1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright (C) 2007-2020 B.A.T.M.A.N. contributors: 3 * 4 * Marek Lindner, Simon Wunderlich 5 */ 6 7 #include "routing.h" 8 #include "main.h" 9 10 #include <linux/atomic.h> 11 #include <linux/byteorder/generic.h> 12 #include <linux/compiler.h> 13 #include <linux/errno.h> 14 #include <linux/etherdevice.h> 15 #include <linux/if_ether.h> 16 #include <linux/jiffies.h> 17 #include <linux/kref.h> 18 #include <linux/netdevice.h> 19 #include <linux/printk.h> 20 #include <linux/rculist.h> 21 #include <linux/rcupdate.h> 22 #include <linux/skbuff.h> 23 #include <linux/spinlock.h> 24 #include <linux/stddef.h> 25 #include <uapi/linux/batadv_packet.h> 26 27 #include "bitarray.h" 28 #include "bridge_loop_avoidance.h" 29 #include "distributed-arp-table.h" 30 #include "fragmentation.h" 31 #include "hard-interface.h" 32 #include "icmp_socket.h" 33 #include "log.h" 34 #include "network-coding.h" 35 #include "originator.h" 36 #include "send.h" 37 #include "soft-interface.h" 38 #include "tp_meter.h" 39 #include "translation-table.h" 40 #include "tvlv.h" 41 42 static int batadv_route_unicast_packet(struct sk_buff *skb, 43 struct batadv_hard_iface *recv_if); 44 45 /** 46 * _batadv_update_route() - set the router for this originator 47 * @bat_priv: the bat priv with all the soft interface information 48 * @orig_node: orig node which is to be configured 49 * @recv_if: the receive interface for which this route is set 50 * @neigh_node: neighbor which should be the next router 51 * 52 * This function does not perform any error checks 53 */ 54 static void _batadv_update_route(struct batadv_priv *bat_priv, 55 struct batadv_orig_node *orig_node, 56 struct batadv_hard_iface *recv_if, 57 struct batadv_neigh_node *neigh_node) 58 { 59 struct batadv_orig_ifinfo *orig_ifinfo; 60 struct batadv_neigh_node *curr_router; 61 62 orig_ifinfo = batadv_orig_ifinfo_get(orig_node, recv_if); 63 if (!orig_ifinfo) 64 return; 65 66 spin_lock_bh(&orig_node->neigh_list_lock); 67 /* curr_router used earlier may not be the current orig_ifinfo->router 68 * anymore because it was dereferenced outside of the neigh_list_lock 69 * protected region. After the new best neighbor has replace the current 70 * best neighbor the reference counter needs to decrease. Consequently, 71 * the code needs to ensure the curr_router variable contains a pointer 72 * to the replaced best neighbor. 73 */ 74 75 /* increase refcount of new best neighbor */ 76 if (neigh_node) 77 kref_get(&neigh_node->refcount); 78 79 curr_router = rcu_replace_pointer(orig_ifinfo->router, neigh_node, 80 true); 81 spin_unlock_bh(&orig_node->neigh_list_lock); 82 batadv_orig_ifinfo_put(orig_ifinfo); 83 84 /* route deleted */ 85 if (curr_router && !neigh_node) { 86 batadv_dbg(BATADV_DBG_ROUTES, bat_priv, 87 "Deleting route towards: %pM\n", orig_node->orig); 88 batadv_tt_global_del_orig(bat_priv, orig_node, -1, 89 "Deleted route towards originator"); 90 91 /* route added */ 92 } else if (!curr_router && neigh_node) { 93 batadv_dbg(BATADV_DBG_ROUTES, bat_priv, 94 "Adding route towards: %pM (via %pM)\n", 95 orig_node->orig, neigh_node->addr); 96 /* route changed */ 97 } else if (neigh_node && curr_router) { 98 batadv_dbg(BATADV_DBG_ROUTES, bat_priv, 99 "Changing route towards: %pM (now via %pM - was via %pM)\n", 100 orig_node->orig, neigh_node->addr, 101 curr_router->addr); 102 } 103 104 /* decrease refcount of previous best neighbor */ 105 if (curr_router) 106 batadv_neigh_node_put(curr_router); 107 } 108 109 /** 110 * batadv_update_route() - set the router for this originator 111 * @bat_priv: the bat priv with all the soft interface information 112 * @orig_node: orig node which is to be configured 113 * @recv_if: the receive interface for which this route is set 114 * @neigh_node: neighbor which should be the next router 115 */ 116 void batadv_update_route(struct batadv_priv *bat_priv, 117 struct batadv_orig_node *orig_node, 118 struct batadv_hard_iface *recv_if, 119 struct batadv_neigh_node *neigh_node) 120 { 121 struct batadv_neigh_node *router = NULL; 122 123 if (!orig_node) 124 goto out; 125 126 router = batadv_orig_router_get(orig_node, recv_if); 127 128 if (router != neigh_node) 129 _batadv_update_route(bat_priv, orig_node, recv_if, neigh_node); 130 131 out: 132 if (router) 133 batadv_neigh_node_put(router); 134 } 135 136 /** 137 * batadv_window_protected() - checks whether the host restarted and is in the 138 * protection time. 139 * @bat_priv: the bat priv with all the soft interface information 140 * @seq_num_diff: difference between the current/received sequence number and 141 * the last sequence number 142 * @seq_old_max_diff: maximum age of sequence number not considered as restart 143 * @last_reset: jiffies timestamp of the last reset, will be updated when reset 144 * is detected 145 * @protection_started: is set to true if the protection window was started, 146 * doesn't change otherwise. 147 * 148 * Return: 149 * false if the packet is to be accepted. 150 * true if the packet is to be ignored. 151 */ 152 bool batadv_window_protected(struct batadv_priv *bat_priv, s32 seq_num_diff, 153 s32 seq_old_max_diff, unsigned long *last_reset, 154 bool *protection_started) 155 { 156 if (seq_num_diff <= -seq_old_max_diff || 157 seq_num_diff >= BATADV_EXPECTED_SEQNO_RANGE) { 158 if (!batadv_has_timed_out(*last_reset, 159 BATADV_RESET_PROTECTION_MS)) 160 return true; 161 162 *last_reset = jiffies; 163 if (protection_started) 164 *protection_started = true; 165 batadv_dbg(BATADV_DBG_BATMAN, bat_priv, 166 "old packet received, start protection\n"); 167 } 168 169 return false; 170 } 171 172 /** 173 * batadv_check_management_packet() - Check preconditions for management packets 174 * @skb: incoming packet buffer 175 * @hard_iface: incoming hard interface 176 * @header_len: minimal header length of packet type 177 * 178 * Return: true when management preconditions are met, false otherwise 179 */ 180 bool batadv_check_management_packet(struct sk_buff *skb, 181 struct batadv_hard_iface *hard_iface, 182 int header_len) 183 { 184 struct ethhdr *ethhdr; 185 186 /* drop packet if it has not necessary minimum size */ 187 if (unlikely(!pskb_may_pull(skb, header_len))) 188 return false; 189 190 ethhdr = eth_hdr(skb); 191 192 /* packet with broadcast indication but unicast recipient */ 193 if (!is_broadcast_ether_addr(ethhdr->h_dest)) 194 return false; 195 196 /* packet with invalid sender address */ 197 if (!is_valid_ether_addr(ethhdr->h_source)) 198 return false; 199 200 /* create a copy of the skb, if needed, to modify it. */ 201 if (skb_cow(skb, 0) < 0) 202 return false; 203 204 /* keep skb linear */ 205 if (skb_linearize(skb) < 0) 206 return false; 207 208 return true; 209 } 210 211 /** 212 * batadv_recv_my_icmp_packet() - receive an icmp packet locally 213 * @bat_priv: the bat priv with all the soft interface information 214 * @skb: icmp packet to process 215 * 216 * Return: NET_RX_SUCCESS if the packet has been consumed or NET_RX_DROP 217 * otherwise. 218 */ 219 static int batadv_recv_my_icmp_packet(struct batadv_priv *bat_priv, 220 struct sk_buff *skb) 221 { 222 struct batadv_hard_iface *primary_if = NULL; 223 struct batadv_orig_node *orig_node = NULL; 224 struct batadv_icmp_header *icmph; 225 int res, ret = NET_RX_DROP; 226 227 icmph = (struct batadv_icmp_header *)skb->data; 228 229 switch (icmph->msg_type) { 230 case BATADV_ECHO_REPLY: 231 case BATADV_DESTINATION_UNREACHABLE: 232 case BATADV_TTL_EXCEEDED: 233 /* receive the packet */ 234 if (skb_linearize(skb) < 0) 235 break; 236 237 batadv_socket_receive_packet(icmph, skb->len); 238 break; 239 case BATADV_ECHO_REQUEST: 240 /* answer echo request (ping) */ 241 primary_if = batadv_primary_if_get_selected(bat_priv); 242 if (!primary_if) 243 goto out; 244 245 /* get routing information */ 246 orig_node = batadv_orig_hash_find(bat_priv, icmph->orig); 247 if (!orig_node) 248 goto out; 249 250 /* create a copy of the skb, if needed, to modify it. */ 251 if (skb_cow(skb, ETH_HLEN) < 0) 252 goto out; 253 254 icmph = (struct batadv_icmp_header *)skb->data; 255 256 ether_addr_copy(icmph->dst, icmph->orig); 257 ether_addr_copy(icmph->orig, primary_if->net_dev->dev_addr); 258 icmph->msg_type = BATADV_ECHO_REPLY; 259 icmph->ttl = BATADV_TTL; 260 261 res = batadv_send_skb_to_orig(skb, orig_node, NULL); 262 if (res == NET_XMIT_SUCCESS) 263 ret = NET_RX_SUCCESS; 264 265 /* skb was consumed */ 266 skb = NULL; 267 break; 268 case BATADV_TP: 269 if (!pskb_may_pull(skb, sizeof(struct batadv_icmp_tp_packet))) 270 goto out; 271 272 batadv_tp_meter_recv(bat_priv, skb); 273 ret = NET_RX_SUCCESS; 274 /* skb was consumed */ 275 skb = NULL; 276 goto out; 277 default: 278 /* drop unknown type */ 279 goto out; 280 } 281 out: 282 if (primary_if) 283 batadv_hardif_put(primary_if); 284 if (orig_node) 285 batadv_orig_node_put(orig_node); 286 287 kfree_skb(skb); 288 289 return ret; 290 } 291 292 static int batadv_recv_icmp_ttl_exceeded(struct batadv_priv *bat_priv, 293 struct sk_buff *skb) 294 { 295 struct batadv_hard_iface *primary_if = NULL; 296 struct batadv_orig_node *orig_node = NULL; 297 struct batadv_icmp_packet *icmp_packet; 298 int res, ret = NET_RX_DROP; 299 300 icmp_packet = (struct batadv_icmp_packet *)skb->data; 301 302 /* send TTL exceeded if packet is an echo request (traceroute) */ 303 if (icmp_packet->msg_type != BATADV_ECHO_REQUEST) { 304 pr_debug("Warning - can't forward icmp packet from %pM to %pM: ttl exceeded\n", 305 icmp_packet->orig, icmp_packet->dst); 306 goto out; 307 } 308 309 primary_if = batadv_primary_if_get_selected(bat_priv); 310 if (!primary_if) 311 goto out; 312 313 /* get routing information */ 314 orig_node = batadv_orig_hash_find(bat_priv, icmp_packet->orig); 315 if (!orig_node) 316 goto out; 317 318 /* create a copy of the skb, if needed, to modify it. */ 319 if (skb_cow(skb, ETH_HLEN) < 0) 320 goto out; 321 322 icmp_packet = (struct batadv_icmp_packet *)skb->data; 323 324 ether_addr_copy(icmp_packet->dst, icmp_packet->orig); 325 ether_addr_copy(icmp_packet->orig, primary_if->net_dev->dev_addr); 326 icmp_packet->msg_type = BATADV_TTL_EXCEEDED; 327 icmp_packet->ttl = BATADV_TTL; 328 329 res = batadv_send_skb_to_orig(skb, orig_node, NULL); 330 if (res == NET_RX_SUCCESS) 331 ret = NET_XMIT_SUCCESS; 332 333 /* skb was consumed */ 334 skb = NULL; 335 336 out: 337 if (primary_if) 338 batadv_hardif_put(primary_if); 339 if (orig_node) 340 batadv_orig_node_put(orig_node); 341 342 kfree_skb(skb); 343 344 return ret; 345 } 346 347 /** 348 * batadv_recv_icmp_packet() - Process incoming icmp packet 349 * @skb: incoming packet buffer 350 * @recv_if: incoming hard interface 351 * 352 * Return: NET_RX_SUCCESS on success or NET_RX_DROP in case of failure 353 */ 354 int batadv_recv_icmp_packet(struct sk_buff *skb, 355 struct batadv_hard_iface *recv_if) 356 { 357 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface); 358 struct batadv_icmp_header *icmph; 359 struct batadv_icmp_packet_rr *icmp_packet_rr; 360 struct ethhdr *ethhdr; 361 struct batadv_orig_node *orig_node = NULL; 362 int hdr_size = sizeof(struct batadv_icmp_header); 363 int res, ret = NET_RX_DROP; 364 365 /* drop packet if it has not necessary minimum size */ 366 if (unlikely(!pskb_may_pull(skb, hdr_size))) 367 goto free_skb; 368 369 ethhdr = eth_hdr(skb); 370 371 /* packet with unicast indication but non-unicast recipient */ 372 if (!is_valid_ether_addr(ethhdr->h_dest)) 373 goto free_skb; 374 375 /* packet with broadcast/multicast sender address */ 376 if (is_multicast_ether_addr(ethhdr->h_source)) 377 goto free_skb; 378 379 /* not for me */ 380 if (!batadv_is_my_mac(bat_priv, ethhdr->h_dest)) 381 goto free_skb; 382 383 icmph = (struct batadv_icmp_header *)skb->data; 384 385 /* add record route information if not full */ 386 if ((icmph->msg_type == BATADV_ECHO_REPLY || 387 icmph->msg_type == BATADV_ECHO_REQUEST) && 388 skb->len >= sizeof(struct batadv_icmp_packet_rr)) { 389 if (skb_linearize(skb) < 0) 390 goto free_skb; 391 392 /* create a copy of the skb, if needed, to modify it. */ 393 if (skb_cow(skb, ETH_HLEN) < 0) 394 goto free_skb; 395 396 ethhdr = eth_hdr(skb); 397 icmph = (struct batadv_icmp_header *)skb->data; 398 icmp_packet_rr = (struct batadv_icmp_packet_rr *)icmph; 399 if (icmp_packet_rr->rr_cur >= BATADV_RR_LEN) 400 goto free_skb; 401 402 ether_addr_copy(icmp_packet_rr->rr[icmp_packet_rr->rr_cur], 403 ethhdr->h_dest); 404 icmp_packet_rr->rr_cur++; 405 } 406 407 /* packet for me */ 408 if (batadv_is_my_mac(bat_priv, icmph->dst)) 409 return batadv_recv_my_icmp_packet(bat_priv, skb); 410 411 /* TTL exceeded */ 412 if (icmph->ttl < 2) 413 return batadv_recv_icmp_ttl_exceeded(bat_priv, skb); 414 415 /* get routing information */ 416 orig_node = batadv_orig_hash_find(bat_priv, icmph->dst); 417 if (!orig_node) 418 goto free_skb; 419 420 /* create a copy of the skb, if needed, to modify it. */ 421 if (skb_cow(skb, ETH_HLEN) < 0) 422 goto put_orig_node; 423 424 icmph = (struct batadv_icmp_header *)skb->data; 425 426 /* decrement ttl */ 427 icmph->ttl--; 428 429 /* route it */ 430 res = batadv_send_skb_to_orig(skb, orig_node, recv_if); 431 if (res == NET_XMIT_SUCCESS) 432 ret = NET_RX_SUCCESS; 433 434 /* skb was consumed */ 435 skb = NULL; 436 437 put_orig_node: 438 if (orig_node) 439 batadv_orig_node_put(orig_node); 440 free_skb: 441 kfree_skb(skb); 442 443 return ret; 444 } 445 446 /** 447 * batadv_check_unicast_packet() - Check for malformed unicast packets 448 * @bat_priv: the bat priv with all the soft interface information 449 * @skb: packet to check 450 * @hdr_size: size of header to pull 451 * 452 * Checks for short header and bad addresses in the given packet. 453 * 454 * Return: negative value when check fails and 0 otherwise. The negative value 455 * depends on the reason: -ENODATA for bad header, -EBADR for broadcast 456 * destination or source, and -EREMOTE for non-local (other host) destination. 457 */ 458 static int batadv_check_unicast_packet(struct batadv_priv *bat_priv, 459 struct sk_buff *skb, int hdr_size) 460 { 461 struct ethhdr *ethhdr; 462 463 /* drop packet if it has not necessary minimum size */ 464 if (unlikely(!pskb_may_pull(skb, hdr_size))) 465 return -ENODATA; 466 467 ethhdr = eth_hdr(skb); 468 469 /* packet with unicast indication but non-unicast recipient */ 470 if (!is_valid_ether_addr(ethhdr->h_dest)) 471 return -EBADR; 472 473 /* packet with broadcast/multicast sender address */ 474 if (is_multicast_ether_addr(ethhdr->h_source)) 475 return -EBADR; 476 477 /* not for me */ 478 if (!batadv_is_my_mac(bat_priv, ethhdr->h_dest)) 479 return -EREMOTE; 480 481 return 0; 482 } 483 484 /** 485 * batadv_last_bonding_get() - Get last_bonding_candidate of orig_node 486 * @orig_node: originator node whose last bonding candidate should be retrieved 487 * 488 * Return: last bonding candidate of router or NULL if not found 489 * 490 * The object is returned with refcounter increased by 1. 491 */ 492 static struct batadv_orig_ifinfo * 493 batadv_last_bonding_get(struct batadv_orig_node *orig_node) 494 { 495 struct batadv_orig_ifinfo *last_bonding_candidate; 496 497 spin_lock_bh(&orig_node->neigh_list_lock); 498 last_bonding_candidate = orig_node->last_bonding_candidate; 499 500 if (last_bonding_candidate) 501 kref_get(&last_bonding_candidate->refcount); 502 spin_unlock_bh(&orig_node->neigh_list_lock); 503 504 return last_bonding_candidate; 505 } 506 507 /** 508 * batadv_last_bonding_replace() - Replace last_bonding_candidate of orig_node 509 * @orig_node: originator node whose bonding candidates should be replaced 510 * @new_candidate: new bonding candidate or NULL 511 */ 512 static void 513 batadv_last_bonding_replace(struct batadv_orig_node *orig_node, 514 struct batadv_orig_ifinfo *new_candidate) 515 { 516 struct batadv_orig_ifinfo *old_candidate; 517 518 spin_lock_bh(&orig_node->neigh_list_lock); 519 old_candidate = orig_node->last_bonding_candidate; 520 521 if (new_candidate) 522 kref_get(&new_candidate->refcount); 523 orig_node->last_bonding_candidate = new_candidate; 524 spin_unlock_bh(&orig_node->neigh_list_lock); 525 526 if (old_candidate) 527 batadv_orig_ifinfo_put(old_candidate); 528 } 529 530 /** 531 * batadv_find_router() - find a suitable router for this originator 532 * @bat_priv: the bat priv with all the soft interface information 533 * @orig_node: the destination node 534 * @recv_if: pointer to interface this packet was received on 535 * 536 * Return: the router which should be used for this orig_node on 537 * this interface, or NULL if not available. 538 */ 539 struct batadv_neigh_node * 540 batadv_find_router(struct batadv_priv *bat_priv, 541 struct batadv_orig_node *orig_node, 542 struct batadv_hard_iface *recv_if) 543 { 544 struct batadv_algo_ops *bao = bat_priv->algo_ops; 545 struct batadv_neigh_node *first_candidate_router = NULL; 546 struct batadv_neigh_node *next_candidate_router = NULL; 547 struct batadv_neigh_node *router, *cand_router = NULL; 548 struct batadv_neigh_node *last_cand_router = NULL; 549 struct batadv_orig_ifinfo *cand, *first_candidate = NULL; 550 struct batadv_orig_ifinfo *next_candidate = NULL; 551 struct batadv_orig_ifinfo *last_candidate; 552 bool last_candidate_found = false; 553 554 if (!orig_node) 555 return NULL; 556 557 router = batadv_orig_router_get(orig_node, recv_if); 558 559 if (!router) 560 return router; 561 562 /* only consider bonding for recv_if == BATADV_IF_DEFAULT (first hop) 563 * and if activated. 564 */ 565 if (!(recv_if == BATADV_IF_DEFAULT && atomic_read(&bat_priv->bonding))) 566 return router; 567 568 /* bonding: loop through the list of possible routers found 569 * for the various outgoing interfaces and find a candidate after 570 * the last chosen bonding candidate (next_candidate). If no such 571 * router is found, use the first candidate found (the previously 572 * chosen bonding candidate might have been the last one in the list). 573 * If this can't be found either, return the previously chosen 574 * router - obviously there are no other candidates. 575 */ 576 rcu_read_lock(); 577 last_candidate = batadv_last_bonding_get(orig_node); 578 if (last_candidate) 579 last_cand_router = rcu_dereference(last_candidate->router); 580 581 hlist_for_each_entry_rcu(cand, &orig_node->ifinfo_list, list) { 582 /* acquire some structures and references ... */ 583 if (!kref_get_unless_zero(&cand->refcount)) 584 continue; 585 586 cand_router = rcu_dereference(cand->router); 587 if (!cand_router) 588 goto next; 589 590 if (!kref_get_unless_zero(&cand_router->refcount)) { 591 cand_router = NULL; 592 goto next; 593 } 594 595 /* alternative candidate should be good enough to be 596 * considered 597 */ 598 if (!bao->neigh.is_similar_or_better(cand_router, 599 cand->if_outgoing, router, 600 recv_if)) 601 goto next; 602 603 /* don't use the same router twice */ 604 if (last_cand_router == cand_router) 605 goto next; 606 607 /* mark the first possible candidate */ 608 if (!first_candidate) { 609 kref_get(&cand_router->refcount); 610 kref_get(&cand->refcount); 611 first_candidate = cand; 612 first_candidate_router = cand_router; 613 } 614 615 /* check if the loop has already passed the previously selected 616 * candidate ... this function should select the next candidate 617 * AFTER the previously used bonding candidate. 618 */ 619 if (!last_candidate || last_candidate_found) { 620 next_candidate = cand; 621 next_candidate_router = cand_router; 622 break; 623 } 624 625 if (last_candidate == cand) 626 last_candidate_found = true; 627 next: 628 /* free references */ 629 if (cand_router) { 630 batadv_neigh_node_put(cand_router); 631 cand_router = NULL; 632 } 633 batadv_orig_ifinfo_put(cand); 634 } 635 rcu_read_unlock(); 636 637 /* After finding candidates, handle the three cases: 638 * 1) there is a next candidate, use that 639 * 2) there is no next candidate, use the first of the list 640 * 3) there is no candidate at all, return the default router 641 */ 642 if (next_candidate) { 643 batadv_neigh_node_put(router); 644 645 kref_get(&next_candidate_router->refcount); 646 router = next_candidate_router; 647 batadv_last_bonding_replace(orig_node, next_candidate); 648 } else if (first_candidate) { 649 batadv_neigh_node_put(router); 650 651 kref_get(&first_candidate_router->refcount); 652 router = first_candidate_router; 653 batadv_last_bonding_replace(orig_node, first_candidate); 654 } else { 655 batadv_last_bonding_replace(orig_node, NULL); 656 } 657 658 /* cleanup of candidates */ 659 if (first_candidate) { 660 batadv_neigh_node_put(first_candidate_router); 661 batadv_orig_ifinfo_put(first_candidate); 662 } 663 664 if (next_candidate) { 665 batadv_neigh_node_put(next_candidate_router); 666 batadv_orig_ifinfo_put(next_candidate); 667 } 668 669 if (last_candidate) 670 batadv_orig_ifinfo_put(last_candidate); 671 672 return router; 673 } 674 675 static int batadv_route_unicast_packet(struct sk_buff *skb, 676 struct batadv_hard_iface *recv_if) 677 { 678 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface); 679 struct batadv_orig_node *orig_node = NULL; 680 struct batadv_unicast_packet *unicast_packet; 681 struct ethhdr *ethhdr = eth_hdr(skb); 682 int res, hdr_len, ret = NET_RX_DROP; 683 unsigned int len; 684 685 unicast_packet = (struct batadv_unicast_packet *)skb->data; 686 687 /* TTL exceeded */ 688 if (unicast_packet->ttl < 2) { 689 pr_debug("Warning - can't forward unicast packet from %pM to %pM: ttl exceeded\n", 690 ethhdr->h_source, unicast_packet->dest); 691 goto free_skb; 692 } 693 694 /* get routing information */ 695 orig_node = batadv_orig_hash_find(bat_priv, unicast_packet->dest); 696 697 if (!orig_node) 698 goto free_skb; 699 700 /* create a copy of the skb, if needed, to modify it. */ 701 if (skb_cow(skb, ETH_HLEN) < 0) 702 goto put_orig_node; 703 704 /* decrement ttl */ 705 unicast_packet = (struct batadv_unicast_packet *)skb->data; 706 unicast_packet->ttl--; 707 708 switch (unicast_packet->packet_type) { 709 case BATADV_UNICAST_4ADDR: 710 hdr_len = sizeof(struct batadv_unicast_4addr_packet); 711 break; 712 case BATADV_UNICAST: 713 hdr_len = sizeof(struct batadv_unicast_packet); 714 break; 715 default: 716 /* other packet types not supported - yet */ 717 hdr_len = -1; 718 break; 719 } 720 721 if (hdr_len > 0) 722 batadv_skb_set_priority(skb, hdr_len); 723 724 len = skb->len; 725 res = batadv_send_skb_to_orig(skb, orig_node, recv_if); 726 727 /* translate transmit result into receive result */ 728 if (res == NET_XMIT_SUCCESS) { 729 ret = NET_RX_SUCCESS; 730 /* skb was transmitted and consumed */ 731 batadv_inc_counter(bat_priv, BATADV_CNT_FORWARD); 732 batadv_add_counter(bat_priv, BATADV_CNT_FORWARD_BYTES, 733 len + ETH_HLEN); 734 } 735 736 /* skb was consumed */ 737 skb = NULL; 738 739 put_orig_node: 740 batadv_orig_node_put(orig_node); 741 free_skb: 742 kfree_skb(skb); 743 744 return ret; 745 } 746 747 /** 748 * batadv_reroute_unicast_packet() - update the unicast header for re-routing 749 * @bat_priv: the bat priv with all the soft interface information 750 * @skb: unicast packet to process 751 * @unicast_packet: the unicast header to be updated 752 * @dst_addr: the payload destination 753 * @vid: VLAN identifier 754 * 755 * Search the translation table for dst_addr and update the unicast header with 756 * the new corresponding information (originator address where the destination 757 * client currently is and its known TTVN) 758 * 759 * Return: true if the packet header has been updated, false otherwise 760 */ 761 static bool 762 batadv_reroute_unicast_packet(struct batadv_priv *bat_priv, struct sk_buff *skb, 763 struct batadv_unicast_packet *unicast_packet, 764 u8 *dst_addr, unsigned short vid) 765 { 766 struct batadv_orig_node *orig_node = NULL; 767 struct batadv_hard_iface *primary_if = NULL; 768 bool ret = false; 769 u8 *orig_addr, orig_ttvn; 770 771 if (batadv_is_my_client(bat_priv, dst_addr, vid)) { 772 primary_if = batadv_primary_if_get_selected(bat_priv); 773 if (!primary_if) 774 goto out; 775 orig_addr = primary_if->net_dev->dev_addr; 776 orig_ttvn = (u8)atomic_read(&bat_priv->tt.vn); 777 } else { 778 orig_node = batadv_transtable_search(bat_priv, NULL, dst_addr, 779 vid); 780 if (!orig_node) 781 goto out; 782 783 if (batadv_compare_eth(orig_node->orig, unicast_packet->dest)) 784 goto out; 785 786 orig_addr = orig_node->orig; 787 orig_ttvn = (u8)atomic_read(&orig_node->last_ttvn); 788 } 789 790 /* update the packet header */ 791 skb_postpull_rcsum(skb, unicast_packet, sizeof(*unicast_packet)); 792 ether_addr_copy(unicast_packet->dest, orig_addr); 793 unicast_packet->ttvn = orig_ttvn; 794 skb_postpush_rcsum(skb, unicast_packet, sizeof(*unicast_packet)); 795 796 ret = true; 797 out: 798 if (primary_if) 799 batadv_hardif_put(primary_if); 800 if (orig_node) 801 batadv_orig_node_put(orig_node); 802 803 return ret; 804 } 805 806 static bool batadv_check_unicast_ttvn(struct batadv_priv *bat_priv, 807 struct sk_buff *skb, int hdr_len) 808 { 809 struct batadv_unicast_packet *unicast_packet; 810 struct batadv_hard_iface *primary_if; 811 struct batadv_orig_node *orig_node; 812 u8 curr_ttvn, old_ttvn; 813 struct ethhdr *ethhdr; 814 unsigned short vid; 815 int is_old_ttvn; 816 817 /* check if there is enough data before accessing it */ 818 if (!pskb_may_pull(skb, hdr_len + ETH_HLEN)) 819 return false; 820 821 /* create a copy of the skb (in case of for re-routing) to modify it. */ 822 if (skb_cow(skb, sizeof(*unicast_packet)) < 0) 823 return false; 824 825 unicast_packet = (struct batadv_unicast_packet *)skb->data; 826 vid = batadv_get_vid(skb, hdr_len); 827 ethhdr = (struct ethhdr *)(skb->data + hdr_len); 828 829 /* do not reroute multicast frames in a unicast header */ 830 if (is_multicast_ether_addr(ethhdr->h_dest)) 831 return true; 832 833 /* check if the destination client was served by this node and it is now 834 * roaming. In this case, it means that the node has got a ROAM_ADV 835 * message and that it knows the new destination in the mesh to re-route 836 * the packet to 837 */ 838 if (batadv_tt_local_client_is_roaming(bat_priv, ethhdr->h_dest, vid)) { 839 if (batadv_reroute_unicast_packet(bat_priv, skb, unicast_packet, 840 ethhdr->h_dest, vid)) 841 batadv_dbg_ratelimited(BATADV_DBG_TT, 842 bat_priv, 843 "Rerouting unicast packet to %pM (dst=%pM): Local Roaming\n", 844 unicast_packet->dest, 845 ethhdr->h_dest); 846 /* at this point the mesh destination should have been 847 * substituted with the originator address found in the global 848 * table. If not, let the packet go untouched anyway because 849 * there is nothing the node can do 850 */ 851 return true; 852 } 853 854 /* retrieve the TTVN known by this node for the packet destination. This 855 * value is used later to check if the node which sent (or re-routed 856 * last time) the packet had an updated information or not 857 */ 858 curr_ttvn = (u8)atomic_read(&bat_priv->tt.vn); 859 if (!batadv_is_my_mac(bat_priv, unicast_packet->dest)) { 860 orig_node = batadv_orig_hash_find(bat_priv, 861 unicast_packet->dest); 862 /* if it is not possible to find the orig_node representing the 863 * destination, the packet can immediately be dropped as it will 864 * not be possible to deliver it 865 */ 866 if (!orig_node) 867 return false; 868 869 curr_ttvn = (u8)atomic_read(&orig_node->last_ttvn); 870 batadv_orig_node_put(orig_node); 871 } 872 873 /* check if the TTVN contained in the packet is fresher than what the 874 * node knows 875 */ 876 is_old_ttvn = batadv_seq_before(unicast_packet->ttvn, curr_ttvn); 877 if (!is_old_ttvn) 878 return true; 879 880 old_ttvn = unicast_packet->ttvn; 881 /* the packet was forged based on outdated network information. Its 882 * destination can possibly be updated and forwarded towards the new 883 * target host 884 */ 885 if (batadv_reroute_unicast_packet(bat_priv, skb, unicast_packet, 886 ethhdr->h_dest, vid)) { 887 batadv_dbg_ratelimited(BATADV_DBG_TT, bat_priv, 888 "Rerouting unicast packet to %pM (dst=%pM): TTVN mismatch old_ttvn=%u new_ttvn=%u\n", 889 unicast_packet->dest, ethhdr->h_dest, 890 old_ttvn, curr_ttvn); 891 return true; 892 } 893 894 /* the packet has not been re-routed: either the destination is 895 * currently served by this node or there is no destination at all and 896 * it is possible to drop the packet 897 */ 898 if (!batadv_is_my_client(bat_priv, ethhdr->h_dest, vid)) 899 return false; 900 901 /* update the header in order to let the packet be delivered to this 902 * node's soft interface 903 */ 904 primary_if = batadv_primary_if_get_selected(bat_priv); 905 if (!primary_if) 906 return false; 907 908 /* update the packet header */ 909 skb_postpull_rcsum(skb, unicast_packet, sizeof(*unicast_packet)); 910 ether_addr_copy(unicast_packet->dest, primary_if->net_dev->dev_addr); 911 unicast_packet->ttvn = curr_ttvn; 912 skb_postpush_rcsum(skb, unicast_packet, sizeof(*unicast_packet)); 913 914 batadv_hardif_put(primary_if); 915 916 return true; 917 } 918 919 /** 920 * batadv_recv_unhandled_unicast_packet() - receive and process packets which 921 * are in the unicast number space but not yet known to the implementation 922 * @skb: unicast tvlv packet to process 923 * @recv_if: pointer to interface this packet was received on 924 * 925 * Return: NET_RX_SUCCESS if the packet has been consumed or NET_RX_DROP 926 * otherwise. 927 */ 928 int batadv_recv_unhandled_unicast_packet(struct sk_buff *skb, 929 struct batadv_hard_iface *recv_if) 930 { 931 struct batadv_unicast_packet *unicast_packet; 932 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface); 933 int check, hdr_size = sizeof(*unicast_packet); 934 935 check = batadv_check_unicast_packet(bat_priv, skb, hdr_size); 936 if (check < 0) 937 goto free_skb; 938 939 /* we don't know about this type, drop it. */ 940 unicast_packet = (struct batadv_unicast_packet *)skb->data; 941 if (batadv_is_my_mac(bat_priv, unicast_packet->dest)) 942 goto free_skb; 943 944 return batadv_route_unicast_packet(skb, recv_if); 945 946 free_skb: 947 kfree_skb(skb); 948 return NET_RX_DROP; 949 } 950 951 /** 952 * batadv_recv_unicast_packet() - Process incoming unicast packet 953 * @skb: incoming packet buffer 954 * @recv_if: incoming hard interface 955 * 956 * Return: NET_RX_SUCCESS on success or NET_RX_DROP in case of failure 957 */ 958 int batadv_recv_unicast_packet(struct sk_buff *skb, 959 struct batadv_hard_iface *recv_if) 960 { 961 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface); 962 struct batadv_unicast_packet *unicast_packet; 963 struct batadv_unicast_4addr_packet *unicast_4addr_packet; 964 u8 *orig_addr, *orig_addr_gw; 965 struct batadv_orig_node *orig_node = NULL, *orig_node_gw = NULL; 966 int check, hdr_size = sizeof(*unicast_packet); 967 enum batadv_subtype subtype; 968 int ret = NET_RX_DROP; 969 bool is4addr, is_gw; 970 971 unicast_packet = (struct batadv_unicast_packet *)skb->data; 972 is4addr = unicast_packet->packet_type == BATADV_UNICAST_4ADDR; 973 /* the caller function should have already pulled 2 bytes */ 974 if (is4addr) 975 hdr_size = sizeof(*unicast_4addr_packet); 976 977 /* function returns -EREMOTE for promiscuous packets */ 978 check = batadv_check_unicast_packet(bat_priv, skb, hdr_size); 979 980 /* Even though the packet is not for us, we might save it to use for 981 * decoding a later received coded packet 982 */ 983 if (check == -EREMOTE) 984 batadv_nc_skb_store_sniffed_unicast(bat_priv, skb); 985 986 if (check < 0) 987 goto free_skb; 988 if (!batadv_check_unicast_ttvn(bat_priv, skb, hdr_size)) 989 goto free_skb; 990 991 unicast_packet = (struct batadv_unicast_packet *)skb->data; 992 993 /* packet for me */ 994 if (batadv_is_my_mac(bat_priv, unicast_packet->dest)) { 995 /* If this is a unicast packet from another backgone gw, 996 * drop it. 997 */ 998 orig_addr_gw = eth_hdr(skb)->h_source; 999 orig_node_gw = batadv_orig_hash_find(bat_priv, orig_addr_gw); 1000 if (orig_node_gw) { 1001 is_gw = batadv_bla_is_backbone_gw(skb, orig_node_gw, 1002 hdr_size); 1003 batadv_orig_node_put(orig_node_gw); 1004 if (is_gw) { 1005 batadv_dbg(BATADV_DBG_BLA, bat_priv, 1006 "%s(): Dropped unicast pkt received from another backbone gw %pM.\n", 1007 __func__, orig_addr_gw); 1008 goto free_skb; 1009 } 1010 } 1011 1012 if (is4addr) { 1013 unicast_4addr_packet = 1014 (struct batadv_unicast_4addr_packet *)skb->data; 1015 subtype = unicast_4addr_packet->subtype; 1016 batadv_dat_inc_counter(bat_priv, subtype); 1017 1018 /* Only payload data should be considered for speedy 1019 * join. For example, DAT also uses unicast 4addr 1020 * types, but those packets should not be considered 1021 * for speedy join, since the clients do not actually 1022 * reside at the sending originator. 1023 */ 1024 if (subtype == BATADV_P_DATA) { 1025 orig_addr = unicast_4addr_packet->src; 1026 orig_node = batadv_orig_hash_find(bat_priv, 1027 orig_addr); 1028 } 1029 } 1030 1031 if (batadv_dat_snoop_incoming_arp_request(bat_priv, skb, 1032 hdr_size)) 1033 goto rx_success; 1034 if (batadv_dat_snoop_incoming_arp_reply(bat_priv, skb, 1035 hdr_size)) 1036 goto rx_success; 1037 1038 batadv_dat_snoop_incoming_dhcp_ack(bat_priv, skb, hdr_size); 1039 1040 batadv_interface_rx(recv_if->soft_iface, skb, hdr_size, 1041 orig_node); 1042 1043 rx_success: 1044 if (orig_node) 1045 batadv_orig_node_put(orig_node); 1046 1047 return NET_RX_SUCCESS; 1048 } 1049 1050 ret = batadv_route_unicast_packet(skb, recv_if); 1051 /* skb was consumed */ 1052 skb = NULL; 1053 1054 free_skb: 1055 kfree_skb(skb); 1056 1057 return ret; 1058 } 1059 1060 /** 1061 * batadv_recv_unicast_tvlv() - receive and process unicast tvlv packets 1062 * @skb: unicast tvlv packet to process 1063 * @recv_if: pointer to interface this packet was received on 1064 * 1065 * Return: NET_RX_SUCCESS if the packet has been consumed or NET_RX_DROP 1066 * otherwise. 1067 */ 1068 int batadv_recv_unicast_tvlv(struct sk_buff *skb, 1069 struct batadv_hard_iface *recv_if) 1070 { 1071 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface); 1072 struct batadv_unicast_tvlv_packet *unicast_tvlv_packet; 1073 unsigned char *tvlv_buff; 1074 u16 tvlv_buff_len; 1075 int hdr_size = sizeof(*unicast_tvlv_packet); 1076 int ret = NET_RX_DROP; 1077 1078 if (batadv_check_unicast_packet(bat_priv, skb, hdr_size) < 0) 1079 goto free_skb; 1080 1081 /* the header is likely to be modified while forwarding */ 1082 if (skb_cow(skb, hdr_size) < 0) 1083 goto free_skb; 1084 1085 /* packet needs to be linearized to access the tvlv content */ 1086 if (skb_linearize(skb) < 0) 1087 goto free_skb; 1088 1089 unicast_tvlv_packet = (struct batadv_unicast_tvlv_packet *)skb->data; 1090 1091 tvlv_buff = (unsigned char *)(skb->data + hdr_size); 1092 tvlv_buff_len = ntohs(unicast_tvlv_packet->tvlv_len); 1093 1094 if (tvlv_buff_len > skb->len - hdr_size) 1095 goto free_skb; 1096 1097 ret = batadv_tvlv_containers_process(bat_priv, false, NULL, 1098 unicast_tvlv_packet->src, 1099 unicast_tvlv_packet->dst, 1100 tvlv_buff, tvlv_buff_len); 1101 1102 if (ret != NET_RX_SUCCESS) { 1103 ret = batadv_route_unicast_packet(skb, recv_if); 1104 /* skb was consumed */ 1105 skb = NULL; 1106 } 1107 1108 free_skb: 1109 kfree_skb(skb); 1110 1111 return ret; 1112 } 1113 1114 /** 1115 * batadv_recv_frag_packet() - process received fragment 1116 * @skb: the received fragment 1117 * @recv_if: interface that the skb is received on 1118 * 1119 * This function does one of the three following things: 1) Forward fragment, if 1120 * the assembled packet will exceed our MTU; 2) Buffer fragment, if we still 1121 * lack further fragments; 3) Merge fragments, if we have all needed parts. 1122 * 1123 * Return: NET_RX_DROP if the skb is not consumed, NET_RX_SUCCESS otherwise. 1124 */ 1125 int batadv_recv_frag_packet(struct sk_buff *skb, 1126 struct batadv_hard_iface *recv_if) 1127 { 1128 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface); 1129 struct batadv_orig_node *orig_node_src = NULL; 1130 struct batadv_frag_packet *frag_packet; 1131 int ret = NET_RX_DROP; 1132 1133 if (batadv_check_unicast_packet(bat_priv, skb, 1134 sizeof(*frag_packet)) < 0) 1135 goto free_skb; 1136 1137 frag_packet = (struct batadv_frag_packet *)skb->data; 1138 orig_node_src = batadv_orig_hash_find(bat_priv, frag_packet->orig); 1139 if (!orig_node_src) 1140 goto free_skb; 1141 1142 skb->priority = frag_packet->priority + 256; 1143 1144 /* Route the fragment if it is not for us and too big to be merged. */ 1145 if (!batadv_is_my_mac(bat_priv, frag_packet->dest) && 1146 batadv_frag_skb_fwd(skb, recv_if, orig_node_src)) { 1147 /* skb was consumed */ 1148 skb = NULL; 1149 ret = NET_RX_SUCCESS; 1150 goto put_orig_node; 1151 } 1152 1153 batadv_inc_counter(bat_priv, BATADV_CNT_FRAG_RX); 1154 batadv_add_counter(bat_priv, BATADV_CNT_FRAG_RX_BYTES, skb->len); 1155 1156 /* Add fragment to buffer and merge if possible. */ 1157 if (!batadv_frag_skb_buffer(&skb, orig_node_src)) 1158 goto put_orig_node; 1159 1160 /* Deliver merged packet to the appropriate handler, if it was 1161 * merged 1162 */ 1163 if (skb) { 1164 batadv_batman_skb_recv(skb, recv_if->net_dev, 1165 &recv_if->batman_adv_ptype, NULL); 1166 /* skb was consumed */ 1167 skb = NULL; 1168 } 1169 1170 ret = NET_RX_SUCCESS; 1171 1172 put_orig_node: 1173 batadv_orig_node_put(orig_node_src); 1174 free_skb: 1175 kfree_skb(skb); 1176 1177 return ret; 1178 } 1179 1180 /** 1181 * batadv_recv_bcast_packet() - Process incoming broadcast packet 1182 * @skb: incoming packet buffer 1183 * @recv_if: incoming hard interface 1184 * 1185 * Return: NET_RX_SUCCESS on success or NET_RX_DROP in case of failure 1186 */ 1187 int batadv_recv_bcast_packet(struct sk_buff *skb, 1188 struct batadv_hard_iface *recv_if) 1189 { 1190 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface); 1191 struct batadv_orig_node *orig_node = NULL; 1192 struct batadv_bcast_packet *bcast_packet; 1193 struct ethhdr *ethhdr; 1194 int hdr_size = sizeof(*bcast_packet); 1195 int ret = NET_RX_DROP; 1196 s32 seq_diff; 1197 u32 seqno; 1198 1199 /* drop packet if it has not necessary minimum size */ 1200 if (unlikely(!pskb_may_pull(skb, hdr_size))) 1201 goto free_skb; 1202 1203 ethhdr = eth_hdr(skb); 1204 1205 /* packet with broadcast indication but unicast recipient */ 1206 if (!is_broadcast_ether_addr(ethhdr->h_dest)) 1207 goto free_skb; 1208 1209 /* packet with broadcast/multicast sender address */ 1210 if (is_multicast_ether_addr(ethhdr->h_source)) 1211 goto free_skb; 1212 1213 /* ignore broadcasts sent by myself */ 1214 if (batadv_is_my_mac(bat_priv, ethhdr->h_source)) 1215 goto free_skb; 1216 1217 bcast_packet = (struct batadv_bcast_packet *)skb->data; 1218 1219 /* ignore broadcasts originated by myself */ 1220 if (batadv_is_my_mac(bat_priv, bcast_packet->orig)) 1221 goto free_skb; 1222 1223 if (bcast_packet->ttl < 2) 1224 goto free_skb; 1225 1226 orig_node = batadv_orig_hash_find(bat_priv, bcast_packet->orig); 1227 1228 if (!orig_node) 1229 goto free_skb; 1230 1231 spin_lock_bh(&orig_node->bcast_seqno_lock); 1232 1233 seqno = ntohl(bcast_packet->seqno); 1234 /* check whether the packet is a duplicate */ 1235 if (batadv_test_bit(orig_node->bcast_bits, orig_node->last_bcast_seqno, 1236 seqno)) 1237 goto spin_unlock; 1238 1239 seq_diff = seqno - orig_node->last_bcast_seqno; 1240 1241 /* check whether the packet is old and the host just restarted. */ 1242 if (batadv_window_protected(bat_priv, seq_diff, 1243 BATADV_BCAST_MAX_AGE, 1244 &orig_node->bcast_seqno_reset, NULL)) 1245 goto spin_unlock; 1246 1247 /* mark broadcast in flood history, update window position 1248 * if required. 1249 */ 1250 if (batadv_bit_get_packet(bat_priv, orig_node->bcast_bits, seq_diff, 1)) 1251 orig_node->last_bcast_seqno = seqno; 1252 1253 spin_unlock_bh(&orig_node->bcast_seqno_lock); 1254 1255 /* check whether this has been sent by another originator before */ 1256 if (batadv_bla_check_bcast_duplist(bat_priv, skb)) 1257 goto free_skb; 1258 1259 batadv_skb_set_priority(skb, sizeof(struct batadv_bcast_packet)); 1260 1261 /* rebroadcast packet */ 1262 batadv_add_bcast_packet_to_list(bat_priv, skb, 1, false); 1263 1264 /* don't hand the broadcast up if it is from an originator 1265 * from the same backbone. 1266 */ 1267 if (batadv_bla_is_backbone_gw(skb, orig_node, hdr_size)) 1268 goto free_skb; 1269 1270 if (batadv_dat_snoop_incoming_arp_request(bat_priv, skb, hdr_size)) 1271 goto rx_success; 1272 if (batadv_dat_snoop_incoming_arp_reply(bat_priv, skb, hdr_size)) 1273 goto rx_success; 1274 1275 batadv_dat_snoop_incoming_dhcp_ack(bat_priv, skb, hdr_size); 1276 1277 /* broadcast for me */ 1278 batadv_interface_rx(recv_if->soft_iface, skb, hdr_size, orig_node); 1279 1280 rx_success: 1281 ret = NET_RX_SUCCESS; 1282 goto out; 1283 1284 spin_unlock: 1285 spin_unlock_bh(&orig_node->bcast_seqno_lock); 1286 free_skb: 1287 kfree_skb(skb); 1288 out: 1289 if (orig_node) 1290 batadv_orig_node_put(orig_node); 1291 return ret; 1292 } 1293