LXR linux/include/net/ipv6.h

   1/*
   2 *      Linux INET6 implementation
   3 *
   4 *      Authors:
   5 *      Pedro Roque             <roque@di.fc.ul.pt>
   6 *
   7 *      This program is free software; you can redistribute it and/or
   8 *      modify it under the terms of the GNU General Public License
   9 *      as published by the Free Software Foundation; either version
  10 *      2 of the License, or (at your option) any later version.
  11 */
  12
  13#ifndef _NET_IPV6_H
  14#define _NET_IPV6_H
  15
  16#include <linux/ipv6.h>
  17#include <linux/hardirq.h>
  18#include <linux/jhash.h>
  19#include <linux/refcount.h>
  20#include <net/if_inet6.h>
  21#include <net/ndisc.h>
  22#include <net/flow.h>
  23#include <net/flow_dissector.h>
  24#include <net/snmp.h>
  25#include <net/netns/hash.h>
  26
  27#define SIN6_LEN_RFC2133        24
  28
  29#define IPV6_MAXPLEN            65535
  30
  31/*
  32 *      NextHeader field of IPv6 header
  33 */
  34
  35#define NEXTHDR_HOP             0       /* Hop-by-hop option header. */
  36#define NEXTHDR_TCP             6       /* TCP segment. */
  37#define NEXTHDR_UDP             17      /* UDP message. */
  38#define NEXTHDR_IPV6            41      /* IPv6 in IPv6 */
  39#define NEXTHDR_ROUTING         43      /* Routing header. */
  40#define NEXTHDR_FRAGMENT        44      /* Fragmentation/reassembly header. */
  41#define NEXTHDR_GRE             47      /* GRE header. */
  42#define NEXTHDR_ESP             50      /* Encapsulating security payload. */
  43#define NEXTHDR_AUTH            51      /* Authentication header. */
  44#define NEXTHDR_ICMP            58      /* ICMP for IPv6. */
  45#define NEXTHDR_NONE            59      /* No next header */
  46#define NEXTHDR_DEST            60      /* Destination options header. */
  47#define NEXTHDR_SCTP            132     /* SCTP message. */
  48#define NEXTHDR_MOBILITY        135     /* Mobility header. */
  49
  50#define NEXTHDR_MAX             255
  51
  52#define IPV6_DEFAULT_HOPLIMIT   64
  53#define IPV6_DEFAULT_MCASTHOPS  1
  54
  55/* Limits on Hop-by-Hop and Destination options.
  56 *
  57 * Per RFC8200 there is no limit on the maximum number or lengths of options in
  58 * Hop-by-Hop or Destination options other then the packet must fit in an MTU.
  59 * We allow configurable limits in order to mitigate potential denial of
  60 * service attacks.
  61 *
  62 * There are three limits that may be set:
  63 *   - Limit the number of options in a Hop-by-Hop or Destination options
  64 *     extension header
  65 *   - Limit the byte length of a Hop-by-Hop or Destination options extension
  66 *     header
  67 *   - Disallow unknown options
  68 *
  69 * The limits are expressed in corresponding sysctls:
  70 *
  71 * ipv6.sysctl.max_dst_opts_cnt
  72 * ipv6.sysctl.max_hbh_opts_cnt
  73 * ipv6.sysctl.max_dst_opts_len
  74 * ipv6.sysctl.max_hbh_opts_len
  75 *
  76 * max_*_opts_cnt is the number of TLVs that are allowed for Destination
  77 * options or Hop-by-Hop options. If the number is less than zero then unknown
  78 * TLVs are disallowed and the number of known options that are allowed is the
  79 * absolute value. Setting the value to INT_MAX indicates no limit.
  80 *
  81 * max_*_opts_len is the length limit in bytes of a Destination or
  82 * Hop-by-Hop options extension header. Setting the value to INT_MAX
  83 * indicates no length limit.
  84 *
  85 * If a limit is exceeded when processing an extension header the packet is
  86 * silently discarded.
  87 */
  88
  89/* Default limits for Hop-by-Hop and Destination options */
  90#define IP6_DEFAULT_MAX_DST_OPTS_CNT     8
  91#define IP6_DEFAULT_MAX_HBH_OPTS_CNT     8
  92#define IP6_DEFAULT_MAX_DST_OPTS_LEN     INT_MAX /* No limit */
  93#define IP6_DEFAULT_MAX_HBH_OPTS_LEN     INT_MAX /* No limit */
  94
  95/*
  96 *      Addr type
  97 *      
  98 *      type    -       unicast | multicast
  99 *      scope   -       local   | site      | global
 100 *      v4      -       compat
 101 *      v4mapped
 102 *      any
 103 *      loopback
 104 */
 105
 106#define IPV6_ADDR_ANY           0x0000U
 107
 108#define IPV6_ADDR_UNICAST       0x0001U 
 109#define IPV6_ADDR_MULTICAST     0x0002U 
 110
 111#define IPV6_ADDR_LOOPBACK      0x0010U
 112#define IPV6_ADDR_LINKLOCAL     0x0020U
 113#define IPV6_ADDR_SITELOCAL     0x0040U
 114
 115#define IPV6_ADDR_COMPATv4      0x0080U
 116
 117#define IPV6_ADDR_SCOPE_MASK    0x00f0U
 118
 119#define IPV6_ADDR_MAPPED        0x1000U
 120
 121/*
 122 *      Addr scopes
 123 */
 124#define IPV6_ADDR_MC_SCOPE(a)   \
 125        ((a)->s6_addr[1] & 0x0f)        /* nonstandard */
 126#define __IPV6_ADDR_SCOPE_INVALID       -1
 127#define IPV6_ADDR_SCOPE_NODELOCAL       0x01
 128#define IPV6_ADDR_SCOPE_LINKLOCAL       0x02
 129#define IPV6_ADDR_SCOPE_SITELOCAL       0x05
 130#define IPV6_ADDR_SCOPE_ORGLOCAL        0x08
 131#define IPV6_ADDR_SCOPE_GLOBAL          0x0e
 132
 133/*
 134 *      Addr flags
 135 */
 136#define IPV6_ADDR_MC_FLAG_TRANSIENT(a)  \
 137        ((a)->s6_addr[1] & 0x10)
 138#define IPV6_ADDR_MC_FLAG_PREFIX(a)     \
 139        ((a)->s6_addr[1] & 0x20)
 140#define IPV6_ADDR_MC_FLAG_RENDEZVOUS(a) \
 141        ((a)->s6_addr[1] & 0x40)
 142
 143/*
 144 *      fragmentation header
 145 */
 146
 147struct frag_hdr {
 148        __u8    nexthdr;
 149        __u8    reserved;
 150        __be16  frag_off;
 151        __be32  identification;
 152};
 153
 154#define IP6_MF          0x0001
 155#define IP6_OFFSET      0xFFF8
 156
 157#define IP6_REPLY_MARK(net, mark) \
 158        ((net)->ipv6.sysctl.fwmark_reflect ? (mark) : 0)
 159
 160#include <net/sock.h>
 161
 162/* sysctls */
 163extern int sysctl_mld_max_msf;
 164extern int sysctl_mld_qrv;
 165
 166#define _DEVINC(net, statname, mod, idev, field)                        \
 167({                                                                      \
 168        struct inet6_dev *_idev = (idev);                               \
 169        if (likely(_idev != NULL))                                      \
 170                mod##SNMP_INC_STATS64((_idev)->stats.statname, (field));\
 171        mod##SNMP_INC_STATS64((net)->mib.statname##_statistics, (field));\
 172})
 173
 174/* per device counters are atomic_long_t */
 175#define _DEVINCATOMIC(net, statname, mod, idev, field)                  \
 176({                                                                      \
 177        struct inet6_dev *_idev = (idev);                               \
 178        if (likely(_idev != NULL))                                      \
 179                SNMP_INC_STATS_ATOMIC_LONG((_idev)->stats.statname##dev, (field)); \
 180        mod##SNMP_INC_STATS((net)->mib.statname##_statistics, (field));\
 181})
 182
 183/* per device and per net counters are atomic_long_t */
 184#define _DEVINC_ATOMIC_ATOMIC(net, statname, idev, field)               \
 185({                                                                      \
 186        struct inet6_dev *_idev = (idev);                               \
 187        if (likely(_idev != NULL))                                      \
 188                SNMP_INC_STATS_ATOMIC_LONG((_idev)->stats.statname##dev, (field)); \
 189        SNMP_INC_STATS_ATOMIC_LONG((net)->mib.statname##_statistics, (field));\
 190})
 191
 192#define _DEVADD(net, statname, mod, idev, field, val)                   \
 193({                                                                      \
 194        struct inet6_dev *_idev = (idev);                               \
 195        if (likely(_idev != NULL))                                      \
 196                mod##SNMP_ADD_STATS((_idev)->stats.statname, (field), (val)); \
 197        mod##SNMP_ADD_STATS((net)->mib.statname##_statistics, (field), (val));\
 198})
 199
 200#define _DEVUPD(net, statname, mod, idev, field, val)                   \
 201({                                                                      \
 202        struct inet6_dev *_idev = (idev);                               \
 203        if (likely(_idev != NULL))                                      \
 204                mod##SNMP_UPD_PO_STATS((_idev)->stats.statname, field, (val)); \
 205        mod##SNMP_UPD_PO_STATS((net)->mib.statname##_statistics, field, (val));\
 206})
 207
 208/* MIBs */
 209
 210#define IP6_INC_STATS(net, idev,field)          \
 211                _DEVINC(net, ipv6, , idev, field)
 212#define __IP6_INC_STATS(net, idev,field)        \
 213                _DEVINC(net, ipv6, __, idev, field)
 214#define IP6_ADD_STATS(net, idev,field,val)      \
 215                _DEVADD(net, ipv6, , idev, field, val)
 216#define __IP6_ADD_STATS(net, idev,field,val)    \
 217                _DEVADD(net, ipv6, __, idev, field, val)
 218#define IP6_UPD_PO_STATS(net, idev,field,val)   \
 219                _DEVUPD(net, ipv6, , idev, field, val)
 220#define __IP6_UPD_PO_STATS(net, idev,field,val)   \
 221                _DEVUPD(net, ipv6, __, idev, field, val)
 222#define ICMP6_INC_STATS(net, idev, field)       \
 223                _DEVINCATOMIC(net, icmpv6, , idev, field)
 224#define __ICMP6_INC_STATS(net, idev, field)     \
 225                _DEVINCATOMIC(net, icmpv6, __, idev, field)
 226
 227#define ICMP6MSGOUT_INC_STATS(net, idev, field)         \
 228        _DEVINC_ATOMIC_ATOMIC(net, icmpv6msg, idev, field +256)
 229#define ICMP6MSGIN_INC_STATS(net, idev, field)  \
 230        _DEVINC_ATOMIC_ATOMIC(net, icmpv6msg, idev, field)
 231
 232struct ip6_ra_chain {
 233        struct ip6_ra_chain     *next;
 234        struct sock             *sk;
 235        int                     sel;
 236        void                    (*destructor)(struct sock *);
 237};
 238
 239extern struct ip6_ra_chain      *ip6_ra_chain;
 240extern rwlock_t ip6_ra_lock;
 241
 242/*
 243   This structure is prepared by protocol, when parsing
 244   ancillary data and passed to IPv6.
 245 */
 246
 247struct ipv6_txoptions {
 248        refcount_t              refcnt;
 249        /* Length of this structure */
 250        int                     tot_len;
 251
 252        /* length of extension headers   */
 253
 254        __u16                   opt_flen;       /* after fragment hdr */
 255        __u16                   opt_nflen;      /* before fragment hdr */
 256
 257        struct ipv6_opt_hdr     *hopopt;
 258        struct ipv6_opt_hdr     *dst0opt;
 259        struct ipv6_rt_hdr      *srcrt; /* Routing Header */
 260        struct ipv6_opt_hdr     *dst1opt;
 261        struct rcu_head         rcu;
 262        /* Option buffer, as read by IPV6_PKTOPTIONS, starts here. */
 263};
 264
 265struct ip6_flowlabel {
 266        struct ip6_flowlabel __rcu *next;
 267        __be32                  label;
 268        atomic_t                users;
 269        struct in6_addr         dst;
 270        struct ipv6_txoptions   *opt;
 271        unsigned long           linger;
 272        struct rcu_head         rcu;
 273        u8                      share;
 274        union {
 275                struct pid *pid;
 276                kuid_t uid;
 277        } owner;
 278        unsigned long           lastuse;
 279        unsigned long           expires;
 280        struct net              *fl_net;
 281};
 282
 283#define IPV6_FLOWINFO_MASK              cpu_to_be32(0x0FFFFFFF)
 284#define IPV6_FLOWLABEL_MASK             cpu_to_be32(0x000FFFFF)
 285#define IPV6_FLOWLABEL_STATELESS_FLAG   cpu_to_be32(0x00080000)
 286
 287#define IPV6_TCLASS_MASK (IPV6_FLOWINFO_MASK & ~IPV6_FLOWLABEL_MASK)
 288#define IPV6_TCLASS_SHIFT       20
 289
 290struct ipv6_fl_socklist {
 291        struct ipv6_fl_socklist __rcu   *next;
 292        struct ip6_flowlabel            *fl;
 293        struct rcu_head                 rcu;
 294};
 295
 296struct ipcm6_cookie {
 297        __s16 hlimit;
 298        __s16 tclass;
 299        __s8  dontfrag;
 300        struct ipv6_txoptions *opt;
 301};
 302
 303static inline struct ipv6_txoptions *txopt_get(const struct ipv6_pinfo *np)
 304{
 305        struct ipv6_txoptions *opt;
 306
 307        rcu_read_lock();
 308        opt = rcu_dereference(np->opt);
 309        if (opt) {
 310                if (!refcount_inc_not_zero(&opt->refcnt))
 311                        opt = NULL;
 312                else
 313                        opt = rcu_pointer_handoff(opt);
 314        }
 315        rcu_read_unlock();
 316        return opt;
 317}
 318
 319static inline void txopt_put(struct ipv6_txoptions *opt)
 320{
 321        if (opt && refcount_dec_and_test(&opt->refcnt))
 322                kfree_rcu(opt, rcu);
 323}
 324
 325struct ip6_flowlabel *fl6_sock_lookup(struct sock *sk, __be32 label);
 326struct ipv6_txoptions *fl6_merge_options(struct ipv6_txoptions *opt_space,
 327                                         struct ip6_flowlabel *fl,
 328                                         struct ipv6_txoptions *fopt);
 329void fl6_free_socklist(struct sock *sk);
 330int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen);
 331int ipv6_flowlabel_opt_get(struct sock *sk, struct in6_flowlabel_req *freq,
 332                           int flags);
 333int ip6_flowlabel_init(void);
 334void ip6_flowlabel_cleanup(void);
 335bool ip6_autoflowlabel(struct net *net, const struct ipv6_pinfo *np);
 336
 337static inline void fl6_sock_release(struct ip6_flowlabel *fl)
 338{
 339        if (fl)
 340                atomic_dec(&fl->users);
 341}
 342
 343void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info);
 344
 345void icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
 346                                struct icmp6hdr *thdr, int len);
 347
 348int ip6_ra_control(struct sock *sk, int sel);
 349
 350int ipv6_parse_hopopts(struct sk_buff *skb);
 351
 352struct ipv6_txoptions *ipv6_dup_options(struct sock *sk,
 353                                        struct ipv6_txoptions *opt);
 354struct ipv6_txoptions *ipv6_renew_options(struct sock *sk,
 355                                          struct ipv6_txoptions *opt,
 356                                          int newtype,
 357                                          struct ipv6_opt_hdr __user *newopt,
 358                                          int newoptlen);
 359struct ipv6_txoptions *
 360ipv6_renew_options_kern(struct sock *sk,
 361                        struct ipv6_txoptions *opt,
 362                        int newtype,
 363                        struct ipv6_opt_hdr *newopt,
 364                        int newoptlen);
 365struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space,
 366                                          struct ipv6_txoptions *opt);
 367
 368bool ipv6_opt_accepted(const struct sock *sk, const struct sk_buff *skb,
 369                       const struct inet6_skb_parm *opt);
 370struct ipv6_txoptions *ipv6_update_options(struct sock *sk,
 371                                           struct ipv6_txoptions *opt);
 372
 373static inline bool ipv6_accept_ra(struct inet6_dev *idev)
 374{
 375        /* If forwarding is enabled, RA are not accepted unless the special
 376         * hybrid mode (accept_ra=2) is enabled.
 377         */
 378        return idev->cnf.forwarding ? idev->cnf.accept_ra == 2 :
 379            idev->cnf.accept_ra;
 380}
 381
 382#if IS_ENABLED(CONFIG_IPV6)
 383static inline int ip6_frag_mem(struct net *net)
 384{
 385        return sum_frag_mem_limit(&net->ipv6.frags);
 386}
 387#endif
 388
 389#define IPV6_FRAG_HIGH_THRESH   (4 * 1024*1024) /* 4194304 */
 390#define IPV6_FRAG_LOW_THRESH    (3 * 1024*1024) /* 3145728 */
 391#define IPV6_FRAG_TIMEOUT       (60 * HZ)       /* 60 seconds */
 392
 393int __ipv6_addr_type(const struct in6_addr *addr);
 394static inline int ipv6_addr_type(const struct in6_addr *addr)
 395{
 396        return __ipv6_addr_type(addr) & 0xffff;
 397}
 398
 399static inline int ipv6_addr_scope(const struct in6_addr *addr)
 400{
 401        return __ipv6_addr_type(addr) & IPV6_ADDR_SCOPE_MASK;
 402}
 403
 404static inline int __ipv6_addr_src_scope(int type)
 405{
 406        return (type == IPV6_ADDR_ANY) ? __IPV6_ADDR_SCOPE_INVALID : (type >> 16);
 407}
 408
 409static inline int ipv6_addr_src_scope(const struct in6_addr *addr)
 410{
 411        return __ipv6_addr_src_scope(__ipv6_addr_type(addr));
 412}
 413
 414static inline bool __ipv6_addr_needs_scope_id(int type)
 415{
 416        return type & IPV6_ADDR_LINKLOCAL ||
 417               (type & IPV6_ADDR_MULTICAST &&
 418                (type & (IPV6_ADDR_LOOPBACK|IPV6_ADDR_LINKLOCAL)));
 419}
 420
 421static inline __u32 ipv6_iface_scope_id(const struct in6_addr *addr, int iface)
 422{
 423        return __ipv6_addr_needs_scope_id(__ipv6_addr_type(addr)) ? iface : 0;
 424}
 425
 426static inline int ipv6_addr_cmp(const struct in6_addr *a1, const struct in6_addr *a2)
 427{
 428        return memcmp(a1, a2, sizeof(struct in6_addr));
 429}
 430
 431static inline bool
 432ipv6_masked_addr_cmp(const struct in6_addr *a1, const struct in6_addr *m,
 433                     const struct in6_addr *a2)
 434{
 435#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
 436        const unsigned long *ul1 = (const unsigned long *)a1;
 437        const unsigned long *ulm = (const unsigned long *)m;
 438        const unsigned long *ul2 = (const unsigned long *)a2;
 439
 440        return !!(((ul1[0] ^ ul2[0]) & ulm[0]) |
 441                  ((ul1[1] ^ ul2[1]) & ulm[1]));
 442#else
 443        return !!(((a1->s6_addr32[0] ^ a2->s6_addr32[0]) & m->s6_addr32[0]) |
 444                  ((a1->s6_addr32[1] ^ a2->s6_addr32[1]) & m->s6_addr32[1]) |
 445                  ((a1->s6_addr32[2] ^ a2->s6_addr32[2]) & m->s6_addr32[2]) |
 446                  ((a1->s6_addr32[3] ^ a2->s6_addr32[3]) & m->s6_addr32[3]));
 447#endif
 448}
 449
 450static inline void ipv6_addr_prefix(struct in6_addr *pfx, 
 451                                    const struct in6_addr *addr,
 452                                    int plen)
 453{
 454        /* caller must guarantee 0 <= plen <= 128 */
 455        int o = plen >> 3,
 456            b = plen & 0x7;
 457
 458        memset(pfx->s6_addr, 0, sizeof(pfx->s6_addr));
 459        memcpy(pfx->s6_addr, addr, o);
 460        if (b != 0)
 461                pfx->s6_addr[o] = addr->s6_addr[o] & (0xff00 >> b);
 462}
 463
 464static inline void ipv6_addr_prefix_copy(struct in6_addr *addr,
 465                                         const struct in6_addr *pfx,
 466                                         int plen)
 467{
 468        /* caller must guarantee 0 <= plen <= 128 */
 469        int o = plen >> 3,
 470            b = plen & 0x7;
 471
 472        memcpy(addr->s6_addr, pfx, o);
 473        if (b != 0) {
 474                addr->s6_addr[o] &= ~(0xff00 >> b);
 475                addr->s6_addr[o] |= (pfx->s6_addr[o] & (0xff00 >> b));
 476        }
 477}
 478
 479static inline void __ipv6_addr_set_half(__be32 *addr,
 480                                        __be32 wh, __be32 wl)
 481{
 482#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
 483#if defined(__BIG_ENDIAN)
 484        if (__builtin_constant_p(wh) && __builtin_constant_p(wl)) {
 485                *(__force u64 *)addr = ((__force u64)(wh) << 32 | (__force u64)(wl));
 486                return;
 487        }
 488#elif defined(__LITTLE_ENDIAN)
 489        if (__builtin_constant_p(wl) && __builtin_constant_p(wh)) {
 490                *(__force u64 *)addr = ((__force u64)(wl) << 32 | (__force u64)(wh));
 491                return;
 492        }
 493#endif
 494#endif
 495        addr[0] = wh;
 496        addr[1] = wl;
 497}
 498
 499static inline void ipv6_addr_set(struct in6_addr *addr, 
 500                                     __be32 w1, __be32 w2,
 501                                     __be32 w3, __be32 w4)
 502{
 503        __ipv6_addr_set_half(&addr->s6_addr32[0], w1, w2);
 504        __ipv6_addr_set_half(&addr->s6_addr32[2], w3, w4);
 505}
 506
 507static inline bool ipv6_addr_equal(const struct in6_addr *a1,
 508                                   const struct in6_addr *a2)
 509{
 510#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
 511        const unsigned long *ul1 = (const unsigned long *)a1;
 512        const unsigned long *ul2 = (const unsigned long *)a2;
 513
 514        return ((ul1[0] ^ ul2[0]) | (ul1[1] ^ ul2[1])) == 0UL;
 515#else
 516        return ((a1->s6_addr32[0] ^ a2->s6_addr32[0]) |
 517                (a1->s6_addr32[1] ^ a2->s6_addr32[1]) |
 518                (a1->s6_addr32[2] ^ a2->s6_addr32[2]) |
 519                (a1->s6_addr32[3] ^ a2->s6_addr32[3])) == 0;
 520#endif
 521}
 522
 523#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
 524static inline bool __ipv6_prefix_equal64_half(const __be64 *a1,
 525                                              const __be64 *a2,
 526                                              unsigned int len)
 527{
 528        if (len && ((*a1 ^ *a2) & cpu_to_be64((~0UL) << (64 - len))))
 529                return false;
 530        return true;
 531}
 532
 533static inline bool ipv6_prefix_equal(const struct in6_addr *addr1,
 534                                     const struct in6_addr *addr2,
 535                                     unsigned int prefixlen)
 536{
 537        const __be64 *a1 = (const __be64 *)addr1;
 538        const __be64 *a2 = (const __be64 *)addr2;
 539
 540        if (prefixlen >= 64) {
 541                if (a1[0] ^ a2[0])
 542                        return false;
 543                return __ipv6_prefix_equal64_half(a1 + 1, a2 + 1, prefixlen - 64);
 544        }
 545        return __ipv6_prefix_equal64_half(a1, a2, prefixlen);
 546}
 547#else
 548static inline bool ipv6_prefix_equal(const struct in6_addr *addr1,
 549                                     const struct in6_addr *addr2,
 550                                     unsigned int prefixlen)
 551{
 552        const __be32 *a1 = addr1->s6_addr32;
 553        const __be32 *a2 = addr2->s6_addr32;
 554        unsigned int pdw, pbi;
 555
 556        /* check complete u32 in prefix */
 557        pdw = prefixlen >> 5;
 558        if (pdw && memcmp(a1, a2, pdw << 2))
 559                return false;
 560
 561        /* check incomplete u32 in prefix */
 562        pbi = prefixlen & 0x1f;
 563        if (pbi && ((a1[pdw] ^ a2[pdw]) & htonl((0xffffffff) << (32 - pbi))))
 564                return false;
 565
 566        return true;
 567}
 568#endif
 569
 570struct inet_frag_queue;
 571
 572enum ip6_defrag_users {
 573        IP6_DEFRAG_LOCAL_DELIVER,
 574        IP6_DEFRAG_CONNTRACK_IN,
 575        __IP6_DEFRAG_CONNTRACK_IN       = IP6_DEFRAG_CONNTRACK_IN + USHRT_MAX,
 576        IP6_DEFRAG_CONNTRACK_OUT,
 577        __IP6_DEFRAG_CONNTRACK_OUT      = IP6_DEFRAG_CONNTRACK_OUT + USHRT_MAX,
 578        IP6_DEFRAG_CONNTRACK_BRIDGE_IN,
 579        __IP6_DEFRAG_CONNTRACK_BRIDGE_IN = IP6_DEFRAG_CONNTRACK_BRIDGE_IN + USHRT_MAX,
 580};
 581
 582struct ip6_create_arg {
 583        __be32 id;
 584        u32 user;
 585        const struct in6_addr *src;
 586        const struct in6_addr *dst;
 587        int iif;
 588        u8 ecn;
 589};
 590
 591void ip6_frag_init(struct inet_frag_queue *q, const void *a);
 592bool ip6_frag_match(const struct inet_frag_queue *q, const void *a);
 593
 594/*
 595 *      Equivalent of ipv4 struct ip
 596 */
 597struct frag_queue {
 598        struct inet_frag_queue  q;
 599
 600        __be32                  id;             /* fragment id          */
 601        u32                     user;
 602        struct in6_addr         saddr;
 603        struct in6_addr         daddr;
 604
 605        int                     iif;
 606        unsigned int            csum;
 607        __u16                   nhoffset;
 608        u8                      ecn;
 609};
 610
 611void ip6_expire_frag_queue(struct net *net, struct frag_queue *fq,
 612                           struct inet_frags *frags);
 613
 614static inline bool ipv6_addr_any(const struct in6_addr *a)
 615{
 616#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
 617        const unsigned long *ul = (const unsigned long *)a;
 618
 619        return (ul[0] | ul[1]) == 0UL;
 620#else
 621        return (a->s6_addr32[0] | a->s6_addr32[1] |
 622                a->s6_addr32[2] | a->s6_addr32[3]) == 0;
 623#endif
 624}
 625
 626static inline u32 ipv6_addr_hash(const struct in6_addr *a)
 627{
 628#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
 629        const unsigned long *ul = (const unsigned long *)a;
 630        unsigned long x = ul[0] ^ ul[1];
 631
 632        return (u32)(x ^ (x >> 32));
 633#else
 634        return (__force u32)(a->s6_addr32[0] ^ a->s6_addr32[1] ^
 635                             a->s6_addr32[2] ^ a->s6_addr32[3]);
 636#endif
 637}
 638
 639/* more secured version of ipv6_addr_hash() */
 640static inline u32 __ipv6_addr_jhash(const struct in6_addr *a, const u32 initval)
 641{
 642        u32 v = (__force u32)a->s6_addr32[0] ^ (__force u32)a->s6_addr32[1];
 643
 644        return jhash_3words(v,
 645                            (__force u32)a->s6_addr32[2],
 646                            (__force u32)a->s6_addr32[3],
 647                            initval);
 648}
 649
 650static inline bool ipv6_addr_loopback(const struct in6_addr *a)
 651{
 652#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
 653        const __be64 *be = (const __be64 *)a;
 654
 655        return (be[0] | (be[1] ^ cpu_to_be64(1))) == 0UL;
 656#else
 657        return (a->s6_addr32[0] | a->s6_addr32[1] |
 658                a->s6_addr32[2] | (a->s6_addr32[3] ^ cpu_to_be32(1))) == 0;
 659#endif
 660}
 661
 662/*
 663 * Note that we must __force cast these to unsigned long to make sparse happy,
 664 * since all of the endian-annotated types are fixed size regardless of arch.
 665 */
 666static inline bool ipv6_addr_v4mapped(const struct in6_addr *a)
 667{
 668        return (
 669#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
 670                *(unsigned long *)a |
 671#else
 672                (__force unsigned long)(a->s6_addr32[0] | a->s6_addr32[1]) |
 673#endif
 674                (__force unsigned long)(a->s6_addr32[2] ^
 675                                        cpu_to_be32(0x0000ffff))) == 0UL;
 676}
 677
 678static inline u32 ipv6_portaddr_hash(const struct net *net,
 679                                     const struct in6_addr *addr6,
 680                                     unsigned int port)
 681{
 682        unsigned int hash, mix = net_hash_mix(net);
 683
 684        if (ipv6_addr_any(addr6))
 685                hash = jhash_1word(0, mix);
 686        else if (ipv6_addr_v4mapped(addr6))
 687                hash = jhash_1word((__force u32)addr6->s6_addr32[3], mix);
 688        else
 689                hash = jhash2((__force u32 *)addr6->s6_addr32, 4, mix);
 690
 691        return hash ^ port;
 692}
 693
 694/*
 695 * Check for a RFC 4843 ORCHID address
 696 * (Overlay Routable Cryptographic Hash Identifiers)
 697 */
 698static inline bool ipv6_addr_orchid(const struct in6_addr *a)
 699{
 700        return (a->s6_addr32[0] & htonl(0xfffffff0)) == htonl(0x20010010);
 701}
 702
 703static inline bool ipv6_addr_is_multicast(const struct in6_addr *addr)
 704{
 705        return (addr->s6_addr32[0] & htonl(0xFF000000)) == htonl(0xFF000000);
 706}
 707
 708static inline void ipv6_addr_set_v4mapped(const __be32 addr,
 709                                          struct in6_addr *v4mapped)
 710{
 711        ipv6_addr_set(v4mapped,
 712                        0, 0,
 713                        htonl(0x0000FFFF),
 714                        addr);
 715}
 716
 717/*
 718 * find the first different bit between two addresses
 719 * length of address must be a multiple of 32bits
 720 */
 721static inline int __ipv6_addr_diff32(const void *token1, const void *token2, int addrlen)
 722{
 723        const __be32 *a1 = token1, *a2 = token2;
 724        int i;
 725
 726        addrlen >>= 2;
 727
 728        for (i = 0; i < addrlen; i++) {
 729                __be32 xb = a1[i] ^ a2[i];
 730                if (xb)
 731                        return i * 32 + 31 - __fls(ntohl(xb));
 732        }
 733
 734        /*
 735         *      we should *never* get to this point since that 
 736         *      would mean the addrs are equal
 737         *
 738         *      However, we do get to it 8) And exacly, when
 739         *      addresses are equal 8)
 740         *
 741         *      ip route add 1111::/128 via ...
 742         *      ip route add 1111::/64 via ...
 743         *      and we are here.
 744         *
 745         *      Ideally, this function should stop comparison
 746         *      at prefix length. It does not, but it is still OK,
 747         *      if returned value is greater than prefix length.
 748         *                                      --ANK (980803)
 749         */
 750        return addrlen << 5;
 751}
 752
 753#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
 754static inline int __ipv6_addr_diff64(const void *token1, const void *token2, int addrlen)
 755{
 756        const __be64 *a1 = token1, *a2 = token2;
 757        int i;
 758
 759        addrlen >>= 3;
 760
 761        for (i = 0; i < addrlen; i++) {
 762                __be64 xb = a1[i] ^ a2[i];
 763                if (xb)
 764                        return i * 64 + 63 - __fls(be64_to_cpu(xb));
 765        }
 766
 767        return addrlen << 6;
 768}
 769#endif
 770
 771static inline int __ipv6_addr_diff(const void *token1, const void *token2, int addrlen)
 772{
 773#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
 774        if (__builtin_constant_p(addrlen) && !(addrlen & 7))
 775                return __ipv6_addr_diff64(token1, token2, addrlen);
 776#endif
 777        return __ipv6_addr_diff32(token1, token2, addrlen);
 778}
 779
 780static inline int ipv6_addr_diff(const struct in6_addr *a1, const struct in6_addr *a2)
 781{
 782        return __ipv6_addr_diff(a1, a2, sizeof(struct in6_addr));
 783}
 784
 785__be32 ipv6_select_ident(struct net *net,
 786                         const struct in6_addr *daddr,
 787                         const struct in6_addr *saddr);
 788__be32 ipv6_proxy_select_ident(struct net *net, struct sk_buff *skb);
 789
 790int ip6_dst_hoplimit(struct dst_entry *dst);
 791
 792static inline int ip6_sk_dst_hoplimit(struct ipv6_pinfo *np, struct flowi6 *fl6,
 793                                      struct dst_entry *dst)
 794{
 795        int hlimit;
 796
 797        if (ipv6_addr_is_multicast(&fl6->daddr))
 798                hlimit = np->mcast_hops;
 799        else
 800                hlimit = np->hop_limit;
 801        if (hlimit < 0)
 802                hlimit = ip6_dst_hoplimit(dst);
 803        return hlimit;
 804}
 805
 806/* copy IPv6 saddr & daddr to flow_keys, possibly using 64bit load/store
 807 * Equivalent to :      flow->v6addrs.src = iph->saddr;
 808 *                      flow->v6addrs.dst = iph->daddr;
 809 */
 810static inline void iph_to_flow_copy_v6addrs(struct flow_keys *flow,
 811                                            const struct ipv6hdr *iph)
 812{
 813        BUILD_BUG_ON(offsetof(typeof(flow->addrs), v6addrs.dst) !=
 814                     offsetof(typeof(flow->addrs), v6addrs.src) +
 815                     sizeof(flow->addrs.v6addrs.src));
 816        memcpy(&flow->addrs.v6addrs, &iph->saddr, sizeof(flow->addrs.v6addrs));
 817        flow->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
 818}
 819
 820#if IS_ENABLED(CONFIG_IPV6)
 821
 822/* Sysctl settings for net ipv6.auto_flowlabels */
 823#define IP6_AUTO_FLOW_LABEL_OFF         0
 824#define IP6_AUTO_FLOW_LABEL_OPTOUT      1
 825#define IP6_AUTO_FLOW_LABEL_OPTIN       2
 826#define IP6_AUTO_FLOW_LABEL_FORCED      3
 827
 828#define IP6_AUTO_FLOW_LABEL_MAX         IP6_AUTO_FLOW_LABEL_FORCED
 829
 830#define IP6_DEFAULT_AUTO_FLOW_LABELS    IP6_AUTO_FLOW_LABEL_OPTOUT
 831
 832static inline __be32 ip6_make_flowlabel(struct net *net, struct sk_buff *skb,
 833                                        __be32 flowlabel, bool autolabel,
 834                                        struct flowi6 *fl6)
 835{
 836        u32 hash;
 837
 838        /* @flowlabel may include more than a flow label, eg, the traffic class.
 839         * Here we want only the flow label value.
 840         */
 841        flowlabel &= IPV6_FLOWLABEL_MASK;
 842
 843        if (flowlabel ||
 844            net->ipv6.sysctl.auto_flowlabels == IP6_AUTO_FLOW_LABEL_OFF ||
 845            (!autolabel &&
 846             net->ipv6.sysctl.auto_flowlabels != IP6_AUTO_FLOW_LABEL_FORCED))
 847                return flowlabel;
 848
 849        hash = skb_get_hash_flowi6(skb, fl6);
 850
 851        /* Since this is being sent on the wire obfuscate hash a bit
 852         * to minimize possbility that any useful information to an
 853         * attacker is leaked. Only lower 20 bits are relevant.
 854         */
 855        rol32(hash, 16);
 856
 857        flowlabel = (__force __be32)hash & IPV6_FLOWLABEL_MASK;
 858
 859        if (net->ipv6.sysctl.flowlabel_state_ranges)
 860                flowlabel |= IPV6_FLOWLABEL_STATELESS_FLAG;
 861
 862        return flowlabel;
 863}
 864
 865static inline int ip6_default_np_autolabel(struct net *net)
 866{
 867        switch (net->ipv6.sysctl.auto_flowlabels) {
 868        case IP6_AUTO_FLOW_LABEL_OFF:
 869        case IP6_AUTO_FLOW_LABEL_OPTIN:
 870        default:
 871                return 0;
 872        case IP6_AUTO_FLOW_LABEL_OPTOUT:
 873        case IP6_AUTO_FLOW_LABEL_FORCED:
 874                return 1;
 875        }
 876}
 877#else
 878static inline void ip6_set_txhash(struct sock *sk) { }
 879static inline __be32 ip6_make_flowlabel(struct net *net, struct sk_buff *skb,
 880                                        __be32 flowlabel, bool autolabel,
 881                                        struct flowi6 *fl6)
 882{
 883        return flowlabel;
 884}
 885static inline int ip6_default_np_autolabel(struct net *net)
 886{
 887        return 0;
 888}
 889#endif
 890
 891
 892/*
 893 *      Header manipulation
 894 */
 895static inline void ip6_flow_hdr(struct ipv6hdr *hdr, unsigned int tclass,
 896                                __be32 flowlabel)
 897{
 898        *(__be32 *)hdr = htonl(0x60000000 | (tclass << 20)) | flowlabel;
 899}
 900
 901static inline __be32 ip6_flowinfo(const struct ipv6hdr *hdr)
 902{
 903        return *(__be32 *)hdr & IPV6_FLOWINFO_MASK;
 904}
 905
 906static inline __be32 ip6_flowlabel(const struct ipv6hdr *hdr)
 907{
 908        return *(__be32 *)hdr & IPV6_FLOWLABEL_MASK;
 909}
 910
 911static inline u8 ip6_tclass(__be32 flowinfo)
 912{
 913        return ntohl(flowinfo & IPV6_TCLASS_MASK) >> IPV6_TCLASS_SHIFT;
 914}
 915
 916static inline __be32 ip6_make_flowinfo(unsigned int tclass, __be32 flowlabel)
 917{
 918        return htonl(tclass << IPV6_TCLASS_SHIFT) | flowlabel;
 919}
 920
 921/*
 922 *      Prototypes exported by ipv6
 923 */
 924
 925/*
 926 *      rcv function (called from netdevice level)
 927 */
 928
 929int ipv6_rcv(struct sk_buff *skb, struct net_device *dev,
 930             struct packet_type *pt, struct net_device *orig_dev);
 931
 932int ip6_rcv_finish(struct net *net, struct sock *sk, struct sk_buff *skb);
 933
 934/*
 935 *      upper-layer output functions
 936 */
 937int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
 938             __u32 mark, struct ipv6_txoptions *opt, int tclass);
 939
 940int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr);
 941
 942int ip6_append_data(struct sock *sk,
 943                    int getfrag(void *from, char *to, int offset, int len,
 944                                int odd, struct sk_buff *skb),
 945                    void *from, int length, int transhdrlen,
 946                    struct ipcm6_cookie *ipc6, struct flowi6 *fl6,
 947                    struct rt6_info *rt, unsigned int flags,
 948                    const struct sockcm_cookie *sockc);
 949
 950int ip6_push_pending_frames(struct sock *sk);
 951
 952void ip6_flush_pending_frames(struct sock *sk);
 953
 954int ip6_send_skb(struct sk_buff *skb);
 955
 956struct sk_buff *__ip6_make_skb(struct sock *sk, struct sk_buff_head *queue,
 957                               struct inet_cork_full *cork,
 958                               struct inet6_cork *v6_cork);
 959struct sk_buff *ip6_make_skb(struct sock *sk,
 960                             int getfrag(void *from, char *to, int offset,
 961                                         int len, int odd, struct sk_buff *skb),
 962                             void *from, int length, int transhdrlen,
 963                             struct ipcm6_cookie *ipc6, struct flowi6 *fl6,
 964                             struct rt6_info *rt, unsigned int flags,
 965                             const struct sockcm_cookie *sockc);
 966
 967static inline struct sk_buff *ip6_finish_skb(struct sock *sk)
 968{
 969        return __ip6_make_skb(sk, &sk->sk_write_queue, &inet_sk(sk)->cork,
 970                              &inet6_sk(sk)->cork);
 971}
 972
 973unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst);
 974
 975int ip6_dst_lookup(struct net *net, struct sock *sk, struct dst_entry **dst,
 976                   struct flowi6 *fl6);
 977struct dst_entry *ip6_dst_lookup_flow(const struct sock *sk, struct flowi6 *fl6,
 978                                      const struct in6_addr *final_dst);
 979struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
 980                                         const struct in6_addr *final_dst);
 981struct dst_entry *ip6_blackhole_route(struct net *net,
 982                                      struct dst_entry *orig_dst);
 983
 984/*
 985 *      skb processing functions
 986 */
 987
 988int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb);
 989int ip6_forward(struct sk_buff *skb);
 990int ip6_input(struct sk_buff *skb);
 991int ip6_mc_input(struct sk_buff *skb);
 992
 993int __ip6_local_out(struct net *net, struct sock *sk, struct sk_buff *skb);
 994int ip6_local_out(struct net *net, struct sock *sk, struct sk_buff *skb);
 995
 996/*
 997 *      Extension header (options) processing
 998 */
 999
1000void ipv6_push_nfrag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt,

1001                          u8 *proto, struct in6_addr **daddr_p,
1002                          struct in6_addr *saddr);
1003void ipv6_push_frag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt,
1004                         u8 *proto);
1005
1006int ipv6_skip_exthdr(const struct sk_buff *, int start, u8 *nexthdrp,
1007                     __be16 *frag_offp);
1008
1009bool ipv6_ext_hdr(u8 nexthdr);
1010
1011enum {
1012        IP6_FH_F_FRAG           = (1 << 0),
1013        IP6_FH_F_AUTH           = (1 << 1),
1014        IP6_FH_F_SKIP_RH        = (1 << 2),
1015};
1016
1017/* find specified header and get offset to it */
1018int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, int target,
1019                  unsigned short *fragoff, int *fragflg);
1020
1021int ipv6_find_tlv(const struct sk_buff *skb, int offset, int type);
1022
1023struct in6_addr *fl6_update_dst(struct flowi6 *fl6,
1024                                const struct ipv6_txoptions *opt,
1025                                struct in6_addr *orig);
1026
1027/*
1028 *      socket options (ipv6_sockglue.c)
1029 */
1030
1031int ipv6_setsockopt(struct sock *sk, int level, int optname,
1032                    char __user *optval, unsigned int optlen);
1033int ipv6_getsockopt(struct sock *sk, int level, int optname,
1034                    char __user *optval, int __user *optlen);
1035int compat_ipv6_setsockopt(struct sock *sk, int level, int optname,
1036                           char __user *optval, unsigned int optlen);
1037int compat_ipv6_getsockopt(struct sock *sk, int level, int optname,
1038                           char __user *optval, int __user *optlen);
1039
1040int __ip6_datagram_connect(struct sock *sk, struct sockaddr *addr,
1041                           int addr_len);
1042int ip6_datagram_connect(struct sock *sk, struct sockaddr *addr, int addr_len);
1043int ip6_datagram_connect_v6_only(struct sock *sk, struct sockaddr *addr,
1044                                 int addr_len);
1045int ip6_datagram_dst_update(struct sock *sk, bool fix_sk_saddr);
1046void ip6_datagram_release_cb(struct sock *sk);
1047
1048int ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len,
1049                    int *addr_len);
1050int ipv6_recv_rxpmtu(struct sock *sk, struct msghdr *msg, int len,
1051                     int *addr_len);
1052void ipv6_icmp_error(struct sock *sk, struct sk_buff *skb, int err, __be16 port,
1053                     u32 info, u8 *payload);
1054void ipv6_local_error(struct sock *sk, int err, struct flowi6 *fl6, u32 info);
1055void ipv6_local_rxpmtu(struct sock *sk, struct flowi6 *fl6, u32 mtu);
1056
1057int inet6_release(struct socket *sock);
1058int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len);
1059int inet6_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len,
1060                  int peer);
1061int inet6_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg);
1062
1063int inet6_hash_connect(struct inet_timewait_death_row *death_row,
1064                              struct sock *sk);
1065
1066/*
1067 * reassembly.c
1068 */
1069extern const struct proto_ops inet6_stream_ops;
1070extern const struct proto_ops inet6_dgram_ops;
1071extern const struct proto_ops inet6_sockraw_ops;
1072
1073struct group_source_req;
1074struct group_filter;
1075
1076int ip6_mc_source(int add, int omode, struct sock *sk,
1077                  struct group_source_req *pgsr);
1078int ip6_mc_msfilter(struct sock *sk, struct group_filter *gsf);
1079int ip6_mc_msfget(struct sock *sk, struct group_filter *gsf,
1080                  struct group_filter __user *optval, int __user *optlen);
1081
1082#ifdef CONFIG_PROC_FS
1083int ac6_proc_init(struct net *net);
1084void ac6_proc_exit(struct net *net);
1085int raw6_proc_init(void);
1086void raw6_proc_exit(void);
1087int tcp6_proc_init(struct net *net);
1088void tcp6_proc_exit(struct net *net);
1089int udp6_proc_init(struct net *net);
1090void udp6_proc_exit(struct net *net);
1091int udplite6_proc_init(void);
1092void udplite6_proc_exit(void);
1093int ipv6_misc_proc_init(void);
1094void ipv6_misc_proc_exit(void);
1095int snmp6_register_dev(struct inet6_dev *idev);
1096int snmp6_unregister_dev(struct inet6_dev *idev);
1097
1098#else
1099static inline int ac6_proc_init(struct net *net) { return 0; }
1100static inline void ac6_proc_exit(struct net *net) { }
1101static inline int snmp6_register_dev(struct inet6_dev *idev) { return 0; }
1102static inline int snmp6_unregister_dev(struct inet6_dev *idev) { return 0; }
1103#endif
1104
1105#ifdef CONFIG_SYSCTL
1106extern struct ctl_table ipv6_route_table_template[];
1107
1108struct ctl_table *ipv6_icmp_sysctl_init(struct net *net);
1109struct ctl_table *ipv6_route_sysctl_init(struct net *net);
1110int ipv6_sysctl_register(void);
1111void ipv6_sysctl_unregister(void);
1112#endif
1113
1114int ipv6_sock_mc_join(struct sock *sk, int ifindex,
1115                      const struct in6_addr *addr);
1116int ipv6_sock_mc_drop(struct sock *sk, int ifindex,
1117                      const struct in6_addr *addr);
1118#endif /* _NET_IPV6_H */
1119