/*
* Add an ip header to a skbuff and send it out.
*
*/
int ip_build_and_send_pkt(struct sk_buff *skb, struct sock *sk,
__be32 saddr, __be32 daddr, struct ip_options_rcu *opt)
{
struct inet_sock *inet = inet_sk(sk);
struct rtable *rt = skb_rtable(skb);
struct iphdr *iph;
/* Build the IP header. */
skb_push(skb, sizeof(struct iphdr) + (opt ? opt->opt.optlen : 0));
skb_reset_network_header(skb);
iph = ip_hdr(skb);
iph->version = 4;
iph->ihl = 5;
iph->tos = inet->tos;
if (ip_dont_fragment(sk, &rt->dst))
iph->frag_off = htons(IP_DF);
else
iph->frag_off = 0;
iph->ttl = ip_select_ttl(inet, &rt->dst);
iph->daddr = (opt && opt->opt.srr ? opt->opt.faddr : daddr);
iph->saddr = saddr;
iph->protocol = sk->sk_protocol;
ip_select_ident(skb, sk);
if (opt && opt->opt.optlen) {
iph->ihl += opt->opt.optlen>>2;
ip_options_build(skb, &opt->opt, daddr, rt, 0);
}
/*
* Add an ip header to a skbuff and send it out.
*
*/
int ip_build_and_send_pkt(struct sk_buff *skb, struct sock *sk,
u32 saddr, u32 daddr, struct ip_options *opt)
{
struct inet_sock *inet = inet_sk(sk);
struct rtable *rt = (struct rtable *)skb->dst;
struct iphdr *iph;
/* Build the IP header. */
if (opt)
iph=(struct iphdr *)skb_push(skb,sizeof(struct iphdr) + opt->optlen);
else
iph=(struct iphdr *)skb_push(skb,sizeof(struct iphdr));
iph->version = 4;
iph->ihl = 5;
iph->tos = inet->tos;
if (ip_dont_fragment(sk, &rt->u.dst))
iph->frag_off = htons(IP_DF);
else
iph->frag_off = 0;
iph->ttl = ip_select_ttl(inet, &rt->u.dst);
iph->daddr = rt->rt_dst;
iph->saddr = rt->rt_src;
iph->protocol = sk->sk_protocol;
iph->tot_len = htons(skb->len);
ip_select_ident(iph, &rt->u.dst, sk);
skb->nh.iph = iph;
if (opt && opt->optlen) {
iph->ihl += opt->optlen>>2;
ip_options_build(skb, opt, daddr, rt, 0);
}
static inline void dccp_do_pmtu_discovery(struct sock *sk,
const struct iphdr *iph,
u32 mtu)
{
struct dst_entry *dst;
const struct inet_sock *inet = inet_sk(sk);
const struct dccp_sock *dp = dccp_sk(sk);
if (sk->sk_state == DCCP_LISTEN)
return;
if ((dst = __sk_dst_check(sk, 0)) == NULL)
return;
dst->ops->update_pmtu(dst, mtu);
if (mtu < dst_mtu(dst) && ip_dont_fragment(sk, dst))
sk->sk_err_soft = EMSGSIZE;
mtu = dst_mtu(dst);
if (inet->pmtudisc != IP_PMTUDISC_DONT &&
inet_csk(sk)->icsk_pmtu_cookie > mtu) {
dccp_sync_mss(sk, mtu);
dccp_send_sync(sk, dp->dccps_gsr, DCCP_PKT_SYNC);
}
}
/*
* This routine does path mtu discovery as defined in RFC1191.
*/
static inline void dccp_do_pmtu_discovery(struct sock *sk,
const struct iphdr *iph,
u32 mtu)
{
struct dst_entry *dst;
const struct inet_sock *inet = inet_sk(sk);
const struct dccp_sock *dp = dccp_sk(sk);
/* We are not interested in DCCP_LISTEN and request_socks (RESPONSEs
* send out by Linux are always < 576bytes so they should go through
* unfragmented).
*/
if (sk->sk_state == DCCP_LISTEN)
return;
/* We don't check in the destentry if pmtu discovery is forbidden
* on this route. We just assume that no packet_to_big packets
* are send back when pmtu discovery is not active.
* There is a small race when the user changes this flag in the
* route, but I think that's acceptable.
*/
if ((dst = __sk_dst_check(sk, 0)) == NULL)
return;
dst->ops->update_pmtu(dst, mtu);
/* Something is about to be wrong... Remember soft error
* for the case, if this connection will not able to recover.
*/
if (mtu < dst_mtu(dst) && ip_dont_fragment(sk, dst))
sk->sk_err_soft = EMSGSIZE;
mtu = dst_mtu(dst);
if (inet->pmtudisc != IP_PMTUDISC_DONT &&
inet_csk(sk)->icsk_pmtu_cookie > mtu) {
dccp_sync_mss(sk, mtu);
/*
* From RFC 4340, sec. 14.1:
*
* DCCP-Sync packets are the best choice for upward
* probing, since DCCP-Sync probes do not risk application
* data loss.
*/
dccp_send_sync(sk, dp->dccps_gsr, DCCP_PKT_SYNC);
} /* else let the usual retransmit timer handle it */
}
/*
* This routine does path mtu discovery as defined in RFC1191.
*/
static void do_pmtu_discovery(struct sock *sk, struct iphdr *iph, u32 mtu)
{
struct dst_entry *dst;
struct inet_sock *inet = inet_sk(sk);
/* We are not interested in TCP_LISTEN and open_requests (SYN-ACKs
* send out by Linux are always <576bytes so they should go through
* unfragmented).
*/
if (sk->sk_state == TCP_LISTEN)
return;
/* We don't check in the destentry if pmtu discovery is forbidden
* on this route. We just assume that no packet_to_big packets
* are send back when pmtu discovery is not active.
* There is a small race when the user changes this flag in the
* route, but I think that's acceptable.
*/
if ((dst = __sk_dst_check(sk, 0)) == NULL)
return;
dst->ops->update_pmtu(dst, mtu);
/* Something is about to be wrong... Remember soft error
* for the case, if this connection will not able to recover.
*/
if (mtu < dst_mtu(dst) && ip_dont_fragment(sk, dst))
sk->sk_err_soft = EMSGSIZE;
mtu = dst_mtu(dst);
if (inet->pmtudisc != IP_PMTUDISC_DONT &&
inet_csk(sk)->icsk_pmtu_cookie > mtu) {
tcp_sync_mss(sk, mtu);
/* Resend the TCP packet because it's
* clear that the old packet has been
* dropped. This is the new "fast" path mtu
* discovery.
*/
tcp_simple_retransmit(sk);
} /* else let the usual retransmit timer handle it */
}
/*
* This routine does path mtu discovery as defined in RFC1191.
*/
static inline void dccp_do_pmtu_discovery(struct sock *sk,
const struct iphdr *iph,
u32 mtu)
{
struct dst_entry *dst;
const struct inet_sock *inet = inet_sk(sk);
const struct dccp_sock *dp = dccp_sk(sk);
/* We are not interested in DCCP_LISTEN and request_socks (RESPONSEs
* send out by Linux are always < 576bytes so they should go through
* unfragmented).
*/
if (sk->sk_state == DCCP_LISTEN)
return;
dst = inet_csk_update_pmtu(sk, mtu);
if (!dst)
return;
/* Something is about to be wrong... Remember soft error
* for the case, if this connection will not able to recover.
*/
if (mtu < dst_mtu(dst) && ip_dont_fragment(sk, dst))
sk->sk_err_soft = EMSGSIZE;
mtu = dst_mtu(dst);
if (inet->pmtudisc != IP_PMTUDISC_DONT &&
ip_sk_accept_pmtu(sk) &&
inet_csk(sk)->icsk_pmtu_cookie > mtu) {
dccp_sync_mss(sk, mtu);
/*
* From RFC 4340, sec. 14.1:
*
* DCCP-Sync packets are the best choice for upward
* probing, since DCCP-Sync probes do not risk application
* data loss.
*/
dccp_send_sync(sk, dp->dccps_gsr, DCCP_PKT_SYNC);
} /* else let the usual retransmit timer handle it */
}
int serval_ipv4_xmit(struct sk_buff *skb)
{
struct sock *sk = skb->sk;
int err = 0;
#if defined(OS_LINUX_KERNEL)
/*
This is pretty much a copy paste from ip_queue_xmit
(ip_output.c), but which modifications that take into
account Serval specific stuff.
It will route the packet according to the IP stack's routing
table and output for standard IP output processing.
*/
struct iphdr *iph;
struct rtable *rt;
struct inet_sock *inet = inet_sk(sk);
struct ip_options *opt = NULL; /*inet->inet_opt; */
int ifindex;
/*
The SAL has dirtied the control block that IP expects to be
zeroed out.
We need to make sure it is initialized again. Otherwise, there
might be stack corruptions when IP functions try to read the
IPCB. (This happens in, e.g., icmp_send when reading ip options.)
*/
memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
/*
* Skip all of this if the packet is already routed,
*/
rcu_read_lock();
rt = skb_rtable(skb);
if (rt != NULL) {
LOG_PKT("Packet already routed\n");
goto packet_routed;
}
/* Make sure we can route this packet. */
rt = (struct rtable *)__sk_dst_check(sk, 0);
if (skb->dev) {
ifindex = skb->dev->ifindex;
} else {
ifindex = sk->sk_bound_dev_if;
}
if (rt == NULL) {
struct flowi fl;
serval_flow_init_output(&fl, ifindex,
sk->sk_mark,
RT_CONN_FLAGS(sk), 0,
skb->protocol,
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28))
inet_sk_flowi_flags(sk),
#else
0,
#endif
inet->inet_daddr,
inet->inet_saddr,
0, 0);
serval_security_sk_classify_flow(sk, &fl);
rt = serval_ip_route_output_flow(sock_net(sk), &fl, sk, 0);
if (!rt) {
LOG_DBG("No route!\n");
err = -EHOSTUNREACH;
rcu_read_unlock();
goto drop;
}
/* Setup the socket to use this route in the future */
sk_setup_caps(sk, route_dst(rt));
} else {
LOG_PKT("Using route already associated with socket\n");
}
#if defined(ENABLE_DEBUG)
{
char src[18], dst[18];
LOG_PKT("Route found %s -> %s %s\n",
inet_ntop(AF_INET, &rt->rt_src,
src, sizeof(src)),
inet_ntop(AF_INET, &rt->rt_dst,
dst, sizeof(dst)),
route_dst(rt)->dev ?
route_dst(rt)->dev->name : "(null)");
}
#endif
#if (LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35))
skb_dst_set(skb, dst_clone(route_dst(rt)));
#else
skb_dst_set_noref(skb, route_dst(rt));
#endif
packet_routed:
if (opt && opt->is_strictroute && rt->rt_dst != rt->rt_gateway) {
err = -EHOSTUNREACH;
rcu_read_unlock();
LOG_DBG("dest is not gateway!\n");
goto drop;
}
/* OK, we know where to send it, allocate and build IP header. */
skb_push(skb, sizeof(struct iphdr) + (opt ? opt->optlen : 0));
skb_reset_network_header(skb);
iph = ip_hdr(skb);
*((__be16 *)iph) = htons((4 << 12) | (5 << 8) | (inet->tos & 0xff));
if (ip_dont_fragment(sk, route_dst(rt)) && !skb->local_df)
iph->frag_off = htons(IP_DF);
else
iph->frag_off = 0;
iph->ttl = ip_select_ttl(inet, route_dst(rt));
iph->protocol = skb->protocol;
iph->saddr = rt->rt_src;
iph->daddr = rt->rt_dst;
if (opt && opt->optlen) {
LOG_WARN("IP options not implemented\n");
/* For some reason, enabling the code below gives the
* error: "Unknown symbol ip_options_build (err 0)"
* when loading the serval.ko module. Seems the
* ip_options_build function is not exported.
*/
/*
iph->ihl += opt->optlen >> 2;
ip_options_build(skb, opt, inet->inet_daddr, rt, 0);
*/
}
ip_select_ident_more(iph, route_dst(rt), sk,
(skb_shinfo(skb)->gso_segs ?: 1) - 1);
skb->priority = sk->sk_priority;
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25))
skb->mark = sk->sk_mark;
#endif
err = serval_ip_local_out(skb);
rcu_read_unlock();
#else
/*
FIXME: We should not rely on an outgoing interface here.
Instead, we should route the packet like we do in the
kernel. But, we currently do not have an IP routing table
for userlevel.
*/
if (!skb->dev)
skb->dev = __dev_get_by_index(sock_net(sk),
sk->sk_bound_dev_if);
if (!skb->dev) {
LOG_ERR("no output device set in skb!\n");
err = -ENODEV;
goto drop;
}
err = serval_ipv4_fill_in_hdr(sk, skb, inet_sk(sk)->inet_saddr,
inet_sk(sk)->inet_daddr);
if (err < 0) {
LOG_ERR("hdr failed\n");
goto drop;
}
/* Transmit */
err = serval_ip_local_out(skb);
#endif /* OS_LINUX_KERNEL */
out:
if (err < 0) {
LOG_ERR("xmit failed: %d\n", err);
}
return err;
drop:
LOG_DBG("Dropping skb!\n");
FREE_SKB(skb);
goto out;
}
