]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - net/ipv6/ip6_output.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ipv6: Pass struct net through ip6_fragment
[mirror_ubuntu-bionic-kernel.git] / net / ipv6 / ip6_output.c
1 /*
2 * IPv6 output functions
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * Based on linux/net/ipv4/ip_output.c
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
14 *
15 * Changes:
16 * A.N.Kuznetsov : airthmetics in fragmentation.
17 * extension headers are implemented.
18 * route changes now work.
19 * ip6_forward does not confuse sniffers.
20 * etc.
21 *
22 * H. von Brand : Added missing #include <linux/string.h>
23 * Imran Patel : frag id should be in NBO
24 * Kazunori MIYAZAWA @USAGI
25 * : add ip6_append_data and related functions
26 * for datagram xmit
27 */
28
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/string.h>
32 #include <linux/socket.h>
33 #include <linux/net.h>
34 #include <linux/netdevice.h>
35 #include <linux/if_arp.h>
36 #include <linux/in6.h>
37 #include <linux/tcp.h>
38 #include <linux/route.h>
39 #include <linux/module.h>
40 #include <linux/slab.h>
41
42 #include <linux/netfilter.h>
43 #include <linux/netfilter_ipv6.h>
44
45 #include <net/sock.h>
46 #include <net/snmp.h>
47
48 #include <net/ipv6.h>
49 #include <net/ndisc.h>
50 #include <net/protocol.h>
51 #include <net/ip6_route.h>
52 #include <net/addrconf.h>
53 #include <net/rawv6.h>
54 #include <net/icmp.h>
55 #include <net/xfrm.h>
56 #include <net/checksum.h>
57 #include <linux/mroute6.h>
58
59 static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff *skb)
60 {
61 struct dst_entry *dst = skb_dst(skb);
62 struct net_device *dev = dst->dev;
63 struct neighbour *neigh;
64 struct in6_addr *nexthop;
65 int ret;
66
67 skb->protocol = htons(ETH_P_IPV6);
68 skb->dev = dev;
69
70 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
71 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
72
73 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(sk) &&
74 ((mroute6_socket(net, skb) &&
75 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
76 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
77 &ipv6_hdr(skb)->saddr))) {
78 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
79
80 /* Do not check for IFF_ALLMULTI; multicast routing
81 is not supported in any case.
82 */
83 if (newskb)
84 NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING,
85 net, sk, newskb, NULL, newskb->dev,
86 dev_loopback_xmit);
87
88 if (ipv6_hdr(skb)->hop_limit == 0) {
89 IP6_INC_STATS(net, idev,
90 IPSTATS_MIB_OUTDISCARDS);
91 kfree_skb(skb);
92 return 0;
93 }
94 }
95
96 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUTMCAST, skb->len);
97
98 if (IPV6_ADDR_MC_SCOPE(&ipv6_hdr(skb)->daddr) <=
99 IPV6_ADDR_SCOPE_NODELOCAL &&
100 !(dev->flags & IFF_LOOPBACK)) {
101 kfree_skb(skb);
102 return 0;
103 }
104 }
105
106 rcu_read_lock_bh();
107 nexthop = rt6_nexthop((struct rt6_info *)dst, &ipv6_hdr(skb)->daddr);
108 neigh = __ipv6_neigh_lookup_noref(dst->dev, nexthop);
109 if (unlikely(!neigh))
110 neigh = __neigh_create(&nd_tbl, nexthop, dst->dev, false);
111 if (!IS_ERR(neigh)) {
112 ret = dst_neigh_output(dst, neigh, skb);
113 rcu_read_unlock_bh();
114 return ret;
115 }
116 rcu_read_unlock_bh();
117
118 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
119 kfree_skb(skb);
120 return -EINVAL;
121 }
122
123 static int ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb)
124 {
125 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
126 dst_allfrag(skb_dst(skb)) ||
127 (IP6CB(skb)->frag_max_size && skb->len > IP6CB(skb)->frag_max_size))
128 return ip6_fragment(net, sk, skb, ip6_finish_output2);
129 else
130 return ip6_finish_output2(net, sk, skb);
131 }
132
133 int ip6_output(struct sock *sk, struct sk_buff *skb)
134 {
135 struct net_device *dev = skb_dst(skb)->dev;
136 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
137 struct net *net = dev_net(dev);
138
139 if (unlikely(idev->cnf.disable_ipv6)) {
140 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS);
141 kfree_skb(skb);
142 return 0;
143 }
144
145 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING,
146 net, sk, skb, NULL, dev,
147 ip6_finish_output,
148 !(IP6CB(skb)->flags & IP6SKB_REROUTED));
149 }
150
151 /*
152 * xmit an sk_buff (used by TCP, SCTP and DCCP)
153 * Note : socket lock is not held for SYNACK packets, but might be modified
154 * by calls to skb_set_owner_w() and ipv6_local_error(),
155 * which are using proper atomic operations or spinlocks.
156 */
157 int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
158 struct ipv6_txoptions *opt, int tclass)
159 {
160 struct net *net = sock_net(sk);
161 const struct ipv6_pinfo *np = inet6_sk(sk);
162 struct in6_addr *first_hop = &fl6->daddr;
163 struct dst_entry *dst = skb_dst(skb);
164 struct ipv6hdr *hdr;
165 u8 proto = fl6->flowi6_proto;
166 int seg_len = skb->len;
167 int hlimit = -1;
168 u32 mtu;
169
170 if (opt) {
171 unsigned int head_room;
172
173 /* First: exthdrs may take lots of space (~8K for now)
174 MAX_HEADER is not enough.
175 */
176 head_room = opt->opt_nflen + opt->opt_flen;
177 seg_len += head_room;
178 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev);
179
180 if (skb_headroom(skb) < head_room) {
181 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room);
182 if (!skb2) {
183 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
184 IPSTATS_MIB_OUTDISCARDS);
185 kfree_skb(skb);
186 return -ENOBUFS;
187 }
188 consume_skb(skb);
189 skb = skb2;
190 /* skb_set_owner_w() changes sk->sk_wmem_alloc atomically,
191 * it is safe to call in our context (socket lock not held)
192 */
193 skb_set_owner_w(skb, (struct sock *)sk);
194 }
195 if (opt->opt_flen)
196 ipv6_push_frag_opts(skb, opt, &proto);
197 if (opt->opt_nflen)
198 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop);
199 }
200
201 skb_push(skb, sizeof(struct ipv6hdr));
202 skb_reset_network_header(skb);
203 hdr = ipv6_hdr(skb);
204
205 /*
206 * Fill in the IPv6 header
207 */
208 if (np)
209 hlimit = np->hop_limit;
210 if (hlimit < 0)
211 hlimit = ip6_dst_hoplimit(dst);
212
213 ip6_flow_hdr(hdr, tclass, ip6_make_flowlabel(net, skb, fl6->flowlabel,
214 np->autoflowlabel, fl6));
215
216 hdr->payload_len = htons(seg_len);
217 hdr->nexthdr = proto;
218 hdr->hop_limit = hlimit;
219
220 hdr->saddr = fl6->saddr;
221 hdr->daddr = *first_hop;
222
223 skb->protocol = htons(ETH_P_IPV6);
224 skb->priority = sk->sk_priority;
225 skb->mark = sk->sk_mark;
226
227 mtu = dst_mtu(dst);
228 if ((skb->len <= mtu) || skb->ignore_df || skb_is_gso(skb)) {
229 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)),
230 IPSTATS_MIB_OUT, skb->len);
231 /* hooks should never assume socket lock is held.
232 * we promote our socket to non const
233 */
234 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
235 net, (struct sock *)sk, skb, NULL, dst->dev,
236 dst_output_okfn);
237 }
238
239 skb->dev = dst->dev;
240 /* ipv6_local_error() does not require socket lock,
241 * we promote our socket to non const
242 */
243 ipv6_local_error((struct sock *)sk, EMSGSIZE, fl6, mtu);
244
245 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS);
246 kfree_skb(skb);
247 return -EMSGSIZE;
248 }
249 EXPORT_SYMBOL(ip6_xmit);
250
251 static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
252 {
253 struct ip6_ra_chain *ra;
254 struct sock *last = NULL;
255
256 read_lock(&ip6_ra_lock);
257 for (ra = ip6_ra_chain; ra; ra = ra->next) {
258 struct sock *sk = ra->sk;
259 if (sk && ra->sel == sel &&
260 (!sk->sk_bound_dev_if ||
261 sk->sk_bound_dev_if == skb->dev->ifindex)) {
262 if (last) {
263 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
264 if (skb2)
265 rawv6_rcv(last, skb2);
266 }
267 last = sk;
268 }
269 }
270
271 if (last) {
272 rawv6_rcv(last, skb);
273 read_unlock(&ip6_ra_lock);
274 return 1;
275 }
276 read_unlock(&ip6_ra_lock);
277 return 0;
278 }
279
280 static int ip6_forward_proxy_check(struct sk_buff *skb)
281 {
282 struct ipv6hdr *hdr = ipv6_hdr(skb);
283 u8 nexthdr = hdr->nexthdr;
284 __be16 frag_off;
285 int offset;
286
287 if (ipv6_ext_hdr(nexthdr)) {
288 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr, &frag_off);
289 if (offset < 0)
290 return 0;
291 } else
292 offset = sizeof(struct ipv6hdr);
293
294 if (nexthdr == IPPROTO_ICMPV6) {
295 struct icmp6hdr *icmp6;
296
297 if (!pskb_may_pull(skb, (skb_network_header(skb) +
298 offset + 1 - skb->data)))
299 return 0;
300
301 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset);
302
303 switch (icmp6->icmp6_type) {
304 case NDISC_ROUTER_SOLICITATION:
305 case NDISC_ROUTER_ADVERTISEMENT:
306 case NDISC_NEIGHBOUR_SOLICITATION:
307 case NDISC_NEIGHBOUR_ADVERTISEMENT:
308 case NDISC_REDIRECT:
309 /* For reaction involving unicast neighbor discovery
310 * message destined to the proxied address, pass it to
311 * input function.
312 */
313 return 1;
314 default:
315 break;
316 }
317 }
318
319 /*
320 * The proxying router can't forward traffic sent to a link-local
321 * address, so signal the sender and discard the packet. This
322 * behavior is clarified by the MIPv6 specification.
323 */
324 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) {
325 dst_link_failure(skb);
326 return -1;
327 }
328
329 return 0;
330 }
331
332 static inline int ip6_forward_finish(struct net *net, struct sock *sk,
333 struct sk_buff *skb)
334 {
335 skb_sender_cpu_clear(skb);
336 return dst_output(sk, skb);
337 }
338
339 static unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst)
340 {
341 unsigned int mtu;
342 struct inet6_dev *idev;
343
344 if (dst_metric_locked(dst, RTAX_MTU)) {
345 mtu = dst_metric_raw(dst, RTAX_MTU);
346 if (mtu)
347 return mtu;
348 }
349
350 mtu = IPV6_MIN_MTU;
351 rcu_read_lock();
352 idev = __in6_dev_get(dst->dev);
353 if (idev)
354 mtu = idev->cnf.mtu6;
355 rcu_read_unlock();
356
357 return mtu;
358 }
359
360 static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu)
361 {
362 if (skb->len <= mtu)
363 return false;
364
365 /* ipv6 conntrack defrag sets max_frag_size + ignore_df */
366 if (IP6CB(skb)->frag_max_size && IP6CB(skb)->frag_max_size > mtu)
367 return true;
368
369 if (skb->ignore_df)
370 return false;
371
372 if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu)
373 return false;
374
375 return true;
376 }
377
378 int ip6_forward(struct sk_buff *skb)
379 {
380 struct dst_entry *dst = skb_dst(skb);
381 struct ipv6hdr *hdr = ipv6_hdr(skb);
382 struct inet6_skb_parm *opt = IP6CB(skb);
383 struct net *net = dev_net(dst->dev);
384 u32 mtu;
385
386 if (net->ipv6.devconf_all->forwarding == 0)
387 goto error;
388
389 if (skb->pkt_type != PACKET_HOST)
390 goto drop;
391
392 if (skb_warn_if_lro(skb))
393 goto drop;
394
395 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
396 IP6_INC_STATS_BH(net, ip6_dst_idev(dst),
397 IPSTATS_MIB_INDISCARDS);
398 goto drop;
399 }
400
401 skb_forward_csum(skb);
402
403 /*
404 * We DO NOT make any processing on
405 * RA packets, pushing them to user level AS IS
406 * without ane WARRANTY that application will be able
407 * to interpret them. The reason is that we
408 * cannot make anything clever here.
409 *
410 * We are not end-node, so that if packet contains
411 * AH/ESP, we cannot make anything.
412 * Defragmentation also would be mistake, RA packets
413 * cannot be fragmented, because there is no warranty
414 * that different fragments will go along one path. --ANK
415 */
416 if (unlikely(opt->flags & IP6SKB_ROUTERALERT)) {
417 if (ip6_call_ra_chain(skb, ntohs(opt->ra)))
418 return 0;
419 }
420
421 /*
422 * check and decrement ttl
423 */
424 if (hdr->hop_limit <= 1) {
425 /* Force OUTPUT device used as source address */
426 skb->dev = dst->dev;
427 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0);
428 IP6_INC_STATS_BH(net, ip6_dst_idev(dst),
429 IPSTATS_MIB_INHDRERRORS);
430
431 kfree_skb(skb);
432 return -ETIMEDOUT;
433 }
434
435 /* XXX: idev->cnf.proxy_ndp? */
436 if (net->ipv6.devconf_all->proxy_ndp &&
437 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
438 int proxied = ip6_forward_proxy_check(skb);
439 if (proxied > 0)
440 return ip6_input(skb);
441 else if (proxied < 0) {
442 IP6_INC_STATS_BH(net, ip6_dst_idev(dst),
443 IPSTATS_MIB_INDISCARDS);
444 goto drop;
445 }
446 }
447
448 if (!xfrm6_route_forward(skb)) {
449 IP6_INC_STATS_BH(net, ip6_dst_idev(dst),
450 IPSTATS_MIB_INDISCARDS);
451 goto drop;
452 }
453 dst = skb_dst(skb);
454
455 /* IPv6 specs say nothing about it, but it is clear that we cannot
456 send redirects to source routed frames.
457 We don't send redirects to frames decapsulated from IPsec.
458 */
459 if (skb->dev == dst->dev && opt->srcrt == 0 && !skb_sec_path(skb)) {
460 struct in6_addr *target = NULL;
461 struct inet_peer *peer;
462 struct rt6_info *rt;
463
464 /*
465 * incoming and outgoing devices are the same
466 * send a redirect.
467 */
468
469 rt = (struct rt6_info *) dst;
470 if (rt->rt6i_flags & RTF_GATEWAY)
471 target = &rt->rt6i_gateway;
472 else
473 target = &hdr->daddr;
474
475 peer = inet_getpeer_v6(net->ipv6.peers, &hdr->daddr, 1);
476
477 /* Limit redirects both by destination (here)
478 and by source (inside ndisc_send_redirect)
479 */
480 if (inet_peer_xrlim_allow(peer, 1*HZ))
481 ndisc_send_redirect(skb, target);
482 if (peer)
483 inet_putpeer(peer);
484 } else {
485 int addrtype = ipv6_addr_type(&hdr->saddr);
486
487 /* This check is security critical. */
488 if (addrtype == IPV6_ADDR_ANY ||
489 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
490 goto error;
491 if (addrtype & IPV6_ADDR_LINKLOCAL) {
492 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
493 ICMPV6_NOT_NEIGHBOUR, 0);
494 goto error;
495 }
496 }
497
498 mtu = ip6_dst_mtu_forward(dst);
499 if (mtu < IPV6_MIN_MTU)
500 mtu = IPV6_MIN_MTU;
501
502 if (ip6_pkt_too_big(skb, mtu)) {
503 /* Again, force OUTPUT device used as source address */
504 skb->dev = dst->dev;
505 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
506 IP6_INC_STATS_BH(net, ip6_dst_idev(dst),
507 IPSTATS_MIB_INTOOBIGERRORS);
508 IP6_INC_STATS_BH(net, ip6_dst_idev(dst),
509 IPSTATS_MIB_FRAGFAILS);
510 kfree_skb(skb);
511 return -EMSGSIZE;
512 }
513
514 if (skb_cow(skb, dst->dev->hard_header_len)) {
515 IP6_INC_STATS_BH(net, ip6_dst_idev(dst),
516 IPSTATS_MIB_OUTDISCARDS);
517 goto drop;
518 }
519
520 hdr = ipv6_hdr(skb);
521
522 /* Mangling hops number delayed to point after skb COW */
523
524 hdr->hop_limit--;
525
526 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
527 IP6_ADD_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len);
528 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD,
529 net, NULL, skb, skb->dev, dst->dev,
530 ip6_forward_finish);
531
532 error:
533 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS);
534 drop:
535 kfree_skb(skb);
536 return -EINVAL;
537 }
538
539 static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
540 {
541 to->pkt_type = from->pkt_type;
542 to->priority = from->priority;
543 to->protocol = from->protocol;
544 skb_dst_drop(to);
545 skb_dst_set(to, dst_clone(skb_dst(from)));
546 to->dev = from->dev;
547 to->mark = from->mark;
548
549 #ifdef CONFIG_NET_SCHED
550 to->tc_index = from->tc_index;
551 #endif
552 nf_copy(to, from);
553 skb_copy_secmark(to, from);
554 }
555
556 int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,
557 int (*output)(struct net *, struct sock *, struct sk_buff *))
558 {
559 struct sk_buff *frag;
560 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
561 struct ipv6_pinfo *np = skb->sk && !dev_recursion_level() ?
562 inet6_sk(skb->sk) : NULL;
563 struct ipv6hdr *tmp_hdr;
564 struct frag_hdr *fh;
565 unsigned int mtu, hlen, left, len;
566 int hroom, troom;
567 __be32 frag_id;
568 int ptr, offset = 0, err = 0;
569 u8 *prevhdr, nexthdr = 0;
570
571 hlen = ip6_find_1stfragopt(skb, &prevhdr);
572 nexthdr = *prevhdr;
573
574 mtu = ip6_skb_dst_mtu(skb);
575
576 /* We must not fragment if the socket is set to force MTU discovery
577 * or if the skb it not generated by a local socket.
578 */
579 if (unlikely(!skb->ignore_df && skb->len > mtu))
580 goto fail_toobig;
581
582 if (IP6CB(skb)->frag_max_size) {
583 if (IP6CB(skb)->frag_max_size > mtu)
584 goto fail_toobig;
585
586 /* don't send fragments larger than what we received */
587 mtu = IP6CB(skb)->frag_max_size;
588 if (mtu < IPV6_MIN_MTU)
589 mtu = IPV6_MIN_MTU;
590 }
591
592 if (np && np->frag_size < mtu) {
593 if (np->frag_size)
594 mtu = np->frag_size;
595 }
596 mtu -= hlen + sizeof(struct frag_hdr);
597
598 frag_id = ipv6_select_ident(net, &ipv6_hdr(skb)->daddr,
599 &ipv6_hdr(skb)->saddr);
600
601 hroom = LL_RESERVED_SPACE(rt->dst.dev);
602 if (skb_has_frag_list(skb)) {
603 int first_len = skb_pagelen(skb);
604 struct sk_buff *frag2;
605
606 if (first_len - hlen > mtu ||
607 ((first_len - hlen) & 7) ||
608 skb_cloned(skb) ||
609 skb_headroom(skb) < (hroom + sizeof(struct frag_hdr)))
610 goto slow_path;
611
612 skb_walk_frags(skb, frag) {
613 /* Correct geometry. */
614 if (frag->len > mtu ||
615 ((frag->len & 7) && frag->next) ||
616 skb_headroom(frag) < (hlen + hroom + sizeof(struct frag_hdr)))
617 goto slow_path_clean;
618
619 /* Partially cloned skb? */
620 if (skb_shared(frag))
621 goto slow_path_clean;
622
623 BUG_ON(frag->sk);
624 if (skb->sk) {
625 frag->sk = skb->sk;
626 frag->destructor = sock_wfree;
627 }
628 skb->truesize -= frag->truesize;
629 }
630
631 err = 0;
632 offset = 0;
633 /* BUILD HEADER */
634
635 *prevhdr = NEXTHDR_FRAGMENT;
636 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
637 if (!tmp_hdr) {
638 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
639 IPSTATS_MIB_FRAGFAILS);
640 err = -ENOMEM;
641 goto fail;
642 }
643 frag = skb_shinfo(skb)->frag_list;
644 skb_frag_list_init(skb);
645
646 __skb_pull(skb, hlen);
647 fh = (struct frag_hdr *)__skb_push(skb, sizeof(struct frag_hdr));
648 __skb_push(skb, hlen);
649 skb_reset_network_header(skb);
650 memcpy(skb_network_header(skb), tmp_hdr, hlen);
651
652 fh->nexthdr = nexthdr;
653 fh->reserved = 0;
654 fh->frag_off = htons(IP6_MF);
655 fh->identification = frag_id;
656
657 first_len = skb_pagelen(skb);
658 skb->data_len = first_len - skb_headlen(skb);
659 skb->len = first_len;
660 ipv6_hdr(skb)->payload_len = htons(first_len -
661 sizeof(struct ipv6hdr));
662
663 dst_hold(&rt->dst);
664
665 for (;;) {
666 /* Prepare header of the next frame,
667 * before previous one went down. */
668 if (frag) {
669 frag->ip_summed = CHECKSUM_NONE;
670 skb_reset_transport_header(frag);
671 fh = (struct frag_hdr *)__skb_push(frag, sizeof(struct frag_hdr));
672 __skb_push(frag, hlen);
673 skb_reset_network_header(frag);
674 memcpy(skb_network_header(frag), tmp_hdr,
675 hlen);
676 offset += skb->len - hlen - sizeof(struct frag_hdr);
677 fh->nexthdr = nexthdr;
678 fh->reserved = 0;
679 fh->frag_off = htons(offset);
680 if (frag->next)
681 fh->frag_off |= htons(IP6_MF);
682 fh->identification = frag_id;
683 ipv6_hdr(frag)->payload_len =
684 htons(frag->len -
685 sizeof(struct ipv6hdr));
686 ip6_copy_metadata(frag, skb);
687 }
688
689 err = output(net, sk, skb);
690 if (!err)
691 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
692 IPSTATS_MIB_FRAGCREATES);
693
694 if (err || !frag)
695 break;
696
697 skb = frag;
698 frag = skb->next;
699 skb->next = NULL;
700 }
701
702 kfree(tmp_hdr);
703
704 if (err == 0) {
705 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
706 IPSTATS_MIB_FRAGOKS);
707 ip6_rt_put(rt);
708 return 0;
709 }
710
711 kfree_skb_list(frag);
712
713 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
714 IPSTATS_MIB_FRAGFAILS);
715 ip6_rt_put(rt);
716 return err;
717
718 slow_path_clean:
719 skb_walk_frags(skb, frag2) {
720 if (frag2 == frag)
721 break;
722 frag2->sk = NULL;
723 frag2->destructor = NULL;
724 skb->truesize += frag2->truesize;
725 }
726 }
727
728 slow_path:
729 if ((skb->ip_summed == CHECKSUM_PARTIAL) &&
730 skb_checksum_help(skb))
731 goto fail;
732
733 left = skb->len - hlen; /* Space per frame */
734 ptr = hlen; /* Where to start from */
735
736 /*
737 * Fragment the datagram.
738 */
739
740 *prevhdr = NEXTHDR_FRAGMENT;
741 troom = rt->dst.dev->needed_tailroom;
742
743 /*
744 * Keep copying data until we run out.
745 */
746 while (left > 0) {
747 len = left;
748 /* IF: it doesn't fit, use 'mtu' - the data space left */
749 if (len > mtu)
750 len = mtu;
751 /* IF: we are not sending up to and including the packet end
752 then align the next start on an eight byte boundary */
753 if (len < left) {
754 len &= ~7;
755 }
756
757 /* Allocate buffer */
758 frag = alloc_skb(len + hlen + sizeof(struct frag_hdr) +
759 hroom + troom, GFP_ATOMIC);
760 if (!frag) {
761 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
762 IPSTATS_MIB_FRAGFAILS);
763 err = -ENOMEM;
764 goto fail;
765 }
766
767 /*
768 * Set up data on packet
769 */
770
771 ip6_copy_metadata(frag, skb);
772 skb_reserve(frag, hroom);
773 skb_put(frag, len + hlen + sizeof(struct frag_hdr));
774 skb_reset_network_header(frag);
775 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen);
776 frag->transport_header = (frag->network_header + hlen +
777 sizeof(struct frag_hdr));
778
779 /*
780 * Charge the memory for the fragment to any owner
781 * it might possess
782 */
783 if (skb->sk)
784 skb_set_owner_w(frag, skb->sk);
785
786 /*
787 * Copy the packet header into the new buffer.
788 */
789 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen);
790
791 /*
792 * Build fragment header.
793 */
794 fh->nexthdr = nexthdr;
795 fh->reserved = 0;
796 fh->identification = frag_id;
797
798 /*
799 * Copy a block of the IP datagram.
800 */
801 BUG_ON(skb_copy_bits(skb, ptr, skb_transport_header(frag),
802 len));
803 left -= len;
804
805 fh->frag_off = htons(offset);
806 if (left > 0)
807 fh->frag_off |= htons(IP6_MF);
808 ipv6_hdr(frag)->payload_len = htons(frag->len -
809 sizeof(struct ipv6hdr));
810
811 ptr += len;
812 offset += len;
813
814 /*
815 * Put this fragment into the sending queue.
816 */
817 err = output(net, sk, frag);
818 if (err)
819 goto fail;
820
821 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
822 IPSTATS_MIB_FRAGCREATES);
823 }
824 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
825 IPSTATS_MIB_FRAGOKS);
826 consume_skb(skb);
827 return err;
828
829 fail_toobig:
830 if (skb->sk && dst_allfrag(skb_dst(skb)))
831 sk_nocaps_add(skb->sk, NETIF_F_GSO_MASK);
832
833 skb->dev = skb_dst(skb)->dev;
834 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
835 err = -EMSGSIZE;
836
837 fail:
838 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
839 IPSTATS_MIB_FRAGFAILS);
840 kfree_skb(skb);
841 return err;
842 }
843
844 static inline int ip6_rt_check(const struct rt6key *rt_key,
845 const struct in6_addr *fl_addr,
846 const struct in6_addr *addr_cache)
847 {
848 return (rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) &&
849 (!addr_cache || !ipv6_addr_equal(fl_addr, addr_cache));
850 }
851
852 static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
853 struct dst_entry *dst,
854 const struct flowi6 *fl6)
855 {
856 struct ipv6_pinfo *np = inet6_sk(sk);
857 struct rt6_info *rt;
858
859 if (!dst)
860 goto out;
861
862 if (dst->ops->family != AF_INET6) {
863 dst_release(dst);
864 return NULL;
865 }
866
867 rt = (struct rt6_info *)dst;
868 /* Yes, checking route validity in not connected
869 * case is not very simple. Take into account,
870 * that we do not support routing by source, TOS,
871 * and MSG_DONTROUTE --ANK (980726)
872 *
873 * 1. ip6_rt_check(): If route was host route,
874 * check that cached destination is current.
875 * If it is network route, we still may
876 * check its validity using saved pointer
877 * to the last used address: daddr_cache.
878 * We do not want to save whole address now,
879 * (because main consumer of this service
880 * is tcp, which has not this problem),
881 * so that the last trick works only on connected
882 * sockets.
883 * 2. oif also should be the same.
884 */
885 if (ip6_rt_check(&rt->rt6i_dst, &fl6->daddr, np->daddr_cache) ||
886 #ifdef CONFIG_IPV6_SUBTREES
887 ip6_rt_check(&rt->rt6i_src, &fl6->saddr, np->saddr_cache) ||
888 #endif
889 (fl6->flowi6_oif && fl6->flowi6_oif != dst->dev->ifindex)) {
890 dst_release(dst);
891 dst = NULL;
892 }
893
894 out:
895 return dst;
896 }
897
898 static int ip6_dst_lookup_tail(struct net *net, const struct sock *sk,
899 struct dst_entry **dst, struct flowi6 *fl6)
900 {
901 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
902 struct neighbour *n;
903 struct rt6_info *rt;
904 #endif
905 int err;
906
907 /* The correct way to handle this would be to do
908 * ip6_route_get_saddr, and then ip6_route_output; however,
909 * the route-specific preferred source forces the
910 * ip6_route_output call _before_ ip6_route_get_saddr.
911 *
912 * In source specific routing (no src=any default route),
913 * ip6_route_output will fail given src=any saddr, though, so
914 * that's why we try it again later.
915 */
916 if (ipv6_addr_any(&fl6->saddr) && (!*dst || !(*dst)->error)) {
917 struct rt6_info *rt;
918 bool had_dst = *dst != NULL;
919
920 if (!had_dst)
921 *dst = ip6_route_output(net, sk, fl6);
922 rt = (*dst)->error ? NULL : (struct rt6_info *)*dst;
923 err = ip6_route_get_saddr(net, rt, &fl6->daddr,
924 sk ? inet6_sk(sk)->srcprefs : 0,
925 &fl6->saddr);
926 if (err)
927 goto out_err_release;
928
929 /* If we had an erroneous initial result, pretend it
930 * never existed and let the SA-enabled version take
931 * over.
932 */
933 if (!had_dst && (*dst)->error) {
934 dst_release(*dst);
935 *dst = NULL;
936 }
937 }
938
939 if (!*dst)
940 *dst = ip6_route_output(net, sk, fl6);
941
942 err = (*dst)->error;
943 if (err)
944 goto out_err_release;
945
946 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
947 /*
948 * Here if the dst entry we've looked up
949 * has a neighbour entry that is in the INCOMPLETE
950 * state and the src address from the flow is
951 * marked as OPTIMISTIC, we release the found
952 * dst entry and replace it instead with the
953 * dst entry of the nexthop router
954 */
955 rt = (struct rt6_info *) *dst;
956 rcu_read_lock_bh();
957 n = __ipv6_neigh_lookup_noref(rt->dst.dev,
958 rt6_nexthop(rt, &fl6->daddr));
959 err = n && !(n->nud_state & NUD_VALID) ? -EINVAL : 0;
960 rcu_read_unlock_bh();
961
962 if (err) {
963 struct inet6_ifaddr *ifp;
964 struct flowi6 fl_gw6;
965 int redirect;
966
967 ifp = ipv6_get_ifaddr(net, &fl6->saddr,
968 (*dst)->dev, 1);
969
970 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
971 if (ifp)
972 in6_ifa_put(ifp);
973
974 if (redirect) {
975 /*
976 * We need to get the dst entry for the
977 * default router instead
978 */
979 dst_release(*dst);
980 memcpy(&fl_gw6, fl6, sizeof(struct flowi6));
981 memset(&fl_gw6.daddr, 0, sizeof(struct in6_addr));
982 *dst = ip6_route_output(net, sk, &fl_gw6);
983 err = (*dst)->error;
984 if (err)
985 goto out_err_release;
986 }
987 }
988 #endif
989
990 return 0;
991
992 out_err_release:
993 if (err == -ENETUNREACH)
994 IP6_INC_STATS(net, NULL, IPSTATS_MIB_OUTNOROUTES);
995 dst_release(*dst);
996 *dst = NULL;
997 return err;
998 }
999
1000 /**
1001 * ip6_dst_lookup - perform route lookup on flow
1002 * @sk: socket which provides route info
1003 * @dst: pointer to dst_entry * for result
1004 * @fl6: flow to lookup
1005 *
1006 * This function performs a route lookup on the given flow.
1007 *
1008 * It returns zero on success, or a standard errno code on error.
1009 */
1010 int ip6_dst_lookup(struct net *net, struct sock *sk, struct dst_entry **dst,
1011 struct flowi6 *fl6)
1012 {
1013 *dst = NULL;
1014 return ip6_dst_lookup_tail(net, sk, dst, fl6);
1015 }
1016 EXPORT_SYMBOL_GPL(ip6_dst_lookup);
1017
1018 /**
1019 * ip6_dst_lookup_flow - perform route lookup on flow with ipsec
1020 * @sk: socket which provides route info
1021 * @fl6: flow to lookup
1022 * @final_dst: final destination address for ipsec lookup
1023 *
1024 * This function performs a route lookup on the given flow.
1025 *
1026 * It returns a valid dst pointer on success, or a pointer encoded
1027 * error code.
1028 */
1029 struct dst_entry *ip6_dst_lookup_flow(const struct sock *sk, struct flowi6 *fl6,
1030 const struct in6_addr *final_dst)
1031 {
1032 struct dst_entry *dst = NULL;
1033 int err;
1034
1035 err = ip6_dst_lookup_tail(sock_net(sk), sk, &dst, fl6);
1036 if (err)
1037 return ERR_PTR(err);
1038 if (final_dst)
1039 fl6->daddr = *final_dst;
1040 if (!fl6->flowi6_oif)
1041 fl6->flowi6_oif = dst->dev->ifindex;
1042
1043 return xfrm_lookup_route(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
1044 }
1045 EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow);
1046
1047 /**
1048 * ip6_sk_dst_lookup_flow - perform socket cached route lookup on flow
1049 * @sk: socket which provides the dst cache and route info
1050 * @fl6: flow to lookup
1051 * @final_dst: final destination address for ipsec lookup
1052 *
1053 * This function performs a route lookup on the given flow with the
1054 * possibility of using the cached route in the socket if it is valid.
1055 * It will take the socket dst lock when operating on the dst cache.
1056 * As a result, this function can only be used in process context.
1057 *
1058 * It returns a valid dst pointer on success, or a pointer encoded
1059 * error code.
1060 */
1061 struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
1062 const struct in6_addr *final_dst)
1063 {
1064 struct dst_entry *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
1065 int err;
1066
1067 dst = ip6_sk_dst_check(sk, dst, fl6);
1068
1069 err = ip6_dst_lookup_tail(sock_net(sk), sk, &dst, fl6);
1070 if (err)
1071 return ERR_PTR(err);
1072 if (final_dst)
1073 fl6->daddr = *final_dst;
1074
1075 return xfrm_lookup_route(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
1076 }
1077 EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow);
1078
1079 static inline int ip6_ufo_append_data(struct sock *sk,
1080 struct sk_buff_head *queue,
1081 int getfrag(void *from, char *to, int offset, int len,
1082 int odd, struct sk_buff *skb),
1083 void *from, int length, int hh_len, int fragheaderlen,
1084 int transhdrlen, int mtu, unsigned int flags,
1085 const struct flowi6 *fl6)
1086
1087 {
1088 struct sk_buff *skb;
1089 int err;
1090
1091 /* There is support for UDP large send offload by network
1092 * device, so create one single skb packet containing complete
1093 * udp datagram
1094 */
1095 skb = skb_peek_tail(queue);
1096 if (!skb) {
1097 skb = sock_alloc_send_skb(sk,
1098 hh_len + fragheaderlen + transhdrlen + 20,
1099 (flags & MSG_DONTWAIT), &err);
1100 if (!skb)
1101 return err;
1102
1103 /* reserve space for Hardware header */
1104 skb_reserve(skb, hh_len);
1105
1106 /* create space for UDP/IP header */
1107 skb_put(skb, fragheaderlen + transhdrlen);
1108
1109 /* initialize network header pointer */
1110 skb_reset_network_header(skb);
1111
1112 /* initialize protocol header pointer */
1113 skb->transport_header = skb->network_header + fragheaderlen;
1114
1115 skb->protocol = htons(ETH_P_IPV6);
1116 skb->csum = 0;
1117
1118 __skb_queue_tail(queue, skb);
1119 } else if (skb_is_gso(skb)) {
1120 goto append;
1121 }
1122
1123 skb->ip_summed = CHECKSUM_PARTIAL;
1124 /* Specify the length of each IPv6 datagram fragment.
1125 * It has to be a multiple of 8.
1126 */
1127 skb_shinfo(skb)->gso_size = (mtu - fragheaderlen -
1128 sizeof(struct frag_hdr)) & ~7;
1129 skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
1130 skb_shinfo(skb)->ip6_frag_id = ipv6_select_ident(sock_net(sk),
1131 &fl6->daddr,
1132 &fl6->saddr);
1133
1134 append:
1135 return skb_append_datato_frags(sk, skb, getfrag, from,
1136 (length - transhdrlen));
1137 }
1138
1139 static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src,
1140 gfp_t gfp)
1141 {
1142 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1143 }
1144
1145 static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src,
1146 gfp_t gfp)
1147 {
1148 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1149 }
1150
1151 static void ip6_append_data_mtu(unsigned int *mtu,
1152 int *maxfraglen,
1153 unsigned int fragheaderlen,
1154 struct sk_buff *skb,
1155 struct rt6_info *rt,
1156 unsigned int orig_mtu)
1157 {
1158 if (!(rt->dst.flags & DST_XFRM_TUNNEL)) {
1159 if (!skb) {
1160 /* first fragment, reserve header_len */
1161 *mtu = orig_mtu - rt->dst.header_len;
1162
1163 } else {
1164 /*
1165 * this fragment is not first, the headers
1166 * space is regarded as data space.
1167 */
1168 *mtu = orig_mtu;
1169 }
1170 *maxfraglen = ((*mtu - fragheaderlen) & ~7)
1171 + fragheaderlen - sizeof(struct frag_hdr);
1172 }
1173 }
1174
1175 static int ip6_setup_cork(struct sock *sk, struct inet_cork_full *cork,
1176 struct inet6_cork *v6_cork,
1177 int hlimit, int tclass, struct ipv6_txoptions *opt,
1178 struct rt6_info *rt, struct flowi6 *fl6)
1179 {
1180 struct ipv6_pinfo *np = inet6_sk(sk);
1181 unsigned int mtu;
1182
1183 /*
1184 * setup for corking
1185 */
1186 if (opt) {
1187 if (WARN_ON(v6_cork->opt))
1188 return -EINVAL;
1189
1190 v6_cork->opt = kzalloc(opt->tot_len, sk->sk_allocation);
1191 if (unlikely(!v6_cork->opt))
1192 return -ENOBUFS;
1193
1194 v6_cork->opt->tot_len = opt->tot_len;
1195 v6_cork->opt->opt_flen = opt->opt_flen;
1196 v6_cork->opt->opt_nflen = opt->opt_nflen;
1197
1198 v6_cork->opt->dst0opt = ip6_opt_dup(opt->dst0opt,
1199 sk->sk_allocation);
1200 if (opt->dst0opt && !v6_cork->opt->dst0opt)
1201 return -ENOBUFS;
1202
1203 v6_cork->opt->dst1opt = ip6_opt_dup(opt->dst1opt,
1204 sk->sk_allocation);
1205 if (opt->dst1opt && !v6_cork->opt->dst1opt)
1206 return -ENOBUFS;
1207
1208 v6_cork->opt->hopopt = ip6_opt_dup(opt->hopopt,
1209 sk->sk_allocation);
1210 if (opt->hopopt && !v6_cork->opt->hopopt)
1211 return -ENOBUFS;
1212
1213 v6_cork->opt->srcrt = ip6_rthdr_dup(opt->srcrt,
1214 sk->sk_allocation);
1215 if (opt->srcrt && !v6_cork->opt->srcrt)
1216 return -ENOBUFS;
1217
1218 /* need source address above miyazawa*/
1219 }
1220 dst_hold(&rt->dst);
1221 cork->base.dst = &rt->dst;
1222 cork->fl.u.ip6 = *fl6;
1223 v6_cork->hop_limit = hlimit;
1224 v6_cork->tclass = tclass;
1225 if (rt->dst.flags & DST_XFRM_TUNNEL)
1226 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ?
1227 rt->dst.dev->mtu : dst_mtu(&rt->dst);
1228 else
1229 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ?
1230 rt->dst.dev->mtu : dst_mtu(rt->dst.path);
1231 if (np->frag_size < mtu) {
1232 if (np->frag_size)
1233 mtu = np->frag_size;
1234 }
1235 cork->base.fragsize = mtu;
1236 if (dst_allfrag(rt->dst.path))
1237 cork->base.flags |= IPCORK_ALLFRAG;
1238 cork->base.length = 0;
1239
1240 return 0;
1241 }
1242
1243 static int __ip6_append_data(struct sock *sk,
1244 struct flowi6 *fl6,
1245 struct sk_buff_head *queue,
1246 struct inet_cork *cork,
1247 struct inet6_cork *v6_cork,
1248 struct page_frag *pfrag,
1249 int getfrag(void *from, char *to, int offset,
1250 int len, int odd, struct sk_buff *skb),
1251 void *from, int length, int transhdrlen,
1252 unsigned int flags, int dontfrag)
1253 {
1254 struct sk_buff *skb, *skb_prev = NULL;
1255 unsigned int maxfraglen, fragheaderlen, mtu, orig_mtu;
1256 int exthdrlen = 0;
1257 int dst_exthdrlen = 0;
1258 int hh_len;
1259 int copy;
1260 int err;
1261 int offset = 0;
1262 __u8 tx_flags = 0;
1263 u32 tskey = 0;
1264 struct rt6_info *rt = (struct rt6_info *)cork->dst;
1265 struct ipv6_txoptions *opt = v6_cork->opt;
1266 int csummode = CHECKSUM_NONE;
1267
1268 skb = skb_peek_tail(queue);
1269 if (!skb) {
1270 exthdrlen = opt ? opt->opt_flen : 0;
1271 dst_exthdrlen = rt->dst.header_len - rt->rt6i_nfheader_len;
1272 }
1273
1274 mtu = cork->fragsize;
1275 orig_mtu = mtu;
1276
1277 hh_len = LL_RESERVED_SPACE(rt->dst.dev);
1278
1279 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len +
1280 (opt ? opt->opt_nflen : 0);
1281 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen -
1282 sizeof(struct frag_hdr);
1283
1284 if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) {
1285 unsigned int maxnonfragsize, headersize;
1286
1287 headersize = sizeof(struct ipv6hdr) +
1288 (opt ? opt->opt_flen + opt->opt_nflen : 0) +
1289 (dst_allfrag(&rt->dst) ?
1290 sizeof(struct frag_hdr) : 0) +
1291 rt->rt6i_nfheader_len;
1292
1293 if (ip6_sk_ignore_df(sk))
1294 maxnonfragsize = sizeof(struct ipv6hdr) + IPV6_MAXPLEN;
1295 else
1296 maxnonfragsize = mtu;
1297
1298 /* dontfrag active */
1299 if ((cork->length + length > mtu - headersize) && dontfrag &&
1300 (sk->sk_protocol == IPPROTO_UDP ||
1301 sk->sk_protocol == IPPROTO_RAW)) {
1302 ipv6_local_rxpmtu(sk, fl6, mtu - headersize +
1303 sizeof(struct ipv6hdr));
1304 goto emsgsize;
1305 }
1306
1307 if (cork->length + length > maxnonfragsize - headersize) {
1308 emsgsize:
1309 ipv6_local_error(sk, EMSGSIZE, fl6,
1310 mtu - headersize +
1311 sizeof(struct ipv6hdr));
1312 return -EMSGSIZE;
1313 }
1314 }
1315
1316 if (sk->sk_type == SOCK_DGRAM || sk->sk_type == SOCK_RAW) {
1317 sock_tx_timestamp(sk, &tx_flags);
1318 if (tx_flags & SKBTX_ANY_SW_TSTAMP &&
1319 sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID)
1320 tskey = sk->sk_tskey++;
1321 }
1322
1323 /* If this is the first and only packet and device
1324 * supports checksum offloading, let's use it.
1325 * Use transhdrlen, same as IPv4, because partial
1326 * sums only work when transhdrlen is set.
1327 */
1328 if (transhdrlen && sk->sk_protocol == IPPROTO_UDP &&
1329 length + fragheaderlen < mtu &&
1330 rt->dst.dev->features & NETIF_F_V6_CSUM &&
1331 !exthdrlen)
1332 csummode = CHECKSUM_PARTIAL;
1333 /*
1334 * Let's try using as much space as possible.
1335 * Use MTU if total length of the message fits into the MTU.
1336 * Otherwise, we need to reserve fragment header and
1337 * fragment alignment (= 8-15 octects, in total).
1338 *
1339 * Note that we may need to "move" the data from the tail of
1340 * of the buffer to the new fragment when we split
1341 * the message.
1342 *
1343 * FIXME: It may be fragmented into multiple chunks
1344 * at once if non-fragmentable extension headers
1345 * are too large.
1346 * --yoshfuji
1347 */
1348
1349 cork->length += length;
1350 if (((length > mtu) ||
1351 (skb && skb_is_gso(skb))) &&
1352 (sk->sk_protocol == IPPROTO_UDP) &&
1353 (rt->dst.dev->features & NETIF_F_UFO) &&
1354 (sk->sk_type == SOCK_DGRAM)) {
1355 err = ip6_ufo_append_data(sk, queue, getfrag, from, length,
1356 hh_len, fragheaderlen,
1357 transhdrlen, mtu, flags, fl6);
1358 if (err)
1359 goto error;
1360 return 0;
1361 }
1362
1363 if (!skb)
1364 goto alloc_new_skb;
1365
1366 while (length > 0) {
1367 /* Check if the remaining data fits into current packet. */
1368 copy = (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len;
1369 if (copy < length)
1370 copy = maxfraglen - skb->len;
1371
1372 if (copy <= 0) {
1373 char *data;
1374 unsigned int datalen;
1375 unsigned int fraglen;
1376 unsigned int fraggap;
1377 unsigned int alloclen;
1378 alloc_new_skb:
1379 /* There's no room in the current skb */
1380 if (skb)
1381 fraggap = skb->len - maxfraglen;
1382 else
1383 fraggap = 0;
1384 /* update mtu and maxfraglen if necessary */
1385 if (!skb || !skb_prev)
1386 ip6_append_data_mtu(&mtu, &maxfraglen,
1387 fragheaderlen, skb, rt,
1388 orig_mtu);
1389
1390 skb_prev = skb;
1391
1392 /*
1393 * If remaining data exceeds the mtu,
1394 * we know we need more fragment(s).
1395 */
1396 datalen = length + fraggap;
1397
1398 if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)
1399 datalen = maxfraglen - fragheaderlen - rt->dst.trailer_len;
1400 if ((flags & MSG_MORE) &&
1401 !(rt->dst.dev->features&NETIF_F_SG))
1402 alloclen = mtu;
1403 else
1404 alloclen = datalen + fragheaderlen;
1405
1406 alloclen += dst_exthdrlen;
1407
1408 if (datalen != length + fraggap) {
1409 /*
1410 * this is not the last fragment, the trailer
1411 * space is regarded as data space.
1412 */
1413 datalen += rt->dst.trailer_len;
1414 }
1415
1416 alloclen += rt->dst.trailer_len;
1417 fraglen = datalen + fragheaderlen;
1418
1419 /*
1420 * We just reserve space for fragment header.
1421 * Note: this may be overallocation if the message
1422 * (without MSG_MORE) fits into the MTU.
1423 */
1424 alloclen += sizeof(struct frag_hdr);
1425
1426 if (transhdrlen) {
1427 skb = sock_alloc_send_skb(sk,
1428 alloclen + hh_len,
1429 (flags & MSG_DONTWAIT), &err);
1430 } else {
1431 skb = NULL;
1432 if (atomic_read(&sk->sk_wmem_alloc) <=
1433 2 * sk->sk_sndbuf)
1434 skb = sock_wmalloc(sk,
1435 alloclen + hh_len, 1,
1436 sk->sk_allocation);
1437 if (unlikely(!skb))
1438 err = -ENOBUFS;
1439 }
1440 if (!skb)
1441 goto error;
1442 /*
1443 * Fill in the control structures
1444 */
1445 skb->protocol = htons(ETH_P_IPV6);
1446 skb->ip_summed = csummode;
1447 skb->csum = 0;
1448 /* reserve for fragmentation and ipsec header */
1449 skb_reserve(skb, hh_len + sizeof(struct frag_hdr) +
1450 dst_exthdrlen);
1451
1452 /* Only the initial fragment is time stamped */
1453 skb_shinfo(skb)->tx_flags = tx_flags;
1454 tx_flags = 0;
1455 skb_shinfo(skb)->tskey = tskey;
1456 tskey = 0;
1457
1458 /*
1459 * Find where to start putting bytes
1460 */
1461 data = skb_put(skb, fraglen);
1462 skb_set_network_header(skb, exthdrlen);
1463 data += fragheaderlen;
1464 skb->transport_header = (skb->network_header +
1465 fragheaderlen);
1466 if (fraggap) {
1467 skb->csum = skb_copy_and_csum_bits(
1468 skb_prev, maxfraglen,
1469 data + transhdrlen, fraggap, 0);
1470 skb_prev->csum = csum_sub(skb_prev->csum,
1471 skb->csum);
1472 data += fraggap;
1473 pskb_trim_unique(skb_prev, maxfraglen);
1474 }
1475 copy = datalen - transhdrlen - fraggap;
1476
1477 if (copy < 0) {
1478 err = -EINVAL;
1479 kfree_skb(skb);
1480 goto error;
1481 } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) {
1482 err = -EFAULT;
1483 kfree_skb(skb);
1484 goto error;
1485 }
1486
1487 offset += copy;
1488 length -= datalen - fraggap;
1489 transhdrlen = 0;
1490 exthdrlen = 0;
1491 dst_exthdrlen = 0;
1492
1493 /*
1494 * Put the packet on the pending queue
1495 */
1496 __skb_queue_tail(queue, skb);
1497 continue;
1498 }
1499
1500 if (copy > length)
1501 copy = length;
1502
1503 if (!(rt->dst.dev->features&NETIF_F_SG)) {
1504 unsigned int off;
1505
1506 off = skb->len;
1507 if (getfrag(from, skb_put(skb, copy),
1508 offset, copy, off, skb) < 0) {
1509 __skb_trim(skb, off);
1510 err = -EFAULT;
1511 goto error;
1512 }
1513 } else {
1514 int i = skb_shinfo(skb)->nr_frags;
1515
1516 err = -ENOMEM;
1517 if (!sk_page_frag_refill(sk, pfrag))
1518 goto error;
1519
1520 if (!skb_can_coalesce(skb, i, pfrag->page,
1521 pfrag->offset)) {
1522 err = -EMSGSIZE;
1523 if (i == MAX_SKB_FRAGS)
1524 goto error;
1525
1526 __skb_fill_page_desc(skb, i, pfrag->page,
1527 pfrag->offset, 0);
1528 skb_shinfo(skb)->nr_frags = ++i;
1529 get_page(pfrag->page);
1530 }
1531 copy = min_t(int, copy, pfrag->size - pfrag->offset);
1532 if (getfrag(from,
1533 page_address(pfrag->page) + pfrag->offset,
1534 offset, copy, skb->len, skb) < 0)
1535 goto error_efault;
1536
1537 pfrag->offset += copy;
1538 skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
1539 skb->len += copy;
1540 skb->data_len += copy;
1541 skb->truesize += copy;
1542 atomic_add(copy, &sk->sk_wmem_alloc);
1543 }
1544 offset += copy;
1545 length -= copy;
1546 }
1547
1548 return 0;
1549
1550 error_efault:
1551 err = -EFAULT;
1552 error:
1553 cork->length -= length;
1554 IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1555 return err;
1556 }
1557
1558 int ip6_append_data(struct sock *sk,
1559 int getfrag(void *from, char *to, int offset, int len,
1560 int odd, struct sk_buff *skb),
1561 void *from, int length, int transhdrlen, int hlimit,
1562 int tclass, struct ipv6_txoptions *opt, struct flowi6 *fl6,
1563 struct rt6_info *rt, unsigned int flags, int dontfrag)
1564 {
1565 struct inet_sock *inet = inet_sk(sk);
1566 struct ipv6_pinfo *np = inet6_sk(sk);
1567 int exthdrlen;
1568 int err;
1569
1570 if (flags&MSG_PROBE)
1571 return 0;
1572 if (skb_queue_empty(&sk->sk_write_queue)) {
1573 /*
1574 * setup for corking
1575 */
1576 err = ip6_setup_cork(sk, &inet->cork, &np->cork, hlimit,
1577 tclass, opt, rt, fl6);
1578 if (err)
1579 return err;
1580
1581 exthdrlen = (opt ? opt->opt_flen : 0);
1582 length += exthdrlen;
1583 transhdrlen += exthdrlen;
1584 } else {
1585 fl6 = &inet->cork.fl.u.ip6;
1586 transhdrlen = 0;
1587 }
1588
1589 return __ip6_append_data(sk, fl6, &sk->sk_write_queue, &inet->cork.base,
1590 &np->cork, sk_page_frag(sk), getfrag,
1591 from, length, transhdrlen, flags, dontfrag);
1592 }
1593 EXPORT_SYMBOL_GPL(ip6_append_data);
1594
1595 static void ip6_cork_release(struct inet_cork_full *cork,
1596 struct inet6_cork *v6_cork)
1597 {
1598 if (v6_cork->opt) {
1599 kfree(v6_cork->opt->dst0opt);
1600 kfree(v6_cork->opt->dst1opt);
1601 kfree(v6_cork->opt->hopopt);
1602 kfree(v6_cork->opt->srcrt);
1603 kfree(v6_cork->opt);
1604 v6_cork->opt = NULL;
1605 }
1606
1607 if (cork->base.dst) {
1608 dst_release(cork->base.dst);
1609 cork->base.dst = NULL;
1610 cork->base.flags &= ~IPCORK_ALLFRAG;
1611 }
1612 memset(&cork->fl, 0, sizeof(cork->fl));
1613 }
1614
1615 struct sk_buff *__ip6_make_skb(struct sock *sk,
1616 struct sk_buff_head *queue,
1617 struct inet_cork_full *cork,
1618 struct inet6_cork *v6_cork)
1619 {
1620 struct sk_buff *skb, *tmp_skb;
1621 struct sk_buff **tail_skb;
1622 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf;
1623 struct ipv6_pinfo *np = inet6_sk(sk);
1624 struct net *net = sock_net(sk);
1625 struct ipv6hdr *hdr;
1626 struct ipv6_txoptions *opt = v6_cork->opt;
1627 struct rt6_info *rt = (struct rt6_info *)cork->base.dst;
1628 struct flowi6 *fl6 = &cork->fl.u.ip6;
1629 unsigned char proto = fl6->flowi6_proto;
1630
1631 skb = __skb_dequeue(queue);
1632 if (!skb)
1633 goto out;
1634 tail_skb = &(skb_shinfo(skb)->frag_list);
1635
1636 /* move skb->data to ip header from ext header */
1637 if (skb->data < skb_network_header(skb))
1638 __skb_pull(skb, skb_network_offset(skb));
1639 while ((tmp_skb = __skb_dequeue(queue)) != NULL) {
1640 __skb_pull(tmp_skb, skb_network_header_len(skb));
1641 *tail_skb = tmp_skb;
1642 tail_skb = &(tmp_skb->next);
1643 skb->len += tmp_skb->len;
1644 skb->data_len += tmp_skb->len;
1645 skb->truesize += tmp_skb->truesize;
1646 tmp_skb->destructor = NULL;
1647 tmp_skb->sk = NULL;
1648 }
1649
1650 /* Allow local fragmentation. */
1651 skb->ignore_df = ip6_sk_ignore_df(sk);
1652
1653 *final_dst = fl6->daddr;
1654 __skb_pull(skb, skb_network_header_len(skb));
1655 if (opt && opt->opt_flen)
1656 ipv6_push_frag_opts(skb, opt, &proto);
1657 if (opt && opt->opt_nflen)
1658 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst);
1659
1660 skb_push(skb, sizeof(struct ipv6hdr));
1661 skb_reset_network_header(skb);
1662 hdr = ipv6_hdr(skb);
1663
1664 ip6_flow_hdr(hdr, v6_cork->tclass,
1665 ip6_make_flowlabel(net, skb, fl6->flowlabel,
1666 np->autoflowlabel, fl6));
1667 hdr->hop_limit = v6_cork->hop_limit;
1668 hdr->nexthdr = proto;
1669 hdr->saddr = fl6->saddr;
1670 hdr->daddr = *final_dst;
1671
1672 skb->priority = sk->sk_priority;
1673 skb->mark = sk->sk_mark;
1674
1675 skb_dst_set(skb, dst_clone(&rt->dst));
1676 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
1677 if (proto == IPPROTO_ICMPV6) {
1678 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
1679
1680 ICMP6MSGOUT_INC_STATS(net, idev, icmp6_hdr(skb)->icmp6_type);
1681 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1682 }
1683
1684 ip6_cork_release(cork, v6_cork);
1685 out:
1686 return skb;
1687 }
1688
1689 int ip6_send_skb(struct sk_buff *skb)
1690 {
1691 struct net *net = sock_net(skb->sk);
1692 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
1693 int err;
1694
1695 err = ip6_local_out(skb);
1696 if (err) {
1697 if (err > 0)
1698 err = net_xmit_errno(err);
1699 if (err)
1700 IP6_INC_STATS(net, rt->rt6i_idev,
1701 IPSTATS_MIB_OUTDISCARDS);
1702 }
1703
1704 return err;
1705 }
1706
1707 int ip6_push_pending_frames(struct sock *sk)
1708 {
1709 struct sk_buff *skb;
1710
1711 skb = ip6_finish_skb(sk);
1712 if (!skb)
1713 return 0;
1714
1715 return ip6_send_skb(skb);
1716 }
1717 EXPORT_SYMBOL_GPL(ip6_push_pending_frames);
1718
1719 static void __ip6_flush_pending_frames(struct sock *sk,
1720 struct sk_buff_head *queue,
1721 struct inet_cork_full *cork,
1722 struct inet6_cork *v6_cork)
1723 {
1724 struct sk_buff *skb;
1725
1726 while ((skb = __skb_dequeue_tail(queue)) != NULL) {
1727 if (skb_dst(skb))
1728 IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb_dst(skb)),
1729 IPSTATS_MIB_OUTDISCARDS);
1730 kfree_skb(skb);
1731 }
1732
1733 ip6_cork_release(cork, v6_cork);
1734 }
1735
1736 void ip6_flush_pending_frames(struct sock *sk)
1737 {
1738 __ip6_flush_pending_frames(sk, &sk->sk_write_queue,
1739 &inet_sk(sk)->cork, &inet6_sk(sk)->cork);
1740 }
1741 EXPORT_SYMBOL_GPL(ip6_flush_pending_frames);
1742
1743 struct sk_buff *ip6_make_skb(struct sock *sk,
1744 int getfrag(void *from, char *to, int offset,
1745 int len, int odd, struct sk_buff *skb),
1746 void *from, int length, int transhdrlen,
1747 int hlimit, int tclass,
1748 struct ipv6_txoptions *opt, struct flowi6 *fl6,
1749 struct rt6_info *rt, unsigned int flags,
1750 int dontfrag)
1751 {
1752 struct inet_cork_full cork;
1753 struct inet6_cork v6_cork;
1754 struct sk_buff_head queue;
1755 int exthdrlen = (opt ? opt->opt_flen : 0);
1756 int err;
1757
1758 if (flags & MSG_PROBE)
1759 return NULL;
1760
1761 __skb_queue_head_init(&queue);
1762
1763 cork.base.flags = 0;
1764 cork.base.addr = 0;
1765 cork.base.opt = NULL;
1766 v6_cork.opt = NULL;
1767 err = ip6_setup_cork(sk, &cork, &v6_cork, hlimit, tclass, opt, rt, fl6);
1768 if (err)
1769 return ERR_PTR(err);
1770
1771 if (dontfrag < 0)
1772 dontfrag = inet6_sk(sk)->dontfrag;
1773
1774 err = __ip6_append_data(sk, fl6, &queue, &cork.base, &v6_cork,
1775 &current->task_frag, getfrag, from,
1776 length + exthdrlen, transhdrlen + exthdrlen,
1777 flags, dontfrag);
1778 if (err) {
1779 __ip6_flush_pending_frames(sk, &queue, &cork, &v6_cork);
1780 return ERR_PTR(err);
1781 }
1782
1783 return __ip6_make_skb(sk, &queue, &cork, &v6_cork);
1784 }
ubuntu-bionic-kernel mirror