projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Revert "Merge branch 'ipv6-overflow-arith'"
[linux-2.6-block.git] / net / ipv6 / ip6_output.c
CommitLineData
1da177e4
LT		 1/*
2 * IPv6 output functions
1ab1457c 3 * Linux INET6 implementation
1da177e4
LT		 4 *
5 * Authors:
1ab1457c 6 * Pedro Roque <roque@di.fc.ul.pt>
1da177e4 7 *
1da177e4
LT		 8 * Based on linux/net/ipv4/ip_output.c
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
14 *
15 * Changes:
16 * A.N.Kuznetsov : airthmetics in fragmentation.
17 * extension headers are implemented.
18 * route changes now work.
19 * ip6_forward does not confuse sniffers.
20 * etc.
21 *
22 * H. von Brand : Added missing #include <linux/string.h>
67ba4152 23 * Imran Patel : frag id should be in NBO
1da177e4
LT		 24 * Kazunori MIYAZAWA @USAGI
25 * : add ip6_append_data and related functions
26 * for datagram xmit
27 */
28
1da177e4 29#include <linux/errno.h>
ef76bc23 30#include <linux/kernel.h>
1da177e4
LT		 31#include <linux/string.h>
32#include <linux/socket.h>
33#include <linux/net.h>
34#include <linux/netdevice.h>
35#include <linux/if_arp.h>
36#include <linux/in6.h>
37#include <linux/tcp.h>
38#include <linux/route.h>
b59f45d0 39#include <linux/module.h>
5a0e3ad6 40#include <linux/slab.h>
1da177e4
LT		 41
42#include <linux/netfilter.h>
43#include <linux/netfilter_ipv6.h>
44
45#include <net/sock.h>
46#include <net/snmp.h>
47
48#include <net/ipv6.h>
49#include <net/ndisc.h>
50#include <net/protocol.h>
51#include <net/ip6_route.h>
52#include <net/addrconf.h>
53#include <net/rawv6.h>
54#include <net/icmp.h>
55#include <net/xfrm.h>
56#include <net/checksum.h>
7bc570c8 57#include <linux/mroute6.h>
1da177e4 58
7026b1dd 59static int ip6_finish_output2(struct sock *sk, struct sk_buff *skb)
1da177e4 60{
adf30907 61 struct dst_entry *dst = skb_dst(skb);
1da177e4 62 struct net_device *dev = dst->dev;
f6b72b62 63 struct neighbour *neigh;
6fd6ce20
YH		 64 struct in6_addr *nexthop;
65 int ret;
1da177e4
LT		 66
67 skb->protocol = htons(ETH_P_IPV6);
68 skb->dev = dev;
69
0660e03f 70 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
adf30907 71 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
1da177e4 72
7026b1dd 73 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(sk) &&
d1db275d 74 ((mroute6_socket(dev_net(dev), skb) &&
bd91b8bf 75 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
7bc570c8
YH		 76 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
77 &ipv6_hdr(skb)->saddr))) {
1da177e4
LT		 78 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
79
80 /* Do not check for IFF_ALLMULTI; multicast routing
81 is not supported in any case.
82 */
83 if (newskb)
b2e0b385 84 NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING,
7026b1dd 85 sk, newskb, NULL, newskb->dev,
95603e22 86 dev_loopback_xmit);
1da177e4 87
0660e03f 88 if (ipv6_hdr(skb)->hop_limit == 0) {
3bd653c8
DL		 89 IP6_INC_STATS(dev_net(dev), idev,
90 IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 91 kfree_skb(skb);
92 return 0;
93 }
94 }
95
edf391ff
NH		 96 IP6_UPD_PO_STATS(dev_net(dev), idev, IPSTATS_MIB_OUTMCAST,
97 skb->len);
dd408515
HFS		 98
99 if (IPV6_ADDR_MC_SCOPE(&ipv6_hdr(skb)->daddr) <=
100 IPV6_ADDR_SCOPE_NODELOCAL &&
101 !(dev->flags & IFF_LOOPBACK)) {
102 kfree_skb(skb);
103 return 0;
104 }
1da177e4
LT		 105 }
106
6fd6ce20 107 rcu_read_lock_bh();
2647a9b0 108 nexthop = rt6_nexthop((struct rt6_info *)dst, &ipv6_hdr(skb)->daddr);
6fd6ce20
YH		 109 neigh = __ipv6_neigh_lookup_noref(dst->dev, nexthop);
110 if (unlikely(!neigh))
111 neigh = __neigh_create(&nd_tbl, nexthop, dst->dev, false);
112 if (!IS_ERR(neigh)) {
113 ret = dst_neigh_output(dst, neigh, skb);
114 rcu_read_unlock_bh();
115 return ret;
116 }
117 rcu_read_unlock_bh();
05e3aa09 118
7f88c6b2
HFS		 119 IP6_INC_STATS(dev_net(dst->dev),
120 ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
9e508490
JE		 121 kfree_skb(skb);
122 return -EINVAL;
1da177e4
LT		 123}
124
7026b1dd 125static int ip6_finish_output(struct sock *sk, struct sk_buff *skb)
9e508490
JE		 126{
127 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
9037c357
JP		 128 dst_allfrag(skb_dst(skb)) ||
129 (IP6CB(skb)->frag_max_size && skb->len > IP6CB(skb)->frag_max_size))
7026b1dd 130 return ip6_fragment(sk, skb, ip6_finish_output2);
9e508490 131 else
7026b1dd 132 return ip6_finish_output2(sk, skb);
9e508490
JE		 133}
134
aad88724 135int ip6_output(struct sock *sk, struct sk_buff *skb)
1da177e4 136{
9e508490 137 struct net_device *dev = skb_dst(skb)->dev;
adf30907 138 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
778d80be 139 if (unlikely(idev->cnf.disable_ipv6)) {
9e508490 140 IP6_INC_STATS(dev_net(dev), idev,
3bd653c8 141 IPSTATS_MIB_OUTDISCARDS);
778d80be
YH		 142 kfree_skb(skb);
143 return 0;
144 }
145
7026b1dd
DM		 146 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, sk, skb,
147 NULL, dev,
9c6eb28a
JE		 148 ip6_finish_output,
149 !(IP6CB(skb)->flags & IP6SKB_REROUTED));
1da177e4
LT		 150}
151
1da177e4 152/*
b5d43998 153 * xmit an sk_buff (used by TCP, SCTP and DCCP)
1da177e4
LT		 154 */
155
4c9483b2 156int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
b903d324 157 struct ipv6_txoptions *opt, int tclass)
1da177e4 158{
3bd653c8 159 struct net *net = sock_net(sk);
b30bd282 160 struct ipv6_pinfo *np = inet6_sk(sk);
4c9483b2 161 struct in6_addr *first_hop = &fl6->daddr;
adf30907 162 struct dst_entry *dst = skb_dst(skb);
1da177e4 163 struct ipv6hdr *hdr;
4c9483b2 164 u8 proto = fl6->flowi6_proto;
1da177e4 165 int seg_len = skb->len;
e651f03a 166 int hlimit = -1;
1da177e4
LT		 167 u32 mtu;
168
169 if (opt) {
c2636b4d 170 unsigned int head_room;
1da177e4
LT		 171
172 /* First: exthdrs may take lots of space (~8K for now)
173 MAX_HEADER is not enough.
174 */
175 head_room = opt->opt_nflen + opt->opt_flen;
176 seg_len += head_room;
177 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev);
178
179 if (skb_headroom(skb) < head_room) {
180 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room);
63159f29 181 if (!skb2) {
adf30907 182 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
a11d206d
YH		 183 IPSTATS_MIB_OUTDISCARDS);
184 kfree_skb(skb);
1da177e4
LT		 185 return -ENOBUFS;
186 }
808db80a 187 consume_skb(skb);
a11d206d 188 skb = skb2;
83d7eb29 189 skb_set_owner_w(skb, sk);
1da177e4
LT		 190 }
191 if (opt->opt_flen)
192 ipv6_push_frag_opts(skb, opt, &proto);
193 if (opt->opt_nflen)
194 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop);
195 }
196
e2d1bca7
ACM		 197 skb_push(skb, sizeof(struct ipv6hdr));
198 skb_reset_network_header(skb);
0660e03f 199 hdr = ipv6_hdr(skb);
1da177e4
LT		 200
201 /*
202 * Fill in the IPv6 header
203 */
b903d324 204 if (np)
1da177e4
LT		 205 hlimit = np->hop_limit;
206 if (hlimit < 0)
6b75d090 207 hlimit = ip6_dst_hoplimit(dst);
1da177e4 208
cb1ce2ef 209 ip6_flow_hdr(hdr, tclass, ip6_make_flowlabel(net, skb, fl6->flowlabel,
67800f9b 210 np->autoflowlabel, fl6));
41a1f8ea 211
1da177e4
LT		 212 hdr->payload_len = htons(seg_len);
213 hdr->nexthdr = proto;
214 hdr->hop_limit = hlimit;
215
4e3fd7a0
AD		 216 hdr->saddr = fl6->saddr;
217 hdr->daddr = *first_hop;
1da177e4 218
9c9c9ad5 219 skb->protocol = htons(ETH_P_IPV6);
a2c2064f 220 skb->priority = sk->sk_priority;
4a19ec58 221 skb->mark = sk->sk_mark;
a2c2064f 222
1da177e4 223 mtu = dst_mtu(dst);
60ff7467 224 if ((skb->len <= mtu) || skb->ignore_df || skb_is_gso(skb)) {
adf30907 225 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)),
edf391ff 226 IPSTATS_MIB_OUT, skb->len);
7026b1dd
DM		 227 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, sk, skb,
228 NULL, dst->dev, dst_output_sk);
1da177e4
LT		 229 }
230
1da177e4 231 skb->dev = dst->dev;
f4e53e29 232 ipv6_local_error(sk, EMSGSIZE, fl6, mtu);
adf30907 233 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS);
1da177e4
LT		 234 kfree_skb(skb);
235 return -EMSGSIZE;
236}
7159039a
YH		 237EXPORT_SYMBOL(ip6_xmit);
238
1da177e4
LT		 239static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
240{
241 struct ip6_ra_chain *ra;
242 struct sock *last = NULL;
243
244 read_lock(&ip6_ra_lock);
245 for (ra = ip6_ra_chain; ra; ra = ra->next) {
246 struct sock *sk = ra->sk;
0bd1b59b
AM		 247 if (sk && ra->sel == sel &&
248 (!sk->sk_bound_dev_if ||
249 sk->sk_bound_dev_if == skb->dev->ifindex)) {
1da177e4
LT		 250 if (last) {
251 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
252 if (skb2)
253 rawv6_rcv(last, skb2);
254 }
255 last = sk;
256 }
257 }
258
259 if (last) {
260 rawv6_rcv(last, skb);
261 read_unlock(&ip6_ra_lock);
262 return 1;
263 }
264 read_unlock(&ip6_ra_lock);
265 return 0;
266}
267
e21e0b5f
VN		 268static int ip6_forward_proxy_check(struct sk_buff *skb)
269{
0660e03f 270 struct ipv6hdr *hdr = ipv6_hdr(skb);
e21e0b5f 271 u8 nexthdr = hdr->nexthdr;
75f2811c 272 __be16 frag_off;
e21e0b5f
VN		 273 int offset;
274
275 if (ipv6_ext_hdr(nexthdr)) {
75f2811c 276 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr, &frag_off);
e21e0b5f
VN		 277 if (offset < 0)
278 return 0;
279 } else
280 offset = sizeof(struct ipv6hdr);
281
282 if (nexthdr == IPPROTO_ICMPV6) {
283 struct icmp6hdr *icmp6;
284
d56f90a7
ACM		 285 if (!pskb_may_pull(skb, (skb_network_header(skb) +
286 offset + 1 - skb->data)))
e21e0b5f
VN		 287 return 0;
288
d56f90a7 289 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset);
e21e0b5f
VN		 290
291 switch (icmp6->icmp6_type) {
292 case NDISC_ROUTER_SOLICITATION:
293 case NDISC_ROUTER_ADVERTISEMENT:
294 case NDISC_NEIGHBOUR_SOLICITATION:
295 case NDISC_NEIGHBOUR_ADVERTISEMENT:
296 case NDISC_REDIRECT:
297 /* For reaction involving unicast neighbor discovery
298 * message destined to the proxied address, pass it to
299 * input function.
300 */
301 return 1;
302 default:
303 break;
304 }
305 }
306
74553b09
VN		 307 /*
308 * The proxying router can't forward traffic sent to a link-local
309 * address, so signal the sender and discard the packet. This
310 * behavior is clarified by the MIPv6 specification.
311 */
312 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) {
313 dst_link_failure(skb);
314 return -1;
315 }
316
e21e0b5f
VN		 317 return 0;
318}
319
7026b1dd 320static inline int ip6_forward_finish(struct sock *sk, struct sk_buff *skb)
1da177e4 321{
c29390c6 322 skb_sender_cpu_clear(skb);
7026b1dd 323 return dst_output_sk(sk, skb);
1da177e4
LT		 324}
325
0954cf9c
HFS		 326static unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst)
327{
328 unsigned int mtu;
329 struct inet6_dev *idev;
330
331 if (dst_metric_locked(dst, RTAX_MTU)) {
332 mtu = dst_metric_raw(dst, RTAX_MTU);
333 if (mtu)
334 return mtu;
335 }
336
337 mtu = IPV6_MIN_MTU;
338 rcu_read_lock();
339 idev = __in6_dev_get(dst->dev);
340 if (idev)
341 mtu = idev->cnf.mtu6;
342 rcu_read_unlock();
343
344 return mtu;
345}
346
fe6cc55f
FW		 347static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu)
348{
418a3156 349 if (skb->len <= mtu)
fe6cc55f
FW		 350 return false;
351
60ff7467 352 /* ipv6 conntrack defrag sets max_frag_size + ignore_df */
fe6cc55f
FW		 353 if (IP6CB(skb)->frag_max_size && IP6CB(skb)->frag_max_size > mtu)
354 return true;
355
60ff7467 356 if (skb->ignore_df)
418a3156
FW		 357 return false;
358
fe6cc55f
FW		 359 if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu)
360 return false;
361
362 return true;
363}
364
1da177e4
LT		 365int ip6_forward(struct sk_buff *skb)
366{
adf30907 367 struct dst_entry *dst = skb_dst(skb);
0660e03f 368 struct ipv6hdr *hdr = ipv6_hdr(skb);
1da177e4 369 struct inet6_skb_parm *opt = IP6CB(skb);
c346dca1 370 struct net *net = dev_net(dst->dev);
14f3ad6f 371 u32 mtu;
1ab1457c 372
53b7997f 373 if (net->ipv6.devconf_all->forwarding == 0)
1da177e4
LT		 374 goto error;
375
090f1166
LR		 376 if (skb->pkt_type != PACKET_HOST)
377 goto drop;
378
9ef2e965
HFS		 379 if (unlikely(skb->sk))
380 goto drop;
381
4497b076
BH		 382 if (skb_warn_if_lro(skb))
383 goto drop;
384
1da177e4 385 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
15c77d8b
ED		 386 IP6_INC_STATS_BH(net, ip6_dst_idev(dst),
387 IPSTATS_MIB_INDISCARDS);
1da177e4
LT		 388 goto drop;
389 }
390
35fc92a9 391 skb_forward_csum(skb);
1da177e4
LT		 392
393 /*
394 * We DO NOT make any processing on
395 * RA packets, pushing them to user level AS IS
396 * without ane WARRANTY that application will be able
397 * to interpret them. The reason is that we
398 * cannot make anything clever here.
399 *
400 * We are not end-node, so that if packet contains
401 * AH/ESP, we cannot make anything.
402 * Defragmentation also would be mistake, RA packets
403 * cannot be fragmented, because there is no warranty
404 * that different fragments will go along one path. --ANK
405 */
ab4eb353
YH		 406 if (unlikely(opt->flags & IP6SKB_ROUTERALERT)) {
407 if (ip6_call_ra_chain(skb, ntohs(opt->ra)))
1da177e4
LT		 408 return 0;
409 }
410
411 /*
412 * check and decrement ttl
413 */
414 if (hdr->hop_limit <= 1) {
415 /* Force OUTPUT device used as source address */
416 skb->dev = dst->dev;
3ffe533c 417 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0);
15c77d8b
ED		 418 IP6_INC_STATS_BH(net, ip6_dst_idev(dst),
419 IPSTATS_MIB_INHDRERRORS);
1da177e4
LT		 420
421 kfree_skb(skb);
422 return -ETIMEDOUT;
423 }
424
fbea49e1 425 /* XXX: idev->cnf.proxy_ndp? */
53b7997f 426 if (net->ipv6.devconf_all->proxy_ndp &&
8a3edd80 427 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
74553b09
VN		 428 int proxied = ip6_forward_proxy_check(skb);
429 if (proxied > 0)
e21e0b5f 430 return ip6_input(skb);
74553b09 431 else if (proxied < 0) {
15c77d8b
ED		 432 IP6_INC_STATS_BH(net, ip6_dst_idev(dst),
433 IPSTATS_MIB_INDISCARDS);
74553b09
VN		 434 goto drop;
435 }
e21e0b5f
VN		 436 }
437
1da177e4 438 if (!xfrm6_route_forward(skb)) {
15c77d8b
ED		 439 IP6_INC_STATS_BH(net, ip6_dst_idev(dst),
440 IPSTATS_MIB_INDISCARDS);
1da177e4
LT		 441 goto drop;
442 }
adf30907 443 dst = skb_dst(skb);
1da177e4
LT		 444
445 /* IPv6 specs say nothing about it, but it is clear that we cannot
446 send redirects to source routed frames.
1e5dc146 447 We don't send redirects to frames decapsulated from IPsec.
1da177e4 448 */
c45a3dfb 449 if (skb->dev == dst->dev && opt->srcrt == 0 && !skb_sec_path(skb)) {
1da177e4 450 struct in6_addr *target = NULL;
fbfe95a4 451 struct inet_peer *peer;
1da177e4 452 struct rt6_info *rt;
1da177e4
LT		 453
454 /*
455 * incoming and outgoing devices are the same
456 * send a redirect.
457 */
458
459 rt = (struct rt6_info *) dst;
c45a3dfb
DM		 460 if (rt->rt6i_flags & RTF_GATEWAY)
461 target = &rt->rt6i_gateway;
1da177e4
LT		 462 else
463 target = &hdr->daddr;
464
fd0273d7 465 peer = inet_getpeer_v6(net->ipv6.peers, &hdr->daddr, 1);
92d86829 466
1da177e4
LT		 467 /* Limit redirects both by destination (here)
468 and by source (inside ndisc_send_redirect)
469 */
fbfe95a4 470 if (inet_peer_xrlim_allow(peer, 1*HZ))
4991969a 471 ndisc_send_redirect(skb, target);
1d861aa4
DM		 472 if (peer)
473 inet_putpeer(peer);
5bb1ab09
DS		 474 } else {
475 int addrtype = ipv6_addr_type(&hdr->saddr);
476
1da177e4 477 /* This check is security critical. */
f81b2e7d
YH		 478 if (addrtype == IPV6_ADDR_ANY ||
479 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
5bb1ab09
DS		 480 goto error;
481 if (addrtype & IPV6_ADDR_LINKLOCAL) {
482 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
3ffe533c 483 ICMPV6_NOT_NEIGHBOUR, 0);
5bb1ab09
DS		 484 goto error;
485 }
1da177e4
LT		 486 }
487
0954cf9c 488 mtu = ip6_dst_mtu_forward(dst);
14f3ad6f
UW		 489 if (mtu < IPV6_MIN_MTU)
490 mtu = IPV6_MIN_MTU;
491
fe6cc55f 492 if (ip6_pkt_too_big(skb, mtu)) {
1da177e4
LT		 493 /* Again, force OUTPUT device used as source address */
494 skb->dev = dst->dev;
14f3ad6f 495 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
15c77d8b
ED		 496 IP6_INC_STATS_BH(net, ip6_dst_idev(dst),
497 IPSTATS_MIB_INTOOBIGERRORS);
498 IP6_INC_STATS_BH(net, ip6_dst_idev(dst),
499 IPSTATS_MIB_FRAGFAILS);
1da177e4
LT		 500 kfree_skb(skb);
501 return -EMSGSIZE;
502 }
503
504 if (skb_cow(skb, dst->dev->hard_header_len)) {
15c77d8b
ED		 505 IP6_INC_STATS_BH(net, ip6_dst_idev(dst),
506 IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 507 goto drop;
508 }
509
0660e03f 510 hdr = ipv6_hdr(skb);
1da177e4
LT		 511
512 /* Mangling hops number delayed to point after skb COW */
1ab1457c 513
1da177e4
LT		 514 hdr->hop_limit--;
515
483a47d2 516 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
2d8dbb04 517 IP6_ADD_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len);
7026b1dd
DM		 518 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, NULL, skb,
519 skb->dev, dst->dev,
6e23ae2a 520 ip6_forward_finish);
1da177e4
LT		 521
522error:
483a47d2 523 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS);
1da177e4
LT		 524drop:
525 kfree_skb(skb);
526 return -EINVAL;
527}
528
529static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
530{
531 to->pkt_type = from->pkt_type;
532 to->priority = from->priority;
533 to->protocol = from->protocol;
adf30907
ED		 534 skb_dst_drop(to);
535 skb_dst_set(to, dst_clone(skb_dst(from)));
1da177e4 536 to->dev = from->dev;
82e91ffe 537 to->mark = from->mark;
1da177e4
LT		 538
539#ifdef CONFIG_NET_SCHED
540 to->tc_index = from->tc_index;
541#endif
e7ac05f3 542 nf_copy(to, from);
984bc16c 543 skb_copy_secmark(to, from);
1da177e4
LT		 544}
545
7026b1dd
DM		 546int ip6_fragment(struct sock *sk, struct sk_buff *skb,
547 int (*output)(struct sock *, struct sk_buff *))
1da177e4 548{
1da177e4 549 struct sk_buff *frag;
67ba4152 550 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
f60e5990 551 struct ipv6_pinfo *np = skb->sk && !dev_recursion_level() ?
552 inet6_sk(skb->sk) : NULL;
1da177e4
LT		 553 struct ipv6hdr *tmp_hdr;
554 struct frag_hdr *fh;
555 unsigned int mtu, hlen, left, len;
a7ae1992 556 int hroom, troom;
286c2349 557 __be32 frag_id;
67ba4152 558 int ptr, offset = 0, err = 0;
1da177e4 559 u8 *prevhdr, nexthdr = 0;
adf30907 560 struct net *net = dev_net(skb_dst(skb)->dev);
1da177e4 561
1da177e4
LT		 562 hlen = ip6_find_1stfragopt(skb, &prevhdr);
563 nexthdr = *prevhdr;
564
628a5c56 565 mtu = ip6_skb_dst_mtu(skb);
b881ef76
JH		 566
567 /* We must not fragment if the socket is set to force MTU discovery
14f3ad6f 568 * or if the skb it not generated by a local socket.
b881ef76 569 */
485fca66
FW		 570 if (unlikely(!skb->ignore_df && skb->len > mtu))
571 goto fail_toobig;
a34a101e 572
485fca66
FW		 573 if (IP6CB(skb)->frag_max_size) {
574 if (IP6CB(skb)->frag_max_size > mtu)
575 goto fail_toobig;
576
577 /* don't send fragments larger than what we received */
578 mtu = IP6CB(skb)->frag_max_size;
579 if (mtu < IPV6_MIN_MTU)
580 mtu = IPV6_MIN_MTU;
b881ef76
JH		 581 }
582
d91675f9
YH		 583 if (np && np->frag_size < mtu) {
584 if (np->frag_size)
585 mtu = np->frag_size;
586 }
1e0d69a9 587 mtu -= hlen + sizeof(struct frag_hdr);
1da177e4 588
fd0273d7
MKL		 589 frag_id = ipv6_select_ident(net, &ipv6_hdr(skb)->daddr,
590 &ipv6_hdr(skb)->saddr);
286c2349 591
1d325d21 592 hroom = LL_RESERVED_SPACE(rt->dst.dev);
21dc3301 593 if (skb_has_frag_list(skb)) {
1da177e4 594 int first_len = skb_pagelen(skb);
3d13008e 595 struct sk_buff *frag2;
1da177e4
LT		 596
597 if (first_len - hlen > mtu ||
598 ((first_len - hlen) & 7) ||
1d325d21
FW		 599 skb_cloned(skb) ||
600 skb_headroom(skb) < (hroom + sizeof(struct frag_hdr)))
1da177e4
LT		 601 goto slow_path;
602
4d9092bb 603 skb_walk_frags(skb, frag) {
1da177e4
LT		 604 /* Correct geometry. */
605 if (frag->len > mtu ||
606 ((frag->len & 7) && frag->next) ||
1d325d21 607 skb_headroom(frag) < (hlen + hroom + sizeof(struct frag_hdr)))
3d13008e 608 goto slow_path_clean;
1da177e4 609
1da177e4
LT		 610 /* Partially cloned skb? */
611 if (skb_shared(frag))
3d13008e 612 goto slow_path_clean;
2fdba6b0
HX		 613
614 BUG_ON(frag->sk);
615 if (skb->sk) {
2fdba6b0
HX		 616 frag->sk = skb->sk;
617 frag->destructor = sock_wfree;
2fdba6b0 618 }
3d13008e 619 skb->truesize -= frag->truesize;
1da177e4
LT		 620 }
621
622 err = 0;
623 offset = 0;
1da177e4
LT		 624 /* BUILD HEADER */
625
9a217a1c 626 *prevhdr = NEXTHDR_FRAGMENT;
d56f90a7 627 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
1da177e4 628 if (!tmp_hdr) {
adf30907 629 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
3bd653c8 630 IPSTATS_MIB_FRAGFAILS);
1d325d21
FW		 631 err = -ENOMEM;
632 goto fail;
1da177e4 633 }
1d325d21
FW		 634 frag = skb_shinfo(skb)->frag_list;
635 skb_frag_list_init(skb);
1da177e4 636
1da177e4 637 __skb_pull(skb, hlen);
67ba4152 638 fh = (struct frag_hdr *)__skb_push(skb, sizeof(struct frag_hdr));
e2d1bca7
ACM		 639 __skb_push(skb, hlen);
640 skb_reset_network_header(skb);
d56f90a7 641 memcpy(skb_network_header(skb), tmp_hdr, hlen);
1da177e4 642
1da177e4
LT		 643 fh->nexthdr = nexthdr;
644 fh->reserved = 0;
645 fh->frag_off = htons(IP6_MF);
286c2349 646 fh->identification = frag_id;
1da177e4
LT		 647
648 first_len = skb_pagelen(skb);
649 skb->data_len = first_len - skb_headlen(skb);
650 skb->len = first_len;
0660e03f
ACM		 651 ipv6_hdr(skb)->payload_len = htons(first_len -
652 sizeof(struct ipv6hdr));
a11d206d 653
d8d1f30b 654 dst_hold(&rt->dst);
1da177e4
LT		 655
656 for (;;) {
657 /* Prepare header of the next frame,
658 * before previous one went down. */
659 if (frag) {
660 frag->ip_summed = CHECKSUM_NONE;
badff6d0 661 skb_reset_transport_header(frag);
67ba4152 662 fh = (struct frag_hdr *)__skb_push(frag, sizeof(struct frag_hdr));
e2d1bca7
ACM		 663 __skb_push(frag, hlen);
664 skb_reset_network_header(frag);
d56f90a7
ACM		 665 memcpy(skb_network_header(frag), tmp_hdr,
666 hlen);
1da177e4
LT		 667 offset += skb->len - hlen - sizeof(struct frag_hdr);
668 fh->nexthdr = nexthdr;
669 fh->reserved = 0;
670 fh->frag_off = htons(offset);
53b24b8f 671 if (frag->next)
1da177e4
LT		 672 fh->frag_off |= htons(IP6_MF);
673 fh->identification = frag_id;
0660e03f
ACM		 674 ipv6_hdr(frag)->payload_len =
675 htons(frag->len -
676 sizeof(struct ipv6hdr));
1da177e4
LT		 677 ip6_copy_metadata(frag, skb);
678 }
1ab1457c 679
7026b1dd 680 err = output(sk, skb);
67ba4152 681 if (!err)
d8d1f30b 682 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
3bd653c8 683 IPSTATS_MIB_FRAGCREATES);
dafee490 684
1da177e4
LT		 685 if (err || !frag)
686 break;
687
688 skb = frag;
689 frag = skb->next;
690 skb->next = NULL;
691 }
692
a51482bd 693 kfree(tmp_hdr);
1da177e4
LT		 694
695 if (err == 0) {
d8d1f30b 696 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
3bd653c8 697 IPSTATS_MIB_FRAGOKS);
94e187c0 698 ip6_rt_put(rt);
1da177e4
LT		 699 return 0;
700 }
701
46cfd725 702 kfree_skb_list(frag);
1da177e4 703
d8d1f30b 704 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
3bd653c8 705 IPSTATS_MIB_FRAGFAILS);
94e187c0 706 ip6_rt_put(rt);
1da177e4 707 return err;
3d13008e
ED		 708
709slow_path_clean:
710 skb_walk_frags(skb, frag2) {
711 if (frag2 == frag)
712 break;
713 frag2->sk = NULL;
714 frag2->destructor = NULL;
715 skb->truesize += frag2->truesize;
716 }
1da177e4
LT		 717 }
718
719slow_path:
72e843bb
ED		 720 if ((skb->ip_summed == CHECKSUM_PARTIAL) &&
721 skb_checksum_help(skb))
722 goto fail;
723
1da177e4
LT		 724 left = skb->len - hlen; /* Space per frame */
725 ptr = hlen; /* Where to start from */
726
727 /*
728 * Fragment the datagram.
729 */
730
731 *prevhdr = NEXTHDR_FRAGMENT;
a7ae1992 732 troom = rt->dst.dev->needed_tailroom;
1da177e4
LT		 733
734 /*
735 * Keep copying data until we run out.
736 */
67ba4152 737 while (left > 0) {
1da177e4
LT		 738 len = left;
739 /* IF: it doesn't fit, use 'mtu' - the data space left */
740 if (len > mtu)
741 len = mtu;
25985edc 742 /* IF: we are not sending up to and including the packet end
1da177e4
LT		 743 then align the next start on an eight byte boundary */
744 if (len < left) {
745 len &= ~7;
746 }
1da177e4 747
cbffccc9
JP		 748 /* Allocate buffer */
749 frag = alloc_skb(len + hlen + sizeof(struct frag_hdr) +
750 hroom + troom, GFP_ATOMIC);
751 if (!frag) {
adf30907 752 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
a11d206d 753 IPSTATS_MIB_FRAGFAILS);
1da177e4
LT		 754 err = -ENOMEM;
755 goto fail;
756 }
757
758 /*
759 * Set up data on packet
760 */
761
762 ip6_copy_metadata(frag, skb);
a7ae1992 763 skb_reserve(frag, hroom);
1da177e4 764 skb_put(frag, len + hlen + sizeof(struct frag_hdr));
c1d2bbe1 765 skb_reset_network_header(frag);
badff6d0 766 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen);
b0e380b1
ACM		 767 frag->transport_header = (frag->network_header + hlen +
768 sizeof(struct frag_hdr));
1da177e4
LT		 769
770 /*
771 * Charge the memory for the fragment to any owner
772 * it might possess
773 */
774 if (skb->sk)
775 skb_set_owner_w(frag, skb->sk);
776
777 /*
778 * Copy the packet header into the new buffer.
779 */
d626f62b 780 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen);
1da177e4
LT		 781
782 /*
783 * Build fragment header.
784 */
785 fh->nexthdr = nexthdr;
786 fh->reserved = 0;
286c2349 787 fh->identification = frag_id;
1da177e4
LT		 788
789 /*
790 * Copy a block of the IP datagram.
791 */
e3f0b86b
HS		 792 BUG_ON(skb_copy_bits(skb, ptr, skb_transport_header(frag),
793 len));
1da177e4
LT		 794 left -= len;
795
796 fh->frag_off = htons(offset);
797 if (left > 0)
798 fh->frag_off |= htons(IP6_MF);
0660e03f
ACM		 799 ipv6_hdr(frag)->payload_len = htons(frag->len -
800 sizeof(struct ipv6hdr));
1da177e4
LT		 801
802 ptr += len;
803 offset += len;
804
805 /*
806 * Put this fragment into the sending queue.
807 */
7026b1dd 808 err = output(sk, frag);
1da177e4
LT		 809 if (err)
810 goto fail;
dafee490 811
adf30907 812 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
3bd653c8 813 IPSTATS_MIB_FRAGCREATES);
1da177e4 814 }
adf30907 815 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
a11d206d 816 IPSTATS_MIB_FRAGOKS);
808db80a 817 consume_skb(skb);
1da177e4
LT		 818 return err;
819
485fca66
FW		 820fail_toobig:
821 if (skb->sk && dst_allfrag(skb_dst(skb)))
822 sk_nocaps_add(skb->sk, NETIF_F_GSO_MASK);
823
824 skb->dev = skb_dst(skb)->dev;
825 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
826 err = -EMSGSIZE;
827
1da177e4 828fail:
adf30907 829 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
a11d206d 830 IPSTATS_MIB_FRAGFAILS);
1ab1457c 831 kfree_skb(skb);
1da177e4
LT		 832 return err;
833}
834
b71d1d42
ED		 835static inline int ip6_rt_check(const struct rt6key *rt_key,
836 const struct in6_addr *fl_addr,
837 const struct in6_addr *addr_cache)
cf6b1982 838{
a02cec21 839 return (rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) &&
63159f29 840 (!addr_cache || !ipv6_addr_equal(fl_addr, addr_cache));
cf6b1982
YH		 841}
842
497c615a
HX		 843static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
844 struct dst_entry *dst,
b71d1d42 845 const struct flowi6 *fl6)
1da177e4 846{
497c615a 847 struct ipv6_pinfo *np = inet6_sk(sk);
a963a37d 848 struct rt6_info *rt;
1da177e4 849
497c615a
HX		 850 if (!dst)
851 goto out;
852
a963a37d
ED		 853 if (dst->ops->family != AF_INET6) {
854 dst_release(dst);
855 return NULL;
856 }
857
858 rt = (struct rt6_info *)dst;
497c615a
HX		 859 /* Yes, checking route validity in not connected
860 * case is not very simple. Take into account,
861 * that we do not support routing by source, TOS,
67ba4152 862 * and MSG_DONTROUTE --ANK (980726)
497c615a 863 *
cf6b1982
YH		 864 * 1. ip6_rt_check(): If route was host route,
865 * check that cached destination is current.
497c615a
HX		 866 * If it is network route, we still may
867 * check its validity using saved pointer
868 * to the last used address: daddr_cache.
869 * We do not want to save whole address now,
870 * (because main consumer of this service
871 * is tcp, which has not this problem),
872 * so that the last trick works only on connected
873 * sockets.
874 * 2. oif also should be the same.
875 */
4c9483b2 876 if (ip6_rt_check(&rt->rt6i_dst, &fl6->daddr, np->daddr_cache) ||
8e1ef0a9 877#ifdef CONFIG_IPV6_SUBTREES
4c9483b2 878 ip6_rt_check(&rt->rt6i_src, &fl6->saddr, np->saddr_cache) ||
8e1ef0a9 879#endif
f1900fb5
DA		 880 (!(fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF) &&
881 (fl6->flowi6_oif && fl6->flowi6_oif != dst->dev->ifindex))) {
497c615a
HX		 882 dst_release(dst);
883 dst = NULL;
1da177e4
LT		 884 }
885
497c615a
HX		 886out:
887 return dst;
888}
889
343d60aa 890static int ip6_dst_lookup_tail(struct net *net, struct sock *sk,
4c9483b2 891 struct dst_entry **dst, struct flowi6 *fl6)
497c615a 892{
69cce1d1
DM		 893#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
894 struct neighbour *n;
97cac082 895 struct rt6_info *rt;
69cce1d1
DM		 896#endif
897 int err;
497c615a 898
e16e888b
MS		 899 /* The correct way to handle this would be to do
900 * ip6_route_get_saddr, and then ip6_route_output; however,
901 * the route-specific preferred source forces the
902 * ip6_route_output call _before_ ip6_route_get_saddr.
903 *
904 * In source specific routing (no src=any default route),
905 * ip6_route_output will fail given src=any saddr, though, so
906 * that's why we try it again later.
907 */
908 if (ipv6_addr_any(&fl6->saddr) && (!*dst || !(*dst)->error)) {
909 struct rt6_info *rt;
910 bool had_dst = *dst != NULL;
1da177e4 911
e16e888b
MS		 912 if (!had_dst)
913 *dst = ip6_route_output(net, sk, fl6);
914 rt = (*dst)->error ? NULL : (struct rt6_info *)*dst;
c3968a85
DW		 915 err = ip6_route_get_saddr(net, rt, &fl6->daddr,
916 sk ? inet6_sk(sk)->srcprefs : 0,
917 &fl6->saddr);
44456d37 918 if (err)
1da177e4 919 goto out_err_release;
e16e888b
MS		 920
921 /* If we had an erroneous initial result, pretend it
922 * never existed and let the SA-enabled version take
923 * over.
924 */
925 if (!had_dst && (*dst)->error) {
926 dst_release(*dst);
927 *dst = NULL;
928 }
1da177e4
LT		 929 }
930
e16e888b
MS		 931 if (!*dst)
932 *dst = ip6_route_output(net, sk, fl6);
933
934 err = (*dst)->error;
935 if (err)
936 goto out_err_release;
937
95c385b4 938#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
e550dfb0
NH		 939 /*
940 * Here if the dst entry we've looked up
941 * has a neighbour entry that is in the INCOMPLETE
942 * state and the src address from the flow is
943 * marked as OPTIMISTIC, we release the found
944 * dst entry and replace it instead with the
945 * dst entry of the nexthop router
946 */
c56bf6fe 947 rt = (struct rt6_info *) *dst;
707be1ff 948 rcu_read_lock_bh();
2647a9b0
MKL		 949 n = __ipv6_neigh_lookup_noref(rt->dst.dev,
950 rt6_nexthop(rt, &fl6->daddr));
707be1ff
YH		 951 err = n && !(n->nud_state & NUD_VALID) ? -EINVAL : 0;
952 rcu_read_unlock_bh();
953
954 if (err) {
e550dfb0 955 struct inet6_ifaddr *ifp;
4c9483b2 956 struct flowi6 fl_gw6;
e550dfb0
NH		 957 int redirect;
958
4c9483b2 959 ifp = ipv6_get_ifaddr(net, &fl6->saddr,
e550dfb0
NH		 960 (*dst)->dev, 1);
961
962 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
963 if (ifp)
964 in6_ifa_put(ifp);
965
966 if (redirect) {
967 /*
968 * We need to get the dst entry for the
969 * default router instead
970 */
971 dst_release(*dst);
4c9483b2
DM		 972 memcpy(&fl_gw6, fl6, sizeof(struct flowi6));
973 memset(&fl_gw6.daddr, 0, sizeof(struct in6_addr));
974 *dst = ip6_route_output(net, sk, &fl_gw6);
e5d08d71
IM		 975 err = (*dst)->error;
976 if (err)
e550dfb0 977 goto out_err_release;
95c385b4 978 }
e550dfb0 979 }
95c385b4
NH		 980#endif
981
1da177e4
LT		 982 return 0;
983
984out_err_release:
ca46f9c8 985 if (err == -ENETUNREACH)
5ac68e7c 986 IP6_INC_STATS(net, NULL, IPSTATS_MIB_OUTNOROUTES);
1da177e4
LT		 987 dst_release(*dst);
988 *dst = NULL;
989 return err;
990}
34a0b3cd 991
497c615a
HX		 992/**
993 * ip6_dst_lookup - perform route lookup on flow
994 * @sk: socket which provides route info
995 * @dst: pointer to dst_entry * for result
4c9483b2 996 * @fl6: flow to lookup
497c615a
HX		 997 *
998 * This function performs a route lookup on the given flow.
999 *
1000 * It returns zero on success, or a standard errno code on error.
1001 */
343d60aa
RP		 1002int ip6_dst_lookup(struct net *net, struct sock *sk, struct dst_entry **dst,
1003 struct flowi6 *fl6)
497c615a
HX		 1004{
1005 *dst = NULL;
343d60aa 1006 return ip6_dst_lookup_tail(net, sk, dst, fl6);
497c615a 1007}
3cf3dc6c
ACM		 1008EXPORT_SYMBOL_GPL(ip6_dst_lookup);
1009
497c615a 1010/**
68d0c6d3
DM		 1011 * ip6_dst_lookup_flow - perform route lookup on flow with ipsec
1012 * @sk: socket which provides route info
4c9483b2 1013 * @fl6: flow to lookup
68d0c6d3 1014 * @final_dst: final destination address for ipsec lookup
68d0c6d3
DM		 1015 *
1016 * This function performs a route lookup on the given flow.
1017 *
1018 * It returns a valid dst pointer on success, or a pointer encoded
1019 * error code.
1020 */
4c9483b2 1021struct dst_entry *ip6_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
0e0d44ab 1022 const struct in6_addr *final_dst)
68d0c6d3
DM		 1023{
1024 struct dst_entry *dst = NULL;
1025 int err;
1026
343d60aa 1027 err = ip6_dst_lookup_tail(sock_net(sk), sk, &dst, fl6);
68d0c6d3
DM		 1028 if (err)
1029 return ERR_PTR(err);
1030 if (final_dst)
4e3fd7a0 1031 fl6->daddr = *final_dst;
a0a9f33b
PS		 1032 if (!fl6->flowi6_oif)
1033 fl6->flowi6_oif = dst->dev->ifindex;
2774c131 1034
f92ee619 1035 return xfrm_lookup_route(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
68d0c6d3
DM		 1036}
1037EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow);
1038
1039/**
1040 * ip6_sk_dst_lookup_flow - perform socket cached route lookup on flow
497c615a 1041 * @sk: socket which provides the dst cache and route info
4c9483b2 1042 * @fl6: flow to lookup
68d0c6d3 1043 * @final_dst: final destination address for ipsec lookup
497c615a
HX		 1044 *
1045 * This function performs a route lookup on the given flow with the
1046 * possibility of using the cached route in the socket if it is valid.
1047 * It will take the socket dst lock when operating on the dst cache.
1048 * As a result, this function can only be used in process context.
1049 *
68d0c6d3
DM		 1050 * It returns a valid dst pointer on success, or a pointer encoded
1051 * error code.
497c615a 1052 */
4c9483b2 1053struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
0e0d44ab 1054 const struct in6_addr *final_dst)
497c615a 1055{
68d0c6d3
DM		 1056 struct dst_entry *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
1057 int err;
497c615a 1058
4c9483b2 1059 dst = ip6_sk_dst_check(sk, dst, fl6);
68d0c6d3 1060
343d60aa 1061 err = ip6_dst_lookup_tail(sock_net(sk), sk, &dst, fl6);
68d0c6d3
DM		 1062 if (err)
1063 return ERR_PTR(err);
1064 if (final_dst)
4e3fd7a0 1065 fl6->daddr = *final_dst;
2774c131 1066
f92ee619 1067 return xfrm_lookup_route(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
497c615a 1068}
68d0c6d3 1069EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow);
497c615a 1070
34a0b3cd 1071static inline int ip6_ufo_append_data(struct sock *sk,
0bbe84a6 1072 struct sk_buff_head *queue,
e89e9cf5
AR		 1073 int getfrag(void *from, char *to, int offset, int len,
1074 int odd, struct sk_buff *skb),
1075 void *from, int length, int hh_len, int fragheaderlen,
67ba4152 1076 int transhdrlen, int mtu, unsigned int flags,
fd0273d7 1077 const struct flowi6 *fl6)
e89e9cf5
AR		 1078
1079{
1080 struct sk_buff *skb;
1081 int err;
1082
1083 /* There is support for UDP large send offload by network
1084 * device, so create one single skb packet containing complete
1085 * udp datagram
1086 */
0bbe84a6 1087 skb = skb_peek_tail(queue);
63159f29 1088 if (!skb) {
e89e9cf5
AR		 1089 skb = sock_alloc_send_skb(sk,
1090 hh_len + fragheaderlen + transhdrlen + 20,
1091 (flags & MSG_DONTWAIT), &err);
63159f29 1092 if (!skb)
504744e4 1093 return err;
e89e9cf5
AR		 1094
1095 /* reserve space for Hardware header */
1096 skb_reserve(skb, hh_len);
1097
1098 /* create space for UDP/IP header */
67ba4152 1099 skb_put(skb, fragheaderlen + transhdrlen);
e89e9cf5
AR		 1100
1101 /* initialize network header pointer */
c1d2bbe1 1102 skb_reset_network_header(skb);
e89e9cf5
AR		 1103
1104 /* initialize protocol header pointer */
b0e380b1 1105 skb->transport_header = skb->network_header + fragheaderlen;
e89e9cf5 1106
9c9c9ad5 1107 skb->protocol = htons(ETH_P_IPV6);
e89e9cf5 1108 skb->csum = 0;
e89e9cf5 1109
0bbe84a6 1110 __skb_queue_tail(queue, skb);
c547dbf5
JP		 1111 } else if (skb_is_gso(skb)) {
1112 goto append;
e89e9cf5 1113 }
e89e9cf5 1114
c547dbf5
JP		 1115 skb->ip_summed = CHECKSUM_PARTIAL;
1116 /* Specify the length of each IPv6 datagram fragment.
1117 * It has to be a multiple of 8.
1118 */
1119 skb_shinfo(skb)->gso_size = (mtu - fragheaderlen -
1120 sizeof(struct frag_hdr)) & ~7;
1121 skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
fd0273d7
MKL		 1122 skb_shinfo(skb)->ip6_frag_id = ipv6_select_ident(sock_net(sk),
1123 &fl6->daddr,
1124 &fl6->saddr);
c547dbf5
JP		 1125
1126append:
2811ebac
HFS		 1127 return skb_append_datato_frags(sk, skb, getfrag, from,
1128 (length - transhdrlen));
e89e9cf5 1129}
1da177e4 1130
0178b695
HX		 1131static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src,
1132 gfp_t gfp)
1133{
1134 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1135}
1136
1137static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src,
1138 gfp_t gfp)
1139{
1140 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1141}
1142
75a493e6 1143static void ip6_append_data_mtu(unsigned int *mtu,
0c183379
G		 1144 int *maxfraglen,
1145 unsigned int fragheaderlen,
1146 struct sk_buff *skb,
75a493e6 1147 struct rt6_info *rt,
e367c2d0 1148 unsigned int orig_mtu)
0c183379
G		 1149{
1150 if (!(rt->dst.flags & DST_XFRM_TUNNEL)) {
63159f29 1151 if (!skb) {
0c183379 1152 /* first fragment, reserve header_len */
e367c2d0 1153 *mtu = orig_mtu - rt->dst.header_len;
0c183379
G		 1154
1155 } else {
1156 /*
1157 * this fragment is not first, the headers
1158 * space is regarded as data space.
1159 */
e367c2d0 1160 *mtu = orig_mtu;
0c183379
G		 1161 }
1162 *maxfraglen = ((*mtu - fragheaderlen) & ~7)
1163 + fragheaderlen - sizeof(struct frag_hdr);
1164 }
1165}
1166
366e41d9
VY		 1167static int ip6_setup_cork(struct sock *sk, struct inet_cork_full *cork,
1168 struct inet6_cork *v6_cork,
1169 int hlimit, int tclass, struct ipv6_txoptions *opt,
1170 struct rt6_info *rt, struct flowi6 *fl6)
1171{
1172 struct ipv6_pinfo *np = inet6_sk(sk);
1173 unsigned int mtu;
1174
1175 /*
1176 * setup for corking
1177 */
1178 if (opt) {
1179 if (WARN_ON(v6_cork->opt))
1180 return -EINVAL;
1181
1182 v6_cork->opt = kzalloc(opt->tot_len, sk->sk_allocation);
63159f29 1183 if (unlikely(!v6_cork->opt))
366e41d9
VY		 1184 return -ENOBUFS;
1185
1186 v6_cork->opt->tot_len = opt->tot_len;
1187 v6_cork->opt->opt_flen = opt->opt_flen;
1188 v6_cork->opt->opt_nflen = opt->opt_nflen;
1189
1190 v6_cork->opt->dst0opt = ip6_opt_dup(opt->dst0opt,
1191 sk->sk_allocation);
1192 if (opt->dst0opt && !v6_cork->opt->dst0opt)
1193 return -ENOBUFS;
1194
1195 v6_cork->opt->dst1opt = ip6_opt_dup(opt->dst1opt,
1196 sk->sk_allocation);
1197 if (opt->dst1opt && !v6_cork->opt->dst1opt)
1198 return -ENOBUFS;
1199
1200 v6_cork->opt->hopopt = ip6_opt_dup(opt->hopopt,
1201 sk->sk_allocation);
1202 if (opt->hopopt && !v6_cork->opt->hopopt)
1203 return -ENOBUFS;
1204
1205 v6_cork->opt->srcrt = ip6_rthdr_dup(opt->srcrt,
1206 sk->sk_allocation);
1207 if (opt->srcrt && !v6_cork->opt->srcrt)
1208 return -ENOBUFS;
1209
1210 /* need source address above miyazawa*/
1211 }
1212 dst_hold(&rt->dst);
1213 cork->base.dst = &rt->dst;
1214 cork->fl.u.ip6 = *fl6;
1215 v6_cork->hop_limit = hlimit;
1216 v6_cork->tclass = tclass;
1217 if (rt->dst.flags & DST_XFRM_TUNNEL)
1218 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ?
1219 rt->dst.dev->mtu : dst_mtu(&rt->dst);
1220 else
1221 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ?
1222 rt->dst.dev->mtu : dst_mtu(rt->dst.path);
1223 if (np->frag_size < mtu) {
1224 if (np->frag_size)
1225 mtu = np->frag_size;
1226 }
1227 cork->base.fragsize = mtu;
1228 if (dst_allfrag(rt->dst.path))
1229 cork->base.flags |= IPCORK_ALLFRAG;
1230 cork->base.length = 0;
1231
1232 return 0;
1233}
1234
0bbe84a6
VY		 1235static int __ip6_append_data(struct sock *sk,
1236 struct flowi6 *fl6,
1237 struct sk_buff_head *queue,
1238 struct inet_cork *cork,
1239 struct inet6_cork *v6_cork,
1240 struct page_frag *pfrag,
1241 int getfrag(void *from, char *to, int offset,
1242 int len, int odd, struct sk_buff *skb),
1243 void *from, int length, int transhdrlen,
1244 unsigned int flags, int dontfrag)
1da177e4 1245{
0c183379 1246 struct sk_buff *skb, *skb_prev = NULL;
e367c2d0 1247 unsigned int maxfraglen, fragheaderlen, mtu, orig_mtu;
0bbe84a6
VY		 1248 int exthdrlen = 0;
1249 int dst_exthdrlen = 0;
1da177e4 1250 int hh_len;
1da177e4
LT		 1251 int copy;
1252 int err;
1253 int offset = 0;
a693e698 1254 __u8 tx_flags = 0;
09c2d251 1255 u32 tskey = 0;
0bbe84a6
VY		 1256 struct rt6_info *rt = (struct rt6_info *)cork->dst;
1257 struct ipv6_txoptions *opt = v6_cork->opt;
32dce968 1258 int csummode = CHECKSUM_NONE;
1da177e4 1259
0bbe84a6
VY		 1260 skb = skb_peek_tail(queue);
1261 if (!skb) {
1262 exthdrlen = opt ? opt->opt_flen : 0;
7efdba5b 1263 dst_exthdrlen = rt->dst.header_len - rt->rt6i_nfheader_len;
1da177e4 1264 }
0bbe84a6 1265
366e41d9 1266 mtu = cork->fragsize;
e367c2d0 1267 orig_mtu = mtu;
1da177e4 1268
d8d1f30b 1269 hh_len = LL_RESERVED_SPACE(rt->dst.dev);
1da177e4 1270
a1b05140 1271 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len +
b4ce9277 1272 (opt ? opt->opt_nflen : 0);
4df98e76
HFS		 1273 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen -
1274 sizeof(struct frag_hdr);
1da177e4
LT		 1275
1276 if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) {
4df98e76
HFS		 1277 unsigned int maxnonfragsize, headersize;
1278
1279 headersize = sizeof(struct ipv6hdr) +
3a1cebe7 1280 (opt ? opt->opt_flen + opt->opt_nflen : 0) +
4df98e76
HFS		 1281 (dst_allfrag(&rt->dst) ?
1282 sizeof(struct frag_hdr) : 0) +
1283 rt->rt6i_nfheader_len;
1284
60ff7467 1285 if (ip6_sk_ignore_df(sk))
0b95227a
HFS		 1286 maxnonfragsize = sizeof(struct ipv6hdr) + IPV6_MAXPLEN;
1287 else
1288 maxnonfragsize = mtu;
4df98e76
HFS		 1289
1290 /* dontfrag active */
1291 if ((cork->length + length > mtu - headersize) && dontfrag &&
1292 (sk->sk_protocol == IPPROTO_UDP ||
1293 sk->sk_protocol == IPPROTO_RAW)) {
1294 ipv6_local_rxpmtu(sk, fl6, mtu - headersize +
1295 sizeof(struct ipv6hdr));
1296 goto emsgsize;
1297 }
1298
1299 if (cork->length + length > maxnonfragsize - headersize) {
1300emsgsize:
1301 ipv6_local_error(sk, EMSGSIZE, fl6,
1302 mtu - headersize +
1303 sizeof(struct ipv6hdr));
1da177e4
LT		 1304 return -EMSGSIZE;
1305 }
1306 }
1307
09c2d251 1308 if (sk->sk_type == SOCK_DGRAM || sk->sk_type == SOCK_RAW) {
bf84a010 1309 sock_tx_timestamp(sk, &tx_flags);
09c2d251
WB		 1310 if (tx_flags & SKBTX_ANY_SW_TSTAMP &&
1311 sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID)
1312 tskey = sk->sk_tskey++;
1313 }
a693e698 1314
32dce968
VY		 1315 /* If this is the first and only packet and device
1316 * supports checksum offloading, let's use it.
e87a468e
VY		 1317 * Use transhdrlen, same as IPv4, because partial
1318 * sums only work when transhdrlen is set.
32dce968 1319 */
e87a468e 1320 if (transhdrlen && sk->sk_protocol == IPPROTO_UDP &&
32dce968
VY		 1321 length + fragheaderlen < mtu &&
1322 rt->dst.dev->features & NETIF_F_V6_CSUM &&
1323 !exthdrlen)
1324 csummode = CHECKSUM_PARTIAL;
1da177e4
LT		 1325 /*
1326 * Let's try using as much space as possible.
1327 * Use MTU if total length of the message fits into the MTU.
1328 * Otherwise, we need to reserve fragment header and
1329 * fragment alignment (= 8-15 octects, in total).
1330 *
1331 * Note that we may need to "move" the data from the tail of
1ab1457c 1332 * of the buffer to the new fragment when we split
1da177e4
LT		 1333 * the message.
1334 *
1ab1457c 1335 * FIXME: It may be fragmented into multiple chunks
1da177e4
LT		 1336 * at once if non-fragmentable extension headers
1337 * are too large.
1ab1457c 1338 * --yoshfuji
1da177e4
LT		 1339 */
1340
2811ebac
HFS		 1341 cork->length += length;
1342 if (((length > mtu) ||
1343 (skb && skb_is_gso(skb))) &&
1344 (sk->sk_protocol == IPPROTO_UDP) &&
acf8dd0a
MK		 1345 (rt->dst.dev->features & NETIF_F_UFO) &&
1346 (sk->sk_type == SOCK_DGRAM)) {
0bbe84a6 1347 err = ip6_ufo_append_data(sk, queue, getfrag, from, length,
2811ebac 1348 hh_len, fragheaderlen,
fd0273d7 1349 transhdrlen, mtu, flags, fl6);
2811ebac
HFS		 1350 if (err)
1351 goto error;
1352 return 0;
e89e9cf5 1353 }
1da177e4 1354
2811ebac 1355 if (!skb)
1da177e4
LT		 1356 goto alloc_new_skb;
1357
1358 while (length > 0) {
1359 /* Check if the remaining data fits into current packet. */
bdc712b4 1360 copy = (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len;
1da177e4
LT		 1361 if (copy < length)
1362 copy = maxfraglen - skb->len;
1363
1364 if (copy <= 0) {
1365 char *data;
1366 unsigned int datalen;
1367 unsigned int fraglen;
1368 unsigned int fraggap;
1369 unsigned int alloclen;
1da177e4 1370alloc_new_skb:
1da177e4 1371 /* There's no room in the current skb */
0c183379
G		 1372 if (skb)
1373 fraggap = skb->len - maxfraglen;
1da177e4
LT		 1374 else
1375 fraggap = 0;
0c183379 1376 /* update mtu and maxfraglen if necessary */
63159f29 1377 if (!skb || !skb_prev)
0c183379 1378 ip6_append_data_mtu(&mtu, &maxfraglen,
75a493e6 1379 fragheaderlen, skb, rt,
e367c2d0 1380 orig_mtu);
0c183379
G		 1381
1382 skb_prev = skb;
1da177e4
LT		 1383
1384 /*
1385 * If remaining data exceeds the mtu,
1386 * we know we need more fragment(s).
1387 */
1388 datalen = length + fraggap;
1da177e4 1389
0c183379
G		 1390 if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)
1391 datalen = maxfraglen - fragheaderlen - rt->dst.trailer_len;
1da177e4 1392 if ((flags & MSG_MORE) &&
d8d1f30b 1393 !(rt->dst.dev->features&NETIF_F_SG))
1da177e4
LT		 1394 alloclen = mtu;
1395 else
1396 alloclen = datalen + fragheaderlen;
1397
299b0767
SK		 1398 alloclen += dst_exthdrlen;
1399
0c183379
G		 1400 if (datalen != length + fraggap) {
1401 /*
1402 * this is not the last fragment, the trailer
1403 * space is regarded as data space.
1404 */
1405 datalen += rt->dst.trailer_len;
1406 }
1407
1408 alloclen += rt->dst.trailer_len;
1409 fraglen = datalen + fragheaderlen;
1da177e4
LT		 1410
1411 /*
1412 * We just reserve space for fragment header.
1ab1457c 1413 * Note: this may be overallocation if the message
1da177e4
LT		 1414 * (without MSG_MORE) fits into the MTU.
1415 */
1416 alloclen += sizeof(struct frag_hdr);
1417
1418 if (transhdrlen) {
1419 skb = sock_alloc_send_skb(sk,
1420 alloclen + hh_len,
1421 (flags & MSG_DONTWAIT), &err);
1422 } else {
1423 skb = NULL;
1424 if (atomic_read(&sk->sk_wmem_alloc) <=
1425 2 * sk->sk_sndbuf)
1426 skb = sock_wmalloc(sk,
1427 alloclen + hh_len, 1,
1428 sk->sk_allocation);
63159f29 1429 if (unlikely(!skb))
1da177e4
LT		 1430 err = -ENOBUFS;
1431 }
63159f29 1432 if (!skb)
1da177e4
LT		 1433 goto error;
1434 /*
1435 * Fill in the control structures
1436 */
9c9c9ad5 1437 skb->protocol = htons(ETH_P_IPV6);
32dce968 1438 skb->ip_summed = csummode;
1da177e4 1439 skb->csum = 0;
1f85851e
G		 1440 /* reserve for fragmentation and ipsec header */
1441 skb_reserve(skb, hh_len + sizeof(struct frag_hdr) +
1442 dst_exthdrlen);
1da177e4 1443
11878b40
WB		 1444 /* Only the initial fragment is time stamped */
1445 skb_shinfo(skb)->tx_flags = tx_flags;
1446 tx_flags = 0;
09c2d251
WB		 1447 skb_shinfo(skb)->tskey = tskey;
1448 tskey = 0;
a693e698 1449
1da177e4
LT		 1450 /*
1451 * Find where to start putting bytes
1452 */
1f85851e
G		 1453 data = skb_put(skb, fraglen);
1454 skb_set_network_header(skb, exthdrlen);
1455 data += fragheaderlen;
b0e380b1
ACM		 1456 skb->transport_header = (skb->network_header +
1457 fragheaderlen);
1da177e4
LT		 1458 if (fraggap) {
1459 skb->csum = skb_copy_and_csum_bits(
1460 skb_prev, maxfraglen,
1461 data + transhdrlen, fraggap, 0);
1462 skb_prev->csum = csum_sub(skb_prev->csum,
1463 skb->csum);
1464 data += fraggap;
e9fa4f7b 1465 pskb_trim_unique(skb_prev, maxfraglen);
1da177e4
LT		 1466 }
1467 copy = datalen - transhdrlen - fraggap;
299b0767 1468
1da177e4
LT		 1469 if (copy < 0) {
1470 err = -EINVAL;
1471 kfree_skb(skb);
1472 goto error;
1473 } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) {
1474 err = -EFAULT;
1475 kfree_skb(skb);
1476 goto error;
1477 }
1478
1479 offset += copy;
1480 length -= datalen - fraggap;
1481 transhdrlen = 0;
1482 exthdrlen = 0;
299b0767 1483 dst_exthdrlen = 0;
1da177e4
LT		 1484
1485 /*
1486 * Put the packet on the pending queue
1487 */
0bbe84a6 1488 __skb_queue_tail(queue, skb);
1da177e4
LT		 1489 continue;
1490 }
1491
1492 if (copy > length)
1493 copy = length;
1494
d8d1f30b 1495 if (!(rt->dst.dev->features&NETIF_F_SG)) {
1da177e4
LT		 1496 unsigned int off;
1497
1498 off = skb->len;
1499 if (getfrag(from, skb_put(skb, copy),
1500 offset, copy, off, skb) < 0) {
1501 __skb_trim(skb, off);
1502 err = -EFAULT;
1503 goto error;
1504 }
1505 } else {
1506 int i = skb_shinfo(skb)->nr_frags;
1da177e4 1507
5640f768
ED		 1508 err = -ENOMEM;
1509 if (!sk_page_frag_refill(sk, pfrag))
1da177e4 1510 goto error;
5640f768
ED		 1511
1512 if (!skb_can_coalesce(skb, i, pfrag->page,
1513 pfrag->offset)) {
1514 err = -EMSGSIZE;
1515 if (i == MAX_SKB_FRAGS)
1516 goto error;
1517
1518 __skb_fill_page_desc(skb, i, pfrag->page,
1519 pfrag->offset, 0);
1520 skb_shinfo(skb)->nr_frags = ++i;
1521 get_page(pfrag->page);
1da177e4 1522 }
5640f768 1523 copy = min_t(int, copy, pfrag->size - pfrag->offset);
9e903e08 1524 if (getfrag(from,
5640f768
ED		 1525 page_address(pfrag->page) + pfrag->offset,
1526 offset, copy, skb->len, skb) < 0)
1527 goto error_efault;
1528
1529 pfrag->offset += copy;
1530 skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
1da177e4
LT		 1531 skb->len += copy;
1532 skb->data_len += copy;
f945fa7a
HX		 1533 skb->truesize += copy;
1534 atomic_add(copy, &sk->sk_wmem_alloc);
1da177e4
LT		 1535 }
1536 offset += copy;
1537 length -= copy;
1538 }
5640f768 1539
1da177e4 1540 return 0;
5640f768
ED		 1541
1542error_efault:
1543 err = -EFAULT;
1da177e4 1544error:
bdc712b4 1545 cork->length -= length;
3bd653c8 1546 IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 1547 return err;
1548}
0bbe84a6
VY		 1549
1550int ip6_append_data(struct sock *sk,
1551 int getfrag(void *from, char *to, int offset, int len,
1552 int odd, struct sk_buff *skb),
1553 void *from, int length, int transhdrlen, int hlimit,
1554 int tclass, struct ipv6_txoptions *opt, struct flowi6 *fl6,
1555 struct rt6_info *rt, unsigned int flags, int dontfrag)
1556{
1557 struct inet_sock *inet = inet_sk(sk);
1558 struct ipv6_pinfo *np = inet6_sk(sk);
1559 int exthdrlen;
1560 int err;
1561
1562 if (flags&MSG_PROBE)
1563 return 0;
1564 if (skb_queue_empty(&sk->sk_write_queue)) {
1565 /*
1566 * setup for corking
1567 */
1568 err = ip6_setup_cork(sk, &inet->cork, &np->cork, hlimit,
1569 tclass, opt, rt, fl6);
1570 if (err)
1571 return err;
1572
1573 exthdrlen = (opt ? opt->opt_flen : 0);
1574 length += exthdrlen;
1575 transhdrlen += exthdrlen;
1576 } else {
1577 fl6 = &inet->cork.fl.u.ip6;
1578 transhdrlen = 0;
1579 }
1580
1581 return __ip6_append_data(sk, fl6, &sk->sk_write_queue, &inet->cork.base,
1582 &np->cork, sk_page_frag(sk), getfrag,
1583 from, length, transhdrlen, flags, dontfrag);
1584}
a495f836 1585EXPORT_SYMBOL_GPL(ip6_append_data);
1da177e4 1586
366e41d9
VY		 1587static void ip6_cork_release(struct inet_cork_full *cork,
1588 struct inet6_cork *v6_cork)
bf138862 1589{
366e41d9
VY		 1590 if (v6_cork->opt) {
1591 kfree(v6_cork->opt->dst0opt);
1592 kfree(v6_cork->opt->dst1opt);
1593 kfree(v6_cork->opt->hopopt);
1594 kfree(v6_cork->opt->srcrt);
1595 kfree(v6_cork->opt);
1596 v6_cork->opt = NULL;
0178b695
HX		 1597 }
1598
366e41d9
VY		 1599 if (cork->base.dst) {
1600 dst_release(cork->base.dst);
1601 cork->base.dst = NULL;
1602 cork->base.flags &= ~IPCORK_ALLFRAG;
bf138862 1603 }
366e41d9 1604 memset(&cork->fl, 0, sizeof(cork->fl));
bf138862
PE		 1605}
1606
6422398c
VY		 1607struct sk_buff *__ip6_make_skb(struct sock *sk,
1608 struct sk_buff_head *queue,
1609 struct inet_cork_full *cork,
1610 struct inet6_cork *v6_cork)
1da177e4
LT		 1611{
1612 struct sk_buff *skb, *tmp_skb;
1613 struct sk_buff **tail_skb;
1614 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf;
1da177e4 1615 struct ipv6_pinfo *np = inet6_sk(sk);
3bd653c8 1616 struct net *net = sock_net(sk);
1da177e4 1617 struct ipv6hdr *hdr;
6422398c
VY		 1618 struct ipv6_txoptions *opt = v6_cork->opt;
1619 struct rt6_info *rt = (struct rt6_info *)cork->base.dst;
1620 struct flowi6 *fl6 = &cork->fl.u.ip6;
4c9483b2 1621 unsigned char proto = fl6->flowi6_proto;
1da177e4 1622
6422398c 1623 skb = __skb_dequeue(queue);
63159f29 1624 if (!skb)
1da177e4
LT		 1625 goto out;
1626 tail_skb = &(skb_shinfo(skb)->frag_list);
1627
1628 /* move skb->data to ip header from ext header */
d56f90a7 1629 if (skb->data < skb_network_header(skb))
bbe735e4 1630 __skb_pull(skb, skb_network_offset(skb));
6422398c 1631 while ((tmp_skb = __skb_dequeue(queue)) != NULL) {
cfe1fc77 1632 __skb_pull(tmp_skb, skb_network_header_len(skb));
1da177e4
LT		 1633 *tail_skb = tmp_skb;
1634 tail_skb = &(tmp_skb->next);
1635 skb->len += tmp_skb->len;
1636 skb->data_len += tmp_skb->len;
1da177e4 1637 skb->truesize += tmp_skb->truesize;
1da177e4
LT		 1638 tmp_skb->destructor = NULL;
1639 tmp_skb->sk = NULL;
1da177e4
LT		 1640 }
1641
28a89453 1642 /* Allow local fragmentation. */
60ff7467 1643 skb->ignore_df = ip6_sk_ignore_df(sk);
28a89453 1644
4e3fd7a0 1645 *final_dst = fl6->daddr;
cfe1fc77 1646 __skb_pull(skb, skb_network_header_len(skb));
1da177e4
LT		 1647 if (opt && opt->opt_flen)
1648 ipv6_push_frag_opts(skb, opt, &proto);
1649 if (opt && opt->opt_nflen)
1650 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst);
1651
e2d1bca7
ACM		 1652 skb_push(skb, sizeof(struct ipv6hdr));
1653 skb_reset_network_header(skb);
0660e03f 1654 hdr = ipv6_hdr(skb);
1ab1457c 1655
6422398c 1656 ip6_flow_hdr(hdr, v6_cork->tclass,
cb1ce2ef 1657 ip6_make_flowlabel(net, skb, fl6->flowlabel,
67800f9b 1658 np->autoflowlabel, fl6));
6422398c 1659 hdr->hop_limit = v6_cork->hop_limit;
1da177e4 1660 hdr->nexthdr = proto;
4e3fd7a0
AD		 1661 hdr->saddr = fl6->saddr;
1662 hdr->daddr = *final_dst;
1da177e4 1663
a2c2064f 1664 skb->priority = sk->sk_priority;
4a19ec58 1665 skb->mark = sk->sk_mark;
a2c2064f 1666
d8d1f30b 1667 skb_dst_set(skb, dst_clone(&rt->dst));
edf391ff 1668 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
14878f75 1669 if (proto == IPPROTO_ICMPV6) {
adf30907 1670 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
14878f75 1671
43a43b60
HFS		 1672 ICMP6MSGOUT_INC_STATS(net, idev, icmp6_hdr(skb)->icmp6_type);
1673 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
14878f75
DS		 1674 }
1675
6422398c
VY		 1676 ip6_cork_release(cork, v6_cork);
1677out:
1678 return skb;
1679}
1680
1681int ip6_send_skb(struct sk_buff *skb)
1682{
1683 struct net *net = sock_net(skb->sk);
1684 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
1685 int err;
1686
ef76bc23 1687 err = ip6_local_out(skb);
1da177e4
LT		 1688 if (err) {
1689 if (err > 0)
6ce9e7b5 1690 err = net_xmit_errno(err);
1da177e4 1691 if (err)
6422398c
VY		 1692 IP6_INC_STATS(net, rt->rt6i_idev,
1693 IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 1694 }
1695
1da177e4 1696 return err;
6422398c
VY		 1697}
1698
1699int ip6_push_pending_frames(struct sock *sk)
1700{
1701 struct sk_buff *skb;
1702
1703 skb = ip6_finish_skb(sk);
1704 if (!skb)
1705 return 0;
1706
1707 return ip6_send_skb(skb);
1da177e4 1708}
a495f836 1709EXPORT_SYMBOL_GPL(ip6_push_pending_frames);
1da177e4 1710
0bbe84a6 1711static void __ip6_flush_pending_frames(struct sock *sk,
6422398c
VY		 1712 struct sk_buff_head *queue,
1713 struct inet_cork_full *cork,
1714 struct inet6_cork *v6_cork)
1da177e4 1715{
1da177e4
LT		 1716 struct sk_buff *skb;
1717
0bbe84a6 1718 while ((skb = __skb_dequeue_tail(queue)) != NULL) {
adf30907
ED		 1719 if (skb_dst(skb))
1720 IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb_dst(skb)),
e1f52208 1721 IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 1722 kfree_skb(skb);
1723 }
1724
6422398c 1725 ip6_cork_release(cork, v6_cork);
1da177e4 1726}
0bbe84a6
VY		 1727
1728void ip6_flush_pending_frames(struct sock *sk)
1729{
6422398c
VY		 1730 __ip6_flush_pending_frames(sk, &sk->sk_write_queue,
1731 &inet_sk(sk)->cork, &inet6_sk(sk)->cork);
0bbe84a6 1732}
a495f836 1733EXPORT_SYMBOL_GPL(ip6_flush_pending_frames);
6422398c
VY		 1734
1735struct sk_buff *ip6_make_skb(struct sock *sk,
1736 int getfrag(void *from, char *to, int offset,
1737 int len, int odd, struct sk_buff *skb),
1738 void *from, int length, int transhdrlen,
1739 int hlimit, int tclass,
1740 struct ipv6_txoptions *opt, struct flowi6 *fl6,
1741 struct rt6_info *rt, unsigned int flags,
1742 int dontfrag)
1743{
1744 struct inet_cork_full cork;
1745 struct inet6_cork v6_cork;
1746 struct sk_buff_head queue;
1747 int exthdrlen = (opt ? opt->opt_flen : 0);
1748 int err;
1749
1750 if (flags & MSG_PROBE)
1751 return NULL;
1752
1753 __skb_queue_head_init(&queue);
1754
1755 cork.base.flags = 0;
1756 cork.base.addr = 0;
1757 cork.base.opt = NULL;
1758 v6_cork.opt = NULL;
1759 err = ip6_setup_cork(sk, &cork, &v6_cork, hlimit, tclass, opt, rt, fl6);
1760 if (err)
1761 return ERR_PTR(err);
1762
1763 if (dontfrag < 0)
1764 dontfrag = inet6_sk(sk)->dontfrag;
1765
1766 err = __ip6_append_data(sk, fl6, &queue, &cork.base, &v6_cork,
1767 &current->task_frag, getfrag, from,
1768 length + exthdrlen, transhdrlen + exthdrlen,
1769 flags, dontfrag);
1770 if (err) {
1771 __ip6_flush_pending_frames(sk, &queue, &cork, &v6_cork);
1772 return ERR_PTR(err);
1773 }
1774
1775 return __ip6_make_skb(sk, &queue, &cork, &v6_cork);
1776}
Linux 6.x block layer and io_uring tree(s)