xref: /openbmc/linux/net/ipv6/mcast_snoop.c (revision 92b19ff5)
1 /* Copyright (C) 2010: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
2  * Copyright (C) 2015: Linus Lüssing <linus.luessing@c0d3.blue>
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of version 2 of the GNU General Public
6  * License as published by the Free Software Foundation.
7  *
8  * This program is distributed in the hope that it will be useful, but
9  * WITHOUT ANY WARRANTY; without even the implied warranty of
10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11  * General Public License for more details.
12  *
13  * You should have received a copy of the GNU General Public License
14  * along with this program; if not, see <http://www.gnu.org/licenses/>.
15  *
16  *
17  * Based on the MLD support added to br_multicast.c by YOSHIFUJI Hideaki.
18  */
19 
20 #include <linux/skbuff.h>
21 #include <net/ipv6.h>
22 #include <net/mld.h>
23 #include <net/addrconf.h>
24 #include <net/ip6_checksum.h>
25 
26 static int ipv6_mc_check_ip6hdr(struct sk_buff *skb)
27 {
28 	const struct ipv6hdr *ip6h;
29 	unsigned int len;
30 	unsigned int offset = skb_network_offset(skb) + sizeof(*ip6h);
31 
32 	if (!pskb_may_pull(skb, offset))
33 		return -EINVAL;
34 
35 	ip6h = ipv6_hdr(skb);
36 
37 	if (ip6h->version != 6)
38 		return -EINVAL;
39 
40 	len = offset + ntohs(ip6h->payload_len);
41 	if (skb->len < len || len <= offset)
42 		return -EINVAL;
43 
44 	return 0;
45 }
46 
47 static int ipv6_mc_check_exthdrs(struct sk_buff *skb)
48 {
49 	const struct ipv6hdr *ip6h;
50 	int offset;
51 	u8 nexthdr;
52 	__be16 frag_off;
53 
54 	ip6h = ipv6_hdr(skb);
55 
56 	if (ip6h->nexthdr != IPPROTO_HOPOPTS)
57 		return -ENOMSG;
58 
59 	nexthdr = ip6h->nexthdr;
60 	offset = skb_network_offset(skb) + sizeof(*ip6h);
61 	offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
62 
63 	if (offset < 0)
64 		return -EINVAL;
65 
66 	if (nexthdr != IPPROTO_ICMPV6)
67 		return -ENOMSG;
68 
69 	skb_set_transport_header(skb, offset);
70 
71 	return 0;
72 }
73 
74 static int ipv6_mc_check_mld_reportv2(struct sk_buff *skb)
75 {
76 	unsigned int len = skb_transport_offset(skb);
77 
78 	len += sizeof(struct mld2_report);
79 
80 	return pskb_may_pull(skb, len) ? 0 : -EINVAL;
81 }
82 
83 static int ipv6_mc_check_mld_query(struct sk_buff *skb)
84 {
85 	struct mld_msg *mld;
86 	unsigned int len = skb_transport_offset(skb);
87 
88 	/* RFC2710+RFC3810 (MLDv1+MLDv2) require link-local source addresses */
89 	if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL))
90 		return -EINVAL;
91 
92 	len += sizeof(struct mld_msg);
93 	if (skb->len < len)
94 		return -EINVAL;
95 
96 	/* MLDv1? */
97 	if (skb->len != len) {
98 		/* or MLDv2? */
99 		len += sizeof(struct mld2_query) - sizeof(struct mld_msg);
100 		if (skb->len < len || !pskb_may_pull(skb, len))
101 			return -EINVAL;
102 	}
103 
104 	mld = (struct mld_msg *)skb_transport_header(skb);
105 
106 	/* RFC2710+RFC3810 (MLDv1+MLDv2) require the multicast link layer
107 	 * all-nodes destination address (ff02::1) for general queries
108 	 */
109 	if (ipv6_addr_any(&mld->mld_mca) &&
110 	    !ipv6_addr_is_ll_all_nodes(&ipv6_hdr(skb)->daddr))
111 		return -EINVAL;
112 
113 	return 0;
114 }
115 
116 static int ipv6_mc_check_mld_msg(struct sk_buff *skb)
117 {
118 	struct mld_msg *mld = (struct mld_msg *)skb_transport_header(skb);
119 
120 	switch (mld->mld_type) {
121 	case ICMPV6_MGM_REDUCTION:
122 	case ICMPV6_MGM_REPORT:
123 		/* fall through */
124 		return 0;
125 	case ICMPV6_MLD2_REPORT:
126 		return ipv6_mc_check_mld_reportv2(skb);
127 	case ICMPV6_MGM_QUERY:
128 		return ipv6_mc_check_mld_query(skb);
129 	default:
130 		return -ENOMSG;
131 	}
132 }
133 
134 static inline __sum16 ipv6_mc_validate_checksum(struct sk_buff *skb)
135 {
136 	return skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo);
137 }
138 
139 static int __ipv6_mc_check_mld(struct sk_buff *skb,
140 			       struct sk_buff **skb_trimmed)
141 
142 {
143 	struct sk_buff *skb_chk = NULL;
144 	unsigned int transport_len;
145 	unsigned int len = skb_transport_offset(skb) + sizeof(struct mld_msg);
146 	int ret;
147 
148 	transport_len = ntohs(ipv6_hdr(skb)->payload_len);
149 	transport_len -= skb_transport_offset(skb) - sizeof(struct ipv6hdr);
150 
151 	skb_get(skb);
152 	skb_chk = skb_checksum_trimmed(skb, transport_len,
153 				       ipv6_mc_validate_checksum);
154 	if (!skb_chk)
155 		return -EINVAL;
156 
157 	if (!pskb_may_pull(skb_chk, len)) {
158 		kfree_skb(skb_chk);
159 		return -EINVAL;
160 	}
161 
162 	ret = ipv6_mc_check_mld_msg(skb_chk);
163 	if (ret) {
164 		kfree_skb(skb_chk);
165 		return ret;
166 	}
167 
168 	if (skb_trimmed)
169 		*skb_trimmed = skb_chk;
170 	else
171 		kfree_skb(skb_chk);
172 
173 	return 0;
174 }
175 
176 /**
177  * ipv6_mc_check_mld - checks whether this is a sane MLD packet
178  * @skb: the skb to validate
179  * @skb_trimmed: to store an skb pointer trimmed to IPv6 packet tail (optional)
180  *
181  * Checks whether an IPv6 packet is a valid MLD packet. If so sets
182  * skb network and transport headers accordingly and returns zero.
183  *
184  * -EINVAL: A broken packet was detected, i.e. it violates some internet
185  *  standard
186  * -ENOMSG: IP header validation succeeded but it is not an MLD packet.
187  * -ENOMEM: A memory allocation failure happened.
188  *
189  * Optionally, an skb pointer might be provided via skb_trimmed (or set it
190  * to NULL): After parsing an MLD packet successfully it will point to
191  * an skb which has its tail aligned to the IP packet end. This might
192  * either be the originally provided skb or a trimmed, cloned version if
193  * the skb frame had data beyond the IP packet. A cloned skb allows us
194  * to leave the original skb and its full frame unchanged (which might be
195  * desirable for layer 2 frame jugglers).
196  *
197  * The caller needs to release a reference count from any returned skb_trimmed.
198  */
199 int ipv6_mc_check_mld(struct sk_buff *skb, struct sk_buff **skb_trimmed)
200 {
201 	int ret;
202 
203 	ret = ipv6_mc_check_ip6hdr(skb);
204 	if (ret < 0)
205 		return ret;
206 
207 	ret = ipv6_mc_check_exthdrs(skb);
208 	if (ret < 0)
209 		return ret;
210 
211 	return __ipv6_mc_check_mld(skb, skb_trimmed);
212 }
213 EXPORT_SYMBOL(ipv6_mc_check_mld);
214