~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/ipv6/ip6_output.c

Version: ~ [ linux-6.2-rc3 ] ~ [ linux-6.1.5 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.87 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.162 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.228 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.269 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.302 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.302 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  *      IPv6 output functions
  3  *      Linux INET6 implementation
  4  *
  5  *      Authors:
  6  *      Pedro Roque             <roque@di.fc.ul.pt>
  7  *
  8  *      Based on linux/net/ipv4/ip_output.c
  9  *
 10  *      This program is free software; you can redistribute it and/or
 11  *      modify it under the terms of the GNU General Public License
 12  *      as published by the Free Software Foundation; either version
 13  *      2 of the License, or (at your option) any later version.
 14  *
 15  *      Changes:
 16  *      A.N.Kuznetsov   :       airthmetics in fragmentation.
 17  *                              extension headers are implemented.
 18  *                              route changes now work.
 19  *                              ip6_forward does not confuse sniffers.
 20  *                              etc.
 21  *
 22  *      H. von Brand    :       Added missing #include <linux/string.h>
 23  *      Imran Patel     :       frag id should be in NBO
 24  *      Kazunori MIYAZAWA @USAGI
 25  *                      :       add ip6_append_data and related functions
 26  *                              for datagram xmit
 27  */
 28 
 29 #include <linux/errno.h>
 30 #include <linux/kernel.h>
 31 #include <linux/string.h>
 32 #include <linux/socket.h>
 33 #include <linux/net.h>
 34 #include <linux/netdevice.h>
 35 #include <linux/if_arp.h>
 36 #include <linux/in6.h>
 37 #include <linux/tcp.h>
 38 #include <linux/route.h>
 39 #include <linux/module.h>
 40 #include <linux/slab.h>
 41 
 42 #include <linux/netfilter.h>
 43 #include <linux/netfilter_ipv6.h>
 44 
 45 #include <net/sock.h>
 46 #include <net/snmp.h>
 47 
 48 #include <net/ipv6.h>
 49 #include <net/ndisc.h>
 50 #include <net/protocol.h>
 51 #include <net/ip6_route.h>
 52 #include <net/addrconf.h>
 53 #include <net/rawv6.h>
 54 #include <net/icmp.h>
 55 #include <net/xfrm.h>
 56 #include <net/checksum.h>
 57 #include <linux/mroute6.h>
 58 #include <net/l3mdev.h>
 59 
 60 static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff *skb)
 61 {
 62         struct dst_entry *dst = skb_dst(skb);
 63         struct net_device *dev = dst->dev;
 64         struct neighbour *neigh;
 65         struct in6_addr *nexthop;
 66         int ret;
 67 
 68         skb->protocol = htons(ETH_P_IPV6);
 69         skb->dev = dev;
 70 
 71         if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
 72                 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
 73 
 74                 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(sk) &&
 75                     ((mroute6_socket(net, skb) &&
 76                      !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
 77                      ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
 78                                          &ipv6_hdr(skb)->saddr))) {
 79                         struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
 80 
 81                         /* Do not check for IFF_ALLMULTI; multicast routing
 82                            is not supported in any case.
 83                          */
 84                         if (newskb)
 85                                 NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING,
 86                                         net, sk, newskb, NULL, newskb->dev,
 87                                         dev_loopback_xmit);
 88 
 89                         if (ipv6_hdr(skb)->hop_limit == 0) {
 90                                 IP6_INC_STATS(net, idev,
 91                                               IPSTATS_MIB_OUTDISCARDS);
 92                                 kfree_skb(skb);
 93                                 return 0;
 94                         }
 95                 }
 96 
 97                 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUTMCAST, skb->len);
 98 
 99                 if (IPV6_ADDR_MC_SCOPE(&ipv6_hdr(skb)->daddr) <=
100                     IPV6_ADDR_SCOPE_NODELOCAL &&
101                     !(dev->flags & IFF_LOOPBACK)) {
102                         kfree_skb(skb);
103                         return 0;
104                 }
105         }
106 
107         rcu_read_lock_bh();
108         nexthop = rt6_nexthop((struct rt6_info *)dst, &ipv6_hdr(skb)->daddr);
109         neigh = __ipv6_neigh_lookup_noref(dst->dev, nexthop);
110         if (unlikely(!neigh))
111                 neigh = __neigh_create(&nd_tbl, nexthop, dst->dev, false);
112         if (!IS_ERR(neigh)) {
113                 ret = dst_neigh_output(dst, neigh, skb);
114                 rcu_read_unlock_bh();
115                 return ret;
116         }
117         rcu_read_unlock_bh();
118 
119         IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
120         kfree_skb(skb);
121         return -EINVAL;
122 }
123 
124 static int ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb)
125 {
126         if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
127             dst_allfrag(skb_dst(skb)) ||
128             (IP6CB(skb)->frag_max_size && skb->len > IP6CB(skb)->frag_max_size))
129                 return ip6_fragment(net, sk, skb, ip6_finish_output2);
130         else
131                 return ip6_finish_output2(net, sk, skb);
132 }
133 
134 int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb)
135 {
136         struct net_device *dev = skb_dst(skb)->dev;
137         struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
138 
139         if (unlikely(idev->cnf.disable_ipv6)) {
140                 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS);
141                 kfree_skb(skb);
142                 return 0;
143         }
144 
145         return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING,
146                             net, sk, skb, NULL, dev,
147                             ip6_finish_output,
148                             !(IP6CB(skb)->flags & IP6SKB_REROUTED));
149 }
150 
151 bool ip6_autoflowlabel(struct net *net, const struct ipv6_pinfo *np)
152 {
153         if (!np->autoflowlabel_set)
154                 return ip6_default_np_autolabel(net);
155         else
156                 return np->autoflowlabel;
157 }
158 
159 /*
160  * xmit an sk_buff (used by TCP, SCTP and DCCP)
161  * Note : socket lock is not held for SYNACK packets, but might be modified
162  * by calls to skb_set_owner_w() and ipv6_local_error(),
163  * which are using proper atomic operations or spinlocks.
164  */
165 int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
166              struct ipv6_txoptions *opt, int tclass)
167 {
168         struct net *net = sock_net(sk);
169         const struct ipv6_pinfo *np = inet6_sk(sk);
170         struct in6_addr *first_hop = &fl6->daddr;
171         struct dst_entry *dst = skb_dst(skb);
172         unsigned int head_room;
173         struct ipv6hdr *hdr;
174         u8  proto = fl6->flowi6_proto;
175         int seg_len = skb->len;
176         int hlimit = -1;
177         u32 mtu;
178 
179         head_room = sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev);
180         if (opt)
181                 head_room += opt->opt_nflen + opt->opt_flen;
182 
183         if (unlikely(skb_headroom(skb) < head_room)) {
184                 struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room);
185                 if (!skb2) {
186                         IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
187                                       IPSTATS_MIB_OUTDISCARDS);
188                         kfree_skb(skb);
189                         return -ENOBUFS;
190                 }
191                 if (skb->sk)
192                         skb_set_owner_w(skb2, skb->sk);
193                 consume_skb(skb);
194                 skb = skb2;
195         }
196 
197         if (opt) {
198                 seg_len += opt->opt_nflen + opt->opt_flen;
199 
200                 if (opt->opt_flen)
201                         ipv6_push_frag_opts(skb, opt, &proto);
202 
203                 if (opt->opt_nflen)
204                         ipv6_push_nfrag_opts(skb, opt, &proto, &first_hop);
205         }
206 
207         skb_push(skb, sizeof(struct ipv6hdr));
208         skb_reset_network_header(skb);
209         hdr = ipv6_hdr(skb);
210 
211         /*
212          *      Fill in the IPv6 header
213          */
214         if (np)
215                 hlimit = np->hop_limit;
216         if (hlimit < 0)
217                 hlimit = ip6_dst_hoplimit(dst);
218 
219         ip6_flow_hdr(hdr, tclass, ip6_make_flowlabel(net, skb, fl6->flowlabel,
220                                 ip6_autoflowlabel(net, np), fl6));
221 
222         hdr->payload_len = htons(seg_len);
223         hdr->nexthdr = proto;
224         hdr->hop_limit = hlimit;
225 
226         hdr->saddr = fl6->saddr;
227         hdr->daddr = *first_hop;
228 
229         skb->protocol = htons(ETH_P_IPV6);
230         skb->priority = sk->sk_priority;
231         skb->mark = sk->sk_mark;
232 
233         mtu = dst_mtu(dst);
234         if ((skb->len <= mtu) || skb->ignore_df || skb_is_gso(skb)) {
235                 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)),
236                               IPSTATS_MIB_OUT, skb->len);
237                 /* hooks should never assume socket lock is held.
238                  * we promote our socket to non const
239                  */
240                 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
241                                net, (struct sock *)sk, skb, NULL, dst->dev,
242                                dst_output);
243         }
244 
245         skb->dev = dst->dev;
246         /* ipv6_local_error() does not require socket lock,
247          * we promote our socket to non const
248          */
249         ipv6_local_error((struct sock *)sk, EMSGSIZE, fl6, mtu);
250 
251         IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS);
252         kfree_skb(skb);
253         return -EMSGSIZE;
254 }
255 EXPORT_SYMBOL(ip6_xmit);
256 
257 static int ip6_call_ra_chain(struct sk_buff *skb, int sel)
258 {
259         struct ip6_ra_chain *ra;
260         struct sock *last = NULL;
261 
262         read_lock(&ip6_ra_lock);
263         for (ra = ip6_ra_chain; ra; ra = ra->next) {
264                 struct sock *sk = ra->sk;
265                 if (sk && ra->sel == sel &&
266                     (!sk->sk_bound_dev_if ||
267                      sk->sk_bound_dev_if == skb->dev->ifindex)) {
268                         if (last) {
269                                 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
270                                 if (skb2)
271                                         rawv6_rcv(last, skb2);
272                         }
273                         last = sk;
274                 }
275         }
276 
277         if (last) {
278                 rawv6_rcv(last, skb);
279                 read_unlock(&ip6_ra_lock);
280                 return 1;
281         }
282         read_unlock(&ip6_ra_lock);
283         return 0;
284 }
285 
286 static int ip6_forward_proxy_check(struct sk_buff *skb)
287 {
288         struct ipv6hdr *hdr = ipv6_hdr(skb);
289         u8 nexthdr = hdr->nexthdr;
290         __be16 frag_off;
291         int offset;
292 
293         if (ipv6_ext_hdr(nexthdr)) {
294                 offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr, &frag_off);
295                 if (offset < 0)
296                         return 0;
297         } else
298                 offset = sizeof(struct ipv6hdr);
299 
300         if (nexthdr == IPPROTO_ICMPV6) {
301                 struct icmp6hdr *icmp6;
302 
303                 if (!pskb_may_pull(skb, (skb_network_header(skb) +
304                                          offset + 1 - skb->data)))
305                         return 0;
306 
307                 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset);
308 
309                 switch (icmp6->icmp6_type) {
310                 case NDISC_ROUTER_SOLICITATION:
311                 case NDISC_ROUTER_ADVERTISEMENT:
312                 case NDISC_NEIGHBOUR_SOLICITATION:
313                 case NDISC_NEIGHBOUR_ADVERTISEMENT:
314                 case NDISC_REDIRECT:
315                         /* For reaction involving unicast neighbor discovery
316                          * message destined to the proxied address, pass it to
317                          * input function.
318                          */
319                         return 1;
320                 default:
321                         break;
322                 }
323         }
324 
325         /*
326          * The proxying router can't forward traffic sent to a link-local
327          * address, so signal the sender and discard the packet. This
328          * behavior is clarified by the MIPv6 specification.
329          */
330         if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) {
331                 dst_link_failure(skb);
332                 return -1;
333         }
334 
335         return 0;
336 }
337 
338 static inline int ip6_forward_finish(struct net *net, struct sock *sk,
339                                      struct sk_buff *skb)
340 {
341         struct dst_entry *dst = skb_dst(skb);
342 
343         IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
344         IP6_ADD_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len);
345         skb_sender_cpu_clear(skb);
346         return dst_output(net, sk, skb);
347 }
348 
349 static unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst)
350 {
351         unsigned int mtu;
352         struct inet6_dev *idev;
353 
354         if (dst_metric_locked(dst, RTAX_MTU)) {
355                 mtu = dst_metric_raw(dst, RTAX_MTU);
356                 if (mtu)
357                         return mtu;
358         }
359 
360         mtu = IPV6_MIN_MTU;
361         rcu_read_lock();
362         idev = __in6_dev_get(dst->dev);
363         if (idev)
364                 mtu = idev->cnf.mtu6;
365         rcu_read_unlock();
366 
367         return mtu;
368 }
369 
370 static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu)
371 {
372         if (skb->len <= mtu)
373                 return false;
374 
375         /* ipv6 conntrack defrag sets max_frag_size + ignore_df */
376         if (IP6CB(skb)->frag_max_size && IP6CB(skb)->frag_max_size > mtu)
377                 return true;
378 
379         if (skb->ignore_df)
380                 return false;
381 
382         if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu)
383                 return false;
384 
385         return true;
386 }
387 
388 int ip6_forward(struct sk_buff *skb)
389 {
390         struct dst_entry *dst = skb_dst(skb);
391         struct ipv6hdr *hdr = ipv6_hdr(skb);
392         struct inet6_skb_parm *opt = IP6CB(skb);
393         struct net *net = dev_net(dst->dev);
394         u32 mtu;
395 
396         if (net->ipv6.devconf_all->forwarding == 0)
397                 goto error;
398 
399         if (skb->pkt_type != PACKET_HOST)
400                 goto drop;
401 
402         if (unlikely(skb->sk))
403                 goto drop;
404 
405         if (skb_warn_if_lro(skb))
406                 goto drop;
407 
408         if (!xfrm6_policy_check(NULL, XFRM_POLICY_FWD, skb)) {
409                 IP6_INC_STATS_BH(net, ip6_dst_idev(dst),
410                                  IPSTATS_MIB_INDISCARDS);
411                 goto drop;
412         }
413 
414         skb_forward_csum(skb);
415 
416         /*
417          *      We DO NOT make any processing on
418          *      RA packets, pushing them to user level AS IS
419          *      without ane WARRANTY that application will be able
420          *      to interpret them. The reason is that we
421          *      cannot make anything clever here.
422          *
423          *      We are not end-node, so that if packet contains
424          *      AH/ESP, we cannot make anything.
425          *      Defragmentation also would be mistake, RA packets
426          *      cannot be fragmented, because there is no warranty
427          *      that different fragments will go along one path. --ANK
428          */
429         if (unlikely(opt->flags & IP6SKB_ROUTERALERT)) {
430                 if (ip6_call_ra_chain(skb, ntohs(opt->ra)))
431                         return 0;
432         }
433 
434         /*
435          *      check and decrement ttl
436          */
437         if (hdr->hop_limit <= 1) {
438                 /* Force OUTPUT device used as source address */
439                 skb->dev = dst->dev;
440                 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 0);
441                 IP6_INC_STATS_BH(net, ip6_dst_idev(dst),
442                                  IPSTATS_MIB_INHDRERRORS);
443 
444                 kfree_skb(skb);
445                 return -ETIMEDOUT;
446         }
447 
448         /* XXX: idev->cnf.proxy_ndp? */
449         if (net->ipv6.devconf_all->proxy_ndp &&
450             pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
451                 int proxied = ip6_forward_proxy_check(skb);
452                 if (proxied > 0)
453                         return ip6_input(skb);
454                 else if (proxied < 0) {
455                         IP6_INC_STATS_BH(net, ip6_dst_idev(dst),
456                                          IPSTATS_MIB_INDISCARDS);
457                         goto drop;
458                 }
459         }
460 
461         if (!xfrm6_route_forward(skb)) {
462                 IP6_INC_STATS_BH(net, ip6_dst_idev(dst),
463                                  IPSTATS_MIB_INDISCARDS);
464                 goto drop;
465         }
466         dst = skb_dst(skb);
467 
468         /* IPv6 specs say nothing about it, but it is clear that we cannot
469            send redirects to source routed frames.
470            We don't send redirects to frames decapsulated from IPsec.
471          */
472         if (skb->dev == dst->dev && opt->srcrt == 0 && !skb_sec_path(skb)) {
473                 struct in6_addr *target = NULL;
474                 struct inet_peer *peer;
475                 struct rt6_info *rt;
476 
477                 /*
478                  *      incoming and outgoing devices are the same
479                  *      send a redirect.
480                  */
481 
482                 rt = (struct rt6_info *) dst;
483                 if (rt->rt6i_flags & RTF_GATEWAY)
484                         target = &rt->rt6i_gateway;
485                 else
486                         target = &hdr->daddr;
487 
488                 peer = inet_getpeer_v6(net->ipv6.peers, &hdr->daddr, 1);
489 
490                 /* Limit redirects both by destination (here)
491                    and by source (inside ndisc_send_redirect)
492                  */
493                 if (inet_peer_xrlim_allow(peer, 1*HZ))
494                         ndisc_send_redirect(skb, target);
495                 if (peer)
496                         inet_putpeer(peer);
497         } else {
498                 int addrtype = ipv6_addr_type(&hdr->saddr);
499 
500                 /* This check is security critical. */
501                 if (addrtype == IPV6_ADDR_ANY ||
502                     addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
503                         goto error;
504                 if (addrtype & IPV6_ADDR_LINKLOCAL) {
505                         icmpv6_send(skb, ICMPV6_DEST_UNREACH,
506                                     ICMPV6_NOT_NEIGHBOUR, 0);
507                         goto error;
508                 }
509         }
510 
511         mtu = ip6_dst_mtu_forward(dst);
512         if (mtu < IPV6_MIN_MTU)
513                 mtu = IPV6_MIN_MTU;
514 
515         if (ip6_pkt_too_big(skb, mtu)) {
516                 /* Again, force OUTPUT device used as source address */
517                 skb->dev = dst->dev;
518                 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
519                 IP6_INC_STATS_BH(net, ip6_dst_idev(dst),
520                                  IPSTATS_MIB_INTOOBIGERRORS);
521                 IP6_INC_STATS_BH(net, ip6_dst_idev(dst),
522                                  IPSTATS_MIB_FRAGFAILS);
523                 kfree_skb(skb);
524                 return -EMSGSIZE;
525         }
526 
527         if (skb_cow(skb, dst->dev->hard_header_len)) {
528                 IP6_INC_STATS_BH(net, ip6_dst_idev(dst),
529                                  IPSTATS_MIB_OUTDISCARDS);
530                 goto drop;
531         }
532 
533         hdr = ipv6_hdr(skb);
534 
535         /* Mangling hops number delayed to point after skb COW */
536 
537         hdr->hop_limit--;
538 
539         return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD,
540                        net, NULL, skb, skb->dev, dst->dev,
541                        ip6_forward_finish);
542 
543 error:
544         IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS);
545 drop:
546         kfree_skb(skb);
547         return -EINVAL;
548 }
549 
550 static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
551 {
552         to->pkt_type = from->pkt_type;
553         to->priority = from->priority;
554         to->protocol = from->protocol;
555         skb_dst_drop(to);
556         skb_dst_set(to, dst_clone(skb_dst(from)));
557         to->dev = from->dev;
558         to->mark = from->mark;
559 
560         skb_copy_hash(to, from);
561 
562 #ifdef CONFIG_NET_SCHED
563         to->tc_index = from->tc_index;
564 #endif
565         nf_copy(to, from);
566         skb_copy_secmark(to, from);
567 }
568 
569 int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,
570                  int (*output)(struct net *, struct sock *, struct sk_buff *))
571 {
572         struct sk_buff *frag;
573         struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
574         struct ipv6_pinfo *np = skb->sk && !dev_recursion_level() ?
575                                 inet6_sk(skb->sk) : NULL;
576         struct ipv6hdr *tmp_hdr;
577         struct frag_hdr *fh;
578         unsigned int mtu, hlen, left, len, nexthdr_offset;
579         int hroom, troom;
580         __be32 frag_id;
581         int ptr, offset = 0, err = 0;
582         u8 *prevhdr, nexthdr = 0;
583 
584         err = ip6_find_1stfragopt(skb, &prevhdr);
585         if (err < 0)
586                 goto fail;
587         hlen = err;
588         nexthdr = *prevhdr;
589         nexthdr_offset = prevhdr - skb_network_header(skb);
590 
591         mtu = ip6_skb_dst_mtu(skb);
592 
593         /* We must not fragment if the socket is set to force MTU discovery
594          * or if the skb it not generated by a local socket.
595          */
596         if (unlikely(!skb->ignore_df && skb->len > mtu))
597                 goto fail_toobig;
598 
599         if (IP6CB(skb)->frag_max_size) {
600                 if (IP6CB(skb)->frag_max_size > mtu)
601                         goto fail_toobig;
602 
603                 /* don't send fragments larger than what we received */
604                 mtu = IP6CB(skb)->frag_max_size;
605                 if (mtu < IPV6_MIN_MTU)
606                         mtu = IPV6_MIN_MTU;
607         }
608 
609         if (np && np->frag_size < mtu) {
610                 if (np->frag_size)
611                         mtu = np->frag_size;
612         }
613         if (mtu < hlen + sizeof(struct frag_hdr) + 8)
614                 goto fail_toobig;
615         mtu -= hlen + sizeof(struct frag_hdr);
616 
617         frag_id = ipv6_select_ident(net, &ipv6_hdr(skb)->daddr,
618                                     &ipv6_hdr(skb)->saddr);
619 
620         if (skb->ip_summed == CHECKSUM_PARTIAL &&
621             (err = skb_checksum_help(skb)))
622                 goto fail;
623 
624         prevhdr = skb_network_header(skb) + nexthdr_offset;
625         hroom = LL_RESERVED_SPACE(rt->dst.dev);
626         if (skb_has_frag_list(skb)) {
627                 int first_len = skb_pagelen(skb);
628                 struct sk_buff *frag2;
629 
630                 if (first_len - hlen > mtu ||
631                     ((first_len - hlen) & 7) ||
632                     skb_cloned(skb) ||
633                     skb_headroom(skb) < (hroom + sizeof(struct frag_hdr)))
634                         goto slow_path;
635 
636                 skb_walk_frags(skb, frag) {
637                         /* Correct geometry. */
638                         if (frag->len > mtu ||
639                             ((frag->len & 7) && frag->next) ||
640                             skb_headroom(frag) < (hlen + hroom + sizeof(struct frag_hdr)))
641                                 goto slow_path_clean;
642 
643                         /* Partially cloned skb? */
644                         if (skb_shared(frag))
645                                 goto slow_path_clean;
646 
647                         BUG_ON(frag->sk);
648                         if (skb->sk) {
649                                 frag->sk = skb->sk;
650                                 frag->destructor = sock_wfree;
651                         }
652                         skb->truesize -= frag->truesize;
653                 }
654 
655                 err = 0;
656                 offset = 0;
657                 /* BUILD HEADER */
658 
659                 *prevhdr = NEXTHDR_FRAGMENT;
660                 tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
661                 if (!tmp_hdr) {
662                         err = -ENOMEM;
663                         goto fail;
664                 }
665                 frag = skb_shinfo(skb)->frag_list;
666                 skb_frag_list_init(skb);
667 
668                 __skb_pull(skb, hlen);
669                 fh = (struct frag_hdr *)__skb_push(skb, sizeof(struct frag_hdr));
670                 __skb_push(skb, hlen);
671                 skb_reset_network_header(skb);
672                 memcpy(skb_network_header(skb), tmp_hdr, hlen);
673 
674                 fh->nexthdr = nexthdr;
675                 fh->reserved = 0;
676                 fh->frag_off = htons(IP6_MF);
677                 fh->identification = frag_id;
678 
679                 first_len = skb_pagelen(skb);
680                 skb->data_len = first_len - skb_headlen(skb);
681                 skb->len = first_len;
682                 ipv6_hdr(skb)->payload_len = htons(first_len -
683                                                    sizeof(struct ipv6hdr));
684 
685                 dst_hold(&rt->dst);
686 
687                 for (;;) {
688                         /* Prepare header of the next frame,
689                          * before previous one went down. */
690                         if (frag) {
691                                 frag->ip_summed = CHECKSUM_NONE;
692                                 skb_reset_transport_header(frag);
693                                 fh = (struct frag_hdr *)__skb_push(frag, sizeof(struct frag_hdr));
694                                 __skb_push(frag, hlen);
695                                 skb_reset_network_header(frag);
696                                 memcpy(skb_network_header(frag), tmp_hdr,
697                                        hlen);
698                                 offset += skb->len - hlen - sizeof(struct frag_hdr);
699                                 fh->nexthdr = nexthdr;
700                                 fh->reserved = 0;
701                                 fh->frag_off = htons(offset);
702                                 if (frag->next)
703                                         fh->frag_off |= htons(IP6_MF);
704                                 fh->identification = frag_id;
705                                 ipv6_hdr(frag)->payload_len =
706                                                 htons(frag->len -
707                                                       sizeof(struct ipv6hdr));
708                                 ip6_copy_metadata(frag, skb);
709                         }
710 
711                         err = output(net, sk, skb);
712                         if (!err)
713                                 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
714                                               IPSTATS_MIB_FRAGCREATES);
715 
716                         if (err || !frag)
717                                 break;
718 
719                         skb = frag;
720                         frag = skb->next;
721                         skb->next = NULL;
722                 }
723 
724                 kfree(tmp_hdr);
725 
726                 if (err == 0) {
727                         IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
728                                       IPSTATS_MIB_FRAGOKS);
729                         ip6_rt_put(rt);
730                         return 0;
731                 }
732 
733                 kfree_skb_list(frag);
734 
735                 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
736                               IPSTATS_MIB_FRAGFAILS);
737                 ip6_rt_put(rt);
738                 return err;
739 
740 slow_path_clean:
741                 skb_walk_frags(skb, frag2) {
742                         if (frag2 == frag)
743                                 break;
744                         frag2->sk = NULL;
745                         frag2->destructor = NULL;
746                         skb->truesize += frag2->truesize;
747                 }
748         }
749 
750 slow_path:
751         left = skb->len - hlen;         /* Space per frame */
752         ptr = hlen;                     /* Where to start from */
753 
754         /*
755          *      Fragment the datagram.
756          */
757 
758         troom = rt->dst.dev->needed_tailroom;
759 
760         /*
761          *      Keep copying data until we run out.
762          */
763         while (left > 0)        {
764                 u8 *fragnexthdr_offset;
765 
766                 len = left;
767                 /* IF: it doesn't fit, use 'mtu' - the data space left */
768                 if (len > mtu)
769                         len = mtu;
770                 /* IF: we are not sending up to and including the packet end
771                    then align the next start on an eight byte boundary */
772                 if (len < left) {
773                         len &= ~7;
774                 }
775 
776                 /* Allocate buffer */
777                 frag = alloc_skb(len + hlen + sizeof(struct frag_hdr) +
778                                  hroom + troom, GFP_ATOMIC);
779                 if (!frag) {
780                         err = -ENOMEM;
781                         goto fail;
782                 }
783 
784                 /*
785                  *      Set up data on packet
786                  */
787 
788                 ip6_copy_metadata(frag, skb);
789                 skb_reserve(frag, hroom);
790                 skb_put(frag, len + hlen + sizeof(struct frag_hdr));
791                 skb_reset_network_header(frag);
792                 fh = (struct frag_hdr *)(skb_network_header(frag) + hlen);
793                 frag->transport_header = (frag->network_header + hlen +
794                                           sizeof(struct frag_hdr));
795 
796                 /*
797                  *      Charge the memory for the fragment to any owner
798                  *      it might possess
799                  */
800                 if (skb->sk)
801                         skb_set_owner_w(frag, skb->sk);
802 
803                 /*
804                  *      Copy the packet header into the new buffer.
805                  */
806                 skb_copy_from_linear_data(skb, skb_network_header(frag), hlen);
807 
808                 fragnexthdr_offset = skb_network_header(frag);
809                 fragnexthdr_offset += prevhdr - skb_network_header(skb);
810                 *fragnexthdr_offset = NEXTHDR_FRAGMENT;
811 
812                 /*
813                  *      Build fragment header.
814                  */
815                 fh->nexthdr = nexthdr;
816                 fh->reserved = 0;
817                 fh->identification = frag_id;
818 
819                 /*
820                  *      Copy a block of the IP datagram.
821                  */
822                 BUG_ON(skb_copy_bits(skb, ptr, skb_transport_header(frag),
823                                      len));
824                 left -= len;
825 
826                 fh->frag_off = htons(offset);
827                 if (left > 0)
828                         fh->frag_off |= htons(IP6_MF);
829                 ipv6_hdr(frag)->payload_len = htons(frag->len -
830                                                     sizeof(struct ipv6hdr));
831 
832                 ptr += len;
833                 offset += len;
834 
835                 /*
836                  *      Put this fragment into the sending queue.
837                  */
838                 err = output(net, sk, frag);
839                 if (err)
840                         goto fail;
841 
842                 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
843                               IPSTATS_MIB_FRAGCREATES);
844         }
845         IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
846                       IPSTATS_MIB_FRAGOKS);
847         consume_skb(skb);
848         return err;
849 
850 fail_toobig:
851         if (skb->sk && dst_allfrag(skb_dst(skb)))
852                 sk_nocaps_add(skb->sk, NETIF_F_GSO_MASK);
853 
854         skb->dev = skb_dst(skb)->dev;
855         icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
856         err = -EMSGSIZE;
857 
858 fail:
859         IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
860                       IPSTATS_MIB_FRAGFAILS);
861         kfree_skb(skb);
862         return err;
863 }
864 
865 static inline int ip6_rt_check(const struct rt6key *rt_key,
866                                const struct in6_addr *fl_addr,
867                                const struct in6_addr *addr_cache)
868 {
869         return (rt_key->plen != 128 || !ipv6_addr_equal(fl_addr, &rt_key->addr)) &&
870                 (!addr_cache || !ipv6_addr_equal(fl_addr, addr_cache));
871 }
872 
873 static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
874                                           struct dst_entry *dst,
875                                           const struct flowi6 *fl6)
876 {
877         struct ipv6_pinfo *np = inet6_sk(sk);
878         struct rt6_info *rt;
879 
880         if (!dst)
881                 goto out;
882 
883         if (dst->ops->family != AF_INET6) {
884                 dst_release(dst);
885                 return NULL;
886         }
887 
888         rt = (struct rt6_info *)dst;
889         /* Yes, checking route validity in not connected
890          * case is not very simple. Take into account,
891          * that we do not support routing by source, TOS,
892          * and MSG_DONTROUTE            --ANK (980726)
893          *
894          * 1. ip6_rt_check(): If route was host route,
895          *    check that cached destination is current.
896          *    If it is network route, we still may
897          *    check its validity using saved pointer
898          *    to the last used address: daddr_cache.
899          *    We do not want to save whole address now,
900          *    (because main consumer of this service
901          *    is tcp, which has not this problem),
902          *    so that the last trick works only on connected
903          *    sockets.
904          * 2. oif also should be the same.
905          */
906         if (ip6_rt_check(&rt->rt6i_dst, &fl6->daddr, np->daddr_cache) ||
907 #ifdef CONFIG_IPV6_SUBTREES
908             ip6_rt_check(&rt->rt6i_src, &fl6->saddr, np->saddr_cache) ||
909 #endif
910            (!(fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF) &&
911               (fl6->flowi6_oif && fl6->flowi6_oif != dst->dev->ifindex))) {
912                 dst_release(dst);
913                 dst = NULL;
914         }
915 
916 out:
917         return dst;
918 }
919 
920 static int ip6_dst_lookup_tail(struct net *net, const struct sock *sk,
921                                struct dst_entry **dst, struct flowi6 *fl6)
922 {
923 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
924         struct neighbour *n;
925         struct rt6_info *rt;
926 #endif
927         int err;
928         int flags = 0;
929 
930         /* The correct way to handle this would be to do
931          * ip6_route_get_saddr, and then ip6_route_output; however,
932          * the route-specific preferred source forces the
933          * ip6_route_output call _before_ ip6_route_get_saddr.
934          *
935          * In source specific routing (no src=any default route),
936          * ip6_route_output will fail given src=any saddr, though, so
937          * that's why we try it again later.
938          */
939         if (ipv6_addr_any(&fl6->saddr) && (!*dst || !(*dst)->error)) {
940                 struct rt6_info *rt;
941                 bool had_dst = *dst != NULL;
942 
943                 if (!had_dst)
944                         *dst = ip6_route_output(net, sk, fl6);
945                 rt = (*dst)->error ? NULL : (struct rt6_info *)*dst;
946                 err = ip6_route_get_saddr(net, rt, &fl6->daddr,
947                                           sk ? inet6_sk(sk)->srcprefs : 0,
948                                           &fl6->saddr);
949                 if (err)
950                         goto out_err_release;
951 
952                 /* If we had an erroneous initial result, pretend it
953                  * never existed and let the SA-enabled version take
954                  * over.
955                  */
956                 if (!had_dst && (*dst)->error) {
957                         dst_release(*dst);
958                         *dst = NULL;
959                 }
960 
961                 if (fl6->flowi6_oif)
962                         flags |= RT6_LOOKUP_F_IFACE;
963         }
964 
965         if (!*dst)
966                 *dst = ip6_route_output_flags(net, sk, fl6, flags);
967 
968         err = (*dst)->error;
969         if (err)
970                 goto out_err_release;
971 
972 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
973         /*
974          * Here if the dst entry we've looked up
975          * has a neighbour entry that is in the INCOMPLETE
976          * state and the src address from the flow is
977          * marked as OPTIMISTIC, we release the found
978          * dst entry and replace it instead with the
979          * dst entry of the nexthop router
980          */
981         rt = (struct rt6_info *) *dst;
982         rcu_read_lock_bh();
983         n = __ipv6_neigh_lookup_noref(rt->dst.dev,
984                                       rt6_nexthop(rt, &fl6->daddr));
985         err = n && !(n->nud_state & NUD_VALID) ? -EINVAL : 0;
986         rcu_read_unlock_bh();
987 
988         if (err) {
989                 struct inet6_ifaddr *ifp;
990                 struct flowi6 fl_gw6;
991                 int redirect;
992 
993                 ifp = ipv6_get_ifaddr(net, &fl6->saddr,
994                                       (*dst)->dev, 1);
995 
996                 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
997                 if (ifp)
998                         in6_ifa_put(ifp);
999 
1000                 if (redirect) {
1001                         /*
1002                          * We need to get the dst entry for the
1003                          * default router instead
1004                          */
1005                         dst_release(*dst);
1006                         memcpy(&fl_gw6, fl6, sizeof(struct flowi6));
1007                         memset(&fl_gw6.daddr, 0, sizeof(struct in6_addr));
1008                         *dst = ip6_route_output(net, sk, &fl_gw6);
1009                         err = (*dst)->error;
1010                         if (err)
1011                                 goto out_err_release;
1012                 }
1013         }
1014 #endif
1015         if (ipv6_addr_v4mapped(&fl6->saddr) &&
1016             !(ipv6_addr_v4mapped(&fl6->daddr) || ipv6_addr_any(&fl6->daddr))) {
1017                 err = -EAFNOSUPPORT;
1018                 goto out_err_release;
1019         }
1020 
1021         return 0;
1022 
1023 out_err_release:
1024         if (err == -ENETUNREACH)
1025                 IP6_INC_STATS(net, NULL, IPSTATS_MIB_OUTNOROUTES);
1026         dst_release(*dst);
1027         *dst = NULL;
1028         return err;
1029 }
1030 
1031 /**
1032  *      ip6_dst_lookup - perform route lookup on flow
1033  *      @sk: socket which provides route info
1034  *      @dst: pointer to dst_entry * for result
1035  *      @fl6: flow to lookup
1036  *
1037  *      This function performs a route lookup on the given flow.
1038  *
1039  *      It returns zero on success, or a standard errno code on error.
1040  */
1041 int ip6_dst_lookup(struct net *net, struct sock *sk, struct dst_entry **dst,
1042                    struct flowi6 *fl6)
1043 {
1044         *dst = NULL;
1045         return ip6_dst_lookup_tail(net, sk, dst, fl6);
1046 }
1047 EXPORT_SYMBOL_GPL(ip6_dst_lookup);
1048 
1049 /**
1050  *      ip6_dst_lookup_flow - perform route lookup on flow with ipsec
1051  *      @sk: socket which provides route info
1052  *      @fl6: flow to lookup
1053  *      @final_dst: final destination address for ipsec lookup
1054  *
1055  *      This function performs a route lookup on the given flow.
1056  *
1057  *      It returns a valid dst pointer on success, or a pointer encoded
1058  *      error code.
1059  */
1060 struct dst_entry *ip6_dst_lookup_flow(struct net *net, const struct sock *sk, struct flowi6 *fl6,
1061                                       const struct in6_addr *final_dst)
1062 {
1063         struct dst_entry *dst = NULL;
1064         int err;
1065 
1066         err = ip6_dst_lookup_tail(net, sk, &dst, fl6);
1067         if (err)
1068                 return ERR_PTR(err);
1069         if (final_dst)
1070                 fl6->daddr = *final_dst;
1071         if (!fl6->flowi6_oif)
1072                 fl6->flowi6_oif = l3mdev_fib_oif(dst->dev);
1073 
1074         return xfrm_lookup_route(net, dst, flowi6_to_flowi(fl6), sk, 0);
1075 }
1076 EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow);
1077 
1078 /**
1079  *      ip6_sk_dst_lookup_flow - perform socket cached route lookup on flow
1080  *      @sk: socket which provides the dst cache and route info
1081  *      @fl6: flow to lookup
1082  *      @final_dst: final destination address for ipsec lookup
1083  *
1084  *      This function performs a route lookup on the given flow with the
1085  *      possibility of using the cached route in the socket if it is valid.
1086  *      It will take the socket dst lock when operating on the dst cache.
1087  *      As a result, this function can only be used in process context.
1088  *
1089  *      It returns a valid dst pointer on success, or a pointer encoded
1090  *      error code.
1091  */
1092 struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
1093                                          const struct in6_addr *final_dst)
1094 {
1095         struct dst_entry *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
1096 
1097         dst = ip6_sk_dst_check(sk, dst, fl6);
1098         if (!dst)
1099                 dst = ip6_dst_lookup_flow(sock_net(sk), sk, fl6, final_dst);
1100 
1101         return dst;
1102 }
1103 EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow);
1104 
1105 static inline int ip6_ufo_append_data(struct sock *sk,
1106                         struct sk_buff_head *queue,
1107                         int getfrag(void *from, char *to, int offset, int len,
1108                         int odd, struct sk_buff *skb),
1109                         void *from, int length, int hh_len, int fragheaderlen,
1110                         int exthdrlen, int transhdrlen, int mtu,
1111                         unsigned int flags, const struct flowi6 *fl6)
1112 
1113 {
1114         struct sk_buff *skb;
1115         int err;
1116 
1117         /* There is support for UDP large send offload by network
1118          * device, so create one single skb packet containing complete
1119          * udp datagram
1120          */
1121         skb = skb_peek_tail(queue);
1122         if (!skb) {
1123                 skb = sock_alloc_send_skb(sk,
1124                         hh_len + fragheaderlen + transhdrlen + 20,
1125                         (flags & MSG_DONTWAIT), &err);
1126                 if (!skb)
1127                         return err;
1128 
1129                 /* reserve space for Hardware header */
1130                 skb_reserve(skb, hh_len);
1131 
1132                 /* create space for UDP/IP header */
1133                 skb_put(skb, fragheaderlen + transhdrlen);
1134 
1135                 /* initialize network header pointer */
1136                 skb_set_network_header(skb, exthdrlen);
1137 
1138                 /* initialize protocol header pointer */
1139                 skb->transport_header = skb->network_header + fragheaderlen;
1140 
1141                 skb->protocol = htons(ETH_P_IPV6);
1142                 skb->csum = 0;
1143 
1144                 __skb_queue_tail(queue, skb);
1145         } else if (skb_is_gso(skb)) {
1146                 goto append;
1147         }
1148 
1149         skb->ip_summed = CHECKSUM_PARTIAL;
1150         /* Specify the length of each IPv6 datagram fragment.
1151          * It has to be a multiple of 8.
1152          */
1153         skb_shinfo(skb)->gso_size = (mtu - fragheaderlen -
1154                                      sizeof(struct frag_hdr)) & ~7;
1155         skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
1156         skb_shinfo(skb)->ip6_frag_id = ipv6_select_ident(sock_net(sk),
1157                                                          &fl6->daddr,
1158                                                          &fl6->saddr);
1159 
1160 append:
1161         return skb_append_datato_frags(sk, skb, getfrag, from,
1162                                        (length - transhdrlen));
1163 }
1164 
1165 static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src,
1166                                                gfp_t gfp)
1167 {
1168         return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1169 }
1170 
1171 static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src,
1172                                                 gfp_t gfp)
1173 {
1174         return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
1175 }
1176 
1177 static void ip6_append_data_mtu(unsigned int *mtu,
1178                                 int *maxfraglen,
1179                                 unsigned int fragheaderlen,
1180                                 struct sk_buff *skb,
1181                                 struct rt6_info *rt,
1182                                 unsigned int orig_mtu)
1183 {
1184         if (!(rt->dst.flags & DST_XFRM_TUNNEL)) {
1185                 if (!skb) {
1186                         /* first fragment, reserve header_len */
1187                         *mtu = orig_mtu - rt->dst.header_len;
1188 
1189                 } else {
1190                         /*
1191                          * this fragment is not first, the headers
1192                          * space is regarded as data space.
1193                          */
1194                         *mtu = orig_mtu;
1195                 }
1196                 *maxfraglen = ((*mtu - fragheaderlen) & ~7)
1197                               + fragheaderlen - sizeof(struct frag_hdr);
1198         }
1199 }
1200 
1201 static int ip6_setup_cork(struct sock *sk, struct inet_cork_full *cork,
1202                           struct inet6_cork *v6_cork,
1203                           int hlimit, int tclass, struct ipv6_txoptions *opt,
1204                           struct rt6_info *rt, struct flowi6 *fl6)
1205 {
1206         struct ipv6_pinfo *np = inet6_sk(sk);
1207         unsigned int mtu;
1208 
1209         /*
1210          * setup for corking
1211          */
1212         if (opt) {
1213                 if (WARN_ON(v6_cork->opt))
1214                         return -EINVAL;
1215 
1216                 v6_cork->opt = kzalloc(sizeof(*opt), sk->sk_allocation);
1217                 if (unlikely(!v6_cork->opt))
1218                         return -ENOBUFS;
1219 
1220                 v6_cork->opt->tot_len = sizeof(*opt);
1221                 v6_cork->opt->opt_flen = opt->opt_flen;
1222                 v6_cork->opt->opt_nflen = opt->opt_nflen;
1223 
1224                 v6_cork->opt->dst0opt = ip6_opt_dup(opt->dst0opt,
1225                                                     sk->sk_allocation);
1226                 if (opt->dst0opt && !v6_cork->opt->dst0opt)
1227                         return -ENOBUFS;
1228 
1229                 v6_cork->opt->dst1opt = ip6_opt_dup(opt->dst1opt,
1230                                                     sk->sk_allocation);
1231                 if (opt->dst1opt && !v6_cork->opt->dst1opt)
1232                         return -ENOBUFS;
1233 
1234                 v6_cork->opt->hopopt = ip6_opt_dup(opt->hopopt,
1235                                                    sk->sk_allocation);
1236                 if (opt->hopopt && !v6_cork->opt->hopopt)
1237                         return -ENOBUFS;
1238 
1239                 v6_cork->opt->srcrt = ip6_rthdr_dup(opt->srcrt,
1240                                                     sk->sk_allocation);
1241                 if (opt->srcrt && !v6_cork->opt->srcrt)
1242                         return -ENOBUFS;
1243 
1244                 /* need source address above miyazawa*/
1245         }
1246         dst_hold(&rt->dst);
1247         cork->base.dst = &rt->dst;
1248         cork->fl.u.ip6 = *fl6;
1249         v6_cork->hop_limit = hlimit;
1250         v6_cork->tclass = tclass;
1251         if (rt->dst.flags & DST_XFRM_TUNNEL)
1252                 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ?
1253                       READ_ONCE(rt->dst.dev->mtu) : dst_mtu(&rt->dst);
1254         else
1255                 mtu = np->pmtudisc >= IPV6_PMTUDISC_PROBE ?
1256                       READ_ONCE(rt->dst.dev->mtu) : dst_mtu(rt->dst.path);
1257         if (np->frag_size < mtu) {
1258                 if (np->frag_size)
1259                         mtu = np->frag_size;
1260         }
1261         if (mtu < IPV6_MIN_MTU)
1262                 return -EINVAL;
1263         cork->base.fragsize = mtu;
1264         if (dst_allfrag(rt->dst.path))
1265                 cork->base.flags |= IPCORK_ALLFRAG;
1266         cork->base.length = 0;
1267 
1268         return 0;
1269 }
1270 
1271 static int __ip6_append_data(struct sock *sk,
1272                              struct flowi6 *fl6,
1273                              struct sk_buff_head *queue,
1274                              struct inet_cork *cork,
1275                              struct inet6_cork *v6_cork,
1276                              struct page_frag *pfrag,
1277                              int getfrag(void *from, char *to, int offset,
1278                                          int len, int odd, struct sk_buff *skb),
1279                              void *from, int length, int transhdrlen,
1280                              unsigned int flags, int dontfrag)
1281 {
1282         struct sk_buff *skb, *skb_prev = NULL;
1283         unsigned int maxfraglen, fragheaderlen, mtu, orig_mtu, pmtu;
1284         int exthdrlen = 0;
1285         int dst_exthdrlen = 0;
1286         int hh_len;
1287         int copy;
1288         int err;
1289         int offset = 0;
1290         __u8 tx_flags = 0;
1291         u32 tskey = 0;
1292         struct rt6_info *rt = (struct rt6_info *)cork->dst;
1293         struct ipv6_txoptions *opt = v6_cork->opt;
1294         int csummode = CHECKSUM_NONE;
1295         unsigned int maxnonfragsize, headersize;
1296 
1297         skb = skb_peek_tail(queue);
1298         if (!skb) {
1299                 exthdrlen = opt ? opt->opt_flen : 0;
1300                 dst_exthdrlen = rt->dst.header_len - rt->rt6i_nfheader_len;
1301         }
1302 
1303         mtu = cork->fragsize;
1304         orig_mtu = mtu;
1305 
1306         hh_len = LL_RESERVED_SPACE(rt->dst.dev);
1307 
1308         fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len +
1309                         (opt ? opt->opt_nflen : 0);
1310         maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen -
1311                      sizeof(struct frag_hdr);
1312 
1313         headersize = sizeof(struct ipv6hdr) +
1314                      (opt ? opt->opt_flen + opt->opt_nflen : 0) +
1315                      (dst_allfrag(&rt->dst) ?
1316                       sizeof(struct frag_hdr) : 0) +
1317                      rt->rt6i_nfheader_len;
1318 
1319         /* as per RFC 7112 section 5, the entire IPv6 Header Chain must fit
1320          * the first fragment
1321          */
1322         if (headersize + transhdrlen > mtu)
1323                 goto emsgsize;
1324 
1325         if (cork->length + length > mtu - headersize && dontfrag &&
1326             (sk->sk_protocol == IPPROTO_UDP ||
1327              sk->sk_protocol == IPPROTO_RAW)) {
1328                 ipv6_local_rxpmtu(sk, fl6, mtu - headersize +
1329                                 sizeof(struct ipv6hdr));
1330                 goto emsgsize;
1331         }
1332 
1333         if (ip6_sk_ignore_df(sk))
1334                 maxnonfragsize = sizeof(struct ipv6hdr) + IPV6_MAXPLEN;
1335         else
1336                 maxnonfragsize = mtu;
1337 
1338         if (cork->length + length > maxnonfragsize - headersize) {
1339 emsgsize:
1340                 pmtu = max_t(int, mtu - headersize + sizeof(struct ipv6hdr), 0);
1341                 ipv6_local_error(sk, EMSGSIZE, fl6, pmtu);
1342                 return -EMSGSIZE;
1343         }
1344 
1345         /* CHECKSUM_PARTIAL only with no extension headers and when
1346          * we are not going to fragment
1347          */
1348         if (transhdrlen && sk->sk_protocol == IPPROTO_UDP &&
1349             headersize == sizeof(struct ipv6hdr) &&
1350             length < mtu - headersize &&
1351             !(flags & MSG_MORE) &&
1352             rt->dst.dev->features & NETIF_F_V6_CSUM)
1353                 csummode = CHECKSUM_PARTIAL;
1354 
1355         if (sk->sk_type == SOCK_DGRAM || sk->sk_type == SOCK_RAW) {
1356                 sock_tx_timestamp(sk, &tx_flags);
1357                 if (tx_flags & SKBTX_ANY_SW_TSTAMP &&
1358                     sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID)
1359                         tskey = sk->sk_tskey++;
1360         }
1361 
1362         /*
1363          * Let's try using as much space as possible.
1364          * Use MTU if total length of the message fits into the MTU.
1365          * Otherwise, we need to reserve fragment header and
1366          * fragment alignment (= 8-15 octects, in total).
1367          *
1368          * Note that we may need to "move" the data from the tail of
1369          * of the buffer to the new fragment when we split
1370          * the message.
1371          *
1372          * FIXME: It may be fragmented into multiple chunks
1373          *        at once if non-fragmentable extension headers
1374          *        are too large.
1375          * --yoshfuji
1376          */
1377 
1378         cork->length += length;
1379         if ((skb && skb_is_gso(skb)) ||
1380             (((length + (skb ? skb->len : headersize)) > mtu) &&
1381             (skb_queue_len(queue) <= 1) &&
1382             (sk->sk_protocol == IPPROTO_UDP) &&
1383             (rt->dst.dev->features & NETIF_F_UFO) &&
1384             (sk->sk_type == SOCK_DGRAM) && !udp_get_no_check6_tx(sk))) {
1385                 err = ip6_ufo_append_data(sk, queue, getfrag, from, length,
1386                                           hh_len, fragheaderlen, exthdrlen,
1387                                           transhdrlen, mtu, flags, fl6);
1388                 if (err)
1389                         goto error;
1390                 return 0;
1391         }
1392 
1393         if (!skb)
1394                 goto alloc_new_skb;
1395 
1396         while (length > 0) {
1397                 /* Check if the remaining data fits into current packet. */
1398                 copy = (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len;
1399                 if (copy < length)
1400                         copy = maxfraglen - skb->len;
1401 
1402                 if (copy <= 0) {
1403                         char *data;
1404                         unsigned int datalen;
1405                         unsigned int fraglen;
1406                         unsigned int fraggap;
1407                         unsigned int alloclen;
1408 alloc_new_skb:
1409                         /* There's no room in the current skb */
1410                         if (skb)
1411                                 fraggap = skb->len - maxfraglen;
1412                         else
1413                                 fraggap = 0;
1414                         /* update mtu and maxfraglen if necessary */
1415                         if (!skb || !skb_prev)
1416                                 ip6_append_data_mtu(&mtu, &maxfraglen,
1417                                                     fragheaderlen, skb, rt,
1418                                                     orig_mtu);
1419 
1420                         skb_prev = skb;
1421 
1422                         /*
1423                          * If remaining data exceeds the mtu,
1424                          * we know we need more fragment(s).
1425                          */
1426                         datalen = length + fraggap;
1427 
1428                         if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen)
1429                                 datalen = maxfraglen - fragheaderlen - rt->dst.trailer_len;
1430                         if ((flags & MSG_MORE) &&
1431                             !(rt->dst.dev->features&NETIF_F_SG))
1432                                 alloclen = mtu;
1433                         else
1434                                 alloclen = datalen + fragheaderlen;
1435 
1436                         alloclen += dst_exthdrlen;
1437 
1438                         if (datalen != length + fraggap) {
1439                                 /*
1440                                  * this is not the last fragment, the trailer
1441                                  * space is regarded as data space.
1442                                  */
1443                                 datalen += rt->dst.trailer_len;
1444                         }
1445 
1446                         alloclen += rt->dst.trailer_len;
1447                         fraglen = datalen + fragheaderlen;
1448 
1449                         /*
1450                          * We just reserve space for fragment header.
1451                          * Note: this may be overallocation if the message
1452                          * (without MSG_MORE) fits into the MTU.
1453                          */
1454                         alloclen += sizeof(struct frag_hdr);
1455 
1456                         copy = datalen - transhdrlen - fraggap;
1457                         if (copy < 0) {
1458                                 err = -EINVAL;
1459                                 goto error;
1460                         }
1461                         if (transhdrlen) {
1462                                 skb = sock_alloc_send_skb(sk,
1463                                                 alloclen + hh_len,
1464                                                 (flags & MSG_DONTWAIT), &err);
1465                         } else {
1466                                 skb = NULL;
1467                                 if (atomic_read(&sk->sk_wmem_alloc) <=
1468                                     2 * sk->sk_sndbuf)
1469                                         skb = sock_wmalloc(sk,
1470                                                            alloclen + hh_len, 1,
1471                                                            sk->sk_allocation);
1472                                 if (unlikely(!skb))
1473                                         err = -ENOBUFS;
1474                         }
1475                         if (!skb)
1476                                 goto error;
1477                         /*
1478                          *      Fill in the control structures
1479                          */
1480                         skb->protocol = htons(ETH_P_IPV6);
1481                         skb->ip_summed = csummode;
1482                         skb->csum = 0;
1483                         /* reserve for fragmentation and ipsec header */
1484                         skb_reserve(skb, hh_len + sizeof(struct frag_hdr) +
1485                                     dst_exthdrlen);
1486 
1487                         /* Only the initial fragment is time stamped */
1488                         skb_shinfo(skb)->tx_flags = tx_flags;
1489                         tx_flags = 0;
1490                         skb_shinfo(skb)->tskey = tskey;
1491                         tskey = 0;
1492 
1493                         /*
1494                          *      Find where to start putting bytes
1495                          */
1496                         data = skb_put(skb, fraglen);
1497                         skb_set_network_header(skb, exthdrlen);
1498                         data += fragheaderlen;
1499                         skb->transport_header = (skb->network_header +
1500                                                  fragheaderlen);
1501                         if (fraggap) {
1502                                 skb->csum = skb_copy_and_csum_bits(
1503                                         skb_prev, maxfraglen,
1504                                         data + transhdrlen, fraggap, 0);
1505                                 skb_prev->csum = csum_sub(skb_prev->csum,
1506                                                           skb->csum);
1507                                 data += fraggap;
1508                                 pskb_trim_unique(skb_prev, maxfraglen);
1509                         }
1510                         if (copy > 0 &&
1511                             getfrag(from, data + transhdrlen, offset,
1512                                     copy, fraggap, skb) < 0) {
1513                                 err = -EFAULT;
1514                                 kfree_skb(skb);
1515                                 goto error;
1516                         }
1517 
1518                         offset += copy;
1519                         length -= datalen - fraggap;
1520                         transhdrlen = 0;
1521                         exthdrlen = 0;
1522                         dst_exthdrlen = 0;
1523 
1524                         /*
1525                          * Put the packet on the pending queue
1526                          */
1527                         __skb_queue_tail(queue, skb);
1528                         continue;
1529                 }
1530 
1531                 if (copy > length)
1532                         copy = length;
1533 
1534                 if (!(rt->dst.dev->features&NETIF_F_SG) &&
1535                     skb_tailroom(skb) >= copy) {
1536                         unsigned int off;
1537 
1538                         off = skb->len;
1539                         if (getfrag(from, skb_put(skb, copy),
1540                                                 offset, copy, off, skb) < 0) {
1541                                 __skb_trim(skb, off);
1542                                 err = -EFAULT;
1543                                 goto error;
1544                         }
1545                 } else {
1546                         int i = skb_shinfo(skb)->nr_frags;
1547 
1548                         err = -ENOMEM;
1549                         if (!sk_page_frag_refill(sk, pfrag))
1550                                 goto error;
1551 
1552                         if (!skb_can_coalesce(skb, i, pfrag->page,
1553                                               pfrag->offset)) {
1554                                 err = -EMSGSIZE;
1555                                 if (i == MAX_SKB_FRAGS)
1556                                         goto error;
1557 
1558                                 __skb_fill_page_desc(skb, i, pfrag->page,
1559                                                      pfrag->offset, 0);
1560                                 skb_shinfo(skb)->nr_frags = ++i;
1561                                 get_page(pfrag->page);
1562                         }
1563                         copy = min_t(int, copy, pfrag->size - pfrag->offset);
1564                         if (getfrag(from,
1565                                     page_address(pfrag->page) + pfrag->offset,
1566                                     offset, copy, skb->len, skb) < 0)
1567                                 goto error_efault;
1568 
1569                         pfrag->offset += copy;
1570                         skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
1571                         skb->len += copy;
1572                         skb->data_len += copy;
1573                         skb->truesize += copy;
1574                         atomic_add(copy, &sk->sk_wmem_alloc);
1575                 }
1576                 offset += copy;
1577                 length -= copy;
1578         }
1579 
1580         return 0;
1581 
1582 error_efault:
1583         err = -EFAULT;
1584 error:
1585         cork->length -= length;
1586         IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS);
1587         return err;
1588 }
1589 
1590 int ip6_append_data(struct sock *sk,
1591                     int getfrag(void *from, char *to, int offset, int len,
1592                                 int odd, struct sk_buff *skb),
1593                     void *from, int length, int transhdrlen, int hlimit,
1594                     int tclass, struct ipv6_txoptions *opt, struct flowi6 *fl6,
1595                     struct rt6_info *rt, unsigned int flags, int dontfrag)
1596 {
1597         struct inet_sock *inet = inet_sk(sk);
1598         struct ipv6_pinfo *np = inet6_sk(sk);
1599         int exthdrlen;
1600         int err;
1601 
1602         if (flags&MSG_PROBE)
1603                 return 0;
1604         if (skb_queue_empty(&sk->sk_write_queue)) {
1605                 /*
1606                  * setup for corking
1607                  */
1608                 err = ip6_setup_cork(sk, &inet->cork, &np->cork, hlimit,
1609                                      tclass, opt, rt, fl6);
1610                 if (err)
1611                         return err;
1612 
1613                 exthdrlen = (opt ? opt->opt_flen : 0);
1614                 length += exthdrlen;
1615                 transhdrlen += exthdrlen;
1616         } else {
1617                 fl6 = &inet->cork.fl.u.ip6;
1618                 transhdrlen = 0;
1619         }
1620 
1621         return __ip6_append_data(sk, fl6, &sk->sk_write_queue, &inet->cork.base,
1622                                  &np->cork, sk_page_frag(sk), getfrag,
1623                                  from, length, transhdrlen, flags, dontfrag);
1624 }
1625 EXPORT_SYMBOL_GPL(ip6_append_data);
1626 
1627 static void ip6_cork_release(struct inet_cork_full *cork,
1628                              struct inet6_cork *v6_cork)
1629 {
1630         if (v6_cork->opt) {
1631                 kfree(v6_cork->opt->dst0opt);
1632                 kfree(v6_cork->opt->dst1opt);
1633                 kfree(v6_cork->opt->hopopt);
1634                 kfree(v6_cork->opt->srcrt);
1635                 kfree(v6_cork->opt);
1636                 v6_cork->opt = NULL;
1637         }
1638 
1639         if (cork->base.dst) {
1640                 dst_release(cork->base.dst);
1641                 cork->base.dst = NULL;
1642                 cork->base.flags &= ~IPCORK_ALLFRAG;
1643         }
1644         memset(&cork->fl, 0, sizeof(cork->fl));
1645 }
1646 
1647 struct sk_buff *__ip6_make_skb(struct sock *sk,
1648                                struct sk_buff_head *queue,
1649                                struct inet_cork_full *cork,
1650                                struct inet6_cork *v6_cork)
1651 {
1652         struct sk_buff *skb, *tmp_skb;
1653         struct sk_buff **tail_skb;
1654         struct in6_addr final_dst_buf, *final_dst = &final_dst_buf;
1655         struct ipv6_pinfo *np = inet6_sk(sk);
1656         struct net *net = sock_net(sk);
1657         struct ipv6hdr *hdr;
1658         struct ipv6_txoptions *opt = v6_cork->opt;
1659         struct rt6_info *rt = (struct rt6_info *)cork->base.dst;
1660         struct flowi6 *fl6 = &cork->fl.u.ip6;
1661         unsigned char proto = fl6->flowi6_proto;
1662 
1663         skb = __skb_dequeue(queue);
1664         if (!skb)
1665                 goto out;
1666         tail_skb = &(skb_shinfo(skb)->frag_list);
1667 
1668         /* move skb->data to ip header from ext header */
1669         if (skb->data < skb_network_header(skb))
1670                 __skb_pull(skb, skb_network_offset(skb));
1671         while ((tmp_skb = __skb_dequeue(queue)) != NULL) {
1672                 __skb_pull(tmp_skb, skb_network_header_len(skb));
1673                 *tail_skb = tmp_skb;
1674                 tail_skb = &(tmp_skb->next);
1675                 skb->len += tmp_skb->len;
1676                 skb->data_len += tmp_skb->len;
1677                 skb->truesize += tmp_skb->truesize;
1678                 tmp_skb->destructor = NULL;
1679                 tmp_skb->sk = NULL;
1680         }
1681 
1682         /* Allow local fragmentation. */
1683         skb->ignore_df = ip6_sk_ignore_df(sk);
1684 
1685         *final_dst = fl6->daddr;
1686         __skb_pull(skb, skb_network_header_len(skb));
1687         if (opt && opt->opt_flen)
1688                 ipv6_push_frag_opts(skb, opt, &proto);
1689         if (opt && opt->opt_nflen)
1690                 ipv6_push_nfrag_opts(skb, opt, &proto, &final_dst);
1691 
1692         skb_push(skb, sizeof(struct ipv6hdr));
1693         skb_reset_network_header(skb);
1694         hdr = ipv6_hdr(skb);
1695 
1696         ip6_flow_hdr(hdr, v6_cork->tclass,
1697                      ip6_make_flowlabel(net, skb, fl6->flowlabel,
1698                                         ip6_autoflowlabel(net, np), fl6));
1699         hdr->hop_limit = v6_cork->hop_limit;
1700         hdr->nexthdr = proto;
1701         hdr->saddr = fl6->saddr;
1702         hdr->daddr = *final_dst;
1703 
1704         skb->priority = sk->sk_priority;
1705         skb->mark = sk->sk_mark;
1706 
1707         skb_dst_set(skb, dst_clone(&rt->dst));
1708         IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
1709         if (proto == IPPROTO_ICMPV6) {
1710                 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
1711 
1712                 ICMP6MSGOUT_INC_STATS(net, idev, icmp6_hdr(skb)->icmp6_type);
1713                 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1714         }
1715 
1716         ip6_cork_release(cork, v6_cork);
1717 out:
1718         return skb;
1719 }
1720 
1721 int ip6_send_skb(struct sk_buff *skb)
1722 {
1723         struct net *net = sock_net(skb->sk);
1724         struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
1725         int err;
1726 
1727         err = ip6_local_out(net, skb->sk, skb);
1728         if (err) {
1729                 if (err > 0)
1730                         err = net_xmit_errno(err);
1731                 if (err)
1732                         IP6_INC_STATS(net, rt->rt6i_idev,
1733                                       IPSTATS_MIB_OUTDISCARDS);
1734         }
1735 
1736         return err;
1737 }
1738 
1739 int ip6_push_pending_frames(struct sock *sk)
1740 {
1741         struct sk_buff *skb;
1742 
1743         skb = ip6_finish_skb(sk);
1744         if (!skb)
1745                 return 0;
1746 
1747         return ip6_send_skb(skb);
1748 }
1749 EXPORT_SYMBOL_GPL(ip6_push_pending_frames);
1750 
1751 static void __ip6_flush_pending_frames(struct sock *sk,
1752                                        struct sk_buff_head *queue,
1753                                        struct inet_cork_full *cork,
1754                                        struct inet6_cork *v6_cork)
1755 {
1756         struct sk_buff *skb;
1757 
1758         while ((skb = __skb_dequeue_tail(queue)) != NULL) {
1759                 if (skb_dst(skb))
1760                         IP6_INC_STATS(sock_net(sk), ip6_dst_idev(skb_dst(skb)),
1761                                       IPSTATS_MIB_OUTDISCARDS);
1762                 kfree_skb(skb);
1763         }
1764 
1765         ip6_cork_release(cork, v6_cork);
1766 }
1767 
1768 void ip6_flush_pending_frames(struct sock *sk)
1769 {
1770         __ip6_flush_pending_frames(sk, &sk->sk_write_queue,
1771                                    &inet_sk(sk)->cork, &inet6_sk(sk)->cork);
1772 }
1773 EXPORT_SYMBOL_GPL(ip6_flush_pending_frames);
1774 
1775 struct sk_buff *ip6_make_skb(struct sock *sk,
1776                              int getfrag(void *from, char *to, int offset,
1777                                          int len, int odd, struct sk_buff *skb),
1778                              void *from, int length, int transhdrlen,
1779                              int hlimit, int tclass,
1780                              struct ipv6_txoptions *opt, struct flowi6 *fl6,
1781                              struct rt6_info *rt, unsigned int flags,
1782                              int dontfrag)
1783 {
1784         struct inet_cork_full cork;
1785         struct inet6_cork v6_cork;
1786         struct sk_buff_head queue;
1787         int exthdrlen = (opt ? opt->opt_flen : 0);
1788         int err;
1789 
1790         if (flags & MSG_PROBE)
1791                 return NULL;
1792 
1793         __skb_queue_head_init(&queue);
1794 
1795         cork.base.flags = 0;
1796         cork.base.addr = 0;
1797         cork.base.opt = NULL;
1798         cork.base.dst = NULL;
1799         v6_cork.opt = NULL;
1800         err = ip6_setup_cork(sk, &cork, &v6_cork, hlimit, tclass, opt, rt, fl6);
1801         if (err) {
1802                 ip6_cork_release(&cork, &v6_cork);
1803                 return ERR_PTR(err);
1804         }
1805 
1806         if (dontfrag < 0)
1807                 dontfrag = inet6_sk(sk)->dontfrag;
1808 
1809         err = __ip6_append_data(sk, fl6, &queue, &cork.base, &v6_cork,
1810                                 &current->task_frag, getfrag, from,
1811                                 length + exthdrlen, transhdrlen + exthdrlen,
1812                                 flags, dontfrag);
1813         if (err) {
1814                 __ip6_flush_pending_frames(sk, &queue, &cork, &v6_cork);
1815                 return ERR_PTR(err);
1816         }
1817 
1818         return __ip6_make_skb(sk, &queue, &cork, &v6_cork);
1819 }
1820 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp