12874c5fdSThomas Gleixner // SPDX-License-Identifier: GPL-2.0-or-later 21da177e4SLinus Torvalds /* 31da177e4SLinus Torvalds * IPv6 fragment reassembly 41da177e4SLinus Torvalds * Linux INET6 implementation 51da177e4SLinus Torvalds * 61da177e4SLinus Torvalds * Authors: 71da177e4SLinus Torvalds * Pedro Roque <roque@di.fc.ul.pt> 81da177e4SLinus Torvalds * 91da177e4SLinus Torvalds * Based on: net/ipv4/ip_fragment.c 101da177e4SLinus Torvalds */ 111da177e4SLinus Torvalds 121da177e4SLinus Torvalds /* 131da177e4SLinus Torvalds * Fixes: 141da177e4SLinus Torvalds * Andi Kleen Make it work with multiple hosts. 151da177e4SLinus Torvalds * More RFC compliance. 161da177e4SLinus Torvalds * 171da177e4SLinus Torvalds * Horst von Brand Add missing #include <linux/string.h> 181da177e4SLinus Torvalds * Alexey Kuznetsov SMP races, threading, cleanup. 191da177e4SLinus Torvalds * Patrick McHardy LRU queue of frag heads for evictor. 201da177e4SLinus Torvalds * Mitsuru KANDA @USAGI Register inet6_protocol{}. 211da177e4SLinus Torvalds * David Stevens and 221da177e4SLinus Torvalds * YOSHIFUJI,H. @USAGI Always remove fragment header to 231da177e4SLinus Torvalds * calculate ICV correctly. 241da177e4SLinus Torvalds */ 255a3da1feSHannes Frederic Sowa 265a3da1feSHannes Frederic Sowa #define pr_fmt(fmt) "IPv6: " fmt 275a3da1feSHannes Frederic Sowa 281da177e4SLinus Torvalds #include <linux/errno.h> 291da177e4SLinus Torvalds #include <linux/types.h> 301da177e4SLinus Torvalds #include <linux/string.h> 311da177e4SLinus Torvalds #include <linux/socket.h> 321da177e4SLinus Torvalds #include <linux/sockios.h> 331da177e4SLinus Torvalds #include <linux/jiffies.h> 341da177e4SLinus Torvalds #include <linux/net.h> 351da177e4SLinus Torvalds #include <linux/list.h> 361da177e4SLinus Torvalds #include <linux/netdevice.h> 371da177e4SLinus Torvalds #include <linux/in6.h> 381da177e4SLinus Torvalds #include <linux/ipv6.h> 391da177e4SLinus Torvalds #include <linux/icmpv6.h> 401da177e4SLinus Torvalds #include <linux/random.h> 411da177e4SLinus Torvalds #include <linux/jhash.h> 42f61944efSHerbert Xu #include <linux/skbuff.h> 435a0e3ad6STejun Heo #include <linux/slab.h> 44bc3b2d7fSPaul Gortmaker #include <linux/export.h> 452efdaaafSHangbin Liu #include <linux/tcp.h> 462efdaaafSHangbin Liu #include <linux/udp.h> 471da177e4SLinus Torvalds 481da177e4SLinus Torvalds #include <net/sock.h> 491da177e4SLinus Torvalds #include <net/snmp.h> 501da177e4SLinus Torvalds 511da177e4SLinus Torvalds #include <net/ipv6.h> 52a11d206dSYOSHIFUJI Hideaki #include <net/ip6_route.h> 531da177e4SLinus Torvalds #include <net/protocol.h> 541da177e4SLinus Torvalds #include <net/transp_v6.h> 551da177e4SLinus Torvalds #include <net/rawv6.h> 561da177e4SLinus Torvalds #include <net/ndisc.h> 571da177e4SLinus Torvalds #include <net/addrconf.h> 5870b095c8SFlorian Westphal #include <net/ipv6_frag.h> 59eec2e618SHannes Frederic Sowa #include <net/inet_ecn.h> 601da177e4SLinus Torvalds 61d4ad4d22SNikolay Aleksandrov static const char ip6_frag_cache_name[] = "ip6-frags"; 62d4ad4d22SNikolay Aleksandrov 63fc08c258SFabian Frederick static u8 ip6_frag_ecn(const struct ipv6hdr *ipv6h) 64eec2e618SHannes Frederic Sowa { 65eec2e618SHannes Frederic Sowa return 1 << (ipv6_get_dsfield(ipv6h) & INET_ECN_MASK); 66eec2e618SHannes Frederic Sowa } 671da177e4SLinus Torvalds 687eb95156SPavel Emelyanov static struct inet_frags ip6_frags; 691da177e4SLinus Torvalds 70d4289fccSPeter Oskolkov static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *skb, 71d4289fccSPeter Oskolkov struct sk_buff *prev_tail, struct net_device *dev); 72f61944efSHerbert Xu 7378802011SKees Cook static void ip6_frag_expire(struct timer_list *t) 74b836c99fSAmerigo Wang { 7578802011SKees Cook struct inet_frag_queue *frag = from_timer(frag, t, timer); 76b836c99fSAmerigo Wang struct frag_queue *fq; 77b836c99fSAmerigo Wang 7878802011SKees Cook fq = container_of(frag, struct frag_queue, q); 79b836c99fSAmerigo Wang 80a39aca67SEric Dumazet ip6frag_expire_frag_queue(fq->q.fqdir->net, fq); 811da177e4SLinus Torvalds } 821da177e4SLinus Torvalds 83fc08c258SFabian Frederick static struct frag_queue * 84648700f7SEric Dumazet fq_find(struct net *net, __be32 id, const struct ipv6hdr *hdr, int iif) 851da177e4SLinus Torvalds { 86648700f7SEric Dumazet struct frag_v6_compare_key key = { 87648700f7SEric Dumazet .id = id, 88648700f7SEric Dumazet .saddr = hdr->saddr, 89648700f7SEric Dumazet .daddr = hdr->daddr, 90648700f7SEric Dumazet .user = IP6_DEFRAG_LOCAL_DELIVER, 91648700f7SEric Dumazet .iif = iif, 92648700f7SEric Dumazet }; 93c6fda282SPavel Emelyanov struct inet_frag_queue *q; 941da177e4SLinus Torvalds 95648700f7SEric Dumazet if (!(ipv6_addr_type(&hdr->daddr) & (IPV6_ADDR_MULTICAST | 96648700f7SEric Dumazet IPV6_ADDR_LINKLOCAL))) 97648700f7SEric Dumazet key.iif = 0; 989a375803SPavel Emelyanov 994907abc6SEric Dumazet q = inet_frag_find(net->ipv6.fqdir, &key); 1002d44ed22SEric Dumazet if (!q) 1019546377cSShan Wei return NULL; 1022d44ed22SEric Dumazet 103c6fda282SPavel Emelyanov return container_of(q, struct frag_queue, q); 1041da177e4SLinus Torvalds } 1051da177e4SLinus Torvalds 106f61944efSHerbert Xu static int ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb, 107415787d7SEric Dumazet struct frag_hdr *fhdr, int nhoff, 108415787d7SEric Dumazet u32 *prob_offset) 1091da177e4SLinus Torvalds { 110adf30907SEric Dumazet struct net *net = dev_net(skb_dst(skb)->dev); 111d4289fccSPeter Oskolkov int offset, end, fragsize; 112d4289fccSPeter Oskolkov struct sk_buff *prev_tail; 113d4289fccSPeter Oskolkov struct net_device *dev; 114d4289fccSPeter Oskolkov int err = -ENOENT; 115eec2e618SHannes Frederic Sowa u8 ecn; 1161da177e4SLinus Torvalds 11706aa8b8aSNikolay Aleksandrov if (fq->q.flags & INET_FRAG_COMPLETE) 1181da177e4SLinus Torvalds goto err; 1191da177e4SLinus Torvalds 120d4289fccSPeter Oskolkov err = -EINVAL; 1211da177e4SLinus Torvalds offset = ntohs(fhdr->frag_off) & ~0x7; 1220660e03fSArnaldo Carvalho de Melo end = offset + (ntohs(ipv6_hdr(skb)->payload_len) - 1230660e03fSArnaldo Carvalho de Melo ((u8 *)(fhdr + 1) - (u8 *)(ipv6_hdr(skb) + 1))); 1241da177e4SLinus Torvalds 1251da177e4SLinus Torvalds if ((unsigned int)end > IPV6_MAXPLEN) { 126415787d7SEric Dumazet *prob_offset = (u8 *)&fhdr->frag_off - skb_network_header(skb); 127d4289fccSPeter Oskolkov /* note that if prob_offset is set, the skb is freed elsewhere, 128d4289fccSPeter Oskolkov * we do not free it here. 129d4289fccSPeter Oskolkov */ 130f61944efSHerbert Xu return -1; 1311da177e4SLinus Torvalds } 1321da177e4SLinus Torvalds 133eec2e618SHannes Frederic Sowa ecn = ip6_frag_ecn(ipv6_hdr(skb)); 134eec2e618SHannes Frederic Sowa 135d56f90a7SArnaldo Carvalho de Melo if (skb->ip_summed == CHECKSUM_COMPLETE) { 136d56f90a7SArnaldo Carvalho de Melo const unsigned char *nh = skb_network_header(skb); 1371da177e4SLinus Torvalds skb->csum = csum_sub(skb->csum, 138d56f90a7SArnaldo Carvalho de Melo csum_partial(nh, (u8 *)(fhdr + 1) - nh, 139d56f90a7SArnaldo Carvalho de Melo 0)); 140d56f90a7SArnaldo Carvalho de Melo } 1411da177e4SLinus Torvalds 1421da177e4SLinus Torvalds /* Is this the final fragment? */ 1431da177e4SLinus Torvalds if (!(fhdr->frag_off & htons(IP6_MF))) { 1441da177e4SLinus Torvalds /* If we already have some bits beyond end 1451da177e4SLinus Torvalds * or have different end, the segment is corrupted. 1461da177e4SLinus Torvalds */ 1475ab11c98SPavel Emelyanov if (end < fq->q.len || 14806aa8b8aSNikolay Aleksandrov ((fq->q.flags & INET_FRAG_LAST_IN) && end != fq->q.len)) 1492475f59cSPeter Oskolkov goto discard_fq; 15006aa8b8aSNikolay Aleksandrov fq->q.flags |= INET_FRAG_LAST_IN; 1515ab11c98SPavel Emelyanov fq->q.len = end; 1521da177e4SLinus Torvalds } else { 1531da177e4SLinus Torvalds /* Check if the fragment is rounded to 8 bytes. 1541da177e4SLinus Torvalds * Required by the RFC. 1551da177e4SLinus Torvalds */ 1561da177e4SLinus Torvalds if (end & 0x7) { 1571da177e4SLinus Torvalds /* RFC2460 says always send parameter problem in 1581da177e4SLinus Torvalds * this case. -DaveM 1591da177e4SLinus Torvalds */ 160415787d7SEric Dumazet *prob_offset = offsetof(struct ipv6hdr, payload_len); 161f61944efSHerbert Xu return -1; 1621da177e4SLinus Torvalds } 1635ab11c98SPavel Emelyanov if (end > fq->q.len) { 1641da177e4SLinus Torvalds /* Some bits beyond end -> corruption. */ 16506aa8b8aSNikolay Aleksandrov if (fq->q.flags & INET_FRAG_LAST_IN) 1662475f59cSPeter Oskolkov goto discard_fq; 1675ab11c98SPavel Emelyanov fq->q.len = end; 1681da177e4SLinus Torvalds } 1691da177e4SLinus Torvalds } 1701da177e4SLinus Torvalds 1711da177e4SLinus Torvalds if (end == offset) 1722475f59cSPeter Oskolkov goto discard_fq; 1731da177e4SLinus Torvalds 174d4289fccSPeter Oskolkov err = -ENOMEM; 1751da177e4SLinus Torvalds /* Point into the IP datagram 'data' part. */ 1761da177e4SLinus Torvalds if (!pskb_pull(skb, (u8 *) (fhdr + 1) - skb->data)) 1772475f59cSPeter Oskolkov goto discard_fq; 17842ca89c1SStephen Hemminger 179d4289fccSPeter Oskolkov err = pskb_trim_rcsum(skb, end - offset); 180d4289fccSPeter Oskolkov if (err) 1812475f59cSPeter Oskolkov goto discard_fq; 1821da177e4SLinus Torvalds 183d4289fccSPeter Oskolkov /* Note : skb->rbnode and skb->dev share the same location. */ 184219badfaSEric Dumazet dev = skb->dev; 185219badfaSEric Dumazet /* Makes sure compiler wont do silly aliasing games */ 186219badfaSEric Dumazet barrier(); 1871da177e4SLinus Torvalds 188d4289fccSPeter Oskolkov prev_tail = fq->q.fragments_tail; 189d4289fccSPeter Oskolkov err = inet_frag_queue_insert(&fq->q, skb, offset, end); 190d4289fccSPeter Oskolkov if (err) 191d4289fccSPeter Oskolkov goto insert_error; 192d4289fccSPeter Oskolkov 193d4289fccSPeter Oskolkov if (dev) 194d4289fccSPeter Oskolkov fq->iif = dev->ifindex; 1951da177e4SLinus Torvalds 1965ab11c98SPavel Emelyanov fq->q.stamp = skb->tstamp; 1975ab11c98SPavel Emelyanov fq->q.meat += skb->len; 198eec2e618SHannes Frederic Sowa fq->ecn |= ecn; 1996ce3b4dcSEric Dumazet add_frag_mem_limit(fq->q.fqdir, skb->truesize); 2001da177e4SLinus Torvalds 201dbd1759eSWillem de Bruijn fragsize = -skb_network_offset(skb) + skb->len; 202dbd1759eSWillem de Bruijn if (fragsize > fq->q.max_size) 203dbd1759eSWillem de Bruijn fq->q.max_size = fragsize; 204dbd1759eSWillem de Bruijn 2051da177e4SLinus Torvalds /* The first fragment. 2061da177e4SLinus Torvalds * nhoffset is obtained from the first fragment, of course. 2071da177e4SLinus Torvalds */ 2081da177e4SLinus Torvalds if (offset == 0) { 2091da177e4SLinus Torvalds fq->nhoffset = nhoff; 21006aa8b8aSNikolay Aleksandrov fq->q.flags |= INET_FRAG_FIRST_IN; 2111da177e4SLinus Torvalds } 212f61944efSHerbert Xu 21306aa8b8aSNikolay Aleksandrov if (fq->q.flags == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) && 21497599dc7SEric Dumazet fq->q.meat == fq->q.len) { 21597599dc7SEric Dumazet unsigned long orefdst = skb->_skb_refdst; 216f61944efSHerbert Xu 21797599dc7SEric Dumazet skb->_skb_refdst = 0UL; 218d4289fccSPeter Oskolkov err = ip6_frag_reasm(fq, skb, prev_tail, dev); 21997599dc7SEric Dumazet skb->_skb_refdst = orefdst; 220d4289fccSPeter Oskolkov return err; 22197599dc7SEric Dumazet } 22297599dc7SEric Dumazet 22397599dc7SEric Dumazet skb_dst_drop(skb); 224d4289fccSPeter Oskolkov return -EINPROGRESS; 2251da177e4SLinus Torvalds 226d4289fccSPeter Oskolkov insert_error: 227d4289fccSPeter Oskolkov if (err == IPFRAG_DUP) { 228d4289fccSPeter Oskolkov kfree_skb(skb); 229d4289fccSPeter Oskolkov return -EINVAL; 230d4289fccSPeter Oskolkov } 231d4289fccSPeter Oskolkov err = -EINVAL; 232d4289fccSPeter Oskolkov __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 233d4289fccSPeter Oskolkov IPSTATS_MIB_REASM_OVERLAPS); 23470789d70SNicolas Dichtel discard_fq: 235093ba729SEric Dumazet inet_frag_kill(&fq->q); 2361d015503SEric Dumazet __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 2373bd653c8SDenis V. Lunev IPSTATS_MIB_REASMFAILS); 238d4289fccSPeter Oskolkov err: 2391da177e4SLinus Torvalds kfree_skb(skb); 240d4289fccSPeter Oskolkov return err; 2411da177e4SLinus Torvalds } 2421da177e4SLinus Torvalds 2431da177e4SLinus Torvalds /* 2441da177e4SLinus Torvalds * Check if this packet is complete. 2451da177e4SLinus Torvalds * 2461da177e4SLinus Torvalds * It is called with locked fq, and caller must check that 2471da177e4SLinus Torvalds * queue is eligible for reassembly i.e. it is not COMPLETE, 2481da177e4SLinus Torvalds * the last and the first frames arrived and all the bits are here. 2491da177e4SLinus Torvalds */ 250d4289fccSPeter Oskolkov static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *skb, 251d4289fccSPeter Oskolkov struct sk_buff *prev_tail, struct net_device *dev) 2521da177e4SLinus Torvalds { 253a39aca67SEric Dumazet struct net *net = fq->q.fqdir->net; 2541da177e4SLinus Torvalds unsigned int nhoff; 255d4289fccSPeter Oskolkov void *reasm_data; 256d4289fccSPeter Oskolkov int payload_len; 257eec2e618SHannes Frederic Sowa u8 ecn; 2581da177e4SLinus Torvalds 259093ba729SEric Dumazet inet_frag_kill(&fq->q); 2601da177e4SLinus Torvalds 261eec2e618SHannes Frederic Sowa ecn = ip_frag_ecn_table[fq->ecn]; 262eec2e618SHannes Frederic Sowa if (unlikely(ecn == 0xff)) 263eec2e618SHannes Frederic Sowa goto out_fail; 264eec2e618SHannes Frederic Sowa 265d4289fccSPeter Oskolkov reasm_data = inet_frag_reasm_prepare(&fq->q, skb, prev_tail); 266d4289fccSPeter Oskolkov if (!reasm_data) 267f61944efSHerbert Xu goto out_oom; 268f61944efSHerbert Xu 269d4289fccSPeter Oskolkov payload_len = ((skb->data - skb_network_header(skb)) - 2705ab11c98SPavel Emelyanov sizeof(struct ipv6hdr) + fq->q.len - 271d56f90a7SArnaldo Carvalho de Melo sizeof(struct frag_hdr)); 2721da177e4SLinus Torvalds if (payload_len > IPV6_MAXPLEN) 2731da177e4SLinus Torvalds goto out_oversize; 2741da177e4SLinus Torvalds 2751da177e4SLinus Torvalds /* We have to remove fragment header from datagram and to relocate 2761da177e4SLinus Torvalds * header in order to calculate ICV correctly. */ 2771da177e4SLinus Torvalds nhoff = fq->nhoffset; 278d4289fccSPeter Oskolkov skb_network_header(skb)[nhoff] = skb_transport_header(skb)[0]; 279d4289fccSPeter Oskolkov memmove(skb->head + sizeof(struct frag_hdr), skb->head, 280d4289fccSPeter Oskolkov (skb->data - skb->head) - sizeof(struct frag_hdr)); 281d4289fccSPeter Oskolkov if (skb_mac_header_was_set(skb)) 282d4289fccSPeter Oskolkov skb->mac_header += sizeof(struct frag_hdr); 283d4289fccSPeter Oskolkov skb->network_header += sizeof(struct frag_hdr); 2841da177e4SLinus Torvalds 285d4289fccSPeter Oskolkov skb_reset_transport_header(skb); 2861da177e4SLinus Torvalds 287891584f4SGuillaume Nault inet_frag_reasm_finish(&fq->q, skb, reasm_data, true); 288ec16439eSEric Dumazet 289d4289fccSPeter Oskolkov skb->dev = dev; 290d4289fccSPeter Oskolkov ipv6_hdr(skb)->payload_len = htons(payload_len); 291d4289fccSPeter Oskolkov ipv6_change_dsfield(ipv6_hdr(skb), 0xff, ecn); 292d4289fccSPeter Oskolkov IP6CB(skb)->nhoff = nhoff; 293d4289fccSPeter Oskolkov IP6CB(skb)->flags |= IP6SKB_FRAGMENTED; 294d4289fccSPeter Oskolkov IP6CB(skb)->frag_max_size = fq->q.max_size; 2951da177e4SLinus Torvalds 2961da177e4SLinus Torvalds /* Yes, and fold redundant checksum back. 8) */ 297d4289fccSPeter Oskolkov skb_postpush_rcsum(skb, skb_network_header(skb), 298d4289fccSPeter Oskolkov skb_network_header_len(skb)); 2991da177e4SLinus Torvalds 300a11d206dSYOSHIFUJI Hideaki rcu_read_lock(); 301e1ae5c2eSStephen Suryaputra __IP6_INC_STATS(net, __in6_dev_stats_get(dev, skb), IPSTATS_MIB_REASMOKS); 302a11d206dSYOSHIFUJI Hideaki rcu_read_unlock(); 303fa0f5273SPeter Oskolkov fq->q.rb_fragments = RB_ROOT; 304d6bebca9SChangli Gao fq->q.fragments_tail = NULL; 305d4289fccSPeter Oskolkov fq->q.last_run_head = NULL; 3061da177e4SLinus Torvalds return 1; 3071da177e4SLinus Torvalds 3081da177e4SLinus Torvalds out_oversize: 309e87cc472SJoe Perches net_dbg_ratelimited("ip6_frag_reasm: payload len = %d\n", payload_len); 3101da177e4SLinus Torvalds goto out_fail; 3111da177e4SLinus Torvalds out_oom: 312e87cc472SJoe Perches net_dbg_ratelimited("ip6_frag_reasm: no memory for reassembly\n"); 3131da177e4SLinus Torvalds out_fail: 314a11d206dSYOSHIFUJI Hideaki rcu_read_lock(); 315e1ae5c2eSStephen Suryaputra __IP6_INC_STATS(net, __in6_dev_stats_get(dev, skb), IPSTATS_MIB_REASMFAILS); 316a11d206dSYOSHIFUJI Hideaki rcu_read_unlock(); 3172475f59cSPeter Oskolkov inet_frag_kill(&fq->q); 3181da177e4SLinus Torvalds return -1; 3191da177e4SLinus Torvalds } 3201da177e4SLinus Torvalds 321e5bbef20SHerbert Xu static int ipv6_frag_rcv(struct sk_buff *skb) 3221da177e4SLinus Torvalds { 3231da177e4SLinus Torvalds struct frag_hdr *fhdr; 3241da177e4SLinus Torvalds struct frag_queue *fq; 325b71d1d42SEric Dumazet const struct ipv6hdr *hdr = ipv6_hdr(skb); 326adf30907SEric Dumazet struct net *net = dev_net(skb_dst(skb)->dev); 3272efdaaafSHangbin Liu __be16 frag_off; 3282efdaaafSHangbin Liu int iif, offset; 3292efdaaafSHangbin Liu u8 nexthdr; 3301da177e4SLinus Torvalds 331f46078cfSHannes Frederic Sowa if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED) 332f46078cfSHannes Frederic Sowa goto fail_hdr; 333f46078cfSHannes Frederic Sowa 3341d015503SEric Dumazet __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_REASMREQDS); 3351da177e4SLinus Torvalds 3361da177e4SLinus Torvalds /* Jumbo payload inhibits frag. header */ 33798b3377cSDenis V. Lunev if (hdr->payload_len == 0) 33898b3377cSDenis V. Lunev goto fail_hdr; 33998b3377cSDenis V. Lunev 340ea2ae17dSArnaldo Carvalho de Melo if (!pskb_may_pull(skb, (skb_transport_offset(skb) + 34198b3377cSDenis V. Lunev sizeof(struct frag_hdr)))) 34298b3377cSDenis V. Lunev goto fail_hdr; 3431da177e4SLinus Torvalds 3440660e03fSArnaldo Carvalho de Melo hdr = ipv6_hdr(skb); 3459c70220bSArnaldo Carvalho de Melo fhdr = (struct frag_hdr *)skb_transport_header(skb); 3461da177e4SLinus Torvalds 3471da177e4SLinus Torvalds if (!(fhdr->frag_off & htons(0xFFF9))) { 3481da177e4SLinus Torvalds /* It is not a fragmented frame */ 349b0e380b1SArnaldo Carvalho de Melo skb->transport_header += sizeof(struct frag_hdr); 3501d015503SEric Dumazet __IP6_INC_STATS(net, 351adf30907SEric Dumazet ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_REASMOKS); 3521da177e4SLinus Torvalds 353d56f90a7SArnaldo Carvalho de Melo IP6CB(skb)->nhoff = (u8 *)fhdr - skb_network_header(skb); 354f46078cfSHannes Frederic Sowa IP6CB(skb)->flags |= IP6SKB_FRAGMENTED; 3551da177e4SLinus Torvalds return 1; 3561da177e4SLinus Torvalds } 3571da177e4SLinus Torvalds 3582efdaaafSHangbin Liu /* RFC 8200, Section 4.5 Fragment Header: 3592efdaaafSHangbin Liu * If the first fragment does not include all headers through an 3602efdaaafSHangbin Liu * Upper-Layer header, then that fragment should be discarded and 3612efdaaafSHangbin Liu * an ICMP Parameter Problem, Code 3, message should be sent to 3622efdaaafSHangbin Liu * the source of the fragment, with the Pointer field set to zero. 3632efdaaafSHangbin Liu */ 3642efdaaafSHangbin Liu nexthdr = hdr->nexthdr; 3652efdaaafSHangbin Liu offset = ipv6_skip_exthdr(skb, skb_transport_offset(skb), &nexthdr, &frag_off); 3662efdaaafSHangbin Liu if (offset >= 0) { 3672efdaaafSHangbin Liu /* Check some common protocols' header */ 3682efdaaafSHangbin Liu if (nexthdr == IPPROTO_TCP) 3692efdaaafSHangbin Liu offset += sizeof(struct tcphdr); 3702efdaaafSHangbin Liu else if (nexthdr == IPPROTO_UDP) 3712efdaaafSHangbin Liu offset += sizeof(struct udphdr); 3722efdaaafSHangbin Liu else if (nexthdr == IPPROTO_ICMPV6) 3732efdaaafSHangbin Liu offset += sizeof(struct icmp6hdr); 3742efdaaafSHangbin Liu else 3752efdaaafSHangbin Liu offset += 1; 3762efdaaafSHangbin Liu 3772efdaaafSHangbin Liu if (!(frag_off & htons(IP6_OFFSET)) && offset > skb->len) { 3782efdaaafSHangbin Liu __IP6_INC_STATS(net, __in6_dev_get_safely(skb->dev), 3792efdaaafSHangbin Liu IPSTATS_MIB_INHDRERRORS); 3802efdaaafSHangbin Liu icmpv6_param_prob(skb, ICMPV6_HDR_INCOMP, 0); 3812efdaaafSHangbin Liu return -1; 3822efdaaafSHangbin Liu } 3832efdaaafSHangbin Liu } 3842efdaaafSHangbin Liu 385648700f7SEric Dumazet iif = skb->dev ? skb->dev->ifindex : 0; 386648700f7SEric Dumazet fq = fq_find(net, fhdr->identification, hdr, iif); 38753b24b8fSIan Morris if (fq) { 388415787d7SEric Dumazet u32 prob_offset = 0; 389f61944efSHerbert Xu int ret; 3901da177e4SLinus Torvalds 3915ab11c98SPavel Emelyanov spin_lock(&fq->q.lock); 3921da177e4SLinus Torvalds 393648700f7SEric Dumazet fq->iif = iif; 394415787d7SEric Dumazet ret = ip6_frag_queue(fq, skb, fhdr, IP6CB(skb)->nhoff, 395415787d7SEric Dumazet &prob_offset); 3961da177e4SLinus Torvalds 3975ab11c98SPavel Emelyanov spin_unlock(&fq->q.lock); 398093ba729SEric Dumazet inet_frag_put(&fq->q); 399415787d7SEric Dumazet if (prob_offset) { 400415787d7SEric Dumazet __IP6_INC_STATS(net, __in6_dev_get_safely(skb->dev), 401415787d7SEric Dumazet IPSTATS_MIB_INHDRERRORS); 402d4289fccSPeter Oskolkov /* icmpv6_param_prob() calls kfree_skb(skb) */ 403415787d7SEric Dumazet icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, prob_offset); 404415787d7SEric Dumazet } 4051da177e4SLinus Torvalds return ret; 4061da177e4SLinus Torvalds } 4071da177e4SLinus Torvalds 4081d015503SEric Dumazet __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_REASMFAILS); 4091da177e4SLinus Torvalds kfree_skb(skb); 4101da177e4SLinus Torvalds return -1; 41198b3377cSDenis V. Lunev 41298b3377cSDenis V. Lunev fail_hdr: 413bdb7cc64SStephen Suryaputra __IP6_INC_STATS(net, __in6_dev_get_safely(skb->dev), 414d2373862SNikolay Aleksandrov IPSTATS_MIB_INHDRERRORS); 41598b3377cSDenis V. Lunev icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, skb_network_header_len(skb)); 41698b3377cSDenis V. Lunev return -1; 4171da177e4SLinus Torvalds } 4181da177e4SLinus Torvalds 419cc24becaSIan Morris static const struct inet6_protocol frag_protocol = { 4201da177e4SLinus Torvalds .handler = ipv6_frag_rcv, 4211da177e4SLinus Torvalds .flags = INET6_PROTO_NOPOLICY, 4221da177e4SLinus Torvalds }; 4231da177e4SLinus Torvalds 4248d8354d2SPavel Emelyanov #ifdef CONFIG_SYSCTL 4251bab4c75SNikolay Aleksandrov 4260a64b4b8SPavel Emelyanov static struct ctl_table ip6_frags_ns_ctl_table[] = { 427e71e0349SDaniel Lezcano { 4288d8354d2SPavel Emelyanov .procname = "ip6frag_high_thresh", 4293e67f106SEric Dumazet .maxlen = sizeof(unsigned long), 4308d8354d2SPavel Emelyanov .mode = 0644, 4313e67f106SEric Dumazet .proc_handler = proc_doulongvec_minmax, 4328d8354d2SPavel Emelyanov }, 4338d8354d2SPavel Emelyanov { 4348d8354d2SPavel Emelyanov .procname = "ip6frag_low_thresh", 4353e67f106SEric Dumazet .maxlen = sizeof(unsigned long), 4368d8354d2SPavel Emelyanov .mode = 0644, 4376e00f7ddSEric Dumazet .proc_handler = proc_doulongvec_minmax, 4388d8354d2SPavel Emelyanov }, 4398d8354d2SPavel Emelyanov { 4408d8354d2SPavel Emelyanov .procname = "ip6frag_time", 4418d8354d2SPavel Emelyanov .maxlen = sizeof(int), 4428d8354d2SPavel Emelyanov .mode = 0644, 4436d9f239aSAlexey Dobriyan .proc_handler = proc_dointvec_jiffies, 4448d8354d2SPavel Emelyanov }, 4457d291ebbSPavel Emelyanov { } 4467d291ebbSPavel Emelyanov }; 4477d291ebbSPavel Emelyanov 448e3a57d18SFlorian Westphal /* secret interval has been deprecated */ 449e3a57d18SFlorian Westphal static int ip6_frags_secret_interval_unused; 4507d291ebbSPavel Emelyanov static struct ctl_table ip6_frags_ctl_table[] = { 4518d8354d2SPavel Emelyanov { 4528d8354d2SPavel Emelyanov .procname = "ip6frag_secret_interval", 453e3a57d18SFlorian Westphal .data = &ip6_frags_secret_interval_unused, 4548d8354d2SPavel Emelyanov .maxlen = sizeof(int), 4558d8354d2SPavel Emelyanov .mode = 0644, 4566d9f239aSAlexey Dobriyan .proc_handler = proc_dointvec_jiffies, 4578d8354d2SPavel Emelyanov }, 4588d8354d2SPavel Emelyanov { } 4598d8354d2SPavel Emelyanov }; 4607d460db9SDaniel Lezcano 4612c8c1e72SAlexey Dobriyan static int __net_init ip6_frags_ns_sysctl_register(struct net *net) 4628d8354d2SPavel Emelyanov { 463e4a2d5c2SPavel Emelyanov struct ctl_table *table; 4648d8354d2SPavel Emelyanov struct ctl_table_header *hdr; 4658d8354d2SPavel Emelyanov 4660a64b4b8SPavel Emelyanov table = ip6_frags_ns_ctl_table; 46709ad9bc7SOctavian Purdila if (!net_eq(net, &init_net)) { 4680a64b4b8SPavel Emelyanov table = kmemdup(table, sizeof(ip6_frags_ns_ctl_table), GFP_KERNEL); 46963159f29SIan Morris if (!table) 470e4a2d5c2SPavel Emelyanov goto err_alloc; 471e4a2d5c2SPavel Emelyanov 4728668d0e2SEric Dumazet } 4734907abc6SEric Dumazet table[0].data = &net->ipv6.fqdir->high_thresh; 4744907abc6SEric Dumazet table[0].extra1 = &net->ipv6.fqdir->low_thresh; 4754907abc6SEric Dumazet table[1].data = &net->ipv6.fqdir->low_thresh; 4764907abc6SEric Dumazet table[1].extra2 = &net->ipv6.fqdir->high_thresh; 4774907abc6SEric Dumazet table[2].data = &net->ipv6.fqdir->timeout; 478e4a2d5c2SPavel Emelyanov 479ec8f23ceSEric W. Biederman hdr = register_net_sysctl(net, "net/ipv6", table); 48063159f29SIan Morris if (!hdr) 481e4a2d5c2SPavel Emelyanov goto err_reg; 482e4a2d5c2SPavel Emelyanov 483e4a2d5c2SPavel Emelyanov net->ipv6.sysctl.frags_hdr = hdr; 484e4a2d5c2SPavel Emelyanov return 0; 485e4a2d5c2SPavel Emelyanov 486e4a2d5c2SPavel Emelyanov err_reg: 48709ad9bc7SOctavian Purdila if (!net_eq(net, &init_net)) 488e4a2d5c2SPavel Emelyanov kfree(table); 489e4a2d5c2SPavel Emelyanov err_alloc: 490e4a2d5c2SPavel Emelyanov return -ENOMEM; 491e4a2d5c2SPavel Emelyanov } 492e4a2d5c2SPavel Emelyanov 4932c8c1e72SAlexey Dobriyan static void __net_exit ip6_frags_ns_sysctl_unregister(struct net *net) 494e4a2d5c2SPavel Emelyanov { 495e4a2d5c2SPavel Emelyanov struct ctl_table *table; 496e4a2d5c2SPavel Emelyanov 497e4a2d5c2SPavel Emelyanov table = net->ipv6.sysctl.frags_hdr->ctl_table_arg; 498e4a2d5c2SPavel Emelyanov unregister_net_sysctl_table(net->ipv6.sysctl.frags_hdr); 4993705e11aSYang Hongyang if (!net_eq(net, &init_net)) 500e4a2d5c2SPavel Emelyanov kfree(table); 5018d8354d2SPavel Emelyanov } 5027d291ebbSPavel Emelyanov 5037d291ebbSPavel Emelyanov static struct ctl_table_header *ip6_ctl_header; 5047d291ebbSPavel Emelyanov 5057d291ebbSPavel Emelyanov static int ip6_frags_sysctl_register(void) 5067d291ebbSPavel Emelyanov { 50743444757SEric W. Biederman ip6_ctl_header = register_net_sysctl(&init_net, "net/ipv6", 5087d291ebbSPavel Emelyanov ip6_frags_ctl_table); 5097d291ebbSPavel Emelyanov return ip6_ctl_header == NULL ? -ENOMEM : 0; 5107d291ebbSPavel Emelyanov } 5117d291ebbSPavel Emelyanov 5127d291ebbSPavel Emelyanov static void ip6_frags_sysctl_unregister(void) 5137d291ebbSPavel Emelyanov { 5147d291ebbSPavel Emelyanov unregister_net_sysctl_table(ip6_ctl_header); 5157d291ebbSPavel Emelyanov } 5168d8354d2SPavel Emelyanov #else 517fc08c258SFabian Frederick static int ip6_frags_ns_sysctl_register(struct net *net) 5188d8354d2SPavel Emelyanov { 5198d8354d2SPavel Emelyanov return 0; 5208d8354d2SPavel Emelyanov } 521e4a2d5c2SPavel Emelyanov 522fc08c258SFabian Frederick static void ip6_frags_ns_sysctl_unregister(struct net *net) 523e4a2d5c2SPavel Emelyanov { 524e4a2d5c2SPavel Emelyanov } 5257d291ebbSPavel Emelyanov 526fc08c258SFabian Frederick static int ip6_frags_sysctl_register(void) 5277d291ebbSPavel Emelyanov { 5287d291ebbSPavel Emelyanov return 0; 5297d291ebbSPavel Emelyanov } 5307d291ebbSPavel Emelyanov 531fc08c258SFabian Frederick static void ip6_frags_sysctl_unregister(void) 5327d291ebbSPavel Emelyanov { 5337d291ebbSPavel Emelyanov } 5348d8354d2SPavel Emelyanov #endif 5358d8354d2SPavel Emelyanov 5362c8c1e72SAlexey Dobriyan static int __net_init ipv6_frags_init_net(struct net *net) 5378d8354d2SPavel Emelyanov { 538787bea77SEric Dumazet int res; 539787bea77SEric Dumazet 540a39aca67SEric Dumazet res = fqdir_init(&net->ipv6.fqdir, &ip6_frags, net); 541787bea77SEric Dumazet if (res < 0) 542787bea77SEric Dumazet return res; 5435a63643eSJesper Dangaard Brouer 5444907abc6SEric Dumazet net->ipv6.fqdir->high_thresh = IPV6_FRAG_HIGH_THRESH; 5454907abc6SEric Dumazet net->ipv6.fqdir->low_thresh = IPV6_FRAG_LOW_THRESH; 5464907abc6SEric Dumazet net->ipv6.fqdir->timeout = IPV6_FRAG_TIMEOUT; 5474907abc6SEric Dumazet 548787bea77SEric Dumazet res = ip6_frags_ns_sysctl_register(net); 549787bea77SEric Dumazet if (res < 0) 5504907abc6SEric Dumazet fqdir_exit(net->ipv6.fqdir); 551787bea77SEric Dumazet return res; 552e71e0349SDaniel Lezcano } 553e71e0349SDaniel Lezcano 554d5dd8879SEric Dumazet static void __net_exit ipv6_frags_pre_exit_net(struct net *net) 555d5dd8879SEric Dumazet { 556d5dd8879SEric Dumazet fqdir_pre_exit(net->ipv6.fqdir); 557d5dd8879SEric Dumazet } 558d5dd8879SEric Dumazet 5592c8c1e72SAlexey Dobriyan static void __net_exit ipv6_frags_exit_net(struct net *net) 56081566e83SPavel Emelyanov { 5610a64b4b8SPavel Emelyanov ip6_frags_ns_sysctl_unregister(net); 5624907abc6SEric Dumazet fqdir_exit(net->ipv6.fqdir); 56381566e83SPavel Emelyanov } 56481566e83SPavel Emelyanov 56581566e83SPavel Emelyanov static struct pernet_operations ip6_frags_ops = { 56681566e83SPavel Emelyanov .init = ipv6_frags_init_net, 567d5dd8879SEric Dumazet .pre_exit = ipv6_frags_pre_exit_net, 56881566e83SPavel Emelyanov .exit = ipv6_frags_exit_net, 56981566e83SPavel Emelyanov }; 57081566e83SPavel Emelyanov 57170b095c8SFlorian Westphal static const struct rhashtable_params ip6_rhash_params = { 572648700f7SEric Dumazet .head_offset = offsetof(struct inet_frag_queue, node), 57370b095c8SFlorian Westphal .hashfn = ip6frag_key_hashfn, 57470b095c8SFlorian Westphal .obj_hashfn = ip6frag_obj_hashfn, 57570b095c8SFlorian Westphal .obj_cmpfn = ip6frag_obj_cmpfn, 576648700f7SEric Dumazet .automatic_shrinking = true, 577648700f7SEric Dumazet }; 578648700f7SEric Dumazet 579853cbbaaSDaniel Lezcano int __init ipv6_frag_init(void) 5801da177e4SLinus Torvalds { 581853cbbaaSDaniel Lezcano int ret; 5821da177e4SLinus Torvalds 58370b095c8SFlorian Westphal ip6_frags.constructor = ip6frag_init; 584c9547709SPavel Emelyanov ip6_frags.destructor = NULL; 5851e4b8287SPavel Emelyanov ip6_frags.qsize = sizeof(struct frag_queue); 586e521db9dSPavel Emelyanov ip6_frags.frag_expire = ip6_frag_expire; 587d4ad4d22SNikolay Aleksandrov ip6_frags.frags_cache_name = ip6_frag_cache_name; 588648700f7SEric Dumazet ip6_frags.rhash_params = ip6_rhash_params; 589d4ad4d22SNikolay Aleksandrov ret = inet_frags_init(&ip6_frags); 590d4ad4d22SNikolay Aleksandrov if (ret) 5915b975babSEric Dumazet goto out; 5925b975babSEric Dumazet 5935b975babSEric Dumazet ret = inet6_add_protocol(&frag_protocol, IPPROTO_FRAGMENT); 5945b975babSEric Dumazet if (ret) 5955b975babSEric Dumazet goto err_protocol; 5965b975babSEric Dumazet 5975b975babSEric Dumazet ret = ip6_frags_sysctl_register(); 5985b975babSEric Dumazet if (ret) 5995b975babSEric Dumazet goto err_sysctl; 6005b975babSEric Dumazet 6015b975babSEric Dumazet ret = register_pernet_subsys(&ip6_frags_ops); 6025b975babSEric Dumazet if (ret) 603d4ad4d22SNikolay Aleksandrov goto err_pernet; 6045b975babSEric Dumazet 605853cbbaaSDaniel Lezcano out: 606853cbbaaSDaniel Lezcano return ret; 6070002c630SPavel Emelyanov 6080002c630SPavel Emelyanov err_pernet: 6097d291ebbSPavel Emelyanov ip6_frags_sysctl_unregister(); 6107d291ebbSPavel Emelyanov err_sysctl: 6110002c630SPavel Emelyanov inet6_del_protocol(&frag_protocol, IPPROTO_FRAGMENT); 6125b975babSEric Dumazet err_protocol: 6135b975babSEric Dumazet inet_frags_fini(&ip6_frags); 6140002c630SPavel Emelyanov goto out; 615853cbbaaSDaniel Lezcano } 616853cbbaaSDaniel Lezcano 617853cbbaaSDaniel Lezcano void ipv6_frag_exit(void) 618853cbbaaSDaniel Lezcano { 6197d291ebbSPavel Emelyanov ip6_frags_sysctl_unregister(); 62081566e83SPavel Emelyanov unregister_pernet_subsys(&ip6_frags_ops); 621853cbbaaSDaniel Lezcano inet6_del_protocol(&frag_protocol, IPPROTO_FRAGMENT); 622ae7352d3SEric Dumazet inet_frags_fini(&ip6_frags); 6231da177e4SLinus Torvalds } 624