2 * Extension Header handling for IPv6
3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Andi Kleen <ak@muc.de>
8 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
10 * $Id: exthdrs.c,v 1.13 2001/06/19 15:58:56 davem Exp $
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
19 * yoshfuji : ensure not to overrun while parsing
21 * Mitsuru KANDA @USAGI and: Remove ipv6_parse_exthdrs().
22 * YOSHIFUJI Hideaki @USAGI Register inbound extension header
23 * handlers as inet6_protocol{}.
26 #include <linux/errno.h>
27 #include <linux/types.h>
28 #include <linux/socket.h>
29 #include <linux/sockios.h>
30 #include <linux/sched.h>
31 #include <linux/net.h>
32 #include <linux/netdevice.h>
33 #include <linux/in6.h>
34 #include <linux/icmpv6.h>
40 #include <net/protocol.h>
41 #include <net/transp_v6.h>
42 #include <net/rawv6.h>
43 #include <net/ndisc.h>
44 #include <net/ip6_route.h>
45 #include <net/addrconf.h>
46 #ifdef CONFIG_IPV6_MIP6
50 #include <asm/uaccess.h>
52 int ipv6_find_tlv(struct sk_buff *skb, int offset, int type)
54 int packet_len = skb->tail - skb->nh.raw;
55 struct ipv6_opt_hdr *hdr;
58 if (offset + 2 > packet_len)
60 hdr = (struct ipv6_opt_hdr*)(skb->nh.raw + offset);
61 len = ((hdr->hdrlen + 1) << 3);
63 if (offset + len > packet_len)
70 int opttype = skb->nh.raw[offset];
81 optlen = skb->nh.raw[offset + 1] + 2;
96 * Parsing tlv encoded headers.
98 * Parsing function "func" returns 1, if parsing succeed
99 * and 0, if it failed.
100 * It MUST NOT touch skb->h.
103 struct tlvtype_proc {
105 int (*func)(struct sk_buff **skbp, int offset);
108 /*********************
110 *********************/
112 /* An unknown option is detected, decide what to do */
114 static int ip6_tlvopt_unknown(struct sk_buff **skbp, int optoff)
116 struct sk_buff *skb = *skbp;
118 switch ((skb->nh.raw[optoff] & 0xC0) >> 6) {
122 case 1: /* drop packet */
125 case 3: /* Send ICMP if not a multicast address and drop packet */
126 /* Actually, it is redundant check. icmp_send
127 will recheck in any case.
129 if (ipv6_addr_is_multicast(&skb->nh.ipv6h->daddr))
131 case 2: /* send ICMP PARM PROB regardless and drop packet */
132 icmpv6_param_prob(skb, ICMPV6_UNK_OPTION, optoff);
140 /* Parse tlv encoded option header (hop-by-hop or destination) */
142 static int ip6_parse_tlv(struct tlvtype_proc *procs, struct sk_buff **skbp)
144 struct sk_buff *skb = *skbp;
145 struct tlvtype_proc *curr;
146 int off = skb->h.raw - skb->nh.raw;
147 int len = ((skb->h.raw[1]+1)<<3);
149 if ((skb->h.raw + len) - skb->data > skb_headlen(skb))
156 int optlen = skb->nh.raw[off+1]+2;
158 switch (skb->nh.raw[off]) {
166 default: /* Other TLV code so scan list */
169 for (curr=procs; curr->type >= 0; curr++) {
170 if (curr->type == skb->nh.raw[off]) {
171 /* type specific length/alignment
172 checks will be performed in the
174 if (curr->func(skbp, off) == 0)
179 if (curr->type < 0) {
180 if (ip6_tlvopt_unknown(skbp, off) == 0)
195 /*****************************
196 Destination options header.
197 *****************************/
199 static struct tlvtype_proc tlvprocdestopt_lst[] = {
200 /* No destination options are defined now */
204 static int ipv6_destopt_rcv(struct sk_buff **skbp)
206 struct sk_buff *skb = *skbp;
207 struct inet6_skb_parm *opt = IP6CB(skb);
209 if (!pskb_may_pull(skb, (skb->h.raw-skb->data)+8) ||
210 !pskb_may_pull(skb, (skb->h.raw-skb->data)+((skb->h.raw[1]+1)<<3))) {
211 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
216 opt->lastopt = skb->h.raw - skb->nh.raw;
217 opt->dst1 = skb->h.raw - skb->nh.raw;
219 if (ip6_parse_tlv(tlvprocdestopt_lst, skbp)) {
221 skb->h.raw += ((skb->h.raw[1]+1)<<3);
222 opt->nhoff = opt->dst1;
226 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
230 static struct inet6_protocol destopt_protocol = {
231 .handler = ipv6_destopt_rcv,
232 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_GSO_EXTHDR,
235 void __init ipv6_destopt_init(void)
237 if (inet6_add_protocol(&destopt_protocol, IPPROTO_DSTOPTS) < 0)
238 printk(KERN_ERR "ipv6_destopt_init: Could not register protocol\n");
241 /********************************
242 NONE header. No data in packet.
243 ********************************/
245 static int ipv6_nodata_rcv(struct sk_buff **skbp)
247 struct sk_buff *skb = *skbp;
253 static struct inet6_protocol nodata_protocol = {
254 .handler = ipv6_nodata_rcv,
255 .flags = INET6_PROTO_NOPOLICY,
258 void __init ipv6_nodata_init(void)
260 if (inet6_add_protocol(&nodata_protocol, IPPROTO_NONE) < 0)
261 printk(KERN_ERR "ipv6_nodata_init: Could not register protocol\n");
264 /********************************
266 ********************************/
268 static int ipv6_rthdr_rcv(struct sk_buff **skbp)
270 struct sk_buff *skb = *skbp;
271 struct inet6_skb_parm *opt = IP6CB(skb);
272 struct in6_addr *addr = NULL;
273 struct in6_addr daddr;
276 struct ipv6_rt_hdr *hdr;
277 struct rt0_hdr *rthdr;
279 if (!pskb_may_pull(skb, (skb->h.raw-skb->data)+8) ||
280 !pskb_may_pull(skb, (skb->h.raw-skb->data)+((skb->h.raw[1]+1)<<3))) {
281 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
286 hdr = (struct ipv6_rt_hdr *) skb->h.raw;
288 if (ipv6_addr_is_multicast(&skb->nh.ipv6h->daddr) ||
289 skb->pkt_type != PACKET_HOST) {
290 IP6_INC_STATS_BH(IPSTATS_MIB_INADDRERRORS);
296 if (hdr->segments_left == 0) {
298 #ifdef CONFIG_IPV6_MIP6
299 case IPV6_SRCRT_TYPE_2:
300 /* Silently discard type 2 header unless it was
304 IP6_INC_STATS_BH(IPSTATS_MIB_INADDRERRORS);
314 opt->lastopt = skb->h.raw - skb->nh.raw;
315 opt->srcrt = skb->h.raw - skb->nh.raw;
316 skb->h.raw += (hdr->hdrlen + 1) << 3;
317 opt->dst0 = opt->dst1;
319 opt->nhoff = (&hdr->nexthdr) - skb->nh.raw;
324 case IPV6_SRCRT_TYPE_0:
325 if (hdr->hdrlen & 0x01) {
326 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
327 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, (&hdr->hdrlen) - skb->nh.raw);
331 #ifdef CONFIG_IPV6_MIP6
332 case IPV6_SRCRT_TYPE_2:
333 /* Silently discard invalid RTH type 2 */
334 if (hdr->hdrlen != 2 || hdr->segments_left != 1) {
335 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
342 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
343 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, (&hdr->type) - skb->nh.raw);
348 * This is the routing header forwarding algorithm from
352 n = hdr->hdrlen >> 1;
354 if (hdr->segments_left > n) {
355 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
356 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, (&hdr->segments_left) - skb->nh.raw);
360 /* We are about to mangle packet header. Be careful!
361 Do not damage packets queued somewhere.
363 if (skb_cloned(skb)) {
364 struct sk_buff *skb2 = skb_copy(skb, GFP_ATOMIC);
366 /* the copy is a forwarded packet */
368 IP6_INC_STATS_BH(IPSTATS_MIB_OUTDISCARDS);
373 hdr = (struct ipv6_rt_hdr *) skb2->h.raw;
376 if (skb->ip_summed == CHECKSUM_COMPLETE)
377 skb->ip_summed = CHECKSUM_NONE;
379 i = n - --hdr->segments_left;
381 rthdr = (struct rt0_hdr *) hdr;
386 #ifdef CONFIG_IPV6_MIP6
387 case IPV6_SRCRT_TYPE_2:
388 if (xfrm6_input_addr(skb, (xfrm_address_t *)addr,
389 (xfrm_address_t *)&skb->nh.ipv6h->saddr,
390 IPPROTO_ROUTING) < 0) {
391 IP6_INC_STATS_BH(IPSTATS_MIB_INADDRERRORS);
395 if (!ipv6_chk_home_addr(addr)) {
396 IP6_INC_STATS_BH(IPSTATS_MIB_INADDRERRORS);
406 if (ipv6_addr_is_multicast(addr)) {
407 IP6_INC_STATS_BH(IPSTATS_MIB_INADDRERRORS);
412 ipv6_addr_copy(&daddr, addr);
413 ipv6_addr_copy(addr, &skb->nh.ipv6h->daddr);
414 ipv6_addr_copy(&skb->nh.ipv6h->daddr, &daddr);
416 dst_release(xchg(&skb->dst, NULL));
417 ip6_route_input(skb);
418 if (skb->dst->error) {
419 skb_push(skb, skb->data - skb->nh.raw);
424 if (skb->dst->dev->flags&IFF_LOOPBACK) {
425 if (skb->nh.ipv6h->hop_limit <= 1) {
426 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
427 icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
432 skb->nh.ipv6h->hop_limit--;
436 skb_push(skb, skb->data - skb->nh.raw);
441 static struct inet6_protocol rthdr_protocol = {
442 .handler = ipv6_rthdr_rcv,
443 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_GSO_EXTHDR,
446 void __init ipv6_rthdr_init(void)
448 if (inet6_add_protocol(&rthdr_protocol, IPPROTO_ROUTING) < 0)
449 printk(KERN_ERR "ipv6_rthdr_init: Could not register protocol\n");
453 This function inverts received rthdr.
454 NOTE: specs allow to make it automatically only if
455 packet authenticated.
457 I will not discuss it here (though, I am really pissed off at
458 this stupid requirement making rthdr idea useless)
460 Actually, it creates severe problems for us.
461 Embryonic requests has no associated sockets,
462 so that user have no control over it and
463 cannot not only to set reply options, but
464 even to know, that someone wants to connect
467 For now we need to test the engine, so that I created
468 temporary (or permanent) backdoor.
469 If listening socket set IPV6_RTHDR to 2, then we invert header.
473 struct ipv6_txoptions *
474 ipv6_invert_rthdr(struct sock *sk, struct ipv6_rt_hdr *hdr)
478 [ H1 -> H2 -> ... H_prev ] daddr=ME
481 [ H_prev -> ... -> H1 ] daddr =sender
483 Note, that IP output engine will rewrite this rthdr
484 by rotating it left by one addr.
488 struct rt0_hdr *rthdr = (struct rt0_hdr*)hdr;
489 struct rt0_hdr *irthdr;
490 struct ipv6_txoptions *opt;
491 int hdrlen = ipv6_optlen(hdr);
493 if (hdr->segments_left ||
494 hdr->type != IPV6_SRCRT_TYPE_0 ||
498 n = hdr->hdrlen >> 1;
499 opt = sock_kmalloc(sk, sizeof(*opt) + hdrlen, GFP_ATOMIC);
502 memset(opt, 0, sizeof(*opt));
503 opt->tot_len = sizeof(*opt) + hdrlen;
504 opt->srcrt = (void*)(opt+1);
505 opt->opt_nflen = hdrlen;
507 memcpy(opt->srcrt, hdr, sizeof(*hdr));
508 irthdr = (struct rt0_hdr*)opt->srcrt;
509 irthdr->reserved = 0;
510 opt->srcrt->segments_left = n;
512 memcpy(irthdr->addr+i, rthdr->addr+(n-1-i), 16);
516 EXPORT_SYMBOL_GPL(ipv6_invert_rthdr);
518 /**********************************
520 **********************************/
522 /* Router Alert as of RFC 2711 */
524 static int ipv6_hop_ra(struct sk_buff **skbp, int optoff)
526 struct sk_buff *skb = *skbp;
528 if (skb->nh.raw[optoff+1] == 2) {
529 IP6CB(skb)->ra = optoff;
532 LIMIT_NETDEBUG(KERN_DEBUG "ipv6_hop_ra: wrong RA length %d\n",
533 skb->nh.raw[optoff+1]);
540 static int ipv6_hop_jumbo(struct sk_buff **skbp, int optoff)
542 struct sk_buff *skb = *skbp;
545 if (skb->nh.raw[optoff+1] != 4 || (optoff&3) != 2) {
546 LIMIT_NETDEBUG(KERN_DEBUG "ipv6_hop_jumbo: wrong jumbo opt length/alignment %d\n",
547 skb->nh.raw[optoff+1]);
548 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
552 pkt_len = ntohl(*(u32*)(skb->nh.raw+optoff+2));
553 if (pkt_len <= IPV6_MAXPLEN) {
554 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
555 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff+2);
558 if (skb->nh.ipv6h->payload_len) {
559 IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
560 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff);
564 if (pkt_len > skb->len - sizeof(struct ipv6hdr)) {
565 IP6_INC_STATS_BH(IPSTATS_MIB_INTRUNCATEDPKTS);
569 if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr)))
579 static struct tlvtype_proc tlvprochopopt_lst[] = {
581 .type = IPV6_TLV_ROUTERALERT,
585 .type = IPV6_TLV_JUMBO,
586 .func = ipv6_hop_jumbo,
591 int ipv6_parse_hopopts(struct sk_buff **skbp)
593 struct sk_buff *skb = *skbp;
594 struct inet6_skb_parm *opt = IP6CB(skb);
597 * skb->nh.raw is equal to skb->data, and
598 * skb->h.raw - skb->nh.raw is always equal to
599 * sizeof(struct ipv6hdr) by definition of
600 * hop-by-hop options.
602 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr) + 8) ||
603 !pskb_may_pull(skb, sizeof(struct ipv6hdr) + ((skb->h.raw[1] + 1) << 3))) {
608 opt->hop = sizeof(struct ipv6hdr);
609 if (ip6_parse_tlv(tlvprochopopt_lst, skbp)) {
611 skb->h.raw += (skb->h.raw[1]+1)<<3;
612 opt->nhoff = sizeof(struct ipv6hdr);
619 * Creating outbound headers.
621 * "build" functions work when skb is filled from head to tail (datagram)
622 * "push" functions work when headers are added from tail to head (tcp)
624 * In both cases we assume, that caller reserved enough room
628 static void ipv6_push_rthdr(struct sk_buff *skb, u8 *proto,
629 struct ipv6_rt_hdr *opt,
630 struct in6_addr **addr_p)
632 struct rt0_hdr *phdr, *ihdr;
635 ihdr = (struct rt0_hdr *) opt;
637 phdr = (struct rt0_hdr *) skb_push(skb, (ihdr->rt_hdr.hdrlen + 1) << 3);
638 memcpy(phdr, ihdr, sizeof(struct rt0_hdr));
640 hops = ihdr->rt_hdr.hdrlen >> 1;
643 memcpy(phdr->addr, ihdr->addr + 1,
644 (hops - 1) * sizeof(struct in6_addr));
646 ipv6_addr_copy(phdr->addr + (hops - 1), *addr_p);
647 *addr_p = ihdr->addr;
649 phdr->rt_hdr.nexthdr = *proto;
650 *proto = NEXTHDR_ROUTING;
653 static void ipv6_push_exthdr(struct sk_buff *skb, u8 *proto, u8 type, struct ipv6_opt_hdr *opt)
655 struct ipv6_opt_hdr *h = (struct ipv6_opt_hdr *)skb_push(skb, ipv6_optlen(opt));
657 memcpy(h, opt, ipv6_optlen(opt));
662 void ipv6_push_nfrag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt,
664 struct in6_addr **daddr)
667 ipv6_push_rthdr(skb, proto, opt->srcrt, daddr);
669 * IPV6_RTHDRDSTOPTS is ignored
670 * unless IPV6_RTHDR is set (RFC3542).
673 ipv6_push_exthdr(skb, proto, NEXTHDR_DEST, opt->dst0opt);
676 ipv6_push_exthdr(skb, proto, NEXTHDR_HOP, opt->hopopt);
679 void ipv6_push_frag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt, u8 *proto)
682 ipv6_push_exthdr(skb, proto, NEXTHDR_DEST, opt->dst1opt);
685 struct ipv6_txoptions *
686 ipv6_dup_options(struct sock *sk, struct ipv6_txoptions *opt)
688 struct ipv6_txoptions *opt2;
690 opt2 = sock_kmalloc(sk, opt->tot_len, GFP_ATOMIC);
692 long dif = (char*)opt2 - (char*)opt;
693 memcpy(opt2, opt, opt->tot_len);
695 *((char**)&opt2->hopopt) += dif;
697 *((char**)&opt2->dst0opt) += dif;
699 *((char**)&opt2->dst1opt) += dif;
701 *((char**)&opt2->srcrt) += dif;
706 EXPORT_SYMBOL_GPL(ipv6_dup_options);
708 static int ipv6_renew_option(void *ohdr,
709 struct ipv6_opt_hdr __user *newopt, int newoptlen,
711 struct ipv6_opt_hdr **hdr,
716 memcpy(*p, ohdr, ipv6_optlen((struct ipv6_opt_hdr *)ohdr));
717 *hdr = (struct ipv6_opt_hdr *)*p;
718 *p += CMSG_ALIGN(ipv6_optlen(*(struct ipv6_opt_hdr **)hdr));
722 if (copy_from_user(*p, newopt, newoptlen))
724 *hdr = (struct ipv6_opt_hdr *)*p;
725 if (ipv6_optlen(*(struct ipv6_opt_hdr **)hdr) > newoptlen)
727 *p += CMSG_ALIGN(newoptlen);
733 struct ipv6_txoptions *
734 ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt,
736 struct ipv6_opt_hdr __user *newopt, int newoptlen)
740 struct ipv6_txoptions *opt2;
744 if (newtype != IPV6_HOPOPTS && opt->hopopt)
745 tot_len += CMSG_ALIGN(ipv6_optlen(opt->hopopt));
746 if (newtype != IPV6_RTHDRDSTOPTS && opt->dst0opt)
747 tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst0opt));
748 if (newtype != IPV6_RTHDR && opt->srcrt)
749 tot_len += CMSG_ALIGN(ipv6_optlen(opt->srcrt));
750 if (newtype != IPV6_DSTOPTS && opt->dst1opt)
751 tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst1opt));
754 if (newopt && newoptlen)
755 tot_len += CMSG_ALIGN(newoptlen);
760 tot_len += sizeof(*opt2);
761 opt2 = sock_kmalloc(sk, tot_len, GFP_ATOMIC);
763 return ERR_PTR(-ENOBUFS);
765 memset(opt2, 0, tot_len);
767 opt2->tot_len = tot_len;
768 p = (char *)(opt2 + 1);
770 err = ipv6_renew_option(opt ? opt->hopopt : NULL, newopt, newoptlen,
771 newtype != IPV6_HOPOPTS,
776 err = ipv6_renew_option(opt ? opt->dst0opt : NULL, newopt, newoptlen,
777 newtype != IPV6_RTHDRDSTOPTS,
782 err = ipv6_renew_option(opt ? opt->srcrt : NULL, newopt, newoptlen,
783 newtype != IPV6_RTHDR,
784 (struct ipv6_opt_hdr **)&opt2->srcrt, &p);
788 err = ipv6_renew_option(opt ? opt->dst1opt : NULL, newopt, newoptlen,
789 newtype != IPV6_DSTOPTS,
794 opt2->opt_nflen = (opt2->hopopt ? ipv6_optlen(opt2->hopopt) : 0) +
795 (opt2->dst0opt ? ipv6_optlen(opt2->dst0opt) : 0) +
796 (opt2->srcrt ? ipv6_optlen(opt2->srcrt) : 0);
797 opt2->opt_flen = (opt2->dst1opt ? ipv6_optlen(opt2->dst1opt) : 0);
801 sock_kfree_s(sk, opt2, opt2->tot_len);
805 struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space,
806 struct ipv6_txoptions *opt)
809 * ignore the dest before srcrt unless srcrt is being included.
812 if (opt && opt->dst0opt && !opt->srcrt) {
813 if (opt_space != opt) {
814 memcpy(opt_space, opt, sizeof(*opt_space));
817 opt->opt_nflen -= ipv6_optlen(opt->dst0opt);