1 /**
2 * @file
3 *
4 * IPv6 fragmentation and reassembly.
5 */
6
7 /*
8 * Copyright (c) 2010 Inico Technologies Ltd.
9 * All rights reserved.
10 *
11 * Redistribution and use in source and binary forms, with or without modification,
12 * are permitted provided that the following conditions are met:
13 *
14 * 1. Redistributions of source code must retain the above copyright notice,
15 * this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright notice,
17 * this list of conditions and the following disclaimer in the documentation
18 * and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote products
20 * derived from this software without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
23 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
24 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
25 * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
26 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
27 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
30 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
31 * OF SUCH DAMAGE.
32 *
33 * This file is part of the lwIP TCP/IP stack.
34 *
35 * Author: Ivan Delamer <delamer@inicotech.com>
36 *
37 *
38 * Please coordinate changes and requests with Ivan Delamer
39 * <delamer@inicotech.com>
40 */
41
42 #include "lwip/opt.h"
43 #include "lwip/ip6_frag.h"
44 #include "lwip/ip6.h"
45 #include "lwip/icmp6.h"
46 #include "lwip/nd6.h"
47 #include "lwip/ip.h"
48
49 #include "lwip/pbuf.h"
50 #include "lwip/memp.h"
51 #include "lwip/stats.h"
52
53 #include <string.h>
54
55 #if LWIP_IPV6 && LWIP_IPV6_REASS /* don't build if not configured for use in lwipopts.h */
56
57
58 /** Setting this to 0, you can turn off checking the fragments for overlapping
59 * regions. The code gets a little smaller. Only use this if you know that
60 * overlapping won't occur on your network! */
61 #ifndef IP_REASS_CHECK_OVERLAP
62 #define IP_REASS_CHECK_OVERLAP 1
63 #endif /* IP_REASS_CHECK_OVERLAP */
64
65 /** Set to 0 to prevent freeing the oldest datagram when the reassembly buffer is
66 * full (IP_REASS_MAX_PBUFS pbufs are enqueued). The code gets a little smaller.
67 * Datagrams will be freed by timeout only. Especially useful when MEMP_NUM_REASSDATA
68 * is set to 1, so one datagram can be reassembled at a time, only. */
69 #ifndef IP_REASS_FREE_OLDEST
70 #define IP_REASS_FREE_OLDEST 1
71 #endif /* IP_REASS_FREE_OLDEST */
72
73 #if IPV6_FRAG_COPYHEADER
74 #define IPV6_FRAG_REQROOM ((s16_t)(sizeof(struct ip6_reass_helper) - IP6_FRAG_HLEN))
75 #endif
76
77 #define IP_REASS_FLAG_LASTFRAG 0x01
78
79 /** This is a helper struct which holds the starting
80 * offset and the ending offset of this fragment to
81 * easily chain the fragments.
82 * It has the same packing requirements as the IPv6 header, since it replaces
83 * the Fragment Header in memory in incoming fragments to keep
84 * track of the various fragments.
85 */
86 #ifdef PACK_STRUCT_USE_INCLUDES
87 # include "arch/bpstruct.h"
88 #endif
89 PACK_STRUCT_BEGIN
90 struct ip6_reass_helper {
91 PACK_STRUCT_FIELD(struct pbuf *next_pbuf);
92 PACK_STRUCT_FIELD(u16_t start);
93 PACK_STRUCT_FIELD(u16_t end);
94 } PACK_STRUCT_STRUCT;
95 PACK_STRUCT_END
96 #ifdef PACK_STRUCT_USE_INCLUDES
97 # include "arch/epstruct.h"
98 #endif
99
100 /* static variables */
101 static struct ip6_reassdata *reassdatagrams;
102 static u16_t ip6_reass_pbufcount;
103
104 /* Forward declarations. */
105 static void ip6_reass_free_complete_datagram(struct ip6_reassdata *ipr);
106 #if IP_REASS_FREE_OLDEST
107 static void ip6_reass_remove_oldest_datagram(struct ip6_reassdata *ipr, int pbufs_needed);
108 #endif /* IP_REASS_FREE_OLDEST */
109
110 void
ip6_reass_tmr(void)111 ip6_reass_tmr(void)
112 {
113 struct ip6_reassdata *r, *tmp;
114
115 #if !IPV6_FRAG_COPYHEADER
116 LWIP_ASSERT("sizeof(struct ip6_reass_helper) <= IP6_FRAG_HLEN, set IPV6_FRAG_COPYHEADER to 1",
117 sizeof(struct ip6_reass_helper) <= IP6_FRAG_HLEN);
118 #endif /* !IPV6_FRAG_COPYHEADER */
119
120 r = reassdatagrams;
121 while (r != NULL) {
122 /* Decrement the timer. Once it reaches 0,
123 * clean up the incomplete fragment assembly */
124 if (r->timer > 0) {
125 r->timer--;
126 r = r->next;
127 } else {
128 /* reassembly timed out */
129 tmp = r;
130 /* get the next pointer before freeing */
131 r = r->next;
132 /* free the helper struct and all enqueued pbufs */
133 ip6_reass_free_complete_datagram(tmp);
134 }
135 }
136 }
137
138 /**
139 * Free a datagram (struct ip6_reassdata) and all its pbufs.
140 * Updates the total count of enqueued pbufs (ip6_reass_pbufcount),
141 * sends an ICMP time exceeded packet.
142 *
143 * @param ipr datagram to free
144 */
145 static void
ip6_reass_free_complete_datagram(struct ip6_reassdata * ipr)146 ip6_reass_free_complete_datagram(struct ip6_reassdata *ipr)
147 {
148 struct ip6_reassdata *prev;
149 u16_t pbufs_freed = 0;
150 u16_t clen;
151 struct pbuf *p;
152 struct ip6_reass_helper *iprh;
153
154 #if LWIP_ICMP6
155 iprh = (struct ip6_reass_helper *)ipr->p->payload;
156 if (iprh->start == 0) {
157 /* The first fragment was received, send ICMP time exceeded. */
158 /* First, de-queue the first pbuf from r->p. */
159 p = ipr->p;
160 ipr->p = iprh->next_pbuf;
161 /* Then, move back to the original ipv6 header (we are now pointing to Fragment header).
162 This cannot fail since we already checked when receiving this fragment. */
163 if (pbuf_header_force(p, (s16_t)((u8_t*)p->payload - (u8_t*)IPV6_FRAG_HDRREF(ipr->iphdr)))) {
164 LWIP_ASSERT("ip6_reass_free: moving p->payload to ip6 header failed\n", 0);
165 }
166 else {
167 icmp6_time_exceeded(p, ICMP6_TE_FRAG);
168 }
169 clen = pbuf_clen(p);
170 LWIP_ASSERT("pbufs_freed + clen <= 0xffff", pbufs_freed + clen <= 0xffff);
171 pbufs_freed += clen;
172 pbuf_free(p);
173 }
174 #endif /* LWIP_ICMP6 */
175
176 /* First, free all received pbufs. The individual pbufs need to be released
177 separately as they have not yet been chained */
178 p = ipr->p;
179 while (p != NULL) {
180 struct pbuf *pcur;
181 iprh = (struct ip6_reass_helper *)p->payload;
182 pcur = p;
183 /* get the next pointer before freeing */
184 p = iprh->next_pbuf;
185 clen = pbuf_clen(pcur);
186 LWIP_ASSERT("pbufs_freed + clen <= 0xffff", pbufs_freed + clen <= 0xffff);
187 pbufs_freed += clen;
188 pbuf_free(pcur);
189 }
190
191 /* Then, unchain the struct ip6_reassdata from the list and free it. */
192 if (ipr == reassdatagrams) {
193 reassdatagrams = ipr->next;
194 } else {
195 prev = reassdatagrams;
196 while (prev != NULL) {
197 if (prev->next == ipr) {
198 break;
199 }
200 prev = prev->next;
201 }
202 if (prev != NULL) {
203 prev->next = ipr->next;
204 }
205 }
206 memp_free(MEMP_IP6_REASSDATA, ipr);
207
208 /* Finally, update number of pbufs in reassembly queue */
209 LWIP_ASSERT("ip_reass_pbufcount >= clen", ip6_reass_pbufcount >= pbufs_freed);
210 ip6_reass_pbufcount -= pbufs_freed;
211 }
212
213 #if IP_REASS_FREE_OLDEST
214 /**
215 * Free the oldest datagram to make room for enqueueing new fragments.
216 * The datagram ipr is not freed!
217 *
218 * @param ipr ip6_reassdata for the current fragment
219 * @param pbufs_needed number of pbufs needed to enqueue
220 * (used for freeing other datagrams if not enough space)
221 */
222 static void
ip6_reass_remove_oldest_datagram(struct ip6_reassdata * ipr,int pbufs_needed)223 ip6_reass_remove_oldest_datagram(struct ip6_reassdata *ipr, int pbufs_needed)
224 {
225 struct ip6_reassdata *r, *oldest;
226
227 /* Free datagrams until being allowed to enqueue 'pbufs_needed' pbufs,
228 * but don't free the current datagram! */
229 do {
230 r = oldest = reassdatagrams;
231 while (r != NULL) {
232 if (r != ipr) {
233 if (r->timer <= oldest->timer) {
234 /* older than the previous oldest */
235 oldest = r;
236 }
237 }
238 r = r->next;
239 }
240 if (oldest == ipr) {
241 /* nothing to free, ipr is the only element on the list */
242 return;
243 }
244 if (oldest != NULL) {
245 ip6_reass_free_complete_datagram(oldest);
246 }
247 } while (((ip6_reass_pbufcount + pbufs_needed) > IP_REASS_MAX_PBUFS) && (reassdatagrams != NULL));
248 }
249 #endif /* IP_REASS_FREE_OLDEST */
250
251 /**
252 * Reassembles incoming IPv6 fragments into an IPv6 datagram.
253 *
254 * @param p points to the IPv6 Fragment Header
255 * @return NULL if reassembly is incomplete, pbuf pointing to
256 * IPv6 Header if reassembly is complete
257 */
258 struct pbuf *
ip6_reass(struct pbuf * p)259 ip6_reass(struct pbuf *p)
260 {
261 struct ip6_reassdata *ipr, *ipr_prev;
262 struct ip6_reass_helper *iprh, *iprh_tmp, *iprh_prev=NULL;
263 struct ip6_frag_hdr *frag_hdr;
264 u16_t offset, len;
265 u16_t clen;
266 u8_t valid = 1;
267 struct pbuf *q;
268
269 IP6_FRAG_STATS_INC(ip6_frag.recv);
270
271 if ((const void*)ip6_current_header() != ((u8_t*)p->payload) - IP6_HLEN) {
272 /* ip6_frag_hdr must be in the first pbuf, not chained */
273 IP6_FRAG_STATS_INC(ip6_frag.proterr);
274 IP6_FRAG_STATS_INC(ip6_frag.drop);
275 goto nullreturn;
276 }
277
278 frag_hdr = (struct ip6_frag_hdr *) p->payload;
279
280 clen = pbuf_clen(p);
281
282 offset = lwip_ntohs(frag_hdr->_fragment_offset);
283
284 /* Calculate fragment length from IPv6 payload length.
285 * Adjust for headers before Fragment Header.
286 * And finally adjust by Fragment Header length. */
287 len = lwip_ntohs(ip6_current_header()->_plen);
288 len -= (u16_t)(((u8_t*)p->payload - (const u8_t*)ip6_current_header()) - IP6_HLEN);
289 len -= IP6_FRAG_HLEN;
290
291 /* Look for the datagram the fragment belongs to in the current datagram queue,
292 * remembering the previous in the queue for later dequeueing. */
293 for (ipr = reassdatagrams, ipr_prev = NULL; ipr != NULL; ipr = ipr->next) {
294 /* Check if the incoming fragment matches the one currently present
295 in the reassembly buffer. If so, we proceed with copying the
296 fragment into the buffer. */
297 if ((frag_hdr->_identification == ipr->identification) &&
298 ip6_addr_cmp(ip6_current_src_addr(), &(IPV6_FRAG_HDRREF(ipr->iphdr)->src)) &&
299 ip6_addr_cmp(ip6_current_dest_addr(), &(IPV6_FRAG_HDRREF(ipr->iphdr)->dest))) {
300 IP6_FRAG_STATS_INC(ip6_frag.cachehit);
301 break;
302 }
303 ipr_prev = ipr;
304 }
305
306 if (ipr == NULL) {
307 /* Enqueue a new datagram into the datagram queue */
308 ipr = (struct ip6_reassdata *)memp_malloc(MEMP_IP6_REASSDATA);
309 if (ipr == NULL) {
310 #if IP_REASS_FREE_OLDEST
311 /* Make room and try again. */
312 ip6_reass_remove_oldest_datagram(ipr, clen);
313 ipr = (struct ip6_reassdata *)memp_malloc(MEMP_IP6_REASSDATA);
314 if (ipr != NULL) {
315 /* re-search ipr_prev since it might have been removed */
316 for (ipr_prev = reassdatagrams; ipr_prev != NULL; ipr_prev = ipr_prev->next) {
317 if (ipr_prev->next == ipr) {
318 break;
319 }
320 }
321 } else
322 #endif /* IP_REASS_FREE_OLDEST */
323 {
324 IP6_FRAG_STATS_INC(ip6_frag.memerr);
325 IP6_FRAG_STATS_INC(ip6_frag.drop);
326 goto nullreturn;
327 }
328 }
329
330 memset(ipr, 0, sizeof(struct ip6_reassdata));
331 ipr->timer = IP_REASS_MAXAGE;
332
333 /* enqueue the new structure to the front of the list */
334 ipr->next = reassdatagrams;
335 reassdatagrams = ipr;
336
337 /* Use the current IPv6 header for src/dest address reference.
338 * Eventually, we will replace it when we get the first fragment
339 * (it might be this one, in any case, it is done later). */
340 #if IPV6_FRAG_COPYHEADER
341 MEMCPY(&ipr->iphdr, ip6_current_header(), IP6_HLEN);
342 #else /* IPV6_FRAG_COPYHEADER */
343 /* need to use the none-const pointer here: */
344 ipr->iphdr = ip_data.current_ip6_header;
345 #endif /* IPV6_FRAG_COPYHEADER */
346
347 /* copy the fragmented packet id. */
348 ipr->identification = frag_hdr->_identification;
349
350 /* copy the nexth field */
351 ipr->nexth = frag_hdr->_nexth;
352 }
353
354 /* Check if we are allowed to enqueue more datagrams. */
355 if ((ip6_reass_pbufcount + clen) > IP_REASS_MAX_PBUFS) {
356 #if IP_REASS_FREE_OLDEST
357 ip6_reass_remove_oldest_datagram(ipr, clen);
358 if ((ip6_reass_pbufcount + clen) <= IP_REASS_MAX_PBUFS) {
359 /* re-search ipr_prev since it might have been removed */
360 for (ipr_prev = reassdatagrams; ipr_prev != NULL; ipr_prev = ipr_prev->next) {
361 if (ipr_prev->next == ipr) {
362 break;
363 }
364 }
365 } else
366 #endif /* IP_REASS_FREE_OLDEST */
367 {
368 /* @todo: send ICMPv6 time exceeded here? */
369 /* drop this pbuf */
370 IP6_FRAG_STATS_INC(ip6_frag.memerr);
371 IP6_FRAG_STATS_INC(ip6_frag.drop);
372 goto nullreturn;
373 }
374 }
375
376 /* Overwrite Fragment Header with our own helper struct. */
377 #if IPV6_FRAG_COPYHEADER
378 if (IPV6_FRAG_REQROOM > 0) {
379 /* Make room for struct ip6_reass_helper (only required if sizeof(void*) > 4).
380 This cannot fail since we already checked when receiving this fragment. */
381 u8_t hdrerr = pbuf_header_force(p, IPV6_FRAG_REQROOM);
382 LWIP_ASSERT("no room for struct ip6_reass_helper", hdrerr == 0);
383 }
384 #else /* IPV6_FRAG_COPYHEADER */
385 LWIP_ASSERT("sizeof(struct ip6_reass_helper) <= IP6_FRAG_HLEN, set IPV6_FRAG_COPYHEADER to 1",
386 sizeof(struct ip6_reass_helper) <= IP6_FRAG_HLEN);
387 #endif /* IPV6_FRAG_COPYHEADER */
388 iprh = (struct ip6_reass_helper *)p->payload;
389 iprh->next_pbuf = NULL;
390 iprh->start = (offset & IP6_FRAG_OFFSET_MASK);
391 iprh->end = (offset & IP6_FRAG_OFFSET_MASK) + len;
392
393 /* find the right place to insert this pbuf */
394 /* Iterate through until we either get to the end of the list (append),
395 * or we find on with a larger offset (insert). */
396 for (q = ipr->p; q != NULL;) {
397 iprh_tmp = (struct ip6_reass_helper*)q->payload;
398 if (iprh->start < iprh_tmp->start) {
399 #if IP_REASS_CHECK_OVERLAP
400 if (iprh->end > iprh_tmp->start) {
401 /* fragment overlaps with following, throw away */
402 IP6_FRAG_STATS_INC(ip6_frag.proterr);
403 IP6_FRAG_STATS_INC(ip6_frag.drop);
404 goto nullreturn;
405 }
406 if (iprh_prev != NULL) {
407 if (iprh->start < iprh_prev->end) {
408 /* fragment overlaps with previous, throw away */
409 IP6_FRAG_STATS_INC(ip6_frag.proterr);
410 IP6_FRAG_STATS_INC(ip6_frag.drop);
411 goto nullreturn;
412 }
413 }
414 #endif /* IP_REASS_CHECK_OVERLAP */
415 /* the new pbuf should be inserted before this */
416 iprh->next_pbuf = q;
417 if (iprh_prev != NULL) {
418 /* not the fragment with the lowest offset */
419 iprh_prev->next_pbuf = p;
420 } else {
421 /* fragment with the lowest offset */
422 ipr->p = p;
423 }
424 break;
425 } else if (iprh->start == iprh_tmp->start) {
426 /* received the same datagram twice: no need to keep the datagram */
427 IP6_FRAG_STATS_INC(ip6_frag.drop);
428 goto nullreturn;
429 #if IP_REASS_CHECK_OVERLAP
430 } else if (iprh->start < iprh_tmp->end) {
431 /* overlap: no need to keep the new datagram */
432 IP6_FRAG_STATS_INC(ip6_frag.proterr);
433 IP6_FRAG_STATS_INC(ip6_frag.drop);
434 goto nullreturn;
435 #endif /* IP_REASS_CHECK_OVERLAP */
436 } else {
437 /* Check if the fragments received so far have no gaps. */
438 if (iprh_prev != NULL) {
439 if (iprh_prev->end != iprh_tmp->start) {
440 /* There is a fragment missing between the current
441 * and the previous fragment */
442 valid = 0;
443 }
444 }
445 }
446 q = iprh_tmp->next_pbuf;
447 iprh_prev = iprh_tmp;
448 }
449
450 /* If q is NULL, then we made it to the end of the list. Determine what to do now */
451 if (q == NULL) {
452 if (iprh_prev != NULL) {
453 /* this is (for now), the fragment with the highest offset:
454 * chain it to the last fragment */
455 #if IP_REASS_CHECK_OVERLAP
456 LWIP_ASSERT("check fragments don't overlap", iprh_prev->end <= iprh->start);
457 #endif /* IP_REASS_CHECK_OVERLAP */
458 iprh_prev->next_pbuf = p;
459 if (iprh_prev->end != iprh->start) {
460 valid = 0;
461 }
462 } else {
463 #if IP_REASS_CHECK_OVERLAP
464 LWIP_ASSERT("no previous fragment, this must be the first fragment!",
465 ipr->p == NULL);
466 #endif /* IP_REASS_CHECK_OVERLAP */
467 /* this is the first fragment we ever received for this ip datagram */
468 ipr->p = p;
469 }
470 }
471
472 /* Track the current number of pbufs current 'in-flight', in order to limit
473 the number of fragments that may be enqueued at any one time */
474 ip6_reass_pbufcount += clen;
475
476 /* Remember IPv6 header if this is the first fragment. */
477 if (iprh->start == 0) {
478 #if IPV6_FRAG_COPYHEADER
479 if (iprh->next_pbuf != NULL) {
480 MEMCPY(&ipr->iphdr, ip6_current_header(), IP6_HLEN);
481 }
482 #else /* IPV6_FRAG_COPYHEADER */
483 /* need to use the none-const pointer here: */
484 ipr->iphdr = ip_data.current_ip6_header;
485 #endif /* IPV6_FRAG_COPYHEADER */
486 }
487
488 /* If this is the last fragment, calculate total packet length. */
489 if ((offset & IP6_FRAG_MORE_FLAG) == 0) {
490 ipr->datagram_len = iprh->end;
491 }
492
493 /* Additional validity tests: we have received first and last fragment. */
494 iprh_tmp = (struct ip6_reass_helper*)ipr->p->payload;
495 if (iprh_tmp->start != 0) {
496 valid = 0;
497 }
498 if (ipr->datagram_len == 0) {
499 valid = 0;
500 }
501
502 /* Final validity test: no gaps between current and last fragment. */
503 iprh_prev = iprh;
504 q = iprh->next_pbuf;
505 while ((q != NULL) && valid) {
506 iprh = (struct ip6_reass_helper*)q->payload;
507 if (iprh_prev->end != iprh->start) {
508 valid = 0;
509 break;
510 }
511 iprh_prev = iprh;
512 q = iprh->next_pbuf;
513 }
514
515 if (valid) {
516 /* All fragments have been received */
517 struct ip6_hdr* iphdr_ptr;
518
519 /* chain together the pbufs contained within the ip6_reassdata list. */
520 iprh = (struct ip6_reass_helper*) ipr->p->payload;
521 while (iprh != NULL) {
522 struct pbuf* next_pbuf = iprh->next_pbuf;
523 if (next_pbuf != NULL) {
524 /* Save next helper struct (will be hidden in next step). */
525 iprh_tmp = (struct ip6_reass_helper*)next_pbuf->payload;
526
527 /* hide the fragment header for every succeeding fragment */
528 pbuf_header(next_pbuf, -IP6_FRAG_HLEN);
529 #if IPV6_FRAG_COPYHEADER
530 if (IPV6_FRAG_REQROOM > 0) {
531 /* hide the extra bytes borrowed from ip6_hdr for struct ip6_reass_helper */
532 u8_t hdrerr = pbuf_header(next_pbuf, -(s16_t)(IPV6_FRAG_REQROOM));
533 LWIP_ASSERT("no room for struct ip6_reass_helper", hdrerr == 0);
534 }
535 #endif
536 pbuf_cat(ipr->p, next_pbuf);
537 }
538 else {
539 iprh_tmp = NULL;
540 }
541
542 iprh = iprh_tmp;
543 }
544
545 #if IPV6_FRAG_COPYHEADER
546 if (IPV6_FRAG_REQROOM > 0) {
547 /* get back room for struct ip6_reass_helper (only required if sizeof(void*) > 4) */
548 u8_t hdrerr = pbuf_header(ipr->p, -(s16_t)(IPV6_FRAG_REQROOM));
549 LWIP_ASSERT("no room for struct ip6_reass_helper", hdrerr == 0);
550 }
551 iphdr_ptr = (struct ip6_hdr*)((u8_t*)ipr->p->payload - IP6_HLEN);
552 MEMCPY(iphdr_ptr, &ipr->iphdr, IP6_HLEN);
553 #else
554 iphdr_ptr = ipr->iphdr;
555 #endif
556
557 /* Adjust datagram length by adding header lengths. */
558 ipr->datagram_len += (u16_t)(((u8_t*)ipr->p->payload - (u8_t*)iphdr_ptr)
559 + IP6_FRAG_HLEN
560 - IP6_HLEN);
561
562 /* Set payload length in ip header. */
563 iphdr_ptr->_plen = lwip_htons(ipr->datagram_len);
564
565 /* Get the first pbuf. */
566 p = ipr->p;
567
568 /* Restore Fragment Header in first pbuf. Mark as "single fragment"
569 * packet. Restore nexth. */
570 frag_hdr = (struct ip6_frag_hdr *) p->payload;
571 frag_hdr->_nexth = ipr->nexth;
572 frag_hdr->reserved = 0;
573 frag_hdr->_fragment_offset = 0;
574 frag_hdr->_identification = 0;
575
576 /* release the sources allocate for the fragment queue entry */
577 if (reassdatagrams == ipr) {
578 /* it was the first in the list */
579 reassdatagrams = ipr->next;
580 } else {
581 /* it wasn't the first, so it must have a valid 'prev' */
582 LWIP_ASSERT("sanity check linked list", ipr_prev != NULL);
583 ipr_prev->next = ipr->next;
584 }
585 memp_free(MEMP_IP6_REASSDATA, ipr);
586
587 /* adjust the number of pbufs currently queued for reassembly. */
588 ip6_reass_pbufcount -= pbuf_clen(p);
589
590 /* Move pbuf back to IPv6 header.
591 This cannot fail since we already checked when receiving this fragment. */
592 if (pbuf_header_force(p, (s16_t)((u8_t*)p->payload - (u8_t*)iphdr_ptr))) {
593 LWIP_ASSERT("ip6_reass: moving p->payload to ip6 header failed\n", 0);
594 pbuf_free(p);
595 return NULL;
596 }
597
598 /* Return the pbuf chain */
599 return p;
600 }
601 /* the datagram is not (yet?) reassembled completely */
602 return NULL;
603
604 nullreturn:
605 pbuf_free(p);
606 return NULL;
607 }
608
609 #endif /* LWIP_IPV6 && LWIP_IPV6_REASS */
610
611 #if LWIP_IPV6 && LWIP_IPV6_FRAG
612
613 /** Allocate a new struct pbuf_custom_ref */
614 static struct pbuf_custom_ref*
ip6_frag_alloc_pbuf_custom_ref(void)615 ip6_frag_alloc_pbuf_custom_ref(void)
616 {
617 return (struct pbuf_custom_ref*)memp_malloc(MEMP_FRAG_PBUF);
618 }
619
620 /** Free a struct pbuf_custom_ref */
621 static void
ip6_frag_free_pbuf_custom_ref(struct pbuf_custom_ref * p)622 ip6_frag_free_pbuf_custom_ref(struct pbuf_custom_ref* p)
623 {
624 LWIP_ASSERT("p != NULL", p != NULL);
625 memp_free(MEMP_FRAG_PBUF, p);
626 }
627
628 /** Free-callback function to free a 'struct pbuf_custom_ref', called by
629 * pbuf_free. */
630 static void
ip6_frag_free_pbuf_custom(struct pbuf * p)631 ip6_frag_free_pbuf_custom(struct pbuf *p)
632 {
633 struct pbuf_custom_ref *pcr = (struct pbuf_custom_ref*)p;
634 LWIP_ASSERT("pcr != NULL", pcr != NULL);
635 LWIP_ASSERT("pcr == p", (void*)pcr == (void*)p);
636 if (pcr->original != NULL) {
637 pbuf_free(pcr->original);
638 }
639 ip6_frag_free_pbuf_custom_ref(pcr);
640 }
641
642 /**
643 * Fragment an IPv6 datagram if too large for the netif or path MTU.
644 *
645 * Chop the datagram in MTU sized chunks and send them in order
646 * by pointing PBUF_REFs into p
647 *
648 * @param p ipv6 packet to send
649 * @param netif the netif on which to send
650 * @param dest destination ipv6 address to which to send
651 *
652 * @return ERR_OK if sent successfully, err_t otherwise
653 */
654 err_t
ip6_frag(struct pbuf * p,struct netif * netif,const ip6_addr_t * dest)655 ip6_frag(struct pbuf *p, struct netif *netif, const ip6_addr_t *dest)
656 {
657 struct ip6_hdr *original_ip6hdr;
658 struct ip6_hdr *ip6hdr;
659 struct ip6_frag_hdr *frag_hdr;
660 struct pbuf *rambuf;
661 struct pbuf *newpbuf;
662 static u32_t identification;
663 u16_t nfb;
664 u16_t left, cop;
665 u16_t mtu;
666 u16_t fragment_offset = 0;
667 u16_t last;
668 u16_t poff = IP6_HLEN;
669 u16_t newpbuflen = 0;
670 u16_t left_to_copy;
671
672 identification++;
673
674 original_ip6hdr = (struct ip6_hdr *)p->payload;
675
676 mtu = nd6_get_destination_mtu(dest, netif);
677
678 /* @todo we assume there are no options in the unfragmentable part (IPv6 header). */
679 left = p->tot_len - IP6_HLEN;
680
681 nfb = (mtu - (IP6_HLEN + IP6_FRAG_HLEN)) & IP6_FRAG_OFFSET_MASK;
682
683 while (left) {
684 last = (left <= nfb);
685
686 /* Fill this fragment */
687 cop = last ? left : nfb;
688
689 /* When not using a static buffer, create a chain of pbufs.
690 * The first will be a PBUF_RAM holding the link, IPv6, and Fragment header.
691 * The rest will be PBUF_REFs mirroring the pbuf chain to be fragged,
692 * but limited to the size of an mtu.
693 */
694 rambuf = pbuf_alloc(PBUF_LINK, IP6_HLEN + IP6_FRAG_HLEN, PBUF_RAM);
695 if (rambuf == NULL) {
696 IP6_FRAG_STATS_INC(ip6_frag.memerr);
697 return ERR_MEM;
698 }
699 LWIP_ASSERT("this needs a pbuf in one piece!",
700 (p->len >= (IP6_HLEN)));
701 SMEMCPY(rambuf->payload, original_ip6hdr, IP6_HLEN);
702 ip6hdr = (struct ip6_hdr *)rambuf->payload;
703 frag_hdr = (struct ip6_frag_hdr *)((u8_t*)rambuf->payload + IP6_HLEN);
704
705 /* Can just adjust p directly for needed offset. */
706 p->payload = (u8_t *)p->payload + poff;
707 p->len -= poff;
708 p->tot_len -= poff;
709
710 left_to_copy = cop;
711 while (left_to_copy) {
712 struct pbuf_custom_ref *pcr;
713 newpbuflen = (left_to_copy < p->len) ? left_to_copy : p->len;
714 /* Is this pbuf already empty? */
715 if (!newpbuflen) {
716 p = p->next;
717 continue;
718 }
719 pcr = ip6_frag_alloc_pbuf_custom_ref();
720 if (pcr == NULL) {
721 pbuf_free(rambuf);
722 IP6_FRAG_STATS_INC(ip6_frag.memerr);
723 return ERR_MEM;
724 }
725 /* Mirror this pbuf, although we might not need all of it. */
726 newpbuf = pbuf_alloced_custom(PBUF_RAW, newpbuflen, PBUF_REF, &pcr->pc, p->payload, newpbuflen);
727 if (newpbuf == NULL) {
728 ip6_frag_free_pbuf_custom_ref(pcr);
729 pbuf_free(rambuf);
730 IP6_FRAG_STATS_INC(ip6_frag.memerr);
731 return ERR_MEM;
732 }
733 pbuf_ref(p);
734 pcr->original = p;
735 pcr->pc.custom_free_function = ip6_frag_free_pbuf_custom;
736
737 /* Add it to end of rambuf's chain, but using pbuf_cat, not pbuf_chain
738 * so that it is removed when pbuf_dechain is later called on rambuf.
739 */
740 pbuf_cat(rambuf, newpbuf);
741 left_to_copy -= newpbuflen;
742 if (left_to_copy) {
743 p = p->next;
744 }
745 }
746 poff = newpbuflen;
747
748 /* Set headers */
749 frag_hdr->_nexth = original_ip6hdr->_nexth;
750 frag_hdr->reserved = 0;
751 frag_hdr->_fragment_offset = lwip_htons((fragment_offset & IP6_FRAG_OFFSET_MASK) | (last ? 0 : IP6_FRAG_MORE_FLAG));
752 frag_hdr->_identification = lwip_htonl(identification);
753
754 IP6H_NEXTH_SET(ip6hdr, IP6_NEXTH_FRAGMENT);
755 IP6H_PLEN_SET(ip6hdr, cop + IP6_FRAG_HLEN);
756
757 /* No need for separate header pbuf - we allowed room for it in rambuf
758 * when allocated.
759 */
760 IP6_FRAG_STATS_INC(ip6_frag.xmit);
761 netif->output_ip6(netif, rambuf, dest);
762
763 /* Unfortunately we can't reuse rambuf - the hardware may still be
764 * using the buffer. Instead we free it (and the ensuing chain) and
765 * recreate it next time round the loop. If we're lucky the hardware
766 * will have already sent the packet, the free will really free, and
767 * there will be zero memory penalty.
768 */
769
770 pbuf_free(rambuf);
771 left -= cop;
772 fragment_offset += cop;
773 }
774 return ERR_OK;
775 }
776
777 #endif /* LWIP_IPV6 && LWIP_IPV6_FRAG */
778