2 * ip_vs_xmit.c: various packet transmitters for IPVS
4 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
5 * Julian Anastasov <ja@ssi.bg>
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
16 #include <linux/kernel.h>
17 #include <linux/tcp.h> /* for tcphdr */
19 #include <net/tcp.h> /* for csum_tcpudp_magic */
21 #include <net/icmp.h> /* for icmp_send */
22 #include <net/route.h> /* for ip_route_output */
24 #include <net/ip6_route.h>
25 #include <linux/icmpv6.h>
26 #include <linux/netfilter.h>
27 #include <linux/netfilter_ipv4.h>
29 #include <net/ip_vs.h>
33 * Destination cache to speed up outgoing route lookup
36 __ip_vs_dst_set(struct ip_vs_dest
*dest
, u32 rtos
, struct dst_entry
*dst
)
38 struct dst_entry
*old_dst
;
40 old_dst
= dest
->dst_cache
;
41 dest
->dst_cache
= dst
;
42 dest
->dst_rtos
= rtos
;
46 static inline struct dst_entry
*
47 __ip_vs_dst_check(struct ip_vs_dest
*dest
, u32 rtos
, u32 cookie
)
49 struct dst_entry
*dst
= dest
->dst_cache
;
54 || (dest
->af
== AF_INET
&& rtos
!= dest
->dst_rtos
)) &&
55 dst
->ops
->check(dst
, cookie
) == NULL
) {
56 dest
->dst_cache
= NULL
;
64 static struct rtable
*
65 __ip_vs_get_out_rt(struct ip_vs_conn
*cp
, u32 rtos
)
67 struct rtable
*rt
; /* Route to the other host */
68 struct ip_vs_dest
*dest
= cp
->dest
;
71 spin_lock(&dest
->dst_lock
);
72 if (!(rt
= (struct rtable
*)
73 __ip_vs_dst_check(dest
, rtos
, 0))) {
78 .daddr
= dest
->addr
.ip
,
83 if (ip_route_output_key(&init_net
, &rt
, &fl
)) {
84 spin_unlock(&dest
->dst_lock
);
85 IP_VS_DBG_RL("ip_route_output error, dest: %pI4\n",
89 __ip_vs_dst_set(dest
, rtos
, dst_clone(&rt
->u
.dst
));
90 IP_VS_DBG(10, "new dst %pI4, refcnt=%d, rtos=%X\n",
92 atomic_read(&rt
->u
.dst
.__refcnt
), rtos
);
94 spin_unlock(&dest
->dst_lock
);
100 .daddr
= cp
->daddr
.ip
,
105 if (ip_route_output_key(&init_net
, &rt
, &fl
)) {
106 IP_VS_DBG_RL("ip_route_output error, dest: %pI4\n",
115 #ifdef CONFIG_IP_VS_IPV6
116 static struct rt6_info
*
117 __ip_vs_get_out_rt_v6(struct ip_vs_conn
*cp
)
119 struct rt6_info
*rt
; /* Route to the other host */
120 struct ip_vs_dest
*dest
= cp
->dest
;
123 spin_lock(&dest
->dst_lock
);
124 rt
= (struct rt6_info
*)__ip_vs_dst_check(dest
, 0, 0);
130 .daddr
= dest
->addr
.in6
,
139 rt
= (struct rt6_info
*)ip6_route_output(&init_net
,
142 spin_unlock(&dest
->dst_lock
);
143 IP_VS_DBG_RL("ip6_route_output error, dest: %pI6\n",
147 __ip_vs_dst_set(dest
, 0, dst_clone(&rt
->u
.dst
));
148 IP_VS_DBG(10, "new dst %pI6, refcnt=%d\n",
150 atomic_read(&rt
->u
.dst
.__refcnt
));
152 spin_unlock(&dest
->dst_lock
);
158 .daddr
= cp
->daddr
.in6
,
160 .s6_addr32
= { 0, 0, 0, 0 },
166 rt
= (struct rt6_info
*)ip6_route_output(&init_net
, NULL
, &fl
);
168 IP_VS_DBG_RL("ip6_route_output error, dest: %pI6\n",
180 * Release dest->dst_cache before a dest is removed
183 ip_vs_dst_reset(struct ip_vs_dest
*dest
)
185 struct dst_entry
*old_dst
;
187 old_dst
= dest
->dst_cache
;
188 dest
->dst_cache
= NULL
;
189 dst_release(old_dst
);
192 #define IP_VS_XMIT(pf, skb, rt) \
194 (skb)->ipvs_property = 1; \
195 skb_forward_csum(skb); \
196 NF_HOOK(pf, NF_INET_LOCAL_OUT, (skb), NULL, \
197 (rt)->u.dst.dev, dst_output); \
202 * NULL transmitter (do nothing except return NF_ACCEPT)
205 ip_vs_null_xmit(struct sk_buff
*skb
, struct ip_vs_conn
*cp
,
206 struct ip_vs_protocol
*pp
)
208 /* we do not touch skb and do not need pskb ptr */
215 * Let packets bypass the destination when the destination is not
216 * available, it may be only used in transparent cache cluster.
219 ip_vs_bypass_xmit(struct sk_buff
*skb
, struct ip_vs_conn
*cp
,
220 struct ip_vs_protocol
*pp
)
222 struct rtable
*rt
; /* Route to the other host */
223 struct iphdr
*iph
= ip_hdr(skb
);
232 .tos
= RT_TOS(tos
), } },
237 if (ip_route_output_key(&init_net
, &rt
, &fl
)) {
238 IP_VS_DBG_RL("ip_vs_bypass_xmit(): ip_route_output error, dest: %pI4\n",
244 mtu
= dst_mtu(&rt
->u
.dst
);
245 if ((skb
->len
> mtu
) && (iph
->frag_off
& htons(IP_DF
))) {
247 icmp_send(skb
, ICMP_DEST_UNREACH
,ICMP_FRAG_NEEDED
, htonl(mtu
));
248 IP_VS_DBG_RL("ip_vs_bypass_xmit(): frag needed\n");
253 * Call ip_send_check because we are not sure it is called
254 * after ip_defrag. Is copy-on-write needed?
256 if (unlikely((skb
= skb_share_check(skb
, GFP_ATOMIC
)) == NULL
)) {
260 ip_send_check(ip_hdr(skb
));
263 dst_release(skb
->dst
);
264 skb
->dst
= &rt
->u
.dst
;
266 /* Another hack: avoid icmp_send in ip_fragment */
269 IP_VS_XMIT(PF_INET
, skb
, rt
);
275 dst_link_failure(skb
);
282 #ifdef CONFIG_IP_VS_IPV6
284 ip_vs_bypass_xmit_v6(struct sk_buff
*skb
, struct ip_vs_conn
*cp
,
285 struct ip_vs_protocol
*pp
)
287 struct rt6_info
*rt
; /* Route to the other host */
288 struct ipv6hdr
*iph
= ipv6_hdr(skb
);
295 .saddr
= { .s6_addr32
= {0, 0, 0, 0} }, } },
300 rt
= (struct rt6_info
*)ip6_route_output(&init_net
, NULL
, &fl
);
302 IP_VS_DBG_RL("ip_vs_bypass_xmit_v6(): ip6_route_output error, dest: %pI6\n",
308 mtu
= dst_mtu(&rt
->u
.dst
);
309 if (skb
->len
> mtu
) {
310 dst_release(&rt
->u
.dst
);
311 icmpv6_send(skb
, ICMPV6_PKT_TOOBIG
, 0, mtu
, skb
->dev
);
312 IP_VS_DBG_RL("ip_vs_bypass_xmit_v6(): frag needed\n");
317 * Call ip_send_check because we are not sure it is called
318 * after ip_defrag. Is copy-on-write needed?
320 skb
= skb_share_check(skb
, GFP_ATOMIC
);
321 if (unlikely(skb
== NULL
)) {
322 dst_release(&rt
->u
.dst
);
327 dst_release(skb
->dst
);
328 skb
->dst
= &rt
->u
.dst
;
330 /* Another hack: avoid icmp_send in ip_fragment */
333 IP_VS_XMIT(PF_INET6
, skb
, rt
);
339 dst_link_failure(skb
);
348 * NAT transmitter (only for outside-to-inside nat forwarding)
349 * Not used for related ICMP
352 ip_vs_nat_xmit(struct sk_buff
*skb
, struct ip_vs_conn
*cp
,
353 struct ip_vs_protocol
*pp
)
355 struct rtable
*rt
; /* Route to the other host */
357 struct iphdr
*iph
= ip_hdr(skb
);
361 /* check if it is a connection of no-client-port */
362 if (unlikely(cp
->flags
& IP_VS_CONN_F_NO_CPORT
)) {
364 p
= skb_header_pointer(skb
, iph
->ihl
*4, sizeof(_pt
), &_pt
);
367 ip_vs_conn_fill_cport(cp
, *p
);
368 IP_VS_DBG(10, "filled cport=%d\n", ntohs(*p
));
371 if (!(rt
= __ip_vs_get_out_rt(cp
, RT_TOS(iph
->tos
))))
375 mtu
= dst_mtu(&rt
->u
.dst
);
376 if ((skb
->len
> mtu
) && (iph
->frag_off
& htons(IP_DF
))) {
378 icmp_send(skb
, ICMP_DEST_UNREACH
,ICMP_FRAG_NEEDED
, htonl(mtu
));
379 IP_VS_DBG_RL_PKT(0, pp
, skb
, 0, "ip_vs_nat_xmit(): frag needed for");
383 /* copy-on-write the packet before mangling it */
384 if (!skb_make_writable(skb
, sizeof(struct iphdr
)))
387 if (skb_cow(skb
, rt
->u
.dst
.dev
->hard_header_len
))
391 dst_release(skb
->dst
);
392 skb
->dst
= &rt
->u
.dst
;
394 /* mangle the packet */
395 if (pp
->dnat_handler
&& !pp
->dnat_handler(skb
, pp
, cp
))
397 ip_hdr(skb
)->daddr
= cp
->daddr
.ip
;
398 ip_send_check(ip_hdr(skb
));
400 IP_VS_DBG_PKT(10, pp
, skb
, 0, "After DNAT");
402 /* FIXME: when application helper enlarges the packet and the length
403 is larger than the MTU of outgoing device, there will be still
406 /* Another hack: avoid icmp_send in ip_fragment */
409 IP_VS_XMIT(PF_INET
, skb
, rt
);
415 dst_link_failure(skb
);
425 #ifdef CONFIG_IP_VS_IPV6
427 ip_vs_nat_xmit_v6(struct sk_buff
*skb
, struct ip_vs_conn
*cp
,
428 struct ip_vs_protocol
*pp
)
430 struct rt6_info
*rt
; /* Route to the other host */
435 /* check if it is a connection of no-client-port */
436 if (unlikely(cp
->flags
& IP_VS_CONN_F_NO_CPORT
)) {
438 p
= skb_header_pointer(skb
, sizeof(struct ipv6hdr
),
442 ip_vs_conn_fill_cport(cp
, *p
);
443 IP_VS_DBG(10, "filled cport=%d\n", ntohs(*p
));
446 rt
= __ip_vs_get_out_rt_v6(cp
);
451 mtu
= dst_mtu(&rt
->u
.dst
);
452 if (skb
->len
> mtu
) {
453 dst_release(&rt
->u
.dst
);
454 icmpv6_send(skb
, ICMPV6_PKT_TOOBIG
, 0, mtu
, skb
->dev
);
455 IP_VS_DBG_RL_PKT(0, pp
, skb
, 0,
456 "ip_vs_nat_xmit_v6(): frag needed for");
460 /* copy-on-write the packet before mangling it */
461 if (!skb_make_writable(skb
, sizeof(struct ipv6hdr
)))
464 if (skb_cow(skb
, rt
->u
.dst
.dev
->hard_header_len
))
468 dst_release(skb
->dst
);
469 skb
->dst
= &rt
->u
.dst
;
471 /* mangle the packet */
472 if (pp
->dnat_handler
&& !pp
->dnat_handler(skb
, pp
, cp
))
474 ipv6_hdr(skb
)->daddr
= cp
->daddr
.in6
;
476 IP_VS_DBG_PKT(10, pp
, skb
, 0, "After DNAT");
478 /* FIXME: when application helper enlarges the packet and the length
479 is larger than the MTU of outgoing device, there will be still
482 /* Another hack: avoid icmp_send in ip_fragment */
485 IP_VS_XMIT(PF_INET6
, skb
, rt
);
491 dst_link_failure(skb
);
497 dst_release(&rt
->u
.dst
);
504 * IP Tunneling transmitter
506 * This function encapsulates the packet in a new IP packet, its
507 * destination will be set to cp->daddr. Most code of this function
508 * is taken from ipip.c.
510 * It is used in VS/TUN cluster. The load balancer selects a real
511 * server from a cluster based on a scheduling algorithm,
512 * encapsulates the request packet and forwards it to the selected
513 * server. For example, all real servers are configured with
514 * "ifconfig tunl0 <Virtual IP Address> up". When the server receives
515 * the encapsulated packet, it will decapsulate the packet, processe
516 * the request and return the response packets directly to the client
517 * without passing the load balancer. This can greatly increase the
518 * scalability of virtual server.
520 * Used for ANY protocol
523 ip_vs_tunnel_xmit(struct sk_buff
*skb
, struct ip_vs_conn
*cp
,
524 struct ip_vs_protocol
*pp
)
526 struct rtable
*rt
; /* Route to the other host */
527 struct net_device
*tdev
; /* Device to other host */
528 struct iphdr
*old_iph
= ip_hdr(skb
);
529 u8 tos
= old_iph
->tos
;
530 __be16 df
= old_iph
->frag_off
;
531 sk_buff_data_t old_transport_header
= skb
->transport_header
;
532 struct iphdr
*iph
; /* Our new IP header */
533 unsigned int max_headroom
; /* The extra header space needed */
538 if (skb
->protocol
!= htons(ETH_P_IP
)) {
539 IP_VS_DBG_RL("ip_vs_tunnel_xmit(): protocol error, "
540 "ETH_P_IP: %d, skb protocol: %d\n",
541 htons(ETH_P_IP
), skb
->protocol
);
545 if (!(rt
= __ip_vs_get_out_rt(cp
, RT_TOS(tos
))))
548 tdev
= rt
->u
.dst
.dev
;
550 mtu
= dst_mtu(&rt
->u
.dst
) - sizeof(struct iphdr
);
553 IP_VS_DBG_RL("ip_vs_tunnel_xmit(): mtu less than 68\n");
557 skb
->dst
->ops
->update_pmtu(skb
->dst
, mtu
);
559 df
|= (old_iph
->frag_off
& htons(IP_DF
));
561 if ((old_iph
->frag_off
& htons(IP_DF
))
562 && mtu
< ntohs(old_iph
->tot_len
)) {
563 icmp_send(skb
, ICMP_DEST_UNREACH
,ICMP_FRAG_NEEDED
, htonl(mtu
));
565 IP_VS_DBG_RL("ip_vs_tunnel_xmit(): frag needed\n");
570 * Okay, now see if we can stuff it in the buffer as-is.
572 max_headroom
= LL_RESERVED_SPACE(tdev
) + sizeof(struct iphdr
);
574 if (skb_headroom(skb
) < max_headroom
575 || skb_cloned(skb
) || skb_shared(skb
)) {
576 struct sk_buff
*new_skb
=
577 skb_realloc_headroom(skb
, max_headroom
);
581 IP_VS_ERR_RL("ip_vs_tunnel_xmit(): no memory\n");
586 old_iph
= ip_hdr(skb
);
589 skb
->transport_header
= old_transport_header
;
591 /* fix old IP header checksum */
592 ip_send_check(old_iph
);
594 skb_push(skb
, sizeof(struct iphdr
));
595 skb_reset_network_header(skb
);
596 memset(&(IPCB(skb
)->opt
), 0, sizeof(IPCB(skb
)->opt
));
599 dst_release(skb
->dst
);
600 skb
->dst
= &rt
->u
.dst
;
603 * Push down and install the IPIP header.
607 iph
->ihl
= sizeof(struct iphdr
)>>2;
609 iph
->protocol
= IPPROTO_IPIP
;
611 iph
->daddr
= rt
->rt_dst
;
612 iph
->saddr
= rt
->rt_src
;
613 iph
->ttl
= old_iph
->ttl
;
614 ip_select_ident(iph
, &rt
->u
.dst
, NULL
);
616 /* Another hack: avoid icmp_send in ip_fragment */
626 dst_link_failure(skb
);
633 #ifdef CONFIG_IP_VS_IPV6
635 ip_vs_tunnel_xmit_v6(struct sk_buff
*skb
, struct ip_vs_conn
*cp
,
636 struct ip_vs_protocol
*pp
)
638 struct rt6_info
*rt
; /* Route to the other host */
639 struct net_device
*tdev
; /* Device to other host */
640 struct ipv6hdr
*old_iph
= ipv6_hdr(skb
);
641 sk_buff_data_t old_transport_header
= skb
->transport_header
;
642 struct ipv6hdr
*iph
; /* Our new IP header */
643 unsigned int max_headroom
; /* The extra header space needed */
648 if (skb
->protocol
!= htons(ETH_P_IPV6
)) {
649 IP_VS_DBG_RL("ip_vs_tunnel_xmit_v6(): protocol error, "
650 "ETH_P_IPV6: %d, skb protocol: %d\n",
651 htons(ETH_P_IPV6
), skb
->protocol
);
655 rt
= __ip_vs_get_out_rt_v6(cp
);
659 tdev
= rt
->u
.dst
.dev
;
661 mtu
= dst_mtu(&rt
->u
.dst
) - sizeof(struct ipv6hdr
);
662 /* TODO IPv6: do we need this check in IPv6? */
664 dst_release(&rt
->u
.dst
);
665 IP_VS_DBG_RL("ip_vs_tunnel_xmit_v6(): mtu less than 1280\n");
669 skb
->dst
->ops
->update_pmtu(skb
->dst
, mtu
);
671 if (mtu
< ntohs(old_iph
->payload_len
) + sizeof(struct ipv6hdr
)) {
672 icmpv6_send(skb
, ICMPV6_PKT_TOOBIG
, 0, mtu
, skb
->dev
);
673 dst_release(&rt
->u
.dst
);
674 IP_VS_DBG_RL("ip_vs_tunnel_xmit_v6(): frag needed\n");
679 * Okay, now see if we can stuff it in the buffer as-is.
681 max_headroom
= LL_RESERVED_SPACE(tdev
) + sizeof(struct ipv6hdr
);
683 if (skb_headroom(skb
) < max_headroom
684 || skb_cloned(skb
) || skb_shared(skb
)) {
685 struct sk_buff
*new_skb
=
686 skb_realloc_headroom(skb
, max_headroom
);
688 dst_release(&rt
->u
.dst
);
690 IP_VS_ERR_RL("ip_vs_tunnel_xmit_v6(): no memory\n");
695 old_iph
= ipv6_hdr(skb
);
698 skb
->transport_header
= old_transport_header
;
700 skb_push(skb
, sizeof(struct ipv6hdr
));
701 skb_reset_network_header(skb
);
702 memset(&(IPCB(skb
)->opt
), 0, sizeof(IPCB(skb
)->opt
));
705 dst_release(skb
->dst
);
706 skb
->dst
= &rt
->u
.dst
;
709 * Push down and install the IPIP header.
713 iph
->nexthdr
= IPPROTO_IPV6
;
714 iph
->payload_len
= old_iph
->payload_len
;
715 be16_add_cpu(&iph
->payload_len
, sizeof(*old_iph
));
716 iph
->priority
= old_iph
->priority
;
717 memset(&iph
->flow_lbl
, 0, sizeof(iph
->flow_lbl
));
718 iph
->daddr
= rt
->rt6i_dst
.addr
;
719 iph
->saddr
= cp
->vaddr
.in6
; /* rt->rt6i_src.addr; */
720 iph
->hop_limit
= old_iph
->hop_limit
;
722 /* Another hack: avoid icmp_send in ip_fragment */
732 dst_link_failure(skb
);
742 * Direct Routing transmitter
743 * Used for ANY protocol
746 ip_vs_dr_xmit(struct sk_buff
*skb
, struct ip_vs_conn
*cp
,
747 struct ip_vs_protocol
*pp
)
749 struct rtable
*rt
; /* Route to the other host */
750 struct iphdr
*iph
= ip_hdr(skb
);
755 if (!(rt
= __ip_vs_get_out_rt(cp
, RT_TOS(iph
->tos
))))
759 mtu
= dst_mtu(&rt
->u
.dst
);
760 if ((iph
->frag_off
& htons(IP_DF
)) && skb
->len
> mtu
) {
761 icmp_send(skb
, ICMP_DEST_UNREACH
,ICMP_FRAG_NEEDED
, htonl(mtu
));
763 IP_VS_DBG_RL("ip_vs_dr_xmit(): frag needed\n");
768 * Call ip_send_check because we are not sure it is called
769 * after ip_defrag. Is copy-on-write needed?
771 if (unlikely((skb
= skb_share_check(skb
, GFP_ATOMIC
)) == NULL
)) {
775 ip_send_check(ip_hdr(skb
));
778 dst_release(skb
->dst
);
779 skb
->dst
= &rt
->u
.dst
;
781 /* Another hack: avoid icmp_send in ip_fragment */
784 IP_VS_XMIT(PF_INET
, skb
, rt
);
790 dst_link_failure(skb
);
797 #ifdef CONFIG_IP_VS_IPV6
799 ip_vs_dr_xmit_v6(struct sk_buff
*skb
, struct ip_vs_conn
*cp
,
800 struct ip_vs_protocol
*pp
)
802 struct rt6_info
*rt
; /* Route to the other host */
807 rt
= __ip_vs_get_out_rt_v6(cp
);
812 mtu
= dst_mtu(&rt
->u
.dst
);
813 if (skb
->len
> mtu
) {
814 icmpv6_send(skb
, ICMPV6_PKT_TOOBIG
, 0, mtu
, skb
->dev
);
815 dst_release(&rt
->u
.dst
);
816 IP_VS_DBG_RL("ip_vs_dr_xmit_v6(): frag needed\n");
821 * Call ip_send_check because we are not sure it is called
822 * after ip_defrag. Is copy-on-write needed?
824 skb
= skb_share_check(skb
, GFP_ATOMIC
);
825 if (unlikely(skb
== NULL
)) {
826 dst_release(&rt
->u
.dst
);
831 dst_release(skb
->dst
);
832 skb
->dst
= &rt
->u
.dst
;
834 /* Another hack: avoid icmp_send in ip_fragment */
837 IP_VS_XMIT(PF_INET6
, skb
, rt
);
843 dst_link_failure(skb
);
853 * ICMP packet transmitter
854 * called by the ip_vs_in_icmp
857 ip_vs_icmp_xmit(struct sk_buff
*skb
, struct ip_vs_conn
*cp
,
858 struct ip_vs_protocol
*pp
, int offset
)
860 struct rtable
*rt
; /* Route to the other host */
866 /* The ICMP packet for VS/TUN, VS/DR and LOCALNODE will be
867 forwarded directly here, because there is no need to
868 translate address/port back */
869 if (IP_VS_FWD_METHOD(cp
) != IP_VS_CONN_F_MASQ
) {
871 rc
= cp
->packet_xmit(skb
, cp
, pp
);
874 /* do not touch skb anymore */
875 atomic_inc(&cp
->in_pkts
);
880 * mangle and send the packet here (only for VS/NAT)
883 if (!(rt
= __ip_vs_get_out_rt(cp
, RT_TOS(ip_hdr(skb
)->tos
))))
887 mtu
= dst_mtu(&rt
->u
.dst
);
888 if ((skb
->len
> mtu
) && (ip_hdr(skb
)->frag_off
& htons(IP_DF
))) {
890 icmp_send(skb
, ICMP_DEST_UNREACH
, ICMP_FRAG_NEEDED
, htonl(mtu
));
891 IP_VS_DBG_RL("ip_vs_in_icmp(): frag needed\n");
895 /* copy-on-write the packet before mangling it */
896 if (!skb_make_writable(skb
, offset
))
899 if (skb_cow(skb
, rt
->u
.dst
.dev
->hard_header_len
))
902 /* drop the old route when skb is not shared */
903 dst_release(skb
->dst
);
904 skb
->dst
= &rt
->u
.dst
;
906 ip_vs_nat_icmp(skb
, pp
, cp
, 0);
908 /* Another hack: avoid icmp_send in ip_fragment */
911 IP_VS_XMIT(PF_INET
, skb
, rt
);
917 dst_link_failure(skb
);
929 #ifdef CONFIG_IP_VS_IPV6
931 ip_vs_icmp_xmit_v6(struct sk_buff
*skb
, struct ip_vs_conn
*cp
,
932 struct ip_vs_protocol
*pp
, int offset
)
934 struct rt6_info
*rt
; /* Route to the other host */
940 /* The ICMP packet for VS/TUN, VS/DR and LOCALNODE will be
941 forwarded directly here, because there is no need to
942 translate address/port back */
943 if (IP_VS_FWD_METHOD(cp
) != IP_VS_CONN_F_MASQ
) {
945 rc
= cp
->packet_xmit(skb
, cp
, pp
);
948 /* do not touch skb anymore */
949 atomic_inc(&cp
->in_pkts
);
954 * mangle and send the packet here (only for VS/NAT)
957 rt
= __ip_vs_get_out_rt_v6(cp
);
962 mtu
= dst_mtu(&rt
->u
.dst
);
963 if (skb
->len
> mtu
) {
964 dst_release(&rt
->u
.dst
);
965 icmpv6_send(skb
, ICMPV6_PKT_TOOBIG
, 0, mtu
, skb
->dev
);
966 IP_VS_DBG_RL("ip_vs_in_icmp(): frag needed\n");
970 /* copy-on-write the packet before mangling it */
971 if (!skb_make_writable(skb
, offset
))
974 if (skb_cow(skb
, rt
->u
.dst
.dev
->hard_header_len
))
977 /* drop the old route when skb is not shared */
978 dst_release(skb
->dst
);
979 skb
->dst
= &rt
->u
.dst
;
981 ip_vs_nat_icmp_v6(skb
, pp
, cp
, 0);
983 /* Another hack: avoid icmp_send in ip_fragment */
986 IP_VS_XMIT(PF_INET6
, skb
, rt
);
992 dst_link_failure(skb
);
1000 dst_release(&rt
->u
.dst
);