LXR linux/net/ipv6/exthdrs

   1/*
   2 * IPv6 library code, needed by static components when full IPv6 support is
   3 * not configured or static.
   4 */
   5#include <linux/export.h>
   6#include <net/ipv6.h>
   7
   8/*
   9 * find out if nexthdr is a well-known extension header or a protocol
  10 */
  11
  12bool ipv6_ext_hdr(u8 nexthdr)
  13{
  14        /*
  15         * find out if nexthdr is an extension header or a protocol
  16         */
  17        return   (nexthdr == NEXTHDR_HOP)       ||
  18                 (nexthdr == NEXTHDR_ROUTING)   ||
  19                 (nexthdr == NEXTHDR_FRAGMENT)  ||
  20                 (nexthdr == NEXTHDR_AUTH)      ||
  21                 (nexthdr == NEXTHDR_NONE)      ||
  22                 (nexthdr == NEXTHDR_DEST);
  23}
  24EXPORT_SYMBOL(ipv6_ext_hdr);
  25
  26/*
  27 * Skip any extension headers. This is used by the ICMP module.
  28 *
  29 * Note that strictly speaking this conflicts with RFC 2460 4.0:
  30 * ...The contents and semantics of each extension header determine whether
  31 * or not to proceed to the next header.  Therefore, extension headers must
  32 * be processed strictly in the order they appear in the packet; a
  33 * receiver must not, for example, scan through a packet looking for a
  34 * particular kind of extension header and process that header prior to
  35 * processing all preceding ones.
  36 *
  37 * We do exactly this. This is a protocol bug. We can't decide after a
  38 * seeing an unknown discard-with-error flavour TLV option if it's a
  39 * ICMP error message or not (errors should never be send in reply to
  40 * ICMP error messages).
  41 *
  42 * But I see no other way to do this. This might need to be reexamined
  43 * when Linux implements ESP (and maybe AUTH) headers.
  44 * --AK
  45 *
  46 * This function parses (probably truncated) exthdr set "hdr".
  47 * "nexthdrp" initially points to some place,
  48 * where type of the first header can be found.
  49 *
  50 * It skips all well-known exthdrs, and returns pointer to the start
  51 * of unparsable area i.e. the first header with unknown type.
  52 * If it is not NULL *nexthdr is updated by type/protocol of this header.
  53 *
  54 * NOTES: - if packet terminated with NEXTHDR_NONE it returns NULL.
  55 *        - it may return pointer pointing beyond end of packet,
  56 *          if the last recognized header is truncated in the middle.
  57 *        - if packet is truncated, so that all parsed headers are skipped,
  58 *          it returns NULL.
  59 *        - First fragment header is skipped, not-first ones
  60 *          are considered as unparsable.
  61 *        - Reports the offset field of the final fragment header so it is
  62 *          possible to tell whether this is a first fragment, later fragment,
  63 *          or not fragmented.
  64 *        - ESP is unparsable for now and considered like
  65 *          normal payload protocol.
  66 *        - Note also special handling of AUTH header. Thanks to IPsec wizards.
  67 *
  68 * --ANK (980726)
  69 */
  70
  71int ipv6_skip_exthdr(const struct sk_buff *skb, int start, u8 *nexthdrp,
  72                     __be16 *frag_offp)
  73{
  74        u8 nexthdr = *nexthdrp;
  75
  76        *frag_offp = 0;
  77
  78        while (ipv6_ext_hdr(nexthdr)) {
  79                struct ipv6_opt_hdr _hdr, *hp;
  80                int hdrlen;
  81
  82                if (nexthdr == NEXTHDR_NONE)
  83                        return -1;
  84                hp = skb_header_pointer(skb, start, sizeof(_hdr), &_hdr);
  85                if (!hp)
  86                        return -1;
  87                if (nexthdr == NEXTHDR_FRAGMENT) {
  88                        __be16 _frag_off, *fp;
  89                        fp = skb_header_pointer(skb,
  90                                                start+offsetof(struct frag_hdr,
  91                                                               frag_off),
  92                                                sizeof(_frag_off),
  93                                                &_frag_off);
  94                        if (!fp)
  95                                return -1;
  96
  97                        *frag_offp = *fp;
  98                        if (ntohs(*frag_offp) & ~0x7)
  99                                break;
 100                        hdrlen = 8;
 101                } else if (nexthdr == NEXTHDR_AUTH)
 102                        hdrlen = ipv6_authlen(hp);
 103                else
 104                        hdrlen = ipv6_optlen(hp);
 105
 106                nexthdr = hp->nexthdr;
 107                start += hdrlen;
 108        }
 109
 110        *nexthdrp = nexthdr;
 111        return start;
 112}
 113EXPORT_SYMBOL(ipv6_skip_exthdr);
 114
 115int ipv6_find_tlv(const struct sk_buff *skb, int offset, int type)
 116{
 117        const unsigned char *nh = skb_network_header(skb);
 118        int packet_len = skb_tail_pointer(skb) - skb_network_header(skb);
 119        struct ipv6_opt_hdr *hdr;
 120        int len;
 121
 122        if (offset + 2 > packet_len)
 123                goto bad;
 124        hdr = (struct ipv6_opt_hdr *)(nh + offset);
 125        len = ((hdr->hdrlen + 1) << 3);
 126
 127        if (offset + len > packet_len)
 128                goto bad;
 129
 130        offset += 2;
 131        len -= 2;
 132
 133        while (len > 0) {
 134                int opttype = nh[offset];
 135                int optlen;
 136
 137                if (opttype == type)
 138                        return offset;
 139
 140                switch (opttype) {
 141                case IPV6_TLV_PAD1:
 142                        optlen = 1;
 143                        break;
 144                default:
 145                        optlen = nh[offset + 1] + 2;
 146                        if (optlen > len)
 147                                goto bad;
 148                        break;
 149                }
 150                offset += optlen;
 151                len -= optlen;
 152        }
 153        /* not_found */
 154 bad:
 155        return -1;
 156}
 157EXPORT_SYMBOL_GPL(ipv6_find_tlv);
 158
 159/*
 160 * find the offset to specified header or the protocol number of last header
 161 * if target < 0. "last header" is transport protocol header, ESP, or
 162 * "No next header".
 163 *
 164 * Note that *offset is used as input/output parameter. an if it is not zero,
 165 * then it must be a valid offset to an inner IPv6 header. This can be used
 166 * to explore inner IPv6 header, eg. ICMPv6 error messages.
 167 *
 168 * If target header is found, its offset is set in *offset and return protocol
 169 * number. Otherwise, return -1.
 170 *
 171 * If the first fragment doesn't contain the final protocol header or
 172 * NEXTHDR_NONE it is considered invalid.
 173 *
 174 * Note that non-1st fragment is special case that "the protocol number
 175 * of last header" is "next header" field in Fragment header. In this case,
 176 * *offset is meaningless and fragment offset is stored in *fragoff if fragoff
 177 * isn't NULL.
 178 *
 179 * if flags is not NULL and it's a fragment, then the frag flag
 180 * IP6_FH_F_FRAG will be set. If it's an AH header, the
 181 * IP6_FH_F_AUTH flag is set and target < 0, then this function will
 182 * stop at the AH header. If IP6_FH_F_SKIP_RH flag was passed, then this
 183 * function will skip all those routing headers, where segements_left was 0.
 184 */
 185int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
 186                  int target, unsigned short *fragoff, int *flags)
 187{
 188        unsigned int start = skb_network_offset(skb) + sizeof(struct ipv6hdr);
 189        u8 nexthdr = ipv6_hdr(skb)->nexthdr;
 190        bool found;
 191
 192        if (fragoff)
 193                *fragoff = 0;
 194
 195        if (*offset) {
 196                struct ipv6hdr _ip6, *ip6;
 197
 198                ip6 = skb_header_pointer(skb, *offset, sizeof(_ip6), &_ip6);
 199                if (!ip6 || (ip6->version != 6)) {
 200                        printk(KERN_ERR "IPv6 header not found\n");
 201                        return -EBADMSG;
 202                }
 203                start = *offset + sizeof(struct ipv6hdr);
 204                nexthdr = ip6->nexthdr;
 205        }
 206
 207        do {
 208                struct ipv6_opt_hdr _hdr, *hp;
 209                unsigned int hdrlen;
 210                found = (nexthdr == target);
 211
 212                if ((!ipv6_ext_hdr(nexthdr)) || nexthdr == NEXTHDR_NONE) {
 213                        if (target < 0 || found)
 214                                break;
 215                        return -ENOENT;
 216                }
 217
 218                hp = skb_header_pointer(skb, start, sizeof(_hdr), &_hdr);
 219                if (!hp)
 220                        return -EBADMSG;
 221
 222                if (nexthdr == NEXTHDR_ROUTING) {
 223                        struct ipv6_rt_hdr _rh, *rh;
 224
 225                        rh = skb_header_pointer(skb, start, sizeof(_rh),
 226                                                &_rh);
 227                        if (!rh)
 228                                return -EBADMSG;
 229
 230                        if (flags && (*flags & IP6_FH_F_SKIP_RH) &&
 231                            rh->segments_left == 0)
 232                                found = false;
 233                }
 234
 235                if (nexthdr == NEXTHDR_FRAGMENT) {
 236                        unsigned short _frag_off;
 237                        __be16 *fp;
 238
 239                        if (flags)      /* Indicate that this is a fragment */
 240                                *flags |= IP6_FH_F_FRAG;
 241                        fp = skb_header_pointer(skb,
 242                                                start+offsetof(struct frag_hdr,
 243                                                               frag_off),
 244                                                sizeof(_frag_off),
 245                                                &_frag_off);
 246                        if (!fp)
 247                                return -EBADMSG;
 248
 249                        _frag_off = ntohs(*fp) & ~0x7;
 250                        if (_frag_off) {
 251                                if (target < 0 &&
 252                                    ((!ipv6_ext_hdr(hp->nexthdr)) ||
 253                                     hp->nexthdr == NEXTHDR_NONE)) {
 254                                        if (fragoff)
 255                                                *fragoff = _frag_off;
 256                                        return hp->nexthdr;
 257                                }
 258                                if (!found)
 259                                        return -ENOENT;
 260                                if (fragoff)
 261                                        *fragoff = _frag_off;
 262                                break;
 263                        }
 264                        hdrlen = 8;
 265                } else if (nexthdr == NEXTHDR_AUTH) {
 266                        if (flags && (*flags & IP6_FH_F_AUTH) && (target < 0))
 267                                break;
 268                        hdrlen = (hp->hdrlen + 2) << 2;
 269                } else
 270                        hdrlen = ipv6_optlen(hp);
 271
 272                if (!found) {
 273                        nexthdr = hp->nexthdr;
 274                        start += hdrlen;
 275                }
 276        } while (!found);
 277
 278        *offset = start;
 279        return nexthdr;
 280}
 281EXPORT_SYMBOL(ipv6_find_hdr);
 282