Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * INET An implementation of the TCP/IP protocol suite for the LINUX | |
3 | * operating system. INET is implemented using the BSD Socket | |
4 | * interface as the means of communication with the user level. | |
5 | * | |
6 | * The options processing module for ip.c | |
7 | * | |
1da177e4 | 8 | * Authors: A.N.Kuznetsov |
e905a9ed | 9 | * |
1da177e4 LT |
10 | */ |
11 | ||
afd46503 JP |
12 | #define pr_fmt(fmt) "IPv4: " fmt |
13 | ||
4fc268d2 | 14 | #include <linux/capability.h> |
1da177e4 | 15 | #include <linux/module.h> |
5a0e3ad6 | 16 | #include <linux/slab.h> |
1da177e4 LT |
17 | #include <linux/types.h> |
18 | #include <asm/uaccess.h> | |
48bdf072 | 19 | #include <asm/unaligned.h> |
1da177e4 LT |
20 | #include <linux/skbuff.h> |
21 | #include <linux/ip.h> | |
22 | #include <linux/icmp.h> | |
23 | #include <linux/netdevice.h> | |
24 | #include <linux/rtnetlink.h> | |
25 | #include <net/sock.h> | |
26 | #include <net/ip.h> | |
27 | #include <net/icmp.h> | |
14c85021 | 28 | #include <net/route.h> |
11a03f78 | 29 | #include <net/cipso_ipv4.h> |
35ebf65e | 30 | #include <net/ip_fib.h> |
1da177e4 | 31 | |
e905a9ed | 32 | /* |
1da177e4 LT |
33 | * Write options to IP header, record destination address to |
34 | * source route option, address of outgoing interface | |
35 | * (we should already know it, so that this function is allowed be | |
36 | * called only after routing decision) and timestamp, | |
37 | * if we originate this datagram. | |
38 | * | |
39 | * daddr is real destination address, next hop is recorded in IP header. | |
40 | * saddr is address of outgoing interface. | |
41 | */ | |
42 | ||
f6d8bd05 | 43 | void ip_options_build(struct sk_buff *skb, struct ip_options *opt, |
8e36360a | 44 | __be32 daddr, struct rtable *rt, int is_frag) |
1da177e4 | 45 | { |
d56f90a7 | 46 | unsigned char *iph = skb_network_header(skb); |
1da177e4 LT |
47 | |
48 | memcpy(&(IPCB(skb)->opt), opt, sizeof(struct ip_options)); | |
49 | memcpy(iph+sizeof(struct iphdr), opt->__data, opt->optlen); | |
50 | opt = &(IPCB(skb)->opt); | |
1da177e4 LT |
51 | |
52 | if (opt->srr) | |
53 | memcpy(iph+opt->srr+iph[opt->srr+1]-4, &daddr, 4); | |
54 | ||
55 | if (!is_frag) { | |
56 | if (opt->rr_needaddr) | |
8e36360a | 57 | ip_rt_get_source(iph+opt->rr+iph[opt->rr+2]-5, skb, rt); |
1da177e4 | 58 | if (opt->ts_needaddr) |
8e36360a | 59 | ip_rt_get_source(iph+opt->ts+iph[opt->ts+2]-9, skb, rt); |
1da177e4 | 60 | if (opt->ts_needtime) { |
f25c3d61 | 61 | struct timespec tv; |
e25d2ca6 | 62 | __be32 midtime; |
f25c3d61 YH |
63 | getnstimeofday(&tv); |
64 | midtime = htonl((tv.tv_sec % 86400) * MSEC_PER_SEC + tv.tv_nsec / NSEC_PER_MSEC); | |
1da177e4 LT |
65 | memcpy(iph+opt->ts+iph[opt->ts+2]-5, &midtime, 4); |
66 | } | |
67 | return; | |
68 | } | |
69 | if (opt->rr) { | |
70 | memset(iph+opt->rr, IPOPT_NOP, iph[opt->rr+1]); | |
71 | opt->rr = 0; | |
72 | opt->rr_needaddr = 0; | |
73 | } | |
74 | if (opt->ts) { | |
75 | memset(iph+opt->ts, IPOPT_NOP, iph[opt->ts+1]); | |
76 | opt->ts = 0; | |
77 | opt->ts_needaddr = opt->ts_needtime = 0; | |
78 | } | |
79 | } | |
80 | ||
e905a9ed | 81 | /* |
1da177e4 LT |
82 | * Provided (sopt, skb) points to received options, |
83 | * build in dopt compiled option set appropriate for answering. | |
84 | * i.e. invert SRR option, copy anothers, | |
85 | * and grab room in RR/TS options. | |
86 | * | |
87 | * NOTE: dopt cannot point to skb. | |
88 | */ | |
89 | ||
f6d8bd05 | 90 | int ip_options_echo(struct ip_options *dopt, struct sk_buff *skb) |
1da177e4 | 91 | { |
f6d8bd05 | 92 | const struct ip_options *sopt; |
1da177e4 LT |
93 | unsigned char *sptr, *dptr; |
94 | int soffset, doffset; | |
95 | int optlen; | |
1da177e4 LT |
96 | |
97 | memset(dopt, 0, sizeof(struct ip_options)); | |
98 | ||
1da177e4 LT |
99 | sopt = &(IPCB(skb)->opt); |
100 | ||
f6d8bd05 | 101 | if (sopt->optlen == 0) |
1da177e4 | 102 | return 0; |
1da177e4 | 103 | |
d56f90a7 | 104 | sptr = skb_network_header(skb); |
1da177e4 LT |
105 | dptr = dopt->__data; |
106 | ||
1da177e4 LT |
107 | if (sopt->rr) { |
108 | optlen = sptr[sopt->rr+1]; | |
109 | soffset = sptr[sopt->rr+2]; | |
110 | dopt->rr = dopt->optlen + sizeof(struct iphdr); | |
111 | memcpy(dptr, sptr+sopt->rr, optlen); | |
112 | if (sopt->rr_needaddr && soffset <= optlen) { | |
113 | if (soffset + 3 > optlen) | |
114 | return -EINVAL; | |
115 | dptr[2] = soffset + 4; | |
116 | dopt->rr_needaddr = 1; | |
117 | } | |
118 | dptr += optlen; | |
119 | dopt->optlen += optlen; | |
120 | } | |
121 | if (sopt->ts) { | |
122 | optlen = sptr[sopt->ts+1]; | |
123 | soffset = sptr[sopt->ts+2]; | |
124 | dopt->ts = dopt->optlen + sizeof(struct iphdr); | |
125 | memcpy(dptr, sptr+sopt->ts, optlen); | |
126 | if (soffset <= optlen) { | |
127 | if (sopt->ts_needaddr) { | |
128 | if (soffset + 3 > optlen) | |
129 | return -EINVAL; | |
130 | dopt->ts_needaddr = 1; | |
131 | soffset += 4; | |
132 | } | |
133 | if (sopt->ts_needtime) { | |
134 | if (soffset + 3 > optlen) | |
135 | return -EINVAL; | |
136 | if ((dptr[3]&0xF) != IPOPT_TS_PRESPEC) { | |
137 | dopt->ts_needtime = 1; | |
138 | soffset += 4; | |
139 | } else { | |
140 | dopt->ts_needtime = 0; | |
141 | ||
8628bd8a | 142 | if (soffset + 7 <= optlen) { |
fd683222 | 143 | __be32 addr; |
1da177e4 | 144 | |
8628bd8a JL |
145 | memcpy(&addr, dptr+soffset-1, 4); |
146 | if (inet_addr_type(dev_net(skb_dst(skb)->dev), addr) != RTN_UNICAST) { | |
1da177e4 LT |
147 | dopt->ts_needtime = 1; |
148 | soffset += 8; | |
149 | } | |
150 | } | |
151 | } | |
152 | } | |
153 | dptr[2] = soffset; | |
154 | } | |
155 | dptr += optlen; | |
156 | dopt->optlen += optlen; | |
157 | } | |
158 | if (sopt->srr) { | |
f6d8bd05 | 159 | unsigned char *start = sptr+sopt->srr; |
3ca3c68e | 160 | __be32 faddr; |
1da177e4 LT |
161 | |
162 | optlen = start[1]; | |
163 | soffset = start[2]; | |
164 | doffset = 0; | |
165 | if (soffset > optlen) | |
166 | soffset = optlen + 1; | |
167 | soffset -= 4; | |
168 | if (soffset > 3) { | |
169 | memcpy(&faddr, &start[soffset-1], 4); | |
a22318e8 | 170 | for (soffset -= 4, doffset = 4; soffset > 3; soffset -= 4, doffset += 4) |
1da177e4 LT |
171 | memcpy(&dptr[doffset-1], &start[soffset-1], 4); |
172 | /* | |
173 | * RFC1812 requires to fix illegal source routes. | |
174 | */ | |
eddc9ec5 ACM |
175 | if (memcmp(&ip_hdr(skb)->saddr, |
176 | &start[soffset + 3], 4) == 0) | |
1da177e4 LT |
177 | doffset -= 4; |
178 | } | |
179 | if (doffset > 3) { | |
6255e5ea JA |
180 | __be32 daddr = fib_compute_spec_dst(skb); |
181 | ||
1da177e4 LT |
182 | memcpy(&start[doffset-1], &daddr, 4); |
183 | dopt->faddr = faddr; | |
184 | dptr[0] = start[0]; | |
185 | dptr[1] = doffset+3; | |
186 | dptr[2] = 4; | |
187 | dptr += doffset+3; | |
188 | dopt->srr = dopt->optlen + sizeof(struct iphdr); | |
189 | dopt->optlen += doffset+3; | |
190 | dopt->is_strictroute = sopt->is_strictroute; | |
191 | } | |
192 | } | |
11a03f78 PM |
193 | if (sopt->cipso) { |
194 | optlen = sptr[sopt->cipso+1]; | |
195 | dopt->cipso = dopt->optlen+sizeof(struct iphdr); | |
196 | memcpy(dptr, sptr+sopt->cipso, optlen); | |
197 | dptr += optlen; | |
198 | dopt->optlen += optlen; | |
199 | } | |
1da177e4 LT |
200 | while (dopt->optlen & 3) { |
201 | *dptr++ = IPOPT_END; | |
202 | dopt->optlen++; | |
203 | } | |
204 | return 0; | |
205 | } | |
206 | ||
207 | /* | |
208 | * Options "fragmenting", just fill options not | |
209 | * allowed in fragments with NOOPs. | |
210 | * Simple and stupid 8), but the most efficient way. | |
211 | */ | |
212 | ||
5e73ea1a | 213 | void ip_options_fragment(struct sk_buff *skb) |
1da177e4 | 214 | { |
d56f90a7 | 215 | unsigned char *optptr = skb_network_header(skb) + sizeof(struct iphdr); |
5e73ea1a | 216 | struct ip_options *opt = &(IPCB(skb)->opt); |
1da177e4 LT |
217 | int l = opt->optlen; |
218 | int optlen; | |
219 | ||
220 | while (l > 0) { | |
221 | switch (*optptr) { | |
222 | case IPOPT_END: | |
223 | return; | |
224 | case IPOPT_NOOP: | |
225 | l--; | |
226 | optptr++; | |
227 | continue; | |
228 | } | |
229 | optlen = optptr[1]; | |
a22318e8 | 230 | if (optlen < 2 || optlen > l) |
1da177e4 LT |
231 | return; |
232 | if (!IPOPT_COPIED(*optptr)) | |
233 | memset(optptr, IPOPT_NOOP, optlen); | |
234 | l -= optlen; | |
235 | optptr += optlen; | |
236 | } | |
237 | opt->ts = 0; | |
238 | opt->rr = 0; | |
239 | opt->rr_needaddr = 0; | |
240 | opt->ts_needaddr = 0; | |
241 | opt->ts_needtime = 0; | |
1da177e4 LT |
242 | } |
243 | ||
bf5e53e3 ED |
244 | /* helper used by ip_options_compile() to call fib_compute_spec_dst() |
245 | * at most one time. | |
246 | */ | |
247 | static void spec_dst_fill(__be32 *spec_dst, struct sk_buff *skb) | |
248 | { | |
249 | if (*spec_dst == htonl(INADDR_ANY)) | |
250 | *spec_dst = fib_compute_spec_dst(skb); | |
251 | } | |
252 | ||
1da177e4 LT |
253 | /* |
254 | * Verify options and fill pointers in struct options. | |
255 | * Caller should clear *opt, and set opt->data. | |
256 | * If opt == NULL, then skb->data should point to IP header. | |
257 | */ | |
258 | ||
0e6bd4a1 | 259 | int ip_options_compile(struct net *net, |
5e73ea1a | 260 | struct ip_options *opt, struct sk_buff *skb) |
1da177e4 | 261 | { |
bf5e53e3 | 262 | __be32 spec_dst = htonl(INADDR_ANY); |
5e73ea1a | 263 | unsigned char *pp_ptr = NULL; |
11604721 | 264 | struct rtable *rt = NULL; |
35ebf65e DM |
265 | unsigned char *optptr; |
266 | unsigned char *iph; | |
267 | int optlen, l; | |
1da177e4 | 268 | |
22aba383 | 269 | if (skb != NULL) { |
11604721 | 270 | rt = skb_rtable(skb); |
22aba383 DL |
271 | optptr = (unsigned char *)&(ip_hdr(skb)[1]); |
272 | } else | |
10fe7d85 | 273 | optptr = opt->__data; |
22aba383 | 274 | iph = optptr - sizeof(struct iphdr); |
1da177e4 LT |
275 | |
276 | for (l = opt->optlen; l > 0; ) { | |
277 | switch (*optptr) { | |
dd9b4559 | 278 | case IPOPT_END: |
a22318e8 | 279 | for (optptr++, l--; l > 0; optptr++, l--) { |
1da177e4 LT |
280 | if (*optptr != IPOPT_END) { |
281 | *optptr = IPOPT_END; | |
282 | opt->is_changed = 1; | |
283 | } | |
284 | } | |
285 | goto eol; | |
dd9b4559 | 286 | case IPOPT_NOOP: |
1da177e4 LT |
287 | l--; |
288 | optptr++; | |
289 | continue; | |
290 | } | |
10ec9472 ED |
291 | if (unlikely(l < 2)) { |
292 | pp_ptr = optptr; | |
293 | goto error; | |
294 | } | |
1da177e4 | 295 | optlen = optptr[1]; |
a22318e8 | 296 | if (optlen < 2 || optlen > l) { |
1da177e4 LT |
297 | pp_ptr = optptr; |
298 | goto error; | |
299 | } | |
300 | switch (*optptr) { | |
dd9b4559 WC |
301 | case IPOPT_SSRR: |
302 | case IPOPT_LSRR: | |
1da177e4 LT |
303 | if (optlen < 3) { |
304 | pp_ptr = optptr + 1; | |
305 | goto error; | |
306 | } | |
307 | if (optptr[2] < 4) { | |
308 | pp_ptr = optptr + 2; | |
309 | goto error; | |
310 | } | |
311 | /* NB: cf RFC-1812 5.2.4.1 */ | |
312 | if (opt->srr) { | |
313 | pp_ptr = optptr; | |
314 | goto error; | |
315 | } | |
316 | if (!skb) { | |
317 | if (optptr[2] != 4 || optlen < 7 || ((optlen-3) & 3)) { | |
318 | pp_ptr = optptr + 1; | |
319 | goto error; | |
320 | } | |
321 | memcpy(&opt->faddr, &optptr[3], 4); | |
322 | if (optlen > 7) | |
323 | memmove(&optptr[3], &optptr[7], optlen-7); | |
324 | } | |
325 | opt->is_strictroute = (optptr[0] == IPOPT_SSRR); | |
326 | opt->srr = optptr - iph; | |
327 | break; | |
dd9b4559 | 328 | case IPOPT_RR: |
1da177e4 LT |
329 | if (opt->rr) { |
330 | pp_ptr = optptr; | |
331 | goto error; | |
332 | } | |
333 | if (optlen < 3) { | |
334 | pp_ptr = optptr + 1; | |
335 | goto error; | |
336 | } | |
337 | if (optptr[2] < 4) { | |
338 | pp_ptr = optptr + 2; | |
339 | goto error; | |
340 | } | |
341 | if (optptr[2] <= optlen) { | |
342 | if (optptr[2]+3 > optlen) { | |
343 | pp_ptr = optptr + 2; | |
344 | goto error; | |
345 | } | |
11604721 | 346 | if (rt) { |
bf5e53e3 | 347 | spec_dst_fill(&spec_dst, skb); |
35ebf65e | 348 | memcpy(&optptr[optptr[2]-1], &spec_dst, 4); |
1da177e4 LT |
349 | opt->is_changed = 1; |
350 | } | |
351 | optptr[2] += 4; | |
352 | opt->rr_needaddr = 1; | |
353 | } | |
354 | opt->rr = optptr - iph; | |
355 | break; | |
dd9b4559 | 356 | case IPOPT_TIMESTAMP: |
1da177e4 LT |
357 | if (opt->ts) { |
358 | pp_ptr = optptr; | |
359 | goto error; | |
360 | } | |
361 | if (optlen < 4) { | |
362 | pp_ptr = optptr + 1; | |
363 | goto error; | |
364 | } | |
365 | if (optptr[2] < 5) { | |
366 | pp_ptr = optptr + 2; | |
367 | goto error; | |
368 | } | |
369 | if (optptr[2] <= optlen) { | |
48bdf072 | 370 | unsigned char *timeptr = NULL; |
5a2b646f | 371 | if (optptr[2]+3 > optlen) { |
1da177e4 LT |
372 | pp_ptr = optptr + 2; |
373 | goto error; | |
374 | } | |
375 | switch (optptr[3]&0xF) { | |
dd9b4559 | 376 | case IPOPT_TS_TSONLY: |
e905a9ed | 377 | if (skb) |
48bdf072 | 378 | timeptr = &optptr[optptr[2]-1]; |
1da177e4 LT |
379 | opt->ts_needtime = 1; |
380 | optptr[2] += 4; | |
381 | break; | |
dd9b4559 | 382 | case IPOPT_TS_TSANDADDR: |
5a2b646f | 383 | if (optptr[2]+7 > optlen) { |
1da177e4 LT |
384 | pp_ptr = optptr + 2; |
385 | goto error; | |
386 | } | |
11604721 | 387 | if (rt) { |
bf5e53e3 | 388 | spec_dst_fill(&spec_dst, skb); |
35ebf65e | 389 | memcpy(&optptr[optptr[2]-1], &spec_dst, 4); |
48bdf072 | 390 | timeptr = &optptr[optptr[2]+3]; |
1da177e4 LT |
391 | } |
392 | opt->ts_needaddr = 1; | |
393 | opt->ts_needtime = 1; | |
394 | optptr[2] += 8; | |
395 | break; | |
dd9b4559 | 396 | case IPOPT_TS_PRESPEC: |
5a2b646f | 397 | if (optptr[2]+7 > optlen) { |
1da177e4 LT |
398 | pp_ptr = optptr + 2; |
399 | goto error; | |
400 | } | |
1da177e4 | 401 | { |
fd683222 | 402 | __be32 addr; |
1da177e4 | 403 | memcpy(&addr, &optptr[optptr[2]-1], 4); |
0e6bd4a1 | 404 | if (inet_addr_type(net, addr) == RTN_UNICAST) |
1da177e4 LT |
405 | break; |
406 | if (skb) | |
48bdf072 | 407 | timeptr = &optptr[optptr[2]+3]; |
1da177e4 LT |
408 | } |
409 | opt->ts_needtime = 1; | |
410 | optptr[2] += 8; | |
411 | break; | |
dd9b4559 | 412 | default: |
52e804c6 | 413 | if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) { |
1da177e4 LT |
414 | pp_ptr = optptr + 3; |
415 | goto error; | |
416 | } | |
417 | break; | |
418 | } | |
419 | if (timeptr) { | |
f25c3d61 | 420 | struct timespec tv; |
48bdf072 | 421 | u32 midtime; |
f25c3d61 | 422 | getnstimeofday(&tv); |
48bdf072 CM |
423 | midtime = (tv.tv_sec % 86400) * MSEC_PER_SEC + tv.tv_nsec / NSEC_PER_MSEC; |
424 | put_unaligned_be32(midtime, timeptr); | |
1da177e4 LT |
425 | opt->is_changed = 1; |
426 | } | |
fa2b04f4 | 427 | } else if ((optptr[3]&0xF) != IPOPT_TS_PRESPEC) { |
95c96174 | 428 | unsigned int overflow = optptr[3]>>4; |
1da177e4 LT |
429 | if (overflow == 15) { |
430 | pp_ptr = optptr + 3; | |
431 | goto error; | |
432 | } | |
1da177e4 LT |
433 | if (skb) { |
434 | optptr[3] = (optptr[3]&0xF)|((overflow+1)<<4); | |
435 | opt->is_changed = 1; | |
436 | } | |
437 | } | |
4660c7f4 | 438 | opt->ts = optptr - iph; |
1da177e4 | 439 | break; |
dd9b4559 | 440 | case IPOPT_RA: |
1da177e4 LT |
441 | if (optlen < 4) { |
442 | pp_ptr = optptr + 1; | |
443 | goto error; | |
444 | } | |
445 | if (optptr[2] == 0 && optptr[3] == 0) | |
446 | opt->router_alert = optptr - iph; | |
447 | break; | |
dd9b4559 | 448 | case IPOPT_CIPSO: |
52e804c6 | 449 | if ((!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) || opt->cipso) { |
11a03f78 PM |
450 | pp_ptr = optptr; |
451 | goto error; | |
452 | } | |
453 | opt->cipso = optptr - iph; | |
15c45f7b | 454 | if (cipso_v4_validate(skb, &optptr)) { |
11a03f78 PM |
455 | pp_ptr = optptr; |
456 | goto error; | |
457 | } | |
458 | break; | |
dd9b4559 WC |
459 | case IPOPT_SEC: |
460 | case IPOPT_SID: | |
461 | default: | |
52e804c6 | 462 | if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) { |
1da177e4 LT |
463 | pp_ptr = optptr; |
464 | goto error; | |
465 | } | |
466 | break; | |
467 | } | |
468 | l -= optlen; | |
469 | optptr += optlen; | |
470 | } | |
471 | ||
472 | eol: | |
473 | if (!pp_ptr) | |
474 | return 0; | |
475 | ||
476 | error: | |
477 | if (skb) { | |
478 | icmp_send(skb, ICMP_PARAMETERPROB, 0, htonl((pp_ptr-iph)<<24)); | |
479 | } | |
480 | return -EINVAL; | |
481 | } | |
462fb2af | 482 | EXPORT_SYMBOL(ip_options_compile); |
1da177e4 LT |
483 | |
484 | /* | |
485 | * Undo all the changes done by ip_options_compile(). | |
486 | */ | |
487 | ||
5e73ea1a | 488 | void ip_options_undo(struct ip_options *opt) |
1da177e4 LT |
489 | { |
490 | if (opt->srr) { | |
5e73ea1a | 491 | unsigned char *optptr = opt->__data+opt->srr-sizeof(struct iphdr); |
1da177e4 LT |
492 | memmove(optptr+7, optptr+3, optptr[1]-7); |
493 | memcpy(optptr+3, &opt->faddr, 4); | |
494 | } | |
495 | if (opt->rr_needaddr) { | |
5e73ea1a | 496 | unsigned char *optptr = opt->__data+opt->rr-sizeof(struct iphdr); |
1da177e4 LT |
497 | optptr[2] -= 4; |
498 | memset(&optptr[optptr[2]-1], 0, 4); | |
499 | } | |
500 | if (opt->ts) { | |
5e73ea1a | 501 | unsigned char *optptr = opt->__data+opt->ts-sizeof(struct iphdr); |
1da177e4 LT |
502 | if (opt->ts_needtime) { |
503 | optptr[2] -= 4; | |
504 | memset(&optptr[optptr[2]-1], 0, 4); | |
505 | if ((optptr[3]&0xF) == IPOPT_TS_PRESPEC) | |
506 | optptr[2] -= 4; | |
507 | } | |
508 | if (opt->ts_needaddr) { | |
509 | optptr[2] -= 4; | |
510 | memset(&optptr[optptr[2]-1], 0, 4); | |
511 | } | |
512 | } | |
513 | } | |
514 | ||
f6d8bd05 | 515 | static struct ip_options_rcu *ip_options_get_alloc(const int optlen) |
1da177e4 | 516 | { |
f6d8bd05 | 517 | return kzalloc(sizeof(struct ip_options_rcu) + ((optlen + 3) & ~3), |
37640703 | 518 | GFP_KERNEL); |
4c6ea29d | 519 | } |
1da177e4 | 520 | |
f6d8bd05 ED |
521 | static int ip_options_get_finish(struct net *net, struct ip_options_rcu **optp, |
522 | struct ip_options_rcu *opt, int optlen) | |
4c6ea29d | 523 | { |
1da177e4 | 524 | while (optlen & 3) |
f6d8bd05 ED |
525 | opt->opt.__data[optlen++] = IPOPT_END; |
526 | opt->opt.optlen = optlen; | |
527 | if (optlen && ip_options_compile(net, &opt->opt, NULL)) { | |
1da177e4 LT |
528 | kfree(opt); |
529 | return -EINVAL; | |
530 | } | |
a51482bd | 531 | kfree(*optp); |
1da177e4 LT |
532 | *optp = opt; |
533 | return 0; | |
534 | } | |
535 | ||
f6d8bd05 | 536 | int ip_options_get_from_user(struct net *net, struct ip_options_rcu **optp, |
f2c4802b | 537 | unsigned char __user *data, int optlen) |
4c6ea29d | 538 | { |
f6d8bd05 | 539 | struct ip_options_rcu *opt = ip_options_get_alloc(optlen); |
4c6ea29d ACM |
540 | |
541 | if (!opt) | |
542 | return -ENOMEM; | |
f6d8bd05 | 543 | if (optlen && copy_from_user(opt->opt.__data, data, optlen)) { |
4c6ea29d ACM |
544 | kfree(opt); |
545 | return -EFAULT; | |
546 | } | |
f2c4802b | 547 | return ip_options_get_finish(net, optp, opt, optlen); |
4c6ea29d ACM |
548 | } |
549 | ||
f6d8bd05 | 550 | int ip_options_get(struct net *net, struct ip_options_rcu **optp, |
f2c4802b | 551 | unsigned char *data, int optlen) |
4c6ea29d | 552 | { |
f6d8bd05 | 553 | struct ip_options_rcu *opt = ip_options_get_alloc(optlen); |
4c6ea29d ACM |
554 | |
555 | if (!opt) | |
556 | return -ENOMEM; | |
557 | if (optlen) | |
f6d8bd05 | 558 | memcpy(opt->opt.__data, data, optlen); |
f2c4802b | 559 | return ip_options_get_finish(net, optp, opt, optlen); |
4c6ea29d ACM |
560 | } |
561 | ||
1da177e4 LT |
562 | void ip_forward_options(struct sk_buff *skb) |
563 | { | |
5e73ea1a DB |
564 | struct ip_options *opt = &(IPCB(skb)->opt); |
565 | unsigned char *optptr; | |
511c3f92 | 566 | struct rtable *rt = skb_rtable(skb); |
d56f90a7 | 567 | unsigned char *raw = skb_network_header(skb); |
1da177e4 LT |
568 | |
569 | if (opt->rr_needaddr) { | |
570 | optptr = (unsigned char *)raw + opt->rr; | |
8e36360a | 571 | ip_rt_get_source(&optptr[optptr[2]-5], skb, rt); |
1da177e4 LT |
572 | opt->is_changed = 1; |
573 | } | |
574 | if (opt->srr_is_hit) { | |
575 | int srrptr, srrspace; | |
576 | ||
577 | optptr = raw + opt->srr; | |
578 | ||
a22318e8 | 579 | for ( srrptr = optptr[2], srrspace = optptr[1]; |
1da177e4 LT |
580 | srrptr <= srrspace; |
581 | srrptr += 4 | |
582 | ) { | |
583 | if (srrptr + 3 > srrspace) | |
584 | break; | |
ac8a4810 | 585 | if (memcmp(&opt->nexthop, &optptr[srrptr-1], 4) == 0) |
1da177e4 LT |
586 | break; |
587 | } | |
588 | if (srrptr + 3 <= srrspace) { | |
589 | opt->is_changed = 1; | |
ac8a4810 | 590 | ip_hdr(skb)->daddr = opt->nexthop; |
5dc7883f | 591 | ip_rt_get_source(&optptr[srrptr-1], skb, rt); |
1da177e4 | 592 | optptr[2] = srrptr+4; |
e87cc472 JP |
593 | } else { |
594 | net_crit_ratelimited("%s(): Argh! Destination lost!\n", | |
595 | __func__); | |
596 | } | |
1da177e4 LT |
597 | if (opt->ts_needaddr) { |
598 | optptr = raw + opt->ts; | |
8e36360a | 599 | ip_rt_get_source(&optptr[optptr[2]-9], skb, rt); |
1da177e4 LT |
600 | opt->is_changed = 1; |
601 | } | |
602 | } | |
603 | if (opt->is_changed) { | |
604 | opt->is_changed = 0; | |
eddc9ec5 | 605 | ip_send_check(ip_hdr(skb)); |
1da177e4 LT |
606 | } |
607 | } | |
608 | ||
609 | int ip_options_rcv_srr(struct sk_buff *skb) | |
610 | { | |
611 | struct ip_options *opt = &(IPCB(skb)->opt); | |
612 | int srrspace, srrptr; | |
9e12bb22 | 613 | __be32 nexthop; |
eddc9ec5 | 614 | struct iphdr *iph = ip_hdr(skb); |
d56f90a7 | 615 | unsigned char *optptr = skb_network_header(skb) + opt->srr; |
511c3f92 | 616 | struct rtable *rt = skb_rtable(skb); |
1da177e4 | 617 | struct rtable *rt2; |
7fee226a | 618 | unsigned long orefdst; |
1da177e4 LT |
619 | int err; |
620 | ||
10949550 | 621 | if (!rt) |
1da177e4 LT |
622 | return 0; |
623 | ||
624 | if (skb->pkt_type != PACKET_HOST) | |
625 | return -EINVAL; | |
626 | if (rt->rt_type == RTN_UNICAST) { | |
627 | if (!opt->is_strictroute) | |
628 | return 0; | |
629 | icmp_send(skb, ICMP_PARAMETERPROB, 0, htonl(16<<24)); | |
630 | return -EINVAL; | |
631 | } | |
632 | if (rt->rt_type != RTN_LOCAL) | |
633 | return -EINVAL; | |
634 | ||
a22318e8 | 635 | for (srrptr = optptr[2], srrspace = optptr[1]; srrptr <= srrspace; srrptr += 4) { |
1da177e4 LT |
636 | if (srrptr + 3 > srrspace) { |
637 | icmp_send(skb, ICMP_PARAMETERPROB, 0, htonl((opt->srr+2)<<24)); | |
638 | return -EINVAL; | |
639 | } | |
640 | memcpy(&nexthop, &optptr[srrptr-1], 4); | |
641 | ||
7fee226a | 642 | orefdst = skb->_skb_refdst; |
adf30907 | 643 | skb_dst_set(skb, NULL); |
1da177e4 | 644 | err = ip_route_input(skb, nexthop, iph->saddr, iph->tos, skb->dev); |
511c3f92 | 645 | rt2 = skb_rtable(skb); |
1da177e4 | 646 | if (err || (rt2->rt_type != RTN_UNICAST && rt2->rt_type != RTN_LOCAL)) { |
7fee226a ED |
647 | skb_dst_drop(skb); |
648 | skb->_skb_refdst = orefdst; | |
1da177e4 LT |
649 | return -EINVAL; |
650 | } | |
7fee226a | 651 | refdst_drop(orefdst); |
1da177e4 LT |
652 | if (rt2->rt_type != RTN_LOCAL) |
653 | break; | |
654 | /* Superfast 8) loopback forward */ | |
c30883bd | 655 | iph->daddr = nexthop; |
1da177e4 LT |
656 | opt->is_changed = 1; |
657 | } | |
658 | if (srrptr <= srrspace) { | |
659 | opt->srr_is_hit = 1; | |
ac8a4810 | 660 | opt->nexthop = nexthop; |
1da177e4 LT |
661 | opt->is_changed = 1; |
662 | } | |
663 | return 0; | |
664 | } | |
462fb2af | 665 | EXPORT_SYMBOL(ip_options_rcv_srr); |