gateway_client.c 20.8 KB
Newer Older
1
/* Copyright (C) 2009-2013 B.A.T.M.A.N. contributors:
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
 *
 * Marek Lindner
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of version 2 of the GNU General Public
 * License as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA
 */

#include "main.h"
21
#include "sysfs.h"
22 23 24
#include "gateway_client.h"
#include "gateway_common.h"
#include "hard-interface.h"
25
#include "originator.h"
26
#include "translation-table.h"
27
#include "routing.h"
28 29 30 31 32
#include <linux/ip.h>
#include <linux/ipv6.h>
#include <linux/udp.h>
#include <linux/if_vlan.h>

33
/* This is the offset of the options field in a dhcp packet starting at
34 35
 * the beginning of the dhcp header
 */
36 37
#define BATADV_DHCP_OPTIONS_OFFSET 240
#define BATADV_DHCP_REQUEST 3
38

39
static void batadv_gw_node_free_ref(struct batadv_gw_node *gw_node)
40
{
41
	if (atomic_dec_and_test(&gw_node->refcount))
42
		kfree_rcu(gw_node, rcu);
43 44
}

45 46
static struct batadv_gw_node *
batadv_gw_get_selected_gw_node(struct batadv_priv *bat_priv)
47
{
48
	struct batadv_gw_node *gw_node;
49

50
	rcu_read_lock();
51
	gw_node = rcu_dereference(bat_priv->gw.curr_gw);
52
	if (!gw_node)
53
		goto out;
54

55 56
	if (!atomic_inc_not_zero(&gw_node->refcount))
		gw_node = NULL;
57

58 59
out:
	rcu_read_unlock();
60
	return gw_node;
61 62
}

63 64
struct batadv_orig_node *
batadv_gw_get_selected_orig(struct batadv_priv *bat_priv)
65
{
66 67
	struct batadv_gw_node *gw_node;
	struct batadv_orig_node *orig_node = NULL;
68

69
	gw_node = batadv_gw_get_selected_gw_node(bat_priv);
70 71 72 73 74 75 76 77 78 79
	if (!gw_node)
		goto out;

	rcu_read_lock();
	orig_node = gw_node->orig_node;
	if (!orig_node)
		goto unlock;

	if (!atomic_inc_not_zero(&orig_node->refcount))
		orig_node = NULL;
80

81 82 83
unlock:
	rcu_read_unlock();
out:
84
	if (gw_node)
85
		batadv_gw_node_free_ref(gw_node);
86
	return orig_node;
87 88
}

89 90
static void batadv_gw_select(struct batadv_priv *bat_priv,
			     struct batadv_gw_node *new_gw_node)
91
{
92
	struct batadv_gw_node *curr_gw_node;
93

94
	spin_lock_bh(&bat_priv->gw.list_lock);
95

96 97
	if (new_gw_node && !atomic_inc_not_zero(&new_gw_node->refcount))
		new_gw_node = NULL;
98

99 100
	curr_gw_node = rcu_dereference_protected(bat_priv->gw.curr_gw, 1);
	rcu_assign_pointer(bat_priv->gw.curr_gw, new_gw_node);
101 102

	if (curr_gw_node)
103
		batadv_gw_node_free_ref(curr_gw_node);
104

105
	spin_unlock_bh(&bat_priv->gw.list_lock);
106 107
}

108
void batadv_gw_deselect(struct batadv_priv *bat_priv)
109
{
110
	atomic_set(&bat_priv->gw.reselect, 1);
111 112
}

113 114
static struct batadv_gw_node *
batadv_gw_get_best_gw_node(struct batadv_priv *bat_priv)
115
{
116 117
	struct batadv_neigh_node *router;
	struct batadv_gw_node *gw_node, *curr_gw = NULL;
118
	uint32_t max_gw_factor = 0, tmp_gw_factor = 0;
119
	uint32_t gw_divisor;
120
	uint8_t max_tq = 0;
121
	uint8_t tq_avg;
122
	struct batadv_orig_node *orig_node;
123

124 125 126
	gw_divisor = BATADV_TQ_LOCAL_WINDOW_SIZE * BATADV_TQ_LOCAL_WINDOW_SIZE;
	gw_divisor *= 64;

127
	rcu_read_lock();
128
	hlist_for_each_entry_rcu(gw_node, &bat_priv->gw.list, list) {
129
		if (gw_node->deleted)
130 131
			continue;

132
		orig_node = gw_node->orig_node;
133
		router = batadv_orig_node_get_router(orig_node);
134
		if (!router)
135 136
			continue;

137 138 139
		if (!atomic_inc_not_zero(&gw_node->refcount))
			goto next;

140 141
		tq_avg = router->tq_avg;

142 143
		switch (atomic_read(&bat_priv->gw_sel_class)) {
		case 1: /* fast connection */
144 145 146
			tmp_gw_factor = tq_avg * tq_avg;
			tmp_gw_factor *= gw_node->bandwidth_down;
			tmp_gw_factor *= 100 * 100;
147
			tmp_gw_factor /= gw_divisor;
148 149 150

			if ((tmp_gw_factor > max_gw_factor) ||
			    ((tmp_gw_factor == max_gw_factor) &&
151
			     (tq_avg > max_tq))) {
152
				if (curr_gw)
153
					batadv_gw_node_free_ref(curr_gw);
154 155 156
				curr_gw = gw_node;
				atomic_inc(&curr_gw->refcount);
			}
157 158
			break;

159
		default: /* 2:  stable connection (use best statistic)
160 161 162 163 164
			  * 3:  fast-switch (use best statistic but change as
			  *     soon as a better gateway appears)
			  * XX: late-switch (use best statistic but change as
			  *     soon as a better gateway appears which has
			  *     $routing_class more tq points)
165
			  */
166
			if (tq_avg > max_tq) {
167
				if (curr_gw)
168
					batadv_gw_node_free_ref(curr_gw);
169 170 171
				curr_gw = gw_node;
				atomic_inc(&curr_gw->refcount);
			}
172 173 174
			break;
		}

175 176
		if (tq_avg > max_tq)
			max_tq = tq_avg;
177 178 179

		if (tmp_gw_factor > max_gw_factor)
			max_gw_factor = tmp_gw_factor;
180

181
		batadv_gw_node_free_ref(gw_node);
182 183

next:
184
		batadv_neigh_node_free_ref(router);
185
	}
186
	rcu_read_unlock();
187

188 189
	return curr_gw;
}
190

191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217
/**
 * batadv_gw_check_client_stop - check if client mode has been switched off
 * @bat_priv: the bat priv with all the soft interface information
 *
 * This function assumes the caller has checked that the gw state *is actually
 * changing*. This function is not supposed to be called when there is no state
 * change.
 */
void batadv_gw_check_client_stop(struct batadv_priv *bat_priv)
{
	struct batadv_gw_node *curr_gw;

	if (atomic_read(&bat_priv->gw_mode) != BATADV_GW_MODE_CLIENT)
		return;

	curr_gw = batadv_gw_get_selected_gw_node(bat_priv);
	if (!curr_gw)
		return;

	/* if batman-adv is switching the gw client mode off and a gateway was
	 * already selected, send a DEL uevent
	 */
	batadv_throw_uevent(bat_priv, BATADV_UEV_GW, BATADV_UEV_DEL, NULL);

	batadv_gw_node_free_ref(curr_gw);
}

218
void batadv_gw_election(struct batadv_priv *bat_priv)
219
{
220 221
	struct batadv_gw_node *curr_gw = NULL, *next_gw = NULL;
	struct batadv_neigh_node *router = NULL;
222
	char gw_addr[18] = { '\0' };
223

224
	/* The batman daemon checks here if we already passed a full originator
225 226 227
	 * cycle in order to make sure we don't choose the first gateway we
	 * hear about. This check is based on the daemon's uptime which we
	 * don't have.
228
	 */
229
	if (atomic_read(&bat_priv->gw_mode) != BATADV_GW_MODE_CLIENT)
230 231
		goto out;

232
	curr_gw = batadv_gw_get_selected_gw_node(bat_priv);
233

234
	if (!batadv_atomic_dec_not_zero(&bat_priv->gw.reselect) && curr_gw)
235 236
		goto out;

237
	next_gw = batadv_gw_get_best_gw_node(bat_priv);
238 239 240 241 242

	if (curr_gw == next_gw)
		goto out;

	if (next_gw) {
243 244
		sprintf(gw_addr, "%pM", next_gw->orig_node->orig);

245
		router = batadv_orig_node_get_router(next_gw->orig_node);
246
		if (!router) {
247
			batadv_gw_deselect(bat_priv);
248 249
			goto out;
		}
250 251
	}

252
	if ((curr_gw) && (!next_gw)) {
253
		batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
254
			   "Removing selected gateway - no gateway in range\n");
255 256
		batadv_throw_uevent(bat_priv, BATADV_UEV_GW, BATADV_UEV_DEL,
				    NULL);
257
	} else if ((!curr_gw) && (next_gw)) {
258
		batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
259
			   "Adding route to gateway %pM (bandwidth: %u.%u/%u.%u MBit, tq: %i)\n",
260
			   next_gw->orig_node->orig,
261 262 263 264
			   next_gw->bandwidth_down / 10,
			   next_gw->bandwidth_down % 10,
			   next_gw->bandwidth_up / 10,
			   next_gw->bandwidth_up % 10, router->tq_avg);
265 266
		batadv_throw_uevent(bat_priv, BATADV_UEV_GW, BATADV_UEV_ADD,
				    gw_addr);
267
	} else {
268
		batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
269
			   "Changing route to gateway %pM (bandwidth: %u.%u/%u.%u MBit, tq: %i)\n",
270
			   next_gw->orig_node->orig,
271 272 273 274
			   next_gw->bandwidth_down / 10,
			   next_gw->bandwidth_down % 10,
			   next_gw->bandwidth_up / 10,
			   next_gw->bandwidth_up % 10, router->tq_avg);
275 276
		batadv_throw_uevent(bat_priv, BATADV_UEV_GW, BATADV_UEV_CHANGE,
				    gw_addr);
277 278
	}

279
	batadv_gw_select(bat_priv, next_gw);
280

281 282
out:
	if (curr_gw)
283
		batadv_gw_node_free_ref(curr_gw);
284
	if (next_gw)
285
		batadv_gw_node_free_ref(next_gw);
286
	if (router)
287
		batadv_neigh_node_free_ref(router);
288 289
}

290 291
void batadv_gw_check_election(struct batadv_priv *bat_priv,
			      struct batadv_orig_node *orig_node)
292
{
293 294
	struct batadv_orig_node *curr_gw_orig;
	struct batadv_neigh_node *router_gw = NULL, *router_orig = NULL;
295 296
	uint8_t gw_tq_avg, orig_tq_avg;

297
	curr_gw_orig = batadv_gw_get_selected_orig(bat_priv);
298 299
	if (!curr_gw_orig)
		goto deselect;
300

301
	router_gw = batadv_orig_node_get_router(curr_gw_orig);
302 303
	if (!router_gw)
		goto deselect;
304 305

	/* this node already is the gateway */
306
	if (curr_gw_orig == orig_node)
307
		goto out;
308

309
	router_orig = batadv_orig_node_get_router(orig_node);
310 311
	if (!router_orig)
		goto out;
312

313 314
	gw_tq_avg = router_gw->tq_avg;
	orig_tq_avg = router_orig->tq_avg;
315 316 317

	/* the TQ value has to be better */
	if (orig_tq_avg < gw_tq_avg)
318
		goto out;
319

320
	/* if the routing class is greater than 3 the value tells us how much
321
	 * greater the TQ value of the new gateway must be
322
	 */
323 324
	if ((atomic_read(&bat_priv->gw_sel_class) > 3) &&
	    (orig_tq_avg - gw_tq_avg < atomic_read(&bat_priv->gw_sel_class)))
325
		goto out;
326

327
	batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
328 329
		   "Restarting gateway selection: better gateway found (tq curr: %i, tq new: %i)\n",
		   gw_tq_avg, orig_tq_avg);
330 331

deselect:
332
	batadv_gw_deselect(bat_priv);
333
out:
334
	if (curr_gw_orig)
335
		batadv_orig_node_free_ref(curr_gw_orig);
336
	if (router_gw)
337
		batadv_neigh_node_free_ref(router_gw);
338
	if (router_orig)
339
		batadv_neigh_node_free_ref(router_orig);
340

341
	return;
342 343
}

344 345 346 347 348 349
/**
 * batadv_gw_node_add - add gateway node to list of available gateways
 * @bat_priv: the bat priv with all the soft interface information
 * @orig_node: originator announcing gateway capabilities
 * @gateway: announced bandwidth information
 */
350 351
static void batadv_gw_node_add(struct batadv_priv *bat_priv,
			       struct batadv_orig_node *orig_node,
352
			       struct batadv_tvlv_gateway_data *gateway)
353
{
354
	struct batadv_gw_node *gw_node;
355 356 357

	if (gateway->bandwidth_down == 0)
		return;
358

359
	gw_node = kzalloc(sizeof(*gw_node), GFP_ATOMIC);
360 361 362 363 364
	if (!gw_node)
		return;

	INIT_HLIST_NODE(&gw_node->list);
	gw_node->orig_node = orig_node;
365
	atomic_set(&gw_node->refcount, 1);
366

367 368 369
	spin_lock_bh(&bat_priv->gw.list_lock);
	hlist_add_head_rcu(&gw_node->list, &bat_priv->gw.list);
	spin_unlock_bh(&bat_priv->gw.list_lock);
370

371
	batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
372 373 374 375 376 377
		   "Found new gateway %pM -> gw bandwidth: %u.%u/%u.%u MBit\n",
		   orig_node->orig,
		   ntohl(gateway->bandwidth_down) / 10,
		   ntohl(gateway->bandwidth_down) % 10,
		   ntohl(gateway->bandwidth_up) / 10,
		   ntohl(gateway->bandwidth_up) % 10);
378 379
}

380 381 382 383 384 385 386 387 388 389
/**
 * batadv_gw_node_get - retrieve gateway node from list of available gateways
 * @bat_priv: the bat priv with all the soft interface information
 * @orig_node: originator announcing gateway capabilities
 *
 * Returns gateway node if found or NULL otherwise.
 */
static struct batadv_gw_node *
batadv_gw_node_get(struct batadv_priv *bat_priv,
		   struct batadv_orig_node *orig_node)
390
{
391
	struct batadv_gw_node *gw_node_tmp, *gw_node = NULL;
392 393

	rcu_read_lock();
394 395
	hlist_for_each_entry_rcu(gw_node_tmp, &bat_priv->gw.list, list) {
		if (gw_node_tmp->orig_node != orig_node)
396 397
			continue;

398 399
		if (gw_node_tmp->deleted)
			continue;
400

401 402
		if (!atomic_inc_not_zero(&gw_node_tmp->refcount))
			continue;
403

404 405 406 407
		gw_node = gw_node_tmp;
		break;
	}
	rcu_read_unlock();
408

409 410
	return gw_node;
}
411

412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428
/**
 * batadv_gw_node_update - update list of available gateways with changed
 *  bandwidth information
 * @bat_priv: the bat priv with all the soft interface information
 * @orig_node: originator announcing gateway capabilities
 * @gateway: announced bandwidth information
 */
void batadv_gw_node_update(struct batadv_priv *bat_priv,
			   struct batadv_orig_node *orig_node,
			   struct batadv_tvlv_gateway_data *gateway)
{
	struct batadv_gw_node *gw_node, *curr_gw = NULL;

	gw_node = batadv_gw_node_get(bat_priv, orig_node);
	if (!gw_node) {
		batadv_gw_node_add(bat_priv, orig_node, gateway);
		goto out;
429 430
	}

431 432 433
	if ((gw_node->bandwidth_down == ntohl(gateway->bandwidth_down)) &&
	    (gw_node->bandwidth_up == ntohl(gateway->bandwidth_up)))
		goto out;
434

435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455
	batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
		   "Gateway bandwidth of originator %pM changed from %u.%u/%u.%u MBit to %u.%u/%u.%u MBit\n",
		   orig_node->orig,
		   gw_node->bandwidth_down / 10,
		   gw_node->bandwidth_down % 10,
		   gw_node->bandwidth_up / 10,
		   gw_node->bandwidth_up % 10,
		   ntohl(gateway->bandwidth_down) / 10,
		   ntohl(gateway->bandwidth_down) % 10,
		   ntohl(gateway->bandwidth_up) / 10,
		   ntohl(gateway->bandwidth_up) % 10);

	gw_node->bandwidth_down = ntohl(gateway->bandwidth_down);
	gw_node->bandwidth_up = ntohl(gateway->bandwidth_up);

	gw_node->deleted = 0;
	if (ntohl(gateway->bandwidth_down) == 0) {
		gw_node->deleted = jiffies;
		batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
			   "Gateway %pM removed from gateway list\n",
			   orig_node->orig);
456

457 458 459 460 461 462 463
		/* Note: We don't need a NULL check here, since curr_gw never
		 * gets dereferenced.
		 */
		curr_gw = batadv_gw_get_selected_gw_node(bat_priv);
		if (gw_node == curr_gw)
			batadv_gw_deselect(bat_priv);
	}
464

465
out:
466
	if (curr_gw)
467
		batadv_gw_node_free_ref(curr_gw);
468 469
	if (gw_node)
		batadv_gw_node_free_ref(gw_node);
470 471
}

472 473
void batadv_gw_node_delete(struct batadv_priv *bat_priv,
			   struct batadv_orig_node *orig_node)
474
{
475 476 477 478 479 480
	struct batadv_tvlv_gateway_data gateway;

	gateway.bandwidth_down = 0;
	gateway.bandwidth_up = 0;

	batadv_gw_node_update(bat_priv, orig_node, &gateway);
481 482
}

483
void batadv_gw_node_purge(struct batadv_priv *bat_priv)
484
{
485
	struct batadv_gw_node *gw_node, *curr_gw;
486
	struct hlist_node *node_tmp;
487
	unsigned long timeout = msecs_to_jiffies(2 * BATADV_PURGE_TIMEOUT);
488
	int do_deselect = 0;
489

490
	curr_gw = batadv_gw_get_selected_gw_node(bat_priv);
491

492
	spin_lock_bh(&bat_priv->gw.list_lock);
493

494
	hlist_for_each_entry_safe(gw_node, node_tmp,
495
				  &bat_priv->gw.list, list) {
496 497
		if (((!gw_node->deleted) ||
		     (time_before(jiffies, gw_node->deleted + timeout))) &&
498
		    atomic_read(&bat_priv->mesh_state) == BATADV_MESH_ACTIVE)
499 500
			continue;

501 502
		if (curr_gw == gw_node)
			do_deselect = 1;
503 504

		hlist_del_rcu(&gw_node->list);
505
		batadv_gw_node_free_ref(gw_node);
506 507
	}

508
	spin_unlock_bh(&bat_priv->gw.list_lock);
509 510 511

	/* gw_deselect() needs to acquire the gw_list_lock */
	if (do_deselect)
512
		batadv_gw_deselect(bat_priv);
513 514

	if (curr_gw)
515
		batadv_gw_node_free_ref(curr_gw);
516 517
}

518
/* fails if orig_node has no router */
519 520 521
static int batadv_write_buffer_text(struct batadv_priv *bat_priv,
				    struct seq_file *seq,
				    const struct batadv_gw_node *gw_node)
522
{
523 524
	struct batadv_gw_node *curr_gw;
	struct batadv_neigh_node *router;
525
	int ret = -1;
526

527
	router = batadv_orig_node_get_router(gw_node->orig_node);
528 529
	if (!router)
		goto out;
530

531
	curr_gw = batadv_gw_get_selected_gw_node(bat_priv);
532

533
	ret = seq_printf(seq, "%s %pM (%3i) %pM [%10s]: %u.%u/%u.%u MBit\n",
534 535 536 537
			 (curr_gw == gw_node ? "=>" : "  "),
			 gw_node->orig_node->orig,
			 router->tq_avg, router->addr,
			 router->if_incoming->net_dev->name,
538 539 540 541
			 gw_node->bandwidth_down / 10,
			 gw_node->bandwidth_down % 10,
			 gw_node->bandwidth_up / 10,
			 gw_node->bandwidth_up % 10);
542

543
	batadv_neigh_node_free_ref(router);
544
	if (curr_gw)
545
		batadv_gw_node_free_ref(curr_gw);
546
out:
547
	return ret;
548 549
}

550
int batadv_gw_client_seq_print_text(struct seq_file *seq, void *offset)
551 552
{
	struct net_device *net_dev = (struct net_device *)seq->private;
553 554 555
	struct batadv_priv *bat_priv = netdev_priv(net_dev);
	struct batadv_hard_iface *primary_if;
	struct batadv_gw_node *gw_node;
556
	int gw_count = 0;
557

558 559
	primary_if = batadv_seq_print_text_primary_if_get(seq);
	if (!primary_if)
560
		goto out;
561

562
	seq_printf(seq,
563
		   "      %-12s (%s/%i) %17s [%10s]: advertised uplink bandwidth ... [B.A.T.M.A.N. adv %s, MainIF/MAC: %s/%pM (%s)]\n",
564 565
		   "Gateway", "#", BATADV_TQ_MAX_VALUE, "Nexthop", "outgoingIF",
		   BATADV_SOURCE_VERSION, primary_if->net_dev->name,
566
		   primary_if->net_dev->dev_addr, net_dev->name);
567 568

	rcu_read_lock();
569
	hlist_for_each_entry_rcu(gw_node, &bat_priv->gw.list, list) {
570 571 572
		if (gw_node->deleted)
			continue;

573
		/* fails if orig_node has no router */
574
		if (batadv_write_buffer_text(bat_priv, seq, gw_node) < 0)
575 576 577 578 579 580 581
			continue;

		gw_count++;
	}
	rcu_read_unlock();

	if (gw_count == 0)
582
		seq_puts(seq, "No gateways in range ...\n");
583

584 585
out:
	if (primary_if)
586
		batadv_hardif_free_ref(primary_if);
587
	return 0;
588 589
}

590
/* this call might reallocate skb data */
591
static bool batadv_is_type_dhcprequest(struct sk_buff *skb, int header_len)
592 593 594 595 596 597 598 599 600 601
{
	int ret = false;
	unsigned char *p;
	int pkt_len;

	if (skb_linearize(skb) < 0)
		goto out;

	pkt_len = skb_headlen(skb);

602
	if (pkt_len < header_len + BATADV_DHCP_OPTIONS_OFFSET + 1)
603 604
		goto out;

605 606
	p = skb->data + header_len + BATADV_DHCP_OPTIONS_OFFSET;
	pkt_len -= header_len + BATADV_DHCP_OPTIONS_OFFSET + 1;
607 608

	/* Access the dhcp option lists. Each entry is made up by:
609 610
	 * - octet 1: option type
	 * - octet 2: option data len (only if type != 255 and 0)
611 612
	 * - octet 3: option data
	 */
613
	while (*p != 255 && !ret) {
614
		/* p now points to the first octet: option type */
615 616
		if (*p == 53) {
			/* type 53 is the message type option.
617 618
			 * Jump the len octet and go to the data octet
			 */
619 620 621 622 623
			if (pkt_len < 2)
				goto out;
			p += 2;

			/* check if the message type is what we need */
624
			if (*p == BATADV_DHCP_REQUEST)
625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640
				ret = true;
			break;
		} else if (*p == 0) {
			/* option type 0 (padding), just go forward */
			if (pkt_len < 1)
				goto out;
			pkt_len--;
			p++;
		} else {
			/* This is any other option. So we get the length... */
			if (pkt_len < 1)
				goto out;
			pkt_len--;
			p++;

			/* ...and then we jump over the data */
641
			if (pkt_len < 1 + (*p))
642
				goto out;
643 644
			pkt_len -= 1 + (*p);
			p += 1 + (*p);
645 646 647 648 649 650
		}
	}
out:
	return ret;
}

651
/* this call might reallocate skb data */
652
bool batadv_gw_is_dhcp_target(struct sk_buff *skb, unsigned int *header_len)
653 654 655 656 657 658 659
{
	struct ethhdr *ethhdr;
	struct iphdr *iphdr;
	struct ipv6hdr *ipv6hdr;
	struct udphdr *udphdr;

	/* check for ethernet header */
660 661
	if (!pskb_may_pull(skb, *header_len + ETH_HLEN))
		return false;
662
	ethhdr = (struct ethhdr *)skb->data;
663
	*header_len += ETH_HLEN;
664 665 666

	/* check for initial vlan header */
	if (ntohs(ethhdr->h_proto) == ETH_P_8021Q) {
667 668
		if (!pskb_may_pull(skb, *header_len + VLAN_HLEN))
			return false;
669
		ethhdr = (struct ethhdr *)(skb->data + VLAN_HLEN);
670
		*header_len += VLAN_HLEN;
671 672 673 674 675
	}

	/* check for ip header */
	switch (ntohs(ethhdr->h_proto)) {
	case ETH_P_IP:
676 677 678 679
		if (!pskb_may_pull(skb, *header_len + sizeof(*iphdr)))
			return false;
		iphdr = (struct iphdr *)(skb->data + *header_len);
		*header_len += iphdr->ihl * 4;
680 681 682

		/* check for udp header */
		if (iphdr->protocol != IPPROTO_UDP)
683
			return false;
684 685 686

		break;
	case ETH_P_IPV6:
687 688 689 690
		if (!pskb_may_pull(skb, *header_len + sizeof(*ipv6hdr)))
			return false;
		ipv6hdr = (struct ipv6hdr *)(skb->data + *header_len);
		*header_len += sizeof(*ipv6hdr);
691 692 693

		/* check for udp header */
		if (ipv6hdr->nexthdr != IPPROTO_UDP)
694
			return false;
695 696 697

		break;
	default:
698
		return false;
699 700
	}

701 702
	if (!pskb_may_pull(skb, *header_len + sizeof(*udphdr)))
		return false;
703 704 705 706 707 708

	/* skb->data might have been reallocated by pskb_may_pull() */
	ethhdr = (struct ethhdr *)skb->data;
	if (ntohs(ethhdr->h_proto) == ETH_P_8021Q)
		ethhdr = (struct ethhdr *)(skb->data + VLAN_HLEN);

709 710
	udphdr = (struct udphdr *)(skb->data + *header_len);
	*header_len += sizeof(*udphdr);
711 712 713

	/* check for bootp port */
	if ((ntohs(ethhdr->h_proto) == ETH_P_IP) &&
714
	    (ntohs(udphdr->dest) != 67))
715
		return false;
716 717 718

	if ((ntohs(ethhdr->h_proto) == ETH_P_IPV6) &&
	    (ntohs(udphdr->dest) != 547))
719
		return false;
720

721 722
	return true;
}
723

724
/* this call might reallocate skb data */
725
bool batadv_gw_out_of_range(struct batadv_priv *bat_priv,
726
			    struct sk_buff *skb)
727
{
728 729
	struct batadv_neigh_node *neigh_curr = NULL, *neigh_old = NULL;
	struct batadv_orig_node *orig_dst_node = NULL;
730
	struct batadv_gw_node *gw_node = NULL, *curr_gw = NULL;
731
	struct ethhdr *ethhdr;
732 733 734 735
	bool ret, out_of_range = false;
	unsigned int header_len = 0;
	uint8_t curr_tq_avg;

736
	ret = batadv_gw_is_dhcp_target(skb, &header_len);
737 738 739
	if (!ret)
		goto out;

740
	ethhdr = (struct ethhdr *)skb->data;
741 742
	orig_dst_node = batadv_transtable_search(bat_priv, ethhdr->h_source,
						 ethhdr->h_dest);
743 744 745
	if (!orig_dst_node)
		goto out;

746 747
	gw_node = batadv_gw_node_get(bat_priv, orig_dst_node);
	if (!gw_node->bandwidth_down == 0)
748 749
		goto out;

750
	ret = batadv_is_type_dhcprequest(skb, header_len);
751 752 753 754
	if (!ret)
		goto out;

	switch (atomic_read(&bat_priv->gw_mode)) {
755
	case BATADV_GW_MODE_SERVER:
756
		/* If we are a GW then we are our best GW. We can artificially
757 758
		 * set the tq towards ourself as the maximum value
		 */
759
		curr_tq_avg = BATADV_TQ_MAX_VALUE;
760
		break;
761
	case BATADV_GW_MODE_CLIENT:
762
		curr_gw = batadv_gw_get_selected_gw_node(bat_priv);
763 764 765 766 767 768 769 770 771
		if (!curr_gw)
			goto out;

		/* packet is going to our gateway */
		if (curr_gw->orig_node == orig_dst_node)
			goto out;

		/* If the dhcp packet has been sent to a different gw,
		 * we have to evaluate whether the old gw is still
772 773
		 * reliable enough
		 */
774 775
		neigh_curr = batadv_find_router(bat_priv, curr_gw->orig_node,
						NULL);
776 777 778 779 780
		if (!neigh_curr)
			goto out;

		curr_tq_avg = neigh_curr->tq_avg;
		break;
781
	case BATADV_GW_MODE_OFF:
782 783
	default:
		goto out;
784
	}
785

786
	neigh_old = batadv_find_router(bat_priv, orig_dst_node, NULL);
787
	if (!neigh_old)
788 789
		goto out;

790
	if (curr_tq_avg - neigh_old->tq_avg > BATADV_GW_THRESHOLD)
791 792 793 794
		out_of_range = true;

out:
	if (orig_dst_node)
795
		batadv_orig_node_free_ref(orig_dst_node);
796
	if (curr_gw)
797
		batadv_gw_node_free_ref(curr_gw);
798 799
	if (gw_node)
		batadv_gw_node_free_ref(gw_node);
800
	if (neigh_old)
801
		batadv_neigh_node_free_ref(neigh_old);
802
	if (neigh_curr)
803
		batadv_neigh_node_free_ref(neigh_curr);
804
	return out_of_range;
805
}