exthdrs.c 21.2 KB
Newer Older
L
Linus Torvalds 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
/*
 *	Extension Header handling for IPv6
 *	Linux INET6 implementation
 *
 *	Authors:
 *	Pedro Roque		<roque@di.fc.ul.pt>
 *	Andi Kleen		<ak@muc.de>
 *	Alexey Kuznetsov	<kuznet@ms2.inr.ac.ru>
 *
 *	This program is free software; you can redistribute it and/or
 *      modify it under the terms of the GNU General Public License
 *      as published by the Free Software Foundation; either version
 *      2 of the License, or (at your option) any later version.
 */

/* Changes:
17
 *	yoshfuji		: ensure not to overrun while parsing
L
Linus Torvalds 已提交
18 19 20 21 22 23 24 25 26 27 28 29 30 31
 *				  tlv options.
 *	Mitsuru KANDA @USAGI and: Remove ipv6_parse_exthdrs().
 *	YOSHIFUJI Hideaki @USAGI  Register inbound extension header
 *				  handlers as inet6_protocol{}.
 */

#include <linux/errno.h>
#include <linux/types.h>
#include <linux/socket.h>
#include <linux/sockios.h>
#include <linux/net.h>
#include <linux/netdevice.h>
#include <linux/in6.h>
#include <linux/icmpv6.h>
32
#include <linux/slab.h>
L
Linus Torvalds 已提交
33

34
#include <net/dst.h>
L
Linus Torvalds 已提交
35 36 37 38 39 40 41 42 43 44
#include <net/sock.h>
#include <net/snmp.h>

#include <net/ipv6.h>
#include <net/protocol.h>
#include <net/transp_v6.h>
#include <net/rawv6.h>
#include <net/ndisc.h>
#include <net/ip6_route.h>
#include <net/addrconf.h>
45
#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
46 47
#include <net/xfrm.h>
#endif
L
Linus Torvalds 已提交
48 49 50

#include <asm/uaccess.h>

51 52
int ipv6_find_tlv(struct sk_buff *skb, int offset, int type)
{
53
	const unsigned char *nh = skb_network_header(skb);
54
	int packet_len = skb->tail - skb->network_header;
55 56 57 58 59
	struct ipv6_opt_hdr *hdr;
	int len;

	if (offset + 2 > packet_len)
		goto bad;
60
	hdr = (struct ipv6_opt_hdr *)(nh + offset);
61 62 63 64 65 66 67 68 69
	len = ((hdr->hdrlen + 1) << 3);

	if (offset + len > packet_len)
		goto bad;

	offset += 2;
	len -= 2;

	while (len > 0) {
70
		int opttype = nh[offset];
71 72 73 74 75 76 77 78 79 80
		int optlen;

		if (opttype == type)
			return offset;

		switch (opttype) {
		case IPV6_TLV_PAD0:
			optlen = 1;
			break;
		default:
81
			optlen = nh[offset + 1] + 2;
82 83 84 85 86 87 88 89 90 91 92
			if (optlen > len)
				goto bad;
			break;
		}
		offset += optlen;
		len -= optlen;
	}
	/* not_found */
 bad:
	return -1;
}
93
EXPORT_SYMBOL_GPL(ipv6_find_tlv);
94

L
Linus Torvalds 已提交
95 96 97 98 99 100 101 102 103 104
/*
 *	Parsing tlv encoded headers.
 *
 *	Parsing function "func" returns 1, if parsing succeed
 *	and 0, if it failed.
 *	It MUST NOT touch skb->h.
 */

struct tlvtype_proc {
	int	type;
105
	int	(*func)(struct sk_buff *skb, int offset);
L
Linus Torvalds 已提交
106 107 108 109 110 111 112 113
};

/*********************
  Generic functions
 *********************/

/* An unknown option is detected, decide what to do */

114
static int ip6_tlvopt_unknown(struct sk_buff *skb, int optoff)
L
Linus Torvalds 已提交
115
{
116
	switch ((skb_network_header(skb)[optoff] & 0xC0) >> 6) {
L
Linus Torvalds 已提交
117 118 119 120 121 122 123 124 125 126
	case 0: /* ignore */
		return 1;

	case 1: /* drop packet */
		break;

	case 3: /* Send ICMP if not a multicast address and drop packet */
		/* Actually, it is redundant check. icmp_send
		   will recheck in any case.
		 */
127
		if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr))
L
Linus Torvalds 已提交
128 129 130 131
			break;
	case 2: /* send ICMP PARM PROB regardless and drop packet */
		icmpv6_param_prob(skb, ICMPV6_UNK_OPTION, optoff);
		return 0;
132
	}
L
Linus Torvalds 已提交
133 134 135 136 137 138 139

	kfree_skb(skb);
	return 0;
}

/* Parse tlv encoded option header (hop-by-hop or destination) */

140
static int ip6_parse_tlv(struct tlvtype_proc *procs, struct sk_buff *skb)
L
Linus Torvalds 已提交
141 142
{
	struct tlvtype_proc *curr;
143
	const unsigned char *nh = skb_network_header(skb);
144
	int off = skb_network_header_len(skb);
145
	int len = (skb_transport_header(skb)[1] + 1) << 3;
L
Linus Torvalds 已提交
146

147
	if (skb_transport_offset(skb) + len > skb_headlen(skb))
L
Linus Torvalds 已提交
148 149 150 151 152 153
		goto bad;

	off += 2;
	len -= 2;

	while (len > 0) {
154
		int optlen = nh[off + 1] + 2;
L
Linus Torvalds 已提交
155

156
		switch (nh[off]) {
L
Linus Torvalds 已提交
157 158 159 160 161 162 163 164 165 166 167
		case IPV6_TLV_PAD0:
			optlen = 1;
			break;

		case IPV6_TLV_PADN:
			break;

		default: /* Other TLV code so scan list */
			if (optlen > len)
				goto bad;
			for (curr=procs; curr->type >= 0; curr++) {
168
				if (curr->type == nh[off]) {
169 170
					/* type specific length/alignment
					   checks will be performed in the
L
Linus Torvalds 已提交
171
					   func(). */
172
					if (curr->func(skb, off) == 0)
L
Linus Torvalds 已提交
173 174 175 176 177
						return 0;
					break;
				}
			}
			if (curr->type < 0) {
178
				if (ip6_tlvopt_unknown(skb, off) == 0)
L
Linus Torvalds 已提交
179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196
					return 0;
			}
			break;
		}
		off += optlen;
		len -= optlen;
	}
	if (len == 0)
		return 1;
bad:
	kfree_skb(skb);
	return 0;
}

/*****************************
  Destination options header.
 *****************************/

197
#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
198
static int ipv6_dest_hao(struct sk_buff *skb, int optoff)
199 200 201
{
	struct ipv6_destopt_hao *hao;
	struct inet6_skb_parm *opt = IP6CB(skb);
202
	struct ipv6hdr *ipv6h = ipv6_hdr(skb);
203 204 205 206 207 208 209 210 211 212
	struct in6_addr tmp_addr;
	int ret;

	if (opt->dsthao) {
		LIMIT_NETDEBUG(KERN_DEBUG "hao duplicated\n");
		goto discard;
	}
	opt->dsthao = opt->dst1;
	opt->dst1 = 0;

213
	hao = (struct ipv6_destopt_hao *)(skb_network_header(skb) + optoff);
214 215 216 217 218 219 220 221 222

	if (hao->length != 16) {
		LIMIT_NETDEBUG(
			KERN_DEBUG "hao invalid option length = %d\n", hao->length);
		goto discard;
	}

	if (!(ipv6_addr_type(&hao->addr) & IPV6_ADDR_UNICAST)) {
		LIMIT_NETDEBUG(
H
Harvey Harrison 已提交
223
			KERN_DEBUG "hao is not an unicast addr: %pI6\n", &hao->addr);
224 225 226 227 228 229 230 231 232
		goto discard;
	}

	ret = xfrm6_input_addr(skb, (xfrm_address_t *)&ipv6h->daddr,
			       (xfrm_address_t *)&hao->addr, IPPROTO_DSTOPTS);
	if (unlikely(ret < 0))
		goto discard;

	if (skb_cloned(skb)) {
233
		if (pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
234 235 236
			goto discard;

		/* update all variable using below by copied skbuff */
237
		hao = (struct ipv6_destopt_hao *)(skb_network_header(skb) +
238
						  optoff);
239
		ipv6h = ipv6_hdr(skb);
240 241 242 243 244 245 246 247 248
	}

	if (skb->ip_summed == CHECKSUM_COMPLETE)
		skb->ip_summed = CHECKSUM_NONE;

	ipv6_addr_copy(&tmp_addr, &ipv6h->saddr);
	ipv6_addr_copy(&ipv6h->saddr, &hao->addr);
	ipv6_addr_copy(&hao->addr, &tmp_addr);

249
	if (skb->tstamp.tv64 == 0)
250 251 252 253 254 255 256 257 258 259
		__net_timestamp(skb);

	return 1;

 discard:
	kfree_skb(skb);
	return 0;
}
#endif

L
Linus Torvalds 已提交
260
static struct tlvtype_proc tlvprocdestopt_lst[] = {
261
#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
262 263 264 265 266
	{
		.type	= IPV6_TLV_HAO,
		.func	= ipv6_dest_hao,
	},
#endif
L
Linus Torvalds 已提交
267 268 269
	{-1,			NULL}
};

270
static int ipv6_destopt_rcv(struct sk_buff *skb)
L
Linus Torvalds 已提交
271 272
{
	struct inet6_skb_parm *opt = IP6CB(skb);
273
#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
274 275
	__u16 dstbuf;
#endif
276
	struct dst_entry *dst;
L
Linus Torvalds 已提交
277

278 279
	if (!pskb_may_pull(skb, skb_transport_offset(skb) + 8) ||
	    !pskb_may_pull(skb, (skb_transport_offset(skb) +
280
				 ((skb_transport_header(skb)[1] + 1) << 3)))) {
E
Eric Dumazet 已提交
281
		IP6_INC_STATS_BH(dev_net(skb_dst(skb)->dev), ip6_dst_idev(skb_dst(skb)),
282
				 IPSTATS_MIB_INHDRERRORS);
L
Linus Torvalds 已提交
283 284 285 286
		kfree_skb(skb);
		return -1;
	}

287
	opt->lastopt = opt->dst1 = skb_network_header_len(skb);
288
#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
289 290
	dstbuf = opt->dst1;
#endif
L
Linus Torvalds 已提交
291

E
Eric Dumazet 已提交
292
	dst = dst_clone(skb_dst(skb));
293
	if (ip6_parse_tlv(tlvprocdestopt_lst, skb)) {
294
		dst_release(dst);
295
		skb->transport_header += (skb_transport_header(skb)[1] + 1) << 3;
296
		opt = IP6CB(skb);
297
#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
298 299
		opt->nhoff = dstbuf;
#else
300
		opt->nhoff = opt->dst1;
301
#endif
L
Linus Torvalds 已提交
302 303 304
		return 1;
	}

305 306
	IP6_INC_STATS_BH(dev_net(dst->dev),
			 ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS);
307
	dst_release(dst);
L
Linus Torvalds 已提交
308 309 310 311 312 313 314
	return -1;
}

/********************************
  Routing header.
 ********************************/

315
/* called with rcu_read_lock() */
316
static int ipv6_rthdr_rcv(struct sk_buff *skb)
L
Linus Torvalds 已提交
317 318
{
	struct inet6_skb_parm *opt = IP6CB(skb);
319
	struct in6_addr *addr = NULL;
L
Linus Torvalds 已提交
320
	struct in6_addr daddr;
321
	struct inet6_dev *idev;
L
Linus Torvalds 已提交
322 323 324
	int n, i;
	struct ipv6_rt_hdr *hdr;
	struct rt0_hdr *rthdr;
325 326
	struct net *net = dev_net(skb->dev);
	int accept_source_route = net->ipv6.devconf_all->accept_source_route;
327

328 329 330
	idev = __in6_dev_get(skb->dev);
	if (idev && accept_source_route > idev->cnf.accept_source_route)
		accept_source_route = idev->cnf.accept_source_route;
331

332 333
	if (!pskb_may_pull(skb, skb_transport_offset(skb) + 8) ||
	    !pskb_may_pull(skb, (skb_transport_offset(skb) +
334
				 ((skb_transport_header(skb)[1] + 1) << 3)))) {
E
Eric Dumazet 已提交
335
		IP6_INC_STATS_BH(net, ip6_dst_idev(skb_dst(skb)),
336
				 IPSTATS_MIB_INHDRERRORS);
L
Linus Torvalds 已提交
337 338 339 340
		kfree_skb(skb);
		return -1;
	}

341
	hdr = (struct ipv6_rt_hdr *)skb_transport_header(skb);
L
Linus Torvalds 已提交
342

343
	if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) ||
L
Linus Torvalds 已提交
344
	    skb->pkt_type != PACKET_HOST) {
E
Eric Dumazet 已提交
345
		IP6_INC_STATS_BH(net, ip6_dst_idev(skb_dst(skb)),
346
				 IPSTATS_MIB_INADDRERRORS);
L
Linus Torvalds 已提交
347 348 349 350 351 352
		kfree_skb(skb);
		return -1;
	}

looped_back:
	if (hdr->segments_left == 0) {
353
		switch (hdr->type) {
354
#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
355 356 357 358 359
		case IPV6_SRCRT_TYPE_2:
			/* Silently discard type 2 header unless it was
			 * processed by own
			 */
			if (!addr) {
E
Eric Dumazet 已提交
360
				IP6_INC_STATS_BH(net, ip6_dst_idev(skb_dst(skb)),
361
						 IPSTATS_MIB_INADDRERRORS);
362 363 364 365 366 367 368 369 370
				kfree_skb(skb);
				return -1;
			}
			break;
#endif
		default:
			break;
		}

371
		opt->lastopt = opt->srcrt = skb_network_header_len(skb);
372
		skb->transport_header += (hdr->hdrlen + 1) << 3;
L
Linus Torvalds 已提交
373 374
		opt->dst0 = opt->dst1;
		opt->dst1 = 0;
375
		opt->nhoff = (&hdr->nexthdr) - skb_network_header(skb);
L
Linus Torvalds 已提交
376 377 378
		return 1;
	}

379
	switch (hdr->type) {
380
#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
381
	case IPV6_SRCRT_TYPE_2:
382 383
		if (accept_source_route < 0)
			goto unknown_rh;
384 385
		/* Silently discard invalid RTH type 2 */
		if (hdr->hdrlen != 2 || hdr->segments_left != 1) {
E
Eric Dumazet 已提交
386
			IP6_INC_STATS_BH(net, ip6_dst_idev(skb_dst(skb)),
387
					 IPSTATS_MIB_INHDRERRORS);
388 389 390 391 392
			kfree_skb(skb);
			return -1;
		}
		break;
#endif
393 394
	default:
		goto unknown_rh;
L
Linus Torvalds 已提交
395 396 397 398 399 400 401 402 403 404
	}

	/*
	 *	This is the routing header forwarding algorithm from
	 *	RFC 2460, page 16.
	 */

	n = hdr->hdrlen >> 1;

	if (hdr->segments_left > n) {
E
Eric Dumazet 已提交
405
		IP6_INC_STATS_BH(net, ip6_dst_idev(skb_dst(skb)),
406
				 IPSTATS_MIB_INHDRERRORS);
407 408 409
		icmpv6_param_prob(skb, ICMPV6_HDR_FIELD,
				  ((&hdr->segments_left) -
				   skb_network_header(skb)));
L
Linus Torvalds 已提交
410 411 412 413 414 415 416 417
		return -1;
	}

	/* We are about to mangle packet header. Be careful!
	   Do not damage packets queued somewhere.
	 */
	if (skb_cloned(skb)) {
		/* the copy is a forwarded packet */
418
		if (pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) {
E
Eric Dumazet 已提交
419
			IP6_INC_STATS_BH(net, ip6_dst_idev(skb_dst(skb)),
420 421
					 IPSTATS_MIB_OUTDISCARDS);
			kfree_skb(skb);
L
Linus Torvalds 已提交
422 423
			return -1;
		}
424
		hdr = (struct ipv6_rt_hdr *)skb_transport_header(skb);
L
Linus Torvalds 已提交
425 426
	}

427
	if (skb->ip_summed == CHECKSUM_COMPLETE)
L
Linus Torvalds 已提交
428 429 430 431 432 433 434 435
		skb->ip_summed = CHECKSUM_NONE;

	i = n - --hdr->segments_left;

	rthdr = (struct rt0_hdr *) hdr;
	addr = rthdr->addr;
	addr += i - 1;

436
	switch (hdr->type) {
437
#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
438 439
	case IPV6_SRCRT_TYPE_2:
		if (xfrm6_input_addr(skb, (xfrm_address_t *)addr,
440
				     (xfrm_address_t *)&ipv6_hdr(skb)->saddr,
441
				     IPPROTO_ROUTING) < 0) {
E
Eric Dumazet 已提交
442
			IP6_INC_STATS_BH(net, ip6_dst_idev(skb_dst(skb)),
443
					 IPSTATS_MIB_INADDRERRORS);
444 445 446
			kfree_skb(skb);
			return -1;
		}
E
Eric Dumazet 已提交
447 448
		if (!ipv6_chk_home_addr(dev_net(skb_dst(skb)->dev), addr)) {
			IP6_INC_STATS_BH(net, ip6_dst_idev(skb_dst(skb)),
449
					 IPSTATS_MIB_INADDRERRORS);
450 451 452 453 454 455 456 457 458
			kfree_skb(skb);
			return -1;
		}
		break;
#endif
	default:
		break;
	}

L
Linus Torvalds 已提交
459
	if (ipv6_addr_is_multicast(addr)) {
E
Eric Dumazet 已提交
460
		IP6_INC_STATS_BH(net, ip6_dst_idev(skb_dst(skb)),
461
				 IPSTATS_MIB_INADDRERRORS);
L
Linus Torvalds 已提交
462 463 464 465 466
		kfree_skb(skb);
		return -1;
	}

	ipv6_addr_copy(&daddr, addr);
467 468
	ipv6_addr_copy(addr, &ipv6_hdr(skb)->daddr);
	ipv6_addr_copy(&ipv6_hdr(skb)->daddr, &daddr);
L
Linus Torvalds 已提交
469

E
Eric Dumazet 已提交
470
	skb_dst_drop(skb);
L
Linus Torvalds 已提交
471
	ip6_route_input(skb);
E
Eric Dumazet 已提交
472
	if (skb_dst(skb)->error) {
473
		skb_push(skb, skb->data - skb_network_header(skb));
L
Linus Torvalds 已提交
474 475 476 477
		dst_input(skb);
		return -1;
	}

E
Eric Dumazet 已提交
478
	if (skb_dst(skb)->dev->flags&IFF_LOOPBACK) {
479
		if (ipv6_hdr(skb)->hop_limit <= 1) {
E
Eric Dumazet 已提交
480
			IP6_INC_STATS_BH(net, ip6_dst_idev(skb_dst(skb)),
481
					 IPSTATS_MIB_INHDRERRORS);
L
Linus Torvalds 已提交
482
			icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
483
				    0);
L
Linus Torvalds 已提交
484 485 486
			kfree_skb(skb);
			return -1;
		}
487
		ipv6_hdr(skb)->hop_limit--;
L
Linus Torvalds 已提交
488 489 490
		goto looped_back;
	}

491
	skb_push(skb, skb->data - skb_network_header(skb));
L
Linus Torvalds 已提交
492 493
	dst_input(skb);
	return -1;
494 495

unknown_rh:
E
Eric Dumazet 已提交
496
	IP6_INC_STATS_BH(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_INHDRERRORS);
497 498 499
	icmpv6_param_prob(skb, ICMPV6_HDR_FIELD,
			  (&hdr->type) - skb_network_header(skb));
	return -1;
L
Linus Torvalds 已提交
500 501
}

502
static const struct inet6_protocol rthdr_protocol = {
L
Linus Torvalds 已提交
503
	.handler	=	ipv6_rthdr_rcv,
H
Herbert Xu 已提交
504
	.flags		=	INET6_PROTO_NOPOLICY | INET6_PROTO_GSO_EXTHDR,
L
Linus Torvalds 已提交
505 506
};

507
static const struct inet6_protocol destopt_protocol = {
508 509 510 511
	.handler	=	ipv6_destopt_rcv,
	.flags		=	INET6_PROTO_NOPOLICY | INET6_PROTO_GSO_EXTHDR,
};

512
static const struct inet6_protocol nodata_protocol = {
513 514 515 516 517
	.handler	=	dst_discard,
	.flags		=	INET6_PROTO_NOPOLICY,
};

int __init ipv6_exthdrs_init(void)
L
Linus Torvalds 已提交
518
{
519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539
	int ret;

	ret = inet6_add_protocol(&rthdr_protocol, IPPROTO_ROUTING);
	if (ret)
		goto out;

	ret = inet6_add_protocol(&destopt_protocol, IPPROTO_DSTOPTS);
	if (ret)
		goto out_rthdr;

	ret = inet6_add_protocol(&nodata_protocol, IPPROTO_NONE);
	if (ret)
		goto out_destopt;

out:
	return ret;
out_rthdr:
	inet6_del_protocol(&rthdr_protocol, IPPROTO_ROUTING);
out_destopt:
	inet6_del_protocol(&destopt_protocol, IPPROTO_DSTOPTS);
	goto out;
L
Linus Torvalds 已提交
540 541
};

542 543 544 545 546 547 548
void ipv6_exthdrs_exit(void)
{
	inet6_del_protocol(&nodata_protocol, IPPROTO_NONE);
	inet6_del_protocol(&destopt_protocol, IPPROTO_DSTOPTS);
	inet6_del_protocol(&rthdr_protocol, IPPROTO_ROUTING);
}

L
Linus Torvalds 已提交
549 550 551 552
/**********************************
  Hop-by-hop options.
 **********************************/

553
/*
E
Eric Dumazet 已提交
554
 * Note: we cannot rely on skb_dst(skb) before we assign it in ip6_route_input().
555 556 557
 */
static inline struct inet6_dev *ipv6_skb_idev(struct sk_buff *skb)
{
E
Eric Dumazet 已提交
558
	return skb_dst(skb) ? ip6_dst_idev(skb_dst(skb)) : __in6_dev_get(skb->dev);
559 560
}

561 562 563 564 565
static inline struct net *ipv6_skb_net(struct sk_buff *skb)
{
	return skb_dst(skb) ? dev_net(skb_dst(skb)->dev) : dev_net(skb->dev);
}

L
Linus Torvalds 已提交
566 567
/* Router Alert as of RFC 2711 */

568
static int ipv6_hop_ra(struct sk_buff *skb, int optoff)
L
Linus Torvalds 已提交
569
{
570
	const unsigned char *nh = skb_network_header(skb);
571

572
	if (nh[optoff + 1] == 2) {
L
Linus Torvalds 已提交
573 574 575
		IP6CB(skb)->ra = optoff;
		return 1;
	}
576
	LIMIT_NETDEBUG(KERN_DEBUG "ipv6_hop_ra: wrong RA length %d\n",
577
		       nh[optoff + 1]);
L
Linus Torvalds 已提交
578 579 580 581 582 583
	kfree_skb(skb);
	return 0;
}

/* Jumbo payload */

584
static int ipv6_hop_jumbo(struct sk_buff *skb, int optoff)
L
Linus Torvalds 已提交
585
{
586
	const unsigned char *nh = skb_network_header(skb);
587
	struct net *net = ipv6_skb_net(skb);
L
Linus Torvalds 已提交
588 589
	u32 pkt_len;

590
	if (nh[optoff + 1] != 4 || (optoff & 3) != 2) {
591
		LIMIT_NETDEBUG(KERN_DEBUG "ipv6_hop_jumbo: wrong jumbo opt length/alignment %d\n",
592
			       nh[optoff+1]);
593
		IP6_INC_STATS_BH(net, ipv6_skb_idev(skb),
594
				 IPSTATS_MIB_INHDRERRORS);
L
Linus Torvalds 已提交
595 596 597
		goto drop;
	}

598
	pkt_len = ntohl(*(__be32 *)(nh + optoff + 2));
L
Linus Torvalds 已提交
599
	if (pkt_len <= IPV6_MAXPLEN) {
600 601
		IP6_INC_STATS_BH(net, ipv6_skb_idev(skb),
				 IPSTATS_MIB_INHDRERRORS);
L
Linus Torvalds 已提交
602 603 604
		icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff+2);
		return 0;
	}
605
	if (ipv6_hdr(skb)->payload_len) {
606 607
		IP6_INC_STATS_BH(net, ipv6_skb_idev(skb),
				 IPSTATS_MIB_INHDRERRORS);
L
Linus Torvalds 已提交
608 609 610 611 612
		icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff);
		return 0;
	}

	if (pkt_len > skb->len - sizeof(struct ipv6hdr)) {
613 614
		IP6_INC_STATS_BH(net, ipv6_skb_idev(skb),
				 IPSTATS_MIB_INTRUNCATEDPKTS);
L
Linus Torvalds 已提交
615 616
		goto drop;
	}
617 618 619 620

	if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr)))
		goto drop;

L
Linus Torvalds 已提交
621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639
	return 1;

drop:
	kfree_skb(skb);
	return 0;
}

static struct tlvtype_proc tlvprochopopt_lst[] = {
	{
		.type	= IPV6_TLV_ROUTERALERT,
		.func	= ipv6_hop_ra,
	},
	{
		.type	= IPV6_TLV_JUMBO,
		.func	= ipv6_hop_jumbo,
	},
	{ -1, }
};

640
int ipv6_parse_hopopts(struct sk_buff *skb)
L
Linus Torvalds 已提交
641
{
642 643
	struct inet6_skb_parm *opt = IP6CB(skb);

644
	/*
645
	 * skb_network_header(skb) is equal to skb->data, and
646
	 * skb_network_header_len(skb) is always equal to
647 648 649 650
	 * sizeof(struct ipv6hdr) by definition of
	 * hop-by-hop options.
	 */
	if (!pskb_may_pull(skb, sizeof(struct ipv6hdr) + 8) ||
651 652
	    !pskb_may_pull(skb, (sizeof(struct ipv6hdr) +
				 ((skb_transport_header(skb)[1] + 1) << 3)))) {
653 654 655 656
		kfree_skb(skb);
		return -1;
	}

657
	opt->hop = sizeof(struct ipv6hdr);
658
	if (ip6_parse_tlv(tlvprochopopt_lst, skb)) {
659
		skb->transport_header += (skb_transport_header(skb)[1] + 1) << 3;
660
		opt = IP6CB(skb);
661
		opt->nhoff = sizeof(struct ipv6hdr);
662
		return 1;
663
	}
L
Linus Torvalds 已提交
664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684
	return -1;
}

/*
 *	Creating outbound headers.
 *
 *	"build" functions work when skb is filled from head to tail (datagram)
 *	"push"	functions work when headers are added from tail to head (tcp)
 *
 *	In both cases we assume, that caller reserved enough room
 *	for headers.
 */

static void ipv6_push_rthdr(struct sk_buff *skb, u8 *proto,
			    struct ipv6_rt_hdr *opt,
			    struct in6_addr **addr_p)
{
	struct rt0_hdr *phdr, *ihdr;
	int hops;

	ihdr = (struct rt0_hdr *) opt;
685

L
Linus Torvalds 已提交
686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714
	phdr = (struct rt0_hdr *) skb_push(skb, (ihdr->rt_hdr.hdrlen + 1) << 3);
	memcpy(phdr, ihdr, sizeof(struct rt0_hdr));

	hops = ihdr->rt_hdr.hdrlen >> 1;

	if (hops > 1)
		memcpy(phdr->addr, ihdr->addr + 1,
		       (hops - 1) * sizeof(struct in6_addr));

	ipv6_addr_copy(phdr->addr + (hops - 1), *addr_p);
	*addr_p = ihdr->addr;

	phdr->rt_hdr.nexthdr = *proto;
	*proto = NEXTHDR_ROUTING;
}

static void ipv6_push_exthdr(struct sk_buff *skb, u8 *proto, u8 type, struct ipv6_opt_hdr *opt)
{
	struct ipv6_opt_hdr *h = (struct ipv6_opt_hdr *)skb_push(skb, ipv6_optlen(opt));

	memcpy(h, opt, ipv6_optlen(opt));
	h->nexthdr = *proto;
	*proto = type;
}

void ipv6_push_nfrag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt,
			  u8 *proto,
			  struct in6_addr **daddr)
{
715
	if (opt->srcrt) {
L
Linus Torvalds 已提交
716
		ipv6_push_rthdr(skb, proto, opt->srcrt, daddr);
717 718 719 720 721 722 723
		/*
		 * IPV6_RTHDRDSTOPTS is ignored
		 * unless IPV6_RTHDR is set (RFC3542).
		 */
		if (opt->dst0opt)
			ipv6_push_exthdr(skb, proto, NEXTHDR_DEST, opt->dst0opt);
	}
L
Linus Torvalds 已提交
724 725 726 727
	if (opt->hopopt)
		ipv6_push_exthdr(skb, proto, NEXTHDR_HOP, opt->hopopt);
}

728 729
EXPORT_SYMBOL(ipv6_push_nfrag_opts);

L
Linus Torvalds 已提交
730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755
void ipv6_push_frag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt, u8 *proto)
{
	if (opt->dst1opt)
		ipv6_push_exthdr(skb, proto, NEXTHDR_DEST, opt->dst1opt);
}

struct ipv6_txoptions *
ipv6_dup_options(struct sock *sk, struct ipv6_txoptions *opt)
{
	struct ipv6_txoptions *opt2;

	opt2 = sock_kmalloc(sk, opt->tot_len, GFP_ATOMIC);
	if (opt2) {
		long dif = (char*)opt2 - (char*)opt;
		memcpy(opt2, opt, opt->tot_len);
		if (opt2->hopopt)
			*((char**)&opt2->hopopt) += dif;
		if (opt2->dst0opt)
			*((char**)&opt2->dst0opt) += dif;
		if (opt2->dst1opt)
			*((char**)&opt2->dst1opt) += dif;
		if (opt2->srcrt)
			*((char**)&opt2->srcrt) += dif;
	}
	return opt2;
}
756

757 758
EXPORT_SYMBOL_GPL(ipv6_dup_options);

759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793
static int ipv6_renew_option(void *ohdr,
			     struct ipv6_opt_hdr __user *newopt, int newoptlen,
			     int inherit,
			     struct ipv6_opt_hdr **hdr,
			     char **p)
{
	if (inherit) {
		if (ohdr) {
			memcpy(*p, ohdr, ipv6_optlen((struct ipv6_opt_hdr *)ohdr));
			*hdr = (struct ipv6_opt_hdr *)*p;
			*p += CMSG_ALIGN(ipv6_optlen(*(struct ipv6_opt_hdr **)hdr));
		}
	} else {
		if (newopt) {
			if (copy_from_user(*p, newopt, newoptlen))
				return -EFAULT;
			*hdr = (struct ipv6_opt_hdr *)*p;
			if (ipv6_optlen(*(struct ipv6_opt_hdr **)hdr) > newoptlen)
				return -EINVAL;
			*p += CMSG_ALIGN(newoptlen);
		}
	}
	return 0;
}

struct ipv6_txoptions *
ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt,
		   int newtype,
		   struct ipv6_opt_hdr __user *newopt, int newoptlen)
{
	int tot_len = 0;
	char *p;
	struct ipv6_txoptions *opt2;
	int err;

794 795 796 797 798 799 800 801 802 803 804
	if (opt) {
		if (newtype != IPV6_HOPOPTS && opt->hopopt)
			tot_len += CMSG_ALIGN(ipv6_optlen(opt->hopopt));
		if (newtype != IPV6_RTHDRDSTOPTS && opt->dst0opt)
			tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst0opt));
		if (newtype != IPV6_RTHDR && opt->srcrt)
			tot_len += CMSG_ALIGN(ipv6_optlen(opt->srcrt));
		if (newtype != IPV6_DSTOPTS && opt->dst1opt)
			tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst1opt));
	}

805 806 807 808 809 810
	if (newopt && newoptlen)
		tot_len += CMSG_ALIGN(newoptlen);

	if (!tot_len)
		return NULL;

811
	tot_len += sizeof(*opt2);
812 813 814 815 816 817 818 819 820
	opt2 = sock_kmalloc(sk, tot_len, GFP_ATOMIC);
	if (!opt2)
		return ERR_PTR(-ENOBUFS);

	memset(opt2, 0, tot_len);

	opt2->tot_len = tot_len;
	p = (char *)(opt2 + 1);

821
	err = ipv6_renew_option(opt ? opt->hopopt : NULL, newopt, newoptlen,
822 823 824 825 826
				newtype != IPV6_HOPOPTS,
				&opt2->hopopt, &p);
	if (err)
		goto out;

827
	err = ipv6_renew_option(opt ? opt->dst0opt : NULL, newopt, newoptlen,
828 829 830 831 832
				newtype != IPV6_RTHDRDSTOPTS,
				&opt2->dst0opt, &p);
	if (err)
		goto out;

833
	err = ipv6_renew_option(opt ? opt->srcrt : NULL, newopt, newoptlen,
834
				newtype != IPV6_RTHDR,
835
				(struct ipv6_opt_hdr **)&opt2->srcrt, &p);
836 837 838
	if (err)
		goto out;

839
	err = ipv6_renew_option(opt ? opt->dst1opt : NULL, newopt, newoptlen,
840 841 842 843 844 845 846 847 848 849 850 851
				newtype != IPV6_DSTOPTS,
				&opt2->dst1opt, &p);
	if (err)
		goto out;

	opt2->opt_nflen = (opt2->hopopt ? ipv6_optlen(opt2->hopopt) : 0) +
			  (opt2->dst0opt ? ipv6_optlen(opt2->dst0opt) : 0) +
			  (opt2->srcrt ? ipv6_optlen(opt2->srcrt) : 0);
	opt2->opt_flen = (opt2->dst1opt ? ipv6_optlen(opt2->dst1opt) : 0);

	return opt2;
out:
852
	sock_kfree_s(sk, opt2, opt2->tot_len);
853 854 855
	return ERR_PTR(err);
}

856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874
struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space,
					  struct ipv6_txoptions *opt)
{
	/*
	 * ignore the dest before srcrt unless srcrt is being included.
	 * --yoshfuji
	 */
	if (opt && opt->dst0opt && !opt->srcrt) {
		if (opt_space != opt) {
			memcpy(opt_space, opt, sizeof(*opt_space));
			opt = opt_space;
		}
		opt->opt_nflen -= ipv6_optlen(opt->dst0opt);
		opt->dst0opt = NULL;
	}

	return opt;
}

875 876 877 878
/**
 * fl6_update_dst - update flowi destination address with info given
 *                  by srcrt option, if any.
 *
879
 * @fl6: flowi6 for which daddr is to be updated
880
 * @opt: struct ipv6_txoptions in which to look for srcrt opt
881
 * @orig: copy of original daddr address if modified
882 883
 *
 * Returns NULL if no txoptions or no srcrt, otherwise returns orig
884
 * and initial value of fl6->daddr set in orig
885
 */
886
struct in6_addr *fl6_update_dst(struct flowi6 *fl6,
887 888 889 890 891 892
				const struct ipv6_txoptions *opt,
				struct in6_addr *orig)
{
	if (!opt || !opt->srcrt)
		return NULL;

893 894
	ipv6_addr_copy(orig, &fl6->daddr);
	ipv6_addr_copy(&fl6->daddr, ((struct rt0_hdr *)opt->srcrt)->addr);
895 896 897 898
	return orig;
}

EXPORT_SYMBOL_GPL(fl6_update_dst);