Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: TYBLE16_simple_data_logger TYBLE16_MP3_Air
lwip_ip6_frag.c
00001 /** 00002 * @file 00003 * 00004 * IPv6 fragmentation and reassembly. 00005 */ 00006 00007 /* 00008 * Copyright (c) 2010 Inico Technologies Ltd. 00009 * All rights reserved. 00010 * 00011 * Redistribution and use in source and binary forms, with or without modification, 00012 * are permitted provided that the following conditions are met: 00013 * 00014 * 1. Redistributions of source code must retain the above copyright notice, 00015 * this list of conditions and the following disclaimer. 00016 * 2. Redistributions in binary form must reproduce the above copyright notice, 00017 * this list of conditions and the following disclaimer in the documentation 00018 * and/or other materials provided with the distribution. 00019 * 3. The name of the author may not be used to endorse or promote products 00020 * derived from this software without specific prior written permission. 00021 * 00022 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 00023 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 00024 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 00025 * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 00026 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 00027 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 00028 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 00029 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 00030 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 00031 * OF SUCH DAMAGE. 00032 * 00033 * This file is part of the lwIP TCP/IP stack. 00034 * 00035 * Author: Ivan Delamer <delamer@inicotech.com> 00036 * 00037 * 00038 * Please coordinate changes and requests with Ivan Delamer 00039 * <delamer@inicotech.com> 00040 */ 00041 00042 #include "lwip/opt.h" 00043 #include "lwip/ip6_frag.h" 00044 #include "lwip/ip6.h" 00045 #include "lwip/icmp6.h" 00046 #include "lwip/nd6.h" 00047 #include "lwip/ip.h" 00048 00049 #include "lwip/pbuf.h" 00050 #include "lwip/memp.h" 00051 #include "lwip/stats.h" 00052 00053 #include <string.h> 00054 00055 #if LWIP_IPV6 && LWIP_IPV6_REASS /* don't build if not configured for use in lwipopts.h */ 00056 00057 00058 /** Setting this to 0, you can turn off checking the fragments for overlapping 00059 * regions. The code gets a little smaller. Only use this if you know that 00060 * overlapping won't occur on your network! */ 00061 #ifndef IP_REASS_CHECK_OVERLAP 00062 #define IP_REASS_CHECK_OVERLAP 1 00063 #endif /* IP_REASS_CHECK_OVERLAP */ 00064 00065 /** Set to 0 to prevent freeing the oldest datagram when the reassembly buffer is 00066 * full (IP_REASS_MAX_PBUFS pbufs are enqueued). The code gets a little smaller. 00067 * Datagrams will be freed by timeout only. Especially useful when MEMP_NUM_REASSDATA 00068 * is set to 1, so one datagram can be reassembled at a time, only. */ 00069 #ifndef IP_REASS_FREE_OLDEST 00070 #define IP_REASS_FREE_OLDEST 1 00071 #endif /* IP_REASS_FREE_OLDEST */ 00072 00073 #if IPV6_FRAG_COPYHEADER 00074 /* The number of bytes we need to "borrow" from (i.e., overwrite in) the header 00075 * that precedes the fragment header for reassembly pruposes. */ 00076 #define IPV6_FRAG_REQROOM ((s16_t)(sizeof(struct ip6_reass_helper) - IP6_FRAG_HLEN)) 00077 #endif 00078 00079 #define IP_REASS_FLAG_LASTFRAG 0x01 00080 00081 /** This is a helper struct which holds the starting 00082 * offset and the ending offset of this fragment to 00083 * easily chain the fragments. 00084 * It has the same packing requirements as the IPv6 header, since it replaces 00085 * the Fragment Header in memory in incoming fragments to keep 00086 * track of the various fragments. 00087 */ 00088 #ifdef PACK_STRUCT_USE_INCLUDES 00089 # include "arch/bpstruct.h" 00090 #endif 00091 PACK_STRUCT_BEGIN 00092 struct ip6_reass_helper { 00093 PACK_STRUCT_FIELD(struct pbuf *next_pbuf); 00094 PACK_STRUCT_FIELD(u16_t start); 00095 PACK_STRUCT_FIELD(u16_t end); 00096 } PACK_STRUCT_STRUCT; 00097 PACK_STRUCT_END 00098 #ifdef PACK_STRUCT_USE_INCLUDES 00099 # include "arch/epstruct.h" 00100 #endif 00101 00102 /* static variables */ 00103 static struct ip6_reassdata *reassdatagrams; 00104 static u16_t ip6_reass_pbufcount; 00105 00106 /* Forward declarations. */ 00107 static void ip6_reass_free_complete_datagram(struct ip6_reassdata *ipr); 00108 #if IP_REASS_FREE_OLDEST 00109 static void ip6_reass_remove_oldest_datagram(struct ip6_reassdata *ipr, int pbufs_needed); 00110 #endif /* IP_REASS_FREE_OLDEST */ 00111 00112 void 00113 ip6_reass_tmr(void) 00114 { 00115 struct ip6_reassdata *r, *tmp; 00116 00117 #if !IPV6_FRAG_COPYHEADER 00118 LWIP_ASSERT("sizeof(struct ip6_reass_helper) <= IP6_FRAG_HLEN, set IPV6_FRAG_COPYHEADER to 1", 00119 sizeof(struct ip6_reass_helper) <= IP6_FRAG_HLEN); 00120 #endif /* !IPV6_FRAG_COPYHEADER */ 00121 00122 r = reassdatagrams; 00123 while (r != NULL) { 00124 /* Decrement the timer. Once it reaches 0, 00125 * clean up the incomplete fragment assembly */ 00126 if (r->timer > 0) { 00127 r->timer--; 00128 r = r->next; 00129 } else { 00130 /* reassembly timed out */ 00131 tmp = r; 00132 /* get the next pointer before freeing */ 00133 r = r->next; 00134 /* free the helper struct and all enqueued pbufs */ 00135 ip6_reass_free_complete_datagram(tmp); 00136 } 00137 } 00138 } 00139 00140 /** 00141 * Free a datagram (struct ip6_reassdata) and all its pbufs. 00142 * Updates the total count of enqueued pbufs (ip6_reass_pbufcount), 00143 * sends an ICMP time exceeded packet. 00144 * 00145 * @param ipr datagram to free 00146 */ 00147 static void 00148 ip6_reass_free_complete_datagram(struct ip6_reassdata *ipr) 00149 { 00150 struct ip6_reassdata *prev; 00151 u16_t pbufs_freed = 0; 00152 u16_t clen; 00153 struct pbuf *p; 00154 struct ip6_reass_helper *iprh; 00155 00156 #if LWIP_ICMP6 00157 iprh = (struct ip6_reass_helper *)ipr->p->payload; 00158 if (iprh->start == 0) { 00159 /* The first fragment was received, send ICMP time exceeded. */ 00160 /* First, de-queue the first pbuf from r->p. */ 00161 p = ipr->p; 00162 ipr->p = iprh->next_pbuf; 00163 /* Restore the part that we've overwritten with our helper structure, or we 00164 * might send garbage (and disclose a pointer) in the ICMPv6 reply. */ 00165 MEMCPY(p->payload, ipr->orig_hdr, sizeof(iprh)); 00166 /* Then, move back to the original ipv6 header (we are now pointing to Fragment header). 00167 This cannot fail since we already checked when receiving this fragment. */ 00168 if (pbuf_header_force(p, (s16_t)((u8_t*)p->payload - (u8_t*)ipr->iphdr))) { 00169 LWIP_ASSERT("ip6_reass_free: moving p->payload to ip6 header failed\n", 0); 00170 } 00171 else { 00172 /* Reconstruct the zoned source and destination addresses, so that we do 00173 * not end up sending the ICMP response over the wrong link. */ 00174 ip6_addr_t src_addr, dest_addr; 00175 ip6_addr_copy_from_packed(src_addr, IPV6_FRAG_SRC(ipr)); 00176 ip6_addr_set_zone(&src_addr, ipr->src_zone); 00177 ip6_addr_copy_from_packed(dest_addr, IPV6_FRAG_DEST(ipr)); 00178 ip6_addr_set_zone(&dest_addr, ipr->dest_zone); 00179 /* Send the actual ICMP response. */ 00180 icmp6_time_exceeded_with_addrs(p, ICMP6_TE_FRAG, &src_addr, &dest_addr); 00181 } 00182 clen = pbuf_clen(p); 00183 LWIP_ASSERT("pbufs_freed + clen <= 0xffff", pbufs_freed + clen <= 0xffff); 00184 pbufs_freed = (u16_t)(pbufs_freed + clen); 00185 pbuf_free(p); 00186 } 00187 #endif /* LWIP_ICMP6 */ 00188 00189 /* First, free all received pbufs. The individual pbufs need to be released 00190 separately as they have not yet been chained */ 00191 p = ipr->p; 00192 while (p != NULL) { 00193 struct pbuf *pcur; 00194 iprh = (struct ip6_reass_helper *)p->payload; 00195 pcur = p; 00196 /* get the next pointer before freeing */ 00197 p = iprh->next_pbuf; 00198 clen = pbuf_clen(pcur); 00199 LWIP_ASSERT("pbufs_freed + clen <= 0xffff", pbufs_freed + clen <= 0xffff); 00200 pbufs_freed = (u16_t)(pbufs_freed + clen); 00201 pbuf_free(pcur); 00202 } 00203 00204 /* Then, unchain the struct ip6_reassdata from the list and free it. */ 00205 if (ipr == reassdatagrams) { 00206 reassdatagrams = ipr->next; 00207 } else { 00208 prev = reassdatagrams; 00209 while (prev != NULL) { 00210 if (prev->next == ipr) { 00211 break; 00212 } 00213 prev = prev->next; 00214 } 00215 if (prev != NULL) { 00216 prev->next = ipr->next; 00217 } 00218 } 00219 memp_free(MEMP_IP6_REASSDATA, ipr); 00220 00221 /* Finally, update number of pbufs in reassembly queue */ 00222 LWIP_ASSERT("ip_reass_pbufcount >= clen", ip6_reass_pbufcount >= pbufs_freed); 00223 ip6_reass_pbufcount = (u16_t)(ip6_reass_pbufcount - pbufs_freed); 00224 } 00225 00226 #if IP_REASS_FREE_OLDEST 00227 /** 00228 * Free the oldest datagram to make room for enqueueing new fragments. 00229 * The datagram ipr is not freed! 00230 * 00231 * @param ipr ip6_reassdata for the current fragment 00232 * @param pbufs_needed number of pbufs needed to enqueue 00233 * (used for freeing other datagrams if not enough space) 00234 */ 00235 static void 00236 ip6_reass_remove_oldest_datagram(struct ip6_reassdata *ipr, int pbufs_needed) 00237 { 00238 struct ip6_reassdata *r, *oldest; 00239 00240 /* Free datagrams until being allowed to enqueue 'pbufs_needed' pbufs, 00241 * but don't free the current datagram! */ 00242 do { 00243 r = oldest = reassdatagrams; 00244 while (r != NULL) { 00245 if (r != ipr) { 00246 if (r->timer <= oldest->timer) { 00247 /* older than the previous oldest */ 00248 oldest = r; 00249 } 00250 } 00251 r = r->next; 00252 } 00253 if (oldest == ipr) { 00254 /* nothing to free, ipr is the only element on the list */ 00255 return; 00256 } 00257 if (oldest != NULL) { 00258 ip6_reass_free_complete_datagram(oldest); 00259 } 00260 } while (((ip6_reass_pbufcount + pbufs_needed) > IP_REASS_MAX_PBUFS) && (reassdatagrams != NULL)); 00261 } 00262 #endif /* IP_REASS_FREE_OLDEST */ 00263 00264 /** 00265 * Reassembles incoming IPv6 fragments into an IPv6 datagram. 00266 * 00267 * @param p points to the IPv6 Fragment Header 00268 * @return NULL if reassembly is incomplete, pbuf pointing to 00269 * IPv6 Header if reassembly is complete 00270 */ 00271 struct pbuf * 00272 ip6_reass(struct pbuf *p) 00273 { 00274 struct ip6_reassdata *ipr, *ipr_prev; 00275 struct ip6_reass_helper *iprh, *iprh_tmp, *iprh_prev=NULL; 00276 struct ip6_frag_hdr *frag_hdr; 00277 u16_t offset, len, start, end; 00278 ptrdiff_t hdrdiff; 00279 u16_t clen; 00280 u8_t valid = 1; 00281 struct pbuf *q, *next_pbuf; 00282 00283 IP6_FRAG_STATS_INC(ip6_frag.recv); 00284 00285 /* ip6_frag_hdr must be in the first pbuf, not chained. Checked by caller. */ 00286 LWIP_ASSERT("IPv6 fragment header does not fit in first pbuf", 00287 p->len >= sizeof(struct ip6_frag_hdr)); 00288 00289 frag_hdr = (struct ip6_frag_hdr *) p->payload; 00290 00291 clen = pbuf_clen(p); 00292 00293 offset = lwip_ntohs(frag_hdr->_fragment_offset); 00294 00295 /* Calculate fragment length from IPv6 payload length. 00296 * Adjust for headers before Fragment Header. 00297 * And finally adjust by Fragment Header length. */ 00298 len = lwip_ntohs(ip6_current_header()->_plen); 00299 hdrdiff = (u8_t*)p->payload - (const u8_t*)ip6_current_header(); 00300 LWIP_ASSERT("not a valid pbuf (ip6_input check missing?)", hdrdiff <= 0xFFFF); 00301 LWIP_ASSERT("not a valid pbuf (ip6_input check missing?)", hdrdiff >= IP6_HLEN); 00302 hdrdiff -= IP6_HLEN; 00303 hdrdiff += IP6_FRAG_HLEN; 00304 if (hdrdiff > len) { 00305 IP6_FRAG_STATS_INC(ip6_frag.proterr); 00306 goto nullreturn; 00307 } 00308 len = (u16_t)(len - hdrdiff); 00309 start = (offset & IP6_FRAG_OFFSET_MASK); 00310 if (start > (0xFFFF - len)) { 00311 /* u16_t overflow, cannot handle this */ 00312 IP6_FRAG_STATS_INC(ip6_frag.proterr); 00313 goto nullreturn; 00314 } 00315 00316 /* Look for the datagram the fragment belongs to in the current datagram queue, 00317 * remembering the previous in the queue for later dequeueing. */ 00318 for (ipr = reassdatagrams, ipr_prev = NULL; ipr != NULL; ipr = ipr->next) { 00319 /* Check if the incoming fragment matches the one currently present 00320 in the reassembly buffer. If so, we proceed with copying the 00321 fragment into the buffer. */ 00322 if ((frag_hdr->_identification == ipr->identification) && 00323 ip6_addr_cmp_packed(ip6_current_src_addr(), &(IPV6_FRAG_SRC(ipr)), ipr->src_zone) && 00324 ip6_addr_cmp_packed(ip6_current_dest_addr(), &(IPV6_FRAG_DEST(ipr)), ipr->dest_zone)) { 00325 IP6_FRAG_STATS_INC(ip6_frag.cachehit); 00326 break; 00327 } 00328 ipr_prev = ipr; 00329 } 00330 00331 if (ipr == NULL) { 00332 /* Enqueue a new datagram into the datagram queue */ 00333 ipr = (struct ip6_reassdata *)memp_malloc(MEMP_IP6_REASSDATA); 00334 if (ipr == NULL) { 00335 #if IP_REASS_FREE_OLDEST 00336 /* Make room and try again. */ 00337 ip6_reass_remove_oldest_datagram(ipr, clen); 00338 ipr = (struct ip6_reassdata *)memp_malloc(MEMP_IP6_REASSDATA); 00339 if (ipr != NULL) { 00340 /* re-search ipr_prev since it might have been removed */ 00341 for (ipr_prev = reassdatagrams; ipr_prev != NULL; ipr_prev = ipr_prev->next) { 00342 if (ipr_prev->next == ipr) { 00343 break; 00344 } 00345 } 00346 } else 00347 #endif /* IP_REASS_FREE_OLDEST */ 00348 { 00349 IP6_FRAG_STATS_INC(ip6_frag.memerr); 00350 goto nullreturn; 00351 } 00352 } 00353 00354 memset(ipr, 0, sizeof(struct ip6_reassdata)); 00355 ipr->timer = IPV6_REASS_MAXAGE; 00356 00357 /* enqueue the new structure to the front of the list */ 00358 ipr->next = reassdatagrams; 00359 reassdatagrams = ipr; 00360 00361 /* Use the current IPv6 header for src/dest address reference. 00362 * Eventually, we will replace it when we get the first fragment 00363 * (it might be this one, in any case, it is done later). */ 00364 /* need to use the none-const pointer here: */ 00365 ipr->iphdr = ip_data.current_ip6_header; 00366 #if IPV6_FRAG_COPYHEADER 00367 MEMCPY(&ipr->src, &ip6_current_header()->src, sizeof(ipr->src)); 00368 MEMCPY(&ipr->dest, &ip6_current_header()->dest, sizeof(ipr->dest)); 00369 #endif /* IPV6_FRAG_COPYHEADER */ 00370 #if LWIP_IPV6_SCOPES 00371 /* Also store the address zone information. 00372 * @todo It is possible that due to netif destruction and recreation, the 00373 * stored zones end up resolving to a different interface. In that case, we 00374 * risk sending a "time exceeded" ICMP response over the wrong link. 00375 * Ideally, netif destruction would clean up matching pending reassembly 00376 * structures, but custom zone mappings would make that non-trivial. */ 00377 ipr->src_zone = ip6_addr_zone(ip6_current_src_addr()); 00378 ipr->dest_zone = ip6_addr_zone(ip6_current_dest_addr()); 00379 #endif /* LWIP_IPV6_SCOPES */ 00380 /* copy the fragmented packet id. */ 00381 ipr->identification = frag_hdr->_identification; 00382 00383 /* copy the nexth field */ 00384 ipr->nexth = frag_hdr->_nexth; 00385 } 00386 00387 /* Check if we are allowed to enqueue more datagrams. */ 00388 if ((ip6_reass_pbufcount + clen) > IP_REASS_MAX_PBUFS) { 00389 #if IP_REASS_FREE_OLDEST 00390 ip6_reass_remove_oldest_datagram(ipr, clen); 00391 if ((ip6_reass_pbufcount + clen) <= IP_REASS_MAX_PBUFS) { 00392 /* re-search ipr_prev since it might have been removed */ 00393 for (ipr_prev = reassdatagrams; ipr_prev != NULL; ipr_prev = ipr_prev->next) { 00394 if (ipr_prev->next == ipr) { 00395 break; 00396 } 00397 } 00398 } else 00399 #endif /* IP_REASS_FREE_OLDEST */ 00400 { 00401 /* @todo: send ICMPv6 time exceeded here? */ 00402 /* drop this pbuf */ 00403 IP6_FRAG_STATS_INC(ip6_frag.memerr); 00404 goto nullreturn; 00405 } 00406 } 00407 00408 /* Overwrite Fragment Header with our own helper struct. */ 00409 #if IPV6_FRAG_COPYHEADER 00410 if (IPV6_FRAG_REQROOM > 0) { 00411 /* Make room for struct ip6_reass_helper (only required if sizeof(void*) > 4). 00412 This cannot fail since we already checked when receiving this fragment. */ 00413 u8_t hdrerr = pbuf_header_force(p, IPV6_FRAG_REQROOM); 00414 LWIP_UNUSED_ARG(hdrerr); /* in case of LWIP_NOASSERT */ 00415 LWIP_ASSERT("no room for struct ip6_reass_helper", hdrerr == 0); 00416 } 00417 #else /* IPV6_FRAG_COPYHEADER */ 00418 LWIP_ASSERT("sizeof(struct ip6_reass_helper) <= IP6_FRAG_HLEN, set IPV6_FRAG_COPYHEADER to 1", 00419 sizeof(struct ip6_reass_helper) <= IP6_FRAG_HLEN); 00420 #endif /* IPV6_FRAG_COPYHEADER */ 00421 00422 /* Prepare the pointer to the helper structure, and its initial values. 00423 * Do not yet write to the structure itself, as we still have to make a 00424 * backup of the original data, and we should not do that until we know for 00425 * sure that we are going to add this packet to the list. */ 00426 iprh = (struct ip6_reass_helper *)p->payload; 00427 next_pbuf = NULL; 00428 end = (u16_t)(start + len); 00429 00430 /* find the right place to insert this pbuf */ 00431 /* Iterate through until we either get to the end of the list (append), 00432 * or we find on with a larger offset (insert). */ 00433 for (q = ipr->p; q != NULL;) { 00434 iprh_tmp = (struct ip6_reass_helper*)q->payload; 00435 if (start < iprh_tmp->start) { 00436 #if IP_REASS_CHECK_OVERLAP 00437 if (end > iprh_tmp->start) { 00438 /* fragment overlaps with following, throw away */ 00439 IP6_FRAG_STATS_INC(ip6_frag.proterr); 00440 goto nullreturn; 00441 } 00442 if (iprh_prev != NULL) { 00443 if (start < iprh_prev->end) { 00444 /* fragment overlaps with previous, throw away */ 00445 IP6_FRAG_STATS_INC(ip6_frag.proterr); 00446 goto nullreturn; 00447 } 00448 } 00449 #endif /* IP_REASS_CHECK_OVERLAP */ 00450 /* the new pbuf should be inserted before this */ 00451 next_pbuf = q; 00452 if (iprh_prev != NULL) { 00453 /* not the fragment with the lowest offset */ 00454 iprh_prev->next_pbuf = p; 00455 } else { 00456 /* fragment with the lowest offset */ 00457 ipr->p = p; 00458 } 00459 break; 00460 } else if (start == iprh_tmp->start) { 00461 /* received the same datagram twice: no need to keep the datagram */ 00462 goto nullreturn; 00463 #if IP_REASS_CHECK_OVERLAP 00464 } else if (start < iprh_tmp->end) { 00465 /* overlap: no need to keep the new datagram */ 00466 IP6_FRAG_STATS_INC(ip6_frag.proterr); 00467 goto nullreturn; 00468 #endif /* IP_REASS_CHECK_OVERLAP */ 00469 } else { 00470 /* Check if the fragments received so far have no gaps. */ 00471 if (iprh_prev != NULL) { 00472 if (iprh_prev->end != iprh_tmp->start) { 00473 /* There is a fragment missing between the current 00474 * and the previous fragment */ 00475 valid = 0; 00476 } 00477 } 00478 } 00479 q = iprh_tmp->next_pbuf; 00480 iprh_prev = iprh_tmp; 00481 } 00482 00483 /* If q is NULL, then we made it to the end of the list. Determine what to do now */ 00484 if (q == NULL) { 00485 if (iprh_prev != NULL) { 00486 /* this is (for now), the fragment with the highest offset: 00487 * chain it to the last fragment */ 00488 #if IP_REASS_CHECK_OVERLAP 00489 LWIP_ASSERT("check fragments don't overlap", iprh_prev->end <= start); 00490 #endif /* IP_REASS_CHECK_OVERLAP */ 00491 iprh_prev->next_pbuf = p; 00492 if (iprh_prev->end != start) { 00493 valid = 0; 00494 } 00495 } else { 00496 #if IP_REASS_CHECK_OVERLAP 00497 LWIP_ASSERT("no previous fragment, this must be the first fragment!", 00498 ipr->p == NULL); 00499 #endif /* IP_REASS_CHECK_OVERLAP */ 00500 /* this is the first fragment we ever received for this ip datagram */ 00501 ipr->p = p; 00502 } 00503 } 00504 00505 /* Track the current number of pbufs current 'in-flight', in order to limit 00506 the number of fragments that may be enqueued at any one time */ 00507 ip6_reass_pbufcount = (u16_t)(ip6_reass_pbufcount + clen); 00508 00509 /* Remember IPv6 header if this is the first fragment. */ 00510 if (start == 0) { 00511 /* need to use the none-const pointer here: */ 00512 ipr->iphdr = ip_data.current_ip6_header; 00513 /* Make a backup of the part of the packet data that we are about to 00514 * overwrite, so that we can restore the original later. */ 00515 MEMCPY(ipr->orig_hdr, p->payload, sizeof(*iprh)); 00516 /* For IPV6_FRAG_COPYHEADER there is no need to copy src/dst again, as they 00517 * will be the same as they were. With LWIP_IPV6_SCOPES, the same applies 00518 * to the source/destination zones. */ 00519 } 00520 /* Only after the backup do we get to fill in the actual helper structure. */ 00521 iprh->next_pbuf = next_pbuf; 00522 iprh->start = start; 00523 iprh->end = end; 00524 00525 /* If this is the last fragment, calculate total packet length. */ 00526 if ((offset & IP6_FRAG_MORE_FLAG) == 0) { 00527 ipr->datagram_len = iprh->end; 00528 } 00529 00530 /* Additional validity tests: we have received first and last fragment. */ 00531 iprh_tmp = (struct ip6_reass_helper*)ipr->p->payload; 00532 if (iprh_tmp->start != 0) { 00533 valid = 0; 00534 } 00535 if (ipr->datagram_len == 0) { 00536 valid = 0; 00537 } 00538 00539 /* Final validity test: no gaps between current and last fragment. */ 00540 iprh_prev = iprh; 00541 q = iprh->next_pbuf; 00542 while ((q != NULL) && valid) { 00543 iprh = (struct ip6_reass_helper*)q->payload; 00544 if (iprh_prev->end != iprh->start) { 00545 valid = 0; 00546 break; 00547 } 00548 iprh_prev = iprh; 00549 q = iprh->next_pbuf; 00550 } 00551 00552 if (valid) { 00553 /* All fragments have been received */ 00554 struct ip6_hdr* iphdr_ptr; 00555 00556 /* chain together the pbufs contained within the ip6_reassdata list. */ 00557 iprh = (struct ip6_reass_helper*) ipr->p->payload; 00558 while (iprh != NULL) { 00559 next_pbuf = iprh->next_pbuf; 00560 if (next_pbuf != NULL) { 00561 /* Save next helper struct (will be hidden in next step). */ 00562 iprh_tmp = (struct ip6_reass_helper*)next_pbuf->payload; 00563 00564 /* hide the fragment header for every succeeding fragment */ 00565 pbuf_remove_header(next_pbuf, IP6_FRAG_HLEN); 00566 #if IPV6_FRAG_COPYHEADER 00567 if (IPV6_FRAG_REQROOM > 0) { 00568 /* hide the extra bytes borrowed from ip6_hdr for struct ip6_reass_helper */ 00569 u8_t hdrerr = pbuf_remove_header(next_pbuf, IPV6_FRAG_REQROOM); 00570 LWIP_UNUSED_ARG(hdrerr); /* in case of LWIP_NOASSERT */ 00571 LWIP_ASSERT("no room for struct ip6_reass_helper", hdrerr == 0); 00572 } 00573 #endif 00574 pbuf_cat(ipr->p, next_pbuf); 00575 } 00576 else { 00577 iprh_tmp = NULL; 00578 } 00579 00580 iprh = iprh_tmp; 00581 } 00582 00583 /* Get the first pbuf. */ 00584 p = ipr->p; 00585 00586 #if IPV6_FRAG_COPYHEADER 00587 if (IPV6_FRAG_REQROOM > 0) { 00588 u8_t hdrerr; 00589 /* Restore (only) the bytes that we overwrote beyond the fragment header. 00590 * Those bytes may belong to either the IPv6 header or an extension 00591 * header placed before the fragment header. */ 00592 MEMCPY(p->payload, ipr->orig_hdr, IPV6_FRAG_REQROOM); 00593 /* get back room for struct ip6_reass_helper (only required if sizeof(void*) > 4) */ 00594 hdrerr = pbuf_remove_header(p, IPV6_FRAG_REQROOM); 00595 LWIP_UNUSED_ARG(hdrerr); /* in case of LWIP_NOASSERT */ 00596 LWIP_ASSERT("no room for struct ip6_reass_helper", hdrerr == 0); 00597 } 00598 #endif 00599 00600 /* We need to get rid of the fragment header itself, which is somewhere in 00601 * the middle of the packet (but still in the first pbuf of the chain). 00602 * Getting rid of the header is required by RFC 2460 Sec. 4.5 and necessary 00603 * in order to be able to reassemble packets that are close to full size 00604 * (i.e., around 65535 bytes). We simply move up all the headers before the 00605 * fragment header, including the IPv6 header, and adjust the payload start 00606 * accordingly. This works because all these headers are in the first pbuf 00607 * of the chain, and because the caller adjusts all its pointers on 00608 * successful reassembly. */ 00609 MEMMOVE((u8_t*)ipr->iphdr + sizeof(struct ip6_frag_hdr), ipr->iphdr, 00610 (size_t)((u8_t*)p->payload - (u8_t*)ipr->iphdr)); 00611 00612 /* This is where the IPv6 header is now. */ 00613 iphdr_ptr = (struct ip6_hdr*)((u8_t*)ipr->iphdr + 00614 sizeof(struct ip6_frag_hdr)); 00615 00616 /* Adjust datagram length by adding header lengths. */ 00617 ipr->datagram_len = (u16_t)(ipr->datagram_len + ((u8_t*)p->payload - (u8_t*)iphdr_ptr) 00618 - IP6_HLEN); 00619 00620 /* Set payload length in ip header. */ 00621 iphdr_ptr->_plen = lwip_htons(ipr->datagram_len); 00622 00623 /* With the fragment header gone, we now need to adjust the next-header 00624 * field of whatever header was originally before it. Since the packet made 00625 * it through the original header processing routines at least up to the 00626 * fragment header, we do not need any further sanity checks here. */ 00627 if (IP6H_NEXTH(iphdr_ptr) == IP6_NEXTH_FRAGMENT) { 00628 iphdr_ptr->_nexth = ipr->nexth; 00629 } else { 00630 u8_t *ptr = (u8_t *)iphdr_ptr + IP6_HLEN; 00631 while (*ptr != IP6_NEXTH_FRAGMENT) { 00632 ptr += 8 * (1 + ptr[1]); 00633 } 00634 *ptr = ipr->nexth; 00635 } 00636 00637 /* release the resources allocated for the fragment queue entry */ 00638 if (reassdatagrams == ipr) { 00639 /* it was the first in the list */ 00640 reassdatagrams = ipr->next; 00641 } else { 00642 /* it wasn't the first, so it must have a valid 'prev' */ 00643 LWIP_ASSERT("sanity check linked list", ipr_prev != NULL); 00644 ipr_prev->next = ipr->next; 00645 } 00646 memp_free(MEMP_IP6_REASSDATA, ipr); 00647 00648 /* adjust the number of pbufs currently queued for reassembly. */ 00649 clen = pbuf_clen(p); 00650 LWIP_ASSERT("ip6_reass_pbufcount >= clen", ip6_reass_pbufcount >= clen); 00651 ip6_reass_pbufcount = (u16_t)(ip6_reass_pbufcount - clen); 00652 00653 /* Move pbuf back to IPv6 header. This should never fail. */ 00654 if (pbuf_header_force(p, (s16_t)((u8_t*)p->payload - (u8_t*)iphdr_ptr))) { 00655 LWIP_ASSERT("ip6_reass: moving p->payload to ip6 header failed\n", 0); 00656 pbuf_free(p); 00657 return NULL; 00658 } 00659 00660 /* Return the pbuf chain */ 00661 return p; 00662 } 00663 /* the datagram is not (yet?) reassembled completely */ 00664 return NULL; 00665 00666 nullreturn: 00667 IP6_FRAG_STATS_INC(ip6_frag.drop); 00668 pbuf_free(p); 00669 return NULL; 00670 } 00671 00672 #endif /* LWIP_IPV6 && LWIP_IPV6_REASS */ 00673 00674 #if LWIP_IPV6 && LWIP_IPV6_FRAG 00675 00676 #if !LWIP_NETIF_TX_SINGLE_PBUF 00677 /** Allocate a new struct pbuf_custom_ref */ 00678 static struct pbuf_custom_ref* 00679 ip6_frag_alloc_pbuf_custom_ref(void) 00680 { 00681 return (struct pbuf_custom_ref*)memp_malloc(MEMP_FRAG_PBUF); 00682 } 00683 00684 /** Free a struct pbuf_custom_ref */ 00685 static void 00686 ip6_frag_free_pbuf_custom_ref(struct pbuf_custom_ref* p) 00687 { 00688 LWIP_ASSERT("p != NULL", p != NULL); 00689 memp_free(MEMP_FRAG_PBUF, p); 00690 } 00691 00692 /** Free-callback function to free a 'struct pbuf_custom_ref', called by 00693 * pbuf_free. */ 00694 static void 00695 ip6_frag_free_pbuf_custom(struct pbuf *p) 00696 { 00697 struct pbuf_custom_ref *pcr = (struct pbuf_custom_ref*)p; 00698 LWIP_ASSERT("pcr != NULL", pcr != NULL); 00699 LWIP_ASSERT("pcr == p", (void*)pcr == (void*)p); 00700 if (pcr->original != NULL) { 00701 pbuf_free(pcr->original); 00702 } 00703 ip6_frag_free_pbuf_custom_ref(pcr); 00704 } 00705 #endif /* !LWIP_NETIF_TX_SINGLE_PBUF */ 00706 00707 /** 00708 * Fragment an IPv6 datagram if too large for the netif or path MTU. 00709 * 00710 * Chop the datagram in MTU sized chunks and send them in order 00711 * by pointing PBUF_REFs into p 00712 * 00713 * @param p ipv6 packet to send 00714 * @param netif the netif on which to send 00715 * @param dest destination ipv6 address to which to send 00716 * 00717 * @return ERR_OK if sent successfully, err_t otherwise 00718 */ 00719 err_t 00720 ip6_frag(struct pbuf *p, struct netif *netif, const ip6_addr_t *dest) 00721 { 00722 struct ip6_hdr *original_ip6hdr; 00723 struct ip6_hdr *ip6hdr; 00724 struct ip6_frag_hdr *frag_hdr; 00725 struct pbuf *rambuf; 00726 #if !LWIP_NETIF_TX_SINGLE_PBUF 00727 struct pbuf *newpbuf; 00728 u16_t newpbuflen = 0; 00729 u16_t left_to_copy; 00730 #endif 00731 static u32_t identification; 00732 u16_t left, cop; 00733 const u16_t mtu = nd6_get_destination_mtu(dest, netif); 00734 const u16_t nfb = (u16_t)((mtu - (IP6_HLEN + IP6_FRAG_HLEN)) & IP6_FRAG_OFFSET_MASK); 00735 u16_t fragment_offset = 0; 00736 u16_t last; 00737 u16_t poff = IP6_HLEN; 00738 00739 identification++; 00740 00741 original_ip6hdr = (struct ip6_hdr *)p->payload; 00742 00743 /* @todo we assume there are no options in the unfragmentable part (IPv6 header). */ 00744 LWIP_ASSERT("p->tot_len >= IP6_HLEN", p->tot_len >= IP6_HLEN); 00745 left = (u16_t)(p->tot_len - IP6_HLEN); 00746 00747 while (left) { 00748 last = (left <= nfb); 00749 00750 /* Fill this fragment */ 00751 cop = last ? left : nfb; 00752 00753 #if LWIP_NETIF_TX_SINGLE_PBUF 00754 rambuf = pbuf_alloc(PBUF_IP, cop + IP6_FRAG_HLEN, PBUF_RAM); 00755 if (rambuf == NULL) { 00756 IP6_FRAG_STATS_INC(ip6_frag.memerr); 00757 return ERR_MEM; 00758 } 00759 LWIP_ASSERT("this needs a pbuf in one piece!", 00760 (rambuf->len == rambuf->tot_len) && (rambuf->next == NULL)); 00761 poff += pbuf_copy_partial(p, (u8_t*)rambuf->payload + IP6_FRAG_HLEN, cop, poff); 00762 /* make room for the IP header */ 00763 if (pbuf_add_header(rambuf, IP6_HLEN)) { 00764 pbuf_free(rambuf); 00765 IP6_FRAG_STATS_INC(ip6_frag.memerr); 00766 return ERR_MEM; 00767 } 00768 /* fill in the IP header */ 00769 SMEMCPY(rambuf->payload, original_ip6hdr, IP6_HLEN); 00770 ip6hdr = (struct ip6_hdr *)rambuf->payload; 00771 frag_hdr = (struct ip6_frag_hdr *)((u8_t*)rambuf->payload + IP6_HLEN); 00772 #else 00773 /* When not using a static buffer, create a chain of pbufs. 00774 * The first will be a PBUF_RAM holding the link, IPv6, and Fragment header. 00775 * The rest will be PBUF_REFs mirroring the pbuf chain to be fragged, 00776 * but limited to the size of an mtu. 00777 */ 00778 rambuf = pbuf_alloc(PBUF_LINK, IP6_HLEN + IP6_FRAG_HLEN, PBUF_RAM); 00779 if (rambuf == NULL) { 00780 IP6_FRAG_STATS_INC(ip6_frag.memerr); 00781 return ERR_MEM; 00782 } 00783 LWIP_ASSERT("this needs a pbuf in one piece!", 00784 (p->len >= (IP6_HLEN))); 00785 SMEMCPY(rambuf->payload, original_ip6hdr, IP6_HLEN); 00786 ip6hdr = (struct ip6_hdr *)rambuf->payload; 00787 frag_hdr = (struct ip6_frag_hdr *)((u8_t*)rambuf->payload + IP6_HLEN); 00788 00789 /* Can just adjust p directly for needed offset. */ 00790 p->payload = (u8_t *)p->payload + poff; 00791 p->len = (u16_t)(p->len - poff); 00792 p->tot_len = (u16_t)(p->tot_len - poff); 00793 00794 left_to_copy = cop; 00795 while (left_to_copy) { 00796 struct pbuf_custom_ref *pcr; 00797 newpbuflen = (left_to_copy < p->len) ? left_to_copy : p->len; 00798 /* Is this pbuf already empty? */ 00799 if (!newpbuflen) { 00800 p = p->next; 00801 continue; 00802 } 00803 pcr = ip6_frag_alloc_pbuf_custom_ref(); 00804 if (pcr == NULL) { 00805 pbuf_free(rambuf); 00806 IP6_FRAG_STATS_INC(ip6_frag.memerr); 00807 return ERR_MEM; 00808 } 00809 /* Mirror this pbuf, although we might not need all of it. */ 00810 newpbuf = pbuf_alloced_custom(PBUF_RAW, newpbuflen, PBUF_REF, &pcr->pc, p->payload, newpbuflen); 00811 if (newpbuf == NULL) { 00812 ip6_frag_free_pbuf_custom_ref(pcr); 00813 pbuf_free(rambuf); 00814 IP6_FRAG_STATS_INC(ip6_frag.memerr); 00815 return ERR_MEM; 00816 } 00817 pbuf_ref(p); 00818 pcr->original = p; 00819 pcr->pc.custom_free_function = ip6_frag_free_pbuf_custom; 00820 00821 /* Add it to end of rambuf's chain, but using pbuf_cat, not pbuf_chain 00822 * so that it is removed when pbuf_dechain is later called on rambuf. 00823 */ 00824 pbuf_cat(rambuf, newpbuf); 00825 left_to_copy = (u16_t)(left_to_copy - newpbuflen); 00826 if (left_to_copy) { 00827 p = p->next; 00828 } 00829 } 00830 poff = newpbuflen; 00831 #endif /* LWIP_NETIF_TX_SINGLE_PBUF */ 00832 00833 /* Set headers */ 00834 frag_hdr->_nexth = original_ip6hdr->_nexth; 00835 frag_hdr->reserved = 0; 00836 frag_hdr->_fragment_offset = lwip_htons((u16_t)((fragment_offset & IP6_FRAG_OFFSET_MASK) | (last ? 0 : IP6_FRAG_MORE_FLAG))); 00837 frag_hdr->_identification = lwip_htonl(identification); 00838 00839 IP6H_NEXTH_SET(ip6hdr, IP6_NEXTH_FRAGMENT); 00840 IP6H_PLEN_SET(ip6hdr, (u16_t)(cop + IP6_FRAG_HLEN)); 00841 00842 /* No need for separate header pbuf - we allowed room for it in rambuf 00843 * when allocated. 00844 */ 00845 IP6_FRAG_STATS_INC(ip6_frag.xmit); 00846 netif->output_ip6(netif, rambuf, dest); 00847 00848 /* Unfortunately we can't reuse rambuf - the hardware may still be 00849 * using the buffer. Instead we free it (and the ensuing chain) and 00850 * recreate it next time round the loop. If we're lucky the hardware 00851 * will have already sent the packet, the free will really free, and 00852 * there will be zero memory penalty. 00853 */ 00854 00855 pbuf_free(rambuf); 00856 left = (u16_t)(left - cop); 00857 fragment_offset = (u16_t)(fragment_offset + cop); 00858 } 00859 return ERR_OK; 00860 } 00861 00862 #endif /* LWIP_IPV6 && LWIP_IPV6_FRAG */
Generated on Tue Jul 12 2022 13:54:28 by
