1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (C) 2009-2018  B.A.T.M.A.N. contributors:
3  *
4  * Marek Lindner
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of version 2 of the GNU General Public
8  * License as published by the Free Software Foundation.
9  *
10  * This program is distributed in the hope that it will be useful, but
11  * WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  * General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, see <http://www.gnu.org/licenses/>.
17  */
18 
19 #include "gateway_client.h"
20 #include "main.h"
21 
22 #include <linux/atomic.h>
23 #include <linux/byteorder/generic.h>
24 #include <linux/errno.h>
25 #include <linux/etherdevice.h>
26 #include <linux/gfp.h>
27 #include <linux/if_ether.h>
28 #include <linux/if_vlan.h>
29 #include <linux/in.h>
30 #include <linux/ip.h>
31 #include <linux/ipv6.h>
32 #include <linux/kernel.h>
33 #include <linux/kref.h>
34 #include <linux/list.h>
35 #include <linux/lockdep.h>
36 #include <linux/netdevice.h>
37 #include <linux/netlink.h>
38 #include <linux/rculist.h>
39 #include <linux/rcupdate.h>
40 #include <linux/seq_file.h>
41 #include <linux/skbuff.h>
42 #include <linux/slab.h>
43 #include <linux/spinlock.h>
44 #include <linux/stddef.h>
45 #include <linux/udp.h>
46 #include <net/sock.h>
47 #include <uapi/linux/batadv_packet.h>
48 #include <uapi/linux/batman_adv.h>
49 
50 #include "gateway_common.h"
51 #include "hard-interface.h"
52 #include "log.h"
53 #include "netlink.h"
54 #include "originator.h"
55 #include "routing.h"
56 #include "soft-interface.h"
57 #include "sysfs.h"
58 #include "translation-table.h"
59 
60 /* These are the offsets of the "hw type" and "hw address length" in the dhcp
61  * packet starting at the beginning of the dhcp header
62  */
63 #define BATADV_DHCP_HTYPE_OFFSET	1
64 #define BATADV_DHCP_HLEN_OFFSET		2
65 /* Value of htype representing Ethernet */
66 #define BATADV_DHCP_HTYPE_ETHERNET	0x01
67 /* This is the offset of the "chaddr" field in the dhcp packet starting at the
68  * beginning of the dhcp header
69  */
70 #define BATADV_DHCP_CHADDR_OFFSET	28
71 
72 /**
73  * batadv_gw_node_release() - release gw_node from lists and queue for free
74  *  after rcu grace period
75  * @ref: kref pointer of the gw_node
76  */
77 static void batadv_gw_node_release(struct kref *ref)
78 {
79 	struct batadv_gw_node *gw_node;
80 
81 	gw_node = container_of(ref, struct batadv_gw_node, refcount);
82 
83 	batadv_orig_node_put(gw_node->orig_node);
84 	kfree_rcu(gw_node, rcu);
85 }
86 
87 /**
88  * batadv_gw_node_put() - decrement the gw_node refcounter and possibly release
89  *  it
90  * @gw_node: gateway node to free
91  */
92 void batadv_gw_node_put(struct batadv_gw_node *gw_node)
93 {
94 	kref_put(&gw_node->refcount, batadv_gw_node_release);
95 }
96 
97 /**
98  * batadv_gw_get_selected_gw_node() - Get currently selected gateway
99  * @bat_priv: the bat priv with all the soft interface information
100  *
101  * Return: selected gateway (with increased refcnt), NULL on errors
102  */
103 struct batadv_gw_node *
104 batadv_gw_get_selected_gw_node(struct batadv_priv *bat_priv)
105 {
106 	struct batadv_gw_node *gw_node;
107 
108 	rcu_read_lock();
109 	gw_node = rcu_dereference(bat_priv->gw.curr_gw);
110 	if (!gw_node)
111 		goto out;
112 
113 	if (!kref_get_unless_zero(&gw_node->refcount))
114 		gw_node = NULL;
115 
116 out:
117 	rcu_read_unlock();
118 	return gw_node;
119 }
120 
121 /**
122  * batadv_gw_get_selected_orig() - Get originator of currently selected gateway
123  * @bat_priv: the bat priv with all the soft interface information
124  *
125  * Return: orig_node of selected gateway (with increased refcnt), NULL on errors
126  */
127 struct batadv_orig_node *
128 batadv_gw_get_selected_orig(struct batadv_priv *bat_priv)
129 {
130 	struct batadv_gw_node *gw_node;
131 	struct batadv_orig_node *orig_node = NULL;
132 
133 	gw_node = batadv_gw_get_selected_gw_node(bat_priv);
134 	if (!gw_node)
135 		goto out;
136 
137 	rcu_read_lock();
138 	orig_node = gw_node->orig_node;
139 	if (!orig_node)
140 		goto unlock;
141 
142 	if (!kref_get_unless_zero(&orig_node->refcount))
143 		orig_node = NULL;
144 
145 unlock:
146 	rcu_read_unlock();
147 out:
148 	if (gw_node)
149 		batadv_gw_node_put(gw_node);
150 	return orig_node;
151 }
152 
153 static void batadv_gw_select(struct batadv_priv *bat_priv,
154 			     struct batadv_gw_node *new_gw_node)
155 {
156 	struct batadv_gw_node *curr_gw_node;
157 
158 	spin_lock_bh(&bat_priv->gw.list_lock);
159 
160 	if (new_gw_node)
161 		kref_get(&new_gw_node->refcount);
162 
163 	curr_gw_node = rcu_dereference_protected(bat_priv->gw.curr_gw, 1);
164 	rcu_assign_pointer(bat_priv->gw.curr_gw, new_gw_node);
165 
166 	if (curr_gw_node)
167 		batadv_gw_node_put(curr_gw_node);
168 
169 	spin_unlock_bh(&bat_priv->gw.list_lock);
170 }
171 
172 /**
173  * batadv_gw_reselect() - force a gateway reselection
174  * @bat_priv: the bat priv with all the soft interface information
175  *
176  * Set a flag to remind the GW component to perform a new gateway reselection.
177  * However this function does not ensure that the current gateway is going to be
178  * deselected. The reselection mechanism may elect the same gateway once again.
179  *
180  * This means that invoking batadv_gw_reselect() does not guarantee a gateway
181  * change and therefore a uevent is not necessarily expected.
182  */
183 void batadv_gw_reselect(struct batadv_priv *bat_priv)
184 {
185 	atomic_set(&bat_priv->gw.reselect, 1);
186 }
187 
188 /**
189  * batadv_gw_check_client_stop() - check if client mode has been switched off
190  * @bat_priv: the bat priv with all the soft interface information
191  *
192  * This function assumes the caller has checked that the gw state *is actually
193  * changing*. This function is not supposed to be called when there is no state
194  * change.
195  */
196 void batadv_gw_check_client_stop(struct batadv_priv *bat_priv)
197 {
198 	struct batadv_gw_node *curr_gw;
199 
200 	if (atomic_read(&bat_priv->gw.mode) != BATADV_GW_MODE_CLIENT)
201 		return;
202 
203 	curr_gw = batadv_gw_get_selected_gw_node(bat_priv);
204 	if (!curr_gw)
205 		return;
206 
207 	/* deselect the current gateway so that next time that client mode is
208 	 * enabled a proper GW_ADD event can be sent
209 	 */
210 	batadv_gw_select(bat_priv, NULL);
211 
212 	/* if batman-adv is switching the gw client mode off and a gateway was
213 	 * already selected, send a DEL uevent
214 	 */
215 	batadv_throw_uevent(bat_priv, BATADV_UEV_GW, BATADV_UEV_DEL, NULL);
216 
217 	batadv_gw_node_put(curr_gw);
218 }
219 
220 /**
221  * batadv_gw_election() - Elect the best gateway
222  * @bat_priv: the bat priv with all the soft interface information
223  */
224 void batadv_gw_election(struct batadv_priv *bat_priv)
225 {
226 	struct batadv_gw_node *curr_gw = NULL;
227 	struct batadv_gw_node *next_gw = NULL;
228 	struct batadv_neigh_node *router = NULL;
229 	struct batadv_neigh_ifinfo *router_ifinfo = NULL;
230 	char gw_addr[18] = { '\0' };
231 
232 	if (atomic_read(&bat_priv->gw.mode) != BATADV_GW_MODE_CLIENT)
233 		goto out;
234 
235 	if (!bat_priv->algo_ops->gw.get_best_gw_node)
236 		goto out;
237 
238 	curr_gw = batadv_gw_get_selected_gw_node(bat_priv);
239 
240 	if (!batadv_atomic_dec_not_zero(&bat_priv->gw.reselect) && curr_gw)
241 		goto out;
242 
243 	/* if gw.reselect is set to 1 it means that a previous call to
244 	 * gw.is_eligible() said that we have a new best GW, therefore it can
245 	 * now be picked from the list and selected
246 	 */
247 	next_gw = bat_priv->algo_ops->gw.get_best_gw_node(bat_priv);
248 
249 	if (curr_gw == next_gw)
250 		goto out;
251 
252 	if (next_gw) {
253 		sprintf(gw_addr, "%pM", next_gw->orig_node->orig);
254 
255 		router = batadv_orig_router_get(next_gw->orig_node,
256 						BATADV_IF_DEFAULT);
257 		if (!router) {
258 			batadv_gw_reselect(bat_priv);
259 			goto out;
260 		}
261 
262 		router_ifinfo = batadv_neigh_ifinfo_get(router,
263 							BATADV_IF_DEFAULT);
264 		if (!router_ifinfo) {
265 			batadv_gw_reselect(bat_priv);
266 			goto out;
267 		}
268 	}
269 
270 	if (curr_gw && !next_gw) {
271 		batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
272 			   "Removing selected gateway - no gateway in range\n");
273 		batadv_throw_uevent(bat_priv, BATADV_UEV_GW, BATADV_UEV_DEL,
274 				    NULL);
275 	} else if (!curr_gw && next_gw) {
276 		batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
277 			   "Adding route to gateway %pM (bandwidth: %u.%u/%u.%u MBit, tq: %i)\n",
278 			   next_gw->orig_node->orig,
279 			   next_gw->bandwidth_down / 10,
280 			   next_gw->bandwidth_down % 10,
281 			   next_gw->bandwidth_up / 10,
282 			   next_gw->bandwidth_up % 10,
283 			   router_ifinfo->bat_iv.tq_avg);
284 		batadv_throw_uevent(bat_priv, BATADV_UEV_GW, BATADV_UEV_ADD,
285 				    gw_addr);
286 	} else {
287 		batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
288 			   "Changing route to gateway %pM (bandwidth: %u.%u/%u.%u MBit, tq: %i)\n",
289 			   next_gw->orig_node->orig,
290 			   next_gw->bandwidth_down / 10,
291 			   next_gw->bandwidth_down % 10,
292 			   next_gw->bandwidth_up / 10,
293 			   next_gw->bandwidth_up % 10,
294 			   router_ifinfo->bat_iv.tq_avg);
295 		batadv_throw_uevent(bat_priv, BATADV_UEV_GW, BATADV_UEV_CHANGE,
296 				    gw_addr);
297 	}
298 
299 	batadv_gw_select(bat_priv, next_gw);
300 
301 out:
302 	if (curr_gw)
303 		batadv_gw_node_put(curr_gw);
304 	if (next_gw)
305 		batadv_gw_node_put(next_gw);
306 	if (router)
307 		batadv_neigh_node_put(router);
308 	if (router_ifinfo)
309 		batadv_neigh_ifinfo_put(router_ifinfo);
310 }
311 
312 /**
313  * batadv_gw_check_election() - Elect orig node as best gateway when eligible
314  * @bat_priv: the bat priv with all the soft interface information
315  * @orig_node: orig node which is to be checked
316  */
317 void batadv_gw_check_election(struct batadv_priv *bat_priv,
318 			      struct batadv_orig_node *orig_node)
319 {
320 	struct batadv_orig_node *curr_gw_orig;
321 
322 	/* abort immediately if the routing algorithm does not support gateway
323 	 * election
324 	 */
325 	if (!bat_priv->algo_ops->gw.is_eligible)
326 		return;
327 
328 	curr_gw_orig = batadv_gw_get_selected_orig(bat_priv);
329 	if (!curr_gw_orig)
330 		goto reselect;
331 
332 	/* this node already is the gateway */
333 	if (curr_gw_orig == orig_node)
334 		goto out;
335 
336 	if (!bat_priv->algo_ops->gw.is_eligible(bat_priv, curr_gw_orig,
337 						orig_node))
338 		goto out;
339 
340 reselect:
341 	batadv_gw_reselect(bat_priv);
342 out:
343 	if (curr_gw_orig)
344 		batadv_orig_node_put(curr_gw_orig);
345 }
346 
347 /**
348  * batadv_gw_node_add() - add gateway node to list of available gateways
349  * @bat_priv: the bat priv with all the soft interface information
350  * @orig_node: originator announcing gateway capabilities
351  * @gateway: announced bandwidth information
352  *
353  * Has to be called with the appropriate locks being acquired
354  * (gw.list_lock).
355  */
356 static void batadv_gw_node_add(struct batadv_priv *bat_priv,
357 			       struct batadv_orig_node *orig_node,
358 			       struct batadv_tvlv_gateway_data *gateway)
359 {
360 	struct batadv_gw_node *gw_node;
361 
362 	lockdep_assert_held(&bat_priv->gw.list_lock);
363 
364 	if (gateway->bandwidth_down == 0)
365 		return;
366 
367 	gw_node = kzalloc(sizeof(*gw_node), GFP_ATOMIC);
368 	if (!gw_node)
369 		return;
370 
371 	kref_init(&gw_node->refcount);
372 	INIT_HLIST_NODE(&gw_node->list);
373 	kref_get(&orig_node->refcount);
374 	gw_node->orig_node = orig_node;
375 	gw_node->bandwidth_down = ntohl(gateway->bandwidth_down);
376 	gw_node->bandwidth_up = ntohl(gateway->bandwidth_up);
377 
378 	kref_get(&gw_node->refcount);
379 	hlist_add_head_rcu(&gw_node->list, &bat_priv->gw.gateway_list);
380 	bat_priv->gw.generation++;
381 
382 	batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
383 		   "Found new gateway %pM -> gw bandwidth: %u.%u/%u.%u MBit\n",
384 		   orig_node->orig,
385 		   ntohl(gateway->bandwidth_down) / 10,
386 		   ntohl(gateway->bandwidth_down) % 10,
387 		   ntohl(gateway->bandwidth_up) / 10,
388 		   ntohl(gateway->bandwidth_up) % 10);
389 
390 	/* don't return reference to new gw_node */
391 	batadv_gw_node_put(gw_node);
392 }
393 
394 /**
395  * batadv_gw_node_get() - retrieve gateway node from list of available gateways
396  * @bat_priv: the bat priv with all the soft interface information
397  * @orig_node: originator announcing gateway capabilities
398  *
399  * Return: gateway node if found or NULL otherwise.
400  */
401 struct batadv_gw_node *batadv_gw_node_get(struct batadv_priv *bat_priv,
402 					  struct batadv_orig_node *orig_node)
403 {
404 	struct batadv_gw_node *gw_node_tmp, *gw_node = NULL;
405 
406 	rcu_read_lock();
407 	hlist_for_each_entry_rcu(gw_node_tmp, &bat_priv->gw.gateway_list,
408 				 list) {
409 		if (gw_node_tmp->orig_node != orig_node)
410 			continue;
411 
412 		if (!kref_get_unless_zero(&gw_node_tmp->refcount))
413 			continue;
414 
415 		gw_node = gw_node_tmp;
416 		break;
417 	}
418 	rcu_read_unlock();
419 
420 	return gw_node;
421 }
422 
423 /**
424  * batadv_gw_node_update() - update list of available gateways with changed
425  *  bandwidth information
426  * @bat_priv: the bat priv with all the soft interface information
427  * @orig_node: originator announcing gateway capabilities
428  * @gateway: announced bandwidth information
429  */
430 void batadv_gw_node_update(struct batadv_priv *bat_priv,
431 			   struct batadv_orig_node *orig_node,
432 			   struct batadv_tvlv_gateway_data *gateway)
433 {
434 	struct batadv_gw_node *gw_node, *curr_gw = NULL;
435 
436 	spin_lock_bh(&bat_priv->gw.list_lock);
437 	gw_node = batadv_gw_node_get(bat_priv, orig_node);
438 	if (!gw_node) {
439 		batadv_gw_node_add(bat_priv, orig_node, gateway);
440 		spin_unlock_bh(&bat_priv->gw.list_lock);
441 		goto out;
442 	}
443 	spin_unlock_bh(&bat_priv->gw.list_lock);
444 
445 	if (gw_node->bandwidth_down == ntohl(gateway->bandwidth_down) &&
446 	    gw_node->bandwidth_up == ntohl(gateway->bandwidth_up))
447 		goto out;
448 
449 	batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
450 		   "Gateway bandwidth of originator %pM changed from %u.%u/%u.%u MBit to %u.%u/%u.%u MBit\n",
451 		   orig_node->orig,
452 		   gw_node->bandwidth_down / 10,
453 		   gw_node->bandwidth_down % 10,
454 		   gw_node->bandwidth_up / 10,
455 		   gw_node->bandwidth_up % 10,
456 		   ntohl(gateway->bandwidth_down) / 10,
457 		   ntohl(gateway->bandwidth_down) % 10,
458 		   ntohl(gateway->bandwidth_up) / 10,
459 		   ntohl(gateway->bandwidth_up) % 10);
460 
461 	gw_node->bandwidth_down = ntohl(gateway->bandwidth_down);
462 	gw_node->bandwidth_up = ntohl(gateway->bandwidth_up);
463 
464 	if (ntohl(gateway->bandwidth_down) == 0) {
465 		batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
466 			   "Gateway %pM removed from gateway list\n",
467 			   orig_node->orig);
468 
469 		/* Note: We don't need a NULL check here, since curr_gw never
470 		 * gets dereferenced.
471 		 */
472 		spin_lock_bh(&bat_priv->gw.list_lock);
473 		if (!hlist_unhashed(&gw_node->list)) {
474 			hlist_del_init_rcu(&gw_node->list);
475 			batadv_gw_node_put(gw_node);
476 			bat_priv->gw.generation++;
477 		}
478 		spin_unlock_bh(&bat_priv->gw.list_lock);
479 
480 		curr_gw = batadv_gw_get_selected_gw_node(bat_priv);
481 		if (gw_node == curr_gw)
482 			batadv_gw_reselect(bat_priv);
483 
484 		if (curr_gw)
485 			batadv_gw_node_put(curr_gw);
486 	}
487 
488 out:
489 	if (gw_node)
490 		batadv_gw_node_put(gw_node);
491 }
492 
493 /**
494  * batadv_gw_node_delete() - Remove orig_node from gateway list
495  * @bat_priv: the bat priv with all the soft interface information
496  * @orig_node: orig node which is currently in process of being removed
497  */
498 void batadv_gw_node_delete(struct batadv_priv *bat_priv,
499 			   struct batadv_orig_node *orig_node)
500 {
501 	struct batadv_tvlv_gateway_data gateway;
502 
503 	gateway.bandwidth_down = 0;
504 	gateway.bandwidth_up = 0;
505 
506 	batadv_gw_node_update(bat_priv, orig_node, &gateway);
507 }
508 
509 /**
510  * batadv_gw_node_free() - Free gateway information from soft interface
511  * @bat_priv: the bat priv with all the soft interface information
512  */
513 void batadv_gw_node_free(struct batadv_priv *bat_priv)
514 {
515 	struct batadv_gw_node *gw_node;
516 	struct hlist_node *node_tmp;
517 
518 	spin_lock_bh(&bat_priv->gw.list_lock);
519 	hlist_for_each_entry_safe(gw_node, node_tmp,
520 				  &bat_priv->gw.gateway_list, list) {
521 		hlist_del_init_rcu(&gw_node->list);
522 		batadv_gw_node_put(gw_node);
523 		bat_priv->gw.generation++;
524 	}
525 	spin_unlock_bh(&bat_priv->gw.list_lock);
526 }
527 
528 #ifdef CONFIG_BATMAN_ADV_DEBUGFS
529 
530 /**
531  * batadv_gw_client_seq_print_text() - Print the gateway table in a seq file
532  * @seq: seq file to print on
533  * @offset: not used
534  *
535  * Return: always 0
536  */
537 int batadv_gw_client_seq_print_text(struct seq_file *seq, void *offset)
538 {
539 	struct net_device *net_dev = (struct net_device *)seq->private;
540 	struct batadv_priv *bat_priv = netdev_priv(net_dev);
541 	struct batadv_hard_iface *primary_if;
542 
543 	primary_if = batadv_seq_print_text_primary_if_get(seq);
544 	if (!primary_if)
545 		return 0;
546 
547 	seq_printf(seq, "[B.A.T.M.A.N. adv %s, MainIF/MAC: %s/%pM (%s %s)]\n",
548 		   BATADV_SOURCE_VERSION, primary_if->net_dev->name,
549 		   primary_if->net_dev->dev_addr, net_dev->name,
550 		   bat_priv->algo_ops->name);
551 
552 	batadv_hardif_put(primary_if);
553 
554 	if (!bat_priv->algo_ops->gw.print) {
555 		seq_puts(seq,
556 			 "No printing function for this routing protocol\n");
557 		return 0;
558 	}
559 
560 	bat_priv->algo_ops->gw.print(bat_priv, seq);
561 
562 	return 0;
563 }
564 #endif
565 
566 /**
567  * batadv_gw_dump() - Dump gateways into a message
568  * @msg: Netlink message to dump into
569  * @cb: Control block containing additional options
570  *
571  * Return: Error code, or length of message
572  */
573 int batadv_gw_dump(struct sk_buff *msg, struct netlink_callback *cb)
574 {
575 	struct batadv_hard_iface *primary_if = NULL;
576 	struct net *net = sock_net(cb->skb->sk);
577 	struct net_device *soft_iface;
578 	struct batadv_priv *bat_priv;
579 	int ifindex;
580 	int ret;
581 
582 	ifindex = batadv_netlink_get_ifindex(cb->nlh,
583 					     BATADV_ATTR_MESH_IFINDEX);
584 	if (!ifindex)
585 		return -EINVAL;
586 
587 	soft_iface = dev_get_by_index(net, ifindex);
588 	if (!soft_iface || !batadv_softif_is_valid(soft_iface)) {
589 		ret = -ENODEV;
590 		goto out;
591 	}
592 
593 	bat_priv = netdev_priv(soft_iface);
594 
595 	primary_if = batadv_primary_if_get_selected(bat_priv);
596 	if (!primary_if || primary_if->if_status != BATADV_IF_ACTIVE) {
597 		ret = -ENOENT;
598 		goto out;
599 	}
600 
601 	if (!bat_priv->algo_ops->gw.dump) {
602 		ret = -EOPNOTSUPP;
603 		goto out;
604 	}
605 
606 	bat_priv->algo_ops->gw.dump(msg, cb, bat_priv);
607 
608 	ret = msg->len;
609 
610 out:
611 	if (primary_if)
612 		batadv_hardif_put(primary_if);
613 	if (soft_iface)
614 		dev_put(soft_iface);
615 
616 	return ret;
617 }
618 
619 /**
620  * batadv_gw_dhcp_recipient_get() - check if a packet is a DHCP message
621  * @skb: the packet to check
622  * @header_len: a pointer to the batman-adv header size
623  * @chaddr: buffer where the client address will be stored. Valid
624  *  only if the function returns BATADV_DHCP_TO_CLIENT
625  *
626  * This function may re-allocate the data buffer of the skb passed as argument.
627  *
628  * Return:
629  * - BATADV_DHCP_NO if the packet is not a dhcp message or if there was an error
630  *   while parsing it
631  * - BATADV_DHCP_TO_SERVER if this is a message going to the DHCP server
632  * - BATADV_DHCP_TO_CLIENT if this is a message going to a DHCP client
633  */
634 enum batadv_dhcp_recipient
635 batadv_gw_dhcp_recipient_get(struct sk_buff *skb, unsigned int *header_len,
636 			     u8 *chaddr)
637 {
638 	enum batadv_dhcp_recipient ret = BATADV_DHCP_NO;
639 	struct ethhdr *ethhdr;
640 	struct iphdr *iphdr;
641 	struct ipv6hdr *ipv6hdr;
642 	struct udphdr *udphdr;
643 	struct vlan_ethhdr *vhdr;
644 	int chaddr_offset;
645 	__be16 proto;
646 	u8 *p;
647 
648 	/* check for ethernet header */
649 	if (!pskb_may_pull(skb, *header_len + ETH_HLEN))
650 		return BATADV_DHCP_NO;
651 
652 	ethhdr = eth_hdr(skb);
653 	proto = ethhdr->h_proto;
654 	*header_len += ETH_HLEN;
655 
656 	/* check for initial vlan header */
657 	if (proto == htons(ETH_P_8021Q)) {
658 		if (!pskb_may_pull(skb, *header_len + VLAN_HLEN))
659 			return BATADV_DHCP_NO;
660 
661 		vhdr = vlan_eth_hdr(skb);
662 		proto = vhdr->h_vlan_encapsulated_proto;
663 		*header_len += VLAN_HLEN;
664 	}
665 
666 	/* check for ip header */
667 	switch (proto) {
668 	case htons(ETH_P_IP):
669 		if (!pskb_may_pull(skb, *header_len + sizeof(*iphdr)))
670 			return BATADV_DHCP_NO;
671 
672 		iphdr = (struct iphdr *)(skb->data + *header_len);
673 		*header_len += iphdr->ihl * 4;
674 
675 		/* check for udp header */
676 		if (iphdr->protocol != IPPROTO_UDP)
677 			return BATADV_DHCP_NO;
678 
679 		break;
680 	case htons(ETH_P_IPV6):
681 		if (!pskb_may_pull(skb, *header_len + sizeof(*ipv6hdr)))
682 			return BATADV_DHCP_NO;
683 
684 		ipv6hdr = (struct ipv6hdr *)(skb->data + *header_len);
685 		*header_len += sizeof(*ipv6hdr);
686 
687 		/* check for udp header */
688 		if (ipv6hdr->nexthdr != IPPROTO_UDP)
689 			return BATADV_DHCP_NO;
690 
691 		break;
692 	default:
693 		return BATADV_DHCP_NO;
694 	}
695 
696 	if (!pskb_may_pull(skb, *header_len + sizeof(*udphdr)))
697 		return BATADV_DHCP_NO;
698 
699 	udphdr = (struct udphdr *)(skb->data + *header_len);
700 	*header_len += sizeof(*udphdr);
701 
702 	/* check for bootp port */
703 	switch (proto) {
704 	case htons(ETH_P_IP):
705 		if (udphdr->dest == htons(67))
706 			ret = BATADV_DHCP_TO_SERVER;
707 		else if (udphdr->source == htons(67))
708 			ret = BATADV_DHCP_TO_CLIENT;
709 		break;
710 	case htons(ETH_P_IPV6):
711 		if (udphdr->dest == htons(547))
712 			ret = BATADV_DHCP_TO_SERVER;
713 		else if (udphdr->source == htons(547))
714 			ret = BATADV_DHCP_TO_CLIENT;
715 		break;
716 	}
717 
718 	chaddr_offset = *header_len + BATADV_DHCP_CHADDR_OFFSET;
719 	/* store the client address if the message is going to a client */
720 	if (ret == BATADV_DHCP_TO_CLIENT &&
721 	    pskb_may_pull(skb, chaddr_offset + ETH_ALEN)) {
722 		/* check if the DHCP packet carries an Ethernet DHCP */
723 		p = skb->data + *header_len + BATADV_DHCP_HTYPE_OFFSET;
724 		if (*p != BATADV_DHCP_HTYPE_ETHERNET)
725 			return BATADV_DHCP_NO;
726 
727 		/* check if the DHCP packet carries a valid Ethernet address */
728 		p = skb->data + *header_len + BATADV_DHCP_HLEN_OFFSET;
729 		if (*p != ETH_ALEN)
730 			return BATADV_DHCP_NO;
731 
732 		ether_addr_copy(chaddr, skb->data + chaddr_offset);
733 	}
734 
735 	return ret;
736 }
737 
738 /**
739  * batadv_gw_out_of_range() - check if the dhcp request destination is the best
740  *  gateway
741  * @bat_priv: the bat priv with all the soft interface information
742  * @skb: the outgoing packet
743  *
744  * Check if the skb is a DHCP request and if it is sent to the current best GW
745  * server. Due to topology changes it may be the case that the GW server
746  * previously selected is not the best one anymore.
747  *
748  * This call might reallocate skb data.
749  * Must be invoked only when the DHCP packet is going TO a DHCP SERVER.
750  *
751  * Return: true if the packet destination is unicast and it is not the best gw,
752  * false otherwise.
753  */
754 bool batadv_gw_out_of_range(struct batadv_priv *bat_priv,
755 			    struct sk_buff *skb)
756 {
757 	struct batadv_neigh_node *neigh_curr = NULL;
758 	struct batadv_neigh_node *neigh_old = NULL;
759 	struct batadv_orig_node *orig_dst_node = NULL;
760 	struct batadv_gw_node *gw_node = NULL;
761 	struct batadv_gw_node *curr_gw = NULL;
762 	struct batadv_neigh_ifinfo *curr_ifinfo, *old_ifinfo;
763 	struct ethhdr *ethhdr = (struct ethhdr *)skb->data;
764 	bool out_of_range = false;
765 	u8 curr_tq_avg;
766 	unsigned short vid;
767 
768 	vid = batadv_get_vid(skb, 0);
769 
770 	if (is_multicast_ether_addr(ethhdr->h_dest))
771 		goto out;
772 
773 	orig_dst_node = batadv_transtable_search(bat_priv, ethhdr->h_source,
774 						 ethhdr->h_dest, vid);
775 	if (!orig_dst_node)
776 		goto out;
777 
778 	gw_node = batadv_gw_node_get(bat_priv, orig_dst_node);
779 	if (!gw_node)
780 		goto out;
781 
782 	switch (atomic_read(&bat_priv->gw.mode)) {
783 	case BATADV_GW_MODE_SERVER:
784 		/* If we are a GW then we are our best GW. We can artificially
785 		 * set the tq towards ourself as the maximum value
786 		 */
787 		curr_tq_avg = BATADV_TQ_MAX_VALUE;
788 		break;
789 	case BATADV_GW_MODE_CLIENT:
790 		curr_gw = batadv_gw_get_selected_gw_node(bat_priv);
791 		if (!curr_gw)
792 			goto out;
793 
794 		/* packet is going to our gateway */
795 		if (curr_gw->orig_node == orig_dst_node)
796 			goto out;
797 
798 		/* If the dhcp packet has been sent to a different gw,
799 		 * we have to evaluate whether the old gw is still
800 		 * reliable enough
801 		 */
802 		neigh_curr = batadv_find_router(bat_priv, curr_gw->orig_node,
803 						NULL);
804 		if (!neigh_curr)
805 			goto out;
806 
807 		curr_ifinfo = batadv_neigh_ifinfo_get(neigh_curr,
808 						      BATADV_IF_DEFAULT);
809 		if (!curr_ifinfo)
810 			goto out;
811 
812 		curr_tq_avg = curr_ifinfo->bat_iv.tq_avg;
813 		batadv_neigh_ifinfo_put(curr_ifinfo);
814 
815 		break;
816 	case BATADV_GW_MODE_OFF:
817 	default:
818 		goto out;
819 	}
820 
821 	neigh_old = batadv_find_router(bat_priv, orig_dst_node, NULL);
822 	if (!neigh_old)
823 		goto out;
824 
825 	old_ifinfo = batadv_neigh_ifinfo_get(neigh_old, BATADV_IF_DEFAULT);
826 	if (!old_ifinfo)
827 		goto out;
828 
829 	if ((curr_tq_avg - old_ifinfo->bat_iv.tq_avg) > BATADV_GW_THRESHOLD)
830 		out_of_range = true;
831 	batadv_neigh_ifinfo_put(old_ifinfo);
832 
833 out:
834 	if (orig_dst_node)
835 		batadv_orig_node_put(orig_dst_node);
836 	if (curr_gw)
837 		batadv_gw_node_put(curr_gw);
838 	if (gw_node)
839 		batadv_gw_node_put(gw_node);
840 	if (neigh_old)
841 		batadv_neigh_node_put(neigh_old);
842 	if (neigh_curr)
843 		batadv_neigh_node_put(neigh_curr);
844 	return out_of_range;
845 }
846