[mirror_ubuntu-bionic-kernel.git] / net / ipv4 / ip_options.c

/*
 * INET		An implementation of the TCP/IP protocol suite for the LINUX
 *		operating system.  INET is implemented using the  BSD Socket
 *		interface as the means of communication with the user level.
 *
 *		The options processing module for ip.c
 *
 * Version:	$Id: ip_options.c,v 1.21 2001/09/01 00:31:50 davem Exp $
 *
 * Authors:	A.N.Kuznetsov
 *		
 */

#include <linux/capability.h>
#include <linux/module.h>
#include <linux/types.h>
#include <asm/uaccess.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
#include <linux/icmp.h>
#include <linux/netdevice.h>
#include <linux/rtnetlink.h>
#include <net/sock.h>
#include <net/ip.h>
#include <net/icmp.h>
#include <net/route.h>

/* 
 * Write options to IP header, record destination address to
 * source route option, address of outgoing interface
 * (we should already know it, so that this  function is allowed be
 * called only after routing decision) and timestamp,
 * if we originate this datagram.
 *
 * daddr is real destination address, next hop is recorded in IP header.
 * saddr is address of outgoing interface.
 */

void ip_options_build(struct sk_buff * skb, struct ip_options * opt,
			    u32 daddr, struct rtable *rt, int is_frag) 
{
	unsigned char * iph = skb->nh.raw;

	memcpy(&(IPCB(skb)->opt), opt, sizeof(struct ip_options));
	memcpy(iph+sizeof(struct iphdr), opt->__data, opt->optlen);
	opt = &(IPCB(skb)->opt);
	opt->is_data = 0;

	if (opt->srr)
		memcpy(iph+opt->srr+iph[opt->srr+1]-4, &daddr, 4);

	if (!is_frag) {
		if (opt->rr_needaddr)
			ip_rt_get_source(iph+opt->rr+iph[opt->rr+2]-5, rt);
		if (opt->ts_needaddr)
			ip_rt_get_source(iph+opt->ts+iph[opt->ts+2]-9, rt);
		if (opt->ts_needtime) {
			struct timeval tv;
			__u32 midtime;
			do_gettimeofday(&tv);
			midtime = htonl((tv.tv_sec % 86400) * 1000 + tv.tv_usec / 1000);
			memcpy(iph+opt->ts+iph[opt->ts+2]-5, &midtime, 4);
		}
		return;
	}
	if (opt->rr) {
		memset(iph+opt->rr, IPOPT_NOP, iph[opt->rr+1]);
		opt->rr = 0;
		opt->rr_needaddr = 0;
	}
	if (opt->ts) {
		memset(iph+opt->ts, IPOPT_NOP, iph[opt->ts+1]);
		opt->ts = 0;
		opt->ts_needaddr = opt->ts_needtime = 0;
	}
}

/* 
 * Provided (sopt, skb) points to received options,
 * build in dopt compiled option set appropriate for answering.
 * i.e. invert SRR option, copy anothers,
 * and grab room in RR/TS options.
 *
 * NOTE: dopt cannot point to skb.
 */

int ip_options_echo(struct ip_options * dopt, struct sk_buff * skb) 
{
	struct ip_options *sopt;
	unsigned char *sptr, *dptr;
	int soffset, doffset;
	int	optlen;
	u32	daddr;

	memset(dopt, 0, sizeof(struct ip_options));

	dopt->is_data = 1;

	sopt = &(IPCB(skb)->opt);

	if (sopt->optlen == 0) {
		dopt->optlen = 0;
		return 0;
	}

	sptr = skb->nh.raw;
	dptr = dopt->__data;

	if (skb->dst)
		daddr = ((struct rtable*)skb->dst)->rt_spec_dst;
	else
		daddr = skb->nh.iph->daddr;

	if (sopt->rr) {
		optlen  = sptr[sopt->rr+1];
		soffset = sptr[sopt->rr+2];
		dopt->rr = dopt->optlen + sizeof(struct iphdr);
		memcpy(dptr, sptr+sopt->rr, optlen);
		if (sopt->rr_needaddr && soffset <= optlen) {
			if (soffset + 3 > optlen)
				return -EINVAL;
			dptr[2] = soffset + 4;
			dopt->rr_needaddr = 1;
		}
		dptr += optlen;
		dopt->optlen += optlen;
	}
	if (sopt->ts) {
		optlen = sptr[sopt->ts+1];
		soffset = sptr[sopt->ts+2];
		dopt->ts = dopt->optlen + sizeof(struct iphdr);
		memcpy(dptr, sptr+sopt->ts, optlen);
		if (soffset <= optlen) {
			if (sopt->ts_needaddr) {
				if (soffset + 3 > optlen)
					return -EINVAL;
				dopt->ts_needaddr = 1;
				soffset += 4;
			}
			if (sopt->ts_needtime) {
				if (soffset + 3 > optlen)
					return -EINVAL;
				if ((dptr[3]&0xF) != IPOPT_TS_PRESPEC) {
					dopt->ts_needtime = 1;
					soffset += 4;
				} else {
					dopt->ts_needtime = 0;

					if (soffset + 8 <= optlen) {
						__u32 addr;

						memcpy(&addr, sptr+soffset-1, 4);
						if (inet_addr_type(addr) != RTN_LOCAL) {
							dopt->ts_needtime = 1;
							soffset += 8;
						}
					}
				}
			}
			dptr[2] = soffset;
		}
		dptr += optlen;
		dopt->optlen += optlen;
	}
	if (sopt->srr) {
		unsigned char * start = sptr+sopt->srr;
		u32 faddr;

		optlen  = start[1];
		soffset = start[2];
		doffset = 0;
		if (soffset > optlen)
			soffset = optlen + 1;
		soffset -= 4;
		if (soffset > 3) {
			memcpy(&faddr, &start[soffset-1], 4);
			for (soffset-=4, doffset=4; soffset > 3; soffset-=4, doffset+=4)
				memcpy(&dptr[doffset-1], &start[soffset-1], 4);
			/*
			 * RFC1812 requires to fix illegal source routes.
			 */
			if (memcmp(&skb->nh.iph->saddr, &start[soffset+3], 4) == 0)
				doffset -= 4;
		}
		if (doffset > 3) {
			memcpy(&start[doffset-1], &daddr, 4);
			dopt->faddr = faddr;
			dptr[0] = start[0];
			dptr[1] = doffset+3;
			dptr[2] = 4;
			dptr += doffset+3;
			dopt->srr = dopt->optlen + sizeof(struct iphdr);
			dopt->optlen += doffset+3;
			dopt->is_strictroute = sopt->is_strictroute;
		}
	}
	while (dopt->optlen & 3) {
		*dptr++ = IPOPT_END;
		dopt->optlen++;
	}
	return 0;
}

/*
 *	Options "fragmenting", just fill options not
 *	allowed in fragments with NOOPs.
 *	Simple and stupid 8), but the most efficient way.
 */

void ip_options_fragment(struct sk_buff * skb) 
{
	unsigned char * optptr = skb->nh.raw;
	struct ip_options * opt = &(IPCB(skb)->opt);
	int  l = opt->optlen;
	int  optlen;

	while (l > 0) {
		switch (*optptr) {
		case IPOPT_END:
			return;
		case IPOPT_NOOP:
			l--;
			optptr++;
			continue;
		}
		optlen = optptr[1];
		if (optlen<2 || optlen>l)
		  return;
		if (!IPOPT_COPIED(*optptr))
			memset(optptr, IPOPT_NOOP, optlen);
		l -= optlen;
		optptr += optlen;
	}
	opt->ts = 0;
	opt->rr = 0;
	opt->rr_needaddr = 0;
	opt->ts_needaddr = 0;
	opt->ts_needtime = 0;
	return;
}

/*
 * Verify options and fill pointers in struct options.
 * Caller should clear *opt, and set opt->data.
 * If opt == NULL, then skb->data should point to IP header.
 */

int ip_options_compile(struct ip_options * opt, struct sk_buff * skb)
{
	int l;
	unsigned char * iph;
	unsigned char * optptr;
	int optlen;
	unsigned char * pp_ptr = NULL;
	struct rtable *rt = skb ? (struct rtable*)skb->dst : NULL;

	if (!opt) {
		opt = &(IPCB(skb)->opt);
		memset(opt, 0, sizeof(struct ip_options));
		iph = skb->nh.raw;
		opt->optlen = ((struct iphdr *)iph)->ihl*4 - sizeof(struct iphdr);
		optptr = iph + sizeof(struct iphdr);
		opt->is_data = 0;
	} else {
		optptr = opt->is_data ? opt->__data : (unsigned char*)&(skb->nh.iph[1]);
		iph = optptr - sizeof(struct iphdr);
	}

	for (l = opt->optlen; l > 0; ) {
		switch (*optptr) {
		      case IPOPT_END:
			for (optptr++, l--; l>0; optptr++, l--) {
				if (*optptr != IPOPT_END) {
					*optptr = IPOPT_END;
					opt->is_changed = 1;
				}
			}
			goto eol;
		      case IPOPT_NOOP:
			l--;
			optptr++;
			continue;
		}
		optlen = optptr[1];
		if (optlen<2 || optlen>l) {
			pp_ptr = optptr;
			goto error;
		}
		switch (*optptr) {
		      case IPOPT_SSRR:
		      case IPOPT_LSRR:
			if (optlen < 3) {
				pp_ptr = optptr + 1;
				goto error;
			}
			if (optptr[2] < 4) {
				pp_ptr = optptr + 2;
				goto error;
			}
			/* NB: cf RFC-1812 5.2.4.1 */
			if (opt->srr) {
				pp_ptr = optptr;
				goto error;
			}
			if (!skb) {
				if (optptr[2] != 4 || optlen < 7 || ((optlen-3) & 3)) {
					pp_ptr = optptr + 1;
					goto error;
				}
				memcpy(&opt->faddr, &optptr[3], 4);
				if (optlen > 7)
					memmove(&optptr[3], &optptr[7], optlen-7);
			}
			opt->is_strictroute = (optptr[0] == IPOPT_SSRR);
			opt->srr = optptr - iph;
			break;
		      case IPOPT_RR:
			if (opt->rr) {
				pp_ptr = optptr;
				goto error;
			}
			if (optlen < 3) {
				pp_ptr = optptr + 1;
				goto error;
			}
			if (optptr[2] < 4) {
				pp_ptr = optptr + 2;
				goto error;
			}
			if (optptr[2] <= optlen) {
				if (optptr[2]+3 > optlen) {
					pp_ptr = optptr + 2;
					goto error;
				}
				if (skb) {
					memcpy(&optptr[optptr[2]-1], &rt->rt_spec_dst, 4);
					opt->is_changed = 1;
				}
				optptr[2] += 4;
				opt->rr_needaddr = 1;
			}
			opt->rr = optptr - iph;
			break;
		      case IPOPT_TIMESTAMP:
			if (opt->ts) {
				pp_ptr = optptr;
				goto error;
			}
			if (optlen < 4) {
				pp_ptr = optptr + 1;
				goto error;
			}
			if (optptr[2] < 5) {
				pp_ptr = optptr + 2;
				goto error;
			}
			if (optptr[2] <= optlen) {
				__u32 * timeptr = NULL;
				if (optptr[2]+3 > optptr[1]) {
					pp_ptr = optptr + 2;
					goto error;
				}
				switch (optptr[3]&0xF) {
				      case IPOPT_TS_TSONLY:
					opt->ts = optptr - iph;
					if (skb) 
						timeptr = (__u32*)&optptr[optptr[2]-1];
					opt->ts_needtime = 1;
					optptr[2] += 4;
					break;
				      case IPOPT_TS_TSANDADDR:
					if (optptr[2]+7 > optptr[1]) {
						pp_ptr = optptr + 2;
						goto error;
					}
					opt->ts = optptr - iph;
					if (skb) {
						memcpy(&optptr[optptr[2]-1], &rt->rt_spec_dst, 4);
						timeptr = (__u32*)&optptr[optptr[2]+3];
					}
					opt->ts_needaddr = 1;
					opt->ts_needtime = 1;
					optptr[2] += 8;
					break;
				      case IPOPT_TS_PRESPEC:
					if (optptr[2]+7 > optptr[1]) {
						pp_ptr = optptr + 2;
						goto error;
					}
					opt->ts = optptr - iph;
					{
						u32 addr;
						memcpy(&addr, &optptr[optptr[2]-1], 4);
						if (inet_addr_type(addr) == RTN_UNICAST)
							break;
						if (skb)
							timeptr = (__u32*)&optptr[optptr[2]+3];
					}
					opt->ts_needtime = 1;
					optptr[2] += 8;
					break;
				      default:
					if (!skb && !capable(CAP_NET_RAW)) {
						pp_ptr = optptr + 3;
						goto error;
					}
					break;
				}
				if (timeptr) {
					struct timeval tv;
					__u32  midtime;
					do_gettimeofday(&tv);
					midtime = htonl((tv.tv_sec % 86400) * 1000 + tv.tv_usec / 1000);
					memcpy(timeptr, &midtime, sizeof(__u32));
					opt->is_changed = 1;
				}
			} else {
				unsigned overflow = optptr[3]>>4;
				if (overflow == 15) {
					pp_ptr = optptr + 3;
					goto error;
				}
				opt->ts = optptr - iph;
				if (skb) {
					optptr[3] = (optptr[3]&0xF)|((overflow+1)<<4);
					opt->is_changed = 1;
				}
			}
			break;
		      case IPOPT_RA:
			if (optlen < 4) {
				pp_ptr = optptr + 1;
				goto error;
			}
			if (optptr[2] == 0 && optptr[3] == 0)
				opt->router_alert = optptr - iph;
			break;
		      case IPOPT_SEC:
		      case IPOPT_SID:
		      default:
			if (!skb && !capable(CAP_NET_RAW)) {
				pp_ptr = optptr;
				goto error;
			}
			break;
		}
		l -= optlen;
		optptr += optlen;
	}

eol:
	if (!pp_ptr)
		return 0;

error:
	if (skb) {
		icmp_send(skb, ICMP_PARAMETERPROB, 0, htonl((pp_ptr-iph)<<24));
	}
	return -EINVAL;
}


/*
 *	Undo all the changes done by ip_options_compile().
 */

void ip_options_undo(struct ip_options * opt)
{
	if (opt->srr) {
		unsigned  char * optptr = opt->__data+opt->srr-sizeof(struct  iphdr);
		memmove(optptr+7, optptr+3, optptr[1]-7);
		memcpy(optptr+3, &opt->faddr, 4);
	}
	if (opt->rr_needaddr) {
		unsigned  char * optptr = opt->__data+opt->rr-sizeof(struct  iphdr);
		optptr[2] -= 4;
		memset(&optptr[optptr[2]-1], 0, 4);
	}
	if (opt->ts) {
		unsigned  char * optptr = opt->__data+opt->ts-sizeof(struct  iphdr);
		if (opt->ts_needtime) {
			optptr[2] -= 4;
			memset(&optptr[optptr[2]-1], 0, 4);
			if ((optptr[3]&0xF) == IPOPT_TS_PRESPEC)
				optptr[2] -= 4;
		}
		if (opt->ts_needaddr) {
			optptr[2] -= 4;
			memset(&optptr[optptr[2]-1], 0, 4);
		}
	}
}

static struct ip_options *ip_options_get_alloc(const int optlen)
{
	struct ip_options *opt = kmalloc(sizeof(*opt) + ((optlen + 3) & ~3),
					 GFP_KERNEL);
	if (opt)
		memset(opt, 0, sizeof(*opt));
	return opt;
}

static int ip_options_get_finish(struct ip_options **optp,
				 struct ip_options *opt, int optlen)
{
	while (optlen & 3)
		opt->__data[optlen++] = IPOPT_END;
	opt->optlen = optlen;
	opt->is_data = 1;
	opt->is_setbyuser = 1;
	if (optlen && ip_options_compile(opt, NULL)) {
		kfree(opt);
		return -EINVAL;
	}
	kfree(*optp);
	*optp = opt;
	return 0;
}

int ip_options_get_from_user(struct ip_options **optp, unsigned char __user *data, int optlen)
{
	struct ip_options *opt = ip_options_get_alloc(optlen);

	if (!opt)
		return -ENOMEM;
	if (optlen && copy_from_user(opt->__data, data, optlen)) {
		kfree(opt);
		return -EFAULT;
	}
	return ip_options_get_finish(optp, opt, optlen);
}

int ip_options_get(struct ip_options **optp, unsigned char *data, int optlen)
{
	struct ip_options *opt = ip_options_get_alloc(optlen);

	if (!opt)
		return -ENOMEM;
	if (optlen)
		memcpy(opt->__data, data, optlen);
	return ip_options_get_finish(optp, opt, optlen);
}

void ip_forward_options(struct sk_buff *skb)
{
	struct   ip_options * opt	= &(IPCB(skb)->opt);
	unsigned char * optptr;
	struct rtable *rt = (struct rtable*)skb->dst;
	unsigned char *raw = skb->nh.raw;

	if (opt->rr_needaddr) {
		optptr = (unsigned char *)raw + opt->rr;
		ip_rt_get_source(&optptr[optptr[2]-5], rt);
		opt->is_changed = 1;
	}
	if (opt->srr_is_hit) {
		int srrptr, srrspace;

		optptr = raw + opt->srr;

		for ( srrptr=optptr[2], srrspace = optptr[1];
		     srrptr <= srrspace;
		     srrptr += 4
		     ) {
			if (srrptr + 3 > srrspace)
				break;
			if (memcmp(&rt->rt_dst, &optptr[srrptr-1], 4) == 0)
				break;
		}
		if (srrptr + 3 <= srrspace) {
			opt->is_changed = 1;
			ip_rt_get_source(&optptr[srrptr-1], rt);
			skb->nh.iph->daddr = rt->rt_dst;
			optptr[2] = srrptr+4;
		} else if (net_ratelimit())
			printk(KERN_CRIT "ip_forward(): Argh! Destination lost!\n");
		if (opt->ts_needaddr) {
			optptr = raw + opt->ts;
			ip_rt_get_source(&optptr[optptr[2]-9], rt);
			opt->is_changed = 1;
		}
	}
	if (opt->is_changed) {
		opt->is_changed = 0;
		ip_send_check(skb->nh.iph);
	}
}

int ip_options_rcv_srr(struct sk_buff *skb)
{
	struct ip_options *opt = &(IPCB(skb)->opt);
	int srrspace, srrptr;
	u32 nexthop;
	struct iphdr *iph = skb->nh.iph;
	unsigned char * optptr = skb->nh.raw + opt->srr;
	struct rtable *rt = (struct rtable*)skb->dst;
	struct rtable *rt2;
	int err;

	if (!opt->srr)
		return 0;

	if (skb->pkt_type != PACKET_HOST)
		return -EINVAL;
	if (rt->rt_type == RTN_UNICAST) {
		if (!opt->is_strictroute)
			return 0;
		icmp_send(skb, ICMP_PARAMETERPROB, 0, htonl(16<<24));
		return -EINVAL;
	}
	if (rt->rt_type != RTN_LOCAL)
		return -EINVAL;

	for (srrptr=optptr[2], srrspace = optptr[1]; srrptr <= srrspace; srrptr += 4) {
		if (srrptr + 3 > srrspace) {
			icmp_send(skb, ICMP_PARAMETERPROB, 0, htonl((opt->srr+2)<<24));
			return -EINVAL;
		}
		memcpy(&nexthop, &optptr[srrptr-1], 4);

		rt = (struct rtable*)skb->dst;
		skb->dst = NULL;
		err = ip_route_input(skb, nexthop, iph->saddr, iph->tos, skb->dev);
		rt2 = (struct rtable*)skb->dst;
		if (err || (rt2->rt_type != RTN_UNICAST && rt2->rt_type != RTN_LOCAL)) {
			ip_rt_put(rt2);
			skb->dst = &rt->u.dst;
			return -EINVAL;
		}
		ip_rt_put(rt);
		if (rt2->rt_type != RTN_LOCAL)
			break;
		/* Superfast 8) loopback forward */
		memcpy(&iph->daddr, &optptr[srrptr-1], 4);
		opt->is_changed = 1;
	}
	if (srrptr <= srrspace) {
		opt->srr_is_hit = 1;
		opt->is_changed = 1;
	}
	return 0;
}
Commit	Line	Data
1da177e4 LT	1	/*
	2	* INET An implementation of the TCP/IP protocol suite for the LINUX
	3	* operating system. INET is implemented using the BSD Socket
	4	* interface as the means of communication with the user level.
	5	*
	6	* The options processing module for ip.c
	7	*
	8	* Version: $Id: ip_options.c,v 1.21 2001/09/01 00:31:50 davem Exp $
	9	*
	10	* Authors: A.N.Kuznetsov
	11	*
	12	*/
	13
4fc268d2	14	#include <linux/capability.h>
1da177e4 LT	15	#include <linux/module.h>
	16	#include <linux/types.h>
	17	#include <asm/uaccess.h>
	18	#include <linux/skbuff.h>
	19	#include <linux/ip.h>
	20	#include <linux/icmp.h>
	21	#include <linux/netdevice.h>
	22	#include <linux/rtnetlink.h>
	23	#include <net/sock.h>
	24	#include <net/ip.h>
	25	#include <net/icmp.h>
14c85021	26	#include <net/route.h>
1da177e4 LT	27
	28	/*
	29	* Write options to IP header, record destination address to
	30	* source route option, address of outgoing interface
	31	* (we should already know it, so that this function is allowed be
	32	* called only after routing decision) and timestamp,
	33	* if we originate this datagram.
	34	*
	35	* daddr is real destination address, next hop is recorded in IP header.
	36	* saddr is address of outgoing interface.
	37	*/
	38
	39	void ip_options_build(struct sk_buff * skb, struct ip_options * opt,
	40	u32 daddr, struct rtable *rt, int is_frag)
	41	{
	42	unsigned char * iph = skb->nh.raw;
	43
	44	memcpy(&(IPCB(skb)->opt), opt, sizeof(struct ip_options));
	45	memcpy(iph+sizeof(struct iphdr), opt->__data, opt->optlen);
	46	opt = &(IPCB(skb)->opt);
	47	opt->is_data = 0;
	48
	49	if (opt->srr)
	50	memcpy(iph+opt->srr+iph[opt->srr+1]-4, &daddr, 4);
	51
	52	if (!is_frag) {
	53	if (opt->rr_needaddr)
	54	ip_rt_get_source(iph+opt->rr+iph[opt->rr+2]-5, rt);
	55	if (opt->ts_needaddr)
	56	ip_rt_get_source(iph+opt->ts+iph[opt->ts+2]-9, rt);
	57	if (opt->ts_needtime) {
	58	struct timeval tv;
	59	__u32 midtime;
	60	do_gettimeofday(&tv);
	61	midtime = htonl((tv.tv_sec % 86400) * 1000 + tv.tv_usec / 1000);
	62	memcpy(iph+opt->ts+iph[opt->ts+2]-5, &midtime, 4);
	63	}
	64	return;
	65	}
	66	if (opt->rr) {
	67	memset(iph+opt->rr, IPOPT_NOP, iph[opt->rr+1]);
	68	opt->rr = 0;
	69	opt->rr_needaddr = 0;
	70	}
	71	if (opt->ts) {
	72	memset(iph+opt->ts, IPOPT_NOP, iph[opt->ts+1]);
	73	opt->ts = 0;
	74	opt->ts_needaddr = opt->ts_needtime = 0;
	75	}
	76	}
	77
	78	/*
	79	* Provided (sopt, skb) points to received options,
	80	* build in dopt compiled option set appropriate for answering.
	81	* i.e. invert SRR option, copy anothers,
	82	* and grab room in RR/TS options.
	83	*
	84	* NOTE: dopt cannot point to skb.
	85	*/
	86
	87	int ip_options_echo(struct ip_options * dopt, struct sk_buff * skb)
	88	{
	89	struct ip_options *sopt;
	90	unsigned char sptr, dptr;
91	int soffset, doffset;
92	int optlen;
93	u32 daddr;
94
95	memset(dopt, 0, sizeof(struct ip_options));
96
97	dopt->is_data = 1;
98
99	sopt = &(IPCB(skb)->opt);
100
101	if (sopt->optlen == 0) {
102	dopt->optlen = 0;
103	return 0;
104	}
105
106	sptr = skb->nh.raw;
107	dptr = dopt->__data;
108
109	if (skb->dst)
110	daddr = ((struct rtable*)skb->dst)->rt_spec_dst;
111	else
112	daddr = skb->nh.iph->daddr;
113
114	if (sopt->rr) {
115	optlen = sptr[sopt->rr+1];
116	soffset = sptr[sopt->rr+2];
117	dopt->rr = dopt->optlen + sizeof(struct iphdr);
118	memcpy(dptr, sptr+sopt->rr, optlen);
119	if (sopt->rr_needaddr && soffset <= optlen) {
120	if (soffset + 3 > optlen)
121	return -EINVAL;
122	dptr[2] = soffset + 4;
123	dopt->rr_needaddr = 1;
124	}
125	dptr += optlen;
126	dopt->optlen += optlen;
127	}
128	if (sopt->ts) {
129	optlen = sptr[sopt->ts+1];
130	soffset = sptr[sopt->ts+2];
131	dopt->ts = dopt->optlen + sizeof(struct iphdr);
132	memcpy(dptr, sptr+sopt->ts, optlen);
133	if (soffset <= optlen) {
134	if (sopt->ts_needaddr) {
135	if (soffset + 3 > optlen)
136	return -EINVAL;
137	dopt->ts_needaddr = 1;
138	soffset += 4;
139	}
140	if (sopt->ts_needtime) {
141	if (soffset + 3 > optlen)
142	return -EINVAL;
143	if ((dptr[3]&0xF) != IPOPT_TS_PRESPEC) {
144	dopt->ts_needtime = 1;
145	soffset += 4;
146	} else {
147	dopt->ts_needtime = 0;
148
149	if (soffset + 8 <= optlen) {
150	__u32 addr;
151
152	memcpy(&addr, sptr+soffset-1, 4);
153	if (inet_addr_type(addr) != RTN_LOCAL) {
154	dopt->ts_needtime = 1;
155	soffset += 8;
156	}
157	}
158	}
159	}
160	dptr[2] = soffset;
161	}
162	dptr += optlen;
163	dopt->optlen += optlen;
164	}
165	if (sopt->srr) {
166	unsigned char * start = sptr+sopt->srr;
167	u32 faddr;
168
169	optlen = start[1];
170	soffset = start[2];
171	doffset = 0;
172	if (soffset > optlen)
173	soffset = optlen + 1;
174	soffset -= 4;
175	if (soffset > 3) {
176	memcpy(&faddr, &start[soffset-1], 4);
177	for (soffset-=4, doffset=4; soffset > 3; soffset-=4, doffset+=4)
178	memcpy(&dptr[doffset-1], &start[soffset-1], 4);
179	/*
180	* RFC1812 requires to fix illegal source routes.
181	*/
182	if (memcmp(&skb->nh.iph->saddr, &start[soffset+3], 4) == 0)
183	doffset -= 4;
184	}
185	if (doffset > 3) {
186	memcpy(&start[doffset-1], &daddr, 4);
187	dopt->faddr = faddr;
188	dptr[0] = start[0];
189	dptr[1] = doffset+3;
190	dptr[2] = 4;
191	dptr += doffset+3;
192	dopt->srr = dopt->optlen + sizeof(struct iphdr);
193	dopt->optlen += doffset+3;
194	dopt->is_strictroute = sopt->is_strictroute;
195	}
196	}
197	while (dopt->optlen & 3) {
198	*dptr++ = IPOPT_END;
199	dopt->optlen++;
200	}
201	return 0;
202	}
203
204	/*
205	* Options "fragmenting", just fill options not
206	* allowed in fragments with NOOPs.
207	* Simple and stupid 8), but the most efficient way.
208	*/
209
210	void ip_options_fragment(struct sk_buff * skb)
211	{
212	unsigned char * optptr = skb->nh.raw;
213	struct ip_options * opt = &(IPCB(skb)->opt);
214	int l = opt->optlen;
215	int optlen;
216
217	while (l > 0) {
218	switch (*optptr) {
219	case IPOPT_END:
220	return;
221	case IPOPT_NOOP:
222	l--;
223	optptr++;
224	continue;
225	}
226	optlen = optptr[1];
227	if (optlen<2 \|\| optlen>l)
228	return;
229	if (!IPOPT_COPIED(*optptr))
230	memset(optptr, IPOPT_NOOP, optlen);
231	l -= optlen;
232	optptr += optlen;
233	}
234	opt->ts = 0;
235	opt->rr = 0;
236	opt->rr_needaddr = 0;
237	opt->ts_needaddr = 0;
238	opt->ts_needtime = 0;
239	return;
240	}
241
242	/*
243	* Verify options and fill pointers in struct options.
244	* Caller should clear *opt, and set opt->data.
245	* If opt == NULL, then skb->data should point to IP header.
246	*/
247
248	int ip_options_compile(struct ip_options * opt, struct sk_buff * skb)
249	{
250	int l;
251	unsigned char * iph;
252	unsigned char * optptr;
253	int optlen;
254	unsigned char * pp_ptr = NULL;
255	struct rtable rt = skb ? (struct rtable)skb->dst : NULL;
256
257	if (!opt) {
258	opt = &(IPCB(skb)->opt);
259	memset(opt, 0, sizeof(struct ip_options));
260	iph = skb->nh.raw;
261	opt->optlen = ((struct iphdr )iph)->ihl4 - sizeof(struct iphdr);
262	optptr = iph + sizeof(struct iphdr);
263	opt->is_data = 0;
264	} else {
265	optptr = opt->is_data ? opt->__data : (unsigned char*)&(skb->nh.iph[1]);
266	iph = optptr - sizeof(struct iphdr);
267	}
268
269	for (l = opt->optlen; l > 0; ) {
270	switch (*optptr) {
271	case IPOPT_END:
272	for (optptr++, l--; l>0; optptr++, l--) {
273	if (*optptr != IPOPT_END) {
274	*optptr = IPOPT_END;
275	opt->is_changed = 1;
276	}
277	}
278	goto eol;
279	case IPOPT_NOOP:
280	l--;
281	optptr++;
282	continue;
283	}
284	optlen = optptr[1];
285	if (optlen<2 \|\| optlen>l) {
286	pp_ptr = optptr;
287	goto error;
288	}
289	switch (*optptr) {
290	case IPOPT_SSRR:
291	case IPOPT_LSRR:
292	if (optlen < 3) {
293	pp_ptr = optptr + 1;
294	goto error;
295	}
296	if (optptr[2] < 4) {
297	pp_ptr = optptr + 2;
298	goto error;
299	}
300	/* NB: cf RFC-1812 5.2.4.1 */
301	if (opt->srr) {
302	pp_ptr = optptr;
303	goto error;
304	}
305	if (!skb) {
306	if (optptr[2] != 4 \|\| optlen < 7 \|\| ((optlen-3) & 3)) {
307	pp_ptr = optptr + 1;
308	goto error;
309	}
310	memcpy(&opt->faddr, &optptr[3], 4);
311	if (optlen > 7)
312	memmove(&optptr[3], &optptr[7], optlen-7);
313	}
314	opt->is_strictroute = (optptr[0] == IPOPT_SSRR);
315	opt->srr = optptr - iph;
316	break;
317	case IPOPT_RR:
318	if (opt->rr) {
319	pp_ptr = optptr;
320	goto error;
321	}
322	if (optlen < 3) {
323	pp_ptr = optptr + 1;
324	goto error;
325	}
326	if (optptr[2] < 4) {
327	pp_ptr = optptr + 2;
328	goto error;
329	}
330	if (optptr[2] <= optlen) {
331	if (optptr[2]+3 > optlen) {
332	pp_ptr = optptr + 2;
333	goto error;
334	}
335	if (skb) {
336	memcpy(&optptr[optptr[2]-1], &rt->rt_spec_dst, 4);
337	opt->is_changed = 1;
338	}
339	optptr[2] += 4;
340	opt->rr_needaddr = 1;
341	}
342	opt->rr = optptr - iph;
343	break;
344	case IPOPT_TIMESTAMP:
345	if (opt->ts) {
346	pp_ptr = optptr;
347	goto error;
348	}
349	if (optlen < 4) {
350	pp_ptr = optptr + 1;
351	goto error;
352	}
353	if (optptr[2] < 5) {
354	pp_ptr = optptr + 2;
355	goto error;
356	}
357	if (optptr[2] <= optlen) {
358	__u32 * timeptr = NULL;
359	if (optptr[2]+3 > optptr[1]) {
360	pp_ptr = optptr + 2;
361	goto error;
362	}
363	switch (optptr[3]&0xF) {
364	case IPOPT_TS_TSONLY:
365	opt->ts = optptr - iph;
366	if (skb)
367	timeptr = (__u32*)&optptr[optptr[2]-1];
368	opt->ts_needtime = 1;
369	optptr[2] += 4;
370	break;
371	case IPOPT_TS_TSANDADDR:
372	if (optptr[2]+7 > optptr[1]) {
373	pp_ptr = optptr + 2;
374	goto error;
375	}
376	opt->ts = optptr - iph;
377	if (skb) {
378	memcpy(&optptr[optptr[2]-1], &rt->rt_spec_dst, 4);
379	timeptr = (__u32*)&optptr[optptr[2]+3];
380	}
381	opt->ts_needaddr = 1;
382	opt->ts_needtime = 1;
383	optptr[2] += 8;
384	break;
385	case IPOPT_TS_PRESPEC:
386	if (optptr[2]+7 > optptr[1]) {
387	pp_ptr = optptr + 2;
388	goto error;
389	}
390	opt->ts = optptr - iph;
391	{
392	u32 addr;
393	memcpy(&addr, &optptr[optptr[2]-1], 4);
394	if (inet_addr_type(addr) == RTN_UNICAST)
395	break;
396	if (skb)
397	timeptr = (__u32*)&optptr[optptr[2]+3];
398	}
399	opt->ts_needtime = 1;
400	optptr[2] += 8;
401	break;
402	default:
403	if (!skb && !capable(CAP_NET_RAW)) {
404	pp_ptr = optptr + 3;
405	goto error;
406	}
407	break;
408	}
409	if (timeptr) {
410	struct timeval tv;
411	__u32 midtime;
412	do_gettimeofday(&tv);
413	midtime = htonl((tv.tv_sec % 86400) * 1000 + tv.tv_usec / 1000);
414	memcpy(timeptr, &midtime, sizeof(__u32));
415	opt->is_changed = 1;
416	}
417	} else {
418	unsigned overflow = optptr[3]>>4;
419	if (overflow == 15) {
420	pp_ptr = optptr + 3;
421	goto error;
422	}
423	opt->ts = optptr - iph;
424	if (skb) {
425	optptr[3] = (optptr[3]&0xF)\|((overflow+1)<<4);
426	opt->is_changed = 1;
427	}
428	}
429	break;
430	case IPOPT_RA:
431	if (optlen < 4) {
432	pp_ptr = optptr + 1;
433	goto error;
434	}
435	if (optptr[2] == 0 && optptr[3] == 0)
436	opt->router_alert = optptr - iph;
437	break;
438	case IPOPT_SEC:
439	case IPOPT_SID:
440	default:
441	if (!skb && !capable(CAP_NET_RAW)) {
442	pp_ptr = optptr;
443	goto error;
444	}
445	break;
446	}
447	l -= optlen;
448	optptr += optlen;
449	}
450
451	eol:
452	if (!pp_ptr)
453	return 0;
454
455	error:
456	if (skb) {
457	icmp_send(skb, ICMP_PARAMETERPROB, 0, htonl((pp_ptr-iph)<<24));
458	}
459	return -EINVAL;
460	}
461
462
463	/*
464	* Undo all the changes done by ip_options_compile().
465	*/
466
467	void ip_options_undo(struct ip_options * opt)
468	{
469	if (opt->srr) {
470	unsigned char * optptr = opt->__data+opt->srr-sizeof(struct iphdr);
471	memmove(optptr+7, optptr+3, optptr[1]-7);
472	memcpy(optptr+3, &opt->faddr, 4);
473	}
474	if (opt->rr_needaddr) {
475	unsigned char * optptr = opt->__data+opt->rr-sizeof(struct iphdr);
476	optptr[2] -= 4;
477	memset(&optptr[optptr[2]-1], 0, 4);
478	}
479	if (opt->ts) {
480	unsigned char * optptr = opt->__data+opt->ts-sizeof(struct iphdr);
481	if (opt->ts_needtime) {
482	optptr[2] -= 4;
483	memset(&optptr[optptr[2]-1], 0, 4);
484	if ((optptr[3]&0xF) == IPOPT_TS_PRESPEC)
485	optptr[2] -= 4;
486	}
487	if (opt->ts_needaddr) {
488	optptr[2] -= 4;
489	memset(&optptr[optptr[2]-1], 0, 4);
490	}
491	}
492	}
493
4c6ea29d	494	static struct ip_options *ip_options_get_alloc(const int optlen)
1da177e4	495	{
4c6ea29d ACM	496	struct ip_options opt = kmalloc(sizeof(opt) + ((optlen + 3) & ~3),
	497	GFP_KERNEL);
	498	if (opt)
	499	memset(opt, 0, sizeof(*opt));
	500	return opt;
	501	}
1da177e4	502
4c6ea29d ACM	503	static int ip_options_get_finish(struct ip_options **optp,
	504	struct ip_options *opt, int optlen)
	505	{
1da177e4 LT	506	while (optlen & 3)
	507	opt->__data[optlen++] = IPOPT_END;
	508	opt->optlen = optlen;
	509	opt->is_data = 1;
	510	opt->is_setbyuser = 1;
	511	if (optlen && ip_options_compile(opt, NULL)) {
	512	kfree(opt);
	513	return -EINVAL;
	514	}
a51482bd	515	kfree(*optp);
1da177e4 LT	516	*optp = opt;
	517	return 0;
	518	}
	519
4c6ea29d ACM	520	int ip_options_get_from_user(struct ip_options *optp, unsigned char __user data, int optlen)
	521	{
	522	struct ip_options *opt = ip_options_get_alloc(optlen);
	523
	524	if (!opt)
	525	return -ENOMEM;
	526	if (optlen && copy_from_user(opt->__data, data, optlen)) {
	527	kfree(opt);
	528	return -EFAULT;
	529	}
	530	return ip_options_get_finish(optp, opt, optlen);
	531	}
	532
	533	int ip_options_get(struct ip_options *optp, unsigned char data, int optlen)
	534	{
	535	struct ip_options *opt = ip_options_get_alloc(optlen);
	536
	537	if (!opt)
	538	return -ENOMEM;
	539	if (optlen)
	540	memcpy(opt->__data, data, optlen);
	541	return ip_options_get_finish(optp, opt, optlen);
	542	}
	543
1da177e4 LT	544	void ip_forward_options(struct sk_buff *skb)
	545	{
	546	struct ip_options * opt = &(IPCB(skb)->opt);
	547	unsigned char * optptr;
	548	struct rtable rt = (struct rtable)skb->dst;
	549	unsigned char *raw = skb->nh.raw;
	550
	551	if (opt->rr_needaddr) {
	552	optptr = (unsigned char *)raw + opt->rr;
	553	ip_rt_get_source(&optptr[optptr[2]-5], rt);
	554	opt->is_changed = 1;
	555	}
	556	if (opt->srr_is_hit) {
	557	int srrptr, srrspace;
	558
	559	optptr = raw + opt->srr;
	560
	561	for ( srrptr=optptr[2], srrspace = optptr[1];
	562	srrptr <= srrspace;
	563	srrptr += 4
	564	) {
	565	if (srrptr + 3 > srrspace)
	566	break;
	567	if (memcmp(&rt->rt_dst, &optptr[srrptr-1], 4) == 0)
	568	break;
	569	}
	570	if (srrptr + 3 <= srrspace) {
	571	opt->is_changed = 1;
	572	ip_rt_get_source(&optptr[srrptr-1], rt);
	573	skb->nh.iph->daddr = rt->rt_dst;
	574	optptr[2] = srrptr+4;
	575	} else if (net_ratelimit())
	576	printk(KERN_CRIT "ip_forward(): Argh! Destination lost!\n");
	577	if (opt->ts_needaddr) {
	578	optptr = raw + opt->ts;
	579	ip_rt_get_source(&optptr[optptr[2]-9], rt);
	580	opt->is_changed = 1;
	581	}
	582	}
	583	if (opt->is_changed) {
	584	opt->is_changed = 0;
	585	ip_send_check(skb->nh.iph);
	586	}
	587	}
	588
	589	int ip_options_rcv_srr(struct sk_buff *skb)
	590	{
	591	struct ip_options *opt = &(IPCB(skb)->opt);
	592	int srrspace, srrptr;
	593	u32 nexthop;
	594	struct iphdr *iph = skb->nh.iph;
	595	unsigned char * optptr = skb->nh.raw + opt->srr;
	596	struct rtable rt = (struct rtable)skb->dst;
	597	struct rtable *rt2;
	598	int err;
	599
	600	if (!opt->srr)
	601	return 0;
	602
	603	if (skb->pkt_type != PACKET_HOST)
	604	return -EINVAL;
	605	if (rt->rt_type == RTN_UNICAST) {
	606	if (!opt->is_strictroute)
	607	return 0;
608	icmp_send(skb, ICMP_PARAMETERPROB, 0, htonl(16<<24));
609	return -EINVAL;
610	}
611	if (rt->rt_type != RTN_LOCAL)
612	return -EINVAL;
613
614	for (srrptr=optptr[2], srrspace = optptr[1]; srrptr <= srrspace; srrptr += 4) {
615	if (srrptr + 3 > srrspace) {
616	icmp_send(skb, ICMP_PARAMETERPROB, 0, htonl((opt->srr+2)<<24));
617	return -EINVAL;
618	}
619	memcpy(&nexthop, &optptr[srrptr-1], 4);
620
621	rt = (struct rtable*)skb->dst;
622	skb->dst = NULL;
623	err = ip_route_input(skb, nexthop, iph->saddr, iph->tos, skb->dev);
624	rt2 = (struct rtable*)skb->dst;
625	if (err \|\| (rt2->rt_type != RTN_UNICAST && rt2->rt_type != RTN_LOCAL)) {
626	ip_rt_put(rt2);
627	skb->dst = &rt->u.dst;
628	return -EINVAL;
629	}
630	ip_rt_put(rt);
631	if (rt2->rt_type != RTN_LOCAL)
632	break;
633	/* Superfast 8) loopback forward */
634	memcpy(&iph->daddr, &optptr[srrptr-1], 4);
635	opt->is_changed = 1;
636	}
637	if (srrptr <= srrspace) {
638	opt->srr_is_hit = 1;
639	opt->is_changed = 1;
640	}
641	return 0;
642	}