1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * IPv6 output functions
4 * Linux INET6 implementation
7 * Pedro Roque <roque@di.fc.ul.pt>
9 * Based on linux/net/ipv4/ip_output.c
12 * A.N.Kuznetsov : airthmetics in fragmentation.
13 * extension headers are implemented.
14 * route changes now work.
15 * ip6_forward does not confuse sniffers.
18 * H. von Brand : Added missing #include <linux/string.h>
19 * Imran Patel : frag id should be in NBO
20 * Kazunori MIYAZAWA @USAGI
21 * : add ip6_append_data and related functions
25 #include <linux/errno.h>
26 #include <linux/kernel.h>
27 #include <linux/string.h>
28 #include <linux/socket.h>
29 #include <linux/net.h>
30 #include <linux/netdevice.h>
31 #include <linux/if_arp.h>
32 #include <linux/in6.h>
33 #include <linux/tcp.h>
34 #include <linux/route.h>
35 #include <linux/module.h>
36 #include <linux/slab.h>
38 #include <linux/bpf-cgroup.h>
39 #include <linux/netfilter.h>
40 #include <linux/netfilter_ipv6.h>
46 #include <net/ndisc.h>
47 #include <net/protocol.h>
48 #include <net/ip6_route.h>
49 #include <net/addrconf.h>
50 #include <net/rawv6.h>
53 #include <net/checksum.h>
54 #include <linux/mroute6.h>
55 #include <net/l3mdev.h>
56 #include <net/lwtunnel.h>
57 #include <net/ip_tunnels.h>
59 static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff *skb)
61 struct dst_entry *dst = skb_dst(skb);
62 struct net_device *dev = dst->dev;
63 struct inet6_dev *idev = ip6_dst_idev(dst);
64 unsigned int hh_len = LL_RESERVED_SPACE(dev);
65 const struct in6_addr *daddr, *nexthop;
67 struct neighbour *neigh;
70 /* Be paranoid, rather than too clever. */
71 if (unlikely(hh_len > skb_headroom(skb)) && dev->header_ops) {
72 skb = skb_expand_head(skb, hh_len);
74 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS);
81 if (ipv6_addr_is_multicast(daddr)) {
82 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(sk) &&
83 ((mroute6_is_socket(net, skb) &&
84 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
85 ipv6_chk_mcast_addr(dev, daddr, &hdr->saddr))) {
86 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
88 /* Do not check for IFF_ALLMULTI; multicast routing
89 is not supported in any case.
92 NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING,
93 net, sk, newskb, NULL, newskb->dev,
96 if (hdr->hop_limit == 0) {
97 IP6_INC_STATS(net, idev,
98 IPSTATS_MIB_OUTDISCARDS);
104 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUTMCAST, skb->len);
105 if (IPV6_ADDR_MC_SCOPE(daddr) <= IPV6_ADDR_SCOPE_NODELOCAL &&
106 !(dev->flags & IFF_LOOPBACK)) {
112 if (lwtunnel_xmit_redirect(dst->lwtstate)) {
113 int res = lwtunnel_xmit(skb);
115 if (res < 0 || res == LWTUNNEL_XMIT_DONE)
120 nexthop = rt6_nexthop((struct rt6_info *)dst, daddr);
121 neigh = __ipv6_neigh_lookup_noref(dev, nexthop);
123 if (unlikely(IS_ERR_OR_NULL(neigh))) {
124 if (unlikely(!neigh))
125 neigh = __neigh_create(&nd_tbl, nexthop, dev, false);
128 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTNOROUTES);
129 kfree_skb_reason(skb, SKB_DROP_REASON_NEIGH_CREATEFAIL);
133 sock_confirm_neigh(skb, neigh);
134 ret = neigh_output(neigh, skb, false);
140 ip6_finish_output_gso_slowpath_drop(struct net *net, struct sock *sk,
141 struct sk_buff *skb, unsigned int mtu)
143 struct sk_buff *segs, *nskb;
144 netdev_features_t features;
147 /* Please see corresponding comment in ip_finish_output_gso
148 * describing the cases where GSO segment length exceeds the
151 features = netif_skb_features(skb);
152 segs = skb_gso_segment(skb, features & ~NETIF_F_GSO_MASK);
153 if (IS_ERR_OR_NULL(segs)) {
160 skb_list_walk_safe(segs, segs, nskb) {
163 skb_mark_not_on_list(segs);
164 err = ip6_fragment(net, sk, segs, ip6_finish_output2);
172 static int __ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb)
176 #if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM)
177 /* Policy lookup after SNAT yielded a new policy */
178 if (skb_dst(skb)->xfrm) {
179 IP6CB(skb)->flags |= IP6SKB_REROUTED;
180 return dst_output(net, sk, skb);
184 mtu = ip6_skb_dst_mtu(skb);
185 if (skb_is_gso(skb) &&
186 !(IP6CB(skb)->flags & IP6SKB_FAKEJUMBO) &&
187 !skb_gso_validate_network_len(skb, mtu))
188 return ip6_finish_output_gso_slowpath_drop(net, sk, skb, mtu);
190 if ((skb->len > mtu && !skb_is_gso(skb)) ||
191 dst_allfrag(skb_dst(skb)) ||
192 (IP6CB(skb)->frag_max_size && skb->len > IP6CB(skb)->frag_max_size))
193 return ip6_fragment(net, sk, skb, ip6_finish_output2);
195 return ip6_finish_output2(net, sk, skb);
198 static int ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb)
202 ret = BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb);
204 case NET_XMIT_SUCCESS:
206 return __ip6_finish_output(net, sk, skb) ? : ret;
208 kfree_skb_reason(skb, SKB_DROP_REASON_BPF_CGROUP_EGRESS);
213 int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb)
215 struct net_device *dev = skb_dst(skb)->dev, *indev = skb->dev;
216 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
218 skb->protocol = htons(ETH_P_IPV6);
221 if (unlikely(idev->cnf.disable_ipv6)) {
222 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS);
223 kfree_skb_reason(skb, SKB_DROP_REASON_IPV6DISABLED);
227 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING,
228 net, sk, skb, indev, dev,
230 !(IP6CB(skb)->flags & IP6SKB_REROUTED));
232 EXPORT_SYMBOL(ip6_output);
234 bool ip6_autoflowlabel(struct net *net, const struct ipv6_pinfo *np)
236 if (!np->autoflowlabel_set)
237 return ip6_default_np_autolabel(net);
239 return np->autoflowlabel;
243 * xmit an sk_buff (used by TCP, SCTP and DCCP)
244 * Note : socket lock is not held for SYNACK packets, but might be modified
245 * by calls to skb_set_owner_w() and ipv6_local_error(),
246 * which are using proper atomic operations or spinlocks.
248 int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
249 __u32 mark, struct ipv6_txoptions *opt, int tclass, u32 priority)
251 struct net *net = sock_net(sk);
252 const struct ipv6_pinfo *np = inet6_sk(sk);
253 struct in6_addr *first_hop = &fl6->daddr;
254 struct dst_entry *dst = skb_dst(skb);
255 struct net_device *dev = dst->dev;
256 struct inet6_dev *idev = ip6_dst_idev(dst);
257 struct hop_jumbo_hdr *hop_jumbo;
258 int hoplen = sizeof(*hop_jumbo);
259 unsigned int head_room;
261 u8 proto = fl6->flowi6_proto;
262 int seg_len = skb->len;
266 head_room = sizeof(struct ipv6hdr) + hoplen + LL_RESERVED_SPACE(dev);
268 head_room += opt->opt_nflen + opt->opt_flen;
270 if (unlikely(head_room > skb_headroom(skb))) {
271 skb = skb_expand_head(skb, head_room);
273 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS);
279 seg_len += opt->opt_nflen + opt->opt_flen;
282 ipv6_push_frag_opts(skb, opt, &proto);
285 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop,
289 if (unlikely(seg_len > IPV6_MAXPLEN)) {
290 hop_jumbo = skb_push(skb, hoplen);
292 hop_jumbo->nexthdr = proto;
293 hop_jumbo->hdrlen = 0;
294 hop_jumbo->tlv_type = IPV6_TLV_JUMBO;
295 hop_jumbo->tlv_len = 4;
296 hop_jumbo->jumbo_payload_len = htonl(seg_len + hoplen);
298 proto = IPPROTO_HOPOPTS;
300 IP6CB(skb)->flags |= IP6SKB_FAKEJUMBO;
303 skb_push(skb, sizeof(struct ipv6hdr));
304 skb_reset_network_header(skb);
308 * Fill in the IPv6 header
311 hlimit = np->hop_limit;
313 hlimit = ip6_dst_hoplimit(dst);
315 ip6_flow_hdr(hdr, tclass, ip6_make_flowlabel(net, skb, fl6->flowlabel,
316 ip6_autoflowlabel(net, np), fl6));
318 hdr->payload_len = htons(seg_len);
319 hdr->nexthdr = proto;
320 hdr->hop_limit = hlimit;
322 hdr->saddr = fl6->saddr;
323 hdr->daddr = *first_hop;
325 skb->protocol = htons(ETH_P_IPV6);
326 skb->priority = priority;
330 if ((skb->len <= mtu) || skb->ignore_df || skb_is_gso(skb)) {
331 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
333 /* if egress device is enslaved to an L3 master device pass the
334 * skb to its handler for processing
336 skb = l3mdev_ip6_out((struct sock *)sk, skb);
340 /* hooks should never assume socket lock is held.
341 * we promote our socket to non const
343 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
344 net, (struct sock *)sk, skb, NULL, dev,
349 /* ipv6_local_error() does not require socket lock,
350 * we promote our socket to non const
352 ipv6_local_error((struct sock *)sk, EMSGSIZE, fl6, mtu);
354 IP6_INC_STATS(net, idev, IPSTATS_MIB_FRAGFAILS);
358 EXPORT_SYMBOL(ip6_xmit);
360 static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
362 struct ip6_ra_chain *ra;
363 struct sock *last = NULL;
365 read_lock(&ip6_ra_lock);
366 for (ra = ip6_ra_chain; ra; ra = ra->next) {
367 struct sock *sk = ra->sk;
368 if (sk && ra->sel == sel &&
369 (!sk->sk_bound_dev_if ||
370 sk->sk_bound_dev_if == skb->dev->ifindex)) {
371 struct ipv6_pinfo *np = inet6_sk(sk);
373 if (np && np->rtalert_isolate &&
374 !net_eq(sock_net(sk), dev_net(skb->dev))) {
378 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
380 rawv6_rcv(last, skb2);
387 rawv6_rcv(last, skb);
388 read_unlock(&ip6_ra_lock);
391 read_unlock(&ip6_ra_lock);
395 static int ip6_forward_proxy_check(struct sk_buff *skb)
397 struct ipv6hdr *hdr = ipv6_hdr(skb);
398 u8 nexthdr = hdr->nexthdr;
402 if (ipv6_ext_hdr(nexthdr)) {
403 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr, &frag_off);
407 offset = sizeof(struct ipv6hdr);
409 if (nexthdr == IPPROTO_ICMPV6) {
410 struct icmp6hdr *icmp6;
412 if (!pskb_may_pull(skb, (skb_network_header(skb) +
413 offset + 1 - skb->data)))
416 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset);
418 switch (icmp6->icmp6_type) {
419 case NDISC_ROUTER_SOLICITATION:
420 case NDISC_ROUTER_ADVERTISEMENT:
421 case NDISC_NEIGHBOUR_SOLICITATION:
422 case NDISC_NEIGHBOUR_ADVERTISEMENT:
424 /* For reaction involving unicast neighbor discovery
425 * message destined to the proxied address, pass it to
435 * The proxying router can't forward traffic sent to a link-local
436 * address, so signal the sender and discard the packet. This
437 * behavior is clarified by the MIPv6 specification.
439 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) {
440 dst_link_failure(skb);
447 static inline int ip6_forward_finish(struct net *net, struct sock *sk,
450 struct dst_entry *dst = skb_dst(skb);
452 __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
453 __IP6_ADD_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len);
455 #ifdef CONFIG_NET_SWITCHDEV
456 if (skb->offload_l3_fwd_mark) {
462 skb_clear_tstamp(skb);
463 return dst_output(net, sk, skb);
466 static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu)
471 /* ipv6 conntrack defrag sets max_frag_size + ignore_df */
472 if (IP6CB(skb)->frag_max_size && IP6CB(skb)->frag_max_size > mtu)
478 if (skb_is_gso(skb) && skb_gso_validate_network_len(skb, mtu))
484 int ip6_forward(struct sk_buff *skb)
486 struct dst_entry *dst = skb_dst(skb);
487 struct ipv6hdr *hdr = ipv6_hdr(skb);
488 struct inet6_skb_parm *opt = IP6CB(skb);
489 struct net *net = dev_net(dst->dev);
490 struct inet6_dev *idev;
494 idev = __in6_dev_get_safely(dev_get_by_index_rcu(net, IP6CB(skb)->iif));
495 if (net->ipv6.devconf_all->forwarding == 0)
498 if (skb->pkt_type != PACKET_HOST)
501 if (unlikely(skb->sk))
504 if (skb_warn_if_lro(skb))
507 if (!net->ipv6.devconf_all->disable_policy &&
508 (!idev || !idev->cnf.disable_policy) &&
509 !xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
510 __IP6_INC_STATS(net, idev, IPSTATS_MIB_INDISCARDS);
514 skb_forward_csum(skb);
517 * We DO NOT make any processing on
518 * RA packets, pushing them to user level AS IS
519 * without ane WARRANTY that application will be able
520 * to interpret them. The reason is that we
521 * cannot make anything clever here.
523 * We are not end-node, so that if packet contains
524 * AH/ESP, we cannot make anything.
525 * Defragmentation also would be mistake, RA packets
526 * cannot be fragmented, because there is no warranty
527 * that different fragments will go along one path. --ANK
529 if (unlikely(opt->flags & IP6SKB_ROUTERALERT)) {
530 if (ip6_call_ra_chain(skb, ntohs(opt->ra)))
535 * check and decrement ttl
537 if (hdr->hop_limit <= 1) {
538 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0);
539 __IP6_INC_STATS(net, idev, IPSTATS_MIB_INHDRERRORS);
541 kfree_skb_reason(skb, SKB_DROP_REASON_IP_INHDR);
545 /* XXX: idev->cnf.proxy_ndp? */
546 if (net->ipv6.devconf_all->proxy_ndp &&
547 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
548 int proxied = ip6_forward_proxy_check(skb);
550 /* It's tempting to decrease the hop limit
551 * here by 1, as we do at the end of the
554 * But that would be incorrect, as proxying is
555 * not forwarding. The ip6_input function
556 * will handle this packet locally, and it
557 * depends on the hop limit being unchanged.
559 * One example is the NDP hop limit, that
560 * always has to stay 255, but other would be
561 * similar checks around RA packets, where the
562 * user can even change the desired limit.
564 return ip6_input(skb);
565 } else if (proxied < 0) {
566 __IP6_INC_STATS(net, idev, IPSTATS_MIB_INDISCARDS);
571 if (!xfrm6_route_forward(skb)) {
572 __IP6_INC_STATS(net, idev, IPSTATS_MIB_INDISCARDS);
573 SKB_DR_SET(reason, XFRM_POLICY);
578 /* IPv6 specs say nothing about it, but it is clear that we cannot
579 send redirects to source routed frames.
580 We don't send redirects to frames decapsulated from IPsec.
582 if (IP6CB(skb)->iif == dst->dev->ifindex &&
583 opt->srcrt == 0 && !skb_sec_path(skb)) {
584 struct in6_addr *target = NULL;
585 struct inet_peer *peer;
589 * incoming and outgoing devices are the same
593 rt = (struct rt6_info *) dst;
594 if (rt->rt6i_flags & RTF_GATEWAY)
595 target = &rt->rt6i_gateway;
597 target = &hdr->daddr;
599 peer = inet_getpeer_v6(net->ipv6.peers, &hdr->daddr, 1);
601 /* Limit redirects both by destination (here)
602 and by source (inside ndisc_send_redirect)
604 if (inet_peer_xrlim_allow(peer, 1*HZ))
605 ndisc_send_redirect(skb, target);
609 int addrtype = ipv6_addr_type(&hdr->saddr);
611 /* This check is security critical. */
612 if (addrtype == IPV6_ADDR_ANY ||
613 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
615 if (addrtype & IPV6_ADDR_LINKLOCAL) {
616 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
617 ICMPV6_NOT_NEIGHBOUR, 0);
622 mtu = ip6_dst_mtu_maybe_forward(dst, true);
623 if (mtu < IPV6_MIN_MTU)
626 if (ip6_pkt_too_big(skb, mtu)) {
627 /* Again, force OUTPUT device used as source address */
629 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
630 __IP6_INC_STATS(net, idev, IPSTATS_MIB_INTOOBIGERRORS);
631 __IP6_INC_STATS(net, ip6_dst_idev(dst),
632 IPSTATS_MIB_FRAGFAILS);
633 kfree_skb_reason(skb, SKB_DROP_REASON_PKT_TOO_BIG);
637 if (skb_cow(skb, dst->dev->hard_header_len)) {
638 __IP6_INC_STATS(net, ip6_dst_idev(dst),
639 IPSTATS_MIB_OUTDISCARDS);
645 /* Mangling hops number delayed to point after skb COW */
649 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD,
650 net, NULL, skb, skb->dev, dst->dev,
654 __IP6_INC_STATS(net, idev, IPSTATS_MIB_INADDRERRORS);
655 SKB_DR_SET(reason, IP_INADDRERRORS);
657 kfree_skb_reason(skb, reason);
661 static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
663 to->pkt_type = from->pkt_type;
664 to->priority = from->priority;
665 to->protocol = from->protocol;
667 skb_dst_set(to, dst_clone(skb_dst(from)));
669 to->mark = from->mark;
671 skb_copy_hash(to, from);
673 #ifdef CONFIG_NET_SCHED
674 to->tc_index = from->tc_index;
677 skb_ext_copy(to, from);
678 skb_copy_secmark(to, from);
681 int ip6_fraglist_init(struct sk_buff *skb, unsigned int hlen, u8 *prevhdr,
682 u8 nexthdr, __be32 frag_id,
683 struct ip6_fraglist_iter *iter)
685 unsigned int first_len;
689 *prevhdr = NEXTHDR_FRAGMENT;
690 iter->tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
694 iter->frag = skb_shinfo(skb)->frag_list;
695 skb_frag_list_init(skb);
699 iter->frag_id = frag_id;
700 iter->nexthdr = nexthdr;
702 __skb_pull(skb, hlen);
703 fh = __skb_push(skb, sizeof(struct frag_hdr));
704 __skb_push(skb, hlen);
705 skb_reset_network_header(skb);
706 memcpy(skb_network_header(skb), iter->tmp_hdr, hlen);
708 fh->nexthdr = nexthdr;
710 fh->frag_off = htons(IP6_MF);
711 fh->identification = frag_id;
713 first_len = skb_pagelen(skb);
714 skb->data_len = first_len - skb_headlen(skb);
715 skb->len = first_len;
716 ipv6_hdr(skb)->payload_len = htons(first_len - sizeof(struct ipv6hdr));
720 EXPORT_SYMBOL(ip6_fraglist_init);
722 void ip6_fraglist_prepare(struct sk_buff *skb,
723 struct ip6_fraglist_iter *iter)
725 struct sk_buff *frag = iter->frag;
726 unsigned int hlen = iter->hlen;
729 frag->ip_summed = CHECKSUM_NONE;
730 skb_reset_transport_header(frag);
731 fh = __skb_push(frag, sizeof(struct frag_hdr));
732 __skb_push(frag, hlen);
733 skb_reset_network_header(frag);
734 memcpy(skb_network_header(frag), iter->tmp_hdr, hlen);
735 iter->offset += skb->len - hlen - sizeof(struct frag_hdr);
736 fh->nexthdr = iter->nexthdr;
738 fh->frag_off = htons(iter->offset);
740 fh->frag_off |= htons(IP6_MF);
741 fh->identification = iter->frag_id;
742 ipv6_hdr(frag)->payload_len = htons(frag->len - sizeof(struct ipv6hdr));
743 ip6_copy_metadata(frag, skb);
745 EXPORT_SYMBOL(ip6_fraglist_prepare);
747 void ip6_frag_init(struct sk_buff *skb, unsigned int hlen, unsigned int mtu,
748 unsigned short needed_tailroom, int hdr_room, u8 *prevhdr,
749 u8 nexthdr, __be32 frag_id, struct ip6_frag_state *state)
751 state->prevhdr = prevhdr;
752 state->nexthdr = nexthdr;
753 state->frag_id = frag_id;
758 state->left = skb->len - hlen; /* Space per frame */
759 state->ptr = hlen; /* Where to start from */
761 state->hroom = hdr_room;
762 state->troom = needed_tailroom;
766 EXPORT_SYMBOL(ip6_frag_init);
768 struct sk_buff *ip6_frag_next(struct sk_buff *skb, struct ip6_frag_state *state)
770 u8 *prevhdr = state->prevhdr, *fragnexthdr_offset;
771 struct sk_buff *frag;
776 /* IF: it doesn't fit, use 'mtu' - the data space left */
777 if (len > state->mtu)
779 /* IF: we are not sending up to and including the packet end
780 then align the next start on an eight byte boundary */
781 if (len < state->left)
784 /* Allocate buffer */
785 frag = alloc_skb(len + state->hlen + sizeof(struct frag_hdr) +
786 state->hroom + state->troom, GFP_ATOMIC);
788 return ERR_PTR(-ENOMEM);
791 * Set up data on packet
794 ip6_copy_metadata(frag, skb);
795 skb_reserve(frag, state->hroom);
796 skb_put(frag, len + state->hlen + sizeof(struct frag_hdr));
797 skb_reset_network_header(frag);
798 fh = (struct frag_hdr *)(skb_network_header(frag) + state->hlen);
799 frag->transport_header = (frag->network_header + state->hlen +
800 sizeof(struct frag_hdr));
803 * Charge the memory for the fragment to any owner
807 skb_set_owner_w(frag, skb->sk);
810 * Copy the packet header into the new buffer.
812 skb_copy_from_linear_data(skb, skb_network_header(frag), state->hlen);
814 fragnexthdr_offset = skb_network_header(frag);
815 fragnexthdr_offset += prevhdr - skb_network_header(skb);
816 *fragnexthdr_offset = NEXTHDR_FRAGMENT;
819 * Build fragment header.
821 fh->nexthdr = state->nexthdr;
823 fh->identification = state->frag_id;
826 * Copy a block of the IP datagram.
828 BUG_ON(skb_copy_bits(skb, state->ptr, skb_transport_header(frag),
832 fh->frag_off = htons(state->offset);
834 fh->frag_off |= htons(IP6_MF);
835 ipv6_hdr(frag)->payload_len = htons(frag->len - sizeof(struct ipv6hdr));
838 state->offset += len;
842 EXPORT_SYMBOL(ip6_frag_next);
844 int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,
845 int (*output)(struct net *, struct sock *, struct sk_buff *))
847 struct sk_buff *frag;
848 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
849 struct ipv6_pinfo *np = skb->sk && !dev_recursion_level() ?
850 inet6_sk(skb->sk) : NULL;
851 bool mono_delivery_time = skb->mono_delivery_time;
852 struct ip6_frag_state state;
853 unsigned int mtu, hlen, nexthdr_offset;
854 ktime_t tstamp = skb->tstamp;
857 u8 *prevhdr, nexthdr = 0;
859 err = ip6_find_1stfragopt(skb, &prevhdr);
864 nexthdr_offset = prevhdr - skb_network_header(skb);
866 mtu = ip6_skb_dst_mtu(skb);
868 /* We must not fragment if the socket is set to force MTU discovery
869 * or if the skb it not generated by a local socket.
871 if (unlikely(!skb->ignore_df && skb->len > mtu))
874 if (IP6CB(skb)->frag_max_size) {
875 if (IP6CB(skb)->frag_max_size > mtu)
878 /* don't send fragments larger than what we received */
879 mtu = IP6CB(skb)->frag_max_size;
880 if (mtu < IPV6_MIN_MTU)
884 if (np && np->frag_size < mtu) {
888 if (mtu < hlen + sizeof(struct frag_hdr) + 8)
890 mtu -= hlen + sizeof(struct frag_hdr);
892 frag_id = ipv6_select_ident(net, &ipv6_hdr(skb)->daddr,
893 &ipv6_hdr(skb)->saddr);
895 if (skb->ip_summed == CHECKSUM_PARTIAL &&
896 (err = skb_checksum_help(skb)))
899 prevhdr = skb_network_header(skb) + nexthdr_offset;
900 hroom = LL_RESERVED_SPACE(rt->dst.dev);
901 if (skb_has_frag_list(skb)) {
902 unsigned int first_len = skb_pagelen(skb);
903 struct ip6_fraglist_iter iter;
904 struct sk_buff *frag2;
906 if (first_len - hlen > mtu ||
907 ((first_len - hlen) & 7) ||
909 skb_headroom(skb) < (hroom + sizeof(struct frag_hdr)))
912 skb_walk_frags(skb, frag) {
913 /* Correct geometry. */
914 if (frag->len > mtu ||
915 ((frag->len & 7) && frag->next) ||
916 skb_headroom(frag) < (hlen + hroom + sizeof(struct frag_hdr)))
917 goto slow_path_clean;
919 /* Partially cloned skb? */
920 if (skb_shared(frag))
921 goto slow_path_clean;
926 frag->destructor = sock_wfree;
928 skb->truesize -= frag->truesize;
931 err = ip6_fraglist_init(skb, hlen, prevhdr, nexthdr, frag_id,
936 /* We prevent @rt from being freed. */
940 /* Prepare header of the next frame,
941 * before previous one went down. */
943 ip6_fraglist_prepare(skb, &iter);
945 skb_set_delivery_time(skb, tstamp, mono_delivery_time);
946 err = output(net, sk, skb);
948 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
949 IPSTATS_MIB_FRAGCREATES);
951 if (err || !iter.frag)
954 skb = ip6_fraglist_next(&iter);
960 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
961 IPSTATS_MIB_FRAGOKS);
966 kfree_skb_list(iter.frag);
968 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
969 IPSTATS_MIB_FRAGFAILS);
974 skb_walk_frags(skb, frag2) {
978 frag2->destructor = NULL;
979 skb->truesize += frag2->truesize;
985 * Fragment the datagram.
988 ip6_frag_init(skb, hlen, mtu, rt->dst.dev->needed_tailroom,
989 LL_RESERVED_SPACE(rt->dst.dev), prevhdr, nexthdr, frag_id,
993 * Keep copying data until we run out.
996 while (state.left > 0) {
997 frag = ip6_frag_next(skb, &state);
1004 * Put this fragment into the sending queue.
1006 skb_set_delivery_time(frag, tstamp, mono_delivery_time);
1007 err = output(net, sk, frag);
1011 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
1012 IPSTATS_MIB_FRAGCREATES);
1014 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
1015 IPSTATS_MIB_FRAGOKS);
1020 if (skb->sk && dst_allfrag(skb_dst(skb)))
1021 sk_gso_disable(skb->sk);
1023 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
1027 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
1028 IPSTATS_MIB_FRAGFAILS);
1033 static inline int ip6_rt_check(const struct rt6key *rt_key,
1034 const struct in6_addr *fl_addr,
1035 const struct in6_addr *addr_cache)
1037 return (rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) &&
1038 (!addr_cache || !ipv6_addr_equal(fl_addr, addr_cache));
1041 static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
1042 struct dst_entry *dst,
1043 const struct flowi6 *fl6)
1045 struct ipv6_pinfo *np = inet6_sk(sk);
1046 struct rt6_info *rt;
1051 if (dst->ops->family != AF_INET6) {
1056 rt = (struct rt6_info *)dst;
1057 /* Yes, checking route validity in not connected
1058 * case is not very simple. Take into account,
1059 * that we do not support routing by source, TOS,
1060 * and MSG_DONTROUTE --ANK (980726)
1062 * 1. ip6_rt_check(): If route was host route,
1063 * check that cached destination is current.
1064 * If it is network route, we still may
1065 * check its validity using saved pointer
1066 * to the last used address: daddr_cache.
1067 * We do not want to save whole address now,
1068 * (because main consumer of this service
1069 * is tcp, which has not this problem),
1070 * so that the last trick works only on connected
1072 * 2. oif also should be the same.
1074 if (ip6_rt_check(&rt->rt6i_dst, &fl6->daddr, np->daddr_cache) ||
1075 #ifdef CONFIG_IPV6_SUBTREES
1076 ip6_rt_check(&rt->rt6i_src, &fl6->saddr, np->saddr_cache) ||
1078 (fl6->flowi6_oif && fl6->flowi6_oif != dst->dev->ifindex)) {
1087 static int ip6_dst_lookup_tail(struct net *net, const struct sock *sk,
1088 struct dst_entry **dst, struct flowi6 *fl6)
1090 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
1091 struct neighbour *n;
1092 struct rt6_info *rt;
1097 /* The correct way to handle this would be to do
1098 * ip6_route_get_saddr, and then ip6_route_output; however,
1099 * the route-specific preferred source forces the
1100 * ip6_route_output call _before_ ip6_route_get_saddr.
1102 * In source specific routing (no src=any default route),
1103 * ip6_route_output will fail given src=any saddr, though, so
1104 * that's why we try it again later.
1106 if (ipv6_addr_any(&fl6->saddr)) {
1107 struct fib6_info *from;
1108 struct rt6_info *rt;
1110 *dst = ip6_route_output(net, sk, fl6);
1111 rt = (*dst)->error ? NULL : (struct rt6_info *)*dst;
1114 from = rt ? rcu_dereference(rt->from) : NULL;
1115 err = ip6_route_get_saddr(net, from, &fl6->daddr,
1116 sk ? inet6_sk(sk)->srcprefs : 0,
1121 goto out_err_release;
1123 /* If we had an erroneous initial result, pretend it
1124 * never existed and let the SA-enabled version take
1127 if ((*dst)->error) {
1132 if (fl6->flowi6_oif)
1133 flags |= RT6_LOOKUP_F_IFACE;
1137 *dst = ip6_route_output_flags(net, sk, fl6, flags);
1139 err = (*dst)->error;
1141 goto out_err_release;
1143 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
1145 * Here if the dst entry we've looked up
1146 * has a neighbour entry that is in the INCOMPLETE
1147 * state and the src address from the flow is
1148 * marked as OPTIMISTIC, we release the found
1149 * dst entry and replace it instead with the
1150 * dst entry of the nexthop router
1152 rt = (struct rt6_info *) *dst;
1154 n = __ipv6_neigh_lookup_noref(rt->dst.dev,
1155 rt6_nexthop(rt, &fl6->daddr));
1156 err = n && !(READ_ONCE(n->nud_state) & NUD_VALID) ? -EINVAL : 0;
1160 struct inet6_ifaddr *ifp;
1161 struct flowi6 fl_gw6;
1164 ifp = ipv6_get_ifaddr(net, &fl6->saddr,
1167 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
1173 * We need to get the dst entry for the
1174 * default router instead
1177 memcpy(&fl_gw6, fl6, sizeof(struct flowi6));
1178 memset(&fl_gw6.daddr, 0, sizeof(struct in6_addr));
1179 *dst = ip6_route_output(net, sk, &fl_gw6);
1180 err = (*dst)->error;
1182 goto out_err_release;
1186 if (ipv6_addr_v4mapped(&fl6->saddr) &&
1187 !(ipv6_addr_v4mapped(&fl6->daddr) || ipv6_addr_any(&fl6->daddr))) {
1188 err = -EAFNOSUPPORT;
1189 goto out_err_release;
1198 if (err == -ENETUNREACH)
1199 IP6_INC_STATS(net, NULL, IPSTATS_MIB_OUTNOROUTES);
1204 * ip6_dst_lookup - perform route lookup on flow
1205 * @net: Network namespace to perform lookup in
1206 * @sk: socket which provides route info
1207 * @dst: pointer to dst_entry * for result
1208 * @fl6: flow to lookup
1210 * This function performs a route lookup on the given flow.
1212 * It returns zero on success, or a standard errno code on error.
1214 int ip6_dst_lookup(struct net *net, struct sock *sk, struct dst_entry **dst,
1218 return ip6_dst_lookup_tail(net, sk, dst, fl6);
1220 EXPORT_SYMBOL_GPL(ip6_dst_lookup);
1223 * ip6_dst_lookup_flow - perform route lookup on flow with ipsec
1224 * @net: Network namespace to perform lookup in
1225 * @sk: socket which provides route info
1226 * @fl6: flow to lookup
1227 * @final_dst: final destination address for ipsec lookup
1229 * This function performs a route lookup on the given flow.
1231 * It returns a valid dst pointer on success, or a pointer encoded
1234 struct dst_entry *ip6_dst_lookup_flow(struct net *net, const struct sock *sk, struct flowi6 *fl6,
1235 const struct in6_addr *final_dst)
1237 struct dst_entry *dst = NULL;
1240 err = ip6_dst_lookup_tail(net, sk, &dst, fl6);
1242 return ERR_PTR(err);
1244 fl6->daddr = *final_dst;
1246 return xfrm_lookup_route(net, dst, flowi6_to_flowi(fl6), sk, 0);
1248 EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow);
1251 * ip6_sk_dst_lookup_flow - perform socket cached route lookup on flow
1252 * @sk: socket which provides the dst cache and route info
1253 * @fl6: flow to lookup
1254 * @final_dst: final destination address for ipsec lookup
1255 * @connected: whether @sk is connected or not
1257 * This function performs a route lookup on the given flow with the
1258 * possibility of using the cached route in the socket if it is valid.
1259 * It will take the socket dst lock when operating on the dst cache.
1260 * As a result, this function can only be used in process context.
1262 * In addition, for a connected socket, cache the dst in the socket
1263 * if the current cache is not valid.
1265 * It returns a valid dst pointer on success, or a pointer encoded
1268 struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
1269 const struct in6_addr *final_dst,
1272 struct dst_entry *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
1274 dst = ip6_sk_dst_check(sk, dst, fl6);
1278 dst = ip6_dst_lookup_flow(sock_net(sk), sk, fl6, final_dst);
1279 if (connected && !IS_ERR(dst))
1280 ip6_sk_dst_store_flow(sk, dst_clone(dst), fl6);
1284 EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow);
1287 * ip6_dst_lookup_tunnel - perform route lookup on tunnel
1288 * @skb: Packet for which lookup is done
1289 * @dev: Tunnel device
1290 * @net: Network namespace of tunnel device
1291 * @sock: Socket which provides route info
1292 * @saddr: Memory to store the src ip address
1293 * @info: Tunnel information
1294 * @protocol: IP protocol
1295 * @use_cache: Flag to enable cache usage
1296 * This function performs a route lookup on a tunnel
1298 * It returns a valid dst pointer and stores src address to be used in
1299 * tunnel in param saddr on success, else a pointer encoded error code.
1302 struct dst_entry *ip6_dst_lookup_tunnel(struct sk_buff *skb,
1303 struct net_device *dev,
1305 struct socket *sock,
1306 struct in6_addr *saddr,
1307 const struct ip_tunnel_info *info,
1311 struct dst_entry *dst = NULL;
1312 #ifdef CONFIG_DST_CACHE
1313 struct dst_cache *dst_cache;
1318 #ifdef CONFIG_DST_CACHE
1319 dst_cache = (struct dst_cache *)&info->dst_cache;
1321 dst = dst_cache_get_ip6(dst_cache, saddr);
1326 memset(&fl6, 0, sizeof(fl6));
1327 fl6.flowi6_mark = skb->mark;
1328 fl6.flowi6_proto = protocol;
1329 fl6.daddr = info->key.u.ipv6.dst;
1330 fl6.saddr = info->key.u.ipv6.src;
1331 prio = info->key.tos;
1332 fl6.flowlabel = ip6_make_flowinfo(prio, info->key.label);
1334 dst = ipv6_stub->ipv6_dst_lookup_flow(net, sock->sk, &fl6,
1337 netdev_dbg(dev, "no route to %pI6\n", &fl6.daddr);
1338 return ERR_PTR(-ENETUNREACH);
1340 if (dst->dev == dev) { /* is this necessary? */
1341 netdev_dbg(dev, "circular route to %pI6\n", &fl6.daddr);
1343 return ERR_PTR(-ELOOP);
1345 #ifdef CONFIG_DST_CACHE
1347 dst_cache_set_ip6(dst_cache, dst, &fl6.saddr);
1352 EXPORT_SYMBOL_GPL(ip6_dst_lookup_tunnel);
1354 static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src,
1357 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1360 static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src,
1363 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1366 static void ip6_append_data_mtu(unsigned int *mtu,
1368 unsigned int fragheaderlen,
1369 struct sk_buff *skb,
1370 struct rt6_info *rt,
1371 unsigned int orig_mtu)
1373 if (!(rt->dst.flags & DST_XFRM_TUNNEL)) {
1375 /* first fragment, reserve header_len */
1376 *mtu = orig_mtu - rt->dst.header_len;
1380 * this fragment is not first, the headers
1381 * space is regarded as data space.
1385 *maxfraglen = ((*mtu - fragheaderlen) & ~7)
1386 + fragheaderlen - sizeof(struct frag_hdr);
1390 static int ip6_setup_cork(struct sock *sk, struct inet_cork_full *cork,
1391 struct inet6_cork *v6_cork, struct ipcm6_cookie *ipc6,
1392 struct rt6_info *rt)
1394 struct ipv6_pinfo *np = inet6_sk(sk);
1396 struct ipv6_txoptions *nopt, *opt = ipc6->opt;
1398 /* callers pass dst together with a reference, set it first so
1399 * ip6_cork_release() can put it down even in case of an error.
1401 cork->base.dst = &rt->dst;
1407 if (WARN_ON(v6_cork->opt))
1410 nopt = v6_cork->opt = kzalloc(sizeof(*opt), sk->sk_allocation);
1411 if (unlikely(!nopt))
1414 nopt->tot_len = sizeof(*opt);
1415 nopt->opt_flen = opt->opt_flen;
1416 nopt->opt_nflen = opt->opt_nflen;
1418 nopt->dst0opt = ip6_opt_dup(opt->dst0opt, sk->sk_allocation);
1419 if (opt->dst0opt && !nopt->dst0opt)
1422 nopt->dst1opt = ip6_opt_dup(opt->dst1opt, sk->sk_allocation);
1423 if (opt->dst1opt && !nopt->dst1opt)
1426 nopt->hopopt = ip6_opt_dup(opt->hopopt, sk->sk_allocation);
1427 if (opt->hopopt && !nopt->hopopt)
1430 nopt->srcrt = ip6_rthdr_dup(opt->srcrt, sk->sk_allocation);
1431 if (opt->srcrt && !nopt->srcrt)
1434 /* need source address above miyazawa*/
1436 v6_cork->hop_limit = ipc6->hlimit;
1437 v6_cork->tclass = ipc6->tclass;
1438 if (rt->dst.flags & DST_XFRM_TUNNEL)
1439 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ?
1440 READ_ONCE(rt->dst.dev->mtu) : dst_mtu(&rt->dst);
1442 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ?
1443 READ_ONCE(rt->dst.dev->mtu) : dst_mtu(xfrm_dst_path(&rt->dst));
1444 if (np->frag_size < mtu) {
1446 mtu = np->frag_size;
1448 cork->base.fragsize = mtu;
1449 cork->base.gso_size = ipc6->gso_size;
1450 cork->base.tx_flags = 0;
1451 cork->base.mark = ipc6->sockc.mark;
1452 sock_tx_timestamp(sk, ipc6->sockc.tsflags, &cork->base.tx_flags);
1454 if (dst_allfrag(xfrm_dst_path(&rt->dst)))
1455 cork->base.flags |= IPCORK_ALLFRAG;
1456 cork->base.length = 0;
1458 cork->base.transmit_time = ipc6->sockc.transmit_time;
1463 static int __ip6_append_data(struct sock *sk,
1464 struct sk_buff_head *queue,
1465 struct inet_cork_full *cork_full,
1466 struct inet6_cork *v6_cork,
1467 struct page_frag *pfrag,
1468 int getfrag(void *from, char *to, int offset,
1469 int len, int odd, struct sk_buff *skb),
1470 void *from, size_t length, int transhdrlen,
1471 unsigned int flags, struct ipcm6_cookie *ipc6)
1473 struct sk_buff *skb, *skb_prev = NULL;
1474 struct inet_cork *cork = &cork_full->base;
1475 struct flowi6 *fl6 = &cork_full->fl.u.ip6;
1476 unsigned int maxfraglen, fragheaderlen, mtu, orig_mtu, pmtu;
1477 struct ubuf_info *uarg = NULL;
1479 int dst_exthdrlen = 0;
1486 struct rt6_info *rt = (struct rt6_info *)cork->dst;
1487 struct ipv6_txoptions *opt = v6_cork->opt;
1488 int csummode = CHECKSUM_NONE;
1489 unsigned int maxnonfragsize, headersize;
1490 unsigned int wmem_alloc_delta = 0;
1491 bool paged, extra_uref = false;
1493 skb = skb_peek_tail(queue);
1495 exthdrlen = opt ? opt->opt_flen : 0;
1496 dst_exthdrlen = rt->dst.header_len - rt->rt6i_nfheader_len;
1499 paged = !!cork->gso_size;
1500 mtu = cork->gso_size ? IP6_MAX_MTU : cork->fragsize;
1503 if (cork->tx_flags & SKBTX_ANY_TSTAMP &&
1504 sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID)
1505 tskey = atomic_inc_return(&sk->sk_tskey) - 1;
1507 hh_len = LL_RESERVED_SPACE(rt->dst.dev);
1509 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len +
1510 (opt ? opt->opt_nflen : 0);
1512 headersize = sizeof(struct ipv6hdr) +
1513 (opt ? opt->opt_flen + opt->opt_nflen : 0) +
1514 (dst_allfrag(&rt->dst) ?
1515 sizeof(struct frag_hdr) : 0) +
1516 rt->rt6i_nfheader_len;
1518 if (mtu <= fragheaderlen ||
1519 ((mtu - fragheaderlen) & ~7) + fragheaderlen <= sizeof(struct frag_hdr))
1522 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen -
1523 sizeof(struct frag_hdr);
1525 /* as per RFC 7112 section 5, the entire IPv6 Header Chain must fit
1526 * the first fragment
1528 if (headersize + transhdrlen > mtu)
1531 if (cork->length + length > mtu - headersize && ipc6->dontfrag &&
1532 (sk->sk_protocol == IPPROTO_UDP ||
1533 sk->sk_protocol == IPPROTO_ICMPV6 ||
1534 sk->sk_protocol == IPPROTO_RAW)) {
1535 ipv6_local_rxpmtu(sk, fl6, mtu - headersize +
1536 sizeof(struct ipv6hdr));
1540 if (ip6_sk_ignore_df(sk))
1541 maxnonfragsize = sizeof(struct ipv6hdr) + IPV6_MAXPLEN;
1543 maxnonfragsize = mtu;
1545 if (cork->length + length > maxnonfragsize - headersize) {
1547 pmtu = max_t(int, mtu - headersize + sizeof(struct ipv6hdr), 0);
1548 ipv6_local_error(sk, EMSGSIZE, fl6, pmtu);
1552 /* CHECKSUM_PARTIAL only with no extension headers and when
1553 * we are not going to fragment
1555 if (transhdrlen && sk->sk_protocol == IPPROTO_UDP &&
1556 headersize == sizeof(struct ipv6hdr) &&
1557 length <= mtu - headersize &&
1558 (!(flags & MSG_MORE) || cork->gso_size) &&
1559 rt->dst.dev->features & (NETIF_F_IPV6_CSUM | NETIF_F_HW_CSUM))
1560 csummode = CHECKSUM_PARTIAL;
1562 if ((flags & MSG_ZEROCOPY) && length) {
1563 struct msghdr *msg = from;
1565 if (getfrag == ip_generic_getfrag && msg->msg_ubuf) {
1566 if (skb_zcopy(skb) && msg->msg_ubuf != skb_zcopy(skb))
1569 /* Leave uarg NULL if can't zerocopy, callers should
1570 * be able to handle it.
1572 if ((rt->dst.dev->features & NETIF_F_SG) &&
1573 csummode == CHECKSUM_PARTIAL) {
1576 uarg = msg->msg_ubuf;
1578 } else if (sock_flag(sk, SOCK_ZEROCOPY)) {
1579 uarg = msg_zerocopy_realloc(sk, length, skb_zcopy(skb));
1582 extra_uref = !skb_zcopy(skb); /* only ref on new uarg */
1583 if (rt->dst.dev->features & NETIF_F_SG &&
1584 csummode == CHECKSUM_PARTIAL) {
1588 uarg_to_msgzc(uarg)->zerocopy = 0;
1589 skb_zcopy_set(skb, uarg, &extra_uref);
1595 * Let's try using as much space as possible.
1596 * Use MTU if total length of the message fits into the MTU.
1597 * Otherwise, we need to reserve fragment header and
1598 * fragment alignment (= 8-15 octects, in total).
1600 * Note that we may need to "move" the data from the tail
1601 * of the buffer to the new fragment when we split
1604 * FIXME: It may be fragmented into multiple chunks
1605 * at once if non-fragmentable extension headers
1610 cork->length += length;
1614 while (length > 0) {
1615 /* Check if the remaining data fits into current packet. */
1616 copy = (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len;
1618 copy = maxfraglen - skb->len;
1622 unsigned int datalen;
1623 unsigned int fraglen;
1624 unsigned int fraggap;
1625 unsigned int alloclen, alloc_extra;
1626 unsigned int pagedlen;
1628 /* There's no room in the current skb */
1630 fraggap = skb->len - maxfraglen;
1633 /* update mtu and maxfraglen if necessary */
1634 if (!skb || !skb_prev)
1635 ip6_append_data_mtu(&mtu, &maxfraglen,
1636 fragheaderlen, skb, rt,
1642 * If remaining data exceeds the mtu,
1643 * we know we need more fragment(s).
1645 datalen = length + fraggap;
1647 if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)
1648 datalen = maxfraglen - fragheaderlen - rt->dst.trailer_len;
1649 fraglen = datalen + fragheaderlen;
1652 alloc_extra = hh_len;
1653 alloc_extra += dst_exthdrlen;
1654 alloc_extra += rt->dst.trailer_len;
1656 /* We just reserve space for fragment header.
1657 * Note: this may be overallocation if the message
1658 * (without MSG_MORE) fits into the MTU.
1660 alloc_extra += sizeof(struct frag_hdr);
1662 if ((flags & MSG_MORE) &&
1663 !(rt->dst.dev->features&NETIF_F_SG))
1666 (fraglen + alloc_extra < SKB_MAX_ALLOC ||
1667 !(rt->dst.dev->features & NETIF_F_SG)))
1670 alloclen = fragheaderlen + transhdrlen;
1671 pagedlen = datalen - transhdrlen;
1673 alloclen += alloc_extra;
1675 if (datalen != length + fraggap) {
1677 * this is not the last fragment, the trailer
1678 * space is regarded as data space.
1680 datalen += rt->dst.trailer_len;
1683 fraglen = datalen + fragheaderlen;
1685 copy = datalen - transhdrlen - fraggap - pagedlen;
1691 skb = sock_alloc_send_skb(sk, alloclen,
1692 (flags & MSG_DONTWAIT), &err);
1695 if (refcount_read(&sk->sk_wmem_alloc) + wmem_alloc_delta <=
1697 skb = alloc_skb(alloclen,
1705 * Fill in the control structures
1707 skb->protocol = htons(ETH_P_IPV6);
1708 skb->ip_summed = csummode;
1710 /* reserve for fragmentation and ipsec header */
1711 skb_reserve(skb, hh_len + sizeof(struct frag_hdr) +
1715 * Find where to start putting bytes
1717 data = skb_put(skb, fraglen - pagedlen);
1718 skb_set_network_header(skb, exthdrlen);
1719 data += fragheaderlen;
1720 skb->transport_header = (skb->network_header +
1723 skb->csum = skb_copy_and_csum_bits(
1724 skb_prev, maxfraglen,
1725 data + transhdrlen, fraggap);
1726 skb_prev->csum = csum_sub(skb_prev->csum,
1729 pskb_trim_unique(skb_prev, maxfraglen);
1732 getfrag(from, data + transhdrlen, offset,
1733 copy, fraggap, skb) < 0) {
1740 length -= copy + transhdrlen;
1745 /* Only the initial fragment is time stamped */
1746 skb_shinfo(skb)->tx_flags = cork->tx_flags;
1748 skb_shinfo(skb)->tskey = tskey;
1750 skb_zcopy_set(skb, uarg, &extra_uref);
1752 if ((flags & MSG_CONFIRM) && !skb_prev)
1753 skb_set_dst_pending_confirm(skb, 1);
1756 * Put the packet on the pending queue
1758 if (!skb->destructor) {
1759 skb->destructor = sock_wfree;
1761 wmem_alloc_delta += skb->truesize;
1763 __skb_queue_tail(queue, skb);
1770 if (!(rt->dst.dev->features&NETIF_F_SG) &&
1771 skb_tailroom(skb) >= copy) {
1775 if (getfrag(from, skb_put(skb, copy),
1776 offset, copy, off, skb) < 0) {
1777 __skb_trim(skb, off);
1782 int i = skb_shinfo(skb)->nr_frags;
1785 if (!sk_page_frag_refill(sk, pfrag))
1788 skb_zcopy_downgrade_managed(skb);
1789 if (!skb_can_coalesce(skb, i, pfrag->page,
1792 if (i == MAX_SKB_FRAGS)
1795 __skb_fill_page_desc(skb, i, pfrag->page,
1797 skb_shinfo(skb)->nr_frags = ++i;
1798 get_page(pfrag->page);
1800 copy = min_t(int, copy, pfrag->size - pfrag->offset);
1802 page_address(pfrag->page) + pfrag->offset,
1803 offset, copy, skb->len, skb) < 0)
1806 pfrag->offset += copy;
1807 skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
1809 skb->data_len += copy;
1810 skb->truesize += copy;
1811 wmem_alloc_delta += copy;
1813 err = skb_zerocopy_iter_dgram(skb, from, copy);
1821 if (wmem_alloc_delta)
1822 refcount_add(wmem_alloc_delta, &sk->sk_wmem_alloc);
1828 net_zcopy_put_abort(uarg, extra_uref);
1829 cork->length -= length;
1830 IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1831 refcount_add(wmem_alloc_delta, &sk->sk_wmem_alloc);
1835 int ip6_append_data(struct sock *sk,
1836 int getfrag(void *from, char *to, int offset, int len,
1837 int odd, struct sk_buff *skb),
1838 void *from, size_t length, int transhdrlen,
1839 struct ipcm6_cookie *ipc6, struct flowi6 *fl6,
1840 struct rt6_info *rt, unsigned int flags)
1842 struct inet_sock *inet = inet_sk(sk);
1843 struct ipv6_pinfo *np = inet6_sk(sk);
1847 if (flags&MSG_PROBE)
1849 if (skb_queue_empty(&sk->sk_write_queue)) {
1854 err = ip6_setup_cork(sk, &inet->cork, &np->cork,
1859 inet->cork.fl.u.ip6 = *fl6;
1860 exthdrlen = (ipc6->opt ? ipc6->opt->opt_flen : 0);
1861 length += exthdrlen;
1862 transhdrlen += exthdrlen;
1867 return __ip6_append_data(sk, &sk->sk_write_queue, &inet->cork,
1868 &np->cork, sk_page_frag(sk), getfrag,
1869 from, length, transhdrlen, flags, ipc6);
1871 EXPORT_SYMBOL_GPL(ip6_append_data);
1873 static void ip6_cork_steal_dst(struct sk_buff *skb, struct inet_cork_full *cork)
1875 struct dst_entry *dst = cork->base.dst;
1877 cork->base.dst = NULL;
1878 cork->base.flags &= ~IPCORK_ALLFRAG;
1879 skb_dst_set(skb, dst);
1882 static void ip6_cork_release(struct inet_cork_full *cork,
1883 struct inet6_cork *v6_cork)
1886 struct ipv6_txoptions *opt = v6_cork->opt;
1888 kfree(opt->dst0opt);
1889 kfree(opt->dst1opt);
1893 v6_cork->opt = NULL;
1896 if (cork->base.dst) {
1897 dst_release(cork->base.dst);
1898 cork->base.dst = NULL;
1899 cork->base.flags &= ~IPCORK_ALLFRAG;
1903 struct sk_buff *__ip6_make_skb(struct sock *sk,
1904 struct sk_buff_head *queue,
1905 struct inet_cork_full *cork,
1906 struct inet6_cork *v6_cork)
1908 struct sk_buff *skb, *tmp_skb;
1909 struct sk_buff **tail_skb;
1910 struct in6_addr *final_dst;
1911 struct ipv6_pinfo *np = inet6_sk(sk);
1912 struct net *net = sock_net(sk);
1913 struct ipv6hdr *hdr;
1914 struct ipv6_txoptions *opt = v6_cork->opt;
1915 struct rt6_info *rt = (struct rt6_info *)cork->base.dst;
1916 struct flowi6 *fl6 = &cork->fl.u.ip6;
1917 unsigned char proto = fl6->flowi6_proto;
1919 skb = __skb_dequeue(queue);
1922 tail_skb = &(skb_shinfo(skb)->frag_list);
1924 /* move skb->data to ip header from ext header */
1925 if (skb->data < skb_network_header(skb))
1926 __skb_pull(skb, skb_network_offset(skb));
1927 while ((tmp_skb = __skb_dequeue(queue)) != NULL) {
1928 __skb_pull(tmp_skb, skb_network_header_len(skb));
1929 *tail_skb = tmp_skb;
1930 tail_skb = &(tmp_skb->next);
1931 skb->len += tmp_skb->len;
1932 skb->data_len += tmp_skb->len;
1933 skb->truesize += tmp_skb->truesize;
1934 tmp_skb->destructor = NULL;
1938 /* Allow local fragmentation. */
1939 skb->ignore_df = ip6_sk_ignore_df(sk);
1940 __skb_pull(skb, skb_network_header_len(skb));
1942 final_dst = &fl6->daddr;
1943 if (opt && opt->opt_flen)
1944 ipv6_push_frag_opts(skb, opt, &proto);
1945 if (opt && opt->opt_nflen)
1946 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst, &fl6->saddr);
1948 skb_push(skb, sizeof(struct ipv6hdr));
1949 skb_reset_network_header(skb);
1950 hdr = ipv6_hdr(skb);
1952 ip6_flow_hdr(hdr, v6_cork->tclass,
1953 ip6_make_flowlabel(net, skb, fl6->flowlabel,
1954 ip6_autoflowlabel(net, np), fl6));
1955 hdr->hop_limit = v6_cork->hop_limit;
1956 hdr->nexthdr = proto;
1957 hdr->saddr = fl6->saddr;
1958 hdr->daddr = *final_dst;
1960 skb->priority = sk->sk_priority;
1961 skb->mark = cork->base.mark;
1962 skb->tstamp = cork->base.transmit_time;
1964 ip6_cork_steal_dst(skb, cork);
1965 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
1966 if (proto == IPPROTO_ICMPV6) {
1967 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
1970 if (sk->sk_socket->type == SOCK_RAW && !inet_sk(sk)->hdrincl)
1971 icmp6_type = fl6->fl6_icmp_type;
1973 icmp6_type = icmp6_hdr(skb)->icmp6_type;
1974 ICMP6MSGOUT_INC_STATS(net, idev, icmp6_type);
1975 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1978 ip6_cork_release(cork, v6_cork);
1983 int ip6_send_skb(struct sk_buff *skb)
1985 struct net *net = sock_net(skb->sk);
1986 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
1989 err = ip6_local_out(net, skb->sk, skb);
1992 err = net_xmit_errno(err);
1994 IP6_INC_STATS(net, rt->rt6i_idev,
1995 IPSTATS_MIB_OUTDISCARDS);
2001 int ip6_push_pending_frames(struct sock *sk)
2003 struct sk_buff *skb;
2005 skb = ip6_finish_skb(sk);
2009 return ip6_send_skb(skb);
2011 EXPORT_SYMBOL_GPL(ip6_push_pending_frames);
2013 static void __ip6_flush_pending_frames(struct sock *sk,
2014 struct sk_buff_head *queue,
2015 struct inet_cork_full *cork,
2016 struct inet6_cork *v6_cork)
2018 struct sk_buff *skb;
2020 while ((skb = __skb_dequeue_tail(queue)) != NULL) {
2022 IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb_dst(skb)),
2023 IPSTATS_MIB_OUTDISCARDS);
2027 ip6_cork_release(cork, v6_cork);
2030 void ip6_flush_pending_frames(struct sock *sk)
2032 __ip6_flush_pending_frames(sk, &sk->sk_write_queue,
2033 &inet_sk(sk)->cork, &inet6_sk(sk)->cork);
2035 EXPORT_SYMBOL_GPL(ip6_flush_pending_frames);
2037 struct sk_buff *ip6_make_skb(struct sock *sk,
2038 int getfrag(void *from, char *to, int offset,
2039 int len, int odd, struct sk_buff *skb),
2040 void *from, size_t length, int transhdrlen,
2041 struct ipcm6_cookie *ipc6, struct rt6_info *rt,
2042 unsigned int flags, struct inet_cork_full *cork)
2044 struct inet6_cork v6_cork;
2045 struct sk_buff_head queue;
2046 int exthdrlen = (ipc6->opt ? ipc6->opt->opt_flen : 0);
2049 if (flags & MSG_PROBE) {
2050 dst_release(&rt->dst);
2054 __skb_queue_head_init(&queue);
2056 cork->base.flags = 0;
2057 cork->base.addr = 0;
2058 cork->base.opt = NULL;
2060 err = ip6_setup_cork(sk, cork, &v6_cork, ipc6, rt);
2062 ip6_cork_release(cork, &v6_cork);
2063 return ERR_PTR(err);
2065 if (ipc6->dontfrag < 0)
2066 ipc6->dontfrag = inet6_sk(sk)->dontfrag;
2068 err = __ip6_append_data(sk, &queue, cork, &v6_cork,
2069 ¤t->task_frag, getfrag, from,
2070 length + exthdrlen, transhdrlen + exthdrlen,
2073 __ip6_flush_pending_frames(sk, &queue, cork, &v6_cork);
2074 return ERR_PTR(err);
2077 return __ip6_make_skb(sk, &queue, cork, &v6_cork);
projects / linux-block.git / blob