Blame - net/netfilter/ipvs/ip_vs_xmit.c - kernel/msm-4.9

blob: c942d36e38a57a24a9485220e8969120c6f70bcc [file] [log] [blame]

Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1	/*
				2	* ip_vs_xmit.c: various packet transmitters for IPVS
				3	*
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	4	* Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
				5	* Julian Anastasov <ja@ssi.bg>
				6	*
				7	* This program is free software; you can redistribute it and/or
				8	* modify it under the terms of the GNU General Public License
				9	* as published by the Free Software Foundation; either version
				10	* 2 of the License, or (at your option) any later version.
				11	*
				12	* Changes:
				13	*
Julian Anastasov	cb59155	2010-10-17 16:40:51 +0300	[diff] [blame]	14	* Description of forwarding methods:
				15	* - all transmitters are called from LOCAL_IN (remote clients) and
				16	* LOCAL_OUT (local clients) but for ICMP can be called from FORWARD
				17	* - not all connections have destination server, for example,
				18	* connections in backup server when fwmark is used
				19	* - bypass connections use daddr from packet
				20	* LOCAL_OUT rules:
				21	* - skb->dev is NULL, skb->protocol is not set (both are set in POST_ROUTING)
				22	* - skb->pkt_type is not set yet
				23	* - the only place where we can see skb->sk != NULL
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	24	*/
				25
Hannes Eder	9aada7a	2009-07-30 14:29:44 -0700	[diff] [blame]	26	#define KMSG_COMPONENT "IPVS"
				27	#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
				28
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	29	#include <linux/kernel.h>
Tejun Heo	5a0e3ad	2010-03-24 17:04:11 +0900	[diff] [blame]	30	#include <linux/slab.h>
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	31	#include <linux/tcp.h> /* for tcphdr */
Herbert Xu	c439cb2	2008-01-11 19:14:00 -0800	[diff] [blame]	32	#include <net/ip.h>
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	33	#include <net/tcp.h> /* for csum_tcpudp_magic */
				34	#include <net/udp.h>
				35	#include <net/icmp.h> /* for icmp_send */
				36	#include <net/route.h> /* for ip_route_output */
Julius Volz	38cdcc9	2008-09-02 15:55:44 +0200	[diff] [blame]	37	#include <net/ipv6.h>
				38	#include <net/ip6_route.h>
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	39	#include <net/addrconf.h>
Julius Volz	38cdcc9	2008-09-02 15:55:44 +0200	[diff] [blame]	40	#include <linux/icmpv6.h>
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	41	#include <linux/netfilter.h>
				42	#include <linux/netfilter_ipv4.h>
				43
				44	#include <net/ip_vs.h>
				45
Changli Gao	17a8f8e	2011-02-24 08:19:57 +0800	[diff] [blame]	46	enum {
				47	IP_VS_RT_MODE_LOCAL = 1, /* Allow local dest */
				48	IP_VS_RT_MODE_NON_LOCAL = 2, /* Allow non-local dest */
				49	IP_VS_RT_MODE_RDR = 4, /* Allow redirect from remote daddr to
				50	* local
				51	*/
Julian Anastasov	f2edb9f	2012-07-20 11:59:52 +0300	[diff] [blame]	52	IP_VS_RT_MODE_CONNECT = 8, /* Always bind route to saddr */
Julian Anastasov	ad4d3ef	2012-10-08 11:41:20 +0000	[diff] [blame]	53	IP_VS_RT_MODE_KNOWN_NH = 16,/* Route via remote addr */
Changli Gao	17a8f8e	2011-02-24 08:19:57 +0800	[diff] [blame]	54	};
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	55
				56	/*
				57	* Destination cache to speed up outgoing route lookup
				58	*/
				59	static inline void
Julian Anastasov	c90558d	2013-03-21 11:57:59 +0200	[diff] [blame]	60	__ip_vs_dst_set(struct ip_vs_dest dest, struct dst_entry dst, u32 dst_cookie)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	61	{
				62	struct dst_entry *old_dst;
				63
				64	old_dst = dest->dst_cache;
				65	dest->dst_cache = dst;
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	66	dest->dst_cookie = dst_cookie;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	67	dst_release(old_dst);
				68	}
				69
				70	static inline struct dst_entry *
Julian Anastasov	c90558d	2013-03-21 11:57:59 +0200	[diff] [blame]	71	__ip_vs_dst_check(struct ip_vs_dest *dest)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	72	{
				73	struct dst_entry *dst = dest->dst_cache;
				74
				75	if (!dst)
				76	return NULL;
Julian Anastasov	c90558d	2013-03-21 11:57:59 +0200	[diff] [blame]	77	if (dst->obsolete && dst->ops->check(dst, dest->dst_cookie) == NULL) {
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	78	dest->dst_cache = NULL;
				79	dst_release(dst);
				80	return NULL;
				81	}
				82	dst_hold(dst);
				83	return dst;
				84	}
				85
Jesper Dangaard Brouer	590e3f7	2012-08-28 22:05:51 +0200	[diff] [blame]	86	static inline bool
				87	__mtu_check_toobig_v6(const struct sk_buff *skb, u32 mtu)
				88	{
Patrick McHardy	4cdd3408	2012-08-26 19:13:58 +0200	[diff] [blame]	89	if (IP6CB(skb)->frag_max_size) {
				90	/* frag_max_size tell us that, this packet have been
				91	* defragmented by netfilter IPv6 conntrack module.
				92	*/
				93	if (IP6CB(skb)->frag_max_size > mtu)
				94	return true; /* largest fragment violate MTU */
				95	}
				96	else if (skb->len > mtu && !skb_is_gso(skb)) {
Jesper Dangaard Brouer	590e3f7	2012-08-28 22:05:51 +0200	[diff] [blame]	97	return true; /* Packet size violate MTU size */
				98	}
				99	return false;
				100	}
				101
Julian Anastasov	f2edb9f	2012-07-20 11:59:52 +0300	[diff] [blame]	102	/* Get route to daddr, update saddr, optionally bind route to saddr /
				103	static struct rtable do_output_route4(struct net net, __be32 daddr,
Julian Anastasov	c90558d	2013-03-21 11:57:59 +0200	[diff] [blame]	104	int rt_mode, __be32 *saddr)
Julian Anastasov	f2edb9f	2012-07-20 11:59:52 +0300	[diff] [blame]	105	{
				106	struct flowi4 fl4;
				107	struct rtable *rt;
				108	int loop = 0;
				109
				110	memset(&fl4, 0, sizeof(fl4));
				111	fl4.daddr = daddr;
				112	fl4.saddr = (rt_mode & IP_VS_RT_MODE_CONNECT) ? *saddr : 0;
Julian Anastasov	ad4d3ef	2012-10-08 11:41:20 +0000	[diff] [blame]	113	fl4.flowi4_flags = (rt_mode & IP_VS_RT_MODE_KNOWN_NH) ?
				114	FLOWI_FLAG_KNOWN_NH : 0;
Julian Anastasov	f2edb9f	2012-07-20 11:59:52 +0300	[diff] [blame]	115
				116	retry:
				117	rt = ip_route_output_key(net, &fl4);
				118	if (IS_ERR(rt)) {
				119	/* Invalid saddr ? */
				120	if (PTR_ERR(rt) == -EINVAL && *saddr &&
				121	rt_mode & IP_VS_RT_MODE_CONNECT && !loop) {
				122	*saddr = 0;
Julian Anastasov	c90558d	2013-03-21 11:57:59 +0200	[diff] [blame]	123	flowi4_update_output(&fl4, 0, 0, daddr, 0);
Julian Anastasov	f2edb9f	2012-07-20 11:59:52 +0300	[diff] [blame]	124	goto retry;
				125	}
				126	IP_VS_DBG_RL("ip_route_output error, dest: %pI4\n", &daddr);
				127	return NULL;
				128	} else if (!*saddr && rt_mode & IP_VS_RT_MODE_CONNECT && fl4.saddr) {
				129	ip_rt_put(rt);
				130	*saddr = fl4.saddr;
Julian Anastasov	c90558d	2013-03-21 11:57:59 +0200	[diff] [blame]	131	flowi4_update_output(&fl4, 0, 0, daddr, fl4.saddr);
Julian Anastasov	f2edb9f	2012-07-20 11:59:52 +0300	[diff] [blame]	132	loop++;
				133	goto retry;
				134	}
				135	*saddr = fl4.saddr;
				136	return rt;
				137	}
				138
Changli Gao	17a8f8e	2011-02-24 08:19:57 +0800	[diff] [blame]	139	/* Get route to destination or remote server */
Ilpo Järvinen	ad1b30b	2008-01-05 23:12:40 -0800	[diff] [blame]	140	static struct rtable *
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	141	__ip_vs_get_out_rt(struct sk_buff skb, struct ip_vs_dest dest,
Julian Anastasov	c90558d	2013-03-21 11:57:59 +0200	[diff] [blame]	142	__be32 daddr, int rt_mode, __be32 *ret_saddr)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	143	{
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	144	struct net *net = dev_net(skb_dst(skb)->dev);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	145	struct rtable rt; / Route to the other host */
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	146	struct rtable ort; / Original route */
				147	int local;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	148
				149	if (dest) {
				150	spin_lock(&dest->dst_lock);
Julian Anastasov	c90558d	2013-03-21 11:57:59 +0200	[diff] [blame]	151	rt = (struct rtable *) __ip_vs_dst_check(dest);
				152	if (!rt) {
				153	rt = do_output_route4(net, dest->addr.ip, rt_mode,
				154	&dest->dst_saddr.ip);
Julian Anastasov	f2edb9f	2012-07-20 11:59:52 +0300	[diff] [blame]	155	if (!rt) {
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	156	spin_unlock(&dest->dst_lock);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	157	return NULL;
				158	}
Julian Anastasov	c90558d	2013-03-21 11:57:59 +0200	[diff] [blame]	159	__ip_vs_dst_set(dest, dst_clone(&rt->dst), 0);
				160	IP_VS_DBG(10, "new dst %pI4, src %pI4, refcnt=%d\n",
Julian Anastasov	c92f5ca	2011-05-10 12:46:05 +0000	[diff] [blame]	161	&dest->addr.ip, &dest->dst_saddr.ip,
Julian Anastasov	c90558d	2013-03-21 11:57:59 +0200	[diff] [blame]	162	atomic_read(&rt->dst.__refcnt));
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	163	}
David S. Miller	44e3125	2011-05-09 14:38:06 -0700	[diff] [blame]	164	daddr = dest->addr.ip;
Julian Anastasov	c92f5ca	2011-05-10 12:46:05 +0000	[diff] [blame]	165	if (ret_saddr)
				166	*ret_saddr = dest->dst_saddr.ip;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	167	spin_unlock(&dest->dst_lock);
				168	} else {
Julian Anastasov	f2edb9f	2012-07-20 11:59:52 +0300	[diff] [blame]	169	__be32 saddr = htonl(INADDR_ANY);
Julian Anastasov	c92f5ca	2011-05-10 12:46:05 +0000	[diff] [blame]	170
Julian Anastasov	f2edb9f	2012-07-20 11:59:52 +0300	[diff] [blame]	171	/* For such unconfigured boxes avoid many route lookups
				172	* for performance reasons because we do not remember saddr
				173	*/
				174	rt_mode &= ~IP_VS_RT_MODE_CONNECT;
Julian Anastasov	c90558d	2013-03-21 11:57:59 +0200	[diff] [blame]	175	rt = do_output_route4(net, daddr, rt_mode, &saddr);
Julian Anastasov	f2edb9f	2012-07-20 11:59:52 +0300	[diff] [blame]	176	if (!rt)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	177	return NULL;
Julian Anastasov	c92f5ca	2011-05-10 12:46:05 +0000	[diff] [blame]	178	if (ret_saddr)
Julian Anastasov	f2edb9f	2012-07-20 11:59:52 +0300	[diff] [blame]	179	*ret_saddr = saddr;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	180	}
				181
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	182	local = rt->rt_flags & RTCF_LOCAL;
Changli Gao	17a8f8e	2011-02-24 08:19:57 +0800	[diff] [blame]	183	if (!((local ? IP_VS_RT_MODE_LOCAL : IP_VS_RT_MODE_NON_LOCAL) &
				184	rt_mode)) {
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	185	IP_VS_DBG_RL("Stopping traffic to %s address, dest: %pI4\n",
				186	(rt->rt_flags & RTCF_LOCAL) ?
David S. Miller	44e3125	2011-05-09 14:38:06 -0700	[diff] [blame]	187	"local":"non-local", &daddr);
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	188	ip_rt_put(rt);
				189	return NULL;
				190	}
Changli Gao	17a8f8e	2011-02-24 08:19:57 +0800	[diff] [blame]	191	if (local && !(rt_mode & IP_VS_RT_MODE_RDR) &&
				192	!((ort = skb_rtable(skb)) && ort->rt_flags & RTCF_LOCAL)) {
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	193	IP_VS_DBG_RL("Redirect from non-local address %pI4 to local "
				194	"requires NAT method, dest: %pI4\n",
David S. Miller	44e3125	2011-05-09 14:38:06 -0700	[diff] [blame]	195	&ip_hdr(skb)->daddr, &daddr);
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	196	ip_rt_put(rt);
				197	return NULL;
				198	}
				199	if (unlikely(!local && ipv4_is_loopback(ip_hdr(skb)->saddr))) {
				200	IP_VS_DBG_RL("Stopping traffic from loopback address %pI4 "
				201	"to non-local address, dest: %pI4\n",
David S. Miller	44e3125	2011-05-09 14:38:06 -0700	[diff] [blame]	202	&ip_hdr(skb)->saddr, &daddr);
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	203	ip_rt_put(rt);
				204	return NULL;
				205	}
				206
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	207	return rt;
				208	}
				209
Julius Volz	38cdcc9	2008-09-02 15:55:44 +0200	[diff] [blame]	210	#ifdef CONFIG_IP_VS_IPV6
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	211
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	212	static inline int __ip_vs_is_local_route6(struct rt6_info *rt)
				213	{
David S. Miller	d191854	2011-12-28 20:19:20 -0500	[diff] [blame]	214	return rt->dst.dev && rt->dst.dev->flags & IFF_LOOPBACK;
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	215	}
				216
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	217	static struct dst_entry *
				218	__ip_vs_route_output_v6(struct net net, struct in6_addr daddr,
				219	struct in6_addr *ret_saddr, int do_xfrm)
Julius Volz	38cdcc9	2008-09-02 15:55:44 +0200	[diff] [blame]	220	{
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	221	struct dst_entry *dst;
David S. Miller	4c9483b	2011-03-12 16:22:43 -0500	[diff] [blame]	222	struct flowi6 fl6 = {
				223	.daddr = *daddr,
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	224	};
				225
David S. Miller	4c9483b	2011-03-12 16:22:43 -0500	[diff] [blame]	226	dst = ip6_route_output(net, NULL, &fl6);
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	227	if (dst->error)
				228	goto out_err;
				229	if (!ret_saddr)
				230	return dst;
David S. Miller	4c9483b	2011-03-12 16:22:43 -0500	[diff] [blame]	231	if (ipv6_addr_any(&fl6.saddr) &&
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	232	ipv6_dev_get_saddr(net, ip6_dst_idev(dst)->dev,
David S. Miller	4c9483b	2011-03-12 16:22:43 -0500	[diff] [blame]	233	&fl6.daddr, 0, &fl6.saddr) < 0)
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	234	goto out_err;
David S. Miller	452edd5	2011-03-02 13:27:41 -0800	[diff] [blame]	235	if (do_xfrm) {
David S. Miller	4c9483b	2011-03-12 16:22:43 -0500	[diff] [blame]	236	dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
David S. Miller	452edd5	2011-03-02 13:27:41 -0800	[diff] [blame]	237	if (IS_ERR(dst)) {
				238	dst = NULL;
				239	goto out_err;
				240	}
				241	}
Alexey Dobriyan	4e3fd7a	2011-11-21 03:39:03 +0000	[diff] [blame]	242	*ret_saddr = fl6.saddr;
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	243	return dst;
				244
				245	out_err:
				246	dst_release(dst);
				247	IP_VS_DBG_RL("ip6_route_output error, dest: %pI6\n", daddr);
				248	return NULL;
				249	}
				250
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	251	/*
				252	* Get route to destination or remote server
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	253	*/
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	254	static struct rt6_info *
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	255	__ip_vs_get_out_rt_v6(struct sk_buff skb, struct ip_vs_dest dest,
				256	struct in6_addr daddr, struct in6_addr ret_saddr,
				257	int do_xfrm, int rt_mode)
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	258	{
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	259	struct net *net = dev_net(skb_dst(skb)->dev);
Julius Volz	38cdcc9	2008-09-02 15:55:44 +0200	[diff] [blame]	260	struct rt6_info rt; / Route to the other host */
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	261	struct rt6_info ort; / Original route */
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	262	struct dst_entry *dst;
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	263	int local;
Julius Volz	38cdcc9	2008-09-02 15:55:44 +0200	[diff] [blame]	264
				265	if (dest) {
				266	spin_lock(&dest->dst_lock);
Julian Anastasov	c90558d	2013-03-21 11:57:59 +0200	[diff] [blame]	267	rt = (struct rt6_info *)__ip_vs_dst_check(dest);
Julius Volz	38cdcc9	2008-09-02 15:55:44 +0200	[diff] [blame]	268	if (!rt) {
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	269	u32 cookie;
Julius Volz	38cdcc9	2008-09-02 15:55:44 +0200	[diff] [blame]	270
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	271	dst = __ip_vs_route_output_v6(net, &dest->addr.in6,
Julian Anastasov	c92f5ca	2011-05-10 12:46:05 +0000	[diff] [blame]	272	&dest->dst_saddr.in6,
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	273	do_xfrm);
				274	if (!dst) {
Julius Volz	38cdcc9	2008-09-02 15:55:44 +0200	[diff] [blame]	275	spin_unlock(&dest->dst_lock);
Julius Volz	38cdcc9	2008-09-02 15:55:44 +0200	[diff] [blame]	276	return NULL;
				277	}
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	278	rt = (struct rt6_info *) dst;
				279	cookie = rt->rt6i_node ? rt->rt6i_node->fn_sernum : 0;
Julian Anastasov	c90558d	2013-03-21 11:57:59 +0200	[diff] [blame]	280	__ip_vs_dst_set(dest, dst_clone(&rt->dst), cookie);
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	281	IP_VS_DBG(10, "new dst %pI6, src %pI6, refcnt=%d\n",
Julian Anastasov	c92f5ca	2011-05-10 12:46:05 +0000	[diff] [blame]	282	&dest->addr.in6, &dest->dst_saddr.in6,
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	283	atomic_read(&rt->dst.__refcnt));
Julius Volz	38cdcc9	2008-09-02 15:55:44 +0200	[diff] [blame]	284	}
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	285	if (ret_saddr)
Alexey Dobriyan	4e3fd7a	2011-11-21 03:39:03 +0000	[diff] [blame]	286	*ret_saddr = dest->dst_saddr.in6;
Julius Volz	38cdcc9	2008-09-02 15:55:44 +0200	[diff] [blame]	287	spin_unlock(&dest->dst_lock);
				288	} else {
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	289	dst = __ip_vs_route_output_v6(net, daddr, ret_saddr, do_xfrm);
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	290	if (!dst)
Julius Volz	38cdcc9	2008-09-02 15:55:44 +0200	[diff] [blame]	291	return NULL;
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	292	rt = (struct rt6_info *) dst;
Julius Volz	38cdcc9	2008-09-02 15:55:44 +0200	[diff] [blame]	293	}
				294
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	295	local = __ip_vs_is_local_route6(rt);
David S. Miller	e58b344	2011-05-12 18:22:34 -0400	[diff] [blame]	296	if (!((local ? IP_VS_RT_MODE_LOCAL : IP_VS_RT_MODE_NON_LOCAL) &
				297	rt_mode)) {
Jesper Dangaard Brouer	120b9c1	2012-09-26 14:05:53 +0200	[diff] [blame]	298	IP_VS_DBG_RL("Stopping traffic to %s address, dest: %pI6c\n",
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	299	local ? "local":"non-local", daddr);
				300	dst_release(&rt->dst);
				301	return NULL;
				302	}
David S. Miller	e58b344	2011-05-12 18:22:34 -0400	[diff] [blame]	303	if (local && !(rt_mode & IP_VS_RT_MODE_RDR) &&
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	304	!((ort = (struct rt6_info *) skb_dst(skb)) &&
				305	__ip_vs_is_local_route6(ort))) {
Jesper Dangaard Brouer	120b9c1	2012-09-26 14:05:53 +0200	[diff] [blame]	306	IP_VS_DBG_RL("Redirect from non-local address %pI6c to local "
				307	"requires NAT method, dest: %pI6c\n",
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	308	&ipv6_hdr(skb)->daddr, daddr);
				309	dst_release(&rt->dst);
				310	return NULL;
				311	}
				312	if (unlikely(!local && (!skb->dev \|\| skb->dev->flags & IFF_LOOPBACK) &&
				313	ipv6_addr_type(&ipv6_hdr(skb)->saddr) &
				314	IPV6_ADDR_LOOPBACK)) {
Jesper Dangaard Brouer	120b9c1	2012-09-26 14:05:53 +0200	[diff] [blame]	315	IP_VS_DBG_RL("Stopping traffic from loopback address %pI6c "
				316	"to non-local address, dest: %pI6c\n",
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	317	&ipv6_hdr(skb)->saddr, daddr);
				318	dst_release(&rt->dst);
				319	return NULL;
				320	}
				321
Julius Volz	38cdcc9	2008-09-02 15:55:44 +0200	[diff] [blame]	322	return rt;
				323	}
				324	#endif
				325
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	326
Julian Anastasov	b8abdf0	2013-03-21 11:58:01 +0200	[diff] [blame]	327	/* return NF_ACCEPT to allow forwarding or other NF_xxx on error */
				328	static inline int ip_vs_tunnel_xmit_prepare(struct sk_buff *skb,
				329	struct ip_vs_conn *cp)
				330	{
				331	int ret = NF_ACCEPT;
Julian Anastasov	f4bc17c	2010-09-21 17:35:41 +0200	[diff] [blame]	332
Julian Anastasov	b8abdf0	2013-03-21 11:58:01 +0200	[diff] [blame]	333	skb->ipvs_property = 1;
				334	if (unlikely(cp->flags & IP_VS_CONN_F_NFCT))
				335	ret = ip_vs_confirm_conntrack(skb);
				336	if (ret == NF_ACCEPT) {
				337	nf_reset(skb);
				338	skb_forward_csum(skb);
				339	}
				340	return ret;
				341	}
Julian Anastasov	f4bc17c	2010-09-21 17:35:41 +0200	[diff] [blame]	342
Julian Anastasov	b8abdf0	2013-03-21 11:58:01 +0200	[diff] [blame]	343	/* return NF_STOLEN (sent) or NF_ACCEPT if local=1 (not sent) */
				344	static inline int ip_vs_nat_send_or_cont(int pf, struct sk_buff *skb,
				345	struct ip_vs_conn *cp, int local)
				346	{
				347	int ret = NF_STOLEN;
				348
				349	skb->ipvs_property = 1;
				350	if (likely(!(cp->flags & IP_VS_CONN_F_NFCT)))
				351	ip_vs_notrack(skb);
				352	else
				353	ip_vs_update_conntrack(skb, cp, 1);
				354	if (!local) {
				355	skb_forward_csum(skb);
				356	NF_HOOK(pf, NF_INET_LOCAL_OUT, skb, NULL, skb_dst(skb)->dev,
				357	dst_output);
				358	} else
				359	ret = NF_ACCEPT;
				360	return ret;
				361	}
				362
				363	/* return NF_STOLEN (sent) or NF_ACCEPT if local=1 (not sent) */
				364	static inline int ip_vs_send_or_cont(int pf, struct sk_buff *skb,
				365	struct ip_vs_conn *cp, int local)
				366	{
				367	int ret = NF_STOLEN;
				368
				369	skb->ipvs_property = 1;
				370	if (likely(!(cp->flags & IP_VS_CONN_F_NFCT)))
				371	ip_vs_notrack(skb);
				372	if (!local) {
				373	skb_forward_csum(skb);
				374	NF_HOOK(pf, NF_INET_LOCAL_OUT, skb, NULL, skb_dst(skb)->dev,
				375	dst_output);
				376	} else
				377	ret = NF_ACCEPT;
				378	return ret;
				379	}
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	380
				381
				382	/*
				383	* NULL transmitter (do nothing except return NF_ACCEPT)
				384	*/
				385	int
				386	ip_vs_null_xmit(struct sk_buff skb, struct ip_vs_conn cp,
Jesper Dangaard Brouer	d4383f0	2012-09-26 14:07:17 +0200	[diff] [blame]	387	struct ip_vs_protocol pp, struct ip_vs_iphdr ipvsh)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	388	{
				389	/* we do not touch skb and do not need pskb ptr */
Julian Anastasov	b8abdf0	2013-03-21 11:58:01 +0200	[diff] [blame]	390	return ip_vs_send_or_cont(NFPROTO_IPV4, skb, cp, 1);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	391	}
				392
				393
				394	/*
				395	* Bypass transmitter
				396	* Let packets bypass the destination when the destination is not
				397	* available, it may be only used in transparent cache cluster.
				398	*/
				399	int
				400	ip_vs_bypass_xmit(struct sk_buff skb, struct ip_vs_conn cp,
Jesper Dangaard Brouer	d4383f0	2012-09-26 14:07:17 +0200	[diff] [blame]	401	struct ip_vs_protocol pp, struct ip_vs_iphdr ipvsh)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	402	{
				403	struct rtable rt; / Route to the other host */
Arnaldo Carvalho de Melo	eddc9ec	2007-04-20 22:47:35 -0700	[diff] [blame]	404	struct iphdr *iph = ip_hdr(skb);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	405	int mtu;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	406
				407	EnterFunction(10);
				408
Julian Anastasov	c90558d	2013-03-21 11:57:59 +0200	[diff] [blame]	409	rt = __ip_vs_get_out_rt(skb, NULL, iph->daddr, IP_VS_RT_MODE_NON_LOCAL,
				410	NULL);
				411	if (!rt)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	412	goto tx_error_icmp;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	413
				414	/* MTU checking */
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	415	mtu = dst_mtu(&rt->dst);
Simon Horman	8f1b03a	2010-11-09 10:08:49 +0900	[diff] [blame]	416	if ((skb->len > mtu) && (iph->frag_off & htons(IP_DF)) &&
				417	!skb_is_gso(skb)) {
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	418	ip_rt_put(rt);
				419	icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu));
Hannes Eder	1e3e238	2009-08-02 11:05:41 +0000	[diff] [blame]	420	IP_VS_DBG_RL("%s(): frag needed\n", __func__);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	421	goto tx_error;
				422	}
				423
				424	/*
				425	* Call ip_send_check because we are not sure it is called
				426	* after ip_defrag. Is copy-on-write needed?
				427	*/
				428	if (unlikely((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)) {
				429	ip_rt_put(rt);
				430	return NF_STOLEN;
				431	}
Arnaldo Carvalho de Melo	eddc9ec	2007-04-20 22:47:35 -0700	[diff] [blame]	432	ip_send_check(ip_hdr(skb));
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	433
				434	/* drop old route */
Eric Dumazet	adf3090	2009-06-02 05:19:30 +0000	[diff] [blame]	435	skb_dst_drop(skb);
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	436	skb_dst_set(skb, &rt->dst);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	437
				438	/* Another hack: avoid icmp_send in ip_fragment */
				439	skb->local_df = 1;
				440
Julian Anastasov	b8abdf0	2013-03-21 11:58:01 +0200	[diff] [blame]	441	ip_vs_send_or_cont(NFPROTO_IPV4, skb, cp, 0);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	442
				443	LeaveFunction(10);
				444	return NF_STOLEN;
				445
				446	tx_error_icmp:
				447	dst_link_failure(skb);
				448	tx_error:
				449	kfree_skb(skb);
				450	LeaveFunction(10);
				451	return NF_STOLEN;
				452	}
				453
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	454	#ifdef CONFIG_IP_VS_IPV6
				455	int
				456	ip_vs_bypass_xmit_v6(struct sk_buff skb, struct ip_vs_conn cp,
Jesper Dangaard Brouer	d4383f0	2012-09-26 14:07:17 +0200	[diff] [blame]	457	struct ip_vs_protocol pp, struct ip_vs_iphdr iph)
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	458	{
				459	struct rt6_info rt; / Route to the other host */
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	460	int mtu;
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	461
				462	EnterFunction(10);
				463
Jesper Dangaard Brouer	d4383f0	2012-09-26 14:07:17 +0200	[diff] [blame]	464	rt = __ip_vs_get_out_rt_v6(skb, NULL, &iph->daddr.in6, NULL, 0,
Jesper Dangaard Brouer	2f74713	2012-09-26 14:06:59 +0200	[diff] [blame]	465	IP_VS_RT_MODE_NON_LOCAL);
				466	if (!rt)
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	467	goto tx_error_icmp;
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	468
				469	/* MTU checking */
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	470	mtu = dst_mtu(&rt->dst);
Jesper Dangaard Brouer	590e3f7	2012-08-28 22:05:51 +0200	[diff] [blame]	471	if (__mtu_check_toobig_v6(skb, mtu)) {
Julian Anastasov	cb59155	2010-10-17 16:40:51 +0300	[diff] [blame]	472	if (!skb->dev) {
				473	struct net *net = dev_net(skb_dst(skb)->dev);
				474
				475	skb->dev = net->loopback_dev;
				476	}
Jesper Dangaard Brouer	2f74713	2012-09-26 14:06:59 +0200	[diff] [blame]	477	/* only send ICMP too big on first fragment */
Jesper Dangaard Brouer	d4383f0	2012-09-26 14:07:17 +0200	[diff] [blame]	478	if (!iph->fragoffs)
Jesper Dangaard Brouer	2f74713	2012-09-26 14:06:59 +0200	[diff] [blame]	479	icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
Julian Anastasov	cb59155	2010-10-17 16:40:51 +0300	[diff] [blame]	480	dst_release(&rt->dst);
Hannes Eder	1e3e238	2009-08-02 11:05:41 +0000	[diff] [blame]	481	IP_VS_DBG_RL("%s(): frag needed\n", __func__);
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	482	goto tx_error;
				483	}
				484
				485	/*
				486	* Call ip_send_check because we are not sure it is called
				487	* after ip_defrag. Is copy-on-write needed?
				488	*/
				489	skb = skb_share_check(skb, GFP_ATOMIC);
				490	if (unlikely(skb == NULL)) {
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	491	dst_release(&rt->dst);
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	492	return NF_STOLEN;
				493	}
				494
				495	/* drop old route */
Eric Dumazet	adf3090	2009-06-02 05:19:30 +0000	[diff] [blame]	496	skb_dst_drop(skb);
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	497	skb_dst_set(skb, &rt->dst);
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	498
				499	/* Another hack: avoid icmp_send in ip_fragment */
				500	skb->local_df = 1;
				501
Julian Anastasov	b8abdf0	2013-03-21 11:58:01 +0200	[diff] [blame]	502	ip_vs_send_or_cont(NFPROTO_IPV6, skb, cp, 0);
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	503
				504	LeaveFunction(10);
				505	return NF_STOLEN;
				506
				507	tx_error_icmp:
				508	dst_link_failure(skb);
				509	tx_error:
				510	kfree_skb(skb);
				511	LeaveFunction(10);
				512	return NF_STOLEN;
				513	}
				514	#endif
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	515
				516	/*
				517	* NAT transmitter (only for outside-to-inside nat forwarding)
				518	* Not used for related ICMP
				519	*/
				520	int
				521	ip_vs_nat_xmit(struct sk_buff skb, struct ip_vs_conn cp,
Jesper Dangaard Brouer	d4383f0	2012-09-26 14:07:17 +0200	[diff] [blame]	522	struct ip_vs_protocol pp, struct ip_vs_iphdr ipvsh)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	523	{
				524	struct rtable rt; / Route to the other host */
				525	int mtu;
Arnaldo Carvalho de Melo	eddc9ec	2007-04-20 22:47:35 -0700	[diff] [blame]	526	struct iphdr *iph = ip_hdr(skb);
Julian Anastasov	b8abdf0	2013-03-21 11:58:01 +0200	[diff] [blame]	527	int local, rc;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	528
				529	EnterFunction(10);
				530
				531	/* check if it is a connection of no-client-port */
				532	if (unlikely(cp->flags & IP_VS_CONN_F_NO_CPORT)) {
Al Viro	014d730	2006-09-28 14:29:52 -0700	[diff] [blame]	533	__be16 _pt, *p;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	534	p = skb_header_pointer(skb, iph->ihl*4, sizeof(_pt), &_pt);
				535	if (p == NULL)
				536	goto tx_error;
				537	ip_vs_conn_fill_cport(cp, *p);
				538	IP_VS_DBG(10, "filled cport=%d\n", ntohs(*p));
				539	}
				540
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	541	if (!(rt = __ip_vs_get_out_rt(skb, cp->dest, cp->daddr.ip,
Changli Gao	17a8f8e	2011-02-24 08:19:57 +0800	[diff] [blame]	542	IP_VS_RT_MODE_LOCAL \|
Julian Anastasov	c90558d	2013-03-21 11:57:59 +0200	[diff] [blame]	543	IP_VS_RT_MODE_NON_LOCAL \|
				544	IP_VS_RT_MODE_RDR, NULL)))
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	545	goto tx_error_icmp;
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	546	local = rt->rt_flags & RTCF_LOCAL;
				547	/*
				548	* Avoid duplicate tuple in reply direction for NAT traffic
				549	* to local address when connection is sync-ed
				550	*/
Igor Maravić	c0cd115	2011-12-12 02:58:24 +0000	[diff] [blame]	551	#if IS_ENABLED(CONFIG_NF_CONNTRACK)
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	552	if (cp->flags & IP_VS_CONN_F_SYNC && local) {
				553	enum ip_conntrack_info ctinfo;
Alan Cox	05b4b06	2012-10-26 00:13:27 +0000	[diff] [blame]	554	struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	555
				556	if (ct && !nf_ct_is_untracked(ct)) {
Julian Anastasov	0d79641	2010-10-17 16:46:17 +0300	[diff] [blame]	557	IP_VS_DBG_RL_PKT(10, AF_INET, pp, skb, 0,
				558	"ip_vs_nat_xmit(): "
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	559	"stopping DNAT to local address");
				560	goto tx_error_put;
				561	}
				562	}
				563	#endif
				564
				565	/* From world but DNAT to loopback address? */
Julian Anastasov	c92f5ca	2011-05-10 12:46:05 +0000	[diff] [blame]	566	if (local && ipv4_is_loopback(cp->daddr.ip) &&
David S. Miller	c753796	2010-11-11 17:07:48 -0800	[diff] [blame]	567	rt_is_input_route(skb_rtable(skb))) {
Julian Anastasov	0d79641	2010-10-17 16:46:17 +0300	[diff] [blame]	568	IP_VS_DBG_RL_PKT(1, AF_INET, pp, skb, 0, "ip_vs_nat_xmit(): "
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	569	"stopping DNAT to loopback address");
				570	goto tx_error_put;
				571	}
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	572
				573	/* MTU checking */
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	574	mtu = dst_mtu(&rt->dst);
Simon Horman	8f1b03a	2010-11-09 10:08:49 +0900	[diff] [blame]	575	if ((skb->len > mtu) && (iph->frag_off & htons(IP_DF)) &&
				576	!skb_is_gso(skb)) {
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	577	icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu));
Julian Anastasov	0d79641	2010-10-17 16:46:17 +0300	[diff] [blame]	578	IP_VS_DBG_RL_PKT(0, AF_INET, pp, skb, 0,
				579	"ip_vs_nat_xmit(): frag needed for");
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	580	goto tx_error_put;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	581	}
				582
				583	/* copy-on-write the packet before mangling it */
Herbert Xu	af1e1cf	2007-10-14 00:39:33 -0700	[diff] [blame]	584	if (!skb_make_writable(skb, sizeof(struct iphdr)))
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	585	goto tx_error_put;
				586
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	587	if (skb_cow(skb, rt->dst.dev->hard_header_len))
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	588	goto tx_error_put;
				589
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	590	/* mangle the packet */
Jesper Dangaard Brouer	d4383f0	2012-09-26 14:07:17 +0200	[diff] [blame]	591	if (pp->dnat_handler && !pp->dnat_handler(skb, pp, cp, ipvsh))
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	592	goto tx_error_put;
Julius Volz	e7ade46	2008-09-02 15:55:33 +0200	[diff] [blame]	593	ip_hdr(skb)->daddr = cp->daddr.ip;
Arnaldo Carvalho de Melo	eddc9ec	2007-04-20 22:47:35 -0700	[diff] [blame]	594	ip_send_check(ip_hdr(skb));
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	595
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	596	if (!local) {
				597	/* drop old route */
				598	skb_dst_drop(skb);
				599	skb_dst_set(skb, &rt->dst);
Julian Anastasov	183dce5	2013-03-21 11:58:03 +0200	[diff] [blame^]	600	} else
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	601	ip_rt_put(rt);
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	602
Julian Anastasov	0d79641	2010-10-17 16:46:17 +0300	[diff] [blame]	603	IP_VS_DBG_PKT(10, AF_INET, pp, skb, 0, "After DNAT");
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	604
				605	/* FIXME: when application helper enlarges the packet and the length
				606	is larger than the MTU of outgoing device, there will be still
				607	MTU problem. */
				608
				609	/* Another hack: avoid icmp_send in ip_fragment */
				610	skb->local_df = 1;
				611
Julian Anastasov	b8abdf0	2013-03-21 11:58:01 +0200	[diff] [blame]	612	rc = ip_vs_nat_send_or_cont(NFPROTO_IPV4, skb, cp, local);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	613
				614	LeaveFunction(10);
Julian Anastasov	b8abdf0	2013-03-21 11:58:01 +0200	[diff] [blame]	615	return rc;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	616
				617	tx_error_icmp:
				618	dst_link_failure(skb);
				619	tx_error:
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	620	kfree_skb(skb);
Julian Anastasov	f4bc17c	2010-09-21 17:35:41 +0200	[diff] [blame]	621	LeaveFunction(10);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	622	return NF_STOLEN;
				623	tx_error_put:
				624	ip_rt_put(rt);
				625	goto tx_error;
				626	}
				627
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	628	#ifdef CONFIG_IP_VS_IPV6
				629	int
				630	ip_vs_nat_xmit_v6(struct sk_buff skb, struct ip_vs_conn cp,
Jesper Dangaard Brouer	d4383f0	2012-09-26 14:07:17 +0200	[diff] [blame]	631	struct ip_vs_protocol pp, struct ip_vs_iphdr iph)
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	632	{
				633	struct rt6_info rt; / Route to the other host */
				634	int mtu;
Julian Anastasov	b8abdf0	2013-03-21 11:58:01 +0200	[diff] [blame]	635	int local, rc;
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	636
				637	EnterFunction(10);
				638
				639	/* check if it is a connection of no-client-port */
Jesper Dangaard Brouer	d4383f0	2012-09-26 14:07:17 +0200	[diff] [blame]	640	if (unlikely(cp->flags & IP_VS_CONN_F_NO_CPORT && !iph->fragoffs)) {
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	641	__be16 _pt, *p;
Jesper Dangaard Brouer	d4383f0	2012-09-26 14:07:17 +0200	[diff] [blame]	642	p = skb_header_pointer(skb, iph->len, sizeof(_pt), &_pt);
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	643	if (p == NULL)
				644	goto tx_error;
				645	ip_vs_conn_fill_cport(cp, *p);
				646	IP_VS_DBG(10, "filled cport=%d\n", ntohs(*p));
				647	}
				648
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	649	if (!(rt = __ip_vs_get_out_rt_v6(skb, cp->dest, &cp->daddr.in6, NULL,
David S. Miller	e58b344	2011-05-12 18:22:34 -0400	[diff] [blame]	650	0, (IP_VS_RT_MODE_LOCAL \|
				651	IP_VS_RT_MODE_NON_LOCAL \|
				652	IP_VS_RT_MODE_RDR))))
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	653	goto tx_error_icmp;
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	654	local = __ip_vs_is_local_route6(rt);
				655	/*
				656	* Avoid duplicate tuple in reply direction for NAT traffic
				657	* to local address when connection is sync-ed
				658	*/
Igor Maravić	c0cd115	2011-12-12 02:58:24 +0000	[diff] [blame]	659	#if IS_ENABLED(CONFIG_NF_CONNTRACK)
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	660	if (cp->flags & IP_VS_CONN_F_SYNC && local) {
				661	enum ip_conntrack_info ctinfo;
Alan Cox	05b4b06	2012-10-26 00:13:27 +0000	[diff] [blame]	662	struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	663
				664	if (ct && !nf_ct_is_untracked(ct)) {
Julian Anastasov	0d79641	2010-10-17 16:46:17 +0300	[diff] [blame]	665	IP_VS_DBG_RL_PKT(10, AF_INET6, pp, skb, 0,
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	666	"ip_vs_nat_xmit_v6(): "
				667	"stopping DNAT to local address");
				668	goto tx_error_put;
				669	}
				670	}
				671	#endif
				672
				673	/* From world but DNAT to loopback address? */
				674	if (local && skb->dev && !(skb->dev->flags & IFF_LOOPBACK) &&
				675	ipv6_addr_type(&rt->rt6i_dst.addr) & IPV6_ADDR_LOOPBACK) {
Julian Anastasov	0d79641	2010-10-17 16:46:17 +0300	[diff] [blame]	676	IP_VS_DBG_RL_PKT(1, AF_INET6, pp, skb, 0,
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	677	"ip_vs_nat_xmit_v6(): "
				678	"stopping DNAT to loopback address");
				679	goto tx_error_put;
				680	}
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	681
				682	/* MTU checking */
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	683	mtu = dst_mtu(&rt->dst);
Jesper Dangaard Brouer	590e3f7	2012-08-28 22:05:51 +0200	[diff] [blame]	684	if (__mtu_check_toobig_v6(skb, mtu)) {
Julian Anastasov	cb59155	2010-10-17 16:40:51 +0300	[diff] [blame]	685	if (!skb->dev) {
				686	struct net *net = dev_net(skb_dst(skb)->dev);
				687
				688	skb->dev = net->loopback_dev;
				689	}
Jesper Dangaard Brouer	2f74713	2012-09-26 14:06:59 +0200	[diff] [blame]	690	/* only send ICMP too big on first fragment */
Jesper Dangaard Brouer	d4383f0	2012-09-26 14:07:17 +0200	[diff] [blame]	691	if (!iph->fragoffs)
Jesper Dangaard Brouer	2f74713	2012-09-26 14:06:59 +0200	[diff] [blame]	692	icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
Julian Anastasov	0d79641	2010-10-17 16:46:17 +0300	[diff] [blame]	693	IP_VS_DBG_RL_PKT(0, AF_INET6, pp, skb, 0,
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	694	"ip_vs_nat_xmit_v6(): frag needed for");
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	695	goto tx_error_put;
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	696	}
				697
				698	/* copy-on-write the packet before mangling it */
				699	if (!skb_make_writable(skb, sizeof(struct ipv6hdr)))
				700	goto tx_error_put;
				701
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	702	if (skb_cow(skb, rt->dst.dev->hard_header_len))
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	703	goto tx_error_put;
				704
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	705	/* mangle the packet */
Jesper Dangaard Brouer	d4383f0	2012-09-26 14:07:17 +0200	[diff] [blame]	706	if (pp->dnat_handler && !pp->dnat_handler(skb, pp, cp, iph))
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	707	goto tx_error;
Alexey Dobriyan	4e3fd7a	2011-11-21 03:39:03 +0000	[diff] [blame]	708	ipv6_hdr(skb)->daddr = cp->daddr.in6;
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	709
				710	if (!local \|\| !skb->dev) {
				711	/* drop the old route when skb is not shared */
				712	skb_dst_drop(skb);
				713	skb_dst_set(skb, &rt->dst);
				714	} else {
				715	/* destined to loopback, do we need to change route? */
				716	dst_release(&rt->dst);
				717	}
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	718
Julian Anastasov	0d79641	2010-10-17 16:46:17 +0300	[diff] [blame]	719	IP_VS_DBG_PKT(10, AF_INET6, pp, skb, 0, "After DNAT");
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	720
				721	/* FIXME: when application helper enlarges the packet and the length
				722	is larger than the MTU of outgoing device, there will be still
				723	MTU problem. */
				724
				725	/* Another hack: avoid icmp_send in ip_fragment */
				726	skb->local_df = 1;
				727
Julian Anastasov	b8abdf0	2013-03-21 11:58:01 +0200	[diff] [blame]	728	rc = ip_vs_nat_send_or_cont(NFPROTO_IPV6, skb, cp, local);
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	729
				730	LeaveFunction(10);
Julian Anastasov	b8abdf0	2013-03-21 11:58:01 +0200	[diff] [blame]	731	return rc;
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	732
				733	tx_error_icmp:
				734	dst_link_failure(skb);
				735	tx_error:
				736	LeaveFunction(10);
				737	kfree_skb(skb);
				738	return NF_STOLEN;
				739	tx_error_put:
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	740	dst_release(&rt->dst);
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	741	goto tx_error;
				742	}
				743	#endif
				744
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	745
				746	/*
				747	* IP Tunneling transmitter
				748	*
				749	* This function encapsulates the packet in a new IP packet, its
				750	* destination will be set to cp->daddr. Most code of this function
				751	* is taken from ipip.c.
				752	*
				753	* It is used in VS/TUN cluster. The load balancer selects a real
				754	* server from a cluster based on a scheduling algorithm,
				755	* encapsulates the request packet and forwards it to the selected
				756	* server. For example, all real servers are configured with
				757	* "ifconfig tunl0 <Virtual IP Address> up". When the server receives
				758	* the encapsulated packet, it will decapsulate the packet, processe
				759	* the request and return the response packets directly to the client
				760	* without passing the load balancer. This can greatly increase the
				761	* scalability of virtual server.
				762	*
				763	* Used for ANY protocol
				764	*/
				765	int
				766	ip_vs_tunnel_xmit(struct sk_buff skb, struct ip_vs_conn cp,
Jesper Dangaard Brouer	d4383f0	2012-09-26 14:07:17 +0200	[diff] [blame]	767	struct ip_vs_protocol pp, struct ip_vs_iphdr ipvsh)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	768	{
Julian Anastasov	3654e61	2012-07-20 11:59:53 +0300	[diff] [blame]	769	struct netns_ipvs *ipvs = net_ipvs(skb_net(skb));
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	770	struct rtable rt; / Route to the other host */
Julian Anastasov	c92f5ca	2011-05-10 12:46:05 +0000	[diff] [blame]	771	__be32 saddr; /* Source for tunnel */
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	772	struct net_device tdev; / Device to other host */
Arnaldo Carvalho de Melo	eddc9ec	2007-04-20 22:47:35 -0700	[diff] [blame]	773	struct iphdr *old_iph = ip_hdr(skb);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	774	u8 tos = old_iph->tos;
Julian Anastasov	f2edb9f	2012-07-20 11:59:52 +0300	[diff] [blame]	775	__be16 df;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	776	struct iphdr iph; / Our new IP header */
Chuck Lever	c2636b4	2007-10-23 21:07:32 -0700	[diff] [blame]	777	unsigned int max_headroom; /* The extra header space needed */
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	778	int mtu;
Julian Anastasov	f4bc17c	2010-09-21 17:35:41 +0200	[diff] [blame]	779	int ret;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	780
				781	EnterFunction(10);
				782
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	783	if (!(rt = __ip_vs_get_out_rt(skb, cp->dest, cp->daddr.ip,
Julian Anastasov	c90558d	2013-03-21 11:57:59 +0200	[diff] [blame]	784	IP_VS_RT_MODE_LOCAL \|
				785	IP_VS_RT_MODE_NON_LOCAL \|
				786	IP_VS_RT_MODE_CONNECT, &saddr)))
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	787	goto tx_error_icmp;
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	788	if (rt->rt_flags & RTCF_LOCAL) {
				789	ip_rt_put(rt);
Julian Anastasov	b8abdf0	2013-03-21 11:58:01 +0200	[diff] [blame]	790	return ip_vs_send_or_cont(NFPROTO_IPV4, skb, cp, 1);
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	791	}
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	792
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	793	tdev = rt->dst.dev;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	794
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	795	mtu = dst_mtu(&rt->dst) - sizeof(struct iphdr);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	796	if (mtu < 68) {
Hannes Eder	1e3e238	2009-08-02 11:05:41 +0000	[diff] [blame]	797	IP_VS_DBG_RL("%s(): mtu less than 68\n", __func__);
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	798	goto tx_error_put;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	799	}
Julian Anastasov	f2edb9f	2012-07-20 11:59:52 +0300	[diff] [blame]	800	if (rt_is_output_route(skb_rtable(skb)))
David S. Miller	6700c27	2012-07-17 03:29:28 -0700	[diff] [blame]	801	skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, skb, mtu);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	802
Julian Anastasov	f2edb9f	2012-07-20 11:59:52 +0300	[diff] [blame]	803	/* Copy DF, reset fragment offset and MF */
Julian Anastasov	3654e61	2012-07-20 11:59:53 +0300	[diff] [blame]	804	df = sysctl_pmtu_disc(ipvs) ? old_iph->frag_off & htons(IP_DF) : 0;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	805
Julian Anastasov	3654e61	2012-07-20 11:59:53 +0300	[diff] [blame]	806	if (df && mtu < ntohs(old_iph->tot_len) && !skb_is_gso(skb)) {
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	807	icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu));
Hannes Eder	1e3e238	2009-08-02 11:05:41 +0000	[diff] [blame]	808	IP_VS_DBG_RL("%s(): frag needed\n", __func__);
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	809	goto tx_error_put;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	810	}
				811
				812	/*
				813	* Okay, now see if we can stuff it in the buffer as-is.
				814	*/
				815	max_headroom = LL_RESERVED_SPACE(tdev) + sizeof(struct iphdr);
				816
				817	if (skb_headroom(skb) < max_headroom
				818	\|\| skb_cloned(skb) \|\| skb_shared(skb)) {
				819	struct sk_buff *new_skb =
				820	skb_realloc_headroom(skb, max_headroom);
				821	if (!new_skb) {
				822	ip_rt_put(rt);
				823	kfree_skb(skb);
Hannes Eder	1e3e238	2009-08-02 11:05:41 +0000	[diff] [blame]	824	IP_VS_ERR_RL("%s(): no memory\n", __func__);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	825	return NF_STOLEN;
				826	}
Eric Dumazet	5d0ba55	2012-06-04 01:17:19 +0000	[diff] [blame]	827	consume_skb(skb);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	828	skb = new_skb;
Arnaldo Carvalho de Melo	eddc9ec	2007-04-20 22:47:35 -0700	[diff] [blame]	829	old_iph = ip_hdr(skb);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	830	}
				831
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	832	skb->transport_header = skb->network_header;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	833
				834	/* fix old IP header checksum */
				835	ip_send_check(old_iph);
				836
Arnaldo Carvalho de Melo	e2d1bca	2007-04-10 20:46:21 -0700	[diff] [blame]	837	skb_push(skb, sizeof(struct iphdr));
				838	skb_reset_network_header(skb);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	839	memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
				840
				841	/* drop old route */
Eric Dumazet	adf3090	2009-06-02 05:19:30 +0000	[diff] [blame]	842	skb_dst_drop(skb);
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	843	skb_dst_set(skb, &rt->dst);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	844
				845	/*
				846	* Push down and install the IPIP header.
				847	*/
Arnaldo Carvalho de Melo	eddc9ec	2007-04-20 22:47:35 -0700	[diff] [blame]	848	iph = ip_hdr(skb);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	849	iph->version = 4;
				850	iph->ihl = sizeof(struct iphdr)>>2;
				851	iph->frag_off = df;
				852	iph->protocol = IPPROTO_IPIP;
				853	iph->tos = tos;
Julian Anastasov	c92f5ca	2011-05-10 12:46:05 +0000	[diff] [blame]	854	iph->daddr = cp->daddr.ip;
				855	iph->saddr = saddr;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	856	iph->ttl = old_iph->ttl;
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	857	ip_select_ident(iph, &rt->dst, NULL);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	858
				859	/* Another hack: avoid icmp_send in ip_fragment */
				860	skb->local_df = 1;
				861
Julian Anastasov	b8abdf0	2013-03-21 11:58:01 +0200	[diff] [blame]	862	ret = ip_vs_tunnel_xmit_prepare(skb, cp);
Julian Anastasov	f4bc17c	2010-09-21 17:35:41 +0200	[diff] [blame]	863	if (ret == NF_ACCEPT)
				864	ip_local_out(skb);
				865	else if (ret == NF_DROP)
				866	kfree_skb(skb);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	867
				868	LeaveFunction(10);
				869
				870	return NF_STOLEN;
				871
				872	tx_error_icmp:
				873	dst_link_failure(skb);
				874	tx_error:
				875	kfree_skb(skb);
				876	LeaveFunction(10);
				877	return NF_STOLEN;
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	878	tx_error_put:
				879	ip_rt_put(rt);
				880	goto tx_error;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	881	}
				882
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	883	#ifdef CONFIG_IP_VS_IPV6
				884	int
				885	ip_vs_tunnel_xmit_v6(struct sk_buff skb, struct ip_vs_conn cp,
Jesper Dangaard Brouer	d4383f0	2012-09-26 14:07:17 +0200	[diff] [blame]	886	struct ip_vs_protocol pp, struct ip_vs_iphdr ipvsh)
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	887	{
				888	struct rt6_info rt; / Route to the other host */
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	889	struct in6_addr saddr; /* Source for tunnel */
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	890	struct net_device tdev; / Device to other host */
				891	struct ipv6hdr *old_iph = ipv6_hdr(skb);
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	892	struct ipv6hdr iph; / Our new IP header */
				893	unsigned int max_headroom; /* The extra header space needed */
				894	int mtu;
Julian Anastasov	f4bc17c	2010-09-21 17:35:41 +0200	[diff] [blame]	895	int ret;
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	896
				897	EnterFunction(10);
				898
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	899	if (!(rt = __ip_vs_get_out_rt_v6(skb, cp->dest, &cp->daddr.in6,
David S. Miller	e58b344	2011-05-12 18:22:34 -0400	[diff] [blame]	900	&saddr, 1, (IP_VS_RT_MODE_LOCAL \|
				901	IP_VS_RT_MODE_NON_LOCAL))))
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	902	goto tx_error_icmp;
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	903	if (__ip_vs_is_local_route6(rt)) {
				904	dst_release(&rt->dst);
Julian Anastasov	b8abdf0	2013-03-21 11:58:01 +0200	[diff] [blame]	905	return ip_vs_send_or_cont(NFPROTO_IPV6, skb, cp, 1);
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	906	}
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	907
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	908	tdev = rt->dst.dev;
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	909
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	910	mtu = dst_mtu(&rt->dst) - sizeof(struct ipv6hdr);
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	911	if (mtu < IPV6_MIN_MTU) {
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	912	IP_VS_DBG_RL("%s(): mtu less than %d\n", __func__,
				913	IPV6_MIN_MTU);
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	914	goto tx_error_put;
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	915	}
Eric Dumazet	adf3090	2009-06-02 05:19:30 +0000	[diff] [blame]	916	if (skb_dst(skb))
David S. Miller	6700c27	2012-07-17 03:29:28 -0700	[diff] [blame]	917	skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, skb, mtu);
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	918
Jesper Dangaard Brouer	590e3f7	2012-08-28 22:05:51 +0200	[diff] [blame]	919	/* MTU checking: Notice that 'mtu' have been adjusted before hand */
				920	if (__mtu_check_toobig_v6(skb, mtu)) {
Julian Anastasov	cb59155	2010-10-17 16:40:51 +0300	[diff] [blame]	921	if (!skb->dev) {
				922	struct net *net = dev_net(skb_dst(skb)->dev);
				923
				924	skb->dev = net->loopback_dev;
				925	}
Jesper Dangaard Brouer	2f74713	2012-09-26 14:06:59 +0200	[diff] [blame]	926	/* only send ICMP too big on first fragment */
Jesper Dangaard Brouer	d4383f0	2012-09-26 14:07:17 +0200	[diff] [blame]	927	if (!ipvsh->fragoffs)
Jesper Dangaard Brouer	2f74713	2012-09-26 14:06:59 +0200	[diff] [blame]	928	icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
Hannes Eder	1e3e238	2009-08-02 11:05:41 +0000	[diff] [blame]	929	IP_VS_DBG_RL("%s(): frag needed\n", __func__);
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	930	goto tx_error_put;
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	931	}
				932
				933	/*
				934	* Okay, now see if we can stuff it in the buffer as-is.
				935	*/
				936	max_headroom = LL_RESERVED_SPACE(tdev) + sizeof(struct ipv6hdr);
				937
				938	if (skb_headroom(skb) < max_headroom
				939	\|\| skb_cloned(skb) \|\| skb_shared(skb)) {
				940	struct sk_buff *new_skb =
				941	skb_realloc_headroom(skb, max_headroom);
				942	if (!new_skb) {
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	943	dst_release(&rt->dst);
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	944	kfree_skb(skb);
Hannes Eder	1e3e238	2009-08-02 11:05:41 +0000	[diff] [blame]	945	IP_VS_ERR_RL("%s(): no memory\n", __func__);
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	946	return NF_STOLEN;
				947	}
Eric Dumazet	5d0ba55	2012-06-04 01:17:19 +0000	[diff] [blame]	948	consume_skb(skb);
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	949	skb = new_skb;
				950	old_iph = ipv6_hdr(skb);
				951	}
				952
Hans Schillstrom	714f095	2010-10-19 10:38:48 +0200	[diff] [blame]	953	skb->transport_header = skb->network_header;
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	954
				955	skb_push(skb, sizeof(struct ipv6hdr));
				956	skb_reset_network_header(skb);
				957	memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
				958
				959	/* drop old route */
Eric Dumazet	adf3090	2009-06-02 05:19:30 +0000	[diff] [blame]	960	skb_dst_drop(skb);
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	961	skb_dst_set(skb, &rt->dst);
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	962
				963	/*
				964	* Push down and install the IPIP header.
				965	*/
				966	iph = ipv6_hdr(skb);
				967	iph->version = 6;
				968	iph->nexthdr = IPPROTO_IPV6;
Harvey Harrison	b7b45f4	2008-11-10 16:46:06 -0800	[diff] [blame]	969	iph->payload_len = old_iph->payload_len;
				970	be16_add_cpu(&iph->payload_len, sizeof(*old_iph));
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	971	iph->priority = old_iph->priority;
				972	memset(&iph->flow_lbl, 0, sizeof(iph->flow_lbl));
Alexey Dobriyan	4e3fd7a	2011-11-21 03:39:03 +0000	[diff] [blame]	973	iph->daddr = cp->daddr.in6;
				974	iph->saddr = saddr;
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	975	iph->hop_limit = old_iph->hop_limit;
				976
				977	/* Another hack: avoid icmp_send in ip_fragment */
				978	skb->local_df = 1;
				979
Julian Anastasov	b8abdf0	2013-03-21 11:58:01 +0200	[diff] [blame]	980	ret = ip_vs_tunnel_xmit_prepare(skb, cp);
Julian Anastasov	f4bc17c	2010-09-21 17:35:41 +0200	[diff] [blame]	981	if (ret == NF_ACCEPT)
				982	ip6_local_out(skb);
				983	else if (ret == NF_DROP)
				984	kfree_skb(skb);
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	985
				986	LeaveFunction(10);
				987
				988	return NF_STOLEN;
				989
				990	tx_error_icmp:
				991	dst_link_failure(skb);
				992	tx_error:
				993	kfree_skb(skb);
				994	LeaveFunction(10);
				995	return NF_STOLEN;
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	996	tx_error_put:
				997	dst_release(&rt->dst);
				998	goto tx_error;
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	999	}
				1000	#endif
				1001
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1002
				1003	/*
				1004	* Direct Routing transmitter
				1005	* Used for ANY protocol
				1006	*/
				1007	int
				1008	ip_vs_dr_xmit(struct sk_buff skb, struct ip_vs_conn cp,
Jesper Dangaard Brouer	d4383f0	2012-09-26 14:07:17 +0200	[diff] [blame]	1009	struct ip_vs_protocol pp, struct ip_vs_iphdr ipvsh)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1010	{
				1011	struct rtable rt; / Route to the other host */
Arnaldo Carvalho de Melo	eddc9ec	2007-04-20 22:47:35 -0700	[diff] [blame]	1012	struct iphdr *iph = ip_hdr(skb);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1013	int mtu;
				1014
				1015	EnterFunction(10);
				1016
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	1017	if (!(rt = __ip_vs_get_out_rt(skb, cp->dest, cp->daddr.ip,
Changli Gao	17a8f8e	2011-02-24 08:19:57 +0800	[diff] [blame]	1018	IP_VS_RT_MODE_LOCAL \|
Julian Anastasov	ad4d3ef	2012-10-08 11:41:20 +0000	[diff] [blame]	1019	IP_VS_RT_MODE_NON_LOCAL \|
				1020	IP_VS_RT_MODE_KNOWN_NH, NULL)))
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1021	goto tx_error_icmp;
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	1022	if (rt->rt_flags & RTCF_LOCAL) {
				1023	ip_rt_put(rt);
Julian Anastasov	b8abdf0	2013-03-21 11:58:01 +0200	[diff] [blame]	1024	return ip_vs_send_or_cont(NFPROTO_IPV4, skb, cp, 1);
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	1025	}
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1026
				1027	/* MTU checking */
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	1028	mtu = dst_mtu(&rt->dst);
Simon Horman	8f1b03a	2010-11-09 10:08:49 +0900	[diff] [blame]	1029	if ((iph->frag_off & htons(IP_DF)) && skb->len > mtu &&
				1030	!skb_is_gso(skb)) {
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1031	icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu));
				1032	ip_rt_put(rt);
Hannes Eder	1e3e238	2009-08-02 11:05:41 +0000	[diff] [blame]	1033	IP_VS_DBG_RL("%s(): frag needed\n", __func__);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1034	goto tx_error;
				1035	}
				1036
				1037	/*
				1038	* Call ip_send_check because we are not sure it is called
				1039	* after ip_defrag. Is copy-on-write needed?
				1040	*/
				1041	if (unlikely((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)) {
				1042	ip_rt_put(rt);
				1043	return NF_STOLEN;
				1044	}
Arnaldo Carvalho de Melo	eddc9ec	2007-04-20 22:47:35 -0700	[diff] [blame]	1045	ip_send_check(ip_hdr(skb));
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1046
				1047	/* drop old route */
Eric Dumazet	adf3090	2009-06-02 05:19:30 +0000	[diff] [blame]	1048	skb_dst_drop(skb);
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	1049	skb_dst_set(skb, &rt->dst);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1050
				1051	/* Another hack: avoid icmp_send in ip_fragment */
				1052	skb->local_df = 1;
				1053
Julian Anastasov	b8abdf0	2013-03-21 11:58:01 +0200	[diff] [blame]	1054	ip_vs_send_or_cont(NFPROTO_IPV4, skb, cp, 0);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1055
				1056	LeaveFunction(10);
				1057	return NF_STOLEN;
				1058
				1059	tx_error_icmp:
				1060	dst_link_failure(skb);
				1061	tx_error:
				1062	kfree_skb(skb);
				1063	LeaveFunction(10);
				1064	return NF_STOLEN;
				1065	}
				1066
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	1067	#ifdef CONFIG_IP_VS_IPV6
				1068	int
				1069	ip_vs_dr_xmit_v6(struct sk_buff skb, struct ip_vs_conn cp,
Jesper Dangaard Brouer	d4383f0	2012-09-26 14:07:17 +0200	[diff] [blame]	1070	struct ip_vs_protocol pp, struct ip_vs_iphdr iph)
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	1071	{
				1072	struct rt6_info rt; / Route to the other host */
				1073	int mtu;
				1074
				1075	EnterFunction(10);
				1076
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	1077	if (!(rt = __ip_vs_get_out_rt_v6(skb, cp->dest, &cp->daddr.in6, NULL,
David S. Miller	e58b344	2011-05-12 18:22:34 -0400	[diff] [blame]	1078	0, (IP_VS_RT_MODE_LOCAL \|
				1079	IP_VS_RT_MODE_NON_LOCAL))))
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	1080	goto tx_error_icmp;
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	1081	if (__ip_vs_is_local_route6(rt)) {
				1082	dst_release(&rt->dst);
Julian Anastasov	b8abdf0	2013-03-21 11:58:01 +0200	[diff] [blame]	1083	return ip_vs_send_or_cont(NFPROTO_IPV6, skb, cp, 1);
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	1084	}
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	1085
				1086	/* MTU checking */
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	1087	mtu = dst_mtu(&rt->dst);
Jesper Dangaard Brouer	590e3f7	2012-08-28 22:05:51 +0200	[diff] [blame]	1088	if (__mtu_check_toobig_v6(skb, mtu)) {
Julian Anastasov	cb59155	2010-10-17 16:40:51 +0300	[diff] [blame]	1089	if (!skb->dev) {
				1090	struct net *net = dev_net(skb_dst(skb)->dev);
				1091
				1092	skb->dev = net->loopback_dev;
				1093	}
Jesper Dangaard Brouer	2f74713	2012-09-26 14:06:59 +0200	[diff] [blame]	1094	/* only send ICMP too big on first fragment */
Jesper Dangaard Brouer	d4383f0	2012-09-26 14:07:17 +0200	[diff] [blame]	1095	if (!iph->fragoffs)
Jesper Dangaard Brouer	2f74713	2012-09-26 14:06:59 +0200	[diff] [blame]	1096	icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	1097	dst_release(&rt->dst);
Hannes Eder	1e3e238	2009-08-02 11:05:41 +0000	[diff] [blame]	1098	IP_VS_DBG_RL("%s(): frag needed\n", __func__);
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	1099	goto tx_error;
				1100	}
				1101
				1102	/*
				1103	* Call ip_send_check because we are not sure it is called
				1104	* after ip_defrag. Is copy-on-write needed?
				1105	*/
				1106	skb = skb_share_check(skb, GFP_ATOMIC);
				1107	if (unlikely(skb == NULL)) {
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	1108	dst_release(&rt->dst);
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	1109	return NF_STOLEN;
				1110	}
				1111
				1112	/* drop old route */
Eric Dumazet	adf3090	2009-06-02 05:19:30 +0000	[diff] [blame]	1113	skb_dst_drop(skb);
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	1114	skb_dst_set(skb, &rt->dst);
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	1115
				1116	/* Another hack: avoid icmp_send in ip_fragment */
				1117	skb->local_df = 1;
				1118
Julian Anastasov	b8abdf0	2013-03-21 11:58:01 +0200	[diff] [blame]	1119	ip_vs_send_or_cont(NFPROTO_IPV6, skb, cp, 0);
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	1120
				1121	LeaveFunction(10);
				1122	return NF_STOLEN;
				1123
				1124	tx_error_icmp:
				1125	dst_link_failure(skb);
				1126	tx_error:
				1127	kfree_skb(skb);
				1128	LeaveFunction(10);
				1129	return NF_STOLEN;
				1130	}
				1131	#endif
				1132
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1133
				1134	/*
				1135	* ICMP packet transmitter
				1136	* called by the ip_vs_in_icmp
				1137	*/
				1138	int
				1139	ip_vs_icmp_xmit(struct sk_buff skb, struct ip_vs_conn cp,
Jesper Dangaard Brouer	d4383f0	2012-09-26 14:07:17 +0200	[diff] [blame]	1140	struct ip_vs_protocol *pp, int offset, unsigned int hooknum,
				1141	struct ip_vs_iphdr *iph)
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1142	{
				1143	struct rtable rt; / Route to the other host */
				1144	int mtu;
				1145	int rc;
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	1146	int local;
Julian Anastasov	c92f5ca	2011-05-10 12:46:05 +0000	[diff] [blame]	1147	int rt_mode;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1148
				1149	EnterFunction(10);
				1150
				1151	/* The ICMP packet for VS/TUN, VS/DR and LOCALNODE will be
				1152	forwarded directly here, because there is no need to
				1153	translate address/port back */
				1154	if (IP_VS_FWD_METHOD(cp) != IP_VS_CONN_F_MASQ) {
				1155	if (cp->packet_xmit)
Jesper Dangaard Brouer	d4383f0	2012-09-26 14:07:17 +0200	[diff] [blame]	1156	rc = cp->packet_xmit(skb, cp, pp, iph);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1157	else
				1158	rc = NF_ACCEPT;
				1159	/* do not touch skb anymore */
				1160	atomic_inc(&cp->in_pkts);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1161	goto out;
				1162	}
				1163
				1164	/*
				1165	* mangle and send the packet here (only for VS/NAT)
				1166	*/
				1167
Julian Anastasov	c92f5ca	2011-05-10 12:46:05 +0000	[diff] [blame]	1168	/* LOCALNODE from FORWARD hook is not supported */
				1169	rt_mode = (hooknum != NF_INET_FORWARD) ?
				1170	IP_VS_RT_MODE_LOCAL \| IP_VS_RT_MODE_NON_LOCAL \|
				1171	IP_VS_RT_MODE_RDR : IP_VS_RT_MODE_NON_LOCAL;
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	1172	if (!(rt = __ip_vs_get_out_rt(skb, cp->dest, cp->daddr.ip,
Julian Anastasov	c92f5ca	2011-05-10 12:46:05 +0000	[diff] [blame]	1173	rt_mode, NULL)))
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1174	goto tx_error_icmp;
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	1175	local = rt->rt_flags & RTCF_LOCAL;
				1176
				1177	/*
				1178	* Avoid duplicate tuple in reply direction for NAT traffic
				1179	* to local address when connection is sync-ed
				1180	*/
Igor Maravić	c0cd115	2011-12-12 02:58:24 +0000	[diff] [blame]	1181	#if IS_ENABLED(CONFIG_NF_CONNTRACK)
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	1182	if (cp->flags & IP_VS_CONN_F_SYNC && local) {
				1183	enum ip_conntrack_info ctinfo;
Alan Cox	05b4b06	2012-10-26 00:13:27 +0000	[diff] [blame]	1184	struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	1185
				1186	if (ct && !nf_ct_is_untracked(ct)) {
				1187	IP_VS_DBG(10, "%s(): "
				1188	"stopping DNAT to local address %pI4\n",
				1189	__func__, &cp->daddr.ip);
				1190	goto tx_error_put;
				1191	}
				1192	}
				1193	#endif
				1194
				1195	/* From world but DNAT to loopback address? */
Julian Anastasov	c92f5ca	2011-05-10 12:46:05 +0000	[diff] [blame]	1196	if (local && ipv4_is_loopback(cp->daddr.ip) &&
David S. Miller	c753796	2010-11-11 17:07:48 -0800	[diff] [blame]	1197	rt_is_input_route(skb_rtable(skb))) {
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	1198	IP_VS_DBG(1, "%s(): "
				1199	"stopping DNAT to loopback %pI4\n",
				1200	__func__, &cp->daddr.ip);
				1201	goto tx_error_put;
				1202	}
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1203
				1204	/* MTU checking */
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	1205	mtu = dst_mtu(&rt->dst);
Simon Horman	8f1b03a	2010-11-09 10:08:49 +0900	[diff] [blame]	1206	if ((skb->len > mtu) && (ip_hdr(skb)->frag_off & htons(IP_DF)) &&
				1207	!skb_is_gso(skb)) {
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1208	icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
Hannes Eder	1e3e238	2009-08-02 11:05:41 +0000	[diff] [blame]	1209	IP_VS_DBG_RL("%s(): frag needed\n", __func__);
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	1210	goto tx_error_put;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1211	}
				1212
				1213	/* copy-on-write the packet before mangling it */
Herbert Xu	af1e1cf	2007-10-14 00:39:33 -0700	[diff] [blame]	1214	if (!skb_make_writable(skb, offset))
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1215	goto tx_error_put;
				1216
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	1217	if (skb_cow(skb, rt->dst.dev->hard_header_len))
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1218	goto tx_error_put;
				1219
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1220	ip_vs_nat_icmp(skb, pp, cp, 0);
				1221
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	1222	if (!local) {
				1223	/* drop the old route when skb is not shared */
				1224	skb_dst_drop(skb);
				1225	skb_dst_set(skb, &rt->dst);
Julian Anastasov	183dce5	2013-03-21 11:58:03 +0200	[diff] [blame^]	1226	} else
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	1227	ip_rt_put(rt);
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	1228
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1229	/* Another hack: avoid icmp_send in ip_fragment */
				1230	skb->local_df = 1;
				1231
Julian Anastasov	b8abdf0	2013-03-21 11:58:01 +0200	[diff] [blame]	1232	rc = ip_vs_nat_send_or_cont(NFPROTO_IPV4, skb, cp, local);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1233	goto out;
				1234
				1235	tx_error_icmp:
				1236	dst_link_failure(skb);
				1237	tx_error:
				1238	dev_kfree_skb(skb);
				1239	rc = NF_STOLEN;
				1240	out:
				1241	LeaveFunction(10);
				1242	return rc;
				1243	tx_error_put:
				1244	ip_rt_put(rt);
				1245	goto tx_error;
				1246	}
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	1247
				1248	#ifdef CONFIG_IP_VS_IPV6
				1249	int
				1250	ip_vs_icmp_xmit_v6(struct sk_buff skb, struct ip_vs_conn cp,
Jesper Dangaard Brouer	d4383f0	2012-09-26 14:07:17 +0200	[diff] [blame]	1251	struct ip_vs_protocol *pp, int offset, unsigned int hooknum,
				1252	struct ip_vs_iphdr *iph)
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	1253	{
				1254	struct rt6_info rt; / Route to the other host */
				1255	int mtu;
				1256	int rc;
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	1257	int local;
Julian Anastasov	c92f5ca	2011-05-10 12:46:05 +0000	[diff] [blame]	1258	int rt_mode;
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	1259
				1260	EnterFunction(10);
				1261
				1262	/* The ICMP packet for VS/TUN, VS/DR and LOCALNODE will be
				1263	forwarded directly here, because there is no need to
				1264	translate address/port back */
				1265	if (IP_VS_FWD_METHOD(cp) != IP_VS_CONN_F_MASQ) {
				1266	if (cp->packet_xmit)
Jesper Dangaard Brouer	d4383f0	2012-09-26 14:07:17 +0200	[diff] [blame]	1267	rc = cp->packet_xmit(skb, cp, pp, iph);
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	1268	else
				1269	rc = NF_ACCEPT;
				1270	/* do not touch skb anymore */
				1271	atomic_inc(&cp->in_pkts);
				1272	goto out;
				1273	}
				1274
				1275	/*
				1276	* mangle and send the packet here (only for VS/NAT)
				1277	*/
				1278
Julian Anastasov	c92f5ca	2011-05-10 12:46:05 +0000	[diff] [blame]	1279	/* LOCALNODE from FORWARD hook is not supported */
				1280	rt_mode = (hooknum != NF_INET_FORWARD) ?
				1281	IP_VS_RT_MODE_LOCAL \| IP_VS_RT_MODE_NON_LOCAL \|
				1282	IP_VS_RT_MODE_RDR : IP_VS_RT_MODE_NON_LOCAL;
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	1283	if (!(rt = __ip_vs_get_out_rt_v6(skb, cp->dest, &cp->daddr.in6, NULL,
Julian Anastasov	c92f5ca	2011-05-10 12:46:05 +0000	[diff] [blame]	1284	0, rt_mode)))
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	1285	goto tx_error_icmp;
				1286
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	1287	local = __ip_vs_is_local_route6(rt);
				1288	/*
				1289	* Avoid duplicate tuple in reply direction for NAT traffic
				1290	* to local address when connection is sync-ed
				1291	*/
Igor Maravić	c0cd115	2011-12-12 02:58:24 +0000	[diff] [blame]	1292	#if IS_ENABLED(CONFIG_NF_CONNTRACK)
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	1293	if (cp->flags & IP_VS_CONN_F_SYNC && local) {
				1294	enum ip_conntrack_info ctinfo;
Alan Cox	05b4b06	2012-10-26 00:13:27 +0000	[diff] [blame]	1295	struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	1296
				1297	if (ct && !nf_ct_is_untracked(ct)) {
				1298	IP_VS_DBG(10, "%s(): "
				1299	"stopping DNAT to local address %pI6\n",
				1300	__func__, &cp->daddr.in6);
				1301	goto tx_error_put;
				1302	}
				1303	}
				1304	#endif
				1305
				1306	/* From world but DNAT to loopback address? */
				1307	if (local && skb->dev && !(skb->dev->flags & IFF_LOOPBACK) &&
				1308	ipv6_addr_type(&rt->rt6i_dst.addr) & IPV6_ADDR_LOOPBACK) {
				1309	IP_VS_DBG(1, "%s(): "
				1310	"stopping DNAT to loopback %pI6\n",
				1311	__func__, &cp->daddr.in6);
				1312	goto tx_error_put;
				1313	}
				1314
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	1315	/* MTU checking */
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	1316	mtu = dst_mtu(&rt->dst);
Jesper Dangaard Brouer	590e3f7	2012-08-28 22:05:51 +0200	[diff] [blame]	1317	if (__mtu_check_toobig_v6(skb, mtu)) {
Julian Anastasov	cb59155	2010-10-17 16:40:51 +0300	[diff] [blame]	1318	if (!skb->dev) {
				1319	struct net *net = dev_net(skb_dst(skb)->dev);
				1320
				1321	skb->dev = net->loopback_dev;
				1322	}
Jesper Dangaard Brouer	2f74713	2012-09-26 14:06:59 +0200	[diff] [blame]	1323	/* only send ICMP too big on first fragment */
Jesper Dangaard Brouer	d4383f0	2012-09-26 14:07:17 +0200	[diff] [blame]	1324	if (!iph->fragoffs)
Jesper Dangaard Brouer	2f74713	2012-09-26 14:06:59 +0200	[diff] [blame]	1325	icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
Hannes Eder	1e3e238	2009-08-02 11:05:41 +0000	[diff] [blame]	1326	IP_VS_DBG_RL("%s(): frag needed\n", __func__);
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	1327	goto tx_error_put;
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	1328	}
				1329
				1330	/* copy-on-write the packet before mangling it */
				1331	if (!skb_make_writable(skb, offset))
				1332	goto tx_error_put;
				1333
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	1334	if (skb_cow(skb, rt->dst.dev->hard_header_len))
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	1335	goto tx_error_put;
				1336
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	1337	ip_vs_nat_icmp_v6(skb, pp, cp, 0);
				1338
Julian Anastasov	fc60476	2010-10-17 16:38:15 +0300	[diff] [blame]	1339	if (!local \|\| !skb->dev) {
				1340	/* drop the old route when skb is not shared */
				1341	skb_dst_drop(skb);
				1342	skb_dst_set(skb, &rt->dst);
				1343	} else {
				1344	/* destined to loopback, do we need to change route? */
				1345	dst_release(&rt->dst);
				1346	}
				1347
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	1348	/* Another hack: avoid icmp_send in ip_fragment */
				1349	skb->local_df = 1;
				1350
Julian Anastasov	b8abdf0	2013-03-21 11:58:01 +0200	[diff] [blame]	1351	rc = ip_vs_nat_send_or_cont(NFPROTO_IPV6, skb, cp, local);
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	1352	goto out;
				1353
				1354	tx_error_icmp:
				1355	dst_link_failure(skb);
				1356	tx_error:
				1357	dev_kfree_skb(skb);
				1358	rc = NF_STOLEN;
				1359	out:
				1360	LeaveFunction(10);
				1361	return rc;
				1362	tx_error_put:
Changli Gao	d8d1f30	2010-06-10 23:31:35 -0700	[diff] [blame]	1363	dst_release(&rt->dst);
Julius Volz	b3cdd2a7	2008-09-02 15:55:45 +0200	[diff] [blame]	1364	goto tx_error;
				1365	}
				1366	#endif