LXR linux/net/ipv6/ip6

   1/*
   2 *      IPv6 input
   3 *      Linux INET6 implementation
   4 *
   5 *      Authors:
   6 *      Pedro Roque             <roque@di.fc.ul.pt>
   7 *      Ian P. Morris           <I.P.Morris@soton.ac.uk>
   8 *
   9 *      Based in linux/net/ipv4/ip_input.c
  10 *
  11 *      This program is free software; you can redistribute it and/or
  12 *      modify it under the terms of the GNU General Public License
  13 *      as published by the Free Software Foundation; either version
  14 *      2 of the License, or (at your option) any later version.
  15 */
  16/* Changes
  17 *
  18 *      Mitsuru KANDA @USAGI and
  19 *      YOSHIFUJI Hideaki @USAGI: Remove ipv6_parse_exthdrs().
  20 */
  21
  22#include <linux/errno.h>
  23#include <linux/types.h>
  24#include <linux/socket.h>
  25#include <linux/sockios.h>
  26#include <linux/net.h>
  27#include <linux/netdevice.h>
  28#include <linux/in6.h>
  29#include <linux/icmpv6.h>
  30#include <linux/mroute6.h>
  31#include <linux/slab.h>
  32#include <linux/indirect_call_wrapper.h>
  33
  34#include <linux/netfilter.h>
  35#include <linux/netfilter_ipv6.h>
  36
  37#include <net/sock.h>
  38#include <net/snmp.h>
  39
  40#include <net/ipv6.h>
  41#include <net/protocol.h>
  42#include <net/transp_v6.h>
  43#include <net/rawv6.h>
  44#include <net/ndisc.h>
  45#include <net/ip6_route.h>
  46#include <net/addrconf.h>
  47#include <net/xfrm.h>
  48#include <net/inet_ecn.h>
  49#include <net/dst_metadata.h>
  50
  51INDIRECT_CALLABLE_DECLARE(void udp_v6_early_demux(struct sk_buff *));
  52INDIRECT_CALLABLE_DECLARE(void tcp_v6_early_demux(struct sk_buff *));
  53int ip6_rcv_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
  54{
  55        void (*edemux)(struct sk_buff *skb);
  56
  57        /* if ingress device is enslaved to an L3 master device pass the
  58         * skb to its handler for processing
  59         */
  60        skb = l3mdev_ip6_rcv(skb);
  61        if (!skb)
  62                return NET_RX_SUCCESS;
  63
  64        if (net->ipv4.sysctl_ip_early_demux && !skb_dst(skb) && skb->sk == NULL) {
  65                const struct inet6_protocol *ipprot;
  66
  67                ipprot = rcu_dereference(inet6_protos[ipv6_hdr(skb)->nexthdr]);
  68                if (ipprot && (edemux = READ_ONCE(ipprot->early_demux)))
  69                        INDIRECT_CALL_2(edemux, tcp_v6_early_demux,
  70                                        udp_v6_early_demux, skb);
  71        }
  72        if (!skb_valid_dst(skb))
  73                ip6_route_input(skb);
  74
  75        return dst_input(skb);
  76}
  77
  78int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev)
  79{
  80        const struct ipv6hdr *hdr;
  81        u32 pkt_len;
  82        struct inet6_dev *idev;
  83        struct net *net = dev_net(skb->dev);
  84
  85        if (skb->pkt_type == PACKET_OTHERHOST) {
  86                kfree_skb(skb);
  87                return NET_RX_DROP;
  88        }
  89
  90        rcu_read_lock();
  91
  92        idev = __in6_dev_get(skb->dev);
  93
  94        __IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_IN, skb->len);
  95
  96        if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL ||
  97            !idev || unlikely(idev->cnf.disable_ipv6)) {
  98                __IP6_INC_STATS(net, idev, IPSTATS_MIB_INDISCARDS);
  99                goto drop;
 100        }
 101
 102        memset(IP6CB(skb), 0, sizeof(struct inet6_skb_parm));
 103
 104        /*
 105         * Store incoming device index. When the packet will
 106         * be queued, we cannot refer to skb->dev anymore.
 107         *
 108         * BTW, when we send a packet for our own local address on a
 109         * non-loopback interface (e.g. ethX), it is being delivered
 110         * via the loopback interface (lo) here; skb->dev = loopback_dev.
 111         * It, however, should be considered as if it is being
 112         * arrived via the sending interface (ethX), because of the
 113         * nature of scoping architecture. --yoshfuji
 114         */
 115        IP6CB(skb)->iif = skb_valid_dst(skb) ? ip6_dst_idev(skb_dst(skb))->dev->ifindex : dev->ifindex;
 116
 117        if (unlikely(!pskb_may_pull(skb, sizeof(*hdr))))
 118                goto err;
 119
 120        hdr = ipv6_hdr(skb);
 121
 122        if (hdr->version != 6)
 123                goto err;
 124
 125        __IP6_ADD_STATS(net, idev,
 126                        IPSTATS_MIB_NOECTPKTS +
 127                                (ipv6_get_dsfield(hdr) & INET_ECN_MASK),
 128                        max_t(unsigned short, 1, skb_shinfo(skb)->gso_segs));
 129        /*
 130         * RFC4291 2.5.3
 131         * The loopback address must not be used as the source address in IPv6
 132         * packets that are sent outside of a single node. [..]
 133         * A packet received on an interface with a destination address
 134         * of loopback must be dropped.
 135         */
 136        if ((ipv6_addr_loopback(&hdr->saddr) ||
 137             ipv6_addr_loopback(&hdr->daddr)) &&
 138             !(dev->flags & IFF_LOOPBACK))
 139                goto err;
 140
 141        /* RFC4291 Errata ID: 3480
 142         * Interface-Local scope spans only a single interface on a
 143         * node and is useful only for loopback transmission of
 144         * multicast.  Packets with interface-local scope received
 145         * from another node must be discarded.
 146         */
 147        if (!(skb->pkt_type == PACKET_LOOPBACK ||
 148              dev->flags & IFF_LOOPBACK) &&
 149            ipv6_addr_is_multicast(&hdr->daddr) &&
 150            IPV6_ADDR_MC_SCOPE(&hdr->daddr) == 1)
 151                goto err;
 152
 153        /* If enabled, drop unicast packets that were encapsulated in link-layer
 154         * multicast or broadcast to protected against the so-called "hole-196"
 155         * attack in 802.11 wireless.
 156         */
 157        if (!ipv6_addr_is_multicast(&hdr->daddr) &&
 158            (skb->pkt_type == PACKET_BROADCAST ||
 159             skb->pkt_type == PACKET_MULTICAST) &&
 160            idev->cnf.drop_unicast_in_l2_multicast)
 161                goto err;
 162
 163        /* RFC4291 2.7
 164         * Nodes must not originate a packet to a multicast address whose scope
 165         * field contains the reserved value 0; if such a packet is received, it
 166         * must be silently dropped.
 167         */
 168        if (ipv6_addr_is_multicast(&hdr->daddr) &&
 169            IPV6_ADDR_MC_SCOPE(&hdr->daddr) == 0)
 170                goto err;
 171
 172        /*
 173         * RFC4291 2.7
 174         * Multicast addresses must not be used as source addresses in IPv6
 175         * packets or appear in any Routing header.
 176         */
 177        if (ipv6_addr_is_multicast(&hdr->saddr))
 178                goto err;
 179
 180        skb->transport_header = skb->network_header + sizeof(*hdr);
 181        IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr);
 182
 183        pkt_len = ntohs(hdr->payload_len);
 184
 185        /* pkt_len may be zero if Jumbo payload option is present */
 186        if (pkt_len || hdr->nexthdr != NEXTHDR_HOP) {
 187                if (pkt_len + sizeof(struct ipv6hdr) > skb->len) {
 188                        __IP6_INC_STATS(net,
 189                                        idev, IPSTATS_MIB_INTRUNCATEDPKTS);
 190                        goto drop;
 191                }
 192                if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr))) {
 193                        __IP6_INC_STATS(net, idev, IPSTATS_MIB_INHDRERRORS);
 194                        goto drop;
 195                }
 196                hdr = ipv6_hdr(skb);
 197        }
 198
 199        if (hdr->nexthdr == NEXTHDR_HOP) {
 200                if (ipv6_parse_hopopts(skb) < 0) {
 201                        __IP6_INC_STATS(net, idev, IPSTATS_MIB_INHDRERRORS);
 202                        rcu_read_unlock();
 203                        return NET_RX_DROP;
 204                }
 205        }
 206
 207        rcu_read_unlock();
 208
 209        /* Must drop socket now because of tproxy. */
 210        skb_orphan(skb);
 211
 212        return NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING,
 213                       net, NULL, skb, dev, NULL,
 214                       ip6_rcv_finish);
 215err:
 216        __IP6_INC_STATS(net, idev, IPSTATS_MIB_INHDRERRORS);
 217drop:
 218        rcu_read_unlock();
 219        kfree_skb(skb);
 220        return NET_RX_DROP;
 221}
 222
 223INDIRECT_CALLABLE_DECLARE(int udpv6_rcv(struct sk_buff *));
 224INDIRECT_CALLABLE_DECLARE(int tcp_v6_rcv(struct sk_buff *));
 225
 226/*
 227 *      Deliver the packet to the host
 228 */
 229
 230
 231static int ip6_input_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
 232{
 233        const struct inet6_protocol *ipprot;
 234        struct inet6_dev *idev;
 235        unsigned int nhoff;
 236        int nexthdr;
 237        bool raw;
 238        bool have_final = false;
 239
 240        /*
 241         *      Parse extension headers
 242         */
 243
 244        rcu_read_lock();
 245resubmit:
 246        idev = ip6_dst_idev(skb_dst(skb));
 247        if (!pskb_pull(skb, skb_transport_offset(skb)))
 248                goto discard;
 249        nhoff = IP6CB(skb)->nhoff;
 250        nexthdr = skb_network_header(skb)[nhoff];
 251
 252resubmit_final:
 253        raw = raw6_local_deliver(skb, nexthdr);
 254        ipprot = rcu_dereference(inet6_protos[nexthdr]);
 255        if (ipprot) {
 256                int ret;
 257
 258                if (have_final) {
 259                        if (!(ipprot->flags & INET6_PROTO_FINAL)) {
 260                                /* Once we've seen a final protocol don't
 261                                 * allow encapsulation on any non-final
 262                                 * ones. This allows foo in UDP encapsulation
 263                                 * to work.
 264                                 */
 265                                goto discard;
 266                        }
 267                } else if (ipprot->flags & INET6_PROTO_FINAL) {
 268                        const struct ipv6hdr *hdr;
 269
 270                        /* Only do this once for first final protocol */
 271                        have_final = true;
 272
 273                        /* Free reference early: we don't need it any more,
 274                           and it may hold ip_conntrack module loaded
 275                           indefinitely. */
 276                        nf_reset(skb);
 277
 278                        skb_postpull_rcsum(skb, skb_network_header(skb),
 279                                           skb_network_header_len(skb));
 280                        hdr = ipv6_hdr(skb);
 281                        if (ipv6_addr_is_multicast(&hdr->daddr) &&
 282                            !ipv6_chk_mcast_addr(skb->dev, &hdr->daddr,
 283                            &hdr->saddr) &&
 284                            !ipv6_is_mld(skb, nexthdr, skb_network_header_len(skb)))
 285                                goto discard;
 286                }
 287                if (!(ipprot->flags & INET6_PROTO_NOPOLICY) &&
 288                    !xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
 289                        goto discard;
 290
 291                ret = INDIRECT_CALL_2(ipprot->handler, tcp_v6_rcv, udpv6_rcv,
 292                                      skb);
 293                if (ret > 0) {
 294                        if (ipprot->flags & INET6_PROTO_FINAL) {
 295                                /* Not an extension header, most likely UDP
 296                                 * encapsulation. Use return value as nexthdr
 297                                 * protocol not nhoff (which presumably is
 298                                 * not set by handler).
 299                                 */
 300                                nexthdr = ret;
 301                                goto resubmit_final;
 302                        } else {
 303                                goto resubmit;
 304                        }
 305                } else if (ret == 0) {
 306                        __IP6_INC_STATS(net, idev, IPSTATS_MIB_INDELIVERS);
 307                }
 308        } else {
 309                if (!raw) {
 310                        if (xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
 311                                __IP6_INC_STATS(net, idev,
 312                                                IPSTATS_MIB_INUNKNOWNPROTOS);
 313                                icmpv6_send(skb, ICMPV6_PARAMPROB,
 314                                            ICMPV6_UNK_NEXTHDR, nhoff);
 315                        }
 316                        kfree_skb(skb);
 317                } else {
 318                        __IP6_INC_STATS(net, idev, IPSTATS_MIB_INDELIVERS);
 319                        consume_skb(skb);
 320                }
 321        }
 322        rcu_read_unlock();
 323        return 0;
 324
 325discard:
 326        __IP6_INC_STATS(net, idev, IPSTATS_MIB_INDISCARDS);
 327        rcu_read_unlock();
 328        kfree_skb(skb);
 329        return 0;
 330}
 331
 332
 333int ip6_input(struct sk_buff *skb)
 334{
 335        return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_IN,
 336                       dev_net(skb->dev), NULL, skb, skb->dev, NULL,
 337                       ip6_input_finish);
 338}
 339EXPORT_SYMBOL_GPL(ip6_input);
 340
 341int ip6_mc_input(struct sk_buff *skb)
 342{
 343        const struct ipv6hdr *hdr;
 344        bool deliver;
 345
 346        __IP6_UPD_PO_STATS(dev_net(skb_dst(skb)->dev),
 347                         __in6_dev_get_safely(skb->dev), IPSTATS_MIB_INMCAST,
 348                         skb->len);
 349
 350        hdr = ipv6_hdr(skb);
 351        deliver = ipv6_chk_mcast_addr(skb->dev, &hdr->daddr, NULL);
 352
 353#ifdef CONFIG_IPV6_MROUTE
 354        /*
 355         *      IPv6 multicast router mode is now supported ;)
 356         */
 357        if (dev_net(skb->dev)->ipv6.devconf_all->mc_forwarding &&
 358            !(ipv6_addr_type(&hdr->daddr) &
 359              (IPV6_ADDR_LOOPBACK|IPV6_ADDR_LINKLOCAL)) &&
 360            likely(!(IP6CB(skb)->flags & IP6SKB_FORWARDED))) {
 361                /*
 362                 * Okay, we try to forward - split and duplicate
 363                 * packets.
 364                 */
 365                struct sk_buff *skb2;
 366                struct inet6_skb_parm *opt = IP6CB(skb);
 367
 368                /* Check for MLD */
 369                if (unlikely(opt->flags & IP6SKB_ROUTERALERT)) {
 370                        /* Check if this is a mld message */
 371                        u8 nexthdr = hdr->nexthdr;
 372                        __be16 frag_off;
 373                        int offset;
 374
 375                        /* Check if the value of Router Alert
 376                         * is for MLD (0x0000).
 377                         */
 378                        if (opt->ra == htons(IPV6_OPT_ROUTERALERT_MLD)) {
 379                                deliver = false;
 380
 381                                if (!ipv6_ext_hdr(nexthdr)) {
 382                                        /* BUG */
 383                                        goto out;
 384                                }
 385                                offset = ipv6_skip_exthdr(skb, sizeof(*hdr),
 386                                                          &nexthdr, &frag_off);
 387                                if (offset < 0)
 388                                        goto out;
 389
 390                                if (ipv6_is_mld(skb, nexthdr, offset))
 391                                        deliver = true;
 392
 393                                goto out;
 394                        }
 395                        /* unknown RA - process it normally */
 396                }
 397
 398                if (deliver)
 399                        skb2 = skb_clone(skb, GFP_ATOMIC);
 400                else {
 401                        skb2 = skb;
 402                        skb = NULL;
 403                }
 404
 405                if (skb2) {
 406                        ip6_mr_input(skb2);
 407                }
 408        }
 409out:
 410#endif
 411        if (likely(deliver))
 412                ip6_input(skb);
 413        else {
 414                /* discard */
 415                kfree_skb(skb);
 416        }
 417
 418        return 0;
 419}
 420