search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Input: appletouch - fix integer overflow issue
[linux-2.6-xlnx.git] / net / ipv6 / ip6_output.c
blobdabf108ad81131138a5923268231809ebdb51494
1 /*
2 * IPv6 output functions
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * Based on linux/net/ipv4/ip_output.c
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
14 *
15 * Changes:
16 * A.N.Kuznetsov : airthmetics in fragmentation.
17 * extension headers are implemented.
18 * route changes now work.
19 * ip6_forward does not confuse sniffers.
20 * etc.
21 *
22 * H. von Brand : Added missing #include <linux/string.h>
23 * Imran Patel : frag id should be in NBO
24 * Kazunori MIYAZAWA @USAGI
25 * : add ip6_append_data and related functions
26 * for datagram xmit
27 */
28
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/string.h>
32 #include <linux/socket.h>
33 #include <linux/net.h>
34 #include <linux/netdevice.h>
35 #include <linux/if_arp.h>
36 #include <linux/in6.h>
37 #include <linux/tcp.h>
38 #include <linux/route.h>
39 #include <linux/module.h>
40
41 #include <linux/netfilter.h>
42 #include <linux/netfilter_ipv6.h>
43
44 #include <net/sock.h>
45 #include <net/snmp.h>
46
47 #include <net/ipv6.h>
48 #include <net/ndisc.h>
49 #include <net/protocol.h>
50 #include <net/ip6_route.h>
51 #include <net/addrconf.h>
52 #include <net/rawv6.h>
53 #include <net/icmp.h>
54 #include <net/xfrm.h>
55 #include <net/checksum.h>
56 #include <linux/mroute6.h>
57
58 static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *));
59
60 int __ip6_local_out(struct sk_buff *skb)
61 {
62 int len;
63
64 len = skb->len - sizeof(struct ipv6hdr);
65 if (len > IPV6_MAXPLEN)
66 len = 0;
67 ipv6_hdr(skb)->payload_len = htons(len);
68
69 return nf_hook(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, skb_dst(skb)->dev,
70 dst_output);
71 }
72
73 int ip6_local_out(struct sk_buff *skb)
74 {
75 int err;
76
77 err = __ip6_local_out(skb);
78 if (likely(err == 1))
79 err = dst_output(skb);
80
81 return err;
82 }
83 EXPORT_SYMBOL_GPL(ip6_local_out);
84
85 static int ip6_output_finish(struct sk_buff *skb)
86 {
87 struct dst_entry *dst = skb_dst(skb);
88
89 if (dst->hh)
90 return neigh_hh_output(dst->hh, skb);
91 else if (dst->neighbour)
92 return dst->neighbour->output(skb);
93
94 IP6_INC_STATS_BH(dev_net(dst->dev),
95 ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
96 kfree_skb(skb);
97 return -EINVAL;
98
99 }
100
101 /* dev_loopback_xmit for use with netfilter. */
102 static int ip6_dev_loopback_xmit(struct sk_buff *newskb)
103 {
104 skb_reset_mac_header(newskb);
105 __skb_pull(newskb, skb_network_offset(newskb));
106 newskb->pkt_type = PACKET_LOOPBACK;
107 newskb->ip_summed = CHECKSUM_UNNECESSARY;
108 WARN_ON(!skb_dst(newskb));
109
110 netif_rx(newskb);
111 return 0;
112 }
113
114
115 static int ip6_output2(struct sk_buff *skb)
116 {
117 struct dst_entry *dst = skb_dst(skb);
118 struct net_device *dev = dst->dev;
119
120 skb->protocol = htons(ETH_P_IPV6);
121 skb->dev = dev;
122
123 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
124 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
125
126 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(skb->sk) &&
127 ((mroute6_socket(dev_net(dev)) &&
128 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
129 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
130 &ipv6_hdr(skb)->saddr))) {
131 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
132
133 /* Do not check for IFF_ALLMULTI; multicast routing
134 is not supported in any case.
135 */
136 if (newskb)
137 NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, newskb,
138 NULL, newskb->dev,
139 ip6_dev_loopback_xmit);
140
141 if (ipv6_hdr(skb)->hop_limit == 0) {
142 IP6_INC_STATS(dev_net(dev), idev,
143 IPSTATS_MIB_OUTDISCARDS);
144 kfree_skb(skb);
145 return 0;
146 }
147 }
148
149 IP6_UPD_PO_STATS(dev_net(dev), idev, IPSTATS_MIB_OUTMCAST,
150 skb->len);
151 }
152
153 return NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, skb, NULL, skb->dev,
154 ip6_output_finish);
155 }
156
157 static inline int ip6_skb_dst_mtu(struct sk_buff *skb)
158 {
159 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
160
161 return (np && np->pmtudisc == IPV6_PMTUDISC_PROBE) ?
162 skb_dst(skb)->dev->mtu : dst_mtu(skb_dst(skb));
163 }
164
165 int ip6_output(struct sk_buff *skb)
166 {
167 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
168 if (unlikely(idev->cnf.disable_ipv6)) {
169 IP6_INC_STATS(dev_net(skb_dst(skb)->dev), idev,
170 IPSTATS_MIB_OUTDISCARDS);
171 kfree_skb(skb);
172 return 0;
173 }
174
175 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
176 dst_allfrag(skb_dst(skb)))
177 return ip6_fragment(skb, ip6_output2);
178 else
179 return ip6_output2(skb);
180 }
181
182 /*
183 * xmit an sk_buff (used by TCP)
184 */
185
186 int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl,
187 struct ipv6_txoptions *opt, int ipfragok)
188 {
189 struct net *net = sock_net(sk);
190 struct ipv6_pinfo *np = inet6_sk(sk);
191 struct in6_addr *first_hop = &fl->fl6_dst;
192 struct dst_entry *dst = skb_dst(skb);
193 struct ipv6hdr *hdr;
194 u8 proto = fl->proto;
195 int seg_len = skb->len;
196 int hlimit = -1;
197 int tclass = 0;
198 u32 mtu;
199
200 if (opt) {
201 unsigned int head_room;
202
203 /* First: exthdrs may take lots of space (~8K for now)
204 MAX_HEADER is not enough.
205 */
206 head_room = opt->opt_nflen + opt->opt_flen;
207 seg_len += head_room;
208 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev);
209
210 if (skb_headroom(skb) < head_room) {
211 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room);
212 if (skb2 == NULL) {
213 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
214 IPSTATS_MIB_OUTDISCARDS);
215 kfree_skb(skb);
216 return -ENOBUFS;
217 }
218 kfree_skb(skb);
219 skb = skb2;
220 if (sk)
221 skb_set_owner_w(skb, sk);
222 }
223 if (opt->opt_flen)
224 ipv6_push_frag_opts(skb, opt, &proto);
225 if (opt->opt_nflen)
226 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop);
227 }
228
229 skb_push(skb, sizeof(struct ipv6hdr));
230 skb_reset_network_header(skb);
231 hdr = ipv6_hdr(skb);
232
233 /* Allow local fragmentation. */
234 if (ipfragok)
235 skb->local_df = 1;
236
237 /*
238 * Fill in the IPv6 header
239 */
240 if (np) {
241 tclass = np->tclass;
242 hlimit = np->hop_limit;
243 }
244 if (hlimit < 0)
245 hlimit = ip6_dst_hoplimit(dst);
246
247 *(__be32 *)hdr = htonl(0x60000000 | (tclass << 20)) | fl->fl6_flowlabel;
248
249 hdr->payload_len = htons(seg_len);
250 hdr->nexthdr = proto;
251 hdr->hop_limit = hlimit;
252
253 ipv6_addr_copy(&hdr->saddr, &fl->fl6_src);
254 ipv6_addr_copy(&hdr->daddr, first_hop);
255
256 skb->priority = sk->sk_priority;
257 skb->mark = sk->sk_mark;
258
259 mtu = dst_mtu(dst);
260 if ((skb->len <= mtu) || skb->local_df || skb_is_gso(skb)) {
261 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)),
262 IPSTATS_MIB_OUT, skb->len);
263 return NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
264 dst_output);
265 }
266
267 if (net_ratelimit())
268 printk(KERN_DEBUG "IPv6: sending pkt_too_big to self\n");
269 skb->dev = dst->dev;
270 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
271 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS);
272 kfree_skb(skb);
273 return -EMSGSIZE;
274 }
275
276 EXPORT_SYMBOL(ip6_xmit);
277
278 /*
279 * To avoid extra problems ND packets are send through this
280 * routine. It's code duplication but I really want to avoid
281 * extra checks since ipv6_build_header is used by TCP (which
282 * is for us performance critical)
283 */
284
285 int ip6_nd_hdr(struct sock *sk, struct sk_buff *skb, struct net_device *dev,
286 const struct in6_addr *saddr, const struct in6_addr *daddr,
287 int proto, int len)
288 {
289 struct ipv6_pinfo *np = inet6_sk(sk);
290 struct ipv6hdr *hdr;
291 int totlen;
292
293 skb->protocol = htons(ETH_P_IPV6);
294 skb->dev = dev;
295
296 totlen = len + sizeof(struct ipv6hdr);
297
298 skb_reset_network_header(skb);
299 skb_put(skb, sizeof(struct ipv6hdr));
300 hdr = ipv6_hdr(skb);
301
302 *(__be32*)hdr = htonl(0x60000000);
303
304 hdr->payload_len = htons(len);
305 hdr->nexthdr = proto;
306 hdr->hop_limit = np->hop_limit;
307
308 ipv6_addr_copy(&hdr->saddr, saddr);
309 ipv6_addr_copy(&hdr->daddr, daddr);
310
311 return 0;
312 }
313
314 static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
315 {
316 struct ip6_ra_chain *ra;
317 struct sock *last = NULL;
318
319 read_lock(&ip6_ra_lock);
320 for (ra = ip6_ra_chain; ra; ra = ra->next) {
321 struct sock *sk = ra->sk;
322 if (sk && ra->sel == sel &&
323 (!sk->sk_bound_dev_if ||
324 sk->sk_bound_dev_if == skb->dev->ifindex)) {
325 if (last) {
326 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
327 if (skb2)
328 rawv6_rcv(last, skb2);
329 }
330 last = sk;
331 }
332 }
333
334 if (last) {
335 rawv6_rcv(last, skb);
336 read_unlock(&ip6_ra_lock);
337 return 1;
338 }
339 read_unlock(&ip6_ra_lock);
340 return 0;
341 }
342
343 static int ip6_forward_proxy_check(struct sk_buff *skb)
344 {
345 struct ipv6hdr *hdr = ipv6_hdr(skb);
346 u8 nexthdr = hdr->nexthdr;
347 int offset;
348
349 if (ipv6_ext_hdr(nexthdr)) {
350 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr);
351 if (offset < 0)
352 return 0;
353 } else
354 offset = sizeof(struct ipv6hdr);
355
356 if (nexthdr == IPPROTO_ICMPV6) {
357 struct icmp6hdr *icmp6;
358
359 if (!pskb_may_pull(skb, (skb_network_header(skb) +
360 offset + 1 - skb->data)))
361 return 0;
362
363 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset);
364
365 switch (icmp6->icmp6_type) {
366 case NDISC_ROUTER_SOLICITATION:
367 case NDISC_ROUTER_ADVERTISEMENT:
368 case NDISC_NEIGHBOUR_SOLICITATION:
369 case NDISC_NEIGHBOUR_ADVERTISEMENT:
370 case NDISC_REDIRECT:
371 /* For reaction involving unicast neighbor discovery
372 * message destined to the proxied address, pass it to
373 * input function.
374 */
375 return 1;
376 default:
377 break;
378 }
379 }
380
381 /*
382 * The proxying router can't forward traffic sent to a link-local
383 * address, so signal the sender and discard the packet. This
384 * behavior is clarified by the MIPv6 specification.
385 */
386 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) {
387 dst_link_failure(skb);
388 return -1;
389 }
390
391 return 0;
392 }
393
394 static inline int ip6_forward_finish(struct sk_buff *skb)
395 {
396 return dst_output(skb);
397 }
398
399 int ip6_forward(struct sk_buff *skb)
400 {
401 struct dst_entry *dst = skb_dst(skb);
402 struct ipv6hdr *hdr = ipv6_hdr(skb);
403 struct inet6_skb_parm *opt = IP6CB(skb);
404 struct net *net = dev_net(dst->dev);
405 u32 mtu;
406
407 if (net->ipv6.devconf_all->forwarding == 0)
408 goto error;
409
410 if (skb_warn_if_lro(skb))
411 goto drop;
412
413 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
414 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
415 goto drop;
416 }
417
418 skb_forward_csum(skb);
419
420 /*
421 * We DO NOT make any processing on
422 * RA packets, pushing them to user level AS IS
423 * without ane WARRANTY that application will be able
424 * to interpret them. The reason is that we
425 * cannot make anything clever here.
426 *
427 * We are not end-node, so that if packet contains
428 * AH/ESP, we cannot make anything.
429 * Defragmentation also would be mistake, RA packets
430 * cannot be fragmented, because there is no warranty
431 * that different fragments will go along one path. --ANK
432 */
433 if (opt->ra) {
434 u8 *ptr = skb_network_header(skb) + opt->ra;
435 if (ip6_call_ra_chain(skb, (ptr[2]<<8) + ptr[3]))
436 return 0;
437 }
438
439 /*
440 * check and decrement ttl
441 */
442 if (hdr->hop_limit <= 1) {
443 /* Force OUTPUT device used as source address */
444 skb->dev = dst->dev;
445 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0);
446 IP6_INC_STATS_BH(net,
447 ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS);
448
449 kfree_skb(skb);
450 return -ETIMEDOUT;
451 }
452
453 /* XXX: idev->cnf.proxy_ndp? */
454 if (net->ipv6.devconf_all->proxy_ndp &&
455 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
456 int proxied = ip6_forward_proxy_check(skb);
457 if (proxied > 0)
458 return ip6_input(skb);
459 else if (proxied < 0) {
460 IP6_INC_STATS(net, ip6_dst_idev(dst),
461 IPSTATS_MIB_INDISCARDS);
462 goto drop;
463 }
464 }
465
466 if (!xfrm6_route_forward(skb)) {
467 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
468 goto drop;
469 }
470 dst = skb_dst(skb);
471
472 /* IPv6 specs say nothing about it, but it is clear that we cannot
473 send redirects to source routed frames.
474 We don't send redirects to frames decapsulated from IPsec.
475 */
476 if (skb->dev == dst->dev && dst->neighbour && opt->srcrt == 0 &&
477 !skb_sec_path(skb)) {
478 struct in6_addr *target = NULL;
479 struct rt6_info *rt;
480 struct neighbour *n = dst->neighbour;
481
482 /*
483 * incoming and outgoing devices are the same
484 * send a redirect.
485 */
486
487 rt = (struct rt6_info *) dst;
488 if ((rt->rt6i_flags & RTF_GATEWAY))
489 target = (struct in6_addr*)&n->primary_key;
490 else
491 target = &hdr->daddr;
492
493 /* Limit redirects both by destination (here)
494 and by source (inside ndisc_send_redirect)
495 */
496 if (xrlim_allow(dst, 1*HZ))
497 ndisc_send_redirect(skb, n, target);
498 } else {
499 int addrtype = ipv6_addr_type(&hdr->saddr);
500
501 /* This check is security critical. */
502 if (addrtype == IPV6_ADDR_ANY ||
503 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
504 goto error;
505 if (addrtype & IPV6_ADDR_LINKLOCAL) {
506 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
507 ICMPV6_NOT_NEIGHBOUR, 0);
508 goto error;
509 }
510 }
511
512 mtu = dst_mtu(dst);
513 if (mtu < IPV6_MIN_MTU)
514 mtu = IPV6_MIN_MTU;
515
516 if (skb->len > mtu) {
517 /* Again, force OUTPUT device used as source address */
518 skb->dev = dst->dev;
519 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
520 IP6_INC_STATS_BH(net,
521 ip6_dst_idev(dst), IPSTATS_MIB_INTOOBIGERRORS);
522 IP6_INC_STATS_BH(net,
523 ip6_dst_idev(dst), IPSTATS_MIB_FRAGFAILS);
524 kfree_skb(skb);
525 return -EMSGSIZE;
526 }
527
528 if (skb_cow(skb, dst->dev->hard_header_len)) {
529 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTDISCARDS);
530 goto drop;
531 }
532
533 hdr = ipv6_hdr(skb);
534
535 /* Mangling hops number delayed to point after skb COW */
536
537 hdr->hop_limit--;
538
539 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
540 return NF_HOOK(PF_INET6, NF_INET_FORWARD, skb, skb->dev, dst->dev,
541 ip6_forward_finish);
542
543 error:
544 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS);
545 drop:
546 kfree_skb(skb);
547 return -EINVAL;
548 }
549
550 static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
551 {
552 to->pkt_type = from->pkt_type;
553 to->priority = from->priority;
554 to->protocol = from->protocol;
555 skb_dst_drop(to);
556 skb_dst_set(to, dst_clone(skb_dst(from)));
557 to->dev = from->dev;
558 to->mark = from->mark;
559
560 #ifdef CONFIG_NET_SCHED
561 to->tc_index = from->tc_index;
562 #endif
563 nf_copy(to, from);
564 #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
565 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
566 to->nf_trace = from->nf_trace;
567 #endif
568 skb_copy_secmark(to, from);
569 }
570
571 int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
572 {
573 u16 offset = sizeof(struct ipv6hdr);
574 struct ipv6_opt_hdr *exthdr =
575 (struct ipv6_opt_hdr *)(ipv6_hdr(skb) + 1);
576 unsigned int packet_len = skb->tail - skb->network_header;
577 int found_rhdr = 0;
578 *nexthdr = &ipv6_hdr(skb)->nexthdr;
579
580 while (offset + 1 <= packet_len) {
581
582 switch (**nexthdr) {
583
584 case NEXTHDR_HOP:
585 break;
586 case NEXTHDR_ROUTING:
587 found_rhdr = 1;
588 break;
589 case NEXTHDR_DEST:
590 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
591 if (ipv6_find_tlv(skb, offset, IPV6_TLV_HAO) >= 0)
592 break;
593 #endif
594 if (found_rhdr)
595 return offset;
596 break;
597 default :
598 return offset;
599 }
600
601 offset += ipv6_optlen(exthdr);
602 *nexthdr = &exthdr->nexthdr;
603 exthdr = (struct ipv6_opt_hdr *)(skb_network_header(skb) +
604 offset);
605 }
606
607 return offset;
608 }
609
610 static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
611 {
612 struct sk_buff *frag;
613 struct rt6_info *rt = (struct rt6_info*)skb_dst(skb);
614 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
615 struct ipv6hdr *tmp_hdr;
616 struct frag_hdr *fh;
617 unsigned int mtu, hlen, left, len;
618 __be32 frag_id = 0;
619 int ptr, offset = 0, err=0;
620 u8 *prevhdr, nexthdr = 0;
621 struct net *net = dev_net(skb_dst(skb)->dev);
622
623 hlen = ip6_find_1stfragopt(skb, &prevhdr);
624 nexthdr = *prevhdr;
625
626 mtu = ip6_skb_dst_mtu(skb);
627
628 /* We must not fragment if the socket is set to force MTU discovery
629 * or if the skb it not generated by a local socket.
630 */
631 if (!skb->local_df) {
632 skb->dev = skb_dst(skb)->dev;
633 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
634 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
635 IPSTATS_MIB_FRAGFAILS);
636 kfree_skb(skb);
637 return -EMSGSIZE;
638 }
639
640 if (np && np->frag_size < mtu) {
641 if (np->frag_size)
642 mtu = np->frag_size;
643 }
644 mtu -= hlen + sizeof(struct frag_hdr);
645
646 if (skb_has_frags(skb)) {
647 int first_len = skb_pagelen(skb);
648 int truesizes = 0;
649
650 if (first_len - hlen > mtu ||
651 ((first_len - hlen) & 7) ||
652 skb_cloned(skb))
653 goto slow_path;
654
655 skb_walk_frags(skb, frag) {
656 /* Correct geometry. */
657 if (frag->len > mtu ||
658 ((frag->len & 7) && frag->next) ||
659 skb_headroom(frag) < hlen)
660 goto slow_path;
661
662 /* Partially cloned skb? */
663 if (skb_shared(frag))
664 goto slow_path;
665
666 BUG_ON(frag->sk);
667 if (skb->sk) {
668 frag->sk = skb->sk;
669 frag->destructor = sock_wfree;
670 truesizes += frag->truesize;
671 }
672 }
673
674 err = 0;
675 offset = 0;
676 frag = skb_shinfo(skb)->frag_list;
677 skb_frag_list_init(skb);
678 /* BUILD HEADER */
679
680 *prevhdr = NEXTHDR_FRAGMENT;
681 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
682 if (!tmp_hdr) {
683 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
684 IPSTATS_MIB_FRAGFAILS);
685 return -ENOMEM;
686 }
687
688 __skb_pull(skb, hlen);
689 fh = (struct frag_hdr*)__skb_push(skb, sizeof(struct frag_hdr));
690 __skb_push(skb, hlen);
691 skb_reset_network_header(skb);
692 memcpy(skb_network_header(skb), tmp_hdr, hlen);
693
694 ipv6_select_ident(fh);
695 fh->nexthdr = nexthdr;
696 fh->reserved = 0;
697 fh->frag_off = htons(IP6_MF);
698 frag_id = fh->identification;
699
700 first_len = skb_pagelen(skb);
701 skb->data_len = first_len - skb_headlen(skb);
702 skb->truesize -= truesizes;
703 skb->len = first_len;
704 ipv6_hdr(skb)->payload_len = htons(first_len -
705 sizeof(struct ipv6hdr));
706
707 dst_hold(&rt->u.dst);
708
709 for (;;) {
710 /* Prepare header of the next frame,
711 * before previous one went down. */
712 if (frag) {
713 frag->ip_summed = CHECKSUM_NONE;
714 skb_reset_transport_header(frag);
715 fh = (struct frag_hdr*)__skb_push(frag, sizeof(struct frag_hdr));
716 __skb_push(frag, hlen);
717 skb_reset_network_header(frag);
718 memcpy(skb_network_header(frag), tmp_hdr,
719 hlen);
720 offset += skb->len - hlen - sizeof(struct frag_hdr);
721 fh->nexthdr = nexthdr;
722 fh->reserved = 0;
723 fh->frag_off = htons(offset);
724 if (frag->next != NULL)
725 fh->frag_off |= htons(IP6_MF);
726 fh->identification = frag_id;
727 ipv6_hdr(frag)->payload_len =
728 htons(frag->len -
729 sizeof(struct ipv6hdr));
730 ip6_copy_metadata(frag, skb);
731 }
732
733 err = output(skb);
734 if(!err)
735 IP6_INC_STATS(net, ip6_dst_idev(&rt->u.dst),
736 IPSTATS_MIB_FRAGCREATES);
737
738 if (err || !frag)
739 break;
740
741 skb = frag;
742 frag = skb->next;
743 skb->next = NULL;
744 }
745
746 kfree(tmp_hdr);
747
748 if (err == 0) {
749 IP6_INC_STATS(net, ip6_dst_idev(&rt->u.dst),
750 IPSTATS_MIB_FRAGOKS);
751 dst_release(&rt->u.dst);
752 return 0;
753 }
754
755 while (frag) {
756 skb = frag->next;
757 kfree_skb(frag);
758 frag = skb;
759 }
760
761 IP6_INC_STATS(net, ip6_dst_idev(&rt->u.dst),
762 IPSTATS_MIB_FRAGFAILS);
763 dst_release(&rt->u.dst);
764 return err;
765 }
766
767 slow_path:
768 left = skb->len - hlen; /* Space per frame */
769 ptr = hlen; /* Where to start from */
770
771 /*
772 * Fragment the datagram.
773 */
774
775 *prevhdr = NEXTHDR_FRAGMENT;
776
777 /*
778 * Keep copying data until we run out.
779 */
780 while(left > 0) {
781 len = left;
782 /* IF: it doesn't fit, use 'mtu' - the data space left */
783 if (len > mtu)
784 len = mtu;
785 /* IF: we are not sending upto and including the packet end
786 then align the next start on an eight byte boundary */
787 if (len < left) {
788 len &= ~7;
789 }
790 /*
791 * Allocate buffer.
792 */
793
794 if ((frag = alloc_skb(len+hlen+sizeof(struct frag_hdr)+LL_ALLOCATED_SPACE(rt->u.dst.dev), GFP_ATOMIC)) == NULL) {
795 NETDEBUG(KERN_INFO "IPv6: frag: no memory for new fragment!\n");
796 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
797 IPSTATS_MIB_FRAGFAILS);
798 err = -ENOMEM;
799 goto fail;
800 }
801
802 /*
803 * Set up data on packet
804 */
805
806 ip6_copy_metadata(frag, skb);
807 skb_reserve(frag, LL_RESERVED_SPACE(rt->u.dst.dev));
808 skb_put(frag, len + hlen + sizeof(struct frag_hdr));
809 skb_reset_network_header(frag);
810 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen);
811 frag->transport_header = (frag->network_header + hlen +
812 sizeof(struct frag_hdr));
813
814 /*
815 * Charge the memory for the fragment to any owner
816 * it might possess
817 */
818 if (skb->sk)
819 skb_set_owner_w(frag, skb->sk);
820
821 /*
822 * Copy the packet header into the new buffer.
823 */
824 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen);
825
826 /*
827 * Build fragment header.
828 */
829 fh->nexthdr = nexthdr;
830 fh->reserved = 0;
831 if (!frag_id) {
832 ipv6_select_ident(fh);
833 frag_id = fh->identification;
834 } else
835 fh->identification = frag_id;
836
837 /*
838 * Copy a block of the IP datagram.
839 */
840 if (skb_copy_bits(skb, ptr, skb_transport_header(frag), len))
841 BUG();
842 left -= len;
843
844 fh->frag_off = htons(offset);
845 if (left > 0)
846 fh->frag_off |= htons(IP6_MF);
847 ipv6_hdr(frag)->payload_len = htons(frag->len -
848 sizeof(struct ipv6hdr));
849
850 ptr += len;
851 offset += len;
852
853 /*
854 * Put this fragment into the sending queue.
855 */
856 err = output(frag);
857 if (err)
858 goto fail;
859
860 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
861 IPSTATS_MIB_FRAGCREATES);
862 }
863 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
864 IPSTATS_MIB_FRAGOKS);
865 kfree_skb(skb);
866 return err;
867
868 fail:
869 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
870 IPSTATS_MIB_FRAGFAILS);
871 kfree_skb(skb);
872 return err;
873 }
874
875 static inline int ip6_rt_check(struct rt6key *rt_key,
876 struct in6_addr *fl_addr,
877 struct in6_addr *addr_cache)
878 {
879 return ((rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) &&
880 (addr_cache == NULL || !ipv6_addr_equal(fl_addr, addr_cache)));
881 }
882
883 static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
884 struct dst_entry *dst,
885 struct flowi *fl)
886 {
887 struct ipv6_pinfo *np = inet6_sk(sk);
888 struct rt6_info *rt = (struct rt6_info *)dst;
889
890 if (!dst)
891 goto out;
892
893 /* Yes, checking route validity in not connected
894 * case is not very simple. Take into account,
895 * that we do not support routing by source, TOS,
896 * and MSG_DONTROUTE --ANK (980726)
897 *
898 * 1. ip6_rt_check(): If route was host route,
899 * check that cached destination is current.
900 * If it is network route, we still may
901 * check its validity using saved pointer
902 * to the last used address: daddr_cache.
903 * We do not want to save whole address now,
904 * (because main consumer of this service
905 * is tcp, which has not this problem),
906 * so that the last trick works only on connected
907 * sockets.
908 * 2. oif also should be the same.
909 */
910 if (ip6_rt_check(&rt->rt6i_dst, &fl->fl6_dst, np->daddr_cache) ||
911 #ifdef CONFIG_IPV6_SUBTREES
912 ip6_rt_check(&rt->rt6i_src, &fl->fl6_src, np->saddr_cache) ||
913 #endif
914 (fl->oif && fl->oif != dst->dev->ifindex)) {
915 dst_release(dst);
916 dst = NULL;
917 }
918
919 out:
920 return dst;
921 }
922
923 static int ip6_dst_lookup_tail(struct sock *sk,
924 struct dst_entry **dst, struct flowi *fl)
925 {
926 int err;
927 struct net *net = sock_net(sk);
928
929 if (*dst == NULL)
930 *dst = ip6_route_output(net, sk, fl);
931
932 if ((err = (*dst)->error))
933 goto out_err_release;
934
935 if (ipv6_addr_any(&fl->fl6_src)) {
936 err = ipv6_dev_get_saddr(net, ip6_dst_idev(*dst)->dev,
937 &fl->fl6_dst,
938 sk ? inet6_sk(sk)->srcprefs : 0,
939 &fl->fl6_src);
940 if (err)
941 goto out_err_release;
942 }
943
944 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
945 /*
946 * Here if the dst entry we've looked up
947 * has a neighbour entry that is in the INCOMPLETE
948 * state and the src address from the flow is
949 * marked as OPTIMISTIC, we release the found
950 * dst entry and replace it instead with the
951 * dst entry of the nexthop router
952 */
953 if ((*dst)->neighbour && !((*dst)->neighbour->nud_state & NUD_VALID)) {
954 struct inet6_ifaddr *ifp;
955 struct flowi fl_gw;
956 int redirect;
957
958 ifp = ipv6_get_ifaddr(net, &fl->fl6_src,
959 (*dst)->dev, 1);
960
961 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
962 if (ifp)
963 in6_ifa_put(ifp);
964
965 if (redirect) {
966 /*
967 * We need to get the dst entry for the
968 * default router instead
969 */
970 dst_release(*dst);
971 memcpy(&fl_gw, fl, sizeof(struct flowi));
972 memset(&fl_gw.fl6_dst, 0, sizeof(struct in6_addr));
973 *dst = ip6_route_output(net, sk, &fl_gw);
974 if ((err = (*dst)->error))
975 goto out_err_release;
976 }
977 }
978 #endif
979
980 return 0;
981
982 out_err_release:
983 if (err == -ENETUNREACH)
984 IP6_INC_STATS_BH(net, NULL, IPSTATS_MIB_OUTNOROUTES);
985 dst_release(*dst);
986 *dst = NULL;
987 return err;
988 }
989
990 /**
991 * ip6_dst_lookup - perform route lookup on flow
992 * @sk: socket which provides route info
993 * @dst: pointer to dst_entry * for result
994 * @fl: flow to lookup
995 *
996 * This function performs a route lookup on the given flow.
997 *
998 * It returns zero on success, or a standard errno code on error.
999 */
1000 int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl)
1001 {
1002 *dst = NULL;
1003 return ip6_dst_lookup_tail(sk, dst, fl);
1004 }
1005 EXPORT_SYMBOL_GPL(ip6_dst_lookup);
1006
1007 /**
1008 * ip6_sk_dst_lookup - perform socket cached route lookup on flow
1009 * @sk: socket which provides the dst cache and route info
1010 * @dst: pointer to dst_entry * for result
1011 * @fl: flow to lookup
1012 *
1013 * This function performs a route lookup on the given flow with the
1014 * possibility of using the cached route in the socket if it is valid.
1015 * It will take the socket dst lock when operating on the dst cache.
1016 * As a result, this function can only be used in process context.
1017 *
1018 * It returns zero on success, or a standard errno code on error.
1019 */
1020 int ip6_sk_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl)
1021 {
1022 *dst = NULL;
1023 if (sk) {
1024 *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
1025 *dst = ip6_sk_dst_check(sk, *dst, fl);
1026 }
1027
1028 return ip6_dst_lookup_tail(sk, dst, fl);
1029 }
1030 EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup);
1031
1032 static inline int ip6_ufo_append_data(struct sock *sk,
1033 int getfrag(void *from, char *to, int offset, int len,
1034 int odd, struct sk_buff *skb),
1035 void *from, int length, int hh_len, int fragheaderlen,
1036 int transhdrlen, int mtu,unsigned int flags)
1037
1038 {
1039 struct sk_buff *skb;
1040 int err;
1041
1042 /* There is support for UDP large send offload by network
1043 * device, so create one single skb packet containing complete
1044 * udp datagram
1045 */
1046 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) {
1047 skb = sock_alloc_send_skb(sk,
1048 hh_len + fragheaderlen + transhdrlen + 20,
1049 (flags & MSG_DONTWAIT), &err);
1050 if (skb == NULL)
1051 return -ENOMEM;
1052
1053 /* reserve space for Hardware header */
1054 skb_reserve(skb, hh_len);
1055
1056 /* create space for UDP/IP header */
1057 skb_put(skb,fragheaderlen + transhdrlen);
1058
1059 /* initialize network header pointer */
1060 skb_reset_network_header(skb);
1061
1062 /* initialize protocol header pointer */
1063 skb->transport_header = skb->network_header + fragheaderlen;
1064
1065 skb->ip_summed = CHECKSUM_PARTIAL;
1066 skb->csum = 0;
1067 sk->sk_sndmsg_off = 0;
1068 }
1069
1070 err = skb_append_datato_frags(sk,skb, getfrag, from,
1071 (length - transhdrlen));
1072 if (!err) {
1073 struct frag_hdr fhdr;
1074
1075 /* Specify the length of each IPv6 datagram fragment.
1076 * It has to be a multiple of 8.
1077 */
1078 skb_shinfo(skb)->gso_size = (mtu - fragheaderlen -
1079 sizeof(struct frag_hdr)) & ~7;
1080 skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
1081 ipv6_select_ident(&fhdr);
1082 skb_shinfo(skb)->ip6_frag_id = fhdr.identification;
1083 __skb_queue_tail(&sk->sk_write_queue, skb);
1084
1085 return 0;
1086 }
1087 /* There is not enough support do UPD LSO,
1088 * so follow normal path
1089 */
1090 kfree_skb(skb);
1091
1092 return err;
1093 }
1094
1095 static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src,
1096 gfp_t gfp)
1097 {
1098 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1099 }
1100
1101 static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src,
1102 gfp_t gfp)
1103 {
1104 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1105 }
1106
1107 int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
1108 int offset, int len, int odd, struct sk_buff *skb),
1109 void *from, int length, int transhdrlen,
1110 int hlimit, int tclass, struct ipv6_txoptions *opt, struct flowi *fl,
1111 struct rt6_info *rt, unsigned int flags)
1112 {
1113 struct inet_sock *inet = inet_sk(sk);
1114 struct ipv6_pinfo *np = inet6_sk(sk);
1115 struct sk_buff *skb;
1116 unsigned int maxfraglen, fragheaderlen;
1117 int exthdrlen;
1118 int hh_len;
1119 int mtu;
1120 int copy;
1121 int err;
1122 int offset = 0;
1123 int csummode = CHECKSUM_NONE;
1124
1125 if (flags&MSG_PROBE)
1126 return 0;
1127 if (skb_queue_empty(&sk->sk_write_queue)) {
1128 /*
1129 * setup for corking
1130 */
1131 if (opt) {
1132 if (WARN_ON(np->cork.opt))
1133 return -EINVAL;
1134
1135 np->cork.opt = kmalloc(opt->tot_len, sk->sk_allocation);
1136 if (unlikely(np->cork.opt == NULL))
1137 return -ENOBUFS;
1138
1139 np->cork.opt->tot_len = opt->tot_len;
1140 np->cork.opt->opt_flen = opt->opt_flen;
1141 np->cork.opt->opt_nflen = opt->opt_nflen;
1142
1143 np->cork.opt->dst0opt = ip6_opt_dup(opt->dst0opt,
1144 sk->sk_allocation);
1145 if (opt->dst0opt && !np->cork.opt->dst0opt)
1146 return -ENOBUFS;
1147
1148 np->cork.opt->dst1opt = ip6_opt_dup(opt->dst1opt,
1149 sk->sk_allocation);
1150 if (opt->dst1opt && !np->cork.opt->dst1opt)
1151 return -ENOBUFS;
1152
1153 np->cork.opt->hopopt = ip6_opt_dup(opt->hopopt,
1154 sk->sk_allocation);
1155 if (opt->hopopt && !np->cork.opt->hopopt)
1156 return -ENOBUFS;
1157
1158 np->cork.opt->srcrt = ip6_rthdr_dup(opt->srcrt,
1159 sk->sk_allocation);
1160 if (opt->srcrt && !np->cork.opt->srcrt)
1161 return -ENOBUFS;
1162
1163 /* need source address above miyazawa*/
1164 }
1165 dst_hold(&rt->u.dst);
1166 inet->cork.dst = &rt->u.dst;
1167 inet->cork.fl = *fl;
1168 np->cork.hop_limit = hlimit;
1169 np->cork.tclass = tclass;
1170 mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ?
1171 rt->u.dst.dev->mtu : dst_mtu(rt->u.dst.path);
1172 if (np->frag_size < mtu) {
1173 if (np->frag_size)
1174 mtu = np->frag_size;
1175 }
1176 inet->cork.fragsize = mtu;
1177 if (dst_allfrag(rt->u.dst.path))
1178 inet->cork.flags |= IPCORK_ALLFRAG;
1179 inet->cork.length = 0;
1180 sk->sk_sndmsg_page = NULL;
1181 sk->sk_sndmsg_off = 0;
1182 exthdrlen = rt->u.dst.header_len + (opt ? opt->opt_flen : 0) -
1183 rt->rt6i_nfheader_len;
1184 length += exthdrlen;
1185 transhdrlen += exthdrlen;
1186 } else {
1187 rt = (struct rt6_info *)inet->cork.dst;
1188 fl = &inet->cork.fl;
1189 opt = np->cork.opt;
1190 transhdrlen = 0;
1191 exthdrlen = 0;
1192 mtu = inet->cork.fragsize;
1193 }
1194
1195 hh_len = LL_RESERVED_SPACE(rt->u.dst.dev);
1196
1197 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len +
1198 (opt ? opt->opt_nflen : 0);
1199 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr);
1200
1201 if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) {
1202 if (inet->cork.length + length > sizeof(struct ipv6hdr) + IPV6_MAXPLEN - fragheaderlen) {
1203 ipv6_local_error(sk, EMSGSIZE, fl, mtu-exthdrlen);
1204 return -EMSGSIZE;
1205 }
1206 }
1207
1208 /*
1209 * Let's try using as much space as possible.
1210 * Use MTU if total length of the message fits into the MTU.
1211 * Otherwise, we need to reserve fragment header and
1212 * fragment alignment (= 8-15 octects, in total).
1213 *
1214 * Note that we may need to "move" the data from the tail of
1215 * of the buffer to the new fragment when we split
1216 * the message.
1217 *
1218 * FIXME: It may be fragmented into multiple chunks
1219 * at once if non-fragmentable extension headers
1220 * are too large.
1221 * --yoshfuji
1222 */
1223
1224 inet->cork.length += length;
1225 if (((length > mtu) && (sk->sk_protocol == IPPROTO_UDP)) &&
1226 (rt->u.dst.dev->features & NETIF_F_UFO)) {
1227
1228 err = ip6_ufo_append_data(sk, getfrag, from, length, hh_len,
1229 fragheaderlen, transhdrlen, mtu,
1230 flags);
1231 if (err)
1232 goto error;
1233 return 0;
1234 }
1235
1236 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL)
1237 goto alloc_new_skb;
1238
1239 while (length > 0) {
1240 /* Check if the remaining data fits into current packet. */
1241 copy = (inet->cork.length <= mtu && !(inet->cork.flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len;
1242 if (copy < length)
1243 copy = maxfraglen - skb->len;
1244
1245 if (copy <= 0) {
1246 char *data;
1247 unsigned int datalen;
1248 unsigned int fraglen;
1249 unsigned int fraggap;
1250 unsigned int alloclen;
1251 struct sk_buff *skb_prev;
1252 alloc_new_skb:
1253 skb_prev = skb;
1254
1255 /* There's no room in the current skb */
1256 if (skb_prev)
1257 fraggap = skb_prev->len - maxfraglen;
1258 else
1259 fraggap = 0;
1260
1261 /*
1262 * If remaining data exceeds the mtu,
1263 * we know we need more fragment(s).
1264 */
1265 datalen = length + fraggap;
1266 if (datalen > (inet->cork.length <= mtu && !(inet->cork.flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)
1267 datalen = maxfraglen - fragheaderlen;
1268
1269 fraglen = datalen + fragheaderlen;
1270 if ((flags & MSG_MORE) &&
1271 !(rt->u.dst.dev->features&NETIF_F_SG))
1272 alloclen = mtu;
1273 else
1274 alloclen = datalen + fragheaderlen;
1275
1276 /*
1277 * The last fragment gets additional space at tail.
1278 * Note: we overallocate on fragments with MSG_MODE
1279 * because we have no idea if we're the last one.
1280 */
1281 if (datalen == length + fraggap)
1282 alloclen += rt->u.dst.trailer_len;
1283
1284 /*
1285 * We just reserve space for fragment header.
1286 * Note: this may be overallocation if the message
1287 * (without MSG_MORE) fits into the MTU.
1288 */
1289 alloclen += sizeof(struct frag_hdr);
1290
1291 if (transhdrlen) {
1292 skb = sock_alloc_send_skb(sk,
1293 alloclen + hh_len,
1294 (flags & MSG_DONTWAIT), &err);
1295 } else {
1296 skb = NULL;
1297 if (atomic_read(&sk->sk_wmem_alloc) <=
1298 2 * sk->sk_sndbuf)
1299 skb = sock_wmalloc(sk,
1300 alloclen + hh_len, 1,
1301 sk->sk_allocation);
1302 if (unlikely(skb == NULL))
1303 err = -ENOBUFS;
1304 }
1305 if (skb == NULL)
1306 goto error;
1307 /*
1308 * Fill in the control structures
1309 */
1310 skb->ip_summed = csummode;
1311 skb->csum = 0;
1312 /* reserve for fragmentation */
1313 skb_reserve(skb, hh_len+sizeof(struct frag_hdr));
1314
1315 /*
1316 * Find where to start putting bytes
1317 */
1318 data = skb_put(skb, fraglen);
1319 skb_set_network_header(skb, exthdrlen);
1320 data += fragheaderlen;
1321 skb->transport_header = (skb->network_header +
1322 fragheaderlen);
1323 if (fraggap) {
1324 skb->csum = skb_copy_and_csum_bits(
1325 skb_prev, maxfraglen,
1326 data + transhdrlen, fraggap, 0);
1327 skb_prev->csum = csum_sub(skb_prev->csum,
1328 skb->csum);
1329 data += fraggap;
1330 pskb_trim_unique(skb_prev, maxfraglen);
1331 }
1332 copy = datalen - transhdrlen - fraggap;
1333 if (copy < 0) {
1334 err = -EINVAL;
1335 kfree_skb(skb);
1336 goto error;
1337 } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) {
1338 err = -EFAULT;
1339 kfree_skb(skb);
1340 goto error;
1341 }
1342
1343 offset += copy;
1344 length -= datalen - fraggap;
1345 transhdrlen = 0;
1346 exthdrlen = 0;
1347 csummode = CHECKSUM_NONE;
1348
1349 /*
1350 * Put the packet on the pending queue
1351 */
1352 __skb_queue_tail(&sk->sk_write_queue, skb);
1353 continue;
1354 }
1355
1356 if (copy > length)
1357 copy = length;
1358
1359 if (!(rt->u.dst.dev->features&NETIF_F_SG)) {
1360 unsigned int off;
1361
1362 off = skb->len;
1363 if (getfrag(from, skb_put(skb, copy),
1364 offset, copy, off, skb) < 0) {
1365 __skb_trim(skb, off);
1366 err = -EFAULT;
1367 goto error;
1368 }
1369 } else {
1370 int i = skb_shinfo(skb)->nr_frags;
1371 skb_frag_t *frag = &skb_shinfo(skb)->frags[i-1];
1372 struct page *page = sk->sk_sndmsg_page;
1373 int off = sk->sk_sndmsg_off;
1374 unsigned int left;
1375
1376 if (page && (left = PAGE_SIZE - off) > 0) {
1377 if (copy >= left)
1378 copy = left;
1379 if (page != frag->page) {
1380 if (i == MAX_SKB_FRAGS) {
1381 err = -EMSGSIZE;
1382 goto error;
1383 }
1384 get_page(page);
1385 skb_fill_page_desc(skb, i, page, sk->sk_sndmsg_off, 0);
1386 frag = &skb_shinfo(skb)->frags[i];
1387 }
1388 } else if(i < MAX_SKB_FRAGS) {
1389 if (copy > PAGE_SIZE)
1390 copy = PAGE_SIZE;
1391 page = alloc_pages(sk->sk_allocation, 0);
1392 if (page == NULL) {
1393 err = -ENOMEM;
1394 goto error;
1395 }
1396 sk->sk_sndmsg_page = page;
1397 sk->sk_sndmsg_off = 0;
1398
1399 skb_fill_page_desc(skb, i, page, 0, 0);
1400 frag = &skb_shinfo(skb)->frags[i];
1401 } else {
1402 err = -EMSGSIZE;
1403 goto error;
1404 }
1405 if (getfrag(from, page_address(frag->page)+frag->page_offset+frag->size, offset, copy, skb->len, skb) < 0) {
1406 err = -EFAULT;
1407 goto error;
1408 }
1409 sk->sk_sndmsg_off += copy;
1410 frag->size += copy;
1411 skb->len += copy;
1412 skb->data_len += copy;
1413 skb->truesize += copy;
1414 atomic_add(copy, &sk->sk_wmem_alloc);
1415 }
1416 offset += copy;
1417 length -= copy;
1418 }
1419 return 0;
1420 error:
1421 inet->cork.length -= length;
1422 IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1423 return err;
1424 }
1425
1426 static void ip6_cork_release(struct inet_sock *inet, struct ipv6_pinfo *np)
1427 {
1428 if (np->cork.opt) {
1429 kfree(np->cork.opt->dst0opt);
1430 kfree(np->cork.opt->dst1opt);
1431 kfree(np->cork.opt->hopopt);
1432 kfree(np->cork.opt->srcrt);
1433 kfree(np->cork.opt);
1434 np->cork.opt = NULL;
1435 }
1436
1437 if (inet->cork.dst) {
1438 dst_release(inet->cork.dst);
1439 inet->cork.dst = NULL;
1440 inet->cork.flags &= ~IPCORK_ALLFRAG;
1441 }
1442 memset(&inet->cork.fl, 0, sizeof(inet->cork.fl));
1443 }
1444
1445 int ip6_push_pending_frames(struct sock *sk)
1446 {
1447 struct sk_buff *skb, *tmp_skb;
1448 struct sk_buff **tail_skb;
1449 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf;
1450 struct inet_sock *inet = inet_sk(sk);
1451 struct ipv6_pinfo *np = inet6_sk(sk);
1452 struct net *net = sock_net(sk);
1453 struct ipv6hdr *hdr;
1454 struct ipv6_txoptions *opt = np->cork.opt;
1455 struct rt6_info *rt = (struct rt6_info *)inet->cork.dst;
1456 struct flowi *fl = &inet->cork.fl;
1457 unsigned char proto = fl->proto;
1458 int err = 0;
1459
1460 if ((skb = __skb_dequeue(&sk->sk_write_queue)) == NULL)
1461 goto out;
1462 tail_skb = &(skb_shinfo(skb)->frag_list);
1463
1464 /* move skb->data to ip header from ext header */
1465 if (skb->data < skb_network_header(skb))
1466 __skb_pull(skb, skb_network_offset(skb));
1467 while ((tmp_skb = __skb_dequeue(&sk->sk_write_queue)) != NULL) {
1468 __skb_pull(tmp_skb, skb_network_header_len(skb));
1469 *tail_skb = tmp_skb;
1470 tail_skb = &(tmp_skb->next);
1471 skb->len += tmp_skb->len;
1472 skb->data_len += tmp_skb->len;
1473 skb->truesize += tmp_skb->truesize;
1474 tmp_skb->destructor = NULL;
1475 tmp_skb->sk = NULL;
1476 }
1477
1478 /* Allow local fragmentation. */
1479 if (np->pmtudisc < IPV6_PMTUDISC_DO)
1480 skb->local_df = 1;
1481
1482 ipv6_addr_copy(final_dst, &fl->fl6_dst);
1483 __skb_pull(skb, skb_network_header_len(skb));
1484 if (opt && opt->opt_flen)
1485 ipv6_push_frag_opts(skb, opt, &proto);
1486 if (opt && opt->opt_nflen)
1487 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst);
1488
1489 skb_push(skb, sizeof(struct ipv6hdr));
1490 skb_reset_network_header(skb);
1491 hdr = ipv6_hdr(skb);
1492
1493 *(__be32*)hdr = fl->fl6_flowlabel |
1494 htonl(0x60000000 | ((int)np->cork.tclass << 20));
1495
1496 hdr->hop_limit = np->cork.hop_limit;
1497 hdr->nexthdr = proto;
1498 ipv6_addr_copy(&hdr->saddr, &fl->fl6_src);
1499 ipv6_addr_copy(&hdr->daddr, final_dst);
1500
1501 skb->priority = sk->sk_priority;
1502 skb->mark = sk->sk_mark;
1503
1504 skb_dst_set(skb, dst_clone(&rt->u.dst));
1505 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
1506 if (proto == IPPROTO_ICMPV6) {
1507 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
1508
1509 ICMP6MSGOUT_INC_STATS_BH(net, idev, icmp6_hdr(skb)->icmp6_type);
1510 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTMSGS);
1511 }
1512
1513 err = ip6_local_out(skb);
1514 if (err) {
1515 if (err > 0)
1516 err = net_xmit_errno(err);
1517 if (err)
1518 goto error;
1519 }
1520
1521 out:
1522 ip6_cork_release(inet, np);
1523 return err;
1524 error:
1525 IP6_INC_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1526 goto out;
1527 }
1528
1529 void ip6_flush_pending_frames(struct sock *sk)
1530 {
1531 struct sk_buff *skb;
1532
1533 while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) {
1534 if (skb_dst(skb))
1535 IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb_dst(skb)),
1536 IPSTATS_MIB_OUTDISCARDS);
1537 kfree_skb(skb);
1538 }
1539
1540 ip6_cork_release(inet_sk(sk), inet6_sk(sk));
1541 }