openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

net: ipv6: add skbuff fraglist splitter 

This patch adds the skbuff fraglist split iterator. This API provides an
iterator to transform the fraglist into single skbuff objects, it
consists of:

* ip6_fraglist_init(), that initializes the internal state of the
  fraglist iterator.
* ip6_fraglist_prepare(), that restores the IPv6 header on the fragment.
* ip6_fraglist_next(), that retrieves the fragment from the fraglist and
  updates the internal state of the iterator to point to the next
  fragment in the fraglist.

The ip6_fraglist_iter object stores the internal state of the iterator.

This code has been extracted from ip6_fragment(). Symbols are also
exported to allow to reuse this iterator from the bridge codepath to
build its own refragmentation routine by reusing the existing codebase.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Pablo Neira Ayuso 2019-05-29 13:25:32 +02:00 committed by David S. Miller
parent c8b17be0b7
commit 0feca6190f
2 changed files with 102 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
include/net/ipv6.h
View File

@ -154,6 +154,31 @@ struct frag_hdr {
#define IP6_MF 0x0001 #define IP6_MF 0x0001
#define IP6_OFFSET 0xFFF8 #define IP6_OFFSET 0xFFF8
struct ip6_fraglist_iter {
struct ipv6hdr *tmp_hdr;
struct sk_buff *frag_list;
struct sk_buff *frag;
int offset;
unsigned int hlen;
__be32 frag_id;
u8 nexthdr;
};
int ip6_fraglist_init(struct sk_buff *skb, unsigned int hlen, u8 *prevhdr,
u8 nexthdr, __be32 frag_id,
struct ip6_fraglist_iter *iter);
void ip6_fraglist_prepare(struct sk_buff *skb, struct ip6_fraglist_iter *iter);
static inline struct sk_buff *ip6_fraglist_next(struct ip6_fraglist_iter *iter)
{
struct sk_buff *skb = iter->frag;
iter->frag = skb->next;
skb_mark_not_on_list(skb);
return skb;
}
#define IP6_REPLY_MARK(net, mark) \ #define IP6_REPLY_MARK(net, mark) \
((net)->ipv6.sysctl.fwmark_reflect ? (mark) : 0) ((net)->ipv6.sysctl.fwmark_reflect ? (mark) : 0)

132
net/ipv6/ip6_output.c
View File

@ -592,6 +592,73 @@ static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
skb_copy_secmark(to, from); skb_copy_secmark(to, from);
} }
int ip6_fraglist_init(struct sk_buff *skb, unsigned int hlen, u8 *prevhdr,
u8 nexthdr, __be32 frag_id,
struct ip6_fraglist_iter *iter)
{
unsigned int first_len;
struct frag_hdr *fh;
/* BUILD HEADER */
*prevhdr = NEXTHDR_FRAGMENT;
iter->tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
if (!iter->tmp_hdr)
return -ENOMEM;
iter->frag_list = skb_shinfo(skb)->frag_list;
iter->frag = iter->frag_list;
skb_frag_list_init(skb);
iter->offset = 0;
iter->hlen = hlen;
iter->frag_id = frag_id;
iter->nexthdr = nexthdr;
__skb_pull(skb, hlen);
fh = __skb_push(skb, sizeof(struct frag_hdr));
__skb_push(skb, hlen);
skb_reset_network_header(skb);
memcpy(skb_network_header(skb), iter->tmp_hdr, hlen);
fh->nexthdr = nexthdr;
fh->reserved = 0;
fh->frag_off = htons(IP6_MF);
fh->identification = frag_id;
first_len = skb_pagelen(skb);
skb->data_len = first_len - skb_headlen(skb);
skb->len = first_len;
ipv6_hdr(skb)->payload_len = htons(first_len - sizeof(struct ipv6hdr));
return 0;
}
EXPORT_SYMBOL(ip6_fraglist_init);
void ip6_fraglist_prepare(struct sk_buff *skb,
struct ip6_fraglist_iter *iter)
{
struct sk_buff *frag = iter->frag;
unsigned int hlen = iter->hlen;
struct frag_hdr *fh;
frag->ip_summed = CHECKSUM_NONE;
skb_reset_transport_header(frag);
fh = __skb_push(frag, sizeof(struct frag_hdr));
__skb_push(frag, hlen);
skb_reset_network_header(frag);
memcpy(skb_network_header(frag), iter->tmp_hdr, hlen);
iter->offset += skb->len - hlen - sizeof(struct frag_hdr);
fh->nexthdr = iter->nexthdr;
fh->reserved = 0;
fh->frag_off = htons(iter->offset);
if (frag->next)
fh->frag_off |= htons(IP6_MF);
fh->identification = iter->frag_id;
ipv6_hdr(frag)->payload_len = htons(frag->len - sizeof(struct ipv6hdr));
ip6_copy_metadata(frag, skb);
}
EXPORT_SYMBOL(ip6_fraglist_prepare);
int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb, int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,
int (*output)(struct net *, struct sock *, struct sk_buff *)) int (*output)(struct net *, struct sock *, struct sk_buff *))
{ {
@ -599,7 +666,6 @@ int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,
struct rt6_info *rt = (struct rt6_info *)skb_dst(skb); struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
struct ipv6_pinfo *np = skb->sk && !dev_recursion_level() ? struct ipv6_pinfo *np = skb->sk && !dev_recursion_level() ?
inet6_sk(skb->sk) : NULL; inet6_sk(skb->sk) : NULL;
struct ipv6hdr *tmp_hdr;
struct frag_hdr *fh; struct frag_hdr *fh;
unsigned int mtu, hlen, left, len, nexthdr_offset; unsigned int mtu, hlen, left, len, nexthdr_offset;
int hroom, troom; int hroom, troom;
@ -651,6 +717,7 @@ int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,
hroom = LL_RESERVED_SPACE(rt->dst.dev); hroom = LL_RESERVED_SPACE(rt->dst.dev);
if (skb_has_frag_list(skb)) { if (skb_has_frag_list(skb)) {
unsigned int first_len = skb_pagelen(skb); unsigned int first_len = skb_pagelen(skb);
struct ip6_fraglist_iter iter;
struct sk_buff *frag2; struct sk_buff *frag2;
if (first_len - hlen > mtu || if (first_len - hlen > mtu ||
@ -678,74 +745,29 @@ int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,
skb->truesize -= frag->truesize; skb->truesize -= frag->truesize;
} }
err = 0; err = ip6_fraglist_init(skb, hlen, prevhdr, nexthdr, frag_id,
offset = 0; &iter);
/* BUILD HEADER */ if (err < 0)
*prevhdr = NEXTHDR_FRAGMENT;
tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC);
if (!tmp_hdr) {
err = -ENOMEM;
goto fail; goto fail;
}
frag = skb_shinfo(skb)->frag_list;
skb_frag_list_init(skb);
__skb_pull(skb, hlen);
fh = __skb_push(skb, sizeof(struct frag_hdr));
__skb_push(skb, hlen);
skb_reset_network_header(skb);
memcpy(skb_network_header(skb), tmp_hdr, hlen);
fh->nexthdr = nexthdr;
fh->reserved = 0;
fh->frag_off = htons(IP6_MF);
fh->identification = frag_id;
first_len = skb_pagelen(skb);
skb->data_len = first_len - skb_headlen(skb);
skb->len = first_len;
ipv6_hdr(skb)->payload_len = htons(first_len -
sizeof(struct ipv6hdr));
for (;;) { for (;;) {
/* Prepare header of the next frame, /* Prepare header of the next frame,
* before previous one went down. */ * before previous one went down. */
if (frag) { if (iter.frag)
frag->ip_summed = CHECKSUM_NONE; ip6_fraglist_prepare(skb, &iter);
skb_reset_transport_header(frag);
fh = __skb_push(frag, sizeof(struct frag_hdr));
__skb_push(frag, hlen);
skb_reset_network_header(frag);
memcpy(skb_network_header(frag), tmp_hdr,
hlen);
offset += skb->len - hlen - sizeof(struct frag_hdr);
fh->nexthdr = nexthdr;
fh->reserved = 0;
fh->frag_off = htons(offset);
if (frag->next)
fh->frag_off |= htons(IP6_MF);
fh->identification = frag_id;
ipv6_hdr(frag)->payload_len =
htons(frag->len -
sizeof(struct ipv6hdr));
ip6_copy_metadata(frag, skb);
}
err = output(net, sk, skb); err = output(net, sk, skb);
if (!err) if (!err)
IP6_INC_STATS(net, ip6_dst_idev(&rt->dst), IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
IPSTATS_MIB_FRAGCREATES); IPSTATS_MIB_FRAGCREATES);
if (err || !frag) if (err || !iter.frag)
break; break;
skb = frag; skb = ip6_fraglist_next(&iter);
frag = skb->next;
skb_mark_not_on_list(skb);
} }
kfree(tmp_hdr); kfree(iter.tmp_hdr);
if (err == 0) { if (err == 0) {
IP6_INC_STATS(net, ip6_dst_idev(&rt->dst), IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
@ -753,7 +775,7 @@ int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,
return 0; return 0;
} }
kfree_skb_list(frag); kfree_skb_list(iter.frag_list);
IP6_INC_STATS(net, ip6_dst_idev(&rt->dst), IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
IPSTATS_MIB_FRAGFAILS); IPSTATS_MIB_FRAGFAILS);