2 * Routines having to do with the 'struct sk_buff' memory handlers.
4 * Authors: Alan Cox <alan@lxorguk.ukuu.org.uk>
5 * Florian La Roche <rzsfl@rz.uni-sb.de>
8 * Alan Cox : Fixed the worst of the load
10 * Dave Platt : Interrupt stacking fix.
11 * Richard Kooijman : Timestamp fixes.
12 * Alan Cox : Changed buffer format.
13 * Alan Cox : destructor hook for AF_UNIX etc.
14 * Linus Torvalds : Better skb_clone.
15 * Alan Cox : Added skb_copy.
16 * Alan Cox : Added all the changed routines Linus
17 * only put in the headers
18 * Ray VanTassle : Fixed --skb->lock in free
19 * Alan Cox : skb_copy copy arp field
20 * Andi Kleen : slabified it.
21 * Robert Olsson : Removed skb_head_pool
24 * The __skb_ routines should be called with interrupts
25 * disabled, or you better be *real* sure that the operation is atomic
26 * with respect to whatever list is being frobbed (e.g. via lock_sock()
27 * or via disabling bottom half handlers, etc).
29 * This program is free software; you can redistribute it and/or
30 * modify it under the terms of the GNU General Public License
31 * as published by the Free Software Foundation; either version
32 * 2 of the License, or (at your option) any later version.
36 * The functions in this file will not compile correctly with gcc 2.4.x
39 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
41 #include <linux/module.h>
42 #include <linux/types.h>
43 #include <linux/kernel.h>
44 #include <linux/kmemcheck.h>
46 #include <linux/interrupt.h>
48 #include <linux/inet.h>
49 #include <linux/slab.h>
50 #include <linux/tcp.h>
51 #include <linux/udp.h>
52 #include <linux/netdevice.h>
53 #ifdef CONFIG_NET_CLS_ACT
54 #include <net/pkt_sched.h>
56 #include <linux/string.h>
57 #include <linux/skbuff.h>
58 #include <linux/splice.h>
59 #include <linux/cache.h>
60 #include <linux/rtnetlink.h>
61 #include <linux/init.h>
62 #include <linux/scatterlist.h>
63 #include <linux/errqueue.h>
64 #include <linux/prefetch.h>
66 #include <net/protocol.h>
69 #include <net/checksum.h>
70 #include <net/ip6_checksum.h>
73 #include <asm/uaccess.h>
74 #include <trace/events/skb.h>
75 #include <linux/highmem.h>
77 struct kmem_cache *skbuff_head_cache __read_mostly;
78 static struct kmem_cache *skbuff_fclone_cache __read_mostly;
81 * skb_panic - private function for out-of-line support
85 * @msg: skb_over_panic or skb_under_panic
87 * Out-of-line support for skb_put() and skb_push().
88 * Called via the wrapper skb_over_panic() or skb_under_panic().
89 * Keep out of line to prevent kernel bloat.
90 * __builtin_return_address is not used because it is not always reliable.
92 static void skb_panic(struct sk_buff *skb, unsigned int sz, void *addr,
95 pr_emerg("%s: text:%p len:%d put:%d head:%p data:%p tail:%#lx end:%#lx dev:%s\n",
96 msg, addr, skb->len, sz, skb->head, skb->data,
97 (unsigned long)skb->tail, (unsigned long)skb->end,
98 skb->dev ? skb->dev->name : "<NULL>");
102 static void skb_over_panic(struct sk_buff *skb, unsigned int sz, void *addr)
104 skb_panic(skb, sz, addr, __func__);
107 static void skb_under_panic(struct sk_buff *skb, unsigned int sz, void *addr)
109 skb_panic(skb, sz, addr, __func__);
113 * kmalloc_reserve is a wrapper around kmalloc_node_track_caller that tells
114 * the caller if emergency pfmemalloc reserves are being used. If it is and
115 * the socket is later found to be SOCK_MEMALLOC then PFMEMALLOC reserves
116 * may be used. Otherwise, the packet data may be discarded until enough
119 #define kmalloc_reserve(size, gfp, node, pfmemalloc) \
120 __kmalloc_reserve(size, gfp, node, _RET_IP_, pfmemalloc)
122 static void *__kmalloc_reserve(size_t size, gfp_t flags, int node,
123 unsigned long ip, bool *pfmemalloc)
126 bool ret_pfmemalloc = false;
129 * Try a regular allocation, when that fails and we're not entitled
130 * to the reserves, fail.
132 obj = kmalloc_node_track_caller(size,
133 flags | __GFP_NOMEMALLOC | __GFP_NOWARN,
135 if (obj || !(gfp_pfmemalloc_allowed(flags)))
138 /* Try again but now we are using pfmemalloc reserves */
139 ret_pfmemalloc = true;
140 obj = kmalloc_node_track_caller(size, flags, node);
144 *pfmemalloc = ret_pfmemalloc;
149 /* Allocate a new skbuff. We do this ourselves so we can fill in a few
150 * 'private' fields and also do memory statistics to find all the
155 struct sk_buff *__alloc_skb_head(gfp_t gfp_mask, int node)
160 skb = kmem_cache_alloc_node(skbuff_head_cache,
161 gfp_mask & ~__GFP_DMA, node);
166 * Only clear those fields we need to clear, not those that we will
167 * actually initialise below. Hence, don't put any more fields after
168 * the tail pointer in struct sk_buff!
170 memset(skb, 0, offsetof(struct sk_buff, tail));
172 skb->truesize = sizeof(struct sk_buff);
173 atomic_set(&skb->users, 1);
175 skb->mac_header = (typeof(skb->mac_header))~0U;
181 * __alloc_skb - allocate a network buffer
182 * @size: size to allocate
183 * @gfp_mask: allocation mask
184 * @flags: If SKB_ALLOC_FCLONE is set, allocate from fclone cache
185 * instead of head cache and allocate a cloned (child) skb.
186 * If SKB_ALLOC_RX is set, __GFP_MEMALLOC will be used for
187 * allocations in case the data is required for writeback
188 * @node: numa node to allocate memory on
190 * Allocate a new &sk_buff. The returned buffer has no headroom and a
191 * tail room of at least size bytes. The object has a reference count
192 * of one. The return is the buffer. On a failure the return is %NULL.
194 * Buffers may only be allocated from interrupts using a @gfp_mask of
197 struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask,
200 struct kmem_cache *cache;
201 struct skb_shared_info *shinfo;
206 cache = (flags & SKB_ALLOC_FCLONE)
207 ? skbuff_fclone_cache : skbuff_head_cache;
209 if (sk_memalloc_socks() && (flags & SKB_ALLOC_RX))
210 gfp_mask |= __GFP_MEMALLOC;
213 skb = kmem_cache_alloc_node(cache, gfp_mask & ~__GFP_DMA, node);
218 /* We do our best to align skb_shared_info on a separate cache
219 * line. It usually works because kmalloc(X > SMP_CACHE_BYTES) gives
220 * aligned memory blocks, unless SLUB/SLAB debug is enabled.
221 * Both skb->head and skb_shared_info are cache line aligned.
223 size = SKB_DATA_ALIGN(size);
224 size += SKB_DATA_ALIGN(sizeof(struct skb_shared_info));
225 data = kmalloc_reserve(size, gfp_mask, node, &pfmemalloc);
228 /* kmalloc(size) might give us more room than requested.
229 * Put skb_shared_info exactly at the end of allocated zone,
230 * to allow max possible filling before reallocation.
232 size = SKB_WITH_OVERHEAD(ksize(data));
233 prefetchw(data + size);
236 * Only clear those fields we need to clear, not those that we will
237 * actually initialise below. Hence, don't put any more fields after
238 * the tail pointer in struct sk_buff!
240 memset(skb, 0, offsetof(struct sk_buff, tail));
241 /* Account for allocated memory : skb + skb->head */
242 skb->truesize = SKB_TRUESIZE(size);
243 skb->pfmemalloc = pfmemalloc;
244 atomic_set(&skb->users, 1);
247 skb_reset_tail_pointer(skb);
248 skb->end = skb->tail + size;
249 skb->mac_header = (typeof(skb->mac_header))~0U;
250 skb->transport_header = (typeof(skb->transport_header))~0U;
252 /* make sure we initialize shinfo sequentially */
253 shinfo = skb_shinfo(skb);
254 memset(shinfo, 0, offsetof(struct skb_shared_info, dataref));
255 atomic_set(&shinfo->dataref, 1);
256 kmemcheck_annotate_variable(shinfo->destructor_arg);
258 if (flags & SKB_ALLOC_FCLONE) {
259 struct sk_buff *child = skb + 1;
260 atomic_t *fclone_ref = (atomic_t *) (child + 1);
262 kmemcheck_annotate_bitfield(child, flags1);
263 kmemcheck_annotate_bitfield(child, flags2);
264 skb->fclone = SKB_FCLONE_ORIG;
265 atomic_set(fclone_ref, 1);
267 child->fclone = SKB_FCLONE_UNAVAILABLE;
268 child->pfmemalloc = pfmemalloc;
273 kmem_cache_free(cache, skb);
277 EXPORT_SYMBOL(__alloc_skb);
280 * build_skb - build a network buffer
281 * @data: data buffer provided by caller
282 * @frag_size: size of fragment, or 0 if head was kmalloced
284 * Allocate a new &sk_buff. Caller provides space holding head and
285 * skb_shared_info. @data must have been allocated by kmalloc() only if
286 * @frag_size is 0, otherwise data should come from the page allocator.
287 * The return is the new skb buffer.
288 * On a failure the return is %NULL, and @data is not freed.
290 * Before IO, driver allocates only data buffer where NIC put incoming frame
291 * Driver should add room at head (NET_SKB_PAD) and
292 * MUST add room at tail (SKB_DATA_ALIGN(skb_shared_info))
293 * After IO, driver calls build_skb(), to allocate sk_buff and populate it
294 * before giving packet to stack.
295 * RX rings only contains data buffers, not full skbs.
297 struct sk_buff *build_skb(void *data, unsigned int frag_size)
299 struct skb_shared_info *shinfo;
301 unsigned int size = frag_size ? : ksize(data);
303 skb = kmem_cache_alloc(skbuff_head_cache, GFP_ATOMIC);
307 size -= SKB_DATA_ALIGN(sizeof(struct skb_shared_info));
309 memset(skb, 0, offsetof(struct sk_buff, tail));
310 skb->truesize = SKB_TRUESIZE(size);
311 skb->head_frag = frag_size != 0;
312 atomic_set(&skb->users, 1);
315 skb_reset_tail_pointer(skb);
316 skb->end = skb->tail + size;
317 skb->mac_header = (typeof(skb->mac_header))~0U;
318 skb->transport_header = (typeof(skb->transport_header))~0U;
320 /* make sure we initialize shinfo sequentially */
321 shinfo = skb_shinfo(skb);
322 memset(shinfo, 0, offsetof(struct skb_shared_info, dataref));
323 atomic_set(&shinfo->dataref, 1);
324 kmemcheck_annotate_variable(shinfo->destructor_arg);
328 EXPORT_SYMBOL(build_skb);
330 struct netdev_alloc_cache {
331 struct page_frag frag;
332 /* we maintain a pagecount bias, so that we dont dirty cache line
333 * containing page->_count every time we allocate a fragment.
335 unsigned int pagecnt_bias;
337 static DEFINE_PER_CPU(struct netdev_alloc_cache, netdev_alloc_cache);
339 static void *__netdev_alloc_frag(unsigned int fragsz, gfp_t gfp_mask)
341 struct netdev_alloc_cache *nc;
346 local_irq_save(flags);
347 nc = &__get_cpu_var(netdev_alloc_cache);
348 if (unlikely(!nc->frag.page)) {
350 for (order = NETDEV_FRAG_PAGE_MAX_ORDER; ;) {
351 gfp_t gfp = gfp_mask;
354 gfp |= __GFP_COMP | __GFP_NOWARN;
355 nc->frag.page = alloc_pages(gfp, order);
356 if (likely(nc->frag.page))
361 nc->frag.size = PAGE_SIZE << order;
363 atomic_set(&nc->frag.page->_count, NETDEV_PAGECNT_MAX_BIAS);
364 nc->pagecnt_bias = NETDEV_PAGECNT_MAX_BIAS;
368 if (nc->frag.offset + fragsz > nc->frag.size) {
369 /* avoid unnecessary locked operations if possible */
370 if ((atomic_read(&nc->frag.page->_count) == nc->pagecnt_bias) ||
371 atomic_sub_and_test(nc->pagecnt_bias, &nc->frag.page->_count))
376 data = page_address(nc->frag.page) + nc->frag.offset;
377 nc->frag.offset += fragsz;
380 local_irq_restore(flags);
385 * netdev_alloc_frag - allocate a page fragment
386 * @fragsz: fragment size
388 * Allocates a frag from a page for receive buffer.
389 * Uses GFP_ATOMIC allocations.
391 void *netdev_alloc_frag(unsigned int fragsz)
393 return __netdev_alloc_frag(fragsz, GFP_ATOMIC | __GFP_COLD);
395 EXPORT_SYMBOL(netdev_alloc_frag);
398 * __netdev_alloc_skb - allocate an skbuff for rx on a specific device
399 * @dev: network device to receive on
400 * @length: length to allocate
401 * @gfp_mask: get_free_pages mask, passed to alloc_skb
403 * Allocate a new &sk_buff and assign it a usage count of one. The
404 * buffer has unspecified headroom built in. Users should allocate
405 * the headroom they think they need without accounting for the
406 * built in space. The built in space is used for optimisations.
408 * %NULL is returned if there is no free memory.
410 struct sk_buff *__netdev_alloc_skb(struct net_device *dev,
411 unsigned int length, gfp_t gfp_mask)
413 struct sk_buff *skb = NULL;
414 unsigned int fragsz = SKB_DATA_ALIGN(length + NET_SKB_PAD) +
415 SKB_DATA_ALIGN(sizeof(struct skb_shared_info));
417 if (fragsz <= PAGE_SIZE && !(gfp_mask & (__GFP_WAIT | GFP_DMA))) {
420 if (sk_memalloc_socks())
421 gfp_mask |= __GFP_MEMALLOC;
423 data = __netdev_alloc_frag(fragsz, gfp_mask);
426 skb = build_skb(data, fragsz);
428 put_page(virt_to_head_page(data));
431 skb = __alloc_skb(length + NET_SKB_PAD, gfp_mask,
432 SKB_ALLOC_RX, NUMA_NO_NODE);
435 skb_reserve(skb, NET_SKB_PAD);
440 EXPORT_SYMBOL(__netdev_alloc_skb);
442 void skb_add_rx_frag(struct sk_buff *skb, int i, struct page *page, int off,
443 int size, unsigned int truesize)
445 skb_fill_page_desc(skb, i, page, off, size);
447 skb->data_len += size;
448 skb->truesize += truesize;
450 EXPORT_SYMBOL(skb_add_rx_frag);
452 void skb_coalesce_rx_frag(struct sk_buff *skb, int i, int size,
453 unsigned int truesize)
455 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
457 skb_frag_size_add(frag, size);
459 skb->data_len += size;
460 skb->truesize += truesize;
462 EXPORT_SYMBOL(skb_coalesce_rx_frag);
464 static void skb_drop_list(struct sk_buff **listp)
466 kfree_skb_list(*listp);
470 static inline void skb_drop_fraglist(struct sk_buff *skb)
472 skb_drop_list(&skb_shinfo(skb)->frag_list);
475 static void skb_clone_fraglist(struct sk_buff *skb)
477 struct sk_buff *list;
479 skb_walk_frags(skb, list)
483 static void skb_free_head(struct sk_buff *skb)
486 put_page(virt_to_head_page(skb->head));
491 static void skb_release_data(struct sk_buff *skb)
494 !atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1,
495 &skb_shinfo(skb)->dataref)) {
496 if (skb_shinfo(skb)->nr_frags) {
498 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
499 skb_frag_unref(skb, i);
503 * If skb buf is from userspace, we need to notify the caller
504 * the lower device DMA has done;
506 if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) {
507 struct ubuf_info *uarg;
509 uarg = skb_shinfo(skb)->destructor_arg;
511 uarg->callback(uarg, true);
514 if (skb_has_frag_list(skb))
515 skb_drop_fraglist(skb);
522 * Free an skbuff by memory without cleaning the state.
524 static void kfree_skbmem(struct sk_buff *skb)
526 struct sk_buff *other;
527 atomic_t *fclone_ref;
529 switch (skb->fclone) {
530 case SKB_FCLONE_UNAVAILABLE:
531 kmem_cache_free(skbuff_head_cache, skb);
534 case SKB_FCLONE_ORIG:
535 fclone_ref = (atomic_t *) (skb + 2);
536 if (atomic_dec_and_test(fclone_ref))
537 kmem_cache_free(skbuff_fclone_cache, skb);
540 case SKB_FCLONE_CLONE:
541 fclone_ref = (atomic_t *) (skb + 1);
544 /* The clone portion is available for
545 * fast-cloning again.
547 skb->fclone = SKB_FCLONE_UNAVAILABLE;
549 if (atomic_dec_and_test(fclone_ref))
550 kmem_cache_free(skbuff_fclone_cache, other);
555 static void skb_release_head_state(struct sk_buff *skb)
559 secpath_put(skb->sp);
561 if (skb->destructor) {
563 skb->destructor(skb);
565 #if IS_ENABLED(CONFIG_NF_CONNTRACK)
566 nf_conntrack_put(skb->nfct);
568 #ifdef CONFIG_BRIDGE_NETFILTER
569 nf_bridge_put(skb->nf_bridge);
571 /* XXX: IS this still necessary? - JHS */
572 #ifdef CONFIG_NET_SCHED
574 #ifdef CONFIG_NET_CLS_ACT
580 /* Free everything but the sk_buff shell. */
581 static void skb_release_all(struct sk_buff *skb)
583 skb_release_head_state(skb);
584 if (likely(skb->head))
585 skb_release_data(skb);
589 * __kfree_skb - private function
592 * Free an sk_buff. Release anything attached to the buffer.
593 * Clean the state. This is an internal helper function. Users should
594 * always call kfree_skb
597 void __kfree_skb(struct sk_buff *skb)
599 skb_release_all(skb);
602 EXPORT_SYMBOL(__kfree_skb);
605 * kfree_skb - free an sk_buff
606 * @skb: buffer to free
608 * Drop a reference to the buffer and free it if the usage count has
611 void kfree_skb(struct sk_buff *skb)
615 if (likely(atomic_read(&skb->users) == 1))
617 else if (likely(!atomic_dec_and_test(&skb->users)))
619 trace_kfree_skb(skb, __builtin_return_address(0));
622 EXPORT_SYMBOL(kfree_skb);
624 void kfree_skb_list(struct sk_buff *segs)
627 struct sk_buff *next = segs->next;
633 EXPORT_SYMBOL(kfree_skb_list);
636 * skb_tx_error - report an sk_buff xmit error
637 * @skb: buffer that triggered an error
639 * Report xmit error if a device callback is tracking this skb.
640 * skb must be freed afterwards.
642 void skb_tx_error(struct sk_buff *skb)
644 if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) {
645 struct ubuf_info *uarg;
647 uarg = skb_shinfo(skb)->destructor_arg;
649 uarg->callback(uarg, false);
650 skb_shinfo(skb)->tx_flags &= ~SKBTX_DEV_ZEROCOPY;
653 EXPORT_SYMBOL(skb_tx_error);
656 * consume_skb - free an skbuff
657 * @skb: buffer to free
659 * Drop a ref to the buffer and free it if the usage count has hit zero
660 * Functions identically to kfree_skb, but kfree_skb assumes that the frame
661 * is being dropped after a failure and notes that
663 void consume_skb(struct sk_buff *skb)
667 if (likely(atomic_read(&skb->users) == 1))
669 else if (likely(!atomic_dec_and_test(&skb->users)))
671 trace_consume_skb(skb);
674 EXPORT_SYMBOL(consume_skb);
676 static void __copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
678 new->tstamp = old->tstamp;
680 new->transport_header = old->transport_header;
681 new->network_header = old->network_header;
682 new->mac_header = old->mac_header;
683 new->inner_protocol = old->inner_protocol;
684 new->inner_transport_header = old->inner_transport_header;
685 new->inner_network_header = old->inner_network_header;
686 new->inner_mac_header = old->inner_mac_header;
687 skb_dst_copy(new, old);
688 skb_copy_hash(new, old);
689 new->ooo_okay = old->ooo_okay;
690 new->no_fcs = old->no_fcs;
691 new->encapsulation = old->encapsulation;
693 new->sp = secpath_get(old->sp);
695 memcpy(new->cb, old->cb, sizeof(old->cb));
696 new->csum = old->csum;
697 new->local_df = old->local_df;
698 new->pkt_type = old->pkt_type;
699 new->ip_summed = old->ip_summed;
700 skb_copy_queue_mapping(new, old);
701 new->priority = old->priority;
702 #if IS_ENABLED(CONFIG_IP_VS)
703 new->ipvs_property = old->ipvs_property;
705 new->pfmemalloc = old->pfmemalloc;
706 new->protocol = old->protocol;
707 new->mark = old->mark;
708 new->skb_iif = old->skb_iif;
710 #if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
711 new->nf_trace = old->nf_trace;
713 #ifdef CONFIG_NET_SCHED
714 new->tc_index = old->tc_index;
715 #ifdef CONFIG_NET_CLS_ACT
716 new->tc_verd = old->tc_verd;
719 new->vlan_proto = old->vlan_proto;
720 new->vlan_tci = old->vlan_tci;
722 skb_copy_secmark(new, old);
724 #ifdef CONFIG_NET_RX_BUSY_POLL
725 new->napi_id = old->napi_id;
730 * You should not add any new code to this function. Add it to
731 * __copy_skb_header above instead.
733 static struct sk_buff *__skb_clone(struct sk_buff *n, struct sk_buff *skb)
735 #define C(x) n->x = skb->x
737 n->next = n->prev = NULL;
739 __copy_skb_header(n, skb);
744 n->hdr_len = skb->nohdr ? skb_headroom(skb) : skb->hdr_len;
747 n->destructor = NULL;
754 atomic_set(&n->users, 1);
756 atomic_inc(&(skb_shinfo(skb)->dataref));
764 * skb_morph - morph one skb into another
765 * @dst: the skb to receive the contents
766 * @src: the skb to supply the contents
768 * This is identical to skb_clone except that the target skb is
769 * supplied by the user.
771 * The target skb is returned upon exit.
773 struct sk_buff *skb_morph(struct sk_buff *dst, struct sk_buff *src)
775 skb_release_all(dst);
776 return __skb_clone(dst, src);
778 EXPORT_SYMBOL_GPL(skb_morph);
781 * skb_copy_ubufs - copy userspace skb frags buffers to kernel
782 * @skb: the skb to modify
783 * @gfp_mask: allocation priority
785 * This must be called on SKBTX_DEV_ZEROCOPY skb.
786 * It will copy all frags into kernel and drop the reference
787 * to userspace pages.
789 * If this function is called from an interrupt gfp_mask() must be
792 * Returns 0 on success or a negative error code on failure
793 * to allocate kernel memory to copy to.
795 int skb_copy_ubufs(struct sk_buff *skb, gfp_t gfp_mask)
798 int num_frags = skb_shinfo(skb)->nr_frags;
799 struct page *page, *head = NULL;
800 struct ubuf_info *uarg = skb_shinfo(skb)->destructor_arg;
802 for (i = 0; i < num_frags; i++) {
804 skb_frag_t *f = &skb_shinfo(skb)->frags[i];
806 page = alloc_page(gfp_mask);
809 struct page *next = (struct page *)page_private(head);
815 vaddr = kmap_atomic(skb_frag_page(f));
816 memcpy(page_address(page),
817 vaddr + f->page_offset, skb_frag_size(f));
818 kunmap_atomic(vaddr);
819 set_page_private(page, (unsigned long)head);
823 /* skb frags release userspace buffers */
824 for (i = 0; i < num_frags; i++)
825 skb_frag_unref(skb, i);
827 uarg->callback(uarg, false);
829 /* skb frags point to kernel buffers */
830 for (i = num_frags - 1; i >= 0; i--) {
831 __skb_fill_page_desc(skb, i, head, 0,
832 skb_shinfo(skb)->frags[i].size);
833 head = (struct page *)page_private(head);
836 skb_shinfo(skb)->tx_flags &= ~SKBTX_DEV_ZEROCOPY;
839 EXPORT_SYMBOL_GPL(skb_copy_ubufs);
842 * skb_clone - duplicate an sk_buff
843 * @skb: buffer to clone
844 * @gfp_mask: allocation priority
846 * Duplicate an &sk_buff. The new one is not owned by a socket. Both
847 * copies share the same packet data but not structure. The new
848 * buffer has a reference count of 1. If the allocation fails the
849 * function returns %NULL otherwise the new buffer is returned.
851 * If this function is called from an interrupt gfp_mask() must be
855 struct sk_buff *skb_clone(struct sk_buff *skb, gfp_t gfp_mask)
859 if (skb_orphan_frags(skb, gfp_mask))
863 if (skb->fclone == SKB_FCLONE_ORIG &&
864 n->fclone == SKB_FCLONE_UNAVAILABLE) {
865 atomic_t *fclone_ref = (atomic_t *) (n + 1);
866 n->fclone = SKB_FCLONE_CLONE;
867 atomic_inc(fclone_ref);
869 if (skb_pfmemalloc(skb))
870 gfp_mask |= __GFP_MEMALLOC;
872 n = kmem_cache_alloc(skbuff_head_cache, gfp_mask);
876 kmemcheck_annotate_bitfield(n, flags1);
877 kmemcheck_annotate_bitfield(n, flags2);
878 n->fclone = SKB_FCLONE_UNAVAILABLE;
881 return __skb_clone(n, skb);
883 EXPORT_SYMBOL(skb_clone);
885 static void skb_headers_offset_update(struct sk_buff *skb, int off)
887 /* Only adjust this if it actually is csum_start rather than csum */
888 if (skb->ip_summed == CHECKSUM_PARTIAL)
889 skb->csum_start += off;
890 /* {transport,network,mac}_header and tail are relative to skb->head */
891 skb->transport_header += off;
892 skb->network_header += off;
893 if (skb_mac_header_was_set(skb))
894 skb->mac_header += off;
895 skb->inner_transport_header += off;
896 skb->inner_network_header += off;
897 skb->inner_mac_header += off;
900 static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
902 __copy_skb_header(new, old);
904 skb_shinfo(new)->gso_size = skb_shinfo(old)->gso_size;
905 skb_shinfo(new)->gso_segs = skb_shinfo(old)->gso_segs;
906 skb_shinfo(new)->gso_type = skb_shinfo(old)->gso_type;
909 static inline int skb_alloc_rx_flag(const struct sk_buff *skb)
911 if (skb_pfmemalloc(skb))
917 * skb_copy - create private copy of an sk_buff
918 * @skb: buffer to copy
919 * @gfp_mask: allocation priority
921 * Make a copy of both an &sk_buff and its data. This is used when the
922 * caller wishes to modify the data and needs a private copy of the
923 * data to alter. Returns %NULL on failure or the pointer to the buffer
924 * on success. The returned buffer has a reference count of 1.
926 * As by-product this function converts non-linear &sk_buff to linear
927 * one, so that &sk_buff becomes completely private and caller is allowed
928 * to modify all the data of returned buffer. This means that this
929 * function is not recommended for use in circumstances when only
930 * header is going to be modified. Use pskb_copy() instead.
933 struct sk_buff *skb_copy(const struct sk_buff *skb, gfp_t gfp_mask)
935 int headerlen = skb_headroom(skb);
936 unsigned int size = skb_end_offset(skb) + skb->data_len;
937 struct sk_buff *n = __alloc_skb(size, gfp_mask,
938 skb_alloc_rx_flag(skb), NUMA_NO_NODE);
943 /* Set the data pointer */
944 skb_reserve(n, headerlen);
945 /* Set the tail pointer and length */
946 skb_put(n, skb->len);
948 if (skb_copy_bits(skb, -headerlen, n->head, headerlen + skb->len))
951 copy_skb_header(n, skb);
954 EXPORT_SYMBOL(skb_copy);
957 * __pskb_copy - create copy of an sk_buff with private head.
958 * @skb: buffer to copy
959 * @headroom: headroom of new skb
960 * @gfp_mask: allocation priority
962 * Make a copy of both an &sk_buff and part of its data, located
963 * in header. Fragmented data remain shared. This is used when
964 * the caller wishes to modify only header of &sk_buff and needs
965 * private copy of the header to alter. Returns %NULL on failure
966 * or the pointer to the buffer on success.
967 * The returned buffer has a reference count of 1.
970 struct sk_buff *__pskb_copy(struct sk_buff *skb, int headroom, gfp_t gfp_mask)
972 unsigned int size = skb_headlen(skb) + headroom;
973 struct sk_buff *n = __alloc_skb(size, gfp_mask,
974 skb_alloc_rx_flag(skb), NUMA_NO_NODE);
979 /* Set the data pointer */
980 skb_reserve(n, headroom);
981 /* Set the tail pointer and length */
982 skb_put(n, skb_headlen(skb));
984 skb_copy_from_linear_data(skb, n->data, n->len);
986 n->truesize += skb->data_len;
987 n->data_len = skb->data_len;
990 if (skb_shinfo(skb)->nr_frags) {
993 if (skb_orphan_frags(skb, gfp_mask)) {
998 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
999 skb_shinfo(n)->frags[i] = skb_shinfo(skb)->frags[i];
1000 skb_frag_ref(skb, i);
1002 skb_shinfo(n)->nr_frags = i;
1005 if (skb_has_frag_list(skb)) {
1006 skb_shinfo(n)->frag_list = skb_shinfo(skb)->frag_list;
1007 skb_clone_fraglist(n);
1010 copy_skb_header(n, skb);
1014 EXPORT_SYMBOL(__pskb_copy);
1017 * pskb_expand_head - reallocate header of &sk_buff
1018 * @skb: buffer to reallocate
1019 * @nhead: room to add at head
1020 * @ntail: room to add at tail
1021 * @gfp_mask: allocation priority
1023 * Expands (or creates identical copy, if @nhead and @ntail are zero)
1024 * header of @skb. &sk_buff itself is not changed. &sk_buff MUST have
1025 * reference count of 1. Returns zero in the case of success or error,
1026 * if expansion failed. In the last case, &sk_buff is not changed.
1028 * All the pointers pointing into skb header may change and must be
1029 * reloaded after call to this function.
1032 int pskb_expand_head(struct sk_buff *skb, int nhead, int ntail,
1037 int size = nhead + skb_end_offset(skb) + ntail;
1042 if (skb_shared(skb))
1045 size = SKB_DATA_ALIGN(size);
1047 if (skb_pfmemalloc(skb))
1048 gfp_mask |= __GFP_MEMALLOC;
1049 data = kmalloc_reserve(size + SKB_DATA_ALIGN(sizeof(struct skb_shared_info)),
1050 gfp_mask, NUMA_NO_NODE, NULL);
1053 size = SKB_WITH_OVERHEAD(ksize(data));
1055 /* Copy only real data... and, alas, header. This should be
1056 * optimized for the cases when header is void.
1058 memcpy(data + nhead, skb->head, skb_tail_pointer(skb) - skb->head);
1060 memcpy((struct skb_shared_info *)(data + size),
1062 offsetof(struct skb_shared_info, frags[skb_shinfo(skb)->nr_frags]));
1065 * if shinfo is shared we must drop the old head gracefully, but if it
1066 * is not we can just drop the old head and let the existing refcount
1067 * be since all we did is relocate the values
1069 if (skb_cloned(skb)) {
1070 /* copy this zero copy skb frags */
1071 if (skb_orphan_frags(skb, gfp_mask))
1073 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
1074 skb_frag_ref(skb, i);
1076 if (skb_has_frag_list(skb))
1077 skb_clone_fraglist(skb);
1079 skb_release_data(skb);
1083 off = (data + nhead) - skb->head;
1088 #ifdef NET_SKBUFF_DATA_USES_OFFSET
1092 skb->end = skb->head + size;
1095 skb_headers_offset_update(skb, nhead);
1099 atomic_set(&skb_shinfo(skb)->dataref, 1);
1107 EXPORT_SYMBOL(pskb_expand_head);
1109 /* Make private copy of skb with writable head and some headroom */
1111 struct sk_buff *skb_realloc_headroom(struct sk_buff *skb, unsigned int headroom)
1113 struct sk_buff *skb2;
1114 int delta = headroom - skb_headroom(skb);
1117 skb2 = pskb_copy(skb, GFP_ATOMIC);
1119 skb2 = skb_clone(skb, GFP_ATOMIC);
1120 if (skb2 && pskb_expand_head(skb2, SKB_DATA_ALIGN(delta), 0,
1128 EXPORT_SYMBOL(skb_realloc_headroom);
1131 * skb_copy_expand - copy and expand sk_buff
1132 * @skb: buffer to copy
1133 * @newheadroom: new free bytes at head
1134 * @newtailroom: new free bytes at tail
1135 * @gfp_mask: allocation priority
1137 * Make a copy of both an &sk_buff and its data and while doing so
1138 * allocate additional space.
1140 * This is used when the caller wishes to modify the data and needs a
1141 * private copy of the data to alter as well as more space for new fields.
1142 * Returns %NULL on failure or the pointer to the buffer
1143 * on success. The returned buffer has a reference count of 1.
1145 * You must pass %GFP_ATOMIC as the allocation priority if this function
1146 * is called from an interrupt.
1148 struct sk_buff *skb_copy_expand(const struct sk_buff *skb,
1149 int newheadroom, int newtailroom,
1153 * Allocate the copy buffer
1155 struct sk_buff *n = __alloc_skb(newheadroom + skb->len + newtailroom,
1156 gfp_mask, skb_alloc_rx_flag(skb),
1158 int oldheadroom = skb_headroom(skb);
1159 int head_copy_len, head_copy_off;
1164 skb_reserve(n, newheadroom);
1166 /* Set the tail pointer and length */
1167 skb_put(n, skb->len);
1169 head_copy_len = oldheadroom;
1171 if (newheadroom <= head_copy_len)
1172 head_copy_len = newheadroom;
1174 head_copy_off = newheadroom - head_copy_len;
1176 /* Copy the linear header and data. */
1177 if (skb_copy_bits(skb, -head_copy_len, n->head + head_copy_off,
1178 skb->len + head_copy_len))
1181 copy_skb_header(n, skb);
1183 skb_headers_offset_update(n, newheadroom - oldheadroom);
1187 EXPORT_SYMBOL(skb_copy_expand);
1190 * skb_pad - zero pad the tail of an skb
1191 * @skb: buffer to pad
1192 * @pad: space to pad
1194 * Ensure that a buffer is followed by a padding area that is zero
1195 * filled. Used by network drivers which may DMA or transfer data
1196 * beyond the buffer end onto the wire.
1198 * May return error in out of memory cases. The skb is freed on error.
1201 int skb_pad(struct sk_buff *skb, int pad)
1206 /* If the skbuff is non linear tailroom is always zero.. */
1207 if (!skb_cloned(skb) && skb_tailroom(skb) >= pad) {
1208 memset(skb->data+skb->len, 0, pad);
1212 ntail = skb->data_len + pad - (skb->end - skb->tail);
1213 if (likely(skb_cloned(skb) || ntail > 0)) {
1214 err = pskb_expand_head(skb, 0, ntail, GFP_ATOMIC);
1219 /* FIXME: The use of this function with non-linear skb's really needs
1222 err = skb_linearize(skb);
1226 memset(skb->data + skb->len, 0, pad);
1233 EXPORT_SYMBOL(skb_pad);
1236 * pskb_put - add data to the tail of a potentially fragmented buffer
1237 * @skb: start of the buffer to use
1238 * @tail: tail fragment of the buffer to use
1239 * @len: amount of data to add
1241 * This function extends the used data area of the potentially
1242 * fragmented buffer. @tail must be the last fragment of @skb -- or
1243 * @skb itself. If this would exceed the total buffer size the kernel
1244 * will panic. A pointer to the first byte of the extra data is
1248 unsigned char *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len)
1251 skb->data_len += len;
1254 return skb_put(tail, len);
1256 EXPORT_SYMBOL_GPL(pskb_put);
1259 * skb_put - add data to a buffer
1260 * @skb: buffer to use
1261 * @len: amount of data to add
1263 * This function extends the used data area of the buffer. If this would
1264 * exceed the total buffer size the kernel will panic. A pointer to the
1265 * first byte of the extra data is returned.
1267 unsigned char *skb_put(struct sk_buff *skb, unsigned int len)
1269 unsigned char *tmp = skb_tail_pointer(skb);
1270 SKB_LINEAR_ASSERT(skb);
1273 if (unlikely(skb->tail > skb->end))
1274 skb_over_panic(skb, len, __builtin_return_address(0));
1277 EXPORT_SYMBOL(skb_put);
1280 * skb_push - add data to the start of a buffer
1281 * @skb: buffer to use
1282 * @len: amount of data to add
1284 * This function extends the used data area of the buffer at the buffer
1285 * start. If this would exceed the total buffer headroom the kernel will
1286 * panic. A pointer to the first byte of the extra data is returned.
1288 unsigned char *skb_push(struct sk_buff *skb, unsigned int len)
1292 if (unlikely(skb->data<skb->head))
1293 skb_under_panic(skb, len, __builtin_return_address(0));
1296 EXPORT_SYMBOL(skb_push);
1299 * skb_pull - remove data from the start of a buffer
1300 * @skb: buffer to use
1301 * @len: amount of data to remove
1303 * This function removes data from the start of a buffer, returning
1304 * the memory to the headroom. A pointer to the next data in the buffer
1305 * is returned. Once the data has been pulled future pushes will overwrite
1308 unsigned char *skb_pull(struct sk_buff *skb, unsigned int len)
1310 return skb_pull_inline(skb, len);
1312 EXPORT_SYMBOL(skb_pull);
1315 * skb_trim - remove end from a buffer
1316 * @skb: buffer to alter
1319 * Cut the length of a buffer down by removing data from the tail. If
1320 * the buffer is already under the length specified it is not modified.
1321 * The skb must be linear.
1323 void skb_trim(struct sk_buff *skb, unsigned int len)
1326 __skb_trim(skb, len);
1328 EXPORT_SYMBOL(skb_trim);
1330 /* Trims skb to length len. It can change skb pointers.
1333 int ___pskb_trim(struct sk_buff *skb, unsigned int len)
1335 struct sk_buff **fragp;
1336 struct sk_buff *frag;
1337 int offset = skb_headlen(skb);
1338 int nfrags = skb_shinfo(skb)->nr_frags;
1342 if (skb_cloned(skb) &&
1343 unlikely((err = pskb_expand_head(skb, 0, 0, GFP_ATOMIC))))
1350 for (; i < nfrags; i++) {
1351 int end = offset + skb_frag_size(&skb_shinfo(skb)->frags[i]);
1358 skb_frag_size_set(&skb_shinfo(skb)->frags[i++], len - offset);
1361 skb_shinfo(skb)->nr_frags = i;
1363 for (; i < nfrags; i++)
1364 skb_frag_unref(skb, i);
1366 if (skb_has_frag_list(skb))
1367 skb_drop_fraglist(skb);
1371 for (fragp = &skb_shinfo(skb)->frag_list; (frag = *fragp);
1372 fragp = &frag->next) {
1373 int end = offset + frag->len;
1375 if (skb_shared(frag)) {
1376 struct sk_buff *nfrag;
1378 nfrag = skb_clone(frag, GFP_ATOMIC);
1379 if (unlikely(!nfrag))
1382 nfrag->next = frag->next;
1394 unlikely((err = pskb_trim(frag, len - offset))))
1398 skb_drop_list(&frag->next);
1403 if (len > skb_headlen(skb)) {
1404 skb->data_len -= skb->len - len;
1409 skb_set_tail_pointer(skb, len);
1414 EXPORT_SYMBOL(___pskb_trim);
1417 * __pskb_pull_tail - advance tail of skb header
1418 * @skb: buffer to reallocate
1419 * @delta: number of bytes to advance tail
1421 * The function makes a sense only on a fragmented &sk_buff,
1422 * it expands header moving its tail forward and copying necessary
1423 * data from fragmented part.
1425 * &sk_buff MUST have reference count of 1.
1427 * Returns %NULL (and &sk_buff does not change) if pull failed
1428 * or value of new tail of skb in the case of success.
1430 * All the pointers pointing into skb header may change and must be
1431 * reloaded after call to this function.
1434 /* Moves tail of skb head forward, copying data from fragmented part,
1435 * when it is necessary.
1436 * 1. It may fail due to malloc failure.
1437 * 2. It may change skb pointers.
1439 * It is pretty complicated. Luckily, it is called only in exceptional cases.
1441 unsigned char *__pskb_pull_tail(struct sk_buff *skb, int delta)
1443 /* If skb has not enough free space at tail, get new one
1444 * plus 128 bytes for future expansions. If we have enough
1445 * room at tail, reallocate without expansion only if skb is cloned.
1447 int i, k, eat = (skb->tail + delta) - skb->end;
1449 if (eat > 0 || skb_cloned(skb)) {
1450 if (pskb_expand_head(skb, 0, eat > 0 ? eat + 128 : 0,
1455 if (skb_copy_bits(skb, skb_headlen(skb), skb_tail_pointer(skb), delta))
1458 /* Optimization: no fragments, no reasons to preestimate
1459 * size of pulled pages. Superb.
1461 if (!skb_has_frag_list(skb))
1464 /* Estimate size of pulled pages. */
1466 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1467 int size = skb_frag_size(&skb_shinfo(skb)->frags[i]);
1474 /* If we need update frag list, we are in troubles.
1475 * Certainly, it possible to add an offset to skb data,
1476 * but taking into account that pulling is expected to
1477 * be very rare operation, it is worth to fight against
1478 * further bloating skb head and crucify ourselves here instead.
1479 * Pure masohism, indeed. 8)8)
1482 struct sk_buff *list = skb_shinfo(skb)->frag_list;
1483 struct sk_buff *clone = NULL;
1484 struct sk_buff *insp = NULL;
1489 if (list->len <= eat) {
1490 /* Eaten as whole. */
1495 /* Eaten partially. */
1497 if (skb_shared(list)) {
1498 /* Sucks! We need to fork list. :-( */
1499 clone = skb_clone(list, GFP_ATOMIC);
1505 /* This may be pulled without
1509 if (!pskb_pull(list, eat)) {
1517 /* Free pulled out fragments. */
1518 while ((list = skb_shinfo(skb)->frag_list) != insp) {
1519 skb_shinfo(skb)->frag_list = list->next;
1522 /* And insert new clone at head. */
1525 skb_shinfo(skb)->frag_list = clone;
1528 /* Success! Now we may commit changes to skb data. */
1533 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1534 int size = skb_frag_size(&skb_shinfo(skb)->frags[i]);
1537 skb_frag_unref(skb, i);
1540 skb_shinfo(skb)->frags[k] = skb_shinfo(skb)->frags[i];
1542 skb_shinfo(skb)->frags[k].page_offset += eat;
1543 skb_frag_size_sub(&skb_shinfo(skb)->frags[k], eat);
1549 skb_shinfo(skb)->nr_frags = k;
1552 skb->data_len -= delta;
1554 return skb_tail_pointer(skb);
1556 EXPORT_SYMBOL(__pskb_pull_tail);
1559 * skb_copy_bits - copy bits from skb to kernel buffer
1561 * @offset: offset in source
1562 * @to: destination buffer
1563 * @len: number of bytes to copy
1565 * Copy the specified number of bytes from the source skb to the
1566 * destination buffer.
1569 * If its prototype is ever changed,
1570 * check arch/{*}/net/{*}.S files,
1571 * since it is called from BPF assembly code.
1573 int skb_copy_bits(const struct sk_buff *skb, int offset, void *to, int len)
1575 int start = skb_headlen(skb);
1576 struct sk_buff *frag_iter;
1579 if (offset > (int)skb->len - len)
1583 if ((copy = start - offset) > 0) {
1586 skb_copy_from_linear_data_offset(skb, offset, to, copy);
1587 if ((len -= copy) == 0)
1593 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1595 skb_frag_t *f = &skb_shinfo(skb)->frags[i];
1597 WARN_ON(start > offset + len);
1599 end = start + skb_frag_size(f);
1600 if ((copy = end - offset) > 0) {
1606 vaddr = kmap_atomic(skb_frag_page(f));
1608 vaddr + f->page_offset + offset - start,
1610 kunmap_atomic(vaddr);
1612 if ((len -= copy) == 0)
1620 skb_walk_frags(skb, frag_iter) {
1623 WARN_ON(start > offset + len);
1625 end = start + frag_iter->len;
1626 if ((copy = end - offset) > 0) {
1629 if (skb_copy_bits(frag_iter, offset - start, to, copy))
1631 if ((len -= copy) == 0)
1645 EXPORT_SYMBOL(skb_copy_bits);
1648 * Callback from splice_to_pipe(), if we need to release some pages
1649 * at the end of the spd in case we error'ed out in filling the pipe.
1651 static void sock_spd_release(struct splice_pipe_desc *spd, unsigned int i)
1653 put_page(spd->pages[i]);
1656 static struct page *linear_to_page(struct page *page, unsigned int *len,
1657 unsigned int *offset,
1660 struct page_frag *pfrag = sk_page_frag(sk);
1662 if (!sk_page_frag_refill(sk, pfrag))
1665 *len = min_t(unsigned int, *len, pfrag->size - pfrag->offset);
1667 memcpy(page_address(pfrag->page) + pfrag->offset,
1668 page_address(page) + *offset, *len);
1669 *offset = pfrag->offset;
1670 pfrag->offset += *len;
1675 static bool spd_can_coalesce(const struct splice_pipe_desc *spd,
1677 unsigned int offset)
1679 return spd->nr_pages &&
1680 spd->pages[spd->nr_pages - 1] == page &&
1681 (spd->partial[spd->nr_pages - 1].offset +
1682 spd->partial[spd->nr_pages - 1].len == offset);
1686 * Fill page/offset/length into spd, if it can hold more pages.
1688 static bool spd_fill_page(struct splice_pipe_desc *spd,
1689 struct pipe_inode_info *pipe, struct page *page,
1690 unsigned int *len, unsigned int offset,
1694 if (unlikely(spd->nr_pages == MAX_SKB_FRAGS))
1698 page = linear_to_page(page, len, &offset, sk);
1702 if (spd_can_coalesce(spd, page, offset)) {
1703 spd->partial[spd->nr_pages - 1].len += *len;
1707 spd->pages[spd->nr_pages] = page;
1708 spd->partial[spd->nr_pages].len = *len;
1709 spd->partial[spd->nr_pages].offset = offset;
1715 static bool __splice_segment(struct page *page, unsigned int poff,
1716 unsigned int plen, unsigned int *off,
1718 struct splice_pipe_desc *spd, bool linear,
1720 struct pipe_inode_info *pipe)
1725 /* skip this segment if already processed */
1731 /* ignore any bits we already processed */
1737 unsigned int flen = min(*len, plen);
1739 if (spd_fill_page(spd, pipe, page, &flen, poff,
1745 } while (*len && plen);
1751 * Map linear and fragment data from the skb to spd. It reports true if the
1752 * pipe is full or if we already spliced the requested length.
1754 static bool __skb_splice_bits(struct sk_buff *skb, struct pipe_inode_info *pipe,
1755 unsigned int *offset, unsigned int *len,
1756 struct splice_pipe_desc *spd, struct sock *sk)
1760 /* map the linear part :
1761 * If skb->head_frag is set, this 'linear' part is backed by a
1762 * fragment, and if the head is not shared with any clones then
1763 * we can avoid a copy since we own the head portion of this page.
1765 if (__splice_segment(virt_to_page(skb->data),
1766 (unsigned long) skb->data & (PAGE_SIZE - 1),
1769 skb_head_is_locked(skb),
1774 * then map the fragments
1776 for (seg = 0; seg < skb_shinfo(skb)->nr_frags; seg++) {
1777 const skb_frag_t *f = &skb_shinfo(skb)->frags[seg];
1779 if (__splice_segment(skb_frag_page(f),
1780 f->page_offset, skb_frag_size(f),
1781 offset, len, spd, false, sk, pipe))
1789 * Map data from the skb to a pipe. Should handle both the linear part,
1790 * the fragments, and the frag list. It does NOT handle frag lists within
1791 * the frag list, if such a thing exists. We'd probably need to recurse to
1792 * handle that cleanly.
1794 int skb_splice_bits(struct sk_buff *skb, unsigned int offset,
1795 struct pipe_inode_info *pipe, unsigned int tlen,
1798 struct partial_page partial[MAX_SKB_FRAGS];
1799 struct page *pages[MAX_SKB_FRAGS];
1800 struct splice_pipe_desc spd = {
1803 .nr_pages_max = MAX_SKB_FRAGS,
1805 .ops = &nosteal_pipe_buf_ops,
1806 .spd_release = sock_spd_release,
1808 struct sk_buff *frag_iter;
1809 struct sock *sk = skb->sk;
1813 * __skb_splice_bits() only fails if the output has no room left,
1814 * so no point in going over the frag_list for the error case.
1816 if (__skb_splice_bits(skb, pipe, &offset, &tlen, &spd, sk))
1822 * now see if we have a frag_list to map
1824 skb_walk_frags(skb, frag_iter) {
1827 if (__skb_splice_bits(frag_iter, pipe, &offset, &tlen, &spd, sk))
1834 * Drop the socket lock, otherwise we have reverse
1835 * locking dependencies between sk_lock and i_mutex
1836 * here as compared to sendfile(). We enter here
1837 * with the socket lock held, and splice_to_pipe() will
1838 * grab the pipe inode lock. For sendfile() emulation,
1839 * we call into ->sendpage() with the i_mutex lock held
1840 * and networking will grab the socket lock.
1843 ret = splice_to_pipe(pipe, &spd);
1851 * skb_store_bits - store bits from kernel buffer to skb
1852 * @skb: destination buffer
1853 * @offset: offset in destination
1854 * @from: source buffer
1855 * @len: number of bytes to copy
1857 * Copy the specified number of bytes from the source buffer to the
1858 * destination skb. This function handles all the messy bits of
1859 * traversing fragment lists and such.
1862 int skb_store_bits(struct sk_buff *skb, int offset, const void *from, int len)
1864 int start = skb_headlen(skb);
1865 struct sk_buff *frag_iter;
1868 if (offset > (int)skb->len - len)
1871 if ((copy = start - offset) > 0) {
1874 skb_copy_to_linear_data_offset(skb, offset, from, copy);
1875 if ((len -= copy) == 0)
1881 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1882 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
1885 WARN_ON(start > offset + len);
1887 end = start + skb_frag_size(frag);
1888 if ((copy = end - offset) > 0) {
1894 vaddr = kmap_atomic(skb_frag_page(frag));
1895 memcpy(vaddr + frag->page_offset + offset - start,
1897 kunmap_atomic(vaddr);
1899 if ((len -= copy) == 0)
1907 skb_walk_frags(skb, frag_iter) {
1910 WARN_ON(start > offset + len);
1912 end = start + frag_iter->len;
1913 if ((copy = end - offset) > 0) {
1916 if (skb_store_bits(frag_iter, offset - start,
1919 if ((len -= copy) == 0)
1932 EXPORT_SYMBOL(skb_store_bits);
1934 /* Checksum skb data. */
1935 __wsum __skb_checksum(const struct sk_buff *skb, int offset, int len,
1936 __wsum csum, const struct skb_checksum_ops *ops)
1938 int start = skb_headlen(skb);
1939 int i, copy = start - offset;
1940 struct sk_buff *frag_iter;
1943 /* Checksum header. */
1947 csum = ops->update(skb->data + offset, copy, csum);
1948 if ((len -= copy) == 0)
1954 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1956 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
1958 WARN_ON(start > offset + len);
1960 end = start + skb_frag_size(frag);
1961 if ((copy = end - offset) > 0) {
1967 vaddr = kmap_atomic(skb_frag_page(frag));
1968 csum2 = ops->update(vaddr + frag->page_offset +
1969 offset - start, copy, 0);
1970 kunmap_atomic(vaddr);
1971 csum = ops->combine(csum, csum2, pos, copy);
1980 skb_walk_frags(skb, frag_iter) {
1983 WARN_ON(start > offset + len);
1985 end = start + frag_iter->len;
1986 if ((copy = end - offset) > 0) {
1990 csum2 = __skb_checksum(frag_iter, offset - start,
1992 csum = ops->combine(csum, csum2, pos, copy);
1993 if ((len -= copy) == 0)
2004 EXPORT_SYMBOL(__skb_checksum);
2006 __wsum skb_checksum(const struct sk_buff *skb, int offset,
2007 int len, __wsum csum)
2009 const struct skb_checksum_ops ops = {
2010 .update = csum_partial_ext,
2011 .combine = csum_block_add_ext,
2014 return __skb_checksum(skb, offset, len, csum, &ops);
2016 EXPORT_SYMBOL(skb_checksum);
2018 /* Both of above in one bottle. */
2020 __wsum skb_copy_and_csum_bits(const struct sk_buff *skb, int offset,
2021 u8 *to, int len, __wsum csum)
2023 int start = skb_headlen(skb);
2024 int i, copy = start - offset;
2025 struct sk_buff *frag_iter;
2032 csum = csum_partial_copy_nocheck(skb->data + offset, to,
2034 if ((len -= copy) == 0)
2041 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
2044 WARN_ON(start > offset + len);
2046 end = start + skb_frag_size(&skb_shinfo(skb)->frags[i]);
2047 if ((copy = end - offset) > 0) {
2050 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
2054 vaddr = kmap_atomic(skb_frag_page(frag));
2055 csum2 = csum_partial_copy_nocheck(vaddr +
2059 kunmap_atomic(vaddr);
2060 csum = csum_block_add(csum, csum2, pos);
2070 skb_walk_frags(skb, frag_iter) {
2074 WARN_ON(start > offset + len);
2076 end = start + frag_iter->len;
2077 if ((copy = end - offset) > 0) {
2080 csum2 = skb_copy_and_csum_bits(frag_iter,
2083 csum = csum_block_add(csum, csum2, pos);
2084 if ((len -= copy) == 0)
2095 EXPORT_SYMBOL(skb_copy_and_csum_bits);
2098 * skb_zerocopy_headlen - Calculate headroom needed for skb_zerocopy()
2099 * @from: source buffer
2101 * Calculates the amount of linear headroom needed in the 'to' skb passed
2102 * into skb_zerocopy().
2105 skb_zerocopy_headlen(const struct sk_buff *from)
2107 unsigned int hlen = 0;
2109 if (!from->head_frag ||
2110 skb_headlen(from) < L1_CACHE_BYTES ||
2111 skb_shinfo(from)->nr_frags >= MAX_SKB_FRAGS)
2112 hlen = skb_headlen(from);
2114 if (skb_has_frag_list(from))
2119 EXPORT_SYMBOL_GPL(skb_zerocopy_headlen);
2122 * skb_zerocopy - Zero copy skb to skb
2123 * @to: destination buffer
2124 * @from: source buffer
2125 * @len: number of bytes to copy from source buffer
2126 * @hlen: size of linear headroom in destination buffer
2128 * Copies up to `len` bytes from `from` to `to` by creating references
2129 * to the frags in the source buffer.
2131 * The `hlen` as calculated by skb_zerocopy_headlen() specifies the
2132 * headroom in the `to` buffer.
2135 skb_zerocopy(struct sk_buff *to, const struct sk_buff *from, int len, int hlen)
2138 int plen = 0; /* length of skb->head fragment */
2140 unsigned int offset;
2142 BUG_ON(!from->head_frag && !hlen);
2144 /* dont bother with small payloads */
2145 if (len <= skb_tailroom(to)) {
2146 skb_copy_bits(from, 0, skb_put(to, len), len);
2151 skb_copy_bits(from, 0, skb_put(to, hlen), hlen);
2154 plen = min_t(int, skb_headlen(from), len);
2156 page = virt_to_head_page(from->head);
2157 offset = from->data - (unsigned char *)page_address(page);
2158 __skb_fill_page_desc(to, 0, page, offset, plen);
2165 to->truesize += len + plen;
2166 to->len += len + plen;
2167 to->data_len += len + plen;
2169 for (i = 0; i < skb_shinfo(from)->nr_frags; i++) {
2172 skb_shinfo(to)->frags[j] = skb_shinfo(from)->frags[i];
2173 skb_shinfo(to)->frags[j].size = min_t(int, skb_shinfo(to)->frags[j].size, len);
2174 len -= skb_shinfo(to)->frags[j].size;
2175 skb_frag_ref(to, j);
2178 skb_shinfo(to)->nr_frags = j;
2180 EXPORT_SYMBOL_GPL(skb_zerocopy);
2182 void skb_copy_and_csum_dev(const struct sk_buff *skb, u8 *to)
2187 if (skb->ip_summed == CHECKSUM_PARTIAL)
2188 csstart = skb_checksum_start_offset(skb);
2190 csstart = skb_headlen(skb);
2192 BUG_ON(csstart > skb_headlen(skb));
2194 skb_copy_from_linear_data(skb, to, csstart);
2197 if (csstart != skb->len)
2198 csum = skb_copy_and_csum_bits(skb, csstart, to + csstart,
2199 skb->len - csstart, 0);
2201 if (skb->ip_summed == CHECKSUM_PARTIAL) {
2202 long csstuff = csstart + skb->csum_offset;
2204 *((__sum16 *)(to + csstuff)) = csum_fold(csum);
2207 EXPORT_SYMBOL(skb_copy_and_csum_dev);
2210 * skb_dequeue - remove from the head of the queue
2211 * @list: list to dequeue from
2213 * Remove the head of the list. The list lock is taken so the function
2214 * may be used safely with other locking list functions. The head item is
2215 * returned or %NULL if the list is empty.
2218 struct sk_buff *skb_dequeue(struct sk_buff_head *list)
2220 unsigned long flags;
2221 struct sk_buff *result;
2223 spin_lock_irqsave(&list->lock, flags);
2224 result = __skb_dequeue(list);
2225 spin_unlock_irqrestore(&list->lock, flags);
2228 EXPORT_SYMBOL(skb_dequeue);
2231 * skb_dequeue_tail - remove from the tail of the queue
2232 * @list: list to dequeue from
2234 * Remove the tail of the list. The list lock is taken so the function
2235 * may be used safely with other locking list functions. The tail item is
2236 * returned or %NULL if the list is empty.
2238 struct sk_buff *skb_dequeue_tail(struct sk_buff_head *list)
2240 unsigned long flags;
2241 struct sk_buff *result;
2243 spin_lock_irqsave(&list->lock, flags);
2244 result = __skb_dequeue_tail(list);
2245 spin_unlock_irqrestore(&list->lock, flags);
2248 EXPORT_SYMBOL(skb_dequeue_tail);
2251 * skb_queue_purge - empty a list
2252 * @list: list to empty
2254 * Delete all buffers on an &sk_buff list. Each buffer is removed from
2255 * the list and one reference dropped. This function takes the list
2256 * lock and is atomic with respect to other list locking functions.
2258 void skb_queue_purge(struct sk_buff_head *list)
2260 struct sk_buff *skb;
2261 while ((skb = skb_dequeue(list)) != NULL)
2264 EXPORT_SYMBOL(skb_queue_purge);
2267 * skb_queue_head - queue a buffer at the list head
2268 * @list: list to use
2269 * @newsk: buffer to queue
2271 * Queue a buffer at the start of the list. This function takes the
2272 * list lock and can be used safely with other locking &sk_buff functions
2275 * A buffer cannot be placed on two lists at the same time.
2277 void skb_queue_head(struct sk_buff_head *list, struct sk_buff *newsk)
2279 unsigned long flags;
2281 spin_lock_irqsave(&list->lock, flags);
2282 __skb_queue_head(list, newsk);
2283 spin_unlock_irqrestore(&list->lock, flags);
2285 EXPORT_SYMBOL(skb_queue_head);
2288 * skb_queue_tail - queue a buffer at the list tail
2289 * @list: list to use
2290 * @newsk: buffer to queue
2292 * Queue a buffer at the tail of the list. This function takes the
2293 * list lock and can be used safely with other locking &sk_buff functions
2296 * A buffer cannot be placed on two lists at the same time.
2298 void skb_queue_tail(struct sk_buff_head *list, struct sk_buff *newsk)
2300 unsigned long flags;
2302 spin_lock_irqsave(&list->lock, flags);
2303 __skb_queue_tail(list, newsk);
2304 spin_unlock_irqrestore(&list->lock, flags);
2306 EXPORT_SYMBOL(skb_queue_tail);
2309 * skb_unlink - remove a buffer from a list
2310 * @skb: buffer to remove
2311 * @list: list to use
2313 * Remove a packet from a list. The list locks are taken and this
2314 * function is atomic with respect to other list locked calls
2316 * You must know what list the SKB is on.
2318 void skb_unlink(struct sk_buff *skb, struct sk_buff_head *list)
2320 unsigned long flags;
2322 spin_lock_irqsave(&list->lock, flags);
2323 __skb_unlink(skb, list);
2324 spin_unlock_irqrestore(&list->lock, flags);
2326 EXPORT_SYMBOL(skb_unlink);
2329 * skb_append - append a buffer
2330 * @old: buffer to insert after
2331 * @newsk: buffer to insert
2332 * @list: list to use
2334 * Place a packet after a given packet in a list. The list locks are taken
2335 * and this function is atomic with respect to other list locked calls.
2336 * A buffer cannot be placed on two lists at the same time.
2338 void skb_append(struct sk_buff *old, struct sk_buff *newsk, struct sk_buff_head *list)
2340 unsigned long flags;
2342 spin_lock_irqsave(&list->lock, flags);
2343 __skb_queue_after(list, old, newsk);
2344 spin_unlock_irqrestore(&list->lock, flags);
2346 EXPORT_SYMBOL(skb_append);
2349 * skb_insert - insert a buffer
2350 * @old: buffer to insert before
2351 * @newsk: buffer to insert
2352 * @list: list to use
2354 * Place a packet before a given packet in a list. The list locks are
2355 * taken and this function is atomic with respect to other list locked
2358 * A buffer cannot be placed on two lists at the same time.
2360 void skb_insert(struct sk_buff *old, struct sk_buff *newsk, struct sk_buff_head *list)
2362 unsigned long flags;
2364 spin_lock_irqsave(&list->lock, flags);
2365 __skb_insert(newsk, old->prev, old, list);
2366 spin_unlock_irqrestore(&list->lock, flags);
2368 EXPORT_SYMBOL(skb_insert);
2370 static inline void skb_split_inside_header(struct sk_buff *skb,
2371 struct sk_buff* skb1,
2372 const u32 len, const int pos)
2376 skb_copy_from_linear_data_offset(skb, len, skb_put(skb1, pos - len),
2378 /* And move data appendix as is. */
2379 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
2380 skb_shinfo(skb1)->frags[i] = skb_shinfo(skb)->frags[i];
2382 skb_shinfo(skb1)->nr_frags = skb_shinfo(skb)->nr_frags;
2383 skb_shinfo(skb)->nr_frags = 0;
2384 skb1->data_len = skb->data_len;
2385 skb1->len += skb1->data_len;
2388 skb_set_tail_pointer(skb, len);
2391 static inline void skb_split_no_header(struct sk_buff *skb,
2392 struct sk_buff* skb1,
2393 const u32 len, int pos)
2396 const int nfrags = skb_shinfo(skb)->nr_frags;
2398 skb_shinfo(skb)->nr_frags = 0;
2399 skb1->len = skb1->data_len = skb->len - len;
2401 skb->data_len = len - pos;
2403 for (i = 0; i < nfrags; i++) {
2404 int size = skb_frag_size(&skb_shinfo(skb)->frags[i]);
2406 if (pos + size > len) {
2407 skb_shinfo(skb1)->frags[k] = skb_shinfo(skb)->frags[i];
2411 * We have two variants in this case:
2412 * 1. Move all the frag to the second
2413 * part, if it is possible. F.e.
2414 * this approach is mandatory for TUX,
2415 * where splitting is expensive.
2416 * 2. Split is accurately. We make this.
2418 skb_frag_ref(skb, i);
2419 skb_shinfo(skb1)->frags[0].page_offset += len - pos;
2420 skb_frag_size_sub(&skb_shinfo(skb1)->frags[0], len - pos);
2421 skb_frag_size_set(&skb_shinfo(skb)->frags[i], len - pos);
2422 skb_shinfo(skb)->nr_frags++;
2426 skb_shinfo(skb)->nr_frags++;
2429 skb_shinfo(skb1)->nr_frags = k;
2433 * skb_split - Split fragmented skb to two parts at length len.
2434 * @skb: the buffer to split
2435 * @skb1: the buffer to receive the second part
2436 * @len: new length for skb
2438 void skb_split(struct sk_buff *skb, struct sk_buff *skb1, const u32 len)
2440 int pos = skb_headlen(skb);
2442 skb_shinfo(skb1)->tx_flags = skb_shinfo(skb)->tx_flags & SKBTX_SHARED_FRAG;
2443 if (len < pos) /* Split line is inside header. */
2444 skb_split_inside_header(skb, skb1, len, pos);
2445 else /* Second chunk has no header, nothing to copy. */
2446 skb_split_no_header(skb, skb1, len, pos);
2448 EXPORT_SYMBOL(skb_split);
2450 /* Shifting from/to a cloned skb is a no-go.
2452 * Caller cannot keep skb_shinfo related pointers past calling here!
2454 static int skb_prepare_for_shift(struct sk_buff *skb)
2456 return skb_cloned(skb) && pskb_expand_head(skb, 0, 0, GFP_ATOMIC);
2460 * skb_shift - Shifts paged data partially from skb to another
2461 * @tgt: buffer into which tail data gets added
2462 * @skb: buffer from which the paged data comes from
2463 * @shiftlen: shift up to this many bytes
2465 * Attempts to shift up to shiftlen worth of bytes, which may be less than
2466 * the length of the skb, from skb to tgt. Returns number bytes shifted.
2467 * It's up to caller to free skb if everything was shifted.
2469 * If @tgt runs out of frags, the whole operation is aborted.
2471 * Skb cannot include anything else but paged data while tgt is allowed
2472 * to have non-paged data as well.
2474 * TODO: full sized shift could be optimized but that would need
2475 * specialized skb free'er to handle frags without up-to-date nr_frags.
2477 int skb_shift(struct sk_buff *tgt, struct sk_buff *skb, int shiftlen)
2479 int from, to, merge, todo;
2480 struct skb_frag_struct *fragfrom, *fragto;
2482 BUG_ON(shiftlen > skb->len);
2483 BUG_ON(skb_headlen(skb)); /* Would corrupt stream */
2487 to = skb_shinfo(tgt)->nr_frags;
2488 fragfrom = &skb_shinfo(skb)->frags[from];
2490 /* Actual merge is delayed until the point when we know we can
2491 * commit all, so that we don't have to undo partial changes
2494 !skb_can_coalesce(tgt, to, skb_frag_page(fragfrom),
2495 fragfrom->page_offset)) {
2500 todo -= skb_frag_size(fragfrom);
2502 if (skb_prepare_for_shift(skb) ||
2503 skb_prepare_for_shift(tgt))
2506 /* All previous frag pointers might be stale! */
2507 fragfrom = &skb_shinfo(skb)->frags[from];
2508 fragto = &skb_shinfo(tgt)->frags[merge];
2510 skb_frag_size_add(fragto, shiftlen);
2511 skb_frag_size_sub(fragfrom, shiftlen);
2512 fragfrom->page_offset += shiftlen;
2520 /* Skip full, not-fitting skb to avoid expensive operations */
2521 if ((shiftlen == skb->len) &&
2522 (skb_shinfo(skb)->nr_frags - from) > (MAX_SKB_FRAGS - to))
2525 if (skb_prepare_for_shift(skb) || skb_prepare_for_shift(tgt))
2528 while ((todo > 0) && (from < skb_shinfo(skb)->nr_frags)) {
2529 if (to == MAX_SKB_FRAGS)
2532 fragfrom = &skb_shinfo(skb)->frags[from];
2533 fragto = &skb_shinfo(tgt)->frags[to];
2535 if (todo >= skb_frag_size(fragfrom)) {
2536 *fragto = *fragfrom;
2537 todo -= skb_frag_size(fragfrom);
2542 __skb_frag_ref(fragfrom);
2543 fragto->page = fragfrom->page;
2544 fragto->page_offset = fragfrom->page_offset;
2545 skb_frag_size_set(fragto, todo);
2547 fragfrom->page_offset += todo;
2548 skb_frag_size_sub(fragfrom, todo);
2556 /* Ready to "commit" this state change to tgt */
2557 skb_shinfo(tgt)->nr_frags = to;
2560 fragfrom = &skb_shinfo(skb)->frags[0];
2561 fragto = &skb_shinfo(tgt)->frags[merge];
2563 skb_frag_size_add(fragto, skb_frag_size(fragfrom));
2564 __skb_frag_unref(fragfrom);
2567 /* Reposition in the original skb */
2569 while (from < skb_shinfo(skb)->nr_frags)
2570 skb_shinfo(skb)->frags[to++] = skb_shinfo(skb)->frags[from++];
2571 skb_shinfo(skb)->nr_frags = to;
2573 BUG_ON(todo > 0 && !skb_shinfo(skb)->nr_frags);
2576 /* Most likely the tgt won't ever need its checksum anymore, skb on
2577 * the other hand might need it if it needs to be resent
2579 tgt->ip_summed = CHECKSUM_PARTIAL;
2580 skb->ip_summed = CHECKSUM_PARTIAL;
2582 /* Yak, is it really working this way? Some helper please? */
2583 skb->len -= shiftlen;
2584 skb->data_len -= shiftlen;
2585 skb->truesize -= shiftlen;
2586 tgt->len += shiftlen;
2587 tgt->data_len += shiftlen;
2588 tgt->truesize += shiftlen;
2594 * skb_prepare_seq_read - Prepare a sequential read of skb data
2595 * @skb: the buffer to read
2596 * @from: lower offset of data to be read
2597 * @to: upper offset of data to be read
2598 * @st: state variable
2600 * Initializes the specified state variable. Must be called before
2601 * invoking skb_seq_read() for the first time.
2603 void skb_prepare_seq_read(struct sk_buff *skb, unsigned int from,
2604 unsigned int to, struct skb_seq_state *st)
2606 st->lower_offset = from;
2607 st->upper_offset = to;
2608 st->root_skb = st->cur_skb = skb;
2609 st->frag_idx = st->stepped_offset = 0;
2610 st->frag_data = NULL;
2612 EXPORT_SYMBOL(skb_prepare_seq_read);
2615 * skb_seq_read - Sequentially read skb data
2616 * @consumed: number of bytes consumed by the caller so far
2617 * @data: destination pointer for data to be returned
2618 * @st: state variable
2620 * Reads a block of skb data at @consumed relative to the
2621 * lower offset specified to skb_prepare_seq_read(). Assigns
2622 * the head of the data block to @data and returns the length
2623 * of the block or 0 if the end of the skb data or the upper
2624 * offset has been reached.
2626 * The caller is not required to consume all of the data
2627 * returned, i.e. @consumed is typically set to the number
2628 * of bytes already consumed and the next call to
2629 * skb_seq_read() will return the remaining part of the block.
2631 * Note 1: The size of each block of data returned can be arbitrary,
2632 * this limitation is the cost for zerocopy seqeuental
2633 * reads of potentially non linear data.
2635 * Note 2: Fragment lists within fragments are not implemented
2636 * at the moment, state->root_skb could be replaced with
2637 * a stack for this purpose.
2639 unsigned int skb_seq_read(unsigned int consumed, const u8 **data,
2640 struct skb_seq_state *st)
2642 unsigned int block_limit, abs_offset = consumed + st->lower_offset;
2645 if (unlikely(abs_offset >= st->upper_offset)) {
2646 if (st->frag_data) {
2647 kunmap_atomic(st->frag_data);
2648 st->frag_data = NULL;
2654 block_limit = skb_headlen(st->cur_skb) + st->stepped_offset;
2656 if (abs_offset < block_limit && !st->frag_data) {
2657 *data = st->cur_skb->data + (abs_offset - st->stepped_offset);
2658 return block_limit - abs_offset;
2661 if (st->frag_idx == 0 && !st->frag_data)
2662 st->stepped_offset += skb_headlen(st->cur_skb);
2664 while (st->frag_idx < skb_shinfo(st->cur_skb)->nr_frags) {
2665 frag = &skb_shinfo(st->cur_skb)->frags[st->frag_idx];
2666 block_limit = skb_frag_size(frag) + st->stepped_offset;
2668 if (abs_offset < block_limit) {
2670 st->frag_data = kmap_atomic(skb_frag_page(frag));
2672 *data = (u8 *) st->frag_data + frag->page_offset +
2673 (abs_offset - st->stepped_offset);
2675 return block_limit - abs_offset;
2678 if (st->frag_data) {
2679 kunmap_atomic(st->frag_data);
2680 st->frag_data = NULL;
2684 st->stepped_offset += skb_frag_size(frag);
2687 if (st->frag_data) {
2688 kunmap_atomic(st->frag_data);
2689 st->frag_data = NULL;
2692 if (st->root_skb == st->cur_skb && skb_has_frag_list(st->root_skb)) {
2693 st->cur_skb = skb_shinfo(st->root_skb)->frag_list;
2696 } else if (st->cur_skb->next) {
2697 st->cur_skb = st->cur_skb->next;
2704 EXPORT_SYMBOL(skb_seq_read);
2707 * skb_abort_seq_read - Abort a sequential read of skb data
2708 * @st: state variable
2710 * Must be called if skb_seq_read() was not called until it
2713 void skb_abort_seq_read(struct skb_seq_state *st)
2716 kunmap_atomic(st->frag_data);
2718 EXPORT_SYMBOL(skb_abort_seq_read);
2720 #define TS_SKB_CB(state) ((struct skb_seq_state *) &((state)->cb))
2722 static unsigned int skb_ts_get_next_block(unsigned int offset, const u8 **text,
2723 struct ts_config *conf,
2724 struct ts_state *state)
2726 return skb_seq_read(offset, text, TS_SKB_CB(state));
2729 static void skb_ts_finish(struct ts_config *conf, struct ts_state *state)
2731 skb_abort_seq_read(TS_SKB_CB(state));
2735 * skb_find_text - Find a text pattern in skb data
2736 * @skb: the buffer to look in
2737 * @from: search offset
2739 * @config: textsearch configuration
2740 * @state: uninitialized textsearch state variable
2742 * Finds a pattern in the skb data according to the specified
2743 * textsearch configuration. Use textsearch_next() to retrieve
2744 * subsequent occurrences of the pattern. Returns the offset
2745 * to the first occurrence or UINT_MAX if no match was found.
2747 unsigned int skb_find_text(struct sk_buff *skb, unsigned int from,
2748 unsigned int to, struct ts_config *config,
2749 struct ts_state *state)
2753 config->get_next_block = skb_ts_get_next_block;
2754 config->finish = skb_ts_finish;
2756 skb_prepare_seq_read(skb, from, to, TS_SKB_CB(state));
2758 ret = textsearch_find(config, state);
2759 return (ret <= to - from ? ret : UINT_MAX);
2761 EXPORT_SYMBOL(skb_find_text);
2764 * skb_append_datato_frags - append the user data to a skb
2765 * @sk: sock structure
2766 * @skb: skb structure to be appened with user data.
2767 * @getfrag: call back function to be used for getting the user data
2768 * @from: pointer to user message iov
2769 * @length: length of the iov message
2771 * Description: This procedure append the user data in the fragment part
2772 * of the skb if any page alloc fails user this procedure returns -ENOMEM
2774 int skb_append_datato_frags(struct sock *sk, struct sk_buff *skb,
2775 int (*getfrag)(void *from, char *to, int offset,
2776 int len, int odd, struct sk_buff *skb),
2777 void *from, int length)
2779 int frg_cnt = skb_shinfo(skb)->nr_frags;
2783 struct page_frag *pfrag = ¤t->task_frag;
2786 /* Return error if we don't have space for new frag */
2787 if (frg_cnt >= MAX_SKB_FRAGS)
2790 if (!sk_page_frag_refill(sk, pfrag))
2793 /* copy the user data to page */
2794 copy = min_t(int, length, pfrag->size - pfrag->offset);
2796 ret = getfrag(from, page_address(pfrag->page) + pfrag->offset,
2797 offset, copy, 0, skb);
2801 /* copy was successful so update the size parameters */
2802 skb_fill_page_desc(skb, frg_cnt, pfrag->page, pfrag->offset,
2805 pfrag->offset += copy;
2806 get_page(pfrag->page);
2808 skb->truesize += copy;
2809 atomic_add(copy, &sk->sk_wmem_alloc);
2811 skb->data_len += copy;
2815 } while (length > 0);
2819 EXPORT_SYMBOL(skb_append_datato_frags);
2822 * skb_pull_rcsum - pull skb and update receive checksum
2823 * @skb: buffer to update
2824 * @len: length of data pulled
2826 * This function performs an skb_pull on the packet and updates
2827 * the CHECKSUM_COMPLETE checksum. It should be used on
2828 * receive path processing instead of skb_pull unless you know
2829 * that the checksum difference is zero (e.g., a valid IP header)
2830 * or you are setting ip_summed to CHECKSUM_NONE.
2832 unsigned char *skb_pull_rcsum(struct sk_buff *skb, unsigned int len)
2834 BUG_ON(len > skb->len);
2836 BUG_ON(skb->len < skb->data_len);
2837 skb_postpull_rcsum(skb, skb->data, len);
2838 return skb->data += len;
2840 EXPORT_SYMBOL_GPL(skb_pull_rcsum);
2843 * skb_segment - Perform protocol segmentation on skb.
2844 * @skb: buffer to segment
2845 * @features: features for the output path (see dev->features)
2847 * This function performs segmentation on the given skb. It returns
2848 * a pointer to the first in a list of new skbs for the segments.
2849 * In case of error it returns ERR_PTR(err).
2851 struct sk_buff *skb_segment(struct sk_buff *skb, netdev_features_t features)
2853 struct sk_buff *segs = NULL;
2854 struct sk_buff *tail = NULL;
2855 struct sk_buff *fskb = skb_shinfo(skb)->frag_list;
2856 skb_frag_t *skb_frag = skb_shinfo(skb)->frags;
2857 unsigned int mss = skb_shinfo(skb)->gso_size;
2858 unsigned int doffset = skb->data - skb_mac_header(skb);
2859 unsigned int offset = doffset;
2860 unsigned int tnl_hlen = skb_tnl_header_len(skb);
2861 unsigned int headroom;
2865 int sg = !!(features & NETIF_F_SG);
2866 int nfrags = skb_shinfo(skb)->nr_frags;
2871 proto = skb_network_protocol(skb);
2872 if (unlikely(!proto))
2873 return ERR_PTR(-EINVAL);
2875 csum = !!can_checksum_protocol(features, proto);
2876 __skb_push(skb, doffset);
2877 headroom = skb_headroom(skb);
2878 pos = skb_headlen(skb);
2881 struct sk_buff *nskb;
2886 len = skb->len - offset;
2890 hsize = skb_headlen(skb) - offset;
2893 if (hsize > len || !sg)
2896 if (!hsize && i >= nfrags && skb_headlen(fskb) &&
2897 (skb_headlen(fskb) == len || sg)) {
2898 BUG_ON(skb_headlen(fskb) > len);
2901 nfrags = skb_shinfo(fskb)->nr_frags;
2902 skb_frag = skb_shinfo(fskb)->frags;
2903 pos += skb_headlen(fskb);
2905 while (pos < offset + len) {
2906 BUG_ON(i >= nfrags);
2908 size = skb_frag_size(skb_frag);
2909 if (pos + size > offset + len)
2917 nskb = skb_clone(fskb, GFP_ATOMIC);
2920 if (unlikely(!nskb))
2923 if (unlikely(pskb_trim(nskb, len))) {
2928 hsize = skb_end_offset(nskb);
2929 if (skb_cow_head(nskb, doffset + headroom)) {
2934 nskb->truesize += skb_end_offset(nskb) - hsize;
2935 skb_release_head_state(nskb);
2936 __skb_push(nskb, doffset);
2938 nskb = __alloc_skb(hsize + doffset + headroom,
2939 GFP_ATOMIC, skb_alloc_rx_flag(skb),
2942 if (unlikely(!nskb))
2945 skb_reserve(nskb, headroom);
2946 __skb_put(nskb, doffset);
2955 __copy_skb_header(nskb, skb);
2956 nskb->mac_len = skb->mac_len;
2958 skb_headers_offset_update(nskb, skb_headroom(nskb) - headroom);
2960 skb_copy_from_linear_data_offset(skb, -tnl_hlen,
2961 nskb->data - tnl_hlen,
2962 doffset + tnl_hlen);
2964 if (nskb->len == len + doffset)
2965 goto perform_csum_check;
2968 nskb->ip_summed = CHECKSUM_NONE;
2969 nskb->csum = skb_copy_and_csum_bits(skb, offset,
2975 frag = skb_shinfo(nskb)->frags;
2977 skb_copy_from_linear_data_offset(skb, offset,
2978 skb_put(nskb, hsize), hsize);
2980 skb_shinfo(nskb)->tx_flags = skb_shinfo(skb)->tx_flags & SKBTX_SHARED_FRAG;
2982 while (pos < offset + len) {
2984 BUG_ON(skb_headlen(fskb));
2987 nfrags = skb_shinfo(fskb)->nr_frags;
2988 skb_frag = skb_shinfo(fskb)->frags;
2995 if (unlikely(skb_shinfo(nskb)->nr_frags >=
2997 net_warn_ratelimited(
2998 "skb_segment: too many frags: %u %u\n",
3004 __skb_frag_ref(frag);
3005 size = skb_frag_size(frag);
3008 frag->page_offset += offset - pos;
3009 skb_frag_size_sub(frag, offset - pos);
3012 skb_shinfo(nskb)->nr_frags++;
3014 if (pos + size <= offset + len) {
3019 skb_frag_size_sub(frag, pos + size - (offset + len));
3027 nskb->data_len = len - hsize;
3028 nskb->len += nskb->data_len;
3029 nskb->truesize += nskb->data_len;
3033 nskb->csum = skb_checksum(nskb, doffset,
3034 nskb->len - doffset, 0);
3035 nskb->ip_summed = CHECKSUM_NONE;
3037 } while ((offset += len) < skb->len);
3042 kfree_skb_list(segs);
3043 return ERR_PTR(err);
3045 EXPORT_SYMBOL_GPL(skb_segment);
3047 int skb_gro_receive(struct sk_buff **head, struct sk_buff *skb)
3049 struct skb_shared_info *pinfo, *skbinfo = skb_shinfo(skb);
3050 unsigned int offset = skb_gro_offset(skb);
3051 unsigned int headlen = skb_headlen(skb);
3052 struct sk_buff *nskb, *lp, *p = *head;
3053 unsigned int len = skb_gro_len(skb);
3054 unsigned int delta_truesize;
3055 unsigned int headroom;
3057 if (unlikely(p->len + len >= 65536))
3060 lp = NAPI_GRO_CB(p)->last ?: p;
3061 pinfo = skb_shinfo(lp);
3063 if (headlen <= offset) {
3066 int i = skbinfo->nr_frags;
3067 int nr_frags = pinfo->nr_frags + i;
3069 if (nr_frags > MAX_SKB_FRAGS)
3073 pinfo->nr_frags = nr_frags;
3074 skbinfo->nr_frags = 0;
3076 frag = pinfo->frags + nr_frags;
3077 frag2 = skbinfo->frags + i;
3082 frag->page_offset += offset;
3083 skb_frag_size_sub(frag, offset);
3085 /* all fragments truesize : remove (head size + sk_buff) */
3086 delta_truesize = skb->truesize -
3087 SKB_TRUESIZE(skb_end_offset(skb));
3089 skb->truesize -= skb->data_len;
3090 skb->len -= skb->data_len;
3093 NAPI_GRO_CB(skb)->free = NAPI_GRO_FREE;
3095 } else if (skb->head_frag) {
3096 int nr_frags = pinfo->nr_frags;
3097 skb_frag_t *frag = pinfo->frags + nr_frags;
3098 struct page *page = virt_to_head_page(skb->head);
3099 unsigned int first_size = headlen - offset;
3100 unsigned int first_offset;
3102 if (nr_frags + 1 + skbinfo->nr_frags > MAX_SKB_FRAGS)
3105 first_offset = skb->data -
3106 (unsigned char *)page_address(page) +
3109 pinfo->nr_frags = nr_frags + 1 + skbinfo->nr_frags;
3111 frag->page.p = page;
3112 frag->page_offset = first_offset;
3113 skb_frag_size_set(frag, first_size);
3115 memcpy(frag + 1, skbinfo->frags, sizeof(*frag) * skbinfo->nr_frags);
3116 /* We dont need to clear skbinfo->nr_frags here */
3118 delta_truesize = skb->truesize - SKB_DATA_ALIGN(sizeof(struct sk_buff));
3119 NAPI_GRO_CB(skb)->free = NAPI_GRO_FREE_STOLEN_HEAD;
3122 if (pinfo->frag_list)
3124 if (skb_gro_len(p) != pinfo->gso_size)
3127 headroom = skb_headroom(p);
3128 nskb = alloc_skb(headroom + skb_gro_offset(p), GFP_ATOMIC);
3129 if (unlikely(!nskb))
3132 __copy_skb_header(nskb, p);
3133 nskb->mac_len = p->mac_len;
3135 skb_reserve(nskb, headroom);
3136 __skb_put(nskb, skb_gro_offset(p));
3138 skb_set_mac_header(nskb, skb_mac_header(p) - p->data);
3139 skb_set_network_header(nskb, skb_network_offset(p));
3140 skb_set_transport_header(nskb, skb_transport_offset(p));
3142 __skb_pull(p, skb_gro_offset(p));
3143 memcpy(skb_mac_header(nskb), skb_mac_header(p),
3144 p->data - skb_mac_header(p));
3146 skb_shinfo(nskb)->frag_list = p;
3147 skb_shinfo(nskb)->gso_size = pinfo->gso_size;
3148 pinfo->gso_size = 0;
3149 skb_header_release(p);
3150 NAPI_GRO_CB(nskb)->last = p;
3152 nskb->data_len += p->len;
3153 nskb->truesize += p->truesize;
3154 nskb->len += p->len;
3157 nskb->next = p->next;
3163 delta_truesize = skb->truesize;
3164 if (offset > headlen) {
3165 unsigned int eat = offset - headlen;
3167 skbinfo->frags[0].page_offset += eat;
3168 skb_frag_size_sub(&skbinfo->frags[0], eat);
3169 skb->data_len -= eat;
3174 __skb_pull(skb, offset);
3176 if (!NAPI_GRO_CB(p)->last)
3177 skb_shinfo(p)->frag_list = skb;
3179 NAPI_GRO_CB(p)->last->next = skb;
3180 NAPI_GRO_CB(p)->last = skb;
3181 skb_header_release(skb);
3185 NAPI_GRO_CB(p)->count++;
3187 p->truesize += delta_truesize;
3190 lp->data_len += len;
3191 lp->truesize += delta_truesize;
3194 NAPI_GRO_CB(skb)->same_flow = 1;
3197 EXPORT_SYMBOL_GPL(skb_gro_receive);
3199 void __init skb_init(void)
3201 skbuff_head_cache = kmem_cache_create("skbuff_head_cache",
3202 sizeof(struct sk_buff),
3204 SLAB_HWCACHE_ALIGN|SLAB_PANIC,
3206 skbuff_fclone_cache = kmem_cache_create("skbuff_fclone_cache",
3207 (2*sizeof(struct sk_buff)) +
3210 SLAB_HWCACHE_ALIGN|SLAB_PANIC,
3215 * skb_to_sgvec - Fill a scatter-gather list from a socket buffer
3216 * @skb: Socket buffer containing the buffers to be mapped
3217 * @sg: The scatter-gather list to map into
3218 * @offset: The offset into the buffer's contents to start mapping
3219 * @len: Length of buffer space to be mapped
3221 * Fill the specified scatter-gather list with mappings/pointers into a
3222 * region of the buffer space attached to a socket buffer.
3225 __skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len)
3227 int start = skb_headlen(skb);
3228 int i, copy = start - offset;
3229 struct sk_buff *frag_iter;
3235 sg_set_buf(sg, skb->data + offset, copy);
3237 if ((len -= copy) == 0)
3242 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
3245 WARN_ON(start > offset + len);
3247 end = start + skb_frag_size(&skb_shinfo(skb)->frags[i]);
3248 if ((copy = end - offset) > 0) {
3249 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
3253 sg_set_page(&sg[elt], skb_frag_page(frag), copy,
3254 frag->page_offset+offset-start);
3263 skb_walk_frags(skb, frag_iter) {
3266 WARN_ON(start > offset + len);
3268 end = start + frag_iter->len;
3269 if ((copy = end - offset) > 0) {
3272 elt += __skb_to_sgvec(frag_iter, sg+elt, offset - start,
3274 if ((len -= copy) == 0)
3284 int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len)
3286 int nsg = __skb_to_sgvec(skb, sg, offset, len);
3288 sg_mark_end(&sg[nsg - 1]);
3292 EXPORT_SYMBOL_GPL(skb_to_sgvec);
3295 * skb_cow_data - Check that a socket buffer's data buffers are writable
3296 * @skb: The socket buffer to check.
3297 * @tailbits: Amount of trailing space to be added
3298 * @trailer: Returned pointer to the skb where the @tailbits space begins
3300 * Make sure that the data buffers attached to a socket buffer are
3301 * writable. If they are not, private copies are made of the data buffers
3302 * and the socket buffer is set to use these instead.
3304 * If @tailbits is given, make sure that there is space to write @tailbits
3305 * bytes of data beyond current end of socket buffer. @trailer will be
3306 * set to point to the skb in which this space begins.
3308 * The number of scatterlist elements required to completely map the
3309 * COW'd and extended socket buffer will be returned.
3311 int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer)
3315 struct sk_buff *skb1, **skb_p;
3317 /* If skb is cloned or its head is paged, reallocate
3318 * head pulling out all the pages (pages are considered not writable
3319 * at the moment even if they are anonymous).
3321 if ((skb_cloned(skb) || skb_shinfo(skb)->nr_frags) &&
3322 __pskb_pull_tail(skb, skb_pagelen(skb)-skb_headlen(skb)) == NULL)
3325 /* Easy case. Most of packets will go this way. */
3326 if (!skb_has_frag_list(skb)) {
3327 /* A little of trouble, not enough of space for trailer.
3328 * This should not happen, when stack is tuned to generate
3329 * good frames. OK, on miss we reallocate and reserve even more
3330 * space, 128 bytes is fair. */
3332 if (skb_tailroom(skb) < tailbits &&
3333 pskb_expand_head(skb, 0, tailbits-skb_tailroom(skb)+128, GFP_ATOMIC))
3341 /* Misery. We are in troubles, going to mincer fragments... */
3344 skb_p = &skb_shinfo(skb)->frag_list;
3347 while ((skb1 = *skb_p) != NULL) {
3350 /* The fragment is partially pulled by someone,
3351 * this can happen on input. Copy it and everything
3354 if (skb_shared(skb1))
3357 /* If the skb is the last, worry about trailer. */
3359 if (skb1->next == NULL && tailbits) {
3360 if (skb_shinfo(skb1)->nr_frags ||
3361 skb_has_frag_list(skb1) ||
3362 skb_tailroom(skb1) < tailbits)
3363 ntail = tailbits + 128;
3369 skb_shinfo(skb1)->nr_frags ||
3370 skb_has_frag_list(skb1)) {
3371 struct sk_buff *skb2;
3373 /* Fuck, we are miserable poor guys... */
3375 skb2 = skb_copy(skb1, GFP_ATOMIC);
3377 skb2 = skb_copy_expand(skb1,
3381 if (unlikely(skb2 == NULL))
3385 skb_set_owner_w(skb2, skb1->sk);
3387 /* Looking around. Are we still alive?
3388 * OK, link new skb, drop old one */
3390 skb2->next = skb1->next;
3397 skb_p = &skb1->next;
3402 EXPORT_SYMBOL_GPL(skb_cow_data);
3404 static void sock_rmem_free(struct sk_buff *skb)
3406 struct sock *sk = skb->sk;
3408 atomic_sub(skb->truesize, &sk->sk_rmem_alloc);
3412 * Note: We dont mem charge error packets (no sk_forward_alloc changes)
3414 int sock_queue_err_skb(struct sock *sk, struct sk_buff *skb)
3418 if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >=
3419 (unsigned int)sk->sk_rcvbuf)
3424 skb->destructor = sock_rmem_free;
3425 atomic_add(skb->truesize, &sk->sk_rmem_alloc);
3427 /* before exiting rcu section, make sure dst is refcounted */
3430 skb_queue_tail(&sk->sk_error_queue, skb);
3431 if (!sock_flag(sk, SOCK_DEAD))
3432 sk->sk_data_ready(sk, len);
3435 EXPORT_SYMBOL(sock_queue_err_skb);
3437 void skb_tstamp_tx(struct sk_buff *orig_skb,
3438 struct skb_shared_hwtstamps *hwtstamps)
3440 struct sock *sk = orig_skb->sk;
3441 struct sock_exterr_skb *serr;
3442 struct sk_buff *skb;
3449 *skb_hwtstamps(orig_skb) =
3453 * no hardware time stamps available,
3454 * so keep the shared tx_flags and only
3455 * store software time stamp
3457 orig_skb->tstamp = ktime_get_real();
3460 skb = skb_clone(orig_skb, GFP_ATOMIC);
3464 serr = SKB_EXT_ERR(skb);
3465 memset(serr, 0, sizeof(*serr));
3466 serr->ee.ee_errno = ENOMSG;
3467 serr->ee.ee_origin = SO_EE_ORIGIN_TIMESTAMPING;
3469 err = sock_queue_err_skb(sk, skb);
3474 EXPORT_SYMBOL_GPL(skb_tstamp_tx);
3476 void skb_complete_wifi_ack(struct sk_buff *skb, bool acked)
3478 struct sock *sk = skb->sk;
3479 struct sock_exterr_skb *serr;
3482 skb->wifi_acked_valid = 1;
3483 skb->wifi_acked = acked;
3485 serr = SKB_EXT_ERR(skb);
3486 memset(serr, 0, sizeof(*serr));
3487 serr->ee.ee_errno = ENOMSG;
3488 serr->ee.ee_origin = SO_EE_ORIGIN_TXSTATUS;
3490 err = sock_queue_err_skb(sk, skb);
3494 EXPORT_SYMBOL_GPL(skb_complete_wifi_ack);
3498 * skb_partial_csum_set - set up and verify partial csum values for packet
3499 * @skb: the skb to set
3500 * @start: the number of bytes after skb->data to start checksumming.
3501 * @off: the offset from start to place the checksum.
3503 * For untrusted partially-checksummed packets, we need to make sure the values
3504 * for skb->csum_start and skb->csum_offset are valid so we don't oops.
3506 * This function checks and sets those values and skb->ip_summed: if this
3507 * returns false you should drop the packet.
3509 bool skb_partial_csum_set(struct sk_buff *skb, u16 start, u16 off)
3511 if (unlikely(start > skb_headlen(skb)) ||
3512 unlikely((int)start + off > skb_headlen(skb) - 2)) {
3513 net_warn_ratelimited("bad partial csum: csum=%u/%u len=%u\n",
3514 start, off, skb_headlen(skb));
3517 skb->ip_summed = CHECKSUM_PARTIAL;
3518 skb->csum_start = skb_headroom(skb) + start;
3519 skb->csum_offset = off;
3520 skb_set_transport_header(skb, start);
3523 EXPORT_SYMBOL_GPL(skb_partial_csum_set);
3525 static int skb_maybe_pull_tail(struct sk_buff *skb, unsigned int len,
3528 if (skb_headlen(skb) >= len)
3531 /* If we need to pullup then pullup to the max, so we
3532 * won't need to do it again.
3537 if (__pskb_pull_tail(skb, max - skb_headlen(skb)) == NULL)
3540 if (skb_headlen(skb) < len)
3546 /* This value should be large enough to cover a tagged ethernet header plus
3547 * maximally sized IP and TCP or UDP headers.
3549 #define MAX_IP_HDR_LEN 128
3551 static int skb_checksum_setup_ip(struct sk_buff *skb, bool recalculate)
3559 err = skb_maybe_pull_tail(skb,
3560 sizeof(struct iphdr),
3565 if (ip_hdr(skb)->frag_off & htons(IP_OFFSET | IP_MF))
3568 off = ip_hdrlen(skb);
3575 switch (ip_hdr(skb)->protocol) {
3577 err = skb_maybe_pull_tail(skb,
3578 off + sizeof(struct tcphdr),
3583 if (!skb_partial_csum_set(skb, off,
3584 offsetof(struct tcphdr, check))) {
3590 tcp_hdr(skb)->check =
3591 ~csum_tcpudp_magic(ip_hdr(skb)->saddr,
3597 err = skb_maybe_pull_tail(skb,
3598 off + sizeof(struct udphdr),
3603 if (!skb_partial_csum_set(skb, off,
3604 offsetof(struct udphdr, check))) {
3610 udp_hdr(skb)->check =
3611 ~csum_tcpudp_magic(ip_hdr(skb)->saddr,
3626 /* This value should be large enough to cover a tagged ethernet header plus
3627 * an IPv6 header, all options, and a maximal TCP or UDP header.
3629 #define MAX_IPV6_HDR_LEN 256
3631 #define OPT_HDR(type, skb, off) \
3632 (type *)(skb_network_header(skb) + (off))
3634 static int skb_checksum_setup_ipv6(struct sk_buff *skb, bool recalculate)
3646 off = sizeof(struct ipv6hdr);
3648 err = skb_maybe_pull_tail(skb, off, MAX_IPV6_HDR_LEN);
3652 nexthdr = ipv6_hdr(skb)->nexthdr;
3654 len = sizeof(struct ipv6hdr) + ntohs(ipv6_hdr(skb)->payload_len);
3655 while (off <= len && !done) {
3657 case IPPROTO_DSTOPTS:
3658 case IPPROTO_HOPOPTS:
3659 case IPPROTO_ROUTING: {
3660 struct ipv6_opt_hdr *hp;
3662 err = skb_maybe_pull_tail(skb,
3664 sizeof(struct ipv6_opt_hdr),
3669 hp = OPT_HDR(struct ipv6_opt_hdr, skb, off);
3670 nexthdr = hp->nexthdr;
3671 off += ipv6_optlen(hp);
3675 struct ip_auth_hdr *hp;
3677 err = skb_maybe_pull_tail(skb,
3679 sizeof(struct ip_auth_hdr),
3684 hp = OPT_HDR(struct ip_auth_hdr, skb, off);
3685 nexthdr = hp->nexthdr;
3686 off += ipv6_authlen(hp);
3689 case IPPROTO_FRAGMENT: {
3690 struct frag_hdr *hp;
3692 err = skb_maybe_pull_tail(skb,
3694 sizeof(struct frag_hdr),
3699 hp = OPT_HDR(struct frag_hdr, skb, off);
3701 if (hp->frag_off & htons(IP6_OFFSET | IP6_MF))
3704 nexthdr = hp->nexthdr;
3705 off += sizeof(struct frag_hdr);
3716 if (!done || fragment)
3721 err = skb_maybe_pull_tail(skb,
3722 off + sizeof(struct tcphdr),
3727 if (!skb_partial_csum_set(skb, off,
3728 offsetof(struct tcphdr, check))) {
3734 tcp_hdr(skb)->check =
3735 ~csum_ipv6_magic(&ipv6_hdr(skb)->saddr,
3736 &ipv6_hdr(skb)->daddr,
3741 err = skb_maybe_pull_tail(skb,
3742 off + sizeof(struct udphdr),
3747 if (!skb_partial_csum_set(skb, off,
3748 offsetof(struct udphdr, check))) {
3754 udp_hdr(skb)->check =
3755 ~csum_ipv6_magic(&ipv6_hdr(skb)->saddr,
3756 &ipv6_hdr(skb)->daddr,
3771 * skb_checksum_setup - set up partial checksum offset
3772 * @skb: the skb to set up
3773 * @recalculate: if true the pseudo-header checksum will be recalculated
3775 int skb_checksum_setup(struct sk_buff *skb, bool recalculate)
3779 switch (skb->protocol) {
3780 case htons(ETH_P_IP):
3781 err = skb_checksum_setup_ip(skb, recalculate);
3784 case htons(ETH_P_IPV6):
3785 err = skb_checksum_setup_ipv6(skb, recalculate);
3795 EXPORT_SYMBOL(skb_checksum_setup);
3797 void __skb_warn_lro_forwarding(const struct sk_buff *skb)
3799 net_warn_ratelimited("%s: received packets cannot be forwarded while LRO is enabled\n",
3802 EXPORT_SYMBOL(__skb_warn_lro_forwarding);
3804 void kfree_skb_partial(struct sk_buff *skb, bool head_stolen)
3807 skb_release_head_state(skb);
3808 kmem_cache_free(skbuff_head_cache, skb);
3813 EXPORT_SYMBOL(kfree_skb_partial);
3816 * skb_try_coalesce - try to merge skb to prior one
3818 * @from: buffer to add
3819 * @fragstolen: pointer to boolean
3820 * @delta_truesize: how much more was allocated than was requested
3822 bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
3823 bool *fragstolen, int *delta_truesize)
3825 int i, delta, len = from->len;
3827 *fragstolen = false;
3832 if (len <= skb_tailroom(to)) {
3833 BUG_ON(skb_copy_bits(from, 0, skb_put(to, len), len));
3834 *delta_truesize = 0;
3838 if (skb_has_frag_list(to) || skb_has_frag_list(from))
3841 if (skb_headlen(from) != 0) {
3843 unsigned int offset;
3845 if (skb_shinfo(to)->nr_frags +
3846 skb_shinfo(from)->nr_frags >= MAX_SKB_FRAGS)
3849 if (skb_head_is_locked(from))
3852 delta = from->truesize - SKB_DATA_ALIGN(sizeof(struct sk_buff));
3854 page = virt_to_head_page(from->head);
3855 offset = from->data - (unsigned char *)page_address(page);
3857 skb_fill_page_desc(to, skb_shinfo(to)->nr_frags,
3858 page, offset, skb_headlen(from));
3861 if (skb_shinfo(to)->nr_frags +
3862 skb_shinfo(from)->nr_frags > MAX_SKB_FRAGS)
3865 delta = from->truesize - SKB_TRUESIZE(skb_end_offset(from));
3868 WARN_ON_ONCE(delta < len);
3870 memcpy(skb_shinfo(to)->frags + skb_shinfo(to)->nr_frags,
3871 skb_shinfo(from)->frags,
3872 skb_shinfo(from)->nr_frags * sizeof(skb_frag_t));
3873 skb_shinfo(to)->nr_frags += skb_shinfo(from)->nr_frags;
3875 if (!skb_cloned(from))
3876 skb_shinfo(from)->nr_frags = 0;
3878 /* if the skb is not cloned this does nothing
3879 * since we set nr_frags to 0.
3881 for (i = 0; i < skb_shinfo(from)->nr_frags; i++)
3882 skb_frag_ref(from, i);
3884 to->truesize += delta;
3886 to->data_len += len;
3888 *delta_truesize = delta;
3891 EXPORT_SYMBOL(skb_try_coalesce);
3894 * skb_scrub_packet - scrub an skb
3896 * @skb: buffer to clean
3897 * @xnet: packet is crossing netns
3899 * skb_scrub_packet can be used after encapsulating or decapsulting a packet
3900 * into/from a tunnel. Some information have to be cleared during these
3902 * skb_scrub_packet can also be used to clean a skb before injecting it in
3903 * another namespace (@xnet == true). We have to clear all information in the
3904 * skb that could impact namespace isolation.
3906 void skb_scrub_packet(struct sk_buff *skb, bool xnet)
3910 skb->tstamp.tv64 = 0;
3911 skb->pkt_type = PACKET_HOST;
3918 nf_reset_trace(skb);
3920 EXPORT_SYMBOL_GPL(skb_scrub_packet);
3923 * skb_gso_transport_seglen - Return length of individual segments of a gso packet
3927 * skb_gso_transport_seglen is used to determine the real size of the
3928 * individual segments, including Layer4 headers (TCP/UDP).
3930 * The MAC/L2 or network (IP, IPv6) headers are not accounted for.
3932 unsigned int skb_gso_transport_seglen(const struct sk_buff *skb)
3934 const struct skb_shared_info *shinfo = skb_shinfo(skb);
3935 unsigned int hdr_len;
3937 if (likely(shinfo->gso_type & (SKB_GSO_TCPV4 | SKB_GSO_TCPV6)))
3938 hdr_len = tcp_hdrlen(skb);
3940 hdr_len = sizeof(struct udphdr);
3941 return hdr_len + shinfo->gso_size;
3943 EXPORT_SYMBOL_GPL(skb_gso_transport_seglen);
projects / ~andy / linux / blob