2 * Extension Header handling for IPv6
3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Andi Kleen <ak@muc.de>
8 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
10 * $Id: exthdrs.c,v 1.13 2001/06/19 15:58:56 davem Exp $
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
19 * yoshfuji : ensure not to overrun while parsing
21 * Mitsuru KANDA @USAGI and: Remove ipv6_parse_exthdrs().
22 * YOSHIFUJI Hideaki @USAGI Register inbound extension header
23 * handlers as inet6_protocol{}.
26 #include <linux/errno.h>
27 #include <linux/types.h>
28 #include <linux/socket.h>
29 #include <linux/sockios.h>
30 #include <linux/sched.h>
31 #include <linux/net.h>
32 #include <linux/netdevice.h>
33 #include <linux/in6.h>
34 #include <linux/icmpv6.h>
40 #include <net/protocol.h>
41 #include <net/transp_v6.h>
42 #include <net/rawv6.h>
43 #include <net/ndisc.h>
44 #include <net/ip6_route.h>
45 #include <net/addrconf.h>
46 #ifdef CONFIG_IPV6_MIP6
50 #include <asm/uaccess.h>
52 int ipv6_find_tlv(struct sk_buff *skb, int offset, int type)
54 int packet_len = skb->tail - skb->nh.raw;
55 struct ipv6_opt_hdr *hdr;
58 if (offset + 2 > packet_len)
60 hdr = (struct ipv6_opt_hdr*)(skb->nh.raw + offset);
61 len = ((hdr->hdrlen + 1) << 3);
63 if (offset + len > packet_len)
70 int opttype = skb->nh.raw[offset];
81 optlen = skb->nh.raw[offset + 1] + 2;
96 * Parsing tlv encoded headers.
98 * Parsing function "func" returns 1, if parsing succeed
99 * and 0, if it failed.
100 * It MUST NOT touch skb->h.
103 struct tlvtype_proc {
105 int (*func)(struct sk_buff *skb, int offset);
108 /*********************
110 *********************/
112 /* An unknown option is detected, decide what to do */
114 static int ip6_tlvopt_unknown(struct sk_buff *skb, int optoff)
116 switch ((skb->nh.raw[optoff] & 0xC0) >> 6) {
120 case 1: /* drop packet */
123 case 3: /* Send ICMP if not a multicast address and drop packet */
124 /* Actually, it is redundant check. icmp_send
125 will recheck in any case.
127 if (ipv6_addr_is_multicast(&skb->nh.ipv6h->daddr))
129 case 2: /* send ICMP PARM PROB regardless and drop packet */
130 icmpv6_param_prob(skb, ICMPV6_UNK_OPTION, optoff);
138 /* Parse tlv encoded option header (hop-by-hop or destination) */
140 static int ip6_parse_tlv(struct tlvtype_proc *procs, struct sk_buff *skb)
142 struct tlvtype_proc *curr;
143 int off = skb->h.raw - skb->nh.raw;
144 int len = ((skb->h.raw[1]+1)<<3);
146 if ((skb->h.raw + len) - skb->data > skb_headlen(skb))
153 int optlen = skb->nh.raw[off+1]+2;
155 switch (skb->nh.raw[off]) {
163 default: /* Other TLV code so scan list */
166 for (curr=procs; curr->type >= 0; curr++) {
167 if (curr->type == skb->nh.raw[off]) {
168 /* type specific length/alignment
169 checks will be performed in the
171 if (curr->func(skb, off) == 0)
176 if (curr->type < 0) {
177 if (ip6_tlvopt_unknown(skb, off) == 0)
192 /*****************************
193 Destination options header.
194 *****************************/
196 static struct tlvtype_proc tlvprocdestopt_lst[] = {
197 /* No destination options are defined now */
201 static int ipv6_destopt_rcv(struct sk_buff **skbp)
203 struct sk_buff *skb = *skbp;
204 struct inet6_skb_parm *opt = IP6CB(skb);
206 if (!pskb_may_pull(skb, (skb->h.raw-skb->data)+8) ||
207 !pskb_may_pull(skb, (skb->h.raw-skb->data)+((skb->h.raw[1]+1)<<3))) {
208 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
213 opt->lastopt = skb->h.raw - skb->nh.raw;
214 opt->dst1 = skb->h.raw - skb->nh.raw;
216 if (ip6_parse_tlv(tlvprocdestopt_lst, skb)) {
217 skb->h.raw += ((skb->h.raw[1]+1)<<3);
218 opt->nhoff = opt->dst1;
222 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
226 static struct inet6_protocol destopt_protocol = {
227 .handler = ipv6_destopt_rcv,
228 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_GSO_EXTHDR,
231 void __init ipv6_destopt_init(void)
233 if (inet6_add_protocol(&destopt_protocol, IPPROTO_DSTOPTS) < 0)
234 printk(KERN_ERR "ipv6_destopt_init: Could not register protocol\n");
237 /********************************
238 NONE header. No data in packet.
239 ********************************/
241 static int ipv6_nodata_rcv(struct sk_buff **skbp)
243 struct sk_buff *skb = *skbp;
249 static struct inet6_protocol nodata_protocol = {
250 .handler = ipv6_nodata_rcv,
251 .flags = INET6_PROTO_NOPOLICY,
254 void __init ipv6_nodata_init(void)
256 if (inet6_add_protocol(&nodata_protocol, IPPROTO_NONE) < 0)
257 printk(KERN_ERR "ipv6_nodata_init: Could not register protocol\n");
260 /********************************
262 ********************************/
264 static int ipv6_rthdr_rcv(struct sk_buff **skbp)
266 struct sk_buff *skb = *skbp;
267 struct inet6_skb_parm *opt = IP6CB(skb);
268 struct in6_addr *addr = NULL;
269 struct in6_addr daddr;
272 struct ipv6_rt_hdr *hdr;
273 struct rt0_hdr *rthdr;
275 if (!pskb_may_pull(skb, (skb->h.raw-skb->data)+8) ||
276 !pskb_may_pull(skb, (skb->h.raw-skb->data)+((skb->h.raw[1]+1)<<3))) {
277 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
282 hdr = (struct ipv6_rt_hdr *) skb->h.raw;
284 if (ipv6_addr_is_multicast(&skb->nh.ipv6h->daddr) ||
285 skb->pkt_type != PACKET_HOST) {
286 IP6_INC_STATS_BH(IPSTATS_MIB_INADDRERRORS);
292 if (hdr->segments_left == 0) {
294 #ifdef CONFIG_IPV6_MIP6
295 case IPV6_SRCRT_TYPE_2:
296 /* Silently discard type 2 header unless it was
300 IP6_INC_STATS_BH(IPSTATS_MIB_INADDRERRORS);
310 opt->lastopt = skb->h.raw - skb->nh.raw;
311 opt->srcrt = skb->h.raw - skb->nh.raw;
312 skb->h.raw += (hdr->hdrlen + 1) << 3;
313 opt->dst0 = opt->dst1;
315 opt->nhoff = (&hdr->nexthdr) - skb->nh.raw;
320 case IPV6_SRCRT_TYPE_0:
321 if (hdr->hdrlen & 0x01) {
322 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
323 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, (&hdr->hdrlen) - skb->nh.raw);
327 #ifdef CONFIG_IPV6_MIP6
328 case IPV6_SRCRT_TYPE_2:
329 /* Silently discard invalid RTH type 2 */
330 if (hdr->hdrlen != 2 || hdr->segments_left != 1) {
331 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
338 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
339 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, (&hdr->type) - skb->nh.raw);
344 * This is the routing header forwarding algorithm from
348 n = hdr->hdrlen >> 1;
350 if (hdr->segments_left > n) {
351 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
352 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, (&hdr->segments_left) - skb->nh.raw);
356 /* We are about to mangle packet header. Be careful!
357 Do not damage packets queued somewhere.
359 if (skb_cloned(skb)) {
360 struct sk_buff *skb2 = skb_copy(skb, GFP_ATOMIC);
362 /* the copy is a forwarded packet */
364 IP6_INC_STATS_BH(IPSTATS_MIB_OUTDISCARDS);
369 hdr = (struct ipv6_rt_hdr *) skb2->h.raw;
372 if (skb->ip_summed == CHECKSUM_COMPLETE)
373 skb->ip_summed = CHECKSUM_NONE;
375 i = n - --hdr->segments_left;
377 rthdr = (struct rt0_hdr *) hdr;
382 #ifdef CONFIG_IPV6_MIP6
383 case IPV6_SRCRT_TYPE_2:
384 if (xfrm6_input_addr(skb, (xfrm_address_t *)addr,
385 (xfrm_address_t *)&skb->nh.ipv6h->saddr,
386 IPPROTO_ROUTING) < 0) {
387 IP6_INC_STATS_BH(IPSTATS_MIB_INADDRERRORS);
391 if (!ipv6_chk_home_addr(addr)) {
392 IP6_INC_STATS_BH(IPSTATS_MIB_INADDRERRORS);
402 if (ipv6_addr_is_multicast(addr)) {
403 IP6_INC_STATS_BH(IPSTATS_MIB_INADDRERRORS);
408 ipv6_addr_copy(&daddr, addr);
409 ipv6_addr_copy(addr, &skb->nh.ipv6h->daddr);
410 ipv6_addr_copy(&skb->nh.ipv6h->daddr, &daddr);
412 dst_release(xchg(&skb->dst, NULL));
413 ip6_route_input(skb);
414 if (skb->dst->error) {
415 skb_push(skb, skb->data - skb->nh.raw);
420 if (skb->dst->dev->flags&IFF_LOOPBACK) {
421 if (skb->nh.ipv6h->hop_limit <= 1) {
422 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
423 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
428 skb->nh.ipv6h->hop_limit--;
432 skb_push(skb, skb->data - skb->nh.raw);
437 static struct inet6_protocol rthdr_protocol = {
438 .handler = ipv6_rthdr_rcv,
439 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_GSO_EXTHDR,
442 void __init ipv6_rthdr_init(void)
444 if (inet6_add_protocol(&rthdr_protocol, IPPROTO_ROUTING) < 0)
445 printk(KERN_ERR "ipv6_rthdr_init: Could not register protocol\n");
449 This function inverts received rthdr.
450 NOTE: specs allow to make it automatically only if
451 packet authenticated.
453 I will not discuss it here (though, I am really pissed off at
454 this stupid requirement making rthdr idea useless)
456 Actually, it creates severe problems for us.
457 Embryonic requests has no associated sockets,
458 so that user have no control over it and
459 cannot not only to set reply options, but
460 even to know, that someone wants to connect
463 For now we need to test the engine, so that I created
464 temporary (or permanent) backdoor.
465 If listening socket set IPV6_RTHDR to 2, then we invert header.
469 struct ipv6_txoptions *
470 ipv6_invert_rthdr(struct sock *sk, struct ipv6_rt_hdr *hdr)
474 [ H1 -> H2 -> ... H_prev ] daddr=ME
477 [ H_prev -> ... -> H1 ] daddr =sender
479 Note, that IP output engine will rewrite this rthdr
480 by rotating it left by one addr.
484 struct rt0_hdr *rthdr = (struct rt0_hdr*)hdr;
485 struct rt0_hdr *irthdr;
486 struct ipv6_txoptions *opt;
487 int hdrlen = ipv6_optlen(hdr);
489 if (hdr->segments_left ||
490 hdr->type != IPV6_SRCRT_TYPE_0 ||
494 n = hdr->hdrlen >> 1;
495 opt = sock_kmalloc(sk, sizeof(*opt) + hdrlen, GFP_ATOMIC);
498 memset(opt, 0, sizeof(*opt));
499 opt->tot_len = sizeof(*opt) + hdrlen;
500 opt->srcrt = (void*)(opt+1);
501 opt->opt_nflen = hdrlen;
503 memcpy(opt->srcrt, hdr, sizeof(*hdr));
504 irthdr = (struct rt0_hdr*)opt->srcrt;
505 irthdr->reserved = 0;
506 opt->srcrt->segments_left = n;
508 memcpy(irthdr->addr+i, rthdr->addr+(n-1-i), 16);
512 EXPORT_SYMBOL_GPL(ipv6_invert_rthdr);
514 /**********************************
516 **********************************/
518 /* Router Alert as of RFC 2711 */
520 static int ipv6_hop_ra(struct sk_buff *skb, int optoff)
522 if (skb->nh.raw[optoff+1] == 2) {
523 IP6CB(skb)->ra = optoff;
526 LIMIT_NETDEBUG(KERN_DEBUG "ipv6_hop_ra: wrong RA length %d\n",
527 skb->nh.raw[optoff+1]);
534 static int ipv6_hop_jumbo(struct sk_buff *skb, int optoff)
538 if (skb->nh.raw[optoff+1] != 4 || (optoff&3) != 2) {
539 LIMIT_NETDEBUG(KERN_DEBUG "ipv6_hop_jumbo: wrong jumbo opt length/alignment %d\n",
540 skb->nh.raw[optoff+1]);
541 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
545 pkt_len = ntohl(*(u32*)(skb->nh.raw+optoff+2));
546 if (pkt_len <= IPV6_MAXPLEN) {
547 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
548 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff+2);
551 if (skb->nh.ipv6h->payload_len) {
552 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
553 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff);
557 if (pkt_len > skb->len - sizeof(struct ipv6hdr)) {
558 IP6_INC_STATS_BH(IPSTATS_MIB_INTRUNCATEDPKTS);
562 if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr)))
572 static struct tlvtype_proc tlvprochopopt_lst[] = {
574 .type = IPV6_TLV_ROUTERALERT,
578 .type = IPV6_TLV_JUMBO,
579 .func = ipv6_hop_jumbo,
584 int ipv6_parse_hopopts(struct sk_buff *skb)
586 struct inet6_skb_parm *opt = IP6CB(skb);
589 * skb->nh.raw is equal to skb->data, and
590 * skb->h.raw - skb->nh.raw is always equal to
591 * sizeof(struct ipv6hdr) by definition of
592 * hop-by-hop options.
594 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr) + 8) ||
595 !pskb_may_pull(skb, sizeof(struct ipv6hdr) + ((skb->h.raw[1] + 1) << 3))) {
600 opt->hop = sizeof(struct ipv6hdr);
601 if (ip6_parse_tlv(tlvprochopopt_lst, skb)) {
602 skb->h.raw += (skb->h.raw[1]+1)<<3;
603 opt->nhoff = sizeof(struct ipv6hdr);
610 * Creating outbound headers.
612 * "build" functions work when skb is filled from head to tail (datagram)
613 * "push" functions work when headers are added from tail to head (tcp)
615 * In both cases we assume, that caller reserved enough room
619 static void ipv6_push_rthdr(struct sk_buff *skb, u8 *proto,
620 struct ipv6_rt_hdr *opt,
621 struct in6_addr **addr_p)
623 struct rt0_hdr *phdr, *ihdr;
626 ihdr = (struct rt0_hdr *) opt;
628 phdr = (struct rt0_hdr *) skb_push(skb, (ihdr->rt_hdr.hdrlen + 1) << 3);
629 memcpy(phdr, ihdr, sizeof(struct rt0_hdr));
631 hops = ihdr->rt_hdr.hdrlen >> 1;
634 memcpy(phdr->addr, ihdr->addr + 1,
635 (hops - 1) * sizeof(struct in6_addr));
637 ipv6_addr_copy(phdr->addr + (hops - 1), *addr_p);
638 *addr_p = ihdr->addr;
640 phdr->rt_hdr.nexthdr = *proto;
641 *proto = NEXTHDR_ROUTING;
644 static void ipv6_push_exthdr(struct sk_buff *skb, u8 *proto, u8 type, struct ipv6_opt_hdr *opt)
646 struct ipv6_opt_hdr *h = (struct ipv6_opt_hdr *)skb_push(skb, ipv6_optlen(opt));
648 memcpy(h, opt, ipv6_optlen(opt));
653 void ipv6_push_nfrag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt,
655 struct in6_addr **daddr)
658 ipv6_push_rthdr(skb, proto, opt->srcrt, daddr);
660 * IPV6_RTHDRDSTOPTS is ignored
661 * unless IPV6_RTHDR is set (RFC3542).
664 ipv6_push_exthdr(skb, proto, NEXTHDR_DEST, opt->dst0opt);
667 ipv6_push_exthdr(skb, proto, NEXTHDR_HOP, opt->hopopt);
670 void ipv6_push_frag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt, u8 *proto)
673 ipv6_push_exthdr(skb, proto, NEXTHDR_DEST, opt->dst1opt);
676 struct ipv6_txoptions *
677 ipv6_dup_options(struct sock *sk, struct ipv6_txoptions *opt)
679 struct ipv6_txoptions *opt2;
681 opt2 = sock_kmalloc(sk, opt->tot_len, GFP_ATOMIC);
683 long dif = (char*)opt2 - (char*)opt;
684 memcpy(opt2, opt, opt->tot_len);
686 *((char**)&opt2->hopopt) += dif;
688 *((char**)&opt2->dst0opt) += dif;
690 *((char**)&opt2->dst1opt) += dif;
692 *((char**)&opt2->srcrt) += dif;
697 EXPORT_SYMBOL_GPL(ipv6_dup_options);
699 static int ipv6_renew_option(void *ohdr,
700 struct ipv6_opt_hdr __user *newopt, int newoptlen,
702 struct ipv6_opt_hdr **hdr,
707 memcpy(*p, ohdr, ipv6_optlen((struct ipv6_opt_hdr *)ohdr));
708 *hdr = (struct ipv6_opt_hdr *)*p;
709 *p += CMSG_ALIGN(ipv6_optlen(*(struct ipv6_opt_hdr **)hdr));
713 if (copy_from_user(*p, newopt, newoptlen))
715 *hdr = (struct ipv6_opt_hdr *)*p;
716 if (ipv6_optlen(*(struct ipv6_opt_hdr **)hdr) > newoptlen)
718 *p += CMSG_ALIGN(newoptlen);
724 struct ipv6_txoptions *
725 ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt,
727 struct ipv6_opt_hdr __user *newopt, int newoptlen)
731 struct ipv6_txoptions *opt2;
735 if (newtype != IPV6_HOPOPTS && opt->hopopt)
736 tot_len += CMSG_ALIGN(ipv6_optlen(opt->hopopt));
737 if (newtype != IPV6_RTHDRDSTOPTS && opt->dst0opt)
738 tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst0opt));
739 if (newtype != IPV6_RTHDR && opt->srcrt)
740 tot_len += CMSG_ALIGN(ipv6_optlen(opt->srcrt));
741 if (newtype != IPV6_DSTOPTS && opt->dst1opt)
742 tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst1opt));
745 if (newopt && newoptlen)
746 tot_len += CMSG_ALIGN(newoptlen);
751 tot_len += sizeof(*opt2);
752 opt2 = sock_kmalloc(sk, tot_len, GFP_ATOMIC);
754 return ERR_PTR(-ENOBUFS);
756 memset(opt2, 0, tot_len);
758 opt2->tot_len = tot_len;
759 p = (char *)(opt2 + 1);
761 err = ipv6_renew_option(opt ? opt->hopopt : NULL, newopt, newoptlen,
762 newtype != IPV6_HOPOPTS,
767 err = ipv6_renew_option(opt ? opt->dst0opt : NULL, newopt, newoptlen,
768 newtype != IPV6_RTHDRDSTOPTS,
773 err = ipv6_renew_option(opt ? opt->srcrt : NULL, newopt, newoptlen,
774 newtype != IPV6_RTHDR,
775 (struct ipv6_opt_hdr **)&opt2->srcrt, &p);
779 err = ipv6_renew_option(opt ? opt->dst1opt : NULL, newopt, newoptlen,
780 newtype != IPV6_DSTOPTS,
785 opt2->opt_nflen = (opt2->hopopt ? ipv6_optlen(opt2->hopopt) : 0) +
786 (opt2->dst0opt ? ipv6_optlen(opt2->dst0opt) : 0) +
787 (opt2->srcrt ? ipv6_optlen(opt2->srcrt) : 0);
788 opt2->opt_flen = (opt2->dst1opt ? ipv6_optlen(opt2->dst1opt) : 0);
792 sock_kfree_s(sk, opt2, opt2->tot_len);
796 struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space,
797 struct ipv6_txoptions *opt)
800 * ignore the dest before srcrt unless srcrt is being included.
803 if (opt && opt->dst0opt && !opt->srcrt) {
804 if (opt_space != opt) {
805 memcpy(opt_space, opt, sizeof(*opt_space));
808 opt->opt_nflen -= ipv6_optlen(opt->dst0opt);