]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * ip_vs_xmit.c: various packet transmitters for IPVS | |
3 | * | |
1da177e4 LT |
4 | * Authors: Wensong Zhang <wensong@linuxvirtualserver.org> |
5 | * Julian Anastasov <ja@ssi.bg> | |
6 | * | |
7 | * This program is free software; you can redistribute it and/or | |
8 | * modify it under the terms of the GNU General Public License | |
9 | * as published by the Free Software Foundation; either version | |
10 | * 2 of the License, or (at your option) any later version. | |
11 | * | |
12 | * Changes: | |
13 | * | |
14 | */ | |
15 | ||
9aada7ac HE |
16 | #define KMSG_COMPONENT "IPVS" |
17 | #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt | |
18 | ||
1da177e4 | 19 | #include <linux/kernel.h> |
5a0e3ad6 | 20 | #include <linux/slab.h> |
1da177e4 | 21 | #include <linux/tcp.h> /* for tcphdr */ |
c439cb2e | 22 | #include <net/ip.h> |
1da177e4 LT |
23 | #include <net/tcp.h> /* for csum_tcpudp_magic */ |
24 | #include <net/udp.h> | |
25 | #include <net/icmp.h> /* for icmp_send */ | |
26 | #include <net/route.h> /* for ip_route_output */ | |
38cdcc9a JV |
27 | #include <net/ipv6.h> |
28 | #include <net/ip6_route.h> | |
714f095f | 29 | #include <net/addrconf.h> |
38cdcc9a | 30 | #include <linux/icmpv6.h> |
1da177e4 LT |
31 | #include <linux/netfilter.h> |
32 | #include <linux/netfilter_ipv4.h> | |
33 | ||
34 | #include <net/ip_vs.h> | |
35 | ||
36 | ||
37 | /* | |
38 | * Destination cache to speed up outgoing route lookup | |
39 | */ | |
40 | static inline void | |
714f095f HS |
41 | __ip_vs_dst_set(struct ip_vs_dest *dest, u32 rtos, struct dst_entry *dst, |
42 | u32 dst_cookie) | |
1da177e4 LT |
43 | { |
44 | struct dst_entry *old_dst; | |
45 | ||
46 | old_dst = dest->dst_cache; | |
47 | dest->dst_cache = dst; | |
48 | dest->dst_rtos = rtos; | |
714f095f | 49 | dest->dst_cookie = dst_cookie; |
1da177e4 LT |
50 | dst_release(old_dst); |
51 | } | |
52 | ||
53 | static inline struct dst_entry * | |
714f095f | 54 | __ip_vs_dst_check(struct ip_vs_dest *dest, u32 rtos) |
1da177e4 LT |
55 | { |
56 | struct dst_entry *dst = dest->dst_cache; | |
57 | ||
58 | if (!dst) | |
59 | return NULL; | |
714f095f HS |
60 | if ((dst->obsolete || rtos != dest->dst_rtos) && |
61 | dst->ops->check(dst, dest->dst_cookie) == NULL) { | |
1da177e4 LT |
62 | dest->dst_cache = NULL; |
63 | dst_release(dst); | |
64 | return NULL; | |
65 | } | |
66 | dst_hold(dst); | |
67 | return dst; | |
68 | } | |
69 | ||
ad1b30b1 | 70 | static struct rtable * |
714f095f | 71 | __ip_vs_get_out_rt(struct sk_buff *skb, struct ip_vs_conn *cp, u32 rtos) |
1da177e4 | 72 | { |
714f095f | 73 | struct net *net = dev_net(skb->dev); |
1da177e4 LT |
74 | struct rtable *rt; /* Route to the other host */ |
75 | struct ip_vs_dest *dest = cp->dest; | |
76 | ||
77 | if (dest) { | |
78 | spin_lock(&dest->dst_lock); | |
79 | if (!(rt = (struct rtable *) | |
714f095f | 80 | __ip_vs_dst_check(dest, rtos))) { |
1da177e4 LT |
81 | struct flowi fl = { |
82 | .oif = 0, | |
83 | .nl_u = { | |
84 | .ip4_u = { | |
e7ade46a | 85 | .daddr = dest->addr.ip, |
1da177e4 LT |
86 | .saddr = 0, |
87 | .tos = rtos, } }, | |
88 | }; | |
89 | ||
714f095f | 90 | if (ip_route_output_key(net, &rt, &fl)) { |
1da177e4 | 91 | spin_unlock(&dest->dst_lock); |
14d5e834 HH |
92 | IP_VS_DBG_RL("ip_route_output error, dest: %pI4\n", |
93 | &dest->addr.ip); | |
1da177e4 LT |
94 | return NULL; |
95 | } | |
714f095f | 96 | __ip_vs_dst_set(dest, rtos, dst_clone(&rt->dst), 0); |
14d5e834 HH |
97 | IP_VS_DBG(10, "new dst %pI4, refcnt=%d, rtos=%X\n", |
98 | &dest->addr.ip, | |
d8d1f30b | 99 | atomic_read(&rt->dst.__refcnt), rtos); |
1da177e4 LT |
100 | } |
101 | spin_unlock(&dest->dst_lock); | |
102 | } else { | |
103 | struct flowi fl = { | |
104 | .oif = 0, | |
105 | .nl_u = { | |
106 | .ip4_u = { | |
e7ade46a | 107 | .daddr = cp->daddr.ip, |
1da177e4 LT |
108 | .saddr = 0, |
109 | .tos = rtos, } }, | |
110 | }; | |
111 | ||
714f095f | 112 | if (ip_route_output_key(net, &rt, &fl)) { |
14d5e834 HH |
113 | IP_VS_DBG_RL("ip_route_output error, dest: %pI4\n", |
114 | &cp->daddr.ip); | |
1da177e4 LT |
115 | return NULL; |
116 | } | |
117 | } | |
118 | ||
119 | return rt; | |
120 | } | |
121 | ||
38cdcc9a | 122 | #ifdef CONFIG_IP_VS_IPV6 |
714f095f HS |
123 | |
124 | static struct dst_entry * | |
125 | __ip_vs_route_output_v6(struct net *net, struct in6_addr *daddr, | |
126 | struct in6_addr *ret_saddr, int do_xfrm) | |
127 | { | |
128 | struct dst_entry *dst; | |
129 | struct flowi fl = { | |
130 | .oif = 0, | |
131 | .nl_u = { | |
132 | .ip6_u = { | |
133 | .daddr = *daddr, | |
134 | }, | |
135 | }, | |
136 | }; | |
137 | ||
138 | dst = ip6_route_output(net, NULL, &fl); | |
139 | if (dst->error) | |
140 | goto out_err; | |
141 | if (!ret_saddr) | |
142 | return dst; | |
143 | if (ipv6_addr_any(&fl.fl6_src) && | |
144 | ipv6_dev_get_saddr(net, ip6_dst_idev(dst)->dev, | |
145 | &fl.fl6_dst, 0, &fl.fl6_src) < 0) | |
146 | goto out_err; | |
147 | if (do_xfrm && xfrm_lookup(net, &dst, &fl, NULL, 0) < 0) | |
148 | goto out_err; | |
149 | ipv6_addr_copy(ret_saddr, &fl.fl6_src); | |
150 | return dst; | |
151 | ||
152 | out_err: | |
153 | dst_release(dst); | |
154 | IP_VS_DBG_RL("ip6_route_output error, dest: %pI6\n", daddr); | |
155 | return NULL; | |
156 | } | |
157 | ||
38cdcc9a | 158 | static struct rt6_info * |
714f095f HS |
159 | __ip_vs_get_out_rt_v6(struct sk_buff *skb, struct ip_vs_conn *cp, |
160 | struct in6_addr *ret_saddr, int do_xfrm) | |
38cdcc9a | 161 | { |
714f095f | 162 | struct net *net = dev_net(skb->dev); |
38cdcc9a JV |
163 | struct rt6_info *rt; /* Route to the other host */ |
164 | struct ip_vs_dest *dest = cp->dest; | |
714f095f | 165 | struct dst_entry *dst; |
38cdcc9a JV |
166 | |
167 | if (dest) { | |
168 | spin_lock(&dest->dst_lock); | |
714f095f | 169 | rt = (struct rt6_info *)__ip_vs_dst_check(dest, 0); |
38cdcc9a | 170 | if (!rt) { |
714f095f | 171 | u32 cookie; |
38cdcc9a | 172 | |
714f095f HS |
173 | dst = __ip_vs_route_output_v6(net, &dest->addr.in6, |
174 | &dest->dst_saddr, | |
175 | do_xfrm); | |
176 | if (!dst) { | |
38cdcc9a | 177 | spin_unlock(&dest->dst_lock); |
38cdcc9a JV |
178 | return NULL; |
179 | } | |
714f095f HS |
180 | rt = (struct rt6_info *) dst; |
181 | cookie = rt->rt6i_node ? rt->rt6i_node->fn_sernum : 0; | |
182 | __ip_vs_dst_set(dest, 0, dst_clone(&rt->dst), cookie); | |
183 | IP_VS_DBG(10, "new dst %pI6, src %pI6, refcnt=%d\n", | |
184 | &dest->addr.in6, &dest->dst_saddr, | |
d8d1f30b | 185 | atomic_read(&rt->dst.__refcnt)); |
38cdcc9a | 186 | } |
714f095f HS |
187 | if (ret_saddr) |
188 | ipv6_addr_copy(ret_saddr, &dest->dst_saddr); | |
38cdcc9a JV |
189 | spin_unlock(&dest->dst_lock); |
190 | } else { | |
714f095f HS |
191 | dst = __ip_vs_route_output_v6(net, &cp->daddr.in6, ret_saddr, |
192 | do_xfrm); | |
193 | if (!dst) | |
38cdcc9a | 194 | return NULL; |
714f095f | 195 | rt = (struct rt6_info *) dst; |
38cdcc9a JV |
196 | } |
197 | ||
198 | return rt; | |
199 | } | |
200 | #endif | |
201 | ||
1da177e4 LT |
202 | |
203 | /* | |
204 | * Release dest->dst_cache before a dest is removed | |
205 | */ | |
206 | void | |
207 | ip_vs_dst_reset(struct ip_vs_dest *dest) | |
208 | { | |
209 | struct dst_entry *old_dst; | |
210 | ||
211 | old_dst = dest->dst_cache; | |
212 | dest->dst_cache = NULL; | |
213 | dst_release(old_dst); | |
214 | } | |
215 | ||
f4bc17cd JA |
216 | #define IP_VS_XMIT_TUNNEL(skb, cp) \ |
217 | ({ \ | |
218 | int __ret = NF_ACCEPT; \ | |
219 | \ | |
cf356d69 | 220 | (skb)->ipvs_property = 1; \ |
f4bc17cd JA |
221 | if (unlikely((cp)->flags & IP_VS_CONN_F_NFCT)) \ |
222 | __ret = ip_vs_confirm_conntrack(skb, cp); \ | |
223 | if (__ret == NF_ACCEPT) { \ | |
224 | nf_reset(skb); \ | |
225 | (skb)->ip_summed = CHECKSUM_NONE; \ | |
226 | } \ | |
227 | __ret; \ | |
228 | }) | |
229 | ||
230 | #define IP_VS_XMIT_NAT(pf, skb, cp) \ | |
1da177e4 | 231 | do { \ |
cf356d69 | 232 | (skb)->ipvs_property = 1; \ |
f4bc17cd | 233 | if (likely(!((cp)->flags & IP_VS_CONN_F_NFCT))) \ |
cf356d69 | 234 | ip_vs_notrack(skb); \ |
f4bc17cd JA |
235 | else \ |
236 | ip_vs_update_conntrack(skb, cp, 1); \ | |
ccc7911f | 237 | skb_forward_csum(skb); \ |
38cdcc9a | 238 | NF_HOOK(pf, NF_INET_LOCAL_OUT, (skb), NULL, \ |
f4bc17cd JA |
239 | skb_dst(skb)->dev, dst_output); \ |
240 | } while (0) | |
241 | ||
242 | #define IP_VS_XMIT(pf, skb, cp) \ | |
243 | do { \ | |
cf356d69 | 244 | (skb)->ipvs_property = 1; \ |
f4bc17cd | 245 | if (likely(!((cp)->flags & IP_VS_CONN_F_NFCT))) \ |
cf356d69 | 246 | ip_vs_notrack(skb); \ |
f4bc17cd JA |
247 | skb_forward_csum(skb); \ |
248 | NF_HOOK(pf, NF_INET_LOCAL_OUT, (skb), NULL, \ | |
249 | skb_dst(skb)->dev, dst_output); \ | |
1da177e4 LT |
250 | } while (0) |
251 | ||
252 | ||
253 | /* | |
254 | * NULL transmitter (do nothing except return NF_ACCEPT) | |
255 | */ | |
256 | int | |
257 | ip_vs_null_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |
258 | struct ip_vs_protocol *pp) | |
259 | { | |
260 | /* we do not touch skb and do not need pskb ptr */ | |
261 | return NF_ACCEPT; | |
262 | } | |
263 | ||
264 | ||
265 | /* | |
266 | * Bypass transmitter | |
267 | * Let packets bypass the destination when the destination is not | |
268 | * available, it may be only used in transparent cache cluster. | |
269 | */ | |
270 | int | |
271 | ip_vs_bypass_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |
272 | struct ip_vs_protocol *pp) | |
273 | { | |
714f095f | 274 | struct net *net = dev_net(skb->dev); |
1da177e4 | 275 | struct rtable *rt; /* Route to the other host */ |
eddc9ec5 | 276 | struct iphdr *iph = ip_hdr(skb); |
1da177e4 LT |
277 | u8 tos = iph->tos; |
278 | int mtu; | |
279 | struct flowi fl = { | |
280 | .oif = 0, | |
281 | .nl_u = { | |
282 | .ip4_u = { | |
283 | .daddr = iph->daddr, | |
284 | .saddr = 0, | |
285 | .tos = RT_TOS(tos), } }, | |
286 | }; | |
287 | ||
288 | EnterFunction(10); | |
289 | ||
714f095f | 290 | if (ip_route_output_key(net, &rt, &fl)) { |
1e3e238e HE |
291 | IP_VS_DBG_RL("%s(): ip_route_output error, dest: %pI4\n", |
292 | __func__, &iph->daddr); | |
1da177e4 LT |
293 | goto tx_error_icmp; |
294 | } | |
295 | ||
296 | /* MTU checking */ | |
d8d1f30b | 297 | mtu = dst_mtu(&rt->dst); |
4412ec49 | 298 | if ((skb->len > mtu) && (iph->frag_off & htons(IP_DF))) { |
1da177e4 LT |
299 | ip_rt_put(rt); |
300 | icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu)); | |
1e3e238e | 301 | IP_VS_DBG_RL("%s(): frag needed\n", __func__); |
1da177e4 LT |
302 | goto tx_error; |
303 | } | |
304 | ||
305 | /* | |
306 | * Call ip_send_check because we are not sure it is called | |
307 | * after ip_defrag. Is copy-on-write needed? | |
308 | */ | |
309 | if (unlikely((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)) { | |
310 | ip_rt_put(rt); | |
311 | return NF_STOLEN; | |
312 | } | |
eddc9ec5 | 313 | ip_send_check(ip_hdr(skb)); |
1da177e4 LT |
314 | |
315 | /* drop old route */ | |
adf30907 | 316 | skb_dst_drop(skb); |
d8d1f30b | 317 | skb_dst_set(skb, &rt->dst); |
1da177e4 LT |
318 | |
319 | /* Another hack: avoid icmp_send in ip_fragment */ | |
320 | skb->local_df = 1; | |
321 | ||
f4bc17cd | 322 | IP_VS_XMIT(NFPROTO_IPV4, skb, cp); |
1da177e4 LT |
323 | |
324 | LeaveFunction(10); | |
325 | return NF_STOLEN; | |
326 | ||
327 | tx_error_icmp: | |
328 | dst_link_failure(skb); | |
329 | tx_error: | |
330 | kfree_skb(skb); | |
331 | LeaveFunction(10); | |
332 | return NF_STOLEN; | |
333 | } | |
334 | ||
b3cdd2a7 JV |
335 | #ifdef CONFIG_IP_VS_IPV6 |
336 | int | |
337 | ip_vs_bypass_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, | |
338 | struct ip_vs_protocol *pp) | |
339 | { | |
714f095f HS |
340 | struct net *net = dev_net(skb->dev); |
341 | struct dst_entry *dst; | |
b3cdd2a7 JV |
342 | struct rt6_info *rt; /* Route to the other host */ |
343 | struct ipv6hdr *iph = ipv6_hdr(skb); | |
344 | int mtu; | |
b3cdd2a7 JV |
345 | |
346 | EnterFunction(10); | |
347 | ||
714f095f HS |
348 | dst = __ip_vs_route_output_v6(net, &iph->daddr, NULL, 0); |
349 | if (!dst) | |
b3cdd2a7 | 350 | goto tx_error_icmp; |
714f095f | 351 | rt = (struct rt6_info *) dst; |
b3cdd2a7 JV |
352 | |
353 | /* MTU checking */ | |
d8d1f30b | 354 | mtu = dst_mtu(&rt->dst); |
b3cdd2a7 | 355 | if (skb->len > mtu) { |
d8d1f30b | 356 | dst_release(&rt->dst); |
3ffe533c | 357 | icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); |
1e3e238e | 358 | IP_VS_DBG_RL("%s(): frag needed\n", __func__); |
b3cdd2a7 JV |
359 | goto tx_error; |
360 | } | |
361 | ||
362 | /* | |
363 | * Call ip_send_check because we are not sure it is called | |
364 | * after ip_defrag. Is copy-on-write needed? | |
365 | */ | |
366 | skb = skb_share_check(skb, GFP_ATOMIC); | |
367 | if (unlikely(skb == NULL)) { | |
d8d1f30b | 368 | dst_release(&rt->dst); |
b3cdd2a7 JV |
369 | return NF_STOLEN; |
370 | } | |
371 | ||
372 | /* drop old route */ | |
adf30907 | 373 | skb_dst_drop(skb); |
d8d1f30b | 374 | skb_dst_set(skb, &rt->dst); |
b3cdd2a7 JV |
375 | |
376 | /* Another hack: avoid icmp_send in ip_fragment */ | |
377 | skb->local_df = 1; | |
378 | ||
f4bc17cd | 379 | IP_VS_XMIT(NFPROTO_IPV6, skb, cp); |
b3cdd2a7 JV |
380 | |
381 | LeaveFunction(10); | |
382 | return NF_STOLEN; | |
383 | ||
384 | tx_error_icmp: | |
385 | dst_link_failure(skb); | |
386 | tx_error: | |
387 | kfree_skb(skb); | |
388 | LeaveFunction(10); | |
389 | return NF_STOLEN; | |
390 | } | |
391 | #endif | |
1da177e4 LT |
392 | |
393 | /* | |
394 | * NAT transmitter (only for outside-to-inside nat forwarding) | |
395 | * Not used for related ICMP | |
396 | */ | |
397 | int | |
398 | ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |
399 | struct ip_vs_protocol *pp) | |
400 | { | |
401 | struct rtable *rt; /* Route to the other host */ | |
402 | int mtu; | |
eddc9ec5 | 403 | struct iphdr *iph = ip_hdr(skb); |
1da177e4 LT |
404 | |
405 | EnterFunction(10); | |
406 | ||
407 | /* check if it is a connection of no-client-port */ | |
408 | if (unlikely(cp->flags & IP_VS_CONN_F_NO_CPORT)) { | |
014d730d | 409 | __be16 _pt, *p; |
1da177e4 LT |
410 | p = skb_header_pointer(skb, iph->ihl*4, sizeof(_pt), &_pt); |
411 | if (p == NULL) | |
412 | goto tx_error; | |
413 | ip_vs_conn_fill_cport(cp, *p); | |
414 | IP_VS_DBG(10, "filled cport=%d\n", ntohs(*p)); | |
415 | } | |
416 | ||
714f095f | 417 | if (!(rt = __ip_vs_get_out_rt(skb, cp, RT_TOS(iph->tos)))) |
1da177e4 LT |
418 | goto tx_error_icmp; |
419 | ||
420 | /* MTU checking */ | |
d8d1f30b | 421 | mtu = dst_mtu(&rt->dst); |
4412ec49 | 422 | if ((skb->len > mtu) && (iph->frag_off & htons(IP_DF))) { |
1da177e4 LT |
423 | ip_rt_put(rt); |
424 | icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu)); | |
425 | IP_VS_DBG_RL_PKT(0, pp, skb, 0, "ip_vs_nat_xmit(): frag needed for"); | |
426 | goto tx_error; | |
427 | } | |
428 | ||
429 | /* copy-on-write the packet before mangling it */ | |
af1e1cf0 | 430 | if (!skb_make_writable(skb, sizeof(struct iphdr))) |
1da177e4 LT |
431 | goto tx_error_put; |
432 | ||
d8d1f30b | 433 | if (skb_cow(skb, rt->dst.dev->hard_header_len)) |
1da177e4 LT |
434 | goto tx_error_put; |
435 | ||
436 | /* drop old route */ | |
adf30907 | 437 | skb_dst_drop(skb); |
d8d1f30b | 438 | skb_dst_set(skb, &rt->dst); |
1da177e4 LT |
439 | |
440 | /* mangle the packet */ | |
3db05fea | 441 | if (pp->dnat_handler && !pp->dnat_handler(skb, pp, cp)) |
1da177e4 | 442 | goto tx_error; |
e7ade46a | 443 | ip_hdr(skb)->daddr = cp->daddr.ip; |
eddc9ec5 | 444 | ip_send_check(ip_hdr(skb)); |
1da177e4 LT |
445 | |
446 | IP_VS_DBG_PKT(10, pp, skb, 0, "After DNAT"); | |
447 | ||
448 | /* FIXME: when application helper enlarges the packet and the length | |
449 | is larger than the MTU of outgoing device, there will be still | |
450 | MTU problem. */ | |
451 | ||
452 | /* Another hack: avoid icmp_send in ip_fragment */ | |
453 | skb->local_df = 1; | |
454 | ||
f4bc17cd | 455 | IP_VS_XMIT_NAT(NFPROTO_IPV4, skb, cp); |
1da177e4 LT |
456 | |
457 | LeaveFunction(10); | |
458 | return NF_STOLEN; | |
459 | ||
460 | tx_error_icmp: | |
461 | dst_link_failure(skb); | |
462 | tx_error: | |
1da177e4 | 463 | kfree_skb(skb); |
f4bc17cd | 464 | LeaveFunction(10); |
1da177e4 LT |
465 | return NF_STOLEN; |
466 | tx_error_put: | |
467 | ip_rt_put(rt); | |
468 | goto tx_error; | |
469 | } | |
470 | ||
b3cdd2a7 JV |
471 | #ifdef CONFIG_IP_VS_IPV6 |
472 | int | |
473 | ip_vs_nat_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, | |
474 | struct ip_vs_protocol *pp) | |
475 | { | |
476 | struct rt6_info *rt; /* Route to the other host */ | |
477 | int mtu; | |
478 | ||
479 | EnterFunction(10); | |
480 | ||
481 | /* check if it is a connection of no-client-port */ | |
482 | if (unlikely(cp->flags & IP_VS_CONN_F_NO_CPORT)) { | |
483 | __be16 _pt, *p; | |
484 | p = skb_header_pointer(skb, sizeof(struct ipv6hdr), | |
485 | sizeof(_pt), &_pt); | |
486 | if (p == NULL) | |
487 | goto tx_error; | |
488 | ip_vs_conn_fill_cport(cp, *p); | |
489 | IP_VS_DBG(10, "filled cport=%d\n", ntohs(*p)); | |
490 | } | |
491 | ||
714f095f | 492 | rt = __ip_vs_get_out_rt_v6(skb, cp, NULL, 0); |
b3cdd2a7 JV |
493 | if (!rt) |
494 | goto tx_error_icmp; | |
495 | ||
496 | /* MTU checking */ | |
d8d1f30b | 497 | mtu = dst_mtu(&rt->dst); |
b3cdd2a7 | 498 | if (skb->len > mtu) { |
d8d1f30b | 499 | dst_release(&rt->dst); |
3ffe533c | 500 | icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); |
b3cdd2a7 JV |
501 | IP_VS_DBG_RL_PKT(0, pp, skb, 0, |
502 | "ip_vs_nat_xmit_v6(): frag needed for"); | |
503 | goto tx_error; | |
504 | } | |
505 | ||
506 | /* copy-on-write the packet before mangling it */ | |
507 | if (!skb_make_writable(skb, sizeof(struct ipv6hdr))) | |
508 | goto tx_error_put; | |
509 | ||
d8d1f30b | 510 | if (skb_cow(skb, rt->dst.dev->hard_header_len)) |
b3cdd2a7 JV |
511 | goto tx_error_put; |
512 | ||
513 | /* drop old route */ | |
adf30907 | 514 | skb_dst_drop(skb); |
d8d1f30b | 515 | skb_dst_set(skb, &rt->dst); |
b3cdd2a7 JV |
516 | |
517 | /* mangle the packet */ | |
518 | if (pp->dnat_handler && !pp->dnat_handler(skb, pp, cp)) | |
519 | goto tx_error; | |
520 | ipv6_hdr(skb)->daddr = cp->daddr.in6; | |
521 | ||
522 | IP_VS_DBG_PKT(10, pp, skb, 0, "After DNAT"); | |
523 | ||
524 | /* FIXME: when application helper enlarges the packet and the length | |
525 | is larger than the MTU of outgoing device, there will be still | |
526 | MTU problem. */ | |
527 | ||
528 | /* Another hack: avoid icmp_send in ip_fragment */ | |
529 | skb->local_df = 1; | |
530 | ||
f4bc17cd | 531 | IP_VS_XMIT_NAT(NFPROTO_IPV6, skb, cp); |
b3cdd2a7 JV |
532 | |
533 | LeaveFunction(10); | |
534 | return NF_STOLEN; | |
535 | ||
536 | tx_error_icmp: | |
537 | dst_link_failure(skb); | |
538 | tx_error: | |
539 | LeaveFunction(10); | |
540 | kfree_skb(skb); | |
541 | return NF_STOLEN; | |
542 | tx_error_put: | |
d8d1f30b | 543 | dst_release(&rt->dst); |
b3cdd2a7 JV |
544 | goto tx_error; |
545 | } | |
546 | #endif | |
547 | ||
1da177e4 LT |
548 | |
549 | /* | |
550 | * IP Tunneling transmitter | |
551 | * | |
552 | * This function encapsulates the packet in a new IP packet, its | |
553 | * destination will be set to cp->daddr. Most code of this function | |
554 | * is taken from ipip.c. | |
555 | * | |
556 | * It is used in VS/TUN cluster. The load balancer selects a real | |
557 | * server from a cluster based on a scheduling algorithm, | |
558 | * encapsulates the request packet and forwards it to the selected | |
559 | * server. For example, all real servers are configured with | |
560 | * "ifconfig tunl0 <Virtual IP Address> up". When the server receives | |
561 | * the encapsulated packet, it will decapsulate the packet, processe | |
562 | * the request and return the response packets directly to the client | |
563 | * without passing the load balancer. This can greatly increase the | |
564 | * scalability of virtual server. | |
565 | * | |
566 | * Used for ANY protocol | |
567 | */ | |
568 | int | |
569 | ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |
570 | struct ip_vs_protocol *pp) | |
571 | { | |
572 | struct rtable *rt; /* Route to the other host */ | |
573 | struct net_device *tdev; /* Device to other host */ | |
eddc9ec5 | 574 | struct iphdr *old_iph = ip_hdr(skb); |
1da177e4 | 575 | u8 tos = old_iph->tos; |
76ab608d | 576 | __be16 df = old_iph->frag_off; |
1da177e4 | 577 | struct iphdr *iph; /* Our new IP header */ |
c2636b4d | 578 | unsigned int max_headroom; /* The extra header space needed */ |
1da177e4 | 579 | int mtu; |
f4bc17cd | 580 | int ret; |
1da177e4 LT |
581 | |
582 | EnterFunction(10); | |
583 | ||
4412ec49 | 584 | if (skb->protocol != htons(ETH_P_IP)) { |
1e3e238e | 585 | IP_VS_DBG_RL("%s(): protocol error, " |
1da177e4 | 586 | "ETH_P_IP: %d, skb protocol: %d\n", |
1e3e238e | 587 | __func__, htons(ETH_P_IP), skb->protocol); |
1da177e4 LT |
588 | goto tx_error; |
589 | } | |
590 | ||
714f095f | 591 | if (!(rt = __ip_vs_get_out_rt(skb, cp, RT_TOS(tos)))) |
1da177e4 LT |
592 | goto tx_error_icmp; |
593 | ||
d8d1f30b | 594 | tdev = rt->dst.dev; |
1da177e4 | 595 | |
d8d1f30b | 596 | mtu = dst_mtu(&rt->dst) - sizeof(struct iphdr); |
1da177e4 LT |
597 | if (mtu < 68) { |
598 | ip_rt_put(rt); | |
1e3e238e | 599 | IP_VS_DBG_RL("%s(): mtu less than 68\n", __func__); |
1da177e4 LT |
600 | goto tx_error; |
601 | } | |
adf30907 ED |
602 | if (skb_dst(skb)) |
603 | skb_dst(skb)->ops->update_pmtu(skb_dst(skb), mtu); | |
1da177e4 | 604 | |
4412ec49 | 605 | df |= (old_iph->frag_off & htons(IP_DF)); |
1da177e4 | 606 | |
4412ec49 | 607 | if ((old_iph->frag_off & htons(IP_DF)) |
1da177e4 LT |
608 | && mtu < ntohs(old_iph->tot_len)) { |
609 | icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu)); | |
610 | ip_rt_put(rt); | |
1e3e238e | 611 | IP_VS_DBG_RL("%s(): frag needed\n", __func__); |
1da177e4 LT |
612 | goto tx_error; |
613 | } | |
614 | ||
615 | /* | |
616 | * Okay, now see if we can stuff it in the buffer as-is. | |
617 | */ | |
618 | max_headroom = LL_RESERVED_SPACE(tdev) + sizeof(struct iphdr); | |
619 | ||
620 | if (skb_headroom(skb) < max_headroom | |
621 | || skb_cloned(skb) || skb_shared(skb)) { | |
622 | struct sk_buff *new_skb = | |
623 | skb_realloc_headroom(skb, max_headroom); | |
624 | if (!new_skb) { | |
625 | ip_rt_put(rt); | |
626 | kfree_skb(skb); | |
1e3e238e | 627 | IP_VS_ERR_RL("%s(): no memory\n", __func__); |
1da177e4 LT |
628 | return NF_STOLEN; |
629 | } | |
630 | kfree_skb(skb); | |
631 | skb = new_skb; | |
eddc9ec5 | 632 | old_iph = ip_hdr(skb); |
1da177e4 LT |
633 | } |
634 | ||
714f095f | 635 | skb->transport_header = skb->network_header; |
1da177e4 LT |
636 | |
637 | /* fix old IP header checksum */ | |
638 | ip_send_check(old_iph); | |
639 | ||
e2d1bca7 ACM |
640 | skb_push(skb, sizeof(struct iphdr)); |
641 | skb_reset_network_header(skb); | |
1da177e4 LT |
642 | memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); |
643 | ||
644 | /* drop old route */ | |
adf30907 | 645 | skb_dst_drop(skb); |
d8d1f30b | 646 | skb_dst_set(skb, &rt->dst); |
1da177e4 LT |
647 | |
648 | /* | |
649 | * Push down and install the IPIP header. | |
650 | */ | |
eddc9ec5 | 651 | iph = ip_hdr(skb); |
1da177e4 LT |
652 | iph->version = 4; |
653 | iph->ihl = sizeof(struct iphdr)>>2; | |
654 | iph->frag_off = df; | |
655 | iph->protocol = IPPROTO_IPIP; | |
656 | iph->tos = tos; | |
657 | iph->daddr = rt->rt_dst; | |
658 | iph->saddr = rt->rt_src; | |
659 | iph->ttl = old_iph->ttl; | |
d8d1f30b | 660 | ip_select_ident(iph, &rt->dst, NULL); |
1da177e4 LT |
661 | |
662 | /* Another hack: avoid icmp_send in ip_fragment */ | |
663 | skb->local_df = 1; | |
664 | ||
f4bc17cd JA |
665 | ret = IP_VS_XMIT_TUNNEL(skb, cp); |
666 | if (ret == NF_ACCEPT) | |
667 | ip_local_out(skb); | |
668 | else if (ret == NF_DROP) | |
669 | kfree_skb(skb); | |
1da177e4 LT |
670 | |
671 | LeaveFunction(10); | |
672 | ||
673 | return NF_STOLEN; | |
674 | ||
675 | tx_error_icmp: | |
676 | dst_link_failure(skb); | |
677 | tx_error: | |
678 | kfree_skb(skb); | |
679 | LeaveFunction(10); | |
680 | return NF_STOLEN; | |
681 | } | |
682 | ||
b3cdd2a7 JV |
683 | #ifdef CONFIG_IP_VS_IPV6 |
684 | int | |
685 | ip_vs_tunnel_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, | |
686 | struct ip_vs_protocol *pp) | |
687 | { | |
688 | struct rt6_info *rt; /* Route to the other host */ | |
714f095f | 689 | struct in6_addr saddr; /* Source for tunnel */ |
b3cdd2a7 JV |
690 | struct net_device *tdev; /* Device to other host */ |
691 | struct ipv6hdr *old_iph = ipv6_hdr(skb); | |
b3cdd2a7 JV |
692 | struct ipv6hdr *iph; /* Our new IP header */ |
693 | unsigned int max_headroom; /* The extra header space needed */ | |
694 | int mtu; | |
f4bc17cd | 695 | int ret; |
b3cdd2a7 JV |
696 | |
697 | EnterFunction(10); | |
698 | ||
699 | if (skb->protocol != htons(ETH_P_IPV6)) { | |
1e3e238e | 700 | IP_VS_DBG_RL("%s(): protocol error, " |
b3cdd2a7 | 701 | "ETH_P_IPV6: %d, skb protocol: %d\n", |
1e3e238e | 702 | __func__, htons(ETH_P_IPV6), skb->protocol); |
b3cdd2a7 JV |
703 | goto tx_error; |
704 | } | |
705 | ||
714f095f | 706 | rt = __ip_vs_get_out_rt_v6(skb, cp, &saddr, 1); |
b3cdd2a7 JV |
707 | if (!rt) |
708 | goto tx_error_icmp; | |
709 | ||
d8d1f30b | 710 | tdev = rt->dst.dev; |
b3cdd2a7 | 711 | |
d8d1f30b | 712 | mtu = dst_mtu(&rt->dst) - sizeof(struct ipv6hdr); |
714f095f | 713 | if (mtu < IPV6_MIN_MTU) { |
d8d1f30b | 714 | dst_release(&rt->dst); |
714f095f HS |
715 | IP_VS_DBG_RL("%s(): mtu less than %d\n", __func__, |
716 | IPV6_MIN_MTU); | |
b3cdd2a7 JV |
717 | goto tx_error; |
718 | } | |
adf30907 ED |
719 | if (skb_dst(skb)) |
720 | skb_dst(skb)->ops->update_pmtu(skb_dst(skb), mtu); | |
b3cdd2a7 JV |
721 | |
722 | if (mtu < ntohs(old_iph->payload_len) + sizeof(struct ipv6hdr)) { | |
3ffe533c | 723 | icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); |
d8d1f30b | 724 | dst_release(&rt->dst); |
1e3e238e | 725 | IP_VS_DBG_RL("%s(): frag needed\n", __func__); |
b3cdd2a7 JV |
726 | goto tx_error; |
727 | } | |
728 | ||
729 | /* | |
730 | * Okay, now see if we can stuff it in the buffer as-is. | |
731 | */ | |
732 | max_headroom = LL_RESERVED_SPACE(tdev) + sizeof(struct ipv6hdr); | |
733 | ||
734 | if (skb_headroom(skb) < max_headroom | |
735 | || skb_cloned(skb) || skb_shared(skb)) { | |
736 | struct sk_buff *new_skb = | |
737 | skb_realloc_headroom(skb, max_headroom); | |
738 | if (!new_skb) { | |
d8d1f30b | 739 | dst_release(&rt->dst); |
b3cdd2a7 | 740 | kfree_skb(skb); |
1e3e238e | 741 | IP_VS_ERR_RL("%s(): no memory\n", __func__); |
b3cdd2a7 JV |
742 | return NF_STOLEN; |
743 | } | |
744 | kfree_skb(skb); | |
745 | skb = new_skb; | |
746 | old_iph = ipv6_hdr(skb); | |
747 | } | |
748 | ||
714f095f | 749 | skb->transport_header = skb->network_header; |
b3cdd2a7 JV |
750 | |
751 | skb_push(skb, sizeof(struct ipv6hdr)); | |
752 | skb_reset_network_header(skb); | |
753 | memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); | |
754 | ||
755 | /* drop old route */ | |
adf30907 | 756 | skb_dst_drop(skb); |
d8d1f30b | 757 | skb_dst_set(skb, &rt->dst); |
b3cdd2a7 JV |
758 | |
759 | /* | |
760 | * Push down and install the IPIP header. | |
761 | */ | |
762 | iph = ipv6_hdr(skb); | |
763 | iph->version = 6; | |
764 | iph->nexthdr = IPPROTO_IPV6; | |
b7b45f47 HH |
765 | iph->payload_len = old_iph->payload_len; |
766 | be16_add_cpu(&iph->payload_len, sizeof(*old_iph)); | |
b3cdd2a7 JV |
767 | iph->priority = old_iph->priority; |
768 | memset(&iph->flow_lbl, 0, sizeof(iph->flow_lbl)); | |
714f095f HS |
769 | ipv6_addr_copy(&iph->daddr, &cp->daddr.in6); |
770 | ipv6_addr_copy(&iph->saddr, &saddr); | |
b3cdd2a7 JV |
771 | iph->hop_limit = old_iph->hop_limit; |
772 | ||
773 | /* Another hack: avoid icmp_send in ip_fragment */ | |
774 | skb->local_df = 1; | |
775 | ||
f4bc17cd JA |
776 | ret = IP_VS_XMIT_TUNNEL(skb, cp); |
777 | if (ret == NF_ACCEPT) | |
778 | ip6_local_out(skb); | |
779 | else if (ret == NF_DROP) | |
780 | kfree_skb(skb); | |
b3cdd2a7 JV |
781 | |
782 | LeaveFunction(10); | |
783 | ||
784 | return NF_STOLEN; | |
785 | ||
786 | tx_error_icmp: | |
787 | dst_link_failure(skb); | |
788 | tx_error: | |
789 | kfree_skb(skb); | |
790 | LeaveFunction(10); | |
791 | return NF_STOLEN; | |
792 | } | |
793 | #endif | |
794 | ||
1da177e4 LT |
795 | |
796 | /* | |
797 | * Direct Routing transmitter | |
798 | * Used for ANY protocol | |
799 | */ | |
800 | int | |
801 | ip_vs_dr_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |
802 | struct ip_vs_protocol *pp) | |
803 | { | |
804 | struct rtable *rt; /* Route to the other host */ | |
eddc9ec5 | 805 | struct iphdr *iph = ip_hdr(skb); |
1da177e4 LT |
806 | int mtu; |
807 | ||
808 | EnterFunction(10); | |
809 | ||
714f095f | 810 | if (!(rt = __ip_vs_get_out_rt(skb, cp, RT_TOS(iph->tos)))) |
1da177e4 LT |
811 | goto tx_error_icmp; |
812 | ||
813 | /* MTU checking */ | |
d8d1f30b | 814 | mtu = dst_mtu(&rt->dst); |
4412ec49 | 815 | if ((iph->frag_off & htons(IP_DF)) && skb->len > mtu) { |
1da177e4 LT |
816 | icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu)); |
817 | ip_rt_put(rt); | |
1e3e238e | 818 | IP_VS_DBG_RL("%s(): frag needed\n", __func__); |
1da177e4 LT |
819 | goto tx_error; |
820 | } | |
821 | ||
822 | /* | |
823 | * Call ip_send_check because we are not sure it is called | |
824 | * after ip_defrag. Is copy-on-write needed? | |
825 | */ | |
826 | if (unlikely((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)) { | |
827 | ip_rt_put(rt); | |
828 | return NF_STOLEN; | |
829 | } | |
eddc9ec5 | 830 | ip_send_check(ip_hdr(skb)); |
1da177e4 LT |
831 | |
832 | /* drop old route */ | |
adf30907 | 833 | skb_dst_drop(skb); |
d8d1f30b | 834 | skb_dst_set(skb, &rt->dst); |
1da177e4 LT |
835 | |
836 | /* Another hack: avoid icmp_send in ip_fragment */ | |
837 | skb->local_df = 1; | |
838 | ||
f4bc17cd | 839 | IP_VS_XMIT(NFPROTO_IPV4, skb, cp); |
1da177e4 LT |
840 | |
841 | LeaveFunction(10); | |
842 | return NF_STOLEN; | |
843 | ||
844 | tx_error_icmp: | |
845 | dst_link_failure(skb); | |
846 | tx_error: | |
847 | kfree_skb(skb); | |
848 | LeaveFunction(10); | |
849 | return NF_STOLEN; | |
850 | } | |
851 | ||
b3cdd2a7 JV |
852 | #ifdef CONFIG_IP_VS_IPV6 |
853 | int | |
854 | ip_vs_dr_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, | |
855 | struct ip_vs_protocol *pp) | |
856 | { | |
857 | struct rt6_info *rt; /* Route to the other host */ | |
858 | int mtu; | |
859 | ||
860 | EnterFunction(10); | |
861 | ||
714f095f | 862 | rt = __ip_vs_get_out_rt_v6(skb, cp, NULL, 0); |
b3cdd2a7 JV |
863 | if (!rt) |
864 | goto tx_error_icmp; | |
865 | ||
866 | /* MTU checking */ | |
d8d1f30b | 867 | mtu = dst_mtu(&rt->dst); |
b3cdd2a7 | 868 | if (skb->len > mtu) { |
3ffe533c | 869 | icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); |
d8d1f30b | 870 | dst_release(&rt->dst); |
1e3e238e | 871 | IP_VS_DBG_RL("%s(): frag needed\n", __func__); |
b3cdd2a7 JV |
872 | goto tx_error; |
873 | } | |
874 | ||
875 | /* | |
876 | * Call ip_send_check because we are not sure it is called | |
877 | * after ip_defrag. Is copy-on-write needed? | |
878 | */ | |
879 | skb = skb_share_check(skb, GFP_ATOMIC); | |
880 | if (unlikely(skb == NULL)) { | |
d8d1f30b | 881 | dst_release(&rt->dst); |
b3cdd2a7 JV |
882 | return NF_STOLEN; |
883 | } | |
884 | ||
885 | /* drop old route */ | |
adf30907 | 886 | skb_dst_drop(skb); |
d8d1f30b | 887 | skb_dst_set(skb, &rt->dst); |
b3cdd2a7 JV |
888 | |
889 | /* Another hack: avoid icmp_send in ip_fragment */ | |
890 | skb->local_df = 1; | |
891 | ||
f4bc17cd | 892 | IP_VS_XMIT(NFPROTO_IPV6, skb, cp); |
b3cdd2a7 JV |
893 | |
894 | LeaveFunction(10); | |
895 | return NF_STOLEN; | |
896 | ||
897 | tx_error_icmp: | |
898 | dst_link_failure(skb); | |
899 | tx_error: | |
900 | kfree_skb(skb); | |
901 | LeaveFunction(10); | |
902 | return NF_STOLEN; | |
903 | } | |
904 | #endif | |
905 | ||
1da177e4 LT |
906 | |
907 | /* | |
908 | * ICMP packet transmitter | |
909 | * called by the ip_vs_in_icmp | |
910 | */ | |
911 | int | |
912 | ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |
913 | struct ip_vs_protocol *pp, int offset) | |
914 | { | |
915 | struct rtable *rt; /* Route to the other host */ | |
916 | int mtu; | |
917 | int rc; | |
918 | ||
919 | EnterFunction(10); | |
920 | ||
921 | /* The ICMP packet for VS/TUN, VS/DR and LOCALNODE will be | |
922 | forwarded directly here, because there is no need to | |
923 | translate address/port back */ | |
924 | if (IP_VS_FWD_METHOD(cp) != IP_VS_CONN_F_MASQ) { | |
925 | if (cp->packet_xmit) | |
926 | rc = cp->packet_xmit(skb, cp, pp); | |
927 | else | |
928 | rc = NF_ACCEPT; | |
929 | /* do not touch skb anymore */ | |
930 | atomic_inc(&cp->in_pkts); | |
1da177e4 LT |
931 | goto out; |
932 | } | |
933 | ||
934 | /* | |
935 | * mangle and send the packet here (only for VS/NAT) | |
936 | */ | |
937 | ||
714f095f | 938 | if (!(rt = __ip_vs_get_out_rt(skb, cp, RT_TOS(ip_hdr(skb)->tos)))) |
1da177e4 LT |
939 | goto tx_error_icmp; |
940 | ||
941 | /* MTU checking */ | |
d8d1f30b | 942 | mtu = dst_mtu(&rt->dst); |
eddc9ec5 | 943 | if ((skb->len > mtu) && (ip_hdr(skb)->frag_off & htons(IP_DF))) { |
1da177e4 LT |
944 | ip_rt_put(rt); |
945 | icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu)); | |
1e3e238e | 946 | IP_VS_DBG_RL("%s(): frag needed\n", __func__); |
1da177e4 LT |
947 | goto tx_error; |
948 | } | |
949 | ||
950 | /* copy-on-write the packet before mangling it */ | |
af1e1cf0 | 951 | if (!skb_make_writable(skb, offset)) |
1da177e4 LT |
952 | goto tx_error_put; |
953 | ||
d8d1f30b | 954 | if (skb_cow(skb, rt->dst.dev->hard_header_len)) |
1da177e4 LT |
955 | goto tx_error_put; |
956 | ||
957 | /* drop the old route when skb is not shared */ | |
adf30907 | 958 | skb_dst_drop(skb); |
d8d1f30b | 959 | skb_dst_set(skb, &rt->dst); |
1da177e4 LT |
960 | |
961 | ip_vs_nat_icmp(skb, pp, cp, 0); | |
962 | ||
963 | /* Another hack: avoid icmp_send in ip_fragment */ | |
964 | skb->local_df = 1; | |
965 | ||
f4bc17cd | 966 | IP_VS_XMIT(NFPROTO_IPV4, skb, cp); |
1da177e4 LT |
967 | |
968 | rc = NF_STOLEN; | |
969 | goto out; | |
970 | ||
971 | tx_error_icmp: | |
972 | dst_link_failure(skb); | |
973 | tx_error: | |
974 | dev_kfree_skb(skb); | |
975 | rc = NF_STOLEN; | |
976 | out: | |
977 | LeaveFunction(10); | |
978 | return rc; | |
979 | tx_error_put: | |
980 | ip_rt_put(rt); | |
981 | goto tx_error; | |
982 | } | |
b3cdd2a7 JV |
983 | |
984 | #ifdef CONFIG_IP_VS_IPV6 | |
985 | int | |
986 | ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, | |
987 | struct ip_vs_protocol *pp, int offset) | |
988 | { | |
989 | struct rt6_info *rt; /* Route to the other host */ | |
990 | int mtu; | |
991 | int rc; | |
992 | ||
993 | EnterFunction(10); | |
994 | ||
995 | /* The ICMP packet for VS/TUN, VS/DR and LOCALNODE will be | |
996 | forwarded directly here, because there is no need to | |
997 | translate address/port back */ | |
998 | if (IP_VS_FWD_METHOD(cp) != IP_VS_CONN_F_MASQ) { | |
999 | if (cp->packet_xmit) | |
1000 | rc = cp->packet_xmit(skb, cp, pp); | |
1001 | else | |
1002 | rc = NF_ACCEPT; | |
1003 | /* do not touch skb anymore */ | |
1004 | atomic_inc(&cp->in_pkts); | |
1005 | goto out; | |
1006 | } | |
1007 | ||
1008 | /* | |
1009 | * mangle and send the packet here (only for VS/NAT) | |
1010 | */ | |
1011 | ||
714f095f | 1012 | rt = __ip_vs_get_out_rt_v6(skb, cp, NULL, 0); |
b3cdd2a7 JV |
1013 | if (!rt) |
1014 | goto tx_error_icmp; | |
1015 | ||
1016 | /* MTU checking */ | |
d8d1f30b | 1017 | mtu = dst_mtu(&rt->dst); |
b3cdd2a7 | 1018 | if (skb->len > mtu) { |
d8d1f30b | 1019 | dst_release(&rt->dst); |
3ffe533c | 1020 | icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); |
1e3e238e | 1021 | IP_VS_DBG_RL("%s(): frag needed\n", __func__); |
b3cdd2a7 JV |
1022 | goto tx_error; |
1023 | } | |
1024 | ||
1025 | /* copy-on-write the packet before mangling it */ | |
1026 | if (!skb_make_writable(skb, offset)) | |
1027 | goto tx_error_put; | |
1028 | ||
d8d1f30b | 1029 | if (skb_cow(skb, rt->dst.dev->hard_header_len)) |
b3cdd2a7 JV |
1030 | goto tx_error_put; |
1031 | ||
1032 | /* drop the old route when skb is not shared */ | |
adf30907 | 1033 | skb_dst_drop(skb); |
d8d1f30b | 1034 | skb_dst_set(skb, &rt->dst); |
b3cdd2a7 JV |
1035 | |
1036 | ip_vs_nat_icmp_v6(skb, pp, cp, 0); | |
1037 | ||
1038 | /* Another hack: avoid icmp_send in ip_fragment */ | |
1039 | skb->local_df = 1; | |
1040 | ||
f4bc17cd | 1041 | IP_VS_XMIT(NFPROTO_IPV6, skb, cp); |
b3cdd2a7 JV |
1042 | |
1043 | rc = NF_STOLEN; | |
1044 | goto out; | |
1045 | ||
1046 | tx_error_icmp: | |
1047 | dst_link_failure(skb); | |
1048 | tx_error: | |
1049 | dev_kfree_skb(skb); | |
1050 | rc = NF_STOLEN; | |
1051 | out: | |
1052 | LeaveFunction(10); | |
1053 | return rc; | |
1054 | tx_error_put: | |
d8d1f30b | 1055 | dst_release(&rt->dst); |
b3cdd2a7 JV |
1056 | goto tx_error; |
1057 | } | |
1058 | #endif |