1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * IPv6 output functions
4 * Linux INET6 implementation
7 * Pedro Roque <roque@di.fc.ul.pt>
9 * Based on linux/net/ipv4/ip_output.c
12 * A.N.Kuznetsov : airthmetics in fragmentation.
13 * extension headers are implemented.
14 * route changes now work.
15 * ip6_forward does not confuse sniffers.
18 * H. von Brand : Added missing #include <linux/string.h>
19 * Imran Patel : frag id should be in NBO
20 * Kazunori MIYAZAWA @USAGI
21 * : add ip6_append_data and related functions
25 #include <linux/errno.h>
26 #include <linux/kernel.h>
27 #include <linux/string.h>
28 #include <linux/socket.h>
29 #include <linux/net.h>
30 #include <linux/netdevice.h>
31 #include <linux/if_arp.h>
32 #include <linux/in6.h>
33 #include <linux/tcp.h>
34 #include <linux/route.h>
35 #include <linux/module.h>
36 #include <linux/slab.h>
38 #include <linux/bpf-cgroup.h>
39 #include <linux/netfilter.h>
40 #include <linux/netfilter_ipv6.h>
46 #include <net/ndisc.h>
47 #include <net/protocol.h>
48 #include <net/ip6_route.h>
49 #include <net/addrconf.h>
50 #include <net/rawv6.h>
53 #include <net/checksum.h>
54 #include <linux/mroute6.h>
55 #include <net/l3mdev.h>
56 #include <net/lwtunnel.h>
58 static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff *skb)
60 struct dst_entry *dst = skb_dst(skb);
61 struct net_device *dev = dst->dev;
62 const struct in6_addr *nexthop;
63 struct neighbour *neigh;
66 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
67 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
69 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(sk) &&
70 ((mroute6_is_socket(net, skb) &&
71 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
72 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
73 &ipv6_hdr(skb)->saddr))) {
74 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
76 /* Do not check for IFF_ALLMULTI; multicast routing
77 is not supported in any case.
80 NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING,
81 net, sk, newskb, NULL, newskb->dev,
84 if (ipv6_hdr(skb)->hop_limit == 0) {
85 IP6_INC_STATS(net, idev,
86 IPSTATS_MIB_OUTDISCARDS);
92 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUTMCAST, skb->len);
94 if (IPV6_ADDR_MC_SCOPE(&ipv6_hdr(skb)->daddr) <=
95 IPV6_ADDR_SCOPE_NODELOCAL &&
96 !(dev->flags & IFF_LOOPBACK)) {
102 if (lwtunnel_xmit_redirect(dst->lwtstate)) {
103 int res = lwtunnel_xmit(skb);
105 if (res < 0 || res == LWTUNNEL_XMIT_DONE)
110 nexthop = rt6_nexthop((struct rt6_info *)dst, &ipv6_hdr(skb)->daddr);
111 neigh = __ipv6_neigh_lookup_noref(dst->dev, nexthop);
112 if (unlikely(!neigh))
113 neigh = __neigh_create(&nd_tbl, nexthop, dst->dev, false);
114 if (!IS_ERR(neigh)) {
115 sock_confirm_neigh(skb, neigh);
116 ret = neigh_output(neigh, skb, false);
117 rcu_read_unlock_bh();
120 rcu_read_unlock_bh();
122 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
127 static int __ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb)
129 #if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM)
130 /* Policy lookup after SNAT yielded a new policy */
131 if (skb_dst(skb)->xfrm) {
132 IPCB(skb)->flags |= IPSKB_REROUTED;
133 return dst_output(net, sk, skb);
137 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
138 dst_allfrag(skb_dst(skb)) ||
139 (IP6CB(skb)->frag_max_size && skb->len > IP6CB(skb)->frag_max_size))
140 return ip6_fragment(net, sk, skb, ip6_finish_output2);
142 return ip6_finish_output2(net, sk, skb);
145 static int ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb)
149 ret = BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb);
151 case NET_XMIT_SUCCESS:
152 return __ip6_finish_output(net, sk, skb);
154 return __ip6_finish_output(net, sk, skb) ? : ret;
161 int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb)
163 struct net_device *dev = skb_dst(skb)->dev;
164 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
166 skb->protocol = htons(ETH_P_IPV6);
169 if (unlikely(idev->cnf.disable_ipv6)) {
170 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS);
175 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING,
176 net, sk, skb, NULL, dev,
178 !(IP6CB(skb)->flags & IP6SKB_REROUTED));
181 bool ip6_autoflowlabel(struct net *net, const struct ipv6_pinfo *np)
183 if (!np->autoflowlabel_set)
184 return ip6_default_np_autolabel(net);
186 return np->autoflowlabel;
190 * xmit an sk_buff (used by TCP, SCTP and DCCP)
191 * Note : socket lock is not held for SYNACK packets, but might be modified
192 * by calls to skb_set_owner_w() and ipv6_local_error(),
193 * which are using proper atomic operations or spinlocks.
195 int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
196 __u32 mark, struct ipv6_txoptions *opt, int tclass, u32 priority)
198 struct net *net = sock_net(sk);
199 const struct ipv6_pinfo *np = inet6_sk(sk);
200 struct in6_addr *first_hop = &fl6->daddr;
201 struct dst_entry *dst = skb_dst(skb);
202 unsigned int head_room;
204 u8 proto = fl6->flowi6_proto;
205 int seg_len = skb->len;
209 head_room = sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev);
211 head_room += opt->opt_nflen + opt->opt_flen;
213 if (unlikely(skb_headroom(skb) < head_room)) {
214 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room);
216 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
217 IPSTATS_MIB_OUTDISCARDS);
222 skb_set_owner_w(skb2, skb->sk);
228 seg_len += opt->opt_nflen + opt->opt_flen;
231 ipv6_push_frag_opts(skb, opt, &proto);
234 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop,
238 skb_push(skb, sizeof(struct ipv6hdr));
239 skb_reset_network_header(skb);
243 * Fill in the IPv6 header
246 hlimit = np->hop_limit;
248 hlimit = ip6_dst_hoplimit(dst);
250 ip6_flow_hdr(hdr, tclass, ip6_make_flowlabel(net, skb, fl6->flowlabel,
251 ip6_autoflowlabel(net, np), fl6));
253 hdr->payload_len = htons(seg_len);
254 hdr->nexthdr = proto;
255 hdr->hop_limit = hlimit;
257 hdr->saddr = fl6->saddr;
258 hdr->daddr = *first_hop;
260 skb->protocol = htons(ETH_P_IPV6);
261 skb->priority = priority;
265 if ((skb->len <= mtu) || skb->ignore_df || skb_is_gso(skb)) {
266 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)),
267 IPSTATS_MIB_OUT, skb->len);
269 /* if egress device is enslaved to an L3 master device pass the
270 * skb to its handler for processing
272 skb = l3mdev_ip6_out((struct sock *)sk, skb);
276 /* hooks should never assume socket lock is held.
277 * we promote our socket to non const
279 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
280 net, (struct sock *)sk, skb, NULL, dst->dev,
285 /* ipv6_local_error() does not require socket lock,
286 * we promote our socket to non const
288 ipv6_local_error((struct sock *)sk, EMSGSIZE, fl6, mtu);
290 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS);
294 EXPORT_SYMBOL(ip6_xmit);
296 static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
298 struct ip6_ra_chain *ra;
299 struct sock *last = NULL;
301 read_lock(&ip6_ra_lock);
302 for (ra = ip6_ra_chain; ra; ra = ra->next) {
303 struct sock *sk = ra->sk;
304 if (sk && ra->sel == sel &&
305 (!sk->sk_bound_dev_if ||
306 sk->sk_bound_dev_if == skb->dev->ifindex)) {
307 struct ipv6_pinfo *np = inet6_sk(sk);
309 if (np && np->rtalert_isolate &&
310 !net_eq(sock_net(sk), dev_net(skb->dev))) {
314 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
316 rawv6_rcv(last, skb2);
323 rawv6_rcv(last, skb);
324 read_unlock(&ip6_ra_lock);
327 read_unlock(&ip6_ra_lock);
331 static int ip6_forward_proxy_check(struct sk_buff *skb)
333 struct ipv6hdr *hdr = ipv6_hdr(skb);
334 u8 nexthdr = hdr->nexthdr;
338 if (ipv6_ext_hdr(nexthdr)) {
339 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr, &frag_off);
343 offset = sizeof(struct ipv6hdr);
345 if (nexthdr == IPPROTO_ICMPV6) {
346 struct icmp6hdr *icmp6;
348 if (!pskb_may_pull(skb, (skb_network_header(skb) +
349 offset + 1 - skb->data)))
352 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset);
354 switch (icmp6->icmp6_type) {
355 case NDISC_ROUTER_SOLICITATION:
356 case NDISC_ROUTER_ADVERTISEMENT:
357 case NDISC_NEIGHBOUR_SOLICITATION:
358 case NDISC_NEIGHBOUR_ADVERTISEMENT:
360 /* For reaction involving unicast neighbor discovery
361 * message destined to the proxied address, pass it to
371 * The proxying router can't forward traffic sent to a link-local
372 * address, so signal the sender and discard the packet. This
373 * behavior is clarified by the MIPv6 specification.
375 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) {
376 dst_link_failure(skb);
383 static inline int ip6_forward_finish(struct net *net, struct sock *sk,
386 struct dst_entry *dst = skb_dst(skb);
388 __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
389 __IP6_ADD_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len);
391 #ifdef CONFIG_NET_SWITCHDEV
392 if (skb->offload_l3_fwd_mark) {
399 return dst_output(net, sk, skb);
402 static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu)
407 /* ipv6 conntrack defrag sets max_frag_size + ignore_df */
408 if (IP6CB(skb)->frag_max_size && IP6CB(skb)->frag_max_size > mtu)
414 if (skb_is_gso(skb) && skb_gso_validate_network_len(skb, mtu))
420 int ip6_forward(struct sk_buff *skb)
422 struct inet6_dev *idev = __in6_dev_get_safely(skb->dev);
423 struct dst_entry *dst = skb_dst(skb);
424 struct ipv6hdr *hdr = ipv6_hdr(skb);
425 struct inet6_skb_parm *opt = IP6CB(skb);
426 struct net *net = dev_net(dst->dev);
429 if (net->ipv6.devconf_all->forwarding == 0)
432 if (skb->pkt_type != PACKET_HOST)
435 if (unlikely(skb->sk))
438 if (skb_warn_if_lro(skb))
441 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
442 __IP6_INC_STATS(net, idev, IPSTATS_MIB_INDISCARDS);
446 skb_forward_csum(skb);
449 * We DO NOT make any processing on
450 * RA packets, pushing them to user level AS IS
451 * without ane WARRANTY that application will be able
452 * to interpret them. The reason is that we
453 * cannot make anything clever here.
455 * We are not end-node, so that if packet contains
456 * AH/ESP, we cannot make anything.
457 * Defragmentation also would be mistake, RA packets
458 * cannot be fragmented, because there is no warranty
459 * that different fragments will go along one path. --ANK
461 if (unlikely(opt->flags & IP6SKB_ROUTERALERT)) {
462 if (ip6_call_ra_chain(skb, ntohs(opt->ra)))
467 * check and decrement ttl
469 if (hdr->hop_limit <= 1) {
470 /* Force OUTPUT device used as source address */
472 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0);
473 __IP6_INC_STATS(net, idev, IPSTATS_MIB_INHDRERRORS);
479 /* XXX: idev->cnf.proxy_ndp? */
480 if (net->ipv6.devconf_all->proxy_ndp &&
481 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
482 int proxied = ip6_forward_proxy_check(skb);
484 return ip6_input(skb);
485 else if (proxied < 0) {
486 __IP6_INC_STATS(net, idev, IPSTATS_MIB_INDISCARDS);
491 if (!xfrm6_route_forward(skb)) {
492 __IP6_INC_STATS(net, idev, IPSTATS_MIB_INDISCARDS);
497 /* IPv6 specs say nothing about it, but it is clear that we cannot
498 send redirects to source routed frames.
499 We don't send redirects to frames decapsulated from IPsec.
501 if (IP6CB(skb)->iif == dst->dev->ifindex &&
502 opt->srcrt == 0 && !skb_sec_path(skb)) {
503 struct in6_addr *target = NULL;
504 struct inet_peer *peer;
508 * incoming and outgoing devices are the same
512 rt = (struct rt6_info *) dst;
513 if (rt->rt6i_flags & RTF_GATEWAY)
514 target = &rt->rt6i_gateway;
516 target = &hdr->daddr;
518 peer = inet_getpeer_v6(net->ipv6.peers, &hdr->daddr, 1);
520 /* Limit redirects both by destination (here)
521 and by source (inside ndisc_send_redirect)
523 if (inet_peer_xrlim_allow(peer, 1*HZ))
524 ndisc_send_redirect(skb, target);
528 int addrtype = ipv6_addr_type(&hdr->saddr);
530 /* This check is security critical. */
531 if (addrtype == IPV6_ADDR_ANY ||
532 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
534 if (addrtype & IPV6_ADDR_LINKLOCAL) {
535 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
536 ICMPV6_NOT_NEIGHBOUR, 0);
541 mtu = ip6_dst_mtu_forward(dst);
542 if (mtu < IPV6_MIN_MTU)
545 if (ip6_pkt_too_big(skb, mtu)) {
546 /* Again, force OUTPUT device used as source address */
548 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
549 __IP6_INC_STATS(net, idev, IPSTATS_MIB_INTOOBIGERRORS);
550 __IP6_INC_STATS(net, ip6_dst_idev(dst),
551 IPSTATS_MIB_FRAGFAILS);
556 if (skb_cow(skb, dst->dev->hard_header_len)) {
557 __IP6_INC_STATS(net, ip6_dst_idev(dst),
558 IPSTATS_MIB_OUTDISCARDS);
564 /* Mangling hops number delayed to point after skb COW */
568 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD,
569 net, NULL, skb, skb->dev, dst->dev,
573 __IP6_INC_STATS(net, idev, IPSTATS_MIB_INADDRERRORS);
579 static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
581 to->pkt_type = from->pkt_type;
582 to->priority = from->priority;
583 to->protocol = from->protocol;
585 skb_dst_set(to, dst_clone(skb_dst(from)));
587 to->mark = from->mark;
589 skb_copy_hash(to, from);
591 #ifdef CONFIG_NET_SCHED
592 to->tc_index = from->tc_index;
595 skb_ext_copy(to, from);
596 skb_copy_secmark(to, from);
599 int ip6_fraglist_init(struct sk_buff *skb, unsigned int hlen, u8 *prevhdr,
600 u8 nexthdr, __be32 frag_id,
601 struct ip6_fraglist_iter *iter)
603 unsigned int first_len;
607 *prevhdr = NEXTHDR_FRAGMENT;
608 iter->tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
612 iter->frag = skb_shinfo(skb)->frag_list;
613 skb_frag_list_init(skb);
617 iter->frag_id = frag_id;
618 iter->nexthdr = nexthdr;
620 __skb_pull(skb, hlen);
621 fh = __skb_push(skb, sizeof(struct frag_hdr));
622 __skb_push(skb, hlen);
623 skb_reset_network_header(skb);
624 memcpy(skb_network_header(skb), iter->tmp_hdr, hlen);
626 fh->nexthdr = nexthdr;
628 fh->frag_off = htons(IP6_MF);
629 fh->identification = frag_id;
631 first_len = skb_pagelen(skb);
632 skb->data_len = first_len - skb_headlen(skb);
633 skb->len = first_len;
634 ipv6_hdr(skb)->payload_len = htons(first_len - sizeof(struct ipv6hdr));
638 EXPORT_SYMBOL(ip6_fraglist_init);
640 void ip6_fraglist_prepare(struct sk_buff *skb,
641 struct ip6_fraglist_iter *iter)
643 struct sk_buff *frag = iter->frag;
644 unsigned int hlen = iter->hlen;
647 frag->ip_summed = CHECKSUM_NONE;
648 skb_reset_transport_header(frag);
649 fh = __skb_push(frag, sizeof(struct frag_hdr));
650 __skb_push(frag, hlen);
651 skb_reset_network_header(frag);
652 memcpy(skb_network_header(frag), iter->tmp_hdr, hlen);
653 iter->offset += skb->len - hlen - sizeof(struct frag_hdr);
654 fh->nexthdr = iter->nexthdr;
656 fh->frag_off = htons(iter->offset);
658 fh->frag_off |= htons(IP6_MF);
659 fh->identification = iter->frag_id;
660 ipv6_hdr(frag)->payload_len = htons(frag->len - sizeof(struct ipv6hdr));
661 ip6_copy_metadata(frag, skb);
663 EXPORT_SYMBOL(ip6_fraglist_prepare);
665 void ip6_frag_init(struct sk_buff *skb, unsigned int hlen, unsigned int mtu,
666 unsigned short needed_tailroom, int hdr_room, u8 *prevhdr,
667 u8 nexthdr, __be32 frag_id, struct ip6_frag_state *state)
669 state->prevhdr = prevhdr;
670 state->nexthdr = nexthdr;
671 state->frag_id = frag_id;
676 state->left = skb->len - hlen; /* Space per frame */
677 state->ptr = hlen; /* Where to start from */
679 state->hroom = hdr_room;
680 state->troom = needed_tailroom;
684 EXPORT_SYMBOL(ip6_frag_init);
686 struct sk_buff *ip6_frag_next(struct sk_buff *skb, struct ip6_frag_state *state)
688 u8 *prevhdr = state->prevhdr, *fragnexthdr_offset;
689 struct sk_buff *frag;
694 /* IF: it doesn't fit, use 'mtu' - the data space left */
695 if (len > state->mtu)
697 /* IF: we are not sending up to and including the packet end
698 then align the next start on an eight byte boundary */
699 if (len < state->left)
702 /* Allocate buffer */
703 frag = alloc_skb(len + state->hlen + sizeof(struct frag_hdr) +
704 state->hroom + state->troom, GFP_ATOMIC);
706 return ERR_PTR(-ENOMEM);
709 * Set up data on packet
712 ip6_copy_metadata(frag, skb);
713 skb_reserve(frag, state->hroom);
714 skb_put(frag, len + state->hlen + sizeof(struct frag_hdr));
715 skb_reset_network_header(frag);
716 fh = (struct frag_hdr *)(skb_network_header(frag) + state->hlen);
717 frag->transport_header = (frag->network_header + state->hlen +
718 sizeof(struct frag_hdr));
721 * Charge the memory for the fragment to any owner
725 skb_set_owner_w(frag, skb->sk);
728 * Copy the packet header into the new buffer.
730 skb_copy_from_linear_data(skb, skb_network_header(frag), state->hlen);
732 fragnexthdr_offset = skb_network_header(frag);
733 fragnexthdr_offset += prevhdr - skb_network_header(skb);
734 *fragnexthdr_offset = NEXTHDR_FRAGMENT;
737 * Build fragment header.
739 fh->nexthdr = state->nexthdr;
741 fh->identification = state->frag_id;
744 * Copy a block of the IP datagram.
746 BUG_ON(skb_copy_bits(skb, state->ptr, skb_transport_header(frag),
750 fh->frag_off = htons(state->offset);
752 fh->frag_off |= htons(IP6_MF);
753 ipv6_hdr(frag)->payload_len = htons(frag->len - sizeof(struct ipv6hdr));
756 state->offset += len;
760 EXPORT_SYMBOL(ip6_frag_next);
762 int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,
763 int (*output)(struct net *, struct sock *, struct sk_buff *))
765 struct sk_buff *frag;
766 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
767 struct ipv6_pinfo *np = skb->sk && !dev_recursion_level() ?
768 inet6_sk(skb->sk) : NULL;
769 struct ip6_frag_state state;
770 unsigned int mtu, hlen, nexthdr_offset;
771 ktime_t tstamp = skb->tstamp;
774 u8 *prevhdr, nexthdr = 0;
776 err = ip6_find_1stfragopt(skb, &prevhdr);
781 nexthdr_offset = prevhdr - skb_network_header(skb);
783 mtu = ip6_skb_dst_mtu(skb);
785 /* We must not fragment if the socket is set to force MTU discovery
786 * or if the skb it not generated by a local socket.
788 if (unlikely(!skb->ignore_df && skb->len > mtu))
791 if (IP6CB(skb)->frag_max_size) {
792 if (IP6CB(skb)->frag_max_size > mtu)
795 /* don't send fragments larger than what we received */
796 mtu = IP6CB(skb)->frag_max_size;
797 if (mtu < IPV6_MIN_MTU)
801 if (np && np->frag_size < mtu) {
805 if (mtu < hlen + sizeof(struct frag_hdr) + 8)
807 mtu -= hlen + sizeof(struct frag_hdr);
809 frag_id = ipv6_select_ident(net, &ipv6_hdr(skb)->daddr,
810 &ipv6_hdr(skb)->saddr);
812 if (skb->ip_summed == CHECKSUM_PARTIAL &&
813 (err = skb_checksum_help(skb)))
816 prevhdr = skb_network_header(skb) + nexthdr_offset;
817 hroom = LL_RESERVED_SPACE(rt->dst.dev);
818 if (skb_has_frag_list(skb)) {
819 unsigned int first_len = skb_pagelen(skb);
820 struct ip6_fraglist_iter iter;
821 struct sk_buff *frag2;
823 if (first_len - hlen > mtu ||
824 ((first_len - hlen) & 7) ||
826 skb_headroom(skb) < (hroom + sizeof(struct frag_hdr)))
829 skb_walk_frags(skb, frag) {
830 /* Correct geometry. */
831 if (frag->len > mtu ||
832 ((frag->len & 7) && frag->next) ||
833 skb_headroom(frag) < (hlen + hroom + sizeof(struct frag_hdr)))
834 goto slow_path_clean;
836 /* Partially cloned skb? */
837 if (skb_shared(frag))
838 goto slow_path_clean;
843 frag->destructor = sock_wfree;
845 skb->truesize -= frag->truesize;
848 err = ip6_fraglist_init(skb, hlen, prevhdr, nexthdr, frag_id,
854 /* Prepare header of the next frame,
855 * before previous one went down. */
857 ip6_fraglist_prepare(skb, &iter);
859 skb->tstamp = tstamp;
860 err = output(net, sk, skb);
862 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
863 IPSTATS_MIB_FRAGCREATES);
865 if (err || !iter.frag)
868 skb = ip6_fraglist_next(&iter);
874 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
875 IPSTATS_MIB_FRAGOKS);
879 kfree_skb_list(iter.frag);
881 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
882 IPSTATS_MIB_FRAGFAILS);
886 skb_walk_frags(skb, frag2) {
890 frag2->destructor = NULL;
891 skb->truesize += frag2->truesize;
897 * Fragment the datagram.
900 ip6_frag_init(skb, hlen, mtu, rt->dst.dev->needed_tailroom,
901 LL_RESERVED_SPACE(rt->dst.dev), prevhdr, nexthdr, frag_id,
905 * Keep copying data until we run out.
908 while (state.left > 0) {
909 frag = ip6_frag_next(skb, &state);
916 * Put this fragment into the sending queue.
918 frag->tstamp = tstamp;
919 err = output(net, sk, frag);
923 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
924 IPSTATS_MIB_FRAGCREATES);
926 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
927 IPSTATS_MIB_FRAGOKS);
932 if (skb->sk && dst_allfrag(skb_dst(skb)))
933 sk_nocaps_add(skb->sk, NETIF_F_GSO_MASK);
935 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
939 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
940 IPSTATS_MIB_FRAGFAILS);
945 static inline int ip6_rt_check(const struct rt6key *rt_key,
946 const struct in6_addr *fl_addr,
947 const struct in6_addr *addr_cache)
949 return (rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) &&
950 (!addr_cache || !ipv6_addr_equal(fl_addr, addr_cache));
953 static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
954 struct dst_entry *dst,
955 const struct flowi6 *fl6)
957 struct ipv6_pinfo *np = inet6_sk(sk);
963 if (dst->ops->family != AF_INET6) {
968 rt = (struct rt6_info *)dst;
969 /* Yes, checking route validity in not connected
970 * case is not very simple. Take into account,
971 * that we do not support routing by source, TOS,
972 * and MSG_DONTROUTE --ANK (980726)
974 * 1. ip6_rt_check(): If route was host route,
975 * check that cached destination is current.
976 * If it is network route, we still may
977 * check its validity using saved pointer
978 * to the last used address: daddr_cache.
979 * We do not want to save whole address now,
980 * (because main consumer of this service
981 * is tcp, which has not this problem),
982 * so that the last trick works only on connected
984 * 2. oif also should be the same.
986 if (ip6_rt_check(&rt->rt6i_dst, &fl6->daddr, np->daddr_cache) ||
987 #ifdef CONFIG_IPV6_SUBTREES
988 ip6_rt_check(&rt->rt6i_src, &fl6->saddr, np->saddr_cache) ||
990 (!(fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF) &&
991 (fl6->flowi6_oif && fl6->flowi6_oif != dst->dev->ifindex))) {
1000 static int ip6_dst_lookup_tail(struct net *net, const struct sock *sk,
1001 struct dst_entry **dst, struct flowi6 *fl6)
1003 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
1004 struct neighbour *n;
1005 struct rt6_info *rt;
1010 /* The correct way to handle this would be to do
1011 * ip6_route_get_saddr, and then ip6_route_output; however,
1012 * the route-specific preferred source forces the
1013 * ip6_route_output call _before_ ip6_route_get_saddr.
1015 * In source specific routing (no src=any default route),
1016 * ip6_route_output will fail given src=any saddr, though, so
1017 * that's why we try it again later.
1019 if (ipv6_addr_any(&fl6->saddr) && (!*dst || !(*dst)->error)) {
1020 struct fib6_info *from;
1021 struct rt6_info *rt;
1022 bool had_dst = *dst != NULL;
1025 *dst = ip6_route_output(net, sk, fl6);
1026 rt = (*dst)->error ? NULL : (struct rt6_info *)*dst;
1029 from = rt ? rcu_dereference(rt->from) : NULL;
1030 err = ip6_route_get_saddr(net, from, &fl6->daddr,
1031 sk ? inet6_sk(sk)->srcprefs : 0,
1036 goto out_err_release;
1038 /* If we had an erroneous initial result, pretend it
1039 * never existed and let the SA-enabled version take
1042 if (!had_dst && (*dst)->error) {
1047 if (fl6->flowi6_oif)
1048 flags |= RT6_LOOKUP_F_IFACE;
1052 *dst = ip6_route_output_flags(net, sk, fl6, flags);
1054 err = (*dst)->error;
1056 goto out_err_release;
1058 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
1060 * Here if the dst entry we've looked up
1061 * has a neighbour entry that is in the INCOMPLETE
1062 * state and the src address from the flow is
1063 * marked as OPTIMISTIC, we release the found
1064 * dst entry and replace it instead with the
1065 * dst entry of the nexthop router
1067 rt = (struct rt6_info *) *dst;
1069 n = __ipv6_neigh_lookup_noref(rt->dst.dev,
1070 rt6_nexthop(rt, &fl6->daddr));
1071 err = n && !(n->nud_state & NUD_VALID) ? -EINVAL : 0;
1072 rcu_read_unlock_bh();
1075 struct inet6_ifaddr *ifp;
1076 struct flowi6 fl_gw6;
1079 ifp = ipv6_get_ifaddr(net, &fl6->saddr,
1082 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
1088 * We need to get the dst entry for the
1089 * default router instead
1092 memcpy(&fl_gw6, fl6, sizeof(struct flowi6));
1093 memset(&fl_gw6.daddr, 0, sizeof(struct in6_addr));
1094 *dst = ip6_route_output(net, sk, &fl_gw6);
1095 err = (*dst)->error;
1097 goto out_err_release;
1101 if (ipv6_addr_v4mapped(&fl6->saddr) &&
1102 !(ipv6_addr_v4mapped(&fl6->daddr) || ipv6_addr_any(&fl6->daddr))) {
1103 err = -EAFNOSUPPORT;
1104 goto out_err_release;
1113 if (err == -ENETUNREACH)
1114 IP6_INC_STATS(net, NULL, IPSTATS_MIB_OUTNOROUTES);
1119 * ip6_dst_lookup - perform route lookup on flow
1120 * @sk: socket which provides route info
1121 * @dst: pointer to dst_entry * for result
1122 * @fl6: flow to lookup
1124 * This function performs a route lookup on the given flow.
1126 * It returns zero on success, or a standard errno code on error.
1128 int ip6_dst_lookup(struct net *net, struct sock *sk, struct dst_entry **dst,
1132 return ip6_dst_lookup_tail(net, sk, dst, fl6);
1134 EXPORT_SYMBOL_GPL(ip6_dst_lookup);
1137 * ip6_dst_lookup_flow - perform route lookup on flow with ipsec
1138 * @sk: socket which provides route info
1139 * @fl6: flow to lookup
1140 * @final_dst: final destination address for ipsec lookup
1142 * This function performs a route lookup on the given flow.
1144 * It returns a valid dst pointer on success, or a pointer encoded
1147 struct dst_entry *ip6_dst_lookup_flow(const struct sock *sk, struct flowi6 *fl6,
1148 const struct in6_addr *final_dst)
1150 struct dst_entry *dst = NULL;
1153 err = ip6_dst_lookup_tail(sock_net(sk), sk, &dst, fl6);
1155 return ERR_PTR(err);
1157 fl6->daddr = *final_dst;
1159 return xfrm_lookup_route(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
1161 EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow);
1164 * ip6_sk_dst_lookup_flow - perform socket cached route lookup on flow
1165 * @sk: socket which provides the dst cache and route info
1166 * @fl6: flow to lookup
1167 * @final_dst: final destination address for ipsec lookup
1168 * @connected: whether @sk is connected or not
1170 * This function performs a route lookup on the given flow with the
1171 * possibility of using the cached route in the socket if it is valid.
1172 * It will take the socket dst lock when operating on the dst cache.
1173 * As a result, this function can only be used in process context.
1175 * In addition, for a connected socket, cache the dst in the socket
1176 * if the current cache is not valid.
1178 * It returns a valid dst pointer on success, or a pointer encoded
1181 struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
1182 const struct in6_addr *final_dst,
1185 struct dst_entry *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
1187 dst = ip6_sk_dst_check(sk, dst, fl6);
1191 dst = ip6_dst_lookup_flow(sk, fl6, final_dst);
1192 if (connected && !IS_ERR(dst))
1193 ip6_sk_dst_store_flow(sk, dst_clone(dst), fl6);
1197 EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow);
1199 static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src,
1202 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1205 static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src,
1208 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1211 static void ip6_append_data_mtu(unsigned int *mtu,
1213 unsigned int fragheaderlen,
1214 struct sk_buff *skb,
1215 struct rt6_info *rt,
1216 unsigned int orig_mtu)
1218 if (!(rt->dst.flags & DST_XFRM_TUNNEL)) {
1220 /* first fragment, reserve header_len */
1221 *mtu = orig_mtu - rt->dst.header_len;
1225 * this fragment is not first, the headers
1226 * space is regarded as data space.
1230 *maxfraglen = ((*mtu - fragheaderlen) & ~7)
1231 + fragheaderlen - sizeof(struct frag_hdr);
1235 static int ip6_setup_cork(struct sock *sk, struct inet_cork_full *cork,
1236 struct inet6_cork *v6_cork, struct ipcm6_cookie *ipc6,
1237 struct rt6_info *rt, struct flowi6 *fl6)
1239 struct ipv6_pinfo *np = inet6_sk(sk);
1241 struct ipv6_txoptions *opt = ipc6->opt;
1247 if (WARN_ON(v6_cork->opt))
1250 v6_cork->opt = kzalloc(sizeof(*opt), sk->sk_allocation);
1251 if (unlikely(!v6_cork->opt))
1254 v6_cork->opt->tot_len = sizeof(*opt);
1255 v6_cork->opt->opt_flen = opt->opt_flen;
1256 v6_cork->opt->opt_nflen = opt->opt_nflen;
1258 v6_cork->opt->dst0opt = ip6_opt_dup(opt->dst0opt,
1260 if (opt->dst0opt && !v6_cork->opt->dst0opt)
1263 v6_cork->opt->dst1opt = ip6_opt_dup(opt->dst1opt,
1265 if (opt->dst1opt && !v6_cork->opt->dst1opt)
1268 v6_cork->opt->hopopt = ip6_opt_dup(opt->hopopt,
1270 if (opt->hopopt && !v6_cork->opt->hopopt)
1273 v6_cork->opt->srcrt = ip6_rthdr_dup(opt->srcrt,
1275 if (opt->srcrt && !v6_cork->opt->srcrt)
1278 /* need source address above miyazawa*/
1281 cork->base.dst = &rt->dst;
1282 cork->fl.u.ip6 = *fl6;
1283 v6_cork->hop_limit = ipc6->hlimit;
1284 v6_cork->tclass = ipc6->tclass;
1285 if (rt->dst.flags & DST_XFRM_TUNNEL)
1286 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ?
1287 READ_ONCE(rt->dst.dev->mtu) : dst_mtu(&rt->dst);
1289 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ?
1290 READ_ONCE(rt->dst.dev->mtu) : dst_mtu(xfrm_dst_path(&rt->dst));
1291 if (np->frag_size < mtu) {
1293 mtu = np->frag_size;
1295 if (mtu < IPV6_MIN_MTU)
1297 cork->base.fragsize = mtu;
1298 cork->base.gso_size = ipc6->gso_size;
1299 cork->base.tx_flags = 0;
1300 cork->base.mark = ipc6->sockc.mark;
1301 sock_tx_timestamp(sk, ipc6->sockc.tsflags, &cork->base.tx_flags);
1303 if (dst_allfrag(xfrm_dst_path(&rt->dst)))
1304 cork->base.flags |= IPCORK_ALLFRAG;
1305 cork->base.length = 0;
1307 cork->base.transmit_time = ipc6->sockc.transmit_time;
1312 static int __ip6_append_data(struct sock *sk,
1314 struct sk_buff_head *queue,
1315 struct inet_cork *cork,
1316 struct inet6_cork *v6_cork,
1317 struct page_frag *pfrag,
1318 int getfrag(void *from, char *to, int offset,
1319 int len, int odd, struct sk_buff *skb),
1320 void *from, int length, int transhdrlen,
1321 unsigned int flags, struct ipcm6_cookie *ipc6)
1323 struct sk_buff *skb, *skb_prev = NULL;
1324 unsigned int maxfraglen, fragheaderlen, mtu, orig_mtu, pmtu;
1325 struct ubuf_info *uarg = NULL;
1327 int dst_exthdrlen = 0;
1333 struct rt6_info *rt = (struct rt6_info *)cork->dst;
1334 struct ipv6_txoptions *opt = v6_cork->opt;
1335 int csummode = CHECKSUM_NONE;
1336 unsigned int maxnonfragsize, headersize;
1337 unsigned int wmem_alloc_delta = 0;
1338 bool paged, extra_uref = false;
1340 skb = skb_peek_tail(queue);
1342 exthdrlen = opt ? opt->opt_flen : 0;
1343 dst_exthdrlen = rt->dst.header_len - rt->rt6i_nfheader_len;
1346 paged = !!cork->gso_size;
1347 mtu = cork->gso_size ? IP6_MAX_MTU : cork->fragsize;
1350 if (cork->tx_flags & SKBTX_ANY_SW_TSTAMP &&
1351 sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID)
1352 tskey = sk->sk_tskey++;
1354 hh_len = LL_RESERVED_SPACE(rt->dst.dev);
1356 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len +
1357 (opt ? opt->opt_nflen : 0);
1358 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen -
1359 sizeof(struct frag_hdr);
1361 headersize = sizeof(struct ipv6hdr) +
1362 (opt ? opt->opt_flen + opt->opt_nflen : 0) +
1363 (dst_allfrag(&rt->dst) ?
1364 sizeof(struct frag_hdr) : 0) +
1365 rt->rt6i_nfheader_len;
1367 /* as per RFC 7112 section 5, the entire IPv6 Header Chain must fit
1368 * the first fragment
1370 if (headersize + transhdrlen > mtu)
1373 if (cork->length + length > mtu - headersize && ipc6->dontfrag &&
1374 (sk->sk_protocol == IPPROTO_UDP ||
1375 sk->sk_protocol == IPPROTO_RAW)) {
1376 ipv6_local_rxpmtu(sk, fl6, mtu - headersize +
1377 sizeof(struct ipv6hdr));
1381 if (ip6_sk_ignore_df(sk))
1382 maxnonfragsize = sizeof(struct ipv6hdr) + IPV6_MAXPLEN;
1384 maxnonfragsize = mtu;
1386 if (cork->length + length > maxnonfragsize - headersize) {
1388 pmtu = max_t(int, mtu - headersize + sizeof(struct ipv6hdr), 0);
1389 ipv6_local_error(sk, EMSGSIZE, fl6, pmtu);
1393 /* CHECKSUM_PARTIAL only with no extension headers and when
1394 * we are not going to fragment
1396 if (transhdrlen && sk->sk_protocol == IPPROTO_UDP &&
1397 headersize == sizeof(struct ipv6hdr) &&
1398 length <= mtu - headersize &&
1399 (!(flags & MSG_MORE) || cork->gso_size) &&
1400 rt->dst.dev->features & (NETIF_F_IPV6_CSUM | NETIF_F_HW_CSUM))
1401 csummode = CHECKSUM_PARTIAL;
1403 if (flags & MSG_ZEROCOPY && length && sock_flag(sk, SOCK_ZEROCOPY)) {
1404 uarg = sock_zerocopy_realloc(sk, length, skb_zcopy(skb));
1407 extra_uref = !skb_zcopy(skb); /* only ref on new uarg */
1408 if (rt->dst.dev->features & NETIF_F_SG &&
1409 csummode == CHECKSUM_PARTIAL) {
1413 skb_zcopy_set(skb, uarg, &extra_uref);
1418 * Let's try using as much space as possible.
1419 * Use MTU if total length of the message fits into the MTU.
1420 * Otherwise, we need to reserve fragment header and
1421 * fragment alignment (= 8-15 octects, in total).
1423 * Note that we may need to "move" the data from the tail of
1424 * of the buffer to the new fragment when we split
1427 * FIXME: It may be fragmented into multiple chunks
1428 * at once if non-fragmentable extension headers
1433 cork->length += length;
1437 while (length > 0) {
1438 /* Check if the remaining data fits into current packet. */
1439 copy = (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len;
1441 copy = maxfraglen - skb->len;
1445 unsigned int datalen;
1446 unsigned int fraglen;
1447 unsigned int fraggap;
1448 unsigned int alloclen;
1449 unsigned int pagedlen;
1451 /* There's no room in the current skb */
1453 fraggap = skb->len - maxfraglen;
1456 /* update mtu and maxfraglen if necessary */
1457 if (!skb || !skb_prev)
1458 ip6_append_data_mtu(&mtu, &maxfraglen,
1459 fragheaderlen, skb, rt,
1465 * If remaining data exceeds the mtu,
1466 * we know we need more fragment(s).
1468 datalen = length + fraggap;
1470 if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)
1471 datalen = maxfraglen - fragheaderlen - rt->dst.trailer_len;
1472 fraglen = datalen + fragheaderlen;
1475 if ((flags & MSG_MORE) &&
1476 !(rt->dst.dev->features&NETIF_F_SG))
1481 alloclen = min_t(int, fraglen, MAX_HEADER);
1482 pagedlen = fraglen - alloclen;
1485 alloclen += dst_exthdrlen;
1487 if (datalen != length + fraggap) {
1489 * this is not the last fragment, the trailer
1490 * space is regarded as data space.
1492 datalen += rt->dst.trailer_len;
1495 alloclen += rt->dst.trailer_len;
1496 fraglen = datalen + fragheaderlen;
1499 * We just reserve space for fragment header.
1500 * Note: this may be overallocation if the message
1501 * (without MSG_MORE) fits into the MTU.
1503 alloclen += sizeof(struct frag_hdr);
1505 copy = datalen - transhdrlen - fraggap - pagedlen;
1511 skb = sock_alloc_send_skb(sk,
1513 (flags & MSG_DONTWAIT), &err);
1516 if (refcount_read(&sk->sk_wmem_alloc) + wmem_alloc_delta <=
1518 skb = alloc_skb(alloclen + hh_len,
1526 * Fill in the control structures
1528 skb->protocol = htons(ETH_P_IPV6);
1529 skb->ip_summed = csummode;
1531 /* reserve for fragmentation and ipsec header */
1532 skb_reserve(skb, hh_len + sizeof(struct frag_hdr) +
1536 * Find where to start putting bytes
1538 data = skb_put(skb, fraglen - pagedlen);
1539 skb_set_network_header(skb, exthdrlen);
1540 data += fragheaderlen;
1541 skb->transport_header = (skb->network_header +
1544 skb->csum = skb_copy_and_csum_bits(
1545 skb_prev, maxfraglen,
1546 data + transhdrlen, fraggap, 0);
1547 skb_prev->csum = csum_sub(skb_prev->csum,
1550 pskb_trim_unique(skb_prev, maxfraglen);
1553 getfrag(from, data + transhdrlen, offset,
1554 copy, fraggap, skb) < 0) {
1561 length -= copy + transhdrlen;
1566 /* Only the initial fragment is time stamped */
1567 skb_shinfo(skb)->tx_flags = cork->tx_flags;
1569 skb_shinfo(skb)->tskey = tskey;
1571 skb_zcopy_set(skb, uarg, &extra_uref);
1573 if ((flags & MSG_CONFIRM) && !skb_prev)
1574 skb_set_dst_pending_confirm(skb, 1);
1577 * Put the packet on the pending queue
1579 if (!skb->destructor) {
1580 skb->destructor = sock_wfree;
1582 wmem_alloc_delta += skb->truesize;
1584 __skb_queue_tail(queue, skb);
1591 if (!(rt->dst.dev->features&NETIF_F_SG) &&
1592 skb_tailroom(skb) >= copy) {
1596 if (getfrag(from, skb_put(skb, copy),
1597 offset, copy, off, skb) < 0) {
1598 __skb_trim(skb, off);
1602 } else if (!uarg || !uarg->zerocopy) {
1603 int i = skb_shinfo(skb)->nr_frags;
1606 if (!sk_page_frag_refill(sk, pfrag))
1609 if (!skb_can_coalesce(skb, i, pfrag->page,
1612 if (i == MAX_SKB_FRAGS)
1615 __skb_fill_page_desc(skb, i, pfrag->page,
1617 skb_shinfo(skb)->nr_frags = ++i;
1618 get_page(pfrag->page);
1620 copy = min_t(int, copy, pfrag->size - pfrag->offset);
1622 page_address(pfrag->page) + pfrag->offset,
1623 offset, copy, skb->len, skb) < 0)
1626 pfrag->offset += copy;
1627 skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
1629 skb->data_len += copy;
1630 skb->truesize += copy;
1631 wmem_alloc_delta += copy;
1633 err = skb_zerocopy_iter_dgram(skb, from, copy);
1641 if (wmem_alloc_delta)
1642 refcount_add(wmem_alloc_delta, &sk->sk_wmem_alloc);
1649 sock_zerocopy_put_abort(uarg, extra_uref);
1650 cork->length -= length;
1651 IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1652 refcount_add(wmem_alloc_delta, &sk->sk_wmem_alloc);
1656 int ip6_append_data(struct sock *sk,
1657 int getfrag(void *from, char *to, int offset, int len,
1658 int odd, struct sk_buff *skb),
1659 void *from, int length, int transhdrlen,
1660 struct ipcm6_cookie *ipc6, struct flowi6 *fl6,
1661 struct rt6_info *rt, unsigned int flags)
1663 struct inet_sock *inet = inet_sk(sk);
1664 struct ipv6_pinfo *np = inet6_sk(sk);
1668 if (flags&MSG_PROBE)
1670 if (skb_queue_empty(&sk->sk_write_queue)) {
1674 err = ip6_setup_cork(sk, &inet->cork, &np->cork,
1679 exthdrlen = (ipc6->opt ? ipc6->opt->opt_flen : 0);
1680 length += exthdrlen;
1681 transhdrlen += exthdrlen;
1683 fl6 = &inet->cork.fl.u.ip6;
1687 return __ip6_append_data(sk, fl6, &sk->sk_write_queue, &inet->cork.base,
1688 &np->cork, sk_page_frag(sk), getfrag,
1689 from, length, transhdrlen, flags, ipc6);
1691 EXPORT_SYMBOL_GPL(ip6_append_data);
1693 static void ip6_cork_release(struct inet_cork_full *cork,
1694 struct inet6_cork *v6_cork)
1697 kfree(v6_cork->opt->dst0opt);
1698 kfree(v6_cork->opt->dst1opt);
1699 kfree(v6_cork->opt->hopopt);
1700 kfree(v6_cork->opt->srcrt);
1701 kfree(v6_cork->opt);
1702 v6_cork->opt = NULL;
1705 if (cork->base.dst) {
1706 dst_release(cork->base.dst);
1707 cork->base.dst = NULL;
1708 cork->base.flags &= ~IPCORK_ALLFRAG;
1710 memset(&cork->fl, 0, sizeof(cork->fl));
1713 struct sk_buff *__ip6_make_skb(struct sock *sk,
1714 struct sk_buff_head *queue,
1715 struct inet_cork_full *cork,
1716 struct inet6_cork *v6_cork)
1718 struct sk_buff *skb, *tmp_skb;
1719 struct sk_buff **tail_skb;
1720 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf;
1721 struct ipv6_pinfo *np = inet6_sk(sk);
1722 struct net *net = sock_net(sk);
1723 struct ipv6hdr *hdr;
1724 struct ipv6_txoptions *opt = v6_cork->opt;
1725 struct rt6_info *rt = (struct rt6_info *)cork->base.dst;
1726 struct flowi6 *fl6 = &cork->fl.u.ip6;
1727 unsigned char proto = fl6->flowi6_proto;
1729 skb = __skb_dequeue(queue);
1732 tail_skb = &(skb_shinfo(skb)->frag_list);
1734 /* move skb->data to ip header from ext header */
1735 if (skb->data < skb_network_header(skb))
1736 __skb_pull(skb, skb_network_offset(skb));
1737 while ((tmp_skb = __skb_dequeue(queue)) != NULL) {
1738 __skb_pull(tmp_skb, skb_network_header_len(skb));
1739 *tail_skb = tmp_skb;
1740 tail_skb = &(tmp_skb->next);
1741 skb->len += tmp_skb->len;
1742 skb->data_len += tmp_skb->len;
1743 skb->truesize += tmp_skb->truesize;
1744 tmp_skb->destructor = NULL;
1748 /* Allow local fragmentation. */
1749 skb->ignore_df = ip6_sk_ignore_df(sk);
1751 *final_dst = fl6->daddr;
1752 __skb_pull(skb, skb_network_header_len(skb));
1753 if (opt && opt->opt_flen)
1754 ipv6_push_frag_opts(skb, opt, &proto);
1755 if (opt && opt->opt_nflen)
1756 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst, &fl6->saddr);
1758 skb_push(skb, sizeof(struct ipv6hdr));
1759 skb_reset_network_header(skb);
1760 hdr = ipv6_hdr(skb);
1762 ip6_flow_hdr(hdr, v6_cork->tclass,
1763 ip6_make_flowlabel(net, skb, fl6->flowlabel,
1764 ip6_autoflowlabel(net, np), fl6));
1765 hdr->hop_limit = v6_cork->hop_limit;
1766 hdr->nexthdr = proto;
1767 hdr->saddr = fl6->saddr;
1768 hdr->daddr = *final_dst;
1770 skb->priority = sk->sk_priority;
1771 skb->mark = cork->base.mark;
1773 skb->tstamp = cork->base.transmit_time;
1775 skb_dst_set(skb, dst_clone(&rt->dst));
1776 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
1777 if (proto == IPPROTO_ICMPV6) {
1778 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
1780 ICMP6MSGOUT_INC_STATS(net, idev, icmp6_hdr(skb)->icmp6_type);
1781 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1784 ip6_cork_release(cork, v6_cork);
1789 int ip6_send_skb(struct sk_buff *skb)
1791 struct net *net = sock_net(skb->sk);
1792 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
1795 err = ip6_local_out(net, skb->sk, skb);
1798 err = net_xmit_errno(err);
1800 IP6_INC_STATS(net, rt->rt6i_idev,
1801 IPSTATS_MIB_OUTDISCARDS);
1807 int ip6_push_pending_frames(struct sock *sk)
1809 struct sk_buff *skb;
1811 skb = ip6_finish_skb(sk);
1815 return ip6_send_skb(skb);
1817 EXPORT_SYMBOL_GPL(ip6_push_pending_frames);
1819 static void __ip6_flush_pending_frames(struct sock *sk,
1820 struct sk_buff_head *queue,
1821 struct inet_cork_full *cork,
1822 struct inet6_cork *v6_cork)
1824 struct sk_buff *skb;
1826 while ((skb = __skb_dequeue_tail(queue)) != NULL) {
1828 IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb_dst(skb)),
1829 IPSTATS_MIB_OUTDISCARDS);
1833 ip6_cork_release(cork, v6_cork);
1836 void ip6_flush_pending_frames(struct sock *sk)
1838 __ip6_flush_pending_frames(sk, &sk->sk_write_queue,
1839 &inet_sk(sk)->cork, &inet6_sk(sk)->cork);
1841 EXPORT_SYMBOL_GPL(ip6_flush_pending_frames);
1843 struct sk_buff *ip6_make_skb(struct sock *sk,
1844 int getfrag(void *from, char *to, int offset,
1845 int len, int odd, struct sk_buff *skb),
1846 void *from, int length, int transhdrlen,
1847 struct ipcm6_cookie *ipc6, struct flowi6 *fl6,
1848 struct rt6_info *rt, unsigned int flags,
1849 struct inet_cork_full *cork)
1851 struct inet6_cork v6_cork;
1852 struct sk_buff_head queue;
1853 int exthdrlen = (ipc6->opt ? ipc6->opt->opt_flen : 0);
1856 if (flags & MSG_PROBE)
1859 __skb_queue_head_init(&queue);
1861 cork->base.flags = 0;
1862 cork->base.addr = 0;
1863 cork->base.opt = NULL;
1864 cork->base.dst = NULL;
1866 err = ip6_setup_cork(sk, cork, &v6_cork, ipc6, rt, fl6);
1868 ip6_cork_release(cork, &v6_cork);
1869 return ERR_PTR(err);
1871 if (ipc6->dontfrag < 0)
1872 ipc6->dontfrag = inet6_sk(sk)->dontfrag;
1874 err = __ip6_append_data(sk, fl6, &queue, &cork->base, &v6_cork,
1875 ¤t->task_frag, getfrag, from,
1876 length + exthdrlen, transhdrlen + exthdrlen,
1879 __ip6_flush_pending_frames(sk, &queue, cork, &v6_cork);
1880 return ERR_PTR(err);
1883 return __ip6_make_skb(sk, &queue, cork, &v6_cork);
projects / linux-2.6-microblaze.git / blob