search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
media: cpia2_usb: drop bogus interface-release call
[linux/fpc-iii.git] / net / ipv6 / exthdrs.c
blobbc68eb661970a5404e6cfb060b0011680d104ed5
1 /*
2 * Extension Header handling for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Andi Kleen <ak@muc.de>
8 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
14 */
15
16 /* Changes:
17 * yoshfuji : ensure not to overrun while parsing
18 * tlv options.
19 * Mitsuru KANDA @USAGI and: Remove ipv6_parse_exthdrs().
20 * YOSHIFUJI Hideaki @USAGI Register inbound extension header
21 * handlers as inet6_protocol{}.
22 */
23
24 #include <linux/errno.h>
25 #include <linux/types.h>
26 #include <linux/socket.h>
27 #include <linux/sockios.h>
28 #include <linux/net.h>
29 #include <linux/netdevice.h>
30 #include <linux/in6.h>
31 #include <linux/icmpv6.h>
32 #include <linux/slab.h>
33 #include <linux/export.h>
34
35 #include <net/dst.h>
36 #include <net/sock.h>
37 #include <net/snmp.h>
38
39 #include <net/ipv6.h>
40 #include <net/protocol.h>
41 #include <net/transp_v6.h>
42 #include <net/rawv6.h>
43 #include <net/ndisc.h>
44 #include <net/ip6_route.h>
45 #include <net/addrconf.h>
46 #include <net/calipso.h>
47 #if IS_ENABLED(CONFIG_IPV6_MIP6)
48 #include <net/xfrm.h>
49 #endif
50 #include <linux/seg6.h>
51 #include <net/seg6.h>
52 #ifdef CONFIG_IPV6_SEG6_HMAC
53 #include <net/seg6_hmac.h>
54 #endif
55
56 #include <linux/uaccess.h>
57
58 /*
59 * Parsing tlv encoded headers.
60 *
61 * Parsing function "func" returns true, if parsing succeed
62 * and false, if it failed.
63 * It MUST NOT touch skb->h.
64 */
65
66 struct tlvtype_proc {
67 int type;
68 bool (*func)(struct sk_buff *skb, int offset);
69 };
70
71 /*********************
72 Generic functions
73 *********************/
74
75 /* An unknown option is detected, decide what to do */
76
77 static bool ip6_tlvopt_unknown(struct sk_buff *skb, int optoff,
78 bool disallow_unknowns)
79 {
80 if (disallow_unknowns) {
81 /* If unknown TLVs are disallowed by configuration
82 * then always silently drop packet. Note this also
83 * means no ICMP parameter problem is sent which
84 * could be a good property to mitigate a reflection DOS
85 * attack.
86 */
87
88 goto drop;
89 }
90
91 switch ((skb_network_header(skb)[optoff] & 0xC0) >> 6) {
92 case 0: /* ignore */
93 return true;
94
95 case 1: /* drop packet */
96 break;
97
98 case 3: /* Send ICMP if not a multicast address and drop packet */
99 /* Actually, it is redundant check. icmp_send
100 will recheck in any case.
101 */
102 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr))
103 break;
104 /* fall through */
105 case 2: /* send ICMP PARM PROB regardless and drop packet */
106 icmpv6_param_prob(skb, ICMPV6_UNK_OPTION, optoff);
107 return false;
108 }
109
110 drop:
111 kfree_skb(skb);
112 return false;
113 }
114
115 /* Parse tlv encoded option header (hop-by-hop or destination) */
116
117 static bool ip6_parse_tlv(const struct tlvtype_proc *procs,
118 struct sk_buff *skb,
119 int max_count)
120 {
121 int len = (skb_transport_header(skb)[1] + 1) << 3;
122 const unsigned char *nh = skb_network_header(skb);
123 int off = skb_network_header_len(skb);
124 const struct tlvtype_proc *curr;
125 bool disallow_unknowns = false;
126 int tlv_count = 0;
127 int padlen = 0;
128
129 if (unlikely(max_count < 0)) {
130 disallow_unknowns = true;
131 max_count = -max_count;
132 }
133
134 if (skb_transport_offset(skb) + len > skb_headlen(skb))
135 goto bad;
136
137 off += 2;
138 len -= 2;
139
140 while (len > 0) {
141 int optlen = nh[off + 1] + 2;
142 int i;
143
144 switch (nh[off]) {
145 case IPV6_TLV_PAD1:
146 optlen = 1;
147 padlen++;
148 if (padlen > 7)
149 goto bad;
150 break;
151
152 case IPV6_TLV_PADN:
153 /* RFC 2460 states that the purpose of PadN is
154 * to align the containing header to multiples
155 * of 8. 7 is therefore the highest valid value.
156 * See also RFC 4942, Section 2.1.9.5.
157 */
158 padlen += optlen;
159 if (padlen > 7)
160 goto bad;
161 /* RFC 4942 recommends receiving hosts to
162 * actively check PadN payload to contain
163 * only zeroes.
164 */
165 for (i = 2; i < optlen; i++) {
166 if (nh[off + i] != 0)
167 goto bad;
168 }
169 break;
170
171 default: /* Other TLV code so scan list */
172 if (optlen > len)
173 goto bad;
174
175 tlv_count++;
176 if (tlv_count > max_count)
177 goto bad;
178
179 for (curr = procs; curr->type >= 0; curr++) {
180 if (curr->type == nh[off]) {
181 /* type specific length/alignment
182 checks will be performed in the
183 func(). */
184 if (curr->func(skb, off) == false)
185 return false;
186 break;
187 }
188 }
189 if (curr->type < 0 &&
190 !ip6_tlvopt_unknown(skb, off, disallow_unknowns))
191 return false;
192
193 padlen = 0;
194 break;
195 }
196 off += optlen;
197 len -= optlen;
198 }
199
200 if (len == 0)
201 return true;
202 bad:
203 kfree_skb(skb);
204 return false;
205 }
206
207 /*****************************
208 Destination options header.
209 *****************************/
210
211 #if IS_ENABLED(CONFIG_IPV6_MIP6)
212 static bool ipv6_dest_hao(struct sk_buff *skb, int optoff)
213 {
214 struct ipv6_destopt_hao *hao;
215 struct inet6_skb_parm *opt = IP6CB(skb);
216 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
217 int ret;
218
219 if (opt->dsthao) {
220 net_dbg_ratelimited("hao duplicated\n");
221 goto discard;
222 }
223 opt->dsthao = opt->dst1;
224 opt->dst1 = 0;
225
226 hao = (struct ipv6_destopt_hao *)(skb_network_header(skb) + optoff);
227
228 if (hao->length != 16) {
229 net_dbg_ratelimited("hao invalid option length = %d\n",
230 hao->length);
231 goto discard;
232 }
233
234 if (!(ipv6_addr_type(&hao->addr) & IPV6_ADDR_UNICAST)) {
235 net_dbg_ratelimited("hao is not an unicast addr: %pI6\n",
236 &hao->addr);
237 goto discard;
238 }
239
240 ret = xfrm6_input_addr(skb, (xfrm_address_t *)&ipv6h->daddr,
241 (xfrm_address_t *)&hao->addr, IPPROTO_DSTOPTS);
242 if (unlikely(ret < 0))
243 goto discard;
244
245 if (skb_cloned(skb)) {
246 if (pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
247 goto discard;
248
249 /* update all variable using below by copied skbuff */
250 hao = (struct ipv6_destopt_hao *)(skb_network_header(skb) +
251 optoff);
252 ipv6h = ipv6_hdr(skb);
253 }
254
255 if (skb->ip_summed == CHECKSUM_COMPLETE)
256 skb->ip_summed = CHECKSUM_NONE;
257
258 swap(ipv6h->saddr, hao->addr);
259
260 if (skb->tstamp == 0)
261 __net_timestamp(skb);
262
263 return true;
264
265 discard:
266 kfree_skb(skb);
267 return false;
268 }
269 #endif
270
271 static const struct tlvtype_proc tlvprocdestopt_lst[] = {
272 #if IS_ENABLED(CONFIG_IPV6_MIP6)
273 {
274 .type = IPV6_TLV_HAO,
275 .func = ipv6_dest_hao,
276 },
277 #endif
278 {-1, NULL}
279 };
280
281 static int ipv6_destopt_rcv(struct sk_buff *skb)
282 {
283 struct inet6_skb_parm *opt = IP6CB(skb);
284 #if IS_ENABLED(CONFIG_IPV6_MIP6)
285 __u16 dstbuf;
286 #endif
287 struct dst_entry *dst = skb_dst(skb);
288 struct net *net = dev_net(skb->dev);
289 int extlen;
290
291 if (!pskb_may_pull(skb, skb_transport_offset(skb) + 8) ||
292 !pskb_may_pull(skb, (skb_transport_offset(skb) +
293 ((skb_transport_header(skb)[1] + 1) << 3)))) {
294 __IP6_INC_STATS(dev_net(dst->dev), ip6_dst_idev(dst),
295 IPSTATS_MIB_INHDRERRORS);
296 fail_and_free:
297 kfree_skb(skb);
298 return -1;
299 }
300
301 extlen = (skb_transport_header(skb)[1] + 1) << 3;
302 if (extlen > net->ipv6.sysctl.max_dst_opts_len)
303 goto fail_and_free;
304
305 opt->lastopt = opt->dst1 = skb_network_header_len(skb);
306 #if IS_ENABLED(CONFIG_IPV6_MIP6)
307 dstbuf = opt->dst1;
308 #endif
309
310 if (ip6_parse_tlv(tlvprocdestopt_lst, skb,
311 init_net.ipv6.sysctl.max_dst_opts_cnt)) {
312 skb->transport_header += extlen;
313 opt = IP6CB(skb);
314 #if IS_ENABLED(CONFIG_IPV6_MIP6)
315 opt->nhoff = dstbuf;
316 #else
317 opt->nhoff = opt->dst1;
318 #endif
319 return 1;
320 }
321
322 __IP6_INC_STATS(dev_net(dst->dev),
323 ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS);
324 return -1;
325 }
326
327 static void seg6_update_csum(struct sk_buff *skb)
328 {
329 struct ipv6_sr_hdr *hdr;
330 struct in6_addr *addr;
331 __be32 from, to;
332
333 /* srh is at transport offset and seg_left is already decremented
334 * but daddr is not yet updated with next segment
335 */
336
337 hdr = (struct ipv6_sr_hdr *)skb_transport_header(skb);
338 addr = hdr->segments + hdr->segments_left;
339
340 hdr->segments_left++;
341 from = *(__be32 *)hdr;
342
343 hdr->segments_left--;
344 to = *(__be32 *)hdr;
345
346 /* update skb csum with diff resulting from seg_left decrement */
347
348 update_csum_diff4(skb, from, to);
349
350 /* compute csum diff between current and next segment and update */
351
352 update_csum_diff16(skb, (__be32 *)(&ipv6_hdr(skb)->daddr),
353 (__be32 *)addr);
354 }
355
356 static int ipv6_srh_rcv(struct sk_buff *skb)
357 {
358 struct inet6_skb_parm *opt = IP6CB(skb);
359 struct net *net = dev_net(skb->dev);
360 struct ipv6_sr_hdr *hdr;
361 struct inet6_dev *idev;
362 struct in6_addr *addr;
363 int accept_seg6;
364
365 hdr = (struct ipv6_sr_hdr *)skb_transport_header(skb);
366
367 idev = __in6_dev_get(skb->dev);
368
369 accept_seg6 = net->ipv6.devconf_all->seg6_enabled;
370 if (accept_seg6 > idev->cnf.seg6_enabled)
371 accept_seg6 = idev->cnf.seg6_enabled;
372
373 if (!accept_seg6) {
374 kfree_skb(skb);
375 return -1;
376 }
377
378 #ifdef CONFIG_IPV6_SEG6_HMAC
379 if (!seg6_hmac_validate_skb(skb)) {
380 kfree_skb(skb);
381 return -1;
382 }
383 #endif
384
385 looped_back:
386 if (hdr->segments_left == 0) {
387 if (hdr->nexthdr == NEXTHDR_IPV6) {
388 int offset = (hdr->hdrlen + 1) << 3;
389
390 skb_postpull_rcsum(skb, skb_network_header(skb),
391 skb_network_header_len(skb));
392
393 if (!pskb_pull(skb, offset)) {
394 kfree_skb(skb);
395 return -1;
396 }
397 skb_postpull_rcsum(skb, skb_transport_header(skb),
398 offset);
399
400 skb_reset_network_header(skb);
401 skb_reset_transport_header(skb);
402 skb->encapsulation = 0;
403
404 __skb_tunnel_rx(skb, skb->dev, net);
405
406 netif_rx(skb);
407 return -1;
408 }
409
410 opt->srcrt = skb_network_header_len(skb);
411 opt->lastopt = opt->srcrt;
412 skb->transport_header += (hdr->hdrlen + 1) << 3;
413 opt->nhoff = (&hdr->nexthdr) - skb_network_header(skb);
414
415 return 1;
416 }
417
418 if (hdr->segments_left >= (hdr->hdrlen >> 1)) {
419 __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
420 IPSTATS_MIB_INHDRERRORS);
421 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD,
422 ((&hdr->segments_left) -
423 skb_network_header(skb)));
424 return -1;
425 }
426
427 if (skb_cloned(skb)) {
428 if (pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) {
429 __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
430 IPSTATS_MIB_OUTDISCARDS);
431 kfree_skb(skb);
432 return -1;
433 }
434 }
435
436 hdr = (struct ipv6_sr_hdr *)skb_transport_header(skb);
437
438 hdr->segments_left--;
439 addr = hdr->segments + hdr->segments_left;
440
441 skb_push(skb, sizeof(struct ipv6hdr));
442
443 if (skb->ip_summed == CHECKSUM_COMPLETE)
444 seg6_update_csum(skb);
445
446 ipv6_hdr(skb)->daddr = *addr;
447
448 skb_dst_drop(skb);
449
450 ip6_route_input(skb);
451
452 if (skb_dst(skb)->error) {
453 dst_input(skb);
454 return -1;
455 }
456
457 if (skb_dst(skb)->dev->flags & IFF_LOOPBACK) {
458 if (ipv6_hdr(skb)->hop_limit <= 1) {
459 __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
460 IPSTATS_MIB_INHDRERRORS);
461 icmpv6_send(skb, ICMPV6_TIME_EXCEED,
462 ICMPV6_EXC_HOPLIMIT, 0);
463 kfree_skb(skb);
464 return -1;
465 }
466 ipv6_hdr(skb)->hop_limit--;
467
468 skb_pull(skb, sizeof(struct ipv6hdr));
469 goto looped_back;
470 }
471
472 dst_input(skb);
473
474 return -1;
475 }
476
477 /********************************
478 Routing header.
479 ********************************/
480
481 /* called with rcu_read_lock() */
482 static int ipv6_rthdr_rcv(struct sk_buff *skb)
483 {
484 struct inet6_skb_parm *opt = IP6CB(skb);
485 struct in6_addr *addr = NULL;
486 struct in6_addr daddr;
487 struct inet6_dev *idev;
488 int n, i;
489 struct ipv6_rt_hdr *hdr;
490 struct rt0_hdr *rthdr;
491 struct net *net = dev_net(skb->dev);
492 int accept_source_route = net->ipv6.devconf_all->accept_source_route;
493
494 idev = __in6_dev_get(skb->dev);
495 if (idev && accept_source_route > idev->cnf.accept_source_route)
496 accept_source_route = idev->cnf.accept_source_route;
497
498 if (!pskb_may_pull(skb, skb_transport_offset(skb) + 8) ||
499 !pskb_may_pull(skb, (skb_transport_offset(skb) +
500 ((skb_transport_header(skb)[1] + 1) << 3)))) {
501 __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
502 IPSTATS_MIB_INHDRERRORS);
503 kfree_skb(skb);
504 return -1;
505 }
506
507 hdr = (struct ipv6_rt_hdr *)skb_transport_header(skb);
508
509 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) ||
510 skb->pkt_type != PACKET_HOST) {
511 __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
512 IPSTATS_MIB_INADDRERRORS);
513 kfree_skb(skb);
514 return -1;
515 }
516
517 /* segment routing */
518 if (hdr->type == IPV6_SRCRT_TYPE_4)
519 return ipv6_srh_rcv(skb);
520
521 looped_back:
522 if (hdr->segments_left == 0) {
523 switch (hdr->type) {
524 #if IS_ENABLED(CONFIG_IPV6_MIP6)
525 case IPV6_SRCRT_TYPE_2:
526 /* Silently discard type 2 header unless it was
527 * processed by own
528 */
529 if (!addr) {
530 __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
531 IPSTATS_MIB_INADDRERRORS);
532 kfree_skb(skb);
533 return -1;
534 }
535 break;
536 #endif
537 default:
538 break;
539 }
540
541 opt->lastopt = opt->srcrt = skb_network_header_len(skb);
542 skb->transport_header += (hdr->hdrlen + 1) << 3;
543 opt->dst0 = opt->dst1;
544 opt->dst1 = 0;
545 opt->nhoff = (&hdr->nexthdr) - skb_network_header(skb);
546 return 1;
547 }
548
549 switch (hdr->type) {
550 #if IS_ENABLED(CONFIG_IPV6_MIP6)
551 case IPV6_SRCRT_TYPE_2:
552 if (accept_source_route < 0)
553 goto unknown_rh;
554 /* Silently discard invalid RTH type 2 */
555 if (hdr->hdrlen != 2 || hdr->segments_left != 1) {
556 __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
557 IPSTATS_MIB_INHDRERRORS);
558 kfree_skb(skb);
559 return -1;
560 }
561 break;
562 #endif
563 default:
564 goto unknown_rh;
565 }
566
567 /*
568 * This is the routing header forwarding algorithm from
569 * RFC 2460, page 16.
570 */
571
572 n = hdr->hdrlen >> 1;
573
574 if (hdr->segments_left > n) {
575 __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
576 IPSTATS_MIB_INHDRERRORS);
577 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD,
578 ((&hdr->segments_left) -
579 skb_network_header(skb)));
580 return -1;
581 }
582
583 /* We are about to mangle packet header. Be careful!
584 Do not damage packets queued somewhere.
585 */
586 if (skb_cloned(skb)) {
587 /* the copy is a forwarded packet */
588 if (pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) {
589 __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
590 IPSTATS_MIB_OUTDISCARDS);
591 kfree_skb(skb);
592 return -1;
593 }
594 hdr = (struct ipv6_rt_hdr *)skb_transport_header(skb);
595 }
596
597 if (skb->ip_summed == CHECKSUM_COMPLETE)
598 skb->ip_summed = CHECKSUM_NONE;
599
600 i = n - --hdr->segments_left;
601
602 rthdr = (struct rt0_hdr *) hdr;
603 addr = rthdr->addr;
604 addr += i - 1;
605
606 switch (hdr->type) {
607 #if IS_ENABLED(CONFIG_IPV6_MIP6)
608 case IPV6_SRCRT_TYPE_2:
609 if (xfrm6_input_addr(skb, (xfrm_address_t *)addr,
610 (xfrm_address_t *)&ipv6_hdr(skb)->saddr,
611 IPPROTO_ROUTING) < 0) {
612 __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
613 IPSTATS_MIB_INADDRERRORS);
614 kfree_skb(skb);
615 return -1;
616 }
617 if (!ipv6_chk_home_addr(dev_net(skb_dst(skb)->dev), addr)) {
618 __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
619 IPSTATS_MIB_INADDRERRORS);
620 kfree_skb(skb);
621 return -1;
622 }
623 break;
624 #endif
625 default:
626 break;
627 }
628
629 if (ipv6_addr_is_multicast(addr)) {
630 __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
631 IPSTATS_MIB_INADDRERRORS);
632 kfree_skb(skb);
633 return -1;
634 }
635
636 daddr = *addr;
637 *addr = ipv6_hdr(skb)->daddr;
638 ipv6_hdr(skb)->daddr = daddr;
639
640 skb_dst_drop(skb);
641 ip6_route_input(skb);
642 if (skb_dst(skb)->error) {
643 skb_push(skb, skb->data - skb_network_header(skb));
644 dst_input(skb);
645 return -1;
646 }
647
648 if (skb_dst(skb)->dev->flags&IFF_LOOPBACK) {
649 if (ipv6_hdr(skb)->hop_limit <= 1) {
650 __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
651 IPSTATS_MIB_INHDRERRORS);
652 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
653 0);
654 kfree_skb(skb);
655 return -1;
656 }
657 ipv6_hdr(skb)->hop_limit--;
658 goto looped_back;
659 }
660
661 skb_push(skb, skb->data - skb_network_header(skb));
662 dst_input(skb);
663 return -1;
664
665 unknown_rh:
666 __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_INHDRERRORS);
667 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD,
668 (&hdr->type) - skb_network_header(skb));
669 return -1;
670 }
671
672 static const struct inet6_protocol rthdr_protocol = {
673 .handler = ipv6_rthdr_rcv,
674 .flags = INET6_PROTO_NOPOLICY,
675 };
676
677 static const struct inet6_protocol destopt_protocol = {
678 .handler = ipv6_destopt_rcv,
679 .flags = INET6_PROTO_NOPOLICY,
680 };
681
682 static const struct inet6_protocol nodata_protocol = {
683 .handler = dst_discard,
684 .flags = INET6_PROTO_NOPOLICY,
685 };
686
687 int __init ipv6_exthdrs_init(void)
688 {
689 int ret;
690
691 ret = inet6_add_protocol(&rthdr_protocol, IPPROTO_ROUTING);
692 if (ret)
693 goto out;
694
695 ret = inet6_add_protocol(&destopt_protocol, IPPROTO_DSTOPTS);
696 if (ret)
697 goto out_rthdr;
698
699 ret = inet6_add_protocol(&nodata_protocol, IPPROTO_NONE);
700 if (ret)
701 goto out_destopt;
702
703 out:
704 return ret;
705 out_destopt:
706 inet6_del_protocol(&destopt_protocol, IPPROTO_DSTOPTS);
707 out_rthdr:
708 inet6_del_protocol(&rthdr_protocol, IPPROTO_ROUTING);
709 goto out;
710 };
711
712 void ipv6_exthdrs_exit(void)
713 {
714 inet6_del_protocol(&nodata_protocol, IPPROTO_NONE);
715 inet6_del_protocol(&destopt_protocol, IPPROTO_DSTOPTS);
716 inet6_del_protocol(&rthdr_protocol, IPPROTO_ROUTING);
717 }
718
719 /**********************************
720 Hop-by-hop options.
721 **********************************/
722
723 /*
724 * Note: we cannot rely on skb_dst(skb) before we assign it in ip6_route_input().
725 */
726 static inline struct inet6_dev *ipv6_skb_idev(struct sk_buff *skb)
727 {
728 return skb_dst(skb) ? ip6_dst_idev(skb_dst(skb)) : __in6_dev_get(skb->dev);
729 }
730
731 static inline struct net *ipv6_skb_net(struct sk_buff *skb)
732 {
733 return skb_dst(skb) ? dev_net(skb_dst(skb)->dev) : dev_net(skb->dev);
734 }
735
736 /* Router Alert as of RFC 2711 */
737
738 static bool ipv6_hop_ra(struct sk_buff *skb, int optoff)
739 {
740 const unsigned char *nh = skb_network_header(skb);
741
742 if (nh[optoff + 1] == 2) {
743 IP6CB(skb)->flags |= IP6SKB_ROUTERALERT;
744 memcpy(&IP6CB(skb)->ra, nh + optoff + 2, sizeof(IP6CB(skb)->ra));
745 return true;
746 }
747 net_dbg_ratelimited("ipv6_hop_ra: wrong RA length %d\n",
748 nh[optoff + 1]);
749 kfree_skb(skb);
750 return false;
751 }
752
753 /* Jumbo payload */
754
755 static bool ipv6_hop_jumbo(struct sk_buff *skb, int optoff)
756 {
757 const unsigned char *nh = skb_network_header(skb);
758 struct net *net = ipv6_skb_net(skb);
759 u32 pkt_len;
760
761 if (nh[optoff + 1] != 4 || (optoff & 3) != 2) {
762 net_dbg_ratelimited("ipv6_hop_jumbo: wrong jumbo opt length/alignment %d\n",
763 nh[optoff+1]);
764 __IP6_INC_STATS(net, ipv6_skb_idev(skb),
765 IPSTATS_MIB_INHDRERRORS);
766 goto drop;
767 }
768
769 pkt_len = ntohl(*(__be32 *)(nh + optoff + 2));
770 if (pkt_len <= IPV6_MAXPLEN) {
771 __IP6_INC_STATS(net, ipv6_skb_idev(skb),
772 IPSTATS_MIB_INHDRERRORS);
773 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff+2);
774 return false;
775 }
776 if (ipv6_hdr(skb)->payload_len) {
777 __IP6_INC_STATS(net, ipv6_skb_idev(skb),
778 IPSTATS_MIB_INHDRERRORS);
779 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff);
780 return false;
781 }
782
783 if (pkt_len > skb->len - sizeof(struct ipv6hdr)) {
784 __IP6_INC_STATS(net, ipv6_skb_idev(skb),
785 IPSTATS_MIB_INTRUNCATEDPKTS);
786 goto drop;
787 }
788
789 if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr)))
790 goto drop;
791
792 IP6CB(skb)->flags |= IP6SKB_JUMBOGRAM;
793 return true;
794
795 drop:
796 kfree_skb(skb);
797 return false;
798 }
799
800 /* CALIPSO RFC 5570 */
801
802 static bool ipv6_hop_calipso(struct sk_buff *skb, int optoff)
803 {
804 const unsigned char *nh = skb_network_header(skb);
805
806 if (nh[optoff + 1] < 8)
807 goto drop;
808
809 if (nh[optoff + 6] * 4 + 8 > nh[optoff + 1])
810 goto drop;
811
812 if (!calipso_validate(skb, nh + optoff))
813 goto drop;
814
815 return true;
816
817 drop:
818 kfree_skb(skb);
819 return false;
820 }
821
822 static const struct tlvtype_proc tlvprochopopt_lst[] = {
823 {
824 .type = IPV6_TLV_ROUTERALERT,
825 .func = ipv6_hop_ra,
826 },
827 {
828 .type = IPV6_TLV_JUMBO,
829 .func = ipv6_hop_jumbo,
830 },
831 {
832 .type = IPV6_TLV_CALIPSO,
833 .func = ipv6_hop_calipso,
834 },
835 { -1, }
836 };
837
838 int ipv6_parse_hopopts(struct sk_buff *skb)
839 {
840 struct inet6_skb_parm *opt = IP6CB(skb);
841 struct net *net = dev_net(skb->dev);
842 int extlen;
843
844 /*
845 * skb_network_header(skb) is equal to skb->data, and
846 * skb_network_header_len(skb) is always equal to
847 * sizeof(struct ipv6hdr) by definition of
848 * hop-by-hop options.
849 */
850 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr) + 8) ||
851 !pskb_may_pull(skb, (sizeof(struct ipv6hdr) +
852 ((skb_transport_header(skb)[1] + 1) << 3)))) {
853 fail_and_free:
854 kfree_skb(skb);
855 return -1;
856 }
857
858 extlen = (skb_transport_header(skb)[1] + 1) << 3;
859 if (extlen > net->ipv6.sysctl.max_hbh_opts_len)
860 goto fail_and_free;
861
862 opt->flags |= IP6SKB_HOPBYHOP;
863 if (ip6_parse_tlv(tlvprochopopt_lst, skb,
864 init_net.ipv6.sysctl.max_hbh_opts_cnt)) {
865 skb->transport_header += extlen;
866 opt = IP6CB(skb);
867 opt->nhoff = sizeof(struct ipv6hdr);
868 return 1;
869 }
870 return -1;
871 }
872
873 /*
874 * Creating outbound headers.
875 *
876 * "build" functions work when skb is filled from head to tail (datagram)
877 * "push" functions work when headers are added from tail to head (tcp)
878 *
879 * In both cases we assume, that caller reserved enough room
880 * for headers.
881 */
882
883 static void ipv6_push_rthdr0(struct sk_buff *skb, u8 *proto,
884 struct ipv6_rt_hdr *opt,
885 struct in6_addr **addr_p, struct in6_addr *saddr)
886 {
887 struct rt0_hdr *phdr, *ihdr;
888 int hops;
889
890 ihdr = (struct rt0_hdr *) opt;
891
892 phdr = skb_push(skb, (ihdr->rt_hdr.hdrlen + 1) << 3);
893 memcpy(phdr, ihdr, sizeof(struct rt0_hdr));
894
895 hops = ihdr->rt_hdr.hdrlen >> 1;
896
897 if (hops > 1)
898 memcpy(phdr->addr, ihdr->addr + 1,
899 (hops - 1) * sizeof(struct in6_addr));
900
901 phdr->addr[hops - 1] = **addr_p;
902 *addr_p = ihdr->addr;
903
904 phdr->rt_hdr.nexthdr = *proto;
905 *proto = NEXTHDR_ROUTING;
906 }
907
908 static void ipv6_push_rthdr4(struct sk_buff *skb, u8 *proto,
909 struct ipv6_rt_hdr *opt,
910 struct in6_addr **addr_p, struct in6_addr *saddr)
911 {
912 struct ipv6_sr_hdr *sr_phdr, *sr_ihdr;
913 int plen, hops;
914
915 sr_ihdr = (struct ipv6_sr_hdr *)opt;
916 plen = (sr_ihdr->hdrlen + 1) << 3;
917
918 sr_phdr = skb_push(skb, plen);
919 memcpy(sr_phdr, sr_ihdr, sizeof(struct ipv6_sr_hdr));
920
921 hops = sr_ihdr->first_segment + 1;
922 memcpy(sr_phdr->segments + 1, sr_ihdr->segments + 1,
923 (hops - 1) * sizeof(struct in6_addr));
924
925 sr_phdr->segments[0] = **addr_p;
926 *addr_p = &sr_ihdr->segments[sr_ihdr->segments_left];
927
928 if (sr_ihdr->hdrlen > hops * 2) {
929 int tlvs_offset, tlvs_length;
930
931 tlvs_offset = (1 + hops * 2) << 3;
932 tlvs_length = (sr_ihdr->hdrlen - hops * 2) << 3;
933 memcpy((char *)sr_phdr + tlvs_offset,
934 (char *)sr_ihdr + tlvs_offset, tlvs_length);
935 }
936
937 #ifdef CONFIG_IPV6_SEG6_HMAC
938 if (sr_has_hmac(sr_phdr)) {
939 struct net *net = NULL;
940
941 if (skb->dev)
942 net = dev_net(skb->dev);
943 else if (skb->sk)
944 net = sock_net(skb->sk);
945
946 WARN_ON(!net);
947
948 if (net)
949 seg6_push_hmac(net, saddr, sr_phdr);
950 }
951 #endif
952
953 sr_phdr->nexthdr = *proto;
954 *proto = NEXTHDR_ROUTING;
955 }
956
957 static void ipv6_push_rthdr(struct sk_buff *skb, u8 *proto,
958 struct ipv6_rt_hdr *opt,
959 struct in6_addr **addr_p, struct in6_addr *saddr)
960 {
961 switch (opt->type) {
962 case IPV6_SRCRT_TYPE_0:
963 case IPV6_SRCRT_STRICT:
964 case IPV6_SRCRT_TYPE_2:
965 ipv6_push_rthdr0(skb, proto, opt, addr_p, saddr);
966 break;
967 case IPV6_SRCRT_TYPE_4:
968 ipv6_push_rthdr4(skb, proto, opt, addr_p, saddr);
969 break;
970 default:
971 break;
972 }
973 }
974
975 static void ipv6_push_exthdr(struct sk_buff *skb, u8 *proto, u8 type, struct ipv6_opt_hdr *opt)
976 {
977 struct ipv6_opt_hdr *h = skb_push(skb, ipv6_optlen(opt));
978
979 memcpy(h, opt, ipv6_optlen(opt));
980 h->nexthdr = *proto;
981 *proto = type;
982 }
983
984 void ipv6_push_nfrag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt,
985 u8 *proto,
986 struct in6_addr **daddr, struct in6_addr *saddr)
987 {
988 if (opt->srcrt) {
989 ipv6_push_rthdr(skb, proto, opt->srcrt, daddr, saddr);
990 /*
991 * IPV6_RTHDRDSTOPTS is ignored
992 * unless IPV6_RTHDR is set (RFC3542).
993 */
994 if (opt->dst0opt)
995 ipv6_push_exthdr(skb, proto, NEXTHDR_DEST, opt->dst0opt);
996 }
997 if (opt->hopopt)
998 ipv6_push_exthdr(skb, proto, NEXTHDR_HOP, opt->hopopt);
999 }
1000
1001 void ipv6_push_frag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt, u8 *proto)
1002 {
1003 if (opt->dst1opt)
1004 ipv6_push_exthdr(skb, proto, NEXTHDR_DEST, opt->dst1opt);
1005 }
1006 EXPORT_SYMBOL(ipv6_push_frag_opts);
1007
1008 struct ipv6_txoptions *
1009 ipv6_dup_options(struct sock *sk, struct ipv6_txoptions *opt)
1010 {
1011 struct ipv6_txoptions *opt2;
1012
1013 opt2 = sock_kmalloc(sk, opt->tot_len, GFP_ATOMIC);
1014 if (opt2) {
1015 long dif = (char *)opt2 - (char *)opt;
1016 memcpy(opt2, opt, opt->tot_len);
1017 if (opt2->hopopt)
1018 *((char **)&opt2->hopopt) += dif;
1019 if (opt2->dst0opt)
1020 *((char **)&opt2->dst0opt) += dif;
1021 if (opt2->dst1opt)
1022 *((char **)&opt2->dst1opt) += dif;
1023 if (opt2->srcrt)
1024 *((char **)&opt2->srcrt) += dif;
1025 refcount_set(&opt2->refcnt, 1);
1026 }
1027 return opt2;
1028 }
1029 EXPORT_SYMBOL_GPL(ipv6_dup_options);
1030
1031 static int ipv6_renew_option(void *ohdr,
1032 struct ipv6_opt_hdr __user *newopt, int newoptlen,
1033 int inherit,
1034 struct ipv6_opt_hdr **hdr,
1035 char **p)
1036 {
1037 if (inherit) {
1038 if (ohdr) {
1039 memcpy(*p, ohdr, ipv6_optlen((struct ipv6_opt_hdr *)ohdr));
1040 *hdr = (struct ipv6_opt_hdr *)*p;
1041 *p += CMSG_ALIGN(ipv6_optlen(*hdr));
1042 }
1043 } else {
1044 if (newopt) {
1045 if (copy_from_user(*p, newopt, newoptlen))
1046 return -EFAULT;
1047 *hdr = (struct ipv6_opt_hdr *)*p;
1048 if (ipv6_optlen(*hdr) > newoptlen)
1049 return -EINVAL;
1050 *p += CMSG_ALIGN(newoptlen);
1051 }
1052 }
1053 return 0;
1054 }
1055
1056 /**
1057 * ipv6_renew_options - replace a specific ext hdr with a new one.
1058 *
1059 * @sk: sock from which to allocate memory
1060 * @opt: original options
1061 * @newtype: option type to replace in @opt
1062 * @newopt: new option of type @newtype to replace (user-mem)
1063 * @newoptlen: length of @newopt
1064 *
1065 * Returns a new set of options which is a copy of @opt with the
1066 * option type @newtype replaced with @newopt.
1067 *
1068 * @opt may be NULL, in which case a new set of options is returned
1069 * containing just @newopt.
1070 *
1071 * @newopt may be NULL, in which case the specified option type is
1072 * not copied into the new set of options.
1073 *
1074 * The new set of options is allocated from the socket option memory
1075 * buffer of @sk.
1076 */
1077 struct ipv6_txoptions *
1078 ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt,
1079 int newtype,
1080 struct ipv6_opt_hdr __user *newopt, int newoptlen)
1081 {
1082 int tot_len = 0;
1083 char *p;
1084 struct ipv6_txoptions *opt2;
1085 int err;
1086
1087 if (opt) {
1088 if (newtype != IPV6_HOPOPTS && opt->hopopt)
1089 tot_len += CMSG_ALIGN(ipv6_optlen(opt->hopopt));
1090 if (newtype != IPV6_RTHDRDSTOPTS && opt->dst0opt)
1091 tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst0opt));
1092 if (newtype != IPV6_RTHDR && opt->srcrt)
1093 tot_len += CMSG_ALIGN(ipv6_optlen(opt->srcrt));
1094 if (newtype != IPV6_DSTOPTS && opt->dst1opt)
1095 tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst1opt));
1096 }
1097
1098 if (newopt && newoptlen)
1099 tot_len += CMSG_ALIGN(newoptlen);
1100
1101 if (!tot_len)
1102 return NULL;
1103
1104 tot_len += sizeof(*opt2);
1105 opt2 = sock_kmalloc(sk, tot_len, GFP_ATOMIC);
1106 if (!opt2)
1107 return ERR_PTR(-ENOBUFS);
1108
1109 memset(opt2, 0, tot_len);
1110 refcount_set(&opt2->refcnt, 1);
1111 opt2->tot_len = tot_len;
1112 p = (char *)(opt2 + 1);
1113
1114 err = ipv6_renew_option(opt ? opt->hopopt : NULL, newopt, newoptlen,
1115 newtype != IPV6_HOPOPTS,
1116 &opt2->hopopt, &p);
1117 if (err)
1118 goto out;
1119
1120 err = ipv6_renew_option(opt ? opt->dst0opt : NULL, newopt, newoptlen,
1121 newtype != IPV6_RTHDRDSTOPTS,
1122 &opt2->dst0opt, &p);
1123 if (err)
1124 goto out;
1125
1126 err = ipv6_renew_option(opt ? opt->srcrt : NULL, newopt, newoptlen,
1127 newtype != IPV6_RTHDR,
1128 (struct ipv6_opt_hdr **)&opt2->srcrt, &p);
1129 if (err)
1130 goto out;
1131
1132 err = ipv6_renew_option(opt ? opt->dst1opt : NULL, newopt, newoptlen,
1133 newtype != IPV6_DSTOPTS,
1134 &opt2->dst1opt, &p);
1135 if (err)
1136 goto out;
1137
1138 opt2->opt_nflen = (opt2->hopopt ? ipv6_optlen(opt2->hopopt) : 0) +
1139 (opt2->dst0opt ? ipv6_optlen(opt2->dst0opt) : 0) +
1140 (opt2->srcrt ? ipv6_optlen(opt2->srcrt) : 0);
1141 opt2->opt_flen = (opt2->dst1opt ? ipv6_optlen(opt2->dst1opt) : 0);
1142
1143 return opt2;
1144 out:
1145 sock_kfree_s(sk, opt2, opt2->tot_len);
1146 return ERR_PTR(err);
1147 }
1148
1149 /**
1150 * ipv6_renew_options_kern - replace a specific ext hdr with a new one.
1151 *
1152 * @sk: sock from which to allocate memory
1153 * @opt: original options
1154 * @newtype: option type to replace in @opt
1155 * @newopt: new option of type @newtype to replace (kernel-mem)
1156 * @newoptlen: length of @newopt
1157 *
1158 * See ipv6_renew_options(). The difference is that @newopt is
1159 * kernel memory, rather than user memory.
1160 */
1161 struct ipv6_txoptions *
1162 ipv6_renew_options_kern(struct sock *sk, struct ipv6_txoptions *opt,
1163 int newtype, struct ipv6_opt_hdr *newopt,
1164 int newoptlen)
1165 {
1166 struct ipv6_txoptions *ret_val;
1167 const mm_segment_t old_fs = get_fs();
1168
1169 set_fs(KERNEL_DS);
1170 ret_val = ipv6_renew_options(sk, opt, newtype,
1171 (struct ipv6_opt_hdr __user *)newopt,
1172 newoptlen);
1173 set_fs(old_fs);
1174 return ret_val;
1175 }
1176
1177 struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space,
1178 struct ipv6_txoptions *opt)
1179 {
1180 /*
1181 * ignore the dest before srcrt unless srcrt is being included.
1182 * --yoshfuji
1183 */
1184 if (opt && opt->dst0opt && !opt->srcrt) {
1185 if (opt_space != opt) {
1186 memcpy(opt_space, opt, sizeof(*opt_space));
1187 opt = opt_space;
1188 }
1189 opt->opt_nflen -= ipv6_optlen(opt->dst0opt);
1190 opt->dst0opt = NULL;
1191 }
1192
1193 return opt;
1194 }
1195 EXPORT_SYMBOL_GPL(ipv6_fixup_options);
1196
1197 /**
1198 * fl6_update_dst - update flowi destination address with info given
1199 * by srcrt option, if any.
1200 *
1201 * @fl6: flowi6 for which daddr is to be updated
1202 * @opt: struct ipv6_txoptions in which to look for srcrt opt
1203 * @orig: copy of original daddr address if modified
1204 *
1205 * Returns NULL if no txoptions or no srcrt, otherwise returns orig
1206 * and initial value of fl6->daddr set in orig
1207 */
1208 struct in6_addr *fl6_update_dst(struct flowi6 *fl6,
1209 const struct ipv6_txoptions *opt,
1210 struct in6_addr *orig)
1211 {
1212 if (!opt || !opt->srcrt)
1213 return NULL;
1214
1215 *orig = fl6->daddr;
1216
1217 switch (opt->srcrt->type) {
1218 case IPV6_SRCRT_TYPE_0:
1219 case IPV6_SRCRT_STRICT:
1220 case IPV6_SRCRT_TYPE_2:
1221 fl6->daddr = *((struct rt0_hdr *)opt->srcrt)->addr;
1222 break;
1223 case IPV6_SRCRT_TYPE_4:
1224 {
1225 struct ipv6_sr_hdr *srh = (struct ipv6_sr_hdr *)opt->srcrt;
1226
1227 fl6->daddr = srh->segments[srh->segments_left];
1228 break;
1229 }
1230 default:
1231 return NULL;
1232 }
1233
1234 return orig;
1235 }
1236 EXPORT_SYMBOL_GPL(fl6_update_dst);
Linux with added FPC-III support