1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright (C) 2007-2017 B.A.T.M.A.N. contributors: 3 * 4 * Marek Lindner, Simon Wunderlich 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of version 2 of the GNU General Public 8 * License as published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, but 11 * WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 * General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program; if not, see <http://www.gnu.org/licenses/>. 17 */ 18 19 #include "routing.h" 20 #include "main.h" 21 22 #include <linux/atomic.h> 23 #include <linux/byteorder/generic.h> 24 #include <linux/compiler.h> 25 #include <linux/errno.h> 26 #include <linux/etherdevice.h> 27 #include <linux/if_ether.h> 28 #include <linux/jiffies.h> 29 #include <linux/kref.h> 30 #include <linux/netdevice.h> 31 #include <linux/printk.h> 32 #include <linux/rculist.h> 33 #include <linux/rcupdate.h> 34 #include <linux/skbuff.h> 35 #include <linux/spinlock.h> 36 #include <linux/stddef.h> 37 38 #include "bitarray.h" 39 #include "bridge_loop_avoidance.h" 40 #include "distributed-arp-table.h" 41 #include "fragmentation.h" 42 #include "hard-interface.h" 43 #include "icmp_socket.h" 44 #include "log.h" 45 #include "network-coding.h" 46 #include "originator.h" 47 #include "packet.h" 48 #include "send.h" 49 #include "soft-interface.h" 50 #include "tp_meter.h" 51 #include "translation-table.h" 52 #include "tvlv.h" 53 54 static int batadv_route_unicast_packet(struct sk_buff *skb, 55 struct batadv_hard_iface *recv_if); 56 57 /** 58 * _batadv_update_route - set the router for this originator 59 * @bat_priv: the bat priv with all the soft interface information 60 * @orig_node: orig node which is to be configured 61 * @recv_if: the receive interface for which this route is set 62 * @neigh_node: neighbor which should be the next router 63 * 64 * This function does not perform any error checks 65 */ 66 static void _batadv_update_route(struct batadv_priv *bat_priv, 67 struct batadv_orig_node *orig_node, 68 struct batadv_hard_iface *recv_if, 69 struct batadv_neigh_node *neigh_node) 70 { 71 struct batadv_orig_ifinfo *orig_ifinfo; 72 struct batadv_neigh_node *curr_router; 73 74 orig_ifinfo = batadv_orig_ifinfo_get(orig_node, recv_if); 75 if (!orig_ifinfo) 76 return; 77 78 spin_lock_bh(&orig_node->neigh_list_lock); 79 /* curr_router used earlier may not be the current orig_ifinfo->router 80 * anymore because it was dereferenced outside of the neigh_list_lock 81 * protected region. After the new best neighbor has replace the current 82 * best neighbor the reference counter needs to decrease. Consequently, 83 * the code needs to ensure the curr_router variable contains a pointer 84 * to the replaced best neighbor. 85 */ 86 curr_router = rcu_dereference_protected(orig_ifinfo->router, true); 87 88 /* increase refcount of new best neighbor */ 89 if (neigh_node) 90 kref_get(&neigh_node->refcount); 91 92 rcu_assign_pointer(orig_ifinfo->router, neigh_node); 93 spin_unlock_bh(&orig_node->neigh_list_lock); 94 batadv_orig_ifinfo_put(orig_ifinfo); 95 96 /* route deleted */ 97 if (curr_router && !neigh_node) { 98 batadv_dbg(BATADV_DBG_ROUTES, bat_priv, 99 "Deleting route towards: %pM\n", orig_node->orig); 100 batadv_tt_global_del_orig(bat_priv, orig_node, -1, 101 "Deleted route towards originator"); 102 103 /* route added */ 104 } else if (!curr_router && neigh_node) { 105 batadv_dbg(BATADV_DBG_ROUTES, bat_priv, 106 "Adding route towards: %pM (via %pM)\n", 107 orig_node->orig, neigh_node->addr); 108 /* route changed */ 109 } else if (neigh_node && curr_router) { 110 batadv_dbg(BATADV_DBG_ROUTES, bat_priv, 111 "Changing route towards: %pM (now via %pM - was via %pM)\n", 112 orig_node->orig, neigh_node->addr, 113 curr_router->addr); 114 } 115 116 /* decrease refcount of previous best neighbor */ 117 if (curr_router) 118 batadv_neigh_node_put(curr_router); 119 } 120 121 /** 122 * batadv_update_route - set the router for this originator 123 * @bat_priv: the bat priv with all the soft interface information 124 * @orig_node: orig node which is to be configured 125 * @recv_if: the receive interface for which this route is set 126 * @neigh_node: neighbor which should be the next router 127 */ 128 void batadv_update_route(struct batadv_priv *bat_priv, 129 struct batadv_orig_node *orig_node, 130 struct batadv_hard_iface *recv_if, 131 struct batadv_neigh_node *neigh_node) 132 { 133 struct batadv_neigh_node *router = NULL; 134 135 if (!orig_node) 136 goto out; 137 138 router = batadv_orig_router_get(orig_node, recv_if); 139 140 if (router != neigh_node) 141 _batadv_update_route(bat_priv, orig_node, recv_if, neigh_node); 142 143 out: 144 if (router) 145 batadv_neigh_node_put(router); 146 } 147 148 /** 149 * batadv_window_protected - checks whether the host restarted and is in the 150 * protection time. 151 * @bat_priv: the bat priv with all the soft interface information 152 * @seq_num_diff: difference between the current/received sequence number and 153 * the last sequence number 154 * @seq_old_max_diff: maximum age of sequence number not considered as restart 155 * @last_reset: jiffies timestamp of the last reset, will be updated when reset 156 * is detected 157 * @protection_started: is set to true if the protection window was started, 158 * doesn't change otherwise. 159 * 160 * Return: 161 * false if the packet is to be accepted. 162 * true if the packet is to be ignored. 163 */ 164 bool batadv_window_protected(struct batadv_priv *bat_priv, s32 seq_num_diff, 165 s32 seq_old_max_diff, unsigned long *last_reset, 166 bool *protection_started) 167 { 168 if (seq_num_diff <= -seq_old_max_diff || 169 seq_num_diff >= BATADV_EXPECTED_SEQNO_RANGE) { 170 if (!batadv_has_timed_out(*last_reset, 171 BATADV_RESET_PROTECTION_MS)) 172 return true; 173 174 *last_reset = jiffies; 175 if (protection_started) 176 *protection_started = true; 177 batadv_dbg(BATADV_DBG_BATMAN, bat_priv, 178 "old packet received, start protection\n"); 179 } 180 181 return false; 182 } 183 184 bool batadv_check_management_packet(struct sk_buff *skb, 185 struct batadv_hard_iface *hard_iface, 186 int header_len) 187 { 188 struct ethhdr *ethhdr; 189 190 /* drop packet if it has not necessary minimum size */ 191 if (unlikely(!pskb_may_pull(skb, header_len))) 192 return false; 193 194 ethhdr = eth_hdr(skb); 195 196 /* packet with broadcast indication but unicast recipient */ 197 if (!is_broadcast_ether_addr(ethhdr->h_dest)) 198 return false; 199 200 /* packet with invalid sender address */ 201 if (!is_valid_ether_addr(ethhdr->h_source)) 202 return false; 203 204 /* create a copy of the skb, if needed, to modify it. */ 205 if (skb_cow(skb, 0) < 0) 206 return false; 207 208 /* keep skb linear */ 209 if (skb_linearize(skb) < 0) 210 return false; 211 212 return true; 213 } 214 215 /** 216 * batadv_recv_my_icmp_packet - receive an icmp packet locally 217 * @bat_priv: the bat priv with all the soft interface information 218 * @skb: icmp packet to process 219 * 220 * Return: NET_RX_SUCCESS if the packet has been consumed or NET_RX_DROP 221 * otherwise. 222 */ 223 static int batadv_recv_my_icmp_packet(struct batadv_priv *bat_priv, 224 struct sk_buff *skb) 225 { 226 struct batadv_hard_iface *primary_if = NULL; 227 struct batadv_orig_node *orig_node = NULL; 228 struct batadv_icmp_header *icmph; 229 int res, ret = NET_RX_DROP; 230 231 icmph = (struct batadv_icmp_header *)skb->data; 232 233 switch (icmph->msg_type) { 234 case BATADV_ECHO_REPLY: 235 case BATADV_DESTINATION_UNREACHABLE: 236 case BATADV_TTL_EXCEEDED: 237 /* receive the packet */ 238 if (skb_linearize(skb) < 0) 239 break; 240 241 batadv_socket_receive_packet(icmph, skb->len); 242 break; 243 case BATADV_ECHO_REQUEST: 244 /* answer echo request (ping) */ 245 primary_if = batadv_primary_if_get_selected(bat_priv); 246 if (!primary_if) 247 goto out; 248 249 /* get routing information */ 250 orig_node = batadv_orig_hash_find(bat_priv, icmph->orig); 251 if (!orig_node) 252 goto out; 253 254 /* create a copy of the skb, if needed, to modify it. */ 255 if (skb_cow(skb, ETH_HLEN) < 0) 256 goto out; 257 258 icmph = (struct batadv_icmp_header *)skb->data; 259 260 ether_addr_copy(icmph->dst, icmph->orig); 261 ether_addr_copy(icmph->orig, primary_if->net_dev->dev_addr); 262 icmph->msg_type = BATADV_ECHO_REPLY; 263 icmph->ttl = BATADV_TTL; 264 265 res = batadv_send_skb_to_orig(skb, orig_node, NULL); 266 if (res == NET_XMIT_SUCCESS) 267 ret = NET_RX_SUCCESS; 268 269 /* skb was consumed */ 270 skb = NULL; 271 break; 272 case BATADV_TP: 273 if (!pskb_may_pull(skb, sizeof(struct batadv_icmp_tp_packet))) 274 goto out; 275 276 batadv_tp_meter_recv(bat_priv, skb); 277 ret = NET_RX_SUCCESS; 278 /* skb was consumed */ 279 skb = NULL; 280 goto out; 281 default: 282 /* drop unknown type */ 283 goto out; 284 } 285 out: 286 if (primary_if) 287 batadv_hardif_put(primary_if); 288 if (orig_node) 289 batadv_orig_node_put(orig_node); 290 291 kfree_skb(skb); 292 293 return ret; 294 } 295 296 static int batadv_recv_icmp_ttl_exceeded(struct batadv_priv *bat_priv, 297 struct sk_buff *skb) 298 { 299 struct batadv_hard_iface *primary_if = NULL; 300 struct batadv_orig_node *orig_node = NULL; 301 struct batadv_icmp_packet *icmp_packet; 302 int res, ret = NET_RX_DROP; 303 304 icmp_packet = (struct batadv_icmp_packet *)skb->data; 305 306 /* send TTL exceeded if packet is an echo request (traceroute) */ 307 if (icmp_packet->msg_type != BATADV_ECHO_REQUEST) { 308 pr_debug("Warning - can't forward icmp packet from %pM to %pM: ttl exceeded\n", 309 icmp_packet->orig, icmp_packet->dst); 310 goto out; 311 } 312 313 primary_if = batadv_primary_if_get_selected(bat_priv); 314 if (!primary_if) 315 goto out; 316 317 /* get routing information */ 318 orig_node = batadv_orig_hash_find(bat_priv, icmp_packet->orig); 319 if (!orig_node) 320 goto out; 321 322 /* create a copy of the skb, if needed, to modify it. */ 323 if (skb_cow(skb, ETH_HLEN) < 0) 324 goto out; 325 326 icmp_packet = (struct batadv_icmp_packet *)skb->data; 327 328 ether_addr_copy(icmp_packet->dst, icmp_packet->orig); 329 ether_addr_copy(icmp_packet->orig, primary_if->net_dev->dev_addr); 330 icmp_packet->msg_type = BATADV_TTL_EXCEEDED; 331 icmp_packet->ttl = BATADV_TTL; 332 333 res = batadv_send_skb_to_orig(skb, orig_node, NULL); 334 if (res == NET_RX_SUCCESS) 335 ret = NET_XMIT_SUCCESS; 336 337 /* skb was consumed */ 338 skb = NULL; 339 340 out: 341 if (primary_if) 342 batadv_hardif_put(primary_if); 343 if (orig_node) 344 batadv_orig_node_put(orig_node); 345 346 kfree_skb(skb); 347 348 return ret; 349 } 350 351 int batadv_recv_icmp_packet(struct sk_buff *skb, 352 struct batadv_hard_iface *recv_if) 353 { 354 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface); 355 struct batadv_icmp_header *icmph; 356 struct batadv_icmp_packet_rr *icmp_packet_rr; 357 struct ethhdr *ethhdr; 358 struct batadv_orig_node *orig_node = NULL; 359 int hdr_size = sizeof(struct batadv_icmp_header); 360 int res, ret = NET_RX_DROP; 361 362 /* drop packet if it has not necessary minimum size */ 363 if (unlikely(!pskb_may_pull(skb, hdr_size))) 364 goto free_skb; 365 366 ethhdr = eth_hdr(skb); 367 368 /* packet with unicast indication but non-unicast recipient */ 369 if (!is_valid_ether_addr(ethhdr->h_dest)) 370 goto free_skb; 371 372 /* packet with broadcast/multicast sender address */ 373 if (is_multicast_ether_addr(ethhdr->h_source)) 374 goto free_skb; 375 376 /* not for me */ 377 if (!batadv_is_my_mac(bat_priv, ethhdr->h_dest)) 378 goto free_skb; 379 380 icmph = (struct batadv_icmp_header *)skb->data; 381 382 /* add record route information if not full */ 383 if ((icmph->msg_type == BATADV_ECHO_REPLY || 384 icmph->msg_type == BATADV_ECHO_REQUEST) && 385 skb->len >= sizeof(struct batadv_icmp_packet_rr)) { 386 if (skb_linearize(skb) < 0) 387 goto free_skb; 388 389 /* create a copy of the skb, if needed, to modify it. */ 390 if (skb_cow(skb, ETH_HLEN) < 0) 391 goto free_skb; 392 393 ethhdr = eth_hdr(skb); 394 icmph = (struct batadv_icmp_header *)skb->data; 395 icmp_packet_rr = (struct batadv_icmp_packet_rr *)icmph; 396 if (icmp_packet_rr->rr_cur >= BATADV_RR_LEN) 397 goto free_skb; 398 399 ether_addr_copy(icmp_packet_rr->rr[icmp_packet_rr->rr_cur], 400 ethhdr->h_dest); 401 icmp_packet_rr->rr_cur++; 402 } 403 404 /* packet for me */ 405 if (batadv_is_my_mac(bat_priv, icmph->dst)) 406 return batadv_recv_my_icmp_packet(bat_priv, skb); 407 408 /* TTL exceeded */ 409 if (icmph->ttl < 2) 410 return batadv_recv_icmp_ttl_exceeded(bat_priv, skb); 411 412 /* get routing information */ 413 orig_node = batadv_orig_hash_find(bat_priv, icmph->dst); 414 if (!orig_node) 415 goto free_skb; 416 417 /* create a copy of the skb, if needed, to modify it. */ 418 if (skb_cow(skb, ETH_HLEN) < 0) 419 goto put_orig_node; 420 421 icmph = (struct batadv_icmp_header *)skb->data; 422 423 /* decrement ttl */ 424 icmph->ttl--; 425 426 /* route it */ 427 res = batadv_send_skb_to_orig(skb, orig_node, recv_if); 428 if (res == NET_XMIT_SUCCESS) 429 ret = NET_RX_SUCCESS; 430 431 /* skb was consumed */ 432 skb = NULL; 433 434 put_orig_node: 435 if (orig_node) 436 batadv_orig_node_put(orig_node); 437 free_skb: 438 kfree_skb(skb); 439 440 return ret; 441 } 442 443 /** 444 * batadv_check_unicast_packet - Check for malformed unicast packets 445 * @bat_priv: the bat priv with all the soft interface information 446 * @skb: packet to check 447 * @hdr_size: size of header to pull 448 * 449 * Check for short header and bad addresses in given packet. 450 * 451 * Return: negative value when check fails and 0 otherwise. The negative value 452 * depends on the reason: -ENODATA for bad header, -EBADR for broadcast 453 * destination or source, and -EREMOTE for non-local (other host) destination. 454 */ 455 static int batadv_check_unicast_packet(struct batadv_priv *bat_priv, 456 struct sk_buff *skb, int hdr_size) 457 { 458 struct ethhdr *ethhdr; 459 460 /* drop packet if it has not necessary minimum size */ 461 if (unlikely(!pskb_may_pull(skb, hdr_size))) 462 return -ENODATA; 463 464 ethhdr = eth_hdr(skb); 465 466 /* packet with unicast indication but non-unicast recipient */ 467 if (!is_valid_ether_addr(ethhdr->h_dest)) 468 return -EBADR; 469 470 /* packet with broadcast/multicast sender address */ 471 if (is_multicast_ether_addr(ethhdr->h_source)) 472 return -EBADR; 473 474 /* not for me */ 475 if (!batadv_is_my_mac(bat_priv, ethhdr->h_dest)) 476 return -EREMOTE; 477 478 return 0; 479 } 480 481 /** 482 * batadv_last_bonding_get - Get last_bonding_candidate of orig_node 483 * @orig_node: originator node whose last bonding candidate should be retrieved 484 * 485 * Return: last bonding candidate of router or NULL if not found 486 * 487 * The object is returned with refcounter increased by 1. 488 */ 489 static struct batadv_orig_ifinfo * 490 batadv_last_bonding_get(struct batadv_orig_node *orig_node) 491 { 492 struct batadv_orig_ifinfo *last_bonding_candidate; 493 494 spin_lock_bh(&orig_node->neigh_list_lock); 495 last_bonding_candidate = orig_node->last_bonding_candidate; 496 497 if (last_bonding_candidate) 498 kref_get(&last_bonding_candidate->refcount); 499 spin_unlock_bh(&orig_node->neigh_list_lock); 500 501 return last_bonding_candidate; 502 } 503 504 /** 505 * batadv_last_bonding_replace - Replace last_bonding_candidate of orig_node 506 * @orig_node: originator node whose bonding candidates should be replaced 507 * @new_candidate: new bonding candidate or NULL 508 */ 509 static void 510 batadv_last_bonding_replace(struct batadv_orig_node *orig_node, 511 struct batadv_orig_ifinfo *new_candidate) 512 { 513 struct batadv_orig_ifinfo *old_candidate; 514 515 spin_lock_bh(&orig_node->neigh_list_lock); 516 old_candidate = orig_node->last_bonding_candidate; 517 518 if (new_candidate) 519 kref_get(&new_candidate->refcount); 520 orig_node->last_bonding_candidate = new_candidate; 521 spin_unlock_bh(&orig_node->neigh_list_lock); 522 523 if (old_candidate) 524 batadv_orig_ifinfo_put(old_candidate); 525 } 526 527 /** 528 * batadv_find_router - find a suitable router for this originator 529 * @bat_priv: the bat priv with all the soft interface information 530 * @orig_node: the destination node 531 * @recv_if: pointer to interface this packet was received on 532 * 533 * Return: the router which should be used for this orig_node on 534 * this interface, or NULL if not available. 535 */ 536 struct batadv_neigh_node * 537 batadv_find_router(struct batadv_priv *bat_priv, 538 struct batadv_orig_node *orig_node, 539 struct batadv_hard_iface *recv_if) 540 { 541 struct batadv_algo_ops *bao = bat_priv->algo_ops; 542 struct batadv_neigh_node *first_candidate_router = NULL; 543 struct batadv_neigh_node *next_candidate_router = NULL; 544 struct batadv_neigh_node *router, *cand_router = NULL; 545 struct batadv_neigh_node *last_cand_router = NULL; 546 struct batadv_orig_ifinfo *cand, *first_candidate = NULL; 547 struct batadv_orig_ifinfo *next_candidate = NULL; 548 struct batadv_orig_ifinfo *last_candidate; 549 bool last_candidate_found = false; 550 551 if (!orig_node) 552 return NULL; 553 554 router = batadv_orig_router_get(orig_node, recv_if); 555 556 if (!router) 557 return router; 558 559 /* only consider bonding for recv_if == BATADV_IF_DEFAULT (first hop) 560 * and if activated. 561 */ 562 if (!(recv_if == BATADV_IF_DEFAULT && atomic_read(&bat_priv->bonding))) 563 return router; 564 565 /* bonding: loop through the list of possible routers found 566 * for the various outgoing interfaces and find a candidate after 567 * the last chosen bonding candidate (next_candidate). If no such 568 * router is found, use the first candidate found (the previously 569 * chosen bonding candidate might have been the last one in the list). 570 * If this can't be found either, return the previously chosen 571 * router - obviously there are no other candidates. 572 */ 573 rcu_read_lock(); 574 last_candidate = batadv_last_bonding_get(orig_node); 575 if (last_candidate) 576 last_cand_router = rcu_dereference(last_candidate->router); 577 578 hlist_for_each_entry_rcu(cand, &orig_node->ifinfo_list, list) { 579 /* acquire some structures and references ... */ 580 if (!kref_get_unless_zero(&cand->refcount)) 581 continue; 582 583 cand_router = rcu_dereference(cand->router); 584 if (!cand_router) 585 goto next; 586 587 if (!kref_get_unless_zero(&cand_router->refcount)) { 588 cand_router = NULL; 589 goto next; 590 } 591 592 /* alternative candidate should be good enough to be 593 * considered 594 */ 595 if (!bao->neigh.is_similar_or_better(cand_router, 596 cand->if_outgoing, router, 597 recv_if)) 598 goto next; 599 600 /* don't use the same router twice */ 601 if (last_cand_router == cand_router) 602 goto next; 603 604 /* mark the first possible candidate */ 605 if (!first_candidate) { 606 kref_get(&cand_router->refcount); 607 kref_get(&cand->refcount); 608 first_candidate = cand; 609 first_candidate_router = cand_router; 610 } 611 612 /* check if the loop has already passed the previously selected 613 * candidate ... this function should select the next candidate 614 * AFTER the previously used bonding candidate. 615 */ 616 if (!last_candidate || last_candidate_found) { 617 next_candidate = cand; 618 next_candidate_router = cand_router; 619 break; 620 } 621 622 if (last_candidate == cand) 623 last_candidate_found = true; 624 next: 625 /* free references */ 626 if (cand_router) { 627 batadv_neigh_node_put(cand_router); 628 cand_router = NULL; 629 } 630 batadv_orig_ifinfo_put(cand); 631 } 632 rcu_read_unlock(); 633 634 /* After finding candidates, handle the three cases: 635 * 1) there is a next candidate, use that 636 * 2) there is no next candidate, use the first of the list 637 * 3) there is no candidate at all, return the default router 638 */ 639 if (next_candidate) { 640 batadv_neigh_node_put(router); 641 642 kref_get(&next_candidate_router->refcount); 643 router = next_candidate_router; 644 batadv_last_bonding_replace(orig_node, next_candidate); 645 } else if (first_candidate) { 646 batadv_neigh_node_put(router); 647 648 kref_get(&first_candidate_router->refcount); 649 router = first_candidate_router; 650 batadv_last_bonding_replace(orig_node, first_candidate); 651 } else { 652 batadv_last_bonding_replace(orig_node, NULL); 653 } 654 655 /* cleanup of candidates */ 656 if (first_candidate) { 657 batadv_neigh_node_put(first_candidate_router); 658 batadv_orig_ifinfo_put(first_candidate); 659 } 660 661 if (next_candidate) { 662 batadv_neigh_node_put(next_candidate_router); 663 batadv_orig_ifinfo_put(next_candidate); 664 } 665 666 if (last_candidate) 667 batadv_orig_ifinfo_put(last_candidate); 668 669 return router; 670 } 671 672 static int batadv_route_unicast_packet(struct sk_buff *skb, 673 struct batadv_hard_iface *recv_if) 674 { 675 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface); 676 struct batadv_orig_node *orig_node = NULL; 677 struct batadv_unicast_packet *unicast_packet; 678 struct ethhdr *ethhdr = eth_hdr(skb); 679 int res, hdr_len, ret = NET_RX_DROP; 680 unsigned int len; 681 682 unicast_packet = (struct batadv_unicast_packet *)skb->data; 683 684 /* TTL exceeded */ 685 if (unicast_packet->ttl < 2) { 686 pr_debug("Warning - can't forward unicast packet from %pM to %pM: ttl exceeded\n", 687 ethhdr->h_source, unicast_packet->dest); 688 goto free_skb; 689 } 690 691 /* get routing information */ 692 orig_node = batadv_orig_hash_find(bat_priv, unicast_packet->dest); 693 694 if (!orig_node) 695 goto free_skb; 696 697 /* create a copy of the skb, if needed, to modify it. */ 698 if (skb_cow(skb, ETH_HLEN) < 0) 699 goto put_orig_node; 700 701 /* decrement ttl */ 702 unicast_packet = (struct batadv_unicast_packet *)skb->data; 703 unicast_packet->ttl--; 704 705 switch (unicast_packet->packet_type) { 706 case BATADV_UNICAST_4ADDR: 707 hdr_len = sizeof(struct batadv_unicast_4addr_packet); 708 break; 709 case BATADV_UNICAST: 710 hdr_len = sizeof(struct batadv_unicast_packet); 711 break; 712 default: 713 /* other packet types not supported - yet */ 714 hdr_len = -1; 715 break; 716 } 717 718 if (hdr_len > 0) 719 batadv_skb_set_priority(skb, hdr_len); 720 721 len = skb->len; 722 res = batadv_send_skb_to_orig(skb, orig_node, recv_if); 723 724 /* translate transmit result into receive result */ 725 if (res == NET_XMIT_SUCCESS) { 726 ret = NET_RX_SUCCESS; 727 /* skb was transmitted and consumed */ 728 batadv_inc_counter(bat_priv, BATADV_CNT_FORWARD); 729 batadv_add_counter(bat_priv, BATADV_CNT_FORWARD_BYTES, 730 len + ETH_HLEN); 731 } 732 733 /* skb was consumed */ 734 skb = NULL; 735 736 put_orig_node: 737 batadv_orig_node_put(orig_node); 738 free_skb: 739 kfree_skb(skb); 740 741 return ret; 742 } 743 744 /** 745 * batadv_reroute_unicast_packet - update the unicast header for re-routing 746 * @bat_priv: the bat priv with all the soft interface information 747 * @unicast_packet: the unicast header to be updated 748 * @dst_addr: the payload destination 749 * @vid: VLAN identifier 750 * 751 * Search the translation table for dst_addr and update the unicast header with 752 * the new corresponding information (originator address where the destination 753 * client currently is and its known TTVN) 754 * 755 * Return: true if the packet header has been updated, false otherwise 756 */ 757 static bool 758 batadv_reroute_unicast_packet(struct batadv_priv *bat_priv, 759 struct batadv_unicast_packet *unicast_packet, 760 u8 *dst_addr, unsigned short vid) 761 { 762 struct batadv_orig_node *orig_node = NULL; 763 struct batadv_hard_iface *primary_if = NULL; 764 bool ret = false; 765 u8 *orig_addr, orig_ttvn; 766 767 if (batadv_is_my_client(bat_priv, dst_addr, vid)) { 768 primary_if = batadv_primary_if_get_selected(bat_priv); 769 if (!primary_if) 770 goto out; 771 orig_addr = primary_if->net_dev->dev_addr; 772 orig_ttvn = (u8)atomic_read(&bat_priv->tt.vn); 773 } else { 774 orig_node = batadv_transtable_search(bat_priv, NULL, dst_addr, 775 vid); 776 if (!orig_node) 777 goto out; 778 779 if (batadv_compare_eth(orig_node->orig, unicast_packet->dest)) 780 goto out; 781 782 orig_addr = orig_node->orig; 783 orig_ttvn = (u8)atomic_read(&orig_node->last_ttvn); 784 } 785 786 /* update the packet header */ 787 ether_addr_copy(unicast_packet->dest, orig_addr); 788 unicast_packet->ttvn = orig_ttvn; 789 790 ret = true; 791 out: 792 if (primary_if) 793 batadv_hardif_put(primary_if); 794 if (orig_node) 795 batadv_orig_node_put(orig_node); 796 797 return ret; 798 } 799 800 static bool batadv_check_unicast_ttvn(struct batadv_priv *bat_priv, 801 struct sk_buff *skb, int hdr_len) 802 { 803 struct batadv_unicast_packet *unicast_packet; 804 struct batadv_hard_iface *primary_if; 805 struct batadv_orig_node *orig_node; 806 u8 curr_ttvn, old_ttvn; 807 struct ethhdr *ethhdr; 808 unsigned short vid; 809 int is_old_ttvn; 810 811 /* check if there is enough data before accessing it */ 812 if (!pskb_may_pull(skb, hdr_len + ETH_HLEN)) 813 return false; 814 815 /* create a copy of the skb (in case of for re-routing) to modify it. */ 816 if (skb_cow(skb, sizeof(*unicast_packet)) < 0) 817 return false; 818 819 unicast_packet = (struct batadv_unicast_packet *)skb->data; 820 vid = batadv_get_vid(skb, hdr_len); 821 ethhdr = (struct ethhdr *)(skb->data + hdr_len); 822 823 /* check if the destination client was served by this node and it is now 824 * roaming. In this case, it means that the node has got a ROAM_ADV 825 * message and that it knows the new destination in the mesh to re-route 826 * the packet to 827 */ 828 if (batadv_tt_local_client_is_roaming(bat_priv, ethhdr->h_dest, vid)) { 829 if (batadv_reroute_unicast_packet(bat_priv, unicast_packet, 830 ethhdr->h_dest, vid)) 831 batadv_dbg_ratelimited(BATADV_DBG_TT, 832 bat_priv, 833 "Rerouting unicast packet to %pM (dst=%pM): Local Roaming\n", 834 unicast_packet->dest, 835 ethhdr->h_dest); 836 /* at this point the mesh destination should have been 837 * substituted with the originator address found in the global 838 * table. If not, let the packet go untouched anyway because 839 * there is nothing the node can do 840 */ 841 return true; 842 } 843 844 /* retrieve the TTVN known by this node for the packet destination. This 845 * value is used later to check if the node which sent (or re-routed 846 * last time) the packet had an updated information or not 847 */ 848 curr_ttvn = (u8)atomic_read(&bat_priv->tt.vn); 849 if (!batadv_is_my_mac(bat_priv, unicast_packet->dest)) { 850 orig_node = batadv_orig_hash_find(bat_priv, 851 unicast_packet->dest); 852 /* if it is not possible to find the orig_node representing the 853 * destination, the packet can immediately be dropped as it will 854 * not be possible to deliver it 855 */ 856 if (!orig_node) 857 return false; 858 859 curr_ttvn = (u8)atomic_read(&orig_node->last_ttvn); 860 batadv_orig_node_put(orig_node); 861 } 862 863 /* check if the TTVN contained in the packet is fresher than what the 864 * node knows 865 */ 866 is_old_ttvn = batadv_seq_before(unicast_packet->ttvn, curr_ttvn); 867 if (!is_old_ttvn) 868 return true; 869 870 old_ttvn = unicast_packet->ttvn; 871 /* the packet was forged based on outdated network information. Its 872 * destination can possibly be updated and forwarded towards the new 873 * target host 874 */ 875 if (batadv_reroute_unicast_packet(bat_priv, unicast_packet, 876 ethhdr->h_dest, vid)) { 877 batadv_dbg_ratelimited(BATADV_DBG_TT, bat_priv, 878 "Rerouting unicast packet to %pM (dst=%pM): TTVN mismatch old_ttvn=%u new_ttvn=%u\n", 879 unicast_packet->dest, ethhdr->h_dest, 880 old_ttvn, curr_ttvn); 881 return true; 882 } 883 884 /* the packet has not been re-routed: either the destination is 885 * currently served by this node or there is no destination at all and 886 * it is possible to drop the packet 887 */ 888 if (!batadv_is_my_client(bat_priv, ethhdr->h_dest, vid)) 889 return false; 890 891 /* update the header in order to let the packet be delivered to this 892 * node's soft interface 893 */ 894 primary_if = batadv_primary_if_get_selected(bat_priv); 895 if (!primary_if) 896 return false; 897 898 ether_addr_copy(unicast_packet->dest, primary_if->net_dev->dev_addr); 899 900 batadv_hardif_put(primary_if); 901 902 unicast_packet->ttvn = curr_ttvn; 903 904 return true; 905 } 906 907 /** 908 * batadv_recv_unhandled_unicast_packet - receive and process packets which 909 * are in the unicast number space but not yet known to the implementation 910 * @skb: unicast tvlv packet to process 911 * @recv_if: pointer to interface this packet was received on 912 * 913 * Return: NET_RX_SUCCESS if the packet has been consumed or NET_RX_DROP 914 * otherwise. 915 */ 916 int batadv_recv_unhandled_unicast_packet(struct sk_buff *skb, 917 struct batadv_hard_iface *recv_if) 918 { 919 struct batadv_unicast_packet *unicast_packet; 920 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface); 921 int check, hdr_size = sizeof(*unicast_packet); 922 923 check = batadv_check_unicast_packet(bat_priv, skb, hdr_size); 924 if (check < 0) 925 goto free_skb; 926 927 /* we don't know about this type, drop it. */ 928 unicast_packet = (struct batadv_unicast_packet *)skb->data; 929 if (batadv_is_my_mac(bat_priv, unicast_packet->dest)) 930 goto free_skb; 931 932 return batadv_route_unicast_packet(skb, recv_if); 933 934 free_skb: 935 kfree_skb(skb); 936 return NET_RX_DROP; 937 } 938 939 int batadv_recv_unicast_packet(struct sk_buff *skb, 940 struct batadv_hard_iface *recv_if) 941 { 942 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface); 943 struct batadv_unicast_packet *unicast_packet; 944 struct batadv_unicast_4addr_packet *unicast_4addr_packet; 945 u8 *orig_addr, *orig_addr_gw; 946 struct batadv_orig_node *orig_node = NULL, *orig_node_gw = NULL; 947 int check, hdr_size = sizeof(*unicast_packet); 948 enum batadv_subtype subtype; 949 struct ethhdr *ethhdr; 950 int ret = NET_RX_DROP; 951 bool is4addr, is_gw; 952 953 unicast_packet = (struct batadv_unicast_packet *)skb->data; 954 unicast_4addr_packet = (struct batadv_unicast_4addr_packet *)skb->data; 955 ethhdr = eth_hdr(skb); 956 957 is4addr = unicast_packet->packet_type == BATADV_UNICAST_4ADDR; 958 /* the caller function should have already pulled 2 bytes */ 959 if (is4addr) 960 hdr_size = sizeof(*unicast_4addr_packet); 961 962 /* function returns -EREMOTE for promiscuous packets */ 963 check = batadv_check_unicast_packet(bat_priv, skb, hdr_size); 964 965 /* Even though the packet is not for us, we might save it to use for 966 * decoding a later received coded packet 967 */ 968 if (check == -EREMOTE) 969 batadv_nc_skb_store_sniffed_unicast(bat_priv, skb); 970 971 if (check < 0) 972 goto free_skb; 973 if (!batadv_check_unicast_ttvn(bat_priv, skb, hdr_size)) 974 goto free_skb; 975 976 /* packet for me */ 977 if (batadv_is_my_mac(bat_priv, unicast_packet->dest)) { 978 /* If this is a unicast packet from another backgone gw, 979 * drop it. 980 */ 981 orig_addr_gw = ethhdr->h_source; 982 orig_node_gw = batadv_orig_hash_find(bat_priv, orig_addr_gw); 983 if (orig_node_gw) { 984 is_gw = batadv_bla_is_backbone_gw(skb, orig_node_gw, 985 hdr_size); 986 batadv_orig_node_put(orig_node_gw); 987 if (is_gw) { 988 batadv_dbg(BATADV_DBG_BLA, bat_priv, 989 "%s(): Dropped unicast pkt received from another backbone gw %pM.\n", 990 __func__, orig_addr_gw); 991 goto free_skb; 992 } 993 } 994 995 if (is4addr) { 996 subtype = unicast_4addr_packet->subtype; 997 batadv_dat_inc_counter(bat_priv, subtype); 998 999 /* Only payload data should be considered for speedy 1000 * join. For example, DAT also uses unicast 4addr 1001 * types, but those packets should not be considered 1002 * for speedy join, since the clients do not actually 1003 * reside at the sending originator. 1004 */ 1005 if (subtype == BATADV_P_DATA) { 1006 orig_addr = unicast_4addr_packet->src; 1007 orig_node = batadv_orig_hash_find(bat_priv, 1008 orig_addr); 1009 } 1010 } 1011 1012 if (batadv_dat_snoop_incoming_arp_request(bat_priv, skb, 1013 hdr_size)) 1014 goto rx_success; 1015 if (batadv_dat_snoop_incoming_arp_reply(bat_priv, skb, 1016 hdr_size)) 1017 goto rx_success; 1018 1019 batadv_interface_rx(recv_if->soft_iface, skb, hdr_size, 1020 orig_node); 1021 1022 rx_success: 1023 if (orig_node) 1024 batadv_orig_node_put(orig_node); 1025 1026 return NET_RX_SUCCESS; 1027 } 1028 1029 ret = batadv_route_unicast_packet(skb, recv_if); 1030 /* skb was consumed */ 1031 skb = NULL; 1032 1033 free_skb: 1034 kfree_skb(skb); 1035 1036 return ret; 1037 } 1038 1039 /** 1040 * batadv_recv_unicast_tvlv - receive and process unicast tvlv packets 1041 * @skb: unicast tvlv packet to process 1042 * @recv_if: pointer to interface this packet was received on 1043 * 1044 * Return: NET_RX_SUCCESS if the packet has been consumed or NET_RX_DROP 1045 * otherwise. 1046 */ 1047 int batadv_recv_unicast_tvlv(struct sk_buff *skb, 1048 struct batadv_hard_iface *recv_if) 1049 { 1050 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface); 1051 struct batadv_unicast_tvlv_packet *unicast_tvlv_packet; 1052 unsigned char *tvlv_buff; 1053 u16 tvlv_buff_len; 1054 int hdr_size = sizeof(*unicast_tvlv_packet); 1055 int ret = NET_RX_DROP; 1056 1057 if (batadv_check_unicast_packet(bat_priv, skb, hdr_size) < 0) 1058 goto free_skb; 1059 1060 /* the header is likely to be modified while forwarding */ 1061 if (skb_cow(skb, hdr_size) < 0) 1062 goto free_skb; 1063 1064 /* packet needs to be linearized to access the tvlv content */ 1065 if (skb_linearize(skb) < 0) 1066 goto free_skb; 1067 1068 unicast_tvlv_packet = (struct batadv_unicast_tvlv_packet *)skb->data; 1069 1070 tvlv_buff = (unsigned char *)(skb->data + hdr_size); 1071 tvlv_buff_len = ntohs(unicast_tvlv_packet->tvlv_len); 1072 1073 if (tvlv_buff_len > skb->len - hdr_size) 1074 goto free_skb; 1075 1076 ret = batadv_tvlv_containers_process(bat_priv, false, NULL, 1077 unicast_tvlv_packet->src, 1078 unicast_tvlv_packet->dst, 1079 tvlv_buff, tvlv_buff_len); 1080 1081 if (ret != NET_RX_SUCCESS) { 1082 ret = batadv_route_unicast_packet(skb, recv_if); 1083 /* skb was consumed */ 1084 skb = NULL; 1085 } 1086 1087 free_skb: 1088 kfree_skb(skb); 1089 1090 return ret; 1091 } 1092 1093 /** 1094 * batadv_recv_frag_packet - process received fragment 1095 * @skb: the received fragment 1096 * @recv_if: interface that the skb is received on 1097 * 1098 * This function does one of the three following things: 1) Forward fragment, if 1099 * the assembled packet will exceed our MTU; 2) Buffer fragment, if we till 1100 * lack further fragments; 3) Merge fragments, if we have all needed parts. 1101 * 1102 * Return: NET_RX_DROP if the skb is not consumed, NET_RX_SUCCESS otherwise. 1103 */ 1104 int batadv_recv_frag_packet(struct sk_buff *skb, 1105 struct batadv_hard_iface *recv_if) 1106 { 1107 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface); 1108 struct batadv_orig_node *orig_node_src = NULL; 1109 struct batadv_frag_packet *frag_packet; 1110 int ret = NET_RX_DROP; 1111 1112 if (batadv_check_unicast_packet(bat_priv, skb, 1113 sizeof(*frag_packet)) < 0) 1114 goto free_skb; 1115 1116 frag_packet = (struct batadv_frag_packet *)skb->data; 1117 orig_node_src = batadv_orig_hash_find(bat_priv, frag_packet->orig); 1118 if (!orig_node_src) 1119 goto free_skb; 1120 1121 skb->priority = frag_packet->priority + 256; 1122 1123 /* Route the fragment if it is not for us and too big to be merged. */ 1124 if (!batadv_is_my_mac(bat_priv, frag_packet->dest) && 1125 batadv_frag_skb_fwd(skb, recv_if, orig_node_src)) { 1126 /* skb was consumed */ 1127 skb = NULL; 1128 ret = NET_RX_SUCCESS; 1129 goto put_orig_node; 1130 } 1131 1132 batadv_inc_counter(bat_priv, BATADV_CNT_FRAG_RX); 1133 batadv_add_counter(bat_priv, BATADV_CNT_FRAG_RX_BYTES, skb->len); 1134 1135 /* Add fragment to buffer and merge if possible. */ 1136 if (!batadv_frag_skb_buffer(&skb, orig_node_src)) 1137 goto put_orig_node; 1138 1139 /* Deliver merged packet to the appropriate handler, if it was 1140 * merged 1141 */ 1142 if (skb) { 1143 batadv_batman_skb_recv(skb, recv_if->net_dev, 1144 &recv_if->batman_adv_ptype, NULL); 1145 /* skb was consumed */ 1146 skb = NULL; 1147 } 1148 1149 ret = NET_RX_SUCCESS; 1150 1151 put_orig_node: 1152 batadv_orig_node_put(orig_node_src); 1153 free_skb: 1154 kfree_skb(skb); 1155 1156 return ret; 1157 } 1158 1159 int batadv_recv_bcast_packet(struct sk_buff *skb, 1160 struct batadv_hard_iface *recv_if) 1161 { 1162 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface); 1163 struct batadv_orig_node *orig_node = NULL; 1164 struct batadv_bcast_packet *bcast_packet; 1165 struct ethhdr *ethhdr; 1166 int hdr_size = sizeof(*bcast_packet); 1167 int ret = NET_RX_DROP; 1168 s32 seq_diff; 1169 u32 seqno; 1170 1171 /* drop packet if it has not necessary minimum size */ 1172 if (unlikely(!pskb_may_pull(skb, hdr_size))) 1173 goto free_skb; 1174 1175 ethhdr = eth_hdr(skb); 1176 1177 /* packet with broadcast indication but unicast recipient */ 1178 if (!is_broadcast_ether_addr(ethhdr->h_dest)) 1179 goto free_skb; 1180 1181 /* packet with broadcast/multicast sender address */ 1182 if (is_multicast_ether_addr(ethhdr->h_source)) 1183 goto free_skb; 1184 1185 /* ignore broadcasts sent by myself */ 1186 if (batadv_is_my_mac(bat_priv, ethhdr->h_source)) 1187 goto free_skb; 1188 1189 bcast_packet = (struct batadv_bcast_packet *)skb->data; 1190 1191 /* ignore broadcasts originated by myself */ 1192 if (batadv_is_my_mac(bat_priv, bcast_packet->orig)) 1193 goto free_skb; 1194 1195 if (bcast_packet->ttl < 2) 1196 goto free_skb; 1197 1198 orig_node = batadv_orig_hash_find(bat_priv, bcast_packet->orig); 1199 1200 if (!orig_node) 1201 goto free_skb; 1202 1203 spin_lock_bh(&orig_node->bcast_seqno_lock); 1204 1205 seqno = ntohl(bcast_packet->seqno); 1206 /* check whether the packet is a duplicate */ 1207 if (batadv_test_bit(orig_node->bcast_bits, orig_node->last_bcast_seqno, 1208 seqno)) 1209 goto spin_unlock; 1210 1211 seq_diff = seqno - orig_node->last_bcast_seqno; 1212 1213 /* check whether the packet is old and the host just restarted. */ 1214 if (batadv_window_protected(bat_priv, seq_diff, 1215 BATADV_BCAST_MAX_AGE, 1216 &orig_node->bcast_seqno_reset, NULL)) 1217 goto spin_unlock; 1218 1219 /* mark broadcast in flood history, update window position 1220 * if required. 1221 */ 1222 if (batadv_bit_get_packet(bat_priv, orig_node->bcast_bits, seq_diff, 1)) 1223 orig_node->last_bcast_seqno = seqno; 1224 1225 spin_unlock_bh(&orig_node->bcast_seqno_lock); 1226 1227 /* check whether this has been sent by another originator before */ 1228 if (batadv_bla_check_bcast_duplist(bat_priv, skb)) 1229 goto free_skb; 1230 1231 batadv_skb_set_priority(skb, sizeof(struct batadv_bcast_packet)); 1232 1233 /* rebroadcast packet */ 1234 batadv_add_bcast_packet_to_list(bat_priv, skb, 1, false); 1235 1236 /* don't hand the broadcast up if it is from an originator 1237 * from the same backbone. 1238 */ 1239 if (batadv_bla_is_backbone_gw(skb, orig_node, hdr_size)) 1240 goto free_skb; 1241 1242 if (batadv_dat_snoop_incoming_arp_request(bat_priv, skb, hdr_size)) 1243 goto rx_success; 1244 if (batadv_dat_snoop_incoming_arp_reply(bat_priv, skb, hdr_size)) 1245 goto rx_success; 1246 1247 /* broadcast for me */ 1248 batadv_interface_rx(recv_if->soft_iface, skb, hdr_size, orig_node); 1249 1250 rx_success: 1251 ret = NET_RX_SUCCESS; 1252 goto out; 1253 1254 spin_unlock: 1255 spin_unlock_bh(&orig_node->bcast_seqno_lock); 1256 free_skb: 1257 kfree_skb(skb); 1258 out: 1259 if (orig_node) 1260 batadv_orig_node_put(orig_node); 1261 return ret; 1262 } 1263