1/* 2 * Extension Header handling for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Andi Kleen <ak@muc.de> 8 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 9 * 10 * $Id: exthdrs.c,v 1.1.1.1 2007/08/03 18:53:52 Exp $ 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; either version 15 * 2 of the License, or (at your option) any later version. 16 */ 17 18/* Changes: 19 * yoshfuji : ensure not to overrun while parsing 20 * tlv options. 21 * Mitsuru KANDA @USAGI and: Remove ipv6_parse_exthdrs(). 22 * YOSHIFUJI Hideaki @USAGI Register inbound extension header 23 * handlers as inet6_protocol{}. 24 */ 25 26#include <linux/errno.h> 27#include <linux/types.h> 28#include <linux/socket.h> 29#include <linux/sockios.h> 30#include <linux/net.h> 31#include <linux/netdevice.h> 32#include <linux/in6.h> 33#include <linux/icmpv6.h> 34 35#include <net/sock.h> 36#include <net/snmp.h> 37 38#include <net/ipv6.h> 39#include <net/protocol.h> 40#include <net/transp_v6.h> 41#include <net/rawv6.h> 42#include <net/ndisc.h> 43#include <net/ip6_route.h> 44#include <net/addrconf.h> 45#ifdef CONFIG_IPV6_MIP6 46#include <net/xfrm.h> 47#endif 48 49#include <asm/uaccess.h> 50 51int ipv6_find_tlv(struct sk_buff *skb, int offset, int type) 52{ 53 const unsigned char *nh = skb_network_header(skb); 54 int packet_len = skb->tail - skb->network_header; 55 struct ipv6_opt_hdr *hdr; 56 int len; 57 58 if (offset + 2 > packet_len) 59 goto bad; 60 hdr = (struct ipv6_opt_hdr *)(nh + offset); 61 len = ((hdr->hdrlen + 1) << 3); 62 63 if (offset + len > packet_len) 64 goto bad; 65 66 offset += 2; 67 len -= 2; 68 69 while (len > 0) { 70 int opttype = nh[offset]; 71 int optlen; 72 73 if (opttype == type) 74 return offset; 75 76 switch (opttype) { 77 case IPV6_TLV_PAD0: 78 optlen = 1; 79 break; 80 default: 81 optlen = nh[offset + 1] + 2; 82 if (optlen > len) 83 goto bad; 84 break; 85 } 86 offset += optlen; 87 len -= optlen; 88 } 89 /* not_found */ 90 bad: 91 return -1; 92} 93 94/* 95 * Parsing tlv encoded headers. 96 * 97 * Parsing function "func" returns 1, if parsing succeed 98 * and 0, if it failed. 99 * It MUST NOT touch skb->h. 100 */ 101 102struct tlvtype_proc { 103 int type; 104 int (*func)(struct sk_buff **skbp, int offset); 105}; 106 107/********************* 108 Generic functions 109 *********************/ 110 111/* An unknown option is detected, decide what to do */ 112 113static int ip6_tlvopt_unknown(struct sk_buff **skbp, int optoff) 114{ 115 struct sk_buff *skb = *skbp; 116 117 switch ((skb_network_header(skb)[optoff] & 0xC0) >> 6) { 118 case 0: /* ignore */ 119 return 1; 120 121 case 1: /* drop packet */ 122 break; 123 124 case 3: /* Send ICMP if not a multicast address and drop packet */ 125 /* Actually, it is redundant check. icmp_send 126 will recheck in any case. 127 */ 128 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) 129 break; 130 case 2: /* send ICMP PARM PROB regardless and drop packet */ 131 icmpv6_param_prob(skb, ICMPV6_UNK_OPTION, optoff); 132 return 0; 133 } 134 135 kfree_skb(skb); 136 return 0; 137} 138 139/* Parse tlv encoded option header (hop-by-hop or destination) */ 140 141static int ip6_parse_tlv(struct tlvtype_proc *procs, struct sk_buff **skbp) 142{ 143 struct sk_buff *skb = *skbp; 144 struct tlvtype_proc *curr; 145 const unsigned char *nh = skb_network_header(skb); 146 int off = skb_network_header_len(skb); 147 int len = (skb_transport_header(skb)[1] + 1) << 3; 148 149 if (skb_transport_offset(skb) + len > skb_headlen(skb)) 150 goto bad; 151 152 off += 2; 153 len -= 2; 154 155 while (len > 0) { 156 int optlen = nh[off + 1] + 2; 157 158 switch (nh[off]) { 159 case IPV6_TLV_PAD0: 160 optlen = 1; 161 break; 162 163 case IPV6_TLV_PADN: 164 break; 165 166 default: /* Other TLV code so scan list */ 167 if (optlen > len) 168 goto bad; 169 for (curr=procs; curr->type >= 0; curr++) { 170 if (curr->type == nh[off]) { 171 /* type specific length/alignment 172 checks will be performed in the 173 func(). */ 174 if (curr->func(skbp, off) == 0) 175 return 0; 176 break; 177 } 178 } 179 if (curr->type < 0) { 180 if (ip6_tlvopt_unknown(skbp, off) == 0) 181 return 0; 182 } 183 break; 184 } 185 off += optlen; 186 len -= optlen; 187 } 188 if (len == 0) 189 return 1; 190bad: 191 kfree_skb(skb); 192 return 0; 193} 194 195/***************************** 196 Destination options header. 197 *****************************/ 198 199#ifdef CONFIG_IPV6_MIP6 200static int ipv6_dest_hao(struct sk_buff **skbp, int optoff) 201{ 202 struct sk_buff *skb = *skbp; 203 struct ipv6_destopt_hao *hao; 204 struct inet6_skb_parm *opt = IP6CB(skb); 205 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 206 struct in6_addr tmp_addr; 207 int ret; 208 209 if (opt->dsthao) { 210 LIMIT_NETDEBUG(KERN_DEBUG "hao duplicated\n"); 211 goto discard; 212 } 213 opt->dsthao = opt->dst1; 214 opt->dst1 = 0; 215 216 hao = (struct ipv6_destopt_hao *)(skb_network_header(skb) + optoff); 217 218 if (hao->length != 16) { 219 LIMIT_NETDEBUG( 220 KERN_DEBUG "hao invalid option length = %d\n", hao->length); 221 goto discard; 222 } 223 224 if (!(ipv6_addr_type(&hao->addr) & IPV6_ADDR_UNICAST)) { 225 LIMIT_NETDEBUG( 226 KERN_DEBUG "hao is not an unicast addr: " NIP6_FMT "\n", NIP6(hao->addr)); 227 goto discard; 228 } 229 230 ret = xfrm6_input_addr(skb, (xfrm_address_t *)&ipv6h->daddr, 231 (xfrm_address_t *)&hao->addr, IPPROTO_DSTOPTS); 232 if (unlikely(ret < 0)) 233 goto discard; 234 235 if (skb_cloned(skb)) { 236 struct sk_buff *skb2 = skb_copy(skb, GFP_ATOMIC); 237 struct inet6_skb_parm *opt2; 238 239 if (skb2 == NULL) 240 goto discard; 241 242 opt2 = IP6CB(skb2); 243 memcpy(opt2, opt, sizeof(*opt2)); 244 245 kfree_skb(skb); 246 247 /* update all variable using below by copied skbuff */ 248 *skbp = skb = skb2; 249 hao = (struct ipv6_destopt_hao *)(skb_network_header(skb2) + 250 optoff); 251 ipv6h = ipv6_hdr(skb2); 252 } 253 254 if (skb->ip_summed == CHECKSUM_COMPLETE) 255 skb->ip_summed = CHECKSUM_NONE; 256 257 ipv6_addr_copy(&tmp_addr, &ipv6h->saddr); 258 ipv6_addr_copy(&ipv6h->saddr, &hao->addr); 259 ipv6_addr_copy(&hao->addr, &tmp_addr); 260 261 if (skb->tstamp.tv64 == 0) 262 __net_timestamp(skb); 263 264 return 1; 265 266 discard: 267 kfree_skb(skb); 268 return 0; 269} 270#endif 271 272static struct tlvtype_proc tlvprocdestopt_lst[] = { 273#ifdef CONFIG_IPV6_MIP6 274 { 275 .type = IPV6_TLV_HAO, 276 .func = ipv6_dest_hao, 277 }, 278#endif 279 {-1, NULL} 280}; 281 282static int ipv6_destopt_rcv(struct sk_buff **skbp) 283{ 284 struct sk_buff *skb = *skbp; 285 struct inet6_skb_parm *opt = IP6CB(skb); 286#ifdef CONFIG_IPV6_MIP6 287 __u16 dstbuf; 288#endif 289 struct dst_entry *dst; 290 291 if (!pskb_may_pull(skb, skb_transport_offset(skb) + 8) || 292 !pskb_may_pull(skb, (skb_transport_offset(skb) + 293 ((skb_transport_header(skb)[1] + 1) << 3)))) { 294 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 295 IPSTATS_MIB_INHDRERRORS); 296 kfree_skb(skb); 297 return -1; 298 } 299 300 opt->lastopt = opt->dst1 = skb_network_header_len(skb); 301#ifdef CONFIG_IPV6_MIP6 302 dstbuf = opt->dst1; 303#endif 304 305 dst = dst_clone(skb->dst); 306 if (ip6_parse_tlv(tlvprocdestopt_lst, skbp)) { 307 dst_release(dst); 308 skb = *skbp; 309 skb->transport_header += (skb_transport_header(skb)[1] + 1) << 3; 310 opt = IP6CB(skb); 311#ifdef CONFIG_IPV6_MIP6 312 opt->nhoff = dstbuf; 313#else 314 opt->nhoff = opt->dst1; 315#endif 316 return 1; 317 } 318 319 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS); 320 dst_release(dst); 321 return -1; 322} 323 324static struct inet6_protocol destopt_protocol = { 325 .handler = ipv6_destopt_rcv, 326 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_GSO_EXTHDR, 327}; 328 329void __init ipv6_destopt_init(void) 330{ 331 if (inet6_add_protocol(&destopt_protocol, IPPROTO_DSTOPTS) < 0) 332 printk(KERN_ERR "ipv6_destopt_init: Could not register protocol\n"); 333} 334 335/******************************** 336 NONE header. No data in packet. 337 ********************************/ 338 339static int ipv6_nodata_rcv(struct sk_buff **skbp) 340{ 341 struct sk_buff *skb = *skbp; 342 343 kfree_skb(skb); 344 return 0; 345} 346 347static struct inet6_protocol nodata_protocol = { 348 .handler = ipv6_nodata_rcv, 349 .flags = INET6_PROTO_NOPOLICY, 350}; 351 352void __init ipv6_nodata_init(void) 353{ 354 if (inet6_add_protocol(&nodata_protocol, IPPROTO_NONE) < 0) 355 printk(KERN_ERR "ipv6_nodata_init: Could not register protocol\n"); 356} 357 358/******************************** 359 Routing header. 360 ********************************/ 361 362static int ipv6_rthdr_rcv(struct sk_buff **skbp) 363{ 364 struct sk_buff *skb = *skbp; 365 struct inet6_skb_parm *opt = IP6CB(skb); 366 struct in6_addr *addr = NULL; 367 struct in6_addr daddr; 368 struct inet6_dev *idev; 369 int n, i; 370 struct ipv6_rt_hdr *hdr; 371 struct rt0_hdr *rthdr; 372 int accept_source_route = ipv6_devconf.accept_source_route; 373 374 if (accept_source_route < 0 || 375 ((idev = in6_dev_get(skb->dev)) == NULL)) { 376 kfree_skb(skb); 377 return -1; 378 } 379 if (idev->cnf.accept_source_route < 0) { 380 in6_dev_put(idev); 381 kfree_skb(skb); 382 return -1; 383 } 384 385 if (accept_source_route > idev->cnf.accept_source_route) 386 accept_source_route = idev->cnf.accept_source_route; 387 388 in6_dev_put(idev); 389 390 if (!pskb_may_pull(skb, skb_transport_offset(skb) + 8) || 391 !pskb_may_pull(skb, (skb_transport_offset(skb) + 392 ((skb_transport_header(skb)[1] + 1) << 3)))) { 393 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 394 IPSTATS_MIB_INHDRERRORS); 395 kfree_skb(skb); 396 return -1; 397 } 398 399 hdr = (struct ipv6_rt_hdr *)skb_transport_header(skb); 400 401 switch (hdr->type) { 402#ifdef CONFIG_IPV6_MIP6 403 case IPV6_SRCRT_TYPE_2: 404 break; 405#endif 406 case IPV6_SRCRT_TYPE_0: 407#if 0 /* IPv6Ready- Test v6LC.1.2.10 Part B: Unrecognized Routing Type 0 408 * RFC 5095: Deprecation of Type 0 Routing Headers in IPv6 409 */ 410 if (accept_source_route > 0) 411 break; 412 kfree_skb(skb); 413 return -1; 414#endif 415 default: 416#if 1 /* IPv6Ready- Test v6LC.1.2.9 Part A: Unrecognized Routing Type 33 417 * RFC 2460: Internet Protocol, Version 6 (IPv6) Specification 418 */ 419 if (hdr->segments_left == 0) 420 { 421 if (accept_source_route > 0) 422 break; 423 kfree_skb(skb); 424 return -1; 425 } 426#endif 427 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 428 IPSTATS_MIB_INHDRERRORS); 429 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, 430 (&hdr->type) - skb_network_header(skb)); 431 return -1; 432 } 433 434 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) || 435 skb->pkt_type != PACKET_HOST) { 436 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 437 IPSTATS_MIB_INADDRERRORS); 438 kfree_skb(skb); 439 return -1; 440 } 441 442looped_back: 443 if (hdr->segments_left == 0) { 444 switch (hdr->type) { 445#ifdef CONFIG_IPV6_MIP6 446 case IPV6_SRCRT_TYPE_2: 447 /* Silently discard type 2 header unless it was 448 * processed by own 449 */ 450 if (!addr) { 451 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 452 IPSTATS_MIB_INADDRERRORS); 453 kfree_skb(skb); 454 return -1; 455 } 456 break; 457#endif 458 default: 459 break; 460 } 461 462 opt->lastopt = opt->srcrt = skb_network_header_len(skb); 463 skb->transport_header += (hdr->hdrlen + 1) << 3; 464 opt->dst0 = opt->dst1; 465 opt->dst1 = 0; 466 opt->nhoff = (&hdr->nexthdr) - skb_network_header(skb); 467 return 1; 468 } 469 470 switch (hdr->type) { 471 case IPV6_SRCRT_TYPE_0: 472 if (hdr->hdrlen & 0x01) { 473 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 474 IPSTATS_MIB_INHDRERRORS); 475 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, 476 ((&hdr->hdrlen) - 477 skb_network_header(skb))); 478 return -1; 479 } 480 break; 481#ifdef CONFIG_IPV6_MIP6 482 case IPV6_SRCRT_TYPE_2: 483 /* Silently discard invalid RTH type 2 */ 484 if (hdr->hdrlen != 2 || hdr->segments_left != 1) { 485 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 486 IPSTATS_MIB_INHDRERRORS); 487 kfree_skb(skb); 488 return -1; 489 } 490 break; 491#endif 492 } 493 494 /* 495 * This is the routing header forwarding algorithm from 496 * RFC 2460, page 16. 497 */ 498 499 n = hdr->hdrlen >> 1; 500 501 if (hdr->segments_left > n) { 502 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 503 IPSTATS_MIB_INHDRERRORS); 504 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, 505 ((&hdr->segments_left) - 506 skb_network_header(skb))); 507 return -1; 508 } 509 510 /* We are about to mangle packet header. Be careful! 511 Do not damage packets queued somewhere. 512 */ 513 if (skb_cloned(skb)) { 514 struct sk_buff *skb2 = skb_copy(skb, GFP_ATOMIC); 515 /* the copy is a forwarded packet */ 516 if (skb2 == NULL) { 517 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 518 IPSTATS_MIB_OUTDISCARDS); 519 kfree_skb(skb); 520 return -1; 521 } 522 kfree_skb(skb); 523 *skbp = skb = skb2; 524 opt = IP6CB(skb2); 525 hdr = (struct ipv6_rt_hdr *)skb_transport_header(skb2); 526 } 527 528 if (skb->ip_summed == CHECKSUM_COMPLETE) 529 skb->ip_summed = CHECKSUM_NONE; 530 531 i = n - --hdr->segments_left; 532 533 rthdr = (struct rt0_hdr *) hdr; 534 addr = rthdr->addr; 535 addr += i - 1; 536 537 switch (hdr->type) { 538#ifdef CONFIG_IPV6_MIP6 539 case IPV6_SRCRT_TYPE_2: 540 if (xfrm6_input_addr(skb, (xfrm_address_t *)addr, 541 (xfrm_address_t *)&ipv6_hdr(skb)->saddr, 542 IPPROTO_ROUTING) < 0) { 543 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 544 IPSTATS_MIB_INADDRERRORS); 545 kfree_skb(skb); 546 return -1; 547 } 548 if (!ipv6_chk_home_addr(addr)) { 549 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 550 IPSTATS_MIB_INADDRERRORS); 551 kfree_skb(skb); 552 return -1; 553 } 554 break; 555#endif 556 default: 557 break; 558 } 559 560 if (ipv6_addr_is_multicast(addr)) { 561 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 562 IPSTATS_MIB_INADDRERRORS); 563 kfree_skb(skb); 564 return -1; 565 } 566 567 ipv6_addr_copy(&daddr, addr); 568 ipv6_addr_copy(addr, &ipv6_hdr(skb)->daddr); 569 ipv6_addr_copy(&ipv6_hdr(skb)->daddr, &daddr); 570 571 dst_release(xchg(&skb->dst, NULL)); 572 ip6_route_input(skb); 573 if (skb->dst->error) { 574 skb_push(skb, skb->data - skb_network_header(skb)); 575 dst_input(skb); 576 return -1; 577 } 578 579 if (skb->dst->dev->flags&IFF_LOOPBACK) { 580 if (ipv6_hdr(skb)->hop_limit <= 1) { 581 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 582 IPSTATS_MIB_INHDRERRORS); 583 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 584 0, skb->dev); 585 kfree_skb(skb); 586 return -1; 587 } 588 ipv6_hdr(skb)->hop_limit--; 589 goto looped_back; 590 } 591 592 skb_push(skb, skb->data - skb_network_header(skb)); 593 dst_input(skb); 594 return -1; 595} 596 597static struct inet6_protocol rthdr_protocol = { 598 .handler = ipv6_rthdr_rcv, 599 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_GSO_EXTHDR, 600}; 601 602void __init ipv6_rthdr_init(void) 603{ 604 if (inet6_add_protocol(&rthdr_protocol, IPPROTO_ROUTING) < 0) 605 printk(KERN_ERR "ipv6_rthdr_init: Could not register protocol\n"); 606}; 607 608/* 609 This function inverts received rthdr. 610 NOTE: specs allow to make it automatically only if 611 packet authenticated. 612 613 I will not discuss it here (though, I am really pissed off at 614 this stupid requirement making rthdr idea useless) 615 616 Actually, it creates severe problems for us. 617 Embryonic requests has no associated sockets, 618 so that user have no control over it and 619 cannot not only to set reply options, but 620 even to know, that someone wants to connect 621 without success. :-( 622 623 For now we need to test the engine, so that I created 624 temporary (or permanent) backdoor. 625 If listening socket set IPV6_RTHDR to 2, then we invert header. 626 --ANK (980729) 627 */ 628 629struct ipv6_txoptions * 630ipv6_invert_rthdr(struct sock *sk, struct ipv6_rt_hdr *hdr) 631{ 632 /* Received rthdr: 633 634 [ H1 -> H2 -> ... H_prev ] daddr=ME 635 636 Inverted result: 637 [ H_prev -> ... -> H1 ] daddr =sender 638 639 Note, that IP output engine will rewrite this rthdr 640 by rotating it left by one addr. 641 */ 642 643 int n, i; 644 struct rt0_hdr *rthdr = (struct rt0_hdr*)hdr; 645 struct rt0_hdr *irthdr; 646 struct ipv6_txoptions *opt; 647 int hdrlen = ipv6_optlen(hdr); 648 649 if (hdr->segments_left || 650 hdr->type != IPV6_SRCRT_TYPE_0 || 651 hdr->hdrlen & 0x01) 652 return NULL; 653 654 n = hdr->hdrlen >> 1; 655 opt = sock_kmalloc(sk, sizeof(*opt) + hdrlen, GFP_ATOMIC); 656 if (opt == NULL) 657 return NULL; 658 memset(opt, 0, sizeof(*opt)); 659 opt->tot_len = sizeof(*opt) + hdrlen; 660 opt->srcrt = (void*)(opt+1); 661 opt->opt_nflen = hdrlen; 662 663 memcpy(opt->srcrt, hdr, sizeof(*hdr)); 664 irthdr = (struct rt0_hdr*)opt->srcrt; 665 irthdr->reserved = 0; 666 opt->srcrt->segments_left = n; 667 for (i=0; i<n; i++) 668 memcpy(irthdr->addr+i, rthdr->addr+(n-1-i), 16); 669 return opt; 670} 671 672EXPORT_SYMBOL_GPL(ipv6_invert_rthdr); 673 674/********************************** 675 Hop-by-hop options. 676 **********************************/ 677 678/* 679 * Note: we cannot rely on skb->dst before we assign it in ip6_route_input(). 680 */ 681static inline struct inet6_dev *ipv6_skb_idev(struct sk_buff *skb) 682{ 683 return skb->dst ? ip6_dst_idev(skb->dst) : __in6_dev_get(skb->dev); 684} 685 686/* Router Alert as of RFC 2711 */ 687 688static int ipv6_hop_ra(struct sk_buff **skbp, int optoff) 689{ 690 struct sk_buff *skb = *skbp; 691 const unsigned char *nh = skb_network_header(skb); 692 693 if (nh[optoff + 1] == 2) { 694 IP6CB(skb)->ra = optoff; 695 return 1; 696 } 697 LIMIT_NETDEBUG(KERN_DEBUG "ipv6_hop_ra: wrong RA length %d\n", 698 nh[optoff + 1]); 699 kfree_skb(skb); 700 return 0; 701} 702 703/* Jumbo payload */ 704 705static int ipv6_hop_jumbo(struct sk_buff **skbp, int optoff) 706{ 707 struct sk_buff *skb = *skbp; 708 const unsigned char *nh = skb_network_header(skb); 709 u32 pkt_len; 710 711 if (nh[optoff + 1] != 4 || (optoff & 3) != 2) { 712 LIMIT_NETDEBUG(KERN_DEBUG "ipv6_hop_jumbo: wrong jumbo opt length/alignment %d\n", 713 nh[optoff+1]); 714 IP6_INC_STATS_BH(ipv6_skb_idev(skb), 715 IPSTATS_MIB_INHDRERRORS); 716 goto drop; 717 } 718 719 pkt_len = ntohl(*(__be32 *)(nh + optoff + 2)); 720 if (pkt_len <= IPV6_MAXPLEN) { 721 IP6_INC_STATS_BH(ipv6_skb_idev(skb), IPSTATS_MIB_INHDRERRORS); 722 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff+2); 723 return 0; 724 } 725 if (ipv6_hdr(skb)->payload_len) { 726 IP6_INC_STATS_BH(ipv6_skb_idev(skb), IPSTATS_MIB_INHDRERRORS); 727 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff); 728 return 0; 729 } 730 731 if (pkt_len > skb->len - sizeof(struct ipv6hdr)) { 732 IP6_INC_STATS_BH(ipv6_skb_idev(skb), IPSTATS_MIB_INTRUNCATEDPKTS); 733 goto drop; 734 } 735 736 if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr))) 737 goto drop; 738 739 return 1; 740 741drop: 742 kfree_skb(skb); 743 return 0; 744} 745 746static struct tlvtype_proc tlvprochopopt_lst[] = { 747 { 748 .type = IPV6_TLV_ROUTERALERT, 749 .func = ipv6_hop_ra, 750 }, 751 { 752 .type = IPV6_TLV_JUMBO, 753 .func = ipv6_hop_jumbo, 754 }, 755 { -1, } 756}; 757 758int ipv6_parse_hopopts(struct sk_buff **skbp) 759{ 760 struct sk_buff *skb = *skbp; 761 struct inet6_skb_parm *opt = IP6CB(skb); 762 763 /* 764 * skb_network_header(skb) is equal to skb->data, and 765 * skb_network_header_len(skb) is always equal to 766 * sizeof(struct ipv6hdr) by definition of 767 * hop-by-hop options. 768 */ 769 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr) + 8) || 770 !pskb_may_pull(skb, (sizeof(struct ipv6hdr) + 771 ((skb_transport_header(skb)[1] + 1) << 3)))) { 772 kfree_skb(skb); 773 return -1; 774 } 775 776 opt->hop = sizeof(struct ipv6hdr); 777 if (ip6_parse_tlv(tlvprochopopt_lst, skbp)) { 778 skb = *skbp; 779 skb->transport_header += (skb_transport_header(skb)[1] + 1) << 3; 780 opt = IP6CB(skb); 781 opt->nhoff = sizeof(struct ipv6hdr); 782 return 1; 783 } 784 return -1; 785} 786 787/* 788 * Creating outbound headers. 789 * 790 * "build" functions work when skb is filled from head to tail (datagram) 791 * "push" functions work when headers are added from tail to head (tcp) 792 * 793 * In both cases we assume, that caller reserved enough room 794 * for headers. 795 */ 796 797static void ipv6_push_rthdr(struct sk_buff *skb, u8 *proto, 798 struct ipv6_rt_hdr *opt, 799 struct in6_addr **addr_p) 800{ 801 struct rt0_hdr *phdr, *ihdr; 802 int hops; 803 804 ihdr = (struct rt0_hdr *) opt; 805 806 phdr = (struct rt0_hdr *) skb_push(skb, (ihdr->rt_hdr.hdrlen + 1) << 3); 807 memcpy(phdr, ihdr, sizeof(struct rt0_hdr)); 808 809 hops = ihdr->rt_hdr.hdrlen >> 1; 810 811 if (hops > 1) 812 memcpy(phdr->addr, ihdr->addr + 1, 813 (hops - 1) * sizeof(struct in6_addr)); 814 815 ipv6_addr_copy(phdr->addr + (hops - 1), *addr_p); 816 *addr_p = ihdr->addr; 817 818 phdr->rt_hdr.nexthdr = *proto; 819 *proto = NEXTHDR_ROUTING; 820} 821 822static void ipv6_push_exthdr(struct sk_buff *skb, u8 *proto, u8 type, struct ipv6_opt_hdr *opt) 823{ 824 struct ipv6_opt_hdr *h = (struct ipv6_opt_hdr *)skb_push(skb, ipv6_optlen(opt)); 825 826 memcpy(h, opt, ipv6_optlen(opt)); 827 h->nexthdr = *proto; 828 *proto = type; 829} 830 831void ipv6_push_nfrag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt, 832 u8 *proto, 833 struct in6_addr **daddr) 834{ 835 if (opt->srcrt) { 836 ipv6_push_rthdr(skb, proto, opt->srcrt, daddr); 837 /* 838 * IPV6_RTHDRDSTOPTS is ignored 839 * unless IPV6_RTHDR is set (RFC3542). 840 */ 841 if (opt->dst0opt) 842 ipv6_push_exthdr(skb, proto, NEXTHDR_DEST, opt->dst0opt); 843 } 844 if (opt->hopopt) 845 ipv6_push_exthdr(skb, proto, NEXTHDR_HOP, opt->hopopt); 846} 847 848EXPORT_SYMBOL(ipv6_push_nfrag_opts); 849 850void ipv6_push_frag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt, u8 *proto) 851{ 852 if (opt->dst1opt) 853 ipv6_push_exthdr(skb, proto, NEXTHDR_DEST, opt->dst1opt); 854} 855 856struct ipv6_txoptions * 857ipv6_dup_options(struct sock *sk, struct ipv6_txoptions *opt) 858{ 859 struct ipv6_txoptions *opt2; 860 861 opt2 = sock_kmalloc(sk, opt->tot_len, GFP_ATOMIC); 862 if (opt2) { 863 long dif = (char*)opt2 - (char*)opt; 864 memcpy(opt2, opt, opt->tot_len); 865 if (opt2->hopopt) 866 *((char**)&opt2->hopopt) += dif; 867 if (opt2->dst0opt) 868 *((char**)&opt2->dst0opt) += dif; 869 if (opt2->dst1opt) 870 *((char**)&opt2->dst1opt) += dif; 871 if (opt2->srcrt) 872 *((char**)&opt2->srcrt) += dif; 873 } 874 return opt2; 875} 876 877EXPORT_SYMBOL_GPL(ipv6_dup_options); 878 879static int ipv6_renew_option(void *ohdr, 880 struct ipv6_opt_hdr __user *newopt, int newoptlen, 881 int inherit, 882 struct ipv6_opt_hdr **hdr, 883 char **p) 884{ 885 if (inherit) { 886 if (ohdr) { 887 memcpy(*p, ohdr, ipv6_optlen((struct ipv6_opt_hdr *)ohdr)); 888 *hdr = (struct ipv6_opt_hdr *)*p; 889 *p += CMSG_ALIGN(ipv6_optlen(*(struct ipv6_opt_hdr **)hdr)); 890 } 891 } else { 892 if (newopt) { 893 if (copy_from_user(*p, newopt, newoptlen)) 894 return -EFAULT; 895 *hdr = (struct ipv6_opt_hdr *)*p; 896 if (ipv6_optlen(*(struct ipv6_opt_hdr **)hdr) > newoptlen) 897 return -EINVAL; 898 *p += CMSG_ALIGN(newoptlen); 899 } 900 } 901 return 0; 902} 903 904struct ipv6_txoptions * 905ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt, 906 int newtype, 907 struct ipv6_opt_hdr __user *newopt, int newoptlen) 908{ 909 int tot_len = 0; 910 char *p; 911 struct ipv6_txoptions *opt2; 912 int err; 913 914 if (opt) { 915 if (newtype != IPV6_HOPOPTS && opt->hopopt) 916 tot_len += CMSG_ALIGN(ipv6_optlen(opt->hopopt)); 917 if (newtype != IPV6_RTHDRDSTOPTS && opt->dst0opt) 918 tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst0opt)); 919 if (newtype != IPV6_RTHDR && opt->srcrt) 920 tot_len += CMSG_ALIGN(ipv6_optlen(opt->srcrt)); 921 if (newtype != IPV6_DSTOPTS && opt->dst1opt) 922 tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst1opt)); 923 } 924 925 if (newopt && newoptlen) 926 tot_len += CMSG_ALIGN(newoptlen); 927 928 if (!tot_len) 929 return NULL; 930 931 tot_len += sizeof(*opt2); 932 opt2 = sock_kmalloc(sk, tot_len, GFP_ATOMIC); 933 if (!opt2) 934 return ERR_PTR(-ENOBUFS); 935 936 memset(opt2, 0, tot_len); 937 938 opt2->tot_len = tot_len; 939 p = (char *)(opt2 + 1); 940 941 err = ipv6_renew_option(opt ? opt->hopopt : NULL, newopt, newoptlen, 942 newtype != IPV6_HOPOPTS, 943 &opt2->hopopt, &p); 944 if (err) 945 goto out; 946 947 err = ipv6_renew_option(opt ? opt->dst0opt : NULL, newopt, newoptlen, 948 newtype != IPV6_RTHDRDSTOPTS, 949 &opt2->dst0opt, &p); 950 if (err) 951 goto out; 952 953 err = ipv6_renew_option(opt ? opt->srcrt : NULL, newopt, newoptlen, 954 newtype != IPV6_RTHDR, 955 (struct ipv6_opt_hdr **)&opt2->srcrt, &p); 956 if (err) 957 goto out; 958 959 err = ipv6_renew_option(opt ? opt->dst1opt : NULL, newopt, newoptlen, 960 newtype != IPV6_DSTOPTS, 961 &opt2->dst1opt, &p); 962 if (err) 963 goto out; 964 965 opt2->opt_nflen = (opt2->hopopt ? ipv6_optlen(opt2->hopopt) : 0) + 966 (opt2->dst0opt ? ipv6_optlen(opt2->dst0opt) : 0) + 967 (opt2->srcrt ? ipv6_optlen(opt2->srcrt) : 0); 968 opt2->opt_flen = (opt2->dst1opt ? ipv6_optlen(opt2->dst1opt) : 0); 969 970 return opt2; 971out: 972 sock_kfree_s(sk, opt2, opt2->tot_len); 973 return ERR_PTR(err); 974} 975 976struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space, 977 struct ipv6_txoptions *opt) 978{ 979 /* 980 * ignore the dest before srcrt unless srcrt is being included. 981 * --yoshfuji 982 */ 983 if (opt && opt->dst0opt && !opt->srcrt) { 984 if (opt_space != opt) { 985 memcpy(opt_space, opt, sizeof(*opt_space)); 986 opt = opt_space; 987 } 988 opt->opt_nflen -= ipv6_optlen(opt->dst0opt); 989 opt->dst0opt = NULL; 990 } 991 992 return opt; 993} 994