2 * ip_vs_xmit.c: various packet transmitters for IPVS
4 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
5 * Julian Anastasov <ja@ssi.bg>
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
16 #include <linux/kernel.h>
17 #include <linux/tcp.h> /* for tcphdr */
19 #include <net/tcp.h> /* for csum_tcpudp_magic */
21 #include <net/icmp.h> /* for icmp_send */
22 #include <net/route.h> /* for ip_route_output */
24 #include <net/ip6_route.h>
25 #include <linux/icmpv6.h>
26 #include <linux/netfilter.h>
27 #include <linux/netfilter_ipv4.h>
29 #include <net/ip_vs.h>
33 * Destination cache to speed up outgoing route lookup
36 __ip_vs_dst_set(struct ip_vs_dest
*dest
, u32 rtos
, struct dst_entry
*dst
)
38 struct dst_entry
*old_dst
;
40 old_dst
= dest
->dst_cache
;
41 dest
->dst_cache
= dst
;
42 dest
->dst_rtos
= rtos
;
46 static inline struct dst_entry
*
47 __ip_vs_dst_check(struct ip_vs_dest
*dest
, u32 rtos
, u32 cookie
)
49 struct dst_entry
*dst
= dest
->dst_cache
;
54 || (dest
->af
== AF_INET
&& rtos
!= dest
->dst_rtos
)) &&
55 dst
->ops
->check(dst
, cookie
) == NULL
) {
56 dest
->dst_cache
= NULL
;
64 static struct rtable
*
65 __ip_vs_get_out_rt(struct ip_vs_conn
*cp
, u32 rtos
)
67 struct rtable
*rt
; /* Route to the other host */
68 struct ip_vs_dest
*dest
= cp
->dest
;
71 spin_lock(&dest
->dst_lock
);
72 if (!(rt
= (struct rtable
*)
73 __ip_vs_dst_check(dest
, rtos
, 0))) {
78 .daddr
= dest
->addr
.ip
,
83 if (ip_route_output_key(&init_net
, &rt
, &fl
)) {
84 spin_unlock(&dest
->dst_lock
);
85 IP_VS_DBG_RL("ip_route_output error, "
86 "dest: %u.%u.%u.%u\n",
87 NIPQUAD(dest
->addr
.ip
));
90 __ip_vs_dst_set(dest
, rtos
, dst_clone(&rt
->u
.dst
));
91 IP_VS_DBG(10, "new dst %u.%u.%u.%u, refcnt=%d, rtos=%X\n",
92 NIPQUAD(dest
->addr
.ip
),
93 atomic_read(&rt
->u
.dst
.__refcnt
), rtos
);
95 spin_unlock(&dest
->dst_lock
);
101 .daddr
= cp
->daddr
.ip
,
106 if (ip_route_output_key(&init_net
, &rt
, &fl
)) {
107 IP_VS_DBG_RL("ip_route_output error, dest: "
108 "%u.%u.%u.%u\n", NIPQUAD(cp
->daddr
.ip
));
116 #ifdef CONFIG_IP_VS_IPV6
117 static struct rt6_info
*
118 __ip_vs_get_out_rt_v6(struct ip_vs_conn
*cp
)
120 struct rt6_info
*rt
; /* Route to the other host */
121 struct ip_vs_dest
*dest
= cp
->dest
;
124 spin_lock(&dest
->dst_lock
);
125 rt
= (struct rt6_info
*)__ip_vs_dst_check(dest
, 0, 0);
131 .daddr
= dest
->addr
.in6
,
140 rt
= (struct rt6_info
*)ip6_route_output(&init_net
,
143 spin_unlock(&dest
->dst_lock
);
144 IP_VS_DBG_RL("ip6_route_output error, "
145 "dest: " NIP6_FMT
"\n",
146 NIP6(dest
->addr
.in6
));
149 __ip_vs_dst_set(dest
, 0, dst_clone(&rt
->u
.dst
));
150 IP_VS_DBG(10, "new dst " NIP6_FMT
", refcnt=%d\n",
151 NIP6(dest
->addr
.in6
),
152 atomic_read(&rt
->u
.dst
.__refcnt
));
154 spin_unlock(&dest
->dst_lock
);
160 .daddr
= cp
->daddr
.in6
,
162 .s6_addr32
= { 0, 0, 0, 0 },
168 rt
= (struct rt6_info
*)ip6_route_output(&init_net
, NULL
, &fl
);
170 IP_VS_DBG_RL("ip6_route_output error, dest: "
171 NIP6_FMT
"\n", NIP6(cp
->daddr
.in6
));
182 * Release dest->dst_cache before a dest is removed
185 ip_vs_dst_reset(struct ip_vs_dest
*dest
)
187 struct dst_entry
*old_dst
;
189 old_dst
= dest
->dst_cache
;
190 dest
->dst_cache
= NULL
;
191 dst_release(old_dst
);
194 #define IP_VS_XMIT(pf, skb, rt) \
196 (skb)->ipvs_property = 1; \
197 skb_forward_csum(skb); \
198 NF_HOOK(pf, NF_INET_LOCAL_OUT, (skb), NULL, \
199 (rt)->u.dst.dev, dst_output); \
204 * NULL transmitter (do nothing except return NF_ACCEPT)
207 ip_vs_null_xmit(struct sk_buff
*skb
, struct ip_vs_conn
*cp
,
208 struct ip_vs_protocol
*pp
)
210 /* we do not touch skb and do not need pskb ptr */
217 * Let packets bypass the destination when the destination is not
218 * available, it may be only used in transparent cache cluster.
221 ip_vs_bypass_xmit(struct sk_buff
*skb
, struct ip_vs_conn
*cp
,
222 struct ip_vs_protocol
*pp
)
224 struct rtable
*rt
; /* Route to the other host */
225 struct iphdr
*iph
= ip_hdr(skb
);
234 .tos
= RT_TOS(tos
), } },
239 if (ip_route_output_key(&init_net
, &rt
, &fl
)) {
240 IP_VS_DBG_RL("ip_vs_bypass_xmit(): ip_route_output error, "
241 "dest: %u.%u.%u.%u\n", NIPQUAD(iph
->daddr
));
246 mtu
= dst_mtu(&rt
->u
.dst
);
247 if ((skb
->len
> mtu
) && (iph
->frag_off
& htons(IP_DF
))) {
249 icmp_send(skb
, ICMP_DEST_UNREACH
,ICMP_FRAG_NEEDED
, htonl(mtu
));
250 IP_VS_DBG_RL("ip_vs_bypass_xmit(): frag needed\n");
255 * Call ip_send_check because we are not sure it is called
256 * after ip_defrag. Is copy-on-write needed?
258 if (unlikely((skb
= skb_share_check(skb
, GFP_ATOMIC
)) == NULL
)) {
262 ip_send_check(ip_hdr(skb
));
265 dst_release(skb
->dst
);
266 skb
->dst
= &rt
->u
.dst
;
268 /* Another hack: avoid icmp_send in ip_fragment */
271 IP_VS_XMIT(PF_INET
, skb
, rt
);
277 dst_link_failure(skb
);
284 #ifdef CONFIG_IP_VS_IPV6
286 ip_vs_bypass_xmit_v6(struct sk_buff
*skb
, struct ip_vs_conn
*cp
,
287 struct ip_vs_protocol
*pp
)
289 struct rt6_info
*rt
; /* Route to the other host */
290 struct ipv6hdr
*iph
= ipv6_hdr(skb
);
297 .saddr
= { .s6_addr32
= {0, 0, 0, 0} }, } },
302 rt
= (struct rt6_info
*)ip6_route_output(&init_net
, NULL
, &fl
);
304 IP_VS_DBG_RL("ip_vs_bypass_xmit_v6(): ip6_route_output error, "
305 "dest: " NIP6_FMT
"\n", NIP6(iph
->daddr
));
310 mtu
= dst_mtu(&rt
->u
.dst
);
311 if (skb
->len
> mtu
) {
312 dst_release(&rt
->u
.dst
);
313 icmpv6_send(skb
, ICMPV6_PKT_TOOBIG
, 0, mtu
, skb
->dev
);
314 IP_VS_DBG_RL("ip_vs_bypass_xmit_v6(): frag needed\n");
319 * Call ip_send_check because we are not sure it is called
320 * after ip_defrag. Is copy-on-write needed?
322 skb
= skb_share_check(skb
, GFP_ATOMIC
);
323 if (unlikely(skb
== NULL
)) {
324 dst_release(&rt
->u
.dst
);
329 dst_release(skb
->dst
);
330 skb
->dst
= &rt
->u
.dst
;
332 /* Another hack: avoid icmp_send in ip_fragment */
335 IP_VS_XMIT(PF_INET6
, skb
, rt
);
341 dst_link_failure(skb
);
350 * NAT transmitter (only for outside-to-inside nat forwarding)
351 * Not used for related ICMP
354 ip_vs_nat_xmit(struct sk_buff
*skb
, struct ip_vs_conn
*cp
,
355 struct ip_vs_protocol
*pp
)
357 struct rtable
*rt
; /* Route to the other host */
359 struct iphdr
*iph
= ip_hdr(skb
);
363 /* check if it is a connection of no-client-port */
364 if (unlikely(cp
->flags
& IP_VS_CONN_F_NO_CPORT
)) {
366 p
= skb_header_pointer(skb
, iph
->ihl
*4, sizeof(_pt
), &_pt
);
369 ip_vs_conn_fill_cport(cp
, *p
);
370 IP_VS_DBG(10, "filled cport=%d\n", ntohs(*p
));
373 if (!(rt
= __ip_vs_get_out_rt(cp
, RT_TOS(iph
->tos
))))
377 mtu
= dst_mtu(&rt
->u
.dst
);
378 if ((skb
->len
> mtu
) && (iph
->frag_off
& htons(IP_DF
))) {
380 icmp_send(skb
, ICMP_DEST_UNREACH
,ICMP_FRAG_NEEDED
, htonl(mtu
));
381 IP_VS_DBG_RL_PKT(0, pp
, skb
, 0, "ip_vs_nat_xmit(): frag needed for");
385 /* copy-on-write the packet before mangling it */
386 if (!skb_make_writable(skb
, sizeof(struct iphdr
)))
389 if (skb_cow(skb
, rt
->u
.dst
.dev
->hard_header_len
))
393 dst_release(skb
->dst
);
394 skb
->dst
= &rt
->u
.dst
;
396 /* mangle the packet */
397 if (pp
->dnat_handler
&& !pp
->dnat_handler(skb
, pp
, cp
))
399 ip_hdr(skb
)->daddr
= cp
->daddr
.ip
;
400 ip_send_check(ip_hdr(skb
));
402 IP_VS_DBG_PKT(10, pp
, skb
, 0, "After DNAT");
404 /* FIXME: when application helper enlarges the packet and the length
405 is larger than the MTU of outgoing device, there will be still
408 /* Another hack: avoid icmp_send in ip_fragment */
411 IP_VS_XMIT(PF_INET
, skb
, rt
);
417 dst_link_failure(skb
);
427 #ifdef CONFIG_IP_VS_IPV6
429 ip_vs_nat_xmit_v6(struct sk_buff
*skb
, struct ip_vs_conn
*cp
,
430 struct ip_vs_protocol
*pp
)
432 struct rt6_info
*rt
; /* Route to the other host */
437 /* check if it is a connection of no-client-port */
438 if (unlikely(cp
->flags
& IP_VS_CONN_F_NO_CPORT
)) {
440 p
= skb_header_pointer(skb
, sizeof(struct ipv6hdr
),
444 ip_vs_conn_fill_cport(cp
, *p
);
445 IP_VS_DBG(10, "filled cport=%d\n", ntohs(*p
));
448 rt
= __ip_vs_get_out_rt_v6(cp
);
453 mtu
= dst_mtu(&rt
->u
.dst
);
454 if (skb
->len
> mtu
) {
455 dst_release(&rt
->u
.dst
);
456 icmpv6_send(skb
, ICMPV6_PKT_TOOBIG
, 0, mtu
, skb
->dev
);
457 IP_VS_DBG_RL_PKT(0, pp
, skb
, 0,
458 "ip_vs_nat_xmit_v6(): frag needed for");
462 /* copy-on-write the packet before mangling it */
463 if (!skb_make_writable(skb
, sizeof(struct ipv6hdr
)))
466 if (skb_cow(skb
, rt
->u
.dst
.dev
->hard_header_len
))
470 dst_release(skb
->dst
);
471 skb
->dst
= &rt
->u
.dst
;
473 /* mangle the packet */
474 if (pp
->dnat_handler
&& !pp
->dnat_handler(skb
, pp
, cp
))
476 ipv6_hdr(skb
)->daddr
= cp
->daddr
.in6
;
478 IP_VS_DBG_PKT(10, pp
, skb
, 0, "After DNAT");
480 /* FIXME: when application helper enlarges the packet and the length
481 is larger than the MTU of outgoing device, there will be still
484 /* Another hack: avoid icmp_send in ip_fragment */
487 IP_VS_XMIT(PF_INET6
, skb
, rt
);
493 dst_link_failure(skb
);
499 dst_release(&rt
->u
.dst
);
506 * IP Tunneling transmitter
508 * This function encapsulates the packet in a new IP packet, its
509 * destination will be set to cp->daddr. Most code of this function
510 * is taken from ipip.c.
512 * It is used in VS/TUN cluster. The load balancer selects a real
513 * server from a cluster based on a scheduling algorithm,
514 * encapsulates the request packet and forwards it to the selected
515 * server. For example, all real servers are configured with
516 * "ifconfig tunl0 <Virtual IP Address> up". When the server receives
517 * the encapsulated packet, it will decapsulate the packet, processe
518 * the request and return the response packets directly to the client
519 * without passing the load balancer. This can greatly increase the
520 * scalability of virtual server.
522 * Used for ANY protocol
525 ip_vs_tunnel_xmit(struct sk_buff
*skb
, struct ip_vs_conn
*cp
,
526 struct ip_vs_protocol
*pp
)
528 struct rtable
*rt
; /* Route to the other host */
529 struct net_device
*tdev
; /* Device to other host */
530 struct iphdr
*old_iph
= ip_hdr(skb
);
531 u8 tos
= old_iph
->tos
;
532 __be16 df
= old_iph
->frag_off
;
533 sk_buff_data_t old_transport_header
= skb
->transport_header
;
534 struct iphdr
*iph
; /* Our new IP header */
535 unsigned int max_headroom
; /* The extra header space needed */
540 if (skb
->protocol
!= htons(ETH_P_IP
)) {
541 IP_VS_DBG_RL("ip_vs_tunnel_xmit(): protocol error, "
542 "ETH_P_IP: %d, skb protocol: %d\n",
543 htons(ETH_P_IP
), skb
->protocol
);
547 if (!(rt
= __ip_vs_get_out_rt(cp
, RT_TOS(tos
))))
550 tdev
= rt
->u
.dst
.dev
;
552 mtu
= dst_mtu(&rt
->u
.dst
) - sizeof(struct iphdr
);
555 IP_VS_DBG_RL("ip_vs_tunnel_xmit(): mtu less than 68\n");
559 skb
->dst
->ops
->update_pmtu(skb
->dst
, mtu
);
561 df
|= (old_iph
->frag_off
& htons(IP_DF
));
563 if ((old_iph
->frag_off
& htons(IP_DF
))
564 && mtu
< ntohs(old_iph
->tot_len
)) {
565 icmp_send(skb
, ICMP_DEST_UNREACH
,ICMP_FRAG_NEEDED
, htonl(mtu
));
567 IP_VS_DBG_RL("ip_vs_tunnel_xmit(): frag needed\n");
572 * Okay, now see if we can stuff it in the buffer as-is.
574 max_headroom
= LL_RESERVED_SPACE(tdev
) + sizeof(struct iphdr
);
576 if (skb_headroom(skb
) < max_headroom
577 || skb_cloned(skb
) || skb_shared(skb
)) {
578 struct sk_buff
*new_skb
=
579 skb_realloc_headroom(skb
, max_headroom
);
583 IP_VS_ERR_RL("ip_vs_tunnel_xmit(): no memory\n");
588 old_iph
= ip_hdr(skb
);
591 skb
->transport_header
= old_transport_header
;
593 /* fix old IP header checksum */
594 ip_send_check(old_iph
);
596 skb_push(skb
, sizeof(struct iphdr
));
597 skb_reset_network_header(skb
);
598 memset(&(IPCB(skb
)->opt
), 0, sizeof(IPCB(skb
)->opt
));
601 dst_release(skb
->dst
);
602 skb
->dst
= &rt
->u
.dst
;
605 * Push down and install the IPIP header.
609 iph
->ihl
= sizeof(struct iphdr
)>>2;
611 iph
->protocol
= IPPROTO_IPIP
;
613 iph
->daddr
= rt
->rt_dst
;
614 iph
->saddr
= rt
->rt_src
;
615 iph
->ttl
= old_iph
->ttl
;
616 ip_select_ident(iph
, &rt
->u
.dst
, NULL
);
618 /* Another hack: avoid icmp_send in ip_fragment */
628 dst_link_failure(skb
);
635 #ifdef CONFIG_IP_VS_IPV6
637 ip_vs_tunnel_xmit_v6(struct sk_buff
*skb
, struct ip_vs_conn
*cp
,
638 struct ip_vs_protocol
*pp
)
640 struct rt6_info
*rt
; /* Route to the other host */
641 struct net_device
*tdev
; /* Device to other host */
642 struct ipv6hdr
*old_iph
= ipv6_hdr(skb
);
643 sk_buff_data_t old_transport_header
= skb
->transport_header
;
644 struct ipv6hdr
*iph
; /* Our new IP header */
645 unsigned int max_headroom
; /* The extra header space needed */
650 if (skb
->protocol
!= htons(ETH_P_IPV6
)) {
651 IP_VS_DBG_RL("ip_vs_tunnel_xmit_v6(): protocol error, "
652 "ETH_P_IPV6: %d, skb protocol: %d\n",
653 htons(ETH_P_IPV6
), skb
->protocol
);
657 rt
= __ip_vs_get_out_rt_v6(cp
);
661 tdev
= rt
->u
.dst
.dev
;
663 mtu
= dst_mtu(&rt
->u
.dst
) - sizeof(struct ipv6hdr
);
664 /* TODO IPv6: do we need this check in IPv6? */
666 dst_release(&rt
->u
.dst
);
667 IP_VS_DBG_RL("ip_vs_tunnel_xmit_v6(): mtu less than 1280\n");
671 skb
->dst
->ops
->update_pmtu(skb
->dst
, mtu
);
673 if (mtu
< ntohs(old_iph
->payload_len
) + sizeof(struct ipv6hdr
)) {
674 icmpv6_send(skb
, ICMPV6_PKT_TOOBIG
, 0, mtu
, skb
->dev
);
675 dst_release(&rt
->u
.dst
);
676 IP_VS_DBG_RL("ip_vs_tunnel_xmit_v6(): frag needed\n");
681 * Okay, now see if we can stuff it in the buffer as-is.
683 max_headroom
= LL_RESERVED_SPACE(tdev
) + sizeof(struct ipv6hdr
);
685 if (skb_headroom(skb
) < max_headroom
686 || skb_cloned(skb
) || skb_shared(skb
)) {
687 struct sk_buff
*new_skb
=
688 skb_realloc_headroom(skb
, max_headroom
);
690 dst_release(&rt
->u
.dst
);
692 IP_VS_ERR_RL("ip_vs_tunnel_xmit_v6(): no memory\n");
697 old_iph
= ipv6_hdr(skb
);
700 skb
->transport_header
= old_transport_header
;
702 skb_push(skb
, sizeof(struct ipv6hdr
));
703 skb_reset_network_header(skb
);
704 memset(&(IPCB(skb
)->opt
), 0, sizeof(IPCB(skb
)->opt
));
707 dst_release(skb
->dst
);
708 skb
->dst
= &rt
->u
.dst
;
711 * Push down and install the IPIP header.
715 iph
->nexthdr
= IPPROTO_IPV6
;
716 iph
->payload_len
= old_iph
->payload_len
+ sizeof(old_iph
);
717 iph
->priority
= old_iph
->priority
;
718 memset(&iph
->flow_lbl
, 0, sizeof(iph
->flow_lbl
));
719 iph
->daddr
= rt
->rt6i_dst
.addr
;
720 iph
->saddr
= cp
->vaddr
.in6
; /* rt->rt6i_src.addr; */
721 iph
->hop_limit
= old_iph
->hop_limit
;
723 /* Another hack: avoid icmp_send in ip_fragment */
733 dst_link_failure(skb
);
743 * Direct Routing transmitter
744 * Used for ANY protocol
747 ip_vs_dr_xmit(struct sk_buff
*skb
, struct ip_vs_conn
*cp
,
748 struct ip_vs_protocol
*pp
)
750 struct rtable
*rt
; /* Route to the other host */
751 struct iphdr
*iph
= ip_hdr(skb
);
756 if (!(rt
= __ip_vs_get_out_rt(cp
, RT_TOS(iph
->tos
))))
760 mtu
= dst_mtu(&rt
->u
.dst
);
761 if ((iph
->frag_off
& htons(IP_DF
)) && skb
->len
> mtu
) {
762 icmp_send(skb
, ICMP_DEST_UNREACH
,ICMP_FRAG_NEEDED
, htonl(mtu
));
764 IP_VS_DBG_RL("ip_vs_dr_xmit(): frag needed\n");
769 * Call ip_send_check because we are not sure it is called
770 * after ip_defrag. Is copy-on-write needed?
772 if (unlikely((skb
= skb_share_check(skb
, GFP_ATOMIC
)) == NULL
)) {
776 ip_send_check(ip_hdr(skb
));
779 dst_release(skb
->dst
);
780 skb
->dst
= &rt
->u
.dst
;
782 /* Another hack: avoid icmp_send in ip_fragment */
785 IP_VS_XMIT(PF_INET
, skb
, rt
);
791 dst_link_failure(skb
);
798 #ifdef CONFIG_IP_VS_IPV6
800 ip_vs_dr_xmit_v6(struct sk_buff
*skb
, struct ip_vs_conn
*cp
,
801 struct ip_vs_protocol
*pp
)
803 struct rt6_info
*rt
; /* Route to the other host */
808 rt
= __ip_vs_get_out_rt_v6(cp
);
813 mtu
= dst_mtu(&rt
->u
.dst
);
814 if (skb
->len
> mtu
) {
815 icmpv6_send(skb
, ICMPV6_PKT_TOOBIG
, 0, mtu
, skb
->dev
);
816 dst_release(&rt
->u
.dst
);
817 IP_VS_DBG_RL("ip_vs_dr_xmit_v6(): frag needed\n");
822 * Call ip_send_check because we are not sure it is called
823 * after ip_defrag. Is copy-on-write needed?
825 skb
= skb_share_check(skb
, GFP_ATOMIC
);
826 if (unlikely(skb
== NULL
)) {
827 dst_release(&rt
->u
.dst
);
832 dst_release(skb
->dst
);
833 skb
->dst
= &rt
->u
.dst
;
835 /* Another hack: avoid icmp_send in ip_fragment */
838 IP_VS_XMIT(PF_INET6
, skb
, rt
);
844 dst_link_failure(skb
);
854 * ICMP packet transmitter
855 * called by the ip_vs_in_icmp
858 ip_vs_icmp_xmit(struct sk_buff
*skb
, struct ip_vs_conn
*cp
,
859 struct ip_vs_protocol
*pp
, int offset
)
861 struct rtable
*rt
; /* Route to the other host */
867 /* The ICMP packet for VS/TUN, VS/DR and LOCALNODE will be
868 forwarded directly here, because there is no need to
869 translate address/port back */
870 if (IP_VS_FWD_METHOD(cp
) != IP_VS_CONN_F_MASQ
) {
872 rc
= cp
->packet_xmit(skb
, cp
, pp
);
875 /* do not touch skb anymore */
876 atomic_inc(&cp
->in_pkts
);
881 * mangle and send the packet here (only for VS/NAT)
884 if (!(rt
= __ip_vs_get_out_rt(cp
, RT_TOS(ip_hdr(skb
)->tos
))))
888 mtu
= dst_mtu(&rt
->u
.dst
);
889 if ((skb
->len
> mtu
) && (ip_hdr(skb
)->frag_off
& htons(IP_DF
))) {
891 icmp_send(skb
, ICMP_DEST_UNREACH
, ICMP_FRAG_NEEDED
, htonl(mtu
));
892 IP_VS_DBG_RL("ip_vs_in_icmp(): frag needed\n");
896 /* copy-on-write the packet before mangling it */
897 if (!skb_make_writable(skb
, offset
))
900 if (skb_cow(skb
, rt
->u
.dst
.dev
->hard_header_len
))
903 /* drop the old route when skb is not shared */
904 dst_release(skb
->dst
);
905 skb
->dst
= &rt
->u
.dst
;
907 ip_vs_nat_icmp(skb
, pp
, cp
, 0);
909 /* Another hack: avoid icmp_send in ip_fragment */
912 IP_VS_XMIT(PF_INET
, skb
, rt
);
918 dst_link_failure(skb
);
930 #ifdef CONFIG_IP_VS_IPV6
932 ip_vs_icmp_xmit_v6(struct sk_buff
*skb
, struct ip_vs_conn
*cp
,
933 struct ip_vs_protocol
*pp
, int offset
)
935 struct rt6_info
*rt
; /* Route to the other host */
941 /* The ICMP packet for VS/TUN, VS/DR and LOCALNODE will be
942 forwarded directly here, because there is no need to
943 translate address/port back */
944 if (IP_VS_FWD_METHOD(cp
) != IP_VS_CONN_F_MASQ
) {
946 rc
= cp
->packet_xmit(skb
, cp
, pp
);
949 /* do not touch skb anymore */
950 atomic_inc(&cp
->in_pkts
);
955 * mangle and send the packet here (only for VS/NAT)
958 rt
= __ip_vs_get_out_rt_v6(cp
);
963 mtu
= dst_mtu(&rt
->u
.dst
);
964 if (skb
->len
> mtu
) {
965 dst_release(&rt
->u
.dst
);
966 icmpv6_send(skb
, ICMPV6_PKT_TOOBIG
, 0, mtu
, skb
->dev
);
967 IP_VS_DBG_RL("ip_vs_in_icmp(): frag needed\n");
971 /* copy-on-write the packet before mangling it */
972 if (!skb_make_writable(skb
, offset
))
975 if (skb_cow(skb
, rt
->u
.dst
.dev
->hard_header_len
))
978 /* drop the old route when skb is not shared */
979 dst_release(skb
->dst
);
980 skb
->dst
= &rt
->u
.dst
;
982 ip_vs_nat_icmp_v6(skb
, pp
, cp
, 0);
984 /* Another hack: avoid icmp_send in ip_fragment */
987 IP_VS_XMIT(PF_INET6
, skb
, rt
);
993 dst_link_failure(skb
);
1001 dst_release(&rt
->u
.dst
);