4 * IPv6 fragmentation and reassembly.
8 * Copyright (c) 2010 Inico Technologies Ltd.
11 * Redistribution and use in source and binary forms, with or without modification,
12 * are permitted provided that the following conditions are met:
14 * 1. Redistributions of source code must retain the above copyright notice,
15 * this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright notice,
17 * this list of conditions and the following disclaimer in the documentation
18 * and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote products
20 * derived from this software without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
23 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
24 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
25 * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
26 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
27 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
30 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
33 * This file is part of the lwIP TCP/IP stack.
35 * Author: Ivan Delamer <delamer@inicotech.com>
38 * Please coordinate changes and requests with Ivan Delamer
39 * <delamer@inicotech.com>
43 #include "lwip/ip6_frag.h"
45 #include "lwip/icmp6.h"
49 #include "lwip/pbuf.h"
50 #include "lwip/memp.h"
51 #include "lwip/stats.h"
56 static const char mem_debug_file[] ICACHE_RODATA_ATTR STORE_ATTR = __FILE__;
60 #if LWIP_IPV6 && LWIP_IPV6_REASS /* don't build if not configured for use in lwipopts.h */
63 /** Setting this to 0, you can turn off checking the fragments for overlapping
64 * regions. The code gets a little smaller. Only use this if you know that
65 * overlapping won't occur on your network! */
66 #ifndef IP_REASS_CHECK_OVERLAP
67 #define IP_REASS_CHECK_OVERLAP 1
68 #endif /* IP_REASS_CHECK_OVERLAP */
70 /** Set to 0 to prevent freeing the oldest datagram when the reassembly buffer is
71 * full (IP_REASS_MAX_PBUFS pbufs are enqueued). The code gets a little smaller.
72 * Datagrams will be freed by timeout only. Especially useful when MEMP_NUM_REASSDATA
73 * is set to 1, so one datagram can be reassembled at a time, only. */
74 #ifndef IP_REASS_FREE_OLDEST
75 #define IP_REASS_FREE_OLDEST 1
76 #endif /* IP_REASS_FREE_OLDEST */
78 #if IPV6_FRAG_COPYHEADER
79 #define IPV6_FRAG_REQROOM ((s16_t)(sizeof(struct ip6_reass_helper) - IP6_FRAG_HLEN))
82 #define IP_REASS_FLAG_LASTFRAG 0x01
84 /** This is a helper struct which holds the starting
85 * offset and the ending offset of this fragment to
86 * easily chain the fragments.
87 * It has the same packing requirements as the IPv6 header, since it replaces
88 * the Fragment Header in memory in incoming fragments to keep
89 * track of the various fragments.
91 #ifdef PACK_STRUCT_USE_INCLUDES
92 # include "arch/bpstruct.h"
95 struct ip6_reass_helper {
96 PACK_STRUCT_FIELD(struct pbuf *next_pbuf);
97 PACK_STRUCT_FIELD(u16_t start);
98 PACK_STRUCT_FIELD(u16_t end);
101 #ifdef PACK_STRUCT_USE_INCLUDES
102 # include "arch/epstruct.h"
105 /* static variables */
106 static struct ip6_reassdata *reassdatagrams;
107 static u16_t ip6_reass_pbufcount;
109 /* Forward declarations. */
110 static void ip6_reass_free_complete_datagram(struct ip6_reassdata *ipr);
111 #if IP_REASS_FREE_OLDEST
112 static void ip6_reass_remove_oldest_datagram(struct ip6_reassdata *ipr, int pbufs_needed);
113 #endif /* IP_REASS_FREE_OLDEST */
118 struct ip6_reassdata *r, *tmp;
120 #if !IPV6_FRAG_COPYHEADER
121 LWIP_ASSERT("sizeof(struct ip6_reass_helper) <= IP6_FRAG_HLEN, set IPV6_FRAG_COPYHEADER to 1",
122 sizeof(struct ip6_reass_helper) <= IP6_FRAG_HLEN);
123 #endif /* !IPV6_FRAG_COPYHEADER */
127 /* Decrement the timer. Once it reaches 0,
128 * clean up the incomplete fragment assembly */
133 /* reassembly timed out */
135 /* get the next pointer before freeing */
137 /* free the helper struct and all enqueued pbufs */
138 ip6_reass_free_complete_datagram(tmp);
144 * Free a datagram (struct ip6_reassdata) and all its pbufs.
145 * Updates the total count of enqueued pbufs (ip6_reass_pbufcount),
146 * sends an ICMP time exceeded packet.
148 * @param ipr datagram to free
151 ip6_reass_free_complete_datagram(struct ip6_reassdata *ipr)
153 struct ip6_reassdata *prev;
154 u16_t pbufs_freed = 0;
157 struct ip6_reass_helper *iprh;
160 iprh = (struct ip6_reass_helper *)ipr->p->payload;
161 if (iprh->start == 0) {
162 /* The first fragment was received, send ICMP time exceeded. */
163 /* First, de-queue the first pbuf from r->p. */
165 ipr->p = iprh->next_pbuf;
166 /* Then, move back to the original ipv6 header (we are now pointing to Fragment header).
167 This cannot fail since we already checked when receiving this fragment. */
168 if (pbuf_header_force(p, (s16_t)((u8_t*)p->payload - (u8_t*)IPV6_FRAG_HDRREF(ipr->iphdr)))) {
169 LWIP_ASSERT("ip6_reass_free: moving p->payload to ip6 header failed\n", 0);
172 icmp6_time_exceeded(p, ICMP6_TE_FRAG);
175 LWIP_ASSERT("pbufs_freed + clen <= 0xffff", pbufs_freed + clen <= 0xffff);
179 #endif /* LWIP_ICMP6 */
181 /* First, free all received pbufs. The individual pbufs need to be released
182 separately as they have not yet been chained */
186 iprh = (struct ip6_reass_helper *)p->payload;
188 /* get the next pointer before freeing */
190 clen = pbuf_clen(pcur);
191 LWIP_ASSERT("pbufs_freed + clen <= 0xffff", pbufs_freed + clen <= 0xffff);
196 /* Then, unchain the struct ip6_reassdata from the list and free it. */
197 if (ipr == reassdatagrams) {
198 reassdatagrams = ipr->next;
200 prev = reassdatagrams;
201 while (prev != NULL) {
202 if (prev->next == ipr) {
208 prev->next = ipr->next;
211 memp_free(MEMP_IP6_REASSDATA, ipr);
213 /* Finally, update number of pbufs in reassembly queue */
214 LWIP_ASSERT("ip_reass_pbufcount >= clen", ip6_reass_pbufcount >= pbufs_freed);
215 ip6_reass_pbufcount -= pbufs_freed;
218 #if IP_REASS_FREE_OLDEST
220 * Free the oldest datagram to make room for enqueueing new fragments.
221 * The datagram ipr is not freed!
223 * @param ipr ip6_reassdata for the current fragment
224 * @param pbufs_needed number of pbufs needed to enqueue
225 * (used for freeing other datagrams if not enough space)
228 ip6_reass_remove_oldest_datagram(struct ip6_reassdata *ipr, int pbufs_needed)
230 struct ip6_reassdata *r, *oldest;
232 /* Free datagrams until being allowed to enqueue 'pbufs_needed' pbufs,
233 * but don't free the current datagram! */
235 r = oldest = reassdatagrams;
238 if (r->timer <= oldest->timer) {
239 /* older than the previous oldest */
246 /* nothing to free, ipr is the only element on the list */
249 if (oldest != NULL) {
250 ip6_reass_free_complete_datagram(oldest);
252 } while (((ip6_reass_pbufcount + pbufs_needed) > IP_REASS_MAX_PBUFS) && (reassdatagrams != NULL));
254 #endif /* IP_REASS_FREE_OLDEST */
257 * Reassembles incoming IPv6 fragments into an IPv6 datagram.
259 * @param p points to the IPv6 Fragment Header
260 * @param len the length of the payload (after Fragment Header)
261 * @return NULL if reassembly is incomplete, pbuf pointing to
262 * IPv6 Header if reassembly is complete
265 ip6_reass(struct pbuf *p)
267 struct ip6_reassdata *ipr, *ipr_prev;
268 struct ip6_reass_helper *iprh, *iprh_tmp, *iprh_prev=NULL;
269 struct ip6_frag_hdr * frag_hdr;
271 u8_t clen, valid = 1;
274 IP6_FRAG_STATS_INC(ip6_frag.recv);
276 LWIP_ASSERT("ip6_frag_hdr must be in the first pbuf, not chained",
277 (const void*)ip6_current_header() == ((u8_t*)p->payload) - IP6_HLEN);
279 frag_hdr = (struct ip6_frag_hdr *) p->payload;
283 offset = ntohs(frag_hdr->_fragment_offset);
285 /* Calculate fragment length from IPv6 payload length.
286 * Adjust for headers before Fragment Header.
287 * And finally adjust by Fragment Header length. */
288 len = ntohs(ip6_current_header()->_plen);
289 len -= (u16_t)(((u8_t*)p->payload - (const u8_t*)ip6_current_header()) - IP6_HLEN);
290 len -= IP6_FRAG_HLEN;
292 /* Look for the datagram the fragment belongs to in the current datagram queue,
293 * remembering the previous in the queue for later dequeueing. */
294 for (ipr = reassdatagrams, ipr_prev = NULL; ipr != NULL; ipr = ipr->next) {
295 /* Check if the incoming fragment matches the one currently present
296 in the reassembly buffer. If so, we proceed with copying the
297 fragment into the buffer. */
298 if ((frag_hdr->_identification == ipr->identification) &&
299 ip6_addr_cmp(ip6_current_src_addr(), &(IPV6_FRAG_HDRREF(ipr->iphdr)->src)) &&
300 ip6_addr_cmp(ip6_current_dest_addr(), &(IPV6_FRAG_HDRREF(ipr->iphdr)->dest))) {
301 IP6_FRAG_STATS_INC(ip6_frag.cachehit);
308 /* Enqueue a new datagram into the datagram queue */
309 ipr = (struct ip6_reassdata *)memp_malloc(MEMP_IP6_REASSDATA);
311 #if IP_REASS_FREE_OLDEST
312 /* Make room and try again. */
313 ip6_reass_remove_oldest_datagram(ipr, clen);
314 ipr = (struct ip6_reassdata *)memp_malloc(MEMP_IP6_REASSDATA);
316 /* re-search ipr_prev since it might have been removed */
317 for (ipr_prev = reassdatagrams; ipr_prev != NULL; ipr_prev = ipr_prev->next) {
318 if (ipr_prev->next == ipr) {
323 #endif /* IP_REASS_FREE_OLDEST */
325 IP6_FRAG_STATS_INC(ip6_frag.memerr);
326 IP6_FRAG_STATS_INC(ip6_frag.drop);
331 memset(ipr, 0, sizeof(struct ip6_reassdata));
332 ipr->timer = IP_REASS_MAXAGE;
334 /* enqueue the new structure to the front of the list */
335 ipr->next = reassdatagrams;
336 reassdatagrams = ipr;
338 /* Use the current IPv6 header for src/dest address reference.
339 * Eventually, we will replace it when we get the first fragment
340 * (it might be this one, in any case, it is done later). */
341 #if IPV6_FRAG_COPYHEADER
342 MEMCPY(&ipr->iphdr, ip6_current_header(), IP6_HLEN);
343 #else /* IPV6_FRAG_COPYHEADER */
344 /* need to use the none-const pointer here: */
345 ipr->iphdr = ip_data.current_ip6_header;
346 #endif /* IPV6_FRAG_COPYHEADER */
348 /* copy the fragmented packet id. */
349 ipr->identification = frag_hdr->_identification;
351 /* copy the nexth field */
352 ipr->nexth = frag_hdr->_nexth;
355 /* Check if we are allowed to enqueue more datagrams. */
356 if ((ip6_reass_pbufcount + clen) > IP_REASS_MAX_PBUFS) {
357 #if IP_REASS_FREE_OLDEST
358 ip6_reass_remove_oldest_datagram(ipr, clen);
359 if ((ip6_reass_pbufcount + clen) <= IP_REASS_MAX_PBUFS) {
360 /* re-search ipr_prev since it might have been removed */
361 for (ipr_prev = reassdatagrams; ipr_prev != NULL; ipr_prev = ipr_prev->next) {
362 if (ipr_prev->next == ipr) {
367 #endif /* IP_REASS_FREE_OLDEST */
369 /* @todo: send ICMPv6 time exceeded here? */
371 IP6_FRAG_STATS_INC(ip6_frag.memerr);
372 IP6_FRAG_STATS_INC(ip6_frag.drop);
377 /* Overwrite Fragment Header with our own helper struct. */
378 #if IPV6_FRAG_COPYHEADER
379 if (IPV6_FRAG_REQROOM > 0) {
380 /* Make room for struct ip6_reass_helper (only required if sizeof(void*) > 4).
381 This cannot fail since we already checked when receiving this fragment. */
382 err_t hdrerr = pbuf_header_force(p, IPV6_FRAG_REQROOM);
383 LWIP_ASSERT("no room for struct ip6_reass_helper", hdrerr == ERR_OK);
385 #else /* IPV6_FRAG_COPYHEADER */
386 LWIP_ASSERT("sizeof(struct ip6_reass_helper) <= IP6_FRAG_HLEN, set IPV6_FRAG_COPYHEADER to 1",
387 sizeof(struct ip6_reass_helper) <= IP6_FRAG_HLEN);
388 #endif /* IPV6_FRAG_COPYHEADER */
389 iprh = (struct ip6_reass_helper *)p->payload;
390 iprh->next_pbuf = NULL;
391 iprh->start = (offset & IP6_FRAG_OFFSET_MASK);
392 iprh->end = (offset & IP6_FRAG_OFFSET_MASK) + len;
394 /* find the right place to insert this pbuf */
395 /* Iterate through until we either get to the end of the list (append),
396 * or we find on with a larger offset (insert). */
397 for (q = ipr->p; q != NULL;) {
398 iprh_tmp = (struct ip6_reass_helper*)q->payload;
399 if (iprh->start < iprh_tmp->start) {
400 #if IP_REASS_CHECK_OVERLAP
401 if (iprh->end > iprh_tmp->start) {
402 /* fragment overlaps with following, throw away */
403 IP6_FRAG_STATS_INC(ip6_frag.proterr);
404 IP6_FRAG_STATS_INC(ip6_frag.drop);
407 if (iprh_prev != NULL) {
408 if (iprh->start < iprh_prev->end) {
409 /* fragment overlaps with previous, throw away */
410 IP6_FRAG_STATS_INC(ip6_frag.proterr);
411 IP6_FRAG_STATS_INC(ip6_frag.drop);
415 #endif /* IP_REASS_CHECK_OVERLAP */
416 /* the new pbuf should be inserted before this */
418 if (iprh_prev != NULL) {
419 /* not the fragment with the lowest offset */
420 iprh_prev->next_pbuf = p;
422 /* fragment with the lowest offset */
426 } else if (iprh->start == iprh_tmp->start) {
427 /* received the same datagram twice: no need to keep the datagram */
428 IP6_FRAG_STATS_INC(ip6_frag.drop);
430 #if IP_REASS_CHECK_OVERLAP
431 } else if (iprh->start < iprh_tmp->end) {
432 /* overlap: no need to keep the new datagram */
433 IP6_FRAG_STATS_INC(ip6_frag.proterr);
434 IP6_FRAG_STATS_INC(ip6_frag.drop);
436 #endif /* IP_REASS_CHECK_OVERLAP */
438 /* Check if the fragments received so far have no gaps. */
439 if (iprh_prev != NULL) {
440 if (iprh_prev->end != iprh_tmp->start) {
441 /* There is a fragment missing between the current
442 * and the previous fragment */
447 q = iprh_tmp->next_pbuf;
448 iprh_prev = iprh_tmp;
451 /* If q is NULL, then we made it to the end of the list. Determine what to do now */
453 if (iprh_prev != NULL) {
454 /* this is (for now), the fragment with the highest offset:
455 * chain it to the last fragment */
456 #if IP_REASS_CHECK_OVERLAP
457 LWIP_ASSERT("check fragments don't overlap", iprh_prev->end <= iprh->start);
458 #endif /* IP_REASS_CHECK_OVERLAP */
459 iprh_prev->next_pbuf = p;
460 if (iprh_prev->end != iprh->start) {
464 #if IP_REASS_CHECK_OVERLAP
465 LWIP_ASSERT("no previous fragment, this must be the first fragment!",
467 #endif /* IP_REASS_CHECK_OVERLAP */
468 /* this is the first fragment we ever received for this ip datagram */
473 /* Track the current number of pbufs current 'in-flight', in order to limit
474 the number of fragments that may be enqueued at any one time */
475 ip6_reass_pbufcount += clen;
477 /* Remember IPv6 header if this is the first fragment. */
478 if (iprh->start == 0) {
479 #if IPV6_FRAG_COPYHEADER
480 if (iprh->next_pbuf != NULL) {
481 MEMCPY(&ipr->iphdr, ip6_current_header(), IP6_HLEN);
483 #else /* IPV6_FRAG_COPYHEADER */
484 /* need to use the none-const pointer here: */
485 ipr->iphdr = ip_data.current_ip6_header;
486 #endif /* IPV6_FRAG_COPYHEADER */
489 /* If this is the last fragment, calculate total packet length. */
490 if ((offset & IP6_FRAG_MORE_FLAG) == 0) {
491 ipr->datagram_len = iprh->end;
494 /* Additional validity tests: we have received first and last fragment. */
495 iprh_tmp = (struct ip6_reass_helper*)ipr->p->payload;
496 if (iprh_tmp->start != 0) {
499 if (ipr->datagram_len == 0) {
503 /* Final validity test: no gaps between current and last fragment. */
506 while ((q != NULL) && valid) {
507 iprh = (struct ip6_reass_helper*)q->payload;
508 if (iprh_prev->end != iprh->start) {
517 /* All fragments have been received */
518 struct ip6_hdr* iphdr_ptr;
520 /* chain together the pbufs contained within the ip6_reassdata list. */
521 iprh = (struct ip6_reass_helper*) ipr->p->payload;
522 while (iprh != NULL) {
523 struct pbuf* next_pbuf = iprh->next_pbuf;
524 if (next_pbuf != NULL) {
525 /* Save next helper struct (will be hidden in next step). */
526 iprh_tmp = (struct ip6_reass_helper*)next_pbuf->payload;
528 /* hide the fragment header for every succeeding fragment */
529 pbuf_header(next_pbuf, -IP6_FRAG_HLEN);
530 #if IPV6_FRAG_COPYHEADER
531 if (IPV6_FRAG_REQROOM > 0) {
532 /* hide the extra bytes borrowed from ip6_hdr for struct ip6_reass_helper */
533 err_t hdrerr = pbuf_header(next_pbuf, -(s16_t)(IPV6_FRAG_REQROOM));
534 LWIP_ASSERT("no room for struct ip6_reass_helper", hdrerr == ERR_OK);
537 pbuf_cat(ipr->p, next_pbuf);
546 #if IPV6_FRAG_COPYHEADER
547 if (IPV6_FRAG_REQROOM > 0) {
548 /* get back room for struct ip6_reass_helper (only required if sizeof(void*) > 4) */
549 err_t hdrerr = pbuf_header(ipr->p, -(s16_t)(IPV6_FRAG_REQROOM));
550 LWIP_ASSERT("no room for struct ip6_reass_helper", hdrerr == ERR_OK);
552 iphdr_ptr = (struct ip6_hdr*)((u8_t*)ipr->p->payload - IP6_HLEN);
553 MEMCPY(iphdr_ptr, &ipr->iphdr, IP6_HLEN);
555 iphdr_ptr = ipr->iphdr;
558 /* Adjust datagram length by adding header lengths. */
559 ipr->datagram_len += (u16_t)(((u8_t*)ipr->p->payload - (u8_t*)iphdr_ptr)
563 /* Set payload length in ip header. */
564 iphdr_ptr->_plen = htons(ipr->datagram_len);
566 /* Get the first pbuf. */
569 /* Restore Fragment Header in first pbuf. Mark as "single fragment"
570 * packet. Restore nexth. */
571 frag_hdr = (struct ip6_frag_hdr *) p->payload;
572 frag_hdr->_nexth = ipr->nexth;
573 frag_hdr->reserved = 0;
574 frag_hdr->_fragment_offset = 0;
575 frag_hdr->_identification = 0;
577 /* release the sources allocate for the fragment queue entry */
578 if (reassdatagrams == ipr) {
579 /* it was the first in the list */
580 reassdatagrams = ipr->next;
582 /* it wasn't the first, so it must have a valid 'prev' */
583 LWIP_ASSERT("sanity check linked list", ipr_prev != NULL);
584 ipr_prev->next = ipr->next;
586 memp_free(MEMP_IP6_REASSDATA, ipr);
588 /* adjust the number of pbufs currently queued for reassembly. */
589 ip6_reass_pbufcount -= pbuf_clen(p);
591 /* Move pbuf back to IPv6 header.
592 This cannot fail since we already checked when receiving this fragment. */
593 if (pbuf_header_force(p, (s16_t)((u8_t*)p->payload - (u8_t*)iphdr_ptr))) {
594 LWIP_ASSERT("ip6_reass: moving p->payload to ip6 header failed\n", 0);
599 /* Return the pbuf chain */
602 /* the datagram is not (yet?) reassembled completely */
610 #endif /* LWIP_IPV6 && LWIP_IPV6_REASS */
612 #if LWIP_IPV6 && LWIP_IPV6_FRAG
614 /** Allocate a new struct pbuf_custom_ref */
615 static struct pbuf_custom_ref*
616 ip6_frag_alloc_pbuf_custom_ref(void)
618 return (struct pbuf_custom_ref*)memp_malloc(MEMP_FRAG_PBUF);
621 /** Free a struct pbuf_custom_ref */
623 ip6_frag_free_pbuf_custom_ref(struct pbuf_custom_ref* p)
625 LWIP_ASSERT("p != NULL", p != NULL);
626 memp_free(MEMP_FRAG_PBUF, p);
629 /** Free-callback function to free a 'struct pbuf_custom_ref', called by
632 ip6_frag_free_pbuf_custom(struct pbuf *p)
634 struct pbuf_custom_ref *pcr = (struct pbuf_custom_ref*)p;
635 LWIP_ASSERT("pcr != NULL", pcr != NULL);
636 LWIP_ASSERT("pcr == p", (void*)pcr == (void*)p);
637 if (pcr->original != NULL) {
638 pbuf_free(pcr->original);
640 ip6_frag_free_pbuf_custom_ref(pcr);
644 * Fragment an IPv6 datagram if too large for the netif or path MTU.
646 * Chop the datagram in MTU sized chunks and send them in order
647 * by pointing PBUF_REFs into p
649 * @param p ipv6 packet to send
650 * @param netif the netif on which to send
651 * @param dest destination ipv6 address to which to send
653 * @return ERR_OK if sent successfully, err_t otherwise
656 ip6_frag(struct pbuf *p, struct netif *netif, const ip6_addr_t *dest)
658 struct ip6_hdr *original_ip6hdr;
659 struct ip6_hdr *ip6hdr;
660 struct ip6_frag_hdr * frag_hdr;
662 struct pbuf *newpbuf;
663 static u32_t identification;
667 u16_t fragment_offset = 0;
669 u16_t poff = IP6_HLEN;
670 u16_t newpbuflen = 0;
675 original_ip6hdr = (struct ip6_hdr *)p->payload;
677 mtu = nd6_get_destination_mtu(dest, netif);
679 /* TODO we assume there are no options in the unfragmentable part (IPv6 header). */
680 left = p->tot_len - IP6_HLEN;
682 nfb = (mtu - (IP6_HLEN + IP6_FRAG_HLEN)) & IP6_FRAG_OFFSET_MASK;
685 last = (left <= nfb);
687 /* Fill this fragment */
688 cop = last ? left : nfb;
690 /* When not using a static buffer, create a chain of pbufs.
691 * The first will be a PBUF_RAM holding the link, IPv6, and Fragment header.
692 * The rest will be PBUF_REFs mirroring the pbuf chain to be fragged,
693 * but limited to the size of an mtu.
695 rambuf = pbuf_alloc(PBUF_LINK, IP6_HLEN + IP6_FRAG_HLEN, PBUF_RAM);
696 if (rambuf == NULL) {
697 IP6_FRAG_STATS_INC(ip6_frag.memerr);
700 LWIP_ASSERT("this needs a pbuf in one piece!",
701 (p->len >= (IP6_HLEN + IP6_FRAG_HLEN)));
702 SMEMCPY(rambuf->payload, original_ip6hdr, IP6_HLEN);
703 ip6hdr = (struct ip6_hdr *)rambuf->payload;
704 frag_hdr = (struct ip6_frag_hdr *)((u8_t*)rambuf->payload + IP6_HLEN);
706 /* Can just adjust p directly for needed offset. */
707 p->payload = (u8_t *)p->payload + poff;
712 while (left_to_copy) {
713 struct pbuf_custom_ref *pcr;
714 newpbuflen = (left_to_copy < p->len) ? left_to_copy : p->len;
715 /* Is this pbuf already empty? */
720 pcr = ip6_frag_alloc_pbuf_custom_ref();
723 IP6_FRAG_STATS_INC(ip6_frag.memerr);
726 /* Mirror this pbuf, although we might not need all of it. */
727 newpbuf = pbuf_alloced_custom(PBUF_RAW, newpbuflen, PBUF_REF, &pcr->pc, p->payload, newpbuflen);
728 if (newpbuf == NULL) {
729 ip6_frag_free_pbuf_custom_ref(pcr);
731 IP6_FRAG_STATS_INC(ip6_frag.memerr);
736 pcr->pc.custom_free_function = ip6_frag_free_pbuf_custom;
738 /* Add it to end of rambuf's chain, but using pbuf_cat, not pbuf_chain
739 * so that it is removed when pbuf_dechain is later called on rambuf.
741 pbuf_cat(rambuf, newpbuf);
742 left_to_copy -= newpbuflen;
750 frag_hdr->_nexth = original_ip6hdr->_nexth;
751 frag_hdr->reserved = 0;
752 frag_hdr->_fragment_offset = htons((fragment_offset & IP6_FRAG_OFFSET_MASK) | (last ? 0 : IP6_FRAG_MORE_FLAG));
753 frag_hdr->_identification = htonl(identification);
755 IP6H_NEXTH_SET(ip6hdr, IP6_NEXTH_FRAGMENT);
756 IP6H_PLEN_SET(ip6hdr, cop + IP6_FRAG_HLEN);
758 /* No need for separate header pbuf - we allowed room for it in rambuf
761 IP6_FRAG_STATS_INC(ip6_frag.xmit);
762 netif->output_ip6(netif, rambuf, dest);
764 /* Unfortunately we can't reuse rambuf - the hardware may still be
765 * using the buffer. Instead we free it (and the ensuing chain) and
766 * recreate it next time round the loop. If we're lucky the hardware
767 * will have already sent the packet, the free will really free, and
768 * there will be zero memory penalty.
773 fragment_offset += cop;
778 #endif /* LWIP_IPV6 && LWIP_IPV6_FRAG */