1 /* 2 * Extension Header handling for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Andi Kleen <ak@muc.de> 8 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 9 * 10 * $Id: exthdrs.c,v 1.13 2001/06/19 15:58:56 davem Exp $ 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; either version 15 * 2 of the License, or (at your option) any later version. 16 */ 17 18 /* Changes: 19 * yoshfuji : ensure not to overrun while parsing 20 * tlv options. 21 * Mitsuru KANDA @USAGI and: Remove ipv6_parse_exthdrs(). 22 * YOSHIFUJI Hideaki @USAGI Register inbound extension header 23 * handlers as inet6_protocol{}. 24 */ 25 26 #include <linux/errno.h> 27 #include <linux/types.h> 28 #include <linux/socket.h> 29 #include <linux/sockios.h> 30 #include <linux/net.h> 31 #include <linux/netdevice.h> 32 #include <linux/in6.h> 33 #include <linux/icmpv6.h> 34 35 #include <net/sock.h> 36 #include <net/snmp.h> 37 38 #include <net/ipv6.h> 39 #include <net/protocol.h> 40 #include <net/transp_v6.h> 41 #include <net/rawv6.h> 42 #include <net/ndisc.h> 43 #include <net/ip6_route.h> 44 #include <net/addrconf.h> 45 #ifdef CONFIG_IPV6_MIP6 46 #include <net/xfrm.h> 47 #endif 48 49 #include <asm/uaccess.h> 50 51 int ipv6_find_tlv(struct sk_buff *skb, int offset, int type) 52 { 53 const unsigned char *nh = skb_network_header(skb); 54 int packet_len = skb->tail - skb->network_header; 55 struct ipv6_opt_hdr *hdr; 56 int len; 57 58 if (offset + 2 > packet_len) 59 goto bad; 60 hdr = (struct ipv6_opt_hdr *)(nh + offset); 61 len = ((hdr->hdrlen + 1) << 3); 62 63 if (offset + len > packet_len) 64 goto bad; 65 66 offset += 2; 67 len -= 2; 68 69 while (len > 0) { 70 int opttype = nh[offset]; 71 int optlen; 72 73 if (opttype == type) 74 return offset; 75 76 switch (opttype) { 77 case IPV6_TLV_PAD0: 78 optlen = 1; 79 break; 80 default: 81 optlen = nh[offset + 1] + 2; 82 if (optlen > len) 83 goto bad; 84 break; 85 } 86 offset += optlen; 87 len -= optlen; 88 } 89 /* not_found */ 90 bad: 91 return -1; 92 } 93 94 /* 95 * Parsing tlv encoded headers. 96 * 97 * Parsing function "func" returns 1, if parsing succeed 98 * and 0, if it failed. 99 * It MUST NOT touch skb->h. 100 */ 101 102 struct tlvtype_proc { 103 int type; 104 int (*func)(struct sk_buff **skbp, int offset); 105 }; 106 107 /********************* 108 Generic functions 109 *********************/ 110 111 /* An unknown option is detected, decide what to do */ 112 113 static int ip6_tlvopt_unknown(struct sk_buff **skbp, int optoff) 114 { 115 struct sk_buff *skb = *skbp; 116 117 switch ((skb_network_header(skb)[optoff] & 0xC0) >> 6) { 118 case 0: /* ignore */ 119 return 1; 120 121 case 1: /* drop packet */ 122 break; 123 124 case 3: /* Send ICMP if not a multicast address and drop packet */ 125 /* Actually, it is redundant check. icmp_send 126 will recheck in any case. 127 */ 128 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) 129 break; 130 case 2: /* send ICMP PARM PROB regardless and drop packet */ 131 icmpv6_param_prob(skb, ICMPV6_UNK_OPTION, optoff); 132 return 0; 133 } 134 135 kfree_skb(skb); 136 return 0; 137 } 138 139 /* Parse tlv encoded option header (hop-by-hop or destination) */ 140 141 static int ip6_parse_tlv(struct tlvtype_proc *procs, struct sk_buff **skbp) 142 { 143 struct sk_buff *skb = *skbp; 144 struct tlvtype_proc *curr; 145 const unsigned char *nh = skb_network_header(skb); 146 int off = skb_network_header_len(skb); 147 int len = (skb_transport_header(skb)[1] + 1) << 3; 148 149 if (skb_transport_offset(skb) + len > skb_headlen(skb)) 150 goto bad; 151 152 off += 2; 153 len -= 2; 154 155 while (len > 0) { 156 int optlen = nh[off + 1] + 2; 157 158 switch (nh[off]) { 159 case IPV6_TLV_PAD0: 160 optlen = 1; 161 break; 162 163 case IPV6_TLV_PADN: 164 break; 165 166 default: /* Other TLV code so scan list */ 167 if (optlen > len) 168 goto bad; 169 for (curr=procs; curr->type >= 0; curr++) { 170 if (curr->type == nh[off]) { 171 /* type specific length/alignment 172 checks will be performed in the 173 func(). */ 174 if (curr->func(skbp, off) == 0) 175 return 0; 176 break; 177 } 178 } 179 if (curr->type < 0) { 180 if (ip6_tlvopt_unknown(skbp, off) == 0) 181 return 0; 182 } 183 break; 184 } 185 off += optlen; 186 len -= optlen; 187 } 188 if (len == 0) 189 return 1; 190 bad: 191 kfree_skb(skb); 192 return 0; 193 } 194 195 /***************************** 196 Destination options header. 197 *****************************/ 198 199 #ifdef CONFIG_IPV6_MIP6 200 static int ipv6_dest_hao(struct sk_buff **skbp, int optoff) 201 { 202 struct sk_buff *skb = *skbp; 203 struct ipv6_destopt_hao *hao; 204 struct inet6_skb_parm *opt = IP6CB(skb); 205 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 206 struct in6_addr tmp_addr; 207 int ret; 208 209 if (opt->dsthao) { 210 LIMIT_NETDEBUG(KERN_DEBUG "hao duplicated\n"); 211 goto discard; 212 } 213 opt->dsthao = opt->dst1; 214 opt->dst1 = 0; 215 216 hao = (struct ipv6_destopt_hao *)(skb_network_header(skb) + optoff); 217 218 if (hao->length != 16) { 219 LIMIT_NETDEBUG( 220 KERN_DEBUG "hao invalid option length = %d\n", hao->length); 221 goto discard; 222 } 223 224 if (!(ipv6_addr_type(&hao->addr) & IPV6_ADDR_UNICAST)) { 225 LIMIT_NETDEBUG( 226 KERN_DEBUG "hao is not an unicast addr: " NIP6_FMT "\n", NIP6(hao->addr)); 227 goto discard; 228 } 229 230 ret = xfrm6_input_addr(skb, (xfrm_address_t *)&ipv6h->daddr, 231 (xfrm_address_t *)&hao->addr, IPPROTO_DSTOPTS); 232 if (unlikely(ret < 0)) 233 goto discard; 234 235 if (skb_cloned(skb)) { 236 struct sk_buff *skb2 = skb_copy(skb, GFP_ATOMIC); 237 struct inet6_skb_parm *opt2; 238 239 if (skb2 == NULL) 240 goto discard; 241 242 opt2 = IP6CB(skb2); 243 memcpy(opt2, opt, sizeof(*opt2)); 244 245 kfree_skb(skb); 246 247 /* update all variable using below by copied skbuff */ 248 *skbp = skb = skb2; 249 hao = (struct ipv6_destopt_hao *)(skb_network_header(skb2) + 250 optoff); 251 ipv6h = ipv6_hdr(skb2); 252 } 253 254 if (skb->ip_summed == CHECKSUM_COMPLETE) 255 skb->ip_summed = CHECKSUM_NONE; 256 257 ipv6_addr_copy(&tmp_addr, &ipv6h->saddr); 258 ipv6_addr_copy(&ipv6h->saddr, &hao->addr); 259 ipv6_addr_copy(&hao->addr, &tmp_addr); 260 261 if (skb->tstamp.tv64 == 0) 262 __net_timestamp(skb); 263 264 return 1; 265 266 discard: 267 kfree_skb(skb); 268 return 0; 269 } 270 #endif 271 272 static struct tlvtype_proc tlvprocdestopt_lst[] = { 273 #ifdef CONFIG_IPV6_MIP6 274 { 275 .type = IPV6_TLV_HAO, 276 .func = ipv6_dest_hao, 277 }, 278 #endif 279 {-1, NULL} 280 }; 281 282 static int ipv6_destopt_rcv(struct sk_buff **skbp) 283 { 284 struct sk_buff *skb = *skbp; 285 struct inet6_skb_parm *opt = IP6CB(skb); 286 #ifdef CONFIG_IPV6_MIP6 287 __u16 dstbuf; 288 #endif 289 struct dst_entry *dst; 290 291 if (!pskb_may_pull(skb, skb_transport_offset(skb) + 8) || 292 !pskb_may_pull(skb, (skb_transport_offset(skb) + 293 ((skb_transport_header(skb)[1] + 1) << 3)))) { 294 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 295 IPSTATS_MIB_INHDRERRORS); 296 kfree_skb(skb); 297 return -1; 298 } 299 300 opt->lastopt = opt->dst1 = skb_network_header_len(skb); 301 #ifdef CONFIG_IPV6_MIP6 302 dstbuf = opt->dst1; 303 #endif 304 305 dst = dst_clone(skb->dst); 306 if (ip6_parse_tlv(tlvprocdestopt_lst, skbp)) { 307 dst_release(dst); 308 skb = *skbp; 309 skb->transport_header += (skb_transport_header(skb)[1] + 1) << 3; 310 opt = IP6CB(skb); 311 #ifdef CONFIG_IPV6_MIP6 312 opt->nhoff = dstbuf; 313 #else 314 opt->nhoff = opt->dst1; 315 #endif 316 return 1; 317 } 318 319 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS); 320 dst_release(dst); 321 return -1; 322 } 323 324 static struct inet6_protocol destopt_protocol = { 325 .handler = ipv6_destopt_rcv, 326 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_GSO_EXTHDR, 327 }; 328 329 void __init ipv6_destopt_init(void) 330 { 331 if (inet6_add_protocol(&destopt_protocol, IPPROTO_DSTOPTS) < 0) 332 printk(KERN_ERR "ipv6_destopt_init: Could not register protocol\n"); 333 } 334 335 /******************************** 336 NONE header. No data in packet. 337 ********************************/ 338 339 static int ipv6_nodata_rcv(struct sk_buff **skbp) 340 { 341 struct sk_buff *skb = *skbp; 342 343 kfree_skb(skb); 344 return 0; 345 } 346 347 static struct inet6_protocol nodata_protocol = { 348 .handler = ipv6_nodata_rcv, 349 .flags = INET6_PROTO_NOPOLICY, 350 }; 351 352 void __init ipv6_nodata_init(void) 353 { 354 if (inet6_add_protocol(&nodata_protocol, IPPROTO_NONE) < 0) 355 printk(KERN_ERR "ipv6_nodata_init: Could not register protocol\n"); 356 } 357 358 /******************************** 359 Routing header. 360 ********************************/ 361 362 static int ipv6_rthdr_rcv(struct sk_buff **skbp) 363 { 364 struct sk_buff *skb = *skbp; 365 struct inet6_skb_parm *opt = IP6CB(skb); 366 struct in6_addr *addr = NULL; 367 struct in6_addr daddr; 368 struct inet6_dev *idev; 369 int n, i; 370 struct ipv6_rt_hdr *hdr; 371 struct rt0_hdr *rthdr; 372 int accept_source_route = ipv6_devconf.accept_source_route; 373 374 if (accept_source_route < 0 || 375 ((idev = in6_dev_get(skb->dev)) == NULL)) { 376 kfree_skb(skb); 377 return -1; 378 } 379 if (idev->cnf.accept_source_route < 0) { 380 in6_dev_put(idev); 381 kfree_skb(skb); 382 return -1; 383 } 384 385 if (accept_source_route > idev->cnf.accept_source_route) 386 accept_source_route = idev->cnf.accept_source_route; 387 388 in6_dev_put(idev); 389 390 if (!pskb_may_pull(skb, skb_transport_offset(skb) + 8) || 391 !pskb_may_pull(skb, (skb_transport_offset(skb) + 392 ((skb_transport_header(skb)[1] + 1) << 3)))) { 393 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 394 IPSTATS_MIB_INHDRERRORS); 395 kfree_skb(skb); 396 return -1; 397 } 398 399 hdr = (struct ipv6_rt_hdr *)skb_transport_header(skb); 400 401 switch (hdr->type) { 402 #ifdef CONFIG_IPV6_MIP6 403 case IPV6_SRCRT_TYPE_2: 404 break; 405 #endif 406 case IPV6_SRCRT_TYPE_0: 407 if (accept_source_route > 0) 408 break; 409 kfree_skb(skb); 410 return -1; 411 default: 412 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 413 IPSTATS_MIB_INHDRERRORS); 414 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, 415 (&hdr->type) - skb_network_header(skb)); 416 return -1; 417 } 418 419 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) || 420 skb->pkt_type != PACKET_HOST) { 421 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 422 IPSTATS_MIB_INADDRERRORS); 423 kfree_skb(skb); 424 return -1; 425 } 426 427 looped_back: 428 if (hdr->segments_left == 0) { 429 switch (hdr->type) { 430 #ifdef CONFIG_IPV6_MIP6 431 case IPV6_SRCRT_TYPE_2: 432 /* Silently discard type 2 header unless it was 433 * processed by own 434 */ 435 if (!addr) { 436 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 437 IPSTATS_MIB_INADDRERRORS); 438 kfree_skb(skb); 439 return -1; 440 } 441 break; 442 #endif 443 default: 444 break; 445 } 446 447 opt->lastopt = opt->srcrt = skb_network_header_len(skb); 448 skb->transport_header += (hdr->hdrlen + 1) << 3; 449 opt->dst0 = opt->dst1; 450 opt->dst1 = 0; 451 opt->nhoff = (&hdr->nexthdr) - skb_network_header(skb); 452 return 1; 453 } 454 455 switch (hdr->type) { 456 case IPV6_SRCRT_TYPE_0: 457 if (hdr->hdrlen & 0x01) { 458 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 459 IPSTATS_MIB_INHDRERRORS); 460 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, 461 ((&hdr->hdrlen) - 462 skb_network_header(skb))); 463 return -1; 464 } 465 break; 466 #ifdef CONFIG_IPV6_MIP6 467 case IPV6_SRCRT_TYPE_2: 468 /* Silently discard invalid RTH type 2 */ 469 if (hdr->hdrlen != 2 || hdr->segments_left != 1) { 470 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 471 IPSTATS_MIB_INHDRERRORS); 472 kfree_skb(skb); 473 return -1; 474 } 475 break; 476 #endif 477 } 478 479 /* 480 * This is the routing header forwarding algorithm from 481 * RFC 2460, page 16. 482 */ 483 484 n = hdr->hdrlen >> 1; 485 486 if (hdr->segments_left > n) { 487 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 488 IPSTATS_MIB_INHDRERRORS); 489 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, 490 ((&hdr->segments_left) - 491 skb_network_header(skb))); 492 return -1; 493 } 494 495 /* We are about to mangle packet header. Be careful! 496 Do not damage packets queued somewhere. 497 */ 498 if (skb_cloned(skb)) { 499 struct sk_buff *skb2 = skb_copy(skb, GFP_ATOMIC); 500 /* the copy is a forwarded packet */ 501 if (skb2 == NULL) { 502 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 503 IPSTATS_MIB_OUTDISCARDS); 504 kfree_skb(skb); 505 return -1; 506 } 507 kfree_skb(skb); 508 *skbp = skb = skb2; 509 opt = IP6CB(skb2); 510 hdr = (struct ipv6_rt_hdr *)skb_transport_header(skb2); 511 } 512 513 if (skb->ip_summed == CHECKSUM_COMPLETE) 514 skb->ip_summed = CHECKSUM_NONE; 515 516 i = n - --hdr->segments_left; 517 518 rthdr = (struct rt0_hdr *) hdr; 519 addr = rthdr->addr; 520 addr += i - 1; 521 522 switch (hdr->type) { 523 #ifdef CONFIG_IPV6_MIP6 524 case IPV6_SRCRT_TYPE_2: 525 if (xfrm6_input_addr(skb, (xfrm_address_t *)addr, 526 (xfrm_address_t *)&ipv6_hdr(skb)->saddr, 527 IPPROTO_ROUTING) < 0) { 528 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 529 IPSTATS_MIB_INADDRERRORS); 530 kfree_skb(skb); 531 return -1; 532 } 533 if (!ipv6_chk_home_addr(addr)) { 534 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 535 IPSTATS_MIB_INADDRERRORS); 536 kfree_skb(skb); 537 return -1; 538 } 539 break; 540 #endif 541 default: 542 break; 543 } 544 545 if (ipv6_addr_is_multicast(addr)) { 546 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 547 IPSTATS_MIB_INADDRERRORS); 548 kfree_skb(skb); 549 return -1; 550 } 551 552 ipv6_addr_copy(&daddr, addr); 553 ipv6_addr_copy(addr, &ipv6_hdr(skb)->daddr); 554 ipv6_addr_copy(&ipv6_hdr(skb)->daddr, &daddr); 555 556 dst_release(xchg(&skb->dst, NULL)); 557 ip6_route_input(skb); 558 if (skb->dst->error) { 559 skb_push(skb, skb->data - skb_network_header(skb)); 560 dst_input(skb); 561 return -1; 562 } 563 564 if (skb->dst->dev->flags&IFF_LOOPBACK) { 565 if (ipv6_hdr(skb)->hop_limit <= 1) { 566 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 567 IPSTATS_MIB_INHDRERRORS); 568 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 569 0, skb->dev); 570 kfree_skb(skb); 571 return -1; 572 } 573 ipv6_hdr(skb)->hop_limit--; 574 goto looped_back; 575 } 576 577 skb_push(skb, skb->data - skb_network_header(skb)); 578 dst_input(skb); 579 return -1; 580 } 581 582 static struct inet6_protocol rthdr_protocol = { 583 .handler = ipv6_rthdr_rcv, 584 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_GSO_EXTHDR, 585 }; 586 587 void __init ipv6_rthdr_init(void) 588 { 589 if (inet6_add_protocol(&rthdr_protocol, IPPROTO_ROUTING) < 0) 590 printk(KERN_ERR "ipv6_rthdr_init: Could not register protocol\n"); 591 }; 592 593 /* 594 This function inverts received rthdr. 595 NOTE: specs allow to make it automatically only if 596 packet authenticated. 597 598 I will not discuss it here (though, I am really pissed off at 599 this stupid requirement making rthdr idea useless) 600 601 Actually, it creates severe problems for us. 602 Embryonic requests has no associated sockets, 603 so that user have no control over it and 604 cannot not only to set reply options, but 605 even to know, that someone wants to connect 606 without success. :-( 607 608 For now we need to test the engine, so that I created 609 temporary (or permanent) backdoor. 610 If listening socket set IPV6_RTHDR to 2, then we invert header. 611 --ANK (980729) 612 */ 613 614 struct ipv6_txoptions * 615 ipv6_invert_rthdr(struct sock *sk, struct ipv6_rt_hdr *hdr) 616 { 617 /* Received rthdr: 618 619 [ H1 -> H2 -> ... H_prev ] daddr=ME 620 621 Inverted result: 622 [ H_prev -> ... -> H1 ] daddr =sender 623 624 Note, that IP output engine will rewrite this rthdr 625 by rotating it left by one addr. 626 */ 627 628 int n, i; 629 struct rt0_hdr *rthdr = (struct rt0_hdr*)hdr; 630 struct rt0_hdr *irthdr; 631 struct ipv6_txoptions *opt; 632 int hdrlen = ipv6_optlen(hdr); 633 634 if (hdr->segments_left || 635 hdr->type != IPV6_SRCRT_TYPE_0 || 636 hdr->hdrlen & 0x01) 637 return NULL; 638 639 n = hdr->hdrlen >> 1; 640 opt = sock_kmalloc(sk, sizeof(*opt) + hdrlen, GFP_ATOMIC); 641 if (opt == NULL) 642 return NULL; 643 memset(opt, 0, sizeof(*opt)); 644 opt->tot_len = sizeof(*opt) + hdrlen; 645 opt->srcrt = (void*)(opt+1); 646 opt->opt_nflen = hdrlen; 647 648 memcpy(opt->srcrt, hdr, sizeof(*hdr)); 649 irthdr = (struct rt0_hdr*)opt->srcrt; 650 irthdr->reserved = 0; 651 opt->srcrt->segments_left = n; 652 for (i=0; i<n; i++) 653 memcpy(irthdr->addr+i, rthdr->addr+(n-1-i), 16); 654 return opt; 655 } 656 657 EXPORT_SYMBOL_GPL(ipv6_invert_rthdr); 658 659 /********************************** 660 Hop-by-hop options. 661 **********************************/ 662 663 /* 664 * Note: we cannot rely on skb->dst before we assign it in ip6_route_input(). 665 */ 666 static inline struct inet6_dev *ipv6_skb_idev(struct sk_buff *skb) 667 { 668 return skb->dst ? ip6_dst_idev(skb->dst) : __in6_dev_get(skb->dev); 669 } 670 671 /* Router Alert as of RFC 2711 */ 672 673 static int ipv6_hop_ra(struct sk_buff **skbp, int optoff) 674 { 675 struct sk_buff *skb = *skbp; 676 const unsigned char *nh = skb_network_header(skb); 677 678 if (nh[optoff + 1] == 2) { 679 IP6CB(skb)->ra = optoff; 680 return 1; 681 } 682 LIMIT_NETDEBUG(KERN_DEBUG "ipv6_hop_ra: wrong RA length %d\n", 683 nh[optoff + 1]); 684 kfree_skb(skb); 685 return 0; 686 } 687 688 /* Jumbo payload */ 689 690 static int ipv6_hop_jumbo(struct sk_buff **skbp, int optoff) 691 { 692 struct sk_buff *skb = *skbp; 693 const unsigned char *nh = skb_network_header(skb); 694 u32 pkt_len; 695 696 if (nh[optoff + 1] != 4 || (optoff & 3) != 2) { 697 LIMIT_NETDEBUG(KERN_DEBUG "ipv6_hop_jumbo: wrong jumbo opt length/alignment %d\n", 698 nh[optoff+1]); 699 IP6_INC_STATS_BH(ipv6_skb_idev(skb), 700 IPSTATS_MIB_INHDRERRORS); 701 goto drop; 702 } 703 704 pkt_len = ntohl(*(__be32 *)(nh + optoff + 2)); 705 if (pkt_len <= IPV6_MAXPLEN) { 706 IP6_INC_STATS_BH(ipv6_skb_idev(skb), IPSTATS_MIB_INHDRERRORS); 707 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff+2); 708 return 0; 709 } 710 if (ipv6_hdr(skb)->payload_len) { 711 IP6_INC_STATS_BH(ipv6_skb_idev(skb), IPSTATS_MIB_INHDRERRORS); 712 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff); 713 return 0; 714 } 715 716 if (pkt_len > skb->len - sizeof(struct ipv6hdr)) { 717 IP6_INC_STATS_BH(ipv6_skb_idev(skb), IPSTATS_MIB_INTRUNCATEDPKTS); 718 goto drop; 719 } 720 721 if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr))) 722 goto drop; 723 724 return 1; 725 726 drop: 727 kfree_skb(skb); 728 return 0; 729 } 730 731 static struct tlvtype_proc tlvprochopopt_lst[] = { 732 { 733 .type = IPV6_TLV_ROUTERALERT, 734 .func = ipv6_hop_ra, 735 }, 736 { 737 .type = IPV6_TLV_JUMBO, 738 .func = ipv6_hop_jumbo, 739 }, 740 { -1, } 741 }; 742 743 int ipv6_parse_hopopts(struct sk_buff **skbp) 744 { 745 struct sk_buff *skb = *skbp; 746 struct inet6_skb_parm *opt = IP6CB(skb); 747 748 /* 749 * skb_network_header(skb) is equal to skb->data, and 750 * skb_network_header_len(skb) is always equal to 751 * sizeof(struct ipv6hdr) by definition of 752 * hop-by-hop options. 753 */ 754 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr) + 8) || 755 !pskb_may_pull(skb, (sizeof(struct ipv6hdr) + 756 ((skb_transport_header(skb)[1] + 1) << 3)))) { 757 kfree_skb(skb); 758 return -1; 759 } 760 761 opt->hop = sizeof(struct ipv6hdr); 762 if (ip6_parse_tlv(tlvprochopopt_lst, skbp)) { 763 skb = *skbp; 764 skb->transport_header += (skb_transport_header(skb)[1] + 1) << 3; 765 opt = IP6CB(skb); 766 opt->nhoff = sizeof(struct ipv6hdr); 767 return 1; 768 } 769 return -1; 770 } 771 772 /* 773 * Creating outbound headers. 774 * 775 * "build" functions work when skb is filled from head to tail (datagram) 776 * "push" functions work when headers are added from tail to head (tcp) 777 * 778 * In both cases we assume, that caller reserved enough room 779 * for headers. 780 */ 781 782 static void ipv6_push_rthdr(struct sk_buff *skb, u8 *proto, 783 struct ipv6_rt_hdr *opt, 784 struct in6_addr **addr_p) 785 { 786 struct rt0_hdr *phdr, *ihdr; 787 int hops; 788 789 ihdr = (struct rt0_hdr *) opt; 790 791 phdr = (struct rt0_hdr *) skb_push(skb, (ihdr->rt_hdr.hdrlen + 1) << 3); 792 memcpy(phdr, ihdr, sizeof(struct rt0_hdr)); 793 794 hops = ihdr->rt_hdr.hdrlen >> 1; 795 796 if (hops > 1) 797 memcpy(phdr->addr, ihdr->addr + 1, 798 (hops - 1) * sizeof(struct in6_addr)); 799 800 ipv6_addr_copy(phdr->addr + (hops - 1), *addr_p); 801 *addr_p = ihdr->addr; 802 803 phdr->rt_hdr.nexthdr = *proto; 804 *proto = NEXTHDR_ROUTING; 805 } 806 807 static void ipv6_push_exthdr(struct sk_buff *skb, u8 *proto, u8 type, struct ipv6_opt_hdr *opt) 808 { 809 struct ipv6_opt_hdr *h = (struct ipv6_opt_hdr *)skb_push(skb, ipv6_optlen(opt)); 810 811 memcpy(h, opt, ipv6_optlen(opt)); 812 h->nexthdr = *proto; 813 *proto = type; 814 } 815 816 void ipv6_push_nfrag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt, 817 u8 *proto, 818 struct in6_addr **daddr) 819 { 820 if (opt->srcrt) { 821 ipv6_push_rthdr(skb, proto, opt->srcrt, daddr); 822 /* 823 * IPV6_RTHDRDSTOPTS is ignored 824 * unless IPV6_RTHDR is set (RFC3542). 825 */ 826 if (opt->dst0opt) 827 ipv6_push_exthdr(skb, proto, NEXTHDR_DEST, opt->dst0opt); 828 } 829 if (opt->hopopt) 830 ipv6_push_exthdr(skb, proto, NEXTHDR_HOP, opt->hopopt); 831 } 832 833 EXPORT_SYMBOL(ipv6_push_nfrag_opts); 834 835 void ipv6_push_frag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt, u8 *proto) 836 { 837 if (opt->dst1opt) 838 ipv6_push_exthdr(skb, proto, NEXTHDR_DEST, opt->dst1opt); 839 } 840 841 struct ipv6_txoptions * 842 ipv6_dup_options(struct sock *sk, struct ipv6_txoptions *opt) 843 { 844 struct ipv6_txoptions *opt2; 845 846 opt2 = sock_kmalloc(sk, opt->tot_len, GFP_ATOMIC); 847 if (opt2) { 848 long dif = (char*)opt2 - (char*)opt; 849 memcpy(opt2, opt, opt->tot_len); 850 if (opt2->hopopt) 851 *((char**)&opt2->hopopt) += dif; 852 if (opt2->dst0opt) 853 *((char**)&opt2->dst0opt) += dif; 854 if (opt2->dst1opt) 855 *((char**)&opt2->dst1opt) += dif; 856 if (opt2->srcrt) 857 *((char**)&opt2->srcrt) += dif; 858 } 859 return opt2; 860 } 861 862 EXPORT_SYMBOL_GPL(ipv6_dup_options); 863 864 static int ipv6_renew_option(void *ohdr, 865 struct ipv6_opt_hdr __user *newopt, int newoptlen, 866 int inherit, 867 struct ipv6_opt_hdr **hdr, 868 char **p) 869 { 870 if (inherit) { 871 if (ohdr) { 872 memcpy(*p, ohdr, ipv6_optlen((struct ipv6_opt_hdr *)ohdr)); 873 *hdr = (struct ipv6_opt_hdr *)*p; 874 *p += CMSG_ALIGN(ipv6_optlen(*(struct ipv6_opt_hdr **)hdr)); 875 } 876 } else { 877 if (newopt) { 878 if (copy_from_user(*p, newopt, newoptlen)) 879 return -EFAULT; 880 *hdr = (struct ipv6_opt_hdr *)*p; 881 if (ipv6_optlen(*(struct ipv6_opt_hdr **)hdr) > newoptlen) 882 return -EINVAL; 883 *p += CMSG_ALIGN(newoptlen); 884 } 885 } 886 return 0; 887 } 888 889 struct ipv6_txoptions * 890 ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt, 891 int newtype, 892 struct ipv6_opt_hdr __user *newopt, int newoptlen) 893 { 894 int tot_len = 0; 895 char *p; 896 struct ipv6_txoptions *opt2; 897 int err; 898 899 if (opt) { 900 if (newtype != IPV6_HOPOPTS && opt->hopopt) 901 tot_len += CMSG_ALIGN(ipv6_optlen(opt->hopopt)); 902 if (newtype != IPV6_RTHDRDSTOPTS && opt->dst0opt) 903 tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst0opt)); 904 if (newtype != IPV6_RTHDR && opt->srcrt) 905 tot_len += CMSG_ALIGN(ipv6_optlen(opt->srcrt)); 906 if (newtype != IPV6_DSTOPTS && opt->dst1opt) 907 tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst1opt)); 908 } 909 910 if (newopt && newoptlen) 911 tot_len += CMSG_ALIGN(newoptlen); 912 913 if (!tot_len) 914 return NULL; 915 916 tot_len += sizeof(*opt2); 917 opt2 = sock_kmalloc(sk, tot_len, GFP_ATOMIC); 918 if (!opt2) 919 return ERR_PTR(-ENOBUFS); 920 921 memset(opt2, 0, tot_len); 922 923 opt2->tot_len = tot_len; 924 p = (char *)(opt2 + 1); 925 926 err = ipv6_renew_option(opt ? opt->hopopt : NULL, newopt, newoptlen, 927 newtype != IPV6_HOPOPTS, 928 &opt2->hopopt, &p); 929 if (err) 930 goto out; 931 932 err = ipv6_renew_option(opt ? opt->dst0opt : NULL, newopt, newoptlen, 933 newtype != IPV6_RTHDRDSTOPTS, 934 &opt2->dst0opt, &p); 935 if (err) 936 goto out; 937 938 err = ipv6_renew_option(opt ? opt->srcrt : NULL, newopt, newoptlen, 939 newtype != IPV6_RTHDR, 940 (struct ipv6_opt_hdr **)&opt2->srcrt, &p); 941 if (err) 942 goto out; 943 944 err = ipv6_renew_option(opt ? opt->dst1opt : NULL, newopt, newoptlen, 945 newtype != IPV6_DSTOPTS, 946 &opt2->dst1opt, &p); 947 if (err) 948 goto out; 949 950 opt2->opt_nflen = (opt2->hopopt ? ipv6_optlen(opt2->hopopt) : 0) + 951 (opt2->dst0opt ? ipv6_optlen(opt2->dst0opt) : 0) + 952 (opt2->srcrt ? ipv6_optlen(opt2->srcrt) : 0); 953 opt2->opt_flen = (opt2->dst1opt ? ipv6_optlen(opt2->dst1opt) : 0); 954 955 return opt2; 956 out: 957 sock_kfree_s(sk, opt2, opt2->tot_len); 958 return ERR_PTR(err); 959 } 960 961 struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space, 962 struct ipv6_txoptions *opt) 963 { 964 /* 965 * ignore the dest before srcrt unless srcrt is being included. 966 * --yoshfuji 967 */ 968 if (opt && opt->dst0opt && !opt->srcrt) { 969 if (opt_space != opt) { 970 memcpy(opt_space, opt, sizeof(*opt_space)); 971 opt = opt_space; 972 } 973 opt->opt_nflen -= ipv6_optlen(opt->dst0opt); 974 opt->dst0opt = NULL; 975 } 976 977 return opt; 978 } 979 980