]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/ipv6/ip6_output.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
udp: avoid ufo handling on IP payload compression packets
[mirror_ubuntu-zesty-kernel.git] / net / ipv6 / ip6_output.c
CommitLineData
1da177e4
LT		 1/*
2 * IPv6 output functions
1ab1457c 3 * Linux INET6 implementation
1da177e4
LT		 4 *
5 * Authors:
1ab1457c 6 * Pedro Roque <roque@di.fc.ul.pt>
1da177e4 7 *
1da177e4
LT		 8 * Based on linux/net/ipv4/ip_output.c
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
14 *
15 * Changes:
16 * A.N.Kuznetsov : airthmetics in fragmentation.
17 * extension headers are implemented.
18 * route changes now work.
19 * ip6_forward does not confuse sniffers.
20 * etc.
21 *
22 * H. von Brand : Added missing #include <linux/string.h>
67ba4152 23 * Imran Patel : frag id should be in NBO
1da177e4
LT		 24 * Kazunori MIYAZAWA @USAGI
25 * : add ip6_append_data and related functions
26 * for datagram xmit
27 */
28
1da177e4 29#include <linux/errno.h>
ef76bc23 30#include <linux/kernel.h>
1da177e4
LT		 31#include <linux/string.h>
32#include <linux/socket.h>
33#include <linux/net.h>
34#include <linux/netdevice.h>
35#include <linux/if_arp.h>
36#include <linux/in6.h>
37#include <linux/tcp.h>
38#include <linux/route.h>
b59f45d0 39#include <linux/module.h>
5a0e3ad6 40#include <linux/slab.h>
1da177e4 41
33b48679 42#include <linux/bpf-cgroup.h>
1da177e4
LT		 43#include <linux/netfilter.h>
44#include <linux/netfilter_ipv6.h>
45
46#include <net/sock.h>
47#include <net/snmp.h>
48
49#include <net/ipv6.h>
50#include <net/ndisc.h>
51#include <net/protocol.h>
52#include <net/ip6_route.h>
53#include <net/addrconf.h>
54#include <net/rawv6.h>
55#include <net/icmp.h>
56#include <net/xfrm.h>
57#include <net/checksum.h>
7bc570c8 58#include <linux/mroute6.h>
ca254490 59#include <net/l3mdev.h>
14972cbd 60#include <net/lwtunnel.h>
1da177e4 61
7d8c6e39 62static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff *skb)
1da177e4 63{
adf30907 64 struct dst_entry *dst = skb_dst(skb);
1da177e4 65 struct net_device *dev = dst->dev;
f6b72b62 66 struct neighbour *neigh;
6fd6ce20
YH		 67 struct in6_addr *nexthop;
68 int ret;
1da177e4
LT		 69
70 skb->protocol = htons(ETH_P_IPV6);
71 skb->dev = dev;
72
0660e03f 73 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
adf30907 74 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
1da177e4 75
7026b1dd 76 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(sk) &&
78126c41 77 ((mroute6_socket(net, skb) &&
bd91b8bf 78 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
7bc570c8
YH		 79 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
80 &ipv6_hdr(skb)->saddr))) {
1da177e4
LT		 81 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
82
83 /* Do not check for IFF_ALLMULTI; multicast routing
84 is not supported in any case.
85 */
86 if (newskb)
b2e0b385 87 NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING,
29a26a56 88 net, sk, newskb, NULL, newskb->dev,
95603e22 89 dev_loopback_xmit);
1da177e4 90
0660e03f 91 if (ipv6_hdr(skb)->hop_limit == 0) {
78126c41 92 IP6_INC_STATS(net, idev,
3bd653c8 93 IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 94 kfree_skb(skb);
95 return 0;
96 }
97 }
98
78126c41 99 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUTMCAST, skb->len);
dd408515
HFS		 100
101 if (IPV6_ADDR_MC_SCOPE(&ipv6_hdr(skb)->daddr) <=
102 IPV6_ADDR_SCOPE_NODELOCAL &&
103 !(dev->flags & IFF_LOOPBACK)) {
104 kfree_skb(skb);
105 return 0;
106 }
1da177e4
LT		 107 }
108
14972cbd
RP		 109 if (lwtunnel_xmit_redirect(dst->lwtstate)) {
110 int res = lwtunnel_xmit(skb);
111
112 if (res < 0 || res == LWTUNNEL_XMIT_DONE)
113 return res;
114 }
115
6fd6ce20 116 rcu_read_lock_bh();
2647a9b0 117 nexthop = rt6_nexthop((struct rt6_info *)dst, &ipv6_hdr(skb)->daddr);
6fd6ce20
YH		 118 neigh = __ipv6_neigh_lookup_noref(dst->dev, nexthop);
119 if (unlikely(!neigh))
120 neigh = __neigh_create(&nd_tbl, nexthop, dst->dev, false);
121 if (!IS_ERR(neigh)) {
122 ret = dst_neigh_output(dst, neigh, skb);
123 rcu_read_unlock_bh();
124 return ret;
125 }
126 rcu_read_unlock_bh();
05e3aa09 127
78126c41 128 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
9e508490
JE		 129 kfree_skb(skb);
130 return -EINVAL;
1da177e4
LT		 131}
132
0c4b51f0 133static int ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb)
9e508490 134{
33b48679
DM		 135 int ret;
136
137 ret = BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb);
138 if (ret) {
139 kfree_skb(skb);
140 return ret;
141 }
142
9e508490 143 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
9037c357
JP		 144 dst_allfrag(skb_dst(skb)) ||
145 (IP6CB(skb)->frag_max_size && skb->len > IP6CB(skb)->frag_max_size))
7d8c6e39 146 return ip6_fragment(net, sk, skb, ip6_finish_output2);
9e508490 147 else
7d8c6e39 148 return ip6_finish_output2(net, sk, skb);
9e508490
JE		 149}
150
ede2059d 151int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb)
1da177e4 152{
9e508490 153 struct net_device *dev = skb_dst(skb)->dev;
adf30907 154 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
be10de0a 155
778d80be 156 if (unlikely(idev->cnf.disable_ipv6)) {
19a0644c 157 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS);
778d80be
YH		 158 kfree_skb(skb);
159 return 0;
160 }
161
29a26a56
EB		 162 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING,
163 net, sk, skb, NULL, dev,
9c6eb28a
JE		 164 ip6_finish_output,
165 !(IP6CB(skb)->flags & IP6SKB_REROUTED));
1da177e4
LT		 166}
167
1da177e4 168/*
1c1e9d2b
ED		 169 * xmit an sk_buff (used by TCP, SCTP and DCCP)
170 * Note : socket lock is not held for SYNACK packets, but might be modified
171 * by calls to skb_set_owner_w() and ipv6_local_error(),
172 * which are using proper atomic operations or spinlocks.
1da177e4 173 */
1c1e9d2b 174int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
92e55f41 175 __u32 mark, struct ipv6_txoptions *opt, int tclass)
1da177e4 176{
3bd653c8 177 struct net *net = sock_net(sk);
1c1e9d2b 178 const struct ipv6_pinfo *np = inet6_sk(sk);
4c9483b2 179 struct in6_addr *first_hop = &fl6->daddr;
adf30907 180 struct dst_entry *dst = skb_dst(skb);
1da177e4 181 struct ipv6hdr *hdr;
4c9483b2 182 u8 proto = fl6->flowi6_proto;
1da177e4 183 int seg_len = skb->len;
e651f03a 184 int hlimit = -1;
1da177e4
LT		 185 u32 mtu;
186
187 if (opt) {
c2636b4d 188 unsigned int head_room;
1da177e4
LT		 189
190 /* First: exthdrs may take lots of space (~8K for now)
191 MAX_HEADER is not enough.
192 */
193 head_room = opt->opt_nflen + opt->opt_flen;
194 seg_len += head_room;
195 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev);
196
197 if (skb_headroom(skb) < head_room) {
198 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room);
63159f29 199 if (!skb2) {
adf30907 200 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
a11d206d
YH		 201 IPSTATS_MIB_OUTDISCARDS);
202 kfree_skb(skb);
1da177e4
LT		 203 return -ENOBUFS;
204 }
808db80a 205 consume_skb(skb);
a11d206d 206 skb = skb2;
1c1e9d2b
ED		 207 /* skb_set_owner_w() changes sk->sk_wmem_alloc atomically,
208 * it is safe to call in our context (socket lock not held)
209 */
210 skb_set_owner_w(skb, (struct sock *)sk);
1da177e4
LT		 211 }
212 if (opt->opt_flen)
213 ipv6_push_frag_opts(skb, opt, &proto);
214 if (opt->opt_nflen)
613fa3ca
DL		 215 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop,
216 &fl6->saddr);
1da177e4
LT		 217 }
218
e2d1bca7
ACM		 219 skb_push(skb, sizeof(struct ipv6hdr));
220 skb_reset_network_header(skb);
0660e03f 221 hdr = ipv6_hdr(skb);
1da177e4
LT		 222
223 /*
224 * Fill in the IPv6 header
225 */
b903d324 226 if (np)
1da177e4
LT		 227 hlimit = np->hop_limit;
228 if (hlimit < 0)
6b75d090 229 hlimit = ip6_dst_hoplimit(dst);
1da177e4 230
cb1ce2ef 231 ip6_flow_hdr(hdr, tclass, ip6_make_flowlabel(net, skb, fl6->flowlabel,
67800f9b 232 np->autoflowlabel, fl6));
41a1f8ea 233
1da177e4
LT		 234 hdr->payload_len = htons(seg_len);
235 hdr->nexthdr = proto;
236 hdr->hop_limit = hlimit;
237
4e3fd7a0
AD		 238 hdr->saddr = fl6->saddr;
239 hdr->daddr = *first_hop;
1da177e4 240
9c9c9ad5 241 skb->protocol = htons(ETH_P_IPV6);
a2c2064f 242 skb->priority = sk->sk_priority;
92e55f41 243 skb->mark = mark;
a2c2064f 244
1da177e4 245 mtu = dst_mtu(dst);
60ff7467 246 if ((skb->len <= mtu) || skb->ignore_df || skb_is_gso(skb)) {
adf30907 247 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)),
edf391ff 248 IPSTATS_MIB_OUT, skb->len);
a8e3e1a9
DA		 249
250 /* if egress device is enslaved to an L3 master device pass the
251 * skb to its handler for processing
252 */
253 skb = l3mdev_ip6_out((struct sock *)sk, skb);
254 if (unlikely(!skb))
255 return 0;
256
1c1e9d2b
ED		 257 /* hooks should never assume socket lock is held.
258 * we promote our socket to non const
259 */
29a26a56 260 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
1c1e9d2b 261 net, (struct sock *)sk, skb, NULL, dst->dev,
13206b6b 262 dst_output);
1da177e4
LT		 263 }
264
1da177e4 265 skb->dev = dst->dev;
1c1e9d2b
ED		 266 /* ipv6_local_error() does not require socket lock,
267 * we promote our socket to non const
268 */
269 ipv6_local_error((struct sock *)sk, EMSGSIZE, fl6, mtu);
270
adf30907 271 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS);
1da177e4
LT		 272 kfree_skb(skb);
273 return -EMSGSIZE;
274}
7159039a
YH		 275EXPORT_SYMBOL(ip6_xmit);
276
1da177e4
LT		 277static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
278{
279 struct ip6_ra_chain *ra;
280 struct sock *last = NULL;
281
282 read_lock(&ip6_ra_lock);
283 for (ra = ip6_ra_chain; ra; ra = ra->next) {
284 struct sock *sk = ra->sk;
0bd1b59b
AM		 285 if (sk && ra->sel == sel &&
286 (!sk->sk_bound_dev_if ||
287 sk->sk_bound_dev_if == skb->dev->ifindex)) {
1da177e4
LT		 288 if (last) {
289 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
290 if (skb2)
291 rawv6_rcv(last, skb2);
292 }
293 last = sk;
294 }
295 }
296
297 if (last) {
298 rawv6_rcv(last, skb);
299 read_unlock(&ip6_ra_lock);
300 return 1;
301 }
302 read_unlock(&ip6_ra_lock);
303 return 0;
304}
305
e21e0b5f
VN		 306static int ip6_forward_proxy_check(struct sk_buff *skb)
307{
0660e03f 308 struct ipv6hdr *hdr = ipv6_hdr(skb);
e21e0b5f 309 u8 nexthdr = hdr->nexthdr;
75f2811c 310 __be16 frag_off;
e21e0b5f
VN		 311 int offset;
312
313 if (ipv6_ext_hdr(nexthdr)) {
75f2811c 314 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr, &frag_off);
e21e0b5f
VN		 315 if (offset < 0)
316 return 0;
317 } else
318 offset = sizeof(struct ipv6hdr);
319
320 if (nexthdr == IPPROTO_ICMPV6) {
321 struct icmp6hdr *icmp6;
322
d56f90a7
ACM		 323 if (!pskb_may_pull(skb, (skb_network_header(skb) +
324 offset + 1 - skb->data)))
e21e0b5f
VN		 325 return 0;
326
d56f90a7 327 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset);
e21e0b5f
VN		 328
329 switch (icmp6->icmp6_type) {
330 case NDISC_ROUTER_SOLICITATION:
331 case NDISC_ROUTER_ADVERTISEMENT:
332 case NDISC_NEIGHBOUR_SOLICITATION:
333 case NDISC_NEIGHBOUR_ADVERTISEMENT:
334 case NDISC_REDIRECT:
335 /* For reaction involving unicast neighbor discovery
336 * message destined to the proxied address, pass it to
337 * input function.
338 */
339 return 1;
340 default:
341 break;
342 }
343 }
344
74553b09
VN		 345 /*
346 * The proxying router can't forward traffic sent to a link-local
347 * address, so signal the sender and discard the packet. This
348 * behavior is clarified by the MIPv6 specification.
349 */
350 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) {
351 dst_link_failure(skb);
352 return -1;
353 }
354
e21e0b5f
VN		 355 return 0;
356}
357
0c4b51f0
EB		 358static inline int ip6_forward_finish(struct net *net, struct sock *sk,
359 struct sk_buff *skb)
1da177e4 360{
13206b6b 361 return dst_output(net, sk, skb);
1da177e4
LT		 362}
363
0954cf9c
HFS		 364static unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst)
365{
366 unsigned int mtu;
367 struct inet6_dev *idev;
368
369 if (dst_metric_locked(dst, RTAX_MTU)) {
370 mtu = dst_metric_raw(dst, RTAX_MTU);
371 if (mtu)
372 return mtu;
373 }
374
375 mtu = IPV6_MIN_MTU;
376 rcu_read_lock();
377 idev = __in6_dev_get(dst->dev);
378 if (idev)
379 mtu = idev->cnf.mtu6;
380 rcu_read_unlock();
381
382 return mtu;
383}
384
fe6cc55f
FW		 385static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu)
386{
418a3156 387 if (skb->len <= mtu)
fe6cc55f
FW		 388 return false;
389
60ff7467 390 /* ipv6 conntrack defrag sets max_frag_size + ignore_df */
fe6cc55f
FW		 391 if (IP6CB(skb)->frag_max_size && IP6CB(skb)->frag_max_size > mtu)
392 return true;
393
60ff7467 394 if (skb->ignore_df)
418a3156
FW		 395 return false;
396
ae7ef81e 397 if (skb_is_gso(skb) && skb_gso_validate_mtu(skb, mtu))
fe6cc55f
FW		 398 return false;
399
400 return true;
401}
402
1da177e4
LT		 403int ip6_forward(struct sk_buff *skb)
404{
adf30907 405 struct dst_entry *dst = skb_dst(skb);
0660e03f 406 struct ipv6hdr *hdr = ipv6_hdr(skb);
1da177e4 407 struct inet6_skb_parm *opt = IP6CB(skb);
c346dca1 408 struct net *net = dev_net(dst->dev);
14f3ad6f 409 u32 mtu;
1ab1457c 410
53b7997f 411 if (net->ipv6.devconf_all->forwarding == 0)
1da177e4
LT		 412 goto error;
413
090f1166
LR		 414 if (skb->pkt_type != PACKET_HOST)
415 goto drop;
416
9ef2e965
HFS		 417 if (unlikely(skb->sk))
418 goto drop;
419
4497b076
BH		 420 if (skb_warn_if_lro(skb))
421 goto drop;
422
1da177e4 423 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
1d015503
ED		 424 __IP6_INC_STATS(net, ip6_dst_idev(dst),
425 IPSTATS_MIB_INDISCARDS);
1da177e4
LT		 426 goto drop;
427 }
428
35fc92a9 429 skb_forward_csum(skb);
1da177e4
LT		 430
431 /*
432 * We DO NOT make any processing on
433 * RA packets, pushing them to user level AS IS
434 * without ane WARRANTY that application will be able
435 * to interpret them. The reason is that we
436 * cannot make anything clever here.
437 *
438 * We are not end-node, so that if packet contains
439 * AH/ESP, we cannot make anything.
440 * Defragmentation also would be mistake, RA packets
441 * cannot be fragmented, because there is no warranty
442 * that different fragments will go along one path. --ANK
443 */
ab4eb353
YH		 444 if (unlikely(opt->flags & IP6SKB_ROUTERALERT)) {
445 if (ip6_call_ra_chain(skb, ntohs(opt->ra)))
1da177e4
LT		 446 return 0;
447 }
448
449 /*
450 * check and decrement ttl
451 */
452 if (hdr->hop_limit <= 1) {
453 /* Force OUTPUT device used as source address */
454 skb->dev = dst->dev;
3ffe533c 455 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0);
1d015503
ED		 456 __IP6_INC_STATS(net, ip6_dst_idev(dst),
457 IPSTATS_MIB_INHDRERRORS);
1da177e4
LT		 458
459 kfree_skb(skb);
460 return -ETIMEDOUT;
461 }
462
fbea49e1 463 /* XXX: idev->cnf.proxy_ndp? */
53b7997f 464 if (net->ipv6.devconf_all->proxy_ndp &&
8a3edd80 465 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
74553b09
VN		 466 int proxied = ip6_forward_proxy_check(skb);
467 if (proxied > 0)
e21e0b5f 468 return ip6_input(skb);
74553b09 469 else if (proxied < 0) {
1d015503
ED		 470 __IP6_INC_STATS(net, ip6_dst_idev(dst),
471 IPSTATS_MIB_INDISCARDS);
74553b09
VN		 472 goto drop;
473 }
e21e0b5f
VN		 474 }
475
1da177e4 476 if (!xfrm6_route_forward(skb)) {
1d015503
ED		 477 __IP6_INC_STATS(net, ip6_dst_idev(dst),
478 IPSTATS_MIB_INDISCARDS);
1da177e4
LT		 479 goto drop;
480 }
adf30907 481 dst = skb_dst(skb);
1da177e4
LT		 482
483 /* IPv6 specs say nothing about it, but it is clear that we cannot
484 send redirects to source routed frames.
1e5dc146 485 We don't send redirects to frames decapsulated from IPsec.
1da177e4 486 */
c45a3dfb 487 if (skb->dev == dst->dev && opt->srcrt == 0 && !skb_sec_path(skb)) {
1da177e4 488 struct in6_addr *target = NULL;
fbfe95a4 489 struct inet_peer *peer;
1da177e4 490 struct rt6_info *rt;
1da177e4
LT		 491
492 /*
493 * incoming and outgoing devices are the same
494 * send a redirect.
495 */
496
497 rt = (struct rt6_info *) dst;
c45a3dfb
DM		 498 if (rt->rt6i_flags & RTF_GATEWAY)
499 target = &rt->rt6i_gateway;
1da177e4
LT		 500 else
501 target = &hdr->daddr;
502
fd0273d7 503 peer = inet_getpeer_v6(net->ipv6.peers, &hdr->daddr, 1);
92d86829 504
1da177e4
LT		 505 /* Limit redirects both by destination (here)
506 and by source (inside ndisc_send_redirect)
507 */
fbfe95a4 508 if (inet_peer_xrlim_allow(peer, 1*HZ))
4991969a 509 ndisc_send_redirect(skb, target);
1d861aa4
DM		 510 if (peer)
511 inet_putpeer(peer);
5bb1ab09
DS		 512 } else {
513 int addrtype = ipv6_addr_type(&hdr->saddr);
514
1da177e4 515 /* This check is security critical. */
f81b2e7d
YH		 516 if (addrtype == IPV6_ADDR_ANY ||
517 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
5bb1ab09
DS		 518 goto error;
519 if (addrtype & IPV6_ADDR_LINKLOCAL) {
520 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
3ffe533c 521 ICMPV6_NOT_NEIGHBOUR, 0);
5bb1ab09
DS		 522 goto error;
523 }
1da177e4
LT		 524 }
525
0954cf9c 526 mtu = ip6_dst_mtu_forward(dst);
14f3ad6f
UW		 527 if (mtu < IPV6_MIN_MTU)
528 mtu = IPV6_MIN_MTU;
529
fe6cc55f 530 if (ip6_pkt_too_big(skb, mtu)) {
1da177e4
LT		 531 /* Again, force OUTPUT device used as source address */
532 skb->dev = dst->dev;
14f3ad6f 533 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
1d015503
ED		 534 __IP6_INC_STATS(net, ip6_dst_idev(dst),
535 IPSTATS_MIB_INTOOBIGERRORS);
536 __IP6_INC_STATS(net, ip6_dst_idev(dst),
537 IPSTATS_MIB_FRAGFAILS);
1da177e4
LT		 538 kfree_skb(skb);
539 return -EMSGSIZE;
540 }
541
542 if (skb_cow(skb, dst->dev->hard_header_len)) {
1d015503
ED		 543 __IP6_INC_STATS(net, ip6_dst_idev(dst),
544 IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 545 goto drop;
546 }
547
0660e03f 548 hdr = ipv6_hdr(skb);
1da177e4
LT		 549
550 /* Mangling hops number delayed to point after skb COW */
1ab1457c 551
1da177e4
LT		 552 hdr->hop_limit--;
553
1d015503
ED		 554 __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
555 __IP6_ADD_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len);
29a26a56
EB		 556 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD,
557 net, NULL, skb, skb->dev, dst->dev,
6e23ae2a 558 ip6_forward_finish);
1da177e4
LT		 559
560error:
1d015503 561 __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS);
1da177e4
LT		 562drop:
563 kfree_skb(skb);
564 return -EINVAL;
565}
566
567static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
568{
569 to->pkt_type = from->pkt_type;
570 to->priority = from->priority;
571 to->protocol = from->protocol;
adf30907
ED		 572 skb_dst_drop(to);
573 skb_dst_set(to, dst_clone(skb_dst(from)));
1da177e4 574 to->dev = from->dev;
82e91ffe 575 to->mark = from->mark;
1da177e4
LT		 576
577#ifdef CONFIG_NET_SCHED
578 to->tc_index = from->tc_index;
579#endif
e7ac05f3 580 nf_copy(to, from);
984bc16c 581 skb_copy_secmark(to, from);
1da177e4
LT		 582}
583
7d8c6e39
EB		 584int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,
585 int (*output)(struct net *, struct sock *, struct sk_buff *))
1da177e4 586{
1da177e4 587 struct sk_buff *frag;
67ba4152 588 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
f60e5990 589 struct ipv6_pinfo *np = skb->sk && !dev_recursion_level() ?
590 inet6_sk(skb->sk) : NULL;
1da177e4
LT		 591 struct ipv6hdr *tmp_hdr;
592 struct frag_hdr *fh;
593 unsigned int mtu, hlen, left, len;
a7ae1992 594 int hroom, troom;
286c2349 595 __be32 frag_id;
67ba4152 596 int ptr, offset = 0, err = 0;
1da177e4
LT		 597 u8 *prevhdr, nexthdr = 0;
598
154dffc7
DM		 599 err = ip6_find_1stfragopt(skb, &prevhdr);
600 if (err < 0)
64b4d009 601 goto fail;
154dffc7 602 hlen = err;
1da177e4
LT		 603 nexthdr = *prevhdr;
604
628a5c56 605 mtu = ip6_skb_dst_mtu(skb);
b881ef76
JH		 606
607 /* We must not fragment if the socket is set to force MTU discovery
14f3ad6f 608 * or if the skb it not generated by a local socket.
b881ef76 609 */
485fca66
FW		 610 if (unlikely(!skb->ignore_df && skb->len > mtu))
611 goto fail_toobig;
a34a101e 612
485fca66
FW		 613 if (IP6CB(skb)->frag_max_size) {
614 if (IP6CB(skb)->frag_max_size > mtu)
615 goto fail_toobig;
616
617 /* don't send fragments larger than what we received */
618 mtu = IP6CB(skb)->frag_max_size;
619 if (mtu < IPV6_MIN_MTU)
620 mtu = IPV6_MIN_MTU;
b881ef76
JH		 621 }
622
d91675f9
YH		 623 if (np && np->frag_size < mtu) {
624 if (np->frag_size)
625 mtu = np->frag_size;
626 }
89bc7848 627 if (mtu < hlen + sizeof(struct frag_hdr) + 8)
b72a2b01 628 goto fail_toobig;
1e0d69a9 629 mtu -= hlen + sizeof(struct frag_hdr);
1da177e4 630
fd0273d7
MKL		 631 frag_id = ipv6_select_ident(net, &ipv6_hdr(skb)->daddr,
632 &ipv6_hdr(skb)->saddr);
286c2349 633
405c92f7
HFS		 634 if (skb->ip_summed == CHECKSUM_PARTIAL &&
635 (err = skb_checksum_help(skb)))
636 goto fail;
637
1d325d21 638 hroom = LL_RESERVED_SPACE(rt->dst.dev);
21dc3301 639 if (skb_has_frag_list(skb)) {
c72d8cda 640 unsigned int first_len = skb_pagelen(skb);
3d13008e 641 struct sk_buff *frag2;
1da177e4
LT		 642
643 if (first_len - hlen > mtu ||
644 ((first_len - hlen) & 7) ||
1d325d21
FW		 645 skb_cloned(skb) ||
646 skb_headroom(skb) < (hroom + sizeof(struct frag_hdr)))
1da177e4
LT		 647 goto slow_path;
648
4d9092bb 649 skb_walk_frags(skb, frag) {
1da177e4
LT		 650 /* Correct geometry. */
651 if (frag->len > mtu ||
652 ((frag->len & 7) && frag->next) ||
1d325d21 653 skb_headroom(frag) < (hlen + hroom + sizeof(struct frag_hdr)))
3d13008e 654 goto slow_path_clean;
1da177e4 655
1da177e4
LT		 656 /* Partially cloned skb? */
657 if (skb_shared(frag))
3d13008e 658 goto slow_path_clean;
2fdba6b0
HX		 659
660 BUG_ON(frag->sk);
661 if (skb->sk) {
2fdba6b0
HX		 662 frag->sk = skb->sk;
663 frag->destructor = sock_wfree;
2fdba6b0 664 }
3d13008e 665 skb->truesize -= frag->truesize;
1da177e4
LT		 666 }
667
668 err = 0;
669 offset = 0;
1da177e4
LT		 670 /* BUILD HEADER */
671
9a217a1c 672 *prevhdr = NEXTHDR_FRAGMENT;
d56f90a7 673 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
1da177e4 674 if (!tmp_hdr) {
adf30907 675 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
3bd653c8 676 IPSTATS_MIB_FRAGFAILS);
1d325d21
FW		 677 err = -ENOMEM;
678 goto fail;
1da177e4 679 }
1d325d21
FW		 680 frag = skb_shinfo(skb)->frag_list;
681 skb_frag_list_init(skb);
1da177e4 682
1da177e4 683 __skb_pull(skb, hlen);
67ba4152 684 fh = (struct frag_hdr *)__skb_push(skb, sizeof(struct frag_hdr));
e2d1bca7
ACM		 685 __skb_push(skb, hlen);
686 skb_reset_network_header(skb);
d56f90a7 687 memcpy(skb_network_header(skb), tmp_hdr, hlen);
1da177e4 688
1da177e4
LT		 689 fh->nexthdr = nexthdr;
690 fh->reserved = 0;
691 fh->frag_off = htons(IP6_MF);
286c2349 692 fh->identification = frag_id;
1da177e4
LT		 693
694 first_len = skb_pagelen(skb);
695 skb->data_len = first_len - skb_headlen(skb);
696 skb->len = first_len;
0660e03f
ACM		 697 ipv6_hdr(skb)->payload_len = htons(first_len -
698 sizeof(struct ipv6hdr));
a11d206d 699
d8d1f30b 700 dst_hold(&rt->dst);
1da177e4
LT		 701
702 for (;;) {
703 /* Prepare header of the next frame,
704 * before previous one went down. */
705 if (frag) {
706 frag->ip_summed = CHECKSUM_NONE;
badff6d0 707 skb_reset_transport_header(frag);
67ba4152 708 fh = (struct frag_hdr *)__skb_push(frag, sizeof(struct frag_hdr));
e2d1bca7
ACM		 709 __skb_push(frag, hlen);
710 skb_reset_network_header(frag);
d56f90a7
ACM		 711 memcpy(skb_network_header(frag), tmp_hdr,
712 hlen);
1da177e4
LT		 713 offset += skb->len - hlen - sizeof(struct frag_hdr);
714 fh->nexthdr = nexthdr;
715 fh->reserved = 0;
716 fh->frag_off = htons(offset);
53b24b8f 717 if (frag->next)
1da177e4
LT		 718 fh->frag_off |= htons(IP6_MF);
719 fh->identification = frag_id;
0660e03f
ACM		 720 ipv6_hdr(frag)->payload_len =
721 htons(frag->len -
722 sizeof(struct ipv6hdr));
1da177e4
LT		 723 ip6_copy_metadata(frag, skb);
724 }
1ab1457c 725
7d8c6e39 726 err = output(net, sk, skb);
67ba4152 727 if (!err)
d8d1f30b 728 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
3bd653c8 729 IPSTATS_MIB_FRAGCREATES);
dafee490 730
1da177e4
LT		 731 if (err || !frag)
732 break;
733
734 skb = frag;
735 frag = skb->next;
736 skb->next = NULL;
737 }
738
a51482bd 739 kfree(tmp_hdr);
1da177e4
LT		 740
741 if (err == 0) {
d8d1f30b 742 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
3bd653c8 743 IPSTATS_MIB_FRAGOKS);
94e187c0 744 ip6_rt_put(rt);
1da177e4
LT		 745 return 0;
746 }
747
46cfd725 748 kfree_skb_list(frag);
1da177e4 749
d8d1f30b 750 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
3bd653c8 751 IPSTATS_MIB_FRAGFAILS);
94e187c0 752 ip6_rt_put(rt);
1da177e4 753 return err;
3d13008e
ED		 754
755slow_path_clean:
756 skb_walk_frags(skb, frag2) {
757 if (frag2 == frag)
758 break;
759 frag2->sk = NULL;
760 frag2->destructor = NULL;
761 skb->truesize += frag2->truesize;
762 }
1da177e4
LT		 763 }
764
765slow_path:
766 left = skb->len - hlen; /* Space per frame */
767 ptr = hlen; /* Where to start from */
768
769 /*
770 * Fragment the datagram.
771 */
772
a7ae1992 773 troom = rt->dst.dev->needed_tailroom;
1da177e4
LT		 774
775 /*
776 * Keep copying data until we run out.
777 */
67ba4152 778 while (left > 0) {
45197b72
FW		 779 u8 *fragnexthdr_offset;
780
1da177e4
LT		 781 len = left;
782 /* IF: it doesn't fit, use 'mtu' - the data space left */
783 if (len > mtu)
784 len = mtu;
25985edc 785 /* IF: we are not sending up to and including the packet end
1da177e4
LT		 786 then align the next start on an eight byte boundary */
787 if (len < left) {
788 len &= ~7;
789 }
1da177e4 790
cbffccc9
JP		 791 /* Allocate buffer */
792 frag = alloc_skb(len + hlen + sizeof(struct frag_hdr) +
793 hroom + troom, GFP_ATOMIC);
794 if (!frag) {
adf30907 795 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
a11d206d 796 IPSTATS_MIB_FRAGFAILS);
1da177e4
LT		 797 err = -ENOMEM;
798 goto fail;
799 }
800
801 /*
802 * Set up data on packet
803 */
804
805 ip6_copy_metadata(frag, skb);
a7ae1992 806 skb_reserve(frag, hroom);
1da177e4 807 skb_put(frag, len + hlen + sizeof(struct frag_hdr));
c1d2bbe1 808 skb_reset_network_header(frag);
badff6d0 809 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen);
b0e380b1
ACM		 810 frag->transport_header = (frag->network_header + hlen +
811 sizeof(struct frag_hdr));
1da177e4
LT		 812
813 /*
814 * Charge the memory for the fragment to any owner
815 * it might possess
816 */
817 if (skb->sk)
818 skb_set_owner_w(frag, skb->sk);
819
820 /*
821 * Copy the packet header into the new buffer.
822 */
d626f62b 823 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen);
1da177e4 824
45197b72
FW		 825 fragnexthdr_offset = skb_network_header(frag);
826 fragnexthdr_offset += prevhdr - skb_network_header(skb);
827 *fragnexthdr_offset = NEXTHDR_FRAGMENT;
828
1da177e4
LT		 829 /*
830 * Build fragment header.
831 */
832 fh->nexthdr = nexthdr;
833 fh->reserved = 0;
286c2349 834 fh->identification = frag_id;
1da177e4
LT		 835
836 /*
837 * Copy a block of the IP datagram.
838 */
e3f0b86b
HS		 839 BUG_ON(skb_copy_bits(skb, ptr, skb_transport_header(frag),
840 len));
1da177e4
LT		 841 left -= len;
842
843 fh->frag_off = htons(offset);
844 if (left > 0)
845 fh->frag_off |= htons(IP6_MF);
0660e03f
ACM		 846 ipv6_hdr(frag)->payload_len = htons(frag->len -
847 sizeof(struct ipv6hdr));
1da177e4
LT		 848
849 ptr += len;
850 offset += len;
851
852 /*
853 * Put this fragment into the sending queue.
854 */
7d8c6e39 855 err = output(net, sk, frag);
1da177e4
LT		 856 if (err)
857 goto fail;
dafee490 858
adf30907 859 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
3bd653c8 860 IPSTATS_MIB_FRAGCREATES);
1da177e4 861 }
adf30907 862 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
a11d206d 863 IPSTATS_MIB_FRAGOKS);
808db80a 864 consume_skb(skb);
1da177e4
LT		 865 return err;
866
485fca66
FW		 867fail_toobig:
868 if (skb->sk && dst_allfrag(skb_dst(skb)))
869 sk_nocaps_add(skb->sk, NETIF_F_GSO_MASK);
870
871 skb->dev = skb_dst(skb)->dev;
872 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
873 err = -EMSGSIZE;
874
1da177e4 875fail:
adf30907 876 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
a11d206d 877 IPSTATS_MIB_FRAGFAILS);
1ab1457c 878 kfree_skb(skb);
1da177e4
LT		 879 return err;
880}
881
b71d1d42
ED		 882static inline int ip6_rt_check(const struct rt6key *rt_key,
883 const struct in6_addr *fl_addr,
884 const struct in6_addr *addr_cache)
cf6b1982 885{
a02cec21 886 return (rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) &&
63159f29 887 (!addr_cache || !ipv6_addr_equal(fl_addr, addr_cache));
cf6b1982
YH		 888}
889
497c615a
HX		 890static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
891 struct dst_entry *dst,
b71d1d42 892 const struct flowi6 *fl6)
1da177e4 893{
497c615a 894 struct ipv6_pinfo *np = inet6_sk(sk);
a963a37d 895 struct rt6_info *rt;
1da177e4 896
497c615a
HX		 897 if (!dst)
898 goto out;
899
a963a37d
ED		 900 if (dst->ops->family != AF_INET6) {
901 dst_release(dst);
902 return NULL;
903 }
904
905 rt = (struct rt6_info *)dst;
497c615a
HX		 906 /* Yes, checking route validity in not connected
907 * case is not very simple. Take into account,
908 * that we do not support routing by source, TOS,
67ba4152 909 * and MSG_DONTROUTE --ANK (980726)
497c615a 910 *
cf6b1982
YH		 911 * 1. ip6_rt_check(): If route was host route,
912 * check that cached destination is current.
497c615a
HX		 913 * If it is network route, we still may
914 * check its validity using saved pointer
915 * to the last used address: daddr_cache.
916 * We do not want to save whole address now,
917 * (because main consumer of this service
918 * is tcp, which has not this problem),
919 * so that the last trick works only on connected
920 * sockets.
921 * 2. oif also should be the same.
922 */
4c9483b2 923 if (ip6_rt_check(&rt->rt6i_dst, &fl6->daddr, np->daddr_cache) ||
8e1ef0a9 924#ifdef CONFIG_IPV6_SUBTREES
4c9483b2 925 ip6_rt_check(&rt->rt6i_src, &fl6->saddr, np->saddr_cache) ||
8e1ef0a9 926#endif
ca254490
DA		 927 (!(fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF) &&
928 (fl6->flowi6_oif && fl6->flowi6_oif != dst->dev->ifindex))) {
497c615a
HX		 929 dst_release(dst);
930 dst = NULL;
1da177e4
LT		 931 }
932
497c615a
HX		 933out:
934 return dst;
935}
936
3aef934f 937static int ip6_dst_lookup_tail(struct net *net, const struct sock *sk,
4c9483b2 938 struct dst_entry **dst, struct flowi6 *fl6)
497c615a 939{
69cce1d1
DM		 940#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
941 struct neighbour *n;
97cac082 942 struct rt6_info *rt;
69cce1d1
DM		 943#endif
944 int err;
6f21c96a 945 int flags = 0;
497c615a 946
e16e888b
MS		 947 /* The correct way to handle this would be to do
948 * ip6_route_get_saddr, and then ip6_route_output; however,
949 * the route-specific preferred source forces the
950 * ip6_route_output call _before_ ip6_route_get_saddr.
951 *
952 * In source specific routing (no src=any default route),
953 * ip6_route_output will fail given src=any saddr, though, so
954 * that's why we try it again later.
955 */
956 if (ipv6_addr_any(&fl6->saddr) && (!*dst || !(*dst)->error)) {
957 struct rt6_info *rt;
958 bool had_dst = *dst != NULL;
1da177e4 959
e16e888b
MS		 960 if (!had_dst)
961 *dst = ip6_route_output(net, sk, fl6);
962 rt = (*dst)->error ? NULL : (struct rt6_info *)*dst;
c3968a85
DW		 963 err = ip6_route_get_saddr(net, rt, &fl6->daddr,
964 sk ? inet6_sk(sk)->srcprefs : 0,
965 &fl6->saddr);
44456d37 966 if (err)
1da177e4 967 goto out_err_release;
e16e888b
MS		 968
969 /* If we had an erroneous initial result, pretend it
970 * never existed and let the SA-enabled version take
971 * over.
972 */
973 if (!had_dst && (*dst)->error) {
974 dst_release(*dst);
975 *dst = NULL;
976 }
6f21c96a
PA		 977
978 if (fl6->flowi6_oif)
979 flags |= RT6_LOOKUP_F_IFACE;
1da177e4
LT		 980 }
981
e16e888b 982 if (!*dst)
6f21c96a 983 *dst = ip6_route_output_flags(net, sk, fl6, flags);
e16e888b
MS		 984
985 err = (*dst)->error;
986 if (err)
987 goto out_err_release;
988
95c385b4 989#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
e550dfb0
NH		 990 /*
991 * Here if the dst entry we've looked up
992 * has a neighbour entry that is in the INCOMPLETE
993 * state and the src address from the flow is
994 * marked as OPTIMISTIC, we release the found
995 * dst entry and replace it instead with the
996 * dst entry of the nexthop router
997 */
c56bf6fe 998 rt = (struct rt6_info *) *dst;
707be1ff 999 rcu_read_lock_bh();
2647a9b0
MKL		 1000 n = __ipv6_neigh_lookup_noref(rt->dst.dev,
1001 rt6_nexthop(rt, &fl6->daddr));
707be1ff
YH		 1002 err = n && !(n->nud_state & NUD_VALID) ? -EINVAL : 0;
1003 rcu_read_unlock_bh();
1004
1005 if (err) {
e550dfb0 1006 struct inet6_ifaddr *ifp;
4c9483b2 1007 struct flowi6 fl_gw6;
e550dfb0
NH		 1008 int redirect;
1009
4c9483b2 1010 ifp = ipv6_get_ifaddr(net, &fl6->saddr,
e550dfb0
NH		 1011 (*dst)->dev, 1);
1012
1013 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
1014 if (ifp)
1015 in6_ifa_put(ifp);
1016
1017 if (redirect) {
1018 /*
1019 * We need to get the dst entry for the
1020 * default router instead
1021 */
1022 dst_release(*dst);
4c9483b2
DM		 1023 memcpy(&fl_gw6, fl6, sizeof(struct flowi6));
1024 memset(&fl_gw6.daddr, 0, sizeof(struct in6_addr));
1025 *dst = ip6_route_output(net, sk, &fl_gw6);
e5d08d71
IM		 1026 err = (*dst)->error;
1027 if (err)
e550dfb0 1028 goto out_err_release;
95c385b4 1029 }
e550dfb0 1030 }
95c385b4 1031#endif
ec5e3b0a 1032 if (ipv6_addr_v4mapped(&fl6->saddr) &&
00ea1cee
WB		 1033 !(ipv6_addr_v4mapped(&fl6->daddr) || ipv6_addr_any(&fl6->daddr))) {
1034 err = -EAFNOSUPPORT;
1035 goto out_err_release;
1036 }
95c385b4 1037
1da177e4
LT		 1038 return 0;
1039
1040out_err_release:
1041 dst_release(*dst);
1042 *dst = NULL;
8a966fc0 1043
0d240e78
DA		 1044 if (err == -ENETUNREACH)
1045 IP6_INC_STATS(net, NULL, IPSTATS_MIB_OUTNOROUTES);
1da177e4
LT		 1046 return err;
1047}
34a0b3cd 1048
497c615a
HX		 1049/**
1050 * ip6_dst_lookup - perform route lookup on flow
1051 * @sk: socket which provides route info
1052 * @dst: pointer to dst_entry * for result
4c9483b2 1053 * @fl6: flow to lookup
497c615a
HX		 1054 *
1055 * This function performs a route lookup on the given flow.
1056 *
1057 * It returns zero on success, or a standard errno code on error.
1058 */
343d60aa
RP		 1059int ip6_dst_lookup(struct net *net, struct sock *sk, struct dst_entry **dst,
1060 struct flowi6 *fl6)
497c615a
HX		 1061{
1062 *dst = NULL;
343d60aa 1063 return ip6_dst_lookup_tail(net, sk, dst, fl6);
497c615a 1064}
3cf3dc6c
ACM		 1065EXPORT_SYMBOL_GPL(ip6_dst_lookup);
1066
497c615a 1067/**
68d0c6d3
DM		 1068 * ip6_dst_lookup_flow - perform route lookup on flow with ipsec
1069 * @sk: socket which provides route info
4c9483b2 1070 * @fl6: flow to lookup
68d0c6d3 1071 * @final_dst: final destination address for ipsec lookup
68d0c6d3
DM		 1072 *
1073 * This function performs a route lookup on the given flow.
1074 *
1075 * It returns a valid dst pointer on success, or a pointer encoded
1076 * error code.
1077 */
3aef934f 1078struct dst_entry *ip6_dst_lookup_flow(const struct sock *sk, struct flowi6 *fl6,
0e0d44ab 1079 const struct in6_addr *final_dst)
68d0c6d3
DM		 1080{
1081 struct dst_entry *dst = NULL;
1082 int err;
1083
343d60aa 1084 err = ip6_dst_lookup_tail(sock_net(sk), sk, &dst, fl6);
68d0c6d3
DM		 1085 if (err)
1086 return ERR_PTR(err);
1087 if (final_dst)
4e3fd7a0 1088 fl6->daddr = *final_dst;
2774c131 1089
f92ee619 1090 return xfrm_lookup_route(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
68d0c6d3
DM		 1091}
1092EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow);
1093
1094/**
1095 * ip6_sk_dst_lookup_flow - perform socket cached route lookup on flow
497c615a 1096 * @sk: socket which provides the dst cache and route info
4c9483b2 1097 * @fl6: flow to lookup
68d0c6d3 1098 * @final_dst: final destination address for ipsec lookup
497c615a
HX		 1099 *
1100 * This function performs a route lookup on the given flow with the
1101 * possibility of using the cached route in the socket if it is valid.
1102 * It will take the socket dst lock when operating on the dst cache.
1103 * As a result, this function can only be used in process context.
1104 *
68d0c6d3
DM		 1105 * It returns a valid dst pointer on success, or a pointer encoded
1106 * error code.
497c615a 1107 */
4c9483b2 1108struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
0e0d44ab 1109 const struct in6_addr *final_dst)
497c615a 1110{
68d0c6d3 1111 struct dst_entry *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
497c615a 1112
4c9483b2 1113 dst = ip6_sk_dst_check(sk, dst, fl6);
00bc0ef5
JS		 1114 if (!dst)
1115 dst = ip6_dst_lookup_flow(sk, fl6, final_dst);
68d0c6d3 1116
00bc0ef5 1117 return dst;
497c615a 1118}
68d0c6d3 1119EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow);
497c615a 1120
34a0b3cd 1121static inline int ip6_ufo_append_data(struct sock *sk,
0bbe84a6 1122 struct sk_buff_head *queue,
e89e9cf5
AR		 1123 int getfrag(void *from, char *to, int offset, int len,
1124 int odd, struct sk_buff *skb),
1125 void *from, int length, int hh_len, int fragheaderlen,
3ba3458f
JS		 1126 int exthdrlen, int transhdrlen, int mtu,
1127 unsigned int flags, const struct flowi6 *fl6)
e89e9cf5
AR		 1128
1129{
1130 struct sk_buff *skb;
1131 int err;
1132
1133 /* There is support for UDP large send offload by network
1134 * device, so create one single skb packet containing complete
1135 * udp datagram
1136 */
0bbe84a6 1137 skb = skb_peek_tail(queue);
63159f29 1138 if (!skb) {
e89e9cf5
AR		 1139 skb = sock_alloc_send_skb(sk,
1140 hh_len + fragheaderlen + transhdrlen + 20,
1141 (flags & MSG_DONTWAIT), &err);
63159f29 1142 if (!skb)
504744e4 1143 return err;
e89e9cf5
AR		 1144
1145 /* reserve space for Hardware header */
1146 skb_reserve(skb, hh_len);
1147
1148 /* create space for UDP/IP header */
67ba4152 1149 skb_put(skb, fragheaderlen + transhdrlen);
e89e9cf5
AR		 1150
1151 /* initialize network header pointer */
3ba3458f 1152 skb_set_network_header(skb, exthdrlen);
e89e9cf5
AR		 1153
1154 /* initialize protocol header pointer */
b0e380b1 1155 skb->transport_header = skb->network_header + fragheaderlen;
e89e9cf5 1156
9c9c9ad5 1157 skb->protocol = htons(ETH_P_IPV6);
e89e9cf5 1158 skb->csum = 0;
e89e9cf5 1159
0bbe84a6 1160 __skb_queue_tail(queue, skb);
c547dbf5
JP		 1161 } else if (skb_is_gso(skb)) {
1162 goto append;
e89e9cf5 1163 }
e89e9cf5 1164
c547dbf5
JP		 1165 skb->ip_summed = CHECKSUM_PARTIAL;
1166 /* Specify the length of each IPv6 datagram fragment.
1167 * It has to be a multiple of 8.
1168 */
1169 skb_shinfo(skb)->gso_size = (mtu - fragheaderlen -
1170 sizeof(struct frag_hdr)) & ~7;
1171 skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
fd0273d7
MKL		 1172 skb_shinfo(skb)->ip6_frag_id = ipv6_select_ident(sock_net(sk),
1173 &fl6->daddr,
1174 &fl6->saddr);
c547dbf5
JP		 1175
1176append:
2811ebac
HFS		 1177 return skb_append_datato_frags(sk, skb, getfrag, from,
1178 (length - transhdrlen));
e89e9cf5 1179}
1da177e4 1180
0178b695
HX		 1181static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src,
1182 gfp_t gfp)
1183{
1184 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1185}
1186
1187static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src,
1188 gfp_t gfp)
1189{
1190 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1191}
1192
75a493e6 1193static void ip6_append_data_mtu(unsigned int *mtu,
0c183379
G		 1194 int *maxfraglen,
1195 unsigned int fragheaderlen,
1196 struct sk_buff *skb,
75a493e6 1197 struct rt6_info *rt,
e367c2d0 1198 unsigned int orig_mtu)
0c183379
G		 1199{
1200 if (!(rt->dst.flags & DST_XFRM_TUNNEL)) {
63159f29 1201 if (!skb) {
0c183379 1202 /* first fragment, reserve header_len */
e367c2d0 1203 *mtu = orig_mtu - rt->dst.header_len;
0c183379
G		 1204
1205 } else {
1206 /*
1207 * this fragment is not first, the headers
1208 * space is regarded as data space.
1209 */
e367c2d0 1210 *mtu = orig_mtu;
0c183379
G		 1211 }
1212 *maxfraglen = ((*mtu - fragheaderlen) & ~7)
1213 + fragheaderlen - sizeof(struct frag_hdr);
1214 }
1215}
1216
366e41d9 1217static int ip6_setup_cork(struct sock *sk, struct inet_cork_full *cork,
26879da5 1218 struct inet6_cork *v6_cork, struct ipcm6_cookie *ipc6,
366e41d9
VY		 1219 struct rt6_info *rt, struct flowi6 *fl6)
1220{
1221 struct ipv6_pinfo *np = inet6_sk(sk);
1222 unsigned int mtu;
26879da5 1223 struct ipv6_txoptions *opt = ipc6->opt;
366e41d9
VY		 1224
1225 /*
1226 * setup for corking
1227 */
1228 if (opt) {
1229 if (WARN_ON(v6_cork->opt))
1230 return -EINVAL;
1231
1232 v6_cork->opt = kzalloc(opt->tot_len, sk->sk_allocation);
63159f29 1233 if (unlikely(!v6_cork->opt))
366e41d9
VY		 1234 return -ENOBUFS;
1235
1236 v6_cork->opt->tot_len = opt->tot_len;
1237 v6_cork->opt->opt_flen = opt->opt_flen;
1238 v6_cork->opt->opt_nflen = opt->opt_nflen;
1239
1240 v6_cork->opt->dst0opt = ip6_opt_dup(opt->dst0opt,
1241 sk->sk_allocation);
1242 if (opt->dst0opt && !v6_cork->opt->dst0opt)
1243 return -ENOBUFS;
1244
1245 v6_cork->opt->dst1opt = ip6_opt_dup(opt->dst1opt,
1246 sk->sk_allocation);
1247 if (opt->dst1opt && !v6_cork->opt->dst1opt)
1248 return -ENOBUFS;
1249
1250 v6_cork->opt->hopopt = ip6_opt_dup(opt->hopopt,
1251 sk->sk_allocation);
1252 if (opt->hopopt && !v6_cork->opt->hopopt)
1253 return -ENOBUFS;
1254
1255 v6_cork->opt->srcrt = ip6_rthdr_dup(opt->srcrt,
1256 sk->sk_allocation);
1257 if (opt->srcrt && !v6_cork->opt->srcrt)
1258 return -ENOBUFS;
1259
1260 /* need source address above miyazawa*/
1261 }
1262 dst_hold(&rt->dst);
1263 cork->base.dst = &rt->dst;
1264 cork->fl.u.ip6 = *fl6;
26879da5
WW		 1265 v6_cork->hop_limit = ipc6->hlimit;
1266 v6_cork->tclass = ipc6->tclass;
366e41d9
VY		 1267 if (rt->dst.flags & DST_XFRM_TUNNEL)
1268 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ?
1269 rt->dst.dev->mtu : dst_mtu(&rt->dst);
1270 else
1271 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ?
1272 rt->dst.dev->mtu : dst_mtu(rt->dst.path);
1273 if (np->frag_size < mtu) {
1274 if (np->frag_size)
1275 mtu = np->frag_size;
1276 }
1277 cork->base.fragsize = mtu;
1278 if (dst_allfrag(rt->dst.path))
1279 cork->base.flags |= IPCORK_ALLFRAG;
1280 cork->base.length = 0;
1281
1282 return 0;
1283}
1284
0bbe84a6
VY		 1285static int __ip6_append_data(struct sock *sk,
1286 struct flowi6 *fl6,
1287 struct sk_buff_head *queue,
1288 struct inet_cork *cork,
1289 struct inet6_cork *v6_cork,
1290 struct page_frag *pfrag,
1291 int getfrag(void *from, char *to, int offset,
1292 int len, int odd, struct sk_buff *skb),
1293 void *from, int length, int transhdrlen,
26879da5 1294 unsigned int flags, struct ipcm6_cookie *ipc6,
c14ac945 1295 const struct sockcm_cookie *sockc)
1da177e4 1296{
0c183379 1297 struct sk_buff *skb, *skb_prev = NULL;
e367c2d0 1298 unsigned int maxfraglen, fragheaderlen, mtu, orig_mtu;
0bbe84a6
VY		 1299 int exthdrlen = 0;
1300 int dst_exthdrlen = 0;
1da177e4 1301 int hh_len;
1da177e4
LT		 1302 int copy;
1303 int err;
1304 int offset = 0;
a693e698 1305 __u8 tx_flags = 0;
09c2d251 1306 u32 tskey = 0;
0bbe84a6
VY		 1307 struct rt6_info *rt = (struct rt6_info *)cork->dst;
1308 struct ipv6_txoptions *opt = v6_cork->opt;
32dce968 1309 int csummode = CHECKSUM_NONE;
682b1a9d 1310 unsigned int maxnonfragsize, headersize;
1da177e4 1311
0bbe84a6
VY		 1312 skb = skb_peek_tail(queue);
1313 if (!skb) {
1314 exthdrlen = opt ? opt->opt_flen : 0;
7efdba5b 1315 dst_exthdrlen = rt->dst.header_len - rt->rt6i_nfheader_len;
1da177e4 1316 }
0bbe84a6 1317
366e41d9 1318 mtu = cork->fragsize;
e367c2d0 1319 orig_mtu = mtu;
1da177e4 1320
d8d1f30b 1321 hh_len = LL_RESERVED_SPACE(rt->dst.dev);
1da177e4 1322
a1b05140 1323 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len +
b4ce9277 1324 (opt ? opt->opt_nflen : 0);
4df98e76
HFS		 1325 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen -
1326 sizeof(struct frag_hdr);
1da177e4 1327
682b1a9d
HFS		 1328 headersize = sizeof(struct ipv6hdr) +
1329 (opt ? opt->opt_flen + opt->opt_nflen : 0) +
1330 (dst_allfrag(&rt->dst) ?
1331 sizeof(struct frag_hdr) : 0) +
1332 rt->rt6i_nfheader_len;
1333
26879da5 1334 if (cork->length + length > mtu - headersize && ipc6->dontfrag &&
682b1a9d
HFS		 1335 (sk->sk_protocol == IPPROTO_UDP ||
1336 sk->sk_protocol == IPPROTO_RAW)) {
1337 ipv6_local_rxpmtu(sk, fl6, mtu - headersize +
1338 sizeof(struct ipv6hdr));
1339 goto emsgsize;
1340 }
4df98e76 1341
682b1a9d
HFS		 1342 if (ip6_sk_ignore_df(sk))
1343 maxnonfragsize = sizeof(struct ipv6hdr) + IPV6_MAXPLEN;
1344 else
1345 maxnonfragsize = mtu;
4df98e76 1346
682b1a9d 1347 if (cork->length + length > maxnonfragsize - headersize) {
4df98e76 1348emsgsize:
682b1a9d
HFS		 1349 ipv6_local_error(sk, EMSGSIZE, fl6,
1350 mtu - headersize +
1351 sizeof(struct ipv6hdr));
1352 return -EMSGSIZE;
1da177e4
LT		 1353 }
1354
682b1a9d
HFS		 1355 /* CHECKSUM_PARTIAL only with no extension headers and when
1356 * we are not going to fragment
1357 */
1358 if (transhdrlen && sk->sk_protocol == IPPROTO_UDP &&
1359 headersize == sizeof(struct ipv6hdr) &&
2b89ed65 1360 length <= mtu - headersize &&
682b1a9d 1361 !(flags & MSG_MORE) &&
c8cd0989 1362 rt->dst.dev->features & (NETIF_F_IPV6_CSUM | NETIF_F_HW_CSUM))
682b1a9d
HFS		 1363 csummode = CHECKSUM_PARTIAL;
1364
09c2d251 1365 if (sk->sk_type == SOCK_DGRAM || sk->sk_type == SOCK_RAW) {
c14ac945 1366 sock_tx_timestamp(sk, sockc->tsflags, &tx_flags);
09c2d251
WB		 1367 if (tx_flags & SKBTX_ANY_SW_TSTAMP &&
1368 sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID)
1369 tskey = sk->sk_tskey++;
1370 }
a693e698 1371
1da177e4
LT		 1372 /*
1373 * Let's try using as much space as possible.
1374 * Use MTU if total length of the message fits into the MTU.
1375 * Otherwise, we need to reserve fragment header and
1376 * fragment alignment (= 8-15 octects, in total).
1377 *
1378 * Note that we may need to "move" the data from the tail of
1ab1457c 1379 * of the buffer to the new fragment when we split
1da177e4
LT		 1380 * the message.
1381 *
1ab1457c 1382 * FIXME: It may be fragmented into multiple chunks
1da177e4
LT		 1383 * at once if non-fragmentable extension headers
1384 * are too large.
1ab1457c 1385 * --yoshfuji
1da177e4
LT		 1386 */
1387
2811ebac 1388 cork->length += length;
e4c5e13a 1389 if ((((length + fragheaderlen) > mtu) ||
2811ebac
HFS		 1390 (skb && skb_is_gso(skb))) &&
1391 (sk->sk_protocol == IPPROTO_UDP) &&
ac269e38 1392 (rt->dst.dev->features & NETIF_F_UFO) && !dst_xfrm(&rt->dst) &&
40ba3302 1393 (sk->sk_type == SOCK_DGRAM) && !udp_get_no_check6_tx(sk)) {
0bbe84a6 1394 err = ip6_ufo_append_data(sk, queue, getfrag, from, length,
3ba3458f 1395 hh_len, fragheaderlen, exthdrlen,
fd0273d7 1396 transhdrlen, mtu, flags, fl6);
2811ebac
HFS		 1397 if (err)
1398 goto error;
1399 return 0;
e89e9cf5 1400 }
1da177e4 1401
2811ebac 1402 if (!skb)
1da177e4
LT		 1403 goto alloc_new_skb;
1404
1405 while (length > 0) {
1406 /* Check if the remaining data fits into current packet. */
bdc712b4 1407 copy = (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len;
1da177e4
LT		 1408 if (copy < length)
1409 copy = maxfraglen - skb->len;
1410
1411 if (copy <= 0) {
1412 char *data;
1413 unsigned int datalen;
1414 unsigned int fraglen;
1415 unsigned int fraggap;
1416 unsigned int alloclen;
1da177e4 1417alloc_new_skb:
1da177e4 1418 /* There's no room in the current skb */
0c183379
G		 1419 if (skb)
1420 fraggap = skb->len - maxfraglen;
1da177e4
LT		 1421 else
1422 fraggap = 0;
0c183379 1423 /* update mtu and maxfraglen if necessary */
63159f29 1424 if (!skb || !skb_prev)
0c183379 1425 ip6_append_data_mtu(&mtu, &maxfraglen,
75a493e6 1426 fragheaderlen, skb, rt,
e367c2d0 1427 orig_mtu);
0c183379
G		 1428
1429 skb_prev = skb;
1da177e4
LT		 1430
1431 /*
1432 * If remaining data exceeds the mtu,
1433 * we know we need more fragment(s).
1434 */
1435 datalen = length + fraggap;
1da177e4 1436
0c183379
G		 1437 if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)
1438 datalen = maxfraglen - fragheaderlen - rt->dst.trailer_len;
1da177e4 1439 if ((flags & MSG_MORE) &&
d8d1f30b 1440 !(rt->dst.dev->features&NETIF_F_SG))
1da177e4
LT		 1441 alloclen = mtu;
1442 else
1443 alloclen = datalen + fragheaderlen;
1444
299b0767
SK		 1445 alloclen += dst_exthdrlen;
1446
0c183379
G		 1447 if (datalen != length + fraggap) {
1448 /*
1449 * this is not the last fragment, the trailer
1450 * space is regarded as data space.
1451 */
1452 datalen += rt->dst.trailer_len;
1453 }
1454
1455 alloclen += rt->dst.trailer_len;
1456 fraglen = datalen + fragheaderlen;
1da177e4
LT		 1457
1458 /*
1459 * We just reserve space for fragment header.
1ab1457c 1460 * Note: this may be overallocation if the message
1da177e4
LT		 1461 * (without MSG_MORE) fits into the MTU.
1462 */
1463 alloclen += sizeof(struct frag_hdr);
1464
98d06ec7
ED		 1465 copy = datalen - transhdrlen - fraggap;
1466 if (copy < 0) {
1467 err = -EINVAL;
1468 goto error;
1469 }
1da177e4
LT		 1470 if (transhdrlen) {
1471 skb = sock_alloc_send_skb(sk,
1472 alloclen + hh_len,
1473 (flags & MSG_DONTWAIT), &err);
1474 } else {
1475 skb = NULL;
1476 if (atomic_read(&sk->sk_wmem_alloc) <=
1477 2 * sk->sk_sndbuf)
1478 skb = sock_wmalloc(sk,
1479 alloclen + hh_len, 1,
1480 sk->sk_allocation);
63159f29 1481 if (unlikely(!skb))
1da177e4
LT		 1482 err = -ENOBUFS;
1483 }
63159f29 1484 if (!skb)
1da177e4
LT		 1485 goto error;
1486 /*
1487 * Fill in the control structures
1488 */
9c9c9ad5 1489 skb->protocol = htons(ETH_P_IPV6);
32dce968 1490 skb->ip_summed = csummode;
1da177e4 1491 skb->csum = 0;
1f85851e
G		 1492 /* reserve for fragmentation and ipsec header */
1493 skb_reserve(skb, hh_len + sizeof(struct frag_hdr) +
1494 dst_exthdrlen);
1da177e4 1495
11878b40
WB		 1496 /* Only the initial fragment is time stamped */
1497 skb_shinfo(skb)->tx_flags = tx_flags;
1498 tx_flags = 0;
09c2d251
WB		 1499 skb_shinfo(skb)->tskey = tskey;
1500 tskey = 0;
a693e698 1501
1da177e4
LT		 1502 /*
1503 * Find where to start putting bytes
1504 */
1f85851e
G		 1505 data = skb_put(skb, fraglen);
1506 skb_set_network_header(skb, exthdrlen);
1507 data += fragheaderlen;
b0e380b1
ACM		 1508 skb->transport_header = (skb->network_header +
1509 fragheaderlen);
1da177e4
LT		 1510 if (fraggap) {
1511 skb->csum = skb_copy_and_csum_bits(
1512 skb_prev, maxfraglen,
1513 data + transhdrlen, fraggap, 0);
1514 skb_prev->csum = csum_sub(skb_prev->csum,
1515 skb->csum);
1516 data += fraggap;
e9fa4f7b 1517 pskb_trim_unique(skb_prev, maxfraglen);
1da177e4 1518 }
98d06ec7
ED		 1519 if (copy > 0 &&
1520 getfrag(from, data + transhdrlen, offset,
1521 copy, fraggap, skb) < 0) {
1da177e4
LT		 1522 err = -EFAULT;
1523 kfree_skb(skb);
1524 goto error;
1525 }
1526
1527 offset += copy;
1528 length -= datalen - fraggap;
1529 transhdrlen = 0;
1530 exthdrlen = 0;
299b0767 1531 dst_exthdrlen = 0;
1da177e4
LT		 1532
1533 /*
1534 * Put the packet on the pending queue
1535 */
0bbe84a6 1536 __skb_queue_tail(queue, skb);
1da177e4
LT		 1537 continue;
1538 }
1539
1540 if (copy > length)
1541 copy = length;
1542
d8d1f30b 1543 if (!(rt->dst.dev->features&NETIF_F_SG)) {
1da177e4
LT		 1544 unsigned int off;
1545
1546 off = skb->len;
1547 if (getfrag(from, skb_put(skb, copy),
1548 offset, copy, off, skb) < 0) {
1549 __skb_trim(skb, off);
1550 err = -EFAULT;
1551 goto error;
1552 }
1553 } else {
1554 int i = skb_shinfo(skb)->nr_frags;
1da177e4 1555
5640f768
ED		 1556 err = -ENOMEM;
1557 if (!sk_page_frag_refill(sk, pfrag))
1da177e4 1558 goto error;
5640f768
ED		 1559
1560 if (!skb_can_coalesce(skb, i, pfrag->page,
1561 pfrag->offset)) {
1562 err = -EMSGSIZE;
1563 if (i == MAX_SKB_FRAGS)
1564 goto error;
1565
1566 __skb_fill_page_desc(skb, i, pfrag->page,
1567 pfrag->offset, 0);
1568 skb_shinfo(skb)->nr_frags = ++i;
1569 get_page(pfrag->page);
1da177e4 1570 }
5640f768 1571 copy = min_t(int, copy, pfrag->size - pfrag->offset);
9e903e08 1572 if (getfrag(from,
5640f768
ED		 1573 page_address(pfrag->page) + pfrag->offset,
1574 offset, copy, skb->len, skb) < 0)
1575 goto error_efault;
1576
1577 pfrag->offset += copy;
1578 skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
1da177e4
LT		 1579 skb->len += copy;
1580 skb->data_len += copy;
f945fa7a
HX		 1581 skb->truesize += copy;
1582 atomic_add(copy, &sk->sk_wmem_alloc);
1da177e4
LT		 1583 }
1584 offset += copy;
1585 length -= copy;
1586 }
5640f768 1587
1da177e4 1588 return 0;
5640f768
ED		 1589
1590error_efault:
1591 err = -EFAULT;
1da177e4 1592error:
bdc712b4 1593 cork->length -= length;
3bd653c8 1594 IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 1595 return err;
1596}
0bbe84a6
VY		 1597
1598int ip6_append_data(struct sock *sk,
1599 int getfrag(void *from, char *to, int offset, int len,
1600 int odd, struct sk_buff *skb),
26879da5
WW		 1601 void *from, int length, int transhdrlen,
1602 struct ipcm6_cookie *ipc6, struct flowi6 *fl6,
1603 struct rt6_info *rt, unsigned int flags,
c14ac945 1604 const struct sockcm_cookie *sockc)
0bbe84a6
VY		 1605{
1606 struct inet_sock *inet = inet_sk(sk);
1607 struct ipv6_pinfo *np = inet6_sk(sk);
1608 int exthdrlen;
1609 int err;
1610
1611 if (flags&MSG_PROBE)
1612 return 0;
1613 if (skb_queue_empty(&sk->sk_write_queue)) {
1614 /*
1615 * setup for corking
1616 */
26879da5
WW		 1617 err = ip6_setup_cork(sk, &inet->cork, &np->cork,
1618 ipc6, rt, fl6);
0bbe84a6
VY		 1619 if (err)
1620 return err;
1621
26879da5 1622 exthdrlen = (ipc6->opt ? ipc6->opt->opt_flen : 0);
0bbe84a6
VY		 1623 length += exthdrlen;
1624 transhdrlen += exthdrlen;
1625 } else {
1626 fl6 = &inet->cork.fl.u.ip6;
1627 transhdrlen = 0;
1628 }
1629
1630 return __ip6_append_data(sk, fl6, &sk->sk_write_queue, &inet->cork.base,
1631 &np->cork, sk_page_frag(sk), getfrag,
26879da5 1632 from, length, transhdrlen, flags, ipc6, sockc);
0bbe84a6 1633}
a495f836 1634EXPORT_SYMBOL_GPL(ip6_append_data);
1da177e4 1635
366e41d9
VY		 1636static void ip6_cork_release(struct inet_cork_full *cork,
1637 struct inet6_cork *v6_cork)
bf138862 1638{
366e41d9
VY		 1639 if (v6_cork->opt) {
1640 kfree(v6_cork->opt->dst0opt);
1641 kfree(v6_cork->opt->dst1opt);
1642 kfree(v6_cork->opt->hopopt);
1643 kfree(v6_cork->opt->srcrt);
1644 kfree(v6_cork->opt);
1645 v6_cork->opt = NULL;
0178b695
HX		 1646 }
1647
366e41d9
VY		 1648 if (cork->base.dst) {
1649 dst_release(cork->base.dst);
1650 cork->base.dst = NULL;
1651 cork->base.flags &= ~IPCORK_ALLFRAG;
bf138862 1652 }
366e41d9 1653 memset(&cork->fl, 0, sizeof(cork->fl));
bf138862
PE		 1654}
1655
6422398c
VY		 1656struct sk_buff *__ip6_make_skb(struct sock *sk,
1657 struct sk_buff_head *queue,
1658 struct inet_cork_full *cork,
1659 struct inet6_cork *v6_cork)
1da177e4
LT		 1660{
1661 struct sk_buff *skb, *tmp_skb;
1662 struct sk_buff **tail_skb;
1663 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf;
1da177e4 1664 struct ipv6_pinfo *np = inet6_sk(sk);
3bd653c8 1665 struct net *net = sock_net(sk);
1da177e4 1666 struct ipv6hdr *hdr;
6422398c
VY		 1667 struct ipv6_txoptions *opt = v6_cork->opt;
1668 struct rt6_info *rt = (struct rt6_info *)cork->base.dst;
1669 struct flowi6 *fl6 = &cork->fl.u.ip6;
4c9483b2 1670 unsigned char proto = fl6->flowi6_proto;
1da177e4 1671
6422398c 1672 skb = __skb_dequeue(queue);
63159f29 1673 if (!skb)
1da177e4
LT		 1674 goto out;
1675 tail_skb = &(skb_shinfo(skb)->frag_list);
1676
1677 /* move skb->data to ip header from ext header */
d56f90a7 1678 if (skb->data < skb_network_header(skb))
bbe735e4 1679 __skb_pull(skb, skb_network_offset(skb));
6422398c 1680 while ((tmp_skb = __skb_dequeue(queue)) != NULL) {
cfe1fc77 1681 __skb_pull(tmp_skb, skb_network_header_len(skb));
1da177e4
LT		 1682 *tail_skb = tmp_skb;
1683 tail_skb = &(tmp_skb->next);
1684 skb->len += tmp_skb->len;
1685 skb->data_len += tmp_skb->len;
1da177e4 1686 skb->truesize += tmp_skb->truesize;
1da177e4
LT		 1687 tmp_skb->destructor = NULL;
1688 tmp_skb->sk = NULL;
1da177e4
LT		 1689 }
1690
28a89453 1691 /* Allow local fragmentation. */
60ff7467 1692 skb->ignore_df = ip6_sk_ignore_df(sk);
28a89453 1693
4e3fd7a0 1694 *final_dst = fl6->daddr;
cfe1fc77 1695 __skb_pull(skb, skb_network_header_len(skb));
1da177e4
LT		 1696 if (opt && opt->opt_flen)
1697 ipv6_push_frag_opts(skb, opt, &proto);
1698 if (opt && opt->opt_nflen)
613fa3ca 1699 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst, &fl6->saddr);
1da177e4 1700
e2d1bca7
ACM		 1701 skb_push(skb, sizeof(struct ipv6hdr));
1702 skb_reset_network_header(skb);
0660e03f 1703 hdr = ipv6_hdr(skb);
1ab1457c 1704
6422398c 1705 ip6_flow_hdr(hdr, v6_cork->tclass,
cb1ce2ef 1706 ip6_make_flowlabel(net, skb, fl6->flowlabel,
67800f9b 1707 np->autoflowlabel, fl6));
6422398c 1708 hdr->hop_limit = v6_cork->hop_limit;
1da177e4 1709 hdr->nexthdr = proto;
4e3fd7a0
AD		 1710 hdr->saddr = fl6->saddr;
1711 hdr->daddr = *final_dst;
1da177e4 1712
a2c2064f 1713 skb->priority = sk->sk_priority;
4a19ec58 1714 skb->mark = sk->sk_mark;
a2c2064f 1715
d8d1f30b 1716 skb_dst_set(skb, dst_clone(&rt->dst));
edf391ff 1717 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
14878f75 1718 if (proto == IPPROTO_ICMPV6) {
adf30907 1719 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
14878f75 1720
43a43b60
HFS		 1721 ICMP6MSGOUT_INC_STATS(net, idev, icmp6_hdr(skb)->icmp6_type);
1722 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
14878f75
DS		 1723 }
1724
6422398c
VY		 1725 ip6_cork_release(cork, v6_cork);
1726out:
1727 return skb;
1728}
1729
1730int ip6_send_skb(struct sk_buff *skb)
1731{
1732 struct net *net = sock_net(skb->sk);
1733 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
1734 int err;
1735
33224b16 1736 err = ip6_local_out(net, skb->sk, skb);
1da177e4
LT		 1737 if (err) {
1738 if (err > 0)
6ce9e7b5 1739 err = net_xmit_errno(err);
1da177e4 1740 if (err)
6422398c
VY		 1741 IP6_INC_STATS(net, rt->rt6i_idev,
1742 IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 1743 }
1744
1da177e4 1745 return err;
6422398c
VY		 1746}
1747
1748int ip6_push_pending_frames(struct sock *sk)
1749{
1750 struct sk_buff *skb;
1751
1752 skb = ip6_finish_skb(sk);
1753 if (!skb)
1754 return 0;
1755
1756 return ip6_send_skb(skb);
1da177e4 1757}
a495f836 1758EXPORT_SYMBOL_GPL(ip6_push_pending_frames);
1da177e4 1759
0bbe84a6 1760static void __ip6_flush_pending_frames(struct sock *sk,
6422398c
VY		 1761 struct sk_buff_head *queue,
1762 struct inet_cork_full *cork,
1763 struct inet6_cork *v6_cork)
1da177e4 1764{
1da177e4
LT		 1765 struct sk_buff *skb;
1766
0bbe84a6 1767 while ((skb = __skb_dequeue_tail(queue)) != NULL) {
adf30907
ED		 1768 if (skb_dst(skb))
1769 IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb_dst(skb)),
e1f52208 1770 IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 1771 kfree_skb(skb);
1772 }
1773
6422398c 1774 ip6_cork_release(cork, v6_cork);
1da177e4 1775}
0bbe84a6
VY		 1776
1777void ip6_flush_pending_frames(struct sock *sk)
1778{
6422398c
VY		 1779 __ip6_flush_pending_frames(sk, &sk->sk_write_queue,
1780 &inet_sk(sk)->cork, &inet6_sk(sk)->cork);
0bbe84a6 1781}
a495f836 1782EXPORT_SYMBOL_GPL(ip6_flush_pending_frames);
6422398c
VY		 1783
1784struct sk_buff *ip6_make_skb(struct sock *sk,
1785 int getfrag(void *from, char *to, int offset,
1786 int len, int odd, struct sk_buff *skb),
1787 void *from, int length, int transhdrlen,
26879da5 1788 struct ipcm6_cookie *ipc6, struct flowi6 *fl6,
6422398c 1789 struct rt6_info *rt, unsigned int flags,
26879da5 1790 const struct sockcm_cookie *sockc)
6422398c
VY		 1791{
1792 struct inet_cork_full cork;
1793 struct inet6_cork v6_cork;
1794 struct sk_buff_head queue;
26879da5 1795 int exthdrlen = (ipc6->opt ? ipc6->opt->opt_flen : 0);
6422398c
VY		 1796 int err;
1797
1798 if (flags & MSG_PROBE)
1799 return NULL;
1800
1801 __skb_queue_head_init(&queue);
1802
1803 cork.base.flags = 0;
1804 cork.base.addr = 0;
1805 cork.base.opt = NULL;
1806 v6_cork.opt = NULL;
26879da5 1807 err = ip6_setup_cork(sk, &cork, &v6_cork, ipc6, rt, fl6);
6422398c
VY		 1808 if (err)
1809 return ERR_PTR(err);
1810
26879da5
WW		 1811 if (ipc6->dontfrag < 0)
1812 ipc6->dontfrag = inet6_sk(sk)->dontfrag;
6422398c
VY		 1813
1814 err = __ip6_append_data(sk, fl6, &queue, &cork.base, &v6_cork,
1815 &current->task_frag, getfrag, from,
1816 length + exthdrlen, transhdrlen + exthdrlen,
26879da5 1817 flags, ipc6, sockc);
6422398c
VY		 1818 if (err) {
1819 __ip6_flush_pending_frames(sk, &queue, &cork, &v6_cork);
1820 return ERR_PTR(err);
1821 }
1822
1823 return __ip6_make_skb(sk, &queue, &cork, &v6_cork);
1824}
ubuntu-zesty-kernel mirror