12874c5fdSThomas Gleixner // SPDX-License-Identifier: GPL-2.0-or-later 21da177e4SLinus Torvalds /* 31da177e4SLinus Torvalds * IPv6 fragment reassembly 41da177e4SLinus Torvalds * Linux INET6 implementation 51da177e4SLinus Torvalds * 61da177e4SLinus Torvalds * Authors: 71da177e4SLinus Torvalds * Pedro Roque <roque@di.fc.ul.pt> 81da177e4SLinus Torvalds * 91da177e4SLinus Torvalds * Based on: net/ipv4/ip_fragment.c 101da177e4SLinus Torvalds */ 111da177e4SLinus Torvalds 121da177e4SLinus Torvalds /* 131da177e4SLinus Torvalds * Fixes: 141da177e4SLinus Torvalds * Andi Kleen Make it work with multiple hosts. 151da177e4SLinus Torvalds * More RFC compliance. 161da177e4SLinus Torvalds * 171da177e4SLinus Torvalds * Horst von Brand Add missing #include <linux/string.h> 181da177e4SLinus Torvalds * Alexey Kuznetsov SMP races, threading, cleanup. 191da177e4SLinus Torvalds * Patrick McHardy LRU queue of frag heads for evictor. 201da177e4SLinus Torvalds * Mitsuru KANDA @USAGI Register inet6_protocol{}. 211da177e4SLinus Torvalds * David Stevens and 221da177e4SLinus Torvalds * YOSHIFUJI,H. @USAGI Always remove fragment header to 231da177e4SLinus Torvalds * calculate ICV correctly. 241da177e4SLinus Torvalds */ 255a3da1feSHannes Frederic Sowa 265a3da1feSHannes Frederic Sowa #define pr_fmt(fmt) "IPv6: " fmt 275a3da1feSHannes Frederic Sowa 281da177e4SLinus Torvalds #include <linux/errno.h> 291da177e4SLinus Torvalds #include <linux/types.h> 301da177e4SLinus Torvalds #include <linux/string.h> 311da177e4SLinus Torvalds #include <linux/socket.h> 321da177e4SLinus Torvalds #include <linux/sockios.h> 331da177e4SLinus Torvalds #include <linux/jiffies.h> 341da177e4SLinus Torvalds #include <linux/net.h> 351da177e4SLinus Torvalds #include <linux/list.h> 361da177e4SLinus Torvalds #include <linux/netdevice.h> 371da177e4SLinus Torvalds #include <linux/in6.h> 381da177e4SLinus Torvalds #include <linux/ipv6.h> 391da177e4SLinus Torvalds #include <linux/icmpv6.h> 401da177e4SLinus Torvalds #include <linux/random.h> 411da177e4SLinus Torvalds #include <linux/jhash.h> 42f61944efSHerbert Xu #include <linux/skbuff.h> 435a0e3ad6STejun Heo #include <linux/slab.h> 44bc3b2d7fSPaul Gortmaker #include <linux/export.h> 452efdaaafSHangbin Liu #include <linux/tcp.h> 462efdaaafSHangbin Liu #include <linux/udp.h> 471da177e4SLinus Torvalds 481da177e4SLinus Torvalds #include <net/sock.h> 491da177e4SLinus Torvalds #include <net/snmp.h> 501da177e4SLinus Torvalds 511da177e4SLinus Torvalds #include <net/ipv6.h> 52a11d206dSYOSHIFUJI Hideaki #include <net/ip6_route.h> 531da177e4SLinus Torvalds #include <net/protocol.h> 541da177e4SLinus Torvalds #include <net/transp_v6.h> 551da177e4SLinus Torvalds #include <net/rawv6.h> 561da177e4SLinus Torvalds #include <net/ndisc.h> 571da177e4SLinus Torvalds #include <net/addrconf.h> 5870b095c8SFlorian Westphal #include <net/ipv6_frag.h> 59eec2e618SHannes Frederic Sowa #include <net/inet_ecn.h> 601da177e4SLinus Torvalds 61d4ad4d22SNikolay Aleksandrov static const char ip6_frag_cache_name[] = "ip6-frags"; 62d4ad4d22SNikolay Aleksandrov 63fc08c258SFabian Frederick static u8 ip6_frag_ecn(const struct ipv6hdr *ipv6h) 64eec2e618SHannes Frederic Sowa { 65eec2e618SHannes Frederic Sowa return 1 << (ipv6_get_dsfield(ipv6h) & INET_ECN_MASK); 66eec2e618SHannes Frederic Sowa } 671da177e4SLinus Torvalds 687eb95156SPavel Emelyanov static struct inet_frags ip6_frags; 691da177e4SLinus Torvalds 70d4289fccSPeter Oskolkov static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *skb, 71d4289fccSPeter Oskolkov struct sk_buff *prev_tail, struct net_device *dev); 72f61944efSHerbert Xu 7378802011SKees Cook static void ip6_frag_expire(struct timer_list *t) 74b836c99fSAmerigo Wang { 7578802011SKees Cook struct inet_frag_queue *frag = from_timer(frag, t, timer); 76b836c99fSAmerigo Wang struct frag_queue *fq; 77b836c99fSAmerigo Wang 7878802011SKees Cook fq = container_of(frag, struct frag_queue, q); 79b836c99fSAmerigo Wang 80a39aca67SEric Dumazet ip6frag_expire_frag_queue(fq->q.fqdir->net, fq); 811da177e4SLinus Torvalds } 821da177e4SLinus Torvalds 83fc08c258SFabian Frederick static struct frag_queue * 84648700f7SEric Dumazet fq_find(struct net *net, __be32 id, const struct ipv6hdr *hdr, int iif) 851da177e4SLinus Torvalds { 86648700f7SEric Dumazet struct frag_v6_compare_key key = { 87648700f7SEric Dumazet .id = id, 88648700f7SEric Dumazet .saddr = hdr->saddr, 89648700f7SEric Dumazet .daddr = hdr->daddr, 90648700f7SEric Dumazet .user = IP6_DEFRAG_LOCAL_DELIVER, 91648700f7SEric Dumazet .iif = iif, 92648700f7SEric Dumazet }; 93c6fda282SPavel Emelyanov struct inet_frag_queue *q; 941da177e4SLinus Torvalds 95648700f7SEric Dumazet if (!(ipv6_addr_type(&hdr->daddr) & (IPV6_ADDR_MULTICAST | 96648700f7SEric Dumazet IPV6_ADDR_LINKLOCAL))) 97648700f7SEric Dumazet key.iif = 0; 989a375803SPavel Emelyanov 994907abc6SEric Dumazet q = inet_frag_find(net->ipv6.fqdir, &key); 1002d44ed22SEric Dumazet if (!q) 1019546377cSShan Wei return NULL; 1022d44ed22SEric Dumazet 103c6fda282SPavel Emelyanov return container_of(q, struct frag_queue, q); 1041da177e4SLinus Torvalds } 1051da177e4SLinus Torvalds 106f61944efSHerbert Xu static int ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb, 107415787d7SEric Dumazet struct frag_hdr *fhdr, int nhoff, 108415787d7SEric Dumazet u32 *prob_offset) 1091da177e4SLinus Torvalds { 110adf30907SEric Dumazet struct net *net = dev_net(skb_dst(skb)->dev); 111d4289fccSPeter Oskolkov int offset, end, fragsize; 112d4289fccSPeter Oskolkov struct sk_buff *prev_tail; 113d4289fccSPeter Oskolkov struct net_device *dev; 114d4289fccSPeter Oskolkov int err = -ENOENT; 115eec2e618SHannes Frederic Sowa u8 ecn; 1161da177e4SLinus Torvalds 11706aa8b8aSNikolay Aleksandrov if (fq->q.flags & INET_FRAG_COMPLETE) 1181da177e4SLinus Torvalds goto err; 1191da177e4SLinus Torvalds 120d4289fccSPeter Oskolkov err = -EINVAL; 1211da177e4SLinus Torvalds offset = ntohs(fhdr->frag_off) & ~0x7; 1220660e03fSArnaldo Carvalho de Melo end = offset + (ntohs(ipv6_hdr(skb)->payload_len) - 1230660e03fSArnaldo Carvalho de Melo ((u8 *)(fhdr + 1) - (u8 *)(ipv6_hdr(skb) + 1))); 1241da177e4SLinus Torvalds 1251da177e4SLinus Torvalds if ((unsigned int)end > IPV6_MAXPLEN) { 126415787d7SEric Dumazet *prob_offset = (u8 *)&fhdr->frag_off - skb_network_header(skb); 127d4289fccSPeter Oskolkov /* note that if prob_offset is set, the skb is freed elsewhere, 128d4289fccSPeter Oskolkov * we do not free it here. 129d4289fccSPeter Oskolkov */ 130f61944efSHerbert Xu return -1; 1311da177e4SLinus Torvalds } 1321da177e4SLinus Torvalds 133eec2e618SHannes Frederic Sowa ecn = ip6_frag_ecn(ipv6_hdr(skb)); 134eec2e618SHannes Frederic Sowa 135d56f90a7SArnaldo Carvalho de Melo if (skb->ip_summed == CHECKSUM_COMPLETE) { 136d56f90a7SArnaldo Carvalho de Melo const unsigned char *nh = skb_network_header(skb); 1371da177e4SLinus Torvalds skb->csum = csum_sub(skb->csum, 138d56f90a7SArnaldo Carvalho de Melo csum_partial(nh, (u8 *)(fhdr + 1) - nh, 139d56f90a7SArnaldo Carvalho de Melo 0)); 140d56f90a7SArnaldo Carvalho de Melo } 1411da177e4SLinus Torvalds 1421da177e4SLinus Torvalds /* Is this the final fragment? */ 1431da177e4SLinus Torvalds if (!(fhdr->frag_off & htons(IP6_MF))) { 1441da177e4SLinus Torvalds /* If we already have some bits beyond end 1451da177e4SLinus Torvalds * or have different end, the segment is corrupted. 1461da177e4SLinus Torvalds */ 1475ab11c98SPavel Emelyanov if (end < fq->q.len || 14806aa8b8aSNikolay Aleksandrov ((fq->q.flags & INET_FRAG_LAST_IN) && end != fq->q.len)) 1492475f59cSPeter Oskolkov goto discard_fq; 15006aa8b8aSNikolay Aleksandrov fq->q.flags |= INET_FRAG_LAST_IN; 1515ab11c98SPavel Emelyanov fq->q.len = end; 1521da177e4SLinus Torvalds } else { 1531da177e4SLinus Torvalds /* Check if the fragment is rounded to 8 bytes. 1541da177e4SLinus Torvalds * Required by the RFC. 1551da177e4SLinus Torvalds */ 1561da177e4SLinus Torvalds if (end & 0x7) { 1571da177e4SLinus Torvalds /* RFC2460 says always send parameter problem in 1581da177e4SLinus Torvalds * this case. -DaveM 1591da177e4SLinus Torvalds */ 160415787d7SEric Dumazet *prob_offset = offsetof(struct ipv6hdr, payload_len); 161f61944efSHerbert Xu return -1; 1621da177e4SLinus Torvalds } 1635ab11c98SPavel Emelyanov if (end > fq->q.len) { 1641da177e4SLinus Torvalds /* Some bits beyond end -> corruption. */ 16506aa8b8aSNikolay Aleksandrov if (fq->q.flags & INET_FRAG_LAST_IN) 1662475f59cSPeter Oskolkov goto discard_fq; 1675ab11c98SPavel Emelyanov fq->q.len = end; 1681da177e4SLinus Torvalds } 1691da177e4SLinus Torvalds } 1701da177e4SLinus Torvalds 1711da177e4SLinus Torvalds if (end == offset) 1722475f59cSPeter Oskolkov goto discard_fq; 1731da177e4SLinus Torvalds 174d4289fccSPeter Oskolkov err = -ENOMEM; 1751da177e4SLinus Torvalds /* Point into the IP datagram 'data' part. */ 1761da177e4SLinus Torvalds if (!pskb_pull(skb, (u8 *) (fhdr + 1) - skb->data)) 1772475f59cSPeter Oskolkov goto discard_fq; 17842ca89c1SStephen Hemminger 179d4289fccSPeter Oskolkov err = pskb_trim_rcsum(skb, end - offset); 180d4289fccSPeter Oskolkov if (err) 1812475f59cSPeter Oskolkov goto discard_fq; 1821da177e4SLinus Torvalds 183d4289fccSPeter Oskolkov /* Note : skb->rbnode and skb->dev share the same location. */ 184219badfaSEric Dumazet dev = skb->dev; 185219badfaSEric Dumazet /* Makes sure compiler wont do silly aliasing games */ 186219badfaSEric Dumazet barrier(); 1871da177e4SLinus Torvalds 188d4289fccSPeter Oskolkov prev_tail = fq->q.fragments_tail; 189d4289fccSPeter Oskolkov err = inet_frag_queue_insert(&fq->q, skb, offset, end); 190d4289fccSPeter Oskolkov if (err) 191d4289fccSPeter Oskolkov goto insert_error; 192d4289fccSPeter Oskolkov 193d4289fccSPeter Oskolkov if (dev) 194d4289fccSPeter Oskolkov fq->iif = dev->ifindex; 1951da177e4SLinus Torvalds 1965ab11c98SPavel Emelyanov fq->q.stamp = skb->tstamp; 197*335c8cf3SMartin KaFai Lau fq->q.mono_delivery_time = skb->mono_delivery_time; 1985ab11c98SPavel Emelyanov fq->q.meat += skb->len; 199eec2e618SHannes Frederic Sowa fq->ecn |= ecn; 2006ce3b4dcSEric Dumazet add_frag_mem_limit(fq->q.fqdir, skb->truesize); 2011da177e4SLinus Torvalds 202dbd1759eSWillem de Bruijn fragsize = -skb_network_offset(skb) + skb->len; 203dbd1759eSWillem de Bruijn if (fragsize > fq->q.max_size) 204dbd1759eSWillem de Bruijn fq->q.max_size = fragsize; 205dbd1759eSWillem de Bruijn 2061da177e4SLinus Torvalds /* The first fragment. 2071da177e4SLinus Torvalds * nhoffset is obtained from the first fragment, of course. 2081da177e4SLinus Torvalds */ 2091da177e4SLinus Torvalds if (offset == 0) { 2101da177e4SLinus Torvalds fq->nhoffset = nhoff; 21106aa8b8aSNikolay Aleksandrov fq->q.flags |= INET_FRAG_FIRST_IN; 2121da177e4SLinus Torvalds } 213f61944efSHerbert Xu 21406aa8b8aSNikolay Aleksandrov if (fq->q.flags == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) && 21597599dc7SEric Dumazet fq->q.meat == fq->q.len) { 21697599dc7SEric Dumazet unsigned long orefdst = skb->_skb_refdst; 217f61944efSHerbert Xu 21897599dc7SEric Dumazet skb->_skb_refdst = 0UL; 219d4289fccSPeter Oskolkov err = ip6_frag_reasm(fq, skb, prev_tail, dev); 22097599dc7SEric Dumazet skb->_skb_refdst = orefdst; 221d4289fccSPeter Oskolkov return err; 22297599dc7SEric Dumazet } 22397599dc7SEric Dumazet 22497599dc7SEric Dumazet skb_dst_drop(skb); 225d4289fccSPeter Oskolkov return -EINPROGRESS; 2261da177e4SLinus Torvalds 227d4289fccSPeter Oskolkov insert_error: 228d4289fccSPeter Oskolkov if (err == IPFRAG_DUP) { 229d4289fccSPeter Oskolkov kfree_skb(skb); 230d4289fccSPeter Oskolkov return -EINVAL; 231d4289fccSPeter Oskolkov } 232d4289fccSPeter Oskolkov err = -EINVAL; 233d4289fccSPeter Oskolkov __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 234d4289fccSPeter Oskolkov IPSTATS_MIB_REASM_OVERLAPS); 23570789d70SNicolas Dichtel discard_fq: 236093ba729SEric Dumazet inet_frag_kill(&fq->q); 2371d015503SEric Dumazet __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), 2383bd653c8SDenis V. Lunev IPSTATS_MIB_REASMFAILS); 239d4289fccSPeter Oskolkov err: 2401da177e4SLinus Torvalds kfree_skb(skb); 241d4289fccSPeter Oskolkov return err; 2421da177e4SLinus Torvalds } 2431da177e4SLinus Torvalds 2441da177e4SLinus Torvalds /* 2451da177e4SLinus Torvalds * Check if this packet is complete. 2461da177e4SLinus Torvalds * 2471da177e4SLinus Torvalds * It is called with locked fq, and caller must check that 2481da177e4SLinus Torvalds * queue is eligible for reassembly i.e. it is not COMPLETE, 2491da177e4SLinus Torvalds * the last and the first frames arrived and all the bits are here. 2501da177e4SLinus Torvalds */ 251d4289fccSPeter Oskolkov static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *skb, 252d4289fccSPeter Oskolkov struct sk_buff *prev_tail, struct net_device *dev) 2531da177e4SLinus Torvalds { 254a39aca67SEric Dumazet struct net *net = fq->q.fqdir->net; 2551da177e4SLinus Torvalds unsigned int nhoff; 256d4289fccSPeter Oskolkov void *reasm_data; 257d4289fccSPeter Oskolkov int payload_len; 258eec2e618SHannes Frederic Sowa u8 ecn; 2591da177e4SLinus Torvalds 260093ba729SEric Dumazet inet_frag_kill(&fq->q); 2611da177e4SLinus Torvalds 262eec2e618SHannes Frederic Sowa ecn = ip_frag_ecn_table[fq->ecn]; 263eec2e618SHannes Frederic Sowa if (unlikely(ecn == 0xff)) 264eec2e618SHannes Frederic Sowa goto out_fail; 265eec2e618SHannes Frederic Sowa 266d4289fccSPeter Oskolkov reasm_data = inet_frag_reasm_prepare(&fq->q, skb, prev_tail); 267d4289fccSPeter Oskolkov if (!reasm_data) 268f61944efSHerbert Xu goto out_oom; 269f61944efSHerbert Xu 270d4289fccSPeter Oskolkov payload_len = ((skb->data - skb_network_header(skb)) - 2715ab11c98SPavel Emelyanov sizeof(struct ipv6hdr) + fq->q.len - 272d56f90a7SArnaldo Carvalho de Melo sizeof(struct frag_hdr)); 2731da177e4SLinus Torvalds if (payload_len > IPV6_MAXPLEN) 2741da177e4SLinus Torvalds goto out_oversize; 2751da177e4SLinus Torvalds 2761da177e4SLinus Torvalds /* We have to remove fragment header from datagram and to relocate 2771da177e4SLinus Torvalds * header in order to calculate ICV correctly. */ 2781da177e4SLinus Torvalds nhoff = fq->nhoffset; 279d4289fccSPeter Oskolkov skb_network_header(skb)[nhoff] = skb_transport_header(skb)[0]; 280d4289fccSPeter Oskolkov memmove(skb->head + sizeof(struct frag_hdr), skb->head, 281d4289fccSPeter Oskolkov (skb->data - skb->head) - sizeof(struct frag_hdr)); 282d4289fccSPeter Oskolkov if (skb_mac_header_was_set(skb)) 283d4289fccSPeter Oskolkov skb->mac_header += sizeof(struct frag_hdr); 284d4289fccSPeter Oskolkov skb->network_header += sizeof(struct frag_hdr); 2851da177e4SLinus Torvalds 286d4289fccSPeter Oskolkov skb_reset_transport_header(skb); 2871da177e4SLinus Torvalds 288891584f4SGuillaume Nault inet_frag_reasm_finish(&fq->q, skb, reasm_data, true); 289ec16439eSEric Dumazet 290d4289fccSPeter Oskolkov skb->dev = dev; 291d4289fccSPeter Oskolkov ipv6_hdr(skb)->payload_len = htons(payload_len); 292d4289fccSPeter Oskolkov ipv6_change_dsfield(ipv6_hdr(skb), 0xff, ecn); 293d4289fccSPeter Oskolkov IP6CB(skb)->nhoff = nhoff; 294d4289fccSPeter Oskolkov IP6CB(skb)->flags |= IP6SKB_FRAGMENTED; 295d4289fccSPeter Oskolkov IP6CB(skb)->frag_max_size = fq->q.max_size; 2961da177e4SLinus Torvalds 2971da177e4SLinus Torvalds /* Yes, and fold redundant checksum back. 8) */ 298d4289fccSPeter Oskolkov skb_postpush_rcsum(skb, skb_network_header(skb), 299d4289fccSPeter Oskolkov skb_network_header_len(skb)); 3001da177e4SLinus Torvalds 301a11d206dSYOSHIFUJI Hideaki rcu_read_lock(); 302e1ae5c2eSStephen Suryaputra __IP6_INC_STATS(net, __in6_dev_stats_get(dev, skb), IPSTATS_MIB_REASMOKS); 303a11d206dSYOSHIFUJI Hideaki rcu_read_unlock(); 304fa0f5273SPeter Oskolkov fq->q.rb_fragments = RB_ROOT; 305d6bebca9SChangli Gao fq->q.fragments_tail = NULL; 306d4289fccSPeter Oskolkov fq->q.last_run_head = NULL; 3071da177e4SLinus Torvalds return 1; 3081da177e4SLinus Torvalds 3091da177e4SLinus Torvalds out_oversize: 310e87cc472SJoe Perches net_dbg_ratelimited("ip6_frag_reasm: payload len = %d\n", payload_len); 3111da177e4SLinus Torvalds goto out_fail; 3121da177e4SLinus Torvalds out_oom: 313e87cc472SJoe Perches net_dbg_ratelimited("ip6_frag_reasm: no memory for reassembly\n"); 3141da177e4SLinus Torvalds out_fail: 315a11d206dSYOSHIFUJI Hideaki rcu_read_lock(); 316e1ae5c2eSStephen Suryaputra __IP6_INC_STATS(net, __in6_dev_stats_get(dev, skb), IPSTATS_MIB_REASMFAILS); 317a11d206dSYOSHIFUJI Hideaki rcu_read_unlock(); 3182475f59cSPeter Oskolkov inet_frag_kill(&fq->q); 3191da177e4SLinus Torvalds return -1; 3201da177e4SLinus Torvalds } 3211da177e4SLinus Torvalds 322e5bbef20SHerbert Xu static int ipv6_frag_rcv(struct sk_buff *skb) 3231da177e4SLinus Torvalds { 3241da177e4SLinus Torvalds struct frag_hdr *fhdr; 3251da177e4SLinus Torvalds struct frag_queue *fq; 326b71d1d42SEric Dumazet const struct ipv6hdr *hdr = ipv6_hdr(skb); 327adf30907SEric Dumazet struct net *net = dev_net(skb_dst(skb)->dev); 3282efdaaafSHangbin Liu u8 nexthdr; 3299d9e937bSGeorg Kohmann int iif; 3301da177e4SLinus Torvalds 331f46078cfSHannes Frederic Sowa if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED) 332f46078cfSHannes Frederic Sowa goto fail_hdr; 333f46078cfSHannes Frederic Sowa 3341d015503SEric Dumazet __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_REASMREQDS); 3351da177e4SLinus Torvalds 3361da177e4SLinus Torvalds /* Jumbo payload inhibits frag. header */ 33798b3377cSDenis V. Lunev if (hdr->payload_len == 0) 33898b3377cSDenis V. Lunev goto fail_hdr; 33998b3377cSDenis V. Lunev 340ea2ae17dSArnaldo Carvalho de Melo if (!pskb_may_pull(skb, (skb_transport_offset(skb) + 34198b3377cSDenis V. Lunev sizeof(struct frag_hdr)))) 34298b3377cSDenis V. Lunev goto fail_hdr; 3431da177e4SLinus Torvalds 3440660e03fSArnaldo Carvalho de Melo hdr = ipv6_hdr(skb); 3459c70220bSArnaldo Carvalho de Melo fhdr = (struct frag_hdr *)skb_transport_header(skb); 3461da177e4SLinus Torvalds 347e29f011eSFrancesco Ruggeri if (!(fhdr->frag_off & htons(IP6_OFFSET | IP6_MF))) { 3481da177e4SLinus Torvalds /* It is not a fragmented frame */ 349b0e380b1SArnaldo Carvalho de Melo skb->transport_header += sizeof(struct frag_hdr); 3501d015503SEric Dumazet __IP6_INC_STATS(net, 351adf30907SEric Dumazet ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_REASMOKS); 3521da177e4SLinus Torvalds 353d56f90a7SArnaldo Carvalho de Melo IP6CB(skb)->nhoff = (u8 *)fhdr - skb_network_header(skb); 354f46078cfSHannes Frederic Sowa IP6CB(skb)->flags |= IP6SKB_FRAGMENTED; 355e29f011eSFrancesco Ruggeri IP6CB(skb)->frag_max_size = ntohs(hdr->payload_len) + 356e29f011eSFrancesco Ruggeri sizeof(struct ipv6hdr); 3571da177e4SLinus Torvalds return 1; 3581da177e4SLinus Torvalds } 3591da177e4SLinus Torvalds 3602efdaaafSHangbin Liu /* RFC 8200, Section 4.5 Fragment Header: 3612efdaaafSHangbin Liu * If the first fragment does not include all headers through an 3622efdaaafSHangbin Liu * Upper-Layer header, then that fragment should be discarded and 3632efdaaafSHangbin Liu * an ICMP Parameter Problem, Code 3, message should be sent to 3642efdaaafSHangbin Liu * the source of the fragment, with the Pointer field set to zero. 3652efdaaafSHangbin Liu */ 3662efdaaafSHangbin Liu nexthdr = hdr->nexthdr; 3672d8f6481SGeorg Kohmann if (ipv6frag_thdr_truncated(skb, skb_transport_offset(skb), &nexthdr)) { 3682efdaaafSHangbin Liu __IP6_INC_STATS(net, __in6_dev_get_safely(skb->dev), 3692efdaaafSHangbin Liu IPSTATS_MIB_INHDRERRORS); 3702efdaaafSHangbin Liu icmpv6_param_prob(skb, ICMPV6_HDR_INCOMP, 0); 3712efdaaafSHangbin Liu return -1; 3722efdaaafSHangbin Liu } 3732efdaaafSHangbin Liu 374648700f7SEric Dumazet iif = skb->dev ? skb->dev->ifindex : 0; 375648700f7SEric Dumazet fq = fq_find(net, fhdr->identification, hdr, iif); 37653b24b8fSIan Morris if (fq) { 377415787d7SEric Dumazet u32 prob_offset = 0; 378f61944efSHerbert Xu int ret; 3791da177e4SLinus Torvalds 3805ab11c98SPavel Emelyanov spin_lock(&fq->q.lock); 3811da177e4SLinus Torvalds 382648700f7SEric Dumazet fq->iif = iif; 383415787d7SEric Dumazet ret = ip6_frag_queue(fq, skb, fhdr, IP6CB(skb)->nhoff, 384415787d7SEric Dumazet &prob_offset); 3851da177e4SLinus Torvalds 3865ab11c98SPavel Emelyanov spin_unlock(&fq->q.lock); 387093ba729SEric Dumazet inet_frag_put(&fq->q); 388415787d7SEric Dumazet if (prob_offset) { 389415787d7SEric Dumazet __IP6_INC_STATS(net, __in6_dev_get_safely(skb->dev), 390415787d7SEric Dumazet IPSTATS_MIB_INHDRERRORS); 391d4289fccSPeter Oskolkov /* icmpv6_param_prob() calls kfree_skb(skb) */ 392415787d7SEric Dumazet icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, prob_offset); 393415787d7SEric Dumazet } 3941da177e4SLinus Torvalds return ret; 3951da177e4SLinus Torvalds } 3961da177e4SLinus Torvalds 3971d015503SEric Dumazet __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_REASMFAILS); 3981da177e4SLinus Torvalds kfree_skb(skb); 3991da177e4SLinus Torvalds return -1; 40098b3377cSDenis V. Lunev 40198b3377cSDenis V. Lunev fail_hdr: 402bdb7cc64SStephen Suryaputra __IP6_INC_STATS(net, __in6_dev_get_safely(skb->dev), 403d2373862SNikolay Aleksandrov IPSTATS_MIB_INHDRERRORS); 40498b3377cSDenis V. Lunev icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, skb_network_header_len(skb)); 40598b3377cSDenis V. Lunev return -1; 4061da177e4SLinus Torvalds } 4071da177e4SLinus Torvalds 408cc24becaSIan Morris static const struct inet6_protocol frag_protocol = { 4091da177e4SLinus Torvalds .handler = ipv6_frag_rcv, 4101da177e4SLinus Torvalds .flags = INET6_PROTO_NOPOLICY, 4111da177e4SLinus Torvalds }; 4121da177e4SLinus Torvalds 4138d8354d2SPavel Emelyanov #ifdef CONFIG_SYSCTL 4141bab4c75SNikolay Aleksandrov 4150a64b4b8SPavel Emelyanov static struct ctl_table ip6_frags_ns_ctl_table[] = { 416e71e0349SDaniel Lezcano { 4178d8354d2SPavel Emelyanov .procname = "ip6frag_high_thresh", 4183e67f106SEric Dumazet .maxlen = sizeof(unsigned long), 4198d8354d2SPavel Emelyanov .mode = 0644, 4203e67f106SEric Dumazet .proc_handler = proc_doulongvec_minmax, 4218d8354d2SPavel Emelyanov }, 4228d8354d2SPavel Emelyanov { 4238d8354d2SPavel Emelyanov .procname = "ip6frag_low_thresh", 4243e67f106SEric Dumazet .maxlen = sizeof(unsigned long), 4258d8354d2SPavel Emelyanov .mode = 0644, 4266e00f7ddSEric Dumazet .proc_handler = proc_doulongvec_minmax, 4278d8354d2SPavel Emelyanov }, 4288d8354d2SPavel Emelyanov { 4298d8354d2SPavel Emelyanov .procname = "ip6frag_time", 4308d8354d2SPavel Emelyanov .maxlen = sizeof(int), 4318d8354d2SPavel Emelyanov .mode = 0644, 4326d9f239aSAlexey Dobriyan .proc_handler = proc_dointvec_jiffies, 4338d8354d2SPavel Emelyanov }, 4347d291ebbSPavel Emelyanov { } 4357d291ebbSPavel Emelyanov }; 4367d291ebbSPavel Emelyanov 437e3a57d18SFlorian Westphal /* secret interval has been deprecated */ 438e3a57d18SFlorian Westphal static int ip6_frags_secret_interval_unused; 4397d291ebbSPavel Emelyanov static struct ctl_table ip6_frags_ctl_table[] = { 4408d8354d2SPavel Emelyanov { 4418d8354d2SPavel Emelyanov .procname = "ip6frag_secret_interval", 442e3a57d18SFlorian Westphal .data = &ip6_frags_secret_interval_unused, 4438d8354d2SPavel Emelyanov .maxlen = sizeof(int), 4448d8354d2SPavel Emelyanov .mode = 0644, 4456d9f239aSAlexey Dobriyan .proc_handler = proc_dointvec_jiffies, 4468d8354d2SPavel Emelyanov }, 4478d8354d2SPavel Emelyanov { } 4488d8354d2SPavel Emelyanov }; 4497d460db9SDaniel Lezcano 4502c8c1e72SAlexey Dobriyan static int __net_init ip6_frags_ns_sysctl_register(struct net *net) 4518d8354d2SPavel Emelyanov { 452e4a2d5c2SPavel Emelyanov struct ctl_table *table; 4538d8354d2SPavel Emelyanov struct ctl_table_header *hdr; 4548d8354d2SPavel Emelyanov 4550a64b4b8SPavel Emelyanov table = ip6_frags_ns_ctl_table; 45609ad9bc7SOctavian Purdila if (!net_eq(net, &init_net)) { 4570a64b4b8SPavel Emelyanov table = kmemdup(table, sizeof(ip6_frags_ns_ctl_table), GFP_KERNEL); 45863159f29SIan Morris if (!table) 459e4a2d5c2SPavel Emelyanov goto err_alloc; 460e4a2d5c2SPavel Emelyanov 4618668d0e2SEric Dumazet } 4624907abc6SEric Dumazet table[0].data = &net->ipv6.fqdir->high_thresh; 4634907abc6SEric Dumazet table[0].extra1 = &net->ipv6.fqdir->low_thresh; 4644907abc6SEric Dumazet table[1].data = &net->ipv6.fqdir->low_thresh; 4654907abc6SEric Dumazet table[1].extra2 = &net->ipv6.fqdir->high_thresh; 4664907abc6SEric Dumazet table[2].data = &net->ipv6.fqdir->timeout; 467e4a2d5c2SPavel Emelyanov 468ec8f23ceSEric W. Biederman hdr = register_net_sysctl(net, "net/ipv6", table); 46963159f29SIan Morris if (!hdr) 470e4a2d5c2SPavel Emelyanov goto err_reg; 471e4a2d5c2SPavel Emelyanov 472e4a2d5c2SPavel Emelyanov net->ipv6.sysctl.frags_hdr = hdr; 473e4a2d5c2SPavel Emelyanov return 0; 474e4a2d5c2SPavel Emelyanov 475e4a2d5c2SPavel Emelyanov err_reg: 47609ad9bc7SOctavian Purdila if (!net_eq(net, &init_net)) 477e4a2d5c2SPavel Emelyanov kfree(table); 478e4a2d5c2SPavel Emelyanov err_alloc: 479e4a2d5c2SPavel Emelyanov return -ENOMEM; 480e4a2d5c2SPavel Emelyanov } 481e4a2d5c2SPavel Emelyanov 4822c8c1e72SAlexey Dobriyan static void __net_exit ip6_frags_ns_sysctl_unregister(struct net *net) 483e4a2d5c2SPavel Emelyanov { 484e4a2d5c2SPavel Emelyanov struct ctl_table *table; 485e4a2d5c2SPavel Emelyanov 486e4a2d5c2SPavel Emelyanov table = net->ipv6.sysctl.frags_hdr->ctl_table_arg; 487e4a2d5c2SPavel Emelyanov unregister_net_sysctl_table(net->ipv6.sysctl.frags_hdr); 4883705e11aSYang Hongyang if (!net_eq(net, &init_net)) 489e4a2d5c2SPavel Emelyanov kfree(table); 4908d8354d2SPavel Emelyanov } 4917d291ebbSPavel Emelyanov 4927d291ebbSPavel Emelyanov static struct ctl_table_header *ip6_ctl_header; 4937d291ebbSPavel Emelyanov 4947d291ebbSPavel Emelyanov static int ip6_frags_sysctl_register(void) 4957d291ebbSPavel Emelyanov { 49643444757SEric W. Biederman ip6_ctl_header = register_net_sysctl(&init_net, "net/ipv6", 4977d291ebbSPavel Emelyanov ip6_frags_ctl_table); 4987d291ebbSPavel Emelyanov return ip6_ctl_header == NULL ? -ENOMEM : 0; 4997d291ebbSPavel Emelyanov } 5007d291ebbSPavel Emelyanov 5017d291ebbSPavel Emelyanov static void ip6_frags_sysctl_unregister(void) 5027d291ebbSPavel Emelyanov { 5037d291ebbSPavel Emelyanov unregister_net_sysctl_table(ip6_ctl_header); 5047d291ebbSPavel Emelyanov } 5058d8354d2SPavel Emelyanov #else 506fc08c258SFabian Frederick static int ip6_frags_ns_sysctl_register(struct net *net) 5078d8354d2SPavel Emelyanov { 5088d8354d2SPavel Emelyanov return 0; 5098d8354d2SPavel Emelyanov } 510e4a2d5c2SPavel Emelyanov 511fc08c258SFabian Frederick static void ip6_frags_ns_sysctl_unregister(struct net *net) 512e4a2d5c2SPavel Emelyanov { 513e4a2d5c2SPavel Emelyanov } 5147d291ebbSPavel Emelyanov 515fc08c258SFabian Frederick static int ip6_frags_sysctl_register(void) 5167d291ebbSPavel Emelyanov { 5177d291ebbSPavel Emelyanov return 0; 5187d291ebbSPavel Emelyanov } 5197d291ebbSPavel Emelyanov 520fc08c258SFabian Frederick static void ip6_frags_sysctl_unregister(void) 5217d291ebbSPavel Emelyanov { 5227d291ebbSPavel Emelyanov } 5238d8354d2SPavel Emelyanov #endif 5248d8354d2SPavel Emelyanov 5252c8c1e72SAlexey Dobriyan static int __net_init ipv6_frags_init_net(struct net *net) 5268d8354d2SPavel Emelyanov { 527787bea77SEric Dumazet int res; 528787bea77SEric Dumazet 529a39aca67SEric Dumazet res = fqdir_init(&net->ipv6.fqdir, &ip6_frags, net); 530787bea77SEric Dumazet if (res < 0) 531787bea77SEric Dumazet return res; 5325a63643eSJesper Dangaard Brouer 5334907abc6SEric Dumazet net->ipv6.fqdir->high_thresh = IPV6_FRAG_HIGH_THRESH; 5344907abc6SEric Dumazet net->ipv6.fqdir->low_thresh = IPV6_FRAG_LOW_THRESH; 5354907abc6SEric Dumazet net->ipv6.fqdir->timeout = IPV6_FRAG_TIMEOUT; 5364907abc6SEric Dumazet 537787bea77SEric Dumazet res = ip6_frags_ns_sysctl_register(net); 538787bea77SEric Dumazet if (res < 0) 5394907abc6SEric Dumazet fqdir_exit(net->ipv6.fqdir); 540787bea77SEric Dumazet return res; 541e71e0349SDaniel Lezcano } 542e71e0349SDaniel Lezcano 543d5dd8879SEric Dumazet static void __net_exit ipv6_frags_pre_exit_net(struct net *net) 544d5dd8879SEric Dumazet { 545d5dd8879SEric Dumazet fqdir_pre_exit(net->ipv6.fqdir); 546d5dd8879SEric Dumazet } 547d5dd8879SEric Dumazet 5482c8c1e72SAlexey Dobriyan static void __net_exit ipv6_frags_exit_net(struct net *net) 54981566e83SPavel Emelyanov { 5500a64b4b8SPavel Emelyanov ip6_frags_ns_sysctl_unregister(net); 5514907abc6SEric Dumazet fqdir_exit(net->ipv6.fqdir); 55281566e83SPavel Emelyanov } 55381566e83SPavel Emelyanov 55481566e83SPavel Emelyanov static struct pernet_operations ip6_frags_ops = { 55581566e83SPavel Emelyanov .init = ipv6_frags_init_net, 556d5dd8879SEric Dumazet .pre_exit = ipv6_frags_pre_exit_net, 55781566e83SPavel Emelyanov .exit = ipv6_frags_exit_net, 55881566e83SPavel Emelyanov }; 55981566e83SPavel Emelyanov 56070b095c8SFlorian Westphal static const struct rhashtable_params ip6_rhash_params = { 561648700f7SEric Dumazet .head_offset = offsetof(struct inet_frag_queue, node), 56270b095c8SFlorian Westphal .hashfn = ip6frag_key_hashfn, 56370b095c8SFlorian Westphal .obj_hashfn = ip6frag_obj_hashfn, 56470b095c8SFlorian Westphal .obj_cmpfn = ip6frag_obj_cmpfn, 565648700f7SEric Dumazet .automatic_shrinking = true, 566648700f7SEric Dumazet }; 567648700f7SEric Dumazet 568853cbbaaSDaniel Lezcano int __init ipv6_frag_init(void) 5691da177e4SLinus Torvalds { 570853cbbaaSDaniel Lezcano int ret; 5711da177e4SLinus Torvalds 57270b095c8SFlorian Westphal ip6_frags.constructor = ip6frag_init; 573c9547709SPavel Emelyanov ip6_frags.destructor = NULL; 5741e4b8287SPavel Emelyanov ip6_frags.qsize = sizeof(struct frag_queue); 575e521db9dSPavel Emelyanov ip6_frags.frag_expire = ip6_frag_expire; 576d4ad4d22SNikolay Aleksandrov ip6_frags.frags_cache_name = ip6_frag_cache_name; 577648700f7SEric Dumazet ip6_frags.rhash_params = ip6_rhash_params; 578d4ad4d22SNikolay Aleksandrov ret = inet_frags_init(&ip6_frags); 579d4ad4d22SNikolay Aleksandrov if (ret) 5805b975babSEric Dumazet goto out; 5815b975babSEric Dumazet 5825b975babSEric Dumazet ret = inet6_add_protocol(&frag_protocol, IPPROTO_FRAGMENT); 5835b975babSEric Dumazet if (ret) 5845b975babSEric Dumazet goto err_protocol; 5855b975babSEric Dumazet 5865b975babSEric Dumazet ret = ip6_frags_sysctl_register(); 5875b975babSEric Dumazet if (ret) 5885b975babSEric Dumazet goto err_sysctl; 5895b975babSEric Dumazet 5905b975babSEric Dumazet ret = register_pernet_subsys(&ip6_frags_ops); 5915b975babSEric Dumazet if (ret) 592d4ad4d22SNikolay Aleksandrov goto err_pernet; 5935b975babSEric Dumazet 594853cbbaaSDaniel Lezcano out: 595853cbbaaSDaniel Lezcano return ret; 5960002c630SPavel Emelyanov 5970002c630SPavel Emelyanov err_pernet: 5987d291ebbSPavel Emelyanov ip6_frags_sysctl_unregister(); 5997d291ebbSPavel Emelyanov err_sysctl: 6000002c630SPavel Emelyanov inet6_del_protocol(&frag_protocol, IPPROTO_FRAGMENT); 6015b975babSEric Dumazet err_protocol: 6025b975babSEric Dumazet inet_frags_fini(&ip6_frags); 6030002c630SPavel Emelyanov goto out; 604853cbbaaSDaniel Lezcano } 605853cbbaaSDaniel Lezcano 606853cbbaaSDaniel Lezcano void ipv6_frag_exit(void) 607853cbbaaSDaniel Lezcano { 6087d291ebbSPavel Emelyanov ip6_frags_sysctl_unregister(); 60981566e83SPavel Emelyanov unregister_pernet_subsys(&ip6_frags_ops); 610853cbbaaSDaniel Lezcano inet6_del_protocol(&frag_protocol, IPPROTO_FRAGMENT); 611ae7352d3SEric Dumazet inet_frags_fini(&ip6_frags); 6121da177e4SLinus Torvalds } 613