2 * Routines having to do with the 'struct sk_buff' memory handlers.
4 * Authors: Alan Cox <alan@lxorguk.ukuu.org.uk>
5 * Florian La Roche <rzsfl@rz.uni-sb.de>
8 * Alan Cox : Fixed the worst of the load
10 * Dave Platt : Interrupt stacking fix.
11 * Richard Kooijman : Timestamp fixes.
12 * Alan Cox : Changed buffer format.
13 * Alan Cox : destructor hook for AF_UNIX etc.
14 * Linus Torvalds : Better skb_clone.
15 * Alan Cox : Added skb_copy.
16 * Alan Cox : Added all the changed routines Linus
17 * only put in the headers
18 * Ray VanTassle : Fixed --skb->lock in free
19 * Alan Cox : skb_copy copy arp field
20 * Andi Kleen : slabified it.
21 * Robert Olsson : Removed skb_head_pool
24 * The __skb_ routines should be called with interrupts
25 * disabled, or you better be *real* sure that the operation is atomic
26 * with respect to whatever list is being frobbed (e.g. via lock_sock()
27 * or via disabling bottom half handlers, etc).
29 * This program is free software; you can redistribute it and/or
30 * modify it under the terms of the GNU General Public License
31 * as published by the Free Software Foundation; either version
32 * 2 of the License, or (at your option) any later version.
36 * The functions in this file will not compile correctly with gcc 2.4.x
39 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
41 #include <linux/module.h>
42 #include <linux/types.h>
43 #include <linux/kernel.h>
44 #include <linux/kmemcheck.h>
46 #include <linux/interrupt.h>
48 #include <linux/inet.h>
49 #include <linux/slab.h>
50 #include <linux/netdevice.h>
51 #ifdef CONFIG_NET_CLS_ACT
52 #include <net/pkt_sched.h>
54 #include <linux/string.h>
55 #include <linux/skbuff.h>
56 #include <linux/splice.h>
57 #include <linux/cache.h>
58 #include <linux/rtnetlink.h>
59 #include <linux/init.h>
60 #include <linux/scatterlist.h>
61 #include <linux/errqueue.h>
62 #include <linux/prefetch.h>
64 #include <net/protocol.h>
67 #include <net/checksum.h>
70 #include <asm/uaccess.h>
71 #include <trace/events/skb.h>
72 #include <linux/highmem.h>
74 struct kmem_cache *skbuff_head_cache __read_mostly;
75 static struct kmem_cache *skbuff_fclone_cache __read_mostly;
77 static void sock_pipe_buf_release(struct pipe_inode_info *pipe,
78 struct pipe_buffer *buf)
83 static void sock_pipe_buf_get(struct pipe_inode_info *pipe,
84 struct pipe_buffer *buf)
89 static int sock_pipe_buf_steal(struct pipe_inode_info *pipe,
90 struct pipe_buffer *buf)
96 /* Pipe buffer operations for a socket. */
97 static const struct pipe_buf_operations sock_pipe_buf_ops = {
99 .map = generic_pipe_buf_map,
100 .unmap = generic_pipe_buf_unmap,
101 .confirm = generic_pipe_buf_confirm,
102 .release = sock_pipe_buf_release,
103 .steal = sock_pipe_buf_steal,
104 .get = sock_pipe_buf_get,
108 * Keep out-of-line to prevent kernel bloat.
109 * __builtin_return_address is not used because it is not always
114 * skb_over_panic - private function
119 * Out of line support code for skb_put(). Not user callable.
121 static void skb_over_panic(struct sk_buff *skb, int sz, void *here)
123 pr_emerg("%s: text:%p len:%d put:%d head:%p data:%p tail:%#lx end:%#lx dev:%s\n",
124 __func__, here, skb->len, sz, skb->head, skb->data,
125 (unsigned long)skb->tail, (unsigned long)skb->end,
126 skb->dev ? skb->dev->name : "<NULL>");
131 * skb_under_panic - private function
136 * Out of line support code for skb_push(). Not user callable.
139 static void skb_under_panic(struct sk_buff *skb, int sz, void *here)
141 pr_emerg("%s: text:%p len:%d put:%d head:%p data:%p tail:%#lx end:%#lx dev:%s\n",
142 __func__, here, skb->len, sz, skb->head, skb->data,
143 (unsigned long)skb->tail, (unsigned long)skb->end,
144 skb->dev ? skb->dev->name : "<NULL>");
148 /* Allocate a new skbuff. We do this ourselves so we can fill in a few
149 * 'private' fields and also do memory statistics to find all the
155 * __alloc_skb - allocate a network buffer
156 * @size: size to allocate
157 * @gfp_mask: allocation mask
158 * @fclone: allocate from fclone cache instead of head cache
159 * and allocate a cloned (child) skb
160 * @node: numa node to allocate memory on
162 * Allocate a new &sk_buff. The returned buffer has no headroom and a
163 * tail room of at least size bytes. The object has a reference count
164 * of one. The return is the buffer. On a failure the return is %NULL.
166 * Buffers may only be allocated from interrupts using a @gfp_mask of
169 struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask,
170 int fclone, int node)
172 struct kmem_cache *cache;
173 struct skb_shared_info *shinfo;
177 cache = fclone ? skbuff_fclone_cache : skbuff_head_cache;
180 skb = kmem_cache_alloc_node(cache, gfp_mask & ~__GFP_DMA, node);
185 /* We do our best to align skb_shared_info on a separate cache
186 * line. It usually works because kmalloc(X > SMP_CACHE_BYTES) gives
187 * aligned memory blocks, unless SLUB/SLAB debug is enabled.
188 * Both skb->head and skb_shared_info are cache line aligned.
190 size = SKB_DATA_ALIGN(size);
191 size += SKB_DATA_ALIGN(sizeof(struct skb_shared_info));
192 data = kmalloc_node_track_caller(size, gfp_mask, node);
195 /* kmalloc(size) might give us more room than requested.
196 * Put skb_shared_info exactly at the end of allocated zone,
197 * to allow max possible filling before reallocation.
199 size = SKB_WITH_OVERHEAD(ksize(data));
200 prefetchw(data + size);
203 * Only clear those fields we need to clear, not those that we will
204 * actually initialise below. Hence, don't put any more fields after
205 * the tail pointer in struct sk_buff!
207 memset(skb, 0, offsetof(struct sk_buff, tail));
208 /* Account for allocated memory : skb + skb->head */
209 skb->truesize = SKB_TRUESIZE(size);
210 atomic_set(&skb->users, 1);
213 skb_reset_tail_pointer(skb);
214 skb->end = skb->tail + size;
215 #ifdef NET_SKBUFF_DATA_USES_OFFSET
216 skb->mac_header = ~0U;
219 /* make sure we initialize shinfo sequentially */
220 shinfo = skb_shinfo(skb);
221 memset(shinfo, 0, offsetof(struct skb_shared_info, dataref));
222 atomic_set(&shinfo->dataref, 1);
223 kmemcheck_annotate_variable(shinfo->destructor_arg);
226 struct sk_buff *child = skb + 1;
227 atomic_t *fclone_ref = (atomic_t *) (child + 1);
229 kmemcheck_annotate_bitfield(child, flags1);
230 kmemcheck_annotate_bitfield(child, flags2);
231 skb->fclone = SKB_FCLONE_ORIG;
232 atomic_set(fclone_ref, 1);
234 child->fclone = SKB_FCLONE_UNAVAILABLE;
239 kmem_cache_free(cache, skb);
243 EXPORT_SYMBOL(__alloc_skb);
246 * build_skb - build a network buffer
247 * @data: data buffer provided by caller
248 * @frag_size: size of fragment, or 0 if head was kmalloced
250 * Allocate a new &sk_buff. Caller provides space holding head and
251 * skb_shared_info. @data must have been allocated by kmalloc()
252 * The return is the new skb buffer.
253 * On a failure the return is %NULL, and @data is not freed.
255 * Before IO, driver allocates only data buffer where NIC put incoming frame
256 * Driver should add room at head (NET_SKB_PAD) and
257 * MUST add room at tail (SKB_DATA_ALIGN(skb_shared_info))
258 * After IO, driver calls build_skb(), to allocate sk_buff and populate it
259 * before giving packet to stack.
260 * RX rings only contains data buffers, not full skbs.
262 struct sk_buff *build_skb(void *data, unsigned int frag_size)
264 struct skb_shared_info *shinfo;
266 unsigned int size = frag_size ? : ksize(data);
268 skb = kmem_cache_alloc(skbuff_head_cache, GFP_ATOMIC);
272 size -= SKB_DATA_ALIGN(sizeof(struct skb_shared_info));
274 memset(skb, 0, offsetof(struct sk_buff, tail));
275 skb->truesize = SKB_TRUESIZE(size);
276 skb->head_frag = frag_size != 0;
277 atomic_set(&skb->users, 1);
280 skb_reset_tail_pointer(skb);
281 skb->end = skb->tail + size;
282 #ifdef NET_SKBUFF_DATA_USES_OFFSET
283 skb->mac_header = ~0U;
286 /* make sure we initialize shinfo sequentially */
287 shinfo = skb_shinfo(skb);
288 memset(shinfo, 0, offsetof(struct skb_shared_info, dataref));
289 atomic_set(&shinfo->dataref, 1);
290 kmemcheck_annotate_variable(shinfo->destructor_arg);
294 EXPORT_SYMBOL(build_skb);
296 struct netdev_alloc_cache {
299 unsigned int pagecnt_bias;
301 static DEFINE_PER_CPU(struct netdev_alloc_cache, netdev_alloc_cache);
303 #define NETDEV_PAGECNT_BIAS (PAGE_SIZE / SMP_CACHE_BYTES)
306 * netdev_alloc_frag - allocate a page fragment
307 * @fragsz: fragment size
309 * Allocates a frag from a page for receive buffer.
310 * Uses GFP_ATOMIC allocations.
312 void *netdev_alloc_frag(unsigned int fragsz)
314 struct netdev_alloc_cache *nc;
318 local_irq_save(flags);
319 nc = &__get_cpu_var(netdev_alloc_cache);
320 if (unlikely(!nc->page)) {
322 nc->page = alloc_page(GFP_ATOMIC | __GFP_COLD);
323 if (unlikely(!nc->page))
326 atomic_set(&nc->page->_count, NETDEV_PAGECNT_BIAS);
327 nc->pagecnt_bias = NETDEV_PAGECNT_BIAS;
331 if (nc->offset + fragsz > PAGE_SIZE) {
332 /* avoid unnecessary locked operations if possible */
333 if ((atomic_read(&nc->page->_count) == nc->pagecnt_bias) ||
334 atomic_sub_and_test(nc->pagecnt_bias, &nc->page->_count))
339 data = page_address(nc->page) + nc->offset;
340 nc->offset += fragsz;
343 local_irq_restore(flags);
346 EXPORT_SYMBOL(netdev_alloc_frag);
349 * __netdev_alloc_skb - allocate an skbuff for rx on a specific device
350 * @dev: network device to receive on
351 * @length: length to allocate
352 * @gfp_mask: get_free_pages mask, passed to alloc_skb
354 * Allocate a new &sk_buff and assign it a usage count of one. The
355 * buffer has unspecified headroom built in. Users should allocate
356 * the headroom they think they need without accounting for the
357 * built in space. The built in space is used for optimisations.
359 * %NULL is returned if there is no free memory.
361 struct sk_buff *__netdev_alloc_skb(struct net_device *dev,
362 unsigned int length, gfp_t gfp_mask)
364 struct sk_buff *skb = NULL;
365 unsigned int fragsz = SKB_DATA_ALIGN(length + NET_SKB_PAD) +
366 SKB_DATA_ALIGN(sizeof(struct skb_shared_info));
368 if (fragsz <= PAGE_SIZE && !(gfp_mask & __GFP_WAIT)) {
369 void *data = netdev_alloc_frag(fragsz);
372 skb = build_skb(data, fragsz);
374 put_page(virt_to_head_page(data));
377 skb = __alloc_skb(length + NET_SKB_PAD, gfp_mask, 0, NUMA_NO_NODE);
380 skb_reserve(skb, NET_SKB_PAD);
385 EXPORT_SYMBOL(__netdev_alloc_skb);
387 void skb_add_rx_frag(struct sk_buff *skb, int i, struct page *page, int off,
388 int size, unsigned int truesize)
390 skb_fill_page_desc(skb, i, page, off, size);
392 skb->data_len += size;
393 skb->truesize += truesize;
395 EXPORT_SYMBOL(skb_add_rx_frag);
397 static void skb_drop_list(struct sk_buff **listp)
399 struct sk_buff *list = *listp;
404 struct sk_buff *this = list;
410 static inline void skb_drop_fraglist(struct sk_buff *skb)
412 skb_drop_list(&skb_shinfo(skb)->frag_list);
415 static void skb_clone_fraglist(struct sk_buff *skb)
417 struct sk_buff *list;
419 skb_walk_frags(skb, list)
423 static void skb_free_head(struct sk_buff *skb)
426 put_page(virt_to_head_page(skb->head));
431 static void skb_release_data(struct sk_buff *skb)
434 !atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1,
435 &skb_shinfo(skb)->dataref)) {
436 if (skb_shinfo(skb)->nr_frags) {
438 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
439 skb_frag_unref(skb, i);
443 * If skb buf is from userspace, we need to notify the caller
444 * the lower device DMA has done;
446 if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) {
447 struct ubuf_info *uarg;
449 uarg = skb_shinfo(skb)->destructor_arg;
451 uarg->callback(uarg);
454 if (skb_has_frag_list(skb))
455 skb_drop_fraglist(skb);
462 * Free an skbuff by memory without cleaning the state.
464 static void kfree_skbmem(struct sk_buff *skb)
466 struct sk_buff *other;
467 atomic_t *fclone_ref;
469 switch (skb->fclone) {
470 case SKB_FCLONE_UNAVAILABLE:
471 kmem_cache_free(skbuff_head_cache, skb);
474 case SKB_FCLONE_ORIG:
475 fclone_ref = (atomic_t *) (skb + 2);
476 if (atomic_dec_and_test(fclone_ref))
477 kmem_cache_free(skbuff_fclone_cache, skb);
480 case SKB_FCLONE_CLONE:
481 fclone_ref = (atomic_t *) (skb + 1);
484 /* The clone portion is available for
485 * fast-cloning again.
487 skb->fclone = SKB_FCLONE_UNAVAILABLE;
489 if (atomic_dec_and_test(fclone_ref))
490 kmem_cache_free(skbuff_fclone_cache, other);
495 static void skb_release_head_state(struct sk_buff *skb)
499 secpath_put(skb->sp);
501 if (skb->destructor) {
503 skb->destructor(skb);
505 #if IS_ENABLED(CONFIG_NF_CONNTRACK)
506 nf_conntrack_put(skb->nfct);
508 #ifdef NET_SKBUFF_NF_DEFRAG_NEEDED
509 nf_conntrack_put_reasm(skb->nfct_reasm);
511 #ifdef CONFIG_BRIDGE_NETFILTER
512 nf_bridge_put(skb->nf_bridge);
514 /* XXX: IS this still necessary? - JHS */
515 #ifdef CONFIG_NET_SCHED
517 #ifdef CONFIG_NET_CLS_ACT
523 /* Free everything but the sk_buff shell. */
524 static void skb_release_all(struct sk_buff *skb)
526 skb_release_head_state(skb);
527 skb_release_data(skb);
531 * __kfree_skb - private function
534 * Free an sk_buff. Release anything attached to the buffer.
535 * Clean the state. This is an internal helper function. Users should
536 * always call kfree_skb
539 void __kfree_skb(struct sk_buff *skb)
541 skb_release_all(skb);
544 EXPORT_SYMBOL(__kfree_skb);
547 * kfree_skb - free an sk_buff
548 * @skb: buffer to free
550 * Drop a reference to the buffer and free it if the usage count has
553 void kfree_skb(struct sk_buff *skb)
557 if (likely(atomic_read(&skb->users) == 1))
559 else if (likely(!atomic_dec_and_test(&skb->users)))
561 trace_kfree_skb(skb, __builtin_return_address(0));
564 EXPORT_SYMBOL(kfree_skb);
567 * consume_skb - free an skbuff
568 * @skb: buffer to free
570 * Drop a ref to the buffer and free it if the usage count has hit zero
571 * Functions identically to kfree_skb, but kfree_skb assumes that the frame
572 * is being dropped after a failure and notes that
574 void consume_skb(struct sk_buff *skb)
578 if (likely(atomic_read(&skb->users) == 1))
580 else if (likely(!atomic_dec_and_test(&skb->users)))
582 trace_consume_skb(skb);
585 EXPORT_SYMBOL(consume_skb);
588 * skb_recycle - clean up an skb for reuse
591 * Recycles the skb to be reused as a receive buffer. This
592 * function does any necessary reference count dropping, and
593 * cleans up the skbuff as if it just came from __alloc_skb().
595 void skb_recycle(struct sk_buff *skb)
597 struct skb_shared_info *shinfo;
599 skb_release_head_state(skb);
601 shinfo = skb_shinfo(skb);
602 memset(shinfo, 0, offsetof(struct skb_shared_info, dataref));
603 atomic_set(&shinfo->dataref, 1);
605 memset(skb, 0, offsetof(struct sk_buff, tail));
606 skb->data = skb->head + NET_SKB_PAD;
607 skb_reset_tail_pointer(skb);
609 EXPORT_SYMBOL(skb_recycle);
612 * skb_recycle_check - check if skb can be reused for receive
614 * @skb_size: minimum receive buffer size
616 * Checks that the skb passed in is not shared or cloned, and
617 * that it is linear and its head portion at least as large as
618 * skb_size so that it can be recycled as a receive buffer.
619 * If these conditions are met, this function does any necessary
620 * reference count dropping and cleans up the skbuff as if it
621 * just came from __alloc_skb().
623 bool skb_recycle_check(struct sk_buff *skb, int skb_size)
625 if (!skb_is_recycleable(skb, skb_size))
632 EXPORT_SYMBOL(skb_recycle_check);
634 static void __copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
636 new->tstamp = old->tstamp;
638 new->transport_header = old->transport_header;
639 new->network_header = old->network_header;
640 new->mac_header = old->mac_header;
641 skb_dst_copy(new, old);
642 new->rxhash = old->rxhash;
643 new->ooo_okay = old->ooo_okay;
644 new->l4_rxhash = old->l4_rxhash;
645 new->no_fcs = old->no_fcs;
647 new->sp = secpath_get(old->sp);
649 memcpy(new->cb, old->cb, sizeof(old->cb));
650 new->csum = old->csum;
651 new->local_df = old->local_df;
652 new->pkt_type = old->pkt_type;
653 new->ip_summed = old->ip_summed;
654 skb_copy_queue_mapping(new, old);
655 new->priority = old->priority;
656 #if IS_ENABLED(CONFIG_IP_VS)
657 new->ipvs_property = old->ipvs_property;
659 new->protocol = old->protocol;
660 new->mark = old->mark;
661 new->skb_iif = old->skb_iif;
663 #if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
664 new->nf_trace = old->nf_trace;
666 #ifdef CONFIG_NET_SCHED
667 new->tc_index = old->tc_index;
668 #ifdef CONFIG_NET_CLS_ACT
669 new->tc_verd = old->tc_verd;
672 new->vlan_tci = old->vlan_tci;
674 skb_copy_secmark(new, old);
678 * You should not add any new code to this function. Add it to
679 * __copy_skb_header above instead.
681 static struct sk_buff *__skb_clone(struct sk_buff *n, struct sk_buff *skb)
683 #define C(x) n->x = skb->x
685 n->next = n->prev = NULL;
687 __copy_skb_header(n, skb);
692 n->hdr_len = skb->nohdr ? skb_headroom(skb) : skb->hdr_len;
695 n->destructor = NULL;
702 atomic_set(&n->users, 1);
704 atomic_inc(&(skb_shinfo(skb)->dataref));
712 * skb_morph - morph one skb into another
713 * @dst: the skb to receive the contents
714 * @src: the skb to supply the contents
716 * This is identical to skb_clone except that the target skb is
717 * supplied by the user.
719 * The target skb is returned upon exit.
721 struct sk_buff *skb_morph(struct sk_buff *dst, struct sk_buff *src)
723 skb_release_all(dst);
724 return __skb_clone(dst, src);
726 EXPORT_SYMBOL_GPL(skb_morph);
729 * skb_copy_ubufs - copy userspace skb frags buffers to kernel
730 * @skb: the skb to modify
731 * @gfp_mask: allocation priority
733 * This must be called on SKBTX_DEV_ZEROCOPY skb.
734 * It will copy all frags into kernel and drop the reference
735 * to userspace pages.
737 * If this function is called from an interrupt gfp_mask() must be
740 * Returns 0 on success or a negative error code on failure
741 * to allocate kernel memory to copy to.
743 int skb_copy_ubufs(struct sk_buff *skb, gfp_t gfp_mask)
746 int num_frags = skb_shinfo(skb)->nr_frags;
747 struct page *page, *head = NULL;
748 struct ubuf_info *uarg = skb_shinfo(skb)->destructor_arg;
750 for (i = 0; i < num_frags; i++) {
752 skb_frag_t *f = &skb_shinfo(skb)->frags[i];
754 page = alloc_page(GFP_ATOMIC);
757 struct page *next = (struct page *)head->private;
763 vaddr = kmap_atomic(skb_frag_page(f));
764 memcpy(page_address(page),
765 vaddr + f->page_offset, skb_frag_size(f));
766 kunmap_atomic(vaddr);
767 page->private = (unsigned long)head;
771 /* skb frags release userspace buffers */
772 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
773 skb_frag_unref(skb, i);
775 uarg->callback(uarg);
777 /* skb frags point to kernel buffers */
778 for (i = skb_shinfo(skb)->nr_frags; i > 0; i--) {
779 __skb_fill_page_desc(skb, i-1, head, 0,
780 skb_shinfo(skb)->frags[i - 1].size);
781 head = (struct page *)head->private;
784 skb_shinfo(skb)->tx_flags &= ~SKBTX_DEV_ZEROCOPY;
790 * skb_clone - duplicate an sk_buff
791 * @skb: buffer to clone
792 * @gfp_mask: allocation priority
794 * Duplicate an &sk_buff. The new one is not owned by a socket. Both
795 * copies share the same packet data but not structure. The new
796 * buffer has a reference count of 1. If the allocation fails the
797 * function returns %NULL otherwise the new buffer is returned.
799 * If this function is called from an interrupt gfp_mask() must be
803 struct sk_buff *skb_clone(struct sk_buff *skb, gfp_t gfp_mask)
807 if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) {
808 if (skb_copy_ubufs(skb, gfp_mask))
813 if (skb->fclone == SKB_FCLONE_ORIG &&
814 n->fclone == SKB_FCLONE_UNAVAILABLE) {
815 atomic_t *fclone_ref = (atomic_t *) (n + 1);
816 n->fclone = SKB_FCLONE_CLONE;
817 atomic_inc(fclone_ref);
819 n = kmem_cache_alloc(skbuff_head_cache, gfp_mask);
823 kmemcheck_annotate_bitfield(n, flags1);
824 kmemcheck_annotate_bitfield(n, flags2);
825 n->fclone = SKB_FCLONE_UNAVAILABLE;
828 return __skb_clone(n, skb);
830 EXPORT_SYMBOL(skb_clone);
832 static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
834 #ifndef NET_SKBUFF_DATA_USES_OFFSET
836 * Shift between the two data areas in bytes
838 unsigned long offset = new->data - old->data;
841 __copy_skb_header(new, old);
843 #ifndef NET_SKBUFF_DATA_USES_OFFSET
844 /* {transport,network,mac}_header are relative to skb->head */
845 new->transport_header += offset;
846 new->network_header += offset;
847 if (skb_mac_header_was_set(new))
848 new->mac_header += offset;
850 skb_shinfo(new)->gso_size = skb_shinfo(old)->gso_size;
851 skb_shinfo(new)->gso_segs = skb_shinfo(old)->gso_segs;
852 skb_shinfo(new)->gso_type = skb_shinfo(old)->gso_type;
856 * skb_copy - create private copy of an sk_buff
857 * @skb: buffer to copy
858 * @gfp_mask: allocation priority
860 * Make a copy of both an &sk_buff and its data. This is used when the
861 * caller wishes to modify the data and needs a private copy of the
862 * data to alter. Returns %NULL on failure or the pointer to the buffer
863 * on success. The returned buffer has a reference count of 1.
865 * As by-product this function converts non-linear &sk_buff to linear
866 * one, so that &sk_buff becomes completely private and caller is allowed
867 * to modify all the data of returned buffer. This means that this
868 * function is not recommended for use in circumstances when only
869 * header is going to be modified. Use pskb_copy() instead.
872 struct sk_buff *skb_copy(const struct sk_buff *skb, gfp_t gfp_mask)
874 int headerlen = skb_headroom(skb);
875 unsigned int size = skb_end_offset(skb) + skb->data_len;
876 struct sk_buff *n = alloc_skb(size, gfp_mask);
881 /* Set the data pointer */
882 skb_reserve(n, headerlen);
883 /* Set the tail pointer and length */
884 skb_put(n, skb->len);
886 if (skb_copy_bits(skb, -headerlen, n->head, headerlen + skb->len))
889 copy_skb_header(n, skb);
892 EXPORT_SYMBOL(skb_copy);
895 * __pskb_copy - create copy of an sk_buff with private head.
896 * @skb: buffer to copy
897 * @headroom: headroom of new skb
898 * @gfp_mask: allocation priority
900 * Make a copy of both an &sk_buff and part of its data, located
901 * in header. Fragmented data remain shared. This is used when
902 * the caller wishes to modify only header of &sk_buff and needs
903 * private copy of the header to alter. Returns %NULL on failure
904 * or the pointer to the buffer on success.
905 * The returned buffer has a reference count of 1.
908 struct sk_buff *__pskb_copy(struct sk_buff *skb, int headroom, gfp_t gfp_mask)
910 unsigned int size = skb_headlen(skb) + headroom;
911 struct sk_buff *n = alloc_skb(size, gfp_mask);
916 /* Set the data pointer */
917 skb_reserve(n, headroom);
918 /* Set the tail pointer and length */
919 skb_put(n, skb_headlen(skb));
921 skb_copy_from_linear_data(skb, n->data, n->len);
923 n->truesize += skb->data_len;
924 n->data_len = skb->data_len;
927 if (skb_shinfo(skb)->nr_frags) {
930 if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) {
931 if (skb_copy_ubufs(skb, gfp_mask)) {
937 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
938 skb_shinfo(n)->frags[i] = skb_shinfo(skb)->frags[i];
939 skb_frag_ref(skb, i);
941 skb_shinfo(n)->nr_frags = i;
944 if (skb_has_frag_list(skb)) {
945 skb_shinfo(n)->frag_list = skb_shinfo(skb)->frag_list;
946 skb_clone_fraglist(n);
949 copy_skb_header(n, skb);
953 EXPORT_SYMBOL(__pskb_copy);
956 * pskb_expand_head - reallocate header of &sk_buff
957 * @skb: buffer to reallocate
958 * @nhead: room to add at head
959 * @ntail: room to add at tail
960 * @gfp_mask: allocation priority
962 * Expands (or creates identical copy, if &nhead and &ntail are zero)
963 * header of skb. &sk_buff itself is not changed. &sk_buff MUST have
964 * reference count of 1. Returns zero in the case of success or error,
965 * if expansion failed. In the last case, &sk_buff is not changed.
967 * All the pointers pointing into skb header may change and must be
968 * reloaded after call to this function.
971 int pskb_expand_head(struct sk_buff *skb, int nhead, int ntail,
976 int size = nhead + skb_end_offset(skb) + ntail;
984 size = SKB_DATA_ALIGN(size);
986 data = kmalloc(size + SKB_DATA_ALIGN(sizeof(struct skb_shared_info)),
990 size = SKB_WITH_OVERHEAD(ksize(data));
992 /* Copy only real data... and, alas, header. This should be
993 * optimized for the cases when header is void.
995 memcpy(data + nhead, skb->head, skb_tail_pointer(skb) - skb->head);
997 memcpy((struct skb_shared_info *)(data + size),
999 offsetof(struct skb_shared_info, frags[skb_shinfo(skb)->nr_frags]));
1002 * if shinfo is shared we must drop the old head gracefully, but if it
1003 * is not we can just drop the old head and let the existing refcount
1004 * be since all we did is relocate the values
1006 if (skb_cloned(skb)) {
1007 /* copy this zero copy skb frags */
1008 if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) {
1009 if (skb_copy_ubufs(skb, gfp_mask))
1012 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
1013 skb_frag_ref(skb, i);
1015 if (skb_has_frag_list(skb))
1016 skb_clone_fraglist(skb);
1018 skb_release_data(skb);
1022 off = (data + nhead) - skb->head;
1027 #ifdef NET_SKBUFF_DATA_USES_OFFSET
1031 skb->end = skb->head + size;
1033 /* {transport,network,mac}_header and tail are relative to skb->head */
1035 skb->transport_header += off;
1036 skb->network_header += off;
1037 if (skb_mac_header_was_set(skb))
1038 skb->mac_header += off;
1039 /* Only adjust this if it actually is csum_start rather than csum */
1040 if (skb->ip_summed == CHECKSUM_PARTIAL)
1041 skb->csum_start += nhead;
1045 atomic_set(&skb_shinfo(skb)->dataref, 1);
1053 EXPORT_SYMBOL(pskb_expand_head);
1055 /* Make private copy of skb with writable head and some headroom */
1057 struct sk_buff *skb_realloc_headroom(struct sk_buff *skb, unsigned int headroom)
1059 struct sk_buff *skb2;
1060 int delta = headroom - skb_headroom(skb);
1063 skb2 = pskb_copy(skb, GFP_ATOMIC);
1065 skb2 = skb_clone(skb, GFP_ATOMIC);
1066 if (skb2 && pskb_expand_head(skb2, SKB_DATA_ALIGN(delta), 0,
1074 EXPORT_SYMBOL(skb_realloc_headroom);
1077 * skb_copy_expand - copy and expand sk_buff
1078 * @skb: buffer to copy
1079 * @newheadroom: new free bytes at head
1080 * @newtailroom: new free bytes at tail
1081 * @gfp_mask: allocation priority
1083 * Make a copy of both an &sk_buff and its data and while doing so
1084 * allocate additional space.
1086 * This is used when the caller wishes to modify the data and needs a
1087 * private copy of the data to alter as well as more space for new fields.
1088 * Returns %NULL on failure or the pointer to the buffer
1089 * on success. The returned buffer has a reference count of 1.
1091 * You must pass %GFP_ATOMIC as the allocation priority if this function
1092 * is called from an interrupt.
1094 struct sk_buff *skb_copy_expand(const struct sk_buff *skb,
1095 int newheadroom, int newtailroom,
1099 * Allocate the copy buffer
1101 struct sk_buff *n = alloc_skb(newheadroom + skb->len + newtailroom,
1103 int oldheadroom = skb_headroom(skb);
1104 int head_copy_len, head_copy_off;
1110 skb_reserve(n, newheadroom);
1112 /* Set the tail pointer and length */
1113 skb_put(n, skb->len);
1115 head_copy_len = oldheadroom;
1117 if (newheadroom <= head_copy_len)
1118 head_copy_len = newheadroom;
1120 head_copy_off = newheadroom - head_copy_len;
1122 /* Copy the linear header and data. */
1123 if (skb_copy_bits(skb, -head_copy_len, n->head + head_copy_off,
1124 skb->len + head_copy_len))
1127 copy_skb_header(n, skb);
1129 off = newheadroom - oldheadroom;
1130 if (n->ip_summed == CHECKSUM_PARTIAL)
1131 n->csum_start += off;
1132 #ifdef NET_SKBUFF_DATA_USES_OFFSET
1133 n->transport_header += off;
1134 n->network_header += off;
1135 if (skb_mac_header_was_set(skb))
1136 n->mac_header += off;
1141 EXPORT_SYMBOL(skb_copy_expand);
1144 * skb_pad - zero pad the tail of an skb
1145 * @skb: buffer to pad
1146 * @pad: space to pad
1148 * Ensure that a buffer is followed by a padding area that is zero
1149 * filled. Used by network drivers which may DMA or transfer data
1150 * beyond the buffer end onto the wire.
1152 * May return error in out of memory cases. The skb is freed on error.
1155 int skb_pad(struct sk_buff *skb, int pad)
1160 /* If the skbuff is non linear tailroom is always zero.. */
1161 if (!skb_cloned(skb) && skb_tailroom(skb) >= pad) {
1162 memset(skb->data+skb->len, 0, pad);
1166 ntail = skb->data_len + pad - (skb->end - skb->tail);
1167 if (likely(skb_cloned(skb) || ntail > 0)) {
1168 err = pskb_expand_head(skb, 0, ntail, GFP_ATOMIC);
1173 /* FIXME: The use of this function with non-linear skb's really needs
1176 err = skb_linearize(skb);
1180 memset(skb->data + skb->len, 0, pad);
1187 EXPORT_SYMBOL(skb_pad);
1190 * skb_put - add data to a buffer
1191 * @skb: buffer to use
1192 * @len: amount of data to add
1194 * This function extends the used data area of the buffer. If this would
1195 * exceed the total buffer size the kernel will panic. A pointer to the
1196 * first byte of the extra data is returned.
1198 unsigned char *skb_put(struct sk_buff *skb, unsigned int len)
1200 unsigned char *tmp = skb_tail_pointer(skb);
1201 SKB_LINEAR_ASSERT(skb);
1204 if (unlikely(skb->tail > skb->end))
1205 skb_over_panic(skb, len, __builtin_return_address(0));
1208 EXPORT_SYMBOL(skb_put);
1211 * skb_push - add data to the start of a buffer
1212 * @skb: buffer to use
1213 * @len: amount of data to add
1215 * This function extends the used data area of the buffer at the buffer
1216 * start. If this would exceed the total buffer headroom the kernel will
1217 * panic. A pointer to the first byte of the extra data is returned.
1219 unsigned char *skb_push(struct sk_buff *skb, unsigned int len)
1223 if (unlikely(skb->data<skb->head))
1224 skb_under_panic(skb, len, __builtin_return_address(0));
1227 EXPORT_SYMBOL(skb_push);
1230 * skb_pull - remove data from the start of a buffer
1231 * @skb: buffer to use
1232 * @len: amount of data to remove
1234 * This function removes data from the start of a buffer, returning
1235 * the memory to the headroom. A pointer to the next data in the buffer
1236 * is returned. Once the data has been pulled future pushes will overwrite
1239 unsigned char *skb_pull(struct sk_buff *skb, unsigned int len)
1241 return skb_pull_inline(skb, len);
1243 EXPORT_SYMBOL(skb_pull);
1246 * skb_trim - remove end from a buffer
1247 * @skb: buffer to alter
1250 * Cut the length of a buffer down by removing data from the tail. If
1251 * the buffer is already under the length specified it is not modified.
1252 * The skb must be linear.
1254 void skb_trim(struct sk_buff *skb, unsigned int len)
1257 __skb_trim(skb, len);
1259 EXPORT_SYMBOL(skb_trim);
1261 /* Trims skb to length len. It can change skb pointers.
1264 int ___pskb_trim(struct sk_buff *skb, unsigned int len)
1266 struct sk_buff **fragp;
1267 struct sk_buff *frag;
1268 int offset = skb_headlen(skb);
1269 int nfrags = skb_shinfo(skb)->nr_frags;
1273 if (skb_cloned(skb) &&
1274 unlikely((err = pskb_expand_head(skb, 0, 0, GFP_ATOMIC))))
1281 for (; i < nfrags; i++) {
1282 int end = offset + skb_frag_size(&skb_shinfo(skb)->frags[i]);
1289 skb_frag_size_set(&skb_shinfo(skb)->frags[i++], len - offset);
1292 skb_shinfo(skb)->nr_frags = i;
1294 for (; i < nfrags; i++)
1295 skb_frag_unref(skb, i);
1297 if (skb_has_frag_list(skb))
1298 skb_drop_fraglist(skb);
1302 for (fragp = &skb_shinfo(skb)->frag_list; (frag = *fragp);
1303 fragp = &frag->next) {
1304 int end = offset + frag->len;
1306 if (skb_shared(frag)) {
1307 struct sk_buff *nfrag;
1309 nfrag = skb_clone(frag, GFP_ATOMIC);
1310 if (unlikely(!nfrag))
1313 nfrag->next = frag->next;
1325 unlikely((err = pskb_trim(frag, len - offset))))
1329 skb_drop_list(&frag->next);
1334 if (len > skb_headlen(skb)) {
1335 skb->data_len -= skb->len - len;
1340 skb_set_tail_pointer(skb, len);
1345 EXPORT_SYMBOL(___pskb_trim);
1348 * __pskb_pull_tail - advance tail of skb header
1349 * @skb: buffer to reallocate
1350 * @delta: number of bytes to advance tail
1352 * The function makes a sense only on a fragmented &sk_buff,
1353 * it expands header moving its tail forward and copying necessary
1354 * data from fragmented part.
1356 * &sk_buff MUST have reference count of 1.
1358 * Returns %NULL (and &sk_buff does not change) if pull failed
1359 * or value of new tail of skb in the case of success.
1361 * All the pointers pointing into skb header may change and must be
1362 * reloaded after call to this function.
1365 /* Moves tail of skb head forward, copying data from fragmented part,
1366 * when it is necessary.
1367 * 1. It may fail due to malloc failure.
1368 * 2. It may change skb pointers.
1370 * It is pretty complicated. Luckily, it is called only in exceptional cases.
1372 unsigned char *__pskb_pull_tail(struct sk_buff *skb, int delta)
1374 /* If skb has not enough free space at tail, get new one
1375 * plus 128 bytes for future expansions. If we have enough
1376 * room at tail, reallocate without expansion only if skb is cloned.
1378 int i, k, eat = (skb->tail + delta) - skb->end;
1380 if (eat > 0 || skb_cloned(skb)) {
1381 if (pskb_expand_head(skb, 0, eat > 0 ? eat + 128 : 0,
1386 if (skb_copy_bits(skb, skb_headlen(skb), skb_tail_pointer(skb), delta))
1389 /* Optimization: no fragments, no reasons to preestimate
1390 * size of pulled pages. Superb.
1392 if (!skb_has_frag_list(skb))
1395 /* Estimate size of pulled pages. */
1397 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1398 int size = skb_frag_size(&skb_shinfo(skb)->frags[i]);
1405 /* If we need update frag list, we are in troubles.
1406 * Certainly, it possible to add an offset to skb data,
1407 * but taking into account that pulling is expected to
1408 * be very rare operation, it is worth to fight against
1409 * further bloating skb head and crucify ourselves here instead.
1410 * Pure masohism, indeed. 8)8)
1413 struct sk_buff *list = skb_shinfo(skb)->frag_list;
1414 struct sk_buff *clone = NULL;
1415 struct sk_buff *insp = NULL;
1420 if (list->len <= eat) {
1421 /* Eaten as whole. */
1426 /* Eaten partially. */
1428 if (skb_shared(list)) {
1429 /* Sucks! We need to fork list. :-( */
1430 clone = skb_clone(list, GFP_ATOMIC);
1436 /* This may be pulled without
1440 if (!pskb_pull(list, eat)) {
1448 /* Free pulled out fragments. */
1449 while ((list = skb_shinfo(skb)->frag_list) != insp) {
1450 skb_shinfo(skb)->frag_list = list->next;
1453 /* And insert new clone at head. */
1456 skb_shinfo(skb)->frag_list = clone;
1459 /* Success! Now we may commit changes to skb data. */
1464 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1465 int size = skb_frag_size(&skb_shinfo(skb)->frags[i]);
1468 skb_frag_unref(skb, i);
1471 skb_shinfo(skb)->frags[k] = skb_shinfo(skb)->frags[i];
1473 skb_shinfo(skb)->frags[k].page_offset += eat;
1474 skb_frag_size_sub(&skb_shinfo(skb)->frags[k], eat);
1480 skb_shinfo(skb)->nr_frags = k;
1483 skb->data_len -= delta;
1485 return skb_tail_pointer(skb);
1487 EXPORT_SYMBOL(__pskb_pull_tail);
1490 * skb_copy_bits - copy bits from skb to kernel buffer
1492 * @offset: offset in source
1493 * @to: destination buffer
1494 * @len: number of bytes to copy
1496 * Copy the specified number of bytes from the source skb to the
1497 * destination buffer.
1500 * If its prototype is ever changed,
1501 * check arch/{*}/net/{*}.S files,
1502 * since it is called from BPF assembly code.
1504 int skb_copy_bits(const struct sk_buff *skb, int offset, void *to, int len)
1506 int start = skb_headlen(skb);
1507 struct sk_buff *frag_iter;
1510 if (offset > (int)skb->len - len)
1514 if ((copy = start - offset) > 0) {
1517 skb_copy_from_linear_data_offset(skb, offset, to, copy);
1518 if ((len -= copy) == 0)
1524 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1526 skb_frag_t *f = &skb_shinfo(skb)->frags[i];
1528 WARN_ON(start > offset + len);
1530 end = start + skb_frag_size(f);
1531 if ((copy = end - offset) > 0) {
1537 vaddr = kmap_atomic(skb_frag_page(f));
1539 vaddr + f->page_offset + offset - start,
1541 kunmap_atomic(vaddr);
1543 if ((len -= copy) == 0)
1551 skb_walk_frags(skb, frag_iter) {
1554 WARN_ON(start > offset + len);
1556 end = start + frag_iter->len;
1557 if ((copy = end - offset) > 0) {
1560 if (skb_copy_bits(frag_iter, offset - start, to, copy))
1562 if ((len -= copy) == 0)
1576 EXPORT_SYMBOL(skb_copy_bits);
1579 * Callback from splice_to_pipe(), if we need to release some pages
1580 * at the end of the spd in case we error'ed out in filling the pipe.
1582 static void sock_spd_release(struct splice_pipe_desc *spd, unsigned int i)
1584 put_page(spd->pages[i]);
1587 static struct page *linear_to_page(struct page *page, unsigned int *len,
1588 unsigned int *offset,
1589 struct sk_buff *skb, struct sock *sk)
1591 struct page *p = sk->sk_sndmsg_page;
1596 p = sk->sk_sndmsg_page = alloc_pages(sk->sk_allocation, 0);
1600 off = sk->sk_sndmsg_off = 0;
1601 /* hold one ref to this page until it's full */
1605 /* If we are the only user of the page, we can reset offset */
1606 if (page_count(p) == 1)
1607 sk->sk_sndmsg_off = 0;
1608 off = sk->sk_sndmsg_off;
1609 mlen = PAGE_SIZE - off;
1610 if (mlen < 64 && mlen < *len) {
1615 *len = min_t(unsigned int, *len, mlen);
1618 memcpy(page_address(p) + off, page_address(page) + *offset, *len);
1619 sk->sk_sndmsg_off += *len;
1625 static bool spd_can_coalesce(const struct splice_pipe_desc *spd,
1627 unsigned int offset)
1629 return spd->nr_pages &&
1630 spd->pages[spd->nr_pages - 1] == page &&
1631 (spd->partial[spd->nr_pages - 1].offset +
1632 spd->partial[spd->nr_pages - 1].len == offset);
1636 * Fill page/offset/length into spd, if it can hold more pages.
1638 static bool spd_fill_page(struct splice_pipe_desc *spd,
1639 struct pipe_inode_info *pipe, struct page *page,
1640 unsigned int *len, unsigned int offset,
1641 struct sk_buff *skb, bool linear,
1644 if (unlikely(spd->nr_pages == MAX_SKB_FRAGS))
1648 page = linear_to_page(page, len, &offset, skb, sk);
1652 if (spd_can_coalesce(spd, page, offset)) {
1653 spd->partial[spd->nr_pages - 1].len += *len;
1657 spd->pages[spd->nr_pages] = page;
1658 spd->partial[spd->nr_pages].len = *len;
1659 spd->partial[spd->nr_pages].offset = offset;
1665 static inline void __segment_seek(struct page **page, unsigned int *poff,
1666 unsigned int *plen, unsigned int off)
1671 n = *poff / PAGE_SIZE;
1673 *page = nth_page(*page, n);
1675 *poff = *poff % PAGE_SIZE;
1679 static bool __splice_segment(struct page *page, unsigned int poff,
1680 unsigned int plen, unsigned int *off,
1681 unsigned int *len, struct sk_buff *skb,
1682 struct splice_pipe_desc *spd, bool linear,
1684 struct pipe_inode_info *pipe)
1689 /* skip this segment if already processed */
1695 /* ignore any bits we already processed */
1697 __segment_seek(&page, &poff, &plen, *off);
1702 unsigned int flen = min(*len, plen);
1704 /* the linear region may spread across several pages */
1705 flen = min_t(unsigned int, flen, PAGE_SIZE - poff);
1707 if (spd_fill_page(spd, pipe, page, &flen, poff, skb, linear, sk))
1710 __segment_seek(&page, &poff, &plen, flen);
1713 } while (*len && plen);
1719 * Map linear and fragment data from the skb to spd. It reports true if the
1720 * pipe is full or if we already spliced the requested length.
1722 static bool __skb_splice_bits(struct sk_buff *skb, struct pipe_inode_info *pipe,
1723 unsigned int *offset, unsigned int *len,
1724 struct splice_pipe_desc *spd, struct sock *sk)
1728 /* map the linear part :
1729 * If skb->head_frag is set, this 'linear' part is backed by a
1730 * fragment, and if the head is not shared with any clones then
1731 * we can avoid a copy since we own the head portion of this page.
1733 if (__splice_segment(virt_to_page(skb->data),
1734 (unsigned long) skb->data & (PAGE_SIZE - 1),
1736 offset, len, skb, spd,
1737 skb_head_is_locked(skb),
1742 * then map the fragments
1744 for (seg = 0; seg < skb_shinfo(skb)->nr_frags; seg++) {
1745 const skb_frag_t *f = &skb_shinfo(skb)->frags[seg];
1747 if (__splice_segment(skb_frag_page(f),
1748 f->page_offset, skb_frag_size(f),
1749 offset, len, skb, spd, false, sk, pipe))
1757 * Map data from the skb to a pipe. Should handle both the linear part,
1758 * the fragments, and the frag list. It does NOT handle frag lists within
1759 * the frag list, if such a thing exists. We'd probably need to recurse to
1760 * handle that cleanly.
1762 int skb_splice_bits(struct sk_buff *skb, unsigned int offset,
1763 struct pipe_inode_info *pipe, unsigned int tlen,
1766 struct partial_page partial[MAX_SKB_FRAGS];
1767 struct page *pages[MAX_SKB_FRAGS];
1768 struct splice_pipe_desc spd = {
1771 .nr_pages_max = MAX_SKB_FRAGS,
1773 .ops = &sock_pipe_buf_ops,
1774 .spd_release = sock_spd_release,
1776 struct sk_buff *frag_iter;
1777 struct sock *sk = skb->sk;
1781 * __skb_splice_bits() only fails if the output has no room left,
1782 * so no point in going over the frag_list for the error case.
1784 if (__skb_splice_bits(skb, pipe, &offset, &tlen, &spd, sk))
1790 * now see if we have a frag_list to map
1792 skb_walk_frags(skb, frag_iter) {
1795 if (__skb_splice_bits(frag_iter, pipe, &offset, &tlen, &spd, sk))
1802 * Drop the socket lock, otherwise we have reverse
1803 * locking dependencies between sk_lock and i_mutex
1804 * here as compared to sendfile(). We enter here
1805 * with the socket lock held, and splice_to_pipe() will
1806 * grab the pipe inode lock. For sendfile() emulation,
1807 * we call into ->sendpage() with the i_mutex lock held
1808 * and networking will grab the socket lock.
1811 ret = splice_to_pipe(pipe, &spd);
1819 * skb_store_bits - store bits from kernel buffer to skb
1820 * @skb: destination buffer
1821 * @offset: offset in destination
1822 * @from: source buffer
1823 * @len: number of bytes to copy
1825 * Copy the specified number of bytes from the source buffer to the
1826 * destination skb. This function handles all the messy bits of
1827 * traversing fragment lists and such.
1830 int skb_store_bits(struct sk_buff *skb, int offset, const void *from, int len)
1832 int start = skb_headlen(skb);
1833 struct sk_buff *frag_iter;
1836 if (offset > (int)skb->len - len)
1839 if ((copy = start - offset) > 0) {
1842 skb_copy_to_linear_data_offset(skb, offset, from, copy);
1843 if ((len -= copy) == 0)
1849 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1850 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
1853 WARN_ON(start > offset + len);
1855 end = start + skb_frag_size(frag);
1856 if ((copy = end - offset) > 0) {
1862 vaddr = kmap_atomic(skb_frag_page(frag));
1863 memcpy(vaddr + frag->page_offset + offset - start,
1865 kunmap_atomic(vaddr);
1867 if ((len -= copy) == 0)
1875 skb_walk_frags(skb, frag_iter) {
1878 WARN_ON(start > offset + len);
1880 end = start + frag_iter->len;
1881 if ((copy = end - offset) > 0) {
1884 if (skb_store_bits(frag_iter, offset - start,
1887 if ((len -= copy) == 0)
1900 EXPORT_SYMBOL(skb_store_bits);
1902 /* Checksum skb data. */
1904 __wsum skb_checksum(const struct sk_buff *skb, int offset,
1905 int len, __wsum csum)
1907 int start = skb_headlen(skb);
1908 int i, copy = start - offset;
1909 struct sk_buff *frag_iter;
1912 /* Checksum header. */
1916 csum = csum_partial(skb->data + offset, copy, csum);
1917 if ((len -= copy) == 0)
1923 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1925 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
1927 WARN_ON(start > offset + len);
1929 end = start + skb_frag_size(frag);
1930 if ((copy = end - offset) > 0) {
1936 vaddr = kmap_atomic(skb_frag_page(frag));
1937 csum2 = csum_partial(vaddr + frag->page_offset +
1938 offset - start, copy, 0);
1939 kunmap_atomic(vaddr);
1940 csum = csum_block_add(csum, csum2, pos);
1949 skb_walk_frags(skb, frag_iter) {
1952 WARN_ON(start > offset + len);
1954 end = start + frag_iter->len;
1955 if ((copy = end - offset) > 0) {
1959 csum2 = skb_checksum(frag_iter, offset - start,
1961 csum = csum_block_add(csum, csum2, pos);
1962 if ((len -= copy) == 0)
1973 EXPORT_SYMBOL(skb_checksum);
1975 /* Both of above in one bottle. */
1977 __wsum skb_copy_and_csum_bits(const struct sk_buff *skb, int offset,
1978 u8 *to, int len, __wsum csum)
1980 int start = skb_headlen(skb);
1981 int i, copy = start - offset;
1982 struct sk_buff *frag_iter;
1989 csum = csum_partial_copy_nocheck(skb->data + offset, to,
1991 if ((len -= copy) == 0)
1998 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
2001 WARN_ON(start > offset + len);
2003 end = start + skb_frag_size(&skb_shinfo(skb)->frags[i]);
2004 if ((copy = end - offset) > 0) {
2007 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
2011 vaddr = kmap_atomic(skb_frag_page(frag));
2012 csum2 = csum_partial_copy_nocheck(vaddr +
2016 kunmap_atomic(vaddr);
2017 csum = csum_block_add(csum, csum2, pos);
2027 skb_walk_frags(skb, frag_iter) {
2031 WARN_ON(start > offset + len);
2033 end = start + frag_iter->len;
2034 if ((copy = end - offset) > 0) {
2037 csum2 = skb_copy_and_csum_bits(frag_iter,
2040 csum = csum_block_add(csum, csum2, pos);
2041 if ((len -= copy) == 0)
2052 EXPORT_SYMBOL(skb_copy_and_csum_bits);
2054 void skb_copy_and_csum_dev(const struct sk_buff *skb, u8 *to)
2059 if (skb->ip_summed == CHECKSUM_PARTIAL)
2060 csstart = skb_checksum_start_offset(skb);
2062 csstart = skb_headlen(skb);
2064 BUG_ON(csstart > skb_headlen(skb));
2066 skb_copy_from_linear_data(skb, to, csstart);
2069 if (csstart != skb->len)
2070 csum = skb_copy_and_csum_bits(skb, csstart, to + csstart,
2071 skb->len - csstart, 0);
2073 if (skb->ip_summed == CHECKSUM_PARTIAL) {
2074 long csstuff = csstart + skb->csum_offset;
2076 *((__sum16 *)(to + csstuff)) = csum_fold(csum);
2079 EXPORT_SYMBOL(skb_copy_and_csum_dev);
2082 * skb_dequeue - remove from the head of the queue
2083 * @list: list to dequeue from
2085 * Remove the head of the list. The list lock is taken so the function
2086 * may be used safely with other locking list functions. The head item is
2087 * returned or %NULL if the list is empty.
2090 struct sk_buff *skb_dequeue(struct sk_buff_head *list)
2092 unsigned long flags;
2093 struct sk_buff *result;
2095 spin_lock_irqsave(&list->lock, flags);
2096 result = __skb_dequeue(list);
2097 spin_unlock_irqrestore(&list->lock, flags);
2100 EXPORT_SYMBOL(skb_dequeue);
2103 * skb_dequeue_tail - remove from the tail of the queue
2104 * @list: list to dequeue from
2106 * Remove the tail of the list. The list lock is taken so the function
2107 * may be used safely with other locking list functions. The tail item is
2108 * returned or %NULL if the list is empty.
2110 struct sk_buff *skb_dequeue_tail(struct sk_buff_head *list)
2112 unsigned long flags;
2113 struct sk_buff *result;
2115 spin_lock_irqsave(&list->lock, flags);
2116 result = __skb_dequeue_tail(list);
2117 spin_unlock_irqrestore(&list->lock, flags);
2120 EXPORT_SYMBOL(skb_dequeue_tail);
2123 * skb_queue_purge - empty a list
2124 * @list: list to empty
2126 * Delete all buffers on an &sk_buff list. Each buffer is removed from
2127 * the list and one reference dropped. This function takes the list
2128 * lock and is atomic with respect to other list locking functions.
2130 void skb_queue_purge(struct sk_buff_head *list)
2132 struct sk_buff *skb;
2133 while ((skb = skb_dequeue(list)) != NULL)
2136 EXPORT_SYMBOL(skb_queue_purge);
2139 * skb_queue_head - queue a buffer at the list head
2140 * @list: list to use
2141 * @newsk: buffer to queue
2143 * Queue a buffer at the start of the list. This function takes the
2144 * list lock and can be used safely with other locking &sk_buff functions
2147 * A buffer cannot be placed on two lists at the same time.
2149 void skb_queue_head(struct sk_buff_head *list, struct sk_buff *newsk)
2151 unsigned long flags;
2153 spin_lock_irqsave(&list->lock, flags);
2154 __skb_queue_head(list, newsk);
2155 spin_unlock_irqrestore(&list->lock, flags);
2157 EXPORT_SYMBOL(skb_queue_head);
2160 * skb_queue_tail - queue a buffer at the list tail
2161 * @list: list to use
2162 * @newsk: buffer to queue
2164 * Queue a buffer at the tail of the list. This function takes the
2165 * list lock and can be used safely with other locking &sk_buff functions
2168 * A buffer cannot be placed on two lists at the same time.
2170 void skb_queue_tail(struct sk_buff_head *list, struct sk_buff *newsk)
2172 unsigned long flags;
2174 spin_lock_irqsave(&list->lock, flags);
2175 __skb_queue_tail(list, newsk);
2176 spin_unlock_irqrestore(&list->lock, flags);
2178 EXPORT_SYMBOL(skb_queue_tail);
2181 * skb_unlink - remove a buffer from a list
2182 * @skb: buffer to remove
2183 * @list: list to use
2185 * Remove a packet from a list. The list locks are taken and this
2186 * function is atomic with respect to other list locked calls
2188 * You must know what list the SKB is on.
2190 void skb_unlink(struct sk_buff *skb, struct sk_buff_head *list)
2192 unsigned long flags;
2194 spin_lock_irqsave(&list->lock, flags);
2195 __skb_unlink(skb, list);
2196 spin_unlock_irqrestore(&list->lock, flags);
2198 EXPORT_SYMBOL(skb_unlink);
2201 * skb_append - append a buffer
2202 * @old: buffer to insert after
2203 * @newsk: buffer to insert
2204 * @list: list to use
2206 * Place a packet after a given packet in a list. The list locks are taken
2207 * and this function is atomic with respect to other list locked calls.
2208 * A buffer cannot be placed on two lists at the same time.
2210 void skb_append(struct sk_buff *old, struct sk_buff *newsk, struct sk_buff_head *list)
2212 unsigned long flags;
2214 spin_lock_irqsave(&list->lock, flags);
2215 __skb_queue_after(list, old, newsk);
2216 spin_unlock_irqrestore(&list->lock, flags);
2218 EXPORT_SYMBOL(skb_append);
2221 * skb_insert - insert a buffer
2222 * @old: buffer to insert before
2223 * @newsk: buffer to insert
2224 * @list: list to use
2226 * Place a packet before a given packet in a list. The list locks are
2227 * taken and this function is atomic with respect to other list locked
2230 * A buffer cannot be placed on two lists at the same time.
2232 void skb_insert(struct sk_buff *old, struct sk_buff *newsk, struct sk_buff_head *list)
2234 unsigned long flags;
2236 spin_lock_irqsave(&list->lock, flags);
2237 __skb_insert(newsk, old->prev, old, list);
2238 spin_unlock_irqrestore(&list->lock, flags);
2240 EXPORT_SYMBOL(skb_insert);
2242 static inline void skb_split_inside_header(struct sk_buff *skb,
2243 struct sk_buff* skb1,
2244 const u32 len, const int pos)
2248 skb_copy_from_linear_data_offset(skb, len, skb_put(skb1, pos - len),
2250 /* And move data appendix as is. */
2251 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
2252 skb_shinfo(skb1)->frags[i] = skb_shinfo(skb)->frags[i];
2254 skb_shinfo(skb1)->nr_frags = skb_shinfo(skb)->nr_frags;
2255 skb_shinfo(skb)->nr_frags = 0;
2256 skb1->data_len = skb->data_len;
2257 skb1->len += skb1->data_len;
2260 skb_set_tail_pointer(skb, len);
2263 static inline void skb_split_no_header(struct sk_buff *skb,
2264 struct sk_buff* skb1,
2265 const u32 len, int pos)
2268 const int nfrags = skb_shinfo(skb)->nr_frags;
2270 skb_shinfo(skb)->nr_frags = 0;
2271 skb1->len = skb1->data_len = skb->len - len;
2273 skb->data_len = len - pos;
2275 for (i = 0; i < nfrags; i++) {
2276 int size = skb_frag_size(&skb_shinfo(skb)->frags[i]);
2278 if (pos + size > len) {
2279 skb_shinfo(skb1)->frags[k] = skb_shinfo(skb)->frags[i];
2283 * We have two variants in this case:
2284 * 1. Move all the frag to the second
2285 * part, if it is possible. F.e.
2286 * this approach is mandatory for TUX,
2287 * where splitting is expensive.
2288 * 2. Split is accurately. We make this.
2290 skb_frag_ref(skb, i);
2291 skb_shinfo(skb1)->frags[0].page_offset += len - pos;
2292 skb_frag_size_sub(&skb_shinfo(skb1)->frags[0], len - pos);
2293 skb_frag_size_set(&skb_shinfo(skb)->frags[i], len - pos);
2294 skb_shinfo(skb)->nr_frags++;
2298 skb_shinfo(skb)->nr_frags++;
2301 skb_shinfo(skb1)->nr_frags = k;
2305 * skb_split - Split fragmented skb to two parts at length len.
2306 * @skb: the buffer to split
2307 * @skb1: the buffer to receive the second part
2308 * @len: new length for skb
2310 void skb_split(struct sk_buff *skb, struct sk_buff *skb1, const u32 len)
2312 int pos = skb_headlen(skb);
2314 if (len < pos) /* Split line is inside header. */
2315 skb_split_inside_header(skb, skb1, len, pos);
2316 else /* Second chunk has no header, nothing to copy. */
2317 skb_split_no_header(skb, skb1, len, pos);
2319 EXPORT_SYMBOL(skb_split);
2321 /* Shifting from/to a cloned skb is a no-go.
2323 * Caller cannot keep skb_shinfo related pointers past calling here!
2325 static int skb_prepare_for_shift(struct sk_buff *skb)
2327 return skb_cloned(skb) && pskb_expand_head(skb, 0, 0, GFP_ATOMIC);
2331 * skb_shift - Shifts paged data partially from skb to another
2332 * @tgt: buffer into which tail data gets added
2333 * @skb: buffer from which the paged data comes from
2334 * @shiftlen: shift up to this many bytes
2336 * Attempts to shift up to shiftlen worth of bytes, which may be less than
2337 * the length of the skb, from skb to tgt. Returns number bytes shifted.
2338 * It's up to caller to free skb if everything was shifted.
2340 * If @tgt runs out of frags, the whole operation is aborted.
2342 * Skb cannot include anything else but paged data while tgt is allowed
2343 * to have non-paged data as well.
2345 * TODO: full sized shift could be optimized but that would need
2346 * specialized skb free'er to handle frags without up-to-date nr_frags.
2348 int skb_shift(struct sk_buff *tgt, struct sk_buff *skb, int shiftlen)
2350 int from, to, merge, todo;
2351 struct skb_frag_struct *fragfrom, *fragto;
2353 BUG_ON(shiftlen > skb->len);
2354 BUG_ON(skb_headlen(skb)); /* Would corrupt stream */
2358 to = skb_shinfo(tgt)->nr_frags;
2359 fragfrom = &skb_shinfo(skb)->frags[from];
2361 /* Actual merge is delayed until the point when we know we can
2362 * commit all, so that we don't have to undo partial changes
2365 !skb_can_coalesce(tgt, to, skb_frag_page(fragfrom),
2366 fragfrom->page_offset)) {
2371 todo -= skb_frag_size(fragfrom);
2373 if (skb_prepare_for_shift(skb) ||
2374 skb_prepare_for_shift(tgt))
2377 /* All previous frag pointers might be stale! */
2378 fragfrom = &skb_shinfo(skb)->frags[from];
2379 fragto = &skb_shinfo(tgt)->frags[merge];
2381 skb_frag_size_add(fragto, shiftlen);
2382 skb_frag_size_sub(fragfrom, shiftlen);
2383 fragfrom->page_offset += shiftlen;
2391 /* Skip full, not-fitting skb to avoid expensive operations */
2392 if ((shiftlen == skb->len) &&
2393 (skb_shinfo(skb)->nr_frags - from) > (MAX_SKB_FRAGS - to))
2396 if (skb_prepare_for_shift(skb) || skb_prepare_for_shift(tgt))
2399 while ((todo > 0) && (from < skb_shinfo(skb)->nr_frags)) {
2400 if (to == MAX_SKB_FRAGS)
2403 fragfrom = &skb_shinfo(skb)->frags[from];
2404 fragto = &skb_shinfo(tgt)->frags[to];
2406 if (todo >= skb_frag_size(fragfrom)) {
2407 *fragto = *fragfrom;
2408 todo -= skb_frag_size(fragfrom);
2413 __skb_frag_ref(fragfrom);
2414 fragto->page = fragfrom->page;
2415 fragto->page_offset = fragfrom->page_offset;
2416 skb_frag_size_set(fragto, todo);
2418 fragfrom->page_offset += todo;
2419 skb_frag_size_sub(fragfrom, todo);
2427 /* Ready to "commit" this state change to tgt */
2428 skb_shinfo(tgt)->nr_frags = to;
2431 fragfrom = &skb_shinfo(skb)->frags[0];
2432 fragto = &skb_shinfo(tgt)->frags[merge];
2434 skb_frag_size_add(fragto, skb_frag_size(fragfrom));
2435 __skb_frag_unref(fragfrom);
2438 /* Reposition in the original skb */
2440 while (from < skb_shinfo(skb)->nr_frags)
2441 skb_shinfo(skb)->frags[to++] = skb_shinfo(skb)->frags[from++];
2442 skb_shinfo(skb)->nr_frags = to;
2444 BUG_ON(todo > 0 && !skb_shinfo(skb)->nr_frags);
2447 /* Most likely the tgt won't ever need its checksum anymore, skb on
2448 * the other hand might need it if it needs to be resent
2450 tgt->ip_summed = CHECKSUM_PARTIAL;
2451 skb->ip_summed = CHECKSUM_PARTIAL;
2453 /* Yak, is it really working this way? Some helper please? */
2454 skb->len -= shiftlen;
2455 skb->data_len -= shiftlen;
2456 skb->truesize -= shiftlen;
2457 tgt->len += shiftlen;
2458 tgt->data_len += shiftlen;
2459 tgt->truesize += shiftlen;
2465 * skb_prepare_seq_read - Prepare a sequential read of skb data
2466 * @skb: the buffer to read
2467 * @from: lower offset of data to be read
2468 * @to: upper offset of data to be read
2469 * @st: state variable
2471 * Initializes the specified state variable. Must be called before
2472 * invoking skb_seq_read() for the first time.
2474 void skb_prepare_seq_read(struct sk_buff *skb, unsigned int from,
2475 unsigned int to, struct skb_seq_state *st)
2477 st->lower_offset = from;
2478 st->upper_offset = to;
2479 st->root_skb = st->cur_skb = skb;
2480 st->frag_idx = st->stepped_offset = 0;
2481 st->frag_data = NULL;
2483 EXPORT_SYMBOL(skb_prepare_seq_read);
2486 * skb_seq_read - Sequentially read skb data
2487 * @consumed: number of bytes consumed by the caller so far
2488 * @data: destination pointer for data to be returned
2489 * @st: state variable
2491 * Reads a block of skb data at &consumed relative to the
2492 * lower offset specified to skb_prepare_seq_read(). Assigns
2493 * the head of the data block to &data and returns the length
2494 * of the block or 0 if the end of the skb data or the upper
2495 * offset has been reached.
2497 * The caller is not required to consume all of the data
2498 * returned, i.e. &consumed is typically set to the number
2499 * of bytes already consumed and the next call to
2500 * skb_seq_read() will return the remaining part of the block.
2502 * Note 1: The size of each block of data returned can be arbitrary,
2503 * this limitation is the cost for zerocopy seqeuental
2504 * reads of potentially non linear data.
2506 * Note 2: Fragment lists within fragments are not implemented
2507 * at the moment, state->root_skb could be replaced with
2508 * a stack for this purpose.
2510 unsigned int skb_seq_read(unsigned int consumed, const u8 **data,
2511 struct skb_seq_state *st)
2513 unsigned int block_limit, abs_offset = consumed + st->lower_offset;
2516 if (unlikely(abs_offset >= st->upper_offset))
2520 block_limit = skb_headlen(st->cur_skb) + st->stepped_offset;
2522 if (abs_offset < block_limit && !st->frag_data) {
2523 *data = st->cur_skb->data + (abs_offset - st->stepped_offset);
2524 return block_limit - abs_offset;
2527 if (st->frag_idx == 0 && !st->frag_data)
2528 st->stepped_offset += skb_headlen(st->cur_skb);
2530 while (st->frag_idx < skb_shinfo(st->cur_skb)->nr_frags) {
2531 frag = &skb_shinfo(st->cur_skb)->frags[st->frag_idx];
2532 block_limit = skb_frag_size(frag) + st->stepped_offset;
2534 if (abs_offset < block_limit) {
2536 st->frag_data = kmap_atomic(skb_frag_page(frag));
2538 *data = (u8 *) st->frag_data + frag->page_offset +
2539 (abs_offset - st->stepped_offset);
2541 return block_limit - abs_offset;
2544 if (st->frag_data) {
2545 kunmap_atomic(st->frag_data);
2546 st->frag_data = NULL;
2550 st->stepped_offset += skb_frag_size(frag);
2553 if (st->frag_data) {
2554 kunmap_atomic(st->frag_data);
2555 st->frag_data = NULL;
2558 if (st->root_skb == st->cur_skb && skb_has_frag_list(st->root_skb)) {
2559 st->cur_skb = skb_shinfo(st->root_skb)->frag_list;
2562 } else if (st->cur_skb->next) {
2563 st->cur_skb = st->cur_skb->next;
2570 EXPORT_SYMBOL(skb_seq_read);
2573 * skb_abort_seq_read - Abort a sequential read of skb data
2574 * @st: state variable
2576 * Must be called if skb_seq_read() was not called until it
2579 void skb_abort_seq_read(struct skb_seq_state *st)
2582 kunmap_atomic(st->frag_data);
2584 EXPORT_SYMBOL(skb_abort_seq_read);
2586 #define TS_SKB_CB(state) ((struct skb_seq_state *) &((state)->cb))
2588 static unsigned int skb_ts_get_next_block(unsigned int offset, const u8 **text,
2589 struct ts_config *conf,
2590 struct ts_state *state)
2592 return skb_seq_read(offset, text, TS_SKB_CB(state));
2595 static void skb_ts_finish(struct ts_config *conf, struct ts_state *state)
2597 skb_abort_seq_read(TS_SKB_CB(state));
2601 * skb_find_text - Find a text pattern in skb data
2602 * @skb: the buffer to look in
2603 * @from: search offset
2605 * @config: textsearch configuration
2606 * @state: uninitialized textsearch state variable
2608 * Finds a pattern in the skb data according to the specified
2609 * textsearch configuration. Use textsearch_next() to retrieve
2610 * subsequent occurrences of the pattern. Returns the offset
2611 * to the first occurrence or UINT_MAX if no match was found.
2613 unsigned int skb_find_text(struct sk_buff *skb, unsigned int from,
2614 unsigned int to, struct ts_config *config,
2615 struct ts_state *state)
2619 config->get_next_block = skb_ts_get_next_block;
2620 config->finish = skb_ts_finish;
2622 skb_prepare_seq_read(skb, from, to, TS_SKB_CB(state));
2624 ret = textsearch_find(config, state);
2625 return (ret <= to - from ? ret : UINT_MAX);
2627 EXPORT_SYMBOL(skb_find_text);
2630 * skb_append_datato_frags - append the user data to a skb
2631 * @sk: sock structure
2632 * @skb: skb structure to be appened with user data.
2633 * @getfrag: call back function to be used for getting the user data
2634 * @from: pointer to user message iov
2635 * @length: length of the iov message
2637 * Description: This procedure append the user data in the fragment part
2638 * of the skb if any page alloc fails user this procedure returns -ENOMEM
2640 int skb_append_datato_frags(struct sock *sk, struct sk_buff *skb,
2641 int (*getfrag)(void *from, char *to, int offset,
2642 int len, int odd, struct sk_buff *skb),
2643 void *from, int length)
2646 skb_frag_t *frag = NULL;
2647 struct page *page = NULL;
2653 /* Return error if we don't have space for new frag */
2654 frg_cnt = skb_shinfo(skb)->nr_frags;
2655 if (frg_cnt >= MAX_SKB_FRAGS)
2658 /* allocate a new page for next frag */
2659 page = alloc_pages(sk->sk_allocation, 0);
2661 /* If alloc_page fails just return failure and caller will
2662 * free previous allocated pages by doing kfree_skb()
2667 /* initialize the next frag */
2668 skb_fill_page_desc(skb, frg_cnt, page, 0, 0);
2669 skb->truesize += PAGE_SIZE;
2670 atomic_add(PAGE_SIZE, &sk->sk_wmem_alloc);
2672 /* get the new initialized frag */
2673 frg_cnt = skb_shinfo(skb)->nr_frags;
2674 frag = &skb_shinfo(skb)->frags[frg_cnt - 1];
2676 /* copy the user data to page */
2677 left = PAGE_SIZE - frag->page_offset;
2678 copy = (length > left)? left : length;
2680 ret = getfrag(from, skb_frag_address(frag) + skb_frag_size(frag),
2681 offset, copy, 0, skb);
2685 /* copy was successful so update the size parameters */
2686 skb_frag_size_add(frag, copy);
2688 skb->data_len += copy;
2692 } while (length > 0);
2696 EXPORT_SYMBOL(skb_append_datato_frags);
2699 * skb_pull_rcsum - pull skb and update receive checksum
2700 * @skb: buffer to update
2701 * @len: length of data pulled
2703 * This function performs an skb_pull on the packet and updates
2704 * the CHECKSUM_COMPLETE checksum. It should be used on
2705 * receive path processing instead of skb_pull unless you know
2706 * that the checksum difference is zero (e.g., a valid IP header)
2707 * or you are setting ip_summed to CHECKSUM_NONE.
2709 unsigned char *skb_pull_rcsum(struct sk_buff *skb, unsigned int len)
2711 BUG_ON(len > skb->len);
2713 BUG_ON(skb->len < skb->data_len);
2714 skb_postpull_rcsum(skb, skb->data, len);
2715 return skb->data += len;
2717 EXPORT_SYMBOL_GPL(skb_pull_rcsum);
2720 * skb_segment - Perform protocol segmentation on skb.
2721 * @skb: buffer to segment
2722 * @features: features for the output path (see dev->features)
2724 * This function performs segmentation on the given skb. It returns
2725 * a pointer to the first in a list of new skbs for the segments.
2726 * In case of error it returns ERR_PTR(err).
2728 struct sk_buff *skb_segment(struct sk_buff *skb, netdev_features_t features)
2730 struct sk_buff *segs = NULL;
2731 struct sk_buff *tail = NULL;
2732 struct sk_buff *fskb = skb_shinfo(skb)->frag_list;
2733 unsigned int mss = skb_shinfo(skb)->gso_size;
2734 unsigned int doffset = skb->data - skb_mac_header(skb);
2735 unsigned int offset = doffset;
2736 unsigned int headroom;
2738 int sg = !!(features & NETIF_F_SG);
2739 int nfrags = skb_shinfo(skb)->nr_frags;
2744 __skb_push(skb, doffset);
2745 headroom = skb_headroom(skb);
2746 pos = skb_headlen(skb);
2749 struct sk_buff *nskb;
2754 len = skb->len - offset;
2758 hsize = skb_headlen(skb) - offset;
2761 if (hsize > len || !sg)
2764 if (!hsize && i >= nfrags) {
2765 BUG_ON(fskb->len != len);
2768 nskb = skb_clone(fskb, GFP_ATOMIC);
2771 if (unlikely(!nskb))
2774 hsize = skb_end_offset(nskb);
2775 if (skb_cow_head(nskb, doffset + headroom)) {
2780 nskb->truesize += skb_end_offset(nskb) - hsize;
2781 skb_release_head_state(nskb);
2782 __skb_push(nskb, doffset);
2784 nskb = alloc_skb(hsize + doffset + headroom,
2787 if (unlikely(!nskb))
2790 skb_reserve(nskb, headroom);
2791 __skb_put(nskb, doffset);
2800 __copy_skb_header(nskb, skb);
2801 nskb->mac_len = skb->mac_len;
2803 /* nskb and skb might have different headroom */
2804 if (nskb->ip_summed == CHECKSUM_PARTIAL)
2805 nskb->csum_start += skb_headroom(nskb) - headroom;
2807 skb_reset_mac_header(nskb);
2808 skb_set_network_header(nskb, skb->mac_len);
2809 nskb->transport_header = (nskb->network_header +
2810 skb_network_header_len(skb));
2811 skb_copy_from_linear_data(skb, nskb->data, doffset);
2813 if (fskb != skb_shinfo(skb)->frag_list)
2817 nskb->ip_summed = CHECKSUM_NONE;
2818 nskb->csum = skb_copy_and_csum_bits(skb, offset,
2824 frag = skb_shinfo(nskb)->frags;
2826 skb_copy_from_linear_data_offset(skb, offset,
2827 skb_put(nskb, hsize), hsize);
2829 while (pos < offset + len && i < nfrags) {
2830 *frag = skb_shinfo(skb)->frags[i];
2831 __skb_frag_ref(frag);
2832 size = skb_frag_size(frag);
2835 frag->page_offset += offset - pos;
2836 skb_frag_size_sub(frag, offset - pos);
2839 skb_shinfo(nskb)->nr_frags++;
2841 if (pos + size <= offset + len) {
2845 skb_frag_size_sub(frag, pos + size - (offset + len));
2852 if (pos < offset + len) {
2853 struct sk_buff *fskb2 = fskb;
2855 BUG_ON(pos + fskb->len != offset + len);
2861 fskb2 = skb_clone(fskb2, GFP_ATOMIC);
2867 SKB_FRAG_ASSERT(nskb);
2868 skb_shinfo(nskb)->frag_list = fskb2;
2872 nskb->data_len = len - hsize;
2873 nskb->len += nskb->data_len;
2874 nskb->truesize += nskb->data_len;
2875 } while ((offset += len) < skb->len);
2880 while ((skb = segs)) {
2884 return ERR_PTR(err);
2886 EXPORT_SYMBOL_GPL(skb_segment);
2888 int skb_gro_receive(struct sk_buff **head, struct sk_buff *skb)
2890 struct sk_buff *p = *head;
2891 struct sk_buff *nskb;
2892 struct skb_shared_info *skbinfo = skb_shinfo(skb);
2893 struct skb_shared_info *pinfo = skb_shinfo(p);
2894 unsigned int headroom;
2895 unsigned int len = skb_gro_len(skb);
2896 unsigned int offset = skb_gro_offset(skb);
2897 unsigned int headlen = skb_headlen(skb);
2898 unsigned int delta_truesize;
2900 if (p->len + len >= 65536)
2903 if (pinfo->frag_list)
2905 else if (headlen <= offset) {
2908 int i = skbinfo->nr_frags;
2909 int nr_frags = pinfo->nr_frags + i;
2913 if (nr_frags > MAX_SKB_FRAGS)
2916 pinfo->nr_frags = nr_frags;
2917 skbinfo->nr_frags = 0;
2919 frag = pinfo->frags + nr_frags;
2920 frag2 = skbinfo->frags + i;
2925 frag->page_offset += offset;
2926 skb_frag_size_sub(frag, offset);
2928 /* all fragments truesize : remove (head size + sk_buff) */
2929 delta_truesize = skb->truesize -
2930 SKB_TRUESIZE(skb_end_offset(skb));
2932 skb->truesize -= skb->data_len;
2933 skb->len -= skb->data_len;
2936 NAPI_GRO_CB(skb)->free = NAPI_GRO_FREE;
2938 } else if (skb->head_frag) {
2939 int nr_frags = pinfo->nr_frags;
2940 skb_frag_t *frag = pinfo->frags + nr_frags;
2941 struct page *page = virt_to_head_page(skb->head);
2942 unsigned int first_size = headlen - offset;
2943 unsigned int first_offset;
2945 if (nr_frags + 1 + skbinfo->nr_frags > MAX_SKB_FRAGS)
2948 first_offset = skb->data -
2949 (unsigned char *)page_address(page) +
2952 pinfo->nr_frags = nr_frags + 1 + skbinfo->nr_frags;
2954 frag->page.p = page;
2955 frag->page_offset = first_offset;
2956 skb_frag_size_set(frag, first_size);
2958 memcpy(frag + 1, skbinfo->frags, sizeof(*frag) * skbinfo->nr_frags);
2959 /* We dont need to clear skbinfo->nr_frags here */
2961 delta_truesize = skb->truesize - SKB_DATA_ALIGN(sizeof(struct sk_buff));
2962 NAPI_GRO_CB(skb)->free = NAPI_GRO_FREE_STOLEN_HEAD;
2964 } else if (skb_gro_len(p) != pinfo->gso_size)
2967 headroom = skb_headroom(p);
2968 nskb = alloc_skb(headroom + skb_gro_offset(p), GFP_ATOMIC);
2969 if (unlikely(!nskb))
2972 __copy_skb_header(nskb, p);
2973 nskb->mac_len = p->mac_len;
2975 skb_reserve(nskb, headroom);
2976 __skb_put(nskb, skb_gro_offset(p));
2978 skb_set_mac_header(nskb, skb_mac_header(p) - p->data);
2979 skb_set_network_header(nskb, skb_network_offset(p));
2980 skb_set_transport_header(nskb, skb_transport_offset(p));
2982 __skb_pull(p, skb_gro_offset(p));
2983 memcpy(skb_mac_header(nskb), skb_mac_header(p),
2984 p->data - skb_mac_header(p));
2986 *NAPI_GRO_CB(nskb) = *NAPI_GRO_CB(p);
2987 skb_shinfo(nskb)->frag_list = p;
2988 skb_shinfo(nskb)->gso_size = pinfo->gso_size;
2989 pinfo->gso_size = 0;
2990 skb_header_release(p);
2993 nskb->data_len += p->len;
2994 nskb->truesize += p->truesize;
2995 nskb->len += p->len;
2998 nskb->next = p->next;
3004 delta_truesize = skb->truesize;
3005 if (offset > headlen) {
3006 unsigned int eat = offset - headlen;
3008 skbinfo->frags[0].page_offset += eat;
3009 skb_frag_size_sub(&skbinfo->frags[0], eat);
3010 skb->data_len -= eat;
3015 __skb_pull(skb, offset);
3017 p->prev->next = skb;
3019 skb_header_release(skb);
3022 NAPI_GRO_CB(p)->count++;
3024 p->truesize += delta_truesize;
3027 NAPI_GRO_CB(skb)->same_flow = 1;
3030 EXPORT_SYMBOL_GPL(skb_gro_receive);
3032 void __init skb_init(void)
3034 skbuff_head_cache = kmem_cache_create("skbuff_head_cache",
3035 sizeof(struct sk_buff),
3037 SLAB_HWCACHE_ALIGN|SLAB_PANIC,
3039 skbuff_fclone_cache = kmem_cache_create("skbuff_fclone_cache",
3040 (2*sizeof(struct sk_buff)) +
3043 SLAB_HWCACHE_ALIGN|SLAB_PANIC,
3048 * skb_to_sgvec - Fill a scatter-gather list from a socket buffer
3049 * @skb: Socket buffer containing the buffers to be mapped
3050 * @sg: The scatter-gather list to map into
3051 * @offset: The offset into the buffer's contents to start mapping
3052 * @len: Length of buffer space to be mapped
3054 * Fill the specified scatter-gather list with mappings/pointers into a
3055 * region of the buffer space attached to a socket buffer.
3058 __skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len)
3060 int start = skb_headlen(skb);
3061 int i, copy = start - offset;
3062 struct sk_buff *frag_iter;
3068 sg_set_buf(sg, skb->data + offset, copy);
3070 if ((len -= copy) == 0)
3075 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
3078 WARN_ON(start > offset + len);
3080 end = start + skb_frag_size(&skb_shinfo(skb)->frags[i]);
3081 if ((copy = end - offset) > 0) {
3082 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
3086 sg_set_page(&sg[elt], skb_frag_page(frag), copy,
3087 frag->page_offset+offset-start);
3096 skb_walk_frags(skb, frag_iter) {
3099 WARN_ON(start > offset + len);
3101 end = start + frag_iter->len;
3102 if ((copy = end - offset) > 0) {
3105 elt += __skb_to_sgvec(frag_iter, sg+elt, offset - start,
3107 if ((len -= copy) == 0)
3117 int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len)
3119 int nsg = __skb_to_sgvec(skb, sg, offset, len);
3121 sg_mark_end(&sg[nsg - 1]);
3125 EXPORT_SYMBOL_GPL(skb_to_sgvec);
3128 * skb_cow_data - Check that a socket buffer's data buffers are writable
3129 * @skb: The socket buffer to check.
3130 * @tailbits: Amount of trailing space to be added
3131 * @trailer: Returned pointer to the skb where the @tailbits space begins
3133 * Make sure that the data buffers attached to a socket buffer are
3134 * writable. If they are not, private copies are made of the data buffers
3135 * and the socket buffer is set to use these instead.
3137 * If @tailbits is given, make sure that there is space to write @tailbits
3138 * bytes of data beyond current end of socket buffer. @trailer will be
3139 * set to point to the skb in which this space begins.
3141 * The number of scatterlist elements required to completely map the
3142 * COW'd and extended socket buffer will be returned.
3144 int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer)
3148 struct sk_buff *skb1, **skb_p;
3150 /* If skb is cloned or its head is paged, reallocate
3151 * head pulling out all the pages (pages are considered not writable
3152 * at the moment even if they are anonymous).
3154 if ((skb_cloned(skb) || skb_shinfo(skb)->nr_frags) &&
3155 __pskb_pull_tail(skb, skb_pagelen(skb)-skb_headlen(skb)) == NULL)
3158 /* Easy case. Most of packets will go this way. */
3159 if (!skb_has_frag_list(skb)) {
3160 /* A little of trouble, not enough of space for trailer.
3161 * This should not happen, when stack is tuned to generate
3162 * good frames. OK, on miss we reallocate and reserve even more
3163 * space, 128 bytes is fair. */
3165 if (skb_tailroom(skb) < tailbits &&
3166 pskb_expand_head(skb, 0, tailbits-skb_tailroom(skb)+128, GFP_ATOMIC))
3174 /* Misery. We are in troubles, going to mincer fragments... */
3177 skb_p = &skb_shinfo(skb)->frag_list;
3180 while ((skb1 = *skb_p) != NULL) {
3183 /* The fragment is partially pulled by someone,
3184 * this can happen on input. Copy it and everything
3187 if (skb_shared(skb1))
3190 /* If the skb is the last, worry about trailer. */
3192 if (skb1->next == NULL && tailbits) {
3193 if (skb_shinfo(skb1)->nr_frags ||
3194 skb_has_frag_list(skb1) ||
3195 skb_tailroom(skb1) < tailbits)
3196 ntail = tailbits + 128;
3202 skb_shinfo(skb1)->nr_frags ||
3203 skb_has_frag_list(skb1)) {
3204 struct sk_buff *skb2;
3206 /* Fuck, we are miserable poor guys... */
3208 skb2 = skb_copy(skb1, GFP_ATOMIC);
3210 skb2 = skb_copy_expand(skb1,
3214 if (unlikely(skb2 == NULL))
3218 skb_set_owner_w(skb2, skb1->sk);
3220 /* Looking around. Are we still alive?
3221 * OK, link new skb, drop old one */
3223 skb2->next = skb1->next;
3230 skb_p = &skb1->next;
3235 EXPORT_SYMBOL_GPL(skb_cow_data);
3237 static void sock_rmem_free(struct sk_buff *skb)
3239 struct sock *sk = skb->sk;
3241 atomic_sub(skb->truesize, &sk->sk_rmem_alloc);
3245 * Note: We dont mem charge error packets (no sk_forward_alloc changes)
3247 int sock_queue_err_skb(struct sock *sk, struct sk_buff *skb)
3251 if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >=
3252 (unsigned int)sk->sk_rcvbuf)
3257 skb->destructor = sock_rmem_free;
3258 atomic_add(skb->truesize, &sk->sk_rmem_alloc);
3260 /* before exiting rcu section, make sure dst is refcounted */
3263 skb_queue_tail(&sk->sk_error_queue, skb);
3264 if (!sock_flag(sk, SOCK_DEAD))
3265 sk->sk_data_ready(sk, len);
3268 EXPORT_SYMBOL(sock_queue_err_skb);
3270 void skb_tstamp_tx(struct sk_buff *orig_skb,
3271 struct skb_shared_hwtstamps *hwtstamps)
3273 struct sock *sk = orig_skb->sk;
3274 struct sock_exterr_skb *serr;
3275 struct sk_buff *skb;
3281 skb = skb_clone(orig_skb, GFP_ATOMIC);
3286 *skb_hwtstamps(skb) =
3290 * no hardware time stamps available,
3291 * so keep the shared tx_flags and only
3292 * store software time stamp
3294 skb->tstamp = ktime_get_real();
3297 serr = SKB_EXT_ERR(skb);
3298 memset(serr, 0, sizeof(*serr));
3299 serr->ee.ee_errno = ENOMSG;
3300 serr->ee.ee_origin = SO_EE_ORIGIN_TIMESTAMPING;
3302 err = sock_queue_err_skb(sk, skb);
3307 EXPORT_SYMBOL_GPL(skb_tstamp_tx);
3309 void skb_complete_wifi_ack(struct sk_buff *skb, bool acked)
3311 struct sock *sk = skb->sk;
3312 struct sock_exterr_skb *serr;
3315 skb->wifi_acked_valid = 1;
3316 skb->wifi_acked = acked;
3318 serr = SKB_EXT_ERR(skb);
3319 memset(serr, 0, sizeof(*serr));
3320 serr->ee.ee_errno = ENOMSG;
3321 serr->ee.ee_origin = SO_EE_ORIGIN_TXSTATUS;
3323 err = sock_queue_err_skb(sk, skb);
3327 EXPORT_SYMBOL_GPL(skb_complete_wifi_ack);
3331 * skb_partial_csum_set - set up and verify partial csum values for packet
3332 * @skb: the skb to set
3333 * @start: the number of bytes after skb->data to start checksumming.
3334 * @off: the offset from start to place the checksum.
3336 * For untrusted partially-checksummed packets, we need to make sure the values
3337 * for skb->csum_start and skb->csum_offset are valid so we don't oops.
3339 * This function checks and sets those values and skb->ip_summed: if this
3340 * returns false you should drop the packet.
3342 bool skb_partial_csum_set(struct sk_buff *skb, u16 start, u16 off)
3344 if (unlikely(start > skb_headlen(skb)) ||
3345 unlikely((int)start + off > skb_headlen(skb) - 2)) {
3346 net_warn_ratelimited("bad partial csum: csum=%u/%u len=%u\n",
3347 start, off, skb_headlen(skb));
3350 skb->ip_summed = CHECKSUM_PARTIAL;
3351 skb->csum_start = skb_headroom(skb) + start;
3352 skb->csum_offset = off;
3355 EXPORT_SYMBOL_GPL(skb_partial_csum_set);
3357 void __skb_warn_lro_forwarding(const struct sk_buff *skb)
3359 net_warn_ratelimited("%s: received packets cannot be forwarded while LRO is enabled\n",
3362 EXPORT_SYMBOL(__skb_warn_lro_forwarding);
3364 void kfree_skb_partial(struct sk_buff *skb, bool head_stolen)
3367 kmem_cache_free(skbuff_head_cache, skb);
3371 EXPORT_SYMBOL(kfree_skb_partial);
3374 * skb_try_coalesce - try to merge skb to prior one
3376 * @from: buffer to add
3377 * @fragstolen: pointer to boolean
3378 * @delta_truesize: how much more was allocated than was requested
3380 bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
3381 bool *fragstolen, int *delta_truesize)
3383 int i, delta, len = from->len;
3385 *fragstolen = false;
3390 if (len <= skb_tailroom(to)) {
3391 BUG_ON(skb_copy_bits(from, 0, skb_put(to, len), len));
3392 *delta_truesize = 0;
3396 if (skb_has_frag_list(to) || skb_has_frag_list(from))
3399 if (skb_headlen(from) != 0) {
3401 unsigned int offset;
3403 if (skb_shinfo(to)->nr_frags +
3404 skb_shinfo(from)->nr_frags >= MAX_SKB_FRAGS)
3407 if (skb_head_is_locked(from))
3410 delta = from->truesize - SKB_DATA_ALIGN(sizeof(struct sk_buff));
3412 page = virt_to_head_page(from->head);
3413 offset = from->data - (unsigned char *)page_address(page);
3415 skb_fill_page_desc(to, skb_shinfo(to)->nr_frags,
3416 page, offset, skb_headlen(from));
3419 if (skb_shinfo(to)->nr_frags +
3420 skb_shinfo(from)->nr_frags > MAX_SKB_FRAGS)
3423 delta = from->truesize -
3424 SKB_TRUESIZE(skb_end_pointer(from) - from->head);
3427 WARN_ON_ONCE(delta < len);
3429 memcpy(skb_shinfo(to)->frags + skb_shinfo(to)->nr_frags,
3430 skb_shinfo(from)->frags,
3431 skb_shinfo(from)->nr_frags * sizeof(skb_frag_t));
3432 skb_shinfo(to)->nr_frags += skb_shinfo(from)->nr_frags;
3434 if (!skb_cloned(from))
3435 skb_shinfo(from)->nr_frags = 0;
3437 /* if the skb is cloned this does nothing since we set nr_frags to 0 */
3438 for (i = 0; i < skb_shinfo(from)->nr_frags; i++)
3439 skb_frag_ref(from, i);
3441 to->truesize += delta;
3443 to->data_len += len;
3445 *delta_truesize = delta;
3448 EXPORT_SYMBOL(skb_try_coalesce);
projects / linux-2.6-block.git / blob