1 | // SPDX-License-Identifier: GPL-2.0-only |
2 | /* |
3 | * IPv6 library code, needed by static components when full IPv6 support is |
4 | * not configured or static. |
5 | */ |
6 | #include <linux/export.h> |
7 | #include <net/ipv6.h> |
8 | |
9 | /* |
10 | * find out if nexthdr is a well-known extension header or a protocol |
11 | */ |
12 | |
13 | bool ipv6_ext_hdr(u8 nexthdr) |
14 | { |
15 | /* |
16 | * find out if nexthdr is an extension header or a protocol |
17 | */ |
18 | return (nexthdr == NEXTHDR_HOP) || |
19 | (nexthdr == NEXTHDR_ROUTING) || |
20 | (nexthdr == NEXTHDR_FRAGMENT) || |
21 | (nexthdr == NEXTHDR_AUTH) || |
22 | (nexthdr == NEXTHDR_NONE) || |
23 | (nexthdr == NEXTHDR_DEST); |
24 | } |
25 | EXPORT_SYMBOL(ipv6_ext_hdr); |
26 | |
27 | /* |
28 | * Skip any extension headers. This is used by the ICMP module. |
29 | * |
30 | * Note that strictly speaking this conflicts with RFC 2460 4.0: |
31 | * ...The contents and semantics of each extension header determine whether |
32 | * or not to proceed to the next header. Therefore, extension headers must |
33 | * be processed strictly in the order they appear in the packet; a |
34 | * receiver must not, for example, scan through a packet looking for a |
35 | * particular kind of extension header and process that header prior to |
36 | * processing all preceding ones. |
37 | * |
38 | * We do exactly this. This is a protocol bug. We can't decide after a |
39 | * seeing an unknown discard-with-error flavour TLV option if it's a |
40 | * ICMP error message or not (errors should never be send in reply to |
41 | * ICMP error messages). |
42 | * |
43 | * But I see no other way to do this. This might need to be reexamined |
44 | * when Linux implements ESP (and maybe AUTH) headers. |
45 | * --AK |
46 | * |
47 | * This function parses (probably truncated) exthdr set "hdr". |
48 | * "nexthdrp" initially points to some place, |
49 | * where type of the first header can be found. |
50 | * |
51 | * It skips all well-known exthdrs, and returns pointer to the start |
52 | * of unparsable area i.e. the first header with unknown type. |
53 | * If it is not NULL *nexthdr is updated by type/protocol of this header. |
54 | * |
55 | * NOTES: - if packet terminated with NEXTHDR_NONE it returns NULL. |
56 | * - it may return pointer pointing beyond end of packet, |
57 | * if the last recognized header is truncated in the middle. |
58 | * - if packet is truncated, so that all parsed headers are skipped, |
59 | * it returns NULL. |
60 | * - First fragment header is skipped, not-first ones |
61 | * are considered as unparsable. |
62 | * - Reports the offset field of the final fragment header so it is |
63 | * possible to tell whether this is a first fragment, later fragment, |
64 | * or not fragmented. |
65 | * - ESP is unparsable for now and considered like |
66 | * normal payload protocol. |
67 | * - Note also special handling of AUTH header. Thanks to IPsec wizards. |
68 | * |
69 | * --ANK (980726) |
70 | */ |
71 | |
72 | int ipv6_skip_exthdr(const struct sk_buff *skb, int start, u8 *nexthdrp, |
73 | __be16 *frag_offp) |
74 | { |
75 | u8 nexthdr = *nexthdrp; |
76 | |
77 | *frag_offp = 0; |
78 | |
79 | while (ipv6_ext_hdr(nexthdr)) { |
80 | struct ipv6_opt_hdr _hdr, *hp; |
81 | int hdrlen; |
82 | |
83 | if (nexthdr == NEXTHDR_NONE) |
84 | return -1; |
85 | hp = skb_header_pointer(skb, offset: start, len: sizeof(_hdr), buffer: &_hdr); |
86 | if (!hp) |
87 | return -1; |
88 | if (nexthdr == NEXTHDR_FRAGMENT) { |
89 | __be16 _frag_off, *fp; |
90 | fp = skb_header_pointer(skb, |
91 | offset: start+offsetof(struct frag_hdr, |
92 | frag_off), |
93 | len: sizeof(_frag_off), |
94 | buffer: &_frag_off); |
95 | if (!fp) |
96 | return -1; |
97 | |
98 | *frag_offp = *fp; |
99 | if (ntohs(*frag_offp) & ~0x7) |
100 | break; |
101 | hdrlen = 8; |
102 | } else if (nexthdr == NEXTHDR_AUTH) |
103 | hdrlen = ipv6_authlen(hp); |
104 | else |
105 | hdrlen = ipv6_optlen(hp); |
106 | |
107 | nexthdr = hp->nexthdr; |
108 | start += hdrlen; |
109 | } |
110 | |
111 | *nexthdrp = nexthdr; |
112 | return start; |
113 | } |
114 | EXPORT_SYMBOL(ipv6_skip_exthdr); |
115 | |
116 | int ipv6_find_tlv(const struct sk_buff *skb, int offset, int type) |
117 | { |
118 | const unsigned char *nh = skb_network_header(skb); |
119 | int packet_len = skb_tail_pointer(skb) - skb_network_header(skb); |
120 | struct ipv6_opt_hdr *hdr; |
121 | int len; |
122 | |
123 | if (offset + 2 > packet_len) |
124 | goto bad; |
125 | hdr = (struct ipv6_opt_hdr *)(nh + offset); |
126 | len = ((hdr->hdrlen + 1) << 3); |
127 | |
128 | if (offset + len > packet_len) |
129 | goto bad; |
130 | |
131 | offset += 2; |
132 | len -= 2; |
133 | |
134 | while (len > 0) { |
135 | int opttype = nh[offset]; |
136 | int optlen; |
137 | |
138 | if (opttype == type) |
139 | return offset; |
140 | |
141 | switch (opttype) { |
142 | case IPV6_TLV_PAD1: |
143 | optlen = 1; |
144 | break; |
145 | default: |
146 | if (len < 2) |
147 | goto bad; |
148 | optlen = nh[offset + 1] + 2; |
149 | if (optlen > len) |
150 | goto bad; |
151 | break; |
152 | } |
153 | offset += optlen; |
154 | len -= optlen; |
155 | } |
156 | /* not_found */ |
157 | bad: |
158 | return -1; |
159 | } |
160 | EXPORT_SYMBOL_GPL(ipv6_find_tlv); |
161 | |
162 | /* |
163 | * find the offset to specified header or the protocol number of last header |
164 | * if target < 0. "last header" is transport protocol header, ESP, or |
165 | * "No next header". |
166 | * |
167 | * Note that *offset is used as input/output parameter, and if it is not zero, |
168 | * then it must be a valid offset to an inner IPv6 header. This can be used |
169 | * to explore inner IPv6 header, eg. ICMPv6 error messages. |
170 | * |
171 | * If target header is found, its offset is set in *offset and return protocol |
172 | * number. Otherwise, return -1. |
173 | * |
174 | * If the first fragment doesn't contain the final protocol header or |
175 | * NEXTHDR_NONE it is considered invalid. |
176 | * |
177 | * Note that non-1st fragment is special case that "the protocol number |
178 | * of last header" is "next header" field in Fragment header. In this case, |
179 | * *offset is meaningless and fragment offset is stored in *fragoff if fragoff |
180 | * isn't NULL. |
181 | * |
182 | * if flags is not NULL and it's a fragment, then the frag flag |
183 | * IP6_FH_F_FRAG will be set. If it's an AH header, the |
184 | * IP6_FH_F_AUTH flag is set and target < 0, then this function will |
185 | * stop at the AH header. If IP6_FH_F_SKIP_RH flag was passed, then this |
186 | * function will skip all those routing headers, where segements_left was 0. |
187 | */ |
188 | int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, |
189 | int target, unsigned short *fragoff, int *flags) |
190 | { |
191 | unsigned int start = skb_network_offset(skb) + sizeof(struct ipv6hdr); |
192 | u8 nexthdr = ipv6_hdr(skb)->nexthdr; |
193 | bool found; |
194 | |
195 | if (fragoff) |
196 | *fragoff = 0; |
197 | |
198 | if (*offset) { |
199 | struct ipv6hdr _ip6, *ip6; |
200 | |
201 | ip6 = skb_header_pointer(skb, offset: *offset, len: sizeof(_ip6), buffer: &_ip6); |
202 | if (!ip6 || (ip6->version != 6)) |
203 | return -EBADMSG; |
204 | start = *offset + sizeof(struct ipv6hdr); |
205 | nexthdr = ip6->nexthdr; |
206 | } |
207 | |
208 | do { |
209 | struct ipv6_opt_hdr _hdr, *hp; |
210 | unsigned int hdrlen; |
211 | found = (nexthdr == target); |
212 | |
213 | if ((!ipv6_ext_hdr(nexthdr)) || nexthdr == NEXTHDR_NONE) { |
214 | if (target < 0 || found) |
215 | break; |
216 | return -ENOENT; |
217 | } |
218 | |
219 | hp = skb_header_pointer(skb, offset: start, len: sizeof(_hdr), buffer: &_hdr); |
220 | if (!hp) |
221 | return -EBADMSG; |
222 | |
223 | if (nexthdr == NEXTHDR_ROUTING) { |
224 | struct ipv6_rt_hdr _rh, *rh; |
225 | |
226 | rh = skb_header_pointer(skb, offset: start, len: sizeof(_rh), |
227 | buffer: &_rh); |
228 | if (!rh) |
229 | return -EBADMSG; |
230 | |
231 | if (flags && (*flags & IP6_FH_F_SKIP_RH) && |
232 | rh->segments_left == 0) |
233 | found = false; |
234 | } |
235 | |
236 | if (nexthdr == NEXTHDR_FRAGMENT) { |
237 | unsigned short _frag_off; |
238 | __be16 *fp; |
239 | |
240 | if (flags) /* Indicate that this is a fragment */ |
241 | *flags |= IP6_FH_F_FRAG; |
242 | fp = skb_header_pointer(skb, |
243 | offset: start+offsetof(struct frag_hdr, |
244 | frag_off), |
245 | len: sizeof(_frag_off), |
246 | buffer: &_frag_off); |
247 | if (!fp) |
248 | return -EBADMSG; |
249 | |
250 | _frag_off = ntohs(*fp) & ~0x7; |
251 | if (_frag_off) { |
252 | if (target < 0 && |
253 | ((!ipv6_ext_hdr(hp->nexthdr)) || |
254 | hp->nexthdr == NEXTHDR_NONE)) { |
255 | if (fragoff) |
256 | *fragoff = _frag_off; |
257 | return hp->nexthdr; |
258 | } |
259 | if (!found) |
260 | return -ENOENT; |
261 | if (fragoff) |
262 | *fragoff = _frag_off; |
263 | break; |
264 | } |
265 | hdrlen = 8; |
266 | } else if (nexthdr == NEXTHDR_AUTH) { |
267 | if (flags && (*flags & IP6_FH_F_AUTH) && (target < 0)) |
268 | break; |
269 | hdrlen = ipv6_authlen(hp); |
270 | } else |
271 | hdrlen = ipv6_optlen(hp); |
272 | |
273 | if (!found) { |
274 | nexthdr = hp->nexthdr; |
275 | start += hdrlen; |
276 | } |
277 | } while (!found); |
278 | |
279 | *offset = start; |
280 | return nexthdr; |
281 | } |
282 | EXPORT_SYMBOL(ipv6_find_hdr); |
283 | |