LXR linux/net/netfilter/ipvs/ip_vs

   1/*
   2 * ip_vs_xmit.c: various packet transmitters for IPVS
   3 *
   4 * Authors:     Wensong Zhang <wensong@linuxvirtualserver.org>
   5 *              Julian Anastasov <ja@ssi.bg>
   6 *
   7 *              This program is free software; you can redistribute it and/or
   8 *              modify it under the terms of the GNU General Public License
   9 *              as published by the Free Software Foundation; either version
  10 *              2 of the License, or (at your option) any later version.
  11 *
  12 * Changes:
  13 *
  14 * Description of forwarding methods:
  15 * - all transmitters are called from LOCAL_IN (remote clients) and
  16 * LOCAL_OUT (local clients) but for ICMP can be called from FORWARD
  17 * - not all connections have destination server, for example,
  18 * connections in backup server when fwmark is used
  19 * - bypass connections use daddr from packet
  20 * LOCAL_OUT rules:
  21 * - skb->dev is NULL, skb->protocol is not set (both are set in POST_ROUTING)
  22 * - skb->pkt_type is not set yet
  23 * - the only place where we can see skb->sk != NULL
  24 */
  25
  26#define KMSG_COMPONENT "IPVS"
  27#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
  28
  29#include <linux/kernel.h>
  30#include <linux/slab.h>
  31#include <linux/tcp.h>                  /* for tcphdr */
  32#include <net/ip.h>
  33#include <net/tcp.h>                    /* for csum_tcpudp_magic */
  34#include <net/udp.h>
  35#include <net/icmp.h>                   /* for icmp_send */
  36#include <net/route.h>                  /* for ip_route_output */
  37#include <net/ipv6.h>
  38#include <net/ip6_route.h>
  39#include <net/addrconf.h>
  40#include <linux/icmpv6.h>
  41#include <linux/netfilter.h>
  42#include <linux/netfilter_ipv4.h>
  43
  44#include <net/ip_vs.h>
  45
  46
  47/*
  48 *      Destination cache to speed up outgoing route lookup
  49 */
  50static inline void
  51__ip_vs_dst_set(struct ip_vs_dest *dest, u32 rtos, struct dst_entry *dst,
  52                u32 dst_cookie)
  53{
  54        struct dst_entry *old_dst;
  55
  56        old_dst = dest->dst_cache;
  57        dest->dst_cache = dst;
  58        dest->dst_rtos = rtos;
  59        dest->dst_cookie = dst_cookie;
  60        dst_release(old_dst);
  61}
  62
  63static inline struct dst_entry *
  64__ip_vs_dst_check(struct ip_vs_dest *dest, u32 rtos)
  65{
  66        struct dst_entry *dst = dest->dst_cache;
  67
  68        if (!dst)
  69                return NULL;
  70        if ((dst->obsolete || rtos != dest->dst_rtos) &&
  71            dst->ops->check(dst, dest->dst_cookie) == NULL) {
  72                dest->dst_cache = NULL;
  73                dst_release(dst);
  74                return NULL;
  75        }
  76        dst_hold(dst);
  77        return dst;
  78}
  79
  80/*
  81 * Get route to destination or remote server
  82 * rt_mode: flags, &1=Allow local dest, &2=Allow non-local dest,
  83 *          &4=Allow redirect from remote daddr to local
  84 */
  85static struct rtable *
  86__ip_vs_get_out_rt(struct sk_buff *skb, struct ip_vs_dest *dest,
  87                   __be32 daddr, u32 rtos, int rt_mode)
  88{
  89        struct net *net = dev_net(skb_dst(skb)->dev);
  90        struct rtable *rt;                      /* Route to the other host */
  91        struct rtable *ort;                     /* Original route */
  92        int local;
  93
  94        if (dest) {
  95                spin_lock(&dest->dst_lock);
  96                if (!(rt = (struct rtable *)
  97                      __ip_vs_dst_check(dest, rtos))) {
  98                        struct flowi fl = {
  99                                .fl4_dst = dest->addr.ip,
 100                                .fl4_tos = rtos,
 101                        };
 102
 103                        if (ip_route_output_key(net, &rt, &fl)) {
 104                                spin_unlock(&dest->dst_lock);
 105                                IP_VS_DBG_RL("ip_route_output error, dest: %pI4\n",
 106                                             &dest->addr.ip);
 107                                return NULL;
 108                        }
 109                        __ip_vs_dst_set(dest, rtos, dst_clone(&rt->dst), 0);
 110                        IP_VS_DBG(10, "new dst %pI4, refcnt=%d, rtos=%X\n",
 111                                  &dest->addr.ip,
 112                                  atomic_read(&rt->dst.__refcnt), rtos);
 113                }
 114                spin_unlock(&dest->dst_lock);
 115        } else {
 116                struct flowi fl = {
 117                        .fl4_dst = daddr,
 118                        .fl4_tos = rtos,
 119                };
 120
 121                if (ip_route_output_key(net, &rt, &fl)) {
 122                        IP_VS_DBG_RL("ip_route_output error, dest: %pI4\n",
 123                                     &daddr);
 124                        return NULL;
 125                }
 126        }
 127
 128        local = rt->rt_flags & RTCF_LOCAL;
 129        if (!((local ? 1 : 2) & rt_mode)) {
 130                IP_VS_DBG_RL("Stopping traffic to %s address, dest: %pI4\n",
 131                             (rt->rt_flags & RTCF_LOCAL) ?
 132                             "local":"non-local", &rt->rt_dst);
 133                ip_rt_put(rt);
 134                return NULL;
 135        }
 136        if (local && !(rt_mode & 4) && !((ort = skb_rtable(skb)) &&
 137                                         ort->rt_flags & RTCF_LOCAL)) {
 138                IP_VS_DBG_RL("Redirect from non-local address %pI4 to local "
 139                             "requires NAT method, dest: %pI4\n",
 140                             &ip_hdr(skb)->daddr, &rt->rt_dst);
 141                ip_rt_put(rt);
 142                return NULL;
 143        }
 144        if (unlikely(!local && ipv4_is_loopback(ip_hdr(skb)->saddr))) {
 145                IP_VS_DBG_RL("Stopping traffic from loopback address %pI4 "
 146                             "to non-local address, dest: %pI4\n",
 147                             &ip_hdr(skb)->saddr, &rt->rt_dst);
 148                ip_rt_put(rt);
 149                return NULL;
 150        }
 151
 152        return rt;
 153}
 154
 155/* Reroute packet to local IPv4 stack after DNAT */
 156static int
 157__ip_vs_reroute_locally(struct sk_buff *skb)
 158{
 159        struct rtable *rt = skb_rtable(skb);
 160        struct net_device *dev = rt->dst.dev;
 161        struct net *net = dev_net(dev);
 162        struct iphdr *iph = ip_hdr(skb);
 163
 164        if (rt_is_input_route(rt)) {
 165                unsigned long orefdst = skb->_skb_refdst;
 166
 167                if (ip_route_input(skb, iph->daddr, iph->saddr,
 168                                   iph->tos, skb->dev))
 169                        return 0;
 170                refdst_drop(orefdst);
 171        } else {
 172                struct flowi fl = {
 173                        .fl4_dst = iph->daddr,
 174                        .fl4_src = iph->saddr,
 175                        .fl4_tos = RT_TOS(iph->tos),
 176                        .mark = skb->mark,
 177                };
 178                struct rtable *rt;
 179
 180                if (ip_route_output_key(net, &rt, &fl))
 181                        return 0;
 182                if (!(rt->rt_flags & RTCF_LOCAL)) {
 183                        ip_rt_put(rt);
 184                        return 0;
 185                }
 186                /* Drop old route. */
 187                skb_dst_drop(skb);
 188                skb_dst_set(skb, &rt->dst);
 189        }
 190        return 1;
 191}
 192
 193#ifdef CONFIG_IP_VS_IPV6
 194
 195static inline int __ip_vs_is_local_route6(struct rt6_info *rt)
 196{
 197        return rt->rt6i_dev && rt->rt6i_dev->flags & IFF_LOOPBACK;
 198}
 199
 200static struct dst_entry *
 201__ip_vs_route_output_v6(struct net *net, struct in6_addr *daddr,
 202                        struct in6_addr *ret_saddr, int do_xfrm)
 203{
 204        struct dst_entry *dst;
 205        struct flowi fl = {
 206                .fl6_dst = *daddr,
 207        };
 208
 209        dst = ip6_route_output(net, NULL, &fl);
 210        if (dst->error)
 211                goto out_err;
 212        if (!ret_saddr)
 213                return dst;
 214        if (ipv6_addr_any(&fl.fl6_src) &&
 215            ipv6_dev_get_saddr(net, ip6_dst_idev(dst)->dev,
 216                               &fl.fl6_dst, 0, &fl.fl6_src) < 0)
 217                goto out_err;
 218        if (do_xfrm && xfrm_lookup(net, &dst, &fl, NULL, 0) < 0)
 219                goto out_err;
 220        ipv6_addr_copy(ret_saddr, &fl.fl6_src);
 221        return dst;
 222
 223out_err:
 224        dst_release(dst);
 225        IP_VS_DBG_RL("ip6_route_output error, dest: %pI6\n", daddr);
 226        return NULL;
 227}
 228
 229/*
 230 * Get route to destination or remote server
 231 * rt_mode: flags, &1=Allow local dest, &2=Allow non-local dest,
 232 *          &4=Allow redirect from remote daddr to local
 233 */
 234static struct rt6_info *
 235__ip_vs_get_out_rt_v6(struct sk_buff *skb, struct ip_vs_dest *dest,
 236                      struct in6_addr *daddr, struct in6_addr *ret_saddr,
 237                      int do_xfrm, int rt_mode)
 238{
 239        struct net *net = dev_net(skb_dst(skb)->dev);
 240        struct rt6_info *rt;                    /* Route to the other host */
 241        struct rt6_info *ort;                   /* Original route */
 242        struct dst_entry *dst;
 243        int local;
 244
 245        if (dest) {
 246                spin_lock(&dest->dst_lock);
 247                rt = (struct rt6_info *)__ip_vs_dst_check(dest, 0);
 248                if (!rt) {
 249                        u32 cookie;
 250
 251                        dst = __ip_vs_route_output_v6(net, &dest->addr.in6,
 252                                                      &dest->dst_saddr,
 253                                                      do_xfrm);
 254                        if (!dst) {
 255                                spin_unlock(&dest->dst_lock);
 256                                return NULL;
 257                        }
 258                        rt = (struct rt6_info *) dst;
 259                        cookie = rt->rt6i_node ? rt->rt6i_node->fn_sernum : 0;
 260                        __ip_vs_dst_set(dest, 0, dst_clone(&rt->dst), cookie);
 261                        IP_VS_DBG(10, "new dst %pI6, src %pI6, refcnt=%d\n",
 262                                  &dest->addr.in6, &dest->dst_saddr,
 263                                  atomic_read(&rt->dst.__refcnt));
 264                }
 265                if (ret_saddr)
 266                        ipv6_addr_copy(ret_saddr, &dest->dst_saddr);
 267                spin_unlock(&dest->dst_lock);
 268        } else {
 269                dst = __ip_vs_route_output_v6(net, daddr, ret_saddr, do_xfrm);
 270                if (!dst)
 271                        return NULL;
 272                rt = (struct rt6_info *) dst;
 273        }
 274
 275        local = __ip_vs_is_local_route6(rt);
 276        if (!((local ? 1 : 2) & rt_mode)) {
 277                IP_VS_DBG_RL("Stopping traffic to %s address, dest: %pI6\n",
 278                             local ? "local":"non-local", daddr);
 279                dst_release(&rt->dst);
 280                return NULL;
 281        }
 282        if (local && !(rt_mode & 4) &&
 283            !((ort = (struct rt6_info *) skb_dst(skb)) &&
 284              __ip_vs_is_local_route6(ort))) {
 285                IP_VS_DBG_RL("Redirect from non-local address %pI6 to local "
 286                             "requires NAT method, dest: %pI6\n",
 287                             &ipv6_hdr(skb)->daddr, daddr);
 288                dst_release(&rt->dst);
 289                return NULL;
 290        }
 291        if (unlikely(!local && (!skb->dev || skb->dev->flags & IFF_LOOPBACK) &&
 292                     ipv6_addr_type(&ipv6_hdr(skb)->saddr) &
 293                                    IPV6_ADDR_LOOPBACK)) {
 294                IP_VS_DBG_RL("Stopping traffic from loopback address %pI6 "
 295                             "to non-local address, dest: %pI6\n",
 296                             &ipv6_hdr(skb)->saddr, daddr);
 297                dst_release(&rt->dst);
 298                return NULL;
 299        }
 300
 301        return rt;
 302}
 303#endif
 304
 305
 306/*
 307 *      Release dest->dst_cache before a dest is removed
 308 */
 309void
 310ip_vs_dst_reset(struct ip_vs_dest *dest)
 311{
 312        struct dst_entry *old_dst;
 313
 314        old_dst = dest->dst_cache;
 315        dest->dst_cache = NULL;
 316        dst_release(old_dst);
 317}
 318
 319#define IP_VS_XMIT_TUNNEL(skb, cp)                              \
 320({                                                              \
 321        int __ret = NF_ACCEPT;                                  \
 322                                                                \
 323        (skb)->ipvs_property = 1;                               \
 324        if (unlikely((cp)->flags & IP_VS_CONN_F_NFCT))          \
 325                __ret = ip_vs_confirm_conntrack(skb, cp);       \
 326        if (__ret == NF_ACCEPT) {                               \
 327                nf_reset(skb);                                  \
 328                skb_forward_csum(skb);                          \
 329        }                                                       \
 330        __ret;                                                  \
 331})
 332
 333#define IP_VS_XMIT_NAT(pf, skb, cp, local)              \
 334do {                                                    \
 335        (skb)->ipvs_property = 1;                       \
 336        if (likely(!((cp)->flags & IP_VS_CONN_F_NFCT))) \
 337                ip_vs_notrack(skb);                     \
 338        else                                            \
 339                ip_vs_update_conntrack(skb, cp, 1);     \
 340        if (local)                                      \
 341                return NF_ACCEPT;                       \
 342        skb_forward_csum(skb);                          \
 343        NF_HOOK(pf, NF_INET_LOCAL_OUT, (skb), NULL,     \
 344                skb_dst(skb)->dev, dst_output);         \
 345} while (0)
 346
 347#define IP_VS_XMIT(pf, skb, cp, local)                  \
 348do {                                                    \
 349        (skb)->ipvs_property = 1;                       \
 350        if (likely(!((cp)->flags & IP_VS_CONN_F_NFCT))) \
 351                ip_vs_notrack(skb);                     \
 352        if (local)                                      \
 353                return NF_ACCEPT;                       \
 354        skb_forward_csum(skb);                          \
 355        NF_HOOK(pf, NF_INET_LOCAL_OUT, (skb), NULL,     \
 356                skb_dst(skb)->dev, dst_output);         \
 357} while (0)
 358
 359
 360/*
 361 *      NULL transmitter (do nothing except return NF_ACCEPT)
 362 */
 363int
 364ip_vs_null_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
 365                struct ip_vs_protocol *pp)
 366{
 367        /* we do not touch skb and do not need pskb ptr */
 368        IP_VS_XMIT(NFPROTO_IPV4, skb, cp, 1);
 369}
 370
 371
 372/*
 373 *      Bypass transmitter
 374 *      Let packets bypass the destination when the destination is not
 375 *      available, it may be only used in transparent cache cluster.
 376 */
 377int
 378ip_vs_bypass_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
 379                  struct ip_vs_protocol *pp)
 380{
 381        struct rtable *rt;                      /* Route to the other host */
 382        struct iphdr  *iph = ip_hdr(skb);
 383        int    mtu;
 384
 385        EnterFunction(10);
 386
 387        if (!(rt = __ip_vs_get_out_rt(skb, NULL, iph->daddr,
 388                                      RT_TOS(iph->tos), 2)))
 389                goto tx_error_icmp;
 390
 391        /* MTU checking */
 392        mtu = dst_mtu(&rt->dst);
 393        if ((skb->len > mtu) && (iph->frag_off & htons(IP_DF))) {
 394                ip_rt_put(rt);
 395                icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu));
 396                IP_VS_DBG_RL("%s(): frag needed\n", __func__);
 397                goto tx_error;
 398        }
 399
 400        /*
 401         * Call ip_send_check because we are not sure it is called
 402         * after ip_defrag. Is copy-on-write needed?
 403         */
 404        if (unlikely((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)) {
 405                ip_rt_put(rt);
 406                return NF_STOLEN;
 407        }
 408        ip_send_check(ip_hdr(skb));
 409
 410        /* drop old route */
 411        skb_dst_drop(skb);
 412        skb_dst_set(skb, &rt->dst);
 413
 414        /* Another hack: avoid icmp_send in ip_fragment */
 415        skb->local_df = 1;
 416
 417        IP_VS_XMIT(NFPROTO_IPV4, skb, cp, 0);
 418
 419        LeaveFunction(10);
 420        return NF_STOLEN;
 421
 422 tx_error_icmp:
 423        dst_link_failure(skb);
 424 tx_error:
 425        kfree_skb(skb);
 426        LeaveFunction(10);
 427        return NF_STOLEN;
 428}
 429
 430#ifdef CONFIG_IP_VS_IPV6
 431int
 432ip_vs_bypass_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
 433                     struct ip_vs_protocol *pp)
 434{
 435        struct rt6_info *rt;                    /* Route to the other host */
 436        struct ipv6hdr  *iph = ipv6_hdr(skb);
 437        int    mtu;
 438
 439        EnterFunction(10);
 440
 441        if (!(rt = __ip_vs_get_out_rt_v6(skb, NULL, &iph->daddr, NULL, 0, 2)))
 442                goto tx_error_icmp;
 443
 444        /* MTU checking */
 445        mtu = dst_mtu(&rt->dst);
 446        if (skb->len > mtu) {
 447                if (!skb->dev) {
 448                        struct net *net = dev_net(skb_dst(skb)->dev);
 449
 450                        skb->dev = net->loopback_dev;
 451                }
 452                icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
 453                dst_release(&rt->dst);
 454                IP_VS_DBG_RL("%s(): frag needed\n", __func__);
 455                goto tx_error;
 456        }
 457
 458        /*
 459         * Call ip_send_check because we are not sure it is called
 460         * after ip_defrag. Is copy-on-write needed?
 461         */
 462        skb = skb_share_check(skb, GFP_ATOMIC);
 463        if (unlikely(skb == NULL)) {
 464                dst_release(&rt->dst);
 465                return NF_STOLEN;
 466        }
 467
 468        /* drop old route */
 469        skb_dst_drop(skb);
 470        skb_dst_set(skb, &rt->dst);
 471
 472        /* Another hack: avoid icmp_send in ip_fragment */
 473        skb->local_df = 1;
 474
 475        IP_VS_XMIT(NFPROTO_IPV6, skb, cp, 0);
 476
 477        LeaveFunction(10);
 478        return NF_STOLEN;
 479
 480 tx_error_icmp:
 481        dst_link_failure(skb);
 482 tx_error:
 483        kfree_skb(skb);
 484        LeaveFunction(10);
 485        return NF_STOLEN;
 486}
 487#endif
 488
 489/*
 490 *      NAT transmitter (only for outside-to-inside nat forwarding)
 491 *      Not used for related ICMP
 492 */
 493int
 494ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
 495               struct ip_vs_protocol *pp)
 496{
 497        struct rtable *rt;              /* Route to the other host */
 498        int mtu;
 499        struct iphdr *iph = ip_hdr(skb);
 500        int local;
 501
 502        EnterFunction(10);
 503
 504        /* check if it is a connection of no-client-port */
 505        if (unlikely(cp->flags & IP_VS_CONN_F_NO_CPORT)) {
 506                __be16 _pt, *p;
 507                p = skb_header_pointer(skb, iph->ihl*4, sizeof(_pt), &_pt);
 508                if (p == NULL)
 509                        goto tx_error;
 510                ip_vs_conn_fill_cport(cp, *p);
 511                IP_VS_DBG(10, "filled cport=%d\n", ntohs(*p));
 512        }
 513
 514        if (!(rt = __ip_vs_get_out_rt(skb, cp->dest, cp->daddr.ip,
 515                                      RT_TOS(iph->tos), 1|2|4)))
 516                goto tx_error_icmp;
 517        local = rt->rt_flags & RTCF_LOCAL;
 518        /*
 519         * Avoid duplicate tuple in reply direction for NAT traffic
 520         * to local address when connection is sync-ed
 521         */
 522#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
 523        if (cp->flags & IP_VS_CONN_F_SYNC && local) {
 524                enum ip_conntrack_info ctinfo;
 525                struct nf_conn *ct = ct = nf_ct_get(skb, &ctinfo);
 526
 527                if (ct && !nf_ct_is_untracked(ct)) {
 528                        IP_VS_DBG_RL_PKT(10, AF_INET, pp, skb, 0,
 529                                         "ip_vs_nat_xmit(): "
 530                                         "stopping DNAT to local address");
 531                        goto tx_error_put;
 532                }
 533        }
 534#endif
 535
 536        /* From world but DNAT to loopback address? */
 537        if (local && ipv4_is_loopback(rt->rt_dst) &&
 538            rt_is_input_route(skb_rtable(skb))) {
 539                IP_VS_DBG_RL_PKT(1, AF_INET, pp, skb, 0, "ip_vs_nat_xmit(): "
 540                                 "stopping DNAT to loopback address");
 541                goto tx_error_put;
 542        }
 543
 544        /* MTU checking */
 545        mtu = dst_mtu(&rt->dst);
 546        if ((skb->len > mtu) && (iph->frag_off & htons(IP_DF))) {
 547                icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu));
 548                IP_VS_DBG_RL_PKT(0, AF_INET, pp, skb, 0,
 549                                 "ip_vs_nat_xmit(): frag needed for");
 550                goto tx_error_put;
 551        }
 552
 553        /* copy-on-write the packet before mangling it */
 554        if (!skb_make_writable(skb, sizeof(struct iphdr)))
 555                goto tx_error_put;
 556
 557        if (skb_cow(skb, rt->dst.dev->hard_header_len))
 558                goto tx_error_put;
 559
 560        /* mangle the packet */
 561        if (pp->dnat_handler && !pp->dnat_handler(skb, pp, cp))
 562                goto tx_error_put;
 563        ip_hdr(skb)->daddr = cp->daddr.ip;
 564        ip_send_check(ip_hdr(skb));
 565
 566        if (!local) {
 567                /* drop old route */
 568                skb_dst_drop(skb);
 569                skb_dst_set(skb, &rt->dst);
 570        } else {
 571                ip_rt_put(rt);
 572                /*
 573                 * Some IPv4 replies get local address from routes,
 574                 * not from iph, so while we DNAT after routing
 575                 * we need this second input/output route.
 576                 */
 577                if (!__ip_vs_reroute_locally(skb))
 578                        goto tx_error;
 579        }
 580
 581        IP_VS_DBG_PKT(10, AF_INET, pp, skb, 0, "After DNAT");
 582
 583        /* FIXME: when application helper enlarges the packet and the length
 584           is larger than the MTU of outgoing device, there will be still
 585           MTU problem. */
 586
 587        /* Another hack: avoid icmp_send in ip_fragment */
 588        skb->local_df = 1;
 589
 590        IP_VS_XMIT_NAT(NFPROTO_IPV4, skb, cp, local);
 591
 592        LeaveFunction(10);
 593        return NF_STOLEN;
 594
 595  tx_error_icmp:
 596        dst_link_failure(skb);
 597  tx_error:
 598        kfree_skb(skb);
 599        LeaveFunction(10);
 600        return NF_STOLEN;
 601  tx_error_put:
 602        ip_rt_put(rt);
 603        goto tx_error;
 604}
 605
 606#ifdef CONFIG_IP_VS_IPV6
 607int
 608ip_vs_nat_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
 609                  struct ip_vs_protocol *pp)
 610{
 611        struct rt6_info *rt;            /* Route to the other host */
 612        int mtu;
 613        int local;
 614
 615        EnterFunction(10);
 616
 617        /* check if it is a connection of no-client-port */
 618        if (unlikely(cp->flags & IP_VS_CONN_F_NO_CPORT)) {
 619                __be16 _pt, *p;
 620                p = skb_header_pointer(skb, sizeof(struct ipv6hdr),
 621                                       sizeof(_pt), &_pt);
 622                if (p == NULL)
 623                        goto tx_error;
 624                ip_vs_conn_fill_cport(cp, *p);
 625                IP_VS_DBG(10, "filled cport=%d\n", ntohs(*p));
 626        }
 627
 628        if (!(rt = __ip_vs_get_out_rt_v6(skb, cp->dest, &cp->daddr.in6, NULL,
 629                                         0, 1|2|4)))
 630                goto tx_error_icmp;
 631        local = __ip_vs_is_local_route6(rt);
 632        /*
 633         * Avoid duplicate tuple in reply direction for NAT traffic
 634         * to local address when connection is sync-ed
 635         */
 636#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
 637        if (cp->flags & IP_VS_CONN_F_SYNC && local) {
 638                enum ip_conntrack_info ctinfo;
 639                struct nf_conn *ct = ct = nf_ct_get(skb, &ctinfo);
 640
 641                if (ct && !nf_ct_is_untracked(ct)) {
 642                        IP_VS_DBG_RL_PKT(10, AF_INET6, pp, skb, 0,
 643                                         "ip_vs_nat_xmit_v6(): "
 644                                         "stopping DNAT to local address");
 645                        goto tx_error_put;
 646                }
 647        }
 648#endif
 649
 650        /* From world but DNAT to loopback address? */
 651        if (local && skb->dev && !(skb->dev->flags & IFF_LOOPBACK) &&
 652            ipv6_addr_type(&rt->rt6i_dst.addr) & IPV6_ADDR_LOOPBACK) {
 653                IP_VS_DBG_RL_PKT(1, AF_INET6, pp, skb, 0,
 654                                 "ip_vs_nat_xmit_v6(): "
 655                                 "stopping DNAT to loopback address");
 656                goto tx_error_put;
 657        }
 658
 659        /* MTU checking */
 660        mtu = dst_mtu(&rt->dst);
 661        if (skb->len > mtu) {
 662                if (!skb->dev) {
 663                        struct net *net = dev_net(skb_dst(skb)->dev);
 664
 665                        skb->dev = net->loopback_dev;
 666                }
 667                icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
 668                IP_VS_DBG_RL_PKT(0, AF_INET6, pp, skb, 0,
 669                                 "ip_vs_nat_xmit_v6(): frag needed for");
 670                goto tx_error_put;
 671        }
 672
 673        /* copy-on-write the packet before mangling it */
 674        if (!skb_make_writable(skb, sizeof(struct ipv6hdr)))
 675                goto tx_error_put;
 676
 677        if (skb_cow(skb, rt->dst.dev->hard_header_len))
 678                goto tx_error_put;
 679
 680        /* mangle the packet */
 681        if (pp->dnat_handler && !pp->dnat_handler(skb, pp, cp))
 682                goto tx_error;
 683        ipv6_addr_copy(&ipv6_hdr(skb)->daddr, &cp->daddr.in6);
 684
 685        if (!local || !skb->dev) {
 686                /* drop the old route when skb is not shared */
 687                skb_dst_drop(skb);
 688                skb_dst_set(skb, &rt->dst);
 689        } else {
 690                /* destined to loopback, do we need to change route? */
 691                dst_release(&rt->dst);
 692        }
 693
 694        IP_VS_DBG_PKT(10, AF_INET6, pp, skb, 0, "After DNAT");
 695
 696        /* FIXME: when application helper enlarges the packet and the length
 697           is larger than the MTU of outgoing device, there will be still
 698           MTU problem. */
 699
 700        /* Another hack: avoid icmp_send in ip_fragment */
 701        skb->local_df = 1;
 702
 703        IP_VS_XMIT_NAT(NFPROTO_IPV6, skb, cp, local);
 704
 705        LeaveFunction(10);
 706        return NF_STOLEN;
 707
 708tx_error_icmp:
 709        dst_link_failure(skb);
 710tx_error:
 711        LeaveFunction(10);
 712        kfree_skb(skb);
 713        return NF_STOLEN;
 714tx_error_put:
 715        dst_release(&rt->dst);
 716        goto tx_error;
 717}
 718#endif
 719
 720
 721/*
 722 *   IP Tunneling transmitter
 723 *
 724 *   This function encapsulates the packet in a new IP packet, its
 725 *   destination will be set to cp->daddr. Most code of this function
 726 *   is taken from ipip.c.
 727 *
 728 *   It is used in VS/TUN cluster. The load balancer selects a real
 729 *   server from a cluster based on a scheduling algorithm,
 730 *   encapsulates the request packet and forwards it to the selected
 731 *   server. For example, all real servers are configured with
 732 *   "ifconfig tunl0 <Virtual IP Address> up". When the server receives
 733 *   the encapsulated packet, it will decapsulate the packet, processe
 734 *   the request and return the response packets directly to the client
 735 *   without passing the load balancer. This can greatly increase the
 736 *   scalability of virtual server.
 737 *
 738 *   Used for ANY protocol
 739 */
 740int
 741ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
 742                  struct ip_vs_protocol *pp)
 743{
 744        struct rtable *rt;                      /* Route to the other host */
 745        struct net_device *tdev;                /* Device to other host */
 746        struct iphdr  *old_iph = ip_hdr(skb);
 747        u8     tos = old_iph->tos;
 748        __be16 df = old_iph->frag_off;
 749        struct iphdr  *iph;                     /* Our new IP header */
 750        unsigned int max_headroom;              /* The extra header space needed */
 751        int    mtu;
 752        int ret;
 753
 754        EnterFunction(10);
 755
 756        if (!(rt = __ip_vs_get_out_rt(skb, cp->dest, cp->daddr.ip,
 757                                      RT_TOS(tos), 1|2)))
 758                goto tx_error_icmp;
 759        if (rt->rt_flags & RTCF_LOCAL) {
 760                ip_rt_put(rt);
 761                IP_VS_XMIT(NFPROTO_IPV4, skb, cp, 1);
 762        }
 763
 764        tdev = rt->dst.dev;
 765
 766        mtu = dst_mtu(&rt->dst) - sizeof(struct iphdr);
 767        if (mtu < 68) {
 768                IP_VS_DBG_RL("%s(): mtu less than 68\n", __func__);
 769                goto tx_error_put;
 770        }
 771        if (skb_dst(skb))
 772                skb_dst(skb)->ops->update_pmtu(skb_dst(skb), mtu);
 773
 774        df |= (old_iph->frag_off & htons(IP_DF));
 775
 776        if ((old_iph->frag_off & htons(IP_DF))
 777            && mtu < ntohs(old_iph->tot_len)) {
 778                icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu));
 779                IP_VS_DBG_RL("%s(): frag needed\n", __func__);
 780                goto tx_error_put;
 781        }
 782
 783        /*
 784         * Okay, now see if we can stuff it in the buffer as-is.
 785         */
 786        max_headroom = LL_RESERVED_SPACE(tdev) + sizeof(struct iphdr);
 787
 788        if (skb_headroom(skb) < max_headroom
 789            || skb_cloned(skb) || skb_shared(skb)) {
 790                struct sk_buff *new_skb =
 791                        skb_realloc_headroom(skb, max_headroom);
 792                if (!new_skb) {
 793                        ip_rt_put(rt);
 794                        kfree_skb(skb);
 795                        IP_VS_ERR_RL("%s(): no memory\n", __func__);
 796                        return NF_STOLEN;
 797                }
 798                kfree_skb(skb);
 799                skb = new_skb;
 800                old_iph = ip_hdr(skb);
 801        }
 802
 803        skb->transport_header = skb->network_header;
 804
 805        /* fix old IP header checksum */
 806        ip_send_check(old_iph);
 807
 808        skb_push(skb, sizeof(struct iphdr));
 809        skb_reset_network_header(skb);
 810        memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
 811
 812        /* drop old route */
 813        skb_dst_drop(skb);
 814        skb_dst_set(skb, &rt->dst);
 815
 816        /*
 817         *      Push down and install the IPIP header.
 818         */
 819        iph                     =       ip_hdr(skb);
 820        iph->version            =       4;
 821        iph->ihl                =       sizeof(struct iphdr)>>2;
 822        iph->frag_off           =       df;
 823        iph->protocol           =       IPPROTO_IPIP;
 824        iph->tos                =       tos;
 825        iph->daddr              =       rt->rt_dst;
 826        iph->saddr              =       rt->rt_src;
 827        iph->ttl                =       old_iph->ttl;
 828        ip_select_ident(iph, &rt->dst, NULL);
 829
 830        /* Another hack: avoid icmp_send in ip_fragment */
 831        skb->local_df = 1;
 832
 833        ret = IP_VS_XMIT_TUNNEL(skb, cp);
 834        if (ret == NF_ACCEPT)
 835                ip_local_out(skb);
 836        else if (ret == NF_DROP)
 837                kfree_skb(skb);
 838
 839        LeaveFunction(10);
 840
 841        return NF_STOLEN;
 842
 843  tx_error_icmp:
 844        dst_link_failure(skb);
 845  tx_error:
 846        kfree_skb(skb);
 847        LeaveFunction(10);
 848        return NF_STOLEN;
 849tx_error_put:
 850        ip_rt_put(rt);
 851        goto tx_error;
 852}
 853
 854#ifdef CONFIG_IP_VS_IPV6
 855int
 856ip_vs_tunnel_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
 857                     struct ip_vs_protocol *pp)
 858{
 859        struct rt6_info *rt;            /* Route to the other host */
 860        struct in6_addr saddr;          /* Source for tunnel */
 861        struct net_device *tdev;        /* Device to other host */
 862        struct ipv6hdr  *old_iph = ipv6_hdr(skb);
 863        struct ipv6hdr  *iph;           /* Our new IP header */
 864        unsigned int max_headroom;      /* The extra header space needed */
 865        int    mtu;
 866        int ret;
 867
 868        EnterFunction(10);
 869
 870        if (!(rt = __ip_vs_get_out_rt_v6(skb, cp->dest, &cp->daddr.in6,
 871                                         &saddr, 1, 1|2)))
 872                goto tx_error_icmp;
 873        if (__ip_vs_is_local_route6(rt)) {
 874                dst_release(&rt->dst);
 875                IP_VS_XMIT(NFPROTO_IPV6, skb, cp, 1);
 876        }
 877
 878        tdev = rt->dst.dev;
 879
 880        mtu = dst_mtu(&rt->dst) - sizeof(struct ipv6hdr);
 881        if (mtu < IPV6_MIN_MTU) {
 882                IP_VS_DBG_RL("%s(): mtu less than %d\n", __func__,
 883                             IPV6_MIN_MTU);
 884                goto tx_error_put;
 885        }
 886        if (skb_dst(skb))
 887                skb_dst(skb)->ops->update_pmtu(skb_dst(skb), mtu);
 888
 889        if (mtu < ntohs(old_iph->payload_len) + sizeof(struct ipv6hdr)) {
 890                if (!skb->dev) {
 891                        struct net *net = dev_net(skb_dst(skb)->dev);
 892
 893                        skb->dev = net->loopback_dev;
 894                }
 895                icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
 896                IP_VS_DBG_RL("%s(): frag needed\n", __func__);
 897                goto tx_error_put;
 898        }
 899
 900        /*
 901         * Okay, now see if we can stuff it in the buffer as-is.
 902         */
 903        max_headroom = LL_RESERVED_SPACE(tdev) + sizeof(struct ipv6hdr);
 904
 905        if (skb_headroom(skb) < max_headroom
 906            || skb_cloned(skb) || skb_shared(skb)) {
 907                struct sk_buff *new_skb =
 908                        skb_realloc_headroom(skb, max_headroom);
 909                if (!new_skb) {
 910                        dst_release(&rt->dst);
 911                        kfree_skb(skb);
 912                        IP_VS_ERR_RL("%s(): no memory\n", __func__);
 913                        return NF_STOLEN;
 914                }
 915                kfree_skb(skb);
 916                skb = new_skb;
 917                old_iph = ipv6_hdr(skb);
 918        }
 919
 920        skb->transport_header = skb->network_header;
 921
 922        skb_push(skb, sizeof(struct ipv6hdr));
 923        skb_reset_network_header(skb);
 924        memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
 925
 926        /* drop old route */
 927        skb_dst_drop(skb);
 928        skb_dst_set(skb, &rt->dst);
 929
 930        /*
 931         *      Push down and install the IPIP header.
 932         */
 933        iph                     =       ipv6_hdr(skb);
 934        iph->version            =       6;
 935        iph->nexthdr            =       IPPROTO_IPV6;
 936        iph->payload_len        =       old_iph->payload_len;
 937        be16_add_cpu(&iph->payload_len, sizeof(*old_iph));
 938        iph->priority           =       old_iph->priority;
 939        memset(&iph->flow_lbl, 0, sizeof(iph->flow_lbl));
 940        ipv6_addr_copy(&iph->daddr, &cp->daddr.in6);
 941        ipv6_addr_copy(&iph->saddr, &saddr);
 942        iph->hop_limit          =       old_iph->hop_limit;
 943
 944        /* Another hack: avoid icmp_send in ip_fragment */
 945        skb->local_df = 1;
 946
 947        ret = IP_VS_XMIT_TUNNEL(skb, cp);
 948        if (ret == NF_ACCEPT)
 949                ip6_local_out(skb);
 950        else if (ret == NF_DROP)
 951                kfree_skb(skb);
 952
 953        LeaveFunction(10);
 954
 955        return NF_STOLEN;
 956
 957tx_error_icmp:
 958        dst_link_failure(skb);
 959tx_error:
 960        kfree_skb(skb);
 961        LeaveFunction(10);
 962        return NF_STOLEN;
 963tx_error_put:
 964        dst_release(&rt->dst);
 965        goto tx_error;
 966}
 967#endif
 968
 969
 970/*
 971 *      Direct Routing transmitter
 972 *      Used for ANY protocol
 973 */
 974int
 975ip_vs_dr_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
 976              struct ip_vs_protocol *pp)
 977{
 978        struct rtable *rt;                      /* Route to the other host */
 979        struct iphdr  *iph = ip_hdr(skb);
 980        int    mtu;
 981
 982        EnterFunction(10);
 983
 984        if (!(rt = __ip_vs_get_out_rt(skb, cp->dest, cp->daddr.ip,
 985                                      RT_TOS(iph->tos), 1|2)))
 986                goto tx_error_icmp;
 987        if (rt->rt_flags & RTCF_LOCAL) {
 988                ip_rt_put(rt);
 989                IP_VS_XMIT(NFPROTO_IPV4, skb, cp, 1);
 990        }
 991
 992        /* MTU checking */
 993        mtu = dst_mtu(&rt->dst);
 994        if ((iph->frag_off & htons(IP_DF)) && skb->len > mtu) {
 995                icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu));
 996                ip_rt_put(rt);
 997                IP_VS_DBG_RL("%s(): frag needed\n", __func__);
 998                goto tx_error;
 999        }
1000

1001        /*
1002         * Call ip_send_check because we are not sure it is called
1003         * after ip_defrag. Is copy-on-write needed?
1004         */
1005        if (unlikely((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)) {
1006                ip_rt_put(rt);
1007                return NF_STOLEN;
1008        }
1009        ip_send_check(ip_hdr(skb));
1010
1011        /* drop old route */
1012        skb_dst_drop(skb);
1013        skb_dst_set(skb, &rt->dst);
1014
1015        /* Another hack: avoid icmp_send in ip_fragment */
1016        skb->local_df = 1;
1017
1018        IP_VS_XMIT(NFPROTO_IPV4, skb, cp, 0);
1019
1020        LeaveFunction(10);
1021        return NF_STOLEN;
1022
1023  tx_error_icmp:
1024        dst_link_failure(skb);
1025  tx_error:
1026        kfree_skb(skb);
1027        LeaveFunction(10);
1028        return NF_STOLEN;
1029}
1030
1031#ifdef CONFIG_IP_VS_IPV6
1032int
1033ip_vs_dr_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
1034                 struct ip_vs_protocol *pp)
1035{
1036        struct rt6_info *rt;                    /* Route to the other host */
1037        int    mtu;
1038
1039        EnterFunction(10);
1040
1041        if (!(rt = __ip_vs_get_out_rt_v6(skb, cp->dest, &cp->daddr.in6, NULL,
1042                                         0, 1|2)))
1043                goto tx_error_icmp;
1044        if (__ip_vs_is_local_route6(rt)) {
1045                dst_release(&rt->dst);
1046                IP_VS_XMIT(NFPROTO_IPV6, skb, cp, 1);
1047        }
1048
1049        /* MTU checking */
1050        mtu = dst_mtu(&rt->dst);
1051        if (skb->len > mtu) {
1052                if (!skb->dev) {
1053                        struct net *net = dev_net(skb_dst(skb)->dev);
1054
1055                        skb->dev = net->loopback_dev;
1056                }
1057                icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
1058                dst_release(&rt->dst);
1059                IP_VS_DBG_RL("%s(): frag needed\n", __func__);
1060                goto tx_error;
1061        }
1062
1063        /*
1064         * Call ip_send_check because we are not sure it is called
1065         * after ip_defrag. Is copy-on-write needed?
1066         */
1067        skb = skb_share_check(skb, GFP_ATOMIC);
1068        if (unlikely(skb == NULL)) {
1069                dst_release(&rt->dst);
1070                return NF_STOLEN;
1071        }
1072
1073        /* drop old route */
1074        skb_dst_drop(skb);
1075        skb_dst_set(skb, &rt->dst);
1076
1077        /* Another hack: avoid icmp_send in ip_fragment */
1078        skb->local_df = 1;
1079
1080        IP_VS_XMIT(NFPROTO_IPV6, skb, cp, 0);
1081
1082        LeaveFunction(10);
1083        return NF_STOLEN;
1084
1085tx_error_icmp:
1086        dst_link_failure(skb);
1087tx_error:
1088        kfree_skb(skb);
1089        LeaveFunction(10);
1090        return NF_STOLEN;
1091}
1092#endif
1093
1094
1095/*
1096 *      ICMP packet transmitter
1097 *      called by the ip_vs_in_icmp
1098 */
1099int
1100ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
1101                struct ip_vs_protocol *pp, int offset)
1102{
1103        struct rtable   *rt;    /* Route to the other host */
1104        int mtu;
1105        int rc;
1106        int local;
1107
1108        EnterFunction(10);
1109
1110        /* The ICMP packet for VS/TUN, VS/DR and LOCALNODE will be
1111           forwarded directly here, because there is no need to
1112           translate address/port back */
1113        if (IP_VS_FWD_METHOD(cp) != IP_VS_CONN_F_MASQ) {
1114                if (cp->packet_xmit)
1115                        rc = cp->packet_xmit(skb, cp, pp);
1116                else
1117                        rc = NF_ACCEPT;
1118                /* do not touch skb anymore */
1119                atomic_inc(&cp->in_pkts);
1120                goto out;
1121        }
1122
1123        /*
1124         * mangle and send the packet here (only for VS/NAT)
1125         */
1126
1127        if (!(rt = __ip_vs_get_out_rt(skb, cp->dest, cp->daddr.ip,
1128                                      RT_TOS(ip_hdr(skb)->tos), 1|2|4)))
1129                goto tx_error_icmp;
1130        local = rt->rt_flags & RTCF_LOCAL;
1131
1132        /*
1133         * Avoid duplicate tuple in reply direction for NAT traffic
1134         * to local address when connection is sync-ed
1135         */
1136#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
1137        if (cp->flags & IP_VS_CONN_F_SYNC && local) {
1138                enum ip_conntrack_info ctinfo;
1139                struct nf_conn *ct = ct = nf_ct_get(skb, &ctinfo);
1140
1141                if (ct && !nf_ct_is_untracked(ct)) {
1142                        IP_VS_DBG(10, "%s(): "
1143                                  "stopping DNAT to local address %pI4\n",
1144                                  __func__, &cp->daddr.ip);
1145                        goto tx_error_put;
1146                }
1147        }
1148#endif
1149
1150        /* From world but DNAT to loopback address? */
1151        if (local && ipv4_is_loopback(rt->rt_dst) &&
1152            rt_is_input_route(skb_rtable(skb))) {
1153                IP_VS_DBG(1, "%s(): "
1154                          "stopping DNAT to loopback %pI4\n",
1155                          __func__, &cp->daddr.ip);
1156                goto tx_error_put;
1157        }
1158
1159        /* MTU checking */
1160        mtu = dst_mtu(&rt->dst);
1161        if ((skb->len > mtu) && (ip_hdr(skb)->frag_off & htons(IP_DF))) {
1162                icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
1163                IP_VS_DBG_RL("%s(): frag needed\n", __func__);
1164                goto tx_error_put;
1165        }
1166
1167        /* copy-on-write the packet before mangling it */
1168        if (!skb_make_writable(skb, offset))
1169                goto tx_error_put;
1170
1171        if (skb_cow(skb, rt->dst.dev->hard_header_len))
1172                goto tx_error_put;
1173
1174        ip_vs_nat_icmp(skb, pp, cp, 0);
1175
1176        if (!local) {
1177                /* drop the old route when skb is not shared */
1178                skb_dst_drop(skb);
1179                skb_dst_set(skb, &rt->dst);
1180        } else {
1181                ip_rt_put(rt);
1182                /*
1183                 * Some IPv4 replies get local address from routes,
1184                 * not from iph, so while we DNAT after routing
1185                 * we need this second input/output route.
1186                 */
1187                if (!__ip_vs_reroute_locally(skb))
1188                        goto tx_error;
1189        }
1190
1191        /* Another hack: avoid icmp_send in ip_fragment */
1192        skb->local_df = 1;
1193
1194        IP_VS_XMIT_NAT(NFPROTO_IPV4, skb, cp, local);
1195
1196        rc = NF_STOLEN;
1197        goto out;
1198
1199  tx_error_icmp:
1200        dst_link_failure(skb);
1201  tx_error:
1202        dev_kfree_skb(skb);
1203        rc = NF_STOLEN;
1204  out:
1205        LeaveFunction(10);
1206        return rc;
1207  tx_error_put:
1208        ip_rt_put(rt);
1209        goto tx_error;
1210}
1211
1212#ifdef CONFIG_IP_VS_IPV6
1213int
1214ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
1215                struct ip_vs_protocol *pp, int offset)
1216{
1217        struct rt6_info *rt;    /* Route to the other host */
1218        int mtu;
1219        int rc;
1220        int local;
1221
1222        EnterFunction(10);
1223
1224        /* The ICMP packet for VS/TUN, VS/DR and LOCALNODE will be
1225           forwarded directly here, because there is no need to
1226           translate address/port back */
1227        if (IP_VS_FWD_METHOD(cp) != IP_VS_CONN_F_MASQ) {
1228                if (cp->packet_xmit)
1229                        rc = cp->packet_xmit(skb, cp, pp);
1230                else
1231                        rc = NF_ACCEPT;
1232                /* do not touch skb anymore */
1233                atomic_inc(&cp->in_pkts);
1234                goto out;
1235        }
1236
1237        /*
1238         * mangle and send the packet here (only for VS/NAT)
1239         */
1240
1241        if (!(rt = __ip_vs_get_out_rt_v6(skb, cp->dest, &cp->daddr.in6, NULL,
1242                                         0, 1|2|4)))
1243                goto tx_error_icmp;
1244
1245        local = __ip_vs_is_local_route6(rt);
1246        /*
1247         * Avoid duplicate tuple in reply direction for NAT traffic
1248         * to local address when connection is sync-ed
1249         */
1250#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
1251        if (cp->flags & IP_VS_CONN_F_SYNC && local) {
1252                enum ip_conntrack_info ctinfo;
1253                struct nf_conn *ct = ct = nf_ct_get(skb, &ctinfo);
1254
1255                if (ct && !nf_ct_is_untracked(ct)) {
1256                        IP_VS_DBG(10, "%s(): "
1257                                  "stopping DNAT to local address %pI6\n",
1258                                  __func__, &cp->daddr.in6);
1259                        goto tx_error_put;
1260                }
1261        }
1262#endif
1263
1264        /* From world but DNAT to loopback address? */
1265        if (local && skb->dev && !(skb->dev->flags & IFF_LOOPBACK) &&
1266            ipv6_addr_type(&rt->rt6i_dst.addr) & IPV6_ADDR_LOOPBACK) {
1267                IP_VS_DBG(1, "%s(): "
1268                          "stopping DNAT to loopback %pI6\n",
1269                          __func__, &cp->daddr.in6);
1270                goto tx_error_put;
1271        }
1272
1273        /* MTU checking */
1274        mtu = dst_mtu(&rt->dst);
1275        if (skb->len > mtu) {
1276                if (!skb->dev) {
1277                        struct net *net = dev_net(skb_dst(skb)->dev);
1278
1279                        skb->dev = net->loopback_dev;
1280                }
1281                icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
1282                IP_VS_DBG_RL("%s(): frag needed\n", __func__);
1283                goto tx_error_put;
1284        }
1285
1286        /* copy-on-write the packet before mangling it */
1287        if (!skb_make_writable(skb, offset))
1288                goto tx_error_put;
1289
1290        if (skb_cow(skb, rt->dst.dev->hard_header_len))
1291                goto tx_error_put;
1292
1293        ip_vs_nat_icmp_v6(skb, pp, cp, 0);
1294
1295        if (!local || !skb->dev) {
1296                /* drop the old route when skb is not shared */
1297                skb_dst_drop(skb);
1298                skb_dst_set(skb, &rt->dst);
1299        } else {
1300                /* destined to loopback, do we need to change route? */
1301                dst_release(&rt->dst);
1302        }
1303
1304        /* Another hack: avoid icmp_send in ip_fragment */
1305        skb->local_df = 1;
1306
1307        IP_VS_XMIT_NAT(NFPROTO_IPV6, skb, cp, local);
1308
1309        rc = NF_STOLEN;
1310        goto out;
1311
1312tx_error_icmp:
1313        dst_link_failure(skb);
1314tx_error:
1315        dev_kfree_skb(skb);
1316        rc = NF_STOLEN;
1317out:
1318        LeaveFunction(10);
1319        return rc;
1320tx_error_put:
1321        dst_release(&rt->dst);
1322        goto tx_error;
1323}
1324#endif
1325