Loading...
1/*
2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
5 *
6 * The Internet Protocol (IP) output module.
7 *
8 * Authors: Ross Biro
9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
10 * Donald Becker, <becker@super.org>
11 * Alan Cox, <Alan.Cox@linux.org>
12 * Richard Underwood
13 * Stefan Becker, <stefanb@yello.ping.de>
14 * Jorge Cwik, <jorge@laser.satlink.net>
15 * Arnt Gulbrandsen, <agulbra@nvg.unit.no>
16 * Hirokazu Takahashi, <taka@valinux.co.jp>
17 *
18 * See ip_input.c for original log
19 *
20 * Fixes:
21 * Alan Cox : Missing nonblock feature in ip_build_xmit.
22 * Mike Kilburn : htons() missing in ip_build_xmit.
23 * Bradford Johnson: Fix faulty handling of some frames when
24 * no route is found.
25 * Alexander Demenshin: Missing sk/skb free in ip_queue_xmit
26 * (in case if packet not accepted by
27 * output firewall rules)
28 * Mike McLagan : Routing by source
29 * Alexey Kuznetsov: use new route cache
30 * Andi Kleen: Fix broken PMTU recovery and remove
31 * some redundant tests.
32 * Vitaly E. Lavrov : Transparent proxy revived after year coma.
33 * Andi Kleen : Replace ip_reply with ip_send_reply.
34 * Andi Kleen : Split fast and slow ip_build_xmit path
35 * for decreased register pressure on x86
36 * and more readibility.
37 * Marc Boucher : When call_out_firewall returns FW_QUEUE,
38 * silently drop skb instead of failing with -EPERM.
39 * Detlev Wengorz : Copy protocol for fragments.
40 * Hirokazu Takahashi: HW checksumming for outgoing UDP
41 * datagrams.
42 * Hirokazu Takahashi: sendfile() on UDP works now.
43 */
44
45#include <asm/uaccess.h>
46#include <linux/module.h>
47#include <linux/types.h>
48#include <linux/kernel.h>
49#include <linux/mm.h>
50#include <linux/string.h>
51#include <linux/errno.h>
52#include <linux/highmem.h>
53#include <linux/slab.h>
54
55#include <linux/socket.h>
56#include <linux/sockios.h>
57#include <linux/in.h>
58#include <linux/inet.h>
59#include <linux/netdevice.h>
60#include <linux/etherdevice.h>
61#include <linux/proc_fs.h>
62#include <linux/stat.h>
63#include <linux/init.h>
64
65#include <net/snmp.h>
66#include <net/ip.h>
67#include <net/protocol.h>
68#include <net/route.h>
69#include <net/xfrm.h>
70#include <linux/skbuff.h>
71#include <net/sock.h>
72#include <net/arp.h>
73#include <net/icmp.h>
74#include <net/checksum.h>
75#include <net/inetpeer.h>
76#include <linux/igmp.h>
77#include <linux/netfilter_ipv4.h>
78#include <linux/netfilter_bridge.h>
79#include <linux/mroute.h>
80#include <linux/netlink.h>
81#include <linux/tcp.h>
82
83int sysctl_ip_default_ttl __read_mostly = IPDEFTTL;
84EXPORT_SYMBOL(sysctl_ip_default_ttl);
85
86/* Generate a checksum for an outgoing IP datagram. */
87void ip_send_check(struct iphdr *iph)
88{
89 iph->check = 0;
90 iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl);
91}
92EXPORT_SYMBOL(ip_send_check);
93
94int __ip_local_out(struct sk_buff *skb)
95{
96 struct iphdr *iph = ip_hdr(skb);
97
98 iph->tot_len = htons(skb->len);
99 ip_send_check(iph);
100 return nf_hook(NFPROTO_IPV4, NF_INET_LOCAL_OUT, skb, NULL,
101 skb_dst(skb)->dev, dst_output);
102}
103
104int ip_local_out_sk(struct sock *sk, struct sk_buff *skb)
105{
106 int err;
107
108 err = __ip_local_out(skb);
109 if (likely(err == 1))
110 err = dst_output_sk(sk, skb);
111
112 return err;
113}
114EXPORT_SYMBOL_GPL(ip_local_out_sk);
115
116static inline int ip_select_ttl(struct inet_sock *inet, struct dst_entry *dst)
117{
118 int ttl = inet->uc_ttl;
119
120 if (ttl < 0)
121 ttl = ip4_dst_hoplimit(dst);
122 return ttl;
123}
124
125/*
126 * Add an ip header to a skbuff and send it out.
127 *
128 */
129int ip_build_and_send_pkt(struct sk_buff *skb, struct sock *sk,
130 __be32 saddr, __be32 daddr, struct ip_options_rcu *opt)
131{
132 struct inet_sock *inet = inet_sk(sk);
133 struct rtable *rt = skb_rtable(skb);
134 struct iphdr *iph;
135
136 /* Build the IP header. */
137 skb_push(skb, sizeof(struct iphdr) + (opt ? opt->opt.optlen : 0));
138 skb_reset_network_header(skb);
139 iph = ip_hdr(skb);
140 iph->version = 4;
141 iph->ihl = 5;
142 iph->tos = inet->tos;
143 if (ip_dont_fragment(sk, &rt->dst))
144 iph->frag_off = htons(IP_DF);
145 else
146 iph->frag_off = 0;
147 iph->ttl = ip_select_ttl(inet, &rt->dst);
148 iph->daddr = (opt && opt->opt.srr ? opt->opt.faddr : daddr);
149 iph->saddr = saddr;
150 iph->protocol = sk->sk_protocol;
151 ip_select_ident(skb, &rt->dst, sk);
152
153 if (opt && opt->opt.optlen) {
154 iph->ihl += opt->opt.optlen>>2;
155 ip_options_build(skb, &opt->opt, daddr, rt, 0);
156 }
157
158 skb->priority = sk->sk_priority;
159 skb->mark = sk->sk_mark;
160
161 /* Send it out. */
162 return ip_local_out(skb);
163}
164EXPORT_SYMBOL_GPL(ip_build_and_send_pkt);
165
166static inline int ip_finish_output2(struct sk_buff *skb)
167{
168 struct dst_entry *dst = skb_dst(skb);
169 struct rtable *rt = (struct rtable *)dst;
170 struct net_device *dev = dst->dev;
171 unsigned int hh_len = LL_RESERVED_SPACE(dev);
172 struct neighbour *neigh;
173 u32 nexthop;
174
175 if (rt->rt_type == RTN_MULTICAST) {
176 IP_UPD_PO_STATS(dev_net(dev), IPSTATS_MIB_OUTMCAST, skb->len);
177 } else if (rt->rt_type == RTN_BROADCAST)
178 IP_UPD_PO_STATS(dev_net(dev), IPSTATS_MIB_OUTBCAST, skb->len);
179
180 /* Be paranoid, rather than too clever. */
181 if (unlikely(skb_headroom(skb) < hh_len && dev->header_ops)) {
182 struct sk_buff *skb2;
183
184 skb2 = skb_realloc_headroom(skb, LL_RESERVED_SPACE(dev));
185 if (skb2 == NULL) {
186 kfree_skb(skb);
187 return -ENOMEM;
188 }
189 if (skb->sk)
190 skb_set_owner_w(skb2, skb->sk);
191 consume_skb(skb);
192 skb = skb2;
193 }
194
195 rcu_read_lock_bh();
196 nexthop = (__force u32) rt_nexthop(rt, ip_hdr(skb)->daddr);
197 neigh = __ipv4_neigh_lookup_noref(dev, nexthop);
198 if (unlikely(!neigh))
199 neigh = __neigh_create(&arp_tbl, &nexthop, dev, false);
200 if (!IS_ERR(neigh)) {
201 int res = dst_neigh_output(dst, neigh, skb);
202
203 rcu_read_unlock_bh();
204 return res;
205 }
206 rcu_read_unlock_bh();
207
208 net_dbg_ratelimited("%s: No header cache and no neighbour!\n",
209 __func__);
210 kfree_skb(skb);
211 return -EINVAL;
212}
213
214static int ip_finish_output_gso(struct sk_buff *skb)
215{
216 netdev_features_t features;
217 struct sk_buff *segs;
218 int ret = 0;
219
220 /* common case: locally created skb or seglen is <= mtu */
221 if (((IPCB(skb)->flags & IPSKB_FORWARDED) == 0) ||
222 skb_gso_network_seglen(skb) <= ip_skb_dst_mtu(skb))
223 return ip_finish_output2(skb);
224
225 /* Slowpath - GSO segment length is exceeding the dst MTU.
226 *
227 * This can happen in two cases:
228 * 1) TCP GRO packet, DF bit not set
229 * 2) skb arrived via virtio-net, we thus get TSO/GSO skbs directly
230 * from host network stack.
231 */
232 features = netif_skb_features(skb);
233 segs = skb_gso_segment(skb, features & ~NETIF_F_GSO_MASK);
234 if (IS_ERR(segs)) {
235 kfree_skb(skb);
236 return -ENOMEM;
237 }
238
239 consume_skb(skb);
240
241 do {
242 struct sk_buff *nskb = segs->next;
243 int err;
244
245 segs->next = NULL;
246 err = ip_fragment(segs, ip_finish_output2);
247
248 if (err && ret == 0)
249 ret = err;
250 segs = nskb;
251 } while (segs);
252
253 return ret;
254}
255
256static int ip_finish_output(struct sk_buff *skb)
257{
258#if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM)
259 /* Policy lookup after SNAT yielded a new policy */
260 if (skb_dst(skb)->xfrm != NULL) {
261 IPCB(skb)->flags |= IPSKB_REROUTED;
262 return dst_output(skb);
263 }
264#endif
265 if (skb_is_gso(skb))
266 return ip_finish_output_gso(skb);
267
268 if (skb->len > ip_skb_dst_mtu(skb))
269 return ip_fragment(skb, ip_finish_output2);
270
271 return ip_finish_output2(skb);
272}
273
274int ip_mc_output(struct sock *sk, struct sk_buff *skb)
275{
276 struct rtable *rt = skb_rtable(skb);
277 struct net_device *dev = rt->dst.dev;
278
279 /*
280 * If the indicated interface is up and running, send the packet.
281 */
282 IP_UPD_PO_STATS(dev_net(dev), IPSTATS_MIB_OUT, skb->len);
283
284 skb->dev = dev;
285 skb->protocol = htons(ETH_P_IP);
286
287 /*
288 * Multicasts are looped back for other local users
289 */
290
291 if (rt->rt_flags&RTCF_MULTICAST) {
292 if (sk_mc_loop(sk)
293#ifdef CONFIG_IP_MROUTE
294 /* Small optimization: do not loopback not local frames,
295 which returned after forwarding; they will be dropped
296 by ip_mr_input in any case.
297 Note, that local frames are looped back to be delivered
298 to local recipients.
299
300 This check is duplicated in ip_mr_input at the moment.
301 */
302 &&
303 ((rt->rt_flags & RTCF_LOCAL) ||
304 !(IPCB(skb)->flags & IPSKB_FORWARDED))
305#endif
306 ) {
307 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
308 if (newskb)
309 NF_HOOK(NFPROTO_IPV4, NF_INET_POST_ROUTING,
310 newskb, NULL, newskb->dev,
311 dev_loopback_xmit);
312 }
313
314 /* Multicasts with ttl 0 must not go beyond the host */
315
316 if (ip_hdr(skb)->ttl == 0) {
317 kfree_skb(skb);
318 return 0;
319 }
320 }
321
322 if (rt->rt_flags&RTCF_BROADCAST) {
323 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
324 if (newskb)
325 NF_HOOK(NFPROTO_IPV4, NF_INET_POST_ROUTING, newskb,
326 NULL, newskb->dev, dev_loopback_xmit);
327 }
328
329 return NF_HOOK_COND(NFPROTO_IPV4, NF_INET_POST_ROUTING, skb, NULL,
330 skb->dev, ip_finish_output,
331 !(IPCB(skb)->flags & IPSKB_REROUTED));
332}
333
334int ip_output(struct sock *sk, struct sk_buff *skb)
335{
336 struct net_device *dev = skb_dst(skb)->dev;
337
338 IP_UPD_PO_STATS(dev_net(dev), IPSTATS_MIB_OUT, skb->len);
339
340 skb->dev = dev;
341 skb->protocol = htons(ETH_P_IP);
342
343 return NF_HOOK_COND(NFPROTO_IPV4, NF_INET_POST_ROUTING, skb, NULL, dev,
344 ip_finish_output,
345 !(IPCB(skb)->flags & IPSKB_REROUTED));
346}
347
348/*
349 * copy saddr and daddr, possibly using 64bit load/stores
350 * Equivalent to :
351 * iph->saddr = fl4->saddr;
352 * iph->daddr = fl4->daddr;
353 */
354static void ip_copy_addrs(struct iphdr *iph, const struct flowi4 *fl4)
355{
356 BUILD_BUG_ON(offsetof(typeof(*fl4), daddr) !=
357 offsetof(typeof(*fl4), saddr) + sizeof(fl4->saddr));
358 memcpy(&iph->saddr, &fl4->saddr,
359 sizeof(fl4->saddr) + sizeof(fl4->daddr));
360}
361
362/* Note: skb->sk can be different from sk, in case of tunnels */
363int ip_queue_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl)
364{
365 struct inet_sock *inet = inet_sk(sk);
366 struct ip_options_rcu *inet_opt;
367 struct flowi4 *fl4;
368 struct rtable *rt;
369 struct iphdr *iph;
370 int res;
371
372 /* Skip all of this if the packet is already routed,
373 * f.e. by something like SCTP.
374 */
375 rcu_read_lock();
376 inet_opt = rcu_dereference(inet->inet_opt);
377 fl4 = &fl->u.ip4;
378 rt = skb_rtable(skb);
379 if (rt != NULL)
380 goto packet_routed;
381
382 /* Make sure we can route this packet. */
383 rt = (struct rtable *)__sk_dst_check(sk, 0);
384 if (rt == NULL) {
385 __be32 daddr;
386
387 /* Use correct destination address if we have options. */
388 daddr = inet->inet_daddr;
389 if (inet_opt && inet_opt->opt.srr)
390 daddr = inet_opt->opt.faddr;
391
392 /* If this fails, retransmit mechanism of transport layer will
393 * keep trying until route appears or the connection times
394 * itself out.
395 */
396 rt = ip_route_output_ports(sock_net(sk), fl4, sk,
397 daddr, inet->inet_saddr,
398 inet->inet_dport,
399 inet->inet_sport,
400 sk->sk_protocol,
401 RT_CONN_FLAGS(sk),
402 sk->sk_bound_dev_if);
403 if (IS_ERR(rt))
404 goto no_route;
405 sk_setup_caps(sk, &rt->dst);
406 }
407 skb_dst_set_noref(skb, &rt->dst);
408
409packet_routed:
410 if (inet_opt && inet_opt->opt.is_strictroute && rt->rt_uses_gateway)
411 goto no_route;
412
413 /* OK, we know where to send it, allocate and build IP header. */
414 skb_push(skb, sizeof(struct iphdr) + (inet_opt ? inet_opt->opt.optlen : 0));
415 skb_reset_network_header(skb);
416 iph = ip_hdr(skb);
417 *((__be16 *)iph) = htons((4 << 12) | (5 << 8) | (inet->tos & 0xff));
418 if (ip_dont_fragment(sk, &rt->dst) && !skb->local_df)
419 iph->frag_off = htons(IP_DF);
420 else
421 iph->frag_off = 0;
422 iph->ttl = ip_select_ttl(inet, &rt->dst);
423 iph->protocol = sk->sk_protocol;
424 ip_copy_addrs(iph, fl4);
425
426 /* Transport layer set skb->h.foo itself. */
427
428 if (inet_opt && inet_opt->opt.optlen) {
429 iph->ihl += inet_opt->opt.optlen >> 2;
430 ip_options_build(skb, &inet_opt->opt, inet->inet_daddr, rt, 0);
431 }
432
433 ip_select_ident_more(skb, &rt->dst, sk,
434 (skb_shinfo(skb)->gso_segs ?: 1) - 1);
435
436 /* TODO : should we use skb->sk here instead of sk ? */
437 skb->priority = sk->sk_priority;
438 skb->mark = sk->sk_mark;
439
440 res = ip_local_out(skb);
441 rcu_read_unlock();
442 return res;
443
444no_route:
445 rcu_read_unlock();
446 IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
447 kfree_skb(skb);
448 return -EHOSTUNREACH;
449}
450EXPORT_SYMBOL(ip_queue_xmit);
451
452
453static void ip_copy_metadata(struct sk_buff *to, struct sk_buff *from)
454{
455 to->pkt_type = from->pkt_type;
456 to->priority = from->priority;
457 to->protocol = from->protocol;
458 skb_dst_drop(to);
459 skb_dst_copy(to, from);
460 to->dev = from->dev;
461 to->mark = from->mark;
462
463 /* Copy the flags to each fragment. */
464 IPCB(to)->flags = IPCB(from)->flags;
465
466#ifdef CONFIG_NET_SCHED
467 to->tc_index = from->tc_index;
468#endif
469 nf_copy(to, from);
470#if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE)
471 to->ipvs_property = from->ipvs_property;
472#endif
473 skb_copy_secmark(to, from);
474}
475
476/*
477 * This IP datagram is too large to be sent in one piece. Break it up into
478 * smaller pieces (each of size equal to IP header plus
479 * a block of the data of the original IP data part) that will yet fit in a
480 * single device frame, and queue such a frame for sending.
481 */
482
483int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
484{
485 struct iphdr *iph;
486 int ptr;
487 struct net_device *dev;
488 struct sk_buff *skb2;
489 unsigned int mtu, hlen, left, len, ll_rs;
490 int offset;
491 __be16 not_last_frag;
492 struct rtable *rt = skb_rtable(skb);
493 int err = 0;
494
495 dev = rt->dst.dev;
496
497 /*
498 * Point into the IP datagram header.
499 */
500
501 iph = ip_hdr(skb);
502
503 mtu = ip_skb_dst_mtu(skb);
504 if (unlikely(((iph->frag_off & htons(IP_DF)) && !skb->local_df) ||
505 (IPCB(skb)->frag_max_size &&
506 IPCB(skb)->frag_max_size > mtu))) {
507 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGFAILS);
508 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
509 htonl(mtu));
510 kfree_skb(skb);
511 return -EMSGSIZE;
512 }
513
514 /*
515 * Setup starting values.
516 */
517
518 hlen = iph->ihl * 4;
519 mtu = mtu - hlen; /* Size of data space */
520#ifdef CONFIG_BRIDGE_NETFILTER
521 if (skb->nf_bridge)
522 mtu -= nf_bridge_mtu_reduction(skb);
523#endif
524 IPCB(skb)->flags |= IPSKB_FRAG_COMPLETE;
525
526 /* When frag_list is given, use it. First, check its validity:
527 * some transformers could create wrong frag_list or break existing
528 * one, it is not prohibited. In this case fall back to copying.
529 *
530 * LATER: this step can be merged to real generation of fragments,
531 * we can switch to copy when see the first bad fragment.
532 */
533 if (skb_has_frag_list(skb)) {
534 struct sk_buff *frag, *frag2;
535 int first_len = skb_pagelen(skb);
536
537 if (first_len - hlen > mtu ||
538 ((first_len - hlen) & 7) ||
539 ip_is_fragment(iph) ||
540 skb_cloned(skb))
541 goto slow_path;
542
543 skb_walk_frags(skb, frag) {
544 /* Correct geometry. */
545 if (frag->len > mtu ||
546 ((frag->len & 7) && frag->next) ||
547 skb_headroom(frag) < hlen)
548 goto slow_path_clean;
549
550 /* Partially cloned skb? */
551 if (skb_shared(frag))
552 goto slow_path_clean;
553
554 BUG_ON(frag->sk);
555 if (skb->sk) {
556 frag->sk = skb->sk;
557 frag->destructor = sock_wfree;
558 }
559 skb->truesize -= frag->truesize;
560 }
561
562 /* Everything is OK. Generate! */
563
564 err = 0;
565 offset = 0;
566 frag = skb_shinfo(skb)->frag_list;
567 skb_frag_list_init(skb);
568 skb->data_len = first_len - skb_headlen(skb);
569 skb->len = first_len;
570 iph->tot_len = htons(first_len);
571 iph->frag_off = htons(IP_MF);
572 ip_send_check(iph);
573
574 for (;;) {
575 /* Prepare header of the next frame,
576 * before previous one went down. */
577 if (frag) {
578 frag->ip_summed = CHECKSUM_NONE;
579 skb_reset_transport_header(frag);
580 __skb_push(frag, hlen);
581 skb_reset_network_header(frag);
582 memcpy(skb_network_header(frag), iph, hlen);
583 iph = ip_hdr(frag);
584 iph->tot_len = htons(frag->len);
585 ip_copy_metadata(frag, skb);
586 if (offset == 0)
587 ip_options_fragment(frag);
588 offset += skb->len - hlen;
589 iph->frag_off = htons(offset>>3);
590 if (frag->next != NULL)
591 iph->frag_off |= htons(IP_MF);
592 /* Ready, complete checksum */
593 ip_send_check(iph);
594 }
595
596 err = output(skb);
597
598 if (!err)
599 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGCREATES);
600 if (err || !frag)
601 break;
602
603 skb = frag;
604 frag = skb->next;
605 skb->next = NULL;
606 }
607
608 if (err == 0) {
609 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGOKS);
610 return 0;
611 }
612
613 while (frag) {
614 skb = frag->next;
615 kfree_skb(frag);
616 frag = skb;
617 }
618 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGFAILS);
619 return err;
620
621slow_path_clean:
622 skb_walk_frags(skb, frag2) {
623 if (frag2 == frag)
624 break;
625 frag2->sk = NULL;
626 frag2->destructor = NULL;
627 skb->truesize += frag2->truesize;
628 }
629 }
630
631slow_path:
632 /* for offloaded checksums cleanup checksum before fragmentation */
633 if ((skb->ip_summed == CHECKSUM_PARTIAL) && skb_checksum_help(skb))
634 goto fail;
635 iph = ip_hdr(skb);
636
637 left = skb->len - hlen; /* Space per frame */
638 ptr = hlen; /* Where to start from */
639
640 /* for bridged IP traffic encapsulated inside f.e. a vlan header,
641 * we need to make room for the encapsulating header
642 */
643 ll_rs = LL_RESERVED_SPACE_EXTRA(rt->dst.dev, nf_bridge_pad(skb));
644
645 /*
646 * Fragment the datagram.
647 */
648
649 offset = (ntohs(iph->frag_off) & IP_OFFSET) << 3;
650 not_last_frag = iph->frag_off & htons(IP_MF);
651
652 /*
653 * Keep copying data until we run out.
654 */
655
656 while (left > 0) {
657 len = left;
658 /* IF: it doesn't fit, use 'mtu' - the data space left */
659 if (len > mtu)
660 len = mtu;
661 /* IF: we are not sending up to and including the packet end
662 then align the next start on an eight byte boundary */
663 if (len < left) {
664 len &= ~7;
665 }
666 /*
667 * Allocate buffer.
668 */
669
670 if ((skb2 = alloc_skb(len+hlen+ll_rs, GFP_ATOMIC)) == NULL) {
671 NETDEBUG(KERN_INFO "IP: frag: no memory for new fragment!\n");
672 err = -ENOMEM;
673 goto fail;
674 }
675
676 /*
677 * Set up data on packet
678 */
679
680 ip_copy_metadata(skb2, skb);
681 skb_reserve(skb2, ll_rs);
682 skb_put(skb2, len + hlen);
683 skb_reset_network_header(skb2);
684 skb2->transport_header = skb2->network_header + hlen;
685
686 /*
687 * Charge the memory for the fragment to any owner
688 * it might possess
689 */
690
691 if (skb->sk)
692 skb_set_owner_w(skb2, skb->sk);
693
694 /*
695 * Copy the packet header into the new buffer.
696 */
697
698 skb_copy_from_linear_data(skb, skb_network_header(skb2), hlen);
699
700 /*
701 * Copy a block of the IP datagram.
702 */
703 if (skb_copy_bits(skb, ptr, skb_transport_header(skb2), len))
704 BUG();
705 left -= len;
706
707 /*
708 * Fill in the new header fields.
709 */
710 iph = ip_hdr(skb2);
711 iph->frag_off = htons((offset >> 3));
712
713 /* ANK: dirty, but effective trick. Upgrade options only if
714 * the segment to be fragmented was THE FIRST (otherwise,
715 * options are already fixed) and make it ONCE
716 * on the initial skb, so that all the following fragments
717 * will inherit fixed options.
718 */
719 if (offset == 0)
720 ip_options_fragment(skb);
721
722 /*
723 * Added AC : If we are fragmenting a fragment that's not the
724 * last fragment then keep MF on each bit
725 */
726 if (left > 0 || not_last_frag)
727 iph->frag_off |= htons(IP_MF);
728 ptr += len;
729 offset += len;
730
731 /*
732 * Put this fragment into the sending queue.
733 */
734 iph->tot_len = htons(len + hlen);
735
736 ip_send_check(iph);
737
738 err = output(skb2);
739 if (err)
740 goto fail;
741
742 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGCREATES);
743 }
744 consume_skb(skb);
745 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGOKS);
746 return err;
747
748fail:
749 kfree_skb(skb);
750 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGFAILS);
751 return err;
752}
753EXPORT_SYMBOL(ip_fragment);
754
755int
756ip_generic_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
757{
758 struct iovec *iov = from;
759
760 if (skb->ip_summed == CHECKSUM_PARTIAL) {
761 if (memcpy_fromiovecend(to, iov, offset, len) < 0)
762 return -EFAULT;
763 } else {
764 __wsum csum = 0;
765 if (csum_partial_copy_fromiovecend(to, iov, offset, len, &csum) < 0)
766 return -EFAULT;
767 skb->csum = csum_block_add(skb->csum, csum, odd);
768 }
769 return 0;
770}
771EXPORT_SYMBOL(ip_generic_getfrag);
772
773static inline __wsum
774csum_page(struct page *page, int offset, int copy)
775{
776 char *kaddr;
777 __wsum csum;
778 kaddr = kmap(page);
779 csum = csum_partial(kaddr + offset, copy, 0);
780 kunmap(page);
781 return csum;
782}
783
784static inline int ip_ufo_append_data(struct sock *sk,
785 struct sk_buff_head *queue,
786 int getfrag(void *from, char *to, int offset, int len,
787 int odd, struct sk_buff *skb),
788 void *from, int length, int hh_len, int fragheaderlen,
789 int transhdrlen, int maxfraglen, unsigned int flags)
790{
791 struct sk_buff *skb;
792 int err;
793
794 /* There is support for UDP fragmentation offload by network
795 * device, so create one single skb packet containing complete
796 * udp datagram
797 */
798 if ((skb = skb_peek_tail(queue)) == NULL) {
799 skb = sock_alloc_send_skb(sk,
800 hh_len + fragheaderlen + transhdrlen + 20,
801 (flags & MSG_DONTWAIT), &err);
802
803 if (skb == NULL)
804 return err;
805
806 /* reserve space for Hardware header */
807 skb_reserve(skb, hh_len);
808
809 /* create space for UDP/IP header */
810 skb_put(skb, fragheaderlen + transhdrlen);
811
812 /* initialize network header pointer */
813 skb_reset_network_header(skb);
814
815 /* initialize protocol header pointer */
816 skb->transport_header = skb->network_header + fragheaderlen;
817
818 skb->csum = 0;
819
820
821 __skb_queue_tail(queue, skb);
822 } else if (skb_is_gso(skb)) {
823 goto append;
824 }
825
826 skb->ip_summed = CHECKSUM_PARTIAL;
827 /* specify the length of each IP datagram fragment */
828 skb_shinfo(skb)->gso_size = maxfraglen - fragheaderlen;
829 skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
830
831append:
832 return skb_append_datato_frags(sk, skb, getfrag, from,
833 (length - transhdrlen));
834}
835
836static int __ip_append_data(struct sock *sk,
837 struct flowi4 *fl4,
838 struct sk_buff_head *queue,
839 struct inet_cork *cork,
840 struct page_frag *pfrag,
841 int getfrag(void *from, char *to, int offset,
842 int len, int odd, struct sk_buff *skb),
843 void *from, int length, int transhdrlen,
844 unsigned int flags)
845{
846 struct inet_sock *inet = inet_sk(sk);
847 struct sk_buff *skb;
848
849 struct ip_options *opt = cork->opt;
850 int hh_len;
851 int exthdrlen;
852 int mtu;
853 int copy;
854 int err;
855 int offset = 0;
856 unsigned int maxfraglen, fragheaderlen, maxnonfragsize;
857 int csummode = CHECKSUM_NONE;
858 struct rtable *rt = (struct rtable *)cork->dst;
859
860 skb = skb_peek_tail(queue);
861
862 exthdrlen = !skb ? rt->dst.header_len : 0;
863 mtu = cork->fragsize;
864
865 hh_len = LL_RESERVED_SPACE(rt->dst.dev);
866
867 fragheaderlen = sizeof(struct iphdr) + (opt ? opt->optlen : 0);
868 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen;
869 maxnonfragsize = ip_sk_local_df(sk) ? 0xFFFF : mtu;
870
871 if (cork->length + length > maxnonfragsize - fragheaderlen) {
872 ip_local_error(sk, EMSGSIZE, fl4->daddr, inet->inet_dport,
873 mtu - (opt ? opt->optlen : 0));
874 return -EMSGSIZE;
875 }
876
877 /*
878 * transhdrlen > 0 means that this is the first fragment and we wish
879 * it won't be fragmented in the future.
880 */
881 if (transhdrlen &&
882 length + fragheaderlen <= mtu &&
883 rt->dst.dev->features & NETIF_F_V4_CSUM &&
884 !exthdrlen)
885 csummode = CHECKSUM_PARTIAL;
886
887 cork->length += length;
888 if (((length > mtu) || (skb && skb_is_gso(skb))) &&
889 (sk->sk_protocol == IPPROTO_UDP) &&
890 (rt->dst.dev->features & NETIF_F_UFO) && !rt->dst.header_len) {
891 err = ip_ufo_append_data(sk, queue, getfrag, from, length,
892 hh_len, fragheaderlen, transhdrlen,
893 maxfraglen, flags);
894 if (err)
895 goto error;
896 return 0;
897 }
898
899 /* So, what's going on in the loop below?
900 *
901 * We use calculated fragment length to generate chained skb,
902 * each of segments is IP fragment ready for sending to network after
903 * adding appropriate IP header.
904 */
905
906 if (!skb)
907 goto alloc_new_skb;
908
909 while (length > 0) {
910 /* Check if the remaining data fits into current packet. */
911 copy = mtu - skb->len;
912 if (copy < length)
913 copy = maxfraglen - skb->len;
914 if (copy <= 0) {
915 char *data;
916 unsigned int datalen;
917 unsigned int fraglen;
918 unsigned int fraggap;
919 unsigned int alloclen;
920 struct sk_buff *skb_prev;
921alloc_new_skb:
922 skb_prev = skb;
923 if (skb_prev)
924 fraggap = skb_prev->len - maxfraglen;
925 else
926 fraggap = 0;
927
928 /*
929 * If remaining data exceeds the mtu,
930 * we know we need more fragment(s).
931 */
932 datalen = length + fraggap;
933 if (datalen > mtu - fragheaderlen)
934 datalen = maxfraglen - fragheaderlen;
935 fraglen = datalen + fragheaderlen;
936
937 if ((flags & MSG_MORE) &&
938 !(rt->dst.dev->features&NETIF_F_SG))
939 alloclen = mtu;
940 else
941 alloclen = fraglen;
942
943 alloclen += exthdrlen;
944
945 /* The last fragment gets additional space at tail.
946 * Note, with MSG_MORE we overallocate on fragments,
947 * because we have no idea what fragment will be
948 * the last.
949 */
950 if (datalen == length + fraggap)
951 alloclen += rt->dst.trailer_len;
952
953 if (transhdrlen) {
954 skb = sock_alloc_send_skb(sk,
955 alloclen + hh_len + 15,
956 (flags & MSG_DONTWAIT), &err);
957 } else {
958 skb = NULL;
959 if (atomic_read(&sk->sk_wmem_alloc) <=
960 2 * sk->sk_sndbuf)
961 skb = sock_wmalloc(sk,
962 alloclen + hh_len + 15, 1,
963 sk->sk_allocation);
964 if (unlikely(skb == NULL))
965 err = -ENOBUFS;
966 else
967 /* only the initial fragment is
968 time stamped */
969 cork->tx_flags = 0;
970 }
971 if (skb == NULL)
972 goto error;
973
974 /*
975 * Fill in the control structures
976 */
977 skb->ip_summed = csummode;
978 skb->csum = 0;
979 skb_reserve(skb, hh_len);
980 skb_shinfo(skb)->tx_flags = cork->tx_flags;
981
982 /*
983 * Find where to start putting bytes.
984 */
985 data = skb_put(skb, fraglen + exthdrlen);
986 skb_set_network_header(skb, exthdrlen);
987 skb->transport_header = (skb->network_header +
988 fragheaderlen);
989 data += fragheaderlen + exthdrlen;
990
991 if (fraggap) {
992 skb->csum = skb_copy_and_csum_bits(
993 skb_prev, maxfraglen,
994 data + transhdrlen, fraggap, 0);
995 skb_prev->csum = csum_sub(skb_prev->csum,
996 skb->csum);
997 data += fraggap;
998 pskb_trim_unique(skb_prev, maxfraglen);
999 }
1000
1001 copy = datalen - transhdrlen - fraggap;
1002 if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) {
1003 err = -EFAULT;
1004 kfree_skb(skb);
1005 goto error;
1006 }
1007
1008 offset += copy;
1009 length -= datalen - fraggap;
1010 transhdrlen = 0;
1011 exthdrlen = 0;
1012 csummode = CHECKSUM_NONE;
1013
1014 /*
1015 * Put the packet on the pending queue.
1016 */
1017 __skb_queue_tail(queue, skb);
1018 continue;
1019 }
1020
1021 if (copy > length)
1022 copy = length;
1023
1024 if (!(rt->dst.dev->features&NETIF_F_SG)) {
1025 unsigned int off;
1026
1027 off = skb->len;
1028 if (getfrag(from, skb_put(skb, copy),
1029 offset, copy, off, skb) < 0) {
1030 __skb_trim(skb, off);
1031 err = -EFAULT;
1032 goto error;
1033 }
1034 } else {
1035 int i = skb_shinfo(skb)->nr_frags;
1036
1037 err = -ENOMEM;
1038 if (!sk_page_frag_refill(sk, pfrag))
1039 goto error;
1040
1041 if (!skb_can_coalesce(skb, i, pfrag->page,
1042 pfrag->offset)) {
1043 err = -EMSGSIZE;
1044 if (i == MAX_SKB_FRAGS)
1045 goto error;
1046
1047 __skb_fill_page_desc(skb, i, pfrag->page,
1048 pfrag->offset, 0);
1049 skb_shinfo(skb)->nr_frags = ++i;
1050 get_page(pfrag->page);
1051 }
1052 copy = min_t(int, copy, pfrag->size - pfrag->offset);
1053 if (getfrag(from,
1054 page_address(pfrag->page) + pfrag->offset,
1055 offset, copy, skb->len, skb) < 0)
1056 goto error_efault;
1057
1058 pfrag->offset += copy;
1059 skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
1060 skb->len += copy;
1061 skb->data_len += copy;
1062 skb->truesize += copy;
1063 atomic_add(copy, &sk->sk_wmem_alloc);
1064 }
1065 offset += copy;
1066 length -= copy;
1067 }
1068
1069 return 0;
1070
1071error_efault:
1072 err = -EFAULT;
1073error:
1074 cork->length -= length;
1075 IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTDISCARDS);
1076 return err;
1077}
1078
1079static int ip_setup_cork(struct sock *sk, struct inet_cork *cork,
1080 struct ipcm_cookie *ipc, struct rtable **rtp)
1081{
1082 struct ip_options_rcu *opt;
1083 struct rtable *rt;
1084
1085 /*
1086 * setup for corking.
1087 */
1088 opt = ipc->opt;
1089 if (opt) {
1090 if (cork->opt == NULL) {
1091 cork->opt = kmalloc(sizeof(struct ip_options) + 40,
1092 sk->sk_allocation);
1093 if (unlikely(cork->opt == NULL))
1094 return -ENOBUFS;
1095 }
1096 memcpy(cork->opt, &opt->opt, sizeof(struct ip_options) + opt->opt.optlen);
1097 cork->flags |= IPCORK_OPT;
1098 cork->addr = ipc->addr;
1099 }
1100 rt = *rtp;
1101 if (unlikely(!rt))
1102 return -EFAULT;
1103 /*
1104 * We steal reference to this route, caller should not release it
1105 */
1106 *rtp = NULL;
1107 cork->fragsize = ip_sk_use_pmtu(sk) ?
1108 dst_mtu(&rt->dst) : rt->dst.dev->mtu;
1109 cork->dst = &rt->dst;
1110 cork->length = 0;
1111 cork->ttl = ipc->ttl;
1112 cork->tos = ipc->tos;
1113 cork->priority = ipc->priority;
1114 cork->tx_flags = ipc->tx_flags;
1115
1116 return 0;
1117}
1118
1119/*
1120 * ip_append_data() and ip_append_page() can make one large IP datagram
1121 * from many pieces of data. Each pieces will be holded on the socket
1122 * until ip_push_pending_frames() is called. Each piece can be a page
1123 * or non-page data.
1124 *
1125 * Not only UDP, other transport protocols - e.g. raw sockets - can use
1126 * this interface potentially.
1127 *
1128 * LATER: length must be adjusted by pad at tail, when it is required.
1129 */
1130int ip_append_data(struct sock *sk, struct flowi4 *fl4,
1131 int getfrag(void *from, char *to, int offset, int len,
1132 int odd, struct sk_buff *skb),
1133 void *from, int length, int transhdrlen,
1134 struct ipcm_cookie *ipc, struct rtable **rtp,
1135 unsigned int flags)
1136{
1137 struct inet_sock *inet = inet_sk(sk);
1138 int err;
1139
1140 if (flags&MSG_PROBE)
1141 return 0;
1142
1143 if (skb_queue_empty(&sk->sk_write_queue)) {
1144 err = ip_setup_cork(sk, &inet->cork.base, ipc, rtp);
1145 if (err)
1146 return err;
1147 } else {
1148 transhdrlen = 0;
1149 }
1150
1151 return __ip_append_data(sk, fl4, &sk->sk_write_queue, &inet->cork.base,
1152 sk_page_frag(sk), getfrag,
1153 from, length, transhdrlen, flags);
1154}
1155
1156ssize_t ip_append_page(struct sock *sk, struct flowi4 *fl4, struct page *page,
1157 int offset, size_t size, int flags)
1158{
1159 struct inet_sock *inet = inet_sk(sk);
1160 struct sk_buff *skb;
1161 struct rtable *rt;
1162 struct ip_options *opt = NULL;
1163 struct inet_cork *cork;
1164 int hh_len;
1165 int mtu;
1166 int len;
1167 int err;
1168 unsigned int maxfraglen, fragheaderlen, fraggap, maxnonfragsize;
1169
1170 if (inet->hdrincl)
1171 return -EPERM;
1172
1173 if (flags&MSG_PROBE)
1174 return 0;
1175
1176 if (skb_queue_empty(&sk->sk_write_queue))
1177 return -EINVAL;
1178
1179 cork = &inet->cork.base;
1180 rt = (struct rtable *)cork->dst;
1181 if (cork->flags & IPCORK_OPT)
1182 opt = cork->opt;
1183
1184 if (!(rt->dst.dev->features&NETIF_F_SG))
1185 return -EOPNOTSUPP;
1186
1187 hh_len = LL_RESERVED_SPACE(rt->dst.dev);
1188 mtu = cork->fragsize;
1189
1190 fragheaderlen = sizeof(struct iphdr) + (opt ? opt->optlen : 0);
1191 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen;
1192 maxnonfragsize = ip_sk_local_df(sk) ? 0xFFFF : mtu;
1193
1194 if (cork->length + size > maxnonfragsize - fragheaderlen) {
1195 ip_local_error(sk, EMSGSIZE, fl4->daddr, inet->inet_dport,
1196 mtu - (opt ? opt->optlen : 0));
1197 return -EMSGSIZE;
1198 }
1199
1200 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL)
1201 return -EINVAL;
1202
1203 cork->length += size;
1204 if ((size + skb->len > mtu) &&
1205 (sk->sk_protocol == IPPROTO_UDP) &&
1206 (rt->dst.dev->features & NETIF_F_UFO)) {
1207 skb_shinfo(skb)->gso_size = mtu - fragheaderlen;
1208 skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
1209 }
1210
1211
1212 while (size > 0) {
1213 int i;
1214
1215 if (skb_is_gso(skb))
1216 len = size;
1217 else {
1218
1219 /* Check if the remaining data fits into current packet. */
1220 len = mtu - skb->len;
1221 if (len < size)
1222 len = maxfraglen - skb->len;
1223 }
1224 if (len <= 0) {
1225 struct sk_buff *skb_prev;
1226 int alloclen;
1227
1228 skb_prev = skb;
1229 fraggap = skb_prev->len - maxfraglen;
1230
1231 alloclen = fragheaderlen + hh_len + fraggap + 15;
1232 skb = sock_wmalloc(sk, alloclen, 1, sk->sk_allocation);
1233 if (unlikely(!skb)) {
1234 err = -ENOBUFS;
1235 goto error;
1236 }
1237
1238 /*
1239 * Fill in the control structures
1240 */
1241 skb->ip_summed = CHECKSUM_NONE;
1242 skb->csum = 0;
1243 skb_reserve(skb, hh_len);
1244
1245 /*
1246 * Find where to start putting bytes.
1247 */
1248 skb_put(skb, fragheaderlen + fraggap);
1249 skb_reset_network_header(skb);
1250 skb->transport_header = (skb->network_header +
1251 fragheaderlen);
1252 if (fraggap) {
1253 skb->csum = skb_copy_and_csum_bits(skb_prev,
1254 maxfraglen,
1255 skb_transport_header(skb),
1256 fraggap, 0);
1257 skb_prev->csum = csum_sub(skb_prev->csum,
1258 skb->csum);
1259 pskb_trim_unique(skb_prev, maxfraglen);
1260 }
1261
1262 /*
1263 * Put the packet on the pending queue.
1264 */
1265 __skb_queue_tail(&sk->sk_write_queue, skb);
1266 continue;
1267 }
1268
1269 i = skb_shinfo(skb)->nr_frags;
1270 if (len > size)
1271 len = size;
1272 if (skb_can_coalesce(skb, i, page, offset)) {
1273 skb_frag_size_add(&skb_shinfo(skb)->frags[i-1], len);
1274 } else if (i < MAX_SKB_FRAGS) {
1275 get_page(page);
1276 skb_fill_page_desc(skb, i, page, offset, len);
1277 } else {
1278 err = -EMSGSIZE;
1279 goto error;
1280 }
1281
1282 if (skb->ip_summed == CHECKSUM_NONE) {
1283 __wsum csum;
1284 csum = csum_page(page, offset, len);
1285 skb->csum = csum_block_add(skb->csum, csum, skb->len);
1286 }
1287
1288 skb->len += len;
1289 skb->data_len += len;
1290 skb->truesize += len;
1291 atomic_add(len, &sk->sk_wmem_alloc);
1292 offset += len;
1293 size -= len;
1294 }
1295 return 0;
1296
1297error:
1298 cork->length -= size;
1299 IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTDISCARDS);
1300 return err;
1301}
1302
1303static void ip_cork_release(struct inet_cork *cork)
1304{
1305 cork->flags &= ~IPCORK_OPT;
1306 kfree(cork->opt);
1307 cork->opt = NULL;
1308 dst_release(cork->dst);
1309 cork->dst = NULL;
1310}
1311
1312/*
1313 * Combined all pending IP fragments on the socket as one IP datagram
1314 * and push them out.
1315 */
1316struct sk_buff *__ip_make_skb(struct sock *sk,
1317 struct flowi4 *fl4,
1318 struct sk_buff_head *queue,
1319 struct inet_cork *cork)
1320{
1321 struct sk_buff *skb, *tmp_skb;
1322 struct sk_buff **tail_skb;
1323 struct inet_sock *inet = inet_sk(sk);
1324 struct net *net = sock_net(sk);
1325 struct ip_options *opt = NULL;
1326 struct rtable *rt = (struct rtable *)cork->dst;
1327 struct iphdr *iph;
1328 __be16 df = 0;
1329 __u8 ttl;
1330
1331 if ((skb = __skb_dequeue(queue)) == NULL)
1332 goto out;
1333 tail_skb = &(skb_shinfo(skb)->frag_list);
1334
1335 /* move skb->data to ip header from ext header */
1336 if (skb->data < skb_network_header(skb))
1337 __skb_pull(skb, skb_network_offset(skb));
1338 while ((tmp_skb = __skb_dequeue(queue)) != NULL) {
1339 __skb_pull(tmp_skb, skb_network_header_len(skb));
1340 *tail_skb = tmp_skb;
1341 tail_skb = &(tmp_skb->next);
1342 skb->len += tmp_skb->len;
1343 skb->data_len += tmp_skb->len;
1344 skb->truesize += tmp_skb->truesize;
1345 tmp_skb->destructor = NULL;
1346 tmp_skb->sk = NULL;
1347 }
1348
1349 /* Unless user demanded real pmtu discovery (IP_PMTUDISC_DO), we allow
1350 * to fragment the frame generated here. No matter, what transforms
1351 * how transforms change size of the packet, it will come out.
1352 */
1353 skb->local_df = ip_sk_local_df(sk);
1354
1355 /* DF bit is set when we want to see DF on outgoing frames.
1356 * If local_df is set too, we still allow to fragment this frame
1357 * locally. */
1358 if (inet->pmtudisc == IP_PMTUDISC_DO ||
1359 inet->pmtudisc == IP_PMTUDISC_PROBE ||
1360 (skb->len <= dst_mtu(&rt->dst) &&
1361 ip_dont_fragment(sk, &rt->dst)))
1362 df = htons(IP_DF);
1363
1364 if (cork->flags & IPCORK_OPT)
1365 opt = cork->opt;
1366
1367 if (cork->ttl != 0)
1368 ttl = cork->ttl;
1369 else if (rt->rt_type == RTN_MULTICAST)
1370 ttl = inet->mc_ttl;
1371 else
1372 ttl = ip_select_ttl(inet, &rt->dst);
1373
1374 iph = ip_hdr(skb);
1375 iph->version = 4;
1376 iph->ihl = 5;
1377 iph->tos = (cork->tos != -1) ? cork->tos : inet->tos;
1378 iph->frag_off = df;
1379 iph->ttl = ttl;
1380 iph->protocol = sk->sk_protocol;
1381 ip_copy_addrs(iph, fl4);
1382 ip_select_ident(skb, &rt->dst, sk);
1383
1384 if (opt) {
1385 iph->ihl += opt->optlen>>2;
1386 ip_options_build(skb, opt, cork->addr, rt, 0);
1387 }
1388
1389 skb->priority = (cork->tos != -1) ? cork->priority: sk->sk_priority;
1390 skb->mark = sk->sk_mark;
1391 /*
1392 * Steal rt from cork.dst to avoid a pair of atomic_inc/atomic_dec
1393 * on dst refcount
1394 */
1395 cork->dst = NULL;
1396 skb_dst_set(skb, &rt->dst);
1397
1398 if (iph->protocol == IPPROTO_ICMP)
1399 icmp_out_count(net, ((struct icmphdr *)
1400 skb_transport_header(skb))->type);
1401
1402 ip_cork_release(cork);
1403out:
1404 return skb;
1405}
1406
1407int ip_send_skb(struct net *net, struct sk_buff *skb)
1408{
1409 int err;
1410
1411 err = ip_local_out(skb);
1412 if (err) {
1413 if (err > 0)
1414 err = net_xmit_errno(err);
1415 if (err)
1416 IP_INC_STATS(net, IPSTATS_MIB_OUTDISCARDS);
1417 }
1418
1419 return err;
1420}
1421
1422int ip_push_pending_frames(struct sock *sk, struct flowi4 *fl4)
1423{
1424 struct sk_buff *skb;
1425
1426 skb = ip_finish_skb(sk, fl4);
1427 if (!skb)
1428 return 0;
1429
1430 /* Netfilter gets whole the not fragmented skb. */
1431 return ip_send_skb(sock_net(sk), skb);
1432}
1433
1434/*
1435 * Throw away all pending data on the socket.
1436 */
1437static void __ip_flush_pending_frames(struct sock *sk,
1438 struct sk_buff_head *queue,
1439 struct inet_cork *cork)
1440{
1441 struct sk_buff *skb;
1442
1443 while ((skb = __skb_dequeue_tail(queue)) != NULL)
1444 kfree_skb(skb);
1445
1446 ip_cork_release(cork);
1447}
1448
1449void ip_flush_pending_frames(struct sock *sk)
1450{
1451 __ip_flush_pending_frames(sk, &sk->sk_write_queue, &inet_sk(sk)->cork.base);
1452}
1453
1454struct sk_buff *ip_make_skb(struct sock *sk,
1455 struct flowi4 *fl4,
1456 int getfrag(void *from, char *to, int offset,
1457 int len, int odd, struct sk_buff *skb),
1458 void *from, int length, int transhdrlen,
1459 struct ipcm_cookie *ipc, struct rtable **rtp,
1460 unsigned int flags)
1461{
1462 struct inet_cork cork;
1463 struct sk_buff_head queue;
1464 int err;
1465
1466 if (flags & MSG_PROBE)
1467 return NULL;
1468
1469 __skb_queue_head_init(&queue);
1470
1471 cork.flags = 0;
1472 cork.addr = 0;
1473 cork.opt = NULL;
1474 err = ip_setup_cork(sk, &cork, ipc, rtp);
1475 if (err)
1476 return ERR_PTR(err);
1477
1478 err = __ip_append_data(sk, fl4, &queue, &cork,
1479 ¤t->task_frag, getfrag,
1480 from, length, transhdrlen, flags);
1481 if (err) {
1482 __ip_flush_pending_frames(sk, &queue, &cork);
1483 return ERR_PTR(err);
1484 }
1485
1486 return __ip_make_skb(sk, fl4, &queue, &cork);
1487}
1488
1489/*
1490 * Fetch data from kernel space and fill in checksum if needed.
1491 */
1492static int ip_reply_glue_bits(void *dptr, char *to, int offset,
1493 int len, int odd, struct sk_buff *skb)
1494{
1495 __wsum csum;
1496
1497 csum = csum_partial_copy_nocheck(dptr+offset, to, len, 0);
1498 skb->csum = csum_block_add(skb->csum, csum, odd);
1499 return 0;
1500}
1501
1502/*
1503 * Generic function to send a packet as reply to another packet.
1504 * Used to send some TCP resets/acks so far.
1505 *
1506 * Use a fake percpu inet socket to avoid false sharing and contention.
1507 */
1508static DEFINE_PER_CPU(struct inet_sock, unicast_sock) = {
1509 .sk = {
1510 .__sk_common = {
1511 .skc_refcnt = ATOMIC_INIT(1),
1512 },
1513 .sk_wmem_alloc = ATOMIC_INIT(1),
1514 .sk_allocation = GFP_ATOMIC,
1515 .sk_flags = (1UL << SOCK_USE_WRITE_QUEUE),
1516 },
1517 .pmtudisc = IP_PMTUDISC_WANT,
1518 .uc_ttl = -1,
1519};
1520
1521void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
1522 __be32 saddr, const struct ip_reply_arg *arg,
1523 unsigned int len)
1524{
1525 struct ip_options_data replyopts;
1526 struct ipcm_cookie ipc;
1527 struct flowi4 fl4;
1528 struct rtable *rt = skb_rtable(skb);
1529 struct sk_buff *nskb;
1530 struct sock *sk;
1531 struct inet_sock *inet;
1532
1533 if (ip_options_echo(&replyopts.opt.opt, skb))
1534 return;
1535
1536 ipc.addr = daddr;
1537 ipc.opt = NULL;
1538 ipc.tx_flags = 0;
1539 ipc.ttl = 0;
1540 ipc.tos = -1;
1541
1542 if (replyopts.opt.opt.optlen) {
1543 ipc.opt = &replyopts.opt;
1544
1545 if (replyopts.opt.opt.srr)
1546 daddr = replyopts.opt.opt.faddr;
1547 }
1548
1549 flowi4_init_output(&fl4, arg->bound_dev_if, 0,
1550 RT_TOS(arg->tos),
1551 RT_SCOPE_UNIVERSE, ip_hdr(skb)->protocol,
1552 ip_reply_arg_flowi_flags(arg),
1553 daddr, saddr,
1554 tcp_hdr(skb)->source, tcp_hdr(skb)->dest);
1555 security_skb_classify_flow(skb, flowi4_to_flowi(&fl4));
1556 rt = ip_route_output_key(net, &fl4);
1557 if (IS_ERR(rt))
1558 return;
1559
1560 inet = &get_cpu_var(unicast_sock);
1561
1562 inet->tos = arg->tos;
1563 sk = &inet->sk;
1564 sk->sk_priority = skb->priority;
1565 sk->sk_protocol = ip_hdr(skb)->protocol;
1566 sk->sk_bound_dev_if = arg->bound_dev_if;
1567 sock_net_set(sk, net);
1568 __skb_queue_head_init(&sk->sk_write_queue);
1569 sk->sk_sndbuf = sysctl_wmem_default;
1570 ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base, len, 0,
1571 &ipc, &rt, MSG_DONTWAIT);
1572 nskb = skb_peek(&sk->sk_write_queue);
1573 if (nskb) {
1574 if (arg->csumoffset >= 0)
1575 *((__sum16 *)skb_transport_header(nskb) +
1576 arg->csumoffset) = csum_fold(csum_add(nskb->csum,
1577 arg->csum));
1578 nskb->ip_summed = CHECKSUM_NONE;
1579 skb_orphan(nskb);
1580 skb_set_queue_mapping(nskb, skb_get_queue_mapping(skb));
1581 ip_push_pending_frames(sk, &fl4);
1582 }
1583
1584 put_cpu_var(unicast_sock);
1585
1586 ip_rt_put(rt);
1587}
1588
1589void __init ip_init(void)
1590{
1591 ip_rt_init();
1592 inet_initpeers();
1593
1594#if defined(CONFIG_IP_MULTICAST)
1595 igmp_mc_init();
1596#endif
1597}
1/*
2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
5 *
6 * The Internet Protocol (IP) output module.
7 *
8 * Authors: Ross Biro
9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
10 * Donald Becker, <becker@super.org>
11 * Alan Cox, <Alan.Cox@linux.org>
12 * Richard Underwood
13 * Stefan Becker, <stefanb@yello.ping.de>
14 * Jorge Cwik, <jorge@laser.satlink.net>
15 * Arnt Gulbrandsen, <agulbra@nvg.unit.no>
16 * Hirokazu Takahashi, <taka@valinux.co.jp>
17 *
18 * See ip_input.c for original log
19 *
20 * Fixes:
21 * Alan Cox : Missing nonblock feature in ip_build_xmit.
22 * Mike Kilburn : htons() missing in ip_build_xmit.
23 * Bradford Johnson: Fix faulty handling of some frames when
24 * no route is found.
25 * Alexander Demenshin: Missing sk/skb free in ip_queue_xmit
26 * (in case if packet not accepted by
27 * output firewall rules)
28 * Mike McLagan : Routing by source
29 * Alexey Kuznetsov: use new route cache
30 * Andi Kleen: Fix broken PMTU recovery and remove
31 * some redundant tests.
32 * Vitaly E. Lavrov : Transparent proxy revived after year coma.
33 * Andi Kleen : Replace ip_reply with ip_send_reply.
34 * Andi Kleen : Split fast and slow ip_build_xmit path
35 * for decreased register pressure on x86
36 * and more readibility.
37 * Marc Boucher : When call_out_firewall returns FW_QUEUE,
38 * silently drop skb instead of failing with -EPERM.
39 * Detlev Wengorz : Copy protocol for fragments.
40 * Hirokazu Takahashi: HW checksumming for outgoing UDP
41 * datagrams.
42 * Hirokazu Takahashi: sendfile() on UDP works now.
43 */
44
45#include <asm/uaccess.h>
46#include <linux/module.h>
47#include <linux/types.h>
48#include <linux/kernel.h>
49#include <linux/mm.h>
50#include <linux/string.h>
51#include <linux/errno.h>
52#include <linux/highmem.h>
53#include <linux/slab.h>
54
55#include <linux/socket.h>
56#include <linux/sockios.h>
57#include <linux/in.h>
58#include <linux/inet.h>
59#include <linux/netdevice.h>
60#include <linux/etherdevice.h>
61#include <linux/proc_fs.h>
62#include <linux/stat.h>
63#include <linux/init.h>
64
65#include <net/snmp.h>
66#include <net/ip.h>
67#include <net/protocol.h>
68#include <net/route.h>
69#include <net/xfrm.h>
70#include <linux/skbuff.h>
71#include <net/sock.h>
72#include <net/arp.h>
73#include <net/icmp.h>
74#include <net/checksum.h>
75#include <net/inetpeer.h>
76#include <linux/igmp.h>
77#include <linux/netfilter_ipv4.h>
78#include <linux/netfilter_bridge.h>
79#include <linux/mroute.h>
80#include <linux/netlink.h>
81#include <linux/tcp.h>
82
83int sysctl_ip_default_ttl __read_mostly = IPDEFTTL;
84EXPORT_SYMBOL(sysctl_ip_default_ttl);
85
86/* Generate a checksum for an outgoing IP datagram. */
87__inline__ void ip_send_check(struct iphdr *iph)
88{
89 iph->check = 0;
90 iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl);
91}
92EXPORT_SYMBOL(ip_send_check);
93
94int __ip_local_out(struct sk_buff *skb)
95{
96 struct iphdr *iph = ip_hdr(skb);
97
98 iph->tot_len = htons(skb->len);
99 ip_send_check(iph);
100 return nf_hook(NFPROTO_IPV4, NF_INET_LOCAL_OUT, skb, NULL,
101 skb_dst(skb)->dev, dst_output);
102}
103
104int ip_local_out(struct sk_buff *skb)
105{
106 int err;
107
108 err = __ip_local_out(skb);
109 if (likely(err == 1))
110 err = dst_output(skb);
111
112 return err;
113}
114EXPORT_SYMBOL_GPL(ip_local_out);
115
116/* dev_loopback_xmit for use with netfilter. */
117static int ip_dev_loopback_xmit(struct sk_buff *newskb)
118{
119 skb_reset_mac_header(newskb);
120 __skb_pull(newskb, skb_network_offset(newskb));
121 newskb->pkt_type = PACKET_LOOPBACK;
122 newskb->ip_summed = CHECKSUM_UNNECESSARY;
123 WARN_ON(!skb_dst(newskb));
124 skb_dst_force(newskb);
125 netif_rx_ni(newskb);
126 return 0;
127}
128
129static inline int ip_select_ttl(struct inet_sock *inet, struct dst_entry *dst)
130{
131 int ttl = inet->uc_ttl;
132
133 if (ttl < 0)
134 ttl = ip4_dst_hoplimit(dst);
135 return ttl;
136}
137
138/*
139 * Add an ip header to a skbuff and send it out.
140 *
141 */
142int ip_build_and_send_pkt(struct sk_buff *skb, struct sock *sk,
143 __be32 saddr, __be32 daddr, struct ip_options_rcu *opt)
144{
145 struct inet_sock *inet = inet_sk(sk);
146 struct rtable *rt = skb_rtable(skb);
147 struct iphdr *iph;
148
149 /* Build the IP header. */
150 skb_push(skb, sizeof(struct iphdr) + (opt ? opt->opt.optlen : 0));
151 skb_reset_network_header(skb);
152 iph = ip_hdr(skb);
153 iph->version = 4;
154 iph->ihl = 5;
155 iph->tos = inet->tos;
156 if (ip_dont_fragment(sk, &rt->dst))
157 iph->frag_off = htons(IP_DF);
158 else
159 iph->frag_off = 0;
160 iph->ttl = ip_select_ttl(inet, &rt->dst);
161 iph->daddr = (opt && opt->opt.srr ? opt->opt.faddr : daddr);
162 iph->saddr = saddr;
163 iph->protocol = sk->sk_protocol;
164 ip_select_ident(iph, &rt->dst, sk);
165
166 if (opt && opt->opt.optlen) {
167 iph->ihl += opt->opt.optlen>>2;
168 ip_options_build(skb, &opt->opt, daddr, rt, 0);
169 }
170
171 skb->priority = sk->sk_priority;
172 skb->mark = sk->sk_mark;
173
174 /* Send it out. */
175 return ip_local_out(skb);
176}
177EXPORT_SYMBOL_GPL(ip_build_and_send_pkt);
178
179static inline int ip_finish_output2(struct sk_buff *skb)
180{
181 struct dst_entry *dst = skb_dst(skb);
182 struct rtable *rt = (struct rtable *)dst;
183 struct net_device *dev = dst->dev;
184 unsigned int hh_len = LL_RESERVED_SPACE(dev);
185 struct neighbour *neigh;
186
187 if (rt->rt_type == RTN_MULTICAST) {
188 IP_UPD_PO_STATS(dev_net(dev), IPSTATS_MIB_OUTMCAST, skb->len);
189 } else if (rt->rt_type == RTN_BROADCAST)
190 IP_UPD_PO_STATS(dev_net(dev), IPSTATS_MIB_OUTBCAST, skb->len);
191
192 /* Be paranoid, rather than too clever. */
193 if (unlikely(skb_headroom(skb) < hh_len && dev->header_ops)) {
194 struct sk_buff *skb2;
195
196 skb2 = skb_realloc_headroom(skb, LL_RESERVED_SPACE(dev));
197 if (skb2 == NULL) {
198 kfree_skb(skb);
199 return -ENOMEM;
200 }
201 if (skb->sk)
202 skb_set_owner_w(skb2, skb->sk);
203 kfree_skb(skb);
204 skb = skb2;
205 }
206
207 rcu_read_lock();
208 neigh = dst_get_neighbour_noref(dst);
209 if (neigh) {
210 int res = neigh_output(neigh, skb);
211
212 rcu_read_unlock();
213 return res;
214 }
215 rcu_read_unlock();
216
217 net_dbg_ratelimited("%s: No header cache and no neighbour!\n",
218 __func__);
219 kfree_skb(skb);
220 return -EINVAL;
221}
222
223static inline int ip_skb_dst_mtu(struct sk_buff *skb)
224{
225 struct inet_sock *inet = skb->sk ? inet_sk(skb->sk) : NULL;
226
227 return (inet && inet->pmtudisc == IP_PMTUDISC_PROBE) ?
228 skb_dst(skb)->dev->mtu : dst_mtu(skb_dst(skb));
229}
230
231static int ip_finish_output(struct sk_buff *skb)
232{
233#if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM)
234 /* Policy lookup after SNAT yielded a new policy */
235 if (skb_dst(skb)->xfrm != NULL) {
236 IPCB(skb)->flags |= IPSKB_REROUTED;
237 return dst_output(skb);
238 }
239#endif
240 if (skb->len > ip_skb_dst_mtu(skb) && !skb_is_gso(skb))
241 return ip_fragment(skb, ip_finish_output2);
242 else
243 return ip_finish_output2(skb);
244}
245
246int ip_mc_output(struct sk_buff *skb)
247{
248 struct sock *sk = skb->sk;
249 struct rtable *rt = skb_rtable(skb);
250 struct net_device *dev = rt->dst.dev;
251
252 /*
253 * If the indicated interface is up and running, send the packet.
254 */
255 IP_UPD_PO_STATS(dev_net(dev), IPSTATS_MIB_OUT, skb->len);
256
257 skb->dev = dev;
258 skb->protocol = htons(ETH_P_IP);
259
260 /*
261 * Multicasts are looped back for other local users
262 */
263
264 if (rt->rt_flags&RTCF_MULTICAST) {
265 if (sk_mc_loop(sk)
266#ifdef CONFIG_IP_MROUTE
267 /* Small optimization: do not loopback not local frames,
268 which returned after forwarding; they will be dropped
269 by ip_mr_input in any case.
270 Note, that local frames are looped back to be delivered
271 to local recipients.
272
273 This check is duplicated in ip_mr_input at the moment.
274 */
275 &&
276 ((rt->rt_flags & RTCF_LOCAL) ||
277 !(IPCB(skb)->flags & IPSKB_FORWARDED))
278#endif
279 ) {
280 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
281 if (newskb)
282 NF_HOOK(NFPROTO_IPV4, NF_INET_POST_ROUTING,
283 newskb, NULL, newskb->dev,
284 ip_dev_loopback_xmit);
285 }
286
287 /* Multicasts with ttl 0 must not go beyond the host */
288
289 if (ip_hdr(skb)->ttl == 0) {
290 kfree_skb(skb);
291 return 0;
292 }
293 }
294
295 if (rt->rt_flags&RTCF_BROADCAST) {
296 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
297 if (newskb)
298 NF_HOOK(NFPROTO_IPV4, NF_INET_POST_ROUTING, newskb,
299 NULL, newskb->dev, ip_dev_loopback_xmit);
300 }
301
302 return NF_HOOK_COND(NFPROTO_IPV4, NF_INET_POST_ROUTING, skb, NULL,
303 skb->dev, ip_finish_output,
304 !(IPCB(skb)->flags & IPSKB_REROUTED));
305}
306
307int ip_output(struct sk_buff *skb)
308{
309 struct net_device *dev = skb_dst(skb)->dev;
310
311 IP_UPD_PO_STATS(dev_net(dev), IPSTATS_MIB_OUT, skb->len);
312
313 skb->dev = dev;
314 skb->protocol = htons(ETH_P_IP);
315
316 return NF_HOOK_COND(NFPROTO_IPV4, NF_INET_POST_ROUTING, skb, NULL, dev,
317 ip_finish_output,
318 !(IPCB(skb)->flags & IPSKB_REROUTED));
319}
320
321/*
322 * copy saddr and daddr, possibly using 64bit load/stores
323 * Equivalent to :
324 * iph->saddr = fl4->saddr;
325 * iph->daddr = fl4->daddr;
326 */
327static void ip_copy_addrs(struct iphdr *iph, const struct flowi4 *fl4)
328{
329 BUILD_BUG_ON(offsetof(typeof(*fl4), daddr) !=
330 offsetof(typeof(*fl4), saddr) + sizeof(fl4->saddr));
331 memcpy(&iph->saddr, &fl4->saddr,
332 sizeof(fl4->saddr) + sizeof(fl4->daddr));
333}
334
335int ip_queue_xmit(struct sk_buff *skb, struct flowi *fl)
336{
337 struct sock *sk = skb->sk;
338 struct inet_sock *inet = inet_sk(sk);
339 struct ip_options_rcu *inet_opt;
340 struct flowi4 *fl4;
341 struct rtable *rt;
342 struct iphdr *iph;
343 int res;
344
345 /* Skip all of this if the packet is already routed,
346 * f.e. by something like SCTP.
347 */
348 rcu_read_lock();
349 inet_opt = rcu_dereference(inet->inet_opt);
350 fl4 = &fl->u.ip4;
351 rt = skb_rtable(skb);
352 if (rt != NULL)
353 goto packet_routed;
354
355 /* Make sure we can route this packet. */
356 rt = (struct rtable *)__sk_dst_check(sk, 0);
357 if (rt == NULL) {
358 __be32 daddr;
359
360 /* Use correct destination address if we have options. */
361 daddr = inet->inet_daddr;
362 if (inet_opt && inet_opt->opt.srr)
363 daddr = inet_opt->opt.faddr;
364
365 /* If this fails, retransmit mechanism of transport layer will
366 * keep trying until route appears or the connection times
367 * itself out.
368 */
369 rt = ip_route_output_ports(sock_net(sk), fl4, sk,
370 daddr, inet->inet_saddr,
371 inet->inet_dport,
372 inet->inet_sport,
373 sk->sk_protocol,
374 RT_CONN_FLAGS(sk),
375 sk->sk_bound_dev_if);
376 if (IS_ERR(rt))
377 goto no_route;
378 sk_setup_caps(sk, &rt->dst);
379 }
380 skb_dst_set_noref(skb, &rt->dst);
381
382packet_routed:
383 if (inet_opt && inet_opt->opt.is_strictroute && fl4->daddr != rt->rt_gateway)
384 goto no_route;
385
386 /* OK, we know where to send it, allocate and build IP header. */
387 skb_push(skb, sizeof(struct iphdr) + (inet_opt ? inet_opt->opt.optlen : 0));
388 skb_reset_network_header(skb);
389 iph = ip_hdr(skb);
390 *((__be16 *)iph) = htons((4 << 12) | (5 << 8) | (inet->tos & 0xff));
391 if (ip_dont_fragment(sk, &rt->dst) && !skb->local_df)
392 iph->frag_off = htons(IP_DF);
393 else
394 iph->frag_off = 0;
395 iph->ttl = ip_select_ttl(inet, &rt->dst);
396 iph->protocol = sk->sk_protocol;
397 ip_copy_addrs(iph, fl4);
398
399 /* Transport layer set skb->h.foo itself. */
400
401 if (inet_opt && inet_opt->opt.optlen) {
402 iph->ihl += inet_opt->opt.optlen >> 2;
403 ip_options_build(skb, &inet_opt->opt, inet->inet_daddr, rt, 0);
404 }
405
406 ip_select_ident_more(iph, &rt->dst, sk,
407 (skb_shinfo(skb)->gso_segs ?: 1) - 1);
408
409 skb->priority = sk->sk_priority;
410 skb->mark = sk->sk_mark;
411
412 res = ip_local_out(skb);
413 rcu_read_unlock();
414 return res;
415
416no_route:
417 rcu_read_unlock();
418 IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
419 kfree_skb(skb);
420 return -EHOSTUNREACH;
421}
422EXPORT_SYMBOL(ip_queue_xmit);
423
424
425static void ip_copy_metadata(struct sk_buff *to, struct sk_buff *from)
426{
427 to->pkt_type = from->pkt_type;
428 to->priority = from->priority;
429 to->protocol = from->protocol;
430 skb_dst_drop(to);
431 skb_dst_copy(to, from);
432 to->dev = from->dev;
433 to->mark = from->mark;
434
435 /* Copy the flags to each fragment. */
436 IPCB(to)->flags = IPCB(from)->flags;
437
438#ifdef CONFIG_NET_SCHED
439 to->tc_index = from->tc_index;
440#endif
441 nf_copy(to, from);
442#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
443 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
444 to->nf_trace = from->nf_trace;
445#endif
446#if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE)
447 to->ipvs_property = from->ipvs_property;
448#endif
449 skb_copy_secmark(to, from);
450}
451
452/*
453 * This IP datagram is too large to be sent in one piece. Break it up into
454 * smaller pieces (each of size equal to IP header plus
455 * a block of the data of the original IP data part) that will yet fit in a
456 * single device frame, and queue such a frame for sending.
457 */
458
459int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
460{
461 struct iphdr *iph;
462 int ptr;
463 struct net_device *dev;
464 struct sk_buff *skb2;
465 unsigned int mtu, hlen, left, len, ll_rs;
466 int offset;
467 __be16 not_last_frag;
468 struct rtable *rt = skb_rtable(skb);
469 int err = 0;
470
471 dev = rt->dst.dev;
472
473 /*
474 * Point into the IP datagram header.
475 */
476
477 iph = ip_hdr(skb);
478
479 if (unlikely((iph->frag_off & htons(IP_DF)) && !skb->local_df)) {
480 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGFAILS);
481 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
482 htonl(ip_skb_dst_mtu(skb)));
483 kfree_skb(skb);
484 return -EMSGSIZE;
485 }
486
487 /*
488 * Setup starting values.
489 */
490
491 hlen = iph->ihl * 4;
492 mtu = dst_mtu(&rt->dst) - hlen; /* Size of data space */
493#ifdef CONFIG_BRIDGE_NETFILTER
494 if (skb->nf_bridge)
495 mtu -= nf_bridge_mtu_reduction(skb);
496#endif
497 IPCB(skb)->flags |= IPSKB_FRAG_COMPLETE;
498
499 /* When frag_list is given, use it. First, check its validity:
500 * some transformers could create wrong frag_list or break existing
501 * one, it is not prohibited. In this case fall back to copying.
502 *
503 * LATER: this step can be merged to real generation of fragments,
504 * we can switch to copy when see the first bad fragment.
505 */
506 if (skb_has_frag_list(skb)) {
507 struct sk_buff *frag, *frag2;
508 int first_len = skb_pagelen(skb);
509
510 if (first_len - hlen > mtu ||
511 ((first_len - hlen) & 7) ||
512 ip_is_fragment(iph) ||
513 skb_cloned(skb))
514 goto slow_path;
515
516 skb_walk_frags(skb, frag) {
517 /* Correct geometry. */
518 if (frag->len > mtu ||
519 ((frag->len & 7) && frag->next) ||
520 skb_headroom(frag) < hlen)
521 goto slow_path_clean;
522
523 /* Partially cloned skb? */
524 if (skb_shared(frag))
525 goto slow_path_clean;
526
527 BUG_ON(frag->sk);
528 if (skb->sk) {
529 frag->sk = skb->sk;
530 frag->destructor = sock_wfree;
531 }
532 skb->truesize -= frag->truesize;
533 }
534
535 /* Everything is OK. Generate! */
536
537 err = 0;
538 offset = 0;
539 frag = skb_shinfo(skb)->frag_list;
540 skb_frag_list_init(skb);
541 skb->data_len = first_len - skb_headlen(skb);
542 skb->len = first_len;
543 iph->tot_len = htons(first_len);
544 iph->frag_off = htons(IP_MF);
545 ip_send_check(iph);
546
547 for (;;) {
548 /* Prepare header of the next frame,
549 * before previous one went down. */
550 if (frag) {
551 frag->ip_summed = CHECKSUM_NONE;
552 skb_reset_transport_header(frag);
553 __skb_push(frag, hlen);
554 skb_reset_network_header(frag);
555 memcpy(skb_network_header(frag), iph, hlen);
556 iph = ip_hdr(frag);
557 iph->tot_len = htons(frag->len);
558 ip_copy_metadata(frag, skb);
559 if (offset == 0)
560 ip_options_fragment(frag);
561 offset += skb->len - hlen;
562 iph->frag_off = htons(offset>>3);
563 if (frag->next != NULL)
564 iph->frag_off |= htons(IP_MF);
565 /* Ready, complete checksum */
566 ip_send_check(iph);
567 }
568
569 err = output(skb);
570
571 if (!err)
572 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGCREATES);
573 if (err || !frag)
574 break;
575
576 skb = frag;
577 frag = skb->next;
578 skb->next = NULL;
579 }
580
581 if (err == 0) {
582 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGOKS);
583 return 0;
584 }
585
586 while (frag) {
587 skb = frag->next;
588 kfree_skb(frag);
589 frag = skb;
590 }
591 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGFAILS);
592 return err;
593
594slow_path_clean:
595 skb_walk_frags(skb, frag2) {
596 if (frag2 == frag)
597 break;
598 frag2->sk = NULL;
599 frag2->destructor = NULL;
600 skb->truesize += frag2->truesize;
601 }
602 }
603
604slow_path:
605 left = skb->len - hlen; /* Space per frame */
606 ptr = hlen; /* Where to start from */
607
608 /* for bridged IP traffic encapsulated inside f.e. a vlan header,
609 * we need to make room for the encapsulating header
610 */
611 ll_rs = LL_RESERVED_SPACE_EXTRA(rt->dst.dev, nf_bridge_pad(skb));
612
613 /*
614 * Fragment the datagram.
615 */
616
617 offset = (ntohs(iph->frag_off) & IP_OFFSET) << 3;
618 not_last_frag = iph->frag_off & htons(IP_MF);
619
620 /*
621 * Keep copying data until we run out.
622 */
623
624 while (left > 0) {
625 len = left;
626 /* IF: it doesn't fit, use 'mtu' - the data space left */
627 if (len > mtu)
628 len = mtu;
629 /* IF: we are not sending up to and including the packet end
630 then align the next start on an eight byte boundary */
631 if (len < left) {
632 len &= ~7;
633 }
634 /*
635 * Allocate buffer.
636 */
637
638 if ((skb2 = alloc_skb(len+hlen+ll_rs, GFP_ATOMIC)) == NULL) {
639 NETDEBUG(KERN_INFO "IP: frag: no memory for new fragment!\n");
640 err = -ENOMEM;
641 goto fail;
642 }
643
644 /*
645 * Set up data on packet
646 */
647
648 ip_copy_metadata(skb2, skb);
649 skb_reserve(skb2, ll_rs);
650 skb_put(skb2, len + hlen);
651 skb_reset_network_header(skb2);
652 skb2->transport_header = skb2->network_header + hlen;
653
654 /*
655 * Charge the memory for the fragment to any owner
656 * it might possess
657 */
658
659 if (skb->sk)
660 skb_set_owner_w(skb2, skb->sk);
661
662 /*
663 * Copy the packet header into the new buffer.
664 */
665
666 skb_copy_from_linear_data(skb, skb_network_header(skb2), hlen);
667
668 /*
669 * Copy a block of the IP datagram.
670 */
671 if (skb_copy_bits(skb, ptr, skb_transport_header(skb2), len))
672 BUG();
673 left -= len;
674
675 /*
676 * Fill in the new header fields.
677 */
678 iph = ip_hdr(skb2);
679 iph->frag_off = htons((offset >> 3));
680
681 /* ANK: dirty, but effective trick. Upgrade options only if
682 * the segment to be fragmented was THE FIRST (otherwise,
683 * options are already fixed) and make it ONCE
684 * on the initial skb, so that all the following fragments
685 * will inherit fixed options.
686 */
687 if (offset == 0)
688 ip_options_fragment(skb);
689
690 /*
691 * Added AC : If we are fragmenting a fragment that's not the
692 * last fragment then keep MF on each bit
693 */
694 if (left > 0 || not_last_frag)
695 iph->frag_off |= htons(IP_MF);
696 ptr += len;
697 offset += len;
698
699 /*
700 * Put this fragment into the sending queue.
701 */
702 iph->tot_len = htons(len + hlen);
703
704 ip_send_check(iph);
705
706 err = output(skb2);
707 if (err)
708 goto fail;
709
710 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGCREATES);
711 }
712 kfree_skb(skb);
713 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGOKS);
714 return err;
715
716fail:
717 kfree_skb(skb);
718 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGFAILS);
719 return err;
720}
721EXPORT_SYMBOL(ip_fragment);
722
723int
724ip_generic_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
725{
726 struct iovec *iov = from;
727
728 if (skb->ip_summed == CHECKSUM_PARTIAL) {
729 if (memcpy_fromiovecend(to, iov, offset, len) < 0)
730 return -EFAULT;
731 } else {
732 __wsum csum = 0;
733 if (csum_partial_copy_fromiovecend(to, iov, offset, len, &csum) < 0)
734 return -EFAULT;
735 skb->csum = csum_block_add(skb->csum, csum, odd);
736 }
737 return 0;
738}
739EXPORT_SYMBOL(ip_generic_getfrag);
740
741static inline __wsum
742csum_page(struct page *page, int offset, int copy)
743{
744 char *kaddr;
745 __wsum csum;
746 kaddr = kmap(page);
747 csum = csum_partial(kaddr + offset, copy, 0);
748 kunmap(page);
749 return csum;
750}
751
752static inline int ip_ufo_append_data(struct sock *sk,
753 struct sk_buff_head *queue,
754 int getfrag(void *from, char *to, int offset, int len,
755 int odd, struct sk_buff *skb),
756 void *from, int length, int hh_len, int fragheaderlen,
757 int transhdrlen, int maxfraglen, unsigned int flags)
758{
759 struct sk_buff *skb;
760 int err;
761
762 /* There is support for UDP fragmentation offload by network
763 * device, so create one single skb packet containing complete
764 * udp datagram
765 */
766 if ((skb = skb_peek_tail(queue)) == NULL) {
767 skb = sock_alloc_send_skb(sk,
768 hh_len + fragheaderlen + transhdrlen + 20,
769 (flags & MSG_DONTWAIT), &err);
770
771 if (skb == NULL)
772 return err;
773
774 /* reserve space for Hardware header */
775 skb_reserve(skb, hh_len);
776
777 /* create space for UDP/IP header */
778 skb_put(skb, fragheaderlen + transhdrlen);
779
780 /* initialize network header pointer */
781 skb_reset_network_header(skb);
782
783 /* initialize protocol header pointer */
784 skb->transport_header = skb->network_header + fragheaderlen;
785
786 skb->ip_summed = CHECKSUM_PARTIAL;
787 skb->csum = 0;
788
789 /* specify the length of each IP datagram fragment */
790 skb_shinfo(skb)->gso_size = maxfraglen - fragheaderlen;
791 skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
792 __skb_queue_tail(queue, skb);
793 }
794
795 return skb_append_datato_frags(sk, skb, getfrag, from,
796 (length - transhdrlen));
797}
798
799static int __ip_append_data(struct sock *sk,
800 struct flowi4 *fl4,
801 struct sk_buff_head *queue,
802 struct inet_cork *cork,
803 int getfrag(void *from, char *to, int offset,
804 int len, int odd, struct sk_buff *skb),
805 void *from, int length, int transhdrlen,
806 unsigned int flags)
807{
808 struct inet_sock *inet = inet_sk(sk);
809 struct sk_buff *skb;
810
811 struct ip_options *opt = cork->opt;
812 int hh_len;
813 int exthdrlen;
814 int mtu;
815 int copy;
816 int err;
817 int offset = 0;
818 unsigned int maxfraglen, fragheaderlen;
819 int csummode = CHECKSUM_NONE;
820 struct rtable *rt = (struct rtable *)cork->dst;
821
822 skb = skb_peek_tail(queue);
823
824 exthdrlen = !skb ? rt->dst.header_len : 0;
825 mtu = cork->fragsize;
826
827 hh_len = LL_RESERVED_SPACE(rt->dst.dev);
828
829 fragheaderlen = sizeof(struct iphdr) + (opt ? opt->optlen : 0);
830 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen;
831
832 if (cork->length + length > 0xFFFF - fragheaderlen) {
833 ip_local_error(sk, EMSGSIZE, fl4->daddr, inet->inet_dport,
834 mtu-exthdrlen);
835 return -EMSGSIZE;
836 }
837
838 /*
839 * transhdrlen > 0 means that this is the first fragment and we wish
840 * it won't be fragmented in the future.
841 */
842 if (transhdrlen &&
843 length + fragheaderlen <= mtu &&
844 rt->dst.dev->features & NETIF_F_V4_CSUM &&
845 !exthdrlen)
846 csummode = CHECKSUM_PARTIAL;
847
848 cork->length += length;
849 if (((length > mtu) || (skb && skb_is_gso(skb))) &&
850 (sk->sk_protocol == IPPROTO_UDP) &&
851 (rt->dst.dev->features & NETIF_F_UFO) && !rt->dst.header_len) {
852 err = ip_ufo_append_data(sk, queue, getfrag, from, length,
853 hh_len, fragheaderlen, transhdrlen,
854 maxfraglen, flags);
855 if (err)
856 goto error;
857 return 0;
858 }
859
860 /* So, what's going on in the loop below?
861 *
862 * We use calculated fragment length to generate chained skb,
863 * each of segments is IP fragment ready for sending to network after
864 * adding appropriate IP header.
865 */
866
867 if (!skb)
868 goto alloc_new_skb;
869
870 while (length > 0) {
871 /* Check if the remaining data fits into current packet. */
872 copy = mtu - skb->len;
873 if (copy < length)
874 copy = maxfraglen - skb->len;
875 if (copy <= 0) {
876 char *data;
877 unsigned int datalen;
878 unsigned int fraglen;
879 unsigned int fraggap;
880 unsigned int alloclen;
881 struct sk_buff *skb_prev;
882alloc_new_skb:
883 skb_prev = skb;
884 if (skb_prev)
885 fraggap = skb_prev->len - maxfraglen;
886 else
887 fraggap = 0;
888
889 /*
890 * If remaining data exceeds the mtu,
891 * we know we need more fragment(s).
892 */
893 datalen = length + fraggap;
894 if (datalen > mtu - fragheaderlen)
895 datalen = maxfraglen - fragheaderlen;
896 fraglen = datalen + fragheaderlen;
897
898 if ((flags & MSG_MORE) &&
899 !(rt->dst.dev->features&NETIF_F_SG))
900 alloclen = mtu;
901 else
902 alloclen = fraglen;
903
904 alloclen += exthdrlen;
905
906 /* The last fragment gets additional space at tail.
907 * Note, with MSG_MORE we overallocate on fragments,
908 * because we have no idea what fragment will be
909 * the last.
910 */
911 if (datalen == length + fraggap)
912 alloclen += rt->dst.trailer_len;
913
914 if (transhdrlen) {
915 skb = sock_alloc_send_skb(sk,
916 alloclen + hh_len + 15,
917 (flags & MSG_DONTWAIT), &err);
918 } else {
919 skb = NULL;
920 if (atomic_read(&sk->sk_wmem_alloc) <=
921 2 * sk->sk_sndbuf)
922 skb = sock_wmalloc(sk,
923 alloclen + hh_len + 15, 1,
924 sk->sk_allocation);
925 if (unlikely(skb == NULL))
926 err = -ENOBUFS;
927 else
928 /* only the initial fragment is
929 time stamped */
930 cork->tx_flags = 0;
931 }
932 if (skb == NULL)
933 goto error;
934
935 /*
936 * Fill in the control structures
937 */
938 skb->ip_summed = csummode;
939 skb->csum = 0;
940 skb_reserve(skb, hh_len);
941 skb_shinfo(skb)->tx_flags = cork->tx_flags;
942
943 /*
944 * Find where to start putting bytes.
945 */
946 data = skb_put(skb, fraglen + exthdrlen);
947 skb_set_network_header(skb, exthdrlen);
948 skb->transport_header = (skb->network_header +
949 fragheaderlen);
950 data += fragheaderlen + exthdrlen;
951
952 if (fraggap) {
953 skb->csum = skb_copy_and_csum_bits(
954 skb_prev, maxfraglen,
955 data + transhdrlen, fraggap, 0);
956 skb_prev->csum = csum_sub(skb_prev->csum,
957 skb->csum);
958 data += fraggap;
959 pskb_trim_unique(skb_prev, maxfraglen);
960 }
961
962 copy = datalen - transhdrlen - fraggap;
963 if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) {
964 err = -EFAULT;
965 kfree_skb(skb);
966 goto error;
967 }
968
969 offset += copy;
970 length -= datalen - fraggap;
971 transhdrlen = 0;
972 exthdrlen = 0;
973 csummode = CHECKSUM_NONE;
974
975 /*
976 * Put the packet on the pending queue.
977 */
978 __skb_queue_tail(queue, skb);
979 continue;
980 }
981
982 if (copy > length)
983 copy = length;
984
985 if (!(rt->dst.dev->features&NETIF_F_SG)) {
986 unsigned int off;
987
988 off = skb->len;
989 if (getfrag(from, skb_put(skb, copy),
990 offset, copy, off, skb) < 0) {
991 __skb_trim(skb, off);
992 err = -EFAULT;
993 goto error;
994 }
995 } else {
996 int i = skb_shinfo(skb)->nr_frags;
997 skb_frag_t *frag = &skb_shinfo(skb)->frags[i-1];
998 struct page *page = cork->page;
999 int off = cork->off;
1000 unsigned int left;
1001
1002 if (page && (left = PAGE_SIZE - off) > 0) {
1003 if (copy >= left)
1004 copy = left;
1005 if (page != skb_frag_page(frag)) {
1006 if (i == MAX_SKB_FRAGS) {
1007 err = -EMSGSIZE;
1008 goto error;
1009 }
1010 skb_fill_page_desc(skb, i, page, off, 0);
1011 skb_frag_ref(skb, i);
1012 frag = &skb_shinfo(skb)->frags[i];
1013 }
1014 } else if (i < MAX_SKB_FRAGS) {
1015 if (copy > PAGE_SIZE)
1016 copy = PAGE_SIZE;
1017 page = alloc_pages(sk->sk_allocation, 0);
1018 if (page == NULL) {
1019 err = -ENOMEM;
1020 goto error;
1021 }
1022 cork->page = page;
1023 cork->off = 0;
1024
1025 skb_fill_page_desc(skb, i, page, 0, 0);
1026 frag = &skb_shinfo(skb)->frags[i];
1027 } else {
1028 err = -EMSGSIZE;
1029 goto error;
1030 }
1031 if (getfrag(from, skb_frag_address(frag)+skb_frag_size(frag),
1032 offset, copy, skb->len, skb) < 0) {
1033 err = -EFAULT;
1034 goto error;
1035 }
1036 cork->off += copy;
1037 skb_frag_size_add(frag, copy);
1038 skb->len += copy;
1039 skb->data_len += copy;
1040 skb->truesize += copy;
1041 atomic_add(copy, &sk->sk_wmem_alloc);
1042 }
1043 offset += copy;
1044 length -= copy;
1045 }
1046
1047 return 0;
1048
1049error:
1050 cork->length -= length;
1051 IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTDISCARDS);
1052 return err;
1053}
1054
1055static int ip_setup_cork(struct sock *sk, struct inet_cork *cork,
1056 struct ipcm_cookie *ipc, struct rtable **rtp)
1057{
1058 struct inet_sock *inet = inet_sk(sk);
1059 struct ip_options_rcu *opt;
1060 struct rtable *rt;
1061
1062 /*
1063 * setup for corking.
1064 */
1065 opt = ipc->opt;
1066 if (opt) {
1067 if (cork->opt == NULL) {
1068 cork->opt = kmalloc(sizeof(struct ip_options) + 40,
1069 sk->sk_allocation);
1070 if (unlikely(cork->opt == NULL))
1071 return -ENOBUFS;
1072 }
1073 memcpy(cork->opt, &opt->opt, sizeof(struct ip_options) + opt->opt.optlen);
1074 cork->flags |= IPCORK_OPT;
1075 cork->addr = ipc->addr;
1076 }
1077 rt = *rtp;
1078 if (unlikely(!rt))
1079 return -EFAULT;
1080 /*
1081 * We steal reference to this route, caller should not release it
1082 */
1083 *rtp = NULL;
1084 cork->fragsize = inet->pmtudisc == IP_PMTUDISC_PROBE ?
1085 rt->dst.dev->mtu : dst_mtu(&rt->dst);
1086 cork->dst = &rt->dst;
1087 cork->length = 0;
1088 cork->tx_flags = ipc->tx_flags;
1089 cork->page = NULL;
1090 cork->off = 0;
1091
1092 return 0;
1093}
1094
1095/*
1096 * ip_append_data() and ip_append_page() can make one large IP datagram
1097 * from many pieces of data. Each pieces will be holded on the socket
1098 * until ip_push_pending_frames() is called. Each piece can be a page
1099 * or non-page data.
1100 *
1101 * Not only UDP, other transport protocols - e.g. raw sockets - can use
1102 * this interface potentially.
1103 *
1104 * LATER: length must be adjusted by pad at tail, when it is required.
1105 */
1106int ip_append_data(struct sock *sk, struct flowi4 *fl4,
1107 int getfrag(void *from, char *to, int offset, int len,
1108 int odd, struct sk_buff *skb),
1109 void *from, int length, int transhdrlen,
1110 struct ipcm_cookie *ipc, struct rtable **rtp,
1111 unsigned int flags)
1112{
1113 struct inet_sock *inet = inet_sk(sk);
1114 int err;
1115
1116 if (flags&MSG_PROBE)
1117 return 0;
1118
1119 if (skb_queue_empty(&sk->sk_write_queue)) {
1120 err = ip_setup_cork(sk, &inet->cork.base, ipc, rtp);
1121 if (err)
1122 return err;
1123 } else {
1124 transhdrlen = 0;
1125 }
1126
1127 return __ip_append_data(sk, fl4, &sk->sk_write_queue, &inet->cork.base, getfrag,
1128 from, length, transhdrlen, flags);
1129}
1130
1131ssize_t ip_append_page(struct sock *sk, struct flowi4 *fl4, struct page *page,
1132 int offset, size_t size, int flags)
1133{
1134 struct inet_sock *inet = inet_sk(sk);
1135 struct sk_buff *skb;
1136 struct rtable *rt;
1137 struct ip_options *opt = NULL;
1138 struct inet_cork *cork;
1139 int hh_len;
1140 int mtu;
1141 int len;
1142 int err;
1143 unsigned int maxfraglen, fragheaderlen, fraggap;
1144
1145 if (inet->hdrincl)
1146 return -EPERM;
1147
1148 if (flags&MSG_PROBE)
1149 return 0;
1150
1151 if (skb_queue_empty(&sk->sk_write_queue))
1152 return -EINVAL;
1153
1154 cork = &inet->cork.base;
1155 rt = (struct rtable *)cork->dst;
1156 if (cork->flags & IPCORK_OPT)
1157 opt = cork->opt;
1158
1159 if (!(rt->dst.dev->features&NETIF_F_SG))
1160 return -EOPNOTSUPP;
1161
1162 hh_len = LL_RESERVED_SPACE(rt->dst.dev);
1163 mtu = cork->fragsize;
1164
1165 fragheaderlen = sizeof(struct iphdr) + (opt ? opt->optlen : 0);
1166 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen;
1167
1168 if (cork->length + size > 0xFFFF - fragheaderlen) {
1169 ip_local_error(sk, EMSGSIZE, fl4->daddr, inet->inet_dport, mtu);
1170 return -EMSGSIZE;
1171 }
1172
1173 if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL)
1174 return -EINVAL;
1175
1176 cork->length += size;
1177 if ((size + skb->len > mtu) &&
1178 (sk->sk_protocol == IPPROTO_UDP) &&
1179 (rt->dst.dev->features & NETIF_F_UFO)) {
1180 skb_shinfo(skb)->gso_size = mtu - fragheaderlen;
1181 skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
1182 }
1183
1184
1185 while (size > 0) {
1186 int i;
1187
1188 if (skb_is_gso(skb))
1189 len = size;
1190 else {
1191
1192 /* Check if the remaining data fits into current packet. */
1193 len = mtu - skb->len;
1194 if (len < size)
1195 len = maxfraglen - skb->len;
1196 }
1197 if (len <= 0) {
1198 struct sk_buff *skb_prev;
1199 int alloclen;
1200
1201 skb_prev = skb;
1202 fraggap = skb_prev->len - maxfraglen;
1203
1204 alloclen = fragheaderlen + hh_len + fraggap + 15;
1205 skb = sock_wmalloc(sk, alloclen, 1, sk->sk_allocation);
1206 if (unlikely(!skb)) {
1207 err = -ENOBUFS;
1208 goto error;
1209 }
1210
1211 /*
1212 * Fill in the control structures
1213 */
1214 skb->ip_summed = CHECKSUM_NONE;
1215 skb->csum = 0;
1216 skb_reserve(skb, hh_len);
1217
1218 /*
1219 * Find where to start putting bytes.
1220 */
1221 skb_put(skb, fragheaderlen + fraggap);
1222 skb_reset_network_header(skb);
1223 skb->transport_header = (skb->network_header +
1224 fragheaderlen);
1225 if (fraggap) {
1226 skb->csum = skb_copy_and_csum_bits(skb_prev,
1227 maxfraglen,
1228 skb_transport_header(skb),
1229 fraggap, 0);
1230 skb_prev->csum = csum_sub(skb_prev->csum,
1231 skb->csum);
1232 pskb_trim_unique(skb_prev, maxfraglen);
1233 }
1234
1235 /*
1236 * Put the packet on the pending queue.
1237 */
1238 __skb_queue_tail(&sk->sk_write_queue, skb);
1239 continue;
1240 }
1241
1242 i = skb_shinfo(skb)->nr_frags;
1243 if (len > size)
1244 len = size;
1245 if (skb_can_coalesce(skb, i, page, offset)) {
1246 skb_frag_size_add(&skb_shinfo(skb)->frags[i-1], len);
1247 } else if (i < MAX_SKB_FRAGS) {
1248 get_page(page);
1249 skb_fill_page_desc(skb, i, page, offset, len);
1250 } else {
1251 err = -EMSGSIZE;
1252 goto error;
1253 }
1254
1255 if (skb->ip_summed == CHECKSUM_NONE) {
1256 __wsum csum;
1257 csum = csum_page(page, offset, len);
1258 skb->csum = csum_block_add(skb->csum, csum, skb->len);
1259 }
1260
1261 skb->len += len;
1262 skb->data_len += len;
1263 skb->truesize += len;
1264 atomic_add(len, &sk->sk_wmem_alloc);
1265 offset += len;
1266 size -= len;
1267 }
1268 return 0;
1269
1270error:
1271 cork->length -= size;
1272 IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTDISCARDS);
1273 return err;
1274}
1275
1276static void ip_cork_release(struct inet_cork *cork)
1277{
1278 cork->flags &= ~IPCORK_OPT;
1279 kfree(cork->opt);
1280 cork->opt = NULL;
1281 dst_release(cork->dst);
1282 cork->dst = NULL;
1283}
1284
1285/*
1286 * Combined all pending IP fragments on the socket as one IP datagram
1287 * and push them out.
1288 */
1289struct sk_buff *__ip_make_skb(struct sock *sk,
1290 struct flowi4 *fl4,
1291 struct sk_buff_head *queue,
1292 struct inet_cork *cork)
1293{
1294 struct sk_buff *skb, *tmp_skb;
1295 struct sk_buff **tail_skb;
1296 struct inet_sock *inet = inet_sk(sk);
1297 struct net *net = sock_net(sk);
1298 struct ip_options *opt = NULL;
1299 struct rtable *rt = (struct rtable *)cork->dst;
1300 struct iphdr *iph;
1301 __be16 df = 0;
1302 __u8 ttl;
1303
1304 if ((skb = __skb_dequeue(queue)) == NULL)
1305 goto out;
1306 tail_skb = &(skb_shinfo(skb)->frag_list);
1307
1308 /* move skb->data to ip header from ext header */
1309 if (skb->data < skb_network_header(skb))
1310 __skb_pull(skb, skb_network_offset(skb));
1311 while ((tmp_skb = __skb_dequeue(queue)) != NULL) {
1312 __skb_pull(tmp_skb, skb_network_header_len(skb));
1313 *tail_skb = tmp_skb;
1314 tail_skb = &(tmp_skb->next);
1315 skb->len += tmp_skb->len;
1316 skb->data_len += tmp_skb->len;
1317 skb->truesize += tmp_skb->truesize;
1318 tmp_skb->destructor = NULL;
1319 tmp_skb->sk = NULL;
1320 }
1321
1322 /* Unless user demanded real pmtu discovery (IP_PMTUDISC_DO), we allow
1323 * to fragment the frame generated here. No matter, what transforms
1324 * how transforms change size of the packet, it will come out.
1325 */
1326 if (inet->pmtudisc < IP_PMTUDISC_DO)
1327 skb->local_df = 1;
1328
1329 /* DF bit is set when we want to see DF on outgoing frames.
1330 * If local_df is set too, we still allow to fragment this frame
1331 * locally. */
1332 if (inet->pmtudisc >= IP_PMTUDISC_DO ||
1333 (skb->len <= dst_mtu(&rt->dst) &&
1334 ip_dont_fragment(sk, &rt->dst)))
1335 df = htons(IP_DF);
1336
1337 if (cork->flags & IPCORK_OPT)
1338 opt = cork->opt;
1339
1340 if (rt->rt_type == RTN_MULTICAST)
1341 ttl = inet->mc_ttl;
1342 else
1343 ttl = ip_select_ttl(inet, &rt->dst);
1344
1345 iph = (struct iphdr *)skb->data;
1346 iph->version = 4;
1347 iph->ihl = 5;
1348 iph->tos = inet->tos;
1349 iph->frag_off = df;
1350 ip_select_ident(iph, &rt->dst, sk);
1351 iph->ttl = ttl;
1352 iph->protocol = sk->sk_protocol;
1353 ip_copy_addrs(iph, fl4);
1354
1355 if (opt) {
1356 iph->ihl += opt->optlen>>2;
1357 ip_options_build(skb, opt, cork->addr, rt, 0);
1358 }
1359
1360 skb->priority = sk->sk_priority;
1361 skb->mark = sk->sk_mark;
1362 /*
1363 * Steal rt from cork.dst to avoid a pair of atomic_inc/atomic_dec
1364 * on dst refcount
1365 */
1366 cork->dst = NULL;
1367 skb_dst_set(skb, &rt->dst);
1368
1369 if (iph->protocol == IPPROTO_ICMP)
1370 icmp_out_count(net, ((struct icmphdr *)
1371 skb_transport_header(skb))->type);
1372
1373 ip_cork_release(cork);
1374out:
1375 return skb;
1376}
1377
1378int ip_send_skb(struct sk_buff *skb)
1379{
1380 struct net *net = sock_net(skb->sk);
1381 int err;
1382
1383 err = ip_local_out(skb);
1384 if (err) {
1385 if (err > 0)
1386 err = net_xmit_errno(err);
1387 if (err)
1388 IP_INC_STATS(net, IPSTATS_MIB_OUTDISCARDS);
1389 }
1390
1391 return err;
1392}
1393
1394int ip_push_pending_frames(struct sock *sk, struct flowi4 *fl4)
1395{
1396 struct sk_buff *skb;
1397
1398 skb = ip_finish_skb(sk, fl4);
1399 if (!skb)
1400 return 0;
1401
1402 /* Netfilter gets whole the not fragmented skb. */
1403 return ip_send_skb(skb);
1404}
1405
1406/*
1407 * Throw away all pending data on the socket.
1408 */
1409static void __ip_flush_pending_frames(struct sock *sk,
1410 struct sk_buff_head *queue,
1411 struct inet_cork *cork)
1412{
1413 struct sk_buff *skb;
1414
1415 while ((skb = __skb_dequeue_tail(queue)) != NULL)
1416 kfree_skb(skb);
1417
1418 ip_cork_release(cork);
1419}
1420
1421void ip_flush_pending_frames(struct sock *sk)
1422{
1423 __ip_flush_pending_frames(sk, &sk->sk_write_queue, &inet_sk(sk)->cork.base);
1424}
1425
1426struct sk_buff *ip_make_skb(struct sock *sk,
1427 struct flowi4 *fl4,
1428 int getfrag(void *from, char *to, int offset,
1429 int len, int odd, struct sk_buff *skb),
1430 void *from, int length, int transhdrlen,
1431 struct ipcm_cookie *ipc, struct rtable **rtp,
1432 unsigned int flags)
1433{
1434 struct inet_cork cork;
1435 struct sk_buff_head queue;
1436 int err;
1437
1438 if (flags & MSG_PROBE)
1439 return NULL;
1440
1441 __skb_queue_head_init(&queue);
1442
1443 cork.flags = 0;
1444 cork.addr = 0;
1445 cork.opt = NULL;
1446 err = ip_setup_cork(sk, &cork, ipc, rtp);
1447 if (err)
1448 return ERR_PTR(err);
1449
1450 err = __ip_append_data(sk, fl4, &queue, &cork, getfrag,
1451 from, length, transhdrlen, flags);
1452 if (err) {
1453 __ip_flush_pending_frames(sk, &queue, &cork);
1454 return ERR_PTR(err);
1455 }
1456
1457 return __ip_make_skb(sk, fl4, &queue, &cork);
1458}
1459
1460/*
1461 * Fetch data from kernel space and fill in checksum if needed.
1462 */
1463static int ip_reply_glue_bits(void *dptr, char *to, int offset,
1464 int len, int odd, struct sk_buff *skb)
1465{
1466 __wsum csum;
1467
1468 csum = csum_partial_copy_nocheck(dptr+offset, to, len, 0);
1469 skb->csum = csum_block_add(skb->csum, csum, odd);
1470 return 0;
1471}
1472
1473/*
1474 * Generic function to send a packet as reply to another packet.
1475 * Used to send TCP resets so far. ICMP should use this function too.
1476 *
1477 * Should run single threaded per socket because it uses the sock
1478 * structure to pass arguments.
1479 */
1480void ip_send_reply(struct sock *sk, struct sk_buff *skb, __be32 daddr,
1481 const struct ip_reply_arg *arg, unsigned int len)
1482{
1483 struct inet_sock *inet = inet_sk(sk);
1484 struct ip_options_data replyopts;
1485 struct ipcm_cookie ipc;
1486 struct flowi4 fl4;
1487 struct rtable *rt = skb_rtable(skb);
1488
1489 if (ip_options_echo(&replyopts.opt.opt, skb))
1490 return;
1491
1492 ipc.addr = daddr;
1493 ipc.opt = NULL;
1494 ipc.tx_flags = 0;
1495
1496 if (replyopts.opt.opt.optlen) {
1497 ipc.opt = &replyopts.opt;
1498
1499 if (replyopts.opt.opt.srr)
1500 daddr = replyopts.opt.opt.faddr;
1501 }
1502
1503 flowi4_init_output(&fl4, arg->bound_dev_if, 0,
1504 RT_TOS(arg->tos),
1505 RT_SCOPE_UNIVERSE, sk->sk_protocol,
1506 ip_reply_arg_flowi_flags(arg),
1507 daddr, rt->rt_spec_dst,
1508 tcp_hdr(skb)->source, tcp_hdr(skb)->dest);
1509 security_skb_classify_flow(skb, flowi4_to_flowi(&fl4));
1510 rt = ip_route_output_key(sock_net(sk), &fl4);
1511 if (IS_ERR(rt))
1512 return;
1513
1514 /* And let IP do all the hard work.
1515
1516 This chunk is not reenterable, hence spinlock.
1517 Note that it uses the fact, that this function is called
1518 with locally disabled BH and that sk cannot be already spinlocked.
1519 */
1520 bh_lock_sock(sk);
1521 inet->tos = arg->tos;
1522 sk->sk_priority = skb->priority;
1523 sk->sk_protocol = ip_hdr(skb)->protocol;
1524 sk->sk_bound_dev_if = arg->bound_dev_if;
1525 ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base, len, 0,
1526 &ipc, &rt, MSG_DONTWAIT);
1527 if ((skb = skb_peek(&sk->sk_write_queue)) != NULL) {
1528 if (arg->csumoffset >= 0)
1529 *((__sum16 *)skb_transport_header(skb) +
1530 arg->csumoffset) = csum_fold(csum_add(skb->csum,
1531 arg->csum));
1532 skb->ip_summed = CHECKSUM_NONE;
1533 ip_push_pending_frames(sk, &fl4);
1534 }
1535
1536 bh_unlock_sock(sk);
1537
1538 ip_rt_put(rt);
1539}
1540
1541void __init ip_init(void)
1542{
1543 ip_rt_init();
1544 inet_initpeers();
1545
1546#if defined(CONFIG_IP_MULTICAST) && defined(CONFIG_PROC_FS)
1547 igmp_mc_proc_init();
1548#endif
1549}