Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: TYBLE16_simple_data_logger TYBLE16_MP3_Air
ipv6_fragmentation.c
00001 /* 00002 * Copyright (c) 2015-2019, Arm Limited and affiliates. 00003 * SPDX-License-Identifier: Apache-2.0 00004 * 00005 * Licensed under the Apache License, Version 2.0 (the "License"); 00006 * you may not use this file except in compliance with the License. 00007 * You may obtain a copy of the License at 00008 * 00009 * http://www.apache.org/licenses/LICENSE-2.0 00010 * 00011 * Unless required by applicable law or agreed to in writing, software 00012 * distributed under the License is distributed on an "AS IS" BASIS, 00013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00014 * See the License for the specific language governing permissions and 00015 * limitations under the License. 00016 */ 00017 /* IPv6 fragmentation and defragmentation 00018 * 00019 * (Could fairly easily be modified to also do IPv4) 00020 * 00021 * References: 00022 * 00023 * RFC 815 IP Datagram Reassembly Algorithms 00024 * RFC 3168 The Addition of Explicit Congestion Notification (ECN) to IP 00025 * RFC 6040 Tunnelling of Explicit Congestion Notification 00026 * RFC 6660 Encoding Three Pre-Congestion Notification (PCN) States in the 00027 * IP Header Using a Single Diffserv Codepoint (DSCP) 00028 * RFC 8200 Internet Protocol, Version 6 (IPv6) Specification 00029 * RFC 8201 Path MTU Discovery for IP version 6 00030 */ 00031 #include "nsconfig.h" 00032 #include "ns_types.h" 00033 #include "ns_list.h" 00034 #include "ns_trace.h" 00035 #include "common_functions.h" 00036 #include "nsdynmemLIB.h" 00037 #include <string.h> 00038 #include "ns_trace.h" 00039 #include "Core/include/ns_socket.h" 00040 #include "NWK_INTERFACE/Include/protocol.h" 00041 #include "Common_Protocols/ip.h" 00042 #include "Common_Protocols/ipv6.h" 00043 #include "Common_Protocols/icmpv6.h" 00044 #include "Common_Protocols/ipv6_fragmentation.h" 00045 00046 #include "NWK_INTERFACE/Include/protocol_stats.h" 00047 00048 #define TRACE_GROUP "Ifrg" 00049 00050 /* FRAGMENT REASSEMBLY 00051 * 00052 * Allow fragment RX to be disabled for really constrained systems. 00053 * This would violate RFC 2460 and RFC 6434 - all IPv6 nodes must be able to 00054 * process fragment headers and reassemble 1500-octet datagrams. 00055 */ 00056 #ifndef NO_IP_FRAGMENT_RX 00057 00058 static uint16_t ipv6_frag_mru = IPV6_FRAG_MRU; 00059 00060 typedef struct ip_fragmented_datagram { 00061 uint8_t age; 00062 bool discard; /* Set to ignore all future fragments (and not send Time Exceeded) */ 00063 bool had_last; 00064 int8_t ecn; 00065 uint32_t id; 00066 uint16_t fragmentable; /* Offset in buf->buf[] of fragmentable part */ 00067 uint16_t first_hole; /* Offset of first hole (relative to fragmentable part) */ 00068 buffer_t *buf; 00069 ns_list_link_t link; 00070 } ip_fragmented_datagram_t; 00071 00072 /* We reassemble into the datagram buffer in basically the style of RFC 815 */ 00073 /* An 6-byte hole descriptor is placed directly in buffer holes */ 00074 /* We link them them by buffer offset (relative to start of fragmentable section) */ 00075 /* Note the possible need to align means we can't use more than 7 bytes */ 00076 typedef struct hole { 00077 uint16_t first; 00078 uint16_t last; 00079 uint16_t next; 00080 } hole_t; 00081 00082 /* Given the offset of a hole in the datagram buffer, return an aligned pointer 00083 * to put a hole_t in it. We assume a "normal" platform requiring 2-byte 00084 * alignment for hole_t, and letting us manipulate uintptr_t in the conventional 00085 * fashion. 00086 */ 00087 static hole_t *hole_pointer(const ip_fragmented_datagram_t *dgram, uint16_t offset) 00088 { 00089 uintptr_t ptr = (uintptr_t)(dgram->buf->buf + dgram->fragmentable + offset); 00090 00091 return (hole_t *)((ptr + 1) & ~(uintptr_t) 1); 00092 } 00093 00094 static NS_LIST_DEFINE(frag_list, ip_fragmented_datagram_t, link); 00095 00096 /* Maximum time to hold fragments in seconds */ 00097 #define FRAG_TTL 60 00098 00099 /* How many partially-assembled datagrams we will hold */ 00100 #define MAX_FRAG_DATAGRAMS 4 00101 00102 /* Dummy negative ECN value used during assembly */ 00103 #define IP_ECN__ILLEGAL (-1) 00104 00105 /* RFC 5722 - discard already-received *and future* fragments */ 00106 static void invalidate_datagram(ip_fragmented_datagram_t *dgram) 00107 { 00108 // Would like to free the buffer here, but it contains the 00109 // source and destination address we need to match the datagram entry. 00110 dgram->discard = true; 00111 } 00112 00113 static void free_datagram(ip_fragmented_datagram_t *dgram) 00114 { 00115 ns_list_remove(&frag_list, dgram); 00116 if (dgram->buf) { 00117 buffer_free(dgram->buf); 00118 } 00119 ns_dyn_mem_free(dgram); 00120 } 00121 00122 /* We would be in trouble if last fragment is < 8 bytes, and we didn't have 00123 * room for the hole descriptor. Avoid a problem by ensuring that we always 00124 * allocate a multiple-of-8 reassembly buffer. 00125 */ 00126 uint16_t ipv6_frag_set_mru(uint16_t frag_mru) 00127 { 00128 frag_mru = (frag_mru + 7) & ~ UINT16_C(7); 00129 if (frag_mru < IPV6_MIN_FRAG_MRU) { 00130 frag_mru = (IPV6_MIN_FRAG_MRU + 7) & ~ UINT16_C(7); 00131 } 00132 if (ipv6_frag_mru != frag_mru) { 00133 /* I don't want to worry about the complications of changing MRU while 00134 * we've got ongoing reassembly. Simplest just to drop any pending. 00135 */ 00136 ns_list_foreach_safe(ip_fragmented_datagram_t, dgram, &frag_list) { 00137 free_datagram(dgram); 00138 } 00139 ipv6_frag_mru = frag_mru; 00140 } 00141 return ipv6_frag_mru; 00142 } 00143 00144 void ipv6_frag_timer(uint8_t secs) 00145 { 00146 ns_list_foreach_safe(ip_fragmented_datagram_t, dgram, &frag_list) { 00147 if ((dgram->age += secs) > FRAG_TTL) { 00148 uint16_t first_hole = dgram->first_hole; 00149 /* If we've received the first fragment, can send "time exceeded" */ 00150 if (first_hole != 0 && !dgram->discard) { 00151 /* Take as much as we've got, up to first hole; icmpv6_error will limit to min MTU */ 00152 dgram->buf->buf_end = dgram->fragmentable + first_hole; 00153 /* Fill in IP header length */ 00154 common_write_16_bit(buffer_data_length(dgram->buf) - 40, buffer_data_pointer(dgram->buf) + 4); 00155 00156 buffer_t *err = icmpv6_error(dgram->buf, NULL, ICMPV6_TYPE_ERROR_TIME_EXCEEDED, ICMPV6_CODE_TME_EXCD_FRG_REASS_TME_EXCD, 0); 00157 protocol_push(err); 00158 dgram->buf = NULL; 00159 } 00160 free_datagram(dgram); 00161 } 00162 } 00163 } 00164 00165 static void delete_hole(ip_fragmented_datagram_t *dgram, uint16_t hole, uint16_t *prev_ptr) 00166 { 00167 hole_t *hole_ptr = hole_pointer(dgram, hole); 00168 00169 *prev_ptr = hole_ptr->next; 00170 } 00171 00172 static hole_t *create_hole(ip_fragmented_datagram_t *dgram, uint16_t first, uint16_t last, uint16_t *prev_ptr) 00173 { 00174 hole_t *hole_ptr = hole_pointer(dgram, first); 00175 hole_ptr->first = first; 00176 hole_ptr->last = last; 00177 hole_ptr->next = *prev_ptr; 00178 00179 *prev_ptr = first; 00180 return hole_ptr; 00181 } 00182 00183 static ip_fragmented_datagram_t *ip_frag_dgram_lookup(buffer_t *buf, uint32_t id, uint16_t unfrag_len) 00184 { 00185 int_fast8_t count = 0; 00186 ns_list_foreach(ip_fragmented_datagram_t, dgram, &frag_list) { 00187 if (id == dgram->id && 00188 addr_ipv6_equal(buf->src_sa .address , dgram->buf->src_sa.address) && 00189 addr_ipv6_equal(buf->dst_sa .address , dgram->buf->dst_sa.address)) { 00190 return dgram; 00191 } 00192 count++; 00193 } 00194 00195 /* Not found - create one */ 00196 if (count >= MAX_FRAG_DATAGRAMS) { 00197 free_datagram(ns_list_get_last(&frag_list)); 00198 } 00199 00200 ip_fragmented_datagram_t *new_dgram = ns_dyn_mem_temporary_alloc(sizeof(ip_fragmented_datagram_t)); 00201 if (!new_dgram) { 00202 return NULL; 00203 } 00204 00205 /* We track payload holes as per RFC 815, roughly, and reserve header 00206 * room in front, based on the unfragmentable size of the first-received 00207 * fragment. 00208 * 00209 * So initial state is: 00210 * 00211 * buf_ptr -> default buffer headroom + first-received-fragment header size 00212 * fragmentable = buf_end = buf_ptr = offset of where fragments are assembled. 00213 * 00214 * When we receive the first (0-offset) fragment, we move down buf_ptr to 00215 * put in its header, and when we receive the final (M=0) fragment, we 00216 * set buf_end accordingly. 00217 * 00218 * Two odd cases to worry about: 00219 * 00220 * 1) First fragment is not received first, and has a larger 00221 * header than our first-received fragment. In this case, we 00222 * shuffle data if required when we get that first fragment. 00223 * (Actual shuffle will normally be avoided by buffer headroom slack). 00224 * 2) First fragment is not received first, and has a smaller 00225 * header than our first-received fragment, meaning an IPV6_MRU-sized 00226 * datagram may have more fragmented payload than we expected. Avoid 00227 * a problem in this case by allocating a bigger-than-IPV6_MRU buffer 00228 * if first-received fragment has extension headers. 00229 */ 00230 new_dgram->buf = buffer_get(unfrag_len + ipv6_frag_mru - 40); 00231 if (!new_dgram->buf) { 00232 ns_dyn_mem_free(new_dgram); 00233 return NULL; 00234 } 00235 00236 new_dgram->fragmentable = new_dgram->buf->buf_end = new_dgram->buf->buf_ptr += unfrag_len; 00237 new_dgram->first_hole = 0xffff; 00238 create_hole(new_dgram, 0, 0xffff, &new_dgram->first_hole); 00239 00240 new_dgram->buf->src_sa = buf->src_sa ; 00241 new_dgram->buf->dst_sa = buf->dst_sa ; 00242 new_dgram->id = id; 00243 new_dgram->age = 0; 00244 new_dgram->discard = false; 00245 new_dgram->had_last = false; 00246 new_dgram->ecn = buf->options .traffic_class & IP_TCLASS_ECN_MASK; 00247 ns_list_add_to_start(&frag_list, new_dgram); 00248 00249 return new_dgram; 00250 } 00251 00252 /* 00253 * 4x4 combination array implementing the ECN combination rules from RFC 3168. 00254 * 00255 * Summary visualisation: N10C 00256 * +---- 00257 * N|NNN- 00258 * 1|N11C 00259 * 0|N10C 00260 * C|-CCC 00261 * 00262 * Each of the 16 entries, with justification: 00263 */ 00264 static const int8_t frag_ecn_combination[4][4] = { 00265 // We MUST preserve the ECN codepoint when all fragments match. 00266 [IP_ECN_NOT_ECT][IP_ECN_NOT_ECT] = IP_ECN_NOT_ECT, 00267 [IP_ECN_ECT_0 ][IP_ECN_ECT_0 ] = IP_ECN_ECT_0, 00268 [IP_ECN_ECT_1 ][IP_ECN_ECT_1 ] = IP_ECN_ECT_1, 00269 [IP_ECN_CE ][IP_ECN_CE ] = IP_ECN_CE, 00270 00271 // We MUST set CE if any fragment has CE... 00272 [IP_ECN_CE ][IP_ECN_ECT_0 ] = IP_ECN_CE, 00273 [IP_ECN_CE ][IP_ECN_ECT_1 ] = IP_ECN_CE, 00274 [IP_ECN_ECT_0 ][IP_ECN_CE ] = IP_ECN_CE, 00275 [IP_ECN_ECT_1 ][IP_ECN_CE ] = IP_ECN_CE, 00276 00277 // ...except we MUST drop the packet if we see CE + Not-ECT. 00278 [IP_ECN_CE ][IP_ECN_NOT_ECT] = IP_ECN__ILLEGAL, 00279 [IP_ECN_NOT_ECT][IP_ECN_CE ] = IP_ECN__ILLEGAL, 00280 00281 // For the remaining cases, RFC 3168 leaves us free to do anything. 00282 // To make the above CE+Not-ECT rule work in all delivery orders, with 00283 // intervening ECT fragments, Not-ECT overrides ECT. 00284 [IP_ECN_NOT_ECT][IP_ECN_ECT_0 ] = IP_ECN_NOT_ECT, 00285 [IP_ECN_NOT_ECT][IP_ECN_ECT_1 ] = IP_ECN_NOT_ECT, 00286 [IP_ECN_ECT_0 ][IP_ECN_NOT_ECT] = IP_ECN_NOT_ECT, 00287 [IP_ECN_ECT_1 ][IP_ECN_NOT_ECT] = IP_ECN_NOT_ECT, 00288 00289 // Last two cases - RFC 3168 doesn't specify, but we follow the 00290 // model of RFC 6040 and RFC 6660 which for tunnelling make ECT(1) 00291 // take priority, as it can be used as a mild congestion indication. 00292 [IP_ECN_ECT_0 ][IP_ECN_ECT_1 ] = IP_ECN_ECT_1, 00293 [IP_ECN_ECT_1 ][IP_ECN_ECT_0 ] = IP_ECN_ECT_1 00294 }; 00295 00296 /* 00297 * RFC 2460 notes: 00298 * 00299 * fragment packets: 00300 * 00301 * +------------------+--------+--------------+ 00302 * | Unfragmentable |Fragment| first | 00303 * | Part | Header | fragment | 00304 * +------------------+--------+--------------+ 00305 * 00306 * +------------------+--------+--------------+ 00307 * | Unfragmentable |Fragment| second | 00308 * | Part | Header | fragment | 00309 * +------------------+--------+--------------+ 00310 * o 00311 * o 00312 * o 00313 * +------------------+--------+----------+ 00314 * | Unfragmentable |Fragment| last | 00315 * | Part | Header | fragment | 00316 * +------------------+--------+----------+ 00317 * 00318 * reassembled original packet: 00319 * 00320 * +------------------+----------------------//------------------------+ 00321 * | Unfragmentable | Fragmentable | 00322 * | Part | Part | 00323 * +------------------+----------------------//------------------------+ 00324 * 00325 * The following rules govern reassembly: 00326 * 00327 * An original packet is reassembled only from fragment packets that 00328 * have the same Source Address, Destination Address, and Fragment 00329 * Identification. 00330 * 00331 * The Unfragmentable Part of the reassembled packet consists of all 00332 * headers up to, but not including, the Fragment header of the first 00333 * fragment packet (that is, the packet whose Fragment Offset is 00334 * zero), with the following two changes: 00335 * 00336 * The Next Header field of the last header of the Unfragmentable 00337 * Part is obtained from the Next Header field of the first 00338 * fragment's Fragment header. 00339 * 00340 * The Payload Length of the reassembled packet is computed from 00341 * the length of the Unfragmentable Part and the length and offset 00342 * of the last fragment. 00343 * 00344 * Fragment Header 00345 * 00346 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 00347 * | Next Header | Reserved | Fragment Offset |Res|M| 00348 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 00349 * | Identification | 00350 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 00351 * 00352 * Fragment Offset 13-bit unsigned integer. The offset, in 8-octet 00353 * units, of the data following this header, 00354 * relative to the start of the Fragmentable Part 00355 * of the original packet. 00356 * 00357 * M flag 1 = more fragments; 0 = last fragment. 00358 */ 00359 00360 /* On entry: frag_hdr -> fragment header 00361 * nh_ptr -> Next Header octet in previous header 00362 * payload_length = length of remaining data, including this header 00363 * buffer data pointers describe entire IP fragment packet 00364 * buffer src/dst filled in 00365 * Returns: Either reassembled packet (B_DIR_UP | B_TO_IPV6_FWD) 00366 * or ICMP error response (B_DIR_DOWN | B_TO_ICMP) 00367 * or NULL (fragment accepted, reassembly in progress) 00368 */ 00369 buffer_t *ipv6_frag_up(buffer_t *frag_buf, const uint8_t *frag_hdr, uint8_t *nh_ptr, uint16_t payload_length) 00370 { 00371 if (payload_length <= 8) { 00372 return icmpv6_error(frag_buf, NULL, ICMPV6_TYPE_ERROR_PARAMETER_PROBLEM, ICMPV6_CODE_PARAM_PRB_HDR_ERR, 4); 00373 } 00374 00375 payload_length -= 8; 00376 00377 uint8_t *ip_hdr = buffer_data_pointer(frag_buf); 00378 uint16_t unfrag_len = frag_hdr - ip_hdr; 00379 uint16_t fragment_first = common_read_16_bit(frag_hdr + 2) & 0xFFF8; 00380 uint16_t fragment_last = fragment_first + payload_length - 1; 00381 bool more = frag_hdr[3] & 1; 00382 00383 /* All fragments apart from last must be multiples of 8 */ 00384 if (more && (payload_length & 7)) { 00385 return icmpv6_error(frag_buf, NULL, ICMPV6_TYPE_ERROR_PARAMETER_PROBLEM, ICMPV6_CODE_PARAM_PRB_HDR_ERR, 4); 00386 } 00387 00388 /* Check we don't overflow 16-bit size */ 00389 if (fragment_last < fragment_first) { 00390 return icmpv6_error(frag_buf, NULL, ICMPV6_TYPE_ERROR_PARAMETER_PROBLEM, ICMPV6_CODE_PARAM_PRB_HDR_ERR, frag_hdr + 2 - ip_hdr); 00391 } 00392 00393 if (fragment_first == 0) { 00394 /* Replace "Next Header" byte in previous header */ 00395 *nh_ptr = frag_hdr[0]; 00396 00397 if (!more) { 00398 /* Atomic fragment handling - strip out the fragment header. 00399 * See RFC 6946, which says that we require a special case for atomic 00400 * fragments: 00401 * 00402 * A host that receives an IPv6 packet that includes a Fragment 00403 * Header with the "Fragment Offset" equal to 0 and the "M" flag 00404 * equal to 0 MUST process that packet in isolation from any other 00405 * packets/fragments, even if such packets/fragments contain the same 00406 * set {IPv6 Source Address, IPv6 Destination Address, Fragment 00407 * Identification}. 00408 * 00409 * (Conceivably, we could just skip the header and keep parsing, 00410 * but this keeps it consistent with real fragments). 00411 */ 00412 00413 /* Move unfragmentable part up, eliminating fragment header */ 00414 memmove(ip_hdr + 8, ip_hdr, unfrag_len); 00415 ip_hdr = buffer_data_strip_header(frag_buf, 8); 00416 00417 /* Reduce Payload Length in IP header */ 00418 uint16_t len = common_read_16_bit(ip_hdr + 4); 00419 common_write_16_bit(len - 8, ip_hdr + 4); 00420 00421 frag_buf->offset = unfrag_len; 00422 frag_buf->options .ip_extflags |= IPEXT_FRAGMENT; 00423 frag_buf->info = (buffer_info_t)(B_DIR_UP | B_TO_IPV6_FWD | B_FROM_IPV6_FWD); 00424 return frag_buf; 00425 } 00426 } 00427 00428 /* Adjust buffer pointer to point to fragment data. ip_ptr remains 00429 * pointing at IP header, which we need for first fragment. */ 00430 buffer_data_pointer_set(frag_buf, frag_hdr + 8); 00431 00432 /* Locate or create datagram assembly buffer */ 00433 uint32_t id = common_read_32_bit(frag_hdr + 4); 00434 ip_fragmented_datagram_t *dgram = ip_frag_dgram_lookup(frag_buf, id, unfrag_len); 00435 if (!dgram || dgram->discard) { 00436 protocol_stats_update(STATS_IP_RX_DROP, 1); 00437 return buffer_free(frag_buf); 00438 } 00439 00440 buffer_t *dgram_buf = dgram->buf ; 00441 00442 /* Length checks. For predictability, best to ensure we always try to 00443 * respect IPV6_MRU as a hard limit, which means a bit of care. */ 00444 uint16_t limit; 00445 if (dgram_buf->buf_ptr == dgram->fragmentable) { 00446 /* Haven't yet got final header size - good enough to do rough check; 00447 * we have enough buffer to fit MRU - min IP header size */ 00448 limit = ipv6_frag_mru - 40; 00449 } else { 00450 /* We do know final header size, so can do precise MRU check */ 00451 limit = ipv6_frag_mru - (dgram->fragmentable - dgram_buf->buf_ptr ); 00452 } 00453 /* Make sure we have room for following data, and hence a hole descriptor */ 00454 if (more) { 00455 limit -= 8; 00456 } 00457 00458 if (fragment_last >= limit) { 00459 /* Fragment would make datagram exceed MRU */ 00460 tr_warn("Datagram size %u too big", fragment_last + 1); 00461 fail: 00462 invalidate_datagram(dgram); 00463 protocol_stats_update(STATS_IP_RX_DROP, 1); 00464 return buffer_free(frag_buf); 00465 } 00466 00467 /* Hole-filling algorithm, basically as per RFC815, but with added 00468 * checks for overlap (RFC 5722). We keep the hole list sorted to aid this, 00469 * (and Time Exceeded messages) - something RFC 815 doesn't strictly require. 00470 */ 00471 uint16_t hole_off = dgram->first_hole; 00472 uint16_t *prev_ptr = &dgram->first_hole; 00473 bool okay = false; 00474 do { 00475 hole_t *hole = hole_pointer(dgram, hole_off); 00476 uint_fast16_t hole_first = hole->first; 00477 uint_fast16_t hole_last = hole->last; 00478 00479 /* Fragment is beyond this hole - move to next (RFC 815 step 2) */ 00480 if (fragment_first > hole_last) { 00481 prev_ptr = &hole->next; 00482 hole_off = hole->next; 00483 continue; 00484 } 00485 00486 /* RFC 815 step 3 would have us check for fragment_last < hole_first, 00487 * and skipping, but we don't need/want to do that - it's covered by 00488 * the next check. 00489 */ 00490 00491 /* Unlike RFC 815, we now check for any overlap (RFC 5722) */ 00492 if (fragment_first < hole_first || fragment_last > hole_last) { 00493 break; 00494 } 00495 00496 /* Unhook this hole from the hole list (RFC 815 step 4) */ 00497 delete_hole(dgram, hole_off, prev_ptr); 00498 hole = NULL; 00499 00500 /* Create a new hole in front if necessary (RFC 815 step 5) */ 00501 if (fragment_first > hole_first) { 00502 prev_ptr = &create_hole(dgram, hole_first, fragment_first - 1, prev_ptr)->next; 00503 } 00504 00505 if (more) { 00506 /* Create a following hole if necessary (RFC 815 step 6) */ 00507 if (fragment_last < hole_last) { 00508 create_hole(dgram, fragment_last + 1, hole_last, prev_ptr); 00509 } 00510 } else { 00511 /* If we already have some later data, it's broken. */ 00512 if (hole_last != 0xffff) { 00513 break; 00514 } 00515 dgram->had_last = true; 00516 } 00517 00518 /* Update end of buffer, if this is the last-placed fragment so far */ 00519 if (hole_last == 0xffff) { 00520 dgram_buf->buf_end = dgram->fragmentable + fragment_last + 1; 00521 } 00522 00523 /* Unlike RFC 815, we're now done. We don't allow overlaps, so we finish 00524 * as soon as we identify one hole that it entirely or partially fills */ 00525 okay = true; 00526 break; 00527 } while (hole_off != 0xffff); 00528 00529 /* If /any/ reassembly problems - overlaps etc - abandon the datagram */ 00530 if (!okay) { 00531 tr_warn("Reassembly error"); 00532 goto fail; 00533 } 00534 00535 /* Hole list updated, can now copy in the fragment data */ 00536 memcpy(dgram_buf->buf + dgram->fragmentable + fragment_first, buffer_data_pointer(frag_buf), fragment_last + 1 - fragment_first); 00537 00538 /* Combine the "improper security" flags, so reassembled buffer's flag is set if any fragment wasn't secure */ 00539 /* XXX should have some sort of overall "merge buffer metadata" routine handling this and whatever else */ 00540 dgram_buf->options .ll_security_bypass_rx |= frag_buf->options .ll_security_bypass_rx ; 00541 00542 /* Combine the ECN field */ 00543 dgram->ecn = frag_ecn_combination[dgram->ecn][frag_buf->options .traffic_class & IP_TCLASS_ECN_MASK]; 00544 if (dgram->ecn == IP_ECN__ILLEGAL) { 00545 tr_warn("Illegal ECN"); 00546 goto fail; 00547 } 00548 00549 /* Overlap checks above ensure first-packet processing only happens once */ 00550 if (fragment_first == 0) { 00551 /* Now know final header size, so repeat MRU check */ 00552 uint16_t frag_so_far = dgram_buf->buf_end - dgram->fragmentable; 00553 if (!dgram->had_last) { 00554 /* This fudge factor represents our expectation of more data, and 00555 * also makes sure we memmove the trailing hole descriptor. */ 00556 frag_so_far += 8; 00557 } 00558 if (unfrag_len + frag_so_far > ipv6_frag_mru) { 00559 tr_warn("Datagram size %u too big", unfrag_len + frag_so_far); 00560 goto fail; 00561 } 00562 00563 if (dgram_buf->buf_ptr < unfrag_len) { 00564 /* Didn't reserve enough space for header. Shuffle data up into what will be final position */ 00565 /* We know we have buffer room, thanks to previous checks against IPV6_MRU */ 00566 uint16_t new_frag_offset = dgram_buf->size - ipv6_frag_mru + unfrag_len; 00567 memmove(dgram_buf->buf + new_frag_offset, dgram_buf->buf + dgram->fragmentable, frag_so_far); 00568 dgram->buf->buf_ptr = dgram->fragmentable = new_frag_offset; 00569 } 00570 00571 /* Move the start pointer, and copy the header */ 00572 memcpy(buffer_data_reserve_header(dgram_buf, unfrag_len), ip_hdr, unfrag_len); 00573 00574 /* Clone the buffer header from this first fragment, preserving only size + pointers */ 00575 /* Also the security flag, already merged above */ 00576 bool buf_security = dgram_buf->options .ll_security_bypass_rx ; 00577 buffer_copy_metadata(dgram_buf, frag_buf, true); 00578 dgram_buf->options .ll_security_bypass_rx = buf_security; 00579 /* Mark position of fragment header - allows skipping previous headers */ 00580 dgram_buf->offset = unfrag_len; 00581 dgram_buf->options .ip_extflags |= IPEXT_FRAGMENT; 00582 } 00583 00584 /* Free the original fragment buffer - we've extracted its juice */ 00585 buffer_free(frag_buf); 00586 00587 /* Thanks to David Clark, completion check is now simple */ 00588 if (dgram->first_hole != 0xffff) { 00589 /* Not yet complete - processing finished on this fragment */ 00590 return NULL; 00591 } 00592 00593 /* First 8 bytes of the IP header, currently from the first fragment, 00594 * that we need to patch: 00595 * . . . . . 00596 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 00597 * |Version| DSCP |ECN| Flow Label | 00598 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 00599 * | Payload Length | Next Header | Hop Limit | 00600 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 00601 */ 00602 00603 /* Fill in the combined ECN - 2 bits in the middle of the second byte */ 00604 buffer_data_pointer(dgram_buf)[1] &= ~(3 << 4); 00605 buffer_data_pointer(dgram_buf)[1] |= (dgram->ecn << 4); 00606 00607 /* Fill in final IP header length */ 00608 common_write_16_bit(buffer_data_length(dgram_buf) - 40, buffer_data_pointer(dgram_buf) + 4); 00609 00610 /* We've completed the datagram. Free the assembly structures (but not the buffer!) */ 00611 dgram->buf = NULL; 00612 free_datagram(dgram); 00613 00614 /* Send on the completed datagram */ 00615 dgram_buf->info = (buffer_info_t)(B_DIR_UP | B_TO_IPV6_FWD | B_FROM_IPV6_FWD); 00616 return dgram_buf; 00617 } 00618 #endif /* NO_IP_FRAGMENT_RX */ 00619 00620 00621 /* FRAGMENT CREATION 00622 * 00623 * Allow fragment TX to be disabled for constrained systems. 00624 * This would violate RFC 6434, which says all IPv6 nodes must be able to 00625 * generate fragment headers. (Even if our only link has the minimum 1280-byte 00626 * MTU, we may still need to insert a fragment header). 00627 */ 00628 #ifndef NO_IP_FRAGMENT_TX 00629 buffer_t *ipv6_frag_down(buffer_t *dgram_buf) 00630 { 00631 uint8_t *ip_ptr = buffer_data_pointer(dgram_buf); 00632 uint16_t pmtu = ipv6_mtu(dgram_buf); 00633 uint8_t *frag_hdr; 00634 buffer_list_t frags_list = NS_LIST_INIT(frags_list); 00635 ipv6_destination_t *dest = ipv6_destination_lookup_or_create(dgram_buf->dst_sa .address , dgram_buf->interface ->id); 00636 if (!dest) { 00637 return buffer_free(dgram_buf); 00638 } 00639 00640 /* Skip over HbH and Routing headers to reach fragmentable part. Assume 00641 * packet well-formed (we created it...). 00642 */ 00643 uint8_t *nh_ptr = &ip_ptr[6]; 00644 uint8_t nh = *nh_ptr; 00645 uint8_t *fragmentable = ip_ptr + 40; 00646 while (nh == IPV6_NH_HOP_BY_HOP || nh == IPV6_NH_ROUTING) { 00647 nh_ptr = &fragmentable[0]; 00648 nh = *nh_ptr; 00649 fragmentable += (fragmentable[1] + 1) * 8; 00650 } 00651 uint16_t unfrag_len = fragmentable - ip_ptr; 00652 uint16_t fragmentable_len = buffer_data_end(dgram_buf) - fragmentable; 00653 00654 *nh_ptr = IPV6_NH_FRAGMENT; 00655 00656 /* Check for silly situation - can't fit any fragment data (8 for fragment 00657 * header, 8 for minimum fragment payload) */ 00658 if (unfrag_len + 8 + 8 > pmtu) { 00659 goto failed; 00660 } 00661 00662 ++dest->fragment_id; 00663 00664 /* RFC 7112 requires the entire header chain to be in the first fragment. */ 00665 /* We don't explicitly check for this, but it would be spectacularly unlikely. */ 00666 /* I think it would require a super-sized routing header */ 00667 00668 /* This is much simpler (more simplistic?) than the 6LoWPAN fragmentation, 00669 * which relies on co-operation with lower layers to ensure it works one 00670 * fragment at a time. We make all the fragments in one go, meaning higher 00671 * overhead, but IP fragmentation should be pretty rare - we don't need 00672 * to optimise this. 00673 */ 00674 for (uint16_t frag_offset = 0; fragmentable_len;) { 00675 /* How much going in this packet? */ 00676 uint16_t frag_len = (pmtu - unfrag_len - 8); 00677 if (fragmentable_len > frag_len) { 00678 frag_len &= ~7; 00679 } else { 00680 frag_len = fragmentable_len; 00681 } 00682 00683 buffer_t *frag_buf = buffer_get(unfrag_len + 8 + frag_len); 00684 if (!frag_buf) { 00685 goto failed; 00686 } 00687 00688 /* Clone the buffer header, apart from size+ptr */ 00689 buffer_copy_metadata(frag_buf, dgram_buf, false); 00690 00691 /* We splat the socket, so no upper-layer callbacks from the fragments */ 00692 buffer_socket_set(frag_buf, NULL); 00693 00694 /* Construct the new packet contents */ 00695 buffer_data_length_set(frag_buf, unfrag_len + 8 + frag_len); 00696 uint8_t *ptr = buffer_data_pointer(frag_buf); 00697 /* Unfragmentable part */ 00698 memcpy(ptr, ip_ptr, unfrag_len); 00699 /* Adjust length in IP header */ 00700 common_write_16_bit(unfrag_len - 40 + 8 + frag_len, ptr + 4); 00701 /* Fragment header */ 00702 frag_hdr = ptr + unfrag_len; 00703 frag_hdr[0] = nh; 00704 frag_hdr[1] = 0; 00705 common_write_16_bit(frag_offset | (frag_len != fragmentable_len), frag_hdr + 2); 00706 common_write_32_bit(dest->fragment_id, frag_hdr + 4); 00707 /* Fragment data */ 00708 memcpy(frag_hdr + 8, fragmentable + frag_offset, frag_len); 00709 fragmentable_len -= frag_len; 00710 frag_offset += frag_len; 00711 00712 /* Add to our fragment list */ 00713 ns_list_add_to_start(&frags_list, frag_buf); 00714 } 00715 00716 /* Now have a list of fragment buffers - report "success" to the socket */ 00717 /* (TCP may save the dgram payload here? It strips off headers, so okay...) */ 00718 socket_tx_buffer_event_and_free(dgram_buf, SOCKET_TX_DONE); 00719 00720 /* Push the fragments. Backwards, as it happens, but who cares? */ 00721 ns_list_foreach_safe(buffer_t, f, &frags_list) { 00722 ns_list_remove(&frags_list, f); 00723 protocol_push(f); 00724 } 00725 00726 return NULL; 00727 00728 failed: 00729 /* Failed to allocate a buffer - no point sending any fragments if we 00730 * can't send all. 00731 */ 00732 ns_list_foreach_safe(buffer_t, f, &frags_list) { 00733 ns_list_remove(&frags_list, f); 00734 buffer_free(f); 00735 } 00736 00737 socket_tx_buffer_event_and_free(dgram_buf, SOCKET_NO_RAM); 00738 return NULL; 00739 } 00740 #endif /* NO_IP_FRAGMENT_TX */
Generated on Tue Jul 12 2022 13:54:25 by
