2 * Routines having to do with the 'struct sk_buff' memory handlers.
4 * Authors: Alan Cox <alan@lxorguk.ukuu.org.uk>
5 * Florian La Roche <rzsfl@rz.uni-sb.de>
8 * Alan Cox : Fixed the worst of the load
10 * Dave Platt : Interrupt stacking fix.
11 * Richard Kooijman : Timestamp fixes.
12 * Alan Cox : Changed buffer format.
13 * Alan Cox : destructor hook for AF_UNIX etc.
14 * Linus Torvalds : Better skb_clone.
15 * Alan Cox : Added skb_copy.
16 * Alan Cox : Added all the changed routines Linus
17 * only put in the headers
18 * Ray VanTassle : Fixed --skb->lock in free
19 * Alan Cox : skb_copy copy arp field
20 * Andi Kleen : slabified it.
21 * Robert Olsson : Removed skb_head_pool
24 * The __skb_ routines should be called with interrupts
25 * disabled, or you better be *real* sure that the operation is atomic
26 * with respect to whatever list is being frobbed (e.g. via lock_sock()
27 * or via disabling bottom half handlers, etc).
29 * This program is free software; you can redistribute it and/or
30 * modify it under the terms of the GNU General Public License
31 * as published by the Free Software Foundation; either version
32 * 2 of the License, or (at your option) any later version.
36 * The functions in this file will not compile correctly with gcc 2.4.x
39 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
41 #include <linux/module.h>
42 #include <linux/types.h>
43 #include <linux/kernel.h>
44 #include <linux/kmemcheck.h>
46 #include <linux/interrupt.h>
48 #include <linux/inet.h>
49 #include <linux/slab.h>
50 #include <linux/tcp.h>
51 #include <linux/udp.h>
52 #include <linux/netdevice.h>
53 #ifdef CONFIG_NET_CLS_ACT
54 #include <net/pkt_sched.h>
56 #include <linux/string.h>
57 #include <linux/skbuff.h>
58 #include <linux/splice.h>
59 #include <linux/cache.h>
60 #include <linux/rtnetlink.h>
61 #include <linux/init.h>
62 #include <linux/scatterlist.h>
63 #include <linux/errqueue.h>
64 #include <linux/prefetch.h>
65 #include <linux/if_vlan.h>
67 #include <net/protocol.h>
70 #include <net/checksum.h>
71 #include <net/ip6_checksum.h>
74 #include <asm/uaccess.h>
75 #include <trace/events/skb.h>
76 #include <linux/highmem.h>
78 struct kmem_cache
*skbuff_head_cache __read_mostly
;
79 static struct kmem_cache
*skbuff_fclone_cache __read_mostly
;
82 * skb_panic - private function for out-of-line support
86 * @msg: skb_over_panic or skb_under_panic
88 * Out-of-line support for skb_put() and skb_push().
89 * Called via the wrapper skb_over_panic() or skb_under_panic().
90 * Keep out of line to prevent kernel bloat.
91 * __builtin_return_address is not used because it is not always reliable.
93 static void skb_panic(struct sk_buff
*skb
, unsigned int sz
, void *addr
,
96 pr_emerg("%s: text:%p len:%d put:%d head:%p data:%p tail:%#lx end:%#lx dev:%s\n",
97 msg
, addr
, skb
->len
, sz
, skb
->head
, skb
->data
,
98 (unsigned long)skb
->tail
, (unsigned long)skb
->end
,
99 skb
->dev
? skb
->dev
->name
: "<NULL>");
103 static void skb_over_panic(struct sk_buff
*skb
, unsigned int sz
, void *addr
)
105 skb_panic(skb
, sz
, addr
, __func__
);
108 static void skb_under_panic(struct sk_buff
*skb
, unsigned int sz
, void *addr
)
110 skb_panic(skb
, sz
, addr
, __func__
);
114 * kmalloc_reserve is a wrapper around kmalloc_node_track_caller that tells
115 * the caller if emergency pfmemalloc reserves are being used. If it is and
116 * the socket is later found to be SOCK_MEMALLOC then PFMEMALLOC reserves
117 * may be used. Otherwise, the packet data may be discarded until enough
120 #define kmalloc_reserve(size, gfp, node, pfmemalloc) \
121 __kmalloc_reserve(size, gfp, node, _RET_IP_, pfmemalloc)
123 static void *__kmalloc_reserve(size_t size
, gfp_t flags
, int node
,
124 unsigned long ip
, bool *pfmemalloc
)
127 bool ret_pfmemalloc
= false;
130 * Try a regular allocation, when that fails and we're not entitled
131 * to the reserves, fail.
133 obj
= kmalloc_node_track_caller(size
,
134 flags
| __GFP_NOMEMALLOC
| __GFP_NOWARN
,
136 if (obj
|| !(gfp_pfmemalloc_allowed(flags
)))
139 /* Try again but now we are using pfmemalloc reserves */
140 ret_pfmemalloc
= true;
141 obj
= kmalloc_node_track_caller(size
, flags
, node
);
145 *pfmemalloc
= ret_pfmemalloc
;
150 /* Allocate a new skbuff. We do this ourselves so we can fill in a few
151 * 'private' fields and also do memory statistics to find all the
156 struct sk_buff
*__alloc_skb_head(gfp_t gfp_mask
, int node
)
161 skb
= kmem_cache_alloc_node(skbuff_head_cache
,
162 gfp_mask
& ~__GFP_DMA
, node
);
167 * Only clear those fields we need to clear, not those that we will
168 * actually initialise below. Hence, don't put any more fields after
169 * the tail pointer in struct sk_buff!
171 memset(skb
, 0, offsetof(struct sk_buff
, tail
));
173 skb
->truesize
= sizeof(struct sk_buff
);
174 atomic_set(&skb
->users
, 1);
176 skb
->mac_header
= (typeof(skb
->mac_header
))~0U;
182 * __alloc_skb - allocate a network buffer
183 * @size: size to allocate
184 * @gfp_mask: allocation mask
185 * @flags: If SKB_ALLOC_FCLONE is set, allocate from fclone cache
186 * instead of head cache and allocate a cloned (child) skb.
187 * If SKB_ALLOC_RX is set, __GFP_MEMALLOC will be used for
188 * allocations in case the data is required for writeback
189 * @node: numa node to allocate memory on
191 * Allocate a new &sk_buff. The returned buffer has no headroom and a
192 * tail room of at least size bytes. The object has a reference count
193 * of one. The return is the buffer. On a failure the return is %NULL.
195 * Buffers may only be allocated from interrupts using a @gfp_mask of
198 struct sk_buff
*__alloc_skb(unsigned int size
, gfp_t gfp_mask
,
201 struct kmem_cache
*cache
;
202 struct skb_shared_info
*shinfo
;
207 cache
= (flags
& SKB_ALLOC_FCLONE
)
208 ? skbuff_fclone_cache
: skbuff_head_cache
;
210 if (sk_memalloc_socks() && (flags
& SKB_ALLOC_RX
))
211 gfp_mask
|= __GFP_MEMALLOC
;
214 skb
= kmem_cache_alloc_node(cache
, gfp_mask
& ~__GFP_DMA
, node
);
219 /* We do our best to align skb_shared_info on a separate cache
220 * line. It usually works because kmalloc(X > SMP_CACHE_BYTES) gives
221 * aligned memory blocks, unless SLUB/SLAB debug is enabled.
222 * Both skb->head and skb_shared_info are cache line aligned.
224 size
= SKB_DATA_ALIGN(size
);
225 size
+= SKB_DATA_ALIGN(sizeof(struct skb_shared_info
));
226 data
= kmalloc_reserve(size
, gfp_mask
, node
, &pfmemalloc
);
229 /* kmalloc(size) might give us more room than requested.
230 * Put skb_shared_info exactly at the end of allocated zone,
231 * to allow max possible filling before reallocation.
233 size
= SKB_WITH_OVERHEAD(ksize(data
));
234 prefetchw(data
+ size
);
237 * Only clear those fields we need to clear, not those that we will
238 * actually initialise below. Hence, don't put any more fields after
239 * the tail pointer in struct sk_buff!
241 memset(skb
, 0, offsetof(struct sk_buff
, tail
));
242 /* Account for allocated memory : skb + skb->head */
243 skb
->truesize
= SKB_TRUESIZE(size
);
244 skb
->pfmemalloc
= pfmemalloc
;
245 atomic_set(&skb
->users
, 1);
248 skb_reset_tail_pointer(skb
);
249 skb
->end
= skb
->tail
+ size
;
250 skb
->mac_header
= (typeof(skb
->mac_header
))~0U;
251 skb
->transport_header
= (typeof(skb
->transport_header
))~0U;
253 /* make sure we initialize shinfo sequentially */
254 shinfo
= skb_shinfo(skb
);
255 memset(shinfo
, 0, offsetof(struct skb_shared_info
, dataref
));
256 atomic_set(&shinfo
->dataref
, 1);
257 kmemcheck_annotate_variable(shinfo
->destructor_arg
);
259 if (flags
& SKB_ALLOC_FCLONE
) {
260 struct sk_buff_fclones
*fclones
;
262 fclones
= container_of(skb
, struct sk_buff_fclones
, skb1
);
264 kmemcheck_annotate_bitfield(&fclones
->skb2
, flags1
);
265 skb
->fclone
= SKB_FCLONE_ORIG
;
266 atomic_set(&fclones
->fclone_ref
, 1);
268 fclones
->skb2
.fclone
= SKB_FCLONE_FREE
;
269 fclones
->skb2
.pfmemalloc
= pfmemalloc
;
274 kmem_cache_free(cache
, skb
);
278 EXPORT_SYMBOL(__alloc_skb
);
281 * build_skb - build a network buffer
282 * @data: data buffer provided by caller
283 * @frag_size: size of fragment, or 0 if head was kmalloced
285 * Allocate a new &sk_buff. Caller provides space holding head and
286 * skb_shared_info. @data must have been allocated by kmalloc() only if
287 * @frag_size is 0, otherwise data should come from the page allocator.
288 * The return is the new skb buffer.
289 * On a failure the return is %NULL, and @data is not freed.
291 * Before IO, driver allocates only data buffer where NIC put incoming frame
292 * Driver should add room at head (NET_SKB_PAD) and
293 * MUST add room at tail (SKB_DATA_ALIGN(skb_shared_info))
294 * After IO, driver calls build_skb(), to allocate sk_buff and populate it
295 * before giving packet to stack.
296 * RX rings only contains data buffers, not full skbs.
298 struct sk_buff
*build_skb(void *data
, unsigned int frag_size
)
300 struct skb_shared_info
*shinfo
;
302 unsigned int size
= frag_size
? : ksize(data
);
304 skb
= kmem_cache_alloc(skbuff_head_cache
, GFP_ATOMIC
);
308 size
-= SKB_DATA_ALIGN(sizeof(struct skb_shared_info
));
310 memset(skb
, 0, offsetof(struct sk_buff
, tail
));
311 skb
->truesize
= SKB_TRUESIZE(size
);
312 skb
->head_frag
= frag_size
!= 0;
313 atomic_set(&skb
->users
, 1);
316 skb_reset_tail_pointer(skb
);
317 skb
->end
= skb
->tail
+ size
;
318 skb
->mac_header
= (typeof(skb
->mac_header
))~0U;
319 skb
->transport_header
= (typeof(skb
->transport_header
))~0U;
321 /* make sure we initialize shinfo sequentially */
322 shinfo
= skb_shinfo(skb
);
323 memset(shinfo
, 0, offsetof(struct skb_shared_info
, dataref
));
324 atomic_set(&shinfo
->dataref
, 1);
325 kmemcheck_annotate_variable(shinfo
->destructor_arg
);
329 EXPORT_SYMBOL(build_skb
);
331 struct netdev_alloc_cache
{
332 struct page_frag frag
;
333 /* we maintain a pagecount bias, so that we dont dirty cache line
334 * containing page->_count every time we allocate a fragment.
336 unsigned int pagecnt_bias
;
338 static DEFINE_PER_CPU(struct netdev_alloc_cache
, netdev_alloc_cache
);
340 static void *__netdev_alloc_frag(unsigned int fragsz
, gfp_t gfp_mask
)
342 struct netdev_alloc_cache
*nc
;
347 local_irq_save(flags
);
348 nc
= &__get_cpu_var(netdev_alloc_cache
);
349 if (unlikely(!nc
->frag
.page
)) {
351 for (order
= NETDEV_FRAG_PAGE_MAX_ORDER
; ;) {
352 gfp_t gfp
= gfp_mask
;
355 gfp
|= __GFP_COMP
| __GFP_NOWARN
;
356 nc
->frag
.page
= alloc_pages(gfp
, order
);
357 if (likely(nc
->frag
.page
))
362 nc
->frag
.size
= PAGE_SIZE
<< order
;
364 atomic_set(&nc
->frag
.page
->_count
, NETDEV_PAGECNT_MAX_BIAS
);
365 nc
->pagecnt_bias
= NETDEV_PAGECNT_MAX_BIAS
;
369 if (nc
->frag
.offset
+ fragsz
> nc
->frag
.size
) {
370 /* avoid unnecessary locked operations if possible */
371 if ((atomic_read(&nc
->frag
.page
->_count
) == nc
->pagecnt_bias
) ||
372 atomic_sub_and_test(nc
->pagecnt_bias
, &nc
->frag
.page
->_count
))
377 data
= page_address(nc
->frag
.page
) + nc
->frag
.offset
;
378 nc
->frag
.offset
+= fragsz
;
381 local_irq_restore(flags
);
386 * netdev_alloc_frag - allocate a page fragment
387 * @fragsz: fragment size
389 * Allocates a frag from a page for receive buffer.
390 * Uses GFP_ATOMIC allocations.
392 void *netdev_alloc_frag(unsigned int fragsz
)
394 return __netdev_alloc_frag(fragsz
, GFP_ATOMIC
| __GFP_COLD
);
396 EXPORT_SYMBOL(netdev_alloc_frag
);
399 * __netdev_alloc_skb - allocate an skbuff for rx on a specific device
400 * @dev: network device to receive on
401 * @length: length to allocate
402 * @gfp_mask: get_free_pages mask, passed to alloc_skb
404 * Allocate a new &sk_buff and assign it a usage count of one. The
405 * buffer has unspecified headroom built in. Users should allocate
406 * the headroom they think they need without accounting for the
407 * built in space. The built in space is used for optimisations.
409 * %NULL is returned if there is no free memory.
411 struct sk_buff
*__netdev_alloc_skb(struct net_device
*dev
,
412 unsigned int length
, gfp_t gfp_mask
)
414 struct sk_buff
*skb
= NULL
;
415 unsigned int fragsz
= SKB_DATA_ALIGN(length
+ NET_SKB_PAD
) +
416 SKB_DATA_ALIGN(sizeof(struct skb_shared_info
));
418 if (fragsz
<= PAGE_SIZE
&& !(gfp_mask
& (__GFP_WAIT
| GFP_DMA
))) {
421 if (sk_memalloc_socks())
422 gfp_mask
|= __GFP_MEMALLOC
;
424 data
= __netdev_alloc_frag(fragsz
, gfp_mask
);
427 skb
= build_skb(data
, fragsz
);
429 put_page(virt_to_head_page(data
));
432 skb
= __alloc_skb(length
+ NET_SKB_PAD
, gfp_mask
,
433 SKB_ALLOC_RX
, NUMA_NO_NODE
);
436 skb_reserve(skb
, NET_SKB_PAD
);
441 EXPORT_SYMBOL(__netdev_alloc_skb
);
443 void skb_add_rx_frag(struct sk_buff
*skb
, int i
, struct page
*page
, int off
,
444 int size
, unsigned int truesize
)
446 skb_fill_page_desc(skb
, i
, page
, off
, size
);
448 skb
->data_len
+= size
;
449 skb
->truesize
+= truesize
;
451 EXPORT_SYMBOL(skb_add_rx_frag
);
453 void skb_coalesce_rx_frag(struct sk_buff
*skb
, int i
, int size
,
454 unsigned int truesize
)
456 skb_frag_t
*frag
= &skb_shinfo(skb
)->frags
[i
];
458 skb_frag_size_add(frag
, size
);
460 skb
->data_len
+= size
;
461 skb
->truesize
+= truesize
;
463 EXPORT_SYMBOL(skb_coalesce_rx_frag
);
465 static void skb_drop_list(struct sk_buff
**listp
)
467 kfree_skb_list(*listp
);
471 static inline void skb_drop_fraglist(struct sk_buff
*skb
)
473 skb_drop_list(&skb_shinfo(skb
)->frag_list
);
476 static void skb_clone_fraglist(struct sk_buff
*skb
)
478 struct sk_buff
*list
;
480 skb_walk_frags(skb
, list
)
484 static void skb_free_head(struct sk_buff
*skb
)
487 put_page(virt_to_head_page(skb
->head
));
492 static void skb_release_data(struct sk_buff
*skb
)
494 struct skb_shared_info
*shinfo
= skb_shinfo(skb
);
498 atomic_sub_return(skb
->nohdr
? (1 << SKB_DATAREF_SHIFT
) + 1 : 1,
502 for (i
= 0; i
< shinfo
->nr_frags
; i
++)
503 __skb_frag_unref(&shinfo
->frags
[i
]);
506 * If skb buf is from userspace, we need to notify the caller
507 * the lower device DMA has done;
509 if (shinfo
->tx_flags
& SKBTX_DEV_ZEROCOPY
) {
510 struct ubuf_info
*uarg
;
512 uarg
= shinfo
->destructor_arg
;
514 uarg
->callback(uarg
, true);
517 if (shinfo
->frag_list
)
518 kfree_skb_list(shinfo
->frag_list
);
524 * Free an skbuff by memory without cleaning the state.
526 static void kfree_skbmem(struct sk_buff
*skb
)
528 struct sk_buff_fclones
*fclones
;
530 switch (skb
->fclone
) {
531 case SKB_FCLONE_UNAVAILABLE
:
532 kmem_cache_free(skbuff_head_cache
, skb
);
535 case SKB_FCLONE_ORIG
:
536 fclones
= container_of(skb
, struct sk_buff_fclones
, skb1
);
537 if (atomic_dec_and_test(&fclones
->fclone_ref
))
538 kmem_cache_free(skbuff_fclone_cache
, fclones
);
541 case SKB_FCLONE_CLONE
:
542 fclones
= container_of(skb
, struct sk_buff_fclones
, skb2
);
544 /* Warning : We must perform the atomic_dec_and_test() before
545 * setting skb->fclone back to SKB_FCLONE_FREE, otherwise
546 * skb_clone() could set clone_ref to 2 before our decrement.
547 * Anyway, if we are going to free the structure, no need to
548 * rewrite skb->fclone.
550 if (atomic_dec_and_test(&fclones
->fclone_ref
)) {
551 kmem_cache_free(skbuff_fclone_cache
, fclones
);
553 /* The clone portion is available for
554 * fast-cloning again.
556 skb
->fclone
= SKB_FCLONE_FREE
;
562 static void skb_release_head_state(struct sk_buff
*skb
)
566 secpath_put(skb
->sp
);
568 if (skb
->destructor
) {
570 skb
->destructor(skb
);
572 #if IS_ENABLED(CONFIG_NF_CONNTRACK)
573 nf_conntrack_put(skb
->nfct
);
575 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
576 nf_bridge_put(skb
->nf_bridge
);
578 /* XXX: IS this still necessary? - JHS */
579 #ifdef CONFIG_NET_SCHED
581 #ifdef CONFIG_NET_CLS_ACT
587 /* Free everything but the sk_buff shell. */
588 static void skb_release_all(struct sk_buff
*skb
)
590 skb_release_head_state(skb
);
591 if (likely(skb
->head
))
592 skb_release_data(skb
);
596 * __kfree_skb - private function
599 * Free an sk_buff. Release anything attached to the buffer.
600 * Clean the state. This is an internal helper function. Users should
601 * always call kfree_skb
604 void __kfree_skb(struct sk_buff
*skb
)
606 skb_release_all(skb
);
609 EXPORT_SYMBOL(__kfree_skb
);
612 * kfree_skb - free an sk_buff
613 * @skb: buffer to free
615 * Drop a reference to the buffer and free it if the usage count has
618 void kfree_skb(struct sk_buff
*skb
)
622 if (likely(atomic_read(&skb
->users
) == 1))
624 else if (likely(!atomic_dec_and_test(&skb
->users
)))
626 trace_kfree_skb(skb
, __builtin_return_address(0));
629 EXPORT_SYMBOL(kfree_skb
);
631 void kfree_skb_list(struct sk_buff
*segs
)
634 struct sk_buff
*next
= segs
->next
;
640 EXPORT_SYMBOL(kfree_skb_list
);
643 * skb_tx_error - report an sk_buff xmit error
644 * @skb: buffer that triggered an error
646 * Report xmit error if a device callback is tracking this skb.
647 * skb must be freed afterwards.
649 void skb_tx_error(struct sk_buff
*skb
)
651 if (skb_shinfo(skb
)->tx_flags
& SKBTX_DEV_ZEROCOPY
) {
652 struct ubuf_info
*uarg
;
654 uarg
= skb_shinfo(skb
)->destructor_arg
;
656 uarg
->callback(uarg
, false);
657 skb_shinfo(skb
)->tx_flags
&= ~SKBTX_DEV_ZEROCOPY
;
660 EXPORT_SYMBOL(skb_tx_error
);
663 * consume_skb - free an skbuff
664 * @skb: buffer to free
666 * Drop a ref to the buffer and free it if the usage count has hit zero
667 * Functions identically to kfree_skb, but kfree_skb assumes that the frame
668 * is being dropped after a failure and notes that
670 void consume_skb(struct sk_buff
*skb
)
674 if (likely(atomic_read(&skb
->users
) == 1))
676 else if (likely(!atomic_dec_and_test(&skb
->users
)))
678 trace_consume_skb(skb
);
681 EXPORT_SYMBOL(consume_skb
);
683 /* Make sure a field is enclosed inside headers_start/headers_end section */
684 #define CHECK_SKB_FIELD(field) \
685 BUILD_BUG_ON(offsetof(struct sk_buff, field) < \
686 offsetof(struct sk_buff, headers_start)); \
687 BUILD_BUG_ON(offsetof(struct sk_buff, field) > \
688 offsetof(struct sk_buff, headers_end)); \
690 static void __copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
692 new->tstamp
= old
->tstamp
;
693 /* We do not copy old->sk */
695 memcpy(new->cb
, old
->cb
, sizeof(old
->cb
));
696 skb_dst_copy(new, old
);
698 new->sp
= secpath_get(old
->sp
);
700 __nf_copy(new, old
, false);
702 /* Note : this field could be in headers_start/headers_end section
703 * It is not yet because we do not want to have a 16 bit hole
705 new->queue_mapping
= old
->queue_mapping
;
707 memcpy(&new->headers_start
, &old
->headers_start
,
708 offsetof(struct sk_buff
, headers_end
) -
709 offsetof(struct sk_buff
, headers_start
));
710 CHECK_SKB_FIELD(protocol
);
711 CHECK_SKB_FIELD(csum
);
712 CHECK_SKB_FIELD(hash
);
713 CHECK_SKB_FIELD(priority
);
714 CHECK_SKB_FIELD(skb_iif
);
715 CHECK_SKB_FIELD(vlan_proto
);
716 CHECK_SKB_FIELD(vlan_tci
);
717 CHECK_SKB_FIELD(transport_header
);
718 CHECK_SKB_FIELD(network_header
);
719 CHECK_SKB_FIELD(mac_header
);
720 CHECK_SKB_FIELD(inner_protocol
);
721 CHECK_SKB_FIELD(inner_transport_header
);
722 CHECK_SKB_FIELD(inner_network_header
);
723 CHECK_SKB_FIELD(inner_mac_header
);
724 CHECK_SKB_FIELD(mark
);
725 #ifdef CONFIG_NETWORK_SECMARK
726 CHECK_SKB_FIELD(secmark
);
728 #ifdef CONFIG_NET_RX_BUSY_POLL
729 CHECK_SKB_FIELD(napi_id
);
731 #ifdef CONFIG_NET_SCHED
732 CHECK_SKB_FIELD(tc_index
);
733 #ifdef CONFIG_NET_CLS_ACT
734 CHECK_SKB_FIELD(tc_verd
);
741 * You should not add any new code to this function. Add it to
742 * __copy_skb_header above instead.
744 static struct sk_buff
*__skb_clone(struct sk_buff
*n
, struct sk_buff
*skb
)
746 #define C(x) n->x = skb->x
748 n
->next
= n
->prev
= NULL
;
750 __copy_skb_header(n
, skb
);
755 n
->hdr_len
= skb
->nohdr
? skb_headroom(skb
) : skb
->hdr_len
;
758 n
->destructor
= NULL
;
765 atomic_set(&n
->users
, 1);
767 atomic_inc(&(skb_shinfo(skb
)->dataref
));
775 * skb_morph - morph one skb into another
776 * @dst: the skb to receive the contents
777 * @src: the skb to supply the contents
779 * This is identical to skb_clone except that the target skb is
780 * supplied by the user.
782 * The target skb is returned upon exit.
784 struct sk_buff
*skb_morph(struct sk_buff
*dst
, struct sk_buff
*src
)
786 skb_release_all(dst
);
787 return __skb_clone(dst
, src
);
789 EXPORT_SYMBOL_GPL(skb_morph
);
792 * skb_copy_ubufs - copy userspace skb frags buffers to kernel
793 * @skb: the skb to modify
794 * @gfp_mask: allocation priority
796 * This must be called on SKBTX_DEV_ZEROCOPY skb.
797 * It will copy all frags into kernel and drop the reference
798 * to userspace pages.
800 * If this function is called from an interrupt gfp_mask() must be
803 * Returns 0 on success or a negative error code on failure
804 * to allocate kernel memory to copy to.
806 int skb_copy_ubufs(struct sk_buff
*skb
, gfp_t gfp_mask
)
809 int num_frags
= skb_shinfo(skb
)->nr_frags
;
810 struct page
*page
, *head
= NULL
;
811 struct ubuf_info
*uarg
= skb_shinfo(skb
)->destructor_arg
;
813 for (i
= 0; i
< num_frags
; i
++) {
815 skb_frag_t
*f
= &skb_shinfo(skb
)->frags
[i
];
817 page
= alloc_page(gfp_mask
);
820 struct page
*next
= (struct page
*)page_private(head
);
826 vaddr
= kmap_atomic(skb_frag_page(f
));
827 memcpy(page_address(page
),
828 vaddr
+ f
->page_offset
, skb_frag_size(f
));
829 kunmap_atomic(vaddr
);
830 set_page_private(page
, (unsigned long)head
);
834 /* skb frags release userspace buffers */
835 for (i
= 0; i
< num_frags
; i
++)
836 skb_frag_unref(skb
, i
);
838 uarg
->callback(uarg
, false);
840 /* skb frags point to kernel buffers */
841 for (i
= num_frags
- 1; i
>= 0; i
--) {
842 __skb_fill_page_desc(skb
, i
, head
, 0,
843 skb_shinfo(skb
)->frags
[i
].size
);
844 head
= (struct page
*)page_private(head
);
847 skb_shinfo(skb
)->tx_flags
&= ~SKBTX_DEV_ZEROCOPY
;
850 EXPORT_SYMBOL_GPL(skb_copy_ubufs
);
853 * skb_clone - duplicate an sk_buff
854 * @skb: buffer to clone
855 * @gfp_mask: allocation priority
857 * Duplicate an &sk_buff. The new one is not owned by a socket. Both
858 * copies share the same packet data but not structure. The new
859 * buffer has a reference count of 1. If the allocation fails the
860 * function returns %NULL otherwise the new buffer is returned.
862 * If this function is called from an interrupt gfp_mask() must be
866 struct sk_buff
*skb_clone(struct sk_buff
*skb
, gfp_t gfp_mask
)
868 struct sk_buff_fclones
*fclones
= container_of(skb
,
869 struct sk_buff_fclones
,
871 struct sk_buff
*n
= &fclones
->skb2
;
873 if (skb_orphan_frags(skb
, gfp_mask
))
876 if (skb
->fclone
== SKB_FCLONE_ORIG
&&
877 n
->fclone
== SKB_FCLONE_FREE
) {
878 n
->fclone
= SKB_FCLONE_CLONE
;
879 /* As our fastclone was free, clone_ref must be 1 at this point.
880 * We could use atomic_inc() here, but it is faster
881 * to set the final value.
883 atomic_set(&fclones
->fclone_ref
, 2);
885 if (skb_pfmemalloc(skb
))
886 gfp_mask
|= __GFP_MEMALLOC
;
888 n
= kmem_cache_alloc(skbuff_head_cache
, gfp_mask
);
892 kmemcheck_annotate_bitfield(n
, flags1
);
893 n
->fclone
= SKB_FCLONE_UNAVAILABLE
;
896 return __skb_clone(n
, skb
);
898 EXPORT_SYMBOL(skb_clone
);
900 static void skb_headers_offset_update(struct sk_buff
*skb
, int off
)
902 /* Only adjust this if it actually is csum_start rather than csum */
903 if (skb
->ip_summed
== CHECKSUM_PARTIAL
)
904 skb
->csum_start
+= off
;
905 /* {transport,network,mac}_header and tail are relative to skb->head */
906 skb
->transport_header
+= off
;
907 skb
->network_header
+= off
;
908 if (skb_mac_header_was_set(skb
))
909 skb
->mac_header
+= off
;
910 skb
->inner_transport_header
+= off
;
911 skb
->inner_network_header
+= off
;
912 skb
->inner_mac_header
+= off
;
915 static void copy_skb_header(struct sk_buff
*new, const struct sk_buff
*old
)
917 __copy_skb_header(new, old
);
919 skb_shinfo(new)->gso_size
= skb_shinfo(old
)->gso_size
;
920 skb_shinfo(new)->gso_segs
= skb_shinfo(old
)->gso_segs
;
921 skb_shinfo(new)->gso_type
= skb_shinfo(old
)->gso_type
;
924 static inline int skb_alloc_rx_flag(const struct sk_buff
*skb
)
926 if (skb_pfmemalloc(skb
))
932 * skb_copy - create private copy of an sk_buff
933 * @skb: buffer to copy
934 * @gfp_mask: allocation priority
936 * Make a copy of both an &sk_buff and its data. This is used when the
937 * caller wishes to modify the data and needs a private copy of the
938 * data to alter. Returns %NULL on failure or the pointer to the buffer
939 * on success. The returned buffer has a reference count of 1.
941 * As by-product this function converts non-linear &sk_buff to linear
942 * one, so that &sk_buff becomes completely private and caller is allowed
943 * to modify all the data of returned buffer. This means that this
944 * function is not recommended for use in circumstances when only
945 * header is going to be modified. Use pskb_copy() instead.
948 struct sk_buff
*skb_copy(const struct sk_buff
*skb
, gfp_t gfp_mask
)
950 int headerlen
= skb_headroom(skb
);
951 unsigned int size
= skb_end_offset(skb
) + skb
->data_len
;
952 struct sk_buff
*n
= __alloc_skb(size
, gfp_mask
,
953 skb_alloc_rx_flag(skb
), NUMA_NO_NODE
);
958 /* Set the data pointer */
959 skb_reserve(n
, headerlen
);
960 /* Set the tail pointer and length */
961 skb_put(n
, skb
->len
);
963 if (skb_copy_bits(skb
, -headerlen
, n
->head
, headerlen
+ skb
->len
))
966 copy_skb_header(n
, skb
);
969 EXPORT_SYMBOL(skb_copy
);
972 * __pskb_copy_fclone - create copy of an sk_buff with private head.
973 * @skb: buffer to copy
974 * @headroom: headroom of new skb
975 * @gfp_mask: allocation priority
976 * @fclone: if true allocate the copy of the skb from the fclone
977 * cache instead of the head cache; it is recommended to set this
978 * to true for the cases where the copy will likely be cloned
980 * Make a copy of both an &sk_buff and part of its data, located
981 * in header. Fragmented data remain shared. This is used when
982 * the caller wishes to modify only header of &sk_buff and needs
983 * private copy of the header to alter. Returns %NULL on failure
984 * or the pointer to the buffer on success.
985 * The returned buffer has a reference count of 1.
988 struct sk_buff
*__pskb_copy_fclone(struct sk_buff
*skb
, int headroom
,
989 gfp_t gfp_mask
, bool fclone
)
991 unsigned int size
= skb_headlen(skb
) + headroom
;
992 int flags
= skb_alloc_rx_flag(skb
) | (fclone
? SKB_ALLOC_FCLONE
: 0);
993 struct sk_buff
*n
= __alloc_skb(size
, gfp_mask
, flags
, NUMA_NO_NODE
);
998 /* Set the data pointer */
999 skb_reserve(n
, headroom
);
1000 /* Set the tail pointer and length */
1001 skb_put(n
, skb_headlen(skb
));
1002 /* Copy the bytes */
1003 skb_copy_from_linear_data(skb
, n
->data
, n
->len
);
1005 n
->truesize
+= skb
->data_len
;
1006 n
->data_len
= skb
->data_len
;
1009 if (skb_shinfo(skb
)->nr_frags
) {
1012 if (skb_orphan_frags(skb
, gfp_mask
)) {
1017 for (i
= 0; i
< skb_shinfo(skb
)->nr_frags
; i
++) {
1018 skb_shinfo(n
)->frags
[i
] = skb_shinfo(skb
)->frags
[i
];
1019 skb_frag_ref(skb
, i
);
1021 skb_shinfo(n
)->nr_frags
= i
;
1024 if (skb_has_frag_list(skb
)) {
1025 skb_shinfo(n
)->frag_list
= skb_shinfo(skb
)->frag_list
;
1026 skb_clone_fraglist(n
);
1029 copy_skb_header(n
, skb
);
1033 EXPORT_SYMBOL(__pskb_copy_fclone
);
1036 * pskb_expand_head - reallocate header of &sk_buff
1037 * @skb: buffer to reallocate
1038 * @nhead: room to add at head
1039 * @ntail: room to add at tail
1040 * @gfp_mask: allocation priority
1042 * Expands (or creates identical copy, if @nhead and @ntail are zero)
1043 * header of @skb. &sk_buff itself is not changed. &sk_buff MUST have
1044 * reference count of 1. Returns zero in the case of success or error,
1045 * if expansion failed. In the last case, &sk_buff is not changed.
1047 * All the pointers pointing into skb header may change and must be
1048 * reloaded after call to this function.
1051 int pskb_expand_head(struct sk_buff
*skb
, int nhead
, int ntail
,
1056 int size
= nhead
+ skb_end_offset(skb
) + ntail
;
1061 if (skb_shared(skb
))
1064 size
= SKB_DATA_ALIGN(size
);
1066 if (skb_pfmemalloc(skb
))
1067 gfp_mask
|= __GFP_MEMALLOC
;
1068 data
= kmalloc_reserve(size
+ SKB_DATA_ALIGN(sizeof(struct skb_shared_info
)),
1069 gfp_mask
, NUMA_NO_NODE
, NULL
);
1072 size
= SKB_WITH_OVERHEAD(ksize(data
));
1074 /* Copy only real data... and, alas, header. This should be
1075 * optimized for the cases when header is void.
1077 memcpy(data
+ nhead
, skb
->head
, skb_tail_pointer(skb
) - skb
->head
);
1079 memcpy((struct skb_shared_info
*)(data
+ size
),
1081 offsetof(struct skb_shared_info
, frags
[skb_shinfo(skb
)->nr_frags
]));
1084 * if shinfo is shared we must drop the old head gracefully, but if it
1085 * is not we can just drop the old head and let the existing refcount
1086 * be since all we did is relocate the values
1088 if (skb_cloned(skb
)) {
1089 /* copy this zero copy skb frags */
1090 if (skb_orphan_frags(skb
, gfp_mask
))
1092 for (i
= 0; i
< skb_shinfo(skb
)->nr_frags
; i
++)
1093 skb_frag_ref(skb
, i
);
1095 if (skb_has_frag_list(skb
))
1096 skb_clone_fraglist(skb
);
1098 skb_release_data(skb
);
1102 off
= (data
+ nhead
) - skb
->head
;
1107 #ifdef NET_SKBUFF_DATA_USES_OFFSET
1111 skb
->end
= skb
->head
+ size
;
1114 skb_headers_offset_update(skb
, nhead
);
1118 atomic_set(&skb_shinfo(skb
)->dataref
, 1);
1126 EXPORT_SYMBOL(pskb_expand_head
);
1128 /* Make private copy of skb with writable head and some headroom */
1130 struct sk_buff
*skb_realloc_headroom(struct sk_buff
*skb
, unsigned int headroom
)
1132 struct sk_buff
*skb2
;
1133 int delta
= headroom
- skb_headroom(skb
);
1136 skb2
= pskb_copy(skb
, GFP_ATOMIC
);
1138 skb2
= skb_clone(skb
, GFP_ATOMIC
);
1139 if (skb2
&& pskb_expand_head(skb2
, SKB_DATA_ALIGN(delta
), 0,
1147 EXPORT_SYMBOL(skb_realloc_headroom
);
1150 * skb_copy_expand - copy and expand sk_buff
1151 * @skb: buffer to copy
1152 * @newheadroom: new free bytes at head
1153 * @newtailroom: new free bytes at tail
1154 * @gfp_mask: allocation priority
1156 * Make a copy of both an &sk_buff and its data and while doing so
1157 * allocate additional space.
1159 * This is used when the caller wishes to modify the data and needs a
1160 * private copy of the data to alter as well as more space for new fields.
1161 * Returns %NULL on failure or the pointer to the buffer
1162 * on success. The returned buffer has a reference count of 1.
1164 * You must pass %GFP_ATOMIC as the allocation priority if this function
1165 * is called from an interrupt.
1167 struct sk_buff
*skb_copy_expand(const struct sk_buff
*skb
,
1168 int newheadroom
, int newtailroom
,
1172 * Allocate the copy buffer
1174 struct sk_buff
*n
= __alloc_skb(newheadroom
+ skb
->len
+ newtailroom
,
1175 gfp_mask
, skb_alloc_rx_flag(skb
),
1177 int oldheadroom
= skb_headroom(skb
);
1178 int head_copy_len
, head_copy_off
;
1183 skb_reserve(n
, newheadroom
);
1185 /* Set the tail pointer and length */
1186 skb_put(n
, skb
->len
);
1188 head_copy_len
= oldheadroom
;
1190 if (newheadroom
<= head_copy_len
)
1191 head_copy_len
= newheadroom
;
1193 head_copy_off
= newheadroom
- head_copy_len
;
1195 /* Copy the linear header and data. */
1196 if (skb_copy_bits(skb
, -head_copy_len
, n
->head
+ head_copy_off
,
1197 skb
->len
+ head_copy_len
))
1200 copy_skb_header(n
, skb
);
1202 skb_headers_offset_update(n
, newheadroom
- oldheadroom
);
1206 EXPORT_SYMBOL(skb_copy_expand
);
1209 * skb_pad - zero pad the tail of an skb
1210 * @skb: buffer to pad
1211 * @pad: space to pad
1213 * Ensure that a buffer is followed by a padding area that is zero
1214 * filled. Used by network drivers which may DMA or transfer data
1215 * beyond the buffer end onto the wire.
1217 * May return error in out of memory cases. The skb is freed on error.
1220 int skb_pad(struct sk_buff
*skb
, int pad
)
1225 /* If the skbuff is non linear tailroom is always zero.. */
1226 if (!skb_cloned(skb
) && skb_tailroom(skb
) >= pad
) {
1227 memset(skb
->data
+skb
->len
, 0, pad
);
1231 ntail
= skb
->data_len
+ pad
- (skb
->end
- skb
->tail
);
1232 if (likely(skb_cloned(skb
) || ntail
> 0)) {
1233 err
= pskb_expand_head(skb
, 0, ntail
, GFP_ATOMIC
);
1238 /* FIXME: The use of this function with non-linear skb's really needs
1241 err
= skb_linearize(skb
);
1245 memset(skb
->data
+ skb
->len
, 0, pad
);
1252 EXPORT_SYMBOL(skb_pad
);
1255 * pskb_put - add data to the tail of a potentially fragmented buffer
1256 * @skb: start of the buffer to use
1257 * @tail: tail fragment of the buffer to use
1258 * @len: amount of data to add
1260 * This function extends the used data area of the potentially
1261 * fragmented buffer. @tail must be the last fragment of @skb -- or
1262 * @skb itself. If this would exceed the total buffer size the kernel
1263 * will panic. A pointer to the first byte of the extra data is
1267 unsigned char *pskb_put(struct sk_buff
*skb
, struct sk_buff
*tail
, int len
)
1270 skb
->data_len
+= len
;
1273 return skb_put(tail
, len
);
1275 EXPORT_SYMBOL_GPL(pskb_put
);
1278 * skb_put - add data to a buffer
1279 * @skb: buffer to use
1280 * @len: amount of data to add
1282 * This function extends the used data area of the buffer. If this would
1283 * exceed the total buffer size the kernel will panic. A pointer to the
1284 * first byte of the extra data is returned.
1286 unsigned char *skb_put(struct sk_buff
*skb
, unsigned int len
)
1288 unsigned char *tmp
= skb_tail_pointer(skb
);
1289 SKB_LINEAR_ASSERT(skb
);
1292 if (unlikely(skb
->tail
> skb
->end
))
1293 skb_over_panic(skb
, len
, __builtin_return_address(0));
1296 EXPORT_SYMBOL(skb_put
);
1299 * skb_push - add data to the start of a buffer
1300 * @skb: buffer to use
1301 * @len: amount of data to add
1303 * This function extends the used data area of the buffer at the buffer
1304 * start. If this would exceed the total buffer headroom the kernel will
1305 * panic. A pointer to the first byte of the extra data is returned.
1307 unsigned char *skb_push(struct sk_buff
*skb
, unsigned int len
)
1311 if (unlikely(skb
->data
<skb
->head
))
1312 skb_under_panic(skb
, len
, __builtin_return_address(0));
1315 EXPORT_SYMBOL(skb_push
);
1318 * skb_pull - remove data from the start of a buffer
1319 * @skb: buffer to use
1320 * @len: amount of data to remove
1322 * This function removes data from the start of a buffer, returning
1323 * the memory to the headroom. A pointer to the next data in the buffer
1324 * is returned. Once the data has been pulled future pushes will overwrite
1327 unsigned char *skb_pull(struct sk_buff
*skb
, unsigned int len
)
1329 return skb_pull_inline(skb
, len
);
1331 EXPORT_SYMBOL(skb_pull
);
1334 * skb_trim - remove end from a buffer
1335 * @skb: buffer to alter
1338 * Cut the length of a buffer down by removing data from the tail. If
1339 * the buffer is already under the length specified it is not modified.
1340 * The skb must be linear.
1342 void skb_trim(struct sk_buff
*skb
, unsigned int len
)
1345 __skb_trim(skb
, len
);
1347 EXPORT_SYMBOL(skb_trim
);
1349 /* Trims skb to length len. It can change skb pointers.
1352 int ___pskb_trim(struct sk_buff
*skb
, unsigned int len
)
1354 struct sk_buff
**fragp
;
1355 struct sk_buff
*frag
;
1356 int offset
= skb_headlen(skb
);
1357 int nfrags
= skb_shinfo(skb
)->nr_frags
;
1361 if (skb_cloned(skb
) &&
1362 unlikely((err
= pskb_expand_head(skb
, 0, 0, GFP_ATOMIC
))))
1369 for (; i
< nfrags
; i
++) {
1370 int end
= offset
+ skb_frag_size(&skb_shinfo(skb
)->frags
[i
]);
1377 skb_frag_size_set(&skb_shinfo(skb
)->frags
[i
++], len
- offset
);
1380 skb_shinfo(skb
)->nr_frags
= i
;
1382 for (; i
< nfrags
; i
++)
1383 skb_frag_unref(skb
, i
);
1385 if (skb_has_frag_list(skb
))
1386 skb_drop_fraglist(skb
);
1390 for (fragp
= &skb_shinfo(skb
)->frag_list
; (frag
= *fragp
);
1391 fragp
= &frag
->next
) {
1392 int end
= offset
+ frag
->len
;
1394 if (skb_shared(frag
)) {
1395 struct sk_buff
*nfrag
;
1397 nfrag
= skb_clone(frag
, GFP_ATOMIC
);
1398 if (unlikely(!nfrag
))
1401 nfrag
->next
= frag
->next
;
1413 unlikely((err
= pskb_trim(frag
, len
- offset
))))
1417 skb_drop_list(&frag
->next
);
1422 if (len
> skb_headlen(skb
)) {
1423 skb
->data_len
-= skb
->len
- len
;
1428 skb_set_tail_pointer(skb
, len
);
1433 EXPORT_SYMBOL(___pskb_trim
);
1436 * __pskb_pull_tail - advance tail of skb header
1437 * @skb: buffer to reallocate
1438 * @delta: number of bytes to advance tail
1440 * The function makes a sense only on a fragmented &sk_buff,
1441 * it expands header moving its tail forward and copying necessary
1442 * data from fragmented part.
1444 * &sk_buff MUST have reference count of 1.
1446 * Returns %NULL (and &sk_buff does not change) if pull failed
1447 * or value of new tail of skb in the case of success.
1449 * All the pointers pointing into skb header may change and must be
1450 * reloaded after call to this function.
1453 /* Moves tail of skb head forward, copying data from fragmented part,
1454 * when it is necessary.
1455 * 1. It may fail due to malloc failure.
1456 * 2. It may change skb pointers.
1458 * It is pretty complicated. Luckily, it is called only in exceptional cases.
1460 unsigned char *__pskb_pull_tail(struct sk_buff
*skb
, int delta
)
1462 /* If skb has not enough free space at tail, get new one
1463 * plus 128 bytes for future expansions. If we have enough
1464 * room at tail, reallocate without expansion only if skb is cloned.
1466 int i
, k
, eat
= (skb
->tail
+ delta
) - skb
->end
;
1468 if (eat
> 0 || skb_cloned(skb
)) {
1469 if (pskb_expand_head(skb
, 0, eat
> 0 ? eat
+ 128 : 0,
1474 if (skb_copy_bits(skb
, skb_headlen(skb
), skb_tail_pointer(skb
), delta
))
1477 /* Optimization: no fragments, no reasons to preestimate
1478 * size of pulled pages. Superb.
1480 if (!skb_has_frag_list(skb
))
1483 /* Estimate size of pulled pages. */
1485 for (i
= 0; i
< skb_shinfo(skb
)->nr_frags
; i
++) {
1486 int size
= skb_frag_size(&skb_shinfo(skb
)->frags
[i
]);
1493 /* If we need update frag list, we are in troubles.
1494 * Certainly, it possible to add an offset to skb data,
1495 * but taking into account that pulling is expected to
1496 * be very rare operation, it is worth to fight against
1497 * further bloating skb head and crucify ourselves here instead.
1498 * Pure masohism, indeed. 8)8)
1501 struct sk_buff
*list
= skb_shinfo(skb
)->frag_list
;
1502 struct sk_buff
*clone
= NULL
;
1503 struct sk_buff
*insp
= NULL
;
1508 if (list
->len
<= eat
) {
1509 /* Eaten as whole. */
1514 /* Eaten partially. */
1516 if (skb_shared(list
)) {
1517 /* Sucks! We need to fork list. :-( */
1518 clone
= skb_clone(list
, GFP_ATOMIC
);
1524 /* This may be pulled without
1528 if (!pskb_pull(list
, eat
)) {
1536 /* Free pulled out fragments. */
1537 while ((list
= skb_shinfo(skb
)->frag_list
) != insp
) {
1538 skb_shinfo(skb
)->frag_list
= list
->next
;
1541 /* And insert new clone at head. */
1544 skb_shinfo(skb
)->frag_list
= clone
;
1547 /* Success! Now we may commit changes to skb data. */
1552 for (i
= 0; i
< skb_shinfo(skb
)->nr_frags
; i
++) {
1553 int size
= skb_frag_size(&skb_shinfo(skb
)->frags
[i
]);
1556 skb_frag_unref(skb
, i
);
1559 skb_shinfo(skb
)->frags
[k
] = skb_shinfo(skb
)->frags
[i
];
1561 skb_shinfo(skb
)->frags
[k
].page_offset
+= eat
;
1562 skb_frag_size_sub(&skb_shinfo(skb
)->frags
[k
], eat
);
1568 skb_shinfo(skb
)->nr_frags
= k
;
1571 skb
->data_len
-= delta
;
1573 return skb_tail_pointer(skb
);
1575 EXPORT_SYMBOL(__pskb_pull_tail
);
1578 * skb_copy_bits - copy bits from skb to kernel buffer
1580 * @offset: offset in source
1581 * @to: destination buffer
1582 * @len: number of bytes to copy
1584 * Copy the specified number of bytes from the source skb to the
1585 * destination buffer.
1588 * If its prototype is ever changed,
1589 * check arch/{*}/net/{*}.S files,
1590 * since it is called from BPF assembly code.
1592 int skb_copy_bits(const struct sk_buff
*skb
, int offset
, void *to
, int len
)
1594 int start
= skb_headlen(skb
);
1595 struct sk_buff
*frag_iter
;
1598 if (offset
> (int)skb
->len
- len
)
1602 if ((copy
= start
- offset
) > 0) {
1605 skb_copy_from_linear_data_offset(skb
, offset
, to
, copy
);
1606 if ((len
-= copy
) == 0)
1612 for (i
= 0; i
< skb_shinfo(skb
)->nr_frags
; i
++) {
1614 skb_frag_t
*f
= &skb_shinfo(skb
)->frags
[i
];
1616 WARN_ON(start
> offset
+ len
);
1618 end
= start
+ skb_frag_size(f
);
1619 if ((copy
= end
- offset
) > 0) {
1625 vaddr
= kmap_atomic(skb_frag_page(f
));
1627 vaddr
+ f
->page_offset
+ offset
- start
,
1629 kunmap_atomic(vaddr
);
1631 if ((len
-= copy
) == 0)
1639 skb_walk_frags(skb
, frag_iter
) {
1642 WARN_ON(start
> offset
+ len
);
1644 end
= start
+ frag_iter
->len
;
1645 if ((copy
= end
- offset
) > 0) {
1648 if (skb_copy_bits(frag_iter
, offset
- start
, to
, copy
))
1650 if ((len
-= copy
) == 0)
1664 EXPORT_SYMBOL(skb_copy_bits
);
1667 * Callback from splice_to_pipe(), if we need to release some pages
1668 * at the end of the spd in case we error'ed out in filling the pipe.
1670 static void sock_spd_release(struct splice_pipe_desc
*spd
, unsigned int i
)
1672 put_page(spd
->pages
[i
]);
1675 static struct page
*linear_to_page(struct page
*page
, unsigned int *len
,
1676 unsigned int *offset
,
1679 struct page_frag
*pfrag
= sk_page_frag(sk
);
1681 if (!sk_page_frag_refill(sk
, pfrag
))
1684 *len
= min_t(unsigned int, *len
, pfrag
->size
- pfrag
->offset
);
1686 memcpy(page_address(pfrag
->page
) + pfrag
->offset
,
1687 page_address(page
) + *offset
, *len
);
1688 *offset
= pfrag
->offset
;
1689 pfrag
->offset
+= *len
;
1694 static bool spd_can_coalesce(const struct splice_pipe_desc
*spd
,
1696 unsigned int offset
)
1698 return spd
->nr_pages
&&
1699 spd
->pages
[spd
->nr_pages
- 1] == page
&&
1700 (spd
->partial
[spd
->nr_pages
- 1].offset
+
1701 spd
->partial
[spd
->nr_pages
- 1].len
== offset
);
1705 * Fill page/offset/length into spd, if it can hold more pages.
1707 static bool spd_fill_page(struct splice_pipe_desc
*spd
,
1708 struct pipe_inode_info
*pipe
, struct page
*page
,
1709 unsigned int *len
, unsigned int offset
,
1713 if (unlikely(spd
->nr_pages
== MAX_SKB_FRAGS
))
1717 page
= linear_to_page(page
, len
, &offset
, sk
);
1721 if (spd_can_coalesce(spd
, page
, offset
)) {
1722 spd
->partial
[spd
->nr_pages
- 1].len
+= *len
;
1726 spd
->pages
[spd
->nr_pages
] = page
;
1727 spd
->partial
[spd
->nr_pages
].len
= *len
;
1728 spd
->partial
[spd
->nr_pages
].offset
= offset
;
1734 static bool __splice_segment(struct page
*page
, unsigned int poff
,
1735 unsigned int plen
, unsigned int *off
,
1737 struct splice_pipe_desc
*spd
, bool linear
,
1739 struct pipe_inode_info
*pipe
)
1744 /* skip this segment if already processed */
1750 /* ignore any bits we already processed */
1756 unsigned int flen
= min(*len
, plen
);
1758 if (spd_fill_page(spd
, pipe
, page
, &flen
, poff
,
1764 } while (*len
&& plen
);
1770 * Map linear and fragment data from the skb to spd. It reports true if the
1771 * pipe is full or if we already spliced the requested length.
1773 static bool __skb_splice_bits(struct sk_buff
*skb
, struct pipe_inode_info
*pipe
,
1774 unsigned int *offset
, unsigned int *len
,
1775 struct splice_pipe_desc
*spd
, struct sock
*sk
)
1779 /* map the linear part :
1780 * If skb->head_frag is set, this 'linear' part is backed by a
1781 * fragment, and if the head is not shared with any clones then
1782 * we can avoid a copy since we own the head portion of this page.
1784 if (__splice_segment(virt_to_page(skb
->data
),
1785 (unsigned long) skb
->data
& (PAGE_SIZE
- 1),
1788 skb_head_is_locked(skb
),
1793 * then map the fragments
1795 for (seg
= 0; seg
< skb_shinfo(skb
)->nr_frags
; seg
++) {
1796 const skb_frag_t
*f
= &skb_shinfo(skb
)->frags
[seg
];
1798 if (__splice_segment(skb_frag_page(f
),
1799 f
->page_offset
, skb_frag_size(f
),
1800 offset
, len
, spd
, false, sk
, pipe
))
1808 * Map data from the skb to a pipe. Should handle both the linear part,
1809 * the fragments, and the frag list. It does NOT handle frag lists within
1810 * the frag list, if such a thing exists. We'd probably need to recurse to
1811 * handle that cleanly.
1813 int skb_splice_bits(struct sk_buff
*skb
, unsigned int offset
,
1814 struct pipe_inode_info
*pipe
, unsigned int tlen
,
1817 struct partial_page partial
[MAX_SKB_FRAGS
];
1818 struct page
*pages
[MAX_SKB_FRAGS
];
1819 struct splice_pipe_desc spd
= {
1822 .nr_pages_max
= MAX_SKB_FRAGS
,
1824 .ops
= &nosteal_pipe_buf_ops
,
1825 .spd_release
= sock_spd_release
,
1827 struct sk_buff
*frag_iter
;
1828 struct sock
*sk
= skb
->sk
;
1832 * __skb_splice_bits() only fails if the output has no room left,
1833 * so no point in going over the frag_list for the error case.
1835 if (__skb_splice_bits(skb
, pipe
, &offset
, &tlen
, &spd
, sk
))
1841 * now see if we have a frag_list to map
1843 skb_walk_frags(skb
, frag_iter
) {
1846 if (__skb_splice_bits(frag_iter
, pipe
, &offset
, &tlen
, &spd
, sk
))
1853 * Drop the socket lock, otherwise we have reverse
1854 * locking dependencies between sk_lock and i_mutex
1855 * here as compared to sendfile(). We enter here
1856 * with the socket lock held, and splice_to_pipe() will
1857 * grab the pipe inode lock. For sendfile() emulation,
1858 * we call into ->sendpage() with the i_mutex lock held
1859 * and networking will grab the socket lock.
1862 ret
= splice_to_pipe(pipe
, &spd
);
1870 * skb_store_bits - store bits from kernel buffer to skb
1871 * @skb: destination buffer
1872 * @offset: offset in destination
1873 * @from: source buffer
1874 * @len: number of bytes to copy
1876 * Copy the specified number of bytes from the source buffer to the
1877 * destination skb. This function handles all the messy bits of
1878 * traversing fragment lists and such.
1881 int skb_store_bits(struct sk_buff
*skb
, int offset
, const void *from
, int len
)
1883 int start
= skb_headlen(skb
);
1884 struct sk_buff
*frag_iter
;
1887 if (offset
> (int)skb
->len
- len
)
1890 if ((copy
= start
- offset
) > 0) {
1893 skb_copy_to_linear_data_offset(skb
, offset
, from
, copy
);
1894 if ((len
-= copy
) == 0)
1900 for (i
= 0; i
< skb_shinfo(skb
)->nr_frags
; i
++) {
1901 skb_frag_t
*frag
= &skb_shinfo(skb
)->frags
[i
];
1904 WARN_ON(start
> offset
+ len
);
1906 end
= start
+ skb_frag_size(frag
);
1907 if ((copy
= end
- offset
) > 0) {
1913 vaddr
= kmap_atomic(skb_frag_page(frag
));
1914 memcpy(vaddr
+ frag
->page_offset
+ offset
- start
,
1916 kunmap_atomic(vaddr
);
1918 if ((len
-= copy
) == 0)
1926 skb_walk_frags(skb
, frag_iter
) {
1929 WARN_ON(start
> offset
+ len
);
1931 end
= start
+ frag_iter
->len
;
1932 if ((copy
= end
- offset
) > 0) {
1935 if (skb_store_bits(frag_iter
, offset
- start
,
1938 if ((len
-= copy
) == 0)
1951 EXPORT_SYMBOL(skb_store_bits
);
1953 /* Checksum skb data. */
1954 __wsum
__skb_checksum(const struct sk_buff
*skb
, int offset
, int len
,
1955 __wsum csum
, const struct skb_checksum_ops
*ops
)
1957 int start
= skb_headlen(skb
);
1958 int i
, copy
= start
- offset
;
1959 struct sk_buff
*frag_iter
;
1962 /* Checksum header. */
1966 csum
= ops
->update(skb
->data
+ offset
, copy
, csum
);
1967 if ((len
-= copy
) == 0)
1973 for (i
= 0; i
< skb_shinfo(skb
)->nr_frags
; i
++) {
1975 skb_frag_t
*frag
= &skb_shinfo(skb
)->frags
[i
];
1977 WARN_ON(start
> offset
+ len
);
1979 end
= start
+ skb_frag_size(frag
);
1980 if ((copy
= end
- offset
) > 0) {
1986 vaddr
= kmap_atomic(skb_frag_page(frag
));
1987 csum2
= ops
->update(vaddr
+ frag
->page_offset
+
1988 offset
- start
, copy
, 0);
1989 kunmap_atomic(vaddr
);
1990 csum
= ops
->combine(csum
, csum2
, pos
, copy
);
1999 skb_walk_frags(skb
, frag_iter
) {
2002 WARN_ON(start
> offset
+ len
);
2004 end
= start
+ frag_iter
->len
;
2005 if ((copy
= end
- offset
) > 0) {
2009 csum2
= __skb_checksum(frag_iter
, offset
- start
,
2011 csum
= ops
->combine(csum
, csum2
, pos
, copy
);
2012 if ((len
-= copy
) == 0)
2023 EXPORT_SYMBOL(__skb_checksum
);
2025 __wsum
skb_checksum(const struct sk_buff
*skb
, int offset
,
2026 int len
, __wsum csum
)
2028 const struct skb_checksum_ops ops
= {
2029 .update
= csum_partial_ext
,
2030 .combine
= csum_block_add_ext
,
2033 return __skb_checksum(skb
, offset
, len
, csum
, &ops
);
2035 EXPORT_SYMBOL(skb_checksum
);
2037 /* Both of above in one bottle. */
2039 __wsum
skb_copy_and_csum_bits(const struct sk_buff
*skb
, int offset
,
2040 u8
*to
, int len
, __wsum csum
)
2042 int start
= skb_headlen(skb
);
2043 int i
, copy
= start
- offset
;
2044 struct sk_buff
*frag_iter
;
2051 csum
= csum_partial_copy_nocheck(skb
->data
+ offset
, to
,
2053 if ((len
-= copy
) == 0)
2060 for (i
= 0; i
< skb_shinfo(skb
)->nr_frags
; i
++) {
2063 WARN_ON(start
> offset
+ len
);
2065 end
= start
+ skb_frag_size(&skb_shinfo(skb
)->frags
[i
]);
2066 if ((copy
= end
- offset
) > 0) {
2069 skb_frag_t
*frag
= &skb_shinfo(skb
)->frags
[i
];
2073 vaddr
= kmap_atomic(skb_frag_page(frag
));
2074 csum2
= csum_partial_copy_nocheck(vaddr
+
2078 kunmap_atomic(vaddr
);
2079 csum
= csum_block_add(csum
, csum2
, pos
);
2089 skb_walk_frags(skb
, frag_iter
) {
2093 WARN_ON(start
> offset
+ len
);
2095 end
= start
+ frag_iter
->len
;
2096 if ((copy
= end
- offset
) > 0) {
2099 csum2
= skb_copy_and_csum_bits(frag_iter
,
2102 csum
= csum_block_add(csum
, csum2
, pos
);
2103 if ((len
-= copy
) == 0)
2114 EXPORT_SYMBOL(skb_copy_and_csum_bits
);
2117 * skb_zerocopy_headlen - Calculate headroom needed for skb_zerocopy()
2118 * @from: source buffer
2120 * Calculates the amount of linear headroom needed in the 'to' skb passed
2121 * into skb_zerocopy().
2124 skb_zerocopy_headlen(const struct sk_buff
*from
)
2126 unsigned int hlen
= 0;
2128 if (!from
->head_frag
||
2129 skb_headlen(from
) < L1_CACHE_BYTES
||
2130 skb_shinfo(from
)->nr_frags
>= MAX_SKB_FRAGS
)
2131 hlen
= skb_headlen(from
);
2133 if (skb_has_frag_list(from
))
2138 EXPORT_SYMBOL_GPL(skb_zerocopy_headlen
);
2141 * skb_zerocopy - Zero copy skb to skb
2142 * @to: destination buffer
2143 * @from: source buffer
2144 * @len: number of bytes to copy from source buffer
2145 * @hlen: size of linear headroom in destination buffer
2147 * Copies up to `len` bytes from `from` to `to` by creating references
2148 * to the frags in the source buffer.
2150 * The `hlen` as calculated by skb_zerocopy_headlen() specifies the
2151 * headroom in the `to` buffer.
2154 * 0: everything is OK
2155 * -ENOMEM: couldn't orphan frags of @from due to lack of memory
2156 * -EFAULT: skb_copy_bits() found some problem with skb geometry
2159 skb_zerocopy(struct sk_buff
*to
, struct sk_buff
*from
, int len
, int hlen
)
2162 int plen
= 0; /* length of skb->head fragment */
2165 unsigned int offset
;
2167 BUG_ON(!from
->head_frag
&& !hlen
);
2169 /* dont bother with small payloads */
2170 if (len
<= skb_tailroom(to
))
2171 return skb_copy_bits(from
, 0, skb_put(to
, len
), len
);
2174 ret
= skb_copy_bits(from
, 0, skb_put(to
, hlen
), hlen
);
2179 plen
= min_t(int, skb_headlen(from
), len
);
2181 page
= virt_to_head_page(from
->head
);
2182 offset
= from
->data
- (unsigned char *)page_address(page
);
2183 __skb_fill_page_desc(to
, 0, page
, offset
, plen
);
2190 to
->truesize
+= len
+ plen
;
2191 to
->len
+= len
+ plen
;
2192 to
->data_len
+= len
+ plen
;
2194 if (unlikely(skb_orphan_frags(from
, GFP_ATOMIC
))) {
2199 for (i
= 0; i
< skb_shinfo(from
)->nr_frags
; i
++) {
2202 skb_shinfo(to
)->frags
[j
] = skb_shinfo(from
)->frags
[i
];
2203 skb_shinfo(to
)->frags
[j
].size
= min_t(int, skb_shinfo(to
)->frags
[j
].size
, len
);
2204 len
-= skb_shinfo(to
)->frags
[j
].size
;
2205 skb_frag_ref(to
, j
);
2208 skb_shinfo(to
)->nr_frags
= j
;
2212 EXPORT_SYMBOL_GPL(skb_zerocopy
);
2214 void skb_copy_and_csum_dev(const struct sk_buff
*skb
, u8
*to
)
2219 if (skb
->ip_summed
== CHECKSUM_PARTIAL
)
2220 csstart
= skb_checksum_start_offset(skb
);
2222 csstart
= skb_headlen(skb
);
2224 BUG_ON(csstart
> skb_headlen(skb
));
2226 skb_copy_from_linear_data(skb
, to
, csstart
);
2229 if (csstart
!= skb
->len
)
2230 csum
= skb_copy_and_csum_bits(skb
, csstart
, to
+ csstart
,
2231 skb
->len
- csstart
, 0);
2233 if (skb
->ip_summed
== CHECKSUM_PARTIAL
) {
2234 long csstuff
= csstart
+ skb
->csum_offset
;
2236 *((__sum16
*)(to
+ csstuff
)) = csum_fold(csum
);
2239 EXPORT_SYMBOL(skb_copy_and_csum_dev
);
2242 * skb_dequeue - remove from the head of the queue
2243 * @list: list to dequeue from
2245 * Remove the head of the list. The list lock is taken so the function
2246 * may be used safely with other locking list functions. The head item is
2247 * returned or %NULL if the list is empty.
2250 struct sk_buff
*skb_dequeue(struct sk_buff_head
*list
)
2252 unsigned long flags
;
2253 struct sk_buff
*result
;
2255 spin_lock_irqsave(&list
->lock
, flags
);
2256 result
= __skb_dequeue(list
);
2257 spin_unlock_irqrestore(&list
->lock
, flags
);
2260 EXPORT_SYMBOL(skb_dequeue
);
2263 * skb_dequeue_tail - remove from the tail of the queue
2264 * @list: list to dequeue from
2266 * Remove the tail of the list. The list lock is taken so the function
2267 * may be used safely with other locking list functions. The tail item is
2268 * returned or %NULL if the list is empty.
2270 struct sk_buff
*skb_dequeue_tail(struct sk_buff_head
*list
)
2272 unsigned long flags
;
2273 struct sk_buff
*result
;
2275 spin_lock_irqsave(&list
->lock
, flags
);
2276 result
= __skb_dequeue_tail(list
);
2277 spin_unlock_irqrestore(&list
->lock
, flags
);
2280 EXPORT_SYMBOL(skb_dequeue_tail
);
2283 * skb_queue_purge - empty a list
2284 * @list: list to empty
2286 * Delete all buffers on an &sk_buff list. Each buffer is removed from
2287 * the list and one reference dropped. This function takes the list
2288 * lock and is atomic with respect to other list locking functions.
2290 void skb_queue_purge(struct sk_buff_head
*list
)
2292 struct sk_buff
*skb
;
2293 while ((skb
= skb_dequeue(list
)) != NULL
)
2296 EXPORT_SYMBOL(skb_queue_purge
);
2299 * skb_queue_head - queue a buffer at the list head
2300 * @list: list to use
2301 * @newsk: buffer to queue
2303 * Queue a buffer at the start of the list. This function takes the
2304 * list lock and can be used safely with other locking &sk_buff functions
2307 * A buffer cannot be placed on two lists at the same time.
2309 void skb_queue_head(struct sk_buff_head
*list
, struct sk_buff
*newsk
)
2311 unsigned long flags
;
2313 spin_lock_irqsave(&list
->lock
, flags
);
2314 __skb_queue_head(list
, newsk
);
2315 spin_unlock_irqrestore(&list
->lock
, flags
);
2317 EXPORT_SYMBOL(skb_queue_head
);
2320 * skb_queue_tail - queue a buffer at the list tail
2321 * @list: list to use
2322 * @newsk: buffer to queue
2324 * Queue a buffer at the tail of the list. This function takes the
2325 * list lock and can be used safely with other locking &sk_buff functions
2328 * A buffer cannot be placed on two lists at the same time.
2330 void skb_queue_tail(struct sk_buff_head
*list
, struct sk_buff
*newsk
)
2332 unsigned long flags
;
2334 spin_lock_irqsave(&list
->lock
, flags
);
2335 __skb_queue_tail(list
, newsk
);
2336 spin_unlock_irqrestore(&list
->lock
, flags
);
2338 EXPORT_SYMBOL(skb_queue_tail
);
2341 * skb_unlink - remove a buffer from a list
2342 * @skb: buffer to remove
2343 * @list: list to use
2345 * Remove a packet from a list. The list locks are taken and this
2346 * function is atomic with respect to other list locked calls
2348 * You must know what list the SKB is on.
2350 void skb_unlink(struct sk_buff
*skb
, struct sk_buff_head
*list
)
2352 unsigned long flags
;
2354 spin_lock_irqsave(&list
->lock
, flags
);
2355 __skb_unlink(skb
, list
);
2356 spin_unlock_irqrestore(&list
->lock
, flags
);
2358 EXPORT_SYMBOL(skb_unlink
);
2361 * skb_append - append a buffer
2362 * @old: buffer to insert after
2363 * @newsk: buffer to insert
2364 * @list: list to use
2366 * Place a packet after a given packet in a list. The list locks are taken
2367 * and this function is atomic with respect to other list locked calls.
2368 * A buffer cannot be placed on two lists at the same time.
2370 void skb_append(struct sk_buff
*old
, struct sk_buff
*newsk
, struct sk_buff_head
*list
)
2372 unsigned long flags
;
2374 spin_lock_irqsave(&list
->lock
, flags
);
2375 __skb_queue_after(list
, old
, newsk
);
2376 spin_unlock_irqrestore(&list
->lock
, flags
);
2378 EXPORT_SYMBOL(skb_append
);
2381 * skb_insert - insert a buffer
2382 * @old: buffer to insert before
2383 * @newsk: buffer to insert
2384 * @list: list to use
2386 * Place a packet before a given packet in a list. The list locks are
2387 * taken and this function is atomic with respect to other list locked
2390 * A buffer cannot be placed on two lists at the same time.
2392 void skb_insert(struct sk_buff
*old
, struct sk_buff
*newsk
, struct sk_buff_head
*list
)
2394 unsigned long flags
;
2396 spin_lock_irqsave(&list
->lock
, flags
);
2397 __skb_insert(newsk
, old
->prev
, old
, list
);
2398 spin_unlock_irqrestore(&list
->lock
, flags
);
2400 EXPORT_SYMBOL(skb_insert
);
2402 static inline void skb_split_inside_header(struct sk_buff
*skb
,
2403 struct sk_buff
* skb1
,
2404 const u32 len
, const int pos
)
2408 skb_copy_from_linear_data_offset(skb
, len
, skb_put(skb1
, pos
- len
),
2410 /* And move data appendix as is. */
2411 for (i
= 0; i
< skb_shinfo(skb
)->nr_frags
; i
++)
2412 skb_shinfo(skb1
)->frags
[i
] = skb_shinfo(skb
)->frags
[i
];
2414 skb_shinfo(skb1
)->nr_frags
= skb_shinfo(skb
)->nr_frags
;
2415 skb_shinfo(skb
)->nr_frags
= 0;
2416 skb1
->data_len
= skb
->data_len
;
2417 skb1
->len
+= skb1
->data_len
;
2420 skb_set_tail_pointer(skb
, len
);
2423 static inline void skb_split_no_header(struct sk_buff
*skb
,
2424 struct sk_buff
* skb1
,
2425 const u32 len
, int pos
)
2428 const int nfrags
= skb_shinfo(skb
)->nr_frags
;
2430 skb_shinfo(skb
)->nr_frags
= 0;
2431 skb1
->len
= skb1
->data_len
= skb
->len
- len
;
2433 skb
->data_len
= len
- pos
;
2435 for (i
= 0; i
< nfrags
; i
++) {
2436 int size
= skb_frag_size(&skb_shinfo(skb
)->frags
[i
]);
2438 if (pos
+ size
> len
) {
2439 skb_shinfo(skb1
)->frags
[k
] = skb_shinfo(skb
)->frags
[i
];
2443 * We have two variants in this case:
2444 * 1. Move all the frag to the second
2445 * part, if it is possible. F.e.
2446 * this approach is mandatory for TUX,
2447 * where splitting is expensive.
2448 * 2. Split is accurately. We make this.
2450 skb_frag_ref(skb
, i
);
2451 skb_shinfo(skb1
)->frags
[0].page_offset
+= len
- pos
;
2452 skb_frag_size_sub(&skb_shinfo(skb1
)->frags
[0], len
- pos
);
2453 skb_frag_size_set(&skb_shinfo(skb
)->frags
[i
], len
- pos
);
2454 skb_shinfo(skb
)->nr_frags
++;
2458 skb_shinfo(skb
)->nr_frags
++;
2461 skb_shinfo(skb1
)->nr_frags
= k
;
2465 * skb_split - Split fragmented skb to two parts at length len.
2466 * @skb: the buffer to split
2467 * @skb1: the buffer to receive the second part
2468 * @len: new length for skb
2470 void skb_split(struct sk_buff
*skb
, struct sk_buff
*skb1
, const u32 len
)
2472 int pos
= skb_headlen(skb
);
2474 skb_shinfo(skb1
)->tx_flags
= skb_shinfo(skb
)->tx_flags
& SKBTX_SHARED_FRAG
;
2475 if (len
< pos
) /* Split line is inside header. */
2476 skb_split_inside_header(skb
, skb1
, len
, pos
);
2477 else /* Second chunk has no header, nothing to copy. */
2478 skb_split_no_header(skb
, skb1
, len
, pos
);
2480 EXPORT_SYMBOL(skb_split
);
2482 /* Shifting from/to a cloned skb is a no-go.
2484 * Caller cannot keep skb_shinfo related pointers past calling here!
2486 static int skb_prepare_for_shift(struct sk_buff
*skb
)
2488 return skb_cloned(skb
) && pskb_expand_head(skb
, 0, 0, GFP_ATOMIC
);
2492 * skb_shift - Shifts paged data partially from skb to another
2493 * @tgt: buffer into which tail data gets added
2494 * @skb: buffer from which the paged data comes from
2495 * @shiftlen: shift up to this many bytes
2497 * Attempts to shift up to shiftlen worth of bytes, which may be less than
2498 * the length of the skb, from skb to tgt. Returns number bytes shifted.
2499 * It's up to caller to free skb if everything was shifted.
2501 * If @tgt runs out of frags, the whole operation is aborted.
2503 * Skb cannot include anything else but paged data while tgt is allowed
2504 * to have non-paged data as well.
2506 * TODO: full sized shift could be optimized but that would need
2507 * specialized skb free'er to handle frags without up-to-date nr_frags.
2509 int skb_shift(struct sk_buff
*tgt
, struct sk_buff
*skb
, int shiftlen
)
2511 int from
, to
, merge
, todo
;
2512 struct skb_frag_struct
*fragfrom
, *fragto
;
2514 BUG_ON(shiftlen
> skb
->len
);
2515 BUG_ON(skb_headlen(skb
)); /* Would corrupt stream */
2519 to
= skb_shinfo(tgt
)->nr_frags
;
2520 fragfrom
= &skb_shinfo(skb
)->frags
[from
];
2522 /* Actual merge is delayed until the point when we know we can
2523 * commit all, so that we don't have to undo partial changes
2526 !skb_can_coalesce(tgt
, to
, skb_frag_page(fragfrom
),
2527 fragfrom
->page_offset
)) {
2532 todo
-= skb_frag_size(fragfrom
);
2534 if (skb_prepare_for_shift(skb
) ||
2535 skb_prepare_for_shift(tgt
))
2538 /* All previous frag pointers might be stale! */
2539 fragfrom
= &skb_shinfo(skb
)->frags
[from
];
2540 fragto
= &skb_shinfo(tgt
)->frags
[merge
];
2542 skb_frag_size_add(fragto
, shiftlen
);
2543 skb_frag_size_sub(fragfrom
, shiftlen
);
2544 fragfrom
->page_offset
+= shiftlen
;
2552 /* Skip full, not-fitting skb to avoid expensive operations */
2553 if ((shiftlen
== skb
->len
) &&
2554 (skb_shinfo(skb
)->nr_frags
- from
) > (MAX_SKB_FRAGS
- to
))
2557 if (skb_prepare_for_shift(skb
) || skb_prepare_for_shift(tgt
))
2560 while ((todo
> 0) && (from
< skb_shinfo(skb
)->nr_frags
)) {
2561 if (to
== MAX_SKB_FRAGS
)
2564 fragfrom
= &skb_shinfo(skb
)->frags
[from
];
2565 fragto
= &skb_shinfo(tgt
)->frags
[to
];
2567 if (todo
>= skb_frag_size(fragfrom
)) {
2568 *fragto
= *fragfrom
;
2569 todo
-= skb_frag_size(fragfrom
);
2574 __skb_frag_ref(fragfrom
);
2575 fragto
->page
= fragfrom
->page
;
2576 fragto
->page_offset
= fragfrom
->page_offset
;
2577 skb_frag_size_set(fragto
, todo
);
2579 fragfrom
->page_offset
+= todo
;
2580 skb_frag_size_sub(fragfrom
, todo
);
2588 /* Ready to "commit" this state change to tgt */
2589 skb_shinfo(tgt
)->nr_frags
= to
;
2592 fragfrom
= &skb_shinfo(skb
)->frags
[0];
2593 fragto
= &skb_shinfo(tgt
)->frags
[merge
];
2595 skb_frag_size_add(fragto
, skb_frag_size(fragfrom
));
2596 __skb_frag_unref(fragfrom
);
2599 /* Reposition in the original skb */
2601 while (from
< skb_shinfo(skb
)->nr_frags
)
2602 skb_shinfo(skb
)->frags
[to
++] = skb_shinfo(skb
)->frags
[from
++];
2603 skb_shinfo(skb
)->nr_frags
= to
;
2605 BUG_ON(todo
> 0 && !skb_shinfo(skb
)->nr_frags
);
2608 /* Most likely the tgt won't ever need its checksum anymore, skb on
2609 * the other hand might need it if it needs to be resent
2611 tgt
->ip_summed
= CHECKSUM_PARTIAL
;
2612 skb
->ip_summed
= CHECKSUM_PARTIAL
;
2614 /* Yak, is it really working this way? Some helper please? */
2615 skb
->len
-= shiftlen
;
2616 skb
->data_len
-= shiftlen
;
2617 skb
->truesize
-= shiftlen
;
2618 tgt
->len
+= shiftlen
;
2619 tgt
->data_len
+= shiftlen
;
2620 tgt
->truesize
+= shiftlen
;
2626 * skb_prepare_seq_read - Prepare a sequential read of skb data
2627 * @skb: the buffer to read
2628 * @from: lower offset of data to be read
2629 * @to: upper offset of data to be read
2630 * @st: state variable
2632 * Initializes the specified state variable. Must be called before
2633 * invoking skb_seq_read() for the first time.
2635 void skb_prepare_seq_read(struct sk_buff
*skb
, unsigned int from
,
2636 unsigned int to
, struct skb_seq_state
*st
)
2638 st
->lower_offset
= from
;
2639 st
->upper_offset
= to
;
2640 st
->root_skb
= st
->cur_skb
= skb
;
2641 st
->frag_idx
= st
->stepped_offset
= 0;
2642 st
->frag_data
= NULL
;
2644 EXPORT_SYMBOL(skb_prepare_seq_read
);
2647 * skb_seq_read - Sequentially read skb data
2648 * @consumed: number of bytes consumed by the caller so far
2649 * @data: destination pointer for data to be returned
2650 * @st: state variable
2652 * Reads a block of skb data at @consumed relative to the
2653 * lower offset specified to skb_prepare_seq_read(). Assigns
2654 * the head of the data block to @data and returns the length
2655 * of the block or 0 if the end of the skb data or the upper
2656 * offset has been reached.
2658 * The caller is not required to consume all of the data
2659 * returned, i.e. @consumed is typically set to the number
2660 * of bytes already consumed and the next call to
2661 * skb_seq_read() will return the remaining part of the block.
2663 * Note 1: The size of each block of data returned can be arbitrary,
2664 * this limitation is the cost for zerocopy sequential
2665 * reads of potentially non linear data.
2667 * Note 2: Fragment lists within fragments are not implemented
2668 * at the moment, state->root_skb could be replaced with
2669 * a stack for this purpose.
2671 unsigned int skb_seq_read(unsigned int consumed
, const u8
**data
,
2672 struct skb_seq_state
*st
)
2674 unsigned int block_limit
, abs_offset
= consumed
+ st
->lower_offset
;
2677 if (unlikely(abs_offset
>= st
->upper_offset
)) {
2678 if (st
->frag_data
) {
2679 kunmap_atomic(st
->frag_data
);
2680 st
->frag_data
= NULL
;
2686 block_limit
= skb_headlen(st
->cur_skb
) + st
->stepped_offset
;
2688 if (abs_offset
< block_limit
&& !st
->frag_data
) {
2689 *data
= st
->cur_skb
->data
+ (abs_offset
- st
->stepped_offset
);
2690 return block_limit
- abs_offset
;
2693 if (st
->frag_idx
== 0 && !st
->frag_data
)
2694 st
->stepped_offset
+= skb_headlen(st
->cur_skb
);
2696 while (st
->frag_idx
< skb_shinfo(st
->cur_skb
)->nr_frags
) {
2697 frag
= &skb_shinfo(st
->cur_skb
)->frags
[st
->frag_idx
];
2698 block_limit
= skb_frag_size(frag
) + st
->stepped_offset
;
2700 if (abs_offset
< block_limit
) {
2702 st
->frag_data
= kmap_atomic(skb_frag_page(frag
));
2704 *data
= (u8
*) st
->frag_data
+ frag
->page_offset
+
2705 (abs_offset
- st
->stepped_offset
);
2707 return block_limit
- abs_offset
;
2710 if (st
->frag_data
) {
2711 kunmap_atomic(st
->frag_data
);
2712 st
->frag_data
= NULL
;
2716 st
->stepped_offset
+= skb_frag_size(frag
);
2719 if (st
->frag_data
) {
2720 kunmap_atomic(st
->frag_data
);
2721 st
->frag_data
= NULL
;
2724 if (st
->root_skb
== st
->cur_skb
&& skb_has_frag_list(st
->root_skb
)) {
2725 st
->cur_skb
= skb_shinfo(st
->root_skb
)->frag_list
;
2728 } else if (st
->cur_skb
->next
) {
2729 st
->cur_skb
= st
->cur_skb
->next
;
2736 EXPORT_SYMBOL(skb_seq_read
);
2739 * skb_abort_seq_read - Abort a sequential read of skb data
2740 * @st: state variable
2742 * Must be called if skb_seq_read() was not called until it
2745 void skb_abort_seq_read(struct skb_seq_state
*st
)
2748 kunmap_atomic(st
->frag_data
);
2750 EXPORT_SYMBOL(skb_abort_seq_read
);
2752 #define TS_SKB_CB(state) ((struct skb_seq_state *) &((state)->cb))
2754 static unsigned int skb_ts_get_next_block(unsigned int offset
, const u8
**text
,
2755 struct ts_config
*conf
,
2756 struct ts_state
*state
)
2758 return skb_seq_read(offset
, text
, TS_SKB_CB(state
));
2761 static void skb_ts_finish(struct ts_config
*conf
, struct ts_state
*state
)
2763 skb_abort_seq_read(TS_SKB_CB(state
));
2767 * skb_find_text - Find a text pattern in skb data
2768 * @skb: the buffer to look in
2769 * @from: search offset
2771 * @config: textsearch configuration
2772 * @state: uninitialized textsearch state variable
2774 * Finds a pattern in the skb data according to the specified
2775 * textsearch configuration. Use textsearch_next() to retrieve
2776 * subsequent occurrences of the pattern. Returns the offset
2777 * to the first occurrence or UINT_MAX if no match was found.
2779 unsigned int skb_find_text(struct sk_buff
*skb
, unsigned int from
,
2780 unsigned int to
, struct ts_config
*config
,
2781 struct ts_state
*state
)
2785 config
->get_next_block
= skb_ts_get_next_block
;
2786 config
->finish
= skb_ts_finish
;
2788 skb_prepare_seq_read(skb
, from
, to
, TS_SKB_CB(state
));
2790 ret
= textsearch_find(config
, state
);
2791 return (ret
<= to
- from
? ret
: UINT_MAX
);
2793 EXPORT_SYMBOL(skb_find_text
);
2796 * skb_append_datato_frags - append the user data to a skb
2797 * @sk: sock structure
2798 * @skb: skb structure to be appended with user data.
2799 * @getfrag: call back function to be used for getting the user data
2800 * @from: pointer to user message iov
2801 * @length: length of the iov message
2803 * Description: This procedure append the user data in the fragment part
2804 * of the skb if any page alloc fails user this procedure returns -ENOMEM
2806 int skb_append_datato_frags(struct sock
*sk
, struct sk_buff
*skb
,
2807 int (*getfrag
)(void *from
, char *to
, int offset
,
2808 int len
, int odd
, struct sk_buff
*skb
),
2809 void *from
, int length
)
2811 int frg_cnt
= skb_shinfo(skb
)->nr_frags
;
2815 struct page_frag
*pfrag
= ¤t
->task_frag
;
2818 /* Return error if we don't have space for new frag */
2819 if (frg_cnt
>= MAX_SKB_FRAGS
)
2822 if (!sk_page_frag_refill(sk
, pfrag
))
2825 /* copy the user data to page */
2826 copy
= min_t(int, length
, pfrag
->size
- pfrag
->offset
);
2828 ret
= getfrag(from
, page_address(pfrag
->page
) + pfrag
->offset
,
2829 offset
, copy
, 0, skb
);
2833 /* copy was successful so update the size parameters */
2834 skb_fill_page_desc(skb
, frg_cnt
, pfrag
->page
, pfrag
->offset
,
2837 pfrag
->offset
+= copy
;
2838 get_page(pfrag
->page
);
2840 skb
->truesize
+= copy
;
2841 atomic_add(copy
, &sk
->sk_wmem_alloc
);
2843 skb
->data_len
+= copy
;
2847 } while (length
> 0);
2851 EXPORT_SYMBOL(skb_append_datato_frags
);
2854 * skb_pull_rcsum - pull skb and update receive checksum
2855 * @skb: buffer to update
2856 * @len: length of data pulled
2858 * This function performs an skb_pull on the packet and updates
2859 * the CHECKSUM_COMPLETE checksum. It should be used on
2860 * receive path processing instead of skb_pull unless you know
2861 * that the checksum difference is zero (e.g., a valid IP header)
2862 * or you are setting ip_summed to CHECKSUM_NONE.
2864 unsigned char *skb_pull_rcsum(struct sk_buff
*skb
, unsigned int len
)
2866 BUG_ON(len
> skb
->len
);
2868 BUG_ON(skb
->len
< skb
->data_len
);
2869 skb_postpull_rcsum(skb
, skb
->data
, len
);
2870 return skb
->data
+= len
;
2872 EXPORT_SYMBOL_GPL(skb_pull_rcsum
);
2875 * skb_segment - Perform protocol segmentation on skb.
2876 * @head_skb: buffer to segment
2877 * @features: features for the output path (see dev->features)
2879 * This function performs segmentation on the given skb. It returns
2880 * a pointer to the first in a list of new skbs for the segments.
2881 * In case of error it returns ERR_PTR(err).
2883 struct sk_buff
*skb_segment(struct sk_buff
*head_skb
,
2884 netdev_features_t features
)
2886 struct sk_buff
*segs
= NULL
;
2887 struct sk_buff
*tail
= NULL
;
2888 struct sk_buff
*list_skb
= skb_shinfo(head_skb
)->frag_list
;
2889 skb_frag_t
*frag
= skb_shinfo(head_skb
)->frags
;
2890 unsigned int mss
= skb_shinfo(head_skb
)->gso_size
;
2891 unsigned int doffset
= head_skb
->data
- skb_mac_header(head_skb
);
2892 struct sk_buff
*frag_skb
= head_skb
;
2893 unsigned int offset
= doffset
;
2894 unsigned int tnl_hlen
= skb_tnl_header_len(head_skb
);
2895 unsigned int headroom
;
2899 int sg
= !!(features
& NETIF_F_SG
);
2900 int nfrags
= skb_shinfo(head_skb
)->nr_frags
;
2906 __skb_push(head_skb
, doffset
);
2907 proto
= skb_network_protocol(head_skb
, &dummy
);
2908 if (unlikely(!proto
))
2909 return ERR_PTR(-EINVAL
);
2911 csum
= !head_skb
->encap_hdr_csum
&&
2912 !!can_checksum_protocol(features
, proto
);
2914 headroom
= skb_headroom(head_skb
);
2915 pos
= skb_headlen(head_skb
);
2918 struct sk_buff
*nskb
;
2919 skb_frag_t
*nskb_frag
;
2923 len
= head_skb
->len
- offset
;
2927 hsize
= skb_headlen(head_skb
) - offset
;
2930 if (hsize
> len
|| !sg
)
2933 if (!hsize
&& i
>= nfrags
&& skb_headlen(list_skb
) &&
2934 (skb_headlen(list_skb
) == len
|| sg
)) {
2935 BUG_ON(skb_headlen(list_skb
) > len
);
2938 nfrags
= skb_shinfo(list_skb
)->nr_frags
;
2939 frag
= skb_shinfo(list_skb
)->frags
;
2940 frag_skb
= list_skb
;
2941 pos
+= skb_headlen(list_skb
);
2943 while (pos
< offset
+ len
) {
2944 BUG_ON(i
>= nfrags
);
2946 size
= skb_frag_size(frag
);
2947 if (pos
+ size
> offset
+ len
)
2955 nskb
= skb_clone(list_skb
, GFP_ATOMIC
);
2956 list_skb
= list_skb
->next
;
2958 if (unlikely(!nskb
))
2961 if (unlikely(pskb_trim(nskb
, len
))) {
2966 hsize
= skb_end_offset(nskb
);
2967 if (skb_cow_head(nskb
, doffset
+ headroom
)) {
2972 nskb
->truesize
+= skb_end_offset(nskb
) - hsize
;
2973 skb_release_head_state(nskb
);
2974 __skb_push(nskb
, doffset
);
2976 nskb
= __alloc_skb(hsize
+ doffset
+ headroom
,
2977 GFP_ATOMIC
, skb_alloc_rx_flag(head_skb
),
2980 if (unlikely(!nskb
))
2983 skb_reserve(nskb
, headroom
);
2984 __skb_put(nskb
, doffset
);
2993 __copy_skb_header(nskb
, head_skb
);
2995 skb_headers_offset_update(nskb
, skb_headroom(nskb
) - headroom
);
2996 skb_reset_mac_len(nskb
);
2998 skb_copy_from_linear_data_offset(head_skb
, -tnl_hlen
,
2999 nskb
->data
- tnl_hlen
,
3000 doffset
+ tnl_hlen
);
3002 if (nskb
->len
== len
+ doffset
)
3003 goto perform_csum_check
;
3006 nskb
->ip_summed
= CHECKSUM_NONE
;
3007 nskb
->csum
= skb_copy_and_csum_bits(head_skb
, offset
,
3010 SKB_GSO_CB(nskb
)->csum_start
=
3011 skb_headroom(nskb
) + doffset
;
3015 nskb_frag
= skb_shinfo(nskb
)->frags
;
3017 skb_copy_from_linear_data_offset(head_skb
, offset
,
3018 skb_put(nskb
, hsize
), hsize
);
3020 skb_shinfo(nskb
)->tx_flags
= skb_shinfo(head_skb
)->tx_flags
&
3023 while (pos
< offset
+ len
) {
3025 BUG_ON(skb_headlen(list_skb
));
3028 nfrags
= skb_shinfo(list_skb
)->nr_frags
;
3029 frag
= skb_shinfo(list_skb
)->frags
;
3030 frag_skb
= list_skb
;
3034 list_skb
= list_skb
->next
;
3037 if (unlikely(skb_shinfo(nskb
)->nr_frags
>=
3039 net_warn_ratelimited(
3040 "skb_segment: too many frags: %u %u\n",
3045 if (unlikely(skb_orphan_frags(frag_skb
, GFP_ATOMIC
)))
3049 __skb_frag_ref(nskb_frag
);
3050 size
= skb_frag_size(nskb_frag
);
3053 nskb_frag
->page_offset
+= offset
- pos
;
3054 skb_frag_size_sub(nskb_frag
, offset
- pos
);
3057 skb_shinfo(nskb
)->nr_frags
++;
3059 if (pos
+ size
<= offset
+ len
) {
3064 skb_frag_size_sub(nskb_frag
, pos
+ size
- (offset
+ len
));
3072 nskb
->data_len
= len
- hsize
;
3073 nskb
->len
+= nskb
->data_len
;
3074 nskb
->truesize
+= nskb
->data_len
;
3078 nskb
->csum
= skb_checksum(nskb
, doffset
,
3079 nskb
->len
- doffset
, 0);
3080 nskb
->ip_summed
= CHECKSUM_NONE
;
3081 SKB_GSO_CB(nskb
)->csum_start
=
3082 skb_headroom(nskb
) + doffset
;
3084 } while ((offset
+= len
) < head_skb
->len
);
3086 /* Some callers want to get the end of the list.
3087 * Put it in segs->prev to avoid walking the list.
3088 * (see validate_xmit_skb_list() for example)
3094 kfree_skb_list(segs
);
3095 return ERR_PTR(err
);
3097 EXPORT_SYMBOL_GPL(skb_segment
);
3099 int skb_gro_receive(struct sk_buff
**head
, struct sk_buff
*skb
)
3101 struct skb_shared_info
*pinfo
, *skbinfo
= skb_shinfo(skb
);
3102 unsigned int offset
= skb_gro_offset(skb
);
3103 unsigned int headlen
= skb_headlen(skb
);
3104 struct sk_buff
*nskb
, *lp
, *p
= *head
;
3105 unsigned int len
= skb_gro_len(skb
);
3106 unsigned int delta_truesize
;
3107 unsigned int headroom
;
3109 if (unlikely(p
->len
+ len
>= 65536))
3112 lp
= NAPI_GRO_CB(p
)->last
;
3113 pinfo
= skb_shinfo(lp
);
3115 if (headlen
<= offset
) {
3118 int i
= skbinfo
->nr_frags
;
3119 int nr_frags
= pinfo
->nr_frags
+ i
;
3121 if (nr_frags
> MAX_SKB_FRAGS
)
3125 pinfo
->nr_frags
= nr_frags
;
3126 skbinfo
->nr_frags
= 0;
3128 frag
= pinfo
->frags
+ nr_frags
;
3129 frag2
= skbinfo
->frags
+ i
;
3134 frag
->page_offset
+= offset
;
3135 skb_frag_size_sub(frag
, offset
);
3137 /* all fragments truesize : remove (head size + sk_buff) */
3138 delta_truesize
= skb
->truesize
-
3139 SKB_TRUESIZE(skb_end_offset(skb
));
3141 skb
->truesize
-= skb
->data_len
;
3142 skb
->len
-= skb
->data_len
;
3145 NAPI_GRO_CB(skb
)->free
= NAPI_GRO_FREE
;
3147 } else if (skb
->head_frag
) {
3148 int nr_frags
= pinfo
->nr_frags
;
3149 skb_frag_t
*frag
= pinfo
->frags
+ nr_frags
;
3150 struct page
*page
= virt_to_head_page(skb
->head
);
3151 unsigned int first_size
= headlen
- offset
;
3152 unsigned int first_offset
;
3154 if (nr_frags
+ 1 + skbinfo
->nr_frags
> MAX_SKB_FRAGS
)
3157 first_offset
= skb
->data
-
3158 (unsigned char *)page_address(page
) +
3161 pinfo
->nr_frags
= nr_frags
+ 1 + skbinfo
->nr_frags
;
3163 frag
->page
.p
= page
;
3164 frag
->page_offset
= first_offset
;
3165 skb_frag_size_set(frag
, first_size
);
3167 memcpy(frag
+ 1, skbinfo
->frags
, sizeof(*frag
) * skbinfo
->nr_frags
);
3168 /* We dont need to clear skbinfo->nr_frags here */
3170 delta_truesize
= skb
->truesize
- SKB_DATA_ALIGN(sizeof(struct sk_buff
));
3171 NAPI_GRO_CB(skb
)->free
= NAPI_GRO_FREE_STOLEN_HEAD
;
3174 /* switch back to head shinfo */
3175 pinfo
= skb_shinfo(p
);
3177 if (pinfo
->frag_list
)
3179 if (skb_gro_len(p
) != pinfo
->gso_size
)
3182 headroom
= skb_headroom(p
);
3183 nskb
= alloc_skb(headroom
+ skb_gro_offset(p
), GFP_ATOMIC
);
3184 if (unlikely(!nskb
))
3187 __copy_skb_header(nskb
, p
);
3188 nskb
->mac_len
= p
->mac_len
;
3190 skb_reserve(nskb
, headroom
);
3191 __skb_put(nskb
, skb_gro_offset(p
));
3193 skb_set_mac_header(nskb
, skb_mac_header(p
) - p
->data
);
3194 skb_set_network_header(nskb
, skb_network_offset(p
));
3195 skb_set_transport_header(nskb
, skb_transport_offset(p
));
3197 __skb_pull(p
, skb_gro_offset(p
));
3198 memcpy(skb_mac_header(nskb
), skb_mac_header(p
),
3199 p
->data
- skb_mac_header(p
));
3201 skb_shinfo(nskb
)->frag_list
= p
;
3202 skb_shinfo(nskb
)->gso_size
= pinfo
->gso_size
;
3203 pinfo
->gso_size
= 0;
3204 __skb_header_release(p
);
3205 NAPI_GRO_CB(nskb
)->last
= p
;
3207 nskb
->data_len
+= p
->len
;
3208 nskb
->truesize
+= p
->truesize
;
3209 nskb
->len
+= p
->len
;
3212 nskb
->next
= p
->next
;
3218 delta_truesize
= skb
->truesize
;
3219 if (offset
> headlen
) {
3220 unsigned int eat
= offset
- headlen
;
3222 skbinfo
->frags
[0].page_offset
+= eat
;
3223 skb_frag_size_sub(&skbinfo
->frags
[0], eat
);
3224 skb
->data_len
-= eat
;
3229 __skb_pull(skb
, offset
);
3231 if (NAPI_GRO_CB(p
)->last
== p
)
3232 skb_shinfo(p
)->frag_list
= skb
;
3234 NAPI_GRO_CB(p
)->last
->next
= skb
;
3235 NAPI_GRO_CB(p
)->last
= skb
;
3236 __skb_header_release(skb
);
3240 NAPI_GRO_CB(p
)->count
++;
3242 p
->truesize
+= delta_truesize
;
3245 lp
->data_len
+= len
;
3246 lp
->truesize
+= delta_truesize
;
3249 NAPI_GRO_CB(skb
)->same_flow
= 1;
3253 void __init
skb_init(void)
3255 skbuff_head_cache
= kmem_cache_create("skbuff_head_cache",
3256 sizeof(struct sk_buff
),
3258 SLAB_HWCACHE_ALIGN
|SLAB_PANIC
,
3260 skbuff_fclone_cache
= kmem_cache_create("skbuff_fclone_cache",
3261 sizeof(struct sk_buff_fclones
),
3263 SLAB_HWCACHE_ALIGN
|SLAB_PANIC
,
3268 * skb_to_sgvec - Fill a scatter-gather list from a socket buffer
3269 * @skb: Socket buffer containing the buffers to be mapped
3270 * @sg: The scatter-gather list to map into
3271 * @offset: The offset into the buffer's contents to start mapping
3272 * @len: Length of buffer space to be mapped
3274 * Fill the specified scatter-gather list with mappings/pointers into a
3275 * region of the buffer space attached to a socket buffer.
3278 __skb_to_sgvec(struct sk_buff
*skb
, struct scatterlist
*sg
, int offset
, int len
)
3280 int start
= skb_headlen(skb
);
3281 int i
, copy
= start
- offset
;
3282 struct sk_buff
*frag_iter
;
3288 sg_set_buf(sg
, skb
->data
+ offset
, copy
);
3290 if ((len
-= copy
) == 0)
3295 for (i
= 0; i
< skb_shinfo(skb
)->nr_frags
; i
++) {
3298 WARN_ON(start
> offset
+ len
);
3300 end
= start
+ skb_frag_size(&skb_shinfo(skb
)->frags
[i
]);
3301 if ((copy
= end
- offset
) > 0) {
3302 skb_frag_t
*frag
= &skb_shinfo(skb
)->frags
[i
];
3306 sg_set_page(&sg
[elt
], skb_frag_page(frag
), copy
,
3307 frag
->page_offset
+offset
-start
);
3316 skb_walk_frags(skb
, frag_iter
) {
3319 WARN_ON(start
> offset
+ len
);
3321 end
= start
+ frag_iter
->len
;
3322 if ((copy
= end
- offset
) > 0) {
3325 elt
+= __skb_to_sgvec(frag_iter
, sg
+elt
, offset
- start
,
3327 if ((len
-= copy
) == 0)
3337 /* As compared with skb_to_sgvec, skb_to_sgvec_nomark only map skb to given
3338 * sglist without mark the sg which contain last skb data as the end.
3339 * So the caller can mannipulate sg list as will when padding new data after
3340 * the first call without calling sg_unmark_end to expend sg list.
3342 * Scenario to use skb_to_sgvec_nomark:
3344 * 2. skb_to_sgvec_nomark(payload1)
3345 * 3. skb_to_sgvec_nomark(payload2)
3347 * This is equivalent to:
3349 * 2. skb_to_sgvec(payload1)
3351 * 4. skb_to_sgvec(payload2)
3353 * When mapping mutilple payload conditionally, skb_to_sgvec_nomark
3354 * is more preferable.
3356 int skb_to_sgvec_nomark(struct sk_buff
*skb
, struct scatterlist
*sg
,
3357 int offset
, int len
)
3359 return __skb_to_sgvec(skb
, sg
, offset
, len
);
3361 EXPORT_SYMBOL_GPL(skb_to_sgvec_nomark
);
3363 int skb_to_sgvec(struct sk_buff
*skb
, struct scatterlist
*sg
, int offset
, int len
)
3365 int nsg
= __skb_to_sgvec(skb
, sg
, offset
, len
);
3367 sg_mark_end(&sg
[nsg
- 1]);
3371 EXPORT_SYMBOL_GPL(skb_to_sgvec
);
3374 * skb_cow_data - Check that a socket buffer's data buffers are writable
3375 * @skb: The socket buffer to check.
3376 * @tailbits: Amount of trailing space to be added
3377 * @trailer: Returned pointer to the skb where the @tailbits space begins
3379 * Make sure that the data buffers attached to a socket buffer are
3380 * writable. If they are not, private copies are made of the data buffers
3381 * and the socket buffer is set to use these instead.
3383 * If @tailbits is given, make sure that there is space to write @tailbits
3384 * bytes of data beyond current end of socket buffer. @trailer will be
3385 * set to point to the skb in which this space begins.
3387 * The number of scatterlist elements required to completely map the
3388 * COW'd and extended socket buffer will be returned.
3390 int skb_cow_data(struct sk_buff
*skb
, int tailbits
, struct sk_buff
**trailer
)
3394 struct sk_buff
*skb1
, **skb_p
;
3396 /* If skb is cloned or its head is paged, reallocate
3397 * head pulling out all the pages (pages are considered not writable
3398 * at the moment even if they are anonymous).
3400 if ((skb_cloned(skb
) || skb_shinfo(skb
)->nr_frags
) &&
3401 __pskb_pull_tail(skb
, skb_pagelen(skb
)-skb_headlen(skb
)) == NULL
)
3404 /* Easy case. Most of packets will go this way. */
3405 if (!skb_has_frag_list(skb
)) {
3406 /* A little of trouble, not enough of space for trailer.
3407 * This should not happen, when stack is tuned to generate
3408 * good frames. OK, on miss we reallocate and reserve even more
3409 * space, 128 bytes is fair. */
3411 if (skb_tailroom(skb
) < tailbits
&&
3412 pskb_expand_head(skb
, 0, tailbits
-skb_tailroom(skb
)+128, GFP_ATOMIC
))
3420 /* Misery. We are in troubles, going to mincer fragments... */
3423 skb_p
= &skb_shinfo(skb
)->frag_list
;
3426 while ((skb1
= *skb_p
) != NULL
) {
3429 /* The fragment is partially pulled by someone,
3430 * this can happen on input. Copy it and everything
3433 if (skb_shared(skb1
))
3436 /* If the skb is the last, worry about trailer. */
3438 if (skb1
->next
== NULL
&& tailbits
) {
3439 if (skb_shinfo(skb1
)->nr_frags
||
3440 skb_has_frag_list(skb1
) ||
3441 skb_tailroom(skb1
) < tailbits
)
3442 ntail
= tailbits
+ 128;
3448 skb_shinfo(skb1
)->nr_frags
||
3449 skb_has_frag_list(skb1
)) {
3450 struct sk_buff
*skb2
;
3452 /* Fuck, we are miserable poor guys... */
3454 skb2
= skb_copy(skb1
, GFP_ATOMIC
);
3456 skb2
= skb_copy_expand(skb1
,
3460 if (unlikely(skb2
== NULL
))
3464 skb_set_owner_w(skb2
, skb1
->sk
);
3466 /* Looking around. Are we still alive?
3467 * OK, link new skb, drop old one */
3469 skb2
->next
= skb1
->next
;
3476 skb_p
= &skb1
->next
;
3481 EXPORT_SYMBOL_GPL(skb_cow_data
);
3483 static void sock_rmem_free(struct sk_buff
*skb
)
3485 struct sock
*sk
= skb
->sk
;
3487 atomic_sub(skb
->truesize
, &sk
->sk_rmem_alloc
);
3491 * Note: We dont mem charge error packets (no sk_forward_alloc changes)
3493 int sock_queue_err_skb(struct sock
*sk
, struct sk_buff
*skb
)
3495 if (atomic_read(&sk
->sk_rmem_alloc
) + skb
->truesize
>=
3496 (unsigned int)sk
->sk_rcvbuf
)
3501 skb
->destructor
= sock_rmem_free
;
3502 atomic_add(skb
->truesize
, &sk
->sk_rmem_alloc
);
3504 /* before exiting rcu section, make sure dst is refcounted */
3507 skb_queue_tail(&sk
->sk_error_queue
, skb
);
3508 if (!sock_flag(sk
, SOCK_DEAD
))
3509 sk
->sk_data_ready(sk
);
3512 EXPORT_SYMBOL(sock_queue_err_skb
);
3514 struct sk_buff
*sock_dequeue_err_skb(struct sock
*sk
)
3516 struct sk_buff_head
*q
= &sk
->sk_error_queue
;
3517 struct sk_buff
*skb
, *skb_next
;
3520 spin_lock_bh(&q
->lock
);
3521 skb
= __skb_dequeue(q
);
3522 if (skb
&& (skb_next
= skb_peek(q
)))
3523 err
= SKB_EXT_ERR(skb_next
)->ee
.ee_errno
;
3524 spin_unlock_bh(&q
->lock
);
3528 sk
->sk_error_report(sk
);
3532 EXPORT_SYMBOL(sock_dequeue_err_skb
);
3535 * skb_clone_sk - create clone of skb, and take reference to socket
3536 * @skb: the skb to clone
3538 * This function creates a clone of a buffer that holds a reference on
3539 * sk_refcnt. Buffers created via this function are meant to be
3540 * returned using sock_queue_err_skb, or free via kfree_skb.
3542 * When passing buffers allocated with this function to sock_queue_err_skb
3543 * it is necessary to wrap the call with sock_hold/sock_put in order to
3544 * prevent the socket from being released prior to being enqueued on
3545 * the sk_error_queue.
3547 struct sk_buff
*skb_clone_sk(struct sk_buff
*skb
)
3549 struct sock
*sk
= skb
->sk
;
3550 struct sk_buff
*clone
;
3552 if (!sk
|| !atomic_inc_not_zero(&sk
->sk_refcnt
))
3555 clone
= skb_clone(skb
, GFP_ATOMIC
);
3562 clone
->destructor
= sock_efree
;
3566 EXPORT_SYMBOL(skb_clone_sk
);
3568 static void __skb_complete_tx_timestamp(struct sk_buff
*skb
,
3572 struct sock_exterr_skb
*serr
;
3575 serr
= SKB_EXT_ERR(skb
);
3576 memset(serr
, 0, sizeof(*serr
));
3577 serr
->ee
.ee_errno
= ENOMSG
;
3578 serr
->ee
.ee_origin
= SO_EE_ORIGIN_TIMESTAMPING
;
3579 serr
->ee
.ee_info
= tstype
;
3580 if (sk
->sk_tsflags
& SOF_TIMESTAMPING_OPT_ID
) {
3581 serr
->ee
.ee_data
= skb_shinfo(skb
)->tskey
;
3582 if (sk
->sk_protocol
== IPPROTO_TCP
)
3583 serr
->ee
.ee_data
-= sk
->sk_tskey
;
3586 err
= sock_queue_err_skb(sk
, skb
);
3592 void skb_complete_tx_timestamp(struct sk_buff
*skb
,
3593 struct skb_shared_hwtstamps
*hwtstamps
)
3595 struct sock
*sk
= skb
->sk
;
3597 /* take a reference to prevent skb_orphan() from freeing the socket */
3600 *skb_hwtstamps(skb
) = *hwtstamps
;
3601 __skb_complete_tx_timestamp(skb
, sk
, SCM_TSTAMP_SND
);
3605 EXPORT_SYMBOL_GPL(skb_complete_tx_timestamp
);
3607 void __skb_tstamp_tx(struct sk_buff
*orig_skb
,
3608 struct skb_shared_hwtstamps
*hwtstamps
,
3609 struct sock
*sk
, int tstype
)
3611 struct sk_buff
*skb
;
3617 *skb_hwtstamps(orig_skb
) = *hwtstamps
;
3619 orig_skb
->tstamp
= ktime_get_real();
3621 skb
= skb_clone(orig_skb
, GFP_ATOMIC
);
3625 __skb_complete_tx_timestamp(skb
, sk
, tstype
);
3627 EXPORT_SYMBOL_GPL(__skb_tstamp_tx
);
3629 void skb_tstamp_tx(struct sk_buff
*orig_skb
,
3630 struct skb_shared_hwtstamps
*hwtstamps
)
3632 return __skb_tstamp_tx(orig_skb
, hwtstamps
, orig_skb
->sk
,
3635 EXPORT_SYMBOL_GPL(skb_tstamp_tx
);
3637 void skb_complete_wifi_ack(struct sk_buff
*skb
, bool acked
)
3639 struct sock
*sk
= skb
->sk
;
3640 struct sock_exterr_skb
*serr
;
3643 skb
->wifi_acked_valid
= 1;
3644 skb
->wifi_acked
= acked
;
3646 serr
= SKB_EXT_ERR(skb
);
3647 memset(serr
, 0, sizeof(*serr
));
3648 serr
->ee
.ee_errno
= ENOMSG
;
3649 serr
->ee
.ee_origin
= SO_EE_ORIGIN_TXSTATUS
;
3651 /* take a reference to prevent skb_orphan() from freeing the socket */
3654 err
= sock_queue_err_skb(sk
, skb
);
3660 EXPORT_SYMBOL_GPL(skb_complete_wifi_ack
);
3664 * skb_partial_csum_set - set up and verify partial csum values for packet
3665 * @skb: the skb to set
3666 * @start: the number of bytes after skb->data to start checksumming.
3667 * @off: the offset from start to place the checksum.
3669 * For untrusted partially-checksummed packets, we need to make sure the values
3670 * for skb->csum_start and skb->csum_offset are valid so we don't oops.
3672 * This function checks and sets those values and skb->ip_summed: if this
3673 * returns false you should drop the packet.
3675 bool skb_partial_csum_set(struct sk_buff
*skb
, u16 start
, u16 off
)
3677 if (unlikely(start
> skb_headlen(skb
)) ||
3678 unlikely((int)start
+ off
> skb_headlen(skb
) - 2)) {
3679 net_warn_ratelimited("bad partial csum: csum=%u/%u len=%u\n",
3680 start
, off
, skb_headlen(skb
));
3683 skb
->ip_summed
= CHECKSUM_PARTIAL
;
3684 skb
->csum_start
= skb_headroom(skb
) + start
;
3685 skb
->csum_offset
= off
;
3686 skb_set_transport_header(skb
, start
);
3689 EXPORT_SYMBOL_GPL(skb_partial_csum_set
);
3691 static int skb_maybe_pull_tail(struct sk_buff
*skb
, unsigned int len
,
3694 if (skb_headlen(skb
) >= len
)
3697 /* If we need to pullup then pullup to the max, so we
3698 * won't need to do it again.
3703 if (__pskb_pull_tail(skb
, max
- skb_headlen(skb
)) == NULL
)
3706 if (skb_headlen(skb
) < len
)
3712 #define MAX_TCP_HDR_LEN (15 * 4)
3714 static __sum16
*skb_checksum_setup_ip(struct sk_buff
*skb
,
3715 typeof(IPPROTO_IP
) proto
,
3722 err
= skb_maybe_pull_tail(skb
, off
+ sizeof(struct tcphdr
),
3723 off
+ MAX_TCP_HDR_LEN
);
3724 if (!err
&& !skb_partial_csum_set(skb
, off
,
3725 offsetof(struct tcphdr
,
3728 return err
? ERR_PTR(err
) : &tcp_hdr(skb
)->check
;
3731 err
= skb_maybe_pull_tail(skb
, off
+ sizeof(struct udphdr
),
3732 off
+ sizeof(struct udphdr
));
3733 if (!err
&& !skb_partial_csum_set(skb
, off
,
3734 offsetof(struct udphdr
,
3737 return err
? ERR_PTR(err
) : &udp_hdr(skb
)->check
;
3740 return ERR_PTR(-EPROTO
);
3743 /* This value should be large enough to cover a tagged ethernet header plus
3744 * maximally sized IP and TCP or UDP headers.
3746 #define MAX_IP_HDR_LEN 128
3748 static int skb_checksum_setup_ipv4(struct sk_buff
*skb
, bool recalculate
)
3757 err
= skb_maybe_pull_tail(skb
,
3758 sizeof(struct iphdr
),
3763 if (ip_hdr(skb
)->frag_off
& htons(IP_OFFSET
| IP_MF
))
3766 off
= ip_hdrlen(skb
);
3773 csum
= skb_checksum_setup_ip(skb
, ip_hdr(skb
)->protocol
, off
);
3775 return PTR_ERR(csum
);
3778 *csum
= ~csum_tcpudp_magic(ip_hdr(skb
)->saddr
,
3781 ip_hdr(skb
)->protocol
, 0);
3788 /* This value should be large enough to cover a tagged ethernet header plus
3789 * an IPv6 header, all options, and a maximal TCP or UDP header.
3791 #define MAX_IPV6_HDR_LEN 256
3793 #define OPT_HDR(type, skb, off) \
3794 (type *)(skb_network_header(skb) + (off))
3796 static int skb_checksum_setup_ipv6(struct sk_buff
*skb
, bool recalculate
)
3809 off
= sizeof(struct ipv6hdr
);
3811 err
= skb_maybe_pull_tail(skb
, off
, MAX_IPV6_HDR_LEN
);
3815 nexthdr
= ipv6_hdr(skb
)->nexthdr
;
3817 len
= sizeof(struct ipv6hdr
) + ntohs(ipv6_hdr(skb
)->payload_len
);
3818 while (off
<= len
&& !done
) {
3820 case IPPROTO_DSTOPTS
:
3821 case IPPROTO_HOPOPTS
:
3822 case IPPROTO_ROUTING
: {
3823 struct ipv6_opt_hdr
*hp
;
3825 err
= skb_maybe_pull_tail(skb
,
3827 sizeof(struct ipv6_opt_hdr
),
3832 hp
= OPT_HDR(struct ipv6_opt_hdr
, skb
, off
);
3833 nexthdr
= hp
->nexthdr
;
3834 off
+= ipv6_optlen(hp
);
3838 struct ip_auth_hdr
*hp
;
3840 err
= skb_maybe_pull_tail(skb
,
3842 sizeof(struct ip_auth_hdr
),
3847 hp
= OPT_HDR(struct ip_auth_hdr
, skb
, off
);
3848 nexthdr
= hp
->nexthdr
;
3849 off
+= ipv6_authlen(hp
);
3852 case IPPROTO_FRAGMENT
: {
3853 struct frag_hdr
*hp
;
3855 err
= skb_maybe_pull_tail(skb
,
3857 sizeof(struct frag_hdr
),
3862 hp
= OPT_HDR(struct frag_hdr
, skb
, off
);
3864 if (hp
->frag_off
& htons(IP6_OFFSET
| IP6_MF
))
3867 nexthdr
= hp
->nexthdr
;
3868 off
+= sizeof(struct frag_hdr
);
3879 if (!done
|| fragment
)
3882 csum
= skb_checksum_setup_ip(skb
, nexthdr
, off
);
3884 return PTR_ERR(csum
);
3887 *csum
= ~csum_ipv6_magic(&ipv6_hdr(skb
)->saddr
,
3888 &ipv6_hdr(skb
)->daddr
,
3889 skb
->len
- off
, nexthdr
, 0);
3897 * skb_checksum_setup - set up partial checksum offset
3898 * @skb: the skb to set up
3899 * @recalculate: if true the pseudo-header checksum will be recalculated
3901 int skb_checksum_setup(struct sk_buff
*skb
, bool recalculate
)
3905 switch (skb
->protocol
) {
3906 case htons(ETH_P_IP
):
3907 err
= skb_checksum_setup_ipv4(skb
, recalculate
);
3910 case htons(ETH_P_IPV6
):
3911 err
= skb_checksum_setup_ipv6(skb
, recalculate
);
3921 EXPORT_SYMBOL(skb_checksum_setup
);
3923 void __skb_warn_lro_forwarding(const struct sk_buff
*skb
)
3925 net_warn_ratelimited("%s: received packets cannot be forwarded while LRO is enabled\n",
3928 EXPORT_SYMBOL(__skb_warn_lro_forwarding
);
3930 void kfree_skb_partial(struct sk_buff
*skb
, bool head_stolen
)
3933 skb_release_head_state(skb
);
3934 kmem_cache_free(skbuff_head_cache
, skb
);
3939 EXPORT_SYMBOL(kfree_skb_partial
);
3942 * skb_try_coalesce - try to merge skb to prior one
3944 * @from: buffer to add
3945 * @fragstolen: pointer to boolean
3946 * @delta_truesize: how much more was allocated than was requested
3948 bool skb_try_coalesce(struct sk_buff
*to
, struct sk_buff
*from
,
3949 bool *fragstolen
, int *delta_truesize
)
3951 int i
, delta
, len
= from
->len
;
3953 *fragstolen
= false;
3958 if (len
<= skb_tailroom(to
)) {
3960 BUG_ON(skb_copy_bits(from
, 0, skb_put(to
, len
), len
));
3961 *delta_truesize
= 0;
3965 if (skb_has_frag_list(to
) || skb_has_frag_list(from
))
3968 if (skb_headlen(from
) != 0) {
3970 unsigned int offset
;
3972 if (skb_shinfo(to
)->nr_frags
+
3973 skb_shinfo(from
)->nr_frags
>= MAX_SKB_FRAGS
)
3976 if (skb_head_is_locked(from
))
3979 delta
= from
->truesize
- SKB_DATA_ALIGN(sizeof(struct sk_buff
));
3981 page
= virt_to_head_page(from
->head
);
3982 offset
= from
->data
- (unsigned char *)page_address(page
);
3984 skb_fill_page_desc(to
, skb_shinfo(to
)->nr_frags
,
3985 page
, offset
, skb_headlen(from
));
3988 if (skb_shinfo(to
)->nr_frags
+
3989 skb_shinfo(from
)->nr_frags
> MAX_SKB_FRAGS
)
3992 delta
= from
->truesize
- SKB_TRUESIZE(skb_end_offset(from
));
3995 WARN_ON_ONCE(delta
< len
);
3997 memcpy(skb_shinfo(to
)->frags
+ skb_shinfo(to
)->nr_frags
,
3998 skb_shinfo(from
)->frags
,
3999 skb_shinfo(from
)->nr_frags
* sizeof(skb_frag_t
));
4000 skb_shinfo(to
)->nr_frags
+= skb_shinfo(from
)->nr_frags
;
4002 if (!skb_cloned(from
))
4003 skb_shinfo(from
)->nr_frags
= 0;
4005 /* if the skb is not cloned this does nothing
4006 * since we set nr_frags to 0.
4008 for (i
= 0; i
< skb_shinfo(from
)->nr_frags
; i
++)
4009 skb_frag_ref(from
, i
);
4011 to
->truesize
+= delta
;
4013 to
->data_len
+= len
;
4015 *delta_truesize
= delta
;
4018 EXPORT_SYMBOL(skb_try_coalesce
);
4021 * skb_scrub_packet - scrub an skb
4023 * @skb: buffer to clean
4024 * @xnet: packet is crossing netns
4026 * skb_scrub_packet can be used after encapsulating or decapsulting a packet
4027 * into/from a tunnel. Some information have to be cleared during these
4029 * skb_scrub_packet can also be used to clean a skb before injecting it in
4030 * another namespace (@xnet == true). We have to clear all information in the
4031 * skb that could impact namespace isolation.
4033 void skb_scrub_packet(struct sk_buff
*skb
, bool xnet
)
4037 skb
->tstamp
.tv64
= 0;
4038 skb
->pkt_type
= PACKET_HOST
;
4045 nf_reset_trace(skb
);
4047 EXPORT_SYMBOL_GPL(skb_scrub_packet
);
4050 * skb_gso_transport_seglen - Return length of individual segments of a gso packet
4054 * skb_gso_transport_seglen is used to determine the real size of the
4055 * individual segments, including Layer4 headers (TCP/UDP).
4057 * The MAC/L2 or network (IP, IPv6) headers are not accounted for.
4059 unsigned int skb_gso_transport_seglen(const struct sk_buff
*skb
)
4061 const struct skb_shared_info
*shinfo
= skb_shinfo(skb
);
4063 if (likely(shinfo
->gso_type
& (SKB_GSO_TCPV4
| SKB_GSO_TCPV6
)))
4064 return tcp_hdrlen(skb
) + shinfo
->gso_size
;
4066 /* UFO sets gso_size to the size of the fragmentation
4067 * payload, i.e. the size of the L4 (UDP) header is already
4070 return shinfo
->gso_size
;
4072 EXPORT_SYMBOL_GPL(skb_gso_transport_seglen
);
4074 static struct sk_buff
*skb_reorder_vlan_header(struct sk_buff
*skb
)
4076 if (skb_cow(skb
, skb_headroom(skb
)) < 0) {
4081 memmove(skb
->data
- ETH_HLEN
, skb
->data
- VLAN_ETH_HLEN
, 2 * ETH_ALEN
);
4082 skb
->mac_header
+= VLAN_HLEN
;
4086 struct sk_buff
*skb_vlan_untag(struct sk_buff
*skb
)
4088 struct vlan_hdr
*vhdr
;
4091 if (unlikely(vlan_tx_tag_present(skb
))) {
4092 /* vlan_tci is already set-up so leave this for another time */
4096 skb
= skb_share_check(skb
, GFP_ATOMIC
);
4100 if (unlikely(!pskb_may_pull(skb
, VLAN_HLEN
)))
4103 vhdr
= (struct vlan_hdr
*)skb
->data
;
4104 vlan_tci
= ntohs(vhdr
->h_vlan_TCI
);
4105 __vlan_hwaccel_put_tag(skb
, skb
->protocol
, vlan_tci
);
4107 skb_pull_rcsum(skb
, VLAN_HLEN
);
4108 vlan_set_encap_proto(skb
, vhdr
);
4110 skb
= skb_reorder_vlan_header(skb
);
4114 skb_reset_network_header(skb
);
4115 skb_reset_transport_header(skb
);
4116 skb_reset_mac_len(skb
);
4124 EXPORT_SYMBOL(skb_vlan_untag
);
4127 * alloc_skb_with_frags - allocate skb with page frags
4129 * header_len: size of linear part
4130 * data_len: needed length in frags
4131 * max_page_order: max page order desired.
4132 * errcode: pointer to error code if any
4133 * gfp_mask: allocation mask
4135 * This can be used to allocate a paged skb, given a maximal order for frags.
4137 struct sk_buff
*alloc_skb_with_frags(unsigned long header_len
,
4138 unsigned long data_len
,
4143 int npages
= (data_len
+ (PAGE_SIZE
- 1)) >> PAGE_SHIFT
;
4144 unsigned long chunk
;
4145 struct sk_buff
*skb
;
4150 *errcode
= -EMSGSIZE
;
4151 /* Note this test could be relaxed, if we succeed to allocate
4152 * high order pages...
4154 if (npages
> MAX_SKB_FRAGS
)
4157 gfp_head
= gfp_mask
;
4158 if (gfp_head
& __GFP_WAIT
)
4159 gfp_head
|= __GFP_REPEAT
;
4161 *errcode
= -ENOBUFS
;
4162 skb
= alloc_skb(header_len
, gfp_head
);
4166 skb
->truesize
+= npages
<< PAGE_SHIFT
;
4168 for (i
= 0; npages
> 0; i
++) {
4169 int order
= max_page_order
;
4172 if (npages
>= 1 << order
) {
4173 page
= alloc_pages(gfp_mask
|
4180 /* Do not retry other high order allocations */
4186 page
= alloc_page(gfp_mask
);
4190 chunk
= min_t(unsigned long, data_len
,
4191 PAGE_SIZE
<< order
);
4192 skb_fill_page_desc(skb
, i
, page
, 0, chunk
);
4194 npages
-= 1 << order
;
4202 EXPORT_SYMBOL(alloc_skb_with_frags
);