Blame view
net/ipv4/ip_fragment.c
17.4 KB
1da177e4c
|
1 2 3 4 5 6 |
/* * INET An implementation of the TCP/IP protocol suite for the LINUX * operating system. INET is implemented using the BSD Socket * interface as the means of communication with the user level. * * The IP fragmentation functionality. |
e905a9eda
|
7 |
* |
1da177e4c
|
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
* Version: $Id: ip_fragment.c,v 1.59 2002/01/12 07:54:56 davem Exp $ * * Authors: Fred N. van Kempen <waltje@uWalt.NL.Mugnet.ORG> * Alan Cox <Alan.Cox@linux.org> * * Fixes: * Alan Cox : Split from ip.c , see ip_input.c for history. * David S. Miller : Begin massive cleanup... * Andi Kleen : Add sysctls. * xxxx : Overlapfrag bug. * Ultima : ip_expire() kernel panic. * Bill Hawes : Frag accounting and evictor fixes. * John McDonald : 0 length frag bug. * Alexey Kuznetsov: SMP races, threading, cleanup. * Patrick McHardy : LRU queue of frag heads for evictor. */ |
89cee8b1c
|
24 |
#include <linux/compiler.h> |
1da177e4c
|
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
#include <linux/module.h> #include <linux/types.h> #include <linux/mm.h> #include <linux/jiffies.h> #include <linux/skbuff.h> #include <linux/list.h> #include <linux/ip.h> #include <linux/icmp.h> #include <linux/netdevice.h> #include <linux/jhash.h> #include <linux/random.h> #include <net/sock.h> #include <net/ip.h> #include <net/icmp.h> #include <net/checksum.h> |
89cee8b1c
|
40 |
#include <net/inetpeer.h> |
1da177e4c
|
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
#include <linux/tcp.h> #include <linux/udp.h> #include <linux/inet.h> #include <linux/netfilter_ipv4.h> /* NOTE. Logic of IP defragmentation is parallel to corresponding IPv6 * code now. If you change something here, _PLEASE_ update ipv6/reassembly.c * as well. Or notify me, at least. --ANK */ /* Fragment cache limits. We will commit 256K at one time. Should we * cross that limit we will prune down to 192K. This should cope with * even the most extreme cases without allowing an attacker to measurably * harm machine performance. */ |
ab32ea5d8
|
56 57 |
int sysctl_ipfrag_high_thresh __read_mostly = 256*1024; int sysctl_ipfrag_low_thresh __read_mostly = 192*1024; |
1da177e4c
|
58 |
|
ab32ea5d8
|
59 |
int sysctl_ipfrag_max_dist __read_mostly = 64; |
89cee8b1c
|
60 |
|
1da177e4c
|
61 62 63 |
/* Important NOTE! Fragment queue must be destroyed before MSL expires. * RFC791 is wrong proposing to prolongate timer each fragment arrival by TTL. */ |
ab32ea5d8
|
64 |
int sysctl_ipfrag_time __read_mostly = IP_FRAG_TIME; |
1da177e4c
|
65 66 67 68 69 70 71 72 73 74 75 |
struct ipfrag_skb_cb { struct inet_skb_parm h; int offset; }; #define FRAG_CB(skb) ((struct ipfrag_skb_cb*)((skb)->cb)) /* Describe an entry in the "incomplete datagrams" queue. */ struct ipq { |
e7c8a41e8
|
76 |
struct hlist_node list; |
1da177e4c
|
77 78 |
struct list_head lru_list; /* lru list member */ u32 user; |
182777700
|
79 80 81 |
__be32 saddr; __be32 daddr; __be16 id; |
1da177e4c
|
82 83 84 85 86 87 88 89 90 91 92 93 |
u8 protocol; u8 last_in; #define COMPLETE 4 #define FIRST_IN 2 #define LAST_IN 1 struct sk_buff *fragments; /* linked list of received fragments */ int len; /* total length of original datagram */ int meat; spinlock_t lock; atomic_t refcnt; struct timer_list timer; /* when will this queue expire? */ |
b7aa0bf70
|
94 |
ktime_t stamp; |
89cee8b1c
|
95 96 97 |
int iif; unsigned int rid; struct inet_peer *peer; |
1da177e4c
|
98 99 100 101 102 103 104 |
}; /* Hash table. */ #define IPQ_HASHSZ 64 /* Per-bucket lock is easy to add now. */ |
e7c8a41e8
|
105 |
static struct hlist_head ipq_hash[IPQ_HASHSZ]; |
1da177e4c
|
106 107 108 109 110 111 112 |
static DEFINE_RWLOCK(ipfrag_lock); static u32 ipfrag_hash_rnd; static LIST_HEAD(ipq_lru_list); int ip_frag_nqueues = 0; static __inline__ void __ipq_unlink(struct ipq *qp) { |
e7c8a41e8
|
113 |
hlist_del(&qp->list); |
1da177e4c
|
114 115 116 117 118 119 120 121 122 123 |
list_del(&qp->lru_list); ip_frag_nqueues--; } static __inline__ void ipq_unlink(struct ipq *ipq) { write_lock(&ipfrag_lock); __ipq_unlink(ipq); write_unlock(&ipfrag_lock); } |
182777700
|
124 |
static unsigned int ipqhashfn(__be16 id, __be32 saddr, __be32 daddr, u8 prot) |
1da177e4c
|
125 |
{ |
182777700
|
126 127 |
return jhash_3words((__force u32)id << 16 | prot, (__force u32)saddr, (__force u32)daddr, |
1da177e4c
|
128 129 130 131 |
ipfrag_hash_rnd) & (IPQ_HASHSZ - 1); } static struct timer_list ipfrag_secret_timer; |
ab32ea5d8
|
132 |
int sysctl_ipfrag_secret_interval __read_mostly = 10 * 60 * HZ; |
1da177e4c
|
133 134 135 136 137 138 139 140 141 142 |
static void ipfrag_secret_rebuild(unsigned long dummy) { unsigned long now = jiffies; int i; write_lock(&ipfrag_lock); get_random_bytes(&ipfrag_hash_rnd, sizeof(u32)); for (i = 0; i < IPQ_HASHSZ; i++) { struct ipq *q; |
e7c8a41e8
|
143 |
struct hlist_node *p, *n; |
1da177e4c
|
144 |
|
e7c8a41e8
|
145 |
hlist_for_each_entry_safe(q, p, n, &ipq_hash[i], list) { |
1da177e4c
|
146 147 148 149 |
unsigned int hval = ipqhashfn(q->id, q->saddr, q->daddr, q->protocol); if (hval != i) { |
e7c8a41e8
|
150 |
hlist_del(&q->list); |
1da177e4c
|
151 152 |
/* Relink to new hash chain. */ |
e7c8a41e8
|
153 |
hlist_add_head(&q->list, &ipq_hash[hval]); |
1da177e4c
|
154 |
} |
1da177e4c
|
155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 |
} } write_unlock(&ipfrag_lock); mod_timer(&ipfrag_secret_timer, now + sysctl_ipfrag_secret_interval); } atomic_t ip_frag_mem = ATOMIC_INIT(0); /* Memory used for fragments */ /* Memory Tracking Functions. */ static __inline__ void frag_kfree_skb(struct sk_buff *skb, int *work) { if (work) *work -= skb->truesize; atomic_sub(skb->truesize, &ip_frag_mem); kfree_skb(skb); } static __inline__ void frag_free_queue(struct ipq *qp, int *work) { if (work) *work -= sizeof(struct ipq); atomic_sub(sizeof(struct ipq), &ip_frag_mem); kfree(qp); } static __inline__ struct ipq *frag_alloc_queue(void) { struct ipq *qp = kmalloc(sizeof(struct ipq), GFP_ATOMIC); |
132adf546
|
184 |
if (!qp) |
1da177e4c
|
185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 |
return NULL; atomic_add(sizeof(struct ipq), &ip_frag_mem); return qp; } /* Destruction primitives. */ /* Complete destruction of ipq. */ static void ip_frag_destroy(struct ipq *qp, int *work) { struct sk_buff *fp; BUG_TRAP(qp->last_in&COMPLETE); BUG_TRAP(del_timer(&qp->timer) == 0); |
89cee8b1c
|
200 201 |
if (qp->peer) inet_putpeer(qp->peer); |
1da177e4c
|
202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 |
/* Release all fragment data. */ fp = qp->fragments; while (fp) { struct sk_buff *xp = fp->next; frag_kfree_skb(fp, work); fp = xp; } /* Finally, release the queue descriptor itself. */ frag_free_queue(qp, work); } static __inline__ void ipq_put(struct ipq *ipq, int *work) { if (atomic_dec_and_test(&ipq->refcnt)) ip_frag_destroy(ipq, work); } /* Kill ipq entry. It is not destroyed immediately, * because caller (and someone more) holds reference count. */ static void ipq_kill(struct ipq *ipq) { if (del_timer(&ipq->timer)) atomic_dec(&ipq->refcnt); if (!(ipq->last_in & COMPLETE)) { ipq_unlink(ipq); atomic_dec(&ipq->refcnt); ipq->last_in |= COMPLETE; } } |
e905a9eda
|
235 |
/* Memory limiting on fragments. Evictor trashes the oldest |
1da177e4c
|
236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 |
* fragment queue until we are back under the threshold. */ static void ip_evictor(void) { struct ipq *qp; struct list_head *tmp; int work; work = atomic_read(&ip_frag_mem) - sysctl_ipfrag_low_thresh; if (work <= 0) return; while (work > 0) { read_lock(&ipfrag_lock); if (list_empty(&ipq_lru_list)) { read_unlock(&ipfrag_lock); return; } tmp = ipq_lru_list.next; qp = list_entry(tmp, struct ipq, lru_list); atomic_inc(&qp->refcnt); read_unlock(&ipfrag_lock); spin_lock(&qp->lock); if (!(qp->last_in&COMPLETE)) ipq_kill(qp); spin_unlock(&qp->lock); ipq_put(qp, &work); IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); } } /* * Oops, a fragment queue timed out. Kill it and send an ICMP reply. */ static void ip_expire(unsigned long arg) { struct ipq *qp = (struct ipq *) arg; spin_lock(&qp->lock); if (qp->last_in & COMPLETE) goto out; ipq_kill(qp); IP_INC_STATS_BH(IPSTATS_MIB_REASMTIMEOUT); IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); if ((qp->last_in&FIRST_IN) && qp->fragments != NULL) { struct sk_buff *head = qp->fragments; /* Send an ICMP "Fragment Reassembly Timeout" message. */ if ((head->dev = dev_get_by_index(qp->iif)) != NULL) { icmp_send(head, ICMP_TIME_EXCEEDED, ICMP_EXC_FRAGTIME, 0); dev_put(head->dev); } } out: spin_unlock(&qp->lock); ipq_put(qp, NULL); } /* Creation primitives. */ |
55c0022e5
|
300 |
static struct ipq *ip_frag_intern(struct ipq *qp_in) |
1da177e4c
|
301 302 |
{ struct ipq *qp; |
e7c8a41e8
|
303 304 305 |
#ifdef CONFIG_SMP struct hlist_node *n; #endif |
55c0022e5
|
306 |
unsigned int hash; |
1da177e4c
|
307 |
write_lock(&ipfrag_lock); |
55c0022e5
|
308 309 |
hash = ipqhashfn(qp_in->id, qp_in->saddr, qp_in->daddr, qp_in->protocol); |
1da177e4c
|
310 311 312 313 314 |
#ifdef CONFIG_SMP /* With SMP race we have to recheck hash table, because * such entry could be created on other cpu, while we * promoted read lock to write lock. */ |
e7c8a41e8
|
315 |
hlist_for_each_entry(qp, n, &ipq_hash[hash], list) { |
132adf546
|
316 317 318 319 320 |
if (qp->id == qp_in->id && qp->saddr == qp_in->saddr && qp->daddr == qp_in->daddr && qp->protocol == qp_in->protocol && qp->user == qp_in->user) { |
1da177e4c
|
321 322 323 324 325 326 327 328 329 330 331 332 333 334 |
atomic_inc(&qp->refcnt); write_unlock(&ipfrag_lock); qp_in->last_in |= COMPLETE; ipq_put(qp_in, NULL); return qp; } } #endif qp = qp_in; if (!mod_timer(&qp->timer, jiffies + sysctl_ipfrag_time)) atomic_inc(&qp->refcnt); atomic_inc(&qp->refcnt); |
e7c8a41e8
|
335 |
hlist_add_head(&qp->list, &ipq_hash[hash]); |
1da177e4c
|
336 337 338 339 340 341 342 343 |
INIT_LIST_HEAD(&qp->lru_list); list_add_tail(&qp->lru_list, &ipq_lru_list); ip_frag_nqueues++; write_unlock(&ipfrag_lock); return qp; } /* Add an entry to the 'ipq' queue for a newly received IP datagram. */ |
55c0022e5
|
344 |
static struct ipq *ip_frag_create(struct iphdr *iph, u32 user) |
1da177e4c
|
345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 |
{ struct ipq *qp; if ((qp = frag_alloc_queue()) == NULL) goto out_nomem; qp->protocol = iph->protocol; qp->last_in = 0; qp->id = iph->id; qp->saddr = iph->saddr; qp->daddr = iph->daddr; qp->user = user; qp->len = 0; qp->meat = 0; qp->fragments = NULL; qp->iif = 0; |
89cee8b1c
|
361 |
qp->peer = sysctl_ipfrag_max_dist ? inet_getpeer(iph->saddr, 1) : NULL; |
1da177e4c
|
362 363 364 365 366 367 368 |
/* Initialize a timer for this entry. */ init_timer(&qp->timer); qp->timer.data = (unsigned long) qp; /* pointer to queue */ qp->timer.function = ip_expire; /* expire function */ spin_lock_init(&qp->lock); atomic_set(&qp->refcnt, 1); |
55c0022e5
|
369 |
return ip_frag_intern(qp); |
1da177e4c
|
370 371 |
out_nomem: |
64ce20730
|
372 373 |
LIMIT_NETDEBUG(KERN_ERR "ip_frag_create: no memory left ! "); |
1da177e4c
|
374 375 376 377 378 379 380 381 |
return NULL; } /* Find the correct entry in the "incomplete datagrams" queue for * this IP datagram, and create new one, if nothing is found. */ static inline struct ipq *ip_find(struct iphdr *iph, u32 user) { |
76ab608d8
|
382 |
__be16 id = iph->id; |
182777700
|
383 384 |
__be32 saddr = iph->saddr; __be32 daddr = iph->daddr; |
1da177e4c
|
385 |
__u8 protocol = iph->protocol; |
55c0022e5
|
386 |
unsigned int hash; |
1da177e4c
|
387 |
struct ipq *qp; |
e7c8a41e8
|
388 |
struct hlist_node *n; |
1da177e4c
|
389 390 |
read_lock(&ipfrag_lock); |
55c0022e5
|
391 |
hash = ipqhashfn(id, saddr, daddr, protocol); |
e7c8a41e8
|
392 |
hlist_for_each_entry(qp, n, &ipq_hash[hash], list) { |
132adf546
|
393 394 395 396 397 |
if (qp->id == id && qp->saddr == saddr && qp->daddr == daddr && qp->protocol == protocol && qp->user == user) { |
1da177e4c
|
398 399 400 401 402 403 |
atomic_inc(&qp->refcnt); read_unlock(&ipfrag_lock); return qp; } } read_unlock(&ipfrag_lock); |
55c0022e5
|
404 |
return ip_frag_create(iph, user); |
1da177e4c
|
405 |
} |
89cee8b1c
|
406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 |
/* Is the fragment too far ahead to be part of ipq? */ static inline int ip_frag_too_far(struct ipq *qp) { struct inet_peer *peer = qp->peer; unsigned int max = sysctl_ipfrag_max_dist; unsigned int start, end; int rc; if (!peer || !max) return 0; start = qp->rid; end = atomic_inc_return(&peer->rid); qp->rid = end; rc = qp->fragments && (end - start) > max; if (rc) { IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); } return rc; } static int ip_frag_reinit(struct ipq *qp) { struct sk_buff *fp; if (!mod_timer(&qp->timer, jiffies + sysctl_ipfrag_time)) { atomic_inc(&qp->refcnt); return -ETIMEDOUT; } fp = qp->fragments; do { struct sk_buff *xp = fp->next; frag_kfree_skb(fp, NULL); fp = xp; } while (fp); qp->last_in = 0; qp->len = 0; qp->meat = 0; qp->fragments = NULL; qp->iif = 0; return 0; } |
1da177e4c
|
455 456 457 458 459 460 461 462 463 |
/* Add new segment to existing queue. */ static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb) { struct sk_buff *prev, *next; int flags, offset; int ihl, end; if (qp->last_in & COMPLETE) goto err; |
89cee8b1c
|
464 465 466 467 468 |
if (!(IPCB(skb)->flags & IPSKB_FRAG_COMPLETE) && unlikely(ip_frag_too_far(qp)) && unlikely(ip_frag_reinit(qp))) { ipq_kill(qp); goto err; } |
eddc9ec53
|
469 |
offset = ntohs(ip_hdr(skb)->frag_off); |
1da177e4c
|
470 471 472 |
flags = offset & ~IP_OFFSET; offset &= IP_OFFSET; offset <<= 3; /* offset is in 8-byte chunks */ |
c9bdd4b52
|
473 |
ihl = ip_hdrlen(skb); |
1da177e4c
|
474 475 |
/* Determine the position of this fragment. */ |
e905a9eda
|
476 |
end = offset + skb->len - ihl; |
1da177e4c
|
477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 |
/* Is this the final fragment? */ if ((flags & IP_MF) == 0) { /* If we already have some bits beyond end * or have different end, the segment is corrrupted. */ if (end < qp->len || ((qp->last_in & LAST_IN) && end != qp->len)) goto err; qp->last_in |= LAST_IN; qp->len = end; } else { if (end&7) { end &= ~7; if (skb->ip_summed != CHECKSUM_UNNECESSARY) skb->ip_summed = CHECKSUM_NONE; } if (end > qp->len) { /* Some bits beyond end -> corruption. */ if (qp->last_in & LAST_IN) goto err; qp->len = end; } } if (end == offset) goto err; if (pskb_pull(skb, ihl) == NULL) goto err; |
48bc41a49
|
506 |
if (pskb_trim_rcsum(skb, end-offset)) |
1da177e4c
|
507 508 509 510 511 512 513 |
goto err; /* Find out which fragments are in front and at the back of us * in the chain of fragments so far. We must know where to put * this fragment, right? */ prev = NULL; |
132adf546
|
514 |
for (next = qp->fragments; next != NULL; next = next->next) { |
1da177e4c
|
515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 |
if (FRAG_CB(next)->offset >= offset) break; /* bingo! */ prev = next; } /* We found where to put this one. Check for overlap with * preceding fragment, and, if needed, align things so that * any overlaps are eliminated. */ if (prev) { int i = (FRAG_CB(prev)->offset + prev->len) - offset; if (i > 0) { offset += i; if (end <= offset) goto err; if (!pskb_pull(skb, i)) goto err; if (skb->ip_summed != CHECKSUM_UNNECESSARY) skb->ip_summed = CHECKSUM_NONE; } } while (next && FRAG_CB(next)->offset < end) { int i = end - FRAG_CB(next)->offset; /* overlap is 'i' bytes */ if (i < next->len) { /* Eat head of the next overlapped fragment * and leave the loop. The next ones cannot overlap. */ if (!pskb_pull(next, i)) goto err; FRAG_CB(next)->offset += i; qp->meat -= i; if (next->ip_summed != CHECKSUM_UNNECESSARY) next->ip_summed = CHECKSUM_NONE; break; } else { struct sk_buff *free_it = next; |
47c6bf776
|
554 |
/* Old fragment is completely overridden with |
1da177e4c
|
555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 |
* new one drop it. */ next = next->next; if (prev) prev->next = next; else qp->fragments = next; qp->meat -= free_it->len; frag_kfree_skb(free_it, NULL); } } FRAG_CB(skb)->offset = offset; /* Insert this fragment in the chain of fragments. */ skb->next = next; if (prev) prev->next = skb; else qp->fragments = skb; |
e905a9eda
|
577 578 |
if (skb->dev) qp->iif = skb->dev->ifindex; |
1da177e4c
|
579 |
skb->dev = NULL; |
b7aa0bf70
|
580 |
qp->stamp = skb->tstamp; |
1da177e4c
|
581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 |
qp->meat += skb->len; atomic_add(skb->truesize, &ip_frag_mem); if (offset == 0) qp->last_in |= FIRST_IN; write_lock(&ipfrag_lock); list_move_tail(&qp->lru_list, &ipq_lru_list); write_unlock(&ipfrag_lock); return; err: kfree_skb(skb); } /* Build a new IP datagram from all its fragments. */ static struct sk_buff *ip_frag_reasm(struct ipq *qp, struct net_device *dev) { struct iphdr *iph; struct sk_buff *fp, *head = qp->fragments; int len; int ihlen; ipq_kill(qp); BUG_TRAP(head != NULL); BUG_TRAP(FRAG_CB(head)->offset == 0); /* Allocate a new buffer for the datagram. */ |
c9bdd4b52
|
612 |
ihlen = ip_hdrlen(head); |
1da177e4c
|
613 |
len = ihlen + qp->len; |
132adf546
|
614 |
if (len > 65535) |
1da177e4c
|
615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 |
goto out_oversize; /* Head of list must not be cloned. */ if (skb_cloned(head) && pskb_expand_head(head, 0, 0, GFP_ATOMIC)) goto out_nomem; /* If the first fragment is fragmented itself, we split * it to two chunks: the first with data and paged part * and the second, holding only fragments. */ if (skb_shinfo(head)->frag_list) { struct sk_buff *clone; int i, plen = 0; if ((clone = alloc_skb(0, GFP_ATOMIC)) == NULL) goto out_nomem; clone->next = head->next; head->next = clone; skb_shinfo(clone)->frag_list = skb_shinfo(head)->frag_list; skb_shinfo(head)->frag_list = NULL; for (i=0; i<skb_shinfo(head)->nr_frags; i++) plen += skb_shinfo(head)->frags[i].size; clone->len = clone->data_len = head->data_len - plen; head->data_len -= clone->len; head->len -= clone->len; clone->csum = 0; clone->ip_summed = head->ip_summed; atomic_add(clone->truesize, &ip_frag_mem); } skb_shinfo(head)->frag_list = head->next; |
d56f90a7c
|
645 |
skb_push(head, head->data - skb_network_header(head)); |
1da177e4c
|
646 647 648 649 650 651 652 |
atomic_sub(head->truesize, &ip_frag_mem); for (fp=head->next; fp; fp = fp->next) { head->data_len += fp->len; head->len += fp->len; if (head->ip_summed != fp->ip_summed) head->ip_summed = CHECKSUM_NONE; |
84fa7933a
|
653 |
else if (head->ip_summed == CHECKSUM_COMPLETE) |
1da177e4c
|
654 655 656 657 658 659 660 |
head->csum = csum_add(head->csum, fp->csum); head->truesize += fp->truesize; atomic_sub(fp->truesize, &ip_frag_mem); } head->next = NULL; head->dev = dev; |
b7aa0bf70
|
661 |
head->tstamp = qp->stamp; |
1da177e4c
|
662 |
|
eddc9ec53
|
663 |
iph = ip_hdr(head); |
1da177e4c
|
664 665 666 667 668 669 670 |
iph->frag_off = 0; iph->tot_len = htons(len); IP_INC_STATS_BH(IPSTATS_MIB_REASMOKS); qp->fragments = NULL; return head; out_nomem: |
e905a9eda
|
671 |
LIMIT_NETDEBUG(KERN_ERR "IP: queue_glue: no memory for gluing " |
64ce20730
|
672 673 |
"queue %p ", qp); |
1da177e4c
|
674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 |
goto out_fail; out_oversize: if (net_ratelimit()) printk(KERN_INFO "Oversized IP packet from %d.%d.%d.%d. ", NIPQUAD(qp->saddr)); out_fail: IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); return NULL; } /* Process an incoming IP datagram fragment. */ struct sk_buff *ip_defrag(struct sk_buff *skb, u32 user) { |
1da177e4c
|
689 690 |
struct ipq *qp; struct net_device *dev; |
e905a9eda
|
691 |
|
1da177e4c
|
692 693 694 695 696 697 698 699 700 |
IP_INC_STATS_BH(IPSTATS_MIB_REASMREQDS); /* Start by cleaning up the memory. */ if (atomic_read(&ip_frag_mem) > sysctl_ipfrag_high_thresh) ip_evictor(); dev = skb->dev; /* Lookup (or create) queue header */ |
eddc9ec53
|
701 |
if ((qp = ip_find(ip_hdr(skb), user)) != NULL) { |
1da177e4c
|
702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 |
struct sk_buff *ret = NULL; spin_lock(&qp->lock); ip_frag_queue(qp, skb); if (qp->last_in == (FIRST_IN|LAST_IN) && qp->meat == qp->len) ret = ip_frag_reasm(qp, dev); spin_unlock(&qp->lock); ipq_put(qp, NULL); return ret; } IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); kfree_skb(skb); return NULL; } |
b7aa0bf70
|
721 |
void __init ipfrag_init(void) |
1da177e4c
|
722 723 724 725 726 727 728 729 730 731 732 |
{ ipfrag_hash_rnd = (u32) ((num_physpages ^ (num_physpages>>7)) ^ (jiffies ^ (jiffies >> 6))); init_timer(&ipfrag_secret_timer); ipfrag_secret_timer.function = ipfrag_secret_rebuild; ipfrag_secret_timer.expires = jiffies + sysctl_ipfrag_secret_interval; add_timer(&ipfrag_secret_timer); } EXPORT_SYMBOL(ip_defrag); |