2 * IPv6 output functions
3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
8 * Based on linux/net/ipv4/ip_output.c
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
16 * A.N.Kuznetsov : airthmetics in fragmentation.
17 * extension headers are implemented.
18 * route changes now work.
19 * ip6_forward does not confuse sniffers.
22 * H. von Brand : Added missing #include <linux/string.h>
23 * Imran Patel : frag id should be in NBO
24 * Kazunori MIYAZAWA @USAGI
25 * : add ip6_append_data and related functions
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/string.h>
32 #include <linux/socket.h>
33 #include <linux/net.h>
34 #include <linux/netdevice.h>
35 #include <linux/if_arp.h>
36 #include <linux/in6.h>
37 #include <linux/tcp.h>
38 #include <linux/route.h>
39 #include <linux/module.h>
41 #include <linux/netfilter.h>
42 #include <linux/netfilter_ipv6.h>
48 #include <net/ndisc.h>
49 #include <net/protocol.h>
50 #include <net/ip6_route.h>
51 #include <net/addrconf.h>
52 #include <net/rawv6.h>
55 #include <net/checksum.h>
56 #include <linux/mroute6.h>
58 static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *));
60 static __inline__ void ipv6_select_ident(struct sk_buff *skb, struct frag_hdr *fhdr)
62 static u32 ipv6_fragmentation_id = 1;
63 static DEFINE_SPINLOCK(ip6_id_lock);
65 spin_lock_bh(&ip6_id_lock);
66 fhdr->identification = htonl(ipv6_fragmentation_id);
67 if (++ipv6_fragmentation_id == 0)
68 ipv6_fragmentation_id = 1;
69 spin_unlock_bh(&ip6_id_lock);
72 int __ip6_local_out(struct sk_buff *skb)
76 len = skb->len - sizeof(struct ipv6hdr);
77 if (len > IPV6_MAXPLEN)
79 ipv6_hdr(skb)->payload_len = htons(len);
81 return nf_hook(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, skb->dst->dev,
85 int ip6_local_out(struct sk_buff *skb)
89 err = __ip6_local_out(skb);
91 err = dst_output(skb);
95 EXPORT_SYMBOL_GPL(ip6_local_out);
97 static int ip6_output_finish(struct sk_buff *skb)
99 struct dst_entry *dst = skb->dst;
102 return neigh_hh_output(dst->hh, skb);
103 else if (dst->neighbour)
104 return dst->neighbour->output(skb);
106 IP6_INC_STATS_BH(dev_net(dst->dev),
107 ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
113 /* dev_loopback_xmit for use with netfilter. */
114 static int ip6_dev_loopback_xmit(struct sk_buff *newskb)
116 skb_reset_mac_header(newskb);
117 __skb_pull(newskb, skb_network_offset(newskb));
118 newskb->pkt_type = PACKET_LOOPBACK;
119 newskb->ip_summed = CHECKSUM_UNNECESSARY;
120 WARN_ON(!newskb->dst);
127 static int ip6_output2(struct sk_buff *skb)
129 struct dst_entry *dst = skb->dst;
130 struct net_device *dev = dst->dev;
132 skb->protocol = htons(ETH_P_IPV6);
135 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
136 struct ipv6_pinfo* np = skb->sk ? inet6_sk(skb->sk) : NULL;
137 struct inet6_dev *idev = ip6_dst_idev(skb->dst);
139 if (!(dev->flags & IFF_LOOPBACK) && (!np || np->mc_loop) &&
140 ((mroute6_socket(dev_net(dev)) &&
141 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
142 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
143 &ipv6_hdr(skb)->saddr))) {
144 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
146 /* Do not check for IFF_ALLMULTI; multicast routing
147 is not supported in any case.
150 NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, newskb,
152 ip6_dev_loopback_xmit);
154 if (ipv6_hdr(skb)->hop_limit == 0) {
155 IP6_INC_STATS(dev_net(dev), idev,
156 IPSTATS_MIB_OUTDISCARDS);
162 IP6_UPD_PO_STATS(dev_net(dev), idev, IPSTATS_MIB_OUTMCAST,
166 return NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, skb, NULL, skb->dev,
170 static inline int ip6_skb_dst_mtu(struct sk_buff *skb)
172 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
174 return (np && np->pmtudisc == IPV6_PMTUDISC_PROBE) ?
175 skb->dst->dev->mtu : dst_mtu(skb->dst);
178 int ip6_output(struct sk_buff *skb)
180 struct inet6_dev *idev = ip6_dst_idev(skb->dst);
181 if (unlikely(idev->cnf.disable_ipv6)) {
182 IP6_INC_STATS(dev_net(skb->dst->dev), idev,
183 IPSTATS_MIB_OUTDISCARDS);
188 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
189 dst_allfrag(skb->dst))
190 return ip6_fragment(skb, ip6_output2);
192 return ip6_output2(skb);
196 * xmit an sk_buff (used by TCP)
199 int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl,
200 struct ipv6_txoptions *opt, int ipfragok)
202 struct net *net = sock_net(sk);
203 struct ipv6_pinfo *np = inet6_sk(sk);
204 struct in6_addr *first_hop = &fl->fl6_dst;
205 struct dst_entry *dst = skb->dst;
207 u8 proto = fl->proto;
208 int seg_len = skb->len;
213 unsigned int head_room;
215 /* First: exthdrs may take lots of space (~8K for now)
216 MAX_HEADER is not enough.
218 head_room = opt->opt_nflen + opt->opt_flen;
219 seg_len += head_room;
220 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev);
222 if (skb_headroom(skb) < head_room) {
223 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room);
225 IP6_INC_STATS(net, ip6_dst_idev(skb->dst),
226 IPSTATS_MIB_OUTDISCARDS);
233 skb_set_owner_w(skb, sk);
236 ipv6_push_frag_opts(skb, opt, &proto);
238 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop);
241 skb_push(skb, sizeof(struct ipv6hdr));
242 skb_reset_network_header(skb);
245 /* Allow local fragmentation. */
250 * Fill in the IPv6 header
255 hlimit = np->hop_limit;
257 hlimit = ip6_dst_hoplimit(dst);
265 *(__be32 *)hdr = htonl(0x60000000 | (tclass << 20)) | fl->fl6_flowlabel;
267 hdr->payload_len = htons(seg_len);
268 hdr->nexthdr = proto;
269 hdr->hop_limit = hlimit;
271 ipv6_addr_copy(&hdr->saddr, &fl->fl6_src);
272 ipv6_addr_copy(&hdr->daddr, first_hop);
274 skb->priority = sk->sk_priority;
275 skb->mark = sk->sk_mark;
278 if ((skb->len <= mtu) || skb->local_df || skb_is_gso(skb)) {
279 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb->dst),
280 IPSTATS_MIB_OUT, skb->len);
281 return NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
286 printk(KERN_DEBUG "IPv6: sending pkt_too_big to self\n");
288 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, skb->dev);
289 IP6_INC_STATS(net, ip6_dst_idev(skb->dst), IPSTATS_MIB_FRAGFAILS);
294 EXPORT_SYMBOL(ip6_xmit);
297 * To avoid extra problems ND packets are send through this
298 * routine. It's code duplication but I really want to avoid
299 * extra checks since ipv6_build_header is used by TCP (which
300 * is for us performance critical)
303 int ip6_nd_hdr(struct sock *sk, struct sk_buff *skb, struct net_device *dev,
304 const struct in6_addr *saddr, const struct in6_addr *daddr,
307 struct ipv6_pinfo *np = inet6_sk(sk);
311 skb->protocol = htons(ETH_P_IPV6);
314 totlen = len + sizeof(struct ipv6hdr);
316 skb_reset_network_header(skb);
317 skb_put(skb, sizeof(struct ipv6hdr));
320 *(__be32*)hdr = htonl(0x60000000);
322 hdr->payload_len = htons(len);
323 hdr->nexthdr = proto;
324 hdr->hop_limit = np->hop_limit;
326 ipv6_addr_copy(&hdr->saddr, saddr);
327 ipv6_addr_copy(&hdr->daddr, daddr);
332 static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
334 struct ip6_ra_chain *ra;
335 struct sock *last = NULL;
337 read_lock(&ip6_ra_lock);
338 for (ra = ip6_ra_chain; ra; ra = ra->next) {
339 struct sock *sk = ra->sk;
340 if (sk && ra->sel == sel &&
341 (!sk->sk_bound_dev_if ||
342 sk->sk_bound_dev_if == skb->dev->ifindex)) {
344 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
346 rawv6_rcv(last, skb2);
353 rawv6_rcv(last, skb);
354 read_unlock(&ip6_ra_lock);
357 read_unlock(&ip6_ra_lock);
361 static int ip6_forward_proxy_check(struct sk_buff *skb)
363 struct ipv6hdr *hdr = ipv6_hdr(skb);
364 u8 nexthdr = hdr->nexthdr;
367 if (ipv6_ext_hdr(nexthdr)) {
368 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr);
372 offset = sizeof(struct ipv6hdr);
374 if (nexthdr == IPPROTO_ICMPV6) {
375 struct icmp6hdr *icmp6;
377 if (!pskb_may_pull(skb, (skb_network_header(skb) +
378 offset + 1 - skb->data)))
381 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset);
383 switch (icmp6->icmp6_type) {
384 case NDISC_ROUTER_SOLICITATION:
385 case NDISC_ROUTER_ADVERTISEMENT:
386 case NDISC_NEIGHBOUR_SOLICITATION:
387 case NDISC_NEIGHBOUR_ADVERTISEMENT:
389 /* For reaction involving unicast neighbor discovery
390 * message destined to the proxied address, pass it to
400 * The proxying router can't forward traffic sent to a link-local
401 * address, so signal the sender and discard the packet. This
402 * behavior is clarified by the MIPv6 specification.
404 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) {
405 dst_link_failure(skb);
412 static inline int ip6_forward_finish(struct sk_buff *skb)
414 return dst_output(skb);
417 int ip6_forward(struct sk_buff *skb)
419 struct dst_entry *dst = skb->dst;
420 struct ipv6hdr *hdr = ipv6_hdr(skb);
421 struct inet6_skb_parm *opt = IP6CB(skb);
422 struct net *net = dev_net(dst->dev);
424 if (net->ipv6.devconf_all->forwarding == 0)
427 if (skb_warn_if_lro(skb))
430 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
431 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
435 skb_forward_csum(skb);
438 * We DO NOT make any processing on
439 * RA packets, pushing them to user level AS IS
440 * without ane WARRANTY that application will be able
441 * to interpret them. The reason is that we
442 * cannot make anything clever here.
444 * We are not end-node, so that if packet contains
445 * AH/ESP, we cannot make anything.
446 * Defragmentation also would be mistake, RA packets
447 * cannot be fragmented, because there is no warranty
448 * that different fragments will go along one path. --ANK
451 u8 *ptr = skb_network_header(skb) + opt->ra;
452 if (ip6_call_ra_chain(skb, (ptr[2]<<8) + ptr[3]))
457 * check and decrement ttl
459 if (hdr->hop_limit <= 1) {
460 /* Force OUTPUT device used as source address */
462 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
464 IP6_INC_STATS_BH(net,
465 ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS);
471 /* XXX: idev->cnf.proxy_ndp? */
472 if (net->ipv6.devconf_all->proxy_ndp &&
473 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
474 int proxied = ip6_forward_proxy_check(skb);
476 return ip6_input(skb);
477 else if (proxied < 0) {
478 IP6_INC_STATS(net, ip6_dst_idev(dst),
479 IPSTATS_MIB_INDISCARDS);
484 if (!xfrm6_route_forward(skb)) {
485 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
490 /* IPv6 specs say nothing about it, but it is clear that we cannot
491 send redirects to source routed frames.
492 We don't send redirects to frames decapsulated from IPsec.
494 if (skb->dev == dst->dev && dst->neighbour && opt->srcrt == 0 &&
495 !skb_sec_path(skb)) {
496 struct in6_addr *target = NULL;
498 struct neighbour *n = dst->neighbour;
501 * incoming and outgoing devices are the same
505 rt = (struct rt6_info *) dst;
506 if ((rt->rt6i_flags & RTF_GATEWAY))
507 target = (struct in6_addr*)&n->primary_key;
509 target = &hdr->daddr;
511 /* Limit redirects both by destination (here)
512 and by source (inside ndisc_send_redirect)
514 if (xrlim_allow(dst, 1*HZ))
515 ndisc_send_redirect(skb, n, target);
517 int addrtype = ipv6_addr_type(&hdr->saddr);
519 /* This check is security critical. */
520 if (addrtype == IPV6_ADDR_ANY ||
521 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
523 if (addrtype & IPV6_ADDR_LINKLOCAL) {
524 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
525 ICMPV6_NOT_NEIGHBOUR, 0, skb->dev);
530 if (skb->len > dst_mtu(dst)) {
531 /* Again, force OUTPUT device used as source address */
533 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, dst_mtu(dst), skb->dev);
534 IP6_INC_STATS_BH(net,
535 ip6_dst_idev(dst), IPSTATS_MIB_INTOOBIGERRORS);
536 IP6_INC_STATS_BH(net,
537 ip6_dst_idev(dst), IPSTATS_MIB_FRAGFAILS);
542 if (skb_cow(skb, dst->dev->hard_header_len)) {
543 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTDISCARDS);
549 /* Mangling hops number delayed to point after skb COW */
553 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
554 return NF_HOOK(PF_INET6, NF_INET_FORWARD, skb, skb->dev, dst->dev,
558 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS);
564 static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
566 to->pkt_type = from->pkt_type;
567 to->priority = from->priority;
568 to->protocol = from->protocol;
569 dst_release(to->dst);
570 to->dst = dst_clone(from->dst);
572 to->mark = from->mark;
574 #ifdef CONFIG_NET_SCHED
575 to->tc_index = from->tc_index;
578 #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
579 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
580 to->nf_trace = from->nf_trace;
582 skb_copy_secmark(to, from);
585 int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
587 u16 offset = sizeof(struct ipv6hdr);
588 struct ipv6_opt_hdr *exthdr =
589 (struct ipv6_opt_hdr *)(ipv6_hdr(skb) + 1);
590 unsigned int packet_len = skb->tail - skb->network_header;
592 *nexthdr = &ipv6_hdr(skb)->nexthdr;
594 while (offset + 1 <= packet_len) {
600 case NEXTHDR_ROUTING:
604 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
605 if (ipv6_find_tlv(skb, offset, IPV6_TLV_HAO) >= 0)
615 offset += ipv6_optlen(exthdr);
616 *nexthdr = &exthdr->nexthdr;
617 exthdr = (struct ipv6_opt_hdr *)(skb_network_header(skb) +
624 static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
626 struct sk_buff *frag;
627 struct rt6_info *rt = (struct rt6_info*)skb->dst;
628 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
629 struct ipv6hdr *tmp_hdr;
631 unsigned int mtu, hlen, left, len;
633 int ptr, offset = 0, err=0;
634 u8 *prevhdr, nexthdr = 0;
635 struct net *net = dev_net(skb->dst->dev);
637 hlen = ip6_find_1stfragopt(skb, &prevhdr);
640 mtu = ip6_skb_dst_mtu(skb);
642 /* We must not fragment if the socket is set to force MTU discovery
643 * or if the skb it not generated by a local socket. (This last
644 * check should be redundant, but it's free.)
646 if (!skb->local_df) {
647 skb->dev = skb->dst->dev;
648 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, skb->dev);
649 IP6_INC_STATS(net, ip6_dst_idev(skb->dst),
650 IPSTATS_MIB_FRAGFAILS);
655 if (np && np->frag_size < mtu) {
659 mtu -= hlen + sizeof(struct frag_hdr);
661 if (skb_shinfo(skb)->frag_list) {
662 int first_len = skb_pagelen(skb);
665 if (first_len - hlen > mtu ||
666 ((first_len - hlen) & 7) ||
670 for (frag = skb_shinfo(skb)->frag_list; frag; frag = frag->next) {
671 /* Correct geometry. */
672 if (frag->len > mtu ||
673 ((frag->len & 7) && frag->next) ||
674 skb_headroom(frag) < hlen)
677 /* Partially cloned skb? */
678 if (skb_shared(frag))
685 frag->destructor = sock_wfree;
686 truesizes += frag->truesize;
692 frag = skb_shinfo(skb)->frag_list;
693 skb_shinfo(skb)->frag_list = NULL;
696 *prevhdr = NEXTHDR_FRAGMENT;
697 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
699 IP6_INC_STATS(net, ip6_dst_idev(skb->dst),
700 IPSTATS_MIB_FRAGFAILS);
704 __skb_pull(skb, hlen);
705 fh = (struct frag_hdr*)__skb_push(skb, sizeof(struct frag_hdr));
706 __skb_push(skb, hlen);
707 skb_reset_network_header(skb);
708 memcpy(skb_network_header(skb), tmp_hdr, hlen);
710 ipv6_select_ident(skb, fh);
711 fh->nexthdr = nexthdr;
713 fh->frag_off = htons(IP6_MF);
714 frag_id = fh->identification;
716 first_len = skb_pagelen(skb);
717 skb->data_len = first_len - skb_headlen(skb);
718 skb->truesize -= truesizes;
719 skb->len = first_len;
720 ipv6_hdr(skb)->payload_len = htons(first_len -
721 sizeof(struct ipv6hdr));
723 dst_hold(&rt->u.dst);
726 /* Prepare header of the next frame,
727 * before previous one went down. */
729 frag->ip_summed = CHECKSUM_NONE;
730 skb_reset_transport_header(frag);
731 fh = (struct frag_hdr*)__skb_push(frag, sizeof(struct frag_hdr));
732 __skb_push(frag, hlen);
733 skb_reset_network_header(frag);
734 memcpy(skb_network_header(frag), tmp_hdr,
736 offset += skb->len - hlen - sizeof(struct frag_hdr);
737 fh->nexthdr = nexthdr;
739 fh->frag_off = htons(offset);
740 if (frag->next != NULL)
741 fh->frag_off |= htons(IP6_MF);
742 fh->identification = frag_id;
743 ipv6_hdr(frag)->payload_len =
745 sizeof(struct ipv6hdr));
746 ip6_copy_metadata(frag, skb);
751 IP6_INC_STATS(net, ip6_dst_idev(&rt->u.dst),
752 IPSTATS_MIB_FRAGCREATES);
765 IP6_INC_STATS(net, ip6_dst_idev(&rt->u.dst),
766 IPSTATS_MIB_FRAGOKS);
767 dst_release(&rt->u.dst);
777 IP6_INC_STATS(net, ip6_dst_idev(&rt->u.dst),
778 IPSTATS_MIB_FRAGFAILS);
779 dst_release(&rt->u.dst);
784 left = skb->len - hlen; /* Space per frame */
785 ptr = hlen; /* Where to start from */
788 * Fragment the datagram.
791 *prevhdr = NEXTHDR_FRAGMENT;
794 * Keep copying data until we run out.
798 /* IF: it doesn't fit, use 'mtu' - the data space left */
801 /* IF: we are not sending upto and including the packet end
802 then align the next start on an eight byte boundary */
810 if ((frag = alloc_skb(len+hlen+sizeof(struct frag_hdr)+LL_ALLOCATED_SPACE(rt->u.dst.dev), GFP_ATOMIC)) == NULL) {
811 NETDEBUG(KERN_INFO "IPv6: frag: no memory for new fragment!\n");
812 IP6_INC_STATS(net, ip6_dst_idev(skb->dst),
813 IPSTATS_MIB_FRAGFAILS);
819 * Set up data on packet
822 ip6_copy_metadata(frag, skb);
823 skb_reserve(frag, LL_RESERVED_SPACE(rt->u.dst.dev));
824 skb_put(frag, len + hlen + sizeof(struct frag_hdr));
825 skb_reset_network_header(frag);
826 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen);
827 frag->transport_header = (frag->network_header + hlen +
828 sizeof(struct frag_hdr));
831 * Charge the memory for the fragment to any owner
835 skb_set_owner_w(frag, skb->sk);
838 * Copy the packet header into the new buffer.
840 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen);
843 * Build fragment header.
845 fh->nexthdr = nexthdr;
848 ipv6_select_ident(skb, fh);
849 frag_id = fh->identification;
851 fh->identification = frag_id;
854 * Copy a block of the IP datagram.
856 if (skb_copy_bits(skb, ptr, skb_transport_header(frag), len))
860 fh->frag_off = htons(offset);
862 fh->frag_off |= htons(IP6_MF);
863 ipv6_hdr(frag)->payload_len = htons(frag->len -
864 sizeof(struct ipv6hdr));
870 * Put this fragment into the sending queue.
876 IP6_INC_STATS(net, ip6_dst_idev(skb->dst),
877 IPSTATS_MIB_FRAGCREATES);
879 IP6_INC_STATS(net, ip6_dst_idev(skb->dst),
880 IPSTATS_MIB_FRAGOKS);
885 IP6_INC_STATS(net, ip6_dst_idev(skb->dst),
886 IPSTATS_MIB_FRAGFAILS);
891 static inline int ip6_rt_check(struct rt6key *rt_key,
892 struct in6_addr *fl_addr,
893 struct in6_addr *addr_cache)
895 return ((rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) &&
896 (addr_cache == NULL || !ipv6_addr_equal(fl_addr, addr_cache)));
899 static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
900 struct dst_entry *dst,
903 struct ipv6_pinfo *np = inet6_sk(sk);
904 struct rt6_info *rt = (struct rt6_info *)dst;
909 /* Yes, checking route validity in not connected
910 * case is not very simple. Take into account,
911 * that we do not support routing by source, TOS,
912 * and MSG_DONTROUTE --ANK (980726)
914 * 1. ip6_rt_check(): If route was host route,
915 * check that cached destination is current.
916 * If it is network route, we still may
917 * check its validity using saved pointer
918 * to the last used address: daddr_cache.
919 * We do not want to save whole address now,
920 * (because main consumer of this service
921 * is tcp, which has not this problem),
922 * so that the last trick works only on connected
924 * 2. oif also should be the same.
926 if (ip6_rt_check(&rt->rt6i_dst, &fl->fl6_dst, np->daddr_cache) ||
927 #ifdef CONFIG_IPV6_SUBTREES
928 ip6_rt_check(&rt->rt6i_src, &fl->fl6_src, np->saddr_cache) ||
930 (fl->oif && fl->oif != dst->dev->ifindex)) {
939 static int ip6_dst_lookup_tail(struct sock *sk,
940 struct dst_entry **dst, struct flowi *fl)
943 struct net *net = sock_net(sk);
946 *dst = ip6_route_output(net, sk, fl);
948 if ((err = (*dst)->error))
949 goto out_err_release;
951 if (ipv6_addr_any(&fl->fl6_src)) {
952 err = ipv6_dev_get_saddr(net, ip6_dst_idev(*dst)->dev,
954 sk ? inet6_sk(sk)->srcprefs : 0,
957 goto out_err_release;
960 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
962 * Here if the dst entry we've looked up
963 * has a neighbour entry that is in the INCOMPLETE
964 * state and the src address from the flow is
965 * marked as OPTIMISTIC, we release the found
966 * dst entry and replace it instead with the
967 * dst entry of the nexthop router
969 if ((*dst)->neighbour && !((*dst)->neighbour->nud_state & NUD_VALID)) {
970 struct inet6_ifaddr *ifp;
974 ifp = ipv6_get_ifaddr(net, &fl->fl6_src,
977 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
983 * We need to get the dst entry for the
984 * default router instead
987 memcpy(&fl_gw, fl, sizeof(struct flowi));
988 memset(&fl_gw.fl6_dst, 0, sizeof(struct in6_addr));
989 *dst = ip6_route_output(net, sk, &fl_gw);
990 if ((err = (*dst)->error))
991 goto out_err_release;
999 if (err == -ENETUNREACH)
1000 IP6_INC_STATS_BH(net, NULL, IPSTATS_MIB_OUTNOROUTES);
1007 * ip6_dst_lookup - perform route lookup on flow
1008 * @sk: socket which provides route info
1009 * @dst: pointer to dst_entry * for result
1010 * @fl: flow to lookup
1012 * This function performs a route lookup on the given flow.
1014 * It returns zero on success, or a standard errno code on error.
1016 int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl)
1019 return ip6_dst_lookup_tail(sk, dst, fl);
1021 EXPORT_SYMBOL_GPL(ip6_dst_lookup);
1024 * ip6_sk_dst_lookup - perform socket cached route lookup on flow
1025 * @sk: socket which provides the dst cache and route info
1026 * @dst: pointer to dst_entry * for result
1027 * @fl: flow to lookup
1029 * This function performs a route lookup on the given flow with the
1030 * possibility of using the cached route in the socket if it is valid.
1031 * It will take the socket dst lock when operating on the dst cache.
1032 * As a result, this function can only be used in process context.
1034 * It returns zero on success, or a standard errno code on error.
1036 int ip6_sk_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl)
1040 *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
1041 *dst = ip6_sk_dst_check(sk, *dst, fl);
1044 return ip6_dst_lookup_tail(sk, dst, fl);
1046 EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup);
1048 static inline int ip6_ufo_append_data(struct sock *sk,
1049 int getfrag(void *from, char *to, int offset, int len,
1050 int odd, struct sk_buff *skb),
1051 void *from, int length, int hh_len, int fragheaderlen,
1052 int transhdrlen, int mtu,unsigned int flags)
1055 struct sk_buff *skb;
1058 /* There is support for UDP large send offload by network
1059 * device, so create one single skb packet containing complete
1062 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) {
1063 skb = sock_alloc_send_skb(sk,
1064 hh_len + fragheaderlen + transhdrlen + 20,
1065 (flags & MSG_DONTWAIT), &err);
1069 /* reserve space for Hardware header */
1070 skb_reserve(skb, hh_len);
1072 /* create space for UDP/IP header */
1073 skb_put(skb,fragheaderlen + transhdrlen);
1075 /* initialize network header pointer */
1076 skb_reset_network_header(skb);
1078 /* initialize protocol header pointer */
1079 skb->transport_header = skb->network_header + fragheaderlen;
1081 skb->ip_summed = CHECKSUM_PARTIAL;
1083 sk->sk_sndmsg_off = 0;
1086 err = skb_append_datato_frags(sk,skb, getfrag, from,
1087 (length - transhdrlen));
1089 struct frag_hdr fhdr;
1091 /* specify the length of each IP datagram fragment*/
1092 skb_shinfo(skb)->gso_size = mtu - fragheaderlen -
1093 sizeof(struct frag_hdr);
1094 skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
1095 ipv6_select_ident(skb, &fhdr);
1096 skb_shinfo(skb)->ip6_frag_id = fhdr.identification;
1097 __skb_queue_tail(&sk->sk_write_queue, skb);
1101 /* There is not enough support do UPD LSO,
1102 * so follow normal path
1109 static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src,
1112 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1115 static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src,
1118 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1121 int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
1122 int offset, int len, int odd, struct sk_buff *skb),
1123 void *from, int length, int transhdrlen,
1124 int hlimit, int tclass, struct ipv6_txoptions *opt, struct flowi *fl,
1125 struct rt6_info *rt, unsigned int flags)
1127 struct inet_sock *inet = inet_sk(sk);
1128 struct ipv6_pinfo *np = inet6_sk(sk);
1129 struct sk_buff *skb;
1130 unsigned int maxfraglen, fragheaderlen;
1137 int csummode = CHECKSUM_NONE;
1139 if (flags&MSG_PROBE)
1141 if (skb_queue_empty(&sk->sk_write_queue)) {
1146 if (WARN_ON(np->cork.opt))
1149 np->cork.opt = kmalloc(opt->tot_len, sk->sk_allocation);
1150 if (unlikely(np->cork.opt == NULL))
1153 np->cork.opt->tot_len = opt->tot_len;
1154 np->cork.opt->opt_flen = opt->opt_flen;
1155 np->cork.opt->opt_nflen = opt->opt_nflen;
1157 np->cork.opt->dst0opt = ip6_opt_dup(opt->dst0opt,
1159 if (opt->dst0opt && !np->cork.opt->dst0opt)
1162 np->cork.opt->dst1opt = ip6_opt_dup(opt->dst1opt,
1164 if (opt->dst1opt && !np->cork.opt->dst1opt)
1167 np->cork.opt->hopopt = ip6_opt_dup(opt->hopopt,
1169 if (opt->hopopt && !np->cork.opt->hopopt)
1172 np->cork.opt->srcrt = ip6_rthdr_dup(opt->srcrt,
1174 if (opt->srcrt && !np->cork.opt->srcrt)
1177 /* need source address above miyazawa*/
1179 dst_hold(&rt->u.dst);
1180 inet->cork.dst = &rt->u.dst;
1181 inet->cork.fl = *fl;
1182 np->cork.hop_limit = hlimit;
1183 np->cork.tclass = tclass;
1184 mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ?
1185 rt->u.dst.dev->mtu : dst_mtu(rt->u.dst.path);
1186 if (np->frag_size < mtu) {
1188 mtu = np->frag_size;
1190 inet->cork.fragsize = mtu;
1191 if (dst_allfrag(rt->u.dst.path))
1192 inet->cork.flags |= IPCORK_ALLFRAG;
1193 inet->cork.length = 0;
1194 sk->sk_sndmsg_page = NULL;
1195 sk->sk_sndmsg_off = 0;
1196 exthdrlen = rt->u.dst.header_len + (opt ? opt->opt_flen : 0) -
1197 rt->rt6i_nfheader_len;
1198 length += exthdrlen;
1199 transhdrlen += exthdrlen;
1201 rt = (struct rt6_info *)inet->cork.dst;
1202 fl = &inet->cork.fl;
1206 mtu = inet->cork.fragsize;
1209 hh_len = LL_RESERVED_SPACE(rt->u.dst.dev);
1211 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len +
1212 (opt ? opt->opt_nflen : 0);
1213 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr);
1215 if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) {
1216 if (inet->cork.length + length > sizeof(struct ipv6hdr) + IPV6_MAXPLEN - fragheaderlen) {
1217 ipv6_local_error(sk, EMSGSIZE, fl, mtu-exthdrlen);
1223 * Let's try using as much space as possible.
1224 * Use MTU if total length of the message fits into the MTU.
1225 * Otherwise, we need to reserve fragment header and
1226 * fragment alignment (= 8-15 octects, in total).
1228 * Note that we may need to "move" the data from the tail of
1229 * of the buffer to the new fragment when we split
1232 * FIXME: It may be fragmented into multiple chunks
1233 * at once if non-fragmentable extension headers
1238 inet->cork.length += length;
1239 if (((length > mtu) && (sk->sk_protocol == IPPROTO_UDP)) &&
1240 (rt->u.dst.dev->features & NETIF_F_UFO)) {
1242 err = ip6_ufo_append_data(sk, getfrag, from, length, hh_len,
1243 fragheaderlen, transhdrlen, mtu,
1250 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL)
1253 while (length > 0) {
1254 /* Check if the remaining data fits into current packet. */
1255 copy = (inet->cork.length <= mtu && !(inet->cork.flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len;
1257 copy = maxfraglen - skb->len;
1261 unsigned int datalen;
1262 unsigned int fraglen;
1263 unsigned int fraggap;
1264 unsigned int alloclen;
1265 struct sk_buff *skb_prev;
1269 /* There's no room in the current skb */
1271 fraggap = skb_prev->len - maxfraglen;
1276 * If remaining data exceeds the mtu,
1277 * we know we need more fragment(s).
1279 datalen = length + fraggap;
1280 if (datalen > (inet->cork.length <= mtu && !(inet->cork.flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)
1281 datalen = maxfraglen - fragheaderlen;
1283 fraglen = datalen + fragheaderlen;
1284 if ((flags & MSG_MORE) &&
1285 !(rt->u.dst.dev->features&NETIF_F_SG))
1288 alloclen = datalen + fragheaderlen;
1291 * The last fragment gets additional space at tail.
1292 * Note: we overallocate on fragments with MSG_MODE
1293 * because we have no idea if we're the last one.
1295 if (datalen == length + fraggap)
1296 alloclen += rt->u.dst.trailer_len;
1299 * We just reserve space for fragment header.
1300 * Note: this may be overallocation if the message
1301 * (without MSG_MORE) fits into the MTU.
1303 alloclen += sizeof(struct frag_hdr);
1306 skb = sock_alloc_send_skb(sk,
1308 (flags & MSG_DONTWAIT), &err);
1311 if (atomic_read(&sk->sk_wmem_alloc) <=
1313 skb = sock_wmalloc(sk,
1314 alloclen + hh_len, 1,
1316 if (unlikely(skb == NULL))
1322 * Fill in the control structures
1324 skb->ip_summed = csummode;
1326 /* reserve for fragmentation */
1327 skb_reserve(skb, hh_len+sizeof(struct frag_hdr));
1330 * Find where to start putting bytes
1332 data = skb_put(skb, fraglen);
1333 skb_set_network_header(skb, exthdrlen);
1334 data += fragheaderlen;
1335 skb->transport_header = (skb->network_header +
1338 skb->csum = skb_copy_and_csum_bits(
1339 skb_prev, maxfraglen,
1340 data + transhdrlen, fraggap, 0);
1341 skb_prev->csum = csum_sub(skb_prev->csum,
1344 pskb_trim_unique(skb_prev, maxfraglen);
1346 copy = datalen - transhdrlen - fraggap;
1351 } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) {
1358 length -= datalen - fraggap;
1361 csummode = CHECKSUM_NONE;
1364 * Put the packet on the pending queue
1366 __skb_queue_tail(&sk->sk_write_queue, skb);
1373 if (!(rt->u.dst.dev->features&NETIF_F_SG)) {
1377 if (getfrag(from, skb_put(skb, copy),
1378 offset, copy, off, skb) < 0) {
1379 __skb_trim(skb, off);
1384 int i = skb_shinfo(skb)->nr_frags;
1385 skb_frag_t *frag = &skb_shinfo(skb)->frags[i-1];
1386 struct page *page = sk->sk_sndmsg_page;
1387 int off = sk->sk_sndmsg_off;
1390 if (page && (left = PAGE_SIZE - off) > 0) {
1393 if (page != frag->page) {
1394 if (i == MAX_SKB_FRAGS) {
1399 skb_fill_page_desc(skb, i, page, sk->sk_sndmsg_off, 0);
1400 frag = &skb_shinfo(skb)->frags[i];
1402 } else if(i < MAX_SKB_FRAGS) {
1403 if (copy > PAGE_SIZE)
1405 page = alloc_pages(sk->sk_allocation, 0);
1410 sk->sk_sndmsg_page = page;
1411 sk->sk_sndmsg_off = 0;
1413 skb_fill_page_desc(skb, i, page, 0, 0);
1414 frag = &skb_shinfo(skb)->frags[i];
1419 if (getfrag(from, page_address(frag->page)+frag->page_offset+frag->size, offset, copy, skb->len, skb) < 0) {
1423 sk->sk_sndmsg_off += copy;
1426 skb->data_len += copy;
1427 skb->truesize += copy;
1428 atomic_add(copy, &sk->sk_wmem_alloc);
1435 inet->cork.length -= length;
1436 IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1440 static void ip6_cork_release(struct inet_sock *inet, struct ipv6_pinfo *np)
1443 kfree(np->cork.opt->dst0opt);
1444 kfree(np->cork.opt->dst1opt);
1445 kfree(np->cork.opt->hopopt);
1446 kfree(np->cork.opt->srcrt);
1447 kfree(np->cork.opt);
1448 np->cork.opt = NULL;
1451 if (inet->cork.dst) {
1452 dst_release(inet->cork.dst);
1453 inet->cork.dst = NULL;
1454 inet->cork.flags &= ~IPCORK_ALLFRAG;
1456 memset(&inet->cork.fl, 0, sizeof(inet->cork.fl));
1459 int ip6_push_pending_frames(struct sock *sk)
1461 struct sk_buff *skb, *tmp_skb;
1462 struct sk_buff **tail_skb;
1463 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf;
1464 struct inet_sock *inet = inet_sk(sk);
1465 struct ipv6_pinfo *np = inet6_sk(sk);
1466 struct net *net = sock_net(sk);
1467 struct ipv6hdr *hdr;
1468 struct ipv6_txoptions *opt = np->cork.opt;
1469 struct rt6_info *rt = (struct rt6_info *)inet->cork.dst;
1470 struct flowi *fl = &inet->cork.fl;
1471 unsigned char proto = fl->proto;
1474 if ((skb = __skb_dequeue(&sk->sk_write_queue)) == NULL)
1476 tail_skb = &(skb_shinfo(skb)->frag_list);
1478 /* move skb->data to ip header from ext header */
1479 if (skb->data < skb_network_header(skb))
1480 __skb_pull(skb, skb_network_offset(skb));
1481 while ((tmp_skb = __skb_dequeue(&sk->sk_write_queue)) != NULL) {
1482 __skb_pull(tmp_skb, skb_network_header_len(skb));
1483 *tail_skb = tmp_skb;
1484 tail_skb = &(tmp_skb->next);
1485 skb->len += tmp_skb->len;
1486 skb->data_len += tmp_skb->len;
1487 skb->truesize += tmp_skb->truesize;
1488 __sock_put(tmp_skb->sk);
1489 tmp_skb->destructor = NULL;
1493 /* Allow local fragmentation. */
1494 if (np->pmtudisc < IPV6_PMTUDISC_DO)
1497 ipv6_addr_copy(final_dst, &fl->fl6_dst);
1498 __skb_pull(skb, skb_network_header_len(skb));
1499 if (opt && opt->opt_flen)
1500 ipv6_push_frag_opts(skb, opt, &proto);
1501 if (opt && opt->opt_nflen)
1502 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst);
1504 skb_push(skb, sizeof(struct ipv6hdr));
1505 skb_reset_network_header(skb);
1506 hdr = ipv6_hdr(skb);
1508 *(__be32*)hdr = fl->fl6_flowlabel |
1509 htonl(0x60000000 | ((int)np->cork.tclass << 20));
1511 hdr->hop_limit = np->cork.hop_limit;
1512 hdr->nexthdr = proto;
1513 ipv6_addr_copy(&hdr->saddr, &fl->fl6_src);
1514 ipv6_addr_copy(&hdr->daddr, final_dst);
1516 skb->priority = sk->sk_priority;
1517 skb->mark = sk->sk_mark;
1519 skb->dst = dst_clone(&rt->u.dst);
1520 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
1521 if (proto == IPPROTO_ICMPV6) {
1522 struct inet6_dev *idev = ip6_dst_idev(skb->dst);
1524 ICMP6MSGOUT_INC_STATS_BH(net, idev, icmp6_hdr(skb)->icmp6_type);
1525 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTMSGS);
1528 err = ip6_local_out(skb);
1531 err = np->recverr ? net_xmit_errno(err) : 0;
1537 ip6_cork_release(inet, np);
1543 void ip6_flush_pending_frames(struct sock *sk)
1545 struct sk_buff *skb;
1547 while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) {
1549 IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb->dst),
1550 IPSTATS_MIB_OUTDISCARDS);
1554 ip6_cork_release(inet_sk(sk), inet6_sk(sk));