2 * ip_vs_xmit.c: various packet transmitters for IPVS
4 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
5 * Julian Anastasov <ja@ssi.bg>
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
16 #define KMSG_COMPONENT "IPVS"
17 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
19 #include <linux/kernel.h>
20 #include <linux/slab.h>
21 #include <linux/tcp.h> /* for tcphdr */
23 #include <net/tcp.h> /* for csum_tcpudp_magic */
25 #include <net/icmp.h> /* for icmp_send */
26 #include <net/route.h> /* for ip_route_output */
28 #include <net/ip6_route.h>
29 #include <net/addrconf.h>
30 #include <linux/icmpv6.h>
31 #include <linux/netfilter.h>
32 #include <linux/netfilter_ipv4.h>
34 #include <net/ip_vs.h>
38 * Destination cache to speed up outgoing route lookup
41 __ip_vs_dst_set(struct ip_vs_dest *dest, u32 rtos, struct dst_entry *dst,
44 struct dst_entry *old_dst;
46 old_dst = dest->dst_cache;
47 dest->dst_cache = dst;
48 dest->dst_rtos = rtos;
49 dest->dst_cookie = dst_cookie;
53 static inline struct dst_entry *
54 __ip_vs_dst_check(struct ip_vs_dest *dest, u32 rtos)
56 struct dst_entry *dst = dest->dst_cache;
60 if ((dst->obsolete || rtos != dest->dst_rtos) &&
61 dst->ops->check(dst, dest->dst_cookie) == NULL) {
62 dest->dst_cache = NULL;
70 static struct rtable *
71 __ip_vs_get_out_rt(struct sk_buff *skb, struct ip_vs_conn *cp, u32 rtos)
73 struct net *net = dev_net(skb->dev);
74 struct rtable *rt; /* Route to the other host */
75 struct ip_vs_dest *dest = cp->dest;
78 spin_lock(&dest->dst_lock);
79 if (!(rt = (struct rtable *)
80 __ip_vs_dst_check(dest, rtos))) {
85 .daddr = dest->addr.ip,
90 if (ip_route_output_key(net, &rt, &fl)) {
91 spin_unlock(&dest->dst_lock);
92 IP_VS_DBG_RL("ip_route_output error, dest: %pI4\n",
96 __ip_vs_dst_set(dest, rtos, dst_clone(&rt->dst), 0);
97 IP_VS_DBG(10, "new dst %pI4, refcnt=%d, rtos=%X\n",
99 atomic_read(&rt->dst.__refcnt), rtos);
101 spin_unlock(&dest->dst_lock);
107 .daddr = cp->daddr.ip,
112 if (ip_route_output_key(net, &rt, &fl)) {
113 IP_VS_DBG_RL("ip_route_output error, dest: %pI4\n",
122 #ifdef CONFIG_IP_VS_IPV6
124 static struct dst_entry *
125 __ip_vs_route_output_v6(struct net *net, struct in6_addr *daddr,
126 struct in6_addr *ret_saddr, int do_xfrm)
128 struct dst_entry *dst;
138 dst = ip6_route_output(net, NULL, &fl);
143 if (ipv6_addr_any(&fl.fl6_src) &&
144 ipv6_dev_get_saddr(net, ip6_dst_idev(dst)->dev,
145 &fl.fl6_dst, 0, &fl.fl6_src) < 0)
147 if (do_xfrm && xfrm_lookup(net, &dst, &fl, NULL, 0) < 0)
149 ipv6_addr_copy(ret_saddr, &fl.fl6_src);
154 IP_VS_DBG_RL("ip6_route_output error, dest: %pI6\n", daddr);
158 static struct rt6_info *
159 __ip_vs_get_out_rt_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
160 struct in6_addr *ret_saddr, int do_xfrm)
162 struct net *net = dev_net(skb->dev);
163 struct rt6_info *rt; /* Route to the other host */
164 struct ip_vs_dest *dest = cp->dest;
165 struct dst_entry *dst;
168 spin_lock(&dest->dst_lock);
169 rt = (struct rt6_info *)__ip_vs_dst_check(dest, 0);
173 dst = __ip_vs_route_output_v6(net, &dest->addr.in6,
177 spin_unlock(&dest->dst_lock);
180 rt = (struct rt6_info *) dst;
181 cookie = rt->rt6i_node ? rt->rt6i_node->fn_sernum : 0;
182 __ip_vs_dst_set(dest, 0, dst_clone(&rt->dst), cookie);
183 IP_VS_DBG(10, "new dst %pI6, src %pI6, refcnt=%d\n",
184 &dest->addr.in6, &dest->dst_saddr,
185 atomic_read(&rt->dst.__refcnt));
188 ipv6_addr_copy(ret_saddr, &dest->dst_saddr);
189 spin_unlock(&dest->dst_lock);
191 dst = __ip_vs_route_output_v6(net, &cp->daddr.in6, ret_saddr,
195 rt = (struct rt6_info *) dst;
204 * Release dest->dst_cache before a dest is removed
207 ip_vs_dst_reset(struct ip_vs_dest *dest)
209 struct dst_entry *old_dst;
211 old_dst = dest->dst_cache;
212 dest->dst_cache = NULL;
213 dst_release(old_dst);
216 #define IP_VS_XMIT_TUNNEL(skb, cp) \
218 int __ret = NF_ACCEPT; \
220 (skb)->ipvs_property = 1; \
221 if (unlikely((cp)->flags & IP_VS_CONN_F_NFCT)) \
222 __ret = ip_vs_confirm_conntrack(skb, cp); \
223 if (__ret == NF_ACCEPT) { \
225 skb_forward_csum(skb); \
230 #define IP_VS_XMIT_NAT(pf, skb, cp) \
232 (skb)->ipvs_property = 1; \
233 if (likely(!((cp)->flags & IP_VS_CONN_F_NFCT))) \
234 ip_vs_notrack(skb); \
236 ip_vs_update_conntrack(skb, cp, 1); \
237 skb_forward_csum(skb); \
238 NF_HOOK(pf, NF_INET_LOCAL_OUT, (skb), NULL, \
239 skb_dst(skb)->dev, dst_output); \
242 #define IP_VS_XMIT(pf, skb, cp) \
244 (skb)->ipvs_property = 1; \
245 if (likely(!((cp)->flags & IP_VS_CONN_F_NFCT))) \
246 ip_vs_notrack(skb); \
247 skb_forward_csum(skb); \
248 NF_HOOK(pf, NF_INET_LOCAL_OUT, (skb), NULL, \
249 skb_dst(skb)->dev, dst_output); \
254 * NULL transmitter (do nothing except return NF_ACCEPT)
257 ip_vs_null_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
258 struct ip_vs_protocol *pp)
260 /* we do not touch skb and do not need pskb ptr */
267 * Let packets bypass the destination when the destination is not
268 * available, it may be only used in transparent cache cluster.
271 ip_vs_bypass_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
272 struct ip_vs_protocol *pp)
274 struct net *net = dev_net(skb->dev);
275 struct rtable *rt; /* Route to the other host */
276 struct iphdr *iph = ip_hdr(skb);
285 .tos = RT_TOS(tos), } },
290 if (ip_route_output_key(net, &rt, &fl)) {
291 IP_VS_DBG_RL("%s(): ip_route_output error, dest: %pI4\n",
292 __func__, &iph->daddr);
297 mtu = dst_mtu(&rt->dst);
298 if ((skb->len > mtu) && (iph->frag_off & htons(IP_DF))) {
300 icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu));
301 IP_VS_DBG_RL("%s(): frag needed\n", __func__);
306 * Call ip_send_check because we are not sure it is called
307 * after ip_defrag. Is copy-on-write needed?
309 if (unlikely((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)) {
313 ip_send_check(ip_hdr(skb));
317 skb_dst_set(skb, &rt->dst);
319 /* Another hack: avoid icmp_send in ip_fragment */
322 IP_VS_XMIT(NFPROTO_IPV4, skb, cp);
328 dst_link_failure(skb);
335 #ifdef CONFIG_IP_VS_IPV6
337 ip_vs_bypass_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
338 struct ip_vs_protocol *pp)
340 struct net *net = dev_net(skb->dev);
341 struct dst_entry *dst;
342 struct rt6_info *rt; /* Route to the other host */
343 struct ipv6hdr *iph = ipv6_hdr(skb);
348 dst = __ip_vs_route_output_v6(net, &iph->daddr, NULL, 0);
351 rt = (struct rt6_info *) dst;
354 mtu = dst_mtu(&rt->dst);
355 if (skb->len > mtu) {
356 dst_release(&rt->dst);
357 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
358 IP_VS_DBG_RL("%s(): frag needed\n", __func__);
363 * Call ip_send_check because we are not sure it is called
364 * after ip_defrag. Is copy-on-write needed?
366 skb = skb_share_check(skb, GFP_ATOMIC);
367 if (unlikely(skb == NULL)) {
368 dst_release(&rt->dst);
374 skb_dst_set(skb, &rt->dst);
376 /* Another hack: avoid icmp_send in ip_fragment */
379 IP_VS_XMIT(NFPROTO_IPV6, skb, cp);
385 dst_link_failure(skb);
394 * NAT transmitter (only for outside-to-inside nat forwarding)
395 * Not used for related ICMP
398 ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
399 struct ip_vs_protocol *pp)
401 struct rtable *rt; /* Route to the other host */
403 struct iphdr *iph = ip_hdr(skb);
407 /* check if it is a connection of no-client-port */
408 if (unlikely(cp->flags & IP_VS_CONN_F_NO_CPORT)) {
410 p = skb_header_pointer(skb, iph->ihl*4, sizeof(_pt), &_pt);
413 ip_vs_conn_fill_cport(cp, *p);
414 IP_VS_DBG(10, "filled cport=%d\n", ntohs(*p));
417 if (!(rt = __ip_vs_get_out_rt(skb, cp, RT_TOS(iph->tos))))
421 mtu = dst_mtu(&rt->dst);
422 if ((skb->len > mtu) && (iph->frag_off & htons(IP_DF))) {
424 icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu));
425 IP_VS_DBG_RL_PKT(0, pp, skb, 0, "ip_vs_nat_xmit(): frag needed for");
429 /* copy-on-write the packet before mangling it */
430 if (!skb_make_writable(skb, sizeof(struct iphdr)))
433 if (skb_cow(skb, rt->dst.dev->hard_header_len))
438 skb_dst_set(skb, &rt->dst);
440 /* mangle the packet */
441 if (pp->dnat_handler && !pp->dnat_handler(skb, pp, cp))
443 ip_hdr(skb)->daddr = cp->daddr.ip;
444 ip_send_check(ip_hdr(skb));
446 IP_VS_DBG_PKT(10, pp, skb, 0, "After DNAT");
448 /* FIXME: when application helper enlarges the packet and the length
449 is larger than the MTU of outgoing device, there will be still
452 /* Another hack: avoid icmp_send in ip_fragment */
455 IP_VS_XMIT_NAT(NFPROTO_IPV4, skb, cp);
461 dst_link_failure(skb);
471 #ifdef CONFIG_IP_VS_IPV6
473 ip_vs_nat_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
474 struct ip_vs_protocol *pp)
476 struct rt6_info *rt; /* Route to the other host */
481 /* check if it is a connection of no-client-port */
482 if (unlikely(cp->flags & IP_VS_CONN_F_NO_CPORT)) {
484 p = skb_header_pointer(skb, sizeof(struct ipv6hdr),
488 ip_vs_conn_fill_cport(cp, *p);
489 IP_VS_DBG(10, "filled cport=%d\n", ntohs(*p));
492 rt = __ip_vs_get_out_rt_v6(skb, cp, NULL, 0);
497 mtu = dst_mtu(&rt->dst);
498 if (skb->len > mtu) {
499 dst_release(&rt->dst);
500 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
501 IP_VS_DBG_RL_PKT(0, pp, skb, 0,
502 "ip_vs_nat_xmit_v6(): frag needed for");
506 /* copy-on-write the packet before mangling it */
507 if (!skb_make_writable(skb, sizeof(struct ipv6hdr)))
510 if (skb_cow(skb, rt->dst.dev->hard_header_len))
515 skb_dst_set(skb, &rt->dst);
517 /* mangle the packet */
518 if (pp->dnat_handler && !pp->dnat_handler(skb, pp, cp))
520 ipv6_hdr(skb)->daddr = cp->daddr.in6;
522 IP_VS_DBG_PKT(10, pp, skb, 0, "After DNAT");
524 /* FIXME: when application helper enlarges the packet and the length
525 is larger than the MTU of outgoing device, there will be still
528 /* Another hack: avoid icmp_send in ip_fragment */
531 IP_VS_XMIT_NAT(NFPROTO_IPV6, skb, cp);
537 dst_link_failure(skb);
543 dst_release(&rt->dst);
550 * IP Tunneling transmitter
552 * This function encapsulates the packet in a new IP packet, its
553 * destination will be set to cp->daddr. Most code of this function
554 * is taken from ipip.c.
556 * It is used in VS/TUN cluster. The load balancer selects a real
557 * server from a cluster based on a scheduling algorithm,
558 * encapsulates the request packet and forwards it to the selected
559 * server. For example, all real servers are configured with
560 * "ifconfig tunl0 <Virtual IP Address> up". When the server receives
561 * the encapsulated packet, it will decapsulate the packet, processe
562 * the request and return the response packets directly to the client
563 * without passing the load balancer. This can greatly increase the
564 * scalability of virtual server.
566 * Used for ANY protocol
569 ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
570 struct ip_vs_protocol *pp)
572 struct rtable *rt; /* Route to the other host */
573 struct net_device *tdev; /* Device to other host */
574 struct iphdr *old_iph = ip_hdr(skb);
575 u8 tos = old_iph->tos;
576 __be16 df = old_iph->frag_off;
577 struct iphdr *iph; /* Our new IP header */
578 unsigned int max_headroom; /* The extra header space needed */
584 if (skb->protocol != htons(ETH_P_IP)) {
585 IP_VS_DBG_RL("%s(): protocol error, "
586 "ETH_P_IP: %d, skb protocol: %d\n",
587 __func__, htons(ETH_P_IP), skb->protocol);
591 if (!(rt = __ip_vs_get_out_rt(skb, cp, RT_TOS(tos))))
596 mtu = dst_mtu(&rt->dst) - sizeof(struct iphdr);
599 IP_VS_DBG_RL("%s(): mtu less than 68\n", __func__);
603 skb_dst(skb)->ops->update_pmtu(skb_dst(skb), mtu);
605 df |= (old_iph->frag_off & htons(IP_DF));
607 if ((old_iph->frag_off & htons(IP_DF))
608 && mtu < ntohs(old_iph->tot_len)) {
609 icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu));
611 IP_VS_DBG_RL("%s(): frag needed\n", __func__);
616 * Okay, now see if we can stuff it in the buffer as-is.
618 max_headroom = LL_RESERVED_SPACE(tdev) + sizeof(struct iphdr);
620 if (skb_headroom(skb) < max_headroom
621 || skb_cloned(skb) || skb_shared(skb)) {
622 struct sk_buff *new_skb =
623 skb_realloc_headroom(skb, max_headroom);
627 IP_VS_ERR_RL("%s(): no memory\n", __func__);
632 old_iph = ip_hdr(skb);
635 skb->transport_header = skb->network_header;
637 /* fix old IP header checksum */
638 ip_send_check(old_iph);
640 skb_push(skb, sizeof(struct iphdr));
641 skb_reset_network_header(skb);
642 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
646 skb_dst_set(skb, &rt->dst);
649 * Push down and install the IPIP header.
653 iph->ihl = sizeof(struct iphdr)>>2;
655 iph->protocol = IPPROTO_IPIP;
657 iph->daddr = rt->rt_dst;
658 iph->saddr = rt->rt_src;
659 iph->ttl = old_iph->ttl;
660 ip_select_ident(iph, &rt->dst, NULL);
662 /* Another hack: avoid icmp_send in ip_fragment */
665 ret = IP_VS_XMIT_TUNNEL(skb, cp);
666 if (ret == NF_ACCEPT)
668 else if (ret == NF_DROP)
676 dst_link_failure(skb);
683 #ifdef CONFIG_IP_VS_IPV6
685 ip_vs_tunnel_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
686 struct ip_vs_protocol *pp)
688 struct rt6_info *rt; /* Route to the other host */
689 struct in6_addr saddr; /* Source for tunnel */
690 struct net_device *tdev; /* Device to other host */
691 struct ipv6hdr *old_iph = ipv6_hdr(skb);
692 struct ipv6hdr *iph; /* Our new IP header */
693 unsigned int max_headroom; /* The extra header space needed */
699 if (skb->protocol != htons(ETH_P_IPV6)) {
700 IP_VS_DBG_RL("%s(): protocol error, "
701 "ETH_P_IPV6: %d, skb protocol: %d\n",
702 __func__, htons(ETH_P_IPV6), skb->protocol);
706 rt = __ip_vs_get_out_rt_v6(skb, cp, &saddr, 1);
712 mtu = dst_mtu(&rt->dst) - sizeof(struct ipv6hdr);
713 if (mtu < IPV6_MIN_MTU) {
714 dst_release(&rt->dst);
715 IP_VS_DBG_RL("%s(): mtu less than %d\n", __func__,
720 skb_dst(skb)->ops->update_pmtu(skb_dst(skb), mtu);
722 if (mtu < ntohs(old_iph->payload_len) + sizeof(struct ipv6hdr)) {
723 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
724 dst_release(&rt->dst);
725 IP_VS_DBG_RL("%s(): frag needed\n", __func__);
730 * Okay, now see if we can stuff it in the buffer as-is.
732 max_headroom = LL_RESERVED_SPACE(tdev) + sizeof(struct ipv6hdr);
734 if (skb_headroom(skb) < max_headroom
735 || skb_cloned(skb) || skb_shared(skb)) {
736 struct sk_buff *new_skb =
737 skb_realloc_headroom(skb, max_headroom);
739 dst_release(&rt->dst);
741 IP_VS_ERR_RL("%s(): no memory\n", __func__);
746 old_iph = ipv6_hdr(skb);
749 skb->transport_header = skb->network_header;
751 skb_push(skb, sizeof(struct ipv6hdr));
752 skb_reset_network_header(skb);
753 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
757 skb_dst_set(skb, &rt->dst);
760 * Push down and install the IPIP header.
764 iph->nexthdr = IPPROTO_IPV6;
765 iph->payload_len = old_iph->payload_len;
766 be16_add_cpu(&iph->payload_len, sizeof(*old_iph));
767 iph->priority = old_iph->priority;
768 memset(&iph->flow_lbl, 0, sizeof(iph->flow_lbl));
769 ipv6_addr_copy(&iph->daddr, &cp->daddr.in6);
770 ipv6_addr_copy(&iph->saddr, &saddr);
771 iph->hop_limit = old_iph->hop_limit;
773 /* Another hack: avoid icmp_send in ip_fragment */
776 ret = IP_VS_XMIT_TUNNEL(skb, cp);
777 if (ret == NF_ACCEPT)
779 else if (ret == NF_DROP)
787 dst_link_failure(skb);
797 * Direct Routing transmitter
798 * Used for ANY protocol
801 ip_vs_dr_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
802 struct ip_vs_protocol *pp)
804 struct rtable *rt; /* Route to the other host */
805 struct iphdr *iph = ip_hdr(skb);
810 if (!(rt = __ip_vs_get_out_rt(skb, cp, RT_TOS(iph->tos))))
814 mtu = dst_mtu(&rt->dst);
815 if ((iph->frag_off & htons(IP_DF)) && skb->len > mtu) {
816 icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu));
818 IP_VS_DBG_RL("%s(): frag needed\n", __func__);
823 * Call ip_send_check because we are not sure it is called
824 * after ip_defrag. Is copy-on-write needed?
826 if (unlikely((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)) {
830 ip_send_check(ip_hdr(skb));
834 skb_dst_set(skb, &rt->dst);
836 /* Another hack: avoid icmp_send in ip_fragment */
839 IP_VS_XMIT(NFPROTO_IPV4, skb, cp);
845 dst_link_failure(skb);
852 #ifdef CONFIG_IP_VS_IPV6
854 ip_vs_dr_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
855 struct ip_vs_protocol *pp)
857 struct rt6_info *rt; /* Route to the other host */
862 rt = __ip_vs_get_out_rt_v6(skb, cp, NULL, 0);
867 mtu = dst_mtu(&rt->dst);
868 if (skb->len > mtu) {
869 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
870 dst_release(&rt->dst);
871 IP_VS_DBG_RL("%s(): frag needed\n", __func__);
876 * Call ip_send_check because we are not sure it is called
877 * after ip_defrag. Is copy-on-write needed?
879 skb = skb_share_check(skb, GFP_ATOMIC);
880 if (unlikely(skb == NULL)) {
881 dst_release(&rt->dst);
887 skb_dst_set(skb, &rt->dst);
889 /* Another hack: avoid icmp_send in ip_fragment */
892 IP_VS_XMIT(NFPROTO_IPV6, skb, cp);
898 dst_link_failure(skb);
908 * ICMP packet transmitter
909 * called by the ip_vs_in_icmp
912 ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
913 struct ip_vs_protocol *pp, int offset)
915 struct rtable *rt; /* Route to the other host */
921 /* The ICMP packet for VS/TUN, VS/DR and LOCALNODE will be
922 forwarded directly here, because there is no need to
923 translate address/port back */
924 if (IP_VS_FWD_METHOD(cp) != IP_VS_CONN_F_MASQ) {
926 rc = cp->packet_xmit(skb, cp, pp);
929 /* do not touch skb anymore */
930 atomic_inc(&cp->in_pkts);
935 * mangle and send the packet here (only for VS/NAT)
938 if (!(rt = __ip_vs_get_out_rt(skb, cp, RT_TOS(ip_hdr(skb)->tos))))
942 mtu = dst_mtu(&rt->dst);
943 if ((skb->len > mtu) && (ip_hdr(skb)->frag_off & htons(IP_DF))) {
945 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
946 IP_VS_DBG_RL("%s(): frag needed\n", __func__);
950 /* copy-on-write the packet before mangling it */
951 if (!skb_make_writable(skb, offset))
954 if (skb_cow(skb, rt->dst.dev->hard_header_len))
957 /* drop the old route when skb is not shared */
959 skb_dst_set(skb, &rt->dst);
961 ip_vs_nat_icmp(skb, pp, cp, 0);
963 /* Another hack: avoid icmp_send in ip_fragment */
966 IP_VS_XMIT(NFPROTO_IPV4, skb, cp);
972 dst_link_failure(skb);
984 #ifdef CONFIG_IP_VS_IPV6
986 ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
987 struct ip_vs_protocol *pp, int offset)
989 struct rt6_info *rt; /* Route to the other host */
995 /* The ICMP packet for VS/TUN, VS/DR and LOCALNODE will be
996 forwarded directly here, because there is no need to
997 translate address/port back */
998 if (IP_VS_FWD_METHOD(cp) != IP_VS_CONN_F_MASQ) {
1000 rc = cp->packet_xmit(skb, cp, pp);
1003 /* do not touch skb anymore */
1004 atomic_inc(&cp->in_pkts);
1009 * mangle and send the packet here (only for VS/NAT)
1012 rt = __ip_vs_get_out_rt_v6(skb, cp, NULL, 0);
1017 mtu = dst_mtu(&rt->dst);
1018 if (skb->len > mtu) {
1019 dst_release(&rt->dst);
1020 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
1021 IP_VS_DBG_RL("%s(): frag needed\n", __func__);
1025 /* copy-on-write the packet before mangling it */
1026 if (!skb_make_writable(skb, offset))
1029 if (skb_cow(skb, rt->dst.dev->hard_header_len))
1032 /* drop the old route when skb is not shared */
1034 skb_dst_set(skb, &rt->dst);
1036 ip_vs_nat_icmp_v6(skb, pp, cp, 0);
1038 /* Another hack: avoid icmp_send in ip_fragment */
1041 IP_VS_XMIT(NFPROTO_IPV6, skb, cp);
1047 dst_link_failure(skb);
1055 dst_release(&rt->dst);
git://bbs.cooldavid.org / net-next-2.6.git / blob