search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Import 2.3.10pre5
[davej-history.git] / net / ipv4 / ip_input.c
blob107ccaa162e4274691f2d14f87f0ac910732b92b
1 /*
2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
5 *
6 * The Internet Protocol (IP) module.
7 *
8 * Version: $Id: ip_input.c,v 1.40 1999/06/09 10:10:55 davem Exp $
9 *
10 * Authors: Ross Biro, <bir7@leland.Stanford.Edu>
11 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12 * Donald Becker, <becker@super.org>
13 * Alan Cox, <Alan.Cox@linux.org>
14 * Richard Underwood
15 * Stefan Becker, <stefanb@yello.ping.de>
16 * Jorge Cwik, <jorge@laser.satlink.net>
17 * Arnt Gulbrandsen, <agulbra@nvg.unit.no>
18 *
19 *
20 * Fixes:
21 * Alan Cox : Commented a couple of minor bits of surplus code
22 * Alan Cox : Undefining IP_FORWARD doesn't include the code
23 * (just stops a compiler warning).
24 * Alan Cox : Frames with >=MAX_ROUTE record routes, strict routes or loose routes
25 * are junked rather than corrupting things.
26 * Alan Cox : Frames to bad broadcast subnets are dumped
27 * We used to process them non broadcast and
28 * boy could that cause havoc.
29 * Alan Cox : ip_forward sets the free flag on the
30 * new frame it queues. Still crap because
31 * it copies the frame but at least it
32 * doesn't eat memory too.
33 * Alan Cox : Generic queue code and memory fixes.
34 * Fred Van Kempen : IP fragment support (borrowed from NET2E)
35 * Gerhard Koerting: Forward fragmented frames correctly.
36 * Gerhard Koerting: Fixes to my fix of the above 8-).
37 * Gerhard Koerting: IP interface addressing fix.
38 * Linus Torvalds : More robustness checks
39 * Alan Cox : Even more checks: Still not as robust as it ought to be
40 * Alan Cox : Save IP header pointer for later
41 * Alan Cox : ip option setting
42 * Alan Cox : Use ip_tos/ip_ttl settings
43 * Alan Cox : Fragmentation bogosity removed
44 * (Thanks to Mark.Bush@prg.ox.ac.uk)
45 * Dmitry Gorodchanin : Send of a raw packet crash fix.
46 * Alan Cox : Silly ip bug when an overlength
47 * fragment turns up. Now frees the
48 * queue.
49 * Linus Torvalds/ : Memory leakage on fragmentation
50 * Alan Cox : handling.
51 * Gerhard Koerting: Forwarding uses IP priority hints
52 * Teemu Rantanen : Fragment problems.
53 * Alan Cox : General cleanup, comments and reformat
54 * Alan Cox : SNMP statistics
55 * Alan Cox : BSD address rule semantics. Also see
56 * UDP as there is a nasty checksum issue
57 * if you do things the wrong way.
58 * Alan Cox : Always defrag, moved IP_FORWARD to the config.in file
59 * Alan Cox : IP options adjust sk->priority.
60 * Pedro Roque : Fix mtu/length error in ip_forward.
61 * Alan Cox : Avoid ip_chk_addr when possible.
62 * Richard Underwood : IP multicasting.
63 * Alan Cox : Cleaned up multicast handlers.
64 * Alan Cox : RAW sockets demultiplex in the BSD style.
65 * Gunther Mayer : Fix the SNMP reporting typo
66 * Alan Cox : Always in group 224.0.0.1
67 * Pauline Middelink : Fast ip_checksum update when forwarding
68 * Masquerading support.
69 * Alan Cox : Multicast loopback error for 224.0.0.1
70 * Alan Cox : IP_MULTICAST_LOOP option.
71 * Alan Cox : Use notifiers.
72 * Bjorn Ekwall : Removed ip_csum (from slhc.c too)
73 * Bjorn Ekwall : Moved ip_fast_csum to ip.h (inline!)
74 * Stefan Becker : Send out ICMP HOST REDIRECT
75 * Arnt Gulbrandsen : ip_build_xmit
76 * Alan Cox : Per socket routing cache
77 * Alan Cox : Fixed routing cache, added header cache.
78 * Alan Cox : Loopback didn't work right in original ip_build_xmit - fixed it.
79 * Alan Cox : Only send ICMP_REDIRECT if src/dest are the same net.
80 * Alan Cox : Incoming IP option handling.
81 * Alan Cox : Set saddr on raw output frames as per BSD.
82 * Alan Cox : Stopped broadcast source route explosions.
83 * Alan Cox : Can disable source routing
84 * Takeshi Sone : Masquerading didn't work.
85 * Dave Bonn,Alan Cox : Faster IP forwarding whenever possible.
86 * Alan Cox : Memory leaks, tramples, misc debugging.
87 * Alan Cox : Fixed multicast (by popular demand 8))
88 * Alan Cox : Fixed forwarding (by even more popular demand 8))
89 * Alan Cox : Fixed SNMP statistics [I think]
90 * Gerhard Koerting : IP fragmentation forwarding fix
91 * Alan Cox : Device lock against page fault.
92 * Alan Cox : IP_HDRINCL facility.
93 * Werner Almesberger : Zero fragment bug
94 * Alan Cox : RAW IP frame length bug
95 * Alan Cox : Outgoing firewall on build_xmit
96 * A.N.Kuznetsov : IP_OPTIONS support throughout the kernel
97 * Alan Cox : Multicast routing hooks
98 * Jos Vos : Do accounting *before* call_in_firewall
99 * Willy Konynenberg : Transparent proxying support
100 *
101 *
102 *
103 * To Fix:
104 * IP fragmentation wants rewriting cleanly. The RFC815 algorithm is much more efficient
105 * and could be made very efficient with the addition of some virtual memory hacks to permit
106 * the allocation of a buffer that can then be 'grown' by twiddling page tables.
107 * Output fragmentation wants updating along with the buffer management to use a single
108 * interleaved copy algorithm so that fragmenting has a one copy overhead. Actual packet
109 * output should probably do its own fragmentation at the UDP/RAW layer. TCP shouldn't cause
110 * fragmentation anyway.
111 *
112 * This program is free software; you can redistribute it and/or
113 * modify it under the terms of the GNU General Public License
114 * as published by the Free Software Foundation; either version
115 * 2 of the License, or (at your option) any later version.
116 */
117
118 #include <asm/system.h>
119 #include <linux/types.h>
120 #include <linux/kernel.h>
121 #include <linux/string.h>
122 #include <linux/errno.h>
123 #include <linux/config.h>
124
125 #include <linux/net.h>
126 #include <linux/socket.h>
127 #include <linux/sockios.h>
128 #include <linux/in.h>
129 #include <linux/inet.h>
130 #include <linux/netdevice.h>
131 #include <linux/etherdevice.h>
132
133 #include <net/snmp.h>
134 #include <net/ip.h>
135 #include <net/protocol.h>
136 #include <net/route.h>
137 #include <linux/skbuff.h>
138 #include <net/sock.h>
139 #include <net/arp.h>
140 #include <net/icmp.h>
141 #include <net/raw.h>
142 #include <net/checksum.h>
143 #include <linux/ip_fw.h>
144 #ifdef CONFIG_IP_MASQUERADE
145 #include <net/ip_masq.h>
146 #endif
147 #include <linux/firewall.h>
148 #include <linux/mroute.h>
149 #include <linux/netlink.h>
150
151 /*
152 * SNMP management statistics
153 */
154
155 struct ip_mib ip_statistics={2,IPDEFTTL,}; /* Forwarding=No, Default TTL=64 */
156
157 #if defined(CONFIG_IP_TRANSPARENT_PROXY) && !defined(CONFIG_IP_ALWAYS_DEFRAG)
158 #define CONFIG_IP_ALWAYS_DEFRAG 1
159 #endif
160
161 /*
162 * Process Router Attention IP option
163 */
164 int ip_call_ra_chain(struct sk_buff *skb)
165 {
166 struct ip_ra_chain *ra;
167 u8 protocol = skb->nh.iph->protocol;
168 struct sock *last = NULL;
169
170 for (ra = ip_ra_chain; ra; ra = ra->next) {
171 struct sock *sk = ra->sk;
172 if (sk && sk->num == protocol) {
173 if (skb->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
174 skb = ip_defrag(skb);
175 if (skb == NULL)
176 return 1;
177 }
178 if (last) {
179 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
180 if (skb2)
181 raw_rcv(last, skb2);
182 }
183 last = sk;
184 }
185 }
186
187 if (last) {
188 raw_rcv(last, skb);
189 return 1;
190 }
191 return 0;
192 }
193
194 /* Handle this out of line, it is rare. */
195 static int ip_run_ipprot(struct sk_buff *skb, struct iphdr *iph,
196 struct inet_protocol *ipprot, int force_copy)
197 {
198 int ret = 0;
199
200 do {
201 if (ipprot->protocol == iph->protocol) {
202 struct sk_buff *skb2 = skb;
203 if (ipprot->copy || force_copy)
204 skb2 = skb_clone(skb, GFP_ATOMIC);
205 if(skb2 != NULL) {
206 ret = 1;
207 ipprot->handler(skb2,
208 ntohs(iph->tot_len) - (iph->ihl * 4));
209 }
210 }
211 ipprot = (struct inet_protocol *) ipprot->next;
212 } while(ipprot != NULL);
213
214 return ret;
215 }
216
217 extern struct sock *raw_v4_input(struct sk_buff *, struct iphdr *, int);
218
219 /*
220 * Deliver IP Packets to the higher protocol layers.
221 */
222 int ip_local_deliver(struct sk_buff *skb)
223 {
224 struct iphdr *iph = skb->nh.iph;
225
226 #ifndef CONFIG_IP_ALWAYS_DEFRAG
227 /*
228 * Reassemble IP fragments.
229 */
230
231 if (iph->frag_off & htons(IP_MF|IP_OFFSET)) {
232 skb = ip_defrag(skb);
233 if (!skb)
234 return 0;
235 iph = skb->nh.iph;
236 }
237 #endif
238
239 #ifdef CONFIG_IP_MASQUERADE
240 /* Do we need to de-masquerade this packet? */
241 if((IPCB(skb)->flags&IPSKB_MASQUERADED)) {
242 /* Some masq modules can re-inject packets if
243 * bad configured.
244 */
245 printk(KERN_DEBUG "ip_input(): demasq recursion detected. "
246 "Check masq modules configuration\n");
247 kfree_skb(skb);
248 return 0;
249 } else {
250 int ret = ip_fw_demasquerade(&skb);
251
252 if (ret < 0) {
253 kfree_skb(skb);
254 return 0;
255 }
256 if (ret) {
257 iph = skb->nh.iph;
258 IPCB(skb)->flags |= IPSKB_MASQUERADED;
259 dst_release(skb->dst);
260 skb->dst = NULL;
261 if (ip_route_input(skb, iph->daddr, iph->saddr,
262 iph->tos, skb->dev)) {
263 kfree_skb(skb);
264 return 0;
265 }
266 return skb->dst->input(skb);
267 }
268 }
269 #endif
270
271 /* Point into the IP datagram, just past the header. */
272 skb->h.raw = skb->nh.raw + iph->ihl*4;
273
274 {
275 /* Note: See raw.c and net/raw.h, RAWV4_HTABLE_SIZE==MAX_INET_PROTOS */
276 int hash = iph->protocol & (MAX_INET_PROTOS - 1);
277 struct sock *raw_sk = raw_v4_htable[hash];
278 struct inet_protocol *ipprot;
279 int flag;
280
281 /* If there maybe a raw socket we must check - if not we
282 * don't care less
283 */
284 if(raw_sk != NULL)
285 raw_sk = raw_v4_input(skb, iph, hash);
286
287 ipprot = (struct inet_protocol *) inet_protos[hash];
288 flag = 0;
289 if(ipprot != NULL) {
290 if(raw_sk == NULL &&
291 ipprot->next == NULL &&
292 ipprot->protocol == iph->protocol) {
293 /* Fast path... */
294 return ipprot->handler(skb, (ntohs(iph->tot_len) -
295 (iph->ihl * 4)));
296 } else {
297 flag = ip_run_ipprot(skb, iph, ipprot, (raw_sk != NULL));
298 }
299 }
300
301 /* All protocols checked.
302 * If this packet was a broadcast, we may *not* reply to it, since that
303 * causes (proven, grin) ARP storms and a leakage of memory (i.e. all
304 * ICMP reply messages get queued up for transmission...)
305 */
306 if(raw_sk != NULL) { /* Shift to last raw user */
307 raw_rcv(raw_sk, skb);
308 } else if (!flag) { /* Free and report errors */
309 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PROT_UNREACH, 0);
310 kfree_skb(skb);
311 }
312 }
313
314 return 0;
315 }
316
317 /*
318 * Main IP Receive routine.
319 */
320 int ip_rcv(struct sk_buff *skb, struct device *dev, struct packet_type *pt)
321 {
322 struct iphdr *iph = skb->nh.iph;
323 #ifdef CONFIG_FIREWALL
324 int fwres;
325 u16 rport;
326 #endif /* CONFIG_FIREWALL */
327
328 /* When the interface is in promisc. mode, drop all the crap
329 * that it receives, do not try to analyse it.
330 */
331 if (skb->pkt_type == PACKET_OTHERHOST)
332 goto drop;
333
334 ip_statistics.IpInReceives++;
335
336 /*
337 * RFC1122: 3.1.2.2 MUST silently discard any IP frame that fails the checksum.
338 *
339 * Is the datagram acceptable?
340 *
341 * 1. Length at least the size of an ip header
342 * 2. Version of 4
343 * 3. Checksums correctly. [Speed optimisation for later, skip loopback checksums]
344 * 4. Doesn't have a bogus length
345 */
346
347 if (skb->len < sizeof(struct iphdr))
348 goto inhdr_error;
349 if (iph->ihl < 5 || iph->version != 4 || ip_fast_csum((u8 *)iph, iph->ihl) != 0)
350 goto inhdr_error;
351
352 {
353 __u32 len = ntohs(iph->tot_len);
354 if (skb->len < len)
355 goto inhdr_error;
356
357 /* Our transport medium may have padded the buffer out. Now we know it
358 * is IP we can trim to the true length of the frame.
359 * Note this now means skb->len holds ntohs(iph->tot_len).
360 */
361 __skb_trim(skb, len);
362 }
363
364 #ifdef CONFIG_IP_ALWAYS_DEFRAG
365 /* Won't send ICMP reply, since skb->dst == NULL. --RR */
366 if (iph->frag_off & htons(IP_MF|IP_OFFSET)) {
367 skb = ip_defrag(skb);
368 if (!skb)
369 return 0;
370 iph = skb->nh.iph;
371 ip_send_check(iph);
372 }
373 #endif
374
375 #ifdef CONFIG_FIREWALL
376 /*
377 * See if the firewall wants to dispose of the packet.
378 *
379 * We can't do ICMP reply or local delivery before routing,
380 * so we delay those decisions until after route. --RR
381 */
382 fwres = call_in_firewall(PF_INET, dev, iph, &rport, &skb);
383 if (fwres < FW_ACCEPT && fwres != FW_REJECT)
384 goto drop;
385 iph = skb->nh.iph;
386 #endif /* CONFIG_FIREWALL */
387
388 /*
389 * Initialise the virtual path cache for the packet. It describes
390 * how the packet travels inside Linux networking.
391 */
392 if (skb->dst == NULL) {
393 if (ip_route_input(skb, iph->daddr, iph->saddr, iph->tos, dev))
394 goto drop;
395 }
396
397 #ifdef CONFIG_NET_CLS_ROUTE
398 if (skb->dst->tclassid) {
399 u32 idx = skb->dst->tclassid;
400 write_lock(&ip_rt_acct_lock);
401 ip_rt_acct[idx&0xFF].o_packets++;
402 ip_rt_acct[idx&0xFF].o_bytes+=skb->len;
403 ip_rt_acct[(idx>>16)&0xFF].i_packets++;
404 ip_rt_acct[(idx>>16)&0xFF].i_bytes+=skb->len;
405 write_unlock(&ip_rt_acct_lock);
406 }
407 #endif
408
409 if (iph->ihl > 5) {
410 struct ip_options *opt;
411
412 /* It looks as overkill, because not all
413 IP options require packet mangling.
414 But it is the easiest for now, especially taking
415 into account that combination of IP options
416 and running sniffer is extremely rare condition.
417 --ANK (980813)
418 */
419
420 skb = skb_cow(skb, skb_headroom(skb));
421 if (skb == NULL)
422 return 0;
423 iph = skb->nh.iph;
424
425 skb->ip_summed = 0;
426 if (ip_options_compile(NULL, skb))
427 goto inhdr_error;
428
429 opt = &(IPCB(skb)->opt);
430 if (opt->srr) {
431 struct in_device *in_dev = dev->ip_ptr;
432 if (in_dev && !IN_DEV_SOURCE_ROUTE(in_dev)) {
433 if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit())
434 printk(KERN_INFO "source route option %d.%d.%d.%d -> %d.%d.%d.%d\n",
435 NIPQUAD(iph->saddr), NIPQUAD(iph->daddr));
436 goto drop;
437 }
438 if (ip_options_rcv_srr(skb))
439 goto drop;
440 }
441 }
442
443 #ifdef CONFIG_FIREWALL
444 #ifdef CONFIG_IP_TRANSPARENT_PROXY
445 if (fwres == FW_REDIRECT && (IPCB(skb)->redirport = rport) != 0)
446 return ip_local_deliver(skb);
447 #endif /* CONFIG_IP_TRANSPARENT_PROXY */
448
449 if (fwres == FW_REJECT) {
450 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
451 goto drop;
452 }
453 #endif /* CONFIG_FIREWALL */
454
455 return skb->dst->input(skb);
456
457 inhdr_error:
458 ip_statistics.IpInHdrErrors++;
459 drop:
460 kfree_skb(skb);
461 return(0);
462 }
463
Copy of Dave Jones history.git as used by http://archive.org/details/git-history-of-linux