]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blob - net/ipv6/ip6_output.c
projects / mirror_ubuntu-zesty-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Revert "udp: consistently apply ufo or fragmentation"
[mirror_ubuntu-zesty-kernel.git] / net / ipv6 / ip6_output.c
1 /*
2 * IPv6 output functions
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * Based on linux/net/ipv4/ip_output.c
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
14 *
15 * Changes:
16 * A.N.Kuznetsov : airthmetics in fragmentation.
17 * extension headers are implemented.
18 * route changes now work.
19 * ip6_forward does not confuse sniffers.
20 * etc.
21 *
22 * H. von Brand : Added missing #include <linux/string.h>
23 * Imran Patel : frag id should be in NBO
24 * Kazunori MIYAZAWA @USAGI
25 * : add ip6_append_data and related functions
26 * for datagram xmit
27 */
28
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/string.h>
32 #include <linux/socket.h>
33 #include <linux/net.h>
34 #include <linux/netdevice.h>
35 #include <linux/if_arp.h>
36 #include <linux/in6.h>
37 #include <linux/tcp.h>
38 #include <linux/route.h>
39 #include <linux/module.h>
40 #include <linux/slab.h>
41
42 #include <linux/bpf-cgroup.h>
43 #include <linux/netfilter.h>
44 #include <linux/netfilter_ipv6.h>
45
46 #include <net/sock.h>
47 #include <net/snmp.h>
48
49 #include <net/ipv6.h>
50 #include <net/ndisc.h>
51 #include <net/protocol.h>
52 #include <net/ip6_route.h>
53 #include <net/addrconf.h>
54 #include <net/rawv6.h>
55 #include <net/icmp.h>
56 #include <net/xfrm.h>
57 #include <net/checksum.h>
58 #include <linux/mroute6.h>
59 #include <net/l3mdev.h>
60 #include <net/lwtunnel.h>
61
62 static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff *skb)
63 {
64 struct dst_entry *dst = skb_dst(skb);
65 struct net_device *dev = dst->dev;
66 struct neighbour *neigh;
67 struct in6_addr *nexthop;
68 int ret;
69
70 skb->protocol = htons(ETH_P_IPV6);
71 skb->dev = dev;
72
73 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
74 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
75
76 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(sk) &&
77 ((mroute6_socket(net, skb) &&
78 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
79 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
80 &ipv6_hdr(skb)->saddr))) {
81 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
82
83 /* Do not check for IFF_ALLMULTI; multicast routing
84 is not supported in any case.
85 */
86 if (newskb)
87 NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING,
88 net, sk, newskb, NULL, newskb->dev,
89 dev_loopback_xmit);
90
91 if (ipv6_hdr(skb)->hop_limit == 0) {
92 IP6_INC_STATS(net, idev,
93 IPSTATS_MIB_OUTDISCARDS);
94 kfree_skb(skb);
95 return 0;
96 }
97 }
98
99 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUTMCAST, skb->len);
100
101 if (IPV6_ADDR_MC_SCOPE(&ipv6_hdr(skb)->daddr) <=
102 IPV6_ADDR_SCOPE_NODELOCAL &&
103 !(dev->flags & IFF_LOOPBACK)) {
104 kfree_skb(skb);
105 return 0;
106 }
107 }
108
109 if (lwtunnel_xmit_redirect(dst->lwtstate)) {
110 int res = lwtunnel_xmit(skb);
111
112 if (res < 0 || res == LWTUNNEL_XMIT_DONE)
113 return res;
114 }
115
116 rcu_read_lock_bh();
117 nexthop = rt6_nexthop((struct rt6_info *)dst, &ipv6_hdr(skb)->daddr);
118 neigh = __ipv6_neigh_lookup_noref(dst->dev, nexthop);
119 if (unlikely(!neigh))
120 neigh = __neigh_create(&nd_tbl, nexthop, dst->dev, false);
121 if (!IS_ERR(neigh)) {
122 ret = dst_neigh_output(dst, neigh, skb);
123 rcu_read_unlock_bh();
124 return ret;
125 }
126 rcu_read_unlock_bh();
127
128 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
129 kfree_skb(skb);
130 return -EINVAL;
131 }
132
133 static int ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb)
134 {
135 int ret;
136
137 ret = BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb);
138 if (ret) {
139 kfree_skb(skb);
140 return ret;
141 }
142
143 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
144 dst_allfrag(skb_dst(skb)) ||
145 (IP6CB(skb)->frag_max_size && skb->len > IP6CB(skb)->frag_max_size))
146 return ip6_fragment(net, sk, skb, ip6_finish_output2);
147 else
148 return ip6_finish_output2(net, sk, skb);
149 }
150
151 int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb)
152 {
153 struct net_device *dev = skb_dst(skb)->dev;
154 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
155
156 if (unlikely(idev->cnf.disable_ipv6)) {
157 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS);
158 kfree_skb(skb);
159 return 0;
160 }
161
162 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING,
163 net, sk, skb, NULL, dev,
164 ip6_finish_output,
165 !(IP6CB(skb)->flags & IP6SKB_REROUTED));
166 }
167
168 /*
169 * xmit an sk_buff (used by TCP, SCTP and DCCP)
170 * Note : socket lock is not held for SYNACK packets, but might be modified
171 * by calls to skb_set_owner_w() and ipv6_local_error(),
172 * which are using proper atomic operations or spinlocks.
173 */
174 int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
175 __u32 mark, struct ipv6_txoptions *opt, int tclass)
176 {
177 struct net *net = sock_net(sk);
178 const struct ipv6_pinfo *np = inet6_sk(sk);
179 struct in6_addr *first_hop = &fl6->daddr;
180 struct dst_entry *dst = skb_dst(skb);
181 struct ipv6hdr *hdr;
182 u8 proto = fl6->flowi6_proto;
183 int seg_len = skb->len;
184 int hlimit = -1;
185 u32 mtu;
186
187 if (opt) {
188 unsigned int head_room;
189
190 /* First: exthdrs may take lots of space (~8K for now)
191 MAX_HEADER is not enough.
192 */
193 head_room = opt->opt_nflen + opt->opt_flen;
194 seg_len += head_room;
195 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev);
196
197 if (skb_headroom(skb) < head_room) {
198 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room);
199 if (!skb2) {
200 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
201 IPSTATS_MIB_OUTDISCARDS);
202 kfree_skb(skb);
203 return -ENOBUFS;
204 }
205 consume_skb(skb);
206 skb = skb2;
207 /* skb_set_owner_w() changes sk->sk_wmem_alloc atomically,
208 * it is safe to call in our context (socket lock not held)
209 */
210 skb_set_owner_w(skb, (struct sock *)sk);
211 }
212 if (opt->opt_flen)
213 ipv6_push_frag_opts(skb, opt, &proto);
214 if (opt->opt_nflen)
215 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop,
216 &fl6->saddr);
217 }
218
219 skb_push(skb, sizeof(struct ipv6hdr));
220 skb_reset_network_header(skb);
221 hdr = ipv6_hdr(skb);
222
223 /*
224 * Fill in the IPv6 header
225 */
226 if (np)
227 hlimit = np->hop_limit;
228 if (hlimit < 0)
229 hlimit = ip6_dst_hoplimit(dst);
230
231 ip6_flow_hdr(hdr, tclass, ip6_make_flowlabel(net, skb, fl6->flowlabel,
232 np->autoflowlabel, fl6));
233
234 hdr->payload_len = htons(seg_len);
235 hdr->nexthdr = proto;
236 hdr->hop_limit = hlimit;
237
238 hdr->saddr = fl6->saddr;
239 hdr->daddr = *first_hop;
240
241 skb->protocol = htons(ETH_P_IPV6);
242 skb->priority = sk->sk_priority;
243 skb->mark = mark;
244
245 mtu = dst_mtu(dst);
246 if ((skb->len <= mtu) || skb->ignore_df || skb_is_gso(skb)) {
247 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)),
248 IPSTATS_MIB_OUT, skb->len);
249
250 /* if egress device is enslaved to an L3 master device pass the
251 * skb to its handler for processing
252 */
253 skb = l3mdev_ip6_out((struct sock *)sk, skb);
254 if (unlikely(!skb))
255 return 0;
256
257 /* hooks should never assume socket lock is held.
258 * we promote our socket to non const
259 */
260 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
261 net, (struct sock *)sk, skb, NULL, dst->dev,
262 dst_output);
263 }
264
265 skb->dev = dst->dev;
266 /* ipv6_local_error() does not require socket lock,
267 * we promote our socket to non const
268 */
269 ipv6_local_error((struct sock *)sk, EMSGSIZE, fl6, mtu);
270
271 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS);
272 kfree_skb(skb);
273 return -EMSGSIZE;
274 }
275 EXPORT_SYMBOL(ip6_xmit);
276
277 static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
278 {
279 struct ip6_ra_chain *ra;
280 struct sock *last = NULL;
281
282 read_lock(&ip6_ra_lock);
283 for (ra = ip6_ra_chain; ra; ra = ra->next) {
284 struct sock *sk = ra->sk;
285 if (sk && ra->sel == sel &&
286 (!sk->sk_bound_dev_if ||
287 sk->sk_bound_dev_if == skb->dev->ifindex)) {
288 if (last) {
289 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
290 if (skb2)
291 rawv6_rcv(last, skb2);
292 }
293 last = sk;
294 }
295 }
296
297 if (last) {
298 rawv6_rcv(last, skb);
299 read_unlock(&ip6_ra_lock);
300 return 1;
301 }
302 read_unlock(&ip6_ra_lock);
303 return 0;
304 }
305
306 static int ip6_forward_proxy_check(struct sk_buff *skb)
307 {
308 struct ipv6hdr *hdr = ipv6_hdr(skb);
309 u8 nexthdr = hdr->nexthdr;
310 __be16 frag_off;
311 int offset;
312
313 if (ipv6_ext_hdr(nexthdr)) {
314 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr, &frag_off);
315 if (offset < 0)
316 return 0;
317 } else
318 offset = sizeof(struct ipv6hdr);
319
320 if (nexthdr == IPPROTO_ICMPV6) {
321 struct icmp6hdr *icmp6;
322
323 if (!pskb_may_pull(skb, (skb_network_header(skb) +
324 offset + 1 - skb->data)))
325 return 0;
326
327 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset);
328
329 switch (icmp6->icmp6_type) {
330 case NDISC_ROUTER_SOLICITATION:
331 case NDISC_ROUTER_ADVERTISEMENT:
332 case NDISC_NEIGHBOUR_SOLICITATION:
333 case NDISC_NEIGHBOUR_ADVERTISEMENT:
334 case NDISC_REDIRECT:
335 /* For reaction involving unicast neighbor discovery
336 * message destined to the proxied address, pass it to
337 * input function.
338 */
339 return 1;
340 default:
341 break;
342 }
343 }
344
345 /*
346 * The proxying router can't forward traffic sent to a link-local
347 * address, so signal the sender and discard the packet. This
348 * behavior is clarified by the MIPv6 specification.
349 */
350 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) {
351 dst_link_failure(skb);
352 return -1;
353 }
354
355 return 0;
356 }
357
358 static inline int ip6_forward_finish(struct net *net, struct sock *sk,
359 struct sk_buff *skb)
360 {
361 return dst_output(net, sk, skb);
362 }
363
364 static unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst)
365 {
366 unsigned int mtu;
367 struct inet6_dev *idev;
368
369 if (dst_metric_locked(dst, RTAX_MTU)) {
370 mtu = dst_metric_raw(dst, RTAX_MTU);
371 if (mtu)
372 return mtu;
373 }
374
375 mtu = IPV6_MIN_MTU;
376 rcu_read_lock();
377 idev = __in6_dev_get(dst->dev);
378 if (idev)
379 mtu = idev->cnf.mtu6;
380 rcu_read_unlock();
381
382 return mtu;
383 }
384
385 static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu)
386 {
387 if (skb->len <= mtu)
388 return false;
389
390 /* ipv6 conntrack defrag sets max_frag_size + ignore_df */
391 if (IP6CB(skb)->frag_max_size && IP6CB(skb)->frag_max_size > mtu)
392 return true;
393
394 if (skb->ignore_df)
395 return false;
396
397 if (skb_is_gso(skb) && skb_gso_validate_mtu(skb, mtu))
398 return false;
399
400 return true;
401 }
402
403 int ip6_forward(struct sk_buff *skb)
404 {
405 struct dst_entry *dst = skb_dst(skb);
406 struct ipv6hdr *hdr = ipv6_hdr(skb);
407 struct inet6_skb_parm *opt = IP6CB(skb);
408 struct net *net = dev_net(dst->dev);
409 u32 mtu;
410
411 if (net->ipv6.devconf_all->forwarding == 0)
412 goto error;
413
414 if (skb->pkt_type != PACKET_HOST)
415 goto drop;
416
417 if (unlikely(skb->sk))
418 goto drop;
419
420 if (skb_warn_if_lro(skb))
421 goto drop;
422
423 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
424 __IP6_INC_STATS(net, ip6_dst_idev(dst),
425 IPSTATS_MIB_INDISCARDS);
426 goto drop;
427 }
428
429 skb_forward_csum(skb);
430
431 /*
432 * We DO NOT make any processing on
433 * RA packets, pushing them to user level AS IS
434 * without ane WARRANTY that application will be able
435 * to interpret them. The reason is that we
436 * cannot make anything clever here.
437 *
438 * We are not end-node, so that if packet contains
439 * AH/ESP, we cannot make anything.
440 * Defragmentation also would be mistake, RA packets
441 * cannot be fragmented, because there is no warranty
442 * that different fragments will go along one path. --ANK
443 */
444 if (unlikely(opt->flags & IP6SKB_ROUTERALERT)) {
445 if (ip6_call_ra_chain(skb, ntohs(opt->ra)))
446 return 0;
447 }
448
449 /*
450 * check and decrement ttl
451 */
452 if (hdr->hop_limit <= 1) {
453 /* Force OUTPUT device used as source address */
454 skb->dev = dst->dev;
455 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0);
456 __IP6_INC_STATS(net, ip6_dst_idev(dst),
457 IPSTATS_MIB_INHDRERRORS);
458
459 kfree_skb(skb);
460 return -ETIMEDOUT;
461 }
462
463 /* XXX: idev->cnf.proxy_ndp? */
464 if (net->ipv6.devconf_all->proxy_ndp &&
465 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
466 int proxied = ip6_forward_proxy_check(skb);
467 if (proxied > 0)
468 return ip6_input(skb);
469 else if (proxied < 0) {
470 __IP6_INC_STATS(net, ip6_dst_idev(dst),
471 IPSTATS_MIB_INDISCARDS);
472 goto drop;
473 }
474 }
475
476 if (!xfrm6_route_forward(skb)) {
477 __IP6_INC_STATS(net, ip6_dst_idev(dst),
478 IPSTATS_MIB_INDISCARDS);
479 goto drop;
480 }
481 dst = skb_dst(skb);
482
483 /* IPv6 specs say nothing about it, but it is clear that we cannot
484 send redirects to source routed frames.
485 We don't send redirects to frames decapsulated from IPsec.
486 */
487 if (skb->dev == dst->dev && opt->srcrt == 0 && !skb_sec_path(skb)) {
488 struct in6_addr *target = NULL;
489 struct inet_peer *peer;
490 struct rt6_info *rt;
491
492 /*
493 * incoming and outgoing devices are the same
494 * send a redirect.
495 */
496
497 rt = (struct rt6_info *) dst;
498 if (rt->rt6i_flags & RTF_GATEWAY)
499 target = &rt->rt6i_gateway;
500 else
501 target = &hdr->daddr;
502
503 peer = inet_getpeer_v6(net->ipv6.peers, &hdr->daddr, 1);
504
505 /* Limit redirects both by destination (here)
506 and by source (inside ndisc_send_redirect)
507 */
508 if (inet_peer_xrlim_allow(peer, 1*HZ))
509 ndisc_send_redirect(skb, target);
510 if (peer)
511 inet_putpeer(peer);
512 } else {
513 int addrtype = ipv6_addr_type(&hdr->saddr);
514
515 /* This check is security critical. */
516 if (addrtype == IPV6_ADDR_ANY ||
517 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
518 goto error;
519 if (addrtype & IPV6_ADDR_LINKLOCAL) {
520 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
521 ICMPV6_NOT_NEIGHBOUR, 0);
522 goto error;
523 }
524 }
525
526 mtu = ip6_dst_mtu_forward(dst);
527 if (mtu < IPV6_MIN_MTU)
528 mtu = IPV6_MIN_MTU;
529
530 if (ip6_pkt_too_big(skb, mtu)) {
531 /* Again, force OUTPUT device used as source address */
532 skb->dev = dst->dev;
533 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
534 __IP6_INC_STATS(net, ip6_dst_idev(dst),
535 IPSTATS_MIB_INTOOBIGERRORS);
536 __IP6_INC_STATS(net, ip6_dst_idev(dst),
537 IPSTATS_MIB_FRAGFAILS);
538 kfree_skb(skb);
539 return -EMSGSIZE;
540 }
541
542 if (skb_cow(skb, dst->dev->hard_header_len)) {
543 __IP6_INC_STATS(net, ip6_dst_idev(dst),
544 IPSTATS_MIB_OUTDISCARDS);
545 goto drop;
546 }
547
548 hdr = ipv6_hdr(skb);
549
550 /* Mangling hops number delayed to point after skb COW */
551
552 hdr->hop_limit--;
553
554 __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
555 __IP6_ADD_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len);
556 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD,
557 net, NULL, skb, skb->dev, dst->dev,
558 ip6_forward_finish);
559
560 error:
561 __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS);
562 drop:
563 kfree_skb(skb);
564 return -EINVAL;
565 }
566
567 static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
568 {
569 to->pkt_type = from->pkt_type;
570 to->priority = from->priority;
571 to->protocol = from->protocol;
572 skb_dst_drop(to);
573 skb_dst_set(to, dst_clone(skb_dst(from)));
574 to->dev = from->dev;
575 to->mark = from->mark;
576
577 #ifdef CONFIG_NET_SCHED
578 to->tc_index = from->tc_index;
579 #endif
580 nf_copy(to, from);
581 skb_copy_secmark(to, from);
582 }
583
584 int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,
585 int (*output)(struct net *, struct sock *, struct sk_buff *))
586 {
587 struct sk_buff *frag;
588 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
589 struct ipv6_pinfo *np = skb->sk && !dev_recursion_level() ?
590 inet6_sk(skb->sk) : NULL;
591 struct ipv6hdr *tmp_hdr;
592 struct frag_hdr *fh;
593 unsigned int mtu, hlen, left, len;
594 int hroom, troom;
595 __be32 frag_id;
596 int ptr, offset = 0, err = 0;
597 u8 *prevhdr, nexthdr = 0;
598
599 err = ip6_find_1stfragopt(skb, &prevhdr);
600 if (err < 0)
601 goto fail;
602 hlen = err;
603 nexthdr = *prevhdr;
604
605 mtu = ip6_skb_dst_mtu(skb);
606
607 /* We must not fragment if the socket is set to force MTU discovery
608 * or if the skb it not generated by a local socket.
609 */
610 if (unlikely(!skb->ignore_df && skb->len > mtu))
611 goto fail_toobig;
612
613 if (IP6CB(skb)->frag_max_size) {
614 if (IP6CB(skb)->frag_max_size > mtu)
615 goto fail_toobig;
616
617 /* don't send fragments larger than what we received */
618 mtu = IP6CB(skb)->frag_max_size;
619 if (mtu < IPV6_MIN_MTU)
620 mtu = IPV6_MIN_MTU;
621 }
622
623 if (np && np->frag_size < mtu) {
624 if (np->frag_size)
625 mtu = np->frag_size;
626 }
627 if (mtu < hlen + sizeof(struct frag_hdr) + 8)
628 goto fail_toobig;
629 mtu -= hlen + sizeof(struct frag_hdr);
630
631 frag_id = ipv6_select_ident(net, &ipv6_hdr(skb)->daddr,
632 &ipv6_hdr(skb)->saddr);
633
634 if (skb->ip_summed == CHECKSUM_PARTIAL &&
635 (err = skb_checksum_help(skb)))
636 goto fail;
637
638 hroom = LL_RESERVED_SPACE(rt->dst.dev);
639 if (skb_has_frag_list(skb)) {
640 unsigned int first_len = skb_pagelen(skb);
641 struct sk_buff *frag2;
642
643 if (first_len - hlen > mtu ||
644 ((first_len - hlen) & 7) ||
645 skb_cloned(skb) ||
646 skb_headroom(skb) < (hroom + sizeof(struct frag_hdr)))
647 goto slow_path;
648
649 skb_walk_frags(skb, frag) {
650 /* Correct geometry. */
651 if (frag->len > mtu ||
652 ((frag->len & 7) && frag->next) ||
653 skb_headroom(frag) < (hlen + hroom + sizeof(struct frag_hdr)))
654 goto slow_path_clean;
655
656 /* Partially cloned skb? */
657 if (skb_shared(frag))
658 goto slow_path_clean;
659
660 BUG_ON(frag->sk);
661 if (skb->sk) {
662 frag->sk = skb->sk;
663 frag->destructor = sock_wfree;
664 }
665 skb->truesize -= frag->truesize;
666 }
667
668 err = 0;
669 offset = 0;
670 /* BUILD HEADER */
671
672 *prevhdr = NEXTHDR_FRAGMENT;
673 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
674 if (!tmp_hdr) {
675 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
676 IPSTATS_MIB_FRAGFAILS);
677 err = -ENOMEM;
678 goto fail;
679 }
680 frag = skb_shinfo(skb)->frag_list;
681 skb_frag_list_init(skb);
682
683 __skb_pull(skb, hlen);
684 fh = (struct frag_hdr *)__skb_push(skb, sizeof(struct frag_hdr));
685 __skb_push(skb, hlen);
686 skb_reset_network_header(skb);
687 memcpy(skb_network_header(skb), tmp_hdr, hlen);
688
689 fh->nexthdr = nexthdr;
690 fh->reserved = 0;
691 fh->frag_off = htons(IP6_MF);
692 fh->identification = frag_id;
693
694 first_len = skb_pagelen(skb);
695 skb->data_len = first_len - skb_headlen(skb);
696 skb->len = first_len;
697 ipv6_hdr(skb)->payload_len = htons(first_len -
698 sizeof(struct ipv6hdr));
699
700 dst_hold(&rt->dst);
701
702 for (;;) {
703 /* Prepare header of the next frame,
704 * before previous one went down. */
705 if (frag) {
706 frag->ip_summed = CHECKSUM_NONE;
707 skb_reset_transport_header(frag);
708 fh = (struct frag_hdr *)__skb_push(frag, sizeof(struct frag_hdr));
709 __skb_push(frag, hlen);
710 skb_reset_network_header(frag);
711 memcpy(skb_network_header(frag), tmp_hdr,
712 hlen);
713 offset += skb->len - hlen - sizeof(struct frag_hdr);
714 fh->nexthdr = nexthdr;
715 fh->reserved = 0;
716 fh->frag_off = htons(offset);
717 if (frag->next)
718 fh->frag_off |= htons(IP6_MF);
719 fh->identification = frag_id;
720 ipv6_hdr(frag)->payload_len =
721 htons(frag->len -
722 sizeof(struct ipv6hdr));
723 ip6_copy_metadata(frag, skb);
724 }
725
726 err = output(net, sk, skb);
727 if (!err)
728 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
729 IPSTATS_MIB_FRAGCREATES);
730
731 if (err || !frag)
732 break;
733
734 skb = frag;
735 frag = skb->next;
736 skb->next = NULL;
737 }
738
739 kfree(tmp_hdr);
740
741 if (err == 0) {
742 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
743 IPSTATS_MIB_FRAGOKS);
744 ip6_rt_put(rt);
745 return 0;
746 }
747
748 kfree_skb_list(frag);
749
750 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
751 IPSTATS_MIB_FRAGFAILS);
752 ip6_rt_put(rt);
753 return err;
754
755 slow_path_clean:
756 skb_walk_frags(skb, frag2) {
757 if (frag2 == frag)
758 break;
759 frag2->sk = NULL;
760 frag2->destructor = NULL;
761 skb->truesize += frag2->truesize;
762 }
763 }
764
765 slow_path:
766 left = skb->len - hlen; /* Space per frame */
767 ptr = hlen; /* Where to start from */
768
769 /*
770 * Fragment the datagram.
771 */
772
773 troom = rt->dst.dev->needed_tailroom;
774
775 /*
776 * Keep copying data until we run out.
777 */
778 while (left > 0) {
779 u8 *fragnexthdr_offset;
780
781 len = left;
782 /* IF: it doesn't fit, use 'mtu' - the data space left */
783 if (len > mtu)
784 len = mtu;
785 /* IF: we are not sending up to and including the packet end
786 then align the next start on an eight byte boundary */
787 if (len < left) {
788 len &= ~7;
789 }
790
791 /* Allocate buffer */
792 frag = alloc_skb(len + hlen + sizeof(struct frag_hdr) +
793 hroom + troom, GFP_ATOMIC);
794 if (!frag) {
795 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
796 IPSTATS_MIB_FRAGFAILS);
797 err = -ENOMEM;
798 goto fail;
799 }
800
801 /*
802 * Set up data on packet
803 */
804
805 ip6_copy_metadata(frag, skb);
806 skb_reserve(frag, hroom);
807 skb_put(frag, len + hlen + sizeof(struct frag_hdr));
808 skb_reset_network_header(frag);
809 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen);
810 frag->transport_header = (frag->network_header + hlen +
811 sizeof(struct frag_hdr));
812
813 /*
814 * Charge the memory for the fragment to any owner
815 * it might possess
816 */
817 if (skb->sk)
818 skb_set_owner_w(frag, skb->sk);
819
820 /*
821 * Copy the packet header into the new buffer.
822 */
823 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen);
824
825 fragnexthdr_offset = skb_network_header(frag);
826 fragnexthdr_offset += prevhdr - skb_network_header(skb);
827 *fragnexthdr_offset = NEXTHDR_FRAGMENT;
828
829 /*
830 * Build fragment header.
831 */
832 fh->nexthdr = nexthdr;
833 fh->reserved = 0;
834 fh->identification = frag_id;
835
836 /*
837 * Copy a block of the IP datagram.
838 */
839 BUG_ON(skb_copy_bits(skb, ptr, skb_transport_header(frag),
840 len));
841 left -= len;
842
843 fh->frag_off = htons(offset);
844 if (left > 0)
845 fh->frag_off |= htons(IP6_MF);
846 ipv6_hdr(frag)->payload_len = htons(frag->len -
847 sizeof(struct ipv6hdr));
848
849 ptr += len;
850 offset += len;
851
852 /*
853 * Put this fragment into the sending queue.
854 */
855 err = output(net, sk, frag);
856 if (err)
857 goto fail;
858
859 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
860 IPSTATS_MIB_FRAGCREATES);
861 }
862 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
863 IPSTATS_MIB_FRAGOKS);
864 consume_skb(skb);
865 return err;
866
867 fail_toobig:
868 if (skb->sk && dst_allfrag(skb_dst(skb)))
869 sk_nocaps_add(skb->sk, NETIF_F_GSO_MASK);
870
871 skb->dev = skb_dst(skb)->dev;
872 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
873 err = -EMSGSIZE;
874
875 fail:
876 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
877 IPSTATS_MIB_FRAGFAILS);
878 kfree_skb(skb);
879 return err;
880 }
881
882 static inline int ip6_rt_check(const struct rt6key *rt_key,
883 const struct in6_addr *fl_addr,
884 const struct in6_addr *addr_cache)
885 {
886 return (rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) &&
887 (!addr_cache || !ipv6_addr_equal(fl_addr, addr_cache));
888 }
889
890 static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
891 struct dst_entry *dst,
892 const struct flowi6 *fl6)
893 {
894 struct ipv6_pinfo *np = inet6_sk(sk);
895 struct rt6_info *rt;
896
897 if (!dst)
898 goto out;
899
900 if (dst->ops->family != AF_INET6) {
901 dst_release(dst);
902 return NULL;
903 }
904
905 rt = (struct rt6_info *)dst;
906 /* Yes, checking route validity in not connected
907 * case is not very simple. Take into account,
908 * that we do not support routing by source, TOS,
909 * and MSG_DONTROUTE --ANK (980726)
910 *
911 * 1. ip6_rt_check(): If route was host route,
912 * check that cached destination is current.
913 * If it is network route, we still may
914 * check its validity using saved pointer
915 * to the last used address: daddr_cache.
916 * We do not want to save whole address now,
917 * (because main consumer of this service
918 * is tcp, which has not this problem),
919 * so that the last trick works only on connected
920 * sockets.
921 * 2. oif also should be the same.
922 */
923 if (ip6_rt_check(&rt->rt6i_dst, &fl6->daddr, np->daddr_cache) ||
924 #ifdef CONFIG_IPV6_SUBTREES
925 ip6_rt_check(&rt->rt6i_src, &fl6->saddr, np->saddr_cache) ||
926 #endif
927 (!(fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF) &&
928 (fl6->flowi6_oif && fl6->flowi6_oif != dst->dev->ifindex))) {
929 dst_release(dst);
930 dst = NULL;
931 }
932
933 out:
934 return dst;
935 }
936
937 static int ip6_dst_lookup_tail(struct net *net, const struct sock *sk,
938 struct dst_entry **dst, struct flowi6 *fl6)
939 {
940 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
941 struct neighbour *n;
942 struct rt6_info *rt;
943 #endif
944 int err;
945 int flags = 0;
946
947 /* The correct way to handle this would be to do
948 * ip6_route_get_saddr, and then ip6_route_output; however,
949 * the route-specific preferred source forces the
950 * ip6_route_output call _before_ ip6_route_get_saddr.
951 *
952 * In source specific routing (no src=any default route),
953 * ip6_route_output will fail given src=any saddr, though, so
954 * that's why we try it again later.
955 */
956 if (ipv6_addr_any(&fl6->saddr) && (!*dst || !(*dst)->error)) {
957 struct rt6_info *rt;
958 bool had_dst = *dst != NULL;
959
960 if (!had_dst)
961 *dst = ip6_route_output(net, sk, fl6);
962 rt = (*dst)->error ? NULL : (struct rt6_info *)*dst;
963 err = ip6_route_get_saddr(net, rt, &fl6->daddr,
964 sk ? inet6_sk(sk)->srcprefs : 0,
965 &fl6->saddr);
966 if (err)
967 goto out_err_release;
968
969 /* If we had an erroneous initial result, pretend it
970 * never existed and let the SA-enabled version take
971 * over.
972 */
973 if (!had_dst && (*dst)->error) {
974 dst_release(*dst);
975 *dst = NULL;
976 }
977
978 if (fl6->flowi6_oif)
979 flags |= RT6_LOOKUP_F_IFACE;
980 }
981
982 if (!*dst)
983 *dst = ip6_route_output_flags(net, sk, fl6, flags);
984
985 err = (*dst)->error;
986 if (err)
987 goto out_err_release;
988
989 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
990 /*
991 * Here if the dst entry we've looked up
992 * has a neighbour entry that is in the INCOMPLETE
993 * state and the src address from the flow is
994 * marked as OPTIMISTIC, we release the found
995 * dst entry and replace it instead with the
996 * dst entry of the nexthop router
997 */
998 rt = (struct rt6_info *) *dst;
999 rcu_read_lock_bh();
1000 n = __ipv6_neigh_lookup_noref(rt->dst.dev,
1001 rt6_nexthop(rt, &fl6->daddr));
1002 err = n && !(n->nud_state & NUD_VALID) ? -EINVAL : 0;
1003 rcu_read_unlock_bh();
1004
1005 if (err) {
1006 struct inet6_ifaddr *ifp;
1007 struct flowi6 fl_gw6;
1008 int redirect;
1009
1010 ifp = ipv6_get_ifaddr(net, &fl6->saddr,
1011 (*dst)->dev, 1);
1012
1013 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
1014 if (ifp)
1015 in6_ifa_put(ifp);
1016
1017 if (redirect) {
1018 /*
1019 * We need to get the dst entry for the
1020 * default router instead
1021 */
1022 dst_release(*dst);
1023 memcpy(&fl_gw6, fl6, sizeof(struct flowi6));
1024 memset(&fl_gw6.daddr, 0, sizeof(struct in6_addr));
1025 *dst = ip6_route_output(net, sk, &fl_gw6);
1026 err = (*dst)->error;
1027 if (err)
1028 goto out_err_release;
1029 }
1030 }
1031 #endif
1032 if (ipv6_addr_v4mapped(&fl6->saddr) &&
1033 !(ipv6_addr_v4mapped(&fl6->daddr) || ipv6_addr_any(&fl6->daddr))) {
1034 err = -EAFNOSUPPORT;
1035 goto out_err_release;
1036 }
1037
1038 return 0;
1039
1040 out_err_release:
1041 dst_release(*dst);
1042 *dst = NULL;
1043
1044 if (err == -ENETUNREACH)
1045 IP6_INC_STATS(net, NULL, IPSTATS_MIB_OUTNOROUTES);
1046 return err;
1047 }
1048
1049 /**
1050 * ip6_dst_lookup - perform route lookup on flow
1051 * @sk: socket which provides route info
1052 * @dst: pointer to dst_entry * for result
1053 * @fl6: flow to lookup
1054 *
1055 * This function performs a route lookup on the given flow.
1056 *
1057 * It returns zero on success, or a standard errno code on error.
1058 */
1059 int ip6_dst_lookup(struct net *net, struct sock *sk, struct dst_entry **dst,
1060 struct flowi6 *fl6)
1061 {
1062 *dst = NULL;
1063 return ip6_dst_lookup_tail(net, sk, dst, fl6);
1064 }
1065 EXPORT_SYMBOL_GPL(ip6_dst_lookup);
1066
1067 /**
1068 * ip6_dst_lookup_flow - perform route lookup on flow with ipsec
1069 * @sk: socket which provides route info
1070 * @fl6: flow to lookup
1071 * @final_dst: final destination address for ipsec lookup
1072 *
1073 * This function performs a route lookup on the given flow.
1074 *
1075 * It returns a valid dst pointer on success, or a pointer encoded
1076 * error code.
1077 */
1078 struct dst_entry *ip6_dst_lookup_flow(const struct sock *sk, struct flowi6 *fl6,
1079 const struct in6_addr *final_dst)
1080 {
1081 struct dst_entry *dst = NULL;
1082 int err;
1083
1084 err = ip6_dst_lookup_tail(sock_net(sk), sk, &dst, fl6);
1085 if (err)
1086 return ERR_PTR(err);
1087 if (final_dst)
1088 fl6->daddr = *final_dst;
1089
1090 return xfrm_lookup_route(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
1091 }
1092 EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow);
1093
1094 /**
1095 * ip6_sk_dst_lookup_flow - perform socket cached route lookup on flow
1096 * @sk: socket which provides the dst cache and route info
1097 * @fl6: flow to lookup
1098 * @final_dst: final destination address for ipsec lookup
1099 *
1100 * This function performs a route lookup on the given flow with the
1101 * possibility of using the cached route in the socket if it is valid.
1102 * It will take the socket dst lock when operating on the dst cache.
1103 * As a result, this function can only be used in process context.
1104 *
1105 * It returns a valid dst pointer on success, or a pointer encoded
1106 * error code.
1107 */
1108 struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
1109 const struct in6_addr *final_dst)
1110 {
1111 struct dst_entry *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
1112
1113 dst = ip6_sk_dst_check(sk, dst, fl6);
1114 if (!dst)
1115 dst = ip6_dst_lookup_flow(sk, fl6, final_dst);
1116
1117 return dst;
1118 }
1119 EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow);
1120
1121 static inline int ip6_ufo_append_data(struct sock *sk,
1122 struct sk_buff_head *queue,
1123 int getfrag(void *from, char *to, int offset, int len,
1124 int odd, struct sk_buff *skb),
1125 void *from, int length, int hh_len, int fragheaderlen,
1126 int exthdrlen, int transhdrlen, int mtu,
1127 unsigned int flags, const struct flowi6 *fl6)
1128
1129 {
1130 struct sk_buff *skb;
1131 int err;
1132
1133 /* There is support for UDP large send offload by network
1134 * device, so create one single skb packet containing complete
1135 * udp datagram
1136 */
1137 skb = skb_peek_tail(queue);
1138 if (!skb) {
1139 skb = sock_alloc_send_skb(sk,
1140 hh_len + fragheaderlen + transhdrlen + 20,
1141 (flags & MSG_DONTWAIT), &err);
1142 if (!skb)
1143 return err;
1144
1145 /* reserve space for Hardware header */
1146 skb_reserve(skb, hh_len);
1147
1148 /* create space for UDP/IP header */
1149 skb_put(skb, fragheaderlen + transhdrlen);
1150
1151 /* initialize network header pointer */
1152 skb_set_network_header(skb, exthdrlen);
1153
1154 /* initialize protocol header pointer */
1155 skb->transport_header = skb->network_header + fragheaderlen;
1156
1157 skb->protocol = htons(ETH_P_IPV6);
1158 skb->csum = 0;
1159
1160 __skb_queue_tail(queue, skb);
1161 } else if (skb_is_gso(skb)) {
1162 goto append;
1163 }
1164
1165 skb->ip_summed = CHECKSUM_PARTIAL;
1166 /* Specify the length of each IPv6 datagram fragment.
1167 * It has to be a multiple of 8.
1168 */
1169 skb_shinfo(skb)->gso_size = (mtu - fragheaderlen -
1170 sizeof(struct frag_hdr)) & ~7;
1171 skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
1172 skb_shinfo(skb)->ip6_frag_id = ipv6_select_ident(sock_net(sk),
1173 &fl6->daddr,
1174 &fl6->saddr);
1175
1176 append:
1177 return skb_append_datato_frags(sk, skb, getfrag, from,
1178 (length - transhdrlen));
1179 }
1180
1181 static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src,
1182 gfp_t gfp)
1183 {
1184 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1185 }
1186
1187 static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src,
1188 gfp_t gfp)
1189 {
1190 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1191 }
1192
1193 static void ip6_append_data_mtu(unsigned int *mtu,
1194 int *maxfraglen,
1195 unsigned int fragheaderlen,
1196 struct sk_buff *skb,
1197 struct rt6_info *rt,
1198 unsigned int orig_mtu)
1199 {
1200 if (!(rt->dst.flags & DST_XFRM_TUNNEL)) {
1201 if (!skb) {
1202 /* first fragment, reserve header_len */
1203 *mtu = orig_mtu - rt->dst.header_len;
1204
1205 } else {
1206 /*
1207 * this fragment is not first, the headers
1208 * space is regarded as data space.
1209 */
1210 *mtu = orig_mtu;
1211 }
1212 *maxfraglen = ((*mtu - fragheaderlen) & ~7)
1213 + fragheaderlen - sizeof(struct frag_hdr);
1214 }
1215 }
1216
1217 static int ip6_setup_cork(struct sock *sk, struct inet_cork_full *cork,
1218 struct inet6_cork *v6_cork, struct ipcm6_cookie *ipc6,
1219 struct rt6_info *rt, struct flowi6 *fl6)
1220 {
1221 struct ipv6_pinfo *np = inet6_sk(sk);
1222 unsigned int mtu;
1223 struct ipv6_txoptions *opt = ipc6->opt;
1224
1225 /*
1226 * setup for corking
1227 */
1228 if (opt) {
1229 if (WARN_ON(v6_cork->opt))
1230 return -EINVAL;
1231
1232 v6_cork->opt = kzalloc(opt->tot_len, sk->sk_allocation);
1233 if (unlikely(!v6_cork->opt))
1234 return -ENOBUFS;
1235
1236 v6_cork->opt->tot_len = opt->tot_len;
1237 v6_cork->opt->opt_flen = opt->opt_flen;
1238 v6_cork->opt->opt_nflen = opt->opt_nflen;
1239
1240 v6_cork->opt->dst0opt = ip6_opt_dup(opt->dst0opt,
1241 sk->sk_allocation);
1242 if (opt->dst0opt && !v6_cork->opt->dst0opt)
1243 return -ENOBUFS;
1244
1245 v6_cork->opt->dst1opt = ip6_opt_dup(opt->dst1opt,
1246 sk->sk_allocation);
1247 if (opt->dst1opt && !v6_cork->opt->dst1opt)
1248 return -ENOBUFS;
1249
1250 v6_cork->opt->hopopt = ip6_opt_dup(opt->hopopt,
1251 sk->sk_allocation);
1252 if (opt->hopopt && !v6_cork->opt->hopopt)
1253 return -ENOBUFS;
1254
1255 v6_cork->opt->srcrt = ip6_rthdr_dup(opt->srcrt,
1256 sk->sk_allocation);
1257 if (opt->srcrt && !v6_cork->opt->srcrt)
1258 return -ENOBUFS;
1259
1260 /* need source address above miyazawa*/
1261 }
1262 dst_hold(&rt->dst);
1263 cork->base.dst = &rt->dst;
1264 cork->fl.u.ip6 = *fl6;
1265 v6_cork->hop_limit = ipc6->hlimit;
1266 v6_cork->tclass = ipc6->tclass;
1267 if (rt->dst.flags & DST_XFRM_TUNNEL)
1268 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ?
1269 rt->dst.dev->mtu : dst_mtu(&rt->dst);
1270 else
1271 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ?
1272 rt->dst.dev->mtu : dst_mtu(rt->dst.path);
1273 if (np->frag_size < mtu) {
1274 if (np->frag_size)
1275 mtu = np->frag_size;
1276 }
1277 cork->base.fragsize = mtu;
1278 if (dst_allfrag(rt->dst.path))
1279 cork->base.flags |= IPCORK_ALLFRAG;
1280 cork->base.length = 0;
1281
1282 return 0;
1283 }
1284
1285 static int __ip6_append_data(struct sock *sk,
1286 struct flowi6 *fl6,
1287 struct sk_buff_head *queue,
1288 struct inet_cork *cork,
1289 struct inet6_cork *v6_cork,
1290 struct page_frag *pfrag,
1291 int getfrag(void *from, char *to, int offset,
1292 int len, int odd, struct sk_buff *skb),
1293 void *from, int length, int transhdrlen,
1294 unsigned int flags, struct ipcm6_cookie *ipc6,
1295 const struct sockcm_cookie *sockc)
1296 {
1297 struct sk_buff *skb, *skb_prev = NULL;
1298 unsigned int maxfraglen, fragheaderlen, mtu, orig_mtu;
1299 int exthdrlen = 0;
1300 int dst_exthdrlen = 0;
1301 int hh_len;
1302 int copy;
1303 int err;
1304 int offset = 0;
1305 __u8 tx_flags = 0;
1306 u32 tskey = 0;
1307 struct rt6_info *rt = (struct rt6_info *)cork->dst;
1308 struct ipv6_txoptions *opt = v6_cork->opt;
1309 int csummode = CHECKSUM_NONE;
1310 unsigned int maxnonfragsize, headersize;
1311
1312 skb = skb_peek_tail(queue);
1313 if (!skb) {
1314 exthdrlen = opt ? opt->opt_flen : 0;
1315 dst_exthdrlen = rt->dst.header_len - rt->rt6i_nfheader_len;
1316 }
1317
1318 mtu = cork->fragsize;
1319 orig_mtu = mtu;
1320
1321 hh_len = LL_RESERVED_SPACE(rt->dst.dev);
1322
1323 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len +
1324 (opt ? opt->opt_nflen : 0);
1325 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen -
1326 sizeof(struct frag_hdr);
1327
1328 headersize = sizeof(struct ipv6hdr) +
1329 (opt ? opt->opt_flen + opt->opt_nflen : 0) +
1330 (dst_allfrag(&rt->dst) ?
1331 sizeof(struct frag_hdr) : 0) +
1332 rt->rt6i_nfheader_len;
1333
1334 if (cork->length + length > mtu - headersize && ipc6->dontfrag &&
1335 (sk->sk_protocol == IPPROTO_UDP ||
1336 sk->sk_protocol == IPPROTO_RAW)) {
1337 ipv6_local_rxpmtu(sk, fl6, mtu - headersize +
1338 sizeof(struct ipv6hdr));
1339 goto emsgsize;
1340 }
1341
1342 if (ip6_sk_ignore_df(sk))
1343 maxnonfragsize = sizeof(struct ipv6hdr) + IPV6_MAXPLEN;
1344 else
1345 maxnonfragsize = mtu;
1346
1347 if (cork->length + length > maxnonfragsize - headersize) {
1348 emsgsize:
1349 ipv6_local_error(sk, EMSGSIZE, fl6,
1350 mtu - headersize +
1351 sizeof(struct ipv6hdr));
1352 return -EMSGSIZE;
1353 }
1354
1355 /* CHECKSUM_PARTIAL only with no extension headers and when
1356 * we are not going to fragment
1357 */
1358 if (transhdrlen && sk->sk_protocol == IPPROTO_UDP &&
1359 headersize == sizeof(struct ipv6hdr) &&
1360 length <= mtu - headersize &&
1361 !(flags & MSG_MORE) &&
1362 rt->dst.dev->features & (NETIF_F_IPV6_CSUM | NETIF_F_HW_CSUM))
1363 csummode = CHECKSUM_PARTIAL;
1364
1365 if (sk->sk_type == SOCK_DGRAM || sk->sk_type == SOCK_RAW) {
1366 sock_tx_timestamp(sk, sockc->tsflags, &tx_flags);
1367 if (tx_flags & SKBTX_ANY_SW_TSTAMP &&
1368 sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID)
1369 tskey = sk->sk_tskey++;
1370 }
1371
1372 /*
1373 * Let's try using as much space as possible.
1374 * Use MTU if total length of the message fits into the MTU.
1375 * Otherwise, we need to reserve fragment header and
1376 * fragment alignment (= 8-15 octects, in total).
1377 *
1378 * Note that we may need to "move" the data from the tail of
1379 * of the buffer to the new fragment when we split
1380 * the message.
1381 *
1382 * FIXME: It may be fragmented into multiple chunks
1383 * at once if non-fragmentable extension headers
1384 * are too large.
1385 * --yoshfuji
1386 */
1387
1388 cork->length += length;
1389 if ((((length + (skb ? skb->len : headersize)) > mtu) ||
1390 (skb && skb_is_gso(skb))) &&
1391 (sk->sk_protocol == IPPROTO_UDP) &&
1392 (rt->dst.dev->features & NETIF_F_UFO) && !dst_xfrm(&rt->dst) &&
1393 (sk->sk_type == SOCK_DGRAM) && !udp_get_no_check6_tx(sk)) {
1394 err = ip6_ufo_append_data(sk, queue, getfrag, from, length,
1395 hh_len, fragheaderlen, exthdrlen,
1396 transhdrlen, mtu, flags, fl6);
1397 if (err)
1398 goto error;
1399 return 0;
1400 }
1401
1402 if (!skb)
1403 goto alloc_new_skb;
1404
1405 while (length > 0) {
1406 /* Check if the remaining data fits into current packet. */
1407 copy = (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len;
1408 if (copy < length)
1409 copy = maxfraglen - skb->len;
1410
1411 if (copy <= 0) {
1412 char *data;
1413 unsigned int datalen;
1414 unsigned int fraglen;
1415 unsigned int fraggap;
1416 unsigned int alloclen;
1417 alloc_new_skb:
1418 /* There's no room in the current skb */
1419 if (skb)
1420 fraggap = skb->len - maxfraglen;
1421 else
1422 fraggap = 0;
1423 /* update mtu and maxfraglen if necessary */
1424 if (!skb || !skb_prev)
1425 ip6_append_data_mtu(&mtu, &maxfraglen,
1426 fragheaderlen, skb, rt,
1427 orig_mtu);
1428
1429 skb_prev = skb;
1430
1431 /*
1432 * If remaining data exceeds the mtu,
1433 * we know we need more fragment(s).
1434 */
1435 datalen = length + fraggap;
1436
1437 if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)
1438 datalen = maxfraglen - fragheaderlen - rt->dst.trailer_len;
1439 if ((flags & MSG_MORE) &&
1440 !(rt->dst.dev->features&NETIF_F_SG))
1441 alloclen = mtu;
1442 else
1443 alloclen = datalen + fragheaderlen;
1444
1445 alloclen += dst_exthdrlen;
1446
1447 if (datalen != length + fraggap) {
1448 /*
1449 * this is not the last fragment, the trailer
1450 * space is regarded as data space.
1451 */
1452 datalen += rt->dst.trailer_len;
1453 }
1454
1455 alloclen += rt->dst.trailer_len;
1456 fraglen = datalen + fragheaderlen;
1457
1458 /*
1459 * We just reserve space for fragment header.
1460 * Note: this may be overallocation if the message
1461 * (without MSG_MORE) fits into the MTU.
1462 */
1463 alloclen += sizeof(struct frag_hdr);
1464
1465 copy = datalen - transhdrlen - fraggap;
1466 if (copy < 0) {
1467 err = -EINVAL;
1468 goto error;
1469 }
1470 if (transhdrlen) {
1471 skb = sock_alloc_send_skb(sk,
1472 alloclen + hh_len,
1473 (flags & MSG_DONTWAIT), &err);
1474 } else {
1475 skb = NULL;
1476 if (atomic_read(&sk->sk_wmem_alloc) <=
1477 2 * sk->sk_sndbuf)
1478 skb = sock_wmalloc(sk,
1479 alloclen + hh_len, 1,
1480 sk->sk_allocation);
1481 if (unlikely(!skb))
1482 err = -ENOBUFS;
1483 }
1484 if (!skb)
1485 goto error;
1486 /*
1487 * Fill in the control structures
1488 */
1489 skb->protocol = htons(ETH_P_IPV6);
1490 skb->ip_summed = csummode;
1491 skb->csum = 0;
1492 /* reserve for fragmentation and ipsec header */
1493 skb_reserve(skb, hh_len + sizeof(struct frag_hdr) +
1494 dst_exthdrlen);
1495
1496 /* Only the initial fragment is time stamped */
1497 skb_shinfo(skb)->tx_flags = tx_flags;
1498 tx_flags = 0;
1499 skb_shinfo(skb)->tskey = tskey;
1500 tskey = 0;
1501
1502 /*
1503 * Find where to start putting bytes
1504 */
1505 data = skb_put(skb, fraglen);
1506 skb_set_network_header(skb, exthdrlen);
1507 data += fragheaderlen;
1508 skb->transport_header = (skb->network_header +
1509 fragheaderlen);
1510 if (fraggap) {
1511 skb->csum = skb_copy_and_csum_bits(
1512 skb_prev, maxfraglen,
1513 data + transhdrlen, fraggap, 0);
1514 skb_prev->csum = csum_sub(skb_prev->csum,
1515 skb->csum);
1516 data += fraggap;
1517 pskb_trim_unique(skb_prev, maxfraglen);
1518 }
1519 if (copy > 0 &&
1520 getfrag(from, data + transhdrlen, offset,
1521 copy, fraggap, skb) < 0) {
1522 err = -EFAULT;
1523 kfree_skb(skb);
1524 goto error;
1525 }
1526
1527 offset += copy;
1528 length -= datalen - fraggap;
1529 transhdrlen = 0;
1530 exthdrlen = 0;
1531 dst_exthdrlen = 0;
1532
1533 /*
1534 * Put the packet on the pending queue
1535 */
1536 __skb_queue_tail(queue, skb);
1537 continue;
1538 }
1539
1540 if (copy > length)
1541 copy = length;
1542
1543 if (!(rt->dst.dev->features&NETIF_F_SG)) {
1544 unsigned int off;
1545
1546 off = skb->len;
1547 if (getfrag(from, skb_put(skb, copy),
1548 offset, copy, off, skb) < 0) {
1549 __skb_trim(skb, off);
1550 err = -EFAULT;
1551 goto error;
1552 }
1553 } else {
1554 int i = skb_shinfo(skb)->nr_frags;
1555
1556 err = -ENOMEM;
1557 if (!sk_page_frag_refill(sk, pfrag))
1558 goto error;
1559
1560 if (!skb_can_coalesce(skb, i, pfrag->page,
1561 pfrag->offset)) {
1562 err = -EMSGSIZE;
1563 if (i == MAX_SKB_FRAGS)
1564 goto error;
1565
1566 __skb_fill_page_desc(skb, i, pfrag->page,
1567 pfrag->offset, 0);
1568 skb_shinfo(skb)->nr_frags = ++i;
1569 get_page(pfrag->page);
1570 }
1571 copy = min_t(int, copy, pfrag->size - pfrag->offset);
1572 if (getfrag(from,
1573 page_address(pfrag->page) + pfrag->offset,
1574 offset, copy, skb->len, skb) < 0)
1575 goto error_efault;
1576
1577 pfrag->offset += copy;
1578 skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
1579 skb->len += copy;
1580 skb->data_len += copy;
1581 skb->truesize += copy;
1582 atomic_add(copy, &sk->sk_wmem_alloc);
1583 }
1584 offset += copy;
1585 length -= copy;
1586 }
1587
1588 return 0;
1589
1590 error_efault:
1591 err = -EFAULT;
1592 error:
1593 cork->length -= length;
1594 IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1595 return err;
1596 }
1597
1598 int ip6_append_data(struct sock *sk,
1599 int getfrag(void *from, char *to, int offset, int len,
1600 int odd, struct sk_buff *skb),
1601 void *from, int length, int transhdrlen,
1602 struct ipcm6_cookie *ipc6, struct flowi6 *fl6,
1603 struct rt6_info *rt, unsigned int flags,
1604 const struct sockcm_cookie *sockc)
1605 {
1606 struct inet_sock *inet = inet_sk(sk);
1607 struct ipv6_pinfo *np = inet6_sk(sk);
1608 int exthdrlen;
1609 int err;
1610
1611 if (flags&MSG_PROBE)
1612 return 0;
1613 if (skb_queue_empty(&sk->sk_write_queue)) {
1614 /*
1615 * setup for corking
1616 */
1617 err = ip6_setup_cork(sk, &inet->cork, &np->cork,
1618 ipc6, rt, fl6);
1619 if (err)
1620 return err;
1621
1622 exthdrlen = (ipc6->opt ? ipc6->opt->opt_flen : 0);
1623 length += exthdrlen;
1624 transhdrlen += exthdrlen;
1625 } else {
1626 fl6 = &inet->cork.fl.u.ip6;
1627 transhdrlen = 0;
1628 }
1629
1630 return __ip6_append_data(sk, fl6, &sk->sk_write_queue, &inet->cork.base,
1631 &np->cork, sk_page_frag(sk), getfrag,
1632 from, length, transhdrlen, flags, ipc6, sockc);
1633 }
1634 EXPORT_SYMBOL_GPL(ip6_append_data);
1635
1636 static void ip6_cork_release(struct inet_cork_full *cork,
1637 struct inet6_cork *v6_cork)
1638 {
1639 if (v6_cork->opt) {
1640 kfree(v6_cork->opt->dst0opt);
1641 kfree(v6_cork->opt->dst1opt);
1642 kfree(v6_cork->opt->hopopt);
1643 kfree(v6_cork->opt->srcrt);
1644 kfree(v6_cork->opt);
1645 v6_cork->opt = NULL;
1646 }
1647
1648 if (cork->base.dst) {
1649 dst_release(cork->base.dst);
1650 cork->base.dst = NULL;
1651 cork->base.flags &= ~IPCORK_ALLFRAG;
1652 }
1653 memset(&cork->fl, 0, sizeof(cork->fl));
1654 }
1655
1656 struct sk_buff *__ip6_make_skb(struct sock *sk,
1657 struct sk_buff_head *queue,
1658 struct inet_cork_full *cork,
1659 struct inet6_cork *v6_cork)
1660 {
1661 struct sk_buff *skb, *tmp_skb;
1662 struct sk_buff **tail_skb;
1663 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf;
1664 struct ipv6_pinfo *np = inet6_sk(sk);
1665 struct net *net = sock_net(sk);
1666 struct ipv6hdr *hdr;
1667 struct ipv6_txoptions *opt = v6_cork->opt;
1668 struct rt6_info *rt = (struct rt6_info *)cork->base.dst;
1669 struct flowi6 *fl6 = &cork->fl.u.ip6;
1670 unsigned char proto = fl6->flowi6_proto;
1671
1672 skb = __skb_dequeue(queue);
1673 if (!skb)
1674 goto out;
1675 tail_skb = &(skb_shinfo(skb)->frag_list);
1676
1677 /* move skb->data to ip header from ext header */
1678 if (skb->data < skb_network_header(skb))
1679 __skb_pull(skb, skb_network_offset(skb));
1680 while ((tmp_skb = __skb_dequeue(queue)) != NULL) {
1681 __skb_pull(tmp_skb, skb_network_header_len(skb));
1682 *tail_skb = tmp_skb;
1683 tail_skb = &(tmp_skb->next);
1684 skb->len += tmp_skb->len;
1685 skb->data_len += tmp_skb->len;
1686 skb->truesize += tmp_skb->truesize;
1687 tmp_skb->destructor = NULL;
1688 tmp_skb->sk = NULL;
1689 }
1690
1691 /* Allow local fragmentation. */
1692 skb->ignore_df = ip6_sk_ignore_df(sk);
1693
1694 *final_dst = fl6->daddr;
1695 __skb_pull(skb, skb_network_header_len(skb));
1696 if (opt && opt->opt_flen)
1697 ipv6_push_frag_opts(skb, opt, &proto);
1698 if (opt && opt->opt_nflen)
1699 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst, &fl6->saddr);
1700
1701 skb_push(skb, sizeof(struct ipv6hdr));
1702 skb_reset_network_header(skb);
1703 hdr = ipv6_hdr(skb);
1704
1705 ip6_flow_hdr(hdr, v6_cork->tclass,
1706 ip6_make_flowlabel(net, skb, fl6->flowlabel,
1707 np->autoflowlabel, fl6));
1708 hdr->hop_limit = v6_cork->hop_limit;
1709 hdr->nexthdr = proto;
1710 hdr->saddr = fl6->saddr;
1711 hdr->daddr = *final_dst;
1712
1713 skb->priority = sk->sk_priority;
1714 skb->mark = sk->sk_mark;
1715
1716 skb_dst_set(skb, dst_clone(&rt->dst));
1717 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
1718 if (proto == IPPROTO_ICMPV6) {
1719 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
1720
1721 ICMP6MSGOUT_INC_STATS(net, idev, icmp6_hdr(skb)->icmp6_type);
1722 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1723 }
1724
1725 ip6_cork_release(cork, v6_cork);
1726 out:
1727 return skb;
1728 }
1729
1730 int ip6_send_skb(struct sk_buff *skb)
1731 {
1732 struct net *net = sock_net(skb->sk);
1733 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
1734 int err;
1735
1736 err = ip6_local_out(net, skb->sk, skb);
1737 if (err) {
1738 if (err > 0)
1739 err = net_xmit_errno(err);
1740 if (err)
1741 IP6_INC_STATS(net, rt->rt6i_idev,
1742 IPSTATS_MIB_OUTDISCARDS);
1743 }
1744
1745 return err;
1746 }
1747
1748 int ip6_push_pending_frames(struct sock *sk)
1749 {
1750 struct sk_buff *skb;
1751
1752 skb = ip6_finish_skb(sk);
1753 if (!skb)
1754 return 0;
1755
1756 return ip6_send_skb(skb);
1757 }
1758 EXPORT_SYMBOL_GPL(ip6_push_pending_frames);
1759
1760 static void __ip6_flush_pending_frames(struct sock *sk,
1761 struct sk_buff_head *queue,
1762 struct inet_cork_full *cork,
1763 struct inet6_cork *v6_cork)
1764 {
1765 struct sk_buff *skb;
1766
1767 while ((skb = __skb_dequeue_tail(queue)) != NULL) {
1768 if (skb_dst(skb))
1769 IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb_dst(skb)),
1770 IPSTATS_MIB_OUTDISCARDS);
1771 kfree_skb(skb);
1772 }
1773
1774 ip6_cork_release(cork, v6_cork);
1775 }
1776
1777 void ip6_flush_pending_frames(struct sock *sk)
1778 {
1779 __ip6_flush_pending_frames(sk, &sk->sk_write_queue,
1780 &inet_sk(sk)->cork, &inet6_sk(sk)->cork);
1781 }
1782 EXPORT_SYMBOL_GPL(ip6_flush_pending_frames);
1783
1784 struct sk_buff *ip6_make_skb(struct sock *sk,
1785 int getfrag(void *from, char *to, int offset,
1786 int len, int odd, struct sk_buff *skb),
1787 void *from, int length, int transhdrlen,
1788 struct ipcm6_cookie *ipc6, struct flowi6 *fl6,
1789 struct rt6_info *rt, unsigned int flags,
1790 const struct sockcm_cookie *sockc)
1791 {
1792 struct inet_cork_full cork;
1793 struct inet6_cork v6_cork;
1794 struct sk_buff_head queue;
1795 int exthdrlen = (ipc6->opt ? ipc6->opt->opt_flen : 0);
1796 int err;
1797
1798 if (flags & MSG_PROBE)
1799 return NULL;
1800
1801 __skb_queue_head_init(&queue);
1802
1803 cork.base.flags = 0;
1804 cork.base.addr = 0;
1805 cork.base.opt = NULL;
1806 v6_cork.opt = NULL;
1807 err = ip6_setup_cork(sk, &cork, &v6_cork, ipc6, rt, fl6);
1808 if (err)
1809 return ERR_PTR(err);
1810
1811 if (ipc6->dontfrag < 0)
1812 ipc6->dontfrag = inet6_sk(sk)->dontfrag;
1813
1814 err = __ip6_append_data(sk, fl6, &queue, &cork.base, &v6_cork,
1815 &current->task_frag, getfrag, from,
1816 length + exthdrlen, transhdrlen + exthdrlen,
1817 flags, ipc6, sockc);
1818 if (err) {
1819 __ip6_flush_pending_frames(sk, &queue, &cork, &v6_cork);
1820 return ERR_PTR(err);
1821 }
1822
1823 return __ip6_make_skb(sk, &queue, &cork, &v6_cork);
1824 }
ubuntu-zesty-kernel mirror