1 /* Copyright (C) 2009-2017  B.A.T.M.A.N. contributors:
2  *
3  * Marek Lindner
4  *
5  * This program is free software; you can redistribute it and/or
6  * modify it under the terms of version 2 of the GNU General Public
7  * License as published by the Free Software Foundation.
8  *
9  * This program is distributed in the hope that it will be useful, but
10  * WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, see <http://www.gnu.org/licenses/>.
16  */
17 
18 #include "gateway_client.h"
19 #include "main.h"
20 
21 #include <linux/atomic.h>
22 #include <linux/byteorder/generic.h>
23 #include <linux/errno.h>
24 #include <linux/etherdevice.h>
25 #include <linux/fs.h>
26 #include <linux/if_ether.h>
27 #include <linux/if_vlan.h>
28 #include <linux/in.h>
29 #include <linux/ip.h>
30 #include <linux/ipv6.h>
31 #include <linux/kernel.h>
32 #include <linux/kref.h>
33 #include <linux/list.h>
34 #include <linux/netdevice.h>
35 #include <linux/netlink.h>
36 #include <linux/rculist.h>
37 #include <linux/rcupdate.h>
38 #include <linux/seq_file.h>
39 #include <linux/skbuff.h>
40 #include <linux/slab.h>
41 #include <linux/spinlock.h>
42 #include <linux/stddef.h>
43 #include <linux/udp.h>
44 #include <net/sock.h>
45 #include <uapi/linux/batman_adv.h>
46 
47 #include "gateway_common.h"
48 #include "hard-interface.h"
49 #include "log.h"
50 #include "netlink.h"
51 #include "originator.h"
52 #include "packet.h"
53 #include "routing.h"
54 #include "soft-interface.h"
55 #include "sysfs.h"
56 #include "translation-table.h"
57 
58 /* These are the offsets of the "hw type" and "hw address length" in the dhcp
59  * packet starting at the beginning of the dhcp header
60  */
61 #define BATADV_DHCP_HTYPE_OFFSET	1
62 #define BATADV_DHCP_HLEN_OFFSET		2
63 /* Value of htype representing Ethernet */
64 #define BATADV_DHCP_HTYPE_ETHERNET	0x01
65 /* This is the offset of the "chaddr" field in the dhcp packet starting at the
66  * beginning of the dhcp header
67  */
68 #define BATADV_DHCP_CHADDR_OFFSET	28
69 
70 /**
71  * batadv_gw_node_release - release gw_node from lists and queue for free after
72  *  rcu grace period
73  * @ref: kref pointer of the gw_node
74  */
75 static void batadv_gw_node_release(struct kref *ref)
76 {
77 	struct batadv_gw_node *gw_node;
78 
79 	gw_node = container_of(ref, struct batadv_gw_node, refcount);
80 
81 	batadv_orig_node_put(gw_node->orig_node);
82 	kfree_rcu(gw_node, rcu);
83 }
84 
85 /**
86  * batadv_gw_node_put - decrement the gw_node refcounter and possibly release it
87  * @gw_node: gateway node to free
88  */
89 void batadv_gw_node_put(struct batadv_gw_node *gw_node)
90 {
91 	kref_put(&gw_node->refcount, batadv_gw_node_release);
92 }
93 
94 struct batadv_gw_node *
95 batadv_gw_get_selected_gw_node(struct batadv_priv *bat_priv)
96 {
97 	struct batadv_gw_node *gw_node;
98 
99 	rcu_read_lock();
100 	gw_node = rcu_dereference(bat_priv->gw.curr_gw);
101 	if (!gw_node)
102 		goto out;
103 
104 	if (!kref_get_unless_zero(&gw_node->refcount))
105 		gw_node = NULL;
106 
107 out:
108 	rcu_read_unlock();
109 	return gw_node;
110 }
111 
112 struct batadv_orig_node *
113 batadv_gw_get_selected_orig(struct batadv_priv *bat_priv)
114 {
115 	struct batadv_gw_node *gw_node;
116 	struct batadv_orig_node *orig_node = NULL;
117 
118 	gw_node = batadv_gw_get_selected_gw_node(bat_priv);
119 	if (!gw_node)
120 		goto out;
121 
122 	rcu_read_lock();
123 	orig_node = gw_node->orig_node;
124 	if (!orig_node)
125 		goto unlock;
126 
127 	if (!kref_get_unless_zero(&orig_node->refcount))
128 		orig_node = NULL;
129 
130 unlock:
131 	rcu_read_unlock();
132 out:
133 	if (gw_node)
134 		batadv_gw_node_put(gw_node);
135 	return orig_node;
136 }
137 
138 static void batadv_gw_select(struct batadv_priv *bat_priv,
139 			     struct batadv_gw_node *new_gw_node)
140 {
141 	struct batadv_gw_node *curr_gw_node;
142 
143 	spin_lock_bh(&bat_priv->gw.list_lock);
144 
145 	if (new_gw_node)
146 		kref_get(&new_gw_node->refcount);
147 
148 	curr_gw_node = rcu_dereference_protected(bat_priv->gw.curr_gw, 1);
149 	rcu_assign_pointer(bat_priv->gw.curr_gw, new_gw_node);
150 
151 	if (curr_gw_node)
152 		batadv_gw_node_put(curr_gw_node);
153 
154 	spin_unlock_bh(&bat_priv->gw.list_lock);
155 }
156 
157 /**
158  * batadv_gw_reselect - force a gateway reselection
159  * @bat_priv: the bat priv with all the soft interface information
160  *
161  * Set a flag to remind the GW component to perform a new gateway reselection.
162  * However this function does not ensure that the current gateway is going to be
163  * deselected. The reselection mechanism may elect the same gateway once again.
164  *
165  * This means that invoking batadv_gw_reselect() does not guarantee a gateway
166  * change and therefore a uevent is not necessarily expected.
167  */
168 void batadv_gw_reselect(struct batadv_priv *bat_priv)
169 {
170 	atomic_set(&bat_priv->gw.reselect, 1);
171 }
172 
173 /**
174  * batadv_gw_check_client_stop - check if client mode has been switched off
175  * @bat_priv: the bat priv with all the soft interface information
176  *
177  * This function assumes the caller has checked that the gw state *is actually
178  * changing*. This function is not supposed to be called when there is no state
179  * change.
180  */
181 void batadv_gw_check_client_stop(struct batadv_priv *bat_priv)
182 {
183 	struct batadv_gw_node *curr_gw;
184 
185 	if (atomic_read(&bat_priv->gw.mode) != BATADV_GW_MODE_CLIENT)
186 		return;
187 
188 	curr_gw = batadv_gw_get_selected_gw_node(bat_priv);
189 	if (!curr_gw)
190 		return;
191 
192 	/* deselect the current gateway so that next time that client mode is
193 	 * enabled a proper GW_ADD event can be sent
194 	 */
195 	batadv_gw_select(bat_priv, NULL);
196 
197 	/* if batman-adv is switching the gw client mode off and a gateway was
198 	 * already selected, send a DEL uevent
199 	 */
200 	batadv_throw_uevent(bat_priv, BATADV_UEV_GW, BATADV_UEV_DEL, NULL);
201 
202 	batadv_gw_node_put(curr_gw);
203 }
204 
205 void batadv_gw_election(struct batadv_priv *bat_priv)
206 {
207 	struct batadv_gw_node *curr_gw = NULL;
208 	struct batadv_gw_node *next_gw = NULL;
209 	struct batadv_neigh_node *router = NULL;
210 	struct batadv_neigh_ifinfo *router_ifinfo = NULL;
211 	char gw_addr[18] = { '\0' };
212 
213 	if (atomic_read(&bat_priv->gw.mode) != BATADV_GW_MODE_CLIENT)
214 		goto out;
215 
216 	if (!bat_priv->algo_ops->gw.get_best_gw_node)
217 		goto out;
218 
219 	curr_gw = batadv_gw_get_selected_gw_node(bat_priv);
220 
221 	if (!batadv_atomic_dec_not_zero(&bat_priv->gw.reselect) && curr_gw)
222 		goto out;
223 
224 	/* if gw.reselect is set to 1 it means that a previous call to
225 	 * gw.is_eligible() said that we have a new best GW, therefore it can
226 	 * now be picked from the list and selected
227 	 */
228 	next_gw = bat_priv->algo_ops->gw.get_best_gw_node(bat_priv);
229 
230 	if (curr_gw == next_gw)
231 		goto out;
232 
233 	if (next_gw) {
234 		sprintf(gw_addr, "%pM", next_gw->orig_node->orig);
235 
236 		router = batadv_orig_router_get(next_gw->orig_node,
237 						BATADV_IF_DEFAULT);
238 		if (!router) {
239 			batadv_gw_reselect(bat_priv);
240 			goto out;
241 		}
242 
243 		router_ifinfo = batadv_neigh_ifinfo_get(router,
244 							BATADV_IF_DEFAULT);
245 		if (!router_ifinfo) {
246 			batadv_gw_reselect(bat_priv);
247 			goto out;
248 		}
249 	}
250 
251 	if (curr_gw && !next_gw) {
252 		batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
253 			   "Removing selected gateway - no gateway in range\n");
254 		batadv_throw_uevent(bat_priv, BATADV_UEV_GW, BATADV_UEV_DEL,
255 				    NULL);
256 	} else if (!curr_gw && next_gw) {
257 		batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
258 			   "Adding route to gateway %pM (bandwidth: %u.%u/%u.%u MBit, tq: %i)\n",
259 			   next_gw->orig_node->orig,
260 			   next_gw->bandwidth_down / 10,
261 			   next_gw->bandwidth_down % 10,
262 			   next_gw->bandwidth_up / 10,
263 			   next_gw->bandwidth_up % 10,
264 			   router_ifinfo->bat_iv.tq_avg);
265 		batadv_throw_uevent(bat_priv, BATADV_UEV_GW, BATADV_UEV_ADD,
266 				    gw_addr);
267 	} else {
268 		batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
269 			   "Changing route to gateway %pM (bandwidth: %u.%u/%u.%u MBit, tq: %i)\n",
270 			   next_gw->orig_node->orig,
271 			   next_gw->bandwidth_down / 10,
272 			   next_gw->bandwidth_down % 10,
273 			   next_gw->bandwidth_up / 10,
274 			   next_gw->bandwidth_up % 10,
275 			   router_ifinfo->bat_iv.tq_avg);
276 		batadv_throw_uevent(bat_priv, BATADV_UEV_GW, BATADV_UEV_CHANGE,
277 				    gw_addr);
278 	}
279 
280 	batadv_gw_select(bat_priv, next_gw);
281 
282 out:
283 	if (curr_gw)
284 		batadv_gw_node_put(curr_gw);
285 	if (next_gw)
286 		batadv_gw_node_put(next_gw);
287 	if (router)
288 		batadv_neigh_node_put(router);
289 	if (router_ifinfo)
290 		batadv_neigh_ifinfo_put(router_ifinfo);
291 }
292 
293 void batadv_gw_check_election(struct batadv_priv *bat_priv,
294 			      struct batadv_orig_node *orig_node)
295 {
296 	struct batadv_orig_node *curr_gw_orig;
297 
298 	/* abort immediately if the routing algorithm does not support gateway
299 	 * election
300 	 */
301 	if (!bat_priv->algo_ops->gw.is_eligible)
302 		return;
303 
304 	curr_gw_orig = batadv_gw_get_selected_orig(bat_priv);
305 	if (!curr_gw_orig)
306 		goto reselect;
307 
308 	/* this node already is the gateway */
309 	if (curr_gw_orig == orig_node)
310 		goto out;
311 
312 	if (!bat_priv->algo_ops->gw.is_eligible(bat_priv, curr_gw_orig,
313 						orig_node))
314 		goto out;
315 
316 reselect:
317 	batadv_gw_reselect(bat_priv);
318 out:
319 	if (curr_gw_orig)
320 		batadv_orig_node_put(curr_gw_orig);
321 }
322 
323 /**
324  * batadv_gw_node_add - add gateway node to list of available gateways
325  * @bat_priv: the bat priv with all the soft interface information
326  * @orig_node: originator announcing gateway capabilities
327  * @gateway: announced bandwidth information
328  */
329 static void batadv_gw_node_add(struct batadv_priv *bat_priv,
330 			       struct batadv_orig_node *orig_node,
331 			       struct batadv_tvlv_gateway_data *gateway)
332 {
333 	struct batadv_gw_node *gw_node;
334 
335 	if (gateway->bandwidth_down == 0)
336 		return;
337 
338 	gw_node = kzalloc(sizeof(*gw_node), GFP_ATOMIC);
339 	if (!gw_node)
340 		return;
341 
342 	kref_init(&gw_node->refcount);
343 	INIT_HLIST_NODE(&gw_node->list);
344 	kref_get(&orig_node->refcount);
345 	gw_node->orig_node = orig_node;
346 	gw_node->bandwidth_down = ntohl(gateway->bandwidth_down);
347 	gw_node->bandwidth_up = ntohl(gateway->bandwidth_up);
348 
349 	spin_lock_bh(&bat_priv->gw.list_lock);
350 	kref_get(&gw_node->refcount);
351 	hlist_add_head_rcu(&gw_node->list, &bat_priv->gw.gateway_list);
352 	spin_unlock_bh(&bat_priv->gw.list_lock);
353 
354 	batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
355 		   "Found new gateway %pM -> gw bandwidth: %u.%u/%u.%u MBit\n",
356 		   orig_node->orig,
357 		   ntohl(gateway->bandwidth_down) / 10,
358 		   ntohl(gateway->bandwidth_down) % 10,
359 		   ntohl(gateway->bandwidth_up) / 10,
360 		   ntohl(gateway->bandwidth_up) % 10);
361 
362 	/* don't return reference to new gw_node */
363 	batadv_gw_node_put(gw_node);
364 }
365 
366 /**
367  * batadv_gw_node_get - retrieve gateway node from list of available gateways
368  * @bat_priv: the bat priv with all the soft interface information
369  * @orig_node: originator announcing gateway capabilities
370  *
371  * Return: gateway node if found or NULL otherwise.
372  */
373 struct batadv_gw_node *batadv_gw_node_get(struct batadv_priv *bat_priv,
374 					  struct batadv_orig_node *orig_node)
375 {
376 	struct batadv_gw_node *gw_node_tmp, *gw_node = NULL;
377 
378 	rcu_read_lock();
379 	hlist_for_each_entry_rcu(gw_node_tmp, &bat_priv->gw.gateway_list,
380 				 list) {
381 		if (gw_node_tmp->orig_node != orig_node)
382 			continue;
383 
384 		if (!kref_get_unless_zero(&gw_node_tmp->refcount))
385 			continue;
386 
387 		gw_node = gw_node_tmp;
388 		break;
389 	}
390 	rcu_read_unlock();
391 
392 	return gw_node;
393 }
394 
395 /**
396  * batadv_gw_node_update - update list of available gateways with changed
397  *  bandwidth information
398  * @bat_priv: the bat priv with all the soft interface information
399  * @orig_node: originator announcing gateway capabilities
400  * @gateway: announced bandwidth information
401  */
402 void batadv_gw_node_update(struct batadv_priv *bat_priv,
403 			   struct batadv_orig_node *orig_node,
404 			   struct batadv_tvlv_gateway_data *gateway)
405 {
406 	struct batadv_gw_node *gw_node, *curr_gw = NULL;
407 
408 	gw_node = batadv_gw_node_get(bat_priv, orig_node);
409 	if (!gw_node) {
410 		batadv_gw_node_add(bat_priv, orig_node, gateway);
411 		goto out;
412 	}
413 
414 	if (gw_node->bandwidth_down == ntohl(gateway->bandwidth_down) &&
415 	    gw_node->bandwidth_up == ntohl(gateway->bandwidth_up))
416 		goto out;
417 
418 	batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
419 		   "Gateway bandwidth of originator %pM changed from %u.%u/%u.%u MBit to %u.%u/%u.%u MBit\n",
420 		   orig_node->orig,
421 		   gw_node->bandwidth_down / 10,
422 		   gw_node->bandwidth_down % 10,
423 		   gw_node->bandwidth_up / 10,
424 		   gw_node->bandwidth_up % 10,
425 		   ntohl(gateway->bandwidth_down) / 10,
426 		   ntohl(gateway->bandwidth_down) % 10,
427 		   ntohl(gateway->bandwidth_up) / 10,
428 		   ntohl(gateway->bandwidth_up) % 10);
429 
430 	gw_node->bandwidth_down = ntohl(gateway->bandwidth_down);
431 	gw_node->bandwidth_up = ntohl(gateway->bandwidth_up);
432 
433 	if (ntohl(gateway->bandwidth_down) == 0) {
434 		batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
435 			   "Gateway %pM removed from gateway list\n",
436 			   orig_node->orig);
437 
438 		/* Note: We don't need a NULL check here, since curr_gw never
439 		 * gets dereferenced.
440 		 */
441 		spin_lock_bh(&bat_priv->gw.list_lock);
442 		if (!hlist_unhashed(&gw_node->list)) {
443 			hlist_del_init_rcu(&gw_node->list);
444 			batadv_gw_node_put(gw_node);
445 		}
446 		spin_unlock_bh(&bat_priv->gw.list_lock);
447 
448 		curr_gw = batadv_gw_get_selected_gw_node(bat_priv);
449 		if (gw_node == curr_gw)
450 			batadv_gw_reselect(bat_priv);
451 
452 		if (curr_gw)
453 			batadv_gw_node_put(curr_gw);
454 	}
455 
456 out:
457 	if (gw_node)
458 		batadv_gw_node_put(gw_node);
459 }
460 
461 void batadv_gw_node_delete(struct batadv_priv *bat_priv,
462 			   struct batadv_orig_node *orig_node)
463 {
464 	struct batadv_tvlv_gateway_data gateway;
465 
466 	gateway.bandwidth_down = 0;
467 	gateway.bandwidth_up = 0;
468 
469 	batadv_gw_node_update(bat_priv, orig_node, &gateway);
470 }
471 
472 void batadv_gw_node_free(struct batadv_priv *bat_priv)
473 {
474 	struct batadv_gw_node *gw_node;
475 	struct hlist_node *node_tmp;
476 
477 	spin_lock_bh(&bat_priv->gw.list_lock);
478 	hlist_for_each_entry_safe(gw_node, node_tmp,
479 				  &bat_priv->gw.gateway_list, list) {
480 		hlist_del_init_rcu(&gw_node->list);
481 		batadv_gw_node_put(gw_node);
482 	}
483 	spin_unlock_bh(&bat_priv->gw.list_lock);
484 }
485 
486 #ifdef CONFIG_BATMAN_ADV_DEBUGFS
487 int batadv_gw_client_seq_print_text(struct seq_file *seq, void *offset)
488 {
489 	struct net_device *net_dev = (struct net_device *)seq->private;
490 	struct batadv_priv *bat_priv = netdev_priv(net_dev);
491 	struct batadv_hard_iface *primary_if;
492 
493 	primary_if = batadv_seq_print_text_primary_if_get(seq);
494 	if (!primary_if)
495 		return 0;
496 
497 	seq_printf(seq, "[B.A.T.M.A.N. adv %s, MainIF/MAC: %s/%pM (%s %s)]\n",
498 		   BATADV_SOURCE_VERSION, primary_if->net_dev->name,
499 		   primary_if->net_dev->dev_addr, net_dev->name,
500 		   bat_priv->algo_ops->name);
501 
502 	batadv_hardif_put(primary_if);
503 
504 	if (!bat_priv->algo_ops->gw.print) {
505 		seq_puts(seq,
506 			 "No printing function for this routing protocol\n");
507 		return 0;
508 	}
509 
510 	bat_priv->algo_ops->gw.print(bat_priv, seq);
511 
512 	return 0;
513 }
514 #endif
515 
516 /**
517  * batadv_gw_dump - Dump gateways into a message
518  * @msg: Netlink message to dump into
519  * @cb: Control block containing additional options
520  *
521  * Return: Error code, or length of message
522  */
523 int batadv_gw_dump(struct sk_buff *msg, struct netlink_callback *cb)
524 {
525 	struct batadv_hard_iface *primary_if = NULL;
526 	struct net *net = sock_net(cb->skb->sk);
527 	struct net_device *soft_iface;
528 	struct batadv_priv *bat_priv;
529 	int ifindex;
530 	int ret;
531 
532 	ifindex = batadv_netlink_get_ifindex(cb->nlh,
533 					     BATADV_ATTR_MESH_IFINDEX);
534 	if (!ifindex)
535 		return -EINVAL;
536 
537 	soft_iface = dev_get_by_index(net, ifindex);
538 	if (!soft_iface || !batadv_softif_is_valid(soft_iface)) {
539 		ret = -ENODEV;
540 		goto out;
541 	}
542 
543 	bat_priv = netdev_priv(soft_iface);
544 
545 	primary_if = batadv_primary_if_get_selected(bat_priv);
546 	if (!primary_if || primary_if->if_status != BATADV_IF_ACTIVE) {
547 		ret = -ENOENT;
548 		goto out;
549 	}
550 
551 	if (!bat_priv->algo_ops->gw.dump) {
552 		ret = -EOPNOTSUPP;
553 		goto out;
554 	}
555 
556 	bat_priv->algo_ops->gw.dump(msg, cb, bat_priv);
557 
558 	ret = msg->len;
559 
560 out:
561 	if (primary_if)
562 		batadv_hardif_put(primary_if);
563 	if (soft_iface)
564 		dev_put(soft_iface);
565 
566 	return ret;
567 }
568 
569 /**
570  * batadv_gw_dhcp_recipient_get - check if a packet is a DHCP message
571  * @skb: the packet to check
572  * @header_len: a pointer to the batman-adv header size
573  * @chaddr: buffer where the client address will be stored. Valid
574  *  only if the function returns BATADV_DHCP_TO_CLIENT
575  *
576  * This function may re-allocate the data buffer of the skb passed as argument.
577  *
578  * Return:
579  * - BATADV_DHCP_NO if the packet is not a dhcp message or if there was an error
580  *   while parsing it
581  * - BATADV_DHCP_TO_SERVER if this is a message going to the DHCP server
582  * - BATADV_DHCP_TO_CLIENT if this is a message going to a DHCP client
583  */
584 enum batadv_dhcp_recipient
585 batadv_gw_dhcp_recipient_get(struct sk_buff *skb, unsigned int *header_len,
586 			     u8 *chaddr)
587 {
588 	enum batadv_dhcp_recipient ret = BATADV_DHCP_NO;
589 	struct ethhdr *ethhdr;
590 	struct iphdr *iphdr;
591 	struct ipv6hdr *ipv6hdr;
592 	struct udphdr *udphdr;
593 	struct vlan_ethhdr *vhdr;
594 	int chaddr_offset;
595 	__be16 proto;
596 	u8 *p;
597 
598 	/* check for ethernet header */
599 	if (!pskb_may_pull(skb, *header_len + ETH_HLEN))
600 		return BATADV_DHCP_NO;
601 
602 	ethhdr = eth_hdr(skb);
603 	proto = ethhdr->h_proto;
604 	*header_len += ETH_HLEN;
605 
606 	/* check for initial vlan header */
607 	if (proto == htons(ETH_P_8021Q)) {
608 		if (!pskb_may_pull(skb, *header_len + VLAN_HLEN))
609 			return BATADV_DHCP_NO;
610 
611 		vhdr = vlan_eth_hdr(skb);
612 		proto = vhdr->h_vlan_encapsulated_proto;
613 		*header_len += VLAN_HLEN;
614 	}
615 
616 	/* check for ip header */
617 	switch (proto) {
618 	case htons(ETH_P_IP):
619 		if (!pskb_may_pull(skb, *header_len + sizeof(*iphdr)))
620 			return BATADV_DHCP_NO;
621 
622 		iphdr = (struct iphdr *)(skb->data + *header_len);
623 		*header_len += iphdr->ihl * 4;
624 
625 		/* check for udp header */
626 		if (iphdr->protocol != IPPROTO_UDP)
627 			return BATADV_DHCP_NO;
628 
629 		break;
630 	case htons(ETH_P_IPV6):
631 		if (!pskb_may_pull(skb, *header_len + sizeof(*ipv6hdr)))
632 			return BATADV_DHCP_NO;
633 
634 		ipv6hdr = (struct ipv6hdr *)(skb->data + *header_len);
635 		*header_len += sizeof(*ipv6hdr);
636 
637 		/* check for udp header */
638 		if (ipv6hdr->nexthdr != IPPROTO_UDP)
639 			return BATADV_DHCP_NO;
640 
641 		break;
642 	default:
643 		return BATADV_DHCP_NO;
644 	}
645 
646 	if (!pskb_may_pull(skb, *header_len + sizeof(*udphdr)))
647 		return BATADV_DHCP_NO;
648 
649 	udphdr = (struct udphdr *)(skb->data + *header_len);
650 	*header_len += sizeof(*udphdr);
651 
652 	/* check for bootp port */
653 	switch (proto) {
654 	case htons(ETH_P_IP):
655 		if (udphdr->dest == htons(67))
656 			ret = BATADV_DHCP_TO_SERVER;
657 		else if (udphdr->source == htons(67))
658 			ret = BATADV_DHCP_TO_CLIENT;
659 		break;
660 	case htons(ETH_P_IPV6):
661 		if (udphdr->dest == htons(547))
662 			ret = BATADV_DHCP_TO_SERVER;
663 		else if (udphdr->source == htons(547))
664 			ret = BATADV_DHCP_TO_CLIENT;
665 		break;
666 	}
667 
668 	chaddr_offset = *header_len + BATADV_DHCP_CHADDR_OFFSET;
669 	/* store the client address if the message is going to a client */
670 	if (ret == BATADV_DHCP_TO_CLIENT &&
671 	    pskb_may_pull(skb, chaddr_offset + ETH_ALEN)) {
672 		/* check if the DHCP packet carries an Ethernet DHCP */
673 		p = skb->data + *header_len + BATADV_DHCP_HTYPE_OFFSET;
674 		if (*p != BATADV_DHCP_HTYPE_ETHERNET)
675 			return BATADV_DHCP_NO;
676 
677 		/* check if the DHCP packet carries a valid Ethernet address */
678 		p = skb->data + *header_len + BATADV_DHCP_HLEN_OFFSET;
679 		if (*p != ETH_ALEN)
680 			return BATADV_DHCP_NO;
681 
682 		ether_addr_copy(chaddr, skb->data + chaddr_offset);
683 	}
684 
685 	return ret;
686 }
687 
688 /**
689  * batadv_gw_out_of_range - check if the dhcp request destination is the best gw
690  * @bat_priv: the bat priv with all the soft interface information
691  * @skb: the outgoing packet
692  *
693  * Check if the skb is a DHCP request and if it is sent to the current best GW
694  * server. Due to topology changes it may be the case that the GW server
695  * previously selected is not the best one anymore.
696  *
697  * This call might reallocate skb data.
698  * Must be invoked only when the DHCP packet is going TO a DHCP SERVER.
699  *
700  * Return: true if the packet destination is unicast and it is not the best gw,
701  * false otherwise.
702  */
703 bool batadv_gw_out_of_range(struct batadv_priv *bat_priv,
704 			    struct sk_buff *skb)
705 {
706 	struct batadv_neigh_node *neigh_curr = NULL;
707 	struct batadv_neigh_node *neigh_old = NULL;
708 	struct batadv_orig_node *orig_dst_node;
709 	struct batadv_gw_node *gw_node = NULL;
710 	struct batadv_gw_node *curr_gw = NULL;
711 	struct batadv_neigh_ifinfo *curr_ifinfo, *old_ifinfo;
712 	struct ethhdr *ethhdr = (struct ethhdr *)skb->data;
713 	bool out_of_range = false;
714 	u8 curr_tq_avg;
715 	unsigned short vid;
716 
717 	vid = batadv_get_vid(skb, 0);
718 
719 	orig_dst_node = batadv_transtable_search(bat_priv, ethhdr->h_source,
720 						 ethhdr->h_dest, vid);
721 	if (!orig_dst_node)
722 		goto out;
723 
724 	gw_node = batadv_gw_node_get(bat_priv, orig_dst_node);
725 	if (!gw_node)
726 		goto out;
727 
728 	switch (atomic_read(&bat_priv->gw.mode)) {
729 	case BATADV_GW_MODE_SERVER:
730 		/* If we are a GW then we are our best GW. We can artificially
731 		 * set the tq towards ourself as the maximum value
732 		 */
733 		curr_tq_avg = BATADV_TQ_MAX_VALUE;
734 		break;
735 	case BATADV_GW_MODE_CLIENT:
736 		curr_gw = batadv_gw_get_selected_gw_node(bat_priv);
737 		if (!curr_gw)
738 			goto out;
739 
740 		/* packet is going to our gateway */
741 		if (curr_gw->orig_node == orig_dst_node)
742 			goto out;
743 
744 		/* If the dhcp packet has been sent to a different gw,
745 		 * we have to evaluate whether the old gw is still
746 		 * reliable enough
747 		 */
748 		neigh_curr = batadv_find_router(bat_priv, curr_gw->orig_node,
749 						NULL);
750 		if (!neigh_curr)
751 			goto out;
752 
753 		curr_ifinfo = batadv_neigh_ifinfo_get(neigh_curr,
754 						      BATADV_IF_DEFAULT);
755 		if (!curr_ifinfo)
756 			goto out;
757 
758 		curr_tq_avg = curr_ifinfo->bat_iv.tq_avg;
759 		batadv_neigh_ifinfo_put(curr_ifinfo);
760 
761 		break;
762 	case BATADV_GW_MODE_OFF:
763 	default:
764 		goto out;
765 	}
766 
767 	neigh_old = batadv_find_router(bat_priv, orig_dst_node, NULL);
768 	if (!neigh_old)
769 		goto out;
770 
771 	old_ifinfo = batadv_neigh_ifinfo_get(neigh_old, BATADV_IF_DEFAULT);
772 	if (!old_ifinfo)
773 		goto out;
774 
775 	if ((curr_tq_avg - old_ifinfo->bat_iv.tq_avg) > BATADV_GW_THRESHOLD)
776 		out_of_range = true;
777 	batadv_neigh_ifinfo_put(old_ifinfo);
778 
779 out:
780 	if (orig_dst_node)
781 		batadv_orig_node_put(orig_dst_node);
782 	if (curr_gw)
783 		batadv_gw_node_put(curr_gw);
784 	if (gw_node)
785 		batadv_gw_node_put(gw_node);
786 	if (neigh_old)
787 		batadv_neigh_node_put(neigh_old);
788 	if (neigh_curr)
789 		batadv_neigh_node_put(neigh_curr);
790 	return out_of_range;
791 }
792