2 * IPv6 output functions
3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
8 * Based on linux/net/ipv4/ip_output.c
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
16 * A.N.Kuznetsov : airthmetics in fragmentation.
17 * extension headers are implemented.
18 * route changes now work.
19 * ip6_forward does not confuse sniffers.
22 * H. von Brand : Added missing #include <linux/string.h>
23 * Imran Patel : frag id should be in NBO
24 * Kazunori MIYAZAWA @USAGI
25 * : add ip6_append_data and related functions
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/string.h>
32 #include <linux/socket.h>
33 #include <linux/net.h>
34 #include <linux/netdevice.h>
35 #include <linux/if_arp.h>
36 #include <linux/in6.h>
37 #include <linux/tcp.h>
38 #include <linux/route.h>
39 #include <linux/module.h>
41 #include <linux/netfilter.h>
42 #include <linux/netfilter_ipv6.h>
48 #include <net/ndisc.h>
49 #include <net/protocol.h>
50 #include <net/ip6_route.h>
51 #include <net/addrconf.h>
52 #include <net/rawv6.h>
55 #include <net/checksum.h>
56 #include <linux/mroute6.h>
58 static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *));
60 static __inline__ void ipv6_select_ident(struct sk_buff *skb, struct frag_hdr *fhdr)
62 static u32 ipv6_fragmentation_id = 1;
63 static DEFINE_SPINLOCK(ip6_id_lock);
65 spin_lock_bh(&ip6_id_lock);
66 fhdr->identification = htonl(ipv6_fragmentation_id);
67 if (++ipv6_fragmentation_id == 0)
68 ipv6_fragmentation_id = 1;
69 spin_unlock_bh(&ip6_id_lock);
72 int __ip6_local_out(struct sk_buff *skb)
76 len = skb->len - sizeof(struct ipv6hdr);
77 if (len > IPV6_MAXPLEN)
79 ipv6_hdr(skb)->payload_len = htons(len);
81 return nf_hook(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, skb->dst->dev,
85 int ip6_local_out(struct sk_buff *skb)
89 err = __ip6_local_out(skb);
91 err = dst_output(skb);
95 EXPORT_SYMBOL_GPL(ip6_local_out);
97 static int ip6_output_finish(struct sk_buff *skb)
99 struct dst_entry *dst = skb->dst;
102 return neigh_hh_output(dst->hh, skb);
103 else if (dst->neighbour)
104 return dst->neighbour->output(skb);
106 IP6_INC_STATS_BH(dev_net(dst->dev),
107 ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
113 /* dev_loopback_xmit for use with netfilter. */
114 static int ip6_dev_loopback_xmit(struct sk_buff *newskb)
116 skb_reset_mac_header(newskb);
117 __skb_pull(newskb, skb_network_offset(newskb));
118 newskb->pkt_type = PACKET_LOOPBACK;
119 newskb->ip_summed = CHECKSUM_UNNECESSARY;
120 WARN_ON(!newskb->dst);
127 static int ip6_output2(struct sk_buff *skb)
129 struct dst_entry *dst = skb->dst;
130 struct net_device *dev = dst->dev;
132 skb->protocol = htons(ETH_P_IPV6);
135 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
136 struct ipv6_pinfo* np = skb->sk ? inet6_sk(skb->sk) : NULL;
137 struct inet6_dev *idev = ip6_dst_idev(skb->dst);
139 if (!(dev->flags & IFF_LOOPBACK) && (!np || np->mc_loop) &&
140 ((mroute6_socket && !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
141 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
142 &ipv6_hdr(skb)->saddr))) {
143 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
145 /* Do not check for IFF_ALLMULTI; multicast routing
146 is not supported in any case.
149 NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, newskb,
151 ip6_dev_loopback_xmit);
153 if (ipv6_hdr(skb)->hop_limit == 0) {
154 IP6_INC_STATS(dev_net(dev), idev,
155 IPSTATS_MIB_OUTDISCARDS);
161 IP6_INC_STATS(dev_net(dev), idev, IPSTATS_MIB_OUTMCASTPKTS);
164 return NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, skb, NULL, skb->dev,
168 static inline int ip6_skb_dst_mtu(struct sk_buff *skb)
170 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
172 return (np && np->pmtudisc == IPV6_PMTUDISC_PROBE) ?
173 skb->dst->dev->mtu : dst_mtu(skb->dst);
176 int ip6_output(struct sk_buff *skb)
178 struct inet6_dev *idev = ip6_dst_idev(skb->dst);
179 if (unlikely(idev->cnf.disable_ipv6)) {
180 IP6_INC_STATS(dev_net(skb->dst->dev), idev,
181 IPSTATS_MIB_OUTDISCARDS);
186 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
187 dst_allfrag(skb->dst))
188 return ip6_fragment(skb, ip6_output2);
190 return ip6_output2(skb);
194 * xmit an sk_buff (used by TCP)
197 int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl,
198 struct ipv6_txoptions *opt, int ipfragok)
200 struct net *net = sock_net(sk);
201 struct ipv6_pinfo *np = inet6_sk(sk);
202 struct in6_addr *first_hop = &fl->fl6_dst;
203 struct dst_entry *dst = skb->dst;
205 u8 proto = fl->proto;
206 int seg_len = skb->len;
211 unsigned int head_room;
213 /* First: exthdrs may take lots of space (~8K for now)
214 MAX_HEADER is not enough.
216 head_room = opt->opt_nflen + opt->opt_flen;
217 seg_len += head_room;
218 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev);
220 if (skb_headroom(skb) < head_room) {
221 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room);
223 IP6_INC_STATS(net, ip6_dst_idev(skb->dst),
224 IPSTATS_MIB_OUTDISCARDS);
231 skb_set_owner_w(skb, sk);
234 ipv6_push_frag_opts(skb, opt, &proto);
236 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop);
239 skb_push(skb, sizeof(struct ipv6hdr));
240 skb_reset_network_header(skb);
243 /* Allow local fragmentation. */
248 * Fill in the IPv6 header
253 hlimit = np->hop_limit;
255 hlimit = ip6_dst_hoplimit(dst);
263 *(__be32 *)hdr = htonl(0x60000000 | (tclass << 20)) | fl->fl6_flowlabel;
265 hdr->payload_len = htons(seg_len);
266 hdr->nexthdr = proto;
267 hdr->hop_limit = hlimit;
269 ipv6_addr_copy(&hdr->saddr, &fl->fl6_src);
270 ipv6_addr_copy(&hdr->daddr, first_hop);
272 skb->priority = sk->sk_priority;
273 skb->mark = sk->sk_mark;
276 if ((skb->len <= mtu) || skb->local_df || skb_is_gso(skb)) {
277 IP6_INC_STATS(net, ip6_dst_idev(skb->dst),
278 IPSTATS_MIB_OUTREQUESTS);
279 return NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
284 printk(KERN_DEBUG "IPv6: sending pkt_too_big to self\n");
286 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, skb->dev);
287 IP6_INC_STATS(net, ip6_dst_idev(skb->dst), IPSTATS_MIB_FRAGFAILS);
292 EXPORT_SYMBOL(ip6_xmit);
295 * To avoid extra problems ND packets are send through this
296 * routine. It's code duplication but I really want to avoid
297 * extra checks since ipv6_build_header is used by TCP (which
298 * is for us performance critical)
301 int ip6_nd_hdr(struct sock *sk, struct sk_buff *skb, struct net_device *dev,
302 const struct in6_addr *saddr, const struct in6_addr *daddr,
305 struct ipv6_pinfo *np = inet6_sk(sk);
309 skb->protocol = htons(ETH_P_IPV6);
312 totlen = len + sizeof(struct ipv6hdr);
314 skb_reset_network_header(skb);
315 skb_put(skb, sizeof(struct ipv6hdr));
318 *(__be32*)hdr = htonl(0x60000000);
320 hdr->payload_len = htons(len);
321 hdr->nexthdr = proto;
322 hdr->hop_limit = np->hop_limit;
324 ipv6_addr_copy(&hdr->saddr, saddr);
325 ipv6_addr_copy(&hdr->daddr, daddr);
330 static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
332 struct ip6_ra_chain *ra;
333 struct sock *last = NULL;
335 read_lock(&ip6_ra_lock);
336 for (ra = ip6_ra_chain; ra; ra = ra->next) {
337 struct sock *sk = ra->sk;
338 if (sk && ra->sel == sel &&
339 (!sk->sk_bound_dev_if ||
340 sk->sk_bound_dev_if == skb->dev->ifindex)) {
342 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
344 rawv6_rcv(last, skb2);
351 rawv6_rcv(last, skb);
352 read_unlock(&ip6_ra_lock);
355 read_unlock(&ip6_ra_lock);
359 static int ip6_forward_proxy_check(struct sk_buff *skb)
361 struct ipv6hdr *hdr = ipv6_hdr(skb);
362 u8 nexthdr = hdr->nexthdr;
365 if (ipv6_ext_hdr(nexthdr)) {
366 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr);
370 offset = sizeof(struct ipv6hdr);
372 if (nexthdr == IPPROTO_ICMPV6) {
373 struct icmp6hdr *icmp6;
375 if (!pskb_may_pull(skb, (skb_network_header(skb) +
376 offset + 1 - skb->data)))
379 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset);
381 switch (icmp6->icmp6_type) {
382 case NDISC_ROUTER_SOLICITATION:
383 case NDISC_ROUTER_ADVERTISEMENT:
384 case NDISC_NEIGHBOUR_SOLICITATION:
385 case NDISC_NEIGHBOUR_ADVERTISEMENT:
387 /* For reaction involving unicast neighbor discovery
388 * message destined to the proxied address, pass it to
398 * The proxying router can't forward traffic sent to a link-local
399 * address, so signal the sender and discard the packet. This
400 * behavior is clarified by the MIPv6 specification.
402 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) {
403 dst_link_failure(skb);
410 static inline int ip6_forward_finish(struct sk_buff *skb)
412 return dst_output(skb);
415 int ip6_forward(struct sk_buff *skb)
417 struct dst_entry *dst = skb->dst;
418 struct ipv6hdr *hdr = ipv6_hdr(skb);
419 struct inet6_skb_parm *opt = IP6CB(skb);
420 struct net *net = dev_net(dst->dev);
422 if (net->ipv6.devconf_all->forwarding == 0)
425 if (skb_warn_if_lro(skb))
428 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
429 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
433 skb_forward_csum(skb);
436 * We DO NOT make any processing on
437 * RA packets, pushing them to user level AS IS
438 * without ane WARRANTY that application will be able
439 * to interpret them. The reason is that we
440 * cannot make anything clever here.
442 * We are not end-node, so that if packet contains
443 * AH/ESP, we cannot make anything.
444 * Defragmentation also would be mistake, RA packets
445 * cannot be fragmented, because there is no warranty
446 * that different fragments will go along one path. --ANK
449 u8 *ptr = skb_network_header(skb) + opt->ra;
450 if (ip6_call_ra_chain(skb, (ptr[2]<<8) + ptr[3]))
455 * check and decrement ttl
457 if (hdr->hop_limit <= 1) {
458 /* Force OUTPUT device used as source address */
460 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
462 IP6_INC_STATS_BH(net,
463 ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS);
469 /* XXX: idev->cnf.proxy_ndp? */
470 if (net->ipv6.devconf_all->proxy_ndp &&
471 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
472 int proxied = ip6_forward_proxy_check(skb);
474 return ip6_input(skb);
475 else if (proxied < 0) {
476 IP6_INC_STATS(net, ip6_dst_idev(dst),
477 IPSTATS_MIB_INDISCARDS);
482 if (!xfrm6_route_forward(skb)) {
483 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
488 /* IPv6 specs say nothing about it, but it is clear that we cannot
489 send redirects to source routed frames.
490 We don't send redirects to frames decapsulated from IPsec.
492 if (skb->dev == dst->dev && dst->neighbour && opt->srcrt == 0 &&
493 !skb_sec_path(skb)) {
494 struct in6_addr *target = NULL;
496 struct neighbour *n = dst->neighbour;
499 * incoming and outgoing devices are the same
503 rt = (struct rt6_info *) dst;
504 if ((rt->rt6i_flags & RTF_GATEWAY))
505 target = (struct in6_addr*)&n->primary_key;
507 target = &hdr->daddr;
509 /* Limit redirects both by destination (here)
510 and by source (inside ndisc_send_redirect)
512 if (xrlim_allow(dst, 1*HZ))
513 ndisc_send_redirect(skb, n, target);
515 int addrtype = ipv6_addr_type(&hdr->saddr);
517 /* This check is security critical. */
518 if (addrtype == IPV6_ADDR_ANY ||
519 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
521 if (addrtype & IPV6_ADDR_LINKLOCAL) {
522 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
523 ICMPV6_NOT_NEIGHBOUR, 0, skb->dev);
528 if (skb->len > dst_mtu(dst)) {
529 /* Again, force OUTPUT device used as source address */
531 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, dst_mtu(dst), skb->dev);
532 IP6_INC_STATS_BH(net,
533 ip6_dst_idev(dst), IPSTATS_MIB_INTOOBIGERRORS);
534 IP6_INC_STATS_BH(net,
535 ip6_dst_idev(dst), IPSTATS_MIB_FRAGFAILS);
540 if (skb_cow(skb, dst->dev->hard_header_len)) {
541 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTDISCARDS);
547 /* Mangling hops number delayed to point after skb COW */
551 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
552 return NF_HOOK(PF_INET6, NF_INET_FORWARD, skb, skb->dev, dst->dev,
556 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS);
562 static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
564 to->pkt_type = from->pkt_type;
565 to->priority = from->priority;
566 to->protocol = from->protocol;
567 dst_release(to->dst);
568 to->dst = dst_clone(from->dst);
570 to->mark = from->mark;
572 #ifdef CONFIG_NET_SCHED
573 to->tc_index = from->tc_index;
576 #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
577 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
578 to->nf_trace = from->nf_trace;
580 skb_copy_secmark(to, from);
583 int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
585 u16 offset = sizeof(struct ipv6hdr);
586 struct ipv6_opt_hdr *exthdr =
587 (struct ipv6_opt_hdr *)(ipv6_hdr(skb) + 1);
588 unsigned int packet_len = skb->tail - skb->network_header;
590 *nexthdr = &ipv6_hdr(skb)->nexthdr;
592 while (offset + 1 <= packet_len) {
598 case NEXTHDR_ROUTING:
602 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
603 if (ipv6_find_tlv(skb, offset, IPV6_TLV_HAO) >= 0)
613 offset += ipv6_optlen(exthdr);
614 *nexthdr = &exthdr->nexthdr;
615 exthdr = (struct ipv6_opt_hdr *)(skb_network_header(skb) +
622 static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
624 struct sk_buff *frag;
625 struct rt6_info *rt = (struct rt6_info*)skb->dst;
626 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
627 struct ipv6hdr *tmp_hdr;
629 unsigned int mtu, hlen, left, len;
631 int ptr, offset = 0, err=0;
632 u8 *prevhdr, nexthdr = 0;
633 struct net *net = dev_net(skb->dst->dev);
635 hlen = ip6_find_1stfragopt(skb, &prevhdr);
638 mtu = ip6_skb_dst_mtu(skb);
640 /* We must not fragment if the socket is set to force MTU discovery
641 * or if the skb it not generated by a local socket. (This last
642 * check should be redundant, but it's free.)
644 if (!skb->local_df) {
645 skb->dev = skb->dst->dev;
646 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, skb->dev);
647 IP6_INC_STATS(net, ip6_dst_idev(skb->dst),
648 IPSTATS_MIB_FRAGFAILS);
653 if (np && np->frag_size < mtu) {
657 mtu -= hlen + sizeof(struct frag_hdr);
659 if (skb_shinfo(skb)->frag_list) {
660 int first_len = skb_pagelen(skb);
663 if (first_len - hlen > mtu ||
664 ((first_len - hlen) & 7) ||
668 for (frag = skb_shinfo(skb)->frag_list; frag; frag = frag->next) {
669 /* Correct geometry. */
670 if (frag->len > mtu ||
671 ((frag->len & 7) && frag->next) ||
672 skb_headroom(frag) < hlen)
675 /* Partially cloned skb? */
676 if (skb_shared(frag))
683 frag->destructor = sock_wfree;
684 truesizes += frag->truesize;
690 frag = skb_shinfo(skb)->frag_list;
691 skb_shinfo(skb)->frag_list = NULL;
694 *prevhdr = NEXTHDR_FRAGMENT;
695 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
697 IP6_INC_STATS(net, ip6_dst_idev(skb->dst),
698 IPSTATS_MIB_FRAGFAILS);
702 __skb_pull(skb, hlen);
703 fh = (struct frag_hdr*)__skb_push(skb, sizeof(struct frag_hdr));
704 __skb_push(skb, hlen);
705 skb_reset_network_header(skb);
706 memcpy(skb_network_header(skb), tmp_hdr, hlen);
708 ipv6_select_ident(skb, fh);
709 fh->nexthdr = nexthdr;
711 fh->frag_off = htons(IP6_MF);
712 frag_id = fh->identification;
714 first_len = skb_pagelen(skb);
715 skb->data_len = first_len - skb_headlen(skb);
716 skb->truesize -= truesizes;
717 skb->len = first_len;
718 ipv6_hdr(skb)->payload_len = htons(first_len -
719 sizeof(struct ipv6hdr));
721 dst_hold(&rt->u.dst);
724 /* Prepare header of the next frame,
725 * before previous one went down. */
727 frag->ip_summed = CHECKSUM_NONE;
728 skb_reset_transport_header(frag);
729 fh = (struct frag_hdr*)__skb_push(frag, sizeof(struct frag_hdr));
730 __skb_push(frag, hlen);
731 skb_reset_network_header(frag);
732 memcpy(skb_network_header(frag), tmp_hdr,
734 offset += skb->len - hlen - sizeof(struct frag_hdr);
735 fh->nexthdr = nexthdr;
737 fh->frag_off = htons(offset);
738 if (frag->next != NULL)
739 fh->frag_off |= htons(IP6_MF);
740 fh->identification = frag_id;
741 ipv6_hdr(frag)->payload_len =
743 sizeof(struct ipv6hdr));
744 ip6_copy_metadata(frag, skb);
749 IP6_INC_STATS(net, ip6_dst_idev(&rt->u.dst),
750 IPSTATS_MIB_FRAGCREATES);
763 IP6_INC_STATS(net, ip6_dst_idev(&rt->u.dst),
764 IPSTATS_MIB_FRAGOKS);
765 dst_release(&rt->u.dst);
775 IP6_INC_STATS(net, ip6_dst_idev(&rt->u.dst),
776 IPSTATS_MIB_FRAGFAILS);
777 dst_release(&rt->u.dst);
782 left = skb->len - hlen; /* Space per frame */
783 ptr = hlen; /* Where to start from */
786 * Fragment the datagram.
789 *prevhdr = NEXTHDR_FRAGMENT;
792 * Keep copying data until we run out.
796 /* IF: it doesn't fit, use 'mtu' - the data space left */
799 /* IF: we are not sending upto and including the packet end
800 then align the next start on an eight byte boundary */
808 if ((frag = alloc_skb(len+hlen+sizeof(struct frag_hdr)+LL_ALLOCATED_SPACE(rt->u.dst.dev), GFP_ATOMIC)) == NULL) {
809 NETDEBUG(KERN_INFO "IPv6: frag: no memory for new fragment!\n");
810 IP6_INC_STATS(net, ip6_dst_idev(skb->dst),
811 IPSTATS_MIB_FRAGFAILS);
817 * Set up data on packet
820 ip6_copy_metadata(frag, skb);
821 skb_reserve(frag, LL_RESERVED_SPACE(rt->u.dst.dev));
822 skb_put(frag, len + hlen + sizeof(struct frag_hdr));
823 skb_reset_network_header(frag);
824 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen);
825 frag->transport_header = (frag->network_header + hlen +
826 sizeof(struct frag_hdr));
829 * Charge the memory for the fragment to any owner
833 skb_set_owner_w(frag, skb->sk);
836 * Copy the packet header into the new buffer.
838 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen);
841 * Build fragment header.
843 fh->nexthdr = nexthdr;
846 ipv6_select_ident(skb, fh);
847 frag_id = fh->identification;
849 fh->identification = frag_id;
852 * Copy a block of the IP datagram.
854 if (skb_copy_bits(skb, ptr, skb_transport_header(frag), len))
858 fh->frag_off = htons(offset);
860 fh->frag_off |= htons(IP6_MF);
861 ipv6_hdr(frag)->payload_len = htons(frag->len -
862 sizeof(struct ipv6hdr));
868 * Put this fragment into the sending queue.
874 IP6_INC_STATS(net, ip6_dst_idev(skb->dst),
875 IPSTATS_MIB_FRAGCREATES);
877 IP6_INC_STATS(net, ip6_dst_idev(skb->dst),
878 IPSTATS_MIB_FRAGOKS);
883 IP6_INC_STATS(net, ip6_dst_idev(skb->dst),
884 IPSTATS_MIB_FRAGFAILS);
889 static inline int ip6_rt_check(struct rt6key *rt_key,
890 struct in6_addr *fl_addr,
891 struct in6_addr *addr_cache)
893 return ((rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) &&
894 (addr_cache == NULL || !ipv6_addr_equal(fl_addr, addr_cache)));
897 static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
898 struct dst_entry *dst,
901 struct ipv6_pinfo *np = inet6_sk(sk);
902 struct rt6_info *rt = (struct rt6_info *)dst;
907 /* Yes, checking route validity in not connected
908 * case is not very simple. Take into account,
909 * that we do not support routing by source, TOS,
910 * and MSG_DONTROUTE --ANK (980726)
912 * 1. ip6_rt_check(): If route was host route,
913 * check that cached destination is current.
914 * If it is network route, we still may
915 * check its validity using saved pointer
916 * to the last used address: daddr_cache.
917 * We do not want to save whole address now,
918 * (because main consumer of this service
919 * is tcp, which has not this problem),
920 * so that the last trick works only on connected
922 * 2. oif also should be the same.
924 if (ip6_rt_check(&rt->rt6i_dst, &fl->fl6_dst, np->daddr_cache) ||
925 #ifdef CONFIG_IPV6_SUBTREES
926 ip6_rt_check(&rt->rt6i_src, &fl->fl6_src, np->saddr_cache) ||
928 (fl->oif && fl->oif != dst->dev->ifindex)) {
937 static int ip6_dst_lookup_tail(struct sock *sk,
938 struct dst_entry **dst, struct flowi *fl)
941 struct net *net = sock_net(sk);
944 *dst = ip6_route_output(net, sk, fl);
946 if ((err = (*dst)->error))
947 goto out_err_release;
949 if (ipv6_addr_any(&fl->fl6_src)) {
950 err = ipv6_dev_get_saddr(net, ip6_dst_idev(*dst)->dev,
952 sk ? inet6_sk(sk)->srcprefs : 0,
955 goto out_err_release;
958 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
960 * Here if the dst entry we've looked up
961 * has a neighbour entry that is in the INCOMPLETE
962 * state and the src address from the flow is
963 * marked as OPTIMISTIC, we release the found
964 * dst entry and replace it instead with the
965 * dst entry of the nexthop router
967 if ((*dst)->neighbour && !((*dst)->neighbour->nud_state & NUD_VALID)) {
968 struct inet6_ifaddr *ifp;
972 ifp = ipv6_get_ifaddr(net, &fl->fl6_src,
975 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
981 * We need to get the dst entry for the
982 * default router instead
985 memcpy(&fl_gw, fl, sizeof(struct flowi));
986 memset(&fl_gw.fl6_dst, 0, sizeof(struct in6_addr));
987 *dst = ip6_route_output(net, sk, &fl_gw);
988 if ((err = (*dst)->error))
989 goto out_err_release;
997 if (err == -ENETUNREACH)
998 IP6_INC_STATS_BH(net, NULL, IPSTATS_MIB_OUTNOROUTES);
1005 * ip6_dst_lookup - perform route lookup on flow
1006 * @sk: socket which provides route info
1007 * @dst: pointer to dst_entry * for result
1008 * @fl: flow to lookup
1010 * This function performs a route lookup on the given flow.
1012 * It returns zero on success, or a standard errno code on error.
1014 int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl)
1017 return ip6_dst_lookup_tail(sk, dst, fl);
1019 EXPORT_SYMBOL_GPL(ip6_dst_lookup);
1022 * ip6_sk_dst_lookup - perform socket cached route lookup on flow
1023 * @sk: socket which provides the dst cache and route info
1024 * @dst: pointer to dst_entry * for result
1025 * @fl: flow to lookup
1027 * This function performs a route lookup on the given flow with the
1028 * possibility of using the cached route in the socket if it is valid.
1029 * It will take the socket dst lock when operating on the dst cache.
1030 * As a result, this function can only be used in process context.
1032 * It returns zero on success, or a standard errno code on error.
1034 int ip6_sk_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl)
1038 *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
1039 *dst = ip6_sk_dst_check(sk, *dst, fl);
1042 return ip6_dst_lookup_tail(sk, dst, fl);
1044 EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup);
1046 static inline int ip6_ufo_append_data(struct sock *sk,
1047 int getfrag(void *from, char *to, int offset, int len,
1048 int odd, struct sk_buff *skb),
1049 void *from, int length, int hh_len, int fragheaderlen,
1050 int transhdrlen, int mtu,unsigned int flags)
1053 struct sk_buff *skb;
1056 /* There is support for UDP large send offload by network
1057 * device, so create one single skb packet containing complete
1060 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) {
1061 skb = sock_alloc_send_skb(sk,
1062 hh_len + fragheaderlen + transhdrlen + 20,
1063 (flags & MSG_DONTWAIT), &err);
1067 /* reserve space for Hardware header */
1068 skb_reserve(skb, hh_len);
1070 /* create space for UDP/IP header */
1071 skb_put(skb,fragheaderlen + transhdrlen);
1073 /* initialize network header pointer */
1074 skb_reset_network_header(skb);
1076 /* initialize protocol header pointer */
1077 skb->transport_header = skb->network_header + fragheaderlen;
1079 skb->ip_summed = CHECKSUM_PARTIAL;
1081 sk->sk_sndmsg_off = 0;
1084 err = skb_append_datato_frags(sk,skb, getfrag, from,
1085 (length - transhdrlen));
1087 struct frag_hdr fhdr;
1089 /* specify the length of each IP datagram fragment*/
1090 skb_shinfo(skb)->gso_size = mtu - fragheaderlen -
1091 sizeof(struct frag_hdr);
1092 skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
1093 ipv6_select_ident(skb, &fhdr);
1094 skb_shinfo(skb)->ip6_frag_id = fhdr.identification;
1095 __skb_queue_tail(&sk->sk_write_queue, skb);
1099 /* There is not enough support do UPD LSO,
1100 * so follow normal path
1107 int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
1108 int offset, int len, int odd, struct sk_buff *skb),
1109 void *from, int length, int transhdrlen,
1110 int hlimit, int tclass, struct ipv6_txoptions *opt, struct flowi *fl,
1111 struct rt6_info *rt, unsigned int flags)
1113 struct inet_sock *inet = inet_sk(sk);
1114 struct ipv6_pinfo *np = inet6_sk(sk);
1115 struct sk_buff *skb;
1116 unsigned int maxfraglen, fragheaderlen;
1123 int csummode = CHECKSUM_NONE;
1125 if (flags&MSG_PROBE)
1127 if (skb_queue_empty(&sk->sk_write_queue)) {
1132 if (np->cork.opt == NULL) {
1133 np->cork.opt = kmalloc(opt->tot_len,
1135 if (unlikely(np->cork.opt == NULL))
1137 } else if (np->cork.opt->tot_len < opt->tot_len) {
1138 printk(KERN_DEBUG "ip6_append_data: invalid option length\n");
1141 memcpy(np->cork.opt, opt, opt->tot_len);
1142 inet->cork.flags |= IPCORK_OPT;
1143 /* need source address above miyazawa*/
1145 dst_hold(&rt->u.dst);
1146 inet->cork.dst = &rt->u.dst;
1147 inet->cork.fl = *fl;
1148 np->cork.hop_limit = hlimit;
1149 np->cork.tclass = tclass;
1150 mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ?
1151 rt->u.dst.dev->mtu : dst_mtu(rt->u.dst.path);
1152 if (np->frag_size < mtu) {
1154 mtu = np->frag_size;
1156 inet->cork.fragsize = mtu;
1157 if (dst_allfrag(rt->u.dst.path))
1158 inet->cork.flags |= IPCORK_ALLFRAG;
1159 inet->cork.length = 0;
1160 sk->sk_sndmsg_page = NULL;
1161 sk->sk_sndmsg_off = 0;
1162 exthdrlen = rt->u.dst.header_len + (opt ? opt->opt_flen : 0) -
1163 rt->rt6i_nfheader_len;
1164 length += exthdrlen;
1165 transhdrlen += exthdrlen;
1167 rt = (struct rt6_info *)inet->cork.dst;
1168 fl = &inet->cork.fl;
1169 if (inet->cork.flags & IPCORK_OPT)
1173 mtu = inet->cork.fragsize;
1176 hh_len = LL_RESERVED_SPACE(rt->u.dst.dev);
1178 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len +
1179 (opt ? opt->opt_nflen : 0);
1180 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr);
1182 if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) {
1183 if (inet->cork.length + length > sizeof(struct ipv6hdr) + IPV6_MAXPLEN - fragheaderlen) {
1184 ipv6_local_error(sk, EMSGSIZE, fl, mtu-exthdrlen);
1190 * Let's try using as much space as possible.
1191 * Use MTU if total length of the message fits into the MTU.
1192 * Otherwise, we need to reserve fragment header and
1193 * fragment alignment (= 8-15 octects, in total).
1195 * Note that we may need to "move" the data from the tail of
1196 * of the buffer to the new fragment when we split
1199 * FIXME: It may be fragmented into multiple chunks
1200 * at once if non-fragmentable extension headers
1205 inet->cork.length += length;
1206 if (((length > mtu) && (sk->sk_protocol == IPPROTO_UDP)) &&
1207 (rt->u.dst.dev->features & NETIF_F_UFO)) {
1209 err = ip6_ufo_append_data(sk, getfrag, from, length, hh_len,
1210 fragheaderlen, transhdrlen, mtu,
1217 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL)
1220 while (length > 0) {
1221 /* Check if the remaining data fits into current packet. */
1222 copy = (inet->cork.length <= mtu && !(inet->cork.flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len;
1224 copy = maxfraglen - skb->len;
1228 unsigned int datalen;
1229 unsigned int fraglen;
1230 unsigned int fraggap;
1231 unsigned int alloclen;
1232 struct sk_buff *skb_prev;
1236 /* There's no room in the current skb */
1238 fraggap = skb_prev->len - maxfraglen;
1243 * If remaining data exceeds the mtu,
1244 * we know we need more fragment(s).
1246 datalen = length + fraggap;
1247 if (datalen > (inet->cork.length <= mtu && !(inet->cork.flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)
1248 datalen = maxfraglen - fragheaderlen;
1250 fraglen = datalen + fragheaderlen;
1251 if ((flags & MSG_MORE) &&
1252 !(rt->u.dst.dev->features&NETIF_F_SG))
1255 alloclen = datalen + fragheaderlen;
1258 * The last fragment gets additional space at tail.
1259 * Note: we overallocate on fragments with MSG_MODE
1260 * because we have no idea if we're the last one.
1262 if (datalen == length + fraggap)
1263 alloclen += rt->u.dst.trailer_len;
1266 * We just reserve space for fragment header.
1267 * Note: this may be overallocation if the message
1268 * (without MSG_MORE) fits into the MTU.
1270 alloclen += sizeof(struct frag_hdr);
1273 skb = sock_alloc_send_skb(sk,
1275 (flags & MSG_DONTWAIT), &err);
1278 if (atomic_read(&sk->sk_wmem_alloc) <=
1280 skb = sock_wmalloc(sk,
1281 alloclen + hh_len, 1,
1283 if (unlikely(skb == NULL))
1289 * Fill in the control structures
1291 skb->ip_summed = csummode;
1293 /* reserve for fragmentation */
1294 skb_reserve(skb, hh_len+sizeof(struct frag_hdr));
1297 * Find where to start putting bytes
1299 data = skb_put(skb, fraglen);
1300 skb_set_network_header(skb, exthdrlen);
1301 data += fragheaderlen;
1302 skb->transport_header = (skb->network_header +
1305 skb->csum = skb_copy_and_csum_bits(
1306 skb_prev, maxfraglen,
1307 data + transhdrlen, fraggap, 0);
1308 skb_prev->csum = csum_sub(skb_prev->csum,
1311 pskb_trim_unique(skb_prev, maxfraglen);
1313 copy = datalen - transhdrlen - fraggap;
1318 } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) {
1325 length -= datalen - fraggap;
1328 csummode = CHECKSUM_NONE;
1331 * Put the packet on the pending queue
1333 __skb_queue_tail(&sk->sk_write_queue, skb);
1340 if (!(rt->u.dst.dev->features&NETIF_F_SG)) {
1344 if (getfrag(from, skb_put(skb, copy),
1345 offset, copy, off, skb) < 0) {
1346 __skb_trim(skb, off);
1351 int i = skb_shinfo(skb)->nr_frags;
1352 skb_frag_t *frag = &skb_shinfo(skb)->frags[i-1];
1353 struct page *page = sk->sk_sndmsg_page;
1354 int off = sk->sk_sndmsg_off;
1357 if (page && (left = PAGE_SIZE - off) > 0) {
1360 if (page != frag->page) {
1361 if (i == MAX_SKB_FRAGS) {
1366 skb_fill_page_desc(skb, i, page, sk->sk_sndmsg_off, 0);
1367 frag = &skb_shinfo(skb)->frags[i];
1369 } else if(i < MAX_SKB_FRAGS) {
1370 if (copy > PAGE_SIZE)
1372 page = alloc_pages(sk->sk_allocation, 0);
1377 sk->sk_sndmsg_page = page;
1378 sk->sk_sndmsg_off = 0;
1380 skb_fill_page_desc(skb, i, page, 0, 0);
1381 frag = &skb_shinfo(skb)->frags[i];
1386 if (getfrag(from, page_address(frag->page)+frag->page_offset+frag->size, offset, copy, skb->len, skb) < 0) {
1390 sk->sk_sndmsg_off += copy;
1393 skb->data_len += copy;
1394 skb->truesize += copy;
1395 atomic_add(copy, &sk->sk_wmem_alloc);
1402 inet->cork.length -= length;
1403 IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1407 static void ip6_cork_release(struct inet_sock *inet, struct ipv6_pinfo *np)
1409 inet->cork.flags &= ~IPCORK_OPT;
1410 kfree(np->cork.opt);
1411 np->cork.opt = NULL;
1412 if (inet->cork.dst) {
1413 dst_release(inet->cork.dst);
1414 inet->cork.dst = NULL;
1415 inet->cork.flags &= ~IPCORK_ALLFRAG;
1417 memset(&inet->cork.fl, 0, sizeof(inet->cork.fl));
1420 int ip6_push_pending_frames(struct sock *sk)
1422 struct sk_buff *skb, *tmp_skb;
1423 struct sk_buff **tail_skb;
1424 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf;
1425 struct inet_sock *inet = inet_sk(sk);
1426 struct ipv6_pinfo *np = inet6_sk(sk);
1427 struct net *net = sock_net(sk);
1428 struct ipv6hdr *hdr;
1429 struct ipv6_txoptions *opt = np->cork.opt;
1430 struct rt6_info *rt = (struct rt6_info *)inet->cork.dst;
1431 struct flowi *fl = &inet->cork.fl;
1432 unsigned char proto = fl->proto;
1435 if ((skb = __skb_dequeue(&sk->sk_write_queue)) == NULL)
1437 tail_skb = &(skb_shinfo(skb)->frag_list);
1439 /* move skb->data to ip header from ext header */
1440 if (skb->data < skb_network_header(skb))
1441 __skb_pull(skb, skb_network_offset(skb));
1442 while ((tmp_skb = __skb_dequeue(&sk->sk_write_queue)) != NULL) {
1443 __skb_pull(tmp_skb, skb_network_header_len(skb));
1444 *tail_skb = tmp_skb;
1445 tail_skb = &(tmp_skb->next);
1446 skb->len += tmp_skb->len;
1447 skb->data_len += tmp_skb->len;
1448 skb->truesize += tmp_skb->truesize;
1449 __sock_put(tmp_skb->sk);
1450 tmp_skb->destructor = NULL;
1454 /* Allow local fragmentation. */
1455 if (np->pmtudisc < IPV6_PMTUDISC_DO)
1458 ipv6_addr_copy(final_dst, &fl->fl6_dst);
1459 __skb_pull(skb, skb_network_header_len(skb));
1460 if (opt && opt->opt_flen)
1461 ipv6_push_frag_opts(skb, opt, &proto);
1462 if (opt && opt->opt_nflen)
1463 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst);
1465 skb_push(skb, sizeof(struct ipv6hdr));
1466 skb_reset_network_header(skb);
1467 hdr = ipv6_hdr(skb);
1469 *(__be32*)hdr = fl->fl6_flowlabel |
1470 htonl(0x60000000 | ((int)np->cork.tclass << 20));
1472 hdr->hop_limit = np->cork.hop_limit;
1473 hdr->nexthdr = proto;
1474 ipv6_addr_copy(&hdr->saddr, &fl->fl6_src);
1475 ipv6_addr_copy(&hdr->daddr, final_dst);
1477 skb->priority = sk->sk_priority;
1478 skb->mark = sk->sk_mark;
1480 skb->dst = dst_clone(&rt->u.dst);
1481 IP6_INC_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUTREQUESTS);
1482 if (proto == IPPROTO_ICMPV6) {
1483 struct inet6_dev *idev = ip6_dst_idev(skb->dst);
1485 ICMP6MSGOUT_INC_STATS_BH(net, idev, icmp6_hdr(skb)->icmp6_type);
1486 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTMSGS);
1489 err = ip6_local_out(skb);
1492 err = np->recverr ? net_xmit_errno(err) : 0;
1498 ip6_cork_release(inet, np);
1504 void ip6_flush_pending_frames(struct sock *sk)
1506 struct sk_buff *skb;
1508 while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) {
1510 IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb->dst),
1511 IPSTATS_MIB_OUTDISCARDS);
1515 ip6_cork_release(inet_sk(sk), inet6_sk(sk));
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob