11da177e4SLinus Torvalds /* 21da177e4SLinus Torvalds * IPv6 input 31da177e4SLinus Torvalds * Linux INET6 implementation 41da177e4SLinus Torvalds * 51da177e4SLinus Torvalds * Authors: 61da177e4SLinus Torvalds * Pedro Roque <roque@di.fc.ul.pt> 71da177e4SLinus Torvalds * Ian P. Morris <I.P.Morris@soton.ac.uk> 81da177e4SLinus Torvalds * 91da177e4SLinus Torvalds * Based in linux/net/ipv4/ip_input.c 101da177e4SLinus Torvalds * 111da177e4SLinus Torvalds * This program is free software; you can redistribute it and/or 121da177e4SLinus Torvalds * modify it under the terms of the GNU General Public License 131da177e4SLinus Torvalds * as published by the Free Software Foundation; either version 141da177e4SLinus Torvalds * 2 of the License, or (at your option) any later version. 151da177e4SLinus Torvalds */ 161da177e4SLinus Torvalds /* Changes 171da177e4SLinus Torvalds * 181da177e4SLinus Torvalds * Mitsuru KANDA @USAGI and 191da177e4SLinus Torvalds * YOSHIFUJI Hideaki @USAGI: Remove ipv6_parse_exthdrs(). 201da177e4SLinus Torvalds */ 211da177e4SLinus Torvalds 221da177e4SLinus Torvalds #include <linux/errno.h> 231da177e4SLinus Torvalds #include <linux/types.h> 241da177e4SLinus Torvalds #include <linux/socket.h> 251da177e4SLinus Torvalds #include <linux/sockios.h> 261da177e4SLinus Torvalds #include <linux/net.h> 271da177e4SLinus Torvalds #include <linux/netdevice.h> 281da177e4SLinus Torvalds #include <linux/in6.h> 291da177e4SLinus Torvalds #include <linux/icmpv6.h> 307bc570c8SYOSHIFUJI Hideaki #include <linux/mroute6.h> 315a0e3ad6STejun Heo #include <linux/slab.h> 321da177e4SLinus Torvalds 331da177e4SLinus Torvalds #include <linux/netfilter.h> 341da177e4SLinus Torvalds #include <linux/netfilter_ipv6.h> 351da177e4SLinus Torvalds 361da177e4SLinus Torvalds #include <net/sock.h> 371da177e4SLinus Torvalds #include <net/snmp.h> 381da177e4SLinus Torvalds 391da177e4SLinus Torvalds #include <net/ipv6.h> 401da177e4SLinus Torvalds #include <net/protocol.h> 411da177e4SLinus Torvalds #include <net/transp_v6.h> 421da177e4SLinus Torvalds #include <net/rawv6.h> 431da177e4SLinus Torvalds #include <net/ndisc.h> 441da177e4SLinus Torvalds #include <net/ip6_route.h> 451da177e4SLinus Torvalds #include <net/addrconf.h> 461da177e4SLinus Torvalds #include <net/xfrm.h> 471da177e4SLinus Torvalds 481da177e4SLinus Torvalds 491da177e4SLinus Torvalds 50b05e1066SPatrick McHardy inline int ip6_rcv_finish( struct sk_buff *skb) 511da177e4SLinus Torvalds { 52adf30907SEric Dumazet if (skb_dst(skb) == NULL) 531da177e4SLinus Torvalds ip6_route_input(skb); 541da177e4SLinus Torvalds 551da177e4SLinus Torvalds return dst_input(skb); 561da177e4SLinus Torvalds } 571da177e4SLinus Torvalds 58f2ccd8faSDavid S. Miller int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev) 591da177e4SLinus Torvalds { 60b71d1d42SEric Dumazet const struct ipv6hdr *hdr; 611da177e4SLinus Torvalds u32 pkt_len; 62a11d206dSYOSHIFUJI Hideaki struct inet6_dev *idev; 63483a47d2SDenis V. Lunev struct net *net = dev_net(skb->dev); 641da177e4SLinus Torvalds 65a11d206dSYOSHIFUJI Hideaki if (skb->pkt_type == PACKET_OTHERHOST) { 66a11d206dSYOSHIFUJI Hideaki kfree_skb(skb); 675c91faceSMark Smith return NET_RX_DROP; 68a11d206dSYOSHIFUJI Hideaki } 691da177e4SLinus Torvalds 70a11d206dSYOSHIFUJI Hideaki rcu_read_lock(); 71a11d206dSYOSHIFUJI Hideaki 72a11d206dSYOSHIFUJI Hideaki idev = __in6_dev_get(skb->dev); 73a11d206dSYOSHIFUJI Hideaki 74edf391ffSNeil Horman IP6_UPD_PO_STATS_BH(net, idev, IPSTATS_MIB_IN, skb->len); 751da177e4SLinus Torvalds 76778d80beSYOSHIFUJI Hideaki if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL || 77778d80beSYOSHIFUJI Hideaki !idev || unlikely(idev->cnf.disable_ipv6)) { 78483a47d2SDenis V. Lunev IP6_INC_STATS_BH(net, idev, IPSTATS_MIB_INDISCARDS); 7971f6f6dfSJesper Nilsson goto drop; 801da177e4SLinus Torvalds } 811da177e4SLinus Torvalds 826b7fdc3aSGuillaume Chazarain memset(IP6CB(skb), 0, sizeof(struct inet6_skb_parm)); 836b7fdc3aSGuillaume Chazarain 841da177e4SLinus Torvalds /* 851da177e4SLinus Torvalds * Store incoming device index. When the packet will 861da177e4SLinus Torvalds * be queued, we cannot refer to skb->dev anymore. 871da177e4SLinus Torvalds * 881da177e4SLinus Torvalds * BTW, when we send a packet for our own local address on a 891da177e4SLinus Torvalds * non-loopback interface (e.g. ethX), it is being delivered 90de3cb747SDaniel Lezcano * via the loopback interface (lo) here; skb->dev = loopback_dev. 911da177e4SLinus Torvalds * It, however, should be considered as if it is being 921da177e4SLinus Torvalds * arrived via the sending interface (ethX), because of the 931da177e4SLinus Torvalds * nature of scoping architecture. --yoshfuji 941da177e4SLinus Torvalds */ 95adf30907SEric Dumazet IP6CB(skb)->iif = skb_dst(skb) ? ip6_dst_idev(skb_dst(skb))->dev->ifindex : dev->ifindex; 961da177e4SLinus Torvalds 972889139aSHerbert Xu if (unlikely(!pskb_may_pull(skb, sizeof(*hdr)))) 981da177e4SLinus Torvalds goto err; 991da177e4SLinus Torvalds 1000660e03fSArnaldo Carvalho de Melo hdr = ipv6_hdr(skb); 1011da177e4SLinus Torvalds 1021da177e4SLinus Torvalds if (hdr->version != 6) 1031da177e4SLinus Torvalds goto err; 1041da177e4SLinus Torvalds 105f630e43aSYOSHIFUJI Hideaki /* 106f630e43aSYOSHIFUJI Hideaki * RFC4291 2.5.3 107f630e43aSYOSHIFUJI Hideaki * A packet received on an interface with a destination address 108f630e43aSYOSHIFUJI Hideaki * of loopback must be dropped. 109f630e43aSYOSHIFUJI Hideaki */ 110f630e43aSYOSHIFUJI Hideaki if (!(dev->flags & IFF_LOOPBACK) && 111f630e43aSYOSHIFUJI Hideaki ipv6_addr_loopback(&hdr->daddr)) 112f630e43aSYOSHIFUJI Hideaki goto err; 113f630e43aSYOSHIFUJI Hideaki 114c457338dSBrian Haley /* 115c457338dSBrian Haley * RFC4291 2.7 116c457338dSBrian Haley * Multicast addresses must not be used as source addresses in IPv6 117c457338dSBrian Haley * packets or appear in any Routing header. 118c457338dSBrian Haley */ 119c457338dSBrian Haley if (ipv6_addr_is_multicast(&hdr->saddr)) 120c457338dSBrian Haley goto err; 121c457338dSBrian Haley 122b0e380b1SArnaldo Carvalho de Melo skb->transport_header = skb->network_header + sizeof(*hdr); 123951dbc8aSPatrick McHardy IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr); 124951dbc8aSPatrick McHardy 1251da177e4SLinus Torvalds pkt_len = ntohs(hdr->payload_len); 1261da177e4SLinus Torvalds 1271da177e4SLinus Torvalds /* pkt_len may be zero if Jumbo payload option is present */ 1281da177e4SLinus Torvalds if (pkt_len || hdr->nexthdr != NEXTHDR_HOP) { 12960e5c166SMitsuru Chinen if (pkt_len + sizeof(struct ipv6hdr) > skb->len) { 130483a47d2SDenis V. Lunev IP6_INC_STATS_BH(net, 131483a47d2SDenis V. Lunev idev, IPSTATS_MIB_INTRUNCATEDPKTS); 13260e5c166SMitsuru Chinen goto drop; 13360e5c166SMitsuru Chinen } 1341da177e4SLinus Torvalds if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr))) { 135483a47d2SDenis V. Lunev IP6_INC_STATS_BH(net, idev, IPSTATS_MIB_INHDRERRORS); 1361da177e4SLinus Torvalds goto drop; 1371da177e4SLinus Torvalds } 1380660e03fSArnaldo Carvalho de Melo hdr = ipv6_hdr(skb); 1391da177e4SLinus Torvalds } 1401da177e4SLinus Torvalds 1411da177e4SLinus Torvalds if (hdr->nexthdr == NEXTHDR_HOP) { 142e5bbef20SHerbert Xu if (ipv6_parse_hopopts(skb) < 0) { 143483a47d2SDenis V. Lunev IP6_INC_STATS_BH(net, idev, IPSTATS_MIB_INHDRERRORS); 144a11d206dSYOSHIFUJI Hideaki rcu_read_unlock(); 1455c91faceSMark Smith return NET_RX_DROP; 1461da177e4SLinus Torvalds } 1471da177e4SLinus Torvalds } 1481da177e4SLinus Torvalds 149a11d206dSYOSHIFUJI Hideaki rcu_read_unlock(); 150a11d206dSYOSHIFUJI Hideaki 15171f9dacdSHerbert Xu /* Must drop socket now because of tproxy. */ 15271f9dacdSHerbert Xu skb_orphan(skb); 15371f9dacdSHerbert Xu 154b2e0b385SJan Engelhardt return NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING, skb, dev, NULL, 1556e23ae2aSPatrick McHardy ip6_rcv_finish); 1561da177e4SLinus Torvalds err: 157483a47d2SDenis V. Lunev IP6_INC_STATS_BH(net, idev, IPSTATS_MIB_INHDRERRORS); 1581da177e4SLinus Torvalds drop: 159a11d206dSYOSHIFUJI Hideaki rcu_read_unlock(); 1601da177e4SLinus Torvalds kfree_skb(skb); 1615c91faceSMark Smith return NET_RX_DROP; 1621da177e4SLinus Torvalds } 1631da177e4SLinus Torvalds 1641da177e4SLinus Torvalds /* 1651da177e4SLinus Torvalds * Deliver the packet to the host 1661da177e4SLinus Torvalds */ 1671da177e4SLinus Torvalds 1681da177e4SLinus Torvalds 169ad643a79SPatrick McHardy static int ip6_input_finish(struct sk_buff *skb) 1701da177e4SLinus Torvalds { 17141135cc8SAlexey Dobriyan const struct inet6_protocol *ipprot; 1721da177e4SLinus Torvalds unsigned int nhoff; 17369d6da0bSPavel Emelyanov int nexthdr, raw; 1741da177e4SLinus Torvalds u8 hash; 175a11d206dSYOSHIFUJI Hideaki struct inet6_dev *idev; 176adf30907SEric Dumazet struct net *net = dev_net(skb_dst(skb)->dev); 1771da177e4SLinus Torvalds 1781da177e4SLinus Torvalds /* 1791da177e4SLinus Torvalds * Parse extension headers 1801da177e4SLinus Torvalds */ 1811da177e4SLinus Torvalds 1821da177e4SLinus Torvalds rcu_read_lock(); 1831da177e4SLinus Torvalds resubmit: 184adf30907SEric Dumazet idev = ip6_dst_idev(skb_dst(skb)); 185ea2ae17dSArnaldo Carvalho de Melo if (!pskb_pull(skb, skb_transport_offset(skb))) 1861da177e4SLinus Torvalds goto discard; 187951dbc8aSPatrick McHardy nhoff = IP6CB(skb)->nhoff; 188d56f90a7SArnaldo Carvalho de Melo nexthdr = skb_network_header(skb)[nhoff]; 1891da177e4SLinus Torvalds 19069d6da0bSPavel Emelyanov raw = raw6_local_deliver(skb, nexthdr); 1911da177e4SLinus Torvalds 1921da177e4SLinus Torvalds hash = nexthdr & (MAX_INET_PROTOS - 1); 1931da177e4SLinus Torvalds if ((ipprot = rcu_dereference(inet6_protos[hash])) != NULL) { 1941da177e4SLinus Torvalds int ret; 1951da177e4SLinus Torvalds 1961da177e4SLinus Torvalds if (ipprot->flags & INET6_PROTO_FINAL) { 197b71d1d42SEric Dumazet const struct ipv6hdr *hdr; 1981da177e4SLinus Torvalds 1999fb9cbb1SYasuyuki Kozakai /* Free reference early: we don't need it any more, 2009fb9cbb1SYasuyuki Kozakai and it may hold ip_conntrack module loaded 2019fb9cbb1SYasuyuki Kozakai indefinitely. */ 2029fb9cbb1SYasuyuki Kozakai nf_reset(skb); 2039fb9cbb1SYasuyuki Kozakai 204d56f90a7SArnaldo Carvalho de Melo skb_postpull_rcsum(skb, skb_network_header(skb), 205cfe1fc77SArnaldo Carvalho de Melo skb_network_header_len(skb)); 2060660e03fSArnaldo Carvalho de Melo hdr = ipv6_hdr(skb); 2071da177e4SLinus Torvalds if (ipv6_addr_is_multicast(&hdr->daddr) && 2081da177e4SLinus Torvalds !ipv6_chk_mcast_addr(skb->dev, &hdr->daddr, 2091da177e4SLinus Torvalds &hdr->saddr) && 2101da177e4SLinus Torvalds !ipv6_is_mld(skb, nexthdr)) 2111da177e4SLinus Torvalds goto discard; 2121da177e4SLinus Torvalds } 2131da177e4SLinus Torvalds if (!(ipprot->flags & INET6_PROTO_NOPOLICY) && 2141da177e4SLinus Torvalds !xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 2151da177e4SLinus Torvalds goto discard; 2161da177e4SLinus Torvalds 217e5bbef20SHerbert Xu ret = ipprot->handler(skb); 2181da177e4SLinus Torvalds if (ret > 0) 2191da177e4SLinus Torvalds goto resubmit; 2201da177e4SLinus Torvalds else if (ret == 0) 221483a47d2SDenis V. Lunev IP6_INC_STATS_BH(net, idev, IPSTATS_MIB_INDELIVERS); 2221da177e4SLinus Torvalds } else { 22369d6da0bSPavel Emelyanov if (!raw) { 2241da177e4SLinus Torvalds if (xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 225483a47d2SDenis V. Lunev IP6_INC_STATS_BH(net, idev, 226483a47d2SDenis V. Lunev IPSTATS_MIB_INUNKNOWNPROTOS); 227fad87acaSPatrick McHardy icmpv6_send(skb, ICMPV6_PARAMPROB, 2283ffe533cSAlexey Dobriyan ICMPV6_UNK_NEXTHDR, nhoff); 2291da177e4SLinus Torvalds } 230fad87acaSPatrick McHardy } else 231483a47d2SDenis V. Lunev IP6_INC_STATS_BH(net, idev, IPSTATS_MIB_INDELIVERS); 2321da177e4SLinus Torvalds kfree_skb(skb); 2331da177e4SLinus Torvalds } 2341da177e4SLinus Torvalds rcu_read_unlock(); 2351da177e4SLinus Torvalds return 0; 2361da177e4SLinus Torvalds 2371da177e4SLinus Torvalds discard: 238483a47d2SDenis V. Lunev IP6_INC_STATS_BH(net, idev, IPSTATS_MIB_INDISCARDS); 2391da177e4SLinus Torvalds rcu_read_unlock(); 2401da177e4SLinus Torvalds kfree_skb(skb); 2411da177e4SLinus Torvalds return 0; 2421da177e4SLinus Torvalds } 2431da177e4SLinus Torvalds 2441da177e4SLinus Torvalds 2451da177e4SLinus Torvalds int ip6_input(struct sk_buff *skb) 2461da177e4SLinus Torvalds { 247b2e0b385SJan Engelhardt return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_IN, skb, skb->dev, NULL, 2486e23ae2aSPatrick McHardy ip6_input_finish); 2491da177e4SLinus Torvalds } 2501da177e4SLinus Torvalds 2511da177e4SLinus Torvalds int ip6_mc_input(struct sk_buff *skb) 2521da177e4SLinus Torvalds { 253b71d1d42SEric Dumazet const struct ipv6hdr *hdr; 2541da177e4SLinus Torvalds int deliver; 2551da177e4SLinus Torvalds 256adf30907SEric Dumazet IP6_UPD_PO_STATS_BH(dev_net(skb_dst(skb)->dev), 257adf30907SEric Dumazet ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_INMCAST, 258edf391ffSNeil Horman skb->len); 2591da177e4SLinus Torvalds 2600660e03fSArnaldo Carvalho de Melo hdr = ipv6_hdr(skb); 2614c7966b8SYOSHIFUJI Hideaki deliver = ipv6_chk_mcast_addr(skb->dev, &hdr->daddr, NULL); 2621da177e4SLinus Torvalds 2637bc570c8SYOSHIFUJI Hideaki #ifdef CONFIG_IPV6_MROUTE 2641da177e4SLinus Torvalds /* 2657bc570c8SYOSHIFUJI Hideaki * IPv6 multicast router mode is now supported ;) 2661da177e4SLinus Torvalds */ 26753b7997fSYOSHIFUJI Hideaki if (dev_net(skb->dev)->ipv6.devconf_all->mc_forwarding && 2681d6e55f1SThomas Goff !(ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) && 2697bc570c8SYOSHIFUJI Hideaki likely(!(IP6CB(skb)->flags & IP6SKB_FORWARDED))) { 2707bc570c8SYOSHIFUJI Hideaki /* 2717bc570c8SYOSHIFUJI Hideaki * Okay, we try to forward - split and duplicate 2727bc570c8SYOSHIFUJI Hideaki * packets. 2737bc570c8SYOSHIFUJI Hideaki */ 2741da177e4SLinus Torvalds struct sk_buff *skb2; 2757bc570c8SYOSHIFUJI Hideaki struct inet6_skb_parm *opt = IP6CB(skb); 2761da177e4SLinus Torvalds 2777bc570c8SYOSHIFUJI Hideaki /* Check for MLD */ 2787bc570c8SYOSHIFUJI Hideaki if (unlikely(opt->ra)) { 2797bc570c8SYOSHIFUJI Hideaki /* Check if this is a mld message */ 2807bc570c8SYOSHIFUJI Hideaki u8 *ptr = skb_network_header(skb) + opt->ra; 2817bc570c8SYOSHIFUJI Hideaki struct icmp6hdr *icmp6; 2827bc570c8SYOSHIFUJI Hideaki u8 nexthdr = hdr->nexthdr; 28375f2811cSJesse Gross __be16 frag_off; 2847bc570c8SYOSHIFUJI Hideaki int offset; 2851da177e4SLinus Torvalds 2867bc570c8SYOSHIFUJI Hideaki /* Check if the value of Router Alert 2877bc570c8SYOSHIFUJI Hideaki * is for MLD (0x0000). 2887bc570c8SYOSHIFUJI Hideaki */ 2897bc570c8SYOSHIFUJI Hideaki if ((ptr[2] | ptr[3]) == 0) { 290aba6096bSYOSHIFUJI Hideaki deliver = 0; 291aba6096bSYOSHIFUJI Hideaki 2927bc570c8SYOSHIFUJI Hideaki if (!ipv6_ext_hdr(nexthdr)) { 2937bc570c8SYOSHIFUJI Hideaki /* BUG */ 294aba6096bSYOSHIFUJI Hideaki goto out; 2951da177e4SLinus Torvalds } 2967bc570c8SYOSHIFUJI Hideaki offset = ipv6_skip_exthdr(skb, sizeof(*hdr), 29775f2811cSJesse Gross &nexthdr, &frag_off); 2987bc570c8SYOSHIFUJI Hideaki if (offset < 0) 299aba6096bSYOSHIFUJI Hideaki goto out; 3007bc570c8SYOSHIFUJI Hideaki 3017bc570c8SYOSHIFUJI Hideaki if (nexthdr != IPPROTO_ICMPV6) 302aba6096bSYOSHIFUJI Hideaki goto out; 3037bc570c8SYOSHIFUJI Hideaki 3047bc570c8SYOSHIFUJI Hideaki if (!pskb_may_pull(skb, (skb_network_header(skb) + 3057bc570c8SYOSHIFUJI Hideaki offset + 1 - skb->data))) 306aba6096bSYOSHIFUJI Hideaki goto out; 3077bc570c8SYOSHIFUJI Hideaki 3087bc570c8SYOSHIFUJI Hideaki icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset); 3097bc570c8SYOSHIFUJI Hideaki 3107bc570c8SYOSHIFUJI Hideaki switch (icmp6->icmp6_type) { 3117bc570c8SYOSHIFUJI Hideaki case ICMPV6_MGM_QUERY: 3127bc570c8SYOSHIFUJI Hideaki case ICMPV6_MGM_REPORT: 3137bc570c8SYOSHIFUJI Hideaki case ICMPV6_MGM_REDUCTION: 3147bc570c8SYOSHIFUJI Hideaki case ICMPV6_MLD2_REPORT: 3157bc570c8SYOSHIFUJI Hideaki deliver = 1; 316aba6096bSYOSHIFUJI Hideaki break; 317aba6096bSYOSHIFUJI Hideaki } 3187bc570c8SYOSHIFUJI Hideaki goto out; 3197bc570c8SYOSHIFUJI Hideaki } 3207bc570c8SYOSHIFUJI Hideaki /* unknown RA - process it normally */ 3217bc570c8SYOSHIFUJI Hideaki } 3227bc570c8SYOSHIFUJI Hideaki 3237bc570c8SYOSHIFUJI Hideaki if (deliver) 3247bc570c8SYOSHIFUJI Hideaki skb2 = skb_clone(skb, GFP_ATOMIC); 3257bc570c8SYOSHIFUJI Hideaki else { 3267bc570c8SYOSHIFUJI Hideaki skb2 = skb; 3277bc570c8SYOSHIFUJI Hideaki skb = NULL; 3287bc570c8SYOSHIFUJI Hideaki } 3297bc570c8SYOSHIFUJI Hideaki 3307bc570c8SYOSHIFUJI Hideaki if (skb2) { 3317bc570c8SYOSHIFUJI Hideaki ip6_mr_input(skb2); 3321da177e4SLinus Torvalds } 3331da177e4SLinus Torvalds } 3347bc570c8SYOSHIFUJI Hideaki out: 335aba6096bSYOSHIFUJI Hideaki #endif 336aba6096bSYOSHIFUJI Hideaki if (likely(deliver)) 3371da177e4SLinus Torvalds ip6_input(skb); 338aba6096bSYOSHIFUJI Hideaki else { 3391da177e4SLinus Torvalds /* discard */ 3401da177e4SLinus Torvalds kfree_skb(skb); 341aba6096bSYOSHIFUJI Hideaki } 3421da177e4SLinus Torvalds 3431da177e4SLinus Torvalds return 0; 3441da177e4SLinus Torvalds } 345