037 skb->ip_summed = CHECKSUM_PARTIAL;
1038 skb->csum = 0;
1039 }
1040
1041 err = skb_append_datato_frags(sk,skb, getfrag, from,
1042 (length - transhdrlen));
1043 if (!err) {
1044 struct frag_hdr fhdr;
1045
1046 /* Specify the length of each IPv6 datagram fragment.
1047 * It has to be a multiple of 8.
1048 */
1049 skb_shinfo(skb)->gso_size = (mtu - fragheaderlen -
1050 sizeof(struct frag_hdr)) & ~7;
1051 skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
1052 ipv6_select_ident(&fhdr, rt);
1053 skb_shinfo(skb)->ip6_frag_id = fhdr.identification;
1054 __skb_queue_tail(&sk->sk_write_queue, skb);
1055
1056 return 0;
1057 }
1058 /* There is not enough support do UPD LSO,
1059 * so follow normal path
1060 */
1061 kfree_skb(skb);
1062
1063 return err;
1064}
1065
1066static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src,
1067 gfp_t gfp)
1068{
1069 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1070}
1071
1072static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src,
1073 gfp_t gfp)
1074{
1075 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1076}
1077
1078static void ip6_append_data_mtu(unsigned int *mtu,
1079 int *maxfraglen,
1080 unsigned int fragheaderlen,
1081 struct sk_buff *skb,
1082 struct rt6_info *rt,
1083 bool pmtuprobe)
1084{
1085 if (!(rt->dst.flags & DST_XFRM_TUNNEL)) {
1086 if (skb == NULL) {
1087 /* first fragment, reserve header_len */
1088 *mtu = *mtu - rt->dst.header_len;
1089
1090 } else {
1091 /*
1092 * this fragment is not first, the headers
1093 * space is regarded as data space.
1094 */
1095 *mtu = min(*mtu, pmtuprobe ?
1096 rt->dst.dev->mtu :
1097 dst_mtu(rt->dst.path));
1098 }
1099 *maxfraglen = ((*mtu - fragheaderlen) & ~7)
1100 + fragheaderlen - sizeof(struct frag_hdr);
1101 }
1102}
1103
1104int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
1105 int offset, int len, int odd, struct sk_buff *skb),
1106 void *from, int length, int transhdrlen,
1107 int hlimit, int tclass, struct ipv6_txoptions *opt, struct flowi6 *fl6,
1108 struct rt6_info *rt, unsigned int flags, int dontfrag)
1109{
1110 struct inet_sock *inet = inet_sk(sk);
1111 struct ipv6_pinfo *np = inet6_sk(sk);
1112 struct inet_cork *cork;
1113 struct sk_buff *skb, *skb_prev = NULL;
1114 unsigned int maxfraglen, fragheaderlen, mtu;
1115 int exthdrlen;
1116 int dst_exthdrlen;
1117 int hh_len;
1118 int copy;
1119 int err;
1120 int offset = 0;
1121 __u8 tx_flags = 0;
1122
1123 if (flags&MSG_PROBE)
1124 return 0;
1125 cork = &inet->cork.base;
1126 if (skb_queue_empty(&sk->sk_write_queue)) {
1127 /*
1128 * setup for corking
1129 */
1130 if (opt) {
1131 if (WARN_ON(np->cork.opt))
1132 return -EINVAL;
1133
1134 np->cork.opt = kzalloc(opt->tot_len, sk->sk_allocation);
1135 if (unlikely(np->cork.opt == NULL))
1136 return -ENOBUFS;
1137
1138 np->cork.opt->tot_len = opt->tot_len;
1139 np->cork.opt->opt_flen = opt->opt_flen;
1140 np->cork.opt->opt_nflen = opt->opt_nflen;
1141
1142 np->cork.opt->dst0opt = ip6_opt_dup(opt->dst0opt,
1143 sk->sk_allocation);
1144 if (opt->dst0opt && !np->cork.opt->dst0opt)
1145 return -ENOBUFS;
1146
1147 np->cork.opt->dst1opt = ip6_opt_dup(opt->dst1opt,
1148 sk->sk_allocation);
1149 if (opt->dst1opt && !np->cork.opt->dst1opt)
1150 return -ENOBUFS;
1151
1152 np->cork.opt->hopopt = ip6_opt_dup(opt->hopopt,
1153 sk->sk_allocation);
1154 if (opt->hopopt && !np->cork.opt->hopopt)
1155 return -ENOBUFS;
1156
1157 np->cork.opt->srcrt = ip6_rthdr_dup(opt->srcrt,
1158 sk->sk_allocation);
1159 if (opt->srcrt && !np->cork.opt->srcrt)
1160 return -ENOBUFS;
1161
1162 /* need source address above miyazawa*/
1163 }
1164 dst_hold(&rt->dst);
1165 cork->dst = &rt->dst;
1166 inet->cork.fl.u.ip6 = *fl6;
1167 np->cork.hop_limit = hlimit;
1168 np->cork.tclass = tclass;
1169 if (rt->dst.flags & DST_XFRM_TUNNEL)
1170 mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ?
1171 rt->dst.dev->mtu : dst_mtu(&rt->dst);
1172 else
1173 mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ?
1174 rt->dst.dev->mtu : dst_mtu(rt->dst.path);
1175 if (np->frag_size < mtu) {
1176 if (np->frag_size)
1177 mtu = np->frag_size;
1178 }
1179 cork->fragsize = mtu;
1180 if (dst_allfrag(rt->dst.path))
1181 cork->flags |= IPCORK_ALLFRAG;
1182 cork->length = 0;
1183 exthdrlen = (opt ? opt->opt_flen : 0);
1184 length += exthdrlen;
1185 transhdrlen += exthdrlen;
1186 dst_exthdrlen = rt->dst.header_len - rt->rt6i_nfheader_len;
1187 } else {
1188 rt = (struct rt6_info *)cork->dst;
1189 fl6 = &inet->cork.fl.u.ip6;
1190 opt = np->cork.opt;
1191 transhdrlen = 0;
1192 exthdrlen = 0;
1193 dst_exthdrlen = 0;
1194 mtu = cork->fragsize;
1195 }
1196
1197 hh_len = LL_RESERVED_SPACE(rt->dst.dev);
1198
1199 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len +
1200 (opt ? opt->opt_nflen : 0);
1201 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr);
1202
1203 if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) {
1204 if (cork->length + length > sizeof(struct ipv6hdr) + IPV6_MAXPLEN - fragheaderlen) {
1205 ipv6_local_error(sk, EMSGSIZE, fl6, mtu-exthdrlen);
1206 return -EMSGSIZE;
1207 }
1208 }
1209
1210 /* For UDP, check if TX timestamp is enabled */
1211 if (sk->sk_type == SOCK_DGRAM)
1212 sock_tx_timestamp(sk, &tx_flags);
1213
1214 /*
1215 * Let's try using as much space as possible.
1216 * Use MTU if total length of the message fits into the MTU.
1217 * Otherwise, we need to reserve fragment header and
1218 * fragment alignment (= 8-15 octects, in total).
1219 *
1220 * Note that we may need to "move" the data from the tail of
1221 * of the buffer to the new fragment when we split
1222 * the message.
1223 *
1224 * FIXME: It may be fragmented into multiple chunks
1225 * at once if non-fragmentable extension headers
1226 * are too large.
1227 * --yoshfuji
1228 */
1229
1230 cork->length += length;
1231 if (length > mtu) {
1232 int proto = sk->sk_protocol;
1233 if (dontfrag && (proto == IPPROTO_UDP || proto == IPPROTO_RAW)){
1234 ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen);
1235 return -EMSGSIZE;
1236 }
1237
1238 if (proto == IPPROTO_UDP &&
1239 (rt->dst.dev->features & NETIF_F_UFO)) {
1240
1241 err = ip6_ufo_append_data(sk, getfrag, from, length,
1242 hh_len, fragheaderlen,
1243 transhdrlen, mtu, flags, rt);
1244 if (err)
1245 goto error;
1246 return 0;
1247 }
1248 }
1249
1250 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL)
1251 goto alloc_new_skb;
1252
1253 while (length > 0) {
1254 /* Check if the remaining data fits into current packet. */
1255 copy = (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len;
1256 if (copy < length)
1257 copy = maxfraglen - skb->len;
1258
1259 if (copy <= 0) {
1260 char *data;
1261 unsigned int datalen;
1262 unsigned int fraglen;
1263 unsigned int fraggap;
1264 unsigned int alloclen;
1265alloc_new_skb:
1266 /* There's no room in the current skb */
1267 if (skb)
1268 fraggap = skb->len - maxfraglen;
1269 else
1270 fraggap = 0;
1271 /* update mtu and maxfraglen if necessary */
1272 if (skb == NULL || skb_prev == NULL)
1273 ip6_append_data_mtu(&mtu, &maxfraglen,
1274 fragheaderlen, skb, rt,
1275 np->pmtudisc ==
1276 IPV6_PMTUDISC_PROBE);
1277
1278 skb_prev = skb;
1279
1280 /*
1281 * If remaining data exceeds the mtu,
1282 * we know we need more fragment(s).
1283 */
1284 datalen = length + fraggap;
1285
1286 if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)
1287 datalen = maxfraglen - fragheaderlen - rt->dst.trailer_len;
1288 if ((flags & MSG_MORE) &&
1289 !(rt->dst.dev->features&NETIF_F_SG))
1290 alloclen = mtu;
1291 else
1292 alloclen = datalen + fragheaderlen;
1293
1294 alloclen += dst_exthdrlen;
1295
1296 if (datalen != length + fraggap) {
1297 /*
1298 * this is not the last fragment, the trailer
1299 * space is regarded as data space.
1300 */
1301 datalen += rt->dst.trailer_len;
1302 }
1303
1304 alloclen += rt->dst.trailer_len;
1305 fraglen = datalen + fragheaderlen;
1306
1307 /*
1308 * We just reserve space for fragment header.
1309 * Note: this may be overallocation if the message
1310 * (without MSG_MORE) fits into the MTU.
1311 */
1312 alloclen += sizeof(struct frag_hdr);
1313
1314 if (transhdrlen) {
1315 skb = sock_alloc_send_skb(sk,
1316 alloclen + hh_len,
1317 (flags & MSG_DONTWAIT), &err);
1318 } else {
1319 skb = NULL;
1320 if (atomic_read(&sk->sk_wmem_alloc) <=
1321 2 * sk->sk_sndbuf)
1322 skb = sock_wmalloc(sk,
1323 alloclen + hh_len, 1,
1324 sk->sk_allocation);
1325 if (unlikely(skb == NULL))
1326 err = -ENOBUFS;
1327 else {
1328 /* Only the initial fragment
1329 * is time stamped.
1330 */
1331 tx_flags = 0;
1332 }
1333 }
1334 if (skb == NULL)
1335 goto error;
1336 /*
1337 * Fill in the control structures
1338 */
1339 skb->protocol = htons(ETH_P_IPV6);
1340 skb->ip_summed = CHECKSUM_NONE;
1341 skb->csum = 0;
1342 /* reserve for fragmentation and ipsec header */
1343 skb_reserve(skb, hh_len + sizeof(struct frag_hdr) +
1344 dst_exthdrlen);
1345
1346 if (sk->sk_type == SOCK_DGRAM)
1347 skb_shinfo(skb)->tx_flags = tx_flags;
1348
1349 /*
1350 * Find where to start putting bytes
1351 */
1352 data = skb_put(skb, fraglen);
1353 skb_set_network_header(skb, exthdrlen);
1354 data += fragheaderlen;
1355 skb->transport_header = (skb->network_header +
1356 fragheaderlen);
1357 if (fraggap) {
1358 skb->csum = skb_copy_and_csum_bits(
1359 skb_prev, maxfraglen,
1360 data + transhdrlen, fraggap, 0);
1361 skb_prev->csum = csum_sub(skb_prev->csum,
1362 skb->csum);
1363 data += fraggap;
1364 pskb_trim_unique(skb_prev, maxfraglen);
1365 }
1366 copy = datalen - transhdrlen - fraggap;
1367
1368 if (copy < 0) {
1369 err = -EINVAL;
1370 kfree_skb(skb);
1371 goto error;
1372 } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) {
1373 err = -EFAULT;
1374 kfree_skb(skb);
1375 goto error;
1376 }
1377
1378 offset += copy;
1379 length -= datalen - fraggap;
1380 transhdrlen = 0;
1381 exthdrlen = 0;
1382 dst_exthdrlen = 0;
1383
1384 /*
1385 * Put the packet on the pending queue
1386 */
1387 __skb_queue_tail(&sk->sk_write_queue, skb);
1388 continue;
1389 }
1390
1391 if (copy > length)
1392 copy = length;
1393
1394 if (!(rt->dst.dev->features&NETIF_F_SG)) {
1395 unsigned int off;
1396
1397 off = skb->len;
1398 if (getfrag(from, skb_put(skb, copy),
1399 offset, copy, off, skb) < 0) {
1400 __skb_trim(skb, off);
1401 err = -EFAULT;
1402 goto error;
1403 }
1404 } else {
1405 int i = skb_shinfo(skb)->nr_frags;
1406 struct page_frag *pfrag = sk_page_frag(sk);
1407
1408 err = -ENOMEM;
1409 if (!sk_page_frag_refill(sk, pfrag))
1410 goto error;
1411
1412 if (!skb_can_coalesce(skb, i, pfrag->page,
1413 pfrag->offset)) {
1414 err = -EMSGSIZE;
1415 if (i == MAX_SKB_FRAGS)
1416 goto error;
1417
1418 __skb_fill_page_desc(skb, i, pfrag->page,
1419 pfrag->offset, 0);
1420 skb_shinfo(skb)->nr_frags = ++i;
1421 get_page(pfrag->page);
1422 }
1423 copy = min_t(int, copy, pfrag->size - pfrag->offset);
1424 if (getfrag(from,
1425 page_address(pfrag->page) + pfrag->offset,
1426 offset, copy, skb->len, skb) < 0)
1427 goto error_efault;
1428
1429 pfrag->offset += copy;
1430 skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
1431 skb->len += copy;
1432 skb->data_len += copy;
1433 skb->truesize += copy;
1434 atomic_add(copy, &sk->sk_wmem_alloc);
1435 }
1436 offset += copy;
1437 length -= copy;
1438 }
1439
1440 return 0;
1441
1442error_efault:
1443 err = -EFAULT;
1444error:
1445 cork->length -= length;
1446 IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1447 return err;
1448}
1449EXPORT_SYMBOL_GPL(ip6_append_data);
1450
1451static void ip6_cork_release(struct inet_sock *inet, struct ipv6_pinfo *np)
1452{
1453 if (np->cork.opt) {
1454 kfree(np->cork.opt->dst0opt);
1455 kfree(np->cork.opt->dst1opt);
1456 kfree(np->cork.opt->hopopt);
1457 kfree(np->cork.opt->srcrt);
1458 kfree(np->cork.opt);
1459 np->cork.opt = NULL;
1460 }
1461
1462 if (inet->cork.base.dst) {
1463 dst_release(inet->cork.base.dst);
1464 inet->cork.base.dst = NULL;
1465 inet->cork.base.flags &= ~IPCORK_ALLFRAG;
1466 }
1467 memset(&inet->cork.fl, 0, sizeof(inet->cork.fl));
1468}
1469
1470int ip6_push_pending_frames(struct sock *sk)
1471{
1472 struct sk_buff *skb, *tmp_skb;
1473 struct sk_buff **tail_skb;
1474 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf;
1475 struct inet_sock *inet = inet_sk(sk);
1476 struct ipv6_pinfo *np = inet6_sk(sk);
1477 struct net *net = sock_net(sk);
1478 struct ipv6hdr *hdr;
1479 struct ipv6_txoptions *opt = np->cork.opt;
1480 struct rt6_info *rt = (struct rt6_info *)inet->cork.base.dst;
1481 struct flowi6 *fl6 = &inet->cork.fl.u.ip6;
1482 unsigned char proto = fl6->flowi6_proto;
1483 int err = 0;
1484
1485 if ((skb = __skb_dequeue(&sk->sk_write_queue)) == NULL)
1486 goto out;
1487 tail_skb = &(skb_shinfo(skb)->frag_list);
1488
1489 /* move skb->data to ip header from ext header */
1490 if (skb->data < skb_network_header(skb))
1491 __skb_pull(skb, skb_network_offset(skb));
1492 while ((tmp_skb = __skb_dequeue(&sk->sk_write_queue)) != NULL) {
1493 __skb_pull(tmp_skb, skb_network_header_len(skb));
1494 *tail_skb = tmp_skb;
1495 tail_skb = &(tmp_skb->next);
1496 skb->len += tmp_skb->len;
1497 skb->data_len += tmp_skb->len;
1498 skb->truesize += tmp_skb->truesize;
1499 tmp_skb->destructor = NULL;
1500 tmp_skb->sk = NULL;
1501 }
1502
1503 /* Allow local fragmentation. */
1504 if (np->pmtudisc < IPV6_PMTUDISC_DO)
1505 skb->local_df = 1;
1506
1507 *final_dst = fl6->daddr;
1508 __skb_pull(skb, skb_network_header_len(skb));
1509 if (opt && opt->opt_flen)
1510 ipv6_push_frag_opts(skb, opt, &proto);
1511 if (opt && opt->opt_nflen)
1512 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst);
1513
1514 skb_push(skb, sizeof(struct ipv6hdr));
1515 skb_reset_network_header(skb);
1516 hdr = ipv6_hdr(skb);
1517
1518 ip6_flow_hdr(hdr, np->cork.tclass, fl6->flowlabel);
1519 hdr->hop_limit = np->cork.hop_limit;
1520 hdr->nexthdr = proto;
1521 hdr->saddr = fl6->saddr;
1522 hdr->daddr = *final_dst;
1523
1524 skb->priority = sk->sk_priority;
1525 skb->mark = sk->sk_mark;
1526
1527 skb_dst_set(skb, dst_clone(&rt->dst));
1528 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
1529 if (proto == IPPROTO_ICMPV6) {
1530 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
1531
1532 ICMP6MSGOUT_INC_STATS_BH(net, idev, icmp6_hdr(skb)->icmp6_type);
1533 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTMSGS);
1534 }
1535
1536 err = ip6_local_out(skb);
1537 if (err) {
1538 if (err > 0)
1539 err = net_xmit_errno(err);
1540 if (err)
1541 goto error;
1542 }
1543
1544out:
1545 ip6_cork_release(inet, np);
1546 return err;
1547error:
1548 IP6_INC_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1549 goto out;
1550}
1551EXPORT_SYMBOL_GPL(ip6_push_pending_frames);
1552
1553void ip6_flush_pending_frames(struct sock *sk)
1554{
1555 struct sk_buff *skb;
1556
1557 while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) {
1558 if (skb_dst(skb))
1559 IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb_dst(skb)),
1560 IPSTATS_MIB_OUTDISCARDS);
1561 kfree_skb(skb);
1562 }
1563
1564 ip6_cork_release(inet_sk(sk), inet6_sk(sk));
1565}
1566EXPORT_SYMBOL_GPL(ip6_flush_pending_frames);
ubuntu-zesty-kernel mirror