ipv4: add a sock pointer to ip_queue_xmit()
[sfrench/cifs-2.6.git] / net / ipv4 / ip_output.c
1 /*
2  * INET         An implementation of the TCP/IP protocol suite for the LINUX
3  *              operating system.  INET is implemented using the  BSD Socket
4  *              interface as the means of communication with the user level.
5  *
6  *              The Internet Protocol (IP) output module.
7  *
8  * Authors:     Ross Biro
9  *              Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
10  *              Donald Becker, <becker@super.org>
11  *              Alan Cox, <Alan.Cox@linux.org>
12  *              Richard Underwood
13  *              Stefan Becker, <stefanb@yello.ping.de>
14  *              Jorge Cwik, <jorge@laser.satlink.net>
15  *              Arnt Gulbrandsen, <agulbra@nvg.unit.no>
16  *              Hirokazu Takahashi, <taka@valinux.co.jp>
17  *
18  *      See ip_input.c for original log
19  *
20  *      Fixes:
21  *              Alan Cox        :       Missing nonblock feature in ip_build_xmit.
22  *              Mike Kilburn    :       htons() missing in ip_build_xmit.
23  *              Bradford Johnson:       Fix faulty handling of some frames when
24  *                                      no route is found.
25  *              Alexander Demenshin:    Missing sk/skb free in ip_queue_xmit
26  *                                      (in case if packet not accepted by
27  *                                      output firewall rules)
28  *              Mike McLagan    :       Routing by source
29  *              Alexey Kuznetsov:       use new route cache
30  *              Andi Kleen:             Fix broken PMTU recovery and remove
31  *                                      some redundant tests.
32  *      Vitaly E. Lavrov        :       Transparent proxy revived after year coma.
33  *              Andi Kleen      :       Replace ip_reply with ip_send_reply.
34  *              Andi Kleen      :       Split fast and slow ip_build_xmit path
35  *                                      for decreased register pressure on x86
36  *                                      and more readibility.
37  *              Marc Boucher    :       When call_out_firewall returns FW_QUEUE,
38  *                                      silently drop skb instead of failing with -EPERM.
39  *              Detlev Wengorz  :       Copy protocol for fragments.
40  *              Hirokazu Takahashi:     HW checksumming for outgoing UDP
41  *                                      datagrams.
42  *              Hirokazu Takahashi:     sendfile() on UDP works now.
43  */
44
45 #include <asm/uaccess.h>
46 #include <linux/module.h>
47 #include <linux/types.h>
48 #include <linux/kernel.h>
49 #include <linux/mm.h>
50 #include <linux/string.h>
51 #include <linux/errno.h>
52 #include <linux/highmem.h>
53 #include <linux/slab.h>
54
55 #include <linux/socket.h>
56 #include <linux/sockios.h>
57 #include <linux/in.h>
58 #include <linux/inet.h>
59 #include <linux/netdevice.h>
60 #include <linux/etherdevice.h>
61 #include <linux/proc_fs.h>
62 #include <linux/stat.h>
63 #include <linux/init.h>
64
65 #include <net/snmp.h>
66 #include <net/ip.h>
67 #include <net/protocol.h>
68 #include <net/route.h>
69 #include <net/xfrm.h>
70 #include <linux/skbuff.h>
71 #include <net/sock.h>
72 #include <net/arp.h>
73 #include <net/icmp.h>
74 #include <net/checksum.h>
75 #include <net/inetpeer.h>
76 #include <linux/igmp.h>
77 #include <linux/netfilter_ipv4.h>
78 #include <linux/netfilter_bridge.h>
79 #include <linux/mroute.h>
80 #include <linux/netlink.h>
81 #include <linux/tcp.h>
82
83 int sysctl_ip_default_ttl __read_mostly = IPDEFTTL;
84 EXPORT_SYMBOL(sysctl_ip_default_ttl);
85
86 /* Generate a checksum for an outgoing IP datagram. */
87 void ip_send_check(struct iphdr *iph)
88 {
89         iph->check = 0;
90         iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl);
91 }
92 EXPORT_SYMBOL(ip_send_check);
93
94 int __ip_local_out(struct sk_buff *skb)
95 {
96         struct iphdr *iph = ip_hdr(skb);
97
98         iph->tot_len = htons(skb->len);
99         ip_send_check(iph);
100         return nf_hook(NFPROTO_IPV4, NF_INET_LOCAL_OUT, skb, NULL,
101                        skb_dst(skb)->dev, dst_output);
102 }
103
104 int ip_local_out(struct sk_buff *skb)
105 {
106         int err;
107
108         err = __ip_local_out(skb);
109         if (likely(err == 1))
110                 err = dst_output(skb);
111
112         return err;
113 }
114 EXPORT_SYMBOL_GPL(ip_local_out);
115
116 static inline int ip_select_ttl(struct inet_sock *inet, struct dst_entry *dst)
117 {
118         int ttl = inet->uc_ttl;
119
120         if (ttl < 0)
121                 ttl = ip4_dst_hoplimit(dst);
122         return ttl;
123 }
124
125 /*
126  *              Add an ip header to a skbuff and send it out.
127  *
128  */
129 int ip_build_and_send_pkt(struct sk_buff *skb, struct sock *sk,
130                           __be32 saddr, __be32 daddr, struct ip_options_rcu *opt)
131 {
132         struct inet_sock *inet = inet_sk(sk);
133         struct rtable *rt = skb_rtable(skb);
134         struct iphdr *iph;
135
136         /* Build the IP header. */
137         skb_push(skb, sizeof(struct iphdr) + (opt ? opt->opt.optlen : 0));
138         skb_reset_network_header(skb);
139         iph = ip_hdr(skb);
140         iph->version  = 4;
141         iph->ihl      = 5;
142         iph->tos      = inet->tos;
143         if (ip_dont_fragment(sk, &rt->dst))
144                 iph->frag_off = htons(IP_DF);
145         else
146                 iph->frag_off = 0;
147         iph->ttl      = ip_select_ttl(inet, &rt->dst);
148         iph->daddr    = (opt && opt->opt.srr ? opt->opt.faddr : daddr);
149         iph->saddr    = saddr;
150         iph->protocol = sk->sk_protocol;
151         ip_select_ident(skb, &rt->dst, sk);
152
153         if (opt && opt->opt.optlen) {
154                 iph->ihl += opt->opt.optlen>>2;
155                 ip_options_build(skb, &opt->opt, daddr, rt, 0);
156         }
157
158         skb->priority = sk->sk_priority;
159         skb->mark = sk->sk_mark;
160
161         /* Send it out. */
162         return ip_local_out(skb);
163 }
164 EXPORT_SYMBOL_GPL(ip_build_and_send_pkt);
165
166 static inline int ip_finish_output2(struct sk_buff *skb)
167 {
168         struct dst_entry *dst = skb_dst(skb);
169         struct rtable *rt = (struct rtable *)dst;
170         struct net_device *dev = dst->dev;
171         unsigned int hh_len = LL_RESERVED_SPACE(dev);
172         struct neighbour *neigh;
173         u32 nexthop;
174
175         if (rt->rt_type == RTN_MULTICAST) {
176                 IP_UPD_PO_STATS(dev_net(dev), IPSTATS_MIB_OUTMCAST, skb->len);
177         } else if (rt->rt_type == RTN_BROADCAST)
178                 IP_UPD_PO_STATS(dev_net(dev), IPSTATS_MIB_OUTBCAST, skb->len);
179
180         /* Be paranoid, rather than too clever. */
181         if (unlikely(skb_headroom(skb) < hh_len && dev->header_ops)) {
182                 struct sk_buff *skb2;
183
184                 skb2 = skb_realloc_headroom(skb, LL_RESERVED_SPACE(dev));
185                 if (skb2 == NULL) {
186                         kfree_skb(skb);
187                         return -ENOMEM;
188                 }
189                 if (skb->sk)
190                         skb_set_owner_w(skb2, skb->sk);
191                 consume_skb(skb);
192                 skb = skb2;
193         }
194
195         rcu_read_lock_bh();
196         nexthop = (__force u32) rt_nexthop(rt, ip_hdr(skb)->daddr);
197         neigh = __ipv4_neigh_lookup_noref(dev, nexthop);
198         if (unlikely(!neigh))
199                 neigh = __neigh_create(&arp_tbl, &nexthop, dev, false);
200         if (!IS_ERR(neigh)) {
201                 int res = dst_neigh_output(dst, neigh, skb);
202
203                 rcu_read_unlock_bh();
204                 return res;
205         }
206         rcu_read_unlock_bh();
207
208         net_dbg_ratelimited("%s: No header cache and no neighbour!\n",
209                             __func__);
210         kfree_skb(skb);
211         return -EINVAL;
212 }
213
214 static int ip_finish_output(struct sk_buff *skb)
215 {
216 #if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM)
217         /* Policy lookup after SNAT yielded a new policy */
218         if (skb_dst(skb)->xfrm != NULL) {
219                 IPCB(skb)->flags |= IPSKB_REROUTED;
220                 return dst_output(skb);
221         }
222 #endif
223         if (skb->len > ip_skb_dst_mtu(skb) && !skb_is_gso(skb))
224                 return ip_fragment(skb, ip_finish_output2);
225         else
226                 return ip_finish_output2(skb);
227 }
228
229 int ip_mc_output(struct sk_buff *skb)
230 {
231         struct sock *sk = skb->sk;
232         struct rtable *rt = skb_rtable(skb);
233         struct net_device *dev = rt->dst.dev;
234
235         /*
236          *      If the indicated interface is up and running, send the packet.
237          */
238         IP_UPD_PO_STATS(dev_net(dev), IPSTATS_MIB_OUT, skb->len);
239
240         skb->dev = dev;
241         skb->protocol = htons(ETH_P_IP);
242
243         /*
244          *      Multicasts are looped back for other local users
245          */
246
247         if (rt->rt_flags&RTCF_MULTICAST) {
248                 if (sk_mc_loop(sk)
249 #ifdef CONFIG_IP_MROUTE
250                 /* Small optimization: do not loopback not local frames,
251                    which returned after forwarding; they will be  dropped
252                    by ip_mr_input in any case.
253                    Note, that local frames are looped back to be delivered
254                    to local recipients.
255
256                    This check is duplicated in ip_mr_input at the moment.
257                  */
258                     &&
259                     ((rt->rt_flags & RTCF_LOCAL) ||
260                      !(IPCB(skb)->flags & IPSKB_FORWARDED))
261 #endif
262                    ) {
263                         struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
264                         if (newskb)
265                                 NF_HOOK(NFPROTO_IPV4, NF_INET_POST_ROUTING,
266                                         newskb, NULL, newskb->dev,
267                                         dev_loopback_xmit);
268                 }
269
270                 /* Multicasts with ttl 0 must not go beyond the host */
271
272                 if (ip_hdr(skb)->ttl == 0) {
273                         kfree_skb(skb);
274                         return 0;
275                 }
276         }
277
278         if (rt->rt_flags&RTCF_BROADCAST) {
279                 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
280                 if (newskb)
281                         NF_HOOK(NFPROTO_IPV4, NF_INET_POST_ROUTING, newskb,
282                                 NULL, newskb->dev, dev_loopback_xmit);
283         }
284
285         return NF_HOOK_COND(NFPROTO_IPV4, NF_INET_POST_ROUTING, skb, NULL,
286                             skb->dev, ip_finish_output,
287                             !(IPCB(skb)->flags & IPSKB_REROUTED));
288 }
289
290 int ip_output(struct sk_buff *skb)
291 {
292         struct net_device *dev = skb_dst(skb)->dev;
293
294         IP_UPD_PO_STATS(dev_net(dev), IPSTATS_MIB_OUT, skb->len);
295
296         skb->dev = dev;
297         skb->protocol = htons(ETH_P_IP);
298
299         return NF_HOOK_COND(NFPROTO_IPV4, NF_INET_POST_ROUTING, skb, NULL, dev,
300                             ip_finish_output,
301                             !(IPCB(skb)->flags & IPSKB_REROUTED));
302 }
303
304 /*
305  * copy saddr and daddr, possibly using 64bit load/stores
306  * Equivalent to :
307  *   iph->saddr = fl4->saddr;
308  *   iph->daddr = fl4->daddr;
309  */
310 static void ip_copy_addrs(struct iphdr *iph, const struct flowi4 *fl4)
311 {
312         BUILD_BUG_ON(offsetof(typeof(*fl4), daddr) !=
313                      offsetof(typeof(*fl4), saddr) + sizeof(fl4->saddr));
314         memcpy(&iph->saddr, &fl4->saddr,
315                sizeof(fl4->saddr) + sizeof(fl4->daddr));
316 }
317
318 /* Note: skb->sk can be different from sk, in case of tunnels */
319 int ip_queue_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl)
320 {
321         struct inet_sock *inet = inet_sk(sk);
322         struct ip_options_rcu *inet_opt;
323         struct flowi4 *fl4;
324         struct rtable *rt;
325         struct iphdr *iph;
326         int res;
327
328         /* Skip all of this if the packet is already routed,
329          * f.e. by something like SCTP.
330          */
331         rcu_read_lock();
332         inet_opt = rcu_dereference(inet->inet_opt);
333         fl4 = &fl->u.ip4;
334         rt = skb_rtable(skb);
335         if (rt != NULL)
336                 goto packet_routed;
337
338         /* Make sure we can route this packet. */
339         rt = (struct rtable *)__sk_dst_check(sk, 0);
340         if (rt == NULL) {
341                 __be32 daddr;
342
343                 /* Use correct destination address if we have options. */
344                 daddr = inet->inet_daddr;
345                 if (inet_opt && inet_opt->opt.srr)
346                         daddr = inet_opt->opt.faddr;
347
348                 /* If this fails, retransmit mechanism of transport layer will
349                  * keep trying until route appears or the connection times
350                  * itself out.
351                  */
352                 rt = ip_route_output_ports(sock_net(sk), fl4, sk,
353                                            daddr, inet->inet_saddr,
354                                            inet->inet_dport,
355                                            inet->inet_sport,
356                                            sk->sk_protocol,
357                                            RT_CONN_FLAGS(sk),
358                                            sk->sk_bound_dev_if);
359                 if (IS_ERR(rt))
360                         goto no_route;
361                 sk_setup_caps(sk, &rt->dst);
362         }
363         skb_dst_set_noref(skb, &rt->dst);
364
365 packet_routed:
366         if (inet_opt && inet_opt->opt.is_strictroute && rt->rt_uses_gateway)
367                 goto no_route;
368
369         /* OK, we know where to send it, allocate and build IP header. */
370         skb_push(skb, sizeof(struct iphdr) + (inet_opt ? inet_opt->opt.optlen : 0));
371         skb_reset_network_header(skb);
372         iph = ip_hdr(skb);
373         *((__be16 *)iph) = htons((4 << 12) | (5 << 8) | (inet->tos & 0xff));
374         if (ip_dont_fragment(sk, &rt->dst) && !skb->local_df)
375                 iph->frag_off = htons(IP_DF);
376         else
377                 iph->frag_off = 0;
378         iph->ttl      = ip_select_ttl(inet, &rt->dst);
379         iph->protocol = sk->sk_protocol;
380         ip_copy_addrs(iph, fl4);
381
382         /* Transport layer set skb->h.foo itself. */
383
384         if (inet_opt && inet_opt->opt.optlen) {
385                 iph->ihl += inet_opt->opt.optlen >> 2;
386                 ip_options_build(skb, &inet_opt->opt, inet->inet_daddr, rt, 0);
387         }
388
389         ip_select_ident_more(skb, &rt->dst, sk,
390                              (skb_shinfo(skb)->gso_segs ?: 1) - 1);
391
392         /* TODO : should we use skb->sk here instead of sk ? */
393         skb->priority = sk->sk_priority;
394         skb->mark = sk->sk_mark;
395
396         res = ip_local_out(skb);
397         rcu_read_unlock();
398         return res;
399
400 no_route:
401         rcu_read_unlock();
402         IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
403         kfree_skb(skb);
404         return -EHOSTUNREACH;
405 }
406 EXPORT_SYMBOL(ip_queue_xmit);
407
408
409 static void ip_copy_metadata(struct sk_buff *to, struct sk_buff *from)
410 {
411         to->pkt_type = from->pkt_type;
412         to->priority = from->priority;
413         to->protocol = from->protocol;
414         skb_dst_drop(to);
415         skb_dst_copy(to, from);
416         to->dev = from->dev;
417         to->mark = from->mark;
418
419         /* Copy the flags to each fragment. */
420         IPCB(to)->flags = IPCB(from)->flags;
421
422 #ifdef CONFIG_NET_SCHED
423         to->tc_index = from->tc_index;
424 #endif
425         nf_copy(to, from);
426 #if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE)
427         to->ipvs_property = from->ipvs_property;
428 #endif
429         skb_copy_secmark(to, from);
430 }
431
432 /*
433  *      This IP datagram is too large to be sent in one piece.  Break it up into
434  *      smaller pieces (each of size equal to IP header plus
435  *      a block of the data of the original IP data part) that will yet fit in a
436  *      single device frame, and queue such a frame for sending.
437  */
438
439 int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
440 {
441         struct iphdr *iph;
442         int ptr;
443         struct net_device *dev;
444         struct sk_buff *skb2;
445         unsigned int mtu, hlen, left, len, ll_rs;
446         int offset;
447         __be16 not_last_frag;
448         struct rtable *rt = skb_rtable(skb);
449         int err = 0;
450
451         dev = rt->dst.dev;
452
453         /*
454          *      Point into the IP datagram header.
455          */
456
457         iph = ip_hdr(skb);
458
459         mtu = ip_skb_dst_mtu(skb);
460         if (unlikely(((iph->frag_off & htons(IP_DF)) && !skb->local_df) ||
461                      (IPCB(skb)->frag_max_size &&
462                       IPCB(skb)->frag_max_size > mtu))) {
463                 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGFAILS);
464                 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
465                           htonl(mtu));
466                 kfree_skb(skb);
467                 return -EMSGSIZE;
468         }
469
470         /*
471          *      Setup starting values.
472          */
473
474         hlen = iph->ihl * 4;
475         mtu = mtu - hlen;       /* Size of data space */
476 #ifdef CONFIG_BRIDGE_NETFILTER
477         if (skb->nf_bridge)
478                 mtu -= nf_bridge_mtu_reduction(skb);
479 #endif
480         IPCB(skb)->flags |= IPSKB_FRAG_COMPLETE;
481
482         /* When frag_list is given, use it. First, check its validity:
483          * some transformers could create wrong frag_list or break existing
484          * one, it is not prohibited. In this case fall back to copying.
485          *
486          * LATER: this step can be merged to real generation of fragments,
487          * we can switch to copy when see the first bad fragment.
488          */
489         if (skb_has_frag_list(skb)) {
490                 struct sk_buff *frag, *frag2;
491                 int first_len = skb_pagelen(skb);
492
493                 if (first_len - hlen > mtu ||
494                     ((first_len - hlen) & 7) ||
495                     ip_is_fragment(iph) ||
496                     skb_cloned(skb))
497                         goto slow_path;
498
499                 skb_walk_frags(skb, frag) {
500                         /* Correct geometry. */
501                         if (frag->len > mtu ||
502                             ((frag->len & 7) && frag->next) ||
503                             skb_headroom(frag) < hlen)
504                                 goto slow_path_clean;
505
506                         /* Partially cloned skb? */
507                         if (skb_shared(frag))
508                                 goto slow_path_clean;
509
510                         BUG_ON(frag->sk);
511                         if (skb->sk) {
512                                 frag->sk = skb->sk;
513                                 frag->destructor = sock_wfree;
514                         }
515                         skb->truesize -= frag->truesize;
516                 }
517
518                 /* Everything is OK. Generate! */
519
520                 err = 0;
521                 offset = 0;
522                 frag = skb_shinfo(skb)->frag_list;
523                 skb_frag_list_init(skb);
524                 skb->data_len = first_len - skb_headlen(skb);
525                 skb->len = first_len;
526                 iph->tot_len = htons(first_len);
527                 iph->frag_off = htons(IP_MF);
528                 ip_send_check(iph);
529
530                 for (;;) {
531                         /* Prepare header of the next frame,
532                          * before previous one went down. */
533                         if (frag) {
534                                 frag->ip_summed = CHECKSUM_NONE;
535                                 skb_reset_transport_header(frag);
536                                 __skb_push(frag, hlen);
537                                 skb_reset_network_header(frag);
538                                 memcpy(skb_network_header(frag), iph, hlen);
539                                 iph = ip_hdr(frag);
540                                 iph->tot_len = htons(frag->len);
541                                 ip_copy_metadata(frag, skb);
542                                 if (offset == 0)
543                                         ip_options_fragment(frag);
544                                 offset += skb->len - hlen;
545                                 iph->frag_off = htons(offset>>3);
546                                 if (frag->next != NULL)
547                                         iph->frag_off |= htons(IP_MF);
548                                 /* Ready, complete checksum */
549                                 ip_send_check(iph);
550                         }
551
552                         err = output(skb);
553
554                         if (!err)
555                                 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGCREATES);
556                         if (err || !frag)
557                                 break;
558
559                         skb = frag;
560                         frag = skb->next;
561                         skb->next = NULL;
562                 }
563
564                 if (err == 0) {
565                         IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGOKS);
566                         return 0;
567                 }
568
569                 while (frag) {
570                         skb = frag->next;
571                         kfree_skb(frag);
572                         frag = skb;
573                 }
574                 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGFAILS);
575                 return err;
576
577 slow_path_clean:
578                 skb_walk_frags(skb, frag2) {
579                         if (frag2 == frag)
580                                 break;
581                         frag2->sk = NULL;
582                         frag2->destructor = NULL;
583                         skb->truesize += frag2->truesize;
584                 }
585         }
586
587 slow_path:
588         /* for offloaded checksums cleanup checksum before fragmentation */
589         if ((skb->ip_summed == CHECKSUM_PARTIAL) && skb_checksum_help(skb))
590                 goto fail;
591         iph = ip_hdr(skb);
592
593         left = skb->len - hlen;         /* Space per frame */
594         ptr = hlen;             /* Where to start from */
595
596         /* for bridged IP traffic encapsulated inside f.e. a vlan header,
597          * we need to make room for the encapsulating header
598          */
599         ll_rs = LL_RESERVED_SPACE_EXTRA(rt->dst.dev, nf_bridge_pad(skb));
600
601         /*
602          *      Fragment the datagram.
603          */
604
605         offset = (ntohs(iph->frag_off) & IP_OFFSET) << 3;
606         not_last_frag = iph->frag_off & htons(IP_MF);
607
608         /*
609          *      Keep copying data until we run out.
610          */
611
612         while (left > 0) {
613                 len = left;
614                 /* IF: it doesn't fit, use 'mtu' - the data space left */
615                 if (len > mtu)
616                         len = mtu;
617                 /* IF: we are not sending up to and including the packet end
618                    then align the next start on an eight byte boundary */
619                 if (len < left) {
620                         len &= ~7;
621                 }
622                 /*
623                  *      Allocate buffer.
624                  */
625
626                 if ((skb2 = alloc_skb(len+hlen+ll_rs, GFP_ATOMIC)) == NULL) {
627                         NETDEBUG(KERN_INFO "IP: frag: no memory for new fragment!\n");
628                         err = -ENOMEM;
629                         goto fail;
630                 }
631
632                 /*
633                  *      Set up data on packet
634                  */
635
636                 ip_copy_metadata(skb2, skb);
637                 skb_reserve(skb2, ll_rs);
638                 skb_put(skb2, len + hlen);
639                 skb_reset_network_header(skb2);
640                 skb2->transport_header = skb2->network_header + hlen;
641
642                 /*
643                  *      Charge the memory for the fragment to any owner
644                  *      it might possess
645                  */
646
647                 if (skb->sk)
648                         skb_set_owner_w(skb2, skb->sk);
649
650                 /*
651                  *      Copy the packet header into the new buffer.
652                  */
653
654                 skb_copy_from_linear_data(skb, skb_network_header(skb2), hlen);
655
656                 /*
657                  *      Copy a block of the IP datagram.
658                  */
659                 if (skb_copy_bits(skb, ptr, skb_transport_header(skb2), len))
660                         BUG();
661                 left -= len;
662
663                 /*
664                  *      Fill in the new header fields.
665                  */
666                 iph = ip_hdr(skb2);
667                 iph->frag_off = htons((offset >> 3));
668
669                 /* ANK: dirty, but effective trick. Upgrade options only if
670                  * the segment to be fragmented was THE FIRST (otherwise,
671                  * options are already fixed) and make it ONCE
672                  * on the initial skb, so that all the following fragments
673                  * will inherit fixed options.
674                  */
675                 if (offset == 0)
676                         ip_options_fragment(skb);
677
678                 /*
679                  *      Added AC : If we are fragmenting a fragment that's not the
680                  *                 last fragment then keep MF on each bit
681                  */
682                 if (left > 0 || not_last_frag)
683                         iph->frag_off |= htons(IP_MF);
684                 ptr += len;
685                 offset += len;
686
687                 /*
688                  *      Put this fragment into the sending queue.
689                  */
690                 iph->tot_len = htons(len + hlen);
691
692                 ip_send_check(iph);
693
694                 err = output(skb2);
695                 if (err)
696                         goto fail;
697
698                 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGCREATES);
699         }
700         consume_skb(skb);
701         IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGOKS);
702         return err;
703
704 fail:
705         kfree_skb(skb);
706         IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGFAILS);
707         return err;
708 }
709 EXPORT_SYMBOL(ip_fragment);
710
711 int
712 ip_generic_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
713 {
714         struct iovec *iov = from;
715
716         if (skb->ip_summed == CHECKSUM_PARTIAL) {
717                 if (memcpy_fromiovecend(to, iov, offset, len) < 0)
718                         return -EFAULT;
719         } else {
720                 __wsum csum = 0;
721                 if (csum_partial_copy_fromiovecend(to, iov, offset, len, &csum) < 0)
722                         return -EFAULT;
723                 skb->csum = csum_block_add(skb->csum, csum, odd);
724         }
725         return 0;
726 }
727 EXPORT_SYMBOL(ip_generic_getfrag);
728
729 static inline __wsum
730 csum_page(struct page *page, int offset, int copy)
731 {
732         char *kaddr;
733         __wsum csum;
734         kaddr = kmap(page);
735         csum = csum_partial(kaddr + offset, copy, 0);
736         kunmap(page);
737         return csum;
738 }
739
740 static inline int ip_ufo_append_data(struct sock *sk,
741                         struct sk_buff_head *queue,
742                         int getfrag(void *from, char *to, int offset, int len,
743                                int odd, struct sk_buff *skb),
744                         void *from, int length, int hh_len, int fragheaderlen,
745                         int transhdrlen, int maxfraglen, unsigned int flags)
746 {
747         struct sk_buff *skb;
748         int err;
749
750         /* There is support for UDP fragmentation offload by network
751          * device, so create one single skb packet containing complete
752          * udp datagram
753          */
754         if ((skb = skb_peek_tail(queue)) == NULL) {
755                 skb = sock_alloc_send_skb(sk,
756                         hh_len + fragheaderlen + transhdrlen + 20,
757                         (flags & MSG_DONTWAIT), &err);
758
759                 if (skb == NULL)
760                         return err;
761
762                 /* reserve space for Hardware header */
763                 skb_reserve(skb, hh_len);
764
765                 /* create space for UDP/IP header */
766                 skb_put(skb, fragheaderlen + transhdrlen);
767
768                 /* initialize network header pointer */
769                 skb_reset_network_header(skb);
770
771                 /* initialize protocol header pointer */
772                 skb->transport_header = skb->network_header + fragheaderlen;
773
774                 skb->csum = 0;
775
776
777                 __skb_queue_tail(queue, skb);
778         } else if (skb_is_gso(skb)) {
779                 goto append;
780         }
781
782         skb->ip_summed = CHECKSUM_PARTIAL;
783         /* specify the length of each IP datagram fragment */
784         skb_shinfo(skb)->gso_size = maxfraglen - fragheaderlen;
785         skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
786
787 append:
788         return skb_append_datato_frags(sk, skb, getfrag, from,
789                                        (length - transhdrlen));
790 }
791
792 static int __ip_append_data(struct sock *sk,
793                             struct flowi4 *fl4,
794                             struct sk_buff_head *queue,
795                             struct inet_cork *cork,
796                             struct page_frag *pfrag,
797                             int getfrag(void *from, char *to, int offset,
798                                         int len, int odd, struct sk_buff *skb),
799                             void *from, int length, int transhdrlen,
800                             unsigned int flags)
801 {
802         struct inet_sock *inet = inet_sk(sk);
803         struct sk_buff *skb;
804
805         struct ip_options *opt = cork->opt;
806         int hh_len;
807         int exthdrlen;
808         int mtu;
809         int copy;
810         int err;
811         int offset = 0;
812         unsigned int maxfraglen, fragheaderlen, maxnonfragsize;
813         int csummode = CHECKSUM_NONE;
814         struct rtable *rt = (struct rtable *)cork->dst;
815
816         skb = skb_peek_tail(queue);
817
818         exthdrlen = !skb ? rt->dst.header_len : 0;
819         mtu = cork->fragsize;
820
821         hh_len = LL_RESERVED_SPACE(rt->dst.dev);
822
823         fragheaderlen = sizeof(struct iphdr) + (opt ? opt->optlen : 0);
824         maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen;
825         maxnonfragsize = ip_sk_local_df(sk) ? 0xFFFF : mtu;
826
827         if (cork->length + length > maxnonfragsize - fragheaderlen) {
828                 ip_local_error(sk, EMSGSIZE, fl4->daddr, inet->inet_dport,
829                                mtu - (opt ? opt->optlen : 0));
830                 return -EMSGSIZE;
831         }
832
833         /*
834          * transhdrlen > 0 means that this is the first fragment and we wish
835          * it won't be fragmented in the future.
836          */
837         if (transhdrlen &&
838             length + fragheaderlen <= mtu &&
839             rt->dst.dev->features & NETIF_F_V4_CSUM &&
840             !exthdrlen)
841                 csummode = CHECKSUM_PARTIAL;
842
843         cork->length += length;
844         if (((length > mtu) || (skb && skb_is_gso(skb))) &&
845             (sk->sk_protocol == IPPROTO_UDP) &&
846             (rt->dst.dev->features & NETIF_F_UFO) && !rt->dst.header_len) {
847                 err = ip_ufo_append_data(sk, queue, getfrag, from, length,
848                                          hh_len, fragheaderlen, transhdrlen,
849                                          maxfraglen, flags);
850                 if (err)
851                         goto error;
852                 return 0;
853         }
854
855         /* So, what's going on in the loop below?
856          *
857          * We use calculated fragment length to generate chained skb,
858          * each of segments is IP fragment ready for sending to network after
859          * adding appropriate IP header.
860          */
861
862         if (!skb)
863                 goto alloc_new_skb;
864
865         while (length > 0) {
866                 /* Check if the remaining data fits into current packet. */
867                 copy = mtu - skb->len;
868                 if (copy < length)
869                         copy = maxfraglen - skb->len;
870                 if (copy <= 0) {
871                         char *data;
872                         unsigned int datalen;
873                         unsigned int fraglen;
874                         unsigned int fraggap;
875                         unsigned int alloclen;
876                         struct sk_buff *skb_prev;
877 alloc_new_skb:
878                         skb_prev = skb;
879                         if (skb_prev)
880                                 fraggap = skb_prev->len - maxfraglen;
881                         else
882                                 fraggap = 0;
883
884                         /*
885                          * If remaining data exceeds the mtu,
886                          * we know we need more fragment(s).
887                          */
888                         datalen = length + fraggap;
889                         if (datalen > mtu - fragheaderlen)
890                                 datalen = maxfraglen - fragheaderlen;
891                         fraglen = datalen + fragheaderlen;
892
893                         if ((flags & MSG_MORE) &&
894                             !(rt->dst.dev->features&NETIF_F_SG))
895                                 alloclen = mtu;
896                         else
897                                 alloclen = fraglen;
898
899                         alloclen += exthdrlen;
900
901                         /* The last fragment gets additional space at tail.
902                          * Note, with MSG_MORE we overallocate on fragments,
903                          * because we have no idea what fragment will be
904                          * the last.
905                          */
906                         if (datalen == length + fraggap)
907                                 alloclen += rt->dst.trailer_len;
908
909                         if (transhdrlen) {
910                                 skb = sock_alloc_send_skb(sk,
911                                                 alloclen + hh_len + 15,
912                                                 (flags & MSG_DONTWAIT), &err);
913                         } else {
914                                 skb = NULL;
915                                 if (atomic_read(&sk->sk_wmem_alloc) <=
916                                     2 * sk->sk_sndbuf)
917                                         skb = sock_wmalloc(sk,
918                                                            alloclen + hh_len + 15, 1,
919                                                            sk->sk_allocation);
920                                 if (unlikely(skb == NULL))
921                                         err = -ENOBUFS;
922                                 else
923                                         /* only the initial fragment is
924                                            time stamped */
925                                         cork->tx_flags = 0;
926                         }
927                         if (skb == NULL)
928                                 goto error;
929
930                         /*
931                          *      Fill in the control structures
932                          */
933                         skb->ip_summed = csummode;
934                         skb->csum = 0;
935                         skb_reserve(skb, hh_len);
936                         skb_shinfo(skb)->tx_flags = cork->tx_flags;
937
938                         /*
939                          *      Find where to start putting bytes.
940                          */
941                         data = skb_put(skb, fraglen + exthdrlen);
942                         skb_set_network_header(skb, exthdrlen);
943                         skb->transport_header = (skb->network_header +
944                                                  fragheaderlen);
945                         data += fragheaderlen + exthdrlen;
946
947                         if (fraggap) {
948                                 skb->csum = skb_copy_and_csum_bits(
949                                         skb_prev, maxfraglen,
950                                         data + transhdrlen, fraggap, 0);
951                                 skb_prev->csum = csum_sub(skb_prev->csum,
952                                                           skb->csum);
953                                 data += fraggap;
954                                 pskb_trim_unique(skb_prev, maxfraglen);
955                         }
956
957                         copy = datalen - transhdrlen - fraggap;
958                         if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) {
959                                 err = -EFAULT;
960                                 kfree_skb(skb);
961                                 goto error;
962                         }
963
964                         offset += copy;
965                         length -= datalen - fraggap;
966                         transhdrlen = 0;
967                         exthdrlen = 0;
968                         csummode = CHECKSUM_NONE;
969
970                         /*
971                          * Put the packet on the pending queue.
972                          */
973                         __skb_queue_tail(queue, skb);
974                         continue;
975                 }
976
977                 if (copy > length)
978                         copy = length;
979
980                 if (!(rt->dst.dev->features&NETIF_F_SG)) {
981                         unsigned int off;
982
983                         off = skb->len;
984                         if (getfrag(from, skb_put(skb, copy),
985                                         offset, copy, off, skb) < 0) {
986                                 __skb_trim(skb, off);
987                                 err = -EFAULT;
988                                 goto error;
989                         }
990                 } else {
991                         int i = skb_shinfo(skb)->nr_frags;
992
993                         err = -ENOMEM;
994                         if (!sk_page_frag_refill(sk, pfrag))
995                                 goto error;
996
997                         if (!skb_can_coalesce(skb, i, pfrag->page,
998                                               pfrag->offset)) {
999                                 err = -EMSGSIZE;
1000                                 if (i == MAX_SKB_FRAGS)
1001                                         goto error;
1002
1003                                 __skb_fill_page_desc(skb, i, pfrag->page,
1004                                                      pfrag->offset, 0);
1005                                 skb_shinfo(skb)->nr_frags = ++i;
1006                                 get_page(pfrag->page);
1007                         }
1008                         copy = min_t(int, copy, pfrag->size - pfrag->offset);
1009                         if (getfrag(from,
1010                                     page_address(pfrag->page) + pfrag->offset,
1011                                     offset, copy, skb->len, skb) < 0)
1012                                 goto error_efault;
1013
1014                         pfrag->offset += copy;
1015                         skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
1016                         skb->len += copy;
1017                         skb->data_len += copy;
1018                         skb->truesize += copy;
1019                         atomic_add(copy, &sk->sk_wmem_alloc);
1020                 }
1021                 offset += copy;
1022                 length -= copy;
1023         }
1024
1025         return 0;
1026
1027 error_efault:
1028         err = -EFAULT;
1029 error:
1030         cork->length -= length;
1031         IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTDISCARDS);
1032         return err;
1033 }
1034
1035 static int ip_setup_cork(struct sock *sk, struct inet_cork *cork,
1036                          struct ipcm_cookie *ipc, struct rtable **rtp)
1037 {
1038         struct ip_options_rcu *opt;
1039         struct rtable *rt;
1040
1041         /*
1042          * setup for corking.
1043          */
1044         opt = ipc->opt;
1045         if (opt) {
1046                 if (cork->opt == NULL) {
1047                         cork->opt = kmalloc(sizeof(struct ip_options) + 40,
1048                                             sk->sk_allocation);
1049                         if (unlikely(cork->opt == NULL))
1050                                 return -ENOBUFS;
1051                 }
1052                 memcpy(cork->opt, &opt->opt, sizeof(struct ip_options) + opt->opt.optlen);
1053                 cork->flags |= IPCORK_OPT;
1054                 cork->addr = ipc->addr;
1055         }
1056         rt = *rtp;
1057         if (unlikely(!rt))
1058                 return -EFAULT;
1059         /*
1060          * We steal reference to this route, caller should not release it
1061          */
1062         *rtp = NULL;
1063         cork->fragsize = ip_sk_use_pmtu(sk) ?
1064                          dst_mtu(&rt->dst) : rt->dst.dev->mtu;
1065         cork->dst = &rt->dst;
1066         cork->length = 0;
1067         cork->ttl = ipc->ttl;
1068         cork->tos = ipc->tos;
1069         cork->priority = ipc->priority;
1070         cork->tx_flags = ipc->tx_flags;
1071
1072         return 0;
1073 }
1074
1075 /*
1076  *      ip_append_data() and ip_append_page() can make one large IP datagram
1077  *      from many pieces of data. Each pieces will be holded on the socket
1078  *      until ip_push_pending_frames() is called. Each piece can be a page
1079  *      or non-page data.
1080  *
1081  *      Not only UDP, other transport protocols - e.g. raw sockets - can use
1082  *      this interface potentially.
1083  *
1084  *      LATER: length must be adjusted by pad at tail, when it is required.
1085  */
1086 int ip_append_data(struct sock *sk, struct flowi4 *fl4,
1087                    int getfrag(void *from, char *to, int offset, int len,
1088                                int odd, struct sk_buff *skb),
1089                    void *from, int length, int transhdrlen,
1090                    struct ipcm_cookie *ipc, struct rtable **rtp,
1091                    unsigned int flags)
1092 {
1093         struct inet_sock *inet = inet_sk(sk);
1094         int err;
1095
1096         if (flags&MSG_PROBE)
1097                 return 0;
1098
1099         if (skb_queue_empty(&sk->sk_write_queue)) {
1100                 err = ip_setup_cork(sk, &inet->cork.base, ipc, rtp);
1101                 if (err)
1102                         return err;
1103         } else {
1104                 transhdrlen = 0;
1105         }
1106
1107         return __ip_append_data(sk, fl4, &sk->sk_write_queue, &inet->cork.base,
1108                                 sk_page_frag(sk), getfrag,
1109                                 from, length, transhdrlen, flags);
1110 }
1111
1112 ssize_t ip_append_page(struct sock *sk, struct flowi4 *fl4, struct page *page,
1113                        int offset, size_t size, int flags)
1114 {
1115         struct inet_sock *inet = inet_sk(sk);
1116         struct sk_buff *skb;
1117         struct rtable *rt;
1118         struct ip_options *opt = NULL;
1119         struct inet_cork *cork;
1120         int hh_len;
1121         int mtu;
1122         int len;
1123         int err;
1124         unsigned int maxfraglen, fragheaderlen, fraggap, maxnonfragsize;
1125
1126         if (inet->hdrincl)
1127                 return -EPERM;
1128
1129         if (flags&MSG_PROBE)
1130                 return 0;
1131
1132         if (skb_queue_empty(&sk->sk_write_queue))
1133                 return -EINVAL;
1134
1135         cork = &inet->cork.base;
1136         rt = (struct rtable *)cork->dst;
1137         if (cork->flags & IPCORK_OPT)
1138                 opt = cork->opt;
1139
1140         if (!(rt->dst.dev->features&NETIF_F_SG))
1141                 return -EOPNOTSUPP;
1142
1143         hh_len = LL_RESERVED_SPACE(rt->dst.dev);
1144         mtu = cork->fragsize;
1145
1146         fragheaderlen = sizeof(struct iphdr) + (opt ? opt->optlen : 0);
1147         maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen;
1148         maxnonfragsize = ip_sk_local_df(sk) ? 0xFFFF : mtu;
1149
1150         if (cork->length + size > maxnonfragsize - fragheaderlen) {
1151                 ip_local_error(sk, EMSGSIZE, fl4->daddr, inet->inet_dport,
1152                                mtu - (opt ? opt->optlen : 0));
1153                 return -EMSGSIZE;
1154         }
1155
1156         if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL)
1157                 return -EINVAL;
1158
1159         cork->length += size;
1160         if ((size + skb->len > mtu) &&
1161             (sk->sk_protocol == IPPROTO_UDP) &&
1162             (rt->dst.dev->features & NETIF_F_UFO)) {
1163                 skb_shinfo(skb)->gso_size = mtu - fragheaderlen;
1164                 skb_shinfo(skb)->gso_type = SKB_GSO_UDP;
1165         }
1166
1167
1168         while (size > 0) {
1169                 int i;
1170
1171                 if (skb_is_gso(skb))
1172                         len = size;
1173                 else {
1174
1175                         /* Check if the remaining data fits into current packet. */
1176                         len = mtu - skb->len;
1177                         if (len < size)
1178                                 len = maxfraglen - skb->len;
1179                 }
1180                 if (len <= 0) {
1181                         struct sk_buff *skb_prev;
1182                         int alloclen;
1183
1184                         skb_prev = skb;
1185                         fraggap = skb_prev->len - maxfraglen;
1186
1187                         alloclen = fragheaderlen + hh_len + fraggap + 15;
1188                         skb = sock_wmalloc(sk, alloclen, 1, sk->sk_allocation);
1189                         if (unlikely(!skb)) {
1190                                 err = -ENOBUFS;
1191                                 goto error;
1192                         }
1193
1194                         /*
1195                          *      Fill in the control structures
1196                          */
1197                         skb->ip_summed = CHECKSUM_NONE;
1198                         skb->csum = 0;
1199                         skb_reserve(skb, hh_len);
1200
1201                         /*
1202                          *      Find where to start putting bytes.
1203                          */
1204                         skb_put(skb, fragheaderlen + fraggap);
1205                         skb_reset_network_header(skb);
1206                         skb->transport_header = (skb->network_header +
1207                                                  fragheaderlen);
1208                         if (fraggap) {
1209                                 skb->csum = skb_copy_and_csum_bits(skb_prev,
1210                                                                    maxfraglen,
1211                                                     skb_transport_header(skb),
1212                                                                    fraggap, 0);
1213                                 skb_prev->csum = csum_sub(skb_prev->csum,
1214                                                           skb->csum);
1215                                 pskb_trim_unique(skb_prev, maxfraglen);
1216                         }
1217
1218                         /*
1219                          * Put the packet on the pending queue.
1220                          */
1221                         __skb_queue_tail(&sk->sk_write_queue, skb);
1222                         continue;
1223                 }
1224
1225                 i = skb_shinfo(skb)->nr_frags;
1226                 if (len > size)
1227                         len = size;
1228                 if (skb_can_coalesce(skb, i, page, offset)) {
1229                         skb_frag_size_add(&skb_shinfo(skb)->frags[i-1], len);
1230                 } else if (i < MAX_SKB_FRAGS) {
1231                         get_page(page);
1232                         skb_fill_page_desc(skb, i, page, offset, len);
1233                 } else {
1234                         err = -EMSGSIZE;
1235                         goto error;
1236                 }
1237
1238                 if (skb->ip_summed == CHECKSUM_NONE) {
1239                         __wsum csum;
1240                         csum = csum_page(page, offset, len);
1241                         skb->csum = csum_block_add(skb->csum, csum, skb->len);
1242                 }
1243
1244                 skb->len += len;
1245                 skb->data_len += len;
1246                 skb->truesize += len;
1247                 atomic_add(len, &sk->sk_wmem_alloc);
1248                 offset += len;
1249                 size -= len;
1250         }
1251         return 0;
1252
1253 error:
1254         cork->length -= size;
1255         IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTDISCARDS);
1256         return err;
1257 }
1258
1259 static void ip_cork_release(struct inet_cork *cork)
1260 {
1261         cork->flags &= ~IPCORK_OPT;
1262         kfree(cork->opt);
1263         cork->opt = NULL;
1264         dst_release(cork->dst);
1265         cork->dst = NULL;
1266 }
1267
1268 /*
1269  *      Combined all pending IP fragments on the socket as one IP datagram
1270  *      and push them out.
1271  */
1272 struct sk_buff *__ip_make_skb(struct sock *sk,
1273                               struct flowi4 *fl4,
1274                               struct sk_buff_head *queue,
1275                               struct inet_cork *cork)
1276 {
1277         struct sk_buff *skb, *tmp_skb;
1278         struct sk_buff **tail_skb;
1279         struct inet_sock *inet = inet_sk(sk);
1280         struct net *net = sock_net(sk);
1281         struct ip_options *opt = NULL;
1282         struct rtable *rt = (struct rtable *)cork->dst;
1283         struct iphdr *iph;
1284         __be16 df = 0;
1285         __u8 ttl;
1286
1287         if ((skb = __skb_dequeue(queue)) == NULL)
1288                 goto out;
1289         tail_skb = &(skb_shinfo(skb)->frag_list);
1290
1291         /* move skb->data to ip header from ext header */
1292         if (skb->data < skb_network_header(skb))
1293                 __skb_pull(skb, skb_network_offset(skb));
1294         while ((tmp_skb = __skb_dequeue(queue)) != NULL) {
1295                 __skb_pull(tmp_skb, skb_network_header_len(skb));
1296                 *tail_skb = tmp_skb;
1297                 tail_skb = &(tmp_skb->next);
1298                 skb->len += tmp_skb->len;
1299                 skb->data_len += tmp_skb->len;
1300                 skb->truesize += tmp_skb->truesize;
1301                 tmp_skb->destructor = NULL;
1302                 tmp_skb->sk = NULL;
1303         }
1304
1305         /* Unless user demanded real pmtu discovery (IP_PMTUDISC_DO), we allow
1306          * to fragment the frame generated here. No matter, what transforms
1307          * how transforms change size of the packet, it will come out.
1308          */
1309         skb->local_df = ip_sk_local_df(sk);
1310
1311         /* DF bit is set when we want to see DF on outgoing frames.
1312          * If local_df is set too, we still allow to fragment this frame
1313          * locally. */
1314         if (inet->pmtudisc == IP_PMTUDISC_DO ||
1315             inet->pmtudisc == IP_PMTUDISC_PROBE ||
1316             (skb->len <= dst_mtu(&rt->dst) &&
1317              ip_dont_fragment(sk, &rt->dst)))
1318                 df = htons(IP_DF);
1319
1320         if (cork->flags & IPCORK_OPT)
1321                 opt = cork->opt;
1322
1323         if (cork->ttl != 0)
1324                 ttl = cork->ttl;
1325         else if (rt->rt_type == RTN_MULTICAST)
1326                 ttl = inet->mc_ttl;
1327         else
1328                 ttl = ip_select_ttl(inet, &rt->dst);
1329
1330         iph = ip_hdr(skb);
1331         iph->version = 4;
1332         iph->ihl = 5;
1333         iph->tos = (cork->tos != -1) ? cork->tos : inet->tos;
1334         iph->frag_off = df;
1335         iph->ttl = ttl;
1336         iph->protocol = sk->sk_protocol;
1337         ip_copy_addrs(iph, fl4);
1338         ip_select_ident(skb, &rt->dst, sk);
1339
1340         if (opt) {
1341                 iph->ihl += opt->optlen>>2;
1342                 ip_options_build(skb, opt, cork->addr, rt, 0);
1343         }
1344
1345         skb->priority = (cork->tos != -1) ? cork->priority: sk->sk_priority;
1346         skb->mark = sk->sk_mark;
1347         /*
1348          * Steal rt from cork.dst to avoid a pair of atomic_inc/atomic_dec
1349          * on dst refcount
1350          */
1351         cork->dst = NULL;
1352         skb_dst_set(skb, &rt->dst);
1353
1354         if (iph->protocol == IPPROTO_ICMP)
1355                 icmp_out_count(net, ((struct icmphdr *)
1356                         skb_transport_header(skb))->type);
1357
1358         ip_cork_release(cork);
1359 out:
1360         return skb;
1361 }
1362
1363 int ip_send_skb(struct net *net, struct sk_buff *skb)
1364 {
1365         int err;
1366
1367         err = ip_local_out(skb);
1368         if (err) {
1369                 if (err > 0)
1370                         err = net_xmit_errno(err);
1371                 if (err)
1372                         IP_INC_STATS(net, IPSTATS_MIB_OUTDISCARDS);
1373         }
1374
1375         return err;
1376 }
1377
1378 int ip_push_pending_frames(struct sock *sk, struct flowi4 *fl4)
1379 {
1380         struct sk_buff *skb;
1381
1382         skb = ip_finish_skb(sk, fl4);
1383         if (!skb)
1384                 return 0;
1385
1386         /* Netfilter gets whole the not fragmented skb. */
1387         return ip_send_skb(sock_net(sk), skb);
1388 }
1389
1390 /*
1391  *      Throw away all pending data on the socket.
1392  */
1393 static void __ip_flush_pending_frames(struct sock *sk,
1394                                       struct sk_buff_head *queue,
1395                                       struct inet_cork *cork)
1396 {
1397         struct sk_buff *skb;
1398
1399         while ((skb = __skb_dequeue_tail(queue)) != NULL)
1400                 kfree_skb(skb);
1401
1402         ip_cork_release(cork);
1403 }
1404
1405 void ip_flush_pending_frames(struct sock *sk)
1406 {
1407         __ip_flush_pending_frames(sk, &sk->sk_write_queue, &inet_sk(sk)->cork.base);
1408 }
1409
1410 struct sk_buff *ip_make_skb(struct sock *sk,
1411                             struct flowi4 *fl4,
1412                             int getfrag(void *from, char *to, int offset,
1413                                         int len, int odd, struct sk_buff *skb),
1414                             void *from, int length, int transhdrlen,
1415                             struct ipcm_cookie *ipc, struct rtable **rtp,
1416                             unsigned int flags)
1417 {
1418         struct inet_cork cork;
1419         struct sk_buff_head queue;
1420         int err;
1421
1422         if (flags & MSG_PROBE)
1423                 return NULL;
1424
1425         __skb_queue_head_init(&queue);
1426
1427         cork.flags = 0;
1428         cork.addr = 0;
1429         cork.opt = NULL;
1430         err = ip_setup_cork(sk, &cork, ipc, rtp);
1431         if (err)
1432                 return ERR_PTR(err);
1433
1434         err = __ip_append_data(sk, fl4, &queue, &cork,
1435                                &current->task_frag, getfrag,
1436                                from, length, transhdrlen, flags);
1437         if (err) {
1438                 __ip_flush_pending_frames(sk, &queue, &cork);
1439                 return ERR_PTR(err);
1440         }
1441
1442         return __ip_make_skb(sk, fl4, &queue, &cork);
1443 }
1444
1445 /*
1446  *      Fetch data from kernel space and fill in checksum if needed.
1447  */
1448 static int ip_reply_glue_bits(void *dptr, char *to, int offset,
1449                               int len, int odd, struct sk_buff *skb)
1450 {
1451         __wsum csum;
1452
1453         csum = csum_partial_copy_nocheck(dptr+offset, to, len, 0);
1454         skb->csum = csum_block_add(skb->csum, csum, odd);
1455         return 0;
1456 }
1457
1458 /*
1459  *      Generic function to send a packet as reply to another packet.
1460  *      Used to send some TCP resets/acks so far.
1461  *
1462  *      Use a fake percpu inet socket to avoid false sharing and contention.
1463  */
1464 static DEFINE_PER_CPU(struct inet_sock, unicast_sock) = {
1465         .sk = {
1466                 .__sk_common = {
1467                         .skc_refcnt = ATOMIC_INIT(1),
1468                 },
1469                 .sk_wmem_alloc  = ATOMIC_INIT(1),
1470                 .sk_allocation  = GFP_ATOMIC,
1471                 .sk_flags       = (1UL << SOCK_USE_WRITE_QUEUE),
1472         },
1473         .pmtudisc       = IP_PMTUDISC_WANT,
1474         .uc_ttl         = -1,
1475 };
1476
1477 void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
1478                            __be32 saddr, const struct ip_reply_arg *arg,
1479                            unsigned int len)
1480 {
1481         struct ip_options_data replyopts;
1482         struct ipcm_cookie ipc;
1483         struct flowi4 fl4;
1484         struct rtable *rt = skb_rtable(skb);
1485         struct sk_buff *nskb;
1486         struct sock *sk;
1487         struct inet_sock *inet;
1488
1489         if (ip_options_echo(&replyopts.opt.opt, skb))
1490                 return;
1491
1492         ipc.addr = daddr;
1493         ipc.opt = NULL;
1494         ipc.tx_flags = 0;
1495         ipc.ttl = 0;
1496         ipc.tos = -1;
1497
1498         if (replyopts.opt.opt.optlen) {
1499                 ipc.opt = &replyopts.opt;
1500
1501                 if (replyopts.opt.opt.srr)
1502                         daddr = replyopts.opt.opt.faddr;
1503         }
1504
1505         flowi4_init_output(&fl4, arg->bound_dev_if, 0,
1506                            RT_TOS(arg->tos),
1507                            RT_SCOPE_UNIVERSE, ip_hdr(skb)->protocol,
1508                            ip_reply_arg_flowi_flags(arg),
1509                            daddr, saddr,
1510                            tcp_hdr(skb)->source, tcp_hdr(skb)->dest);
1511         security_skb_classify_flow(skb, flowi4_to_flowi(&fl4));
1512         rt = ip_route_output_key(net, &fl4);
1513         if (IS_ERR(rt))
1514                 return;
1515
1516         inet = &get_cpu_var(unicast_sock);
1517
1518         inet->tos = arg->tos;
1519         sk = &inet->sk;
1520         sk->sk_priority = skb->priority;
1521         sk->sk_protocol = ip_hdr(skb)->protocol;
1522         sk->sk_bound_dev_if = arg->bound_dev_if;
1523         sock_net_set(sk, net);
1524         __skb_queue_head_init(&sk->sk_write_queue);
1525         sk->sk_sndbuf = sysctl_wmem_default;
1526         ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base, len, 0,
1527                        &ipc, &rt, MSG_DONTWAIT);
1528         nskb = skb_peek(&sk->sk_write_queue);
1529         if (nskb) {
1530                 if (arg->csumoffset >= 0)
1531                         *((__sum16 *)skb_transport_header(nskb) +
1532                           arg->csumoffset) = csum_fold(csum_add(nskb->csum,
1533                                                                 arg->csum));
1534                 nskb->ip_summed = CHECKSUM_NONE;
1535                 skb_orphan(nskb);
1536                 skb_set_queue_mapping(nskb, skb_get_queue_mapping(skb));
1537                 ip_push_pending_frames(sk, &fl4);
1538         }
1539
1540         put_cpu_var(unicast_sock);
1541
1542         ip_rt_put(rt);
1543 }
1544
1545 void __init ip_init(void)
1546 {
1547         ip_rt_init();
1548         inet_initpeers();
1549
1550 #if defined(CONFIG_IP_MULTICAST)
1551         igmp_mc_init();
1552 #endif
1553 }