1 /* 2 * Extension Header handling for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Andi Kleen <ak@muc.de> 8 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> 9 * 10 * $Id: exthdrs.c,v 1.13 2001/06/19 15:58:56 davem Exp $ 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; either version 15 * 2 of the License, or (at your option) any later version. 16 */ 17 18 /* Changes: 19 * yoshfuji : ensure not to overrun while parsing 20 * tlv options. 21 * Mitsuru KANDA @USAGI and: Remove ipv6_parse_exthdrs(). 22 * YOSHIFUJI Hideaki @USAGI Register inbound extension header 23 * handlers as inet6_protocol{}. 24 */ 25 26 #include <linux/errno.h> 27 #include <linux/types.h> 28 #include <linux/socket.h> 29 #include <linux/sockios.h> 30 #include <linux/net.h> 31 #include <linux/netdevice.h> 32 #include <linux/in6.h> 33 #include <linux/icmpv6.h> 34 35 #include <net/sock.h> 36 #include <net/snmp.h> 37 38 #include <net/ipv6.h> 39 #include <net/protocol.h> 40 #include <net/transp_v6.h> 41 #include <net/rawv6.h> 42 #include <net/ndisc.h> 43 #include <net/ip6_route.h> 44 #include <net/addrconf.h> 45 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 46 #include <net/xfrm.h> 47 #endif 48 49 #include <asm/uaccess.h> 50 51 int ipv6_find_tlv(struct sk_buff *skb, int offset, int type) 52 { 53 const unsigned char *nh = skb_network_header(skb); 54 int packet_len = skb->tail - skb->network_header; 55 struct ipv6_opt_hdr *hdr; 56 int len; 57 58 if (offset + 2 > packet_len) 59 goto bad; 60 hdr = (struct ipv6_opt_hdr *)(nh + offset); 61 len = ((hdr->hdrlen + 1) << 3); 62 63 if (offset + len > packet_len) 64 goto bad; 65 66 offset += 2; 67 len -= 2; 68 69 while (len > 0) { 70 int opttype = nh[offset]; 71 int optlen; 72 73 if (opttype == type) 74 return offset; 75 76 switch (opttype) { 77 case IPV6_TLV_PAD0: 78 optlen = 1; 79 break; 80 default: 81 optlen = nh[offset + 1] + 2; 82 if (optlen > len) 83 goto bad; 84 break; 85 } 86 offset += optlen; 87 len -= optlen; 88 } 89 /* not_found */ 90 bad: 91 return -1; 92 } 93 EXPORT_SYMBOL_GPL(ipv6_find_tlv); 94 95 /* 96 * Parsing tlv encoded headers. 97 * 98 * Parsing function "func" returns 1, if parsing succeed 99 * and 0, if it failed. 100 * It MUST NOT touch skb->h. 101 */ 102 103 struct tlvtype_proc { 104 int type; 105 int (*func)(struct sk_buff **skbp, int offset); 106 }; 107 108 /********************* 109 Generic functions 110 *********************/ 111 112 /* An unknown option is detected, decide what to do */ 113 114 static int ip6_tlvopt_unknown(struct sk_buff **skbp, int optoff) 115 { 116 struct sk_buff *skb = *skbp; 117 118 switch ((skb_network_header(skb)[optoff] & 0xC0) >> 6) { 119 case 0: /* ignore */ 120 return 1; 121 122 case 1: /* drop packet */ 123 break; 124 125 case 3: /* Send ICMP if not a multicast address and drop packet */ 126 /* Actually, it is redundant check. icmp_send 127 will recheck in any case. 128 */ 129 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) 130 break; 131 case 2: /* send ICMP PARM PROB regardless and drop packet */ 132 icmpv6_param_prob(skb, ICMPV6_UNK_OPTION, optoff); 133 return 0; 134 } 135 136 kfree_skb(skb); 137 return 0; 138 } 139 140 /* Parse tlv encoded option header (hop-by-hop or destination) */ 141 142 static int ip6_parse_tlv(struct tlvtype_proc *procs, struct sk_buff **skbp) 143 { 144 struct sk_buff *skb = *skbp; 145 struct tlvtype_proc *curr; 146 const unsigned char *nh = skb_network_header(skb); 147 int off = skb_network_header_len(skb); 148 int len = (skb_transport_header(skb)[1] + 1) << 3; 149 150 if (skb_transport_offset(skb) + len > skb_headlen(skb)) 151 goto bad; 152 153 off += 2; 154 len -= 2; 155 156 while (len > 0) { 157 int optlen = nh[off + 1] + 2; 158 159 switch (nh[off]) { 160 case IPV6_TLV_PAD0: 161 optlen = 1; 162 break; 163 164 case IPV6_TLV_PADN: 165 break; 166 167 default: /* Other TLV code so scan list */ 168 if (optlen > len) 169 goto bad; 170 for (curr=procs; curr->type >= 0; curr++) { 171 if (curr->type == nh[off]) { 172 /* type specific length/alignment 173 checks will be performed in the 174 func(). */ 175 if (curr->func(skbp, off) == 0) 176 return 0; 177 break; 178 } 179 } 180 if (curr->type < 0) { 181 if (ip6_tlvopt_unknown(skbp, off) == 0) 182 return 0; 183 } 184 break; 185 } 186 off += optlen; 187 len -= optlen; 188 } 189 if (len == 0) 190 return 1; 191 bad: 192 kfree_skb(skb); 193 return 0; 194 } 195 196 /***************************** 197 Destination options header. 198 *****************************/ 199 200 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 201 static int ipv6_dest_hao(struct sk_buff **skbp, int optoff) 202 { 203 struct sk_buff *skb = *skbp; 204 struct ipv6_destopt_hao *hao; 205 struct inet6_skb_parm *opt = IP6CB(skb); 206 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 207 struct in6_addr tmp_addr; 208 int ret; 209 210 if (opt->dsthao) { 211 LIMIT_NETDEBUG(KERN_DEBUG "hao duplicated\n"); 212 goto discard; 213 } 214 opt->dsthao = opt->dst1; 215 opt->dst1 = 0; 216 217 hao = (struct ipv6_destopt_hao *)(skb_network_header(skb) + optoff); 218 219 if (hao->length != 16) { 220 LIMIT_NETDEBUG( 221 KERN_DEBUG "hao invalid option length = %d\n", hao->length); 222 goto discard; 223 } 224 225 if (!(ipv6_addr_type(&hao->addr) & IPV6_ADDR_UNICAST)) { 226 LIMIT_NETDEBUG( 227 KERN_DEBUG "hao is not an unicast addr: " NIP6_FMT "\n", NIP6(hao->addr)); 228 goto discard; 229 } 230 231 ret = xfrm6_input_addr(skb, (xfrm_address_t *)&ipv6h->daddr, 232 (xfrm_address_t *)&hao->addr, IPPROTO_DSTOPTS); 233 if (unlikely(ret < 0)) 234 goto discard; 235 236 if (skb_cloned(skb)) { 237 struct sk_buff *skb2 = skb_copy(skb, GFP_ATOMIC); 238 struct inet6_skb_parm *opt2; 239 240 if (skb2 == NULL) 241 goto discard; 242 243 opt2 = IP6CB(skb2); 244 memcpy(opt2, opt, sizeof(*opt2)); 245 246 kfree_skb(skb); 247 248 /* update all variable using below by copied skbuff */ 249 *skbp = skb = skb2; 250 hao = (struct ipv6_destopt_hao *)(skb_network_header(skb2) + 251 optoff); 252 ipv6h = ipv6_hdr(skb2); 253 } 254 255 if (skb->ip_summed == CHECKSUM_COMPLETE) 256 skb->ip_summed = CHECKSUM_NONE; 257 258 ipv6_addr_copy(&tmp_addr, &ipv6h->saddr); 259 ipv6_addr_copy(&ipv6h->saddr, &hao->addr); 260 ipv6_addr_copy(&hao->addr, &tmp_addr); 261 262 if (skb->tstamp.tv64 == 0) 263 __net_timestamp(skb); 264 265 return 1; 266 267 discard: 268 kfree_skb(skb); 269 return 0; 270 } 271 #endif 272 273 static struct tlvtype_proc tlvprocdestopt_lst[] = { 274 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 275 { 276 .type = IPV6_TLV_HAO, 277 .func = ipv6_dest_hao, 278 }, 279 #endif 280 {-1, NULL} 281 }; 282 283 static int ipv6_destopt_rcv(struct sk_buff **skbp) 284 { 285 struct sk_buff *skb = *skbp; 286 struct inet6_skb_parm *opt = IP6CB(skb); 287 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 288 __u16 dstbuf; 289 #endif 290 struct dst_entry *dst; 291 292 if (!pskb_may_pull(skb, skb_transport_offset(skb) + 8) || 293 !pskb_may_pull(skb, (skb_transport_offset(skb) + 294 ((skb_transport_header(skb)[1] + 1) << 3)))) { 295 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 296 IPSTATS_MIB_INHDRERRORS); 297 kfree_skb(skb); 298 return -1; 299 } 300 301 opt->lastopt = opt->dst1 = skb_network_header_len(skb); 302 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 303 dstbuf = opt->dst1; 304 #endif 305 306 dst = dst_clone(skb->dst); 307 if (ip6_parse_tlv(tlvprocdestopt_lst, skbp)) { 308 dst_release(dst); 309 skb = *skbp; 310 skb->transport_header += (skb_transport_header(skb)[1] + 1) << 3; 311 opt = IP6CB(skb); 312 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 313 opt->nhoff = dstbuf; 314 #else 315 opt->nhoff = opt->dst1; 316 #endif 317 return 1; 318 } 319 320 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS); 321 dst_release(dst); 322 return -1; 323 } 324 325 static struct inet6_protocol destopt_protocol = { 326 .handler = ipv6_destopt_rcv, 327 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_GSO_EXTHDR, 328 }; 329 330 void __init ipv6_destopt_init(void) 331 { 332 if (inet6_add_protocol(&destopt_protocol, IPPROTO_DSTOPTS) < 0) 333 printk(KERN_ERR "ipv6_destopt_init: Could not register protocol\n"); 334 } 335 336 /******************************** 337 NONE header. No data in packet. 338 ********************************/ 339 340 static int ipv6_nodata_rcv(struct sk_buff **skbp) 341 { 342 struct sk_buff *skb = *skbp; 343 344 kfree_skb(skb); 345 return 0; 346 } 347 348 static struct inet6_protocol nodata_protocol = { 349 .handler = ipv6_nodata_rcv, 350 .flags = INET6_PROTO_NOPOLICY, 351 }; 352 353 void __init ipv6_nodata_init(void) 354 { 355 if (inet6_add_protocol(&nodata_protocol, IPPROTO_NONE) < 0) 356 printk(KERN_ERR "ipv6_nodata_init: Could not register protocol\n"); 357 } 358 359 /******************************** 360 Routing header. 361 ********************************/ 362 363 static int ipv6_rthdr_rcv(struct sk_buff **skbp) 364 { 365 struct sk_buff *skb = *skbp; 366 struct inet6_skb_parm *opt = IP6CB(skb); 367 struct in6_addr *addr = NULL; 368 struct in6_addr daddr; 369 struct inet6_dev *idev; 370 int n, i; 371 struct ipv6_rt_hdr *hdr; 372 struct rt0_hdr *rthdr; 373 int accept_source_route = ipv6_devconf.accept_source_route; 374 375 idev = in6_dev_get(skb->dev); 376 if (idev) { 377 if (accept_source_route > idev->cnf.accept_source_route) 378 accept_source_route = idev->cnf.accept_source_route; 379 in6_dev_put(idev); 380 } 381 382 if (!pskb_may_pull(skb, skb_transport_offset(skb) + 8) || 383 !pskb_may_pull(skb, (skb_transport_offset(skb) + 384 ((skb_transport_header(skb)[1] + 1) << 3)))) { 385 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 386 IPSTATS_MIB_INHDRERRORS); 387 kfree_skb(skb); 388 return -1; 389 } 390 391 hdr = (struct ipv6_rt_hdr *)skb_transport_header(skb); 392 393 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) || 394 skb->pkt_type != PACKET_HOST) { 395 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 396 IPSTATS_MIB_INADDRERRORS); 397 kfree_skb(skb); 398 return -1; 399 } 400 401 looped_back: 402 if (hdr->segments_left == 0) { 403 switch (hdr->type) { 404 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 405 case IPV6_SRCRT_TYPE_2: 406 /* Silently discard type 2 header unless it was 407 * processed by own 408 */ 409 if (!addr) { 410 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 411 IPSTATS_MIB_INADDRERRORS); 412 kfree_skb(skb); 413 return -1; 414 } 415 break; 416 #endif 417 default: 418 break; 419 } 420 421 opt->lastopt = opt->srcrt = skb_network_header_len(skb); 422 skb->transport_header += (hdr->hdrlen + 1) << 3; 423 opt->dst0 = opt->dst1; 424 opt->dst1 = 0; 425 opt->nhoff = (&hdr->nexthdr) - skb_network_header(skb); 426 return 1; 427 } 428 429 switch (hdr->type) { 430 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 431 case IPV6_SRCRT_TYPE_2: 432 if (accept_source_route < 0) 433 goto unknown_rh; 434 /* Silently discard invalid RTH type 2 */ 435 if (hdr->hdrlen != 2 || hdr->segments_left != 1) { 436 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 437 IPSTATS_MIB_INHDRERRORS); 438 kfree_skb(skb); 439 return -1; 440 } 441 break; 442 #endif 443 default: 444 goto unknown_rh; 445 } 446 447 /* 448 * This is the routing header forwarding algorithm from 449 * RFC 2460, page 16. 450 */ 451 452 n = hdr->hdrlen >> 1; 453 454 if (hdr->segments_left > n) { 455 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 456 IPSTATS_MIB_INHDRERRORS); 457 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, 458 ((&hdr->segments_left) - 459 skb_network_header(skb))); 460 return -1; 461 } 462 463 /* We are about to mangle packet header. Be careful! 464 Do not damage packets queued somewhere. 465 */ 466 if (skb_cloned(skb)) { 467 struct sk_buff *skb2 = skb_copy(skb, GFP_ATOMIC); 468 /* the copy is a forwarded packet */ 469 if (skb2 == NULL) { 470 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 471 IPSTATS_MIB_OUTDISCARDS); 472 kfree_skb(skb); 473 return -1; 474 } 475 kfree_skb(skb); 476 *skbp = skb = skb2; 477 opt = IP6CB(skb2); 478 hdr = (struct ipv6_rt_hdr *)skb_transport_header(skb2); 479 } 480 481 if (skb->ip_summed == CHECKSUM_COMPLETE) 482 skb->ip_summed = CHECKSUM_NONE; 483 484 i = n - --hdr->segments_left; 485 486 rthdr = (struct rt0_hdr *) hdr; 487 addr = rthdr->addr; 488 addr += i - 1; 489 490 switch (hdr->type) { 491 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 492 case IPV6_SRCRT_TYPE_2: 493 if (xfrm6_input_addr(skb, (xfrm_address_t *)addr, 494 (xfrm_address_t *)&ipv6_hdr(skb)->saddr, 495 IPPROTO_ROUTING) < 0) { 496 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 497 IPSTATS_MIB_INADDRERRORS); 498 kfree_skb(skb); 499 return -1; 500 } 501 if (!ipv6_chk_home_addr(addr)) { 502 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 503 IPSTATS_MIB_INADDRERRORS); 504 kfree_skb(skb); 505 return -1; 506 } 507 break; 508 #endif 509 default: 510 break; 511 } 512 513 if (ipv6_addr_is_multicast(addr)) { 514 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 515 IPSTATS_MIB_INADDRERRORS); 516 kfree_skb(skb); 517 return -1; 518 } 519 520 ipv6_addr_copy(&daddr, addr); 521 ipv6_addr_copy(addr, &ipv6_hdr(skb)->daddr); 522 ipv6_addr_copy(&ipv6_hdr(skb)->daddr, &daddr); 523 524 dst_release(xchg(&skb->dst, NULL)); 525 ip6_route_input(skb); 526 if (skb->dst->error) { 527 skb_push(skb, skb->data - skb_network_header(skb)); 528 dst_input(skb); 529 return -1; 530 } 531 532 if (skb->dst->dev->flags&IFF_LOOPBACK) { 533 if (ipv6_hdr(skb)->hop_limit <= 1) { 534 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 535 IPSTATS_MIB_INHDRERRORS); 536 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 537 0, skb->dev); 538 kfree_skb(skb); 539 return -1; 540 } 541 ipv6_hdr(skb)->hop_limit--; 542 goto looped_back; 543 } 544 545 skb_push(skb, skb->data - skb_network_header(skb)); 546 dst_input(skb); 547 return -1; 548 549 unknown_rh: 550 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), IPSTATS_MIB_INHDRERRORS); 551 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, 552 (&hdr->type) - skb_network_header(skb)); 553 return -1; 554 } 555 556 static struct inet6_protocol rthdr_protocol = { 557 .handler = ipv6_rthdr_rcv, 558 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_GSO_EXTHDR, 559 }; 560 561 void __init ipv6_rthdr_init(void) 562 { 563 if (inet6_add_protocol(&rthdr_protocol, IPPROTO_ROUTING) < 0) 564 printk(KERN_ERR "ipv6_rthdr_init: Could not register protocol\n"); 565 }; 566 567 /********************************** 568 Hop-by-hop options. 569 **********************************/ 570 571 /* 572 * Note: we cannot rely on skb->dst before we assign it in ip6_route_input(). 573 */ 574 static inline struct inet6_dev *ipv6_skb_idev(struct sk_buff *skb) 575 { 576 return skb->dst ? ip6_dst_idev(skb->dst) : __in6_dev_get(skb->dev); 577 } 578 579 /* Router Alert as of RFC 2711 */ 580 581 static int ipv6_hop_ra(struct sk_buff **skbp, int optoff) 582 { 583 struct sk_buff *skb = *skbp; 584 const unsigned char *nh = skb_network_header(skb); 585 586 if (nh[optoff + 1] == 2) { 587 IP6CB(skb)->ra = optoff; 588 return 1; 589 } 590 LIMIT_NETDEBUG(KERN_DEBUG "ipv6_hop_ra: wrong RA length %d\n", 591 nh[optoff + 1]); 592 kfree_skb(skb); 593 return 0; 594 } 595 596 /* Jumbo payload */ 597 598 static int ipv6_hop_jumbo(struct sk_buff **skbp, int optoff) 599 { 600 struct sk_buff *skb = *skbp; 601 const unsigned char *nh = skb_network_header(skb); 602 u32 pkt_len; 603 604 if (nh[optoff + 1] != 4 || (optoff & 3) != 2) { 605 LIMIT_NETDEBUG(KERN_DEBUG "ipv6_hop_jumbo: wrong jumbo opt length/alignment %d\n", 606 nh[optoff+1]); 607 IP6_INC_STATS_BH(ipv6_skb_idev(skb), 608 IPSTATS_MIB_INHDRERRORS); 609 goto drop; 610 } 611 612 pkt_len = ntohl(*(__be32 *)(nh + optoff + 2)); 613 if (pkt_len <= IPV6_MAXPLEN) { 614 IP6_INC_STATS_BH(ipv6_skb_idev(skb), IPSTATS_MIB_INHDRERRORS); 615 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff+2); 616 return 0; 617 } 618 if (ipv6_hdr(skb)->payload_len) { 619 IP6_INC_STATS_BH(ipv6_skb_idev(skb), IPSTATS_MIB_INHDRERRORS); 620 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff); 621 return 0; 622 } 623 624 if (pkt_len > skb->len - sizeof(struct ipv6hdr)) { 625 IP6_INC_STATS_BH(ipv6_skb_idev(skb), IPSTATS_MIB_INTRUNCATEDPKTS); 626 goto drop; 627 } 628 629 if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr))) 630 goto drop; 631 632 return 1; 633 634 drop: 635 kfree_skb(skb); 636 return 0; 637 } 638 639 static struct tlvtype_proc tlvprochopopt_lst[] = { 640 { 641 .type = IPV6_TLV_ROUTERALERT, 642 .func = ipv6_hop_ra, 643 }, 644 { 645 .type = IPV6_TLV_JUMBO, 646 .func = ipv6_hop_jumbo, 647 }, 648 { -1, } 649 }; 650 651 int ipv6_parse_hopopts(struct sk_buff **skbp) 652 { 653 struct sk_buff *skb = *skbp; 654 struct inet6_skb_parm *opt = IP6CB(skb); 655 656 /* 657 * skb_network_header(skb) is equal to skb->data, and 658 * skb_network_header_len(skb) is always equal to 659 * sizeof(struct ipv6hdr) by definition of 660 * hop-by-hop options. 661 */ 662 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr) + 8) || 663 !pskb_may_pull(skb, (sizeof(struct ipv6hdr) + 664 ((skb_transport_header(skb)[1] + 1) << 3)))) { 665 kfree_skb(skb); 666 return -1; 667 } 668 669 opt->hop = sizeof(struct ipv6hdr); 670 if (ip6_parse_tlv(tlvprochopopt_lst, skbp)) { 671 skb = *skbp; 672 skb->transport_header += (skb_transport_header(skb)[1] + 1) << 3; 673 opt = IP6CB(skb); 674 opt->nhoff = sizeof(struct ipv6hdr); 675 return 1; 676 } 677 return -1; 678 } 679 680 /* 681 * Creating outbound headers. 682 * 683 * "build" functions work when skb is filled from head to tail (datagram) 684 * "push" functions work when headers are added from tail to head (tcp) 685 * 686 * In both cases we assume, that caller reserved enough room 687 * for headers. 688 */ 689 690 static void ipv6_push_rthdr(struct sk_buff *skb, u8 *proto, 691 struct ipv6_rt_hdr *opt, 692 struct in6_addr **addr_p) 693 { 694 struct rt0_hdr *phdr, *ihdr; 695 int hops; 696 697 ihdr = (struct rt0_hdr *) opt; 698 699 phdr = (struct rt0_hdr *) skb_push(skb, (ihdr->rt_hdr.hdrlen + 1) << 3); 700 memcpy(phdr, ihdr, sizeof(struct rt0_hdr)); 701 702 hops = ihdr->rt_hdr.hdrlen >> 1; 703 704 if (hops > 1) 705 memcpy(phdr->addr, ihdr->addr + 1, 706 (hops - 1) * sizeof(struct in6_addr)); 707 708 ipv6_addr_copy(phdr->addr + (hops - 1), *addr_p); 709 *addr_p = ihdr->addr; 710 711 phdr->rt_hdr.nexthdr = *proto; 712 *proto = NEXTHDR_ROUTING; 713 } 714 715 static void ipv6_push_exthdr(struct sk_buff *skb, u8 *proto, u8 type, struct ipv6_opt_hdr *opt) 716 { 717 struct ipv6_opt_hdr *h = (struct ipv6_opt_hdr *)skb_push(skb, ipv6_optlen(opt)); 718 719 memcpy(h, opt, ipv6_optlen(opt)); 720 h->nexthdr = *proto; 721 *proto = type; 722 } 723 724 void ipv6_push_nfrag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt, 725 u8 *proto, 726 struct in6_addr **daddr) 727 { 728 if (opt->srcrt) { 729 ipv6_push_rthdr(skb, proto, opt->srcrt, daddr); 730 /* 731 * IPV6_RTHDRDSTOPTS is ignored 732 * unless IPV6_RTHDR is set (RFC3542). 733 */ 734 if (opt->dst0opt) 735 ipv6_push_exthdr(skb, proto, NEXTHDR_DEST, opt->dst0opt); 736 } 737 if (opt->hopopt) 738 ipv6_push_exthdr(skb, proto, NEXTHDR_HOP, opt->hopopt); 739 } 740 741 EXPORT_SYMBOL(ipv6_push_nfrag_opts); 742 743 void ipv6_push_frag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt, u8 *proto) 744 { 745 if (opt->dst1opt) 746 ipv6_push_exthdr(skb, proto, NEXTHDR_DEST, opt->dst1opt); 747 } 748 749 struct ipv6_txoptions * 750 ipv6_dup_options(struct sock *sk, struct ipv6_txoptions *opt) 751 { 752 struct ipv6_txoptions *opt2; 753 754 opt2 = sock_kmalloc(sk, opt->tot_len, GFP_ATOMIC); 755 if (opt2) { 756 long dif = (char*)opt2 - (char*)opt; 757 memcpy(opt2, opt, opt->tot_len); 758 if (opt2->hopopt) 759 *((char**)&opt2->hopopt) += dif; 760 if (opt2->dst0opt) 761 *((char**)&opt2->dst0opt) += dif; 762 if (opt2->dst1opt) 763 *((char**)&opt2->dst1opt) += dif; 764 if (opt2->srcrt) 765 *((char**)&opt2->srcrt) += dif; 766 } 767 return opt2; 768 } 769 770 EXPORT_SYMBOL_GPL(ipv6_dup_options); 771 772 static int ipv6_renew_option(void *ohdr, 773 struct ipv6_opt_hdr __user *newopt, int newoptlen, 774 int inherit, 775 struct ipv6_opt_hdr **hdr, 776 char **p) 777 { 778 if (inherit) { 779 if (ohdr) { 780 memcpy(*p, ohdr, ipv6_optlen((struct ipv6_opt_hdr *)ohdr)); 781 *hdr = (struct ipv6_opt_hdr *)*p; 782 *p += CMSG_ALIGN(ipv6_optlen(*(struct ipv6_opt_hdr **)hdr)); 783 } 784 } else { 785 if (newopt) { 786 if (copy_from_user(*p, newopt, newoptlen)) 787 return -EFAULT; 788 *hdr = (struct ipv6_opt_hdr *)*p; 789 if (ipv6_optlen(*(struct ipv6_opt_hdr **)hdr) > newoptlen) 790 return -EINVAL; 791 *p += CMSG_ALIGN(newoptlen); 792 } 793 } 794 return 0; 795 } 796 797 struct ipv6_txoptions * 798 ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt, 799 int newtype, 800 struct ipv6_opt_hdr __user *newopt, int newoptlen) 801 { 802 int tot_len = 0; 803 char *p; 804 struct ipv6_txoptions *opt2; 805 int err; 806 807 if (opt) { 808 if (newtype != IPV6_HOPOPTS && opt->hopopt) 809 tot_len += CMSG_ALIGN(ipv6_optlen(opt->hopopt)); 810 if (newtype != IPV6_RTHDRDSTOPTS && opt->dst0opt) 811 tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst0opt)); 812 if (newtype != IPV6_RTHDR && opt->srcrt) 813 tot_len += CMSG_ALIGN(ipv6_optlen(opt->srcrt)); 814 if (newtype != IPV6_DSTOPTS && opt->dst1opt) 815 tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst1opt)); 816 } 817 818 if (newopt && newoptlen) 819 tot_len += CMSG_ALIGN(newoptlen); 820 821 if (!tot_len) 822 return NULL; 823 824 tot_len += sizeof(*opt2); 825 opt2 = sock_kmalloc(sk, tot_len, GFP_ATOMIC); 826 if (!opt2) 827 return ERR_PTR(-ENOBUFS); 828 829 memset(opt2, 0, tot_len); 830 831 opt2->tot_len = tot_len; 832 p = (char *)(opt2 + 1); 833 834 err = ipv6_renew_option(opt ? opt->hopopt : NULL, newopt, newoptlen, 835 newtype != IPV6_HOPOPTS, 836 &opt2->hopopt, &p); 837 if (err) 838 goto out; 839 840 err = ipv6_renew_option(opt ? opt->dst0opt : NULL, newopt, newoptlen, 841 newtype != IPV6_RTHDRDSTOPTS, 842 &opt2->dst0opt, &p); 843 if (err) 844 goto out; 845 846 err = ipv6_renew_option(opt ? opt->srcrt : NULL, newopt, newoptlen, 847 newtype != IPV6_RTHDR, 848 (struct ipv6_opt_hdr **)&opt2->srcrt, &p); 849 if (err) 850 goto out; 851 852 err = ipv6_renew_option(opt ? opt->dst1opt : NULL, newopt, newoptlen, 853 newtype != IPV6_DSTOPTS, 854 &opt2->dst1opt, &p); 855 if (err) 856 goto out; 857 858 opt2->opt_nflen = (opt2->hopopt ? ipv6_optlen(opt2->hopopt) : 0) + 859 (opt2->dst0opt ? ipv6_optlen(opt2->dst0opt) : 0) + 860 (opt2->srcrt ? ipv6_optlen(opt2->srcrt) : 0); 861 opt2->opt_flen = (opt2->dst1opt ? ipv6_optlen(opt2->dst1opt) : 0); 862 863 return opt2; 864 out: 865 sock_kfree_s(sk, opt2, opt2->tot_len); 866 return ERR_PTR(err); 867 } 868 869 struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space, 870 struct ipv6_txoptions *opt) 871 { 872 /* 873 * ignore the dest before srcrt unless srcrt is being included. 874 * --yoshfuji 875 */ 876 if (opt && opt->dst0opt && !opt->srcrt) { 877 if (opt_space != opt) { 878 memcpy(opt_space, opt, sizeof(*opt_space)); 879 opt = opt_space; 880 } 881 opt->opt_nflen -= ipv6_optlen(opt->dst0opt); 882 opt->dst0opt = NULL; 883 } 884 885 return opt; 886 } 887 888