Kenji Arai / mbed-os_TYBLE16

Dependents:   TYBLE16_simple_data_logger TYBLE16_MP3_Air

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers lwip_ip6_frag.c Source File

lwip_ip6_frag.c

Go to the documentation of this file.
00001 /**
00002  * @file
00003  *
00004  * IPv6 fragmentation and reassembly.
00005  */
00006 
00007 /*
00008  * Copyright (c) 2010 Inico Technologies Ltd.
00009  * All rights reserved.
00010  *
00011  * Redistribution and use in source and binary forms, with or without modification,
00012  * are permitted provided that the following conditions are met:
00013  *
00014  * 1. Redistributions of source code must retain the above copyright notice,
00015  *    this list of conditions and the following disclaimer.
00016  * 2. Redistributions in binary form must reproduce the above copyright notice,
00017  *    this list of conditions and the following disclaimer in the documentation
00018  *    and/or other materials provided with the distribution.
00019  * 3. The name of the author may not be used to endorse or promote products
00020  *    derived from this software without specific prior written permission.
00021  *
00022  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
00023  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
00024  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
00025  * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
00026  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
00027  * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
00028  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
00029  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
00030  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
00031  * OF SUCH DAMAGE.
00032  *
00033  * This file is part of the lwIP TCP/IP stack.
00034  *
00035  * Author: Ivan Delamer <delamer@inicotech.com>
00036  *
00037  *
00038  * Please coordinate changes and requests with Ivan Delamer
00039  * <delamer@inicotech.com>
00040  */
00041 
00042 #include "lwip/opt.h"
00043 #include "lwip/ip6_frag.h"
00044 #include "lwip/ip6.h"
00045 #include "lwip/icmp6.h"
00046 #include "lwip/nd6.h"
00047 #include "lwip/ip.h"
00048 
00049 #include "lwip/pbuf.h"
00050 #include "lwip/memp.h"
00051 #include "lwip/stats.h"
00052 
00053 #include <string.h>
00054 
00055 #if LWIP_IPV6 && LWIP_IPV6_REASS  /* don't build if not configured for use in lwipopts.h */
00056 
00057 
00058 /** Setting this to 0, you can turn off checking the fragments for overlapping
00059  * regions. The code gets a little smaller. Only use this if you know that
00060  * overlapping won't occur on your network! */
00061 #ifndef IP_REASS_CHECK_OVERLAP
00062 #define IP_REASS_CHECK_OVERLAP 1
00063 #endif /* IP_REASS_CHECK_OVERLAP */
00064 
00065 /** Set to 0 to prevent freeing the oldest datagram when the reassembly buffer is
00066  * full (IP_REASS_MAX_PBUFS pbufs are enqueued). The code gets a little smaller.
00067  * Datagrams will be freed by timeout only. Especially useful when MEMP_NUM_REASSDATA
00068  * is set to 1, so one datagram can be reassembled at a time, only. */
00069 #ifndef IP_REASS_FREE_OLDEST
00070 #define IP_REASS_FREE_OLDEST 1
00071 #endif /* IP_REASS_FREE_OLDEST */
00072 
00073 #if IPV6_FRAG_COPYHEADER
00074 /* The number of bytes we need to "borrow" from (i.e., overwrite in) the header
00075  * that precedes the fragment header for reassembly pruposes. */
00076 #define IPV6_FRAG_REQROOM ((s16_t)(sizeof(struct ip6_reass_helper) - IP6_FRAG_HLEN))
00077 #endif
00078 
00079 #define IP_REASS_FLAG_LASTFRAG 0x01
00080 
00081 /** This is a helper struct which holds the starting
00082  * offset and the ending offset of this fragment to
00083  * easily chain the fragments.
00084  * It has the same packing requirements as the IPv6 header, since it replaces
00085  * the Fragment Header in memory in incoming fragments to keep
00086  * track of the various fragments.
00087  */
00088 #ifdef PACK_STRUCT_USE_INCLUDES
00089 #  include "arch/bpstruct.h"
00090 #endif
00091 PACK_STRUCT_BEGIN
00092 struct ip6_reass_helper {
00093   PACK_STRUCT_FIELD(struct pbuf *next_pbuf);
00094   PACK_STRUCT_FIELD(u16_t start);
00095   PACK_STRUCT_FIELD(u16_t end);
00096 } PACK_STRUCT_STRUCT;
00097 PACK_STRUCT_END
00098 #ifdef PACK_STRUCT_USE_INCLUDES
00099 #  include "arch/epstruct.h"
00100 #endif
00101 
00102 /* static variables */
00103 static struct ip6_reassdata *reassdatagrams;
00104 static u16_t ip6_reass_pbufcount;
00105 
00106 /* Forward declarations. */
00107 static void ip6_reass_free_complete_datagram(struct ip6_reassdata *ipr);
00108 #if IP_REASS_FREE_OLDEST
00109 static void ip6_reass_remove_oldest_datagram(struct ip6_reassdata *ipr, int pbufs_needed);
00110 #endif /* IP_REASS_FREE_OLDEST */
00111 
00112 void
00113 ip6_reass_tmr(void)
00114 {
00115   struct ip6_reassdata *r, *tmp;
00116 
00117 #if !IPV6_FRAG_COPYHEADER
00118   LWIP_ASSERT("sizeof(struct ip6_reass_helper) <= IP6_FRAG_HLEN, set IPV6_FRAG_COPYHEADER to 1",
00119     sizeof(struct ip6_reass_helper) <= IP6_FRAG_HLEN);
00120 #endif /* !IPV6_FRAG_COPYHEADER */
00121 
00122   r = reassdatagrams;
00123   while (r != NULL) {
00124     /* Decrement the timer. Once it reaches 0,
00125      * clean up the incomplete fragment assembly */
00126     if (r->timer > 0) {
00127       r->timer--;
00128       r = r->next;
00129     } else {
00130       /* reassembly timed out */
00131       tmp = r;
00132       /* get the next pointer before freeing */
00133       r = r->next;
00134       /* free the helper struct and all enqueued pbufs */
00135       ip6_reass_free_complete_datagram(tmp);
00136      }
00137    }
00138 }
00139 
00140 /**
00141  * Free a datagram (struct ip6_reassdata) and all its pbufs.
00142  * Updates the total count of enqueued pbufs (ip6_reass_pbufcount),
00143  * sends an ICMP time exceeded packet.
00144  *
00145  * @param ipr datagram to free
00146  */
00147 static void
00148 ip6_reass_free_complete_datagram(struct ip6_reassdata *ipr)
00149 {
00150   struct ip6_reassdata *prev;
00151   u16_t pbufs_freed = 0;
00152   u16_t clen;
00153   struct pbuf *p;
00154   struct ip6_reass_helper *iprh;
00155 
00156 #if LWIP_ICMP6
00157   iprh = (struct ip6_reass_helper *)ipr->p->payload;
00158   if (iprh->start == 0) {
00159     /* The first fragment was received, send ICMP time exceeded. */
00160     /* First, de-queue the first pbuf from r->p. */
00161     p = ipr->p;
00162     ipr->p = iprh->next_pbuf;
00163     /* Restore the part that we've overwritten with our helper structure, or we
00164      * might send garbage (and disclose a pointer) in the ICMPv6 reply. */
00165     MEMCPY(p->payload, ipr->orig_hdr, sizeof(iprh));
00166     /* Then, move back to the original ipv6 header (we are now pointing to Fragment header).
00167        This cannot fail since we already checked when receiving this fragment. */
00168     if (pbuf_header_force(p, (s16_t)((u8_t*)p->payload - (u8_t*)ipr->iphdr))) {
00169       LWIP_ASSERT("ip6_reass_free: moving p->payload to ip6 header failed\n", 0);
00170     }
00171     else {
00172       /* Reconstruct the zoned source and destination addresses, so that we do
00173        * not end up sending the ICMP response over the wrong link. */
00174       ip6_addr_t src_addr, dest_addr;
00175       ip6_addr_copy_from_packed(src_addr, IPV6_FRAG_SRC(ipr));
00176       ip6_addr_set_zone(&src_addr, ipr->src_zone);
00177       ip6_addr_copy_from_packed(dest_addr, IPV6_FRAG_DEST(ipr));
00178       ip6_addr_set_zone(&dest_addr, ipr->dest_zone);
00179       /* Send the actual ICMP response. */
00180       icmp6_time_exceeded_with_addrs(p, ICMP6_TE_FRAG, &src_addr, &dest_addr);
00181     }
00182     clen = pbuf_clen(p);
00183     LWIP_ASSERT("pbufs_freed + clen <= 0xffff", pbufs_freed + clen <= 0xffff);
00184     pbufs_freed = (u16_t)(pbufs_freed + clen);
00185     pbuf_free(p);
00186   }
00187 #endif /* LWIP_ICMP6 */
00188 
00189   /* First, free all received pbufs.  The individual pbufs need to be released
00190      separately as they have not yet been chained */
00191   p = ipr->p;
00192   while (p != NULL) {
00193     struct pbuf *pcur;
00194     iprh = (struct ip6_reass_helper *)p->payload;
00195     pcur = p;
00196     /* get the next pointer before freeing */
00197     p = iprh->next_pbuf;
00198     clen = pbuf_clen(pcur);
00199     LWIP_ASSERT("pbufs_freed + clen <= 0xffff", pbufs_freed + clen <= 0xffff);
00200     pbufs_freed = (u16_t)(pbufs_freed + clen);
00201     pbuf_free(pcur);
00202   }
00203 
00204   /* Then, unchain the struct ip6_reassdata from the list and free it. */
00205   if (ipr == reassdatagrams) {
00206     reassdatagrams = ipr->next;
00207   } else {
00208     prev = reassdatagrams;
00209     while (prev != NULL) {
00210       if (prev->next == ipr) {
00211         break;
00212       }
00213       prev = prev->next;
00214     }
00215     if (prev != NULL) {
00216       prev->next = ipr->next;
00217     }
00218   }
00219   memp_free(MEMP_IP6_REASSDATA, ipr);
00220 
00221   /* Finally, update number of pbufs in reassembly queue */
00222   LWIP_ASSERT("ip_reass_pbufcount >= clen", ip6_reass_pbufcount >= pbufs_freed);
00223   ip6_reass_pbufcount = (u16_t)(ip6_reass_pbufcount - pbufs_freed);
00224 }
00225 
00226 #if IP_REASS_FREE_OLDEST
00227 /**
00228  * Free the oldest datagram to make room for enqueueing new fragments.
00229  * The datagram ipr is not freed!
00230  *
00231  * @param ipr ip6_reassdata for the current fragment
00232  * @param pbufs_needed number of pbufs needed to enqueue
00233  *        (used for freeing other datagrams if not enough space)
00234  */
00235 static void
00236 ip6_reass_remove_oldest_datagram(struct ip6_reassdata *ipr, int pbufs_needed)
00237 {
00238   struct ip6_reassdata *r, *oldest;
00239 
00240   /* Free datagrams until being allowed to enqueue 'pbufs_needed' pbufs,
00241    * but don't free the current datagram! */
00242   do {
00243     r = oldest = reassdatagrams;
00244     while (r != NULL) {
00245       if (r != ipr) {
00246         if (r->timer <= oldest->timer) {
00247           /* older than the previous oldest */
00248           oldest = r;
00249         }
00250       }
00251       r = r->next;
00252     }
00253     if (oldest == ipr) {
00254       /* nothing to free, ipr is the only element on the list */
00255       return;
00256     }
00257     if (oldest != NULL) {
00258       ip6_reass_free_complete_datagram(oldest);
00259     }
00260   } while (((ip6_reass_pbufcount + pbufs_needed) > IP_REASS_MAX_PBUFS) && (reassdatagrams != NULL));
00261 }
00262 #endif /* IP_REASS_FREE_OLDEST */
00263 
00264 /**
00265  * Reassembles incoming IPv6 fragments into an IPv6 datagram.
00266  *
00267  * @param p points to the IPv6 Fragment Header
00268  * @return NULL if reassembly is incomplete, pbuf pointing to
00269  *         IPv6 Header if reassembly is complete
00270  */
00271 struct pbuf *
00272 ip6_reass(struct pbuf *p)
00273 {
00274   struct ip6_reassdata *ipr, *ipr_prev;
00275   struct ip6_reass_helper *iprh, *iprh_tmp, *iprh_prev=NULL;
00276   struct ip6_frag_hdr *frag_hdr;
00277   u16_t offset, len, start, end;
00278   ptrdiff_t hdrdiff;
00279   u16_t clen;
00280   u8_t valid = 1;
00281   struct pbuf *q, *next_pbuf;
00282 
00283   IP6_FRAG_STATS_INC(ip6_frag.recv);
00284 
00285   /* ip6_frag_hdr must be in the first pbuf, not chained. Checked by caller. */
00286   LWIP_ASSERT("IPv6 fragment header does not fit in first pbuf",
00287     p->len >= sizeof(struct ip6_frag_hdr));
00288 
00289   frag_hdr = (struct ip6_frag_hdr *) p->payload;
00290 
00291   clen = pbuf_clen(p);
00292 
00293   offset = lwip_ntohs(frag_hdr->_fragment_offset);
00294 
00295   /* Calculate fragment length from IPv6 payload length.
00296    * Adjust for headers before Fragment Header.
00297    * And finally adjust by Fragment Header length. */
00298   len = lwip_ntohs(ip6_current_header()->_plen);
00299   hdrdiff = (u8_t*)p->payload - (const u8_t*)ip6_current_header();
00300   LWIP_ASSERT("not a valid pbuf (ip6_input check missing?)", hdrdiff <= 0xFFFF);
00301   LWIP_ASSERT("not a valid pbuf (ip6_input check missing?)", hdrdiff >= IP6_HLEN);
00302   hdrdiff -= IP6_HLEN;
00303   hdrdiff += IP6_FRAG_HLEN;
00304   if (hdrdiff > len) {
00305     IP6_FRAG_STATS_INC(ip6_frag.proterr);
00306     goto nullreturn;
00307   }
00308   len = (u16_t)(len - hdrdiff);
00309   start = (offset & IP6_FRAG_OFFSET_MASK);
00310   if (start > (0xFFFF - len)) {
00311     /* u16_t overflow, cannot handle this */
00312     IP6_FRAG_STATS_INC(ip6_frag.proterr);
00313     goto nullreturn;
00314   }
00315 
00316   /* Look for the datagram the fragment belongs to in the current datagram queue,
00317    * remembering the previous in the queue for later dequeueing. */
00318   for (ipr = reassdatagrams, ipr_prev = NULL; ipr != NULL; ipr = ipr->next) {
00319     /* Check if the incoming fragment matches the one currently present
00320        in the reassembly buffer. If so, we proceed with copying the
00321        fragment into the buffer. */
00322     if ((frag_hdr->_identification == ipr->identification) &&
00323         ip6_addr_cmp_packed(ip6_current_src_addr(), &(IPV6_FRAG_SRC(ipr)), ipr->src_zone) &&
00324         ip6_addr_cmp_packed(ip6_current_dest_addr(), &(IPV6_FRAG_DEST(ipr)), ipr->dest_zone)) {
00325       IP6_FRAG_STATS_INC(ip6_frag.cachehit);
00326       break;
00327     }
00328     ipr_prev = ipr;
00329   }
00330 
00331   if (ipr == NULL) {
00332   /* Enqueue a new datagram into the datagram queue */
00333     ipr = (struct ip6_reassdata *)memp_malloc(MEMP_IP6_REASSDATA);
00334     if (ipr == NULL) {
00335 #if IP_REASS_FREE_OLDEST
00336       /* Make room and try again. */
00337       ip6_reass_remove_oldest_datagram(ipr, clen);
00338       ipr = (struct ip6_reassdata *)memp_malloc(MEMP_IP6_REASSDATA);
00339       if (ipr != NULL) {
00340         /* re-search ipr_prev since it might have been removed */
00341         for (ipr_prev = reassdatagrams; ipr_prev != NULL; ipr_prev = ipr_prev->next) {
00342           if (ipr_prev->next == ipr) {
00343             break;
00344           }
00345         }
00346       } else
00347 #endif /* IP_REASS_FREE_OLDEST */
00348       {
00349         IP6_FRAG_STATS_INC(ip6_frag.memerr);
00350         goto nullreturn;
00351       }
00352     }
00353 
00354     memset(ipr, 0, sizeof(struct ip6_reassdata));
00355     ipr->timer = IPV6_REASS_MAXAGE;
00356 
00357     /* enqueue the new structure to the front of the list */
00358     ipr->next = reassdatagrams;
00359     reassdatagrams = ipr;
00360 
00361     /* Use the current IPv6 header for src/dest address reference.
00362      * Eventually, we will replace it when we get the first fragment
00363      * (it might be this one, in any case, it is done later). */
00364     /* need to use the none-const pointer here: */
00365     ipr->iphdr = ip_data.current_ip6_header;
00366 #if IPV6_FRAG_COPYHEADER
00367     MEMCPY(&ipr->src, &ip6_current_header()->src, sizeof(ipr->src));
00368     MEMCPY(&ipr->dest, &ip6_current_header()->dest, sizeof(ipr->dest));
00369 #endif /* IPV6_FRAG_COPYHEADER */
00370 #if LWIP_IPV6_SCOPES
00371     /* Also store the address zone information.
00372      * @todo It is possible that due to netif destruction and recreation, the
00373      * stored zones end up resolving to a different interface. In that case, we
00374      * risk sending a "time exceeded" ICMP response over the wrong link.
00375      * Ideally, netif destruction would clean up matching pending reassembly
00376      * structures, but custom zone mappings would make that non-trivial. */
00377     ipr->src_zone = ip6_addr_zone(ip6_current_src_addr());
00378     ipr->dest_zone = ip6_addr_zone(ip6_current_dest_addr());
00379 #endif /* LWIP_IPV6_SCOPES */
00380     /* copy the fragmented packet id. */
00381     ipr->identification = frag_hdr->_identification;
00382 
00383     /* copy the nexth field */
00384     ipr->nexth = frag_hdr->_nexth;
00385   }
00386 
00387   /* Check if we are allowed to enqueue more datagrams. */
00388   if ((ip6_reass_pbufcount + clen) > IP_REASS_MAX_PBUFS) {
00389 #if IP_REASS_FREE_OLDEST
00390     ip6_reass_remove_oldest_datagram(ipr, clen);
00391     if ((ip6_reass_pbufcount + clen) <= IP_REASS_MAX_PBUFS) {
00392       /* re-search ipr_prev since it might have been removed */
00393       for (ipr_prev = reassdatagrams; ipr_prev != NULL; ipr_prev = ipr_prev->next) {
00394         if (ipr_prev->next == ipr) {
00395           break;
00396         }
00397       }
00398     } else
00399 #endif /* IP_REASS_FREE_OLDEST */
00400     {
00401       /* @todo: send ICMPv6 time exceeded here? */
00402       /* drop this pbuf */
00403       IP6_FRAG_STATS_INC(ip6_frag.memerr);
00404       goto nullreturn;
00405     }
00406   }
00407 
00408   /* Overwrite Fragment Header with our own helper struct. */
00409 #if IPV6_FRAG_COPYHEADER
00410   if (IPV6_FRAG_REQROOM > 0) {
00411     /* Make room for struct ip6_reass_helper (only required if sizeof(void*) > 4).
00412        This cannot fail since we already checked when receiving this fragment. */
00413     u8_t hdrerr = pbuf_header_force(p, IPV6_FRAG_REQROOM);
00414     LWIP_UNUSED_ARG(hdrerr); /* in case of LWIP_NOASSERT */
00415     LWIP_ASSERT("no room for struct ip6_reass_helper", hdrerr == 0);
00416   }
00417 #else /* IPV6_FRAG_COPYHEADER */
00418   LWIP_ASSERT("sizeof(struct ip6_reass_helper) <= IP6_FRAG_HLEN, set IPV6_FRAG_COPYHEADER to 1",
00419     sizeof(struct ip6_reass_helper) <= IP6_FRAG_HLEN);
00420 #endif /* IPV6_FRAG_COPYHEADER */
00421 
00422   /* Prepare the pointer to the helper structure, and its initial values.
00423    * Do not yet write to the structure itself, as we still have to make a
00424    * backup of the original data, and we should not do that until we know for
00425    * sure that we are going to add this packet to the list. */
00426   iprh = (struct ip6_reass_helper *)p->payload;
00427   next_pbuf = NULL;
00428   end = (u16_t)(start + len);
00429 
00430   /* find the right place to insert this pbuf */
00431   /* Iterate through until we either get to the end of the list (append),
00432    * or we find on with a larger offset (insert). */
00433   for (q = ipr->p; q != NULL;) {
00434     iprh_tmp = (struct ip6_reass_helper*)q->payload;
00435     if (start < iprh_tmp->start) {
00436 #if IP_REASS_CHECK_OVERLAP
00437       if (end > iprh_tmp->start) {
00438         /* fragment overlaps with following, throw away */
00439         IP6_FRAG_STATS_INC(ip6_frag.proterr);
00440         goto nullreturn;
00441       }
00442       if (iprh_prev != NULL) {
00443         if (start < iprh_prev->end) {
00444           /* fragment overlaps with previous, throw away */
00445           IP6_FRAG_STATS_INC(ip6_frag.proterr);
00446           goto nullreturn;
00447         }
00448       }
00449 #endif /* IP_REASS_CHECK_OVERLAP */
00450       /* the new pbuf should be inserted before this */
00451       next_pbuf = q;
00452       if (iprh_prev != NULL) {
00453         /* not the fragment with the lowest offset */
00454         iprh_prev->next_pbuf = p;
00455       } else {
00456         /* fragment with the lowest offset */
00457         ipr->p = p;
00458       }
00459       break;
00460     } else if (start == iprh_tmp->start) {
00461       /* received the same datagram twice: no need to keep the datagram */
00462       goto nullreturn;
00463 #if IP_REASS_CHECK_OVERLAP
00464     } else if (start < iprh_tmp->end) {
00465       /* overlap: no need to keep the new datagram */
00466       IP6_FRAG_STATS_INC(ip6_frag.proterr);
00467       goto nullreturn;
00468 #endif /* IP_REASS_CHECK_OVERLAP */
00469     } else {
00470       /* Check if the fragments received so far have no gaps. */
00471       if (iprh_prev != NULL) {
00472         if (iprh_prev->end != iprh_tmp->start) {
00473           /* There is a fragment missing between the current
00474            * and the previous fragment */
00475           valid = 0;
00476         }
00477       }
00478     }
00479     q = iprh_tmp->next_pbuf;
00480     iprh_prev = iprh_tmp;
00481   }
00482 
00483   /* If q is NULL, then we made it to the end of the list. Determine what to do now */
00484   if (q == NULL) {
00485     if (iprh_prev != NULL) {
00486       /* this is (for now), the fragment with the highest offset:
00487        * chain it to the last fragment */
00488 #if IP_REASS_CHECK_OVERLAP
00489       LWIP_ASSERT("check fragments don't overlap", iprh_prev->end <= start);
00490 #endif /* IP_REASS_CHECK_OVERLAP */
00491       iprh_prev->next_pbuf = p;
00492       if (iprh_prev->end != start) {
00493         valid = 0;
00494       }
00495     } else {
00496 #if IP_REASS_CHECK_OVERLAP
00497       LWIP_ASSERT("no previous fragment, this must be the first fragment!",
00498         ipr->p == NULL);
00499 #endif /* IP_REASS_CHECK_OVERLAP */
00500       /* this is the first fragment we ever received for this ip datagram */
00501       ipr->p = p;
00502     }
00503   }
00504 
00505   /* Track the current number of pbufs current 'in-flight', in order to limit
00506   the number of fragments that may be enqueued at any one time */
00507   ip6_reass_pbufcount = (u16_t)(ip6_reass_pbufcount + clen);
00508 
00509   /* Remember IPv6 header if this is the first fragment. */
00510   if (start == 0) {
00511     /* need to use the none-const pointer here: */
00512     ipr->iphdr = ip_data.current_ip6_header;
00513     /* Make a backup of the part of the packet data that we are about to
00514      * overwrite, so that we can restore the original later. */
00515     MEMCPY(ipr->orig_hdr, p->payload, sizeof(*iprh));
00516     /* For IPV6_FRAG_COPYHEADER there is no need to copy src/dst again, as they
00517      * will be the same as they were. With LWIP_IPV6_SCOPES, the same applies
00518      * to the source/destination zones. */
00519   }
00520   /* Only after the backup do we get to fill in the actual helper structure. */
00521   iprh->next_pbuf = next_pbuf;
00522   iprh->start = start;
00523   iprh->end = end;
00524 
00525   /* If this is the last fragment, calculate total packet length. */
00526   if ((offset & IP6_FRAG_MORE_FLAG) == 0) {
00527     ipr->datagram_len = iprh->end;
00528   }
00529 
00530   /* Additional validity tests: we have received first and last fragment. */
00531   iprh_tmp = (struct ip6_reass_helper*)ipr->p->payload;
00532   if (iprh_tmp->start != 0) {
00533     valid = 0;
00534   }
00535   if (ipr->datagram_len == 0) {
00536     valid = 0;
00537   }
00538 
00539   /* Final validity test: no gaps between current and last fragment. */
00540   iprh_prev = iprh;
00541   q = iprh->next_pbuf;
00542   while ((q != NULL) && valid) {
00543     iprh = (struct ip6_reass_helper*)q->payload;
00544     if (iprh_prev->end != iprh->start) {
00545       valid = 0;
00546       break;
00547     }
00548     iprh_prev = iprh;
00549     q = iprh->next_pbuf;
00550   }
00551 
00552   if (valid) {
00553     /* All fragments have been received */
00554     struct ip6_hdr* iphdr_ptr;
00555 
00556     /* chain together the pbufs contained within the ip6_reassdata list. */
00557     iprh = (struct ip6_reass_helper*) ipr->p->payload;
00558     while (iprh != NULL) {
00559       next_pbuf = iprh->next_pbuf;
00560       if (next_pbuf != NULL) {
00561         /* Save next helper struct (will be hidden in next step). */
00562         iprh_tmp = (struct ip6_reass_helper*)next_pbuf->payload;
00563 
00564         /* hide the fragment header for every succeeding fragment */
00565         pbuf_remove_header(next_pbuf, IP6_FRAG_HLEN);
00566 #if IPV6_FRAG_COPYHEADER
00567         if (IPV6_FRAG_REQROOM > 0) {
00568           /* hide the extra bytes borrowed from ip6_hdr for struct ip6_reass_helper */
00569           u8_t hdrerr = pbuf_remove_header(next_pbuf, IPV6_FRAG_REQROOM);
00570           LWIP_UNUSED_ARG(hdrerr); /* in case of LWIP_NOASSERT */
00571           LWIP_ASSERT("no room for struct ip6_reass_helper", hdrerr == 0);
00572         }
00573 #endif
00574         pbuf_cat(ipr->p, next_pbuf);
00575       }
00576       else {
00577         iprh_tmp = NULL;
00578       }
00579 
00580       iprh = iprh_tmp;
00581     }
00582 
00583     /* Get the first pbuf. */
00584     p = ipr->p;
00585 
00586 #if IPV6_FRAG_COPYHEADER
00587     if (IPV6_FRAG_REQROOM > 0) {
00588       u8_t hdrerr;
00589       /* Restore (only) the bytes that we overwrote beyond the fragment header.
00590        * Those bytes may belong to either the IPv6 header or an extension
00591        * header placed before the fragment header. */
00592       MEMCPY(p->payload, ipr->orig_hdr, IPV6_FRAG_REQROOM);
00593       /* get back room for struct ip6_reass_helper (only required if sizeof(void*) > 4) */
00594       hdrerr = pbuf_remove_header(p, IPV6_FRAG_REQROOM);
00595       LWIP_UNUSED_ARG(hdrerr); /* in case of LWIP_NOASSERT */
00596       LWIP_ASSERT("no room for struct ip6_reass_helper", hdrerr == 0);
00597     }
00598 #endif
00599 
00600     /* We need to get rid of the fragment header itself, which is somewhere in
00601      * the middle of the packet (but still in the first pbuf of the chain).
00602      * Getting rid of the header is required by RFC 2460 Sec. 4.5 and necessary
00603      * in order to be able to reassemble packets that are close to full size
00604      * (i.e., around 65535 bytes). We simply move up all the headers before the
00605      * fragment header, including the IPv6 header, and adjust the payload start
00606      * accordingly. This works because all these headers are in the first pbuf
00607      * of the chain, and because the caller adjusts all its pointers on
00608      * successful reassembly. */
00609     MEMMOVE((u8_t*)ipr->iphdr + sizeof(struct ip6_frag_hdr), ipr->iphdr,
00610       (size_t)((u8_t*)p->payload - (u8_t*)ipr->iphdr));
00611 
00612     /* This is where the IPv6 header is now. */
00613     iphdr_ptr = (struct ip6_hdr*)((u8_t*)ipr->iphdr +
00614       sizeof(struct ip6_frag_hdr));
00615 
00616     /* Adjust datagram length by adding header lengths. */
00617     ipr->datagram_len = (u16_t)(ipr->datagram_len + ((u8_t*)p->payload - (u8_t*)iphdr_ptr)
00618                          - IP6_HLEN);
00619 
00620     /* Set payload length in ip header. */
00621     iphdr_ptr->_plen = lwip_htons(ipr->datagram_len);
00622 
00623     /* With the fragment header gone, we now need to adjust the next-header
00624      * field of whatever header was originally before it. Since the packet made
00625      * it through the original header processing routines at least up to the
00626      * fragment header, we do not need any further sanity checks here. */
00627     if (IP6H_NEXTH(iphdr_ptr) == IP6_NEXTH_FRAGMENT) {
00628       iphdr_ptr->_nexth = ipr->nexth;
00629     } else {
00630       u8_t *ptr = (u8_t *)iphdr_ptr + IP6_HLEN;
00631       while (*ptr != IP6_NEXTH_FRAGMENT) {
00632         ptr += 8 * (1 + ptr[1]);
00633       }
00634       *ptr = ipr->nexth;
00635     }
00636 
00637     /* release the resources allocated for the fragment queue entry */
00638     if (reassdatagrams == ipr) {
00639       /* it was the first in the list */
00640       reassdatagrams = ipr->next;
00641     } else {
00642       /* it wasn't the first, so it must have a valid 'prev' */
00643       LWIP_ASSERT("sanity check linked list", ipr_prev != NULL);
00644       ipr_prev->next = ipr->next;
00645     }
00646     memp_free(MEMP_IP6_REASSDATA, ipr);
00647 
00648     /* adjust the number of pbufs currently queued for reassembly. */
00649     clen = pbuf_clen(p);
00650     LWIP_ASSERT("ip6_reass_pbufcount >= clen", ip6_reass_pbufcount >= clen);
00651     ip6_reass_pbufcount = (u16_t)(ip6_reass_pbufcount - clen);
00652 
00653     /* Move pbuf back to IPv6 header. This should never fail. */
00654     if (pbuf_header_force(p, (s16_t)((u8_t*)p->payload - (u8_t*)iphdr_ptr))) {
00655       LWIP_ASSERT("ip6_reass: moving p->payload to ip6 header failed\n", 0);
00656       pbuf_free(p);
00657       return NULL;
00658     }
00659 
00660     /* Return the pbuf chain */
00661     return p;
00662   }
00663   /* the datagram is not (yet?) reassembled completely */
00664   return NULL;
00665 
00666 nullreturn:
00667   IP6_FRAG_STATS_INC(ip6_frag.drop);
00668   pbuf_free(p);
00669   return NULL;
00670 }
00671 
00672 #endif /* LWIP_IPV6 && LWIP_IPV6_REASS */
00673 
00674 #if LWIP_IPV6 && LWIP_IPV6_FRAG
00675 
00676 #if !LWIP_NETIF_TX_SINGLE_PBUF
00677 /** Allocate a new struct pbuf_custom_ref */
00678 static struct pbuf_custom_ref*
00679 ip6_frag_alloc_pbuf_custom_ref(void)
00680 {
00681   return (struct pbuf_custom_ref*)memp_malloc(MEMP_FRAG_PBUF);
00682 }
00683 
00684 /** Free a struct pbuf_custom_ref */
00685 static void
00686 ip6_frag_free_pbuf_custom_ref(struct pbuf_custom_ref* p)
00687 {
00688   LWIP_ASSERT("p != NULL", p != NULL);
00689   memp_free(MEMP_FRAG_PBUF, p);
00690 }
00691 
00692 /** Free-callback function to free a 'struct pbuf_custom_ref', called by
00693  * pbuf_free. */
00694 static void
00695 ip6_frag_free_pbuf_custom(struct pbuf *p)
00696 {
00697   struct pbuf_custom_ref *pcr = (struct pbuf_custom_ref*)p;
00698   LWIP_ASSERT("pcr != NULL", pcr != NULL);
00699   LWIP_ASSERT("pcr == p", (void*)pcr == (void*)p);
00700   if (pcr->original != NULL) {
00701     pbuf_free(pcr->original);
00702   }
00703   ip6_frag_free_pbuf_custom_ref(pcr);
00704 }
00705 #endif /* !LWIP_NETIF_TX_SINGLE_PBUF */
00706 
00707 /**
00708  * Fragment an IPv6 datagram if too large for the netif or path MTU.
00709  *
00710  * Chop the datagram in MTU sized chunks and send them in order
00711  * by pointing PBUF_REFs into p
00712  *
00713  * @param p ipv6 packet to send
00714  * @param netif the netif on which to send
00715  * @param dest destination ipv6 address to which to send
00716  *
00717  * @return ERR_OK if sent successfully, err_t otherwise
00718  */
00719 err_t
00720 ip6_frag(struct pbuf *p, struct netif *netif, const ip6_addr_t *dest)
00721 {
00722   struct ip6_hdr *original_ip6hdr;
00723   struct ip6_hdr *ip6hdr;
00724   struct ip6_frag_hdr *frag_hdr;
00725   struct pbuf *rambuf;
00726 #if !LWIP_NETIF_TX_SINGLE_PBUF
00727   struct pbuf *newpbuf;
00728   u16_t newpbuflen = 0;
00729   u16_t left_to_copy;
00730 #endif
00731   static u32_t identification;
00732   u16_t left, cop;
00733   const u16_t mtu = nd6_get_destination_mtu(dest, netif);
00734   const u16_t nfb = (u16_t)((mtu - (IP6_HLEN + IP6_FRAG_HLEN)) & IP6_FRAG_OFFSET_MASK);
00735   u16_t fragment_offset = 0;
00736   u16_t last;
00737   u16_t poff = IP6_HLEN;
00738 
00739   identification++;
00740 
00741   original_ip6hdr = (struct ip6_hdr *)p->payload;
00742 
00743   /* @todo we assume there are no options in the unfragmentable part (IPv6 header). */
00744   LWIP_ASSERT("p->tot_len >= IP6_HLEN", p->tot_len >= IP6_HLEN);
00745   left = (u16_t)(p->tot_len - IP6_HLEN);
00746 
00747   while (left) {
00748     last = (left <= nfb);
00749 
00750     /* Fill this fragment */
00751     cop = last ? left : nfb;
00752 
00753 #if LWIP_NETIF_TX_SINGLE_PBUF
00754     rambuf = pbuf_alloc(PBUF_IP, cop + IP6_FRAG_HLEN, PBUF_RAM);
00755     if (rambuf == NULL) {
00756       IP6_FRAG_STATS_INC(ip6_frag.memerr);
00757       return ERR_MEM;
00758     }
00759     LWIP_ASSERT("this needs a pbuf in one piece!",
00760       (rambuf->len == rambuf->tot_len) && (rambuf->next == NULL));
00761     poff += pbuf_copy_partial(p, (u8_t*)rambuf->payload + IP6_FRAG_HLEN, cop, poff);
00762     /* make room for the IP header */
00763     if (pbuf_add_header(rambuf, IP6_HLEN)) {
00764       pbuf_free(rambuf);
00765       IP6_FRAG_STATS_INC(ip6_frag.memerr);
00766       return ERR_MEM;
00767     }
00768     /* fill in the IP header */
00769     SMEMCPY(rambuf->payload, original_ip6hdr, IP6_HLEN);
00770     ip6hdr = (struct ip6_hdr *)rambuf->payload;
00771     frag_hdr = (struct ip6_frag_hdr *)((u8_t*)rambuf->payload + IP6_HLEN);
00772 #else
00773     /* When not using a static buffer, create a chain of pbufs.
00774      * The first will be a PBUF_RAM holding the link, IPv6, and Fragment header.
00775      * The rest will be PBUF_REFs mirroring the pbuf chain to be fragged,
00776      * but limited to the size of an mtu.
00777      */
00778     rambuf = pbuf_alloc(PBUF_LINK, IP6_HLEN + IP6_FRAG_HLEN, PBUF_RAM);
00779     if (rambuf == NULL) {
00780       IP6_FRAG_STATS_INC(ip6_frag.memerr);
00781       return ERR_MEM;
00782     }
00783     LWIP_ASSERT("this needs a pbuf in one piece!",
00784                 (p->len >= (IP6_HLEN)));
00785     SMEMCPY(rambuf->payload, original_ip6hdr, IP6_HLEN);
00786     ip6hdr = (struct ip6_hdr *)rambuf->payload;
00787     frag_hdr = (struct ip6_frag_hdr *)((u8_t*)rambuf->payload + IP6_HLEN);
00788 
00789     /* Can just adjust p directly for needed offset. */
00790     p->payload = (u8_t *)p->payload + poff;
00791     p->len = (u16_t)(p->len - poff);
00792     p->tot_len = (u16_t)(p->tot_len - poff);
00793 
00794     left_to_copy = cop;
00795     while (left_to_copy) {
00796       struct pbuf_custom_ref *pcr;
00797       newpbuflen = (left_to_copy < p->len) ? left_to_copy : p->len;
00798       /* Is this pbuf already empty? */
00799       if (!newpbuflen) {
00800         p = p->next;
00801         continue;
00802       }
00803       pcr = ip6_frag_alloc_pbuf_custom_ref();
00804       if (pcr == NULL) {
00805         pbuf_free(rambuf);
00806         IP6_FRAG_STATS_INC(ip6_frag.memerr);
00807         return ERR_MEM;
00808       }
00809       /* Mirror this pbuf, although we might not need all of it. */
00810       newpbuf = pbuf_alloced_custom(PBUF_RAW, newpbuflen, PBUF_REF, &pcr->pc, p->payload, newpbuflen);
00811       if (newpbuf == NULL) {
00812         ip6_frag_free_pbuf_custom_ref(pcr);
00813         pbuf_free(rambuf);
00814         IP6_FRAG_STATS_INC(ip6_frag.memerr);
00815         return ERR_MEM;
00816       }
00817       pbuf_ref(p);
00818       pcr->original = p;
00819       pcr->pc.custom_free_function = ip6_frag_free_pbuf_custom;
00820 
00821       /* Add it to end of rambuf's chain, but using pbuf_cat, not pbuf_chain
00822        * so that it is removed when pbuf_dechain is later called on rambuf.
00823        */
00824       pbuf_cat(rambuf, newpbuf);
00825       left_to_copy = (u16_t)(left_to_copy - newpbuflen);
00826       if (left_to_copy) {
00827         p = p->next;
00828       }
00829     }
00830     poff = newpbuflen;
00831 #endif /* LWIP_NETIF_TX_SINGLE_PBUF */
00832 
00833     /* Set headers */
00834     frag_hdr->_nexth = original_ip6hdr->_nexth;
00835     frag_hdr->reserved = 0;
00836     frag_hdr->_fragment_offset = lwip_htons((u16_t)((fragment_offset & IP6_FRAG_OFFSET_MASK) | (last ? 0 : IP6_FRAG_MORE_FLAG)));
00837     frag_hdr->_identification = lwip_htonl(identification);
00838 
00839     IP6H_NEXTH_SET(ip6hdr, IP6_NEXTH_FRAGMENT);
00840     IP6H_PLEN_SET(ip6hdr, (u16_t)(cop + IP6_FRAG_HLEN));
00841 
00842     /* No need for separate header pbuf - we allowed room for it in rambuf
00843      * when allocated.
00844      */
00845     IP6_FRAG_STATS_INC(ip6_frag.xmit);
00846     netif->output_ip6(netif, rambuf, dest);
00847 
00848     /* Unfortunately we can't reuse rambuf - the hardware may still be
00849      * using the buffer. Instead we free it (and the ensuing chain) and
00850      * recreate it next time round the loop. If we're lucky the hardware
00851      * will have already sent the packet, the free will really free, and
00852      * there will be zero memory penalty.
00853      */
00854 
00855     pbuf_free(rambuf);
00856     left = (u16_t)(left - cop);
00857     fragment_offset = (u16_t)(fragment_offset + cop);
00858   }
00859   return ERR_OK;
00860 }
00861 
00862 #endif /* LWIP_IPV6 && LWIP_IPV6_FRAG */