]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - net/ipv6/ip6_output.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit...
[mirror_ubuntu-bionic-kernel.git] / net / ipv6 / ip6_output.c
1 /*
2 * IPv6 output functions
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * Based on linux/net/ipv4/ip_output.c
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
14 *
15 * Changes:
16 * A.N.Kuznetsov : airthmetics in fragmentation.
17 * extension headers are implemented.
18 * route changes now work.
19 * ip6_forward does not confuse sniffers.
20 * etc.
21 *
22 * H. von Brand : Added missing #include <linux/string.h>
23 * Imran Patel : frag id should be in NBO
24 * Kazunori MIYAZAWA @USAGI
25 * : add ip6_append_data and related functions
26 * for datagram xmit
27 */
28
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/string.h>
32 #include <linux/socket.h>
33 #include <linux/net.h>
34 #include <linux/netdevice.h>
35 #include <linux/if_arp.h>
36 #include <linux/in6.h>
37 #include <linux/tcp.h>
38 #include <linux/route.h>
39 #include <linux/module.h>
40 #include <linux/slab.h>
41
42 #include <linux/netfilter.h>
43 #include <linux/netfilter_ipv6.h>
44
45 #include <net/sock.h>
46 #include <net/snmp.h>
47
48 #include <net/ipv6.h>
49 #include <net/ndisc.h>
50 #include <net/protocol.h>
51 #include <net/ip6_route.h>
52 #include <net/addrconf.h>
53 #include <net/rawv6.h>
54 #include <net/icmp.h>
55 #include <net/xfrm.h>
56 #include <net/checksum.h>
57 #include <linux/mroute6.h>
58
59 static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *));
60
61 int __ip6_local_out(struct sk_buff *skb)
62 {
63 int len;
64
65 len = skb->len - sizeof(struct ipv6hdr);
66 if (len > IPV6_MAXPLEN)
67 len = 0;
68 ipv6_hdr(skb)->payload_len = htons(len);
69
70 return nf_hook(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, skb_dst(skb)->dev,
71 dst_output);
72 }
73
74 int ip6_local_out(struct sk_buff *skb)
75 {
76 int err;
77
78 err = __ip6_local_out(skb);
79 if (likely(err == 1))
80 err = dst_output(skb);
81
82 return err;
83 }
84 EXPORT_SYMBOL_GPL(ip6_local_out);
85
86 static int ip6_output_finish(struct sk_buff *skb)
87 {
88 struct dst_entry *dst = skb_dst(skb);
89
90 if (dst->hh)
91 return neigh_hh_output(dst->hh, skb);
92 else if (dst->neighbour)
93 return dst->neighbour->output(skb);
94
95 IP6_INC_STATS_BH(dev_net(dst->dev),
96 ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
97 kfree_skb(skb);
98 return -EINVAL;
99
100 }
101
102 /* dev_loopback_xmit for use with netfilter. */
103 static int ip6_dev_loopback_xmit(struct sk_buff *newskb)
104 {
105 skb_reset_mac_header(newskb);
106 __skb_pull(newskb, skb_network_offset(newskb));
107 newskb->pkt_type = PACKET_LOOPBACK;
108 newskb->ip_summed = CHECKSUM_UNNECESSARY;
109 WARN_ON(!skb_dst(newskb));
110
111 netif_rx(newskb);
112 return 0;
113 }
114
115
116 static int ip6_output2(struct sk_buff *skb)
117 {
118 struct dst_entry *dst = skb_dst(skb);
119 struct net_device *dev = dst->dev;
120
121 skb->protocol = htons(ETH_P_IPV6);
122 skb->dev = dev;
123
124 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
125 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
126
127 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(skb->sk) &&
128 ((mroute6_socket(dev_net(dev)) &&
129 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
130 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
131 &ipv6_hdr(skb)->saddr))) {
132 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
133
134 /* Do not check for IFF_ALLMULTI; multicast routing
135 is not supported in any case.
136 */
137 if (newskb)
138 NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, newskb,
139 NULL, newskb->dev,
140 ip6_dev_loopback_xmit);
141
142 if (ipv6_hdr(skb)->hop_limit == 0) {
143 IP6_INC_STATS(dev_net(dev), idev,
144 IPSTATS_MIB_OUTDISCARDS);
145 kfree_skb(skb);
146 return 0;
147 }
148 }
149
150 IP6_UPD_PO_STATS(dev_net(dev), idev, IPSTATS_MIB_OUTMCAST,
151 skb->len);
152 }
153
154 return NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, skb, NULL, skb->dev,
155 ip6_output_finish);
156 }
157
158 static inline int ip6_skb_dst_mtu(struct sk_buff *skb)
159 {
160 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
161
162 return (np && np->pmtudisc == IPV6_PMTUDISC_PROBE) ?
163 skb_dst(skb)->dev->mtu : dst_mtu(skb_dst(skb));
164 }
165
166 int ip6_output(struct sk_buff *skb)
167 {
168 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
169 if (unlikely(idev->cnf.disable_ipv6)) {
170 IP6_INC_STATS(dev_net(skb_dst(skb)->dev), idev,
171 IPSTATS_MIB_OUTDISCARDS);
172 kfree_skb(skb);
173 return 0;
174 }
175
176 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
177 dst_allfrag(skb_dst(skb)))
178 return ip6_fragment(skb, ip6_output2);
179 else
180 return ip6_output2(skb);
181 }
182
183 /*
184 * xmit an sk_buff (used by TCP)
185 */
186
187 int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl,
188 struct ipv6_txoptions *opt, int ipfragok)
189 {
190 struct net *net = sock_net(sk);
191 struct ipv6_pinfo *np = inet6_sk(sk);
192 struct in6_addr *first_hop = &fl->fl6_dst;
193 struct dst_entry *dst = skb_dst(skb);
194 struct ipv6hdr *hdr;
195 u8 proto = fl->proto;
196 int seg_len = skb->len;
197 int hlimit = -1;
198 int tclass = 0;
199 u32 mtu;
200
201 if (opt) {
202 unsigned int head_room;
203
204 /* First: exthdrs may take lots of space (~8K for now)
205 MAX_HEADER is not enough.
206 */
207 head_room = opt->opt_nflen + opt->opt_flen;
208 seg_len += head_room;
209 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev);
210
211 if (skb_headroom(skb) < head_room) {
212 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room);
213 if (skb2 == NULL) {
214 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
215 IPSTATS_MIB_OUTDISCARDS);
216 kfree_skb(skb);
217 return -ENOBUFS;
218 }
219 kfree_skb(skb);
220 skb = skb2;
221 if (sk)
222 skb_set_owner_w(skb, sk);
223 }
224 if (opt->opt_flen)
225 ipv6_push_frag_opts(skb, opt, &proto);
226 if (opt->opt_nflen)
227 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop);
228 }
229
230 skb_push(skb, sizeof(struct ipv6hdr));
231 skb_reset_network_header(skb);
232 hdr = ipv6_hdr(skb);
233
234 /* Allow local fragmentation. */
235 if (ipfragok)
236 skb->local_df = 1;
237
238 /*
239 * Fill in the IPv6 header
240 */
241 if (np) {
242 tclass = np->tclass;
243 hlimit = np->hop_limit;
244 }
245 if (hlimit < 0)
246 hlimit = ip6_dst_hoplimit(dst);
247
248 *(__be32 *)hdr = htonl(0x60000000 | (tclass << 20)) | fl->fl6_flowlabel;
249
250 hdr->payload_len = htons(seg_len);
251 hdr->nexthdr = proto;
252 hdr->hop_limit = hlimit;
253
254 ipv6_addr_copy(&hdr->saddr, &fl->fl6_src);
255 ipv6_addr_copy(&hdr->daddr, first_hop);
256
257 skb->priority = sk->sk_priority;
258 skb->mark = sk->sk_mark;
259
260 mtu = dst_mtu(dst);
261 if ((skb->len <= mtu) || skb->local_df || skb_is_gso(skb)) {
262 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)),
263 IPSTATS_MIB_OUT, skb->len);
264 return NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
265 dst_output);
266 }
267
268 if (net_ratelimit())
269 printk(KERN_DEBUG "IPv6: sending pkt_too_big to self\n");
270 skb->dev = dst->dev;
271 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
272 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS);
273 kfree_skb(skb);
274 return -EMSGSIZE;
275 }
276
277 EXPORT_SYMBOL(ip6_xmit);
278
279 /*
280 * To avoid extra problems ND packets are send through this
281 * routine. It's code duplication but I really want to avoid
282 * extra checks since ipv6_build_header is used by TCP (which
283 * is for us performance critical)
284 */
285
286 int ip6_nd_hdr(struct sock *sk, struct sk_buff *skb, struct net_device *dev,
287 const struct in6_addr *saddr, const struct in6_addr *daddr,
288 int proto, int len)
289 {
290 struct ipv6_pinfo *np = inet6_sk(sk);
291 struct ipv6hdr *hdr;
292 int totlen;
293
294 skb->protocol = htons(ETH_P_IPV6);
295 skb->dev = dev;
296
297 totlen = len + sizeof(struct ipv6hdr);
298
299 skb_reset_network_header(skb);
300 skb_put(skb, sizeof(struct ipv6hdr));
301 hdr = ipv6_hdr(skb);
302
303 *(__be32*)hdr = htonl(0x60000000);
304
305 hdr->payload_len = htons(len);
306 hdr->nexthdr = proto;
307 hdr->hop_limit = np->hop_limit;
308
309 ipv6_addr_copy(&hdr->saddr, saddr);
310 ipv6_addr_copy(&hdr->daddr, daddr);
311
312 return 0;
313 }
314
315 static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
316 {
317 struct ip6_ra_chain *ra;
318 struct sock *last = NULL;
319
320 read_lock(&ip6_ra_lock);
321 for (ra = ip6_ra_chain; ra; ra = ra->next) {
322 struct sock *sk = ra->sk;
323 if (sk && ra->sel == sel &&
324 (!sk->sk_bound_dev_if ||
325 sk->sk_bound_dev_if == skb->dev->ifindex)) {
326 if (last) {
327 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
328 if (skb2)
329 rawv6_rcv(last, skb2);
330 }
331 last = sk;
332 }
333 }
334
335 if (last) {
336 rawv6_rcv(last, skb);
337 read_unlock(&ip6_ra_lock);
338 return 1;
339 }
340 read_unlock(&ip6_ra_lock);
341 return 0;
342 }
343
344 static int ip6_forward_proxy_check(struct sk_buff *skb)
345 {
346 struct ipv6hdr *hdr = ipv6_hdr(skb);
347 u8 nexthdr = hdr->nexthdr;
348 int offset;
349
350 if (ipv6_ext_hdr(nexthdr)) {
351 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr);
352 if (offset < 0)
353 return 0;
354 } else
355 offset = sizeof(struct ipv6hdr);
356
357 if (nexthdr == IPPROTO_ICMPV6) {
358 struct icmp6hdr *icmp6;
359
360 if (!pskb_may_pull(skb, (skb_network_header(skb) +
361 offset + 1 - skb->data)))
362 return 0;
363
364 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset);
365
366 switch (icmp6->icmp6_type) {
367 case NDISC_ROUTER_SOLICITATION:
368 case NDISC_ROUTER_ADVERTISEMENT:
369 case NDISC_NEIGHBOUR_SOLICITATION:
370 case NDISC_NEIGHBOUR_ADVERTISEMENT:
371 case NDISC_REDIRECT:
372 /* For reaction involving unicast neighbor discovery
373 * message destined to the proxied address, pass it to
374 * input function.
375 */
376 return 1;
377 default:
378 break;
379 }
380 }
381
382 /*
383 * The proxying router can't forward traffic sent to a link-local
384 * address, so signal the sender and discard the packet. This
385 * behavior is clarified by the MIPv6 specification.
386 */
387 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) {
388 dst_link_failure(skb);
389 return -1;
390 }
391
392 return 0;
393 }
394
395 static inline int ip6_forward_finish(struct sk_buff *skb)
396 {
397 return dst_output(skb);
398 }
399
400 int ip6_forward(struct sk_buff *skb)
401 {
402 struct dst_entry *dst = skb_dst(skb);
403 struct ipv6hdr *hdr = ipv6_hdr(skb);
404 struct inet6_skb_parm *opt = IP6CB(skb);
405 struct net *net = dev_net(dst->dev);
406 u32 mtu;
407
408 if (net->ipv6.devconf_all->forwarding == 0)
409 goto error;
410
411 if (skb_warn_if_lro(skb))
412 goto drop;
413
414 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
415 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
416 goto drop;
417 }
418
419 skb_forward_csum(skb);
420
421 /*
422 * We DO NOT make any processing on
423 * RA packets, pushing them to user level AS IS
424 * without ane WARRANTY that application will be able
425 * to interpret them. The reason is that we
426 * cannot make anything clever here.
427 *
428 * We are not end-node, so that if packet contains
429 * AH/ESP, we cannot make anything.
430 * Defragmentation also would be mistake, RA packets
431 * cannot be fragmented, because there is no warranty
432 * that different fragments will go along one path. --ANK
433 */
434 if (opt->ra) {
435 u8 *ptr = skb_network_header(skb) + opt->ra;
436 if (ip6_call_ra_chain(skb, (ptr[2]<<8) + ptr[3]))
437 return 0;
438 }
439
440 /*
441 * check and decrement ttl
442 */
443 if (hdr->hop_limit <= 1) {
444 /* Force OUTPUT device used as source address */
445 skb->dev = dst->dev;
446 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0);
447 IP6_INC_STATS_BH(net,
448 ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS);
449
450 kfree_skb(skb);
451 return -ETIMEDOUT;
452 }
453
454 /* XXX: idev->cnf.proxy_ndp? */
455 if (net->ipv6.devconf_all->proxy_ndp &&
456 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
457 int proxied = ip6_forward_proxy_check(skb);
458 if (proxied > 0)
459 return ip6_input(skb);
460 else if (proxied < 0) {
461 IP6_INC_STATS(net, ip6_dst_idev(dst),
462 IPSTATS_MIB_INDISCARDS);
463 goto drop;
464 }
465 }
466
467 if (!xfrm6_route_forward(skb)) {
468 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
469 goto drop;
470 }
471 dst = skb_dst(skb);
472
473 /* IPv6 specs say nothing about it, but it is clear that we cannot
474 send redirects to source routed frames.
475 We don't send redirects to frames decapsulated from IPsec.
476 */
477 if (skb->dev == dst->dev && dst->neighbour && opt->srcrt == 0 &&
478 !skb_sec_path(skb)) {
479 struct in6_addr *target = NULL;
480 struct rt6_info *rt;
481 struct neighbour *n = dst->neighbour;
482
483 /*
484 * incoming and outgoing devices are the same
485 * send a redirect.
486 */
487
488 rt = (struct rt6_info *) dst;
489 if ((rt->rt6i_flags & RTF_GATEWAY))
490 target = (struct in6_addr*)&n->primary_key;
491 else
492 target = &hdr->daddr;
493
494 /* Limit redirects both by destination (here)
495 and by source (inside ndisc_send_redirect)
496 */
497 if (xrlim_allow(dst, 1*HZ))
498 ndisc_send_redirect(skb, n, target);
499 } else {
500 int addrtype = ipv6_addr_type(&hdr->saddr);
501
502 /* This check is security critical. */
503 if (addrtype == IPV6_ADDR_ANY ||
504 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
505 goto error;
506 if (addrtype & IPV6_ADDR_LINKLOCAL) {
507 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
508 ICMPV6_NOT_NEIGHBOUR, 0);
509 goto error;
510 }
511 }
512
513 mtu = dst_mtu(dst);
514 if (mtu < IPV6_MIN_MTU)
515 mtu = IPV6_MIN_MTU;
516
517 if (skb->len > mtu) {
518 /* Again, force OUTPUT device used as source address */
519 skb->dev = dst->dev;
520 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
521 IP6_INC_STATS_BH(net,
522 ip6_dst_idev(dst), IPSTATS_MIB_INTOOBIGERRORS);
523 IP6_INC_STATS_BH(net,
524 ip6_dst_idev(dst), IPSTATS_MIB_FRAGFAILS);
525 kfree_skb(skb);
526 return -EMSGSIZE;
527 }
528
529 if (skb_cow(skb, dst->dev->hard_header_len)) {
530 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTDISCARDS);
531 goto drop;
532 }
533
534 hdr = ipv6_hdr(skb);
535
536 /* Mangling hops number delayed to point after skb COW */
537
538 hdr->hop_limit--;
539
540 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
541 return NF_HOOK(PF_INET6, NF_INET_FORWARD, skb, skb->dev, dst->dev,
542 ip6_forward_finish);
543
544 error:
545 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS);
546 drop:
547 kfree_skb(skb);
548 return -EINVAL;
549 }
550
551 static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
552 {
553 to->pkt_type = from->pkt_type;
554 to->priority = from->priority;
555 to->protocol = from->protocol;
556 skb_dst_drop(to);
557 skb_dst_set(to, dst_clone(skb_dst(from)));
558 to->dev = from->dev;
559 to->mark = from->mark;
560
561 #ifdef CONFIG_NET_SCHED
562 to->tc_index = from->tc_index;
563 #endif
564 nf_copy(to, from);
565 #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
566 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
567 to->nf_trace = from->nf_trace;
568 #endif
569 skb_copy_secmark(to, from);
570 }
571
572 int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
573 {
574 u16 offset = sizeof(struct ipv6hdr);
575 struct ipv6_opt_hdr *exthdr =
576 (struct ipv6_opt_hdr *)(ipv6_hdr(skb) + 1);
577 unsigned int packet_len = skb->tail - skb->network_header;
578 int found_rhdr = 0;
579 *nexthdr = &ipv6_hdr(skb)->nexthdr;
580
581 while (offset + 1 <= packet_len) {
582
583 switch (**nexthdr) {
584
585 case NEXTHDR_HOP:
586 break;
587 case NEXTHDR_ROUTING:
588 found_rhdr = 1;
589 break;
590 case NEXTHDR_DEST:
591 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
592 if (ipv6_find_tlv(skb, offset, IPV6_TLV_HAO) >= 0)
593 break;
594 #endif
595 if (found_rhdr)
596 return offset;
597 break;
598 default :
599 return offset;
600 }
601
602 offset += ipv6_optlen(exthdr);
603 *nexthdr = &exthdr->nexthdr;
604 exthdr = (struct ipv6_opt_hdr *)(skb_network_header(skb) +
605 offset);
606 }
607
608 return offset;
609 }
610
611 static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
612 {
613 struct sk_buff *frag;
614 struct rt6_info *rt = (struct rt6_info*)skb_dst(skb);
615 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
616 struct ipv6hdr *tmp_hdr;
617 struct frag_hdr *fh;
618 unsigned int mtu, hlen, left, len;
619 __be32 frag_id = 0;
620 int ptr, offset = 0, err=0;
621 u8 *prevhdr, nexthdr = 0;
622 struct net *net = dev_net(skb_dst(skb)->dev);
623
624 hlen = ip6_find_1stfragopt(skb, &prevhdr);
625 nexthdr = *prevhdr;
626
627 mtu = ip6_skb_dst_mtu(skb);
628
629 /* We must not fragment if the socket is set to force MTU discovery
630 * or if the skb it not generated by a local socket.
631 */
632 if (!skb->local_df) {
633 skb->dev = skb_dst(skb)->dev;
634 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
635 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
636 IPSTATS_MIB_FRAGFAILS);
637 kfree_skb(skb);
638 return -EMSGSIZE;
639 }
640
641 if (np && np->frag_size < mtu) {
642 if (np->frag_size)
643 mtu = np->frag_size;
644 }
645 mtu -= hlen + sizeof(struct frag_hdr);
646
647 if (skb_has_frags(skb)) {
648 int first_len = skb_pagelen(skb);
649 int truesizes = 0;
650
651 if (first_len - hlen > mtu ||
652 ((first_len - hlen) & 7) ||
653 skb_cloned(skb))
654 goto slow_path;
655
656 skb_walk_frags(skb, frag) {
657 /* Correct geometry. */
658 if (frag->len > mtu ||
659 ((frag->len & 7) && frag->next) ||
660 skb_headroom(frag) < hlen)
661 goto slow_path;
662
663 /* Partially cloned skb? */
664 if (skb_shared(frag))
665 goto slow_path;
666
667 BUG_ON(frag->sk);
668 if (skb->sk) {
669 frag->sk = skb->sk;
670 frag->destructor = sock_wfree;
671 truesizes += frag->truesize;
672 }
673 }
674
675 err = 0;
676 offset = 0;
677 frag = skb_shinfo(skb)->frag_list;
678 skb_frag_list_init(skb);
679 /* BUILD HEADER */
680
681 *prevhdr = NEXTHDR_FRAGMENT;
682 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
683 if (!tmp_hdr) {
684 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
685 IPSTATS_MIB_FRAGFAILS);
686 return -ENOMEM;
687 }
688
689 __skb_pull(skb, hlen);
690 fh = (struct frag_hdr*)__skb_push(skb, sizeof(struct frag_hdr));
691 __skb_push(skb, hlen);
692 skb_reset_network_header(skb);
693 memcpy(skb_network_header(skb), tmp_hdr, hlen);
694
695 ipv6_select_ident(fh);
696 fh->nexthdr = nexthdr;
697 fh->reserved = 0;
698 fh->frag_off = htons(IP6_MF);
699 frag_id = fh->identification;
700
701 first_len = skb_pagelen(skb);
702 skb->data_len = first_len - skb_headlen(skb);
703 skb->truesize -= truesizes;
704 skb->len = first_len;
705 ipv6_hdr(skb)->payload_len = htons(first_len -
706 sizeof(struct ipv6hdr));
707
708 dst_hold(&rt->u.dst);
709
710 for (;;) {
711 /* Prepare header of the next frame,
712 * before previous one went down. */
713 if (frag) {
714 frag->ip_summed = CHECKSUM_NONE;
715 skb_reset_transport_header(frag);
716 fh = (struct frag_hdr*)__skb_push(frag, sizeof(struct frag_hdr));
717 __skb_push(frag, hlen);
718 skb_reset_network_header(frag);
719 memcpy(skb_network_header(frag), tmp_hdr,
720 hlen);
721 offset += skb->len - hlen - sizeof(struct frag_hdr);
722 fh->nexthdr = nexthdr;
723 fh->reserved = 0;
724 fh->frag_off = htons(offset);
725 if (frag->next != NULL)
726 fh->frag_off |= htons(IP6_MF);
727 fh->identification = frag_id;
728 ipv6_hdr(frag)->payload_len =
729 htons(frag->len -
730 sizeof(struct ipv6hdr));
731 ip6_copy_metadata(frag, skb);
732 }
733
734 err = output(skb);
735 if(!err)
736 IP6_INC_STATS(net, ip6_dst_idev(&rt->u.dst),
737 IPSTATS_MIB_FRAGCREATES);
738
739 if (err || !frag)
740 break;
741
742 skb = frag;
743 frag = skb->next;
744 skb->next = NULL;
745 }
746
747 kfree(tmp_hdr);
748
749 if (err == 0) {
750 IP6_INC_STATS(net, ip6_dst_idev(&rt->u.dst),
751 IPSTATS_MIB_FRAGOKS);
752 dst_release(&rt->u.dst);
753 return 0;
754 }
755
756 while (frag) {
757 skb = frag->next;
758 kfree_skb(frag);
759 frag = skb;
760 }
761
762 IP6_INC_STATS(net, ip6_dst_idev(&rt->u.dst),
763 IPSTATS_MIB_FRAGFAILS);
764 dst_release(&rt->u.dst);
765 return err;
766 }
767
768 slow_path:
769 left = skb->len - hlen; /* Space per frame */
770 ptr = hlen; /* Where to start from */
771
772 /*
773 * Fragment the datagram.
774 */
775
776 *prevhdr = NEXTHDR_FRAGMENT;
777
778 /*
779 * Keep copying data until we run out.
780 */
781 while(left > 0) {
782 len = left;
783 /* IF: it doesn't fit, use 'mtu' - the data space left */
784 if (len > mtu)
785 len = mtu;
786 /* IF: we are not sending upto and including the packet end
787 then align the next start on an eight byte boundary */
788 if (len < left) {
789 len &= ~7;
790 }
791 /*
792 * Allocate buffer.
793 */
794
795 if ((frag = alloc_skb(len+hlen+sizeof(struct frag_hdr)+LL_ALLOCATED_SPACE(rt->u.dst.dev), GFP_ATOMIC)) == NULL) {
796 NETDEBUG(KERN_INFO "IPv6: frag: no memory for new fragment!\n");
797 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
798 IPSTATS_MIB_FRAGFAILS);
799 err = -ENOMEM;
800 goto fail;
801 }
802
803 /*
804 * Set up data on packet
805 */
806
807 ip6_copy_metadata(frag, skb);
808 skb_reserve(frag, LL_RESERVED_SPACE(rt->u.dst.dev));
809 skb_put(frag, len + hlen + sizeof(struct frag_hdr));
810 skb_reset_network_header(frag);
811 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen);
812 frag->transport_header = (frag->network_header + hlen +
813 sizeof(struct frag_hdr));
814
815 /*
816 * Charge the memory for the fragment to any owner
817 * it might possess
818 */
819 if (skb->sk)
820 skb_set_owner_w(frag, skb->sk);
821
822 /*
823 * Copy the packet header into the new buffer.
824 */
825 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen);
826
827 /*
828 * Build fragment header.
829 */
830 fh->nexthdr = nexthdr;
831 fh->reserved = 0;
832 if (!frag_id) {
833 ipv6_select_ident(fh);
834 frag_id = fh->identification;
835 } else
836 fh->identification = frag_id;
837
838 /*
839 * Copy a block of the IP datagram.
840 */
841 if (skb_copy_bits(skb, ptr, skb_transport_header(frag), len))
842 BUG();
843 left -= len;
844
845 fh->frag_off = htons(offset);
846 if (left > 0)
847 fh->frag_off |= htons(IP6_MF);
848 ipv6_hdr(frag)->payload_len = htons(frag->len -
849 sizeof(struct ipv6hdr));
850
851 ptr += len;
852 offset += len;
853
854 /*
855 * Put this fragment into the sending queue.
856 */
857 err = output(frag);
858 if (err)
859 goto fail;
860
861 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
862 IPSTATS_MIB_FRAGCREATES);
863 }
864 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
865 IPSTATS_MIB_FRAGOKS);
866 kfree_skb(skb);
867 return err;
868
869 fail:
870 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
871 IPSTATS_MIB_FRAGFAILS);
872 kfree_skb(skb);
873 return err;
874 }
875
876 static inline int ip6_rt_check(struct rt6key *rt_key,
877 struct in6_addr *fl_addr,
878 struct in6_addr *addr_cache)
879 {
880 return ((rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) &&
881 (addr_cache == NULL || !ipv6_addr_equal(fl_addr, addr_cache)));
882 }
883
884 static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
885 struct dst_entry *dst,
886 struct flowi *fl)
887 {
888 struct ipv6_pinfo *np = inet6_sk(sk);
889 struct rt6_info *rt = (struct rt6_info *)dst;
890
891 if (!dst)
892 goto out;
893
894 /* Yes, checking route validity in not connected
895 * case is not very simple. Take into account,
896 * that we do not support routing by source, TOS,
897 * and MSG_DONTROUTE --ANK (980726)
898 *
899 * 1. ip6_rt_check(): If route was host route,
900 * check that cached destination is current.
901 * If it is network route, we still may
902 * check its validity using saved pointer
903 * to the last used address: daddr_cache.
904 * We do not want to save whole address now,
905 * (because main consumer of this service
906 * is tcp, which has not this problem),
907 * so that the last trick works only on connected
908 * sockets.
909 * 2. oif also should be the same.
910 */
911 if (ip6_rt_check(&rt->rt6i_dst, &fl->fl6_dst, np->daddr_cache) ||
912 #ifdef CONFIG_IPV6_SUBTREES
913 ip6_rt_check(&rt->rt6i_src, &fl->fl6_src, np->saddr_cache) ||
914 #endif
915 (fl->oif && fl->oif != dst->dev->ifindex)) {
916 dst_release(dst);
917 dst = NULL;
918 }
919
920 out:
921 return dst;
922 }
923
924 static int ip6_dst_lookup_tail(struct sock *sk,
925 struct dst_entry **dst, struct flowi *fl)
926 {
927 int err;
928 struct net *net = sock_net(sk);
929
930 if (*dst == NULL)
931 *dst = ip6_route_output(net, sk, fl);
932
933 if ((err = (*dst)->error))
934 goto out_err_release;
935
936 if (ipv6_addr_any(&fl->fl6_src)) {
937 err = ipv6_dev_get_saddr(net, ip6_dst_idev(*dst)->dev,
938 &fl->fl6_dst,
939 sk ? inet6_sk(sk)->srcprefs : 0,
940 &fl->fl6_src);
941 if (err)
942 goto out_err_release;
943 }
944
945 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
946 /*
947 * Here if the dst entry we've looked up
948 * has a neighbour entry that is in the INCOMPLETE
949 * state and the src address from the flow is
950 * marked as OPTIMISTIC, we release the found
951 * dst entry and replace it instead with the
952 * dst entry of the nexthop router
953 */
954 if ((*dst)->neighbour && !((*dst)->neighbour->nud_state & NUD_VALID)) {
955 struct inet6_ifaddr *ifp;
956 struct flowi fl_gw;
957 int redirect;
958
959 ifp = ipv6_get_ifaddr(net, &fl->fl6_src,
960 (*dst)->dev, 1);
961
962 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
963 if (ifp)
964 in6_ifa_put(ifp);
965
966 if (redirect) {
967 /*
968 * We need to get the dst entry for the
969 * default router instead
970 */
971 dst_release(*dst);
972 memcpy(&fl_gw, fl, sizeof(struct flowi));
973 memset(&fl_gw.fl6_dst, 0, sizeof(struct in6_addr));
974 *dst = ip6_route_output(net, sk, &fl_gw);
975 if ((err = (*dst)->error))
976 goto out_err_release;
977 }
978 }
979 #endif
980
981 return 0;
982
983 out_err_release:
984 if (err == -ENETUNREACH)
985 IP6_INC_STATS_BH(net, NULL, IPSTATS_MIB_OUTNOROUTES);
986 dst_release(*dst);
987 *dst = NULL;
988 return err;
989 }
990
991 /**
992 * ip6_dst_lookup - perform route lookup on flow
993 * @sk: socket which provides route info
994 * @dst: pointer to dst_entry * for result
995 * @fl: flow to lookup
996 *
997 * This function performs a route lookup on the given flow.
998 *
999 * It returns zero on success, or a standard errno code on error.
1000 */
1001 int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl)
1002 {
1003 *dst = NULL;
1004 return ip6_dst_lookup_tail(sk, dst, fl);
1005 }
1006 EXPORT_SYMBOL_GPL(ip6_dst_lookup);
1007
1008 /**
1009 * ip6_sk_dst_lookup - perform socket cached route lookup on flow
1010 * @sk: socket which provides the dst cache and route info
1011 * @dst: pointer to dst_entry * for result
1012 * @fl: flow to lookup
1013 *
1014 * This function performs a route lookup on the given flow with the
1015 * possibility of using the cached route in the socket if it is valid.
1016 * It will take the socket dst lock when operating on the dst cache.
1017 * As a result, this function can only be used in process context.
1018 *
1019 * It returns zero on success, or a standard errno code on error.
1020 */
1021 int ip6_sk_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl)
1022 {
1023 *dst = NULL;
1024 if (sk) {
1025 *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
1026 *dst = ip6_sk_dst_check(sk, *dst, fl);
1027 }
1028
1029 return ip6_dst_lookup_tail(sk, dst, fl);
1030 }
1031 EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup);
1032
1033 static inline int ip6_ufo_append_data(struct sock *sk,
1034 int getfrag(void *from, char *to, int offset, int len,
1035 int odd, struct sk_buff *skb),
1036 void *from, int length, int hh_len, int fragheaderlen,
1037 int transhdrlen, int mtu,unsigned int flags)
1038
1039 {
1040 struct sk_buff *skb;
1041 int err;
1042
1043 /* There is support for UDP large send offload by network
1044 * device, so create one single skb packet containing complete
1045 * udp datagram
1046 */
1047 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) {
1048 skb = sock_alloc_send_skb(sk,
1049 hh_len + fragheaderlen + transhdrlen + 20,
1050 (flags & MSG_DONTWAIT), &err);
1051 if (skb == NULL)
1052 return -ENOMEM;
1053
1054 /* reserve space for Hardware header */
1055 skb_reserve(skb, hh_len);
1056
1057 /* create space for UDP/IP header */
1058 skb_put(skb,fragheaderlen + transhdrlen);
1059
1060 /* initialize network header pointer */
1061 skb_reset_network_header(skb);
1062
1063 /* initialize protocol header pointer */
1064 skb->transport_header = skb->network_header + fragheaderlen;
1065
1066 skb->ip_summed = CHECKSUM_PARTIAL;
1067 skb->csum = 0;
1068 sk->sk_sndmsg_off = 0;
1069 }
1070
1071 err = skb_append_datato_frags(sk,skb, getfrag, from,
1072 (length - transhdrlen));
1073 if (!err) {
1074 struct frag_hdr fhdr;
1075
1076 /* Specify the length of each IPv6 datagram fragment.
1077 * It has to be a multiple of 8.
1078 */
1079 skb_shinfo(skb)->gso_size = (mtu - fragheaderlen -
1080 sizeof(struct frag_hdr)) & ~7;
1081 skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
1082 ipv6_select_ident(&fhdr);
1083 skb_shinfo(skb)->ip6_frag_id = fhdr.identification;
1084 __skb_queue_tail(&sk->sk_write_queue, skb);
1085
1086 return 0;
1087 }
1088 /* There is not enough support do UPD LSO,
1089 * so follow normal path
1090 */
1091 kfree_skb(skb);
1092
1093 return err;
1094 }
1095
1096 static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src,
1097 gfp_t gfp)
1098 {
1099 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1100 }
1101
1102 static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src,
1103 gfp_t gfp)
1104 {
1105 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1106 }
1107
1108 int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
1109 int offset, int len, int odd, struct sk_buff *skb),
1110 void *from, int length, int transhdrlen,
1111 int hlimit, int tclass, struct ipv6_txoptions *opt, struct flowi *fl,
1112 struct rt6_info *rt, unsigned int flags)
1113 {
1114 struct inet_sock *inet = inet_sk(sk);
1115 struct ipv6_pinfo *np = inet6_sk(sk);
1116 struct sk_buff *skb;
1117 unsigned int maxfraglen, fragheaderlen;
1118 int exthdrlen;
1119 int hh_len;
1120 int mtu;
1121 int copy;
1122 int err;
1123 int offset = 0;
1124 int csummode = CHECKSUM_NONE;
1125
1126 if (flags&MSG_PROBE)
1127 return 0;
1128 if (skb_queue_empty(&sk->sk_write_queue)) {
1129 /*
1130 * setup for corking
1131 */
1132 if (opt) {
1133 if (WARN_ON(np->cork.opt))
1134 return -EINVAL;
1135
1136 np->cork.opt = kmalloc(opt->tot_len, sk->sk_allocation);
1137 if (unlikely(np->cork.opt == NULL))
1138 return -ENOBUFS;
1139
1140 np->cork.opt->tot_len = opt->tot_len;
1141 np->cork.opt->opt_flen = opt->opt_flen;
1142 np->cork.opt->opt_nflen = opt->opt_nflen;
1143
1144 np->cork.opt->dst0opt = ip6_opt_dup(opt->dst0opt,
1145 sk->sk_allocation);
1146 if (opt->dst0opt && !np->cork.opt->dst0opt)
1147 return -ENOBUFS;
1148
1149 np->cork.opt->dst1opt = ip6_opt_dup(opt->dst1opt,
1150 sk->sk_allocation);
1151 if (opt->dst1opt && !np->cork.opt->dst1opt)
1152 return -ENOBUFS;
1153
1154 np->cork.opt->hopopt = ip6_opt_dup(opt->hopopt,
1155 sk->sk_allocation);
1156 if (opt->hopopt && !np->cork.opt->hopopt)
1157 return -ENOBUFS;
1158
1159 np->cork.opt->srcrt = ip6_rthdr_dup(opt->srcrt,
1160 sk->sk_allocation);
1161 if (opt->srcrt && !np->cork.opt->srcrt)
1162 return -ENOBUFS;
1163
1164 /* need source address above miyazawa*/
1165 }
1166 dst_hold(&rt->u.dst);
1167 inet->cork.dst = &rt->u.dst;
1168 inet->cork.fl = *fl;
1169 np->cork.hop_limit = hlimit;
1170 np->cork.tclass = tclass;
1171 mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ?
1172 rt->u.dst.dev->mtu : dst_mtu(rt->u.dst.path);
1173 if (np->frag_size < mtu) {
1174 if (np->frag_size)
1175 mtu = np->frag_size;
1176 }
1177 inet->cork.fragsize = mtu;
1178 if (dst_allfrag(rt->u.dst.path))
1179 inet->cork.flags |= IPCORK_ALLFRAG;
1180 inet->cork.length = 0;
1181 sk->sk_sndmsg_page = NULL;
1182 sk->sk_sndmsg_off = 0;
1183 exthdrlen = rt->u.dst.header_len + (opt ? opt->opt_flen : 0) -
1184 rt->rt6i_nfheader_len;
1185 length += exthdrlen;
1186 transhdrlen += exthdrlen;
1187 } else {
1188 rt = (struct rt6_info *)inet->cork.dst;
1189 fl = &inet->cork.fl;
1190 opt = np->cork.opt;
1191 transhdrlen = 0;
1192 exthdrlen = 0;
1193 mtu = inet->cork.fragsize;
1194 }
1195
1196 hh_len = LL_RESERVED_SPACE(rt->u.dst.dev);
1197
1198 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len +
1199 (opt ? opt->opt_nflen : 0);
1200 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr);
1201
1202 if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) {
1203 if (inet->cork.length + length > sizeof(struct ipv6hdr) + IPV6_MAXPLEN - fragheaderlen) {
1204 ipv6_local_error(sk, EMSGSIZE, fl, mtu-exthdrlen);
1205 return -EMSGSIZE;
1206 }
1207 }
1208
1209 /*
1210 * Let's try using as much space as possible.
1211 * Use MTU if total length of the message fits into the MTU.
1212 * Otherwise, we need to reserve fragment header and
1213 * fragment alignment (= 8-15 octects, in total).
1214 *
1215 * Note that we may need to "move" the data from the tail of
1216 * of the buffer to the new fragment when we split
1217 * the message.
1218 *
1219 * FIXME: It may be fragmented into multiple chunks
1220 * at once if non-fragmentable extension headers
1221 * are too large.
1222 * --yoshfuji
1223 */
1224
1225 inet->cork.length += length;
1226 if (((length > mtu) && (sk->sk_protocol == IPPROTO_UDP)) &&
1227 (rt->u.dst.dev->features & NETIF_F_UFO)) {
1228
1229 err = ip6_ufo_append_data(sk, getfrag, from, length, hh_len,
1230 fragheaderlen, transhdrlen, mtu,
1231 flags);
1232 if (err)
1233 goto error;
1234 return 0;
1235 }
1236
1237 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL)
1238 goto alloc_new_skb;
1239
1240 while (length > 0) {
1241 /* Check if the remaining data fits into current packet. */
1242 copy = (inet->cork.length <= mtu && !(inet->cork.flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len;
1243 if (copy < length)
1244 copy = maxfraglen - skb->len;
1245
1246 if (copy <= 0) {
1247 char *data;
1248 unsigned int datalen;
1249 unsigned int fraglen;
1250 unsigned int fraggap;
1251 unsigned int alloclen;
1252 struct sk_buff *skb_prev;
1253 alloc_new_skb:
1254 skb_prev = skb;
1255
1256 /* There's no room in the current skb */
1257 if (skb_prev)
1258 fraggap = skb_prev->len - maxfraglen;
1259 else
1260 fraggap = 0;
1261
1262 /*
1263 * If remaining data exceeds the mtu,
1264 * we know we need more fragment(s).
1265 */
1266 datalen = length + fraggap;
1267 if (datalen > (inet->cork.length <= mtu && !(inet->cork.flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)
1268 datalen = maxfraglen - fragheaderlen;
1269
1270 fraglen = datalen + fragheaderlen;
1271 if ((flags & MSG_MORE) &&
1272 !(rt->u.dst.dev->features&NETIF_F_SG))
1273 alloclen = mtu;
1274 else
1275 alloclen = datalen + fragheaderlen;
1276
1277 /*
1278 * The last fragment gets additional space at tail.
1279 * Note: we overallocate on fragments with MSG_MODE
1280 * because we have no idea if we're the last one.
1281 */
1282 if (datalen == length + fraggap)
1283 alloclen += rt->u.dst.trailer_len;
1284
1285 /*
1286 * We just reserve space for fragment header.
1287 * Note: this may be overallocation if the message
1288 * (without MSG_MORE) fits into the MTU.
1289 */
1290 alloclen += sizeof(struct frag_hdr);
1291
1292 if (transhdrlen) {
1293 skb = sock_alloc_send_skb(sk,
1294 alloclen + hh_len,
1295 (flags & MSG_DONTWAIT), &err);
1296 } else {
1297 skb = NULL;
1298 if (atomic_read(&sk->sk_wmem_alloc) <=
1299 2 * sk->sk_sndbuf)
1300 skb = sock_wmalloc(sk,
1301 alloclen + hh_len, 1,
1302 sk->sk_allocation);
1303 if (unlikely(skb == NULL))
1304 err = -ENOBUFS;
1305 }
1306 if (skb == NULL)
1307 goto error;
1308 /*
1309 * Fill in the control structures
1310 */
1311 skb->ip_summed = csummode;
1312 skb->csum = 0;
1313 /* reserve for fragmentation */
1314 skb_reserve(skb, hh_len+sizeof(struct frag_hdr));
1315
1316 /*
1317 * Find where to start putting bytes
1318 */
1319 data = skb_put(skb, fraglen);
1320 skb_set_network_header(skb, exthdrlen);
1321 data += fragheaderlen;
1322 skb->transport_header = (skb->network_header +
1323 fragheaderlen);
1324 if (fraggap) {
1325 skb->csum = skb_copy_and_csum_bits(
1326 skb_prev, maxfraglen,
1327 data + transhdrlen, fraggap, 0);
1328 skb_prev->csum = csum_sub(skb_prev->csum,
1329 skb->csum);
1330 data += fraggap;
1331 pskb_trim_unique(skb_prev, maxfraglen);
1332 }
1333 copy = datalen - transhdrlen - fraggap;
1334 if (copy < 0) {
1335 err = -EINVAL;
1336 kfree_skb(skb);
1337 goto error;
1338 } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) {
1339 err = -EFAULT;
1340 kfree_skb(skb);
1341 goto error;
1342 }
1343
1344 offset += copy;
1345 length -= datalen - fraggap;
1346 transhdrlen = 0;
1347 exthdrlen = 0;
1348 csummode = CHECKSUM_NONE;
1349
1350 /*
1351 * Put the packet on the pending queue
1352 */
1353 __skb_queue_tail(&sk->sk_write_queue, skb);
1354 continue;
1355 }
1356
1357 if (copy > length)
1358 copy = length;
1359
1360 if (!(rt->u.dst.dev->features&NETIF_F_SG)) {
1361 unsigned int off;
1362
1363 off = skb->len;
1364 if (getfrag(from, skb_put(skb, copy),
1365 offset, copy, off, skb) < 0) {
1366 __skb_trim(skb, off);
1367 err = -EFAULT;
1368 goto error;
1369 }
1370 } else {
1371 int i = skb_shinfo(skb)->nr_frags;
1372 skb_frag_t *frag = &skb_shinfo(skb)->frags[i-1];
1373 struct page *page = sk->sk_sndmsg_page;
1374 int off = sk->sk_sndmsg_off;
1375 unsigned int left;
1376
1377 if (page && (left = PAGE_SIZE - off) > 0) {
1378 if (copy >= left)
1379 copy = left;
1380 if (page != frag->page) {
1381 if (i == MAX_SKB_FRAGS) {
1382 err = -EMSGSIZE;
1383 goto error;
1384 }
1385 get_page(page);
1386 skb_fill_page_desc(skb, i, page, sk->sk_sndmsg_off, 0);
1387 frag = &skb_shinfo(skb)->frags[i];
1388 }
1389 } else if(i < MAX_SKB_FRAGS) {
1390 if (copy > PAGE_SIZE)
1391 copy = PAGE_SIZE;
1392 page = alloc_pages(sk->sk_allocation, 0);
1393 if (page == NULL) {
1394 err = -ENOMEM;
1395 goto error;
1396 }
1397 sk->sk_sndmsg_page = page;
1398 sk->sk_sndmsg_off = 0;
1399
1400 skb_fill_page_desc(skb, i, page, 0, 0);
1401 frag = &skb_shinfo(skb)->frags[i];
1402 } else {
1403 err = -EMSGSIZE;
1404 goto error;
1405 }
1406 if (getfrag(from, page_address(frag->page)+frag->page_offset+frag->size, offset, copy, skb->len, skb) < 0) {
1407 err = -EFAULT;
1408 goto error;
1409 }
1410 sk->sk_sndmsg_off += copy;
1411 frag->size += copy;
1412 skb->len += copy;
1413 skb->data_len += copy;
1414 skb->truesize += copy;
1415 atomic_add(copy, &sk->sk_wmem_alloc);
1416 }
1417 offset += copy;
1418 length -= copy;
1419 }
1420 return 0;
1421 error:
1422 inet->cork.length -= length;
1423 IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1424 return err;
1425 }
1426
1427 static void ip6_cork_release(struct inet_sock *inet, struct ipv6_pinfo *np)
1428 {
1429 if (np->cork.opt) {
1430 kfree(np->cork.opt->dst0opt);
1431 kfree(np->cork.opt->dst1opt);
1432 kfree(np->cork.opt->hopopt);
1433 kfree(np->cork.opt->srcrt);
1434 kfree(np->cork.opt);
1435 np->cork.opt = NULL;
1436 }
1437
1438 if (inet->cork.dst) {
1439 dst_release(inet->cork.dst);
1440 inet->cork.dst = NULL;
1441 inet->cork.flags &= ~IPCORK_ALLFRAG;
1442 }
1443 memset(&inet->cork.fl, 0, sizeof(inet->cork.fl));
1444 }
1445
1446 int ip6_push_pending_frames(struct sock *sk)
1447 {
1448 struct sk_buff *skb, *tmp_skb;
1449 struct sk_buff **tail_skb;
1450 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf;
1451 struct inet_sock *inet = inet_sk(sk);
1452 struct ipv6_pinfo *np = inet6_sk(sk);
1453 struct net *net = sock_net(sk);
1454 struct ipv6hdr *hdr;
1455 struct ipv6_txoptions *opt = np->cork.opt;
1456 struct rt6_info *rt = (struct rt6_info *)inet->cork.dst;
1457 struct flowi *fl = &inet->cork.fl;
1458 unsigned char proto = fl->proto;
1459 int err = 0;
1460
1461 if ((skb = __skb_dequeue(&sk->sk_write_queue)) == NULL)
1462 goto out;
1463 tail_skb = &(skb_shinfo(skb)->frag_list);
1464
1465 /* move skb->data to ip header from ext header */
1466 if (skb->data < skb_network_header(skb))
1467 __skb_pull(skb, skb_network_offset(skb));
1468 while ((tmp_skb = __skb_dequeue(&sk->sk_write_queue)) != NULL) {
1469 __skb_pull(tmp_skb, skb_network_header_len(skb));
1470 *tail_skb = tmp_skb;
1471 tail_skb = &(tmp_skb->next);
1472 skb->len += tmp_skb->len;
1473 skb->data_len += tmp_skb->len;
1474 skb->truesize += tmp_skb->truesize;
1475 tmp_skb->destructor = NULL;
1476 tmp_skb->sk = NULL;
1477 }
1478
1479 /* Allow local fragmentation. */
1480 if (np->pmtudisc < IPV6_PMTUDISC_DO)
1481 skb->local_df = 1;
1482
1483 ipv6_addr_copy(final_dst, &fl->fl6_dst);
1484 __skb_pull(skb, skb_network_header_len(skb));
1485 if (opt && opt->opt_flen)
1486 ipv6_push_frag_opts(skb, opt, &proto);
1487 if (opt && opt->opt_nflen)
1488 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst);
1489
1490 skb_push(skb, sizeof(struct ipv6hdr));
1491 skb_reset_network_header(skb);
1492 hdr = ipv6_hdr(skb);
1493
1494 *(__be32*)hdr = fl->fl6_flowlabel |
1495 htonl(0x60000000 | ((int)np->cork.tclass << 20));
1496
1497 hdr->hop_limit = np->cork.hop_limit;
1498 hdr->nexthdr = proto;
1499 ipv6_addr_copy(&hdr->saddr, &fl->fl6_src);
1500 ipv6_addr_copy(&hdr->daddr, final_dst);
1501
1502 skb->priority = sk->sk_priority;
1503 skb->mark = sk->sk_mark;
1504
1505 skb_dst_set(skb, dst_clone(&rt->u.dst));
1506 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
1507 if (proto == IPPROTO_ICMPV6) {
1508 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
1509
1510 ICMP6MSGOUT_INC_STATS_BH(net, idev, icmp6_hdr(skb)->icmp6_type);
1511 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTMSGS);
1512 }
1513
1514 err = ip6_local_out(skb);
1515 if (err) {
1516 if (err > 0)
1517 err = net_xmit_errno(err);
1518 if (err)
1519 goto error;
1520 }
1521
1522 out:
1523 ip6_cork_release(inet, np);
1524 return err;
1525 error:
1526 IP6_INC_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1527 goto out;
1528 }
1529
1530 void ip6_flush_pending_frames(struct sock *sk)
1531 {
1532 struct sk_buff *skb;
1533
1534 while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) {
1535 if (skb_dst(skb))
1536 IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb_dst(skb)),
1537 IPSTATS_MIB_OUTDISCARDS);
1538 kfree_skb(skb);
1539 }
1540
1541 ip6_cork_release(inet_sk(sk), inet6_sk(sk));
1542 }
ubuntu-bionic-kernel mirror