2 * Routines having to do with the 'struct sk_buff' memory handlers.
4 * Authors: Alan Cox <iiitac@pyr.swan.ac.uk>
5 * Florian La Roche <rzsfl@rz.uni-sb.de>
7 * Version: $Id: skbuff.c,v 1.90 2001/11/07 05:56:19 davem Exp $
10 * Alan Cox : Fixed the worst of the load
12 * Dave Platt : Interrupt stacking fix.
13 * Richard Kooijman : Timestamp fixes.
14 * Alan Cox : Changed buffer format.
15 * Alan Cox : destructor hook for AF_UNIX etc.
16 * Linus Torvalds : Better skb_clone.
17 * Alan Cox : Added skb_copy.
18 * Alan Cox : Added all the changed routines Linus
19 * only put in the headers
20 * Ray VanTassle : Fixed --skb->lock in free
21 * Alan Cox : skb_copy copy arp field
22 * Andi Kleen : slabified it.
23 * Robert Olsson : Removed skb_head_pool
26 * The __skb_ routines should be called with interrupts
27 * disabled, or you better be *real* sure that the operation is atomic
28 * with respect to whatever list is being frobbed (e.g. via lock_sock()
29 * or via disabling bottom half handlers, etc).
31 * This program is free software; you can redistribute it and/or
32 * modify it under the terms of the GNU General Public License
33 * as published by the Free Software Foundation; either version
34 * 2 of the License, or (at your option) any later version.
38 * The functions in this file will not compile correctly with gcc 2.4.x
41 #include <linux/config.h>
42 #include <linux/module.h>
43 #include <linux/types.h>
44 #include <linux/kernel.h>
45 #include <linux/sched.h>
47 #include <linux/interrupt.h>
49 #include <linux/inet.h>
50 #include <linux/slab.h>
51 #include <linux/netdevice.h>
52 #ifdef CONFIG_NET_CLS_ACT
53 #include <net/pkt_sched.h>
55 #include <linux/string.h>
56 #include <linux/skbuff.h>
57 #include <linux/cache.h>
58 #include <linux/rtnetlink.h>
59 #include <linux/init.h>
60 #include <linux/highmem.h>
62 #include <net/protocol.h>
65 #include <net/checksum.h>
68 #include <asm/uaccess.h>
69 #include <asm/system.h>
71 static kmem_cache_t *skbuff_head_cache;
74 * Keep out-of-line to prevent kernel bloat.
75 * __builtin_return_address is not used because it is not always
80 * skb_over_panic - private function
85 * Out of line support code for skb_put(). Not user callable.
87 void skb_over_panic(struct sk_buff *skb, int sz, void *here)
89 printk(KERN_INFO "skput:over: %p:%d put:%d dev:%s",
90 here, skb->len, sz, skb->dev ? skb->dev->name : "<NULL>");
95 * skb_under_panic - private function
100 * Out of line support code for skb_push(). Not user callable.
103 void skb_under_panic(struct sk_buff *skb, int sz, void *here)
105 printk(KERN_INFO "skput:under: %p:%d put:%d dev:%s",
106 here, skb->len, sz, skb->dev ? skb->dev->name : "<NULL>");
110 /* Allocate a new skbuff. We do this ourselves so we can fill in a few
111 * 'private' fields and also do memory statistics to find all the
117 * alloc_skb - allocate a network buffer
118 * @size: size to allocate
119 * @gfp_mask: allocation mask
121 * Allocate a new &sk_buff. The returned buffer has no headroom and a
122 * tail room of size bytes. The object has a reference count of one.
123 * The return is the buffer. On a failure the return is %NULL.
125 * Buffers may only be allocated from interrupts using a @gfp_mask of
128 struct sk_buff *alloc_skb(unsigned int size, int gfp_mask)
134 skb = kmem_cache_alloc(skbuff_head_cache,
135 gfp_mask & ~__GFP_DMA);
139 /* Get the DATA. Size must match skb_add_mtu(). */
140 size = SKB_DATA_ALIGN(size);
141 data = kmalloc(size + sizeof(struct skb_shared_info), gfp_mask);
145 memset(skb, 0, offsetof(struct sk_buff, truesize));
146 skb->truesize = size + sizeof(struct sk_buff);
147 atomic_set(&skb->users, 1);
151 skb->end = data + size;
153 atomic_set(&(skb_shinfo(skb)->dataref), 1);
154 skb_shinfo(skb)->nr_frags = 0;
155 skb_shinfo(skb)->tso_size = 0;
156 skb_shinfo(skb)->tso_segs = 0;
157 skb_shinfo(skb)->frag_list = NULL;
161 kmem_cache_free(skbuff_head_cache, skb);
167 * alloc_skb_from_cache - allocate a network buffer
168 * @cp: kmem_cache from which to allocate the data area
169 * (object size must be big enough for @size bytes + skb overheads)
170 * @size: size to allocate
171 * @gfp_mask: allocation mask
173 * Allocate a new &sk_buff. The returned buffer has no headroom and
174 * tail room of size bytes. The object has a reference count of one.
175 * The return is the buffer. On a failure the return is %NULL.
177 * Buffers may only be allocated from interrupts using a @gfp_mask of
180 struct sk_buff *alloc_skb_from_cache(kmem_cache_t *cp,
181 unsigned int size, int gfp_mask)
187 skb = kmem_cache_alloc(skbuff_head_cache,
188 gfp_mask & ~__GFP_DMA);
193 size = SKB_DATA_ALIGN(size);
194 data = kmem_cache_alloc(cp, gfp_mask);
198 memset(skb, 0, offsetof(struct sk_buff, truesize));
199 skb->truesize = size + sizeof(struct sk_buff);
200 atomic_set(&skb->users, 1);
204 skb->end = data + size;
206 atomic_set(&(skb_shinfo(skb)->dataref), 1);
207 skb_shinfo(skb)->nr_frags = 0;
208 skb_shinfo(skb)->tso_size = 0;
209 skb_shinfo(skb)->tso_segs = 0;
210 skb_shinfo(skb)->frag_list = NULL;
214 kmem_cache_free(skbuff_head_cache, skb);
220 static void skb_drop_fraglist(struct sk_buff *skb)
222 struct sk_buff *list = skb_shinfo(skb)->frag_list;
224 skb_shinfo(skb)->frag_list = NULL;
227 struct sk_buff *this = list;
233 static void skb_clone_fraglist(struct sk_buff *skb)
235 struct sk_buff *list;
237 for (list = skb_shinfo(skb)->frag_list; list; list = list->next)
241 void skb_release_data(struct sk_buff *skb)
244 !atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1,
245 &skb_shinfo(skb)->dataref)) {
246 if (skb_shinfo(skb)->nr_frags) {
248 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
249 put_page(skb_shinfo(skb)->frags[i].page);
252 if (skb_shinfo(skb)->frag_list)
253 skb_drop_fraglist(skb);
260 * Free an skbuff by memory without cleaning the state.
262 void kfree_skbmem(struct sk_buff *skb)
264 skb_release_data(skb);
265 kmem_cache_free(skbuff_head_cache, skb);
269 * __kfree_skb - private function
272 * Free an sk_buff. Release anything attached to the buffer.
273 * Clean the state. This is an internal helper function. Users should
274 * always call kfree_skb
277 void __kfree_skb(struct sk_buff *skb)
280 printk(KERN_WARNING "Warning: kfree_skb passed an skb still "
281 "on a list (from %p).\n", NET_CALLER(skb));
285 dst_release(skb->dst);
287 secpath_put(skb->sp);
289 if(skb->destructor) {
291 printk(KERN_WARNING "Warning: kfree_skb on "
292 "hard IRQ %p\n", NET_CALLER(skb));
293 skb->destructor(skb);
295 #ifdef CONFIG_NETFILTER
296 nf_conntrack_put(skb->nfct);
297 #ifdef CONFIG_BRIDGE_NETFILTER
298 nf_bridge_put(skb->nf_bridge);
301 /* XXX: IS this still necessary? - JHS */
302 #ifdef CONFIG_NET_SCHED
304 #ifdef CONFIG_NET_CLS_ACT
314 * skb_clone - duplicate an sk_buff
315 * @skb: buffer to clone
316 * @gfp_mask: allocation priority
318 * Duplicate an &sk_buff. The new one is not owned by a socket. Both
319 * copies share the same packet data but not structure. The new
320 * buffer has a reference count of 1. If the allocation fails the
321 * function returns %NULL otherwise the new buffer is returned.
323 * If this function is called from an interrupt gfp_mask() must be
327 struct sk_buff *skb_clone(struct sk_buff *skb, int gfp_mask)
329 struct sk_buff *n = kmem_cache_alloc(skbuff_head_cache, gfp_mask);
334 #define C(x) n->x = skb->x
336 n->next = n->prev = NULL;
349 secpath_get(skb->sp);
351 memcpy(n->cb, skb->cb, sizeof(skb->cb));
363 n->destructor = NULL;
364 #ifdef CONFIG_NETFILTER
368 nf_conntrack_get(skb->nfct);
370 #ifdef CONFIG_NETFILTER_DEBUG
373 #ifdef CONFIG_BRIDGE_NETFILTER
375 nf_bridge_get(skb->nf_bridge);
377 #endif /*CONFIG_NETFILTER*/
378 #if defined(CONFIG_HIPPI)
381 #ifdef CONFIG_NET_SCHED
383 #ifdef CONFIG_NET_CLS_ACT
384 n->tc_verd = SET_TC_VERD(skb->tc_verd,0);
385 n->tc_verd = CLR_TC_OK2MUNGE(skb->tc_verd);
386 n->tc_verd = CLR_TC_MUNGED(skb->tc_verd);
393 atomic_set(&n->users, 1);
399 atomic_inc(&(skb_shinfo(skb)->dataref));
405 static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
408 * Shift between the two data areas in bytes
410 unsigned long offset = new->data - old->data;
415 new->real_dev = old->real_dev;
416 new->priority = old->priority;
417 new->protocol = old->protocol;
418 new->dst = dst_clone(old->dst);
420 new->sp = secpath_get(old->sp);
422 new->h.raw = old->h.raw + offset;
423 new->nh.raw = old->nh.raw + offset;
424 new->mac.raw = old->mac.raw + offset;
425 memcpy(new->cb, old->cb, sizeof(old->cb));
426 new->local_df = old->local_df;
427 new->pkt_type = old->pkt_type;
428 new->stamp = old->stamp;
429 new->destructor = NULL;
430 new->security = old->security;
431 #ifdef CONFIG_NETFILTER
432 new->nfmark = old->nfmark;
433 new->nfcache = old->nfcache;
434 new->nfct = old->nfct;
435 nf_conntrack_get(old->nfct);
436 new->nfctinfo = old->nfctinfo;
437 #ifdef CONFIG_NETFILTER_DEBUG
438 new->nf_debug = old->nf_debug;
440 #ifdef CONFIG_BRIDGE_NETFILTER
441 new->nf_bridge = old->nf_bridge;
442 nf_bridge_get(old->nf_bridge);
445 #ifdef CONFIG_NET_SCHED
446 #ifdef CONFIG_NET_CLS_ACT
447 new->tc_verd = old->tc_verd;
449 new->tc_index = old->tc_index;
451 atomic_set(&new->users, 1);
452 skb_shinfo(new)->tso_size = skb_shinfo(old)->tso_size;
453 skb_shinfo(new)->tso_segs = skb_shinfo(old)->tso_segs;
457 * skb_copy - create private copy of an sk_buff
458 * @skb: buffer to copy
459 * @gfp_mask: allocation priority
461 * Make a copy of both an &sk_buff and its data. This is used when the
462 * caller wishes to modify the data and needs a private copy of the
463 * data to alter. Returns %NULL on failure or the pointer to the buffer
464 * on success. The returned buffer has a reference count of 1.
466 * As by-product this function converts non-linear &sk_buff to linear
467 * one, so that &sk_buff becomes completely private and caller is allowed
468 * to modify all the data of returned buffer. This means that this
469 * function is not recommended for use in circumstances when only
470 * header is going to be modified. Use pskb_copy() instead.
473 struct sk_buff *skb_copy(const struct sk_buff *skb, int gfp_mask)
475 int headerlen = skb->data - skb->head;
477 * Allocate the copy buffer
479 struct sk_buff *n = alloc_skb(skb->end - skb->head + skb->data_len,
484 /* Set the data pointer */
485 skb_reserve(n, headerlen);
486 /* Set the tail pointer and length */
487 skb_put(n, skb->len);
489 n->ip_summed = skb->ip_summed;
491 if (skb_copy_bits(skb, -headerlen, n->head, headerlen + skb->len))
494 copy_skb_header(n, skb);
500 * pskb_copy - create copy of an sk_buff with private head.
501 * @skb: buffer to copy
502 * @gfp_mask: allocation priority
504 * Make a copy of both an &sk_buff and part of its data, located
505 * in header. Fragmented data remain shared. This is used when
506 * the caller wishes to modify only header of &sk_buff and needs
507 * private copy of the header to alter. Returns %NULL on failure
508 * or the pointer to the buffer on success.
509 * The returned buffer has a reference count of 1.
512 struct sk_buff *pskb_copy(struct sk_buff *skb, int gfp_mask)
515 * Allocate the copy buffer
517 struct sk_buff *n = alloc_skb(skb->end - skb->head, gfp_mask);
522 /* Set the data pointer */
523 skb_reserve(n, skb->data - skb->head);
524 /* Set the tail pointer and length */
525 skb_put(n, skb_headlen(skb));
527 memcpy(n->data, skb->data, n->len);
529 n->ip_summed = skb->ip_summed;
531 n->data_len = skb->data_len;
534 if (skb_shinfo(skb)->nr_frags) {
537 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
538 skb_shinfo(n)->frags[i] = skb_shinfo(skb)->frags[i];
539 get_page(skb_shinfo(n)->frags[i].page);
541 skb_shinfo(n)->nr_frags = i;
544 if (skb_shinfo(skb)->frag_list) {
545 skb_shinfo(n)->frag_list = skb_shinfo(skb)->frag_list;
546 skb_clone_fraglist(n);
549 copy_skb_header(n, skb);
555 * pskb_expand_head - reallocate header of &sk_buff
556 * @skb: buffer to reallocate
557 * @nhead: room to add at head
558 * @ntail: room to add at tail
559 * @gfp_mask: allocation priority
561 * Expands (or creates identical copy, if &nhead and &ntail are zero)
562 * header of skb. &sk_buff itself is not changed. &sk_buff MUST have
563 * reference count of 1. Returns zero in the case of success or error,
564 * if expansion failed. In the last case, &sk_buff is not changed.
566 * All the pointers pointing into skb header may change and must be
567 * reloaded after call to this function.
570 int pskb_expand_head(struct sk_buff *skb, int nhead, int ntail, int gfp_mask)
574 int size = nhead + (skb->end - skb->head) + ntail;
580 size = SKB_DATA_ALIGN(size);
582 data = kmalloc(size + sizeof(struct skb_shared_info), gfp_mask);
586 /* Copy only real data... and, alas, header. This should be
587 * optimized for the cases when header is void. */
588 memcpy(data + nhead, skb->head, skb->tail - skb->head);
589 memcpy(data + size, skb->end, sizeof(struct skb_shared_info));
591 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
592 get_page(skb_shinfo(skb)->frags[i].page);
594 if (skb_shinfo(skb)->frag_list)
595 skb_clone_fraglist(skb);
597 skb_release_data(skb);
599 off = (data + nhead) - skb->head;
602 skb->end = data + size;
610 atomic_set(&skb_shinfo(skb)->dataref, 1);
617 /* Make private copy of skb with writable head and some headroom */
619 struct sk_buff *skb_realloc_headroom(struct sk_buff *skb, unsigned int headroom)
621 struct sk_buff *skb2;
622 int delta = headroom - skb_headroom(skb);
625 skb2 = pskb_copy(skb, GFP_ATOMIC);
627 skb2 = skb_clone(skb, GFP_ATOMIC);
628 if (skb2 && pskb_expand_head(skb2, SKB_DATA_ALIGN(delta), 0,
639 * skb_copy_expand - copy and expand sk_buff
640 * @skb: buffer to copy
641 * @newheadroom: new free bytes at head
642 * @newtailroom: new free bytes at tail
643 * @gfp_mask: allocation priority
645 * Make a copy of both an &sk_buff and its data and while doing so
646 * allocate additional space.
648 * This is used when the caller wishes to modify the data and needs a
649 * private copy of the data to alter as well as more space for new fields.
650 * Returns %NULL on failure or the pointer to the buffer
651 * on success. The returned buffer has a reference count of 1.
653 * You must pass %GFP_ATOMIC as the allocation priority if this function
654 * is called from an interrupt.
656 * BUG ALERT: ip_summed is not copied. Why does this work? Is it used
657 * only by netfilter in the cases when checksum is recalculated? --ANK
659 struct sk_buff *skb_copy_expand(const struct sk_buff *skb,
660 int newheadroom, int newtailroom, int gfp_mask)
663 * Allocate the copy buffer
665 struct sk_buff *n = alloc_skb(newheadroom + skb->len + newtailroom,
667 int head_copy_len, head_copy_off;
672 skb_reserve(n, newheadroom);
674 /* Set the tail pointer and length */
675 skb_put(n, skb->len);
677 head_copy_len = skb_headroom(skb);
679 if (newheadroom <= head_copy_len)
680 head_copy_len = newheadroom;
682 head_copy_off = newheadroom - head_copy_len;
684 /* Copy the linear header and data. */
685 if (skb_copy_bits(skb, -head_copy_len, n->head + head_copy_off,
686 skb->len + head_copy_len))
689 copy_skb_header(n, skb);
695 * skb_pad - zero pad the tail of an skb
696 * @skb: buffer to pad
699 * Ensure that a buffer is followed by a padding area that is zero
700 * filled. Used by network drivers which may DMA or transfer data
701 * beyond the buffer end onto the wire.
703 * May return NULL in out of memory cases.
706 struct sk_buff *skb_pad(struct sk_buff *skb, int pad)
708 struct sk_buff *nskb;
710 /* If the skbuff is non linear tailroom is always zero.. */
711 if (skb_tailroom(skb) >= pad) {
712 memset(skb->data+skb->len, 0, pad);
716 nskb = skb_copy_expand(skb, skb_headroom(skb), skb_tailroom(skb) + pad, GFP_ATOMIC);
719 memset(nskb->data+nskb->len, 0, pad);
723 /* Trims skb to length len. It can change skb pointers, if "realloc" is 1.
724 * If realloc==0 and trimming is impossible without change of data,
728 int ___pskb_trim(struct sk_buff *skb, unsigned int len, int realloc)
730 int offset = skb_headlen(skb);
731 int nfrags = skb_shinfo(skb)->nr_frags;
734 for (i = 0; i < nfrags; i++) {
735 int end = offset + skb_shinfo(skb)->frags[i].size;
737 if (skb_cloned(skb)) {
740 if (pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
744 put_page(skb_shinfo(skb)->frags[i].page);
745 skb_shinfo(skb)->nr_frags--;
747 skb_shinfo(skb)->frags[i].size = len - offset;
754 skb->data_len -= skb->len - len;
757 if (len <= skb_headlen(skb)) {
760 skb->tail = skb->data + len;
761 if (skb_shinfo(skb)->frag_list && !skb_cloned(skb))
762 skb_drop_fraglist(skb);
764 skb->data_len -= skb->len - len;
773 * __pskb_pull_tail - advance tail of skb header
774 * @skb: buffer to reallocate
775 * @delta: number of bytes to advance tail
777 * The function makes a sense only on a fragmented &sk_buff,
778 * it expands header moving its tail forward and copying necessary
779 * data from fragmented part.
781 * &sk_buff MUST have reference count of 1.
783 * Returns %NULL (and &sk_buff does not change) if pull failed
784 * or value of new tail of skb in the case of success.
786 * All the pointers pointing into skb header may change and must be
787 * reloaded after call to this function.
790 /* Moves tail of skb head forward, copying data from fragmented part,
791 * when it is necessary.
792 * 1. It may fail due to malloc failure.
793 * 2. It may change skb pointers.
795 * It is pretty complicated. Luckily, it is called only in exceptional cases.
797 unsigned char *__pskb_pull_tail(struct sk_buff *skb, int delta)
799 /* If skb has not enough free space at tail, get new one
800 * plus 128 bytes for future expansions. If we have enough
801 * room at tail, reallocate without expansion only if skb is cloned.
803 int i, k, eat = (skb->tail + delta) - skb->end;
805 if (eat > 0 || skb_cloned(skb)) {
806 if (pskb_expand_head(skb, 0, eat > 0 ? eat + 128 : 0,
811 if (skb_copy_bits(skb, skb_headlen(skb), skb->tail, delta))
814 /* Optimization: no fragments, no reasons to preestimate
815 * size of pulled pages. Superb.
817 if (!skb_shinfo(skb)->frag_list)
820 /* Estimate size of pulled pages. */
822 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
823 if (skb_shinfo(skb)->frags[i].size >= eat)
825 eat -= skb_shinfo(skb)->frags[i].size;
828 /* If we need update frag list, we are in troubles.
829 * Certainly, it possible to add an offset to skb data,
830 * but taking into account that pulling is expected to
831 * be very rare operation, it is worth to fight against
832 * further bloating skb head and crucify ourselves here instead.
833 * Pure masohism, indeed. 8)8)
836 struct sk_buff *list = skb_shinfo(skb)->frag_list;
837 struct sk_buff *clone = NULL;
838 struct sk_buff *insp = NULL;
844 if (list->len <= eat) {
845 /* Eaten as whole. */
850 /* Eaten partially. */
852 if (skb_shared(list)) {
853 /* Sucks! We need to fork list. :-( */
854 clone = skb_clone(list, GFP_ATOMIC);
860 /* This may be pulled without
864 if (!pskb_pull(list, eat)) {
873 /* Free pulled out fragments. */
874 while ((list = skb_shinfo(skb)->frag_list) != insp) {
875 skb_shinfo(skb)->frag_list = list->next;
878 /* And insert new clone at head. */
881 skb_shinfo(skb)->frag_list = clone;
884 /* Success! Now we may commit changes to skb data. */
889 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
890 if (skb_shinfo(skb)->frags[i].size <= eat) {
891 put_page(skb_shinfo(skb)->frags[i].page);
892 eat -= skb_shinfo(skb)->frags[i].size;
894 skb_shinfo(skb)->frags[k] = skb_shinfo(skb)->frags[i];
896 skb_shinfo(skb)->frags[k].page_offset += eat;
897 skb_shinfo(skb)->frags[k].size -= eat;
903 skb_shinfo(skb)->nr_frags = k;
906 skb->data_len -= delta;
911 /* Copy some data bits from skb to kernel buffer. */
913 int skb_copy_bits(const struct sk_buff *skb, int offset, void *to, int len)
916 int start = skb_headlen(skb);
918 if (offset > (int)skb->len - len)
922 if ((copy = start - offset) > 0) {
925 memcpy(to, skb->data + offset, copy);
926 if ((len -= copy) == 0)
932 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
935 BUG_TRAP(start <= offset + len);
937 end = start + skb_shinfo(skb)->frags[i].size;
938 if ((copy = end - offset) > 0) {
944 vaddr = kmap_skb_frag(&skb_shinfo(skb)->frags[i]);
946 vaddr + skb_shinfo(skb)->frags[i].page_offset+
947 offset - start, copy);
948 kunmap_skb_frag(vaddr);
950 if ((len -= copy) == 0)
958 if (skb_shinfo(skb)->frag_list) {
959 struct sk_buff *list = skb_shinfo(skb)->frag_list;
961 for (; list; list = list->next) {
964 BUG_TRAP(start <= offset + len);
966 end = start + list->len;
967 if ((copy = end - offset) > 0) {
970 if (skb_copy_bits(list, offset - start,
973 if ((len -= copy) == 0)
989 * skb_store_bits - store bits from kernel buffer to skb
990 * @skb: destination buffer
991 * @offset: offset in destination
992 * @from: source buffer
993 * @len: number of bytes to copy
995 * Copy the specified number of bytes from the source buffer to the
996 * destination skb. This function handles all the messy bits of
997 * traversing fragment lists and such.
1000 int skb_store_bits(const struct sk_buff *skb, int offset, void *from, int len)
1003 int start = skb_headlen(skb);
1005 if (offset > (int)skb->len - len)
1008 if ((copy = start - offset) > 0) {
1011 memcpy(skb->data + offset, from, copy);
1012 if ((len -= copy) == 0)
1018 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1019 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
1022 BUG_TRAP(start <= offset + len);
1024 end = start + frag->size;
1025 if ((copy = end - offset) > 0) {
1031 vaddr = kmap_skb_frag(frag);
1032 memcpy(vaddr + frag->page_offset + offset - start,
1034 kunmap_skb_frag(vaddr);
1036 if ((len -= copy) == 0)
1044 if (skb_shinfo(skb)->frag_list) {
1045 struct sk_buff *list = skb_shinfo(skb)->frag_list;
1047 for (; list; list = list->next) {
1050 BUG_TRAP(start <= offset + len);
1052 end = start + list->len;
1053 if ((copy = end - offset) > 0) {
1056 if (skb_store_bits(list, offset - start,
1059 if ((len -= copy) == 0)
1074 EXPORT_SYMBOL(skb_store_bits);
1076 /* Checksum skb data. */
1078 unsigned int skb_checksum(const struct sk_buff *skb, int offset,
1079 int len, unsigned int csum)
1081 int start = skb_headlen(skb);
1082 int i, copy = start - offset;
1085 /* Checksum header. */
1089 csum = csum_partial(skb->data + offset, copy, csum);
1090 if ((len -= copy) == 0)
1096 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1099 BUG_TRAP(start <= offset + len);
1101 end = start + skb_shinfo(skb)->frags[i].size;
1102 if ((copy = end - offset) > 0) {
1105 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
1109 vaddr = kmap_skb_frag(frag);
1110 csum2 = csum_partial(vaddr + frag->page_offset +
1111 offset - start, copy, 0);
1112 kunmap_skb_frag(vaddr);
1113 csum = csum_block_add(csum, csum2, pos);
1122 if (skb_shinfo(skb)->frag_list) {
1123 struct sk_buff *list = skb_shinfo(skb)->frag_list;
1125 for (; list; list = list->next) {
1128 BUG_TRAP(start <= offset + len);
1130 end = start + list->len;
1131 if ((copy = end - offset) > 0) {
1135 csum2 = skb_checksum(list, offset - start,
1137 csum = csum_block_add(csum, csum2, pos);
1138 if ((len -= copy) == 0)
1152 /* Both of above in one bottle. */
1154 unsigned int skb_copy_and_csum_bits(const struct sk_buff *skb, int offset,
1155 u8 *to, int len, unsigned int csum)
1157 int start = skb_headlen(skb);
1158 int i, copy = start - offset;
1165 csum = csum_partial_copy_nocheck(skb->data + offset, to,
1167 if ((len -= copy) == 0)
1174 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1177 BUG_TRAP(start <= offset + len);
1179 end = start + skb_shinfo(skb)->frags[i].size;
1180 if ((copy = end - offset) > 0) {
1183 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
1187 vaddr = kmap_skb_frag(frag);
1188 csum2 = csum_partial_copy_nocheck(vaddr +
1192 kunmap_skb_frag(vaddr);
1193 csum = csum_block_add(csum, csum2, pos);
1203 if (skb_shinfo(skb)->frag_list) {
1204 struct sk_buff *list = skb_shinfo(skb)->frag_list;
1206 for (; list; list = list->next) {
1210 BUG_TRAP(start <= offset + len);
1212 end = start + list->len;
1213 if ((copy = end - offset) > 0) {
1216 csum2 = skb_copy_and_csum_bits(list,
1219 csum = csum_block_add(csum, csum2, pos);
1220 if ((len -= copy) == 0)
1234 void skb_copy_and_csum_dev(const struct sk_buff *skb, u8 *to)
1239 if (skb->ip_summed == CHECKSUM_HW)
1240 csstart = skb->h.raw - skb->data;
1242 csstart = skb_headlen(skb);
1244 if (csstart > skb_headlen(skb))
1247 memcpy(to, skb->data, csstart);
1250 if (csstart != skb->len)
1251 csum = skb_copy_and_csum_bits(skb, csstart, to + csstart,
1252 skb->len - csstart, 0);
1254 if (skb->ip_summed == CHECKSUM_HW) {
1255 long csstuff = csstart + skb->csum;
1257 *((unsigned short *)(to + csstuff)) = csum_fold(csum);
1262 * skb_dequeue - remove from the head of the queue
1263 * @list: list to dequeue from
1265 * Remove the head of the list. The list lock is taken so the function
1266 * may be used safely with other locking list functions. The head item is
1267 * returned or %NULL if the list is empty.
1270 struct sk_buff *skb_dequeue(struct sk_buff_head *list)
1272 unsigned long flags;
1273 struct sk_buff *result;
1275 spin_lock_irqsave(&list->lock, flags);
1276 result = __skb_dequeue(list);
1277 spin_unlock_irqrestore(&list->lock, flags);
1282 * skb_dequeue_tail - remove from the tail of the queue
1283 * @list: list to dequeue from
1285 * Remove the tail of the list. The list lock is taken so the function
1286 * may be used safely with other locking list functions. The tail item is
1287 * returned or %NULL if the list is empty.
1289 struct sk_buff *skb_dequeue_tail(struct sk_buff_head *list)
1291 unsigned long flags;
1292 struct sk_buff *result;
1294 spin_lock_irqsave(&list->lock, flags);
1295 result = __skb_dequeue_tail(list);
1296 spin_unlock_irqrestore(&list->lock, flags);
1301 * skb_queue_purge - empty a list
1302 * @list: list to empty
1304 * Delete all buffers on an &sk_buff list. Each buffer is removed from
1305 * the list and one reference dropped. This function takes the list
1306 * lock and is atomic with respect to other list locking functions.
1308 void skb_queue_purge(struct sk_buff_head *list)
1310 struct sk_buff *skb;
1311 while ((skb = skb_dequeue(list)) != NULL)
1316 * skb_queue_head - queue a buffer at the list head
1317 * @list: list to use
1318 * @newsk: buffer to queue
1320 * Queue a buffer at the start of the list. This function takes the
1321 * list lock and can be used safely with other locking &sk_buff functions
1324 * A buffer cannot be placed on two lists at the same time.
1326 void skb_queue_head(struct sk_buff_head *list, struct sk_buff *newsk)
1328 unsigned long flags;
1330 spin_lock_irqsave(&list->lock, flags);
1331 __skb_queue_head(list, newsk);
1332 spin_unlock_irqrestore(&list->lock, flags);
1336 * skb_queue_tail - queue a buffer at the list tail
1337 * @list: list to use
1338 * @newsk: buffer to queue
1340 * Queue a buffer at the tail of the list. This function takes the
1341 * list lock and can be used safely with other locking &sk_buff functions
1344 * A buffer cannot be placed on two lists at the same time.
1346 void skb_queue_tail(struct sk_buff_head *list, struct sk_buff *newsk)
1348 unsigned long flags;
1350 spin_lock_irqsave(&list->lock, flags);
1351 __skb_queue_tail(list, newsk);
1352 spin_unlock_irqrestore(&list->lock, flags);
1355 * skb_unlink - remove a buffer from a list
1356 * @skb: buffer to remove
1358 * Place a packet after a given packet in a list. The list locks are taken
1359 * and this function is atomic with respect to other list locked calls
1361 * Works even without knowing the list it is sitting on, which can be
1362 * handy at times. It also means that THE LIST MUST EXIST when you
1363 * unlink. Thus a list must have its contents unlinked before it is
1366 void skb_unlink(struct sk_buff *skb)
1368 struct sk_buff_head *list = skb->list;
1371 unsigned long flags;
1373 spin_lock_irqsave(&list->lock, flags);
1374 if (skb->list == list)
1375 __skb_unlink(skb, skb->list);
1376 spin_unlock_irqrestore(&list->lock, flags);
1382 * skb_append - append a buffer
1383 * @old: buffer to insert after
1384 * @newsk: buffer to insert
1386 * Place a packet after a given packet in a list. The list locks are taken
1387 * and this function is atomic with respect to other list locked calls.
1388 * A buffer cannot be placed on two lists at the same time.
1391 void skb_append(struct sk_buff *old, struct sk_buff *newsk)
1393 unsigned long flags;
1395 spin_lock_irqsave(&old->list->lock, flags);
1396 __skb_append(old, newsk);
1397 spin_unlock_irqrestore(&old->list->lock, flags);
1402 * skb_insert - insert a buffer
1403 * @old: buffer to insert before
1404 * @newsk: buffer to insert
1406 * Place a packet before a given packet in a list. The list locks are taken
1407 * and this function is atomic with respect to other list locked calls
1408 * A buffer cannot be placed on two lists at the same time.
1411 void skb_insert(struct sk_buff *old, struct sk_buff *newsk)
1413 unsigned long flags;
1415 spin_lock_irqsave(&old->list->lock, flags);
1416 __skb_insert(newsk, old->prev, old, old->list);
1417 spin_unlock_irqrestore(&old->list->lock, flags);
1422 * Tune the memory allocator for a new MTU size.
1424 void skb_add_mtu(int mtu)
1426 /* Must match allocation in alloc_skb */
1427 mtu = SKB_DATA_ALIGN(mtu) + sizeof(struct skb_shared_info);
1429 kmem_add_cache_size(mtu);
1433 static inline void skb_split_inside_header(struct sk_buff *skb,
1434 struct sk_buff* skb1,
1435 const u32 len, const int pos)
1439 memcpy(skb_put(skb1, pos - len), skb->data + len, pos - len);
1441 /* And move data appendix as is. */
1442 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
1443 skb_shinfo(skb1)->frags[i] = skb_shinfo(skb)->frags[i];
1445 skb_shinfo(skb1)->nr_frags = skb_shinfo(skb)->nr_frags;
1446 skb_shinfo(skb)->nr_frags = 0;
1447 skb1->data_len = skb->data_len;
1448 skb1->len += skb1->data_len;
1451 skb->tail = skb->data + len;
1454 static inline void skb_split_no_header(struct sk_buff *skb,
1455 struct sk_buff* skb1,
1456 const u32 len, int pos)
1459 const int nfrags = skb_shinfo(skb)->nr_frags;
1461 skb_shinfo(skb)->nr_frags = 0;
1462 skb1->len = skb1->data_len = skb->len - len;
1464 skb->data_len = len - pos;
1466 for (i = 0; i < nfrags; i++) {
1467 int size = skb_shinfo(skb)->frags[i].size;
1469 if (pos + size > len) {
1470 skb_shinfo(skb1)->frags[k] = skb_shinfo(skb)->frags[i];
1474 * We have two variants in this case:
1475 * 1. Move all the frag to the second
1476 * part, if it is possible. F.e.
1477 * this approach is mandatory for TUX,
1478 * where splitting is expensive.
1479 * 2. Split is accurately. We make this.
1481 get_page(skb_shinfo(skb)->frags[i].page);
1482 skb_shinfo(skb1)->frags[0].page_offset += len - pos;
1483 skb_shinfo(skb1)->frags[0].size -= len - pos;
1484 skb_shinfo(skb)->frags[i].size = len - pos;
1485 skb_shinfo(skb)->nr_frags++;
1489 skb_shinfo(skb)->nr_frags++;
1492 skb_shinfo(skb1)->nr_frags = k;
1496 * skb_split - Split fragmented skb to two parts at length len.
1497 * @skb: the buffer to split
1498 * @skb1: the buffer to receive the second part
1499 * @len: new length for skb
1501 void skb_split(struct sk_buff *skb, struct sk_buff *skb1, const u32 len)
1503 int pos = skb_headlen(skb);
1505 if (len < pos) /* Split line is inside header. */
1506 skb_split_inside_header(skb, skb1, len, pos);
1507 else /* Second chunk has no header, nothing to copy. */
1508 skb_split_no_header(skb, skb1, len, pos);
1511 void __init skb_init(void)
1513 skbuff_head_cache = kmem_cache_create("skbuff_head_cache",
1514 sizeof(struct sk_buff),
1518 if (!skbuff_head_cache)
1519 panic("cannot create skbuff cache");
1522 EXPORT_SYMBOL(___pskb_trim);
1523 EXPORT_SYMBOL(__kfree_skb);
1524 EXPORT_SYMBOL(__pskb_pull_tail);
1525 EXPORT_SYMBOL(alloc_skb);
1526 EXPORT_SYMBOL(pskb_copy);
1527 EXPORT_SYMBOL(pskb_expand_head);
1528 EXPORT_SYMBOL(skb_checksum);
1529 EXPORT_SYMBOL(skb_clone);
1530 EXPORT_SYMBOL(skb_clone_fraglist);
1531 EXPORT_SYMBOL(skb_copy);
1532 EXPORT_SYMBOL(skb_copy_and_csum_bits);
1533 EXPORT_SYMBOL(skb_copy_and_csum_dev);
1534 EXPORT_SYMBOL(skb_copy_bits);
1535 EXPORT_SYMBOL(skb_copy_expand);
1536 EXPORT_SYMBOL(skb_over_panic);
1537 EXPORT_SYMBOL(skb_pad);
1538 EXPORT_SYMBOL(skb_realloc_headroom);
1539 EXPORT_SYMBOL(skb_under_panic);
1540 EXPORT_SYMBOL(skb_dequeue);
1541 EXPORT_SYMBOL(skb_dequeue_tail);
1542 EXPORT_SYMBOL(skb_insert);
1543 EXPORT_SYMBOL(skb_queue_purge);
1544 EXPORT_SYMBOL(skb_queue_head);
1545 EXPORT_SYMBOL(skb_queue_tail);
1546 EXPORT_SYMBOL(skb_unlink);
1547 EXPORT_SYMBOL(skb_append);
1548 EXPORT_SYMBOL(skb_split);
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob