struct rt0_hdr *rthdr;
int accept_source_route = ipv6_devconf.accept_source_route;
- if (accept_source_route < 0 ||
- ((idev = in6_dev_get(skb->dev)) == NULL)) {
- kfree_skb(skb);
- return -1;
- }
- if (idev->cnf.accept_source_route < 0) {
+ idev = in6_dev_get(skb->dev);
+ if (idev) {
+ if (accept_source_route > idev->cnf.accept_source_route)
+ accept_source_route = idev->cnf.accept_source_route;
in6_dev_put(idev);
- kfree_skb(skb);
- return -1;
}
- if (accept_source_route > idev->cnf.accept_source_route)
- accept_source_route = idev->cnf.accept_source_route;
-
- in6_dev_put(idev);
-
if (!pskb_may_pull(skb, skb_transport_offset(skb) + 8) ||
!pskb_may_pull(skb, (skb_transport_offset(skb) +
((skb_transport_header(skb)[1] + 1) << 3)))) {
hdr = (struct ipv6_rt_hdr *)skb_transport_header(skb);
- switch (hdr->type) {
-#ifdef CONFIG_IPV6_MIP6
- case IPV6_SRCRT_TYPE_2:
- break;
-#endif
- case IPV6_SRCRT_TYPE_0:
- if (accept_source_route > 0)
- break;
- kfree_skb(skb);
- return -1;
- default:
- IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
- IPSTATS_MIB_INHDRERRORS);
- icmpv6_param_prob(skb, ICMPV6_HDR_FIELD,
- (&hdr->type) - skb_network_header(skb));
- return -1;
- }
-
if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) ||
skb->pkt_type != PACKET_HOST) {
IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
}
switch (hdr->type) {
- case IPV6_SRCRT_TYPE_0:
- if (hdr->hdrlen & 0x01) {
- IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
- IPSTATS_MIB_INHDRERRORS);
- icmpv6_param_prob(skb, ICMPV6_HDR_FIELD,
- ((&hdr->hdrlen) -
- skb_network_header(skb)));
- return -1;
- }
- break;
#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
case IPV6_SRCRT_TYPE_2:
+ if (accept_source_route < 0)
+ goto unknown_rh;
/* Silently discard invalid RTH type 2 */
if (hdr->hdrlen != 2 || hdr->segments_left != 1) {
IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
}
break;
#endif
+ default:
+ goto unknown_rh;
}
/*
skb_push(skb, skb->data - skb_network_header(skb));
dst_input(skb);
return -1;
+
+unknown_rh:
+ IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), IPSTATS_MIB_INHDRERRORS);
+ icmpv6_param_prob(skb, ICMPV6_HDR_FIELD,
+ (&hdr->type) - skb_network_header(skb));
+ return -1;
}
static struct inet6_protocol rthdr_protocol = {
printk(KERN_ERR "ipv6_rthdr_init: Could not register protocol\n");
};
-/*
- This function inverts received rthdr.
- NOTE: specs allow to make it automatically only if
- packet authenticated.
-
- I will not discuss it here (though, I am really pissed off at
- this stupid requirement making rthdr idea useless)
-
- Actually, it creates severe problems for us.
- Embryonic requests has no associated sockets,
- so that user have no control over it and
- cannot not only to set reply options, but
- even to know, that someone wants to connect
- without success. :-(
-
- For now we need to test the engine, so that I created
- temporary (or permanent) backdoor.
- If listening socket set IPV6_RTHDR to 2, then we invert header.
- --ANK (980729)
- */
-
-struct ipv6_txoptions *
-ipv6_invert_rthdr(struct sock *sk, struct ipv6_rt_hdr *hdr)
-{
- /* Received rthdr:
-
- [ H1 -> H2 -> ... H_prev ] daddr=ME
-
- Inverted result:
- [ H_prev -> ... -> H1 ] daddr =sender
-
- Note, that IP output engine will rewrite this rthdr
- by rotating it left by one addr.
- */
-
- int n, i;
- struct rt0_hdr *rthdr = (struct rt0_hdr*)hdr;
- struct rt0_hdr *irthdr;
- struct ipv6_txoptions *opt;
- int hdrlen = ipv6_optlen(hdr);
-
- if (hdr->segments_left ||
- hdr->type != IPV6_SRCRT_TYPE_0 ||
- hdr->hdrlen & 0x01)
- return NULL;
-
- n = hdr->hdrlen >> 1;
- opt = sock_kmalloc(sk, sizeof(*opt) + hdrlen, GFP_ATOMIC);
- if (opt == NULL)
- return NULL;
- memset(opt, 0, sizeof(*opt));
- opt->tot_len = sizeof(*opt) + hdrlen;
- opt->srcrt = (void*)(opt+1);
- opt->opt_nflen = hdrlen;
-
- memcpy(opt->srcrt, hdr, sizeof(*hdr));
- irthdr = (struct rt0_hdr*)opt->srcrt;
- irthdr->reserved = 0;
- opt->srcrt->segments_left = n;
- for (i=0; i<n; i++)
- memcpy(irthdr->addr+i, rthdr->addr+(n-1-i), 16);
- return opt;
-}
-
-EXPORT_SYMBOL_GPL(ipv6_invert_rthdr);
-
/**********************************
Hop-by-hop options.
**********************************/