search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
cxgbe/t4_tom: Read the chip's DDP page sizes and save them in a
[freebsd-src.git] / sys / netinet / ip_options.c
blob3e44ffb7b7c9a197c4c8a1bae875829a67c77168
1 /*
2 * Copyright (c) 1982, 1986, 1988, 1993
3 * The Regents of the University of California.
4 * Copyright (c) 2005 Andre Oppermann, Internet Business Solutions AG.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 4. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
34
35 #include "opt_ipstealth.h"
36
37 #include <sys/param.h>
38 #include <sys/systm.h>
39 #include <sys/mbuf.h>
40 #include <sys/domain.h>
41 #include <sys/protosw.h>
42 #include <sys/socket.h>
43 #include <sys/time.h>
44 #include <sys/kernel.h>
45 #include <sys/syslog.h>
46 #include <sys/sysctl.h>
47
48 #include <net/if.h>
49 #include <net/if_types.h>
50 #include <net/if_var.h>
51 #include <net/if_dl.h>
52 #include <net/route.h>
53 #include <net/netisr.h>
54 #include <net/vnet.h>
55
56 #include <netinet/in.h>
57 #include <netinet/in_fib.h>
58 #include <netinet/in_systm.h>
59 #include <netinet/in_var.h>
60 #include <netinet/ip.h>
61 #include <netinet/in_pcb.h>
62 #include <netinet/ip_var.h>
63 #include <netinet/ip_options.h>
64 #include <netinet/ip_icmp.h>
65 #include <machine/in_cksum.h>
66
67 #include <sys/socketvar.h>
68
69 static VNET_DEFINE(int, ip_dosourceroute);
70 SYSCTL_INT(_net_inet_ip, IPCTL_SOURCEROUTE, sourceroute,
71 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip_dosourceroute), 0,
72 "Enable forwarding source routed IP packets");
73 #define V_ip_dosourceroute VNET(ip_dosourceroute)
74
75 static VNET_DEFINE(int, ip_acceptsourceroute);
76 SYSCTL_INT(_net_inet_ip, IPCTL_ACCEPTSOURCEROUTE, accept_sourceroute,
77 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip_acceptsourceroute), 0,
78 "Enable accepting source routed IP packets");
79 #define V_ip_acceptsourceroute VNET(ip_acceptsourceroute)
80
81 VNET_DEFINE(int, ip_doopts) = 1; /* 0 = ignore, 1 = process, 2 = reject */
82 SYSCTL_INT(_net_inet_ip, OID_AUTO, process_options, CTLFLAG_VNET | CTLFLAG_RW,
83 &VNET_NAME(ip_doopts), 0, "Enable IP options processing ([LS]SRR, RR, TS)");
84
85 static void save_rte(struct mbuf *m, u_char *, struct in_addr);
86
87 /*
88 * Do option processing on a datagram, possibly discarding it if bad options
89 * are encountered, or forwarding it if source-routed.
90 *
91 * The pass argument is used when operating in the IPSTEALTH mode to tell
92 * what options to process: [LS]SRR (pass 0) or the others (pass 1). The
93 * reason for as many as two passes is that when doing IPSTEALTH, non-routing
94 * options should be processed only if the packet is for us.
95 *
96 * Returns 1 if packet has been forwarded/freed, 0 if the packet should be
97 * processed further.
98 */
99 int
100 ip_dooptions(struct mbuf *m, int pass)
101 {
102 struct ip *ip = mtod(m, struct ip *);
103 u_char *cp;
104 struct in_ifaddr *ia;
105 int opt, optlen, cnt, off, code, type = ICMP_PARAMPROB, forward = 0;
106 struct in_addr *sin, dst;
107 uint32_t ntime;
108 struct nhop4_extended nh_ext;
109 struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET };
110
111 /* Ignore or reject packets with IP options. */
112 if (V_ip_doopts == 0)
113 return 0;
114 else if (V_ip_doopts == 2) {
115 type = ICMP_UNREACH;
116 code = ICMP_UNREACH_FILTER_PROHIB;
117 goto bad;
118 }
119
120 dst = ip->ip_dst;
121 cp = (u_char *)(ip + 1);
122 cnt = (ip->ip_hl << 2) - sizeof (struct ip);
123 for (; cnt > 0; cnt -= optlen, cp += optlen) {
124 opt = cp[IPOPT_OPTVAL];
125 if (opt == IPOPT_EOL)
126 break;
127 if (opt == IPOPT_NOP)
128 optlen = 1;
129 else {
130 if (cnt < IPOPT_OLEN + sizeof(*cp)) {
131 code = &cp[IPOPT_OLEN] - (u_char *)ip;
132 goto bad;
133 }
134 optlen = cp[IPOPT_OLEN];
135 if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt) {
136 code = &cp[IPOPT_OLEN] - (u_char *)ip;
137 goto bad;
138 }
139 }
140 switch (opt) {
141
142 default:
143 break;
144
145 /*
146 * Source routing with record. Find interface with current
147 * destination address. If none on this machine then drop if
148 * strictly routed, or do nothing if loosely routed. Record
149 * interface address and bring up next address component. If
150 * strictly routed make sure next address is on directly
151 * accessible net.
152 */
153 case IPOPT_LSRR:
154 case IPOPT_SSRR:
155 #ifdef IPSTEALTH
156 if (V_ipstealth && pass > 0)
157 break;
158 #endif
159 if (optlen < IPOPT_OFFSET + sizeof(*cp)) {
160 code = &cp[IPOPT_OLEN] - (u_char *)ip;
161 goto bad;
162 }
163 if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) {
164 code = &cp[IPOPT_OFFSET] - (u_char *)ip;
165 goto bad;
166 }
167 ipaddr.sin_addr = ip->ip_dst;
168 if (ifa_ifwithaddr_check((struct sockaddr *)&ipaddr)
169 == 0) {
170 if (opt == IPOPT_SSRR) {
171 type = ICMP_UNREACH;
172 code = ICMP_UNREACH_SRCFAIL;
173 goto bad;
174 }
175 if (!V_ip_dosourceroute)
176 goto nosourcerouting;
177 /*
178 * Loose routing, and not at next destination
179 * yet; nothing to do except forward.
180 */
181 break;
182 }
183 off--; /* 0 origin */
184 if (off > optlen - (int)sizeof(struct in_addr)) {
185 /*
186 * End of source route. Should be for us.
187 */
188 if (!V_ip_acceptsourceroute)
189 goto nosourcerouting;
190 save_rte(m, cp, ip->ip_src);
191 break;
192 }
193 #ifdef IPSTEALTH
194 if (V_ipstealth)
195 goto dropit;
196 #endif
197 if (!V_ip_dosourceroute) {
198 if (V_ipforwarding) {
199 char buf[16]; /* aaa.bbb.ccc.ddd\0 */
200 /*
201 * Acting as a router, so generate
202 * ICMP
203 */
204 nosourcerouting:
205 strcpy(buf, inet_ntoa(ip->ip_dst));
206 log(LOG_WARNING,
207 "attempted source route from %s to %s\n",
208 inet_ntoa(ip->ip_src), buf);
209 type = ICMP_UNREACH;
210 code = ICMP_UNREACH_SRCFAIL;
211 goto bad;
212 } else {
213 /*
214 * Not acting as a router, so
215 * silently drop.
216 */
217 #ifdef IPSTEALTH
218 dropit:
219 #endif
220 IPSTAT_INC(ips_cantforward);
221 m_freem(m);
222 return (1);
223 }
224 }
225
226 /*
227 * locate outgoing interface
228 */
229 (void)memcpy(&ipaddr.sin_addr, cp + off,
230 sizeof(ipaddr.sin_addr));
231
232 type = ICMP_UNREACH;
233 code = ICMP_UNREACH_SRCFAIL;
234
235 if (opt == IPOPT_SSRR) {
236 #define INA struct in_ifaddr *
237 #define SA struct sockaddr *
238 ia = (INA)ifa_ifwithdstaddr((SA)&ipaddr,
239 RT_ALL_FIBS);
240 if (ia == NULL)
241 ia = (INA)ifa_ifwithnet((SA)&ipaddr, 0,
242 RT_ALL_FIBS);
243 if (ia == NULL)
244 goto bad;
245
246 memcpy(cp + off, &(IA_SIN(ia)->sin_addr),
247 sizeof(struct in_addr));
248 ifa_free(&ia->ia_ifa);
249 } else {
250 /* XXX MRT 0 for routing */
251 if (fib4_lookup_nh_ext(M_GETFIB(m),
252 ipaddr.sin_addr, 0, 0, &nh_ext) != 0)
253 goto bad;
254
255 memcpy(cp + off, &nh_ext.nh_src,
256 sizeof(struct in_addr));
257 }
258
259 ip->ip_dst = ipaddr.sin_addr;
260 cp[IPOPT_OFFSET] += sizeof(struct in_addr);
261 /*
262 * Let ip_intr's mcast routing check handle mcast pkts
263 */
264 forward = !IN_MULTICAST(ntohl(ip->ip_dst.s_addr));
265 break;
266
267 case IPOPT_RR:
268 #ifdef IPSTEALTH
269 if (V_ipstealth && pass == 0)
270 break;
271 #endif
272 if (optlen < IPOPT_OFFSET + sizeof(*cp)) {
273 code = &cp[IPOPT_OFFSET] - (u_char *)ip;
274 goto bad;
275 }
276 if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) {
277 code = &cp[IPOPT_OFFSET] - (u_char *)ip;
278 goto bad;
279 }
280 /*
281 * If no space remains, ignore.
282 */
283 off--; /* 0 origin */
284 if (off > optlen - (int)sizeof(struct in_addr))
285 break;
286 (void)memcpy(&ipaddr.sin_addr, &ip->ip_dst,
287 sizeof(ipaddr.sin_addr));
288 /*
289 * Locate outgoing interface; if we're the
290 * destination, use the incoming interface (should be
291 * same).
292 */
293 if ((ia = (INA)ifa_ifwithaddr((SA)&ipaddr)) != NULL) {
294 memcpy(cp + off, &(IA_SIN(ia)->sin_addr),
295 sizeof(struct in_addr));
296 ifa_free(&ia->ia_ifa);
297 } else if (fib4_lookup_nh_ext(M_GETFIB(m),
298 ipaddr.sin_addr, 0, 0, &nh_ext) == 0) {
299 memcpy(cp + off, &nh_ext.nh_src,
300 sizeof(struct in_addr));
301 } else {
302 type = ICMP_UNREACH;
303 code = ICMP_UNREACH_HOST;
304 goto bad;
305 }
306 cp[IPOPT_OFFSET] += sizeof(struct in_addr);
307 break;
308
309 case IPOPT_TS:
310 #ifdef IPSTEALTH
311 if (V_ipstealth && pass == 0)
312 break;
313 #endif
314 code = cp - (u_char *)ip;
315 if (optlen < 4 || optlen > 40) {
316 code = &cp[IPOPT_OLEN] - (u_char *)ip;
317 goto bad;
318 }
319 if ((off = cp[IPOPT_OFFSET]) < 5) {
320 code = &cp[IPOPT_OLEN] - (u_char *)ip;
321 goto bad;
322 }
323 if (off > optlen - (int)sizeof(int32_t)) {
324 cp[IPOPT_OFFSET + 1] += (1 << 4);
325 if ((cp[IPOPT_OFFSET + 1] & 0xf0) == 0) {
326 code = &cp[IPOPT_OFFSET] - (u_char *)ip;
327 goto bad;
328 }
329 break;
330 }
331 off--; /* 0 origin */
332 sin = (struct in_addr *)(cp + off);
333 switch (cp[IPOPT_OFFSET + 1] & 0x0f) {
334
335 case IPOPT_TS_TSONLY:
336 break;
337
338 case IPOPT_TS_TSANDADDR:
339 if (off + sizeof(uint32_t) +
340 sizeof(struct in_addr) > optlen) {
341 code = &cp[IPOPT_OFFSET] - (u_char *)ip;
342 goto bad;
343 }
344 ipaddr.sin_addr = dst;
345 ia = (INA)ifaof_ifpforaddr((SA)&ipaddr,
346 m->m_pkthdr.rcvif);
347 if (ia == NULL)
348 continue;
349 (void)memcpy(sin, &IA_SIN(ia)->sin_addr,
350 sizeof(struct in_addr));
351 ifa_free(&ia->ia_ifa);
352 cp[IPOPT_OFFSET] += sizeof(struct in_addr);
353 off += sizeof(struct in_addr);
354 break;
355
356 case IPOPT_TS_PRESPEC:
357 if (off + sizeof(uint32_t) +
358 sizeof(struct in_addr) > optlen) {
359 code = &cp[IPOPT_OFFSET] - (u_char *)ip;
360 goto bad;
361 }
362 (void)memcpy(&ipaddr.sin_addr, sin,
363 sizeof(struct in_addr));
364 if (ifa_ifwithaddr_check((SA)&ipaddr) == 0)
365 continue;
366 cp[IPOPT_OFFSET] += sizeof(struct in_addr);
367 off += sizeof(struct in_addr);
368 break;
369
370 default:
371 code = &cp[IPOPT_OFFSET + 1] - (u_char *)ip;
372 goto bad;
373 }
374 ntime = iptime();
375 (void)memcpy(cp + off, &ntime, sizeof(uint32_t));
376 cp[IPOPT_OFFSET] += sizeof(uint32_t);
377 }
378 }
379 if (forward && V_ipforwarding) {
380 ip_forward(m, 1);
381 return (1);
382 }
383 return (0);
384 bad:
385 icmp_error(m, type, code, 0, 0);
386 IPSTAT_INC(ips_badoptions);
387 return (1);
388 }
389
390 /*
391 * Save incoming source route for use in replies, to be picked up later by
392 * ip_srcroute if the receiver is interested.
393 */
394 static void
395 save_rte(struct mbuf *m, u_char *option, struct in_addr dst)
396 {
397 unsigned olen;
398 struct ipopt_tag *opts;
399
400 opts = (struct ipopt_tag *)m_tag_get(PACKET_TAG_IPOPTIONS,
401 sizeof(struct ipopt_tag), M_NOWAIT);
402 if (opts == NULL)
403 return;
404
405 olen = option[IPOPT_OLEN];
406 if (olen > sizeof(opts->ip_srcrt) - (1 + sizeof(dst))) {
407 m_tag_free((struct m_tag *)opts);
408 return;
409 }
410 bcopy(option, opts->ip_srcrt.srcopt, olen);
411 opts->ip_nhops = (olen - IPOPT_OFFSET - 1) / sizeof(struct in_addr);
412 opts->ip_srcrt.dst = dst;
413 m_tag_prepend(m, (struct m_tag *)opts);
414 }
415
416 /*
417 * Retrieve incoming source route for use in replies, in the same form used
418 * by setsockopt. The first hop is placed before the options, will be
419 * removed later.
420 */
421 struct mbuf *
422 ip_srcroute(struct mbuf *m0)
423 {
424 struct in_addr *p, *q;
425 struct mbuf *m;
426 struct ipopt_tag *opts;
427
428 opts = (struct ipopt_tag *)m_tag_find(m0, PACKET_TAG_IPOPTIONS, NULL);
429 if (opts == NULL)
430 return (NULL);
431
432 if (opts->ip_nhops == 0)
433 return (NULL);
434 m = m_get(M_NOWAIT, MT_DATA);
435 if (m == NULL)
436 return (NULL);
437
438 #define OPTSIZ (sizeof(opts->ip_srcrt.nop) + sizeof(opts->ip_srcrt.srcopt))
439
440 /* length is (nhops+1)*sizeof(addr) + sizeof(nop + srcrt header) */
441 m->m_len = opts->ip_nhops * sizeof(struct in_addr) +
442 sizeof(struct in_addr) + OPTSIZ;
443
444 /*
445 * First, save first hop for return route.
446 */
447 p = &(opts->ip_srcrt.route[opts->ip_nhops - 1]);
448 *(mtod(m, struct in_addr *)) = *p--;
449
450 /*
451 * Copy option fields and padding (nop) to mbuf.
452 */
453 opts->ip_srcrt.nop = IPOPT_NOP;
454 opts->ip_srcrt.srcopt[IPOPT_OFFSET] = IPOPT_MINOFF;
455 (void)memcpy(mtod(m, caddr_t) + sizeof(struct in_addr),
456 &(opts->ip_srcrt.nop), OPTSIZ);
457 q = (struct in_addr *)(mtod(m, caddr_t) +
458 sizeof(struct in_addr) + OPTSIZ);
459 #undef OPTSIZ
460 /*
461 * Record return path as an IP source route, reversing the path
462 * (pointers are now aligned).
463 */
464 while (p >= opts->ip_srcrt.route) {
465 *q++ = *p--;
466 }
467 /*
468 * Last hop goes to final destination.
469 */
470 *q = opts->ip_srcrt.dst;
471 m_tag_delete(m0, (struct m_tag *)opts);
472 return (m);
473 }
474
475 /*
476 * Strip out IP options, at higher level protocol in the kernel.
477 */
478 void
479 ip_stripoptions(struct mbuf *m)
480 {
481 struct ip *ip = mtod(m, struct ip *);
482 int olen;
483
484 olen = (ip->ip_hl << 2) - sizeof(struct ip);
485 m->m_len -= olen;
486 if (m->m_flags & M_PKTHDR)
487 m->m_pkthdr.len -= olen;
488 ip->ip_len = htons(ntohs(ip->ip_len) - olen);
489 ip->ip_hl = sizeof(struct ip) >> 2;
490
491 bcopy((char *)ip + sizeof(struct ip) + olen, (ip + 1),
492 (size_t )(m->m_len - sizeof(struct ip)));
493 }
494
495 /*
496 * Insert IP options into preformed packet. Adjust IP destination as
497 * required for IP source routing, as indicated by a non-zero in_addr at the
498 * start of the options.
499 *
500 * XXX This routine assumes that the packet has no options in place.
501 */
502 struct mbuf *
503 ip_insertoptions(struct mbuf *m, struct mbuf *opt, int *phlen)
504 {
505 struct ipoption *p = mtod(opt, struct ipoption *);
506 struct mbuf *n;
507 struct ip *ip = mtod(m, struct ip *);
508 unsigned optlen;
509
510 optlen = opt->m_len - sizeof(p->ipopt_dst);
511 if (optlen + ntohs(ip->ip_len) > IP_MAXPACKET) {
512 *phlen = 0;
513 return (m); /* XXX should fail */
514 }
515 if (p->ipopt_dst.s_addr)
516 ip->ip_dst = p->ipopt_dst;
517 if (!M_WRITABLE(m) || M_LEADINGSPACE(m) < optlen) {
518 n = m_gethdr(M_NOWAIT, MT_DATA);
519 if (n == NULL) {
520 *phlen = 0;
521 return (m);
522 }
523 m_move_pkthdr(n, m);
524 n->m_pkthdr.rcvif = NULL;
525 n->m_pkthdr.len += optlen;
526 m->m_len -= sizeof(struct ip);
527 m->m_data += sizeof(struct ip);
528 n->m_next = m;
529 m = n;
530 m->m_len = optlen + sizeof(struct ip);
531 m->m_data += max_linkhdr;
532 bcopy(ip, mtod(m, void *), sizeof(struct ip));
533 } else {
534 m->m_data -= optlen;
535 m->m_len += optlen;
536 m->m_pkthdr.len += optlen;
537 bcopy(ip, mtod(m, void *), sizeof(struct ip));
538 }
539 ip = mtod(m, struct ip *);
540 bcopy(p->ipopt_list, ip + 1, optlen);
541 *phlen = sizeof(struct ip) + optlen;
542 ip->ip_v = IPVERSION;
543 ip->ip_hl = *phlen >> 2;
544 ip->ip_len = htons(ntohs(ip->ip_len) + optlen);
545 return (m);
546 }
547
548 /*
549 * Copy options from ip to jp, omitting those not copied during
550 * fragmentation.
551 */
552 int
553 ip_optcopy(struct ip *ip, struct ip *jp)
554 {
555 u_char *cp, *dp;
556 int opt, optlen, cnt;
557
558 cp = (u_char *)(ip + 1);
559 dp = (u_char *)(jp + 1);
560 cnt = (ip->ip_hl << 2) - sizeof (struct ip);
561 for (; cnt > 0; cnt -= optlen, cp += optlen) {
562 opt = cp[0];
563 if (opt == IPOPT_EOL)
564 break;
565 if (opt == IPOPT_NOP) {
566 /* Preserve for IP mcast tunnel's LSRR alignment. */
567 *dp++ = IPOPT_NOP;
568 optlen = 1;
569 continue;
570 }
571
572 KASSERT(cnt >= IPOPT_OLEN + sizeof(*cp),
573 ("ip_optcopy: malformed ipv4 option"));
574 optlen = cp[IPOPT_OLEN];
575 KASSERT(optlen >= IPOPT_OLEN + sizeof(*cp) && optlen <= cnt,
576 ("ip_optcopy: malformed ipv4 option"));
577
578 /* Bogus lengths should have been caught by ip_dooptions. */
579 if (optlen > cnt)
580 optlen = cnt;
581 if (IPOPT_COPIED(opt)) {
582 bcopy(cp, dp, optlen);
583 dp += optlen;
584 }
585 }
586 for (optlen = dp - (u_char *)(jp+1); optlen & 0x3; optlen++)
587 *dp++ = IPOPT_EOL;
588 return (optlen);
589 }
590
591 /*
592 * Set up IP options in pcb for insertion in output packets. Store in mbuf
593 * with pointer in pcbopt, adding pseudo-option with destination address if
594 * source routed.
595 */
596 int
597 ip_pcbopts(struct inpcb *inp, int optname, struct mbuf *m)
598 {
599 int cnt, optlen;
600 u_char *cp;
601 struct mbuf **pcbopt;
602 u_char opt;
603
604 INP_WLOCK_ASSERT(inp);
605
606 pcbopt = &inp->inp_options;
607
608 /* turn off any old options */
609 if (*pcbopt)
610 (void)m_free(*pcbopt);
611 *pcbopt = NULL;
612 if (m == NULL || m->m_len == 0) {
613 /*
614 * Only turning off any previous options.
615 */
616 if (m != NULL)
617 (void)m_free(m);
618 return (0);
619 }
620
621 if (m->m_len % sizeof(int32_t))
622 goto bad;
623 /*
624 * IP first-hop destination address will be stored before actual
625 * options; move other options back and clear it when none present.
626 */
627 if (m->m_data + m->m_len + sizeof(struct in_addr) >= &m->m_dat[MLEN])
628 goto bad;
629 cnt = m->m_len;
630 m->m_len += sizeof(struct in_addr);
631 cp = mtod(m, u_char *) + sizeof(struct in_addr);
632 bcopy(mtod(m, void *), cp, (unsigned)cnt);
633 bzero(mtod(m, void *), sizeof(struct in_addr));
634
635 for (; cnt > 0; cnt -= optlen, cp += optlen) {
636 opt = cp[IPOPT_OPTVAL];
637 if (opt == IPOPT_EOL)
638 break;
639 if (opt == IPOPT_NOP)
640 optlen = 1;
641 else {
642 if (cnt < IPOPT_OLEN + sizeof(*cp))
643 goto bad;
644 optlen = cp[IPOPT_OLEN];
645 if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt)
646 goto bad;
647 }
648 switch (opt) {
649
650 default:
651 break;
652
653 case IPOPT_LSRR:
654 case IPOPT_SSRR:
655 /*
656 * User process specifies route as:
657 *
658 * ->A->B->C->D
659 *
660 * D must be our final destination (but we can't
661 * check that since we may not have connected yet).
662 * A is first hop destination, which doesn't appear
663 * in actual IP option, but is stored before the
664 * options.
665 */
666 /* XXX-BZ PRIV_NETINET_SETHDROPTS? */
667 if (optlen < IPOPT_MINOFF - 1 + sizeof(struct in_addr))
668 goto bad;
669 m->m_len -= sizeof(struct in_addr);
670 cnt -= sizeof(struct in_addr);
671 optlen -= sizeof(struct in_addr);
672 cp[IPOPT_OLEN] = optlen;
673 /*
674 * Move first hop before start of options.
675 */
676 bcopy((caddr_t)&cp[IPOPT_OFFSET+1], mtod(m, caddr_t),
677 sizeof(struct in_addr));
678 /*
679 * Then copy rest of options back
680 * to close up the deleted entry.
681 */
682 bcopy((&cp[IPOPT_OFFSET+1] + sizeof(struct in_addr)),
683 &cp[IPOPT_OFFSET+1],
684 (unsigned)cnt - (IPOPT_MINOFF - 1));
685 break;
686 }
687 }
688 if (m->m_len > MAX_IPOPTLEN + sizeof(struct in_addr))
689 goto bad;
690 *pcbopt = m;
691 return (0);
692
693 bad:
694 (void)m_free(m);
695 return (EINVAL);
696 }
697
698 /*
699 * Check for the presence of the IP Router Alert option [RFC2113]
700 * in the header of an IPv4 datagram.
701 *
702 * This call is not intended for use from the forwarding path; it is here
703 * so that protocol domains may check for the presence of the option.
704 * Given how FreeBSD's IPv4 stack is currently structured, the Router Alert
705 * option does not have much relevance to the implementation, though this
706 * may change in future.
707 * Router alert options SHOULD be passed if running in IPSTEALTH mode and
708 * we are not the endpoint.
709 * Length checks on individual options should already have been performed
710 * by ip_dooptions() therefore they are folded under INVARIANTS here.
711 *
712 * Return zero if not present or options are invalid, non-zero if present.
713 */
714 int
715 ip_checkrouteralert(struct mbuf *m)
716 {
717 struct ip *ip = mtod(m, struct ip *);
718 u_char *cp;
719 int opt, optlen, cnt, found_ra;
720
721 found_ra = 0;
722 cp = (u_char *)(ip + 1);
723 cnt = (ip->ip_hl << 2) - sizeof (struct ip);
724 for (; cnt > 0; cnt -= optlen, cp += optlen) {
725 opt = cp[IPOPT_OPTVAL];
726 if (opt == IPOPT_EOL)
727 break;
728 if (opt == IPOPT_NOP)
729 optlen = 1;
730 else {
731 #ifdef INVARIANTS
732 if (cnt < IPOPT_OLEN + sizeof(*cp))
733 break;
734 #endif
735 optlen = cp[IPOPT_OLEN];
736 #ifdef INVARIANTS
737 if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt)
738 break;
739 #endif
740 }
741 switch (opt) {
742 case IPOPT_RA:
743 #ifdef INVARIANTS
744 if (optlen != IPOPT_OFFSET + sizeof(uint16_t) ||
745 (*((uint16_t *)&cp[IPOPT_OFFSET]) != 0))
746 break;
747 else
748 #endif
749 found_ra = 1;
750 break;
751 default:
752 break;
753 }
754 }
755
756 return (found_ra);
757 }
FreeBSD src