projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland...
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / ipv6 / ip6_output.c
1 /*
2 * IPv6 output functions
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * Based on linux/net/ipv4/ip_output.c
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
14 *
15 * Changes:
16 * A.N.Kuznetsov : airthmetics in fragmentation.
17 * extension headers are implemented.
18 * route changes now work.
19 * ip6_forward does not confuse sniffers.
20 * etc.
21 *
22 * H. von Brand : Added missing #include <linux/string.h>
23 * Imran Patel : frag id should be in NBO
24 * Kazunori MIYAZAWA @USAGI
25 * : add ip6_append_data and related functions
26 * for datagram xmit
27 */
28
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/string.h>
32 #include <linux/socket.h>
33 #include <linux/net.h>
34 #include <linux/netdevice.h>
35 #include <linux/if_arp.h>
36 #include <linux/in6.h>
37 #include <linux/tcp.h>
38 #include <linux/route.h>
39 #include <linux/module.h>
40
41 #include <linux/netfilter.h>
42 #include <linux/netfilter_ipv6.h>
43
44 #include <net/sock.h>
45 #include <net/snmp.h>
46
47 #include <net/ipv6.h>
48 #include <net/ndisc.h>
49 #include <net/protocol.h>
50 #include <net/ip6_route.h>
51 #include <net/addrconf.h>
52 #include <net/rawv6.h>
53 #include <net/icmp.h>
54 #include <net/xfrm.h>
55 #include <net/checksum.h>
56 #include <linux/mroute6.h>
57
58 static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *));
59
60 static __inline__ void ipv6_select_ident(struct sk_buff *skb, struct frag_hdr *fhdr)
61 {
62 static u32 ipv6_fragmentation_id = 1;
63 static DEFINE_SPINLOCK(ip6_id_lock);
64
65 spin_lock_bh(&ip6_id_lock);
66 fhdr->identification = htonl(ipv6_fragmentation_id);
67 if (++ipv6_fragmentation_id == 0)
68 ipv6_fragmentation_id = 1;
69 spin_unlock_bh(&ip6_id_lock);
70 }
71
72 int __ip6_local_out(struct sk_buff *skb)
73 {
74 int len;
75
76 len = skb->len - sizeof(struct ipv6hdr);
77 if (len > IPV6_MAXPLEN)
78 len = 0;
79 ipv6_hdr(skb)->payload_len = htons(len);
80
81 return nf_hook(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, skb->dst->dev,
82 dst_output);
83 }
84
85 int ip6_local_out(struct sk_buff *skb)
86 {
87 int err;
88
89 err = __ip6_local_out(skb);
90 if (likely(err == 1))
91 err = dst_output(skb);
92
93 return err;
94 }
95 EXPORT_SYMBOL_GPL(ip6_local_out);
96
97 static int ip6_output_finish(struct sk_buff *skb)
98 {
99 struct dst_entry *dst = skb->dst;
100
101 if (dst->hh)
102 return neigh_hh_output(dst->hh, skb);
103 else if (dst->neighbour)
104 return dst->neighbour->output(skb);
105
106 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
107 kfree_skb(skb);
108 return -EINVAL;
109
110 }
111
112 /* dev_loopback_xmit for use with netfilter. */
113 static int ip6_dev_loopback_xmit(struct sk_buff *newskb)
114 {
115 skb_reset_mac_header(newskb);
116 __skb_pull(newskb, skb_network_offset(newskb));
117 newskb->pkt_type = PACKET_LOOPBACK;
118 newskb->ip_summed = CHECKSUM_UNNECESSARY;
119 WARN_ON(!newskb->dst);
120
121 netif_rx(newskb);
122 return 0;
123 }
124
125
126 static int ip6_output2(struct sk_buff *skb)
127 {
128 struct dst_entry *dst = skb->dst;
129 struct net_device *dev = dst->dev;
130
131 skb->protocol = htons(ETH_P_IPV6);
132 skb->dev = dev;
133
134 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
135 struct ipv6_pinfo* np = skb->sk ? inet6_sk(skb->sk) : NULL;
136 struct inet6_dev *idev = ip6_dst_idev(skb->dst);
137
138 if (!(dev->flags & IFF_LOOPBACK) && (!np || np->mc_loop) &&
139 ((mroute6_socket && !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
140 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
141 &ipv6_hdr(skb)->saddr))) {
142 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
143
144 /* Do not check for IFF_ALLMULTI; multicast routing
145 is not supported in any case.
146 */
147 if (newskb)
148 NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, newskb,
149 NULL, newskb->dev,
150 ip6_dev_loopback_xmit);
151
152 if (ipv6_hdr(skb)->hop_limit == 0) {
153 IP6_INC_STATS(idev, IPSTATS_MIB_OUTDISCARDS);
154 kfree_skb(skb);
155 return 0;
156 }
157 }
158
159 IP6_INC_STATS(idev, IPSTATS_MIB_OUTMCASTPKTS);
160 }
161
162 return NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, skb, NULL, skb->dev,
163 ip6_output_finish);
164 }
165
166 static inline int ip6_skb_dst_mtu(struct sk_buff *skb)
167 {
168 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
169
170 return (np && np->pmtudisc == IPV6_PMTUDISC_PROBE) ?
171 skb->dst->dev->mtu : dst_mtu(skb->dst);
172 }
173
174 int ip6_output(struct sk_buff *skb)
175 {
176 struct inet6_dev *idev = ip6_dst_idev(skb->dst);
177 if (unlikely(idev->cnf.disable_ipv6)) {
178 IP6_INC_STATS(idev, IPSTATS_MIB_OUTDISCARDS);
179 kfree_skb(skb);
180 return 0;
181 }
182
183 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
184 dst_allfrag(skb->dst))
185 return ip6_fragment(skb, ip6_output2);
186 else
187 return ip6_output2(skb);
188 }
189
190 /*
191 * xmit an sk_buff (used by TCP)
192 */
193
194 int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl,
195 struct ipv6_txoptions *opt, int ipfragok)
196 {
197 struct ipv6_pinfo *np = inet6_sk(sk);
198 struct in6_addr *first_hop = &fl->fl6_dst;
199 struct dst_entry *dst = skb->dst;
200 struct ipv6hdr *hdr;
201 u8 proto = fl->proto;
202 int seg_len = skb->len;
203 int hlimit, tclass;
204 u32 mtu;
205
206 if (opt) {
207 unsigned int head_room;
208
209 /* First: exthdrs may take lots of space (~8K for now)
210 MAX_HEADER is not enough.
211 */
212 head_room = opt->opt_nflen + opt->opt_flen;
213 seg_len += head_room;
214 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev);
215
216 if (skb_headroom(skb) < head_room) {
217 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room);
218 if (skb2 == NULL) {
219 IP6_INC_STATS(ip6_dst_idev(skb->dst),
220 IPSTATS_MIB_OUTDISCARDS);
221 kfree_skb(skb);
222 return -ENOBUFS;
223 }
224 kfree_skb(skb);
225 skb = skb2;
226 if (sk)
227 skb_set_owner_w(skb, sk);
228 }
229 if (opt->opt_flen)
230 ipv6_push_frag_opts(skb, opt, &proto);
231 if (opt->opt_nflen)
232 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop);
233 }
234
235 skb_push(skb, sizeof(struct ipv6hdr));
236 skb_reset_network_header(skb);
237 hdr = ipv6_hdr(skb);
238
239 /* Allow local fragmentation. */
240 if (ipfragok)
241 skb->local_df = 1;
242
243 /*
244 * Fill in the IPv6 header
245 */
246
247 hlimit = -1;
248 if (np)
249 hlimit = np->hop_limit;
250 if (hlimit < 0)
251 hlimit = ip6_dst_hoplimit(dst);
252
253 tclass = -1;
254 if (np)
255 tclass = np->tclass;
256 if (tclass < 0)
257 tclass = 0;
258
259 *(__be32 *)hdr = htonl(0x60000000 | (tclass << 20)) | fl->fl6_flowlabel;
260
261 hdr->payload_len = htons(seg_len);
262 hdr->nexthdr = proto;
263 hdr->hop_limit = hlimit;
264
265 ipv6_addr_copy(&hdr->saddr, &fl->fl6_src);
266 ipv6_addr_copy(&hdr->daddr, first_hop);
267
268 skb->priority = sk->sk_priority;
269 skb->mark = sk->sk_mark;
270
271 mtu = dst_mtu(dst);
272 if ((skb->len <= mtu) || skb->local_df || skb_is_gso(skb)) {
273 IP6_INC_STATS(ip6_dst_idev(skb->dst),
274 IPSTATS_MIB_OUTREQUESTS);
275 return NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
276 dst_output);
277 }
278
279 if (net_ratelimit())
280 printk(KERN_DEBUG "IPv6: sending pkt_too_big to self\n");
281 skb->dev = dst->dev;
282 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, skb->dev);
283 IP6_INC_STATS(ip6_dst_idev(skb->dst), IPSTATS_MIB_FRAGFAILS);
284 kfree_skb(skb);
285 return -EMSGSIZE;
286 }
287
288 EXPORT_SYMBOL(ip6_xmit);
289
290 /*
291 * To avoid extra problems ND packets are send through this
292 * routine. It's code duplication but I really want to avoid
293 * extra checks since ipv6_build_header is used by TCP (which
294 * is for us performance critical)
295 */
296
297 int ip6_nd_hdr(struct sock *sk, struct sk_buff *skb, struct net_device *dev,
298 const struct in6_addr *saddr, const struct in6_addr *daddr,
299 int proto, int len)
300 {
301 struct ipv6_pinfo *np = inet6_sk(sk);
302 struct ipv6hdr *hdr;
303 int totlen;
304
305 skb->protocol = htons(ETH_P_IPV6);
306 skb->dev = dev;
307
308 totlen = len + sizeof(struct ipv6hdr);
309
310 skb_reset_network_header(skb);
311 skb_put(skb, sizeof(struct ipv6hdr));
312 hdr = ipv6_hdr(skb);
313
314 *(__be32*)hdr = htonl(0x60000000);
315
316 hdr->payload_len = htons(len);
317 hdr->nexthdr = proto;
318 hdr->hop_limit = np->hop_limit;
319
320 ipv6_addr_copy(&hdr->saddr, saddr);
321 ipv6_addr_copy(&hdr->daddr, daddr);
322
323 return 0;
324 }
325
326 static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
327 {
328 struct ip6_ra_chain *ra;
329 struct sock *last = NULL;
330
331 read_lock(&ip6_ra_lock);
332 for (ra = ip6_ra_chain; ra; ra = ra->next) {
333 struct sock *sk = ra->sk;
334 if (sk && ra->sel == sel &&
335 (!sk->sk_bound_dev_if ||
336 sk->sk_bound_dev_if == skb->dev->ifindex)) {
337 if (last) {
338 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
339 if (skb2)
340 rawv6_rcv(last, skb2);
341 }
342 last = sk;
343 }
344 }
345
346 if (last) {
347 rawv6_rcv(last, skb);
348 read_unlock(&ip6_ra_lock);
349 return 1;
350 }
351 read_unlock(&ip6_ra_lock);
352 return 0;
353 }
354
355 static int ip6_forward_proxy_check(struct sk_buff *skb)
356 {
357 struct ipv6hdr *hdr = ipv6_hdr(skb);
358 u8 nexthdr = hdr->nexthdr;
359 int offset;
360
361 if (ipv6_ext_hdr(nexthdr)) {
362 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr);
363 if (offset < 0)
364 return 0;
365 } else
366 offset = sizeof(struct ipv6hdr);
367
368 if (nexthdr == IPPROTO_ICMPV6) {
369 struct icmp6hdr *icmp6;
370
371 if (!pskb_may_pull(skb, (skb_network_header(skb) +
372 offset + 1 - skb->data)))
373 return 0;
374
375 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset);
376
377 switch (icmp6->icmp6_type) {
378 case NDISC_ROUTER_SOLICITATION:
379 case NDISC_ROUTER_ADVERTISEMENT:
380 case NDISC_NEIGHBOUR_SOLICITATION:
381 case NDISC_NEIGHBOUR_ADVERTISEMENT:
382 case NDISC_REDIRECT:
383 /* For reaction involving unicast neighbor discovery
384 * message destined to the proxied address, pass it to
385 * input function.
386 */
387 return 1;
388 default:
389 break;
390 }
391 }
392
393 /*
394 * The proxying router can't forward traffic sent to a link-local
395 * address, so signal the sender and discard the packet. This
396 * behavior is clarified by the MIPv6 specification.
397 */
398 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) {
399 dst_link_failure(skb);
400 return -1;
401 }
402
403 return 0;
404 }
405
406 static inline int ip6_forward_finish(struct sk_buff *skb)
407 {
408 return dst_output(skb);
409 }
410
411 int ip6_forward(struct sk_buff *skb)
412 {
413 struct dst_entry *dst = skb->dst;
414 struct ipv6hdr *hdr = ipv6_hdr(skb);
415 struct inet6_skb_parm *opt = IP6CB(skb);
416 struct net *net = dev_net(dst->dev);
417
418 if (net->ipv6.devconf_all->forwarding == 0)
419 goto error;
420
421 if (skb_warn_if_lro(skb))
422 goto drop;
423
424 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
425 IP6_INC_STATS(ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
426 goto drop;
427 }
428
429 skb_forward_csum(skb);
430
431 /*
432 * We DO NOT make any processing on
433 * RA packets, pushing them to user level AS IS
434 * without ane WARRANTY that application will be able
435 * to interpret them. The reason is that we
436 * cannot make anything clever here.
437 *
438 * We are not end-node, so that if packet contains
439 * AH/ESP, we cannot make anything.
440 * Defragmentation also would be mistake, RA packets
441 * cannot be fragmented, because there is no warranty
442 * that different fragments will go along one path. --ANK
443 */
444 if (opt->ra) {
445 u8 *ptr = skb_network_header(skb) + opt->ra;
446 if (ip6_call_ra_chain(skb, (ptr[2]<<8) + ptr[3]))
447 return 0;
448 }
449
450 /*
451 * check and decrement ttl
452 */
453 if (hdr->hop_limit <= 1) {
454 /* Force OUTPUT device used as source address */
455 skb->dev = dst->dev;
456 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
457 0, skb->dev);
458 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS);
459
460 kfree_skb(skb);
461 return -ETIMEDOUT;
462 }
463
464 /* XXX: idev->cnf.proxy_ndp? */
465 if (net->ipv6.devconf_all->proxy_ndp &&
466 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
467 int proxied = ip6_forward_proxy_check(skb);
468 if (proxied > 0)
469 return ip6_input(skb);
470 else if (proxied < 0) {
471 IP6_INC_STATS(ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
472 goto drop;
473 }
474 }
475
476 if (!xfrm6_route_forward(skb)) {
477 IP6_INC_STATS(ip6_dst_idev(dst), IPSTATS_MIB_INDISCARDS);
478 goto drop;
479 }
480 dst = skb->dst;
481
482 /* IPv6 specs say nothing about it, but it is clear that we cannot
483 send redirects to source routed frames.
484 We don't send redirects to frames decapsulated from IPsec.
485 */
486 if (skb->dev == dst->dev && dst->neighbour && opt->srcrt == 0 &&
487 !skb->sp) {
488 struct in6_addr *target = NULL;
489 struct rt6_info *rt;
490 struct neighbour *n = dst->neighbour;
491
492 /*
493 * incoming and outgoing devices are the same
494 * send a redirect.
495 */
496
497 rt = (struct rt6_info *) dst;
498 if ((rt->rt6i_flags & RTF_GATEWAY))
499 target = (struct in6_addr*)&n->primary_key;
500 else
501 target = &hdr->daddr;
502
503 /* Limit redirects both by destination (here)
504 and by source (inside ndisc_send_redirect)
505 */
506 if (xrlim_allow(dst, 1*HZ))
507 ndisc_send_redirect(skb, n, target);
508 } else {
509 int addrtype = ipv6_addr_type(&hdr->saddr);
510
511 /* This check is security critical. */
512 if (addrtype == IPV6_ADDR_ANY ||
513 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
514 goto error;
515 if (addrtype & IPV6_ADDR_LINKLOCAL) {
516 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
517 ICMPV6_NOT_NEIGHBOUR, 0, skb->dev);
518 goto error;
519 }
520 }
521
522 if (skb->len > dst_mtu(dst)) {
523 /* Again, force OUTPUT device used as source address */
524 skb->dev = dst->dev;
525 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, dst_mtu(dst), skb->dev);
526 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_INTOOBIGERRORS);
527 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_FRAGFAILS);
528 kfree_skb(skb);
529 return -EMSGSIZE;
530 }
531
532 if (skb_cow(skb, dst->dev->hard_header_len)) {
533 IP6_INC_STATS(ip6_dst_idev(dst), IPSTATS_MIB_OUTDISCARDS);
534 goto drop;
535 }
536
537 hdr = ipv6_hdr(skb);
538
539 /* Mangling hops number delayed to point after skb COW */
540
541 hdr->hop_limit--;
542
543 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
544 return NF_HOOK(PF_INET6, NF_INET_FORWARD, skb, skb->dev, dst->dev,
545 ip6_forward_finish);
546
547 error:
548 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS);
549 drop:
550 kfree_skb(skb);
551 return -EINVAL;
552 }
553
554 static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
555 {
556 to->pkt_type = from->pkt_type;
557 to->priority = from->priority;
558 to->protocol = from->protocol;
559 dst_release(to->dst);
560 to->dst = dst_clone(from->dst);
561 to->dev = from->dev;
562 to->mark = from->mark;
563
564 #ifdef CONFIG_NET_SCHED
565 to->tc_index = from->tc_index;
566 #endif
567 nf_copy(to, from);
568 #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
569 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
570 to->nf_trace = from->nf_trace;
571 #endif
572 skb_copy_secmark(to, from);
573 }
574
575 int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
576 {
577 u16 offset = sizeof(struct ipv6hdr);
578 struct ipv6_opt_hdr *exthdr =
579 (struct ipv6_opt_hdr *)(ipv6_hdr(skb) + 1);
580 unsigned int packet_len = skb->tail - skb->network_header;
581 int found_rhdr = 0;
582 *nexthdr = &ipv6_hdr(skb)->nexthdr;
583
584 while (offset + 1 <= packet_len) {
585
586 switch (**nexthdr) {
587
588 case NEXTHDR_HOP:
589 break;
590 case NEXTHDR_ROUTING:
591 found_rhdr = 1;
592 break;
593 case NEXTHDR_DEST:
594 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
595 if (ipv6_find_tlv(skb, offset, IPV6_TLV_HAO) >= 0)
596 break;
597 #endif
598 if (found_rhdr)
599 return offset;
600 break;
601 default :
602 return offset;
603 }
604
605 offset += ipv6_optlen(exthdr);
606 *nexthdr = &exthdr->nexthdr;
607 exthdr = (struct ipv6_opt_hdr *)(skb_network_header(skb) +
608 offset);
609 }
610
611 return offset;
612 }
613
614 static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
615 {
616 struct net_device *dev;
617 struct sk_buff *frag;
618 struct rt6_info *rt = (struct rt6_info*)skb->dst;
619 struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL;
620 struct ipv6hdr *tmp_hdr;
621 struct frag_hdr *fh;
622 unsigned int mtu, hlen, left, len;
623 __be32 frag_id = 0;
624 int ptr, offset = 0, err=0;
625 u8 *prevhdr, nexthdr = 0;
626
627 dev = rt->u.dst.dev;
628 hlen = ip6_find_1stfragopt(skb, &prevhdr);
629 nexthdr = *prevhdr;
630
631 mtu = ip6_skb_dst_mtu(skb);
632
633 /* We must not fragment if the socket is set to force MTU discovery
634 * or if the skb it not generated by a local socket. (This last
635 * check should be redundant, but it's free.)
636 */
637 if (!skb->local_df) {
638 skb->dev = skb->dst->dev;
639 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, skb->dev);
640 IP6_INC_STATS(ip6_dst_idev(skb->dst), IPSTATS_MIB_FRAGFAILS);
641 kfree_skb(skb);
642 return -EMSGSIZE;
643 }
644
645 if (np && np->frag_size < mtu) {
646 if (np->frag_size)
647 mtu = np->frag_size;
648 }
649 mtu -= hlen + sizeof(struct frag_hdr);
650
651 if (skb_shinfo(skb)->frag_list) {
652 int first_len = skb_pagelen(skb);
653 int truesizes = 0;
654
655 if (first_len - hlen > mtu ||
656 ((first_len - hlen) & 7) ||
657 skb_cloned(skb))
658 goto slow_path;
659
660 for (frag = skb_shinfo(skb)->frag_list; frag; frag = frag->next) {
661 /* Correct geometry. */
662 if (frag->len > mtu ||
663 ((frag->len & 7) && frag->next) ||
664 skb_headroom(frag) < hlen)
665 goto slow_path;
666
667 /* Partially cloned skb? */
668 if (skb_shared(frag))
669 goto slow_path;
670
671 BUG_ON(frag->sk);
672 if (skb->sk) {
673 sock_hold(skb->sk);
674 frag->sk = skb->sk;
675 frag->destructor = sock_wfree;
676 truesizes += frag->truesize;
677 }
678 }
679
680 err = 0;
681 offset = 0;
682 frag = skb_shinfo(skb)->frag_list;
683 skb_shinfo(skb)->frag_list = NULL;
684 /* BUILD HEADER */
685
686 *prevhdr = NEXTHDR_FRAGMENT;
687 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
688 if (!tmp_hdr) {
689 IP6_INC_STATS(ip6_dst_idev(skb->dst), IPSTATS_MIB_FRAGFAILS);
690 return -ENOMEM;
691 }
692
693 __skb_pull(skb, hlen);
694 fh = (struct frag_hdr*)__skb_push(skb, sizeof(struct frag_hdr));
695 __skb_push(skb, hlen);
696 skb_reset_network_header(skb);
697 memcpy(skb_network_header(skb), tmp_hdr, hlen);
698
699 ipv6_select_ident(skb, fh);
700 fh->nexthdr = nexthdr;
701 fh->reserved = 0;
702 fh->frag_off = htons(IP6_MF);
703 frag_id = fh->identification;
704
705 first_len = skb_pagelen(skb);
706 skb->data_len = first_len - skb_headlen(skb);
707 skb->truesize -= truesizes;
708 skb->len = first_len;
709 ipv6_hdr(skb)->payload_len = htons(first_len -
710 sizeof(struct ipv6hdr));
711
712 dst_hold(&rt->u.dst);
713
714 for (;;) {
715 /* Prepare header of the next frame,
716 * before previous one went down. */
717 if (frag) {
718 frag->ip_summed = CHECKSUM_NONE;
719 skb_reset_transport_header(frag);
720 fh = (struct frag_hdr*)__skb_push(frag, sizeof(struct frag_hdr));
721 __skb_push(frag, hlen);
722 skb_reset_network_header(frag);
723 memcpy(skb_network_header(frag), tmp_hdr,
724 hlen);
725 offset += skb->len - hlen - sizeof(struct frag_hdr);
726 fh->nexthdr = nexthdr;
727 fh->reserved = 0;
728 fh->frag_off = htons(offset);
729 if (frag->next != NULL)
730 fh->frag_off |= htons(IP6_MF);
731 fh->identification = frag_id;
732 ipv6_hdr(frag)->payload_len =
733 htons(frag->len -
734 sizeof(struct ipv6hdr));
735 ip6_copy_metadata(frag, skb);
736 }
737
738 err = output(skb);
739 if(!err)
740 IP6_INC_STATS(ip6_dst_idev(&rt->u.dst), IPSTATS_MIB_FRAGCREATES);
741
742 if (err || !frag)
743 break;
744
745 skb = frag;
746 frag = skb->next;
747 skb->next = NULL;
748 }
749
750 kfree(tmp_hdr);
751
752 if (err == 0) {
753 IP6_INC_STATS(ip6_dst_idev(&rt->u.dst), IPSTATS_MIB_FRAGOKS);
754 dst_release(&rt->u.dst);
755 return 0;
756 }
757
758 while (frag) {
759 skb = frag->next;
760 kfree_skb(frag);
761 frag = skb;
762 }
763
764 IP6_INC_STATS(ip6_dst_idev(&rt->u.dst), IPSTATS_MIB_FRAGFAILS);
765 dst_release(&rt->u.dst);
766 return err;
767 }
768
769 slow_path:
770 left = skb->len - hlen; /* Space per frame */
771 ptr = hlen; /* Where to start from */
772
773 /*
774 * Fragment the datagram.
775 */
776
777 *prevhdr = NEXTHDR_FRAGMENT;
778
779 /*
780 * Keep copying data until we run out.
781 */
782 while(left > 0) {
783 len = left;
784 /* IF: it doesn't fit, use 'mtu' - the data space left */
785 if (len > mtu)
786 len = mtu;
787 /* IF: we are not sending upto and including the packet end
788 then align the next start on an eight byte boundary */
789 if (len < left) {
790 len &= ~7;
791 }
792 /*
793 * Allocate buffer.
794 */
795
796 if ((frag = alloc_skb(len+hlen+sizeof(struct frag_hdr)+LL_ALLOCATED_SPACE(rt->u.dst.dev), GFP_ATOMIC)) == NULL) {
797 NETDEBUG(KERN_INFO "IPv6: frag: no memory for new fragment!\n");
798 IP6_INC_STATS(ip6_dst_idev(skb->dst),
799 IPSTATS_MIB_FRAGFAILS);
800 err = -ENOMEM;
801 goto fail;
802 }
803
804 /*
805 * Set up data on packet
806 */
807
808 ip6_copy_metadata(frag, skb);
809 skb_reserve(frag, LL_RESERVED_SPACE(rt->u.dst.dev));
810 skb_put(frag, len + hlen + sizeof(struct frag_hdr));
811 skb_reset_network_header(frag);
812 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen);
813 frag->transport_header = (frag->network_header + hlen +
814 sizeof(struct frag_hdr));
815
816 /*
817 * Charge the memory for the fragment to any owner
818 * it might possess
819 */
820 if (skb->sk)
821 skb_set_owner_w(frag, skb->sk);
822
823 /*
824 * Copy the packet header into the new buffer.
825 */
826 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen);
827
828 /*
829 * Build fragment header.
830 */
831 fh->nexthdr = nexthdr;
832 fh->reserved = 0;
833 if (!frag_id) {
834 ipv6_select_ident(skb, fh);
835 frag_id = fh->identification;
836 } else
837 fh->identification = frag_id;
838
839 /*
840 * Copy a block of the IP datagram.
841 */
842 if (skb_copy_bits(skb, ptr, skb_transport_header(frag), len))
843 BUG();
844 left -= len;
845
846 fh->frag_off = htons(offset);
847 if (left > 0)
848 fh->frag_off |= htons(IP6_MF);
849 ipv6_hdr(frag)->payload_len = htons(frag->len -
850 sizeof(struct ipv6hdr));
851
852 ptr += len;
853 offset += len;
854
855 /*
856 * Put this fragment into the sending queue.
857 */
858 err = output(frag);
859 if (err)
860 goto fail;
861
862 IP6_INC_STATS(ip6_dst_idev(skb->dst), IPSTATS_MIB_FRAGCREATES);
863 }
864 IP6_INC_STATS(ip6_dst_idev(skb->dst),
865 IPSTATS_MIB_FRAGOKS);
866 kfree_skb(skb);
867 return err;
868
869 fail:
870 IP6_INC_STATS(ip6_dst_idev(skb->dst),
871 IPSTATS_MIB_FRAGFAILS);
872 kfree_skb(skb);
873 return err;
874 }
875
876 static inline int ip6_rt_check(struct rt6key *rt_key,
877 struct in6_addr *fl_addr,
878 struct in6_addr *addr_cache)
879 {
880 return ((rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) &&
881 (addr_cache == NULL || !ipv6_addr_equal(fl_addr, addr_cache)));
882 }
883
884 static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
885 struct dst_entry *dst,
886 struct flowi *fl)
887 {
888 struct ipv6_pinfo *np = inet6_sk(sk);
889 struct rt6_info *rt = (struct rt6_info *)dst;
890
891 if (!dst)
892 goto out;
893
894 /* Yes, checking route validity in not connected
895 * case is not very simple. Take into account,
896 * that we do not support routing by source, TOS,
897 * and MSG_DONTROUTE --ANK (980726)
898 *
899 * 1. ip6_rt_check(): If route was host route,
900 * check that cached destination is current.
901 * If it is network route, we still may
902 * check its validity using saved pointer
903 * to the last used address: daddr_cache.
904 * We do not want to save whole address now,
905 * (because main consumer of this service
906 * is tcp, which has not this problem),
907 * so that the last trick works only on connected
908 * sockets.
909 * 2. oif also should be the same.
910 */
911 if (ip6_rt_check(&rt->rt6i_dst, &fl->fl6_dst, np->daddr_cache) ||
912 #ifdef CONFIG_IPV6_SUBTREES
913 ip6_rt_check(&rt->rt6i_src, &fl->fl6_src, np->saddr_cache) ||
914 #endif
915 (fl->oif && fl->oif != dst->dev->ifindex)) {
916 dst_release(dst);
917 dst = NULL;
918 }
919
920 out:
921 return dst;
922 }
923
924 static int ip6_dst_lookup_tail(struct sock *sk,
925 struct dst_entry **dst, struct flowi *fl)
926 {
927 int err;
928 struct net *net = sock_net(sk);
929
930 if (*dst == NULL)
931 *dst = ip6_route_output(net, sk, fl);
932
933 if ((err = (*dst)->error))
934 goto out_err_release;
935
936 if (ipv6_addr_any(&fl->fl6_src)) {
937 err = ipv6_dev_get_saddr(ip6_dst_idev(*dst)->dev,
938 &fl->fl6_dst,
939 sk ? inet6_sk(sk)->srcprefs : 0,
940 &fl->fl6_src);
941 if (err)
942 goto out_err_release;
943 }
944
945 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
946 /*
947 * Here if the dst entry we've looked up
948 * has a neighbour entry that is in the INCOMPLETE
949 * state and the src address from the flow is
950 * marked as OPTIMISTIC, we release the found
951 * dst entry and replace it instead with the
952 * dst entry of the nexthop router
953 */
954 if (!((*dst)->neighbour->nud_state & NUD_VALID)) {
955 struct inet6_ifaddr *ifp;
956 struct flowi fl_gw;
957 int redirect;
958
959 ifp = ipv6_get_ifaddr(net, &fl->fl6_src,
960 (*dst)->dev, 1);
961
962 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
963 if (ifp)
964 in6_ifa_put(ifp);
965
966 if (redirect) {
967 /*
968 * We need to get the dst entry for the
969 * default router instead
970 */
971 dst_release(*dst);
972 memcpy(&fl_gw, fl, sizeof(struct flowi));
973 memset(&fl_gw.fl6_dst, 0, sizeof(struct in6_addr));
974 *dst = ip6_route_output(net, sk, &fl_gw);
975 if ((err = (*dst)->error))
976 goto out_err_release;
977 }
978 }
979 #endif
980
981 return 0;
982
983 out_err_release:
984 if (err == -ENETUNREACH)
985 IP6_INC_STATS_BH(NULL, IPSTATS_MIB_OUTNOROUTES);
986 dst_release(*dst);
987 *dst = NULL;
988 return err;
989 }
990
991 /**
992 * ip6_dst_lookup - perform route lookup on flow
993 * @sk: socket which provides route info
994 * @dst: pointer to dst_entry * for result
995 * @fl: flow to lookup
996 *
997 * This function performs a route lookup on the given flow.
998 *
999 * It returns zero on success, or a standard errno code on error.
1000 */
1001 int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl)
1002 {
1003 *dst = NULL;
1004 return ip6_dst_lookup_tail(sk, dst, fl);
1005 }
1006 EXPORT_SYMBOL_GPL(ip6_dst_lookup);
1007
1008 /**
1009 * ip6_sk_dst_lookup - perform socket cached route lookup on flow
1010 * @sk: socket which provides the dst cache and route info
1011 * @dst: pointer to dst_entry * for result
1012 * @fl: flow to lookup
1013 *
1014 * This function performs a route lookup on the given flow with the
1015 * possibility of using the cached route in the socket if it is valid.
1016 * It will take the socket dst lock when operating on the dst cache.
1017 * As a result, this function can only be used in process context.
1018 *
1019 * It returns zero on success, or a standard errno code on error.
1020 */
1021 int ip6_sk_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl)
1022 {
1023 *dst = NULL;
1024 if (sk) {
1025 *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
1026 *dst = ip6_sk_dst_check(sk, *dst, fl);
1027 }
1028
1029 return ip6_dst_lookup_tail(sk, dst, fl);
1030 }
1031 EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup);
1032
1033 static inline int ip6_ufo_append_data(struct sock *sk,
1034 int getfrag(void *from, char *to, int offset, int len,
1035 int odd, struct sk_buff *skb),
1036 void *from, int length, int hh_len, int fragheaderlen,
1037 int transhdrlen, int mtu,unsigned int flags)
1038
1039 {
1040 struct sk_buff *skb;
1041 int err;
1042
1043 /* There is support for UDP large send offload by network
1044 * device, so create one single skb packet containing complete
1045 * udp datagram
1046 */
1047 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) {
1048 skb = sock_alloc_send_skb(sk,
1049 hh_len + fragheaderlen + transhdrlen + 20,
1050 (flags & MSG_DONTWAIT), &err);
1051 if (skb == NULL)
1052 return -ENOMEM;
1053
1054 /* reserve space for Hardware header */
1055 skb_reserve(skb, hh_len);
1056
1057 /* create space for UDP/IP header */
1058 skb_put(skb,fragheaderlen + transhdrlen);
1059
1060 /* initialize network header pointer */
1061 skb_reset_network_header(skb);
1062
1063 /* initialize protocol header pointer */
1064 skb->transport_header = skb->network_header + fragheaderlen;
1065
1066 skb->ip_summed = CHECKSUM_PARTIAL;
1067 skb->csum = 0;
1068 sk->sk_sndmsg_off = 0;
1069 }
1070
1071 err = skb_append_datato_frags(sk,skb, getfrag, from,
1072 (length - transhdrlen));
1073 if (!err) {
1074 struct frag_hdr fhdr;
1075
1076 /* specify the length of each IP datagram fragment*/
1077 skb_shinfo(skb)->gso_size = mtu - fragheaderlen -
1078 sizeof(struct frag_hdr);
1079 skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
1080 ipv6_select_ident(skb, &fhdr);
1081 skb_shinfo(skb)->ip6_frag_id = fhdr.identification;
1082 __skb_queue_tail(&sk->sk_write_queue, skb);
1083
1084 return 0;
1085 }
1086 /* There is not enough support do UPD LSO,
1087 * so follow normal path
1088 */
1089 kfree_skb(skb);
1090
1091 return err;
1092 }
1093
1094 int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
1095 int offset, int len, int odd, struct sk_buff *skb),
1096 void *from, int length, int transhdrlen,
1097 int hlimit, int tclass, struct ipv6_txoptions *opt, struct flowi *fl,
1098 struct rt6_info *rt, unsigned int flags)
1099 {
1100 struct inet_sock *inet = inet_sk(sk);
1101 struct ipv6_pinfo *np = inet6_sk(sk);
1102 struct sk_buff *skb;
1103 unsigned int maxfraglen, fragheaderlen;
1104 int exthdrlen;
1105 int hh_len;
1106 int mtu;
1107 int copy;
1108 int err;
1109 int offset = 0;
1110 int csummode = CHECKSUM_NONE;
1111
1112 if (flags&MSG_PROBE)
1113 return 0;
1114 if (skb_queue_empty(&sk->sk_write_queue)) {
1115 /*
1116 * setup for corking
1117 */
1118 if (opt) {
1119 if (np->cork.opt == NULL) {
1120 np->cork.opt = kmalloc(opt->tot_len,
1121 sk->sk_allocation);
1122 if (unlikely(np->cork.opt == NULL))
1123 return -ENOBUFS;
1124 } else if (np->cork.opt->tot_len < opt->tot_len) {
1125 printk(KERN_DEBUG "ip6_append_data: invalid option length\n");
1126 return -EINVAL;
1127 }
1128 memcpy(np->cork.opt, opt, opt->tot_len);
1129 inet->cork.flags |= IPCORK_OPT;
1130 /* need source address above miyazawa*/
1131 }
1132 dst_hold(&rt->u.dst);
1133 inet->cork.dst = &rt->u.dst;
1134 inet->cork.fl = *fl;
1135 np->cork.hop_limit = hlimit;
1136 np->cork.tclass = tclass;
1137 mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ?
1138 rt->u.dst.dev->mtu : dst_mtu(rt->u.dst.path);
1139 if (np->frag_size < mtu) {
1140 if (np->frag_size)
1141 mtu = np->frag_size;
1142 }
1143 inet->cork.fragsize = mtu;
1144 if (dst_allfrag(rt->u.dst.path))
1145 inet->cork.flags |= IPCORK_ALLFRAG;
1146 inet->cork.length = 0;
1147 sk->sk_sndmsg_page = NULL;
1148 sk->sk_sndmsg_off = 0;
1149 exthdrlen = rt->u.dst.header_len + (opt ? opt->opt_flen : 0) -
1150 rt->rt6i_nfheader_len;
1151 length += exthdrlen;
1152 transhdrlen += exthdrlen;
1153 } else {
1154 rt = (struct rt6_info *)inet->cork.dst;
1155 fl = &inet->cork.fl;
1156 if (inet->cork.flags & IPCORK_OPT)
1157 opt = np->cork.opt;
1158 transhdrlen = 0;
1159 exthdrlen = 0;
1160 mtu = inet->cork.fragsize;
1161 }
1162
1163 hh_len = LL_RESERVED_SPACE(rt->u.dst.dev);
1164
1165 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len +
1166 (opt ? opt->opt_nflen : 0);
1167 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr);
1168
1169 if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) {
1170 if (inet->cork.length + length > sizeof(struct ipv6hdr) + IPV6_MAXPLEN - fragheaderlen) {
1171 ipv6_local_error(sk, EMSGSIZE, fl, mtu-exthdrlen);
1172 return -EMSGSIZE;
1173 }
1174 }
1175
1176 /*
1177 * Let's try using as much space as possible.
1178 * Use MTU if total length of the message fits into the MTU.
1179 * Otherwise, we need to reserve fragment header and
1180 * fragment alignment (= 8-15 octects, in total).
1181 *
1182 * Note that we may need to "move" the data from the tail of
1183 * of the buffer to the new fragment when we split
1184 * the message.
1185 *
1186 * FIXME: It may be fragmented into multiple chunks
1187 * at once if non-fragmentable extension headers
1188 * are too large.
1189 * --yoshfuji
1190 */
1191
1192 inet->cork.length += length;
1193 if (((length > mtu) && (sk->sk_protocol == IPPROTO_UDP)) &&
1194 (rt->u.dst.dev->features & NETIF_F_UFO)) {
1195
1196 err = ip6_ufo_append_data(sk, getfrag, from, length, hh_len,
1197 fragheaderlen, transhdrlen, mtu,
1198 flags);
1199 if (err)
1200 goto error;
1201 return 0;
1202 }
1203
1204 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL)
1205 goto alloc_new_skb;
1206
1207 while (length > 0) {
1208 /* Check if the remaining data fits into current packet. */
1209 copy = (inet->cork.length <= mtu && !(inet->cork.flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len;
1210 if (copy < length)
1211 copy = maxfraglen - skb->len;
1212
1213 if (copy <= 0) {
1214 char *data;
1215 unsigned int datalen;
1216 unsigned int fraglen;
1217 unsigned int fraggap;
1218 unsigned int alloclen;
1219 struct sk_buff *skb_prev;
1220 alloc_new_skb:
1221 skb_prev = skb;
1222
1223 /* There's no room in the current skb */
1224 if (skb_prev)
1225 fraggap = skb_prev->len - maxfraglen;
1226 else
1227 fraggap = 0;
1228
1229 /*
1230 * If remaining data exceeds the mtu,
1231 * we know we need more fragment(s).
1232 */
1233 datalen = length + fraggap;
1234 if (datalen > (inet->cork.length <= mtu && !(inet->cork.flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)
1235 datalen = maxfraglen - fragheaderlen;
1236
1237 fraglen = datalen + fragheaderlen;
1238 if ((flags & MSG_MORE) &&
1239 !(rt->u.dst.dev->features&NETIF_F_SG))
1240 alloclen = mtu;
1241 else
1242 alloclen = datalen + fragheaderlen;
1243
1244 /*
1245 * The last fragment gets additional space at tail.
1246 * Note: we overallocate on fragments with MSG_MODE
1247 * because we have no idea if we're the last one.
1248 */
1249 if (datalen == length + fraggap)
1250 alloclen += rt->u.dst.trailer_len;
1251
1252 /*
1253 * We just reserve space for fragment header.
1254 * Note: this may be overallocation if the message
1255 * (without MSG_MORE) fits into the MTU.
1256 */
1257 alloclen += sizeof(struct frag_hdr);
1258
1259 if (transhdrlen) {
1260 skb = sock_alloc_send_skb(sk,
1261 alloclen + hh_len,
1262 (flags & MSG_DONTWAIT), &err);
1263 } else {
1264 skb = NULL;
1265 if (atomic_read(&sk->sk_wmem_alloc) <=
1266 2 * sk->sk_sndbuf)
1267 skb = sock_wmalloc(sk,
1268 alloclen + hh_len, 1,
1269 sk->sk_allocation);
1270 if (unlikely(skb == NULL))
1271 err = -ENOBUFS;
1272 }
1273 if (skb == NULL)
1274 goto error;
1275 /*
1276 * Fill in the control structures
1277 */
1278 skb->ip_summed = csummode;
1279 skb->csum = 0;
1280 /* reserve for fragmentation */
1281 skb_reserve(skb, hh_len+sizeof(struct frag_hdr));
1282
1283 /*
1284 * Find where to start putting bytes
1285 */
1286 data = skb_put(skb, fraglen);
1287 skb_set_network_header(skb, exthdrlen);
1288 data += fragheaderlen;
1289 skb->transport_header = (skb->network_header +
1290 fragheaderlen);
1291 if (fraggap) {
1292 skb->csum = skb_copy_and_csum_bits(
1293 skb_prev, maxfraglen,
1294 data + transhdrlen, fraggap, 0);
1295 skb_prev->csum = csum_sub(skb_prev->csum,
1296 skb->csum);
1297 data += fraggap;
1298 pskb_trim_unique(skb_prev, maxfraglen);
1299 }
1300 copy = datalen - transhdrlen - fraggap;
1301 if (copy < 0) {
1302 err = -EINVAL;
1303 kfree_skb(skb);
1304 goto error;
1305 } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) {
1306 err = -EFAULT;
1307 kfree_skb(skb);
1308 goto error;
1309 }
1310
1311 offset += copy;
1312 length -= datalen - fraggap;
1313 transhdrlen = 0;
1314 exthdrlen = 0;
1315 csummode = CHECKSUM_NONE;
1316
1317 /*
1318 * Put the packet on the pending queue
1319 */
1320 __skb_queue_tail(&sk->sk_write_queue, skb);
1321 continue;
1322 }
1323
1324 if (copy > length)
1325 copy = length;
1326
1327 if (!(rt->u.dst.dev->features&NETIF_F_SG)) {
1328 unsigned int off;
1329
1330 off = skb->len;
1331 if (getfrag(from, skb_put(skb, copy),
1332 offset, copy, off, skb) < 0) {
1333 __skb_trim(skb, off);
1334 err = -EFAULT;
1335 goto error;
1336 }
1337 } else {
1338 int i = skb_shinfo(skb)->nr_frags;
1339 skb_frag_t *frag = &skb_shinfo(skb)->frags[i-1];
1340 struct page *page = sk->sk_sndmsg_page;
1341 int off = sk->sk_sndmsg_off;
1342 unsigned int left;
1343
1344 if (page && (left = PAGE_SIZE - off) > 0) {
1345 if (copy >= left)
1346 copy = left;
1347 if (page != frag->page) {
1348 if (i == MAX_SKB_FRAGS) {
1349 err = -EMSGSIZE;
1350 goto error;
1351 }
1352 get_page(page);
1353 skb_fill_page_desc(skb, i, page, sk->sk_sndmsg_off, 0);
1354 frag = &skb_shinfo(skb)->frags[i];
1355 }
1356 } else if(i < MAX_SKB_FRAGS) {
1357 if (copy > PAGE_SIZE)
1358 copy = PAGE_SIZE;
1359 page = alloc_pages(sk->sk_allocation, 0);
1360 if (page == NULL) {
1361 err = -ENOMEM;
1362 goto error;
1363 }
1364 sk->sk_sndmsg_page = page;
1365 sk->sk_sndmsg_off = 0;
1366
1367 skb_fill_page_desc(skb, i, page, 0, 0);
1368 frag = &skb_shinfo(skb)->frags[i];
1369 } else {
1370 err = -EMSGSIZE;
1371 goto error;
1372 }
1373 if (getfrag(from, page_address(frag->page)+frag->page_offset+frag->size, offset, copy, skb->len, skb) < 0) {
1374 err = -EFAULT;
1375 goto error;
1376 }
1377 sk->sk_sndmsg_off += copy;
1378 frag->size += copy;
1379 skb->len += copy;
1380 skb->data_len += copy;
1381 skb->truesize += copy;
1382 atomic_add(copy, &sk->sk_wmem_alloc);
1383 }
1384 offset += copy;
1385 length -= copy;
1386 }
1387 return 0;
1388 error:
1389 inet->cork.length -= length;
1390 IP6_INC_STATS(rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1391 return err;
1392 }
1393
1394 static void ip6_cork_release(struct inet_sock *inet, struct ipv6_pinfo *np)
1395 {
1396 inet->cork.flags &= ~IPCORK_OPT;
1397 kfree(np->cork.opt);
1398 np->cork.opt = NULL;
1399 if (inet->cork.dst) {
1400 dst_release(inet->cork.dst);
1401 inet->cork.dst = NULL;
1402 inet->cork.flags &= ~IPCORK_ALLFRAG;
1403 }
1404 memset(&inet->cork.fl, 0, sizeof(inet->cork.fl));
1405 }
1406
1407 int ip6_push_pending_frames(struct sock *sk)
1408 {
1409 struct sk_buff *skb, *tmp_skb;
1410 struct sk_buff **tail_skb;
1411 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf;
1412 struct inet_sock *inet = inet_sk(sk);
1413 struct ipv6_pinfo *np = inet6_sk(sk);
1414 struct ipv6hdr *hdr;
1415 struct ipv6_txoptions *opt = np->cork.opt;
1416 struct rt6_info *rt = (struct rt6_info *)inet->cork.dst;
1417 struct flowi *fl = &inet->cork.fl;
1418 unsigned char proto = fl->proto;
1419 int err = 0;
1420
1421 if ((skb = __skb_dequeue(&sk->sk_write_queue)) == NULL)
1422 goto out;
1423 tail_skb = &(skb_shinfo(skb)->frag_list);
1424
1425 /* move skb->data to ip header from ext header */
1426 if (skb->data < skb_network_header(skb))
1427 __skb_pull(skb, skb_network_offset(skb));
1428 while ((tmp_skb = __skb_dequeue(&sk->sk_write_queue)) != NULL) {
1429 __skb_pull(tmp_skb, skb_network_header_len(skb));
1430 *tail_skb = tmp_skb;
1431 tail_skb = &(tmp_skb->next);
1432 skb->len += tmp_skb->len;
1433 skb->data_len += tmp_skb->len;
1434 skb->truesize += tmp_skb->truesize;
1435 __sock_put(tmp_skb->sk);
1436 tmp_skb->destructor = NULL;
1437 tmp_skb->sk = NULL;
1438 }
1439
1440 /* Allow local fragmentation. */
1441 if (np->pmtudisc < IPV6_PMTUDISC_DO)
1442 skb->local_df = 1;
1443
1444 ipv6_addr_copy(final_dst, &fl->fl6_dst);
1445 __skb_pull(skb, skb_network_header_len(skb));
1446 if (opt && opt->opt_flen)
1447 ipv6_push_frag_opts(skb, opt, &proto);
1448 if (opt && opt->opt_nflen)
1449 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst);
1450
1451 skb_push(skb, sizeof(struct ipv6hdr));
1452 skb_reset_network_header(skb);
1453 hdr = ipv6_hdr(skb);
1454
1455 *(__be32*)hdr = fl->fl6_flowlabel |
1456 htonl(0x60000000 | ((int)np->cork.tclass << 20));
1457
1458 hdr->hop_limit = np->cork.hop_limit;
1459 hdr->nexthdr = proto;
1460 ipv6_addr_copy(&hdr->saddr, &fl->fl6_src);
1461 ipv6_addr_copy(&hdr->daddr, final_dst);
1462
1463 skb->priority = sk->sk_priority;
1464 skb->mark = sk->sk_mark;
1465
1466 skb->dst = dst_clone(&rt->u.dst);
1467 IP6_INC_STATS(rt->rt6i_idev, IPSTATS_MIB_OUTREQUESTS);
1468 if (proto == IPPROTO_ICMPV6) {
1469 struct inet6_dev *idev = ip6_dst_idev(skb->dst);
1470
1471 ICMP6MSGOUT_INC_STATS_BH(idev, icmp6_hdr(skb)->icmp6_type);
1472 ICMP6_INC_STATS_BH(idev, ICMP6_MIB_OUTMSGS);
1473 }
1474
1475 err = ip6_local_out(skb);
1476 if (err) {
1477 if (err > 0)
1478 err = np->recverr ? net_xmit_errno(err) : 0;
1479 if (err)
1480 goto error;
1481 }
1482
1483 out:
1484 ip6_cork_release(inet, np);
1485 return err;
1486 error:
1487 goto out;
1488 }
1489
1490 void ip6_flush_pending_frames(struct sock *sk)
1491 {
1492 struct sk_buff *skb;
1493
1494 while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) {
1495 if (skb->dst)
1496 IP6_INC_STATS(ip6_dst_idev(skb->dst),
1497 IPSTATS_MIB_OUTDISCARDS);
1498 kfree_skb(skb);
1499 }
1500
1501 ip6_cork_release(inet_sk(sk), inet6_sk(sk));
1502 }
kernel source for telekom puls (alcatel/mediatek)