Kenji Arai / mbed-os_TYBLE16

Dependents:   TYBLE16_simple_data_logger TYBLE16_MP3_Air

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers ipv6_fragmentation.c Source File

ipv6_fragmentation.c

00001 /*
00002  * Copyright (c) 2015-2019, Arm Limited and affiliates.
00003  * SPDX-License-Identifier: Apache-2.0
00004  *
00005  * Licensed under the Apache License, Version 2.0 (the "License");
00006  * you may not use this file except in compliance with the License.
00007  * You may obtain a copy of the License at
00008  *
00009  *     http://www.apache.org/licenses/LICENSE-2.0
00010  *
00011  * Unless required by applicable law or agreed to in writing, software
00012  * distributed under the License is distributed on an "AS IS" BASIS,
00013  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00014  * See the License for the specific language governing permissions and
00015  * limitations under the License.
00016  */
00017 /* IPv6 fragmentation and defragmentation
00018  *
00019  * (Could fairly easily be modified to also do IPv4)
00020  *
00021  * References:
00022  *
00023  * RFC  815   IP Datagram Reassembly Algorithms
00024  * RFC 3168   The Addition of Explicit Congestion Notification (ECN) to IP
00025  * RFC 6040   Tunnelling of Explicit Congestion Notification
00026  * RFC 6660   Encoding Three Pre-Congestion Notification (PCN) States in the
00027  *            IP Header Using a Single Diffserv Codepoint (DSCP)
00028  * RFC 8200   Internet Protocol, Version 6 (IPv6) Specification
00029  * RFC 8201   Path MTU Discovery for IP version 6
00030  */
00031 #include "nsconfig.h"
00032 #include "ns_types.h"
00033 #include "ns_list.h"
00034 #include "ns_trace.h"
00035 #include "common_functions.h"
00036 #include "nsdynmemLIB.h"
00037 #include <string.h>
00038 #include "ns_trace.h"
00039 #include "Core/include/ns_socket.h"
00040 #include "NWK_INTERFACE/Include/protocol.h"
00041 #include "Common_Protocols/ip.h"
00042 #include "Common_Protocols/ipv6.h"
00043 #include "Common_Protocols/icmpv6.h"
00044 #include "Common_Protocols/ipv6_fragmentation.h"
00045 
00046 #include "NWK_INTERFACE/Include/protocol_stats.h"
00047 
00048 #define TRACE_GROUP "Ifrg"
00049 
00050 /*                         FRAGMENT REASSEMBLY
00051  *
00052  * Allow fragment RX to be disabled for really constrained systems.
00053  * This would violate RFC 2460 and RFC 6434 - all IPv6 nodes must be able to
00054  * process fragment headers and reassemble 1500-octet datagrams.
00055  */
00056 #ifndef NO_IP_FRAGMENT_RX
00057 
00058 static uint16_t ipv6_frag_mru = IPV6_FRAG_MRU;
00059 
00060 typedef struct ip_fragmented_datagram {
00061     uint8_t age;
00062     bool discard;               /* Set to ignore all future fragments (and not send Time Exceeded) */
00063     bool had_last;
00064     int8_t ecn;
00065     uint32_t id;
00066     uint16_t fragmentable;      /* Offset in buf->buf[] of fragmentable part */
00067     uint16_t first_hole;        /* Offset of first hole (relative to fragmentable part) */
00068     buffer_t *buf;
00069     ns_list_link_t link;
00070 } ip_fragmented_datagram_t;
00071 
00072 /* We reassemble into the datagram buffer in basically the style of RFC 815 */
00073 /* An 6-byte hole descriptor is placed directly in buffer holes */
00074 /* We link them them by buffer offset (relative to start of fragmentable section) */
00075 /* Note the possible need to align means we can't use more than 7 bytes */
00076 typedef struct hole {
00077     uint16_t first;
00078     uint16_t last;
00079     uint16_t next;
00080 } hole_t;
00081 
00082 /* Given the offset of a hole in the datagram buffer, return an aligned pointer
00083  * to put a hole_t in it. We assume a "normal" platform requiring 2-byte
00084  * alignment for hole_t, and letting us manipulate uintptr_t in the conventional
00085  * fashion.
00086  */
00087 static hole_t *hole_pointer(const ip_fragmented_datagram_t *dgram, uint16_t offset)
00088 {
00089     uintptr_t ptr = (uintptr_t)(dgram->buf->buf + dgram->fragmentable + offset);
00090 
00091     return (hole_t *)((ptr + 1) & ~(uintptr_t) 1);
00092 }
00093 
00094 static NS_LIST_DEFINE(frag_list, ip_fragmented_datagram_t, link);
00095 
00096 /* Maximum time to hold fragments in seconds */
00097 #define FRAG_TTL 60
00098 
00099 /* How many partially-assembled datagrams we will hold */
00100 #define MAX_FRAG_DATAGRAMS 4
00101 
00102 /* Dummy negative ECN value used during assembly */
00103 #define IP_ECN__ILLEGAL (-1)
00104 
00105 /* RFC 5722 - discard already-received *and future* fragments */
00106 static void invalidate_datagram(ip_fragmented_datagram_t *dgram)
00107 {
00108     // Would like to free the buffer here, but it contains the
00109     // source and destination address we need to match the datagram entry.
00110     dgram->discard = true;
00111 }
00112 
00113 static void free_datagram(ip_fragmented_datagram_t *dgram)
00114 {
00115     ns_list_remove(&frag_list, dgram);
00116     if (dgram->buf) {
00117         buffer_free(dgram->buf);
00118     }
00119     ns_dyn_mem_free(dgram);
00120 }
00121 
00122 /* We would be in trouble if last fragment is < 8 bytes, and we didn't have
00123  * room for the hole descriptor. Avoid a problem by ensuring that we always
00124  * allocate a multiple-of-8 reassembly buffer.
00125  */
00126 uint16_t ipv6_frag_set_mru(uint16_t frag_mru)
00127 {
00128     frag_mru = (frag_mru + 7) & ~ UINT16_C(7);
00129     if (frag_mru < IPV6_MIN_FRAG_MRU) {
00130         frag_mru = (IPV6_MIN_FRAG_MRU + 7) & ~ UINT16_C(7);
00131     }
00132     if (ipv6_frag_mru != frag_mru) {
00133         /* I don't want to worry about the complications of changing MRU while
00134          * we've got ongoing reassembly. Simplest just to drop any pending.
00135          */
00136         ns_list_foreach_safe(ip_fragmented_datagram_t, dgram, &frag_list) {
00137             free_datagram(dgram);
00138         }
00139         ipv6_frag_mru = frag_mru;
00140     }
00141     return ipv6_frag_mru;
00142 }
00143 
00144 void ipv6_frag_timer(uint8_t secs)
00145 {
00146     ns_list_foreach_safe(ip_fragmented_datagram_t, dgram, &frag_list) {
00147         if ((dgram->age += secs) > FRAG_TTL) {
00148             uint16_t first_hole = dgram->first_hole;
00149             /* If we've received the first fragment, can send "time exceeded" */
00150             if (first_hole != 0 && !dgram->discard) {
00151                 /* Take as much as we've got, up to first hole; icmpv6_error will limit to min MTU */
00152                 dgram->buf->buf_end = dgram->fragmentable + first_hole;
00153                 /* Fill in IP header length */
00154                 common_write_16_bit(buffer_data_length(dgram->buf) - 40, buffer_data_pointer(dgram->buf) + 4);
00155 
00156                 buffer_t *err = icmpv6_error(dgram->buf, NULL, ICMPV6_TYPE_ERROR_TIME_EXCEEDED, ICMPV6_CODE_TME_EXCD_FRG_REASS_TME_EXCD, 0);
00157                 protocol_push(err);
00158                 dgram->buf = NULL;
00159             }
00160             free_datagram(dgram);
00161         }
00162     }
00163 }
00164 
00165 static void delete_hole(ip_fragmented_datagram_t *dgram, uint16_t hole, uint16_t *prev_ptr)
00166 {
00167     hole_t *hole_ptr = hole_pointer(dgram, hole);
00168 
00169     *prev_ptr = hole_ptr->next;
00170 }
00171 
00172 static hole_t *create_hole(ip_fragmented_datagram_t *dgram, uint16_t first, uint16_t last, uint16_t *prev_ptr)
00173 {
00174     hole_t *hole_ptr = hole_pointer(dgram, first);
00175     hole_ptr->first = first;
00176     hole_ptr->last = last;
00177     hole_ptr->next = *prev_ptr;
00178 
00179     *prev_ptr = first;
00180     return hole_ptr;
00181 }
00182 
00183 static ip_fragmented_datagram_t *ip_frag_dgram_lookup(buffer_t *buf, uint32_t id, uint16_t unfrag_len)
00184 {
00185     int_fast8_t count = 0;
00186     ns_list_foreach(ip_fragmented_datagram_t, dgram, &frag_list) {
00187         if (id == dgram->id &&
00188                 addr_ipv6_equal(buf->src_sa .address , dgram->buf->src_sa.address) &&
00189                 addr_ipv6_equal(buf->dst_sa .address , dgram->buf->dst_sa.address)) {
00190             return dgram;
00191         }
00192         count++;
00193     }
00194 
00195     /* Not found - create one */
00196     if (count >= MAX_FRAG_DATAGRAMS) {
00197         free_datagram(ns_list_get_last(&frag_list));
00198     }
00199 
00200     ip_fragmented_datagram_t *new_dgram = ns_dyn_mem_temporary_alloc(sizeof(ip_fragmented_datagram_t));
00201     if (!new_dgram) {
00202         return NULL;
00203     }
00204 
00205     /* We track payload holes as per RFC 815, roughly, and reserve header
00206      * room in front, based on the unfragmentable size of the first-received
00207      * fragment.
00208      *
00209      * So initial state is:
00210      *
00211      * buf_ptr -> default buffer headroom + first-received-fragment header size
00212      * fragmentable = buf_end = buf_ptr = offset of where fragments are assembled.
00213      *
00214      * When we receive the first (0-offset) fragment, we move down buf_ptr to
00215      * put in its header, and when we receive the final (M=0) fragment, we
00216      * set buf_end accordingly.
00217      *
00218      * Two odd cases to worry about:
00219      *
00220      *   1) First fragment is not received first, and has a larger
00221      *      header than our first-received fragment. In this case, we
00222      *      shuffle data if required when we get that first fragment.
00223      *      (Actual shuffle will normally be avoided by buffer headroom slack).
00224      *   2) First fragment is not received first, and has a smaller
00225      *      header than our first-received fragment, meaning an IPV6_MRU-sized
00226      *      datagram may have more fragmented payload than we expected. Avoid
00227      *      a problem in this case by allocating a bigger-than-IPV6_MRU buffer
00228      *      if first-received fragment has extension headers.
00229      */
00230     new_dgram->buf = buffer_get(unfrag_len + ipv6_frag_mru - 40);
00231     if (!new_dgram->buf) {
00232         ns_dyn_mem_free(new_dgram);
00233         return NULL;
00234     }
00235 
00236     new_dgram->fragmentable = new_dgram->buf->buf_end = new_dgram->buf->buf_ptr += unfrag_len;
00237     new_dgram->first_hole = 0xffff;
00238     create_hole(new_dgram, 0, 0xffff, &new_dgram->first_hole);
00239 
00240     new_dgram->buf->src_sa = buf->src_sa ;
00241     new_dgram->buf->dst_sa = buf->dst_sa ;
00242     new_dgram->id = id;
00243     new_dgram->age = 0;
00244     new_dgram->discard = false;
00245     new_dgram->had_last = false;
00246     new_dgram->ecn = buf->options .traffic_class  & IP_TCLASS_ECN_MASK;
00247     ns_list_add_to_start(&frag_list, new_dgram);
00248 
00249     return new_dgram;
00250 }
00251 
00252 /*
00253  * 4x4 combination array implementing the ECN combination rules from RFC 3168.
00254  *
00255  * Summary visualisation:      N10C
00256  *                            +----
00257  *                           N|NNN-
00258  *                           1|N11C
00259  *                           0|N10C
00260  *                           C|-CCC
00261  *
00262  * Each of the 16 entries, with justification:
00263  */
00264 static const int8_t frag_ecn_combination[4][4] = {
00265     // We MUST preserve the ECN codepoint when all fragments match.
00266     [IP_ECN_NOT_ECT][IP_ECN_NOT_ECT] = IP_ECN_NOT_ECT,
00267     [IP_ECN_ECT_0  ][IP_ECN_ECT_0  ] = IP_ECN_ECT_0,
00268     [IP_ECN_ECT_1  ][IP_ECN_ECT_1  ] = IP_ECN_ECT_1,
00269     [IP_ECN_CE     ][IP_ECN_CE     ] = IP_ECN_CE,
00270 
00271     // We MUST set CE if any fragment has CE...
00272     [IP_ECN_CE     ][IP_ECN_ECT_0  ] = IP_ECN_CE,
00273     [IP_ECN_CE     ][IP_ECN_ECT_1  ] = IP_ECN_CE,
00274     [IP_ECN_ECT_0  ][IP_ECN_CE     ] = IP_ECN_CE,
00275     [IP_ECN_ECT_1  ][IP_ECN_CE     ] = IP_ECN_CE,
00276 
00277     // ...except we MUST drop the packet if we see CE + Not-ECT.
00278     [IP_ECN_CE     ][IP_ECN_NOT_ECT] = IP_ECN__ILLEGAL,
00279     [IP_ECN_NOT_ECT][IP_ECN_CE     ] = IP_ECN__ILLEGAL,
00280 
00281     // For the remaining cases, RFC 3168 leaves us free to do anything.
00282     // To make the above CE+Not-ECT rule work in all delivery orders, with
00283     // intervening ECT fragments, Not-ECT overrides ECT.
00284     [IP_ECN_NOT_ECT][IP_ECN_ECT_0  ] = IP_ECN_NOT_ECT,
00285     [IP_ECN_NOT_ECT][IP_ECN_ECT_1  ] = IP_ECN_NOT_ECT,
00286     [IP_ECN_ECT_0  ][IP_ECN_NOT_ECT] = IP_ECN_NOT_ECT,
00287     [IP_ECN_ECT_1  ][IP_ECN_NOT_ECT] = IP_ECN_NOT_ECT,
00288 
00289     // Last two cases - RFC 3168 doesn't specify, but we follow the
00290     // model of RFC 6040 and RFC 6660 which for tunnelling make ECT(1)
00291     // take priority, as it can be used as a mild congestion indication.
00292     [IP_ECN_ECT_0  ][IP_ECN_ECT_1  ] = IP_ECN_ECT_1,
00293     [IP_ECN_ECT_1  ][IP_ECN_ECT_0  ] = IP_ECN_ECT_1
00294 };
00295 
00296 /*
00297  * RFC 2460 notes:
00298  *
00299  *  fragment packets:
00300  *
00301  *  +------------------+--------+--------------+
00302  *  |  Unfragmentable  |Fragment|    first     |
00303  *  |       Part       | Header |   fragment   |
00304  *  +------------------+--------+--------------+
00305  *
00306  *  +------------------+--------+--------------+
00307  *  |  Unfragmentable  |Fragment|    second    |
00308  *  |       Part       | Header |   fragment   |
00309  *  +------------------+--------+--------------+
00310  *                        o
00311  *                        o
00312  *                        o
00313  *  +------------------+--------+----------+
00314  *  |  Unfragmentable  |Fragment|   last   |
00315  *  |       Part       | Header | fragment |
00316  *  +------------------+--------+----------+
00317  *
00318  *  reassembled original packet:
00319  *
00320  *  +------------------+----------------------//------------------------+
00321  *  |  Unfragmentable  |                 Fragmentable                   |
00322  *  |       Part       |                     Part                       |
00323  *  +------------------+----------------------//------------------------+
00324  *
00325  *    The following rules govern reassembly:
00326  *
00327  *     An original packet is reassembled only from fragment packets that
00328  *     have the same Source Address, Destination Address, and Fragment
00329  *     Identification.
00330  *
00331  *     The Unfragmentable Part of the reassembled packet consists of all
00332  *     headers up to, but not including, the Fragment header of the first
00333  *     fragment packet (that is, the packet whose Fragment Offset is
00334  *     zero), with the following two changes:
00335  *
00336  *        The Next Header field of the last header of the Unfragmentable
00337  *        Part is obtained from the Next Header field of the first
00338  *        fragment's Fragment header.
00339  *
00340  *        The Payload Length of the reassembled packet is computed from
00341  *        the length of the Unfragmentable Part and the length and offset
00342  *        of the last fragment.
00343  *
00344  *   Fragment Header
00345  *
00346  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
00347  *  |  Next Header  |   Reserved    |      Fragment Offset    |Res|M|
00348  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
00349  *  |                         Identification                        |
00350  *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
00351  *
00352  *  Fragment Offset      13-bit unsigned integer.  The offset, in 8-octet
00353  *                       units, of the data following this header,
00354  *                       relative to the start of the Fragmentable Part
00355  *                       of the original packet.
00356  *
00357  *  M flag               1 = more fragments; 0 = last fragment.
00358  */
00359 
00360 /* On entry: frag_hdr -> fragment header
00361  *           nh_ptr -> Next Header octet in previous header
00362  *           payload_length = length of remaining data, including this header
00363  *           buffer data pointers describe entire IP fragment packet
00364  *           buffer src/dst filled in
00365  * Returns: Either reassembled packet (B_DIR_UP | B_TO_IPV6_FWD)
00366  *          or ICMP error response (B_DIR_DOWN | B_TO_ICMP)
00367  *          or NULL (fragment accepted, reassembly in progress)
00368  */
00369 buffer_t *ipv6_frag_up(buffer_t *frag_buf, const uint8_t *frag_hdr, uint8_t *nh_ptr, uint16_t payload_length)
00370 {
00371     if (payload_length <= 8) {
00372         return icmpv6_error(frag_buf, NULL, ICMPV6_TYPE_ERROR_PARAMETER_PROBLEM, ICMPV6_CODE_PARAM_PRB_HDR_ERR, 4);
00373     }
00374 
00375     payload_length -= 8;
00376 
00377     uint8_t *ip_hdr = buffer_data_pointer(frag_buf);
00378     uint16_t unfrag_len = frag_hdr - ip_hdr;
00379     uint16_t fragment_first = common_read_16_bit(frag_hdr + 2) & 0xFFF8;
00380     uint16_t fragment_last = fragment_first + payload_length - 1;
00381     bool more = frag_hdr[3] & 1;
00382 
00383     /* All fragments apart from last must be multiples of 8 */
00384     if (more && (payload_length & 7)) {
00385         return icmpv6_error(frag_buf, NULL, ICMPV6_TYPE_ERROR_PARAMETER_PROBLEM, ICMPV6_CODE_PARAM_PRB_HDR_ERR, 4);
00386     }
00387 
00388     /* Check we don't overflow 16-bit size */
00389     if (fragment_last < fragment_first) {
00390         return icmpv6_error(frag_buf, NULL, ICMPV6_TYPE_ERROR_PARAMETER_PROBLEM, ICMPV6_CODE_PARAM_PRB_HDR_ERR, frag_hdr + 2 - ip_hdr);
00391     }
00392 
00393     if (fragment_first == 0) {
00394         /* Replace "Next Header" byte in previous header */
00395         *nh_ptr = frag_hdr[0];
00396 
00397         if (!more) {
00398             /* Atomic fragment handling - strip out the fragment header.
00399              * See RFC 6946, which says that we require a special case for atomic
00400              * fragments:
00401              *
00402              *   A host that receives an IPv6 packet that includes a Fragment
00403              *   Header with the "Fragment Offset" equal to 0 and the "M" flag
00404              *   equal to 0 MUST process that packet in isolation from any other
00405              *   packets/fragments, even if such packets/fragments contain the same
00406              *   set {IPv6 Source Address, IPv6 Destination Address, Fragment
00407              *   Identification}.
00408              *
00409              * (Conceivably, we could just skip the header and keep parsing,
00410              * but this keeps it consistent with real fragments).
00411              */
00412 
00413             /* Move unfragmentable part up, eliminating fragment header */
00414             memmove(ip_hdr + 8, ip_hdr, unfrag_len);
00415             ip_hdr = buffer_data_strip_header(frag_buf, 8);
00416 
00417             /* Reduce Payload Length in IP header */
00418             uint16_t len = common_read_16_bit(ip_hdr + 4);
00419             common_write_16_bit(len - 8, ip_hdr + 4);
00420 
00421             frag_buf->offset  = unfrag_len;
00422             frag_buf->options .ip_extflags  |= IPEXT_FRAGMENT;
00423             frag_buf->info  = (buffer_info_t)(B_DIR_UP | B_TO_IPV6_FWD | B_FROM_IPV6_FWD);
00424             return frag_buf;
00425         }
00426     }
00427 
00428     /* Adjust buffer pointer to point to fragment data. ip_ptr remains
00429      * pointing at IP header, which we need for first fragment. */
00430     buffer_data_pointer_set(frag_buf, frag_hdr + 8);
00431 
00432     /* Locate or create datagram assembly buffer */
00433     uint32_t id = common_read_32_bit(frag_hdr + 4);
00434     ip_fragmented_datagram_t *dgram = ip_frag_dgram_lookup(frag_buf, id, unfrag_len);
00435     if (!dgram || dgram->discard) {
00436         protocol_stats_update(STATS_IP_RX_DROP, 1);
00437         return buffer_free(frag_buf);
00438     }
00439 
00440     buffer_t *dgram_buf = dgram->buf ;
00441 
00442     /* Length checks. For predictability, best to ensure we always try to
00443      * respect IPV6_MRU as a hard limit, which means a bit of care. */
00444     uint16_t limit;
00445     if (dgram_buf->buf_ptr  == dgram->fragmentable) {
00446         /* Haven't yet got final header size - good enough to do rough check;
00447          * we have enough buffer to fit MRU - min IP header size */
00448         limit = ipv6_frag_mru - 40;
00449     } else {
00450         /* We do know final header size, so can do precise MRU check */
00451         limit = ipv6_frag_mru - (dgram->fragmentable - dgram_buf->buf_ptr );
00452     }
00453     /* Make sure we have room for following data, and hence a hole descriptor */
00454     if (more) {
00455         limit -= 8;
00456     }
00457 
00458     if (fragment_last >= limit) {
00459         /* Fragment would make datagram exceed MRU */
00460         tr_warn("Datagram size %u too big", fragment_last + 1);
00461 fail:
00462         invalidate_datagram(dgram);
00463         protocol_stats_update(STATS_IP_RX_DROP, 1);
00464         return buffer_free(frag_buf);
00465     }
00466 
00467     /* Hole-filling algorithm, basically as per RFC815, but with added
00468      * checks for overlap (RFC 5722). We keep the hole list sorted to aid this,
00469      * (and Time Exceeded messages) - something RFC 815 doesn't strictly require.
00470      */
00471     uint16_t hole_off = dgram->first_hole;
00472     uint16_t *prev_ptr = &dgram->first_hole;
00473     bool okay = false;
00474     do {
00475         hole_t *hole = hole_pointer(dgram, hole_off);
00476         uint_fast16_t hole_first = hole->first;
00477         uint_fast16_t hole_last = hole->last;
00478 
00479         /* Fragment is beyond this hole - move to next (RFC 815 step 2) */
00480         if (fragment_first > hole_last) {
00481             prev_ptr = &hole->next;
00482             hole_off = hole->next;
00483             continue;
00484         }
00485 
00486         /* RFC 815 step 3 would have us check for fragment_last < hole_first,
00487          * and skipping, but we don't need/want to do that - it's covered by
00488          * the next check.
00489          */
00490 
00491         /* Unlike RFC 815, we now check for any overlap (RFC 5722) */
00492         if (fragment_first < hole_first || fragment_last > hole_last) {
00493             break;
00494         }
00495 
00496         /* Unhook this hole from the hole list (RFC 815 step 4) */
00497         delete_hole(dgram, hole_off, prev_ptr);
00498         hole = NULL;
00499 
00500         /* Create a new hole in front if necessary (RFC 815 step 5) */
00501         if (fragment_first > hole_first) {
00502             prev_ptr = &create_hole(dgram, hole_first, fragment_first - 1, prev_ptr)->next;
00503         }
00504 
00505         if (more) {
00506             /* Create a following hole if necessary (RFC 815 step 6) */
00507             if (fragment_last < hole_last) {
00508                 create_hole(dgram, fragment_last + 1, hole_last, prev_ptr);
00509             }
00510         } else {
00511             /* If we already have some later data, it's broken. */
00512             if (hole_last != 0xffff) {
00513                 break;
00514             }
00515             dgram->had_last = true;
00516         }
00517 
00518         /* Update end of buffer, if this is the last-placed fragment so far */
00519         if (hole_last == 0xffff) {
00520             dgram_buf->buf_end  = dgram->fragmentable + fragment_last + 1;
00521         }
00522 
00523         /* Unlike RFC 815, we're now done. We don't allow overlaps, so we finish
00524          * as soon as we identify one hole that it entirely or partially fills */
00525         okay = true;
00526         break;
00527     } while (hole_off != 0xffff);
00528 
00529     /* If /any/ reassembly problems - overlaps etc - abandon the datagram */
00530     if (!okay) {
00531         tr_warn("Reassembly error");
00532         goto fail;
00533     }
00534 
00535     /* Hole list updated, can now copy in the fragment data */
00536     memcpy(dgram_buf->buf  + dgram->fragmentable + fragment_first, buffer_data_pointer(frag_buf), fragment_last + 1 - fragment_first);
00537 
00538     /* Combine the "improper security" flags, so reassembled buffer's flag is set if any fragment wasn't secure */
00539     /* XXX should have some sort of overall "merge buffer metadata" routine handling this and whatever else */
00540     dgram_buf->options .ll_security_bypass_rx  |= frag_buf->options .ll_security_bypass_rx ;
00541 
00542     /* Combine the ECN field */
00543     dgram->ecn = frag_ecn_combination[dgram->ecn][frag_buf->options .traffic_class  & IP_TCLASS_ECN_MASK];
00544     if (dgram->ecn == IP_ECN__ILLEGAL) {
00545         tr_warn("Illegal ECN");
00546         goto fail;
00547     }
00548 
00549     /* Overlap checks above ensure first-packet processing only happens once */
00550     if (fragment_first == 0) {
00551         /* Now know final header size, so repeat MRU check */
00552         uint16_t frag_so_far = dgram_buf->buf_end  - dgram->fragmentable;
00553         if (!dgram->had_last) {
00554             /* This fudge factor represents our expectation of more data, and
00555              * also makes sure we memmove the trailing hole descriptor. */
00556             frag_so_far += 8;
00557         }
00558         if (unfrag_len + frag_so_far > ipv6_frag_mru) {
00559             tr_warn("Datagram size %u too big", unfrag_len + frag_so_far);
00560             goto fail;
00561         }
00562 
00563         if (dgram_buf->buf_ptr  < unfrag_len) {
00564             /* Didn't reserve enough space for header. Shuffle data up into what will be final position */
00565             /* We know we have buffer room, thanks to previous checks against IPV6_MRU */
00566             uint16_t new_frag_offset = dgram_buf->size  - ipv6_frag_mru + unfrag_len;
00567             memmove(dgram_buf->buf  + new_frag_offset, dgram_buf->buf  + dgram->fragmentable, frag_so_far);
00568             dgram->buf->buf_ptr = dgram->fragmentable = new_frag_offset;
00569         }
00570 
00571         /* Move the start pointer, and copy the header */
00572         memcpy(buffer_data_reserve_header(dgram_buf, unfrag_len), ip_hdr, unfrag_len);
00573 
00574         /* Clone the buffer header from this first fragment, preserving only size + pointers */
00575         /* Also the security flag, already merged above */
00576         bool buf_security = dgram_buf->options .ll_security_bypass_rx ;
00577         buffer_copy_metadata(dgram_buf, frag_buf, true);
00578         dgram_buf->options .ll_security_bypass_rx  = buf_security;
00579         /* Mark position of fragment header - allows skipping previous headers */
00580         dgram_buf->offset  = unfrag_len;
00581         dgram_buf->options .ip_extflags  |= IPEXT_FRAGMENT;
00582     }
00583 
00584     /* Free the original fragment buffer - we've extracted its juice */
00585     buffer_free(frag_buf);
00586 
00587     /* Thanks to David Clark, completion check is now simple */
00588     if (dgram->first_hole != 0xffff) {
00589         /* Not yet complete - processing finished on this fragment */
00590         return NULL;
00591     }
00592 
00593     /* First 8 bytes of the IP header, currently from the first fragment,
00594      * that we need to patch:
00595      * .               .               .               .               .
00596      * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
00597      * |Version|   DSCP    |ECN|           Flow Label                  |
00598      * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
00599      * |         Payload Length        |  Next Header  |   Hop Limit   |
00600      * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
00601      */
00602 
00603     /* Fill in the combined ECN - 2 bits in the middle of the second byte */
00604     buffer_data_pointer(dgram_buf)[1] &= ~(3 << 4);
00605     buffer_data_pointer(dgram_buf)[1] |= (dgram->ecn << 4);
00606 
00607     /* Fill in final IP header length */
00608     common_write_16_bit(buffer_data_length(dgram_buf) - 40, buffer_data_pointer(dgram_buf) + 4);
00609 
00610     /* We've completed the datagram. Free the assembly structures (but not the buffer!) */
00611     dgram->buf = NULL;
00612     free_datagram(dgram);
00613 
00614     /* Send on the completed datagram */
00615     dgram_buf->info  = (buffer_info_t)(B_DIR_UP | B_TO_IPV6_FWD | B_FROM_IPV6_FWD);
00616     return dgram_buf;
00617 }
00618 #endif /* NO_IP_FRAGMENT_RX */
00619 
00620 
00621 /*                         FRAGMENT CREATION
00622  *
00623  * Allow fragment TX to be disabled for constrained systems.
00624  * This would violate RFC 6434, which says all IPv6 nodes must be able to
00625  * generate fragment headers. (Even if our only link has the minimum 1280-byte
00626  * MTU, we may still need to insert a fragment header).
00627  */
00628 #ifndef NO_IP_FRAGMENT_TX
00629 buffer_t *ipv6_frag_down(buffer_t *dgram_buf)
00630 {
00631     uint8_t *ip_ptr = buffer_data_pointer(dgram_buf);
00632     uint16_t pmtu = ipv6_mtu(dgram_buf);
00633     uint8_t *frag_hdr;
00634     buffer_list_t frags_list = NS_LIST_INIT(frags_list);
00635     ipv6_destination_t *dest = ipv6_destination_lookup_or_create(dgram_buf->dst_sa .address , dgram_buf->interface ->id);
00636     if (!dest) {
00637         return buffer_free(dgram_buf);
00638     }
00639 
00640     /* Skip over HbH and Routing headers to reach fragmentable part. Assume
00641      * packet well-formed (we created it...).
00642      */
00643     uint8_t *nh_ptr = &ip_ptr[6];
00644     uint8_t nh = *nh_ptr;
00645     uint8_t *fragmentable = ip_ptr + 40;
00646     while (nh == IPV6_NH_HOP_BY_HOP || nh == IPV6_NH_ROUTING) {
00647         nh_ptr = &fragmentable[0];
00648         nh = *nh_ptr;
00649         fragmentable += (fragmentable[1] + 1) * 8;
00650     }
00651     uint16_t unfrag_len = fragmentable - ip_ptr;
00652     uint16_t fragmentable_len = buffer_data_end(dgram_buf) - fragmentable;
00653 
00654     *nh_ptr = IPV6_NH_FRAGMENT;
00655 
00656     /* Check for silly situation - can't fit any fragment data (8 for fragment
00657      * header, 8 for minimum fragment payload) */
00658     if (unfrag_len + 8 + 8 > pmtu) {
00659         goto failed;
00660     }
00661 
00662     ++dest->fragment_id;
00663 
00664     /* RFC 7112 requires the entire header chain to be in the first fragment. */
00665     /* We don't explicitly check for this, but it would be spectacularly unlikely. */
00666     /* I think it would require a super-sized routing header */
00667 
00668     /* This is much simpler (more simplistic?) than the 6LoWPAN fragmentation,
00669      * which relies on co-operation with lower layers to ensure it works one
00670      * fragment at a time. We make all the fragments in one go, meaning higher
00671      * overhead, but IP fragmentation should be pretty rare - we don't need
00672      * to optimise this.
00673      */
00674     for (uint16_t frag_offset = 0; fragmentable_len;) {
00675         /* How much going in this packet? */
00676         uint16_t frag_len = (pmtu - unfrag_len - 8);
00677         if (fragmentable_len > frag_len) {
00678             frag_len &= ~7;
00679         } else {
00680             frag_len = fragmentable_len;
00681         }
00682 
00683         buffer_t *frag_buf = buffer_get(unfrag_len + 8 + frag_len);
00684         if (!frag_buf) {
00685             goto failed;
00686         }
00687 
00688         /* Clone the buffer header, apart from size+ptr */
00689         buffer_copy_metadata(frag_buf, dgram_buf, false);
00690 
00691         /* We splat the socket, so no upper-layer callbacks from the fragments */
00692         buffer_socket_set(frag_buf, NULL);
00693 
00694         /* Construct the new packet contents */
00695         buffer_data_length_set(frag_buf, unfrag_len + 8 + frag_len);
00696         uint8_t *ptr = buffer_data_pointer(frag_buf);
00697         /* Unfragmentable part */
00698         memcpy(ptr, ip_ptr, unfrag_len);
00699         /* Adjust length in IP header */
00700         common_write_16_bit(unfrag_len - 40 + 8 + frag_len, ptr + 4);
00701         /* Fragment header */
00702         frag_hdr = ptr + unfrag_len;
00703         frag_hdr[0] = nh;
00704         frag_hdr[1] = 0;
00705         common_write_16_bit(frag_offset | (frag_len != fragmentable_len), frag_hdr + 2);
00706         common_write_32_bit(dest->fragment_id, frag_hdr + 4);
00707         /* Fragment data */
00708         memcpy(frag_hdr + 8, fragmentable + frag_offset, frag_len);
00709         fragmentable_len -= frag_len;
00710         frag_offset += frag_len;
00711 
00712         /* Add to our fragment list */
00713         ns_list_add_to_start(&frags_list, frag_buf);
00714     }
00715 
00716     /* Now have a list of fragment buffers - report "success" to the socket */
00717     /* (TCP may save the dgram payload here? It strips off headers, so okay...) */
00718     socket_tx_buffer_event_and_free(dgram_buf, SOCKET_TX_DONE);
00719 
00720     /* Push the fragments. Backwards, as it happens, but who cares? */
00721     ns_list_foreach_safe(buffer_t, f, &frags_list) {
00722         ns_list_remove(&frags_list, f);
00723         protocol_push(f);
00724     }
00725 
00726     return NULL;
00727 
00728 failed:
00729     /* Failed to allocate a buffer - no point sending any fragments if we
00730      * can't send all.
00731      */
00732     ns_list_foreach_safe(buffer_t, f, &frags_list) {
00733         ns_list_remove(&frags_list, f);
00734         buffer_free(f);
00735     }
00736 
00737     socket_tx_buffer_event_and_free(dgram_buf, SOCKET_NO_RAM);
00738     return NULL;
00739 }
00740 #endif /* NO_IP_FRAGMENT_TX */