LXR linux/net/ipv4/ip

   1/*
   2 * INET         An implementation of the TCP/IP protocol suite for the LINUX
   3 *              operating system.  INET is implemented using the  BSD Socket
   4 *              interface as the means of communication with the user level.
   5 *
   6 *              The Internet Protocol (IP) module.
   7 *
   8 * Authors:     Ross Biro
   9 *              Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
  10 *              Donald Becker, <becker@super.org>
  11 *              Alan Cox, <alan@lxorguk.ukuu.org.uk>
  12 *              Richard Underwood
  13 *              Stefan Becker, <stefanb@yello.ping.de>
  14 *              Jorge Cwik, <jorge@laser.satlink.net>
  15 *              Arnt Gulbrandsen, <agulbra@nvg.unit.no>
  16 *
  17 *
  18 * Fixes:
  19 *              Alan Cox        :       Commented a couple of minor bits of surplus code
  20 *              Alan Cox        :       Undefining IP_FORWARD doesn't include the code
  21 *                                      (just stops a compiler warning).
  22 *              Alan Cox        :       Frames with >=MAX_ROUTE record routes, strict routes or loose routes
  23 *                                      are junked rather than corrupting things.
  24 *              Alan Cox        :       Frames to bad broadcast subnets are dumped
  25 *                                      We used to process them non broadcast and
  26 *                                      boy could that cause havoc.
  27 *              Alan Cox        :       ip_forward sets the free flag on the
  28 *                                      new frame it queues. Still crap because
  29 *                                      it copies the frame but at least it
  30 *                                      doesn't eat memory too.
  31 *              Alan Cox        :       Generic queue code and memory fixes.
  32 *              Fred Van Kempen :       IP fragment support (borrowed from NET2E)
  33 *              Gerhard Koerting:       Forward fragmented frames correctly.
  34 *              Gerhard Koerting:       Fixes to my fix of the above 8-).
  35 *              Gerhard Koerting:       IP interface addressing fix.
  36 *              Linus Torvalds  :       More robustness checks
  37 *              Alan Cox        :       Even more checks: Still not as robust as it ought to be
  38 *              Alan Cox        :       Save IP header pointer for later
  39 *              Alan Cox        :       ip option setting
  40 *              Alan Cox        :       Use ip_tos/ip_ttl settings
  41 *              Alan Cox        :       Fragmentation bogosity removed
  42 *                                      (Thanks to Mark.Bush@prg.ox.ac.uk)
  43 *              Dmitry Gorodchanin :    Send of a raw packet crash fix.
  44 *              Alan Cox        :       Silly ip bug when an overlength
  45 *                                      fragment turns up. Now frees the
  46 *                                      queue.
  47 *              Linus Torvalds/ :       Memory leakage on fragmentation
  48 *              Alan Cox        :       handling.
  49 *              Gerhard Koerting:       Forwarding uses IP priority hints
  50 *              Teemu Rantanen  :       Fragment problems.
  51 *              Alan Cox        :       General cleanup, comments and reformat
  52 *              Alan Cox        :       SNMP statistics
  53 *              Alan Cox        :       BSD address rule semantics. Also see
  54 *                                      UDP as there is a nasty checksum issue
  55 *                                      if you do things the wrong way.
  56 *              Alan Cox        :       Always defrag, moved IP_FORWARD to the config.in file
  57 *              Alan Cox        :       IP options adjust sk->priority.
  58 *              Pedro Roque     :       Fix mtu/length error in ip_forward.
  59 *              Alan Cox        :       Avoid ip_chk_addr when possible.
  60 *      Richard Underwood       :       IP multicasting.
  61 *              Alan Cox        :       Cleaned up multicast handlers.
  62 *              Alan Cox        :       RAW sockets demultiplex in the BSD style.
  63 *              Gunther Mayer   :       Fix the SNMP reporting typo
  64 *              Alan Cox        :       Always in group 224.0.0.1
  65 *      Pauline Middelink       :       Fast ip_checksum update when forwarding
  66 *                                      Masquerading support.
  67 *              Alan Cox        :       Multicast loopback error for 224.0.0.1
  68 *              Alan Cox        :       IP_MULTICAST_LOOP option.
  69 *              Alan Cox        :       Use notifiers.
  70 *              Bjorn Ekwall    :       Removed ip_csum (from slhc.c too)
  71 *              Bjorn Ekwall    :       Moved ip_fast_csum to ip.h (inline!)
  72 *              Stefan Becker   :       Send out ICMP HOST REDIRECT
  73 *      Arnt Gulbrandsen        :       ip_build_xmit
  74 *              Alan Cox        :       Per socket routing cache
  75 *              Alan Cox        :       Fixed routing cache, added header cache.
  76 *              Alan Cox        :       Loopback didn't work right in original ip_build_xmit - fixed it.
  77 *              Alan Cox        :       Only send ICMP_REDIRECT if src/dest are the same net.
  78 *              Alan Cox        :       Incoming IP option handling.
  79 *              Alan Cox        :       Set saddr on raw output frames as per BSD.
  80 *              Alan Cox        :       Stopped broadcast source route explosions.
  81 *              Alan Cox        :       Can disable source routing
  82 *              Takeshi Sone    :       Masquerading didn't work.
  83 *      Dave Bonn,Alan Cox      :       Faster IP forwarding whenever possible.
  84 *              Alan Cox        :       Memory leaks, tramples, misc debugging.
  85 *              Alan Cox        :       Fixed multicast (by popular demand 8))
  86 *              Alan Cox        :       Fixed forwarding (by even more popular demand 8))
  87 *              Alan Cox        :       Fixed SNMP statistics [I think]
  88 *      Gerhard Koerting        :       IP fragmentation forwarding fix
  89 *              Alan Cox        :       Device lock against page fault.
  90 *              Alan Cox        :       IP_HDRINCL facility.
  91 *      Werner Almesberger      :       Zero fragment bug
  92 *              Alan Cox        :       RAW IP frame length bug
  93 *              Alan Cox        :       Outgoing firewall on build_xmit
  94 *              A.N.Kuznetsov   :       IP_OPTIONS support throughout the kernel
  95 *              Alan Cox        :       Multicast routing hooks
  96 *              Jos Vos         :       Do accounting *before* call_in_firewall
  97 *      Willy Konynenberg       :       Transparent proxying support
  98 *
  99 *
 100 *
 101 * To Fix:
 102 *              IP fragmentation wants rewriting cleanly. The RFC815 algorithm is much more efficient
 103 *              and could be made very efficient with the addition of some virtual memory hacks to permit
 104 *              the allocation of a buffer that can then be 'grown' by twiddling page tables.
 105 *              Output fragmentation wants updating along with the buffer management to use a single
 106 *              interleaved copy algorithm so that fragmenting has a one copy overhead. Actual packet
 107 *              output should probably do its own fragmentation at the UDP/RAW layer. TCP shouldn't cause
 108 *              fragmentation anyway.
 109 *
 110 *              This program is free software; you can redistribute it and/or
 111 *              modify it under the terms of the GNU General Public License
 112 *              as published by the Free Software Foundation; either version
 113 *              2 of the License, or (at your option) any later version.
 114 */
 115
 116#define pr_fmt(fmt) "IPv4: " fmt
 117
 118#include <linux/module.h>
 119#include <linux/types.h>
 120#include <linux/kernel.h>
 121#include <linux/string.h>
 122#include <linux/errno.h>
 123#include <linux/slab.h>
 124
 125#include <linux/net.h>
 126#include <linux/socket.h>
 127#include <linux/sockios.h>
 128#include <linux/in.h>
 129#include <linux/inet.h>
 130#include <linux/inetdevice.h>
 131#include <linux/netdevice.h>
 132#include <linux/etherdevice.h>
 133
 134#include <net/snmp.h>
 135#include <net/ip.h>
 136#include <net/protocol.h>
 137#include <net/route.h>
 138#include <linux/skbuff.h>
 139#include <net/sock.h>
 140#include <net/arp.h>
 141#include <net/icmp.h>
 142#include <net/raw.h>
 143#include <net/checksum.h>
 144#include <linux/netfilter_ipv4.h>
 145#include <net/xfrm.h>
 146#include <linux/mroute.h>
 147#include <linux/netlink.h>
 148
 149/*
 150 *      Process Router Attention IP option (RFC 2113)
 151 */
 152bool ip_call_ra_chain(struct sk_buff *skb)
 153{
 154        struct ip_ra_chain *ra;
 155        u8 protocol = ip_hdr(skb)->protocol;
 156        struct sock *last = NULL;
 157        struct net_device *dev = skb->dev;
 158
 159        for (ra = rcu_dereference(ip_ra_chain); ra; ra = rcu_dereference(ra->next)) {
 160                struct sock *sk = ra->sk;
 161
 162                /* If socket is bound to an interface, only report
 163                 * the packet if it came  from that interface.
 164                 */
 165                if (sk && inet_sk(sk)->inet_num == protocol &&
 166                    (!sk->sk_bound_dev_if ||
 167                     sk->sk_bound_dev_if == dev->ifindex) &&
 168                    net_eq(sock_net(sk), dev_net(dev))) {
 169                        if (ip_is_fragment(ip_hdr(skb))) {
 170                                if (ip_defrag(skb, IP_DEFRAG_CALL_RA_CHAIN))
 171                                        return true;
 172                        }
 173                        if (last) {
 174                                struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
 175                                if (skb2)
 176                                        raw_rcv(last, skb2);
 177                        }
 178                        last = sk;
 179                }
 180        }
 181
 182        if (last) {
 183                raw_rcv(last, skb);
 184                return true;
 185        }
 186        return false;
 187}
 188
 189static int ip_local_deliver_finish(struct sk_buff *skb)
 190{
 191        struct net *net = dev_net(skb->dev);
 192
 193        __skb_pull(skb, ip_hdrlen(skb));
 194
 195        /* Point into the IP datagram, just past the header. */
 196        skb_reset_transport_header(skb);
 197
 198        rcu_read_lock();
 199        {
 200                int protocol = ip_hdr(skb)->protocol;
 201                const struct net_protocol *ipprot;
 202                int raw;
 203
 204        resubmit:
 205                raw = raw_local_deliver(skb, protocol);
 206
 207                ipprot = rcu_dereference(inet_protos[protocol]);
 208                if (ipprot != NULL) {
 209                        int ret;
 210
 211                        if (!net_eq(net, &init_net) && !ipprot->netns_ok) {
 212                                net_info_ratelimited("%s: proto %d isn't netns-ready\n",
 213                                                     __func__, protocol);
 214                                kfree_skb(skb);
 215                                goto out;
 216                        }
 217
 218                        if (!ipprot->no_policy) {
 219                                if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
 220                                        kfree_skb(skb);
 221                                        goto out;
 222                                }
 223                                nf_reset(skb);
 224                        }
 225                        ret = ipprot->handler(skb);
 226                        if (ret < 0) {
 227                                protocol = -ret;
 228                                goto resubmit;
 229                        }
 230                        IP_INC_STATS_BH(net, IPSTATS_MIB_INDELIVERS);
 231                } else {
 232                        if (!raw) {
 233                                if (xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
 234                                        IP_INC_STATS_BH(net, IPSTATS_MIB_INUNKNOWNPROTOS);
 235                                        icmp_send(skb, ICMP_DEST_UNREACH,
 236                                                  ICMP_PROT_UNREACH, 0);
 237                                }
 238                        } else
 239                                IP_INC_STATS_BH(net, IPSTATS_MIB_INDELIVERS);
 240                        kfree_skb(skb);
 241                }
 242        }
 243 out:
 244        rcu_read_unlock();
 245
 246        return 0;
 247}
 248
 249/*
 250 *      Deliver IP Packets to the higher protocol layers.
 251 */
 252int ip_local_deliver(struct sk_buff *skb)
 253{
 254        /*
 255         *      Reassemble IP fragments.
 256         */
 257
 258        if (ip_is_fragment(ip_hdr(skb))) {
 259                if (ip_defrag(skb, IP_DEFRAG_LOCAL_DELIVER))
 260                        return 0;
 261        }
 262
 263        return NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_IN, skb, skb->dev, NULL,
 264                       ip_local_deliver_finish);
 265}
 266
 267static inline bool ip_rcv_options(struct sk_buff *skb)
 268{
 269        struct ip_options *opt;
 270        const struct iphdr *iph;
 271        struct net_device *dev = skb->dev;
 272
 273        /* It looks as overkill, because not all
 274           IP options require packet mangling.
 275           But it is the easiest for now, especially taking
 276           into account that combination of IP options
 277           and running sniffer is extremely rare condition.
 278                                              --ANK (980813)
 279        */
 280        if (skb_cow(skb, skb_headroom(skb))) {
 281                IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INDISCARDS);
 282                goto drop;
 283        }
 284
 285        iph = ip_hdr(skb);
 286        opt = &(IPCB(skb)->opt);
 287        opt->optlen = iph->ihl*4 - sizeof(struct iphdr);
 288
 289        if (ip_options_compile(dev_net(dev), opt, skb)) {
 290                IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INHDRERRORS);
 291                goto drop;
 292        }
 293
 294        if (unlikely(opt->srr)) {
 295                struct in_device *in_dev = __in_dev_get_rcu(dev);
 296
 297                if (in_dev) {
 298                        if (!IN_DEV_SOURCE_ROUTE(in_dev)) {
 299                                if (IN_DEV_LOG_MARTIANS(in_dev))
 300                                        net_info_ratelimited("source route option %pI4 -> %pI4\n",
 301                                                             &iph->saddr,
 302                                                             &iph->daddr);
 303                                goto drop;
 304                        }
 305                }
 306
 307                if (ip_options_rcv_srr(skb))
 308                        goto drop;
 309        }
 310
 311        return false;
 312drop:
 313        return true;
 314}
 315
 316int sysctl_ip_early_demux __read_mostly = 1;
 317EXPORT_SYMBOL(sysctl_ip_early_demux);
 318
 319static int ip_rcv_finish(struct sk_buff *skb)
 320{
 321        const struct iphdr *iph = ip_hdr(skb);
 322        struct rtable *rt;
 323
 324        if (sysctl_ip_early_demux && !skb_dst(skb)) {
 325                const struct net_protocol *ipprot;
 326                int protocol = iph->protocol;
 327
 328                ipprot = rcu_dereference(inet_protos[protocol]);
 329                if (ipprot && ipprot->early_demux) {
 330                        ipprot->early_demux(skb);
 331                        /* must reload iph, skb->head might have changed */
 332                        iph = ip_hdr(skb);
 333                }
 334        }
 335
 336        /*
 337         *      Initialise the virtual path cache for the packet. It describes
 338         *      how the packet travels inside Linux networking.
 339         */
 340        if (!skb_dst(skb)) {
 341                int err = ip_route_input_noref(skb, iph->daddr, iph->saddr,
 342                                               iph->tos, skb->dev);
 343                if (unlikely(err)) {
 344                        if (err == -EXDEV)
 345                                NET_INC_STATS_BH(dev_net(skb->dev),
 346                                                 LINUX_MIB_IPRPFILTER);
 347                        goto drop;
 348                }
 349        }
 350
 351#ifdef CONFIG_IP_ROUTE_CLASSID
 352        if (unlikely(skb_dst(skb)->tclassid)) {
 353                struct ip_rt_acct *st = this_cpu_ptr(ip_rt_acct);
 354                u32 idx = skb_dst(skb)->tclassid;
 355                st[idx&0xFF].o_packets++;
 356                st[idx&0xFF].o_bytes += skb->len;
 357                st[(idx>>16)&0xFF].i_packets++;
 358                st[(idx>>16)&0xFF].i_bytes += skb->len;
 359        }
 360#endif
 361
 362        if (iph->ihl > 5 && ip_rcv_options(skb))
 363                goto drop;
 364
 365        rt = skb_rtable(skb);
 366        if (rt->rt_type == RTN_MULTICAST) {
 367                IP_UPD_PO_STATS_BH(dev_net(rt->dst.dev), IPSTATS_MIB_INMCAST,
 368                                skb->len);
 369        } else if (rt->rt_type == RTN_BROADCAST)
 370                IP_UPD_PO_STATS_BH(dev_net(rt->dst.dev), IPSTATS_MIB_INBCAST,
 371                                skb->len);
 372
 373        return dst_input(skb);
 374
 375drop:
 376        kfree_skb(skb);
 377        return NET_RX_DROP;
 378}
 379
 380/*
 381 *      Main IP Receive routine.
 382 */
 383int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev)
 384{
 385        const struct iphdr *iph;
 386        u32 len;
 387
 388        /* When the interface is in promisc. mode, drop all the crap
 389         * that it receives, do not try to analyse it.
 390         */
 391        if (skb->pkt_type == PACKET_OTHERHOST)
 392                goto drop;
 393
 394
 395        IP_UPD_PO_STATS_BH(dev_net(dev), IPSTATS_MIB_IN, skb->len);
 396
 397        if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) {
 398                IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INDISCARDS);
 399                goto out;
 400        }
 401
 402        if (!pskb_may_pull(skb, sizeof(struct iphdr)))
 403                goto inhdr_error;
 404
 405        iph = ip_hdr(skb);
 406
 407        /*
 408         *      RFC1122: 3.2.1.2 MUST silently discard any IP frame that fails the checksum.
 409         *
 410         *      Is the datagram acceptable?
 411         *
 412         *      1.      Length at least the size of an ip header
 413         *      2.      Version of 4
 414         *      3.      Checksums correctly. [Speed optimisation for later, skip loopback checksums]
 415         *      4.      Doesn't have a bogus length
 416         */
 417
 418        if (iph->ihl < 5 || iph->version != 4)
 419                goto inhdr_error;
 420
 421        if (!pskb_may_pull(skb, iph->ihl*4))
 422                goto inhdr_error;
 423
 424        iph = ip_hdr(skb);
 425
 426        if (unlikely(ip_fast_csum((u8 *)iph, iph->ihl)))
 427                goto inhdr_error;
 428
 429        len = ntohs(iph->tot_len);
 430        if (skb->len < len) {
 431                IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INTRUNCATEDPKTS);
 432                goto drop;
 433        } else if (len < (iph->ihl*4))
 434                goto inhdr_error;
 435
 436        /* Our transport medium may have padded the buffer out. Now we know it
 437         * is IP we can trim to the true length of the frame.
 438         * Note this now means skb->len holds ntohs(iph->tot_len).
 439         */
 440        if (pskb_trim_rcsum(skb, len)) {
 441                IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INDISCARDS);
 442                goto drop;
 443        }
 444
 445        /* Remove any debris in the socket control block */
 446        memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
 447
 448        /* Must drop socket now because of tproxy. */
 449        skb_orphan(skb);
 450
 451        return NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, skb, dev, NULL,
 452                       ip_rcv_finish);
 453
 454inhdr_error:
 455        IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INHDRERRORS);
 456drop:
 457        kfree_skb(skb);
 458out:
 459        return NET_RX_DROP;
 460}
 461