2 * Routines having to do with the 'struct sk_buff' memory handlers.
4 * Authors: Alan Cox <alan@lxorguk.ukuu.org.uk>
5 * Florian La Roche <rzsfl@rz.uni-sb.de>
8 * Alan Cox : Fixed the worst of the load
10 * Dave Platt : Interrupt stacking fix.
11 * Richard Kooijman : Timestamp fixes.
12 * Alan Cox : Changed buffer format.
13 * Alan Cox : destructor hook for AF_UNIX etc.
14 * Linus Torvalds : Better skb_clone.
15 * Alan Cox : Added skb_copy.
16 * Alan Cox : Added all the changed routines Linus
17 * only put in the headers
18 * Ray VanTassle : Fixed --skb->lock in free
19 * Alan Cox : skb_copy copy arp field
20 * Andi Kleen : slabified it.
21 * Robert Olsson : Removed skb_head_pool
24 * The __skb_ routines should be called with interrupts
25 * disabled, or you better be *real* sure that the operation is atomic
26 * with respect to whatever list is being frobbed (e.g. via lock_sock()
27 * or via disabling bottom half handlers, etc).
29 * This program is free software; you can redistribute it and/or
30 * modify it under the terms of the GNU General Public License
31 * as published by the Free Software Foundation; either version
32 * 2 of the License, or (at your option) any later version.
36 * The functions in this file will not compile correctly with gcc 2.4.x
39 #include <linux/module.h>
40 #include <linux/types.h>
41 #include <linux/kernel.h>
43 #include <linux/interrupt.h>
45 #include <linux/inet.h>
46 #include <linux/slab.h>
47 #include <linux/netdevice.h>
48 #ifdef CONFIG_NET_CLS_ACT
49 #include <net/pkt_sched.h>
51 #include <linux/string.h>
52 #include <linux/skbuff.h>
53 #include <linux/splice.h>
54 #include <linux/cache.h>
55 #include <linux/rtnetlink.h>
56 #include <linux/init.h>
57 #include <linux/scatterlist.h>
59 #include <net/protocol.h>
62 #include <net/checksum.h>
65 #include <asm/uaccess.h>
66 #include <asm/system.h>
70 static struct kmem_cache *skbuff_head_cache __read_mostly;
71 static struct kmem_cache *skbuff_fclone_cache __read_mostly;
73 static void sock_pipe_buf_release(struct pipe_inode_info *pipe,
74 struct pipe_buffer *buf)
79 static void sock_pipe_buf_get(struct pipe_inode_info *pipe,
80 struct pipe_buffer *buf)
85 static int sock_pipe_buf_steal(struct pipe_inode_info *pipe,
86 struct pipe_buffer *buf)
92 /* Pipe buffer operations for a socket. */
93 static struct pipe_buf_operations sock_pipe_buf_ops = {
95 .map = generic_pipe_buf_map,
96 .unmap = generic_pipe_buf_unmap,
97 .confirm = generic_pipe_buf_confirm,
98 .release = sock_pipe_buf_release,
99 .steal = sock_pipe_buf_steal,
100 .get = sock_pipe_buf_get,
104 * Keep out-of-line to prevent kernel bloat.
105 * __builtin_return_address is not used because it is not always
110 * skb_over_panic - private function
115 * Out of line support code for skb_put(). Not user callable.
117 void skb_over_panic(struct sk_buff *skb, int sz, void *here)
119 printk(KERN_EMERG "skb_over_panic: text:%p len:%d put:%d head:%p "
120 "data:%p tail:%#lx end:%#lx dev:%s\n",
121 here, skb->len, sz, skb->head, skb->data,
122 (unsigned long)skb->tail, (unsigned long)skb->end,
123 skb->dev ? skb->dev->name : "<NULL>");
126 EXPORT_SYMBOL(skb_over_panic);
129 * skb_under_panic - private function
134 * Out of line support code for skb_push(). Not user callable.
137 void skb_under_panic(struct sk_buff *skb, int sz, void *here)
139 printk(KERN_EMERG "skb_under_panic: text:%p len:%d put:%d head:%p "
140 "data:%p tail:%#lx end:%#lx dev:%s\n",
141 here, skb->len, sz, skb->head, skb->data,
142 (unsigned long)skb->tail, (unsigned long)skb->end,
143 skb->dev ? skb->dev->name : "<NULL>");
146 EXPORT_SYMBOL(skb_under_panic);
148 void skb_truesize_bug(struct sk_buff *skb)
150 WARN(net_ratelimit(), KERN_ERR "SKB BUG: Invalid truesize (%u) "
151 "len=%u, sizeof(sk_buff)=%Zd\n",
152 skb->truesize, skb->len, sizeof(struct sk_buff));
154 EXPORT_SYMBOL(skb_truesize_bug);
156 /* Allocate a new skbuff. We do this ourselves so we can fill in a few
157 * 'private' fields and also do memory statistics to find all the
163 * __alloc_skb - allocate a network buffer
164 * @size: size to allocate
165 * @gfp_mask: allocation mask
166 * @fclone: allocate from fclone cache instead of head cache
167 * and allocate a cloned (child) skb
168 * @node: numa node to allocate memory on
170 * Allocate a new &sk_buff. The returned buffer has no headroom and a
171 * tail room of size bytes. The object has a reference count of one.
172 * The return is the buffer. On a failure the return is %NULL.
174 * Buffers may only be allocated from interrupts using a @gfp_mask of
177 struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask,
178 int fclone, int node)
180 struct kmem_cache *cache;
181 struct skb_shared_info *shinfo;
185 cache = fclone ? skbuff_fclone_cache : skbuff_head_cache;
188 skb = kmem_cache_alloc_node(cache, gfp_mask & ~__GFP_DMA, node);
192 size = SKB_DATA_ALIGN(size);
193 data = kmalloc_node_track_caller(size + sizeof(struct skb_shared_info),
199 * Only clear those fields we need to clear, not those that we will
200 * actually initialise below. Hence, don't put any more fields after
201 * the tail pointer in struct sk_buff!
203 memset(skb, 0, offsetof(struct sk_buff, tail));
204 skb->truesize = size + sizeof(struct sk_buff);
205 atomic_set(&skb->users, 1);
208 skb_reset_tail_pointer(skb);
209 skb->end = skb->tail + size;
210 /* make sure we initialize shinfo sequentially */
211 shinfo = skb_shinfo(skb);
212 atomic_set(&shinfo->dataref, 1);
213 shinfo->nr_frags = 0;
214 shinfo->gso_size = 0;
215 shinfo->gso_segs = 0;
216 shinfo->gso_type = 0;
217 shinfo->ip6_frag_id = 0;
218 shinfo->frag_list = NULL;
221 struct sk_buff *child = skb + 1;
222 atomic_t *fclone_ref = (atomic_t *) (child + 1);
224 skb->fclone = SKB_FCLONE_ORIG;
225 atomic_set(fclone_ref, 1);
227 child->fclone = SKB_FCLONE_UNAVAILABLE;
232 kmem_cache_free(cache, skb);
236 EXPORT_SYMBOL(__alloc_skb);
239 * __netdev_alloc_skb - allocate an skbuff for rx on a specific device
240 * @dev: network device to receive on
241 * @length: length to allocate
242 * @gfp_mask: get_free_pages mask, passed to alloc_skb
244 * Allocate a new &sk_buff and assign it a usage count of one. The
245 * buffer has unspecified headroom built in. Users should allocate
246 * the headroom they think they need without accounting for the
247 * built in space. The built in space is used for optimisations.
249 * %NULL is returned if there is no free memory.
251 struct sk_buff *__netdev_alloc_skb(struct net_device *dev,
252 unsigned int length, gfp_t gfp_mask)
254 int node = dev->dev.parent ? dev_to_node(dev->dev.parent) : -1;
257 skb = __alloc_skb(length + NET_SKB_PAD, gfp_mask, 0, node);
259 skb_reserve(skb, NET_SKB_PAD);
264 EXPORT_SYMBOL(__netdev_alloc_skb);
266 struct page *__netdev_alloc_page(struct net_device *dev, gfp_t gfp_mask)
268 int node = dev->dev.parent ? dev_to_node(dev->dev.parent) : -1;
271 page = alloc_pages_node(node, gfp_mask, 0);
274 EXPORT_SYMBOL(__netdev_alloc_page);
276 void skb_add_rx_frag(struct sk_buff *skb, int i, struct page *page, int off,
279 skb_fill_page_desc(skb, i, page, off, size);
281 skb->data_len += size;
282 skb->truesize += size;
284 EXPORT_SYMBOL(skb_add_rx_frag);
287 * dev_alloc_skb - allocate an skbuff for receiving
288 * @length: length to allocate
290 * Allocate a new &sk_buff and assign it a usage count of one. The
291 * buffer has unspecified headroom built in. Users should allocate
292 * the headroom they think they need without accounting for the
293 * built in space. The built in space is used for optimisations.
295 * %NULL is returned if there is no free memory. Although this function
296 * allocates memory it can be called from an interrupt.
298 struct sk_buff *dev_alloc_skb(unsigned int length)
301 * There is more code here than it seems:
302 * __dev_alloc_skb is an inline
304 return __dev_alloc_skb(length, GFP_ATOMIC);
306 EXPORT_SYMBOL(dev_alloc_skb);
308 static void skb_drop_list(struct sk_buff **listp)
310 struct sk_buff *list = *listp;
315 struct sk_buff *this = list;
321 static inline void skb_drop_fraglist(struct sk_buff *skb)
323 skb_drop_list(&skb_shinfo(skb)->frag_list);
326 static void skb_clone_fraglist(struct sk_buff *skb)
328 struct sk_buff *list;
330 for (list = skb_shinfo(skb)->frag_list; list; list = list->next)
334 static void skb_release_data(struct sk_buff *skb)
337 !atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1,
338 &skb_shinfo(skb)->dataref)) {
339 if (skb_shinfo(skb)->nr_frags) {
341 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
342 put_page(skb_shinfo(skb)->frags[i].page);
345 if (skb_shinfo(skb)->frag_list)
346 skb_drop_fraglist(skb);
353 * Free an skbuff by memory without cleaning the state.
355 static void kfree_skbmem(struct sk_buff *skb)
357 struct sk_buff *other;
358 atomic_t *fclone_ref;
360 switch (skb->fclone) {
361 case SKB_FCLONE_UNAVAILABLE:
362 kmem_cache_free(skbuff_head_cache, skb);
365 case SKB_FCLONE_ORIG:
366 fclone_ref = (atomic_t *) (skb + 2);
367 if (atomic_dec_and_test(fclone_ref))
368 kmem_cache_free(skbuff_fclone_cache, skb);
371 case SKB_FCLONE_CLONE:
372 fclone_ref = (atomic_t *) (skb + 1);
375 /* The clone portion is available for
376 * fast-cloning again.
378 skb->fclone = SKB_FCLONE_UNAVAILABLE;
380 if (atomic_dec_and_test(fclone_ref))
381 kmem_cache_free(skbuff_fclone_cache, other);
386 static void skb_release_head_state(struct sk_buff *skb)
388 dst_release(skb->dst);
390 secpath_put(skb->sp);
392 if (skb->destructor) {
394 skb->destructor(skb);
396 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
397 nf_conntrack_put(skb->nfct);
398 nf_conntrack_put_reasm(skb->nfct_reasm);
400 #ifdef CONFIG_BRIDGE_NETFILTER
401 nf_bridge_put(skb->nf_bridge);
403 /* XXX: IS this still necessary? - JHS */
404 #ifdef CONFIG_NET_SCHED
406 #ifdef CONFIG_NET_CLS_ACT
412 /* Free everything but the sk_buff shell. */
413 static void skb_release_all(struct sk_buff *skb)
415 skb_release_head_state(skb);
416 skb_release_data(skb);
420 * __kfree_skb - private function
423 * Free an sk_buff. Release anything attached to the buffer.
424 * Clean the state. This is an internal helper function. Users should
425 * always call kfree_skb
428 void __kfree_skb(struct sk_buff *skb)
430 skb_release_all(skb);
433 EXPORT_SYMBOL(__kfree_skb);
436 * kfree_skb - free an sk_buff
437 * @skb: buffer to free
439 * Drop a reference to the buffer and free it if the usage count has
442 void kfree_skb(struct sk_buff *skb)
446 if (likely(atomic_read(&skb->users) == 1))
448 else if (likely(!atomic_dec_and_test(&skb->users)))
452 EXPORT_SYMBOL(kfree_skb);
455 * skb_recycle_check - check if skb can be reused for receive
457 * @skb_size: minimum receive buffer size
459 * Checks that the skb passed in is not shared or cloned, and
460 * that it is linear and its head portion at least as large as
461 * skb_size so that it can be recycled as a receive buffer.
462 * If these conditions are met, this function does any necessary
463 * reference count dropping and cleans up the skbuff as if it
464 * just came from __alloc_skb().
466 int skb_recycle_check(struct sk_buff *skb, int skb_size)
468 struct skb_shared_info *shinfo;
470 if (skb_is_nonlinear(skb) || skb->fclone != SKB_FCLONE_UNAVAILABLE)
473 skb_size = SKB_DATA_ALIGN(skb_size + NET_SKB_PAD);
474 if (skb_end_pointer(skb) - skb->head < skb_size)
477 if (skb_shared(skb) || skb_cloned(skb))
480 skb_release_head_state(skb);
481 shinfo = skb_shinfo(skb);
482 atomic_set(&shinfo->dataref, 1);
483 shinfo->nr_frags = 0;
484 shinfo->gso_size = 0;
485 shinfo->gso_segs = 0;
486 shinfo->gso_type = 0;
487 shinfo->ip6_frag_id = 0;
488 shinfo->frag_list = NULL;
490 memset(skb, 0, offsetof(struct sk_buff, tail));
491 skb->data = skb->head + NET_SKB_PAD;
492 skb_reset_tail_pointer(skb);
496 EXPORT_SYMBOL(skb_recycle_check);
498 static void __copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
500 new->tstamp = old->tstamp;
502 new->transport_header = old->transport_header;
503 new->network_header = old->network_header;
504 new->mac_header = old->mac_header;
505 new->dst = dst_clone(old->dst);
507 new->sp = secpath_get(old->sp);
509 memcpy(new->cb, old->cb, sizeof(old->cb));
510 new->csum_start = old->csum_start;
511 new->csum_offset = old->csum_offset;
512 new->local_df = old->local_df;
513 new->pkt_type = old->pkt_type;
514 new->ip_summed = old->ip_summed;
515 skb_copy_queue_mapping(new, old);
516 new->priority = old->priority;
517 #if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE)
518 new->ipvs_property = old->ipvs_property;
520 new->protocol = old->protocol;
521 new->mark = old->mark;
523 #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
524 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
525 new->nf_trace = old->nf_trace;
527 #ifdef CONFIG_NET_SCHED
528 new->tc_index = old->tc_index;
529 #ifdef CONFIG_NET_CLS_ACT
530 new->tc_verd = old->tc_verd;
533 new->vlan_tci = old->vlan_tci;
535 skb_copy_secmark(new, old);
538 static struct sk_buff *__skb_clone(struct sk_buff *n, struct sk_buff *skb)
540 #define C(x) n->x = skb->x
542 n->next = n->prev = NULL;
544 __copy_skb_header(n, skb);
549 n->hdr_len = skb->nohdr ? skb_headroom(skb) : skb->hdr_len;
552 n->destructor = NULL;
559 #if defined(CONFIG_MAC80211) || defined(CONFIG_MAC80211_MODULE)
563 atomic_set(&n->users, 1);
565 atomic_inc(&(skb_shinfo(skb)->dataref));
573 * skb_morph - morph one skb into another
574 * @dst: the skb to receive the contents
575 * @src: the skb to supply the contents
577 * This is identical to skb_clone except that the target skb is
578 * supplied by the user.
580 * The target skb is returned upon exit.
582 struct sk_buff *skb_morph(struct sk_buff *dst, struct sk_buff *src)
584 skb_release_all(dst);
585 return __skb_clone(dst, src);
587 EXPORT_SYMBOL_GPL(skb_morph);
590 * skb_clone - duplicate an sk_buff
591 * @skb: buffer to clone
592 * @gfp_mask: allocation priority
594 * Duplicate an &sk_buff. The new one is not owned by a socket. Both
595 * copies share the same packet data but not structure. The new
596 * buffer has a reference count of 1. If the allocation fails the
597 * function returns %NULL otherwise the new buffer is returned.
599 * If this function is called from an interrupt gfp_mask() must be
603 struct sk_buff *skb_clone(struct sk_buff *skb, gfp_t gfp_mask)
608 if (skb->fclone == SKB_FCLONE_ORIG &&
609 n->fclone == SKB_FCLONE_UNAVAILABLE) {
610 atomic_t *fclone_ref = (atomic_t *) (n + 1);
611 n->fclone = SKB_FCLONE_CLONE;
612 atomic_inc(fclone_ref);
614 n = kmem_cache_alloc(skbuff_head_cache, gfp_mask);
617 n->fclone = SKB_FCLONE_UNAVAILABLE;
620 return __skb_clone(n, skb);
622 EXPORT_SYMBOL(skb_clone);
624 static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
626 #ifndef NET_SKBUFF_DATA_USES_OFFSET
628 * Shift between the two data areas in bytes
630 unsigned long offset = new->data - old->data;
633 __copy_skb_header(new, old);
635 #ifndef NET_SKBUFF_DATA_USES_OFFSET
636 /* {transport,network,mac}_header are relative to skb->head */
637 new->transport_header += offset;
638 new->network_header += offset;
639 new->mac_header += offset;
641 skb_shinfo(new)->gso_size = skb_shinfo(old)->gso_size;
642 skb_shinfo(new)->gso_segs = skb_shinfo(old)->gso_segs;
643 skb_shinfo(new)->gso_type = skb_shinfo(old)->gso_type;
647 * skb_copy - create private copy of an sk_buff
648 * @skb: buffer to copy
649 * @gfp_mask: allocation priority
651 * Make a copy of both an &sk_buff and its data. This is used when the
652 * caller wishes to modify the data and needs a private copy of the
653 * data to alter. Returns %NULL on failure or the pointer to the buffer
654 * on success. The returned buffer has a reference count of 1.
656 * As by-product this function converts non-linear &sk_buff to linear
657 * one, so that &sk_buff becomes completely private and caller is allowed
658 * to modify all the data of returned buffer. This means that this
659 * function is not recommended for use in circumstances when only
660 * header is going to be modified. Use pskb_copy() instead.
663 struct sk_buff *skb_copy(const struct sk_buff *skb, gfp_t gfp_mask)
665 int headerlen = skb->data - skb->head;
667 * Allocate the copy buffer
670 #ifdef NET_SKBUFF_DATA_USES_OFFSET
671 n = alloc_skb(skb->end + skb->data_len, gfp_mask);
673 n = alloc_skb(skb->end - skb->head + skb->data_len, gfp_mask);
678 /* Set the data pointer */
679 skb_reserve(n, headerlen);
680 /* Set the tail pointer and length */
681 skb_put(n, skb->len);
683 if (skb_copy_bits(skb, -headerlen, n->head, headerlen + skb->len))
686 copy_skb_header(n, skb);
689 EXPORT_SYMBOL(skb_copy);
692 * pskb_copy - create copy of an sk_buff with private head.
693 * @skb: buffer to copy
694 * @gfp_mask: allocation priority
696 * Make a copy of both an &sk_buff and part of its data, located
697 * in header. Fragmented data remain shared. This is used when
698 * the caller wishes to modify only header of &sk_buff and needs
699 * private copy of the header to alter. Returns %NULL on failure
700 * or the pointer to the buffer on success.
701 * The returned buffer has a reference count of 1.
704 struct sk_buff *pskb_copy(struct sk_buff *skb, gfp_t gfp_mask)
707 * Allocate the copy buffer
710 #ifdef NET_SKBUFF_DATA_USES_OFFSET
711 n = alloc_skb(skb->end, gfp_mask);
713 n = alloc_skb(skb->end - skb->head, gfp_mask);
718 /* Set the data pointer */
719 skb_reserve(n, skb->data - skb->head);
720 /* Set the tail pointer and length */
721 skb_put(n, skb_headlen(skb));
723 skb_copy_from_linear_data(skb, n->data, n->len);
725 n->truesize += skb->data_len;
726 n->data_len = skb->data_len;
729 if (skb_shinfo(skb)->nr_frags) {
732 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
733 skb_shinfo(n)->frags[i] = skb_shinfo(skb)->frags[i];
734 get_page(skb_shinfo(n)->frags[i].page);
736 skb_shinfo(n)->nr_frags = i;
739 if (skb_shinfo(skb)->frag_list) {
740 skb_shinfo(n)->frag_list = skb_shinfo(skb)->frag_list;
741 skb_clone_fraglist(n);
744 copy_skb_header(n, skb);
748 EXPORT_SYMBOL(pskb_copy);
751 * pskb_expand_head - reallocate header of &sk_buff
752 * @skb: buffer to reallocate
753 * @nhead: room to add at head
754 * @ntail: room to add at tail
755 * @gfp_mask: allocation priority
757 * Expands (or creates identical copy, if &nhead and &ntail are zero)
758 * header of skb. &sk_buff itself is not changed. &sk_buff MUST have
759 * reference count of 1. Returns zero in the case of success or error,
760 * if expansion failed. In the last case, &sk_buff is not changed.
762 * All the pointers pointing into skb header may change and must be
763 * reloaded after call to this function.
766 int pskb_expand_head(struct sk_buff *skb, int nhead, int ntail,
771 #ifdef NET_SKBUFF_DATA_USES_OFFSET
772 int size = nhead + skb->end + ntail;
774 int size = nhead + (skb->end - skb->head) + ntail;
783 size = SKB_DATA_ALIGN(size);
785 data = kmalloc(size + sizeof(struct skb_shared_info), gfp_mask);
789 /* Copy only real data... and, alas, header. This should be
790 * optimized for the cases when header is void. */
791 #ifdef NET_SKBUFF_DATA_USES_OFFSET
792 memcpy(data + nhead, skb->head, skb->tail);
794 memcpy(data + nhead, skb->head, skb->tail - skb->head);
796 memcpy(data + size, skb_end_pointer(skb),
797 sizeof(struct skb_shared_info));
799 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
800 get_page(skb_shinfo(skb)->frags[i].page);
802 if (skb_shinfo(skb)->frag_list)
803 skb_clone_fraglist(skb);
805 skb_release_data(skb);
807 off = (data + nhead) - skb->head;
811 #ifdef NET_SKBUFF_DATA_USES_OFFSET
815 skb->end = skb->head + size;
817 /* {transport,network,mac}_header and tail are relative to skb->head */
819 skb->transport_header += off;
820 skb->network_header += off;
821 skb->mac_header += off;
822 skb->csum_start += nhead;
826 atomic_set(&skb_shinfo(skb)->dataref, 1);
832 EXPORT_SYMBOL(pskb_expand_head);
834 /* Make private copy of skb with writable head and some headroom */
836 struct sk_buff *skb_realloc_headroom(struct sk_buff *skb, unsigned int headroom)
838 struct sk_buff *skb2;
839 int delta = headroom - skb_headroom(skb);
842 skb2 = pskb_copy(skb, GFP_ATOMIC);
844 skb2 = skb_clone(skb, GFP_ATOMIC);
845 if (skb2 && pskb_expand_head(skb2, SKB_DATA_ALIGN(delta), 0,
853 EXPORT_SYMBOL(skb_realloc_headroom);
856 * skb_copy_expand - copy and expand sk_buff
857 * @skb: buffer to copy
858 * @newheadroom: new free bytes at head
859 * @newtailroom: new free bytes at tail
860 * @gfp_mask: allocation priority
862 * Make a copy of both an &sk_buff and its data and while doing so
863 * allocate additional space.
865 * This is used when the caller wishes to modify the data and needs a
866 * private copy of the data to alter as well as more space for new fields.
867 * Returns %NULL on failure or the pointer to the buffer
868 * on success. The returned buffer has a reference count of 1.
870 * You must pass %GFP_ATOMIC as the allocation priority if this function
871 * is called from an interrupt.
873 struct sk_buff *skb_copy_expand(const struct sk_buff *skb,
874 int newheadroom, int newtailroom,
878 * Allocate the copy buffer
880 struct sk_buff *n = alloc_skb(newheadroom + skb->len + newtailroom,
882 int oldheadroom = skb_headroom(skb);
883 int head_copy_len, head_copy_off;
889 skb_reserve(n, newheadroom);
891 /* Set the tail pointer and length */
892 skb_put(n, skb->len);
894 head_copy_len = oldheadroom;
896 if (newheadroom <= head_copy_len)
897 head_copy_len = newheadroom;
899 head_copy_off = newheadroom - head_copy_len;
901 /* Copy the linear header and data. */
902 if (skb_copy_bits(skb, -head_copy_len, n->head + head_copy_off,
903 skb->len + head_copy_len))
906 copy_skb_header(n, skb);
908 off = newheadroom - oldheadroom;
909 n->csum_start += off;
910 #ifdef NET_SKBUFF_DATA_USES_OFFSET
911 n->transport_header += off;
912 n->network_header += off;
913 n->mac_header += off;
918 EXPORT_SYMBOL(skb_copy_expand);
921 * skb_pad - zero pad the tail of an skb
922 * @skb: buffer to pad
925 * Ensure that a buffer is followed by a padding area that is zero
926 * filled. Used by network drivers which may DMA or transfer data
927 * beyond the buffer end onto the wire.
929 * May return error in out of memory cases. The skb is freed on error.
932 int skb_pad(struct sk_buff *skb, int pad)
937 /* If the skbuff is non linear tailroom is always zero.. */
938 if (!skb_cloned(skb) && skb_tailroom(skb) >= pad) {
939 memset(skb->data+skb->len, 0, pad);
943 ntail = skb->data_len + pad - (skb->end - skb->tail);
944 if (likely(skb_cloned(skb) || ntail > 0)) {
945 err = pskb_expand_head(skb, 0, ntail, GFP_ATOMIC);
950 /* FIXME: The use of this function with non-linear skb's really needs
953 err = skb_linearize(skb);
957 memset(skb->data + skb->len, 0, pad);
964 EXPORT_SYMBOL(skb_pad);
967 * skb_put - add data to a buffer
968 * @skb: buffer to use
969 * @len: amount of data to add
971 * This function extends the used data area of the buffer. If this would
972 * exceed the total buffer size the kernel will panic. A pointer to the
973 * first byte of the extra data is returned.
975 unsigned char *skb_put(struct sk_buff *skb, unsigned int len)
977 unsigned char *tmp = skb_tail_pointer(skb);
978 SKB_LINEAR_ASSERT(skb);
981 if (unlikely(skb->tail > skb->end))
982 skb_over_panic(skb, len, __builtin_return_address(0));
985 EXPORT_SYMBOL(skb_put);
988 * skb_push - add data to the start of a buffer
989 * @skb: buffer to use
990 * @len: amount of data to add
992 * This function extends the used data area of the buffer at the buffer
993 * start. If this would exceed the total buffer headroom the kernel will
994 * panic. A pointer to the first byte of the extra data is returned.
996 unsigned char *skb_push(struct sk_buff *skb, unsigned int len)
1000 if (unlikely(skb->data<skb->head))
1001 skb_under_panic(skb, len, __builtin_return_address(0));
1004 EXPORT_SYMBOL(skb_push);
1007 * skb_pull - remove data from the start of a buffer
1008 * @skb: buffer to use
1009 * @len: amount of data to remove
1011 * This function removes data from the start of a buffer, returning
1012 * the memory to the headroom. A pointer to the next data in the buffer
1013 * is returned. Once the data has been pulled future pushes will overwrite
1016 unsigned char *skb_pull(struct sk_buff *skb, unsigned int len)
1018 return unlikely(len > skb->len) ? NULL : __skb_pull(skb, len);
1020 EXPORT_SYMBOL(skb_pull);
1023 * skb_trim - remove end from a buffer
1024 * @skb: buffer to alter
1027 * Cut the length of a buffer down by removing data from the tail. If
1028 * the buffer is already under the length specified it is not modified.
1029 * The skb must be linear.
1031 void skb_trim(struct sk_buff *skb, unsigned int len)
1034 __skb_trim(skb, len);
1036 EXPORT_SYMBOL(skb_trim);
1038 /* Trims skb to length len. It can change skb pointers.
1041 int ___pskb_trim(struct sk_buff *skb, unsigned int len)
1043 struct sk_buff **fragp;
1044 struct sk_buff *frag;
1045 int offset = skb_headlen(skb);
1046 int nfrags = skb_shinfo(skb)->nr_frags;
1050 if (skb_cloned(skb) &&
1051 unlikely((err = pskb_expand_head(skb, 0, 0, GFP_ATOMIC))))
1058 for (; i < nfrags; i++) {
1059 int end = offset + skb_shinfo(skb)->frags[i].size;
1066 skb_shinfo(skb)->frags[i++].size = len - offset;
1069 skb_shinfo(skb)->nr_frags = i;
1071 for (; i < nfrags; i++)
1072 put_page(skb_shinfo(skb)->frags[i].page);
1074 if (skb_shinfo(skb)->frag_list)
1075 skb_drop_fraglist(skb);
1079 for (fragp = &skb_shinfo(skb)->frag_list; (frag = *fragp);
1080 fragp = &frag->next) {
1081 int end = offset + frag->len;
1083 if (skb_shared(frag)) {
1084 struct sk_buff *nfrag;
1086 nfrag = skb_clone(frag, GFP_ATOMIC);
1087 if (unlikely(!nfrag))
1090 nfrag->next = frag->next;
1102 unlikely((err = pskb_trim(frag, len - offset))))
1106 skb_drop_list(&frag->next);
1111 if (len > skb_headlen(skb)) {
1112 skb->data_len -= skb->len - len;
1117 skb_set_tail_pointer(skb, len);
1122 EXPORT_SYMBOL(___pskb_trim);
1125 * __pskb_pull_tail - advance tail of skb header
1126 * @skb: buffer to reallocate
1127 * @delta: number of bytes to advance tail
1129 * The function makes a sense only on a fragmented &sk_buff,
1130 * it expands header moving its tail forward and copying necessary
1131 * data from fragmented part.
1133 * &sk_buff MUST have reference count of 1.
1135 * Returns %NULL (and &sk_buff does not change) if pull failed
1136 * or value of new tail of skb in the case of success.
1138 * All the pointers pointing into skb header may change and must be
1139 * reloaded after call to this function.
1142 /* Moves tail of skb head forward, copying data from fragmented part,
1143 * when it is necessary.
1144 * 1. It may fail due to malloc failure.
1145 * 2. It may change skb pointers.
1147 * It is pretty complicated. Luckily, it is called only in exceptional cases.
1149 unsigned char *__pskb_pull_tail(struct sk_buff *skb, int delta)
1151 /* If skb has not enough free space at tail, get new one
1152 * plus 128 bytes for future expansions. If we have enough
1153 * room at tail, reallocate without expansion only if skb is cloned.
1155 int i, k, eat = (skb->tail + delta) - skb->end;
1157 if (eat > 0 || skb_cloned(skb)) {
1158 if (pskb_expand_head(skb, 0, eat > 0 ? eat + 128 : 0,
1163 if (skb_copy_bits(skb, skb_headlen(skb), skb_tail_pointer(skb), delta))
1166 /* Optimization: no fragments, no reasons to preestimate
1167 * size of pulled pages. Superb.
1169 if (!skb_shinfo(skb)->frag_list)
1172 /* Estimate size of pulled pages. */
1174 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1175 if (skb_shinfo(skb)->frags[i].size >= eat)
1177 eat -= skb_shinfo(skb)->frags[i].size;
1180 /* If we need update frag list, we are in troubles.
1181 * Certainly, it possible to add an offset to skb data,
1182 * but taking into account that pulling is expected to
1183 * be very rare operation, it is worth to fight against
1184 * further bloating skb head and crucify ourselves here instead.
1185 * Pure masohism, indeed. 8)8)
1188 struct sk_buff *list = skb_shinfo(skb)->frag_list;
1189 struct sk_buff *clone = NULL;
1190 struct sk_buff *insp = NULL;
1195 if (list->len <= eat) {
1196 /* Eaten as whole. */
1201 /* Eaten partially. */
1203 if (skb_shared(list)) {
1204 /* Sucks! We need to fork list. :-( */
1205 clone = skb_clone(list, GFP_ATOMIC);
1211 /* This may be pulled without
1215 if (!pskb_pull(list, eat)) {
1224 /* Free pulled out fragments. */
1225 while ((list = skb_shinfo(skb)->frag_list) != insp) {
1226 skb_shinfo(skb)->frag_list = list->next;
1229 /* And insert new clone at head. */
1232 skb_shinfo(skb)->frag_list = clone;
1235 /* Success! Now we may commit changes to skb data. */
1240 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1241 if (skb_shinfo(skb)->frags[i].size <= eat) {
1242 put_page(skb_shinfo(skb)->frags[i].page);
1243 eat -= skb_shinfo(skb)->frags[i].size;
1245 skb_shinfo(skb)->frags[k] = skb_shinfo(skb)->frags[i];
1247 skb_shinfo(skb)->frags[k].page_offset += eat;
1248 skb_shinfo(skb)->frags[k].size -= eat;
1254 skb_shinfo(skb)->nr_frags = k;
1257 skb->data_len -= delta;
1259 return skb_tail_pointer(skb);
1261 EXPORT_SYMBOL(__pskb_pull_tail);
1263 /* Copy some data bits from skb to kernel buffer. */
1265 int skb_copy_bits(const struct sk_buff *skb, int offset, void *to, int len)
1268 int start = skb_headlen(skb);
1270 if (offset > (int)skb->len - len)
1274 if ((copy = start - offset) > 0) {
1277 skb_copy_from_linear_data_offset(skb, offset, to, copy);
1278 if ((len -= copy) == 0)
1284 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1287 WARN_ON(start > offset + len);
1289 end = start + skb_shinfo(skb)->frags[i].size;
1290 if ((copy = end - offset) > 0) {
1296 vaddr = kmap_skb_frag(&skb_shinfo(skb)->frags[i]);
1298 vaddr + skb_shinfo(skb)->frags[i].page_offset+
1299 offset - start, copy);
1300 kunmap_skb_frag(vaddr);
1302 if ((len -= copy) == 0)
1310 if (skb_shinfo(skb)->frag_list) {
1311 struct sk_buff *list = skb_shinfo(skb)->frag_list;
1313 for (; list; list = list->next) {
1316 WARN_ON(start > offset + len);
1318 end = start + list->len;
1319 if ((copy = end - offset) > 0) {
1322 if (skb_copy_bits(list, offset - start,
1325 if ((len -= copy) == 0)
1339 EXPORT_SYMBOL(skb_copy_bits);
1342 * Callback from splice_to_pipe(), if we need to release some pages
1343 * at the end of the spd in case we error'ed out in filling the pipe.
1345 static void sock_spd_release(struct splice_pipe_desc *spd, unsigned int i)
1347 put_page(spd->pages[i]);
1350 static inline struct page *linear_to_page(struct page *page, unsigned int *len,
1351 unsigned int *offset,
1352 struct sk_buff *skb)
1354 struct sock *sk = skb->sk;
1355 struct page *p = sk->sk_sndmsg_page;
1360 p = sk->sk_sndmsg_page = alloc_pages(sk->sk_allocation, 0);
1364 off = sk->sk_sndmsg_off = 0;
1365 /* hold one ref to this page until it's full */
1369 off = sk->sk_sndmsg_off;
1370 mlen = PAGE_SIZE - off;
1371 if (mlen < 64 && mlen < *len) {
1376 *len = min_t(unsigned int, *len, mlen);
1379 memcpy(page_address(p) + off, page_address(page) + *offset, *len);
1380 sk->sk_sndmsg_off += *len;
1388 * Fill page/offset/length into spd, if it can hold more pages.
1390 static inline int spd_fill_page(struct splice_pipe_desc *spd, struct page *page,
1391 unsigned int *len, unsigned int offset,
1392 struct sk_buff *skb, int linear)
1394 if (unlikely(spd->nr_pages == PIPE_BUFFERS))
1398 page = linear_to_page(page, len, &offset, skb);
1404 spd->pages[spd->nr_pages] = page;
1405 spd->partial[spd->nr_pages].len = *len;
1406 spd->partial[spd->nr_pages].offset = offset;
1412 static inline void __segment_seek(struct page **page, unsigned int *poff,
1413 unsigned int *plen, unsigned int off)
1418 n = *poff / PAGE_SIZE;
1420 *page = nth_page(*page, n);
1422 *poff = *poff % PAGE_SIZE;
1426 static inline int __splice_segment(struct page *page, unsigned int poff,
1427 unsigned int plen, unsigned int *off,
1428 unsigned int *len, struct sk_buff *skb,
1429 struct splice_pipe_desc *spd, int linear)
1434 /* skip this segment if already processed */
1440 /* ignore any bits we already processed */
1442 __segment_seek(&page, &poff, &plen, *off);
1447 unsigned int flen = min(*len, plen);
1449 /* the linear region may spread across several pages */
1450 flen = min_t(unsigned int, flen, PAGE_SIZE - poff);
1452 if (spd_fill_page(spd, page, &flen, poff, skb, linear))
1455 __segment_seek(&page, &poff, &plen, flen);
1458 } while (*len && plen);
1464 * Map linear and fragment data from the skb to spd. It reports failure if the
1465 * pipe is full or if we already spliced the requested length.
1467 static int __skb_splice_bits(struct sk_buff *skb, unsigned int *offset,
1469 struct splice_pipe_desc *spd)
1474 * map the linear part
1476 if (__splice_segment(virt_to_page(skb->data),
1477 (unsigned long) skb->data & (PAGE_SIZE - 1),
1479 offset, len, skb, spd, 1))
1483 * then map the fragments
1485 for (seg = 0; seg < skb_shinfo(skb)->nr_frags; seg++) {
1486 const skb_frag_t *f = &skb_shinfo(skb)->frags[seg];
1488 if (__splice_segment(f->page, f->page_offset, f->size,
1489 offset, len, skb, spd, 0))
1497 * Map data from the skb to a pipe. Should handle both the linear part,
1498 * the fragments, and the frag list. It does NOT handle frag lists within
1499 * the frag list, if such a thing exists. We'd probably need to recurse to
1500 * handle that cleanly.
1502 int skb_splice_bits(struct sk_buff *skb, unsigned int offset,
1503 struct pipe_inode_info *pipe, unsigned int tlen,
1506 struct partial_page partial[PIPE_BUFFERS];
1507 struct page *pages[PIPE_BUFFERS];
1508 struct splice_pipe_desc spd = {
1512 .ops = &sock_pipe_buf_ops,
1513 .spd_release = sock_spd_release,
1517 * __skb_splice_bits() only fails if the output has no room left,
1518 * so no point in going over the frag_list for the error case.
1520 if (__skb_splice_bits(skb, &offset, &tlen, &spd))
1526 * now see if we have a frag_list to map
1528 if (skb_shinfo(skb)->frag_list) {
1529 struct sk_buff *list = skb_shinfo(skb)->frag_list;
1531 for (; list && tlen; list = list->next) {
1532 if (__skb_splice_bits(list, &offset, &tlen, &spd))
1539 struct sock *sk = skb->sk;
1543 * Drop the socket lock, otherwise we have reverse
1544 * locking dependencies between sk_lock and i_mutex
1545 * here as compared to sendfile(). We enter here
1546 * with the socket lock held, and splice_to_pipe() will
1547 * grab the pipe inode lock. For sendfile() emulation,
1548 * we call into ->sendpage() with the i_mutex lock held
1549 * and networking will grab the socket lock.
1552 ret = splice_to_pipe(pipe, &spd);
1561 * skb_store_bits - store bits from kernel buffer to skb
1562 * @skb: destination buffer
1563 * @offset: offset in destination
1564 * @from: source buffer
1565 * @len: number of bytes to copy
1567 * Copy the specified number of bytes from the source buffer to the
1568 * destination skb. This function handles all the messy bits of
1569 * traversing fragment lists and such.
1572 int skb_store_bits(struct sk_buff *skb, int offset, const void *from, int len)
1575 int start = skb_headlen(skb);
1577 if (offset > (int)skb->len - len)
1580 if ((copy = start - offset) > 0) {
1583 skb_copy_to_linear_data_offset(skb, offset, from, copy);
1584 if ((len -= copy) == 0)
1590 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1591 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
1594 WARN_ON(start > offset + len);
1596 end = start + frag->size;
1597 if ((copy = end - offset) > 0) {
1603 vaddr = kmap_skb_frag(frag);
1604 memcpy(vaddr + frag->page_offset + offset - start,
1606 kunmap_skb_frag(vaddr);
1608 if ((len -= copy) == 0)
1616 if (skb_shinfo(skb)->frag_list) {
1617 struct sk_buff *list = skb_shinfo(skb)->frag_list;
1619 for (; list; list = list->next) {
1622 WARN_ON(start > offset + len);
1624 end = start + list->len;
1625 if ((copy = end - offset) > 0) {
1628 if (skb_store_bits(list, offset - start,
1631 if ((len -= copy) == 0)
1645 EXPORT_SYMBOL(skb_store_bits);
1647 /* Checksum skb data. */
1649 __wsum skb_checksum(const struct sk_buff *skb, int offset,
1650 int len, __wsum csum)
1652 int start = skb_headlen(skb);
1653 int i, copy = start - offset;
1656 /* Checksum header. */
1660 csum = csum_partial(skb->data + offset, copy, csum);
1661 if ((len -= copy) == 0)
1667 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1670 WARN_ON(start > offset + len);
1672 end = start + skb_shinfo(skb)->frags[i].size;
1673 if ((copy = end - offset) > 0) {
1676 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
1680 vaddr = kmap_skb_frag(frag);
1681 csum2 = csum_partial(vaddr + frag->page_offset +
1682 offset - start, copy, 0);
1683 kunmap_skb_frag(vaddr);
1684 csum = csum_block_add(csum, csum2, pos);
1693 if (skb_shinfo(skb)->frag_list) {
1694 struct sk_buff *list = skb_shinfo(skb)->frag_list;
1696 for (; list; list = list->next) {
1699 WARN_ON(start > offset + len);
1701 end = start + list->len;
1702 if ((copy = end - offset) > 0) {
1706 csum2 = skb_checksum(list, offset - start,
1708 csum = csum_block_add(csum, csum2, pos);
1709 if ((len -= copy) == 0)
1721 EXPORT_SYMBOL(skb_checksum);
1723 /* Both of above in one bottle. */
1725 __wsum skb_copy_and_csum_bits(const struct sk_buff *skb, int offset,
1726 u8 *to, int len, __wsum csum)
1728 int start = skb_headlen(skb);
1729 int i, copy = start - offset;
1736 csum = csum_partial_copy_nocheck(skb->data + offset, to,
1738 if ((len -= copy) == 0)
1745 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1748 WARN_ON(start > offset + len);
1750 end = start + skb_shinfo(skb)->frags[i].size;
1751 if ((copy = end - offset) > 0) {
1754 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
1758 vaddr = kmap_skb_frag(frag);
1759 csum2 = csum_partial_copy_nocheck(vaddr +
1763 kunmap_skb_frag(vaddr);
1764 csum = csum_block_add(csum, csum2, pos);
1774 if (skb_shinfo(skb)->frag_list) {
1775 struct sk_buff *list = skb_shinfo(skb)->frag_list;
1777 for (; list; list = list->next) {
1781 WARN_ON(start > offset + len);
1783 end = start + list->len;
1784 if ((copy = end - offset) > 0) {
1787 csum2 = skb_copy_and_csum_bits(list,
1790 csum = csum_block_add(csum, csum2, pos);
1791 if ((len -= copy) == 0)
1803 EXPORT_SYMBOL(skb_copy_and_csum_bits);
1805 void skb_copy_and_csum_dev(const struct sk_buff *skb, u8 *to)
1810 if (skb->ip_summed == CHECKSUM_PARTIAL)
1811 csstart = skb->csum_start - skb_headroom(skb);
1813 csstart = skb_headlen(skb);
1815 BUG_ON(csstart > skb_headlen(skb));
1817 skb_copy_from_linear_data(skb, to, csstart);
1820 if (csstart != skb->len)
1821 csum = skb_copy_and_csum_bits(skb, csstart, to + csstart,
1822 skb->len - csstart, 0);
1824 if (skb->ip_summed == CHECKSUM_PARTIAL) {
1825 long csstuff = csstart + skb->csum_offset;
1827 *((__sum16 *)(to + csstuff)) = csum_fold(csum);
1830 EXPORT_SYMBOL(skb_copy_and_csum_dev);
1833 * skb_dequeue - remove from the head of the queue
1834 * @list: list to dequeue from
1836 * Remove the head of the list. The list lock is taken so the function
1837 * may be used safely with other locking list functions. The head item is
1838 * returned or %NULL if the list is empty.
1841 struct sk_buff *skb_dequeue(struct sk_buff_head *list)
1843 unsigned long flags;
1844 struct sk_buff *result;
1846 spin_lock_irqsave(&list->lock, flags);
1847 result = __skb_dequeue(list);
1848 spin_unlock_irqrestore(&list->lock, flags);
1851 EXPORT_SYMBOL(skb_dequeue);
1854 * skb_dequeue_tail - remove from the tail of the queue
1855 * @list: list to dequeue from
1857 * Remove the tail of the list. The list lock is taken so the function
1858 * may be used safely with other locking list functions. The tail item is
1859 * returned or %NULL if the list is empty.
1861 struct sk_buff *skb_dequeue_tail(struct sk_buff_head *list)
1863 unsigned long flags;
1864 struct sk_buff *result;
1866 spin_lock_irqsave(&list->lock, flags);
1867 result = __skb_dequeue_tail(list);
1868 spin_unlock_irqrestore(&list->lock, flags);
1871 EXPORT_SYMBOL(skb_dequeue_tail);
1874 * skb_queue_purge - empty a list
1875 * @list: list to empty
1877 * Delete all buffers on an &sk_buff list. Each buffer is removed from
1878 * the list and one reference dropped. This function takes the list
1879 * lock and is atomic with respect to other list locking functions.
1881 void skb_queue_purge(struct sk_buff_head *list)
1883 struct sk_buff *skb;
1884 while ((skb = skb_dequeue(list)) != NULL)
1887 EXPORT_SYMBOL(skb_queue_purge);
1890 * skb_queue_head - queue a buffer at the list head
1891 * @list: list to use
1892 * @newsk: buffer to queue
1894 * Queue a buffer at the start of the list. This function takes the
1895 * list lock and can be used safely with other locking &sk_buff functions
1898 * A buffer cannot be placed on two lists at the same time.
1900 void skb_queue_head(struct sk_buff_head *list, struct sk_buff *newsk)
1902 unsigned long flags;
1904 spin_lock_irqsave(&list->lock, flags);
1905 __skb_queue_head(list, newsk);
1906 spin_unlock_irqrestore(&list->lock, flags);
1908 EXPORT_SYMBOL(skb_queue_head);
1911 * skb_queue_tail - queue a buffer at the list tail
1912 * @list: list to use
1913 * @newsk: buffer to queue
1915 * Queue a buffer at the tail of the list. This function takes the
1916 * list lock and can be used safely with other locking &sk_buff functions
1919 * A buffer cannot be placed on two lists at the same time.
1921 void skb_queue_tail(struct sk_buff_head *list, struct sk_buff *newsk)
1923 unsigned long flags;
1925 spin_lock_irqsave(&list->lock, flags);
1926 __skb_queue_tail(list, newsk);
1927 spin_unlock_irqrestore(&list->lock, flags);
1929 EXPORT_SYMBOL(skb_queue_tail);
1932 * skb_unlink - remove a buffer from a list
1933 * @skb: buffer to remove
1934 * @list: list to use
1936 * Remove a packet from a list. The list locks are taken and this
1937 * function is atomic with respect to other list locked calls
1939 * You must know what list the SKB is on.
1941 void skb_unlink(struct sk_buff *skb, struct sk_buff_head *list)
1943 unsigned long flags;
1945 spin_lock_irqsave(&list->lock, flags);
1946 __skb_unlink(skb, list);
1947 spin_unlock_irqrestore(&list->lock, flags);
1949 EXPORT_SYMBOL(skb_unlink);
1952 * skb_append - append a buffer
1953 * @old: buffer to insert after
1954 * @newsk: buffer to insert
1955 * @list: list to use
1957 * Place a packet after a given packet in a list. The list locks are taken
1958 * and this function is atomic with respect to other list locked calls.
1959 * A buffer cannot be placed on two lists at the same time.
1961 void skb_append(struct sk_buff *old, struct sk_buff *newsk, struct sk_buff_head *list)
1963 unsigned long flags;
1965 spin_lock_irqsave(&list->lock, flags);
1966 __skb_queue_after(list, old, newsk);
1967 spin_unlock_irqrestore(&list->lock, flags);
1969 EXPORT_SYMBOL(skb_append);
1972 * skb_insert - insert a buffer
1973 * @old: buffer to insert before
1974 * @newsk: buffer to insert
1975 * @list: list to use
1977 * Place a packet before a given packet in a list. The list locks are
1978 * taken and this function is atomic with respect to other list locked
1981 * A buffer cannot be placed on two lists at the same time.
1983 void skb_insert(struct sk_buff *old, struct sk_buff *newsk, struct sk_buff_head *list)
1985 unsigned long flags;
1987 spin_lock_irqsave(&list->lock, flags);
1988 __skb_insert(newsk, old->prev, old, list);
1989 spin_unlock_irqrestore(&list->lock, flags);
1991 EXPORT_SYMBOL(skb_insert);
1993 static inline void skb_split_inside_header(struct sk_buff *skb,
1994 struct sk_buff* skb1,
1995 const u32 len, const int pos)
1999 skb_copy_from_linear_data_offset(skb, len, skb_put(skb1, pos - len),
2001 /* And move data appendix as is. */
2002 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
2003 skb_shinfo(skb1)->frags[i] = skb_shinfo(skb)->frags[i];
2005 skb_shinfo(skb1)->nr_frags = skb_shinfo(skb)->nr_frags;
2006 skb_shinfo(skb)->nr_frags = 0;
2007 skb1->data_len = skb->data_len;
2008 skb1->len += skb1->data_len;
2011 skb_set_tail_pointer(skb, len);
2014 static inline void skb_split_no_header(struct sk_buff *skb,
2015 struct sk_buff* skb1,
2016 const u32 len, int pos)
2019 const int nfrags = skb_shinfo(skb)->nr_frags;
2021 skb_shinfo(skb)->nr_frags = 0;
2022 skb1->len = skb1->data_len = skb->len - len;
2024 skb->data_len = len - pos;
2026 for (i = 0; i < nfrags; i++) {
2027 int size = skb_shinfo(skb)->frags[i].size;
2029 if (pos + size > len) {
2030 skb_shinfo(skb1)->frags[k] = skb_shinfo(skb)->frags[i];
2034 * We have two variants in this case:
2035 * 1. Move all the frag to the second
2036 * part, if it is possible. F.e.
2037 * this approach is mandatory for TUX,
2038 * where splitting is expensive.
2039 * 2. Split is accurately. We make this.
2041 get_page(skb_shinfo(skb)->frags[i].page);
2042 skb_shinfo(skb1)->frags[0].page_offset += len - pos;
2043 skb_shinfo(skb1)->frags[0].size -= len - pos;
2044 skb_shinfo(skb)->frags[i].size = len - pos;
2045 skb_shinfo(skb)->nr_frags++;
2049 skb_shinfo(skb)->nr_frags++;
2052 skb_shinfo(skb1)->nr_frags = k;
2056 * skb_split - Split fragmented skb to two parts at length len.
2057 * @skb: the buffer to split
2058 * @skb1: the buffer to receive the second part
2059 * @len: new length for skb
2061 void skb_split(struct sk_buff *skb, struct sk_buff *skb1, const u32 len)
2063 int pos = skb_headlen(skb);
2065 if (len < pos) /* Split line is inside header. */
2066 skb_split_inside_header(skb, skb1, len, pos);
2067 else /* Second chunk has no header, nothing to copy. */
2068 skb_split_no_header(skb, skb1, len, pos);
2070 EXPORT_SYMBOL(skb_split);
2072 /* Shifting from/to a cloned skb is a no-go.
2074 * Caller cannot keep skb_shinfo related pointers past calling here!
2076 static int skb_prepare_for_shift(struct sk_buff *skb)
2078 return skb_cloned(skb) && pskb_expand_head(skb, 0, 0, GFP_ATOMIC);
2082 * skb_shift - Shifts paged data partially from skb to another
2083 * @tgt: buffer into which tail data gets added
2084 * @skb: buffer from which the paged data comes from
2085 * @shiftlen: shift up to this many bytes
2087 * Attempts to shift up to shiftlen worth of bytes, which may be less than
2088 * the length of the skb, from tgt to skb. Returns number bytes shifted.
2089 * It's up to caller to free skb if everything was shifted.
2091 * If @tgt runs out of frags, the whole operation is aborted.
2093 * Skb cannot include anything else but paged data while tgt is allowed
2094 * to have non-paged data as well.
2096 * TODO: full sized shift could be optimized but that would need
2097 * specialized skb free'er to handle frags without up-to-date nr_frags.
2099 int skb_shift(struct sk_buff *tgt, struct sk_buff *skb, int shiftlen)
2101 int from, to, merge, todo;
2102 struct skb_frag_struct *fragfrom, *fragto;
2104 BUG_ON(shiftlen > skb->len);
2105 BUG_ON(skb_headlen(skb)); /* Would corrupt stream */
2109 to = skb_shinfo(tgt)->nr_frags;
2110 fragfrom = &skb_shinfo(skb)->frags[from];
2112 /* Actual merge is delayed until the point when we know we can
2113 * commit all, so that we don't have to undo partial changes
2116 !skb_can_coalesce(tgt, to, fragfrom->page, fragfrom->page_offset)) {
2121 todo -= fragfrom->size;
2123 if (skb_prepare_for_shift(skb) ||
2124 skb_prepare_for_shift(tgt))
2127 /* All previous frag pointers might be stale! */
2128 fragfrom = &skb_shinfo(skb)->frags[from];
2129 fragto = &skb_shinfo(tgt)->frags[merge];
2131 fragto->size += shiftlen;
2132 fragfrom->size -= shiftlen;
2133 fragfrom->page_offset += shiftlen;
2141 /* Skip full, not-fitting skb to avoid expensive operations */
2142 if ((shiftlen == skb->len) &&
2143 (skb_shinfo(skb)->nr_frags - from) > (MAX_SKB_FRAGS - to))
2146 if (skb_prepare_for_shift(skb) || skb_prepare_for_shift(tgt))
2149 while ((todo > 0) && (from < skb_shinfo(skb)->nr_frags)) {
2150 if (to == MAX_SKB_FRAGS)
2153 fragfrom = &skb_shinfo(skb)->frags[from];
2154 fragto = &skb_shinfo(tgt)->frags[to];
2156 if (todo >= fragfrom->size) {
2157 *fragto = *fragfrom;
2158 todo -= fragfrom->size;
2163 get_page(fragfrom->page);
2164 fragto->page = fragfrom->page;
2165 fragto->page_offset = fragfrom->page_offset;
2166 fragto->size = todo;
2168 fragfrom->page_offset += todo;
2169 fragfrom->size -= todo;
2177 /* Ready to "commit" this state change to tgt */
2178 skb_shinfo(tgt)->nr_frags = to;
2181 fragfrom = &skb_shinfo(skb)->frags[0];
2182 fragto = &skb_shinfo(tgt)->frags[merge];
2184 fragto->size += fragfrom->size;
2185 put_page(fragfrom->page);
2188 /* Reposition in the original skb */
2190 while (from < skb_shinfo(skb)->nr_frags)
2191 skb_shinfo(skb)->frags[to++] = skb_shinfo(skb)->frags[from++];
2192 skb_shinfo(skb)->nr_frags = to;
2194 BUG_ON(todo > 0 && !skb_shinfo(skb)->nr_frags);
2197 /* Most likely the tgt won't ever need its checksum anymore, skb on
2198 * the other hand might need it if it needs to be resent
2200 tgt->ip_summed = CHECKSUM_PARTIAL;
2201 skb->ip_summed = CHECKSUM_PARTIAL;
2203 /* Yak, is it really working this way? Some helper please? */
2204 skb->len -= shiftlen;
2205 skb->data_len -= shiftlen;
2206 skb->truesize -= shiftlen;
2207 tgt->len += shiftlen;
2208 tgt->data_len += shiftlen;
2209 tgt->truesize += shiftlen;
2215 * skb_prepare_seq_read - Prepare a sequential read of skb data
2216 * @skb: the buffer to read
2217 * @from: lower offset of data to be read
2218 * @to: upper offset of data to be read
2219 * @st: state variable
2221 * Initializes the specified state variable. Must be called before
2222 * invoking skb_seq_read() for the first time.
2224 void skb_prepare_seq_read(struct sk_buff *skb, unsigned int from,
2225 unsigned int to, struct skb_seq_state *st)
2227 st->lower_offset = from;
2228 st->upper_offset = to;
2229 st->root_skb = st->cur_skb = skb;
2230 st->frag_idx = st->stepped_offset = 0;
2231 st->frag_data = NULL;
2233 EXPORT_SYMBOL(skb_prepare_seq_read);
2236 * skb_seq_read - Sequentially read skb data
2237 * @consumed: number of bytes consumed by the caller so far
2238 * @data: destination pointer for data to be returned
2239 * @st: state variable
2241 * Reads a block of skb data at &consumed relative to the
2242 * lower offset specified to skb_prepare_seq_read(). Assigns
2243 * the head of the data block to &data and returns the length
2244 * of the block or 0 if the end of the skb data or the upper
2245 * offset has been reached.
2247 * The caller is not required to consume all of the data
2248 * returned, i.e. &consumed is typically set to the number
2249 * of bytes already consumed and the next call to
2250 * skb_seq_read() will return the remaining part of the block.
2252 * Note 1: The size of each block of data returned can be arbitary,
2253 * this limitation is the cost for zerocopy seqeuental
2254 * reads of potentially non linear data.
2256 * Note 2: Fragment lists within fragments are not implemented
2257 * at the moment, state->root_skb could be replaced with
2258 * a stack for this purpose.
2260 unsigned int skb_seq_read(unsigned int consumed, const u8 **data,
2261 struct skb_seq_state *st)
2263 unsigned int block_limit, abs_offset = consumed + st->lower_offset;
2266 if (unlikely(abs_offset >= st->upper_offset))
2270 block_limit = skb_headlen(st->cur_skb) + st->stepped_offset;
2272 if (abs_offset < block_limit) {
2273 *data = st->cur_skb->data + (abs_offset - st->stepped_offset);
2274 return block_limit - abs_offset;
2277 if (st->frag_idx == 0 && !st->frag_data)
2278 st->stepped_offset += skb_headlen(st->cur_skb);
2280 while (st->frag_idx < skb_shinfo(st->cur_skb)->nr_frags) {
2281 frag = &skb_shinfo(st->cur_skb)->frags[st->frag_idx];
2282 block_limit = frag->size + st->stepped_offset;
2284 if (abs_offset < block_limit) {
2286 st->frag_data = kmap_skb_frag(frag);
2288 *data = (u8 *) st->frag_data + frag->page_offset +
2289 (abs_offset - st->stepped_offset);
2291 return block_limit - abs_offset;
2294 if (st->frag_data) {
2295 kunmap_skb_frag(st->frag_data);
2296 st->frag_data = NULL;
2300 st->stepped_offset += frag->size;
2303 if (st->frag_data) {
2304 kunmap_skb_frag(st->frag_data);
2305 st->frag_data = NULL;
2308 if (st->root_skb == st->cur_skb &&
2309 skb_shinfo(st->root_skb)->frag_list) {
2310 st->cur_skb = skb_shinfo(st->root_skb)->frag_list;
2313 } else if (st->cur_skb->next) {
2314 st->cur_skb = st->cur_skb->next;
2321 EXPORT_SYMBOL(skb_seq_read);
2324 * skb_abort_seq_read - Abort a sequential read of skb data
2325 * @st: state variable
2327 * Must be called if skb_seq_read() was not called until it
2330 void skb_abort_seq_read(struct skb_seq_state *st)
2333 kunmap_skb_frag(st->frag_data);
2335 EXPORT_SYMBOL(skb_abort_seq_read);
2337 #define TS_SKB_CB(state) ((struct skb_seq_state *) &((state)->cb))
2339 static unsigned int skb_ts_get_next_block(unsigned int offset, const u8 **text,
2340 struct ts_config *conf,
2341 struct ts_state *state)
2343 return skb_seq_read(offset, text, TS_SKB_CB(state));
2346 static void skb_ts_finish(struct ts_config *conf, struct ts_state *state)
2348 skb_abort_seq_read(TS_SKB_CB(state));
2352 * skb_find_text - Find a text pattern in skb data
2353 * @skb: the buffer to look in
2354 * @from: search offset
2356 * @config: textsearch configuration
2357 * @state: uninitialized textsearch state variable
2359 * Finds a pattern in the skb data according to the specified
2360 * textsearch configuration. Use textsearch_next() to retrieve
2361 * subsequent occurrences of the pattern. Returns the offset
2362 * to the first occurrence or UINT_MAX if no match was found.
2364 unsigned int skb_find_text(struct sk_buff *skb, unsigned int from,
2365 unsigned int to, struct ts_config *config,
2366 struct ts_state *state)
2370 config->get_next_block = skb_ts_get_next_block;
2371 config->finish = skb_ts_finish;
2373 skb_prepare_seq_read(skb, from, to, TS_SKB_CB(state));
2375 ret = textsearch_find(config, state);
2376 return (ret <= to - from ? ret : UINT_MAX);
2378 EXPORT_SYMBOL(skb_find_text);
2381 * skb_append_datato_frags: - append the user data to a skb
2382 * @sk: sock structure
2383 * @skb: skb structure to be appened with user data.
2384 * @getfrag: call back function to be used for getting the user data
2385 * @from: pointer to user message iov
2386 * @length: length of the iov message
2388 * Description: This procedure append the user data in the fragment part
2389 * of the skb if any page alloc fails user this procedure returns -ENOMEM
2391 int skb_append_datato_frags(struct sock *sk, struct sk_buff *skb,
2392 int (*getfrag)(void *from, char *to, int offset,
2393 int len, int odd, struct sk_buff *skb),
2394 void *from, int length)
2397 skb_frag_t *frag = NULL;
2398 struct page *page = NULL;
2404 /* Return error if we don't have space for new frag */
2405 frg_cnt = skb_shinfo(skb)->nr_frags;
2406 if (frg_cnt >= MAX_SKB_FRAGS)
2409 /* allocate a new page for next frag */
2410 page = alloc_pages(sk->sk_allocation, 0);
2412 /* If alloc_page fails just return failure and caller will
2413 * free previous allocated pages by doing kfree_skb()
2418 /* initialize the next frag */
2419 sk->sk_sndmsg_page = page;
2420 sk->sk_sndmsg_off = 0;
2421 skb_fill_page_desc(skb, frg_cnt, page, 0, 0);
2422 skb->truesize += PAGE_SIZE;
2423 atomic_add(PAGE_SIZE, &sk->sk_wmem_alloc);
2425 /* get the new initialized frag */
2426 frg_cnt = skb_shinfo(skb)->nr_frags;
2427 frag = &skb_shinfo(skb)->frags[frg_cnt - 1];
2429 /* copy the user data to page */
2430 left = PAGE_SIZE - frag->page_offset;
2431 copy = (length > left)? left : length;
2433 ret = getfrag(from, (page_address(frag->page) +
2434 frag->page_offset + frag->size),
2435 offset, copy, 0, skb);
2439 /* copy was successful so update the size parameters */
2440 sk->sk_sndmsg_off += copy;
2443 skb->data_len += copy;
2447 } while (length > 0);
2451 EXPORT_SYMBOL(skb_append_datato_frags);
2454 * skb_pull_rcsum - pull skb and update receive checksum
2455 * @skb: buffer to update
2456 * @len: length of data pulled
2458 * This function performs an skb_pull on the packet and updates
2459 * the CHECKSUM_COMPLETE checksum. It should be used on
2460 * receive path processing instead of skb_pull unless you know
2461 * that the checksum difference is zero (e.g., a valid IP header)
2462 * or you are setting ip_summed to CHECKSUM_NONE.
2464 unsigned char *skb_pull_rcsum(struct sk_buff *skb, unsigned int len)
2466 BUG_ON(len > skb->len);
2468 BUG_ON(skb->len < skb->data_len);
2469 skb_postpull_rcsum(skb, skb->data, len);
2470 return skb->data += len;
2473 EXPORT_SYMBOL_GPL(skb_pull_rcsum);
2476 * skb_segment - Perform protocol segmentation on skb.
2477 * @skb: buffer to segment
2478 * @features: features for the output path (see dev->features)
2480 * This function performs segmentation on the given skb. It returns
2481 * a pointer to the first in a list of new skbs for the segments.
2482 * In case of error it returns ERR_PTR(err).
2484 struct sk_buff *skb_segment(struct sk_buff *skb, int features)
2486 struct sk_buff *segs = NULL;
2487 struct sk_buff *tail = NULL;
2488 struct sk_buff *fskb = skb_shinfo(skb)->frag_list;
2489 unsigned int mss = skb_shinfo(skb)->gso_size;
2490 unsigned int doffset = skb->data - skb_mac_header(skb);
2491 unsigned int offset = doffset;
2492 unsigned int headroom;
2494 int sg = features & NETIF_F_SG;
2495 int nfrags = skb_shinfo(skb)->nr_frags;
2500 __skb_push(skb, doffset);
2501 headroom = skb_headroom(skb);
2502 pos = skb_headlen(skb);
2505 struct sk_buff *nskb;
2510 len = skb->len - offset;
2514 hsize = skb_headlen(skb) - offset;
2517 if (hsize > len || !sg)
2520 if (!hsize && i >= nfrags) {
2521 BUG_ON(fskb->len != len);
2524 nskb = skb_clone(fskb, GFP_ATOMIC);
2527 if (unlikely(!nskb))
2530 hsize = skb_end_pointer(nskb) - nskb->head;
2531 if (skb_cow_head(nskb, doffset + headroom)) {
2536 nskb->truesize += skb_end_pointer(nskb) - nskb->head -
2538 skb_release_head_state(nskb);
2539 __skb_push(nskb, doffset);
2541 nskb = alloc_skb(hsize + doffset + headroom,
2544 if (unlikely(!nskb))
2547 skb_reserve(nskb, headroom);
2548 __skb_put(nskb, doffset);
2557 __copy_skb_header(nskb, skb);
2558 nskb->mac_len = skb->mac_len;
2560 skb_reset_mac_header(nskb);
2561 skb_set_network_header(nskb, skb->mac_len);
2562 nskb->transport_header = (nskb->network_header +
2563 skb_network_header_len(skb));
2564 skb_copy_from_linear_data(skb, nskb->data, doffset);
2566 if (pos >= offset + len)
2570 nskb->ip_summed = CHECKSUM_NONE;
2571 nskb->csum = skb_copy_and_csum_bits(skb, offset,
2577 frag = skb_shinfo(nskb)->frags;
2579 skb_copy_from_linear_data_offset(skb, offset,
2580 skb_put(nskb, hsize), hsize);
2582 while (pos < offset + len && i < nfrags) {
2583 *frag = skb_shinfo(skb)->frags[i];
2584 get_page(frag->page);
2588 frag->page_offset += offset - pos;
2589 frag->size -= offset - pos;
2592 skb_shinfo(nskb)->nr_frags++;
2594 if (pos + size <= offset + len) {
2598 frag->size -= pos + size - (offset + len);
2605 if (pos < offset + len) {
2606 struct sk_buff *fskb2 = fskb;
2608 BUG_ON(pos + fskb->len != offset + len);
2614 fskb2 = skb_clone(fskb2, GFP_ATOMIC);
2620 BUG_ON(skb_shinfo(nskb)->frag_list);
2621 skb_shinfo(nskb)->frag_list = fskb2;
2625 nskb->data_len = len - hsize;
2626 nskb->len += nskb->data_len;
2627 nskb->truesize += nskb->data_len;
2628 } while ((offset += len) < skb->len);
2633 while ((skb = segs)) {
2637 return ERR_PTR(err);
2639 EXPORT_SYMBOL_GPL(skb_segment);
2641 int skb_gro_receive(struct sk_buff **head, struct sk_buff *skb)
2643 struct sk_buff *p = *head;
2644 struct sk_buff *nskb;
2645 unsigned int headroom;
2646 unsigned int len = skb_gro_len(skb);
2648 if (p->len + len >= 65536)
2651 if (skb_shinfo(p)->frag_list)
2653 else if (skb_headlen(skb) <= skb_gro_offset(skb)) {
2654 if (skb_shinfo(p)->nr_frags + skb_shinfo(skb)->nr_frags >
2658 skb_shinfo(skb)->frags[0].page_offset +=
2659 skb_gro_offset(skb) - skb_headlen(skb);
2660 skb_shinfo(skb)->frags[0].size -=
2661 skb_gro_offset(skb) - skb_headlen(skb);
2663 memcpy(skb_shinfo(p)->frags + skb_shinfo(p)->nr_frags,
2664 skb_shinfo(skb)->frags,
2665 skb_shinfo(skb)->nr_frags * sizeof(skb_frag_t));
2667 skb_shinfo(p)->nr_frags += skb_shinfo(skb)->nr_frags;
2668 skb_shinfo(skb)->nr_frags = 0;
2670 skb->truesize -= skb->data_len;
2671 skb->len -= skb->data_len;
2674 NAPI_GRO_CB(skb)->free = 1;
2678 headroom = skb_headroom(p);
2679 nskb = netdev_alloc_skb(p->dev, headroom + skb_gro_offset(p));
2680 if (unlikely(!nskb))
2683 __copy_skb_header(nskb, p);
2684 nskb->mac_len = p->mac_len;
2686 skb_reserve(nskb, headroom);
2687 __skb_put(nskb, skb_gro_offset(p));
2689 skb_set_mac_header(nskb, skb_mac_header(p) - p->data);
2690 skb_set_network_header(nskb, skb_network_offset(p));
2691 skb_set_transport_header(nskb, skb_transport_offset(p));
2693 __skb_pull(p, skb_gro_offset(p));
2694 memcpy(skb_mac_header(nskb), skb_mac_header(p),
2695 p->data - skb_mac_header(p));
2697 *NAPI_GRO_CB(nskb) = *NAPI_GRO_CB(p);
2698 skb_shinfo(nskb)->frag_list = p;
2699 skb_shinfo(nskb)->gso_size = skb_shinfo(p)->gso_size;
2700 skb_header_release(p);
2703 nskb->data_len += p->len;
2704 nskb->truesize += p->len;
2705 nskb->len += p->len;
2708 nskb->next = p->next;
2714 if (skb_gro_offset(skb) > skb_headlen(skb)) {
2715 skb_shinfo(skb)->frags[0].page_offset +=
2716 skb_gro_offset(skb) - skb_headlen(skb);
2717 skb_shinfo(skb)->frags[0].size -=
2718 skb_gro_offset(skb) - skb_headlen(skb);
2719 skb_gro_reset_offset(skb);
2720 skb_gro_pull(skb, skb_headlen(skb));
2723 __skb_pull(skb, skb_gro_offset(skb));
2725 p->prev->next = skb;
2727 skb_header_release(skb);
2730 NAPI_GRO_CB(p)->count++;
2735 NAPI_GRO_CB(skb)->same_flow = 1;
2738 EXPORT_SYMBOL_GPL(skb_gro_receive);
2740 void __init skb_init(void)
2742 skbuff_head_cache = kmem_cache_create("skbuff_head_cache",
2743 sizeof(struct sk_buff),
2745 SLAB_HWCACHE_ALIGN|SLAB_PANIC,
2747 skbuff_fclone_cache = kmem_cache_create("skbuff_fclone_cache",
2748 (2*sizeof(struct sk_buff)) +
2751 SLAB_HWCACHE_ALIGN|SLAB_PANIC,
2756 * skb_to_sgvec - Fill a scatter-gather list from a socket buffer
2757 * @skb: Socket buffer containing the buffers to be mapped
2758 * @sg: The scatter-gather list to map into
2759 * @offset: The offset into the buffer's contents to start mapping
2760 * @len: Length of buffer space to be mapped
2762 * Fill the specified scatter-gather list with mappings/pointers into a
2763 * region of the buffer space attached to a socket buffer.
2766 __skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len)
2768 int start = skb_headlen(skb);
2769 int i, copy = start - offset;
2775 sg_set_buf(sg, skb->data + offset, copy);
2777 if ((len -= copy) == 0)
2782 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
2785 WARN_ON(start > offset + len);
2787 end = start + skb_shinfo(skb)->frags[i].size;
2788 if ((copy = end - offset) > 0) {
2789 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
2793 sg_set_page(&sg[elt], frag->page, copy,
2794 frag->page_offset+offset-start);
2803 if (skb_shinfo(skb)->frag_list) {
2804 struct sk_buff *list = skb_shinfo(skb)->frag_list;
2806 for (; list; list = list->next) {
2809 WARN_ON(start > offset + len);
2811 end = start + list->len;
2812 if ((copy = end - offset) > 0) {
2815 elt += __skb_to_sgvec(list, sg+elt, offset - start,
2817 if ((len -= copy) == 0)
2828 int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len)
2830 int nsg = __skb_to_sgvec(skb, sg, offset, len);
2832 sg_mark_end(&sg[nsg - 1]);
2836 EXPORT_SYMBOL_GPL(skb_to_sgvec);
2839 * skb_cow_data - Check that a socket buffer's data buffers are writable
2840 * @skb: The socket buffer to check.
2841 * @tailbits: Amount of trailing space to be added
2842 * @trailer: Returned pointer to the skb where the @tailbits space begins
2844 * Make sure that the data buffers attached to a socket buffer are
2845 * writable. If they are not, private copies are made of the data buffers
2846 * and the socket buffer is set to use these instead.
2848 * If @tailbits is given, make sure that there is space to write @tailbits
2849 * bytes of data beyond current end of socket buffer. @trailer will be
2850 * set to point to the skb in which this space begins.
2852 * The number of scatterlist elements required to completely map the
2853 * COW'd and extended socket buffer will be returned.
2855 int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer)
2859 struct sk_buff *skb1, **skb_p;
2861 /* If skb is cloned or its head is paged, reallocate
2862 * head pulling out all the pages (pages are considered not writable
2863 * at the moment even if they are anonymous).
2865 if ((skb_cloned(skb) || skb_shinfo(skb)->nr_frags) &&
2866 __pskb_pull_tail(skb, skb_pagelen(skb)-skb_headlen(skb)) == NULL)
2869 /* Easy case. Most of packets will go this way. */
2870 if (!skb_shinfo(skb)->frag_list) {
2871 /* A little of trouble, not enough of space for trailer.
2872 * This should not happen, when stack is tuned to generate
2873 * good frames. OK, on miss we reallocate and reserve even more
2874 * space, 128 bytes is fair. */
2876 if (skb_tailroom(skb) < tailbits &&
2877 pskb_expand_head(skb, 0, tailbits-skb_tailroom(skb)+128, GFP_ATOMIC))
2885 /* Misery. We are in troubles, going to mincer fragments... */
2888 skb_p = &skb_shinfo(skb)->frag_list;
2891 while ((skb1 = *skb_p) != NULL) {
2894 /* The fragment is partially pulled by someone,
2895 * this can happen on input. Copy it and everything
2898 if (skb_shared(skb1))
2901 /* If the skb is the last, worry about trailer. */
2903 if (skb1->next == NULL && tailbits) {
2904 if (skb_shinfo(skb1)->nr_frags ||
2905 skb_shinfo(skb1)->frag_list ||
2906 skb_tailroom(skb1) < tailbits)
2907 ntail = tailbits + 128;
2913 skb_shinfo(skb1)->nr_frags ||
2914 skb_shinfo(skb1)->frag_list) {
2915 struct sk_buff *skb2;
2917 /* Fuck, we are miserable poor guys... */
2919 skb2 = skb_copy(skb1, GFP_ATOMIC);
2921 skb2 = skb_copy_expand(skb1,
2925 if (unlikely(skb2 == NULL))
2929 skb_set_owner_w(skb2, skb1->sk);
2931 /* Looking around. Are we still alive?
2932 * OK, link new skb, drop old one */
2934 skb2->next = skb1->next;
2941 skb_p = &skb1->next;
2946 EXPORT_SYMBOL_GPL(skb_cow_data);
2949 * skb_partial_csum_set - set up and verify partial csum values for packet
2950 * @skb: the skb to set
2951 * @start: the number of bytes after skb->data to start checksumming.
2952 * @off: the offset from start to place the checksum.
2954 * For untrusted partially-checksummed packets, we need to make sure the values
2955 * for skb->csum_start and skb->csum_offset are valid so we don't oops.
2957 * This function checks and sets those values and skb->ip_summed: if this
2958 * returns false you should drop the packet.
2960 bool skb_partial_csum_set(struct sk_buff *skb, u16 start, u16 off)
2962 if (unlikely(start > skb->len - 2) ||
2963 unlikely((int)start + off > skb->len - 2)) {
2964 if (net_ratelimit())
2966 "bad partial csum: csum=%u/%u len=%u\n",
2967 start, off, skb->len);
2970 skb->ip_summed = CHECKSUM_PARTIAL;
2971 skb->csum_start = skb_headroom(skb) + start;
2972 skb->csum_offset = off;
2975 EXPORT_SYMBOL_GPL(skb_partial_csum_set);
2977 void __skb_warn_lro_forwarding(const struct sk_buff *skb)
2979 if (net_ratelimit())
2980 pr_warning("%s: received packets cannot be forwarded"
2981 " while LRO is enabled\n", skb->dev->name);
2983 EXPORT_SYMBOL(__skb_warn_lro_forwarding);
projects / linux-2.6 / blob