1 /* SPDX-License-Identifier: GPL-2.0-or-later */
3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
12 #include <linux/ipv6.h>
13 #include <linux/hardirq.h>
14 #include <linux/jhash.h>
15 #include <linux/refcount.h>
16 #include <linux/jump_label_ratelimit.h>
17 #include <net/if_inet6.h>
18 #include <net/ndisc.h>
20 #include <net/flow_dissector.h>
22 #include <net/netns/hash.h>
24 #define SIN6_LEN_RFC2133 24
26 #define IPV6_MAXPLEN 65535
29 * NextHeader field of IPv6 header
32 #define NEXTHDR_HOP 0 /* Hop-by-hop option header. */
33 #define NEXTHDR_TCP 6 /* TCP segment. */
34 #define NEXTHDR_UDP 17 /* UDP message. */
35 #define NEXTHDR_IPV6 41 /* IPv6 in IPv6 */
36 #define NEXTHDR_ROUTING 43 /* Routing header. */
37 #define NEXTHDR_FRAGMENT 44 /* Fragmentation/reassembly header. */
38 #define NEXTHDR_GRE 47 /* GRE header. */
39 #define NEXTHDR_ESP 50 /* Encapsulating security payload. */
40 #define NEXTHDR_AUTH 51 /* Authentication header. */
41 #define NEXTHDR_ICMP 58 /* ICMP for IPv6. */
42 #define NEXTHDR_NONE 59 /* No next header */
43 #define NEXTHDR_DEST 60 /* Destination options header. */
44 #define NEXTHDR_SCTP 132 /* SCTP message. */
45 #define NEXTHDR_MOBILITY 135 /* Mobility header. */
47 #define NEXTHDR_MAX 255
49 #define IPV6_DEFAULT_HOPLIMIT 64
50 #define IPV6_DEFAULT_MCASTHOPS 1
52 /* Limits on Hop-by-Hop and Destination options.
54 * Per RFC8200 there is no limit on the maximum number or lengths of options in
55 * Hop-by-Hop or Destination options other then the packet must fit in an MTU.
56 * We allow configurable limits in order to mitigate potential denial of
59 * There are three limits that may be set:
60 * - Limit the number of options in a Hop-by-Hop or Destination options
62 * - Limit the byte length of a Hop-by-Hop or Destination options extension
64 * - Disallow unknown options
66 * The limits are expressed in corresponding sysctls:
68 * ipv6.sysctl.max_dst_opts_cnt
69 * ipv6.sysctl.max_hbh_opts_cnt
70 * ipv6.sysctl.max_dst_opts_len
71 * ipv6.sysctl.max_hbh_opts_len
73 * max_*_opts_cnt is the number of TLVs that are allowed for Destination
74 * options or Hop-by-Hop options. If the number is less than zero then unknown
75 * TLVs are disallowed and the number of known options that are allowed is the
76 * absolute value. Setting the value to INT_MAX indicates no limit.
78 * max_*_opts_len is the length limit in bytes of a Destination or
79 * Hop-by-Hop options extension header. Setting the value to INT_MAX
80 * indicates no length limit.
82 * If a limit is exceeded when processing an extension header the packet is
86 /* Default limits for Hop-by-Hop and Destination options */
87 #define IP6_DEFAULT_MAX_DST_OPTS_CNT 8
88 #define IP6_DEFAULT_MAX_HBH_OPTS_CNT 8
89 #define IP6_DEFAULT_MAX_DST_OPTS_LEN INT_MAX /* No limit */
90 #define IP6_DEFAULT_MAX_HBH_OPTS_LEN INT_MAX /* No limit */
95 * type - unicast | multicast
96 * scope - local | site | global
103 #define IPV6_ADDR_ANY 0x0000U
105 #define IPV6_ADDR_UNICAST 0x0001U
106 #define IPV6_ADDR_MULTICAST 0x0002U
108 #define IPV6_ADDR_LOOPBACK 0x0010U
109 #define IPV6_ADDR_LINKLOCAL 0x0020U
110 #define IPV6_ADDR_SITELOCAL 0x0040U
112 #define IPV6_ADDR_COMPATv4 0x0080U
114 #define IPV6_ADDR_SCOPE_MASK 0x00f0U
116 #define IPV6_ADDR_MAPPED 0x1000U
121 #define IPV6_ADDR_MC_SCOPE(a) \
122 ((a)->s6_addr[1] & 0x0f) /* nonstandard */
123 #define __IPV6_ADDR_SCOPE_INVALID -1
124 #define IPV6_ADDR_SCOPE_NODELOCAL 0x01
125 #define IPV6_ADDR_SCOPE_LINKLOCAL 0x02
126 #define IPV6_ADDR_SCOPE_SITELOCAL 0x05
127 #define IPV6_ADDR_SCOPE_ORGLOCAL 0x08
128 #define IPV6_ADDR_SCOPE_GLOBAL 0x0e
133 #define IPV6_ADDR_MC_FLAG_TRANSIENT(a) \
134 ((a)->s6_addr[1] & 0x10)
135 #define IPV6_ADDR_MC_FLAG_PREFIX(a) \
136 ((a)->s6_addr[1] & 0x20)
137 #define IPV6_ADDR_MC_FLAG_RENDEZVOUS(a) \
138 ((a)->s6_addr[1] & 0x40)
141 * fragmentation header
148 __be32 identification
;
151 #define IP6_MF 0x0001
152 #define IP6_OFFSET 0xFFF8
154 struct ip6_fraglist_iter
{
155 struct ipv6hdr
*tmp_hdr
;
156 struct sk_buff
*frag
;
163 int ip6_fraglist_init(struct sk_buff
*skb
, unsigned int hlen
, u8
*prevhdr
,
164 u8 nexthdr
, __be32 frag_id
,
165 struct ip6_fraglist_iter
*iter
);
166 void ip6_fraglist_prepare(struct sk_buff
*skb
, struct ip6_fraglist_iter
*iter
);
168 static inline struct sk_buff
*ip6_fraglist_next(struct ip6_fraglist_iter
*iter
)
170 struct sk_buff
*skb
= iter
->frag
;
172 iter
->frag
= skb
->next
;
173 skb_mark_not_on_list(skb
);
178 struct ip6_frag_state
{
191 void ip6_frag_init(struct sk_buff
*skb
, unsigned int hlen
, unsigned int mtu
,
192 unsigned short needed_tailroom
, int hdr_room
, u8
*prevhdr
,
193 u8 nexthdr
, __be32 frag_id
, struct ip6_frag_state
*state
);
194 struct sk_buff
*ip6_frag_next(struct sk_buff
*skb
,
195 struct ip6_frag_state
*state
);
197 #define IP6_REPLY_MARK(net, mark) \
198 ((net)->ipv6.sysctl.fwmark_reflect ? (mark) : 0)
200 #include <net/sock.h>
203 extern int sysctl_mld_max_msf
;
204 extern int sysctl_mld_qrv
;
206 #define _DEVINC(net, statname, mod, idev, field) \
208 struct inet6_dev *_idev = (idev); \
209 if (likely(_idev != NULL)) \
210 mod##SNMP_INC_STATS64((_idev)->stats.statname, (field));\
211 mod##SNMP_INC_STATS64((net)->mib.statname##_statistics, (field));\
214 /* per device counters are atomic_long_t */
215 #define _DEVINCATOMIC(net, statname, mod, idev, field) \
217 struct inet6_dev *_idev = (idev); \
218 if (likely(_idev != NULL)) \
219 SNMP_INC_STATS_ATOMIC_LONG((_idev)->stats.statname##dev, (field)); \
220 mod##SNMP_INC_STATS((net)->mib.statname##_statistics, (field));\
223 /* per device and per net counters are atomic_long_t */
224 #define _DEVINC_ATOMIC_ATOMIC(net, statname, idev, field) \
226 struct inet6_dev *_idev = (idev); \
227 if (likely(_idev != NULL)) \
228 SNMP_INC_STATS_ATOMIC_LONG((_idev)->stats.statname##dev, (field)); \
229 SNMP_INC_STATS_ATOMIC_LONG((net)->mib.statname##_statistics, (field));\
232 #define _DEVADD(net, statname, mod, idev, field, val) \
234 struct inet6_dev *_idev = (idev); \
235 if (likely(_idev != NULL)) \
236 mod##SNMP_ADD_STATS((_idev)->stats.statname, (field), (val)); \
237 mod##SNMP_ADD_STATS((net)->mib.statname##_statistics, (field), (val));\
240 #define _DEVUPD(net, statname, mod, idev, field, val) \
242 struct inet6_dev *_idev = (idev); \
243 if (likely(_idev != NULL)) \
244 mod##SNMP_UPD_PO_STATS((_idev)->stats.statname, field, (val)); \
245 mod##SNMP_UPD_PO_STATS((net)->mib.statname##_statistics, field, (val));\
250 #define IP6_INC_STATS(net, idev,field) \
251 _DEVINC(net, ipv6, , idev, field)
252 #define __IP6_INC_STATS(net, idev,field) \
253 _DEVINC(net, ipv6, __, idev, field)
254 #define IP6_ADD_STATS(net, idev,field,val) \
255 _DEVADD(net, ipv6, , idev, field, val)
256 #define __IP6_ADD_STATS(net, idev,field,val) \
257 _DEVADD(net, ipv6, __, idev, field, val)
258 #define IP6_UPD_PO_STATS(net, idev,field,val) \
259 _DEVUPD(net, ipv6, , idev, field, val)
260 #define __IP6_UPD_PO_STATS(net, idev,field,val) \
261 _DEVUPD(net, ipv6, __, idev, field, val)
262 #define ICMP6_INC_STATS(net, idev, field) \
263 _DEVINCATOMIC(net, icmpv6, , idev, field)
264 #define __ICMP6_INC_STATS(net, idev, field) \
265 _DEVINCATOMIC(net, icmpv6, __, idev, field)
267 #define ICMP6MSGOUT_INC_STATS(net, idev, field) \
268 _DEVINC_ATOMIC_ATOMIC(net, icmpv6msg, idev, field +256)
269 #define ICMP6MSGIN_INC_STATS(net, idev, field) \
270 _DEVINC_ATOMIC_ATOMIC(net, icmpv6msg, idev, field)
272 struct ip6_ra_chain
{
273 struct ip6_ra_chain
*next
;
276 void (*destructor
)(struct sock
*);
279 extern struct ip6_ra_chain
*ip6_ra_chain
;
280 extern rwlock_t ip6_ra_lock
;
283 This structure is prepared by protocol, when parsing
284 ancillary data and passed to IPv6.
287 struct ipv6_txoptions
{
289 /* Length of this structure */
292 /* length of extension headers */
294 __u16 opt_flen
; /* after fragment hdr */
295 __u16 opt_nflen
; /* before fragment hdr */
297 struct ipv6_opt_hdr
*hopopt
;
298 struct ipv6_opt_hdr
*dst0opt
;
299 struct ipv6_rt_hdr
*srcrt
; /* Routing Header */
300 struct ipv6_opt_hdr
*dst1opt
;
302 /* Option buffer, as read by IPV6_PKTOPTIONS, starts here. */
305 /* flowlabel_reflect sysctl values */
306 enum flowlabel_reflect
{
307 FLOWLABEL_REFLECT_ESTABLISHED
= 1,
308 FLOWLABEL_REFLECT_TCP_RESET
= 2,
309 FLOWLABEL_REFLECT_ICMPV6_ECHO_REPLIES
= 4,
312 struct ip6_flowlabel
{
313 struct ip6_flowlabel __rcu
*next
;
317 struct ipv6_txoptions
*opt
;
318 unsigned long linger
;
325 unsigned long lastuse
;
326 unsigned long expires
;
330 #define IPV6_FLOWINFO_MASK cpu_to_be32(0x0FFFFFFF)
331 #define IPV6_FLOWLABEL_MASK cpu_to_be32(0x000FFFFF)
332 #define IPV6_FLOWLABEL_STATELESS_FLAG cpu_to_be32(0x00080000)
334 #define IPV6_TCLASS_MASK (IPV6_FLOWINFO_MASK & ~IPV6_FLOWLABEL_MASK)
335 #define IPV6_TCLASS_SHIFT 20
337 struct ipv6_fl_socklist
{
338 struct ipv6_fl_socklist __rcu
*next
;
339 struct ip6_flowlabel
*fl
;
343 struct ipcm6_cookie
{
344 struct sockcm_cookie sockc
;
348 struct ipv6_txoptions
*opt
;
352 static inline void ipcm6_init(struct ipcm6_cookie
*ipc6
)
354 *ipc6
= (struct ipcm6_cookie
) {
361 static inline void ipcm6_init_sk(struct ipcm6_cookie
*ipc6
,
362 const struct ipv6_pinfo
*np
)
364 *ipc6
= (struct ipcm6_cookie
) {
366 .tclass
= np
->tclass
,
367 .dontfrag
= np
->dontfrag
,
371 static inline struct ipv6_txoptions
*txopt_get(const struct ipv6_pinfo
*np
)
373 struct ipv6_txoptions
*opt
;
376 opt
= rcu_dereference(np
->opt
);
378 if (!refcount_inc_not_zero(&opt
->refcnt
))
381 opt
= rcu_pointer_handoff(opt
);
387 static inline void txopt_put(struct ipv6_txoptions
*opt
)
389 if (opt
&& refcount_dec_and_test(&opt
->refcnt
))
393 struct ip6_flowlabel
*__fl6_sock_lookup(struct sock
*sk
, __be32 label
);
395 extern struct static_key_false_deferred ipv6_flowlabel_exclusive
;
396 static inline struct ip6_flowlabel
*fl6_sock_lookup(struct sock
*sk
,
399 if (static_branch_unlikely(&ipv6_flowlabel_exclusive
.key
))
400 return __fl6_sock_lookup(sk
, label
) ? : ERR_PTR(-ENOENT
);
405 struct ipv6_txoptions
*fl6_merge_options(struct ipv6_txoptions
*opt_space
,
406 struct ip6_flowlabel
*fl
,
407 struct ipv6_txoptions
*fopt
);
408 void fl6_free_socklist(struct sock
*sk
);
409 int ipv6_flowlabel_opt(struct sock
*sk
, sockptr_t optval
, int optlen
);
410 int ipv6_flowlabel_opt_get(struct sock
*sk
, struct in6_flowlabel_req
*freq
,
412 int ip6_flowlabel_init(void);
413 void ip6_flowlabel_cleanup(void);
414 bool ip6_autoflowlabel(struct net
*net
, const struct ipv6_pinfo
*np
);
416 static inline void fl6_sock_release(struct ip6_flowlabel
*fl
)
419 atomic_dec(&fl
->users
);
422 void icmpv6_notify(struct sk_buff
*skb
, u8 type
, u8 code
, __be32 info
);
424 void icmpv6_push_pending_frames(struct sock
*sk
, struct flowi6
*fl6
,
425 struct icmp6hdr
*thdr
, int len
);
427 int ip6_ra_control(struct sock
*sk
, int sel
);
429 int ipv6_parse_hopopts(struct sk_buff
*skb
);
431 struct ipv6_txoptions
*ipv6_dup_options(struct sock
*sk
,
432 struct ipv6_txoptions
*opt
);
433 struct ipv6_txoptions
*ipv6_renew_options(struct sock
*sk
,
434 struct ipv6_txoptions
*opt
,
436 struct ipv6_opt_hdr
*newopt
);
437 struct ipv6_txoptions
*ipv6_fixup_options(struct ipv6_txoptions
*opt_space
,
438 struct ipv6_txoptions
*opt
);
440 bool ipv6_opt_accepted(const struct sock
*sk
, const struct sk_buff
*skb
,
441 const struct inet6_skb_parm
*opt
);
442 struct ipv6_txoptions
*ipv6_update_options(struct sock
*sk
,
443 struct ipv6_txoptions
*opt
);
445 static inline bool ipv6_accept_ra(struct inet6_dev
*idev
)
447 /* If forwarding is enabled, RA are not accepted unless the special
448 * hybrid mode (accept_ra=2) is enabled.
450 return idev
->cnf
.forwarding
? idev
->cnf
.accept_ra
== 2 :
454 #define IPV6_FRAG_HIGH_THRESH (4 * 1024*1024) /* 4194304 */
455 #define IPV6_FRAG_LOW_THRESH (3 * 1024*1024) /* 3145728 */
456 #define IPV6_FRAG_TIMEOUT (60 * HZ) /* 60 seconds */
458 int __ipv6_addr_type(const struct in6_addr
*addr
);
459 static inline int ipv6_addr_type(const struct in6_addr
*addr
)
461 return __ipv6_addr_type(addr
) & 0xffff;
464 static inline int ipv6_addr_scope(const struct in6_addr
*addr
)
466 return __ipv6_addr_type(addr
) & IPV6_ADDR_SCOPE_MASK
;
469 static inline int __ipv6_addr_src_scope(int type
)
471 return (type
== IPV6_ADDR_ANY
) ? __IPV6_ADDR_SCOPE_INVALID
: (type
>> 16);
474 static inline int ipv6_addr_src_scope(const struct in6_addr
*addr
)
476 return __ipv6_addr_src_scope(__ipv6_addr_type(addr
));
479 static inline bool __ipv6_addr_needs_scope_id(int type
)
481 return type
& IPV6_ADDR_LINKLOCAL
||
482 (type
& IPV6_ADDR_MULTICAST
&&
483 (type
& (IPV6_ADDR_LOOPBACK
|IPV6_ADDR_LINKLOCAL
)));
486 static inline __u32
ipv6_iface_scope_id(const struct in6_addr
*addr
, int iface
)
488 return __ipv6_addr_needs_scope_id(__ipv6_addr_type(addr
)) ? iface
: 0;
491 static inline int ipv6_addr_cmp(const struct in6_addr
*a1
, const struct in6_addr
*a2
)
493 return memcmp(a1
, a2
, sizeof(struct in6_addr
));
497 ipv6_masked_addr_cmp(const struct in6_addr
*a1
, const struct in6_addr
*m
,
498 const struct in6_addr
*a2
)
500 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
501 const unsigned long *ul1
= (const unsigned long *)a1
;
502 const unsigned long *ulm
= (const unsigned long *)m
;
503 const unsigned long *ul2
= (const unsigned long *)a2
;
505 return !!(((ul1
[0] ^ ul2
[0]) & ulm
[0]) |
506 ((ul1
[1] ^ ul2
[1]) & ulm
[1]));
508 return !!(((a1
->s6_addr32
[0] ^ a2
->s6_addr32
[0]) & m
->s6_addr32
[0]) |
509 ((a1
->s6_addr32
[1] ^ a2
->s6_addr32
[1]) & m
->s6_addr32
[1]) |
510 ((a1
->s6_addr32
[2] ^ a2
->s6_addr32
[2]) & m
->s6_addr32
[2]) |
511 ((a1
->s6_addr32
[3] ^ a2
->s6_addr32
[3]) & m
->s6_addr32
[3]));
515 static inline void ipv6_addr_prefix(struct in6_addr
*pfx
,
516 const struct in6_addr
*addr
,
519 /* caller must guarantee 0 <= plen <= 128 */
523 memset(pfx
->s6_addr
, 0, sizeof(pfx
->s6_addr
));
524 memcpy(pfx
->s6_addr
, addr
, o
);
526 pfx
->s6_addr
[o
] = addr
->s6_addr
[o
] & (0xff00 >> b
);
529 static inline void ipv6_addr_prefix_copy(struct in6_addr
*addr
,
530 const struct in6_addr
*pfx
,
533 /* caller must guarantee 0 <= plen <= 128 */
537 memcpy(addr
->s6_addr
, pfx
, o
);
539 addr
->s6_addr
[o
] &= ~(0xff00 >> b
);
540 addr
->s6_addr
[o
] |= (pfx
->s6_addr
[o
] & (0xff00 >> b
));
544 static inline void __ipv6_addr_set_half(__be32
*addr
,
545 __be32 wh
, __be32 wl
)
547 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
548 #if defined(__BIG_ENDIAN)
549 if (__builtin_constant_p(wh
) && __builtin_constant_p(wl
)) {
550 *(__force u64
*)addr
= ((__force u64
)(wh
) << 32 | (__force u64
)(wl
));
553 #elif defined(__LITTLE_ENDIAN)
554 if (__builtin_constant_p(wl
) && __builtin_constant_p(wh
)) {
555 *(__force u64
*)addr
= ((__force u64
)(wl
) << 32 | (__force u64
)(wh
));
564 static inline void ipv6_addr_set(struct in6_addr
*addr
,
565 __be32 w1
, __be32 w2
,
566 __be32 w3
, __be32 w4
)
568 __ipv6_addr_set_half(&addr
->s6_addr32
[0], w1
, w2
);
569 __ipv6_addr_set_half(&addr
->s6_addr32
[2], w3
, w4
);
572 static inline bool ipv6_addr_equal(const struct in6_addr
*a1
,
573 const struct in6_addr
*a2
)
575 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
576 const unsigned long *ul1
= (const unsigned long *)a1
;
577 const unsigned long *ul2
= (const unsigned long *)a2
;
579 return ((ul1
[0] ^ ul2
[0]) | (ul1
[1] ^ ul2
[1])) == 0UL;
581 return ((a1
->s6_addr32
[0] ^ a2
->s6_addr32
[0]) |
582 (a1
->s6_addr32
[1] ^ a2
->s6_addr32
[1]) |
583 (a1
->s6_addr32
[2] ^ a2
->s6_addr32
[2]) |
584 (a1
->s6_addr32
[3] ^ a2
->s6_addr32
[3])) == 0;
588 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
589 static inline bool __ipv6_prefix_equal64_half(const __be64
*a1
,
593 if (len
&& ((*a1
^ *a2
) & cpu_to_be64((~0UL) << (64 - len
))))
598 static inline bool ipv6_prefix_equal(const struct in6_addr
*addr1
,
599 const struct in6_addr
*addr2
,
600 unsigned int prefixlen
)
602 const __be64
*a1
= (const __be64
*)addr1
;
603 const __be64
*a2
= (const __be64
*)addr2
;
605 if (prefixlen
>= 64) {
608 return __ipv6_prefix_equal64_half(a1
+ 1, a2
+ 1, prefixlen
- 64);
610 return __ipv6_prefix_equal64_half(a1
, a2
, prefixlen
);
613 static inline bool ipv6_prefix_equal(const struct in6_addr
*addr1
,
614 const struct in6_addr
*addr2
,
615 unsigned int prefixlen
)
617 const __be32
*a1
= addr1
->s6_addr32
;
618 const __be32
*a2
= addr2
->s6_addr32
;
619 unsigned int pdw
, pbi
;
621 /* check complete u32 in prefix */
622 pdw
= prefixlen
>> 5;
623 if (pdw
&& memcmp(a1
, a2
, pdw
<< 2))
626 /* check incomplete u32 in prefix */
627 pbi
= prefixlen
& 0x1f;
628 if (pbi
&& ((a1
[pdw
] ^ a2
[pdw
]) & htonl((0xffffffff) << (32 - pbi
))))
635 static inline bool ipv6_addr_any(const struct in6_addr
*a
)
637 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
638 const unsigned long *ul
= (const unsigned long *)a
;
640 return (ul
[0] | ul
[1]) == 0UL;
642 return (a
->s6_addr32
[0] | a
->s6_addr32
[1] |
643 a
->s6_addr32
[2] | a
->s6_addr32
[3]) == 0;
647 static inline u32
ipv6_addr_hash(const struct in6_addr
*a
)
649 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
650 const unsigned long *ul
= (const unsigned long *)a
;
651 unsigned long x
= ul
[0] ^ ul
[1];
653 return (u32
)(x
^ (x
>> 32));
655 return (__force u32
)(a
->s6_addr32
[0] ^ a
->s6_addr32
[1] ^
656 a
->s6_addr32
[2] ^ a
->s6_addr32
[3]);
660 /* more secured version of ipv6_addr_hash() */
661 static inline u32
__ipv6_addr_jhash(const struct in6_addr
*a
, const u32 initval
)
663 u32 v
= (__force u32
)a
->s6_addr32
[0] ^ (__force u32
)a
->s6_addr32
[1];
665 return jhash_3words(v
,
666 (__force u32
)a
->s6_addr32
[2],
667 (__force u32
)a
->s6_addr32
[3],
671 static inline bool ipv6_addr_loopback(const struct in6_addr
*a
)
673 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
674 const __be64
*be
= (const __be64
*)a
;
676 return (be
[0] | (be
[1] ^ cpu_to_be64(1))) == 0UL;
678 return (a
->s6_addr32
[0] | a
->s6_addr32
[1] |
679 a
->s6_addr32
[2] | (a
->s6_addr32
[3] ^ cpu_to_be32(1))) == 0;
684 * Note that we must __force cast these to unsigned long to make sparse happy,
685 * since all of the endian-annotated types are fixed size regardless of arch.
687 static inline bool ipv6_addr_v4mapped(const struct in6_addr
*a
)
690 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
691 *(unsigned long *)a
|
693 (__force
unsigned long)(a
->s6_addr32
[0] | a
->s6_addr32
[1]) |
695 (__force
unsigned long)(a
->s6_addr32
[2] ^
696 cpu_to_be32(0x0000ffff))) == 0UL;
699 static inline bool ipv6_addr_v4mapped_loopback(const struct in6_addr
*a
)
701 return ipv6_addr_v4mapped(a
) && ipv4_is_loopback(a
->s6_addr32
[3]);
704 static inline u32
ipv6_portaddr_hash(const struct net
*net
,
705 const struct in6_addr
*addr6
,
708 unsigned int hash
, mix
= net_hash_mix(net
);
710 if (ipv6_addr_any(addr6
))
711 hash
= jhash_1word(0, mix
);
712 else if (ipv6_addr_v4mapped(addr6
))
713 hash
= jhash_1word((__force u32
)addr6
->s6_addr32
[3], mix
);
715 hash
= jhash2((__force u32
*)addr6
->s6_addr32
, 4, mix
);
721 * Check for a RFC 4843 ORCHID address
722 * (Overlay Routable Cryptographic Hash Identifiers)
724 static inline bool ipv6_addr_orchid(const struct in6_addr
*a
)
726 return (a
->s6_addr32
[0] & htonl(0xfffffff0)) == htonl(0x20010010);
729 static inline bool ipv6_addr_is_multicast(const struct in6_addr
*addr
)
731 return (addr
->s6_addr32
[0] & htonl(0xFF000000)) == htonl(0xFF000000);
734 static inline void ipv6_addr_set_v4mapped(const __be32 addr
,
735 struct in6_addr
*v4mapped
)
737 ipv6_addr_set(v4mapped
,
744 * find the first different bit between two addresses
745 * length of address must be a multiple of 32bits
747 static inline int __ipv6_addr_diff32(const void *token1
, const void *token2
, int addrlen
)
749 const __be32
*a1
= token1
, *a2
= token2
;
754 for (i
= 0; i
< addrlen
; i
++) {
755 __be32 xb
= a1
[i
] ^ a2
[i
];
757 return i
* 32 + 31 - __fls(ntohl(xb
));
761 * we should *never* get to this point since that
762 * would mean the addrs are equal
764 * However, we do get to it 8) And exacly, when
765 * addresses are equal 8)
767 * ip route add 1111::/128 via ...
768 * ip route add 1111::/64 via ...
771 * Ideally, this function should stop comparison
772 * at prefix length. It does not, but it is still OK,
773 * if returned value is greater than prefix length.
779 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
780 static inline int __ipv6_addr_diff64(const void *token1
, const void *token2
, int addrlen
)
782 const __be64
*a1
= token1
, *a2
= token2
;
787 for (i
= 0; i
< addrlen
; i
++) {
788 __be64 xb
= a1
[i
] ^ a2
[i
];
790 return i
* 64 + 63 - __fls(be64_to_cpu(xb
));
797 static inline int __ipv6_addr_diff(const void *token1
, const void *token2
, int addrlen
)
799 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
800 if (__builtin_constant_p(addrlen
) && !(addrlen
& 7))
801 return __ipv6_addr_diff64(token1
, token2
, addrlen
);
803 return __ipv6_addr_diff32(token1
, token2
, addrlen
);
806 static inline int ipv6_addr_diff(const struct in6_addr
*a1
, const struct in6_addr
*a2
)
808 return __ipv6_addr_diff(a1
, a2
, sizeof(struct in6_addr
));
811 __be32
ipv6_select_ident(struct net
*net
,
812 const struct in6_addr
*daddr
,
813 const struct in6_addr
*saddr
);
814 __be32
ipv6_proxy_select_ident(struct net
*net
, struct sk_buff
*skb
);
816 int ip6_dst_hoplimit(struct dst_entry
*dst
);
818 static inline int ip6_sk_dst_hoplimit(struct ipv6_pinfo
*np
, struct flowi6
*fl6
,
819 struct dst_entry
*dst
)
823 if (ipv6_addr_is_multicast(&fl6
->daddr
))
824 hlimit
= np
->mcast_hops
;
826 hlimit
= np
->hop_limit
;
828 hlimit
= ip6_dst_hoplimit(dst
);
832 /* copy IPv6 saddr & daddr to flow_keys, possibly using 64bit load/store
833 * Equivalent to : flow->v6addrs.src = iph->saddr;
834 * flow->v6addrs.dst = iph->daddr;
836 static inline void iph_to_flow_copy_v6addrs(struct flow_keys
*flow
,
837 const struct ipv6hdr
*iph
)
839 BUILD_BUG_ON(offsetof(typeof(flow
->addrs
), v6addrs
.dst
) !=
840 offsetof(typeof(flow
->addrs
), v6addrs
.src
) +
841 sizeof(flow
->addrs
.v6addrs
.src
));
842 memcpy(&flow
->addrs
.v6addrs
, &iph
->saddr
, sizeof(flow
->addrs
.v6addrs
));
843 flow
->control
.addr_type
= FLOW_DISSECTOR_KEY_IPV6_ADDRS
;
846 #if IS_ENABLED(CONFIG_IPV6)
848 static inline bool ipv6_can_nonlocal_bind(struct net
*net
,
849 struct inet_sock
*inet
)
851 return net
->ipv6
.sysctl
.ip_nonlocal_bind
||
852 inet
->freebind
|| inet
->transparent
;
855 /* Sysctl settings for net ipv6.auto_flowlabels */
856 #define IP6_AUTO_FLOW_LABEL_OFF 0
857 #define IP6_AUTO_FLOW_LABEL_OPTOUT 1
858 #define IP6_AUTO_FLOW_LABEL_OPTIN 2
859 #define IP6_AUTO_FLOW_LABEL_FORCED 3
861 #define IP6_AUTO_FLOW_LABEL_MAX IP6_AUTO_FLOW_LABEL_FORCED
863 #define IP6_DEFAULT_AUTO_FLOW_LABELS IP6_AUTO_FLOW_LABEL_OPTOUT
865 static inline __be32
ip6_make_flowlabel(struct net
*net
, struct sk_buff
*skb
,
866 __be32 flowlabel
, bool autolabel
,
871 /* @flowlabel may include more than a flow label, eg, the traffic class.
872 * Here we want only the flow label value.
874 flowlabel
&= IPV6_FLOWLABEL_MASK
;
877 net
->ipv6
.sysctl
.auto_flowlabels
== IP6_AUTO_FLOW_LABEL_OFF
||
879 net
->ipv6
.sysctl
.auto_flowlabels
!= IP6_AUTO_FLOW_LABEL_FORCED
))
882 hash
= skb_get_hash_flowi6(skb
, fl6
);
884 /* Since this is being sent on the wire obfuscate hash a bit
885 * to minimize possbility that any useful information to an
886 * attacker is leaked. Only lower 20 bits are relevant.
888 hash
= rol32(hash
, 16);
890 flowlabel
= (__force __be32
)hash
& IPV6_FLOWLABEL_MASK
;
892 if (net
->ipv6
.sysctl
.flowlabel_state_ranges
)
893 flowlabel
|= IPV6_FLOWLABEL_STATELESS_FLAG
;
898 static inline int ip6_default_np_autolabel(struct net
*net
)
900 switch (net
->ipv6
.sysctl
.auto_flowlabels
) {
901 case IP6_AUTO_FLOW_LABEL_OFF
:
902 case IP6_AUTO_FLOW_LABEL_OPTIN
:
905 case IP6_AUTO_FLOW_LABEL_OPTOUT
:
906 case IP6_AUTO_FLOW_LABEL_FORCED
:
911 static inline __be32
ip6_make_flowlabel(struct net
*net
, struct sk_buff
*skb
,
912 __be32 flowlabel
, bool autolabel
,
917 static inline int ip6_default_np_autolabel(struct net
*net
)
923 #if IS_ENABLED(CONFIG_IPV6)
924 static inline int ip6_multipath_hash_policy(const struct net
*net
)
926 return net
->ipv6
.sysctl
.multipath_hash_policy
;
929 static inline int ip6_multipath_hash_policy(const struct net
*net
)
936 * Header manipulation
938 static inline void ip6_flow_hdr(struct ipv6hdr
*hdr
, unsigned int tclass
,
941 *(__be32
*)hdr
= htonl(0x60000000 | (tclass
<< 20)) | flowlabel
;
944 static inline __be32
ip6_flowinfo(const struct ipv6hdr
*hdr
)
946 return *(__be32
*)hdr
& IPV6_FLOWINFO_MASK
;
949 static inline __be32
ip6_flowlabel(const struct ipv6hdr
*hdr
)
951 return *(__be32
*)hdr
& IPV6_FLOWLABEL_MASK
;
954 static inline u8
ip6_tclass(__be32 flowinfo
)
956 return ntohl(flowinfo
& IPV6_TCLASS_MASK
) >> IPV6_TCLASS_SHIFT
;
959 static inline __be32
ip6_make_flowinfo(unsigned int tclass
, __be32 flowlabel
)
961 return htonl(tclass
<< IPV6_TCLASS_SHIFT
) | flowlabel
;
964 static inline __be32
flowi6_get_flowlabel(const struct flowi6
*fl6
)
966 return fl6
->flowlabel
& IPV6_FLOWLABEL_MASK
;
970 * Prototypes exported by ipv6
974 * rcv function (called from netdevice level)
977 int ipv6_rcv(struct sk_buff
*skb
, struct net_device
*dev
,
978 struct packet_type
*pt
, struct net_device
*orig_dev
);
979 void ipv6_list_rcv(struct list_head
*head
, struct packet_type
*pt
,
980 struct net_device
*orig_dev
);
982 int ip6_rcv_finish(struct net
*net
, struct sock
*sk
, struct sk_buff
*skb
);
985 * upper-layer output functions
987 int ip6_xmit(const struct sock
*sk
, struct sk_buff
*skb
, struct flowi6
*fl6
,
988 __u32 mark
, struct ipv6_txoptions
*opt
, int tclass
, u32 priority
);
990 int ip6_find_1stfragopt(struct sk_buff
*skb
, u8
**nexthdr
);
992 int ip6_append_data(struct sock
*sk
,
993 int getfrag(void *from
, char *to
, int offset
, int len
,
994 int odd
, struct sk_buff
*skb
),
995 void *from
, int length
, int transhdrlen
,
996 struct ipcm6_cookie
*ipc6
, struct flowi6
*fl6
,
997 struct rt6_info
*rt
, unsigned int flags
);
999 int ip6_push_pending_frames(struct sock
*sk
);
1001 void ip6_flush_pending_frames(struct sock
*sk
);
1003 int ip6_send_skb(struct sk_buff
*skb
);
1005 struct sk_buff
*__ip6_make_skb(struct sock
*sk
, struct sk_buff_head
*queue
,
1006 struct inet_cork_full
*cork
,
1007 struct inet6_cork
*v6_cork
);
1008 struct sk_buff
*ip6_make_skb(struct sock
*sk
,
1009 int getfrag(void *from
, char *to
, int offset
,
1010 int len
, int odd
, struct sk_buff
*skb
),
1011 void *from
, int length
, int transhdrlen
,
1012 struct ipcm6_cookie
*ipc6
, struct flowi6
*fl6
,
1013 struct rt6_info
*rt
, unsigned int flags
,
1014 struct inet_cork_full
*cork
);
1016 static inline struct sk_buff
*ip6_finish_skb(struct sock
*sk
)
1018 return __ip6_make_skb(sk
, &sk
->sk_write_queue
, &inet_sk(sk
)->cork
,
1019 &inet6_sk(sk
)->cork
);
1022 int ip6_dst_lookup(struct net
*net
, struct sock
*sk
, struct dst_entry
**dst
,
1023 struct flowi6
*fl6
);
1024 struct dst_entry
*ip6_dst_lookup_flow(struct net
*net
, const struct sock
*sk
, struct flowi6
*fl6
,
1025 const struct in6_addr
*final_dst
);
1026 struct dst_entry
*ip6_sk_dst_lookup_flow(struct sock
*sk
, struct flowi6
*fl6
,
1027 const struct in6_addr
*final_dst
,
1029 struct dst_entry
*ip6_dst_lookup_tunnel(struct sk_buff
*skb
,
1030 struct net_device
*dev
,
1031 struct net
*net
, struct socket
*sock
,
1032 struct in6_addr
*saddr
,
1033 const struct ip_tunnel_info
*info
,
1034 u8 protocol
, bool use_cache
);
1035 struct dst_entry
*ip6_blackhole_route(struct net
*net
,
1036 struct dst_entry
*orig_dst
);
1039 * skb processing functions
1042 int ip6_output(struct net
*net
, struct sock
*sk
, struct sk_buff
*skb
);
1043 int ip6_forward(struct sk_buff
*skb
);
1044 int ip6_input(struct sk_buff
*skb
);
1045 int ip6_mc_input(struct sk_buff
*skb
);
1046 void ip6_protocol_deliver_rcu(struct net
*net
, struct sk_buff
*skb
, int nexthdr
,
1049 int __ip6_local_out(struct net
*net
, struct sock
*sk
, struct sk_buff
*skb
);
1050 int ip6_local_out(struct net
*net
, struct sock
*sk
, struct sk_buff
*skb
);
1053 * Extension header (options) processing
1056 void ipv6_push_nfrag_opts(struct sk_buff
*skb
, struct ipv6_txoptions
*opt
,
1057 u8
*proto
, struct in6_addr
**daddr_p
,
1058 struct in6_addr
*saddr
);
1059 void ipv6_push_frag_opts(struct sk_buff
*skb
, struct ipv6_txoptions
*opt
,
1062 int ipv6_skip_exthdr(const struct sk_buff
*, int start
, u8
*nexthdrp
,
1065 bool ipv6_ext_hdr(u8 nexthdr
);
1068 IP6_FH_F_FRAG
= (1 << 0),
1069 IP6_FH_F_AUTH
= (1 << 1),
1070 IP6_FH_F_SKIP_RH
= (1 << 2),
1073 /* find specified header and get offset to it */
1074 int ipv6_find_hdr(const struct sk_buff
*skb
, unsigned int *offset
, int target
,
1075 unsigned short *fragoff
, int *fragflg
);
1077 int ipv6_find_tlv(const struct sk_buff
*skb
, int offset
, int type
);
1079 struct in6_addr
*fl6_update_dst(struct flowi6
*fl6
,
1080 const struct ipv6_txoptions
*opt
,
1081 struct in6_addr
*orig
);
1084 * socket options (ipv6_sockglue.c)
1087 int ipv6_setsockopt(struct sock
*sk
, int level
, int optname
, sockptr_t optval
,
1088 unsigned int optlen
);
1089 int ipv6_getsockopt(struct sock
*sk
, int level
, int optname
,
1090 char __user
*optval
, int __user
*optlen
);
1092 int __ip6_datagram_connect(struct sock
*sk
, struct sockaddr
*addr
,
1094 int ip6_datagram_connect(struct sock
*sk
, struct sockaddr
*addr
, int addr_len
);
1095 int ip6_datagram_connect_v6_only(struct sock
*sk
, struct sockaddr
*addr
,
1097 int ip6_datagram_dst_update(struct sock
*sk
, bool fix_sk_saddr
);
1098 void ip6_datagram_release_cb(struct sock
*sk
);
1100 int ipv6_recv_error(struct sock
*sk
, struct msghdr
*msg
, int len
,
1102 int ipv6_recv_rxpmtu(struct sock
*sk
, struct msghdr
*msg
, int len
,
1104 void ipv6_icmp_error(struct sock
*sk
, struct sk_buff
*skb
, int err
, __be16 port
,
1105 u32 info
, u8
*payload
);
1106 void ipv6_local_error(struct sock
*sk
, int err
, struct flowi6
*fl6
, u32 info
);
1107 void ipv6_local_rxpmtu(struct sock
*sk
, struct flowi6
*fl6
, u32 mtu
);
1109 int inet6_release(struct socket
*sock
);
1110 int inet6_bind(struct socket
*sock
, struct sockaddr
*uaddr
, int addr_len
);
1111 int inet6_getname(struct socket
*sock
, struct sockaddr
*uaddr
,
1113 int inet6_ioctl(struct socket
*sock
, unsigned int cmd
, unsigned long arg
);
1114 int inet6_compat_ioctl(struct socket
*sock
, unsigned int cmd
,
1117 int inet6_hash_connect(struct inet_timewait_death_row
*death_row
,
1119 int inet6_sendmsg(struct socket
*sock
, struct msghdr
*msg
, size_t size
);
1120 int inet6_recvmsg(struct socket
*sock
, struct msghdr
*msg
, size_t size
,
1126 extern const struct proto_ops inet6_stream_ops
;
1127 extern const struct proto_ops inet6_dgram_ops
;
1128 extern const struct proto_ops inet6_sockraw_ops
;
1130 struct group_source_req
;
1131 struct group_filter
;
1133 int ip6_mc_source(int add
, int omode
, struct sock
*sk
,
1134 struct group_source_req
*pgsr
);
1135 int ip6_mc_msfilter(struct sock
*sk
, struct group_filter
*gsf
,
1136 struct sockaddr_storage
*list
);
1137 int ip6_mc_msfget(struct sock
*sk
, struct group_filter
*gsf
,
1138 struct sockaddr_storage __user
*p
);
1140 #ifdef CONFIG_PROC_FS
1141 int ac6_proc_init(struct net
*net
);
1142 void ac6_proc_exit(struct net
*net
);
1143 int raw6_proc_init(void);
1144 void raw6_proc_exit(void);
1145 int tcp6_proc_init(struct net
*net
);
1146 void tcp6_proc_exit(struct net
*net
);
1147 int udp6_proc_init(struct net
*net
);
1148 void udp6_proc_exit(struct net
*net
);
1149 int udplite6_proc_init(void);
1150 void udplite6_proc_exit(void);
1151 int ipv6_misc_proc_init(void);
1152 void ipv6_misc_proc_exit(void);
1153 int snmp6_register_dev(struct inet6_dev
*idev
);
1154 int snmp6_unregister_dev(struct inet6_dev
*idev
);
1157 static inline int ac6_proc_init(struct net
*net
) { return 0; }
1158 static inline void ac6_proc_exit(struct net
*net
) { }
1159 static inline int snmp6_register_dev(struct inet6_dev
*idev
) { return 0; }
1160 static inline int snmp6_unregister_dev(struct inet6_dev
*idev
) { return 0; }
1163 #ifdef CONFIG_SYSCTL
1164 struct ctl_table
*ipv6_icmp_sysctl_init(struct net
*net
);
1165 struct ctl_table
*ipv6_route_sysctl_init(struct net
*net
);
1166 int ipv6_sysctl_register(void);
1167 void ipv6_sysctl_unregister(void);
1170 int ipv6_sock_mc_join(struct sock
*sk
, int ifindex
,
1171 const struct in6_addr
*addr
);
1172 int ipv6_sock_mc_join_ssm(struct sock
*sk
, int ifindex
,
1173 const struct in6_addr
*addr
, unsigned int mode
);
1174 int ipv6_sock_mc_drop(struct sock
*sk
, int ifindex
,
1175 const struct in6_addr
*addr
);
1177 static inline int ip6_sock_set_v6only(struct sock
*sk
)
1179 if (inet_sk(sk
)->inet_num
)
1182 sk
->sk_ipv6only
= true;
1187 static inline void ip6_sock_set_recverr(struct sock
*sk
)
1190 inet6_sk(sk
)->recverr
= true;
1194 static inline int __ip6_sock_set_addr_preferences(struct sock
*sk
, int val
)
1196 unsigned int pref
= 0;
1197 unsigned int prefmask
= ~0;
1199 /* check PUBLIC/TMP/PUBTMP_DEFAULT conflicts */
1200 switch (val
& (IPV6_PREFER_SRC_PUBLIC
|
1201 IPV6_PREFER_SRC_TMP
|
1202 IPV6_PREFER_SRC_PUBTMP_DEFAULT
)) {
1203 case IPV6_PREFER_SRC_PUBLIC
:
1204 pref
|= IPV6_PREFER_SRC_PUBLIC
;
1205 prefmask
&= ~(IPV6_PREFER_SRC_PUBLIC
|
1206 IPV6_PREFER_SRC_TMP
);
1208 case IPV6_PREFER_SRC_TMP
:
1209 pref
|= IPV6_PREFER_SRC_TMP
;
1210 prefmask
&= ~(IPV6_PREFER_SRC_PUBLIC
|
1211 IPV6_PREFER_SRC_TMP
);
1213 case IPV6_PREFER_SRC_PUBTMP_DEFAULT
:
1214 prefmask
&= ~(IPV6_PREFER_SRC_PUBLIC
|
1215 IPV6_PREFER_SRC_TMP
);
1223 /* check HOME/COA conflicts */
1224 switch (val
& (IPV6_PREFER_SRC_HOME
| IPV6_PREFER_SRC_COA
)) {
1225 case IPV6_PREFER_SRC_HOME
:
1226 prefmask
&= ~IPV6_PREFER_SRC_COA
;
1228 case IPV6_PREFER_SRC_COA
:
1229 pref
|= IPV6_PREFER_SRC_COA
;
1237 /* check CGA/NONCGA conflicts */
1238 switch (val
& (IPV6_PREFER_SRC_CGA
|IPV6_PREFER_SRC_NONCGA
)) {
1239 case IPV6_PREFER_SRC_CGA
:
1240 case IPV6_PREFER_SRC_NONCGA
:
1247 inet6_sk(sk
)->srcprefs
= (inet6_sk(sk
)->srcprefs
& prefmask
) | pref
;
1251 static inline int ip6_sock_set_addr_preferences(struct sock
*sk
, bool val
)
1256 ret
= __ip6_sock_set_addr_preferences(sk
, val
);
1261 static inline void ip6_sock_set_recvpktinfo(struct sock
*sk
)
1264 inet6_sk(sk
)->rxopt
.bits
.rxinfo
= true;
1268 #endif /* _NET_IPV6_H */