2 * IPv6 output functions
3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
8 * Based on linux/net/ipv4/ip_output.c
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
16 * A.N.Kuznetsov : airthmetics in fragmentation.
17 * extension headers are implemented.
18 * route changes now work.
19 * ip6_forward does not confuse sniffers.
22 * H. von Brand : Added missing #include <linux/string.h>
23 * Imran Patel : frag id should be in NBO
24 * Kazunori MIYAZAWA @USAGI
25 * : add ip6_append_data and related functions
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/string.h>
32 #include <linux/socket.h>
33 #include <linux/net.h>
34 #include <linux/netdevice.h>
35 #include <linux/if_arp.h>
36 #include <linux/in6.h>
37 #include <linux/tcp.h>
38 #include <linux/route.h>
39 #include <linux/module.h>
40 #include <linux/slab.h>
42 #include <linux/netfilter.h>
43 #include <linux/netfilter_ipv6.h>
49 #include <net/ndisc.h>
50 #include <net/protocol.h>
51 #include <net/ip6_route.h>
52 #include <net/addrconf.h>
53 #include <net/rawv6.h>
56 #include <net/checksum.h>
57 #include <linux/mroute6.h>
58 #include <net/l3mdev.h>
59 #include <net/lwtunnel.h>
61 static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff *skb)
63 struct dst_entry *dst = skb_dst(skb);
64 struct net_device *dev = dst->dev;
65 struct neighbour *neigh;
66 struct in6_addr *nexthop;
69 skb->protocol = htons(ETH_P_IPV6);
72 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
73 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
75 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(sk) &&
76 ((mroute6_socket(net, skb) &&
77 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
78 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
79 &ipv6_hdr(skb)->saddr))) {
80 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
82 /* Do not check for IFF_ALLMULTI; multicast routing
83 is not supported in any case.
86 NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING,
87 net, sk, newskb, NULL, newskb->dev,
90 if (ipv6_hdr(skb)->hop_limit == 0) {
91 IP6_INC_STATS(net, idev,
92 IPSTATS_MIB_OUTDISCARDS);
98 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUTMCAST, skb->len);
100 if (IPV6_ADDR_MC_SCOPE(&ipv6_hdr(skb)->daddr) <=
101 IPV6_ADDR_SCOPE_NODELOCAL &&
102 !(dev->flags & IFF_LOOPBACK)) {
108 if (lwtunnel_xmit_redirect(dst->lwtstate)) {
109 int res = lwtunnel_xmit(skb);
111 if (res < 0 || res == LWTUNNEL_XMIT_DONE)
116 nexthop = rt6_nexthop((struct rt6_info *)dst, &ipv6_hdr(skb)->daddr);
117 neigh = __ipv6_neigh_lookup_noref(dst->dev, nexthop);
118 if (unlikely(!neigh))
119 neigh = __neigh_create(&nd_tbl, nexthop, dst->dev, false);
120 if (!IS_ERR(neigh)) {
121 ret = dst_neigh_output(dst, neigh, skb);
122 rcu_read_unlock_bh();
125 rcu_read_unlock_bh();
127 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
132 static int ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb)
134 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
135 dst_allfrag(skb_dst(skb)) ||
136 (IP6CB(skb)->frag_max_size && skb->len > IP6CB(skb)->frag_max_size))
137 return ip6_fragment(net, sk, skb, ip6_finish_output2);
139 return ip6_finish_output2(net, sk, skb);
142 int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb)
144 struct net_device *dev = skb_dst(skb)->dev;
145 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
147 if (unlikely(idev->cnf.disable_ipv6)) {
148 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS);
153 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING,
154 net, sk, skb, NULL, dev,
156 !(IP6CB(skb)->flags & IP6SKB_REROUTED));
160 * xmit an sk_buff (used by TCP, SCTP and DCCP)
161 * Note : socket lock is not held for SYNACK packets, but might be modified
162 * by calls to skb_set_owner_w() and ipv6_local_error(),
163 * which are using proper atomic operations or spinlocks.
165 int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
166 struct ipv6_txoptions *opt, int tclass)
168 struct net *net = sock_net(sk);
169 const struct ipv6_pinfo *np = inet6_sk(sk);
170 struct in6_addr *first_hop = &fl6->daddr;
171 struct dst_entry *dst = skb_dst(skb);
173 u8 proto = fl6->flowi6_proto;
174 int seg_len = skb->len;
179 unsigned int head_room;
181 /* First: exthdrs may take lots of space (~8K for now)
182 MAX_HEADER is not enough.
184 head_room = opt->opt_nflen + opt->opt_flen;
185 seg_len += head_room;
186 head_room += sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev);
188 if (skb_headroom(skb) < head_room) {
189 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room);
191 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
192 IPSTATS_MIB_OUTDISCARDS);
198 /* skb_set_owner_w() changes sk->sk_wmem_alloc atomically,
199 * it is safe to call in our context (socket lock not held)
201 skb_set_owner_w(skb, (struct sock *)sk);
204 ipv6_push_frag_opts(skb, opt, &proto);
206 ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop);
209 skb_push(skb, sizeof(struct ipv6hdr));
210 skb_reset_network_header(skb);
214 * Fill in the IPv6 header
217 hlimit = np->hop_limit;
219 hlimit = ip6_dst_hoplimit(dst);
221 ip6_flow_hdr(hdr, tclass, ip6_make_flowlabel(net, skb, fl6->flowlabel,
222 np->autoflowlabel, fl6));
224 hdr->payload_len = htons(seg_len);
225 hdr->nexthdr = proto;
226 hdr->hop_limit = hlimit;
228 hdr->saddr = fl6->saddr;
229 hdr->daddr = *first_hop;
231 skb->protocol = htons(ETH_P_IPV6);
232 skb->priority = sk->sk_priority;
233 skb->mark = sk->sk_mark;
236 if ((skb->len <= mtu) || skb->ignore_df || skb_is_gso(skb)) {
237 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)),
238 IPSTATS_MIB_OUT, skb->len);
239 /* hooks should never assume socket lock is held.
240 * we promote our socket to non const
242 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
243 net, (struct sock *)sk, skb, NULL, dst->dev,
248 /* ipv6_local_error() does not require socket lock,
249 * we promote our socket to non const
251 ipv6_local_error((struct sock *)sk, EMSGSIZE, fl6, mtu);
253 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS);
257 EXPORT_SYMBOL(ip6_xmit);
259 static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
261 struct ip6_ra_chain *ra;
262 struct sock *last = NULL;
264 read_lock(&ip6_ra_lock);
265 for (ra = ip6_ra_chain; ra; ra = ra->next) {
266 struct sock *sk = ra->sk;
267 if (sk && ra->sel == sel &&
268 (!sk->sk_bound_dev_if ||
269 sk->sk_bound_dev_if == skb->dev->ifindex)) {
271 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
273 rawv6_rcv(last, skb2);
280 rawv6_rcv(last, skb);
281 read_unlock(&ip6_ra_lock);
284 read_unlock(&ip6_ra_lock);
288 static int ip6_forward_proxy_check(struct sk_buff *skb)
290 struct ipv6hdr *hdr = ipv6_hdr(skb);
291 u8 nexthdr = hdr->nexthdr;
295 if (ipv6_ext_hdr(nexthdr)) {
296 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr, &frag_off);
300 offset = sizeof(struct ipv6hdr);
302 if (nexthdr == IPPROTO_ICMPV6) {
303 struct icmp6hdr *icmp6;
305 if (!pskb_may_pull(skb, (skb_network_header(skb) +
306 offset + 1 - skb->data)))
309 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset);
311 switch (icmp6->icmp6_type) {
312 case NDISC_ROUTER_SOLICITATION:
313 case NDISC_ROUTER_ADVERTISEMENT:
314 case NDISC_NEIGHBOUR_SOLICITATION:
315 case NDISC_NEIGHBOUR_ADVERTISEMENT:
317 /* For reaction involving unicast neighbor discovery
318 * message destined to the proxied address, pass it to
328 * The proxying router can't forward traffic sent to a link-local
329 * address, so signal the sender and discard the packet. This
330 * behavior is clarified by the MIPv6 specification.
332 if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) {
333 dst_link_failure(skb);
340 static inline int ip6_forward_finish(struct net *net, struct sock *sk,
343 return dst_output(net, sk, skb);
346 static unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst)
349 struct inet6_dev *idev;
351 if (dst_metric_locked(dst, RTAX_MTU)) {
352 mtu = dst_metric_raw(dst, RTAX_MTU);
359 idev = __in6_dev_get(dst->dev);
361 mtu = idev->cnf.mtu6;
367 static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu)
372 /* ipv6 conntrack defrag sets max_frag_size + ignore_df */
373 if (IP6CB(skb)->frag_max_size && IP6CB(skb)->frag_max_size > mtu)
379 if (skb_is_gso(skb) && skb_gso_validate_mtu(skb, mtu))
385 int ip6_forward(struct sk_buff *skb)
387 struct dst_entry *dst = skb_dst(skb);
388 struct ipv6hdr *hdr = ipv6_hdr(skb);
389 struct inet6_skb_parm *opt = IP6CB(skb);
390 struct net *net = dev_net(dst->dev);
393 if (net->ipv6.devconf_all->forwarding == 0)
396 if (skb->pkt_type != PACKET_HOST)
399 if (unlikely(skb->sk))
402 if (skb_warn_if_lro(skb))
405 if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
406 __IP6_INC_STATS(net, ip6_dst_idev(dst),
407 IPSTATS_MIB_INDISCARDS);
411 skb_forward_csum(skb);
414 * We DO NOT make any processing on
415 * RA packets, pushing them to user level AS IS
416 * without ane WARRANTY that application will be able
417 * to interpret them. The reason is that we
418 * cannot make anything clever here.
420 * We are not end-node, so that if packet contains
421 * AH/ESP, we cannot make anything.
422 * Defragmentation also would be mistake, RA packets
423 * cannot be fragmented, because there is no warranty
424 * that different fragments will go along one path. --ANK
426 if (unlikely(opt->flags & IP6SKB_ROUTERALERT)) {
427 if (ip6_call_ra_chain(skb, ntohs(opt->ra)))
432 * check and decrement ttl
434 if (hdr->hop_limit <= 1) {
435 /* Force OUTPUT device used as source address */
437 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0);
438 __IP6_INC_STATS(net, ip6_dst_idev(dst),
439 IPSTATS_MIB_INHDRERRORS);
445 /* XXX: idev->cnf.proxy_ndp? */
446 if (net->ipv6.devconf_all->proxy_ndp &&
447 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
448 int proxied = ip6_forward_proxy_check(skb);
450 return ip6_input(skb);
451 else if (proxied < 0) {
452 __IP6_INC_STATS(net, ip6_dst_idev(dst),
453 IPSTATS_MIB_INDISCARDS);
458 if (!xfrm6_route_forward(skb)) {
459 __IP6_INC_STATS(net, ip6_dst_idev(dst),
460 IPSTATS_MIB_INDISCARDS);
465 /* IPv6 specs say nothing about it, but it is clear that we cannot
466 send redirects to source routed frames.
467 We don't send redirects to frames decapsulated from IPsec.
469 if (skb->dev == dst->dev && opt->srcrt == 0 && !skb_sec_path(skb)) {
470 struct in6_addr *target = NULL;
471 struct inet_peer *peer;
475 * incoming and outgoing devices are the same
479 rt = (struct rt6_info *) dst;
480 if (rt->rt6i_flags & RTF_GATEWAY)
481 target = &rt->rt6i_gateway;
483 target = &hdr->daddr;
485 peer = inet_getpeer_v6(net->ipv6.peers, &hdr->daddr, 1);
487 /* Limit redirects both by destination (here)
488 and by source (inside ndisc_send_redirect)
490 if (inet_peer_xrlim_allow(peer, 1*HZ))
491 ndisc_send_redirect(skb, target);
495 int addrtype = ipv6_addr_type(&hdr->saddr);
497 /* This check is security critical. */
498 if (addrtype == IPV6_ADDR_ANY ||
499 addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
501 if (addrtype & IPV6_ADDR_LINKLOCAL) {
502 icmpv6_send(skb, ICMPV6_DEST_UNREACH,
503 ICMPV6_NOT_NEIGHBOUR, 0);
508 mtu = ip6_dst_mtu_forward(dst);
509 if (mtu < IPV6_MIN_MTU)
512 if (ip6_pkt_too_big(skb, mtu)) {
513 /* Again, force OUTPUT device used as source address */
515 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
516 __IP6_INC_STATS(net, ip6_dst_idev(dst),
517 IPSTATS_MIB_INTOOBIGERRORS);
518 __IP6_INC_STATS(net, ip6_dst_idev(dst),
519 IPSTATS_MIB_FRAGFAILS);
524 if (skb_cow(skb, dst->dev->hard_header_len)) {
525 __IP6_INC_STATS(net, ip6_dst_idev(dst),
526 IPSTATS_MIB_OUTDISCARDS);
532 /* Mangling hops number delayed to point after skb COW */
536 __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
537 __IP6_ADD_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len);
538 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD,
539 net, NULL, skb, skb->dev, dst->dev,
543 __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS);
549 static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
551 to->pkt_type = from->pkt_type;
552 to->priority = from->priority;
553 to->protocol = from->protocol;
555 skb_dst_set(to, dst_clone(skb_dst(from)));
557 to->mark = from->mark;
559 #ifdef CONFIG_NET_SCHED
560 to->tc_index = from->tc_index;
563 skb_copy_secmark(to, from);
566 int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,
567 int (*output)(struct net *, struct sock *, struct sk_buff *))
569 struct sk_buff *frag;
570 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
571 struct ipv6_pinfo *np = skb->sk && !dev_recursion_level() ?
572 inet6_sk(skb->sk) : NULL;
573 struct ipv6hdr *tmp_hdr;
575 unsigned int mtu, hlen, left, len;
578 int ptr, offset = 0, err = 0;
579 u8 *prevhdr, nexthdr = 0;
581 hlen = ip6_find_1stfragopt(skb, &prevhdr);
584 mtu = ip6_skb_dst_mtu(skb);
586 /* We must not fragment if the socket is set to force MTU discovery
587 * or if the skb it not generated by a local socket.
589 if (unlikely(!skb->ignore_df && skb->len > mtu))
592 if (IP6CB(skb)->frag_max_size) {
593 if (IP6CB(skb)->frag_max_size > mtu)
596 /* don't send fragments larger than what we received */
597 mtu = IP6CB(skb)->frag_max_size;
598 if (mtu < IPV6_MIN_MTU)
602 if (np && np->frag_size < mtu) {
606 if (mtu < hlen + sizeof(struct frag_hdr) + 8)
608 mtu -= hlen + sizeof(struct frag_hdr);
610 frag_id = ipv6_select_ident(net, &ipv6_hdr(skb)->daddr,
611 &ipv6_hdr(skb)->saddr);
613 if (skb->ip_summed == CHECKSUM_PARTIAL &&
614 (err = skb_checksum_help(skb)))
617 hroom = LL_RESERVED_SPACE(rt->dst.dev);
618 if (skb_has_frag_list(skb)) {
619 int first_len = skb_pagelen(skb);
620 struct sk_buff *frag2;
622 if (first_len - hlen > mtu ||
623 ((first_len - hlen) & 7) ||
625 skb_headroom(skb) < (hroom + sizeof(struct frag_hdr)))
628 skb_walk_frags(skb, frag) {
629 /* Correct geometry. */
630 if (frag->len > mtu ||
631 ((frag->len & 7) && frag->next) ||
632 skb_headroom(frag) < (hlen + hroom + sizeof(struct frag_hdr)))
633 goto slow_path_clean;
635 /* Partially cloned skb? */
636 if (skb_shared(frag))
637 goto slow_path_clean;
642 frag->destructor = sock_wfree;
644 skb->truesize -= frag->truesize;
651 *prevhdr = NEXTHDR_FRAGMENT;
652 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
654 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
655 IPSTATS_MIB_FRAGFAILS);
659 frag = skb_shinfo(skb)->frag_list;
660 skb_frag_list_init(skb);
662 __skb_pull(skb, hlen);
663 fh = (struct frag_hdr *)__skb_push(skb, sizeof(struct frag_hdr));
664 __skb_push(skb, hlen);
665 skb_reset_network_header(skb);
666 memcpy(skb_network_header(skb), tmp_hdr, hlen);
668 fh->nexthdr = nexthdr;
670 fh->frag_off = htons(IP6_MF);
671 fh->identification = frag_id;
673 first_len = skb_pagelen(skb);
674 skb->data_len = first_len - skb_headlen(skb);
675 skb->len = first_len;
676 ipv6_hdr(skb)->payload_len = htons(first_len -
677 sizeof(struct ipv6hdr));
682 /* Prepare header of the next frame,
683 * before previous one went down. */
685 frag->ip_summed = CHECKSUM_NONE;
686 skb_reset_transport_header(frag);
687 fh = (struct frag_hdr *)__skb_push(frag, sizeof(struct frag_hdr));
688 __skb_push(frag, hlen);
689 skb_reset_network_header(frag);
690 memcpy(skb_network_header(frag), tmp_hdr,
692 offset += skb->len - hlen - sizeof(struct frag_hdr);
693 fh->nexthdr = nexthdr;
695 fh->frag_off = htons(offset);
697 fh->frag_off |= htons(IP6_MF);
698 fh->identification = frag_id;
699 ipv6_hdr(frag)->payload_len =
701 sizeof(struct ipv6hdr));
702 ip6_copy_metadata(frag, skb);
705 err = output(net, sk, skb);
707 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
708 IPSTATS_MIB_FRAGCREATES);
721 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
722 IPSTATS_MIB_FRAGOKS);
727 kfree_skb_list(frag);
729 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
730 IPSTATS_MIB_FRAGFAILS);
735 skb_walk_frags(skb, frag2) {
739 frag2->destructor = NULL;
740 skb->truesize += frag2->truesize;
745 left = skb->len - hlen; /* Space per frame */
746 ptr = hlen; /* Where to start from */
749 * Fragment the datagram.
752 *prevhdr = NEXTHDR_FRAGMENT;
753 troom = rt->dst.dev->needed_tailroom;
756 * Keep copying data until we run out.
760 /* IF: it doesn't fit, use 'mtu' - the data space left */
763 /* IF: we are not sending up to and including the packet end
764 then align the next start on an eight byte boundary */
769 /* Allocate buffer */
770 frag = alloc_skb(len + hlen + sizeof(struct frag_hdr) +
771 hroom + troom, GFP_ATOMIC);
773 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
774 IPSTATS_MIB_FRAGFAILS);
780 * Set up data on packet
783 ip6_copy_metadata(frag, skb);
784 skb_reserve(frag, hroom);
785 skb_put(frag, len + hlen + sizeof(struct frag_hdr));
786 skb_reset_network_header(frag);
787 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen);
788 frag->transport_header = (frag->network_header + hlen +
789 sizeof(struct frag_hdr));
792 * Charge the memory for the fragment to any owner
796 skb_set_owner_w(frag, skb->sk);
799 * Copy the packet header into the new buffer.
801 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen);
804 * Build fragment header.
806 fh->nexthdr = nexthdr;
808 fh->identification = frag_id;
811 * Copy a block of the IP datagram.
813 BUG_ON(skb_copy_bits(skb, ptr, skb_transport_header(frag),
817 fh->frag_off = htons(offset);
819 fh->frag_off |= htons(IP6_MF);
820 ipv6_hdr(frag)->payload_len = htons(frag->len -
821 sizeof(struct ipv6hdr));
827 * Put this fragment into the sending queue.
829 err = output(net, sk, frag);
833 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
834 IPSTATS_MIB_FRAGCREATES);
836 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
837 IPSTATS_MIB_FRAGOKS);
842 if (skb->sk && dst_allfrag(skb_dst(skb)))
843 sk_nocaps_add(skb->sk, NETIF_F_GSO_MASK);
845 skb->dev = skb_dst(skb)->dev;
846 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
850 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
851 IPSTATS_MIB_FRAGFAILS);
856 static inline int ip6_rt_check(const struct rt6key *rt_key,
857 const struct in6_addr *fl_addr,
858 const struct in6_addr *addr_cache)
860 return (rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) &&
861 (!addr_cache || !ipv6_addr_equal(fl_addr, addr_cache));
864 static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
865 struct dst_entry *dst,
866 const struct flowi6 *fl6)
868 struct ipv6_pinfo *np = inet6_sk(sk);
874 if (dst->ops->family != AF_INET6) {
879 rt = (struct rt6_info *)dst;
880 /* Yes, checking route validity in not connected
881 * case is not very simple. Take into account,
882 * that we do not support routing by source, TOS,
883 * and MSG_DONTROUTE --ANK (980726)
885 * 1. ip6_rt_check(): If route was host route,
886 * check that cached destination is current.
887 * If it is network route, we still may
888 * check its validity using saved pointer
889 * to the last used address: daddr_cache.
890 * We do not want to save whole address now,
891 * (because main consumer of this service
892 * is tcp, which has not this problem),
893 * so that the last trick works only on connected
895 * 2. oif also should be the same.
897 if (ip6_rt_check(&rt->rt6i_dst, &fl6->daddr, np->daddr_cache) ||
898 #ifdef CONFIG_IPV6_SUBTREES
899 ip6_rt_check(&rt->rt6i_src, &fl6->saddr, np->saddr_cache) ||
901 (!(fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF) &&
902 (fl6->flowi6_oif && fl6->flowi6_oif != dst->dev->ifindex))) {
911 static int ip6_dst_lookup_tail(struct net *net, const struct sock *sk,
912 struct dst_entry **dst, struct flowi6 *fl6)
914 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
921 if (ipv6_addr_any(&fl6->saddr) && fl6->flowi6_oif &&
922 (!*dst || !(*dst)->error)) {
923 err = l3mdev_get_saddr6(net, sk, fl6);
928 /* The correct way to handle this would be to do
929 * ip6_route_get_saddr, and then ip6_route_output; however,
930 * the route-specific preferred source forces the
931 * ip6_route_output call _before_ ip6_route_get_saddr.
933 * In source specific routing (no src=any default route),
934 * ip6_route_output will fail given src=any saddr, though, so
935 * that's why we try it again later.
937 if (ipv6_addr_any(&fl6->saddr) && (!*dst || !(*dst)->error)) {
939 bool had_dst = *dst != NULL;
942 *dst = ip6_route_output(net, sk, fl6);
943 rt = (*dst)->error ? NULL : (struct rt6_info *)*dst;
944 err = ip6_route_get_saddr(net, rt, &fl6->daddr,
945 sk ? inet6_sk(sk)->srcprefs : 0,
948 goto out_err_release;
950 /* If we had an erroneous initial result, pretend it
951 * never existed and let the SA-enabled version take
954 if (!had_dst && (*dst)->error) {
960 flags |= RT6_LOOKUP_F_IFACE;
964 *dst = ip6_route_output_flags(net, sk, fl6, flags);
968 goto out_err_release;
970 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
972 * Here if the dst entry we've looked up
973 * has a neighbour entry that is in the INCOMPLETE
974 * state and the src address from the flow is
975 * marked as OPTIMISTIC, we release the found
976 * dst entry and replace it instead with the
977 * dst entry of the nexthop router
979 rt = (struct rt6_info *) *dst;
981 n = __ipv6_neigh_lookup_noref(rt->dst.dev,
982 rt6_nexthop(rt, &fl6->daddr));
983 err = n && !(n->nud_state & NUD_VALID) ? -EINVAL : 0;
984 rcu_read_unlock_bh();
987 struct inet6_ifaddr *ifp;
988 struct flowi6 fl_gw6;
991 ifp = ipv6_get_ifaddr(net, &fl6->saddr,
994 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
1000 * We need to get the dst entry for the
1001 * default router instead
1004 memcpy(&fl_gw6, fl6, sizeof(struct flowi6));
1005 memset(&fl_gw6.daddr, 0, sizeof(struct in6_addr));
1006 *dst = ip6_route_output(net, sk, &fl_gw6);
1007 err = (*dst)->error;
1009 goto out_err_release;
1020 if (err == -ENETUNREACH)
1021 IP6_INC_STATS(net, NULL, IPSTATS_MIB_OUTNOROUTES);
1026 * ip6_dst_lookup - perform route lookup on flow
1027 * @sk: socket which provides route info
1028 * @dst: pointer to dst_entry * for result
1029 * @fl6: flow to lookup
1031 * This function performs a route lookup on the given flow.
1033 * It returns zero on success, or a standard errno code on error.
1035 int ip6_dst_lookup(struct net *net, struct sock *sk, struct dst_entry **dst,
1039 return ip6_dst_lookup_tail(net, sk, dst, fl6);
1041 EXPORT_SYMBOL_GPL(ip6_dst_lookup);
1044 * ip6_dst_lookup_flow - perform route lookup on flow with ipsec
1045 * @sk: socket which provides route info
1046 * @fl6: flow to lookup
1047 * @final_dst: final destination address for ipsec lookup
1049 * This function performs a route lookup on the given flow.
1051 * It returns a valid dst pointer on success, or a pointer encoded
1054 struct dst_entry *ip6_dst_lookup_flow(const struct sock *sk, struct flowi6 *fl6,
1055 const struct in6_addr *final_dst)
1057 struct dst_entry *dst = NULL;
1060 err = ip6_dst_lookup_tail(sock_net(sk), sk, &dst, fl6);
1062 return ERR_PTR(err);
1064 fl6->daddr = *final_dst;
1065 if (!fl6->flowi6_oif)
1066 fl6->flowi6_oif = l3mdev_fib_oif(dst->dev);
1068 return xfrm_lookup_route(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
1070 EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow);
1073 * ip6_sk_dst_lookup_flow - perform socket cached route lookup on flow
1074 * @sk: socket which provides the dst cache and route info
1075 * @fl6: flow to lookup
1076 * @final_dst: final destination address for ipsec lookup
1078 * This function performs a route lookup on the given flow with the
1079 * possibility of using the cached route in the socket if it is valid.
1080 * It will take the socket dst lock when operating on the dst cache.
1081 * As a result, this function can only be used in process context.
1083 * It returns a valid dst pointer on success, or a pointer encoded
1086 struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
1087 const struct in6_addr *final_dst)
1089 struct dst_entry *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
1091 dst = ip6_sk_dst_check(sk, dst, fl6);
1093 dst = ip6_dst_lookup_flow(sk, fl6, final_dst);
1097 EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow);
1099 static inline int ip6_ufo_append_data(struct sock *sk,
1100 struct sk_buff_head *queue,
1101 int getfrag(void *from, char *to, int offset, int len,
1102 int odd, struct sk_buff *skb),
1103 void *from, int length, int hh_len, int fragheaderlen,
1104 int exthdrlen, int transhdrlen, int mtu,
1105 unsigned int flags, const struct flowi6 *fl6)
1108 struct sk_buff *skb;
1111 /* There is support for UDP large send offload by network
1112 * device, so create one single skb packet containing complete
1115 skb = skb_peek_tail(queue);
1117 skb = sock_alloc_send_skb(sk,
1118 hh_len + fragheaderlen + transhdrlen + 20,
1119 (flags & MSG_DONTWAIT), &err);
1123 /* reserve space for Hardware header */
1124 skb_reserve(skb, hh_len);
1126 /* create space for UDP/IP header */
1127 skb_put(skb, fragheaderlen + transhdrlen);
1129 /* initialize network header pointer */
1130 skb_set_network_header(skb, exthdrlen);
1132 /* initialize protocol header pointer */
1133 skb->transport_header = skb->network_header + fragheaderlen;
1135 skb->protocol = htons(ETH_P_IPV6);
1138 __skb_queue_tail(queue, skb);
1139 } else if (skb_is_gso(skb)) {
1143 skb->ip_summed = CHECKSUM_PARTIAL;
1144 /* Specify the length of each IPv6 datagram fragment.
1145 * It has to be a multiple of 8.
1147 skb_shinfo(skb)->gso_size = (mtu - fragheaderlen -
1148 sizeof(struct frag_hdr)) & ~7;
1149 skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
1150 skb_shinfo(skb)->ip6_frag_id = ipv6_select_ident(sock_net(sk),
1155 return skb_append_datato_frags(sk, skb, getfrag, from,
1156 (length - transhdrlen));
1159 static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src,
1162 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1165 static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src,
1168 return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1171 static void ip6_append_data_mtu(unsigned int *mtu,
1173 unsigned int fragheaderlen,
1174 struct sk_buff *skb,
1175 struct rt6_info *rt,
1176 unsigned int orig_mtu)
1178 if (!(rt->dst.flags & DST_XFRM_TUNNEL)) {
1180 /* first fragment, reserve header_len */
1181 *mtu = orig_mtu - rt->dst.header_len;
1185 * this fragment is not first, the headers
1186 * space is regarded as data space.
1190 *maxfraglen = ((*mtu - fragheaderlen) & ~7)
1191 + fragheaderlen - sizeof(struct frag_hdr);
1195 static int ip6_setup_cork(struct sock *sk, struct inet_cork_full *cork,
1196 struct inet6_cork *v6_cork, struct ipcm6_cookie *ipc6,
1197 struct rt6_info *rt, struct flowi6 *fl6)
1199 struct ipv6_pinfo *np = inet6_sk(sk);
1201 struct ipv6_txoptions *opt = ipc6->opt;
1207 if (WARN_ON(v6_cork->opt))
1210 v6_cork->opt = kzalloc(opt->tot_len, sk->sk_allocation);
1211 if (unlikely(!v6_cork->opt))
1214 v6_cork->opt->tot_len = opt->tot_len;
1215 v6_cork->opt->opt_flen = opt->opt_flen;
1216 v6_cork->opt->opt_nflen = opt->opt_nflen;
1218 v6_cork->opt->dst0opt = ip6_opt_dup(opt->dst0opt,
1220 if (opt->dst0opt && !v6_cork->opt->dst0opt)
1223 v6_cork->opt->dst1opt = ip6_opt_dup(opt->dst1opt,
1225 if (opt->dst1opt && !v6_cork->opt->dst1opt)
1228 v6_cork->opt->hopopt = ip6_opt_dup(opt->hopopt,
1230 if (opt->hopopt && !v6_cork->opt->hopopt)
1233 v6_cork->opt->srcrt = ip6_rthdr_dup(opt->srcrt,
1235 if (opt->srcrt && !v6_cork->opt->srcrt)
1238 /* need source address above miyazawa*/
1241 cork->base.dst = &rt->dst;
1242 cork->fl.u.ip6 = *fl6;
1243 v6_cork->hop_limit = ipc6->hlimit;
1244 v6_cork->tclass = ipc6->tclass;
1245 if (rt->dst.flags & DST_XFRM_TUNNEL)
1246 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ?
1247 rt->dst.dev->mtu : dst_mtu(&rt->dst);
1249 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ?
1250 rt->dst.dev->mtu : dst_mtu(rt->dst.path);
1251 if (np->frag_size < mtu) {
1253 mtu = np->frag_size;
1255 cork->base.fragsize = mtu;
1256 if (dst_allfrag(rt->dst.path))
1257 cork->base.flags |= IPCORK_ALLFRAG;
1258 cork->base.length = 0;
1263 static int __ip6_append_data(struct sock *sk,
1265 struct sk_buff_head *queue,
1266 struct inet_cork *cork,
1267 struct inet6_cork *v6_cork,
1268 struct page_frag *pfrag,
1269 int getfrag(void *from, char *to, int offset,
1270 int len, int odd, struct sk_buff *skb),
1271 void *from, int length, int transhdrlen,
1272 unsigned int flags, struct ipcm6_cookie *ipc6,
1273 const struct sockcm_cookie *sockc)
1275 struct sk_buff *skb, *skb_prev = NULL;
1276 unsigned int maxfraglen, fragheaderlen, mtu, orig_mtu;
1278 int dst_exthdrlen = 0;
1285 struct rt6_info *rt = (struct rt6_info *)cork->dst;
1286 struct ipv6_txoptions *opt = v6_cork->opt;
1287 int csummode = CHECKSUM_NONE;
1288 unsigned int maxnonfragsize, headersize;
1290 skb = skb_peek_tail(queue);
1292 exthdrlen = opt ? opt->opt_flen : 0;
1293 dst_exthdrlen = rt->dst.header_len - rt->rt6i_nfheader_len;
1296 mtu = cork->fragsize;
1299 hh_len = LL_RESERVED_SPACE(rt->dst.dev);
1301 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len +
1302 (opt ? opt->opt_nflen : 0);
1303 maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen -
1304 sizeof(struct frag_hdr);
1306 headersize = sizeof(struct ipv6hdr) +
1307 (opt ? opt->opt_flen + opt->opt_nflen : 0) +
1308 (dst_allfrag(&rt->dst) ?
1309 sizeof(struct frag_hdr) : 0) +
1310 rt->rt6i_nfheader_len;
1312 if (cork->length + length > mtu - headersize && ipc6->dontfrag &&
1313 (sk->sk_protocol == IPPROTO_UDP ||
1314 sk->sk_protocol == IPPROTO_RAW)) {
1315 ipv6_local_rxpmtu(sk, fl6, mtu - headersize +
1316 sizeof(struct ipv6hdr));
1320 if (ip6_sk_ignore_df(sk))
1321 maxnonfragsize = sizeof(struct ipv6hdr) + IPV6_MAXPLEN;
1323 maxnonfragsize = mtu;
1325 if (cork->length + length > maxnonfragsize - headersize) {
1327 ipv6_local_error(sk, EMSGSIZE, fl6,
1329 sizeof(struct ipv6hdr));
1333 /* CHECKSUM_PARTIAL only with no extension headers and when
1334 * we are not going to fragment
1336 if (transhdrlen && sk->sk_protocol == IPPROTO_UDP &&
1337 headersize == sizeof(struct ipv6hdr) &&
1338 length < mtu - headersize &&
1339 !(flags & MSG_MORE) &&
1340 rt->dst.dev->features & (NETIF_F_IPV6_CSUM | NETIF_F_HW_CSUM))
1341 csummode = CHECKSUM_PARTIAL;
1343 if (sk->sk_type == SOCK_DGRAM || sk->sk_type == SOCK_RAW) {
1344 sock_tx_timestamp(sk, sockc->tsflags, &tx_flags);
1345 if (tx_flags & SKBTX_ANY_SW_TSTAMP &&
1346 sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID)
1347 tskey = sk->sk_tskey++;
1351 * Let's try using as much space as possible.
1352 * Use MTU if total length of the message fits into the MTU.
1353 * Otherwise, we need to reserve fragment header and
1354 * fragment alignment (= 8-15 octects, in total).
1356 * Note that we may need to "move" the data from the tail of
1357 * of the buffer to the new fragment when we split
1360 * FIXME: It may be fragmented into multiple chunks
1361 * at once if non-fragmentable extension headers
1366 cork->length += length;
1367 if (((length > mtu) ||
1368 (skb && skb_is_gso(skb))) &&
1369 (sk->sk_protocol == IPPROTO_UDP) &&
1370 (rt->dst.dev->features & NETIF_F_UFO) &&
1371 (sk->sk_type == SOCK_DGRAM) && !udp_get_no_check6_tx(sk)) {
1372 err = ip6_ufo_append_data(sk, queue, getfrag, from, length,
1373 hh_len, fragheaderlen, exthdrlen,
1374 transhdrlen, mtu, flags, fl6);
1383 while (length > 0) {
1384 /* Check if the remaining data fits into current packet. */
1385 copy = (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len;
1387 copy = maxfraglen - skb->len;
1391 unsigned int datalen;
1392 unsigned int fraglen;
1393 unsigned int fraggap;
1394 unsigned int alloclen;
1396 /* There's no room in the current skb */
1398 fraggap = skb->len - maxfraglen;
1401 /* update mtu and maxfraglen if necessary */
1402 if (!skb || !skb_prev)
1403 ip6_append_data_mtu(&mtu, &maxfraglen,
1404 fragheaderlen, skb, rt,
1410 * If remaining data exceeds the mtu,
1411 * we know we need more fragment(s).
1413 datalen = length + fraggap;
1415 if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)
1416 datalen = maxfraglen - fragheaderlen - rt->dst.trailer_len;
1417 if ((flags & MSG_MORE) &&
1418 !(rt->dst.dev->features&NETIF_F_SG))
1421 alloclen = datalen + fragheaderlen;
1423 alloclen += dst_exthdrlen;
1425 if (datalen != length + fraggap) {
1427 * this is not the last fragment, the trailer
1428 * space is regarded as data space.
1430 datalen += rt->dst.trailer_len;
1433 alloclen += rt->dst.trailer_len;
1434 fraglen = datalen + fragheaderlen;
1437 * We just reserve space for fragment header.
1438 * Note: this may be overallocation if the message
1439 * (without MSG_MORE) fits into the MTU.
1441 alloclen += sizeof(struct frag_hdr);
1444 skb = sock_alloc_send_skb(sk,
1446 (flags & MSG_DONTWAIT), &err);
1449 if (atomic_read(&sk->sk_wmem_alloc) <=
1451 skb = sock_wmalloc(sk,
1452 alloclen + hh_len, 1,
1460 * Fill in the control structures
1462 skb->protocol = htons(ETH_P_IPV6);
1463 skb->ip_summed = csummode;
1465 /* reserve for fragmentation and ipsec header */
1466 skb_reserve(skb, hh_len + sizeof(struct frag_hdr) +
1469 /* Only the initial fragment is time stamped */
1470 skb_shinfo(skb)->tx_flags = tx_flags;
1472 skb_shinfo(skb)->tskey = tskey;
1476 * Find where to start putting bytes
1478 data = skb_put(skb, fraglen);
1479 skb_set_network_header(skb, exthdrlen);
1480 data += fragheaderlen;
1481 skb->transport_header = (skb->network_header +
1484 skb->csum = skb_copy_and_csum_bits(
1485 skb_prev, maxfraglen,
1486 data + transhdrlen, fraggap, 0);
1487 skb_prev->csum = csum_sub(skb_prev->csum,
1490 pskb_trim_unique(skb_prev, maxfraglen);
1492 copy = datalen - transhdrlen - fraggap;
1498 } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) {
1505 length -= datalen - fraggap;
1511 * Put the packet on the pending queue
1513 __skb_queue_tail(queue, skb);
1520 if (!(rt->dst.dev->features&NETIF_F_SG)) {
1524 if (getfrag(from, skb_put(skb, copy),
1525 offset, copy, off, skb) < 0) {
1526 __skb_trim(skb, off);
1531 int i = skb_shinfo(skb)->nr_frags;
1534 if (!sk_page_frag_refill(sk, pfrag))
1537 if (!skb_can_coalesce(skb, i, pfrag->page,
1540 if (i == MAX_SKB_FRAGS)
1543 __skb_fill_page_desc(skb, i, pfrag->page,
1545 skb_shinfo(skb)->nr_frags = ++i;
1546 get_page(pfrag->page);
1548 copy = min_t(int, copy, pfrag->size - pfrag->offset);
1550 page_address(pfrag->page) + pfrag->offset,
1551 offset, copy, skb->len, skb) < 0)
1554 pfrag->offset += copy;
1555 skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
1557 skb->data_len += copy;
1558 skb->truesize += copy;
1559 atomic_add(copy, &sk->sk_wmem_alloc);
1570 cork->length -= length;
1571 IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1575 int ip6_append_data(struct sock *sk,
1576 int getfrag(void *from, char *to, int offset, int len,
1577 int odd, struct sk_buff *skb),
1578 void *from, int length, int transhdrlen,
1579 struct ipcm6_cookie *ipc6, struct flowi6 *fl6,
1580 struct rt6_info *rt, unsigned int flags,
1581 const struct sockcm_cookie *sockc)
1583 struct inet_sock *inet = inet_sk(sk);
1584 struct ipv6_pinfo *np = inet6_sk(sk);
1588 if (flags&MSG_PROBE)
1590 if (skb_queue_empty(&sk->sk_write_queue)) {
1594 err = ip6_setup_cork(sk, &inet->cork, &np->cork,
1599 exthdrlen = (ipc6->opt ? ipc6->opt->opt_flen : 0);
1600 length += exthdrlen;
1601 transhdrlen += exthdrlen;
1603 fl6 = &inet->cork.fl.u.ip6;
1607 return __ip6_append_data(sk, fl6, &sk->sk_write_queue, &inet->cork.base,
1608 &np->cork, sk_page_frag(sk), getfrag,
1609 from, length, transhdrlen, flags, ipc6, sockc);
1611 EXPORT_SYMBOL_GPL(ip6_append_data);
1613 static void ip6_cork_release(struct inet_cork_full *cork,
1614 struct inet6_cork *v6_cork)
1617 kfree(v6_cork->opt->dst0opt);
1618 kfree(v6_cork->opt->dst1opt);
1619 kfree(v6_cork->opt->hopopt);
1620 kfree(v6_cork->opt->srcrt);
1621 kfree(v6_cork->opt);
1622 v6_cork->opt = NULL;
1625 if (cork->base.dst) {
1626 dst_release(cork->base.dst);
1627 cork->base.dst = NULL;
1628 cork->base.flags &= ~IPCORK_ALLFRAG;
1630 memset(&cork->fl, 0, sizeof(cork->fl));
1633 struct sk_buff *__ip6_make_skb(struct sock *sk,
1634 struct sk_buff_head *queue,
1635 struct inet_cork_full *cork,
1636 struct inet6_cork *v6_cork)
1638 struct sk_buff *skb, *tmp_skb;
1639 struct sk_buff **tail_skb;
1640 struct in6_addr final_dst_buf, *final_dst = &final_dst_buf;
1641 struct ipv6_pinfo *np = inet6_sk(sk);
1642 struct net *net = sock_net(sk);
1643 struct ipv6hdr *hdr;
1644 struct ipv6_txoptions *opt = v6_cork->opt;
1645 struct rt6_info *rt = (struct rt6_info *)cork->base.dst;
1646 struct flowi6 *fl6 = &cork->fl.u.ip6;
1647 unsigned char proto = fl6->flowi6_proto;
1649 skb = __skb_dequeue(queue);
1652 tail_skb = &(skb_shinfo(skb)->frag_list);
1654 /* move skb->data to ip header from ext header */
1655 if (skb->data < skb_network_header(skb))
1656 __skb_pull(skb, skb_network_offset(skb));
1657 while ((tmp_skb = __skb_dequeue(queue)) != NULL) {
1658 __skb_pull(tmp_skb, skb_network_header_len(skb));
1659 *tail_skb = tmp_skb;
1660 tail_skb = &(tmp_skb->next);
1661 skb->len += tmp_skb->len;
1662 skb->data_len += tmp_skb->len;
1663 skb->truesize += tmp_skb->truesize;
1664 tmp_skb->destructor = NULL;
1668 /* Allow local fragmentation. */
1669 skb->ignore_df = ip6_sk_ignore_df(sk);
1671 *final_dst = fl6->daddr;
1672 __skb_pull(skb, skb_network_header_len(skb));
1673 if (opt && opt->opt_flen)
1674 ipv6_push_frag_opts(skb, opt, &proto);
1675 if (opt && opt->opt_nflen)
1676 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst);
1678 skb_push(skb, sizeof(struct ipv6hdr));
1679 skb_reset_network_header(skb);
1680 hdr = ipv6_hdr(skb);
1682 ip6_flow_hdr(hdr, v6_cork->tclass,
1683 ip6_make_flowlabel(net, skb, fl6->flowlabel,
1684 np->autoflowlabel, fl6));
1685 hdr->hop_limit = v6_cork->hop_limit;
1686 hdr->nexthdr = proto;
1687 hdr->saddr = fl6->saddr;
1688 hdr->daddr = *final_dst;
1690 skb->priority = sk->sk_priority;
1691 skb->mark = sk->sk_mark;
1693 skb_dst_set(skb, dst_clone(&rt->dst));
1694 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
1695 if (proto == IPPROTO_ICMPV6) {
1696 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
1698 ICMP6MSGOUT_INC_STATS(net, idev, icmp6_hdr(skb)->icmp6_type);
1699 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1702 ip6_cork_release(cork, v6_cork);
1707 int ip6_send_skb(struct sk_buff *skb)
1709 struct net *net = sock_net(skb->sk);
1710 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
1713 err = ip6_local_out(net, skb->sk, skb);
1716 err = net_xmit_errno(err);
1718 IP6_INC_STATS(net, rt->rt6i_idev,
1719 IPSTATS_MIB_OUTDISCARDS);
1725 int ip6_push_pending_frames(struct sock *sk)
1727 struct sk_buff *skb;
1729 skb = ip6_finish_skb(sk);
1733 return ip6_send_skb(skb);
1735 EXPORT_SYMBOL_GPL(ip6_push_pending_frames);
1737 static void __ip6_flush_pending_frames(struct sock *sk,
1738 struct sk_buff_head *queue,
1739 struct inet_cork_full *cork,
1740 struct inet6_cork *v6_cork)
1742 struct sk_buff *skb;
1744 while ((skb = __skb_dequeue_tail(queue)) != NULL) {
1746 IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb_dst(skb)),
1747 IPSTATS_MIB_OUTDISCARDS);
1751 ip6_cork_release(cork, v6_cork);
1754 void ip6_flush_pending_frames(struct sock *sk)
1756 __ip6_flush_pending_frames(sk, &sk->sk_write_queue,
1757 &inet_sk(sk)->cork, &inet6_sk(sk)->cork);
1759 EXPORT_SYMBOL_GPL(ip6_flush_pending_frames);
1761 struct sk_buff *ip6_make_skb(struct sock *sk,
1762 int getfrag(void *from, char *to, int offset,
1763 int len, int odd, struct sk_buff *skb),
1764 void *from, int length, int transhdrlen,
1765 struct ipcm6_cookie *ipc6, struct flowi6 *fl6,
1766 struct rt6_info *rt, unsigned int flags,
1767 const struct sockcm_cookie *sockc)
1769 struct inet_cork_full cork;
1770 struct inet6_cork v6_cork;
1771 struct sk_buff_head queue;
1772 int exthdrlen = (ipc6->opt ? ipc6->opt->opt_flen : 0);
1775 if (flags & MSG_PROBE)
1778 __skb_queue_head_init(&queue);
1780 cork.base.flags = 0;
1782 cork.base.opt = NULL;
1784 err = ip6_setup_cork(sk, &cork, &v6_cork, ipc6, rt, fl6);
1786 return ERR_PTR(err);
1788 if (ipc6->dontfrag < 0)
1789 ipc6->dontfrag = inet6_sk(sk)->dontfrag;
1791 err = __ip6_append_data(sk, fl6, &queue, &cork.base, &v6_cork,
1792 ¤t->task_frag, getfrag, from,
1793 length + exthdrlen, transhdrlen + exthdrlen,
1794 flags, ipc6, sockc);
1796 __ip6_flush_pending_frames(sk, &queue, &cork, &v6_cork);
1797 return ERR_PTR(err);
1800 return __ip6_make_skb(sk, &queue, &cork, &v6_cork);