]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blob - net/ipv6/exthdrs.c
projects / mirror_ubuntu-jammy-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
[SK_BUFF]: Introduce ipv6_hdr(), remove skb->nh.ipv6h
[mirror_ubuntu-jammy-kernel.git] / net / ipv6 / exthdrs.c
1 /*
2 * Extension Header handling for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Andi Kleen <ak@muc.de>
8 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
9 *
10 * $Id: exthdrs.c,v 1.13 2001/06/19 15:58:56 davem Exp $
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
18 /* Changes:
19 * yoshfuji : ensure not to overrun while parsing
20 * tlv options.
21 * Mitsuru KANDA @USAGI and: Remove ipv6_parse_exthdrs().
22 * YOSHIFUJI Hideaki @USAGI Register inbound extension header
23 * handlers as inet6_protocol{}.
24 */
25
26 #include <linux/errno.h>
27 #include <linux/types.h>
28 #include <linux/socket.h>
29 #include <linux/sockios.h>
30 #include <linux/net.h>
31 #include <linux/netdevice.h>
32 #include <linux/in6.h>
33 #include <linux/icmpv6.h>
34
35 #include <net/sock.h>
36 #include <net/snmp.h>
37
38 #include <net/ipv6.h>
39 #include <net/protocol.h>
40 #include <net/transp_v6.h>
41 #include <net/rawv6.h>
42 #include <net/ndisc.h>
43 #include <net/ip6_route.h>
44 #include <net/addrconf.h>
45 #ifdef CONFIG_IPV6_MIP6
46 #include <net/xfrm.h>
47 #endif
48
49 #include <asm/uaccess.h>
50
51 int ipv6_find_tlv(struct sk_buff *skb, int offset, int type)
52 {
53 const unsigned char *nh = skb_network_header(skb);
54 int packet_len = skb->tail - nh;
55 struct ipv6_opt_hdr *hdr;
56 int len;
57
58 if (offset + 2 > packet_len)
59 goto bad;
60 hdr = (struct ipv6_opt_hdr *)(nh + offset);
61 len = ((hdr->hdrlen + 1) << 3);
62
63 if (offset + len > packet_len)
64 goto bad;
65
66 offset += 2;
67 len -= 2;
68
69 while (len > 0) {
70 int opttype = nh[offset];
71 int optlen;
72
73 if (opttype == type)
74 return offset;
75
76 switch (opttype) {
77 case IPV6_TLV_PAD0:
78 optlen = 1;
79 break;
80 default:
81 optlen = nh[offset + 1] + 2;
82 if (optlen > len)
83 goto bad;
84 break;
85 }
86 offset += optlen;
87 len -= optlen;
88 }
89 /* not_found */
90 bad:
91 return -1;
92 }
93
94 /*
95 * Parsing tlv encoded headers.
96 *
97 * Parsing function "func" returns 1, if parsing succeed
98 * and 0, if it failed.
99 * It MUST NOT touch skb->h.
100 */
101
102 struct tlvtype_proc {
103 int type;
104 int (*func)(struct sk_buff **skbp, int offset);
105 };
106
107 /*********************
108 Generic functions
109 *********************/
110
111 /* An unknown option is detected, decide what to do */
112
113 static int ip6_tlvopt_unknown(struct sk_buff **skbp, int optoff)
114 {
115 struct sk_buff *skb = *skbp;
116
117 switch ((skb_network_header(skb)[optoff] & 0xC0) >> 6) {
118 case 0: /* ignore */
119 return 1;
120
121 case 1: /* drop packet */
122 break;
123
124 case 3: /* Send ICMP if not a multicast address and drop packet */
125 /* Actually, it is redundant check. icmp_send
126 will recheck in any case.
127 */
128 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr))
129 break;
130 case 2: /* send ICMP PARM PROB regardless and drop packet */
131 icmpv6_param_prob(skb, ICMPV6_UNK_OPTION, optoff);
132 return 0;
133 };
134
135 kfree_skb(skb);
136 return 0;
137 }
138
139 /* Parse tlv encoded option header (hop-by-hop or destination) */
140
141 static int ip6_parse_tlv(struct tlvtype_proc *procs, struct sk_buff **skbp)
142 {
143 struct sk_buff *skb = *skbp;
144 struct tlvtype_proc *curr;
145 const unsigned char *nh = skb_network_header(skb);
146 int off = skb->h.raw - skb->nh.raw;
147 int len = ((skb->h.raw[1]+1)<<3);
148
149 if ((skb->h.raw + len) - skb->data > skb_headlen(skb))
150 goto bad;
151
152 off += 2;
153 len -= 2;
154
155 while (len > 0) {
156 int optlen = nh[off + 1] + 2;
157
158 switch (nh[off]) {
159 case IPV6_TLV_PAD0:
160 optlen = 1;
161 break;
162
163 case IPV6_TLV_PADN:
164 break;
165
166 default: /* Other TLV code so scan list */
167 if (optlen > len)
168 goto bad;
169 for (curr=procs; curr->type >= 0; curr++) {
170 if (curr->type == nh[off]) {
171 /* type specific length/alignment
172 checks will be performed in the
173 func(). */
174 if (curr->func(skbp, off) == 0)
175 return 0;
176 break;
177 }
178 }
179 if (curr->type < 0) {
180 if (ip6_tlvopt_unknown(skbp, off) == 0)
181 return 0;
182 }
183 break;
184 }
185 off += optlen;
186 len -= optlen;
187 }
188 if (len == 0)
189 return 1;
190 bad:
191 kfree_skb(skb);
192 return 0;
193 }
194
195 /*****************************
196 Destination options header.
197 *****************************/
198
199 #ifdef CONFIG_IPV6_MIP6
200 static int ipv6_dest_hao(struct sk_buff **skbp, int optoff)
201 {
202 struct sk_buff *skb = *skbp;
203 struct ipv6_destopt_hao *hao;
204 struct inet6_skb_parm *opt = IP6CB(skb);
205 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
206 struct in6_addr tmp_addr;
207 int ret;
208
209 if (opt->dsthao) {
210 LIMIT_NETDEBUG(KERN_DEBUG "hao duplicated\n");
211 goto discard;
212 }
213 opt->dsthao = opt->dst1;
214 opt->dst1 = 0;
215
216 hao = (struct ipv6_destopt_hao *)(skb_network_header(skb) + optoff);
217
218 if (hao->length != 16) {
219 LIMIT_NETDEBUG(
220 KERN_DEBUG "hao invalid option length = %d\n", hao->length);
221 goto discard;
222 }
223
224 if (!(ipv6_addr_type(&hao->addr) & IPV6_ADDR_UNICAST)) {
225 LIMIT_NETDEBUG(
226 KERN_DEBUG "hao is not an unicast addr: " NIP6_FMT "\n", NIP6(hao->addr));
227 goto discard;
228 }
229
230 ret = xfrm6_input_addr(skb, (xfrm_address_t *)&ipv6h->daddr,
231 (xfrm_address_t *)&hao->addr, IPPROTO_DSTOPTS);
232 if (unlikely(ret < 0))
233 goto discard;
234
235 if (skb_cloned(skb)) {
236 struct sk_buff *skb2 = skb_copy(skb, GFP_ATOMIC);
237 struct inet6_skb_parm *opt2;
238
239 if (skb2 == NULL)
240 goto discard;
241
242 opt2 = IP6CB(skb2);
243 memcpy(opt2, opt, sizeof(*opt2));
244
245 kfree_skb(skb);
246
247 /* update all variable using below by copied skbuff */
248 *skbp = skb = skb2;
249 hao = (struct ipv6_destopt_hao *)(skb_network_header(skb2) +
250 optoff);
251 ipv6h = ipv6_hdr(skb2);
252 }
253
254 if (skb->ip_summed == CHECKSUM_COMPLETE)
255 skb->ip_summed = CHECKSUM_NONE;
256
257 ipv6_addr_copy(&tmp_addr, &ipv6h->saddr);
258 ipv6_addr_copy(&ipv6h->saddr, &hao->addr);
259 ipv6_addr_copy(&hao->addr, &tmp_addr);
260
261 if (skb->tstamp.tv64 == 0)
262 __net_timestamp(skb);
263
264 return 1;
265
266 discard:
267 kfree_skb(skb);
268 return 0;
269 }
270 #endif
271
272 static struct tlvtype_proc tlvprocdestopt_lst[] = {
273 #ifdef CONFIG_IPV6_MIP6
274 {
275 .type = IPV6_TLV_HAO,
276 .func = ipv6_dest_hao,
277 },
278 #endif
279 {-1, NULL}
280 };
281
282 static int ipv6_destopt_rcv(struct sk_buff **skbp)
283 {
284 struct sk_buff *skb = *skbp;
285 struct inet6_skb_parm *opt = IP6CB(skb);
286 #ifdef CONFIG_IPV6_MIP6
287 __u16 dstbuf;
288 #endif
289 struct dst_entry *dst;
290
291 if (!pskb_may_pull(skb, (skb->h.raw-skb->data)+8) ||
292 !pskb_may_pull(skb, (skb->h.raw-skb->data)+((skb->h.raw[1]+1)<<3))) {
293 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
294 IPSTATS_MIB_INHDRERRORS);
295 kfree_skb(skb);
296 return -1;
297 }
298
299 opt->lastopt = skb->h.raw - skb->nh.raw;
300 opt->dst1 = skb->h.raw - skb->nh.raw;
301 #ifdef CONFIG_IPV6_MIP6
302 dstbuf = opt->dst1;
303 #endif
304
305 dst = dst_clone(skb->dst);
306 if (ip6_parse_tlv(tlvprocdestopt_lst, skbp)) {
307 dst_release(dst);
308 skb = *skbp;
309 skb->h.raw += ((skb->h.raw[1]+1)<<3);
310 opt = IP6CB(skb);
311 #ifdef CONFIG_IPV6_MIP6
312 opt->nhoff = dstbuf;
313 #else
314 opt->nhoff = opt->dst1;
315 #endif
316 return 1;
317 }
318
319 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS);
320 dst_release(dst);
321 return -1;
322 }
323
324 static struct inet6_protocol destopt_protocol = {
325 .handler = ipv6_destopt_rcv,
326 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_GSO_EXTHDR,
327 };
328
329 void __init ipv6_destopt_init(void)
330 {
331 if (inet6_add_protocol(&destopt_protocol, IPPROTO_DSTOPTS) < 0)
332 printk(KERN_ERR "ipv6_destopt_init: Could not register protocol\n");
333 }
334
335 /********************************
336 NONE header. No data in packet.
337 ********************************/
338
339 static int ipv6_nodata_rcv(struct sk_buff **skbp)
340 {
341 struct sk_buff *skb = *skbp;
342
343 kfree_skb(skb);
344 return 0;
345 }
346
347 static struct inet6_protocol nodata_protocol = {
348 .handler = ipv6_nodata_rcv,
349 .flags = INET6_PROTO_NOPOLICY,
350 };
351
352 void __init ipv6_nodata_init(void)
353 {
354 if (inet6_add_protocol(&nodata_protocol, IPPROTO_NONE) < 0)
355 printk(KERN_ERR "ipv6_nodata_init: Could not register protocol\n");
356 }
357
358 /********************************
359 Routing header.
360 ********************************/
361
362 static int ipv6_rthdr_rcv(struct sk_buff **skbp)
363 {
364 struct sk_buff *skb = *skbp;
365 struct inet6_skb_parm *opt = IP6CB(skb);
366 struct in6_addr *addr = NULL;
367 struct in6_addr daddr;
368 struct inet6_dev *idev;
369 int n, i;
370 struct ipv6_rt_hdr *hdr;
371 struct rt0_hdr *rthdr;
372 int accept_source_route = ipv6_devconf.accept_source_route;
373
374 if (accept_source_route < 0 ||
375 ((idev = in6_dev_get(skb->dev)) == NULL)) {
376 kfree_skb(skb);
377 return -1;
378 }
379 if (idev->cnf.accept_source_route < 0) {
380 in6_dev_put(idev);
381 kfree_skb(skb);
382 return -1;
383 }
384
385 if (accept_source_route > idev->cnf.accept_source_route)
386 accept_source_route = idev->cnf.accept_source_route;
387
388 in6_dev_put(idev);
389
390 if (!pskb_may_pull(skb, (skb->h.raw-skb->data)+8) ||
391 !pskb_may_pull(skb, (skb->h.raw-skb->data)+((skb->h.raw[1]+1)<<3))) {
392 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
393 IPSTATS_MIB_INHDRERRORS);
394 kfree_skb(skb);
395 return -1;
396 }
397
398 hdr = (struct ipv6_rt_hdr *) skb->h.raw;
399
400 switch (hdr->type) {
401 #ifdef CONFIG_IPV6_MIP6
402 break;
403 #endif
404 case IPV6_SRCRT_TYPE_0:
405 if (accept_source_route > 0)
406 break;
407 kfree_skb(skb);
408 return -1;
409 default:
410 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
411 IPSTATS_MIB_INHDRERRORS);
412 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD,
413 (&hdr->type) - skb_network_header(skb));
414 return -1;
415 }
416
417 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) ||
418 skb->pkt_type != PACKET_HOST) {
419 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
420 IPSTATS_MIB_INADDRERRORS);
421 kfree_skb(skb);
422 return -1;
423 }
424
425 looped_back:
426 if (hdr->segments_left == 0) {
427 switch (hdr->type) {
428 #ifdef CONFIG_IPV6_MIP6
429 case IPV6_SRCRT_TYPE_2:
430 /* Silently discard type 2 header unless it was
431 * processed by own
432 */
433 if (!addr) {
434 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
435 IPSTATS_MIB_INADDRERRORS);
436 kfree_skb(skb);
437 return -1;
438 }
439 break;
440 #endif
441 default:
442 break;
443 }
444
445 opt->lastopt = skb->h.raw - skb->nh.raw;
446 opt->srcrt = skb->h.raw - skb->nh.raw;
447 skb->h.raw += (hdr->hdrlen + 1) << 3;
448 opt->dst0 = opt->dst1;
449 opt->dst1 = 0;
450 opt->nhoff = (&hdr->nexthdr) - skb_network_header(skb);
451 return 1;
452 }
453
454 switch (hdr->type) {
455 case IPV6_SRCRT_TYPE_0:
456 if (hdr->hdrlen & 0x01) {
457 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
458 IPSTATS_MIB_INHDRERRORS);
459 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD,
460 ((&hdr->hdrlen) -
461 skb_network_header(skb)));
462 return -1;
463 }
464 break;
465 #ifdef CONFIG_IPV6_MIP6
466 case IPV6_SRCRT_TYPE_2:
467 /* Silently discard invalid RTH type 2 */
468 if (hdr->hdrlen != 2 || hdr->segments_left != 1) {
469 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
470 IPSTATS_MIB_INHDRERRORS);
471 kfree_skb(skb);
472 return -1;
473 }
474 break;
475 #endif
476 }
477
478 /*
479 * This is the routing header forwarding algorithm from
480 * RFC 2460, page 16.
481 */
482
483 n = hdr->hdrlen >> 1;
484
485 if (hdr->segments_left > n) {
486 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
487 IPSTATS_MIB_INHDRERRORS);
488 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD,
489 ((&hdr->segments_left) -
490 skb_network_header(skb)));
491 return -1;
492 }
493
494 /* We are about to mangle packet header. Be careful!
495 Do not damage packets queued somewhere.
496 */
497 if (skb_cloned(skb)) {
498 struct sk_buff *skb2 = skb_copy(skb, GFP_ATOMIC);
499 /* the copy is a forwarded packet */
500 if (skb2 == NULL) {
501 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
502 IPSTATS_MIB_OUTDISCARDS);
503 kfree_skb(skb);
504 return -1;
505 }
506 kfree_skb(skb);
507 *skbp = skb = skb2;
508 opt = IP6CB(skb2);
509 hdr = (struct ipv6_rt_hdr *) skb2->h.raw;
510 }
511
512 if (skb->ip_summed == CHECKSUM_COMPLETE)
513 skb->ip_summed = CHECKSUM_NONE;
514
515 i = n - --hdr->segments_left;
516
517 rthdr = (struct rt0_hdr *) hdr;
518 addr = rthdr->addr;
519 addr += i - 1;
520
521 switch (hdr->type) {
522 #ifdef CONFIG_IPV6_MIP6
523 case IPV6_SRCRT_TYPE_2:
524 if (xfrm6_input_addr(skb, (xfrm_address_t *)addr,
525 (xfrm_address_t *)&ipv6_hdr(skb)->saddr,
526 IPPROTO_ROUTING) < 0) {
527 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
528 IPSTATS_MIB_INADDRERRORS);
529 kfree_skb(skb);
530 return -1;
531 }
532 if (!ipv6_chk_home_addr(addr)) {
533 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
534 IPSTATS_MIB_INADDRERRORS);
535 kfree_skb(skb);
536 return -1;
537 }
538 break;
539 #endif
540 default:
541 break;
542 }
543
544 if (ipv6_addr_is_multicast(addr)) {
545 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
546 IPSTATS_MIB_INADDRERRORS);
547 kfree_skb(skb);
548 return -1;
549 }
550
551 ipv6_addr_copy(&daddr, addr);
552 ipv6_addr_copy(addr, &ipv6_hdr(skb)->daddr);
553 ipv6_addr_copy(&ipv6_hdr(skb)->daddr, &daddr);
554
555 dst_release(xchg(&skb->dst, NULL));
556 ip6_route_input(skb);
557 if (skb->dst->error) {
558 skb_push(skb, skb->data - skb_network_header(skb));
559 dst_input(skb);
560 return -1;
561 }
562
563 if (skb->dst->dev->flags&IFF_LOOPBACK) {
564 if (ipv6_hdr(skb)->hop_limit <= 1) {
565 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
566 IPSTATS_MIB_INHDRERRORS);
567 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
568 0, skb->dev);
569 kfree_skb(skb);
570 return -1;
571 }
572 ipv6_hdr(skb)->hop_limit--;
573 goto looped_back;
574 }
575
576 skb_push(skb, skb->data - skb_network_header(skb));
577 dst_input(skb);
578 return -1;
579 }
580
581 static struct inet6_protocol rthdr_protocol = {
582 .handler = ipv6_rthdr_rcv,
583 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_GSO_EXTHDR,
584 };
585
586 void __init ipv6_rthdr_init(void)
587 {
588 if (inet6_add_protocol(&rthdr_protocol, IPPROTO_ROUTING) < 0)
589 printk(KERN_ERR "ipv6_rthdr_init: Could not register protocol\n");
590 };
591
592 /*
593 This function inverts received rthdr.
594 NOTE: specs allow to make it automatically only if
595 packet authenticated.
596
597 I will not discuss it here (though, I am really pissed off at
598 this stupid requirement making rthdr idea useless)
599
600 Actually, it creates severe problems for us.
601 Embryonic requests has no associated sockets,
602 so that user have no control over it and
603 cannot not only to set reply options, but
604 even to know, that someone wants to connect
605 without success. :-(
606
607 For now we need to test the engine, so that I created
608 temporary (or permanent) backdoor.
609 If listening socket set IPV6_RTHDR to 2, then we invert header.
610 --ANK (980729)
611 */
612
613 struct ipv6_txoptions *
614 ipv6_invert_rthdr(struct sock *sk, struct ipv6_rt_hdr *hdr)
615 {
616 /* Received rthdr:
617
618 [ H1 -> H2 -> ... H_prev ] daddr=ME
619
620 Inverted result:
621 [ H_prev -> ... -> H1 ] daddr =sender
622
623 Note, that IP output engine will rewrite this rthdr
624 by rotating it left by one addr.
625 */
626
627 int n, i;
628 struct rt0_hdr *rthdr = (struct rt0_hdr*)hdr;
629 struct rt0_hdr *irthdr;
630 struct ipv6_txoptions *opt;
631 int hdrlen = ipv6_optlen(hdr);
632
633 if (hdr->segments_left ||
634 hdr->type != IPV6_SRCRT_TYPE_0 ||
635 hdr->hdrlen & 0x01)
636 return NULL;
637
638 n = hdr->hdrlen >> 1;
639 opt = sock_kmalloc(sk, sizeof(*opt) + hdrlen, GFP_ATOMIC);
640 if (opt == NULL)
641 return NULL;
642 memset(opt, 0, sizeof(*opt));
643 opt->tot_len = sizeof(*opt) + hdrlen;
644 opt->srcrt = (void*)(opt+1);
645 opt->opt_nflen = hdrlen;
646
647 memcpy(opt->srcrt, hdr, sizeof(*hdr));
648 irthdr = (struct rt0_hdr*)opt->srcrt;
649 irthdr->reserved = 0;
650 opt->srcrt->segments_left = n;
651 for (i=0; i<n; i++)
652 memcpy(irthdr->addr+i, rthdr->addr+(n-1-i), 16);
653 return opt;
654 }
655
656 EXPORT_SYMBOL_GPL(ipv6_invert_rthdr);
657
658 /**********************************
659 Hop-by-hop options.
660 **********************************/
661
662 /* Router Alert as of RFC 2711 */
663
664 static int ipv6_hop_ra(struct sk_buff **skbp, int optoff)
665 {
666 struct sk_buff *skb = *skbp;
667 const unsigned char *nh = skb_network_header(skb);
668
669 if (nh[optoff + 1] == 2) {
670 IP6CB(skb)->ra = optoff;
671 return 1;
672 }
673 LIMIT_NETDEBUG(KERN_DEBUG "ipv6_hop_ra: wrong RA length %d\n",
674 nh[optoff + 1]);
675 kfree_skb(skb);
676 return 0;
677 }
678
679 /* Jumbo payload */
680
681 static int ipv6_hop_jumbo(struct sk_buff **skbp, int optoff)
682 {
683 struct sk_buff *skb = *skbp;
684 const unsigned char *nh = skb_network_header(skb);
685 u32 pkt_len;
686
687 if (nh[optoff + 1] != 4 || (optoff & 3) != 2) {
688 LIMIT_NETDEBUG(KERN_DEBUG "ipv6_hop_jumbo: wrong jumbo opt length/alignment %d\n",
689 nh[optoff+1]);
690 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
691 IPSTATS_MIB_INHDRERRORS);
692 goto drop;
693 }
694
695 pkt_len = ntohl(*(__be32 *)(nh + optoff + 2));
696 if (pkt_len <= IPV6_MAXPLEN) {
697 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), IPSTATS_MIB_INHDRERRORS);
698 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff+2);
699 return 0;
700 }
701 if (ipv6_hdr(skb)->payload_len) {
702 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), IPSTATS_MIB_INHDRERRORS);
703 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff);
704 return 0;
705 }
706
707 if (pkt_len > skb->len - sizeof(struct ipv6hdr)) {
708 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), IPSTATS_MIB_INTRUNCATEDPKTS);
709 goto drop;
710 }
711
712 if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr)))
713 goto drop;
714
715 return 1;
716
717 drop:
718 kfree_skb(skb);
719 return 0;
720 }
721
722 static struct tlvtype_proc tlvprochopopt_lst[] = {
723 {
724 .type = IPV6_TLV_ROUTERALERT,
725 .func = ipv6_hop_ra,
726 },
727 {
728 .type = IPV6_TLV_JUMBO,
729 .func = ipv6_hop_jumbo,
730 },
731 { -1, }
732 };
733
734 int ipv6_parse_hopopts(struct sk_buff **skbp)
735 {
736 struct sk_buff *skb = *skbp;
737 struct inet6_skb_parm *opt = IP6CB(skb);
738
739 /*
740 * skb_network_header(skb) is equal to skb->data, and
741 * skb->h.raw - skb->nh.raw is always equal to
742 * sizeof(struct ipv6hdr) by definition of
743 * hop-by-hop options.
744 */
745 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr) + 8) ||
746 !pskb_may_pull(skb, sizeof(struct ipv6hdr) + ((skb->h.raw[1] + 1) << 3))) {
747 kfree_skb(skb);
748 return -1;
749 }
750
751 opt->hop = sizeof(struct ipv6hdr);
752 if (ip6_parse_tlv(tlvprochopopt_lst, skbp)) {
753 skb = *skbp;
754 skb->h.raw += (skb->h.raw[1]+1)<<3;
755 opt = IP6CB(skb);
756 opt->nhoff = sizeof(struct ipv6hdr);
757 return 1;
758 }
759 return -1;
760 }
761
762 /*
763 * Creating outbound headers.
764 *
765 * "build" functions work when skb is filled from head to tail (datagram)
766 * "push" functions work when headers are added from tail to head (tcp)
767 *
768 * In both cases we assume, that caller reserved enough room
769 * for headers.
770 */
771
772 static void ipv6_push_rthdr(struct sk_buff *skb, u8 *proto,
773 struct ipv6_rt_hdr *opt,
774 struct in6_addr **addr_p)
775 {
776 struct rt0_hdr *phdr, *ihdr;
777 int hops;
778
779 ihdr = (struct rt0_hdr *) opt;
780
781 phdr = (struct rt0_hdr *) skb_push(skb, (ihdr->rt_hdr.hdrlen + 1) << 3);
782 memcpy(phdr, ihdr, sizeof(struct rt0_hdr));
783
784 hops = ihdr->rt_hdr.hdrlen >> 1;
785
786 if (hops > 1)
787 memcpy(phdr->addr, ihdr->addr + 1,
788 (hops - 1) * sizeof(struct in6_addr));
789
790 ipv6_addr_copy(phdr->addr + (hops - 1), *addr_p);
791 *addr_p = ihdr->addr;
792
793 phdr->rt_hdr.nexthdr = *proto;
794 *proto = NEXTHDR_ROUTING;
795 }
796
797 static void ipv6_push_exthdr(struct sk_buff *skb, u8 *proto, u8 type, struct ipv6_opt_hdr *opt)
798 {
799 struct ipv6_opt_hdr *h = (struct ipv6_opt_hdr *)skb_push(skb, ipv6_optlen(opt));
800
801 memcpy(h, opt, ipv6_optlen(opt));
802 h->nexthdr = *proto;
803 *proto = type;
804 }
805
806 void ipv6_push_nfrag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt,
807 u8 *proto,
808 struct in6_addr **daddr)
809 {
810 if (opt->srcrt) {
811 ipv6_push_rthdr(skb, proto, opt->srcrt, daddr);
812 /*
813 * IPV6_RTHDRDSTOPTS is ignored
814 * unless IPV6_RTHDR is set (RFC3542).
815 */
816 if (opt->dst0opt)
817 ipv6_push_exthdr(skb, proto, NEXTHDR_DEST, opt->dst0opt);
818 }
819 if (opt->hopopt)
820 ipv6_push_exthdr(skb, proto, NEXTHDR_HOP, opt->hopopt);
821 }
822
823 EXPORT_SYMBOL(ipv6_push_nfrag_opts);
824
825 void ipv6_push_frag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt, u8 *proto)
826 {
827 if (opt->dst1opt)
828 ipv6_push_exthdr(skb, proto, NEXTHDR_DEST, opt->dst1opt);
829 }
830
831 struct ipv6_txoptions *
832 ipv6_dup_options(struct sock *sk, struct ipv6_txoptions *opt)
833 {
834 struct ipv6_txoptions *opt2;
835
836 opt2 = sock_kmalloc(sk, opt->tot_len, GFP_ATOMIC);
837 if (opt2) {
838 long dif = (char*)opt2 - (char*)opt;
839 memcpy(opt2, opt, opt->tot_len);
840 if (opt2->hopopt)
841 *((char**)&opt2->hopopt) += dif;
842 if (opt2->dst0opt)
843 *((char**)&opt2->dst0opt) += dif;
844 if (opt2->dst1opt)
845 *((char**)&opt2->dst1opt) += dif;
846 if (opt2->srcrt)
847 *((char**)&opt2->srcrt) += dif;
848 }
849 return opt2;
850 }
851
852 EXPORT_SYMBOL_GPL(ipv6_dup_options);
853
854 static int ipv6_renew_option(void *ohdr,
855 struct ipv6_opt_hdr __user *newopt, int newoptlen,
856 int inherit,
857 struct ipv6_opt_hdr **hdr,
858 char **p)
859 {
860 if (inherit) {
861 if (ohdr) {
862 memcpy(*p, ohdr, ipv6_optlen((struct ipv6_opt_hdr *)ohdr));
863 *hdr = (struct ipv6_opt_hdr *)*p;
864 *p += CMSG_ALIGN(ipv6_optlen(*(struct ipv6_opt_hdr **)hdr));
865 }
866 } else {
867 if (newopt) {
868 if (copy_from_user(*p, newopt, newoptlen))
869 return -EFAULT;
870 *hdr = (struct ipv6_opt_hdr *)*p;
871 if (ipv6_optlen(*(struct ipv6_opt_hdr **)hdr) > newoptlen)
872 return -EINVAL;
873 *p += CMSG_ALIGN(newoptlen);
874 }
875 }
876 return 0;
877 }
878
879 struct ipv6_txoptions *
880 ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt,
881 int newtype,
882 struct ipv6_opt_hdr __user *newopt, int newoptlen)
883 {
884 int tot_len = 0;
885 char *p;
886 struct ipv6_txoptions *opt2;
887 int err;
888
889 if (opt) {
890 if (newtype != IPV6_HOPOPTS && opt->hopopt)
891 tot_len += CMSG_ALIGN(ipv6_optlen(opt->hopopt));
892 if (newtype != IPV6_RTHDRDSTOPTS && opt->dst0opt)
893 tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst0opt));
894 if (newtype != IPV6_RTHDR && opt->srcrt)
895 tot_len += CMSG_ALIGN(ipv6_optlen(opt->srcrt));
896 if (newtype != IPV6_DSTOPTS && opt->dst1opt)
897 tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst1opt));
898 }
899
900 if (newopt && newoptlen)
901 tot_len += CMSG_ALIGN(newoptlen);
902
903 if (!tot_len)
904 return NULL;
905
906 tot_len += sizeof(*opt2);
907 opt2 = sock_kmalloc(sk, tot_len, GFP_ATOMIC);
908 if (!opt2)
909 return ERR_PTR(-ENOBUFS);
910
911 memset(opt2, 0, tot_len);
912
913 opt2->tot_len = tot_len;
914 p = (char *)(opt2 + 1);
915
916 err = ipv6_renew_option(opt ? opt->hopopt : NULL, newopt, newoptlen,
917 newtype != IPV6_HOPOPTS,
918 &opt2->hopopt, &p);
919 if (err)
920 goto out;
921
922 err = ipv6_renew_option(opt ? opt->dst0opt : NULL, newopt, newoptlen,
923 newtype != IPV6_RTHDRDSTOPTS,
924 &opt2->dst0opt, &p);
925 if (err)
926 goto out;
927
928 err = ipv6_renew_option(opt ? opt->srcrt : NULL, newopt, newoptlen,
929 newtype != IPV6_RTHDR,
930 (struct ipv6_opt_hdr **)&opt2->srcrt, &p);
931 if (err)
932 goto out;
933
934 err = ipv6_renew_option(opt ? opt->dst1opt : NULL, newopt, newoptlen,
935 newtype != IPV6_DSTOPTS,
936 &opt2->dst1opt, &p);
937 if (err)
938 goto out;
939
940 opt2->opt_nflen = (opt2->hopopt ? ipv6_optlen(opt2->hopopt) : 0) +
941 (opt2->dst0opt ? ipv6_optlen(opt2->dst0opt) : 0) +
942 (opt2->srcrt ? ipv6_optlen(opt2->srcrt) : 0);
943 opt2->opt_flen = (opt2->dst1opt ? ipv6_optlen(opt2->dst1opt) : 0);
944
945 return opt2;
946 out:
947 sock_kfree_s(sk, opt2, opt2->tot_len);
948 return ERR_PTR(err);
949 }
950
951 struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space,
952 struct ipv6_txoptions *opt)
953 {
954 /*
955 * ignore the dest before srcrt unless srcrt is being included.
956 * --yoshfuji
957 */
958 if (opt && opt->dst0opt && !opt->srcrt) {
959 if (opt_space != opt) {
960 memcpy(opt_space, opt, sizeof(*opt_space));
961 opt = opt_space;
962 }
963 opt->opt_nflen -= ipv6_optlen(opt->dst0opt);
964 opt->dst0opt = NULL;
965 }
966
967 return opt;
968 }
969
Ubuntu Jammy Linux kernel mirror