11da177e4SLinus Torvalds /* 21da177e4SLinus Torvalds * IPv6 input 31da177e4SLinus Torvalds * Linux INET6 implementation 41da177e4SLinus Torvalds * 51da177e4SLinus Torvalds * Authors: 61da177e4SLinus Torvalds * Pedro Roque <roque@di.fc.ul.pt> 71da177e4SLinus Torvalds * Ian P. Morris <I.P.Morris@soton.ac.uk> 81da177e4SLinus Torvalds * 91da177e4SLinus Torvalds * Based in linux/net/ipv4/ip_input.c 101da177e4SLinus Torvalds * 111da177e4SLinus Torvalds * This program is free software; you can redistribute it and/or 121da177e4SLinus Torvalds * modify it under the terms of the GNU General Public License 131da177e4SLinus Torvalds * as published by the Free Software Foundation; either version 141da177e4SLinus Torvalds * 2 of the License, or (at your option) any later version. 151da177e4SLinus Torvalds */ 161da177e4SLinus Torvalds /* Changes 171da177e4SLinus Torvalds * 181da177e4SLinus Torvalds * Mitsuru KANDA @USAGI and 191da177e4SLinus Torvalds * YOSHIFUJI Hideaki @USAGI: Remove ipv6_parse_exthdrs(). 201da177e4SLinus Torvalds */ 211da177e4SLinus Torvalds 221da177e4SLinus Torvalds #include <linux/errno.h> 231da177e4SLinus Torvalds #include <linux/types.h> 241da177e4SLinus Torvalds #include <linux/socket.h> 251da177e4SLinus Torvalds #include <linux/sockios.h> 261da177e4SLinus Torvalds #include <linux/net.h> 271da177e4SLinus Torvalds #include <linux/netdevice.h> 281da177e4SLinus Torvalds #include <linux/in6.h> 291da177e4SLinus Torvalds #include <linux/icmpv6.h> 307bc570c8SYOSHIFUJI Hideaki #include <linux/mroute6.h> 311da177e4SLinus Torvalds 321da177e4SLinus Torvalds #include <linux/netfilter.h> 331da177e4SLinus Torvalds #include <linux/netfilter_ipv6.h> 341da177e4SLinus Torvalds 351da177e4SLinus Torvalds #include <net/sock.h> 361da177e4SLinus Torvalds #include <net/snmp.h> 371da177e4SLinus Torvalds 381da177e4SLinus Torvalds #include <net/ipv6.h> 391da177e4SLinus Torvalds #include <net/protocol.h> 401da177e4SLinus Torvalds #include <net/transp_v6.h> 411da177e4SLinus Torvalds #include <net/rawv6.h> 421da177e4SLinus Torvalds #include <net/ndisc.h> 431da177e4SLinus Torvalds #include <net/ip6_route.h> 441da177e4SLinus Torvalds #include <net/addrconf.h> 451da177e4SLinus Torvalds #include <net/xfrm.h> 461da177e4SLinus Torvalds 471da177e4SLinus Torvalds 481da177e4SLinus Torvalds 49b05e1066SPatrick McHardy inline int ip6_rcv_finish( struct sk_buff *skb) 501da177e4SLinus Torvalds { 51adf30907SEric Dumazet if (skb_dst(skb) == NULL) 521da177e4SLinus Torvalds ip6_route_input(skb); 531da177e4SLinus Torvalds 541da177e4SLinus Torvalds return dst_input(skb); 551da177e4SLinus Torvalds } 561da177e4SLinus Torvalds 57f2ccd8faSDavid S. Miller int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev) 581da177e4SLinus Torvalds { 591da177e4SLinus Torvalds struct ipv6hdr *hdr; 601da177e4SLinus Torvalds u32 pkt_len; 61a11d206dSYOSHIFUJI Hideaki struct inet6_dev *idev; 62483a47d2SDenis V. Lunev struct net *net = dev_net(skb->dev); 631da177e4SLinus Torvalds 64a11d206dSYOSHIFUJI Hideaki if (skb->pkt_type == PACKET_OTHERHOST) { 65a11d206dSYOSHIFUJI Hideaki kfree_skb(skb); 665c91faceSMark Smith return NET_RX_DROP; 67a11d206dSYOSHIFUJI Hideaki } 681da177e4SLinus Torvalds 69a11d206dSYOSHIFUJI Hideaki rcu_read_lock(); 70a11d206dSYOSHIFUJI Hideaki 71a11d206dSYOSHIFUJI Hideaki idev = __in6_dev_get(skb->dev); 72a11d206dSYOSHIFUJI Hideaki 73edf391ffSNeil Horman IP6_UPD_PO_STATS_BH(net, idev, IPSTATS_MIB_IN, skb->len); 741da177e4SLinus Torvalds 75778d80beSYOSHIFUJI Hideaki if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL || 76778d80beSYOSHIFUJI Hideaki !idev || unlikely(idev->cnf.disable_ipv6)) { 77483a47d2SDenis V. Lunev IP6_INC_STATS_BH(net, idev, IPSTATS_MIB_INDISCARDS); 7871f6f6dfSJesper Nilsson goto drop; 791da177e4SLinus Torvalds } 801da177e4SLinus Torvalds 816b7fdc3aSGuillaume Chazarain memset(IP6CB(skb), 0, sizeof(struct inet6_skb_parm)); 826b7fdc3aSGuillaume Chazarain 831da177e4SLinus Torvalds /* 841da177e4SLinus Torvalds * Store incoming device index. When the packet will 851da177e4SLinus Torvalds * be queued, we cannot refer to skb->dev anymore. 861da177e4SLinus Torvalds * 871da177e4SLinus Torvalds * BTW, when we send a packet for our own local address on a 881da177e4SLinus Torvalds * non-loopback interface (e.g. ethX), it is being delivered 89de3cb747SDaniel Lezcano * via the loopback interface (lo) here; skb->dev = loopback_dev. 901da177e4SLinus Torvalds * It, however, should be considered as if it is being 911da177e4SLinus Torvalds * arrived via the sending interface (ethX), because of the 921da177e4SLinus Torvalds * nature of scoping architecture. --yoshfuji 931da177e4SLinus Torvalds */ 94adf30907SEric Dumazet IP6CB(skb)->iif = skb_dst(skb) ? ip6_dst_idev(skb_dst(skb))->dev->ifindex : dev->ifindex; 951da177e4SLinus Torvalds 962889139aSHerbert Xu if (unlikely(!pskb_may_pull(skb, sizeof(*hdr)))) 971da177e4SLinus Torvalds goto err; 981da177e4SLinus Torvalds 990660e03fSArnaldo Carvalho de Melo hdr = ipv6_hdr(skb); 1001da177e4SLinus Torvalds 1011da177e4SLinus Torvalds if (hdr->version != 6) 1021da177e4SLinus Torvalds goto err; 1031da177e4SLinus Torvalds 104f630e43aSYOSHIFUJI Hideaki /* 105f630e43aSYOSHIFUJI Hideaki * RFC4291 2.5.3 106f630e43aSYOSHIFUJI Hideaki * A packet received on an interface with a destination address 107f630e43aSYOSHIFUJI Hideaki * of loopback must be dropped. 108f630e43aSYOSHIFUJI Hideaki */ 109f630e43aSYOSHIFUJI Hideaki if (!(dev->flags & IFF_LOOPBACK) && 110f630e43aSYOSHIFUJI Hideaki ipv6_addr_loopback(&hdr->daddr)) 111f630e43aSYOSHIFUJI Hideaki goto err; 112f630e43aSYOSHIFUJI Hideaki 113b0e380b1SArnaldo Carvalho de Melo skb->transport_header = skb->network_header + sizeof(*hdr); 114951dbc8aSPatrick McHardy IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr); 115951dbc8aSPatrick McHardy 1161da177e4SLinus Torvalds pkt_len = ntohs(hdr->payload_len); 1171da177e4SLinus Torvalds 1181da177e4SLinus Torvalds /* pkt_len may be zero if Jumbo payload option is present */ 1191da177e4SLinus Torvalds if (pkt_len || hdr->nexthdr != NEXTHDR_HOP) { 12060e5c166SMitsuru Chinen if (pkt_len + sizeof(struct ipv6hdr) > skb->len) { 121483a47d2SDenis V. Lunev IP6_INC_STATS_BH(net, 122483a47d2SDenis V. Lunev idev, IPSTATS_MIB_INTRUNCATEDPKTS); 12360e5c166SMitsuru Chinen goto drop; 12460e5c166SMitsuru Chinen } 1251da177e4SLinus Torvalds if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr))) { 126483a47d2SDenis V. Lunev IP6_INC_STATS_BH(net, idev, IPSTATS_MIB_INHDRERRORS); 1271da177e4SLinus Torvalds goto drop; 1281da177e4SLinus Torvalds } 1290660e03fSArnaldo Carvalho de Melo hdr = ipv6_hdr(skb); 1301da177e4SLinus Torvalds } 1311da177e4SLinus Torvalds 1321da177e4SLinus Torvalds if (hdr->nexthdr == NEXTHDR_HOP) { 133e5bbef20SHerbert Xu if (ipv6_parse_hopopts(skb) < 0) { 134483a47d2SDenis V. Lunev IP6_INC_STATS_BH(net, idev, IPSTATS_MIB_INHDRERRORS); 135a11d206dSYOSHIFUJI Hideaki rcu_read_unlock(); 1365c91faceSMark Smith return NET_RX_DROP; 1371da177e4SLinus Torvalds } 1381da177e4SLinus Torvalds } 1391da177e4SLinus Torvalds 140a11d206dSYOSHIFUJI Hideaki rcu_read_unlock(); 141a11d206dSYOSHIFUJI Hideaki 14271f9dacdSHerbert Xu /* Must drop socket now because of tproxy. */ 14371f9dacdSHerbert Xu skb_orphan(skb); 14471f9dacdSHerbert Xu 1456e23ae2aSPatrick McHardy return NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, skb, dev, NULL, 1466e23ae2aSPatrick McHardy ip6_rcv_finish); 1471da177e4SLinus Torvalds err: 148483a47d2SDenis V. Lunev IP6_INC_STATS_BH(net, idev, IPSTATS_MIB_INHDRERRORS); 1491da177e4SLinus Torvalds drop: 150a11d206dSYOSHIFUJI Hideaki rcu_read_unlock(); 1511da177e4SLinus Torvalds kfree_skb(skb); 1525c91faceSMark Smith return NET_RX_DROP; 1531da177e4SLinus Torvalds } 1541da177e4SLinus Torvalds 1551da177e4SLinus Torvalds /* 1561da177e4SLinus Torvalds * Deliver the packet to the host 1571da177e4SLinus Torvalds */ 1581da177e4SLinus Torvalds 1591da177e4SLinus Torvalds 160ad643a79SPatrick McHardy static int ip6_input_finish(struct sk_buff *skb) 1611da177e4SLinus Torvalds { 1621da177e4SLinus Torvalds struct inet6_protocol *ipprot; 1631da177e4SLinus Torvalds unsigned int nhoff; 16469d6da0bSPavel Emelyanov int nexthdr, raw; 1651da177e4SLinus Torvalds u8 hash; 166a11d206dSYOSHIFUJI Hideaki struct inet6_dev *idev; 167adf30907SEric Dumazet struct net *net = dev_net(skb_dst(skb)->dev); 1681da177e4SLinus Torvalds 1691da177e4SLinus Torvalds /* 1701da177e4SLinus Torvalds * Parse extension headers 1711da177e4SLinus Torvalds */ 1721da177e4SLinus Torvalds 1731da177e4SLinus Torvalds rcu_read_lock(); 1741da177e4SLinus Torvalds resubmit: 175adf30907SEric Dumazet idev = ip6_dst_idev(skb_dst(skb)); 176ea2ae17dSArnaldo Carvalho de Melo if (!pskb_pull(skb, skb_transport_offset(skb))) 1771da177e4SLinus Torvalds goto discard; 178951dbc8aSPatrick McHardy nhoff = IP6CB(skb)->nhoff; 179d56f90a7SArnaldo Carvalho de Melo nexthdr = skb_network_header(skb)[nhoff]; 1801da177e4SLinus Torvalds 18169d6da0bSPavel Emelyanov raw = raw6_local_deliver(skb, nexthdr); 1821da177e4SLinus Torvalds 1831da177e4SLinus Torvalds hash = nexthdr & (MAX_INET_PROTOS - 1); 1841da177e4SLinus Torvalds if ((ipprot = rcu_dereference(inet6_protos[hash])) != NULL) { 1851da177e4SLinus Torvalds int ret; 1861da177e4SLinus Torvalds 1871da177e4SLinus Torvalds if (ipprot->flags & INET6_PROTO_FINAL) { 1881da177e4SLinus Torvalds struct ipv6hdr *hdr; 1891da177e4SLinus Torvalds 1909fb9cbb1SYasuyuki Kozakai /* Free reference early: we don't need it any more, 1919fb9cbb1SYasuyuki Kozakai and it may hold ip_conntrack module loaded 1929fb9cbb1SYasuyuki Kozakai indefinitely. */ 1939fb9cbb1SYasuyuki Kozakai nf_reset(skb); 1949fb9cbb1SYasuyuki Kozakai 195d56f90a7SArnaldo Carvalho de Melo skb_postpull_rcsum(skb, skb_network_header(skb), 196cfe1fc77SArnaldo Carvalho de Melo skb_network_header_len(skb)); 1970660e03fSArnaldo Carvalho de Melo hdr = ipv6_hdr(skb); 1981da177e4SLinus Torvalds if (ipv6_addr_is_multicast(&hdr->daddr) && 1991da177e4SLinus Torvalds !ipv6_chk_mcast_addr(skb->dev, &hdr->daddr, 2001da177e4SLinus Torvalds &hdr->saddr) && 2011da177e4SLinus Torvalds !ipv6_is_mld(skb, nexthdr)) 2021da177e4SLinus Torvalds goto discard; 2031da177e4SLinus Torvalds } 2041da177e4SLinus Torvalds if (!(ipprot->flags & INET6_PROTO_NOPOLICY) && 2051da177e4SLinus Torvalds !xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 2061da177e4SLinus Torvalds goto discard; 2071da177e4SLinus Torvalds 208e5bbef20SHerbert Xu ret = ipprot->handler(skb); 2091da177e4SLinus Torvalds if (ret > 0) 2101da177e4SLinus Torvalds goto resubmit; 2111da177e4SLinus Torvalds else if (ret == 0) 212483a47d2SDenis V. Lunev IP6_INC_STATS_BH(net, idev, IPSTATS_MIB_INDELIVERS); 2131da177e4SLinus Torvalds } else { 21469d6da0bSPavel Emelyanov if (!raw) { 2151da177e4SLinus Torvalds if (xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 216483a47d2SDenis V. Lunev IP6_INC_STATS_BH(net, idev, 217483a47d2SDenis V. Lunev IPSTATS_MIB_INUNKNOWNPROTOS); 218fad87acaSPatrick McHardy icmpv6_send(skb, ICMPV6_PARAMPROB, 219fad87acaSPatrick McHardy ICMPV6_UNK_NEXTHDR, nhoff, 220fad87acaSPatrick McHardy skb->dev); 2211da177e4SLinus Torvalds } 222fad87acaSPatrick McHardy } else 223483a47d2SDenis V. Lunev IP6_INC_STATS_BH(net, idev, IPSTATS_MIB_INDELIVERS); 2241da177e4SLinus Torvalds kfree_skb(skb); 2251da177e4SLinus Torvalds } 2261da177e4SLinus Torvalds rcu_read_unlock(); 2271da177e4SLinus Torvalds return 0; 2281da177e4SLinus Torvalds 2291da177e4SLinus Torvalds discard: 230483a47d2SDenis V. Lunev IP6_INC_STATS_BH(net, idev, IPSTATS_MIB_INDISCARDS); 2311da177e4SLinus Torvalds rcu_read_unlock(); 2321da177e4SLinus Torvalds kfree_skb(skb); 2331da177e4SLinus Torvalds return 0; 2341da177e4SLinus Torvalds } 2351da177e4SLinus Torvalds 2361da177e4SLinus Torvalds 2371da177e4SLinus Torvalds int ip6_input(struct sk_buff *skb) 2381da177e4SLinus Torvalds { 2396e23ae2aSPatrick McHardy return NF_HOOK(PF_INET6, NF_INET_LOCAL_IN, skb, skb->dev, NULL, 2406e23ae2aSPatrick McHardy ip6_input_finish); 2411da177e4SLinus Torvalds } 2421da177e4SLinus Torvalds 2431da177e4SLinus Torvalds int ip6_mc_input(struct sk_buff *skb) 2441da177e4SLinus Torvalds { 2451da177e4SLinus Torvalds struct ipv6hdr *hdr; 2461da177e4SLinus Torvalds int deliver; 2471da177e4SLinus Torvalds 248adf30907SEric Dumazet IP6_UPD_PO_STATS_BH(dev_net(skb_dst(skb)->dev), 249adf30907SEric Dumazet ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_INMCAST, 250edf391ffSNeil Horman skb->len); 2511da177e4SLinus Torvalds 2520660e03fSArnaldo Carvalho de Melo hdr = ipv6_hdr(skb); 2534c7966b8SYOSHIFUJI Hideaki deliver = ipv6_chk_mcast_addr(skb->dev, &hdr->daddr, NULL); 2541da177e4SLinus Torvalds 2557bc570c8SYOSHIFUJI Hideaki #ifdef CONFIG_IPV6_MROUTE 2561da177e4SLinus Torvalds /* 2577bc570c8SYOSHIFUJI Hideaki * IPv6 multicast router mode is now supported ;) 2581da177e4SLinus Torvalds */ 25953b7997fSYOSHIFUJI Hideaki if (dev_net(skb->dev)->ipv6.devconf_all->mc_forwarding && 2601d6e55f1SThomas Goff !(ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) && 2617bc570c8SYOSHIFUJI Hideaki likely(!(IP6CB(skb)->flags & IP6SKB_FORWARDED))) { 2627bc570c8SYOSHIFUJI Hideaki /* 2637bc570c8SYOSHIFUJI Hideaki * Okay, we try to forward - split and duplicate 2647bc570c8SYOSHIFUJI Hideaki * packets. 2657bc570c8SYOSHIFUJI Hideaki */ 2661da177e4SLinus Torvalds struct sk_buff *skb2; 2677bc570c8SYOSHIFUJI Hideaki struct inet6_skb_parm *opt = IP6CB(skb); 2681da177e4SLinus Torvalds 2697bc570c8SYOSHIFUJI Hideaki /* Check for MLD */ 2707bc570c8SYOSHIFUJI Hideaki if (unlikely(opt->ra)) { 2717bc570c8SYOSHIFUJI Hideaki /* Check if this is a mld message */ 2727bc570c8SYOSHIFUJI Hideaki u8 *ptr = skb_network_header(skb) + opt->ra; 2737bc570c8SYOSHIFUJI Hideaki struct icmp6hdr *icmp6; 2747bc570c8SYOSHIFUJI Hideaki u8 nexthdr = hdr->nexthdr; 2757bc570c8SYOSHIFUJI Hideaki int offset; 2761da177e4SLinus Torvalds 2777bc570c8SYOSHIFUJI Hideaki /* Check if the value of Router Alert 2787bc570c8SYOSHIFUJI Hideaki * is for MLD (0x0000). 2797bc570c8SYOSHIFUJI Hideaki */ 2807bc570c8SYOSHIFUJI Hideaki if ((ptr[2] | ptr[3]) == 0) { 281aba6096bSYOSHIFUJI Hideaki deliver = 0; 282aba6096bSYOSHIFUJI Hideaki 2837bc570c8SYOSHIFUJI Hideaki if (!ipv6_ext_hdr(nexthdr)) { 2847bc570c8SYOSHIFUJI Hideaki /* BUG */ 285aba6096bSYOSHIFUJI Hideaki goto out; 2861da177e4SLinus Torvalds } 2877bc570c8SYOSHIFUJI Hideaki offset = ipv6_skip_exthdr(skb, sizeof(*hdr), 2887bc570c8SYOSHIFUJI Hideaki &nexthdr); 2897bc570c8SYOSHIFUJI Hideaki if (offset < 0) 290aba6096bSYOSHIFUJI Hideaki goto out; 2917bc570c8SYOSHIFUJI Hideaki 2927bc570c8SYOSHIFUJI Hideaki if (nexthdr != IPPROTO_ICMPV6) 293aba6096bSYOSHIFUJI Hideaki goto out; 2947bc570c8SYOSHIFUJI Hideaki 2957bc570c8SYOSHIFUJI Hideaki if (!pskb_may_pull(skb, (skb_network_header(skb) + 2967bc570c8SYOSHIFUJI Hideaki offset + 1 - skb->data))) 297aba6096bSYOSHIFUJI Hideaki goto out; 2987bc570c8SYOSHIFUJI Hideaki 2997bc570c8SYOSHIFUJI Hideaki icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset); 3007bc570c8SYOSHIFUJI Hideaki 3017bc570c8SYOSHIFUJI Hideaki switch (icmp6->icmp6_type) { 3027bc570c8SYOSHIFUJI Hideaki case ICMPV6_MGM_QUERY: 3037bc570c8SYOSHIFUJI Hideaki case ICMPV6_MGM_REPORT: 3047bc570c8SYOSHIFUJI Hideaki case ICMPV6_MGM_REDUCTION: 3057bc570c8SYOSHIFUJI Hideaki case ICMPV6_MLD2_REPORT: 3067bc570c8SYOSHIFUJI Hideaki deliver = 1; 307aba6096bSYOSHIFUJI Hideaki break; 308aba6096bSYOSHIFUJI Hideaki } 3097bc570c8SYOSHIFUJI Hideaki goto out; 3107bc570c8SYOSHIFUJI Hideaki } 3117bc570c8SYOSHIFUJI Hideaki /* unknown RA - process it normally */ 3127bc570c8SYOSHIFUJI Hideaki } 3137bc570c8SYOSHIFUJI Hideaki 3147bc570c8SYOSHIFUJI Hideaki if (deliver) 3157bc570c8SYOSHIFUJI Hideaki skb2 = skb_clone(skb, GFP_ATOMIC); 3167bc570c8SYOSHIFUJI Hideaki else { 3177bc570c8SYOSHIFUJI Hideaki skb2 = skb; 3187bc570c8SYOSHIFUJI Hideaki skb = NULL; 3197bc570c8SYOSHIFUJI Hideaki } 3207bc570c8SYOSHIFUJI Hideaki 3217bc570c8SYOSHIFUJI Hideaki if (skb2) { 3227bc570c8SYOSHIFUJI Hideaki ip6_mr_input(skb2); 3231da177e4SLinus Torvalds } 3241da177e4SLinus Torvalds } 3257bc570c8SYOSHIFUJI Hideaki out: 326aba6096bSYOSHIFUJI Hideaki #endif 327aba6096bSYOSHIFUJI Hideaki if (likely(deliver)) 3281da177e4SLinus Torvalds ip6_input(skb); 329aba6096bSYOSHIFUJI Hideaki else { 3301da177e4SLinus Torvalds /* discard */ 3311da177e4SLinus Torvalds kfree_skb(skb); 332aba6096bSYOSHIFUJI Hideaki } 3331da177e4SLinus Torvalds 3341da177e4SLinus Torvalds return 0; 3351da177e4SLinus Torvalds } 336