search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[MTD] Fix length comparison in MEMREADOOB
[linux-2.6/linux-loongson.git] / net / ipv6 / exthdrs.c
blob28e0c6568272054ddcae0ac4e41f71493959adc2
1 /*
2 * Extension Header handling for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Andi Kleen <ak@muc.de>
8 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
9 *
10 * $Id: exthdrs.c,v 1.13 2001/06/19 15:58:56 davem Exp $
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
18 /* Changes:
19 * yoshfuji : ensure not to overrun while parsing
20 * tlv options.
21 * Mitsuru KANDA @USAGI and: Remove ipv6_parse_exthdrs().
22 * YOSHIFUJI Hideaki @USAGI Register inbound extension header
23 * handlers as inet6_protocol{}.
24 */
25
26 #include <linux/errno.h>
27 #include <linux/types.h>
28 #include <linux/socket.h>
29 #include <linux/sockios.h>
30 #include <linux/net.h>
31 #include <linux/netdevice.h>
32 #include <linux/in6.h>
33 #include <linux/icmpv6.h>
34
35 #include <net/sock.h>
36 #include <net/snmp.h>
37
38 #include <net/ipv6.h>
39 #include <net/protocol.h>
40 #include <net/transp_v6.h>
41 #include <net/rawv6.h>
42 #include <net/ndisc.h>
43 #include <net/ip6_route.h>
44 #include <net/addrconf.h>
45 #ifdef CONFIG_IPV6_MIP6
46 #include <net/xfrm.h>
47 #endif
48
49 #include <asm/uaccess.h>
50
51 int ipv6_find_tlv(struct sk_buff *skb, int offset, int type)
52 {
53 int packet_len = skb->tail - skb->nh.raw;
54 struct ipv6_opt_hdr *hdr;
55 int len;
56
57 if (offset + 2 > packet_len)
58 goto bad;
59 hdr = (struct ipv6_opt_hdr*)(skb->nh.raw + offset);
60 len = ((hdr->hdrlen + 1) << 3);
61
62 if (offset + len > packet_len)
63 goto bad;
64
65 offset += 2;
66 len -= 2;
67
68 while (len > 0) {
69 int opttype = skb->nh.raw[offset];
70 int optlen;
71
72 if (opttype == type)
73 return offset;
74
75 switch (opttype) {
76 case IPV6_TLV_PAD0:
77 optlen = 1;
78 break;
79 default:
80 optlen = skb->nh.raw[offset + 1] + 2;
81 if (optlen > len)
82 goto bad;
83 break;
84 }
85 offset += optlen;
86 len -= optlen;
87 }
88 /* not_found */
89 bad:
90 return -1;
91 }
92
93 /*
94 * Parsing tlv encoded headers.
95 *
96 * Parsing function "func" returns 1, if parsing succeed
97 * and 0, if it failed.
98 * It MUST NOT touch skb->h.
99 */
100
101 struct tlvtype_proc {
102 int type;
103 int (*func)(struct sk_buff **skbp, int offset);
104 };
105
106 /*********************
107 Generic functions
108 *********************/
109
110 /* An unknown option is detected, decide what to do */
111
112 static int ip6_tlvopt_unknown(struct sk_buff **skbp, int optoff)
113 {
114 struct sk_buff *skb = *skbp;
115
116 switch ((skb->nh.raw[optoff] & 0xC0) >> 6) {
117 case 0: /* ignore */
118 return 1;
119
120 case 1: /* drop packet */
121 break;
122
123 case 3: /* Send ICMP if not a multicast address and drop packet */
124 /* Actually, it is redundant check. icmp_send
125 will recheck in any case.
126 */
127 if (ipv6_addr_is_multicast(&skb->nh.ipv6h->daddr))
128 break;
129 case 2: /* send ICMP PARM PROB regardless and drop packet */
130 icmpv6_param_prob(skb, ICMPV6_UNK_OPTION, optoff);
131 return 0;
132 };
133
134 kfree_skb(skb);
135 return 0;
136 }
137
138 /* Parse tlv encoded option header (hop-by-hop or destination) */
139
140 static int ip6_parse_tlv(struct tlvtype_proc *procs, struct sk_buff **skbp)
141 {
142 struct sk_buff *skb = *skbp;
143 struct tlvtype_proc *curr;
144 int off = skb->h.raw - skb->nh.raw;
145 int len = ((skb->h.raw[1]+1)<<3);
146
147 if ((skb->h.raw + len) - skb->data > skb_headlen(skb))
148 goto bad;
149
150 off += 2;
151 len -= 2;
152
153 while (len > 0) {
154 int optlen = skb->nh.raw[off+1]+2;
155
156 switch (skb->nh.raw[off]) {
157 case IPV6_TLV_PAD0:
158 optlen = 1;
159 break;
160
161 case IPV6_TLV_PADN:
162 break;
163
164 default: /* Other TLV code so scan list */
165 if (optlen > len)
166 goto bad;
167 for (curr=procs; curr->type >= 0; curr++) {
168 if (curr->type == skb->nh.raw[off]) {
169 /* type specific length/alignment
170 checks will be performed in the
171 func(). */
172 if (curr->func(skbp, off) == 0)
173 return 0;
174 break;
175 }
176 }
177 if (curr->type < 0) {
178 if (ip6_tlvopt_unknown(skbp, off) == 0)
179 return 0;
180 }
181 break;
182 }
183 off += optlen;
184 len -= optlen;
185 }
186 if (len == 0)
187 return 1;
188 bad:
189 kfree_skb(skb);
190 return 0;
191 }
192
193 /*****************************
194 Destination options header.
195 *****************************/
196
197 #ifdef CONFIG_IPV6_MIP6
198 static int ipv6_dest_hao(struct sk_buff **skbp, int optoff)
199 {
200 struct sk_buff *skb = *skbp;
201 struct ipv6_destopt_hao *hao;
202 struct inet6_skb_parm *opt = IP6CB(skb);
203 struct ipv6hdr *ipv6h = (struct ipv6hdr *)skb->nh.raw;
204 struct in6_addr tmp_addr;
205 int ret;
206
207 if (opt->dsthao) {
208 LIMIT_NETDEBUG(KERN_DEBUG "hao duplicated\n");
209 goto discard;
210 }
211 opt->dsthao = opt->dst1;
212 opt->dst1 = 0;
213
214 hao = (struct ipv6_destopt_hao *)(skb->nh.raw + optoff);
215
216 if (hao->length != 16) {
217 LIMIT_NETDEBUG(
218 KERN_DEBUG "hao invalid option length = %d\n", hao->length);
219 goto discard;
220 }
221
222 if (!(ipv6_addr_type(&hao->addr) & IPV6_ADDR_UNICAST)) {
223 LIMIT_NETDEBUG(
224 KERN_DEBUG "hao is not an unicast addr: " NIP6_FMT "\n", NIP6(hao->addr));
225 goto discard;
226 }
227
228 ret = xfrm6_input_addr(skb, (xfrm_address_t *)&ipv6h->daddr,
229 (xfrm_address_t *)&hao->addr, IPPROTO_DSTOPTS);
230 if (unlikely(ret < 0))
231 goto discard;
232
233 if (skb_cloned(skb)) {
234 struct sk_buff *skb2 = skb_copy(skb, GFP_ATOMIC);
235 struct inet6_skb_parm *opt2;
236
237 if (skb2 == NULL)
238 goto discard;
239
240 opt2 = IP6CB(skb2);
241 memcpy(opt2, opt, sizeof(*opt2));
242
243 kfree_skb(skb);
244
245 /* update all variable using below by copied skbuff */
246 *skbp = skb = skb2;
247 hao = (struct ipv6_destopt_hao *)(skb2->nh.raw + optoff);
248 ipv6h = (struct ipv6hdr *)skb2->nh.raw;
249 }
250
251 if (skb->ip_summed == CHECKSUM_COMPLETE)
252 skb->ip_summed = CHECKSUM_NONE;
253
254 ipv6_addr_copy(&tmp_addr, &ipv6h->saddr);
255 ipv6_addr_copy(&ipv6h->saddr, &hao->addr);
256 ipv6_addr_copy(&hao->addr, &tmp_addr);
257
258 if (skb->tstamp.off_sec == 0)
259 __net_timestamp(skb);
260
261 return 1;
262
263 discard:
264 kfree_skb(skb);
265 return 0;
266 }
267 #endif
268
269 static struct tlvtype_proc tlvprocdestopt_lst[] = {
270 #ifdef CONFIG_IPV6_MIP6
271 {
272 .type = IPV6_TLV_HAO,
273 .func = ipv6_dest_hao,
274 },
275 #endif
276 {-1, NULL}
277 };
278
279 static int ipv6_destopt_rcv(struct sk_buff **skbp)
280 {
281 struct sk_buff *skb = *skbp;
282 struct inet6_skb_parm *opt = IP6CB(skb);
283 #ifdef CONFIG_IPV6_MIP6
284 __u16 dstbuf;
285 #endif
286 struct dst_entry *dst;
287
288 if (!pskb_may_pull(skb, (skb->h.raw-skb->data)+8) ||
289 !pskb_may_pull(skb, (skb->h.raw-skb->data)+((skb->h.raw[1]+1)<<3))) {
290 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
291 IPSTATS_MIB_INHDRERRORS);
292 kfree_skb(skb);
293 return -1;
294 }
295
296 opt->lastopt = skb->h.raw - skb->nh.raw;
297 opt->dst1 = skb->h.raw - skb->nh.raw;
298 #ifdef CONFIG_IPV6_MIP6
299 dstbuf = opt->dst1;
300 #endif
301
302 dst = dst_clone(skb->dst);
303 if (ip6_parse_tlv(tlvprocdestopt_lst, skbp)) {
304 dst_release(dst);
305 skb = *skbp;
306 skb->h.raw += ((skb->h.raw[1]+1)<<3);
307 opt = IP6CB(skb);
308 #ifdef CONFIG_IPV6_MIP6
309 opt->nhoff = dstbuf;
310 #else
311 opt->nhoff = opt->dst1;
312 #endif
313 return 1;
314 }
315
316 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS);
317 dst_release(dst);
318 return -1;
319 }
320
321 static struct inet6_protocol destopt_protocol = {
322 .handler = ipv6_destopt_rcv,
323 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_GSO_EXTHDR,
324 };
325
326 void __init ipv6_destopt_init(void)
327 {
328 if (inet6_add_protocol(&destopt_protocol, IPPROTO_DSTOPTS) < 0)
329 printk(KERN_ERR "ipv6_destopt_init: Could not register protocol\n");
330 }
331
332 /********************************
333 NONE header. No data in packet.
334 ********************************/
335
336 static int ipv6_nodata_rcv(struct sk_buff **skbp)
337 {
338 struct sk_buff *skb = *skbp;
339
340 kfree_skb(skb);
341 return 0;
342 }
343
344 static struct inet6_protocol nodata_protocol = {
345 .handler = ipv6_nodata_rcv,
346 .flags = INET6_PROTO_NOPOLICY,
347 };
348
349 void __init ipv6_nodata_init(void)
350 {
351 if (inet6_add_protocol(&nodata_protocol, IPPROTO_NONE) < 0)
352 printk(KERN_ERR "ipv6_nodata_init: Could not register protocol\n");
353 }
354
355 /********************************
356 Routing header.
357 ********************************/
358
359 static int ipv6_rthdr_rcv(struct sk_buff **skbp)
360 {
361 struct sk_buff *skb = *skbp;
362 struct inet6_skb_parm *opt = IP6CB(skb);
363 struct in6_addr *addr = NULL;
364 struct in6_addr daddr;
365 int n, i;
366
367 struct ipv6_rt_hdr *hdr;
368 struct rt0_hdr *rthdr;
369
370 if (!pskb_may_pull(skb, (skb->h.raw-skb->data)+8) ||
371 !pskb_may_pull(skb, (skb->h.raw-skb->data)+((skb->h.raw[1]+1)<<3))) {
372 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
373 IPSTATS_MIB_INHDRERRORS);
374 kfree_skb(skb);
375 return -1;
376 }
377
378 hdr = (struct ipv6_rt_hdr *) skb->h.raw;
379
380 if (ipv6_addr_is_multicast(&skb->nh.ipv6h->daddr) ||
381 skb->pkt_type != PACKET_HOST) {
382 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
383 IPSTATS_MIB_INADDRERRORS);
384 kfree_skb(skb);
385 return -1;
386 }
387
388 looped_back:
389 if (hdr->segments_left == 0) {
390 switch (hdr->type) {
391 #ifdef CONFIG_IPV6_MIP6
392 case IPV6_SRCRT_TYPE_2:
393 /* Silently discard type 2 header unless it was
394 * processed by own
395 */
396 if (!addr) {
397 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
398 IPSTATS_MIB_INADDRERRORS);
399 kfree_skb(skb);
400 return -1;
401 }
402 break;
403 #endif
404 default:
405 break;
406 }
407
408 opt->lastopt = skb->h.raw - skb->nh.raw;
409 opt->srcrt = skb->h.raw - skb->nh.raw;
410 skb->h.raw += (hdr->hdrlen + 1) << 3;
411 opt->dst0 = opt->dst1;
412 opt->dst1 = 0;
413 opt->nhoff = (&hdr->nexthdr) - skb->nh.raw;
414 return 1;
415 }
416
417 switch (hdr->type) {
418 case IPV6_SRCRT_TYPE_0:
419 if (hdr->hdrlen & 0x01) {
420 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
421 IPSTATS_MIB_INHDRERRORS);
422 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, (&hdr->hdrlen) - skb->nh.raw);
423 return -1;
424 }
425 break;
426 #ifdef CONFIG_IPV6_MIP6
427 case IPV6_SRCRT_TYPE_2:
428 /* Silently discard invalid RTH type 2 */
429 if (hdr->hdrlen != 2 || hdr->segments_left != 1) {
430 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
431 IPSTATS_MIB_INHDRERRORS);
432 kfree_skb(skb);
433 return -1;
434 }
435 break;
436 #endif
437 default:
438 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
439 IPSTATS_MIB_INHDRERRORS);
440 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, (&hdr->type) - skb->nh.raw);
441 return -1;
442 }
443
444 /*
445 * This is the routing header forwarding algorithm from
446 * RFC 2460, page 16.
447 */
448
449 n = hdr->hdrlen >> 1;
450
451 if (hdr->segments_left > n) {
452 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
453 IPSTATS_MIB_INHDRERRORS);
454 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, (&hdr->segments_left) - skb->nh.raw);
455 return -1;
456 }
457
458 /* We are about to mangle packet header. Be careful!
459 Do not damage packets queued somewhere.
460 */
461 if (skb_cloned(skb)) {
462 struct sk_buff *skb2 = skb_copy(skb, GFP_ATOMIC);
463 /* the copy is a forwarded packet */
464 if (skb2 == NULL) {
465 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
466 IPSTATS_MIB_OUTDISCARDS);
467 kfree_skb(skb);
468 return -1;
469 }
470 kfree_skb(skb);
471 *skbp = skb = skb2;
472 opt = IP6CB(skb2);
473 hdr = (struct ipv6_rt_hdr *) skb2->h.raw;
474 }
475
476 if (skb->ip_summed == CHECKSUM_COMPLETE)
477 skb->ip_summed = CHECKSUM_NONE;
478
479 i = n - --hdr->segments_left;
480
481 rthdr = (struct rt0_hdr *) hdr;
482 addr = rthdr->addr;
483 addr += i - 1;
484
485 switch (hdr->type) {
486 #ifdef CONFIG_IPV6_MIP6
487 case IPV6_SRCRT_TYPE_2:
488 if (xfrm6_input_addr(skb, (xfrm_address_t *)addr,
489 (xfrm_address_t *)&skb->nh.ipv6h->saddr,
490 IPPROTO_ROUTING) < 0) {
491 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
492 IPSTATS_MIB_INADDRERRORS);
493 kfree_skb(skb);
494 return -1;
495 }
496 if (!ipv6_chk_home_addr(addr)) {
497 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
498 IPSTATS_MIB_INADDRERRORS);
499 kfree_skb(skb);
500 return -1;
501 }
502 break;
503 #endif
504 default:
505 break;
506 }
507
508 if (ipv6_addr_is_multicast(addr)) {
509 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
510 IPSTATS_MIB_INADDRERRORS);
511 kfree_skb(skb);
512 return -1;
513 }
514
515 ipv6_addr_copy(&daddr, addr);
516 ipv6_addr_copy(addr, &skb->nh.ipv6h->daddr);
517 ipv6_addr_copy(&skb->nh.ipv6h->daddr, &daddr);
518
519 dst_release(xchg(&skb->dst, NULL));
520 ip6_route_input(skb);
521 if (skb->dst->error) {
522 skb_push(skb, skb->data - skb->nh.raw);
523 dst_input(skb);
524 return -1;
525 }
526
527 if (skb->dst->dev->flags&IFF_LOOPBACK) {
528 if (skb->nh.ipv6h->hop_limit <= 1) {
529 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
530 IPSTATS_MIB_INHDRERRORS);
531 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
532 0, skb->dev);
533 kfree_skb(skb);
534 return -1;
535 }
536 skb->nh.ipv6h->hop_limit--;
537 goto looped_back;
538 }
539
540 skb_push(skb, skb->data - skb->nh.raw);
541 dst_input(skb);
542 return -1;
543 }
544
545 static struct inet6_protocol rthdr_protocol = {
546 .handler = ipv6_rthdr_rcv,
547 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_GSO_EXTHDR,
548 };
549
550 void __init ipv6_rthdr_init(void)
551 {
552 if (inet6_add_protocol(&rthdr_protocol, IPPROTO_ROUTING) < 0)
553 printk(KERN_ERR "ipv6_rthdr_init: Could not register protocol\n");
554 };
555
556 /*
557 This function inverts received rthdr.
558 NOTE: specs allow to make it automatically only if
559 packet authenticated.
560
561 I will not discuss it here (though, I am really pissed off at
562 this stupid requirement making rthdr idea useless)
563
564 Actually, it creates severe problems for us.
565 Embryonic requests has no associated sockets,
566 so that user have no control over it and
567 cannot not only to set reply options, but
568 even to know, that someone wants to connect
569 without success. :-(
570
571 For now we need to test the engine, so that I created
572 temporary (or permanent) backdoor.
573 If listening socket set IPV6_RTHDR to 2, then we invert header.
574 --ANK (980729)
575 */
576
577 struct ipv6_txoptions *
578 ipv6_invert_rthdr(struct sock *sk, struct ipv6_rt_hdr *hdr)
579 {
580 /* Received rthdr:
581
582 [ H1 -> H2 -> ... H_prev ] daddr=ME
583
584 Inverted result:
585 [ H_prev -> ... -> H1 ] daddr =sender
586
587 Note, that IP output engine will rewrite this rthdr
588 by rotating it left by one addr.
589 */
590
591 int n, i;
592 struct rt0_hdr *rthdr = (struct rt0_hdr*)hdr;
593 struct rt0_hdr *irthdr;
594 struct ipv6_txoptions *opt;
595 int hdrlen = ipv6_optlen(hdr);
596
597 if (hdr->segments_left ||
598 hdr->type != IPV6_SRCRT_TYPE_0 ||
599 hdr->hdrlen & 0x01)
600 return NULL;
601
602 n = hdr->hdrlen >> 1;
603 opt = sock_kmalloc(sk, sizeof(*opt) + hdrlen, GFP_ATOMIC);
604 if (opt == NULL)
605 return NULL;
606 memset(opt, 0, sizeof(*opt));
607 opt->tot_len = sizeof(*opt) + hdrlen;
608 opt->srcrt = (void*)(opt+1);
609 opt->opt_nflen = hdrlen;
610
611 memcpy(opt->srcrt, hdr, sizeof(*hdr));
612 irthdr = (struct rt0_hdr*)opt->srcrt;
613 irthdr->reserved = 0;
614 opt->srcrt->segments_left = n;
615 for (i=0; i<n; i++)
616 memcpy(irthdr->addr+i, rthdr->addr+(n-1-i), 16);
617 return opt;
618 }
619
620 EXPORT_SYMBOL_GPL(ipv6_invert_rthdr);
621
622 /**********************************
623 Hop-by-hop options.
624 **********************************/
625
626 /* Router Alert as of RFC 2711 */
627
628 static int ipv6_hop_ra(struct sk_buff **skbp, int optoff)
629 {
630 struct sk_buff *skb = *skbp;
631
632 if (skb->nh.raw[optoff+1] == 2) {
633 IP6CB(skb)->ra = optoff;
634 return 1;
635 }
636 LIMIT_NETDEBUG(KERN_DEBUG "ipv6_hop_ra: wrong RA length %d\n",
637 skb->nh.raw[optoff+1]);
638 kfree_skb(skb);
639 return 0;
640 }
641
642 /* Jumbo payload */
643
644 static int ipv6_hop_jumbo(struct sk_buff **skbp, int optoff)
645 {
646 struct sk_buff *skb = *skbp;
647 u32 pkt_len;
648
649 if (skb->nh.raw[optoff+1] != 4 || (optoff&3) != 2) {
650 LIMIT_NETDEBUG(KERN_DEBUG "ipv6_hop_jumbo: wrong jumbo opt length/alignment %d\n",
651 skb->nh.raw[optoff+1]);
652 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
653 IPSTATS_MIB_INHDRERRORS);
654 goto drop;
655 }
656
657 pkt_len = ntohl(*(__be32*)(skb->nh.raw+optoff+2));
658 if (pkt_len <= IPV6_MAXPLEN) {
659 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), IPSTATS_MIB_INHDRERRORS);
660 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff+2);
661 return 0;
662 }
663 if (skb->nh.ipv6h->payload_len) {
664 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), IPSTATS_MIB_INHDRERRORS);
665 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff);
666 return 0;
667 }
668
669 if (pkt_len > skb->len - sizeof(struct ipv6hdr)) {
670 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), IPSTATS_MIB_INTRUNCATEDPKTS);
671 goto drop;
672 }
673
674 if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr)))
675 goto drop;
676
677 return 1;
678
679 drop:
680 kfree_skb(skb);
681 return 0;
682 }
683
684 static struct tlvtype_proc tlvprochopopt_lst[] = {
685 {
686 .type = IPV6_TLV_ROUTERALERT,
687 .func = ipv6_hop_ra,
688 },
689 {
690 .type = IPV6_TLV_JUMBO,
691 .func = ipv6_hop_jumbo,
692 },
693 { -1, }
694 };
695
696 int ipv6_parse_hopopts(struct sk_buff **skbp)
697 {
698 struct sk_buff *skb = *skbp;
699 struct inet6_skb_parm *opt = IP6CB(skb);
700
701 /*
702 * skb->nh.raw is equal to skb->data, and
703 * skb->h.raw - skb->nh.raw is always equal to
704 * sizeof(struct ipv6hdr) by definition of
705 * hop-by-hop options.
706 */
707 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr) + 8) ||
708 !pskb_may_pull(skb, sizeof(struct ipv6hdr) + ((skb->h.raw[1] + 1) << 3))) {
709 kfree_skb(skb);
710 return -1;
711 }
712
713 opt->hop = sizeof(struct ipv6hdr);
714 if (ip6_parse_tlv(tlvprochopopt_lst, skbp)) {
715 skb = *skbp;
716 skb->h.raw += (skb->h.raw[1]+1)<<3;
717 opt = IP6CB(skb);
718 opt->nhoff = sizeof(struct ipv6hdr);
719 return 1;
720 }
721 return -1;
722 }
723
724 /*
725 * Creating outbound headers.
726 *
727 * "build" functions work when skb is filled from head to tail (datagram)
728 * "push" functions work when headers are added from tail to head (tcp)
729 *
730 * In both cases we assume, that caller reserved enough room
731 * for headers.
732 */
733
734 static void ipv6_push_rthdr(struct sk_buff *skb, u8 *proto,
735 struct ipv6_rt_hdr *opt,
736 struct in6_addr **addr_p)
737 {
738 struct rt0_hdr *phdr, *ihdr;
739 int hops;
740
741 ihdr = (struct rt0_hdr *) opt;
742
743 phdr = (struct rt0_hdr *) skb_push(skb, (ihdr->rt_hdr.hdrlen + 1) << 3);
744 memcpy(phdr, ihdr, sizeof(struct rt0_hdr));
745
746 hops = ihdr->rt_hdr.hdrlen >> 1;
747
748 if (hops > 1)
749 memcpy(phdr->addr, ihdr->addr + 1,
750 (hops - 1) * sizeof(struct in6_addr));
751
752 ipv6_addr_copy(phdr->addr + (hops - 1), *addr_p);
753 *addr_p = ihdr->addr;
754
755 phdr->rt_hdr.nexthdr = *proto;
756 *proto = NEXTHDR_ROUTING;
757 }
758
759 static void ipv6_push_exthdr(struct sk_buff *skb, u8 *proto, u8 type, struct ipv6_opt_hdr *opt)
760 {
761 struct ipv6_opt_hdr *h = (struct ipv6_opt_hdr *)skb_push(skb, ipv6_optlen(opt));
762
763 memcpy(h, opt, ipv6_optlen(opt));
764 h->nexthdr = *proto;
765 *proto = type;
766 }
767
768 void ipv6_push_nfrag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt,
769 u8 *proto,
770 struct in6_addr **daddr)
771 {
772 if (opt->srcrt) {
773 ipv6_push_rthdr(skb, proto, opt->srcrt, daddr);
774 /*
775 * IPV6_RTHDRDSTOPTS is ignored
776 * unless IPV6_RTHDR is set (RFC3542).
777 */
778 if (opt->dst0opt)
779 ipv6_push_exthdr(skb, proto, NEXTHDR_DEST, opt->dst0opt);
780 }
781 if (opt->hopopt)
782 ipv6_push_exthdr(skb, proto, NEXTHDR_HOP, opt->hopopt);
783 }
784
785 void ipv6_push_frag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt, u8 *proto)
786 {
787 if (opt->dst1opt)
788 ipv6_push_exthdr(skb, proto, NEXTHDR_DEST, opt->dst1opt);
789 }
790
791 struct ipv6_txoptions *
792 ipv6_dup_options(struct sock *sk, struct ipv6_txoptions *opt)
793 {
794 struct ipv6_txoptions *opt2;
795
796 opt2 = sock_kmalloc(sk, opt->tot_len, GFP_ATOMIC);
797 if (opt2) {
798 long dif = (char*)opt2 - (char*)opt;
799 memcpy(opt2, opt, opt->tot_len);
800 if (opt2->hopopt)
801 *((char**)&opt2->hopopt) += dif;
802 if (opt2->dst0opt)
803 *((char**)&opt2->dst0opt) += dif;
804 if (opt2->dst1opt)
805 *((char**)&opt2->dst1opt) += dif;
806 if (opt2->srcrt)
807 *((char**)&opt2->srcrt) += dif;
808 }
809 return opt2;
810 }
811
812 EXPORT_SYMBOL_GPL(ipv6_dup_options);
813
814 static int ipv6_renew_option(void *ohdr,
815 struct ipv6_opt_hdr __user *newopt, int newoptlen,
816 int inherit,
817 struct ipv6_opt_hdr **hdr,
818 char **p)
819 {
820 if (inherit) {
821 if (ohdr) {
822 memcpy(*p, ohdr, ipv6_optlen((struct ipv6_opt_hdr *)ohdr));
823 *hdr = (struct ipv6_opt_hdr *)*p;
824 *p += CMSG_ALIGN(ipv6_optlen(*(struct ipv6_opt_hdr **)hdr));
825 }
826 } else {
827 if (newopt) {
828 if (copy_from_user(*p, newopt, newoptlen))
829 return -EFAULT;
830 *hdr = (struct ipv6_opt_hdr *)*p;
831 if (ipv6_optlen(*(struct ipv6_opt_hdr **)hdr) > newoptlen)
832 return -EINVAL;
833 *p += CMSG_ALIGN(newoptlen);
834 }
835 }
836 return 0;
837 }
838
839 struct ipv6_txoptions *
840 ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt,
841 int newtype,
842 struct ipv6_opt_hdr __user *newopt, int newoptlen)
843 {
844 int tot_len = 0;
845 char *p;
846 struct ipv6_txoptions *opt2;
847 int err;
848
849 if (opt) {
850 if (newtype != IPV6_HOPOPTS && opt->hopopt)
851 tot_len += CMSG_ALIGN(ipv6_optlen(opt->hopopt));
852 if (newtype != IPV6_RTHDRDSTOPTS && opt->dst0opt)
853 tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst0opt));
854 if (newtype != IPV6_RTHDR && opt->srcrt)
855 tot_len += CMSG_ALIGN(ipv6_optlen(opt->srcrt));
856 if (newtype != IPV6_DSTOPTS && opt->dst1opt)
857 tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst1opt));
858 }
859
860 if (newopt && newoptlen)
861 tot_len += CMSG_ALIGN(newoptlen);
862
863 if (!tot_len)
864 return NULL;
865
866 tot_len += sizeof(*opt2);
867 opt2 = sock_kmalloc(sk, tot_len, GFP_ATOMIC);
868 if (!opt2)
869 return ERR_PTR(-ENOBUFS);
870
871 memset(opt2, 0, tot_len);
872
873 opt2->tot_len = tot_len;
874 p = (char *)(opt2 + 1);
875
876 err = ipv6_renew_option(opt ? opt->hopopt : NULL, newopt, newoptlen,
877 newtype != IPV6_HOPOPTS,
878 &opt2->hopopt, &p);
879 if (err)
880 goto out;
881
882 err = ipv6_renew_option(opt ? opt->dst0opt : NULL, newopt, newoptlen,
883 newtype != IPV6_RTHDRDSTOPTS,
884 &opt2->dst0opt, &p);
885 if (err)
886 goto out;
887
888 err = ipv6_renew_option(opt ? opt->srcrt : NULL, newopt, newoptlen,
889 newtype != IPV6_RTHDR,
890 (struct ipv6_opt_hdr **)&opt2->srcrt, &p);
891 if (err)
892 goto out;
893
894 err = ipv6_renew_option(opt ? opt->dst1opt : NULL, newopt, newoptlen,
895 newtype != IPV6_DSTOPTS,
896 &opt2->dst1opt, &p);
897 if (err)
898 goto out;
899
900 opt2->opt_nflen = (opt2->hopopt ? ipv6_optlen(opt2->hopopt) : 0) +
901 (opt2->dst0opt ? ipv6_optlen(opt2->dst0opt) : 0) +
902 (opt2->srcrt ? ipv6_optlen(opt2->srcrt) : 0);
903 opt2->opt_flen = (opt2->dst1opt ? ipv6_optlen(opt2->dst1opt) : 0);
904
905 return opt2;
906 out:
907 sock_kfree_s(sk, opt2, opt2->tot_len);
908 return ERR_PTR(err);
909 }
910
911 struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space,
912 struct ipv6_txoptions *opt)
913 {
914 /*
915 * ignore the dest before srcrt unless srcrt is being included.
916 * --yoshfuji
917 */
918 if (opt && opt->dst0opt && !opt->srcrt) {
919 if (opt_space != opt) {
920 memcpy(opt_space, opt, sizeof(*opt_space));
921 opt = opt_space;
922 }
923 opt->opt_nflen -= ipv6_optlen(opt->dst0opt);
924 opt->dst0opt = NULL;
925 }
926
927 return opt;
928 }
929
linux kernel for loongson