projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tg3: use netdev_alloc_frag() API
[linux-block.git] / net / ipv6 / ip6_output.c
CommitLineData
1da177e4
LT		 1/*
2 * IPv6 output functions
1ab1457c 3 * Linux INET6 implementation
1da177e4
LT		 4 *
5 * Authors:
1ab1457c 6 * Pedro Roque <roque@di.fc.ul.pt>
1da177e4 7 *
1da177e4
LT		 8 * Based on linux/net/ipv4/ip_output.c
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
14 *
15 * Changes:
16 * A.N.Kuznetsov : airthmetics in fragmentation.
17 * extension headers are implemented.
18 * route changes now work.
19 * ip6_forward does not confuse sniffers.
20 * etc.
21 *
22 * H. von Brand : Added missing #include <linux/string.h>
23 * Imran Patel : frag id should be in NBO
24 * Kazunori MIYAZAWA @USAGI
25 * : add ip6_append_data and related functions
26 * for datagram xmit
27 */
28
1da177e4 29#include <linux/errno.h>
ef76bc23 30#include <linux/kernel.h>
1da177e4
LT		 31#include <linux/string.h>
32#include <linux/socket.h>
33#include <linux/net.h>
34#include <linux/netdevice.h>
35#include <linux/if_arp.h>
36#include <linux/in6.h>
37#include <linux/tcp.h>
38#include <linux/route.h>
b59f45d0 39#include <linux/module.h>
5a0e3ad6 40#include <linux/slab.h>
1da177e4
LT		 41
42#include <linux/netfilter.h>
43#include <linux/netfilter_ipv6.h>
44
45#include <net/sock.h>
46#include <net/snmp.h>
47
48#include <net/ipv6.h>
49#include <net/ndisc.h>
50#include <net/protocol.h>
51#include <net/ip6_route.h>
52#include <net/addrconf.h>
53#include <net/rawv6.h>
54#include <net/icmp.h>
55#include <net/xfrm.h>
56#include <net/checksum.h>
7bc570c8 57#include <linux/mroute6.h>
1da177e4 58
ad0081e4 59int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *));
1da177e4 60
ef76bc23
HX		 61int __ip6_local_out(struct sk_buff *skb)
62{
63 int len;
64
65 len = skb->len - sizeof(struct ipv6hdr);
66 if (len > IPV6_MAXPLEN)
67 len = 0;
68 ipv6_hdr(skb)->payload_len = htons(len);
69
b2e0b385
JE		 70 return nf_hook(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL,
71 skb_dst(skb)->dev, dst_output);
ef76bc23
HX		 72}
73
74int ip6_local_out(struct sk_buff *skb)
75{
76 int err;
77
78 err = __ip6_local_out(skb);
79 if (likely(err == 1))
80 err = dst_output(skb);
81
82 return err;
83}
84EXPORT_SYMBOL_GPL(ip6_local_out);
85
1da177e4
LT		 86/* dev_loopback_xmit for use with netfilter. */
87static int ip6_dev_loopback_xmit(struct sk_buff *newskb)
88{
459a98ed 89 skb_reset_mac_header(newskb);
bbe735e4 90 __skb_pull(newskb, skb_network_offset(newskb));
1da177e4
LT		 91 newskb->pkt_type = PACKET_LOOPBACK;
92 newskb->ip_summed = CHECKSUM_UNNECESSARY;
adf30907 93 WARN_ON(!skb_dst(newskb));
1da177e4 94
e30b38c2 95 netif_rx_ni(newskb);
1da177e4
LT		 96 return 0;
97}
98
9e508490 99static int ip6_finish_output2(struct sk_buff *skb)
1da177e4 100{
adf30907 101 struct dst_entry *dst = skb_dst(skb);
1da177e4 102 struct net_device *dev = dst->dev;
f6b72b62 103 struct neighbour *neigh;
1da177e4
LT		 104
105 skb->protocol = htons(ETH_P_IPV6);
106 skb->dev = dev;
107
0660e03f 108 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
adf30907 109 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
1da177e4 110
7ad6848c 111 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(skb->sk) &&
d1db275d 112 ((mroute6_socket(dev_net(dev), skb) &&
bd91b8bf 113 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
7bc570c8
YH		 114 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
115 &ipv6_hdr(skb)->saddr))) {
1da177e4
LT		 116 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
117
118 /* Do not check for IFF_ALLMULTI; multicast routing
119 is not supported in any case.
120 */
121 if (newskb)
b2e0b385
JE		 122 NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING,
123 newskb, NULL, newskb->dev,
1da177e4
LT		 124 ip6_dev_loopback_xmit);
125
0660e03f 126 if (ipv6_hdr(skb)->hop_limit == 0) {
3bd653c8
DL		 127 IP6_INC_STATS(dev_net(dev), idev,
128 IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 129 kfree_skb(skb);
130 return 0;
131 }
132 }
133
edf391ff
NH		 134 IP6_UPD_PO_STATS(dev_net(dev), idev, IPSTATS_MIB_OUTMCAST,
135 skb->len);
1da177e4
LT		 136 }
137
f2c31e32 138 rcu_read_lock();
27217455 139 neigh = dst_get_neighbour_noref(dst);
f2c31e32
ED		 140 if (neigh) {
141 int res = neigh_output(neigh, skb);
05e3aa09 142
f2c31e32
ED		 143 rcu_read_unlock();
144 return res;
145 }
146 rcu_read_unlock();
9e508490
JE		 147 IP6_INC_STATS_BH(dev_net(dst->dev),
148 ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
149 kfree_skb(skb);
150 return -EINVAL;
1da177e4
LT		 151}
152
9e508490
JE		 153static int ip6_finish_output(struct sk_buff *skb)
154{
155 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
156 dst_allfrag(skb_dst(skb)))
157 return ip6_fragment(skb, ip6_finish_output2);
158 else
159 return ip6_finish_output2(skb);
160}
161
1da177e4
LT		 162int ip6_output(struct sk_buff *skb)
163{
9e508490 164 struct net_device *dev = skb_dst(skb)->dev;
adf30907 165 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
778d80be 166 if (unlikely(idev->cnf.disable_ipv6)) {
9e508490 167 IP6_INC_STATS(dev_net(dev), idev,
3bd653c8 168 IPSTATS_MIB_OUTDISCARDS);
778d80be
YH		 169 kfree_skb(skb);
170 return 0;
171 }
172
9c6eb28a
JE		 173 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, NULL, dev,
174 ip6_finish_output,
175 !(IP6CB(skb)->flags & IP6SKB_REROUTED));
1da177e4
LT		 176}
177
1da177e4 178/*
b5d43998 179 * xmit an sk_buff (used by TCP, SCTP and DCCP)
1da177e4
LT		 180 */
181
4c9483b2 182int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
b903d324 183 struct ipv6_txoptions *opt, int tclass)
1da177e4 184{
3bd653c8 185 struct net *net = sock_net(sk);
b30bd282 186 struct ipv6_pinfo *np = inet6_sk(sk);
4c9483b2 187 struct in6_addr *first_hop = &fl6->daddr;
adf30907 188 struct dst_entry *dst = skb_dst(skb);
1da177e4 189 struct ipv6hdr *hdr;
4c9483b2 190 u8 proto = fl6->flowi6_proto;
1da177e4 191 int seg_len = skb->len;
e651f03a 192 int hlimit = -1;
1da177e4
LT		 193 u32 mtu;
194
195 if (opt) {
c2636b4d 196 unsigned int head_room;
1da177e4
LT		 197
198 /* First: exthdrs may take lots of space (~8K for now)
199 MAX_HEADER is not enough.
200 */
201 head_room = opt->opt_nflen + opt->opt_flen;
202 seg_len += head_room;
203 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev);
204
205 if (skb_headroom(skb) < head_room) {
206 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room);
a11d206d 207 if (skb2 == NULL) {
adf30907 208 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
a11d206d
YH		 209 IPSTATS_MIB_OUTDISCARDS);
210 kfree_skb(skb);
1da177e4
LT		 211 return -ENOBUFS;
212 }
808db80a 213 consume_skb(skb);
a11d206d 214 skb = skb2;
83d7eb29 215 skb_set_owner_w(skb, sk);
1da177e4
LT		 216 }
217 if (opt->opt_flen)
218 ipv6_push_frag_opts(skb, opt, &proto);
219 if (opt->opt_nflen)
220 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop);
221 }
222
e2d1bca7
ACM		 223 skb_push(skb, sizeof(struct ipv6hdr));
224 skb_reset_network_header(skb);
0660e03f 225 hdr = ipv6_hdr(skb);
1da177e4
LT		 226
227 /*
228 * Fill in the IPv6 header
229 */
b903d324 230 if (np)
1da177e4
LT		 231 hlimit = np->hop_limit;
232 if (hlimit < 0)
6b75d090 233 hlimit = ip6_dst_hoplimit(dst);
1da177e4 234
4c9483b2 235 *(__be32 *)hdr = htonl(0x60000000 | (tclass << 20)) | fl6->flowlabel;
41a1f8ea 236
1da177e4
LT		 237 hdr->payload_len = htons(seg_len);
238 hdr->nexthdr = proto;
239 hdr->hop_limit = hlimit;
240
4e3fd7a0
AD		 241 hdr->saddr = fl6->saddr;
242 hdr->daddr = *first_hop;
1da177e4 243
a2c2064f 244 skb->priority = sk->sk_priority;
4a19ec58 245 skb->mark = sk->sk_mark;
a2c2064f 246
1da177e4 247 mtu = dst_mtu(dst);
283d07ac 248 if ((skb->len <= mtu) || skb->local_df || skb_is_gso(skb)) {
adf30907 249 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)),
edf391ff 250 IPSTATS_MIB_OUT, skb->len);
b2e0b385
JE		 251 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL,
252 dst->dev, dst_output);
1da177e4
LT		 253 }
254
e87cc472 255 net_dbg_ratelimited("IPv6: sending pkt_too_big to self\n");
1da177e4 256 skb->dev = dst->dev;
3ffe533c 257 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
adf30907 258 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS);
1da177e4
LT		 259 kfree_skb(skb);
260 return -EMSGSIZE;
261}
262
7159039a
YH		 263EXPORT_SYMBOL(ip6_xmit);
264
1da177e4
LT		 265/*
266 * To avoid extra problems ND packets are send through this
267 * routine. It's code duplication but I really want to avoid
268 * extra checks since ipv6_build_header is used by TCP (which
269 * is for us performance critical)
270 */
271
272int ip6_nd_hdr(struct sock *sk, struct sk_buff *skb, struct net_device *dev,
9acd9f3a 273 const struct in6_addr *saddr, const struct in6_addr *daddr,
1da177e4
LT		 274 int proto, int len)
275{
276 struct ipv6_pinfo *np = inet6_sk(sk);
277 struct ipv6hdr *hdr;
1da177e4
LT		 278
279 skb->protocol = htons(ETH_P_IPV6);
280 skb->dev = dev;
281
55f79cc0
ACM		 282 skb_reset_network_header(skb);
283 skb_put(skb, sizeof(struct ipv6hdr));
0660e03f 284 hdr = ipv6_hdr(skb);
1da177e4 285
ae08e1f0 286 *(__be32*)hdr = htonl(0x60000000);
1da177e4
LT		 287
288 hdr->payload_len = htons(len);
289 hdr->nexthdr = proto;
290 hdr->hop_limit = np->hop_limit;
291
4e3fd7a0
AD		 292 hdr->saddr = *saddr;
293 hdr->daddr = *daddr;
1da177e4
LT		 294
295 return 0;
296}
297
298static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
299{
300 struct ip6_ra_chain *ra;
301 struct sock *last = NULL;
302
303 read_lock(&ip6_ra_lock);
304 for (ra = ip6_ra_chain; ra; ra = ra->next) {
305 struct sock *sk = ra->sk;
0bd1b59b
AM		 306 if (sk && ra->sel == sel &&
307 (!sk->sk_bound_dev_if ||
308 sk->sk_bound_dev_if == skb->dev->ifindex)) {
1da177e4
LT		 309 if (last) {
310 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
311 if (skb2)
312 rawv6_rcv(last, skb2);
313 }
314 last = sk;
315 }
316 }
317
318 if (last) {
319 rawv6_rcv(last, skb);
320 read_unlock(&ip6_ra_lock);
321 return 1;
322 }
323 read_unlock(&ip6_ra_lock);
324 return 0;
325}
326
e21e0b5f
VN		 327static int ip6_forward_proxy_check(struct sk_buff *skb)
328{
0660e03f 329 struct ipv6hdr *hdr = ipv6_hdr(skb);
e21e0b5f 330 u8 nexthdr = hdr->nexthdr;
75f2811c 331 __be16 frag_off;
e21e0b5f
VN		 332 int offset;
333
334 if (ipv6_ext_hdr(nexthdr)) {
75f2811c 335 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr, &frag_off);
e21e0b5f
VN		 336 if (offset < 0)
337 return 0;
338 } else
339 offset = sizeof(struct ipv6hdr);
340
341 if (nexthdr == IPPROTO_ICMPV6) {
342 struct icmp6hdr *icmp6;
343
d56f90a7
ACM		 344 if (!pskb_may_pull(skb, (skb_network_header(skb) +
345 offset + 1 - skb->data)))
e21e0b5f
VN		 346 return 0;
347
d56f90a7 348 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset);
e21e0b5f
VN		 349
350 switch (icmp6->icmp6_type) {
351 case NDISC_ROUTER_SOLICITATION:
352 case NDISC_ROUTER_ADVERTISEMENT:
353 case NDISC_NEIGHBOUR_SOLICITATION:
354 case NDISC_NEIGHBOUR_ADVERTISEMENT:
355 case NDISC_REDIRECT:
356 /* For reaction involving unicast neighbor discovery
357 * message destined to the proxied address, pass it to
358 * input function.
359 */
360 return 1;
361 default:
362 break;
363 }
364 }
365
74553b09
VN		 366 /*
367 * The proxying router can't forward traffic sent to a link-local
368 * address, so signal the sender and discard the packet. This
369 * behavior is clarified by the MIPv6 specification.
370 */
371 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) {
372 dst_link_failure(skb);
373 return -1;
374 }
375
e21e0b5f
VN		 376 return 0;
377}
378
1da177e4
LT		 379static inline int ip6_forward_finish(struct sk_buff *skb)
380{
381 return dst_output(skb);
382}
383
384int ip6_forward(struct sk_buff *skb)
385{
adf30907 386 struct dst_entry *dst = skb_dst(skb);
0660e03f 387 struct ipv6hdr *hdr = ipv6_hdr(skb);
1da177e4 388 struct inet6_skb_parm *opt = IP6CB(skb);
c346dca1 389 struct net *net = dev_net(dst->dev);
14f3ad6f 390 u32 mtu;
1ab1457c 391
53b7997f 392 if (net->ipv6.devconf_all->forwarding == 0)
1da177e4
LT		 393 goto error;
394
4497b076
BH		 395 if (skb_warn_if_lro(skb))
396 goto drop;
397
1da177e4 398 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
3bd653c8 399 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
1da177e4
LT		 400 goto drop;
401 }
402
72b43d08
AK		 403 if (skb->pkt_type != PACKET_HOST)
404 goto drop;
405
35fc92a9 406 skb_forward_csum(skb);
1da177e4
LT		 407
408 /*
409 * We DO NOT make any processing on
410 * RA packets, pushing them to user level AS IS
411 * without ane WARRANTY that application will be able
412 * to interpret them. The reason is that we
413 * cannot make anything clever here.
414 *
415 * We are not end-node, so that if packet contains
416 * AH/ESP, we cannot make anything.
417 * Defragmentation also would be mistake, RA packets
418 * cannot be fragmented, because there is no warranty
419 * that different fragments will go along one path. --ANK
420 */
421 if (opt->ra) {
d56f90a7 422 u8 *ptr = skb_network_header(skb) + opt->ra;
1da177e4
LT		 423 if (ip6_call_ra_chain(skb, (ptr[2]<<8) + ptr[3]))
424 return 0;
425 }
426
427 /*
428 * check and decrement ttl
429 */
430 if (hdr->hop_limit <= 1) {
431 /* Force OUTPUT device used as source address */
432 skb->dev = dst->dev;
3ffe533c 433 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0);
483a47d2
DL		 434 IP6_INC_STATS_BH(net,
435 ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS);
1da177e4
LT		 436
437 kfree_skb(skb);
438 return -ETIMEDOUT;
439 }
440
fbea49e1 441 /* XXX: idev->cnf.proxy_ndp? */
53b7997f 442 if (net->ipv6.devconf_all->proxy_ndp &&
8a3edd80 443 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
74553b09
VN		 444 int proxied = ip6_forward_proxy_check(skb);
445 if (proxied > 0)
e21e0b5f 446 return ip6_input(skb);
74553b09 447 else if (proxied < 0) {
3bd653c8
DL		 448 IP6_INC_STATS(net, ip6_dst_idev(dst),
449 IPSTATS_MIB_INDISCARDS);
74553b09
VN		 450 goto drop;
451 }
e21e0b5f
VN		 452 }
453
1da177e4 454 if (!xfrm6_route_forward(skb)) {
3bd653c8 455 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
1da177e4
LT		 456 goto drop;
457 }
adf30907 458 dst = skb_dst(skb);
1da177e4
LT		 459
460 /* IPv6 specs say nothing about it, but it is clear that we cannot
461 send redirects to source routed frames.
1e5dc146 462 We don't send redirects to frames decapsulated from IPsec.
1da177e4 463 */
c45a3dfb 464 if (skb->dev == dst->dev && opt->srcrt == 0 && !skb_sec_path(skb)) {
1da177e4
LT		 465 struct in6_addr *target = NULL;
466 struct rt6_info *rt;
1da177e4
LT		 467
468 /*
469 * incoming and outgoing devices are the same
470 * send a redirect.
471 */
472
473 rt = (struct rt6_info *) dst;
c45a3dfb
DM		 474 if (rt->rt6i_flags & RTF_GATEWAY)
475 target = &rt->rt6i_gateway;
1da177e4
LT		 476 else
477 target = &hdr->daddr;
478
92d86829
DM		 479 if (!rt->rt6i_peer)
480 rt6_bind_peer(rt, 1);
481
1da177e4
LT		 482 /* Limit redirects both by destination (here)
483 and by source (inside ndisc_send_redirect)
484 */
92d86829 485 if (inet_peer_xrlim_allow(rt->rt6i_peer, 1*HZ))
4991969a 486 ndisc_send_redirect(skb, target);
5bb1ab09
DS		 487 } else {
488 int addrtype = ipv6_addr_type(&hdr->saddr);
489
1da177e4 490 /* This check is security critical. */
f81b2e7d
YH		 491 if (addrtype == IPV6_ADDR_ANY ||
492 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
5bb1ab09
DS		 493 goto error;
494 if (addrtype & IPV6_ADDR_LINKLOCAL) {
495 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
3ffe533c 496 ICMPV6_NOT_NEIGHBOUR, 0);
5bb1ab09
DS		 497 goto error;
498 }
1da177e4
LT		 499 }
500
14f3ad6f
UW		 501 mtu = dst_mtu(dst);
502 if (mtu < IPV6_MIN_MTU)
503 mtu = IPV6_MIN_MTU;
504
0aa68271 505 if (skb->len > mtu && !skb_is_gso(skb)) {
1da177e4
LT		 506 /* Again, force OUTPUT device used as source address */
507 skb->dev = dst->dev;
14f3ad6f 508 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
483a47d2
DL		 509 IP6_INC_STATS_BH(net,
510 ip6_dst_idev(dst), IPSTATS_MIB_INTOOBIGERRORS);
511 IP6_INC_STATS_BH(net,
512 ip6_dst_idev(dst), IPSTATS_MIB_FRAGFAILS);
1da177e4
LT		 513 kfree_skb(skb);
514 return -EMSGSIZE;
515 }
516
517 if (skb_cow(skb, dst->dev->hard_header_len)) {
3bd653c8 518 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 519 goto drop;
520 }
521
0660e03f 522 hdr = ipv6_hdr(skb);
1da177e4
LT		 523
524 /* Mangling hops number delayed to point after skb COW */
1ab1457c 525
1da177e4
LT		 526 hdr->hop_limit--;
527
483a47d2 528 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
b2e0b385 529 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, skb, skb->dev, dst->dev,
6e23ae2a 530 ip6_forward_finish);
1da177e4
LT		 531
532error:
483a47d2 533 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS);
1da177e4
LT		 534drop:
535 kfree_skb(skb);
536 return -EINVAL;
537}
538
539static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
540{
541 to->pkt_type = from->pkt_type;
542 to->priority = from->priority;
543 to->protocol = from->protocol;
adf30907
ED		 544 skb_dst_drop(to);
545 skb_dst_set(to, dst_clone(skb_dst(from)));
1da177e4 546 to->dev = from->dev;
82e91ffe 547 to->mark = from->mark;
1da177e4
LT		 548
549#ifdef CONFIG_NET_SCHED
550 to->tc_index = from->tc_index;
551#endif
e7ac05f3 552 nf_copy(to, from);
ba9dda3a
JK		 553#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
554 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
555 to->nf_trace = from->nf_trace;
556#endif
984bc16c 557 skb_copy_secmark(to, from);
1da177e4
LT		 558}
559
560int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
561{
562 u16 offset = sizeof(struct ipv6hdr);
0660e03f
ACM		 563 struct ipv6_opt_hdr *exthdr =
564 (struct ipv6_opt_hdr *)(ipv6_hdr(skb) + 1);
27a884dc 565 unsigned int packet_len = skb->tail - skb->network_header;
1da177e4 566 int found_rhdr = 0;
0660e03f 567 *nexthdr = &ipv6_hdr(skb)->nexthdr;
1da177e4
LT		 568
569 while (offset + 1 <= packet_len) {
570
571 switch (**nexthdr) {
572
573 case NEXTHDR_HOP:
27637df9 574 break;
1da177e4 575 case NEXTHDR_ROUTING:
27637df9
MN		 576 found_rhdr = 1;
577 break;
1da177e4 578 case NEXTHDR_DEST:
59fbb3a6 579#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
27637df9
MN		 580 if (ipv6_find_tlv(skb, offset, IPV6_TLV_HAO) >= 0)
581 break;
582#endif
583 if (found_rhdr)
584 return offset;
1da177e4
LT		 585 break;
586 default :
587 return offset;
588 }
27637df9
MN		 589
590 offset += ipv6_optlen(exthdr);
591 *nexthdr = &exthdr->nexthdr;
d56f90a7
ACM		 592 exthdr = (struct ipv6_opt_hdr *)(skb_network_header(skb) +
593 offset);
1da177e4
LT		 594 }
595
596 return offset;
597}
598
87c48fa3
ED		 599void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
600{
601 static atomic_t ipv6_fragmentation_id;
602 int old, new;
603
e688a604 604 if (rt && !(rt->dst.flags & DST_NOPEER)) {
87c48fa3
ED		 605 struct inet_peer *peer;
606
607 if (!rt->rt6i_peer)
608 rt6_bind_peer(rt, 1);
609 peer = rt->rt6i_peer;
610 if (peer) {
611 fhdr->identification = htonl(inet_getid(peer, 0));
612 return;
613 }
614 }
615 do {
616 old = atomic_read(&ipv6_fragmentation_id);
617 new = old + 1;
618 if (!new)
619 new = 1;
620 } while (atomic_cmpxchg(&ipv6_fragmentation_id, old, new) != old);
621 fhdr->identification = htonl(new);
622}
623
ad0081e4 624int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
1da177e4 625{
1da177e4 626 struct sk_buff *frag;
adf30907 627 struct rt6_info *rt = (struct rt6_info*)skb_dst(skb);
d91675f9 628 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
1da177e4
LT		 629 struct ipv6hdr *tmp_hdr;
630 struct frag_hdr *fh;
631 unsigned int mtu, hlen, left, len;
a7ae1992 632 int hroom, troom;
ae08e1f0 633 __be32 frag_id = 0;
1da177e4
LT		 634 int ptr, offset = 0, err=0;
635 u8 *prevhdr, nexthdr = 0;
adf30907 636 struct net *net = dev_net(skb_dst(skb)->dev);
1da177e4 637
1da177e4
LT		 638 hlen = ip6_find_1stfragopt(skb, &prevhdr);
639 nexthdr = *prevhdr;
640
628a5c56 641 mtu = ip6_skb_dst_mtu(skb);
b881ef76
JH		 642
643 /* We must not fragment if the socket is set to force MTU discovery
14f3ad6f 644 * or if the skb it not generated by a local socket.
b881ef76 645 */
f2228f78 646 if (!skb->local_df && skb->len > mtu) {
adf30907 647 skb->dev = skb_dst(skb)->dev;
3ffe533c 648 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
adf30907 649 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
3bd653c8 650 IPSTATS_MIB_FRAGFAILS);
b881ef76
JH		 651 kfree_skb(skb);
652 return -EMSGSIZE;
653 }
654
d91675f9
YH		 655 if (np && np->frag_size < mtu) {
656 if (np->frag_size)
657 mtu = np->frag_size;
658 }
659 mtu -= hlen + sizeof(struct frag_hdr);
1da177e4 660
21dc3301 661 if (skb_has_frag_list(skb)) {
1da177e4 662 int first_len = skb_pagelen(skb);
3d13008e 663 struct sk_buff *frag2;
1da177e4
LT		 664
665 if (first_len - hlen > mtu ||
666 ((first_len - hlen) & 7) ||
667 skb_cloned(skb))
668 goto slow_path;
669
4d9092bb 670 skb_walk_frags(skb, frag) {
1da177e4
LT		 671 /* Correct geometry. */
672 if (frag->len > mtu ||
673 ((frag->len & 7) && frag->next) ||
674 skb_headroom(frag) < hlen)
3d13008e 675 goto slow_path_clean;
1da177e4 676
1da177e4
LT		 677 /* Partially cloned skb? */
678 if (skb_shared(frag))
3d13008e 679 goto slow_path_clean;
2fdba6b0
HX		 680
681 BUG_ON(frag->sk);
682 if (skb->sk) {
2fdba6b0
HX		 683 frag->sk = skb->sk;
684 frag->destructor = sock_wfree;
2fdba6b0 685 }
3d13008e 686 skb->truesize -= frag->truesize;
1da177e4
LT		 687 }
688
689 err = 0;
690 offset = 0;
691 frag = skb_shinfo(skb)->frag_list;
4d9092bb 692 skb_frag_list_init(skb);
1da177e4
LT		 693 /* BUILD HEADER */
694
9a217a1c 695 *prevhdr = NEXTHDR_FRAGMENT;
d56f90a7 696 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
1da177e4 697 if (!tmp_hdr) {
adf30907 698 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
3bd653c8 699 IPSTATS_MIB_FRAGFAILS);
1da177e4
LT		 700 return -ENOMEM;
701 }
702
1da177e4
LT		 703 __skb_pull(skb, hlen);
704 fh = (struct frag_hdr*)__skb_push(skb, sizeof(struct frag_hdr));
e2d1bca7
ACM		 705 __skb_push(skb, hlen);
706 skb_reset_network_header(skb);
d56f90a7 707 memcpy(skb_network_header(skb), tmp_hdr, hlen);
1da177e4 708
87c48fa3 709 ipv6_select_ident(fh, rt);
1da177e4
LT		 710 fh->nexthdr = nexthdr;
711 fh->reserved = 0;
712 fh->frag_off = htons(IP6_MF);
713 frag_id = fh->identification;
714
715 first_len = skb_pagelen(skb);
716 skb->data_len = first_len - skb_headlen(skb);
717 skb->len = first_len;
0660e03f
ACM		 718 ipv6_hdr(skb)->payload_len = htons(first_len -
719 sizeof(struct ipv6hdr));
a11d206d 720
d8d1f30b 721 dst_hold(&rt->dst);
1da177e4
LT		 722
723 for (;;) {
724 /* Prepare header of the next frame,
725 * before previous one went down. */
726 if (frag) {
727 frag->ip_summed = CHECKSUM_NONE;
badff6d0 728 skb_reset_transport_header(frag);
1da177e4 729 fh = (struct frag_hdr*)__skb_push(frag, sizeof(struct frag_hdr));
e2d1bca7
ACM		 730 __skb_push(frag, hlen);
731 skb_reset_network_header(frag);
d56f90a7
ACM		 732 memcpy(skb_network_header(frag), tmp_hdr,
733 hlen);
1da177e4
LT		 734 offset += skb->len - hlen - sizeof(struct frag_hdr);
735 fh->nexthdr = nexthdr;
736 fh->reserved = 0;
737 fh->frag_off = htons(offset);
738 if (frag->next != NULL)
739 fh->frag_off |= htons(IP6_MF);
740 fh->identification = frag_id;
0660e03f
ACM		 741 ipv6_hdr(frag)->payload_len =
742 htons(frag->len -
743 sizeof(struct ipv6hdr));
1da177e4
LT		 744 ip6_copy_metadata(frag, skb);
745 }
1ab1457c 746
1da177e4 747 err = output(skb);
dafee490 748 if(!err)
d8d1f30b 749 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
3bd653c8 750 IPSTATS_MIB_FRAGCREATES);
dafee490 751
1da177e4
LT		 752 if (err || !frag)
753 break;
754
755 skb = frag;
756 frag = skb->next;
757 skb->next = NULL;
758 }
759
a51482bd 760 kfree(tmp_hdr);
1da177e4
LT		 761
762 if (err == 0) {
d8d1f30b 763 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
3bd653c8 764 IPSTATS_MIB_FRAGOKS);
d8d1f30b 765 dst_release(&rt->dst);
1da177e4
LT		 766 return 0;
767 }
768
769 while (frag) {
770 skb = frag->next;
771 kfree_skb(frag);
772 frag = skb;
773 }
774
d8d1f30b 775 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
3bd653c8 776 IPSTATS_MIB_FRAGFAILS);
d8d1f30b 777 dst_release(&rt->dst);
1da177e4 778 return err;
3d13008e
ED		 779
780slow_path_clean:
781 skb_walk_frags(skb, frag2) {
782 if (frag2 == frag)
783 break;
784 frag2->sk = NULL;
785 frag2->destructor = NULL;
786 skb->truesize += frag2->truesize;
787 }
1da177e4
LT		 788 }
789
790slow_path:
72e843bb
ED		 791 if ((skb->ip_summed == CHECKSUM_PARTIAL) &&
792 skb_checksum_help(skb))
793 goto fail;
794
1da177e4
LT		 795 left = skb->len - hlen; /* Space per frame */
796 ptr = hlen; /* Where to start from */
797
798 /*
799 * Fragment the datagram.
800 */
801
802 *prevhdr = NEXTHDR_FRAGMENT;
a7ae1992
HX		 803 hroom = LL_RESERVED_SPACE(rt->dst.dev);
804 troom = rt->dst.dev->needed_tailroom;
1da177e4
LT		 805
806 /*
807 * Keep copying data until we run out.
808 */
809 while(left > 0) {
810 len = left;
811 /* IF: it doesn't fit, use 'mtu' - the data space left */
812 if (len > mtu)
813 len = mtu;
25985edc 814 /* IF: we are not sending up to and including the packet end
1da177e4
LT		 815 then align the next start on an eight byte boundary */
816 if (len < left) {
817 len &= ~7;
818 }
819 /*
820 * Allocate buffer.
821 */
822
a7ae1992
HX		 823 if ((frag = alloc_skb(len + hlen + sizeof(struct frag_hdr) +
824 hroom + troom, GFP_ATOMIC)) == NULL) {
64ce2073 825 NETDEBUG(KERN_INFO "IPv6: frag: no memory for new fragment!\n");
adf30907 826 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
a11d206d 827 IPSTATS_MIB_FRAGFAILS);
1da177e4
LT		 828 err = -ENOMEM;
829 goto fail;
830 }
831
832 /*
833 * Set up data on packet
834 */
835
836 ip6_copy_metadata(frag, skb);
a7ae1992 837 skb_reserve(frag, hroom);
1da177e4 838 skb_put(frag, len + hlen + sizeof(struct frag_hdr));
c1d2bbe1 839 skb_reset_network_header(frag);
badff6d0 840 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen);
b0e380b1
ACM		 841 frag->transport_header = (frag->network_header + hlen +
842 sizeof(struct frag_hdr));
1da177e4
LT		 843
844 /*
845 * Charge the memory for the fragment to any owner
846 * it might possess
847 */
848 if (skb->sk)
849 skb_set_owner_w(frag, skb->sk);
850
851 /*
852 * Copy the packet header into the new buffer.
853 */
d626f62b 854 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen);
1da177e4
LT		 855
856 /*
857 * Build fragment header.
858 */
859 fh->nexthdr = nexthdr;
860 fh->reserved = 0;
f36d6ab1 861 if (!frag_id) {
87c48fa3 862 ipv6_select_ident(fh, rt);
1da177e4
LT		 863 frag_id = fh->identification;
864 } else
865 fh->identification = frag_id;
866
867 /*
868 * Copy a block of the IP datagram.
869 */
8984e41d 870 if (skb_copy_bits(skb, ptr, skb_transport_header(frag), len))
1da177e4
LT		 871 BUG();
872 left -= len;
873
874 fh->frag_off = htons(offset);
875 if (left > 0)
876 fh->frag_off |= htons(IP6_MF);
0660e03f
ACM		 877 ipv6_hdr(frag)->payload_len = htons(frag->len -
878 sizeof(struct ipv6hdr));
1da177e4
LT		 879
880 ptr += len;
881 offset += len;
882
883 /*
884 * Put this fragment into the sending queue.
885 */
1da177e4
LT		 886 err = output(frag);
887 if (err)
888 goto fail;
dafee490 889
adf30907 890 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
3bd653c8 891 IPSTATS_MIB_FRAGCREATES);
1da177e4 892 }
adf30907 893 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
a11d206d 894 IPSTATS_MIB_FRAGOKS);
808db80a 895 consume_skb(skb);
1da177e4
LT		 896 return err;
897
898fail:
adf30907 899 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
a11d206d 900 IPSTATS_MIB_FRAGFAILS);
1ab1457c 901 kfree_skb(skb);
1da177e4
LT		 902 return err;
903}
904
b71d1d42
ED		 905static inline int ip6_rt_check(const struct rt6key *rt_key,
906 const struct in6_addr *fl_addr,
907 const struct in6_addr *addr_cache)
cf6b1982 908{
a02cec21
ED		 909 return (rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) &&
910 (addr_cache == NULL || !ipv6_addr_equal(fl_addr, addr_cache));
cf6b1982
YH		 911}
912
497c615a
HX		 913static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
914 struct dst_entry *dst,
b71d1d42 915 const struct flowi6 *fl6)
1da177e4 916{
497c615a
HX		 917 struct ipv6_pinfo *np = inet6_sk(sk);
918 struct rt6_info *rt = (struct rt6_info *)dst;
1da177e4 919
497c615a
HX		 920 if (!dst)
921 goto out;
922
923 /* Yes, checking route validity in not connected
924 * case is not very simple. Take into account,
925 * that we do not support routing by source, TOS,
926 * and MSG_DONTROUTE --ANK (980726)
927 *
cf6b1982
YH		 928 * 1. ip6_rt_check(): If route was host route,
929 * check that cached destination is current.
497c615a
HX		 930 * If it is network route, we still may
931 * check its validity using saved pointer
932 * to the last used address: daddr_cache.
933 * We do not want to save whole address now,
934 * (because main consumer of this service
935 * is tcp, which has not this problem),
936 * so that the last trick works only on connected
937 * sockets.
938 * 2. oif also should be the same.
939 */
4c9483b2 940 if (ip6_rt_check(&rt->rt6i_dst, &fl6->daddr, np->daddr_cache) ||
8e1ef0a9 941#ifdef CONFIG_IPV6_SUBTREES
4c9483b2 942 ip6_rt_check(&rt->rt6i_src, &fl6->saddr, np->saddr_cache) ||
8e1ef0a9 943#endif
4c9483b2 944 (fl6->flowi6_oif && fl6->flowi6_oif != dst->dev->ifindex)) {
497c615a
HX		 945 dst_release(dst);
946 dst = NULL;
1da177e4
LT		 947 }
948
497c615a
HX		 949out:
950 return dst;
951}
952
953static int ip6_dst_lookup_tail(struct sock *sk,
4c9483b2 954 struct dst_entry **dst, struct flowi6 *fl6)
497c615a 955{
3b1e0a65 956 struct net *net = sock_net(sk);
69cce1d1
DM		 957#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
958 struct neighbour *n;
959#endif
960 int err;
497c615a 961
1da177e4 962 if (*dst == NULL)
4c9483b2 963 *dst = ip6_route_output(net, sk, fl6);
1da177e4
LT		 964
965 if ((err = (*dst)->error))
966 goto out_err_release;
967
4c9483b2 968 if (ipv6_addr_any(&fl6->saddr)) {
c3968a85
DW		 969 struct rt6_info *rt = (struct rt6_info *) *dst;
970 err = ip6_route_get_saddr(net, rt, &fl6->daddr,
971 sk ? inet6_sk(sk)->srcprefs : 0,
972 &fl6->saddr);
44456d37 973 if (err)
1da177e4 974 goto out_err_release;
1da177e4
LT		 975 }
976
95c385b4 977#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
e550dfb0
NH		 978 /*
979 * Here if the dst entry we've looked up
980 * has a neighbour entry that is in the INCOMPLETE
981 * state and the src address from the flow is
982 * marked as OPTIMISTIC, we release the found
983 * dst entry and replace it instead with the
984 * dst entry of the nexthop router
985 */
f2c31e32 986 rcu_read_lock();
27217455 987 n = dst_get_neighbour_noref(*dst);
69cce1d1 988 if (n && !(n->nud_state & NUD_VALID)) {
e550dfb0 989 struct inet6_ifaddr *ifp;
4c9483b2 990 struct flowi6 fl_gw6;
e550dfb0
NH		 991 int redirect;
992
f2c31e32 993 rcu_read_unlock();
4c9483b2 994 ifp = ipv6_get_ifaddr(net, &fl6->saddr,
e550dfb0
NH		 995 (*dst)->dev, 1);
996
997 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
998 if (ifp)
999 in6_ifa_put(ifp);
1000
1001 if (redirect) {
1002 /*
1003 * We need to get the dst entry for the
1004 * default router instead
1005 */
1006 dst_release(*dst);
4c9483b2
DM		 1007 memcpy(&fl_gw6, fl6, sizeof(struct flowi6));
1008 memset(&fl_gw6.daddr, 0, sizeof(struct in6_addr));
1009 *dst = ip6_route_output(net, sk, &fl_gw6);
e550dfb0
NH		 1010 if ((err = (*dst)->error))
1011 goto out_err_release;
95c385b4 1012 }
f2c31e32
ED		 1013 } else {
1014 rcu_read_unlock();
e550dfb0 1015 }
95c385b4
NH		 1016#endif
1017
1da177e4
LT		 1018 return 0;
1019
1020out_err_release:
ca46f9c8 1021 if (err == -ENETUNREACH)
483a47d2 1022 IP6_INC_STATS_BH(net, NULL, IPSTATS_MIB_OUTNOROUTES);
1da177e4
LT		 1023 dst_release(*dst);
1024 *dst = NULL;
1025 return err;
1026}
34a0b3cd 1027
497c615a
HX		 1028/**
1029 * ip6_dst_lookup - perform route lookup on flow
1030 * @sk: socket which provides route info
1031 * @dst: pointer to dst_entry * for result
4c9483b2 1032 * @fl6: flow to lookup
497c615a
HX		 1033 *
1034 * This function performs a route lookup on the given flow.
1035 *
1036 * It returns zero on success, or a standard errno code on error.
1037 */
4c9483b2 1038int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi6 *fl6)
497c615a
HX		 1039{
1040 *dst = NULL;
4c9483b2 1041 return ip6_dst_lookup_tail(sk, dst, fl6);
497c615a 1042}
3cf3dc6c
ACM		 1043EXPORT_SYMBOL_GPL(ip6_dst_lookup);
1044
497c615a 1045/**
68d0c6d3
DM		 1046 * ip6_dst_lookup_flow - perform route lookup on flow with ipsec
1047 * @sk: socket which provides route info
4c9483b2 1048 * @fl6: flow to lookup
68d0c6d3 1049 * @final_dst: final destination address for ipsec lookup
a1414715 1050 * @can_sleep: we are in a sleepable context
68d0c6d3
DM		 1051 *
1052 * This function performs a route lookup on the given flow.
1053 *
1054 * It returns a valid dst pointer on success, or a pointer encoded
1055 * error code.
1056 */
4c9483b2 1057struct dst_entry *ip6_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
68d0c6d3 1058 const struct in6_addr *final_dst,
a1414715 1059 bool can_sleep)
68d0c6d3
DM		 1060{
1061 struct dst_entry *dst = NULL;
1062 int err;
1063
4c9483b2 1064 err = ip6_dst_lookup_tail(sk, &dst, fl6);
68d0c6d3
DM		 1065 if (err)
1066 return ERR_PTR(err);
1067 if (final_dst)
4e3fd7a0 1068 fl6->daddr = *final_dst;
2774c131 1069 if (can_sleep)
4c9483b2 1070 fl6->flowi6_flags |= FLOWI_FLAG_CAN_SLEEP;
2774c131 1071
4c9483b2 1072 return xfrm_lookup(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
68d0c6d3
DM		 1073}
1074EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow);
1075
1076/**
1077 * ip6_sk_dst_lookup_flow - perform socket cached route lookup on flow
497c615a 1078 * @sk: socket which provides the dst cache and route info
4c9483b2 1079 * @fl6: flow to lookup
68d0c6d3 1080 * @final_dst: final destination address for ipsec lookup
a1414715 1081 * @can_sleep: we are in a sleepable context
497c615a
HX		 1082 *
1083 * This function performs a route lookup on the given flow with the
1084 * possibility of using the cached route in the socket if it is valid.
1085 * It will take the socket dst lock when operating on the dst cache.
1086 * As a result, this function can only be used in process context.
1087 *
68d0c6d3
DM		 1088 * It returns a valid dst pointer on success, or a pointer encoded
1089 * error code.
497c615a 1090 */
4c9483b2 1091struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
68d0c6d3 1092 const struct in6_addr *final_dst,
a1414715 1093 bool can_sleep)
497c615a 1094{
68d0c6d3
DM		 1095 struct dst_entry *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
1096 int err;
497c615a 1097
4c9483b2 1098 dst = ip6_sk_dst_check(sk, dst, fl6);
68d0c6d3 1099
4c9483b2 1100 err = ip6_dst_lookup_tail(sk, &dst, fl6);
68d0c6d3
DM		 1101 if (err)
1102 return ERR_PTR(err);
1103 if (final_dst)
4e3fd7a0 1104 fl6->daddr = *final_dst;
2774c131 1105 if (can_sleep)
4c9483b2 1106 fl6->flowi6_flags |= FLOWI_FLAG_CAN_SLEEP;
2774c131 1107
4c9483b2 1108 return xfrm_lookup(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
497c615a 1109}
68d0c6d3 1110EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow);
497c615a 1111
34a0b3cd 1112static inline int ip6_ufo_append_data(struct sock *sk,
e89e9cf5
AR		 1113 int getfrag(void *from, char *to, int offset, int len,
1114 int odd, struct sk_buff *skb),
1115 void *from, int length, int hh_len, int fragheaderlen,
87c48fa3
ED		 1116 int transhdrlen, int mtu,unsigned int flags,
1117 struct rt6_info *rt)
e89e9cf5
AR		 1118
1119{
1120 struct sk_buff *skb;
1121 int err;
1122
1123 /* There is support for UDP large send offload by network
1124 * device, so create one single skb packet containing complete
1125 * udp datagram
1126 */
1127 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) {
1128 skb = sock_alloc_send_skb(sk,
1129 hh_len + fragheaderlen + transhdrlen + 20,
1130 (flags & MSG_DONTWAIT), &err);
1131 if (skb == NULL)
504744e4 1132 return err;
e89e9cf5
AR		 1133
1134 /* reserve space for Hardware header */
1135 skb_reserve(skb, hh_len);
1136
1137 /* create space for UDP/IP header */
1138 skb_put(skb,fragheaderlen + transhdrlen);
1139
1140 /* initialize network header pointer */
c1d2bbe1 1141 skb_reset_network_header(skb);
e89e9cf5
AR		 1142
1143 /* initialize protocol header pointer */
b0e380b1 1144 skb->transport_header = skb->network_header + fragheaderlen;
e89e9cf5 1145
84fa7933 1146 skb->ip_summed = CHECKSUM_PARTIAL;
e89e9cf5 1147 skb->csum = 0;
e89e9cf5
AR		 1148 }
1149
1150 err = skb_append_datato_frags(sk,skb, getfrag, from,
1151 (length - transhdrlen));
1152 if (!err) {
1153 struct frag_hdr fhdr;
1154
c31d5326
SS		 1155 /* Specify the length of each IPv6 datagram fragment.
1156 * It has to be a multiple of 8.
1157 */
1158 skb_shinfo(skb)->gso_size = (mtu - fragheaderlen -
1159 sizeof(struct frag_hdr)) & ~7;
f83ef8c0 1160 skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
87c48fa3 1161 ipv6_select_ident(&fhdr, rt);
e89e9cf5
AR		 1162 skb_shinfo(skb)->ip6_frag_id = fhdr.identification;
1163 __skb_queue_tail(&sk->sk_write_queue, skb);
1164
1165 return 0;
1166 }
1167 /* There is not enough support do UPD LSO,
1168 * so follow normal path
1169 */
1170 kfree_skb(skb);
1171
1172 return err;
1173}
1da177e4 1174
0178b695
HX		 1175static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src,
1176 gfp_t gfp)
1177{
1178 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1179}
1180
1181static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src,
1182 gfp_t gfp)
1183{
1184 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1185}
1186
41a1f8ea
YH		 1187int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
1188 int offset, int len, int odd, struct sk_buff *skb),
1189 void *from, int length, int transhdrlen,
4c9483b2 1190 int hlimit, int tclass, struct ipv6_txoptions *opt, struct flowi6 *fl6,
13b52cd4 1191 struct rt6_info *rt, unsigned int flags, int dontfrag)
1da177e4
LT		 1192{
1193 struct inet_sock *inet = inet_sk(sk);
1194 struct ipv6_pinfo *np = inet6_sk(sk);
bdc712b4 1195 struct inet_cork *cork;
1da177e4
LT		 1196 struct sk_buff *skb;
1197 unsigned int maxfraglen, fragheaderlen;
1198 int exthdrlen;
299b0767 1199 int dst_exthdrlen;
1da177e4
LT		 1200 int hh_len;
1201 int mtu;
1202 int copy;
1203 int err;
1204 int offset = 0;
a693e698 1205 __u8 tx_flags = 0;
1da177e4
LT		 1206
1207 if (flags&MSG_PROBE)
1208 return 0;
bdc712b4 1209 cork = &inet->cork.base;
1da177e4
LT		 1210 if (skb_queue_empty(&sk->sk_write_queue)) {
1211 /*
1212 * setup for corking
1213 */
1214 if (opt) {
0178b695 1215 if (WARN_ON(np->cork.opt))
1da177e4 1216 return -EINVAL;
0178b695
HX		 1217
1218 np->cork.opt = kmalloc(opt->tot_len, sk->sk_allocation);
1219 if (unlikely(np->cork.opt == NULL))
1220 return -ENOBUFS;
1221
1222 np->cork.opt->tot_len = opt->tot_len;
1223 np->cork.opt->opt_flen = opt->opt_flen;
1224 np->cork.opt->opt_nflen = opt->opt_nflen;
1225
1226 np->cork.opt->dst0opt = ip6_opt_dup(opt->dst0opt,
1227 sk->sk_allocation);
1228 if (opt->dst0opt && !np->cork.opt->dst0opt)
1229 return -ENOBUFS;
1230
1231 np->cork.opt->dst1opt = ip6_opt_dup(opt->dst1opt,
1232 sk->sk_allocation);
1233 if (opt->dst1opt && !np->cork.opt->dst1opt)
1234 return -ENOBUFS;
1235
1236 np->cork.opt->hopopt = ip6_opt_dup(opt->hopopt,
1237 sk->sk_allocation);
1238 if (opt->hopopt && !np->cork.opt->hopopt)
1239 return -ENOBUFS;
1240
1241 np->cork.opt->srcrt = ip6_rthdr_dup(opt->srcrt,
1242 sk->sk_allocation);
1243 if (opt->srcrt && !np->cork.opt->srcrt)
1244 return -ENOBUFS;
1245
1da177e4
LT		 1246 /* need source address above miyazawa*/
1247 }
d8d1f30b 1248 dst_hold(&rt->dst);
bdc712b4 1249 cork->dst = &rt->dst;
4c9483b2 1250 inet->cork.fl.u.ip6 = *fl6;
1da177e4 1251 np->cork.hop_limit = hlimit;
41a1f8ea 1252 np->cork.tclass = tclass;
628a5c56 1253 mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ?
299b0767 1254 rt->dst.dev->mtu : dst_mtu(&rt->dst);
c7503609 1255 if (np->frag_size < mtu) {
d91675f9
YH		 1256 if (np->frag_size)
1257 mtu = np->frag_size;
1258 }
bdc712b4 1259 cork->fragsize = mtu;
d8d1f30b 1260 if (dst_allfrag(rt->dst.path))
bdc712b4
DM		 1261 cork->flags |= IPCORK_ALLFRAG;
1262 cork->length = 0;
1da177e4
LT		 1263 sk->sk_sndmsg_page = NULL;
1264 sk->sk_sndmsg_off = 0;
299b0767 1265 exthdrlen = (opt ? opt->opt_flen : 0) - rt->rt6i_nfheader_len;
1da177e4
LT		 1266 length += exthdrlen;
1267 transhdrlen += exthdrlen;
299b0767 1268 dst_exthdrlen = rt->dst.header_len;
1da177e4 1269 } else {
bdc712b4 1270 rt = (struct rt6_info *)cork->dst;
4c9483b2 1271 fl6 = &inet->cork.fl.u.ip6;
0178b695 1272 opt = np->cork.opt;
1da177e4
LT		 1273 transhdrlen = 0;
1274 exthdrlen = 0;
299b0767 1275 dst_exthdrlen = 0;
bdc712b4 1276 mtu = cork->fragsize;
1da177e4
LT		 1277 }
1278
d8d1f30b 1279 hh_len = LL_RESERVED_SPACE(rt->dst.dev);
1da177e4 1280
a1b05140 1281 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len +
b4ce9277 1282 (opt ? opt->opt_nflen : 0);
1da177e4
LT		 1283 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr);
1284
1285 if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) {
bdc712b4 1286 if (cork->length + length > sizeof(struct ipv6hdr) + IPV6_MAXPLEN - fragheaderlen) {
4c9483b2 1287 ipv6_local_error(sk, EMSGSIZE, fl6, mtu-exthdrlen);
1da177e4
LT		 1288 return -EMSGSIZE;
1289 }
1290 }
1291
a693e698
AB		 1292 /* For UDP, check if TX timestamp is enabled */
1293 if (sk->sk_type == SOCK_DGRAM) {
1294 err = sock_tx_timestamp(sk, &tx_flags);
1295 if (err)
1296 goto error;
1297 }
1298
1da177e4
LT		 1299 /*
1300 * Let's try using as much space as possible.
1301 * Use MTU if total length of the message fits into the MTU.
1302 * Otherwise, we need to reserve fragment header and
1303 * fragment alignment (= 8-15 octects, in total).
1304 *
1305 * Note that we may need to "move" the data from the tail of
1ab1457c 1306 * of the buffer to the new fragment when we split
1da177e4
LT		 1307 * the message.
1308 *
1ab1457c 1309 * FIXME: It may be fragmented into multiple chunks
1da177e4
LT		 1310 * at once if non-fragmentable extension headers
1311 * are too large.
1ab1457c 1312 * --yoshfuji
1da177e4
LT		 1313 */
1314
bdc712b4 1315 cork->length += length;
4b340ae2
BH		 1316 if (length > mtu) {
1317 int proto = sk->sk_protocol;
1318 if (dontfrag && (proto == IPPROTO_UDP || proto == IPPROTO_RAW)){
4c9483b2 1319 ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen);
4b340ae2
BH		 1320 return -EMSGSIZE;
1321 }
e89e9cf5 1322
4b340ae2 1323 if (proto == IPPROTO_UDP &&
d8d1f30b 1324 (rt->dst.dev->features & NETIF_F_UFO)) {
4b340ae2
BH		 1325
1326 err = ip6_ufo_append_data(sk, getfrag, from, length,
1327 hh_len, fragheaderlen,
87c48fa3 1328 transhdrlen, mtu, flags, rt);
4b340ae2
BH		 1329 if (err)
1330 goto error;
1331 return 0;
1332 }
e89e9cf5 1333 }
1da177e4
LT		 1334
1335 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL)
1336 goto alloc_new_skb;
1337
1338 while (length > 0) {
1339 /* Check if the remaining data fits into current packet. */
bdc712b4 1340 copy = (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len;
1da177e4
LT		 1341 if (copy < length)
1342 copy = maxfraglen - skb->len;
1343
1344 if (copy <= 0) {
1345 char *data;
1346 unsigned int datalen;
1347 unsigned int fraglen;
1348 unsigned int fraggap;
1349 unsigned int alloclen;
1350 struct sk_buff *skb_prev;
1351alloc_new_skb:
1352 skb_prev = skb;
1353
1354 /* There's no room in the current skb */
1355 if (skb_prev)
1356 fraggap = skb_prev->len - maxfraglen;
1357 else
1358 fraggap = 0;
1359
1360 /*
1361 * If remaining data exceeds the mtu,
1362 * we know we need more fragment(s).
1363 */
1364 datalen = length + fraggap;
bdc712b4 1365 if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)
1da177e4
LT		 1366 datalen = maxfraglen - fragheaderlen;
1367
1368 fraglen = datalen + fragheaderlen;
1369 if ((flags & MSG_MORE) &&
d8d1f30b 1370 !(rt->dst.dev->features&NETIF_F_SG))
1da177e4
LT		 1371 alloclen = mtu;
1372 else
1373 alloclen = datalen + fragheaderlen;
1374
299b0767
SK		 1375 alloclen += dst_exthdrlen;
1376
1da177e4
LT		 1377 /*
1378 * The last fragment gets additional space at tail.
1379 * Note: we overallocate on fragments with MSG_MODE
1380 * because we have no idea if we're the last one.
1381 */
1382 if (datalen == length + fraggap)
d8d1f30b 1383 alloclen += rt->dst.trailer_len;
1da177e4
LT		 1384
1385 /*
1386 * We just reserve space for fragment header.
1ab1457c 1387 * Note: this may be overallocation if the message
1da177e4
LT		 1388 * (without MSG_MORE) fits into the MTU.
1389 */
1390 alloclen += sizeof(struct frag_hdr);
1391
1392 if (transhdrlen) {
1393 skb = sock_alloc_send_skb(sk,
1394 alloclen + hh_len,
1395 (flags & MSG_DONTWAIT), &err);
1396 } else {
1397 skb = NULL;
1398 if (atomic_read(&sk->sk_wmem_alloc) <=
1399 2 * sk->sk_sndbuf)
1400 skb = sock_wmalloc(sk,
1401 alloclen + hh_len, 1,
1402 sk->sk_allocation);
1403 if (unlikely(skb == NULL))
1404 err = -ENOBUFS;
a693e698
AB		 1405 else {
1406 /* Only the initial fragment
1407 * is time stamped.
1408 */
1409 tx_flags = 0;
1410 }
1da177e4
LT		 1411 }
1412 if (skb == NULL)
1413 goto error;
1414 /*
1415 * Fill in the control structures
1416 */
d7f7c0ac 1417 skb->ip_summed = CHECKSUM_NONE;
1da177e4 1418 skb->csum = 0;
1f85851e
G		 1419 /* reserve for fragmentation and ipsec header */
1420 skb_reserve(skb, hh_len + sizeof(struct frag_hdr) +
1421 dst_exthdrlen);
1da177e4 1422
a693e698
AB		 1423 if (sk->sk_type == SOCK_DGRAM)
1424 skb_shinfo(skb)->tx_flags = tx_flags;
1425
1da177e4
LT		 1426 /*
1427 * Find where to start putting bytes
1428 */
1f85851e
G		 1429 data = skb_put(skb, fraglen);
1430 skb_set_network_header(skb, exthdrlen);
1431 data += fragheaderlen;
b0e380b1
ACM		 1432 skb->transport_header = (skb->network_header +
1433 fragheaderlen);
1da177e4
LT		 1434 if (fraggap) {
1435 skb->csum = skb_copy_and_csum_bits(
1436 skb_prev, maxfraglen,
1437 data + transhdrlen, fraggap, 0);
1438 skb_prev->csum = csum_sub(skb_prev->csum,
1439 skb->csum);
1440 data += fraggap;
e9fa4f7b 1441 pskb_trim_unique(skb_prev, maxfraglen);
1da177e4
LT		 1442 }
1443 copy = datalen - transhdrlen - fraggap;
299b0767 1444
1da177e4
LT		 1445 if (copy < 0) {
1446 err = -EINVAL;
1447 kfree_skb(skb);
1448 goto error;
1449 } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) {
1450 err = -EFAULT;
1451 kfree_skb(skb);
1452 goto error;
1453 }
1454
1455 offset += copy;
1456 length -= datalen - fraggap;
1457 transhdrlen = 0;
1458 exthdrlen = 0;
299b0767 1459 dst_exthdrlen = 0;
1da177e4
LT		 1460
1461 /*
1462 * Put the packet on the pending queue
1463 */
1464 __skb_queue_tail(&sk->sk_write_queue, skb);
1465 continue;
1466 }
1467
1468 if (copy > length)
1469 copy = length;
1470
d8d1f30b 1471 if (!(rt->dst.dev->features&NETIF_F_SG)) {
1da177e4
LT		 1472 unsigned int off;
1473
1474 off = skb->len;
1475 if (getfrag(from, skb_put(skb, copy),
1476 offset, copy, off, skb) < 0) {
1477 __skb_trim(skb, off);
1478 err = -EFAULT;
1479 goto error;
1480 }
1481 } else {
1482 int i = skb_shinfo(skb)->nr_frags;
1483 skb_frag_t *frag = &skb_shinfo(skb)->frags[i-1];
1484 struct page *page = sk->sk_sndmsg_page;
1485 int off = sk->sk_sndmsg_off;
1486 unsigned int left;
1487
1488 if (page && (left = PAGE_SIZE - off) > 0) {
1489 if (copy >= left)
1490 copy = left;
408dadf0 1491 if (page != skb_frag_page(frag)) {
1da177e4
LT		 1492 if (i == MAX_SKB_FRAGS) {
1493 err = -EMSGSIZE;
1494 goto error;
1495 }
1da177e4 1496 skb_fill_page_desc(skb, i, page, sk->sk_sndmsg_off, 0);
408dadf0 1497 skb_frag_ref(skb, i);
1da177e4
LT		 1498 frag = &skb_shinfo(skb)->frags[i];
1499 }
1500 } else if(i < MAX_SKB_FRAGS) {
1501 if (copy > PAGE_SIZE)
1502 copy = PAGE_SIZE;
1503 page = alloc_pages(sk->sk_allocation, 0);
1504 if (page == NULL) {
1505 err = -ENOMEM;
1506 goto error;
1507 }
1508 sk->sk_sndmsg_page = page;
1509 sk->sk_sndmsg_off = 0;
1510
1511 skb_fill_page_desc(skb, i, page, 0, 0);
1512 frag = &skb_shinfo(skb)->frags[i];
1da177e4
LT		 1513 } else {
1514 err = -EMSGSIZE;
1515 goto error;
1516 }
9e903e08
ED		 1517 if (getfrag(from,
1518 skb_frag_address(frag) + skb_frag_size(frag),
408dadf0 1519 offset, copy, skb->len, skb) < 0) {
1da177e4
LT		 1520 err = -EFAULT;
1521 goto error;
1522 }
1523 sk->sk_sndmsg_off += copy;
9e903e08 1524 skb_frag_size_add(frag, copy);
1da177e4
LT		 1525 skb->len += copy;
1526 skb->data_len += copy;
f945fa7a
HX		 1527 skb->truesize += copy;
1528 atomic_add(copy, &sk->sk_wmem_alloc);
1da177e4
LT		 1529 }
1530 offset += copy;
1531 length -= copy;
1532 }
1533 return 0;
1534error:
bdc712b4 1535 cork->length -= length;
3bd653c8 1536 IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 1537 return err;
1538}
a495f836 1539EXPORT_SYMBOL_GPL(ip6_append_data);
1da177e4 1540
bf138862
PE		 1541static void ip6_cork_release(struct inet_sock *inet, struct ipv6_pinfo *np)
1542{
0178b695
HX		 1543 if (np->cork.opt) {
1544 kfree(np->cork.opt->dst0opt);
1545 kfree(np->cork.opt->dst1opt);
1546 kfree(np->cork.opt->hopopt);
1547 kfree(np->cork.opt->srcrt);
1548 kfree(np->cork.opt);
1549 np->cork.opt = NULL;
1550 }
1551
bdc712b4
DM		 1552 if (inet->cork.base.dst) {
1553 dst_release(inet->cork.base.dst);
1554 inet->cork.base.dst = NULL;
1555 inet->cork.base.flags &= ~IPCORK_ALLFRAG;
bf138862
PE		 1556 }
1557 memset(&inet->cork.fl, 0, sizeof(inet->cork.fl));
1558}
1559
1da177e4
LT		 1560int ip6_push_pending_frames(struct sock *sk)
1561{
1562 struct sk_buff *skb, *tmp_skb;
1563 struct sk_buff **tail_skb;
1564 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf;
1565 struct inet_sock *inet = inet_sk(sk);
1566 struct ipv6_pinfo *np = inet6_sk(sk);
3bd653c8 1567 struct net *net = sock_net(sk);
1da177e4
LT		 1568 struct ipv6hdr *hdr;
1569 struct ipv6_txoptions *opt = np->cork.opt;
bdc712b4 1570 struct rt6_info *rt = (struct rt6_info *)inet->cork.base.dst;
4c9483b2
DM		 1571 struct flowi6 *fl6 = &inet->cork.fl.u.ip6;
1572 unsigned char proto = fl6->flowi6_proto;
1da177e4
LT		 1573 int err = 0;
1574
1575 if ((skb = __skb_dequeue(&sk->sk_write_queue)) == NULL)
1576 goto out;
1577 tail_skb = &(skb_shinfo(skb)->frag_list);
1578
1579 /* move skb->data to ip header from ext header */
d56f90a7 1580 if (skb->data < skb_network_header(skb))
bbe735e4 1581 __skb_pull(skb, skb_network_offset(skb));
1da177e4 1582 while ((tmp_skb = __skb_dequeue(&sk->sk_write_queue)) != NULL) {
cfe1fc77 1583 __skb_pull(tmp_skb, skb_network_header_len(skb));
1da177e4
LT		 1584 *tail_skb = tmp_skb;
1585 tail_skb = &(tmp_skb->next);
1586 skb->len += tmp_skb->len;
1587 skb->data_len += tmp_skb->len;
1da177e4 1588 skb->truesize += tmp_skb->truesize;
1da177e4
LT		 1589 tmp_skb->destructor = NULL;
1590 tmp_skb->sk = NULL;
1da177e4
LT		 1591 }
1592
28a89453 1593 /* Allow local fragmentation. */
b5c15fc0 1594 if (np->pmtudisc < IPV6_PMTUDISC_DO)
28a89453
HX		 1595 skb->local_df = 1;
1596
4e3fd7a0 1597 *final_dst = fl6->daddr;
cfe1fc77 1598 __skb_pull(skb, skb_network_header_len(skb));
1da177e4
LT		 1599 if (opt && opt->opt_flen)
1600 ipv6_push_frag_opts(skb, opt, &proto);
1601 if (opt && opt->opt_nflen)
1602 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst);
1603
e2d1bca7
ACM		 1604 skb_push(skb, sizeof(struct ipv6hdr));
1605 skb_reset_network_header(skb);
0660e03f 1606 hdr = ipv6_hdr(skb);
1ab1457c 1607
4c9483b2 1608 *(__be32*)hdr = fl6->flowlabel |
41a1f8ea 1609 htonl(0x60000000 | ((int)np->cork.tclass << 20));
1da177e4 1610
1da177e4
LT		 1611 hdr->hop_limit = np->cork.hop_limit;
1612 hdr->nexthdr = proto;
4e3fd7a0
AD		 1613 hdr->saddr = fl6->saddr;
1614 hdr->daddr = *final_dst;
1da177e4 1615
a2c2064f 1616 skb->priority = sk->sk_priority;
4a19ec58 1617 skb->mark = sk->sk_mark;
a2c2064f 1618
d8d1f30b 1619 skb_dst_set(skb, dst_clone(&rt->dst));
edf391ff 1620 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
14878f75 1621 if (proto == IPPROTO_ICMPV6) {
adf30907 1622 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
14878f75 1623
5a57d4c7 1624 ICMP6MSGOUT_INC_STATS_BH(net, idev, icmp6_hdr(skb)->icmp6_type);
e41b5368 1625 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTMSGS);
14878f75
DS		 1626 }
1627
ef76bc23 1628 err = ip6_local_out(skb);
1da177e4
LT		 1629 if (err) {
1630 if (err > 0)
6ce9e7b5 1631 err = net_xmit_errno(err);
1da177e4
LT		 1632 if (err)
1633 goto error;
1634 }
1635
1636out:
bf138862 1637 ip6_cork_release(inet, np);
1da177e4
LT		 1638 return err;
1639error:
06254914 1640 IP6_INC_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 1641 goto out;
1642}
a495f836 1643EXPORT_SYMBOL_GPL(ip6_push_pending_frames);
1da177e4
LT		 1644
1645void ip6_flush_pending_frames(struct sock *sk)
1646{
1da177e4
LT		 1647 struct sk_buff *skb;
1648
1649 while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) {
adf30907
ED		 1650 if (skb_dst(skb))
1651 IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb_dst(skb)),
e1f52208 1652 IPSTATS_MIB_OUTDISCARDS);
1da177e4
LT		 1653 kfree_skb(skb);
1654 }
1655
bf138862 1656 ip6_cork_release(inet_sk(sk), inet6_sk(sk));
1da177e4 1657}
a495f836 1658EXPORT_SYMBOL_GPL(ip6_flush_pending_frames);
Linux 6.x block layer and io_uring tree(s)