search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
pre-2.3.4..
[davej-history.git] / net / ipv4 / ip_input.c
blob7a3e2618bd90b952f1302331868e463f5502a3d7
1 /*
2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
5 *
6 * The Internet Protocol (IP) module.
7 *
8 * Version: $Id: ip_input.c,v 1.37 1999/04/22 10:38:36 davem Exp $
9 *
10 * Authors: Ross Biro, <bir7@leland.Stanford.Edu>
11 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12 * Donald Becker, <becker@super.org>
13 * Alan Cox, <Alan.Cox@linux.org>
14 * Richard Underwood
15 * Stefan Becker, <stefanb@yello.ping.de>
16 * Jorge Cwik, <jorge@laser.satlink.net>
17 * Arnt Gulbrandsen, <agulbra@nvg.unit.no>
18 *
19 *
20 * Fixes:
21 * Alan Cox : Commented a couple of minor bits of surplus code
22 * Alan Cox : Undefining IP_FORWARD doesn't include the code
23 * (just stops a compiler warning).
24 * Alan Cox : Frames with >=MAX_ROUTE record routes, strict routes or loose routes
25 * are junked rather than corrupting things.
26 * Alan Cox : Frames to bad broadcast subnets are dumped
27 * We used to process them non broadcast and
28 * boy could that cause havoc.
29 * Alan Cox : ip_forward sets the free flag on the
30 * new frame it queues. Still crap because
31 * it copies the frame but at least it
32 * doesn't eat memory too.
33 * Alan Cox : Generic queue code and memory fixes.
34 * Fred Van Kempen : IP fragment support (borrowed from NET2E)
35 * Gerhard Koerting: Forward fragmented frames correctly.
36 * Gerhard Koerting: Fixes to my fix of the above 8-).
37 * Gerhard Koerting: IP interface addressing fix.
38 * Linus Torvalds : More robustness checks
39 * Alan Cox : Even more checks: Still not as robust as it ought to be
40 * Alan Cox : Save IP header pointer for later
41 * Alan Cox : ip option setting
42 * Alan Cox : Use ip_tos/ip_ttl settings
43 * Alan Cox : Fragmentation bogosity removed
44 * (Thanks to Mark.Bush@prg.ox.ac.uk)
45 * Dmitry Gorodchanin : Send of a raw packet crash fix.
46 * Alan Cox : Silly ip bug when an overlength
47 * fragment turns up. Now frees the
48 * queue.
49 * Linus Torvalds/ : Memory leakage on fragmentation
50 * Alan Cox : handling.
51 * Gerhard Koerting: Forwarding uses IP priority hints
52 * Teemu Rantanen : Fragment problems.
53 * Alan Cox : General cleanup, comments and reformat
54 * Alan Cox : SNMP statistics
55 * Alan Cox : BSD address rule semantics. Also see
56 * UDP as there is a nasty checksum issue
57 * if you do things the wrong way.
58 * Alan Cox : Always defrag, moved IP_FORWARD to the config.in file
59 * Alan Cox : IP options adjust sk->priority.
60 * Pedro Roque : Fix mtu/length error in ip_forward.
61 * Alan Cox : Avoid ip_chk_addr when possible.
62 * Richard Underwood : IP multicasting.
63 * Alan Cox : Cleaned up multicast handlers.
64 * Alan Cox : RAW sockets demultiplex in the BSD style.
65 * Gunther Mayer : Fix the SNMP reporting typo
66 * Alan Cox : Always in group 224.0.0.1
67 * Pauline Middelink : Fast ip_checksum update when forwarding
68 * Masquerading support.
69 * Alan Cox : Multicast loopback error for 224.0.0.1
70 * Alan Cox : IP_MULTICAST_LOOP option.
71 * Alan Cox : Use notifiers.
72 * Bjorn Ekwall : Removed ip_csum (from slhc.c too)
73 * Bjorn Ekwall : Moved ip_fast_csum to ip.h (inline!)
74 * Stefan Becker : Send out ICMP HOST REDIRECT
75 * Arnt Gulbrandsen : ip_build_xmit
76 * Alan Cox : Per socket routing cache
77 * Alan Cox : Fixed routing cache, added header cache.
78 * Alan Cox : Loopback didn't work right in original ip_build_xmit - fixed it.
79 * Alan Cox : Only send ICMP_REDIRECT if src/dest are the same net.
80 * Alan Cox : Incoming IP option handling.
81 * Alan Cox : Set saddr on raw output frames as per BSD.
82 * Alan Cox : Stopped broadcast source route explosions.
83 * Alan Cox : Can disable source routing
84 * Takeshi Sone : Masquerading didn't work.
85 * Dave Bonn,Alan Cox : Faster IP forwarding whenever possible.
86 * Alan Cox : Memory leaks, tramples, misc debugging.
87 * Alan Cox : Fixed multicast (by popular demand 8))
88 * Alan Cox : Fixed forwarding (by even more popular demand 8))
89 * Alan Cox : Fixed SNMP statistics [I think]
90 * Gerhard Koerting : IP fragmentation forwarding fix
91 * Alan Cox : Device lock against page fault.
92 * Alan Cox : IP_HDRINCL facility.
93 * Werner Almesberger : Zero fragment bug
94 * Alan Cox : RAW IP frame length bug
95 * Alan Cox : Outgoing firewall on build_xmit
96 * A.N.Kuznetsov : IP_OPTIONS support throughout the kernel
97 * Alan Cox : Multicast routing hooks
98 * Jos Vos : Do accounting *before* call_in_firewall
99 * Willy Konynenberg : Transparent proxying support
100 *
101 *
102 *
103 * To Fix:
104 * IP fragmentation wants rewriting cleanly. The RFC815 algorithm is much more efficient
105 * and could be made very efficient with the addition of some virtual memory hacks to permit
106 * the allocation of a buffer that can then be 'grown' by twiddling page tables.
107 * Output fragmentation wants updating along with the buffer management to use a single
108 * interleaved copy algorithm so that fragmenting has a one copy overhead. Actual packet
109 * output should probably do its own fragmentation at the UDP/RAW layer. TCP shouldn't cause
110 * fragmentation anyway.
111 *
112 * This program is free software; you can redistribute it and/or
113 * modify it under the terms of the GNU General Public License
114 * as published by the Free Software Foundation; either version
115 * 2 of the License, or (at your option) any later version.
116 */
117
118 #include <asm/system.h>
119 #include <linux/types.h>
120 #include <linux/kernel.h>
121 #include <linux/string.h>
122 #include <linux/errno.h>
123 #include <linux/config.h>
124
125 #include <linux/net.h>
126 #include <linux/socket.h>
127 #include <linux/sockios.h>
128 #include <linux/in.h>
129 #include <linux/inet.h>
130 #include <linux/netdevice.h>
131 #include <linux/etherdevice.h>
132
133 #include <net/snmp.h>
134 #include <net/ip.h>
135 #include <net/protocol.h>
136 #include <net/route.h>
137 #include <linux/skbuff.h>
138 #include <net/sock.h>
139 #include <net/arp.h>
140 #include <net/icmp.h>
141 #include <net/raw.h>
142 #include <net/checksum.h>
143 #include <linux/ip_fw.h>
144 #ifdef CONFIG_IP_MASQUERADE
145 #include <net/ip_masq.h>
146 #endif
147 #include <linux/firewall.h>
148 #include <linux/mroute.h>
149 #include <linux/netlink.h>
150
151 /*
152 * SNMP management statistics
153 */
154
155 struct ip_mib ip_statistics={2,IPDEFTTL,}; /* Forwarding=No, Default TTL=64 */
156
157
158 /*
159 * Handle the issuing of an ioctl() request
160 * for the ip device. This is scheduled to
161 * disappear
162 */
163
164 int ip_ioctl(struct sock *sk, int cmd, unsigned long arg)
165 {
166 switch(cmd)
167 {
168 default:
169 return(-EINVAL);
170 }
171 }
172
173
174 #if defined(CONFIG_IP_TRANSPARENT_PROXY) && !defined(CONFIG_IP_ALWAYS_DEFRAG)
175 #define CONFIG_IP_ALWAYS_DEFRAG 1
176 #endif
177
178 /*
179 * 0 - deliver
180 * 1 - block
181 */
182 static __inline__ int icmp_filter(struct sock *sk, struct sk_buff *skb)
183 {
184 int type;
185
186 type = skb->h.icmph->type;
187 if (type < 32)
188 return test_bit(type, &sk->tp_pinfo.tp_raw4.filter);
189
190 /* Do not block unknown ICMP types */
191 return 0;
192 }
193
194 /*
195 * Process Router Attention IP option
196 */
197 int ip_call_ra_chain(struct sk_buff *skb)
198 {
199 struct ip_ra_chain *ra;
200 u8 protocol = skb->nh.iph->protocol;
201 struct sock *last = NULL;
202
203 for (ra = ip_ra_chain; ra; ra = ra->next) {
204 struct sock *sk = ra->sk;
205 if (sk && sk->num == protocol) {
206 if (skb->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
207 skb = ip_defrag(skb);
208 if (skb == NULL)
209 return 1;
210 }
211 if (last) {
212 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
213 if (skb2)
214 raw_rcv(last, skb2);
215 }
216 last = sk;
217 }
218 }
219
220 if (last) {
221 raw_rcv(last, skb);
222 return 1;
223 }
224 return 0;
225 }
226
227 /*
228 * Deliver IP Packets to the higher protocol layers.
229 */
230 int ip_local_deliver(struct sk_buff *skb)
231 {
232 struct iphdr *iph = skb->nh.iph;
233 struct inet_protocol *ipprot;
234 struct sock *raw_sk=NULL;
235 unsigned char hash;
236 int flag = 0;
237
238 #ifndef CONFIG_IP_ALWAYS_DEFRAG
239 /*
240 * Reassemble IP fragments.
241 */
242
243 if (iph->frag_off & htons(IP_MF|IP_OFFSET)) {
244 skb = ip_defrag(skb);
245 if (!skb)
246 return 0;
247 iph = skb->nh.iph;
248 }
249 #endif
250
251 #ifdef CONFIG_IP_MASQUERADE
252 /*
253 * Do we need to de-masquerade this packet?
254 */
255 {
256 int ret;
257 /*
258 * Some masq modules can re-inject packets if
259 * bad configured.
260 */
261
262 if((IPCB(skb)->flags&IPSKB_MASQUERADED)) {
263 printk(KERN_DEBUG "ip_input(): demasq recursion detected. Check masq modules configuration\n");
264 kfree_skb(skb);
265 return 0;
266 }
267
268 ret = ip_fw_demasquerade(&skb);
269 if (ret < 0) {
270 kfree_skb(skb);
271 return 0;
272 }
273
274 if (ret) {
275 iph=skb->nh.iph;
276 IPCB(skb)->flags |= IPSKB_MASQUERADED;
277 dst_release(skb->dst);
278 skb->dst = NULL;
279 if (ip_route_input(skb, iph->daddr, iph->saddr, iph->tos, skb->dev)) {
280 kfree_skb(skb);
281 return 0;
282 }
283 return skb->dst->input(skb);
284 }
285 }
286 #endif
287
288 /*
289 * Point into the IP datagram, just past the header.
290 */
291
292 skb->h.raw = skb->nh.raw + iph->ihl*4;
293
294 /*
295 * Deliver to raw sockets. This is fun as to avoid copies we want to make no
296 * surplus copies.
297 *
298 * RFC 1122: SHOULD pass TOS value up to the transport layer.
299 * -> It does. And not only TOS, but all IP header.
300 */
301
302 /* Note: See raw.c and net/raw.h, RAWV4_HTABLE_SIZE==MAX_INET_PROTOS */
303 hash = iph->protocol & (MAX_INET_PROTOS - 1);
304
305 /*
306 * If there maybe a raw socket we must check - if not we don't care less
307 */
308
309 if((raw_sk = raw_v4_htable[hash]) != NULL) {
310 struct sock *sknext = NULL;
311 struct sk_buff *skb1;
312 raw_sk = raw_v4_lookup(raw_sk, iph->protocol, iph->saddr, iph->daddr, skb->dev->ifindex);
313 if(raw_sk) { /* Any raw sockets */
314 do {
315 /* Find the next */
316 sknext = raw_v4_lookup(raw_sk->next, iph->protocol,
317 iph->saddr, iph->daddr, skb->dev->ifindex);
318 if (iph->protocol != IPPROTO_ICMP || !icmp_filter(raw_sk, skb)) {
319 if (sknext == NULL)
320 break;
321 skb1 = skb_clone(skb, GFP_ATOMIC);
322 if(skb1)
323 {
324 raw_rcv(raw_sk, skb1);
325 }
326 }
327 raw_sk = sknext;
328 } while(raw_sk!=NULL);
329
330 /* Here either raw_sk is the last raw socket, or NULL if
331 * none. We deliver to the last raw socket AFTER the
332 * protocol checks as it avoids a surplus copy.
333 */
334 }
335 }
336
337 /*
338 * skb->h.raw now points at the protocol beyond the IP header.
339 */
340
341 for (ipprot = (struct inet_protocol *)inet_protos[hash];ipprot != NULL;ipprot=(struct inet_protocol *)ipprot->next)
342 {
343 struct sk_buff *skb2;
344
345 if (ipprot->protocol != iph->protocol)
346 continue;
347 /*
348 * See if we need to make a copy of it. This will
349 * only be set if more than one protocol wants it.
350 * and then not for the last one. If there is a pending
351 * raw delivery wait for that
352 */
353
354 if (ipprot->copy || raw_sk)
355 {
356 skb2 = skb_clone(skb, GFP_ATOMIC);
357 if(skb2==NULL)
358 continue;
359 }
360 else
361 {
362 skb2 = skb;
363 }
364 flag = 1;
365
366 /*
367 * Pass on the datagram to each protocol that wants it,
368 * based on the datagram protocol. We should really
369 * check the protocol handler's return values here...
370 */
371
372 ipprot->handler(skb2, ntohs(iph->tot_len) - (iph->ihl * 4));
373 }
374
375 /*
376 * All protocols checked.
377 * If this packet was a broadcast, we may *not* reply to it, since that
378 * causes (proven, grin) ARP storms and a leakage of memory (i.e. all
379 * ICMP reply messages get queued up for transmission...)
380 */
381
382 if(raw_sk!=NULL) /* Shift to last raw user */
383 {
384 raw_rcv(raw_sk, skb);
385
386 }
387 else if (!flag) /* Free and report errors */
388 {
389 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PROT_UNREACH, 0);
390 kfree_skb(skb);
391 }
392
393 return(0);
394 }
395
396 /*
397 * Main IP Receive routine.
398 */
399 int ip_rcv(struct sk_buff *skb, struct device *dev, struct packet_type *pt)
400 {
401 struct iphdr *iph = skb->nh.iph;
402 #ifdef CONFIG_FIREWALL
403 int fwres;
404 u16 rport;
405 #endif /* CONFIG_FIREWALL */
406
407 /*
408 * When the interface is in promisc. mode, drop all the crap
409 * that it receives, do not try to analyse it.
410 */
411 if (skb->pkt_type == PACKET_OTHERHOST)
412 goto drop;
413
414 ip_statistics.IpInReceives++;
415
416 /*
417 * RFC1122: 3.1.2.2 MUST silently discard any IP frame that fails the checksum.
418 *
419 * Is the datagram acceptable?
420 *
421 * 1. Length at least the size of an ip header
422 * 2. Version of 4
423 * 3. Checksums correctly. [Speed optimisation for later, skip loopback checksums]
424 * 4. Doesn't have a bogus length
425 */
426
427 if (skb->len < sizeof(struct iphdr))
428 goto inhdr_error;
429 if (iph->ihl < 5 || iph->version != 4 || ip_fast_csum((u8 *)iph, iph->ihl) != 0)
430 goto inhdr_error;
431
432 {
433 __u32 len = ntohs(iph->tot_len);
434 if (skb->len < len)
435 goto inhdr_error;
436
437 /*
438 * Our transport medium may have padded the buffer out. Now we know it
439 * is IP we can trim to the true length of the frame.
440 * Note this now means skb->len holds ntohs(iph->tot_len).
441 */
442
443 __skb_trim(skb, len);
444 }
445
446 #ifdef CONFIG_IP_ALWAYS_DEFRAG
447 /* Won't send ICMP reply, since skb->dst == NULL. --RR */
448 if (iph->frag_off & htons(IP_MF|IP_OFFSET)) {
449 skb = ip_defrag(skb);
450 if (!skb)
451 return 0;
452 iph = skb->nh.iph;
453 ip_send_check(iph);
454 }
455 #endif
456
457 #ifdef CONFIG_FIREWALL
458 /*
459 * See if the firewall wants to dispose of the packet.
460 *
461 * We can't do ICMP reply or local delivery before routing,
462 * so we delay those decisions until after route. --RR
463 */
464 fwres = call_in_firewall(PF_INET, dev, iph, &rport, &skb);
465 if (fwres < FW_ACCEPT && fwres != FW_REJECT)
466 goto drop;
467 iph = skb->nh.iph;
468 #endif /* CONFIG_FIREWALL */
469
470 /*
471 * Initialise the virtual path cache for the packet. It describes
472 * how the packet travels inside Linux networking.
473 */
474 if (skb->dst == NULL) {
475 if (ip_route_input(skb, iph->daddr, iph->saddr, iph->tos, dev))
476 goto drop;
477 #ifdef CONFIG_CPU_IS_SLOW
478 if (net_cpu_congestion > 10 && !(iph->tos&IPTOS_RELIABILITY) &&
479 IPTOS_PREC(iph->tos) < IPTOS_PREC_INTERNETCONTROL) {
480 goto drop;
481 }
482 #endif
483 }
484
485 #ifdef CONFIG_NET_CLS_ROUTE
486 if (skb->dst->tclassid) {
487 u32 idx = skb->dst->tclassid;
488 ip_rt_acct[idx&0xFF].o_packets++;
489 ip_rt_acct[idx&0xFF].o_bytes+=skb->len;
490 ip_rt_acct[(idx>>16)&0xFF].i_packets++;
491 ip_rt_acct[(idx>>16)&0xFF].i_bytes+=skb->len;
492 }
493 #endif
494
495 if (iph->ihl > 5) {
496 struct ip_options *opt;
497
498 /* It looks as overkill, because not all
499 IP options require packet mangling.
500 But it is the easiest for now, especially taking
501 into account that combination of IP options
502 and running sniffer is extremely rare condition.
503 --ANK (980813)
504 */
505
506 skb = skb_cow(skb, skb_headroom(skb));
507 if (skb == NULL)
508 return 0;
509 iph = skb->nh.iph;
510
511 skb->ip_summed = 0;
512 if (ip_options_compile(NULL, skb))
513 goto inhdr_error;
514
515 opt = &(IPCB(skb)->opt);
516 if (opt->srr) {
517 struct in_device *in_dev = dev->ip_ptr;
518 if (in_dev && !IN_DEV_SOURCE_ROUTE(in_dev)) {
519 if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit())
520 printk(KERN_INFO "source route option %d.%d.%d.%d -> %d.%d.%d.%d\n",
521 NIPQUAD(iph->saddr), NIPQUAD(iph->daddr));
522 goto drop;
523 }
524 if (ip_options_rcv_srr(skb))
525 goto drop;
526 }
527 }
528
529 #ifdef CONFIG_FIREWALL
530 #ifdef CONFIG_IP_TRANSPARENT_PROXY
531 if (fwres == FW_REDIRECT && (IPCB(skb)->redirport = rport) != 0)
532 return ip_local_deliver(skb);
533 #endif /* CONFIG_IP_TRANSPARENT_PROXY */
534
535 if (fwres == FW_REJECT) {
536 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
537 goto drop;
538 }
539 #endif /* CONFIG_FIREWALL */
540
541 return skb->dst->input(skb);
542
543 inhdr_error:
544 ip_statistics.IpInHdrErrors++;
545 drop:
546 kfree_skb(skb);
547 return(0);
548 }
549
Copy of Dave Jones history.git as used by http://archive.org/details/git-history-of-linux