[mirror_ubuntu-bionic-kernel.git] / net / ipv6 / output_core.c

/*
 * IPv6 library code, needed by static components when full IPv6 support is
 * not configured or static.  These functions are needed by GSO/GRO implementation.
 */
#include <linux/export.h>
#include <net/ip.h>
#include <net/ipv6.h>
#include <net/ip6_fib.h>
#include <net/addrconf.h>
#include <net/secure_seq.h>
#include <linux/netfilter.h>

static u32 __ipv6_select_ident(struct net *net,
			       const struct in6_addr *dst,
			       const struct in6_addr *src)
{
	const struct {
		struct in6_addr dst;
		struct in6_addr src;
	} __aligned(SIPHASH_ALIGNMENT) combined = {
		.dst = *dst,
		.src = *src,
	};
	u32 hash, id;

	/* Note the following code is not safe, but this is okay. */
	if (unlikely(siphash_key_is_zero(&net->ipv4.ip_id_key)))
		get_random_bytes(&net->ipv4.ip_id_key,
				 sizeof(net->ipv4.ip_id_key));

	hash = siphash(&combined, sizeof(combined), &net->ipv4.ip_id_key);

	/* Treat id of 0 as unset and if we get 0 back from ip_idents_reserve,
	 * set the hight order instead thus minimizing possible future
	 * collisions.
	 */
	id = ip_idents_reserve(hash, 1);
	if (unlikely(!id))
		id = 1 << 31;

	return id;
}

/* This function exists only for tap drivers that must support broken
 * clients requesting UFO without specifying an IPv6 fragment ID.
 *
 * This is similar to ipv6_select_ident() but we use an independent hash
 * seed to limit information leakage.
 *
 * The network header must be set before calling this.
 */
__be32 ipv6_proxy_select_ident(struct net *net, struct sk_buff *skb)
{
	struct in6_addr buf[2];
	struct in6_addr *addrs;
	u32 id;

	addrs = skb_header_pointer(skb,
				   skb_network_offset(skb) +
				   offsetof(struct ipv6hdr, saddr),
				   sizeof(buf), buf);
	if (!addrs)
		return 0;

	id = __ipv6_select_ident(net, &addrs[1], &addrs[0]);
	return htonl(id);
}
EXPORT_SYMBOL_GPL(ipv6_proxy_select_ident);

__be32 ipv6_select_ident(struct net *net,
			 const struct in6_addr *daddr,
			 const struct in6_addr *saddr)
{
	u32 id;

	id = __ipv6_select_ident(net, daddr, saddr);
	return htonl(id);
}
EXPORT_SYMBOL(ipv6_select_ident);

int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
{
	unsigned int offset = sizeof(struct ipv6hdr);
	unsigned int packet_len = skb_tail_pointer(skb) -
		skb_network_header(skb);
	int found_rhdr = 0;
	*nexthdr = &ipv6_hdr(skb)->nexthdr;

	while (offset <= packet_len) {
		struct ipv6_opt_hdr *exthdr;

		switch (**nexthdr) {

		case NEXTHDR_HOP:
			break;
		case NEXTHDR_ROUTING:
			found_rhdr = 1;
			break;
		case NEXTHDR_DEST:
#if IS_ENABLED(CONFIG_IPV6_MIP6)
			if (ipv6_find_tlv(skb, offset, IPV6_TLV_HAO) >= 0)
				break;
#endif
			if (found_rhdr)
				return offset;
			break;
		default:
			return offset;
		}

		if (offset + sizeof(struct ipv6_opt_hdr) > packet_len)
			return -EINVAL;

		exthdr = (struct ipv6_opt_hdr *)(skb_network_header(skb) +
						 offset);
		offset += ipv6_optlen(exthdr);
		if (offset > IPV6_MAXPLEN)
			return -EINVAL;
		*nexthdr = &exthdr->nexthdr;
	}

	return -EINVAL;
}
EXPORT_SYMBOL(ip6_find_1stfragopt);

#if IS_ENABLED(CONFIG_IPV6)
int ip6_dst_hoplimit(struct dst_entry *dst)
{
	int hoplimit = dst_metric_raw(dst, RTAX_HOPLIMIT);
	if (hoplimit == 0) {
		struct net_device *dev = dst->dev;
		struct inet6_dev *idev;

		rcu_read_lock();
		idev = __in6_dev_get(dev);
		if (idev)
			hoplimit = idev->cnf.hop_limit;
		else
			hoplimit = dev_net(dev)->ipv6.devconf_all->hop_limit;
		rcu_read_unlock();
	}
	return hoplimit;
}
EXPORT_SYMBOL(ip6_dst_hoplimit);
#endif

int __ip6_local_out(struct net *net, struct sock *sk, struct sk_buff *skb)
{
	int len;

	len = skb->len - sizeof(struct ipv6hdr);
	if (len > IPV6_MAXPLEN)
		len = 0;
	ipv6_hdr(skb)->payload_len = htons(len);
	IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr);

	/* if egress device is enslaved to an L3 master device pass the
	 * skb to its handler for processing
	 */
	skb = l3mdev_ip6_out(sk, skb);
	if (unlikely(!skb))
		return 0;

	skb->protocol = htons(ETH_P_IPV6);

	return nf_hook(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
		       net, sk, skb, NULL, skb_dst(skb)->dev,
		       dst_output);
}
EXPORT_SYMBOL_GPL(__ip6_local_out);

int ip6_local_out(struct net *net, struct sock *sk, struct sk_buff *skb)
{
	int err;

	err = __ip6_local_out(net, sk, skb);
	if (likely(err == 1))
		err = dst_output(net, sk, skb);

	return err;
}
EXPORT_SYMBOL_GPL(ip6_local_out);
Commit	Line	Data
3c73a036 VY	1	/*
	2	* IPv6 library code, needed by static components when full IPv6 support is
	3	* not configured or static. These functions are needed by GSO/GRO implementation.
	4	*/
	5	#include <linux/export.h>
5188cd44	6	#include <net/ip.h>
3c73a036 VY	7	#include <net/ipv6.h>
3c73a036 VY	8	#include <net/ip6_fib.h>
3ce9b35f	9	#include <net/addrconf.h>
6dfac5c3	10	#include <net/secure_seq.h>
a263653e	11	#include <linux/netfilter.h>
3c73a036	12
14bc2d05	13	static u32 __ipv6_select_ident(struct net *net,
fd0273d7 MKL	14	const struct in6_addr *dst,
fd0273d7 MKL	15	const struct in6_addr *src)
0508c07f	16	{
14bc2d05 ED	17	const struct {
	18	struct in6_addr dst;
	19	struct in6_addr src;
	20	} __aligned(SIPHASH_ALIGNMENT) combined = {
	21	.dst = *dst,
	22	.src = *src,
	23	};
0508c07f VY	24	u32 hash, id;
0508c07f VY	25
14bc2d05 ED	26	/* Note the following code is not safe, but this is okay. */
	27	if (unlikely(siphash_key_is_zero(&net->ipv4.ip_id_key)))
	28	get_random_bytes(&net->ipv4.ip_id_key,
	29	sizeof(net->ipv4.ip_id_key));
	30
	31	hash = siphash(&combined, sizeof(combined), &net->ipv4.ip_id_key);
0508c07f VY	32
	33	/* Treat id of 0 as unset and if we get 0 back from ip_idents_reserve,
	34	* set the hight order instead thus minimizing possible future
	35	* collisions.
	36	*/
	37	id = ip_idents_reserve(hash, 1);
	38	if (unlikely(!id))
	39	id = 1 << 31;
	40
	41	return id;
	42	}
	43
0c19f846 WB	44	/* This function exists only for tap drivers that must support broken
	45	* clients requesting UFO without specifying an IPv6 fragment ID.
	46	*
	47	* This is similar to ipv6_select_ident() but we use an independent hash
	48	* seed to limit information leakage.
	49	*
	50	* The network header must be set before calling this.
	51	*/
	52	__be32 ipv6_proxy_select_ident(struct net net, struct sk_buff skb)
	53	{
0c19f846 WB	54	struct in6_addr buf[2];
	55	struct in6_addr *addrs;
	56	u32 id;
	57
	58	addrs = skb_header_pointer(skb,
	59	skb_network_offset(skb) +
	60	offsetof(struct ipv6hdr, saddr),
	61	sizeof(buf), buf);
	62	if (!addrs)
	63	return 0;
	64
14bc2d05	65	id = __ipv6_select_ident(net, &addrs[1], &addrs[0]);
0c19f846 WB	66	return htonl(id);
	67	}
	68	EXPORT_SYMBOL_GPL(ipv6_proxy_select_ident);
	69
7f159867 ED	70	__be32 ipv6_select_ident(struct net *net,
	71	const struct in6_addr *daddr,
	72	const struct in6_addr *saddr)
0508c07f	73	{
0508c07f VY	74	u32 id;
0508c07f VY	75
14bc2d05	76	id = __ipv6_select_ident(net, daddr, saddr);
286c2349	77	return htonl(id);
0508c07f VY	78	}
	79	EXPORT_SYMBOL(ipv6_select_ident);
	80
3c73a036 VY	81	int ip6_find_1stfragopt(struct sk_buff skb, u8 *nexthdr)
3c73a036 VY	82	{
6399f1fa	83	unsigned int offset = sizeof(struct ipv6hdr);
29a3cad5 SH	84	unsigned int packet_len = skb_tail_pointer(skb) -
29a3cad5 SH	85	skb_network_header(skb);
3c73a036 VY	86	int found_rhdr = 0;
	87	*nexthdr = &ipv6_hdr(skb)->nexthdr;
	88
2423496a CG	89	while (offset <= packet_len) {
2423496a CG	90	struct ipv6_opt_hdr *exthdr;
3c73a036 VY	91
	92	switch (**nexthdr) {
	93
	94	case NEXTHDR_HOP:
	95	break;
	96	case NEXTHDR_ROUTING:
	97	found_rhdr = 1;
	98	break;
	99	case NEXTHDR_DEST:
	100	#if IS_ENABLED(CONFIG_IPV6_MIP6)
	101	if (ipv6_find_tlv(skb, offset, IPV6_TLV_HAO) >= 0)
	102	break;
	103	#endif
	104	if (found_rhdr)
	105	return offset;
	106	break;
67ba4152	107	default:
3c73a036 VY	108	return offset;
	109	}
	110
2423496a CG	111	if (offset + sizeof(struct ipv6_opt_hdr) > packet_len)
	112	return -EINVAL;
	113
3c73a036 VY	114	exthdr = (struct ipv6_opt_hdr *)(skb_network_header(skb) +
3c73a036 VY	115	offset);
3de33e1b SB	116	offset += ipv6_optlen(exthdr);
3de33e1b SB	117	if (offset > IPV6_MAXPLEN)
6399f1fa	118	return -EINVAL;
2423496a	119	*nexthdr = &exthdr->nexthdr;
3c73a036 VY	120	}
3c73a036 VY	121
2423496a	122	return -EINVAL;
3c73a036 VY	123	}
3c73a036 VY	124	EXPORT_SYMBOL(ip6_find_1stfragopt);
3ce9b35f CW	125
	126	#if IS_ENABLED(CONFIG_IPV6)
	127	int ip6_dst_hoplimit(struct dst_entry *dst)
	128	{
	129	int hoplimit = dst_metric_raw(dst, RTAX_HOPLIMIT);
	130	if (hoplimit == 0) {
	131	struct net_device *dev = dst->dev;
	132	struct inet6_dev *idev;
	133
	134	rcu_read_lock();
	135	idev = __in6_dev_get(dev);
	136	if (idev)
	137	hoplimit = idev->cnf.hop_limit;
	138	else
	139	hoplimit = dev_net(dev)->ipv6.devconf_all->hop_limit;
	140	rcu_read_unlock();
	141	}
	142	return hoplimit;
	143	}
	144	EXPORT_SYMBOL(ip6_dst_hoplimit);
	145	#endif
788787b5	146
cf91a99d	147	int __ip6_local_out(struct net net, struct sock sk, struct sk_buff *skb)
788787b5 CW	148	{
	149	int len;
	150
	151	len = skb->len - sizeof(struct ipv6hdr);
	152	if (len > IPV6_MAXPLEN)
	153	len = 0;
	154	ipv6_hdr(skb)->payload_len = htons(len);
f6c20c59	155	IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr);
788787b5	156
a8e3e1a9 DA	157	/* if egress device is enslaved to an L3 master device pass the
	158	* skb to its handler for processing
	159	*/
	160	skb = l3mdev_ip6_out(sk, skb);
	161	if (unlikely(!skb))
	162	return 0;
	163
b4e479a9 EC	164	skb->protocol = htons(ETH_P_IPV6);
b4e479a9 EC	165
29a26a56 EB	166	return nf_hook(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
29a26a56 EB	167	net, sk, skb, NULL, skb_dst(skb)->dev,
13206b6b	168	dst_output);
788787b5 CW	169	}
	170	EXPORT_SYMBOL_GPL(__ip6_local_out);
	171
33224b16	172	int ip6_local_out(struct net net, struct sock sk, struct sk_buff *skb)
788787b5 CW	173	{
	174	int err;
	175
cf91a99d	176	err = __ip6_local_out(net, sk, skb);
788787b5	177	if (likely(err == 1))
13206b6b	178	err = dst_output(net, sk, skb);
788787b5 CW	179
	180	return err;
	181	}
	182	EXPORT_SYMBOL_GPL(ip6_local_out);